8155191: Specify that SecureRandom.nextBytes(byte[]) throws NullPointerException when byte array is null

Reviewed-by: mullan

Author: Valerie Peng

src/java.base/share/classes/java/security/SecureRandom.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -257,9 +257,11 @@ private boolean getThreadSafe() {
      * for information about standard RNG algorithm names.
      *
      * @param seed the seed.
+     * @throws NullPointerException if {@code seed} is {@code null}
      */
     public SecureRandom(byte[] seed) {
         super(0);
+        Objects.requireNonNull(seed);
         getDefaultPRNG(true, seed);
         this.threadSafe = getThreadSafe();
     }
@@ -706,10 +708,12 @@ public SecureRandomParameters getParameters() {
      * contains enough entropy for the security of this {@code SecureRandom}.
      *
      * @param seed the seed.
+     * @throws NullPointerException if {@code seed} is {@code null}
      *
      * @see #getSeed
      */
     public void setSeed(byte[] seed) {
+        Objects.requireNonNull(seed);
         if (threadSafe) {
             secureRandomSpi.engineSetSeed(seed);
         } else {
@@ -755,9 +759,11 @@ public void setSeed(long seed) {
      * Generates a user-specified number of random bytes.
      *
      * @param bytes the array to be filled in with random bytes.
+     * @throws NullPointerException if {@code bytes} is {@code null}
      */
     @Override
     public void nextBytes(byte[] bytes) {
+        Objects.requireNonNull(bytes);
         if (threadSafe) {
             secureRandomSpi.engineNextBytes(bytes);
         } else {
@@ -773,7 +779,7 @@ public void nextBytes(byte[] bytes) {
      *
      * @param bytes the array to be filled in with random bytes
      * @param params additional parameters
-     * @throws NullPointerException if {@code bytes} is null
+     * @throws NullPointerException if {@code bytes} is {@code null}
      * @throws UnsupportedOperationException if the underlying provider
      *         implementation has not overridden this method
      * @throws IllegalArgumentException if {@code params} is {@code null},
@@ -785,13 +791,12 @@ public void nextBytes(byte[] bytes, SecureRandomParameters params) {
         if (params == null) {
             throw new IllegalArgumentException("params cannot be null");
         }
+        Objects.requireNonNull(bytes);
         if (threadSafe) {
-            secureRandomSpi.engineNextBytes(
-                    Objects.requireNonNull(bytes), params);
+            secureRandomSpi.engineNextBytes(bytes, params);
         } else {
             synchronized (this) {
-                secureRandomSpi.engineNextBytes(
-                        Objects.requireNonNull(bytes), params);
+                secureRandomSpi.engineNextBytes(bytes, params);
             }
         }
     }

src/java.base/share/classes/sun/security/provider/AbstractDrbg.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2016, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2016, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -338,8 +338,6 @@ protected final void engineNextBytes(byte[] result) {
     protected final void engineNextBytes(
             byte[] result, SecureRandomParameters params) {
 
-        Objects.requireNonNull(result);
-
         if (debug != null) {
             debug.println(this, "nextBytes");
         }

src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11SecureRandom.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -88,9 +88,6 @@ final class P11SecureRandom extends SecureRandomSpi {
     // see JCA spec
     @Override
     protected synchronized void engineSetSeed(byte[] seed) {
-        if (seed == null) {
-            throw new NullPointerException("seed must not be null");
-        }
         Session session = null;
         try {
             session = token.getOpSession();
@@ -120,7 +117,7 @@ protected synchronized void engineSetSeed(byte[] seed) {
     // see JCA spec
     @Override
     protected void engineNextBytes(byte[] bytes) {
-        if ((bytes == null) || (bytes.length == 0)) {
+        if (bytes.length == 0) {
             return;
         }
         if (bytes.length <= IBUFFER_SIZE)  {

test/jdk/java/security/SecureRandom/NextBytesNull.java

@@ -0,0 +1,83 @@
+/*
+ * Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8155191
+ * @summary check NPE is thrown for various methods of SecureRandom class,
+ *     e.g. SecureRandom(byte[]), nextBytes(byte[]), and setSeed(byte[]).
+ * @run main NextBytesNull
+ */
+
+import java.security.NoSuchAlgorithmException;
+import java.security.Provider;
+import java.security.SecureRandom;
+import java.security.SecureRandomSpi;
+
+public class NextBytesNull {
+
+    public static void main(String[] args) throws Exception {
+        String test = "SecureRandom(null)";
+        try {
+            new SecureRandom(null);
+            throw new RuntimeException("Error: NPE not thrown for " + test);
+        } catch (NullPointerException e) {
+            System.out.println("OK, expected NPE thrown for " + test);
+        }
+
+        // verify with an Spi impl which does not throw NPE
+        SecureRandom sr = SecureRandom.getInstance("S1", new P());
+        try {
+            sr.nextBytes(null);
+            throw new RuntimeException("Error: NPE not thrown");
+        } catch (NullPointerException npe) {
+            System.out.println("OK, expected NPE thrown for " + test);
+        }
+        try {
+            sr.setSeed(null);
+            throw new RuntimeException("Error: NPE not thrown for " + test);
+        } catch (NullPointerException npe) {
+            System.out.println("OK, expected NPE thrown for " + test);
+        }
+    }
+
+    public static final class P extends Provider {
+        public P() {
+            super("P", 1.0d, "Test Provider without Null Check");
+            put("SecureRandom.S1", S.class.getName());
+        }
+    }
+
+    public static final class S extends SecureRandomSpi {
+        @Override
+        protected void engineSetSeed(byte[] seed) {
+        }
+        @Override
+        protected void engineNextBytes(byte[] bytes) {
+        }
+        @Override
+        protected byte[] engineGenerateSeed(int numBytes) {
+            return new byte[numBytes];
+        }
+    }
+}