This commit was manufactured by cvs2svn to create tagupstream/2.1.6_cvsrelease/2.1.6_cvs

'RELENG_2_1_6_RELEASE'.

This commit was manufactured to restore the state of the 2.1.6-RELEASE image.
Releases prior to 5.3-RELEASE are omitting the secure/ and crypto/ subdirs.

157 files changed, 0 insertions, 48147 deletions

diff --git a/secure/Makefile b/secure/Makefile
deleted file mode 100644
index e91781f463c4..000000000000
--- a/secure/Makefile
+++ /dev/null
@@ -1,35 +0,0 @@
-#	$Id$
-
-# lib must be first, or it will not work.  This is because we reference
-# the lib's in the directory where they are built from the binaries we
-# want to build.
-
-SUBDIR= lib usr.bin
-
-SDIR= ${.CURDIR}/..
-
-CODAI=	${MAKE} ${MFLAGS} cleandir; \
-	${MAKE} ${MFLAGS} obj; \
-	${MAKE} ${MFLAGS} depend all install
-
-CODAD=	${MAKE} ${MFLAGS} MAKE_EBONES=yes cleandir; \
-	${MAKE} ${MFLAGS} MAKE_EBONES=yes obj; \
-	${MAKE} ${MFLAGS} MAKE_EBONES=yes depend all distribute
-
-# These are the programs which depend on secure libs
-sprog:
-	cd ${SDIR}/bin/ed; ${CODAI}
-	cd ${SDIR}/sbin/init; ${CODAI}
-
-bootstrap:
-	( cd include; ${MAKE} ${MFLAGS} install )
-	( cd lib; ${MAKE} ${MFLAGS} depend all install )
-	${MAKE} ${MFLAGS} cleandir
-	${MAKE} ${MFLAGS} obj
-	${MAKE} ${MFLAGS} depend all install sprog
-
-help-distribute:	distribute
-	cd ${SDIR}/bin/ed; ${CODAD}
-	cd ${SDIR}/sbin/init; ${CODAD}
-
-.include <bsd.subdir.mk>
diff --git a/secure/Makefile.inc b/secure/Makefile.inc
deleted file mode 100644
index f6491d43743a..000000000000
--- a/secure/Makefile.inc
+++ /dev/null
@@ -1,15 +0,0 @@
-#	$Id$
-
-DISTRIBUTION=des
-
-.if exists(${.CURDIR}/../../lib/libtelnet/obj)
-TELNETOBJDIR=	${.CURDIR}/../../lib/libtelnet/obj
-.else
-TELNETOBJDIR=	${.CURDIR}/../../lib/libtelnet
-.endif
-
-.if exists(${.CURDIR}/../../lib/libcrypt/obj)
-CRYPTOBJDIR=	${.CURDIR}/../../lib/libcrypt/obj
-.else
-CRYPTOBJDIR=	${.CURDIR}/../../lib/libcrypt
-.endif
diff --git a/secure/lib/Makefile b/secure/lib/Makefile
deleted file mode 100644
index 2b47738ed2fd..000000000000
--- a/secure/lib/Makefile
+++ /dev/null
@@ -1,6 +0,0 @@
-#	$Id$
-
-SUBDIR= libcipher libdes
-
-.include <bsd.subdir.mk>
-
diff --git a/secure/lib/Makefile.inc b/secure/lib/Makefile.inc
deleted file mode 100644
index 019e99afab65..000000000000
--- a/secure/lib/Makefile.inc
+++ /dev/null
@@ -1,6 +0,0 @@
-#	$Id: Makefile.inc,v 1.3 1994/11/14 20:45:28 phk Exp $
-
-.include "${.CURDIR}/../../Makefile.inc"
-.if exists(${.CURDIR}/../../../lib/Makefile.inc)
-.include "${.CURDIR}/../../../lib/Makefile.inc"
-.endif
diff --git a/secure/lib/libcipher/Makefile b/secure/lib/libcipher/Makefile
deleted file mode 100644
index 07429dc36e22..000000000000
--- a/secure/lib/libcipher/Makefile
+++ /dev/null
@@ -1,16 +0,0 @@
-#
-# $Id: Makefile,v 1.7 1996/04/13 08:03:19 markm Exp $
-#
-
-LIB=		cipher
-SRCS=		crypt.c
-PRECIOUSLIB=	yes
-#NOPROFILE=	yes
-
-MAN3=   cipher.3
-MLINKS= cipher.3 encrypt.3 cipher.3 setkey.3
-MLINKS+=cipher.3 des_cipher.3 cipher.3 des_setkey.3
-
-#SUBDIR=		test
-
-.include <bsd.lib.mk>
diff --git a/secure/lib/libcipher/README b/secure/lib/libcipher/README
deleted file mode 100644
index 53ea2299fbfd..000000000000
--- a/secure/lib/libcipher/README
+++ /dev/null
@@ -1,98 +0,0 @@
-
-	FreeSec - NetBSD libcrypt replacement
-
-	  David Burren <davidb@werj.com.au>
-	  Release 1.0, March 1994
-
-    Document ref: $Id: README,v 1.1 1994/09/07 08:55:24 g89r4222 Exp $
-
-
-Description
-===========
-This library is a drop-in replacement for the libcrypt used in U.S. copies
-of NetBSD, duplicating that library's functionality.  A suite of verification
-and benchmark tools is provided.
-
-FreeSec 1.0 is an original implementation of the DES algorithm and the
-crypt(3) interfaces used in Unix-style operating systems.  It was produced
-in Australia and as such is not covered by U.S. export restrictions (at
-least for copies that remain outside the U.S.).
-
-
-History
-=======
-An earlier version of the FreeSec library was built using the UFC-crypt
-package that is distributed as part of the GNU library.  UFC-crypt did not
-support the des_cipher() or des_setkey() functions, nor the new-style
-crypt with long keys.  These were implemented in FreeSec 0.2, but at least
-one bug remained, where encryption would only succeed if either the salt
-or the plaintext was zero.  Because of its heritage FreeSec 0.2 was covered
-by the GNU Library Licence.
-
-FreeSec 1.0 is an original implementation by myself, and has been tested
-against the verification suite I'd been using with FreeSec 0.2 (this is not
-encumbered by any licence).  FreeSec 1.0 is covered by a Berkeley-style
-licence, which better fits into the *BSD hierarchy than the earlier GNU
-licence.
-
-
-Why should you use FreeSec?
-===========================
-FreeSec is intended as a replacement for the U.S.-only NetBSD libcrypt,
-to act as a baseline for encryption functionality.
-
-Some other packages (such as Eric Young's libdes package) are faster and
-more complete than FreeSec, but typically have different licencing
-arrangements.  While some applications will justify the use of these
-packages, the idea here is that everyone should have access to *at least*
-the functionality of FreeSec.
-
-
-Performance of FreeSec 1.0
-==========================
-I compare below the performance of three libcrypt implementations.  As can be
-seen, it's between the U.S. library and UFC-crypt.  While the performance of
-FreeSec 1.0 is good enough to keep me happy for now, I hope to improve it in
-future versions.  I was interested to note that while UFC-crypt is faster on
-a 386, hardware characteristics can have markedly different effects on each
-implementation.
-
-
-386DX40, 128k cache	| U.S. BSD	| FreeSec 1.0	| FreeSec 0.2
-CFLAGS=-O2		|		|		|
-========================+===============+===============+==================
-crypt (alternate keys)	| 317		| 341		| 395
-	crypt/sec	|		|		|
-------------------------+---------------+---------------+------------------
-crypt (constant key)	| 317		| 368		| 436
-	crypt/sec	|		|		|
-------------------------+---------------+---------------+------------------
-des_cipher( , , , 1)	| 6037		| 7459		| 3343
-	blocks/sec	|		|		|
-------------------------+---------------+---------------+------------------
-des_cipher( , , , 25)	| 8871		| 9627		| 15926
-	blocks/sec	|		|		|
-
-Notes:	The results tabled here are the average over 10 runs.
-	The entry/exit code for FreeSec 0.2's des_cipher() is particularly
-	inefficient, thus the anomalous result for single encryptions.
-
-
-As an experiment using a machine with a larger register set and an
-obscenely fast CPU, I obtained the following results:
-
-	60 MHz R4400		| FreeSec 1.0	| FreeSec 0.2
-	========================+=================================
-	crypt (alternate keys)	| 2545		| 2702
-		crypt/sec	|		|
-	------------------------+---------------------------------
-	crypt (constant key)	| 2852		| 2981
-		crypt/sec	|		|
-	------------------------+---------------------------------
-	des_cipher( , , , 1)	| 56443		| 21409
-		blocks/sec	|		|
-	------------------------+---------------------------------
-	des_cipher( , , , 25)	| 82531		| 18276
-		blocks/sec	|		|
-
-Obviously your mileage will vary with your hardware and your compiler...
diff --git a/secure/lib/libcipher/README.FreeBSD b/secure/lib/libcipher/README.FreeBSD
deleted file mode 100644
index 06b943fa1950..000000000000
--- a/secure/lib/libcipher/README.FreeBSD
+++ /dev/null
@@ -1,6 +0,0 @@
-$Id: README.FreeBSD,v 1.1 1994/09/07 08:55:25 g89r4222 Exp $
-
-This is FreeSec package for NetBSD,  unchanged for
-FreeBSD, except for the Makefile.
-
-The other stuff in libcrypt will be added in stages!
diff --git a/secure/lib/libcipher/cipher.3 b/secure/lib/libcipher/cipher.3
deleted file mode 100644
index 162e89fcd346..000000000000
--- a/secure/lib/libcipher/cipher.3
+++ /dev/null
@@ -1,150 +0,0 @@
-.\" FreeSec: libcrypt for NetBSD
-.\"
-.\" Copyright (c) 1994 David Burren
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\" 4. Neither the name of the author nor the names of other contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\"	$Id: crypt.3,v 1.5 1995/07/25 14:03:49 mark Exp $
-.\"
-.\" Manual page, using -mandoc macros
-.\"
-.Dd March 9, 1994
-.Dt CIPHER 3
-.Os "FreeSec 1.0"
-.Sh NAME
-.Nm setkey ,
-.Nm encrypt ,
-.Nm des_setkey ,
-.Nm des_cipher ,
-.Nd DES encryption
-.Sh SYNOPSIS
-.Ft int
-.Fn setkey "char *key"
-.Ft int
-.Fn encrypt "char *block" "int flag"
-.Ft int
-.Fn des_setkey "const char *key"
-.Ft int
-.Fn des_cipher "const char *in" "char *out" "long salt" "int count"
-.Sh DESCRIPTION
-The functions,
-.Fn encrypt ,
-.Fn setkey ,
-.Fn des_setkey
-and
-.Fn des_cipher
-provide access to the
-.Tn DES
-algorithm.
-.Fn setkey
-is passed a 64-byte array of binary values (numeric 0 or 1).
-A 56-bit key is extracted from this array by dividing the
-array into groups of 8, and ignoring the last bit in each group.
-That bit is reserved for a byte parity check by DES, but is ignored
-by these functions.
-.Pp
-The
-.Fa block
-argument to
-.Fn encrypt
-is also a 64-byte array of binary values.
-If the value of
-.Fa flag
-is 0,
-.Fa block
-is encrypted otherwise it is decrypted.
-The result is returned in the original array
-.Fa block
-after using the key specified by
-.Fn setkey
-to process it.
-.Pp
-The argument to
-.Fn des_setkey
-is a character array of length 8.
-The least significant bit (the parity bit) in each character is ignored,
-and the remaining bits are concatenated to form a 56-bit key.
-The function
-.Fn des_cipher
-encrypts (or decrypts if
-.Fa count
-is negative) the 64-bits stored in the 8 characters at
-.Fa in
-using
-.Xr abs 3
-of
-.Fa count
-iterations of
-.Tn DES
-and stores the 64-bit result in the 8 characters at
-.Fa out
-(which may be the same as
-.Fa in
-).
-The
-.Fa salt
-introduces disorder in the
-.Tn DES
-algorithm in one of 16777216 or 4096 possible ways
-(ie. with 24 or 12 bits: if bit
-.Em i
-of the
-.Ar salt
-is set, then bits
-.Em i
-and
-.Em i+24
-are swapped in the
-.Tn DES
-E-box output).
-.Pp
-The functions
-.Fn setkey ,
-.Fn encrypt ,
-.Fn des_setkey ,
-and
-.Fn des_cipher
-return 0 on success and 1 on failure.
-.Pp
-The
-.Fn setkey
-and
-.Fn des_setkey
-functions manipulate the same key space.
-.Sh SEE ALSO
-.Xr login 1 ,
-.Xr passwd 1 ,
-.Xr getpass 3 ,
-.Xr crypt 3 ,
-.Xr passwd 5
-.Sh HISTORY
-This library (FreeSec 1.0) was developed outside the United States of America
-as an unencumbered replacement for the U.S.-only NetBSD libcrypt encryption
-library.
-Users should be aware that this code (and programs staticly linked with it)
-may not be exported from the U.S., although it apparently can be imported.
-.Sh AUTHOR
-David Burren <davidb@werj.com.au>
diff --git a/secure/lib/libcipher/crypt.c b/secure/lib/libcipher/crypt.c
deleted file mode 100644
index cbdefde6bf96..000000000000
--- a/secure/lib/libcipher/crypt.c
+++ /dev/null
@@ -1,623 +0,0 @@
-/*
- * FreeSec: libcrypt for NetBSD
- *
- * Copyright (c) 1994 David Burren
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 4. Neither the name of the author nor the names of other contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	$Id: crypt.c,v 1.2 1994/09/07 21:48:46 csgr Exp $
- *
- * This is an original implementation of the DES and the crypt(3) interfaces
- * by David Burren <davidb@werj.com.au>.
- *
- * An excellent reference on the underlying algorithm (and related
- * algorithms) is:
- *
- *	B. Schneier, Applied Cryptography: protocols, algorithms,
- *	and source code in C, John Wiley & Sons, 1994.
- *
- * Note that in that book's description of DES the lookups for the initial,
- * pbox, and final permutations are inverted (this has been brought to the
- * attention of the author).  A list of errata for this book has been
- * posted to the sci.crypt newsgroup by the author and is available for FTP.
- *
- * ARCHITECTURE ASSUMPTIONS:
- *	This code assumes that u_longs are 32 bits.  It will probably not
- *	operate on 64-bit machines without modifications.
- *	It is assumed that the 8-byte arrays passed by reference can be
- *	addressed as arrays of u_longs (ie. the CPU is not picky about
- *	alignment).
- */
-#include <sys/types.h>
-#include <sys/param.h>
-#include <pwd.h>
-
-#ifdef DEBUG
-# include <stdio.h>
-#endif
-
-
-static u_char	IP[64] = {
-	58, 50, 42, 34, 26, 18, 10,  2, 60, 52, 44, 36, 28, 20, 12,  4,
-	62, 54, 46, 38, 30, 22, 14,  6, 64, 56, 48, 40, 32, 24, 16,  8,
-	57, 49, 41, 33, 25, 17,  9,  1, 59, 51, 43, 35, 27, 19, 11,  3,
-	61, 53, 45, 37, 29, 21, 13,  5, 63, 55, 47, 39, 31, 23, 15,  7
-};
-
-static u_char	inv_key_perm[64];
-static u_char	u_key_perm[56];
-static u_char	key_perm[56] = {
-	57, 49, 41, 33, 25, 17,  9,  1, 58, 50, 42, 34, 26, 18,
-	10,  2, 59, 51, 43, 35, 27, 19, 11,  3, 60, 52, 44, 36,
-	63, 55, 47, 39, 31, 23, 15,  7, 62, 54, 46, 38, 30, 22,
-	14,  6, 61, 53, 45, 37, 29, 21, 13,  5, 28, 20, 12,  4
-};
-
-static u_char	key_shifts[16] = {
-	1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
-};
-
-static u_char	inv_comp_perm[56];
-static u_char	comp_perm[48] = {
-	14, 17, 11, 24,  1,  5,  3, 28, 15,  6, 21, 10,
-	23, 19, 12,  4, 26,  8, 16,  7, 27, 20, 13,  2,
-	41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
-	44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
-};
-
-/*
- *	No E box is used, as it's replaced by some ANDs, shifts, and ORs.
- */
-
-static u_char	u_sbox[8][64];
-static u_char	sbox[8][64] = {
-	{
-		14,  4, 13,  1,  2, 15, 11,  8,  3, 10,  6, 12,  5,  9,  0,  7,
-		 0, 15,  7,  4, 14,  2, 13,  1, 10,  6, 12, 11,  9,  5,  3,  8,
-		 4,  1, 14,  8, 13,  6,  2, 11, 15, 12,  9,  7,  3, 10,  5,  0,
-		15, 12,  8,  2,  4,  9,  1,  7,  5, 11,  3, 14, 10,  0,  6, 13
-	},
-	{
-		15,  1,  8, 14,  6, 11,  3,  4,  9,  7,  2, 13, 12,  0,  5, 10,
-		 3, 13,  4,  7, 15,  2,  8, 14, 12,  0,  1, 10,  6,  9, 11,  5,
-		 0, 14,  7, 11, 10,  4, 13,  1,  5,  8, 12,  6,  9,  3,  2, 15,
-		13,  8, 10,  1,  3, 15,  4,  2, 11,  6,  7, 12,  0,  5, 14,  9
-	},
-	{
-		10,  0,  9, 14,  6,  3, 15,  5,  1, 13, 12,  7, 11,  4,  2,  8,
-		13,  7,  0,  9,  3,  4,  6, 10,  2,  8,  5, 14, 12, 11, 15,  1,
-		13,  6,  4,  9,  8, 15,  3,  0, 11,  1,  2, 12,  5, 10, 14,  7,
-		 1, 10, 13,  0,  6,  9,  8,  7,  4, 15, 14,  3, 11,  5,  2, 12
-	},
-	{
-		 7, 13, 14,  3,  0,  6,  9, 10,  1,  2,  8,  5, 11, 12,  4, 15,
-		13,  8, 11,  5,  6, 15,  0,  3,  4,  7,  2, 12,  1, 10, 14,  9,
-		10,  6,  9,  0, 12, 11,  7, 13, 15,  1,  3, 14,  5,  2,  8,  4,
-		 3, 15,  0,  6, 10,  1, 13,  8,  9,  4,  5, 11, 12,  7,  2, 14
-	},
-	{
-		 2, 12,  4,  1,  7, 10, 11,  6,  8,  5,  3, 15, 13,  0, 14,  9,
-		14, 11,  2, 12,  4,  7, 13,  1,  5,  0, 15, 10,  3,  9,  8,  6,
-		 4,  2,  1, 11, 10, 13,  7,  8, 15,  9, 12,  5,  6,  3,  0, 14,
-		11,  8, 12,  7,  1, 14,  2, 13,  6, 15,  0,  9, 10,  4,  5,  3
-	},
-	{
-		12,  1, 10, 15,  9,  2,  6,  8,  0, 13,  3,  4, 14,  7,  5, 11,
-		10, 15,  4,  2,  7, 12,  9,  5,  6,  1, 13, 14,  0, 11,  3,  8,
-		 9, 14, 15,  5,  2,  8, 12,  3,  7,  0,  4, 10,  1, 13, 11,  6,
-		 4,  3,  2, 12,  9,  5, 15, 10, 11, 14,  1,  7,  6,  0,  8, 13
-	},
-	{
-		 4, 11,  2, 14, 15,  0,  8, 13,  3, 12,  9,  7,  5, 10,  6,  1,
-		13,  0, 11,  7,  4,  9,  1, 10, 14,  3,  5, 12,  2, 15,  8,  6,
-		 1,  4, 11, 13, 12,  3,  7, 14, 10, 15,  6,  8,  0,  5,  9,  2,
-		 6, 11, 13,  8,  1,  4, 10,  7,  9,  5,  0, 15, 14,  2,  3, 12
-	},
-	{
-		13,  2,  8,  4,  6, 15, 11,  1, 10,  9,  3, 14,  5,  0, 12,  7,
-		 1, 15, 13,  8, 10,  3,  7,  4, 12,  5,  6, 11,  0, 14,  9,  2,
-		 7, 11,  4,  1,  9, 12, 14,  2,  0,  6, 10, 13, 15,  3,  5,  8,
-		 2,  1, 14,  7,  4, 10,  8, 13, 15, 12,  9,  0,  3,  5,  6, 11
-	}
-};
-
-static u_char	un_pbox[32];
-static u_char	pbox[32] = {
-	16,  7, 20, 21, 29, 12, 28, 17,  1, 15, 23, 26,  5, 18, 31, 10,
-	 2,  8, 24, 14, 32, 27,  3,  9, 19, 13, 30,  6, 22, 11,  4, 25
-};
-
-static u_long	bits32[32] =
-{
-	0x80000000, 0x40000000, 0x20000000, 0x10000000,
-	0x08000000, 0x04000000, 0x02000000, 0x01000000,
-	0x00800000, 0x00400000, 0x00200000, 0x00100000,
-	0x00080000, 0x00040000, 0x00020000, 0x00010000,
-	0x00008000, 0x00004000, 0x00002000, 0x00001000,
-	0x00000800, 0x00000400, 0x00000200, 0x00000100,
-	0x00000080, 0x00000040, 0x00000020, 0x00000010,
-	0x00000008, 0x00000004, 0x00000002, 0x00000001
-};
-
-static u_char	bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 };
-
-static u_long	saltbits;
-static long	old_salt;
-static u_long	*bits28, *bits24;
-static u_char	init_perm[64], final_perm[64];
-static u_long	en_keysl[16], en_keysr[16];
-static u_long	de_keysl[16], de_keysr[16];
-static int	des_initialised = 0;
-static u_char	m_sbox[4][4096];
-static u_long	psbox[4][256];
-static u_long	ip_maskl[8][256], ip_maskr[8][256];
-static u_long	fp_maskl[8][256], fp_maskr[8][256];
-static u_long	key_perm_maskl[8][128], key_perm_maskr[8][128];
-static u_long	comp_maskl[8][128], comp_maskr[8][128];
-static u_long	old_rawkey0, old_rawkey1;
-
-static u_char	ascii64[] =
-	 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
-/*	  0000000000111111111122222222223333333333444444444455555555556666 */
-/*	  0123456789012345678901234567890123456789012345678901234567890123 */
-
-static inline int
-ascii_to_bin(char ch)
-{
-	if (ch > 'z')
-		return(0);
-	if (ch >= 'a')
-		return(ch - 'a' + 38);
-	if (ch > 'Z')
-		return(0);
-	if (ch >= 'A')
-		return(ch - 'A' + 12);
-	if (ch > '9')
-		return(0);
-	if (ch >= '.')
-		return(ch - '.');
-	return(0);
-}
-
-
-static void
-des_init()
-{
-	int	i, j, b, k, inbit, obit;
-	u_long	*p, *il, *ir, *fl, *fr;
-
-	old_rawkey0 = old_rawkey1 = 0L;
-	saltbits = 0L;
-	old_salt = 0L;
-	bits24 = (bits28 = bits32 + 4) + 4;
-
-	/*
-	 * Invert the S-boxes, reordering the input bits.
-	 */
-	for (i = 0; i < 8; i++)
-		for (j = 0; j < 64; j++) {
-			b = (j & 0x20) | ((j & 1) << 4) | ((j >> 1) & 0xf);
-			u_sbox[i][j] = sbox[i][b];
-		}
-
-	/*
-	 * Convert the inverted S-boxes into 4 arrays of 8 bits.
-	 * Each will handle 12 bits of the S-box input.
-	 */
-	for (b = 0; b < 4; b++)
-		for (i = 0; i < 64; i++)
-			for (j = 0; j < 64; j++)
-				m_sbox[b][(i << 6) | j] =
-					(u_sbox[(b << 1)][i] << 4) |
-					u_sbox[(b << 1) + 1][j];
-
-	/*
-	 * Set up the initial & final permutations into a useful form, and
-	 * initialise the inverted key permutation.
-	 */
-	for (i = 0; i < 64; i++) {
-		init_perm[final_perm[i] = IP[i] - 1] = i;
-		inv_key_perm[i] = 255;
-	}
-
-	/*
-	 * Invert the key permutation and initialise the inverted key
-	 * compression permutation.
-	 */
-	for (i = 0; i < 56; i++) {
-		u_key_perm[i] = key_perm[i] - 1;
-		inv_key_perm[key_perm[i] - 1] = i;
-		inv_comp_perm[i] = 255;
-	}
-
-	/*
-	 * Invert the key compression permutation.
-	 */
-	for (i = 0; i < 48; i++) {
-		inv_comp_perm[comp_perm[i] - 1] = i;
-	}
-
-	/*
-	 * Set up the OR-mask arrays for the initial and final permutations,
-	 * and for the key initial and compression permutations.
-	 */
-	for (k = 0; k < 8; k++) {
-		for (i = 0; i < 256; i++) {
-			*(il = &ip_maskl[k][i]) = 0L;
-			*(ir = &ip_maskr[k][i]) = 0L;
-			*(fl = &fp_maskl[k][i]) = 0L;
-			*(fr = &fp_maskr[k][i]) = 0L;
-			for (j = 0; j < 8; j++) {
-				inbit = 8 * k + j;
-				if (i & bits8[j]) {
-					if ((obit = init_perm[inbit]) < 32)
-						*il |= bits32[obit];
-					else
-						*ir |= bits32[obit-32];
-					if ((obit = final_perm[inbit]) < 32)
-						*fl |= bits32[obit];
-					else
-						*fr |= bits32[obit - 32];
-				}
-			}
-		}
-		for (i = 0; i < 128; i++) {
-			*(il = &key_perm_maskl[k][i]) = 0L;
-			*(ir = &key_perm_maskr[k][i]) = 0L;
-			for (j = 0; j < 7; j++) {
-				inbit = 8 * k + j;
-				if (i & bits8[j + 1]) {
-					if ((obit = inv_key_perm[inbit]) == 255)
-						continue;
-					if (obit < 28)
-						*il |= bits28[obit];
-					else
-						*ir |= bits28[obit - 28];
-				}
-			}
-			*(il = &comp_maskl[k][i]) = 0L;
-			*(ir = &comp_maskr[k][i]) = 0L;
-			for (j = 0; j < 7; j++) {
-				inbit = 7 * k + j;
-				if (i & bits8[j + 1]) {
-					if ((obit=inv_comp_perm[inbit]) == 255)
-						continue;
-					if (obit < 24)
-						*il |= bits24[obit];
-					else
-						*ir |= bits24[obit - 24];
-				}
-			}
-		}
-	}
-
-	/*
-	 * Invert the P-box permutation, and convert into OR-masks for
-	 * handling the output of the S-box arrays setup above.
-	 */
-	for (i = 0; i < 32; i++)
-		un_pbox[pbox[i] - 1] = i;
-
-	for (b = 0; b < 4; b++)
-		for (i = 0; i < 256; i++) {
-			*(p = &psbox[b][i]) = 0L;
-			for (j = 0; j < 8; j++) {
-				if (i & bits8[j])
-					*p |= bits32[un_pbox[8 * b + j]];
-			}
-		}
-
-	des_initialised = 1;
-}
-
-
-static void
-setup_salt(long salt)
-{
-	u_long	obit, saltbit;
-	int	i;
-
-	if (salt == old_salt)
-		return;
-	old_salt = salt;
-
-	saltbits = 0L;
-	saltbit = 1;
-	obit = 0x800000;
-	for (i = 0; i < 24; i++) {
-		if (salt & saltbit)
-			saltbits |= obit;
-		saltbit <<= 1;
-		obit >>= 1;
-	}
-}
-
-
-int
-des_setkey(const char *key)
-{
-	u_long	k0, k1, rawkey0, rawkey1;
-	int	shifts, i, b, round;
-
-	if (!des_initialised)
-		des_init();
-
-	rawkey0 = ntohl(*(u_long *) key);
-	rawkey1 = ntohl(*(u_long *) (key + 4));
-
-	if ((rawkey0 | rawkey1)
-	    && rawkey0 == old_rawkey0
-	    && rawkey1 == old_rawkey1) {
-		/*
-		 * Already setup for this key.
-		 * This optimisation fails on a zero key (which is weak and
-		 * has bad parity anyway) in order to simplify the starting
-		 * conditions.
-		 */
-		return(0);
-	}
-	old_rawkey0 = rawkey0;
-	old_rawkey1 = rawkey1;
-
-	/*
-	 *	Do key permutation and split into two 28-bit subkeys.
-	 */
-	k0 = key_perm_maskl[0][rawkey0 >> 25]
-	   | key_perm_maskl[1][(rawkey0 >> 17) & 0x7f]
-	   | key_perm_maskl[2][(rawkey0 >> 9) & 0x7f]
-	   | key_perm_maskl[3][(rawkey0 >> 1) & 0x7f]
-	   | key_perm_maskl[4][rawkey1 >> 25]
-	   | key_perm_maskl[5][(rawkey1 >> 17) & 0x7f]
-	   | key_perm_maskl[6][(rawkey1 >> 9) & 0x7f]
-	   | key_perm_maskl[7][(rawkey1 >> 1) & 0x7f];
-	k1 = key_perm_maskr[0][rawkey0 >> 25]
-	   | key_perm_maskr[1][(rawkey0 >> 17) & 0x7f]
-	   | key_perm_maskr[2][(rawkey0 >> 9) & 0x7f]
-	   | key_perm_maskr[3][(rawkey0 >> 1) & 0x7f]
-	   | key_perm_maskr[4][rawkey1 >> 25]
-	   | key_perm_maskr[5][(rawkey1 >> 17) & 0x7f]
-	   | key_perm_maskr[6][(rawkey1 >> 9) & 0x7f]
-	   | key_perm_maskr[7][(rawkey1 >> 1) & 0x7f];
-	/*
-	 *	Rotate subkeys and do compression permutation.
-	 */
-	shifts = 0;
-	for (round = 0; round < 16; round++) {
-		u_long	t0, t1;
-		int	bit;
-
-		shifts += key_shifts[round];
-
-		t0 = (k0 << shifts) | (k0 >> (28 - shifts));
-		t1 = (k1 << shifts) | (k1 >> (28 - shifts));
-
-		de_keysl[15 - round] =
-		en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f]
-				| comp_maskl[1][(t0 >> 14) & 0x7f]
-				| comp_maskl[2][(t0 >> 7) & 0x7f]
-				| comp_maskl[3][t0 & 0x7f]
-				| comp_maskl[4][(t1 >> 21) & 0x7f]
-				| comp_maskl[5][(t1 >> 14) & 0x7f]
-				| comp_maskl[6][(t1 >> 7) & 0x7f]
-				| comp_maskl[7][t1 & 0x7f];
-
-		de_keysr[15 - round] =
-		en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f]
-				| comp_maskr[1][(t0 >> 14) & 0x7f]
-				| comp_maskr[2][(t0 >> 7) & 0x7f]
-				| comp_maskr[3][t0 & 0x7f]
-				| comp_maskr[4][(t1 >> 21) & 0x7f]
-				| comp_maskr[5][(t1 >> 14) & 0x7f]
-				| comp_maskr[6][(t1 >> 7) & 0x7f]
-				| comp_maskr[7][t1 & 0x7f];
-	}
-	return(0);
-}
-
-
-static int
-do_des(	u_long l_in, u_long r_in, u_long *l_out, u_long *r_out, int count)
-{
-	/*
-	 *	l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format.
-	 */
-	u_long	mask, rawl, rawr, l, r, *kl, *kr, *kl1, *kr1;
-	u_long	f, r48l, r48r;
-	int	i, j, b, round;
-
-	if (count == 0) {
-		return(1);
-	} else if (count > 0) {
-		/*
-		 * Encrypting
-		 */
-		kl1 = en_keysl;
-		kr1 = en_keysr;
-	} else {
-		/*
-		 * Decrypting
-		 */
-		count = -count;
-		kl1 = de_keysl;
-		kr1 = de_keysr;
-	}
-
-	/*
-	 *	Do initial permutation (IP).
-	 */
-	l = ip_maskl[0][l_in >> 24]
-	  | ip_maskl[1][(l_in >> 16) & 0xff]
-	  | ip_maskl[2][(l_in >> 8) & 0xff]
-	  | ip_maskl[3][l_in & 0xff]
-	  | ip_maskl[4][r_in >> 24]
-	  | ip_maskl[5][(r_in >> 16) & 0xff]
-	  | ip_maskl[6][(r_in >> 8) & 0xff]
-	  | ip_maskl[7][r_in & 0xff];
-	r = ip_maskr[0][l_in >> 24]
-	  | ip_maskr[1][(l_in >> 16) & 0xff]
-	  | ip_maskr[2][(l_in >> 8) & 0xff]
-	  | ip_maskr[3][l_in & 0xff]
-	  | ip_maskr[4][r_in >> 24]
-	  | ip_maskr[5][(r_in >> 16) & 0xff]
-	  | ip_maskr[6][(r_in >> 8) & 0xff]
-	  | ip_maskr[7][r_in & 0xff];
-
-	while (count--) {
-		/*
-		 * Do each round.
-		 */
-		kl = kl1;
-		kr = kr1;
-		round = 16;
-		while (round--) {
-			/*
-			 * Expand R to 48 bits (simulate the E-box).
-			 */
-			r48l	= ((r & 0x00000001) << 23)
-				| ((r & 0xf8000000) >> 9)
-				| ((r & 0x1f800000) >> 11)
-				| ((r & 0x01f80000) >> 13)
-				| ((r & 0x001f8000) >> 15);
-
-			r48r	= ((r & 0x0001f800) << 7)
-				| ((r & 0x00001f80) << 5)
-				| ((r & 0x000001f8) << 3)
-				| ((r & 0x0000001f) << 1)
-				| ((r & 0x80000000) >> 31);
-			/*
-			 * Do salting for crypt() and friends, and
-			 * XOR with the permuted key.
-			 */
-			f = (r48l ^ r48r) & saltbits;
-			r48l ^= f ^ *kl++;
-			r48r ^= f ^ *kr++;
-			/*
-			 * Do sbox lookups (which shrink it back to 32 bits)
-			 * and do the pbox permutation at the same time.
-			 */
-			f = psbox[0][m_sbox[0][r48l >> 12]]
-			  | psbox[1][m_sbox[1][r48l & 0xfff]]
-			  | psbox[2][m_sbox[2][r48r >> 12]]
-			  | psbox[3][m_sbox[3][r48r & 0xfff]];
-			/*
-			 * Now that we've permuted things, complete f().
-			 */
-			f ^= l;
-			l = r;
-			r = f;
-		}
-		r = l;
-		l = f;
-	}
-	/*
-	 * Do final permutation (inverse of IP).
-	 */
-	*l_out	= fp_maskl[0][l >> 24]
-		| fp_maskl[1][(l >> 16) & 0xff]
-		| fp_maskl[2][(l >> 8) & 0xff]
-		| fp_maskl[3][l & 0xff]
-		| fp_maskl[4][r >> 24]
-		| fp_maskl[5][(r >> 16) & 0xff]
-		| fp_maskl[6][(r >> 8) & 0xff]
-		| fp_maskl[7][r & 0xff];
-	*r_out	= fp_maskr[0][l >> 24]
-		| fp_maskr[1][(l >> 16) & 0xff]
-		| fp_maskr[2][(l >> 8) & 0xff]
-		| fp_maskr[3][l & 0xff]
-		| fp_maskr[4][r >> 24]
-		| fp_maskr[5][(r >> 16) & 0xff]
-		| fp_maskr[6][(r >> 8) & 0xff]
-		| fp_maskr[7][r & 0xff];
-	return(0);
-}
-
-
-int
-des_cipher(const char *in, char *out, long salt, int count)
-{
-	u_long	l_out, r_out, rawl, rawr;
-	int	retval;
-
-	if (!des_initialised)
-		des_init();
-
-	setup_salt(salt);
-
-	rawl = ntohl(*((u_long *) in)++);
-	rawr = ntohl(*((u_long *) in));
-
-	retval = do_des(rawl, rawr, &l_out, &r_out, count);
-
-	*((u_long *) out)++ = htonl(l_out);
-	*((u_long *) out) = htonl(r_out);
-	return(retval);
-}
-
-
-int
-setkey(char *key)
-{
-	int	i, j;
-	u_long	packed_keys[2];
-	u_char	*p;
-
-	p = (u_char *) packed_keys;
-
-	for (i = 0; i < 8; i++) {
-		p[i] = 0;
-		for (j = 0; j < 8; j++)
-			if (*key++ & 1)
-				p[i] |= bits8[j];
-	}
-	return(des_setkey(p));
-}
-
-
-int
-encrypt(char *block, int flag)
-{
-	u_long	io[2];
-	u_char	*p;
-	int	i, j, retval;
-
-	if (!des_initialised)
-		des_init();
-
-	setup_salt(0L);
-	p = block;
-	for (i = 0; i < 2; i++) {
-		io[i] = 0L;
-		for (j = 0; j < 32; j++)
-			if (*p++ & 1)
-				io[i] |= bits32[j];
-	}
-	retval = do_des(io[0], io[1], io, io + 1, flag ? -1 : 1);
-	for (i = 0; i < 2; i++)
-		for (j = 0; j < 32; j++)
-			block[(i << 5) | j] = (io[i] & bits32[j]) ? 1 : 0;
-	return(retval);
-}
-
diff --git a/secure/lib/libcipher/test/Makefile b/secure/lib/libcipher/test/Makefile
deleted file mode 100644
index f1cf6cced1a5..000000000000
--- a/secure/lib/libcipher/test/Makefile
+++ /dev/null
@@ -1,56 +0,0 @@
-#
-#	Hacked Makefile to compile and run the DES-certification program,
-#	but not install anything.
-#
-# $Id: Makefile,v 1.1.1.1 1994/09/07 21:18:08 csgr Exp $
-#
-LIBCRYPT!=cd $(.CURDIR)/..; \
-	printf "xxx:\n\techo \$${.OBJDIR}/libcipher.a\n" | make -r -s -f - xxx
-
-#CFLAGS+= -DHAVE_CRYPT16
-LIBCRYPT+= -lcrypt
-
-TARGETS=cert speedcrypt speeddes
-
-all: ${TARGETS}
-
-test: all testcrypt testencrypt testdes testspeed
-
-testcrypt: cert
-	@./cert -c
-
-testencrypt: cert
-	@./cert -e < ${.CURDIR}/cert.input
-
-testdes: cert
-	@./cert -d < ${.CURDIR}/cert.input
-
-testspeed: cryptspeed desspeed
-
-cryptspeed: speedcrypt
-	@./speedcrypt 30 1
-	@./speedcrypt 30 1
-	@./speedcrypt 30 0
-	@./speedcrypt 30 0
-
-desspeed: speeddes
-	@./speeddes 30 1
-	@./speeddes 30 1
-	@./speeddes 40 25
-	@./speeddes 40 25
-
-cert: cert.c ${LIBCRYPT}
-	$(CC) $(CFLAGS) -o cert ${.CURDIR}/cert.c ${LIBCRYPT}
-
-speedcrypt: speedcrypt.c ${LIBCRYPT}
-	$(CC) $(CFLAGS) -o speedcrypt ${.CURDIR}/speedcrypt.c ${LIBCRYPT}
-
-speeddes: speeddes.c ${LIBCRYPT}
-	$(CC) $(CFLAGS) -o speeddes ${.CURDIR}/speeddes.c ${LIBCRYPT}
-
-clean:
-	rm -f ${TARGETS}
-
-install:
-
-.include <bsd.prog.mk>
diff --git a/secure/lib/libcipher/test/README b/secure/lib/libcipher/test/README
deleted file mode 100644
index eb6b0bebbc1d..000000000000
--- a/secure/lib/libcipher/test/README
+++ /dev/null
@@ -1,10 +0,0 @@
-This directory contains test programs to certify DES operation and to
-time the crypt() call (of curiosity value).
-
-Simply type `make test` to run the tests.
-
-The normal `make all` and `make install` that get done during library building
-and installation will build these programs BUT NOT INSTALL THEM.  After all,
-they're only for testing...
-
-- David Burren, January 1994
diff --git a/secure/lib/libcipher/test/cert.c b/secure/lib/libcipher/test/cert.c
deleted file mode 100644
index 549c2306894f..000000000000
--- a/secure/lib/libcipher/test/cert.c
+++ /dev/null
@@ -1,344 +0,0 @@
-/*
- * This DES validation program shipped with FreeSec is derived from that
- * shipped with UFC-crypt which is apparently derived from one distributed
- * with Phil Karns PD DES package.
- *
- * $Id: cert.c,v 1.1.1.1 1994/09/07 21:18:08 csgr Exp $
- */
-
-#include <stdio.h>
-
-int totfails = 0;
-
-char *crypt();
-#ifdef HAVE_CRYPT16
-char *crypt16();
-#endif /* HAVE_CRYPT16 */
-
-
-static struct crypt_test {
-	char	*key, *setting, *answer;
-} crypt_tests[] = {
-	"foob",			"ar",		"arlEKn0OzVJn.",
-	"holyhooplasbatman!",	"_X.......",	"_X.......N89y2Z.e4WU",
-	"holyhooplasbatman!",	"_X...X...",	"_X...X...rSUDQ5Na/QM",
-	"holyhooplasbatman!",	"_XX..X...",	"_XX..X...P8vb9xU4JAk",
-	"holyhooplasbatman!",	"_XX..XX..",	"_XX..XX..JDs5IlGLqT2",
-	"holyhooplasbatman!",	"_XX..XXa.",	"_XX..XXa.bFVsOnCNh8Y",
-	"holyhooplasbatman!",	"_XXa.X...",	"_XXa.X...Ghsb3QKNaps",
-#ifdef TAKES_TOO_LONG_ON_SOME_CRYPTS
-	"holyhooplasbatman!",	"_arararar",	"_ararararNGMzvpNjeCc",
-#endif
-	NULL, NULL, NULL,
-};
-
-
-static struct crypt_test crypt16_tests[] = {
-	"foob",			"ar",		"arxo23jZDD5AYbHbqoy9Dalg",
-	"holyhooplasbatman!",	"ar",		"arU5FRLJ3kxIoedlmyrOelEw",
-	NULL, NULL, NULL
-};
-
-
-void good_bye()
-{
-  if(totfails == 0) {
-    printf(" Passed validation\n");
-    exit(0);
-  } else {
-    printf(" %d failures during validation!!!\n", totfails);
-    exit(1);
-  }
-}
-
-
-void put8(cp)
-char *cp;
-{
-	int i,j,t;
-
-	for(i = 0; i < 8; i++){
-		t = 0;
-		for(j = 0; j < 8; j++)
-			t = t << 1 | *cp++;
-		printf("%02x", t);
-	}
-}
-
-
-void print_bits(bits)
-unsigned char *bits;
-{
-	int	i;
-
-	for (i = 0; i < 8; i++) {
-		printf("%02x", bits[i]);
-	}
-}
-
-
-int parse_line(buff, salt, key, plain, answer)
-char *buff;
-long *salt;
-char *key, *plain, *answer;
-{
-	char *ptr1, *ptr2;
-	int val;
-	int i,j,t;
-
-	/*
-	 * Extract salt
-	 */
-	if (sscanf(buff, "%lu", salt) != 1)
-		return(-1);
-	for (ptr2 = buff; *ptr2 && !isspace(*ptr2); ptr2++)
-		;
-
-	/*
-	 * Extract key
-	 */
-	for (ptr1 = ptr2; *ptr1 && isspace(*ptr1); ptr1++)
-		;
-	for (ptr2 = ptr1; *ptr2 && !isspace(*ptr2); ptr2++)
-		;
-	if (ptr2 - ptr1 != 16)
-		return(-1);
-	for (i = 0; i < 8; i++){
-		if (sscanf(ptr1 + 2*i, "%2x", &t) != 1)
-			return(-2);
-		for (j = 0; j < 8; j++)
-			*key++ = (t & 1 << (7 - j)) != 0;
-	}
-
-	/*
-	 * Extract plain
-	 */
-	for (ptr1 = ptr2; *ptr1 && isspace(*ptr1); ptr1++)
-		;
-	for (ptr2 = ptr1; *ptr2 && !isspace(*ptr2); ptr2++)
-		;
-	if (ptr2 - ptr1 != 16)
-		return(-1);
-	for (i = 0; i < 8; i++){
-		if (sscanf(ptr1 + 2*i, "%2x", &t) != 1)
-			return(-2);
-		for (j = 0; j < 8; j++)
-			*plain++ = (t & 1 << (7 - j)) != 0;
-	}
-
-	/*
-	 * Extract answer
-	 */
-	for (ptr1 = ptr2; *ptr1 && isspace(*ptr1); ptr1++)
-		;
-	for (ptr2 = ptr1; *ptr2 && !isspace(*ptr2); ptr2++)
-		;
-	if (ptr2 - ptr1 != 16)
-		return(-1);
-	for (i = 0; i < 8; i++){
-		if (sscanf(ptr1 + 2*i, "%2x", &t) != 1)
-			return(-2);
-		for (j = 0; j < 8; j++)
-			*answer++ = (t & 1 << (7 - j)) != 0;
-	}
-	return(0);
-}
-
-/*
- * Test the setkey and encrypt functions
- */
-void test_encrypt()
-{
-	char key[64],plain[64],cipher[64],answer[64];
-	char buff[BUFSIZ];
-	unsigned long salt;
-	int i;
-	int test;
-	int fail;
-
-	printf("Testing setkey/encrypt\n");
-
-	for(test=0;fgets(buff, BUFSIZ, stdin);test++){
-
-		/*
-		 * Allow comments.
-		 */
-		if (*buff == '#')
-			continue;
-
-		if ((fail = parse_line(buff, &salt, key, plain, answer)) < 0){
-			printf("test %d garbled (%d)\n", test, fail);
-			continue;
-		}
-
-		if (salt)
-			continue;	/* encrypt has no salt support */
-
-		printf(" K: "); put8(key);
-		printf(" P: "); put8(plain);
-		printf(" C: "); put8(answer);
-
-		setkey(key);
-		for(i = 0; i < 64; i++)
-			cipher[i] = plain[i];
-		encrypt(cipher, 0);
-
-		for(i=0;i<64;i++)
-			if(cipher[i] != answer[i])
-				break;
-		fail = 0;
-		if(i != 64){
-			printf(" Enc FAIL ");
-			put8(cipher);
-			fail++; totfails++;
-		}
-
-		encrypt(cipher, 1);
-
-		for(i=0;i<64;i++)
-			if(cipher[i] != plain[i])
-				break;
-		if(i != 64){
-			printf(" Dec FAIL");
-			fail++; totfails++;
-		}
-
-		if(fail == 0)
-			printf(" OK");
-		printf("\n");
-	}
-}
-
-
-void bytes_to_bits(bytes, bits)
-char *bytes;
-unsigned char *bits;
-{
-	int	i, j;
-
-	for (i = 0; i < 8; i++) {
-		bits[i] = 0;
-		for (j = 0; j < 8; j++) {
-			bits[i] |= (bytes[i*8+j] & 1) << (7 - j);
-		}
-	}
-}
-
-
-/*
- * Test the des_setkey and des_cipher functions
- */
-void test_des()
-{
-	char ckey[64], cplain[64], canswer[64];
-	unsigned char key[8], plain[8], cipher[8], answer[8];
-	char buff[BUFSIZ];
-	unsigned long salt;
-	int i;
-	int test;
-	int fail;
-
-	printf("Testing des_setkey/des_cipher\n");
-
-	for(test=0;fgets(buff, BUFSIZ, stdin);test++){
-
-		/*
-		 * Allow comments.
-		 */
-		if (*buff == '#')
-			continue;
-
-		if ((fail = parse_line(buff, &salt, ckey, cplain, canswer)) <0){
-			printf("test %d garbled (%d)\n", test, fail);
-			continue;
-		}
-
-		printf(" S: %06x", salt);
-		printf(" K: "); put8(ckey);
-		printf(" P: "); put8(cplain);
-		printf(" C: "); put8(canswer);
-
-		bytes_to_bits(ckey, key);
-		bytes_to_bits(cplain, plain);
-		bytes_to_bits(canswer, answer);
-		des_setkey(key);
-		des_cipher(plain, cipher, salt, 1);
-
-		for(i = 0; i < 8; i++)
-			if(cipher[i] != answer[i])
-				break;
-		fail = 0;
-		if(i != 8){
-			printf(" Enc FAIL ");
-			print_bits(cipher);
-			fail++; totfails++;
-		}
-
-		des_cipher(cipher, cipher, salt, -1);
-
-		for(i = 0; i < 8; i++)
-			if(cipher[i] != plain[i])
-				break;
-		if(i != 8){
-			printf(" Dec FAIL");
-			fail++; totfails++;
-		}
-
-		if(fail == 0)
-			printf(" OK");
-		printf("\n");
-	}
-}
-
-
-/*
- *	Test the old-style crypt(), the new-style crypt(), and crypt16().
- */
-void test_crypt()
-{
-	char	*result;
-	struct crypt_test	*p;
-
-	printf("Testing crypt() family\n");
-
-	for (p = crypt_tests; p->key; p++) {
-		printf(" crypt(\"%s\", \"%s\"), \"%s\" expected",
-			p->key, p->setting, p->answer);
-		fflush(stdout);
-		result = crypt(p->key, p->setting);
-		if(!strcmp(result, p->answer)) {
-			printf(", OK\n");
-		} else {
-			printf("\n  failed (\"%s\")\n", result);
-			totfails++;
-		}
-	}
-
-#ifdef HAVE_CRYPT16
-	for (p = crypt16_tests; p->key; p++) {
-		printf(" crypt16(\"%s\", \"%s\"), \"%s\" expected",
-			p->key, p->setting, p->answer);
-		fflush(stdout);
-		result = crypt16(p->key, p->setting);
-		if(!strcmp(result, p->answer)) {
-			printf(", OK\n");
-		} else {
-			printf("\n  failed (\"%s\")\n", result);
-			totfails++;
-		}
-	}
-#endif /* HAVE_CRYPT16 */
-}
-
-main(argc, argv)
-int argc;
-char *argv[];
-{
-	if(argc < 1 || !strcmp(argv[1], "-e"))
-		test_encrypt();
-	else if(!strcmp(argv[1], "-d"))
-		test_des();
-	else if(!strcmp(argv[1], "-c"))
-		test_crypt();
-	good_bye();
-}
diff --git a/secure/lib/libcipher/test/cert.input b/secure/lib/libcipher/test/cert.input
deleted file mode 100644
index 275639c46e5a..000000000000
--- a/secure/lib/libcipher/test/cert.input
+++ /dev/null
@@ -1,179 +0,0 @@
-# $Id: cert.input,v 1.1 1994/09/07 08:55:26 g89r4222 Exp $
-#
-# Salt, key, plaintext, ciphertext
-#
-0 0101010101010101 95f8a5e5dd31d900 8000000000000000
-0 0101010101010101 dd7f121ca5015619 4000000000000000
-0 0101010101010101 2e8653104f3834ea 2000000000000000
-0 0101010101010101 4bd388ff6cd81d4f 1000000000000000
-0 0101010101010101 20b9e767b2fb1456 0800000000000000
-0 0101010101010101 55579380d77138ef 0400000000000000
-0 0101010101010101 6cc5defaaf04512f 0200000000000000
-0 0101010101010101 0d9f279ba5d87260 0100000000000000
-0 0101010101010101 d9031b0271bd5a0a 0080000000000000
-0 0101010101010101 424250b37c3dd951 0040000000000000
-0 0101010101010101 b8061b7ecd9a21e5 0020000000000000
-0 0101010101010101 f15d0f286b65bd28 0010000000000000
-0 0101010101010101 add0cc8d6e5deba1 0008000000000000
-0 0101010101010101 e6d5f82752ad63d1 0004000000000000
-0 0101010101010101 ecbfe3bd3f591a5e 0002000000000000
-0 0101010101010101 f356834379d165cd 0001000000000000
-0 0101010101010101 2b9f982f20037fa9 0000800000000000
-0 0101010101010101 889de068a16f0be6 0000400000000000
-0 0101010101010101 e19e275d846a1298 0000200000000000
-0 0101010101010101 329a8ed523d71aec 0000100000000000
-0 0101010101010101 e7fce22557d23c97 0000080000000000
-0 0101010101010101 12a9f5817ff2d65d 0000040000000000
-0 0101010101010101 a484c3ad38dc9c19 0000020000000000
-0 0101010101010101 fbe00a8a1ef8ad72 0000010000000000
-0 0101010101010101 750d079407521363 0000008000000000
-0 0101010101010101 64feed9c724c2faf 0000004000000000
-0 0101010101010101 f02b263b328e2b60 0000002000000000
-0 0101010101010101 9d64555a9a10b852 0000001000000000
-0 0101010101010101 d106ff0bed5255d7 0000000800000000
-0 0101010101010101 e1652c6b138c64a5 0000000400000000
-0 0101010101010101 e428581186ec8f46 0000000200000000
-0 0101010101010101 aeb5f5ede22d1a36 0000000100000000
-0 0101010101010101 e943d7568aec0c5c 0000000080000000
-0 0101010101010101 df98c8276f54b04b 0000000040000000
-0 0101010101010101 b160e4680f6c696f 0000000020000000
-0 0101010101010101 fa0752b07d9c4ab8 0000000010000000
-0 0101010101010101 ca3a2b036dbc8502 0000000008000000
-0 0101010101010101 5e0905517bb59bcf 0000000004000000
-0 0101010101010101 814eeb3b91d90726 0000000002000000
-0 0101010101010101 4d49db1532919c9f 0000000001000000
-0 0101010101010101 25eb5fc3f8cf0621 0000000000800000
-0 0101010101010101 ab6a20c0620d1c6f 0000000000400000
-0 0101010101010101 79e90dbc98f92cca 0000000000200000
-0 0101010101010101 866ecedd8072bb0e 0000000000100000
-0 0101010101010101 8b54536f2f3e64a8 0000000000080000
-0 0101010101010101 ea51d3975595b86b 0000000000040000
-0 0101010101010101 caffc6ac4542de31 0000000000020000
-0 0101010101010101 8dd45a2ddf90796c 0000000000010000
-0 0101010101010101 1029d55e880ec2d0 0000000000008000
-0 0101010101010101 5d86cb23639dbea9 0000000000004000
-0 0101010101010101 1d1ca853ae7c0c5f 0000000000002000
-0 0101010101010101 ce332329248f3228 0000000000001000
-0 0101010101010101 8405d1abe24fb942 0000000000000800
-0 0101010101010101 e643d78090ca4207 0000000000000400
-0 0101010101010101 48221b9937748a23 0000000000000200
-0 0101010101010101 dd7c0bbd61fafd54 0000000000000100
-0 0101010101010101 2fbc291a570db5c4 0000000000000080
-0 0101010101010101 e07c30d7e4e26e12 0000000000000040
-0 0101010101010101 0953e2258e8e90a1 0000000000000020
-0 0101010101010101 5b711bc4ceebf2ee 0000000000000010
-0 0101010101010101 cc083f1e6d9e85f6 0000000000000008
-0 0101010101010101 d2fd8867d50d2dfe 0000000000000004
-0 0101010101010101 06e7ea22ce92708f 0000000000000002
-0 0101010101010101 166b40b44aba4bd6 0000000000000001
-0 8001010101010101 0000000000000000 95a8d72813daa94d
-0 4001010101010101 0000000000000000 0eec1487dd8c26d5
-0 2001010101010101 0000000000000000 7ad16ffb79c45926
-0 1001010101010101 0000000000000000 d3746294ca6a6cf3
-0 0801010101010101 0000000000000000 809f5f873c1fd761
-0 0401010101010101 0000000000000000 c02faffec989d1fc
-0 0201010101010101 0000000000000000 4615aa1d33e72f10
-0 0180010101010101 0000000000000000 2055123350c00858
-0 0140010101010101 0000000000000000 df3b99d6577397c8
-0 0120010101010101 0000000000000000 31fe17369b5288c9
-0 0110010101010101 0000000000000000 dfdd3cc64dae1642
-0 0108010101010101 0000000000000000 178c83ce2b399d94
-0 0104010101010101 0000000000000000 50f636324a9b7f80
-0 0102010101010101 0000000000000000 a8468ee3bc18f06d
-0 0101800101010101 0000000000000000 a2dc9e92fd3cde92
-0 0101400101010101 0000000000000000 cac09f797d031287
-0 0101200101010101 0000000000000000 90ba680b22aeb525
-0 0101100101010101 0000000000000000 ce7a24f350e280b6
-0 0101080101010101 0000000000000000 882bff0aa01a0b87
-0 0101040101010101 0000000000000000 25610288924511c2
-0 0101020101010101 0000000000000000 c71516c29c75d170
-0 0101018001010101 0000000000000000 5199c29a52c9f059
-0 0101014001010101 0000000000000000 c22f0a294a71f29f
-0 0101012001010101 0000000000000000 ee371483714c02ea
-0 0101011001010101 0000000000000000 a81fbd448f9e522f
-0 0101010801010101 0000000000000000 4f644c92e192dfed
-0 0101010401010101 0000000000000000 1afa9a66a6df92ae
-0 0101010201010101 0000000000000000 b3c1cc715cb879d8
-0 0101010180010101 0000000000000000 19d032e64ab0bd8b
-0 0101010140010101 0000000000000000 3cfaa7a7dc8720dc
-0 0101010120010101 0000000000000000 b7265f7f447ac6f3
-0 0101010110010101 0000000000000000 9db73b3c0d163f54
-0 0101010108010101 0000000000000000 8181b65babf4a975
-0 0101010104010101 0000000000000000 93c9b64042eaa240
-0 0101010102010101 0000000000000000 5570530829705592
-0 0101010101800101 0000000000000000 8638809e878787a0
-0 0101010101400101 0000000000000000 41b9a79af79ac208
-0 0101010101200101 0000000000000000 7a9be42f2009a892
-0 0101010101100101 0000000000000000 29038d56ba6d2745
-0 0101010101080101 0000000000000000 5495c6abf1e5df51
-0 0101010101040101 0000000000000000 ae13dbd561488933
-0 0101010101020101 0000000000000000 024d1ffa8904e389
-0 0101010101018001 0000000000000000 d1399712f99bf02e
-0 0101010101014001 0000000000000000 14c1d7c1cffec79e
-0 0101010101012001 0000000000000000 1de5279dae3bed6f
-0 0101010101011001 0000000000000000 e941a33f85501303
-0 0101010101010801 0000000000000000 da99dbbc9a03f379
-0 0101010101010401 0000000000000000 b7fc92f91d8e92e9
-0 0101010101010201 0000000000000000 ae8e5caa3ca04e85
-0 0101010101010180 0000000000000000 9cc62df43b6eed74
-0 0101010101010140 0000000000000000 d863dbb5c59a91a0
-0 0101010101010120 0000000000000000 a1ab2190545b91d7
-0 0101010101010110 0000000000000000 0875041e64c570f7
-0 0101010101010108 0000000000000000 5a594528bebef1cc
-0 0101010101010104 0000000000000000 fcdb3291de21f0c0
-0 0101010101010102 0000000000000000 869efd7f9f265a09
-0 1046913489980131 0000000000000000 88d55e54f54c97b4
-0 1007103489988020 0000000000000000 0c0cc00c83ea48fd
-0 10071034c8980120 0000000000000000 83bc8ef3a6570183
-0 1046103489988020 0000000000000000 df725dcad94ea2e9
-0 1086911519190101 0000000000000000 e652b53b550be8b0
-0 1086911519580101 0000000000000000 af527120c485cbb0
-0 5107b01519580101 0000000000000000 0f04ce393db926d5
-0 1007b01519190101 0000000000000000 c9f00ffc74079067
-0 3107915498080101 0000000000000000 7cfd82a593252b4e
-0 3107919498080101 0000000000000000 cb49a2f9e91363e3
-0 10079115b9080140 0000000000000000 00b588be70d23f56
-0 3107911598080140 0000000000000000 406a9a6ab43399ae
-0 1007d01589980101 0000000000000000 6cb773611dca9ada
-0 9107911589980101 0000000000000000 67fd21c17dbb5d70
-0 9107d01589190101 0000000000000000 9592cb4110430787
-0 1007d01598980120 0000000000000000 a6b7ff68a318ddd3
-0 1007940498190101 0000000000000000 4d102196c914ca16
-0 0107910491190401 0000000000000000 2dfa9f4573594965
-0 0107910491190101 0000000000000000 b46604816c0e0774
-0 0107940491190401 0000000000000000 6e7e6221a4f34e87
-0 19079210981a0101 0000000000000000 aa85e74643233199
-0 1007911998190801 0000000000000000 2e5a19db4d1962d6
-0 10079119981a0801 0000000000000000 23a866a809d30894
-0 1007921098190101 0000000000000000 d812d961f017d320
-0 100791159819010b 0000000000000000 055605816e58608f
-0 1004801598190101 0000000000000000 abd88e8b1b7716f1
-0 1004801598190102 0000000000000000 537ac95be69da1e1
-0 1004801598190108 0000000000000000 aed0f6ae3c25cdd8
-0 1002911598100104 0000000000000000 b3e35a5ee53e7b8d
-0 1002911598190104 0000000000000000 61c79c71921a2ef8
-0 1002911598100201 0000000000000000 e2f5728f0995013c
-0 1002911698100101 0000000000000000 1aeac39a61f0a464
-0 7ca110454a1a6e57 01a1d6d039776742 690f5b0d9a26939b
-0 0131d9619dc1376e 5cd54ca83def57da 7a389d10354bd271
-0 07a1133e4a0b2686 0248d43806f67172 868ebb51cab4599a
-0 3849674c2602319e 51454b582ddf440a 7178876e01f19b2a
-0 04b915ba43feb5b6 42fd443059577fa2 af37fb421f8c4095
-0 0113b970fd34f2ce 059b5e0851cf143a 86a560f10ec6d85b
-0 0170f175468fb5e6 0756d8e0774761d2 0cd3da020021dc09
-0 43297fad38e373fe 762514b829bf486a ea676b2cb7db2b7a
-0 07a7137045da2a16 3bdd119049372802 dfd64a815caf1a0f
-0 04689104c2fd3b2f 26955f6835af609a 5c513c9c4886c088
-0 37d06bb516cb7546 164d5e404f275232 0a2aeeae3ff4ab77
-0 1f08260d1ac2465e 6b056e18759f5cca ef1bf03e5dfa575a
-0 584023641aba6176 004bd6ef09176062 88bf0db6d70dee56
-0 025816164629b007 480d39006ee762f2 a1f9915541020b56
-0 49793ebc79b3258f 437540c8698f3cfa 6fbf1cafcffd0556
-0 4fb05e1515ab73a7 072d43a077075292 2f22e49bab7ca1ac
-0 49e95d6d4ca229bf 02fe55778117f12a 5a6b612cc26cce4a
-0 018310dc409b26d6 1d9d5c5018f728c2 5f4c038ed12b2e41
-0 1c587f1c13924fef 305532286d6f295a 63fac0d034d9f793
-1 1c587f1c13924fef 305532286d6f295a 400d307ca24fee60
-57 1c587f1c13924fef 305532286d6f295a 28b568f40e7d43ae
-1 8001010101010101 0000000000000000 f501029f268e45dc
-0 1c587f1c13924fef 305532286d6f295a 63fac0d034d9f793
diff --git a/secure/lib/libcipher/test/speedcrypt.c b/secure/lib/libcipher/test/speedcrypt.c
deleted file mode 100644
index f7507fd789f0..000000000000
--- a/secure/lib/libcipher/test/speedcrypt.c
+++ /dev/null
@@ -1,76 +0,0 @@
-#include <sys/types.h>
-#include <sys/time.h>
-#include <sys/resource.h>
-#include <signal.h>
-#include <stdio.h>
-
-int		keep_going, count, alternate, seconds;
-struct rusage	prior, now;
-
-void
-finish()
-{
-	keep_going = 0;
-}
-
-
-main(int argc, char *argv[])
-{
-	struct itimerval itv;
-	u_long		msecs, key1[8], key2[8];
-	char		*k1, *k2;
-
-	if (argc < 2 || sscanf(argv[1], "%d", &seconds) != 1)
-		seconds = 20;
-
-	if (argc < 3 || sscanf(argv[2], "%d", &alternate) != 1)
-		alternate = 0;
-
-	printf ("Running crypt%s for %d seconds of vtime...\n",
-		alternate ? " with alternate keys" : "", seconds);
-
-	bzero(&itv, sizeof (itv));
-	signal (SIGVTALRM, finish);
-	itv.it_value.tv_sec = seconds;
-	itv.it_value.tv_usec = 0;
-	setitimer(ITIMER_VIRTUAL, &itv, NULL);
-
-	keep_going = 1;
-	if (getrusage(0, &prior) < 0) {
-		perror("getrusage");
-		exit(1);
-	}
-
-	k1 = (char *) key1;
-	k2 = (char *) key2;
-	strcpy(k1, "fredfredfredfredfred");
-	strcpy(k2, "joejoejoejoejoejoejo");
-
-	if (alternate)
-		for (count = 0; keep_going; count++)
-		{
-#if defined(LONGCRYPT)
-			crypt((count & 1) ? k1 : k2, "_ara.X...");
-#else
-			crypt((count & 1) ? k1 : k2, "eek");
-#endif
-		}
-	else
-		for (count = 0; keep_going; count++)
-		{
-#if defined(LONGCRYPT)
-			crypt(k1, "_ara.X...");
-#else
-			crypt(k1, "eek");
-#endif
-		}
-
-	if (getrusage(0, &now) < 0) {
-		perror("getrusage");
-		exit(1);
-	}
-	msecs = (now.ru_utime.tv_sec - prior.ru_utime.tv_sec) * 1000
-	      + (now.ru_utime.tv_usec - prior.ru_utime.tv_usec) / 1000;
-	printf ("\tDid %d crypt()s per second.\n", 1000 * count / msecs);
-	exit(0);
-}
diff --git a/secure/lib/libcipher/test/speeddes.c b/secure/lib/libcipher/test/speeddes.c
deleted file mode 100644
index a5822362f107..000000000000
--- a/secure/lib/libcipher/test/speeddes.c
+++ /dev/null
@@ -1,61 +0,0 @@
-#include <sys/types.h>
-#include <sys/time.h>
-#include <sys/resource.h>
-#include <signal.h>
-#include <stdio.h>
-
-int		keep_going, count, alternate, seconds, iters;
-struct rusage	prior, now;
-u_long		block[3];
-char		*blk;
-
-void
-finish()
-{
-	keep_going = 0;
-}
-
-
-main(int argc, char *argv[])
-{
-	struct itimerval itv;
-	u_long	msecs;
-
-	if (argc < 2 || sscanf(argv[1], "%d", &seconds) != 1)
-		seconds = 20;
-
-	if (argc < 3 || sscanf(argv[2], "%d", &iters) != 1)
-		iters = 1;
-
-	printf ("Running des_cipher( , , 0L, %d) for %d seconds of vtime...\n",
-		iters, seconds);
-
-	bzero(&itv, sizeof (itv));
-	signal (SIGVTALRM, finish);
-	itv.it_value.tv_sec = seconds;
-	itv.it_value.tv_usec = 0;
-	setitimer(ITIMER_VIRTUAL, &itv, NULL);
-
-	keep_going = 1;
-	if (getrusage(0, &prior) < 0) {
-		perror("getrusage");
-		exit(1);
-	}
-
-	blk = (char *) block;
-	(void)des_setkey(blk);
-	for (count = 0; keep_going; count++)
-		(void) des_cipher(blk, blk, 0, iters);
-
-	if (getrusage(0, &now) < 0) {
-		perror("getrusage");
-		exit(1);
-	}
-
-	msecs = (now.ru_utime.tv_sec - prior.ru_utime.tv_sec) * 1000
-	      + (now.ru_utime.tv_usec - prior.ru_utime.tv_usec) / 1000;
-	printf ("Did %d encryptions per second, each of %d iteration(s).\n",
-		1000 * count / msecs, iters);
-	printf ("\tTotal %d blocks per second.\n", (1000*iters*count)/msecs);
-	exit(0);
-}
diff --git a/secure/lib/libcrypt/Makefile b/secure/lib/libcrypt/Makefile
deleted file mode 100644
index 39c64aba38b7..000000000000
--- a/secure/lib/libcrypt/Makefile
+++ /dev/null
@@ -1,45 +0,0 @@
-#
-# $Id$
-#
-
-LCRYPTBASE=     libcrypt
-LCRYPTSO=       $(LCRYPTBASE).so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-
-LDCRYPTBASE=    libdescrypt
-LDCRYPTSO=      $(LDCRYPTBASE).so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-
-.PATH:	${.CURDIR}/../../../lib/libmd
-
-LIB=	descrypt
-SRCS=	crypt.c crypt-md5.c md5c.c
-MAN3=	crypt.3
-CFLAGS+=	-I${.CURDIR}/../../../lib/libmd -Wall
-PRECIOUSLIB=	yes
-
-test:
-	cd test ; make test ; make clean
-
-.include <bsd.lib.mk>
-
-# We only install the links if they do not already exist.
-# This may have to be revised
-afterinstall:
-.if !defined(NOPIC) && defined(SHLIB_MAJOR)
-	@cd $(DESTDIR)/$(LIBDIR); \
-	if [ ! -e $(LCRYPTSO) ]; then \
-	rm -f $(LCRYPTSO); \
-	ln -s $(LDCRYPTSO) $(LCRYPTSO); \
-	fi
-.endif
-	@cd  $(DESTDIR)/$(LIBDIR); \
-	if [ ! -e $(LCRYPTBASE).a ]; then \
-	rm -f $(LCRYPTBASE).a; \
-	ln -s $(LDCRYPTBASE).a libcrypt.a; \
-	fi
-.if !defined(NOPROFILE)
-	@cd  $(DESTDIR)/$(LIBDIR); \
-	if [ ! -e $(LCRYPTBASE)_p.a ]; then \
-	rm -f $(LCRYPTBASE)_p.a; \
-	ln -s $(LDCRYPTBASE)_p.a libcrypt_p.a; \
-	fi
-.endif
diff --git a/secure/lib/libcrypt/README b/secure/lib/libcrypt/README
deleted file mode 100644
index 051c9c1b94ef..000000000000
--- a/secure/lib/libcrypt/README
+++ /dev/null
@@ -1,98 +0,0 @@
-
-	FreeSec - NetBSD libcrypt replacement
-
-	  David Burren <davidb@werj.com.au>
-	  Release 1.0, March 1994
-
-    Document ref: $Id: README,v 1.1.1.1 1994/04/04 14:57:18 g89r4222 Exp $
-
-
-Description
-===========
-This library is a drop-in replacement for the libcrypt used in U.S. copies
-of NetBSD, duplicating that library's functionality.  A suite of verification
-and benchmark tools is provided.
-
-FreeSec 1.0 is an original implementation of the DES algorithm and the
-crypt(3) interfaces used in Unix-style operating systems.  It was produced
-in Australia and as such is not covered by U.S. export restrictions (at
-least for copies that remain outside the U.S.).
-
-
-History
-=======
-An earlier version of the FreeSec library was built using the UFC-crypt
-package that is distributed as part of the GNU library.  UFC-crypt did not
-support the des_cipher() or des_setkey() functions, nor the new-style
-crypt with long keys.  These were implemented in FreeSec 0.2, but at least
-one bug remained, where encryption would only succeed if either the salt
-or the plaintext was zero.  Because of its heritage FreeSec 0.2 was covered
-by the GNU Library Licence.
-
-FreeSec 1.0 is an original implementation by myself, and has been tested
-against the verification suite I'd been using with FreeSec 0.2 (this is not
-encumbered by any licence).  FreeSec 1.0 is covered by a Berkeley-style
-licence, which better fits into the *BSD hierarchy than the earlier GNU
-licence.
-
-
-Why should you use FreeSec?
-===========================
-FreeSec is intended as a replacement for the U.S.-only NetBSD libcrypt,
-to act as a baseline for encryption functionality.
-
-Some other packages (such as Eric Young's libdes package) are faster and
-more complete than FreeSec, but typically have different licencing
-arrangements.  While some applications will justify the use of these
-packages, the idea here is that everyone should have access to *at least*
-the functionality of FreeSec.
-
-
-Performance of FreeSec 1.0
-==========================
-I compare below the performance of three libcrypt implementations.  As can be
-seen, it's between the U.S. library and UFC-crypt.  While the performance of
-FreeSec 1.0 is good enough to keep me happy for now, I hope to improve it in
-future versions.  I was interested to note that while UFC-crypt is faster on
-a 386, hardware characteristics can have markedly different effects on each
-implementation.
-
-
-386DX40, 128k cache	| U.S. BSD	| FreeSec 1.0	| FreeSec 0.2
-CFLAGS=-O2		|		|		|
-========================+===============+===============+==================
-crypt (alternate keys)	| 317		| 341		| 395
-	crypt/sec	|		|		|
-------------------------+---------------+---------------+------------------
-crypt (constant key)	| 317		| 368		| 436
-	crypt/sec	|		|		|
-------------------------+---------------+---------------+------------------
-des_cipher( , , , 1)	| 6037		| 7459		| 3343
-	blocks/sec	|		|		|
-------------------------+---------------+---------------+------------------
-des_cipher( , , , 25)	| 8871		| 9627		| 15926
-	blocks/sec	|		|		|
-
-Notes:	The results tabled here are the average over 10 runs.
-	The entry/exit code for FreeSec 0.2's des_cipher() is particularly
-	inefficient, thus the anomalous result for single encryptions.
-
-
-As an experiment using a machine with a larger register set and an
-obscenely fast CPU, I obtained the following results:
-
-	60 MHz R4400		| FreeSec 1.0	| FreeSec 0.2
-	========================+=================================
-	crypt (alternate keys)	| 2545		| 2702
-		crypt/sec	|		|
-	------------------------+---------------------------------
-	crypt (constant key)	| 2852		| 2981
-		crypt/sec	|		|
-	------------------------+---------------------------------
-	des_cipher( , , , 1)	| 56443		| 21409
-		blocks/sec	|		|
-	------------------------+---------------------------------
-	des_cipher( , , , 25)	| 82531		| 18276
-		blocks/sec	|		|
-
-Obviously your mileage will vary with your hardware and your compiler...
diff --git a/secure/lib/libcrypt/README.FreeBSD b/secure/lib/libcrypt/README.FreeBSD
deleted file mode 100644
index 250467edfd60..000000000000
--- a/secure/lib/libcrypt/README.FreeBSD
+++ /dev/null
@@ -1,21 +0,0 @@
-$Id: README.FreeBSD,v 1.2 1994/04/04 15:10:57 g89r4222 Exp $
-
-This is FreeSec package for NetBSD,  unchanged for
-FreeBSD, except for the Makefile.
-
-FreeSec was written by David Burren <davidb@werj.com.au>
-
-A few bugs in the original FreeSec release have been fixed.
-
-In order to make libcrypt binaries exportable from the USA,
-only the symbol _crypt() (later to be changed to ___crypt())
-is exported from libcrypt.
-
-This source code was developed outside the USA, and can be
-obtained outside the USA.
-
-					Geoff Rehmet
-					Rhodes University
-					Grahamstown 
-					South Africa
-					8 August 1994
diff --git a/secure/lib/libcrypt/crypt-md5.c b/secure/lib/libcrypt/crypt-md5.c
deleted file mode 100644
index 6740f723a807..000000000000
--- a/secure/lib/libcrypt/crypt-md5.c
+++ /dev/null
@@ -1,157 +0,0 @@
-/*
- * ----------------------------------------------------------------------------
- * "THE BEER-WARE LICENSE" (Revision 42):
- * <phk@login.dknet.dk> wrote this file.  As long as you retain this notice you
- * can do whatever you want with this stuff. If we meet some day, and you think
- * this stuff is worth it, you can buy me a beer in return.   Poul-Henning Kamp
- * ----------------------------------------------------------------------------
- * 
- * This has had its entry point changed to crypt_md5 for use in 
- * a dual-personality (DES & MD5) environment)  -- MarkM - Nov 1995
- *
- * $Id$
- *
- */
-
-#if 0
-#if defined(LIBC_SCCS) && !defined(lint)
-static char rcsid[] = "$Header: /home/ncvs/src/lib/libcrypt/crypt.c,v 1.3 1995/05/30 05:42:22 rgrimes Exp $";
-#endif /* LIBC_SCCS and not lint */
-#endif
-
-#include <unistd.h>
-#include <stdio.h>
-#include <string.h>
-#include <md5.h>
-
-static unsigned char itoa64[] =		/* 0 ... 63 => ascii - 64 */
-	"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
-
-static void
-to64(s, v, n)
-	char *s;
-	unsigned long v;
-	int n;
-{
-	while (--n >= 0) {
-		*s++ = itoa64[v&0x3f];
-		v >>= 6;
-	}
-}
-
-/*
- * UNIX password
- *
- * Use MD5 for what it is best at...
- */
-
-char *
-crypt_md5(pw, salt)
-	register const char *pw;
-	register const char *salt;
-{
-	static char	*magic = "$1$";	/*
-						 * This string is magic for
-						 * this algorithm.  Having
-						 * it this way, we can get
-						 * get better later on
-						 */
-	static char     passwd[120], *p;
-	static const char *sp,*ep;
-	unsigned char	final[16];
-	int sl,pl,i,j;
-	MD5_CTX	ctx,ctx1;
-	unsigned long l;
-
-	/* Refine the Salt first */
-	sp = salt;
-
-	/* If it starts with the magic string, then skip that */
-	if(!strncmp(sp,magic,strlen(magic)))
-		sp += strlen(magic);
-
-	/* It stops at the first '$', max 8 chars */
-	for(ep=sp;*ep && *ep != '$' && ep < (sp+8);ep++)
-		continue;
-
-	/* get the length of the true salt */
-	sl = ep - sp;
-
-	MD5Init(&ctx);
-
-	/* The password first, since that is what is most unknown */
-	MD5Update(&ctx,pw,strlen(pw));
-
-	/* Then our magic string */
-	MD5Update(&ctx,magic,strlen(magic));
-
-	/* Then the raw salt */
-	MD5Update(&ctx,sp,sl);
-
-	/* Then just as many characters of the MD5(pw,salt,pw) */
-	MD5Init(&ctx1);
-	MD5Update(&ctx1,pw,strlen(pw));
-	MD5Update(&ctx1,sp,sl);
-	MD5Update(&ctx1,pw,strlen(pw));
-	MD5Final(final,&ctx1);
-	for(pl = strlen(pw); pl > 0; pl -= 16)
-		MD5Update(&ctx,final,pl>16 ? 16 : pl);
-
-	/* Don't leave anything around in vm they could use. */
-	memset(final,0,sizeof final);
-
-	/* Then something really weird... */
-	for (j=0,i = strlen(pw); i ; i >>= 1)
-		if(i&1)
-		    MD5Update(&ctx, final+j, 1);
-		else
-		    MD5Update(&ctx, pw+j, 1);
-
-	/* Now make the output string */
-	strcpy(passwd,magic);
-	strncat(passwd,sp,sl);
-	strcat(passwd,"$");
-
-	MD5Final(final,&ctx);
-
-	/*
-	 * and now, just to make sure things don't run too fast
-	 * On a 60 Mhz Pentium this takes 34 msec, so you would
-	 * need 30 seconds to build a 1000 entry dictionary...
-	 */
-	for(i=0;i<1000;i++) {
-		MD5Init(&ctx1);
-		if(i & 1)
-			MD5Update(&ctx1,pw,strlen(pw));
-		else
-			MD5Update(&ctx1,final,16);
-
-		if(i % 3)
-			MD5Update(&ctx1,sp,sl);
-
-		if(i % 7)
-			MD5Update(&ctx1,pw,strlen(pw));
-
-		if(i & 1)
-			MD5Update(&ctx1,final,16);
-		else
-			MD5Update(&ctx1,pw,strlen(pw));
-		MD5Final(final,&ctx1);
-	}
-
-	p = passwd + strlen(passwd);
-
-	l = (final[ 0]<<16) | (final[ 6]<<8) | final[12]; to64(p,l,4); p += 4;
-	l = (final[ 1]<<16) | (final[ 7]<<8) | final[13]; to64(p,l,4); p += 4;
-	l = (final[ 2]<<16) | (final[ 8]<<8) | final[14]; to64(p,l,4); p += 4;
-	l = (final[ 3]<<16) | (final[ 9]<<8) | final[15]; to64(p,l,4); p += 4;
-	l = (final[ 4]<<16) | (final[10]<<8) | final[ 5]; to64(p,l,4); p += 4;
-	l =                    final[11]                ; to64(p,l,2); p += 2;
-	*p = '\0';
-
-	/* Don't leave anything around in vm they could use. */
-	memset(final,0,sizeof final);
-
-	return passwd;
-}
-
diff --git a/secure/lib/libcrypt/crypt.3 b/secure/lib/libcrypt/crypt.3
deleted file mode 100644
index 6933bad10530..000000000000
--- a/secure/lib/libcrypt/crypt.3
+++ /dev/null
@@ -1,159 +0,0 @@
-.\" FreeSec: libcrypt for NetBSD
-.\"
-.\" Copyright (c) 1994 David Burren
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\" 4. Neither the name of the author nor the names of other contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\"	$Id: crypt.3,v 1.2.6.1 1996/02/07 15:01:45 peter Exp $
-.\"
-.\" Manual page, using -mandoc macros
-.\"
-.Dd March 9, 1994
-.Dt CRYPT 3
-.Os "FreeSec 1.0"
-.Sh NAME
-.Nm crypt
-.Nd DES trapdoor encryption
-.Sh SYNOPSIS
-.Ft char
-.Fn *crypt "const char *key" "const char *setting"
-.Sh DESCRIPTION
-The
-.Fn crypt
-function performs password encryption, based on the
-.Tn NBS
-Data Encryption Standard (DES).
-Additional code has been added to deter key search attempts.
-The first argument to
-.Nm crypt
-is a
-.Dv null Ns -terminated
-string, typically a user's typed password.
-The second is in one of three forms:
-if it begins with an underscore (``_'') then an extended format is used
-in interpreting both the the key and the setting, as outlined below.
-if it begins with the string ``$1$'' then an exportable format is used.
-.Ss Extended crypt:
-.Pp
-The
-.Ar key
-is divided into groups of 8 characters (the last group is null-padded)
-and the low-order 7 bits of each each character (56 bits per group) are
-used to form the DES key as follows:
-the first group of 56 bits becomes the initial DES key.
-For each additional group, the XOR of the encryption of the current DES
-key with itself and the group bits becomes the next DES key.
-.Pp
-The setting is a 9-character array consisting of an underscore followed
-by 4 bytes of iteration count and 4 bytes of salt.
-These are encoded as printable characters, 6 bits per character,
-least significant character first.
-The values 0 to 63 are encoded as ``./0-9A-Za-z''.
-This allows 24 bits for both
-.Fa count
-and
-.Fa salt .
-.Ss "Traditional" crypt:
-.Pp
-The first 8 bytes of the key are null-padded, and the low-order 7 bits of
-each character is used to form the 56-bit
-.Tn DES
-key.
-.Pp
-The setting is a 2-character array of the ASCII-encoded salt.
-Thus only 12 bits of
-.Fa salt
-are used.
-.Fa count
-is set to 25.
-.Ss "FreeBSD" or "Exportable" crypt:
-.Pp
-If the salt begins with ``$1$'' then the freely exportable 
-.Tn MD5
-algorithm is used to calculate a hash value, from which the password string
-is generated. The
-.Tn MD5
-derived routine is designed to be time-consuming like the DES based version.
-.Ss Algorithm:
-.Pp
-The
-.Fa salt
-introduces disorder in the
-.Tn DES
-algorithm in one of 16777216 or 4096 possible ways
-(ie. with 24 or 12 bits: if bit
-.Em i
-of the
-.Ar salt
-is set, then bits
-.Em i
-and
-.Em i+24
-are swapped in the
-.Tn DES
-E-box output).
-.Pp
-The DES key is used to encrypt a 64-bit constant using
-.Ar count
-iterations of
-.Tn DES .
-The value returned is a
-.Dv null Ns -terminated
-string, 20 or 13 bytes (plus null) in length, consisting of the
-.Ar setting
-followed by the encoded 64-bit encryption.
-.Pp
-The function
-.Fn crypt
-returns a pointer to the encrypted value on success, and NULL on failure.
-.Sh SEE ALSO
-.Xr login 1 ,
-.Xr passwd 1 ,
-.Xr getpass 3 ,
-.Xr passwd 5
-.Sh BUGS
-The
-.Fn crypt
-function returns a pointer to static data, and subsequent calls to
-.Fn crypt
-will modify the same object.
