From ee23c2d6ff99f8ebf4325aa39b1338abcd555e62 Mon Sep 17 00:00:00 2001
From: Sean Gilligan <sean@msgilligan.com>
Date: Thu, 14 Sep 2023 11:29:02 -0700
Subject: [PATCH] PBKDF2SHA512: don't allow negative count or dkLen

---
 core/src/main/java/org/bitcoinj/crypto/PBKDF2SHA512.java | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/core/src/main/java/org/bitcoinj/crypto/PBKDF2SHA512.java b/core/src/main/java/org/bitcoinj/crypto/PBKDF2SHA512.java
index 4b95b5824..29a34594d 100644
--- a/core/src/main/java/org/bitcoinj/crypto/PBKDF2SHA512.java
+++ b/core/src/main/java/org/bitcoinj/crypto/PBKDF2SHA512.java
@@ -23,6 +23,8 @@
 
 package org.bitcoinj.crypto;
 
+import org.bitcoinj.base.internal.Preconditions;
+
 import javax.crypto.Mac;
 import javax.crypto.spec.SecretKeySpec;
 import java.io.ByteArrayOutputStream;
@@ -41,6 +43,8 @@ public class PBKDF2SHA512 {
     private static final int H_LEN = 64;
 
     public static byte[] derive(String P, String S, int c, int dkLen) {
+        Preconditions.checkArgument(c > 0, () -> "count must be greater than zero");
+        Preconditions.checkArgument(dkLen > 0, () -> "derived key length must be greater than zero");
         ByteArrayOutputStream baos = new ByteArrayOutputStream();
 
         if (dkLen > ((Math.pow(2, 32)) - 1) * H_LEN) {