RFR: 8364657: Crash for SecureRandom.generateSeed(0) on Windows x86-64
Jaikiran Pai
jpai at openjdk.org
Tue Sep 23 07:57:50 UTC 2025
On Tue, 16 Sep 2025 01:07:18 GMT, Shawn M Emery <duke at openjdk.org> wrote:
> The JVM will crash when given a zero byte seed length for SecureRandom.generateSeed() while using the Window's PRNG. The solution is to first check to see if the seed is null or not and if null then generate a zero length byte array. This may be odd but this mimics the same behavior in other operating systems such as MacOS and Linux.
>
> The new unit test case* provided with this PR replicates the issue before the fix and is confirmed not to replicate the issue after the proposed fix.
>
> * The TestStrong.java unit test code is a contribution from @jaikiran, thank you!
This is not an area I'm familiar with, but the change itself looks good to me.
-------------
Marked as reviewed by jpai (Reviewer).
PR Review: https://git.openjdk.org/jdk/pull/27302#pullrequestreview-3256713769
More information about the security-dev
mailing list