-.Sh HISTORY
-A rotor-based
-.Fn crypt
-function appeared in
-.At v6 .
-The current style
-.Fn crypt
-first appeared in
-.At v7 .
-.Pp
-This library (FreeSec 1.0) was developed outside the United States of America
-as an unencumbered replacement for the U.S.-only NetBSD libcrypt encryption
-library.
-Users should be aware that this code (and programs staticly linked with it)
-may not be exported from the U.S., although it apparently can be imported.
-.Sh AUTHOR
-David Burren <davidb@werj.com.au>
diff --git a/secure/lib/libcrypt/crypt.c b/secure/lib/libcrypt/crypt.c
deleted file mode 100644
index f59bb4931860..000000000000
--- a/secure/lib/libcrypt/crypt.c
+++ /dev/null
@@ -1,697 +0,0 @@
-/*
- * FreeSec: libcrypt for NetBSD
- *
- * Copyright (c) 1994 David Burren
- * All rights reserved.
- *
- * Adapted for FreeBSD-2.0 by Geoffrey M. Rehmet
- *	crypt.c should now *only* export crypt(), in order to make
- *	binaries of libcrypt exportable from the USA
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 4. Neither the name of the author nor the names of other contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	$Id: crypt.c,v 1.7 1995/12/16 09:14:12 markm Exp $
- *
- * This is an original implementation of the DES and the crypt(3) interfaces
- * by David Burren <davidb@werj.com.au>.
- *
- * An excellent reference on the underlying algorithm (and related
- * algorithms) is:
- *
- *	B. Schneier, Applied Cryptography: protocols, algorithms,
- *	and source code in C, John Wiley & Sons, 1994.
- *
- * Note that in that book's description of DES the lookups for the initial,
- * pbox, and final permutations are inverted (this has been brought to the
- * attention of the author).  A list of errata for this book has been
- * posted to the sci.crypt newsgroup by the author and is available for FTP.
- *
- * ARCHITECTURE ASSUMPTIONS:
- *	This code assumes that u_longs are 32 bits.  It will probably not
- *	operate on 64-bit machines without modifications.
- *	It is assumed that the 8-byte arrays passed by reference can be
- *	addressed as arrays of u_longs (ie. the CPU is not picky about
- *	alignment).
- */
-#include <sys/types.h>
-#include <sys/param.h>
-#include <pwd.h>
-#include <string.h>
-
-char *crypt_md5(const char *pw, const char *salt);
-
-/* We can't always assume gcc */
-#ifdef __GNUC__
-#define INLINE inline
-#endif
-
-
-static u_char	IP[64] = {
-	58, 50, 42, 34, 26, 18, 10,  2, 60, 52, 44, 36, 28, 20, 12,  4,
-	62, 54, 46, 38, 30, 22, 14,  6, 64, 56, 48, 40, 32, 24, 16,  8,
-	57, 49, 41, 33, 25, 17,  9,  1, 59, 51, 43, 35, 27, 19, 11,  3,
-	61, 53, 45, 37, 29, 21, 13,  5, 63, 55, 47, 39, 31, 23, 15,  7
-};
-
-static u_char	inv_key_perm[64];
-static u_char	u_key_perm[56];
-static u_char	key_perm[56] = {
-	57, 49, 41, 33, 25, 17,  9,  1, 58, 50, 42, 34, 26, 18,
-	10,  2, 59, 51, 43, 35, 27, 19, 11,  3, 60, 52, 44, 36,
-	63, 55, 47, 39, 31, 23, 15,  7, 62, 54, 46, 38, 30, 22,
-	14,  6, 61, 53, 45, 37, 29, 21, 13,  5, 28, 20, 12,  4
-};
-
-static u_char	key_shifts[16] = {
-	1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
-};
-
-static u_char	inv_comp_perm[56];
-static u_char	comp_perm[48] = {
-	14, 17, 11, 24,  1,  5,  3, 28, 15,  6, 21, 10,
-	23, 19, 12,  4, 26,  8, 16,  7, 27, 20, 13,  2,
-	41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
-	44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
-};
-
-/*
- *	No E box is used, as it's replaced by some ANDs, shifts, and ORs.
- */
-
-static u_char	u_sbox[8][64];
-static u_char	sbox[8][64] = {
-	{
-		14,  4, 13,  1,  2, 15, 11,  8,  3, 10,  6, 12,  5,  9,  0,  7,
-		 0, 15,  7,  4, 14,  2, 13,  1, 10,  6, 12, 11,  9,  5,  3,  8,
-		 4,  1, 14,  8, 13,  6,  2, 11, 15, 12,  9,  7,  3, 10,  5,  0,
-		15, 12,  8,  2,  4,  9,  1,  7,  5, 11,  3, 14, 10,  0,  6, 13
-	},
-	{
-		15,  1,  8, 14,  6, 11,  3,  4,  9,  7,  2, 13, 12,  0,  5, 10,
-		 3, 13,  4,  7, 15,  2,  8, 14, 12,  0,  1, 10,  6,  9, 11,  5,
-		 0, 14,  7, 11, 10,  4, 13,  1,  5,  8, 12,  6,  9,  3,  2, 15,
-		13,  8, 10,  1,  3, 15,  4,  2, 11,  6,  7, 12,  0,  5, 14,  9
-	},
-	{
-		10,  0,  9, 14,  6,  3, 15,  5,  1, 13, 12,  7, 11,  4,  2,  8,
-		13,  7,  0,  9,  3,  4,  6, 10,  2,  8,  5, 14, 12, 11, 15,  1,
-		13,  6,  4,  9,  8, 15,  3,  0, 11,  1,  2, 12,  5, 10, 14,  7,
-		 1, 10, 13,  0,  6,  9,  8,  7,  4, 15, 14,  3, 11,  5,  2, 12
-	},
-	{
-		 7, 13, 14,  3,  0,  6,  9, 10,  1,  2,  8,  5, 11, 12,  4, 15,
-		13,  8, 11,  5,  6, 15,  0,  3,  4,  7,  2, 12,  1, 10, 14,  9,
-		10,  6,  9,  0, 12, 11,  7, 13, 15,  1,  3, 14,  5,  2,  8,  4,
-		 3, 15,  0,  6, 10,  1, 13,  8,  9,  4,  5, 11, 12,  7,  2, 14
-	},
-	{
-		 2, 12,  4,  1,  7, 10, 11,  6,  8,  5,  3, 15, 13,  0, 14,  9,
-		14, 11,  2, 12,  4,  7, 13,  1,  5,  0, 15, 10,  3,  9,  8,  6,
-		 4,  2,  1, 11, 10, 13,  7,  8, 15,  9, 12,  5,  6,  3,  0, 14,
-		11,  8, 12,  7,  1, 14,  2, 13,  6, 15,  0,  9, 10,  4,  5,  3
-	},
-	{
-		12,  1, 10, 15,  9,  2,  6,  8,  0, 13,  3,  4, 14,  7,  5, 11,
-		10, 15,  4,  2,  7, 12,  9,  5,  6,  1, 13, 14,  0, 11,  3,  8,
-		 9, 14, 15,  5,  2,  8, 12,  3,  7,  0,  4, 10,  1, 13, 11,  6,
-		 4,  3,  2, 12,  9,  5, 15, 10, 11, 14,  1,  7,  6,  0,  8, 13
-	},
-	{
-		 4, 11,  2, 14, 15,  0,  8, 13,  3, 12,  9,  7,  5, 10,  6,  1,
-		13,  0, 11,  7,  4,  9,  1, 10, 14,  3,  5, 12,  2, 15,  8,  6,
-		 1,  4, 11, 13, 12,  3,  7, 14, 10, 15,  6,  8,  0,  5,  9,  2,
-		 6, 11, 13,  8,  1,  4, 10,  7,  9,  5,  0, 15, 14,  2,  3, 12
-	},
-	{
-		13,  2,  8,  4,  6, 15, 11,  1, 10,  9,  3, 14,  5,  0, 12,  7,
-		 1, 15, 13,  8, 10,  3,  7,  4, 12,  5,  6, 11,  0, 14,  9,  2,
-		 7, 11,  4,  1,  9, 12, 14,  2,  0,  6, 10, 13, 15,  3,  5,  8,
-		 2,  1, 14,  7,  4, 10,  8, 13, 15, 12,  9,  0,  3,  5,  6, 11
-	}
-};
-
-static u_char	un_pbox[32];
-static u_char	pbox[32] = {
-	16,  7, 20, 21, 29, 12, 28, 17,  1, 15, 23, 26,  5, 18, 31, 10,
-	 2,  8, 24, 14, 32, 27,  3,  9, 19, 13, 30,  6, 22, 11,  4, 25
-};
-
-static u_long	bits32[32] =
-{
-	0x80000000, 0x40000000, 0x20000000, 0x10000000,
-	0x08000000, 0x04000000, 0x02000000, 0x01000000,
-	0x00800000, 0x00400000, 0x00200000, 0x00100000,
-	0x00080000, 0x00040000, 0x00020000, 0x00010000,
-	0x00008000, 0x00004000, 0x00002000, 0x00001000,
-	0x00000800, 0x00000400, 0x00000200, 0x00000100,
-	0x00000080, 0x00000040, 0x00000020, 0x00000010,
-	0x00000008, 0x00000004, 0x00000002, 0x00000001
-};
-
-static u_char	bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 };
-
-static u_long	saltbits;
-static long	old_salt;
-static u_long	*bits28, *bits24;
-static u_char	init_perm[64], final_perm[64];
-static u_long	en_keysl[16], en_keysr[16];
-static u_long	de_keysl[16], de_keysr[16];
-static int	des_initialised = 0;
-static u_char	m_sbox[4][4096];
-static u_long	psbox[4][256];
-static u_long	ip_maskl[8][256], ip_maskr[8][256];
-static u_long	fp_maskl[8][256], fp_maskr[8][256];
-static u_long	key_perm_maskl[8][128], key_perm_maskr[8][128];
-static u_long	comp_maskl[8][128], comp_maskr[8][128];
-static u_long	old_rawkey0, old_rawkey1;
-
-static u_char	ascii64[] =
-	 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
-/*	  0000000000111111111122222222223333333333444444444455555555556666 */
-/*	  0123456789012345678901234567890123456789012345678901234567890123 */
-
-static INLINE int
-ascii_to_bin(char ch)
-{
-	if (ch > 'z')
-		return(0);
-	if (ch >= 'a')
-		return(ch - 'a' + 38);
-	if (ch > 'Z')
-		return(0);
-	if (ch >= 'A')
-		return(ch - 'A' + 12);
-	if (ch > '9')
-		return(0);
-	if (ch >= '.')
-		return(ch - '.');
-	return(0);
-}
-
-static void
-des_init()
-{
-	int	i, j, b, k, inbit, obit;
-	u_long	*p, *il, *ir, *fl, *fr;
-
-	old_rawkey0 = old_rawkey1 = 0L;
-	saltbits = 0L;
-	old_salt = 0L;
-	bits24 = (bits28 = bits32 + 4) + 4;
-
-	/*
-	 * Invert the S-boxes, reordering the input bits.
-	 */
-	for (i = 0; i < 8; i++)
-		for (j = 0; j < 64; j++) {
-			b = (j & 0x20) | ((j & 1) << 4) | ((j >> 1) & 0xf);
-			u_sbox[i][j] = sbox[i][b];
-		}
-
-	/*
-	 * Convert the inverted S-boxes into 4 arrays of 8 bits.
-	 * Each will handle 12 bits of the S-box input.
-	 */
-	for (b = 0; b < 4; b++)
-		for (i = 0; i < 64; i++)
-			for (j = 0; j < 64; j++)
-				m_sbox[b][(i << 6) | j] =
-					(u_sbox[(b << 1)][i] << 4) |
-					u_sbox[(b << 1) + 1][j];
-
-	/*
-	 * Set up the initial & final permutations into a useful form, and
-	 * initialise the inverted key permutation.
-	 */
-	for (i = 0; i < 64; i++) {
-		init_perm[final_perm[i] = IP[i] - 1] = i;
-		inv_key_perm[i] = 255;
-	}
-
-	/*
-	 * Invert the key permutation and initialise the inverted key
-	 * compression permutation.
-	 */
-	for (i = 0; i < 56; i++) {
-		u_key_perm[i] = key_perm[i] - 1;
-		inv_key_perm[key_perm[i] - 1] = i;
-		inv_comp_perm[i] = 255;
-	}
-
-	/*
-	 * Invert the key compression permutation.
-	 */
-	for (i = 0; i < 48; i++) {
-		inv_comp_perm[comp_perm[i] - 1] = i;
-	}
-
-	/*
-	 * Set up the OR-mask arrays for the initial and final permutations,
-	 * and for the key initial and compression permutations.
-	 */
-	for (k = 0; k < 8; k++) {
-		for (i = 0; i < 256; i++) {
-			*(il = &ip_maskl[k][i]) = 0L;
-			*(ir = &ip_maskr[k][i]) = 0L;
-			*(fl = &fp_maskl[k][i]) = 0L;
-			*(fr = &fp_maskr[k][i]) = 0L;
-			for (j = 0; j < 8; j++) {
-				inbit = 8 * k + j;
-				if (i & bits8[j]) {
-					if ((obit = init_perm[inbit]) < 32)
-						*il |= bits32[obit];
-					else
-						*ir |= bits32[obit-32];
-					if ((obit = final_perm[inbit]) < 32)
-						*fl |= bits32[obit];
-					else
-						*fr |= bits32[obit - 32];
-				}
-			}
-		}
-		for (i = 0; i < 128; i++) {
-			*(il = &key_perm_maskl[k][i]) = 0L;
-			*(ir = &key_perm_maskr[k][i]) = 0L;
-			for (j = 0; j < 7; j++) {
-				inbit = 8 * k + j;
-				if (i & bits8[j + 1]) {
-					if ((obit = inv_key_perm[inbit]) == 255)
-						continue;
-					if (obit < 28)
-						*il |= bits28[obit];
-					else
-						*ir |= bits28[obit - 28];
-				}
-			}
-			*(il = &comp_maskl[k][i]) = 0L;
-			*(ir = &comp_maskr[k][i]) = 0L;
-			for (j = 0; j < 7; j++) {
-				inbit = 7 * k + j;
-				if (i & bits8[j + 1]) {
-					if ((obit=inv_comp_perm[inbit]) == 255)
-						continue;
-					if (obit < 24)
-						*il |= bits24[obit];
-					else
-						*ir |= bits24[obit - 24];
-				}
-			}
-		}
-	}
-
-	/*
-	 * Invert the P-box permutation, and convert into OR-masks for
-	 * handling the output of the S-box arrays setup above.
-	 */
-	for (i = 0; i < 32; i++)
-		un_pbox[pbox[i] - 1] = i;
-
-	for (b = 0; b < 4; b++)
-		for (i = 0; i < 256; i++) {
-			*(p = &psbox[b][i]) = 0L;
-			for (j = 0; j < 8; j++) {
-				if (i & bits8[j])
-					*p |= bits32[un_pbox[8 * b + j]];
-			}
-		}
-
-	des_initialised = 1;
-}
-
-static void
-setup_salt(long salt)
-{
-	u_long	obit, saltbit;
-	int	i;
-
-	if (salt == old_salt)
-		return;
-	old_salt = salt;
-
-	saltbits = 0L;
-	saltbit = 1;
-	obit = 0x800000;
-	for (i = 0; i < 24; i++) {
-		if (salt & saltbit)
-			saltbits |= obit;
-		saltbit <<= 1;
-		obit >>= 1;
-	}
-}
-
-static int
-des_setkey(const char *key)
-{
-	u_long	k0, k1, rawkey0, rawkey1;
-	int	shifts, round;
-
-	if (!des_initialised)
-		des_init();
-
-	rawkey0 = ntohl(*(u_long *) key);
-	rawkey1 = ntohl(*(u_long *) (key + 4));
-
-	if ((rawkey0 | rawkey1)
-	    && rawkey0 == old_rawkey0
-	    && rawkey1 == old_rawkey1) {
-		/*
-		 * Already setup for this key.
-		 * This optimisation fails on a zero key (which is weak and
-		 * has bad parity anyway) in order to simplify the starting
-		 * conditions.
-		 */
-		return(0);
-	}
-	old_rawkey0 = rawkey0;
-	old_rawkey1 = rawkey1;
-
-	/*
-	 *	Do key permutation and split into two 28-bit subkeys.
-	 */
-	k0 = key_perm_maskl[0][rawkey0 >> 25]
-	   | key_perm_maskl[1][(rawkey0 >> 17) & 0x7f]
-	   | key_perm_maskl[2][(rawkey0 >> 9) & 0x7f]
-	   | key_perm_maskl[3][(rawkey0 >> 1) & 0x7f]
-	   | key_perm_maskl[4][rawkey1 >> 25]
-	   | key_perm_maskl[5][(rawkey1 >> 17) & 0x7f]
-	   | key_perm_maskl[6][(rawkey1 >> 9) & 0x7f]
-	   | key_perm_maskl[7][(rawkey1 >> 1) & 0x7f];
-	k1 = key_perm_maskr[0][rawkey0 >> 25]
-	   | key_perm_maskr[1][(rawkey0 >> 17) & 0x7f]
-	   | key_perm_maskr[2][(rawkey0 >> 9) & 0x7f]
-	   | key_perm_maskr[3][(rawkey0 >> 1) & 0x7f]
-	   | key_perm_maskr[4][rawkey1 >> 25]
-	   | key_perm_maskr[5][(rawkey1 >> 17) & 0x7f]
-	   | key_perm_maskr[6][(rawkey1 >> 9) & 0x7f]
-	   | key_perm_maskr[7][(rawkey1 >> 1) & 0x7f];
-	/*
-	 *	Rotate subkeys and do compression permutation.
-	 */
-	shifts = 0;
-	for (round = 0; round < 16; round++) {
-		u_long	t0, t1;
-
-		shifts += key_shifts[round];
-
-		t0 = (k0 << shifts) | (k0 >> (28 - shifts));
-		t1 = (k1 << shifts) | (k1 >> (28 - shifts));
-
-		de_keysl[15 - round] =
-		en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f]
-				| comp_maskl[1][(t0 >> 14) & 0x7f]
-				| comp_maskl[2][(t0 >> 7) & 0x7f]
-				| comp_maskl[3][t0 & 0x7f]
-				| comp_maskl[4][(t1 >> 21) & 0x7f]
-				| comp_maskl[5][(t1 >> 14) & 0x7f]
-				| comp_maskl[6][(t1 >> 7) & 0x7f]
-				| comp_maskl[7][t1 & 0x7f];
-
-		de_keysr[15 - round] =
-		en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f]
-				| comp_maskr[1][(t0 >> 14) & 0x7f]
-				| comp_maskr[2][(t0 >> 7) & 0x7f]
-				| comp_maskr[3][t0 & 0x7f]
-				| comp_maskr[4][(t1 >> 21) & 0x7f]
-				| comp_maskr[5][(t1 >> 14) & 0x7f]
-				| comp_maskr[6][(t1 >> 7) & 0x7f]
-				| comp_maskr[7][t1 & 0x7f];
-	}
-	return(0);
-}
-
-static int
-do_des(	u_long l_in, u_long r_in, u_long *l_out, u_long *r_out, int count)
-{
-	/*
-	 *	l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format.
-	 */
-	u_long	l, r, *kl, *kr, *kl1, *kr1;
-	u_long	f, r48l, r48r;
-	int	round;
-
-	if (count == 0) {
-		return(1);
-	} else if (count > 0) {
-		/*
-		 * Encrypting
-		 */
-		kl1 = en_keysl;
-		kr1 = en_keysr;
-	} else {
-		/*
-		 * Decrypting
-		 */
-		count = -count;
-		kl1 = de_keysl;
-		kr1 = de_keysr;
-	}
-
-	/*
-	 *	Do initial permutation (IP).
-	 */
-	l = ip_maskl[0][l_in >> 24]
-	  | ip_maskl[1][(l_in >> 16) & 0xff]
-	  | ip_maskl[2][(l_in >> 8) & 0xff]
-	  | ip_maskl[3][l_in & 0xff]
-	  | ip_maskl[4][r_in >> 24]
-	  | ip_maskl[5][(r_in >> 16) & 0xff]
-	  | ip_maskl[6][(r_in >> 8) & 0xff]
-	  | ip_maskl[7][r_in & 0xff];
-	r = ip_maskr[0][l_in >> 24]
-	  | ip_maskr[1][(l_in >> 16) & 0xff]
-	  | ip_maskr[2][(l_in >> 8) & 0xff]
-	  | ip_maskr[3][l_in & 0xff]
-	  | ip_maskr[4][r_in >> 24]
-	  | ip_maskr[5][(r_in >> 16) & 0xff]
-	  | ip_maskr[6][(r_in >> 8) & 0xff]
-	  | ip_maskr[7][r_in & 0xff];
-
-	while (count--) {
-		/*
-		 * Do each round.
-		 */
-		kl = kl1;
-		kr = kr1;
-		round = 16;
-		while (round--) {
-			/*
-			 * Expand R to 48 bits (simulate the E-box).
-			 */
-			r48l	= ((r & 0x00000001) << 23)
-				| ((r & 0xf8000000) >> 9)
-				| ((r & 0x1f800000) >> 11)
-				| ((r & 0x01f80000) >> 13)
-				| ((r & 0x001f8000) >> 15);
-
-			r48r	= ((r & 0x0001f800) << 7)
-				| ((r & 0x00001f80) << 5)
-				| ((r & 0x000001f8) << 3)
-				| ((r & 0x0000001f) << 1)
-				| ((r & 0x80000000) >> 31);
-			/*
-			 * Do salting for crypt() and friends, and
-			 * XOR with the permuted key.
-			 */
-			f = (r48l ^ r48r) & saltbits;
-			r48l ^= f ^ *kl++;
-			r48r ^= f ^ *kr++;
-			/*
-			 * Do sbox lookups (which shrink it back to 32 bits)
-			 * and do the pbox permutation at the same time.
-			 */
-			f = psbox[0][m_sbox[0][r48l >> 12]]
-			  | psbox[1][m_sbox[1][r48l & 0xfff]]
-			  | psbox[2][m_sbox[2][r48r >> 12]]
-			  | psbox[3][m_sbox[3][r48r & 0xfff]];
-			/*
-			 * Now that we've permuted things, complete f().
-			 */
-			f ^= l;
-			l = r;
-			r = f;
-		}
-		r = l;
-		l = f;
-	}
-	/*
-	 * Do final permutation (inverse of IP).
-	 */
-	*l_out	= fp_maskl[0][l >> 24]
-		| fp_maskl[1][(l >> 16) & 0xff]
-		| fp_maskl[2][(l >> 8) & 0xff]
-		| fp_maskl[3][l & 0xff]
-		| fp_maskl[4][r >> 24]
-		| fp_maskl[5][(r >> 16) & 0xff]
-		| fp_maskl[6][(r >> 8) & 0xff]
-		| fp_maskl[7][r & 0xff];
-	*r_out	= fp_maskr[0][l >> 24]
-		| fp_maskr[1][(l >> 16) & 0xff]
-		| fp_maskr[2][(l >> 8) & 0xff]
-		| fp_maskr[3][l & 0xff]
-		| fp_maskr[4][r >> 24]
-		| fp_maskr[5][(r >> 16) & 0xff]
-		| fp_maskr[6][(r >> 8) & 0xff]
-		| fp_maskr[7][r & 0xff];
-	return(0);
-}
-
-static int
-des_cipher(const char *in, char *out, long salt, int count)
-{
-	u_long	l_out, r_out, rawl, rawr;
-	int	retval;
-
-	if (!des_initialised)
-		des_init();
-
-	setup_salt(salt);
-
-	rawl = ntohl(*((u_long *) in)++);
-	rawr = ntohl(*((u_long *) in));
-
-	retval = do_des(rawl, rawr, &l_out, &r_out, count);
-
-	*((u_long *) out)++ = htonl(l_out);
-	*((u_long *) out) = htonl(r_out);
-	return(retval);
-}
-
-char *
-crypt(char *key, char *setting)
-{
-	int		i;
-	u_long		count, salt, l, r0, r1, keybuf[2];
-	u_char		*p, *q;
-	static u_char	output[21];
-
-	if (!strncmp(setting, "$1$", 3))
-		return crypt_md5(key, setting);
-
-	if (!des_initialised)
-		des_init();
-
-
-	/*
-	 * Copy the key, shifting each character up by one bit
-	 * and padding with zeros.
-	 */
-	q = (u_char *) keybuf;
-	while (q - (u_char *) keybuf - 8) {
-		if ((*q++ = *key << 1))
-			key++;
-	}
-	if (des_setkey((u_char *) keybuf))
-		return(NULL);
-
-	if (*setting == _PASSWORD_EFMT1) {
-		/*
-		 * "new"-style:
-		 *	setting - underscore, 4 bytes of count, 4 bytes of salt
-		 *	key - unlimited characters
-		 */
-		for (i = 1, count = 0L; i < 5; i++)
-			count |= ascii_to_bin(setting[i]) << (i - 1) * 6;
-
-		for (i = 5, salt = 0L; i < 9; i++)
-			salt |= ascii_to_bin(setting[i]) << (i - 5) * 6;
-
-		while (*key) {
-			/*
-			 * Encrypt the key with itself.
-			 */
-			if (des_cipher((u_char*)keybuf, (u_char*)keybuf, 0L, 1))
-				return(NULL);
-			/*
-			 * And XOR with the next 8 characters of the key.
-			 */
-			q = (u_char *) keybuf;
-			while (q - (u_char *) keybuf - 8 && *key)
-				*q++ ^= *key++ << 1;
-
-			if (des_setkey((u_char *) keybuf))
-				return(NULL);
-		}
-		strncpy(output, setting, 9);
-
-		/*
-		 * Double check that we weren't given a short setting.
-		 * If we were, the above code will probably have created
-		 * wierd values for count and salt, but we don't really care.
-		 * Just make sure the output string doesn't have an extra
-		 * NUL in it.
-		 */
-		output[9] = '\0';
-		p = output + strlen(output);
-	} else {
-		/*
-		 * "old"-style:
-		 *	setting - 2 bytes of salt
-		 *	key - up to 8 characters
-		 */
-		count = 25;
-
-		salt = (ascii_to_bin(setting[1]) << 6)
-		     |  ascii_to_bin(setting[0]);
-
-		output[0] = setting[0];
-		/*
-		 * If the encrypted password that the salt was extracted from
-		 * is only 1 character long, the salt will be corrupted.  We
-		 * need to ensure that the output string doesn't have an extra
-		 * NUL in it!
-		 */
-		output[1] = setting[1] ? setting[1] : output[0];
-
-		p = output + 2;
-	}
-	setup_salt(salt);
-	/*
-	 * Do it.
-	 */
-	if (do_des(0L, 0L, &r0, &r1, count))
-		return(NULL);
-	/*
-	 * Now encode the result...
-	 */
-	l = (r0 >> 8);
-	*p++ = ascii64[(l >> 18) & 0x3f];
-	*p++ = ascii64[(l >> 12) & 0x3f];
-	*p++ = ascii64[(l >> 6) & 0x3f];
-	*p++ = ascii64[l & 0x3f];
-
-	l = (r0 << 16) | ((r1 >> 16) & 0xffff);
-	*p++ = ascii64[(l >> 18) & 0x3f];
-	*p++ = ascii64[(l >> 12) & 0x3f];
-	*p++ = ascii64[(l >> 6) & 0x3f];
-	*p++ = ascii64[l & 0x3f];
-
-	l = r1 << 2;
-	*p++ = ascii64[(l >> 12) & 0x3f];
-	*p++ = ascii64[(l >> 6) & 0x3f];
-	*p++ = ascii64[l & 0x3f];
-	*p = 0;
-
-	return(output);
-}
diff --git a/secure/lib/libcrypt/test/Makefile b/secure/lib/libcrypt/test/Makefile
deleted file mode 100644
index b65b09fa5093..000000000000
--- a/secure/lib/libcrypt/test/Makefile
+++ /dev/null
@@ -1,48 +0,0 @@
-#
-#	Hacked Makefile to compile and run the DES-certification program,
-#	but not install anything.
-#
-# $Id: Makefile,v 1.3 1994/08/12 21:55:04 csgr Exp $
-#
-.if exists (../obj)
-OBJDIR = obj
-.else
-OBJDIR =
-.endif
-
-LIBCRYPT= $(.CURDIR)/../$(OBJDIR)/libdescrypt.a
-
-#CFLAGS+= -DHAVE_CRYPT16
-
-TARGETS=cert speedcrypt
-
-all: ${TARGETS}
-
-test: all testcrypt testspeed
-
-testcrypt: cert
-	@./cert -c
-
-testspeed: cryptspeed
-
-cryptspeed: speedcrypt
-	@./speedcrypt 30 1
-	@./speedcrypt 30 1
-	@./speedcrypt 30 0
-	@./speedcrypt 30 0
-
-cert: cert.c ${LIBCRYPT}
-	$(CC) $(CFLAGS) -o cert ${.CURDIR}/cert.c ${LIBCRYPT}
-
-speedcrypt: speedcrypt.c ${LIBCRYPT}
-	$(CC) $(CFLAGS) -o speedcrypt ${.CURDIR}/speedcrypt.c ${LIBCRYPT}
-
-
-clean:
-	rm -f ${TARGETS}
-
-install:
-
-obj:
-
-.include <bsd.prog.mk>
diff --git a/secure/lib/libcrypt/test/README b/secure/lib/libcrypt/test/README
deleted file mode 100644
index eb6b0bebbc1d..000000000000
--- a/secure/lib/libcrypt/test/README
+++ /dev/null
@@ -1,10 +0,0 @@
-This directory contains test programs to certify DES operation and to
-time the crypt() call (of curiosity value).
-
-Simply type `make test` to run the tests.
-
-The normal `make all` and `make install` that get done during library building
-and installation will build these programs BUT NOT INSTALL THEM.  After all,
-they're only for testing...
-
-- David Burren, January 1994
diff --git a/secure/lib/libcrypt/test/cert.c b/secure/lib/libcrypt/test/cert.c
deleted file mode 100644
index b2e3ae569980..000000000000
--- a/secure/lib/libcrypt/test/cert.c
+++ /dev/null
@@ -1,208 +0,0 @@
-/*
- * This DES validation program shipped with FreeSec is derived from that
- * shipped with UFC-crypt which is apparently derived from one distributed
- * with Phil Karns PD DES package.
- *
- * $Id: cert.c,v 1.2 1994/08/08 17:29:03 csgr Exp $
- */
-
-#include <stdio.h>
-
-int totfails = 0;
-
-char *crypt();
-#ifdef HAVE_CRYPT16
-char *crypt16();
-#endif /* HAVE_CRYPT16 */
-
-
-static struct crypt_test {
-	char	*key, *setting, *answer;
-} crypt_tests[] = {
-	"foob",			"ar",		"arlEKn0OzVJn.",
-	"holyhooplasbatman!",	"_X.......",	"_X.......N89y2Z.e4WU",
-	"holyhooplasbatman!",	"_X...X...",	"_X...X...rSUDQ5Na/QM",
-	"holyhooplasbatman!",	"_XX..X...",	"_XX..X...P8vb9xU4JAk",
-	"holyhooplasbatman!",	"_XX..XX..",	"_XX..XX..JDs5IlGLqT2",
-	"holyhooplasbatman!",	"_XX..XXa.",	"_XX..XXa.bFVsOnCNh8Y",
-	"holyhooplasbatman!",	"_XXa.X...",	"_XXa.X...Ghsb3QKNaps",
-#ifdef TAKES_TOO_LONG_ON_SOME_CRYPTS
-	"holyhooplasbatman!",	"_arararar",	"_ararararNGMzvpNjeCc",
-#endif
-	NULL, NULL, NULL,
-};
-
-
-static struct crypt_test crypt16_tests[] = {
-	"foob",			"ar",		"arxo23jZDD5AYbHbqoy9Dalg",
-	"holyhooplasbatman!",	"ar",		"arU5FRLJ3kxIoedlmyrOelEw",
-	NULL, NULL, NULL
-};
-
-
-void good_bye()
-{
-  if(totfails == 0) {
-    printf(" Passed validation\n");
-    exit(0);
-  } else {
-    printf(" %d failures during validation!!!\n", totfails);
-    exit(1);
-  }
-}
-
-
-void put8(cp)
-char *cp;
-{
-	int i,j,t;
-
-	for(i = 0; i < 8; i++){
-		t = 0;
-		for(j = 0; j < 8; j++)
-			t = t << 1 | *cp++;
-		printf("%02x", t);
-	}
-}
-
-
-void print_bits(bits)
-unsigned char *bits;
-{
-	int	i;
-
-	for (i = 0; i < 8; i++) {
-		printf("%02x", bits[i]);
-	}
-}
-
-
-int parse_line(buff, salt, key, plain, answer)
-char *buff;
-long *salt;
-char *key, *plain, *answer;
-{
-	char *ptr1, *ptr2;
-	int val;
-	int i,j,t;
-
-	/*
-	 * Extract salt
-	 */
-	if (sscanf(buff, "%lu", salt) != 1)
-		return(-1);
-	for (ptr2 = buff; *ptr2 && !isspace(*ptr2); ptr2++)
-		;
-
-	/*
-	 * Extract key
-	 */
-	for (ptr1 = ptr2; *ptr1 && isspace(*ptr1); ptr1++)
-		;
-	for (ptr2 = ptr1; *ptr2 && !isspace(*ptr2); ptr2++)
-		;
-	if (ptr2 - ptr1 != 16)
-		return(-1);
-	for (i = 0; i < 8; i++){
-		if (sscanf(ptr1 + 2*i, "%2x", &t) != 1)
-			return(-2);
-		for (j = 0; j < 8; j++)
-			*key++ = (t & 1 << (7 - j)) != 0;
-	}
-
-	/*
-	 * Extract plain
-	 */
-	for (ptr1 = ptr2; *ptr1 && isspace(*ptr1); ptr1++)
-		;
-	for (ptr2 = ptr1; *ptr2 && !isspace(*ptr2); ptr2++)
-		;
-	if (ptr2 - ptr1 != 16)
-		return(-1);
-	for (i = 0; i < 8; i++){
-		if (sscanf(ptr1 + 2*i, "%2x", &t) != 1)
-			return(-2);
-		for (j = 0; j < 8; j++)
-			*plain++ = (t & 1 << (7 - j)) != 0;
-	}
-
-	/*
-	 * Extract answer
-	 */
-	for (ptr1 = ptr2; *ptr1 && isspace(*ptr1); ptr1++)
-		;
-	for (ptr2 = ptr1; *ptr2 && !isspace(*ptr2); ptr2++)
-		;
-	if (ptr2 - ptr1 != 16)
-		return(-1);
-	for (i = 0; i < 8; i++){
-		if (sscanf(ptr1 + 2*i, "%2x", &t) != 1)
-			return(-2);
-		for (j = 0; j < 8; j++)
-			*answer++ = (t & 1 << (7 - j)) != 0;
-	}
-	return(0);
-}
-
-void bytes_to_bits(bytes, bits)
-char *bytes;
-unsigned char *bits;
-{
-	int	i, j;
-
-	for (i = 0; i < 8; i++) {
-		bits[i] = 0;
-		for (j = 0; j < 8; j++) {
-			bits[i] |= (bytes[i*8+j] & 1) << (7 - j);
-		}
-	}
-}
-
-
-
-/*
- *	Test the old-style crypt(), the new-style crypt(), and crypt16().
- */
-void test_crypt()
-{
-	char	*result;
-	struct crypt_test	*p;
-
-	printf("Testing crypt() family\n");
-
-	for (p = crypt_tests; p->key; p++) {
-		printf(" crypt(\"%s\", \"%s\"), \"%s\" expected",
-			p->key, p->setting, p->answer);
-		fflush(stdout);
-		result = crypt(p->key, p->setting);
-		if(!strcmp(result, p->answer)) {
-			printf(", OK\n");
-		} else {
-			printf("\n  failed (\"%s\")\n", result);
-			totfails++;
-		}
-	}
-
-#ifdef HAVE_CRYPT16
-	for (p = crypt16_tests; p->key; p++) {
-		printf(" crypt16(\"%s\", \"%s\"), \"%s\" expected",
-			p->key, p->setting, p->answer);
-		fflush(stdout);
-		result = crypt16(p->key, p->setting);
-		if(!strcmp(result, p->answer)) {
-			printf(", OK\n");
-		} else {
-			printf("\n  failed (\"%s\")\n", result);
-			totfails++;
-		}
-	}
-#endif /* HAVE_CRYPT16 */
-}
-
-main(argc, argv)
-int argc;
-char *argv[];
-{
-	test_crypt();
-	good_bye();
-}
diff --git a/secure/lib/libcrypt/test/cert.input b/secure/lib/libcrypt/test/cert.input
deleted file mode 100644
index d0fa7a5caf43..000000000000
--- a/secure/lib/libcrypt/test/cert.input
+++ /dev/null
@@ -1,179 +0,0 @@
-# $Id: cert.input,v 1.1.1.1 1994/04/04 14:57:19 g89r4222 Exp $
-#
-# Salt, key, plaintext, ciphertext
-#
-0 0101010101010101 95f8a5e5dd31d900 8000000000000000
-0 0101010101010101 dd7f121ca5015619 4000000000000000
-0 0101010101010101 2e8653104f3834ea 2000000000000000
-0 0101010101010101 4bd388ff6cd81d4f 1000000000000000
-0 0101010101010101 20b9e767b2fb1456 0800000000000000
-0 0101010101010101 55579380d77138ef 0400000000000000
-0 0101010101010101 6cc5defaaf04512f 0200000000000000
-0 0101010101010101 0d9f279ba5d87260 0100000000000000
-0 0101010101010101 d9031b0271bd5a0a 0080000000000000
-0 0101010101010101 424250b37c3dd951 0040000000000000
-0 0101010101010101 b8061b7ecd9a21e5 0020000000000000
-0 0101010101010101 f15d0f286b65bd28 0010000000000000
-0 0101010101010101 add0cc8d6e5deba1 0008000000000000
-0 0101010101010101 e6d5f82752ad63d1 0004000000000000
-0 0101010101010101 ecbfe3bd3f591a5e 0002000000000000
-0 0101010101010101 f356834379d165cd 0001000000000000
-0 0101010101010101 2b9f982f20037fa9 0000800000000000
-0 0101010101010101 889de068a16f0be6 0000400000000000
-0 0101010101010101 e19e275d846a1298 0000200000000000
-0 0101010101010101 329a8ed523d71aec 0000100000000000
-0 0101010101010101 e7fce22557d23c97 0000080000000000
-0 0101010101010101 12a9f5817ff2d65d 0000040000000000
-0 0101010101010101 a484c3ad38dc9c19 0000020000000000
-0 0101010101010101 fbe00a8a1ef8ad72 0000010000000000
-0 0101010101010101 750d079407521363 0000008000000000
-0 0101010101010101 64feed9c724c2faf 0000004000000000
-0 0101010101010101 f02b263b328e2b60 0000002000000000
-0 0101010101010101 9d64555a9a10b852 0000001000000000
-0 0101010101010101 d106ff0bed5255d7 0000000800000000
-0 0101010101010101 e1652c6b138c64a5 0000000400000000
-0 0101010101010101 e428581186ec8f46 0000000200000000
-0 0101010101010101 aeb5f5ede22d1a36 0000000100000000
-0 0101010101010101 e943d7568aec0c5c 0000000080000000
-0 0101010101010101 df98c8276f54b04b 0000000040000000
-0 0101010101010101 b160e4680f6c696f 0000000020000000
-0 0101010101010101 fa0752b07d9c4ab8 0000000010000000
-0 0101010101010101 ca3a2b036dbc8502 0000000008000000
-0 0101010101010101 5e0905517bb59bcf 0000000004000000
-0 0101010101010101 814eeb3b91d90726 0000000002000000
-0 0101010101010101 4d49db1532919c9f 0000000001000000
-0 0101010101010101 25eb5fc3f8cf0621 0000000000800000
-0 0101010101010101 ab6a20c0620d1c6f 0000000000400000
-0 0101010101010101 79e90dbc98f92cca 0000000000200000
-0 0101010101010101 866ecedd8072bb0e 0000000000100000
-0 0101010101010101 8b54536f2f3e64a8 0000000000080000
-0 0101010101010101 ea51d3975595b86b 0000000000040000
-0 0101010101010101 caffc6ac4542de31 0000000000020000
-0 0101010101010101 8dd45a2ddf90796c 0000000000010000
-0 0101010101010101 1029d55e880ec2d0 0000000000008000
-0 0101010101010101 5d86cb23639dbea9 0000000000004000
-0 0101010101010101 1d1ca853ae7c0c5f 0000000000002000
-0 0101010101010101 ce332329248f3228 0000000000001000
-0 0101010101010101 8405d1abe24fb942 0000000000000800
-0 0101010101010101 e643d78090ca4207 0000000000000400
-0 0101010101010101 48221b9937748a23 0000000000000200
-0 0101010101010101 dd7c0bbd61fafd54 0000000000000100
-0 0101010101010101 2fbc291a570db5c4 0000000000000080
-0 0101010101010101 e07c30d7e4e26e12 0000000000000040
-0 0101010101010101 0953e2258e8e90a1 0000000000000020
-0 0101010101010101 5b711bc4ceebf2ee 0000000000000010
-0 0101010101010101 cc083f1e6d9e85f6 0000000000000008
-0 0101010101010101 d2fd8867d50d2dfe 0000000000000004
-0 0101010101010101 06e7ea22ce92708f 0000000000000002
-0 0101010101010101 166b40b44aba4bd6 0000000000000001
-0 8001010101010101 0000000000000000 95a8d72813daa94d
-0 4001010101010101 0000000000000000 0eec1487dd8c26d5
-0 2001010101010101 0000000000000000 7ad16ffb79c45926
-0 1001010101010101 0000000000000000 d3746294ca6a6cf3
-0 0801010101010101 0000000000000000 809f5f873c1fd761
-0 0401010101010101 0000000000000000 c02faffec989d1fc
-0 0201010101010101 0000000000000000 4615aa1d33e72f10
-0 0180010101010101 0000000000000000 2055123350c00858
-0 0140010101010101 0000000000000000 df3b99d6577397c8
-0 0120010101010101 0000000000000000 31fe17369b5288c9
-0 0110010101010101 0000000000000000 dfdd3cc64dae1642
-0 0108010101010101 0000000000000000 178c83ce2b399d94
-0 0104010101010101 0000000000000000 50f636324a9b7f80
-0 0102010101010101 0000000000000000 a8468ee3bc18f06d
-0 0101800101010101 0000000000000000 a2dc9e92fd3cde92
-0 0101400101010101 0000000000000000 cac09f797d031287
-0 0101200101010101 0000000000000000 90ba680b22aeb525
-0 0101100101010101 0000000000000000 ce7a24f350e280b6
-0 0101080101010101 0000000000000000 882bff0aa01a0b87
-0 0101040101010101 0000000000000000 25610288924511c2
-0 0101020101010101 0000000000000000 c71516c29c75d170
-0 0101018001010101 0000000000000000 5199c29a52c9f059
-0 0101014001010101 0000000000000000 c22f0a294a71f29f
-0 0101012001010101 0000000000000000 ee371483714c02ea
-0 0101011001010101 0000000000000000 a81fbd448f9e522f
-0 0101010801010101 0000000000000000 4f644c92e192dfed
-0 0101010401010101 0000000000000000 1afa9a66a6df92ae
-0 0101010201010101 0000000000000000 b3c1cc715cb879d8
-0 0101010180010101 0000000000000000 19d032e64ab0bd8b
-0 0101010140010101 0000000000000000 3cfaa7a7dc8720dc
-0 0101010120010101 0000000000000000 b7265f7f447ac6f3
-0 0101010110010101 0000000000000000 9db73b3c0d163f54
-0 0101010108010101 0000000000000000 8181b65babf4a975
-0 0101010104010101 0000000000000000 93c9b64042eaa240
-0 0101010102010101 0000000000000000 5570530829705592
-0 0101010101800101 0000000000000000 8638809e878787a0
-0 0101010101400101 0000000000000000 41b9a79af79ac208
-0 0101010101200101 0000000000000000 7a9be42f2009a892
-0 0101010101100101 0000000000000000 29038d56ba6d2745
-0 0101010101080101 0000000000000000 5495c6abf1e5df51
-0 0101010101040101 0000000000000000 ae13dbd561488933
-0 0101010101020101 0000000000000000 024d1ffa8904e389
-0 0101010101018001 0000000000000000 d1399712f99bf02e
-0 0101010101014001 0000000000000000 14c1d7c1cffec79e
-0 0101010101012001 0000000000000000 1de5279dae3bed6f
-0 0101010101011001 0000000000000000 e941a33f85501303
-0 0101010101010801 0000000000000000 da99dbbc9a03f379
-0 0101010101010401 0000000000000000 b7fc92f91d8e92e9
-0 0101010101010201 0000000000000000 ae8e5caa3ca04e85
-0 0101010101010180 0000000000000000 9cc62df43b6eed74
-0 0101010101010140 0000000000000000 d863dbb5c59a91a0
-0 0101010101010120 0000000000000000 a1ab2190545b91d7
-0 0101010101010110 0000000000000000 0875041e64c570f7
-0 0101010101010108 0000000000000000 5a594528bebef1cc
-0 0101010101010104 0000000000000000 fcdb3291de21f0c0
-0 0101010101010102 0000000000000000 869efd7f9f265a09
-0 1046913489980131 0000000000000000 88d55e54f54c97b4
-0 1007103489988020 0000000000000000 0c0cc00c83ea48fd
-0 10071034c8980120 0000000000000000 83bc8ef3a6570183
-0 1046103489988020 0000000000000000 df725dcad94ea2e9
-0 1086911519190101 0000000000000000 e652b53b550be8b0
-0 1086911519580101 0000000000000000 af527120c485cbb0
-0 5107b01519580101 0000000000000000 0f04ce393db926d5
-0 1007b01519190101 0000000000000000 c9f00ffc74079067
-0 3107915498080101 0000000000000000 7cfd82a593252b4e
-0 3107919498080101 0000000000000000 cb49a2f9e91363e3
-0 10079115b9080140 0000000000000000 00b588be70d23f56
-0 3107911598080140 0000000000000000 406a9a6ab43399ae
-0 1007d01589980101 0000000000000000 6cb773611dca9ada
-0 9107911589980101 0000000000000000 67fd21c17dbb5d70
-0 9107d01589190101 0000000000000000 9592cb4110430787
-0 1007d01598980120 0000000000000000 a6b7ff68a318ddd3
-0 1007940498190101 0000000000000000 4d102196c914ca16
-0 0107910491190401 0000000000000000 2dfa9f4573594965
-0 0107910491190101 0000000000000000 b46604816c0e0774
-0 0107940491190401 0000000000000000 6e7e6221a4f34e87
-0 19079210981a0101 0000000000000000 aa85e74643233199
-0 1007911998190801 0000000000000000 2e5a19db4d1962d6
-0 10079119981a0801 0000000000000000 23a866a809d30894
-0 1007921098190101 0000000000000000 d812d961f017d320
-0 100791159819010b 0000000000000000 055605816e58608f
-0 1004801598190101 0000000000000000 abd88e8b1b7716f1
-0 1004801598190102 0000000000000000 537ac95be69da1e1
-0 1004801598190108 0000000000000000 aed0f6ae3c25cdd8
-0 1002911598100104 0000000000000000 b3e35a5ee53e7b8d
-0 1002911598190104 0000000000000000 61c79c71921a2ef8
-0 1002911598100201 0000000000000000 e2f5728f0995013c
-0 1002911698100101 0000000000000000 1aeac39a61f0a464
-0 7ca110454a1a6e57 01a1d6d039776742 690f5b0d9a26939b
-0 0131d9619dc1376e 5cd54ca83def57da 7a389d10354bd271
-0 07a1133e4a0b2686 0248d43806f67172 868ebb51cab4599a
-0 3849674c2602319e 51454b582ddf440a 7178876e01f19b2a
-0 04b915ba43feb5b6 42fd443059577fa2 af37fb421f8c4095
-0 0113b970fd34f2ce 059b5e0851cf143a 86a560f10ec6d85b
-0 0170f175468fb5e6 0756d8e0774761d2 0cd3da020021dc09
-0 43297fad38e373fe 762514b829bf486a ea676b2cb7db2b7a
-0 07a7137045da2a16 3bdd119049372802 dfd64a815caf1a0f
-0 04689104c2fd3b2f 26955f6835af609a 5c513c9c4886c088
-0 37d06bb516cb7546 164d5e404f275232 0a2aeeae3ff4ab77
-0 1f08260d1ac2465e 6b056e18759f5cca ef1bf03e5dfa575a
-0 584023641aba6176 004bd6ef09176062 88bf0db6d70dee56
-0 025816164629b007 480d39006ee762f2 a1f9915541020b56
-0 49793ebc79b3258f 437540c8698f3cfa 6fbf1cafcffd0556
-0 4fb05e1515ab73a7 072d43a077075292 2f22e49bab7ca1ac
-0 49e95d6d4ca229bf 02fe55778117f12a 5a6b612cc26cce4a
-0 018310dc409b26d6 1d9d5c5018f728c2 5f4c038ed12b2e41
-0 1c587f1c13924fef 305532286d6f295a 63fac0d034d9f793
-1 1c587f1c13924fef 305532286d6f295a 400d307ca24fee60
-57 1c587f1c13924fef 305532286d6f295a 28b568f40e7d43ae
-1 8001010101010101 0000000000000000 f501029f268e45dc
-0 1c587f1c13924fef 305532286d6f295a 63fac0d034d9f793
diff --git a/secure/lib/libcrypt/test/speedcrypt.c b/secure/lib/libcrypt/test/speedcrypt.c
deleted file mode 100644
index f7507fd789f0..000000000000
--- a/secure/lib/libcrypt/test/speedcrypt.c
+++ /dev/null
@@ -1,76 +0,0 @@
-#include <sys/types.h>
-#include <sys/time.h>
-#include <sys/resource.h>
-#include <signal.h>
-#include <stdio.h>
-
-int		keep_going, count, alternate, seconds;
-struct rusage	prior, now;
-
-void
-finish()
-{
-	keep_going = 0;
-}
-
-
-main(int argc, char *argv[])
-{
-	struct itimerval itv;
-	u_long		msecs, key1[8], key2[8];
-	char		*k1, *k2;
-
-	if (argc < 2 || sscanf(argv[1], "%d", &seconds) != 1)
-		seconds = 20;
-
-	if (argc < 3 || sscanf(argv[2], "%d", &alternate) != 1)
-		alternate = 0;
-
-	printf ("Running crypt%s for %d seconds of vtime...\n",
-		alternate ? " with alternate keys" : "", seconds);
-
-	bzero(&itv, sizeof (itv));
-	signal (SIGVTALRM, finish);
-	itv.it_value.tv_sec = seconds;
-	itv.it_value.tv_usec = 0;
-	setitimer(ITIMER_VIRTUAL, &itv, NULL);
-
-	keep_going = 1;
-	if (getrusage(0, &prior) < 0) {
-		perror("getrusage");
-		exit(1);
-	}
-
-	k1 = (char *) key1;
-	k2 = (char *) key2;
-	strcpy(k1, "fredfredfredfredfred");
-	strcpy(k2, "joejoejoejoejoejoejo");
-
-	if (alternate)
-		for (count = 0; keep_going; count++)
-		{
-#if defined(LONGCRYPT)
-			crypt((count & 1) ? k1 : k2, "_ara.X...");
-#else
-			crypt((count & 1) ? k1 : k2, "eek");
-#endif
-		}
-	else
-		for (count = 0; keep_going; count++)
-		{
-#if defined(LONGCRYPT)
-			crypt(k1, "_ara.X...");
-#else
-			crypt(k1, "eek");
-#endif
-		}
-
-	if (getrusage(0, &now) < 0) {
-		perror("getrusage");
-		exit(1);
-	}
-	msecs = (now.ru_utime.tv_sec - prior.ru_utime.tv_sec) * 1000
-	      + (now.ru_utime.tv_usec - prior.ru_utime.tv_usec) / 1000;
-	printf ("\tDid %d crypt()s per second.\n", 1000 * count / msecs);
-	exit(0);
-}
diff --git a/secure/lib/libdes/COPYRIGHT b/secure/lib/libdes/COPYRIGHT
deleted file mode 100644
index dc789d4fdce9..000000000000
--- a/secure/lib/libdes/COPYRIGHT
+++ /dev/null
@@ -1,50 +0,0 @@
-Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
-All rights reserved.
-
-This package is an DES implementation written by Eric Young (eay@mincom.oz.au).
-The implementation was written so as to conform with MIT's libdes.
-
-This library is free for commercial and non-commercial use as long as
-the following conditions are aheared to.  The following conditions
-apply to all code found in this distribution.
-
-Copyright remains Eric Young's, and as such any Copyright notices in
-the code are not to be removed.
-If this package is used in a product, Eric Young should be given attribution
-as the author of that the SSL library.  This can be in the form of a textual
-message at program startup or in documentation (online or textual) provided
-with the package.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-1. Redistributions of source code must retain the copyright
-   notice, this list of conditions and the following disclaimer.
-2. Redistributions in binary form must reproduce the above copyright
-   notice, this list of conditions and the following disclaimer in the
-   documentation and/or other materials provided with the distribution.
-3. All advertising materials mentioning features or use of this software
-   must display the following acknowledgement:
-   This product includes software developed by Eric Young (eay@mincom.oz.au)
-
-THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGE.
-
-The license and distribution terms for any publically available version or
-derivative of this code cannot be changed.  i.e. this code cannot simply be
-copied and put under another distrubution license
-[including the GNU Public License.]
-
-The reason behind this being stated in this direct manner is past
-experience in code simply being copied and the attribution removed
-from it and then being distributed as part of other packages. This
-implementation was a non-trivial and unpaid effort.
diff --git a/secure/lib/libdes/DES.pm b/secure/lib/libdes/DES.pm
deleted file mode 100644
index 6a175b6ca4b0..000000000000
--- a/secure/lib/libdes/DES.pm
+++ /dev/null
@@ -1,19 +0,0 @@
-package DES;
-
-require Exporter;
-require DynaLoader;
-@ISA = qw(Exporter DynaLoader);
-# Items to export into callers namespace by default
-# (move infrequently used names to @EXPORT_OK below)
-@EXPORT = qw(
-);
-# Other items we are prepared to export if requested
-@EXPORT_OK = qw(
-crypt
-);
-
-# Preloaded methods go here.  Autoload methods go after __END__, and are
-# processed by the autosplit program.
-bootstrap DES;
-1;
-__END__
diff --git a/secure/lib/libdes/DES.pod b/secure/lib/libdes/DES.pod
deleted file mode 100644
index 8a739e7ca0d0..000000000000
--- a/secure/lib/libdes/DES.pod
+++ /dev/null
@@ -1,16 +0,0 @@
-crypt	<= 	crypt(buf,salt)
-key	<=	set_odd_parity(key)
-int	<=	is_weak_key(key)
-keysched<=	set_key(key)
-key	<=	ecb_encrypt(string8,ks,enc)
-key	<=	ecb3_encrypt(input,ks1,ks2,enc)
-string	<=	cbc_encrypt(input,ks,ivec,enc)			=> ivec 
-string	<=	cbc3_encrypt(input,ks1,ks2,ivec1,ivec2,enc)	=> ivec1&ivec2 
-ck1,ck2	<=	cbc_cksum(input,ks,ivec)			=> ivec
-string	<=	pcbc_encrypt(input,ks,ivec,enc)			=> ivec 
-string	<=	ofb_encrypt(input,numbits,ks,ivec)		=> ivec
-string	<=	cfb_encrypt(input,numbits,ks,ivec,enc)		=> ivec
-key	<=	random_key()
-key	<=	string_to_key(string)
-key1,key2<=	string_to_2keys(string)
-
diff --git a/secure/lib/libdes/DES.xs b/secure/lib/libdes/DES.xs
deleted file mode 100644
index def220b36b1d..000000000000
--- a/secure/lib/libdes/DES.xs
+++ /dev/null
@@ -1,268 +0,0 @@
-#include "EXTERN.h"
-#include "perl.h"
-#include "XSUB.h"
-#include "des.h"
-
-#define deschar	char
-static STRLEN len;
-
-static int
-not_here(s)
-char *s;
-{
-    croak("%s not implemented on this architecture", s);
-    return -1;
-}
-
-MODULE = DES	PACKAGE = DES	PREFIX = des_
-
-char *
-des_crypt(buf,salt)
-	char *	buf
-	char *	salt
-
-void
-des_set_odd_parity(key)
-	des_cblock *	key
-PPCODE:
-	{
-	SV *s;
-
-	s=sv_newmortal();
-	sv_setpvn(s,(char *)key,8);
-	des_set_odd_parity((des_cblock *)SvPV(s,na));
-	PUSHs(s);
-	}
-
-int
-des_is_weak_key(key)
-	des_cblock *	key
-
-des_key_schedule
-des_set_key(key)
-	des_cblock *	key
-CODE:
-	des_set_key(key,RETVAL);
-OUTPUT:
-RETVAL
-
-des_cblock
-des_ecb_encrypt(input,ks,encrypt)
-	des_cblock *	input
-	des_key_schedule *	ks
-	int	encrypt
-CODE:
-	des_ecb_encrypt(input,&RETVAL,*ks,encrypt);
-OUTPUT:
-RETVAL
-
-void
-des_cbc_encrypt(input,ks,ivec,encrypt)
-	char *	input
-	des_key_schedule *	ks
-	des_cblock *	ivec
-	int	encrypt
-PPCODE:
-	{
-	SV *s;
-	STRLEN len,l;
-	char *c;
-
-	l=SvCUR(ST(0));
-	len=((((unsigned long)l)+7)/8)*8;
-	s=sv_newmortal();
-	sv_setpvn(s,"",0);
-	SvGROW(s,len);
-	SvCUR_set(s,len);
-	c=(char *)SvPV(s,na);
-	des_cbc_encrypt((des_cblock *)input,(des_cblock *)c,
-		l,*ks,ivec,encrypt);
-	sv_setpvn(ST(2),(char *)c[len-8],8);
-	PUSHs(s);
-	}
-
-void
-des_cbc3_encrypt(input,ks1,ks2,ivec1,ivec2,encrypt)
-	char *	input
-	des_key_schedule *	ks1
-	des_key_schedule *	ks2
-	des_cblock *	ivec1
-	des_cblock *	ivec2
-	int	encrypt
-PPCODE:
-	{
-	SV *s;
-	STRLEN len,l;
-
-	l=SvCUR(ST(0));
-	len=((((unsigned long)l)+7)/8)*8;
-	s=sv_newmortal();
-	sv_setpvn(s,"",0);
-	SvGROW(s,len);
-	SvCUR_set(s,len);
-	des_3cbc_encrypt((des_cblock *)input,(des_cblock *)SvPV(s,na),
-		l,*ks1,*ks2,ivec1,ivec2,encrypt);
-	sv_setpvn(ST(3),(char *)ivec1,8);
-	sv_setpvn(ST(4),(char *)ivec2,8);
-	PUSHs(s);
-	}
-
-void
-des_cbc_cksum(input,ks,ivec)
-	char *	input
-	des_key_schedule *	ks
-	des_cblock *	ivec
-PPCODE:
-	{
-	SV *s1,*s2;
-	STRLEN len,l;
-	des_cblock c;
-	unsigned long i1,i2;
-
-	s1=sv_newmortal();
-	s2=sv_newmortal();
-	l=SvCUR(ST(0));
-	des_cbc_cksum((des_cblock *)input,(des_cblock *)c,
-		l,*ks,ivec);
-	i1=c[4]|(c[5]<<8)|(c[6]<<16)|(c[7]<<24);
-	i2=c[0]|(c[1]<<8)|(c[2]<<16)|(c[3]<<24);
-	sv_setiv(s1,i1);
-	sv_setiv(s2,i2);
-	sv_setpvn(ST(2),(char *)c,8);
-	PUSHs(s1);
-	PUSHs(s2);
-	}
-
-void
-des_cfb_encrypt(input,numbits,ks,ivec,encrypt)
-	char *	input
-	int	numbits
-	des_key_schedule *	ks
-	des_cblock *	ivec
-	int	encrypt
-PPCODE:
-	{
-	SV *s;
-	STRLEN len;
-	char *c;
-
-	len=SvCUR(ST(0));
-	s=sv_newmortal();
-	sv_setpvn(s,"",0);
-	SvGROW(s,len);
-	SvCUR_set(s,len);
-	c=(char *)SvPV(s,na);
-	des_cfb_encrypt((unsigned char *)input,(unsigned char *)c,
-		(int)numbits,(long)len,*ks,ivec,encrypt);
-	sv_setpvn(ST(3),(char *)ivec,8);
-	PUSHs(s);
-	}
-
-des_cblock *
-des_ecb3_encrypt(input,ks1,ks2,encrypt)
-	des_cblock *	input
-	des_key_schedule *	ks1
-	des_key_schedule *	ks2
-	int	encrypt
-CODE:
-	{
-	des_cblock c;
-
-	des_3ecb_encrypt((des_cblock *)input,(des_cblock *)&c,
-		*ks1,*ks2,encrypt);
-	RETVAL= &c;
-	}
-OUTPUT:
-RETVAL
-
-void
-des_ofb_encrypt(input,numbits,ks,ivec)
-	unsigned char *	input
-	int	numbits
-	des_key_schedule *	ks
-	des_cblock *	ivec
-PPCODE:
-	{
-	SV *s;
-	STRLEN len,l;
-	unsigned char *c;
-
-	len=SvCUR(ST(0));
-	s=sv_newmortal();
-	sv_setpvn(s,"",0);
-	SvGROW(s,len);
-	SvCUR_set(s,len);
-	c=(unsigned char *)SvPV(s,na);
-	des_ofb_encrypt((unsigned char *)input,(unsigned char *)c,
-		numbits,len,*ks,ivec);
-	sv_setpvn(ST(3),(char *)ivec,8);
-	PUSHs(s);
-	}
-
-void
-des_pcbc_encrypt(input,ks,ivec,encrypt)
-	char *	input
-	des_key_schedule *	ks
-	des_cblock *	ivec
-	int	encrypt
-PPCODE:
-	{
-	SV *s;
-	STRLEN len,l;
-	char *c;
-
-	l=SvCUR(ST(0));
-	len=((((unsigned long)l)+7)/8)*8;
-	s=sv_newmortal();
-	sv_setpvn(s,"",0);
-	SvGROW(s,len);
-	SvCUR_set(s,len);
-	c=(char *)SvPV(s,na);
-	des_pcbc_encrypt((des_cblock *)input,(des_cblock *)c,
-		l,*ks,ivec,encrypt);
-	sv_setpvn(ST(2),(char *)c[len-8],8);
-	PUSHs(s);
-	}
-
-des_cblock *
-des_random_key()
-CODE:
-	{
-	des_cblock c;
-
-	des_random_key(c);
-	RETVAL=&c;
-	}
-OUTPUT:
-RETVAL
-
-des_cblock *
-des_string_to_key(str)
-char *	str
-CODE:
-	{
-	des_cblock c;
-
-	des_string_to_key(str,&c);
-	RETVAL=&c;
-	}
-OUTPUT:
-RETVAL
-
-void
-des_string_to_2keys(str)
-char *	str
-PPCODE:
-	{
-	des_cblock c1,c2;
-	SV *s1,*s2;
-
-	des_string_to_2keys(str,&c1,&c2);
-	EXTEND(sp,2);
-	s1=sv_newmortal();
-	sv_setpvn(s1,(char *)c1,8);
-	s2=sv_newmortal();
-	sv_setpvn(s2,(char *)c2,8);
-	PUSHs(s1);
-	PUSHs(s2);
-	}
diff --git a/secure/lib/libdes/FILES b/secure/lib/libdes/FILES
deleted file mode 100644
index f8b0c8108179..000000000000
--- a/secure/lib/libdes/FILES
+++ /dev/null
@@ -1,96 +0,0 @@
-/* General stuff */
-COPYRIGHT	- Copyright info.
-MODES.DES	- A description of the features of the different modes of DES.
-FILES		- This file.
-INSTALL		- How to make things compile.
-Imakefile	- For use with kerberos.
-README		- What this package is.
-VERSION		- Which version this is and what was changed.
-KERBEROS	- Kerberos version 4 notes.
-Makefile.PL	- An old makefile to build with perl5, not current.
-Makefile.ssl	- The SSLeay makefile
-Makefile.uni	- The normal unix makefile.
-GNUmakefile	- The makefile for use with glibc.
-makefile.bc	- A Borland C makefile
-times		- Some outputs from 'speed' on some machines.
-vms.com		- For use when compiling under VMS
-
-/* My SunOS des(1) replacement */
-des.c		- des(1) source code.
-des.man		- des(1) manual.
-
-/* Testing and timing programs. */
-destest.c	- Source for libdes.a test program.
-speed.c		- Source for libdes.a timing program.
-rpw.c		- Source for libdes.a testing password reading routines.
-
-/* libdes.a source code */
-des_crypt.man	- libdes.a manual page.
-des.h		- Public libdes.a header file.
-ecb_enc.c	- des_ecb_encrypt() source, this contains the basic DES code.
-ecb3_enc.c	- des_ecb3_encrypt() source.
-cbc_ckm.c	- des_cbc_cksum() source.
-cbc_enc.c	- des_cbc_encrypt() source.
-ncbc_enc.c	- des_cbc_encrypt() that is 'normal' in that it copies
-		  the new iv values back in the passed iv vector.
-ede_enc.c	- des_ede3_cbc_encrypt() cbc mode des using triple DES.
-cbc3_enc.c	- des_3cbc_encrypt() source, don't use this function.
-cfb_enc.c	- des_cfb_encrypt() source.
-cfb64enc.c	- des_cfb64_encrypt() cfb in 64 bit mode but setup to be
-		  used as a stream cipher.
-cfb64ede.c	- des_ede3_cfb64_encrypt() cfb in 64 bit mode but setup to be
-		  used as a stream cipher and using triple DES.
-ofb_enc.c	- des_cfb_encrypt() source.
-ofb64_enc.c	- des_ofb_encrypt() ofb in 64 bit mode but setup to be
-		  used as a stream cipher.
-ofb64ede.c	- des_ede3_ofb64_encrypt() ofb in 64 bit mode but setup to be
-		  used as a stream cipher and using triple DES.
-enc_read.c	- des_enc_read() source.
-enc_writ.c	- des_enc_write() source.
-pcbc_enc.c	- des_pcbc_encrypt() source.
-qud_cksm.c	- quad_cksum() source.
-rand_key.c	- des_random_key() source.
-read_pwd.c	- Source for des_read_password() plus related functions.
-set_key.c	- Source for des_set_key().
-str2key.c	- Covert a string of any length into a key.
-fcrypt.c	- A small, fast version of crypt(3).
-des_locl.h	- Internal libdes.a header file.
-podd.h		- Odd parity tables - used in des_set_key().
-sk.h		- Lookup tables used in des_set_key().
-spr.h		- What is left of the S tables - used in ecb_encrypt().
-version.h	- header file for the external definition of the
-		  version string.
-des.doc		- SSLeay documentation for the library.
-
-/* The perl scripts - you can ignore these files they are only
- * included for the curious */
-des.pl		- des in perl anyone? des_set_key and des_ecb_encrypt
-		  both done in a perl library.
-testdes.pl	- Testing program for des.pl
-doIP		- Perl script used to develop IP xor/shift code.
-doPC1		- Perl script used to develop PC1 xor/shift code.
-doPC2		- Generates sk.h.
-PC1		- Output of doPC1 should be the same as output from PC1.
-PC2		- used in development of doPC2.
-shifts.pl	- Perl library used by my perl scripts.
-
-/* I started making a perl5 dynamic library for libdes
- * but did not fully finish, these files are part of that effort. */
-DES.pm
-DES.pod
-DES.xs
-t
-typemap
-
-/* The following are for use with sun RPC implementaions. */
-rpc_des.h
-rpc_enc.c
-
-/* The following are contibuted by Mark Murray <mark@grondar.za>.  They
- * are not normally built into libdes due to machine specific routines
- * contained in them.  They are for use in the most recent incarnation of
- * export kerberos v 4 (eBones). */
-supp.c
-new_rkey.c
-
-
diff --git a/secure/lib/libdes/GNUmakefile b/secure/lib/libdes/GNUmakefile
deleted file mode 100644
index 6372d08ec856..000000000000
--- a/secure/lib/libdes/GNUmakefile
+++ /dev/null
@@ -1,35 +0,0 @@
-# This was GNUmakefile
-# I have changed the library a bit since I was last able to test the
-# build so this may require a little tweaking.
-# have fun.
-
-ifeq ($(wildcard ../Rules),)
-# no glibc
-include Makefile.uni
-else
-# We are part of glibc
-default_cflags:= -O2
-subdir := des
-headers:= des.h rpc_des.h
-
-routines:= $(destest)
-	cbc3_enc cbc_cksm cbc_enc  cfb64enc cfb_enc  \
-	ecb3_enc ecb_enc  ede_enc  enc_read enc_writ \
-	fcrypt   ncbc_enc ofb64enc ofb_enc  pcbc_enc \
-	qud_cksm rand_key read_pwd rpc_enc  set_key  \
-	str2key  cfb64ede ofb64ede supp
-distribute:= ARTISTIC COPYRIGHT FILES INSTALL Imakefile README VERSION \
-	GNUmakefile times vms.com KERBEROS MODES.DES \
-	des.man des_crypt.man \
-	version.h des_locl.h podd.h sk.h spr.h \
-	des.pl testdes.pl doIP doPC1 doPC2 PC1 PC2 shifts.pl \
-	des.doc makefile.bc
-
-tests:= destest speed
-override +gccwarn := -w
-others:= des rpw
-install:= des
-
-include ../Rules
-endif
-
diff --git a/secure/lib/libdes/INSTALL b/secure/lib/libdes/INSTALL
deleted file mode 100644
index c8cc5bebd6e2..000000000000
--- a/secure/lib/libdes/INSTALL
+++ /dev/null
@@ -1,57 +0,0 @@
-Check the CC and CFLAGS lines in the makefile
-
-If your C library does not support the times(3) function, change the
-#define TIMES to
-#undef TIMES in speed.c
-If it does, check the HZ value for the times(3) function.
-If your system does not define CLK_TCK it will be assumed to
-be 100.0.
-
-If possible use gcc v 2.7.?
-Turn on the maximum optimising (normally '-O3 -fomit-frame-pointer' for gcc)
-
-type 'make'
-
-run './destest' to check things are ok.
-run './rpw' to check the tty code for reading passwords works.
-run './speed' to see how fast those optimisations make the library run :-)
-
-A make install will by default install
-libdes.a      in /usr/local/lib/libdes.a
-des           in /usr/local/bin/des
-des_crypt.man in /usr/local/man/man3/des_crypt.3
-des.man       in /usr/local/man/man1/des.1
-des.h         in /usr/include/des.h
-
-des(1) should be compatible with sunOS's but I have been unable to
-test it.
-
-These routines should compile on MSDOS, most 32bit and 64bit version
-of Unix (BSD and SYSV) and VMS, without modification.
-The only problems should be #include files that are in the wrong places.
-
-These routines can be compiled under MSDOS.
-I have successfully encrypted files using des(1) under MSDOS and then
-decrypted the files on a SparcStation.
-I have been able to compile and test the routines with
-Microsoft C v 5.1 and Turbo C v 2.0.
-The code in this library is in no way optimised for the 16bit
-operation of MSDOS.  Microsoft C generates code that is 40% slower
-than Turbo C's code.  I believe this is due to problems it has with
-code generation with the 32bit shift operation in the IP and FP
-sections.  I have added some 16bit optimization in ecb_encrypt.c
-and this generated a %70 speedup under Turbo C.  Such are the
-limitations of DOS compilers :-(.
-
-For Turbo C v 2.0, make sure to define MSDOS, in the relevant menu.
-
-There is an alternative version of the D_ENCRYPT macro that can be
-enabled with the -DDES_USE_PTR option in the makefile.  This alternative
-macro can make a +-%20 speed difference to the DES encryption speed,
-depending on the compiler/CPU combinations.
-It has its greatest effect on Sparc machines when using the sun compiler.
-If in doubt, try enable/disable it and running speed.  It does not
-seem to affect gcc much.
-
-When building for glibc, ignore all of the above and just unpack into
-glibc-1.??/des and then gmake as per normal.
diff --git a/secure/lib/libdes/Imakefile b/secure/lib/libdes/Imakefile
deleted file mode 100644
index c4592f23a167..000000000000
--- a/secure/lib/libdes/Imakefile
+++ /dev/null
@@ -1,35 +0,0 @@
-# This Imakefile has not been tested for a while but it should still
-# work when placed in the correct directory in the kerberos v 4 distribution
-
-SRCS=   cbc_cksm.c cbc_enc.c ecb_enc.c pcbc_enc.c \
-        qud_cksm.c rand_key.c read_pwd.c set_key.c str2key.c \
-        enc_read.c enc_writ.c fcrypt.c cfb_enc.c \
-	3ecb_enc.c ofb_enc.c ofb64enc.c
-
-OBJS=   cbc_cksm.o cbc_enc.o ecb_enc.o pcbc_enc.o \
-	qud_cksm.o rand_key.o read_pwd.o set_key.o str2key.o \
-	enc_read.o enc_writ.o fcrypt.o cfb_enc.o \
-	3ecb_enc.o ofb_enc.o ofb64enc.o
-
-GENERAL=COPYRIGHT FILES INSTALL Imakefile README VERSION makefile times \
-	vms.com KERBEROS
-DES=    des.c des.man
-TESTING=destest.c speed.c rpw.c
-LIBDES= des_crypt.man des.h des_locl.h podd.h sk.h spr.h
-
-PERL=   des.pl testdes.pl doIP doPC1 doPC2 PC1 PC2 shifts.pl
-
-CODE=    $(GENERAL) $(DES) $(TESTING) $(SRCS) $(LIBDES) $(PERL)
-
-SRCDIR=$(SRCTOP)/lib/des
-
-DBG= -O
-INCLUDE= -I$(SRCDIR)
-CC= cc
-
-library_obj_rule()
-
-install_library_target(des,$(OBJS),$(SRCS),)
-
-test(destest,libdes.a,)
-test(rpw,libdes.a,)
diff --git a/secure/lib/libdes/KERBEROS b/secure/lib/libdes/KERBEROS
deleted file mode 100644
index f401b10014ff..000000000000
--- a/secure/lib/libdes/KERBEROS
+++ /dev/null
@@ -1,41 +0,0 @@
- [ This is an old file, I don't know if it is true anymore
-   but I will leave the file here - eay 21/11/95 ]
-
-To use this library with Bones (kerberos without DES):
-1) Get my modified Bones - eBones.  It can be found on
-   gondwana.ecr.mu.oz.au (128.250.1.63) /pub/athena/eBones-p9.tar.Z
-   and
-   nic.funet.fi (128.214.6.100) /pub/unix/security/Kerberos/eBones-p9.tar.Z
-
-2) Unpack this library in src/lib/des, makeing sure it is version
-   3.00 or greater (libdes.tar.93-10-07.Z).  This versions differences
-   from the version in comp.sources.misc volume 29 patchlevel2.
-   The primarily difference is that it should compile under kerberos :-).
-   It can be found at.
-   ftp.psy.uq.oz.au (130.102.32.1) /pub/DES/libdes.tar.93-10-07.Z
-
-Now do a normal kerberos build and things should work.
-
-One problem I found when I was build on my local sun.
----
-For sunOS 4.1.1 apply the following patch to src/util/ss/make_commands.c
-
-*** make_commands.c.orig	Fri Jul  3 04:18:35 1987
---- make_commands.c	Wed May 20 08:47:42 1992
-***************
-*** 98,104 ****
-       if (!rename(o_file, z_file)) {
-  	  if (!vfork()) {
-  	       chdir("/tmp");
-! 	       execl("/bin/ld", "ld", "-o", o_file+5, "-s", "-r", "-n",
-  		     z_file+5, 0);
-  	       perror("/bin/ld");
-  	       _exit(1);
---- 98,104 ----
-       if (!rename(o_file, z_file)) {
-  	  if (!vfork()) {
-  	       chdir("/tmp");
-! 	       execl("/bin/ld", "ld", "-o", o_file+5, "-s", "-r",
-  		     z_file+5, 0);
-  	       perror("/bin/ld");
-  	       _exit(1);
diff --git a/secure/lib/libdes/MODES.DES b/secure/lib/libdes/MODES.DES
deleted file mode 100644
index 18934b56c335..000000000000
--- a/secure/lib/libdes/MODES.DES
+++ /dev/null
@@ -1,84 +0,0 @@
-Modes of DES
-Quite a bit of the following information has been taken from
-	AS 2805.5.2
-	Australian Standard
-	Electronic funds transfer - Requirements for interfaces,
-	Part 5.2: Modes of operation for an n-bit block cipher algorithm
-	Appendix A
-
-There are several different modes in which DES can be used, they are
-as follows.
-
-Electronic Codebook Mode (ECB) (des_ecb_encrypt())
-- 64 bits are enciphered at a time.
-- The order of the blocks can be rearranged without detection.
-- The same plaintext block always produces the same ciphertext block
-  (for the same key) making it vulnerable to a 'dictionary attack'.
-- An error will only affect one ciphertext block.
-
-Cipher Block Chaining Mode (CBC) (des_cbc_encrypt())
-- a multiple of 64 bits are enciphered at a time.
-- The CBC mode produces the same ciphertext whenever the same
-  plaintext is encrypted using the same key and starting variable.
-- The chaining operation makes the ciphertext blocks dependent on the
-  current and all preceding plaintext blocks and therefore blocks can not
-  be rearranged.
-- The use of different starting variables prevents the same plaintext
-  enciphering to the same ciphertext.
-- An error will affect the current and the following ciphertext blocks.
-
-Cipher Feedback Mode (CFB) (des_cfb_encrypt())
-- a number of bits (j) <= 64 are enciphered at a time.
-- The CFB mode produces the same ciphertext whenever the same
-  plaintext is encrypted using the same key and starting variable.
-- The chaining operation makes the ciphertext variables dependent on the
-  current and all preceding variables and therefore j-bit variables are
-  chained together and con not be rearranged.
-- The use of different starting variables prevents the same plaintext
-  enciphering to the same ciphertext.
-- The strength of the CFB mode depends on the size of k (maximal if
-  j == k).  In my implementation this is always the case.
-- Selection of a small value for j will require more cycles through
-  the encipherment algorithm per unit of plaintext and thus cause
-  greater processing overheads.
-- Only multiples of j bits can be enciphered.
-- An error will affect the current and the following ciphertext variables.
-
-Output Feedback Mode (OFB) (des_ofb_encrypt())
-- a number of bits (j) <= 64 are enciphered at a time.
-- The OFB mode produces the same ciphertext whenever the same
-  plaintext enciphered using the same key and starting variable.  More
-  over, in the OFB mode the same key stream is produced when the same
-  key and start variable are used.  Consequently, for security reasons
-  a specific start variable should be used only once for a given key.
-- The absence of chaining makes the OFB more vulnerable to specific attacks.
-- The use of different start variables values prevents the same
-  plaintext enciphering to the same ciphertext, by producing different
-  key streams.
-- Selection of a small value for j will require more cycles through
-  the encipherment algorithm per unit of plaintext and thus cause
-  greater processing overheads.
-- Only multiples of j bits can be enciphered.
-- OFB mode of operation does not extend ciphertext errors in the
-  resultant plaintext output.  Every bit error in the ciphertext causes
-  only one bit to be in error in the deciphered plaintext.
-- OFB mode is not self-synchronising.  If the two operation of
-  encipherment and decipherment get out of synchronism, the system needs
-  to be re-initialised.
-- Each re-initialisation should use a value of the start variable
-different from the start variable values used before with the same
-key.  The reason for this is that an identical bit stream would be
-produced each time from the same parameters.  This would be
-susceptible to a 'known plaintext' attack.
-
-Triple ECB Mode (des_3ecb_encrypt())
-- Encrypt with key1, decrypt with key2 and encrypt with key1 again.
-- As for ECB encryption but increases the effective key length to 112 bits.
-- If both keys are the same it is equivalent to encrypting once with
-  just one key.
-
-Triple CBC Mode (des_3cbc_encrypt())
-- Encrypt with key1, decrypt with key2 and encrypt with key1 again.
-- As for CBC encryption but increases the effective key length to 112 bits.
-- If both keys are the same it is equivalent to encrypting once with
-  just one key.
diff --git a/secure/lib/libdes/Makefile b/secure/lib/libdes/Makefile
deleted file mode 100644
index 006cda220666..000000000000
--- a/secure/lib/libdes/Makefile
+++ /dev/null
@@ -1,43 +0,0 @@
-#	@(#)Makefile	5.4 (Berkeley) 5/7/91
-#	$Id$
-
-LIB=	des
-SRCS=	cbc3_enc.c cbc_cksm.c cbc_enc.c  cfb64enc.c cfb_enc.c  \
-	ecb3_enc.c ecb_enc.c  ede_enc.c  enc_read.c enc_writ.c \
-	ncbc_enc.c new_rkey.c ofb64enc.c ofb_enc.c  pcbc_enc.c \
-	qud_cksm.c rand_key.c read_pwd.c rpc_enc.c  set_key.c  \
-	str2key.c  cfb64ede.c ofb64ede.c supp.c
-HEADER=	des.h
-
-SHLIB_MAJOR=	2
-SHLIB_MINOR=	1
-
-CFLAGS+=	-Wall
-
-MAN3=	des_crypt.3
-MANSRC= .
-CLEANFILES += ${MAN3}
-MANDEPEND = ${MAN3}
-
-MLINKS= des_crypt.3 des_read_password.3 \
-	des_crypt.3 des_read_2password.3 des_crypt.3 des_string_to_key.3 \
-	des_crypt.3 des_string_to_2key.3 des_crypt.3 des_read_pw_string.3 \
-	des_crypt.3 des_random_key.3 des_crypt.3 des_set_key.3 \
-	des_crypt.3 des_key_sched.3 des_crypt.3 des_ecb_encrypt.3 \
-	des_crypt.3 des_3ecb_encrypt.3 des_crypt.3 des_cbc_encrypt.3 \
-	des_crypt.3 des_3cbc_encrypt.3 des_crypt.3 des_pcbc_encrypt.3 \
-	des_crypt.3 des_cfb_encrypt.3 des_crypt.3 des_ofb_encrypt.3 \
-	des_crypt.3 des_cbc_cksum.3 des_crypt.3 des_quad_cksum.3 \
-	des_crypt.3 des_enc_read.3 des_crypt.3 des_enc_write.3 \
-	des_crypt.3 des_set_odd_parity.3 des_crypt.3 des_is_weak_key.3
-
-beforeinstall:
-	-cd ${.CURDIR}; for file in ${HEADER}; do \
-		cmp -s $$file ${DESTDIR}/usr/include/$$file || \
-		install -c -o ${BINOWN} -g ${BINGRP} -m 444 $$file \
-		${DESTDIR}/usr/include; done
-
-.include <bsd.lib.mk>
-
-${MAN3}: des_crypt.man
-	@cp $? $@
diff --git a/secure/lib/libdes/Makefile.PL b/secure/lib/libdes/Makefile.PL
deleted file mode 100644
index 41a7e0fbba10..000000000000
--- a/secure/lib/libdes/Makefile.PL
+++ /dev/null
@@ -1,14 +0,0 @@
-use ExtUtils::MakeMaker;
-# See lib/ExtUtils/MakeMaker.pm for details of how to influence
-# the contents of the Makefile being created.
-&writeMakefile(
-	'potential_libs' => '',   # e.g., '-lm' 
-	'INC' => '',     # e.g., '-I/usr/include/other' 
-	'DISTNAME' => 'DES',
-	'VERSION' => '0.1',
-	'DEFINE' => '-DPERL5',
-	'OBJECT' => 'DES.o cbc_cksm.o cbc_enc.o ecb_enc.o pcbc_enc.o \
-	rand_key.o set_key.o str2key.o \
-	enc_read.o enc_writ.o fcrypt.o cfb_enc.o \
-	ecb3_enc.o ofb_enc.o cbc3_enc.o',
-	);
diff --git a/secure/lib/libdes/Makefile.ssl b/secure/lib/libdes/Makefile.ssl
deleted file mode 100644
index dec44565c466..000000000000
--- a/secure/lib/libdes/Makefile.ssl
+++ /dev/null
@@ -1,89 +0,0 @@
-#
-# SSLeay/crypto/des/Makefile
-#
-
-DIR=	des
-TOP=	../..
-CC=	cc
-INCLUDES=
-CFLAG=-g
-INSTALLTOP=/usr/local/ssl
-MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -fMakefile.ssl
-MAKEFILE=	Makefile.ssl
-
-CFLAGS= $(INCLUDES) $(CFLAG)
-
-GENERAL=Makefile
-TEST=destest.c
-APPS=
-
-LIB=$(TOP)/libcrypto.a
-LIBSRC=	cbc3_enc.c cbc_cksm.c cbc_enc.c  cfb64enc.c cfb_enc.c  \
-	ecb3_enc.c ecb_enc.c  ede_enc.c  enc_read.c enc_writ.c \
-	fcrypt.c   ncbc_enc.c ofb64enc.c ofb_enc.c  pcbc_enc.c \
-	qud_cksm.c rand_key.c read_pwd.c rpc_enc.c  set_key.c  \
-	str2key.c  cfb64ede.c ofb64ede.c supp.c
-
-LIBOBJ=	cbc3_enc.o cbc_cksm.o cbc_enc.o  cfb64enc.o cfb_enc.o  \
-	ecb3_enc.o ecb_enc.o  ede_enc.o  enc_read.o enc_writ.o \
-	fcrypt.o   ncbc_enc.o ofb64enc.o ofb_enc.o  pcbc_enc.o \
-	qud_cksm.o rand_key.o read_pwd.o rpc_enc.o  set_key.o  \
-	str2key.o  cfb64ede.o ofb64ede.o supp.o
-
-SRC= $(LIBSRC)
-
-EXHEADER= des.h
-HEADER=	des_locl.h rpc_des.h podd.h sk.h spr.h version.h $(EXHEADER)
-
-ALL=    $(GENERAL) $(SRC) $(HEADER)
-
-top:
-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
-
-all:	lib
-
-lib:	$(LIBOBJ)
-	ar r $(LIB) $(LIBOBJ)
-	$(TOP)/util/ranlib.sh $(LIB)
-	@touch lib
-
-links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile
-	/bin/rm -f des.doc
-	$(TOP)/util/point.sh ../../doc/des.doc .
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
-
-install: installs
-
-installs:
-	@for i in $(EXHEADER) ; \
-	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ) \
-	done;
-
-tags:
-	ctags $(SRC)
-
-tests:
-
-lint:
-	lint -DLINT $(INCLUDES) $(SRC)>fluff
-
-depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
-
-dclean:
-	sed -e '/^# DO NOT DELETE THIS LINE/ q' $(MAKEFILE) >Makefile.new
-	mv -f Makefile.new $(MAKEFILE)
-
-clean:
-	/bin/rm -f *.o *.obj lib tags core .nfs* *.old *.bak fluff
-
-errors:
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/secure/lib/libdes/Makefile.uni b/secure/lib/libdes/Makefile.uni
deleted file mode 100644
index 972a84505af2..000000000000
--- a/secure/lib/libdes/Makefile.uni
+++ /dev/null
@@ -1,149 +0,0 @@
-# You must select the correct terminal control system to be used to
-# turn character echo off when reading passwords.  There a 5 systems
-# SGTTY   - the old BSD system
-# TERMIO  - most system V boxes
-# TERMIOS - SGI (ala IRIX).
-# VMS     - the DEC operating system
-# MSDOS   - we all know what it is :-)
-# read_pwd.c makes a reasonable guess at what is correct.
-
-OPTS0= -DRAND -DTERMIO #-DNOCONST
-
-# Version 1.94 has changed the strings_to_key function so that it is
-# now compatible with MITs when the string is longer than 8 characters.
-# If you wish to keep the old version, uncomment the following line.
-# This will affect the -E/-D options on des(1).
-#OPTS1= -DOLD_STR_TO_KEY
-
-# This #define specifies the use of an alternative D_ENCRYPT macro in
-# ecb_encrypt.  The choice of macro can make a %20 difference in the
-# speed.  Unfortunatly the choise of the best macro appears to be very
-# dependant on the compiler and the machine in question.
-# For the following combinations use the ALT_ECB option.
-# Sparc 2 (cc -O4), sun 3/260 (cc -O4)
-# For the following combinations do not use the ALT_ECB option.
-# Sparc 2 (gcc2 -O2), sun 3/260 (cc -O2), mvax2 (cc -O), MSDOS (Turbo Cv2)
-# For other machines, experiment with changing the option and run
-# ./speed to see which is faster.
-# DO NOT TURN THIS OPTION ON WHEN COMPILING THIS CODE ON A 64 BIT MACHINE
-#OPTS2= -DDES_USE_PTR
-
-OPTS= $(OPTS0) $(OPTS1) $(OPTS2)
-
-#CC=cc
-#CFLAGS= -O $(OPTS) $(CFLAG)
-
-CC=gcc
-CFLAGS= -O3 -fomit-frame-pointer $(OPTS) $(CFLAG)
-
-LIBDIR=/usr/local/lib
-BINDIR=/usr/local/bin
-INCDIR=/usr/local/include
-MANDIR=/usr/local/man
-MAN1=1
-MAN3=3
-SHELL=/bin/sh
-OBJS=	cbc3_enc.o cbc_cksm.o cbc_enc.o ncbc_enc.o pcbc_enc.o qud_cksm.o \
-	cfb64ede.o cfb64enc.o cfb_enc.o ecb3_enc.o ecb_enc.o  ede_enc.o  \
-	enc_read.o enc_writ.o fcrypt.o  ofb64ede.o ofb64enc.o ofb_enc.o  \
-	rand_key.o read_pwd.o set_key.o rpc_enc.o  str2key.o supp.o
-
-GENERAL=COPYRIGHT FILES INSTALL Imakefile README VERSION Makefile \
-	times vms.com KERBEROS MODES.DES  GNUmakefile des.man \
-	DES.pm DES.pod DES.xs Makefile.PL Makefile.uni typemap t \
-	des_crypt.man Makefile.ssl des.doc makefile.bc
-DES=	des.c
-TESTING=destest.c speed.c rpw.c
-HEADERS=version.h des.h des_locl.h podd.h sk.h spr.h rpc_des.h
-LIBDES= cbc3_enc.c cbc_cksm.c cbc_enc.c ncbc_enc.c pcbc_enc.c qud_cksm.c \
-	cfb64ede.c cfb64enc.c cfb_enc.c ecb3_enc.c ecb_enc.c  ede_enc.c  \
-	enc_read.c enc_writ.c fcrypt.c  ofb64ede.c ofb64enc.c ofb_enc.c  \
-	rand_key.c read_pwd.c set_key.c rpc_enc.c  str2key.c  supp.c
-
-PERL=	des.pl testdes.pl doIP doPC1 doPC2 PC1 PC2 shifts.pl
-
-ALL=	$(GENERAL) $(DES) $(TESTING) $(LIBDES) $(PERL) $(HEADERS)
-
-DLIB=	libdes.a
-
-all: $(DLIB) destest rpw des speed
-
-test:	all
-	./destest
-
-$(DLIB): $(OBJS)
-	/bin/rm -f $(DLIB)
-	ar cr $(DLIB) $(OBJS)
-	-if test -s /bin/ranlib; then /bin/ranlib $(DLIB); \
-	else if test -s /usr/bin/ranlib; then /usr/bin/ranlib $(DLIB); \
-	else exit 0; fi; fi
-
-destest: destest.o libdes.a
-	$(CC) $(CFLAGS) -o destest destest.o libdes.a
-
-rpw: rpw.o libdes.a
-	$(CC) $(CFLAGS) -o rpw rpw.o libdes.a
-
-speed: speed.o libdes.a
-	$(CC) $(CFLAGS) -o speed speed.o libdes.a
-
-des: des.o libdes.a
-	$(CC) $(CFLAGS) -o des des.o libdes.a
-
-tags:
-	ctags $(DES) $(TESTING) $(LIBDES)
-
-tar:
-	tar chf libdes.tar $(ALL)
-
-shar:
-	shar $(ALL) >libdes.shar
-
-depend:
-	makedepend $(LIBDES) $(DES) $(TESTING)
-
-clean:
-	/bin/rm -f *.o tags core rpw destest des speed $(DLIB) .nfs* *.old \
-	*.bak destest rpw des speed
-
-dclean:
-	sed -e '/^# DO NOT DELETE THIS LINE/ q' Makefile >Makefile.new
-	mv -f Makefile.new Makefile
-
-# Eric is probably going to choke when he next looks at this --tjh
-install: $(DLIB) des
-	if test $(INSTALLTOP); then \
-	    echo SSL style install; \
-	    cp $(DLIB) $(INSTALLTOP)/lib; \
-	    if test -s /bin/ranlib; then \
-	        /bin/ranlib $(INSTALLTOP)/lib/$(DLIB); \
-	    else \
-		if test -s /usr/bin/ranlib; then \
-		/usr/bin/ranlib $(INSTALLTOP)/lib/$(DLIB); \
-	    fi; fi; \
-	    chmod 644 $(INSTALLTOP)/lib/$(DLIB); \
-	    cp des.h $(INSTALLTOP)/include; \
-	    chmod 644 $(INSTALLTOP)/include/des.h; \
-	    cp des $(INSTALLTOP)/bin; \
-	    chmod 755 $(INSTALLTOP)/bin/des; \
-	else \
-	    echo Standalone install; \
-	    cp $(DLIB) $(LIBDIR)/$(DLIB); \
-	    if test -s /bin/ranlib; then \
-	      /bin/ranlib $(LIBDIR)/$(DLIB); \
-	    else \
-	      if test -s /usr/bin/ranlib; then \
-		/usr/bin/ranlib $(LIBDIR)/$(DLIB); \
-	      fi; \
-	    fi; \
-	    chmod 644 $(LIBDIR)/$(DLIB); \
-	    cp des $(BINDIR)/des; \
-	    chmod 711 $(BINDIR)/des; \
-	    cp des_crypt.man $(MANDIR)/man$(MAN3)/des_crypt.$(MAN3); \
-	    chmod 644 $(MANDIR)/man$(MAN3)/des_crypt.$(MAN3); \
-	    cp des.man $(MANDIR)/man$(MAN1)/des.$(MAN1); \
-	    chmod 644 $(MANDIR)/man$(MAN1)/des.$(MAN1); \
-	    cp des.h $(INCDIR)/des.h; \
-	    chmod 644 $(INCDIR)/des.h; \
-	fi
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/secure/lib/libdes/PC1 b/secure/lib/libdes/PC1
deleted file mode 100644
index efb8348b72d7..000000000000
--- a/secure/lib/libdes/PC1
+++ /dev/null
@@ -1,28 +0,0 @@
-#!/usr/local/bin/perl
-
-@PC1=(  57,49,41,33,25,17, 9,
-	 1,58,50,42,34,26,18,
-	10, 2,59,51,43,35,27,
-	19,11, 3,60,52,44,36,
-	"-","-","-","-",
-	63,55,47,39,31,23,15,
-	 7,62,54,46,38,30,22,
-	14, 6,61,53,45,37,29,
-	21,13, 5,28,20,12, 4,
-	"-","-","-","-",
-	);
-
-foreach (@PC1)
-	{
-	if ($_ ne "-")
-		{
-		$_--;
-		$_=int($_/8)*8+7-($_%8);
-		printf "%2d  ",$_;
-		}
-	else
-		{ print "--  "; }
-	print "\n" if (((++$i) % 8) == 0);
-	print "\n" if ((($i) % 32) == 0);
-	}
-
diff --git a/secure/lib/libdes/PC2 b/secure/lib/libdes/PC2
deleted file mode 100644
index 2d560270ecd8..000000000000
--- a/secure/lib/libdes/PC2
+++ /dev/null
@@ -1,57 +0,0 @@
-#!/usr/local/bin/perl
-
-@PC2_C=(14,17,11,24, 1, 5,
-	 3,28,15, 6,21,10,
-	23,19,12, 4,26, 8,
-	16, 7,27,20,13, 2,
-	);
-
-@PC2_D=(41,52,31,37,47,55,
-	30,40,51,45,33,48,
-	44,49,39,56,34,53,
-	46,42,50,36,29,32,
-	);
-
-foreach (@PC2_C) {
-	if ($_ ne "-")
-		{
-		$_--;
-		printf "%2d  ",$_; }
-	else { print "--  "; }
-	$C{$_}=1;
-	print "\n" if (((++$i) % 8) == 0);
-	}
-$i=0;
-print "\n";
-foreach (@PC2_D) {
-	if ($_ ne "-")
-		{
-		$_-=29;
-		printf "%2d  ",$_; }
-	else { print "--  "; }
-	$D{$_}=1;
-	print "\n" if (((++$i) % 8) == 0); }
-
-print "\n";
-foreach $i (0 .. 27)
-	{
-	$_=$C{$i};
-	if ($_ ne "-") {printf "%2d ",$_;}
-	else { print "--  "; }
-	print "\n" if (((++$i) % 8) == 0);
-	}
-print "\n";
-
-print "\n";
-foreach $i (0 .. 27)
-	{
-	$_=$D{$i};
-	if ($_ ne "-") {printf "%2d  ",$_;}
-	else { print "--  "; }
-	print "\n" if (((++$i) % 8) == 0);
-	}
-print "\n";
-sub numsort
-	{
-	$a-$b;
-	}
diff --git a/secure/lib/libdes/README b/secure/lib/libdes/README
deleted file mode 100644
index 3264c2f5d898..000000000000
--- a/secure/lib/libdes/README
+++ /dev/null
@@ -1,48 +0,0 @@
-
-		libdes, Version 3.21 21/11/95
-
-		Copyright (c) 1995, Eric Young
-			  All rights reserved.
-
-    This program is free software; you can redistribute it and/or modify
-    it under the terms specified in COPYRIGHT.
-    
---
-The primary ftp site for this library is
-ftp://ftp.psy.uq.oz.au/pub/Crypto/DES/libdes-x.xx.tar.gz
-libdes is now also shipped with SSLeay.  Primary ftp site of
-ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/SSLeay-x.xx.tar.gz
-
-The best way to build this library is to build it as part of SSLeay.
-
-This kit builds a DES encryption library and a DES encryption program.
-It supports ecb, cbc, ofb, cfb, triple ecb, triple cbc, triple ofb,
-triple cfb, and MIT's pcbc encryption modes and also has a fast
-implementation of crypt(3).
-It contains support routines to read keys from a terminal,
-generate a random key, generate a key from an arbitrary length string,
-read/write encrypted data from/to a file descriptor.
-
-The implementation was written so as to conform with the manual entry
-for the des_crypt(3) library routines from MIT's project Athena.
-
-destest should be run after compilation to test the des routines.
-rpw should be run after compilation to test the read password routines.
-The des program is a replacement for the sun des command.  I believe it
-conforms to the sun version.
-
-The Imakefile is setup for use in the kerberos distribution.
-
-These routines are best compiled with gcc or any other good
-optimising compiler.
-Just turn you optimiser up to the highest settings and run destest
-after the build to make sure everything works.
-
-I believe these routines are close to the fastest and most portable DES
-routines that use small lookup tables (4.5k) that are publicly available.
-The fcrypt routine is faster than ufc's fcrypt (when compiling with
-gcc2 -O2) on the sparc 2 (1410 vs 1270) but is not so good on other machines
-(on a sun3/260 168 vs 336).  It is a function of CPU on chip cache size.
-
-Eric Young (eay@mincom.oz.au or eay@psych.psy.uq.oz.au)
-
diff --git a/secure/lib/libdes/VERSION b/secure/lib/libdes/VERSION
deleted file mode 100644
index 5d25ddc17499..000000000000
--- a/secure/lib/libdes/VERSION
+++ /dev/null
@@ -1,318 +0,0 @@
-Version 3.22 29/11/95
-	Bug in des(1), an error with the uuencoding stuff when the
-	'data' is small, thanks to Geoff Keating <keagchon@mehta.anu.edu.au>
-	for the patch.
-
-Version 3.21 22/11/95
-	After some emailing back and forth with 
-	Colin Plumb <colin@nyx10.cs.du.edu>, I've tweaked a few things
-	and in a future version I will probably put in some of the
-	optimisation he suggested for use with the DES_USE_PTR option.
-	Extra routines from Mark Murray <mark@grondar.za> for use in
-	freeBSD.  They mostly involve random number generation for use
-	with kerberos.  They involve evil machine specific system calls
-	etc so I would normally suggest pushing this stuff into the
-	application and/or using RAND_seed()/RAND_bytes() if you are
-	using this DES library as part of SSLeay.
-	Redone the read_pw() function so that it is cleaner and
-	supports termios, thanks to Sameer Parekh <sameer@c2.org>
-	for the initial patches for this.
-	Renamed 3ecb_encrypt() to ecb3_encrypt().  This has been
-	 done just to make things more consistent.
-	I have also now added triple DES versions of cfb and ofb.
-
-Version 3.20
-	Damn, Damn, Damn, as pointed out by Mike_Spreitzer.PARC@xerox.com,
-	my des_random_seed() function was only copying 4 bytes of the
-	passed seed into the init structure.  It is now fixed to copy 8.
-	My own suggestion is to used something like MD5 :-)
-
-Version 3.19 
-	While looking at my code one day, I though, why do I keep on
-	calling des_encrypt(in,out,ks,enc) when every function that
-	calls it has in and out the same.  So I dropped the 'out'
-	parameter, people should not be using this function.
-
-Version 3.18 30/08/95
-	Fixed a few bit with the distribution and the filenames.
-	3.17 had been munged via a move to DOS and back again.
-	NO CODE CHANGES
-
-Version 3.17 14/07/95
-	Fixed ede3 cbc which I had broken in 3.16.  I have also
-	removed some unneeded variables in 7-8 of the routines.
-
-Version 3.16 26/06/95
-	Added des_encrypt2() which does not use IP/FP, used by triple
-	des routines.  Tweaked things a bit elsewhere. %13 speedup on
-	sparc and %6 on a R4400 for ede3 cbc mode.
-
-Version 3.15 06/06/95
-	Added des_ncbc_encrypt(), it is des_cbc mode except that it is
-	'normal' and copies the new iv value back over the top of the
-	passed parameter.
-	CHANGED des_ede3_cbc_encrypt() so that it too now overwrites
-	the iv.  THIS WILL BREAK EXISTING CODE, but since this function
-	only new, I feel I can change it, not so with des_cbc_encrypt :-(.
-	I need to update the documentation.
-
-Version 3.14 31/05/95
-	New release upon the world, as part of my SSL implementation.
-	New copyright and usage stuff.  Basically free for all to use
-	as long as you say it came from me :-)
-
-Version 3.13 31/05/95
-	A fix in speed.c, if HZ is not defined, I set it to 100.0
-	which is reasonable for most unixes except SunOS 4.x.
-	I now have a #ifdef sun but timing for SunOS 4.x looked very
-	good :-(.  At my last job where I used SunOS 4.x, it was
-	defined to be 60.0 (look at the old INSTALL documentation), at
-	the last release had it changed to 100.0 since I now work with
-	Solaris2 and SVR4 boxes.
-	Thanks to  Rory Chisholm <rchishol@math.ethz.ch> for pointing this
-	one out.
-
-Version 3.12 08/05/95
-	As pointed out by The Crypt Keeper <tck@bend.UCSD.EDU>,
-	my D_ENCRYPT macro in crypt() had an un-necessary variable.
-	It has been removed.
-
-Version 3.11 03/05/95
-	Added des_ede3_cbc_encrypt() which is cbc mode des with 3 keys
-	and one iv.  It is a standard and I needed it for my SSL code.
-	It makes more sense to use this for triple DES than
-	3cbc_encrypt().  I have also added (or should I say tested :-)
-	cfb64_encrypt() which is cfb64 but it will encrypt a partial
-	number of bytes - 3 bytes in 3 bytes out.  Again this is for
-	my SSL library, as a form of encryption to use with SSL
-	telnet.
-
-Version 3.10 22/03/95
-	Fixed a bug in 3cbc_encrypt() :-(.  When making repeated calls
-	to cbc3_encrypt, the 2 iv values that were being returned to
-	be used in the next call were reversed :-(.
-	Many thanks to Bill Wade <wade@Stoner.COM> for pointing out
-	this error.
-
-Version 3.09 01/02/95
-	Fixed des_random_key to far more random, it was rather feeble
-	with regards to picking the initial seed.  The problem was
-	pointed out by Olaf Kirch <okir@monad.swb.de>.
-
-Version 3.08 14/12/94
-	Added Makefile.PL so libdes can be built into perl5.
-	Changed des_locl.h so RAND is always defined.
-
-Version 3.07 05/12/94
-	Added GNUmake and stuff so the library can be build with
-	glibc.
-
-Version 3.06 30/08/94
-	Added rpc_enc.c which contains _des_crypt.  This is for use in
-	secure_rpc v 4.0
-	Finally fixed the cfb_enc problems.
-	Fixed a few parameter parsing bugs in des (-3 and -b), thanks
-	to Rob McMillan <R.McMillan@its.gu.edu.au>
-
-Version 3.05 21/04/94
-	for unsigned long l; gcc does not produce ((l>>34) == 0)
-	This causes bugs in cfb_enc.
-	Thanks to Hadmut Danisch <danisch@ira.uka.de>
-
-Version 3.04 20/04/94
-	Added a version number to des.c and libdes.a
-
-Version 3.03 12/01/94
-	Fixed a bug in non zero iv in 3cbc_enc.
-
-Version 3.02 29/10/93
-	I now work in a place where there are 6+ architectures and 14+
-	OS versions :-).
-	Fixed TERMIO definition so the most sys V boxes will work :-)
-
-Release upon comp.sources.misc
-Version 3.01 08/10/93
-	Added des_3cbc_encrypt()
-
-Version 3.00 07/10/93
-	Fixed up documentation.
-	quad_cksum definitely compatible with MIT's now.
-
-Version 2.30 24/08/93
-	Triple DES now defaults to triple cbc but can do triple ecb
-	 with the -b flag.
-	Fixed some MSDOS uuen/uudecoding problems, thanks to
-	Added prototypes.
-	
-Version 2.22 29/06/93
-	Fixed a bug in des_is_weak_key() which stopped it working :-(
-	thanks to engineering@MorningStar.Com.
-
-Version 2.21 03/06/93
-	des(1) with no arguments gives quite a bit of help.
-	Added -c (generate ckecksum) flag to des(1).
-	Added -3 (triple DES) flag to des(1).
-	Added cfb and ofb routines to the library.
-
-Version 2.20 11/03/93
-	Added -u (uuencode) flag to des(1).
-	I have been playing with byte order in quad_cksum to make it
-	 compatible with MIT's version.  All I can say is avid this
-	 function if possible since MIT's output is endian dependent.
-
-Version 2.12 14/10/92
-	Added MSDOS specific macro in ecb_encrypt which gives a %70
-	 speed up when the code is compiled with turbo C.
-
-Version 2.11 12/10/92
-	Speedup in set_key (recoding of PC-1)
-	 I now do it in 47 simple operations, down from 60.
-	 Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov)
-	 for motivating me to look for a faster system :-)
-	 The speedup is probably less that 1% but it is still 13
-	 instructions less :-).
-
-Version 2.10 06/10/92
-	The code now works on the 64bit ETA10 and CRAY without modifications or
-	 #defines.  I believe the code should work on any machine that
-	 defines long, int or short to be 8 bytes long.
-	Thanks to Shabbir J. Safdar (shabby@mentor.cc.purdue.edu)
-	 for helping me fix the code to run on 64bit machines (he had
-	 access to an ETA10).
-	Thanks also to John Fletcher <john_fletcher@lccmail.ocf.llnl.gov>
-	 for testing the routines on a CRAY.
-	read_password.c has been renamed to read_passwd.c
-	string_to_key.c has been renamed to string2key.c
-
-Version 2.00 14/09/92
-	Made mods so that the library should work on 64bit CPU's.
-	Removed all my uchar and ulong defs.  To many different
-	 versions of unix define them in their header files in too many
-	 different combinations :-)
-	IRIX - Sillicon Graphics mods (mostly in read_password.c).
-	 Thanks to Andrew Daviel (advax@erich.triumf.ca)
-
-Version 1.99 26/08/92
-	Fixed a bug or 2 in enc_read.c
-	Fixed a bug in enc_write.c
-	Fixed a pseudo bug in fcrypt.c (very obscure).
-
-Version 1.98 31/07/92
-	Support for the ETA10.  This is a strange machine that defines
-	longs and ints as 8 bytes and shorts as 4 bytes.
-	Since I do evil things with long * that assume that they are 4
-	bytes.  Look in the Makefile for the option to compile for
-	this machine.  quad_cksum appears to have problems but I
-	will don't have the time to fix it right now, and this is not
-	a function that uses DES and so will not effect the main uses
-	of the library.
-
-Version 1.97 20/05/92 eay
-	Fixed the Imakefile and made some changes to des.h to fix some
-	problems when building this package with Kerberos v 4.
-
-Version 1.96 18/05/92 eay
-	Fixed a small bug in string_to_key() where problems could
-	occur if des_check_key was set to true and the string
-	generated a weak key.
-
-Patch2 posted to comp.sources.misc
-Version 1.95 13/05/92 eay
-	Added an alternative version of the D_ENCRYPT macro in
-	ecb_encrypt and fcrypt.  Depending on the compiler, one version or the
-	other will be faster.  This was inspired by 
-	Dana How <how@isl.stanford.edu>, and her pointers about doing the
-	*(ulong *)((uchar *)ptr+(value&0xfc))
-	vs
-	ptr[value&0x3f]
-	to stop the C compiler doing a <<2 to convert the long array index.
-
-Version 1.94 05/05/92 eay
-	Fixed an incompatibility between my string_to_key and the MIT
-	 version.  When the key is longer than 8 chars, I was wrapping
-	 with a different method.  To use the old version, define
-	 OLD_STR_TO_KEY in the makefile.  Thanks to
-	 viktor@newsu.shearson.com (Viktor Dukhovni).
-
-Version 1.93 28/04/92 eay
-	Fixed the VMS mods so that echo is now turned off in
-	 read_password.  Thanks again to brennan@coco.cchs.su.oz.AU.
-	MSDOS support added.  The routines can be compiled with
-	 Turbo C (v2.0) and MSC (v5.1).  Make sure MSDOS is defined.
-
-Patch1 posted to comp.sources.misc
-Version 1.92 13/04/92 eay
-	Changed D_ENCRYPT so that the rotation of R occurs outside of
-	 the loop.  This required rotating all the longs in sp.h (now
-	 called spr.h). Thanks to Richard Outerbridge <71755.204@CompuServe.COM>
-	speed.c has been changed so it will work without SIGALRM.  If
-	 times(3) is not present it will try to use ftime() instead.
-
-Version 1.91 08/04/92 eay
-	Added -E/-D options to des(1) so it can use string_to_key.
-	Added SVR4 mods suggested by witr@rwwa.COM
-	Added VMS mods suggested by brennan@coco.cchs.su.oz.AU.  If
-	anyone knows how to turn of tty echo in VMS please tell me or
-	implement it yourself :-).
-	Changed FILE *IN/*OUT to *DES_IN/*DES_OUT since it appears VMS
-	does not like IN/OUT being used.
-
-Libdes posted to comp.sources.misc
-Version 1.9 24/03/92 eay
-	Now contains a fast small crypt replacement.
-	Added des(1) command.
-	Added des_rw_mode so people can use cbc encryption with
-	enc_read and enc_write.
-
-Version 1.8 15/10/91 eay
-	Bug in cbc_cksum.
-	Many thanks to Keith Reynolds (keithr@sco.COM) for pointing this
-	one out.
-
-Version 1.7 24/09/91 eay
-	Fixed set_key :-)
-	set_key is 4 times faster and takes less space.
-	There are a few minor changes that could be made.
-
-Version 1.6 19/09/1991 eay
-	Finally go IP and FP finished.
-	Now I need to fix set_key.
-	This version is quite a bit faster that 1.51
-
-Version 1.52 15/06/1991 eay
-	20% speedup in ecb_encrypt by changing the E bit selection
-	to use 2 32bit words.  This also required modification of the
-	sp table.  There is still a way to speedup the IP and IP-1
-	(hints from outer@sq.com) still working on this one :-(.
-
-Version 1.51 07/06/1991 eay
-	Faster des_encrypt by loop unrolling
-	Fixed bug in quad_cksum.c (thanks to hughes@logos.ucs.indiana.edu)
-
-Version 1.50 28/05/1991 eay
-	Optimised the code a bit more for the sparc.  I have improved the
-	speed of the inner des_encrypt by speeding up the initial and
-	final permutations.
-
-Version 1.40 23/10/1990 eay
-	Fixed des_random_key, it did not produce a random key :-(
-
-Version 1.30  2/10/1990 eay
-	Have made des_quad_cksum the same as MIT's, the full package
-	should be compatible with MIT's
-	Have tested on a DECstation 3100
-	Still need to fix des_set_key (make it faster).
-	Does des_cbc_encrypts at 70.5k/sec on a 3100.
-
-Version 1.20 18/09/1990 eay
-	Fixed byte order dependencies.
-	Fixed (I hope) all the word alignment problems.
-	Speedup in des_ecb_encrypt.
-
-Version 1.10 11/09/1990 eay
-	Added des_enc_read and des_enc_write.
-	Still need to fix des_quad_cksum.
-	Still need to document des_enc_read and des_enc_write.
-
-Version 1.00 27/08/1990 eay
-
diff --git a/secure/lib/libdes/cbc3_enc.c b/secure/lib/libdes/cbc3_enc.c
deleted file mode 100644
index 11aa3ff4d7c7..000000000000
--- a/secure/lib/libdes/cbc3_enc.c
+++ /dev/null
@@ -1,88 +0,0 @@
-/* lib/des/cbc3_enc.c */
-/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
- * All rights reserved.
- * 
- * This file is part of an SSL implementation written
- * by Eric Young (eay@mincom.oz.au).
- * The implementation was written so as to conform with Netscapes SSL
- * specification.  This library and applications are
- * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
- * as long as the following conditions are aheared to.
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.  If this code is used in a product,
- * Eric Young should be given attribution as the author of the parts used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    This product includes software developed by Eric Young (eay@mincom.oz.au)
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-
-/* HAS BUGS? DON'T USE */
-void des_3cbc_encrypt(input, output, length, ks1, ks2, iv1, iv2, encrypt)
-des_cblock (*input);
-des_cblock (*output);
-long length;
-des_key_schedule ks1;
-des_key_schedule ks2;
-des_cblock (*iv1);
-des_cblock (*iv2);
-int encrypt;
-	{
-	int off=(length-1)/8;
-	long l8=((length+7)/8)*8;
-	des_cblock niv1,niv2;
-
-	if (encrypt == DES_ENCRYPT)
-		{
-		des_cbc_encrypt(input,output,length,ks1,iv1,encrypt);
-		if (length >= sizeof(des_cblock))
-			memcpy(niv1,output[off],sizeof(des_cblock));
-		des_cbc_encrypt(output,output,l8,ks2,iv1,!encrypt);
-		des_cbc_encrypt(output,output,l8,ks1,iv2, encrypt);
-		if (length >= sizeof(des_cblock))
-			memcpy(niv2,output[off],sizeof(des_cblock));
-		}
-	else
-		{
-		if (length >= sizeof(des_cblock))
-			memcpy(niv2,input[off],sizeof(des_cblock));
-		des_cbc_encrypt(input,output,l8,ks1,iv2,encrypt);
-		des_cbc_encrypt(output,output,l8,ks2,iv1,!encrypt);
-		if (length >= sizeof(des_cblock))
-			memcpy(niv1,output[off],sizeof(des_cblock));
-		des_cbc_encrypt(output,output,length,ks1,iv1, encrypt);
-		}
-	memcpy(*iv1,niv1,sizeof(des_cblock));
-	memcpy(*iv2,niv2,sizeof(des_cblock));
-	}
-
diff --git a/secure/lib/libdes/cbc_cksm.c b/secure/lib/libdes/cbc_cksm.c
deleted file mode 100644
index 9088c732c6f6..000000000000
--- a/secure/lib/libdes/cbc_cksm.c
+++ /dev/null
@@ -1,92 +0,0 @@
-/* lib/des/cbc_cksm.c */
-/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
- * All rights reserved.
- * 
- * This file is part of an SSL implementation written
- * by Eric Young (eay@mincom.oz.au).
- * The implementation was written so as to conform with Netscapes SSL
- * specification.  This library and applications are
- * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
- * as long as the following conditions are aheared to.
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.  If this code is used in a product,
- * Eric Young should be given attribution as the author of the parts used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    This product includes software developed by Eric Young (eay@mincom.oz.au)
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-
-unsigned long des_cbc_cksum(input, output, length, schedule, ivec)
-des_cblock (*input);
-des_cblock (*output);
-long length;
-des_key_schedule schedule;
-des_cblock (*ivec);
-	{
-	register unsigned long tout0,tout1,tin0,tin1;
-	register long l=length;
-	unsigned long tin[2];
-	unsigned char *in,*out,*iv;
-
-	in=(unsigned char *)input;
-	out=(unsigned char *)output;
-	iv=(unsigned char *)ivec;
-
-	c2l(iv,tout0);
-	c2l(iv,tout1);
-	for (; l>0; l-=8)
-		{
-		if (l >= 8)
-			{
-			c2l(in,tin0);
-			c2l(in,tin1);
-			}
-		else
-			c2ln(in,tin0,tin1,l);
-			
-		tin0^=tout0; tin[0]=tin0;
-		tin1^=tout1; tin[1]=tin1;
-		des_encrypt((unsigned long *)tin,schedule,DES_ENCRYPT);
-		/* fix 15/10/91 eay - thanks to keithr@sco.COM */
-		tout0=tin[0];
-		tout1=tin[1];
-		}
-	if (out != NULL)
-		{
-		l2c(tout0,out);
-		l2c(tout1,out);
-		}
-	tout0=tin0=tin1=tin[0]=tin[1]=0;
-	return(tout1);
-	}
diff --git a/secure/lib/libdes/cbc_enc.c b/secure/lib/libdes/cbc_enc.c
deleted file mode 100644
index c0cdef896a54..000000000000
--- a/secure/lib/libdes/cbc_enc.c
+++ /dev/null
@@ -1,114 +0,0 @@
-/* lib/des/cbc_enc.c */
-/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
- * All rights reserved.
- * 
- * This file is part of an SSL implementation written
- * by Eric Young (eay@mincom.oz.au).
- * The implementation was written so as to conform with Netscapes SSL
- * specification.  This library and applications are
- * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
- * as long as the following conditions are aheared to.
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.  If this code is used in a product,
- * Eric Young should be given attribution as the author of the parts used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    This product includes software developed by Eric Young (eay@mincom.oz.au)
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-
-void des_cbc_encrypt(input, output, length, schedule, ivec, encrypt)
-des_cblock (*input);
-des_cblock (*output);
-long length;
-des_key_schedule schedule;
-des_cblock (*ivec);
-int encrypt;
-	{
-	register unsigned long tin0,tin1;
-	register unsigned long tout0,tout1,xor0,xor1;
-	register unsigned char *in,*out;
-	register long l=length;
-	unsigned long tin[2];
-	unsigned char *iv;
-
-	in=(unsigned char *)input;
-	out=(unsigned char *)output;
-	iv=(unsigned char *)ivec;
-
-	if (encrypt)
-		{
-		c2l(iv,tout0);
-		c2l(iv,tout1);
-		for (; l>0; l-=8)
-			{
-			if (l >= 8)
-				{
-				c2l(in,tin0);
-				c2l(in,tin1);
-				}
-			else
-				c2ln(in,tin0,tin1,l);
-			tin0^=tout0; tin[0]=tin0;
-			tin1^=tout1; tin[1]=tin1;
-			des_encrypt((unsigned long *)tin,schedule,DES_ENCRYPT);
-			tout0=tin[0]; l2c(tout0,out);
-			tout1=tin[1]; l2c(tout1,out);
-			}
-		}
-	else
-		{
-		c2l(iv,xor0);
-		c2l(iv,xor1);
-		for (; l>0; l-=8)
-			{
-			c2l(in,tin0); tin[0]=tin0;
-			c2l(in,tin1); tin[1]=tin1;
-			des_encrypt((unsigned long *)tin,schedule,DES_DECRYPT);
-			tout0=tin[0]^xor0;
-			tout1=tin[1]^xor1;
-			if (l >= 8)
-				{
-				l2c(tout0,out);
-				l2c(tout1,out);
-				}
-			else
-				l2cn(tout0,tout1,out,l);
-			xor0=tin0;
-			xor1=tin1;
-			}
-		}
-	tin0=tin1=tout0=tout1=xor0=xor1=0;
-	tin[0]=tin[1]=0;
-	}
-
diff --git a/secure/lib/libdes/cfb64ede.c b/secure/lib/libdes/cfb64ede.c
deleted file mode 100644
index 93af8172c1bb..000000000000
--- a/secure/lib/libdes/cfb64ede.c
+++ /dev/null
@@ -1,152 +0,0 @@
-/* lib/des/cfb64ede.c */
-/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
- * All rights reserved.
- * 
- * This file is part of an SSL implementation written
- * by Eric Young (eay@mincom.oz.au).
- * The implementation was written so as to conform with Netscapes SSL
- * specification.  This library and applications are
- * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
- * as long as the following conditions are aheared to.
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.  If this code is used in a product,
- * Eric Young should be given attribution as the author of the parts used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    This product includes software developed by Eric Young (eay@mincom.oz.au)
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-
-/* The input and output encrypted as though 64bit cfb mode is being
- * used.  The extra state information to record how much of the
- * 64bit block we have used is contained in *num;
- */
-
-void des_ede3_cfb64_encrypt(in, out, length, ks1,ks2,ks3, ivec, num, encrypt)
-unsigned char *in;
-unsigned char *out;
-long length;
-des_key_schedule ks1,ks2,ks3;
-des_cblock (*ivec);
-int *num;
-int encrypt;
-	{
-	register unsigned long v0,v1;
-	register long l=length,n=*num;
-	unsigned long ti[2];
-	unsigned char *iv,c,cc;
-
-	iv=(unsigned char *)ivec;
-	if (encrypt)
-		{
-		while (l--)
-			{
-			if (n == 0)
-				{
-				c2l(iv,v0);
-				c2l(iv,v1);
-
-				IP(v0,v1);
-
-				ti[0]=v0;
-				ti[1]=v1;
-				des_encrypt2((unsigned long *)ti,ks1,DES_ENCRYPT);
-				des_encrypt2((unsigned long *)ti,ks2,DES_DECRYPT);
-				des_encrypt2((unsigned long *)ti,ks3,DES_ENCRYPT);
-				v0=ti[0];
-				v1=ti[1];
-
-				FP(v1,v0);
-
-				iv=(unsigned char *)ivec;
-				l2c(v0,iv);
-				l2c(v1,iv);
-				iv=(unsigned char *)ivec;
-				}
-			c= *(in++)^iv[n];
-			*(out++)=c;
-			iv[n]=c;
-			n=(n+1)&0x07;
-			}
-		}
-	else
-		{
-		while (l--)
-			{
-			if (n == 0)
-				{
-				c2l(iv,v0);
-				c2l(iv,v1);
-
-				IP(v0,v1);
-
-				ti[0]=v0;
-				ti[1]=v1;
-				des_encrypt2((unsigned long *)ti,ks1,DES_ENCRYPT);
-				des_encrypt2((unsigned long *)ti,ks2,DES_DECRYPT);
-				des_encrypt2((unsigned long *)ti,ks3,DES_ENCRYPT);
-
-				v0=ti[0];
-				v1=ti[1];
-
-				FP(v1,v0);
-
-				iv=(unsigned char *)ivec;
-				l2c(v0,iv);
-				l2c(v1,iv);
-				iv=(unsigned char *)ivec;
-				}
-			cc= *(in++);
-			c=iv[n];
-			iv[n]=cc;
-			*(out++)=c^cc;
-			n=(n+1)&0x07;
-			}
-		}
-	v0=v1=ti[0]=ti[1]=c=cc=0;
-	*num=n;
-	}
-
-#ifdef undef /* MACRO */
-void des_ede2_cfb64_encrypt(in, out, length, ks1,ks2, ivec, num, encrypt)
-unsigned char *in;
-unsigned char *out;
-long length;
-des_key_schedule ks1,ks2;
-des_cblock (*ivec);
-int *num;
-int encrypt;
-	{
-	des_ede3_cfb64_encrypt(in,out,length,ks1,ks2,ks1,ivec,num,encrypt);
-	}
-#endif
diff --git a/secure/lib/libdes/cfb64enc.c b/secure/lib/libdes/cfb64enc.c
deleted file mode 100644
index 35875f3f647a..000000000000
--- a/secure/lib/libdes/cfb64enc.c
+++ /dev/null
@@ -1,116 +0,0 @@
-/* lib/des/cfb64enc.c */
-/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
- * All rights reserved.
- * 
- * This file is part of an SSL implementation written
- * by Eric Young (eay@mincom.oz.au).
- * The implementation was written so as to conform with Netscapes SSL
- * specification.  This library and applications are
- * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
- * as long as the following conditions are aheared to.
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.  If this code is used in a product,
- * Eric Young should be given attribution as the author of the parts used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    This product includes software developed by Eric Young (eay@mincom.oz.au)
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-
-/* The input and output encrypted as though 64bit cfb mode is being
- * used.  The extra state information to record how much of the
- * 64bit block we have used is contained in *num;
- */
-
-void des_cfb64_encrypt(in, out, length, schedule, ivec, num, encrypt)
-unsigned char *in;
-unsigned char *out;
-long length;
-des_key_schedule schedule;
-des_cblock (*ivec);
-int *num;
-int encrypt;
-	{
-	register unsigned long v0,v1;
-	register long l=length,n=*num;
-	unsigned long ti[2];
-	unsigned char *iv,c,cc;
-
-	iv=(unsigned char *)ivec;
-	if (encrypt)
-		{
-		while (l--)
-			{
-			if (n == 0)
-				{
-				c2l(iv,v0); ti[0]=v0;
-				c2l(iv,v1); ti[1]=v1;
-				des_encrypt((unsigned long *)ti,
-					schedule,DES_ENCRYPT);
-				iv=(unsigned char *)ivec;
-				v0=ti[0]; l2c(v0,iv);
-				v0=ti[1]; l2c(v0,iv);
-				iv=(unsigned char *)ivec;
-				}
-			c= *(in++)^iv[n];
-			*(out++)=c;
-			iv[n]=c;
-			n=(n+1)&0x07;
-			}
-		}
-	else
-		{
-		while (l--)
-			{
-			if (n == 0)
-				{
-				c2l(iv,v0); ti[0]=v0;
-				c2l(iv,v1); ti[1]=v1;
-				des_encrypt((unsigned long *)ti,
-					schedule,DES_ENCRYPT);
-				iv=(unsigned char *)ivec;
-				v0=ti[0]; l2c(v0,iv);
-				v0=ti[1]; l2c(v0,iv);
-				iv=(unsigned char *)ivec;
-				}
-			cc= *(in++);
-			c=iv[n];
-			iv[n]=cc;
-			*(out++)=c^cc;
-			n=(n+1)&0x07;
-			}
-		}
-	v0=v1=ti[0]=ti[1]=c=cc=0;
-	*num=n;
-	}
-
diff --git a/secure/lib/libdes/cfb_enc.c b/secure/lib/libdes/cfb_enc.c
deleted file mode 100644
index 33002d159219..000000000000
--- a/secure/lib/libdes/cfb_enc.c
+++ /dev/null
@@ -1,160 +0,0 @@
-/* lib/des/cfb_enc.c */
-/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
- * All rights reserved.
- * 
- * This file is part of an SSL implementation written
- * by Eric Young (eay@mincom.oz.au).
- * The implementation was written so as to conform with Netscapes SSL
- * specification.  This library and applications are
- * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
- * as long as the following conditions are aheared to.
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.  If this code is used in a product,
- * Eric Young should be given attribution as the author of the parts used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    This product includes software developed by Eric Young (eay@mincom.oz.au)
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-
-/* The input and output are loaded in multiples of 8 bits.
- * What this means is that if you hame numbits=12 and length=2
- * the first 12 bits will be retrieved from the first byte and half
- * the second.  The second 12 bits will come from the 3rd and half the 4th
- * byte.
- */
-void des_cfb_encrypt(in, out, numbits, length, schedule, ivec, encrypt)
-unsigned char *in;
-unsigned char *out;
-int numbits;
-long length;
-des_key_schedule schedule;
-des_cblock (*ivec);
-int encrypt;
-	{
-	register unsigned long d0,d1,v0,v1,n=(numbits+7)/8;
-	register unsigned long mask0,mask1;
-	register unsigned long l=length;
-	register int num=numbits;
-	unsigned long ti[2];
-	unsigned char *iv;
-
-	if (num > 64) return;
-	if (num > 32)
-		{
-		mask0=0xffffffffL;
-		if (num == 64)
-			mask1=mask0;
-		else	mask1=(1L<<(num-32))-1;
-		}
-	else
-		{
-		if (num == 32)
-			mask0=0xffffffffL;
-		else	mask0=(1L<<num)-1;
-		mask1=0x00000000;
-		}
-
-	iv=(unsigned char *)ivec;
-	c2l(iv,v0);
-	c2l(iv,v1);
-	if (encrypt)
-		{
-		while (l >= n)
-			{
-			l-=n;
-			ti[0]=v0;
-			ti[1]=v1;
-			des_encrypt((unsigned long *)ti,schedule,DES_ENCRYPT);
-			c2ln(in,d0,d1,n);
-			in+=n;
-			d0=(d0^ti[0])&mask0;
-			d1=(d1^ti[1])&mask1;
-			l2cn(d0,d1,out,n);
-			out+=n;
-			/* 30-08-94 - eay - changed because l>>32 and
-			 * l<<32 are bad under gcc :-( */
-			if (num == 32)
-				{ v0=v1; v1=d0; }
-			else if (num == 64)
-				{ v0=d0; v1=d1; }
-			else if (num > 32) /* && num != 64 */
-				{
-				v0=((v1>>(num-32))|(d0<<(64-num)))&0xffffffffL;
-				v1=((d0>>(num-32))|(d1<<(64-num)))&0xffffffffL;
-				}
-			else /* num < 32 */
-				{
-				v0=((v0>>num)|(v1<<(32-num)))&0xffffffffL;
-				v1=((v1>>num)|(d0<<(32-num)))&0xffffffffL;
-				}
-			}
-		}
-	else
-		{
-		while (l >= n)
-			{
-			l-=n;
-			ti[0]=v0;
-			ti[1]=v1;
-			des_encrypt((unsigned long *)ti,schedule,DES_ENCRYPT);
-			c2ln(in,d0,d1,n);
-			in+=n;
-			/* 30-08-94 - eay - changed because l>>32 and
-			 * l<<32 are bad under gcc :-( */
-			if (num == 32)
-				{ v0=v1; v1=d0; }
-			else if (num == 64)
-				{ v0=d0; v1=d1; }
-			else if (num > 32) /* && num != 64 */
-				{
-				v0=((v1>>(num-32))|(d0<<(64-num)))&0xffffffffL;
-				v1=((d0>>(num-32))|(d1<<(64-num)))&0xffffffffL;
-				}
-			else /* num < 32 */
-				{
-				v0=((v0>>num)|(v1<<(32-num)))&0xffffffffL;
-				v1=((v1>>num)|(d0<<(32-num)))&0xffffffffL;
-				}
-			d0=(d0^ti[0])&mask0;
-			d1=(d1^ti[1])&mask1;
-			l2cn(d0,d1,out,n);
-			out+=n;
-			}
-		}
-	iv=(unsigned char *)ivec;
-	l2c(v0,iv);
-	l2c(v1,iv);
-	v0=v1=d0=d1=ti[0]=ti[1]=0;
-	}
-
diff --git a/secure/lib/libdes/des.c b/secure/lib/libdes/des.c
deleted file mode 100644
index ca5505bb3b1a..000000000000
--- a/secure/lib/libdes/des.c
+++ /dev/null
@@ -1,949 +0,0 @@
-/* lib/des/des.c */
-/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
- * All rights reserved.
- * 
- * This file is part of an SSL implementation written
- * by Eric Young (eay@mincom.oz.au).
- * The implementation was written so as to conform with Netscapes SSL
- * specification.  This library and applications are
- * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
- * as long as the following conditions are aheared to.
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.  If this code is used in a product,
- * Eric Young should be given attribution as the author of the parts used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    This product includes software developed by Eric Young (eay@mincom.oz.au)
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#ifndef MSDOS
-#include <unistd.h>
-#else
-#include <io.h>
-#define RAND
-#endif
-
-#include <time.h>
-#include "version.h"
-
-#ifdef VMS
-#include <types.h>
-#include <stat.h>
-#else
-#ifndef _IRIX
-#include <sys/types.h>
-#endif
-#include <sys/stat.h>
-#endif
-#if defined(NOCONST)
-#define const
-#endif
-#include "des.h"
-
-#if defined(__STDC__) || defined(VMS) || defined(M_XENIX) || defined(MSDOS)
-#include <string.h>
-#endif
-
-#ifdef RAND
-#define random rand
-#define srandom(s) srand(s)
-#endif
-
-#ifndef NOPROTO
-void usage(void);
-void doencryption(void);
-int uufwrite(unsigned char *data, int size, unsigned int num, FILE *fp);
-void uufwriteEnd(FILE *fp);
-int uufread(unsigned char *out,int size,unsigned int num,FILE *fp);
-int uuencode(unsigned char *in,int num,unsigned char *out);
-int uudecode(unsigned char *in,int num,unsigned char *out);
-#else
-void usage();
-void doencryption();
-int uufwrite();
-void uufwriteEnd();
-int uufread();
-int uuencode();
-int uudecode();
-#endif
-
-#ifdef VMS
-#define EXIT(a) exit(a&0x10000000)
-#else
-#define EXIT(a) exit(a)
-#endif
-
-#define BUFSIZE (8*1024)
-#define VERIFY  1
-#define KEYSIZ	8
-#define KEYSIZB 1024 /* should hit tty line limit first :-) */
-char key[KEYSIZB+1];
-int do_encrypt,longk=0;
-FILE *DES_IN,*DES_OUT,*CKSUM_OUT;
-char uuname[200];
-unsigned char uubuf[50];
-int uubufnum=0;
-#define INUUBUFN	(45*100)
-#define OUTUUBUF	(65*100)
-unsigned char b[OUTUUBUF];
-unsigned char bb[300];
-des_cblock cksum={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
-char cksumname[200]="";
-
-int vflag,cflag,eflag,dflag,kflag,bflag,fflag,sflag,uflag,flag3,hflag,error;
-
-int main(argc, argv)
-int argc;
-char **argv;
-	{
-	int i;
-	struct stat ins,outs;
-	char *p;
-	char *in=NULL,*out=NULL;
-
-	vflag=cflag=eflag=dflag=kflag=hflag=bflag=fflag=sflag=uflag=flag3=0;
-	error=0;
-	memset(key,0,sizeof(key));
-
-	for (i=1; i<argc; i++)
-		{
-		p=argv[i];
-		if ((p[0] == '-') && (p[1] != '\0'))
-			{
-			p++;
-			while (*p)
-				{
-				switch (*(p++))
-					{
-				case '3':
-					flag3=1;
-					longk=1;
-					break;
-				case 'c':
-					cflag=1;
-					strncpy(cksumname,p,200);
-					p+=strlen(cksumname);
-					break;
-				case 'C':
-					cflag=1;
-					longk=1;
-					strncpy(cksumname,p,200);
-					p+=strlen(cksumname);
-					break;
-				case 'e':
-					eflag=1;
-					break;
-				case 'v':
-					vflag=1;
-					break;
-				case 'E':
-					eflag=1;
-					longk=1;
-					break;
-				case 'd':
-					dflag=1;
-					break;
-				case 'D':
-					dflag=1;
-					longk=1;
-					break;
-				case 'b':
-					bflag=1;
-					break;
-				case 'f':
-					fflag=1;
-					break;
-				case 's':
-					sflag=1;
-					break;
-				case 'u':
-					uflag=1;
-					strncpy(uuname,p,200);
-					p+=strlen(uuname);
-					break;
-				case 'h':
-					hflag=1;
-					break;
-				case 'k':
-					kflag=1;
-					if ((i+1) == argc)
-						{
-						fputs("must have a key with the -k option\n",stderr);
-						error=1;
-						}
-					else
-						{
-						int j;
-
-						i++;
-						strncpy(key,argv[i],KEYSIZB);
-						for (j=strlen(argv[i])-1; j>=0; j--)
-							argv[i][j]='\0';
-						}
-					break;
-				default:
-					fprintf(stderr,"'%c' unknown flag\n",p[-1]);
-					error=1;
-					break;
-					}
-				}
-			}
-		else
-			{
-			if (in == NULL)
-				in=argv[i];
-			else if (out == NULL)
-				out=argv[i];
-			else
-				error=1;
-			}
-		}
-	if (error) usage();
-	/* We either
-	 * do checksum or
-	 * do encrypt or
-	 * do decrypt or
-	 * do decrypt then ckecksum or
-	 * do checksum then encrypt
-	 */
-	if (((eflag+dflag) == 1) || cflag)
-		{
-		if (eflag) do_encrypt=DES_ENCRYPT;
-		if (dflag) do_encrypt=DES_DECRYPT;
-		}
-	else
-		{
-		if (vflag) 
-			{
-#ifndef _Windows			
-			fprintf(stderr,"des(1) built with %s\n",DES_version);
-#endif			
-			EXIT(1);
-			}
-		else usage();
-		}
-
-#ifndef _Windows			
-	if (vflag) fprintf(stderr,"des(1) built with %s\n",DES_version);
-#endif			
-	if (	(in != NULL) &&
-		(out != NULL) &&
-#ifndef MSDOS
-		(stat(in,&ins) != -1) &&
-		(stat(out,&outs) != -1) &&
-		(ins.st_dev == outs.st_dev) &&
-		(ins.st_ino == outs.st_ino))
-#else /* MSDOS */
-		(strcmp(in,out) == 0))
-#endif
-			{
-			fputs("input and output file are the same\n",stderr);
-			EXIT(3);
-			}
-
-	if (!kflag)
-		if (des_read_pw_string(key,KEYSIZB+1,"Enter key:",eflag?VERIFY:0))
-			{
-			fputs("password error\n",stderr);
-			EXIT(2);
-			}
-
-	if (in == NULL)
-		DES_IN=stdin;
-	else if ((DES_IN=fopen(in,"r")) == NULL)
-		{
-		perror("opening input file");
-		EXIT(4);
-		}
-
-	CKSUM_OUT=stdout;
-	if (out == NULL)
-		{
-		DES_OUT=stdout;
-		CKSUM_OUT=stderr;
-		}
-	else if ((DES_OUT=fopen(out,"w")) == NULL)
-		{
-		perror("opening output file");
-		EXIT(5);
-		}
-
-#ifdef MSDOS
-	/* This should set the file to binary mode. */
-	{
-#include <fcntl.h>
-	if (!(uflag && dflag))
-		setmode(fileno(DES_IN),O_BINARY);
-	if (!(uflag && eflag))
-		setmode(fileno(DES_OUT),O_BINARY);
-	}
-#endif
-
-	doencryption();
-	fclose(DES_IN);
-	fclose(DES_OUT);
-	EXIT(0);
-	}
-
-void usage()
-	{
-	char **u;
-	static const char *Usage[]={
-"des <options> [input-file [output-file]]",
-"options:",
-"-v         : des(1) version number",
-"-e         : encrypt using sunOS compatible user key to DES key conversion.",
-"-E         : encrypt ",
-"-d         : decrypt using sunOS compatible user key to DES key conversion.",
-"-D         : decrypt ",
-"-c[ckname] : generate a cbc_cksum using sunOS compatible user key to",
-"             DES key conversion and output to ckname (stdout default,",
-"             stderr if data being output on stdout).  The checksum is",
-"             generated before encryption and after decryption if used",
-"             in conjunction with -[eEdD].",
-"-C[ckname] : generate a cbc_cksum as for -c but compatible with -[ED].",
-"-k key     : use key 'key'",
-"-h         : the key that is entered will be a hexidecimal number",
-"             that is used directly as the des key",
-"-u[uuname] : input file is uudecoded if -[dD] or output uuencoded data if -[eE]",
-"             (uuname is the filename to put in the uuencode header).",
-"-b         : encrypt using DES in ecb encryption mode, the defaut is cbc mode.",
-"-3         : encrypt using tripple DES encryption.  This uses 2 keys",
-"             generated from the input key.  If the input key is less",
-"             than 8 characters long, this is equivelent to normal",
-"             encryption.  Default is tripple cbc, -b makes it tripple ecb.",
-NULL
-};
-	for (u=(char **)Usage; *u; u++)
-		{
-		fputs(*u,stderr);
-		fputc('\n',stderr);
-		}
-
-	EXIT(1);
-	}
-
-void doencryption()
-	{
-#ifdef _LIBC
-	extern int srandom();
-	extern int random();
-	extern unsigned long time();
-#endif
-
-	register int i;
-	des_key_schedule ks,ks2;
-	unsigned char iv[8],iv2[8];
-	char *p;
-	int num=0,j,k,l,rem,ll,len,last,ex=0;
-	des_cblock kk,k2;
-	FILE *O;
-	int Exit=0;
-#ifndef MSDOS
-	static unsigned char buf[BUFSIZE+8],obuf[BUFSIZE+8];
-#else
-	static unsigned char *buf=NULL,*obuf=NULL;
-
-	if (buf == NULL)
-		{
-		if (    (( buf=(unsigned char *)malloc(BUFSIZE+8)) == NULL) ||
-			((obuf=(unsigned char *)malloc(BUFSIZE+8)) == NULL))
-			{
-			fputs("Not enough memory\n",stderr);
-			Exit=10;
-			goto problems;
-			}
-		}
-#endif
-
-	if (hflag)
-		{
-		j=(flag3?16:8);
-		p=key;
-		for (i=0; i<j; i++)
-			{
-			k=0;
-			if ((*p <= '9') && (*p >= '0'))
-				k=(*p-'0')<<4;
-			else if ((*p <= 'f') && (*p >= 'a'))
-				k=(*p-'a'+10)<<4;
-			else if ((*p <= 'F') && (*p >= 'A'))
-				k=(*p-'A'+10)<<4;
-			else
-				{
-				fputs("Bad hex key\n",stderr);
-				Exit=9;
-				goto problems;
-				}
-			p++;
-			if ((*p <= '9') && (*p >= '0'))
-				k|=(*p-'0');
-			else if ((*p <= 'f') && (*p >= 'a'))
-				k|=(*p-'a'+10);
-			else if ((*p <= 'F') && (*p >= 'A'))
-				k|=(*p-'A'+10);
-			else
-				{
-				fputs("Bad hex key\n",stderr);
-				Exit=9;
-				goto problems;
-				}
-			p++;
-			if (i < 8)
-				kk[i]=k;
-			else
-				k2[i-8]=k;
-			}
-		des_set_key((C_Block *)k2,ks2);
-		memset(k2,0,sizeof(k2));
-		}
-	else if (longk || flag3)
-		{
-		if (flag3)
-			{
-			des_string_to_2keys(key,(C_Block *)kk,(C_Block *)k2);
-			des_set_key((C_Block *)k2,ks2);
-			memset(k2,0,sizeof(k2));
-			}
-		else
-			des_string_to_key(key,(C_Block *)kk);
-		}
-	else
-		for (i=0; i<KEYSIZ; i++)
-			{
-			l=0;
-			k=key[i];
-			for (j=0; j<8; j++)
-				{
-				if (k&1) l++;
-				k>>=1;
-				}
-			if (l & 1)
-				kk[i]=key[i]&0x7f;
-			else
-				kk[i]=key[i]|0x80;
-			}
-
-	des_set_key((C_Block *)kk,ks);
-	memset(key,0,sizeof(key));
-	memset(kk,0,sizeof(kk));
-	/* woops - A bug that does not showup under unix :-( */
-	memset(iv,0,sizeof(iv));
-	memset(iv2,0,sizeof(iv2));
-
-	l=1;
-	rem=0;
-	/* first read */
-	if (eflag || (!dflag && cflag))
-		{
-		for (;;)
-			{
-			num=l=fread(&(buf[rem]),1,BUFSIZE,DES_IN);
-			l+=rem;
-			num+=rem;
-			if (l < 0)
-				{
-				perror("read error");
-				Exit=6;
-				goto problems;
-				}
-
-			rem=l%8;
-			len=l-rem;
-			if (feof(DES_IN))
-				{
-				srandom((unsigned int)time(NULL));
-				for (i=7-rem; i>0; i--)
-					buf[l++]=random()&0xff;
-				buf[l++]=rem;
-				ex=1;
-				len+=rem;
-				}
-			else
-				l-=rem;
-
-			if (cflag)
-				{
-				des_cbc_cksum((C_Block *)buf,(C_Block *)cksum,
-					(long)len,ks,(C_Block *)cksum);
-				if (!eflag)
-					{
-					if (feof(DES_IN)) break;
-					else continue;
-					}
-				}
-
-			if (bflag && !flag3)
-				for (i=0; i<l; i+=8)
-					des_ecb_encrypt(
-						(des_cblock *)&(buf[i]),
-						(des_cblock *)&(obuf[i]),
-						ks,do_encrypt);
-			else if (flag3 && bflag)
-				for (i=0; i<l; i+=8)
-					des_ecb2_encrypt(
-						(des_cblock *)&(buf[i]),
-						(des_cblock *)&(obuf[i]),
-						ks,ks2,do_encrypt);
-			else if (flag3 && !bflag)
-				{
-				char tmpbuf[8];
-
-				if (rem) memcpy(tmpbuf,&(buf[l]),
-					(unsigned int)rem);
-				des_3cbc_encrypt(
-					(des_cblock *)buf,(des_cblock *)obuf,
-					(long)l,ks,ks2,(des_cblock *)iv,
-					(des_cblock *)iv2,do_encrypt);
-				if (rem) memcpy(&(buf[l]),tmpbuf,
-					(unsigned int)rem);
-				}
-			else
-				{
-				des_cbc_encrypt(
-					(des_cblock *)buf,(des_cblock *)obuf,
-					(long)l,ks,(des_cblock *)iv,do_encrypt);
-				if (l >= 8) memcpy(iv,&(obuf[l-8]),8);
-				}
-			if (rem) memcpy(buf,&(buf[l]),(unsigned int)rem);
-
-			i=0;
-			while (i < l)
-				{
-				if (uflag)
-					j=uufwrite(obuf,1,(unsigned int)l-i,
-						DES_OUT);
-				else
-					j=fwrite(obuf,1,(unsigned int)l-i,
-						DES_OUT);
-				if (j == -1)
-					{
-					perror("Write error");
-					Exit=7;
-					goto problems;
-					}
-				i+=j;
-				}
-			if (feof(DES_IN))
-				{
-				if (uflag) uufwriteEnd(DES_OUT);
-				break;
-				}
-			}
-		}
-	else /* decrypt */
-		{
-		ex=1;
-		for (;;)
-			{
-			if (ex) {
-				if (uflag)
-					l=uufread(buf,1,BUFSIZE,DES_IN);
-				else
-					l=fread(buf,1,BUFSIZE,DES_IN);
-				ex=0;
-				rem=l%8;
-				l-=rem;
-				}
-			if (l < 0)
-				{
-				perror("read error");
-				Exit=6;
-				goto problems;
-				}
-
-			if (bflag && !flag3)
-				for (i=0; i<l; i+=8)
-					des_ecb_encrypt(
-						(des_cblock *)&(buf[i]),
-						(des_cblock *)&(obuf[i]),
-						ks,do_encrypt);
-			else if (flag3 && bflag)
-				for (i=0; i<l; i+=8)
-					des_ecb2_encrypt(
-						(des_cblock *)&(buf[i]),
-						(des_cblock *)&(obuf[i]),
-						ks,ks2,do_encrypt);
-			else if (flag3 && !bflag)
-				{
-				des_3cbc_encrypt(
-					(des_cblock *)buf,(des_cblock *)obuf,
-					(long)l,ks,ks2,(des_cblock *)iv,
-					(des_cblock *)iv2,do_encrypt);
-				}
-			else
-				{
-				des_cbc_encrypt(
-					(des_cblock *)buf,(des_cblock *)obuf,
-				 	(long)l,ks,(des_cblock *)iv,do_encrypt);
-				if (l >= 8) memcpy(iv,&(buf[l-8]),8);
-				}
-
-			if (uflag)
-				ll=uufread(&(buf[rem]),1,BUFSIZE,DES_IN);
-			else
-				ll=fread(&(buf[rem]),1,BUFSIZE,DES_IN);
-			ll+=rem;
-			rem=ll%8;
-			ll-=rem;
-			if (feof(DES_IN) && (ll == 0))
-				{
-				last=obuf[l-1];
-
-				if ((last > 7) || (last < 0))
-					{
-					fputs("The file was not decrypted correctly.\n",
-						stderr);
-					Exit=8;
-					last=0;
-					}
-				l=l-8+last;
-				}
-			i=0;
-			if (cflag) des_cbc_cksum((C_Block *)obuf,
-				(C_Block *)cksum,(long)l/8*8,ks,
-				(C_Block *)cksum);
-			while (i != l)
-				{
-				j=fwrite(obuf,1,(unsigned int)l-i,DES_OUT);
-				if (j == -1)
-					{
-					perror("Write error");
-					Exit=7;
-					goto problems;
-					}
-				i+=j;
-				}
-			l=ll;
-			if ((l == 0) && feof(DES_IN)) break;
-			}
-		}
-	if (cflag)
-		{
-		l=0;
-		if (cksumname[0] != '\0')
-			{
-			if ((O=fopen(cksumname,"w")) != NULL)
-				{
-				CKSUM_OUT=O;
-				l=1;
-				}
-			}
-		for (i=0; i<8; i++)
-			fprintf(CKSUM_OUT,"%02X",cksum[i]);
-		fprintf(CKSUM_OUT,"\n");
-		if (l) fclose(CKSUM_OUT);
-		}
-problems:
-	memset(buf,0,sizeof(buf));
-	memset(obuf,0,sizeof(obuf));
-	memset(ks,0,sizeof(ks));
-	memset(ks2,0,sizeof(ks2));
-	memset(iv,0,sizeof(iv));
-	memset(iv2,0,sizeof(iv2));
-	memset(kk,0,sizeof(kk));
-	memset(k2,0,sizeof(k2));
-	memset(uubuf,0,sizeof(uubuf));
-	memset(b,0,sizeof(b));
-	memset(bb,0,sizeof(bb));
-	memset(cksum,0,sizeof(cksum));
-	if (Exit) EXIT(Exit);
-	}
-
-int uufwrite(data, size, num, fp)
-unsigned char *data;
-int size;
-unsigned int num;
-FILE *fp;
-      
-     /* We ignore this parameter but it should be > ~50 I believe */
-   
-    
-	{
-	int i,j,left,rem,ret=num;
-	static int start=1;
-
-	if (start)
-		{
-		fprintf(fp,"begin 600 %s\n",
-			(uuname[0] == '\0')?"text.d":uuname);
-		start=0;
-		}
-
-	if (uubufnum)
-		{
-		if (uubufnum+num < 45)
-			{
-			memcpy(&(uubuf[uubufnum]),data,(unsigned int)num);
-			uubufnum+=num;
-			return(num);
-			}
-		else
-			{
-			i=45-uubufnum;
-			memcpy(&(uubuf[uubufnum]),data,(unsigned int)i);
-			j=uuencode((unsigned char *)uubuf,45,b);
-			fwrite(b,1,(unsigned int)j,fp);
-			uubufnum=0;
-			data+=i;
-			num-=i;
-			}
-		}
-
-	for (i=0; i<(((int)num)-INUUBUFN); i+=INUUBUFN)
-		{
-		j=uuencode(&(data[i]),INUUBUFN,b);
-		fwrite(b,1,(unsigned int)j,fp);
-		}
-	rem=(num-i)%45;
-	left=(num-i-rem);
-	if (left)
-		{
-		j=uuencode(&(data[i]),left,b);
-		fwrite(b,1,(unsigned int)j,fp);
-		i+=left;
-		}
-	if (i != num)
-		{
-		memcpy(uubuf,&(data[i]),(unsigned int)rem);
-		uubufnum=rem;
-		}
-	return(ret);
-	}
-
-void uufwriteEnd(fp)
-FILE *fp;
-	{
-	int j;
-	static const char *end=" \nend\n";
-
-	if (uubufnum != 0)
-		{
-		uubuf[uubufnum]='\0';
-		uubuf[uubufnum+1]='\0';
-		uubuf[uubufnum+2]='\0';
-		j=uuencode(uubuf,uubufnum,b);
-		fwrite(b,1,(unsigned int)j,fp);
-		}
-	fwrite(end,1,strlen(end),fp);
-	}
-
-int uufread(out, size, num, fp)
-unsigned char *out;
-int size; /* should always be > ~ 60; I actually ignore this parameter :-) */
-unsigned int num;
-FILE *fp;
-	{
-	int i,j,tot;
-	static int done=0;
-	static int valid=0;
-	static int start=1;
-
-	if (start)
-		{
-		for (;;)
-			{
-			b[0]='\0';
-			fgets((char *)b,300,fp);
-			if (b[0] == '\0')
-				{
-				fprintf(stderr,"no 'begin' found in uuencoded input\n");
-				return(-1);
-				}
-			if (strncmp((char *)b,"begin ",6) == 0) break;
-			}
-		start=0;
-		}
-	if (done) return(0);
-	tot=0;
-	if (valid)
-		{
-		memcpy(out,bb,(unsigned int)valid);
-		tot=valid;
-		valid=0;
-		}
-	for (;;)
-		{
-		b[0]='\0';
-		fgets((char *)b,300,fp);
-		if (b[0] == '\0') break;
-		i=strlen((char *)b);
-		if ((b[0] == 'e') && (b[1] == 'n') && (b[2] == 'd'))
-			{
-			done=1;
-			while (!feof(fp))
-				{
-				fgets((char *)b,300,fp);
-				}
-			break;
-			}
-		i=uudecode(b,i,bb);
-		if (i < 0) break;
-		if ((i+tot+8) > num)
-			{
-			/* num to copy to make it a multiple of 8 */
-			j=(num/8*8)-tot-8;
-			memcpy(&(out[tot]),bb,(unsigned int)j);
-			tot+=j;
-			memcpy(bb,&(bb[j]),(unsigned int)i-j);
-			valid=i-j;
-			break;
-			}
-		memcpy(&(out[tot]),bb,(unsigned int)i);
-		tot+=i;
-		}
-	return(tot);
-	}
-
-#define ccc2l(c,l)      (l =((unsigned long)(*((c)++)))<<16, \
-			 l|=((unsigned long)(*((c)++)))<< 8, \
-		 	 l|=((unsigned long)(*((c)++))))
-
-#define l2ccc(l,c)      (*((c)++)=(unsigned char)(((l)>>16)&0xff), \
-                    *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
-                    *((c)++)=(unsigned char)(((l)    )&0xff))
-
-
-int uuencode(in, num, out)
-unsigned char *in;
-int num;
-unsigned char *out;
-	{
-	int j,i,n,tot=0;
-	unsigned long l;
-	register unsigned char *p;
-	p=out;
-
-	for (j=0; j<num; j+=45)
-		{
-		if (j+45 > num)
-			i=(num-j);
-		else	i=45;
-		*(p++)=i+' ';
-		for (n=0; n<i; n+=3)
-			{
-			ccc2l(in,l);
-			*(p++)=((l>>18)&0x3f)+' ';
-			*(p++)=((l>>12)&0x3f)+' ';
-			*(p++)=((l>> 6)&0x3f)+' ';
-			*(p++)=((l    )&0x3f)+' ';
-			tot+=4;
-			}
-		*(p++)='\n';
-		tot+=2;
-		}
-	*p='\0';
-	l=0;
-	return(tot);
-	}
-
-int uudecode(in, num, out)
-unsigned char *in;
-int num;
-unsigned char *out;
-	{
-	int j,i,k;
-	unsigned int n=0,space=0;
-	unsigned long l;
-	unsigned long w,x,y,z;
-	unsigned int blank=(unsigned int)'\n'-' ';
-
-	for (j=0; j<num; )
-		{
-		n= *(in++)-' ';
-		if (n == blank)
-			{
-			n=0;
-			in--;
-			}
-		if (n > 60)
-			{
-			fprintf(stderr,"uuencoded line length too long\n");
-			return(-1);
-			}
-		j++;
-
-		for (i=0; i<n; j+=4,i+=3)
-			{
-			/* the following is for cases where spaces are
-			 * removed from lines.
-			 */
-			if (space)
-				{
-				w=x=y=z=0;
-				}
-			else
-				{
-				w= *(in++)-' ';
-				x= *(in++)-' ';
-				y= *(in++)-' ';
-				z= *(in++)-' ';
-				}
-			if ((w > 63) || (x > 63) || (y > 63) || (z > 63))
-				{
-				k=0;
-				if (w == blank) k=1;
-				if (x == blank) k=2;
-				if (y == blank) k=3;
-				if (z == blank) k=4;
-				space=1;
-				switch (k) {
-				case 1:	w=0; in--;
-				case 2: x=0; in--;
-				case 3: y=0; in--;
-				case 4: z=0; in--;
-					break;
-				case 0:
-					space=0;
-					fprintf(stderr,"bad uuencoded data values\n");
-					w=x=y=z=0;
-					return(-1);
-					break;
-					}
-				}
-			l=(w<<18)|(x<<12)|(y<< 6)|(z    );
-			l2ccc(l,out);
-			}
-		if (*(in++) != '\n')
-			{
-			fprintf(stderr,"missing nl in uuencoded line\n");
-			w=x=y=z=0;
-			return(-1);
-			}
-		j++;
-		}
-	*out='\0';
-	w=x=y=z=0;
-	return(n);
-	}
diff --git a/secure/lib/libdes/des.doc b/secure/lib/libdes/des.doc
deleted file mode 100644
index ec3a4c1737c1..000000000000
--- a/secure/lib/libdes/des.doc
+++ /dev/null
@@ -1,480 +0,0 @@
-The DES library.
-
-Please note that this library was originally written to operate with
-eBones, a version of Kerberos that had had encryption removed when it left
-the USA and then put back in.  As such there are some routines that I will
-advise not using but they are still in the library for historical reasons.
-For all calls that have an 'input' and 'output' variables, they can be the
-same.
-
-This library requires the inclusion of 'des.h'.
-
-All of the encryption functions take what is called a des_key_schedule as an 
-argument.  A des_key_schedule is an expanded form of the des key.
-A des_key is 8 bytes of odd parity, the type used to hold the key is a
-des_cblock.  A des_cblock is an array of 8 bytes, often in this library
-description I will refer to input bytes when the function specifies
-des_cblock's as input or output, this just means that the variable should
-be a multiple of 8 bytes.
-
-The define DES_ENCRYPT is passed to specify encryption, DES_DECRYPT to
-specify decryption.  The functions and global variable are as follows:
-
-int des_check_key;
-	DES keys are supposed to be odd parity.  If this variable is set to
-	a non-zero value, des_set_key() will check that the key has odd
-	parity and is not one of the known weak DES keys.  By default this
-	variable is turned off;
-	
-void des_set_odd_parity(
-des_cblock *key );
-	This function takes a DES key (8 bytes) and sets the parity to odd.
-	
-int des_is_weak_key(
-des_cblock *key );
-	This function returns a non-zero value if the DES key passed is a
-	weak, DES key.  If it is a weak key, don't use it, try a different
-	one.  If you are using 'random' keys, the chances of hitting a weak
-	key are 1/2^52 so it is probably not worth checking for them.
-	
-int des_set_key(
-des_cblock *key,
-des_key_schedule schedule);
-	Des_set_key converts an 8 byte DES key into a des_key_schedule.
-	A des_key_schedule is an expanded form of the key which is used to
-	perform actual encryption.  It can be regenerated from the DES key
-	so it only needs to be kept when encryption or decryption is about
-	to occur.  Don't save or pass around des_key_schedule's since they
-	are CPU architecture dependent, DES keys are not.  If des_check_key
-	is non zero, zero is returned if the key has the wrong parity or
-	the key is a weak key, else 1 is returned.
-	
-int des_key_sched(
-des_cblock *key,
-des_key_schedule schedule);
-	An alternative name for des_set_key().
-
-int des_rw_mode;		/* defaults to DES_PCBC_MODE */
-	This flag holds either DES_CBC_MODE or DES_PCBC_MODE (default).
-	This specifies the function to use in the enc_read() and enc_write()
-	functions.
-
-void des_encrypt(
-unsigned long *data,
-des_key_schedule ks,
-int enc);
-	This is the DES encryption function that gets called by just about
-	every other DES routine in the library.  You should not use this
-	function except to implement 'modes' of DES.  I say this because the
-	functions that call this routine do the conversion from 'char *' to
-	long, and this needs to be done to make sure 'non-aligned' memory
-	access do not occur.  The characters are loaded 'little endian',
-	have a look at my source code for more details on how I use this
-	function.
-	Data is a pointer to 2 unsigned long's and ks is the
-	des_key_schedule to use.  enc, is non zero specifies encryption,
-	zero if decryption.
-
-void des_encrypt2(
-unsigned long *data,
-des_key_schedule ks,
-int enc);
-	This functions is the same as des_encrypt() except that the DES
-	initial permutation (IP) and final permutation (FP) have been left
-	out.  As for des_encrypt(), you should not use this function.
-	It is used by the routines in my library that implement triple DES.
-	IP() des_encrypt2() des_encrypt2() des_encrypt2() FP() is the same
-	as des_encrypt() des_encrypt() des_encrypt() except faster :-).
-
-void des_ecb_encrypt(
-des_cblock *input,
-des_cblock *output,
-des_key_schedule ks,
-int enc);
-	This is the basic Electronic Code Book form of DES, the most basic
-	form.  Input is encrypted into output using the key represented by
-	ks.  If enc is non zero (DES_ENCRYPT), encryption occurs, otherwise
-	decryption occurs.  Input is 8 bytes long and output is 8 bytes.
-	(the des_cblock structure is 8 chars).
-	
-void des_ecb3_encrypt(
-des_cblock *input,
-des_cblock *output,
-des_key_schedule ks1,
-des_key_schedule ks2,
-des_key_schedule ks3,
-int enc);
-	This is the 3 key EDE mode of ECB DES.  What this means is that 
-	the 8 bytes of input is encrypted with ks1, decrypted with ks2 and
-	then encrypted again with ks3, before being put into output;
-	C=E(ks3,D(ks2,E(ks1,M))).  There is a macro, des_ecb2_encrypt()
-	that only takes 2 des_key_schedules that implements,
-	C=E(ks1,D(ks2,E(ks1,M))) in that the final encrypt is done with ks1.
-	
-void des_cbc_encrypt(
-des_cblock *input,
-des_cblock *output,
-long length,
-des_key_schedule ks,
-des_cblock *ivec,
-int enc);
-	This routine implements DES in Cipher Block Chaining mode.
-	Input, which should be a multiple of 8 bytes is encrypted
-	(or decrypted) to output which will also be a multiple of 8 bytes.
-	The number of bytes is in length (and from what I've said above,
-	should be a multiple of 8).  If length is not a multiple of 8, I'm
-	not being held responsible :-).  ivec is the initialisation vector.
-	This function does not modify this variable.  To correctly implement
-	cbc mode, you need to do one of 2 things; copy the last 8 bytes of
-	cipher text for use as the next ivec in your application,
-	or use des_ncbc_encrypt(). 
-	Only this routine has this problem with updating the ivec, all
-	other routines that are implementing cbc mode update ivec.
-	
-void des_ncbc_encrypt(
-des_cblock *input,
-des_cblock *output,
-long length,
-des_key_schedule sk,
-des_cblock *ivec,
-int enc);
-	For historical reasons, des_cbc_encrypt() did not update the
-	ivec with the value requires so that subsequent calls to
-	des_cbc_encrypt() would 'chain'.  This was needed so that the same
-	'length' values would not need to be used when decrypting.
-	des_ncbc_encrypt() does the right thing.  It is the same as
-	des_cbc_encrypt accept that ivec is updates with the correct value
-	to pass in subsequent calls to des_ncbc_encrypt().  I advise using
-	des_ncbc_encrypt() instead of des_cbc_encrypt();
-	
-void des_3cbc_encrypt(
-des_cblock *input,
-des_cblock *output,
-long length,
-des_key_schedule sk1,
-des_key_schedule sk2,
-des_cblock *ivec1,
-des_cblock *ivec2,
-int enc);
-	This function is flawed, do not use it.  I have left it in the
-	library because it is used in my des(1) program and will function
-	correctly when used by des(1).  If I removed the function, people
-	could end up unable to decrypt files.
-	This routine implements outer triple cbc encryption using 2 ks and
-	2 ivec's.  Use des_ede2_cbc_encrypt() instead.
-	
-void des_ede3_cbc_encrypt(
-des_cblock *input,
-des_cblock *output, 
-long length,
-des_key_schedule ks1,
-des_key_schedule ks2, 
-des_key_schedule ks3, 
-des_cblock *ivec,
-int enc);
-	This function implements inner triple CBC DES encryption with 3
-	keys.  What this means is that each 'DES' operation
-	inside the cbc mode is really an C=E(ks3,D(ks2,E(ks1,M))).
-	Again, this is cbc mode so an ivec is requires.
-	This mode is used by SSL.
-	There is also a des_ede2_cbc_encrypt() that only uses 2
-	des_key_schedule's, the first being reused for the final
-	encryption.  C=E(ks1,D(ks2,E(ks1,M))).  This form of triple DES
-	is used by the RSAref library.
-	
-void des_pcbc_encrypt(
-des_cblock *input,
-des_cblock *output,
-long length,
-des_key_schedule ks,
-des_cblock *ivec,
-int enc);
-	This is Propagating Cipher Block Chaining mode of DES.  It is used
-	by Kerberos v4.  It's parameters are the same as des_ncbc_encrypt().
-	
-void des_cfb_encrypt(
-unsigned char *in,
-unsigned char *out,
-int numbits,
-long length,
-des_key_schedule ks,
-des_cblock *ivec,
-int enc);
-	Cipher Feedback Back mode of DES.  This implementation 'feeds back'
-	in numbit blocks.  The input (and output) is in multiples of numbits
-	bits.  numbits should to be a multiple of 8 bits.  Length is the
-	number of bytes input.  If numbits is not a multiple of 8 bits,
-	the extra bits in the bytes will be considered padding.  So if
-	numbits is 12, for each 2 input bytes, the 4 high bits of the
-	second byte will be ignored.  So to encode 72 bits when using
-	a numbits of 12 take 12 bytes.  To encode 72 bits when using
-	numbits of 9 will take 16 bytes.  To encode 80 bits when using
-	numbits of 16 will take 10 bytes. etc, etc.  This padding will
-	apply to both input and output.
-
-	
-void des_cfb64_encrypt(
-unsigned char *in,
-unsigned char *out,
-long length,
-des_key_schedule ks,
-des_cblock *ivec,
-int *num,
-int enc);
-	This is one of the more useful functions in this DES library, it
-	implements CFB mode of DES with 64bit feedback.  Why is this
-	useful you ask?  Because this routine will allow you to encrypt an
-	arbitrary number of bytes, no 8 byte padding.  Each call to this
-	routine will encrypt the input bytes to output and then update ivec
-	and num.  num contains 'how far' we are though ivec.  If this does
-	not make much sense, read more about cfb mode of DES :-).
-	
-void des_ede3_cfb64_encrypt(
-unsigned char *in,
-unsigned char *out,
-long length,
-des_key_schedule ks1,
-des_key_schedule ks2,
-des_key_schedule ks3,
-des_cblock *ivec,
-int *num,
-int enc);
-	Same as des_cfb64_encrypt() accept that the DES operation is
-	triple DES.  As usual, there is a macro for
-	des_ede2_cfb64_encrypt() which reuses ks1.
-
-void des_ofb_encrypt(
-unsigned char *in,
-unsigned char *out,
-int numbits,
-long length,
-des_key_schedule ks,
-des_cblock *ivec);
-	This is a implementation of Output Feed Back mode of DES.  It is
-	the same as des_cfb_encrypt() in that numbits is the size of the
-	units dealt with during input and output (in bits).
-	
-void des_ofb64_encrypt(
-unsigned char *in,
-unsigned char *out,
-long length,
-des_key_schedule ks,
-des_cblock *ivec,
-int *num);
-	The same as des_cfb64_encrypt() except that it is Output Feed Back
-	mode.
-
-void des_ede3_ofb64_encrypt(
-unsigned char *in,
-unsigned char *out,
-long length,
-des_key_schedule ks1,
-des_key_schedule ks2,
-des_key_schedule ks3,
-des_cblock *ivec,
-int *num);
-	Same as des_ofb64_encrypt() accept that the DES operation is
-	triple DES.  As usual, there is a macro for
-	des_ede2_ofb64_encrypt() which reuses ks1.
-
-int des_read_pw_string(
-char *buf,
-int length,
-char *prompt,
-int verify);
-	This routine is used to get a password from the terminal with echo
-	turned off.  Buf is where the string will end up and length is the
-	size of buf.  Prompt is a string presented to the 'user' and if
-	verify is set, the key is asked for twice and unless the 2 copies
-	match, an error is returned.  A return code of -1 indicates a
-	system error, 1 failure due to use interaction, and 0 is success.
-
-unsigned long des_cbc_cksum(
-des_cblock *input,
-des_cblock *output,
-long length,
-des_key_schedule ks,
-des_cblock *ivec);
-	This function produces an 8 byte checksum from input that it puts in
-	output and returns the last 4 bytes as a long.  The checksum is
-	generated via cbc mode of DES in which only the last 8 byes are
-	kept.  I would recommend not using this function but instead using
-	the EVP_Digest routines, or at least using MD5 or SHA.  This
-	function is used by Kerberos v4 so that is why it stays in the
-	library.
-	
-char *crypt(
-const char *buf,
-const char *salt);
-	This is my fast version of the unix crypt(3) function.  This version
-	takes only a small amount of space relative to other fast
-	crypt() implementations.
-
-void des_string_to_key(
-char *str,
-des_cblock *key);
-	This function takes str and converts it into a DES key.  I would
-	recommend using MD5 instead and use the first 8 bytes of output.
-	When I wrote the first version of these routines back in 1990, MD5
-	did not exist but I feel these routines are still sound.  This
-	routines is compatible with the one in MIT's libdes.
-	
-void des_string_to_2keys(
-char *str,
-des_cblock *key1,
-des_cblock *key2);
-	This function takes str and converts it into 2 DES keys.
-	I would recommend using MD5 and using the 16 bytes as the 2 keys.
-	I have nothing against these 2 'string_to_key' routines, it's just
-	that if you say that your encryption key is generated by using the
-	16 bytes of an MD5 hash, every-one knows how you generated your
-	keys.
-
-int des_read_password(
-des_cblock *key,
-char *prompt,
-int verify);
-	This routine combines des_read_pw_string() with des_string_to_key().
-
-int des_read_2passwords(
-des_cblock *key1,
-des_cblock *key2,
-char *prompt,
-int verify);
-	This routine combines des_read_pw_string() with des_string_to_2key().
-
-void des_random_seed(
-des_cblock key);
-	This routine sets a starting point for des_random_key().
-	
-void des_random_key(
-des_cblock ret);
-	This function return a random key.  Make sure to 'seed' the random
-	number generator (with des_random_seed()) before using this function.
-	I personally now use a MD5 based random number system.
-
-int des_enc_read(
-int fd,
-char *buf,
-int len,
-des_key_schedule ks,
-des_cblock *iv);
-	This function will write to a file descriptor the encrypted data
-	from buf.  This data will be preceded by a 4 byte 'byte count' and
-	will be padded out to 8 bytes.  The encryption is either CBC of
-	PCBC depending on the value of des_rw_mode.  If it is DES_PCBC_MODE,
-	pcbc is used, if DES_CBC_MODE, cbc is used.  The default is to use
-	DES_PCBC_MODE.
-
-int des_enc_write(
-int fd,
-char *buf,
-int len,
-des_key_schedule ks,
-des_cblock *iv);
-	This routines read stuff written by des_enc_read() and decrypts it.
-	I have used these routines quite a lot but I don't believe they are
-	suitable for non-blocking io.  If you are after a full
-	authentication/encryption over networks, have a look at SSL instead.
-
-unsigned long des_quad_cksum(
-des_cblock *input,
-des_cblock *output,
-long length,
-int out_count,
-des_cblock *seed);
-	This is a function from Kerberos v4 that is not anything to do with
-	DES but was needed.  It is a cksum that is quicker to generate than
-	des_cbc_cksum();  I personally would use MD5 routines now.
-=====
-Modes of DES
-Quite a bit of the following information has been taken from
-	AS 2805.5.2
-	Australian Standard
-	Electronic funds transfer - Requirements for interfaces,
-	Part 5.2: Modes of operation for an n-bit block cipher algorithm
-	Appendix A
-
-There are several different modes in which DES can be used, they are
-as follows.
-
-Electronic Codebook Mode (ECB) (des_ecb_encrypt())
-- 64 bits are enciphered at a time.
-- The order of the blocks can be rearranged without detection.
-- The same plaintext block always produces the same ciphertext block
-  (for the same key) making it vulnerable to a 'dictionary attack'.
-- An error will only affect one ciphertext block.
-
-Cipher Block Chaining Mode (CBC) (des_cbc_encrypt())
-- a multiple of 64 bits are enciphered at a time.
-- The CBC mode produces the same ciphertext whenever the same
-  plaintext is encrypted using the same key and starting variable.
-- The chaining operation makes the ciphertext blocks dependent on the
-  current and all preceding plaintext blocks and therefore blocks can not
-  be rearranged.
-- The use of different starting variables prevents the same plaintext
-  enciphering to the same ciphertext.
-- An error will affect the current and the following ciphertext blocks.
-
-Cipher Feedback Mode (CFB) (des_cfb_encrypt())
-- a number of bits (j) <= 64 are enciphered at a time.
-- The CFB mode produces the same ciphertext whenever the same
-  plaintext is encrypted using the same key and starting variable.
-- The chaining operation makes the ciphertext variables dependent on the
-  current and all preceding variables and therefore j-bit variables are
-  chained together and can not be rearranged.
-- The use of different starting variables prevents the same plaintext
-  enciphering to the same ciphertext.
-- The strength of the CFB mode depends on the size of k (maximal if
-  j == k).  In my implementation this is always the case.
-- Selection of a small value for j will require more cycles through
-  the encipherment algorithm per unit of plaintext and thus cause
-  greater processing overheads.
-- Only multiples of j bits can be enciphered.
-- An error will affect the current and the following ciphertext variables.
-
-Output Feedback Mode (OFB) (des_ofb_encrypt())
-- a number of bits (j) <= 64 are enciphered at a time.
-- The OFB mode produces the same ciphertext whenever the same
-  plaintext enciphered using the same key and starting variable.  More
-  over, in the OFB mode the same key stream is produced when the same
-  key and start variable are used.  Consequently, for security reasons
-  a specific start variable should be used only once for a given key.
-- The absence of chaining makes the OFB more vulnerable to specific attacks.
-- The use of different start variables values prevents the same
-  plaintext enciphering to the same ciphertext, by producing different
-  key streams.
-- Selection of a small value for j will require more cycles through
-  the encipherment algorithm per unit of plaintext and thus cause
-  greater processing overheads.
-- Only multiples of j bits can be enciphered.
-- OFB mode of operation does not extend ciphertext errors in the
-  resultant plaintext output.  Every bit error in the ciphertext causes
-  only one bit to be in error in the deciphered plaintext.
-- OFB mode is not self-synchronising.  If the two operation of
-  encipherment and decipherment get out of synchronism, the system needs
-  to be re-initialised.
-- Each re-initialisation should use a value of the start variable
- different from the start variable values used before with the same
- key.  The reason for this is that an identical bit stream would be
- produced each time from the same parameters.  This would be
- susceptible to a ' known plaintext' attack.
-
-Triple ECB Mode (des_ecb3_encrypt())
-- Encrypt with key1, decrypt with key2 and encrypt with key3 again.
-- As for ECB encryption but increases the key length to 168 bits.
-  There are theoretic attacks that can be used that make the effective
-  key length 112 bits, but this attack also requires 2^56 blocks of
-  memory, not very likely, even for the NSA.
-- If both keys are the same it is equivalent to encrypting once with
-  just one key.
-- If the first and last key are the same, the key length is 112 bits.
-  There are attacks that could reduce the key space to 55 bit's but it
-  requires 2^56 blocks of memory.
-- If all 3 keys are the same, this is effectively the same as normal
-  ecb mode.
-
-Triple CBC Mode (des_ede3_cbc_encrypt())
-- Encrypt with key1, decrypt with key2 and then encrypt with key3.
-- As for CBC encryption but increases the key length to 168 bits with
-  the same restrictions as for triple ecb mode.
diff --git a/secure/lib/libdes/des.h b/secure/lib/libdes/des.h
deleted file mode 100644
index 80b293b06886..000000000000
--- a/secure/lib/libdes/des.h
+++ /dev/null
@@ -1,240 +0,0 @@
-/* lib/des/des.h */
-/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
- * All rights reserved.
- * 
- * This file is part of an SSL implementation written
- * by Eric Young (eay@mincom.oz.au).
- * The implementation was written so as to conform with Netscapes SSL
- * specification.  This library and applications are
- * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
- * as long as the following conditions are aheared to.
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.  If this code is used in a product,
- * Eric Young should be given attribution as the author of the parts used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    This product includes software developed by Eric Young (eay@mincom.oz.au)
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_DES_H
-#define HEADER_DES_H
-
-#include <stdio.h>
-
-typedef unsigned char des_cblock[8];
-typedef struct des_ks_struct { des_cblock _; } des_key_schedule[16];
-
-#define DES_KEY_SZ 	(sizeof(des_cblock))
-#define DES_SCHEDULE_SZ (sizeof(des_key_schedule))
-
-#define DES_ENCRYPT	1
-#define DES_DECRYPT	0
-
-#define DES_CBC_MODE	0
-#define DES_PCBC_MODE	1
-
-#define des_ecb2_encrypt(i,o,k1,k2,e) \
-	des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
-
-#define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
-	des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
-
-#define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
-	des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
-
-#define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
-	des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
-
-#define C_Block des_cblock
-#define Key_schedule des_key_schedule
-#define ENCRYPT DES_ENCRYPT
-#define DECRYPT DES_DECRYPT
-#define KEY_SZ DES_KEY_SZ
-#define string_to_key des_string_to_key
-#define read_pw_string des_read_pw_string
-#define random_key des_random_key
-#define pcbc_encrypt des_pcbc_encrypt
-#define set_key des_set_key
-#define key_sched des_key_sched
-#define ecb_encrypt des_ecb_encrypt
-#define cbc_encrypt des_cbc_encrypt
-#define ncbc_encrypt des_ncbc_encrypt
-#define cbc_cksum des_cbc_cksum
-#define quad_cksum des_quad_cksum
-
-/* For compatibility with the MIT lib - eay 20/05/92 */
-typedef struct des_key_schedule bit_64;
-#define des_fixup_key_parity des_set_odd_parity
-#define des_check_key_parity check_parity
-
-extern int des_check_key;	/* defaults to false */
-extern int des_rw_mode;		/* defaults to DES_PCBC_MODE */
-
-/* The next line is used to disable full ANSI prototypes, if your
- * compiler has problems with the prototypes, make sure this line always
- * evaluates to true :-) */
-#if defined(MSDOS) || defined(__STDC__)
-#undef NOPROTO
-#endif
-#ifndef NOPROTO
-void des_ecb3_encrypt(des_cblock *input,des_cblock *output,
-	des_key_schedule ks1,des_key_schedule ks2,
-	des_key_schedule ks3, int enc);
-unsigned long des_cbc_cksum(des_cblock *input,des_cblock *output,
-	long length,des_key_schedule schedule,des_cblock *ivec);
-void des_cbc_encrypt(des_cblock *input,des_cblock *output,long length,
-	des_key_schedule schedule,des_cblock *ivec,int enc);
-void des_ncbc_encrypt(des_cblock *input,des_cblock *output,long length,
-	des_key_schedule schedule,des_cblock *ivec,int enc);
-void des_3cbc_encrypt(des_cblock *input,des_cblock *output,long length,
-	des_key_schedule sk1,des_key_schedule sk2,
-	des_cblock *ivec1,des_cblock *ivec2,int enc);
-void des_cfb_encrypt(unsigned char *in,unsigned char *out,int numbits,
-	long length,des_key_schedule schedule,des_cblock *ivec,int enc);
-void des_ecb_encrypt(des_cblock *input,des_cblock *output,
-	des_key_schedule ks,int enc);
-void des_encrypt(unsigned long *data,des_key_schedule ks, int enc);
-void des_encrypt2(unsigned long *data,des_key_schedule ks, int enc);
-void des_ede3_cbc_encrypt(des_cblock *input, des_cblock *output, 
-	long length, des_key_schedule ks1, des_key_schedule ks2, 
-	des_key_schedule ks3, des_cblock *ivec, int enc);
-void des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out,
-	long length, des_key_schedule ks1, des_key_schedule ks2,
-	des_key_schedule ks3, des_cblock *ivec, int *num, int encrypt);
-void des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out,
-	long length, des_key_schedule ks1, des_key_schedule ks2,
-	des_key_schedule ks3, des_cblock *ivec, int *num);
-
-int des_enc_read(int fd,char *buf,int len,des_key_schedule sched,
-	des_cblock *iv);
-int des_enc_write(int fd,char *buf,int len,des_key_schedule sched,
-	des_cblock *iv);
-#if 0
-#ifdef PERL5
-char *des_crypt(const char *buf,const char *salt);
-#else
-/* some stupid compilers complain because I have declared char instead
- * of const char */
-#ifdef HEADER_DES_LOCL_H
-char *crypt(const char *buf,const char *salt);
-#else
-char *crypt();
-#endif
-#endif
-#endif
-void des_ofb_encrypt(unsigned char *in,unsigned char *out,
-	int numbits,long length,des_key_schedule schedule,des_cblock *ivec);
-void des_pcbc_encrypt(des_cblock *input,des_cblock *output,long length,
-	des_key_schedule schedule,des_cblock *ivec,int enc);
-unsigned long des_quad_cksum(des_cblock *input,des_cblock *output,
-	long length,int out_count,des_cblock *seed);
-void des_random_seed(des_cblock key);
-void des_random_key(des_cblock ret);
-int des_read_password(des_cblock *key,char *prompt,int verify);
-int des_read_2passwords(des_cblock *key1,des_cblock *key2,
-	char *prompt,int verify);
-int des_read_pw_string(char *buf,int length,char *prompt,int verify);
-void des_set_odd_parity(des_cblock *key);
-int des_is_weak_key(des_cblock *key);
-int des_set_key(des_cblock *key,des_key_schedule schedule);
-int des_key_sched(des_cblock *key,des_key_schedule schedule);
-void des_string_to_key(char *str,des_cblock *key);
-void des_string_to_2keys(char *str,des_cblock *key1,des_cblock *key2);
-void des_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
-	des_key_schedule schedule, des_cblock *ivec, int *num, int enc);
-void des_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
-	des_key_schedule schedule, des_cblock *ivec, int *num);
-
-/* Extra functions from Mark Murray <mark@grondar.za> */
-void des_cblock_print_file(des_cblock *cb, FILE *fp);
-/* The following functions are not in the normal unix build or the
- * SSLeay build.  When using the SSLeay build, use RAND_seed()
- * and RAND_bytes() instead. */
-int des_new_random_key(des_cblock *key);
-void des_init_random_number_generator(des_cblock *key);
-void des_set_random_generator_seed(des_cblock *key);
-void des_set_sequence_number(des_cblock new_sequence_number);
-void des_generate_random_block(des_cblock *block);
-
-#else
-
-void des_ecb3_encrypt();
-unsigned long des_cbc_cksum();
-void des_cbc_encrypt();
-void des_ncbc_encrypt();
-void des_3cbc_encrypt();
-void des_cfb_encrypt();
-void des_ede3_cfb64_encrypt();
-void des_ede3_ofb64_encrypt();
-void des_ecb_encrypt();
-void des_encrypt();
-void des_encrypt2();
-void des_ede3_cbc_encrypt();
-int des_enc_read();
-int des_enc_write();
-#if 0
-#ifdef PERL5
-char *des_crypt();
-#else
-char *crypt();
-#endif
-#endif
-void des_ofb_encrypt();
-void des_pcbc_encrypt();
-unsigned long des_quad_cksum();
-void des_random_seed();
-void des_random_key();
-int des_read_password();
-int des_read_2passwords();
-int des_read_pw_string();
-void des_set_odd_parity();
-int des_is_weak_key();
-int des_set_key();
-int des_key_sched();
-void des_string_to_key();
-void des_string_to_2keys();
-void des_cfb64_encrypt();
-void des_ofb64_encrypt();
-
-/* Extra functions from Mark Murray <mark@grondar.za> */
-void des_cblock_print_file();
-/* The following functions are not in the normal unix build or the
- * SSLeay build.  When using the SSLeay build, use RAND_seed()
- * and RAND_bytes() instead. */
-int des_new_random_key();
-void des_init_random_number_generator();
-void des_set_random_generator_seed();
-void des_set_sequence_number();
-void des_generate_random_block();
-
-#endif
-#endif
diff --git a/secure/lib/libdes/des.man b/secure/lib/libdes/des.man
deleted file mode 100644
index 734119906b8f..000000000000
--- a/secure/lib/libdes/des.man
+++ /dev/null
@@ -1,186 +0,0 @@
-.TH DES 1 
-.SH NAME
-des - encrypt or decrypt data using Data Encryption Standard
-.SH SYNOPSIS
-.B des
-(
-.B \-e
-|
-.B \-E
-) | (
-.B \-d
-|
-.B \-D
-) | (
-.B \-\fR[\fPcC\fR][\fPckname\fR]\fP
-) |
-[
-.B \-b3hfs
-] [
-.B \-k
-.I key
-]
-] [
-.B \-u\fR[\fIuuname\fR]
-[
-.I input-file
-[
-.I output-file
-] ]
-.SH DESCRIPTION
-.B des
-encrypts and decrypts data using the
-Data Encryption Standard algorithm.
-One of
-.B \-e, \-E
-(for encrypt) or
-.B \-d, \-D
-(for decrypt) must be specified.
-It is also possible to use
-.B \-c
-or
-.B \-C
-in conjunction or instead of the a encrypt/decrypt option to generate
-a 16 character hexadecimal checksum, generated via the
-.I des_cbc_cksum.
-.LP
-Two standard encryption modes are supported by the
-.B des
-program, Cipher Block Chaining (the default) and Electronic Code Book
-(specified with
-.B \-b
-).
-.LP
-The key used for the DES
-algorithm is obtained by prompting the user unless the
-.B `\-k
-.I key'
-option is given.
-If the key is an argument to the
-.B des
-command, it is potentially visible to users executing
-.BR ps (1)
-or a derivative.  To minimise this possibility,
-.B des
-takes care to destroy the key argument immediately upon entry.
-If your shell keeps a history file be careful to make sure it is not
-world readable.
-.LP
-Since this program attempts to maintain compatability with sunOS's
-des(1) command, there are 2 different methods used to convert the user
-supplied key to a des key.
-Whenever and one or more of
-.B \-E, \-D, \-C
-or
-.B \-3
-options are used, the key conversion procedure will not be compatible
-with the sunOS des(1) version but will use all the user supplied
-character to generate the des key.
-.B des
-command reads from standard input unless
-.I input-file
-is specified and writes to standard output unless
-.I output-file
-is given.
-.SH OPTIONS
-.TP
-.B \-b
-Select ECB
-(eight bytes at a time) encryption mode.
-.TP
-.B \-3
-Encrypt using triple encryption.
-By default triple cbc encryption is used but if the
-.B \-b
-option is used then triple ecb encryption is performed.
-If the key is less than 8 characters long, the flag has no effect.
-.TP
-.B \-e
-Encrypt data using an 8 byte key in a manner compatible with sunOS
-des(1).
-.TP
-.B \-E
-Encrypt data using a key of nearly unlimited length (1024 bytes).
-This will product a more secure encryption.
-.TP
-.B \-d
-Decrypt data that was encrypted with the \-e option.
-.TP
-.B \-D
-Decrypt data that was encrypted with the \-E option.
-.TP
-.B \-c
-Generate a 16 character hexadecimal cbc checksum and output this to
-stderr.
-If a filename was specified after the
-.B \-c
-option, the checksum is output to that file.
-The checksum is generated using a key generated in a sunOS compatible
-manner.
-.TP
-.B \-C
-A cbc checksum is generated in the same manner as described for the
-.B \-c
-option but the DES key is generated in the same manner as used for the
-.B \-E
-and
-.B \-D
-options
-.TP
-.B \-f
-Does nothing - allowed for compatibility with sunOS des(1) command.
-.TP
-.B \-s
-Does nothing - allowed for compatibility with sunOS des(1) command.
-.TP
-.B "\-k \fIkey\fP"
-Use the encryption 
-.I key
-specified.
-.TP
-.B "\-h"
-The
-.I key
-is assumed to be a 16 character hexadecimal number.
-If the
-.B "\-3"
-option is used the key is assumed to be a 32 character hexadecimal
-number.
-.TP
-.B \-u
-This flag is used to read and write uuencoded files.  If decrypting,
-the input file is assumed to contain uuencoded, DES encrypted data.
-If encrypting, the characters following the -u are used as the name of
-the uuencoded file to embed in the begin line of the uuencoded
-output.  If there is no name specified after the -u, the name text.des
-will be embedded in the header.
-.SH SEE ALSO
-.B ps (1)
-.B des_crypt(3)
-.SH BUGS
-.LP
-The problem with using the
-.B -e
-option is the short key length.
-It would be better to use a real 56-bit key rather than an
-ASCII-based 56-bit pattern.  Knowing that the key was derived from ASCII
-radically reduces the time necessary for a brute-force cryptographic attack.
-My attempt to remove this problem is to add an alternative text-key to
-DES-key function.  This alternative function (accessed via
-.B -E, -D, -S
-and
-.B -3
-)
-uses DES to help generate the key.
-.LP
-Be carefully when using the -u option.  Doing des -ud <filename> will
-not decrypt filename (the -u option will gobble the d option).
-.LP
-The VMS operating system operates in a world where files are always a
-multiple of 512 bytes.  This causes problems when encrypted data is
-send from unix to VMS since a 88 byte file will suddenly be padded
-with 424 null bytes.  To get around this problem, use the -u option
-to uuencode the data before it is send to the VMS system.
-.SH AUTHOR
-.LP
-Eric Young (eay@mincom.oz.au or eay@psych.psy.uq.oz.au)
diff --git a/secure/lib/libdes/des.pl b/secure/lib/libdes/des.pl
deleted file mode 100755
index 5ba5a9b1c9e8..000000000000
--- a/secure/lib/libdes/des.pl
+++ /dev/null
@@ -1,536 +0,0 @@
-#!/usr/local/bin/perl
-# Copyright (C) 1993 Eric Young
-# des.pl - eric young 22/11/1991 eay@mincom.oz.au or eay@psych.psy.uq.oz.au
-# eay - 92/08/31 - I think I have fixed all problems for 64bit
-# versions of perl but I could be wrong since I have not tested it yet :-).
-#
-# This is an implementation of DES in perl.
-# The two routines (des_set_key and des_ecb_encrypt)
-# take 8 byte objects as arguments.
-#
-# des_set_key takes an 8 byte string as a key and returns a key schedule
-# for use in calls to des_ecb_encrypt.
-# des_ecb_encrypt takes three arguments, the first is a key schedule
-# (make sure to pass it by reference with the *), the second is 1
-# to encrypt, 0 to decrypt.  The third argument is an 8 byte object
-# to encrypt.  The function returns an 8 byte object that has been
-# DES encrypted.
-#
-# example:
-# require 'des.pl'
-#
-# $key =pack("C8",0x12,0x23,0x45,0x67,0x89,0xab,0xcd,0xef);
-# @ks=  &des_set_key($key);
-#
-# $outbytes= &des_ecb_encrypt(*ks,1,$data);
-# @enc =unpack("C8",$outbytes);
-#
-
-package des;
-
-# The following 8 arrays are used in des_set_key
-@skb0=(
-# for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 
-0x00000000,0x00000010,0x20000000,0x20000010,
-0x00010000,0x00010010,0x20010000,0x20010010,
-0x00000800,0x00000810,0x20000800,0x20000810,
-0x00010800,0x00010810,0x20010800,0x20010810,
-0x00000020,0x00000030,0x20000020,0x20000030,
-0x00010020,0x00010030,0x20010020,0x20010030,
-0x00000820,0x00000830,0x20000820,0x20000830,
-0x00010820,0x00010830,0x20010820,0x20010830,
-0x00080000,0x00080010,0x20080000,0x20080010,
-0x00090000,0x00090010,0x20090000,0x20090010,
-0x00080800,0x00080810,0x20080800,0x20080810,
-0x00090800,0x00090810,0x20090800,0x20090810,
-0x00080020,0x00080030,0x20080020,0x20080030,
-0x00090020,0x00090030,0x20090020,0x20090030,
-0x00080820,0x00080830,0x20080820,0x20080830,
-0x00090820,0x00090830,0x20090820,0x20090830,
-);
-@skb1=(
-# for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 
-0x00000000,0x02000000,0x00002000,0x02002000,
-0x00200000,0x02200000,0x00202000,0x02202000,
-0x00000004,0x02000004,0x00002004,0x02002004,
-0x00200004,0x02200004,0x00202004,0x02202004,
-0x00000400,0x02000400,0x00002400,0x02002400,
-0x00200400,0x02200400,0x00202400,0x02202400,
-0x00000404,0x02000404,0x00002404,0x02002404,
-0x00200404,0x02200404,0x00202404,0x02202404,
-0x10000000,0x12000000,0x10002000,0x12002000,
-0x10200000,0x12200000,0x10202000,0x12202000,
-0x10000004,0x12000004,0x10002004,0x12002004,
-0x10200004,0x12200004,0x10202004,0x12202004,
-0x10000400,0x12000400,0x10002400,0x12002400,
-0x10200400,0x12200400,0x10202400,0x12202400,
-0x10000404,0x12000404,0x10002404,0x12002404,
-0x10200404,0x12200404,0x10202404,0x12202404,
-);
-@skb2=(
-# for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 
-0x00000000,0x00000001,0x00040000,0x00040001,
-0x01000000,0x01000001,0x01040000,0x01040001,
-0x00000002,0x00000003,0x00040002,0x00040003,
-0x01000002,0x01000003,0x01040002,0x01040003,
-0x00000200,0x00000201,0x00040200,0x00040201,
-0x01000200,0x01000201,0x01040200,0x01040201,
-0x00000202,0x00000203,0x00040202,0x00040203,
-0x01000202,0x01000203,0x01040202,0x01040203,
-0x08000000,0x08000001,0x08040000,0x08040001,
-0x09000000,0x09000001,0x09040000,0x09040001,
-0x08000002,0x08000003,0x08040002,0x08040003,
-0x09000002,0x09000003,0x09040002,0x09040003,
-0x08000200,0x08000201,0x08040200,0x08040201,
-0x09000200,0x09000201,0x09040200,0x09040201,
-0x08000202,0x08000203,0x08040202,0x08040203,
-0x09000202,0x09000203,0x09040202,0x09040203,
-);
-@skb3=(
-# for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 
-0x00000000,0x00100000,0x00000100,0x00100100,
-0x00000008,0x00100008,0x00000108,0x00100108,
-0x00001000,0x00101000,0x00001100,0x00101100,
-0x00001008,0x00101008,0x00001108,0x00101108,
-0x04000000,0x04100000,0x04000100,0x04100100,
-0x04000008,0x04100008,0x04000108,0x04100108,
-0x04001000,0x04101000,0x04001100,0x04101100,
-0x04001008,0x04101008,0x04001108,0x04101108,
-0x00020000,0x00120000,0x00020100,0x00120100,
-0x00020008,0x00120008,0x00020108,0x00120108,
-0x00021000,0x00121000,0x00021100,0x00121100,
-0x00021008,0x00121008,0x00021108,0x00121108,
-0x04020000,0x04120000,0x04020100,0x04120100,
-0x04020008,0x04120008,0x04020108,0x04120108,
-0x04021000,0x04121000,0x04021100,0x04121100,
-0x04021008,0x04121008,0x04021108,0x04121108,
-);
-@skb4=(
-# for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 
-0x00000000,0x10000000,0x00010000,0x10010000,
-0x00000004,0x10000004,0x00010004,0x10010004,
-0x20000000,0x30000000,0x20010000,0x30010000,
-0x20000004,0x30000004,0x20010004,0x30010004,
-0x00100000,0x10100000,0x00110000,0x10110000,
-0x00100004,0x10100004,0x00110004,0x10110004,
-0x20100000,0x30100000,0x20110000,0x30110000,
-0x20100004,0x30100004,0x20110004,0x30110004,
-0x00001000,0x10001000,0x00011000,0x10011000,
-0x00001004,0x10001004,0x00011004,0x10011004,
-0x20001000,0x30001000,0x20011000,0x30011000,
-0x20001004,0x30001004,0x20011004,0x30011004,
-0x00101000,0x10101000,0x00111000,0x10111000,
-0x00101004,0x10101004,0x00111004,0x10111004,
-0x20101000,0x30101000,0x20111000,0x30111000,
-0x20101004,0x30101004,0x20111004,0x30111004,
-);
-@skb5=(
-# for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 
-0x00000000,0x08000000,0x00000008,0x08000008,
-0x00000400,0x08000400,0x00000408,0x08000408,
-0x00020000,0x08020000,0x00020008,0x08020008,
-0x00020400,0x08020400,0x00020408,0x08020408,
-0x00000001,0x08000001,0x00000009,0x08000009,
-0x00000401,0x08000401,0x00000409,0x08000409,
-0x00020001,0x08020001,0x00020009,0x08020009,
-0x00020401,0x08020401,0x00020409,0x08020409,
-0x02000000,0x0A000000,0x02000008,0x0A000008,
-0x02000400,0x0A000400,0x02000408,0x0A000408,
-0x02020000,0x0A020000,0x02020008,0x0A020008,
-0x02020400,0x0A020400,0x02020408,0x0A020408,
-0x02000001,0x0A000001,0x02000009,0x0A000009,
-0x02000401,0x0A000401,0x02000409,0x0A000409,
-0x02020001,0x0A020001,0x02020009,0x0A020009,
-0x02020401,0x0A020401,0x02020409,0x0A020409,
-);
-@skb6=(
-# for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 
-0x00000000,0x00000100,0x00080000,0x00080100,
-0x01000000,0x01000100,0x01080000,0x01080100,
-0x00000010,0x00000110,0x00080010,0x00080110,
-0x01000010,0x01000110,0x01080010,0x01080110,
-0x00200000,0x00200100,0x00280000,0x00280100,
-0x01200000,0x01200100,0x01280000,0x01280100,
-0x00200010,0x00200110,0x00280010,0x00280110,
-0x01200010,0x01200110,0x01280010,0x01280110,
-0x00000200,0x00000300,0x00080200,0x00080300,
-0x01000200,0x01000300,0x01080200,0x01080300,
-0x00000210,0x00000310,0x00080210,0x00080310,
-0x01000210,0x01000310,0x01080210,0x01080310,
-0x00200200,0x00200300,0x00280200,0x00280300,
-0x01200200,0x01200300,0x01280200,0x01280300,
-0x00200210,0x00200310,0x00280210,0x00280310,
-0x01200210,0x01200310,0x01280210,0x01280310,
-);
-@skb7=(
-# for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 
-0x00000000,0x04000000,0x00040000,0x04040000,
-0x00000002,0x04000002,0x00040002,0x04040002,
-0x00002000,0x04002000,0x00042000,0x04042000,
-0x00002002,0x04002002,0x00042002,0x04042002,
-0x00000020,0x04000020,0x00040020,0x04040020,
-0x00000022,0x04000022,0x00040022,0x04040022,
-0x00002020,0x04002020,0x00042020,0x04042020,
-0x00002022,0x04002022,0x00042022,0x04042022,
-0x00000800,0x04000800,0x00040800,0x04040800,
-0x00000802,0x04000802,0x00040802,0x04040802,
-0x00002800,0x04002800,0x00042800,0x04042800,
-0x00002802,0x04002802,0x00042802,0x04042802,
-0x00000820,0x04000820,0x00040820,0x04040820,
-0x00000822,0x04000822,0x00040822,0x04040822,
-0x00002820,0x04002820,0x00042820,0x04042820,
-0x00002822,0x04002822,0x00042822,0x04042822,
-);
-
-@shifts2=(0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0);
-
-# used in ecb_encrypt
-@SP0=(
-0x00410100, 0x00010000, 0x40400000, 0x40410100,
-0x00400000, 0x40010100, 0x40010000, 0x40400000,
-0x40010100, 0x00410100, 0x00410000, 0x40000100,
-0x40400100, 0x00400000, 0x00000000, 0x40010000,
-0x00010000, 0x40000000, 0x00400100, 0x00010100,
-0x40410100, 0x00410000, 0x40000100, 0x00400100,
-0x40000000, 0x00000100, 0x00010100, 0x40410000,
-0x00000100, 0x40400100, 0x40410000, 0x00000000,
-0x00000000, 0x40410100, 0x00400100, 0x40010000,
-0x00410100, 0x00010000, 0x40000100, 0x00400100,
-0x40410000, 0x00000100, 0x00010100, 0x40400000,
-0x40010100, 0x40000000, 0x40400000, 0x00410000,
-0x40410100, 0x00010100, 0x00410000, 0x40400100,
-0x00400000, 0x40000100, 0x40010000, 0x00000000,
-0x00010000, 0x00400000, 0x40400100, 0x00410100,
-0x40000000, 0x40410000, 0x00000100, 0x40010100,
-);
-@SP1=(
-0x08021002, 0x00000000, 0x00021000, 0x08020000,
-0x08000002, 0x00001002, 0x08001000, 0x00021000,
-0x00001000, 0x08020002, 0x00000002, 0x08001000,
-0x00020002, 0x08021000, 0x08020000, 0x00000002,
-0x00020000, 0x08001002, 0x08020002, 0x00001000,
-0x00021002, 0x08000000, 0x00000000, 0x00020002,
-0x08001002, 0x00021002, 0x08021000, 0x08000002,
-0x08000000, 0x00020000, 0x00001002, 0x08021002,
-0x00020002, 0x08021000, 0x08001000, 0x00021002,
-0x08021002, 0x00020002, 0x08000002, 0x00000000,
-0x08000000, 0x00001002, 0x00020000, 0x08020002,
-0x00001000, 0x08000000, 0x00021002, 0x08001002,
-0x08021000, 0x00001000, 0x00000000, 0x08000002,
-0x00000002, 0x08021002, 0x00021000, 0x08020000,
-0x08020002, 0x00020000, 0x00001002, 0x08001000,
-0x08001002, 0x00000002, 0x08020000, 0x00021000,
-);
-@SP2=(
-0x20800000, 0x00808020, 0x00000020, 0x20800020,
-0x20008000, 0x00800000, 0x20800020, 0x00008020,
-0x00800020, 0x00008000, 0x00808000, 0x20000000,
-0x20808020, 0x20000020, 0x20000000, 0x20808000,
-0x00000000, 0x20008000, 0x00808020, 0x00000020,
-0x20000020, 0x20808020, 0x00008000, 0x20800000,
-0x20808000, 0x00800020, 0x20008020, 0x00808000,
-0x00008020, 0x00000000, 0x00800000, 0x20008020,
-0x00808020, 0x00000020, 0x20000000, 0x00008000,
-0x20000020, 0x20008000, 0x00808000, 0x20800020,
-0x00000000, 0x00808020, 0x00008020, 0x20808000,
-0x20008000, 0x00800000, 0x20808020, 0x20000000,
-0x20008020, 0x20800000, 0x00800000, 0x20808020,
-0x00008000, 0x00800020, 0x20800020, 0x00008020,
-0x00800020, 0x00000000, 0x20808000, 0x20000020,
-0x20800000, 0x20008020, 0x00000020, 0x00808000,
-);
-@SP3=(
-0x00080201, 0x02000200, 0x00000001, 0x02080201,
-0x00000000, 0x02080000, 0x02000201, 0x00080001,
-0x02080200, 0x02000001, 0x02000000, 0x00000201,
-0x02000001, 0x00080201, 0x00080000, 0x02000000,
-0x02080001, 0x00080200, 0x00000200, 0x00000001,
-0x00080200, 0x02000201, 0x02080000, 0x00000200,
-0x00000201, 0x00000000, 0x00080001, 0x02080200,
-0x02000200, 0x02080001, 0x02080201, 0x00080000,
-0x02080001, 0x00000201, 0x00080000, 0x02000001,
-0x00080200, 0x02000200, 0x00000001, 0x02080000,
-0x02000201, 0x00000000, 0x00000200, 0x00080001,
-0x00000000, 0x02080001, 0x02080200, 0x00000200,
-0x02000000, 0x02080201, 0x00080201, 0x00080000,
-0x02080201, 0x00000001, 0x02000200, 0x00080201,
-0x00080001, 0x00080200, 0x02080000, 0x02000201,
-0x00000201, 0x02000000, 0x02000001, 0x02080200,
-);
-@SP4=(
-0x01000000, 0x00002000, 0x00000080, 0x01002084,
-0x01002004, 0x01000080, 0x00002084, 0x01002000,
-0x00002000, 0x00000004, 0x01000004, 0x00002080,
-0x01000084, 0x01002004, 0x01002080, 0x00000000,
-0x00002080, 0x01000000, 0x00002004, 0x00000084,
-0x01000080, 0x00002084, 0x00000000, 0x01000004,
-0x00000004, 0x01000084, 0x01002084, 0x00002004,
-0x01002000, 0x00000080, 0x00000084, 0x01002080,
-0x01002080, 0x01000084, 0x00002004, 0x01002000,
-0x00002000, 0x00000004, 0x01000004, 0x01000080,
-0x01000000, 0x00002080, 0x01002084, 0x00000000,
-0x00002084, 0x01000000, 0x00000080, 0x00002004,
-0x01000084, 0x00000080, 0x00000000, 0x01002084,
-0x01002004, 0x01002080, 0x00000084, 0x00002000,
-0x00002080, 0x01002004, 0x01000080, 0x00000084,
-0x00000004, 0x00002084, 0x01002000, 0x01000004,
-);
-@SP5=(
-0x10000008, 0x00040008, 0x00000000, 0x10040400,
-0x00040008, 0x00000400, 0x10000408, 0x00040000,
-0x00000408, 0x10040408, 0x00040400, 0x10000000,
-0x10000400, 0x10000008, 0x10040000, 0x00040408,
-0x00040000, 0x10000408, 0x10040008, 0x00000000,
-0x00000400, 0x00000008, 0x10040400, 0x10040008,
-0x10040408, 0x10040000, 0x10000000, 0x00000408,
-0x00000008, 0x00040400, 0x00040408, 0x10000400,
-0x00000408, 0x10000000, 0x10000400, 0x00040408,
-0x10040400, 0x00040008, 0x00000000, 0x10000400,
-0x10000000, 0x00000400, 0x10040008, 0x00040000,
-0x00040008, 0x10040408, 0x00040400, 0x00000008,
-0x10040408, 0x00040400, 0x00040000, 0x10000408,
-0x10000008, 0x10040000, 0x00040408, 0x00000000,
-0x00000400, 0x10000008, 0x10000408, 0x10040400,
-0x10040000, 0x00000408, 0x00000008, 0x10040008,
-);
-@SP6=(
-0x00000800, 0x00000040, 0x00200040, 0x80200000,
-0x80200840, 0x80000800, 0x00000840, 0x00000000,
-0x00200000, 0x80200040, 0x80000040, 0x00200800,
-0x80000000, 0x00200840, 0x00200800, 0x80000040,
-0x80200040, 0x00000800, 0x80000800, 0x80200840,
-0x00000000, 0x00200040, 0x80200000, 0x00000840,
-0x80200800, 0x80000840, 0x00200840, 0x80000000,
-0x80000840, 0x80200800, 0x00000040, 0x00200000,
-0x80000840, 0x00200800, 0x80200800, 0x80000040,
-0x00000800, 0x00000040, 0x00200000, 0x80200800,
-0x80200040, 0x80000840, 0x00000840, 0x00000000,
-0x00000040, 0x80200000, 0x80000000, 0x00200040,
-0x00000000, 0x80200040, 0x00200040, 0x00000840,
-0x80000040, 0x00000800, 0x80200840, 0x00200000,
-0x00200840, 0x80000000, 0x80000800, 0x80200840,
-0x80200000, 0x00200840, 0x00200800, 0x80000800,
-);
-@SP7=(
-0x04100010, 0x04104000, 0x00004010, 0x00000000,
-0x04004000, 0x00100010, 0x04100000, 0x04104010,
-0x00000010, 0x04000000, 0x00104000, 0x00004010,
-0x00104010, 0x04004010, 0x04000010, 0x04100000,
-0x00004000, 0x00104010, 0x00100010, 0x04004000,
-0x04104010, 0x04000010, 0x00000000, 0x00104000,
-0x04000000, 0x00100000, 0x04004010, 0x04100010,
-0x00100000, 0x00004000, 0x04104000, 0x00000010,
-0x00100000, 0x00004000, 0x04000010, 0x04104010,
-0x00004010, 0x04000000, 0x00000000, 0x00104000,
-0x04100010, 0x04004010, 0x04004000, 0x00100010,
-0x04104000, 0x00000010, 0x00100010, 0x04004000,
-0x04104010, 0x00100000, 0x04100000, 0x04000010,
-0x00104000, 0x00004010, 0x04004010, 0x04100000,
-0x00000010, 0x04104000, 0x00104010, 0x00000000,
-0x04000000, 0x04100010, 0x00004000, 0x00104010,
-);
-
-sub main'des_set_key
-	{
-	local($param)=@_;
-	local(@key);
-	local($c,$d,$i,$s,$t);
-	local(@ks)=();
-
-	# Get the bytes in the order we want.
-	@key=unpack("C8",$param);
-
-	$c=	($key[0]    )|
-		($key[1]<< 8)|
-		($key[2]<<16)|
-		($key[3]<<24);
-	$d=	($key[4]    )|
-		($key[5]<< 8)|
-		($key[6]<<16)|
-		($key[7]<<24);
-
-	&doPC1(*c,*d);
-
-	for $i (@shifts2)
-		{
-		if ($i)
-			{
-			$c=($c>>2)|($c<<26);
-			$d=($d>>2)|($d<<26);
-			}
-		else
-			{
-			$c=($c>>1)|($c<<27);
-			$d=($d>>1)|($d<<27);
-			}
-		$c&=0x0fffffff;
-		$d&=0x0fffffff;
-		$s=	$skb0[ ($c    )&0x3f                 ]|
-			$skb1[(($c>> 6)&0x03)|(($c>> 7)&0x3c)]|
-			$skb2[(($c>>13)&0x0f)|(($c>>14)&0x30)]|
-			$skb3[(($c>>20)&0x01)|(($c>>21)&0x06) |
-					     (($c>>22)&0x38)];
-		$t=     $skb4[ ($d    )&0x3f                ]|
-			$skb5[(($d>> 7)&0x03)|(($d>> 8)&0x3c)]|
-			$skb6[ ($d>>15)&0x3f                 ]|
-			$skb7[(($d>>21)&0x0f)|(($d>>22)&0x30)];
-		push(@ks,(($t<<16)|($s&0x0000ffff))&0xffffffff);
-		$s=      ($s>>16)|($t&0xffff0000) ;
-		push(@ks,(($s<<4)|($s>>28))&0xffffffff);
-		}
-	@ks;
-	}
-
-sub doPC1
-	{
-	local(*a,*b)=@_;
-	local($t);
-
-	$t=(($b>>4)^$a)&0x0f0f0f0f;
-	$b^=($t<<4); $a^=$t;
-	# do $a first 
-	$t=(($a<<18)^$a)&0xcccc0000;
-	$a=$a^$t^($t>>18);
-	$t=(($a<<17)^$a)&0xaaaa0000;
-	$a=$a^$t^($t>>17);
-	$t=(($a<< 8)^$a)&0x00ff0000;
-	$a=$a^$t^($t>> 8);
-	$t=(($a<<17)^$a)&0xaaaa0000;
-	$a=$a^$t^($t>>17);
-
-	# now do $b
-	$t=(($b<<24)^$b)&0xff000000;
-	$b=$b^$t^($t>>24);
-	$t=(($b<< 8)^$b)&0x00ff0000;
-	$b=$b^$t^($t>> 8);
-	$t=(($b<<14)^$b)&0x33330000;
-	$b=$b^$t^($t>>14);
-	$b=(($b&0x00aa00aa)<<7)|(($b&0x55005500)>>7)|($b&0xaa55aa55);
-	$b=($b>>8)|(($a&0xf0000000)>>4);
-	$a&=0x0fffffff;
-	}
-
-sub doIP
-	{
-	local(*a,*b)=@_;
-	local($t);
-
-	$t=(($b>> 4)^$a)&0x0f0f0f0f;
-	$b^=($t<< 4); $a^=$t;
-	$t=(($a>>16)^$b)&0x0000ffff;
-	$a^=($t<<16); $b^=$t;
-	$t=(($b>> 2)^$a)&0x33333333;
-	$b^=($t<< 2); $a^=$t;
-	$t=(($a>> 8)^$b)&0x00ff00ff;
-	$a^=($t<< 8); $b^=$t;
-	$t=(($b>> 1)^$a)&0x55555555;
-	$b^=($t<< 1); $a^=$t;
-	$t=$a;
-	$a=$b&0xffffffff;
-	$b=$t&0xffffffff;
-	}
-
-sub doFP
-	{
-	local(*a,*b)=@_;
-	local($t);
-
-	$t=(($b>> 1)^$a)&0x55555555;
-	$b^=($t<< 1); $a^=$t;
-	$t=(($a>> 8)^$b)&0x00ff00ff;
-	$a^=($t<< 8); $b^=$t;
-	$t=(($b>> 2)^$a)&0x33333333;
-	$b^=($t<< 2); $a^=$t;
-	$t=(($a>>16)^$b)&0x0000ffff;
-	$a^=($t<<16); $b^=$t;
-	$t=(($b>> 4)^$a)&0x0f0f0f0f;
-	$b^=($t<< 4); $a^=$t;
-	$a&=0xffffffff;
-	$b&=0xffffffff;
-	}
-
-sub main'des_ecb_encrypt
-	{
-	local(*ks,$encrypt,$in)=@_;
-	local($l,$r,$i,$t,$u,@input);
-	
-	@input=unpack("C8",$in);
-	# Get the bytes in the order we want.
-	$l=	($input[0]    )|
-		($input[1]<< 8)|
-		($input[2]<<16)|
-		($input[3]<<24);
-	$r=	($input[4]    )|
-		($input[5]<< 8)|
-		($input[6]<<16)|
-		($input[7]<<24);
-
-	$l&=0xffffffff;
-	$r&=0xffffffff;
-	&doIP(*l,*r);
-	if ($encrypt)
-		{
-		for ($i=0; $i<32; $i+=4)
-			{
-			$t=(($r<<1)|($r>>31))&0xffffffff;
-			$u=$t^$ks[$i  ];
-			$t=$t^$ks[$i+1];
-			$t=(($t>>4)|($t<<28))&0xffffffff;
-			$l^=	$SP1[ $t     &0x3f]|
-				$SP3[($t>> 8)&0x3f]|
-				$SP5[($t>>16)&0x3f]|
-				$SP7[($t>>24)&0x3f]|
-				$SP0[ $u     &0x3f]|
-				$SP2[($u>> 8)&0x3f]|
-				$SP4[($u>>16)&0x3f]|
-				$SP6[($u>>24)&0x3f];
-
-			$t=(($l<<1)|($l>>31))&0xffffffff;
-			$u=$t^$ks[$i+2];
-			$t=$t^$ks[$i+3];
-			$t=(($t>>4)|($t<<28))&0xffffffff;
-			$r^=	$SP1[ $t     &0x3f]|
-				$SP3[($t>> 8)&0x3f]|
-				$SP5[($t>>16)&0x3f]|
-				$SP7[($t>>24)&0x3f]|
-				$SP0[ $u     &0x3f]|
-				$SP2[($u>> 8)&0x3f]|
-				$SP4[($u>>16)&0x3f]|
-				$SP6[($u>>24)&0x3f];
-			}
-		}
-	else	
-		{
-		for ($i=30; $i>0; $i-=4)
-			{
-			$t=(($r<<1)|($r>>31))&0xffffffff;
-			$u=$t^$ks[$i  ];
-			$t=$t^$ks[$i+1];
-			$t=(($t>>4)|($t<<28))&0xffffffff;
-			$l^=	$SP1[ $t     &0x3f]|
-				$SP3[($t>> 8)&0x3f]|
-				$SP5[($t>>16)&0x3f]|
-				$SP7[($t>>24)&0x3f]|
-				$SP0[ $u     &0x3f]|
-				$SP2[($u>> 8)&0x3f]|
-				$SP4[($u>>16)&0x3f]|
-				$SP6[($u>>24)&0x3f];
-
-			$t=(($l<<1)|($l>>31))&0xffffffff;
-			$u=$t^$ks[$i-2];
-			$t=$t^$ks[$i-1];
-			$t=(($t>>4)|($t<<28))&0xffffffff;
-			$r^=	$SP1[ $t     &0x3f]|
-				$SP3[($t>> 8)&0x3f]|
-				$SP5[($t>>16)&0x3f]|
-				$SP7[($t>>24)&0x3f]|
-				$SP0[ $u     &0x3f]|
-				$SP2[($u>> 8)&0x3f]|
-				$SP4[($u>>16)&0x3f]|
-				$SP6[($u>>24)&0x3f];
-			}
-		}
-	&doFP(*l,*r);
-	pack("C8",$l&0xff,$l>>8,$l>>16,$l>>24,
-		  $r&0xff,$r>>8,$r>>16,$r>>24);
-	}
diff --git a/secure/lib/libdes/des_crypt.man b/secure/lib/libdes/des_crypt.man
deleted file mode 100644
index 9feb447129eb..000000000000
--- a/secure/lib/libdes/des_crypt.man
+++ /dev/null
@@ -1,508 +0,0 @@
-.TH DES_CRYPT 3 
-.SH NAME
-des_read_password, des_read_2password,
-des_string_to_key, des_string_to_2key, des_read_pw_string,
-des_random_key, des_set_key,
-des_key_sched, des_ecb_encrypt, des_3ecb_encrypt, des_cbc_encrypt,
-des_3cbc_encrypt,
-des_pcbc_encrypt, des_cfb_encrypt, des_ofb_encrypt,
-des_cbc_cksum, des_quad_cksum,
-des_enc_read, des_enc_write, des_set_odd_parity,
-des_is_weak_key, crypt \- (non USA) DES encryption
-.SH SYNOPSIS
-.nf
-.nj
-.ft B
-#include <des.h>
-.PP
-.B int des_read_password(key,prompt,verify)
-des_cblock *key;
-char *prompt;
-int verify;
-.PP
-.B int des_read_2password(key1,key2,prompt,verify)
-des_cblock *key1,*key2;
-char *prompt;
-int verify;
-.PP
-.B int des_string_to_key(str,key)
-char *str;
-des_cblock *key;
-.PP
-.B int des_string_to_2keys(str,key1,key2)
-char *str;
-des_cblock *key1,*key2;
-.PP
-.B int des_read_pw_string(buf,length,prompt,verify)
-char *buf;
-int length;
-char *prompt;
-int verify;
-.PP
-.B int des_random_key(key)
-des_cblock *key;
-.PP
-.B int des_set_key(key,schedule)
-des_cblock *key;
-des_key_schedule schedule;
-.PP
-.B int des_key_sched(key,schedule)
-des_cblock *key;
-des_key_schedule schedule;
-.PP
-.B int des_ecb_encrypt(input,output,schedule,encrypt)
-des_cblock *input;
-des_cblock *output;
-des_key_schedule schedule;
-int encrypt;
-.PP
-.B int des_3ecb_encrypt(input,output,ks1,ks2,encrypt)
-des_cblock *input;
-des_cblock *output;
-des_key_schedule ks1,ks2;
-int encrypt;
-.PP
-.B int des_cbc_encrypt(input,output,length,schedule,ivec,encrypt)
-des_cblock *input;
-des_cblock *output;
-long length;
-des_key_schedule schedule;
-des_cblock *ivec;
-int encrypt;
-.PP
-.B int des_3cbc_encrypt(input,output,length,sk1,sk2,ivec1,ivec2,encrypt)
-des_cblock *input;
-des_cblock *output;
-long length;
-des_key_schedule sk1;
-des_key_schedule sk2;
-des_cblock *ivec1;
-des_cblock *ivec2;
-int encrypt;
-.PP
-.B int des_pcbc_encrypt(input,output,length,schedule,ivec,encrypt)
-des_cblock *input;
-des_cblock *output;
-long length;
-des_key_schedule schedule;
-des_cblock *ivec;
-int encrypt;
-.PP
-.B int des_cfb_encrypt(input,output,numbits,length,schedule,ivec,encrypt)
-unsigned char *input;
-unsigned char *output;
-int numbits;
-long length;
-des_key_schedule schedule;
-des_cblock *ivec;
-int encrypt;
-.PP
-.B int des_ofb_encrypt(input,output,numbits,length,schedule,ivec)
-unsigned char *input,*output;
-int numbits;
-long length;
-des_key_schedule schedule;
-des_cblock *ivec;
-.PP
-.B unsigned long des_cbc_cksum(input,output,length,schedule,ivec)
-des_cblock *input;
-des_cblock *output;
-long length;
-des_key_schedule schedule;
-des_cblock *ivec;
-.PP
-.B unsigned long des_quad_cksum(input,output,length,out_count,seed)
-des_cblock *input;
-des_cblock *output;
-long length;
-int out_count;
-des_cblock *seed;
-.PP
-.B int des_check_key;
-.PP
-.B int des_enc_read(fd,buf,len,sched,iv)
-int fd;
-char *buf;
-int len;
-des_key_schedule sched;
-des_cblock *iv;
-.PP
-.B int des_enc_write(fd,buf,len,sched,iv)
-int fd;
-char *buf;
-int len;
-des_key_schedule sched;
-des_cblock *iv;
-.PP
-.B extern int des_rw_mode;
-.PP
-.B void des_set_odd_parity(key)
-des_cblock *key;
-.PP
-.B int des_is_weak_key(key)
-des_cblock *key;
-.PP
-.B char *crypt(passwd,salt)
-char *passwd;
-char *salt;
-.PP
-.fi
-.SH DESCRIPTION
-This library contains a fast implementation of the DES encryption
-algorithm.
-.PP
-There are two phases to the use of DES encryption.
-The first is the generation of a
-.I des_key_schedule
-from a key,
-the second is the actual encryption.
-A des key is of type
-.I des_cblock.
-This type is made from 8 characters with odd parity.
-The least significant bit in the character is the parity bit.
-The key schedule is an expanded form of the key; it is used to speed the
-encryption process.
-.PP
-.I des_read_password
-writes the string specified by prompt to the standard output,
-turns off echo and reads an input string from standard input
-until terminated with a newline.
-If verify is non-zero, it prompts and reads the input again and verifies
-that both entered passwords are the same.
-The entered string is converted into a des key by using the
-.I des_string_to_key
-routine.
-The new key is placed in the
-.I des_cblock
-that was passed (by reference) to the routine.
-If there were no errors,
-.I des_read_password
-returns 0,
--1 is returned if there was a terminal error and 1 is returned for
-any other error.
-.PP
-.I des_read_2password
-operates in the same way as
-.I des_read_password
-except that it generates 2 keys by using the
-.I des_string_to_2key
-function.
-.PP
-.I des_read_pw_string
-is called by
-.I des_read_password
-to read and verify a string from a terminal device.
-The string is returned in
-.I buf.
-The size of
-.I buf
-is passed to the routine via the
-.I length
-parameter.
-.PP
-.I des_string_to_key
-converts a string into a valid des key.
-.PP
-.I des_string_to_2key
-converts a string into 2 valid des keys.
-This routine is best suited for used to generate keys for use with
-.I des_3ecb_encrypt.
-.PP
-.I des_random_key
-returns a random key that is made of a combination of process id,
-time and an increasing counter.
-.PP
-Before a des key can be used it is converted into a
-.I des_key_schedule
-via the
-.I des_set_key
-routine.
-If the
-.I des_check_key
-flag is non-zero,
-.I des_set_key
-will check that the key passed is of odd parity and is not a week or
-semi-weak key.
-If the parity is wrong,
-then -1 is returned.
-If the key is a weak key,
-then -2 is returned.
-If an error is returned,
-the key schedule is not generated.
-.PP
-.I des_key_sched
-is another name for the
-.I des_set_key
-function.
-.PP
-The following routines mostly operate on an input and output stream of
-.I des_cblock's.
-.PP
-.I des_ecb_encrypt
-is the basic DES encryption routine that encrypts or decrypts a single 8-byte
-.I des_cblock
-in
-.I electronic code book
-mode.
-It always transforms the input data, pointed to by
-.I input,
-into the output data,
-pointed to by the
-.I output
-argument.
-If the
-.I encrypt
-argument is non-zero (DES_ENCRYPT),
-the
-.I input
-(cleartext) is encrypted in to the
-.I output
-(ciphertext) using the key_schedule specified by the
-.I schedule
-argument,
-previously set via
-.I des_set_key.
-If
-.I encrypt
-is zero (DES_DECRYPT),
-the
-.I input
-(now ciphertext)
-is decrypted into the
-.I output
-(now cleartext).
-Input and output may overlap.
-No meaningful value is returned.
-.PP
-.I des_3ecb_encrypt
-encrypts/decrypts the
-.I input
-block by using triple ecb DES encryption.
-This involves encrypting the input with 
-.I ks1,
-decryption with the key schedule
-.I ks2,
-and then encryption with the first again.
-This routine greatly reduces the chances of brute force breaking of
-DES and has the advantage of if
-.I ks1
-and
-.I ks2
-are the same, it is equivalent to just encryption using ecb mode and
-.I ks1
-as the key.
-.PP
-.I des_cbc_encrypt
-encrypts/decrypts using the
-.I cipher-block-chaining
-mode of DES.
-If the
-.I encrypt
-argument is non-zero,
-the routine cipher-block-chain encrypts the cleartext data pointed to by the
-.I input
-argument into the ciphertext pointed to by the
-.I output
-argument,
-using the key schedule provided by the
-.I schedule
-argument,
-and initialisation vector provided by the
-.I ivec
-argument.
-If the
-.I length
-argument is not an integral multiple of eight bytes, 
-the last block is copied to a temporary area and zero filled.
-The output is always
-an integral multiple of eight bytes.
-To make multiple cbc encrypt calls on a large amount of data appear to
-be one 
-.I des_cbc_encrypt
-call, the
-.I ivec
-of subsequent calls should be the last 8 bytes of the output.
-.PP
-.I des_3cbc_encrypt
-encrypts/decrypts the
-.I input
-block by using triple cbc DES encryption.
-This involves encrypting the input with key schedule
-.I ks1,
-decryption with the key schedule
-.I ks2,
-and then encryption with the first again.
-2 initialisation vectors are required,
-.I ivec1
-and
-.I ivec2.
-Unlike
-.I des_cbc_encrypt,
-these initialisation vectors are modified by the subroutine.
-This routine greatly reduces the chances of brute force breaking of
-DES and has the advantage of if
-.I ks1
-and
-.I ks2
-are the same, it is equivalent to just encryption using cbc mode and
-.I ks1
-as the key.
-.PP
-.I des_pcbc_encrypt
-encrypt/decrypts using a modified block chaining mode.
-It provides better error propagation characteristics than cbc
-encryption.
-.PP
-.I des_cfb_encrypt
-encrypt/decrypts using cipher feedback mode.  This method takes an
-array of characters as input and outputs and array of characters.  It
-does not require any padding to 8 character groups.  Note: the ivec
-variable is changed and the new changed value needs to be passed to
-the next call to this function.  Since this function runs a complete
-DES ecb encryption per numbits, this function is only suggested for
-use when sending small numbers of characters.
-.PP
-.I des_ofb_encrypt
-encrypt using output feedback mode.  This method takes an
-array of characters as input and outputs and array of characters.  It
-does not require any padding to 8 character groups.  Note: the ivec
-variable is changed and the new changed value needs to be passed to
-the next call to this function.  Since this function runs a complete
-DES ecb encryption per numbits, this function is only suggested for
-use when sending small numbers of characters.
-.PP
-.I des_cbc_cksum
-produces an 8 byte checksum based on the input stream (via cbc encryption).
-The last 4 bytes of the checksum is returned and the complete 8 bytes is
-placed in
-.I output.
-.PP
-.I des_quad_cksum
-returns a 4 byte checksum from the input bytes.
-The algorithm can be iterated over the input,
-depending on
-.I out_count,
-1, 2, 3 or 4 times.
-If
-.I output
-is non-NULL,
-the 8 bytes generated by each pass are written into
-.I output.
-.PP
-.I des_enc_write
-is used to write
-.I len
-bytes
-to file descriptor
-.I fd
-from buffer
-.I buf.
-The data is encrypted via
-.I pcbc_encrypt
-(default) using
-.I sched
-for the key and
-.I iv
-as a starting vector.
-The actual data send down
-.I fd
-consists of 4 bytes (in network byte order) containing the length of the
-following encrypted data.  The encrypted data then follows, padded with random
-data out to a multiple of 8 bytes.
-.PP
-.I des_enc_read
-is used to read
-.I len
-bytes
-from file descriptor
-.I fd
-into buffer
-.I buf.
-The data being read from
-.I fd
-is assumed to have come from
-.I des_enc_write
-and is decrypted using
-.I sched
-for the key schedule and
-.I iv
-for the initial vector.
-The
-.I des_enc_read/des_enc_write
-pair can be used to read/write to files, pipes and sockets.
-I have used them in implementing a version of rlogin in which all
-data is encrypted.
-.PP
-.I des_rw_mode
-is used to specify the encryption mode to use with 
-.I des_enc_read
-and 
-.I des_end_write.
-If set to
-.I DES_PCBC_MODE
-(the default), des_pcbc_encrypt is used.
-If set to
-.I DES_CBC_MODE
-des_cbc_encrypt is used.
-These two routines and the variable are not part of the normal MIT library.
-.PP
-.I des_set_odd_parity
-sets the parity of the passed
-.I key
-to odd.  This routine is not part of the standard MIT library.
-.PP
-.I des_is_weak_key
-returns 1 is the passed key is a weak key (pick again :-),
-0 if it is ok.
-This routine is not part of the standard MIT library.
-.PP
-.I crypt
-is a replacement for the normal system crypt.
-It is much faster than the system crypt.
-.PP
-.SH FILES
-/usr/include/des.h
-.br
-/usr/lib/libdes.a
-.PP
-The encryption routines have been tested on 16bit, 32bit and 64bit
-machines of various endian and even works under VMS.
-.PP
-.SH BUGS
-.PP
-If you think this manual is sparse,
-read the des_crypt(3) manual from the MIT kerberos (or bones outside
-of the USA) distribution.
-.PP
-.I des_cfb_encrypt
-and
-.I des_ofb_encrypt
-operates on input of 8 bits.  What this means is that if you set
-numbits to 12, and length to 2, the first 12 bits will come from the 1st
-input byte and the low half of the second input byte.  The second 12
-bits will have the low 8 bits taken from the 3rd input byte and the
-top 4 bits taken from the 4th input byte.  The same holds for output.
-This function has been implemented this way because most people will
-be using a multiple of 8 and because once you get into pulling bytes input
-bytes apart things get ugly!
-.PP
-.I des_read_pw_string
-is the most machine/OS dependent function and normally generates the
-most problems when porting this code.
-.PP
-.I des_string_to_key
-is probably different from the MIT version since there are lots
-of fun ways to implement one-way encryption of a text string.
-.PP
-The routines are optimised for 32 bit machines and so are not efficient
-on IBM PCs.
-.PP
-NOTE: extensive work has been done on this library since this document
-was origionally written.  Please try to read des.doc from the libdes
-distribution since it is far more upto date and documents more of the
-functions.  Libdes is now also being shipped as part of SSLeay, a
-general cryptographic library that amonst other things implements
-netscapes SSL protocoll.  The most recent version can be found in
-SSLeay distributions.
-.SH AUTHOR
-Eric Young (eay@mincom.oz.au or eay@psych.psy.uq.oz.au)
diff --git a/secure/lib/libdes/des_locl.h b/secure/lib/libdes/des_locl.h
deleted file mode 100644
index 80a4ccdcf003..000000000000
--- a/secure/lib/libdes/des_locl.h
+++ /dev/null
@@ -1,276 +0,0 @@
-/* lib/des/des_locl.h */
-/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
- * All rights reserved.
- * 
- * This file is part of an SSL implementation written
- * by Eric Young (eay@mincom.oz.au).
- * The implementation was written so as to conform with Netscapes SSL
- * specification.  This library and applications are
- * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
- * as long as the following conditions are aheared to.
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.  If this code is used in a product,
- * Eric Young should be given attribution as the author of the parts used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    This product includes software developed by Eric Young (eay@mincom.oz.au)
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_DES_LOCL_H
-#define HEADER_DES_LOCL_H
-#include <stdio.h>
-#include <stdlib.h>
-#ifndef MSDOS
-#include <unistd.h>
-#endif
-#include "des.h"
-
-/* the following is tweaked from a config script, that is why it is a
- * protected undef/define */
-#ifndef DES_USE_PTR
-#undef DES_USE_PTR
-#endif
-
-#ifdef MSDOS		/* Visual C++ 2.1 (Windows NT/95) */
-#include <stdlib.h>
-#include <time.h>
-#include <io.h>
-#ifndef RAND
-#define RAND
-#endif
-#undef NOPROTO
-#endif
-
-#if defined(__STDC__) || defined(VMS) || defined(M_XENIX) || defined(MSDOS)
-#include <string.h>
-#endif
-
-#ifndef RAND
-#define RAND
-#endif
-
-#ifdef linux
-#undef RAND
-#endif
-
-#ifdef MSDOS
-#define getpid() 2
-extern int errno;
-#define RAND
-#undef NOPROTO
-#endif
-
-#if defined(NOCONST)
-#define const
-#endif
-
-#ifdef __STDC__
-#undef NOPROTO
-#endif
-
-#ifdef RAND
-#define srandom(s) srand(s)
-#define random rand
-#endif
-
-#define ITERATIONS 16
-#define HALF_ITERATIONS 8
-
-/* used in des_read and des_write */
-#define MAXWRITE	(1024*16)
-#define BSIZE		(MAXWRITE+4)
-
-#define c2l(c,l)	(l =((unsigned long)(*((c)++)))    , \
-			 l|=((unsigned long)(*((c)++)))<< 8L, \
-			 l|=((unsigned long)(*((c)++)))<<16L, \
-			 l|=((unsigned long)(*((c)++)))<<24L)
-
-/* NOTE - c is not incremented as per c2l */
-#define c2ln(c,l1,l2,n)	{ \
-			c+=n; \
-			l1=l2=0; \
-			switch (n) { \
-			case 8: l2 =((unsigned long)(*(--(c))))<<24L; \
-			case 7: l2|=((unsigned long)(*(--(c))))<<16L; \
-			case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \
-			case 5: l2|=((unsigned long)(*(--(c))));     \
-			case 4: l1 =((unsigned long)(*(--(c))))<<24L; \
-			case 3: l1|=((unsigned long)(*(--(c))))<<16L; \
-			case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \
-			case 1: l1|=((unsigned long)(*(--(c))));     \
-				} \
-			}
-
-#define l2c(l,c)	(*((c)++)=(unsigned char)(((l)     )&0xff), \
-			 *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>24L)&0xff))
-
-/* replacements for htonl and ntohl since I have no idea what to do
- * when faced with machines with 8 byte longs. */
-#define HDRSIZE 4
-
-#define n2l(c,l)	(l =((unsigned long)(*((c)++)))<<24L, \
-			 l|=((unsigned long)(*((c)++)))<<16L, \
-			 l|=((unsigned long)(*((c)++)))<< 8L, \
-			 l|=((unsigned long)(*((c)++))))
-
-#define l2n(l,c)	(*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
-			 *((c)++)=(unsigned char)(((l)     )&0xff))
-
-/* NOTE - c is not incremented as per l2c */
-#define l2cn(l1,l2,c,n)	{ \
-			c+=n; \
-			switch (n) { \
-			case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
-			case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
-			case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
-			case 5: *(--(c))=(unsigned char)(((l2)     )&0xff); \
-			case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
-			case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
-			case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
-			case 1: *(--(c))=(unsigned char)(((l1)     )&0xff); \
-				} \
-			}
-
-/* The changes to this macro may help or hinder, depending on the
- * compiler and the achitecture.  gcc2 always seems to do well :-).
- * Inspired by Dana How <how@isl.stanford.edu>
- * DO NOT use the alternative version on machines with 8 byte longs. */
-#ifdef DES_USR_PTR
-#define D_ENCRYPT(L,R,S) { \
-	u=((R^s[S  ])<<2);	\
-	t= R^s[S+1]; \
-	t=((t>>2)+(t<<30)); \
-	L^= \
-	*(unsigned long *)(des_SP+0x0100+((t    )&0xfc))+ \
-	*(unsigned long *)(des_SP+0x0300+((t>> 8)&0xfc))+ \
-	*(unsigned long *)(des_SP+0x0500+((t>>16)&0xfc))+ \
-	*(unsigned long *)(des_SP+0x0700+((t>>24)&0xfc))+ \
-	*(unsigned long *)(des_SP+       ((u    )&0xfc))+ \
-	*(unsigned long *)(des_SP+0x0200+((u>> 8)&0xfc))+ \
-	*(unsigned long *)(des_SP+0x0400+((u>>16)&0xfc))+ \
-	*(unsigned long *)(des_SP+0x0600+((u>>24)&0xfc)); }
-#else /* original version */
-#ifdef MSDOS
-#define D_ENCRYPT(L,R,S)	\
-	U.l=R^s[S+1]; \
-	T.s[0]=((U.s[0]>>4)|(U.s[1]<<12))&0x3f3f; \
-	T.s[1]=((U.s[1]>>4)|(U.s[0]<<12))&0x3f3f; \
-	U.l=(R^s[S  ])&0x3f3f3f3fL; \
-	L^=	des_SPtrans[1][(T.c[0])]| \
-		des_SPtrans[3][(T.c[1])]| \
-		des_SPtrans[5][(T.c[2])]| \
-		des_SPtrans[7][(T.c[3])]| \
-		des_SPtrans[0][(U.c[0])]| \
-		des_SPtrans[2][(U.c[1])]| \
-		des_SPtrans[4][(U.c[2])]| \
-		des_SPtrans[6][(U.c[3])];
-#else
-#define D_ENCRYPT(Q,R,S) {\
-	u=(R^s[S  ]); \
-	t=R^s[S+1]; \
-	t=((t>>4L)+(t<<28L)); \
-	Q^=	des_SPtrans[1][(t     )&0x3f]| \
-		des_SPtrans[3][(t>> 8L)&0x3f]| \
-		des_SPtrans[5][(t>>16L)&0x3f]| \
-		des_SPtrans[7][(t>>24L)&0x3f]| \
-		des_SPtrans[0][(u     )&0x3f]| \
-		des_SPtrans[2][(u>> 8L)&0x3f]| \
-		des_SPtrans[4][(u>>16L)&0x3f]| \
-		des_SPtrans[6][(u>>24L)&0x3f]; }
-#endif
-#endif
-
-	/* IP and FP
-	 * The problem is more of a geometric problem that random bit fiddling.
-	 0  1  2  3  4  5  6  7      62 54 46 38 30 22 14  6
-	 8  9 10 11 12 13 14 15      60 52 44 36 28 20 12  4
-	16 17 18 19 20 21 22 23      58 50 42 34 26 18 10  2
-	24 25 26 27 28 29 30 31  to  56 48 40 32 24 16  8  0
-
-	32 33 34 35 36 37 38 39      63 55 47 39 31 23 15  7
-	40 41 42 43 44 45 46 47      61 53 45 37 29 21 13  5
-	48 49 50 51 52 53 54 55      59 51 43 35 27 19 11  3
-	56 57 58 59 60 61 62 63      57 49 41 33 25 17  9  1
-
-	The output has been subject to swaps of the form
-	0 1 -> 3 1 but the odd and even bits have been put into
-	2 3    2 0
-	different words.  The main trick is to remember that
-	t=((l>>size)^r)&(mask);
-	r^=t;
-	l^=(t<<size);
-	can be used to swap and move bits between words.
-
-	So l =  0  1  2  3  r = 16 17 18 19
-	        4  5  6  7      20 21 22 23
-	        8  9 10 11      24 25 26 27
-	       12 13 14 15      28 29 30 31
-	becomes (for size == 2 and mask == 0x3333)
-	   t =   2^16  3^17 -- --   l =  0  1 16 17  r =  2  3 18 19
-		 6^20  7^21 -- --        4  5 20 21       6  7 22 23
-		10^24 11^25 -- --        8  9 24 25      10 11 24 25
-		14^28 15^29 -- --       12 13 28 29      14 15 28 29
-
-	Thanks for hints from Richard Outerbridge - he told me IP&FP
-	could be done in 15 xor, 10 shifts and 5 ands.
-	When I finally started to think of the problem in 2D
-	I first got ~42 operations without xors.  When I remembered
-	how to use xors :-) I got it to its final state.
-	*/
-#define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
-	(b)^=(t),\
-	(a)^=((t)<<(n)))
-
-#define IP(l,r) \
-	{ \
-	register unsigned long tt; \
-	PERM_OP(r,l,tt, 4,0x0f0f0f0fL); \
-	PERM_OP(l,r,tt,16,0x0000ffffL); \
-	PERM_OP(r,l,tt, 2,0x33333333L); \
-	PERM_OP(l,r,tt, 8,0x00ff00ffL); \
-	PERM_OP(r,l,tt, 1,0x55555555L); \
-	}
-
-#define FP(l,r) \
-	{ \
-	register unsigned long tt; \
-	PERM_OP(l,r,tt, 1,0x55555555L); \
-	PERM_OP(r,l,tt, 8,0x00ff00ffL); \
-	PERM_OP(l,r,tt, 2,0x33333333L); \
-	PERM_OP(r,l,tt,16,0x0000ffffL); \
-	PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \
-	}
-#endif
diff --git a/secure/lib/libdes/des_locl.org b/secure/lib/libdes/des_locl.org
deleted file mode 100644
index 80a4ccdcf003..000000000000
--- a/secure/lib/libdes/des_locl.org
+++ /dev/null
@@ -1,276 +0,0 @@
-/* lib/des/des_locl.h */
-/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
- * All rights reserved.
- * 
- * This file is part of an SSL implementation written
- * by Eric Young (eay@mincom.oz.au).
- * The implementation was written so as to conform with Netscapes SSL
- * specification.  This library and applications are
- * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
- * as long as the following conditions are aheared to.
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.  If this code is used in a product,
- * Eric Young should be given attribution as the author of the parts used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    This product includes software developed by Eric Young (eay@mincom.oz.au)
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_DES_LOCL_H
-#define HEADER_DES_LOCL_H
-#include <stdio.h>
-#include <stdlib.h>
-#ifndef MSDOS
-#include <unistd.h>
-#endif
-#include "des.h"
-
-/* the following is tweaked from a config script, that is why it is a
- * protected undef/define */
-#ifndef DES_USE_PTR
-#undef DES_USE_PTR
-#endif
-
-#ifdef MSDOS		/* Visual C++ 2.1 (Windows NT/95) */
-#include <stdlib.h>
-#include <time.h>
-#include <io.h>
-#ifndef RAND
-#define RAND
-#endif
-#undef NOPROTO
-#endif
-
-#if defined(__STDC__) || defined(VMS) || defined(M_XENIX) || defined(MSDOS)
-#include <string.h>
-#endif
-
-#ifndef RAND
-#define RAND
-#endif
-
-#ifdef linux
-#undef RAND
-#endif
-
-#ifdef MSDOS
-#define getpid() 2
-extern int errno;
-#define RAND
-#undef NOPROTO
-#endif
-
-#if defined(NOCONST)
-#define const
-#endif
-
-#ifdef __STDC__
-#undef NOPROTO
-#endif
-
-#ifdef RAND
-#define srandom(s) srand(s)
-#define random rand
-#endif
-
-#define ITERATIONS 16
-#define HALF_ITERATIONS 8
-
-/* used in des_read and des_write */
-#define MAXWRITE	(1024*16)
-#define BSIZE		(MAXWRITE+4)
-
-#define c2l(c,l)	(l =((unsigned long)(*((c)++)))    , \
-			 l|=((unsigned long)(*((c)++)))<< 8L, \
-			 l|=((unsigned long)(*((c)++)))<<16L, \
-			 l|=((unsigned long)(*((c)++)))<<24L)
-
-/* NOTE - c is not incremented as per c2l */
-#define c2ln(c,l1,l2,n)	{ \
-			c+=n; \
-			l1=l2=0; \
-			switch (n) { \
-			case 8: l2 =((unsigned long)(*(--(c))))<<24L; \
-			case 7: l2|=((unsigned long)(*(--(c))))<<16L; \
-			case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \
-			case 5: l2|=((unsigned long)(*(--(c))));     \
-			case 4: l1 =((unsigned long)(*(--(c))))<<24L; \
-			case 3: l1|=((unsigned long)(*(--(c))))<<16L; \
-			case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \
-			case 1: l1|=((unsigned long)(*(--(c))));     \
-				} \
-			}
-
-#define l2c(l,c)	(*((c)++)=(unsigned char)(((l)     )&0xff), \
-			 *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>24L)&0xff))
-
-/* replacements for htonl and ntohl since I have no idea what to do
- * when faced with machines with 8 byte longs. */
-#define HDRSIZE 4
-
-#define n2l(c,l)	(l =((unsigned long)(*((c)++)))<<24L, \
-			 l|=((unsigned long)(*((c)++)))<<16L, \
-			 l|=((unsigned long)(*((c)++)))<< 8L, \
-			 l|=((unsigned long)(*((c)++))))
-
-#define l2n(l,c)	(*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
-			 *((c)++)=(unsigned char)(((l)     )&0xff))
-
-/* NOTE - c is not incremented as per l2c */
-#define l2cn(l1,l2,c,n)	{ \
-			c+=n; \
-			switch (n) { \
-			case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
-			case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
-			case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
-			case 5: *(--(c))=(unsigned char)(((l2)     )&0xff); \
-			case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
-			case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
-			case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
-			case 1: *(--(c))=(unsigned char)(((l1)     )&0xff); \
-				} \
-			}
-
-/* The changes to this macro may help or hinder, depending on the
- * compiler and the achitecture.  gcc2 always seems to do well :-).
- * Inspired by Dana How <how@isl.stanford.edu>
- * DO NOT use the alternative version on machines with 8 byte longs. */
-#ifdef DES_USR_PTR
-#define D_ENCRYPT(L,R,S) { \
-	u=((R^s[S  ])<<2);	\
-	t= R^s[S+1]; \
-	t=((t>>2)+(t<<30)); \
-	L^= \
-	*(unsigned long *)(des_SP+0x0100+((t    )&0xfc))+ \
-	*(unsigned long *)(des_SP+0x0300+((t>> 8)&0xfc))+ \
-	*(unsigned long *)(des_SP+0x0500+((t>>16)&0xfc))+ \
-	*(unsigned long *)(des_SP+0x0700+((t>>24)&0xfc))+ \
-	*(unsigned long *)(des_SP+       ((u    )&0xfc))+ \
-	*(unsigned long *)(des_SP+0x0200+((u>> 8)&0xfc))+ \
-	*(unsigned long *)(des_SP+0x0400+((u>>16)&0xfc))+ \
-	*(unsigned long *)(des_SP+0x0600+((u>>24)&0xfc)); }
-#else /* original version */
-#ifdef MSDOS
-#define D_ENCRYPT(L,R,S)	\
-	U.l=R^s[S+1]; \
-	T.s[0]=((U.s[0]>>4)|(U.s[1]<<12))&0x3f3f; \
-	T.s[1]=((U.s[1]>>4)|(U.s[0]<<12))&0x3f3f; \
-	U.l=(R^s[S  ])&0x3f3f3f3fL; \
-	L^=	des_SPtrans[1][(T.c[0])]| \
-		des_SPtrans[3][(T.c[1])]| \
-		des_SPtrans[5][(T.c[2])]| \
-		des_SPtrans[7][(T.c[3])]| \
-		des_SPtrans[0][(U.c[0])]| \
-		des_SPtrans[2][(U.c[1])]| \
-		des_SPtrans[4][(U.c[2])]| \
-		des_SPtrans[6][(U.c[3])];
-#else
-#define D_ENCRYPT(Q,R,S) {\
-	u=(R^s[S  ]); \
-	t=R^s[S+1]; \
-	t=((t>>4L)+(t<<28L)); \
-	Q^=	des_SPtrans[1][(t     )&0x3f]| \
-		des_SPtrans[3][(t>> 8L)&0x3f]| \
-		des_SPtrans[5][(t>>16L)&0x3f]| \
-		des_SPtrans[7][(t>>24L)&0x3f]| \
-		des_SPtrans[0][(u     )&0x3f]| \
-		des_SPtrans[2][(u>> 8L)&0x3f]| \
-		des_SPtrans[4][(u>>16L)&0x3f]| \
-		des_SPtrans[6][(u>>24L)&0x3f]; }
-#endif
-#endif
-
-	/* IP and FP
-	 * The problem is more of a geometric problem that random bit fiddling.
-	 0  1  2  3  4  5  6  7      62 54 46 38 30 22 14  6
-	 8  9 10 11 12 13 14 15      60 52 44 36 28 20 12  4
-	16 17 18 19 20 21 22 23      58 50 42 34 26 18 10  2
-	24 25 26 27 28 29 30 31  to  56 48 40 32 24 16  8  0
-
-	32 33 34 35 36 37 38 39      63 55 47 39 31 23 15  7
-	40 41 42 43 44 45 46 47      61 53 45 37 29 21 13  5
-	48 49 50 51 52 53 54 55      59 51 43 35 27 19 11  3
-	56 57 58 59 60 61 62 63      57 49 41 33 25 17  9  1
-
-	The output has been subject to swaps of the form
-	0 1 -> 3 1 but the odd and even bits have been put into
-	2 3    2 0
-	different words.  The main trick is to remember that
-	t=((l>>size)^r)&(mask);
-	r^=t;
-	l^=(t<<size);
-	can be used to swap and move bits between words.
-
-	So l =  0  1  2  3  r = 16 17 18 19
-	        4  5  6  7      20 21 22 23
-	        8  9 10 11      24 25 26 27
-	       12 13 14 15      28 29 30 31
-	becomes (for size == 2 and mask == 0x3333)
-	   t =   2^16  3^17 -- --   l =  0  1 16 17  r =  2  3 18 19
-		 6^20  7^21 -- --        4  5 20 21       6  7 22 23
-		10^24 11^25 -- --        8  9 24 25      10 11 24 25
-		14^28 15^29 -- --       12 13 28 29      14 15 28 29
-
-	Thanks for hints from Richard Outerbridge - he told me IP&FP
-	could be done in 15 xor, 10 shifts and 5 ands.
-	When I finally started to think of the problem in 2D
-	I first got ~42 operations without xors.  When I remembered
-	how to use xors :-) I got it to its final state.
-	*/
-#define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
-	(b)^=(t),\
-	(a)^=((t)<<(n)))
-
-#define IP(l,r) \
-	{ \
-	register unsigned long tt; \
-	PERM_OP(r,l,tt, 4,0x0f0f0f0fL); \
-	PERM_OP(l,r,tt,16,0x0000ffffL); \
-	PERM_OP(r,l,tt, 2,0x33333333L); \
-	PERM_OP(l,r,tt, 8,0x00ff00ffL); \
-	PERM_OP(r,l,tt, 1,0x55555555L); \
-	}
-
-#define FP(l,r) \
-	{ \
-	register unsigned long tt; \
-	PERM_OP(l,r,tt, 1,0x55555555L); \
-	PERM_OP(r,l,tt, 8,0x00ff00ffL); \
-	PERM_OP(l,r,tt, 2,0x33333333L); \
-	PERM_OP(r,l,tt,16,0x0000ffffL); \
-	PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \
-	}
-#endif
diff --git a/secure/lib/libdes/destest.c b/secure/lib/libdes/destest.c
deleted file mode 100644
index fec39905087d..000000000000
--- a/secure/lib/libdes/destest.c
+++ /dev/null
@@ -1,794 +0,0 @@
-/* lib/des/destest.c */
-/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
- * All rights reserved.
