8209916: NPE in SupportedGroupsExtension
authorxuelei
Thu, 13 Sep 2018 17:11:04 -0700
changeset 51733 a929ad0569ee
parent 51732 dc68380e6497
child 51734 e6b524cdcc34
8209916: NPE in SupportedGroupsExtension Reviewed-by: jnimeh, wetmore
src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java
--- a/src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java	Thu Sep 13 07:54:38 2018 -0400
+++ b/src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java	Thu Sep 13 17:11:04 2018 -0700
@@ -27,7 +27,6 @@
 
 import java.io.IOException;
 import java.nio.ByteBuffer;
-import java.security.AccessController;
 import java.security.AlgorithmConstraints;
 import java.security.AlgorithmParameters;
 import java.security.CryptoPrimitive;
@@ -672,6 +671,11 @@
             }
 
             AlgorithmParameters params = namedGroupParams.get(namedGroup);
+            if (params == null) {
+                throw new RuntimeException(
+                        "Not a supported EC named group: " + namedGroup);
+            }
+
             try {
                 return params.getParameterSpec(ECGenParameterSpec.class);
             } catch (InvalidParameterSpecException ipse) {
@@ -687,6 +691,11 @@
             }
 
             AlgorithmParameters params = namedGroupParams.get(namedGroup);
+            if (params == null) {
+                throw new RuntimeException(
+                        "Not a supported DH named group: " + namedGroup);
+            }
+
             try {
                 return params.getParameterSpec(DHParameterSpec.class);
             } catch (InvalidParameterSpecException ipse) {
@@ -739,7 +748,7 @@
                             namedGroupParams.get(namedGroup));
         }
 
-        // Is there any supported group permitted by the constraints?
+        // Is the named group supported?
         static boolean isSupported(NamedGroup namedGroup) {
             for (NamedGroup group : supportedNamedGroups) {
                 if (namedGroup.id == group.id) {
@@ -757,6 +766,7 @@
             for (NamedGroup namedGroup : requestedNamedGroups) {
                 if ((namedGroup.type == type) &&
                         namedGroup.isAvailable(negotiatedProtocol) &&
+                        isSupported(namedGroup) &&
                         constraints.permits(
                                 EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
                                 namedGroup.algorithm,