summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJonathan Gray <jsg@cvs.openbsd.org>2010-10-15 10:18:43 +0000
committerJonathan Gray <jsg@cvs.openbsd.org>2010-10-15 10:18:43 +0000
commit89306d994fe40773e352c112b7fa88c304e8ffe9 (patch)
treeff163bb612b75e16312b655956e852e998b971fc
parentb3298c6a74262bc14f1776c9b440c15dbbf0127e (diff)
Switch the remaining users of libdes in src to libcrypto,
telnet portion partially from the latest heimdal. ok mikeb@
-rw-r--r--distrib/miniroot/makeconf.awk4
-rw-r--r--gnu/usr.bin/cvs/configure4
-rw-r--r--gnu/usr.bin/cvs/configure.in4
-rw-r--r--gnu/usr.bin/cvs/src/server.c10
-rw-r--r--libexec/login_tis/Makefile6
-rw-r--r--libexec/login_tis/login_tis.c30
-rw-r--r--libexec/login_token/Makefile6
-rw-r--r--libexec/login_token/token.c42
-rw-r--r--sbin/isakmpd/Makefile6
-rw-r--r--sbin/isakmpd/crypto.c32
-rw-r--r--sbin/isakmpd/crypto.h6
-rw-r--r--usr.bin/passwd/Makefile6
-rw-r--r--usr.bin/passwd/krb5_passwd.c5
-rw-r--r--usr.bin/sectok/Makefile6
-rw-r--r--usr.bin/sectok/cyberflex.c18
-rw-r--r--usr.bin/telnet/Makefile6
-rw-r--r--usr.bin/telnet/enc_des.c119
-rw-r--r--usr.bin/x99token/Makefile6
-rw-r--r--usr.bin/x99token/x99token.c20
-rw-r--r--usr.sbin/ppp/ppp/Makefile6
-rw-r--r--usr.sbin/ppp/ppp/chap_ms.c16
-rw-r--r--usr.sbin/tokenadm/Makefile6
-rw-r--r--usr.sbin/tokeninit/Makefile6
23 files changed, 178 insertions, 192 deletions
diff --git a/distrib/miniroot/makeconf.awk b/distrib/miniroot/makeconf.awk
index 5687c83491c..4ba2275800b 100644
--- a/distrib/miniroot/makeconf.awk
+++ b/distrib/miniroot/makeconf.awk
@@ -1,4 +1,4 @@
-# $OpenBSD: makeconf.awk,v 1.15 2005/08/04 16:35:03 espie Exp $
+# $OpenBSD: makeconf.awk,v 1.16 2010/10/15 10:18:42 jsg Exp $
# $NetBSD: makeconf.awk,v 1.3 1996/05/04 15:45:32 pk Exp $
#
@@ -7,7 +7,7 @@
BEGIN {
printf("#\n# This file is automatically generated by `makeconf'\n#\n\n");
- libs = "libs -lstubs -lutil -lotermcap -ll -lm -ldes";
+ libs = "libs -lstubs -lutil -lotermcap -ll -lm";
}
$1 == "LIBS" {
diff --git a/gnu/usr.bin/cvs/configure b/gnu/usr.bin/cvs/configure
index 520c8425a06..e11e0cdaeb9 100644
--- a/gnu/usr.bin/cvs/configure
+++ b/gnu/usr.bin/cvs/configure
@@ -4021,9 +4021,9 @@ EOF
includeopt="${includeopt} -I$GSSAPI/include/kerberosV"
# FIXME: This is ugly, but these things don't seem to be standardized.
if test "$ac_cv_header_gssapi_h" = "yes"; then
- LIBS="$LIBS -L$GSSAPI/lib -lgssapi -lkrb5 -lcrypto -ldes"
+ LIBS="$LIBS -L$GSSAPI/lib -lgssapi -lkrb5 -lcrypto"
else
- LIBS="$LIBS -L$GSSAPI/lib -lgssapi_krb5 -lkrb5 -lcrypto -ldes -lcom_err"
+ LIBS="$LIBS -L$GSSAPI/lib -lgssapi_krb5 -lkrb5 -lcrypto -lcom_err"
fi
save_CPPFLAGS=$CPPFLAGS
CPPFLAGS="-I$GSSAPI/include/kerberosV $CPPFLAGS"
diff --git a/gnu/usr.bin/cvs/configure.in b/gnu/usr.bin/cvs/configure.in
index dd9daf46a45..0f6cc741dc5 100644
--- a/gnu/usr.bin/cvs/configure.in
+++ b/gnu/usr.bin/cvs/configure.in
@@ -295,9 +295,9 @@ if test "$ac_cv_header_krb5_h" = "yes" &&
includeopt="${includeopt} -I$GSSAPI/include/kerberosV"
# FIXME: This is ugly, but these things don't seem to be standardized.
if test "$ac_cv_header_gssapi_h" = "yes"; then
- LIBS="$LIBS -L$GSSAPI/lib -lgssapi -lkrb5 -lcrypto -ldes"
+ LIBS="$LIBS -L$GSSAPI/lib -lgssapi -lkrb5 -lcrypto"
else
- LIBS="$LIBS -L$GSSAPI/lib -lgssapi_krb5 -lkrb5 -lcrypto -ldes -lcom_err"
+ LIBS="$LIBS -L$GSSAPI/lib -lgssapi_krb5 -lkrb5 -lcrypto -lcom_err"
fi
save_CPPFLAGS=$CPPFLAGS
CPPFLAGS="-I$GSSAPI/include/kerberosV $CPPFLAGS"
diff --git a/gnu/usr.bin/cvs/src/server.c b/gnu/usr.bin/cvs/src/server.c
index 78f7a3852c2..da7540f57bb 100644
--- a/gnu/usr.bin/cvs/src/server.c
+++ b/gnu/usr.bin/cvs/src/server.c
@@ -6416,8 +6416,8 @@ krb_encrypt_input (fnclosure, input, output, size)
struct krb_encrypt_data *kd = (struct krb_encrypt_data *) fnclosure;
int tcount;
- des_cbc_encrypt ((C_Block *) input, (C_Block *) output,
- size, kd->sched, &kd->block, 0);
+ DES_cbc_encrypt ((C_Block *) input, (C_Block *) output,
+ size, &kd->sched, &kd->block, 0);
/* SIZE is the size of the buffer, which is set by the encryption
routine. The packetizing buffer will arrange for the first two
@@ -6456,15 +6456,15 @@ krb_encrypt_output (fnclosure, input, output, size, translated)
the packetizing buffer. */
aligned = (size + 7) & ~7;
- /* We use des_cbc_encrypt rather than krb_mk_priv because the
+ /* We use DES_cbc_encrypt rather than krb_mk_priv because the
latter sticks a timestamp in the block, and krb_rd_priv expects
that timestamp to be within five minutes of the current time.
