Remove support for obsoleted and insecure DSA and DSA-NSEC3-SHA1 algorithms

lib/dns/dst_api.c

@@ -190,8 +190,6 @@ dst_lib_init(isc_mem_t *mctx, const char *engine) {
 				    DST_ALG_RSASHA256));
 	RETERR(dst__opensslrsa_init(&dst_t_func[DST_ALG_RSASHA512],
 				    DST_ALG_RSASHA512));
-	RETERR(dst__openssldsa_init(&dst_t_func[DST_ALG_DSA]));
-	RETERR(dst__openssldsa_init(&dst_t_func[DST_ALG_NSEC3DSA]));
 	RETERR(dst__opensslecdsa_init(&dst_t_func[DST_ALG_ECDSA256]));
 	RETERR(dst__opensslecdsa_init(&dst_t_func[DST_ALG_ECDSA384]));
 #ifdef HAVE_OPENSSL_ED25519
@@ -209,8 +207,6 @@ dst_lib_init(isc_mem_t *mctx, const char *engine) {
 	RETERR(dst__pkcs11rsa_init(&dst_t_func[DST_ALG_NSEC3RSASHA1]));
 	RETERR(dst__pkcs11rsa_init(&dst_t_func[DST_ALG_RSASHA256]));
 	RETERR(dst__pkcs11rsa_init(&dst_t_func[DST_ALG_RSASHA512]));
-	RETERR(dst__pkcs11dsa_init(&dst_t_func[DST_ALG_DSA]));
-	RETERR(dst__pkcs11dsa_init(&dst_t_func[DST_ALG_NSEC3DSA]));
 	RETERR(dst__pkcs11ecdsa_init(&dst_t_func[DST_ALG_ECDSA256]));
 	RETERR(dst__pkcs11ecdsa_init(&dst_t_func[DST_ALG_ECDSA384]));
 #ifdef HAVE_PKCS11_ED25519
@@ -1190,10 +1186,6 @@ dst_key_sigsize(const dst_key_t *key, unsigned int *n) {
 	case DST_ALG_RSASHA512:
 		*n = (key->key_size + 7) / 8;
 		break;
-	case DST_ALG_DSA:
-	case DST_ALG_NSEC3DSA:
-		*n = DNS_SIG_DSASIGSIZE;
-		break;
 	case DST_ALG_ECDSA256:
 		*n = DNS_SIG_ECDSA256SIZE;
 		break;
@@ -1522,8 +1514,6 @@ issymmetric(const dst_key_t *key) {
 	case DST_ALG_NSEC3RSASHA1:
 	case DST_ALG_RSASHA256:
 	case DST_ALG_RSASHA512:
-	case DST_ALG_DSA:
-	case DST_ALG_NSEC3DSA:
 	case DST_ALG_DH:
 	case DST_ALG_ECDSA256:
 	case DST_ALG_ECDSA384: