commit 314c1f4630cc07691658aa2b0c7c71899b4a1eef
author Alex Klyubin <klyubin@google.com> Thu Nov 14 09:34:52 2013 -0800
committer Android Git Automerger <android-git-automerger@android.com> Thu Nov 14 09:34:52 2013 -0800
tree 7129a84aa481a3b54d13bb85acad03be5f280611
parent 3915bd4819f959762de9d43ae66310e4bd6b7032
parent 9c94365f8732636914f934163287907a3576413f

am 9c94365f: am 3a160bcf: am 7f1b2d5d: am 6da3c4a6: am ef6e14e8: SSLEngine: Verify server RSA params signature

* commit '9c94365f8732636914f934163287907a3576413f':
  SSLEngine: Verify server RSA params signature

luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientHandshakeImpl.java

diff --git a/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientHandshakeImpl.java b/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientHandshakeImpl.java
index 839237b..5d2521b 100644
--- a/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientHandshakeImpl.java
+++ b/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientHandshakeImpl.java
@@ -416,6 +416,16 @@
             try {
                 c = Cipher.getInstance("RSA/ECB/PKCS1Padding");
                 if (serverKeyExchange != null) {
+                    if (!session.cipherSuite.isAnonymous()) {
+                        DigitalSignature ds = new DigitalSignature(serverCert.getAuthType());
+                        ds.init(serverCert.certs[0]);
+                        ds.update(clientHello.getRandom());
+                        ds.update(serverHello.getRandom());
+                        if (!serverKeyExchange.verifySignature(ds)) {
+                            fatalAlert(AlertProtocol.DECRYPT_ERROR, "Cannot verify RSA params");
+                            return;
+                        }
+                    }
                     c.init(Cipher.WRAP_MODE, serverKeyExchange
                             .getRSAPublicKey());
                 } else {