Code review request: 6755701 SecretKeySpec & DES
Anthony Scarpino
anthony.scarpino at oracle.com
Tue Jul 2 21:48:52 UTC 2013
On 07/02/2013 02:20 PM, Brad Wetmore wrote:
> It's not common to use this style:
>
> 74 throw new InvalidKeySpecException
> 75 ("Inappropriate key specification");
>
> but rather:
>
> throw new InvalidKeySpecException(
> "Inapp...");
That was preexisting code. I have no problem fixing the style, I'm just
not taking the fall :)
>
> Also, what happens in the case that the size doesn't match up with what
> DESKey's constructor needs? For example, if you provide 7 bytes, won't
> that throw a InvalidKeyException and thus you get a null back from
> engineGenerateSecret? The SecretKeyFactory.generateSecret() API doesn't
> mention anything about possibly getting a null back.
>
> I know that's the existing behavior, but that seems fishy to me. Bug in
> API?
>
It does seem a bit strange to not be throwing a InvalidKeyException.
Looks like a bug in the API.
> Brad
>
>
>
> On 6/28/2013 5:33 PM, Xuelei Fan wrote:
>> Looks fine to me.
>>
>> Xuelei
>>
>> On 6/29/2013 1:40 AM, Anthony Scarpino wrote:
>>> ping...
>>>
>>> On 06/13/2013 05:08 PM, Anthony Scarpino wrote:
>>>> Hi all,
>>>>
>>>> I'm requesting a code review for the below bug
>>>>
>>>> 6755701 SunJCE DES/DESede SecretKeyFactory.generateSecret throws
>>>> InvalidKeySpecExc if passed SecretKeySpec
>>>>
>>>> http://cr.openjdk.java.net/~ascarpino/6755701/webrev.00/
>>>>
>>>> Thanks
>>>>
>>>> Tony
>>>
>>
More information about the security-dev
mailing list