[Minor] Provide description for rspamd_cryptobox_verify_compat function

diff --git a/src/libcryptobox/cryptobox.c b/src/libcryptobox/cryptobox.c
index 25ee9a471eda3a061579a27c8e48e98a6c9cff02..8462aab67c16010d6c987e0b91792f8ae95c7d85 100644 (file)
--- a/src/libcryptobox/cryptobox.c
+++ b/src/libcryptobox/cryptobox.c
@@ -706,87 +706,6 @@ void rspamd_cryptobox_sign(unsigned char *sig, unsigned long long *siglen_p,
        }
 }
 
-void rspamd_cryptobox_sign_compat(int nid, unsigned char *sig, unsigned long long *siglen_p,
-                                                                 const unsigned char *m, gsize mlen,
-                                                                 struct evp_pkey_st *sec_key, int ktype,
-                                                                 enum rspamd_cryptobox_mode mode)
-{
-       if (G_LIKELY(mode == RSPAMD_CRYPTOBOX_MODE_25519)) {
-               rspamd_sk_t sk;
-               size_t sk_len = sizeof(rspamd_sk_t);
-               EVP_PKEY_get_raw_private_key(sec_key, sk, &sk_len);
-               crypto_sign_detached(sig, siglen_p, m, mlen, sk);
-       }
-       else {
-#ifndef HAVE_USABLE_OPENSSL
-               g_assert(0);
-#else
-               EVP_MD_CTX *sha_ctx;
-               unsigned char h[64];
-               unsigned int diglen = rspamd_cryptobox_signature_bytes(mode);
-
-               /* Prehash */
-               sha_ctx = EVP_MD_CTX_create();
-               EVP_MD *type = NULL;
-               switch(nid)
-               {
-               case NID_sha1:
-                       type = EVP_sha1();
-                       break;
-               case NID_sha256:
-                       type = EVP_sha256();
-                       break;
-               case NID_sha512:
-                       type = EVP_sha512();
-                       break;
-               default:
-                       type = NULL;
-               }
-               g_assert(EVP_DigestInit(sha_ctx, type) == 1);
-               EVP_DigestUpdate(sha_ctx, m, mlen);
-               EVP_DigestFinal(sha_ctx, h, NULL);
-
-               /* ECDSA */
-#if OPENSSL_VERSION_MAJOR >= 3
-               EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(sec_key, NULL);
-
-               if(ktype == 1)
-                       EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PADDING);
-
-               g_assert(EVP_DigestSignInit(sha_ctx, NULL, type, NULL, sec_key) == 1);
-
-               size_t diglen_size_t = diglen;
-               EVP_DigestSign(sha_ctx, sig, &diglen_size_t, m, mlen);
-               diglen = diglen_size_t;
-
-               EVP_PKEY_CTX_free(pctx);
-               EVP_PKEY_free(sec_key);
-#else
-               EC_KEY *lk;
-               BIGNUM *bn_sec;
-
-               /* Key setup */
-               lk = EC_KEY_new_by_curve_name(CRYPTOBOX_CURVE_NID);
-               g_assert(lk != NULL);
-               bn_sec = BN_bin2bn(sk, sizeof(rspamd_sk_t), NULL);
-               g_assert(bn_sec != NULL);
-               g_assert(EC_KEY_set_private_key(lk, bn_sec) == 1);
-
-               g_assert(ECDSA_sign(0, h, sizeof(h), sig, &diglen, lk) == 1);
-               EC_KEY_free(lk);
-               BN_free(bn_sec);
-#endif
-               g_assert(diglen <= sizeof(rspamd_signature_t));
-
-               if (siglen_p) {
-                       *siglen_p = diglen;
-               }
-
-               EVP_MD_CTX_destroy(sha_ctx);
-#endif
-       }
-}
-
 bool rspamd_cryptobox_verify_compat(int nid,
                                                                        const unsigned char *sig,
                                                                        gsize siglen,

diff --git a/src/libcryptobox/cryptobox.h b/src/libcryptobox/cryptobox.h
index f11d31994990cd31132f5f51260e3f321ccea3f0..fa5a018dfa79cc0798d2df241cd0cbe226846927 100644 (file)
--- a/src/libcryptobox/cryptobox.h
+++ b/src/libcryptobox/cryptobox.h
@@ -207,11 +207,6 @@ void rspamd_cryptobox_sign(unsigned char *sig, unsigned long long *siglen_p,
                                                  const rspamd_sk_t sk,
                                                  enum rspamd_cryptobox_mode mode);
 
-void rspamd_cryptobox_sign_compat(int nid, unsigned char *sig, unsigned long long *siglen_p,
-                                                                const unsigned char *m, gsize mlen,
-                                                                struct evp_pkey_st *sec_key, int ktype,
-                                                                enum rspamd_cryptobox_mode mode);
-
 /**
 * Verifies digital signature for the specified message using the specified
 * pubkey
@@ -228,11 +223,20 @@ bool rspamd_cryptobox_verify(const unsigned char *sig,
                                                        const rspamd_pk_t pk,
                                                        enum rspamd_cryptobox_mode mode);
 
+/**
+ * Verifies digital signature for specified raw digest with specified pubkey
+ * @param nid signing algorithm nid
+ * @param sig signature source
+ * @param digest raw digest
+ * @param pub_key public key for verification
+ * @param ktype type of public key (1 - RSA, 0 - ECDSA)
+ * @return true if signature is valid, false otherwise
+ */
 bool rspamd_cryptobox_verify_compat(int nid,
                                                                   const unsigned char *sig,
                                                                   gsize siglen,
-                                                                  const unsigned char *m,
-                                                                  gsize mlen,
+                                                                  const unsigned char *digest,
+                                                                  gsize dlen,
                                                                   struct evp_pkey_st *pub_key, int ktype,
                                                                   enum rspamd_cryptobox_mode mode);