- * 
- * This file is part of an SSL implementation written
- * by Eric Young (eay@mincom.oz.au).
- * The implementation was written so as to conform with Netscapes SSL
- * specification.  This library and applications are
- * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
- * as long as the following conditions are aheared to.
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.  If this code is used in a product,
- * Eric Young should be given attribution as the author of the parts used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    This product includes software developed by Eric Young (eay@mincom.oz.au)
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#ifndef MSDOS
-#include <unistd.h>
-#else
-#include <io.h>
-#endif
-#include <string.h>
-#include "des.h"
-
-/* tisk tisk - the test keys don't all have odd parity :-( */
-/* test data */
-#define NUM_TESTS 34
-static unsigned char key_data[NUM_TESTS][8]={
-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
-	{0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
-	{0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
-	{0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
-	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
-	{0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
-	{0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10},
-	{0x7C,0xA1,0x10,0x45,0x4A,0x1A,0x6E,0x57},
-	{0x01,0x31,0xD9,0x61,0x9D,0xC1,0x37,0x6E},
-	{0x07,0xA1,0x13,0x3E,0x4A,0x0B,0x26,0x86},
-	{0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E},
-	{0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6},
-	{0x01,0x13,0xB9,0x70,0xFD,0x34,0xF2,0xCE},
-	{0x01,0x70,0xF1,0x75,0x46,0x8F,0xB5,0xE6},
-	{0x43,0x29,0x7F,0xAD,0x38,0xE3,0x73,0xFE},
-	{0x07,0xA7,0x13,0x70,0x45,0xDA,0x2A,0x16},
-	{0x04,0x68,0x91,0x04,0xC2,0xFD,0x3B,0x2F},
-	{0x37,0xD0,0x6B,0xB5,0x16,0xCB,0x75,0x46},
-	{0x1F,0x08,0x26,0x0D,0x1A,0xC2,0x46,0x5E},
-	{0x58,0x40,0x23,0x64,0x1A,0xBA,0x61,0x76},
-	{0x02,0x58,0x16,0x16,0x46,0x29,0xB0,0x07},
-	{0x49,0x79,0x3E,0xBC,0x79,0xB3,0x25,0x8F},
-	{0x4F,0xB0,0x5E,0x15,0x15,0xAB,0x73,0xA7},
-	{0x49,0xE9,0x5D,0x6D,0x4C,0xA2,0x29,0xBF},
-	{0x01,0x83,0x10,0xDC,0x40,0x9B,0x26,0xD6},
-	{0x1C,0x58,0x7F,0x1C,0x13,0x92,0x4F,0xEF},
-	{0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},
-	{0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E},
-	{0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE},
-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
-	{0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
-	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
-	{0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10}};
-
-static unsigned char plain_data[NUM_TESTS][8]={
-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
-	{0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
-	{0x10,0x00,0x00,0x00,0x00,0x00,0x00,0x01},
-	{0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
-	{0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
-	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
-	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
-	{0x01,0xA1,0xD6,0xD0,0x39,0x77,0x67,0x42},
-	{0x5C,0xD5,0x4C,0xA8,0x3D,0xEF,0x57,0xDA},
-	{0x02,0x48,0xD4,0x38,0x06,0xF6,0x71,0x72},
-	{0x51,0x45,0x4B,0x58,0x2D,0xDF,0x44,0x0A},
-	{0x42,0xFD,0x44,0x30,0x59,0x57,0x7F,0xA2},
-	{0x05,0x9B,0x5E,0x08,0x51,0xCF,0x14,0x3A},
-	{0x07,0x56,0xD8,0xE0,0x77,0x47,0x61,0xD2},
-	{0x76,0x25,0x14,0xB8,0x29,0xBF,0x48,0x6A},
-	{0x3B,0xDD,0x11,0x90,0x49,0x37,0x28,0x02},
-	{0x26,0x95,0x5F,0x68,0x35,0xAF,0x60,0x9A},
-	{0x16,0x4D,0x5E,0x40,0x4F,0x27,0x52,0x32},
-	{0x6B,0x05,0x6E,0x18,0x75,0x9F,0x5C,0xCA},
-	{0x00,0x4B,0xD6,0xEF,0x09,0x17,0x60,0x62},
-	{0x48,0x0D,0x39,0x00,0x6E,0xE7,0x62,0xF2},
-	{0x43,0x75,0x40,0xC8,0x69,0x8F,0x3C,0xFA},
-	{0x07,0x2D,0x43,0xA0,0x77,0x07,0x52,0x92},
-	{0x02,0xFE,0x55,0x77,0x81,0x17,0xF1,0x2A},
-	{0x1D,0x9D,0x5C,0x50,0x18,0xF7,0x28,0xC2},
-	{0x30,0x55,0x32,0x28,0x6D,0x6F,0x29,0x5A},
-	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
-	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
-	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
-	{0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
-	{0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}};
-
-static unsigned char cipher_data[NUM_TESTS][8]={
-	{0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7},
-	{0x73,0x59,0xB2,0x16,0x3E,0x4E,0xDC,0x58},
-	{0x95,0x8E,0x6E,0x62,0x7A,0x05,0x55,0x7B},
-	{0xF4,0x03,0x79,0xAB,0x9E,0x0E,0xC5,0x33},
-	{0x17,0x66,0x8D,0xFC,0x72,0x92,0x53,0x2D},
-	{0x8A,0x5A,0xE1,0xF8,0x1A,0xB8,0xF2,0xDD},
-	{0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7},
-	{0xED,0x39,0xD9,0x50,0xFA,0x74,0xBC,0xC4},
-	{0x69,0x0F,0x5B,0x0D,0x9A,0x26,0x93,0x9B},
-	{0x7A,0x38,0x9D,0x10,0x35,0x4B,0xD2,0x71},
-	{0x86,0x8E,0xBB,0x51,0xCA,0xB4,0x59,0x9A},
-	{0x71,0x78,0x87,0x6E,0x01,0xF1,0x9B,0x2A},
-	{0xAF,0x37,0xFB,0x42,0x1F,0x8C,0x40,0x95},
-	{0x86,0xA5,0x60,0xF1,0x0E,0xC6,0xD8,0x5B},
-	{0x0C,0xD3,0xDA,0x02,0x00,0x21,0xDC,0x09},
-	{0xEA,0x67,0x6B,0x2C,0xB7,0xDB,0x2B,0x7A},
-	{0xDF,0xD6,0x4A,0x81,0x5C,0xAF,0x1A,0x0F},
-	{0x5C,0x51,0x3C,0x9C,0x48,0x86,0xC0,0x88},
-	{0x0A,0x2A,0xEE,0xAE,0x3F,0xF4,0xAB,0x77},
-	{0xEF,0x1B,0xF0,0x3E,0x5D,0xFA,0x57,0x5A},
-	{0x88,0xBF,0x0D,0xB6,0xD7,0x0D,0xEE,0x56},
-	{0xA1,0xF9,0x91,0x55,0x41,0x02,0x0B,0x56},
-	{0x6F,0xBF,0x1C,0xAF,0xCF,0xFD,0x05,0x56},
-	{0x2F,0x22,0xE4,0x9B,0xAB,0x7C,0xA1,0xAC},
-	{0x5A,0x6B,0x61,0x2C,0xC2,0x6C,0xCE,0x4A},
-	{0x5F,0x4C,0x03,0x8E,0xD1,0x2B,0x2E,0x41},
-	{0x63,0xFA,0xC0,0xD0,0x34,0xD9,0xF7,0x93},
-	{0x61,0x7B,0x3A,0x0C,0xE8,0xF0,0x71,0x00},
-	{0xDB,0x95,0x86,0x05,0xF8,0xC8,0xC6,0x06},
-	{0xED,0xBF,0xD1,0xC6,0x6C,0x29,0xCC,0xC7},
-	{0x35,0x55,0x50,0xB2,0x15,0x0E,0x24,0x51},
-	{0xCA,0xAA,0xAF,0x4D,0xEA,0xF1,0xDB,0xAE},
-	{0xD5,0xD4,0x4F,0xF7,0x20,0x68,0x3D,0x0D},
-	{0x2A,0x2B,0xB0,0x08,0xDF,0x97,0xC2,0xF2}};
-
-static unsigned char cipher_ecb2[NUM_TESTS-1][8]={
-	{0x92,0x95,0xB5,0x9B,0xB3,0x84,0x73,0x6E},
-	{0x19,0x9E,0x9D,0x6D,0xF3,0x9A,0xA8,0x16},
-	{0x2A,0x4B,0x4D,0x24,0x52,0x43,0x84,0x27},
-	{0x35,0x84,0x3C,0x01,0x9D,0x18,0xC5,0xB6},
-	{0x4A,0x5B,0x2F,0x42,0xAA,0x77,0x19,0x25},
-	{0xA0,0x6B,0xA9,0xB8,0xCA,0x5B,0x17,0x8A},
-	{0xAB,0x9D,0xB7,0xFB,0xED,0x95,0xF2,0x74},
-	{0x3D,0x25,0x6C,0x23,0xA7,0x25,0x2F,0xD6},
-	{0xB7,0x6F,0xAB,0x4F,0xBD,0xBD,0xB7,0x67},
-	{0x8F,0x68,0x27,0xD6,0x9C,0xF4,0x1A,0x10},
-	{0x82,0x57,0xA1,0xD6,0x50,0x5E,0x81,0x85},
-	{0xA2,0x0F,0x0A,0xCD,0x80,0x89,0x7D,0xFA},
-	{0xCD,0x2A,0x53,0x3A,0xDB,0x0D,0x7E,0xF3},
-	{0xD2,0xC2,0xBE,0x27,0xE8,0x1B,0x68,0xE3},
-	{0xE9,0x24,0xCF,0x4F,0x89,0x3C,0x5B,0x0A},
-	{0xA7,0x18,0xC3,0x9F,0xFA,0x9F,0xD7,0x69},
-	{0x77,0x2C,0x79,0xB1,0xD2,0x31,0x7E,0xB1},
-	{0x49,0xAB,0x92,0x7F,0xD0,0x22,0x00,0xB7},
-	{0xCE,0x1C,0x6C,0x7D,0x85,0xE3,0x4A,0x6F},
-	{0xBE,0x91,0xD6,0xE1,0x27,0xB2,0xE9,0x87},
-	{0x70,0x28,0xAE,0x8F,0xD1,0xF5,0x74,0x1A},
-	{0xAA,0x37,0x80,0xBB,0xF3,0x22,0x1D,0xDE},
-	{0xA6,0xC4,0xD2,0x5E,0x28,0x93,0xAC,0xB3},
-	{0x22,0x07,0x81,0x5A,0xE4,0xB7,0x1A,0xAD},
-	{0xDC,0xCE,0x05,0xE7,0x07,0xBD,0xF5,0x84},
-	{0x26,0x1D,0x39,0x2C,0xB3,0xBA,0xA5,0x85},
-	{0xB4,0xF7,0x0F,0x72,0xFB,0x04,0xF0,0xDC},
-	{0x95,0xBA,0xA9,0x4E,0x87,0x36,0xF2,0x89},
-	{0xD4,0x07,0x3A,0xF1,0x5A,0x17,0x82,0x0E},
-	{0xEF,0x6F,0xAF,0xA7,0x66,0x1A,0x7E,0x89},
-	{0xC1,0x97,0xF5,0x58,0x74,0x8A,0x20,0xE7},
-	{0x43,0x34,0xCF,0xDA,0x22,0xC4,0x86,0xC8},
-	{0x08,0xD7,0xB4,0xFB,0x62,0x9D,0x08,0x85}};
-
-static unsigned char cbc_key [8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};
-static unsigned char cbc2_key[8]={0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87};
-static unsigned char cbc3_key[8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10};
-static unsigned char cbc_iv  [8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10};
-static char cbc_data[40]="7654321 Now is the time for ";
-
-static unsigned char cbc_ok[32]={
-	0xcc,0xd1,0x73,0xff,0xab,0x20,0x39,0xf4,
-	0xac,0xd8,0xae,0xfd,0xdf,0xd8,0xa1,0xeb,
-	0x46,0x8e,0x91,0x15,0x78,0x88,0xba,0x68,
-	0x1d,0x26,0x93,0x97,0xf7,0xfe,0x62,0xb4};
-
-static unsigned char cbc3_ok[32]={
-	0x3F,0xE3,0x01,0xC9,0x62,0xAC,0x01,0xD0,
-	0x22,0x13,0x76,0x3C,0x1C,0xBD,0x4C,0xDC,
-	0x79,0x96,0x57,0xC0,0x64,0xEC,0xF5,0xD4,
-	0x1C,0x67,0x38,0x12,0xCF,0xDE,0x96,0x75};
-
-static unsigned char pcbc_ok[32]={
-	0xcc,0xd1,0x73,0xff,0xab,0x20,0x39,0xf4,
-	0x6d,0xec,0xb4,0x70,0xa0,0xe5,0x6b,0x15,
-	0xae,0xa6,0xbf,0x61,0xed,0x7d,0x9c,0x9f,
-	0xf7,0x17,0x46,0x3b,0x8a,0xb3,0xcc,0x88};
-
-static unsigned char cfb_key[8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};
-static unsigned char cfb_iv[8]={0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef};
-static unsigned char cfb_buf1[40],cfb_buf2[40],cfb_tmp[8];
-static unsigned char plain[24]=
-	{
-	0x4e,0x6f,0x77,0x20,0x69,0x73,
-	0x20,0x74,0x68,0x65,0x20,0x74,
-	0x69,0x6d,0x65,0x20,0x66,0x6f,
-	0x72,0x20,0x61,0x6c,0x6c,0x20
-	};
-static unsigned char cfb_cipher8[24]= {
-	0xf3,0x1f,0xda,0x07,0x01,0x14, 0x62,0xee,0x18,0x7f,0x43,0xd8,
-	0x0a,0x7c,0xd9,0xb5,0xb0,0xd2, 0x90,0xda,0x6e,0x5b,0x9a,0x87 };
-static unsigned char cfb_cipher16[24]={
-	0xF3,0x09,0x87,0x87,0x7F,0x57, 0xF7,0x3C,0x36,0xB6,0xDB,0x70,
-	0xD8,0xD5,0x34,0x19,0xD3,0x86, 0xB2,0x23,0xB7,0xB2,0xAD,0x1B };
-static unsigned char cfb_cipher32[24]={
-	0xF3,0x09,0x62,0x49,0xA4,0xDF, 0xA4,0x9F,0x33,0xDC,0x7B,0xAD,
-	0x4C,0xC8,0x9F,0x64,0xE4,0x53, 0xE5,0xEC,0x67,0x20,0xDA,0xB6 };
-static unsigned char cfb_cipher48[24]={
-	0xF3,0x09,0x62,0x49,0xC7,0xF4, 0x30,0xB5,0x15,0xEC,0xBB,0x85,
-	0x97,0x5A,0x13,0x8C,0x68,0x60, 0xE2,0x38,0x34,0x3C,0xDC,0x1F };
-static unsigned char cfb_cipher64[24]={
-	0xF3,0x09,0x62,0x49,0xC7,0xF4, 0x6E,0x51,0xA6,0x9E,0x83,0x9B,
-	0x1A,0x92,0xF7,0x84,0x03,0x46, 0x71,0x33,0x89,0x8E,0xA6,0x22 };
-
-static unsigned char ofb_key[8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};
-static unsigned char ofb_iv[8]={0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef};
-static unsigned char ofb_buf1[24],ofb_buf2[24],ofb_tmp[8];
-static unsigned char ofb_cipher[24]=
-	{
-	0xf3,0x09,0x62,0x49,0xc7,0xf4,0x6e,0x51,
-	0x35,0xf2,0x4a,0x24,0x2e,0xeb,0x3d,0x3f,
-	0x3d,0x6d,0x5b,0xe3,0x25,0x5a,0xf8,0xc3
-	};
-
-unsigned long cbc_cksum_ret=0xB462FEF7L;
-unsigned char cbc_cksum_data[8]={0x1D,0x26,0x93,0x97,0xf7,0xfe,0x62,0xb4};
-
-#ifndef NOPROTO
-static char *pt(unsigned char *p);
-static int cfb_test(int bits, unsigned char *cfb_cipher);
-static int cfb64_test(unsigned char *cfb_cipher);
-static int ede_cfb64_test(unsigned char *cfb_cipher);
-#else
-static char *pt();
-static int cfb_test();
-static int cfb64_test();
-static int ede_cfb64_test();
-#endif
-
-int main(argc,argv)
-int argc;
-char *argv[];
-	{
-	int i,j,err=0;
-	des_cblock in,out,outin,iv3;
-	des_key_schedule ks,ks2,ks3;
-	unsigned char cbc_in[40];
-	unsigned char cbc_out[40];
-	unsigned long cs;
-	unsigned char qret[4][4],cret[8];
-	unsigned long lqret[4];
-	int num;
-	char *str;
-
-	printf("Doing ecb\n");
-	for (i=0; i<NUM_TESTS; i++)
-		{
-		if ((j=key_sched((C_Block *)(key_data[i]),ks)) != 0)
-			{
-			printf("Key error %2d:%d\n",i+1,j);
-			err=1;
-			}
-		memcpy(in,plain_data[i],8);
-		memset(out,0,8);
-		memset(outin,0,8);
-		des_ecb_encrypt((C_Block *)in,(C_Block *)out,ks,DES_ENCRYPT);
-		des_ecb_encrypt((C_Block *)out,(C_Block *)outin,ks,DES_DECRYPT);
-
-		if (memcmp(out,cipher_data[i],8) != 0)
-			{
-			printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n",
-				i+1,pt(key_data[i]),pt(in),pt(cipher_data[i]),
-				pt(out));
-			err=1;
-			}
-		if (memcmp(in,outin,8) != 0)
-			{
-			printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n",
-				i+1,pt(key_data[i]),pt(out),pt(in),pt(outin));
-			err=1;
-			}
-		}
-
-	printf("Doing ede ecb\n");
-	for (i=0; i<(NUM_TESTS-1); i++)
-		{
-		if ((j=key_sched((C_Block *)(key_data[i]),ks)) != 0)
-			{
-			err=1;
-			printf("Key error %2d:%d\n",i+1,j);
-			}
-		if ((j=key_sched((C_Block *)(key_data[i+1]),ks2)) != 0)
-			{
-			printf("Key error %2d:%d\n",i+2,j);
-			err=1;
-			}
-		if ((j=key_sched((C_Block *)(key_data[i+2]),ks3)) != 0)
-			{
-			printf("Key error %2d:%d\n",i+3,j);
-			err=1;
-			}
-		memcpy(in,plain_data[i],8);
-		memset(out,0,8);
-		memset(outin,0,8);
-		des_ecb2_encrypt((C_Block *)in,(C_Block *)out,ks,ks2,
-			DES_ENCRYPT);
-		des_ecb2_encrypt((C_Block *)out,(C_Block *)outin,ks,ks2,
-			DES_DECRYPT);
-
-		if (memcmp(out,cipher_ecb2[i],8) != 0)
-			{
-			printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n",
-				i+1,pt(key_data[i]),pt(in),pt(cipher_ecb2[i]),
-				pt(out));
-			err=1;
-			}
-		if (memcmp(in,outin,8) != 0)
-			{
-			printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n",
-				i+1,pt(key_data[i]),pt(out),pt(in),pt(outin));
-			err=1;
-			}
-		}
-
-	printf("Doing cbc\n");
-	if ((j=key_sched((C_Block *)cbc_key,ks)) != 0)
-		{
-		printf("Key error %d\n",j);
-		err=1;
-		}
-	memset(cbc_out,0,40);
-	memset(cbc_in,0,40);
-	des_cbc_encrypt((C_Block *)cbc_data,(C_Block *)cbc_out,
-		(long)strlen((char *)cbc_data)+1,ks,
-		(C_Block *)cbc_iv,DES_ENCRYPT);
-	if (memcmp(cbc_out,cbc_ok,32) != 0)
-		printf("cbc_encrypt encrypt error\n");
-	des_cbc_encrypt((C_Block *)cbc_out,(C_Block *)cbc_in,
-		(long)strlen((char *)cbc_data)+1,ks,
-		(C_Block *)cbc_iv,DES_DECRYPT);
-	if (memcmp(cbc_in,cbc_data,32) != 0)
-		{
-		printf("cbc_encrypt decrypt error\n");
-		err=1;
-		}
-
-	printf("Doing ede cbc\n");
-	if ((j=key_sched((C_Block *)cbc_key,ks)) != 0)
-		{
-		printf("Key error %d\n",j);
-		err=1;
-		}
-	if ((j=key_sched((C_Block *)cbc2_key,ks2)) != 0)
-		{
-		printf("Key error %d\n",j);
-		err=1;
-		}
-	if ((j=key_sched((C_Block *)cbc3_key,ks3)) != 0)
-		{
-		printf("Key error %d\n",j);
-		err=1;
-		}
-	memset(cbc_out,0,40);
-	memset(cbc_in,0,40);
-	i=strlen((char *)cbc_data)+1;
-	i=((i+7)/8)*8;
-	memcpy(iv3,cbc_iv,sizeof(cbc_iv));
-
-	des_ede3_cbc_encrypt((C_Block *)cbc_data,(C_Block *)cbc_out,
-		16L,ks,ks2,ks3,(C_Block *)iv3,DES_ENCRYPT);
-	des_ede3_cbc_encrypt((C_Block *)&(cbc_data[16]),
-		(C_Block *)&(cbc_out[16]),
-		(long)i-16,ks,ks2,ks3,(C_Block *)iv3,DES_ENCRYPT);
-	if (memcmp(cbc_out,cbc3_ok,
-		(unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0)
-		{
-		printf("des_ede3_cbc_encrypt encrypt error\n");
-		err=1;
-		}
-
-	memcpy(iv3,cbc_iv,sizeof(cbc_iv));
-	des_ede3_cbc_encrypt((C_Block *)cbc_out,(C_Block *)cbc_in,
-		(long)i,ks,ks2,ks3,(C_Block *)iv3,DES_DECRYPT);
-	if (memcmp(cbc_in,cbc_data,strlen(cbc_data)+1) != 0)
-		{
-		printf("des_ede3_cbc_encrypt decrypt error\n");
-		err=1;
-		}
-
-	printf("Doing pcbc\n");
-	if ((j=key_sched((C_Block *)cbc_key,ks)) != 0)
-		{
-		printf("Key error %d\n",j);
-		err=1;
-		}
-	memset(cbc_out,0,40);
-	memset(cbc_in,0,40);
-	des_pcbc_encrypt((C_Block *)cbc_data,(C_Block *)cbc_out,
-		(long)strlen(cbc_data)+1,ks,(C_Block *)cbc_iv,DES_ENCRYPT);
-	if (memcmp(cbc_out,pcbc_ok,32) != 0)
-		{
-		printf("pcbc_encrypt encrypt error\n");
-		err=1;
-		}
-	des_pcbc_encrypt((C_Block *)cbc_out,(C_Block *)cbc_in,
-		(long)strlen(cbc_data)+1,ks,(C_Block *)cbc_iv,DES_DECRYPT);
-	if (memcmp(cbc_in,cbc_data,32) != 0)
-		{
-		printf("pcbc_encrypt decrypt error\n");
-		err=1;
-		}
-
-	printf("Doing ");
-	printf("cfb8 ");
-	err+=cfb_test(8,cfb_cipher8);
-	printf("cfb16 ");
-	err+=cfb_test(16,cfb_cipher16);
-	printf("cfb32 ");
-	err+=cfb_test(32,cfb_cipher32);
-	printf("cfb48 ");
-	err+=cfb_test(48,cfb_cipher48);
-	printf("cfb64 ");
-	err+=cfb_test(64,cfb_cipher64);
-
-	printf("cfb64() ");
-	err+=cfb64_test(cfb_cipher64);
-
-	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
-	for (i=0; i<sizeof(plain); i++)
-		des_cfb_encrypt(&(plain[i]),&(cfb_buf1[i]),
-			8,(long)1,ks,(C_Block *)cfb_tmp,DES_ENCRYPT);
-	if (memcmp(cfb_cipher8,cfb_buf1,sizeof(plain)) != 0)
-		{
-		printf("cfb_encrypt small encrypt error\n");
-		err=1;
-		}
-
-	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
-	for (i=0; i<sizeof(plain); i++)
-		des_cfb_encrypt(&(cfb_buf1[i]),&(cfb_buf2[i]),
-			8,(long)1,ks,(C_Block *)cfb_tmp,DES_DECRYPT);
-	if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
-		{
-		printf("cfb_encrypt small decrypt error\n");
-		err=1;
-		}
-
-	printf("ede_cfb64() ");
-	err+=ede_cfb64_test(cfb_cipher64);
-
-	printf("done\n");
-
-	printf("Doing ofb\n");
-	key_sched((C_Block *)ofb_key,ks);
-	memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
-	des_ofb_encrypt(plain,ofb_buf1,64,(long)sizeof(plain)/8,ks,
-		(C_Block *)ofb_tmp);
-	if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)
-		{
-		printf("ofb_encrypt encrypt error\n");
-		err=1;
-		}
-	memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
-	des_ofb_encrypt(ofb_buf1,ofb_buf2,64,(long)sizeof(ofb_buf1)/8,ks,
-		(C_Block *)ofb_tmp);
-	if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)
-		{
-		printf("ofb_encrypt decrypt error\n");
-		err=1;
-		}
-
-	printf("Doing ofb64\n");
-	key_sched((C_Block *)ofb_key,ks);
-	memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
-	memset(ofb_buf1,0,sizeof(ofb_buf1));
-	memset(ofb_buf2,0,sizeof(ofb_buf1));
-	num=0;
-	for (i=0; i<sizeof(plain); i++)
-		{
-		des_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,ks,
-			(C_Block *)ofb_tmp,&num);
-		}
-	if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)
-		{
-		printf("ofb64_encrypt encrypt error\n");
-		err=1;
-		}
-	memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
-	num=0;
-	des_ofb64_encrypt(ofb_buf1,ofb_buf2,(long)sizeof(ofb_buf1),ks,
-		(C_Block *)ofb_tmp,&num);
-	if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)
-		{
-		printf("ofb64_encrypt decrypt error\n");
-		err=1;
-		}
-
-	printf("Doing ede_ofb64\n");
-	key_sched((C_Block *)ofb_key,ks);
-	memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
-	memset(ofb_buf1,0,sizeof(ofb_buf1));
-	memset(ofb_buf2,0,sizeof(ofb_buf1));
-	num=0;
-	for (i=0; i<sizeof(plain); i++)
-		{
-		des_ede3_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,ks,ks,ks,
-			(C_Block *)ofb_tmp,&num);
-		}
-	if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)
-		{
-		printf("ede_ofb64_encrypt encrypt error\n");
-		err=1;
-		}
-	memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
-	num=0;
-	des_ede3_ofb64_encrypt(ofb_buf1,ofb_buf2,(long)sizeof(ofb_buf1),ks,
-		ks,ks,(C_Block *)ofb_tmp,&num);
-	if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)
-		{
-		printf("ede_ofb64_encrypt decrypt error\n");
-		err=1;
-		}
-
-	printf("Doing cbc_cksum\n");
-	key_sched((C_Block *)cbc_key,ks);
-	cs=cbc_cksum((C_Block *)cbc_data,(C_Block *)cret,
-		(long)strlen(cbc_data),ks,(C_Block *)cbc_iv);
-	if (cs != cbc_cksum_ret)
-		{
-		printf("bad return value (%08lX), should be %08lX\n",
-			cs,cbc_cksum_ret);
-		err=1;
-		}
-	if (memcmp(cret,cbc_cksum_data,8) != 0)
-		{
-		printf("bad cbc_cksum block returned\n");
-		err=1;
-		}
-
-	printf("Doing quad_cksum\n");
-	cs=quad_cksum((C_Block *)cbc_data,(C_Block *)qret,
-		(long)strlen(cbc_data),2,(C_Block *)cbc_iv);
-	for (i=0; i<4; i++)
-		{
-		lqret[i]=0;
-		memcpy(&(lqret[i]),&(qret[i][0]),4);
-		}
-	{ /* Big-endian fix */
-	static unsigned long l=1;
-	static unsigned char *c=(unsigned char *)&l;
-	unsigned long ll;
-
-	if (!c[0])
-		{
-		ll=lqret[0]^lqret[3];
-		lqret[0]^=ll;
-		lqret[3]^=ll;
-		ll=lqret[1]^lqret[2];
-		lqret[1]^=ll;
-		lqret[2]^=ll;
-		}
-	}
-	if (cs != 0x70d7a63aL)
-		{
-		printf("quad_cksum error, ret %08lx should be 70d7a63a\n",cs);
-		err=1;
-		}
-	if (lqret[0] != 0x327eba8dL)
-		{
-		printf("quad_cksum error, out[0] %08lx is not %08lx\n",
-			lqret[0],0x327eba8dL);
-		err=1;
-		}
-	if (lqret[1] != 0x201a49ccL)
-		{
-		printf("quad_cksum error, out[1] %08lx is not %08lx\n",
-			lqret[1],0x201a49ccL);
-		err=1;
-		}
-	if (lqret[2] != 0x70d7a63aL)
-		{
-		printf("quad_cksum error, out[2] %08lx is not %08lx\n",
-			lqret[2],0x70d7a63aL);
-		err=1;
-		}
-	if (lqret[3] != 0x501c2c26L)
-		{
-		printf("quad_cksum error, out[3] %08lx is not %08lx\n",
-			lqret[3],0x501c2c26L);
-		err=1;
-		}
-
-	printf("input word alignment test");
-	for (i=0; i<4; i++)
-		{
-		printf(" %d",i);
-		des_cbc_encrypt((C_Block *)&(cbc_out[i]),(C_Block *)cbc_in,
-			(long)strlen(cbc_data)+1,ks,(C_Block *)cbc_iv,
-			DES_ENCRYPT);
-		}
-	printf("\noutput word alignment test");
-	for (i=0; i<4; i++)
-		{
-		printf(" %d",i);
-		des_cbc_encrypt((C_Block *)cbc_out,(C_Block *)&(cbc_in[i]),
-			(long)strlen(cbc_data)+1,ks,(C_Block *)cbc_iv,
-			DES_ENCRYPT);
-		}
-	printf("\n");
-	printf("fast crypt test ");
-	str=crypt("testing","ef");
-	if (strcmp("efGnQx2725bI2",str) != 0)
-		{
-		printf("fast crypt error, %s should be efGnQx2725bI2\n",str);
-		err=1;
-		}
-	str=crypt("bca76;23","yA");
-	if (strcmp("yA1Rp/1hZXIJk",str) != 0)
-		{
-		printf("fast crypt error, %s should be yA1Rp/1hZXIJk\n",str);
-		err=1;
-		}
-	printf("\n");
-	exit(err);
-#ifdef LINT
-	return(0);
-#endif
-	}
-
-static char *pt(p)
-unsigned char *p;
-	{
-	static char bufs[10][20];
-	static int bnum=0;
-	char *ret;
-	int i;
-	static char *f="0123456789ABCDEF";
-
-	ret= &(bufs[bnum++][0]);
-	bnum%=10;
-	for (i=0; i<8; i++)
-		{
-		ret[i*2]=f[(p[i]>>4)&0xf];
-		ret[i*2+1]=f[p[i]&0xf];
-		}
-	ret[16]='\0';
-	return(ret);
-	}
-
-static int cfb_test(bits, cfb_cipher)
-int bits;
-unsigned char *cfb_cipher;
-	{
-	des_key_schedule ks;
-	int i,err=0;
-
-	key_sched((C_Block *)cfb_key,ks);
-	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
-	des_cfb_encrypt(plain,cfb_buf1,bits,(long)sizeof(plain),ks,
-		(C_Block *)cfb_tmp,DES_ENCRYPT);
-	if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0)
-		{
-		err=1;
-		printf("cfb_encrypt encrypt error\n");
-		for (i=0; i<24; i+=8)
-			printf("%s\n",pt(&(cfb_buf1[i])));
-		}
-	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
-	des_cfb_encrypt(cfb_buf1,cfb_buf2,bits,(long)sizeof(plain),ks,
-		(C_Block *)cfb_tmp,DES_DECRYPT);
-	if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
-		{
-		err=1;
-		printf("cfb_encrypt decrypt error\n");
-		for (i=0; i<24; i+=8)
-			printf("%s\n",pt(&(cfb_buf1[i])));
-		}
-	return(err);
-	}
-
-static int cfb64_test(cfb_cipher)
-unsigned char *cfb_cipher;
-	{
-	des_key_schedule ks;
-	int err=0,i,n;
-
-	key_sched((C_Block *)cfb_key,ks);
-	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
-	n=0;
-	des_cfb64_encrypt(plain,cfb_buf1,(long)12,ks,
-		(C_Block *)cfb_tmp,&n,DES_ENCRYPT);
-	des_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),
-		(long)sizeof(plain)-12,ks,
-		(C_Block *)cfb_tmp,&n,DES_ENCRYPT);
-	if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0)
-		{
-		err=1;
-		printf("cfb_encrypt encrypt error\n");
-		for (i=0; i<24; i+=8)
-			printf("%s\n",pt(&(cfb_buf1[i])));
-		}
-	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
-	n=0;
-	des_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,ks,
-		(C_Block *)cfb_tmp,&n,DES_DECRYPT);
-	des_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),
-		(long)sizeof(plain)-17,ks,
-		(C_Block *)cfb_tmp,&n,DES_DECRYPT);
-	if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
-		{
-		err=1;
-		printf("cfb_encrypt decrypt error\n");
-		for (i=0; i<24; i+=8)
-			printf("%s\n",pt(&(cfb_buf2[i])));
-		}
-	return(err);
-	}
-
-static int ede_cfb64_test(cfb_cipher)
-unsigned char *cfb_cipher;
-	{
-	des_key_schedule ks;
-	int err=0,i,n;
-
-	key_sched((C_Block *)cfb_key,ks);
-	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
-	n=0;
-	des_ede3_cfb64_encrypt(plain,cfb_buf1,(long)12,ks,ks,ks,
-		(C_Block *)cfb_tmp,&n,DES_ENCRYPT);
-	des_ede3_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),
-		(long)sizeof(plain)-12,ks,ks,ks,
-		(C_Block *)cfb_tmp,&n,DES_ENCRYPT);
-	if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0)
-		{
-		err=1;
-		printf("ede_cfb_encrypt encrypt error\n");
-		for (i=0; i<24; i+=8)
-			printf("%s\n",pt(&(cfb_buf1[i])));
-		}
-	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
-	n=0;
-	des_ede3_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,ks,ks,ks,
-		(C_Block *)cfb_tmp,&n,DES_DECRYPT);
-	des_ede3_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),
-		(long)sizeof(plain)-17,ks,ks,ks,
-		(C_Block *)cfb_tmp,&n,DES_DECRYPT);
-	if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
-		{
-		err=1;
-		printf("ede_cfb_encrypt decrypt error\n");
-		for (i=0; i<24; i+=8)
-			printf("%s\n",pt(&(cfb_buf2[i])));
-		}
-	return(err);
-	}
diff --git a/secure/lib/libdes/doIP b/secure/lib/libdes/doIP
deleted file mode 100644
index 18cf23130364..000000000000
--- a/secure/lib/libdes/doIP
+++ /dev/null
@@ -1,46 +0,0 @@
-#!/usr/local/bin/perl
-
-@l=(
-	 0, 1, 2, 3, 4, 5, 6, 7,
-	 8, 9,10,11,12,13,14,15,
-	16,17,18,19,20,21,22,23,
-	24,25,26,27,28,29,30,31
-	);
-@r=(
-	32,33,34,35,36,37,38,39,
-	40,41,42,43,44,45,46,47,
-	48,49,50,51,52,53,54,55,
-	56,57,58,59,60,61,62,63
-	);
-
-require 'shifts.pl';
-
-sub PERM_OP
-	{
-	local(*a,*b,*t,$n,$m)=@_;
-
-	@z=&shift(*a,-$n);
-	@z=&xor(*b,*z);
-	@z=&and(*z,$m);
-	@b=&xor(*b,*z);
-	@z=&shift(*z,$n);
-	@a=&xor(*a,*z);
-	}
-
-
-@L=@l;
-@R=@r;
-&PERM_OP(*R,*L,*T,4,0x0f0f0f0f);
-&PERM_OP(*L,*R,*T,16,0x0000ffff);
-&PERM_OP(*R,*L,*T,2,0x33333333);
-&PERM_OP(*L,*R,*T,8,0x00ff00ff);
-&PERM_OP(*R,*L,*T,1,0x55555555);
-	&printit(@L);
-	&printit(@R);
-&PERM_OP(*R,*L,*T,1,0x55555555);
-&PERM_OP(*L,*R,*T,8,0x00ff00ff);
-&PERM_OP(*R,*L,*T,2,0x33333333);
-&PERM_OP(*L,*R,*T,16,0x0000ffff);
-&PERM_OP(*R,*L,*T,4,0x0f0f0f0f);
-	&printit(@L);
-	&printit(@R);
diff --git a/secure/lib/libdes/doPC1 b/secure/lib/libdes/doPC1
deleted file mode 100644
index 096afd8c4614..000000000000
--- a/secure/lib/libdes/doPC1
+++ /dev/null
@@ -1,110 +0,0 @@
-#!/usr/local/bin/perl
-
-@l=(
-	 0, 1, 2, 3, 4, 5, 6, 7,
-	 8, 9,10,11,12,13,14,15,
-	16,17,18,19,20,21,22,23,
-	24,25,26,27,28,29,30,31
-	);
-@r=(
-	32,33,34,35,36,37,38,39,
-	40,41,42,43,44,45,46,47,
-	48,49,50,51,52,53,54,55,
-	56,57,58,59,60,61,62,63
-	);
-
-require 'shifts.pl';
-
-sub PERM_OP
-	{
-	local(*a,*b,*t,$n,$m)=@_;
-
-	@z=&shift(*a,-$n);
-	@z=&xor(*b,*z);
-	@z=&and(*z,$m);
-	@b=&xor(*b,*z);
-	@z=&shift(*z,$n);
-	@a=&xor(*a,*z);
-	}
-
-sub HPERM_OP2
-	{
-	local(*a,*t,$n,$m)=@_;
-	local(@x,@y,$i);
-
-	@z=&shift(*a,16-$n);
-	@z=&xor(*a,*z);
-	@z=&and(*z,$m);
-	@a=&xor(*a,*z);
-	@z=&shift(*z,$n-16);
-	@a=&xor(*a,*z);
-	}
-
-sub HPERM_OP
-        {
-        local(*a,*t,$n,$m)=@_;
-        local(@x,@y,$i);
-
-        for ($i=0; $i<16; $i++)
-                {
-                $x[$i]=$a[$i];
-                $y[$i]=$a[16+$i];
-                }
-        @z=&shift(*x,-$n);
-        @z=&xor(*y,*z);
-        @z=&and(*z,$m);
-        @y=&xor(*y,*z);
-        @z=&shift(*z,$n);
-        @x=&xor(*x,*z);
-        for ($i=0; $i<16; $i++)
-                {
-                $a[$i]=$x[$i];
-                $a[16+$i]=$y[$i];
-                }
-        }
-
-@L=@l;
-@R=@r;
-
-	print "---\n"; &printit(@R);
-&PERM_OP(*R,*L,*T,4,0x0f0f0f0f);
-	print "---\n"; &printit(@R);
-&HPERM_OP2(*L,*T,-2,0xcccc0000);
-&HPERM_OP2(*R,*T,-2,0xcccc0000);
-	print "---\n"; &printit(@R);
-&PERM_OP(*R,*L,*T,1,0x55555555);
-	print "---\n"; &printit(@R);
-&PERM_OP(*L,*R,*T,8,0x00ff00ff);
-	print "---\n"; &printit(@R);
-&PERM_OP(*R,*L,*T,1,0x55555555);
-	print "---\n"; &printit(@R);
-#	&printit(@L);
-	&printit(@R);
-print <<"EOF";
-==============================
-63  55  47  39  31  23  15   7  
-62  54  46  38  30  22  14   6  
-61  53  45  37  29  21  13   5  
-60  52  44  36  --  --  --  --  
-
-57  49  41  33  25  17   9   1  
-58  50  42  34  26  18  10   2  
-59  51  43  35  27  19  11   3  
-28  20  12   4  --  --  --  --  
-EOF
-exit(1);
-@A=&and(*R,0x000000ff);
-@A=&shift(*A,16);
-@B=&and(*R,0x0000ff00);
-@C=&and(*R,0x00ff0000);
-@C=&shift(*C,-16);
-@D=&and(*L,0xf0000000);
-@D=&shift(*D,-4);
-@A=&or(*A,*B);
-@B=&or(*D,*C);
-@R=&or(*A,*B);
-@L=&and(*L,0x0fffffff);
-
-	&printit(@L);
-	&printit(@R);
-
diff --git a/secure/lib/libdes/doPC2 b/secure/lib/libdes/doPC2
deleted file mode 100644
index fa5cf74cf713..000000000000
--- a/secure/lib/libdes/doPC2
+++ /dev/null
@@ -1,94 +0,0 @@
-#!/usr/local/bin/perl
-
-@PC2_C=(14,17,11,24, 1, 5,
-	 3,28,15, 6,21,10,
-	23,19,12, 4,26, 8,
-	16, 7,27,20,13, 2,
-	);
-
-@PC2_D=(41,52,31,37,47,55,
-	30,40,51,45,33,48,
-	44,49,39,56,34,53,
-	46,42,50,36,29,32,
-	);
-
-$i=0;
-foreach (@PC2_C) {
-	$_--;
-#	printf "%2d,",$_;
-	$C{$_}=$i;
-	++$i;
-#	print "\n" if ((($i) % 8) == 0);
-	}
-$i=0;
-#print "\n";
-foreach (@PC2_D) {
-	$_-=28;
-	$_--;
-#	printf "%2d,",$_;
-	$D{$_}=$i;
-	$i++;
-#	print "\n" if ((($i) % 8) == 0);
-	}
-
-#print "\n";
-foreach $i (0 .. 27)
-	{
-	$_=$C{$i};
-#	printf "%2d,",$_;
-	$i++;
-#	print "\n" if ((($i) % 8) == 0);
-	}
-#print "\n";
-
-#print "\n";
-foreach $i (0 .. 27)
-	{
-	$_=$D{$i};
-#	printf "%2d,",$_;
-	$i++;
-#	print "\n" if ((($i) % 8) == 0);
-	}
-#print "\n";
-
-print "static ulong skb[8][64]={\n";
-&doit("C",*C, 0, 1, 2, 3, 4, 5);
-&doit("C",*C, 6, 7, 9,10,11,12);
-&doit("C",*C,13,14,15,16,18,19);
-&doit("C",*C,20,22,23,25,26,27);
-
-&doit("D",*D, 0, 1, 2, 3, 4, 5);
-&doit("D",*D, 7, 8,10,11,12,13);
-&doit("D",*D,15,16,17,18,19,20);
-&doit("D",*D,21,22,23,24,26,27);
-print "};\n";
-
-sub doit
-	{
-	local($l,*A,@b)=@_;
-	local(@out);
-
-	printf("/* for $l bits (numbered as per FIPS 46) %d %d %d %d %d %d */\n",
-		$b[0]+1, $b[1]+1, $b[2]+1, $b[3]+1, $b[4]+1, $b[5]+1);
-	for ($i=0; $i<64; $i++)
-		{
-		$out[$i]=0;
-		$j=1;
-#print "\n";
-		for ($k=0; $k<6; $k++)
-			{
-			$l=$A{$b[$k]};
-#print"$l - ";
-			if ((1<<$k) & $i)
-				{
-				$ll=int($l/6)*8+($l%6);
-				$out[$i]|=1<<($ll);
-				}
-			}
-		$pp=$out[$i];
-		$pp=($pp&0xff0000ff)|   (($pp&0x00ff0000)>>8)|
-					(($pp&0x0000ff00)<<8);
-		printf("0x%08X,",$pp);
-		print "\n" if (($i+1) % 4 == 0);
-		}
-	}
diff --git a/secure/lib/libdes/ecb3_enc.c b/secure/lib/libdes/ecb3_enc.c
deleted file mode 100644
index ca0ac176342e..000000000000
--- a/secure/lib/libdes/ecb3_enc.c
+++ /dev/null
@@ -1,77 +0,0 @@
-/* lib/des/ecb3_enc.c */
-/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
- * All rights reserved.
- * 
- * This file is part of an SSL implementation written
- * by Eric Young (eay@mincom.oz.au).
- * The implementation was written so as to conform with Netscapes SSL
- * specification.  This library and applications are
- * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
- * as long as the following conditions are aheared to.
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.  If this code is used in a product,
- * Eric Young should be given attribution as the author of the parts used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    This product includes software developed by Eric Young (eay@mincom.oz.au)
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-
-void des_ecb3_encrypt(input, output, ks1, ks2, ks3, encrypt)
-des_cblock (*input);
-des_cblock (*output);
-des_key_schedule ks1;
-des_key_schedule ks2;
-des_key_schedule ks3;
-int encrypt;
-	{
-	register unsigned long l0,l1;
-	register unsigned char *in,*out;
-	unsigned long ll[2];
-
-	in=(unsigned char *)input;
-	out=(unsigned char *)output;
-	c2l(in,l0);
-	c2l(in,l1);
-	IP(l0,l1);
-	ll[0]=l0;
-	ll[1]=l1;
-	des_encrypt2(ll,ks1,encrypt);
-	des_encrypt2(ll,ks2,!encrypt);
-	des_encrypt2(ll,ks3,encrypt);
-	l0=ll[0];
-	l1=ll[1];
-	FP(l1,l0);
-	l2c(l0,out);
-	l2c(l1,out);
-	}
diff --git a/secure/lib/libdes/ecb_enc.c b/secure/lib/libdes/ecb_enc.c
deleted file mode 100644
index d7eaa96aeb04..000000000000
--- a/secure/lib/libdes/ecb_enc.c
+++ /dev/null
@@ -1,203 +0,0 @@
-/* lib/des/ecb_enc.c */
-/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
- * All rights reserved.
- * 
- * This file is part of an SSL implementation written
- * by Eric Young (eay@mincom.oz.au).
- * The implementation was written so as to conform with Netscapes SSL
- * specification.  This library and applications are
- * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
- * as long as the following conditions are aheared to.
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.  If this code is used in a product,
- * Eric Young should be given attribution as the author of the parts used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    This product includes software developed by Eric Young (eay@mincom.oz.au)
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-#include "spr.h"
-
-const char *DES_version="libdes v 3.22 - 95/11/29 - eay";
-
-void des_ecb_encrypt(input, output, ks, encrypt)
-des_cblock (*input);
-des_cblock (*output);
-des_key_schedule ks;
-int encrypt;
-	{
-	register unsigned long l0,l1;
-	register unsigned char *in,*out;
-	unsigned long ll[2];
-
-	in=(unsigned char *)input;
-	out=(unsigned char *)output;
-	c2l(in,l0); ll[0]=l0;
-	c2l(in,l1); ll[1]=l1;
-	des_encrypt(ll,ks,encrypt);
-	l0=ll[0]; l2c(l0,out);
-	l1=ll[1]; l2c(l1,out);
-	l0=l1=ll[0]=ll[1]=0;
-	}
-
-void des_encrypt(data, ks, encrypt)
-unsigned long *data;
-des_key_schedule ks;
-int encrypt;
-	{
-	register unsigned long l,r,t,u;
-#ifdef DES_USE_PTR
-	register unsigned char *des_SP=(unsigned char *)des_SPtrans;
-#endif
-#ifdef MSDOS
-	union fudge {
-		unsigned long  l;
-		unsigned short s[2];
-		unsigned char  c[4];
-		} U,T;
-#endif
-	register int i;
-	register unsigned long *s;
-
-	u=data[0];
-	r=data[1];
-
-	IP(u,r);
-	/* Things have been modified so that the initial rotate is
-	 * done outside the loop.  This required the
-	 * des_SPtrans values in sp.h to be rotated 1 bit to the right.
-	 * One perl script later and things have a 5% speed up on a sparc2.
-	 * Thanks to Richard Outerbridge <71755.204@CompuServe.COM>
-	 * for pointing this out. */
-	l=(r<<1)|(r>>31);
-	r=(u<<1)|(u>>31);
-
-	/* clear the top bits on machines with 8byte longs */
-	l&=0xffffffffL;
-	r&=0xffffffffL;
-
-	s=(unsigned long *)ks;
-	/* I don't know if it is worth the effort of loop unrolling the
-	 * inner loop */
-	if (encrypt)
-		{
-		for (i=0; i<32; i+=4)
-			{
-			D_ENCRYPT(l,r,i+0); /*  1 */
-			D_ENCRYPT(r,l,i+2); /*  2 */
-			}
-		}
-	else
-		{
-		for (i=30; i>0; i-=4)
-			{
-			D_ENCRYPT(l,r,i-0); /* 16 */
-			D_ENCRYPT(r,l,i-2); /* 15 */
-			}
-		}
-	l=(l>>1)|(l<<31);
-	r=(r>>1)|(r<<31);
-	/* clear the top bits on machines with 8byte longs */
-	l&=0xffffffffL;
-	r&=0xffffffffL;
-
-	FP(r,l);
-	data[0]=l;
-	data[1]=r;
-	l=r=t=u=0;
-	}
-
-void des_encrypt2(data, ks, encrypt)
-unsigned long *data;
-des_key_schedule ks;
-int encrypt;
-	{
-	register unsigned long l,r,t,u;
-#ifdef DES_USE_PTR
-	register unsigned char *des_SP=(unsigned char *)des_SPtrans;
-#endif
-#ifdef MSDOS
-	union fudge {
-		unsigned long  l;
-		unsigned short s[2];
-		unsigned char  c[4];
-		} U,T;
-#endif
-	register int i;
-	register unsigned long *s;
-
-	u=data[0];
-	r=data[1];
-
-	/* Things have been modified so that the initial rotate is
-	 * done outside the loop.  This required the
-	 * des_SPtrans values in sp.h to be rotated 1 bit to the right.
-	 * One perl script later and things have a 5% speed up on a sparc2.
-	 * Thanks to Richard Outerbridge <71755.204@CompuServe.COM>
-	 * for pointing this out. */
-	l=(r<<1)|(r>>31);
-	r=(u<<1)|(u>>31);
-
-	/* clear the top bits on machines with 8byte longs */
-	l&=0xffffffffL;
-	r&=0xffffffffL;
-
-	s=(unsigned long *)ks;
-	/* I don't know if it is worth the effort of loop unrolling the
-	 * inner loop */
-	if (encrypt)
-		{
-		for (i=0; i<32; i+=4)
-			{
-			D_ENCRYPT(l,r,i+0); /*  1 */
-			D_ENCRYPT(r,l,i+2); /*  2 */
-			}
-		}
-	else
-		{
-		for (i=30; i>0; i-=4)
-			{
-			D_ENCRYPT(l,r,i-0); /* 16 */
-			D_ENCRYPT(r,l,i-2); /* 15 */
-			}
-		}
-	l=(l>>1)|(l<<31);
-	r=(r>>1)|(r<<31);
-	/* clear the top bits on machines with 8byte longs */
-	l&=0xffffffffL;
-	r&=0xffffffffL;
-
-	data[0]=l;
-	data[1]=r;
-	l=r=t=u=0;
-	}
diff --git a/secure/lib/libdes/ede_enc.c b/secure/lib/libdes/ede_enc.c
deleted file mode 100644
index 5084e9494785..000000000000
--- a/secure/lib/libdes/ede_enc.c
+++ /dev/null
@@ -1,163 +0,0 @@
-/* lib/des/ede_enc.c */
-/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
- * All rights reserved.
- * 
- * This file is part of an SSL implementation written
- * by Eric Young (eay@mincom.oz.au).
- * The implementation was written so as to conform with Netscapes SSL
- * specification.  This library and applications are
- * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
- * as long as the following conditions are aheared to.
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.  If this code is used in a product,
- * Eric Young should be given attribution as the author of the parts used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    This product includes software developed by Eric Young (eay@mincom.oz.au)
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-
-void des_ede3_cbc_encrypt(input, output, length, ks1, ks2, ks3, ivec, encrypt)
-des_cblock (*input);
-des_cblock (*output);
-long length;
-des_key_schedule ks1;
-des_key_schedule ks2;
-des_key_schedule ks3;
-des_cblock (*ivec);
-int encrypt;
-	{
-	register unsigned long tin0,tin1;
-	register unsigned long tout0,tout1,xor0,xor1;
-	register unsigned char *in,*out;
-	register long l=length;
-	unsigned long tin[2];
-	unsigned char *iv;
-
-	in=(unsigned char *)input;
-	out=(unsigned char *)output;
-	iv=(unsigned char *)ivec;
-
-	if (encrypt)
-		{
-		c2l(iv,tout0);
-		c2l(iv,tout1);
-		for (; l>0; l-=8)
-			{
-			if (l >= 8)
-				{
-				c2l(in,tin0);
-				c2l(in,tin1);
-				}
-			else
-				c2ln(in,tin0,tin1,l);
-			tin0^=tout0;
-			tin1^=tout1;
-
-			IP(tin0,tin1);
-
-			tin[0]=tin0;
-			tin[1]=tin1;
-			des_encrypt2((unsigned long *)tin,ks1,DES_ENCRYPT);
-			des_encrypt2((unsigned long *)tin,ks2,DES_DECRYPT);
-			des_encrypt2((unsigned long *)tin,ks3,DES_ENCRYPT);
-			tout0=tin[0];
-			tout1=tin[1];
-
-			FP(tout1,tout0);
-
-			l2c(tout0,out);
-			l2c(tout1,out);
-			}
-		iv=(unsigned char *)ivec;
-		l2c(tout0,iv);
-		l2c(tout1,iv);
-		}
-	else
-		{
-		c2l(iv,xor0);
-		c2l(iv,xor1);
-		for (; l>0; l-=8)
-			{
-			register unsigned long t0,t1;
-
-			c2l(in,tin0);
-			c2l(in,tin1);
-
-			t0=tin0;
-			t1=tin1;
-			IP(tin0,tin1);  
-
-			tin[0]=tin0;
-			tin[1]=tin1;
-			des_encrypt2((unsigned long *)tin,ks3,DES_DECRYPT);
-			des_encrypt2((unsigned long *)tin,ks2,DES_ENCRYPT);
-			des_encrypt2((unsigned long *)tin,ks1,DES_DECRYPT);
-			tout0=tin[0];
-			tout1=tin[1];
-
-			FP(tout1,tout0); /**/
-
-			tout0^=xor0;
-			tout1^=xor1;
-			if (l >= 8)
-				{
-				l2c(tout0,out);
-				l2c(tout1,out);
-				}
-			else
-				l2cn(tout0,tout1,out,l);
-			xor0=t0;
-			xor1=t1;
-			}
-		iv=(unsigned char *)ivec;
-		l2c(xor0,iv);
-		l2c(xor1,iv);
-		}
-	tin0=tin1=tout0=tout1=xor0=xor1=0;
-	tin[0]=tin[1]=0;
-	}
-
-#ifdef undef /* MACRO */
-void des_ede2_cbc_encrypt(input, output, length, ks1, ks2, ivec, enc)
-des_cblock (*input);
-des_cblock (*output);
-long length;
-des_key_schedule ks1;
-des_key_schedule ks2;
-des_cblock (*ivec);
-int enc;
-	{
-	des_ede3_cbc_encrypt(input,output,length,ks1,ks2,ks1,ivec,enc);
-	}
-#endif
diff --git a/secure/lib/libdes/enc_read.c b/secure/lib/libdes/enc_read.c
deleted file mode 100644
index 11a6c5a82544..000000000000
--- a/secure/lib/libdes/enc_read.c
+++ /dev/null
@@ -1,189 +0,0 @@
-/* lib/des/enc_read.c */
-/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
- * All rights reserved.
- * 
- * This file is part of an SSL implementation written
- * by Eric Young (eay@mincom.oz.au).
- * The implementation was written so as to conform with Netscapes SSL
- * specification.  This library and applications are
- * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
- * as long as the following conditions are aheared to.
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.  If this code is used in a product,
- * Eric Young should be given attribution as the author of the parts used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    This product includes software developed by Eric Young (eay@mincom.oz.au)
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#include "des_locl.h"
-
-/* This has some uglies in it but it works - even over sockets. */
-extern int errno;
-int des_rw_mode=DES_PCBC_MODE;
-
-int des_enc_read(fd, buf, len, sched, iv)
-int fd;
-char *buf;
-int len;
-des_key_schedule sched;
-des_cblock (*iv);
-	{
-	/* data to be unencrypted */
-	int net_num=0;
-	unsigned char net[BSIZE];
-	/* extra unencrypted data 
-	 * for when a block of 100 comes in but is des_read one byte at
-	 * a time. */
-	static char unnet[BSIZE];
-	static int unnet_start=0;
-	static int unnet_left=0;
-	int i;
-	long num=0,rnum;
-	unsigned char *p;
-
-	/* left over data from last decrypt */
-	if (unnet_left != 0)
-		{
-		if (unnet_left < len)
-			{
-			/* we still still need more data but will return
-			 * with the number of bytes we have - should always
-			 * check the return value */
-			memcpy(buf,&(unnet[unnet_start]),
-				(unsigned int)unnet_left);
-			/* eay 26/08/92 I had the next 2 lines
-			 * reversed :-( */
-			i=unnet_left;
-			unnet_start=unnet_left=0;
-			}
-		else
-			{
-			memcpy(buf,&(unnet[unnet_start]),(unsigned int)len);
-			unnet_start+=len;
-			unnet_left-=len;
-			i=len;
-			}
-		return(i);
-		}
-
-	/* We need to get more data. */
-	if (len > MAXWRITE) len=MAXWRITE;
-
-	/* first - get the length */
-	net_num=0;
-	while (net_num < HDRSIZE) 
-		{
-		i=read(fd,&(net[net_num]),(unsigned int)HDRSIZE-net_num);
-		if ((i == -1) && (errno == EINTR)) continue;
-		if (i <= 0) return(0);
-		net_num+=i;
-		}
-
-	/* we now have at net_num bytes in net */
-	p=net;
-	num=0;
-	n2l(p,num);
-	/* num should be rounded up to the next group of eight
-	 * we make sure that we have read a multiple of 8 bytes from the net.
-	 */
-	if ((num > MAXWRITE) || (num < 0)) /* error */
-		return(-1);
-	rnum=(num < 8)?8:((num+7)/8*8);
-
-	net_num=0;
-	while (net_num < rnum)
-		{
-		i=read(fd,&(net[net_num]),(unsigned int)rnum-net_num);
-		if ((i == -1) && (errno == EINTR)) continue;
-		if (i <= 0) return(0);
-		net_num+=i;
-		}
-
-	/* Check if there will be data left over. */
-	if (len < num)
-		{
-		if (des_rw_mode & DES_PCBC_MODE)
-			pcbc_encrypt((des_cblock *)net,(des_cblock *)unnet,
-				num,sched,iv,DES_DECRYPT);
-		else
-			cbc_encrypt((des_cblock *)net,(des_cblock *)unnet,
-				num,sched,iv,DES_DECRYPT);
-		memcpy(buf,unnet,(unsigned int)len);
-		unnet_start=len;
-		unnet_left=num-len;
-
-		/* The following line is done because we return num
-		 * as the number of bytes read. */
-		num=len;
-		}
-	else
-		{
-		/* >output is a multiple of 8 byes, if len < rnum
-		 * >we must be careful.  The user must be aware that this
-		 * >routine will write more bytes than he asked for.
-		 * >The length of the buffer must be correct.
-		 * FIXED - Should be ok now 18-9-90 - eay */
-		if (len < rnum)
-			{
-			char tmpbuf[BSIZE];
-
-			if (des_rw_mode & DES_PCBC_MODE)
-				pcbc_encrypt((des_cblock *)net,
-					(des_cblock *)tmpbuf,
-					num,sched,iv,DES_DECRYPT);
-			else
-				cbc_encrypt((des_cblock *)net,
-					(des_cblock *)tmpbuf,
-					num,sched,iv,DES_DECRYPT);
-
-			/* eay 26/08/92 fix a bug that returned more
-			 * bytes than you asked for (returned len bytes :-( */
-			memcpy(buf,tmpbuf,(unsigned int)num);
-			}
-		else
-			{
-			if (des_rw_mode & DES_PCBC_MODE)
-				pcbc_encrypt((des_cblock *)net,
-					(des_cblock *)buf,num,sched,iv,
-					DES_DECRYPT);
-			else
-				cbc_encrypt((des_cblock *)net,
-					(des_cblock *)buf,num,sched,iv,
-					DES_DECRYPT);
-			}
-		}
-	return(num);
-	}
-
diff --git a/secure/lib/libdes/enc_writ.c b/secure/lib/libdes/enc_writ.c
deleted file mode 100644
index e0d50751f7ed..000000000000
--- a/secure/lib/libdes/enc_writ.c
+++ /dev/null
@@ -1,142 +0,0 @@
-/* lib/des/enc_writ.c */
-/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
- * All rights reserved.
- * 
- * This file is part of an SSL implementation written
- * by Eric Young (eay@mincom.oz.au).
- * The implementation was written so as to conform with Netscapes SSL
- * specification.  This library and applications are
- * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
- * as long as the following conditions are aheared to.
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.  If this code is used in a product,
- * Eric Young should be given attribution as the author of the parts used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    This product includes software developed by Eric Young (eay@mincom.oz.au)
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <errno.h>
-#include <time.h>
-#include "des_locl.h"
-
-int des_enc_write(fd, buf, len, sched, iv)
-int fd;
-char *buf;
-int len;
-des_key_schedule sched;
-des_cblock (*iv);
-	{
-#ifdef _LIBC
-	extern int srandom();
-	extern unsigned long time();
-	extern int random();
-	extern int write();
-#endif
-
-	long rnum;
-	int i,j,k,outnum;
-	char outbuf[BSIZE+HDRSIZE];
-	char shortbuf[8];
-	char *p;
-	static int start=1;
-
-	/* If we are sending less than 8 bytes, the same char will look
-	 * the same if we don't pad it out with random bytes */
-	if (start)
-		{
-		start=0;
-		srandom((unsigned int)time(NULL));
-		}
-
-	/* lets recurse if we want to send the data in small chunks */
-	if (len > MAXWRITE)
-		{
-		j=0;
-		for (i=0; i<len; i+=k)
-			{
-			k=des_enc_write(fd,&(buf[i]),
-				((len-i) > MAXWRITE)?MAXWRITE:(len-i),sched,iv);
-			if (k < 0)
-				return(k);
-			else
-				j+=k;
-			}
-		return(j);
-		}
-
-	/* write length first */
-	p=outbuf;
-	l2n(len,p);
-
-	/* pad short strings */
-	if (len < 8)
-		{
-		p=shortbuf;
-		memcpy(shortbuf,buf,(unsigned int)len);
-		for (i=len; i<8; i++)
-			shortbuf[i]=random();
-		rnum=8;
-		}
-	else
-		{
-		p=buf;
-		rnum=((len+7)/8*8); /* round up to nearest eight */
-		}
-
-	if (des_rw_mode & DES_PCBC_MODE)
-		pcbc_encrypt((des_cblock *)p,(des_cblock *)&(outbuf[HDRSIZE]),
-			(long)((len<8)?8:len),sched,iv,DES_ENCRYPT); 
-	else
-		cbc_encrypt((des_cblock *)p,(des_cblock *)&(outbuf[HDRSIZE]),
-			(long)((len<8)?8:len),sched,iv,DES_ENCRYPT); 
-
-	/* output */
-	outnum=rnum+HDRSIZE;
-
-	for (j=0; j<outnum; j+=i)
-		{
-		/* eay 26/08/92 I was not doing writing from where we
-		 * got upto. */
-		i=write(fd,&(outbuf[j]),(unsigned int)(outnum-j));
-		if (i == -1)
-			{
-			if (errno == EINTR)
-				i=0;
-			else 	/* This is really a bad error - very bad
-				 * It will stuff-up both ends. */
-				return(-1);
-			}
-		}
-
-	return(len);
-	}
diff --git a/secure/lib/libdes/fcrypt.c b/secure/lib/libdes/fcrypt.c
deleted file mode 100644
index 71960b6baa08..000000000000
--- a/secure/lib/libdes/fcrypt.c
+++ /dev/null
@@ -1,666 +0,0 @@
-/* lib/des/fcrypt.c */
-/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
- * All rights reserved.
- * 
- * This file is part of an SSL implementation written
- * by Eric Young (eay@mincom.oz.au).
- * The implementation was written so as to conform with Netscapes SSL
- * specification.  This library and applications are
- * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
- * as long as the following conditions are aheared to.
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.  If this code is used in a product,
- * Eric Young should be given attribution as the author of the parts used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    This product includes software developed by Eric Young (eay@mincom.oz.au)
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-
-/* Eric Young.
- * This version of crypt has been developed from my MIT compatable
- * DES library.
- * The library is available at pub/Crypto/DES at ftp.psy.uq.oz.au
- * eay@mincom.oz.au or eay@psych.psy.uq.oz.au
- */
-
-#if !defined(_LIBC) || defined(NOCONST)
-#define const
-#endif
-
-typedef unsigned char des_cblock[8];
-
-typedef struct des_ks_struct
-	{
-	union	{
-		des_cblock _;
-		/* make sure things are correct size on machines with
-		 * 8 byte longs */
-		unsigned long pad[2];
-		} ks;
-#define _	ks._
-	} des_key_schedule[16];
-
-#define DES_KEY_SZ 	(sizeof(des_cblock))
-#define DES_ENCRYPT	1
-#define DES_DECRYPT	0
-
-#define ITERATIONS 16
-#define HALF_ITERATIONS 8
-
-#define c2l(c,l)	(l =((unsigned long)(*((c)++)))    , \
-			 l|=((unsigned long)(*((c)++)))<< 8, \
-			 l|=((unsigned long)(*((c)++)))<<16, \
-			 l|=((unsigned long)(*((c)++)))<<24)
-
-#define l2c(l,c)	(*((c)++)=(unsigned char)(((l)    )&0xff), \
-			 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>24)&0xff))
-
-static const unsigned long SPtrans[8][64]={
-{
-/* nibble 0 */
-0x00820200L, 0x00020000L, 0x80800000L, 0x80820200L,
-0x00800000L, 0x80020200L, 0x80020000L, 0x80800000L,
-0x80020200L, 0x00820200L, 0x00820000L, 0x80000200L,
-0x80800200L, 0x00800000L, 0x00000000L, 0x80020000L,
-0x00020000L, 0x80000000L, 0x00800200L, 0x00020200L,
-0x80820200L, 0x00820000L, 0x80000200L, 0x00800200L,
-0x80000000L, 0x00000200L, 0x00020200L, 0x80820000L,
-0x00000200L, 0x80800200L, 0x80820000L, 0x00000000L,
-0x00000000L, 0x80820200L, 0x00800200L, 0x80020000L,
-0x00820200L, 0x00020000L, 0x80000200L, 0x00800200L,
-0x80820000L, 0x00000200L, 0x00020200L, 0x80800000L,
-0x80020200L, 0x80000000L, 0x80800000L, 0x00820000L,
-0x80820200L, 0x00020200L, 0x00820000L, 0x80800200L,
-0x00800000L, 0x80000200L, 0x80020000L, 0x00000000L,
-0x00020000L, 0x00800000L, 0x80800200L, 0x00820200L,
-0x80000000L, 0x80820000L, 0x00000200L, 0x80020200L,
-},{
-/* nibble 1 */
-0x10042004L, 0x00000000L, 0x00042000L, 0x10040000L,
-0x10000004L, 0x00002004L, 0x10002000L, 0x00042000L,
-0x00002000L, 0x10040004L, 0x00000004L, 0x10002000L,
-0x00040004L, 0x10042000L, 0x10040000L, 0x00000004L,
-0x00040000L, 0x10002004L, 0x10040004L, 0x00002000L,
-0x00042004L, 0x10000000L, 0x00000000L, 0x00040004L,
-0x10002004L, 0x00042004L, 0x10042000L, 0x10000004L,
-0x10000000L, 0x00040000L, 0x00002004L, 0x10042004L,
-0x00040004L, 0x10042000L, 0x10002000L, 0x00042004L,
-0x10042004L, 0x00040004L, 0x10000004L, 0x00000000L,
-0x10000000L, 0x00002004L, 0x00040000L, 0x10040004L,
-0x00002000L, 0x10000000L, 0x00042004L, 0x10002004L,
-0x10042000L, 0x00002000L, 0x00000000L, 0x10000004L,
-0x00000004L, 0x10042004L, 0x00042000L, 0x10040000L,
-0x10040004L, 0x00040000L, 0x00002004L, 0x10002000L,
-0x10002004L, 0x00000004L, 0x10040000L, 0x00042000L,
-},{
-/* nibble 2 */
-0x41000000L, 0x01010040L, 0x00000040L, 0x41000040L,
-0x40010000L, 0x01000000L, 0x41000040L, 0x00010040L,
-0x01000040L, 0x00010000L, 0x01010000L, 0x40000000L,
-0x41010040L, 0x40000040L, 0x40000000L, 0x41010000L,
-0x00000000L, 0x40010000L, 0x01010040L, 0x00000040L,
-0x40000040L, 0x41010040L, 0x00010000L, 0x41000000L,
-0x41010000L, 0x01000040L, 0x40010040L, 0x01010000L,
-0x00010040L, 0x00000000L, 0x01000000L, 0x40010040L,
-0x01010040L, 0x00000040L, 0x40000000L, 0x00010000L,
-0x40000040L, 0x40010000L, 0x01010000L, 0x41000040L,
-0x00000000L, 0x01010040L, 0x00010040L, 0x41010000L,
-0x40010000L, 0x01000000L, 0x41010040L, 0x40000000L,
-0x40010040L, 0x41000000L, 0x01000000L, 0x41010040L,
-0x00010000L, 0x01000040L, 0x41000040L, 0x00010040L,
-0x01000040L, 0x00000000L, 0x41010000L, 0x40000040L,
-0x41000000L, 0x40010040L, 0x00000040L, 0x01010000L,
-},{
-/* nibble 3 */
-0x00100402L, 0x04000400L, 0x00000002L, 0x04100402L,
-0x00000000L, 0x04100000L, 0x04000402L, 0x00100002L,
-0x04100400L, 0x04000002L, 0x04000000L, 0x00000402L,
-0x04000002L, 0x00100402L, 0x00100000L, 0x04000000L,
-0x04100002L, 0x00100400L, 0x00000400L, 0x00000002L,
-0x00100400L, 0x04000402L, 0x04100000L, 0x00000400L,
-0x00000402L, 0x00000000L, 0x00100002L, 0x04100400L,
-0x04000400L, 0x04100002L, 0x04100402L, 0x00100000L,
-0x04100002L, 0x00000402L, 0x00100000L, 0x04000002L,
-0x00100400L, 0x04000400L, 0x00000002L, 0x04100000L,
-0x04000402L, 0x00000000L, 0x00000400L, 0x00100002L,
-0x00000000L, 0x04100002L, 0x04100400L, 0x00000400L,
-0x04000000L, 0x04100402L, 0x00100402L, 0x00100000L,
-0x04100402L, 0x00000002L, 0x04000400L, 0x00100402L,
-0x00100002L, 0x00100400L, 0x04100000L, 0x04000402L,
-0x00000402L, 0x04000000L, 0x04000002L, 0x04100400L,
-},{
-/* nibble 4 */
-0x02000000L, 0x00004000L, 0x00000100L, 0x02004108L,
-0x02004008L, 0x02000100L, 0x00004108L, 0x02004000L,
-0x00004000L, 0x00000008L, 0x02000008L, 0x00004100L,
-0x02000108L, 0x02004008L, 0x02004100L, 0x00000000L,
-0x00004100L, 0x02000000L, 0x00004008L, 0x00000108L,
-0x02000100L, 0x00004108L, 0x00000000L, 0x02000008L,
-0x00000008L, 0x02000108L, 0x02004108L, 0x00004008L,
-0x02004000L, 0x00000100L, 0x00000108L, 0x02004100L,
-0x02004100L, 0x02000108L, 0x00004008L, 0x02004000L,
-0x00004000L, 0x00000008L, 0x02000008L, 0x02000100L,
-0x02000000L, 0x00004100L, 0x02004108L, 0x00000000L,
-0x00004108L, 0x02000000L, 0x00000100L, 0x00004008L,
-0x02000108L, 0x00000100L, 0x00000000L, 0x02004108L,
-0x02004008L, 0x02004100L, 0x00000108L, 0x00004000L,
-0x00004100L, 0x02004008L, 0x02000100L, 0x00000108L,
-0x00000008L, 0x00004108L, 0x02004000L, 0x02000008L,
-},{
-/* nibble 5 */
-0x20000010L, 0x00080010L, 0x00000000L, 0x20080800L,
-0x00080010L, 0x00000800L, 0x20000810L, 0x00080000L,
-0x00000810L, 0x20080810L, 0x00080800L, 0x20000000L,
-0x20000800L, 0x20000010L, 0x20080000L, 0x00080810L,
-0x00080000L, 0x20000810L, 0x20080010L, 0x00000000L,
-0x00000800L, 0x00000010L, 0x20080800L, 0x20080010L,
-0x20080810L, 0x20080000L, 0x20000000L, 0x00000810L,
-0x00000010L, 0x00080800L, 0x00080810L, 0x20000800L,
-0x00000810L, 0x20000000L, 0x20000800L, 0x00080810L,
-0x20080800L, 0x00080010L, 0x00000000L, 0x20000800L,
-0x20000000L, 0x00000800L, 0x20080010L, 0x00080000L,
-0x00080010L, 0x20080810L, 0x00080800L, 0x00000010L,
-0x20080810L, 0x00080800L, 0x00080000L, 0x20000810L,
-0x20000010L, 0x20080000L, 0x00080810L, 0x00000000L,
-0x00000800L, 0x20000010L, 0x20000810L, 0x20080800L,
-0x20080000L, 0x00000810L, 0x00000010L, 0x20080010L,
-},{
-/* nibble 6 */
-0x00001000L, 0x00000080L, 0x00400080L, 0x00400001L,
-0x00401081L, 0x00001001L, 0x00001080L, 0x00000000L,
-0x00400000L, 0x00400081L, 0x00000081L, 0x00401000L,
-0x00000001L, 0x00401080L, 0x00401000L, 0x00000081L,
-0x00400081L, 0x00001000L, 0x00001001L, 0x00401081L,
-0x00000000L, 0x00400080L, 0x00400001L, 0x00001080L,
-0x00401001L, 0x00001081L, 0x00401080L, 0x00000001L,
-0x00001081L, 0x00401001L, 0x00000080L, 0x00400000L,
-0x00001081L, 0x00401000L, 0x00401001L, 0x00000081L,
-0x00001000L, 0x00000080L, 0x00400000L, 0x00401001L,
-0x00400081L, 0x00001081L, 0x00001080L, 0x00000000L,
-0x00000080L, 0x00400001L, 0x00000001L, 0x00400080L,
-0x00000000L, 0x00400081L, 0x00400080L, 0x00001080L,
-0x00000081L, 0x00001000L, 0x00401081L, 0x00400000L,
-0x00401080L, 0x00000001L, 0x00001001L, 0x00401081L,
-0x00400001L, 0x00401080L, 0x00401000L, 0x00001001L,
-},{
-/* nibble 7 */
-0x08200020L, 0x08208000L, 0x00008020L, 0x00000000L,
-0x08008000L, 0x00200020L, 0x08200000L, 0x08208020L,
-0x00000020L, 0x08000000L, 0x00208000L, 0x00008020L,
-0x00208020L, 0x08008020L, 0x08000020L, 0x08200000L,
-0x00008000L, 0x00208020L, 0x00200020L, 0x08008000L,
-0x08208020L, 0x08000020L, 0x00000000L, 0x00208000L,
-0x08000000L, 0x00200000L, 0x08008020L, 0x08200020L,
-0x00200000L, 0x00008000L, 0x08208000L, 0x00000020L,
-0x00200000L, 0x00008000L, 0x08000020L, 0x08208020L,
-0x00008020L, 0x08000000L, 0x00000000L, 0x00208000L,
-0x08200020L, 0x08008020L, 0x08008000L, 0x00200020L,
-0x08208000L, 0x00000020L, 0x00200020L, 0x08008000L,
-0x08208020L, 0x00200000L, 0x08200000L, 0x08000020L,
-0x00208000L, 0x00008020L, 0x08008020L, 0x08200000L,
-0x00000020L, 0x08208000L, 0x00208020L, 0x00000000L,
-0x08000000L, 0x08200020L, 0x00008000L, 0x00208020L}};
-static const unsigned long skb[8][64]={
-{
-/* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
-0x00000000L,0x00000010L,0x20000000L,0x20000010L,
-0x00010000L,0x00010010L,0x20010000L,0x20010010L,
-0x00000800L,0x00000810L,0x20000800L,0x20000810L,
-0x00010800L,0x00010810L,0x20010800L,0x20010810L,
-0x00000020L,0x00000030L,0x20000020L,0x20000030L,
-0x00010020L,0x00010030L,0x20010020L,0x20010030L,
-0x00000820L,0x00000830L,0x20000820L,0x20000830L,
-0x00010820L,0x00010830L,0x20010820L,0x20010830L,
-0x00080000L,0x00080010L,0x20080000L,0x20080010L,
-0x00090000L,0x00090010L,0x20090000L,0x20090010L,
-0x00080800L,0x00080810L,0x20080800L,0x20080810L,
-0x00090800L,0x00090810L,0x20090800L,0x20090810L,
-0x00080020L,0x00080030L,0x20080020L,0x20080030L,
-0x00090020L,0x00090030L,0x20090020L,0x20090030L,
-0x00080820L,0x00080830L,0x20080820L,0x20080830L,
-0x00090820L,0x00090830L,0x20090820L,0x20090830L,
-},{
-/* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */
-0x00000000L,0x02000000L,0x00002000L,0x02002000L,
-0x00200000L,0x02200000L,0x00202000L,0x02202000L,
-0x00000004L,0x02000004L,0x00002004L,0x02002004L,
-0x00200004L,0x02200004L,0x00202004L,0x02202004L,
-0x00000400L,0x02000400L,0x00002400L,0x02002400L,
-0x00200400L,0x02200400L,0x00202400L,0x02202400L,
-0x00000404L,0x02000404L,0x00002404L,0x02002404L,
-0x00200404L,0x02200404L,0x00202404L,0x02202404L,
-0x10000000L,0x12000000L,0x10002000L,0x12002000L,
-0x10200000L,0x12200000L,0x10202000L,0x12202000L,
-0x10000004L,0x12000004L,0x10002004L,0x12002004L,
-0x10200004L,0x12200004L,0x10202004L,0x12202004L,
-0x10000400L,0x12000400L,0x10002400L,0x12002400L,
-0x10200400L,0x12200400L,0x10202400L,0x12202400L,
-0x10000404L,0x12000404L,0x10002404L,0x12002404L,
-0x10200404L,0x12200404L,0x10202404L,0x12202404L,
-},{
-/* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */
-0x00000000L,0x00000001L,0x00040000L,0x00040001L,
-0x01000000L,0x01000001L,0x01040000L,0x01040001L,
-0x00000002L,0x00000003L,0x00040002L,0x00040003L,
-0x01000002L,0x01000003L,0x01040002L,0x01040003L,
-0x00000200L,0x00000201L,0x00040200L,0x00040201L,
-0x01000200L,0x01000201L,0x01040200L,0x01040201L,
-0x00000202L,0x00000203L,0x00040202L,0x00040203L,
-0x01000202L,0x01000203L,0x01040202L,0x01040203L,
-0x08000000L,0x08000001L,0x08040000L,0x08040001L,
-0x09000000L,0x09000001L,0x09040000L,0x09040001L,
-0x08000002L,0x08000003L,0x08040002L,0x08040003L,
-0x09000002L,0x09000003L,0x09040002L,0x09040003L,
-0x08000200L,0x08000201L,0x08040200L,0x08040201L,
-0x09000200L,0x09000201L,0x09040200L,0x09040201L,
-0x08000202L,0x08000203L,0x08040202L,0x08040203L,
-0x09000202L,0x09000203L,0x09040202L,0x09040203L,
-},{
-/* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */
-0x00000000L,0x00100000L,0x00000100L,0x00100100L,
-0x00000008L,0x00100008L,0x00000108L,0x00100108L,
-0x00001000L,0x00101000L,0x00001100L,0x00101100L,
-0x00001008L,0x00101008L,0x00001108L,0x00101108L,
-0x04000000L,0x04100000L,0x04000100L,0x04100100L,
-0x04000008L,0x04100008L,0x04000108L,0x04100108L,
-0x04001000L,0x04101000L,0x04001100L,0x04101100L,
-0x04001008L,0x04101008L,0x04001108L,0x04101108L,
-0x00020000L,0x00120000L,0x00020100L,0x00120100L,
-0x00020008L,0x00120008L,0x00020108L,0x00120108L,
-0x00021000L,0x00121000L,0x00021100L,0x00121100L,
-0x00021008L,0x00121008L,0x00021108L,0x00121108L,
-0x04020000L,0x04120000L,0x04020100L,0x04120100L,
-0x04020008L,0x04120008L,0x04020108L,0x04120108L,
-0x04021000L,0x04121000L,0x04021100L,0x04121100L,
-0x04021008L,0x04121008L,0x04021108L,0x04121108L,
-},{
-/* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
-0x00000000L,0x10000000L,0x00010000L,0x10010000L,
-0x00000004L,0x10000004L,0x00010004L,0x10010004L,
-0x20000000L,0x30000000L,0x20010000L,0x30010000L,
-0x20000004L,0x30000004L,0x20010004L,0x30010004L,
-0x00100000L,0x10100000L,0x00110000L,0x10110000L,
-0x00100004L,0x10100004L,0x00110004L,0x10110004L,
-0x20100000L,0x30100000L,0x20110000L,0x30110000L,
-0x20100004L,0x30100004L,0x20110004L,0x30110004L,
-0x00001000L,0x10001000L,0x00011000L,0x10011000L,
-0x00001004L,0x10001004L,0x00011004L,0x10011004L,
-0x20001000L,0x30001000L,0x20011000L,0x30011000L,
-0x20001004L,0x30001004L,0x20011004L,0x30011004L,
-0x00101000L,0x10101000L,0x00111000L,0x10111000L,
-0x00101004L,0x10101004L,0x00111004L,0x10111004L,
-0x20101000L,0x30101000L,0x20111000L,0x30111000L,
-0x20101004L,0x30101004L,0x20111004L,0x30111004L,
-},{
-/* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */
-0x00000000L,0x08000000L,0x00000008L,0x08000008L,
-0x00000400L,0x08000400L,0x00000408L,0x08000408L,
-0x00020000L,0x08020000L,0x00020008L,0x08020008L,
-0x00020400L,0x08020400L,0x00020408L,0x08020408L,
-0x00000001L,0x08000001L,0x00000009L,0x08000009L,
-0x00000401L,0x08000401L,0x00000409L,0x08000409L,
-0x00020001L,0x08020001L,0x00020009L,0x08020009L,
-0x00020401L,0x08020401L,0x00020409L,0x08020409L,
-0x02000000L,0x0A000000L,0x02000008L,0x0A000008L,
-0x02000400L,0x0A000400L,0x02000408L,0x0A000408L,
-0x02020000L,0x0A020000L,0x02020008L,0x0A020008L,
-0x02020400L,0x0A020400L,0x02020408L,0x0A020408L,
-0x02000001L,0x0A000001L,0x02000009L,0x0A000009L,
-0x02000401L,0x0A000401L,0x02000409L,0x0A000409L,
-0x02020001L,0x0A020001L,0x02020009L,0x0A020009L,
-0x02020401L,0x0A020401L,0x02020409L,0x0A020409L,
-},{
-/* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */
-0x00000000L,0x00000100L,0x00080000L,0x00080100L,
-0x01000000L,0x01000100L,0x01080000L,0x01080100L,
-0x00000010L,0x00000110L,0x00080010L,0x00080110L,
-0x01000010L,0x01000110L,0x01080010L,0x01080110L,
-0x00200000L,0x00200100L,0x00280000L,0x00280100L,
-0x01200000L,0x01200100L,0x01280000L,0x01280100L,
-0x00200010L,0x00200110L,0x00280010L,0x00280110L,
-0x01200010L,0x01200110L,0x01280010L,0x01280110L,
-0x00000200L,0x00000300L,0x00080200L,0x00080300L,
-0x01000200L,0x01000300L,0x01080200L,0x01080300L,
-0x00000210L,0x00000310L,0x00080210L,0x00080310L,
-0x01000210L,0x01000310L,0x01080210L,0x01080310L,
-0x00200200L,0x00200300L,0x00280200L,0x00280300L,
-0x01200200L,0x01200300L,0x01280200L,0x01280300L,
-0x00200210L,0x00200310L,0x00280210L,0x00280310L,
-0x01200210L,0x01200310L,0x01280210L,0x01280310L,
-},{
-/* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */
-0x00000000L,0x04000000L,0x00040000L,0x04040000L,
-0x00000002L,0x04000002L,0x00040002L,0x04040002L,
-0x00002000L,0x04002000L,0x00042000L,0x04042000L,
-0x00002002L,0x04002002L,0x00042002L,0x04042002L,
-0x00000020L,0x04000020L,0x00040020L,0x04040020L,
-0x00000022L,0x04000022L,0x00040022L,0x04040022L,
-0x00002020L,0x04002020L,0x00042020L,0x04042020L,
-0x00002022L,0x04002022L,0x00042022L,0x04042022L,
-0x00000800L,0x04000800L,0x00040800L,0x04040800L,
-0x00000802L,0x04000802L,0x00040802L,0x04040802L,
-0x00002800L,0x04002800L,0x00042800L,0x04042800L,
-0x00002802L,0x04002802L,0x00042802L,0x04042802L,
-0x00000820L,0x04000820L,0x00040820L,0x04040820L,
-0x00000822L,0x04000822L,0x00040822L,0x04040822L,
-0x00002820L,0x04002820L,0x00042820L,0x04042820L,
-0x00002822L,0x04002822L,0x00042822L,0x04042822L,
-} };
-
-/* See ecb_encrypt.c for a pseudo description of these macros. */
-#define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
-	(b)^=(t),\
-	(a)^=((t)<<(n)))
-
-#define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\
-	(a)=(a)^(t)^(t>>(16-(n))))\
-
-static const int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0};
-
-#ifndef NOPROTO
-static int body(unsigned long *out0, unsigned long *out1,
-	des_key_schedule ks, unsigned long Eswap0, unsigned long Eswap1);
-static int des_set_key(des_cblock (*key), des_key_schedule schedule);
-#else
-static int body();
-static int des_set_key();
-#endif
-
-static int des_set_key(key, schedule)
-des_cblock (*key);
-des_key_schedule schedule;
-	{
-	register unsigned long c,d,t,s;
-	register unsigned char *in;
-	register unsigned long *k;
-	register int i;
-
-	k=(unsigned long *)schedule;
-	in=(unsigned char *)key;
-
-	c2l(in,c);
-	c2l(in,d);
-
-	/* I now do it in 47 simple operations :-)
-	 * Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov)
-	 * for the inspiration. :-) */
-	PERM_OP (d,c,t,4,0x0f0f0f0fL);
-	HPERM_OP(c,t,-2,0xcccc0000L);
-	HPERM_OP(d,t,-2,0xcccc0000L);
-	PERM_OP (d,c,t,1,0x55555555L);
-	PERM_OP (c,d,t,8,0x00ff00ffL);
-	PERM_OP (d,c,t,1,0x55555555L);
-	d=	(((d&0x000000ffL)<<16)| (d&0x0000ff00L)     |
-		 ((d&0x00ff0000L)>>16)|((c&0xf0000000L)>>4));
-	c&=0x0fffffffL;
-
-	for (i=0; i<ITERATIONS; i++)
-		{
-		if (shifts2[i])
-			{ c=((c>>2)|(c<<26)); d=((d>>2)|(d<<26)); }
-		else
-			{ c=((c>>1)|(c<<27)); d=((d>>1)|(d<<27)); }
-		c&=0x0fffffffL;
-		d&=0x0fffffffL;
-		/* could be a few less shifts but I am to lazy at this
-		 * point in time to investigate */
-		s=	skb[0][ (c     )&0x3f                 ]|
-			skb[1][((c>> 6L)&0x03)|((c>> 7L)&0x3c)]|
-			skb[2][((c>>13L)&0x0f)|((c>>14L)&0x30)]|
-			skb[3][((c>>20L)&0x01)|((c>>21L)&0x06) |
-					       ((c>>22L)&0x38)];
-		t=	skb[4][ (d     )&0x3f                 ]|
-			skb[5][((d>> 7L)&0x03)|((d>> 8L)&0x3c)]|
-			skb[6][ (d>>15L)&0x3f                 ]|
-			skb[7][((d>>21L)&0x0f)|((d>>22L)&0x30)];
-
-		/* table contained 0213 4657 */
-		*(k++)=((t<<16)|(s&0x0000ffffL))&0xffffffffL;
-		s=     ((s>>16)|(t&0xffff0000L));
-		
-		s=(s<<4)|(s>>28);
-		*(k++)=s&0xffffffffL;
-		}
-	return(0);
-	}
-
-/******************************************************************
- * modified stuff for crypt.
