From 5d707c00298c21a667203f5f169cd504d6a5392e Mon Sep 17 00:00:00 2001 From: Shawn M Emery Date: Thu, 11 Jun 2026 18:31:00 -0600 Subject: [PATCH 1/3] 8386473: DESKeySpec and DESedeKeySpec may throw InvalidKeyException instead of ArrayIndexOutOfBoundsException for Integer.MIN_VALUE offset --- .../classes/javax/crypto/spec/DESKeySpec.java | 18 +++++------ .../javax/crypto/spec/DESedeKeySpec.java | 12 ++++---- .../crypto/spec/DESKeySpec/OffsetKey.java | 30 +++++++++++++++++++ 3 files changed, 45 insertions(+), 15 deletions(-) diff --git a/src/java.base/share/classes/javax/crypto/spec/DESKeySpec.java b/src/java.base/share/classes/javax/crypto/spec/DESKeySpec.java index a2afd88c3ba48..45511a8bbef5e 100644 --- a/src/java.base/share/classes/javax/crypto/spec/DESKeySpec.java +++ b/src/java.base/share/classes/javax/crypto/spec/DESKeySpec.java @@ -156,12 +156,12 @@ public DESKeySpec(byte[] key, int offset) throws InvalidKeyException { if (key == null) { throw new NullPointerException("null key"); } - if (key.length - offset < DES_KEY_LEN) { - throw new InvalidKeyException("Wrong key size"); - } if (offset < 0) { throw new ArrayIndexOutOfBoundsException("offset is negative"); } + if (key.length - offset < DES_KEY_LEN) { + throw new InvalidKeyException("Wrong key size"); + } this.key = new byte[DES_KEY_LEN]; System.arraycopy(key, offset, this.key, 0, DES_KEY_LEN); } @@ -198,12 +198,12 @@ public static boolean isParityAdjusted(byte[] key, int offset) if (key == null) { throw new InvalidKeyException("null key"); } - if (key.length - offset < DES_KEY_LEN) { - throw new InvalidKeyException("Wrong key size"); - } if (offset < 0) { throw new ArrayIndexOutOfBoundsException("offset is negative"); } + if (key.length - offset < DES_KEY_LEN) { + throw new InvalidKeyException("Wrong key size"); + } for (int i = 0; i < DES_KEY_LEN; i++) { int k = Integer.bitCount(key[offset++] & 0xff); if ((k & 1) == 0) { @@ -235,12 +235,12 @@ public static boolean isWeak(byte[] key, int offset) if (key == null) { throw new InvalidKeyException("null key"); } - if (key.length - offset < DES_KEY_LEN) { - throw new InvalidKeyException("Wrong key size"); - } if (offset < 0) { throw new ArrayIndexOutOfBoundsException("offset is negative"); } + if (key.length - offset < DES_KEY_LEN) { + throw new InvalidKeyException("Wrong key size"); + } for (int i = 0; i < WEAK_KEYS.length; i++) { boolean found = true; for (int j = 0; j < DES_KEY_LEN; j++) { diff --git a/src/java.base/share/classes/javax/crypto/spec/DESedeKeySpec.java b/src/java.base/share/classes/javax/crypto/spec/DESedeKeySpec.java index fb5a19b4a9b5d..9d93ea90bc926 100644 --- a/src/java.base/share/classes/javax/crypto/spec/DESedeKeySpec.java +++ b/src/java.base/share/classes/javax/crypto/spec/DESedeKeySpec.java @@ -86,12 +86,12 @@ public DESedeKeySpec(byte[] key, int offset) throws InvalidKeyException { if (key == null) { throw new NullPointerException("null key"); } - if (key.length - offset < DES_EDE_KEY_LEN) { - throw new InvalidKeyException("Wrong key size"); - } if (offset < 0) { throw new ArrayIndexOutOfBoundsException("offset is negative"); } + if (key.length - offset < DES_EDE_KEY_LEN) { + throw new InvalidKeyException("Wrong