pub/dsa.h, pub/dsa-sign.h: Deprecate the old DSA interface.

It's terribly crufty and hard to use properly, because it offloads most
of the hard work onto its caller.  It's also next to impossible to fix.

The main problem is the handling of the nonce, which the caller is
expected to have come up with somehow and passed in.  It would be nice
to make this optional, and come up with a deterministic (or randomized-
but-safe) nonce in the default case, but that's very hard to do with
this interface:

  * The function isn't given a random number generator so it can't use
    that to randomize its nonce, if it wanted to do that.

  * Worse, we aren't given a hash function, so we don't know which one
    to use for generating the nonce.

It'd be possible to write a complicated thing which picks a hash
function out of a list somehow based on the other parameters, but it
doesn't seem worthwhile when taking advantage of this will still require
source changes to callers, and the newer `gdsa' interface is much
less awful.

So I'll just deprecate these old functions and hope that nobody uses
them for anything.

diff --git a/pub/dsa-sign.c b/pub/dsa-sign.c
index 23bbf7f5cee9b830f086936c9ec211c9d12ae731..7593a7418322c9a7b6f9e88274bde415348c96a8 100644 (file)
--- a/pub/dsa-sign.c
+++ b/pub/dsa-sign.c
@@ -27,6 +27,7 @@
 
 /*----- Header files ------------------------------------------------------*/
 
+#define CATACOMB_DSAIMPL
 #include "dsa.h"
 #include "mp.h"
 #include "mpbarrett.h"

diff --git a/pub/dsa.h b/pub/dsa.h
index 2a9a99d234a47ba136c4a29bef36d054fb935415..5079e1cd10bc69b26b2be852d69173792fcfaf88 100644 (file)
--- a/pub/dsa.h
+++ b/pub/dsa.h
@@ -43,6 +43,8 @@
 
 /*----- Header files ------------------------------------------------------*/
 
+#include <mLib/macros.h>
+
 #ifndef CATACOMB_DH_H
 #  include "dh.h"
 #endif
@@ -223,11 +225,18 @@ extern mp *dsa_nonce(mp */*d*/, mp */*q*/, mp */*x*/, const octet */*m*/,
  * Returns:    ---
  *
  * Use:                Computes a DSA signature of a message.
+ *
+ *             This function is deprecated.  It's really rather badly
+ *             designed, and hard to use securely (and hard to fix).  Please
+ *             use @gdsa_sign@ instead.
  */
 
-extern void dsa_mksig(const dsa_param */*dp*/, mp */*a*/,
-                     mp */*m*/, mp */*k*/,
-                     mp **/*rr*/, mp **/*ss*/);
+extern
+#ifndef CATACOMB_DSAIMPL
+  DEPRECATED("please use `gdsa_sign' instead")
+#endif
+  void dsa_mksig(const dsa_param */*dp*/, mp */*a*/, mp */*m*/, mp */*k*/,
+                mp **/*rr*/, mp **/*ss*/);
 
 /* --- @dsa_sign@ --- *
  *
@@ -246,13 +255,20 @@ extern void dsa_mksig(const dsa_param */*dp*/, mp */*a*/,
  *
  * Use:                Signs a message, storing the results in a big-endian binary
  *             form.
+ *
+ *             This function is deprecated.  It's really rather badly
+ *             designed, and hard to use securely (and hard to fix).  Please
+ *             use @gdsa_sign@ instead.
  */
 
-extern void dsa_sign(dsa_param */*dp*/, mp */*a*/,
-                    const void */*m*/, size_t /*msz*/,
-                    const void */*k*/, size_t /*ksz*/,
-                    void */*r*/, size_t /*rsz*/,
-                    void */*s*/, size_t /*ssz*/);
+extern
+#ifndef CATACOMB_DSAIMPL
+  DEPRECATED("please use `gdsa_sign' instead")
+#endif
+  void dsa_sign(dsa_param */*dp*/, mp */*a*/,
+               const void */*m*/, size_t /*msz*/,
+               const void */*k*/, size_t /*ksz*/,
+               void */*r*/, size_t /*rsz*/, void */*s*/, size_t /*ssz*/);
 
 /* --- @dsa_vrfy@ --- *
  *