On Thu, 5 Mar 2026 07:23:01 GMT, Shawn Emery <[email protected]> wrote:
> This change fixes a flaw in DESKeySpec::isWeak when passing a negative number
> as the offset parameter.
src/java.base/share/classes/javax/crypto/spec/DESKeySpec.java line 209:
> 207: *
> 208: * @param key the buffer with the DES key material.
> 209: * @param offset the offset in <code>key</code>, where the DES key
nit: I know this is obvious, so feel free to ignore it if you think it's fine.
But I would personally mention that the offset should be positive just in case
src/java.base/share/classes/javax/crypto/spec/DESKeySpec.java line 224:
> 222: throw new InvalidKeyException("null key");
> 223: }
> 224: if (offset < 0) {
I believe this change needs to have an associated test. Could you please add
one? I personally can't find anything testing it explicitly now
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/30069#discussion_r2888713197
PR Review Comment: https://git.openjdk.org/jdk/pull/30069#discussion_r2888704014
