In javax.crypto.CipherOutputStream, the field outBuffer is never initialized. When process() is called, it calls out.write(outBuffer), which is equivalent to out.write(null). This produces a NullPointerException, when the buffer length is queried (b.length in java.io.OutputStream, I'd say). The outBuffer field should be initialized to a large enough buffer that can hold the output of cipher.update(...), I think.
Confirmed. This looks simple to fix; the buffer should be allocated using the length given by Cipher.getOutputSize.
Created attachment 11560 [details] CipherOutStream patch
I have attached a patch that fixes this NullPointerException, outBuffer is now allocated using the Cipher.getOutputSize length. Once you get past this NullPointerException, there is also another issue with blocks not being encrypted in the correct order. The attached patch also fixes this issue.
The previous patch is outdated, now the source for this class is a lot slimmer. but still contains a problem: public void write(byte[] buf, int off, int len) tries to write bytes to the internal stream returned from the cipher.update call always, but it is valid for the cipher to return null (the ones I need from BouncyCastle do that). Here is how I corrected it: /** * Write a portion of a byte array to the output stream. * * @param buf The next bytes. * @param off The offset in the byte array to start. * @param len The number of bytes to write. * @throws IOException If an I/O error occurs, or if the underlying cipher is * not in the correct state to transform data. */ public void write(byte[] buf, int off, int len) throws IOException { byte[] ciphered = cipher.update(buf, off, len); if (ciphered != null) out.write(ciphered); } Formatting follows my preferences that is why I didn't cook a patch.
Subject: Bug 24191 CVSROOT: /cvsroot/classpath Module name: classpath Changes by: Casey Marshall <rsdio> 07/02/01 01:24:20 Modified files: javax/crypto : CipherOutputStream.java . : ChangeLog Log message: 2007-01-31 Casey Marshall <csm@gnu.org> Fixes PR classpath/24191. Fix suggested by Rafael Teixeira <monoman@gmail.com>. * javax/crypto/CipherOutputStream.java (write): check return value of `update' for null. CVSWeb URLs: http://cvs.savannah.gnu.org/viewcvs/classpath/javax/crypto/CipherOutputStream.java?cvsroot=classpath&r1=1.3&r2=1.4 http://cvs.savannah.gnu.org/viewcvs/classpath/ChangeLog?cvsroot=classpath&r1=1.9080&r2=1.9081
I've checked in a change similar to the one in comment #4. I think this is fixed now.