musig: always clear out secret key in `secp256k1_musig_nonce_gen_counter` #1849

pull theStack wants to merge 1 commits into bitcoin-core:master from theStack:musig_nonce_gen_counter-memclear changing 1 files +2 −4

theStack commented at 10:25 PM on April 28, 2026: contributor

Even though secp256k1_musig_nonce_gen_internal can currently only fail if the surrounding API function is misused (invalid keypair or keyagg_cache parameters, making the corresponding seckey validation or pubkey/keyaggcache load calls fail), clearing out the stack memory holding the secret key as well in this case seems reasonable to follow best practices.

The issue was reported off-band by l0rinc (thanks!), in the course of analyzing the secp repository with AI tooling.

musig: always clear out secret key in `secp256k1_musig_nonce_gen_counter`

Even though `secp256k1_musig_nonce_gen_internal` can currently only fail
if the API is misused (invalid `keypair` or `keyagg_cache` parameters),
clear out the buffer holding secret key data as well in this case to
follow best practices.

The issue was found and reported by l0rinc using GPT 5.5 (Thanks!).

8479eafa57

furszy commented at 11:52 PM on April 28, 2026: member

ACK 8479eafa5720421d4b7f4b524a35e0a7edf291c7
real-or-random added the label side-channel on Apr 29, 2026
real-or-random added the label tweak/refactor on Apr 29, 2026
real-or-random approved
real-or-random commented at 6:03 AM on April 29, 2026: contributor

utACK 8479eafa5720421d4b7f4b524a35e0a7edf291c7
real-or-random merged this on Apr 29, 2026
real-or-random closed this on Apr 29, 2026
l0rinc referenced this in commit 2deca993b6 on Apr 29, 2026
theStack deleted the branch on Apr 29, 2026

Contributors

theStack

furszy

real-or-random

Labels

side-channel tweak/refactor

Linked (view graph)

#1850 musig: clear `pubnonce` output for invalid `seckey`