From 6f9030168e88e47812733ba42b84bf2208671bc0 Mon Sep 17 00:00:00 2001
From: darosior <darosior@protonmail.com>
Date: Thu, 3 Oct 2019 23:08:43 +0200
Subject: [PATCH] lightningd: prevent hsmd from interpretating an encrypted
 hsm_secret as not encrypted

---
 lightningd/hsm_control.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/lightningd/hsm_control.c b/lightningd/hsm_control.c
index e051b19ef..5f1d43465 100644
--- a/lightningd/hsm_control.c
+++ b/lightningd/hsm_control.c
@@ -16,6 +16,7 @@
 #include <lightningd/log_status.h>
 #include <string.h>
 #include <sys/socket.h>
+#include <sys/stat.h>
 #include <sys/types.h>
 #include <wally_bip32.h>
 #include <wire/wire_sync.h>
@@ -92,6 +93,16 @@ void hsm_init(struct lightningd *ld)
 	if (!ld->hsm)
 		err(1, "Could not subd hsm");
 
+	/* If hsm_secret is encrypted and the --encrypted-hsm startup option is
+	 * not passed, don't let hsmd use the first 32 bytes of the cypher as the
+	 * actual secret. */
+	if (!ld->config.keypass) {
+		struct stat st;
+		if (stat("hsm_secret", &st) == 0 && st.st_size > 32)
+			errx(1, "hsm_secret is encrypted, you need to pass the "
+			        "--encrypted-hsm startup option.");
+	}
+
 	ld->hsm_fd = fds[0];
 	if (!wire_sync_write(ld->hsm_fd, towire_hsm_init(tmpctx,
 							 &ld->topology->bitcoind->chainparams->bip32_key_version,