net/netatalk uses a prefix-less API even older than des_ and found at the end of <openssl/des_old.h>.
configure still checks for -ldes, but this looks like a vestige given that the automake glue refers to OpenSSL, so I decided that it wasn't worth trying to maintain compatibility with the 1990s. ok? Index: patches/patch-bin_afppasswd_afppasswd_c =================================================================== RCS file: patches/patch-bin_afppasswd_afppasswd_c diff -N patches/patch-bin_afppasswd_afppasswd_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-bin_afppasswd_afppasswd_c 15 Apr 2014 14:40:09 -0000 @@ -0,0 +1,30 @@ +$OpenBSD$ +--- bin/afppasswd/afppasswd.c.orig Tue Jul 23 11:10:55 2013 ++++ bin/afppasswd/afppasswd.c Tue Apr 15 16:24:33 2014 +@@ -70,7 +70,7 @@ static char buf[MAXPATHLEN + 1]; + static void convert_passwd(char *buf, char *newpwd, const int keyfd) + { + u_int8_t key[HEXPASSWDLEN]; +- Key_schedule schedule; ++ DES_key_schedule schedule; + unsigned int i, j; + + if (!newpwd) { +@@ -89,14 +89,14 @@ static void convert_passwd(char *buf, char *newpwd, co + key[j] = (unhex(key[i]) << 4) | unhex(key[i + 1]); + if (j <= DES_KEY_SZ) + memset(key + j, 0, sizeof(key) - j); +- key_sched((C_Block *) key, schedule); ++ DES_key_sched((DES_cblock *) key, &schedule); + memset(key, 0, sizeof(key)); + if (newpwd) { +- ecb_encrypt((C_Block *) newpwd, (C_Block *) newpwd, schedule, ++ DES_ecb_encrypt((DES_cblock *) newpwd, (DES_cblock *) newpwd, &schedule, + DES_ENCRYPT); + } else { + /* decrypt the password */ +- ecb_encrypt((C_Block *) buf, (C_Block *) buf, schedule, DES_DECRYPT); ++ DES_ecb_encrypt((DES_cblock *) buf, (DES_cblock *) buf, &schedule, DES_DECRYPT); + } + memset(&schedule, 0, sizeof(schedule)); + } Index: patches/patch-etc_uams_uams_randnum_c =================================================================== RCS file: patches/patch-etc_uams_uams_randnum_c diff -N patches/patch-etc_uams_uams_randnum_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-etc_uams_uams_randnum_c 15 Apr 2014 14:40:09 -0000 @@ -0,0 +1,103 @@ +$OpenBSD$ +--- etc/uams/uams_randnum.c.orig Tue Jul 23 11:10:55 2013 ++++ etc/uams/uams_randnum.c Tue Apr 15 16:38:15 2014 +@@ -55,8 +55,8 @@ char *strchr (), *strrchr (); + + #define PASSWDLEN 8 + +-static C_Block seskey; +-static Key_schedule seskeysched; ++static DES_cblock seskey; ++static DES_key_schedule seskeysched; + static struct passwd *randpwd; + static u_int8_t randbuf[8]; + +@@ -146,7 +146,7 @@ static int afppasswd(const struct passwd *pwd, + { + u_int8_t key[DES_KEY_SZ*2]; + char buf[MAXPATHLEN + 1], *p; +- Key_schedule schedule; ++ DES_key_schedule schedule; + FILE *fp; + unsigned int i, j; + int keyfd = -1, err = 0; +@@ -203,17 +203,17 @@ afppasswd_found: + key[j] = (unhex(key[i]) << 4) | unhex(key[i + 1]); + if (j <= DES_KEY_SZ) + memset(key + j, 0, sizeof(key) - j); +- key_sched((C_Block *) key, schedule); ++ DES_key_sched((DES_cblock *) key, &schedule); + memset(key, 0, sizeof(key)); + + if (set) { + /* NOTE: this takes advantage of the fact that passwd doesn't + * get used after this call if it's being set. */ +- ecb_encrypt((C_Block *) passwd, (C_Block *) passwd, schedule, ++ DES_ecb_encrypt((DES_cblock *) passwd, (DES_cblock *) passwd, &schedule, + DES_ENCRYPT); + } else { + /* decrypt the password */ +- ecb_encrypt((C_Block *) p, (C_Block *) p, schedule, DES_DECRYPT); ++ DES_ecb_encrypt((DES_cblock *) p, (DES_cblock *) p, &schedule, DES_DECRYPT); + } + memset(&schedule, 0, sizeof(schedule)); + } +@@ -362,10 +362,10 @@ static int randnum_logincont(void *obj, struct passwd + + /* encrypt. this saves a little space by using the fact that + * des can encrypt in-place without side-effects. */ +- key_sched((C_Block *) seskey, seskeysched); ++ DES_key_sched((DES_cblock *) seskey, &seskeysched); + memset(seskey, 0, sizeof(seskey)); +- ecb_encrypt((C_Block *) randbuf, (C_Block *) randbuf, +- seskeysched, DES_ENCRYPT); ++ DES_ecb_encrypt((DES_cblock *) randbuf, (DES_cblock *) randbuf, ++ &seskeysched, DES_ENCRYPT); + memset(&seskeysched, 0, sizeof(seskeysched)); + + /* test against what the client sent */ +@@ -406,10 +406,10 @@ static int rand2num_logincont(void *obj, struct passwd + seskey[i] <<= 1; + + /* encrypt randbuf */ +- key_sched((C_Block *) seskey, seskeysched); ++ DES_key_sched((DES_cblock *) seskey, &seskeysched); + memset(seskey, 0, sizeof(seskey)); +- ecb_encrypt( (C_Block *) randbuf, (C_Block *) randbuf, +- seskeysched, DES_ENCRYPT); ++ DES_ecb_encrypt( (DES_cblock *) randbuf, (DES_cblock *) randbuf, ++ &seskeysched, DES_ENCRYPT); + + /* test against client's reply */ + if (memcmp(randbuf, ibuf, sizeof(randbuf))) { /* != */ +@@ -421,8 +421,8 @@ static int rand2num_logincont(void *obj, struct passwd + memset(randbuf, 0, sizeof(randbuf)); + + /* encrypt client's challenge and send back */ +- ecb_encrypt( (C_Block *) ibuf, (C_Block *) rbuf, +- seskeysched, DES_ENCRYPT); ++ DES_ecb_encrypt( (DES_cblock *) ibuf, (DES_cblock *) rbuf, ++ &seskeysched, DES_ENCRYPT); + memset(&seskeysched, 0, sizeof(seskeysched)); + *rbuflen = sizeof(randbuf); + +@@ -457,15 +457,15 @@ static int randnum_changepw(void *obj, const char *use + return err; + + /* use old passwd to decrypt new passwd */ +- key_sched((C_Block *) seskey, seskeysched); ++ DES_key_sched((DES_cblock *) seskey, &seskeysched); + ibuf += PASSWDLEN; /* new passwd */ + ibuf[PASSWDLEN] = '\0'; +- ecb_encrypt( (C_Block *) ibuf, (C_Block *) ibuf, seskeysched, DES_DECRYPT); ++ DES_ecb_encrypt( (DES_cblock *) ibuf, (DES_cblock *) ibuf, &seskeysched, DES_DECRYPT); + + /* now use new passwd to decrypt old passwd */ +- key_sched((C_Block *) ibuf, seskeysched); ++ DES_key_sched((DES_cblock *) ibuf, &seskeysched); + ibuf -= PASSWDLEN; /* old passwd */ +- ecb_encrypt((C_Block *) ibuf, (C_Block *) ibuf, seskeysched, DES_DECRYPT); ++ DES_ecb_encrypt((DES_cblock *) ibuf, (DES_cblock *) ibuf, &seskeysched, DES_DECRYPT); + if (memcmp(seskey, ibuf, sizeof(seskey))) + err = AFPERR_NOTAUTH; + else if (memcmp(seskey, ibuf + PASSWDLEN, sizeof(seskey)) == 0) -- Christian "naddy" Weisgerber na...@mips.inka.de