hsmd: Ensure the hsmd is initialized before anything else is called

Just a security measure to avoid alternative use-cases of the hsmd
running into the issue that they need to send a `WIRE_HSMD_INIT`
message as first message. If that is not done, the `secretstuff` won't
get initialized and we'd be producing signatures from uninitialized
memory, which are completely useless.

Changelog-None: Internal change only

hsmd/hsmd.c

@@ -69,6 +69,9 @@ static struct {
 	secp256k1_keypair bolt12;
 } secretstuff;
 
+/* Have we initialized the secretstuff? */
+static bool initialized = false;
+
 /* Version codes for BIP32 extended keys in libwally-core.
  * It's not suitable to add this struct into client struct,
  * so set it static.*/
@@ -772,6 +775,10 @@ static struct io_plan *init_hsm(struct io_conn *conn,
 		status_failed(STATUS_FAIL_INTERNAL_ERROR,
 		              "Could derive bolt12 public key.");
 
+	/* Now we can consider ourselves initialized, and we won't get
+	 * upset if we get a non-init message. */
+	initialized = true;
+
 	/*~ Note: marshalling a bip32 tree only marshals the public side,
 	 * not the secrets!  So we're not actually handing them out here!
 	 */
@@ -2015,6 +2022,15 @@ static struct io_plan *handle_client(struct io_conn *conn, struct client *c)
 		return bad_req_fmt(conn, c, c->msg_in,
 				   "does not have capability to run %d", t);
 
+	/* If we aren't initialized yet we better get an init message
+	 * first. Otherwise we don't load the secret and every
+	 * signature we produce is just going to be junk. */
+	if (!initialized && t != WIRE_HSMD_INIT)
+		status_failed(STATUS_FAIL_MASTER_IO,
+			      "hsmd was not initialized correctly, expected "
+			      "message type %d, got %d",
+			      WIRE_HSMD_INIT, t);
+
 	/* Now actually go and do what the client asked for */
 	switch (t) {
 	case WIRE_HSMD_INIT: