On Mon, 8 May 2023 13:33:01 GMT, Ferenc Rakoczi <[email protected]> wrote:
>> src/java.base/share/classes/sun/security/util/RawKeySpec.java line 37:
>>
>>> 35: */
>>> 36: public RawKeySpec(byte[] key) {
>>> 37: keyArr = key.clone();
>>
>> Does this need to be cloned if it is an internal class?
>
> Yes, I think so. If someone wants to test with several different keys by
> first creating RawKeySpec objects from an array in which a few bytes are
> changed between the calls and and then use these KeySpecs to create the
> actual keys, without the cloning they will end up with the same keys. So an
> immutable object is better.
Ok. Try to keep your line lengths to about 80 chars.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/13691#discussion_r1187577377
