From 89306d994fe40773e352c112b7fa88c304e8ffe9 Mon Sep 17 00:00:00 2001 From: Jonathan Gray Date: Fri, 15 Oct 2010 10:18:43 +0000 Subject: Switch the remaining users of libdes in src to libcrypto, telnet portion partially from the latest heimdal. ok mikeb@ --- distrib/miniroot/makeconf.awk | 4 +- gnu/usr.bin/cvs/configure | 4 +- gnu/usr.bin/cvs/configure.in | 4 +- gnu/usr.bin/cvs/src/server.c | 10 ++-- libexec/login_tis/Makefile | 6 +-- libexec/login_tis/login_tis.c | 30 +++++------ libexec/login_token/Makefile | 6 +-- libexec/login_token/token.c | 42 +++++++-------- sbin/isakmpd/Makefile | 6 +-- sbin/isakmpd/crypto.c | 32 ++++++------ sbin/isakmpd/crypto.h | 6 +-- usr.bin/passwd/Makefile | 6 +-- usr.bin/passwd/krb5_passwd.c | 5 +- usr.bin/sectok/Makefile | 6 +-- usr.bin/sectok/cyberflex.c | 18 +++---- usr.bin/telnet/Makefile | 6 +-- usr.bin/telnet/enc_des.c | 119 ++++++++++++++++++++---------------------- usr.bin/x99token/Makefile | 6 +-- usr.bin/x99token/x99token.c | 20 +++---- usr.sbin/ppp/ppp/Makefile | 6 +-- usr.sbin/ppp/ppp/chap_ms.c | 16 +++--- usr.sbin/tokenadm/Makefile | 6 +-- usr.sbin/tokeninit/Makefile | 6 +-- 23 files changed, 178 insertions(+), 192 deletions(-) diff --git a/distrib/miniroot/makeconf.awk b/distrib/miniroot/makeconf.awk index 5687c83491c..4ba2275800b 100644 --- a/distrib/miniroot/makeconf.awk +++ b/distrib/miniroot/makeconf.awk @@ -1,4 +1,4 @@ -# $OpenBSD: makeconf.awk,v 1.15 2005/08/04 16:35:03 espie Exp $ +# $OpenBSD: makeconf.awk,v 1.16 2010/10/15 10:18:42 jsg Exp $ # $NetBSD: makeconf.awk,v 1.3 1996/05/04 15:45:32 pk Exp $ # @@ -7,7 +7,7 @@ BEGIN { printf("#\n# This file is automatically generated by `makeconf'\n#\n\n"); - libs = "libs -lstubs -lutil -lotermcap -ll -lm -ldes"; + libs = "libs -lstubs -lutil -lotermcap -ll -lm"; } $1 == "LIBS" { diff --git a/gnu/usr.bin/cvs/configure b/gnu/usr.bin/cvs/configure index 520c8425a06..e11e0cdaeb9 100644 --- a/gnu/usr.bin/cvs/configure +++ b/gnu/usr.bin/cvs/configure @@ -4021,9 +4021,9 @@ EOF includeopt="${includeopt} -I$GSSAPI/include/kerberosV" # FIXME: This is ugly, but these things don't seem to be standardized. if test "$ac_cv_header_gssapi_h" = "yes"; then - LIBS="$LIBS -L$GSSAPI/lib -lgssapi -lkrb5 -lcrypto -ldes" + LIBS="$LIBS -L$GSSAPI/lib -lgssapi -lkrb5 -lcrypto" else - LIBS="$LIBS -L$GSSAPI/lib -lgssapi_krb5 -lkrb5 -lcrypto -ldes -lcom_err" + LIBS="$LIBS -L$GSSAPI/lib -lgssapi_krb5 -lkrb5 -lcrypto -lcom_err" fi save_CPPFLAGS=$CPPFLAGS CPPFLAGS="-I$GSSAPI/include/kerberosV $CPPFLAGS" diff --git a/gnu/usr.bin/cvs/configure.in b/gnu/usr.bin/cvs/configure.in index dd9daf46a45..0f6cc741dc5 100644 --- a/gnu/usr.bin/cvs/configure.in +++ b/gnu/usr.bin/cvs/configure.in @@ -295,9 +295,9 @@ if test "$ac_cv_header_krb5_h" = "yes" && includeopt="${includeopt} -I$GSSAPI/include/kerberosV" # FIXME: This is ugly, but these things don't seem to be standardized. if test "$ac_cv_header_gssapi_h" = "yes"; then - LIBS="$LIBS -L$GSSAPI/lib -lgssapi -lkrb5 -lcrypto -ldes" + LIBS="$LIBS -L$GSSAPI/lib -lgssapi -lkrb5 -lcrypto" else - LIBS="$LIBS -L$GSSAPI/lib -lgssapi_krb5 -lkrb5 -lcrypto -ldes -lcom_err" + LIBS="$LIBS -L$GSSAPI/lib -lgssapi_krb5 -lkrb5 -lcrypto -lcom_err" fi save_CPPFLAGS=$CPPFLAGS CPPFLAGS="-I$GSSAPI/include/kerberosV $CPPFLAGS" diff --git a/gnu/usr.bin/cvs/src/server.c b/gnu/usr.bin/cvs/src/server.c index 78f7a3852c2..da7540f57bb 100644 --- a/gnu/usr.bin/cvs/src/server.c +++ b/gnu/usr.bin/cvs/src/server.c @@ -6416,8 +6416,8 @@ krb_encrypt_input (fnclosure, input, output, size) struct krb_encrypt_data *kd = (struct krb_encrypt_data *) fnclosure; int tcount; - des_cbc_encrypt ((C_Block *) input, (C_Block *) output, - size, kd->sched, &kd->block, 0); + DES_cbc_encrypt ((C_Block *) input, (C_Block *) output, + size, &kd->sched, &kd->block, 0); /* SIZE is the size of the buffer, which is set by the encryption routine. The packetizing buffer will arrange for the first two @@ -6456,15 +6456,15 @@ krb_encrypt_output (fnclosure, input, output, size, translated) the packetizing buffer. */ aligned = (size + 7) & ~7; - /* We use des_cbc_encrypt rather than krb_mk_priv because the + /* We use DES_cbc_encrypt rather than