From baa71c5181b6426605e438f780938a849ef86eb5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= <pspacek@isc.org>
Date: Thu, 6 Oct 2022 14:39:17 +0200
Subject: [PATCH] Remove unused lib/dns/tsec

dns_tsec API is not referenced anywhere, remove it.
This is a leftover after dns_client cleanup.

Related: !4835
---
 lib/dns/Makefile.am         |   2 -
 lib/dns/client.c            |   1 -
 lib/dns/include/dns/tsec.h  | 129 -------------------------------
 lib/dns/include/dns/types.h |   1 -
 lib/dns/tsec.c              | 149 ------------------------------------
 5 files changed, 282 deletions(-)
 delete mode 100644 lib/dns/include/dns/tsec.h
 delete mode 100644 lib/dns/tsec.c

diff --git a/lib/dns/Makefile.am b/lib/dns/Makefile.am
index 1f675070b6..0fad435ada 100644
--- a/lib/dns/Makefile.am
+++ b/lib/dns/Makefile.am
@@ -126,7 +126,6 @@ libdns_la_HEADERS =			\
 	include/dns/time.h		\
 	include/dns/transport.h		\
 	include/dns/tkey.h		\
-	include/dns/tsec.h		\
 	include/dns/tsig.h		\
 	include/dns/ttl.h		\
 	include/dns/types.h		\
@@ -228,7 +227,6 @@ libdns_la_SOURCES =			\
 	time.c				\
 	transport.c			\
 	tkey.c				\
-	tsec.c				\
 	tsig.c				\
 	ttl.c				\
 	update.c			\
diff --git a/lib/dns/client.c b/lib/dns/client.c
index 88998ab4e1..df5888d517 100644
--- a/lib/dns/client.c
+++ b/lib/dns/client.c
@@ -44,7 +44,6 @@
 #include <dns/rdatatype.h>
 #include <dns/request.h>
 #include <dns/resolver.h>
-#include <dns/tsec.h>
 #include <dns/tsig.h>
 #include <dns/view.h>
 
diff --git a/lib/dns/include/dns/tsec.h b/lib/dns/include/dns/tsec.h
deleted file mode 100644
index 3d9577b5c9..0000000000
--- a/lib/dns/include/dns/tsec.h
+++ /dev/null
@@ -1,129 +0,0 @@
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * SPDX-License-Identifier: MPL-2.0
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, you can obtain one at https://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-#pragma once
-
-/*****
-***** Module Info
-*****/
-
-/*! \file
- *
- * \brief
- * The TSEC (Transaction Security) module is an abstraction layer for managing
- * DNS transaction mechanisms such as TSIG or SIG(0).  A TSEC structure is a
- * mechanism-independent object containing key information specific to the
- * mechanism, and is expected to be used as an argument to other modules
- * that use transaction security in a mechanism-independent manner.
- *
- * MP:
- *\li	A TSEC structure is expected to be thread-specific.  No inter-thread
- *	synchronization is ensured in multiple access to a single TSEC
- *	structure.
- *
- * Resources:
- *\li	TBS
- *
- * Security:
- *\li	This module does not handle any low-level data directly, and so no
- *	security issue specific to this module is anticipated.
- */
-
-#include <dns/types.h>
-
-#include <dst/dst.h>
-
-ISC_LANG_BEGINDECLS
-
-/***
- *** Types
- ***/
-
-/*%
- * Transaction security types.
- */
-typedef enum {
-	dns_tsectype_none,
-	dns_tsectype_tsig,
-	dns_tsectype_sig0
-} dns_tsectype_t;
-
-isc_result_t
-dns_tsec_create(isc_mem_t *mctx, dns_tsectype_t type, dst_key_t *key,
-		dns_tsec_t **tsecp);
-/*%<
- * Create a TSEC structure and stores a type-dependent key structure in it.
- * For a TSIG key (type is dns_tsectype_tsig), dns_tsec_create() creates a
- * TSIG key structure from '*key' and keeps it in the structure.  For other
- * types, this function simply retains '*key' in the structure.  In either
- * case, the ownership of '*key' is transferred to the TSEC module; the caller
- * must not modify or destroy it after the call to dns_tsec_create().
- *
- * Requires:
- *
- *\li	'mctx' is a valid memory context.
- *
- *\li	'type' is a valid value of dns_tsectype_t (see above).
- *
- *\li	'key' is a valid key.
- *
- *\li	tsecp != NULL && *tsecp == NULL.
- *
- * Returns:
- *
- *\li	#ISC_R_SUCCESS				On success.
- *
- *\li	Anything else				Failure.
- */
-
-void
-dns_tsec_destroy(dns_tsec_t **tsecp);
-/*%<
- * Destroy the TSEC structure.  The stored key is also detached or destroyed.
- *
- * Requires
- *
- *\li	'*tsecp' is a valid TSEC structure.
- *
- * Ensures
- *
- *\li	*tsecp == NULL.
- *
- */
-
-dns_tsectype_t
-dns_tsec_gettype(dns_tsec_t *tsec);
-/*%<
- * Return the TSEC type of '*tsec'.
- *
- * Requires
- *
- *\li	'tsec' is a valid TSEC structure.
- *
- */
-
-void
-dns_tsec_getkey(dns_tsec_t *tsec, void *keyp);
-/*%<
- * Return the TSEC key of '*tsec' in '*keyp'.
- *
- * Requires
- *
- *\li	keyp != NULL
- *
- * Ensures
- *
- *\li	*tsecp points to a valid key structure depending on the TSEC type.
- */
-
-ISC_LANG_ENDDECLS
diff --git a/lib/dns/include/dns/types.h b/lib/dns/include/dns/types.h
index 04aa86ea8b..f2288d3bea 100644
--- a/lib/dns/include/dns/types.h
+++ b/lib/dns/include/dns/types.h
@@ -144,7 +144,6 @@ typedef struct dns_tkeyctx	     dns_tkeyctx_t;
 typedef struct dns_transport	     dns_transport_t;
 typedef struct dns_transport_list    dns_transport_list_t;
 typedef uint16_t		     dns_trust_t;
-typedef struct dns_tsec		     dns_tsec_t;
 typedef struct dns_tsig_keyring	     dns_tsig_keyring_t;
 typedef struct dns_tsigkey	     dns_tsigkey_t;
 typedef uint32_t		     dns_ttl_t;
diff --git a/lib/dns/tsec.c b/lib/dns/tsec.c
deleted file mode 100644
index fcb761348b..0000000000
--- a/lib/dns/tsec.c
+++ /dev/null
@@ -1,149 +0,0 @@
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * SPDX-License-Identifier: MPL-2.0
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, you can obtain one at https://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-#include <isc/mem.h>
-#include <isc/result.h>
-#include <isc/util.h>
-
-#include <dns/tsec.h>
-#include <dns/tsig.h>
-
-#include <dst/dst.h>
-
-#define DNS_TSEC_MAGIC	  ISC_MAGIC('T', 's', 'e', 'c')
-#define DNS_TSEC_VALID(t) ISC_MAGIC_VALID(t, DNS_TSEC_MAGIC)
-
-/*%
- * DNS Transaction Security object.  We assume this is not shared by
- * multiple threads, and so the structure does not contain a lock.
- */
-struct dns_tsec {
-	unsigned int magic;
-	dns_tsectype_t type;
-	isc_mem_t *mctx;
-	union {
-		dns_tsigkey_t *tsigkey;
-		dst_key_t *key;
-	} ukey;
-};
-
-isc_result_t
-dns_tsec_create(isc_mem_t *mctx, dns_tsectype_t type, dst_key_t *key,
-		dns_tsec_t **tsecp) {
-	isc_result_t result;
-	dns_tsec_t *tsec;
-	dns_tsigkey_t *tsigkey = NULL;
-	const dns_name_t *algname;
-
-	REQUIRE(mctx != NULL);
-	REQUIRE(tsecp != NULL && *tsecp == NULL);
-
-	tsec = isc_mem_get(mctx, sizeof(*tsec));
-
-	tsec->type = type;
-	tsec->mctx = mctx;
-
-	switch (type) {
-	case dns_tsectype_tsig:
-		switch (dst_key_alg(key)) {
-		case DST_ALG_HMACMD5:
-			algname = dns_tsig_hmacmd5_name;
-			break;
-		case DST_ALG_HMACSHA1:
-			algname = dns_tsig_hmacsha1_name;
-			break;
-		case DST_ALG_HMACSHA224:
-			algname = dns_tsig_hmacsha224_name;
-			break;
-		case DST_ALG_HMACSHA256:
-			algname = dns_tsig_hmacsha256_name;
-			break;
-		case DST_ALG_HMACSHA384:
-			algname = dns_tsig_hmacsha384_name;
-			break;
-		case DST_ALG_HMACSHA512:
-			algname = dns_tsig_hmacsha512_name;
-			break;
-		default:
-			isc_mem_put(mctx, tsec, sizeof(*tsec));
-			return (DNS_R_BADALG);
-		}
-		result = dns_tsigkey_createfromkey(dst_key_name(key), algname,
-						   key, false, NULL, 0, 0, mctx,
-						   NULL, &tsigkey);
-		if (result != ISC_R_SUCCESS) {
-			isc_mem_put(mctx, tsec, sizeof(*tsec));
-			return (result);
-		}
-		tsec->ukey.tsigkey = tsigkey;
-		break;
-	case dns_tsectype_sig0:
-		tsec->ukey.key = key;
-		break;
-	default:
-		UNREACHABLE();
-	}
-
-	tsec->magic = DNS_TSEC_MAGIC;
-
-	*tsecp = tsec;
-	return (ISC_R_SUCCESS);
-}
-
-void
-dns_tsec_destroy(dns_tsec_t **tsecp) {
-	dns_tsec_t *tsec;
-
-	REQUIRE(tsecp != NULL && *tsecp != NULL);
-	tsec = *tsecp;
-	*tsecp = NULL;
-	REQUIRE(DNS_TSEC_VALID(tsec));
-
-	switch (tsec->type) {
-	case dns_tsectype_tsig:
-		dns_tsigkey_detach(&tsec->ukey.tsigkey);
-		break;
-	case dns_tsectype_sig0:
-		dst_key_free(&tsec->ukey.key);
-		break;
-	default:
-		UNREACHABLE();
-	}
-
-	tsec->magic = 0;
-	isc_mem_put(tsec->mctx, tsec, sizeof(*tsec));
-}
-
-dns_tsectype_t
-dns_tsec_gettype(dns_tsec_t *tsec) {
-	REQUIRE(DNS_TSEC_VALID(tsec));
-
-	return (tsec->type);
-}
-
-void
-dns_tsec_getkey(dns_tsec_t *tsec, void *keyp) {
-	REQUIRE(DNS_TSEC_VALID(tsec));
-	REQUIRE(keyp != NULL);
-
-	switch (tsec->type) {
-	case dns_tsectype_tsig:
-		dns_tsigkey_attach(tsec->ukey.tsigkey, (dns_tsigkey_t **)keyp);
-		break;
-	case dns_tsectype_sig0:
-		*(dst_key_t **)keyp = tsec->ukey.key;
-		break;
-	default:
-		UNREACHABLE();
-	}
-}