From a8eae82dbcc70ecb4380cf6393c6b594b9abe995 Mon Sep 17 00:00:00 2001
From: Jonathan McDowell <noodles@earth.li>
Date: Mon, 30 Sep 2013 12:50:01 +0100
Subject: [PATCH] Add support for checking RIPEMD160 signatures

Sufficiently recent versions of nettle have support for RIPEMD160 and
there are various keys in the wild that use this algorithm, so add an
autoconf check for the nettle support and use it if it's available.
---
 m4/ax_lib_nettle.m4 |  1 +
 sigcheck.c          | 17 +++++++++++++++++
 2 files changed, 18 insertions(+)

diff --git a/m4/ax_lib_nettle.m4 b/m4/ax_lib_nettle.m4
index 14f923f..cff46d0 100644
--- a/m4/ax_lib_nettle.m4
+++ b/m4/ax_lib_nettle.m4
@@ -68,6 +68,7 @@ AC_DEFUN([AX_LIB_NETTLE],[
         AX_CHECK_NETTLE_ALGO([MD2],[md2_digest])
         AX_CHECK_NETTLE_ALGO([MD4],[md4_digest])
         AX_CHECK_NETTLE_ALGO([MD5],[md5_digest])
+        AX_CHECK_NETTLE_ALGO([RIPEMD160],[ripemd160_digest])
         AX_CHECK_NETTLE_ALGO([SHA1],[sha1_digest])
         AX_CHECK_NETTLE_ALGO([SHA224],[sha224_digest])
         AX_CHECK_NETTLE_ALGO([SHA256],[sha256_digest])
diff --git a/sigcheck.c b/sigcheck.c
index 852b53b..a0f4feb 100644
--- a/sigcheck.c
+++ b/sigcheck.c
@@ -27,6 +27,7 @@
 
 #ifdef HAVE_NETTLE
 #include <nettle/md5.h>
+#include <nettle/ripemd160.h>
 #include <nettle/sha.h>
 #else
 #include "md5.h"
@@ -42,6 +43,9 @@ int check_packet_sighash(struct openpgp_publickey *key,
 	size_t siglen, unhashedlen;
 	struct sha1_ctx sha1_context;
 	struct md5_ctx md5_context;
+#ifdef NETTLE_WITH_RIPEMD160
+	struct ripemd160_ctx ripemd160_context;
+#endif
 #ifdef NETTLE_WITH_SHA224
 	struct sha224_ctx sha224_context;
 #endif
@@ -165,6 +169,19 @@ int check_packet_sighash(struct openpgp_publickey *key,
 		}
 		sha1_digest(&sha1_context, 20, hash);
 		break;
+	case OPENPGP_HASH_RIPEMD160:
+#ifdef NETTLE_WITH_RIPEMD160
+		ripemd160_init(&ripemd160_context);
+		for (i = 0; i < chunks; i++) {
+			ripemd160_update(&ripemd160_context, hashlen[i],
+				hashdata[i]);
+		}
+		ripemd160_digest(&ripemd160_context, RIPEMD160_DIGEST_SIZE,
+			hash);
+#else
+		logthing(LOGTHING_INFO, "RIPEMD160 support not available.");
+		return -1;
+#endif
 	case OPENPGP_HASH_SHA224:
 #ifdef NETTLE_WITH_SHA224
 		sha224_init(&sha224_context);
-- 
2.30.2