Switch over to CCAN's ripemd160.

Avoids handing naked u8 arrays around, too.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>

Makefile

@@ -14,7 +14,7 @@ BITCOIN_OBJS := bitcoin/address.o bitcoin/base58.o bitcoin/pubkey.o bitcoin/scri
 
 HELPER_OBJS := lightning.pb-c.o pkt.o permute_tx.o anchor.o commit_tx.o opt_bits.o close_tx.o find_p2sh_out.o protobuf_convert.o
 
-CCAN_OBJS := ccan-crypto-sha256.o ccan-crypto-shachain.o ccan-err.o ccan-tal.o ccan-tal-str.o ccan-take.o ccan-list.o ccan-str.o ccan-opt-helpers.o ccan-opt.o ccan-opt-parse.o ccan-opt-usage.o ccan-read_write_all.o ccan-str-hex.o ccan-tal-grab_file.o ccan-noerr.o
+CCAN_OBJS := ccan-crypto-sha256.o ccan-crypto-shachain.o ccan-err.o ccan-tal.o ccan-tal-str.o ccan-take.o ccan-list.o ccan-str.o ccan-opt-helpers.o ccan-opt.o ccan-opt-parse.o ccan-opt-usage.o ccan-read_write_all.o ccan-str-hex.o ccan-tal-grab_file.o ccan-noerr.o ccan-crypto-ripemd160.o
 
 HEADERS := $(wildcard *.h)
 
@@ -95,4 +95,7 @@ ccan-crypto-shachain.o: $(CCANDIR)/ccan/crypto/shachain/shachain.c
 	$(CC) $(CFLAGS) -c -o $@ $<
 ccan-crypto-sha256.o: $(CCANDIR)/ccan/crypto/sha256/sha256.c
 	$(CC) $(CFLAGS) -c -o $@ $<
+ccan-crypto-ripemd160.o: $(CCANDIR)/ccan/crypto/ripemd160/ripemd160.c
+	$(CC) $(CFLAGS) -c -o $@ $<
+
 

bitcoin/address.c

@@ -7,5 +7,5 @@ void bitcoin_address(const struct pubkey *key, struct bitcoin_address *addr)
 	struct sha256 h;
 
 	sha256(&h, key->key, pubkey_len(key));
-	RIPEMD160(h.u.u8, sizeof(h), addr->addr);
+	ripemd160(&addr->addr, h.u.u8, sizeof(h));
 }

bitcoin/address.h

@@ -1,13 +1,13 @@
 #ifndef LIGHTNING_BITCOIN_ADDRESS_H
 #define LIGHTNING_BITCOIN_ADDRESS_H
 #include <ccan/short_types/short_types.h>
-#include <openssl/ripemd.h>
+#include <ccan/crypto/ripemd160/ripemd160.h>
 
 struct pubkey;
 
 /* An address is the RIPEMD160 of the SHA of the public key. */
 struct bitcoin_address {
-	u8 addr[RIPEMD160_DIGEST_LENGTH]; /* 20 */
+	struct ripemd160 addr;
 };	
 
 void bitcoin_address(const struct pubkey *key,

bitcoin/base58.c

@@ -143,17 +143,17 @@ void base58_get_checksum(u8 csum[4], const u8 buf[], size_t buflen)
 char *bitcoin_to_base58(const tal_t *ctx, bool test_net,
 			const struct bitcoin_address *addr)
 {
-	u8 buf[1 + RIPEMD160_DIGEST_LENGTH + 4];
+	u8 buf[1 + sizeof(addr->addr) + 4];
 	char out[BASE58_ADDR_MAX_LEN + 2], *p;
 
 	buf[0] = test_net ? 111 : 0;
 
-	BUILD_ASSERT(sizeof(*addr) == RIPEMD160_DIGEST_LENGTH);
-	memcpy(buf+1, addr, RIPEMD160_DIGEST_LENGTH);
+	BUILD_ASSERT(sizeof(addr->addr) == sizeof(struct ripemd160));
+	memcpy(buf+1, addr, sizeof(addr->addr));
 
 	/* Append checksum */
-	base58_get_checksum(buf + 1 + RIPEMD160_DIGEST_LENGTH,
-			    buf, 1 + RIPEMD160_DIGEST_LENGTH);
+	base58_get_checksum(buf + 1 + sizeof(addr->addr),
+			    buf, 1 + sizeof(addr->addr));
 
 	p = encode_base58(out, BASE58_ADDR_MAX_LEN, buf, sizeof(buf));
 	return tal_strdup(ctx, p);
@@ -163,7 +163,7 @@ bool bitcoin_from_base58(bool *test_net,
 			 struct bitcoin_address *addr,
 			 const char *base58, size_t base58_len)
 {
-	u8 buf[1 + RIPEMD160_DIGEST_LENGTH + 4];
+	u8 buf[1 + sizeof(addr->addr) + 4];
 	BIGNUM bn;
 	size_t len;
 	u8 csum[4];
@@ -187,32 +187,32 @@ bool bitcoin_from_base58(bool *test_net,
 	else
 		return false;
 
-	base58_get_checksum(csum, buf, 1 + RIPEMD160_DIGEST_LENGTH);
-	if (memcmp(csum, buf + 1 + RIPEMD160_DIGEST_LENGTH, sizeof(csum)) != 0)
+	base58_get_checksum(csum, buf, 1 + sizeof(addr->addr));
+	if (memcmp(csum, buf + 1 + sizeof(addr->addr), sizeof(csum)) != 0)
 		return false;
 
-	BUILD_ASSERT(sizeof(*addr) == RIPEMD160_DIGEST_LENGTH);
-	memcpy(addr, buf+1, sizeof(*addr));
+	memcpy(&addr->addr, buf+1, sizeof(addr->addr));
 	return true;
 }
 
 /* buf already contains version and ripemd160.  Append checksum and encode */
 char *base58_with_check(char dest[BASE58_ADDR_MAX_LEN],
-			u8 buf[1 + RIPEMD160_DIGEST_LENGTH + 4])
+			u8 buf[1 + sizeof(struct ripemd160) + 4])
 {
 	/* Append checksum */
-	base58_get_checksum(buf + 1 + RIPEMD160_DIGEST_LENGTH,
-			    buf, 1 + RIPEMD160_DIGEST_LENGTH);
+	base58_get_checksum(buf + 1 + sizeof(struct ripemd160),
+			    buf, 1 + sizeof(struct ripemd160));
 
 	/* Now encode. */
 	return encode_base58(dest, BASE58_ADDR_MAX_LEN, buf,
-			     1 + RIPEMD160_DIGEST_LENGTH + 4);
+			     1 + sizeof(struct ripemd160) + 4);
 }
 
-bool ripemd_from_base58(u8 *version, u8 ripemd160[RIPEMD160_DIGEST_LENGTH],
+bool ripemd_from_base58(u8 *version,
+			struct ripemd160 *ripemd160,
 			const char *base58)
 {
-	u8 buf[1 + RIPEMD160_DIGEST_LENGTH + 4];
+	u8 buf[1 + sizeof(*ripemd160) + 4];
 	u8 csum[4];
 	BIGNUM bn;
 	size_t len;
@@ -240,11 +240,11 @@ bool ripemd_from_base58(u8 *version, u8 ripemd160[RIPEMD160_DIGEST_LENGTH],
 
 	/* Check checksum is correct. */
 	base58_get_checksum(csum, buf, sizeof(buf));
-	if (memcmp(csum, buf + 1 + RIPEMD160_DIGEST_LENGTH, 4) != 0)
+	if (memcmp(csum, buf + 1 + sizeof(*ripemd160), 4) != 0)
 		return false;
 
