psbt: move witness script storage into the psbt

we can now keep associated witness data with the output in the psbt
struct, so we do that.

bitcoin/test/run-bitcoin_block_from_hex.c

@@ -42,6 +42,11 @@ u8 *fromwire_tal_arrn(const tal_t *ctx UNNEEDED,
 /* Generated stub for fromwire_u16 */
 u16 fromwire_u16(const u8 **cursor UNNEEDED, size_t *max UNNEEDED)
 { fprintf(stderr, "fromwire_u16 called!\n"); abort(); }
+/* Generated stub for psbt_add_output */
+struct wally_psbt_output *psbt_add_output(struct wally_psbt *psbt UNNEEDED,
+					  struct wally_tx_output *output UNNEEDED,
+					  size_t insert_at UNNEEDED)
+{ fprintf(stderr, "psbt_add_output called!\n"); abort(); }
 /* Generated stub for towire_amount_sat */
 void towire_amount_sat(u8 **pptr UNNEEDED, const struct amount_sat sat UNNEEDED)
 { fprintf(stderr, "towire_amount_sat called!\n"); abort(); }

bitcoin/test/run-tx-encode.c

@@ -43,6 +43,11 @@ u8 *fromwire_tal_arrn(const tal_t *ctx UNNEEDED,
 /* Generated stub for fromwire_u16 */
 u16 fromwire_u16(const u8 **cursor UNNEEDED, size_t *max UNNEEDED)
 { fprintf(stderr, "fromwire_u16 called!\n"); abort(); }
+/* Generated stub for psbt_add_output */
+struct wally_psbt_output *psbt_add_output(struct wally_psbt *psbt UNNEEDED,
+					  struct wally_tx_output *output UNNEEDED,
+					  size_t insert_at UNNEEDED)
+{ fprintf(stderr, "psbt_add_output called!\n"); abort(); }
 /* Generated stub for towire_amount_sat */
 void towire_amount_sat(u8 **pptr UNNEEDED, const struct amount_sat sat UNNEEDED)
 { fprintf(stderr, "towire_amount_sat called!\n"); abort(); }

bitcoin/tx.c

@@ -1,6 +1,7 @@
 #include <assert.h>
 #include <bitcoin/block.h>
 #include <bitcoin/chainparams.h>
+#include <bitcoin/psbt.h>
 #include <bitcoin/pullpush.h>
 #include <bitcoin/tx.h>
 #include <ccan/cast/cast.h>
@@ -16,10 +17,11 @@
 #define SEGREGATED_WITNESS_FLAG 0x1
 
 int bitcoin_tx_add_output(struct bitcoin_tx *tx, const u8 *script,
-			  struct amount_sat amount)
+			  u8 *wscript, struct amount_sat amount)
 {
 	size_t i = tx->wtx->num_outputs;
 	struct wally_tx_output *output;
+	struct wally_psbt_output *psbt_out;
 	int ret;
 	u64 satoshis = amount.satoshis; /* Raw: low-level helper */
 	const struct chainparams *chainparams = tx->chainparams;
@@ -48,6 +50,14 @@ int bitcoin_tx_add_output(struct bitcoin_tx *tx, const u8 *script,
 	ret = wally_tx_add_output(tx->wtx, output);
 	assert(ret == WALLY_OK);
 
+	psbt_out = psbt_add_output(tx->psbt, output, i);
+	if (wscript) {
+		ret = wally_psbt_output_set_witness_script(psbt_out,
+							   wscript,
+							   tal_bytelen(wscript));
+		assert(ret == WALLY_OK);
+	}
+
 	wally_tx_output_free(output);
 	bitcoin_tx_output_set_amount(tx, i, amount);
 
@@ -59,7 +69,7 @@ int bitcoin_tx_add_multi_outputs(struct bitcoin_tx *tx,
 {
 	for (size_t j = 0; j < tal_count(outputs); j++)
 		bitcoin_tx_add_output(tx, outputs[j]->script,
-				      outputs[j]->amount);
+				      NULL, outputs[j]->amount);
 
 	return tx->wtx->num_outputs;
 }
@@ -124,7 +134,6 @@ static int elements_tx_add_fee_output(struct bitcoin_tx *tx)
 {
 	struct amount_sat fee = bitcoin_tx_compute_fee(tx);
 	int pos;
-	struct witscript *w;
 
 	/* If we aren't using elements, we don't add explicit fee outputs */
 	if (!chainparams->is_elements || amount_sat_eq(fee, AMOUNT_SAT(0)))
@@ -136,18 +145,9 @@ static int elements_tx_add_fee_output(struct bitcoin_tx *tx)
 			break;
 	}
 
-	if (pos == tx->wtx->num_outputs) {
+	if (pos == tx->wtx->num_outputs)
-		w = tal(tx->output_witscripts, struct witscript);
+		return bitcoin_tx_add_output(tx, NULL, NULL, fee);
-		w->ptr = tal_arr(w, u8, 0);
+	else {
-
-		/* Make sure we have a place to stash the witness script in. */
-		if (tal_count(tx->output_witscripts) < pos + 1) {
-			tal_resize(&tx->output_witscripts, pos + 1);
-		}
-		tx->output_witscripts[pos] = w;
-
-		return bitcoin_tx_add_output(tx, NULL, fee);
-	} else {
 		bitcoin_tx_output_set_amount(tx, pos, fee);
 		return pos;
 	}
@@ -177,6 +177,7 @@ int bitcoin_tx_add_input(struct bitcoin_tx *tx, const struct bitcoin_txid *txid,
 	tx->input_amounts[i] = tal_free(tx->input_amounts[i]);
 	tx->input_amounts[i] = tal_dup(tx, struct amount_sat, &amount);
 
+
 	return i;
 }
 
@@ -189,9 +190,6 @@ bool bitcoin_tx_check(const struct bitcoin_tx *tx)
 	if (tal_count(tx->input_amounts) != tx->wtx->num_inputs)
 		return false;
 
-	if (tal_count(tx->output_witscripts) != tx->wtx->num_outputs)
-		return false;
-
 	if (wally_tx_get_length(tx->wtx, flags, &written) != WALLY_OK)
 		return false;
 
@@ -240,6 +238,38 @@ const u8 *bitcoin_tx_output_get_script(const tal_t *ctx,
 	return res;
 }
 
+struct witscript *bitcoin_tx_output_get_witscript(const tal_t *ctx,
+						  const struct bitcoin_tx *tx,
+						  int outnum)
+{
+	struct witscript *wit;
+	struct wally_psbt_output *out;
+	assert(outnum < tx->psbt->num_outputs);
+	out = &tx->psbt->outputs[outnum];
+
+	if (out->witness_script_len == 0)
+		return NULL;
+
+	wit = tal(ctx, struct witscript);
+	wit->ptr = tal_dup_arr(ctx, u8, out->witness_script, out->witness_script_len, 0);
+
+	return wit;
+}
+
+const struct witscript **bitcoin_tx_get_witscripts(const tal_t *ctx,
+						   const struct bitcoin_tx *tx)
+{
+	size_t i;
+	struct witscript **witscripts;
+	witscripts = tal_arr(ctx, struct witscript *, tx->wtx->num_outputs);
+
+	for (i = 0; i < tx->wtx->num_outputs; i++)
+		witscripts[i] = bitcoin_tx_output_get_witscript(witscripts, tx, i);
+
+	return cast_const2(const struct witscript **, witscripts);
+}
+
+
 /* FIXME(cdecker) Make the caller pass in a reference to amount_asset, and
  * return false if unintelligible/encrypted. (WARN UNUSED). */
 struct amount_asset bitcoin_tx_output_get_amount(const struct bitcoin_tx *tx,
@@ -446,7 +476,6 @@ struct bitcoin_tx *bitcoin_tx(const tal_t *ctx,
 	tx->input_amounts = tal_arrz(tx, struct amount_sat*, input_count);
 	tx->wtx->locktime = nlocktime;
 	tx->wtx->version = 2;
-	tx->output_witscripts = tal_arrz(tx, struct witscript*, output_count);
 	tx->chainparams = chainparams;
 
 	ret = wally_psbt_init_alloc(input_count, output_count,
@@ -459,12 +488,9 @@ struct bitcoin_tx *bitcoin_tx(const tal_t *ctx,
 
 void bitcoin_tx_finalize(struct bitcoin_tx *tx)
 {
-	size_t num_outputs, num_inputs;
+	size_t num_inputs;
 	elements_tx_add_fee_output(tx);
 
-	num_outputs = tx->wtx->num_outputs;
-	tal_resize(&(tx->output_witscripts), num_outputs);
-
 	num_inputs = tx->wtx->num_inputs;
 	tal_resize(&tx->input_amounts, num_inputs);
 	assert(bitcoin_tx_check(tx));
@@ -539,8 +565,6 @@ struct bitcoin_tx *bitcoin_tx_from_hex(const tal_t *ctx, const char *hex,
 
 	tal_free(linear_tx);
 
-	tx->output_witscripts =
-	    tal_arrz(tx, struct witscript *, tx->wtx->num_outputs);
 	tx->input_amounts =
 	    tal_arrz(tx, struct amount_sat *, tx->wtx->num_inputs);
 

bitcoin/tx.h

@@ -30,9 +30,6 @@ struct bitcoin_tx {
 	struct amount_sat **input_amounts;
 	struct wally_tx *wtx;
 
-	/* Need the output wscripts in the HSM to validate transaction */
-	struct witscript **output_witscripts;
-
 	/* Keep a reference to the ruleset we have to abide by */
 	const struct chainparams *chainparams;
 
