From b317658d69a477df04ded3cc2e107970f8a6e20d Mon Sep 17 00:00:00 2001 From: Weijun Wang Date: Thu, 19 Jan 2023 18:32:08 +0000 Subject: [PATCH] 8300399: EdDSA does not verify when there is no message Reviewed-by: ascarpino --- .../sun/security/ec/ed/EdDSASignature.java | 6 +-- test/jdk/sun/security/ec/ed/EmptyMessage.java | 50 +++++++++++++++++++ 2 files changed, 52 insertions(+), 4 deletions(-) create mode 100644 test/jdk/sun/security/ec/ed/EmptyMessage.java diff --git a/src/jdk.crypto.ec/share/classes/sun/security/ec/ed/EdDSASignature.java b/src/jdk.crypto.ec/share/classes/sun/security/ec/ed/EdDSASignature.java index 5fecd943c1a59..1757f9eb67d43 100644 --- a/src/jdk.crypto.ec/share/classes/sun/security/ec/ed/EdDSASignature.java +++ b/src/jdk.crypto.ec/share/classes/sun/security/ec/ed/EdDSASignature.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2020, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -210,9 +210,7 @@ protected boolean engineVerify(byte[] sigBytes) throws SignatureException { if (publicKeyBytes == null) { throw new SignatureException("Missing publicKey"); } - if (message == null) { - return false; - } + ensureMessageInit(); boolean result = ops.verify(this.sigParams, this.publicKeyPoint, this.publicKeyBytes, message.getMessage(), sigBytes); message = null; diff --git a/test/jdk/sun/security/ec/ed/EmptyMessage.java b/test/jdk/sun/security/ec/ed/EmptyMessage.java new file mode 100644 index 0000000000000..c3af1295aaecd --- /dev/null +++ b/test/jdk/sun/security/ec/ed/EmptyMessage.java @@ -0,0 +1,50 @@ +/* + * Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8300399 + * @summary EdDSA does not verify when there is no message + * @run main EmptyMessage + */ +import java.security.KeyPairGenerator; +import java.security.Signature; +import java.security.spec.NamedParameterSpec; + +public class EmptyMessage { + public static void main(String[] args) throws Exception { + var g = KeyPairGenerator.getInstance("EdDSA"); + g.initialize(NamedParameterSpec.ED25519); + var kp = g.generateKeyPair(); + + var ss = Signature.getInstance("EdDSA"); + ss.initSign(kp.getPrivate()); + var sig = ss.sign(); + + var ps = Signature.getInstance("EdDSA"); + ps.initVerify(kp.getPublic()); + if (!ps.verify(sig)) { + throw new RuntimeException(); + } + } +}