From 16735e135239b5ba91e3f1551a9e7530fcd9ca29 Mon Sep 17 00:00:00 2001
From: Rusty Russell <rusty@rustcorp.com.au>
Date: Tue, 27 Apr 2021 14:03:48 +0930
Subject: [PATCH] bitcoin: allow developer override of signature grinding.

Allows us to precisely replicate test vectors.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
---
 bitcoin/signature.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/bitcoin/signature.c b/bitcoin/signature.c
index 17b150fe4..977a83f54 100644
--- a/bitcoin/signature.c
+++ b/bitcoin/signature.c
@@ -94,6 +94,13 @@ static bool sig_has_low_r(const secp256k1_ecdsa_signature* sig)
 	return compact_sig[0] < 0x80;
 }
 
+#if DEVELOPER
+/* Some of the spec test vectors assume no sig grinding. */
+extern bool dev_no_grind;
+
+bool dev_no_grind = false;
+#endif
+
 void sign_hash(const struct privkey *privkey,
 	       const struct sha256_double *h,
 	       secp256k1_ecdsa_signature *s)
@@ -106,8 +113,13 @@ void sign_hash(const struct privkey *privkey,
 		ok = secp256k1_ecdsa_sign(secp256k1_ctx,
 					  s,
 					  h->sha.u.u8,
-					  privkey->secret.data, NULL, extra_entropy);
+					  privkey->secret.data, NULL,
+					  IFDEV(dev_no_grind ? NULL
+						: extra_entropy,
+						extra_entropy));
 		((u32 *)extra_entropy)[0]++;
+		if (IFDEV(dev_no_grind, false))
+			break;
 	} while (!sig_has_low_r(s));
 
 	assert(ok);