- ******************************************************************/
-
-/* The changes to this macro may help or hinder, depending on the
- * compiler and the achitecture.  gcc2 always seems to do well :-). 
- * Inspired by Dana How <how@isl.stanford.edu>
- * DO NOT use the alternative version on machines with 8 byte longs.
- */
-#ifdef DES_USE_PTR
-#define D_ENCRYPT(L,R,S) \
-	t=(R^(R>>16)); \
-	u=(t&E0); \
-	t=(t&E1); \
-	u=((u^(u<<16))^R^s[S  ])<<2; \
-	t=(t^(t<<16))^R^s[S+1]; \
-	t=(t>>2)|(t<<30); \
-	L^= \
-	*(unsigned long *)(des_SP+0x0100+((t    )&0xfc))+ \
-	*(unsigned long *)(des_SP+0x0300+((t>> 8)&0xfc))+ \
-	*(unsigned long *)(des_SP+0x0500+((t>>16)&0xfc))+ \
-	*(unsigned long *)(des_SP+0x0700+((t>>24)&0xfc))+ \
-	*(unsigned long *)(des_SP+       ((u    )&0xfc))+ \
-  	*(unsigned long *)(des_SP+0x0200+((u>> 8)&0xfc))+ \
-  	*(unsigned long *)(des_SP+0x0400+((u>>16)&0xfc))+ \
- 	*(unsigned long *)(des_SP+0x0600+((u>>24)&0xfc));
-#else /* original version */
-#define D_ENCRYPT(L,R,S)	\
-	t=(R^(R>>16)); \
-	u=(t&E0); \
-	t=(t&E1); \
-	u=(u^(u<<16))^R^s[S  ]; \
-	t=(t^(t<<16))^R^s[S+1]; \
-	t=(t>>4)|(t<<28); \
-	L^=	SPtrans[1][(t    )&0x3f]| \
-		SPtrans[3][(t>> 8)&0x3f]| \
-		SPtrans[5][(t>>16)&0x3f]| \
-		SPtrans[7][(t>>24)&0x3f]| \
-		SPtrans[0][(u    )&0x3f]| \
-		SPtrans[2][(u>> 8)&0x3f]| \
-		SPtrans[4][(u>>16)&0x3f]| \
-		SPtrans[6][(u>>24)&0x3f];
-#endif
-
-static unsigned const char con_salt[128]={
-0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,
-0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,
-0x0A,0x0B,0x05,0x06,0x07,0x08,0x09,0x0A,
-0x0B,0x0C,0x0D,0x0E,0x0F,0x10,0x11,0x12,
-0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1A,
-0x1B,0x1C,0x1D,0x1E,0x1F,0x20,0x21,0x22,
-0x23,0x24,0x25,0x20,0x21,0x22,0x23,0x24,
-0x25,0x26,0x27,0x28,0x29,0x2A,0x2B,0x2C,
-0x2D,0x2E,0x2F,0x30,0x31,0x32,0x33,0x34,
-0x35,0x36,0x37,0x38,0x39,0x3A,0x3B,0x3C,
-0x3D,0x3E,0x3F,0x00,0x00,0x00,0x00,0x00,
-};
-
-static unsigned const char cov_2char[64]={
-0x2E,0x2F,0x30,0x31,0x32,0x33,0x34,0x35,
-0x36,0x37,0x38,0x39,0x41,0x42,0x43,0x44,
-0x45,0x46,0x47,0x48,0x49,0x4A,0x4B,0x4C,
-0x4D,0x4E,0x4F,0x50,0x51,0x52,0x53,0x54,
-0x55,0x56,0x57,0x58,0x59,0x5A,0x61,0x62,
-0x63,0x64,0x65,0x66,0x67,0x68,0x69,0x6A,
-0x6B,0x6C,0x6D,0x6E,0x6F,0x70,0x71,0x72,
-0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7A
-};
-
-#ifndef NOPROTO
-#ifdef PERL5
-char *des_crypt(char *buf,char *salt);
-#else
-char *crypt(char *buf,char *salt);
-#endif
-#else
-#ifdef PERL5
-char *des_crypt();
-#else
-char *crypt();
-#endif
-#endif
-
-#ifdef PERL5
-char *des_crypt(buf,salt)
-#else
-char *crypt(buf,salt)
-#endif
-char *buf;
-char *salt;
-	{
-	unsigned int i,j,x,y;
-	unsigned long Eswap0=0,Eswap1=0;
-	unsigned long out[2],ll;
-	des_cblock key;
-	des_key_schedule ks;
-	static unsigned char buff[20];
-	unsigned char bb[9];
-	unsigned char *b=bb;
-	unsigned char c,u;
-
-	/* eay 25/08/92
-	 * If you call crypt("pwd","*") as often happens when you
-	 * have * as the pwd field in /etc/passwd, the function
-	 * returns *\0XXXXXXXXX
-	 * The \0 makes the string look like * so the pwd "*" would
-	 * crypt to "*".  This was found when replacing the crypt in
-	 * our shared libraries.  People found that the disbled
-	 * accounts effectivly had no passwd :-(. */
-	x=buff[0]=((salt[0] == '\0')?'A':salt[0]);
-	Eswap0=con_salt[x];
-	x=buff[1]=((salt[1] == '\0')?'A':salt[1]);
-	Eswap1=con_salt[x]<<4;
-
-	for (i=0; i<8; i++)
-		{
-		c= *(buf++);
-		if (!c) break;
-		key[i]=(c<<1);
-		}
-	for (; i<8; i++)
-		key[i]=0;
-
-	des_set_key((des_cblock *)(key),ks);
-	body(&(out[0]),&(out[1]),ks,Eswap0,Eswap1);
-
-	ll=out[0]; l2c(ll,b);
-	ll=out[1]; l2c(ll,b);
-	y=0;
-	u=0x80;
-	bb[8]=0;
-	for (i=2; i<13; i++)
-		{
-		c=0;
-		for (j=0; j<6; j++)
-			{
-			c<<=1;
-			if (bb[y] & u) c|=1;
-			u>>=1;
-			if (!u)
-				{
-				y++;
-				u=0x80;
-				}
-			}
-		buff[i]=cov_2char[c];
-		}
-	buff[13]='\0';
-	return((char *)buff);
-	}
-
-static int body(out0, out1, ks, Eswap0, Eswap1)
-unsigned long *out0;
-unsigned long *out1;
-des_key_schedule ks;
-unsigned long Eswap0;
-unsigned long Eswap1;
-	{
-	register unsigned long l,r,t,u;
-#ifdef DES_USE_PTR
-	register unsigned char *des_SP=(unsigned char *)SPtrans;
-#endif
-	register unsigned long *s;
-	register int i,j;
-	register unsigned long E0,E1;
-
-	l=0;
-	r=0;
-
-	s=(unsigned long *)ks;
-	E0=Eswap0;
-	E1=Eswap1;
-
-	for (j=0; j<25; j++)
-		{
-		for (i=0; i<(ITERATIONS*2); i+=4)
-			{
-			D_ENCRYPT(l,r,  i);	/*  1 */
-			D_ENCRYPT(r,l,  i+2);	/*  2 */
-			}
-		t=l;
-		l=r;
-		r=t;
-		}
-	t=r;
-	r=(l>>1L)|(l<<31L);
-	l=(t>>1L)|(t<<31L);
-	/* clear the top bits on machines with 8byte longs */
-	l&=0xffffffffL;
-	r&=0xffffffffL;
-
-	PERM_OP(r,l,t, 1,0x55555555L);
-	PERM_OP(l,r,t, 8,0x00ff00ffL);
-	PERM_OP(r,l,t, 2,0x33333333L);
-	PERM_OP(l,r,t,16,0x0000ffffL);
-	PERM_OP(r,l,t, 4,0x0f0f0f0fL);
-
-	*out0=l;
-	*out1=r;
-	return(0);
-	}
-
diff --git a/secure/lib/libdes/makefile.bc b/secure/lib/libdes/makefile.bc
deleted file mode 100644
index 1fe6d4915a91..000000000000
--- a/secure/lib/libdes/makefile.bc
+++ /dev/null
@@ -1,50 +0,0 @@
-#
-# Origional BC Makefile from Teun <Teun.Nijssen@kub.nl>
-#
-#
-CC      = bcc
-TLIB    = tlib /0 /C
-# note: the -3 flag produces code for 386, 486, Pentium etc; omit it for 286s
-OPTIMIZE= -3 -O2
-#WINDOWS= -W
-CFLAGS  = -c -ml -d $(OPTIMIZE) $(WINDOWS) -DMSDOS
-LFLAGS  = -ml $(WINDOWS)
-
-.c.obj:
-	$(CC) $(CFLAGS) $*.c
-
-.obj.exe:
-	$(CC) $(LFLAGS) -e$*.exe $*.obj libdes.lib  
-
-all: $(LIB) destest.exe rpw.exe des.exe speed.exe
-
-# "make clean": use a directory containing only libdes .exe and .obj files...
-clean:
-	del *.exe
-	del *.obj
-	del libdes.lib
-	del libdes.rsp
-
-OBJS=   cbc_cksm.obj cbc_enc.obj  ecb_enc.obj  pcbc_enc.obj \
-	qud_cksm.obj rand_key.obj set_key.obj  str2key.obj \
-	enc_read.obj enc_writ.obj fcrypt.obj   cfb_enc.obj \
-	ecb3_enc.obj ofb_enc.obj  cbc3_enc.obj read_pwd.obj\
-	cfb64enc.obj ofb64enc.obj ede_enc.obj  cfb64ede.obj\
-	ofb64ede.obj supp.obj
-
-LIB=    libdes.lib
-
-$(LIB): $(OBJS)
-	del $(LIB)
-	makersp "+%s &\n" &&|
-	$(OBJS)
-|       >libdes.rsp
-	$(TLIB) libdes.lib @libdes.rsp,nul
-	del libdes.rsp
-
-destest.exe: destest.obj libdes.lib
-rpw.exe:     rpw.obj libdes.lib
-speed.exe:   speed.obj libdes.lib
-des.exe:     des.obj libdes.lib
-
-
diff --git a/secure/lib/libdes/ncbc_enc.c b/secure/lib/libdes/ncbc_enc.c
deleted file mode 100644
index d307ae407a86..000000000000
--- a/secure/lib/libdes/ncbc_enc.c
+++ /dev/null
@@ -1,120 +0,0 @@
-/* lib/des/ncbc_enc.c */
-/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
- * All rights reserved.
- * 
- * This file is part of an SSL implementation written
- * by Eric Young (eay@mincom.oz.au).
- * The implementation was written so as to conform with Netscapes SSL
- * specification.  This library and applications are
- * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
- * as long as the following conditions are aheared to.
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.  If this code is used in a product,
- * Eric Young should be given attribution as the author of the parts used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    This product includes software developed by Eric Young (eay@mincom.oz.au)
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-
-void des_ncbc_encrypt(input, output, length, schedule, ivec, encrypt)
-des_cblock (*input);
-des_cblock (*output);
-long length;
-des_key_schedule schedule;
-des_cblock (*ivec);
-int encrypt;
-	{
-	register unsigned long tin0,tin1;
-	register unsigned long tout0,tout1,xor0,xor1;
-	register unsigned char *in,*out;
-	register long l=length;
-	unsigned long tin[2];
-	unsigned char *iv;
-
-	in=(unsigned char *)input;
-	out=(unsigned char *)output;
-	iv=(unsigned char *)ivec;
-
-	if (encrypt)
-		{
-		c2l(iv,tout0);
-		c2l(iv,tout1);
-		for (; l>0; l-=8)
-			{
-			if (l >= 8)
-				{
-				c2l(in,tin0);
-				c2l(in,tin1);
-				}
-			else
-				c2ln(in,tin0,tin1,l);
-			tin0^=tout0; tin[0]=tin0;
-			tin1^=tout1; tin[1]=tin1;
-			des_encrypt((unsigned long *)tin,schedule,DES_ENCRYPT);
-			tout0=tin[0]; l2c(tout0,out);
-			tout1=tin[1]; l2c(tout1,out);
-			}
-		iv=(unsigned char *)ivec;
-		l2c(tout0,iv);
-		l2c(tout1,iv);
-		}
-	else
-		{
-		c2l(iv,xor0);
-		c2l(iv,xor1);
-		for (; l>0; l-=8)
-			{
-			c2l(in,tin0); tin[0]=tin0;
-			c2l(in,tin1); tin[1]=tin1;
-			des_encrypt((unsigned long *)tin,schedule,DES_DECRYPT);
-			tout0=tin[0]^xor0;
-			tout1=tin[1]^xor1;
-			if (l >= 8)
-				{
-				l2c(tout0,out);
-				l2c(tout1,out);
-				}
-			else
-				l2cn(tout0,tout1,out,l);
-			xor0=tin0;
-			xor1=tin1;
-			}
-		iv=(unsigned char *)ivec;
-		l2c(xor0,iv);
-		l2c(xor1,iv);
-		}
-	tin0=tin1=tout0=tout1=xor0=xor1=0;
-	tin[0]=tin[1]=0;
-	}
-
diff --git a/secure/lib/libdes/new_rkey.c b/secure/lib/libdes/new_rkey.c
deleted file mode 100644
index d15e02ad90a8..000000000000
--- a/secure/lib/libdes/new_rkey.c
+++ /dev/null
@@ -1,227 +0,0 @@
-/* lib/des/new_rkey.c */
-/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
- * All rights reserved.
- * 
- * This file is part of an SSL implementation written
- * by Eric Young (eay@mincom.oz.au).
- * The implementation was written so as to conform with Netscapes SSL
- * specification.  This library and applications are
- * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
- * as long as the following conditions are aheared to.
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.  If this code is used in a product,
- * Eric Young should be given attribution as the author of the parts used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    This product includes software developed by Eric Young (eay@mincom.oz.au)
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/*
- * Copyright (c) 1995
- *	Mark Murray.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by Mark Murray
- *	and Eric Young
- * 4. Neither the name of the author nor the names of any co-contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY MARK MURRAY AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * $Id: new_rkey.c,v 1.2 1996/02/10 15:54:48 markm Exp $
- */
-
-/* 21-Nov-95 - eay - I've finally put this into libdes, I have made a
- * few changes since it need to compile on all version of unix and
- * there were a few things that would not :-) */
-
-#include <fcntl.h>
-#include <stdio.h>
-#include <unistd.h>
-#include <sys/time.h>
-#include <sys/param.h>
-#include <sys/sysctl.h>
-#include <machine/types.h>
-
-#include "des_locl.h"
-
-/* This counter keeps track of the pseudo-random sequence */
-static union {
-	unsigned long ul0, ul1;
-	unsigned char uc[8];
-} counter;
-
-/* The current encryption schedule */
-static des_key_schedule current_key;
-
-/*
- *   des_set_random_generator_seed: starts a new pseudorandom sequence
- *                                  dependant on the supplied key
- */
-void
-des_set_random_generator_seed(new_key)
-	des_cblock *new_key;
-{
-	des_key_sched(new_key, current_key);
-
-	/* reset the counter */
-	counter.ul0 = counter.ul1 = 0;
-}
-
-/*
- *   des_set_sequence_number: set the counter to a known value
- */
-void
-des_set_sequence_number(new_counter)
-	des_cblock new_counter;
-{
-	memcpy((char *)counter.uc,(char *)new_counter,sizeof(counter));
-}
-
-/*
- *   des_generate_random_block: returns the next 64 bit random number
- */
-
-void des_generate_random_block(random_block)
-	des_cblock *random_block;
-{
-	/* Encrypt the counter to get pseudo-random numbers */
-    	des_ecb_encrypt(&counter.uc, random_block, current_key, DES_ENCRYPT);
-
-	/* increment the 64-bit counter 
-	 * (or that could be a 128 bit counter on a 64 bit box - eay */
-	if (!++counter.ul0) counter.ul1++;
-}
-
-/*
- *   des_new_random_key: Invents a new, random strong key with odd parity.
- */
-int 
-des_new_random_key(new_key)
-	des_cblock *new_key;
-{
-	do {
-		des_generate_random_block(new_key);
-		des_set_odd_parity(new_key);
-	} while (des_is_weak_key(new_key));
-	return(0);
-}
-
-/*
- *   des_init_random_number_generator: intialises the random number generator
- *                                     to a truly nasty sequence using system
- *                                     supplied volatile variables.
- */
-void
-des_init_random_number_generator(key)
-	des_cblock *key;
-{
-	/* 64-bit structures */
-	struct {
-		u_int32_t pid;
-		u_int32_t hostid;
-	} sysblock;
-	struct timeval timeblock;
-	struct {
-		u_int32_t tv_sec;
-		u_int32_t tv_usec;
-	} time64bit;
-	u_int32_t devrandom[2];
-	des_cblock new_key;
-	int mib[2];
-	size_t len;
-	int dr;
-
-	/* Get host ID using official BSD 4.4 method */
-	mib[0] = CTL_KERN;
-	mib[1] = KERN_HOSTID;
-	len = sizeof(sysblock.hostid);
-	sysctl(mib, 2, &sysblock.hostid, &len, NULL, 0);
-
-	/* Get Process ID */
-	sysblock.pid = getpid();
-
-	/* Generate a new key, and use it to seed the random generator */
-	des_set_random_generator_seed(key);
-	des_set_sequence_number((unsigned char *)&sysblock);
-	des_new_random_key(&new_key);
-	des_set_random_generator_seed(&new_key);
-
-	/* Try to confuse the sequence counter */
-	gettimeofday(&timeblock, NULL);
-	time64bit.tv_sec = (u_int32_t)timeblock.tv_sec;
-	time64bit.tv_usec = (u_int32_t)timeblock.tv_usec;
-	/* If /dev/random is available, read some muck */
-	dr = open("/dev/random", O_RDONLY);
-	if (dr >= 0) {
-		/* Set the descriptor into non-blocking mode. */
-		fcntl(dr, F_SETFL, O_NONBLOCK);
-		len = read(dr, devrandom, sizeof(devrandom));
-		close(dr);
-		if (len > 0) {
-			time64bit.tv_sec ^= devrandom[0];
-			time64bit.tv_usec ^= devrandom[1];
-		}
-#ifdef DEBUG
-		printf("DEBUG: read from /dev/random %d %x %x\n",
-			len, devrandom[0], devrandom[1]);
-#endif
-	}
-#ifdef DEBUG
-	else printf("Cannot open /dev/random\n");
-#endif
-	des_set_sequence_number((unsigned char *)&time64bit);
-
-	/* Do the work */
-	des_new_random_key(&new_key);
-	des_set_random_generator_seed(&new_key);
-}
diff --git a/secure/lib/libdes/ofb64ede.c b/secure/lib/libdes/ofb64ede.c
deleted file mode 100644
index 3868e76ee1f1..000000000000
--- a/secure/lib/libdes/ofb64ede.c
+++ /dev/null
@@ -1,126 +0,0 @@
-/* lib/des/ofb64ede.c */
-/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
- * All rights reserved.
- * 
- * This file is part of an SSL implementation written
- * by Eric Young (eay@mincom.oz.au).
- * The implementation was written so as to conform with Netscapes SSL
- * specification.  This library and applications are
- * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
- * as long as the following conditions are aheared to.
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.  If this code is used in a product,
- * Eric Young should be given attribution as the author of the parts used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    This product includes software developed by Eric Young (eay@mincom.oz.au)
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-
-/* The input and output encrypted as though 64bit ofb mode is being
- * used.  The extra state information to record how much of the
- * 64bit block we have used is contained in *num;
- */
-void des_ede3_ofb64_encrypt(in, out, length, k1,k2,k3, ivec, num)
-register unsigned char *in;
-register unsigned char *out;
-long length;
-des_key_schedule k1,k2,k3;
-des_cblock (*ivec);
-int *num;
-	{
-	register unsigned long v0,v1;
-	register int n=*num;
-	register long l=length;
-	des_cblock d;
-	register char *dp;
-	unsigned long ti[2];
-	unsigned char *iv;
-	int save=0;
-
-	iv=(unsigned char *)ivec;
-	c2l(iv,v0);
-	c2l(iv,v1);
-	ti[0]=v0;
-	ti[1]=v1;
-	dp=(char *)d;
-	l2c(v0,dp);
-	l2c(v1,dp);
-	while (l--)
-		{
-		if (n == 0)
-			{
-			IP(v0,v1);
-
-			ti[0]=v0;
-			ti[1]=v1;
-			des_encrypt2((unsigned long *)ti,k1,DES_ENCRYPT);
-			des_encrypt2((unsigned long *)ti,k2,DES_DECRYPT);
-			des_encrypt2((unsigned long *)ti,k3,DES_ENCRYPT);
-			v0=ti[0];
-			v1=ti[1];
-
-			FP(v1,v0);
-
-			dp=(char *)d;
-			l2c(v0,dp);
-			l2c(v1,dp);
-			save++;
-			}
-		*(out++)=*(in++)^d[n];
-		n=(n+1)&0x07;
-		}
-	if (save)
-		{
-/*		v0=ti[0];
-		v1=ti[1];*/
-		iv=(unsigned char *)ivec;
-		l2c(v0,iv);
-		l2c(v1,iv);
-		}
-	v0=v1=ti[0]=ti[1]=0;
-	*num=n;
-	}
-
-#ifdef undef /* MACRO */
-void des_ede2_ofb64_encrypt(in, out, length, k1,k2, ivec, num)
-register unsigned char *in;
-register unsigned char *out;
-long length;
-des_key_schedule k1,k2;
-des_cblock (*ivec);
-int *num;
-	{
-	des_ede3_ofb64_encrypt(in, out, length, k1,k2,k1, ivec, num);
-	}
-#endif
diff --git a/secure/lib/libdes/ofb64enc.c b/secure/lib/libdes/ofb64enc.c
deleted file mode 100644
index bc8dd8c82716..000000000000
--- a/secure/lib/libdes/ofb64enc.c
+++ /dev/null
@@ -1,103 +0,0 @@
-/* lib/des/ofb64enc.c */
-/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
- * All rights reserved.
- * 
- * This file is part of an SSL implementation written
- * by Eric Young (eay@mincom.oz.au).
- * The implementation was written so as to conform with Netscapes SSL
- * specification.  This library and applications are
- * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
- * as long as the following conditions are aheared to.
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.  If this code is used in a product,
- * Eric Young should be given attribution as the author of the parts used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    This product includes software developed by Eric Young (eay@mincom.oz.au)
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-
-/* The input and output encrypted as though 64bit ofb mode is being
- * used.  The extra state information to record how much of the
- * 64bit block we have used is contained in *num;
- */
-void des_ofb64_encrypt(in, out, length, schedule, ivec, num)
-register unsigned char *in;
-register unsigned char *out;
-long length;
-des_key_schedule schedule;
-des_cblock (*ivec);
-int *num;
-	{
-	register unsigned long v0,v1,t;
-	register int n=*num;
-	register long l=length;
-	des_cblock d;
-	register char *dp;
-	unsigned long ti[2];
-	unsigned char *iv;
-	int save=0;
-
-	iv=(unsigned char *)ivec;
-	c2l(iv,v0);
-	c2l(iv,v1);
-	ti[0]=v0;
-	ti[1]=v1;
-	dp=(char *)d;
-	l2c(v0,dp);
-	l2c(v1,dp);
-	while (l--)
-		{
-		if (n == 0)
-			{
-			des_encrypt((unsigned long *)ti,schedule,DES_ENCRYPT);
-			dp=(char *)d;
-			t=ti[0]; l2c(t,dp);
-			t=ti[1]; l2c(t,dp);
-			save++;
-			}
-		*(out++)=*(in++)^d[n];
-		n=(n+1)&0x07;
-		}
-	if (save)
-		{
-		v0=ti[0];
-		v1=ti[1];
-		iv=(unsigned char *)ivec;
-		l2c(v0,iv);
-		l2c(v1,iv);
-		}
-	t=v0=v1=ti[0]=ti[1]=0;
-	*num=n;
-	}
-
diff --git a/secure/lib/libdes/ofb_enc.c b/secure/lib/libdes/ofb_enc.c
deleted file mode 100644
index e95caddd85c6..000000000000
--- a/secure/lib/libdes/ofb_enc.c
+++ /dev/null
@@ -1,111 +0,0 @@
-/* lib/des/ofb_enc.c */
-/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
- * All rights reserved.
- * 
- * This file is part of an SSL implementation written
- * by Eric Young (eay@mincom.oz.au).
- * The implementation was written so as to conform with Netscapes SSL
- * specification.  This library and applications are
- * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
- * as long as the following conditions are aheared to.
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.  If this code is used in a product,
- * Eric Young should be given attribution as the author of the parts used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    This product includes software developed by Eric Young (eay@mincom.oz.au)
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-
-/* The input and output are loaded in multiples of 8 bits.
- * What this means is that if you hame numbits=12 and length=2
- * the first 12 bits will be retrieved from the first byte and half
- * the second.  The second 12 bits will come from the 3rd and half the 4th
- * byte.
- */
-void des_ofb_encrypt(in, out, numbits, length, schedule, ivec)
-unsigned char *in;
-unsigned char *out;
-int numbits;
-long length;
-des_key_schedule schedule;
-des_cblock (*ivec);
-	{
-	register unsigned long d0,d1,v0,v1,n=(numbits+7)/8;
-	register unsigned long mask0,mask1;
-	register long l=length;
-	register int num=numbits;
-	unsigned long ti[2];
-	unsigned char *iv;
-
-	if (num > 64) return;
-	if (num > 32)
-		{
-		mask0=0xffffffffL;
-		if (num >= 64)
-			mask1=mask0;
-		else
-			mask1=(1L<<(num-32))-1;
-		}
-	else
-		{
-		if (num == 32)
-			mask0=0xffffffffL;
-		else
-			mask0=(1L<<num)-1;
-		mask1=0x00000000;
-		}
-
-	iv=(unsigned char *)ivec;
-	c2l(iv,v0);
-	c2l(iv,v1);
-	ti[0]=v0;
-	ti[1]=v1;
-	while (l-- > 0)
-		{
-		des_encrypt((unsigned long *)ti,schedule,DES_ENCRYPT);
-		c2ln(in,d0,d1,n);
-		in+=n;
-		d0=(d0^ti[0])&mask0;
-		d1=(d1^ti[1])&mask1;
-		l2cn(d0,d1,out,n);
-		out+=n;
-		}
-	v0=ti[0];
-	v1=ti[1];
-	iv=(unsigned char *)ivec;
-	l2c(v0,iv);
-	l2c(v1,iv);
-	v0=v1=d0=d1=ti[0]=ti[1]=0;
-	}
-
diff --git a/secure/lib/libdes/pcbc_enc.c b/secure/lib/libdes/pcbc_enc.c
deleted file mode 100644
index b17a6d702080..000000000000
--- a/secure/lib/libdes/pcbc_enc.c
+++ /dev/null
@@ -1,115 +0,0 @@
-/* lib/des/pcbc_enc.c */
-/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
- * All rights reserved.
- * 
- * This file is part of an SSL implementation written
- * by Eric Young (eay@mincom.oz.au).
- * The implementation was written so as to conform with Netscapes SSL
- * specification.  This library and applications are
- * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
- * as long as the following conditions are aheared to.
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.  If this code is used in a product,
- * Eric Young should be given attribution as the author of the parts used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    This product includes software developed by Eric Young (eay@mincom.oz.au)
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-
-void des_pcbc_encrypt(input, output, length, schedule, ivec, encrypt)
-des_cblock (*input);
-des_cblock (*output);
-long length;
-des_key_schedule schedule;
-des_cblock (*ivec);
-int encrypt;
-	{
-	register unsigned long sin0,sin1,xor0,xor1,tout0,tout1;
-	unsigned long tin[2];
-	unsigned char *in,*out,*iv;
-
-	in=(unsigned char *)input;
-	out=(unsigned char *)output;
-	iv=(unsigned char *)ivec;
-
-	if (encrypt)
-		{
-		c2l(iv,xor0);
-		c2l(iv,xor1);
-		for (; length>0; length-=8)
-			{
-			if (length >= 8)
-				{
-				c2l(in,sin0);
-				c2l(in,sin1);
-				}
-			else
-				c2ln(in,sin0,sin1,length);
-			tin[0]=sin0^xor0;
-			tin[1]=sin1^xor1;
-			des_encrypt((unsigned long *)tin,schedule,DES_ENCRYPT);
-			tout0=tin[0];
-			tout1=tin[1];
-			xor0=sin0^tout0;
-			xor1=sin1^tout1;
-			l2c(tout0,out);
-			l2c(tout1,out);
-			}
-		}
-	else
-		{
-		c2l(iv,xor0); c2l(iv,xor1);
-		for (; length>0; length-=8)
-			{
-			c2l(in,sin0);
-			c2l(in,sin1);
-			tin[0]=sin0;
-			tin[1]=sin1;
-			des_encrypt((unsigned long *)tin,schedule,DES_DECRYPT);
-			tout0=tin[0]^xor0;
-			tout1=tin[1]^xor1;
-			if (length >= 8)
-				{
-				l2c(tout0,out);
-				l2c(tout1,out);
-				}
-			else
-				l2cn(tout0,tout1,out,length);
-			xor0=tout0^sin0;
-			xor1=tout1^sin1;
-			}
-		}
-	tin[0]=tin[1]=0;
-	sin0=sin1=xor0=xor1=tout0=tout1=0;
-	}
diff --git a/secure/lib/libdes/podd.h b/secure/lib/libdes/podd.h
deleted file mode 100644
index 96846d24ca47..000000000000
--- a/secure/lib/libdes/podd.h
+++ /dev/null
@@ -1,64 +0,0 @@
-/* lib/des/podd.h */
-/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
- * All rights reserved.
- * 
- * This file is part of an SSL implementation written
- * by Eric Young (eay@mincom.oz.au).
- * The implementation was written so as to conform with Netscapes SSL
- * specification.  This library and applications are
- * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
- * as long as the following conditions are aheared to.
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.  If this code is used in a product,
- * Eric Young should be given attribution as the author of the parts used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    This product includes software developed by Eric Young (eay@mincom.oz.au)
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-static const unsigned char odd_parity[256]={
-  1,  1,  2,  2,  4,  4,  7,  7,  8,  8, 11, 11, 13, 13, 14, 14,
- 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31,
- 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47,
- 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62,
- 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79,
- 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94,
- 97, 97, 98, 98,100,100,103,103,104,104,107,107,109,109,110,110,
-112,112,115,115,117,117,118,118,121,121,122,122,124,124,127,127,
-128,128,131,131,133,133,134,134,137,137,138,138,140,140,143,143,
-145,145,146,146,148,148,151,151,152,152,155,155,157,157,158,158,
-161,161,162,162,164,164,167,167,168,168,171,171,173,173,174,174,
-176,176,179,179,181,181,182,182,185,185,186,186,188,188,191,191,
-193,193,194,194,196,196,199,199,200,200,203,203,205,205,206,206,
-208,208,211,211,213,213,214,214,217,217,218,218,220,220,223,223,
-224,224,227,227,229,229,230,230,233,233,234,234,236,236,239,239,
-241,241,242,242,244,244,247,247,248,248,251,251,253,253,254,254};
diff --git a/secure/lib/libdes/qud_cksm.c b/secure/lib/libdes/qud_cksm.c
deleted file mode 100644
index e2c6ffd2ef85..000000000000
--- a/secure/lib/libdes/qud_cksm.c
+++ /dev/null
@@ -1,133 +0,0 @@
-/* lib/des/qud_cksm.c */
-/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
- * All rights reserved.
- * 
- * This file is part of an SSL implementation written
- * by Eric Young (eay@mincom.oz.au).
- * The implementation was written so as to conform with Netscapes SSL
- * specification.  This library and applications are
- * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
- * as long as the following conditions are aheared to.
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.  If this code is used in a product,
- * Eric Young should be given attribution as the author of the parts used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    This product includes software developed by Eric Young (eay@mincom.oz.au)
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* From "Message Authentication"  R.R. Jueneman, S.M. Matyas, C.H. Meyer
- * IEEE Communications Magazine Sept 1985 Vol. 23 No. 9 p 29-40
- * This module in only based on the code in this paper and is
- * almost definitely not the same as the MIT implementation.
- */
-#include "des_locl.h"
-
-/* bug fix for dos - 7/6/91 - Larry hughes@logos.ucs.indiana.edu */
-#define B0(a)	(((unsigned long)(a)))
-#define B1(a)	(((unsigned long)(a))<<8)
-#define B2(a)	(((unsigned long)(a))<<16)
-#define B3(a)	(((unsigned long)(a))<<24)
-
-/* used to scramble things a bit */
-/* Got the value MIT uses via brute force :-) 2/10/90 eay */
-#define NOISE	((unsigned long)83653421L)
-
-unsigned long des_quad_cksum(input, output, length, out_count, seed)
-des_cblock (*input);
-des_cblock (*output);
-long length;
-int out_count;
-des_cblock (*seed);
-	{
-	unsigned long z0,z1,t0,t1;
-	int i;
-	long l=0;
-	unsigned char *cp;
-	unsigned char *lp;
-
-	if (out_count < 1) out_count=1;
-	lp=(unsigned char *)output;
-
-	z0=B0((*seed)[0])|B1((*seed)[1])|B2((*seed)[2])|B3((*seed)[3]);
-	z1=B0((*seed)[4])|B1((*seed)[5])|B2((*seed)[6])|B3((*seed)[7]);
-
-	for (i=0; ((i<4)&&(i<out_count)); i++)
-		{
-		cp=(unsigned char *)input;
-		l=length;
-		while (l > 0)
-			{
-			if (l > 1)
-				{
-				t0= (unsigned long)(*(cp++));
-				t0|=(unsigned long)B1(*(cp++));
-				l--;
-				}
-			else
-				t0= (unsigned long)(*(cp++));
-			l--;
-			/* add */
-			t0+=z0;
-			t0&=0xffffffffL;
-			t1=z1;
-			/* square, well sort of square */
-			z0=((((t0*t0)&0xffffffffL)+((t1*t1)&0xffffffffL))
-				&0xffffffffL)%0x7fffffffL; 
-			z1=((t0*((t1+NOISE)&0xffffffffL))&0xffffffffL)%0x7fffffffL;
-			}
-		if (lp != NULL)
-			{
-			/* I believe I finally have things worked out.
-			 * The MIT library assumes that the checksum
-			 * is one huge number and it is returned in a
-			 * host dependant byte order.
-			 */
-			static unsigned long ltmp=1;
-			static unsigned char *c=(unsigned char *)&ltmp;
-
-			if (c[0])
-				{
-				l2c(z0,lp);
-				l2c(z1,lp);
-				}
-			else
-				{
-				lp=output[out_count-i-1];
-				l2n(z1,lp);
-				l2n(z0,lp);
-				}
-			}
-		}
-	return(z0);
-	}
-
diff --git a/secure/lib/libdes/rand_key.c b/secure/lib/libdes/rand_key.c
deleted file mode 100644
index c4c4caaf95ca..000000000000
--- a/secure/lib/libdes/rand_key.c
+++ /dev/null
@@ -1,107 +0,0 @@
-/* lib/des/rand_key.c */
-/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
- * All rights reserved.
- * 
- * This file is part of an SSL implementation written
- * by Eric Young (eay@mincom.oz.au).
- * The implementation was written so as to conform with Netscapes SSL
- * specification.  This library and applications are
- * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
- * as long as the following conditions are aheared to.
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.  If this code is used in a product,
- * Eric Young should be given attribution as the author of the parts used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    This product includes software developed by Eric Young (eay@mincom.oz.au)
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-#include <time.h>
-
-static int seed=0;
-static des_cblock init;
-
-void des_random_seed(key)
-des_cblock key;
-	{
-	memcpy(init,key,sizeof(des_cblock));
-	seed=1;
-	}
-
-void des_random_key(ret)
-unsigned char *ret;
-	{
-	des_key_schedule ks;
-	static unsigned long c=0;
-	static unsigned short pid=0;
-	static des_cblock data={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};
-	des_cblock key;
-	unsigned char *p;
-	unsigned long t;
-	int i;
-
-#ifdef MSDOS
-	pid=1;
-#else
-	if (!pid) pid=getpid();
-#endif
-	p=key;
-	if (seed)
-		{
-		for (i=0; i<8; i++)
-			{
-			data[i] ^= init[i];
-			init[i]=0;
-			}
-		seed=0;
-		}
-	t=(unsigned long)time(NULL);
-	l2c(t,p);
-	t=(unsigned long)((pid)|((c++)<<16));
-	l2c(t,p);
-
-	des_set_odd_parity((des_cblock *)data);
-	des_set_key((des_cblock *)data,ks);
-	des_cbc_cksum((des_cblock *)key,(des_cblock *)key,
-		(long)sizeof(key),ks,(des_cblock *)data);
-
-	des_set_odd_parity((des_cblock *)key);
-	des_set_key((des_cblock *)key,ks);
-	des_cbc_cksum((des_cblock *)key,(des_cblock *)data,
-		(long)sizeof(key),ks,(des_cblock *)key);
-
-	memcpy(ret,data,sizeof(key));
-	memset(key,0,sizeof(key));
-	memset(ks,0,sizeof(ks));
-	t=0;
-	}
diff --git a/secure/lib/libdes/read_pwd.c b/secure/lib/libdes/read_pwd.c
deleted file mode 100644
index bebad0c1da97..000000000000
--- a/secure/lib/libdes/read_pwd.c
+++ /dev/null
@@ -1,380 +0,0 @@
-/* lib/des/read_pwd.c */
-/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
- * All rights reserved.
- * 
- * This file is part of an SSL implementation written
- * by Eric Young (eay@mincom.oz.au).
- * The implementation was written so as to conform with Netscapes SSL
- * specification.  This library and applications are
- * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
- * as long as the following conditions are aheared to.
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.  If this code is used in a product,
- * Eric Young should be given attribution as the author of the parts used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    This product includes software developed by Eric Young (eay@mincom.oz.au)
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* 06-Apr-92 Luke Brennan    Support for VMS */
-#include "des_locl.h"
-#include <signal.h>
-#include <string.h>
-#include <setjmp.h>
-
-/* There are 5 types of terminal interface supported,
- * TERMIO, TERMIOS, VMS, MSDOS and SGTTY
- */
-
-#if defined(sgi) || defined(__sgi)
-#define TERMIOS
-#undef TERMIO
-#undef SGTTY
-#endif
-
-#ifdef _LIBC
-#define TERMIO
-#endif
-
-#if !defined(TERMIO) && !defined(TERMIOS) && !defined(VMS) && !defined(MSDOS)
-#define SGTTY
-#endif
-
-#ifdef TERMIOS
-#include <termios.h>
-#define TTY_STRUCT		struct termios
-#define TTY_FLAGS		c_lflag
-#define	TTY_get(tty,data)	tcgetattr(tty,data)
-#define TTY_set(tty,data)	tcsetattr(tty,TCSANOW,data)
-#endif
-
-#ifdef TERMIO
-#include <termio.h>
-#define TTY_STRUCT		struct termio
-#define TTY_FLAGS		c_lflag
-#define TTY_get(tty,data)	ioctl(tty,TCGETA,data)
-#define TTY_set(tty,data)	ioctl(tty,TCSETA,data)
-#endif
-
-#ifdef SGTTY
-#include <sgtty.h>
-#define TTY_STRUCT		struct sgttyb
-#define TTY_FLAGS		sg_flags
-#define TTY_get(tty,data)	ioctl(tty,TIOCGETP,data)
-#define TTY_set(tty,data)	ioctl(tty,TIOCSETP,data)
-#endif
-
-#ifndef _LIBC
-#include <sys/ioctl.h>
-#endif
-
-#ifdef MSDOS
-#include <conio.h>
-#define fgets(a,b,c) noecho_fgets(a,b,c)
-#endif
-
-#ifdef VMS
-#include <ssdef.h>
-#include <iodef.h>
-#include <ttdef.h>
-#include <descrip.h>
-struct IOSB {
-	short iosb$w_value;
-	short iosb$w_count;
-	long  iosb$l_info;
-	};
-#endif
-
-#ifndef NX509_SIG
-#define NX509_SIG 32
-#endif
-
-#ifndef NOPROTO
-static void read_till_nl(FILE *);
-static int read_pw(char *buf, char *buff, int size, char *prompt, int verify);
-static void recsig(int);
-static void pushsig(void);
-static void popsig(void);
-#ifdef MSDOS
-static int noecho_fgets(char *buf, int size, FILE *tty);
-#endif
-#else
-static void read_till_nl();
-static int read_pw();
-static void recsig();
-static void pushsig();
-static void popsig();
-#ifdef MSDOS
-static int noecho_fgets();
-#endif
-#endif
-
-static void (*savsig[NX509_SIG])();
-static jmp_buf save;
-
-int des_read_password(key, prompt, verify)
-des_cblock (*key);
-char *prompt;
-int verify;
-	{
-	int ok;
-	char buf[BUFSIZ],buff[BUFSIZ];
-
-	if ((ok=read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
-		des_string_to_key(buf,key);
-	memset(buf,0,BUFSIZ);
-	memset(buff,0,BUFSIZ);
-	return(ok);
-	}
-
-int des_read_2passwords(key1, key2, prompt, verify)
-des_cblock (*key1);
-des_cblock (*key2);
-char *prompt;
-int verify;
-	{
-	int ok;
-	char buf[BUFSIZ],buff[BUFSIZ];
-
-	if ((ok=read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
-		des_string_to_2keys(buf,key1,key2);
-	memset(buf,0,BUFSIZ);
-	memset(buff,0,BUFSIZ);
-	return(ok);
-	}
-
-int des_read_pw_string(buf, length, prompt, verify)
-char *buf;
-int length;
-char *prompt;
-int verify;
-	{
-	char buff[BUFSIZ];
-	int ret;
-
-	ret=read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify);
-	memset(buff,0,BUFSIZ);
-	return(ret);
-	}
-
-static void read_till_nl(in)
-FILE *in;
-	{
-#define SIZE 4
-	char buf[SIZE+1];
-
-	do	{
-		fgets(buf,SIZE,in);
-		} while (strchr(buf,'\n') == NULL);
-	}
-
-/* return 0 if ok, 1 (or -1) otherwise */
-static int read_pw(buf, buff, size, prompt, verify)
-char *buf;
-char *buff;
-int size;
-char *prompt;
-int verify;
-	{
-#ifdef VMS
-	struct IOSB iosb;
-	$DESCRIPTOR(terminal,"TT");
-	long tty_orig[3], tty_new[3];
-	long status;
-	unsigned short channel = 0;
-#else
-#ifndef MSDOS
-	TTY_STRUCT tty_orig,tty_new;
-#endif
-#endif
-	int number=5;
-	int ok=0;
-	int ps=0;
-	FILE *tty=NULL;
-	char *p;
-
-#ifndef MSDOS
-	if ((tty=fopen("/dev/tty","r")) == NULL)
-		tty=stdin;
-#else /* MSDOS */
-	if ((tty=fopen("con","r")) == NULL)
-		tty=stdin;
-#endif /* MSDOS */
-
-#if defined(TTY_get) && !defined(VMS)
-	if (TTY_get(fileno(tty),&tty_orig) == -1)
-		return(-1);
-	memcpy(&(tty_new),&(tty_orig),sizeof(tty_orig));
-#endif
-#ifdef VMS
-	status = SYS$ASSIGN(&terminal,&channel,0,0);
-	if (status != SS$_NORMAL)
-		return(-1);
-	status=SYS$QIOW(0,channel,IO$_SENSEMODE,&iosb,0,0,tty_orig,12,0,0,0,0);
-	if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
-		return(-1);
-#endif
-
-	if (setjmp(save))
-		{
-		ok=0;
-		goto error;
-		}
-	pushsig();
-	ps=1;
-
-#ifdef TTY_FLAGS
-	tty_new.TTY_FLAGS &= ~ECHO;
-#endif
-
-#if defined(TTY_set) && !defined(VMS)
-	if (TTY_set(fileno(tty),&tty_new) == -1)
-		return(-1);
-#endif
-#ifdef VMS
-	tty_new[0] = tty_orig[0];
-	tty_new[1] = tty_orig[1] | TT$M_NOECHO;
-	tty_new[2] = tty_orig[2];
-	status = SYS$QIOW(0,channel,IO$_SETMODE,&iosb,0,0,tty_new,12,0,0,0,0);
-	if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
-		return(-1);
-#endif
-	ps=2;
-
-	while ((!ok) && (number--))
-		{
-		fputs(prompt,stderr);
-		fflush(stderr);
-
-		buf[0]='\0';
-		fgets(buf,size,tty);
-		if (feof(tty)) goto error;
-		if ((p=(char *)strchr(buf,'\n')) != NULL)
-			*p='\0';
-		else	read_till_nl(tty);
-		if (verify)
-			{
-			fprintf(stderr,"\nVerifying password %s",prompt);
-			fflush(stderr);
-			buff[0]='\0';
-			fgets(buff,size,tty);
-			if (feof(tty)) goto error;
-			if ((p=(char *)strchr(buff,'\n')) != NULL)
-				*p='\0';
-			else	read_till_nl(tty);
-				
-			if (strcmp(buf,buff) != 0)
-				{
-				fprintf(stderr,"\nVerify failure");
-				fflush(stderr);
-				break;
-				/* continue; */
-				}
-			}
-		ok=1;
-		}
-
-error:
-	fprintf(stderr,"\n");
-	/* What can we do if there is an error? */
-#if defined(TTY_set) && !defined(VMS) 
-	if (ps >= 2) TTY_set(fileno(tty),&tty_orig);
-#endif
-#ifdef VMS
-	if (ps >= 2)
-		status = SYS$QIOW(0,channel,IO$_SETMODE,&iosb,0,0
-			,tty_orig,12,0,0,0,0);
-#endif
-	
-	if (ps >= 1) popsig();
-	if (stdin != tty) fclose(tty);
-#ifdef VMS
-	status = SYS$DASSGN(channel);
-#endif
-	return(!ok);
-	}
-
-static void pushsig()
-	{
-	int i;
-
-	for (i=1; i<NX509_SIG; i++)
-		savsig[i]=signal(i,recsig);
-	}
-
-static void popsig()
-	{
-	int i;
-
-	for (i=1; i<NX509_SIG; i++)
-		signal(i,savsig[i]);
-	}
-
-static void recsig(i)
-int i;
-	{
-	longjmp(save,1);
-#ifdef LINT
-	i=i;
-#endif
-	}
-
-#ifdef MSDOS
-static int noecho_fgets(buf,size,tty)
-char *buf;
-int size;
-FILE *tty;
-	{
-	int i,n;
-	char *p;
-
-	p=buf;
-	for (;;)
-		{
-		if (size == 0)
-			{
-			*p='\0';
-			break;
-			}
-		size--;
-		i=getch();
-		if (i == '\r') i='\n';
-		*(p++)=i;
-		if (i == '\n')
-			{
-			*p='\0';
-			break;
-			}
-		}
-	return(strlen(buf));
-	}
-#endif
diff --git a/secure/lib/libdes/rpc_des.h b/secure/lib/libdes/rpc_des.h
deleted file mode 100644
index e316b78a0d8f..000000000000
--- a/secure/lib/libdes/rpc_des.h
+++ /dev/null
@@ -1,115 +0,0 @@
-/* lib/des/rpc_des.h */
-/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
- * All rights reserved.
- * 
- * This file is part of an SSL implementation written
- * by Eric Young (eay@mincom.oz.au).
- * The implementation was written so as to conform with Netscapes SSL
- * specification.  This library and applications are
- * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
- * as long as the following conditions are aheared to.
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.  If this code is used in a product,
- * Eric Young should be given attribution as the author of the parts used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    This product includes software developed by Eric Young (eay@mincom.oz.au)
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/*  @(#)des.h	2.2 88/08/10 4.0 RPCSRC; from 2.7 88/02/08 SMI  */
-/*
- * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
- * unrestricted use provided that this legend is included on all tape
- * media and as a part of the software program in whole or part.  Users
- * may copy or modify Sun RPC without charge, but are not authorized
- * to license or distribute it to anyone else except as part of a product or
- * program developed by the user.
- * 
- * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
- * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- * 
- * Sun RPC is provided with no support and without any obligation on the
- * part of Sun Microsystems, Inc. to assist in its use, correction,
- * modification or enhancement.
- * 
- * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
- * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
- * OR ANY PART THEREOF.
- * 
- * In no event will Sun Microsystems, Inc. be liable for any lost revenue
- * or profits or other special, indirect and consequential damages, even if
- * Sun has been advised of the possibility of such damages.
- * 
- * Sun Microsystems, Inc.
- * 2550 Garcia Avenue
- * Mountain View, California  94043
- */
-/*
- * Generic DES driver interface
- * Keep this file hardware independent!
- * Copyright (c) 1986 by Sun Microsystems, Inc.
- */
-
-#define DES_MAXLEN 	65536	/* maximum # of bytes to encrypt  */
-#define DES_QUICKLEN	16	/* maximum # of bytes to encrypt quickly */
-
-enum desdir { ENCRYPT, DECRYPT };
-enum desmode { CBC, ECB };
-
-/*
- * parameters to ioctl call
- */
-struct desparams {
-	unsigned char des_key[8];	/* key (with low bit parity) */
-	enum desdir des_dir;	/* direction */
-	enum desmode des_mode;	/* mode */
-	unsigned char des_ivec[8];	/* input vector */
-	unsigned des_len;	/* number of bytes to crypt */
-	union {
-		unsigned char UDES_data[DES_QUICKLEN];
-		unsigned char *UDES_buf;
-	} UDES;
-#	define des_data UDES.UDES_data	/* direct data here if quick */
-#	define des_buf	UDES.UDES_buf	/* otherwise, pointer to data */
-};
-
-/*
- * Encrypt an arbitrary sized buffer
- */
-#define	DESIOCBLOCK	_IOWR(d, 6, struct desparams)
-
-/* 
- * Encrypt of small amount of data, quickly
- */
-#define DESIOCQUICK	_IOWR(d, 7, struct desparams) 
-
diff --git a/secure/lib/libdes/rpc_enc.c b/secure/lib/libdes/rpc_enc.c
deleted file mode 100644
index b9b38986c951..000000000000
--- a/secure/lib/libdes/rpc_enc.c
+++ /dev/null
@@ -1,96 +0,0 @@
-/* lib/des/rpc_enc.c */
-/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
- * All rights reserved.
- * 
- * This file is part of an SSL implementation written
- * by Eric Young (eay@mincom.oz.au).
- * The implementation was written so as to conform with Netscapes SSL
- * specification.  This library and applications are
- * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
- * as long as the following conditions are aheared to.
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.  If this code is used in a product,
- * Eric Young should be given attribution as the author of the parts used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    This product includes software developed by Eric Young (eay@mincom.oz.au)
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "rpc_des.h"
-#include "des_locl.h"
-#include "version.h"
-
-#ifndef NOPROTO
-int _des_crypt(char *buf,int len,struct desparams *desp);
-#else
-int _des_crypt();
-#endif
-
-int _des_crypt(buf, len, desp)
-char *buf;
-int len;
-struct desparams *desp;
-	{
-	Key_schedule ks;
-	int enc;
-
-	des_set_key((des_cblock *)desp->des_key,ks);
-	enc=(desp->des_dir == ENCRYPT)?DES_ENCRYPT:DES_DECRYPT;
-
-	if (desp->des_mode == CBC)
-		des_ecb_encrypt((des_cblock *)desp->UDES.UDES_buf,
-				(des_cblock *)desp->UDES.UDES_buf,ks,enc);
-	else
-		{
-		des_ncbc_encrypt((des_cblock *)desp->UDES.UDES_buf,
-				(des_cblock *)desp->UDES.UDES_buf,
-				(long)len,ks,
-				(des_cblock *)desp->des_ivec,enc);
-#ifdef undef
-		/* len will always be %8 if called from common_crypt
-		 * in secure_rpc.
-		 * Libdes's cbc encrypt does not copy back the iv,
-		 * so we have to do it here. */
-		/* It does now :-) eay 20/09/95 */
-
-		a=(char *)&(desp->UDES.UDES_buf[len-8]);
-		b=(char *)&(desp->des_ivec[0]);
-
-		*(a++)= *(b++); *(a++)= *(b++);
-		*(a++)= *(b++); *(a++)= *(b++);
-		*(a++)= *(b++); *(a++)= *(b++);
-		*(a++)= *(b++); *(a++)= *(b++);
-#endif
-		}
-	return(1);	
-	}
-
diff --git a/secure/lib/libdes/rpw.c b/secure/lib/libdes/rpw.c
deleted file mode 100644
index 2213a56a93ce..000000000000
--- a/secure/lib/libdes/rpw.c
+++ /dev/null
@@ -1,90 +0,0 @@
-/* lib/des/rpw.c */
-/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
- * All rights reserved.
- * 
- * This file is part of an SSL implementation written
- * by Eric Young (eay@mincom.oz.au).
- * The implementation was written so as to conform with Netscapes SSL
- * specification.  This library and applications are
- * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
- * as long as the following conditions are aheared to.
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.  If this code is used in a product,
- * Eric Young should be given attribution as the author of the parts used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    This product includes software developed by Eric Young (eay@mincom.oz.au)
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "des.h"
-
-int main(argc,argv)
-int argc;
-char *argv[];
-	{
-	des_cblock k,k1;
-	int i;
-
-	printf("read passwd\n");
-	if ((i=des_read_password((C_Block *)k,"Enter password:",0)) == 0)
-		{
-		printf("password = ");
-		for (i=0; i<8; i++)
-			printf("%02x ",k[i]);
-		}
-	else
-		printf("error %d\n",i);
-	printf("\n");
-	printf("read 2passwds and verify\n");
-	if ((i=des_read_2passwords((C_Block *)k,(C_Block *)k1,
-		"Enter verified password:",1)) == 0)
-		{
-		printf("password1 = ");
-		for (i=0; i<8; i++)
-			printf("%02x ",k[i]);
-		printf("\n");
-		printf("password2 = ");
-		for (i=0; i<8; i++)
-			printf("%02x ",k1[i]);
-		printf("\n");
-		exit(1);
-		}
-	else
-		{
-		printf("error %d\n",i);
-		exit(0);
-		}
-#ifdef LINT
-	return(0);
-#endif
-	}
diff --git a/secure/lib/libdes/set_key.c b/secure/lib/libdes/set_key.c
deleted file mode 100644
index 209a07d35726..000000000000
--- a/secure/lib/libdes/set_key.c
+++ /dev/null
@@ -1,234 +0,0 @@
-/* lib/des/set_key.c */
-/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
- * All rights reserved.
- * 
- * This file is part of an SSL implementation written
- * by Eric Young (eay@mincom.oz.au).
- * The implementation was written so as to conform with Netscapes SSL
- * specification.  This library and applications are
- * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
- * as long as the following conditions are aheared to.
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.  If this code is used in a product,
- * Eric Young should be given attribution as the author of the parts used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    This product includes software developed by Eric Young (eay@mincom.oz.au)
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* set_key.c v 1.4 eay 24/9/91
- * 1.4 Speed up by 400% :-)
- * 1.3 added register declarations.
- * 1.2 unrolled make_key_sched a bit more
- * 1.1 added norm_expand_bits
- * 1.0 First working version
- */
-#include "des_locl.h"
-#include "podd.h"
-#include "sk.h"
-
-#ifndef NOPROTO
-static int check_parity(des_cblock (*key));
-#else
-static int check_parity();
-#endif
-
-int des_check_key=0;
-
-void des_set_odd_parity(key)
-des_cblock (*key);
-	{
-	int i;
-
-	for (i=0; i<DES_KEY_SZ; i++)
-		(*key)[i]=odd_parity[(*key)[i]];
-	}
-
-static int check_parity(key)
-des_cblock (*key);
-	{
-	int i;
-
-	for (i=0; i<DES_KEY_SZ; i++)
-		{
-		if ((*key)[i] != odd_parity[(*key)[i]])
-			return(0);
-		}
-	return(1);
-	}
-
-/* Weak and semi week keys as take from
- * %A D.W. Davies
- * %A W.L. Price
- * %T Security for Computer Networks
- * %I John Wiley & Sons
- * %D 1984
- * Many thanks to smb@ulysses.att.com (Steven Bellovin) for the reference
- * (and actual cblock values).
- */
-#define NUM_WEAK_KEY	16
-static des_cblock weak_keys[NUM_WEAK_KEY]={
-	/* weak keys */
-	{0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},
-	{0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE},
-	{0x1F,0x1F,0x1F,0x1F,0x1F,0x1F,0x1F,0x1F},
-	{0xE0,0xE0,0xE0,0xE0,0xE0,0xE0,0xE0,0xE0},
-	/* semi-weak keys */
-	{0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE},
-	{0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01},
-	{0x1F,0xE0,0x1F,0xE0,0x0E,0xF1,0x0E,0xF1},
-	{0xE0,0x1F,0xE0,0x1F,0xF1,0x0E,0xF1,0x0E},
-	{0x01,0xE0,0x01,0xE0,0x01,0xF1,0x01,0xF1},
-	{0xE0,0x01,0xE0,0x01,0xF1,0x01,0xF1,0x01},
-	{0x1F,0xFE,0x1F,0xFE,0x0E,0xFE,0x0E,0xFE},
-	{0xFE,0x1F,0xFE,0x1F,0xFE,0x0E,0xFE,0x0E},
-	{0x01,0x1F,0x01,0x1F,0x01,0x0E,0x01,0x0E},
-	{0x1F,0x01,0x1F,0x01,0x0E,0x01,0x0E,0x01},
-	{0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE},
-	{0xFE,0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1}};
-
-int des_is_weak_key(key)
-des_cblock (*key);
-	{
-	int i;
-
-	for (i=0; i<NUM_WEAK_KEY; i++)
-		/* Added == 0 to comparision, I obviously don't run
-		 * this section very often :-(, thanks to
-		 * engineering@MorningStar.Com for the fix
-		 * eay 93/06/29 */
-		if (memcmp(weak_keys[i],key,sizeof(key)) == 0) return(1);
-	return(0);
-	}
-
-/* NOW DEFINED IN des_local.h
- * See ecb_encrypt.c for a pseudo description of these macros. 
- * #define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
- * 	(b)^=(t),\
- * 	(a)=((a)^((t)<<(n))))
- */
-
-#define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\
-	(a)=(a)^(t)^(t>>(16-(n))))
-
-static int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0};
-
-/* return 0 if key parity is odd (correct),
- * return -1 if key parity error,
- * return -2 if illegal weak key.
- */
-int des_set_key(key, schedule)
-des_cblock (*key);
-des_key_schedule schedule;
-	{
-	register unsigned long c,d,t,s;
-	register unsigned char *in;
-	register unsigned long *k;
-	register int i;
-
-	if (des_check_key)
-		{
-		if (!check_parity(key))
-			return(-1);
-
-		if (des_is_weak_key(key))
-			return(-2);
-		}
-
-	k=(unsigned long *)schedule;
-	in=(unsigned char *)key;
-
-	c2l(in,c);
-	c2l(in,d);
-
-	/* do PC1 in 60 simple operations */ 
-/*	PERM_OP(d,c,t,4,0x0f0f0f0fL);
-	HPERM_OP(c,t,-2, 0xcccc0000L);
-	HPERM_OP(c,t,-1, 0xaaaa0000L);
-	HPERM_OP(c,t, 8, 0x00ff0000L);
-	HPERM_OP(c,t,-1, 0xaaaa0000L);
-	HPERM_OP(d,t,-8, 0xff000000L);
-	HPERM_OP(d,t, 8, 0x00ff0000L);
-	HPERM_OP(d,t, 2, 0x33330000L);
-	d=((d&0x00aa00aaL)<<7L)|((d&0x55005500L)>>7L)|(d&0xaa55aa55L);
-	d=(d>>8)|((c&0xf0000000L)>>4);
-	c&=0x0fffffffL; */
-
-	/* I now do it in 47 simple operations :-)
-	 * Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov)
-	 * for the inspiration. :-) */
-	PERM_OP (d,c,t,4,0x0f0f0f0fL);
-	HPERM_OP(c,t,-2,0xcccc0000L);
-	HPERM_OP(d,t,-2,0xcccc0000L);
-	PERM_OP (d,c,t,1,0x55555555L);
-	PERM_OP (c,d,t,8,0x00ff00ffL);
-	PERM_OP (d,c,t,1,0x55555555L);
-	d=	(((d&0x000000ffL)<<16L)| (d&0x0000ff00L)     |
-		 ((d&0x00ff0000L)>>16L)|((c&0xf0000000L)>>4L));
-	c&=0x0fffffffL;
-
-	for (i=0; i<ITERATIONS; i++)
-		{
-		if (shifts2[i])
-			{ c=((c>>2L)|(c<<26L)); d=((d>>2L)|(d<<26L)); }
-		else
-			{ c=((c>>1L)|(c<<27L)); d=((d>>1L)|(d<<27L)); }
-		c&=0x0fffffffL;
-		d&=0x0fffffffL;
-		/* could be a few less shifts but I am to lazy at this
-		 * point in time to investigate */
-		s=	des_skb[0][ (c    )&0x3f                ]|
-			des_skb[1][((c>> 6)&0x03)|((c>> 7L)&0x3c)]|
-			des_skb[2][((c>>13)&0x0f)|((c>>14L)&0x30)]|
-			des_skb[3][((c>>20)&0x01)|((c>>21L)&0x06) |
-						  ((c>>22L)&0x38)];
-		t=	des_skb[4][ (d    )&0x3f                ]|
-			des_skb[5][((d>> 7L)&0x03)|((d>> 8L)&0x3c)]|
-			des_skb[6][ (d>>15L)&0x3f                ]|
-			des_skb[7][((d>>21L)&0x0f)|((d>>22L)&0x30)];
-
-		/* table contained 0213 4657 */
-		*(k++)=((t<<16L)|(s&0x0000ffffL))&0xffffffffL;
-		s=     ((s>>16L)|(t&0xffff0000L));
-		
-		s=(s<<4L)|(s>>28L);
-		*(k++)=s&0xffffffffL;
-		}
-	return(0);
-	}
-
-int des_key_sched(key, schedule)
-des_cblock (*key);
-des_key_schedule schedule;
-	{
-	return(des_set_key(key,schedule));
-	}
diff --git a/secure/lib/libdes/shifts.pl b/secure/lib/libdes/shifts.pl
deleted file mode 100755
index 3c4039eb9c1f..000000000000
--- a/secure/lib/libdes/shifts.pl
+++ /dev/null
@@ -1,160 +0,0 @@
-sub lab_shift
-	{
-	local(*a,$n)=@_;
-	local(@r,$i,$j,$k,$d,@z);
-
-	@r=&shift(*a,$n);
-	foreach $i (0 .. 31)
-		{
-		@z=split(/\^/,$r[$i]);
-		for ($j=0; $j <= $#z; $j++)
-			{
-			($d)=($z[$j] =~ /^(..)/);
-			($k)=($z[$j] =~ /\[(.*)\]$/);
-			$k.=",$n" if ($k ne "");
-			$k="$n"	  if ($k eq "");
-			$d="$d[$k]";
-			$z[$j]=$d;
-			}
-		$r[$i]=join('^',@z);
-		}
-	return(@r);
-	}
-
-sub shift
-	{
-	local(*a,$n)=@_;
-	local(@f);
-
-	if ($n > 0)
-		{
-		@f=&shiftl(*a,$n);
-		}
-	else
-		{
-		@f=&shiftr(*a,-$n);
-		}
-	return(@f);
-	}
-
-sub shiftr
-	{
-	local(*a,$n)=@_;
-	local(@r,$i);
-
-	$#r=31;
-	foreach $i (0 .. 31)
-		{
-		if (($i+$n) > 31)
-			{
-			$r[$i]="--";
-			}
-		else
-			{
-			$r[$i]=$a[$i+$n];
-			}
-		}
-	return(@r);
-	}
-
-sub shiftl
-	{
-	local(*a,$n)=@_;
-	local(@r,$i);
-
-	$#r=31;
-	foreach $i (0 .. 31)
-		{
-		if ($i < $n)
-			{
-			$r[$i]="--";
-			}
-		else
-			{
-			$r[$i]=$a[$i-$n];
-			}
-		}
-	return(@r);
-	}
-
-sub printit
-	{
-	local(@a)=@_;
-	local($i);
-
-	foreach $i (0 .. 31)
-		{
-		printf "%2s  ",$a[$i];
-		print "\n" if (($i%8) == 7);
-		}
-	print "\n";
-	}
-
-sub xor
-	{
-	local(*a,*b)=@_;
-	local(@r,$i);
-
-	$#r=31;
-	foreach $i (0 .. 31)
-		{
-		$r[$i]=&compress($a[$i].'^'.$b[$i]);
-#		$r[$i]=$a[$i]."^".$b[$i];
-		}
-	return(@r);
-	}
-
-sub and
-	{
-	local(*a,$m)=@_;
-	local(@r,$i);
-
-	$#r=31;
-	foreach $i (0 .. 31)
-		{
-		$r[$i]=(($m & (1<<$i))?($a[$i]):('--'));
-		}
-	return(@r);
-	}
-
-sub or
-	{
-	local(*a,*b)=@_;
-	local(@r,$i);
-
-	$#r=31;
-	foreach $i (0 .. 31)
-		{
-		$r[$i]='--'   if (($a[$i] eq '--') && ($b[$i] eq '--'));
-		$r[$i]=$a[$i] if (($a[$i] ne '--') && ($b[$i] eq '--'));
-		$r[$i]=$b[$i] if (($a[$i] eq '--') && ($b[$i] ne '--'));
-		$r[$i]='++'   if (($a[$i] ne '--') && ($b[$i] ne '--'));
-		}
-	return(@r);
-	}
-
-sub compress
-	{
-	local($s)=@_;
-	local($_,$i,@a,%a,$r);
-
-	$s =~ s/\^\^/\^/g;
-	$s =~ s/^\^//;
-	$s =~ s/\^$//;
-	@a=split(/\^/,$s);
-
-	while ($#a >= 0)
-		{
-		$_=shift(@a);
-		next unless /\d/;
-		$a{$_}++;
-		}
-	foreach $i (sort keys %a)
-		{
-		next if ($a{$i}%2 == 0);
-		$r.="$i^";
-		}
-	chop($r);
-	return($r);
-	}
-1;
diff --git a/secure/lib/libdes/sk.h b/secure/lib/libdes/sk.h
deleted file mode 100644
index e5997d93af6f..000000000000
--- a/secure/lib/libdes/sk.h
+++ /dev/null
@@ -1,193 +0,0 @@
-/* lib/des/sk.h */
-/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
- * All rights reserved.
- * 
- * This file is part of an SSL implementation written
- * by Eric Young (eay@mincom.oz.au).
- * The implementation was written so as to conform with Netscapes SSL
- * specification.  This library and applications are
- * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
- * as long as the following conditions are aheared to.
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.  If this code is used in a product,
- * Eric Young should be given attribution as the author of the parts used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    This product includes software developed by Eric Young (eay@mincom.oz.au)
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-static const unsigned long des_skb[8][64]={
-{
-/* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
-0x00000000L,0x00000010L,0x20000000L,0x20000010L,
-0x00010000L,0x00010010L,0x20010000L,0x20010010L,
-0x00000800L,0x00000810L,0x20000800L,0x20000810L,
-0x00010800L,0x00010810L,0x20010800L,0x20010810L,
-0x00000020L,0x00000030L,0x20000020L,0x20000030L,
-0x00010020L,0x00010030L,0x20010020L,0x20010030L,
-0x00000820L,0x00000830L,0x20000820L,0x20000830L,
-0x00010820L,0x00010830L,0x20010820L,0x20010830L,
-0x00080000L,0x00080010L,0x20080000L,0x20080010L,
-0x00090000L,0x00090010L,0x20090000L,0x20090010L,
-0x00080800L,0x00080810L,0x20080800L,0x20080810L,
-0x00090800L,0x00090810L,0x20090800L,0x20090810L,
-0x00080020L,0x00080030L,0x20080020L,0x20080030L,
-0x00090020L,0x00090030L,0x20090020L,0x20090030L,
-0x00080820L,0x00080830L,0x20080820L,0x20080830L,
-0x00090820L,0x00090830L,0x20090820L,0x20090830L,
-},{
-/* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */
-0x00000000L,0x02000000L,0x00002000L,0x02002000L,
-0x00200000L,0x02200000L,0x00202000L,0x02202000L,
-0x00000004L,0x02000004L,0x00002004L,0x02002004L,
-0x00200004L,0x02200004L,0x00202004L,0x02202004L,
-0x00000400L,0x02000400L,0x00002400L,0x02002400L,
-0x00200400L,0x02200400L,0x00202400L,0x02202400L,
-0x00000404L,0x02000404L,0x00002404L,0x02002404L,
-0x00200404L,0x02200404L,0x00202404L,0x02202404L,
-0x10000000L,0x12000000L,0x10002000L,0x12002000L,
-0x10200000L,0x12200000L,0x10202000L,0x12202000L,
-0x10000004L,0x12000004L,0x10002004L,0x12002004L,
-0x10200004L,0x12200004L,0x10202004L,0x12202004L,
-0x10000400L,0x12000400L,0x10002400L,0x12002400L,
-0x10200400L,0x12200400L,0x10202400L,0x12202400L,
-0x10000404L,0x12000404L,0x10002404L,0x12002404L,
-0x10200404L,0x12200404L,0x10202404L,0x12202404L,
-},{
-/* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */
-0x00000000L,0x00000001L,0x00040000L,0x00040001L,
-0x01000000L,0x01000001L,0x01040000L,0x01040001L,
-0x00000002L,0x00000003L,0x00040002L,0x00040003L,
-0x01000002L,0x01000003L,0x01040002L,0x01040003L,
-0x00000200L,0x00000201L,0x00040200L,0x00040201L,
-0x01000200L,0x01000201L,0x01040200L,0x01040201L,
-0x00000202L,0x00000203L,0x00040202L,0x00040203L,
-0x01000202L,0x01000203L,0x01040202L,0x01040203L,
-0x08000000L,0x08000001L,0x08040000L,0x08040001L,
-0x09000000L,0x09000001L,0x09040000L,0x09040001L,
-0x08000002L,0x08000003L,0x08040002L,0x08040003L,
-0x09000002L,0x09000003L,0x09040002L,0x09040003L,
-0x08000200L,0x08000201L,0x08040200L,0x08040201L,
-0x09000200L,0x09000201L,0x09040200L,0x09040201L,
-0x08000202L,0x08000203L,0x08040202L,0x08040203L,
-0x09000202L,0x09000203L,0x09040202L,0x09040203L,
-},{
-/* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */
-0x00000000L,0x00100000L,0x00000100L,0x00100100L,
-0x00000008L,0x00100008L,0x00000108L,0x00100108L,
-0x00001000L,0x00101000L,0x00001100L,0x00101100L,
-0x00001008L,0x00101008L,0x00001108L,0x00101108L,
-0x04000000L,0x04100000L,0x04000100L,0x04100100L,
-0x04000008L,0x04100008L,0x04000108L,0x04100108L,
-0x04001000L,0x04101000L,0x04001100L,0x04101100L,
-0x04001008L,0x04101008L,0x04001108L,0x04101108L,
-0x00020000L,0x00120000L,0x00020100L,0x00120100L,
-0x00020008L,0x00120008L,0x00020108L,0x00120108L,
-0x00021000L,0x00121000L,0x00021100L,0x00121100L,
-0x00021008L,0x00121008L,0x00021108L,0x00121108L,
-0x04020000L,0x04120000L,0x04020100L,0x04120100L,
-0x04020008L,0x04120008L,0x04020108L,0x04120108L,
-0x04021000L,0x04121000L,0x04021100L,0x04121100L,
-0x04021008L,0x04121008L,0x04021108L,0x04121108L,
-},{
-/* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
-0x00000000L,0x10000000L,0x00010000L,0x10010000L,
-0x00000004L,0x10000004L,0x00010004L,0x10010004L,
-0x20000000L,0x30000000L,0x20010000L,0x30010000L,
-0x20000004L,0x30000004L,0x20010004L,0x30010004L,
-0x00100000L,0x10100000L,0x00110000L,0x10110000L,
-0x00100004L,0x10100004L,0x00110004L,0x10110004L,
-0x20100000L,0x30100000L,0x20110000L,0x30110000L,
-0x20100004L,0x30100004L,0x20110004L,0x30110004L,
-0x00001000L,0x10001000L,0x00011000L,0x10011000L,
-0x00001004L,0x10001004L,0x00011004L,0x10011004L,
-0x20001000L,0x30001000L,0x20011000L,0x30011000L,
-0x20001004L,0x30001004L,0x20011004L,0x30011004L,
-0x00101000L,0x10101000L,0x00111000L,0x10111000L,
-0x00101004L,0x10101004L,0x00111004L,0x10111004L,
-0x20101000L,0x30101000L,0x20111000L,0x30111000L,
-0x20101004L,0x30101004L,0x20111004L,0x30111004L,
-},{
-/* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */
-0x00000000L,0x08000000L,0x00000008L,0x08000008L,
-0x00000400L,0x08000400L,0x00000408L,0x08000408L,
-0x00020000L,0x08020000L,0x00020008L,0x08020008L,
-0x00020400L,0x08020400L,0x00020408L,0x08020408L,
-0x00000001L,0x08000001L,0x00000009L,0x08000009L,
-0x00000401L,0x08000401L,0x00000409L,0x08000409L,
-0x00020001L,0x08020001L,0x00020009L,0x08020009L,
-0x00020401L,0x08020401L,0x00020409L,0x08020409L,
-0x02000000L,0x0A000000L,0x02000008L,0x0A000008L,
-0x02000400L,0x0A000400L,0x02000408L,0x0A000408L,
-0x02020000L,0x0A020000L,0x02020008L,0x0A020008L,
-0x02020400L,0x0A020400L,0x02020408L,0x0A020408L,
-0x02000001L,0x0A000001L,0x02000009L,0x0A000009L,
-0x02000401L,0x0A000401L,0x02000409L,0x0A000409L,
-0x02020001L,0x0A020001L,0x02020009L,0x0A020009L,
-0x02020401L,0x0A020401L,0x02020409L,0x0A020409L,
-},{
-/* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */
-0x00000000L,0x00000100L,0x00080000L,0x00080100L,
-0x01000000L,0x01000100L,0x01080000L,0x01080100L,
-0x00000010L,0x00000110L,0x00080010L,0x00080110L,
-0x01000010L,0x01000110L,0x01080010L,0x01080110L,
-0x00200000L,0x00200100L,0x00280000L,0x00280100L,
-0x01200000L,0x01200100L,0x01280000L,0x01280100L,
-0x00200010L,0x00200110L,0x00280010L,0x00280110L,
-0x01200010L,0x01200110L,0x01280010L,0x01280110L,
-0x00000200L,0x00000300L,0x00080200L,0x00080300L,
-0x01000200L,0x01000300L,0x01080200L,0x01080300L,
-0x00000210L,0x00000310L,0x00080210L,0x00080310L,
-0x01000210L,0x01000310L,0x01080210L,0x01080310L,
-0x00200200L,0x00200300L,0x00280200L,0x00280300L,
-0x01200200L,0x01200300L,0x01280200L,0x01280300L,
-0x00200210L,0x00200310L,0x00280210L,0x00280310L,
-0x01200210L,0x01200310L,0x01280210L,0x01280310L,
-},{
-/* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */
-0x00000000L,0x04000000L,0x00040000L,0x04040000L,
-0x00000002L,0x04000002L,0x00040002L,0x04040002L,
-0x00002000L,0x04002000L,0x00042000L,0x04042000L,
-0x00002002L,0x04002002L,0x00042002L,0x04042002L,
-0x00000020L,0x04000020L,0x00040020L,0x04040020L,
-0x00000022L,0x04000022L,0x00040022L,0x04040022L,
-0x00002020L,0x04002020L,0x00042020L,0x04042020L,
-0x00002022L,0x04002022L,0x00042022L,0x04042022L,
-0x00000800L,0x04000800L,0x00040800L,0x04040800L,
-0x00000802L,0x04000802L,0x00040802L,0x04040802L,
-0x00002800L,0x04002800L,0x00042800L,0x04042800L,
-0x00002802L,0x04002802L,0x00042802L,0x04042802L,
-0x00000820L,0x04000820L,0x00040820L,0x04040820L,
-0x00000822L,0x04000822L,0x00040822L,0x04040822L,
-0x00002820L,0x04002820L,0x00042820L,0x04042820L,
-0x00002822L,0x04002822L,0x00042822L,0x04042822L,
-}};
diff --git a/secure/lib/libdes/speed.c b/secure/lib/libdes/speed.c
deleted file mode 100644
index ee517b18650d..000000000000
--- a/secure/lib/libdes/speed.c
+++ /dev/null
@@ -1,310 +0,0 @@
-/* lib/des/speed.c */
-/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
- * All rights reserved.
- * 
- * This file is part of an SSL implementation written
- * by Eric Young (eay@mincom.oz.au).
- * The implementation was written so as to conform with Netscapes SSL
- * specification.  This library and applications are
- * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
- * as long as the following conditions are aheared to.
