diff --git a/src/java.base/share/classes/sun/security/provider/MD4.java b/src/java.base/share/classes/sun/security/provider/MD4.java
index 97b8a39c0d6..22c0bfe6ccf 100644
--- a/src/java.base/share/classes/sun/security/provider/MD4.java
+++ b/src/java.base/share/classes/sun/security/provider/MD4.java
@@ -72,13 +72,8 @@ public final class MD4 extends DigestBase {
         md4Provider.put("MessageDigest.MD4", "sun.security.provider.MD4");
     }
 
-    public static MessageDigest getInstance() {
-        try {
-            return MessageDigest.getInstance("MD4", md4Provider);
-        } catch (NoSuchAlgorithmException e) {
-            // should never occur
-            throw new ProviderException(e);
-        }
+    public static MessageDigest getInstance() throws NoSuchAlgorithmException {
+        return MessageDigest.getInstance("MD4", md4Provider);
     }
 
     // Standard constructor, creates a new MD4 instance.
diff --git a/src/java.security.jgss/share/classes/javax/security/auth/kerberos/KeyImpl.java b/src/java.security.jgss/share/classes/javax/security/auth/kerberos/KeyImpl.java
index b18f7d8eae1..6e3ca59c0e8 100644
--- a/src/java.security.jgss/share/classes/javax/security/auth/kerberos/KeyImpl.java
+++ b/src/java.security.jgss/share/classes/javax/security/auth/kerberos/KeyImpl.java
@@ -96,7 +96,7 @@ class KeyImpl implements SecretKey, Destroyable, Serializable {
             this.keyBytes = key.getBytes();
             this.keyType = key.getEType();
         } catch (KrbException e) {
-            throw new IllegalArgumentException(e.getMessage());
+            throw new IllegalArgumentException("key creation error", e);
         }
     }
 
diff --git a/src/java.security.jgss/share/classes/sun/security/krb5/internal/crypto/dk/AesDkCrypto.java b/src/java.security.jgss/share/classes/sun/security/krb5/internal/crypto/dk/AesDkCrypto.java
index ffe34ff33db..1f6e98e50e8 100644
--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/crypto/dk/AesDkCrypto.java
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/crypto/dk/AesDkCrypto.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2004, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2004, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -108,8 +108,6 @@ public class AesDkCrypto extends DkCrypto {
         try {
             saltUtf8 = salt.getBytes(UTF_8);
             return stringToKey(password, saltUtf8, s2kparams);
-        } catch (Exception e) {
-            return null;
         } finally {
             if (saltUtf8 != null) {
                 Arrays.fill(saltUtf8, (byte)0);
diff --git a/src/java.security.jgss/share/classes/sun/security/krb5/internal/crypto/dk/AesSha2DkCrypto.java b/src/java.security.jgss/share/classes/sun/security/krb5/internal/crypto/dk/AesSha2DkCrypto.java
index 5b58d35f750..cb9e42b2dee 100644
--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/crypto/dk/AesSha2DkCrypto.java
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/crypto/dk/AesSha2DkCrypto.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2017, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2017, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -111,8 +111,6 @@ public class AesSha2DkCrypto extends DkCrypto {
         try {
             saltUtf8 = salt.getBytes(UTF_8);
             return stringToKey(password, saltUtf8, s2kparams);
-        } catch (Exception e) {
-            return null;
         } finally {
             if (saltUtf8 != null) {
                 Arrays.fill(saltUtf8, (byte)0);
diff --git a/src/java.security.jgss/share/classes/sun/security/krb5/internal/crypto/dk/ArcFourCrypto.java b/src/java.security.jgss/share/classes/sun/security/krb5/internal/crypto/dk/ArcFourCrypto.java
index 4b587431255..40044e636e2 100644
--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/crypto/dk/ArcFourCrypto.java
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/crypto/dk/ArcFourCrypto.java
@@ -89,8 +89,6 @@ public class ArcFourCrypto extends DkCrypto {
             MessageDigest md = sun.security.provider.MD4.getInstance();
             md.update(passwd);
             digest = md.digest();
-        } catch (Exception e) {
-            return null;
         } finally {
             if (passwd != null) {
                 Arrays.fill(passwd, (byte)0);
diff --git a/test/jdk/sun/security/krb5/NullStringToKey.java b/test/jdk/sun/security/krb5/NullStringToKey.java
new file mode 100644
index 00000000000..93ee704156c
--- /dev/null
+++ b/test/jdk/sun/security/krb5/NullStringToKey.java
@@ -0,0 +1,54 @@
+/*
+ * Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+/*
+ * @test
+ * @bug 8343622
+ * @summary KerberosKey created with null key bytes
+ * @library /test/lib
+ * @run main/othervm NullStringToKey
+ */
+
+import jdk.test.lib.Utils;
+
+import javax.security.auth.kerberos.KerberosKey;
+import javax.security.auth.kerberos.KerberosPrincipal;
+import java.security.Security;
+import java.util.List;
+
+public class NullStringToKey {
+    public static void main(String[] args) throws Exception {
+
+        Security.removeProvider("SUN");
+        Security.removeProvider("SunJCE");
+
+        var name = new KerberosPrincipal("me@ME.COM");
+        var pass = "password".toCharArray();
+        for (var alg : List.of(
+                "aes128-cts-hmac-sha1-96", "aes256-cts-hmac-sha1-96",
+                "aes128-cts-hmac-sha256-128", "aes256-cts-hmac-sha384-192")) {
+            System.out.println(alg);
+            Utils.runAndCheckException(() -> new KerberosKey(name, pass, alg),
+                    IllegalArgumentException.class);
+        }
+    }
+}