From 9b85ce7b03be42b3570c12bd634712c39afb72f2 Mon Sep 17 00:00:00 2001
From: Rusty Russell <rusty@rustcorp.com.au>
Date: Tue, 13 Jan 2026 22:52:11 +1030
Subject: [PATCH] hsmd: fix derivation for non-taproot addresses in modern
 mnemonic (25.12+) nodes.

This is a fix from https://github.com/rauaap who correctly diagnosed the problem:

```
Error broadcasting transaction: error code: -26\nerror message\nmempool-script-verify-flag-failed (Script failed an OP_EQUALVERIFY operation), input 0 of ...
```

The decision to use the changed derivation for all addresses, not just
taproot, came up during review.  Unfortunately, the signing code
(here) was not changed to match the address generation code (in the
wallet).

Reported-by: https://github.com/postanissue
Fixes: https://github.com/ElementsProject/lightning/issues/8804
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Changelog-Fixed: lightningd: we now correctly sign for non-taproot addresses given by nodes created by v25.12 or newer.
---
 hsmd/libhsmd.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/hsmd/libhsmd.c b/hsmd/libhsmd.c
index 53988bf03..4666012a2 100644
--- a/hsmd/libhsmd.c
+++ b/hsmd/libhsmd.c
@@ -540,9 +540,8 @@ static void hsm_key_for_utxo(struct privkey *privkey, struct pubkey *pubkey,
 		hsmd_status_debug("Derived public key %s from unilateral close",
 				  fmt_pubkey(tmpctx, pubkey));
 	} else {
-		/* Modern HSMs use bip86 for p2tr. */
-		if (is_p2tr(utxo->scriptPubkey, tal_bytelen(utxo->scriptPubkey), NULL)
-		    && use_bip86_derivation(tal_bytelen(secretstuff.bip32_seed))) {
+		/* Modern HSMs use bip86. */
+		if (use_bip86_derivation(tal_bytelen(secretstuff.bip32_seed))) {
 			/* Use BIP86 derivation */
 			bip86_key(privkey, pubkey, utxo->keyindex);
 		} else {