BCTLS 1.61 Potential Issue

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

BCTLS 1.61 Potential Issue

Stathis Deligeorgopoulos
Hello Everyone,

I was just testing the bctls-jdk15on-161 and encountered the following
problem.

When making a call to the SignatureAndHashAlgorithm class before having
used the TlsUtils class a NulPointerException is thrown. To replicate
just make a call to

SignatureAndHashAlgorithm signatureAndHashAlgorithm = new
SignatureAndHashAlgorithm(HashAlgorithm.sha1, SignatureAlgorithm.rsa);

without any other BC calls before it.


This has to do with the fact that the static objects in
SignatureAndHashAlgorithm use the class constructor that calls TlsUtils
and parts of the static initialization of TlsUtils lead to the use of
static SignatureAndHashAlgorithm Objects that have not yet been initialized.

When a call to the TlsUtils class is made first, then there is no error.

I hope the information helps.

With Regard,
Stathis

--
MTG AG

Stathis Deligeorgopoulos      Tel: +49 6151 8000-40
Software Security Engineer    Fax: +49 6151 8000-43
Dolivostrasse 11              Email: [hidden email]
64293 Darmstadt, Germany      Web: https://www.mtg.de

Company Headquarters: Dolivostrasse 11, 64293 Darmstadt, Germany
Register court: Amtsgericht Darmstadt, HRB 8901
Board of directors: Jürgen Ruf (CEO), Tamer Kemeröz
Chairman of the board: Dr. Thomas Milde


smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: BCTLS 1.61 Potential Issue

Peter Dettman-3
Hi Stathis,
Thanks for reporting this. We've made a quick fix that avoids the
circular initialization and will look at a better refactoring of
TlsUtils at some point.

Regards,
Pete Dettman

On 19/2/19 11:33 pm, Stathis Deligeorgopoulos wrote:

> Hello Everyone,
>
> I was just testing the bctls-jdk15on-161 and encountered the following
> problem.
>
> When making a call to the SignatureAndHashAlgorithm class before having
> used the TlsUtils class a NulPointerException is thrown. To replicate
> just make a call to
>
> SignatureAndHashAlgorithm signatureAndHashAlgorithm = new
> SignatureAndHashAlgorithm(HashAlgorithm.sha1, SignatureAlgorithm.rsa);
>
> without any other BC calls before it.
>
> This has to do with the fact that the static objects in
> SignatureAndHashAlgorithm use the class constructor that calls TlsUtils
> and parts of the static initialization of TlsUtils lead to the use of
> static SignatureAndHashAlgorithm Objects that have not yet been
> initialized.
>
> When a call to the TlsUtils class is made first, then there is no error.
>
> I hope the information helps.
>
> With Regard,
> Stathis
>