key size"); + } this.key = new byte[24]; System.arraycopy(key, offset, this.key, 0, DES_EDE_KEY_LEN); } @@ -126,12 +126,12 @@ public static boolean isParityAdjusted(byte[] key, int offset) if (key == null) { throw new InvalidKeyException("null key"); } - if (key.length - offset < DES_EDE_KEY_LEN) { - throw new InvalidKeyException("Wrong key size"); - } if (offset < 0) { throw new ArrayIndexOutOfBoundsException("offset is negative"); } + if (key.length - offset < DES_EDE_KEY_LEN) { + throw new InvalidKeyException("Wrong key size"); + } return DESKeySpec.isParityAdjusted(key, offset) && DESKeySpec.isParityAdjusted(key, offset + 8) && DESKeySpec.isParityAdjusted(key, offset + 16); diff --git a/test/jdk/javax/crypto/spec/DESKeySpec/OffsetKey.java b/test/jdk/javax/crypto/spec/DESKeySpec/OffsetKey.java index c97bb819ba2c9..4cacff550c643 100644 --- a/test/jdk/javax/crypto/spec/DESKeySpec/OffsetKey.java +++ b/test/jdk/javax/crypto/spec/DESKeySpec/OffsetKey.java @@ -26,6 +26,11 @@ * @bug 8364121 * @summary DESKeySpec.isWeak should throw aiobe exception if the offset is * negative. + * + * @test + * @bug 8386473 + * @summary DESKeySpec and DESedeKeySpec may throw InvalidKeyException instead + * of ArrayIndexOutOfBoundsException for Integer.MIN_VALUE offset */ import java.security.InvalidKeyException; import javax.crypto.spec.DESedeKeySpec; @@ -57,6 +62,20 @@ public static void main(String[] args) throws Exception { throw new Exception("expected ArrayIndexOutOfBoundsException"); } catch (ArrayIndexOutOfBoundsException aiobe) {} + try { + DESKeySpec desKey = new DESKeySpec(strongKey, Integer.MIN_VALUE); + throw new Exception("expected ArrayIndexOutOfBoundsException"); + } catch (ArrayIndexOutOfBoundsException aiobe) {} + try { + boolean weak = DESKeySpec.isWeak(strongKey, Integer.MIN_VALUE); + throw new Exception("expected ArrayIndexOutOfBoundsException"); + } catch (ArrayIndexOutOfBoundsException aiobe) {} + try{ + boolean parityAdjusted = DESKeySpec.isParityAdjusted(strongKey, + Integer.MIN_VALUE); + throw new Exception("expected ArrayIndexOutOfBoundsException"); + } catch (ArrayIndexOutOfBoundsException aiobe) {} + // Test triple-DES try{ DESedeKeySpec desEdeKey = new DESedeKeySpec(strongKey, -1); @@ -67,6 +86,17 @@ public static void main(String[] args) throws Exception { -1); throw new Exception("expected ArrayIndexOutOfBoundsException"); } catch (ArrayIndexOutOfBoundsException aiobe) {} + + try{ + DESedeKeySpec desEdeKey = new DESedeKeySpec(strongKey, + Integer.MIN_VALUE); + throw new Exception("expected ArrayIndexOutOfBoundsException"); + } catch (ArrayIndexOutOfBoundsException aiobe) {} + try{ + boolean parityAdjusted = DESedeKeySpec.isParityAdjusted(strongKey, + Integer.MIN_VALUE); + throw new Exception("expected ArrayIndexOutOfBoundsException"); + } catch (ArrayIndexOutOfBoundsException aiobe) {} } } From bb25897d5f18c6339d51a36f4fca5b773f8c8271 Mon Sep 17 00:00:00 2001 From: Shawn M Emery Date: Thu, 11 Jun 2026 18:44:09 -0600 Subject: [PATCH 2/3] Fix test @bug annotation --- test/jdk/javax/crypto/spec/DESKeySpec/OffsetKey.java | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/test/jdk/javax/crypto/spec/DESKeySpec/OffsetKey.java