From 6455c908fd0d00e1f1b66e9816baa8f81745403d Mon Sep 17 00:00:00 2001 From: Antoine Poinsot Date: Sun, 3 Jan 2021 00:52:33 +0100 Subject: [PATCH] hsmtool: only write 32 bytes to hsm_secret on generatehsm Fixes #4302 Changelog-fixed: hsmtool: the `generatehsm` command now generates an appropriately-sized hsm_secret Signed-off-by: Antoine Poinsot --- tests/test_wallet.py | 1 - tools/hsmtool.c | 4 +++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/tests/test_wallet.py b/tests/test_wallet.py index 7c4a737c7794..efc549409e32 100644 --- a/tests/test_wallet.py +++ b/tests/test_wallet.py @@ -1083,7 +1083,6 @@ def test_hsmtool_dump_descriptors(node_factory, bitcoind): assert len(bitcoind.rpc.listunspent(1, 1, [addr])) == 1 -@pytest.mark.xfail(strict=True) @unittest.skipIf(VALGRIND, "It does not play well with prompt and key derivation.") def test_hsmtool_generatehsm(node_factory): l1 = node_factory.get_node() diff --git a/tools/hsmtool.c b/tools/hsmtool.c index 5def0086a96f..bc054cbffa25 100644 --- a/tools/hsmtool.c +++ b/tools/hsmtool.c @@ -503,7 +503,9 @@ static int generate_hsm(const char *hsm_secret_path) if (fd < 0) { errx(ERROR_USAGE, "Unable to create hsm_secret file"); } - if (!write_all(fd, bip32_seed, bip32_seed_len)) + /* Write only the first 32 bytes, length of the (plaintext) seed in the + * hsm_secret. */ + if (!write_all(fd, bip32_seed, 32)) errx(ERROR_USAGE, "Error writing secret to hsm_secret file"); if (fsync(fd) != 0)