From 42b707bba4c5e6ac7c66f6ab31b84084b741da6c Mon Sep 17 00:00:00 2001
From: UdjinM6 <UdjinM6@users.noreply.github.com>
Date: Sat, 28 Feb 2026 20:02:17 +0300
Subject: [PATCH] fix: reject identity elements in deserialization and key
 generation

Reject BLS identity elements (point at infinity for G1/G2) at the
deserialization boundary in SetBytes(). Also reject zero private keys
in MakeNewKey(), though these would not pass further validation.

Identity elements are mathematically valid curve points but have no
legitimate use in the protocol.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 src/bls/bls.cpp | 3 +++
 src/bls/bls.h   | 5 +++++
 2 files changed, 8 insertions(+)

diff --git a/src/bls/bls.cpp b/src/bls/bls.cpp
index bf71b40ff50c..49981ee9190f 100644
--- a/src/bls/bls.cpp
+++ b/src/bls/bls.cpp
@@ -66,6 +66,9 @@ void CBLSSecretKey::MakeNewKey()
         GetStrongRandBytes({buf, sizeof(buf)});
         try {
             impl = bls::PrivateKey::FromBytes(bls::Bytes(reinterpret_cast<const uint8_t*>(buf), SerSize));
+            if (impl == bls::PrivateKey()) {
+                continue;
+            }
             break;
         } catch (...) {
         }
diff --git a/src/bls/bls.h b/src/bls/bls.h
index 6c3a7f2010e9..19dd5ae7611c 100644
--- a/src/bls/bls.h
+++ b/src/bls/bls.h
@@ -111,6 +111,11 @@ class CBLSWrapper
         } else {
             try {
                 impl = ImplType::FromBytes(bls::Bytes(vecBytes.data(), vecBytes.size()), specificLegacyScheme);
+                if (impl == ImplType()) {
+                    Reset();
+                    cachedHash.SetNull();
+                    return;
+                }
                 fValid = true;
             } catch (...) {
                 Reset();