Remove unused functionality from dst_api.c.

OK millert

6 files changed, 8 insertions, 1093 deletions

diff --git a/usr.bin/dig/lib/dns/dst_api.c b/usr.bin/dig/lib/dns/dst_api.c
index 853c1ef5d83..a81cfb33b99 100644
--- a/usr.bin/dig/lib/dns/dst_api.c
+++ b/usr.bin/dig/lib/dns/dst_api.c
@@ -33,7 +33,7 @@
 
 /*
  * Principal Author: Brian Wellington
- * $Id: dst_api.c,v 1.1 2020/02/07 09:58:52 florian Exp $
+ * $Id: dst_api.c,v 1.2 2020/02/11 17:23:29 florian Exp $
  */
 
 /*! \file */
@@ -49,8 +49,6 @@
 #include <isc/time.h>
 #include <isc/util.h>
 
-#define DST_KEY_INTERNAL
-
 #include <dns/fixedname.h>
 #include <dns/keyvalues.h>
 #include <dns/name.h>
@@ -78,12 +76,6 @@ static dst_key_t *	get_key_struct(dns_name_t *name,
 				       unsigned int bits,
 				       dns_rdataclass_t rdclass,
 				       dns_ttl_t ttl);
-static isc_result_t	buildfilename(dns_name_t *name,
-				      dns_keytag_t id,
-				      unsigned int alg,
-				      unsigned int type,
-				      const char *directory,
-				      isc_buffer_t *out);
 static isc_result_t	computeid(dst_key_t *key);
 static isc_result_t	frombuffer(dns_name_t *name,
 				   unsigned int alg,
@@ -116,11 +108,6 @@ static isc_result_t	addsuffix(char *filename, int len,
 
 isc_result_t
 dst_lib_init(void) {
-	return (dst_lib_init2(NULL));
-}
-
-isc_result_t
-dst_lib_init2(const char *engine) {
 	isc_result_t result;
 
 	REQUIRE(dst_initialized == ISC_FALSE);
@@ -133,7 +120,7 @@ dst_lib_init2(const char *engine) {
 	RETERR(dst__hmacsha256_init(&dst_t_func[DST_ALG_HMACSHA256]));
 	RETERR(dst__hmacsha384_init(&dst_t_func[DST_ALG_HMACSHA384]));
 	RETERR(dst__hmacsha512_init(&dst_t_func[DST_ALG_HMACSHA512]));
-	RETERR(dst__openssl_init(engine));
+	RETERR(dst__openssl_init());
 	dst_initialized = ISC_TRUE;
 	return (ISC_R_SUCCESS);
 
@@ -165,13 +152,6 @@ dst_algorithm_supported(unsigned int alg) {
 	return (ISC_TRUE);
 }
 
-isc_boolean_t
-dst_ds_digest_supported(unsigned int digest_type) {
-	return  (ISC_TF(digest_type == DNS_DSDIGEST_SHA1 ||
-			digest_type == DNS_DSDIGEST_SHA256 ||
-			digest_type == DNS_DSDIGEST_SHA384));
-}
-
 isc_result_t
 dst_context_create(dst_key_t *key, dst_context_t **dctxp) {
 	return (dst_context_create4(key, DNS_LOGCATEGORY_GENERAL,
@@ -317,41 +297,6 @@ dst_context_verify2(dst_context_t *dctx, unsigned int maxbits,
 }
 
 isc_result_t
-dst_key_computesecret(const dst_key_t *pub, const dst_key_t *priv,
-		      isc_buffer_t *secret)
-{
-	REQUIRE(dst_initialized == ISC_TRUE);
-	REQUIRE(VALID_KEY(pub) && VALID_KEY(priv));
-	REQUIRE(secret != NULL);
-
-	CHECKALG(pub->key_alg);
-	CHECKALG(priv->key_alg);
-
-	if (pub->keydata.generic == NULL || priv->keydata.generic == NULL)
-		return (DST_R_NULLKEY);
-
-	if (pub->key_alg != priv->key_alg ||
-	    pub->func->computesecret == NULL ||
-	    priv->func->computesecret == NULL)
-		return (DST_R_KEYCANNOTCOMPUTESECRET);
-
-	if (dst_key_isprivate(priv) == ISC_FALSE)
-		return (DST_R_NOTPRIVATEKEY);
-
-	return (pub->func->computesecret(pub, priv, secret));
-}
-
-void
-dst_key_setexternal(dst_key_t *key, isc_boolean_t value) {
-	key->external = value;
-}
-
-isc_boolean_t
-dst_key_isexternal(dst_key_t *key) {
-	return (key->external);
-}
-
-isc_result_t
 dst_key_fromnamedfile(const char *filename, const char *dirname,
 		      int type, dst_key_t **keyp)
 {
@@ -551,356 +496,6 @@ dst_key_frombuffer(dns_name_t *name, unsigned int alg,
 	return (ISC_R_SUCCESS);
 }
 
-isc_result_t
-dst_key_tobuffer(const dst_key_t *key, isc_buffer_t *target) {
-	REQUIRE(dst_initialized == ISC_TRUE);
-	REQUIRE(VALID_KEY(key));
-	REQUIRE(target != NULL);
-
-	CHECKALG(key->key_alg);
-
-	if (key->func->todns == NULL)
-		return (DST_R_UNSUPPORTEDALG);
-
-	return (key->func->todns(key, target));
-}
-
-isc_result_t
-dst_key_privatefrombuffer(dst_key_t *key, isc_buffer_t *buffer) {
-	isc_lex_t *lex = NULL;
-	isc_result_t result = ISC_R_SUCCESS;
-
-	REQUIRE(dst_initialized == ISC_TRUE);
-	REQUIRE(VALID_KEY(key));
-	REQUIRE(!dst_key_isprivate(key));
-	REQUIRE(buffer != NULL);
-
-	if (key->func->parse == NULL)
-		RETERR(DST_R_UNSUPPORTEDALG);
-
-	RETERR(isc_lex_create(1500, &lex));
-	RETERR(isc_lex_openbuffer(lex, buffer));
-	RETERR(key->func->parse(key, lex, NULL));
- out:
-	if (lex != NULL)
-		isc_lex_destroy(&lex);
-	return (result);
-}
-
-isc_result_t
-dst_key_buildinternal(dns_name_t *name, unsigned int alg,
-		      unsigned int bits, unsigned int flags,
-		      unsigned int protocol, dns_rdataclass_t rdclass,
-		      void *data, dst_key_t **keyp)
-{
-	dst_key_t *key;
-	isc_result_t result;
-
-	REQUIRE(dst_initialized == ISC_TRUE);
-	REQUIRE(dns_name_isabsolute(name));
-	REQUIRE(keyp != NULL && *keyp == NULL);
-	REQUIRE(data != NULL);
-
-	CHECKALG(alg);
-
-	key = get_key_struct(name, alg, flags, protocol, bits, rdclass,
-			     0);
-	if (key == NULL)
-		return (ISC_R_NOMEMORY);
-
-	key->keydata.generic = data;
-
-	result = computeid(key);
-	if (result != ISC_R_SUCCESS) {
-		dst_key_free(&key);
-		return (result);
-	}
-
-	*keyp = key;
-	return (ISC_R_SUCCESS);
-}
-
-isc_result_t
-dst_key_fromlabel(dns_name_t *name, int alg, unsigned int flags,
-		  unsigned int protocol, dns_rdataclass_t rdclass,
-		  const char *engine, const char *label, const char *pin,
-		  dst_key_t **keyp)
-{
-	dst_key_t *key;
-	isc_result_t result;
-
-	REQUIRE(dst_initialized == ISC_TRUE);
-	REQUIRE(dns_name_isabsolute(name));
-	REQUIRE(keyp != NULL && *keyp == NULL);
-	REQUIRE(label != NULL);
-
-	CHECKALG(alg);
-
-	key = get_key_struct(name, alg, flags, protocol, 0, rdclass, 0);
-	if (key == NULL)
-		return (ISC_R_NOMEMORY);
-
-	if (key->func->fromlabel == NULL) {
-		dst_key_free(&key);
-		return (DST_R_UNSUPPORTEDALG);
-	}
-
-	result = key->func->fromlabel(key, engine, label, pin);
-	if (result != ISC_R_SUCCESS) {
-		dst_key_free(&key);
-		return (result);
-	}
-
-	result = computeid(key);
-	if (result != ISC_R_SUCCESS) {
-		dst_key_free(&key);
-		return (result);
-	}
-
-	*keyp = key;
-	return (ISC_R_SUCCESS);
-}
-
-isc_result_t
-dst_key_generate(dns_name_t *name, unsigned int alg,
-		 unsigned int bits, unsigned int param,
-		 unsigned int flags, unsigned int protocol,
-		 dns_rdataclass_t rdclass,
-		 dst_key_t **keyp)
-{
-	return (dst_key_generate2(name, alg, bits, param, flags, protocol,
-				  rdclass, keyp, NULL));
-}
-
-isc_result_t
-dst_key_generate2(dns_name_t *name, unsigned int alg,
-		  unsigned int bits, unsigned int param,
-		  unsigned int flags, unsigned int protocol,
-		  dns_rdataclass_t rdclass,
-		  dst_key_t **keyp,
-		  void (*callback)(int))
-{
-	dst_key_t *key;
-	isc_result_t ret;
-
-	REQUIRE(dst_initialized == ISC_TRUE);
-	REQUIRE(dns_name_isabsolute(name));
-	REQUIRE(keyp != NULL && *keyp == NULL);
-
-	CHECKALG(alg);
-
-	key = get_key_struct(name, alg, flags, protocol, bits,
-			     rdclass, 0);
-	if (key == NULL)
-		return (ISC_R_NOMEMORY);
-
-	if (bits == 0) { /*%< NULL KEY */
-		key->key_flags |= DNS_KEYTYPE_NOKEY;
-		*keyp = key;
-		return (ISC_R_SUCCESS);
-	}
-
-	if (key->func->generate == NULL) {
-		dst_key_free(&key);
-		return (DST_R_UNSUPPORTEDALG);
-	}
-
-	ret = key->func->generate(key, param, callback);
-	if (ret != ISC_R_SUCCESS) {
-		dst_key_free(&key);
-		return (ret);
-	}
-
-	ret = computeid(key);
-	if (ret != ISC_R_SUCCESS) {
-		dst_key_free(&key);
-		return (ret);
-	}
-
-	*keyp = key;
-	return (ISC_R_SUCCESS);
-}
-
-isc_result_t
-dst_key_getnum(const dst_key_t *key, int type, uint32_t *valuep)
-{
-	REQUIRE(VALID_KEY(key));
-	REQUIRE(valuep != NULL);
-	REQUIRE(type <= DST_MAX_NUMERIC);
-	if (!key->numset[type])
-		return (ISC_R_NOTFOUND);
-	*valuep = key->nums[type];
-	return (ISC_R_SUCCESS);
-}
-
-void
-dst_key_setnum(dst_key_t *key, int type, uint32_t value)
-{
-	REQUIRE(VALID_KEY(key));
-	REQUIRE(type <= DST_MAX_NUMERIC);
-	key->nums[type] = value;
-	key->numset[type] = ISC_TRUE;
-}
-
-void
-dst_key_unsetnum(dst_key_t *key, int type)
-{
-	REQUIRE(VALID_KEY(key));
-	REQUIRE(type <= DST_MAX_NUMERIC);
-	key->numset[type] = ISC_FALSE;
-}
-
-isc_result_t
-dst_key_gettime(const dst_key_t *key, int type, isc_stdtime_t *timep) {
-	REQUIRE(VALID_KEY(key));
-	REQUIRE(timep != NULL);
-	REQUIRE(type <= DST_MAX_TIMES);
-	if (!key->timeset[type])
-		return (ISC_R_NOTFOUND);
-	*timep = key->times[type];
-	return (ISC_R_SUCCESS);
-}
-
-void
-dst_key_settime(dst_key_t *key, int type, isc_stdtime_t when) {
-	REQUIRE(VALID_KEY(key));
-	REQUIRE(type <= DST_MAX_TIMES);
-	key->times[type] = when;
-	key->timeset[type] = ISC_TRUE;
-}
-
-void
-dst_key_unsettime(dst_key_t *key, int type) {
-	REQUIRE(VALID_KEY(key));
-	REQUIRE(type <= DST_MAX_TIMES);
-	key->timeset[type] = ISC_FALSE;
-}
-
-isc_result_t
-dst_key_getprivateformat(const dst_key_t *key, int *majorp, int *minorp) {
-	REQUIRE(VALID_KEY(key));
-	REQUIRE(majorp != NULL);
-	REQUIRE(minorp != NULL);
-	*majorp = key->fmt_major;
-	*minorp = key->fmt_minor;
-	return (ISC_R_SUCCESS);
-}
-
-void
-dst_key_setprivateformat(dst_key_t *key, int major, int minor) {
-	REQUIRE(VALID_KEY(key));
-	key->fmt_major = major;
-	key->fmt_minor = minor;
-}
-
-static isc_boolean_t
-comparekeys(const dst_key_t *key1, const dst_key_t *key2,
-	    isc_boolean_t match_revoked_key,
-	    isc_boolean_t (*compare)(const dst_key_t *key1,
-				     const dst_key_t *key2))
-{
-	REQUIRE(dst_initialized == ISC_TRUE);
-	REQUIRE(VALID_KEY(key1));
-	REQUIRE(VALID_KEY(key2));
-
-	if (key1 == key2)
-		return (ISC_TRUE);
-
-	if (key1->key_alg != key2->key_alg)
-		return (ISC_FALSE);
-
-	if (key1->key_id != key2->key_id) {
-		if (!match_revoked_key)
-			return (ISC_FALSE);
-		if ((key1->key_flags & DNS_KEYFLAG_REVOKE) ==
-		    (key2->key_flags & DNS_KEYFLAG_REVOKE))
-			return (ISC_FALSE);
-		if (key1->key_id != key2->key_rid &&
-		    key1->key_rid != key2->key_id)
-			return (ISC_FALSE);
-	}
-
-	if (compare != NULL)
-		return (compare(key1, key2));
-	else
-		return (ISC_FALSE);
-}
-
-
-/*
- * Compares only the public portion of two keys, by converting them
- * both to wire format and comparing the results.
- */
-static isc_boolean_t
-pub_compare(const dst_key_t *key1, const dst_key_t *key2) {
-	isc_result_t result;
-	unsigned char buf1[DST_KEY_MAXSIZE], buf2[DST_KEY_MAXSIZE];
-	isc_buffer_t b1, b2;
-	isc_region_t r1, r2;
-
-	isc_buffer_init(&b1, buf1, sizeof(buf1));
-	result = dst_key_todns(key1, &b1);
-	if (result != ISC_R_SUCCESS)
-		return (ISC_FALSE);
-	/* Zero out flags. */
-	buf1[0] = buf1[1] = 0;
-	if ((key1->key_flags & DNS_KEYFLAG_EXTENDED) != 0)
-		isc_buffer_subtract(&b1, 2);
-
-	isc_buffer_init(&b2, buf2, sizeof(buf2));
-	result = dst_key_todns(key2, &b2);
-	if (result != ISC_R_SUCCESS)
-		return (ISC_FALSE);
-	/* Zero out flags. */
-	buf2[0] = buf2[1] = 0;
-	if ((key2->key_flags & DNS_KEYFLAG_EXTENDED) != 0)
-		isc_buffer_subtract(&b2, 2);
-
-	isc_buffer_usedregion(&b1, &r1);
-	/* Remove extended flags. */
-	if ((key1->key_flags & DNS_KEYFLAG_EXTENDED) != 0) {
-		memmove(&buf1[4], &buf1[6], r1.length - 6);
-		r1.length -= 2;
-	}
-
-	isc_buffer_usedregion(&b2, &r2);
-	/* Remove extended flags. */
-	if ((key2->key_flags & DNS_KEYFLAG_EXTENDED) != 0) {
-		memmove(&buf2[4], &buf2[6], r2.length - 6);
-		r2.length -= 2;
-	}
-	return (ISC_TF(isc_region_compare(&r1, &r2) == 0));
-}
-
-isc_boolean_t
-dst_key_compare(const dst_key_t *key1, const dst_key_t *key2) {
-	return (comparekeys(key1, key2, ISC_FALSE, key1->func->compare));
-}
-
-isc_boolean_t
-dst_key_pubcompare(const dst_key_t *key1, const dst_key_t *key2,
-		   isc_boolean_t match_revoked_key)
-{
-	return (comparekeys(key1, key2, match_revoked_key, pub_compare));
-}
-
-
-isc_boolean_t
-dst_key_paramcompare(const dst_key_t *key1, const dst_key_t *key2) {
-	REQUIRE(dst_initialized == ISC_TRUE);
-	REQUIRE(VALID_KEY(key1));
-	REQUIRE(VALID_KEY(key2));
-
-	if (key1 == key2)
-		return (ISC_TRUE);
-	if (key1->key_alg == key2->key_alg &&
-	    key1->func->paramcompare != NULL &&
-	    key1->func->paramcompare(key1, key2) == ISC_TRUE)
-		return (ISC_TRUE);
-	else
-		return (ISC_FALSE);
-}
-
 void
 dst_key_attach(dst_key_t *source, dst_key_t **target) {
 
