SSLEngine: Verify server RSA params signature

The client did not verify the signature of server's RSA params in
ServerKeyExchange.

Bug: 11631299
Change-Id: I64b93ea2caf6da100661303c4e7f7e7eff1ae536
diff --git a/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientHandshakeImpl.java b/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientHandshakeImpl.java
index b3ae9cb..0af1944 100644
--- a/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientHandshakeImpl.java
+++ b/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientHandshakeImpl.java
@@ -417,6 +417,16 @@
             try {
                 c = Cipher.getInstance("RSA/ECB/PKCS1Padding");
                 if (serverKeyExchange != null) {
+                    if (!session.cipherSuite.isAnonymous()) {
+                        DigitalSignature ds = new DigitalSignature(serverCert.getAuthType());
+                        ds.init(serverCert.certs[0]);
+                        ds.update(clientHello.getRandom());
+                        ds.update(serverHello.getRandom());
+                        if (!serverKeyExchange.verifySignature(ds)) {
+                            fatalAlert(AlertProtocol.DECRYPT_ERROR, "Cannot verify RSA params");
+                            return;
+                        }
+                    }
                     c.init(Cipher.WRAP_MODE, serverKeyExchange
                             .getRSAPublicKey());
                 } else {