Merge "Fix flakiness in DateIntervalFormatTest." into klp-dev

commit: 427b3d67389b2995f4f98e7e9d7e11fc0dd763b8 [log] [tgz]
author: Elliott Hughes <enh@google.com> Thu Nov 14 19:18:16 2013 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> Thu Nov 14 19:18:16 2013 +0000
tree: 01b913994aa477ecdf5c43dd1581ee444692904c
parent: c206b4905bf39e78b40a744edd20134933fa551a [diff]
parent: 4409dd652330c8eaaa32eec36ce1600aeeea1464 [diff]
diff --git a/crypto/src/main/java/org/conscrypt/ClientHandshakeImpl.java b/crypto/src/main/java/org/conscrypt/ClientHandshakeImpl.java
index 6201e69..8706ec0 100644
--- a/crypto/src/main/java/org/conscrypt/ClientHandshakeImpl.java
+++ b/crypto/src/main/java/org/conscrypt/ClientHandshakeImpl.java

@@ -416,6 +416,16 @@
             try {
                 c = Cipher.getInstance("RSA/ECB/PKCS1Padding");
                 if (serverKeyExchange != null) {
+                    if (!session.cipherSuite.isAnonymous()) {
+                        DigitalSignature ds = new DigitalSignature(serverCert.getAuthType());
+                        ds.init(serverCert.certs[0]);
+                        ds.update(clientHello.getRandom());
+                        ds.update(serverHello.getRandom());
+                        if (!serverKeyExchange.verifySignature(ds)) {
+                            fatalAlert(AlertProtocol.DECRYPT_ERROR, "Cannot verify RSA params");
+                            return;
+                        }
+                    }
                     c.init(Cipher.WRAP_MODE, serverKeyExchange
                             .getRSAPublicKey());
                 } else {
commit	427b3d67389b2995f4f98e7e9d7e11fc0dd763b8	[log] [tgz]
author	Elliott Hughes <enh@google.com>	Thu Nov 14 19:18:16 2013 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	Thu Nov 14 19:18:16 2013 +0000
tree	01b913994aa477ecdf5c43dd1581ee444692904c
parent	c206b4905bf39e78b40a744edd20134933fa551a [diff]
parent	4409dd652330c8eaaa32eec36ce1600aeeea1464 [diff]