@@ -945,25 +540,6 @@ dst_key_free(dst_key_t **keyp) {
 	*keyp = NULL;
 }
 
-isc_boolean_t
-dst_key_isprivate(const dst_key_t *key) {
-	REQUIRE(VALID_KEY(key));
-	INSIST(key->func->isprivate != NULL);
-	return (key->func->isprivate(key));
-}
-
-isc_result_t
-dst_key_buildfilename(const dst_key_t *key, int type,
-		      const char *directory, isc_buffer_t *out) {
-
-	REQUIRE(VALID_KEY(key));
-	REQUIRE(type == DST_TYPE_PRIVATE || type == DST_TYPE_PUBLIC ||
-		type == 0);
-
-	return (buildfilename(key->key_name, key->key_id, key->key_alg,
-			      type, directory, out));
-}
-
 isc_result_t
 dst_key_sigsize(const dst_key_t *key, unsigned int *n) {
 	REQUIRE(dst_initialized == ISC_TRUE);
@@ -993,78 +569,6 @@ dst_key_sigsize(const dst_key_t *key, unsigned int *n) {
 	return (ISC_R_SUCCESS);
 }
 
-isc_result_t
-dst_key_secretsize(const dst_key_t *key, unsigned int *n) {
-	REQUIRE(dst_initialized == ISC_TRUE);
-	REQUIRE(VALID_KEY(key));
-	REQUIRE(n != NULL);
-
-		return (DST_R_UNSUPPORTEDALG);
-}
-
-/*%
- * Set the flags on a key, then recompute the key ID
- */
-isc_result_t
-dst_key_setflags(dst_key_t *key, uint32_t flags) {
-	REQUIRE(VALID_KEY(key));
-	key->key_flags = flags;
-	return (computeid(key));
-}
-
-void
-dst_key_format(const dst_key_t *key, char *cp, unsigned int size) {
-	char namestr[DNS_NAME_FORMATSIZE];
-	char algstr[DNS_NAME_FORMATSIZE];
-
-	dns_name_format(dst_key_name(key), namestr, sizeof(namestr));
-	dns_secalg_format((dns_secalg_t) dst_key_alg(key), algstr,
-			  sizeof(algstr));
-	snprintf(cp, size, "%s/%s/%d", namestr, algstr, dst_key_id(key));
-}
-
-isc_result_t
-dst_key_dump(dst_key_t *key, char **buffer, int *length) {
-
-	REQUIRE(buffer != NULL && *buffer == NULL);
-	REQUIRE(length != NULL && *length == 0);
-	REQUIRE(VALID_KEY(key));
-
-	if (key->func->dump == NULL)
-		return (ISC_R_NOTIMPLEMENTED);
-	return (key->func->dump(key, buffer, length));
-}
-
-isc_result_t
-dst_key_restore(dns_name_t *name, unsigned int alg, unsigned int flags,
-		unsigned int protocol, dns_rdataclass_t rdclass,
-		const char *keystr, dst_key_t **keyp)
-{
-	isc_result_t result;
-	dst_key_t *key;
-
-	REQUIRE(dst_initialized == ISC_TRUE);
-	REQUIRE(keyp != NULL && *keyp == NULL);
-
-	if (alg >= DST_MAX_ALGS || dst_t_func[alg] == NULL)
-		return (DST_R_UNSUPPORTEDALG);
-
-	if (dst_t_func[alg]->restore == NULL)
-		return (ISC_R_NOTIMPLEMENTED);
-
-	key = get_key_struct(name, alg, flags, protocol, 0, rdclass, 0);
-	if (key == NULL)
-		return (ISC_R_NOMEMORY);
-
-	result = (dst_t_func[alg]->restore)(key, keystr);
-	if (result == ISC_R_SUCCESS)
-		*keyp = key;
-	else
-		dst_key_free(&key);
-
-	return (result);
-}
-
 /***
  *** Static methods
  ***/
@@ -1128,22 +632,6 @@ get_key_struct(dns_name_t *name, unsigned int alg,
 	return (key);
 }
 
-isc_boolean_t
-dst_key_inactive(const dst_key_t *key) {
-
-	REQUIRE(VALID_KEY(key));
-
-	return (key->inactive);
-}
-
-void
-dst_key_setinactive(dst_key_t *key, isc_boolean_t inactive) {
-
-	REQUIRE(VALID_KEY(key));
-
-	key->inactive = inactive;
-}
-
 /*%
  * Reads a public key from disk
  */
@@ -1260,9 +748,6 @@ dst_key_read_public(const char *filename, int type,
 	ret = dst_key_fromdns(dns_fixedname_name(&name), rdclass, &b, keyp);
 	if (ret != ISC_R_SUCCESS)
 		goto cleanup;
-
-	dst_key_setttl(*keyp, ttl);
-
  cleanup:
 	if (lex != NULL)
 		isc_lex_destroy(&lex);
@@ -1270,45 +755,6 @@ dst_key_read_public(const char *filename, int type,
 }
 
 static isc_result_t
-buildfilename(dns_name_t *name, dns_keytag_t id,
-	      unsigned int alg, unsigned int type,
-	      const char *directory, isc_buffer_t *out)
-{
-	const char *suffix = "";
-	unsigned int len;
-	isc_result_t result;
-
-	REQUIRE(out != NULL);
-	if ((type & DST_TYPE_PRIVATE) != 0)
-		suffix = ".private";
-	else if (type == DST_TYPE_PUBLIC)
-		suffix = ".key";
-	if (directory != NULL) {
-		if (isc_buffer_availablelength(out) < strlen(directory))
-			return (ISC_R_NOSPACE);
-		isc_buffer_putstr(out, directory);
-		if (strlen(directory) > 0U &&
-		    directory[strlen(directory) - 1] != '/')
-			isc_buffer_putstr(out, "/");
-	}
-	if (isc_buffer_availablelength(out) < 1)
-		return (ISC_R_NOSPACE);
-	isc_buffer_putstr(out, "K");
-	result = dns_name_tofilenametext(name, ISC_FALSE, out);
-	if (result != ISC_R_SUCCESS)
-		return (result);
-	len = 1 + 3 + 1 + 5 + strlen(suffix) + 1;
-	if (isc_buffer_availablelength(out) < len)
-		return (ISC_R_NOSPACE);
-	snprintf((char *) isc_buffer_used(out),
-		 (int)isc_buffer_availablelength(out),
-		 "+%03d+%05d%s", alg, id, suffix);
-	isc_buffer_add(out, len);
-
-	return (ISC_R_SUCCESS);
-}
-
-static isc_result_t
 computeid(dst_key_t *key) {
 	isc_buffer_t dnsbuf;
 	unsigned char dns_array[DST_KEY_MAXSIZE];
@@ -1398,9 +844,3 @@ addsuffix(char *filename, int len, const char *odirname,
 		return (ISC_R_NOSPACE);
 	return (ISC_R_SUCCESS);
 }
-
-isc_buffer_t *
-dst_key_tkeytoken(const dst_key_t *key) {
-	REQUIRE(VALID_KEY(key));
-	return (key->key_tkeytoken);
-}
diff --git a/usr.bin/dig/lib/dns/dst_internal.h b/usr.bin/dig/lib/dns/dst_internal.h
index 02a827617df..456df9cf393 100644
--- a/usr.bin/dig/lib/dns/dst_internal.h
+++ b/usr.bin/dig/lib/dns/dst_internal.h
@@ -31,7 +31,7 @@
  * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dst_internal.h,v 1.1 2020/02/07 09:58:52 florian Exp $ */
+/* $Id: dst_internal.h,v 1.2 2020/02/11 17:23:29 florian Exp $ */
 
 #ifndef DST_DST_INTERNAL_H
 #define DST_DST_INTERNAL_H 1
@@ -198,7 +198,7 @@ struct dst_func {
 /*%
  * Initializers
  */
-isc_result_t dst__openssl_init(const char *engine);
+isc_result_t dst__openssl_init(void);
 
 isc_result_t dst__hmacsha1_init(struct dst_func **funcp);
 isc_result_t dst__hmacsha224_init(struct dst_func **funcp);
diff --git a/usr.bin/dig/lib/dns/dst_parse.c b/usr.bin/dig/lib/dns/dst_parse.c
index 30e4b19bfbb..6c21d3839be 100644
--- a/usr.bin/dig/lib/dns/dst_parse.c
+++ b/usr.bin/dig/lib/dns/dst_parse.c
@@ -33,7 +33,7 @@
 
 /*%
  * Principal Author: Brian Wellington
- * $Id: dst_parse.c,v 1.1 2020/02/07 09:58:52 florian Exp $
+ * $Id: dst_parse.c,v 1.2 2020/02/11 17:23:29 florian Exp $
  */
 
 
@@ -195,7 +195,6 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex,
 	isc_token_t token;
 	unsigned char *data = NULL;
 	unsigned int opt = ISC_LEXOPT_EOL;
-	isc_stdtime_t when;
 	isc_result_t ret;
 	isc_boolean_t external = ISC_FALSE;
 
@@ -249,11 +248,6 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex,
 		goto fail;
 	}
 
-	/*
-	 * Store the private key format version number
-	 */
-	dst_key_setprivateformat(key, major, minor);
-
 	READLINE(lex, opt, &token);
 
 	/*
@@ -311,8 +305,6 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex,
 				ret = DST_R_INVALIDPRIVATEKEY;
 				goto fail;
 			}
-
-			dst_key_setnum(key, tag, token.value.as_ulong);
 			goto next;
 		}
 
@@ -327,12 +319,6 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex,
 				goto fail;
 			}
 
-			ret = dns_time32_fromtext(DST_AS_STR(token), &when);
-			if (ret != ISC_R_SUCCESS)
-				goto fail;
-
-			dst_key_settime(key, tag, when);
-
 			goto next;
 		}
 
diff --git a/usr.bin/dig/lib/dns/include/dst/dst.h b/usr.bin/dig/lib/dns/include/dst/dst.h
index 82d9e4fd209..356c6279c38 100644
--- a/usr.bin/dig/lib/dns/include/dst/dst.h
+++ b/usr.bin/dig/lib/dns/include/dst/dst.h
@@ -14,7 +14,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dst.h,v 1.1 2020/02/07 09:58:52 florian Exp $ */
+/* $Id: dst.h,v 1.2 2020/02/11 17:23:29 florian Exp $ */
 
 #ifndef DST_DST_H
 #define DST_DST_H 1
@@ -116,14 +116,10 @@ typedef struct dst_context 	dst_context_t;
 
 isc_result_t
 dst_lib_init(void);
-
-isc_result_t
-dst_lib_init2(const char *engine);
 /*%<
  * Initializes the DST subsystem.
  *
  * Requires:
- * \li 	"mctx" is a valid memory context
  *
  * Returns:
  * \li	ISC_R_SUCCESS
@@ -150,16 +146,6 @@ dst_algorithm_supported(unsigned int alg);
  * \li	ISC_FALSE
  */
 
-isc_boolean_t
-dst_ds_digest_supported(unsigned int digest_type);
-/*%<
- * Checks that a given digest algorithm is supported by DST.
- *
- * Returns:
- * \li	ISC_TRUE
- * \li	ISC_FALSE
- */
-
 isc_result_t
 dst_context_create(dst_key_t *key, dst_context_t **dctxp);
 
@@ -181,7 +167,6 @@ dst_context_create4(dst_key_t *key,
  *
  * Requires:
  * \li	"key" is a valid key.
- * \li	"mctx" is a valid memory context.
  * \li	dctxp != NULL && *dctxp == NULL
  *
  * Returns:
@@ -263,25 +248,6 @@ dst_context_verify2(dst_context_t *dctx, unsigned int maxbits,
  */
 
 isc_result_t
-dst_key_computesecret(const dst_key_t *pub, const dst_key_t *priv,
-		      isc_buffer_t *secret);
-/*%<
- * Computes a shared secret from two (Diffie-Hellman) keys.
- *
- * Requires:
- * \li	"pub" is a valid key that can be used to derive a shared secret
- * \li	"priv" is a valid private key that can be used to derive a shared secret
- * \li	"secret" is a valid buffer
- *
- * Returns:
- * \li	ISC_R_SUCCESS
- * \li	any other result indicates failure
- *
- * Ensures:
- * \li	If successful, secret will contain the derived shared secret.
- */
-
-isc_result_t
 dst_key_fromnamedfile(const char *filename, const char *dirname,
 		      int type, dst_key_t **keyp);
 /*%<
@@ -297,7 +263,6 @@ dst_key_fromnamedfile(const char *filename, const char *dirname,
  * \li	"filename" is not NULL
  * \li	"type" is DST_TYPE_PUBLIC, DST_TYPE_PRIVATE, or the bitwise union
  *		  DST_TYPE_KEY look for a KEY record otherwise DNSKEY
- * \li	"mctx" is a valid memory context
  * \li	"keyp" is not NULL and "*keyp" is NULL.
  *
  * Returns:
@@ -317,7 +282,6 @@ dst_key_read_public(const char *filename, int type, dst_key_t **keyp);
  * Requires:
  * \li	"filename" is not NULL
  * \li	"type" is DST_TYPE_KEY look for a KEY record otherwise DNSKEY
- * \li	"mctx" is a valid memory context
  * \li	"keyp" is not NULL and "*keyp" is NULL.
  *
  * Returns:
@@ -331,23 +295,6 @@ dst_key_read_public(const char *filename, int type, dst_key_t **keyp);
  */
 
