RFR: 8364657: Crash for SecureRandom.generateSeed(0) on Windows x86-64
Shawn M Emery
duke at openjdk.org
Tue Sep 16 06:31:50 UTC 2025
The JVM will crash when given a zero byte seed length for SecureRandom.generateSeed() while using the Window's PRNG. The solution is to first check to see if the seed is null or not and if null then generate a zero length byte array. This may be odd but this mimics the same behavior in other operating systems such as MacOS and Linux.
The new unit test case* provided with this PR replicates the issue before the fix and is confirmed not to replicate the issue after the proposed fix.
* The TestStrong.java unit test code is a contribution from @jaikiran, thank you!
-------------
Commit messages:
- Add copyright to new unit test
- Add copyright to new unit test
- 8364657: Crash for SecureRandom.generateSeed(0) on Windows x86-64
Changes: https://git.openjdk.org/jdk/pull/27302/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=27302&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8364657
Stats: 50 lines in 2 files changed: 48 ins; 0 del; 2 mod
Patch: https://git.openjdk.org/jdk/pull/27302.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/27302/head:pull/27302
PR: https://git.openjdk.org/jdk/pull/27302
More information about the security-dev
mailing list