wallet: check WriteMasterKey result when changing passphrase #35500

pull cryptomentor-de wants to merge 1 commits into bitcoin:master from cryptomentor-de:wallet-check-writemasterkey changing 1 files +10 −2
  1. cryptomentor-de commented at 11:48 PM on June 9, 2026: none

    CWallet::ChangeWalletPassphrase ignores the return value of WalletBatch::WriteMasterKey. If the database write fails (e.g. disk full, I/O error), the RPC reports success while the wallet file on disk still requires the old passphrase. A user who discards the old passphrase after such a silent failure is locked out of their wallet after a restart.

    This PR:

    • Re-encrypts into a copy of the CMasterKey and only commits it to mapMasterKeys after the database write succeeds, so in-memory state never diverges from disk in any failure path. (Previously a failing EncryptMasterKey could also leave a mutated nDeriveIterations in the map entry.)
    • Checks the WriteMasterKey return value and returns false on failure.
    • Logs the write failure and restores the previous lock state before returning, so a failed call leaves the wallet exactly as it was.

    The disk-before-memory commit ordering mirrors the intent of EncryptWallet, which already treats memory/disk divergence of key material as unacceptable.

    Tested with wallet_tests/wallet_crypto_tests unit tests and the wallet_encryption.py functional test.

    🤖 Generated with Claude Code

  2. wallet: check WriteMasterKey result when changing passphrase
    ChangeWalletPassphrase ignored the return value of WriteMasterKey, so a
failed database write reported success while the wallet file on disk
still required the old passphrase. A user who discarded the old
passphrase after such a silent failure would be locked out of their
wallet after a restart.

Re-encrypt into a copy of the master key and only commit it to
mapMasterKeys after the database write succeeds, so the in-memory state
never diverges from disk. This also avoids mutating the in-memory
master key when EncryptMasterKey itself fails. On write failure, log
the error and restore the previous lock state.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
    29a60f6d6f
  3. DrahtBot added the label Wallet on Jun 9, 2026
  4. DrahtBot commented at 11:48 PM on June 9, 2026: contributor

    ♻️ Automatically closing for now based on heuristics. Please leave a comment, if this was erroneous. Generally, please focus on creating high-quality, original content that demonstrates a clear understanding of the project's requirements and goals.

    📝 Moderators: If this is spam, please replace the title with ., so that the thread does not appear in search results.

  5. DrahtBot closed this on Jun 9, 2026
  6. DrahtBot commented at 11:48 PM on June 9, 2026: contributor

    <!--e57a25ab6845829454e8d69fc972939a-->

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    <!--006a51241073e994b41acfe9ec718e94-->

    Code Coverage & Benchmarks

    For details see: https://corecheck.dev/bitcoin/bitcoin/pulls/35500.

    <!--021abf342d371248e50ceaed478a90ca-->

    Reviews

    See the guideline for information on the review process. A summary of reviews will appear here.

    <!--5faf32d7da4f0f540f40219e4f7537a3-->

Contributors
cryptomentor-deDrahtBot
Labels
Wallet
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-06-20 23:51 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me