 isc_result_t
-dst_key_tofile(const dst_key_t *key, int type, const char *directory);
-/*%<
- * Writes a key to permanent storage.  The key can either be a public or
- * private key.  Public keys are written in DNS format and private keys
- * are written as a set of base64 encoded values.  If directory is NULL,
- * the current directory is assumed.
- *
- * Requires:
- * \li	"key" is a valid key.
- * \li	"type" is DST_TYPE_PUBLIC, DST_TYPE_PRIVATE, or the bitwise union
- *
- * Returns:
- * \li	ISC_R_SUCCESS
- * \li	any other result indicates failure
- */
-
-isc_result_t
 dst_key_fromdns(dns_name_t *name, dns_rdataclass_t rdclass,
 		isc_buffer_t *source, dst_key_t **keyp);
 /*%<
@@ -356,7 +303,6 @@ dst_key_fromdns(dns_name_t *name, dns_rdataclass_t rdclass,
  * Requires:
  * \li	"name" is a valid absolute dns name.
  * \li	"source" is a valid buffer.  There must be at least 4 bytes available.
- * \li	"mctx" is a valid memory context.
  * \li	"keyp" is not NULL and "*keyp" is NULL.
  *
  * Returns:
@@ -397,7 +343,6 @@ dst_key_frombuffer(dns_name_t *name, unsigned int alg,
  *\li	"name" is a valid absolute dns name.
  *\li	"alg" is a supported key algorithm.
  *\li	"source" is a valid buffer.
- *\li	"mctx" is a valid memory context.
  *\li	"keyp" is not NULL and "*keyp" is NULL.
  *
  * Returns:
@@ -409,153 +354,6 @@ dst_key_frombuffer(dns_name_t *name, unsigned int alg,
  *	pointer in source will be advanced.
  */
 
-isc_result_t
-dst_key_tobuffer(const dst_key_t *key, isc_buffer_t *target);
-/*%<
- * Converts a DST key into DNS KEY RDATA format.
- *
- * Requires:
- *\li	"key" is a valid key.
- *\li	"target" is a valid buffer.
- *
- * Returns:
- *\li 	ISC_R_SUCCESS
- * \li	any other result indicates failure
- *
- * Ensures:
- *\li	If successful, the used pointer in 'target' is advanced.
- */
-
-isc_result_t
-dst_key_privatefrombuffer(dst_key_t *key, isc_buffer_t *buffer);
-/*%<
- * Converts a public key into a private key, reading the private key
- * information from the buffer.  The buffer should contain the same data
- * as the .private key file would.
- *
- * Requires:
- *\li	"key" is a valid public key.
- *\li	"buffer" is not NULL.
- *
- * Returns:
- *\li 	ISC_R_SUCCESS
- * \li	any other result indicates failure
- *
- * Ensures:
- *\li	If successful, key will contain a valid private key.
- */
-
-#ifdef DST_KEY_INTERNAL
-isc_result_t
-dst_key_buildinternal(dns_name_t *name, unsigned int alg,
-		      unsigned int bits, unsigned int flags,
-		      unsigned int protocol, dns_rdataclass_t rdclass,
-		      void *data, dst_key_t **keyp);
-#endif
-
-isc_result_t
-dst_key_fromlabel(dns_name_t *name, int alg, unsigned int flags,
-		  unsigned int protocol, dns_rdataclass_t rdclass,
-		  const char *engine, const char *label, const char *pin,
-		  dst_key_t **keyp);
-
-isc_result_t
-dst_key_generate(dns_name_t *name, unsigned int alg,
-		 unsigned int bits, unsigned int param,
-		 unsigned int flags, unsigned int protocol,
-		 dns_rdataclass_t rdclass,
-		 dst_key_t **keyp);
-
-isc_result_t
-dst_key_generate2(dns_name_t *name, unsigned int alg,
-		  unsigned int bits, unsigned int param,
-		  unsigned int flags, unsigned int protocol,
-		  dns_rdataclass_t rdclass,
-		  dst_key_t **keyp,
-		  void (*callback)(int));
-
-/*%<
- * Generate a DST key (or keypair) with the supplied parameters.  The
- * interpretation of the "param" field depends on the algorithm:
- * \code
- * 	RSA:	exponent
- * 		0	use exponent 3
- * 		!0	use Fermat4 (2^16 + 1)
- * 	DH:	generator
- * 		0	default - use well known prime if bits == 768 or 1024,
- * 			otherwise use 2 as the generator.
- * 		!0	use this value as the generator.
- * 	DSA:	unused
- * 	HMACMD5: entropy
- *		0	default - require good entropy
- *		!0	lack of good entropy is ok
- *\endcode
- *
- * Requires:
- *\li	"name" is a valid absolute dns name.
- *\li	"keyp" is not NULL and "*keyp" is NULL.
- *
- * Returns:
- *\li 	ISC_R_SUCCESS
- * \li	any other result indicates failure
- *
- * Ensures:
- *\li	If successful, *keyp will contain a valid key.
- */
-
-isc_boolean_t
-dst_key_compare(const dst_key_t *key1, const dst_key_t *key2);
-/*%<
- * Compares two DST keys.  Returns true if they match, false otherwise.
- *
- * Keys ARE NOT considered to match if one of them is the revoked version
- * of the other.
- *
- * Requires:
- *\li	"key1" is a valid key.
- *\li	"key2" is a valid key.
- *
- * Returns:
- *\li 	ISC_TRUE
- * \li	ISC_FALSE
- */
-
-isc_boolean_t
-dst_key_pubcompare(const dst_key_t *key1, const dst_key_t *key2,
-		   isc_boolean_t match_revoked_key);
-/*%<
- * Compares only the public portions of two DST keys.  Returns true
- * if they match, false otherwise.  This allows us, for example, to
- * determine whether a public key found in a zone matches up with a
- * key pair found on disk.
- *
- * If match_revoked_key is TRUE, then keys ARE considered to match if one
- * of them is the revoked version of the other. Otherwise, they are not.
- *
- * Requires:
- *\li	"key1" is a valid key.
- *\li	"key2" is a valid key.
- *
- * Returns:
- *\li 	ISC_TRUE
- * \li	ISC_FALSE
- */
-
-isc_boolean_t
-dst_key_paramcompare(const dst_key_t *key1, const dst_key_t *key2);
-/*%<
- * Compares the parameters of two DST keys.  This is used to determine if
- * two (Diffie-Hellman) keys can be used to derive a shared secret.
- *
- * Requires:
- *\li	"key1" is a valid key.
- *\li	"key2" is a valid key.
- *
- * Returns:
- *\li 	ISC_TRUE
- * \li	ISC_FALSE
- */
-
 void
 dst_key_attach(dst_key_t *source, dst_key_t **target);
 /*
@@ -594,49 +392,11 @@ unsigned int
 dst_key_size(const dst_key_t *key);
 
 unsigned int
-dst_key_proto(const dst_key_t *key);
-
-unsigned int
 dst_key_alg(const dst_key_t *key);
 
