From: djm@openbsd.org <djm@openbsd.org>
Date: Tue, 1 Apr 2025 23:23:20 +0000 (+0000)
Subject: upstream: remove ability to enable DSA support. Actual code will be
X-Git-Tag: V_10_0_P1~12
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6c9872faa1c297a84c6d3e3b95a927be99eadbf6;p=thirdparty%2Fopenssh-portable.git

upstream: remove ability to enable DSA support. Actual code will be

g/c'd separately. ok deraadt@

OpenBSD-Commit-ID: 2a032b75156c4d922e8343fa97ff6bc227f09819
---

diff --git a/configure.ac b/configure.ac
index f0d6d5b0d..bc2c25896 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2179,16 +2179,6 @@ AC_ARG_WITH([security-key-standalone],
 	[ enable_sk_standalone=$withval ]
 )
 
-enable_dsa=
-AC_ARG_ENABLE([dsa-keys],
-	[  --enable-dsa-keys       enable DSA key support [no]],
-	[
-		if test "x$enableval" != "xno" ; then
-			enable_dsa=1
-		fi
-	]
-)
-
 AC_SEARCH_LIBS([dlopen], [dl])
 AC_CHECK_FUNCS([dlopen])
 AC_CHECK_DECL([RTLD_NOW], [], [], [#include <dlfcn.h>])
@@ -3297,26 +3287,6 @@ if test "x$openssl" = "xyes" ; then
 			AC_MSG_RESULT([no])
 		]
 	)
-
-	openssl_dsa=no
-	if test ! -z "$enable_dsa" ; then
-		AC_CHECK_DECLS([OPENSSL_NO_DSA], [], [
-			AC_CHECK_DECLS([OPENSSL_IS_BORINGSSL], [],
-			    [ openssl_dsa=yes ],
-			    [ #include <openssl/opensslconf.h> ]
-			)
-		    ],
-		    [ #include <openssl/opensslconf.h> ]
-		)
-		AC_MSG_CHECKING([whether to enable DSA key support])
-		if test "x$openssl_dsa" = "xno"; then
-			AC_MSG_ERROR([DSA requested but not supported by OpenSSL])
-		else
-			AC_MSG_RESULT([yes])
-			AC_DEFINE([WITH_DSA], [1],
-			   [DSA keys explicitly enabled])
-		fi
-	fi
 fi
 
 # PKCS11/U2F depend on OpenSSL and dlopen().