Merge "Fix flakiness in DateIntervalFormatTest." into klp-dev
diff --git a/crypto/src/main/java/org/conscrypt/ClientHandshakeImpl.java b/crypto/src/main/java/org/conscrypt/ClientHandshakeImpl.java
index 6201e69..8706ec0 100644
--- a/crypto/src/main/java/org/conscrypt/ClientHandshakeImpl.java
+++ b/crypto/src/main/java/org/conscrypt/ClientHandshakeImpl.java
@@ -416,6 +416,16 @@
try {
c = Cipher.getInstance("RSA/ECB/PKCS1Padding");
if (serverKeyExchange != null) {
+ if (!session.cipherSuite.isAnonymous()) {
+ DigitalSignature ds = new DigitalSignature(serverCert.getAuthType());
+ ds.init(serverCert.certs[0]);
+ ds.update(clientHello.getRandom());
+ ds.update(serverHello.getRandom());
+ if (!serverKeyExchange.verifySignature(ds)) {
+ fatalAlert(AlertProtocol.DECRYPT_ERROR, "Cannot verify RSA params");
+ return;
+ }
+ }
c.init(Cipher.WRAP_MODE, serverKeyExchange
.getRSAPublicKey());
} else {