@@ -78,6 +75,7 @@ struct bitcoin_tx *pull_bitcoin_tx(const tal_t *ctx,
 				   const u8 **cursor, size_t *max);
 /* Add one output to tx. */
 int bitcoin_tx_add_output(struct bitcoin_tx *tx, const u8 *script,
+			  u8 *wscript,
 			  struct amount_sat amount);
 
 /* Add mutiple output to tx. */
@@ -109,6 +107,15 @@ void bitcoin_tx_output_set_amount(struct bitcoin_tx *tx, int outnum,
  */
 const u8 *bitcoin_tx_output_get_script(const tal_t *ctx, const struct bitcoin_tx *tx, int outnum);
 
+/**
+ * Helper to get a witness script for an output.
+ */
+struct witscript *bitcoin_tx_output_get_witscript(const tal_t *ctx, const struct bitcoin_tx *tx, int outnum);
+
+/**
+ * Helper to get all witness scripts for a transaction.
+ */
+const struct witscript **bitcoin_tx_get_witscripts(const tal_t *ctx, const struct bitcoin_tx *tx);
 /** bitcoin_tx_output_get_amount_sat - Helper to get transaction output's amount
  *
  * Internally we use a `wally_tx` to represent the transaction. The

channeld/channeld.c

@@ -837,13 +837,14 @@ static secp256k1_ecdsa_signature *calc_commitsigs(const tal_t *ctx,
 	size_t i;
 	struct pubkey local_htlckey;
 	const u8 *msg;
+	const struct witscript **ws;
 	secp256k1_ecdsa_signature *htlc_sigs;
 
+	ws = bitcoin_tx_get_witscripts(tmpctx, txs[0]);
 	msg = towire_hsm_sign_remote_commitment_tx(NULL, txs[0],
 						   &peer->channel->funding_pubkey[REMOTE],
 						   *txs[0]->input_amounts[0],
-						   (const struct witscript **) txs[0]->output_witscripts,
+						   ws, &peer->remote_per_commit,
-						   &peer->remote_per_commit,
 						   peer->channel->option_static_remotekey);
 
 	msg = hsm_req(tmpctx, take(msg));
@@ -879,8 +880,11 @@ static secp256k1_ecdsa_signature *calc_commitsigs(const tal_t *ctx,
 
 	for (i = 0; i < tal_count(htlc_sigs); i++) {
 		struct bitcoin_signature sig;
-		msg = towire_hsm_sign_remote_htlc_tx(NULL, txs[i + 1],
+		struct witscript *w;
-						     txs[i+1]->output_witscripts[0]->ptr,
+
+		w = bitcoin_tx_output_get_witscript(tmpctx, txs[0],
+						    txs[i+1]->wtx->inputs[0].index);
+		msg = towire_hsm_sign_remote_htlc_tx(NULL, txs[i + 1], w->ptr,
 						     *txs[i+1]->input_amounts[0],
 						     &peer->remote_per_commit);
 
@@ -895,11 +899,10 @@ static secp256k1_ecdsa_signature *calc_commitsigs(const tal_t *ctx,
 			     type_to_string(tmpctx, struct bitcoin_signature,
 					    &sig),
 			     type_to_string(tmpctx, struct bitcoin_tx, txs[1+i]),
-			     tal_hex(tmpctx, txs[i+1]->output_witscripts[0]->ptr),
+			     tal_hex(tmpctx, w->ptr),
 			     type_to_string(tmpctx, struct pubkey,
 					    &local_htlckey));
-		assert(check_tx_sig(txs[1+i], 0, NULL,
+		assert(check_tx_sig(txs[1+i], 0, NULL, w->ptr,
-				    txs[i+1]->output_witscripts[0]->ptr,
 				    &local_htlckey,
 				    &sig));
 	}
@@ -1346,19 +1349,23 @@ static void handle_peer_commit_sig(struct peer *peer, const u8 *msg)
 	 */
 	for (i = 0; i < tal_count(htlc_sigs); i++) {
 		struct bitcoin_signature sig;
+		struct witscript *w;
+
+		w = bitcoin_tx_output_get_witscript(tmpctx, txs[0],
+						    txs[i+1]->wtx->inputs[0].index);
 
 		/* SIGHASH_ALL is implied. */
 		sig.s = htlc_sigs[i];
 		sig.sighash_type = SIGHASH_ALL;
 
