RFR: 8364657: Crash for SecureRandom.generateSeed(0) on Windows x86-64
Weijun Wang
weijun at openjdk.org
Mon Sep 22 16:02:04 UTC 2025
On Tue, 16 Sep 2025 01:07:18 GMT, Shawn M Emery <duke at openjdk.org> wrote:
> The JVM will crash when given a zero byte seed length for SecureRandom.generateSeed() while using the Window's PRNG. The solution is to first check to see if the seed is null or not and if null then generate a zero length byte array. This may be odd but this mimics the same behavior in other operating systems such as MacOS and Linux.
>
> The new unit test case* provided with this PR replicates the issue before the fix and is confirmed not to replicate the issue after the proposed fix.
>
> * The TestStrong.java unit test code is a contribution from @jaikiran, thank you!
Marked as reviewed by weijun (Reviewer).
-------------
PR Review: https://git.openjdk.org/jdk/pull/27302#pullrequestreview-3253731962
More information about the security-dev
mailing list