diff --git a/src/java.base/share/classes/javax/crypto/spec/DESKeySpec.java b/src/java.base/share/classes/javax/crypto/spec/DESKeySpec.java
index 078cb9bbefd..a2afd88c3ba 100644
--- a/src/java.base/share/classes/javax/crypto/spec/DESKeySpec.java
+++ b/src/java.base/share/classes/javax/crypto/spec/DESKeySpec.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2026, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -123,7 +123,7 @@ public class DESKeySpec implements java.security.spec.KeySpec {
* of the buffer are copied to protect against subsequent modification.
*
* @exception NullPointerException if the given key material is
- * null
+ * null.
* @exception InvalidKeyException if the given key material is shorter
* than 8 bytes.
*/
@@ -146,14 +146,22 @@ public class DESKeySpec implements java.security.spec.KeySpec {
* material starts.
*
* @exception NullPointerException if the given key material is
- * null
+ * null.
* @exception InvalidKeyException if the given key material, starting at
* offset inclusive, is shorter than 8 bytes.
+ * @exception ArrayIndexOutOfBoundsException if offset is
+ * negative.
*/
public DESKeySpec(byte[] key, int offset) throws InvalidKeyException {
+ if (key == null) {
+ throw new NullPointerException("null key");
+ }
if (key.length - offset < DES_KEY_LEN) {
throw new InvalidKeyException("Wrong key size");
}
+ if (offset < 0) {
+ throw new ArrayIndexOutOfBoundsException("offset is negative");
+ }
this.key = new byte[DES_KEY_LEN];
System.arraycopy(key, offset, this.key, 0, DES_KEY_LEN);
}
@@ -182,6 +190,8 @@ public class DESKeySpec implements java.security.spec.KeySpec {
* @exception InvalidKeyException if the given key material is
* null, or starting at offset inclusive, is
* shorter than 8 bytes.
+ * @exception ArrayIndexOutOfBoundsException if offset is
+ * negative.
*/
public static boolean isParityAdjusted(byte[] key, int offset)
throws InvalidKeyException {
@@ -191,7 +201,9 @@ public class DESKeySpec implements java.security.spec.KeySpec {
if (key.length - offset < DES_KEY_LEN) {
throw new InvalidKeyException("Wrong key size");
}
-
+ if (offset < 0) {
+ throw new ArrayIndexOutOfBoundsException("offset is negative");
+ }
for (int i = 0; i < DES_KEY_LEN; i++) {
int k = Integer.bitCount(key[offset++] & 0xff);
if ((k & 1) == 0) {
@@ -215,6 +227,8 @@ public class DESKeySpec implements java.security.spec.KeySpec {
* @exception InvalidKeyException if the given key material is
* null, or starting at offset inclusive, is
* shorter than 8 bytes.
+ * @exception ArrayIndexOutOfBoundsException if offset is
+ * negative.
*/
public static boolean isWeak(byte[] key, int offset)
throws InvalidKeyException {
@@ -224,6 +238,9 @@ public class DESKeySpec implements java.security.spec.KeySpec {
if (key.length - offset < DES_KEY_LEN) {
throw new InvalidKeyException("Wrong key size");
}
+ if (offset < 0) {
+ throw new ArrayIndexOutOfBoundsException("offset is negative");
+ }
for (int i = 0; i < WEAK_KEYS.length; i++) {
boolean found = true;
for (int j = 0; j < DES_KEY_LEN; j++) {
diff --git a/src/java.base/share/classes/javax/crypto/spec/DESedeKeySpec.java b/src/java.base/share/classes/javax/crypto/spec/DESedeKeySpec.java
index 7fd5576c487..fb5a19b4a9b 100644
--- a/src/java.base/share/classes/javax/crypto/spec/DESedeKeySpec.java
+++ b/src/java.base/share/classes/javax/crypto/spec/DESedeKeySpec.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2026, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -78,14 +78,22 @@ public class DESedeKeySpec implements java.security.spec.KeySpec {
*
* @exception NullPointerException if key is null.
* @exception InvalidKeyException if the given key material, starting at
- * offset inclusive, is shorter than 24 bytes
+ * offset inclusive, is shorter than 24 bytes.
+ * @exception ArrayIndexOutOfBoundsException if offset is
+ * negative.
*/
public DESedeKeySpec(byte[] key, int offset) throws InvalidKeyException {
- if (key.length - offset < 24) {
+ if (key == null) {
+ throw new NullPointerException("null key");
+ }
+ if (key.length - offset < DES_EDE_KEY_LEN) {
throw new InvalidKeyException("Wrong key size");
}
+ if (offset < 0) {
+ throw new ArrayIndexOutOfBoundsException("offset is negative");
+ }
this.key = new byte[24];
- System.arraycopy(key, offset, this.key, 0, 24);
+ System.arraycopy(key, offset, this.key, 0, DES_EDE_KEY_LEN);
}
/**
@@ -107,15 +115,23 @@ public class DESedeKeySpec implements java.security.spec.KeySpec {
* @return true if the given DES-EDE key is parity-adjusted, false
* otherwise
*
- * @exception NullPointerException if key is null.
- * @exception InvalidKeyException if the given key material, starting at
- * offset inclusive, is shorter than 24 bytes
+ * @exception InvalidKeyException if the given key material is
+ * null, or starting at offset inclusive, is
+ * shorter than 8 bytes.
