mlkem: garbage collect the unusd mlkem_{generate_key,encap}()

These are flagged by more recent gcc since declarations and definitions
don't match (sized array vs pointer). Also an array was checked for NULL.

found by/ok jsing

lib/libcrypto/mlkem/mlkem_internal.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: mlkem_internal.c,v 1.5 2026/01/01 13:36:09 tb Exp $ */
+/* $OpenBSD: mlkem_internal.c,v 1.6 2026/01/18 08:49:42 tb Exp $ */
 /*
  * Copyright (c) 2024, Google Inc.
  * Copyright (c) 2024, 2025 Bob Beck <beck@obtuse.com>
@@ -875,28 +875,6 @@ private_key_from_external(const MLKEM_private_key *external,
 	offset += 32;
 }
 
-/*
- * Calls |mlkem_generate_key_external_entropy| with random bytes from
- * |RAND_bytes|.
- */
-int
-mlkem_generate_key(uint8_t *out_encoded_public_key,
-    uint8_t optional_out_seed[MLKEM_SEED_LENGTH],
-    MLKEM_private_key *out_private_key)
-{
-	uint8_t entropy_buf[MLKEM_SEED_LENGTH];
-	uint8_t *entropy = optional_out_seed != NULL ? optional_out_seed :
-	    entropy_buf;
-	int ret;
-
-	arc4random_buf(entropy, MLKEM_SEED_LENGTH);
-	ret = mlkem_generate_key_external_entropy(out_encoded_public_key,
-	    out_private_key, entropy);
-	explicit_bzero(entropy_buf, sizeof(entropy_buf));
-
-	return ret;
-}
-
 int
 mlkem_private_key_from_seed(const uint8_t *seed, size_t seed_len,
     MLKEM_private_key *out_private_key)
@@ -1057,20 +1035,6 @@ encrypt_cpa(uint8_t *out, const struct public_key *pub,
 	explicit_bzero(input, sizeof(input));
 }
 
-/* Calls mlkem_encap_external_entropy| with random bytes */
-void
-mlkem_encap(const MLKEM_public_key *public_key,
-    uint8_t *out_ciphertext,
-    uint8_t out_shared_secret[MLKEM_SHARED_SECRET_LENGTH])
-{
-	uint8_t entropy[MLKEM_ENCAP_ENTROPY];
-
-	arc4random_buf(entropy, MLKEM_ENCAP_ENTROPY);
-	mlkem_encap_external_entropy(out_ciphertext,
-	    out_shared_secret, public_key, entropy);
-	explicit_bzero(entropy, sizeof(entropy));
-}
-
 /* See section 6.2 of the spec. */
 void
 mlkem_encap_external_entropy(uint8_t *out_ciphertext,

lib/libcrypto/mlkem/mlkem_internal.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: mlkem_internal.h,v 1.12 2026/01/16 18:31:12 tb Exp $ */
+/*	$OpenBSD: mlkem_internal.h,v 1.13 2026/01/18 08:49:42 tb Exp $ */
 /*
  * Copyright (c) 2023, Google Inc.
  * Copyright (c) 2025, Bob Beck <beck@obtuse.com>
@@ -174,17 +174,6 @@ struct MLKEM768_private_key {
 
 /* Key generation. */
 
-/*
- * mlkem_generate_key generates a random public/private key pair, writes the
- * encoded public key to |out_encoded_public_key| and sets |out_private_key| to
- * the private key. If |optional_out_seed| is not NULL then the seed used to
- * generate the private key is written to it. The caller is responsible for
- * ensuring that |out_encoded_public_key| and |out_optonal_seed| point to
- * enough memory to contain a key and seed for the rank of |out_private_key|.
- */
-int mlkem_generate_key(uint8_t *out_encoded_public_key,
-    uint8_t *optional_out_seed, MLKEM_private_key *out_private_key);
-
 /*
  * mlkem_private_key_from_seed modifies |out_private_key| to contain a key of
  * the rank of |*out_private_key| from a seed that was generated by
@@ -207,15 +196,6 @@ void mlkem_public_from_private(const MLKEM_private_key *private_key,
 
 /* Encapsulation and decapsulation of secrets. */
 
-/*
- * mlkem_encap encrypts a random shared secret for |public_key|, writes the
- * ciphertext to |out_ciphertext|, and writes the random shared secret to
- * |out_shared_secret|.
- */
-void mlkem_encap(const MLKEM_public_key *public_key,
-    uint8_t out_ciphertext[MLKEM768_CIPHERTEXT_BYTES],
-    uint8_t out_shared_secret[MLKEM_SHARED_SECRET_LENGTH]);
-
 /*
  * mlkem_decap decrypts a shared secret from |ciphertext| using |private_key|
  * and writes it to |out_shared_secret|. If |ciphertext_len| is incorrect it