Given the way the CVS server buffers up data, that can easily
fail over a long network connection. We trust krb_recvauth to
guard against a replay attack. */
- des_cbc_encrypt ((C_Block *) input, (C_Block *) output, aligned,
- kd->sched, &kd->block, 1);
+ DES_cbc_encrypt ((C_Block *) input, (C_Block *) output, aligned,
+ &kd->sched, &kd->block, 1);
*translated = aligned;
diff --git a/libexec/login_tis/Makefile b/libexec/login_tis/Makefile
index 5cd5ba1c8e4..c386c21fc0b 100644
--- a/libexec/login_tis/Makefile
+++ b/libexec/login_tis/Makefile
@@ -1,10 +1,10 @@
-# $OpenBSD: Makefile,v 1.1 2004/09/28 15:02:01 millert Exp $
+# $OpenBSD: Makefile,v 1.2 2010/10/15 10:18:42 jsg Exp $
PROG= login_tis
MAN= login_tis.8
CFLAGS+=-Wall
-LDADD+= -ldes
-DPADD+= ${LIBDES}
+LDADD+= -lcrypto
+DPADD+= ${LIBCRYPTO}
BINOWN= root
BINGRP= auth
diff --git a/libexec/login_tis/login_tis.c b/libexec/login_tis/login_tis.c
index ce8bc9c2a54..d3f9569e3e2 100644
--- a/libexec/login_tis/login_tis.c
+++ b/libexec/login_tis/login_tis.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: login_tis.c,v 1.9 2008/03/24 16:11:00 deraadt Exp $ */
+/* $OpenBSD: login_tis.c,v 1.10 2010/10/15 10:18:42 jsg Exp $ */
/*
* Copyright (c) 2004 Todd C. Miller <Todd.Miller@courtesan.com>
@@ -39,7 +39,7 @@
#include <login_cap.h>
#include <bsd_auth.h>
-#include <des.h> /* openssl/des.h */
+#include <openssl/des.h>
#include "login_tis.h"
@@ -343,7 +343,7 @@ tis_getkey(struct tis_connection *tc)
{
size_t len;
struct stat sb;
- des_cblock cblock;
+ DES_cblock cblock;
char *key, *tbuf = NULL;
FILE *fp;
int error;
@@ -393,8 +393,8 @@ tis_getkey(struct tis_connection *tc)
tbuf[len] = '\0';
key = tbuf;
}
- des_string_to_key(key, &cblock);
- error = des_set_key(&cblock, tc->keysched);
+ DES_string_to_key(key, &cblock);
+ error = DES_set_key(&cblock, &tc->keysched);
memset(key, 0, len);
memset(&cblock, 0, sizeof(cblock));
free(tbuf);
@@ -466,8 +466,8 @@ tis_open(struct tis_connection *tc, const char *server, char *ebuf)
ssize_t
tis_recv(struct tis_connection *tc, u_char *buf, size_t bufsiz)
{
- des_key_schedule ks;
- des_cblock iv;
+ DES_key_schedule ks;
+ DES_cblock iv;
ssize_t len;
u_char *cp, *ep, tbuf[TIS_BUFSIZ];
@@ -502,10 +502,10 @@ tis_recv(struct tis_connection *tc, u_char *buf, size_t bufsiz)
syslog(LOG_ERR, "encrypted data too large to store");
return (-1);
}
- memcpy(ks, tc->keysched, sizeof(ks));
+ memcpy(&ks, &tc->keysched, sizeof(ks));
memset(iv, 0, sizeof(iv));
- des_ncbc_encrypt((des_cblock *)buf, (des_cblock *)tbuf,
- len, ks, &iv, DES_DECRYPT);
+ DES_ncbc_encrypt(buf, tbuf,
+ len, &ks, &iv, DES_DECRYPT);
if (strlcpy(buf, tbuf, bufsiz) >= bufsiz) {
syslog(LOG_ERR, "unencrypted data too large to store");
memset(tbuf, 0, sizeof(tbuf));
@@ -524,14 +524,14 @@ ssize_t
tis_send(struct tis_connection *tc, u_char *buf, size_t len)
{
struct iovec iov[2];
- des_key_schedule ks;
- des_cblock iv;
+ DES_key_schedule ks;
+ DES_cblock iv;
ssize_t nwritten;
size_t n;
u_char cbuf[TIS_BUFSIZ];
if (tc->keyfile != NULL) {
- memcpy(ks, tc->keysched, sizeof(ks));
+ memcpy(&ks, &tc->keysched, sizeof(ks));
memset(iv, 0, sizeof(iv));
len++; /* we need to encrypt the NUL */
@@ -541,8 +541,8 @@ tis_send(struct tis_connection *tc, u_char *buf, size_t len)
syslog(LOG_ERR, "encoded data too large to store");
return (-1);
}
- des_ncbc_encrypt((des_cblock *)buf, (des_cblock *)cbuf, len,
- ks, &iv, DES_ENCRYPT);
+ DES_ncbc_encrypt(buf, cbuf, len,
+ &ks, &iv, DES_ENCRYPT);
len = tis_encode(cbuf, len, sizeof(cbuf));
buf = cbuf;
}
diff --git a/libexec/login_token/Makefile b/libexec/login_token/Makefile
index 81644bf0ed6..5363d5517b3 100644
--- a/libexec/login_token/Makefile
+++ b/libexec/login_token/Makefile
@@ -1,10 +1,10 @@
-# $OpenBSD: Makefile,v 1.4 2002/11/21 22:14:51 millert Exp $
+# $OpenBSD: Makefile,v 1.5 2010/10/15 10:18:42 jsg Exp $
PROG= login_token
SRCS= login_token.c init.c token.c tokendb.c
MAN= login_token.8
-DPADD= ${LIBDES}
-LDADD= -ldes
+DPADD= ${LIBCRYPTO}
+LDADD= -lcrypto
TOKENS= activ crypto snk
diff --git a/libexec/login_token/token.c b/libexec/login_token/token.c
index 36a6125fddd..f08585e3829 100644
--- a/libexec/login_token/token.c