b/test/jdk/javax/crypto/spec/DESKeySpec/OffsetKey.java index 4cacff550c643..6edfa9a757e0e 100644 --- a/test/jdk/javax/crypto/spec/DESKeySpec/OffsetKey.java +++ b/test/jdk/javax/crypto/spec/DESKeySpec/OffsetKey.java @@ -23,14 +23,8 @@ /* * @test - * @bug 8364121 - * @summary DESKeySpec.isWeak should throw aiobe exception if the offset is - * negative. - * - * @test - * @bug 8386473 - * @summary DESKeySpec and DESedeKeySpec may throw InvalidKeyException instead - * of ArrayIndexOutOfBoundsException for Integer.MIN_VALUE offset + * @bug 8364121 8386473 + * @summary Test DES[ede]KeySpec for negative and integer overflow offsets */ import java.security.InvalidKeyException; import javax.crypto.spec.DESedeKeySpec; From 846a6927bfec10b07ec01c7f6d1c9f80abc639b8 Mon Sep 17 00:00:00 2001 From: Shawn M Emery Date: Sat, 13 Jun 2026 14:11:50 -0600 Subject: [PATCH 3/3] Updates based on sendaoYan's comments --- .../jdk/javax/crypto/spec/DESKeySpec/OffsetKey.java | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/test/jdk/javax/crypto/spec/DESKeySpec/OffsetKey.java b/test/jdk/javax/crypto/spec/DESKeySpec/OffsetKey.java index 6edfa9a757e0e..f0f4c149895d8 100644 --- a/test/jdk/javax/crypto/spec/DESKeySpec/OffsetKey.java +++ b/test/jdk/javax/crypto/spec/DESKeySpec/OffsetKey.java @@ -26,7 +26,6 @@ * @bug 8364121 8386473 * @summary Test DES[ede]KeySpec for negative and integer overflow offsets */ -import java.security.InvalidKeyException; import javax.crypto.spec.DESedeKeySpec; import javax.crypto.spec.DESKeySpec; @@ -51,7 +50,7 @@ public static void main(String[] args) throws Exception { boolean weak = DESKeySpec.isWeak(strongKey, -1); throw new Exception("expected ArrayIndexOutOfBoundsException"); } catch (ArrayIndexOutOfBoundsException aiobe) {} - try{ + try { boolean parityAdjusted = DESKeySpec.isParityAdjusted(strongKey, -1); throw new Exception("expected ArrayIndexOutOfBoundsException"); } catch (ArrayIndexOutOfBoundsException aiobe) {} @@ -64,29 +63,29 @@ public static void main(String[] args) throws Exception { boolean weak = DESKeySpec.isWeak(strongKey, Integer.MIN_VALUE); throw new Exception("expected ArrayIndexOutOfBoundsException"); } catch (ArrayIndexOutOfBoundsException aiobe) {} - try{ + try { boolean parityAdjusted = DESKeySpec.isParityAdjusted(strongKey, Integer.MIN_VALUE); throw new Exception("expected ArrayIndexOutOfBoundsException"); } catch (ArrayIndexOutOfBoundsException aiobe) {} // Test triple-DES - try{ + try { DESedeKeySpec desEdeKey = new DESedeKeySpec(strongKey, -1); throw new Exception("expected ArrayIndexOutOfBoundsException"); } catch (ArrayIndexOutOfBoundsException aiobe) {} - try{ + try { boolean parityAdjusted = DESedeKeySpec.isParityAdjusted(strongKey, -1); throw new Exception("expected ArrayIndexOutOfBoundsException"); } catch (ArrayIndexOutOfBoundsException aiobe) {} - try{ + try { DESedeKeySpec desEdeKey = new DESedeKeySpec(strongKey, Integer.MIN_VALUE); throw new Exception("expected ArrayIndexOutOfBoundsException"); } catch (ArrayIndexOutOfBoundsException aiobe) {} - try{ + try { boolean parityAdjusted = DESedeKeySpec.isParityAdjusted(strongKey, Integer.MIN_VALUE); throw new Exception("expected ArrayIndexOutOfBoundsException");