On Wed, 11 Mar 2026 12:55:31 GMT, Weijun Wang <[email protected]> wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Add a negative test and restore IAE back
>
> src/java.base/share/classes/sun/security/ssl/Hybrid.java line 321:
>
>> 319: int expectedSecretSize = engineSecretSize();
>> 320: if (!(from == 0 && to == expectedSecretSize)) {
>> 321: throw new IndexOutOfBoundsException(
>
> It's OK if you add a `Objects.checkFromToIndex(from, to, expectedSecretSize)`
> call before this line to throw any IOOBE if necessary, but this line is to
> confirm we don't support slicing of the shared secrets. Therefore IAE is
> still the correct exception.
>
> Same below in decapsulation.
Restored IAE back. Thanks.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/30167#discussion_r2921533914
