Switch the remaining users of libdes in src to libcrypto,

telnet portion partially from the latest heimdal.

ok mikeb@

23 files changed, 178 insertions, 192 deletions

diff --git a/distrib/miniroot/makeconf.awk b/distrib/miniroot/makeconf.awk
index 5687c83491c..4ba2275800b 100644
--- a/distrib/miniroot/makeconf.awk
+++ b/distrib/miniroot/makeconf.awk
@@ -1,4 +1,4 @@
-#	$OpenBSD: makeconf.awk,v 1.15 2005/08/04 16:35:03 espie Exp $
+#	$OpenBSD: makeconf.awk,v 1.16 2010/10/15 10:18:42 jsg Exp $
 #	$NetBSD: makeconf.awk,v 1.3 1996/05/04 15:45:32 pk Exp $
 
 #
@@ -7,7 +7,7 @@
 
 BEGIN {
 	printf("#\n# This file is automatically generated by `makeconf'\n#\n\n");
-	libs = "libs -lstubs -lutil -lotermcap -ll -lm -ldes";
+	libs = "libs -lstubs -lutil -lotermcap -ll -lm";
 }
 
 $1 == "LIBS" {
diff --git a/gnu/usr.bin/cvs/configure b/gnu/usr.bin/cvs/configure
index 520c8425a06..e11e0cdaeb9 100644
--- a/gnu/usr.bin/cvs/configure
+++ b/gnu/usr.bin/cvs/configure
@@ -4021,9 +4021,9 @@ EOF
   includeopt="${includeopt} -I$GSSAPI/include/kerberosV"
   # FIXME: This is ugly, but these things don't seem to be standardized.
   if test "$ac_cv_header_gssapi_h" = "yes"; then
-    LIBS="$LIBS -L$GSSAPI/lib -lgssapi -lkrb5 -lcrypto -ldes"
+    LIBS="$LIBS -L$GSSAPI/lib -lgssapi -lkrb5 -lcrypto"
   else
-    LIBS="$LIBS -L$GSSAPI/lib -lgssapi_krb5 -lkrb5 -lcrypto -ldes -lcom_err"
+    LIBS="$LIBS -L$GSSAPI/lib -lgssapi_krb5 -lkrb5 -lcrypto -lcom_err"
   fi
   save_CPPFLAGS=$CPPFLAGS
   CPPFLAGS="-I$GSSAPI/include/kerberosV $CPPFLAGS"
diff --git a/gnu/usr.bin/cvs/configure.in b/gnu/usr.bin/cvs/configure.in
index dd9daf46a45..0f6cc741dc5 100644
--- a/gnu/usr.bin/cvs/configure.in
+++ b/gnu/usr.bin/cvs/configure.in
@@ -295,9 +295,9 @@ if test "$ac_cv_header_krb5_h" = "yes" &&
   includeopt="${includeopt} -I$GSSAPI/include/kerberosV"
   # FIXME: This is ugly, but these things don't seem to be standardized.
   if test "$ac_cv_header_gssapi_h" = "yes"; then
-    LIBS="$LIBS -L$GSSAPI/lib -lgssapi -lkrb5 -lcrypto -ldes"
+    LIBS="$LIBS -L$GSSAPI/lib -lgssapi -lkrb5 -lcrypto"
   else
-    LIBS="$LIBS -L$GSSAPI/lib -lgssapi_krb5 -lkrb5 -lcrypto -ldes -lcom_err"
+    LIBS="$LIBS -L$GSSAPI/lib -lgssapi_krb5 -lkrb5 -lcrypto -lcom_err"
   fi
   save_CPPFLAGS=$CPPFLAGS
   CPPFLAGS="-I$GSSAPI/include/kerberosV $CPPFLAGS"
diff --git a/gnu/usr.bin/cvs/src/server.c b/gnu/usr.bin/cvs/src/server.c
index 78f7a3852c2..da7540f57bb 100644
--- a/gnu/usr.bin/cvs/src/server.c
+++ b/gnu/usr.bin/cvs/src/server.c
@@ -6416,8 +6416,8 @@ krb_encrypt_input (fnclosure, input, output, size)
     struct krb_encrypt_data *kd = (struct krb_encrypt_data *) fnclosure;
     int tcount;
 
-    des_cbc_encrypt ((C_Block *) input, (C_Block *) output,
-		     size, kd->sched, &kd->block, 0);
+    DES_cbc_encrypt ((C_Block *) input, (C_Block *) output,
+		     size, &kd->sched, &kd->block, 0);
 
     /* SIZE is the size of the buffer, which is set by the encryption
        routine.  The packetizing buffer will arrange for the first two
@@ -6456,15 +6456,15 @@ krb_encrypt_output (fnclosure, input, output, size, translated)
        the packetizing buffer.  */
     aligned = (size + 7) & ~7;
 
-    /* We use des_cbc_encrypt rather than krb_mk_priv because the
+    /* We use DES_cbc_encrypt rather than krb_mk_priv because the
        latter sticks a timestamp in the block, and krb_rd_priv expects
        that timestamp to be within five minutes of the current time.
        Given the way the CVS server buffers up data, that can easily
        fail over a long network connection.  We trust krb_recvauth to
        guard against a replay attack.  */
 
-    des_cbc_encrypt ((C_Block *) input, (C_Block *) output, aligned,
-		     kd->sched, &kd->block, 1);
+    DES_cbc_encrypt ((C_Block *) input, (C_Block *) output, aligned,
+		     &kd->sched, &kd->block, 1);
 
     *translated = aligned;
 
diff --git a/libexec/login_tis/Makefile b/libexec/login_tis/Makefile
index 5cd5ba1c8e4..c386c21fc0b 100644
--- a/libexec/login_tis/Makefile
+++ b/libexec/login_tis/Makefile
@@ -1,10 +1,10 @@
-#	$OpenBSD: Makefile,v 1.1 2004/09/28 15:02:01 millert Exp $
+#	$OpenBSD: Makefile,v 1.2 2010/10/15 10:18:42 jsg Exp $
 
 PROG=	login_tis
 MAN=	login_tis.8
 CFLAGS+=-Wall
-LDADD+=	-ldes
-DPADD+=	${LIBDES}
+LDADD+=	-lcrypto
+DPADD+=	${LIBCRYPTO}
 
 BINOWN=	root
 BINGRP=	auth
diff --git a/libexec/login_tis/login_tis.c b/libexec/login_tis/login_tis.c
index ce8bc9c2a54..d3f9569e3e2 100644
--- a/libexec/login_tis/login_tis.c
+++ b/libexec/login_tis/login_tis.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: login_tis.c,v 1.9 2008/03/24 16:11:00 deraadt Exp $	*/
+/*	$OpenBSD: login_tis.c,v 1.10 2010/10/15 10:18:42 jsg Exp $	*/
 
 /*
  * Copyright (c) 2004 Todd C. Miller <Todd.Miller@courtesan.com>
@@ -39,7 +39,7 @@
 
 #include <login_cap.h>
 #include <bsd_auth.h>
-#include <des.h>			/* openssl/des.h */
+#include <openssl/des.h>
 
 #include "login_tis.h"
 
@@ -343,7 +343,7 @@ tis_getkey(struct tis_connection *tc)
 {
 	size_t len;
 	struct stat sb;
-	des_cblock cblock;
+	DES_cblock cblock;
 	char *key, *tbuf = NULL;
 	FILE *fp;
 	int error;
@@ -393,8 +393,8 @@ tis_getkey(struct tis_connection *tc)
 		tbuf[len] = '\0';
 		key = tbuf;
 	}
-	des_string_to_key(key, &cblock);
-	error = des_set_key(&cblock, tc->keysched);
+	DES_string_to_key(key, &cblock);
+	error = DES_set_key(&cblock, &tc->keysched);
 	memset(key, 0, len);
 	memset(&cblock, 0, sizeof(cblock));
 	free(tbuf);
@@ -466,8 +466,8 @@ tis_open(struct tis_connection *tc, const char *server, char *ebuf)
 ssize_t
 tis_recv(struct tis_connection *tc, u_char *buf, size_t bufsiz)
 {
-	des_key_schedule ks;
-	des_cblock iv;
+	DES_key_schedule ks;
+	DES_cblock iv;
 	ssize_t len;
 	u_char *cp, *ep, tbuf[TIS_BUFSIZ];
 
@@ -502,10 +502,10 @@ tis_recv(struct tis_connection *tc, u_char *buf, size_t bufsiz)
 			syslog(LOG_ERR, "encrypted data too large to store");
 			return (-1);
 		}
-		memcpy(ks, tc->keysched, sizeof(ks));
+		memcpy(&ks, &tc->keysched, sizeof(ks));
 		memset(iv, 0, sizeof(iv));
-		des_ncbc_encrypt((des_cblock *)buf, (des_cblock *)tbuf,
-		    len, ks, &iv, DES_DECRYPT);
+		DES_ncbc_encrypt(buf, tbuf,
+		    len, &ks, &iv, DES_DECRYPT);
 		if (strlcpy(buf, tbuf, bufsiz) >= bufsiz) {
 			syslog(LOG_ERR, "unencrypted data too large to store");
 			memset(tbuf, 0, sizeof(tbuf));
@@ -524,14 +524,14 @@ ssize_t
 tis_send(struct tis_connection *tc, u_char *buf, size_t len)
 {
 	struct iovec iov[2];
-	des_key_schedule ks;
-	des_cblock iv;
+	DES_key_schedule ks;
+	DES_cblock iv;
 	ssize_t nwritten;
 	size_t n;
 	u_char cbuf[TIS_BUFSIZ];
 
 	if (tc->keyfile != NULL) {
-		memcpy(ks, tc->keysched, sizeof(ks));
+		memcpy(&ks, &tc->keysched, sizeof(ks));
 		memset(iv, 0, sizeof(iv));
 
 		len++;				/* we need to encrypt the NUL */
@@ -541,8 +541,8 @@ tis_send(struct tis_connection *tc, u_char *buf, size_t len)
 			syslog(LOG_ERR, "encoded data too large to store");
 			return (-1);
 		}
-		des_ncbc_encrypt((des_cblock *)buf, (des_cblock *)cbuf, len,
-		    ks, &iv, DES_ENCRYPT);
+		DES_ncbc_encrypt(buf, cbuf, len,
+		    &ks, &iv, DES_ENCRYPT);
 		len = tis_encode(cbuf, len, sizeof(cbuf));
 		buf = cbuf;
 	}
diff --git a/libexec/login_token/Makefile b/libexec/login_token/Makefile
index 81644bf0ed6..5363d5517b3 100644
--- a/libexec/login_token/Makefile
+++ b/libexec/login_token/Makefile
@@ -1,10 +1,10 @@
-#	$OpenBSD: Makefile,v 1.4 2002/11/21 22:14:51 millert Exp $
+#	$OpenBSD: Makefile,v 1.5 2010/10/15 10:18:42 jsg Exp $
 
 PROG=	login_token
 SRCS=	login_token.c init.c token.c tokendb.c
 MAN=	login_token.8
-DPADD=	${LIBDES}
-LDADD=	-ldes
+DPADD=	${LIBCRYPTO}
+LDADD=	-lcrypto
 
 TOKENS=	activ crypto snk
 
diff --git a/libexec/login_token/token.c b/libexec/login_token/token.c
index 36a6125fddd..f08585e3829 100644
--- a/libexec/login_token/token.c
+++ b/libexec/login_token/token.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: token.c,v 1.11 2005/11/12 14:13:16 deraadt Exp $	*/
+/*	$OpenBSD: token.c,v 1.12 2010/10/15 10:18:42 jsg Exp $	*/
 
 /*-
  * Copyright (c) 1995 Migration Associates Corp. All Rights Reserved
@@ -50,7 +50,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
-#include <des.h>
+#include <openssl/des.h>
 
 #include "token.h"
 #include "tokendb.h"
@@ -62,7 +62,7 @@
  */
 
 typedef	union {
-	des_cblock	cb;
+	DES_cblock	cb;
 	char		ct[9];
 	unsigned long	ul[2];
 } TOKEN_CBlock;
@@ -106,7 +106,7 @@ tokenchallenge(char *user, char *challenge, int size, char *card_type)
 {
 	TOKENDB_Rec tr;
 	TOKEN_CBlock cb;
-	des_key_schedule ks;
+	DES_key_schedule ks;
 	int r, c;
 
 	r = 1;	/* no reduced input mode by default! */
@@ -123,9 +123,9 @@ tokenchallenge(char *user, char *challenge, int size, char *card_type)
 		tr.flags &= ~TOKEN_LOCKED;
 		if (r == 0 && tr.rim[0]) {
 			h2cb(tr.secret, &cb);
-			des_fixup_key_parity(&cb.cb);
-			des_key_sched(&cb.cb, ks);
-			des_ecb_encrypt(&tr.rim, &cb.cb, ks, DES_ENCRYPT);
+			DES_fixup_key_parity(&cb.cb);
+			DES_key_sched(&cb.cb, &ks);
+			DES_ecb_encrypt(&tr.rim, &cb.cb, &ks, DES_ENCRYPT);
 			memcpy(tr.rim, cb.cb, 8);
 			for (r = 0; r < 8; ++r) {
 				if ((tr.rim[r] &= 0xf) > 9)
@@ -166,7 +166,7 @@ tokenverify(char *username, char *challenge, char *response)
 	TOKEN_CBlock cmp_text;
 	TOKEN_CBlock user_seed;
 	TOKEN_CBlock cipher_text;
-	des_key_schedule key_schedule;
+	DES_key_schedule key_schedule;
 
 
 	memset(cmp_text.ct, 0, sizeof(cmp_text.ct));
@@ -199,12 +199,12 @@ tokenverify(char *username, char *challenge, char *response)
 	 * shared secret asap.
 	 */
 
-	des_fixup_key_parity(&user_seed.cb);
-	des_key_sched(&user_seed.cb, key_schedule);
+	DES_fixup_key_parity(&user_seed.cb);
+	DES_key_sched(&user_seed.cb, &key_schedule);
 	memset(user_seed.ct, 0, sizeof(user_seed.ct));
-	des_ecb_encrypt(&tokennumber.cb, &cipher_text.cb, key_schedule,
+	DES_ecb_encrypt(&tokennumber.cb, &cipher_text.cb, &key_schedule,
 	    DES_ENCRYPT);
-	memset(key_schedule, 0, sizeof(key_schedule));
+	memset(&key_schedule, 0, sizeof(key_schedule));
 
 	/*
 	 * The token thinks it's descended from VAXen.  Deal with i386
@@ -258,7 +258,7 @@ tokenuserinit(int flags, char *username, unsigned char *usecret, unsigned mode)
 	TOKEN_CBlock nulls;
 	TOKEN_CBlock checksum;
 	TOKEN_CBlock checktxt;
-	des_key_schedule key_schedule;
+	DES_key_schedule key_schedule;
 
 	memset(&secret.ct, 0, sizeof(secret));
 
@@ -269,9 +269,9 @@ tokenuserinit(int flags, char *username, unsigned char *usecret, unsigned mode)
 	if ( (flags & TOKEN_GENSECRET) )
 		tokenseed(&secret);
 	else
-		memcpy(&secret, usecret, sizeof(des_cblock));
+		memcpy(&secret, usecret, sizeof(DES_cblock));
 
-	des_fixup_key_parity(&secret.cb);
+	DES_fixup_key_parity(&secret.cb);
 
 	/*
 	 * Check if the db record already exists.  If there's no
@@ -313,11 +313,11 @@ tokenuserinit(int flags, char *username, unsigned char *usecret, unsigned mode)
 	    username, secret.cb[0], secret.cb[1], secret.cb[2], secret.cb[3],
 	    secret.cb[4], secret.cb[5], secret.cb[6], secret.cb[7]);
 
-	des_key_sched(&secret.cb, key_schedule);
+	DES_key_sched(&secret.cb, &key_schedule);
 	memset(&secret.ct, 0, sizeof(secret));
 	memset(&nulls, 0, sizeof(nulls));
-	des_ecb_encrypt(&nulls.cb, &checksum.cb, key_schedule, DES_ENCRYPT);
-	memset(key_schedule, 0, sizeof(key_schedule));
+	DES_ecb_encrypt(&nulls.cb, &checksum.cb, &key_schedule, DES_ENCRYPT);
+	memset(&key_schedule, 0, sizeof(key_schedule));
 	HTONL(checksum.ul[0]);
 	snprintf(checktxt.ct, sizeof(checktxt.ct), "%8.8lx", checksum.ul[0]);
 	printf("Hex Checksum: \"%s\"", checktxt.ct);
@@ -339,7 +339,7 @@ h2d(char *cp)
 {
 	int	i;
 
-	for (i=0; i<sizeof(des_cblock); i++, cp++) {
+	for (i=0; i<sizeof(DES_cblock); i++, cp++) {
 		if (*cp >= 'a' && *cp <= 'f')
 			*cp = tt->map[*cp - 'a'];
 	}
@@ -347,7 +347,7 @@ h2d(char *cp)
 
 /*
  * Translate an hex 16 byte ascii representation of an unsigned
- * integer to a des_cblock.
+ * integer to a DES_cblock.
  */
 
 static	void
@@ -363,7 +363,7 @@ h2cb(char *hp, TOKEN_CBlock *cb)
 }
 
 /*
- * Translate a des_cblock to an 16 byte ascii hex representation.
+ * Translate a DES_cblock to an 16 byte ascii hex representation.
  */
 
 static	void
diff --git a/sbin/isakmpd/Makefile b/sbin/isakmpd/Makefile
index b3043946de6..59e6b51a0c1 100644
--- a/sbin/isakmpd/Makefile
+++ b/sbin/isakmpd/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.81 2010/06/29 19:50:16 reyk Exp $
+#	$OpenBSD: Makefile,v 1.82 2010/10/15 10:18:42 jsg Exp $
 #	$EOM: Makefile,v 1.78 2000/10/15 21:33:42 niklas Exp $
 
 #
@@ -75,8 +75,8 @@ CFLAGS+=	-Wall -Wstrict-prototypes -Wmissing-prototypes \
 #LWRESLIB=      /usr/local/lib/liblwres.a
 #DNSSEC_CFLAGS= -I/usr/local/include -DLWRES
 
-LDADD+=		${LWRESLIB} -lkeynote -lcrypto -ldes -lm
-DPADD+=		${LWRESLIB} ${LIBKEYNOTE} ${LIBCRYPTO} ${LIBDES} ${LIBM}
+LDADD+=		${LWRESLIB} -lkeynote -lcrypto -lm
+DPADD+=		${LWRESLIB} ${LIBKEYNOTE} ${LIBCRYPTO} ${LIBM}
 
 exchange_num.c exchange_num.h: stamp_exchange_num
 
diff --git a/sbin/isakmpd/crypto.c b/sbin/isakmpd/crypto.c
index 9843c682eac..1dac786313f 100644
--- a/sbin/isakmpd/crypto.c
+++ b/sbin/isakmpd/crypto.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: crypto.c,v 1.29 2007/05/07 18:25:30 cloder Exp $	 */
+/* $OpenBSD: crypto.c,v 1.30 2010/10/15 10:18:42 jsg Exp $	 */
 /* $EOM: crypto.c,v 1.32 2000/03/07 20:08:51 niklas Exp $	 */
 
 /*
@@ -89,9 +89,9 @@ struct crypto_xf transforms[] = {
 enum cryptoerr
 des1_init(struct keystate *ks, u_int8_t *key, u_int16_t len)
 {
-	/* des_set_key returns -1 for parity problems, and -2 for weak keys */
-	des_set_odd_parity((void *)key);
-	switch (des_set_key((void *)key, ks->ks_des[0])) {
+	/* DES_set_key returns -1 for parity problems, and -2 for weak keys */
+	DES_set_odd_parity((void *)key);
+	switch (DES_set_key((void *)key, &ks->ks_des[0])) {
 	case -2:
 		return EWEAKKEY;
 	default:
@@ -102,28 +102,28 @@ des1_init(struct keystate *ks, u_int8_t *key, u_int16_t len)
 void
 des1_encrypt(struct keystate *ks, u_int8_t *d, u_int16_t len)
 {
-	des_cbc_encrypt((void *)d, (void *)d, len, ks->ks_des[0], (void *)ks->riv,
+	DES_cbc_encrypt((void *)d, (void *)d, len, &ks->ks_des[0], (void *)ks->riv,
 	    DES_ENCRYPT);
 }
 
 void
 des1_decrypt(struct keystate *ks, u_int8_t *d, u_int16_t len)
 {
-	des_cbc_encrypt((void *)d, (void *)d, len, ks->ks_des[0], (void *)ks->riv,
+	DES_cbc_encrypt((void *)d, (void *)d, len, &ks->ks_des[0], (void *)ks->riv,
 	    DES_DECRYPT);
 }
 
 enum cryptoerr
 des3_init(struct keystate *ks, u_int8_t *key, u_int16_t len)
 {
-	des_set_odd_parity((void *)key);
-	des_set_odd_parity((void *)(key + 8));
-	des_set_odd_parity((void *)(key + 16));
+	DES_set_odd_parity((void *)key);
+	DES_set_odd_parity((void *)(key + 8));
+	DES_set_odd_parity((void *)(key + 16));
 
 	/* As of the draft Tripe-DES does not check for weak keys */
-	des_set_key((void *)key, ks->ks_des[0]);
-	des_set_key((void *)(key + 8), ks->ks_des[1]);
-	des_set_key((void *)(key + 16), ks->ks_des[2]);
+	DES_set_key((void *)key, &ks->ks_des[0]);
+	DES_set_key((void *)(key + 8), &ks->ks_des[1]);
+	DES_set_key((void *)(key + 16), &ks->ks_des[2]);
 
 	return EOKAY;
 }
@@ -134,8 +134,8 @@ des3_encrypt(struct keystate *ks, u_int8_t *data, u_int16_t len)
 	u_int8_t        iv[MAXBLK];
 
 	memcpy(iv, ks->riv, ks->xf->blocksize);
-	des_ede3_cbc_encrypt((void *)data, (void *)data, len, ks->ks_des[0],
-	    ks->ks_des[1], ks->ks_des[2], (void *)iv, DES_ENCRYPT);
+	DES_ede3_cbc_encrypt((void *)data, (void *)data, len, &ks->ks_des[0],
+	    &ks->ks_des[1], &ks->ks_des[2], (void *)iv, DES_ENCRYPT);
 }
 
 void
@@ -144,8 +144,8 @@ des3_decrypt(struct keystate *ks, u_int8_t *data, u_int16_t len)
 	u_int8_t        iv[MAXBLK];
 
 	memcpy(iv, ks->riv, ks->xf->blocksize);
-	des_ede3_cbc_encrypt((void *)data, (void *)data, len, ks->ks_des[0],
-	    ks->ks_des[1], ks->ks_des[2], (void *)iv, DES_DECRYPT);
+	DES_ede3_cbc_encrypt((void *)data, (void *)data, len, &ks->ks_des[0],
+	    &ks->ks_des[1], &ks->ks_des[2], (void *)iv, DES_DECRYPT);
 }
 
 enum cryptoerr
diff --git a/sbin/isakmpd/crypto.h b/sbin/isakmpd/crypto.h
index 5ef8ac150d6..effdb189d1c 100644
--- a/sbin/isakmpd/crypto.h
+++ b/sbin/isakmpd/crypto.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: crypto.h,v 1.18 2006/06/02 19:35:55 hshoexer Exp $	 */
+/* $OpenBSD: crypto.h,v 1.19 2010/10/15 10:18:42 jsg Exp $	 */
 /* $EOM: crypto.h,v 1.12 2000/10/15 21:56:41 niklas Exp $	 */
 
 /*
@@ -32,7 +32,7 @@
 #ifndef _CRYPTO_H_
 #define _CRYPTO_H_
 
-#include <des.h>
+#include <openssl/des.h>
 #include <blf.h>
 #include <cast.h>
 
@@ -80,7 +80,7 @@ struct keystate {
 	u_int8_t        iv2[MAXBLK];
 	u_int8_t       *riv, *liv;
 	union {
-		des_key_schedule desks[3];
+		DES_key_schedule desks[3];
 		blf_ctx         blfks;
 		cast_key        castks;
 		AES_KEY         aesks[2];
diff --git a/usr.bin/passwd/Makefile b/usr.bin/passwd/Makefile
index a35621d79ec..679ca85299f 100644
--- a/usr.bin/passwd/Makefile
+++ b/usr.bin/passwd/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.31 2008/07/04 12:50:23 djm Exp $
+#	$OpenBSD: Makefile,v 1.32 2010/10/15 10:18:42 jsg Exp $
 
 .include <bsd.own.mk>
 
@@ -20,8 +20,8 @@ CFLAGS+=-DYP -I${.CURDIR}/../../lib/libc/yp
 .if (${KERBEROS5:L} == "yes")
 SRCS+= krb5_passwd.c
 CFLAGS+= -DKRB5
-DPADD+=	${LIBKRB5} ${LIBASN1} ${LIBDES} ${LIBCRYPTO}
-LDADD+=	-lkrb5 -lasn1 -ldes -lcrypto
+DPADD+=	${LIBKRB5} ${LIBASN1} ${LIBCRYPTO}
+LDADD+=	-lkrb5 -lasn1 -lcrypto
 .endif
 
 BINMODE=4555
diff --git a/usr.bin/passwd/krb5_passwd.c b/usr.bin/passwd/krb5_passwd.c
index 9341af6d810..ad09c063263 100644
--- a/usr.bin/passwd/krb5_passwd.c
+++ b/usr.bin/passwd/krb5_passwd.c
@@ -49,7 +49,7 @@
 #include <dlfcn.h>
 #include <util.h>
 #include <err.h>
-#include <des.h>
+#include <openssl/ui.h>
 #include <kerberosV/krb5.h>
 
 /* RCSID("$KTH: kpasswd.c,v 1.23 2000/12/31 07:48:34 assar Exp $"); */
@@ -113,7 +113,8 @@ krb5_passwd(int argc, char **argv)
 	krb5_data_zero(&result_code_string);
 	krb5_data_zero(&result_string);
 
-	if (des_read_pw_string(pwbuf, sizeof(pwbuf), "New password:", 1) != 0)
+	if (UI_UTIL_read_pw_string(pwbuf, sizeof(pwbuf), "New password:",
+	    1) != 0)
 		return 1;
 
 	ret = krb5_change_password (context, &cred, pwbuf, &result_code,
diff --git a/usr.bin/sectok/Makefile b/usr.bin/sectok/Makefile
index 5c66bfc7a99..08d0e648d85 100644
--- a/usr.bin/sectok/Makefile
+++ b/usr.bin/sectok/Makefile
@@ -1,9 +1,9 @@
-#	$OpenBSD: Makefile,v 1.3 2002/05/11 00:20:20 espie Exp $
+#	$OpenBSD: Makefile,v 1.4 2010/10/15 10:18:42 jsg Exp $
 
 PROG=	sectok
 SRCS=   main.c cmds.c cyberflex.c
-DPADD=	${LIBSECTOK} ${LIBCRYPTO} ${LIBDES}
-LDADD=  -lsectok -lcrypto -ldes
+DPADD=	${LIBSECTOK} ${LIBCRYPTO}
+LDADD=  -lsectok -lcrypto
 
 CFLAGS+=-Wall
 
diff --git a/usr.bin/sectok/cyberflex.c b/usr.bin/sectok/cyberflex.c
index 31233a18a67..82988fc8906 100644
--- a/usr.bin/sectok/cyberflex.c
+++ b/usr.bin/sectok/cyberflex.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: cyberflex.c,v 1.28 2007/12/30 13:35:27 sobrado Exp $ */
+/*	$OpenBSD: cyberflex.c,v 1.29 2010/10/15 10:18:42 jsg Exp $ */
 
 /*
  * copyright 1999, 2000
@@ -38,7 +38,7 @@
 #include <signal.h>
 #include <string.h>
 #include <fcntl.h>
-#include <des.h>
+#include <openssl/des.h>
 #ifdef __linux
 #include <sha.h>
 #define SHA1_CTX SHA_CTX
@@ -65,10 +65,6 @@
 
 #include "sc.h"
 
-#ifdef __sun
-#define des_set_key(key, schedule) des_key_sched(key, schedule)
-#endif
-
 #define MAX_KEY_FILE_SIZE 1024
 #define NUM_RSA_KEY_ELEMENTS 5
 #define RSA_BIT_LEN 1024
@@ -87,7 +83,7 @@ static void print_acl(int isdir, u_char *acl);
 
 #ifndef __palmos__
 /* default signed applet key of Cyberflex Access */
-static des_cblock app_key = {0x6A, 0x21, 0x36, 0xF5, 0xD8, 0x0C, 0x47, 0x83};
+static DES_cblock app_key = {0x6A, 0x21, 0x36, 0xF5, 0xD8, 0x0C, 0x47, 0x83};
 #endif
 
 static int
@@ -612,8 +608,8 @@ jload(int argc, char *argv[])
 	int	i, j, vflag = 0, gotprog = 0, gotcont = 0, fd_app, size;
 	int	aidlen = 0, sw;
 	int	cont_size = 1152, inst_size = 1024;
-	des_cblock tmp;
-	des_key_schedule schedule;
+	DES_cblock tmp;
+	DES_key_schedule schedule;
 	static u_char acl[] = {0x81, 0, 0, 0xff, 0, 0, 0, 0};
 
 	optind = optreset = 1;
@@ -723,12 +719,12 @@ jload(int argc, char *argv[])
 	/* chain.  DES encrypt one block, XOR the cyphertext with the next
 	 * block, ... continues until the end of the buffer */
 
-	des_set_key(&app_key, schedule);
+	DES_set_key(&app_key, &schedule);
 
 	for (i = 0; i < size / BLOCK_SIZE; i++) {
 		for (j = 0; j < BLOCK_SIZE; j++)
 			tmp[j] = tmp[j] ^ app_data[i * BLOCK_SIZE + j];
-		des_ecb_encrypt(&tmp, &tmp, schedule, DES_ENCRYPT);
+		DES_ecb_encrypt(&tmp, &tmp, &schedule, DES_ENCRYPT);
 	}
 
 	if (vflag) {
diff --git a/usr.bin/telnet/Makefile b/usr.bin/telnet/Makefile
index 2bc42f4e465..0276fa23de0 100644
--- a/usr.bin/telnet/Makefile
+++ b/usr.bin/telnet/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.23 2005/05/24 03:41:58 deraadt Exp $
+#	$OpenBSD: Makefile,v 1.24 2010/10/15 10:18:42 jsg Exp $
 #
 # Copyright (c) 1990 The Regents of the University of California.
 # All rights reserved.
@@ -45,8 +45,8 @@ SRCS=	authenc.c commands.c main.c network.c ring.c sys_bsd.c telnet.c \
 
 .if (${KERBEROS5:L} == "yes")
 CFLAGS+=-DENCRYPTION -DAUTHENTICATION -DKRB5 -DDES_ENCRYPTION
-DPADD+= ${LIBKRB5} ${LIBASN1} ${LIBCRYPTO} ${LIBDES}
-LDADD+= -lkrb5 -lasn1 -lcrypto -ldes
+DPADD+= ${LIBKRB5} ${LIBASN1} ${LIBCRYPTO}
+LDADD+= -lkrb5 -lasn1 -lcrypto
 SRCS+= kerberos5.c enc_des.c
 .endif
 
diff --git a/usr.bin/telnet/enc_des.c b/usr.bin/telnet/enc_des.c
index 06ff59b4fd4..f6e832cda12 100644
--- a/usr.bin/telnet/enc_des.c
+++ b/usr.bin/telnet/enc_des.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: enc_des.c,v 1.1 2005/05/24 03:43:56 deraadt Exp $ */
+/*     $OpenBSD: enc_des.c,v 1.2 2010/10/15 10:18:42 jsg Exp $ */
 
 /*-
  * Copyright (c) 1991, 1993
@@ -39,7 +39,8 @@
 
 #include "encrypt.h"
 #include "misc-proto.h"
-#include <des.h>
+#include <openssl/des.h>
+#include <openssl/rand.h>
 
 extern int encrypt_debug_mode;
 
@@ -55,19 +56,19 @@ extern int encrypt_debug_mode;
 
 
 struct stinfo {
-  des_cblock	str_output;
-  des_cblock	str_feed;
-  des_cblock	str_iv;
-  des_cblock	str_ikey;
-  des_key_schedule str_sched;
+  DES_cblock	str_output;
+  DES_cblock	str_feed;
+  DES_cblock	str_iv;
+  DES_cblock	str_ikey;
+  DES_key_schedule str_sched;
   int		str_index;
   int		str_flagshift;
 };
 
 struct fb {
-	des_cblock krbdes_key;
-	des_key_schedule krbdes_sched;
-	des_cblock temp_feed;
+	DES_cblock krbdes_key;
+	DES_key_schedule krbdes_sched;
+	DES_cblock temp_feed;
 	unsigned char fb_feed[64];
 	int need_start;
 	int state[2];
@@ -105,13 +106,13 @@ struct keyidlist {
 #define	FB64_IV_BAD	3
 
 
-void fb64_stream_iv (des_cblock, struct stinfo *);
+void fb64_stream_iv (DES_cblock, struct stinfo *);
 void fb64_init (struct fb *);
 static int fb64_start (struct fb *, int, int);
 int fb64_is (unsigned char *, int, struct fb *);
 int fb64_reply (unsigned char *, int, struct fb *);
 static void fb64_session (Session_Key *, int, struct fb *);
-void fb64_stream_key (des_cblock, struct stinfo *);
+void fb64_stream_key (DES_cblock, struct stinfo *);
 int fb64_keyid (int, unsigned char *, int *, struct fb *);
 
 void cfb64_init(int server)
@@ -197,27 +198,21 @@ static int fb64_start(struct fb *fbp, int dir, int server)
 		/*
 		 * Create a random feed and send it over.
 		 */
-#ifndef OLD_DES_RANDOM_KEY
-		des_new_random_key(&fbp->temp_feed);
-#else
-		/*
-		 * From des_cryp.man "If the des_check_key flag is non-zero,
-		 *  des_set_key will check that the key passed is
-		 *  of odd parity and is not a week or semi-weak key."
-		 */
 		do {
-			des_random_key(fbp->temp_feed);
-			des_set_odd_parity(fbp->temp_feed);
-		} while (des_is_weak_key(fbp->temp_feed));
-#endif
-		des_ecb_encrypt(&fbp->temp_feed,
+		   if (RAND_bytes(fbp->temp_feed,
+		     		  sizeof(*fbp->temp_feed)) != 1)
+		       abort();
+		   DES_set_odd_parity(&fbp->temp_feed);
+		} while(DES_is_weak_key(&fbp->temp_feed));
+
+		DES_ecb_encrypt(&fbp->temp_feed,
 				&fbp->temp_feed,
-				fbp->krbdes_sched, 1);
+				&fbp->krbdes_sched, 1);
 		p = fbp->fb_feed + 3;
 		*p++ = ENCRYPT_IS;
 		p++;
 		*p++ = FB64_IV;
-		for (x = 0; x < sizeof(des_cblock); ++x) {
+		for (x = 0; x < sizeof(DES_cblock); ++x) {
 			if ((*p++ = fbp->temp_feed[x]) == IAC)
 				*p++ = IAC;
 		}
@@ -260,7 +255,7 @@ int fb64_is(unsigned char *data, int cnt, struct fb *fbp)
 
 	switch (*data++) {
 	case FB64_IV:
-		if (cnt != sizeof(des_cblock)) {
+		if (cnt != sizeof(DES_cblock)) {
 			if (encrypt_debug_mode)
 				printf("CFB64: initial vector failed on size\r\n");
 			state = FAILED;
@@ -349,7 +344,7 @@ int fb64_reply(unsigned char *data, int cnt, struct fb *fbp)
 		break;
 
 	case FB64_IV_BAD:
-		memset(fbp->temp_feed, 0, sizeof(des_cblock));
+		memset(fbp->temp_feed, 0, sizeof(DES_cblock));
 		fb64_stream_iv(fbp->temp_feed, &fbp->streams[DIR_ENCRYPT-1]);
 		state = FAILED;
 		break;
@@ -387,18 +382,16 @@ static void fb64_session(Session_Key *key, int server, struct fb *fbp)
 				key ? key->type : -1, SK_DES);
 		return;
 	}
-	memcpy(fbp->krbdes_key, key->data, sizeof(des_cblock));
+	memcpy(fbp->krbdes_key, key->data, sizeof(DES_cblock));
 
 	fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_ENCRYPT-1]);
 	fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_DECRYPT-1]);
 
-	if (fbp->once == 0) {
-#ifndef OLD_DES_RANDOM_KEY
-		des_init_random_number_generator(&fbp->krbdes_key);
-#endif
-		fbp->once = 1;
-	}
-	des_key_sched(&fbp->krbdes_key, fbp->krbdes_sched);
+	RAND_seed(key->data, key->length);
+
+	DES_set_key_checked((DES_cblock *)&fbp->krbdes_key,
+			   &fbp->krbdes_sched);
+
 	/*
 	 * Now look to see if krbdes_start() was was waiting for
 	 * the key to show up.  If so, go ahead an call it now
@@ -495,25 +488,25 @@ void ofb64_printsub(unsigned char *data, int cnt,
 	fb64_printsub(data, cnt, buf, buflen, "OFB64");
 }
 
-void fb64_stream_iv(des_cblock seed, struct stinfo *stp)
+void fb64_stream_iv(DES_cblock seed, struct stinfo *stp)
 {
 
-	memcpy(stp->str_iv, seed,sizeof(des_cblock));
-	memcpy(stp->str_output, seed, sizeof(des_cblock));
+	memcpy(stp->str_iv, seed,sizeof(DES_cblock));
+	memcpy(stp->str_output, seed, sizeof(DES_cblock));
 
-	des_key_sched(&stp->str_ikey, stp->str_sched);
+	DES_key_sched(&stp->str_ikey, &stp->str_sched);
 
-	stp->str_index = sizeof(des_cblock);
+	stp->str_index = sizeof(DES_cblock);
 }
 
-void fb64_stream_key(des_cblock key, struct stinfo *stp)
+void fb64_stream_key(DES_cblock key, struct stinfo *stp)
 {
-	memcpy(stp->str_ikey, key, sizeof(des_cblock));
-	des_key_sched((des_cblock*)key, stp->str_sched);
+	memcpy(stp->str_ikey, key, sizeof(DES_cblock));
+	DES_key_sched((des_cblock*)key, &stp->str_sched);
 
-	memcpy(stp->str_output, stp->str_iv, sizeof(des_cblock));
+	memcpy(stp->str_output, stp->str_iv, sizeof(DES_cblock));
 
-	stp->str_index = sizeof(des_cblock);
+	stp->str_index = sizeof(DES_cblock);
 }
 
 /*
@@ -545,10 +538,10 @@ void cfb64_encrypt(unsigned char *s, int c)
 
 	index = stp->str_index;
 	while (c-- > 0) {
-		if (index == sizeof(des_cblock)) {
-			des_cblock b;
-			des_ecb_encrypt(&stp->str_output, &b,stp->str_sched, 1);
-			memcpy(stp->str_feed, b, sizeof(des_cblock));
+		if (index == sizeof(DES_cblock)) {
+			DES_cblock b;
+			DES_ecb_encrypt(&stp->str_output, &b, &stp->str_sched, 1);
+			memcpy(stp->str_feed, b, sizeof(DES_cblock));
 			index = 0;
 		}
 
@@ -577,10 +570,10 @@ int cfb64_decrypt(int data)
 	}
 
 	index = stp->str_index++;
-	if (index == sizeof(des_cblock)) {
-		des_cblock b;
-		des_ecb_encrypt(&stp->str_output,&b, stp->str_sched, 1);
-		memcpy(stp->str_feed, b, sizeof(des_cblock));
+	if (index == sizeof(DES_cblock)) {
+		DES_cblock b;
+		DES_ecb_encrypt(&stp->str_output,&b, &stp->str_sched, 1);
+		memcpy(stp->str_feed, b, sizeof(DES_cblock));
 		stp->str_index = 1;	/* Next time will be 1 */
 		index = 0;		/* But now use 0 */ 
 	}
@@ -617,10 +610,10 @@ void ofb64_encrypt(unsigned char *s, int c)
 
 	index = stp->str_index;
 	while (c-- > 0) {
-		if (index == sizeof(des_cblock)) {
-			des_cblock b;
-			des_ecb_encrypt(&stp->str_feed,&b, stp->str_sched, 1);
-			memcpy(stp->str_feed, b, sizeof(des_cblock));
+		if (index == sizeof(DES_cblock)) {
+			DES_cblock b;
+			DES_ecb_encrypt(&stp->str_feed,&b, &stp->str_sched, 1);
+			memcpy(stp->str_feed, b, sizeof(DES_cblock));
 			index = 0;
 		}
 		*s++ ^= stp->str_feed[index];
@@ -646,10 +639,10 @@ int ofb64_decrypt(int data)
 	}
 
 	index = stp->str_index++;
-	if (index == sizeof(des_cblock)) {
-		des_cblock b;
-		des_ecb_encrypt(&stp->str_feed,&b,stp->str_sched, 1);
-		memcpy(stp->str_feed, b, sizeof(des_cblock));
+	if (index == sizeof(DES_cblock)) {
+		DES_cblock b;
+		DES_ecb_encrypt(&stp->str_feed,&b, &stp->str_sched, 1);
+		memcpy(stp->str_feed, b, sizeof(DES_cblock));
 		stp->str_index = 1;	/* Next time will be 1 */
 		index = 0;		/* But now use 0 */ 
 	}
diff --git a/usr.bin/x99token/Makefile b/usr.bin/x99token/Makefile
index 9b23a6761b9..d93d3d71215 100644
--- a/usr.bin/x99token/Makefile
+++ b/usr.bin/x99token/Makefile
@@ -1,7 +1,7 @@
-#	$OpenBSD: Makefile,v 1.3 2002/05/11 00:20:20 espie Exp $
+#	$OpenBSD: Makefile,v 1.4 2010/10/15 10:18:42 jsg Exp $
 
 PROG=	x99token
-LDADD+=	-ldes
-DPADD+= ${LIBDES}
+LDADD+=	-lcrypto
+DPADD+= ${LIBCRYPTO}
 
 .include <bsd.prog.mk>
diff --git a/usr.bin/x99token/x99token.c b/usr.bin/x99token/x99token.c
index b0353010013..d00dc64eb94 100644
--- a/usr.bin/x99token/x99token.c
+++ b/usr.bin/x99token/x99token.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: x99token.c,v 1.7 2007/03/29 10:59:13 jmc Exp $	*/
+/*	$OpenBSD: x99token.c,v 1.8 2010/10/15 10:18:42 jsg Exp $	*/
 
 /*
  * X9.9 calculator
@@ -18,13 +18,13 @@
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
-#include <des.h>
+#include <openssl/des.h>
 
 #define	KEYFILE		".keyfile.des"
 #define	HEXDIGITS	"0123456789abcdef"
 #define	DECDIGITS	"0123456789012345"
 
-void predict(des_key_schedule, const char *, int);
+void predict(DES_key_schedule, const char *, int);
 
 char *digits = HEXDIGITS;
 extern char *__progname;
@@ -34,8 +34,8 @@ main(int argc, char **argv)
 {
 	int i;
 	char buf[256];
-	des_key_schedule ks;
-	des_cblock key;
+	DES_key_schedule ks;
+	DES_cblock key;
 	char _keyfile[MAXPATHLEN];
 	char *keyfile = 0;
 	FILE *fp;
@@ -147,8 +147,8 @@ main(int argc, char **argv)
 		exit(0);
 	}
 
-	des_fixup_key_parity(&key);
-	des_key_sched(&key, ks);
+	DES_fixup_key_parity(&key);
+	DES_key_sched(&key, &ks);
 
 	buf[0] = '\0';
 	readpassphrase("Enter challenge: ", buf, sizeof(buf), RPP_ECHO_ON);
@@ -171,15 +171,15 @@ main(int argc, char **argv)
 }
 
 void
-predict(des_key_schedule ks, const char *chal, int cnt)
+predict(DES_key_schedule ks, const char *chal, int cnt)
 {
 	int i;
-	des_cblock cb;
+	DES_cblock cb;
 
 	memcpy(&cb, chal, sizeof(cb));
 	while (cnt-- > 0) {
 		printf("%.8s: ", (char *)cb);
-		des_ecb_encrypt(&cb, &cb, ks, DES_ENCRYPT);
+		DES_ecb_encrypt(&cb, &cb, &ks, DES_ENCRYPT);
 		for (i = 0; i < 4; ++i) {
 			printf("%c", digits[(cb[i]>>4) & 0xf]);
 			printf("%c", digits[(cb[i]>>0) & 0xf]);
diff --git a/usr.sbin/ppp/ppp/Makefile b/usr.sbin/ppp/ppp/Makefile
index a00f6bee1fc..d8a8bb1cfe9 100644
--- a/usr.sbin/ppp/ppp/Makefile
+++ b/usr.sbin/ppp/ppp/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.28 2005/09/22 00:08:24 brad Exp $
+#	$OpenBSD: Makefile,v 1.29 2010/10/15 10:18:42 jsg Exp $
 
 PROG=	ppp
 SRCS=	alias.c alias_cuseeme.c alias_db.c alias_ftp.c alias_irc.c \
@@ -13,8 +13,8 @@ SRCS=	alias.c alias_cuseeme.c alias_db.c alias_ftp.c alias_irc.c \
 CFLAGS+=-Wall -DNO_FW_PUNCH -DNOI4B -DNONETGRAPH
 CFLAGS+=-DLOCALNAT -DLOCALRAD
 M4FLAGS=-DLOCALNAT -DLOCALRAD
-LDADD+= -lcrypto -ldes -lutil -lz
-DPADD+=	${LIBDES} ${LIBUTIL} ${LIBZ} ${LIBCRYPTO}
+LDADD+= -lcrypto -lutil -lz
+DPADD+=	${LIBUTIL} ${LIBZ} ${LIBCRYPTO}
 .if defined(NOSUID) || defined(PPP_NOSUID)
 BINMODE=554
 .else
diff --git a/usr.sbin/ppp/ppp/chap_ms.c b/usr.sbin/ppp/ppp/chap_ms.c
index 1f153a60d88..41d2589a844 100644
--- a/usr.sbin/ppp/ppp/chap_ms.c
+++ b/usr.sbin/ppp/ppp/chap_ms.c
@@ -26,7 +26,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $OpenBSD: chap_ms.c,v 1.12 2002/06/15 08:02:00 brian Exp $
+ * $OpenBSD: chap_ms.c,v 1.13 2010/10/15 10:18:42 jsg Exp $
  */
 
 #include <ctype.h>
@@ -36,11 +36,7 @@
 #else
 #include <sys/types.h>
 #include <stdlib.h>
-#ifdef __NetBSD__
 #include <openssl/des.h>
-#else
-#include <des.h>
-#endif
 #include <openssl/sha.h>
 #endif
 #include <md4.h>
@@ -103,18 +99,18 @@ MakeKey(u_char *key, u_char *des_key)
     des_key[6] = Get7Bits(key, 42);
     des_key[7] = Get7Bits(key, 49);
 
-    des_set_odd_parity((des_cblock *)des_key);
+    DES_set_odd_parity((DES_cblock *)des_key);
 }
 
 static void /* IN 8 octets IN 7 octest OUT 8 octets */
 DesEncrypt(u_char *clear, u_char *key, u_char *cipher)
 {
-    des_cblock		des_key;
-    des_key_schedule	key_schedule;
+    DES_cblock		des_key;
+    DES_key_schedule	key_schedule;
 
     MakeKey(key, des_key);
-    des_set_key(&des_key, key_schedule);
-    des_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher, key_schedule, 1);
+    DES_set_key(&des_key, &key_schedule);
+    DES_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher, &key_schedule, 1);
 }
 
 static void      /* IN 8 octets      IN 16 octets     OUT 24 octets */
diff --git a/usr.sbin/tokenadm/Makefile b/usr.sbin/tokenadm/Makefile
index a6cd8121a7e..709dbbf844c 100644
--- a/usr.sbin/tokenadm/Makefile
+++ b/usr.sbin/tokenadm/Makefile
@@ -1,10 +1,10 @@
-#	$OpenBSD: Makefile,v 1.2 2003/07/18 21:18:51 david Exp $
+#	$OpenBSD: Makefile,v 1.3 2010/10/15 10:18:42 jsg Exp $
 
 PROG=	tokenadm
 SRCS=	tokenadm.c init.c tokendb.c
 MAN=	tokenadm.8
-LDADD+=	-ldes
-DPADD=	${LIBDES}
+LDADD+=	-lcrypto
+DPADD=	${LIBCRYPTO}
 
 CFLAGS+=-I${.CURDIR}/../../libexec/login_token
 .PATH:	${.CURDIR}/../../libexec/login_token
diff --git a/usr.sbin/tokeninit/Makefile b/usr.sbin/tokeninit/Makefile
index b394581bd95..9aa5f44c859 100644
--- a/usr.sbin/tokeninit/Makefile
+++ b/usr.sbin/tokeninit/Makefile
@@ -1,10 +1,10 @@
-#	$OpenBSD: Makefile,v 1.2 2003/07/18 21:18:51 david Exp $
+#	$OpenBSD: Makefile,v 1.3 2010/10/15 10:18:42 jsg Exp $
 
 PROG=	tokeninit
 SRCS=	tokeninit.c init.c token.c tokendb.c
 MAN=	tokeninit.8
-LDADD+=	-ldes
-DPADD=  ${LIBDES}
+LDADD+=	-lcrypto
+DPADD=  ${LIBCRYPTO}
 
 CFLAGS+=-I${.CURDIR}/../../libexec/login_token
 .PATH:	${.CURDIR}/../../libexec/login_token