On Thu, 5 Mar 2026 09:17:53 GMT, Mikhail Yankelevich <[email protected]> wrote:
>> This change fixes a flaw in DESKeySpec::isWeak when passing a negative >> number as the offset parameter. > > src/java.base/share/classes/javax/crypto/spec/DESKeySpec.java line 209: > >> 207: * >> 208: * @param key the buffer with the DES key material. >> 209: * @param offset the offset in <code>key</code>, where the DES key > > nit: I know this is obvious, so feel free to ignore it if you think it's > fine. But I would personally mention that the offset should be positive just > in case I think we should add this error condition to the `InvalidKeyException` text. It's not only a negative offset, it is also if the key length is too short. This will require a CSR. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/30069#discussion_r2890096049
