diff --git a/bin/dnssec/dnssec-keyfromlabel.c b/bin/dnssec/dnssec-keyfromlabel.c
index 418984a2c9..b6d1bbf3d3 100644
--- a/bin/dnssec/dnssec-keyfromlabel.c
+++ b/bin/dnssec/dnssec-keyfromlabel.c
@@ -64,8 +64,8 @@ usage(void) {
fprintf(stderr, " name: owner of the key\n");
fprintf(stderr, "Other options:\n");
fprintf(stderr, " -a algorithm: \n"
- " RSA | RSAMD5 | DH | DSA | RSASHA1 |\n"
- " NSEC3DSA | NSEC3RSASHA1 |\n"
+ " RSA | RSAMD5 | DH | RSASHA1 |\n"
+ " NSEC3RSASHA1 |\n"
" RSASHA256 | RSASHA512 |\n"
" ECDSAP256SHA256 | ECDSAP384SHA384\n");
fprintf(stderr, " -3: use NSEC3-capable algorithm\n");
@@ -402,13 +402,9 @@ main(int argc, char **argv) {
if (use_nsec3) {
switch (alg) {
- case DST_ALG_DSA:
- alg = DST_ALG_NSEC3DSA;
- break;
case DST_ALG_RSASHA1:
alg = DST_ALG_NSEC3RSASHA1;
break;
- case DST_ALG_NSEC3DSA:
case DST_ALG_NSEC3RSASHA1:
case DST_ALG_RSASHA256:
case DST_ALG_RSASHA512:
diff --git a/bin/dnssec/dnssec-keyfromlabel.docbook b/bin/dnssec/dnssec-keyfromlabel.docbook
index 61d9fe0bd7..02f8c50569 100644
--- a/bin/dnssec/dnssec-keyfromlabel.docbook
+++ b/bin/dnssec/dnssec-keyfromlabel.docbook
@@ -106,7 +106,7 @@
Selects the cryptographic algorithm. The value of
must be one of RSAMD5, RSASHA1,
- DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512,
+ NSEC3RSASHA1, RSASHA256, RSASHA512,
ECDSAP256SHA256, ECDSAP384SHA384, ED25519 or ED448.
@@ -119,9 +119,9 @@
These values are case insensitive. In some cases, abbreviations
are supported, such as ECDSA256 for ECDSAP256SHA256 and
- ECDSA384 for ECDSAP384SHA384. If RSASHA1 or DSA is specified
+ ECDSA384 for ECDSAP384SHA384. If RSASHA1 is specified
along with the option, then NSEC3RSASHA1
- or NSEC3DSA will be used instead.
+ will be used instead.
As of BIND 9.12.0, this option is mandatory except when using
diff --git a/bin/dnssec/dnssec-keygen.c b/bin/dnssec/dnssec-keygen.c
index 90b2f581bf..2d422edc8f 100644
--- a/bin/dnssec/dnssec-keygen.c
+++ b/bin/dnssec/dnssec-keygen.c
@@ -79,8 +79,8 @@ usage(void) {
fprintf(stderr, "Options:\n");
fprintf(stderr, " -K : write keys into directory\n");
fprintf(stderr, " -a :\n");
- fprintf(stderr, " RSA | RSAMD5 | DSA | RSASHA1 | NSEC3RSASHA1"
- " | NSEC3DSA |\n");
+ fprintf(stderr, " RSA | RSAMD5 | RSASHA1 | NSEC3RSASHA1"
+ " |\n");
fprintf(stderr, " RSASHA256 | RSASHA512 |\n");
fprintf(stderr, " ECDSAP256SHA256 | ECDSAP384SHA384 |\n");
fprintf(stderr, " ED25519 | ED448 | DH\n");
@@ -92,9 +92,6 @@ usage(void) {
fprintf(stderr, " RSASHA256:\t[1024..%d]\n", MAX_RSA);
fprintf(stderr, " RSASHA512:\t[1024..%d]\n", MAX_RSA);
fprintf(stderr, " DH:\t\t[128..4096]\n");
- fprintf(stderr, " DSA:\t\t[512..1024] and divisible by 64\n");
- fprintf(stderr, " NSEC3DSA:\t[512..1024] and divisible "
- "by 64\n");
fprintf(stderr, " ECCGOST:\tignored\n");
fprintf(stderr, " ECDSAP256SHA256:\tignored\n");