-uint32_t
-dst_key_flags(const dst_key_t *key);
-
 dns_keytag_t
 dst_key_id(const dst_key_t *key);
 
-dns_keytag_t
-dst_key_rid(const dst_key_t *key);
-
-dns_rdataclass_t
-dst_key_class(const dst_key_t *key);
-
-isc_boolean_t
-dst_key_isprivate(const dst_key_t *key);
-
-isc_boolean_t
-dst_key_iszonekey(const dst_key_t *key);
-
-isc_boolean_t
-dst_key_isnullkey(const dst_key_t *key);
-
-isc_result_t
-dst_key_buildfilename(const dst_key_t *key, int type,
-		      const char *directory, isc_buffer_t *out);
-/*%<
- * Generates the filename used by dst to store the specified key.
- * If directory is NULL, the current directory is assumed.
- *
- * Requires:
- *\li	"key" is a valid key
- *\li	"type" is either DST_TYPE_PUBLIC, DST_TYPE_PRIVATE, or 0 for no suffix.
- *\li	"out" is a valid buffer
- *
- * Ensures:
- *\li	the file name will be written to "out", and the used pointer will
- *		be advanced.
- */
-
 isc_result_t
 dst_key_sigsize(const dst_key_t *key, unsigned int *n);
 /*%<
@@ -654,23 +414,6 @@ dst_key_sigsize(const dst_key_t *key, unsigned int *n);
  *\li	"n" stores the size of a generated signature
  */
 
-isc_result_t
-dst_key_secretsize(const dst_key_t *key, unsigned int *n);
-/*%<
- * Computes the size of a shared secret generated by the given key.
- *
- * Requires:
- *\li	"key" is a valid key.
- *\li	"n" is not NULL
- *
- * Returns:
- *\li	#ISC_R_SUCCESS
- *\li	DST_R_UNSUPPORTEDALG
- *
- * Ensures:
- *\li	"n" stores the size of a generated shared secret
- */
-
 uint16_t
 dst_region_computeid(const isc_region_t *source, unsigned int alg);
 uint16_t
@@ -704,189 +447,6 @@ dst_key_setbits(dst_key_t *key, uint16_t bits);
  *	"key" is a valid key.
  */
 
-void
-dst_key_setttl(dst_key_t *key, dns_ttl_t ttl);
-/*%<
- * Set the default TTL to use when converting the key
- * to a KEY or DNSKEY RR.
- *
- * Requires:
- *	"key" is a valid key.
- */
-
-dns_ttl_t
-dst_key_getttl(const dst_key_t *key);
-/*%<
- * Get the default TTL to use when converting the key
- * to a KEY or DNSKEY RR.
- *
- * Requires:
- *	"key" is a valid key.
- */
-
-isc_result_t
-dst_key_setflags(dst_key_t *key, uint32_t flags);
-/*
- * Set the key flags, and recompute the key ID.
- *
- * Requires:
- *	"key" is a valid key.
- */
-
-isc_result_t
-dst_key_getnum(const dst_key_t *key, int type, uint32_t *valuep);
-/*%<
- * Get a member of the numeric metadata array and place it in '*valuep'.
- *
- * Requires:
- *	"key" is a valid key.
- *	"type" is no larger than DST_MAX_NUMERIC
- *	"timep" is not null.
- */
-
-void
-dst_key_setnum(dst_key_t *key, int type, uint32_t value);
-/*%<
- * Set a member of the numeric metadata array.
- *
- * Requires:
- *	"key" is a valid key.
- *	"type" is no larger than DST_MAX_NUMERIC
- */
-
-void
-dst_key_unsetnum(dst_key_t *key, int type);
-/*%<
- * Flag a member of the numeric metadata array as "not set".
- *
- * Requires:
- *	"key" is a valid key.
- *	"type" is no larger than DST_MAX_NUMERIC
- */
-
-isc_result_t
-dst_key_gettime(const dst_key_t *key, int type, isc_stdtime_t *timep);
-/*%<
- * Get a member of the timing metadata array and place it in '*timep'.
- *
- * Requires:
- *	"key" is a valid key.
- *	"type" is no larger than DST_MAX_TIMES
- *	"timep" is not null.
- */
-
-void
-dst_key_settime(dst_key_t *key, int type, isc_stdtime_t when);
-/*%<
- * Set a member of the timing metadata array.
- *
- * Requires:
- *	"key" is a valid key.
- *	"type" is no larger than DST_MAX_TIMES
- */
-
-void
-dst_key_unsettime(dst_key_t *key, int type);
-/*%<
- * Flag a member of the timing metadata array as "not set".
- *
- * Requires:
- *	"key" is a valid key.
- *	"type" is no larger than DST_MAX_TIMES
- */
-
-isc_result_t
-dst_key_getprivateformat(const dst_key_t *key, int *majorp, int *minorp);
-/*%<
- * Get the private key format version number.  (If the key does not have
- * a private key associated with it, the version will be 0.0.)  The major
- * version number is placed in '*majorp', and the minor version number in
- * '*minorp'.
- *
- * Requires:
- *	"key" is a valid key.
- *	"majorp" is not NULL.
- *	"minorp" is not NULL.
- */
-
-void
-dst_key_setprivateformat(dst_key_t *key, int major, int minor);
-/*%<
- * Set the private key format version number.
- *
- * Requires:
- *	"key" is a valid key.
- */
-
-#define DST_KEY_FORMATSIZE (DNS_NAME_FORMATSIZE + DNS_SECALG_FORMATSIZE + 7)
-
-void
-dst_key_format(const dst_key_t *key, char *cp, unsigned int size);
-/*%<
- * Write the uniquely identifying information about the key (name,
- * algorithm, key ID) into a string 'cp' of size 'size'.
- */
-
-
-isc_buffer_t *
-dst_key_tkeytoken(const dst_key_t *key);
-/*%<
- * Return the token from the TKEY request, if any.  If this key was
- * not negotiated via TKEY, return NULL.
- *
- * Requires:
- *	"key" is a valid key.
- */
-
-
-isc_result_t
-dst_key_dump(dst_key_t *key, char **buffer, int *length);
-/*%<
- * Allocate 'buffer' and dump the key into it in base64 format. The buffer
- * is not NUL terminated. The length of the buffer is returned in *length.
- *
- * 'buffer' needs to be freed using free(buffer);
- *
- * Requires:
- *	'buffer' to be non NULL and *buffer to be NULL.
- *	'length' to be non NULL and *length to be zero.
- *
- * Returns:
- *	ISC_R_SUCCESS
- *	ISC_R_NOMEMORY
- *	ISC_R_NOTIMPLEMENTED
- *	others.
- */
-
-isc_result_t
-dst_key_restore(dns_name_t *name, unsigned int alg, unsigned int flags,
-		unsigned int protocol, dns_rdataclass_t rdclass,
-		const char *keystr, dst_key_t **keyp);
-
-isc_boolean_t
-dst_key_inactive(const dst_key_t *key);
-/*%<
- * Determines if the private key is missing due the key being deemed inactive.
- *
- * Requires:
- *	'key' to be valid.
- */
-
-void
-dst_key_setinactive(dst_key_t *key, isc_boolean_t inactive);
-/*%<
- * Set key inactive state.
- *
- * Requires:
- *	'key' to be valid.
- */
-
-void
-dst_key_setexternal(dst_key_t *key, isc_boolean_t value);
-
-isc_boolean_t
-dst_key_isexternal(dst_key_t *key);
-
 ISC_LANG_ENDDECLS
 
