-
CSR
-
Resolution: Approved
-
P4
-
None
-
behavioral
-
low
-
-
Java API
-
SE
Summary
Document the java.security.SecureRandom.nextBytes(byte[] bytes) method throws NullPointerException when the specified 'bytes' is null. Same goes for the SecureRandom(byte[] seed) constructor and setSeed(byte[] seed) method.</p> <h2>Problem</h2> <p>java.security.SecureRandom.nextBytes(byte[] bytes) does not specify the behavior when the 'bytes' argument is null. This is inconsistent to the java.util.Random.nextBytes(byte[] bytes) and java.security.SecureRandom.nextBytes(byte[] bytes, SecureRandomParameters params) methods which specify to throw NullPointerException when 'bytes' is null. This inconsistency is an oversight and should be fixed. As for the SecureRandom(byte[]) constructor and setSeed(byte[] seed) method, the implementation already throws NullPointerException. Adding the javadoc specification is to match existing impl.
Solution
Update the javadoc of the forementioned methods of java.security.SecureRandom class to document the NullPointerException and enforce them if not already.
Specification
Update the java.security.SecureRandom class as below:
@@ -255,13 +255,15 @@
* "{@docRoot}/../specs/security/standard-names.html#securerandom-number-generation-algorithms">
* Java Security Standard Algorithm Names Specification</a>
* for information about standard RNG algorithm names.
*
* @param seed the seed.
+ * @throws NullPointerException if {@code seed} is {@code null}
*/
public SecureRandom(byte[] seed) {
super(0);
+ Objects.requireNonNull(seed);
getDefaultPRNG(true, seed);
this.threadSafe = getThreadSafe();
}
private void getDefaultPRNG(boolean setSeed, byte[] seed) {
@@ -704,14 +706,16 @@
* {@code setSeed} is called before any {@code nextBytes} or {@code reseed}
* calls. The caller should make sure that the {@code seed} argument
* contains enough entropy for the security of this {@code SecureRandom}.
*
* @param seed the seed.
+ * @throws NullPointerException if {@code seed} is {@code null}
*
* @see #getSeed
*/
public void setSeed(byte[] seed) {
+ Objects.requireNonNull(seed);
if (threadSafe) {
secureRandomSpi.engineSetSeed(seed);
} else {
synchronized (this) {
secureRandomSpi.engineSetSeed(seed);
@@ -753,13 +757,15 @@
/**
* Generates a user-specified number of random bytes.
*
* @param bytes the array to be filled in with random bytes.
+ * @throws NullPointerException if {@code bytes} is {@code null}
*/
@Override
public void nextBytes(byte[] bytes) {
+ Objects.requireNonNull(bytes);
if (threadSafe) {
secureRandomSpi.engineNextBytes(bytes);
} else {
synchronized (this) {
secureRandomSpi.engineNextBytes(bytes);
@@ -771,11 +777,11 @@
* Generates a user-specified number of random bytes with
* additional parameters.
*
* @param bytes the array to be filled in with random bytes
* @param params additional parameters
- * @throws NullPointerException if {@code bytes} is null
+ * @throws NullPointerException if {@code bytes} is {@code null}
* @throws UnsupportedOperationException if the underlying provider
* implementation has not overridden this method
* @throws IllegalArgumentException if {@code params} is {@code null},
* illegal or unsupported by this {@code SecureRandom}
*- csr of
-
JDK-8155191 Specify that SecureRandom.nextBytes(byte[]) throws NullPointerException when byte array is null
-
- Closed
-