fprintf(stderr, " ECDSAP384SHA384:\tignored\n");
@@ -161,11 +158,6 @@ usage(void) {
exit (-1);
}
-static bool
-dsa_size_ok(int size) {
- return (size >= 512 && size <= 1024 && size % 64 == 0);
-}
-
static void
progress(int p)
{
@@ -542,13 +534,9 @@ main(int argc, char **argv) {
if (use_nsec3) {
switch (alg) {
- case DST_ALG_DSA:
- alg = DST_ALG_NSEC3DSA;
- break;
case DST_ALG_RSASHA1:
alg = DST_ALG_NSEC3RSASHA1;
break;
- case DST_ALG_NSEC3DSA:
case DST_ALG_NSEC3RSASHA1:
case DST_ALG_RSASHA256:
case DST_ALG_RSASHA512:
@@ -728,11 +716,6 @@ main(int argc, char **argv) {
if (size != 0 && (size < 128 || size > 4096))
fatal("DH key size %d out of range", size);
break;
- case DNS_KEYALG_DSA:
- case DNS_KEYALG_NSEC3DSA:
- if (size != 0 && !dsa_size_ok(size))
- fatal("invalid DSS key size: %d", size);
- break;
case DST_ALG_ECCGOST:
size = 256;
break;
@@ -815,8 +798,6 @@ main(int argc, char **argv) {
param = generator;
break;
- case DNS_KEYALG_DSA:
- case DNS_KEYALG_NSEC3DSA:
case DST_ALG_ECCGOST:
case DST_ALG_ECDSA256:
case DST_ALG_ECDSA384:
diff --git a/bin/dnssec/dnssec-keygen.docbook b/bin/dnssec/dnssec-keygen.docbook
index 66fc1ef828..d2e5a45e20 100644
--- a/bin/dnssec/dnssec-keygen.docbook
+++ b/bin/dnssec/dnssec-keygen.docbook
@@ -123,7 +123,7 @@
Selects the cryptographic algorithm. For DNSSEC keys, the value
of must be one of RSAMD5, RSASHA1,
- DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512,
+ NSEC3RSASHA1, RSASHA256, RSASHA512,
ECDSAP256SHA256, ECDSAP384SHA384, ED25519 or ED448. For
TKEY, the value must be DH (Diffie Hellman); specifying
his value will automatically set the
@@ -132,9 +132,9 @@
These values are case insensitive. In some cases, abbreviations
are supported, such as ECDSA256 for ECDSAP256SHA256 and
- ECDSA384 for ECDSAP384SHA384. If RSASHA1 or DSA is specified
+ ECDSA384 for ECDSAP384SHA384. If RSASHA1 is specified
along with the option, then NSEC3RSASHA1
- or NSEC3DSA will be used instead.
+ will be used instead.
This parameter must be specified except
diff --git a/bin/pkcs11/pkcs11-keygen.c b/bin/pkcs11/pkcs11-keygen.c
index 8d01235947..e11ef6f35f 100644
--- a/bin/pkcs11/pkcs11-keygen.c
+++ b/bin/pkcs11/pkcs11-keygen.c
@@ -78,11 +78,10 @@
static CK_BBOOL truevalue = TRUE;
static CK_BBOOL falsevalue = FALSE;
-/* Key class: RSA, ECC, ECX, DSA, or unknown */
+/* Key class: RSA, ECC, ECX, or unknown */
typedef enum {
key_unknown,
key_rsa,
- key_dsa,
key_ecc,
key_ecx
} key_class_t;
@@ -150,45 +149,6 @@ static CK_ATTRIBUTE ecc_template[] = {
{CKA_ID, NULL_PTR, 0}
};
-/*
- * Public key template for DSA keys
- */
-#define DSA_LABEL 0
-#define DSA_VERIFY 1
-#define DSA_TOKEN 2
-#define DSA_PRIVATE 3
-#define DSA_PRIME 4
-#define DSA_SUBPRIME 5
-#define DSA_BASE 6
-#define DSA_ID 7
-#define DSA_ATTRS 8
-static CK_ATTRIBUTE dsa_template[] = {
- {CKA_LABEL, NULL_PTR, 0},