krb_mk_priv because the latter sticks a timestamp in the block, and krb_rd_priv expects that timestamp to be within five minutes of the current time. Given the way the CVS server buffers up data, that can easily fail over a long network connection. We trust krb_recvauth to guard against a replay attack. */ - des_cbc_encrypt ((C_Block *) input, (C_Block *) output, aligned, - kd->sched, &kd->block, 1); + DES_cbc_encrypt ((C_Block *) input, (C_Block *) output, aligned, + &kd->sched, &kd->block, 1); *translated = aligned; diff --git a/libexec/login_tis/Makefile b/libexec/login_tis/Makefile index 5cd5ba1c8e4..c386c21fc0b 100644 --- a/libexec/login_tis/Makefile +++ b/libexec/login_tis/Makefile @@ -1,10 +1,10 @@ -# $OpenBSD: Makefile,v 1.1 2004/09/28 15:02:01 millert Exp $ +# $OpenBSD: Makefile,v 1.2 2010/10/15 10:18:42 jsg Exp $ PROG= login_tis MAN= login_tis.8 CFLAGS+=-Wall -LDADD+= -ldes -DPADD+= ${LIBDES} +LDADD+= -lcrypto +DPADD+= ${LIBCRYPTO} BINOWN= root BINGRP= auth diff --git a/libexec/login_tis/login_tis.c b/libexec/login_tis/login_tis.c index ce8bc9c2a54..d3f9569e3e2 100644 --- a/libexec/login_tis/login_tis.c +++ b/libexec/login_tis/login_tis.c @@ -1,4 +1,4 @@ -/* $OpenBSD: login_tis.c,v 1.9 2008/03/24 16:11:00 deraadt Exp $ */ +/* $OpenBSD: login_tis.c,v 1.10 2010/10/15 10:18:42 jsg Exp $ */ /* * Copyright (c) 2004 Todd C. Miller @@ -39,7 +39,7 @@ #include #include -#include /* openssl/des.h */ +#include #include "login_tis.h" @@ -343,7 +343,7 @@ tis_getkey(struct tis_connection *tc) { size_t len; struct stat sb; - des_cblock cblock; + DES_cblock cblock; char *key, *tbuf = NULL; FILE *fp; int error; @@ -393,8 +393,8 @@ tis_getkey(struct tis_connection *tc) tbuf[len] = '\0'; key = tbuf; } - des_string_to_key(key, &cblock); - error = des_set_key(&cblock, tc->keysched); + DES_string_to_key(key, &cblock); + error = DES_set_key(&cblock, &tc->keysched); memset(key, 0, len); memset(&cblock, 0, sizeof(cblock)); free(tbuf); @@ -466,8 +466,8 @@ tis_open(struct tis_connection *tc, const char *server, char *ebuf) ssize_t tis_recv(struct tis_connection *tc, u_char *buf, size_t bufsiz) { - des_key_schedule ks; - des_cblock iv; + DES_key_schedule ks; + DES_cblock iv; ssize_t len; u_char *cp, *ep, tbuf[TIS_BUFSIZ]; @@ -502,10 +502,10 @@ tis_recv(struct tis_connection *tc, u_char *buf, size_t bufsiz) syslog(LOG_ERR, "encrypted data too large to store"); return (-1); } - memcpy(ks, tc->keysched, sizeof(ks)); + memcpy(&ks, &tc->keysched, sizeof(ks)); memset(iv, 0, sizeof(iv)); - des_ncbc_encrypt((des_cblock *)buf, (des_cblock *)tbuf, - len, ks, &iv, DES_DECRYPT); + DES_ncbc_encrypt(buf, tbuf, + len, &ks, &iv, DES_DECRYPT); if (strlcpy(buf, tbuf, bufsiz) >= bufsiz) { syslog(LOG_ERR, "unencrypted data too large to store"); memset(tbuf, 0, sizeof(tbuf)); @@ -524,14 +524,14 @@ ssize_t tis_send(struct tis_connection *tc, u_char *buf, size_t len) { struct iovec iov[2]; - des_key_schedule ks; - des_cblock iv; + DES_key_schedule ks; + DES_cblock iv; ssize_t nwritten; size_t n; u_char cbuf[TIS_BUFSIZ]; if (tc->keyfile != NULL) { - memcpy(ks, tc->keysched, sizeof(ks)); + memcpy(&ks, &tc->keysched, sizeof(ks)); memset(iv, 0, sizeof(iv)); len++; /* we need to encrypt the NUL */ @@ -541,8 +541,8 @@ tis_send(struct tis_connection *tc, u_char *buf, size_t len) syslog(LOG_ERR, "encoded data too large to store"); return (-1); } - des_ncbc_encrypt((des_cblock *)buf, (des_cblock *)cbuf, len, - ks, &iv, DES_ENCRYPT); + DES_ncbc_encrypt(buf, cbuf, len, + &ks, &iv, DES_ENCRYPT); len = tis_encode(cbuf, len, sizeof(cbuf)); buf = cbuf; } diff --git a/libexec/login_token/Makefile b/libexec/login_token/Makefile index 81644bf0ed6..5363d5517b3 100644 --- a/libexec/login_token/Makefile +++ b/libexec/login_token/Makefile @@ -1,10 +1,10 @@ -# $OpenBSD: Makefile,v 1.4 2002/11/21 22:14:51 millert Exp $ +# $OpenBSD: Makefile,v 1.5 2010/10/15 10:18:42 jsg Exp $ PROG= login_token SRCS= login_token.c init.c token.c tokendb.c MAN= login_token.8 -DPADD= ${LIBDES} -LDADD= -ldes +DPADD= ${LIBCRYPTO} +LDADD= -lcrypto TOKENS= activ crypto snk diff --git a/libexec/login_token/token.c b/libexec/login_token/token.c index 36a6125fddd..f08585e3829 100644 --- a/libexec/login_token/token.c +++ b/libexec/login_token/token.c @@ -1,4 +1,4 @@ -/* $OpenBSD: token.c,v 1.11 2005/11/12 14:13:16 deraadt Exp $ */ +/* $OpenBSD: token.c,v 1.12 2010/10/15 10:18:42 jsg Exp $ */ /*- * Copyright (c) 1995 Migration Associates Corp. All Rights Reserved @@ -50,7 +50,7 @@ #include #include #include -#include +#include #include "token.h" #include "tokendb.h" @@ -62,7 +62,7 @@ */ typedef union { - des_cblock cb; + DES_cblock cb; char ct[9]; unsigned long ul[2]; } TOKEN_CBlock; @@ -106,7 +106,7 @@ tokenchallenge(char *user, char *challenge, int size, char *card_type) { TOKENDB_Rec tr; TOKEN_CBlock cb; - des_key_schedule ks; + DES_key_schedule ks; int r, c; r = 1; /* no reduced input mode by default! */ @@ -123,9 +123,9 @@ tokenchallenge(char *user, char *challenge, int size, char *card_type) tr.flags &= ~TOKEN_LOCKED; if (r == 0 && tr.rim[0]) { h2cb(tr.secret, &cb); - des_fixup_key_parity(&cb.cb); - des_key_sched(&cb.cb, ks); - des_ecb_encrypt(&tr.rim, &cb.cb, ks, DES_ENCRYPT); + DES_fixup_key_parity(&cb.cb); + DES_key_sched(&cb.cb, &ks); + DES_ecb_encrypt(&tr.rim, &cb.cb, &ks, DES_ENCRYPT); memcpy(tr.rim, cb.cb, 8); for (r = 0; r < 8; ++r) { if ((tr.rim[r] &= 0xf) > 9) @@ -166,7 +166,7 @@ tokenverify(char *username, char *challenge, char *response) TOKEN_CBlock cmp_text; TOKEN_CBlock user_seed; TOKEN_CBlock cipher_text; - des_key_schedule key_schedule; + DES_key_schedule key_schedule; memset(cmp_text.ct, 0, sizeof(cmp_text.ct)); @@ -199,12 +199,12 @@ tokenverify(char *username, char *challenge, char *response) * shared secret asap. */ - des_fixup_key_parity(&user_seed.cb); - des_key_sched(&user_seed.cb, key_schedule); + DES_fixup_key_parity(&user_seed.cb); + DES_key_sched(&user_seed.cb, &key_schedule); memset(user_seed.ct, 0, sizeof(user_seed.ct)); - des_ecb_encrypt(&tokennumber.cb, &cipher_text.cb, key_schedule, + DES_ecb_encrypt(&tokennumber.cb, &cipher_text.cb, &key_schedule, DES_ENCRYPT); - memset(key_schedule, 0, sizeof(key_schedule)); + memset(&key_schedule, 0, sizeof(key_schedule)); /* * The token thinks it's descended from VAXen. Deal with i386 @@ -258,7 +258,7 @@ tokenuserinit(int flags, char *username, unsigned char *usecret, unsigned mode) TOKEN_CBlock nulls; TOKEN_CBlock checksum; TOKEN_CBlock checktxt; - des_key_schedule key_schedule; + DES_key_schedule key_schedule; memset(&secret.ct, 0, sizeof(secret)); @@ -269,9 +269,9 @@ tokenuserinit(int flags, char *username, unsigned char *usecret, unsigned mode) if ( (flags & TOKEN_GENSECRET) ) tokenseed(&secret); else - memcpy(&secret, usecret, sizeof(des_cblock)); + memcpy(&secret, usecret, sizeof(DES_cblock)); - des_fixup_key_parity(&secret.cb); + DES_fixup_key_parity(&secret.cb); /* * Check if the db record already exists. If there's no @@ -313,11 +313,11 @@ tokenuserinit(int flags, char *username, unsigned char *usecret, unsigned mode) username, secret.cb[0], secret.cb[1], secret.cb[2], secret.cb[3], secret.cb[4], secret.cb[5], secret.cb[6], secret.cb[7]); - des_key_sched(&secret.cb, key_schedule); + DES_key_sched(&secret.cb, &key_schedule); memset(&secret.ct, 0, sizeof(secret)); memset(&nulls, 0, sizeof(nulls)); - des_ecb_encrypt(&nulls.cb, &checksum.cb, key_schedule, DES_ENCRYPT); - memset(key_schedule, 0, sizeof(key_schedule)); + DES_ecb_encrypt(&nulls.cb, &checksum.cb, &key_schedule, DES_ENCRYPT); + memset(&key_schedule, 0, sizeof(key_schedule)); HTONL(checksum.ul[0]); snprintf(checktxt.ct, sizeof(checktxt.ct), "%8.8lx", checksum.ul[0]); printf("Hex Checksum: \"%s\"", checktxt.ct); @@ -339,7 +339,7 @@ h2d(char *cp) { int i; - for (i=0; i= 'a' && *cp <= 'f') *cp = tt->map[*cp - 'a']; } @@ -347,7 +347,7 @@ h2d(char *cp) /* * Translate an hex 16 byte ascii representation of an unsigned - * integer to a des_cblock. + * integer to a DES_cblock. */ static void @@ -363,7 +363,7 @@ h2cb(char *hp, TOKEN_CBlock *cb) } /* - * Translate a des_cblock to an 16 byte ascii hex representation. + * Translate a DES_cblock to an 16 byte ascii hex representation. */ static void diff --git a/sbin/isakmpd/Makefile b/sbin/isakmpd/Makefile index b3043946de6..59e6b51a0c1 100644 --- a/sbin/isakmpd/Makefile +++ b/sbin/isakmpd/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.81 2010/06/29 19:50:16 reyk Exp $ +# $OpenBSD: Makefile,v 1.82 2010/10/15 10:18:42 jsg Exp $ # $EOM: Makefile,v 1.78 2000/10/15 21:33:42 niklas Exp $ # @@ -75,8 +75,8 @@ CFLAGS+= -Wall -Wstrict-prototypes -Wmissing-prototypes \ #LWRESLIB= /usr/local/lib/liblwres.a #DNSSEC_CFLAGS= -I/usr/local/include -DLWRES -LDADD+= ${LWRESLIB} -lkeynote -lcrypto -ldes -lm -DPADD+= ${LWRESLIB} ${LIBKEYNOTE} ${LIBCRYPTO} ${LIBDES} ${LIBM} +LDADD+= ${LWRESLIB} -lkeynote -lcrypto -lm +DPADD+= ${LWRESLIB} ${LIBKEYNOTE} ${LIBCRYPTO} ${LIBM} exchange_num.c exchange_num.h: stamp_exchange_num diff --git a/sbin/isakmpd/crypto.c b/sbin/isakmpd/crypto.c index 9843c682eac..1dac786313f 100644 --- a/sbin/isakmpd/crypto.c +++ b/sbin/isakmpd/crypto.c @@ -1,4 +1,4 @@ -/* $OpenBSD: crypto.c,v 1.29 2007/05/07 18:25:30 cloder Exp $ */ +/* $OpenBSD: crypto.c,v 1.30 2010/10/15 10:18:42 jsg Exp $ */ /* $EOM: crypto.c,v 1.32 2000/03/07 20:08:51 niklas Exp $ */ /* @@ -89,9 +89,9 @@ struct crypto_xf transforms[] = { enum cryptoerr des1_init(struct keystate *ks, u_int8_t *key, u_int16_t len) { - /* des_set_key returns -1 for parity problems, and -2 for weak keys */ - des_set_odd_parity((void *)key); - switch (des_set_key((void *)key, ks->ks_des[0])) { + /* DES_set_key returns -1 for parity problems, and -2 for weak keys */ + DES_set_odd_parity((void *)key); + switch (DES_set_key((void *)key, &ks->ks_des[0])) { case -2: return EWEAKKEY; default: @@ -102,28 +102,28 @@ des1_init(struct keystate *ks, u_int8_t *key, u_int16_t len) void des1_encrypt(struct keystate *ks, u_int8_t *d, u_int16_t len) { - des_cbc_encrypt((void *)d, (void *)d, len, ks->ks_des[0], (void *)ks->riv, + DES_cbc_encrypt((void *)d, (void *)d, len, &ks->ks_des[0], (void *)ks->riv, DES_ENCRYPT); } void des1_decrypt(struct keystate *ks, u_int8_t *d, u_int16_t len) { - des_cbc_encrypt((void *)d, (void *)d, len, ks->ks_des[0], (void *)ks->riv, + DES_cbc_encrypt((void *)d, (void *)d, len, &ks->ks_des[0], (void *)ks->riv, DES_DECRYPT); } enum cryptoerr des3_init(struct keystate *ks, u_int8_t *key, u_int16_t len) { - des_set_odd_parity((void *)key); - des_set_odd_parity((void *)(key + 8)); - des_set_odd_parity((void *)(key + 16)); + DES_set_odd_parity((void *)key); + DES_set_odd_parity((void *)(key + 8)); + DES_set_odd_parity((void *)(key + 16)); /* As of the draft Tripe-DES does not check for weak keys */ - des_set_key((void *)key, ks->ks_des[0]); - des_set_key((void *)(key + 8), ks->ks_des[1]); - des_set_key((void *)(key + 16), ks->ks_des[2]); + DES_set_key((void *)key, &ks->ks_des[0]); + DES_set_key((void *)(key + 8), &ks->ks_des[1]); + DES_set_key((void *)(key + 16), &ks->ks_des[2]); return EOKAY; } @@ -134,8 +134,8 @@ des3_encrypt(struct keystate *ks, u_int8_t *data, u_int16_t len) u_int8_t iv[MAXBLK]; memcpy(iv, ks->riv, ks->xf->blocksize); - des_ede3_cbc_encrypt((void *)data, (void *)data, len, ks->ks_des[0], - ks->ks_des[1], ks->ks_des[2], (void *)iv, DES_ENCRYPT); + DES_ede3_cbc_encrypt((void *)data, (void *)data, len, &ks->ks_des[0], + &ks->ks_des[1], &ks->ks_des[2], (void *)iv, DES_ENCRYPT); } void @@ -144,8 +144,8 @@ des3_decrypt(struct keystate *ks, u_int8_t *data, u_int16_t len) u_int8_t iv[MAXBLK]; memcpy(iv, ks->riv, ks->xf->blocksize); - des_ede3_cbc_encrypt((void *)data, (void *)data, len, ks->ks_des[0], - ks->ks_des[1], ks->ks_des[2], (void *)iv, DES_DECRYPT); + DES_ede3_cbc_encrypt((void *)data, (void *)data, len, &ks->ks_des[0], + &ks->ks_des[1], &ks->ks_des[2], (void *)iv, DES_DECRYPT); } enum cryptoerr diff --git a/sbin/isakmpd/crypto.h b/sbin/isakmpd/crypto.h index 5ef8ac150d6..effdb189d1c 100644 --- a/sbin/isakmpd/crypto.h +++ b/sbin/isakmpd/crypto.h @@ -1,4 +1,4 @@ -/* $OpenBSD: crypto.h,v 1.18 2006/06/02 19:35:55 hshoexer Exp $ */ +/* $OpenBSD: crypto.h,v 1.19 2010/10/15 10:18:42 jsg Exp $ */ /* $EOM: crypto.h,v 1.12 2000/10/15 21:56:41 niklas Exp $ */ /* @@ -32,7 +32,7 @@ #ifndef _CRYPTO_H_ #define _CRYPTO_H_ -#include +#include #include #include @@ -80,7 +80,7 @@ struct keystate { u_int8_t iv2[MAXBLK]; u_int8_t *riv, *liv; union { - des_key_schedule desks[3]; + DES_key_schedule desks[3]; blf_ctx blfks; cast_key castks; AES_KEY aesks[2]; diff --git a/usr.bin/passwd/Makefile b/usr.bin/passwd/Makefile index a35621d79ec..679ca85299f 100644 --- a/usr.bin/passwd/Makefile +++ b/usr.bin/passwd/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.31 2008/07/04 12:50:23 djm Exp $ +# $OpenBSD: Makefile,v 1.32 2010/10/15 10:18:42 jsg Exp $ .include @@ -20,8 +20,8 @@ CFLAGS+=-DYP -I${.CURDIR}/../../lib/libc/yp .if (${KERBEROS5:L} == "yes") SRCS+= krb5_passwd.c CFLAGS+= -DKRB5 -DPADD+= ${LIBKRB5} ${LIBASN1} ${LIBDES} ${LIBCRYPTO} -LDADD+= -lkrb5 -lasn1 -ldes -lcrypto +DPADD+= ${LIBKRB5} ${LIBASN1} ${LIBCRYPTO} +LDADD+= -lkrb5 -lasn1 -lcrypto .endif BINMODE=4555 diff --git a/usr.bin/passwd/krb5_passwd.c b/usr.bin/passwd/krb5_passwd.c index 9341af6d810..ad09c063263 100644 --- a/usr.bin/passwd/krb5_passwd.c +++ b/usr.bin/passwd/krb5_passwd.c @@ -49,7 +49,7 @@ #include #include #include -#include +#include #include /* RCSID("$KTH: kpasswd.c,v 1.23 2000/12/31 07:48:34 assar Exp $"); */ @@ -113,7 +113,8 @@ krb5_passwd(int argc, char **argv) krb5_data_zero(&result_code_string); krb5_data_zero(&result_string); - if (des_read_pw_string(pwbuf, sizeof(pwbuf), "New password:", 1) != 0) + if (UI_UTIL_read_pw_string(pwbuf, sizeof(pwbuf), "New password:", + 1) != 0) return 1; ret = krb5_change_password (context, &cred, pwbuf, &result_code, diff --git a/usr.bin/sectok/Makefile b/usr.bin/sectok/Makefile index 5c66bfc7a99..08d0e648d85 100644 --- a/usr.bin/sectok/Makefile +++ b/usr.bin/sectok/Makefile @@ -1,9 +1,9 @@ -# $OpenBSD: Makefile,v 1.3 2002/05/11 00:20:20 espie Exp $ +# $OpenBSD: Makefile,v 1.4 2010/10/15 10:18:42 jsg Exp $ PROG= sectok SRCS= main.c cmds.c cyberflex.c -DPADD= ${LIBSECTOK} ${LIBCRYPTO} ${LIBDES} -LDADD= -lsectok -lcrypto -ldes +DPADD= ${LIBSECTOK} ${LIBCRYPTO} +LDADD= -lsectok -lcrypto CFLAGS+=-Wall diff --git a/usr.bin/sectok/cyberflex.c b/usr.bin/sectok/cyberflex.c index 31233a18a67..82988fc8906 100644 --- a/usr.bin/sectok/cyberflex.c +++ b/usr.bin/sectok/cyberflex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cyberflex.c,v 1.28 2007/12/30 13:35:27 sobrado Exp $ */ +/* $OpenBSD: cyberflex.c,v 1.29 2010/10/15 10:18:42 jsg Exp $ */ /* * copyright 1999, 2000 @@ -38,7 +38,7 @@ #include #include #include -#include +#include #ifdef __linux #include #define SHA1_CTX SHA_CTX @@ -65,10 +65,6 @@ #include "sc.h" -#ifdef __sun -#define des_set_key(key, schedule) des_key_sched(key, schedule) -#endif - #define MAX_KEY_FILE_SIZE 1024 #define NUM_RSA_KEY_ELEMENTS 5 #define RSA_BIT_LEN 1024 @@ -87,7 +83,7 @@ static void print_acl(int isdir, u_char *acl); #ifndef __palmos__ /* default signed applet key of Cyberflex Access */ -static des_cblock app_key = {0x6A, 0x21, 0x36, 0xF5, 0xD8, 0x0C, 0x47, 0x83}; +static DES_cblock app_key = {0x6A, 0x21, 0x36, 0xF5, 0xD8, 0x0C, 0x47, 0x83}; #endif static int @@ -612,8 +608,8 @@ jload(int argc, char *argv[]) int i, j, vflag = 0, gotprog = 0, gotcont = 0, fd_app, size; int aidlen = 0, sw; int cont_size = 1152, inst_size = 1024; - des_cblock tmp; - des_key_schedule schedule; + DES_cblock tmp; + DES_key_schedule schedule; static u_char acl[] = {0x81, 0, 0, 0xff, 0, 0, 0, 0}; optind = optreset = 1; @@ -723,12 +719,12 @@ jload(int argc, char *argv[]) /* chain. DES encrypt one block, XOR the cyphertext with the next * block, ... continues until the end of the buffer */ - des_set_key(&app_key, schedule); + DES_set_key(&app_key, &schedule); for (i = 0; i < size / BLOCK_SIZE; i++) { for (j = 0; j < BLOCK_SIZE; j++) tmp[j] = tmp[j] ^ app_data[i * BLOCK_SIZE + j]; - des_ecb_encrypt(&tmp, &tmp, schedule, DES_ENCRYPT); + DES_ecb_encrypt(&tmp, &tmp, &schedule, DES_ENCRYPT); } if (vflag) { diff --git a/usr.bin/telnet/Makefile b/usr.bin/telnet/Makefile index 2bc42f4e465..0276fa23de0 100644 --- a/usr.bin/telnet/Makefile +++ b/usr.bin/telnet/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.23 2005/05/24 03:41:58 deraadt Exp $ +# $OpenBSD: Makefile,v 1.24 2010/10/15 10:18:42 jsg Exp $ # # Copyright (c) 1990 The Regents of the University of California. # All rights reserved. @@ -45,8 +45,8 @@ SRCS= authenc.c commands.c main.c network.c ring.c sys_bsd.c telnet.c \ .if (${KERBEROS5:L} == "yes") CFLAGS+=-DENCRYPTION -DAUTHENTICATION -DKRB5 -DDES_ENCRYPTION -DPADD+= ${LIBKRB5} ${LIBASN1} ${LIBCRYPTO} ${LIBDES} -LDADD+= -lkrb5 -lasn1 -lcrypto -ldes +DPADD+= ${LIBKRB5} ${LIBASN1} ${LIBCRYPTO} +LDADD+= -lkrb5 -lasn1 -lcrypto SRCS+= kerberos5.c enc_des.c .endif diff --git a/usr.bin/telnet/enc_des.c b/usr.bin/telnet/enc_des.c index 06ff59b4fd4..f6e832cda12 100644 --- a/usr.bin/telnet/enc_des.c +++ b/usr.bin/telnet/enc_des.c @@ -1,4 +1,4 @@ -/* $OpenBSD: enc_des.c,v 1.1 2005/05/24 03:43:56 deraadt Exp $ */ +/* $OpenBSD: enc_des.c,v 1.2 2010/10/15 10:18:42 jsg Exp $ */ /*- * Copyright (c) 1991, 1993 @@ -39,7 +39,8 @@ #include "encrypt.h" #include "misc-proto.h" -#include +#include +#include extern int encrypt_debug_mode; @@ -55,19 +56,19 @@ extern int encrypt_debug_mode; struct stinfo { - des_cblock str_output; - des_cblock str_feed; - des_cblock str_iv; - des_cblock str_ikey; - des_key_schedule str_sched; + DES_cblock str_output; + DES_cblock str_feed; + DES_cblock str_iv; + DES_cblock str_ikey; + DES_key_schedule str_sched; int str_index; int str_flagshift; }; struct fb { - des_cblock krbdes_key; - des_key_schedule krbdes_sched; - des_cblock temp_feed; + DES_cblock krbdes_key; + DES_key_schedule krbdes_sched; + DES_cblock temp_feed; unsigned char fb_feed[64]; int need_start; int state[2]; @@ -105,13 +106,13 @@ struct keyidlist { #define FB64_IV_BAD 3 -void fb64_stream_iv (des_cblock, struct stinfo *); +void fb64_stream_iv (DES_cblock, struct stinfo *); void fb64_init (struct fb *); static int fb64_start (struct fb *, int, int); int fb64_is (unsigned char *, int, struct fb *); int fb64_reply (unsigned char *, int, struct fb *); static void fb64_session (Session_Key *, int, struct fb *); -void fb64_stream_key (des_cblock, struct stinfo *); +void fb64_stream_key (DES_cblock, struct stinfo *); int fb64_keyid (int, unsigned char *, int *, struct fb *); void cfb64_init(int server) @@ -197,27 +198,21 @@ static int fb64_start(struct fb *fbp, int dir, int server) /* * Create a random feed and send it over. */ -#ifndef OLD_DES_RANDOM_KEY - des_new_random_key(&fbp->temp_feed); -#else - /* - * From des_cryp.man "If the des_check_key flag is non-zero, - * des_set_key will check that the key passed is - * of odd parity and is not a week or semi-weak key." - */ do { - des_random_key(fbp->temp_feed); - des_set_odd_parity(fbp->temp_feed); - } while (des_is_weak_key(fbp->temp_feed)); -#endif - des_ecb_encrypt(&fbp->temp_feed, + if (RAND_bytes(fbp->temp_feed, + sizeof(*fbp->temp_feed)) != 1) + abort(); + DES_set_odd_parity(&fbp->temp_feed); + } while(DES_is_weak_key(&fbp->temp_feed)); + + DES_ecb_encrypt(&fbp->temp_feed, &fbp->temp_feed, - fbp->krbdes_sched, 1); + &fbp->krbdes_sched, 1); p = fbp->fb_feed + 3; *p++ = ENCRYPT_IS; p++; *p++ = FB64_IV; - for (x = 0; x < sizeof(des_cblock); ++x) { + for (x = 0; x < sizeof(DES_cblock); ++x) { if ((*p++ = fbp->temp_feed[x]) == IAC) *p++ = IAC; } @@ -260,7 +255,7 @@ int fb64_is(unsigned char *data, int cnt, struct fb *fbp) switch (*data++) { case FB64_IV: - if (cnt != sizeof(des_cblock)) { + if (cnt != sizeof(DES_cblock)) { if (encrypt_debug_mode) printf("CFB64: initial vector failed on size\r\n"); state = FAILED; @@ -349,7 +344,7 @@ int fb64_reply(unsigned char *data, int cnt, struct fb *fbp) break; case FB64_IV_BAD: - memset(fbp->temp_feed, 0, sizeof(des_cblock)); + memset(fbp->temp_feed, 0, sizeof(DES_cblock)); fb64_stream_iv(fbp->temp_feed, &fbp->streams[DIR_ENCRYPT-1]); state = FAILED; break; @@ -387,18 +382,16 @@ static void fb64_session(Session_Key *key, int server, struct fb *fbp) key ? key->type : -1, SK_DES); return; } - memcpy(fbp->krbdes_key, key->data, sizeof(des_cblock)); + memcpy(fbp->krbdes_key, key->data, sizeof(DES_cblock)); fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_ENCRYPT-1]); fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_DECRYPT-1]); - if (fbp->once == 0) { -#ifndef OLD_DES_RANDOM_KEY - des_init_random_number_generator(&fbp->krbdes_key); -#endif - fbp->once = 1; - } - des_key_sched(&fbp->krbdes_key, fbp->krbdes_sched); + RAND_seed(key->data, key->length); + + DES_set_key_checked((DES_cblock *)&fbp->krbdes_key, + &fbp->krbdes_sched); + /* * Now look to see if krbdes_start() was was waiting for * the key to show up. If so, go ahead an call it now @@ -495,25 +488,25 @@ void ofb64_printsub(unsigned char *data, int cnt, fb64_printsub(data, cnt, buf, buflen, "OFB64"); } -void fb64_stream_iv(des_cblock seed, struct stinfo *stp) +void fb64_stream_iv(DES_cblock seed, struct stinfo *stp) { - memcpy(stp->str_iv, seed,sizeof(des_cblock)); - memcpy(stp->str_output, seed, sizeof(des_cblock)); + memcpy(stp->str_iv, seed,sizeof(DES_cblock)); + memcpy(stp->str_output, seed, sizeof(DES_cblock)); - des_key_sched(&stp->str_ikey, stp->str_sched); + DES_key_sched(&stp->str_ikey, &stp->str_sched); - stp->str_index = sizeof(des_cblock); + stp->str_index = sizeof(DES_cblock); } -void fb64_stream_key(des_cblock key, struct stinfo *stp) +void fb64_stream_key(DES_cblock key, struct stinfo *stp) { - memcpy(stp->str_ikey, key, sizeof(des_cblock)); - des_key_sched((des_cblock*)key, stp->str_sched); + memcpy(stp->str_ikey, key, sizeof(DES_cblock)); + DES_key_sched((des_cblock*)key, &stp->str_sched); - memcpy(stp->str_output, stp->str_iv, sizeof(des_cblock)); + memcpy(stp->str_output, stp->str_iv, sizeof(DES_cblock)); - stp->str_index = sizeof(des_cblock); + stp->str_index = sizeof(DES_cblock); } /* @@ -545,10 +538,10 @@ void cfb64_encrypt(unsigned char *s, int c) index = stp->str_index; while (c-- > 0) { - if (index == sizeof(des_cblock)) { - des_cblock b; - des_ecb_encrypt(&stp->str_output, &b,stp->str_sched, 1); - memcpy(stp->str_feed, b, sizeof(des_cblock)); + if (index == sizeof(DES_cblock)) { + DES_cblock b; + DES_ecb_encrypt(&stp->str_output, &b, &stp->str_sched, 1); + memcpy(stp->str_feed, b, sizeof(DES_cblock)); index = 0; } @@ -577,10 +570,10 @@ int cfb64_decrypt(int data) } index = stp->str_index++; - if (index == sizeof(des_cblock)) { - des_cblock b; - des_ecb_encrypt(&stp->str_output,&b, stp->str_sched, 1); - memcpy(stp->str_feed, b, sizeof(des_cblock)); + if (index == sizeof(DES_cblock)) { + DES_cblock b; + DES_ecb_encrypt(&stp->str_output,&b, &stp->str_sched, 1); + memcpy(stp->str_feed, b, sizeof(DES_cblock)); stp->str_index = 1; /* Next time will be 1 */ index = 0; /* But now use 0 */ } @@ -617,10 +610,10 @@ void ofb64_encrypt(unsigned char *s, int c) index = stp->str_index; while (c-- > 0) { - if (index == sizeof(des_cblock)) { - des_cblock b; - des_ecb_encrypt(&stp->str_feed,&b, stp->str_sched, 1); - memcpy(stp->str_feed, b, sizeof(des_cblock)); + if (index == sizeof(DES_cblock)) { + DES_cblock b; + DES_ecb_encrypt(&stp->str_feed,&b, &stp->str_sched, 1); + memcpy(stp->str_feed, b, sizeof(DES_cblock)); index = 0; } *s++ ^= stp->str_feed[index]; @@ -646,10 +639,10 @@ int ofb64_decrypt(int data) } index = stp->str_index++; - if (index == sizeof(des_cblock)) { - des_cblock b; - des_ecb_encrypt(&stp->str_feed,&b,stp->str_sched, 1); - memcpy(stp->str_feed, b, sizeof(des_cblock)); + if (index == sizeof(DES_cblock)) { + DES_cblock b; + DES_ecb_encrypt(&stp->str_feed,&b, &stp->str_sched, 1); + memcpy(stp->str_feed, b, sizeof(DES_cblock)); stp->str_index = 1; /* Next time will be 1 */ index = 0; /* But now use 0 */ } diff --git a/usr.bin/x99token/Makefile b/usr.bin/x99token/Makefile index 9b23a6761b9..d93d3d71215 100644 --- a/usr.bin/x99token/Makefile +++ b/usr.bin/x99token/Makefile @@ -1,7 +1,7 @@ -# $OpenBSD: Makefile,v 1.3 2002/05/11 00:20:20 espie Exp $ +# $OpenBSD: Makefile,v 1.4 2010/10/15 10:18:42 jsg Exp $ PROG= x99token -LDADD+= -ldes -DPADD+= ${LIBDES} +LDADD+= -lcrypto +DPADD+= ${LIBCRYPTO} .include diff --git a/usr.bin/x99token/x99token.c b/usr.bin/x99token/x99token.c index b0353010013..d00dc64eb94 100644 --- a/usr.bin/x99token/x99token.c +++ b/usr.bin/x99token/x99token.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x99token.c,v 1.7 2007/03/29 10:59:13 jmc Exp $ */ +/* $OpenBSD: x99token.c,v 1.8 2010/10/15 10:18:42 jsg Exp $ */ /* * X9.9 calculator @@ -18,13 +18,13 @@ #include #include #include -#include +#include #define KEYFILE ".keyfile.des" #define HEXDIGITS "0123456789abcdef" #define DECDIGITS "0123456789012345" -void predict(des_key_schedule, const char *, int); +void predict(DES_key_schedule, const char *, int); char *digits = HEXDIGITS; extern char *__progname; @@ -34,8 +34,8 @@ main(int argc, char **argv) { int i; char buf[256]; - des_key_schedule ks; - des_cblock key; + DES_key_schedule ks; + DES_cblock key; char _keyfile[MAXPATHLEN]; char *keyfile = 0; FILE *fp; @@ -147,8 +147,8 @@ main(int argc, char **argv) exit(0); } - des_fixup_key_parity(&key); - des_key_sched(&key, ks); + DES_fixup_key_parity(&key); + DES_key_sched(&key, &ks); buf[0] = '\0'; readpassphrase("Enter challenge: ", buf, sizeof(buf), RPP_ECHO_ON); @@ -171,15 +171,15 @@ main(int argc, char **argv) } void -predict(des_key_schedule ks, const char *chal, int cnt) +predict(DES_key_schedule ks, const char *chal, int cnt) { int i; - des_cblock cb; + DES_cblock cb; memcpy(&cb, chal, sizeof(cb)); while (cnt-- > 0) { printf("%.8s: ", (char *)cb); - des_ecb_encrypt(&cb, &cb, ks, DES_ENCRYPT); + DES_ecb_encrypt(&cb, &cb, &ks, DES_ENCRYPT); for (i = 0; i < 4; ++i) { printf("%c", digits[(cb[i]>>4) & 0xf]); printf("%c", digits[(cb[i]>>0) & 0xf]); diff --git a/usr.sbin/ppp/ppp/Makefile b/usr.sbin/ppp/ppp/Makefile index a00f6bee1fc..d8a8bb1cfe9 100644 --- a/usr.sbin/ppp/ppp/Makefile +++ b/usr.sbin/ppp/ppp/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.28 2005/09/22 00:08:24 brad Exp $ +# $OpenBSD: Makefile,v 1.29 2010/10/15 10:18:42 jsg Exp $ PROG= ppp SRCS= alias.c alias_cuseeme.c alias_db.c alias_ftp.c alias_irc.c \ @@ -13,8 +13,8 @@ SRCS= alias.c alias_cuseeme.c alias_db.c alias_ftp.c alias_irc.c \ CFLAGS+=-Wall -DNO_FW_PUNCH -DNOI4B -DNONETGRAPH CFLAGS+=-DLOCALNAT -DLOCALRAD M4FLAGS=-DLOCALNAT -DLOCALRAD -LDADD+= -lcrypto -ldes -lutil -lz -DPADD+= ${LIBDES} ${LIBUTIL} ${LIBZ} ${LIBCRYPTO} +LDADD+= -lcrypto -lutil -lz +DPADD+= ${LIBUTIL} ${LIBZ} ${LIBCRYPTO} .if defined(NOSUID) || defined(PPP_NOSUID) BINMODE=554 .else diff --git a/usr.sbin/ppp/ppp/chap_ms.c b/usr.sbin/ppp/ppp/chap_ms.c index 1f153a60d88..41d2589a844 100644 --- a/usr.sbin/ppp/ppp/chap_ms.c +++ b/usr.sbin/ppp/ppp/chap_ms.c @@ -26,7 +26,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $OpenBSD: chap_ms.c,v 1.12 2002/06/15 08:02:00 brian Exp $ + * $OpenBSD: chap_ms.c,v 1.13 2010/10/15 10:18:42 jsg Exp $ */ #include @@ -36,11 +36,7 @@ #else #include #include -#ifdef __NetBSD__ #include -#else -#include -#endif #include #endif #include @@ -103,18 +99,18 @@ MakeKey(u_char *key, u_char *des_key) des_key[6] = Get7Bits(key, 42); des_key[7] = Get7Bits(key, 49); - des_set_odd_parity((des_cblock *)des_key); + DES_set_odd_parity((DES_cblock *)des_key); } static void /* IN 8 octets IN 7 octest OUT 8 octets */ DesEncrypt(u_char *clear, u_char *key, u_char *cipher) { - des_cblock des_key; - des_key_schedule key_schedule; + DES_cblock des_key; + DES_key_schedule key_schedule; MakeKey(key, des_key); - des_set_key(&des_key, key_schedule); - des_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher, key_schedule, 1); + DES_set_key(&des_key, &key_schedule); + DES_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher, &key_schedule, 1); } static void /* IN 8 octets IN 16 octets OUT 24 octets */ diff --git a/usr.sbin/tokenadm/Makefile b/usr.sbin/tokenadm/Makefile index a6cd8121a7e..709dbbf844c 100644 --- a/usr.sbin/tokenadm/Makefile +++ b/usr.sbin/tokenadm/Makefile @@ -1,10 +1,10 @@ -# $OpenBSD: Makefile,v 1.2 2003/07/18 21:18:51 david Exp $ +# $OpenBSD: Makefile,v 1.3 2010/10/15 10:18:42 jsg Exp $ PROG= tokenadm SRCS= tokenadm.c init.c tokendb.c MAN= tokenadm.8 -LDADD+= -ldes -DPADD= ${LIBDES} +LDADD+= -lcrypto +DPADD= ${LIBCRYPTO} CFLAGS+=-I${.CURDIR}/../../libexec/login_token .PATH: ${.CURDIR}/../../libexec/login_token diff --git a/usr.sbin/tokeninit/Makefile b/usr.sbin/tokeninit/Makefile index b394581bd95..9aa5f44c859 100644 --- a/usr.sbin/tokeninit/Makefile +++ b/usr.sbin/tokeninit/Makefile @@ -1,10 +1,10 @@ -# $OpenBSD: Makefile,v 1.2 2003/07/18 21:18:51 david Exp $ +# $OpenBSD: Makefile,v 1.3 2010/10/15 10:18:42 jsg Exp $ PROG= tokeninit SRCS= tokeninit.c init.c token.c tokendb.c MAN= tokeninit.8 -LDADD+= -ldes -DPADD= ${LIBDES} +LDADD+= -lcrypto +DPADD= ${LIBCRYPTO} CFLAGS+=-I${.CURDIR}/../../libexec/login_token .PATH: ${.CURDIR}/../../libexec/login_token -- cgit v1.2.3