[jboss-jira] [JBoss JIRA] (ELY-1050) Coverity, derefere null return value in KeyStoreCredentialStore.saveSecretKey

Coverity, derefere null return value in KeyStoreCredentialStore.saveSecretKey ----------------------------------------------------------------------------- Key: ELY-1050 URL: https://issues.jboss.org/browse/ELY-1050 Project: WildFly Elytron Issue Type: Bug Reporter: Martin Choma Assignee: Ilia Vassilev Priority: Critical Coverity found possible null dereference, as {{encrypt.getIV()}} could return null in cases when option {{cryptoAlg}} is configured to some algorithm, which does not use IV. https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=12563... {code:java|title=KeyStoreCredentialStore.java} private void saveSecretKey(String ksAlias, ObjectOutputStream oos, KeyStore.SecretKeyEntry entry) throws IOException, GeneralSecurityException { ByteArrayOutputStream entryData = new ByteArrayOutputStream(1024); ObjectOutputStream entryOos = new ObjectOutputStream(entryData); entryOos.writeUTF(ksAlias); writeBytes(entry.getSecretKey().getEncoded(), entryOos); entryOos.flush(); encrypt.init(Cipher.ENCRYPT_MODE, storageSecretKey); int blockSize = encrypt.getBlockSize(); Assert.checkMaximumParameter("cipher block size", 256, blockSize); byte[] padded = pkcs7Pad(entryData.toByteArray(), blockSize); byte[] encrypted = encrypt.doFinal(padded); byte[] iv = encrypt.getIV(); oos.writeInt(SECRET_KEY_ENTRY_TYPE); writeBytes(encrypted, oos); writeBytes(iv, oos); } {code}