- {CKA_VERIFY, &truevalue, sizeof(truevalue)},
- {CKA_TOKEN, &truevalue, sizeof(truevalue)},
- {CKA_PRIVATE, &falsevalue, sizeof(falsevalue)},
- {CKA_PRIME, NULL_PTR, 0},
- {CKA_SUBPRIME, NULL_PTR, 0},
- {CKA_BASE, NULL_PTR, 0},
- {CKA_ID, NULL_PTR, 0}
-};
-#define DSA_PARAM_PRIME 0
-#define DSA_PARAM_SUBPRIME 1
-#define DSA_PARAM_BASE 2
-#define DSA_PARAM_ATTRS 3
-static CK_ATTRIBUTE dsa_param_template[] = {
- {CKA_PRIME, NULL_PTR, 0},
- {CKA_SUBPRIME, NULL_PTR, 0},
- {CKA_BASE, NULL_PTR, 0},
-};
-#define DSA_DOMAIN_PRIMEBITS 0
-#define DSA_DOMAIN_PRIVATE 1
-#define DSA_DOMAIN_ATTRS 2
-static CK_ATTRIBUTE dsa_domain_template[] = {
- {CKA_PRIME_BITS, NULL_PTR, 0},
- {CKA_PRIVATE, &falsevalue, sizeof(falsevalue)},
-};
-
/*
* Convert from text to key class. Accepts the names of DNSSEC
* signing algorithms, so e.g., ECDSAP256SHA256 maps to ECC and
@@ -202,9 +162,6 @@ keyclass_fromtext(const char *name) {
if (strncasecmp(name, "rsa", 3) == 0 ||
strncasecmp(name, "nsec3rsa", 8) == 0)
return (key_rsa);
- else if (strncasecmp(name, "dsa", 3) == 0 ||
- strncasecmp(name, "nsec3dsa", 8) == 0)
- return (key_dsa);
else if (strncasecmp(name, "ecc", 3) == 0 ||
strncasecmp(name, "ecdsa", 5) == 0)
return (key_ecc);
@@ -242,7 +199,7 @@ main(int argc, char *argv[]) {
pk11_context_t pctx;
int error = 0;
int c, errflg = 0;
- int hide = 1, special = 0, quiet = 0;
+ int hide = 1, quiet = 0;
int idlen = 0, id_offset = 0;
unsigned int i;
unsigned long id = 0;
@@ -415,30 +372,6 @@ main(int argc, char *argv[]) {
#endif
break;
- case key_dsa:
- op_type = OP_DSA;
- if (bits == 0)
- usage();
-
- dpmech.mechanism = CKM_DSA_PARAMETER_GEN;
- dpmech.pParameter = NULL;
- dpmech.ulParameterLen = 0;
- mech.mechanism = CKM_DSA_KEY_PAIR_GEN;
- mech.pParameter = NULL;
- mech.ulParameterLen = 0;
-
- public_template = dsa_template;
- public_attrcnt = DSA_ATTRS;
- id_offset = DSA_ID;
-
- domain_template = dsa_domain_template;
- domain_attrcnt = DSA_DOMAIN_ATTRS;
- param_template = dsa_param_template;
- param_attrcnt = DSA_PARAM_ATTRS;
-
- domain_template[DSA_DOMAIN_PRIMEBITS].pValue = &bits;
- domain_template[DSA_DOMAIN_PRIMEBITS].ulValueLen = sizeof(bits);
- break;
case key_unknown:
usage();
}
@@ -546,7 +479,7 @@ main(int argc, char *argv[]) {
fprintf(stderr,
"C_GetAttributeValue0: Error = 0x%.8lX\n", rv);
error = 1;
- goto exit_domain;
+ goto exit_search;
}
/* Allocate space for parameter attributes */
@@ -559,39 +492,10 @@ main(int argc, char *argv[]) {
if (param_template[i].pValue == NULL) {
fprintf(stderr, "malloc failed\n");
error = 1;
- goto exit_params;
+ goto exit_search;
}
}
- rv = pkcs_C_GetAttributeValue(hSession, domainparams,
- dsa_param_template, DSA_PARAM_ATTRS);
-
- if (rv != CKR_OK) {
- fprintf(stderr,
- "C_GetAttributeValue1: Error = 0x%.8lX\n", rv);
- error = 1;
- goto exit_params;
- }
-
- switch (keyclass) {
