am 6da3c4a6: am ef6e14e8: SSLEngine: Verify server RSA params signature

* commit '6da3c4a6': SSLEngine: Verify server RSA params signature

am 6da3c4a6: am ef6e14e8: SSLEngine: Verify server RSA params signature
* commit '6da3c4a6': SSLEngine: Verify server RSA params signature
7f1b2d5d · Alex Klyubin · Android Git Automerger · 74e97557 · 6da3c4a6 · 7f1b2d5d
Commit 7f1b2d5d authored 11 years ago by Alex Klyubin Committed by Android Git Automerger 11 years ago
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 0 deletions

luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientHandshakeImpl.java ...pache/harmony/xnet/provider/jsse/ClientHandshakeImpl.java +10 -0

No files found.
--- a/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientHandshakeImpl.java
+++ b/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientHandshakeImpl.java
@@ -416,6 +416,16 @@ public class ClientHandshakeImpl extends HandshakeProtocol {
            try {
                c = Cipher.getInstance("RSA/ECB/PKCS1Padding");
                if (serverKeyExchange != null) {
+                    if (!session.cipherSuite.isAnonymous()) {
+                        DigitalSignature ds = new DigitalSignature(serverCert.getAuthType());
+                        ds.init(serverCert.certs[0]);
+                        ds.update(clientHello.getRandom());
+                        ds.update(serverHello.getRandom());
+                        if (!serverKeyExchange.verifySignature(ds)) {
+                            fatalAlert(AlertProtocol.DECRYPT_ERROR, "Cannot verify RSA params");
+                            return;
+                        }
+                    }
                    c.init(Cipher.WRAP_MODE, serverKeyExchange
                            .getRSAPublicKey());
                } else {