-		if (!check_tx_sig(txs[1+i], 0, NULL, txs[1+i]->output_witscripts[0]->ptr,
+		if (!check_tx_sig(txs[1+i], 0, NULL, w->ptr,
 				  &remote_htlckey, &sig))
 			peer_failed(peer->pps,
 				    &peer->channel_id,
 				    "Bad commit_sig signature %s for htlc %s wscript %s key %s",
 				    type_to_string(msg, struct bitcoin_signature, &sig),
 				    type_to_string(msg, struct bitcoin_tx, txs[1+i]),
-				    tal_hex(msg, txs[1+i]->output_witscripts[0]->ptr),
+				    tal_hex(msg, w->ptr),
 				    type_to_string(msg, struct pubkey,
 						   &remote_htlckey));
 	}

channeld/commit_tx.c

@@ -36,8 +36,7 @@ size_t commit_tx_num_untrimmed(const struct htlc **htlcs,
 
 static void add_offered_htlc_out(struct bitcoin_tx *tx, size_t n,
 				 const struct htlc *htlc,
-				 const struct keyset *keyset,
+				 const struct keyset *keyset)
-				 struct witscript *o_wscript)
 {
 	struct ripemd160 ripemd;
 	u8 *wscript, *p2wsh;
@@ -46,19 +45,16 @@ static void add_offered_htlc_out(struct bitcoin_tx *tx, size_t n,
 	ripemd160(&ripemd, htlc->rhash.u.u8, sizeof(htlc->rhash.u.u8));
 	wscript = htlc_offered_wscript(tx, &ripemd, keyset);
 	p2wsh = scriptpubkey_p2wsh(tx, wscript);
-	bitcoin_tx_add_output(tx, p2wsh, amount);
+	bitcoin_tx_add_output(tx, p2wsh, wscript, amount);
 	SUPERVERBOSE("# HTLC %" PRIu64 " offered %s wscript %s\n", htlc->id,
 		     type_to_string(tmpctx, struct amount_sat, &amount),
 		     tal_hex(wscript, wscript));
-	o_wscript->ptr = tal_dup_arr(o_wscript, u8, wscript,
-				     tal_count(wscript), 0);
 	tal_free(wscript);
 }
 
 static void add_received_htlc_out(struct bitcoin_tx *tx, size_t n,
 				  const struct htlc *htlc,
-				  const struct keyset *keyset,
+				  const struct keyset *keyset)
-				  struct witscript *o_wscript)
 {
 	struct ripemd160 ripemd;
 	u8 *wscript, *p2wsh;
@@ -69,15 +65,13 @@ static void add_received_htlc_out(struct bitcoin_tx *tx, size_t n,
 	p2wsh = scriptpubkey_p2wsh(tx, wscript);
 	amount = amount_msat_to_sat_round_down(htlc->amount);
 
-	bitcoin_tx_add_output(tx, p2wsh, amount);
+	bitcoin_tx_add_output(tx, p2wsh, wscript, amount);
 
 	SUPERVERBOSE("# HTLC %"PRIu64" received %s wscript %s\n",
 		     htlc->id,
 		     type_to_string(tmpctx, struct amount_sat,
 				    &amount),
 		     tal_hex(wscript, wscript));
-	o_wscript->ptr = tal_dup_arr(o_wscript, u8,
-				     wscript, tal_count(wscript), 0);
 	tal_free(wscript);
 }
 
@@ -177,10 +171,7 @@ struct bitcoin_tx *commit_tx(const tal_t *ctx,
 			continue;
 		if (trim(htlcs[i], feerate_per_kw, dust_limit, side))
 			continue;
-		tx->output_witscripts[n] =
+		add_offered_htlc_out(tx, n, htlcs[i], keyset);
-			tal(tx->output_witscripts, struct witscript);
-		add_offered_htlc_out(tx, n, htlcs[i],
-				     keyset, tx->output_witscripts[n]);
 		(*htlcmap)[n] = htlcs[i];
 		cltvs[n] = abs_locktime_to_blocks(&htlcs[i]->expiry);
 		n++;
@@ -196,10 +187,7 @@ struct bitcoin_tx *commit_tx(const tal_t *ctx,
 			continue;
 		if (trim(htlcs[i], feerate_per_kw, dust_limit, side))
 			continue;
-		tx->output_witscripts[n] =
+		add_received_htlc_out(tx, n, htlcs[i], keyset);
-			tal(tx->output_witscripts, struct witscript);
-		add_received_htlc_out(tx, n, htlcs[i], keyset,
-				      tx->output_witscripts[n]);
 		(*htlcmap)[n] = htlcs[i];
 		cltvs[n] = abs_locktime_to_blocks(&htlcs[i]->expiry);
 		n++;
@@ -216,7 +204,7 @@ struct bitcoin_tx *commit_tx(const tal_t *ctx,
 		u8 *p2wsh = scriptpubkey_p2wsh(tx, wscript);
 		struct amount_sat amount = amount_msat_to_sat_round_down(self_pay);
 
-		bitcoin_tx_add_output(tx, p2wsh, amount);
+		bitcoin_tx_add_output(tx, p2wsh, wscript, amount);
 		/* Add a dummy entry to the htlcmap so we can recognize it later */
 		(*htlcmap)[n] = direct_outputs ? dummy_to_local : NULL;
 		/* We don't assign cltvs[n]: if we use it, order doesn't matter.
@@ -224,11 +212,6 @@ struct bitcoin_tx *commit_tx(const tal_t *ctx,
 		SUPERVERBOSE("# to-local amount %s wscript %s\n",
 			     type_to_string(tmpctx, struct amount_sat, &amount),
 			     tal_hex(tmpctx, wscript));
-		tx->output_witscripts[n] =
-			tal(tx->output_witscripts, struct witscript);
-		tx->output_witscripts[n]->ptr =
-			tal_dup_arr(tx->output_witscripts[n], u8,
-				    wscript, tal_count(wscript), 0);
 		n++;
 	}
 
@@ -249,7 +232,7 @@ struct bitcoin_tx *commit_tx(const tal_t *ctx,
 		 * This output sends funds to the other peer and thus is a simple
 		 * P2WPKH to `remotepubkey`.
 		 */
-		int pos = bitcoin_tx_add_output(tx, p2wpkh, amount);
+		int pos = bitcoin_tx_add_output(tx, p2wpkh, NULL, amount);
 		assert(pos == n);
 		(*htlcmap)[n] = direct_outputs ? dummy_to_remote : NULL;
 		/* We don't assign cltvs[n]: if we use it, order doesn't matter.

channeld/full_channel.c

@@ -237,7 +237,6 @@ static void add_htlcs(struct bitcoin_tx ***txs,
 	for (i = 0; i < tal_count(htlcmap); i++) {
 		const struct htlc *htlc = htlcmap[i];
 		struct bitcoin_tx *tx;
-		struct witscript *witscript;
 
 		if (!htlc)
 			continue;
@@ -256,13 +255,6 @@ static void add_htlcs(struct bitcoin_tx ***txs,
 					     feerate_per_kw,
 					     keyset);
 		}
-		/* Re-use the previously-generated witness script */
-		witscript = (*txs)[0]->output_witscripts[i];
-		tx->output_witscripts[0] =
-		        tal(tx->output_witscripts, struct witscript);
-		tx->output_witscripts[0]->ptr =
-			tal_dup_arr(tx->output_witscripts[0], u8,
-				    witscript->ptr, tal_count(witscript->ptr), 0);
 
 		/* Append to array. */
 		tal_arr_expand(txs, tx);

channeld/watchtower.c

@@ -71,7 +71,7 @@ penalty_tx_create(const tal_t *ctx,
 	bitcoin_tx_add_input(tx, commitment_txid, to_them_outnum, 0xFFFFFFFF,
 			     to_them_sats, NULL);
 
-	bitcoin_tx_add_output(tx, final_scriptpubkey, to_them_sats);
+	bitcoin_tx_add_output(tx, final_scriptpubkey, NULL, to_them_sats);
 
 	/* Worst-case sig is 73 bytes */
 	weight = bitcoin_tx_weight(tx) + 1 + 3 + 73 + 0 + tal_count(wscript);

common/close_tx.c

@@ -44,14 +44,14 @@ struct bitcoin_tx *create_close_tx(const tal_t *ctx,
 	if (amount_sat_greater_eq(to_us, dust_limit)) {
 		script = tal_dup_talarr(tx, u8, our_script);
 		/* One output is to us. */
-		bitcoin_tx_add_output(tx, script, to_us);
+		bitcoin_tx_add_output(tx, script, NULL, to_us);
 		num_outputs++;
 	}
 
 	if (amount_sat_greater_eq(to_them, dust_limit)) {
 		script = tal_dup_talarr(tx, u8, their_script);
 		/* Other output is to them. */
-		bitcoin_tx_add_output(tx, script, to_them);
+		bitcoin_tx_add_output(tx, script, NULL, to_them);
 		num_outputs++;
 	}
 

common/funding_tx.c

@@ -33,7 +33,7 @@ struct bitcoin_tx *funding_tx(const tal_t *ctx,
 	wscript = bitcoin_redeem_2of2(tx, local_fundingkey, remote_fundingkey);
 	SUPERVERBOSE("# funding witness script = %s\n",
 		     tal_hex(wscript, wscript));
-	bitcoin_tx_add_output(tx, scriptpubkey_p2wsh(tx, wscript), funding);
+	bitcoin_tx_add_output(tx, scriptpubkey_p2wsh(tx, wscript), wscript, funding);
 	tal_free(wscript);
 
 	if (has_change) {
@@ -41,7 +41,7 @@ struct bitcoin_tx *funding_tx(const tal_t *ctx,
 		map[0] = int2ptr(0);
 		map[1] = int2ptr(1);
 		bitcoin_tx_add_output(tx, scriptpubkey_p2wpkh(tx, changekey),
-				      change);
+				      NULL, change);
 		permute_outputs(tx, NULL, map);
 		*outnum = (map[0] == int2ptr(0) ? 0 : 1);
 	} else {

common/htlc_tx.c

@@ -60,17 +60,12 @@ static struct bitcoin_tx *htlc_tx(const tal_t *ctx,
 
 	wscript = bitcoin_wscript_htlc_tx(tx, to_self_delay, revocation_pubkey,
 					  local_delayedkey);
-	bitcoin_tx_add_output(tx, scriptpubkey_p2wsh(tx, wscript), amount);
+	bitcoin_tx_add_output(tx, scriptpubkey_p2wsh(tx, wscript),
+			      wscript, amount);
 
 	bitcoin_tx_finalize(tx);
 	assert(bitcoin_tx_check(tx));
 
-	tx->output_witscripts[0] =
-			tal(tx->output_witscripts, struct witscript);
-	tx->output_witscripts[0]->ptr =
-			tal_dup_arr(tx->output_witscripts[0], u8,
-				    wscript, tal_count(wscript), 0);
-
 	tal_free(wscript);
 
 	return tx;

common/initial_commit_tx.c

@@ -176,13 +176,8 @@ struct bitcoin_tx *initial_commit_tx(const tal_t *ctx,
 		u8 *wscript = to_self_wscript(tmpctx, to_self_delay, keyset);
 		amount = amount_msat_to_sat_round_down(self_pay);
 		int pos = bitcoin_tx_add_output(
-		    tx, scriptpubkey_p2wsh(tx, wscript), amount);
+		    tx, scriptpubkey_p2wsh(tx, wscript), wscript, amount);
 		assert(pos == n);
-		tx->output_witscripts[n] =
-			tal(tx->output_witscripts, struct witscript);
-		tx->output_witscripts[n]->ptr =
-			tal_dup_arr(tx->output_witscripts[n], u8,
-				    wscript, tal_count(wscript), 0);
 		output_order[n] = dummy_local;
 		n++;
 	}
@@ -204,7 +199,7 @@ struct bitcoin_tx *initial_commit_tx(const tal_t *ctx,
 		amount = amount_msat_to_sat_round_down(other_pay);
 		int pos = bitcoin_tx_add_output(
 		    tx, scriptpubkey_p2wpkh(tx, &keyset->other_payment_key),
-		    amount);
+		    NULL, amount);
 		assert(pos == n);
 		output_order[n] = dummy_remote;
 		n++;

common/permute_tx.c

@@ -84,11 +84,13 @@ void permute_inputs(struct bitcoin_tx *tx, const void **map)
 }
 
 static void swap_wally_outputs(struct wally_tx_output *outputs,
-			 const void **map,
+			       struct wally_tx_output *psbt_global_outs,
-			 u32 *cltvs,
+			       struct wally_psbt_output *psbt_outs,
+			       const void **map, u32 *cltvs,
 			       size_t i1, size_t i2)
 {
 	struct wally_tx_output tmpoutput;
+	struct wally_psbt_output tmppsbtout;
 
 	if (i1 == i2)
 		return;
@@ -97,6 +99,16 @@ static void swap_wally_outputs(struct wally_tx_output *outputs,
 	outputs[i1] = outputs[i2];
 	outputs[i2] = tmpoutput;
 
+	/* For the PSBT, we swap the psbt outputs and
+	 * the global tx's outputs */
+	tmpoutput = psbt_global_outs[i1];
+	psbt_global_outs[i1] = psbt_global_outs[i2];
+	psbt_global_outs[i2] = tmpoutput;
+
+	tmppsbtout = psbt_outs[i1];
+	psbt_outs[i1] = psbt_outs[i2];
+	psbt_outs[i2] = tmppsbtout;
+
 	if (map) {
 		const void *tmp = map[i1];
 		map[i1] = map[i2];
@@ -174,13 +186,9 @@ void permute_outputs(struct bitcoin_tx *tx, u32 *cltvs, const void **map)
 				      num_outputs - i);
 
 		/* Swap best into first place. */
-		swap_wally_outputs(tx->wtx->outputs, map, cltvs, i, best_pos);
+		swap_wally_outputs(tx->wtx->outputs,
-
+				   tx->psbt->tx->outputs,
-		/* If output_witscripts are present, swap them to match. */
+				   tx->psbt->outputs,
-		if (tx->output_witscripts) {
+				   map, cltvs, i, best_pos);
-			struct witscript *tmp = tx->output_witscripts[i];
-			tx->output_witscripts[i] = tx->output_witscripts[best_pos];
-			tx->output_witscripts[best_pos] = tmp;
-		}
 	}
 }

common/withdraw_tx.c

@@ -38,7 +38,7 @@ struct bitcoin_tx *withdraw_tx(const tal_t *ctx,
 			map[i] = int2ptr(i);
 
 		bitcoin_tx_add_output(tx, scriptpubkey_p2wpkh(tmpctx, changekey),
-				      change);
+				      NULL, change);
 
 		assert(tx->wtx->num_outputs == output_count);
 		permute_outputs(tx, NULL, map);

devtools/mkclose.c

@@ -139,7 +139,7 @@ int main(int argc, char *argv[])
 		u8 *script = scriptpubkey_p2wpkh(NULL, &outkey[LOCAL]);
 		printf("# local witness script: %s\n", tal_hex(NULL, script));
 		/* One output is to us. */
-		bitcoin_tx_add_output(tx, script,
+		bitcoin_tx_add_output(tx, script, NULL,
 				      amount_msat_to_sat_round_down(local_msat));
 		num_outputs++;
 	} else
@@ -149,7 +149,7 @@ int main(int argc, char *argv[])
 		u8 *script = scriptpubkey_p2wpkh(NULL, &outkey[REMOTE]);
 		printf("# remote witness script: %s\n", tal_hex(NULL, script));
 		/* Other output is to them. */
-		bitcoin_tx_add_output(tx, script,
+		bitcoin_tx_add_output(tx, script, NULL,
 				      amount_msat_to_sat_round_down(remote_msat));
 		num_outputs++;
 	} else

devtools/mkcommit.c

@@ -465,6 +465,7 @@ int main(int argc, char *argv[])
 	for (size_t i = 0; i < tal_count(htlcmap); i++) {
 		struct bitcoin_signature local_htlc_sig, remote_htlc_sig;
 		struct amount_sat amt;
+		struct witscript *w;
 
 		if (!htlcmap[i])
 			continue;
@@ -476,17 +477,15 @@ int main(int argc, char *argv[])
 		local_txs[1+i]->input_amounts[0]
 			= tal_dup(local_txs[1+i], struct amount_sat, &amt);
 
-		printf("# wscript: %s\n", tal_hex(NULL, local_txs[1+i]->output_witscripts[1+i]->ptr));
+		w = bitcoin_tx_output_get_witscript(NULL, local_txs[1+i], 1+i);
+		printf("# wscript: %s\n", tal_hex(NULL, w->ptr));
 
-		bitcoin_tx_hash_for_sig(local_txs[1+i], 0,
+		bitcoin_tx_hash_for_sig(local_txs[1+i], 0, w->ptr,
-					local_txs[1+i]->output_witscripts[1+i]->ptr,
 					SIGHASH_ALL, &hash);
-		sign_tx_input(local_txs[1+i], 0, NULL,
+		sign_tx_input(local_txs[1+i], 0, NULL, w->ptr,
-			      local_txs[1+i]->output_witscripts[1+i]->ptr,
 			      &local_htlc_privkey, &local_htlc_pubkey,
 			      SIGHASH_ALL, &local_htlc_sig);
-		sign_tx_input(local_txs[1+i], 0, NULL,
+		sign_tx_input(local_txs[1+i], 0, NULL, w->ptr,
-			      local_txs[1+i]->output_witscripts[1+i]->ptr,
 			      &remote_htlc_privkey, &remote_htlc_pubkey,
 			      SIGHASH_ALL, &remote_htlc_sig);
 		printf("localsig_on_local output %zu: %s\n",
@@ -498,13 +497,13 @@ int main(int argc, char *argv[])
 			witness = bitcoin_witness_htlc_timeout_tx(NULL,
 								  &local_htlc_sig,
 								  &remote_htlc_sig,
-								  local_txs[1+i]->output_witscripts[1+i]->ptr);
+								  w->ptr);
 		else
 			witness = bitcoin_witness_htlc_success_tx(NULL,
 								  &local_htlc_sig,
 								  &remote_htlc_sig,
 								  preimage_of(&htlcmap[i]->rhash, cast_const2(const struct existing_htlc **, htlcs)),
-								  local_txs[1+i]->output_witscripts[1+i]->ptr);
+								  w->ptr);
 		bitcoin_tx_input_set_witness(local_txs[1+i], 0, witness);
 		printf("htlc tx for output %zu: %s\n",
 		       i, tal_hex(NULL, linearize_tx(NULL, local_txs[1+i])));
@@ -581,6 +580,7 @@ int main(int argc, char *argv[])
 	for (size_t i = 0; i < tal_count(htlcmap); i++) {
 		struct bitcoin_signature local_htlc_sig, remote_htlc_sig;
 		struct amount_sat amt;
+		struct witscript *w;
 
 		if (!htlcmap[i])
 			continue;
@@ -592,16 +592,14 @@ int main(int argc, char *argv[])
 		remote_txs[1+i]->input_amounts[0]
 			= tal_dup(remote_txs[1+i], struct amount_sat, &amt);
 
-		printf("# wscript: %s\n", tal_hex(NULL, remote_txs[1+i]->output_witscripts[1+i]->ptr));
+		w = bitcoin_tx_output_get_witscript(NULL, remote_txs[1+i], 1+i);
-		bitcoin_tx_hash_for_sig(remote_txs[1+i], 0,
+		printf("# wscript: %s\n", tal_hex(NULL, w->ptr));
-					remote_txs[1+i]->output_witscripts[1+i]->ptr,
+		bitcoin_tx_hash_for_sig(remote_txs[1+i], 0, w->ptr,
 					SIGHASH_ALL, &hash);
-		sign_tx_input(remote_txs[1+i], 0, NULL,
+		sign_tx_input(remote_txs[1+i], 0, NULL, w->ptr,
-			      remote_txs[1+i]->output_witscripts[1+i]->ptr,
 			      &local_htlc_privkey, &local_htlc_pubkey,
 			      SIGHASH_ALL, &local_htlc_sig);
-		sign_tx_input(remote_txs[1+i], 0, NULL,
+		sign_tx_input(remote_txs[1+i], 0, NULL, w->ptr,
-			      remote_txs[1+i]->output_witscripts[1+i]->ptr,
 			      &remote_htlc_privkey, &remote_htlc_pubkey,
 			      SIGHASH_ALL, &remote_htlc_sig);
 		printf("localsig_on_remote output %zu: %s\n",
@@ -613,13 +611,13 @@ int main(int argc, char *argv[])
 			witness = bitcoin_witness_htlc_timeout_tx(NULL,
 								  &remote_htlc_sig,
 								  &local_htlc_sig,
-								  remote_txs[1+i]->output_witscripts[1+i]->ptr);
+								  w->ptr);
 		else
 			witness = bitcoin_witness_htlc_success_tx(NULL,
 								  &remote_htlc_sig,
 								  &local_htlc_sig,
 								  preimage_of(&htlcmap[i]->rhash, cast_const2(const struct existing_htlc **, htlcs)),
-								  remote_txs[1+i]->output_witscripts[1+i]->ptr);
+								  w->ptr);
 		bitcoin_tx_input_set_witness(remote_txs[1+i], 0, witness);
 		printf("htlc tx for output %zu: %s\n",
 		       i, tal_hex(NULL, linearize_tx(NULL, remote_txs[1+i])));

onchaind/onchaind.c

@@ -495,7 +495,7 @@ static void set_htlc_success_fee(struct bitcoin_tx *tx,
 		if (!grind_htlc_tx_fee(&fee, tx, remotesig, wscript, weight))
 			status_failed(STATUS_FAIL_INTERNAL_ERROR,
 				      "htlc_success_fee can't be found "
-				      " for tx %s, signature %s, wscript %s",
+				      "for tx %s, signature %s, wscript %s",
 				      type_to_string(tmpctx, struct bitcoin_tx,
 						     tx),
 				      type_to_string(tmpctx,
@@ -611,7 +611,7 @@ static struct bitcoin_tx *tx_to_us(const tal_t *ctx,
 			     out->sat, NULL);
 
 	bitcoin_tx_add_output(
-	    tx, scriptpubkey_p2wpkh(tx, &our_wallet_pubkey), out->sat);
+	    tx, scriptpubkey_p2wpkh(tx, &our_wallet_pubkey), NULL, out->sat);
 
 	/* Worst-case sig is 73 bytes */
 	weight = bitcoin_tx_weight(tx) + 1 + 3 + 73 + 0 + tal_count(wscript);

openingd/openingd.c

@@ -667,6 +667,7 @@ static bool funder_finalize_channel_setup(struct state *state,
 	struct channel_id id_in;
 	const u8 *wscript;
 	char *err_reason;
+	const struct witscript **ws;
 	struct wally_tx_output *direct_outputs[NUM_SIDES];
 
 	/*~ Now we can initialize the `struct channel`.  This represents
@@ -732,11 +733,12 @@ static bool funder_finalize_channel_setup(struct state *state,
 	 * witness script.  It also needs the amount of the funding output,
 	 * as segwit signatures commit to that as well, even though it doesn't
 	 * explicitly appear in the transaction itself. */
+	ws = bitcoin_tx_get_witscripts(tmpctx, *tx);
 	msg = towire_hsm_sign_remote_commitment_tx(NULL,
 						   *tx,
 						   &state->channel->funding_pubkey[REMOTE],
 						   state->channel->funding,
-						   (const struct witscript **) (*tx)->output_witscripts,
+						   ws,
 						   &state->first_per_commitment_point[REMOTE],
 						   state->channel->option_static_remotekey);
 
@@ -911,6 +913,7 @@ static u8 *fundee_channel(struct state *state, const u8 *open_channel_msg)
 	struct bitcoin_signature theirsig, sig;
 	struct bitcoin_tx *local_commit, *remote_commit;
 	struct bitcoin_blkid chain_hash;
+	const struct witscript **ws;
 	u8 *msg;
 	const u8 *wscript;
 	u8 channel_flags;
@@ -1267,11 +1270,12 @@ static u8 *fundee_channel(struct state *state, const u8 *open_channel_msg)
 	}
 
 	/* Make HSM sign it */
+	ws = bitcoin_tx_get_witscripts(tmpctx, remote_commit);
 	msg = towire_hsm_sign_remote_commitment_tx(NULL,
 						   remote_commit,
 						   &state->channel->funding_pubkey[REMOTE],
 						   state->channel->funding,
-						   (const struct witscript **) remote_commit->output_witscripts,
+						   ws,
 						   &state->first_per_commitment_point[REMOTE],
 						   state->channel->option_static_remotekey);