- case key_dsa:
- public_template[DSA_PRIME].pValue =
- param_template[DSA_PARAM_PRIME].pValue;
- public_template[DSA_PRIME].ulValueLen =
- param_template[DSA_PARAM_PRIME].ulValueLen;
- public_template[DSA_SUBPRIME].pValue =
- param_template[DSA_PARAM_SUBPRIME].pValue;
- public_template[DSA_SUBPRIME].ulValueLen =
- param_template[DSA_PARAM_SUBPRIME].ulValueLen;
- public_template[DSA_BASE].pValue =
- param_template[DSA_PARAM_BASE].pValue;
- public_template[DSA_BASE].ulValueLen =
- param_template[DSA_PARAM_BASE].ulValueLen;
- break;
- default:
- break;
- }
-
generate_keys:
/* Generate Key pair for signing/verifying */
rv = pkcs_C_GenerateKeyPair(hSession, &mech,
@@ -605,27 +509,6 @@ main(int argc, char *argv[]) {
} else if (!quiet)
printf("Key pair generation complete.\n");
- exit_params:
- /* Free parameter attributes */
- if (keyclass == key_dsa) {
- for (i = 0; i < param_attrcnt; i++) {
- if (param_template[i].pValue != NULL) {
- free(param_template[i].pValue);
- }
- }
- }
-
- exit_domain:
- /* Destroy domain parameters */
- if (keyclass == key_dsa) {
- rv = pkcs_C_DestroyObject(hSession, domainparams);
- if (rv != CKR_OK) {
- fprintf(stderr,
- "C_DestroyObject: Error = 0x%.8lX\n", rv);
- error = 1;
- }
- }
-
exit_search:
rv = pkcs_C_FindObjectsFinal(hSession);
if (rv != CKR_OK) {
diff --git a/bin/tests/optional/dst_test.c b/bin/tests/optional/dst_test.c
index 951bf3a4d5..ed6aa532cd 100644
--- a/bin/tests/optional/dst_test.c
+++ b/bin/tests/optional/dst_test.c
@@ -254,11 +254,9 @@ main(void) {
result = dns_name_fromtext(name, &b, NULL, 0, NULL);
if (result != ISC_R_SUCCESS)
return (1);
- io(name, 23616, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, mctx);
io(name, 54622, DST_ALG_RSAMD5, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
mctx);
- io(name, 49667, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, mctx);
io(name, 2, DST_ALG_RSAMD5, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, mctx);
isc_buffer_constinit(&b, "dh.", 3);
@@ -270,7 +268,6 @@ main(void) {
generate(DST_ALG_RSAMD5, mctx);
generate(DST_ALG_DH, mctx);
- generate(DST_ALG_DSA, mctx);
generate(DST_ALG_HMACMD5, mctx);
dst_lib_destroy();
diff --git a/config.h.in b/config.h.in
index 0c4f456cad..08e2f9c483 100644
--- a/config.h.in
+++ b/config.h.in
@@ -99,9 +99,6 @@
/* Define to 1 to enable dnstap support */
#undef HAVE_DNSTAP
-/* Define to 1 if you have the `DSA_get0_pqg' function. */
-#undef HAVE_DSA_GET0_PQG
-
/* Define to 1 if you have the `ECDSA_sign' function. */
#undef HAVE_ECDSA_SIGN
diff --git a/config.h.win32 b/config.h.win32
index 00aa5267a3..ec25b14eba 100644
--- a/config.h.win32
+++ b/config.h.win32
@@ -111,15 +111,6 @@
/* Define if you have h_errno */
#define HAVE_H_ERRNO
-/* Define if you have RSA_generate_key(). */
-#define HAVE_RSA_GENERATE_KEY
-
-/* Define if you have DSA_generate_parameters(). */
