This does not include regress, but should otherwise switch
all users of libdes in src to libcrypto.
Survives a build/release on amd64, tests to make sure
this doesn't break anything at runtime welcome.
Index: distrib/miniroot/makeconf.awk
===================================================================
RCS file: /cvs/src/distrib/miniroot/makeconf.awk,v
retrieving revision 1.15
diff -u -p -r1.15 makeconf.awk
--- distrib/miniroot/makeconf.awk 4 Aug 2005 16:35:03 -0000 1.15
+++ distrib/miniroot/makeconf.awk 13 Oct 2010 13:27:14 -0000
@@ -7,7 +7,7 @@
BEGIN {
printf("#\n# This file is automatically generated by
`makeconf'\n#\n\n");
- libs = "libs -lstubs -lutil -lotermcap -ll -lm -ldes";
+ libs = "libs -lstubs -lutil -lotermcap -ll -lm";
}
$1 == "LIBS" {
Index: libexec/login_tis/Makefile
===================================================================
RCS file: /cvs/src/libexec/login_tis/Makefile,v
retrieving revision 1.1
diff -u -p -r1.1 Makefile
--- libexec/login_tis/Makefile 28 Sep 2004 15:02:01 -0000 1.1
+++ libexec/login_tis/Makefile 13 Oct 2010 13:27:14 -0000
@@ -3,8 +3,8 @@
PROG= login_tis
MAN= login_tis.8
CFLAGS+=-Wall
-LDADD+= -ldes
-DPADD+= ${LIBDES}
+LDADD+= -lcrypto
+DPADD+= ${LIBCRYPTO}
BINOWN= root
BINGRP= auth
Index: libexec/login_tis/login_tis.c
===================================================================
RCS file: /cvs/src/libexec/login_tis/login_tis.c,v
retrieving revision 1.9
diff -u -p -r1.9 login_tis.c
--- libexec/login_tis/login_tis.c 24 Mar 2008 16:11:00 -0000 1.9
+++ libexec/login_tis/login_tis.c 13 Oct 2010 13:27:14 -0000
@@ -39,7 +39,7 @@
#include <login_cap.h>
#include <bsd_auth.h>
-#include <des.h> /* openssl/des.h */
+#include <openssl/des.h>
#include "login_tis.h"
@@ -343,7 +343,7 @@ tis_getkey(struct tis_connection *tc)
{
size_t len;
struct stat sb;
- des_cblock cblock;
+ DES_cblock cblock;
char *key, *tbuf = NULL;
FILE *fp;
int error;
@@ -393,8 +393,8 @@ tis_getkey(struct tis_connection *tc)
tbuf[len] = '\0';
key = tbuf;
}
- des_string_to_key(key, &cblock);
- error = des_set_key(&cblock, tc->keysched);
+ DES_string_to_key(key, &cblock);
+ error = DES_set_key(&cblock, &tc->keysched);
memset(key, 0, len);
memset(&cblock, 0, sizeof(cblock));
free(tbuf);
@@ -466,8 +466,8 @@ tis_open(struct tis_connection *tc, cons
ssize_t
tis_recv(struct tis_connection *tc, u_char *buf, size_t bufsiz)
{
- des_key_schedule ks;
- des_cblock iv;
+ DES_key_schedule ks;
+ DES_cblock iv;
ssize_t len;
u_char *cp, *ep, tbuf[TIS_BUFSIZ];
@@ -502,10 +502,10 @@ tis_recv(struct tis_connection *tc, u_ch
syslog(LOG_ERR, "encrypted data too large to store");
return (-1);
}
- memcpy(ks, tc->keysched, sizeof(ks));
+ memcpy(&ks, &tc->keysched, sizeof(ks));
memset(iv, 0, sizeof(iv));
- des_ncbc_encrypt((des_cblock *)buf, (des_cblock *)tbuf,
- len, ks, &iv, DES_DECRYPT);
+ DES_ncbc_encrypt(buf, tbuf,
+ len, &ks, &iv, DES_DECRYPT);
if (strlcpy(buf, tbuf, bufsiz) >= bufsiz) {
syslog(LOG_ERR, "unencrypted data too large to store");
memset(tbuf, 0, sizeof(tbuf));
@@ -524,14 +524,14 @@ ssize_t
tis_send(struct tis_connection *tc, u_char *buf, size_t len)
{
struct iovec iov[2];
- des_key_schedule ks;
- des_cblock iv;
+ DES_key_schedule ks;
+ DES_cblock iv;
ssize_t nwritten;
size_t n;
u_char cbuf[TIS_BUFSIZ];
if (tc->keyfile != NULL) {
- memcpy(ks, tc->keysched, sizeof(ks));
+ memcpy(&ks, &tc->keysched, sizeof(ks));
memset(iv, 0, sizeof(iv));
len++; /* we need to encrypt the NUL */
@@ -541,8 +541,8 @@ tis_send(struct tis_connection *tc, u_ch
syslog(LOG_ERR, "encoded data too large to store");
return (-1);
}
- des_ncbc_encrypt((des_cblock *)buf, (des_cblock *)cbuf, len,
- ks, &iv, DES_ENCRYPT);
+ DES_ncbc_encrypt(buf, cbuf, len,
+ &ks, &iv, DES_ENCRYPT);
len = tis_encode(cbuf, len, sizeof(cbuf));
buf = cbuf;
}
Index: libexec/login_token/Makefile
===================================================================
RCS file: /cvs/src/libexec/login_token/Makefile,v
retrieving revision 1.4
diff -u -p -r1.4 Makefile
--- libexec/login_token/Makefile 21 Nov 2002 22:14:51 -0000 1.4
+++ libexec/login_token/Makefile 13 Oct 2010 13:27:14 -0000
@@ -3,8 +3,8 @@
PROG= login_token
