RFR: 8155191: SunPKCS11's SecureRandom#nextBytes(byte[]) accepts null argument
Sean Mullan
mullan at openjdk.org
Thu May 4 13:02:17 UTC 2023
On Thu, 4 May 2023 01:58:42 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
> Just a trivial change for enforcing consistent NullPointerException behavior for the SecureRandom.nextBytes(byte[]) method.
>
> Other similar methods such as Random.nextByte(byte[]) and its other subclasses all throw NPE for null byte[] argument. Most JDK default providers' SecureRandom impls also check and throw NPE. Thus, this should be moved up and enforced by the SecureRandom class to ensure consistency.
>
> CSR has been filed.
>
> Thanks,
> Valerie
I suggest the title of this issue should be changed to better reflect the proposed change: "Specify that SecureRandom.nextBytes(byte[]) throws NullPointerException when byte array is null".
Also, would you consider making the same change to `SecureRandom.setSeed(byte[])` as part of this change? I'm pretty sure all JDK SR impls throw NPE if the array is null.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/13788#issuecomment-1534734886
More information about the security-dev
mailing list