Skip to content

Reject point at infinity in EC_KEY_set_public_key#3101

Merged
nebeid merged 4 commits intoaws:mainfrom
nebeid:ec-key-infinity-rejection
Mar 20, 2026
Merged

Reject point at infinity in EC_KEY_set_public_key#3101
nebeid merged 4 commits intoaws:mainfrom
nebeid:ec-key-infinity-rejection

Conversation

@nebeid
Copy link
Copy Markdown
Contributor

@nebeid nebeid commented Mar 18, 2026

Issues:

Addresses P398529487

Description of changes:

Add an explicit check in EC_KEY_set_public_key to reject the point at infinity. The point at infinity is not a valid public key.

This matches the hardening added in BoringSSL google/boringssl@a135fe1.

Call-outs:

Parsing (EC_POINT_oct2point) continues to accept the infinity encoding for OpenSSL compatibility, as added in
de33f5e, but it can no longer be installed as a public key on an EC_KEY.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

@nebeid
Reject point at infinity in EC_KEY_set_public_key
d8ebd68 
Add an explicit check in EC_KEY_set_public_key to reject the point at
infinity. The point at infinity is not a valid public key and accepting
it enables universal ECDSA signature forgery.

This matches the hardening added in BoringSSL commit
a135fe1fad70e4f87b38b0adebd44d93da7eb173.

Parsing (EC_POINT_oct2point) continues to accept the infinity encoding
for OpenSSL compatibility, as added in
de33f5e, but it can no longer be
installed as a public key on an EC_KEY.
@nebeid nebeid requested a review from a team as a code owner March 18, 2026 17:47
@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented Mar 18, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 78.38%. Comparing base (4738958) to head (015c6ce).

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #3101      +/-   ##
==========================================
+ Coverage   78.19%   78.38%   +0.19%     
==========================================
  Files         689      689              
  Lines      122037   122049      +12     
  Branches    17026    17035       +9     
==========================================
+ Hits        95430    95674     +244     
+ Misses      25701    25469     -232     
  Partials      906      906

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@nebeid nebeid requested a review from torben-hansen March 18, 2026 20:23
justsmth
justsmth reviewed Mar 18, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@justsmth justsmth left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There might also be a way to populate an EC_KEY with a point at infinity via o2i_ECPublicKey?

@alexw91
Copy link
Copy Markdown
Contributor

alexw91 commented Mar 18, 2026

You should probably also update the API documentation too like BoringSSL did:
https://github.com/google/boringssl/blob/a135fe1fad70e4f87b38b0adebd44d93da7eb173/include/openssl/ec_key.h#L90-L91

alexw91 added a commit to alexw91/s2n that referenced this pull request Mar 18, 2026
@alexw91
fix(aws-lc): Update test for aws/aws-lc#3101
2a23d07
@alexw91 alexw91 mentioned this pull request Mar 18, 2026
Merged
@nebeid
Copy link
Copy Markdown
Contributor Author

nebeid commented Mar 18, 2026

There might also be a way to populate an EC_KEY with a point at infinity via o2i_ECPublicKey?

Thank you, @justsmth, added a check there too and a corresponding test.

@nebeid
Copy link
Copy Markdown
Contributor Author

nebeid commented Mar 18, 2026

You should probably also update the API documentation too like BoringSSL did: https://github.com/google/boringssl/blob/a135fe1fad70e4f87b38b0adebd44d93da7eb173/include/openssl/ec_key.h#L90-L91

Thank you, @alexw91 , added.

nebeid added 2 commits March 18, 2026 22:26
@nebeid
Reject point at infinity in o2i_ECPublicKey and update API doc
9be02bb 
Harden o2i_ECPublicKey to reject the point at infinity after decoding.
Unlike EC_KEY_oct2key, o2i_ECPublicKey writes directly to the EC_KEY's
pub_key field without going through EC_KEY_set_public_key, so it needs
its own check.

Update the EC_KEY_set_public_key documentation to note that the point
at infinity is rejected, matching BoringSSL commit
a135fe1fad70e4f87b38b0adebd44d93da7eb173.
@nebeid
Merge remote-tracking branch 'upstream/main' into ec-key-infinity-rej…
d541639 
…ection
@nebeid nebeid force-pushed the ec-key-infinity-rejection branch from b90b9f1 to d541639 Compare March 19, 2026 02:31
@nebeid nebeid requested a review from WillChilds-Klein March 19, 2026 18:23
@nebeid nebeid merged commit c15e28d into aws:main Mar 20, 2026
590 of 599 checks passed
github-merge-queue bot pushed a commit to aws/s2n-tls that referenced this pull request Mar 20, 2026
@alexw91
fix(aws-lc): Update test for aws/aws-lc#3101 (#5788)
7fbb179
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@WillChilds-Klein WillChilds-Klein WillChilds-Klein approved these changes

@justsmth justsmth justsmth approved these changes

@torben-hansen torben-hansen Awaiting requested review from torben-hansen

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@nebeid @codecov-commenter @alexw91 @WillChilds-Klein @justsmth