SRCS= login_token.c init.c token.c tokendb.c
MAN= login_token.8
-DPADD= ${LIBDES}
-LDADD= -ldes
+DPADD= ${LIBCRYPTO}
+LDADD= -lcrypto
TOKENS= activ crypto snk
Index: libexec/login_token/token.c
===================================================================
RCS file: /cvs/src/libexec/login_token/token.c,v
retrieving revision 1.11
diff -u -p -r1.11 token.c
--- libexec/login_token/token.c 12 Nov 2005 14:13:16 -0000 1.11
+++ libexec/login_token/token.c 13 Oct 2010 13:27:14 -0000
@@ -50,7 +50,7 @@
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
-#include <des.h>
+#include <openssl/des.h>
#include "token.h"
#include "tokendb.h"
@@ -62,7 +62,7 @@
*/
typedef union {
- des_cblock cb;
+ DES_cblock cb;
char ct[9];
unsigned long ul[2];
} TOKEN_CBlock;
@@ -106,7 +106,7 @@ tokenchallenge(char *user, char *challen
{
TOKENDB_Rec tr;
TOKEN_CBlock cb;
- des_key_schedule ks;
+ DES_key_schedule ks;
int r, c;
r = 1; /* no reduced input mode by default! */
@@ -123,9 +123,9 @@ tokenchallenge(char *user, char *challen
tr.flags &= ~TOKEN_LOCKED;
if (r == 0 && tr.rim[0]) {
h2cb(tr.secret, &cb);
- des_fixup_key_parity(&cb.cb);
- des_key_sched(&cb.cb, ks);
- des_ecb_encrypt(&tr.rim, &cb.cb, ks, DES_ENCRYPT);
+ DES_fixup_key_parity(&cb.cb);
+ DES_key_sched(&cb.cb, &ks);
+ DES_ecb_encrypt(&tr.rim, &cb.cb, &ks, DES_ENCRYPT);
memcpy(tr.rim, cb.cb, 8);
for (r = 0; r < 8; ++r) {
if ((tr.rim[r] &= 0xf) > 9)
@@ -166,7 +166,7 @@ tokenverify(char *username, char *challe
TOKEN_CBlock cmp_text;
TOKEN_CBlock user_seed;
TOKEN_CBlock cipher_text;
- des_key_schedule key_schedule;
+ DES_key_schedule key_schedule;
memset(cmp_text.ct, 0, sizeof(cmp_text.ct));
@@ -199,12 +199,12 @@ tokenverify(char *username, char *challe
* shared secret asap.
*/
- des_fixup_key_parity(&user_seed.cb);
- des_key_sched(&user_seed.cb, key_schedule);
+ DES_fixup_key_parity(&user_seed.cb);
+ DES_key_sched(&user_seed.cb, &key_schedule);
memset(user_seed.ct, 0, sizeof(user_seed.ct));
- des_ecb_encrypt(&tokennumber.cb, &cipher_text.cb, key_schedule,
+ DES_ecb_encrypt(&tokennumber.cb, &cipher_text.cb, &key_schedule,
DES_ENCRYPT);
- memset(key_schedule, 0, sizeof(key_schedule));
+ memset(&key_schedule, 0, sizeof(key_schedule));
/*
* The token thinks it's descended from VAXen. Deal with i386
@@ -258,7 +258,7 @@ tokenuserinit(int flags, char *username,
TOKEN_CBlock nulls;
TOKEN_CBlock checksum;
TOKEN_CBlock checktxt;
- des_key_schedule key_schedule;
+ DES_key_schedule key_schedule;
memset(&secret.ct, 0, sizeof(secret));
@@ -269,9 +269,9 @@ tokenuserinit(int flags, char *username,
if ( (flags & TOKEN_GENSECRET) )
tokenseed(&secret);
else
- memcpy(&secret, usecret, sizeof(des_cblock));
+ memcpy(&secret, usecret, sizeof(DES_cblock));
- des_fixup_key_parity(&secret.cb);
+ DES_fixup_key_parity(&secret.cb);
/*
* Check if the db record already exists. If there's no
@@ -313,11 +313,11 @@ tokenuserinit(int flags, char *username,
username, secret.cb[0], secret.cb[1], secret.cb[2], secret.cb[3],
secret.cb[4], secret.cb[5], secret.cb[6], secret.cb[7]);
- des_key_sched(&secret.cb, key_schedule);
+ DES_key_sched(&secret.cb, &key_schedule);
memset(&secret.ct, 0, sizeof(secret));
memset(&nulls, 0, sizeof(nulls));
- des_ecb_encrypt(&nulls.cb, &checksum.cb, key_schedule, DES_ENCRYPT);
- memset(key_schedule, 0, sizeof(key_schedule));
+ DES_ecb_encrypt(&nulls.cb, &checksum.cb, &key_schedule, DES_ENCRYPT);
+ memset(&key_schedule, 0, sizeof(key_schedule));
HTONL(checksum.ul[0]);
snprintf(checktxt.ct, sizeof(checktxt.ct), "%8.8lx", checksum.ul[0]);
printf("Hex Checksum: \"%s\"", checktxt.ct);
@@ -339,7 +339,7 @@ h2d(char *cp)
{
int i;
- for (i=0; i<sizeof(des_cblock); i++, cp++) {
+ for (i=0; i<sizeof(DES_cblock); i++, cp++) {
if (*cp >= 'a' && *cp <= 'f')
*cp = tt->map[*cp - 'a'];
}
@@ -347,7 +347,7 @@ h2d(char *cp)
/*
* Translate an hex 16 byte ascii representation of an unsigned
- * integer to a des_cblock.
+ * integer to a DES_cblock.
*/
static void
@@ -363,7 +363,7 @@ h2cb(char *hp, TOKEN_CBlock *cb)
}
/*
- * Translate a des_cblock to an 16 byte ascii hex representation.
+ * Translate a DES_cblock to an 16 byte ascii hex representation.
