--- a/src/java.base/share/classes/sun/security/ssl/ECDHServerKeyExchange.java Mon Aug 12 23:37:48 2019 +0200
+++ b/src/java.base/share/classes/sun/security/ssl/ECDHServerKeyExchange.java Mon Aug 12 21:36:29 2019 -0700
@@ -38,6 +38,7 @@
import java.security.SignatureException;
import java.text.MessageFormat;
import java.util.Locale;
+import sun.security.ssl.NamedGroup.NamedGroupSpec;
import sun.security.ssl.SSLHandshake.HandshakeMessage;
import sun.security.ssl.SupportedGroupsExtension.SupportedGroups;
import sun.security.ssl.X509Authentication.X509Credentials;
@@ -110,13 +111,18 @@
// Find the NamedGroup used for the ephemeral keys.
namedGroup = namedGroupPossession.getNamedGroup();
+ if ((namedGroup == null) || (!namedGroup.isAvailable)) {
+ // unlikely
+ throw shc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
+ "Missing or improper named group: " + namedGroup);
+ }
+
publicPoint = namedGroup.encodePossessionPublicKey(
namedGroupPossession);
-
- if ((namedGroup == null) || (namedGroup.oid == null) ) {
+ if (publicPoint == null) {
// unlikely
throw shc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
- "Missing Named Group");
+ "Missing public point for named group: " + namedGroup);
}
if (x509Possession == null) {
@@ -130,6 +136,7 @@
Signature signer = null;
if (useExplicitSigAlgorithm) {
signatureScheme = SignatureScheme.getPreferableAlgorithm(
+ shc.algorithmConstraints,
shc.peerRequestedSignatureSchemes,
x509Possession,
shc.negotiatedProtocol);