-#define HAVE_DSA_GENERATE_PARAMETERS
-
-/* Define if you have DH_generate_parameters(). */
-#define HAVE_DH_GENERATE_PARAMETERS
-
/* Define if you have getpassphrase in the C library. */
#define HAVE_GETPASSPHRASE
@@ -289,9 +280,6 @@ typedef __int64 off_t;
/* Define if your OpenSSL version supports DH functions. */
@HAVE_DH_GET0_KEY@
-/* Define if your OpenSSL version supports DSA functions. */
-@HAVE_DSA_GET0_PQG@
-
/* Define if your OpenSSL version supports ECDSA functions. */
@HAVE_ECDSA_SIG_GET0@
diff --git a/configure b/configure
index 1448dd39b2..4608e44aa6 100755
--- a/configure
+++ b/configure
@@ -15787,7 +15787,7 @@ done
#
# Check for OpenSSL 1.1.x/LibreSSL functions
#
-for ac_func in DH_get0_key ECDSA_SIG_get0 RSA_set0_key DSA_get0_pqg
+for ac_func in DH_get0_key ECDSA_SIG_get0 RSA_set0_key
do :
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
diff --git a/configure.ac b/configure.ac
index 3d280e8321..71fca091a1 100644
--- a/configure.ac
+++ b/configure.ac
@@ -857,7 +857,7 @@ AC_CHECK_FUNCS([EVP_aes_128_ecb EVP_aes_192_ecb EVP_aes_256_ecb], [:],
#
# Check for OpenSSL 1.1.x/LibreSSL functions
#
-AC_CHECK_FUNCS([DH_get0_key ECDSA_SIG_get0 RSA_set0_key DSA_get0_pqg])
+AC_CHECK_FUNCS([DH_get0_key ECDSA_SIG_get0 RSA_set0_key])
#
# Check whether FIPS mode is available and whether we should enable it
diff --git a/lib/dns/dst_parse.h b/lib/dns/dst_parse.h
index 5ec58463a4..f8964b9da8 100644
--- a/lib/dns/dst_parse.h
+++ b/lib/dns/dst_parse.h
@@ -63,13 +63,6 @@
#define TAG_DH_PRIVATE ((DST_ALG_DH << TAG_SHIFT) + 2)
#define TAG_DH_PUBLIC ((DST_ALG_DH << TAG_SHIFT) + 3)
-#define DSA_NTAGS 5
-#define TAG_DSA_PRIME ((DST_ALG_DSA << TAG_SHIFT) + 0)
-#define TAG_DSA_SUBPRIME ((DST_ALG_DSA << TAG_SHIFT) + 1)
-#define TAG_DSA_BASE ((DST_ALG_DSA << TAG_SHIFT) + 2)
-#define TAG_DSA_PRIVATE ((DST_ALG_DSA << TAG_SHIFT) + 3)
-#define TAG_DSA_PUBLIC ((DST_ALG_DSA << TAG_SHIFT) + 4)
-
#define ECDSA_NTAGS 4
#define TAG_ECDSA_PRIVATEKEY ((DST_ALG_ECDSA256 << TAG_SHIFT) + 0)
#define TAG_ECDSA_ENGINE ((DST_ALG_ECDSA256 << TAG_SHIFT) + 1)
diff --git a/lib/dns/include/dns/keyvalues.h b/lib/dns/include/dns/keyvalues.h
index 003d63f114..bf895696a4 100644
--- a/lib/dns/include/dns/keyvalues.h
+++ b/lib/dns/include/dns/keyvalues.h
@@ -90,12 +90,6 @@
#define DNS_SIG_RSAMINSIZE ((DNS_SIG_RSAMINBITS+7)/8)
#define DNS_SIG_RSAMAXSIZE ((DNS_SIG_RSAMAXBITS+7)/8)
-#define DNS_SIG_DSASIGSIZE 41
-#define DNS_SIG_DSAMINBITS 512
-#define DNS_SIG_DSAMAXBITS 1024
-#define DNS_SIG_DSAMINBYTES 213
-#define DNS_SIG_DSAMAXBYTES 405
-
#define DNS_SIG_ECDSA256SIZE 64
#define DNS_SIG_ECDSA384SIZE 96
diff --git a/lib/dns/nsec.c b/lib/dns/nsec.c
index 6a29f1cdb8..3fa975d830 100644
--- a/lib/dns/nsec.c
+++ b/lib/dns/nsec.c
@@ -274,8 +274,7 @@ dns_nsec_nseconly(dns_db_t *db, dns_dbversion_t *version,