 	*version = buf[0];
-	memcpy(ripemd160, buf + 1, RIPEMD160_DIGEST_LENGTH);
+	memcpy(ripemd160, buf + 1, sizeof(*ripemd160));
 	return true;
 }
 

bitcoin/base58.h

@@ -1,9 +1,8 @@
 #ifndef LIGHTNING_BITCOIN_BASE58_H
 #define LIGHTNING_BITCOIN_BASE58_H
-/* FIXME: Use libsecpk1 */
+#include <ccan/crypto/ripemd160/ripemd160.h>
 #include <ccan/short_types/short_types.h>
 #include <ccan/tal/tal.h>
-#include <openssl/ripemd.h>
 #include <openssl/bn.h>
 #include <stdbool.h>
 #include <stdlib.h>
@@ -30,11 +29,11 @@ bool bitcoin_from_base58(bool *test_net,
 			 struct bitcoin_address *addr,
 			 const char *base58, size_t len);
 
-bool ripemd_from_base58(u8 *version, u8 ripemd160[RIPEMD160_DIGEST_LENGTH],
+bool ripemd_from_base58(u8 *version, struct ripemd160 *ripemd160,
 			const char *base58);
 
 char *base58_with_check(char dest[BASE58_ADDR_MAX_LEN],
-			u8 buf[1 + RIPEMD160_DIGEST_LENGTH + 4]);
+			u8 buf[1 + sizeof(struct ripemd160) + 4]);
 
 char *key_to_base58(const tal_t *ctx, bool test_net, const struct privkey *key);
 bool key_from_base58(const char *base58, size_t base58_len,

bitcoin/script.c

@@ -1,6 +1,6 @@
+#include <ccan/crypto/ripemd160/ripemd160.h>
 #include <ccan/crypto/sha256/sha256.h>
 #include <ccan/endian/endian.h>
-#include <openssl/ripemd.h>
 #include <assert.h>
 #include "address.h"
 #include "pubkey.h"
@@ -146,13 +146,13 @@ u8 *bitcoin_redeem_single(const tal_t *ctx, const struct pubkey *key)
 u8 *scriptpubkey_p2sh(const tal_t *ctx, const u8 *redeemscript)
 {
 	struct sha256 h;
-	u8 redeemhash[RIPEMD160_DIGEST_LENGTH];
+	struct ripemd160 redeemhash;
 	u8 *script = tal_arr(ctx, u8, 0);
 
 	add_op(&script, OP_HASH160);
 	sha256(&h, redeemscript, tal_count(redeemscript));
-	RIPEMD160(h.u.u8, sizeof(h), redeemhash);
-	add_push_bytes(&script, redeemhash, sizeof(redeemhash));
+	ripemd160(&redeemhash, h.u.u8, sizeof(h));
+	add_push_bytes(&script, redeemhash.u.u8, sizeof(redeemhash.u.u8));
 	add_op(&script, OP_EQUAL);
 	return script;
 }
@@ -247,7 +247,7 @@ u8 *bitcoin_redeem_revocable(const tal_t *ctx,
 			     const struct sha256 *rhash)
 {
 	u8 *script = tal_arr(ctx, u8, 0);
-	u8 rhash_ripemd[RIPEMD160_DIGEST_LENGTH];
+	struct ripemd160 rhash_ripemd;
 	le32 locktime_le = cpu_to_le32(locktime);
 
 	/* If there are two args: */
@@ -256,9 +256,9 @@ u8 *bitcoin_redeem_revocable(const tal_t *ctx,
 	add_op(&script, OP_IF);
 
 	/* Must hash to revocation_hash, and be signed by them. */
-	RIPEMD160(rhash->u.u8, sizeof(rhash->u), rhash_ripemd);
+	ripemd160(&rhash_ripemd, rhash->u.u8, sizeof(rhash->u));
 	add_op(&script, OP_HASH160);
-	add_push_bytes(&script, rhash_ripemd, sizeof(rhash_ripemd));
+	add_push_bytes(&script, rhash_ripemd.u.u8, sizeof(rhash_ripemd.u.u8));
 	add_op(&script, OP_EQUALVERIFY);
 	add_push_key(&script, theirkey);