+++ b/libexec/login_token/token.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: token.c,v 1.11 2005/11/12 14:13:16 deraadt Exp $ */
+/* $OpenBSD: token.c,v 1.12 2010/10/15 10:18:42 jsg Exp $ */
/*-
* Copyright (c) 1995 Migration Associates Corp. All Rights Reserved
@@ -50,7 +50,7 @@
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
-#include <des.h>
+#include <openssl/des.h>
#include "token.h"
#include "tokendb.h"
@@ -62,7 +62,7 @@
*/
typedef union {
- des_cblock cb;
+ DES_cblock cb;
char ct[9];
unsigned long ul[2];
} TOKEN_CBlock;
@@ -106,7 +106,7 @@ tokenchallenge(char *user, char *challenge, int size, char *card_type)
{
TOKENDB_Rec tr;
TOKEN_CBlock cb;
- des_key_schedule ks;
+ DES_key_schedule ks;
int r, c;
r = 1; /* no reduced input mode by default! */
@@ -123,9 +123,9 @@ tokenchallenge(char *user, char *challenge, int size, char *card_type)
tr.flags &= ~TOKEN_LOCKED;
if (r == 0 && tr.rim[0]) {
h2cb(tr.secret, &cb);
- des_fixup_key_parity(&cb.cb);
- des_key_sched(&cb.cb, ks);
- des_ecb_encrypt(&tr.rim, &cb.cb, ks, DES_ENCRYPT);
+ DES_fixup_key_parity(&cb.cb);
+ DES_key_sched(&cb.cb, &ks);
+ DES_ecb_encrypt(&tr.rim, &cb.cb, &ks, DES_ENCRYPT);
memcpy(tr.rim, cb.cb, 8);
for (r = 0; r < 8; ++r) {
if ((tr.rim[r] &= 0xf) > 9)
@@ -166,7 +166,7 @@ tokenverify(char *username, char *challenge, char *response)
TOKEN_CBlock cmp_text;
TOKEN_CBlock user_seed;
TOKEN_CBlock cipher_text;
- des_key_schedule key_schedule;
+ DES_key_schedule key_schedule;
memset(cmp_text.ct, 0, sizeof(cmp_text.ct));
@@ -199,12 +199,12 @@ tokenverify(char *username, char *challenge, char *response)
* shared secret asap.
*/
- des_fixup_key_parity(&user_seed.cb);
- des_key_sched(&user_seed.cb, key_schedule);
+ DES_fixup_key_parity(&user_seed.cb);
+ DES_key_sched(&user_seed.cb, &key_schedule);
memset(user_seed.ct, 0, sizeof(user_seed.ct));
- des_ecb_encrypt(&tokennumber.cb, &cipher_text.cb, key_schedule,
+ DES_ecb_encrypt(&tokennumber.cb, &cipher_text.cb, &key_schedule,
DES_ENCRYPT);
- memset(key_schedule, 0, sizeof(key_schedule));
+ memset(&key_schedule, 0, sizeof(key_schedule));
/*
* The token thinks it's descended from VAXen. Deal with i386
@@ -258,7 +258,7 @@ tokenuserinit(int flags, char *username, unsigned char *usecret, unsigned mode)
TOKEN_CBlock nulls;
TOKEN_CBlock checksum;
TOKEN_CBlock checktxt;
- des_key_schedule key_schedule;
+ DES_key_schedule key_schedule;
memset(&secret.ct, 0, sizeof(secret));
@@ -269,9 +269,9 @@ tokenuserinit(int flags, char *username, unsigned char *usecret, unsigned mode)
if ( (flags & TOKEN_GENSECRET) )
tokenseed(&secret);
else
- memcpy(&secret, usecret, sizeof(des_cblock));
+ memcpy(&secret, usecret, sizeof(DES_cblock));
- des_fixup_key_parity(&secret.cb);
+ DES_fixup_key_parity(&secret.cb);
/*
* Check if the db record already exists. If there's no
@@ -313,11 +313,11 @@ tokenuserinit(int flags, char *username, unsigned char *usecret, unsigned mode)
username, secret.cb[0], secret.cb[1], secret.cb[2], secret.cb[3],
secret.cb[4], secret.cb[5], secret.cb[6], secret.cb[7]);
- des_key_sched(&secret.cb, key_schedule);
+ DES_key_sched(&secret.cb, &key_schedule);
memset(&secret.ct, 0, sizeof(secret));
memset(&nulls, 0, sizeof(nulls));
- des_ecb_encrypt(&nulls.cb, &checksum.cb, key_schedule, DES_ENCRYPT);
- memset(key_schedule, 0, sizeof(key_schedule));
+ DES_ecb_encrypt(&nulls.cb, &checksum.cb, &key_schedule, DES_ENCRYPT);
+ memset(&key_schedule, 0, sizeof(key_schedule));
HTONL(checksum.ul[0]);
snprintf(checktxt.ct, sizeof(checktxt.ct), "%8.8lx", checksum.ul[0]);
printf("Hex Checksum: \"%s\"", checktxt.ct);
@@ -339,7 +339,7 @@ h2d(char *cp)
{
int i;
- for (i=0; i<sizeof(des_cblock); i++, cp++) {
+ for (i=0; i<sizeof(DES_cblock); i++, cp++) {
if (*cp >= 'a' && *cp <= 'f')
*cp = tt->map[*cp - 'a'];
}
@@ -347,7 +347,7 @@ h2d(char *cp)
/*
* Translate an hex 16 byte ascii representation of an unsigned
- * integer to a des_cblock.
+ * integer to a DES_cblock.
*/
static void
@@ -363,7 +363,7 @@ h2cb(char *hp, TOKEN_CBlock *cb)
}
/*
- * Translate a des_cblock to an 16 byte ascii hex representation.
+ * Translate a DES_cblock to an 16 byte ascii hex representation.
