Merge bitcoin/bitcoin#27122: script: BIP341 txdata cannot be precomputed without spent outputs

95f12de925 BIP341 txdata cannot be precomputed without spent outputs (Pieter Wuille)

Pull request description:

  In `PrecomputedTransactionData::Init`, if `force` is set to `true`, `m_bip341_taproot_ready` is always set to true, suggesting that all its BIP341-relevant members (including `m_spent_amounts_single_hash`) are correct. If however no `spent` array of spent previous `CTxOut`s is provided, some of these members will be incorrect. This option was introduced in #21365.

  That doesn't actually hurt, as without prevout data, it's fundamentally impossible to generate correct BIP341 signatures anyway, and f722a9bd13/src/script/sign.cpp (L71) should prevent the logic from being used anyway.

  Still, don't set `m_bip341_taproot_ready` variable when we clearly don't have enough data to compute it.

  Discovered by Russell O'Connor.

ACKs for top commit:
  ajtowns:
    ACK 95f12de925
  achow101:
    ACK 95f12de925
  instagibbs:
    ACK 95f12de925

Tree-SHA512: 90acd2bfa50a7a0bde75a15a9f6c1f5c40f48fb5b870b1bbc4082777e24a482c8282463ef7d1245e53201dbcb5c196ef0386352f8e380e68cdf00c2111633b77

src/script/interpreter.cpp

@@ -1439,7 +1439,7 @@ void PrecomputedTransactionData::Init(const T& txTo, std::vector<CTxOut>&& spent
         hashOutputs = SHA256Uint256(m_outputs_single_hash);
         m_bip143_segwit_ready = true;
     }
-    if (uses_bip341_taproot) {
+    if (uses_bip341_taproot && m_spent_outputs_ready) {
         m_spent_amounts_single_hash = GetSpentAmountsSHA256(m_spent_outputs);
         m_spent_scripts_single_hash = GetSpentScriptsSHA256(m_spent_outputs);
         m_bip341_taproot_ready = true;