crypto: cleanse AEAD Poly1305 key block #35476

pull Ap4sh wants to merge 1 commits into bitcoin:master from Ap4sh:crypto-cleanse-aead-poly1305-key changing 1 files +1 −0
  1. Ap4sh commented at 11:31 PM on June 6, 2026: none

    This cleanses the temporary ChaCha20 block used to derive the one-time Poly1305 key in AEADChaCha20Poly1305::ComputeTag()

    Poly1305 copies the first 32 bytes into its own context during construction, so the full temporary block can be wiped before processing AAD and ciphertext. This matches the existing cleanup of the FSChaCha20Poly1305 rekey block in the same file

    No behavior change is expected for callers

    Tested:

    • cmake --build build --target test_bitcoin
    • build/bin/test_bitcoin --run_test=crypto_tests
    • ctest --test-dir build -R "^(crypto_tests|bip324_tests)$" --output-on-failure
    • build/bin/test_bitcoin
  2. crypto: cleanse AEAD Poly1305 key block
    ComputeTag() derives the one-time Poly1305 key from the first ChaCha20 block. Poly1305 copies that key into its own context during construction, so the temporary block can be wiped before processing AAD and ciphertext.

This mirrors the existing cleanup of the rekey keystream block in FSChaCha20Poly1305::NextPacket().
    e9459e5e9c
  3. DrahtBot added the label Utils/log/libs on Jun 6, 2026
  4. DrahtBot commented at 11:31 PM on June 6, 2026: contributor

    <!--e57a25ab6845829454e8d69fc972939a-->

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    <!--006a51241073e994b41acfe9ec718e94-->

    Code Coverage & Benchmarks

    For details see: https://corecheck.dev/bitcoin/bitcoin/pulls/35476.

    <!--021abf342d371248e50ceaed478a90ca-->

    Reviews

    See the guideline for information on the review process. A summary of reviews will appear here.

    <!--5faf32d7da4f0f540f40219e4f7537a3-->

  5. pinheadmz closed this on Jun 6, 2026
  6. pinheadmz commented at 11:33 PM on June 6, 2026: member

    Closing as suspected AI slop. If there is a human behind the PR that understands the code changes and can explain why they submitted them for review and how they reviewed themselves we may re open the PR.

  7. Ap4sh commented at 11:37 PM on June 6, 2026: none

    Well, im a real contributor behind the account and i should have made the review context clearer before opening it maybe

    The reason i submitted it is that ComputeTag() derives the one-time Poly1305 key from ChaCha20 block 0, then leaves the full temporary block on the stack after Poly1305 has copied the first 32 bytes into its context. Wiping that block after construction looked consistent with the existing memory_cleanse(one_block, sizeof(one_block)) in FSChaCha20Poly1305::NextPacket()

    I also checked that this does not change ciphertext/tag behavior, and ran the tests i've written. 100% fine with the PR staying closed if this is considered too small or not worth, and i'll make something better next time :)

    Edit: Tbf the change is pretty marginal and probably not worth reviewer time. Will do something better next time. Thanks!

  8. Ap4sh deleted the branch on Jun 7, 2026
Contributors
Ap4shDrahtBotpinheadmz
Labels
Utils/log/libs
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-06-11 10:51 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me