*/
static void
Index: sbin/isakmpd/Makefile
===================================================================
RCS file: /cvs/src/sbin/isakmpd/Makefile,v
retrieving revision 1.81
diff -u -p -r1.81 Makefile
--- sbin/isakmpd/Makefile 29 Jun 2010 19:50:16 -0000 1.81
+++ sbin/isakmpd/Makefile 13 Oct 2010 13:27:14 -0000
@@ -75,8 +75,8 @@ CFLAGS+= -Wall -Wstrict-prototypes -Wmis
#LWRESLIB= /usr/local/lib/liblwres.a
#DNSSEC_CFLAGS= -I/usr/local/include -DLWRES
-LDADD+= ${LWRESLIB} -lkeynote -lcrypto -ldes -lm
-DPADD+= ${LWRESLIB} ${LIBKEYNOTE} ${LIBCRYPTO} ${LIBDES} ${LIBM}
+LDADD+= ${LWRESLIB} -lkeynote -lcrypto -lm
+DPADD+= ${LWRESLIB} ${LIBKEYNOTE} ${LIBCRYPTO} ${LIBM}
exchange_num.c exchange_num.h: stamp_exchange_num
Index: sbin/isakmpd/crypto.c
===================================================================
RCS file: /cvs/src/sbin/isakmpd/crypto.c,v
retrieving revision 1.29
diff -u -p -r1.29 crypto.c
--- sbin/isakmpd/crypto.c 7 May 2007 18:25:30 -0000 1.29
+++ sbin/isakmpd/crypto.c 13 Oct 2010 13:27:14 -0000
@@ -89,9 +89,9 @@ struct crypto_xf transforms[] = {
enum cryptoerr
des1_init(struct keystate *ks, u_int8_t *key, u_int16_t len)
{
- /* des_set_key returns -1 for parity problems, and -2 for weak keys */
- des_set_odd_parity((void *)key);
- switch (des_set_key((void *)key, ks->ks_des[0])) {
+ /* DES_set_key returns -1 for parity problems, and -2 for weak keys */
+ DES_set_odd_parity((void *)key);
+ switch (DES_set_key((void *)key, &ks->ks_des[0])) {
case -2:
return EWEAKKEY;
default:
@@ -102,28 +102,28 @@ des1_init(struct keystate *ks, u_int8_t
void
des1_encrypt(struct keystate *ks, u_int8_t *d, u_int16_t len)
{
- des_cbc_encrypt((void *)d, (void *)d, len, ks->ks_des[0], (void
*)ks->riv,
+ DES_cbc_encrypt((void *)d, (void *)d, len, &ks->ks_des[0], (void
*)ks->riv,
DES_ENCRYPT);
}
void
des1_decrypt(struct keystate *ks, u_int8_t *d, u_int16_t len)
{
- des_cbc_encrypt((void *)d, (void *)d, len, ks->ks_des[0], (void
*)ks->riv,
+ DES_cbc_encrypt((void *)d, (void *)d, len, &ks->ks_des[0], (void
*)ks->riv,
DES_DECRYPT);
}
enum cryptoerr
des3_init(struct keystate *ks, u_int8_t *key, u_int16_t len)
{
- des_set_odd_parity((void *)key);
- des_set_odd_parity((void *)(key + 8));
- des_set_odd_parity((void *)(key + 16));
+ DES_set_odd_parity((void *)key);
+ DES_set_odd_parity((void *)(key + 8));
+ DES_set_odd_parity((void *)(key + 16));
/* As of the draft Tripe-DES does not check for weak keys */
- des_set_key((void *)key, ks->ks_des[0]);
- des_set_key((void *)(key + 8), ks->ks_des[1]);
- des_set_key((void *)(key + 16), ks->ks_des[2]);
+ DES_set_key((void *)key, &ks->ks_des[0]);
+ DES_set_key((void *)(key + 8), &ks->ks_des[1]);
+ DES_set_key((void *)(key + 16), &ks->ks_des[2]);
return EOKAY;
}
@@ -134,8 +134,8 @@ des3_encrypt(struct keystate *ks, u_int8
u_int8_t iv[MAXBLK];
memcpy(iv, ks->riv, ks->xf->blocksize);
- des_ede3_cbc_encrypt((void *)data, (void *)data, len, ks->ks_des[0],
- ks->ks_des[1], ks->ks_des[2], (void *)iv, DES_ENCRYPT);
+ DES_ede3_cbc_encrypt((void *)data, (void *)data, len, &ks->ks_des[0],
+ &ks->ks_des[1], &ks->ks_des[2], (void *)iv, DES_ENCRYPT);
}
void
@@ -144,8 +144,8 @@ des3_decrypt(struct keystate *ks, u_int8
u_int8_t iv[MAXBLK];
memcpy(iv, ks->riv, ks->xf->blocksize);
- des_ede3_cbc_encrypt((void *)data, (void *)data, len, ks->ks_des[0],
- ks->ks_des[1], ks->ks_des[2], (void *)iv, DES_DECRYPT);
+ DES_ede3_cbc_encrypt((void *)data, (void *)data, len, &ks->ks_des[0],
+ &ks->ks_des[1], &ks->ks_des[2], (void *)iv, DES_DECRYPT);
}
enum cryptoerr
Index: sbin/isakmpd/crypto.h
===================================================================
RCS file: /cvs/src/sbin/isakmpd/crypto.h,v
retrieving revision 1.18
diff -u -p -r1.18 crypto.h
--- sbin/isakmpd/crypto.h 2 Jun 2006 19:35:55 -0000 1.18
+++ sbin/isakmpd/crypto.h 13 Oct 2010 13:27:15 -0000
@@ -32,7 +32,7 @@
#ifndef _CRYPTO_H_
#define _CRYPTO_H_
-#include <des.h>
+#include <openssl/des.h>
#include <blf.h>
#include <cast.h>
@@ -80,7 +80,7 @@ struct keystate {
u_int8_t iv2[MAXBLK];
u_int8_t *riv, *liv;
union {
- des_key_schedule desks[3];
+ DES_key_schedule desks[3];
blf_ctx blfks;
cast_key castks;
AES_KEY aesks[2];
Index: usr.bin/passwd/Makefile
===================================================================
RCS file: /cvs/src/usr.bin/passwd/Makefile,v
retrieving revision 1.31
diff -u -p -r1.31 Makefile
--- usr.bin/passwd/Makefile 4 Jul 2008 12:50:23 -0000 1.31
+++ usr.bin/passwd/Makefile 13 Oct 2010 13:27:15 -0000
@@ -20,8 +20,8 @@ CFLAGS+=-DYP -I${.CURDIR}/../../lib/libc
.if (${KERBEROS5:L} == "yes")
SRCS+= krb5_passwd.c
CFLAGS+= -DKRB5
-DPADD+= ${LIBKRB5} ${LIBASN1} ${LIBDES} ${LIBCRYPTO}
-LDADD+= -lkrb5 -lasn1 -ldes -lcrypto
+DPADD+= ${LIBKRB5} ${LIBASN1} ${LIBCRYPTO}
+LDADD+= -lkrb5 -lasn1 -lcrypto
.endif
BINMODE=4555
Index: usr.bin/passwd/krb5_passwd.c
===================================================================
RCS file: /cvs/src/usr.bin/passwd/krb5_passwd.c,v
retrieving revision 1.10
diff -u -p -r1.10 krb5_passwd.c
--- usr.bin/passwd/krb5_passwd.c 6 Nov 2008 05:35:56 -0000 1.10
+++ usr.bin/passwd/krb5_passwd.c 13 Oct 2010 13:27:15 -0000
@@ -49,7 +49,7 @@
#include <dlfcn.h>
#include <util.h>
#include <err.h>
-#include <des.h>
+#include <openssl/ui.h>
#include <kerberosV/krb5.h>
/* RCSID("$KTH: kpasswd.c,v 1.23 2000/12/31 07:48:34 assar Exp $"); */
@@ -113,7 +113,8 @@ krb5_passwd(int argc, char **argv)
krb5_data_zero(&result_code_string);
krb5_data_zero(&result_string);
- if (des_read_pw_string(pwbuf, sizeof(pwbuf), "New password:", 1) != 0)
+ if (UI_UTIL_read_pw_string(pwbuf, sizeof(pwbuf), "New password:",
+ 1) != 0)
return 1;
ret = krb5_change_password (context, &cred, pwbuf, &result_code,
Index: usr.bin/sectok/Makefile
===================================================================
RCS file: /cvs/src/usr.bin/sectok/Makefile,v
retrieving revision 1.3
diff -u -p -r1.3 Makefile
--- usr.bin/sectok/Makefile 11 May 2002 00:20:20 -0000 1.3
+++ usr.bin/sectok/Makefile 13 Oct 2010 13:27:15 -0000
@@ -2,8 +2,8 @@
PROG= sectok
SRCS= main.c cmds.c cyberflex.c
-DPADD= ${LIBSECTOK} ${LIBCRYPTO} ${LIBDES}
-LDADD= -lsectok -lcrypto -ldes
+DPADD= ${LIBSECTOK} ${LIBCRYPTO}
+LDADD= -lsectok -lcrypto
CFLAGS+=-Wall
Index: usr.bin/sectok/cyberflex.c
===================================================================
RCS file: /cvs/src/usr.bin/sectok/cyberflex.c,v
retrieving revision 1.28
diff -u -p -r1.28 cyberflex.c
--- usr.bin/sectok/cyberflex.c 30 Dec 2007 13:35:27 -0000 1.28
+++ usr.bin/sectok/cyberflex.c 13 Oct 2010 13:27:15 -0000
@@ -38,7 +38,7 @@
#include <signal.h>
#include <string.h>
#include <fcntl.h>
-#include <des.h>
+#include <openssl/des.h>
#ifdef __linux
#include <sha.h>
#define SHA1_CTX SHA_CTX
@@ -65,10 +65,6 @@
#include "sc.h"
-#ifdef __sun
-#define des_set_key(key, schedule) des_key_sched(key, schedule)
-#endif
-
#define MAX_KEY_FILE_SIZE 1024
#define NUM_RSA_KEY_ELEMENTS 5
#define RSA_BIT_LEN 1024
@@ -87,7 +83,7 @@ static void print_acl(int isdir, u_char
#ifndef __palmos__
/* default signed applet key of Cyberflex Access */
-static des_cblock app_key = {0x6A, 0x21, 0x36, 0xF5, 0xD8, 0x0C, 0x47, 0x83};
+static DES_cblock app_key = {0x6A, 0x21, 0x36, 0xF5, 0xD8, 0x0C, 0x47, 0x83};
#endif
static int
@@ -612,8 +608,8 @@ jload(int argc, char *argv[])
int i, j, vflag = 0, gotprog = 0, gotcont = 0, fd_app, size;
int aidlen = 0, sw;
int cont_size = 1152, inst_size = 1024;
- des_cblock tmp;
- des_key_schedule schedule;
+ DES_cblock tmp;
+ DES_key_schedule schedule;
static u_char acl[] = {0x81, 0, 0, 0xff, 0, 0, 0, 0};
optind = optreset = 1;
@@ -723,12 +719,12 @@ jload(int argc, char *argv[])
/* chain. DES encrypt one block, XOR the cyphertext with the next
* block, ... continues until the end of the buffer */
- des_set_key(&app_key, schedule);
+ DES_set_key(&app_key, &schedule);
for (i = 0; i < size / BLOCK_SIZE; i++) {
for (j = 0; j < BLOCK_SIZE; j++)
tmp[j] = tmp[j] ^ app_data[i * BLOCK_SIZE + j];
- des_ecb_encrypt(&tmp, &tmp, schedule, DES_ENCRYPT);
+ DES_ecb_encrypt(&tmp, &tmp, &schedule, DES_ENCRYPT);
}
if (vflag) {
Index: usr.bin/telnet/Makefile
===================================================================
RCS file: /cvs/src/usr.bin/telnet/Makefile,v
retrieving revision 1.23
diff -u -p -r1.23 Makefile
--- usr.bin/telnet/Makefile 24 May 2005 03:41:58 -0000 1.23
+++ usr.bin/telnet/Makefile 13 Oct 2010 13:27:15 -0000
@@ -45,8 +45,8 @@ SRCS= authenc.c commands.c main.c networ
.if (${KERBEROS5:L} == "yes")
CFLAGS+=-DENCRYPTION -DAUTHENTICATION -DKRB5 -DDES_ENCRYPTION
-DPADD+= ${LIBKRB5} ${LIBASN1} ${LIBCRYPTO} ${LIBDES}
-LDADD+= -lkrb5 -lasn1 -lcrypto -ldes
+DPADD+= ${LIBKRB5} ${LIBASN1} ${LIBCRYPTO}
+LDADD+= -lkrb5 -lasn1 -lcrypto
SRCS+= kerberos5.c enc_des.c
.endif
Index: usr.bin/telnet/enc_des.c
===================================================================
RCS file: /cvs/src/usr.bin/telnet/enc_des.c,v
retrieving revision 1.1
diff -u -p -r1.1 enc_des.c
--- usr.bin/telnet/enc_des.c 24 May 2005 03:43:56 -0000 1.1
+++ usr.bin/telnet/enc_des.c 13 Oct 2010 13:27:15 -0000
@@ -39,7 +39,8 @@
#include "encrypt.h"
#include "misc-proto.h"
-#include <des.h>
+#include <openssl/des.h>
+#include <openssl/rand.h>
extern int encrypt_debug_mode;
@@ -55,19 +56,19 @@ extern int encrypt_debug_mode;
struct stinfo {
- des_cblock str_output;
- des_cblock str_feed;
- des_cblock str_iv;
- des_cblock str_ikey;
- des_key_schedule str_sched;
+ DES_cblock str_output;
+ DES_cblock str_feed;
+ DES_cblock str_iv;
+ DES_cblock str_ikey;
+ DES_key_schedule str_sched;
int str_index;
int str_flagshift;
};
struct fb {
- des_cblock krbdes_key;
- des_key_schedule krbdes_sched;
- des_cblock temp_feed;
+ DES_cblock krbdes_key;
+ DES_key_schedule krbdes_sched;
+ DES_cblock temp_feed;
unsigned char fb_feed[64];
int need_start;
int state[2];
@@ -105,13 +106,13 @@ struct keyidlist {
#define FB64_IV_BAD 3
-void fb64_stream_iv (des_cblock, struct stinfo *);
+void fb64_stream_iv (DES_cblock, struct stinfo *);
void fb64_init (struct fb *);
static int fb64_start (struct fb *, int, int);
int fb64_is (unsigned char *, int, struct fb *);
int fb64_reply (unsigned char *, int, struct fb *);
static void fb64_session (Session_Key *, int, struct fb *);
-void fb64_stream_key (des_cblock, struct stinfo *);
+void fb64_stream_key (DES_cblock, struct stinfo *);
int fb64_keyid (int, unsigned char *, int *, struct fb *);
void cfb64_init(int server)
@@ -197,27 +198,21 @@ static int fb64_start(struct fb *fbp, in
/*
* Create a random feed and send it over.
*/
-#ifndef OLD_DES_RANDOM_KEY
- des_new_random_key(&fbp->temp_feed);
-#else
- /*
- * From des_cryp.man "If the des_check_key flag is non-zero,
- * des_set_key will check that the key passed is
- * of odd parity and is not a week or semi-weak key."
- */
do {
- des_random_key(fbp->temp_feed);
- des_set_odd_parity(fbp->temp_feed);
- } while (des_is_weak_key(fbp->temp_feed));
-#endif
- des_ecb_encrypt(&fbp->temp_feed,
+ if (RAND_bytes(fbp->temp_feed,
+ sizeof(*fbp->temp_feed)) != 1)
+ abort();
+ DES_set_odd_parity(&fbp->temp_feed);
+ } while(DES_is_weak_key(&fbp->temp_feed));
+
+ DES_ecb_encrypt(&fbp->temp_feed,
&fbp->temp_feed,
- fbp->krbdes_sched, 1);
+ &fbp->krbdes_sched, 1);
p = fbp->fb_feed + 3;
*p++ = ENCRYPT_IS;
p++;
*p++ = FB64_IV;
- for (x = 0; x < sizeof(des_cblock); ++x) {
+ for (x = 0; x < sizeof(DES_cblock); ++x) {
if ((*p++ = fbp->temp_feed[x]) == IAC)
*p++ = IAC;
}
@@ -260,7 +255,7 @@ int fb64_is(unsigned char *data, int cnt
switch (*data++) {
case FB64_IV:
- if (cnt != sizeof(des_cblock)) {
+ if (cnt != sizeof(DES_cblock)) {
if (encrypt_debug_mode)
printf("CFB64: initial vector failed on
size\r\n");
state = FAILED;
@@ -349,7 +344,7 @@ int fb64_reply(unsigned char *data, int
break;
case FB64_IV_BAD:
- memset(fbp->temp_feed, 0, sizeof(des_cblock));
+ memset(fbp->temp_feed, 0, sizeof(DES_cblock));
fb64_stream_iv(fbp->temp_feed, &fbp->streams[DIR_ENCRYPT-1]);
state = FAILED;
break;
@@ -387,18 +382,16 @@ static void fb64_session(Session_Key *ke
key ? key->type : -1, SK_DES);
return;
}
- memcpy(fbp->krbdes_key, key->data, sizeof(des_cblock));
+ memcpy(fbp->krbdes_key, key->data, sizeof(DES_cblock));
fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_ENCRYPT-1]);
fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_DECRYPT-1]);
- if (fbp->once == 0) {
-#ifndef OLD_DES_RANDOM_KEY
- des_init_random_number_generator(&fbp->krbdes_key);
-#endif
- fbp->once = 1;
- }
- des_key_sched(&fbp->krbdes_key, fbp->krbdes_sched);
+ RAND_seed(key->data, key->length);
+
+ DES_set_key_checked((DES_cblock *)&fbp->krbdes_key,
+ &fbp->krbdes_sched);
+
/*
* Now look to see if krbdes_start() was was waiting for
* the key to show up. If so, go ahead an call it now
@@ -495,25 +488,25 @@ void ofb64_printsub(unsigned char *data,
fb64_printsub(data, cnt, buf, buflen, "OFB64");
}
-void fb64_stream_iv(des_cblock seed, struct stinfo *stp)
+void fb64_stream_iv(DES_cblock seed, struct stinfo *stp)
{
- memcpy(stp->str_iv, seed,sizeof(des_cblock));
- memcpy(stp->str_output, seed, sizeof(des_cblock));
+ memcpy(stp->str_iv, seed,sizeof(DES_cblock));
+ memcpy(stp->str_output, seed, sizeof(DES_cblock));
- des_key_sched(&stp->str_ikey, stp->str_sched);
+ DES_key_sched(&stp->str_ikey, &stp->str_sched);
- stp->str_index = sizeof(des_cblock);
+ stp->str_index = sizeof(DES_cblock);
}
-void fb64_stream_key(des_cblock key, struct stinfo *stp)
+void fb64_stream_key(DES_cblock key, struct stinfo *stp)
{
- memcpy(stp->str_ikey, key, sizeof(des_cblock));
- des_key_sched((des_cblock*)key, stp->str_sched);
+ memcpy(stp->str_ikey, key, sizeof(DES_cblock));
+ DES_key_sched((des_cblock*)key, &stp->str_sched);
- memcpy(stp->str_output, stp->str_iv, sizeof(des_cblock));
+ memcpy(stp->str_output, stp->str_iv, sizeof(DES_cblock));
- stp->str_index = sizeof(des_cblock);
+ stp->str_index = sizeof(DES_cblock);
}
/*
@@ -545,10 +538,10 @@ void cfb64_encrypt(unsigned char *s, int
index = stp->str_index;
while (c-- > 0) {
- if (index == sizeof(des_cblock)) {
- des_cblock b;
- des_ecb_encrypt(&stp->str_output, &b,stp->str_sched, 1);
- memcpy(stp->str_feed, b, sizeof(des_cblock));
+ if (index == sizeof(DES_cblock)) {
+ DES_cblock b;
+ DES_ecb_encrypt(&stp->str_output, &b, &stp->str_sched,
1);
+ memcpy(stp->str_feed, b, sizeof(DES_cblock));
index = 0;
}
@@ -577,10 +570,10 @@ int cfb64_decrypt(int data)
}
index = stp->str_index++;
- if (index == sizeof(des_cblock)) {
- des_cblock b;
- des_ecb_encrypt(&stp->str_output,&b, stp->str_sched, 1);
- memcpy(stp->str_feed, b, sizeof(des_cblock));
+ if (index == sizeof(DES_cblock)) {
+ DES_cblock b;
+ DES_ecb_encrypt(&stp->str_output,&b, &stp->str_sched, 1);
+ memcpy(stp->str_feed, b, sizeof(DES_cblock));
stp->str_index = 1; /* Next time will be 1 */
index = 0; /* But now use 0 */
}
@@ -617,10 +610,10 @@ void ofb64_encrypt(unsigned char *s, int
index = stp->str_index;
while (c-- > 0) {
- if (index == sizeof(des_cblock)) {
- des_cblock b;
- des_ecb_encrypt(&stp->str_feed,&b, stp->str_sched, 1);
- memcpy(stp->str_feed, b, sizeof(des_cblock));
+ if (index == sizeof(DES_cblock)) {
+ DES_cblock b;
+ DES_ecb_encrypt(&stp->str_feed,&b, &stp->str_sched, 1);
+ memcpy(stp->str_feed, b, sizeof(DES_cblock));
index = 0;
}
*s++ ^= stp->str_feed[index];
@@ -646,10 +639,10 @@ int ofb64_decrypt(int data)
}
index = stp->str_index++;
- if (index == sizeof(des_cblock)) {
- des_cblock b;
- des_ecb_encrypt(&stp->str_feed,&b,stp->str_sched, 1);
- memcpy(stp->str_feed, b, sizeof(des_cblock));
+ if (index == sizeof(DES_cblock)) {
+ DES_cblock b;
+ DES_ecb_encrypt(&stp->str_feed,&b, &stp->str_sched, 1);
+ memcpy(stp->str_feed, b, sizeof(DES_cblock));
stp->str_index = 1; /* Next time will be 1 */
index = 0; /* But now use 0 */
}
Index: usr.bin/x99token/Makefile
===================================================================
RCS file: /cvs/src/usr.bin/x99token/Makefile,v
retrieving revision 1.3
diff -u -p -r1.3 Makefile
--- usr.bin/x99token/Makefile 11 May 2002 00:20:20 -0000 1.3
+++ usr.bin/x99token/Makefile 13 Oct 2010 13:27:15 -0000
@@ -1,7 +1,7 @@
# $OpenBSD: Makefile,v 1.3 2002/05/11 00:20:20 espie Exp $
PROG= x99token
-LDADD+= -ldes
-DPADD+= ${LIBDES}
+LDADD+= -lcrypto
+DPADD+= ${LIBCRYPTO}
.include <bsd.prog.mk>
Index: usr.bin/x99token/x99token.c
===================================================================
RCS file: /cvs/src/usr.bin/x99token/x99token.c,v
retrieving revision 1.7
diff -u -p -r1.7 x99token.c
--- usr.bin/x99token/x99token.c 29 Mar 2007 10:59:13 -0000 1.7
+++ usr.bin/x99token/x99token.c 13 Oct 2010 13:27:15 -0000
@@ -18,13 +18,13 @@
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
-#include <des.h>
+#include <openssl/des.h>
#define KEYFILE ".keyfile.des"
#define HEXDIGITS "0123456789abcdef"
#define DECDIGITS "0123456789012345"
-void predict(des_key_schedule, const char *, int);
+void predict(DES_key_schedule, const char *, int);
char *digits = HEXDIGITS;
extern char *__progname;
@@ -34,8 +34,8 @@ main(int argc, char **argv)
{
int i;
char buf[256];
- des_key_schedule ks;
- des_cblock key;
+ DES_key_schedule ks;
+ DES_cblock key;
char _keyfile[MAXPATHLEN];
char *keyfile = 0;
FILE *fp;
@@ -147,8 +147,8 @@ main(int argc, char **argv)
exit(0);
}
- des_fixup_key_parity(&key);
- des_key_sched(&key, ks);
+ DES_fixup_key_parity(&key);
+ DES_key_sched(&key, &ks);
buf[0] = '\0';
readpassphrase("Enter challenge: ", buf, sizeof(buf), RPP_ECHO_ON);
@@ -171,15 +171,15 @@ main(int argc, char **argv)
}
void
-predict(des_key_schedule ks, const char *chal, int cnt)
+predict(DES_key_schedule ks, const char *chal, int cnt)
{
int i;
- des_cblock cb;
+ DES_cblock cb;
memcpy(&cb, chal, sizeof(cb));
while (cnt-- > 0) {
printf("%.8s: ", (char *)cb);
- des_ecb_encrypt(&cb, &cb, ks, DES_ENCRYPT);
+ DES_ecb_encrypt(&cb, &cb, &ks, DES_ENCRYPT);
for (i = 0; i < 4; ++i) {
printf("%c", digits[(cb[i]>>4) & 0xf]);
printf("%c", digits[(cb[i]>>0) & 0xf]);
Index: usr.sbin/ppp/ppp/Makefile
===================================================================
RCS file: /cvs/src/usr.sbin/ppp/ppp/Makefile,v
retrieving revision 1.28
diff -u -p -r1.28 Makefile
--- usr.sbin/ppp/ppp/Makefile 22 Sep 2005 00:08:24 -0000 1.28
+++ usr.sbin/ppp/ppp/Makefile 13 Oct 2010 13:27:15 -0000
@@ -13,8 +13,8 @@ SRCS= alias.c alias_cuseeme.c alias_db.c
CFLAGS+=-Wall -DNO_FW_PUNCH -DNOI4B -DNONETGRAPH
CFLAGS+=-DLOCALNAT -DLOCALRAD
M4FLAGS=-DLOCALNAT -DLOCALRAD
-LDADD+= -lcrypto -ldes -lutil -lz
-DPADD+= ${LIBDES} ${LIBUTIL} ${LIBZ} ${LIBCRYPTO}
+LDADD+= -lcrypto -lutil -lz
+DPADD+= ${LIBUTIL} ${LIBZ} ${LIBCRYPTO}
.if defined(NOSUID) || defined(PPP_NOSUID)
BINMODE=554
.else
Index: usr.sbin/ppp/ppp/chap_ms.c
===================================================================
RCS file: /cvs/src/usr.sbin/ppp/ppp/chap_ms.c,v
retrieving revision 1.12
diff -u -p -r1.12 chap_ms.c
--- usr.sbin/ppp/ppp/chap_ms.c 15 Jun 2002 08:02:00 -0000 1.12
+++ usr.sbin/ppp/ppp/chap_ms.c 13 Oct 2010 13:27:16 -0000
@@ -36,11 +36,7 @@
#else
#include <sys/types.h>
#include <stdlib.h>
-#ifdef __NetBSD__
#include <openssl/des.h>
-#else
-#include <des.h>
-#endif
#include <openssl/sha.h>
#endif
#include <md4.h>
@@ -103,18 +99,18 @@ MakeKey(u_char *key, u_char *des_key)
des_key[6] = Get7Bits(key, 42);
des_key[7] = Get7Bits(key, 49);
- des_set_odd_parity((des_cblock *)des_key);
+ DES_set_odd_parity((DES_cblock *)des_key);
}
static void /* IN 8 octets IN 7 octest OUT 8 octets */
DesEncrypt(u_char *clear, u_char *key, u_char *cipher)
{
- des_cblock des_key;
- des_key_schedule key_schedule;
+ DES_cblock des_key;
+ DES_key_schedule key_schedule;
MakeKey(key, des_key);
- des_set_key(&des_key, key_schedule);
- des_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher, key_schedule,
1);
+ DES_set_key(&des_key, &key_schedule);
+ DES_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher, &key_schedule,
1);
}
static void /* IN 8 octets IN 16 octets OUT 24 octets */
Index: usr.sbin/tokenadm/Makefile
===================================================================
RCS file: /cvs/src/usr.sbin/tokenadm/Makefile,v
retrieving revision 1.2
diff -u -p -r1.2 Makefile
--- usr.sbin/tokenadm/Makefile 18 Jul 2003 21:18:51 -0000 1.2
+++ usr.sbin/tokenadm/Makefile 13 Oct 2010 13:27:16 -0000
@@ -3,8 +3,8 @@
PROG= tokenadm
SRCS= tokenadm.c init.c tokendb.c
MAN= tokenadm.8