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.  If this code is used in a product,
- * Eric Young should be given attribution as the author of the parts used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    This product includes software developed by Eric Young (eay@mincom.oz.au)
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
-/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
-
-#ifndef MSDOS
-#define TIMES
-#endif
-
-#include <stdio.h>
-#ifndef MSDOS
-#include <unistd.h>
-#else
-#include <io.h>
-#endif
-#include <signal.h>
-#ifndef VMS
-#ifndef _IRIX
-#include <time.h>
-#endif
-#ifdef TIMES
-#include <sys/types.h>
-#include <sys/times.h>
-#endif
-#else /* VMS */
-#include <types.h>
-struct tms {
-	time_t tms_utime;
-	time_t tms_stime;
-	time_t tms_uchild;	/* I dunno...  */
-	time_t tms_uchildsys;	/* so these names are a guess :-) */
-	}
-#endif
-#ifndef TIMES
-#include <sys/timeb.h>
-#endif
-
-#ifdef sun
-#include <limits.h>
-#include <sys/param.h>
-#endif
-
-#include "des.h"
-
-/* The following if from times(3) man page.  It may need to be changed */
-#ifndef HZ
-#ifndef CLK_TCK
-#ifndef VMS
-#define HZ	100.0
-#else /* VMS */
-#define HZ	100.0
-#endif
-#else /* CLK_TCK */
-#define HZ ((double)CLK_TCK)
-#endif
-#endif
-
-#define BUFSIZE	((long)1024*8)
-long run=0;
-
-#ifndef NOPROTO
-double Time_F(int s);
-#else
-double Time_F();
-#endif
-
-#ifdef SIGALRM
-#if defined(__STDC__) || defined(sgi)
-#define SIGRETTYPE void
-#else
-#define SIGRETTYPE int
-#endif
-
-#ifndef NOPROTO
-SIGRETTYPE sig_done(int sig);
-#else
-SIGRETTYPE sig_done();
-#endif
-
-SIGRETTYPE sig_done(sig)
-int sig;
-	{
-	signal(SIGALRM,sig_done);
-	run=0;
-#ifdef LINT
-	sig=sig;
-#endif
-	}
-#endif
-
-#define START	0
-#define STOP	1
-
-double Time_F(s)
-int s;
-	{
-	double ret;
-#ifdef TIMES
-	static struct tms tstart,tend;
-
-	if (s == START)
-		{
-		times(&tstart);
-		return(0);
-		}
-	else
-		{
-		times(&tend);
-		ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
-		return((ret == 0.0)?1e-6:ret);
-		}
-#else /* !times() */
-	static struct timeb tstart,tend;
-	long i;
-
-	if (s == START)
-		{
-		ftime(&tstart);
-		return(0);
-		}
-	else
-		{
-		ftime(&tend);
-		i=(long)tend.millitm-(long)tstart.millitm;
-		ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
-		return((ret == 0.0)?1e-6:ret);
-		}
-#endif
-	}
-
-int main(argc,argv)
-int argc;
-char **argv;
-	{
-	long count;
-	static unsigned char buf[BUFSIZE];
-	static des_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
-	static des_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
-	static des_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
-	des_key_schedule sch,sch2,sch3;
-	double a,b,c,d,e;
-#ifndef SIGALARM
-	long ca,cb,cc,cd,ce;
-#endif
-
-#ifndef TIMES
-	printf("To get the most acurate results, try to run this\n");
-	printf("program when this computer is idle.\n");
-#endif
-
-	des_set_key((C_Block *)key2,sch2);
-	des_set_key((C_Block *)key3,sch3);
-
-#ifndef SIGALRM
-	printf("First we calculate the aproximate speed ...\n");
-	des_set_key((C_Block *)key,sch);
-	count=10;
-	do	{
-		long i;
-
-		count*=2;
-		Time_F(START);
-		for (i=count; i; i--)
-			des_ecb_encrypt((C_Block *)buf,(C_Block *)buf,
-				&(sch[0]),DES_ENCRYPT);
-		d=Time_F(STOP);
-		} while (d < 3.0);
-	ca=count;
-	cb=count*3;
-	cc=count*3*8/BUFSIZE+1;
-	cd=count*8/BUFSIZE+1;
-	ce=count/20+1;
-	printf("Doing set_key %ld times\n",ca);
-#define COND(d)	(count != (d))
-#define COUNT(d) (d)
-#else
-#define COND(c)	(run)
-#define COUNT(d) (count)
-	signal(SIGALRM,sig_done);
-	printf("Doing set_key for 10 seconds\n");
-	alarm(10);
-#endif
-
-	Time_F(START);
-	for (count=0,run=1; COND(ca); count++)
-		des_set_key((C_Block *)key,sch);
-	d=Time_F(STOP);
-	printf("%ld set_key's in %.2f seconds\n",count,d);
-	a=((double)COUNT(ca))/d;
-
-#ifdef SIGALRM
-	printf("Doing des_ecb_encrypt's for 10 seconds\n");
-	alarm(10);
-#else
-	printf("Doing des_ecb_encrypt %ld times\n",cb);
-#endif
-	Time_F(START);
-	for (count=0,run=1; COND(cb); count++)
-		des_ecb_encrypt((C_Block *)buf,(C_Block *)buf,
-			&(sch[0]),DES_ENCRYPT);
-	d=Time_F(STOP);
-	printf("%ld des_ecb_encrypt's in %.2f second\n",count,d);
-	b=((double)COUNT(cb)*8)/d;
-
-#ifdef SIGALRM
-	printf("Doing des_cbc_encrypt on %ld byte blocks for 10 seconds\n",
-		BUFSIZE);
-	alarm(10);
-#else
-	printf("Doing des_cbc_encrypt %ld times on %ld byte blocks\n",cc,
-		BUFSIZE);
-#endif
-	Time_F(START);
-	for (count=0,run=1; COND(cc); count++)
-		des_cbc_encrypt((C_Block *)buf,(C_Block *)buf,BUFSIZE,&(sch[0]),
-			(C_Block *)&(key[0]),DES_ENCRYPT);
-	d=Time_F(STOP);
-	printf("%ld des_cbc_encrypt's of %ld byte blocks in %.2f second\n",
-		count,BUFSIZE,d);
-	c=((double)COUNT(cc)*BUFSIZE)/d;
-
-#ifdef SIGALRM
-	printf("Doing des_ede_cbc_encrypt on %ld byte blocks for 10 seconds\n",
-		BUFSIZE);
-	alarm(10);
-#else
-	printf("Doing des_ede_cbc_encrypt %ld times on %ld byte blocks\n",cd,
-		BUFSIZE);
-#endif
-	Time_F(START);
-	for (count=0,run=1; COND(cd); count++)
-		des_ede3_cbc_encrypt((C_Block *)buf,(C_Block *)buf,BUFSIZE,
-			&(sch[0]),
-			&(sch2[0]),
-			&(sch3[0]),
-			(C_Block *)&(key[0]),
-			DES_ENCRYPT);
-	d=Time_F(STOP);
-	printf("%ld des_ede_cbc_encrypt's of %ld byte blocks in %.2f second\n",
-		count,BUFSIZE,d);
-	d=((double)COUNT(cd)*BUFSIZE)/d;
-
-#ifdef SIGALRM
-	printf("Doing crypt for 10 seconds\n");
-	alarm(10);
-#else
-	printf("Doing crypt %ld times\n",ce);
-#endif
-	Time_F(START);
-	for (count=0,run=1; COND(ce); count++)
-		crypt("testing1","ef");
-	e=Time_F(STOP);
-	printf("%ld crypts in %.2f second\n",count,e);
-	e=((double)COUNT(ce))/e;
-
-	printf("set_key            per sec = %12.2f (%5.1fuS)\n",a,1.0e6/a);
-	printf("DES ecb bytes      per sec = %12.2f (%5.1fuS)\n",b,8.0e6/b);
-	printf("DES cbc bytes      per sec = %12.2f (%5.1fuS)\n",c,8.0e6/c);
-	printf("DES ede cbc bytes  per sec = %12.2f (%5.1fuS)\n",d,8.0e6/d);
-	printf("crypt              per sec = %12.2f (%5.1fuS)\n",e,1.0e6/e);
-	exit(0);
-#ifdef LINT
-	return(0);
-#endif
-	}
diff --git a/secure/lib/libdes/spr.h b/secure/lib/libdes/spr.h
deleted file mode 100644
index d9b81ce919d2..000000000000
--- a/secure/lib/libdes/spr.h
+++ /dev/null
@@ -1,193 +0,0 @@
-/* lib/des/spr.h */
-/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
- * All rights reserved.
- * 
- * This file is part of an SSL implementation written
- * by Eric Young (eay@mincom.oz.au).
- * The implementation was written so as to conform with Netscapes SSL
- * specification.  This library and applications are
- * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
- * as long as the following conditions are aheared to.
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.  If this code is used in a product,
- * Eric Young should be given attribution as the author of the parts used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    This product includes software developed by Eric Young (eay@mincom.oz.au)
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-static const unsigned long des_SPtrans[8][64]={
-{
-/* nibble 0 */
-0x00820200L, 0x00020000L, 0x80800000L, 0x80820200L,
-0x00800000L, 0x80020200L, 0x80020000L, 0x80800000L,
-0x80020200L, 0x00820200L, 0x00820000L, 0x80000200L,
-0x80800200L, 0x00800000L, 0x00000000L, 0x80020000L,
-0x00020000L, 0x80000000L, 0x00800200L, 0x00020200L,
-0x80820200L, 0x00820000L, 0x80000200L, 0x00800200L,
-0x80000000L, 0x00000200L, 0x00020200L, 0x80820000L,
-0x00000200L, 0x80800200L, 0x80820000L, 0x00000000L,
-0x00000000L, 0x80820200L, 0x00800200L, 0x80020000L,
-0x00820200L, 0x00020000L, 0x80000200L, 0x00800200L,
-0x80820000L, 0x00000200L, 0x00020200L, 0x80800000L,
-0x80020200L, 0x80000000L, 0x80800000L, 0x00820000L,
-0x80820200L, 0x00020200L, 0x00820000L, 0x80800200L,
-0x00800000L, 0x80000200L, 0x80020000L, 0x00000000L,
-0x00020000L, 0x00800000L, 0x80800200L, 0x00820200L,
-0x80000000L, 0x80820000L, 0x00000200L, 0x80020200L,
-},{
-/* nibble 1 */
-0x10042004L, 0x00000000L, 0x00042000L, 0x10040000L,
-0x10000004L, 0x00002004L, 0x10002000L, 0x00042000L,
-0x00002000L, 0x10040004L, 0x00000004L, 0x10002000L,
-0x00040004L, 0x10042000L, 0x10040000L, 0x00000004L,
-0x00040000L, 0x10002004L, 0x10040004L, 0x00002000L,
-0x00042004L, 0x10000000L, 0x00000000L, 0x00040004L,
-0x10002004L, 0x00042004L, 0x10042000L, 0x10000004L,
-0x10000000L, 0x00040000L, 0x00002004L, 0x10042004L,
-0x00040004L, 0x10042000L, 0x10002000L, 0x00042004L,
-0x10042004L, 0x00040004L, 0x10000004L, 0x00000000L,
-0x10000000L, 0x00002004L, 0x00040000L, 0x10040004L,
-0x00002000L, 0x10000000L, 0x00042004L, 0x10002004L,
-0x10042000L, 0x00002000L, 0x00000000L, 0x10000004L,
-0x00000004L, 0x10042004L, 0x00042000L, 0x10040000L,
-0x10040004L, 0x00040000L, 0x00002004L, 0x10002000L,
-0x10002004L, 0x00000004L, 0x10040000L, 0x00042000L,
-},{
-/* nibble 2 */
-0x41000000L, 0x01010040L, 0x00000040L, 0x41000040L,
-0x40010000L, 0x01000000L, 0x41000040L, 0x00010040L,
-0x01000040L, 0x00010000L, 0x01010000L, 0x40000000L,
-0x41010040L, 0x40000040L, 0x40000000L, 0x41010000L,
-0x00000000L, 0x40010000L, 0x01010040L, 0x00000040L,
-0x40000040L, 0x41010040L, 0x00010000L, 0x41000000L,
-0x41010000L, 0x01000040L, 0x40010040L, 0x01010000L,
-0x00010040L, 0x00000000L, 0x01000000L, 0x40010040L,
-0x01010040L, 0x00000040L, 0x40000000L, 0x00010000L,
-0x40000040L, 0x40010000L, 0x01010000L, 0x41000040L,
-0x00000000L, 0x01010040L, 0x00010040L, 0x41010000L,
-0x40010000L, 0x01000000L, 0x41010040L, 0x40000000L,
-0x40010040L, 0x41000000L, 0x01000000L, 0x41010040L,
-0x00010000L, 0x01000040L, 0x41000040L, 0x00010040L,
-0x01000040L, 0x00000000L, 0x41010000L, 0x40000040L,
-0x41000000L, 0x40010040L, 0x00000040L, 0x01010000L,
-},{
-/* nibble 3 */
-0x00100402L, 0x04000400L, 0x00000002L, 0x04100402L,
-0x00000000L, 0x04100000L, 0x04000402L, 0x00100002L,
-0x04100400L, 0x04000002L, 0x04000000L, 0x00000402L,
-0x04000002L, 0x00100402L, 0x00100000L, 0x04000000L,
-0x04100002L, 0x00100400L, 0x00000400L, 0x00000002L,
-0x00100400L, 0x04000402L, 0x04100000L, 0x00000400L,
-0x00000402L, 0x00000000L, 0x00100002L, 0x04100400L,
-0x04000400L, 0x04100002L, 0x04100402L, 0x00100000L,
-0x04100002L, 0x00000402L, 0x00100000L, 0x04000002L,
-0x00100400L, 0x04000400L, 0x00000002L, 0x04100000L,
-0x04000402L, 0x00000000L, 0x00000400L, 0x00100002L,
-0x00000000L, 0x04100002L, 0x04100400L, 0x00000400L,
-0x04000000L, 0x04100402L, 0x00100402L, 0x00100000L,
-0x04100402L, 0x00000002L, 0x04000400L, 0x00100402L,
-0x00100002L, 0x00100400L, 0x04100000L, 0x04000402L,
-0x00000402L, 0x04000000L, 0x04000002L, 0x04100400L,
-},{
-/* nibble 4 */
-0x02000000L, 0x00004000L, 0x00000100L, 0x02004108L,
-0x02004008L, 0x02000100L, 0x00004108L, 0x02004000L,
-0x00004000L, 0x00000008L, 0x02000008L, 0x00004100L,
-0x02000108L, 0x02004008L, 0x02004100L, 0x00000000L,
-0x00004100L, 0x02000000L, 0x00004008L, 0x00000108L,
-0x02000100L, 0x00004108L, 0x00000000L, 0x02000008L,
-0x00000008L, 0x02000108L, 0x02004108L, 0x00004008L,
-0x02004000L, 0x00000100L, 0x00000108L, 0x02004100L,
-0x02004100L, 0x02000108L, 0x00004008L, 0x02004000L,
-0x00004000L, 0x00000008L, 0x02000008L, 0x02000100L,
-0x02000000L, 0x00004100L, 0x02004108L, 0x00000000L,
-0x00004108L, 0x02000000L, 0x00000100L, 0x00004008L,
-0x02000108L, 0x00000100L, 0x00000000L, 0x02004108L,
-0x02004008L, 0x02004100L, 0x00000108L, 0x00004000L,
-0x00004100L, 0x02004008L, 0x02000100L, 0x00000108L,
-0x00000008L, 0x00004108L, 0x02004000L, 0x02000008L,
-},{
-/* nibble 5 */
-0x20000010L, 0x00080010L, 0x00000000L, 0x20080800L,
-0x00080010L, 0x00000800L, 0x20000810L, 0x00080000L,
-0x00000810L, 0x20080810L, 0x00080800L, 0x20000000L,
-0x20000800L, 0x20000010L, 0x20080000L, 0x00080810L,
-0x00080000L, 0x20000810L, 0x20080010L, 0x00000000L,
-0x00000800L, 0x00000010L, 0x20080800L, 0x20080010L,
-0x20080810L, 0x20080000L, 0x20000000L, 0x00000810L,
-0x00000010L, 0x00080800L, 0x00080810L, 0x20000800L,
-0x00000810L, 0x20000000L, 0x20000800L, 0x00080810L,
-0x20080800L, 0x00080010L, 0x00000000L, 0x20000800L,
-0x20000000L, 0x00000800L, 0x20080010L, 0x00080000L,
-0x00080010L, 0x20080810L, 0x00080800L, 0x00000010L,
-0x20080810L, 0x00080800L, 0x00080000L, 0x20000810L,
-0x20000010L, 0x20080000L, 0x00080810L, 0x00000000L,
-0x00000800L, 0x20000010L, 0x20000810L, 0x20080800L,
-0x20080000L, 0x00000810L, 0x00000010L, 0x20080010L,
-},{
-/* nibble 6 */
-0x00001000L, 0x00000080L, 0x00400080L, 0x00400001L,
-0x00401081L, 0x00001001L, 0x00001080L, 0x00000000L,
-0x00400000L, 0x00400081L, 0x00000081L, 0x00401000L,
-0x00000001L, 0x00401080L, 0x00401000L, 0x00000081L,
-0x00400081L, 0x00001000L, 0x00001001L, 0x00401081L,
-0x00000000L, 0x00400080L, 0x00400001L, 0x00001080L,
-0x00401001L, 0x00001081L, 0x00401080L, 0x00000001L,
-0x00001081L, 0x00401001L, 0x00000080L, 0x00400000L,
-0x00001081L, 0x00401000L, 0x00401001L, 0x00000081L,
-0x00001000L, 0x00000080L, 0x00400000L, 0x00401001L,
-0x00400081L, 0x00001081L, 0x00001080L, 0x00000000L,
-0x00000080L, 0x00400001L, 0x00000001L, 0x00400080L,
-0x00000000L, 0x00400081L, 0x00400080L, 0x00001080L,
-0x00000081L, 0x00001000L, 0x00401081L, 0x00400000L,
-0x00401080L, 0x00000001L, 0x00001001L, 0x00401081L,
-0x00400001L, 0x00401080L, 0x00401000L, 0x00001001L,
-},{
-/* nibble 7 */
-0x08200020L, 0x08208000L, 0x00008020L, 0x00000000L,
-0x08008000L, 0x00200020L, 0x08200000L, 0x08208020L,
-0x00000020L, 0x08000000L, 0x00208000L, 0x00008020L,
-0x00208020L, 0x08008020L, 0x08000020L, 0x08200000L,
-0x00008000L, 0x00208020L, 0x00200020L, 0x08008000L,
-0x08208020L, 0x08000020L, 0x00000000L, 0x00208000L,
-0x08000000L, 0x00200000L, 0x08008020L, 0x08200020L,
-0x00200000L, 0x00008000L, 0x08208000L, 0x00000020L,
-0x00200000L, 0x00008000L, 0x08000020L, 0x08208020L,
-0x00008020L, 0x08000000L, 0x00000000L, 0x00208000L,
-0x08200020L, 0x08008020L, 0x08008000L, 0x00200020L,
-0x08208000L, 0x00000020L, 0x00200020L, 0x08008000L,
-0x08208020L, 0x00200000L, 0x08200000L, 0x08000020L,
-0x00208000L, 0x00008020L, 0x08008020L, 0x08200000L,
-0x00000020L, 0x08208000L, 0x00208020L, 0x00000000L,
-0x08000000L, 0x08200020L, 0x00008000L, 0x00208020L,
-}};
diff --git a/secure/lib/libdes/str2key.c b/secure/lib/libdes/str2key.c
deleted file mode 100644
index 278ba0f921b0..000000000000
--- a/secure/lib/libdes/str2key.c
+++ /dev/null
@@ -1,160 +0,0 @@
-/* lib/des/str2key.c */
-/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
- * All rights reserved.
- * 
- * This file is part of an SSL implementation written
- * by Eric Young (eay@mincom.oz.au).
- * The implementation was written so as to conform with Netscapes SSL
- * specification.  This library and applications are
- * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
- * as long as the following conditions are aheared to.
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.  If this code is used in a product,
- * Eric Young should be given attribution as the author of the parts used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    This product includes software developed by Eric Young (eay@mincom.oz.au)
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-
-extern int des_check_key;
-
-void des_string_to_key(str, key)
-char *str;
-des_cblock (*key);
-	{
-	des_key_schedule ks;
-	int i,length;
-	register unsigned char j;
-
-	memset(key,0,8);
-	length=strlen(str);
-#ifdef OLD_STR_TO_KEY
-	for (i=0; i<length; i++)
-		(*key)[i%8]^=(str[i]<<1);
-#else /* MIT COMPATIBLE */
-	for (i=0; i<length; i++)
-		{
-		j=str[i];
-		if ((i%16) < 8)
-			(*key)[i%8]^=(j<<1);
-		else
-			{
-			/* Reverse the bit order 05/05/92 eay */
-			j=((j<<4)&0xf0)|((j>>4)&0x0f);
-			j=((j<<2)&0xcc)|((j>>2)&0x33);
-			j=((j<<1)&0xaa)|((j>>1)&0x55);
-			(*key)[7-(i%8)]^=j;
-			}
-		}
-#endif
-	des_set_odd_parity((des_cblock *)key);
-	i=des_check_key;
-	des_check_key=0;
-	des_set_key((des_cblock *)key,ks);
-	des_check_key=i;
-	des_cbc_cksum((des_cblock *)str,(des_cblock *)key,(long)length,ks,
-		(des_cblock *)key);
-	memset(ks,0,sizeof(ks));
-	des_set_odd_parity((des_cblock *)key);
-	}
-
-void des_string_to_2keys(str, key1, key2)
-char *str;
-des_cblock (*key1);
-des_cblock (*key2);
-	{
-	des_key_schedule ks;
-	int i,length;
-	register unsigned char j;
-
-	memset(key1,0,8);
-	memset(key2,0,8);
-	length=strlen(str);
-#ifdef OLD_STR_TO_KEY
-	if (length <= 8)
-		{
-		for (i=0; i<length; i++)
-			{
-			(*key2)[i]=(*key1)[i]=(str[i]<<1);
-			}
-		}
-	else
-		{
-		for (i=0; i<length; i++)
-			{
-			if ((i/8)&1)
-				(*key2)[i%8]^=(str[i]<<1);
-			else
-				(*key1)[i%8]^=(str[i]<<1);
-			}
-		}
-#else /* MIT COMPATIBLE */
-	for (i=0; i<length; i++)
-		{
-		j=str[i];
-		if ((i%32) < 16)
-			{
-			if ((i%16) < 8)
-				(*key1)[i%8]^=(j<<1);
-			else
-				(*key2)[i%8]^=(j<<1);
-			}
-		else
-			{
-			j=((j<<4)&0xf0)|((j>>4)&0x0f);
-			j=((j<<2)&0xcc)|((j>>2)&0x33);
-			j=((j<<1)&0xaa)|((j>>1)&0x55);
-			if ((i%16) < 8)
-				(*key1)[7-(i%8)]^=j;
-			else
-				(*key2)[7-(i%8)]^=j;
-			}
-		}
-	if (length <= 8) memcpy(key2,key1,8);
-#endif
-	des_set_odd_parity((des_cblock *)key1);
-	des_set_odd_parity((des_cblock *)key2);
-	i=des_check_key;
-	des_check_key=0;
-	des_set_key((des_cblock *)key1,ks);
-	des_cbc_cksum((des_cblock *)str,(des_cblock *)key1,(long)length,ks,
-		(des_cblock *)key1);
-	des_set_key((des_cblock *)key2,ks);
-	des_cbc_cksum((des_cblock *)str,(des_cblock *)key2,(long)length,ks,
-		(des_cblock *)key2);
-	des_check_key=i;
-	memset(ks,0,sizeof(ks));
-	des_set_odd_parity(key1);
-	des_set_odd_parity(key2);
-	}
diff --git a/secure/lib/libdes/supp.c b/secure/lib/libdes/supp.c
deleted file mode 100644
index 8cd9289f0f06..000000000000
--- a/secure/lib/libdes/supp.c
+++ /dev/null
@@ -1,98 +0,0 @@
-/* lib/des/supp.c */
-/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
- * All rights reserved.
- * 
- * This file is part of an SSL implementation written
- * by Eric Young (eay@mincom.oz.au).
- * The implementation was written so as to conform with Netscapes SSL
- * specification.  This library and applications are
- * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
- * as long as the following conditions are aheared to.
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.  If this code is used in a product,
- * Eric Young should be given attribution as the author of the parts used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    This product includes software developed by Eric Young (eay@mincom.oz.au)
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/*
- * Copyright (c) 1995
- *	Mark Murray.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by Mark Murray
- * 4. Neither the name of the author nor the names of any co-contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY MARK MURRAY AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * $Id$
- */
-
-#include <stdio.h>
-#include "des_locl.h"
-
-void des_cblock_print_file(cb, fp)
-	des_cblock *cb;
-	FILE *fp;
-{
-	int i;
-	unsigned int *p = (unsigned int *)cb;
-
-	fprintf(fp, " 0x { ");
-	for (i = 0; i < 8; i++) {
-		fprintf(fp, "%x", p[i]);
-		if (i != 7) fprintf(fp, ", ");
-	}
-	fprintf(fp, " }");
-}
diff --git a/secure/lib/libdes/t/perl b/secure/lib/libdes/t/perl
deleted file mode 100644
index e69de29bb2d1..000000000000
--- a/secure/lib/libdes/t/perl
+++ /dev/null
diff --git a/secure/lib/libdes/t/test b/secure/lib/libdes/t/test
deleted file mode 100644
index 97acd0552e43..000000000000
--- a/secure/lib/libdes/t/test
+++ /dev/null
@@ -1,27 +0,0 @@
-#!./perl
-
-BEGIN { push(@INC, qw(../../../lib ../../lib ../lib lib)); }
-
-use DES;
-
-$key='00000000';
-$ks=DES::set_key($key);
-@a=split(//,$ks);
-foreach (@a) { printf "%02x-",ord($_); }
-print "\n";
-
-
-$key=DES::random_key();
-print "($_)\n";
-@a=split(//,$key);
-foreach (@a) { printf "%02x-",ord($_); }
-print "\n";
-$str="this is and again into the breach";
-($k1,$k2)=DES::string_to_2keys($str);
-@a=split(//,$k1);
-foreach (@a) { printf "%02x-",ord($_); }
-print "\n";
-@a=split(//,$k2);
-foreach (@a) { printf "%02x-",ord($_); }
-print "\n";
-
diff --git a/secure/lib/libdes/testdes.pl b/secure/lib/libdes/testdes.pl
deleted file mode 100755
index 01a165a963d1..000000000000
--- a/secure/lib/libdes/testdes.pl
+++ /dev/null
@@ -1,167 +0,0 @@
-#!/usr/local/bin/perl
-
-# des.pl tesing code
-
-require 'des.pl';
-
-$num_tests=34;
-@key_data=(
-	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-	0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,
-	0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
-	0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,
-	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10,
-	0x7C,0xA1,0x10,0x45,0x4A,0x1A,0x6E,0x57,
-	0x01,0x31,0xD9,0x61,0x9D,0xC1,0x37,0x6E,
-	0x07,0xA1,0x13,0x3E,0x4A,0x0B,0x26,0x86,
-	0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E,
-	0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6,
-	0x01,0x13,0xB9,0x70,0xFD,0x34,0xF2,0xCE,
-	0x01,0x70,0xF1,0x75,0x46,0x8F,0xB5,0xE6,
-	0x43,0x29,0x7F,0xAD,0x38,0xE3,0x73,0xFE,
-	0x07,0xA7,0x13,0x70,0x45,0xDA,0x2A,0x16,
-	0x04,0x68,0x91,0x04,0xC2,0xFD,0x3B,0x2F,
-	0x37,0xD0,0x6B,0xB5,0x16,0xCB,0x75,0x46,
-	0x1F,0x08,0x26,0x0D,0x1A,0xC2,0x46,0x5E,
-	0x58,0x40,0x23,0x64,0x1A,0xBA,0x61,0x76,
-	0x02,0x58,0x16,0x16,0x46,0x29,0xB0,0x07,
-	0x49,0x79,0x3E,0xBC,0x79,0xB3,0x25,0x8F,
-	0x4F,0xB0,0x5E,0x15,0x15,0xAB,0x73,0xA7,
-	0x49,0xE9,0x5D,0x6D,0x4C,0xA2,0x29,0xBF,
-	0x01,0x83,0x10,0xDC,0x40,0x9B,0x26,0xD6,
-	0x1C,0x58,0x7F,0x1C,0x13,0x92,0x4F,0xEF,
-	0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
-	0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E,
-	0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE,
-	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-	0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
-	0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10,
-	);
-
-@plain_data=(
-	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-	0x10,0x00,0x00,0x00,0x00,0x00,0x00,0x01,
-	0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,
-	0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,
-	0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
-	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
-	0x01,0xA1,0xD6,0xD0,0x39,0x77,0x67,0x42,
-	0x5C,0xD5,0x4C,0xA8,0x3D,0xEF,0x57,0xDA,
-	0x02,0x48,0xD4,0x38,0x06,0xF6,0x71,0x72,
-	0x51,0x45,0x4B,0x58,0x2D,0xDF,0x44,0x0A,
-	0x42,0xFD,0x44,0x30,0x59,0x57,0x7F,0xA2,
-	0x05,0x9B,0x5E,0x08,0x51,0xCF,0x14,0x3A,
-	0x07,0x56,0xD8,0xE0,0x77,0x47,0x61,0xD2,
-	0x76,0x25,0x14,0xB8,0x29,0xBF,0x48,0x6A,
-	0x3B,0xDD,0x11,0x90,0x49,0x37,0x28,0x02,
-	0x26,0x95,0x5F,0x68,0x35,0xAF,0x60,0x9A,
-	0x16,0x4D,0x5E,0x40,0x4F,0x27,0x52,0x32,
-	0x6B,0x05,0x6E,0x18,0x75,0x9F,0x5C,0xCA,
-	0x00,0x4B,0xD6,0xEF,0x09,0x17,0x60,0x62,
-	0x48,0x0D,0x39,0x00,0x6E,0xE7,0x62,0xF2,
-	0x43,0x75,0x40,0xC8,0x69,0x8F,0x3C,0xFA,
-	0x07,0x2D,0x43,0xA0,0x77,0x07,0x52,0x92,
-	0x02,0xFE,0x55,0x77,0x81,0x17,0xF1,0x2A,
-	0x1D,0x9D,0x5C,0x50,0x18,0xF7,0x28,0xC2,
-	0x30,0x55,0x32,0x28,0x6D,0x6F,0x29,0x5A,
-	0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
-	0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
-	0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
-	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF);
-
-@cipher_data=(
-	0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7,
-	0x73,0x59,0xB2,0x16,0x3E,0x4E,0xDC,0x58,
-	0x95,0x8E,0x6E,0x62,0x7A,0x05,0x55,0x7B,
-	0xF4,0x03,0x79,0xAB,0x9E,0x0E,0xC5,0x33,
-	0x17,0x66,0x8D,0xFC,0x72,0x92,0x53,0x2D,
-	0x8A,0x5A,0xE1,0xF8,0x1A,0xB8,0xF2,0xDD,
-	0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7,
-	0xED,0x39,0xD9,0x50,0xFA,0x74,0xBC,0xC4,
-	0x69,0x0F,0x5B,0x0D,0x9A,0x26,0x93,0x9B,
-	0x7A,0x38,0x9D,0x10,0x35,0x4B,0xD2,0x71,
-	0x86,0x8E,0xBB,0x51,0xCA,0xB4,0x59,0x9A,
-	0x71,0x78,0x87,0x6E,0x01,0xF1,0x9B,0x2A,
-	0xAF,0x37,0xFB,0x42,0x1F,0x8C,0x40,0x95,
-	0x86,0xA5,0x60,0xF1,0x0E,0xC6,0xD8,0x5B,
-	0x0C,0xD3,0xDA,0x02,0x00,0x21,0xDC,0x09,
-	0xEA,0x67,0x6B,0x2C,0xB7,0xDB,0x2B,0x7A,
-	0xDF,0xD6,0x4A,0x81,0x5C,0xAF,0x1A,0x0F,
-	0x5C,0x51,0x3C,0x9C,0x48,0x86,0xC0,0x88,
-	0x0A,0x2A,0xEE,0xAE,0x3F,0xF4,0xAB,0x77,
-	0xEF,0x1B,0xF0,0x3E,0x5D,0xFA,0x57,0x5A,
-	0x88,0xBF,0x0D,0xB6,0xD7,0x0D,0xEE,0x56,
-	0xA1,0xF9,0x91,0x55,0x41,0x02,0x0B,0x56,
-	0x6F,0xBF,0x1C,0xAF,0xCF,0xFD,0x05,0x56,
-	0x2F,0x22,0xE4,0x9B,0xAB,0x7C,0xA1,0xAC,
-	0x5A,0x6B,0x61,0x2C,0xC2,0x6C,0xCE,0x4A,
-	0x5F,0x4C,0x03,0x8E,0xD1,0x2B,0x2E,0x41,
-	0x63,0xFA,0xC0,0xD0,0x34,0xD9,0xF7,0x93,
-	0x61,0x7B,0x3A,0x0C,0xE8,0xF0,0x71,0x00,
-	0xDB,0x95,0x86,0x05,0xF8,0xC8,0xC6,0x06,
-	0xED,0xBF,0xD1,0xC6,0x6C,0x29,0xCC,0xC7,
-	0x35,0x55,0x50,0xB2,0x15,0x0E,0x24,0x51,
-	0xCA,0xAA,0xAF,0x4D,0xEA,0xF1,0xDB,0xAE,
-	0xD5,0xD4,0x4F,0xF7,0x20,0x68,0x3D,0x0D,
-	0x2A,0x2B,0xB0,0x08,0xDF,0x97,0xC2,0xF2);
-
-print "Doing ecb tests\n";
-for ($i=0; $i<$num_tests; $i++)
-	{
-	printf "Doing test $i\n";
-	$key =pack("C8",splice(@key_data   ,0,8));
-	$data=pack("C8",splice(@plain_data ,0,8));
-	$res =pack("C8",splice(@cipher_data,0,8));
-
-	@ks=  &des_set_key($key);
-	$out1= &des_ecb_encrypt(*ks,1,$data);
-	$out2= &des_ecb_encrypt(*ks,0,$out1);
-	$out3= &des_ecb_encrypt(*ks,0,$res);
-	&eprint("encryption failure",$res,$out1)
-		if ($out1 ne $res);
-	&eprint("encryption/decryption failure",$data,$out2)
-		if ($out2 ne $data);
-	&eprint("decryption failure",$data,$out3)
-		if ($data ne $out3);
-	}
-print "Done\n";
-
-print "doing speed test over 30 seconds\n";
-$SIG{'ALRM'}='done';
-sub done {$done=1;}
-$done=0;
-
-$count=0;
-$d=pack("C8",0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef);
-@ks=  &des_set_key($d);
-alarm(30);
-$start=(times)[0];
-while (!$done)
-	{
-	$count++;
-	$d=&des_ecb_encrypt(*ks,1,$d);
-	}
-$end=(times)[0];
-$t=$end-$start;
-printf "$count DESs in %.2f seconds is %.2f DESs/sec or %.2f bytes/sec\n",
-	1.0*$t,1.0*$count/$t,$count*8.0/$t;
-
-sub eprint
-	{
-	local($s,$c,$e)=@_;
-	local(@k);
-
-	@k=unpack("C8",$c);
-	printf "%02x%02x%02x%02x %02x%02x%02x%02x - ",unpack("C8",$c);
-	printf "%02x%02x%02x%02x %02x%02x%02x%02x :",unpack("C8",$e);
-	print " $s\n";
-	}
diff --git a/secure/lib/libdes/times b/secure/lib/libdes/times
deleted file mode 100644
index 86d10a035ba8..000000000000
--- a/secure/lib/libdes/times
+++ /dev/null
@@ -1,173 +0,0 @@
-SGI Challenge (MIPS R4400 200mhz) - gcc -O2
-set_key       per sec =    114141.13 (  8.8uS)
-DES ecb bytes per sec =   1573472.84 (  5.1uS)
-DES cbc bytes per sec =   1580418.20 (  5.1uS)
-crypt         per sec =      7137.84 (140.1uS)
-
-DEC Alpha DEC  4000/710 AXP OSF/1 v 3.0 - gcc -O2 2.6.1
-set_key       per sec =    123138.49 (  8.1uS)
-DES ecb bytes per sec =   1407546.76 (  5.7uS)
-DES cbc bytes per sec =   1404103.21 (  5.7uS)
-crypt         per sec =      7746.76 (129.1uS)
-
-DEC Alpha DEC  4000/710 AXP OSF/1 v 3.0 - cc -O4 'DEC Compiler Driver 3.11'
-set_key       per sec =    135160.83 (  7.4uS)
-DES ecb bytes per sec =   1267753.22 (  6.3uS)
-DES cbc bytes per sec =   1260564.90 (  6.3uS)
-crypt         per sec =      6479.37 (154.3uS)
-
-SGI Challenge (MIPS R4400 200mhz) - cc -O2
-set_key       per sec =    124000.10 (  8.1uS)
-DES ecb bytes per sec =   1338138.45 (  6.0uS)
-DES cbc bytes per sec =   1356515.84 (  5.9uS)
-crypt         per sec =      6223.92 (160.7uS)
-
-SGI Indy (MIPS R4600 133mhz) -cc -O2
-set_key       per sec =     88470.54 ( 11.3uS)
-DES ecb bytes per sec =   1023040.33 (  7.8uS)
-DES cbc bytes per sec =   1033610.01 (  7.7uS)
-crypt         per sec =      4641.51 (215.4uS)
-
-HP-UX 9000/887 cc +O3
-set_key       per sec =     76824.30 ( 13.0uS)
-DES ecb bytes per sec =   1048911.20 (  7.6uS)
-DES cbc bytes per sec =   1072332.80 (  7.5uS)
-crypt         per sec =      4968.64 (201.3uS)
-
-IRIX 5.2 IP22 (R4000) cc -O2 (galilo)
-set_key       per sec =     60615.73 ( 16.5uS)
-DES ecb bytes per sec =    584741.32 ( 13.7uS)
-DES cbc bytes per sec =    584306.94 ( 13.7uS)
-crypt         per sec =      3049.33 (327.9uS)
-
-HP-UX 9000/867 cc -O
-set_key       per sec =     48600.00 ( 20.6uS)
-DES ecb bytes per sec =    616235.14 ( 13.0uS)
-DES cbc bytes per sec =    638669.44 ( 12.5uS)
-crypt         per sec =      3016.68 (331.5uS)
-
-HP-UX 9000/867 gcc -O2
-set_key       per sec =     52120.50 ( 19.2uS)
-DES ecb bytes per sec =    715156.55 ( 11.2uS)
-DES cbc bytes per sec =    724424.28 ( 11.0uS)
-crypt         per sec =      3295.87 (303.4uS)
-
-DGUX AViiON mc88110 gcc -O2
-set_key       per sec =     55604.91 ( 18.0uS)
-DES ecb bytes per sec =    658513.25 ( 12.1uS)
-DES cbc bytes per sec =    675552.71 ( 11.8uS)
-crypt         per sec =      3438.10 (290.9uS)
-
-Sparc 10 cc -O2 (orb)
-set_key       per sec =     53002.30 ( 18.9uS)
-DES ecb bytes per sec =    705250.40 ( 11.3uS)
-DES cbc bytes per sec =    714342.40 ( 11.2uS)
-crypt         per sec =      2943.99 (339.7uS)
-
-Sparc 10 gcc -O2 (orb)
-set_key       per sec =     58681.21 ( 17.0uS)
-DES ecb bytes per sec =    772390.20 ( 10.4uS)
-DES cbc bytes per sec =    774144.00 ( 10.3uS)
-crypt         per sec =      3606.90 (277.2uS)
-
-DEC Alpha DEC  4000/610 AXP OSF/1 v 1.3 - gcc v 2.3.3
-set_key       per sec =    101840.19 (  9.8uS)
-DES ecb bytes per sec =   1223712.35 (  6.5uS)
-DES cbc bytes per sec =   1230542.98 (  6.5uS)
-crypt         per sec =      6428.75 (155.6uS)
-
-DEC Alpha DEC 4000/610 APX OSF/1 v 1.3 - cc -O2 - OSF/1 AXP
-set_key       per sec =    114198.91 (  8.8uS)
-DES ecb bytes per sec =   1022710.93 (  7.8uS)
-DES cbc bytes per sec =   1008821.93 (  7.9uS)
-crypt         per sec =      5454.13 (183.3uS)
-
-DEC Alpha - DEC 3000/500 AXP OSF/1 - cc -O2 - 02/12/92
-set_key       per sec =     83587.04 ( 12.0uS)
-DES ecb bytes per sec =    822620.82 (  9.7uS)
-DES cbc bytes per sec =    832929.60 (  9.6uS)
-crypt         per sec =      4807.62 (208.0uS)
-
-sun sparc 10/30 - gcc -O2
-set_key       per sec =     42005.24 ( 23.8uS)
-DES ecb bytes per sec =    555949.47 ( 14.4uS)
-DES cbc bytes per sec =    549440.28 ( 14.6uS)
-crypt         per sec =      2580.25 (387.6uS)
-
-PA-RISC 1.1 HP 710
-set_key       per sec =     38916.86
-DES ecb bytes per sec =    505971.82
-DES cbc bytes per sec =    515381.13
-crypt         per sec =      2438.24
-
-iris (spike) cc -O2
-set_key       per sec =     23128.83 ( 43.2uS)
-DES ecb bytes per sec =    261577.94 ( 30.6uS)
-DES cbc bytes per sec =    261746.41 ( 30.6uS)
-crypt         per sec =      1231.76 (811.8uS)
-
-sun sparc 10/30 - cc -O4
-set_key       per sec =     38379.86 ( 26.1uS)
-DES ecb bytes per sec =    460051.34 ( 17.4uS)
-DES cbc bytes per sec =    464970.54 ( 17.2uS)
-crypt         per sec =      2092.64 (477.9uS)
-
-sun sparc 2 - gcc2 -O2
-set_key       per sec =     21559.10
-DES ecb bytes per sec =    305566.92
-DES cbc bytes per sec =    303497.50
-crypt         per sec =      1410.48
-
-RS/6000 model 320
-set_key       per sec =     14371.93
-DES ecb bytes per sec =    222231.26
-DES cbc bytes per sec =    223926.79
-crypt         per sec =       981.20
-
-80486dx/66MHz Solaris 2.1 - gcc -O2 (gcc 2.6.3)
-set_key       per sec =     26814.15 ( 37.3uS)
-DES ecb bytes per sec =    345029.95 ( 23.2uS)
-DES cbc bytes per sec =    344064.00 ( 23.3uS)
-crypt         per sec =      1551.97 (644.3uS)
-
-80486dx/50MHz Solaris 2.1 - gcc -O2 (gcc 2.5.2)
-set_key       per sec =     18558.29 ( 53.9uS)
-DES ecb bytes per sec =    240873.90 ( 33.2uS)
-DES cbc bytes per sec =    239993.37 ( 33.3uS)
-crypt         per sec =      1073.67 (931.4uS)
-
-80486dx/50MHz Solaris 2.1 - cc -xO4 (cc: PC2.0.1 30 April 1993)
-set_key       per sec =     18302.79 ( 54.6uS)
-DES ecb bytes per sec =    242640.29 ( 33.0uS)
-DES cbc bytes per sec =    239568.89 ( 33.4uS)
-crypt         per sec =      1057.92 (945.2uS)
-
-68030 HP400
-set_key       per sec =      5251.28
-DES ecb bytes per sec =     56186.56
-DES cbc bytes per sec =     58681.53
-crypt         per sec =       276.15
-
-80486sx/33MHz MSDOS Turbo C v 2.0
-set_key       per sec =      1883.22 (531.0uS)
-DES ecb bytes per sec =     63393.31 (126.2uS)
-DES cbc bytes per sec =     63416.83 (126.1uS)
-crypt         per sec =       158.71 (6300.6uS)
-
-80486sx/33MHz MSDOS djgpp gcc 1.39 (32bit compiler)
-set_key       per sec =     12603.08 (79.3)
-DES ecb bytes per sec =    158875.15 (50.4)
-DES cbc bytes per sec =    159893.85 (50.0)
-crypt         per sec =       780.24 (1281.7)
-
-Version 1.99 26/08/92
-8MHz 68000 Atari-ST gcc 2.1 -O2 MiNT 0.94
-set_key       per sec =       325.68 (3070.5uS)
-DES ecb bytes per sec =      4173.67 (1916.8uS)
-DES cbc bytes per sec =      4249.89 (1882.4uS)
-crypt         per sec =        20.19 (49521.6uS)
-
-8088/4.77mh MSDOS Turbo C v 2.0
-set_key       per sec =        35.09
-DES ecb bytes per sec =       563.63
-crypt         per sec =         2.69
diff --git a/secure/lib/libdes/typemap b/secure/lib/libdes/typemap
deleted file mode 100644
index a524f53634e7..000000000000
--- a/secure/lib/libdes/typemap
+++ /dev/null
@@ -1,34 +0,0 @@
-#
-# DES SECTION
-#
-deschar *	T_DESCHARP
-des_cblock *	T_CBLOCK
-des_cblock	T_CBLOCK
-des_key_schedule	T_SCHEDULE
-des_key_schedule *	T_SCHEDULE
-
-INPUT
-T_CBLOCK
-	$var=(des_cblock *)SvPV($arg,len);
-	if (len < DES_KEY_SZ)
-		{
-		croak(\"$var needs to be at least %u bytes long\",DES_KEY_SZ);
-		}
-
-T_SCHEDULE
-	$var=(des_key_schedule *)SvPV($arg,len);
-	if (len < DES_SCHEDULE_SZ)
-		{
-		croak(\"$var needs to be at least %u bytes long\",
-			DES_SCHEDULE_SZ);
-		}
-
-OUTPUT
-T_CBLOCK
-	sv_setpvn($arg,(char *)$var,DES_KEY_SZ);
-
-T_SCHEDULE
-	sv_setpvn($arg,(char *)$var,DES_SCHEDULE_SZ);
-
-T_DESCHARP
-	sv_setpvn($arg,(char *)$var,len);
diff --git a/secure/lib/libdes/version.h b/secure/lib/libdes/version.h
deleted file mode 100644
index aee11903f308..000000000000
--- a/secure/lib/libdes/version.h
+++ /dev/null
@@ -1,48 +0,0 @@
-/* lib/des/version.h */
-/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
- * All rights reserved.
- * 
- * This file is part of an SSL implementation written
- * by Eric Young (eay@mincom.oz.au).
- * The implementation was written so as to conform with Netscapes SSL
- * specification.  This library and applications are
- * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
- * as long as the following conditions are aheared to.
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.  If this code is used in a product,
- * Eric Young should be given attribution as the author of the parts used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    This product includes software developed by Eric Young (eay@mincom.oz.au)
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-extern char *DES_version;
diff --git a/secure/lib/libdes/vms.com b/secure/lib/libdes/vms.com
deleted file mode 100644
index 885ea8e36b50..000000000000
--- a/secure/lib/libdes/vms.com
+++ /dev/null
@@ -1,90 +0,0 @@
-$! --- VMS.com ---
-$!
-$ GoSub defines
-$ GoSub linker_options
-$ If (P1 .nes. "")
-$ Then 
-$   GoSub 'P1'
-$ Else
-$   GoSub lib
-$   GoSub destest
-$   GoSub rpw
-$   GoSub speed
-$   GoSub des
-$ EndIF
-$!
-$ Exit
-$!
-$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-$!
-$DEFINES:
-$ OPT_FILE := "VAX_LINKER_OPTIONS.OPT"
-$!
-$ CC_OPTS := "/NODebug/OPTimize/NOWarn"
-$!
-$ LINK_OPTS := "/NODebug/NOTraceback/Contiguous"
-$!
-$ OBJS  = "cbc_cksm.obj,cbc_enc.obj,ecb_enc.obj,pcbc_enc.obj," + -
-          "qud_cksm.obj,rand_key.obj,read_pwd.obj,set_key.obj,"      + -
-          "str2key.obj,enc_read.obj,enc_writ.obj,fcrypt.obj,"           + -
-	  "cfb_enc.obj,3ecb_enc.obj,ofb_enc.obj"
-	   
-	   
-$!
-$ LIBDES = "cbc_cksm.c,cbc_enc.c,ecb_enc.c,enc_read.c,"           + -
-           "enc_writ.c,pcbc_enc.c,qud_cksm.c,rand_key.c,"         + -
-           "read_pwd.c,set_key.c,str2key.c,fcrypt.c,"                + -
-	   "cfb_enc.c,3ecb_enc.c,ofb_enc.c"
-$ Return
-$!
-$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-$!
-$LINKER_OPTIONS:
-$ If (f$search(OPT_FILE) .eqs. "")
-$ Then
-$   Create 'OPT_FILE'
-$DECK
-! Default system options file to link against the sharable C runtime library
-!
-Sys$Share:VAXcRTL.exe/Share
-$EOD
-$ EndIF
-$ Return
-$!
-$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-$!
-$LIB:
-$ CC 'CC_OPTS' 'LIBDES'
-$ If (f$search("LIBDES.OLB") .nes. "")
-$ Then Library /Object /Replace libdes 'OBJS'
-$ Else Library /Create /Object  libdes 'OBJS'
-$ EndIF
-$ Return
-$!
-$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-$!
-$DESTEST:
-$ CC 'CC_OPTS' destest
-$ Link 'link_opts' /Exec=destest destest.obj,libdes/LIBRARY,'opt_file'/Option
-$ Return
-$!
-$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-$!
-$RPW:
-$ CC 'CC_OPTS' rpw
-$ Link 'link_opts' /Exec=rpw  rpw.obj,libdes/LIBRARY,'opt_file'/Option
-$ Return
-$!
-$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-$!
-$SPEED:
-$ CC 'CC_OPTS' speed
-$ Link 'link_opts' /Exec=speed speed.obj,libdes/LIBRARY,'opt_file'/Option
-$ Return
-$!
-$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-$!
-$DES:
-$ CC 'CC_OPTS' des
-$ Link 'link_opts' /Exec=des des.obj,libdes/LIBRARY,'opt_file'/Option
-$ Return
diff --git a/secure/lib/libtelnet/Makefile b/secure/lib/libtelnet/Makefile
deleted file mode 100644
index 02a175f0d5d8..000000000000
--- a/secure/lib/libtelnet/Makefile
+++ /dev/null
@@ -1,25 +0,0 @@
-#	From: @(#)Makefile	8.2 (Berkeley) 12/15/93
-#	$Id$
-
-DISTRIBUTION=	krb
-
-LIB=	telnet
-SRCS=   encrypt.c genget.c getent.c misc.c
-
-CFLAGS+= -DHAS_CGETENT -DENCRYPTION
-
-.if exists(${DESTDIR}/usr/lib/libkrb.a) && defined(MAKE_EBONES)
-CFLAGS+= -DDES_ENCRYPTION -DAUTHENTICATION -DKRB4 -I/usr/include/kerberosIV
-SRCS+=  auth.c kerberos.c enc_des.c
-LDADD+= -ldes -lkrb
-DPADD+= ${LIBDES} ${LIBKRB}
-.endif
-
-# Not Yet
-#SRCS += spx.c rsaencpwd.c read_password.c
-
-# KRB4_ENCPWD not yet defined
-# Used only in krb4encpwd.c and rsaencpwd.c, not yet active
-#LDADD+= -ldescrypt
-
-.include <bsd.lib.mk>
diff --git a/secure/lib/libtelnet/auth-proto.h b/secure/lib/libtelnet/auth-proto.h
deleted file mode 100644
index 111033d7700c..000000000000
--- a/secure/lib/libtelnet/auth-proto.h
+++ /dev/null
@@ -1,96 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)auth-proto.h	8.1 (Berkeley) 6/4/93
- */
-
-/*
- * Copyright (C) 1990 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- */
-
-#if	!defined(P)
-#ifdef	__STDC__
-#define	P(x)	x
-#else
-#define	P(x)	()
-#endif
-#endif
-
-#if	defined(AUTHENTICATION)
-Authenticator *findauthenticator P((int, int));
-
-void auth_init P((char *, int));
-int auth_cmd P((int, char **));
-void auth_request P((void));
-void auth_send P((unsigned char *, int));
-void auth_send_retry P((void));
-void auth_is P((unsigned char *, int));
-void auth_reply P((unsigned char *, int));
-void auth_finished P((Authenticator *, int));
-int auth_wait P((char *));
-void auth_disable_name P((char *));
-void auth_gen_printsub P((unsigned char *, int, unsigned char *, int));
-
-#ifdef	KRB4
-int kerberos4_init P((Authenticator *, int));
-int kerberos4_send P((Authenticator *));
-void kerberos4_is P((Authenticator *, unsigned char *, int));
-void kerberos4_reply P((Authenticator *, unsigned char *, int));
-int kerberos4_status P((Authenticator *, char *, int));
-void kerberos4_printsub P((unsigned char *, int, unsigned char *, int));
-#endif
-
-#ifdef	KRB5
-int kerberos5_init P((Authenticator *, int));
-int kerberos5_send P((Authenticator *));
-void kerberos5_is P((Authenticator *, unsigned char *, int));
-void kerberos5_reply P((Authenticator *, unsigned char *, int));
-int kerberos5_status P((Authenticator *, char *, int));
-void kerberos5_printsub P((unsigned char *, int, unsigned char *, int));
-#endif
-#endif
diff --git a/secure/lib/libtelnet/auth.c b/secure/lib/libtelnet/auth.c
deleted file mode 100644
index 64f5ce9e1c7a..000000000000
--- a/secure/lib/libtelnet/auth.c
+++ /dev/null
@@ -1,671 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#)auth.c	8.3 (Berkeley) 5/30/95";
-#endif /* not lint */
-
-/*
- * Copyright (C) 1990 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- */
-
-
-#if	defined(AUTHENTICATION)
-#include <stdio.h>
-#include <sys/types.h>
-#include <signal.h>
-#define	AUTH_NAMES
-#include <arpa/telnet.h>
-#ifdef	__STDC__
-#include <stdlib.h>
-#endif
-#ifdef	NO_STRING_H
-#include <strings.h>
-#else
-#include <string.h>
-#endif
-
-#include "encrypt.h"
-#include "auth.h"
-#include "misc-proto.h"
-#include "auth-proto.h"
-
-#define	typemask(x)		(1<<((x)-1))
-
-#ifdef	KRB4_ENCPWD
-extern krb4encpwd_init();
-extern krb4encpwd_send();
-extern krb4encpwd_is();
-extern krb4encpwd_reply();
-extern krb4encpwd_status();
-extern krb4encpwd_printsub();
-#endif
-
-#ifdef	RSA_ENCPWD
-extern rsaencpwd_init();
-extern rsaencpwd_send();
-extern rsaencpwd_is();
-extern rsaencpwd_reply();
-extern rsaencpwd_status();
-extern rsaencpwd_printsub();
-#endif
-
-int auth_debug_mode = 0;
-static 	char	*Name = "Noname";
-static	int	Server = 0;
-static	Authenticator	*authenticated = 0;
-static	int	authenticating = 0;
-static	int	validuser = 0;
-static	unsigned char	_auth_send_data[256];
-static	unsigned char	*auth_send_data;
-static	int	auth_send_cnt = 0;
-
-/*
- * Authentication types supported.  Plese note that these are stored
- * in priority order, i.e. try the first one first.
- */
-Authenticator authenticators[] = {
-#ifdef	SPX
-	{ AUTHTYPE_SPX, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL,
-				spx_init,
-				spx_send,
-				spx_is,
-				spx_reply,
-				spx_status,
-				spx_printsub },
-	{ AUTHTYPE_SPX, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
-				spx_init,
-				spx_send,
-				spx_is,
-				spx_reply,
-				spx_status,
-				spx_printsub },
-#endif
-#ifdef	KRB5
-# ifdef	ENCRYPTION
-	{ AUTHTYPE_KERBEROS_V5, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL,
-				kerberos5_init,
-				kerberos5_send,
-				kerberos5_is,
-				kerberos5_reply,
-				kerberos5_status,
-				kerberos5_printsub },
-# endif	/* ENCRYPTION */
-	{ AUTHTYPE_KERBEROS_V5, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
-				kerberos5_init,
-				kerberos5_send,
-				kerberos5_is,
-				kerberos5_reply,
-				kerberos5_status,
-				kerberos5_printsub },
-#endif
-#ifdef	KRB4
-# ifdef ENCRYPTION
-	{ AUTHTYPE_KERBEROS_V4, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL,
-				kerberos4_init,
-				kerberos4_send,
-				kerberos4_is,
-				kerberos4_reply,
-				kerberos4_status,
-				kerberos4_printsub },
-# endif	/* ENCRYPTION */
-	{ AUTHTYPE_KERBEROS_V4, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
-				kerberos4_init,
-				kerberos4_send,
-				kerberos4_is,
-				kerberos4_reply,
-				kerberos4_status,
-				kerberos4_printsub },
-#endif
-#ifdef	KRB4_ENCPWD
-	{ AUTHTYPE_KRB4_ENCPWD, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL,
-				krb4encpwd_init,
-				krb4encpwd_send,
-				krb4encpwd_is,
-				krb4encpwd_reply,
-				krb4encpwd_status,
-				krb4encpwd_printsub },
-#endif
-#ifdef	RSA_ENCPWD
-	{ AUTHTYPE_RSA_ENCPWD, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
-				rsaencpwd_init,
-				rsaencpwd_send,
-				rsaencpwd_is,
-				rsaencpwd_reply,
-				rsaencpwd_status,
-				rsaencpwd_printsub },
-#endif
-	{ 0, },
-};
-
-static Authenticator NoAuth = { 0 };
-
-static int	i_support = 0;
-static int	i_wont_support = 0;
-
-	Authenticator *
-findauthenticator(type, way)
-	int type;
-	int way;
-{
-	Authenticator *ap = authenticators;
-
-	while (ap->type && (ap->type != type || ap->way != way))
-		++ap;
-	return(ap->type ? ap : 0);
-}
-
-	void
-auth_init(name, server)
-	char *name;
-	int server;
-{
-	Authenticator *ap = authenticators;
-
-	Server = server;
-	Name = name;
-
-	i_support = 0;
-	authenticated = 0;
-	authenticating = 0;
-	while (ap->type) {
-		if (!ap->init || (*ap->init)(ap, server)) {
-			i_support |= typemask(ap->type);
-			if (auth_debug_mode)
-				printf(">>>%s: I support auth type %d %d\r\n",
-					Name,
-					ap->type, ap->way);
-		}
-		else if (auth_debug_mode)
-			printf(">>>%s: Init failed: auth type %d %d\r\n",
-				Name, ap->type, ap->way);
-		++ap;
-	}
-}
-
-	void
-auth_disable_name(name)
-	char *name;
-{
-	int x;
-	for (x = 0; x < AUTHTYPE_CNT; ++x) {
-		if (!strcasecmp(name, AUTHTYPE_NAME(x))) {
-			i_wont_support |= typemask(x);
-			break;
-		}
-	}
-}
-
-	int
-getauthmask(type, maskp)
-	char *type;
-	int *maskp;
-{
-	register int x;
-
-	if (!strcasecmp(type, AUTHTYPE_NAME(0))) {
-		*maskp = -1;
-		return(1);
-	}
-
-	for (x = 1; x < AUTHTYPE_CNT; ++x) {
-		if (!strcasecmp(type, AUTHTYPE_NAME(x))) {
-			*maskp = typemask(x);
-			return(1);
-		}
-	}
-	return(0);
-}
-
-	int
-auth_enable(type)
-	char * type;
-{
-	return(auth_onoff(type, 1));
-}
-
-	int
-auth_disable(type)
-	char * type;
-{
-	return(auth_onoff(type, 0));
-}
-
-	int
-auth_onoff(type, on)
-	char *type;
-	int on;
-{
-	int i, mask = -1;
-	Authenticator *ap;
-
-	if (!strcasecmp(type, "?") || !strcasecmp(type, "help")) {
-                printf("auth %s 'type'\n", on ? "enable" : "disable");
-		printf("Where 'type' is one of:\n");
-		printf("\t%s\n", AUTHTYPE_NAME(0));
-		mask = 0;
-		for (ap = authenticators; ap->type; ap++) {
-			if ((mask & (i = typemask(ap->type))) != 0)
-				continue;
-			mask |= i;
-			printf("\t%s\n", AUTHTYPE_NAME(ap->type));
-		}
-		return(0);
-	}
-
-	if (!getauthmask(type, &mask)) {
-		printf("%s: invalid authentication type\n", type);
-		return(0);
-	}
-	if (on)
-		i_wont_support &= ~mask;
-	else
-		i_wont_support |= mask;
-	return(1);
-}
-
-	int
-auth_togdebug(on)
-	int on;
-{
-	if (on < 0)
-		auth_debug_mode ^= 1;
-	else
-		auth_debug_mode = on;
-	printf("auth debugging %s\n", auth_debug_mode ? "enabled" : "disabled");
-	return(1);
-}
-
-	int
-auth_status()
-{
-	Authenticator *ap;
-	int i, mask;
-
-	if (i_wont_support == -1)
-		printf("Authentication disabled\n");
-	else
-		printf("Authentication enabled\n");
-
-	mask = 0;
-	for (ap = authenticators; ap->type; ap++) {
-		if ((mask & (i = typemask(ap->type))) != 0)
-			continue;
-		mask |= i;
-		printf("%s: %s\n", AUTHTYPE_NAME(ap->type),
-			(i_wont_support & typemask(ap->type)) ?
-					"disabled" : "enabled");
-	}
-	return(1);
-}
-
-/*
- * This routine is called by the server to start authentication
- * negotiation.
- */
-	void
-auth_request()
-{
-	static unsigned char str_request[64] = { IAC, SB,
-						 TELOPT_AUTHENTICATION,
-						 TELQUAL_SEND, };
-	Authenticator *ap = authenticators;
-	unsigned char *e = str_request + 4;
-
-	if (!authenticating) {
-		authenticating = 1;
-		while (ap->type) {
-			if (i_support & ~i_wont_support & typemask(ap->type)) {
-				if (auth_debug_mode) {
-					printf(">>>%s: Sending type %d %d\r\n",
-						Name, ap->type, ap->way);
-				}
-				*e++ = ap->type;
-				*e++ = ap->way;
-			}
-			++ap;
-		}
-		*e++ = IAC;
-		*e++ = SE;
-		net_write(str_request, e - str_request);
-		printsub('>', &str_request[2], e - str_request - 2);
-	}
-}
-
-/*
- * This is called when an AUTH SEND is received.
- * It should never arrive on the server side (as only the server can
- * send an AUTH SEND).
- * You should probably respond to it if you can...
- *
- * If you want to respond to the types out of order (i.e. even
- * if he sends  LOGIN KERBEROS and you support both, you respond
- * with KERBEROS instead of LOGIN (which is against what the
- * protocol says)) you will have to hack this code...
- */
-	void
-auth_send(data, cnt)
-	unsigned char *data;
-	int cnt;
-{
-	Authenticator *ap;
-	static unsigned char str_none[] = { IAC, SB, TELOPT_AUTHENTICATION,
-					    TELQUAL_IS, AUTHTYPE_NULL, 0,
-					    IAC, SE };
-	if (Server) {
-		if (auth_debug_mode) {
-			printf(">>>%s: auth_send called!\r\n", Name);
-		}
-		return;
-	}
-
-	if (auth_debug_mode) {
-		printf(">>>%s: auth_send got:", Name);
-		printd(data, cnt); printf("\r\n");
-	}
-
-	/*
-	 * Save the data, if it is new, so that we can continue looking
-	 * at it if the authorization we try doesn't work
-	 */
-	if (data < _auth_send_data ||
-	    data > _auth_send_data + sizeof(_auth_send_data)) {
-		auth_send_cnt = cnt > sizeof(_auth_send_data)
-					? sizeof(_auth_send_data)
-					: cnt;
-		memmove((void *)_auth_send_data, (void *)data, auth_send_cnt);
-		auth_send_data = _auth_send_data;
-	} else {
-		/*
-		 * This is probably a no-op, but we just make sure
-		 */
-		auth_send_data = data;
-		auth_send_cnt = cnt;
-	}
-	while ((auth_send_cnt -= 2) >= 0) {
-		if (auth_debug_mode)
-			printf(">>>%s: He supports %d\r\n",
-				Name, *auth_send_data);
-		if ((i_support & ~i_wont_support) & typemask(*auth_send_data)) {
-			ap = findauthenticator(auth_send_data[0],
-					       auth_send_data[1]);
-			if (ap && ap->send) {
-				if (auth_debug_mode)
-					printf(">>>%s: Trying %d %d\r\n",
-						Name, auth_send_data[0],
-							auth_send_data[1]);
-				if ((*ap->send)(ap)) {
-					/*
-					 * Okay, we found one we like
-					 * and did it.
-					 * we can go home now.
-					 */
-					if (auth_debug_mode)
-						printf(">>>%s: Using type %d\r\n",
-							Name, *auth_send_data);
-					auth_send_data += 2;
-					return;
-				}
-			}
-			/* else
-			 *	just continue on and look for the
-			 *	next one if we didn't do anything.
-			 */
-		}
-		auth_send_data += 2;
-	}
-	net_write(str_none, sizeof(str_none));
-	printsub('>', &str_none[2], sizeof(str_none) - 2);
-	if (auth_debug_mode)
-		printf(">>>%s: Sent failure message\r\n", Name);
-	auth_finished(0, AUTH_REJECT);
-#ifdef KANNAN
-	/*
-	 *  We requested strong authentication, however no mechanisms worked.
-	 *  Therefore, exit on client end.
-	 */
-	printf("Unable to securely authenticate user ... exit\n");
-	exit(0);
-#endif /* KANNAN */
-}
-
-	void
-auth_send_retry()
-{
-	/*
-	 * if auth_send_cnt <= 0 then auth_send will end up rejecting
-	 * the authentication and informing the other side of this.
-	 */
-	auth_send(auth_send_data, auth_send_cnt);
-}
-
-	void
-auth_is(data, cnt)
-	unsigned char *data;
-	int cnt;
-{
-	Authenticator *ap;
-
-	if (cnt < 2)
-		return;
-
-	if (data[0] == AUTHTYPE_NULL) {
-		auth_finished(0, AUTH_REJECT);
-		return;
-	}
-
-	if (ap = findauthenticator(data[0], data[1])) {
-		if (ap->is)
-			(*ap->is)(ap, data+2, cnt-2);
-	} else if (auth_debug_mode)
-		printf(">>>%s: Invalid authentication in IS: %d\r\n",
-			Name, *data);
-}
-
-	void
-auth_reply(data, cnt)
-	unsigned char *data;
-	int cnt;
-{
-	Authenticator *ap;
-
-	if (cnt < 2)
-		return;
-
-	if (ap = findauthenticator(data[0], data[1])) {
-		if (ap->reply)
-			(*ap->reply)(ap, data+2, cnt-2);
-	} else if (auth_debug_mode)
-		printf(">>>%s: Invalid authentication in SEND: %d\r\n",
-			Name, *data);
-}
-
-	void
-auth_name(data, cnt)
-	unsigned char *data;
-	int cnt;
-{
-	Authenticator *ap;
-	unsigned char savename[256];
-
-	if (cnt < 1) {
-		if (auth_debug_mode)
-			printf(">>>%s: Empty name in NAME\r\n", Name);
-		return;
-	}
-	if (cnt > sizeof(savename) - 1) {
-		if (auth_debug_mode)
-			printf(">>>%s: Name in NAME (%d) exceeds %d length\r\n",
-					Name, cnt, sizeof(savename)-1);
-		return;
-	}
-	memmove((void *)savename, (void *)data, cnt);
-	savename[cnt] = '\0';	/* Null terminate */
-	if (auth_debug_mode)
-		printf(">>>%s: Got NAME [%s]\r\n", Name, savename);
-	auth_encrypt_user(savename);
-}
-
-	int
-auth_sendname(cp, len)
-	unsigned char *cp;
-	int len;
-{
-	static unsigned char str_request[256+6]
-			= { IAC, SB, TELOPT_AUTHENTICATION, TELQUAL_NAME, };
-	register unsigned char *e = str_request + 4;
-	register unsigned char *ee = &str_request[sizeof(str_request)-2];
-
-	while (--len >= 0) {
-		if ((*e++ = *cp++) == IAC)
-			*e++ = IAC;
-		if (e >= ee)
-			return(0);
-	}
-	*e++ = IAC;
-	*e++ = SE;
-	net_write(str_request, e - str_request);
-	printsub('>', &str_request[2], e - &str_request[2]);
-	return(1);
-}
-
-	void
-auth_finished(ap, result)
-	Authenticator *ap;
-	int result;
-{
-	if (!(authenticated = ap))
-		authenticated = &NoAuth;
-	validuser = result;
-}
-
-	/* ARGSUSED */
-	static void
-auth_intr(sig)
-	int sig;
-{
-	auth_finished(0, AUTH_REJECT);
-}
-
-	int
-auth_wait(name)
-	char *name;
-{
-	if (auth_debug_mode)
-		printf(">>>%s: in auth_wait.\r\n", Name);
-
-	if (Server && !authenticating)
-		return(0);
-
-	(void) signal(SIGALRM, auth_intr);
-	alarm(30);
-	while (!authenticated)
-		if (telnet_spin())
-			break;
-	alarm(0);
-	(void) signal(SIGALRM, SIG_DFL);
-
-	/*
-	 * Now check to see if the user is valid or not
-	 */
-	if (!authenticated || authenticated == &NoAuth)
-		return(AUTH_REJECT);
-
-	if (validuser == AUTH_VALID)
-		validuser = AUTH_USER;
-
-	if (authenticated->status)
-		validuser = (*authenticated->status)(authenticated,
-						     name, validuser);
-	return(validuser);
-}
-
-	void
-auth_debug(mode)
-	int mode;
-{
-	auth_debug_mode = mode;
-}
-
-	void
-auth_printsub(data, cnt, buf, buflen)
-	unsigned char *data, *buf;
-	int cnt, buflen;
-{
-	Authenticator *ap;
-
-	if ((ap = findauthenticator(data[1], data[2])) && ap->printsub)
-		(*ap->printsub)(data, cnt, buf, buflen);
-	else
-		auth_gen_printsub(data, cnt, buf, buflen);
-}
-
-	void
-auth_gen_printsub(data, cnt, buf, buflen)
-	unsigned char *data, *buf;
-	int cnt, buflen;
-{
-	register unsigned char *cp;
-	unsigned char tbuf[16];
-
-	cnt -= 3;
-	data += 3;
-	buf[buflen-1] = '\0';
-	buf[buflen-2] = '*';
-	buflen -= 2;
-	for (; cnt > 0; cnt--, data++) {
-		sprintf((char *)tbuf, " %d", *data);
-		for (cp = tbuf; *cp && buflen > 0; --buflen)
-			*buf++ = *cp++;
-		if (buflen <= 0)
-			return;
-	}
-	*buf = '\0';
-}
-#endif
diff --git a/secure/lib/libtelnet/auth.h b/secure/lib/libtelnet/auth.h
deleted file mode 100644
index 615e8a07b894..000000000000
--- a/secure/lib/libtelnet/auth.h
+++ /dev/null
@@ -1,87 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)auth.h	8.1 (Berkeley) 6/4/93
- */
-
-/*
- * Copyright (C) 1990 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- */
-
-#ifndef	__AUTH__
-#define	__AUTH__
-
-#define	AUTH_REJECT	0	/* Rejected */
-#define	AUTH_UNKNOWN	1	/* We don't know who he is, but he's okay */
-#define	AUTH_OTHER	2	/* We know him, but not his name */
-#define	AUTH_USER	3	/* We know he name */
-#define	AUTH_VALID	4	/* We know him, and he needs no password */
-
-#if	!defined(P)
-#ifdef	__STDC__
-#define P(x)	x
-#else
-#define P(x)	()
-#endif
-#endif
-
-typedef struct XauthP {
-	int	type;
-	int	way;
-	int	(*init) P((struct XauthP *, int));
-	int	(*send) P((struct XauthP *));
-	void	(*is) P((struct XauthP *, unsigned char *, int));
-	void	(*reply) P((struct XauthP *, unsigned char *, int));
-	int	(*status) P((struct XauthP *, char *, int));
-	void	(*printsub) P((unsigned char *, int, unsigned char *, int));
-} Authenticator;
-
-#include "auth-proto.h"
-
-extern auth_debug_mode;
-#endif
diff --git a/secure/lib/libtelnet/enc-proto.h b/secure/lib/libtelnet/enc-proto.h
deleted file mode 100644
index 0c0d89cbf83d..000000000000
--- a/secure/lib/libtelnet/enc-proto.h
+++ /dev/null
@@ -1,120 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)enc-proto.h	8.1 (Berkeley) 6/4/93
- */
-
-/*
- * Copyright (C) 1990 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- */
-#if	!defined(P)
-#ifdef	__STDC__
-#define	P(x)	x
-#else
-#define	P(x)	()
-#endif
-#endif
-
-#ifdef	ENCRYPTION
-void encrypt_init P((char *, int));
-Encryptions *findencryption P((int));
-void encrypt_send_supprt P((void));
-void encrypt_auto P((int));
-void decrypt_auto P((int));
-void encrypt_is P((unsigned char *, int));
-void encrypt_reply P((unsigned char *, int));
-void encrypt_start_input P((int));
-void encrypt_session_key P((Session_Key *, int));
-void encrypt_end_input P((void));
-void encrypt_start_output P((int));
-void encrypt_end_output P((void));
-void encrypt_send_request_start P((void));
-void encrypt_send_request_end P((void));
-void encrypt_send_end P((void));
-void encrypt_wait P((void));
-void encrypt_send_support P((void));
-void encrypt_send_keyid P((int, unsigned char *, int, int));
-int net_write P((unsigned char *, int));
-
-#ifdef	TELENTD
-void encrypt_wait P((void));
-#else
-int encrypt_cmd P((int, char **));
-void encrypt_display P((void));
-#endif
-
-void krbdes_encrypt P((unsigned char *, int));
-int krbdes_decrypt P((int));
-int krbdes_is P((unsigned char *, int));
-int krbdes_reply P((unsigned char *, int));
-void krbdes_init P((int));
-int krbdes_start P((int, int));
-void krbdes_session P((Session_Key *, int));
-void krbdes_printsub P((unsigned char *, int, unsigned char *, int));
-
-void cfb64_encrypt P((unsigned char *, int));
-int cfb64_decrypt P((int));
-void cfb64_init P((int));
-int cfb64_start P((int, int));
-int cfb64_is P((unsigned char *, int));
-int cfb64_reply P((unsigned char *, int));
-void cfb64_session P((Session_Key *, int));
-int cfb64_keyid P((int, unsigned char *, int *));
-void cfb64_printsub P((unsigned char *, int, unsigned char *, int));
-
-void ofb64_encrypt P((unsigned char *, int));
-int ofb64_decrypt P((int));
-void ofb64_init P((int));
-int ofb64_start P((int, int));
-int ofb64_is P((unsigned char *, int));
-int ofb64_reply P((unsigned char *, int));
-void ofb64_session P((Session_Key *, int));
-int ofb64_keyid P((int, unsigned char *, int *));
-void ofb64_printsub P((unsigned char *, int, unsigned char *, int));
-
-#endif	/* ENCRYPTION */
diff --git a/secure/lib/libtelnet/enc_des.c b/secure/lib/libtelnet/enc_des.c
deleted file mode 100644
index d6886fd717d4..000000000000
--- a/secure/lib/libtelnet/enc_des.c
+++ /dev/null
@@ -1,724 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#)enc_des.c	8.3 (Berkeley) 5/30/95";
-#endif /* not lint */
-
-#ifdef	ENCRYPTION
-# ifdef	AUTHENTICATION
-#  ifdef DES_ENCRYPTION
-#include <arpa/telnet.h>
-#include <stdio.h>
-#ifdef	__STDC__
-#include <stdlib.h>
-#endif
-
-#include "encrypt.h"
-#include "key-proto.h"
-#include "misc-proto.h"
-
-extern encrypt_debug_mode;
-
-#define	CFB	0
-#define	OFB	1
-
-#define	NO_SEND_IV	1
-#define	NO_RECV_IV	2
-#define	NO_KEYID	4
-#define	IN_PROGRESS	(NO_SEND_IV|NO_RECV_IV|NO_KEYID)
-#define	SUCCESS		0
-#define	FAILED		-1
-
-
-struct fb {
-	Block krbdes_key;
-	Schedule krbdes_sched;
-	Block temp_feed;
-	unsigned char fb_feed[64];
-	int need_start;
-	int state[2];
-	int keyid[2];
-	int once;
-	struct stinfo {
-		Block		str_output;
-		Block		str_feed;
-		Block		str_iv;
-		Block		str_ikey;
-		Schedule	str_sched;
-		int		str_index;
-		int		str_flagshift;
-	} streams[2];
-};
-
-static struct fb fb[2];
-
-struct keyidlist {
-	char	*keyid;
-	int	keyidlen;
-	char	*key;
-	int	keylen;
-	int	flags;
-} keyidlist [] = {
-	{ "\0", 1, 0, 0, 0 },		/* default key of zero */
-	{ 0, 0, 0, 0, 0 }
-};
-
-#define	KEYFLAG_MASK	03
-
-#define	KEYFLAG_NOINIT	00
-#define	KEYFLAG_INIT	01
-#define	KEYFLAG_OK	02
-#define	KEYFLAG_BAD	03
-
-#define	KEYFLAG_SHIFT	2
-
-#define	SHIFT_VAL(a,b)	(KEYFLAG_SHIFT*((a)+((b)*2)))
-
-#define	FB64_IV		1
-#define	FB64_IV_OK	2
-#define	FB64_IV_BAD	3
-
-
-void fb64_stream_iv P((Block, struct stinfo *));
-void fb64_init P((struct fb *));
-static int fb64_start P((struct fb *, int, int));
-int fb64_is P((unsigned char *, int, struct fb *));
-int fb64_reply P((unsigned char *, int, struct fb *));
-static void fb64_session P((Session_Key *, int, struct fb *));
-void fb64_stream_key P((Block, struct stinfo *));
-int fb64_keyid P((int, unsigned char *, int *, struct fb *));
-
-	void
-cfb64_init(server)
-	int server;
-{
-	fb64_init(&fb[CFB]);
-	fb[CFB].fb_feed[4] = ENCTYPE_DES_CFB64;
-	fb[CFB].streams[0].str_flagshift = SHIFT_VAL(0, CFB);
-	fb[CFB].streams[1].str_flagshift = SHIFT_VAL(1, CFB);
-}
-
-	void
-ofb64_init(server)
-	int server;
-{
-	fb64_init(&fb[OFB]);
-	fb[OFB].fb_feed[4] = ENCTYPE_DES_OFB64;
-	fb[CFB].streams[0].str_flagshift = SHIFT_VAL(0, OFB);
-	fb[CFB].streams[1].str_flagshift = SHIFT_VAL(1, OFB);
-}
-
-	void
-fb64_init(fbp)
-	register struct fb *fbp;
-{
-	memset((void *)fbp, 0, sizeof(*fbp));
-	fbp->state[0] = fbp->state[1] = FAILED;
-	fbp->fb_feed[0] = IAC;
-	fbp->fb_feed[1] = SB;
-	fbp->fb_feed[2] = TELOPT_ENCRYPT;
-	fbp->fb_feed[3] = ENCRYPT_IS;
-}
-
-/*
- * Returns:
- *	-1: some error.  Negotiation is done, encryption not ready.
- *	 0: Successful, initial negotiation all done.
- *	 1: successful, negotiation not done yet.
- *	 2: Not yet.  Other things (like getting the key from
- *	    Kerberos) have to happen before we can continue.
- */
-	int
-cfb64_start(dir, server)
-	int dir;
-	int server;
-{
-	return(fb64_start(&fb[CFB], dir, server));
-}
-	int
-ofb64_start(dir, server)
-	int dir;
-	int server;
-{
-	return(fb64_start(&fb[OFB], dir, server));
-}
-
-	static int
-fb64_start(fbp, dir, server)
-	struct fb *fbp;
-	int dir;
-	int server;
-{
-	Block b;
-	int x;
-	unsigned char *p;
-	register int state;
-
-	switch (dir) {
-	case DIR_DECRYPT:
-		/*
-		 * This is simply a request to have the other side
-		 * start output (our input).  He will negotiate an
-		 * IV so we need not look for it.
-		 */
-		state = fbp->state[dir-1];
-		if (state == FAILED)
-			state = IN_PROGRESS;
-		break;
-
-	case DIR_ENCRYPT:
-		state = fbp->state[dir-1];
-		if (state == FAILED)
-			state = IN_PROGRESS;
-		else if ((state & NO_SEND_IV) == 0)
-			break;
-
-		if (!VALIDKEY(fbp->krbdes_key)) {
-			fbp->need_start = 1;
-			break;
-		}
-		state &= ~NO_SEND_IV;
-		state |= NO_RECV_IV;
-		if (encrypt_debug_mode)
-			printf("Creating new feed\r\n");
-		/*
-		 * Create a random feed and send it over.
-		 */
-		des_new_random_key(fbp->temp_feed);
-		des_ecb_encrypt(fbp->temp_feed, fbp->temp_feed,
-				fbp->krbdes_sched, 1);
-		p = fbp->fb_feed + 3;
-		*p++ = ENCRYPT_IS;
-		p++;
-		*p++ = FB64_IV;
-		for (x = 0; x < sizeof(Block); ++x) {
-			if ((*p++ = fbp->temp_feed[x]) == IAC)
-				*p++ = IAC;
-		}
-		*p++ = IAC;
-		*p++ = SE;
-		printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]);
-		net_write(fbp->fb_feed, p - fbp->fb_feed);
-		break;
-	default:
-		return(FAILED);
-	}
-	return(fbp->state[dir-1] = state);
-}
-
-/*
- * Returns:
- *	-1: some error.  Negotiation is done, encryption not ready.
- *	 0: Successful, initial negotiation all done.
- *	 1: successful, negotiation not done yet.
- */
-	int
-cfb64_is(data, cnt)
-	unsigned char *data;
-	int cnt;
-{
-	return(fb64_is(data, cnt, &fb[CFB]));
-}
-	int
-ofb64_is(data, cnt)
-	unsigned char *data;
-	int cnt;
-{
-	return(fb64_is(data, cnt, &fb[OFB]));
-}
-
-	int
-fb64_is(data, cnt, fbp)
-	unsigned char *data;
-	int cnt;
-	struct fb *fbp;
-{
-	int x;
-	unsigned char *p;
-	Block b;
-	register int state = fbp->state[DIR_DECRYPT-1];
-
-	if (cnt-- < 1)
-		goto failure;
-
-	switch (*data++) {
-	case FB64_IV:
-		if (cnt != sizeof(Block)) {
-			if (encrypt_debug_mode)
-				printf("CFB64: initial vector failed on size\r\n");
-			state = FAILED;
-			goto failure;
-		}
-
-		if (encrypt_debug_mode)
-			printf("CFB64: initial vector received\r\n");
-
-		if (encrypt_debug_mode)
-			printf("Initializing Decrypt stream\r\n");
-
-		fb64_stream_iv((void *)data, &fbp->streams[DIR_DECRYPT-1]);
-
-		p = fbp->fb_feed + 3;
-		*p++ = ENCRYPT_REPLY;
-		p++;
-		*p++ = FB64_IV_OK;
-		*p++ = IAC;
-		*p++ = SE;
-		printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]);
-		net_write(fbp->fb_feed, p - fbp->fb_feed);
-
-		state = fbp->state[DIR_DECRYPT-1] = IN_PROGRESS;
-		break;
-
-	default:
-		if (encrypt_debug_mode) {
-			printf("Unknown option type: %d\r\n", *(data-1));
-			printd(data, cnt);
-			printf("\r\n");
-		}
-		/* FALL THROUGH */
-	failure:
-		/*
-		 * We failed.  Send an FB64_IV_BAD option
-		 * to the other side so it will know that
-		 * things failed.
-		 */
-		p = fbp->fb_feed + 3;
-		*p++ = ENCRYPT_REPLY;
-		p++;
-		*p++ = FB64_IV_BAD;
-		*p++ = IAC;
-		*p++ = SE;
-		printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]);
-		net_write(fbp->fb_feed, p - fbp->fb_feed);
-
-		break;
-	}
-	return(fbp->state[DIR_DECRYPT-1] = state);
-}
-
-/*
- * Returns:
- *	-1: some error.  Negotiation is done, encryption not ready.
- *	 0: Successful, initial negotiation all done.
- *	 1: successful, negotiation not done yet.
- */
-	int
-cfb64_reply(data, cnt)
-	unsigned char *data;
-	int cnt;
-{
-	return(fb64_reply(data, cnt, &fb[CFB]));
-}
-	int
-ofb64_reply(data, cnt)
-	unsigned char *data;
-	int cnt;
-{
-	return(fb64_reply(data, cnt, &fb[OFB]));
-}
-
-
-	int
-fb64_reply(data, cnt, fbp)
-	unsigned char *data;
-	int cnt;
-	struct fb *fbp;
-{
-	int x;
-	unsigned char *p;
-	Block b;
-	register int state = fbp->state[DIR_ENCRYPT-1];
-
-	if (cnt-- < 1)
-		goto failure;
-
-	switch (*data++) {
-	case FB64_IV_OK:
-		fb64_stream_iv(fbp->temp_feed, &fbp->streams[DIR_ENCRYPT-1]);
-		if (state == FAILED)
-			state = IN_PROGRESS;
-		state &= ~NO_RECV_IV;
-		encrypt_send_keyid(DIR_ENCRYPT, (unsigned char *)"\0", 1, 1);
-		break;
-
-	case FB64_IV_BAD:
-		memset(fbp->temp_feed, 0, sizeof(Block));
-		fb64_stream_iv(fbp->temp_feed, &fbp->streams[DIR_ENCRYPT-1]);
-		state = FAILED;
-		break;
-
-	default:
-		if (encrypt_debug_mode) {
-			printf("Unknown option type: %d\r\n", data[-1]);
-			printd(data, cnt);
-			printf("\r\n");
-		}
-		/* FALL THROUGH */
-	failure:
-		state = FAILED;
-		break;
-	}
-	return(fbp->state[DIR_ENCRYPT-1] = state);
-}
-
-	void
-cfb64_session(key, server)
-	Session_Key *key;
-	int server;
-{
-	fb64_session(key, server, &fb[CFB]);
-}
-
-	void
-ofb64_session(key, server)
-	Session_Key *key;
-	int server;
-{
-	fb64_session(key, server, &fb[OFB]);
-}
-
-	static void
-fb64_session(key, server, fbp)
-	Session_Key *key;
-	int server;
-	struct fb *fbp;
-{
-
-	if (!key || key->type != SK_DES) {
-		if (encrypt_debug_mode)
-			printf("Can't set krbdes's session key (%d != %d)\r\n",
-				key ? key->type : -1, SK_DES);
-		return;
-	}
-	memmove((void *)fbp->krbdes_key, (void *)key->data, sizeof(Block));
-
-	fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_ENCRYPT-1]);
-	fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_DECRYPT-1]);
-
-	if (fbp->once == 0) {
-		des_set_random_generator_seed(fbp->krbdes_key);
-		fbp->once = 1;
-	}
-	des_key_sched(fbp->krbdes_key, fbp->krbdes_sched);
-	/*
-	 * Now look to see if krbdes_start() was was waiting for
-	 * the key to show up.  If so, go ahead an call it now
-	 * that we have the key.