*/
static void
diff --git a/sbin/isakmpd/Makefile b/sbin/isakmpd/Makefile
index b3043946de6..59e6b51a0c1 100644
--- a/sbin/isakmpd/Makefile
+++ b/sbin/isakmpd/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.81 2010/06/29 19:50:16 reyk Exp $
+# $OpenBSD: Makefile,v 1.82 2010/10/15 10:18:42 jsg Exp $
# $EOM: Makefile,v 1.78 2000/10/15 21:33:42 niklas Exp $
#
@@ -75,8 +75,8 @@ CFLAGS+= -Wall -Wstrict-prototypes -Wmissing-prototypes \
#LWRESLIB= /usr/local/lib/liblwres.a
#DNSSEC_CFLAGS= -I/usr/local/include -DLWRES
-LDADD+= ${LWRESLIB} -lkeynote -lcrypto -ldes -lm
-DPADD+= ${LWRESLIB} ${LIBKEYNOTE} ${LIBCRYPTO} ${LIBDES} ${LIBM}
+LDADD+= ${LWRESLIB} -lkeynote -lcrypto -lm
+DPADD+= ${LWRESLIB} ${LIBKEYNOTE} ${LIBCRYPTO} ${LIBM}
exchange_num.c exchange_num.h: stamp_exchange_num
diff --git a/sbin/isakmpd/crypto.c b/sbin/isakmpd/crypto.c
index 9843c682eac..1dac786313f 100644
--- a/sbin/isakmpd/crypto.c
+++ b/sbin/isakmpd/crypto.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: crypto.c,v 1.29 2007/05/07 18:25:30 cloder Exp $ */
+/* $OpenBSD: crypto.c,v 1.30 2010/10/15 10:18:42 jsg Exp $ */
/* $EOM: crypto.c,v 1.32 2000/03/07 20:08:51 niklas Exp $ */
/*
@@ -89,9 +89,9 @@ struct crypto_xf transforms[] = {
enum cryptoerr
des1_init(struct keystate *ks, u_int8_t *key, u_int16_t len)
{
- /* des_set_key returns -1 for parity problems, and -2 for weak keys */
- des_set_odd_parity((void *)key);
- switch (des_set_key((void *)key, ks->ks_des[0])) {
+ /* DES_set_key returns -1 for parity problems, and -2 for weak keys */
+ DES_set_odd_parity((void *)key);
+ switch (DES_set_key((void *)key, &ks->ks_des[0])) {
case -2:
return EWEAKKEY;
default:
@@ -102,28 +102,28 @@ des1_init(struct keystate *ks, u_int8_t *key, u_int16_t len)
void
des1_encrypt(struct keystate *ks, u_int8_t *d, u_int16_t len)
{
- des_cbc_encrypt((void *)d, (void *)d, len, ks->ks_des[0], (void *)ks->riv,
+ DES_cbc_encrypt((void *)d, (void *)d, len, &ks->ks_des[0], (void *)ks->riv,
DES_ENCRYPT);
}
void
des1_decrypt(struct keystate *ks, u_int8_t *d, u_int16_t len)
{
- des_cbc_encrypt((void *)d, (void *)d, len, ks->ks_des[0], (void *)ks->riv,
+ DES_cbc_encrypt((void *)d, (void *)d, len, &ks->ks_des[0], (void *)ks->riv,
DES_DECRYPT);
}
enum cryptoerr
des3_init(struct keystate *ks, u_int8_t *key, u_int16_t len)
{
- des_set_odd_parity((void *)key);
- des_set_odd_parity((void *)(key + 8));
- des_set_odd_parity((void *)(key + 16));
+ DES_set_odd_parity((void *)key);
+ DES_set_odd_parity((void *)(key + 8));
+ DES_set_odd_parity((void *)(key + 16));
/* As of the draft Tripe-DES does not check for weak keys */
- des_set_key((void *)key, ks->ks_des[0]);
- des_set_key((void *)(key + 8), ks->ks_des[1]);
- des_set_key((void *)(key + 16), ks->ks_des[2]);
+ DES_set_key((void *)key, &ks->ks_des[0]);
+ DES_set_key((void *)(key + 8), &ks->ks_des[1]);
+ DES_set_key((void *)(key + 16), &ks->ks_des[2]);
return EOKAY;
}
@@ -134,8 +134,8 @@ des3_encrypt(struct keystate *ks, u_int8_t *data, u_int16_t len)
u_int8_t iv[MAXBLK];
memcpy(iv, ks->riv, ks->xf->blocksize);
- des_ede3_cbc_encrypt((void *)data, (void *)data, len, ks->ks_des[0],
- ks->ks_des[1], ks->ks_des[2], (void *)iv, DES_ENCRYPT);
+ DES_ede3_cbc_encrypt((void *)data, (void *)data, len, &ks->ks_des[0],
+ &ks->ks_des[1], &ks->ks_des[2], (void *)iv, DES_ENCRYPT);
}
void
@@ -144,8 +144,8 @@ des3_decrypt(struct keystate *ks, u_int8_t *data, u_int16_t len)
u_int8_t iv[MAXBLK];
memcpy(iv, ks->riv, ks->xf->blocksize);
- des_ede3_cbc_encrypt((void *)data, (void *)data, len, ks->ks_des[0],
- ks->ks_des[1], ks->ks_des[2], (void *)iv, DES_DECRYPT);
+ DES_ede3_cbc_encrypt((void *)data, (void *)data, len, &ks->ks_des[0],
+ &ks->ks_des[1], &ks->ks_des[2], (void *)iv, DES_DECRYPT);
}
enum cryptoerr
diff --git a/sbin/isakmpd/crypto.h b/sbin/isakmpd/crypto.h
index 5ef8ac150d6..effdb189d1c 100644
--- a/sbin/isakmpd/crypto.h
+++ b/sbin/isakmpd/crypto.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: crypto.h,v 1.18 2006/06/02 19:35:55 hshoexer Exp $ */
+/* $OpenBSD: crypto.h,v 1.19 2010/10/15 10:18:42 jsg Exp $ */
/* $EOM: crypto.h,v 1.12 2000/10/15 21:56:41 niklas Exp $ */
/*
@@ -32,7 +32,7 @@
#ifndef _CRYPTO_H_
#define _CRYPTO_H_
-#include <des.h>
+#include <openssl/des.h>
#include <blf.h>
