Coverity static analysis: Dereference null return value in AbstractDigestMechanism (Elytron) -------------------------------------------------------------------------------------------- Key: ELY-739 URL: https://issues.jboss.org/browse/ELY-739 Project: WildFly Elytron Issue Type: Bug Reporter: Josef Cacek Assignee: Ilia Vassilev Labels: static_analysis Fix For: 1.1.0.Beta25 Coverity static-analysis scan found 3 possible calls on null objects in {{AbstractDigestMechanism}} class: https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=57604... Method {{wrapConfidentialityProtectedMessage}} {code} cipheredPart = wrapCipher.update(toCipher); // ... cipheredPart may be null byte[] result = new byte[cipheredPart.length + 6]; {code} https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=57604... Method {{createCipher}} {code} // the getTransformationSpec may be null - look at DefaultTransformationMapper ciph = Cipher.getInstance(trans.getTransformationSpec(SaslMechanismInformation.Names.DIGEST_MD5, cipher).getTransformation()); {code} https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=57604... Method {{unwrapConfidentialityProtectedMessage}} {code} clearText = unwrapCipher.update(message, offset, len - 6); // the clearText may be null in clearText.length System.arraycopy(clearText, clearText.length - 10, hmac, 0, 10); {code} *Suggested improvement* Add null checks.