+ * @exception ArrayIndexOutOfBoundsException if offset is
+ * negative.
*/
public static boolean isParityAdjusted(byte[] key, int offset)
throws InvalidKeyException {
- if (key.length - offset < 24) {
- throw new InvalidKeyException("Wrong key size");
- }
+ if (key == null) {
+ throw new InvalidKeyException("null key");
+ }
+ if (key.length - offset < DES_EDE_KEY_LEN) {
+ throw new InvalidKeyException("Wrong key size");
+ }
+ if (offset < 0) {
+ throw new ArrayIndexOutOfBoundsException("offset is negative");
+ }
return DESKeySpec.isParityAdjusted(key, offset)
&& DESKeySpec.isParityAdjusted(key, offset + 8)
&& DESKeySpec.isParityAdjusted(key, offset + 16);
diff --git a/test/jdk/javax/crypto/spec/DESKeySpec/NullKey.java b/test/jdk/javax/crypto/spec/DESKeySpec/NullKey.java
index cd44b6ee216..859d721fff5 100644
--- a/test/jdk/javax/crypto/spec/DESKeySpec/NullKey.java
+++ b/test/jdk/javax/crypto/spec/DESKeySpec/NullKey.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2004, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2004, 2026, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -23,18 +23,19 @@
/*
* @test
- * @bug 4959570
+ * @bug 4959570 8364121
* @summary DESKeySpec constructors and static methods should throw exception
* if the key parameter is null.
* @author Sean Mullan
*/
import java.security.InvalidKeyException;
+import javax.crypto.spec.DESedeKeySpec;
import javax.crypto.spec.DESKeySpec;
public class NullKey {
public static void main(String[] args) throws Exception {
-
+ // Test single-DES
try {
DESKeySpec desSpec = new DESKeySpec(null);
throw new Exception("expected NullPointerException");
@@ -55,5 +56,21 @@ public class NullKey {
throw new Exception("expected InvalidKeyException");
} catch (InvalidKeyException ike) {}
+ // Test triple-DES
+ try {
+ DESedeKeySpec desSpec = new DESedeKeySpec(null);
+ throw new Exception("expected NullPointerException");
+ } catch (NullPointerException npe) {}
+
+ try {
+ DESedeKeySpec desSpec = new DESedeKeySpec(null, 0);
+ throw new Exception("expected NullPointerException");
+ } catch (NullPointerException npe) {}
+
+ try {
+ boolean parityAdjusted = DESedeKeySpec.isParityAdjusted(null, 0);
+ throw new Exception("expected InvalidKeyException");
+ } catch (InvalidKeyException ike) {}
}
+
}
diff --git a/test/jdk/javax/crypto/spec/DESKeySpec/OffsetKey.java b/test/jdk/javax/crypto/spec/DESKeySpec/OffsetKey.java
new file mode 100644
index 00000000000..c97bb819ba2
--- /dev/null
+++ b/test/jdk/javax/crypto/spec/DESKeySpec/OffsetKey.java
@@ -0,0 +1,72 @@
+/*
+ * Copyright (c) 2026, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8364121
+ * @summary DESKeySpec.isWeak should throw aiobe exception if the offset is
+ * negative.
+ */
+import java.security.InvalidKeyException;
+import javax.crypto.spec.DESedeKeySpec;
+import javax.crypto.spec.DESKeySpec;
+
+public class OffsetKey {
+
+ public static void main(String[] args) throws Exception {
+ byte[] strongKey = {
+ (byte)0x12, (byte)0x34, (byte)0x56, (byte)0x78,
+ (byte)0x9A, (byte)0xBC, (byte)0xDE, (byte)0xF0,
+ (byte)0x12, (byte)0x34, (byte)0x56, (byte)0x78,
+ (byte)0x9A, (byte)0xBC, (byte)0xDE, (byte)0xF0,
+ (byte)0x12, (byte)0x34, (byte)0x56, (byte)0x78,
+ (byte)0x9A, (byte)0xBC, (byte)0xDE, (byte)0xF0
+ };
+
+ // Test single-DES
+ try {
+ DESKeySpec desKey = new DESKeySpec(strongKey, -1);
+ throw new Exception("expected ArrayIndexOutOfBoundsException");
+ } catch (ArrayIndexOutOfBoundsException aiobe) {}
+ try {
+ boolean weak = DESKeySpec.isWeak(strongKey, -1);
+ throw new Exception("expected ArrayIndexOutOfBoundsException");
+ } catch (ArrayIndexOutOfBoundsException aiobe) {}
+ try{
+ boolean parityAdjusted = DESKeySpec.isParityAdjusted(strongKey, -1);
+ throw new Exception("expected ArrayIndexOutOfBoundsException");
+ } catch (ArrayIndexOutOfBoundsException aiobe) {}
+
+ // Test triple-DES
+ try{
+ DESedeKeySpec desEdeKey = new DESedeKeySpec(strongKey, -1);
+ throw new Exception("expected ArrayIndexOutOfBoundsException");
+ } catch (ArrayIndexOutOfBoundsException aiobe) {}
+ try{
+ boolean parityAdjusted = DESedeKeySpec.isParityAdjusted(strongKey,
+ -1);
+ throw new Exception("expected ArrayIndexOutOfBoundsException");
+ } catch (ArrayIndexOutOfBoundsException aiobe) {}
+ }
+
+}