#include <cast.h>
@@ -80,7 +80,7 @@ struct keystate {
u_int8_t iv2[MAXBLK];
u_int8_t *riv, *liv;
union {
- des_key_schedule desks[3];
+ DES_key_schedule desks[3];
blf_ctx blfks;
cast_key castks;
AES_KEY aesks[2];
diff --git a/usr.bin/passwd/Makefile b/usr.bin/passwd/Makefile
index a35621d79ec..679ca85299f 100644
--- a/usr.bin/passwd/Makefile
+++ b/usr.bin/passwd/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.31 2008/07/04 12:50:23 djm Exp $
+# $OpenBSD: Makefile,v 1.32 2010/10/15 10:18:42 jsg Exp $
.include <bsd.own.mk>
@@ -20,8 +20,8 @@ CFLAGS+=-DYP -I${.CURDIR}/../../lib/libc/yp
.if (${KERBEROS5:L} == "yes")
SRCS+= krb5_passwd.c
CFLAGS+= -DKRB5
-DPADD+= ${LIBKRB5} ${LIBASN1} ${LIBDES} ${LIBCRYPTO}
-LDADD+= -lkrb5 -lasn1 -ldes -lcrypto
+DPADD+= ${LIBKRB5} ${LIBASN1} ${LIBCRYPTO}
+LDADD+= -lkrb5 -lasn1 -lcrypto
.endif
BINMODE=4555
diff --git a/usr.bin/passwd/krb5_passwd.c b/usr.bin/passwd/krb5_passwd.c
index 9341af6d810..ad09c063263 100644
--- a/usr.bin/passwd/krb5_passwd.c
+++ b/usr.bin/passwd/krb5_passwd.c
@@ -49,7 +49,7 @@
#include <dlfcn.h>
#include <util.h>
#include <err.h>
-#include <des.h>
+#include <openssl/ui.h>
#include <kerberosV/krb5.h>
/* RCSID("$KTH: kpasswd.c,v 1.23 2000/12/31 07:48:34 assar Exp $"); */
@@ -113,7 +113,8 @@ krb5_passwd(int argc, char **argv)
krb5_data_zero(&result_code_string);
krb5_data_zero(&result_string);
- if (des_read_pw_string(pwbuf, sizeof(pwbuf), "New password:", 1) != 0)
+ if (UI_UTIL_read_pw_string(pwbuf, sizeof(pwbuf), "New password:",
+ 1) != 0)
return 1;
ret = krb5_change_password (context, &cred, pwbuf, &result_code,
diff --git a/usr.bin/sectok/Makefile b/usr.bin/sectok/Makefile
index 5c66bfc7a99..08d0e648d85 100644
--- a/usr.bin/sectok/Makefile
+++ b/usr.bin/sectok/Makefile
@@ -1,9 +1,9 @@
-# $OpenBSD: Makefile,v 1.3 2002/05/11 00:20:20 espie Exp $
+# $OpenBSD: Makefile,v 1.4 2010/10/15 10:18:42 jsg Exp $
PROG= sectok
SRCS= main.c cmds.c cyberflex.c
-DPADD= ${LIBSECTOK} ${LIBCRYPTO} ${LIBDES}
-LDADD= -lsectok -lcrypto -ldes
+DPADD= ${LIBSECTOK} ${LIBCRYPTO}
+LDADD= -lsectok -lcrypto
CFLAGS+=-Wall
diff --git a/usr.bin/sectok/cyberflex.c b/usr.bin/sectok/cyberflex.c
index 31233a18a67..82988fc8906 100644
--- a/usr.bin/sectok/cyberflex.c
+++ b/usr.bin/sectok/cyberflex.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cyberflex.c,v 1.28 2007/12/30 13:35:27 sobrado Exp $ */
+/* $OpenBSD: cyberflex.c,v 1.29 2010/10/15 10:18:42 jsg Exp $ */
/*
* copyright 1999, 2000
@@ -38,7 +38,7 @@
#include <signal.h>
#include <string.h>
#include <fcntl.h>
-#include <des.h>
+#include <openssl/des.h>
#ifdef __linux
#include <sha.h>
#define SHA1_CTX SHA_CTX
@@ -65,10 +65,6 @@
#include "sc.h"
-#ifdef __sun
-#define des_set_key(key, schedule) des_key_sched(key, schedule)
-#endif
-
#define MAX_KEY_FILE_SIZE 1024
#define NUM_RSA_KEY_ELEMENTS 5
#define RSA_BIT_LEN 1024
@@ -87,7 +83,7 @@ static void print_acl(int isdir, u_char *acl);
#ifndef __palmos__
/* default signed applet key of Cyberflex Access */
-static des_cblock app_key = {0x6A, 0x21, 0x36, 0xF5, 0xD8, 0x0C, 0x47, 0x83};
+static DES_cblock app_key = {0x6A, 0x21, 0x36, 0xF5, 0xD8, 0x0C, 0x47, 0x83};
#endif
static int
@@ -612,8 +608,8 @@ jload(int argc, char *argv[])
int i, j, vflag = 0, gotprog = 0, gotcont = 0, fd_app, size;
int aidlen = 0, sw;
int cont_size = 1152, inst_size = 1024;
- des_cblock tmp;
- des_key_schedule schedule;
+ DES_cblock tmp;
+ DES_key_schedule schedule;
static u_char acl[] = {0x81, 0, 0, 0xff, 0, 0, 0, 0};
optind = optreset = 1;
@@ -723,12 +719,12 @@ jload(int argc, char *argv[])
/* chain. DES encrypt one block, XOR the cyphertext with the next
* block, ... continues until the end of the buffer */
- des_set_key(&app_key, schedule);
+ DES_set_key(&app_key, &schedule);
for (i = 0; i < size / BLOCK_SIZE; i++) {
for (j = 0; j < BLOCK_SIZE; j++)
tmp[j] = tmp[j] ^ app_data[i * BLOCK_SIZE + j];
- des_ecb_encrypt(&tmp, &tmp, schedule, DES_ENCRYPT);
+ DES_ecb_encrypt(&tmp, &tmp, &schedule, DES_ENCRYPT);
}
if (vflag) {
diff --git a/usr.bin/telnet/Makefile b/usr.bin/telnet/Makefile
index 2bc42f4e465..0276fa23de0 100644
--- a/usr.bin/telnet/Makefile
+++ b/usr.bin/telnet/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.23 2005/05/24 03:41:58 deraadt Exp $
+# $OpenBSD: Makefile,v 1.24 2010/10/15 10:18:42 jsg Exp $
#
# Copyright (c) 1990 The Regents of the University of California.
# All rights reserved.
@@ -45,8 +45,8 @@ SRCS= authenc.c commands.c main.c network.c ring.c sys_bsd.c telnet.c \
.if (${KERBEROS5:L} == "yes")
CFLAGS+=-DENCRYPTION -DAUTHENTICATION -DKRB5 -DDES_ENCRYPTION
-DPADD+= ${LIBKRB5} ${LIBASN1} ${LIBCRYPTO} ${LIBDES}
-LDADD+= -lkrb5 -lasn1 -lcrypto -ldes
+DPADD+= ${LIBKRB5} ${LIBASN1} ${LIBCRYPTO}
+LDADD+= -lkrb5 -lasn1 -lcrypto
SRCS+= kerberos5.c enc_des.c
.endif
diff --git a/usr.bin/telnet/enc_des.c b/usr.bin/telnet/enc_des.c
index 06ff59b4fd4..f6e832cda12 100644
--- a/usr.bin/telnet/enc_des.c
+++ b/usr.bin/telnet/enc_des.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: enc_des.c,v 1.1 2005/05/24 03:43:56 deraadt Exp $ */
+/* $OpenBSD: enc_des.c,v 1.2 2010/10/15 10:18:42 jsg Exp $ */
/*-
* Copyright (c) 1991, 1993
@@ -39,7 +39,8 @@
#include "encrypt.h"
#include "misc-proto.h"
-#include <des.h>
+#include <openssl/des.h>
+#include <openssl/rand.h>
extern int encrypt_debug_mode;
@@ -55,19 +56,19 @@ extern int encrypt_debug_mode;
struct stinfo {
- des_cblock str_output;
- des_cblock str_feed;
- des_cblock str_iv;
- des_cblock str_ikey;
- des_key_schedule str_sched;
+ DES_cblock str_output;
+ DES_cblock str_feed;
+ DES_cblock str_iv;
+ DES_cblock str_ikey;
+ DES_key_schedule str_sched;
int str_index;
int str_flagshift;
};
struct fb {
- des_cblock krbdes_key;
- des_key_schedule krbdes_sched;
- des_cblock temp_feed;
+ DES_cblock krbdes_key;
+ DES_key_schedule krbdes_sched;
+ DES_cblock temp_feed;
unsigned char fb_feed[64];
int need_start;
int state[2];
@@ -105,13 +106,13 @@ struct keyidlist {
#define FB64_IV_BAD 3
-void fb64_stream_iv (des_cblock, struct stinfo *);
+void fb64_stream_iv (DES_cblock, struct stinfo *);
void fb64_init (struct fb *);
static int fb64_start (struct fb *, int, int);
int fb64_is (unsigned char *, int, struct fb *);
int fb64_reply (unsigned char *, int, struct fb *);
static void fb64_session (Session_Key *, int, struct fb *);
-void fb64_stream_key (des_cblock, struct stinfo *);
+void fb64_stream_key (DES_cblock, struct stinfo *);
int fb64_keyid (int, unsigned char *, int *, struct fb *);
void cfb64_init(int server)
@@ -197,27 +198,21 @@ static int fb64_start(struct fb *fbp, int dir, int server)
/*
* Create a random feed and send it over.
*/
-#ifndef OLD_DES_RANDOM_KEY
- des_new_random_key(&fbp->temp_feed);
-#else
- /*
- * From des_cryp.man "If the des_check_key flag is non-zero,
- * des_set_key will check that the key passed is
- * of odd parity and is not a week or semi-weak key."
- */
do {
- des_random_key(fbp->temp_feed);
- des_set_odd_parity(fbp->temp_feed);
- } while (des_is_weak_key(fbp->temp_feed));
-#endif
- des_ecb_encrypt(&fbp->temp_feed,
+ if (RAND_bytes(fbp->temp_feed,
+ sizeof(*fbp->temp_feed)) != 1)
+ abort();
+ DES_set_odd_parity(&fbp->temp_feed);
+ } while(DES_is_weak_key(&fbp->temp_feed));
+
+ DES_ecb_encrypt(&fbp->temp_feed,
&fbp->temp_feed,
- fbp->krbdes_sched, 1);
+ &fbp->krbdes_sched, 1);
p = fbp->fb_feed + 3;
*p++ = ENCRYPT_IS;
p++;
*p++ = FB64_IV;
- for (x = 0; x < sizeof(des_cblock); ++x) {
+ for (x = 0; x < sizeof(DES_cblock); ++x) {
if ((*p++ = fbp->temp_feed[x]) == IAC)
*p++ = IAC;
}
@@ -260,7 +255,7 @@ int fb64_is(unsigned char *data, int cnt, struct fb *fbp)
switch (*data++) {
case FB64_IV:
- if (cnt != sizeof(des_cblock)) {
+ if (cnt != sizeof(DES_cblock)) {
if (encrypt_debug_mode)
printf("CFB64: initial vector failed on size\r\n");
state = FAILED;
@@ -349,7 +344,7 @@ int fb64_reply(unsigned char *data, int cnt, struct fb *fbp)
break;
case FB64_IV_BAD:
- memset(fbp->temp_feed, 0, sizeof(des_cblock));
+ memset(fbp->temp_feed, 0, sizeof(DES_cblock));
fb64_stream_iv(fbp->temp_feed, &fbp->streams[DIR_ENCRYPT-1]);
state = FAILED;
break;
@@ -387,18 +382,16 @@ static void fb64_session(Session_Key *key, int server, struct fb *fbp)
key ? key->type : -1, SK_DES);
return;
}
- memcpy(fbp->krbdes_key, key->data, sizeof(des_cblock));
+ memcpy(fbp->krbdes_key, key->data, sizeof(DES_cblock));
fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_ENCRYPT-1]);
fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_DECRYPT-1]);
- if (fbp->once == 0) {
-#ifndef OLD_DES_RANDOM_KEY
- des_init_random_number_generator(&fbp->krbdes_key);
-#endif
- fbp->once = 1;
- }
- des_key_sched(&fbp->krbdes_key, fbp->krbdes_sched);
+ RAND_seed(key->data, key->length);
+
+ DES_set_key_checked((DES_cblock *)&fbp->krbdes_key,
+ &fbp->krbdes_sched);
+
/*
* Now look to see if krbdes_start() was was waiting for
* the key to show up. If so, go ahead an call it now
@@ -495,25 +488,25 @@ void ofb64_printsub(unsigned char *data, int cnt,
fb64_printsub(data, cnt, buf, buflen, "OFB64");
}
-void fb64_stream_iv(des_cblock seed, struct stinfo *stp)
+void fb64_stream_iv(DES_cblock seed, struct stinfo *stp)
{
- memcpy(stp->str_iv, seed,sizeof(des_cblock));
- memcpy(stp->str_output, seed, sizeof(des_cblock));
+ memcpy(stp->str_iv, seed,sizeof(DES_cblock));
+ memcpy(stp->str_output, seed, sizeof(DES_cblock));
- des_key_sched(&stp->str_ikey, stp->str_sched);
+ DES_key_sched(&stp->str_ikey, &stp->str_sched);
- stp->str_index = sizeof(des_cblock);
+ stp->str_index = sizeof(DES_cblock);
}
-void fb64_stream_key(des_cblock key, struct stinfo *stp)
+void fb64_stream_key(DES_cblock key, struct stinfo *stp)
{
- memcpy(stp->str_ikey, key, sizeof(des_cblock));
- des_key_sched((des_cblock*)key, stp->str_sched);
+ memcpy(stp->str_ikey, key, sizeof(DES_cblock));
+ DES_key_sched((des_cblock*)key, &stp->str_sched);
- memcpy(stp->str_output, stp->str_iv, sizeof(des_cblock));
+ memcpy(stp->str_output, stp->str_iv, sizeof(DES_cblock));
- stp->str_index = sizeof(des_cblock);
+ stp->str_index = sizeof(DES_cblock);
}
/*
@@ -545,10 +538,10 @@ void cfb64_encrypt(unsigned char *s, int c)
index = stp->str_index;
while (c-- > 0) {
- if (index == sizeof(des_cblock)) {
- des_cblock b;
- des_ecb_encrypt(&stp->str_output, &b,stp->str_sched, 1);
- memcpy(stp->str_feed, b, sizeof(des_cblock));
+ if (index == sizeof(DES_cblock)) {
+ DES_cblock b;
+ DES_ecb_encrypt(&stp->str_output, &b, &stp->str_sched, 1);
+ memcpy(stp->str_feed, b, sizeof(DES_cblock));
index = 0;
}
@@ -577,10 +570,10 @@ int cfb64_decrypt(int data)
}
index = stp->str_index++;
- if (index == sizeof(des_cblock)) {
- des_cblock b;
- des_ecb_encrypt(&stp->str_output,&b, stp->str_sched, 1);
- memcpy(stp->str_feed, b, sizeof(des_cblock));
+ if (index == sizeof(DES_cblock)) {
+ DES_cblock b;
+ DES_ecb_encrypt(&stp->str_output,&b, &stp->str_sched, 1);
+ memcpy(stp->str_feed, b, sizeof(DES_cblock));
stp->str_index = 1; /* Next time will be 1 */
index = 0; /* But now use 0 */
}
@@ -617,10 +610,10 @@ void ofb64_encrypt(unsigned char *s, int c)
index = stp->str_index;
while (c-- > 0) {
- if (index == sizeof(des_cblock)) {
- des_cblock b;
- des_ecb_encrypt(&stp->str_feed,&b, stp->str_sched, 1);
- memcpy(stp->str_feed, b, sizeof(des_cblock));
+ if (index == sizeof(DES_cblock)) {
+ DES_cblock b;
+ DES_ecb_encrypt(&stp->str_feed,&b, &stp->str_sched, 1);
+ memcpy(stp->str_feed, b, sizeof(DES_cblock));
index = 0;
}
*s++ ^= stp->str_feed[index];
@@ -646,10 +639,10 @@ int ofb64_decrypt(int data)
}
index = stp->str_index++;
- if (index == sizeof(des_cblock)) {
- des_cblock b;
- des_ecb_encrypt(&stp->str_feed,&b,stp->str_sched, 1);
- memcpy(stp->str_feed, b, sizeof(des_cblock));
+ if (index == sizeof(DES_cblock)) {
+ DES_cblock b;
+ DES_ecb_encrypt(&stp->str_feed,&b, &stp->str_sched, 1);
+ memcpy(stp->str_feed, b, sizeof(DES_cblock));
stp->str_index = 1; /* Next time will be 1 */
index = 0; /* But now use 0 */
}
diff --git a/usr.bin/x99token/Makefile b/usr.bin/x99token/Makefile
index 9b23a6761b9..d93d3d71215 100644
--- a/usr.bin/x99token/Makefile
+++ b/usr.bin/x99token/Makefile
@@ -1,7 +1,7 @@
-# $OpenBSD: Makefile,v 1.3 2002/05/11 00:20:20 espie Exp $
+# $OpenBSD: Makefile,v 1.4 2010/10/15 10:18:42 jsg Exp $
PROG= x99token
-LDADD+= -ldes
-DPADD+= ${LIBDES}
+LDADD+= -lcrypto
+DPADD+= ${LIBCRYPTO}
.include <bsd.prog.mk>
diff --git a/usr.bin/x99token/x99token.c b/usr.bin/x99token/x99token.c
index b0353010013..d00dc64eb94 100644
--- a/usr.bin/x99token/x99token.c
+++ b/usr.bin/x99token/x99token.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x99token.c,v 1.7 2007/03/29 10:59:13 jmc Exp $ */
+/* $OpenBSD: x99token.c,v 1.8 2010/10/15 10:18:42 jsg Exp $ */
/*
* X9.9 calculator
@@ -18,13 +18,13 @@
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
-#include <des.h>
+#include <openssl/des.h>
#define KEYFILE ".keyfile.des"
#define HEXDIGITS "0123456789abcdef"
#define DECDIGITS "0123456789012345"
-void predict(des_key_schedule, const char *, int);
+void predict(DES_key_schedule, const char *, int);
char *digits = HEXDIGITS;
extern char *__progname;
@@ -34,8 +34,8 @@ main(int argc, char **argv)
{
int i;
char buf[256];
- des_key_schedule ks;
- des_cblock key;
+ DES_key_schedule ks;
+ DES_cblock key;
char _keyfile[MAXPATHLEN];
char *keyfile = 0;
FILE *fp;
@@ -147,8 +147,8 @@ main(int argc, char **argv)
exit(0);
}
- des_fixup_key_parity(&key);
- des_key_sched(&key, ks);
+ DES_fixup_key_parity(&key);
+ DES_key_sched(&key, &ks);
buf[0] = '\0';
readpassphrase("Enter challenge: ", buf, sizeof(buf), RPP_ECHO_ON);
@@ -171,15 +171,15 @@ main(int argc, char **argv)
}
void
-predict(des_key_schedule ks, const char *chal, int cnt)
+predict(DES_key_schedule ks, const char *chal, int cnt)
{
int i;
- des_cblock cb;
+ DES_cblock cb;
memcpy(&cb, chal, sizeof(cb));
while (cnt-- > 0) {
printf("%.8s: ", (char *)cb);
- des_ecb_encrypt(&cb, &cb, ks, DES_ENCRYPT);
+ DES_ecb_encrypt(&cb, &cb, &ks, DES_ENCRYPT);
for (i = 0; i < 4; ++i) {
printf("%c", digits[(cb[i]>>4) & 0xf]);
printf("%c", digits[(cb[i]>>0) & 0xf]);
diff --git a/usr.sbin/ppp/ppp/Makefile b/usr.sbin/ppp/ppp/Makefile
index a00f6bee1fc..d8a8bb1cfe9 100644
--- a/usr.sbin/ppp/ppp/Makefile
+++ b/usr.sbin/ppp/ppp/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.28 2005/09/22 00:08:24 brad Exp $
+# $OpenBSD: Makefile,v 1.29 2010/10/15 10:18:42 jsg Exp $
PROG= ppp
SRCS= alias.c alias_cuseeme.c alias_db.c alias_ftp.c alias_irc.c \
@@ -13,8 +13,8 @@ SRCS= alias.c alias_cuseeme.c alias_db.c alias_ftp.c alias_irc.c \
CFLAGS+=-Wall -DNO_FW_PUNCH -DNOI4B -DNONETGRAPH
CFLAGS+=-DLOCALNAT -DLOCALRAD
M4FLAGS=-DLOCALNAT -DLOCALRAD
-LDADD+= -lcrypto -ldes -lutil -lz
-DPADD+= ${LIBDES} ${LIBUTIL} ${LIBZ} ${LIBCRYPTO}
+LDADD+= -lcrypto -lutil -lz
+DPADD+= ${LIBUTIL} ${LIBZ} ${LIBCRYPTO}
.if defined(NOSUID) || defined(PPP_NOSUID)
BINMODE=554
.else
diff --git a/usr.sbin/ppp/ppp/chap_ms.c b/usr.sbin/ppp/ppp/chap_ms.c
index 1f153a60d88..41d2589a844 100644
--- a/usr.sbin/ppp/ppp/chap_ms.c
+++ b/usr.sbin/ppp/ppp/chap_ms.c
@@ -26,7 +26,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $OpenBSD: chap_ms.c,v 1.12 2002/06/15 08:02:00 brian Exp $
+ * $OpenBSD: chap_ms.c,v 1.13 2010/10/15 10:18:42 jsg Exp $
*/
#include <ctype.h>
@@ -36,11 +36,7 @@
#else
#include <sys/types.h>
#include <stdlib.h>
-#ifdef __NetBSD__
#include <openssl/des.h>
-#else
-#include <des.h>
-#endif
#include <openssl/sha.h>
#endif
#include <md4.h>
@@ -103,18 +99,18 @@ MakeKey(u_char *key, u_char *des_key)
des_key[6] = Get7Bits(key, 42);
des_key[7] = Get7Bits(key, 49);
- des_set_odd_parity((des_cblock *)des_key);
+ DES_set_odd_parity((DES_cblock *)des_key);
}
static void /* IN 8 octets IN 7 octest OUT 8 octets */
DesEncrypt(u_char *clear, u_char *key, u_char *cipher)
{
- des_cblock des_key;
- des_key_schedule key_schedule;
+ DES_cblock des_key;
+ DES_key_schedule key_schedule;
MakeKey(key, des_key);
- des_set_key(&des_key, key_schedule);
- des_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher, key_schedule, 1);
+ DES_set_key(&des_key, &key_schedule);
+ DES_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher, &key_schedule, 1);
}
static void /* IN 8 octets IN 16 octets OUT 24 octets */
diff --git a/usr.sbin/tokenadm/Makefile b/usr.sbin/tokenadm/Makefile
index a6cd8121a7e..709dbbf844c 100644
--- a/usr.sbin/tokenadm/Makefile
+++ b/usr.sbin/tokenadm/Makefile
@@ -1,10 +1,10 @@
-# $OpenBSD: Makefile,v 1.2 2003/07/18 21:18:51 david Exp $
+# $OpenBSD: Makefile,v 1.3 2010/10/15 10:18:42 jsg Exp $
PROG= tokenadm
SRCS= tokenadm.c init.c tokendb.c
MAN= tokenadm.8
-LDADD+= -ldes
-DPADD= ${LIBDES}
+LDADD+= -lcrypto
+DPADD= ${LIBCRYPTO}
CFLAGS+=-I${.CURDIR}/../../libexec/login_token
.PATH: ${.CURDIR}/../../libexec/login_token
diff --git a/usr.sbin/tokeninit/Makefile b/usr.sbin/tokeninit/Makefile
index b394581bd95..9aa5f44c859 100644
--- a/usr.sbin/tokeninit/Makefile
+++ b/usr.sbin/tokeninit/Makefile
@@ -1,10 +1,10 @@
-# $OpenBSD: Makefile,v 1.2 2003/07/18 21:18:51 david Exp $
+# $OpenBSD: Makefile,v 1.3 2010/10/15 10:18:42 jsg Exp $
PROG= tokeninit
SRCS= tokeninit.c init.c token.c tokendb.c
MAN= tokeninit.8
-LDADD+= -ldes
-DPADD= ${LIBDES}
+LDADD+= -lcrypto
+DPADD= ${LIBCRYPTO}
CFLAGS+=-I${.CURDIR}/../../libexec/login_token
.PATH: ${.CURDIR}/../../libexec/login_token