Loading...

XML

Word

Printable

JSON

Type: Improvement
Resolution: Unresolved
Priority: Major - P3
Fix Version/s: None
Affects Version/s: 3.12.11
Component/s: None
Labels:
None

Confidence Status:
None

Assigned Teams:

Java Drivers

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Link:
None
Goal Name(s):
None

When communicating with KMS for CSFLE, the Crypt.decryptKey wraps bytes read from the KMS TLS stream using:

ByteBuffer.wrap(bytes, 0, bytesRead);

If InputStream.read(...) on the KMS connection returns -1 (EOF), bytesRead is negative and ByteBuffer.wrap(...) throws IndexOutOfBoundsException with no message. This surfaces to users as:

java.lang.IndexOutOfBoundsException: null
  at java.nio.ByteBuffer.wrap(...)
  at com.mongodb.client.internal.Crypt.decryptKey(...)
...
com.mongodb.MongoClientException: Exception in encryption library: null

Proposed change

Throw a more informative exception, for example: MongoClientException("Unexpected EOF while communicating with KMS")

Acceptance criteria

When KMS closes the TLS stream unexpectedly (EOF), the driver no longer throws a bare IndexOutOfBoundsException: null.
The exception surfaced to the user clearly indicates an unexpected EOF / failure while communicating with KMS.
Existing successful FLE/KMS behavior is unchanged.

Assignee:: Slav Babanin
Reporter:: Slav Babanin
Reviewers:: Almas Abdrazak
Votes:: 0 Vote for this issue
Watchers:: 1 Start watching this issue

Created:: Nov 28 2025 12:16:10 AM UTC
Updated:: Dec 04 2025 04:24:51 PM UTC

Details

Description

Attachments

Activity

People

Dates