-LDADD+= -ldes
-DPADD= ${LIBDES}
+LDADD+= -lcrypto
+DPADD= ${LIBCRYPTO}
CFLAGS+=-I${.CURDIR}/../../libexec/login_token
.PATH: ${.CURDIR}/../../libexec/login_token
Index: usr.sbin/tokeninit/Makefile
===================================================================
RCS file: /cvs/src/usr.sbin/tokeninit/Makefile,v
retrieving revision 1.2
diff -u -p -r1.2 Makefile
--- usr.sbin/tokeninit/Makefile 18 Jul 2003 21:18:51 -0000 1.2
+++ usr.sbin/tokeninit/Makefile 13 Oct 2010 13:27:16 -0000
@@ -3,8 +3,8 @@
PROG= tokeninit
SRCS= tokeninit.c init.c token.c tokendb.c
MAN= tokeninit.8
-LDADD+= -ldes
-DPADD= ${LIBDES}
+LDADD+= -lcrypto
+DPADD= ${LIBCRYPTO}
CFLAGS+=-I${.CURDIR}/../../libexec/login_token
.PATH: ${.CURDIR}/../../libexec/login_token
Index: gnu/usr.bin/cvs/configure
===================================================================
RCS file: /cvs/src/gnu/usr.bin/cvs/configure,v
retrieving revision 1.28
diff -u -p -r1.28 configure
--- gnu/usr.bin/cvs/configure 20 Jul 2003 20:26:33 -0000 1.28
+++ gnu/usr.bin/cvs/configure 13 Oct 2010 13:27:18 -0000
@@ -4021,9 +4021,9 @@ EOF
includeopt="${includeopt} -I$GSSAPI/include/kerberosV"
# FIXME: This is ugly, but these things don't seem to be standardized.
if test "$ac_cv_header_gssapi_h" = "yes"; then
- LIBS="$LIBS -L$GSSAPI/lib -lgssapi -lkrb5 -lcrypto -ldes"
+ LIBS="$LIBS -L$GSSAPI/lib -lgssapi -lkrb5 -lcrypto"
else
- LIBS="$LIBS -L$GSSAPI/lib -lgssapi_krb5 -lkrb5 -lcrypto -ldes -lcom_err"
+ LIBS="$LIBS -L$GSSAPI/lib -lgssapi_krb5 -lkrb5 -lcrypto -lcom_err"
fi
save_CPPFLAGS=$CPPFLAGS
CPPFLAGS="-I$GSSAPI/include/kerberosV $CPPFLAGS"
Index: gnu/usr.bin/cvs/configure.in
===================================================================
RCS file: /cvs/src/gnu/usr.bin/cvs/configure.in,v
retrieving revision 1.27
diff -u -p -r1.27 configure.in
--- gnu/usr.bin/cvs/configure.in 20 Jul 2003 20:26:33 -0000 1.27
+++ gnu/usr.bin/cvs/configure.in 13 Oct 2010 13:27:18 -0000
@@ -295,9 +295,9 @@ if test "$ac_cv_header_krb5_h" = "yes" &
includeopt="${includeopt} -I$GSSAPI/include/kerberosV"
# FIXME: This is ugly, but these things don't seem to be standardized.
if test "$ac_cv_header_gssapi_h" = "yes"; then
- LIBS="$LIBS -L$GSSAPI/lib -lgssapi -lkrb5 -lcrypto -ldes"
+ LIBS="$LIBS -L$GSSAPI/lib -lgssapi -lkrb5 -lcrypto"
else
- LIBS="$LIBS -L$GSSAPI/lib -lgssapi_krb5 -lkrb5 -lcrypto -ldes -lcom_err"
+ LIBS="$LIBS -L$GSSAPI/lib -lgssapi_krb5 -lkrb5 -lcrypto -lcom_err"
fi
save_CPPFLAGS=$CPPFLAGS
CPPFLAGS="-I$GSSAPI/include/kerberosV $CPPFLAGS"
Index: gnu/usr.bin/cvs/src/server.c
===================================================================
RCS file: /cvs/src/gnu/usr.bin/cvs/src/server.c,v
retrieving revision 1.32
diff -u -p -r1.32 server.c
--- gnu/usr.bin/cvs/src/server.c 13 Dec 2009 19:30:32 -0000 1.32
+++ gnu/usr.bin/cvs/src/server.c 13 Oct 2010 13:27:23 -0000
@@ -6416,8 +6416,8 @@ krb_encrypt_input (fnclosure, input, out
struct krb_encrypt_data *kd = (struct krb_encrypt_data *) fnclosure;
int tcount;
- des_cbc_encrypt ((C_Block *) input, (C_Block *) output,
- size, kd->sched, &kd->block, 0);
+ DES_cbc_encrypt ((C_Block *) input, (C_Block *) output,
+ size, &kd->sched, &kd->block, 0);
/* SIZE is the size of the buffer, which is set by the encryption
routine. The packetizing buffer will arrange for the first two
@@ -6456,15 +6456,15 @@ krb_encrypt_output (fnclosure, input, ou
the packetizing buffer. */
aligned = (size + 7) & ~7;
- /* We use des_cbc_encrypt rather than krb_mk_priv because the
+ /* We use DES_cbc_encrypt rather than krb_mk_priv because the
latter sticks a timestamp in the block, and krb_rd_priv expects
that timestamp to be within five minutes of the current time.
Given the way the CVS server buffers up data, that can easily
fail over a long network connection. We trust krb_recvauth to
guard against a replay attack. */
- des_cbc_encrypt ((C_Block *) input, (C_Block *) output, aligned,
- kd->sched, &kd->block, 1);
+ DES_cbc_encrypt ((C_Block *) input, (C_Block *) output, aligned,
+ &kd->sched, &kd->block, 1);
*translated = aligned;