RUNTIME_CHECK(result == ISC_R_SUCCESS);
if (dnskey.algorithm == DST_ALG_RSAMD5 ||
- dnskey.algorithm == DST_ALG_RSASHA1 ||
- dnskey.algorithm == DST_ALG_DSA)
+ dnskey.algorithm == DST_ALG_RSASHA1)
break;
}
dns_rdataset_disassociate(&rdataset);
diff --git a/lib/dns/rcode.c b/lib/dns/rcode.c
index 276b68cef3..546c82904c 100644
--- a/lib/dns/rcode.c
+++ b/lib/dns/rcode.c
@@ -108,7 +108,9 @@
{ DNS_KEYALG_RSAMD5, "RSAMD5", 0 }, \
{ DNS_KEYALG_RSAMD5, "RSA", 0 }, \
{ DNS_KEYALG_DH, "DH", 0 }, \
+ { DNS_KEYALG_DSA, "DSA", 0 }, \
{ DNS_KEYALG_RSASHA1, "RSASHA1", 0 }, \
+ { DNS_KEYALG_NSEC3DSA, "NSEC3DSA", 0 }, \
{ DNS_KEYALG_NSEC3RSASHA1, "NSEC3RSASHA1", 0 }, \
{ DNS_KEYALG_RSASHA256, "RSASHA256", 0 }, \
{ DNS_KEYALG_RSASHA512, "RSASHA512", 0 }, \
diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index f2ba31cb9a..edb64235ce 100644
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -17861,8 +17861,7 @@ dnskey_sane(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver,
continue;
alg = tuple->rdata.data[3];
- if (alg == DST_ALG_RSAMD5 || alg == DST_ALG_RSASHA1 ||
- alg == DST_ALG_DSA) {
+ if (alg == DST_ALG_RSAMD5 || alg == DST_ALG_RSASHA1) {
nseconly = true;
break;
}
diff --git a/lib/isc/include/pk11/pk11.h b/lib/isc/include/pk11/pk11.h
index 4e41a2c64f..5354d1c34d 100644
--- a/lib/isc/include/pk11/pk11.h
+++ b/lib/isc/include/pk11/pk11.h
@@ -58,7 +58,6 @@ typedef struct pk11_object pk11_object_t;
typedef enum {
OP_ANY = 0,
OP_RSA = 1,
- OP_DSA = 2,
OP_DH = 3,
OP_ECDSA = 4,
OP_EDDSA = 5,
diff --git a/lib/ns/update.c b/lib/ns/update.c
index d5b218b178..bfe2290246 100644
--- a/lib/ns/update.c
+++ b/lib/ns/update.c
@@ -1960,8 +1960,7 @@ check_dnssec(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,
if (tuple->rdata.type == dns_rdatatype_dnskey) {
uint8_t alg;
alg = tuple->rdata.data[3];
- if (alg == DST_ALG_RSAMD5 || alg == DST_ALG_RSASHA1 ||
- alg == DST_ALG_DSA) {
+ if (alg == DST_ALG_RSAMD5 || alg == DST_ALG_RSASHA1) {
nseconly = true;
break;
}
diff --git a/win32utils/Configure b/win32utils/Configure
index 0e52a17baa..dfa5edaee3 100644
--- a/win32utils/Configure
+++ b/win32utils/Configure
@@ -203,7 +203,6 @@ my @substdefh = ("AES_CC",
"HAVE_OPENSSL_ED25519",
"HAVE_OPENSSL_ED448",
"HAVE_DH_GET0_KEY",
- "HAVE_DSA_GET0_PQG",
"HAVE_ECDSA_SIG_GET0",
"HAVE_RSA_SET0_KEY",
"USE_BACKTRACE",
@@ -1483,7 +1482,7 @@ int main() {
}
printf("\n\nFound OPENSSL_VERSION_NUMBER %#010x\n",
OPENSSL_VERSION_NUMBER);
- printf("This version has no built-in support for DH/DSA/ECDSA/RSA functions.\n\n");
+ printf("This version has no built-in support for DH/ECDSA/RSA functions.\n\n");
return (1);
}
EOF
@@ -1495,7 +1494,6 @@ EOF
`.\\testosslfunc.exe`;
if ($? == 0) {
$configdefh{"HAVE_DH_GET0_KEY"} = 1;
- $configdefh{"HAVE_DSA_GET0_PQG"} = 1;
$configdefh{"HAVE_ECDSA_SIG_GET0"} = 1;
$configdefh{"HAVE_RSA_SET0_KEY"} = 1;
}