Skip to content

NullPointerException from CryptoUtils #167

Description

@mrusinak

So I believe the cause is SOMETHING to do with BouncyCastle / FIPS libraries, but Im not entirely clear on what exactly is going - I see things fail when running locally but not during our github action builds. But anyway, when trying to encrypt a very small string (such as "foo")) Im getting NullPointerException down in CryptoUtils.

  public static CompletableFuture<Void> encryptStreamInternal(byte[] documentKey,
      DocumentMetadata metadata, InputStream input, OutputStream output,
      SecureRandom secureRandom) {
    byte[] iv = new byte[IV_BYTE_LENGTH];
    secureRandom.nextBytes(iv);
    return generateHeader(documentKey, metadata, secureRandom).thenCompose(headerBytes -> {
      return CompletableFutures.tryCatchNonFatal(() -> {
        byte[] bytesRead = new byte[0];
        Cipher cipher = getNewAesCipher(documentKey, iv, true);
        output.write(headerBytes);
        output.write(iv);
        while ((bytesRead = readNBytes(input, STREAM_CHUNKING)).length != 0) {
          byte[] encryptedBytes = cipher.update(bytesRead);
          output.write(encryptedBytes);
        }
        // Final bytes, which might be buffered data or just the GCM tag.
        byte[] finalBytes = cipher.doFinal();
        output.write(finalBytes);
        return null; // This is the only value that inhabits Void. I'm sorry.
      });
    });
  }

Specifically, this part:

          byte[] encryptedBytes = cipher.update(bytesRead);
          output.write(encryptedBytes);

cipher.update is returnning NULL, which breaks the output.write . Now the head scratcher is that the alg is AES/GCM/NoPadding, and according to the javadoc the update method shouldn't return a null unless a block cipher is being used.

Caused by: java.lang.NullPointerException: Cannot read the array length because "b" is null
at java.base/java.io.OutputStream.write(OutputStream.java:124)
at com.ironcorelabs.tenantsecurity.kms.v1.CryptoUtils.lambda$encryptStreamInternal$0(CryptoUtils.java:81)
at com.ironcorelabs.tenantsecurity.utils.CompletableFutures.tryCatchNonFatal(CompletableFutures.java:33)
at com.ironcorelabs.tenantsecurity.kms.v1.CryptoUtils.lambda$encryptStreamInternal$1(CryptoUtils.java:74)
at java.base/java.util.concurrent.CompletableFuture.uniComposeStage(CompletableFuture.java:1187)
at java.base/java.util.concurrent.CompletableFuture.thenCompose(CompletableFuture.java:2341)
at com.ironcorelabs.tenantsecurity.kms.v1.CryptoUtils.encryptStreamInternal(CryptoUtils.java:73)
at com.ironcorelabs.tenantsecurity.kms.v1.CryptoUtils.encryptBytes(CryptoUtils.java:144)

Some other possibly? relevant data:

Error was trying to encrypt a single-entry map: { "value" : "foo" }

Java: Liberica 21

Dependencies:

com.ironcorelabs : tenant-security-java : 8.1.0
org.bouncycastle : bc-fips : 2.0.0
org.bouncycastle : bctls-fips : 2.0.19
org.bouncycastle : bcutil-fips : 2.0.5

JVM's java.security

  # Added at the top
  security.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider
  security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider BCFIPS

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No fields configured for Bug.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions