psbt: don't crash if we can't add a partial sig

instead return a boolean indicating the success/failure of a sig set

bitcoin/psbt.c

@@ -243,29 +243,24 @@ void psbt_input_add_pubkey(struct wally_psbt *psbt, size_t in,
 	assert(wally_err == WALLY_OK);
 }
 
-void psbt_input_set_partial_sig(struct wally_psbt *psbt, size_t in,
+bool psbt_input_set_partial_sig(struct wally_psbt *psbt, size_t in,
 				const struct pubkey *pubkey,
 				const struct bitcoin_signature *sig)
 {
-	int wally_err;
 	u8 pk_der[PUBKEY_CMPR_LEN];
 
 	assert(in < psbt->num_inputs);
 	if (!psbt->inputs[in].partial_sigs)
 		if (wally_partial_sigs_map_init_alloc(1, &psbt->inputs[in].partial_sigs) != WALLY_OK)
-			abort();
+			return false;
 
 	/* we serialize the compressed version of the key, wally likes this */
 	pubkey_to_der(pk_der, pubkey);
-	wally_err = wally_add_new_partial_sig(psbt->inputs[in].partial_sigs,
+	wally_psbt_input_set_sighash_type(&psbt->inputs[in], sig->sighash_type);
+	return wally_add_new_partial_sig(psbt->inputs[in].partial_sigs,
 					 pk_der, sizeof(pk_der),
 					 cast_const(unsigned char *, sig->s.data),
-					      sizeof(sig->s.data));
-	assert(wally_err == WALLY_OK);
-
-	wally_err = wally_psbt_input_set_sighash_type(&psbt->inputs[in],
-						      sig->sighash_type);
-	assert(wally_err == WALLY_OK);
+					 sizeof(sig->s.data)) == WALLY_OK;
 }
 
 void psbt_input_set_prev_utxo(struct wally_psbt *psbt, size_t in,

bitcoin/psbt.h

@@ -49,7 +49,7 @@ void psbt_rm_output(struct wally_psbt *psbt,
 void psbt_input_add_pubkey(struct wally_psbt *psbt, size_t in,
 			   const struct pubkey *pubkey);
 
-void psbt_input_set_partial_sig(struct wally_psbt *psbt, size_t in,
+WARN_UNUSED_RESULT bool psbt_input_set_partial_sig(struct wally_psbt *psbt, size_t in,
 						   const struct pubkey *pubkey,
 						   const struct bitcoin_signature *sig);
 

channeld/channeld.c

@@ -1291,8 +1291,11 @@ static void handle_peer_commit_sig(struct peer *peer, const u8 *msg)
 			peer->next_index[LOCAL], LOCAL);
 
 	/* Set the commit_sig on the commitment tx psbt */
-	psbt_input_set_partial_sig(txs[0]->psbt, 0,
-	    &peer->channel->funding_pubkey[REMOTE], &commit_sig);
+	if (!psbt_input_set_partial_sig(txs[0]->psbt, 0,
+					&peer->channel->funding_pubkey[REMOTE],
+					&commit_sig))
+		status_failed(STATUS_FAIL_INTERNAL_ERROR,
+			      "Unable to set signature internally");
 
 	if (!derive_simple_key(&peer->channel->basepoints[REMOTE].htlc,
 			       &peer->next_local_per_commit, &remote_htlckey))

openingd/openingd.c

@@ -846,10 +846,11 @@ static bool funder_finalize_channel_setup(struct state *state,
 	}
 
 	/* We save their sig to our first commitment tx */
-	psbt_input_set_partial_sig((*tx)->psbt, 0,
+	if (!psbt_input_set_partial_sig((*tx)->psbt, 0,
 					&state->their_funding_pubkey,
-				   sig);
-
+					sig))
+		status_failed(STATUS_FAIL_INTERNAL_ERROR,
+			      "Unable to set signature internally");
 
 	peer_billboard(false, "Funding channel: opening negotiation succeeded");
 

wallet/db.c

@@ -1173,8 +1173,9 @@ void migrate_last_tx_to_psbt(struct lightningd *ld, struct db *db)
 			abort();
 
 		last_sig.sighash_type = SIGHASH_ALL;
-		psbt_input_set_partial_sig(last_tx->psbt, 0,
-		    &remote_funding_pubkey, &last_sig);
+		if (!psbt_input_set_partial_sig(last_tx->psbt, 0,
+						&remote_funding_pubkey, &last_sig))
+			abort();
 		psbt_input_add_pubkey(last_tx->psbt, 0,
 		    &local_funding_pubkey);
 		psbt_input_add_pubkey(last_tx->psbt, 0,