Remove support for DSA Keys

Solving issue #110. The original work is at !231
Some changes were needed because the newly added features in master through time

Signed-off-by: Mohammad Shehar Yaar Tausif <sheharyaar48@gmail.com>
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>

include/libssh/bind.h

@@ -39,11 +39,9 @@ struct ssh_bind_struct {
   char *wanted_methods[SSH_KEX_METHODS];
   char *banner;
   char *ecdsakey;
-  char *dsakey;
   char *rsakey;
   char *ed25519key;
   ssh_key ecdsa;
-  ssh_key dsa;
   ssh_key rsa;
   ssh_key ed25519;
   char *bindaddr;

include/libssh/keys.h

@@ -29,26 +29,22 @@ struct ssh_public_key_struct {
     int type;
     const char *type_c; /* Don't free it ! it is static */
 #if defined(HAVE_LIBGCRYPT)
-    gcry_sexp_t dsa_pub;
     gcry_sexp_t rsa_pub;
 #elif defined(HAVE_LIBCRYPTO)
     EVP_PKEY *key_pub;
 #elif defined(HAVE_LIBMBEDCRYPTO)
     mbedtls_pk_context *rsa_pub;
-    void *dsa_pub;
 #endif
 };
 
 struct ssh_private_key_struct {
     int type;
 #if defined(HAVE_LIBGCRYPT)
-    gcry_sexp_t dsa_priv;
     gcry_sexp_t rsa_priv;
 #elif defined(HAVE_LIBCRYPTO)
     EVP_PKEY *key_priv;
 #elif defined(HAVE_LIBMBEDCRYPTO)
     mbedtls_pk_context *rsa_priv;
-    void *dsa_priv;
 #endif
 };
 

include/libssh/libcrypto.h

@@ -26,7 +26,6 @@
 #ifdef HAVE_LIBCRYPTO
 
 #include "libssh/libssh.h"
-#include <openssl/dsa.h>
 #include <openssl/rsa.h>
 #include <openssl/sha.h>
 #include <openssl/md5.h>

include/libssh/libssh.h

@@ -272,12 +272,12 @@ enum ssh_error_types_e {
 /* some types for keys */
 enum ssh_keytypes_e{
   SSH_KEYTYPE_UNKNOWN=0,
-  SSH_KEYTYPE_DSS=1,
+  SSH_KEYTYPE_DSS=1, /* deprecated */
   SSH_KEYTYPE_RSA,
   SSH_KEYTYPE_RSA1,
   SSH_KEYTYPE_ECDSA, /* deprecated */
   SSH_KEYTYPE_ED25519,
-  SSH_KEYTYPE_DSS_CERT01,
+  SSH_KEYTYPE_DSS_CERT01, /* deprecated */
   SSH_KEYTYPE_RSA_CERT01,
   SSH_KEYTYPE_ECDSA_P256,
   SSH_KEYTYPE_ECDSA_P384,

include/libssh/pki.h

@@ -57,13 +57,11 @@ struct ssh_key_struct {
     const char *type_c; /* Don't free it ! it is static */
     int ecdsa_nid;
 #if defined(HAVE_LIBGCRYPT)
-    gcry_sexp_t dsa;
     gcry_sexp_t rsa;
     gcry_sexp_t ecdsa;
 #elif defined(HAVE_LIBMBEDCRYPTO)
     mbedtls_pk_context *rsa;
     mbedtls_ecdsa_context *ecdsa;
-    void *dsa;
 #elif defined(HAVE_LIBCRYPTO)
     /* This holds either ENGINE key for PKCS#11 support or just key in
      * high-level format */
@@ -85,7 +83,6 @@ struct ssh_signature_struct {
     enum ssh_digest_e hash_type;
     const char *type_c;
 #if defined(HAVE_LIBGCRYPT)
-    gcry_sexp_t dsa_sig;
     gcry_sexp_t rsa_sig;
     gcry_sexp_t ecdsa_sig;
 #elif defined(HAVE_LIBMBEDCRYPTO)
@@ -124,12 +121,11 @@ enum ssh_digest_e ssh_key_hash_from_name(const char *name);
     ((t) >= SSH_KEYTYPE_ECDSA_P256 && (t) <= SSH_KEYTYPE_ECDSA_P521)
 
 #define is_cert_type(kt)\
-      ((kt) == SSH_KEYTYPE_DSS_CERT01 ||\
-       (kt) == SSH_KEYTYPE_RSA_CERT01 ||\
-       (kt) == SSH_KEYTYPE_SK_ECDSA_CERT01 ||\
-       (kt) == SSH_KEYTYPE_SK_ED25519_CERT01 ||\
-      ((kt) >= SSH_KEYTYPE_ECDSA_P256_CERT01 &&\
-       (kt) <= SSH_KEYTYPE_ED25519_CERT01))
+    ((kt) == SSH_KEYTYPE_RSA_CERT01 ||\
+     (kt) == SSH_KEYTYPE_SK_ECDSA_CERT01 ||\
+     (kt) == SSH_KEYTYPE_SK_ED25519_CERT01 ||\
+    ((kt) >= SSH_KEYTYPE_ECDSA_P256_CERT01 &&\
+     (kt) <= SSH_KEYTYPE_ED25519_CERT01))
 
 /* SSH Signature Functions */
 ssh_signature ssh_signature_new(void);

include/libssh/pki_priv.h

@@ -38,8 +38,6 @@ int bcrypt_pbkdf(const char *pass,
 
 #define RSA_HEADER_BEGIN "-----BEGIN RSA PRIVATE KEY-----"
 #define RSA_HEADER_END "-----END RSA PRIVATE KEY-----"
-#define DSA_HEADER_BEGIN "-----BEGIN DSA PRIVATE KEY-----"
-#define DSA_HEADER_END "-----END DSA PRIVATE KEY-----"
 #define ECDSA_HEADER_BEGIN "-----BEGIN EC PRIVATE KEY-----"
 #define ECDSA_HEADER_END "-----END EC PRIVATE KEY-----"
 #define OPENSSH_HEADER_BEGIN "-----BEGIN OPENSSH PRIVATE KEY-----"
@@ -65,7 +63,6 @@ enum ssh_digest_e ssh_key_type_to_hash(ssh_session session,
 /* SSH Key Functions */
 ssh_key pki_key_dup(const ssh_key key, int demote);
 int pki_key_generate_rsa(ssh_key key, int parameter);
-int pki_key_generate_dss(ssh_key key, int parameter);
 int pki_key_generate_ecdsa(ssh_key key, int parameter);
 int pki_key_generate_ed25519(ssh_key key);
 
@@ -91,11 +88,6 @@ int pki_import_privkey_buffer(enum ssh_keytypes_e type,
                               ssh_key *pkey);
 
 /* SSH Public Key Functions */
-int pki_pubkey_build_dss(ssh_key key,
-                         ssh_string p,
-                         ssh_string q,
-                         ssh_string g,
-                         ssh_string pubkey);
 int pki_pubkey_build_rsa(ssh_key key,
                          ssh_string e,
                          ssh_string n);
@@ -103,12 +95,6 @@ int pki_pubkey_build_ecdsa(ssh_key key, int nid, ssh_string e);
 ssh_string pki_publickey_to_blob(const ssh_key key);
 
 /* SSH Private Key Functions */
-int pki_privkey_build_dss(ssh_key key,
-                          ssh_string p,
-                          ssh_string q,
-                          ssh_string g,
-                          ssh_string pubkey,
-                          ssh_string privkey);
 int pki_privkey_build_rsa(ssh_key key,
                           ssh_string n,
                           ssh_string e,

include/libssh/server.h

@@ -40,7 +40,7 @@ enum ssh_bind_options_e {
   SSH_BIND_OPTIONS_BINDPORT,
   SSH_BIND_OPTIONS_BINDPORT_STR,
   SSH_BIND_OPTIONS_HOSTKEY,
-  SSH_BIND_OPTIONS_DSAKEY,
+  SSH_BIND_OPTIONS_DSAKEY,  /* deprecated */
   SSH_BIND_OPTIONS_RSAKEY,
   SSH_BIND_OPTIONS_BANNER,
   SSH_BIND_OPTIONS_LOG_VERBOSITY,

include/libssh/session.h

@@ -191,7 +191,6 @@ struct ssh_session_struct {
     /* server host keys */
     struct {
         ssh_key rsa_key;
-        ssh_key dsa_key;
         ssh_key ecdsa_key;
         ssh_key ed25519_key;
         /* The type of host key wanted by client */