commit 7f1b2d5d192a8916bc2d75c341b147036e77e9a7
author Alex Klyubin <klyubin@google.com> Thu Nov 14 09:17:56 2013 -0800
committer Android Git Automerger <android-git-automerger@android.com> Thu Nov 14 09:17:56 2013 -0800
tree 2032499dfb36db1b85475418ff91cfa76ae60733
parent 74e97557020b9b2c4452d65a371c284e69a757bb
parent 6da3c4a69850b3c043c04ff2d88d9727b84f1db1

am 6da3c4a6: am ef6e14e8: SSLEngine: Verify server RSA params signature

* commit '6da3c4a69850b3c043c04ff2d88d9727b84f1db1':
  SSLEngine: Verify server RSA params signature

luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientHandshakeImpl.java

diff --git a/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientHandshakeImpl.java b/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientHandshakeImpl.java
index 839237b..5d2521b 100644
--- a/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientHandshakeImpl.java
+++ b/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientHandshakeImpl.java
@@ -416,6 +416,16 @@
             try {
                 c = Cipher.getInstance("RSA/ECB/PKCS1Padding");
                 if (serverKeyExchange != null) {
+                    if (!session.cipherSuite.isAnonymous()) {
+                        DigitalSignature ds = new DigitalSignature(serverCert.getAuthType());
+                        ds.init(serverCert.certs[0]);
+                        ds.update(clientHello.getRandom());
+                        ds.update(serverHello.getRandom());
+                        if (!serverKeyExchange.verifySignature(ds)) {
+                            fatalAlert(AlertProtocol.DECRYPT_ERROR, "Cannot verify RSA params");
+                            return;
+                        }
+                    }
                     c.init(Cipher.WRAP_MODE, serverKeyExchange
                             .getRSAPublicKey());
                 } else {