 #endif /* DST_DST_H */
diff --git a/usr.bin/dig/lib/dns/key.c b/usr.bin/dig/lib/dns/key.c
index 9c233ffdb91..7f6d2d6ceba 100644
--- a/usr.bin/dig/lib/dns/key.c
+++ b/usr.bin/dig/lib/dns/key.c
@@ -14,7 +14,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: key.c,v 1.1 2020/02/07 09:58:52 florian Exp $ */
+/* $Id: key.c,v 1.2 2020/02/11 17:23:29 florian Exp $ */
 
 
 
@@ -95,69 +95,17 @@ dst_key_size(const dst_key_t *key) {
 }
 
 unsigned int
-dst_key_proto(const dst_key_t *key) {
-	REQUIRE(VALID_KEY(key));
-	return (key->key_proto);
-}
-
-unsigned int
 dst_key_alg(const dst_key_t *key) {
 	REQUIRE(VALID_KEY(key));
 	return (key->key_alg);
 }
 
-uint32_t
-dst_key_flags(const dst_key_t *key) {
-	REQUIRE(VALID_KEY(key));
-	return (key->key_flags);
-}
-
 dns_keytag_t
 dst_key_id(const dst_key_t *key) {
 	REQUIRE(VALID_KEY(key));
 	return (key->key_id);
 }
 
-dns_keytag_t
-dst_key_rid(const dst_key_t *key) {
-	REQUIRE(VALID_KEY(key));
-	return (key->key_rid);
-}
-
-dns_rdataclass_t
-dst_key_class(const dst_key_t *key) {
-	REQUIRE(VALID_KEY(key));
-	return (key->key_class);
-}
-
-isc_boolean_t
-dst_key_iszonekey(const dst_key_t *key) {
-	REQUIRE(VALID_KEY(key));
-
-	if ((key->key_flags & DNS_KEYTYPE_NOAUTH) != 0)
-		return (ISC_FALSE);
-	if ((key->key_flags & DNS_KEYFLAG_OWNERMASK) != DNS_KEYOWNER_ZONE)
-		return (ISC_FALSE);
-	if (key->key_proto != DNS_KEYPROTO_DNSSEC &&
-	    key->key_proto != DNS_KEYPROTO_ANY)
-		return (ISC_FALSE);
-	return (ISC_TRUE);
-}
-
-isc_boolean_t
-dst_key_isnullkey(const dst_key_t *key) {
-	REQUIRE(VALID_KEY(key));
-
-	if ((key->key_flags & DNS_KEYFLAG_TYPEMASK) != DNS_KEYTYPE_NOKEY)
-		return (ISC_FALSE);
-	if ((key->key_flags & DNS_KEYFLAG_OWNERMASK) != DNS_KEYOWNER_ZONE)
-		return (ISC_FALSE);
-	if (key->key_proto != DNS_KEYPROTO_DNSSEC &&
-	    key->key_proto != DNS_KEYPROTO_ANY)
-		return (ISC_FALSE);
-	return (ISC_TRUE);
-}
-
 void
 dst_key_setbits(dst_key_t *key, uint16_t bits) {
 	unsigned int maxbits;
@@ -176,16 +124,4 @@ dst_key_getbits(const dst_key_t *key) {
 	return (key->key_bits);
 }
 
-void
-dst_key_setttl(dst_key_t *key, dns_ttl_t ttl) {
-	REQUIRE(VALID_KEY(key));
-	key->key_ttl = ttl;
-}
-
-dns_ttl_t
-dst_key_getttl(const dst_key_t *key) {
-	REQUIRE(VALID_KEY(key));
-	return (key->key_ttl);
-}
-
 /*! \file */
diff --git a/usr.bin/dig/lib/dns/openssl_link.c b/usr.bin/dig/lib/dns/openssl_link.c
index 31c88539221..b48956110fe 100644
--- a/usr.bin/dig/lib/dns/openssl_link.c
+++ b/usr.bin/dig/lib/dns/openssl_link.c
@@ -48,16 +48,9 @@
 #include "dst_openssl.h"
 
 isc_result_t
-dst__openssl_init(const char *engine) {
-	isc_result_t result;
-
-	UNUSED(engine);
-
+dst__openssl_init(void) {
 	ERR_load_crypto_strings();
-
 	return (ISC_R_SUCCESS);
-
-	return (result);
 }
 
 void