So I believe the cause is SOMETHING to do with BouncyCastle / FIPS libraries, but Im not entirely clear on what exactly is going - I see things fail when running locally but not during our github action builds. But anyway, when trying to encrypt a very small string (such as "foo")) Im getting NullPointerException down in CryptoUtils.
public static CompletableFuture<Void> encryptStreamInternal(byte[] documentKey,
DocumentMetadata metadata, InputStream input, OutputStream output,
SecureRandom secureRandom) {
byte[] iv = new byte[IV_BYTE_LENGTH];
secureRandom.nextBytes(iv);
return generateHeader(documentKey, metadata, secureRandom).thenCompose(headerBytes -> {
return CompletableFutures.tryCatchNonFatal(() -> {
byte[] bytesRead = new byte[0];
Cipher cipher = getNewAesCipher(documentKey, iv, true);
output.write(headerBytes);
output.write(iv);
while ((bytesRead = readNBytes(input, STREAM_CHUNKING)).length != 0) {
byte[] encryptedBytes = cipher.update(bytesRead);
output.write(encryptedBytes);
}
// Final bytes, which might be buffered data or just the GCM tag.
byte[] finalBytes = cipher.doFinal();
output.write(finalBytes);
return null; // This is the only value that inhabits Void. I'm sorry.
});
});
}
Specifically, this part:
byte[] encryptedBytes = cipher.update(bytesRead);
output.write(encryptedBytes);
cipher.update is returnning NULL, which breaks the output.write . Now the head scratcher is that the alg is AES/GCM/NoPadding, and according to the javadoc the update method shouldn't return a null unless a block cipher is being used.
Caused by: java.lang.NullPointerException: Cannot read the array length because "b" is null
at java.base/java.io.OutputStream.write(OutputStream.java:124)
at com.ironcorelabs.tenantsecurity.kms.v1.CryptoUtils.lambda$encryptStreamInternal$0(CryptoUtils.java:81)
at com.ironcorelabs.tenantsecurity.utils.CompletableFutures.tryCatchNonFatal(CompletableFutures.java:33)
at com.ironcorelabs.tenantsecurity.kms.v1.CryptoUtils.lambda$encryptStreamInternal$1(CryptoUtils.java:74)
at java.base/java.util.concurrent.CompletableFuture.uniComposeStage(CompletableFuture.java:1187)
at java.base/java.util.concurrent.CompletableFuture.thenCompose(CompletableFuture.java:2341)
at com.ironcorelabs.tenantsecurity.kms.v1.CryptoUtils.encryptStreamInternal(CryptoUtils.java:73)
at com.ironcorelabs.tenantsecurity.kms.v1.CryptoUtils.encryptBytes(CryptoUtils.java:144)
Some other possibly? relevant data:
Error was trying to encrypt a single-entry map: { "value" : "foo" }
Java: Liberica 21
Dependencies:
com.ironcorelabs : tenant-security-java : 8.1.0
org.bouncycastle : bc-fips : 2.0.0
org.bouncycastle : bctls-fips : 2.0.19
org.bouncycastle : bcutil-fips : 2.0.5
JVM's java.security
# Added at the top
security.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider
security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider BCFIPS
So I believe the cause is SOMETHING to do with BouncyCastle / FIPS libraries, but Im not entirely clear on what exactly is going - I see things fail when running locally but not during our github action builds. But anyway, when trying to encrypt a very small string (such as "foo")) Im getting NullPointerException down in CryptoUtils.
Specifically, this part:
cipher.updateis returnning NULL, which breaks theoutput.write. Now the head scratcher is that the alg is AES/GCM/NoPadding, and according to the javadoc the update method shouldn't return a null unless a block cipher is being used.Some other possibly? relevant data:
Error was trying to encrypt a single-entry map: { "value" : "foo" }
Java: Liberica 21
Dependencies:
JVM's
java.security