google · juergw · Jun 9, 2026 · Jun 9, 2026
diff --git a/common/src/jni/main/cpp/conscrypt/native_crypto.cc b/common/src/jni/main/cpp/conscrypt/native_crypto.cc
@@ -12363,10 +12363,13 @@ static jboolean NativeCrypto_SSL_set1_ech_config_list(JNIEnv* env, jclass, jlong
     if (ssl == nullptr) {
         return JNI_FALSE;
     }
+    if (configJavaBytes == nullptr) {
+        conscrypt::jniutil::throwNullPointerException(env, "Null pointer, ech config");
+        return JNI_FALSE;
+    }
     ScopedByteArrayRO configBytes(env, configJavaBytes);
     if (configBytes.get() == nullptr) {
-        conscrypt::jniutil::throwNullPointerException(env, "Null pointer, ech config");
-        ERR_clear_error();
+        conscrypt::jniutil::throwOutOfMemory(env, "Unable to allocate config bytes");
         JNI_TRACE("NativeCrypto_SSL_set1_ech_config_list => could not read config bytes");
         return JNI_FALSE;
     }
@@ -12487,23 +12490,32 @@ static jboolean NativeCrypto_SSL_CTX_ech_enable_server(JNIEnv* env, jclass, jlon
                                                        jbyteArray configJavaBytes) {
     CHECK_ERROR_QUEUE_ON_RETURN;
     SSL_CTX* ssl_ctx = to_SSL_CTX(env, ssl_ctx_address, true);
+    if (ssl_ctx == nullptr) {
+        return JNI_FALSE;
+    }
     JNI_TRACE(
             "NativeCrypto_SSL_CTX_ech_enable_server(keyJavaBytes=%p, "
             "configJavaBytes=%p)",
             keyJavaBytes, configJavaBytes);
+    if (keyJavaBytes == nullptr) {
+        conscrypt::jniutil::throwNullPointerException(env, "Null pointer, key bytes");
+        return JNI_FALSE;
+    }
+    if (configJavaBytes == nullptr) {
+        conscrypt::jniutil::throwNullPointerException(env, "Null pointer, config bytes");
+        return JNI_FALSE;
+    }
     ScopedByteArrayRO keyBytes(env, keyJavaBytes);
     if (keyBytes.get() == nullptr) {
-        conscrypt::jniutil::throwNullPointerException(env, "Null pointer, key bytes");
-        ERR_clear_error();
+        conscrypt::jniutil::throwOutOfMemory(env, "Unable to allocate key bytes");
         JNI_TRACE(
                 "NativeCrypto_SSL_CTX_ech_enable_server => threw exception: "
                 "could not read key bytes");
         return JNI_FALSE;
     }
     ScopedByteArrayRO configBytes(env, configJavaBytes);
     if (configBytes.get() == nullptr) {
-        conscrypt::jniutil::throwNullPointerException(env, "Null pointer, config bytes");
-        ERR_clear_error();
+        conscrypt::jniutil::throwOutOfMemory(env, "Unable to allocate config bytes");
         JNI_TRACE(
                 "NativeCrypto_SSL_CTX_ech_enable_server => threw exception: "
                 "could not read config bytes");

diff --git a/platform/src/main/java/org/conscrypt/Platform.java b/platform/src/main/java/org/conscrypt/Platform.java
@@ -164,6 +164,20 @@ static void setSocketWriteTimeout(Socket s, long timeoutMillis) throws SocketExc
         }
     }
 
+    public static void setSSLParameters(SSLParameters params, SSLParametersImpl impl) {
+        impl.setEndpointIdentificationAlgorithm(params.getEndpointIdentificationAlgorithm());
+        impl.setUseCipherSuitesOrder(params.getUseCipherSuitesOrder());
+
+        try {
+            Method getNamedGroupsMethod = params.getClass().getMethod("getNamedGroups");
+            impl.setNamedGroups((String[]) getNamedGroupsMethod.invoke(params));
+        } catch (NoSuchMethodException | IllegalArgumentException e) {
+            // Do nothing.
+        }
+
+        impl.setApplicationProtocols(params.getApplicationProtocols());
+    }
+
     static void setSSLParameters(SSLParameters params, SSLParametersImpl impl,
                                  AbstractConscryptSocket socket) {
         impl.setEndpointIdentificationAlgorithm(params.getEndpointIdentificationAlgorithm());
@@ -188,6 +202,21 @@ static void setSSLParameters(SSLParameters params, SSLParametersImpl impl,
         impl.setApplicationProtocols(params.getApplicationProtocols());
     }
 
+    public static void getSSLParameters(SSLParameters params, SSLParametersImpl impl) {
+        params.setEndpointIdentificationAlgorithm(impl.getEndpointIdentificationAlgorithm());
+        params.setUseCipherSuitesOrder(impl.getUseCipherSuitesOrder());
+
+        try {
+            Method setNamedGroupsMethod =
+                    params.getClass().getMethod("setNamedGroups", String[].class);
+            setNamedGroupsMethod.invoke(params, (Object) impl.getNamedGroups());
+        } catch (NoSuchMethodException | IllegalArgumentException e) {
+            // Do nothing.
+        }
+
+        params.setApplicationProtocols(impl.getApplicationProtocols());
+    }
+
     static void getSSLParameters(SSLParameters params, SSLParametersImpl impl,
                                  AbstractConscryptSocket socket) {
         params.setEndpointIdentificationAlgorithm(impl.getEndpointIdentificationAlgorithm());