Integrated: 8364657: Crash for SecureRandom.generateSeed(0) on Windows x86-64
Shawn M Emery
duke at openjdk.org
Tue Sep 23 07:57:51 UTC 2025
On Tue, 16 Sep 2025 01:07:18 GMT, Shawn M Emery <duke at openjdk.org> wrote:
> The JVM will crash when given a zero byte seed length for SecureRandom.generateSeed() while using the Window's PRNG. The solution is to first check to see if the seed is null or not and if null then generate a zero length byte array. This may be odd but this mimics the same behavior in other operating systems such as MacOS and Linux.
>
> The new unit test case* provided with this PR replicates the issue before the fix and is confirmed not to replicate the issue after the proposed fix.
>
> * The TestStrong.java unit test code is a contribution from @jaikiran, thank you!
This pull request has now been integrated.
Changeset: 360b6af1
Author: Shawn M Emery <shawn.emery at oracle.com>
Committer: Jaikiran Pai <jpai at openjdk.org>
URL: https://git.openjdk.org/jdk/commit/360b6af1b1c39e6d3a01c4a32473cf007ed632c6
Stats: 50 lines in 2 files changed: 48 ins; 0 del; 2 mod
8364657: Crash for SecureRandom.generateSeed(0) on Windows x86-64
Co-authored-by: Jaikiran Pai <jpai at openjdk.org>
Reviewed-by: weijun, jpai
-------------
PR: https://git.openjdk.org/jdk/pull/27302
More information about the security-dev
mailing list