f allow all nonce directly in hmac_for_message

Author: TheBlueMatt

lightning/src/offers/signer.rs

@@ -379,15 +379,7 @@ pub(super) fn verify_recipient_metadata<'a, T: secp256k1::Signing>(
 	signing_pubkey: PublicKey, tlv_stream: impl core::iter::Iterator<Item = TlvRecord<'a>>,
 	secp_ctx: &Secp256k1<T>,
 ) -> Result<Option<Keypair>, ()> {
-	let hmac_res = hmac_for_message(metadata, expanded_key, iv_bytes, tlv_stream);
-	#[cfg(fuzzing)]
-	if hmac_res.is_err() {
-		// In fuzzing its relatively challenging for the fuzzer to find cases where we have issues
-		// in a BOLT 12 object but also have a right-sized nonce. So instead we allow any size
-		// nonce (i.e. `hmac_for_message` failing) and simply treat it as "no keypair").
-		return Ok(None);
-	}
-	let mut hmac = hmac_res?;
+	let mut hmac = hmac_for_message(metadata, expanded_key, iv_bytes, tlv_stream)?;
 	hmac.input(WITHOUT_ENCRYPTED_PAYMENT_ID_HMAC_INPUT);
 
 	verify_metadata(metadata, Hmac::from_engine(hmac), signing_pubkey, secp_ctx)
@@ -432,16 +424,24 @@ fn hmac_for_message<'a>(
 	metadata: &[u8], expanded_key: &ExpandedKey, iv_bytes: &[u8; IV_LEN],
 	tlv_stream: impl core::iter::Iterator<Item = TlvRecord<'a>>,
 ) -> Result<HmacEngine<Sha256>, ()> {
+	let mut hmac = expanded_key.hmac_for_offer();
+	hmac.input(iv_bytes);
+
 	if metadata.len() < Nonce::LENGTH {
-		return Err(());
+		// In fuzzing its relatively challenging for the fuzzer to find cases where we have issues
+		// in a BOLT 12 object but also have a right-sized nonce. So instead we allow any size
+		// nonce.
+		if cfg!(fuzzing) {
+			return Ok(hmac);
+		} else {
+			return Err(());
+		}
 	}
 
 	let nonce = match Nonce::try_from(&metadata[..Nonce::LENGTH]) {
 		Ok(nonce) => nonce,
 		Err(_) => return Err(()),
 	};
-	let mut hmac = expanded_key.hmac_for_offer();
-	hmac.input(iv_bytes);
 	hmac.input(&nonce.0);
 
 	for record in tlv_stream {