-	 */
-	if (fbp->need_start) {
-		fbp->need_start = 0;
-		fb64_start(fbp, DIR_ENCRYPT, server);
-	}
-}
-
-/*
- * We only accept a keyid of 0.  If we get a keyid of
- * 0, then mark the state as SUCCESS.
- */
-	int
-cfb64_keyid(dir, kp, lenp)
-	int dir, *lenp;
-	unsigned char *kp;
-{
-	return(fb64_keyid(dir, kp, lenp, &fb[CFB]));
-}
-
-	int
-ofb64_keyid(dir, kp, lenp)
-	int dir, *lenp;
-	unsigned char *kp;
-{
-	return(fb64_keyid(dir, kp, lenp, &fb[OFB]));
-}
-
-	int
-fb64_keyid(dir, kp, lenp, fbp)
-	int dir, *lenp;
-	unsigned char *kp;
-	struct fb *fbp;
-{
-	register int state = fbp->state[dir-1];
-
-	if (*lenp != 1 || (*kp != '\0')) {
-		*lenp = 0;
-		return(state);
-	}
-
-	if (state == FAILED)
-		state = IN_PROGRESS;
-
-	state &= ~NO_KEYID;
-
-	return(fbp->state[dir-1] = state);
-}
-
-	void
-fb64_printsub(data, cnt, buf, buflen, type)
-	unsigned char *data, *buf, *type;
-	int cnt, buflen;
-{
-	char lbuf[32];
-	register int i;
-	char *cp;
-
-	buf[buflen-1] = '\0';		/* make sure it's NULL terminated */
-	buflen -= 1;
-
-	switch(data[2]) {
-	case FB64_IV:
-		sprintf(lbuf, "%s_IV", type);
-		cp = lbuf;
-		goto common;
-
-	case FB64_IV_OK:
-		sprintf(lbuf, "%s_IV_OK", type);
-		cp = lbuf;
-		goto common;
-
-	case FB64_IV_BAD:
-		sprintf(lbuf, "%s_IV_BAD", type);
-		cp = lbuf;
-		goto common;
-
-	default:
-		sprintf(lbuf, " %d (unknown)", data[2]);
-		cp = lbuf;
-	common:
-		for (; (buflen > 0) && (*buf = *cp++); buf++)
-			buflen--;
-		for (i = 3; i < cnt; i++) {
-			sprintf(lbuf, " %d", data[i]);
-			for (cp = lbuf; (buflen > 0) && (*buf = *cp++); buf++)
-				buflen--;
-		}
-		break;
-	}
-}
-
-	void
-cfb64_printsub(data, cnt, buf, buflen)
-	unsigned char *data, *buf;
-	int cnt, buflen;
-{
-	fb64_printsub(data, cnt, buf, buflen, "CFB64");
-}
-
-	void
-ofb64_printsub(data, cnt, buf, buflen)
-	unsigned char *data, *buf;
-	int cnt, buflen;
-{
-	fb64_printsub(data, cnt, buf, buflen, "OFB64");
-}
-
-	void
-fb64_stream_iv(seed, stp)
-	Block seed;
-	register struct stinfo *stp;
-{
-
-	memmove((void *)stp->str_iv, (void *)seed, sizeof(Block));
-	memmove((void *)stp->str_output, (void *)seed, sizeof(Block));
-
-	des_key_sched(stp->str_ikey, stp->str_sched);
-
-	stp->str_index = sizeof(Block);
-}
-
-	void
-fb64_stream_key(key, stp)
-	Block key;
-	register struct stinfo *stp;
-{
-	memmove((void *)stp->str_ikey, (void *)key, sizeof(Block));
-	des_key_sched(key, stp->str_sched);
-
-	memmove((void *)stp->str_output, (void *)stp->str_iv, sizeof(Block));
-
-	stp->str_index = sizeof(Block);
-}
-
-/*
- * DES 64 bit Cipher Feedback
- *
- *     key --->+-----+
- *          +->| DES |--+
- *          |  +-----+  |
- *	    |           v
- *  INPUT --(--------->(+)+---> DATA
- *          |             |
- *	    +-------------+
- *
- *
- * Given:
- *	iV: Initial vector, 64 bits (8 bytes) long.
- *	Dn: the nth chunk of 64 bits (8 bytes) of data to encrypt (decrypt).
- *	On: the nth chunk of 64 bits (8 bytes) of encrypted (decrypted) output.
- *
- *	V0 = DES(iV, key)
- *	On = Dn ^ Vn
- *	V(n+1) = DES(On, key)
- */
-
-	void
-cfb64_encrypt(s, c)
-	register unsigned char *s;
-	int c;
-{
-	register struct stinfo *stp = &fb[CFB].streams[DIR_ENCRYPT-1];
-	register int index;
-
-	index = stp->str_index;
-	while (c-- > 0) {
-		if (index == sizeof(Block)) {
-			Block b;
-			des_ecb_encrypt(stp->str_output, b, stp->str_sched, 1);
-			memmove((void *)stp->str_feed, (void *)b, sizeof(Block));
-			index = 0;
-		}
-
-		/* On encryption, we store (feed ^ data) which is cypher */
-		*s = stp->str_output[index] = (stp->str_feed[index] ^ *s);
-		s++;
-		index++;
-	}
-	stp->str_index = index;
-}
-
-	int
-cfb64_decrypt(data)
-	int data;
-{
-	register struct stinfo *stp = &fb[CFB].streams[DIR_DECRYPT-1];
-	int index;
-
-	if (data == -1) {
-		/*
-		 * Back up one byte.  It is assumed that we will
-		 * never back up more than one byte.  If we do, this
-		 * may or may not work.
-		 */
-		if (stp->str_index)
-			--stp->str_index;
-		return(0);
-	}
-
-	index = stp->str_index++;
-	if (index == sizeof(Block)) {
-		Block b;
-		des_ecb_encrypt(stp->str_output, b, stp->str_sched, 1);
-		memmove((void *)stp->str_feed, (void *)b, sizeof(Block));
-		stp->str_index = 1;	/* Next time will be 1 */
-		index = 0;		/* But now use 0 */
-	}
-
-	/* On decryption we store (data) which is cypher. */
-	stp->str_output[index] = data;
-	return(data ^ stp->str_feed[index]);
-}
-
-/*
- * DES 64 bit Output Feedback
- *
- * key --->+-----+
- *	+->| DES |--+
- *	|  +-----+  |
- *	+-----------+
- *	            v
- *  INPUT -------->(+) ----> DATA
- *
- * Given:
- *	iV: Initial vector, 64 bits (8 bytes) long.
- *	Dn: the nth chunk of 64 bits (8 bytes) of data to encrypt (decrypt).
- *	On: the nth chunk of 64 bits (8 bytes) of encrypted (decrypted) output.
- *
- *	V0 = DES(iV, key)
- *	V(n+1) = DES(Vn, key)
- *	On = Dn ^ Vn
- */
-	void
-ofb64_encrypt(s, c)
-	register unsigned char *s;
-	int c;
-{
-	register struct stinfo *stp = &fb[OFB].streams[DIR_ENCRYPT-1];
-	register int index;
-
-	index = stp->str_index;
-	while (c-- > 0) {
-		if (index == sizeof(Block)) {
-			Block b;
-			des_ecb_encrypt(stp->str_feed, b, stp->str_sched, 1);
-			memmove((void *)stp->str_feed, (void *)b, sizeof(Block));
-			index = 0;
-		}
-		*s++ ^= stp->str_feed[index];
-		index++;
-	}
-	stp->str_index = index;
-}
-
-	int
-ofb64_decrypt(data)
-	int data;
-{
-	register struct stinfo *stp = &fb[OFB].streams[DIR_DECRYPT-1];
-	int index;
-
-	if (data == -1) {
-		/*
-		 * Back up one byte.  It is assumed that we will
-		 * never back up more than one byte.  If we do, this
-		 * may or may not work.
-		 */
-		if (stp->str_index)
-			--stp->str_index;
-		return(0);
-	}
-
-	index = stp->str_index++;
-	if (index == sizeof(Block)) {
-		Block b;
-		des_ecb_encrypt(stp->str_feed, b, stp->str_sched, 1);
-		memmove((void *)stp->str_feed, (void *)b, sizeof(Block));
-		stp->str_index = 1;	/* Next time will be 1 */
-		index = 0;		/* But now use 0 */
-	}
-
-	return(data ^ stp->str_feed[index]);
-}
-#  endif /* DES_ENCRYPTION */
-# endif	/* AUTHENTICATION */
-#endif	/* ENCRYPTION */
diff --git a/secure/lib/libtelnet/encrypt.c b/secure/lib/libtelnet/encrypt.c
deleted file mode 100644
index 432df0cbb333..000000000000
--- a/secure/lib/libtelnet/encrypt.c
+++ /dev/null
@@ -1,1000 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#)encrypt.c	8.2 (Berkeley) 5/30/95";
-#endif /* not lint */
-
-/*
- * Copyright (C) 1990 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- */
-
-#ifdef	ENCRYPTION
-
-#define	ENCRYPT_NAMES
-#include <arpa/telnet.h>
-
-#include "encrypt.h"
-#include "misc.h"
-
-#ifdef	__STDC__
-#include <stdlib.h>
-#endif
-#ifdef	NO_STRING_H
-#include <strings.h>
-#else
-#include <string.h>
-#endif
-
-/*
- * These functions pointers point to the current routines
- * for encrypting and decrypting data.
- */
-void	(*encrypt_output) P((unsigned char *, int));
-int	(*decrypt_input) P((int));
-
-int encrypt_debug_mode = 0;
-static int decrypt_mode = 0;
-static int encrypt_mode = 0;
-static int encrypt_verbose = 0;
-static int autoencrypt = 0;
-static int autodecrypt = 0;
-static int havesessionkey = 0;
-static int Server = 0;
-static char *Name = "Noname";
-
-#define	typemask(x)	((x) > 0 ? 1 << ((x)-1) : 0)
-
-static long i_support_encrypt = typemask(ENCTYPE_DES_CFB64)
-				| typemask(ENCTYPE_DES_OFB64);
-static long i_support_decrypt = typemask(ENCTYPE_DES_CFB64)
-				| typemask(ENCTYPE_DES_OFB64);
-static long i_wont_support_encrypt = 0;
-static long i_wont_support_decrypt = 0;
-#define	I_SUPPORT_ENCRYPT	(i_support_encrypt & ~i_wont_support_encrypt)
-#define	I_SUPPORT_DECRYPT	(i_support_decrypt & ~i_wont_support_decrypt)
-
-static long remote_supports_encrypt = 0;
-static long remote_supports_decrypt = 0;
-
-static Encryptions encryptions[] = {
-#ifdef	DES_ENCRYPTION
-    { "DES_CFB64",	ENCTYPE_DES_CFB64,
-			cfb64_encrypt,
-			cfb64_decrypt,
-			cfb64_init,
-			cfb64_start,
-			cfb64_is,
-			cfb64_reply,
-			cfb64_session,
-			cfb64_keyid,
-			cfb64_printsub },
-    { "DES_OFB64",	ENCTYPE_DES_OFB64,
-			ofb64_encrypt,
-			ofb64_decrypt,
-			ofb64_init,
-			ofb64_start,
-			ofb64_is,
-			ofb64_reply,
-			ofb64_session,
-			ofb64_keyid,
-			ofb64_printsub },
-#endif	/* DES_ENCRYPTION */
-    { 0, },
-};
-
-static unsigned char str_send[64] = { IAC, SB, TELOPT_ENCRYPT,
-					 ENCRYPT_SUPPORT };
-static unsigned char str_suplen = 0;
-static unsigned char str_start[72] = { IAC, SB, TELOPT_ENCRYPT };
-static unsigned char str_end[] = { IAC, SB, TELOPT_ENCRYPT, 0, IAC, SE };
-
-	Encryptions *
-findencryption(type)
-	int type;
-{
-	Encryptions *ep = encryptions;
-
-	if (!(I_SUPPORT_ENCRYPT & remote_supports_decrypt & typemask(type)))
-		return(0);
-	while (ep->type && ep->type != type)
-		++ep;
-	return(ep->type ? ep : 0);
-}
-
-	Encryptions *
-finddecryption(type)
-	int type;
-{
-	Encryptions *ep = encryptions;
-
-	if (!(I_SUPPORT_DECRYPT & remote_supports_encrypt & typemask(type)))
-		return(0);
-	while (ep->type && ep->type != type)
-		++ep;
-	return(ep->type ? ep : 0);
-}
-
-#define	MAXKEYLEN 64
-
-static struct key_info {
-	unsigned char keyid[MAXKEYLEN];
-	int keylen;
-	int dir;
-	int *modep;
-	Encryptions *(*getcrypt)();
-} ki[2] = {
-	{ { 0 }, 0, DIR_ENCRYPT, &encrypt_mode, findencryption },
-	{ { 0 }, 0, DIR_DECRYPT, &decrypt_mode, finddecryption },
-};
-
-	void
-encrypt_init(name, server)
-	char *name;
-	int server;
-{
-	Encryptions *ep = encryptions;
-
-	Name = name;
-	Server = server;
-	i_support_encrypt = i_support_decrypt = 0;
-	remote_supports_encrypt = remote_supports_decrypt = 0;
-	encrypt_mode = 0;
-	decrypt_mode = 0;
-	encrypt_output = 0;
-	decrypt_input = 0;
-#ifdef notdef
-	encrypt_verbose = !server;
-#endif
-
-	str_suplen = 4;
-
-	while (ep->type) {
-		if (encrypt_debug_mode)
-			printf(">>>%s: I will support %s\r\n",
-				Name, ENCTYPE_NAME(ep->type));
-		i_support_encrypt |= typemask(ep->type);
-		i_support_decrypt |= typemask(ep->type);
-		if ((i_wont_support_decrypt & typemask(ep->type)) == 0)
-			if ((str_send[str_suplen++] = ep->type) == IAC)
-				str_send[str_suplen++] = IAC;
-		if (ep->init)
-			(*ep->init)(Server);
-		++ep;
-	}
-	str_send[str_suplen++] = IAC;
-	str_send[str_suplen++] = SE;
-}
-
-	void
-encrypt_list_types()
-{
-	Encryptions *ep = encryptions;
-
-	printf("Valid encryption types:\n");
-	while (ep->type) {
-		printf("\t%s (%d)\r\n", ENCTYPE_NAME(ep->type), ep->type);
-		++ep;
-	}
-}
-
-	int
-EncryptEnable(type, mode)
-	char *type, *mode;
-{
-	if (isprefix(type, "help") || isprefix(type, "?")) {
-		printf("Usage: encrypt enable <type> [input|output]\n");
-		encrypt_list_types();
-		return(0);
-	}
-	if (EncryptType(type, mode))
-		return(EncryptStart(mode));
-	return(0);
-}
-
-	int
-EncryptDisable(type, mode)
-	char *type, *mode;
-{
-	register Encryptions *ep;
-	int ret = 0;
-
-	if (isprefix(type, "help") || isprefix(type, "?")) {
-		printf("Usage: encrypt disable <type> [input|output]\n");
-		encrypt_list_types();
-	} else if ((ep = (Encryptions *)genget(type, encryptions,
-						sizeof(Encryptions))) == 0) {
-		printf("%s: invalid encryption type\n", type);
-	} else if (Ambiguous(ep)) {
-		printf("Ambiguous type '%s'\n", type);
-	} else {
-		if ((mode == 0) || (isprefix(mode, "input") ? 1 : 0)) {
-			if (decrypt_mode == ep->type)
-				EncryptStopInput();
-			i_wont_support_decrypt |= typemask(ep->type);
-			ret = 1;
-		}
-		if ((mode == 0) || (isprefix(mode, "output"))) {
-			if (encrypt_mode == ep->type)
-				EncryptStopOutput();
-			i_wont_support_encrypt |= typemask(ep->type);
-			ret = 1;
-		}
-		if (ret == 0)
-			printf("%s: invalid encryption mode\n", mode);
-	}
-	return(ret);
-}
-
-	int
-EncryptType(type, mode)
-	char *type;
-	char *mode;
-{
-	register Encryptions *ep;
-	int ret = 0;
-
-	if (isprefix(type, "help") || isprefix(type, "?")) {
-		printf("Usage: encrypt type <type> [input|output]\n");
-		encrypt_list_types();
-	} else if ((ep = (Encryptions *)genget(type, encryptions,
-						sizeof(Encryptions))) == 0) {
-		printf("%s: invalid encryption type\n", type);
-	} else if (Ambiguous(ep)) {
-		printf("Ambiguous type '%s'\n", type);
-	} else {
-		if ((mode == 0) || isprefix(mode, "input")) {
-			decrypt_mode = ep->type;
-			i_wont_support_decrypt &= ~typemask(ep->type);
-			ret = 1;
-		}
-		if ((mode == 0) || isprefix(mode, "output")) {
-			encrypt_mode = ep->type;
-			i_wont_support_encrypt &= ~typemask(ep->type);
-			ret = 1;
-		}
-		if (ret == 0)
-			printf("%s: invalid encryption mode\n", mode);
-	}
-	return(ret);
-}
-
-	int
-EncryptStart(mode)
-	char *mode;
-{
-	register int ret = 0;
-	if (mode) {
-		if (isprefix(mode, "input"))
-			return(EncryptStartInput());
-		if (isprefix(mode, "output"))
-			return(EncryptStartOutput());
-		if (isprefix(mode, "help") || isprefix(mode, "?")) {
-			printf("Usage: encrypt start [input|output]\n");
-			return(0);
-		}
-		printf("%s: invalid encryption mode 'encrypt start ?' for help\n", mode);
-		return(0);
-	}
-	ret += EncryptStartInput();
-	ret += EncryptStartOutput();
-	return(ret);
-}
-
-	int
-EncryptStartInput()
-{
-	if (decrypt_mode) {
-		encrypt_send_request_start();
-		return(1);
-	}
-	printf("No previous decryption mode, decryption not enabled\r\n");
-	return(0);
-}
-
-	int
-EncryptStartOutput()
-{
-	if (encrypt_mode) {
-		encrypt_start_output(encrypt_mode);
-		return(1);
-	}
-	printf("No previous encryption mode, encryption not enabled\r\n");
-	return(0);
-}
-
-	int
-EncryptStop(mode)
-	char *mode;
-{
-	int ret = 0;
-	if (mode) {
-		if (isprefix(mode, "input"))
-			return(EncryptStopInput());
-		if (isprefix(mode, "output"))
-			return(EncryptStopOutput());
-		if (isprefix(mode, "help") || isprefix(mode, "?")) {
-			printf("Usage: encrypt stop [input|output]\n");
-			return(0);
-		}
-		printf("%s: invalid encryption mode 'encrypt stop ?' for help\n", mode);
-		return(0);
-	}
-	ret += EncryptStopInput();
-	ret += EncryptStopOutput();
-	return(ret);
-}
-
-	int
-EncryptStopInput()
-{
-	encrypt_send_request_end();
-	return(1);
-}
-
-	int
-EncryptStopOutput()
-{
-	encrypt_send_end();
-	return(1);
-}
-
-	void
-encrypt_display()
-{
-	if (encrypt_output)
-		printf("Currently encrypting output with %s\r\n",
-			ENCTYPE_NAME(encrypt_mode));
-	if (decrypt_input)
-		printf("Currently decrypting input with %s\r\n",
-			ENCTYPE_NAME(decrypt_mode));
-}
-
-	int
-EncryptStatus()
-{
-	if (encrypt_output)
-		printf("Currently encrypting output with %s\r\n",
-			ENCTYPE_NAME(encrypt_mode));
-	else if (encrypt_mode) {
-		printf("Currently output is clear text.\r\n");
-		printf("Last encryption mode was %s\r\n",
-			ENCTYPE_NAME(encrypt_mode));
-	}
-	if (decrypt_input) {
-		printf("Currently decrypting input with %s\r\n",
-			ENCTYPE_NAME(decrypt_mode));
-	} else if (decrypt_mode) {
-		printf("Currently input is clear text.\r\n");
-		printf("Last decryption mode was %s\r\n",
-			ENCTYPE_NAME(decrypt_mode));
-	}
-	return 1;
-}
-
-	void
-encrypt_send_support()
-{
-	if (str_suplen) {
-		/*
-		 * If the user has requested that decryption start
-		 * immediatly, then send a "REQUEST START" before
-		 * we negotiate the type.
-		 */
-		if (!Server && autodecrypt)
-			encrypt_send_request_start();
-		net_write(str_send, str_suplen);
-		printsub('>', &str_send[2], str_suplen - 2);
-		str_suplen = 0;
-	}
-}
-
-	int
-EncryptDebug(on)
-	int on;
-{
-	if (on < 0)
-		encrypt_debug_mode ^= 1;
-	else
-		encrypt_debug_mode = on;
-	printf("Encryption debugging %s\r\n",
-		encrypt_debug_mode ? "enabled" : "disabled");
-	return(1);
-}
-
-	int
-EncryptVerbose(on)
-	int on;
-{
-	if (on < 0)
-		encrypt_verbose ^= 1;
-	else
-		encrypt_verbose = on;
-	printf("Encryption %s verbose\r\n",
-		encrypt_verbose ? "is" : "is not");
-	return(1);
-}
-
-	int
-EncryptAutoEnc(on)
-	int on;
-{
-	encrypt_auto(on);
-	printf("Automatic encryption of output is %s\r\n",
-		autoencrypt ? "enabled" : "disabled");
-	return(1);
-}
-
-	int
-EncryptAutoDec(on)
-	int on;
-{
-	decrypt_auto(on);
-	printf("Automatic decryption of input is %s\r\n",
-		autodecrypt ? "enabled" : "disabled");
-	return(1);
-}
-
-/*
- * Called when ENCRYPT SUPPORT is received.
- */
-	void
-encrypt_support(typelist, cnt)
-	unsigned char *typelist;
-	int cnt;
-{
-	register int type, use_type = 0;
-	Encryptions *ep;
-
-	/*
-	 * Forget anything the other side has previously told us.
-	 */
-	remote_supports_decrypt = 0;
-
-	while (cnt-- > 0) {
-		type = *typelist++;
-		if (encrypt_debug_mode)
-			printf(">>>%s: He is supporting %s (%d)\r\n",
-				Name,
-				ENCTYPE_NAME(type), type);
-		if ((type < ENCTYPE_CNT) &&
-		    (I_SUPPORT_ENCRYPT & typemask(type))) {
-			remote_supports_decrypt |= typemask(type);
-			if (use_type == 0)
-				use_type = type;
-		}
-	}
-	if (use_type) {
-		ep = findencryption(use_type);
-		if (!ep)
-			return;
-		type = ep->start ? (*ep->start)(DIR_ENCRYPT, Server) : 0;
-		if (encrypt_debug_mode)
-			printf(">>>%s: (*ep->start)() returned %d\r\n",
-					Name, type);
-		if (type < 0)
-			return;
-		encrypt_mode = use_type;
-		if (type == 0)
-			encrypt_start_output(use_type);
-	}
-}
-
-	void
-encrypt_is(data, cnt)
-	unsigned char *data;
-	int cnt;
-{
-	Encryptions *ep;
-	register int type, ret;
-
-	if (--cnt < 0)
-		return;
-	type = *data++;
-	if (type < ENCTYPE_CNT)
-		remote_supports_encrypt |= typemask(type);
-	if (!(ep = finddecryption(type))) {
-		if (encrypt_debug_mode)
-			printf(">>>%s: Can't find type %s (%d) for initial negotiation\r\n",
-				Name,
-				ENCTYPE_NAME_OK(type)
-					? ENCTYPE_NAME(type) : "(unknown)",
-				type);
-		return;
-	}
-	if (!ep->is) {
-		if (encrypt_debug_mode)
-			printf(">>>%s: No initial negotiation needed for type %s (%d)\r\n",
-				Name,
-				ENCTYPE_NAME_OK(type)
-					? ENCTYPE_NAME(type) : "(unknown)",
-				type);
-		ret = 0;
-	} else {
-		ret = (*ep->is)(data, cnt);
-		if (encrypt_debug_mode)
-			printf("(*ep->is)(%x, %d) returned %s(%d)\n", data, cnt,
-				(ret < 0) ? "FAIL " :
-				(ret == 0) ? "SUCCESS " : "MORE_TO_DO ", ret);
-	}
-	if (ret < 0) {
-		autodecrypt = 0;
-	} else {
-		decrypt_mode = type;
-		if (ret == 0 && autodecrypt)
-			encrypt_send_request_start();
-	}
-}
-
-	void
-encrypt_reply(data, cnt)
-	unsigned char *data;
-	int cnt;
-{
-	Encryptions *ep;
-	register int ret, type;
-
-	if (--cnt < 0)
-		return;
-	type = *data++;
-	if (!(ep = findencryption(type))) {
-		if (encrypt_debug_mode)
-			printf(">>>%s: Can't find type %s (%d) for initial negotiation\r\n",
-				Name,
-				ENCTYPE_NAME_OK(type)
-					? ENCTYPE_NAME(type) : "(unknown)",
-				type);
-		return;
-	}
-	if (!ep->reply) {
-		if (encrypt_debug_mode)
-			printf(">>>%s: No initial negotiation needed for type %s (%d)\r\n",
-				Name,
-				ENCTYPE_NAME_OK(type)
-					? ENCTYPE_NAME(type) : "(unknown)",
-				type);
-		ret = 0;
-	} else {
-		ret = (*ep->reply)(data, cnt);
-		if (encrypt_debug_mode)
-			printf("(*ep->reply)(%x, %d) returned %s(%d)\n",
-				data, cnt,
-				(ret < 0) ? "FAIL " :
-				(ret == 0) ? "SUCCESS " : "MORE_TO_DO ", ret);
-	}
-	if (encrypt_debug_mode)
-		printf(">>>%s: encrypt_reply returned %d\n", Name, ret);
-	if (ret < 0) {
-		autoencrypt = 0;
-	} else {
-		encrypt_mode = type;
-		if (ret == 0 && autoencrypt)
-			encrypt_start_output(type);
-	}
-}
-
-/*
- * Called when a ENCRYPT START command is received.
- */
-	void
-encrypt_start(data, cnt)
-	unsigned char *data;
-	int cnt;
-{
-	Encryptions *ep;
-
-	if (!decrypt_mode) {
-		/*
-		 * Something is wrong.  We should not get a START
-		 * command without having already picked our
-		 * decryption scheme.  Send a REQUEST-END to
-		 * attempt to clear the channel...
-		 */
-		printf("%s: Warning, Cannot decrypt input stream!!!\r\n", Name);
-		encrypt_send_request_end();
-		return;
-	}
-
-	if (ep = finddecryption(decrypt_mode)) {
-		decrypt_input = ep->input;
-		if (encrypt_verbose)
-			printf("[ Input is now decrypted with type %s ]\r\n",
-				ENCTYPE_NAME(decrypt_mode));
-		if (encrypt_debug_mode)
-			printf(">>>%s: Start to decrypt input with type %s\r\n",
-				Name, ENCTYPE_NAME(decrypt_mode));
-	} else {
-		printf("%s: Warning, Cannot decrypt type %s (%d)!!!\r\n",
-				Name,
-				ENCTYPE_NAME_OK(decrypt_mode)
-					? ENCTYPE_NAME(decrypt_mode)
-					: "(unknown)",
-				decrypt_mode);
-		encrypt_send_request_end();
-	}
-}
-
-	void
-encrypt_session_key(key, server)
-	Session_Key *key;
-	int server;
-{
-	Encryptions *ep = encryptions;
-
-	havesessionkey = 1;
-
-	while (ep->type) {
-		if (ep->session)
-			(*ep->session)(key, server);
-#ifdef notdef
-		if (!encrypt_output && autoencrypt && !server)
-			encrypt_start_output(ep->type);
-		if (!decrypt_input && autodecrypt && !server)
-			encrypt_send_request_start();
-#endif
-		++ep;
-	}
-}
-
-/*
- * Called when ENCRYPT END is received.
- */
-	void
-encrypt_end()
-{
-	decrypt_input = 0;
-	if (encrypt_debug_mode)
-		printf(">>>%s: Input is back to clear text\r\n", Name);
-	if (encrypt_verbose)
-		printf("[ Input is now clear text ]\r\n");
-}
-
-/*
- * Called when ENCRYPT REQUEST-END is received.
- */
-	void
-encrypt_request_end()
-{
-	encrypt_send_end();
-}
-
-/*
- * Called when ENCRYPT REQUEST-START is received.  If we receive
- * this before a type is picked, then that indicates that the
- * other side wants us to start encrypting data as soon as we
- * can.
- */
-	void
-encrypt_request_start(data, cnt)
-	unsigned char *data;
-	int cnt;
-{
-	if (encrypt_mode == 0)  {
-		if (Server)
-			autoencrypt = 1;
-		return;
-	}
-	encrypt_start_output(encrypt_mode);
-}
-
-static unsigned char str_keyid[(MAXKEYLEN*2)+5] = { IAC, SB, TELOPT_ENCRYPT };
-
-encrypt_enc_keyid(keyid, len)
-	unsigned char *keyid;
-	int len;
-{
-	encrypt_keyid(&ki[1], keyid, len);
-}
-
-encrypt_dec_keyid(keyid, len)
-	unsigned char *keyid;
-	int len;
-{
-	encrypt_keyid(&ki[0], keyid, len);
-}
-
-encrypt_keyid(kp, keyid, len)
-	struct key_info *kp;
-	unsigned char *keyid;
-	int len;
-{
-	Encryptions *ep;
-	unsigned char *strp, *cp;
-	int dir = kp->dir;
-	register int ret = 0;
-
-	if (!(ep = (*kp->getcrypt)(*kp->modep))) {
-		if (len == 0)
-			return;
-		kp->keylen = 0;
-	} else if (len == 0) {
-		/*
-		 * Empty option, indicates a failure.
-		 */
-		if (kp->keylen == 0)
-			return;
-		kp->keylen = 0;
-		if (ep->keyid)
-			(void)(*ep->keyid)(dir, kp->keyid, &kp->keylen);
-
-	} else if ((len != kp->keylen) ||
-		   (memcmp(keyid, kp->keyid, len) != 0)) {
-		/*
-		 * Length or contents are different
-		 */
-		kp->keylen = len;
-		memmove(kp->keyid, keyid, len);
-		if (ep->keyid)
-			(void)(*ep->keyid)(dir, kp->keyid, &kp->keylen);
-	} else {
-		if (ep->keyid)
-			ret = (*ep->keyid)(dir, kp->keyid, &kp->keylen);
-		if ((ret == 0) && (dir == DIR_ENCRYPT) && autoencrypt)
-			encrypt_start_output(*kp->modep);
-		return;
-	}
-
-	encrypt_send_keyid(dir, kp->keyid, kp->keylen, 0);
-}
-
-	void
-encrypt_send_keyid(dir, keyid, keylen, saveit)
-	int dir;
-	unsigned char *keyid;
-	int keylen;
-	int saveit;
-{
-	unsigned char *strp;
-
-	str_keyid[3] = (dir == DIR_ENCRYPT)
-			? ENCRYPT_ENC_KEYID : ENCRYPT_DEC_KEYID;
-	if (saveit) {
-		struct key_info *kp = &ki[(dir == DIR_ENCRYPT) ? 0 : 1];
-		memmove(kp->keyid, keyid, keylen);
-		kp->keylen = keylen;
-	}
-
-	for (strp = &str_keyid[4]; keylen > 0; --keylen) {
-		if ((*strp++ = *keyid++) == IAC)
-			*strp++ = IAC;
-	}
-	*strp++ = IAC;
-	*strp++ = SE;
-	net_write(str_keyid, strp - str_keyid);
-	printsub('>', &str_keyid[2], strp - str_keyid - 2);
-}
-
-	void
-encrypt_auto(on)
-	int on;
-{
-	if (on < 0)
-		autoencrypt ^= 1;
-	else
-		autoencrypt = on ? 1 : 0;
-}
-
-	void
-decrypt_auto(on)
-	int on;
-{
-	if (on < 0)
-		autodecrypt ^= 1;
-	else
-		autodecrypt = on ? 1 : 0;
-}
-
-	void
-encrypt_start_output(type)
-	int type;
-{
-	Encryptions *ep;
-	register unsigned char *p;
-	register int i;
-
-	if (!(ep = findencryption(type))) {
-		if (encrypt_debug_mode) {
-			printf(">>>%s: Can't encrypt with type %s (%d)\r\n",
-				Name,
-				ENCTYPE_NAME_OK(type)
-					? ENCTYPE_NAME(type) : "(unknown)",
-				type);
-		}
-		return;
-	}
-	if (ep->start) {
-		i = (*ep->start)(DIR_ENCRYPT, Server);
-		if (encrypt_debug_mode) {
-			printf(">>>%s: Encrypt start: %s (%d) %s\r\n",
-				Name,
-				(i < 0) ? "failed" :
-					"initial negotiation in progress",
-				i, ENCTYPE_NAME(type));
-		}
-		if (i)
-			return;
-	}
-	p = str_start + 3;
-	*p++ = ENCRYPT_START;
-	for (i = 0; i < ki[0].keylen; ++i) {
-		if ((*p++ = ki[0].keyid[i]) == IAC)
-			*p++ = IAC;
-	}
-	*p++ = IAC;
-	*p++ = SE;
-	net_write(str_start, p - str_start);
-	net_encrypt();
-	printsub('>', &str_start[2], p - &str_start[2]);
-	/*
-	 * If we are already encrypting in some mode, then
-	 * encrypt the ring (which includes our request) in
-	 * the old mode, mark it all as "clear text" and then
-	 * switch to the new mode.
-	 */
-	encrypt_output = ep->output;
-	encrypt_mode = type;
-	if (encrypt_debug_mode)
-		printf(">>>%s: Started to encrypt output with type %s\r\n",
-			Name, ENCTYPE_NAME(type));
-	if (encrypt_verbose)
-		printf("[ Output is now encrypted with type %s ]\r\n",
-			ENCTYPE_NAME(type));
-}
-
-	void
-encrypt_send_end()
-{
-	if (!encrypt_output)
-		return;
-
-	str_end[3] = ENCRYPT_END;
-	net_write(str_end, sizeof(str_end));
-	net_encrypt();
-	printsub('>', &str_end[2], sizeof(str_end) - 2);
-	/*
-	 * Encrypt the output buffer now because it will not be done by
-	 * netflush...
-	 */
-	encrypt_output = 0;
-	if (encrypt_debug_mode)
-		printf(">>>%s: Output is back to clear text\r\n", Name);
-	if (encrypt_verbose)
-		printf("[ Output is now clear text ]\r\n");
-}
-
-	void
-encrypt_send_request_start()
-{
-	register unsigned char *p;
-	register int i;
-
-	p = &str_start[3];
-	*p++ = ENCRYPT_REQSTART;
-	for (i = 0; i < ki[1].keylen; ++i) {
-		if ((*p++ = ki[1].keyid[i]) == IAC)
-			*p++ = IAC;
-	}
-	*p++ = IAC;
-	*p++ = SE;
-	net_write(str_start, p - str_start);
-	printsub('>', &str_start[2], p - &str_start[2]);
-	if (encrypt_debug_mode)
-		printf(">>>%s: Request input to be encrypted\r\n", Name);
-}
-
-	void
-encrypt_send_request_end()
-{
-	str_end[3] = ENCRYPT_REQEND;
-	net_write(str_end, sizeof(str_end));
-	printsub('>', &str_end[2], sizeof(str_end) - 2);
-
-	if (encrypt_debug_mode)
-		printf(">>>%s: Request input to be clear text\r\n", Name);
-}
-
-	void
-encrypt_wait()
-{
-	register int encrypt, decrypt;
-	if (encrypt_debug_mode)
-		printf(">>>%s: in encrypt_wait\r\n", Name);
-	if (!havesessionkey || !(I_SUPPORT_ENCRYPT & remote_supports_decrypt))
-		return;
-	while (autoencrypt && !encrypt_output)
-		if (telnet_spin())
-			return;
-}
-
-	void
-encrypt_debug(mode)
-	int mode;
-{
-	encrypt_debug_mode = mode;
-}
-
-	void
-encrypt_gen_printsub(data, cnt, buf, buflen)
-	unsigned char *data, *buf;
-	int cnt, buflen;
-{
-	char tbuf[16], *cp;
-
-	cnt -= 2;
-	data += 2;
-	buf[buflen-1] = '\0';
-	buf[buflen-2] = '*';
-	buflen -= 2;;
-	for (; cnt > 0; cnt--, data++) {
-		sprintf(tbuf, " %d", *data);
-		for (cp = tbuf; *cp && buflen > 0; --buflen)
-			*buf++ = *cp++;
-		if (buflen <= 0)
-			return;
-	}
-	*buf = '\0';
-}
-
-	void
-encrypt_printsub(data, cnt, buf, buflen)
-	unsigned char *data, *buf;
-	int cnt, buflen;
-{
-	Encryptions *ep;
-	register int type = data[1];
-
-	for (ep = encryptions; ep->type && ep->type != type; ep++)
-		;
-
-	if (ep->printsub)
-		(*ep->printsub)(data, cnt, buf, buflen);
-	else
-		encrypt_gen_printsub(data, cnt, buf, buflen);
-}
-#endif	/* ENCRYPTION */
diff --git a/secure/lib/libtelnet/encrypt.h b/secure/lib/libtelnet/encrypt.h
deleted file mode 100644
index e0ae385f13f3..000000000000
--- a/secure/lib/libtelnet/encrypt.h
+++ /dev/null
@@ -1,108 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)encrypt.h	8.1 (Berkeley) 6/4/93
- */
-
-/*
- * Copyright (C) 1990 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- */
-
-#ifdef	ENCRYPTION
-# ifndef __ENCRYPTION__
-# define __ENCRYPTION__
-
-#define	DIR_DECRYPT		1
-#define	DIR_ENCRYPT		2
-
-typedef	unsigned char Block[8];
-typedef unsigned char *BlockT;
-typedef struct { Block _; } Schedule[16];
-
-#define	VALIDKEY(key)	( key[0] | key[1] | key[2] | key[3] | \
-			  key[4] | key[5] | key[6] | key[7])
-
-#define	SAMEKEY(k1, k2)	(!bcmp((void *)k1, (void *)k2, sizeof(Block)))
-
-typedef	struct {
-	short		type;
-	int		length;
-	unsigned char	*data;
-} Session_Key;
-
-# if !defined(P)
-#  ifdef __STDC__
-#   define P(x)	x
-#  else
-#   define P(x)	()
-#  endif
-# endif
-
-typedef struct {
-	char	*name;
-	int	type;
-	void	(*output) P((unsigned char *, int));
-	int	(*input) P((int));
-	void	(*init) P((int));
-	int	(*start) P((int, int));
-	int	(*is) P((unsigned char *, int));
-	int	(*reply) P((unsigned char *, int));
-	void	(*session) P((Session_Key *, int));
-	int	(*keyid) P((int, unsigned char *, int *));
-	void	(*printsub) P((unsigned char *, int, unsigned char *, int));
-} Encryptions;
-
-#define	SK_DES		1	/* Matched Kerberos v5 KEYTYPE_DES */
-
-#include "enc-proto.h"
-
-extern int encrypt_debug_mode;
-extern int (*decrypt_input) P((int));
-extern void (*encrypt_output) P((unsigned char *, int));
-# endif /* __ENCRYPTION__ */
-#endif /* ENCRYPTION */
diff --git a/secure/lib/libtelnet/genget.c b/secure/lib/libtelnet/genget.c
deleted file mode 100644
index f87fcf0a5d43..000000000000
--- a/secure/lib/libtelnet/genget.c
+++ /dev/null
@@ -1,105 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#)genget.c	8.2 (Berkeley) 5/30/95";
-#endif /* not lint */
-
-
-#include <ctype.h>
-
-#define	LOWER(x) (isupper(x) ? tolower(x) : (x))
-/*
- * The prefix function returns 0 if *s1 is not a prefix
- * of *s2.  If *s1 exactly matches *s2, the negative of
- * the length is returned.  If *s1 is a prefix of *s2,
- * the length of *s1 is returned.
- */
-	int
-isprefix(s1, s2)
-	register char *s1, *s2;
-{
-        register int n = 0;
-        char *os1;
-	register char c1, c2;
-
-        if (*s1 == '\0')
-                return(-1);
-        os1 = s1;
-	c1 = *s1;
-	c2 = *s2;
-        while (LOWER(c1) == LOWER(c2)) {
-		if (c1 == '\0')
-			break;
-                c1 = *++s1;
-                c2 = *++s2;
-        }
-        return(*s1 ? 0 : (*s2 ? (s1 - os1) : (os1 - s1)));
-}
-
-static char *ambiguous;		/* special return value for command routines */
-
-	char **
-genget(name, table, stlen)
-	char	*name;		/* name to match */
-	char	**table;	/* name entry in table */
-	int	stlen;
-{
-	register char **c, **found;
-	register int n;
-
-	if (name == 0)
-	    return 0;
-
-	found = 0;
-	for (c = table; *c != 0; c = (char **)((char *)c + stlen)) {
-		if ((n = isprefix(name, *c)) == 0)
-			continue;
-		if (n < 0)		/* exact match */
-			return(c);
-		if (found)
-			return(&ambiguous);
-		found = c;
-	}
-	return(found);
-}
-
-/*
- * Function call version of Ambiguous()
- */
-	int
-Ambiguous(s)
-	char *s;
-{
-	return((char **)s == &ambiguous);
-}
diff --git a/secure/lib/libtelnet/getent.c b/secure/lib/libtelnet/getent.c
deleted file mode 100644
index 05626f11d413..000000000000
--- a/secure/lib/libtelnet/getent.c
+++ /dev/null
@@ -1,68 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#)getent.c	8.2 (Berkeley) 12/15/93";
-#endif /* not lint */
-
-static char *area;
-
-/*ARGSUSED*/
-getent(cp, name)
-char *cp, *name;
-{
-#ifdef	HAS_CGETENT
-	char *dba[2];
-
-	dba[0] = "/etc/gettytab";
-	dba[1] = 0;
-	return((cgetent(&area, dba, name) == 0) ? 1 : 0);
-#else
-	return(0);
-#endif
-}
-
-#ifndef	SOLARIS
-/*ARGSUSED*/
-char *
-getstr(id, cpp)
-char *id, **cpp;
-{
-# ifdef	HAS_CGETENT
-	char *answer;
-	return((cgetstr(area, id, &answer) > 0) ? answer : 0);
-# else
-	return(0);
-# endif
-}
-#endif
diff --git a/secure/lib/libtelnet/kerberos.c b/secure/lib/libtelnet/kerberos.c
deleted file mode 100644
index f0c8b8aef4de..000000000000
--- a/secure/lib/libtelnet/kerberos.c
+++ /dev/null
@@ -1,555 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#)kerberos.c	8.3 (Berkeley) 5/30/95";
-#endif /* not lint */
-
-/*
- * Copyright (C) 1990 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- */
-
-#ifdef	KRB4
-#include <sys/types.h>
-#include <arpa/telnet.h>
-#include <stdio.h>
-#include <des.h>        /* BSD wont include this in krb.h, so we do it here */
-#include <krb.h>
-#ifdef	__STDC__
-#include <stdlib.h>
-#endif
-#ifdef	NO_STRING_H
-#include <strings.h>
-#else
-#include <string.h>
-#endif
-
-#include "encrypt.h"
-#include "auth.h"
-#include "misc.h"
-
-int kerberos4_cksum P((unsigned char *, int));
-int kuserok P((AUTH_DAT *, char *));
-
-extern auth_debug_mode;
-
-static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
-			  		AUTHTYPE_KERBEROS_V4, };
-static unsigned char str_name[1024] = { IAC, SB, TELOPT_AUTHENTICATION,
-					TELQUAL_NAME, };
-
-#define	KRB_AUTH	0		/* Authentication data follows */
-#define	KRB_REJECT	1		/* Rejected (reason might follow) */
-#define	KRB_ACCEPT	2		/* Accepted */
-#define	KRB_CHALLENGE	3		/* Challenge for mutual auth. */
-#define	KRB_RESPONSE	4		/* Response for mutual auth. */
-
-#define KRB_SERVICE_NAME   "rcmd"
-
-static	KTEXT_ST auth;
-static	char name[ANAME_SZ];
-static	AUTH_DAT adat = { 0 };
-#ifdef	ENCRYPTION
-static Block	session_key	= { 0 };
-static des_key_schedule sched;
-static Block	challenge	= { 0 };
-#endif	/* ENCRYPTION */
-
-	static int
-Data(ap, type, d, c)
-	Authenticator *ap;
-	int type;
-	void *d;
-	int c;
-{
-        unsigned char *p = str_data + 4;
-	unsigned char *cd = (unsigned char *)d;
-
-	if (c == -1)
-		c = strlen((char *)cd);
-
-        if (auth_debug_mode) {
-                printf("%s:%d: [%d] (%d)",
-                        str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
-                        str_data[3],
-                        type, c);
-                printd(d, c);
-                printf("\r\n");
-        }
-	*p++ = ap->type;
-	*p++ = ap->way;
-	*p++ = type;
-        while (c-- > 0) {
-                if ((*p++ = *cd++) == IAC)
-                        *p++ = IAC;
-        }
-        *p++ = IAC;
-        *p++ = SE;
-	if (str_data[3] == TELQUAL_IS)
-		printsub('>', &str_data[2], p - (&str_data[2]));
-        return(net_write(str_data, p - str_data));
-}
-
-	int
-kerberos4_init(ap, server)
-	Authenticator *ap;
-	int server;
-{
-	FILE *fp;
-
-	if (server) {
-		str_data[3] = TELQUAL_REPLY;
-		if ((fp = fopen(KEYFILE, "r")) == NULL)
-			return(0);
-		fclose(fp);
-	} else {
-		str_data[3] = TELQUAL_IS;
-	}
-	return(1);
-}
-
-char dst_realm_buf[REALM_SZ], *dest_realm = NULL;
-int dst_realm_sz = REALM_SZ;
-
-	int
-kerberos4_send(ap)
-	Authenticator *ap;
-{
-	KTEXT_ST auth;
-#ifdef	ENCRYPTION
-	Block enckey;
-#endif	/* ENCRYPTION */
-	char instance[INST_SZ];
-	char *realm;
-	char *krb_realmofhost();
-	char *krb_get_phost();
-	CREDENTIALS cred;
-	int r;
-
-	printf("[ Trying KERBEROS4 ... ]\n");
-	if (!UserNameRequested) {
-		if (auth_debug_mode) {
-			printf("Kerberos V4: no user name supplied\r\n");
-		}
-		return(0);
-	}
-
-	memset(instance, 0, sizeof(instance));
-
-	if (realm = krb_get_phost(RemoteHostName))
-		strncpy(instance, realm, sizeof(instance));
-
-	instance[sizeof(instance)-1] = '\0';
-
-	realm = dest_realm ? dest_realm : krb_realmofhost(RemoteHostName);
-
-	if (!realm) {
-		printf("Kerberos V4: no realm for %s\r\n", RemoteHostName);
-		return(0);
-	}
-	if (r = krb_mk_req(&auth, KRB_SERVICE_NAME, instance, realm, 0L)) {
-		printf("mk_req failed: %s\r\n", krb_err_txt[r]);
-		return(0);
-	}
-	if (r = krb_get_cred(KRB_SERVICE_NAME, instance, realm, &cred)) {
-		printf("get_cred failed: %s\r\n", krb_err_txt[r]);
-		return(0);
-	}
-	if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) {
-		if (auth_debug_mode)
-			printf("Not enough room for user name\r\n");
-		return(0);
-	}
-	if (auth_debug_mode)
-		printf("Sent %d bytes of authentication data\r\n", auth.length);
-	if (!Data(ap, KRB_AUTH, (void *)auth.dat, auth.length)) {
-		if (auth_debug_mode)
-			printf("Not enough room for authentication data\r\n");
-		return(0);
-	}
-#ifdef	ENCRYPTION
-	/*
-	 * If we are doing mutual authentication, get set up to send
-	 * the challenge, and verify it when the response comes back.
-	 */
-	if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
-		register int i;
-
-		des_key_sched(&cred.session, sched);
-		des_init_random_number_generator(&cred.session);
-		des_new_random_key(&session_key);
-		des_ecb_encrypt(&session_key, &session_key, sched, 0);
-		des_ecb_encrypt(&session_key, &challenge, sched, 0);
-		/*
-		 * Increment the challenge by 1, and encrypt it for
-		 * later comparison.
-		 */
-		for (i = 7; i >= 0; --i) {
-			register int x;
-			x = (unsigned int)challenge[i] + 1;
-			challenge[i] = x;	/* ignore overflow */
-			if (x < 256)		/* if no overflow, all done */
-				break;
-		}
-		des_ecb_encrypt(&challenge, &challenge, sched, 1);
-	}
-#endif	/* ENCRYPTION */
-
-	if (auth_debug_mode) {
-		printf("CK: %d:", kerberos4_cksum(auth.dat, auth.length));
-		printd(auth.dat, auth.length);
-		printf("\r\n");
-		printf("Sent Kerberos V4 credentials to server\r\n");
-	}
-	return(1);
-}
-
-	void
-kerberos4_is(ap, data, cnt)
-	Authenticator *ap;
-	unsigned char *data;
-	int cnt;
-{
-#ifdef	ENCRYPTION
-	Session_Key skey;
-	Block datablock;
-#endif	/* ENCRYPTION */
-	char realm[REALM_SZ];
-	char instance[INST_SZ];
-	int r;
-
-	if (cnt-- < 1)
-		return;
-	switch (*data++) {
-	case KRB_AUTH:
-		if (krb_get_lrealm(realm, 1) != KSUCCESS) {
-			Data(ap, KRB_REJECT, (void *)"No local V4 Realm.", -1);
-			auth_finished(ap, AUTH_REJECT);
-			if (auth_debug_mode)
-				printf("No local realm\r\n");
-			return;
-		}
-		memmove((void *)auth.dat, (void *)data, auth.length = cnt);
-		if (auth_debug_mode) {
-			printf("Got %d bytes of authentication data\r\n", cnt);
-			printf("CK: %d:", kerberos4_cksum(auth.dat, auth.length));
-			printd(auth.dat, auth.length);
-			printf("\r\n");
-		}
-		instance[0] = '*'; instance[1] = 0;
-		if (r = krb_rd_req(&auth, KRB_SERVICE_NAME,
-				   instance, 0, &adat, "")) {
-			if (auth_debug_mode)
-				printf("Kerberos failed him as %s\r\n", name);
-			Data(ap, KRB_REJECT, (void *)krb_err_txt[r], -1);
-			auth_finished(ap, AUTH_REJECT);
-			return;
-		}
-#ifdef	ENCRYPTION
-		memmove((void *)session_key, (void *)adat.session, sizeof(Block));
-#endif	/* ENCRYPTION */
-		krb_kntoln(&adat, name);
-
-		if (UserNameRequested && !kuserok(&adat, UserNameRequested))
-			Data(ap, KRB_ACCEPT, (void *)0, 0);
-		else
-			Data(ap, KRB_REJECT,
-				(void *)"user is not authorized", -1);
-		auth_finished(ap, AUTH_USER);
-		break;
-
-	case KRB_CHALLENGE:
-#ifndef	ENCRYPTION
-		Data(ap, KRB_RESPONSE, (void *)0, 0);
-#else	/* ENCRYPTION */
-		if (!VALIDKEY(session_key)) {
-			/*
-			 * We don't have a valid session key, so just
-			 * send back a response with an empty session
-			 * key.
-			 */
-			Data(ap, KRB_RESPONSE, (void *)0, 0);
-			break;
-		}
-
-		/*
-		 * Initialize the random number generator since it's
-		 * used later on by the encryption routine.
-		 */
-		des_init_random_number_generator(&session_key);
-		des_key_sched(&session_key, sched);
-		memmove((void *)datablock, (void *)data, sizeof(Block));
-		/*
-		 * Take the received encrypted challenge, and encrypt
-		 * it again to get a unique session_key for the
-		 * ENCRYPT option.
-		 */
-		des_ecb_encrypt(&datablock, &session_key, sched, 1);
-		skey.type = SK_DES;
-		skey.length = 8;
-		skey.data = session_key;
-		encrypt_session_key(&skey, 1);
-		/*
-		 * Now decrypt the received encrypted challenge,
-		 * increment by one, re-encrypt it and send it back.
-		 */
-		des_ecb_encrypt(&datablock, &challenge, sched, 0);
-		for (r = 7; r >= 0; r--) {
-			register int t;
-			t = (unsigned int)challenge[r] + 1;
-			challenge[r] = t;	/* ignore overflow */
-			if (t < 256)		/* if no overflow, all done */
-				break;
-		}
-		des_ecb_encrypt(&challenge, &challenge, sched, 1);
-		Data(ap, KRB_RESPONSE, (void *)challenge, sizeof(challenge));
-#endif	/* ENCRYPTION */
-		break;
-
-	default:
-		if (auth_debug_mode)
-			printf("Unknown Kerberos option %d\r\n", data[-1]);
-		Data(ap, KRB_REJECT, 0, 0);
-		break;
-	}
-}
-
-	void
-kerberos4_reply(ap, data, cnt)
-	Authenticator *ap;
-	unsigned char *data;
-	int cnt;
-{
-#ifdef	ENCRYPTION
-	Session_Key skey;
-#endif	/* ENCRYPTION */
-
-	if (cnt-- < 1)
-		return;
-	switch (*data++) {
-	case KRB_REJECT:
-		if (cnt > 0) {
-			printf("[ Kerberos V4 refuses authentication because %.*s ]\r\n",
-				cnt, data);
-		} else
-			printf("[ Kerberos V4 refuses authentication ]\r\n");
-		auth_send_retry();
-		return;
-	case KRB_ACCEPT:
-		printf("[ Kerberos V4 accepts you ]\n");
-		if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
-			/*
-			 * Send over the encrypted challenge.
-		 	 */
-#ifndef	ENCRYPTION
-			Data(ap, KRB_CHALLENGE, (void *)0, 0);
-#else	/* ENCRYPTION */
-			Data(ap, KRB_CHALLENGE, (void *)session_key,
-						sizeof(session_key));
-			des_ecb_encrypt(&session_key, &session_key, sched, 1);
-			skey.type = SK_DES;
-			skey.length = 8;
-			skey.data = session_key;
-			encrypt_session_key(&skey, 0);
-#endif	/* ENCRYPTION */
-			return;
-		}
-		auth_finished(ap, AUTH_USER);
-		return;
-	case KRB_RESPONSE:
-#ifdef	ENCRYPTION
-		/*
-		 * Verify that the response to the challenge is correct.
-		 */
-		if ((cnt != sizeof(Block)) ||
-		    (0 != memcmp((void *)data, (void *)challenge,
-						sizeof(challenge))))
-		{
-#endif	/* ENCRYPTION */
-			printf("[ Kerberos V4 challenge failed!!! ]\r\n");
-			auth_send_retry();
-			return;
-#ifdef	ENCRYPTION
-		}
-		printf("[ Kerberos V4 challenge successful ]\r\n");
-		auth_finished(ap, AUTH_USER);
-#endif	/* ENCRYPTION */
-		break;
-	default:
-		if (auth_debug_mode)
-			printf("Unknown Kerberos option %d\r\n", data[-1]);
-		return;
-	}
-}
-
-	int
-kerberos4_status(ap, name, level)
-	Authenticator *ap;
-	char *name;
-	int level;
-{
-	if (level < AUTH_USER)
-		return(level);
-
-	if (UserNameRequested && !kuserok(&adat, UserNameRequested)) {
-		strcpy(name, UserNameRequested);
-		return(AUTH_VALID);
-	} else
-		return(AUTH_USER);
-}
-
-#define	BUMP(buf, len)		while (*(buf)) {++(buf), --(len);}
-#define	ADDC(buf, len, c)	if ((len) > 0) {*(buf)++ = (c); --(len);}
-
-	void
-kerberos4_printsub(data, cnt, buf, buflen)
-	unsigned char *data, *buf;
-	int cnt, buflen;
-{
-	char lbuf[32];
-	register int i;
-
-	buf[buflen-1] = '\0';		/* make sure its NULL terminated */
-	buflen -= 1;
-
-	switch(data[3]) {
-	case KRB_REJECT:		/* Rejected (reason might follow) */
-		strncpy((char *)buf, " REJECT ", buflen);
-		goto common;
-
-	case KRB_ACCEPT:		/* Accepted (name might follow) */
-		strncpy((char *)buf, " ACCEPT ", buflen);
-	common:
-		BUMP(buf, buflen);
-		if (cnt <= 4)
-			break;
-		ADDC(buf, buflen, '"');
-		for (i = 4; i < cnt; i++)
-			ADDC(buf, buflen, data[i]);
-		ADDC(buf, buflen, '"');
-		ADDC(buf, buflen, '\0');
-		break;
-
-	case KRB_AUTH:			/* Authentication data follows */
-		strncpy((char *)buf, " AUTH", buflen);
-		goto common2;
-
-	case KRB_CHALLENGE:
-		strncpy((char *)buf, " CHALLENGE", buflen);
-		goto common2;
-
-	case KRB_RESPONSE:
-		strncpy((char *)buf, " RESPONSE", buflen);
-		goto common2;
-
-	default:
-		sprintf(lbuf, " %d (unknown)", data[3]);
-		strncpy((char *)buf, lbuf, buflen);
-	common2:
-		BUMP(buf, buflen);
-		for (i = 4; i < cnt; i++) {
-			sprintf(lbuf, " %d", data[i]);
-			strncpy((char *)buf, lbuf, buflen);
-			BUMP(buf, buflen);
-		}
-		break;
-	}
-}
-
-	int
-kerberos4_cksum(d, n)
-	unsigned char *d;
-	int n;
-{
-	int ck = 0;
-
-	/*
-	 * A comment is probably needed here for those not
-	 * well versed in the "C" language.  Yes, this is
-	 * supposed to be a "switch" with the body of the
-	 * "switch" being a "while" statement.  The whole
-	 * purpose of the switch is to allow us to jump into
-	 * the middle of the while() loop, and then not have
-	 * to do any more switch()s.
-	 *
-	 * Some compilers will spit out a warning message
-	 * about the loop not being entered at the top.
-	 */
-	switch (n&03)
-	while (n > 0) {
-	case 0:
-		ck ^= (int)*d++ << 24;
-		--n;
-	case 3:
-		ck ^= (int)*d++ << 16;
-		--n;
-	case 2:
-		ck ^= (int)*d++ << 8;
-		--n;
-	case 1:
-		ck ^= (int)*d++;
-		--n;
-	}
-	return(ck);
-}
-#endif
-
-#ifdef notdef
-
-prkey(msg, key)
-	char *msg;
-	unsigned char *key;
-{
-	register int i;
-	printf("%s:", msg);
-	for (i = 0; i < 8; i++)
-		printf(" %3d", key[i]);
-	printf("\r\n");
-}
-#endif
diff --git a/secure/lib/libtelnet/kerberos5.c b/secure/lib/libtelnet/kerberos5.c
deleted file mode 100644
index 3f3f61f4fcf1..000000000000
--- a/secure/lib/libtelnet/kerberos5.c
+++ /dev/null
@@ -1,764 +0,0 @@
-/*
- *	$Source: /home/ncvs/src/secure/lib/libtelnet/kerberos5.c,v $
- *	$Author: pst $
- *	$Id: kerberos5.c,v 1.3 1995/07/20 11:39:23 pst Exp $
- */
-
-#if !defined(lint) && !defined(SABER)
-static
-#ifdef __STDC__
-const
-#endif
-char rcsid_kerberos5_c[] = "$Id: kerberos5.c,v 1.3 1995/07/20 11:39:23 pst Exp $";
-#endif /* lint */
-
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#)kerberos5.c	8.3 (Berkeley) 5/30/95";
-#endif /* not lint */
-
-/*
- * Copyright (C) 1990 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- */
-
-
-#ifdef	KRB5
-#include <arpa/telnet.h>
-#include <stdio.h>
-#include <krb5/krb5.h>
-#include <krb5/asn1.h>
-#include <krb5/crc-32.h>
-#include <krb5/los-proto.h>
-#include <krb5/ext-proto.h>
-#include <com_err.h>
-#include <netdb.h>
-#include <ctype.h>
-
-/* kerberos 5 include files (ext-proto.h) will get an appropriate stdlib.h
-   and string.h/strings.h */
-
-#include "encrypt.h"
-#include "auth.h"
-#include "misc.h"
-
-extern auth_debug_mode;
-
-#ifdef	FORWARD
-int forward_flags = 0;  /* Flags get set in telnet/main.c on -f and -F */
-
-/* These values need to be the same as those defined in telnet/main.c. */
-/* Either define them in both places, or put in some common header file. */
-#define OPTS_FORWARD_CREDS           0x00000002
-#define OPTS_FORWARDABLE_CREDS       0x00000001
-
-void kerberos5_forward();
-
-#endif	/* FORWARD */
-
-static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
-			  		AUTHTYPE_KERBEROS_V5, };
-/*static unsigned char str_name[1024] = { IAC, SB, TELOPT_AUTHENTICATION,
-					TELQUAL_NAME, };*/
-
-#define	KRB_AUTH		0	/* Authentication data follows */
-#define	KRB_REJECT		1	/* Rejected (reason might follow) */
-#define	KRB_ACCEPT		2	/* Accepted */
-#define	KRB_RESPONSE		3	/* Response for mutual auth. */
-
-#ifdef	FORWARD
-#define KRB_FORWARD     	4       /* Forwarded credentials follow */
-#define KRB_FORWARD_ACCEPT     	5       /* Forwarded credentials accepted */
-#define KRB_FORWARD_REJECT     	6       /* Forwarded credentials rejected */
-#endif	/* FORWARD */
-
-static	krb5_data auth;
-	/* telnetd gets session key from here */
-static	krb5_tkt_authent *authdat = NULL;
-/* telnet matches the AP_REQ and AP_REP with this */
-static	krb5_authenticator authenticator;
-
-/* some compilers can't hack void *, so we use the Kerberos krb5_pointer,
-   which is either void * or char *, depending on the compiler. */
-
-#define Voidptr krb5_pointer
-
-Block	session_key;
-
-	static int
-Data(ap, type, d, c)
-	Authenticator *ap;
-	int type;
-	Voidptr d;
-	int c;
-{
-        unsigned char *p = str_data + 4;
-	unsigned char *cd = (unsigned char *)d;
-
-	if (c == -1)
-		c = strlen((char *)cd);
-
-        if (auth_debug_mode) {
-                printf("%s:%d: [%d] (%d)",
-                        str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
-                        str_data[3],
-                        type, c);
-                printd(d, c);
-                printf("\r\n");
-        }
-	*p++ = ap->type;
-	*p++ = ap->way;
-	*p++ = type;
-        while (c-- > 0) {
-                if ((*p++ = *cd++) == IAC)
-                        *p++ = IAC;
-        }
-        *p++ = IAC;
-        *p++ = SE;
-	if (str_data[3] == TELQUAL_IS)
-		printsub('>', &str_data[2], p - &str_data[2]);
-        return(net_write(str_data, p - str_data));
-}
-
-	int
-kerberos5_init(ap, server)
-	Authenticator *ap;
-	int server;
-{
-	if (server)
-		str_data[3] = TELQUAL_REPLY;
-	else
-		str_data[3] = TELQUAL_IS;
-        krb5_init_ets();
-	return(1);
-}
-
-	int
-kerberos5_send(ap)
-	Authenticator *ap;
-{
-	char **realms;
-	char *name;
-	char *p1, *p2;
-	krb5_checksum ksum;
-	krb5_octet sum[CRC32_CKSUM_LENGTH];
- 	krb5_principal server;
-	krb5_error_code r;
-	krb5_ccache ccache;
-	krb5_creds creds;		/* telnet gets session key from here */
-	extern krb5_flags krb5_kdc_default_options;
-	int ap_opts;
-
-#ifdef	ENCRYPTION
-	krb5_keyblock *newkey = 0;
-#endif	/* ENCRYPTION */
-
-	ksum.checksum_type = CKSUMTYPE_CRC32;
-	ksum.contents = sum;
-	ksum.length = sizeof(sum);
-	memset((Voidptr )sum, 0, sizeof(sum));
-
-        if (!UserNameRequested) {
-                if (auth_debug_mode) {
-                        printf("Kerberos V5: no user name supplied\r\n");
-                }
-                return(0);
-        }
-
-	if (r = krb5_cc_default(&ccache)) {
-		if (auth_debug_mode) {
-			printf("Kerberos V5: could not get default ccache\r\n");
-		}
-		return(0);
-	}
-
-	if ((name = malloc(strlen(RemoteHostName)+1)) == NULL) {
-		if (auth_debug_mode)
-			printf("Out of memory for hostname in Kerberos V5\r\n");
-		return(0);
-	}
-
-	if (r = krb5_get_host_realm(RemoteHostName, &realms)) {
-		if (auth_debug_mode)
-			printf("Kerberos V5: no realm for %s\r\n", RemoteHostName);
-		free(name);
-		return(0);
-	}
-
-	p1 = RemoteHostName;
-	p2 = name;
-
-	while (*p2 = *p1++) {
-		if (isupper(*p2))
-			*p2 |= 040;
-		++p2;
-	}
-
-	if (r = krb5_build_principal_ext(&server,
-					 strlen(realms[0]), realms[0],
-					 4, "host",
-					 p2 - name, name,
-					 0)) {
-		if (auth_debug_mode) {
-			printf("Kerberos V5: failure setting up principal (%s)\r\n",
-			       error_message(r));
-		}
-		free(name);
-		krb5_free_host_realm(realms);
-		return(0);
-	}
-
-
-	memset((char *)&creds, 0, sizeof(creds));
-	creds.server = server;
-
-	if (r = krb5_cc_get_principal(ccache, &creds.client)) {
-		if (auth_debug_mode) {
-			printf("Kerberos V5: failure on principal (%s)\r\n",
-				error_message(r));
-		}
-		free(name);
-		krb5_free_principal(server);
-		krb5_free_host_realm(realms);
-		return(0);
-	}
-
-	if (r = krb5_get_credentials(krb5_kdc_default_options, ccache, &creds)) {
-		if (auth_debug_mode) {
-			printf("Kerberos V5: failure on credentials(%d)\r\n",r);
-		}
-		free(name);
-		krb5_free_host_realm(realms);
-		krb5_free_principal(server);
-		return(0);
-	}
-
-	if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL)
-	    ap_opts = AP_OPTS_MUTUAL_REQUIRED;
-	else
-	    ap_opts = 0;
-
-	r = krb5_mk_req_extended(ap_opts, &ksum, krb5_kdc_default_options, 0,
-#ifdef	ENCRYPTION
-				 &newkey,
-#else	/* ENCRYPTION */
-				 0,
-#endif	/* ENCRYPTION */
-				 ccache, &creds, &authenticator, &auth);
-	/* don't let the key get freed if we clean up the authenticator */
-	authenticator.subkey = 0;
-
-	free(name);
-	krb5_free_host_realm(realms);
-	krb5_free_principal(server);
-#ifdef	ENCRYPTION
-	if (newkey) {
-	    /* keep the key in our private storage, but don't use it
-	       yet---see kerberos5_reply() below */
-	    if (newkey->keytype != KEYTYPE_DES) {
-		if (creds.keyblock.keytype == KEYTYPE_DES)
-		    /* use the session key in credentials instead */
-		    memmove((char *)session_key,
-			   (char *)creds.keyblock.contents, sizeof(Block));
-		else
-		    /* XXX ? */;
-	    } else {
-		memmove((char *)session_key, (char *)newkey->contents,
-		       sizeof(Block));
-	    }
-	    krb5_free_keyblock(newkey);
-	}
-#endif	/* ENCRYPTION */
-	if (r) {
-		if (auth_debug_mode) {
-			printf("Kerberos V5: mk_req failed (%s)\r\n",
-			       error_message(r));
-		}
-		return(0);
-	}
-
-        if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) {
-                if (auth_debug_mode)
-                        printf("Not enough room for user name\r\n");
-                return(0);
-        }
-	if (!Data(ap, KRB_AUTH, auth.data, auth.length)) {
-		if (auth_debug_mode)
-			printf("Not enough room for authentication data\r\n");
-		return(0);
-	}
-	if (auth_debug_mode) {
-		printf("Sent Kerberos V5 credentials to server\r\n");
-	}
-	return(1);
-}
-
-	void
-kerberos5_is(ap, data, cnt)
-	Authenticator *ap;
-	unsigned char *data;
-	int cnt;
-{
-	int r;
-	struct hostent *hp;
-	char *p1, *p2;
-	static char *realm = NULL;
-	krb5_principal server;
-	krb5_ap_rep_enc_part reply;
-	krb5_data outbuf;
-#ifdef ENCRYPTION
-	Session_Key skey;
-#endif	/* ENCRYPTION */
-	char *name;
-	char *getenv();
-	krb5_data inbuf;
-
-	if (cnt-- < 1)
-		return;
-	switch (*data++) {
-	case KRB_AUTH:
-		auth.data = (char *)data;
-		auth.length = cnt;
-
-		if (!(hp = gethostbyname(LocalHostName))) {
-			if (auth_debug_mode)
-				printf("Cannot resolve local host name\r\n");
-			Data(ap, KRB_REJECT, "Unknown local hostname.", -1);
-			auth_finished(ap, AUTH_REJECT);
-			return;
-		}
-
-		if (!realm && (krb5_get_default_realm(&realm))) {
-			if (auth_debug_mode)
-				printf("Could not get default realm\r\n");
-			Data(ap, KRB_REJECT, "Could not get default realm.", -1);
-			auth_finished(ap, AUTH_REJECT);
-			return;
-		}
-
-		if ((name = malloc(strlen(hp->h_name)+1)) == NULL) {
-			if (auth_debug_mode)
-				printf("Out of memory for hostname in Kerberos V5\r\n");
-			Data(ap, KRB_REJECT, "Out of memory.", -1);
-			auth_finished(ap, AUTH_REJECT);
-			return;
-		}
-
-		p1 = hp->h_name;
-		p2 = name;
-
-		while (*p2 = *p1++) {
-			if (isupper(*p2))
-				*p2 |= 040;
-			++p2;
-		}
-
-		if (authdat)
-			krb5_free_tkt_authent(authdat);
-
-	        r = krb5_build_principal_ext(&server,
-					     strlen(realm), realm,
-					     4, "host",
-					     p2 - name, name,
-					     0);
-		if (!r) {
-		    r = krb5_rd_req_simple(&auth, server, 0, &authdat);
-		    krb5_free_principal(server);
-		}
-		if (r) {
-			char errbuf[128];
-
-		    errout:
-			authdat = 0;
-			(void) strcpy(errbuf, "Read req failed: ");
-			(void) strcat(errbuf, error_message(r));
-			Data(ap, KRB_REJECT, errbuf, -1);
-			if (auth_debug_mode)
-				printf("%s\r\n", errbuf);
-			return;
-		}
-		free(name);
-		if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
-		    /* do ap_rep stuff here */
-		    reply.ctime = authdat->authenticator->ctime;
-		    reply.cusec = authdat->authenticator->cusec;
-		    reply.subkey = 0;	/* use the one he gave us, so don't
-					   need to return one here */
-		    reply.seq_number = 0; /* we don't do seq #'s. */
-
-		    if (r = krb5_mk_rep(&reply,
-					authdat->authenticator->subkey ?
-					authdat->authenticator->subkey :
-					authdat->ticket->enc_part2->session,
-					&outbuf)) {
-			goto errout;
-		    }
-		    Data(ap, KRB_RESPONSE, outbuf.data, outbuf.length);
-		}
-		if (krb5_unparse_name(authdat->ticket->enc_part2 ->client,
-				      					&name))
-			name = 0;
-		Data(ap, KRB_ACCEPT, name, name ? -1 : 0);
-		if (auth_debug_mode) {
-			printf("Kerberos5 identifies him as ``%s''\r\n",
-							name ? name : "");
-		}
-                auth_finished(ap, AUTH_USER);
-
-		free(name);
-	    	if (authdat->authenticator->subkey &&
-		    authdat->authenticator->subkey->keytype == KEYTYPE_DES) {
-		    memmove((Voidptr )session_key,
-			   (Voidptr )authdat->authenticator->subkey->contents,
-			   sizeof(Block));
-		} else if (authdat->ticket->enc_part2->session->keytype ==
-			   KEYTYPE_DES) {
-		    memmove((Voidptr )session_key,
-			(Voidptr )authdat->ticket->enc_part2->session->contents,
-			sizeof(Block));
-		} else
-		    break;
-
-#ifdef ENCRYPTION
-		skey.type = SK_DES;
-		skey.length = 8;
-		skey.data = session_key;
-		encrypt_session_key(&skey, 1);
-#endif	/* ENCRYPTION */
-		break;
-#ifdef	FORWARD
-	case KRB_FORWARD:
-		inbuf.data = (char *)data;
-		inbuf.length = cnt;
-		if (r = rd_and_store_for_creds(&inbuf, authdat->ticket,
-					       UserNameRequested)) {
-		    char errbuf[128];
-
-		    (void) strcpy(errbuf, "Read forwarded creds failed: ");
-		    (void) strcat(errbuf, error_message(r));
-		    Data(ap, KRB_FORWARD_REJECT, errbuf, -1);
-		    if (auth_debug_mode)
-		      printf("Could not read forwarded credentials\r\n");
-		}
-		else
-		  Data(ap, KRB_FORWARD_ACCEPT, 0, 0);
-		  if (auth_debug_mode)
-		    printf("Forwarded credentials obtained\r\n");
-		break;
-#endif	/* FORWARD */
-	default:
-		if (auth_debug_mode)
-			printf("Unknown Kerberos option %d\r\n", data[-1]);
-		Data(ap, KRB_REJECT, 0, 0);
-		break;
-	}
-}
-
-	void
-kerberos5_reply(ap, data, cnt)
-	Authenticator *ap;
-	unsigned char *data;
-	int cnt;
-{
-        Session_Key skey;
-	static int mutual_complete = 0;
-
-	if (cnt-- < 1)
-		return;
-	switch (*data++) {
-	case KRB_REJECT:
-		if (cnt > 0) {
-			printf("[ Kerberos V5 refuses authentication because %.*s ]\r\n",
-				cnt, data);
-		} else
-			printf("[ Kerberos V5 refuses authentication ]\r\n");
-		auth_send_retry();
-		return;
-	case KRB_ACCEPT:
-		if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL &&
-		    !mutual_complete) {
-		    printf("[ Kerberos V5 accepted you, but didn't provide mutual authentication! ]\n");
-		    auth_send_retry();
-		    return;
-		}
-		if (cnt)
-		    printf("[ Kerberos V5 accepts you as ``%.*s'' ]\n", cnt, data);
-		else
-		    printf("[ Kerberos V5 accepts you ]\n");
-		auth_finished(ap, AUTH_USER);
-#ifdef	FORWARD
-		if (forward_flags & OPTS_FORWARD_CREDS)
-		  kerberos5_forward(ap);
-#endif	/* FORWARD */
-		break;
-	case KRB_RESPONSE:
-		if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
-		    /* the rest of the reply should contain a krb_ap_rep */
-		    krb5_ap_rep_enc_part *reply;
-		    krb5_data inbuf;
-		    krb5_error_code r;
-		    krb5_keyblock tmpkey;
-
-		    inbuf.length = cnt;
-		    inbuf.data = (char *)data;
-
-		    tmpkey.keytype = KEYTYPE_DES;
-		    tmpkey.contents = session_key;
-		    tmpkey.length = sizeof(Block);
-
-		    if (r = krb5_rd_rep(&inbuf, &tmpkey, &reply)) {
-			printf("[ Mutual authentication failed: %s ]\n",
-			       error_message(r));
-			auth_send_retry();
-			return;
-		    }
-		    if (reply->ctime != authenticator.ctime ||
-			reply->cusec != authenticator.cusec) {
-			printf("[ Mutual authentication failed (mismatched KRB_AP_REP) ]\n");
-			auth_send_retry();
-			return;
-		    }
-		    krb5_free_ap_rep_enc_part(reply);
-#ifdef	ENCRYPTION
-			skey.type = SK_DES;
-			skey.length = 8;
-			skey.data = session_key;
-			encrypt_session_key(&skey, 0);
-#endif	/* ENCRYPTION */
-		    mutual_complete = 1;
-		}
-		return;
-#ifdef	FORWARD
-	case KRB_FORWARD_ACCEPT:
-		printf("[ Kerberos V5 accepted forwarded credentials ]\n");
-		return;
-	case KRB_FORWARD_REJECT:
-		printf("[ Kerberos V5 refuses forwarded credentials because %.*s ]\r\n",
-				cnt, data);
-		return;
-#endif	/* FORWARD */
-	default:
-		if (auth_debug_mode)
-			printf("Unknown Kerberos option %d\r\n", data[-1]);
-		return;
-	}
-}
-
-	int
-kerberos5_status(ap, name, level)
-	Authenticator *ap;
-	char *name;
-	int level;
-{
-	if (level < AUTH_USER)
-		return(level);
-
-	if (UserNameRequested &&
-	    krb5_kuserok(authdat->ticket->enc_part2->client, UserNameRequested))
-	{
-		strcpy(name, UserNameRequested);
-		return(AUTH_VALID);
-	} else
-		return(AUTH_USER);
-}
-
-#define	BUMP(buf, len)		while (*(buf)) {++(buf), --(len);}
-#define	ADDC(buf, len, c)	if ((len) > 0) {*(buf)++ = (c); --(len);}
-
-	void
-kerberos5_printsub(data, cnt, buf, buflen)
-	unsigned char *data, *buf;
-	int cnt, buflen;
-{
-	char lbuf[32];
-	register int i;
-
-	buf[buflen-1] = '\0';		/* make sure its NULL terminated */
-	buflen -= 1;
-
-	switch(data[3]) {
-	case KRB_REJECT:		/* Rejected (reason might follow) */
-		strncpy((char *)buf, " REJECT ", buflen);
-		goto common;
-
-	case KRB_ACCEPT:		/* Accepted (name might follow) */
-		strncpy((char *)buf, " ACCEPT ", buflen);
-	common:
-		BUMP(buf, buflen);
-		if (cnt <= 4)
-			break;
-		ADDC(buf, buflen, '"');
-		for (i = 4; i < cnt; i++)
-			ADDC(buf, buflen, data[i]);
-		ADDC(buf, buflen, '"');
-		ADDC(buf, buflen, '\0');
-		break;
-
-
-	case KRB_AUTH:			/* Authentication data follows */
-		strncpy((char *)buf, " AUTH", buflen);
-		goto common2;
-
-	case KRB_RESPONSE:
-		strncpy((char *)buf, " RESPONSE", buflen);
-		goto common2;
-
-#ifdef	FORWARD
-	case KRB_FORWARD:               /* Forwarded credentials follow */
-		strncpy((char *)buf, " FORWARD", buflen);
-		goto common2;
-
-	case KRB_FORWARD_ACCEPT:               /* Forwarded credentials accepted */
-		strncpy((char *)buf, " FORWARD_ACCEPT", buflen);
-		goto common2;
-
-	case KRB_FORWARD_REJECT:               /* Forwarded credentials rejected */
-					       /* (reason might follow) */
-		strncpy((char *)buf, " FORWARD_REJECT", buflen);
-		goto common2;
-#endif	/* FORWARD */
-
-	default:
-		sprintf(lbuf, " %d (unknown)", data[3]);
-		strncpy((char *)buf, lbuf, buflen);
-	common2:
-		BUMP(buf, buflen);
-		for (i = 4; i < cnt; i++) {
-			sprintf(lbuf, " %d", data[i]);
-			strncpy((char *)buf, lbuf, buflen);
-			BUMP(buf, buflen);
-		}
-		break;
-	}
-}
-
-#ifdef	FORWARD
-        void
-kerberos5_forward(ap)
-     Authenticator *ap;
-{
-    struct hostent *hp;
-    krb5_creds *local_creds;
-    krb5_error_code r;
-    krb5_data forw_creds;
-    extern krb5_cksumtype krb5_kdc_req_sumtype;
-    krb5_ccache ccache;
-    int i;
-
-    if (!(local_creds = (krb5_creds *)
-	  calloc(1, sizeof(*local_creds)))) {
-	if (auth_debug_mode)
-	  printf("Kerberos V5: could not allocate memory for credentials\r\n");
-	return;
-    }
-
-    if (r = krb5_sname_to_principal(RemoteHostName, "host", 1,
-				    &local_creds->server)) {
-	if (auth_debug_mode)
-	  printf("Kerberos V5: could not build server name - %s\r\n",
-		 error_message(r));
-	krb5_free_creds(local_creds);
-	return;
-    }
-
-    if (r = krb5_cc_default(&ccache)) {
-	if (auth_debug_mode)
-	  printf("Kerberos V5: could not get default ccache - %s\r\n",
-		 error_message(r));
-	krb5_free_creds(local_creds);
-	return;
-    }
-
-    if (r = krb5_cc_get_principal(ccache, &local_creds->client)) {
-	if (auth_debug_mode)
-	  printf("Kerberos V5: could not get default principal - %s\r\n",
-		 error_message(r));
-	krb5_free_creds(local_creds);
-	return;
-    }
-
-    /* Get ticket from credentials cache */
-    if (r = krb5_get_credentials(KRB5_GC_CACHED, ccache, local_creds)) {
-	if (auth_debug_mode)
-	  printf("Kerberos V5: could not obtain credentials - %s\r\n",
-		 error_message(r));
-	krb5_free_creds(local_creds);
-	return;
-    }
-
-    if (r = get_for_creds(ETYPE_DES_CBC_CRC,
-			  krb5_kdc_req_sumtype,
-			  RemoteHostName,
-			  local_creds->client,
-			  &local_creds->keyblock,
-			  forward_flags & OPTS_FORWARDABLE_CREDS,
-			  &forw_creds)) {
-	if (auth_debug_mode)
-	  printf("Kerberos V5: error getting forwarded creds - %s\r\n",
-		 error_message(r));
-	krb5_free_creds(local_creds);
-	return;
-    }
-
-    /* Send forwarded credentials */
-    if (!Data(ap, KRB_FORWARD, forw_creds.data, forw_creds.length)) {
-	if (auth_debug_mode)
-	  printf("Not enough room for authentication data\r\n");
-    }
-    else {
-	if (auth_debug_mode)
-	  printf("Forwarded local Kerberos V5 credentials to server\r\n");
-    }
-
-    krb5_free_creds(local_creds);
-}
-#endif	/* FORWARD */
-
-#endif /* KRB5 */
diff --git a/secure/lib/libtelnet/key-proto.h b/secure/lib/libtelnet/key-proto.h
deleted file mode 100644
index 9668a775be50..000000000000
--- a/secure/lib/libtelnet/key-proto.h
+++ /dev/null
@@ -1,71 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)key-proto.h	8.1 (Berkeley) 6/4/93
- */
-
-/*
- * Copyright (C) 1990 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- */
-
-#ifndef	__KEY_PROTO__
-#define	__KEY_PROTO__
-
-#if	!defined(P)
-#ifdef	__STDC__
-#define	P(x)	x
-#else
-#define	P(x)	()
-#endif
-#endif
-
-int key_file_exists P((void));
-void key_lookup P((unsigned char *, Block));
-void key_stream_init P((Block, Block, int));
-unsigned char key_stream P((int, int));
-#endif
diff --git a/secure/lib/libtelnet/krb4encpwd.c b/secure/lib/libtelnet/krb4encpwd.c
deleted file mode 100644
index 00f32e8532b9..000000000000
--- a/secure/lib/libtelnet/krb4encpwd.c
+++ /dev/null
@@ -1,446 +0,0 @@
-/*-
- * Copyright (c) 1992, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#)krb4encpwd.c	8.3 (Berkeley) 5/30/95";
-#endif /* not lint */
-
-
-#ifdef	KRB4_ENCPWD
-/*
- * COPYRIGHT (C) 1990 DIGITAL EQUIPMENT CORPORATION
- * ALL RIGHTS RESERVED
- *
- * "Digital Equipment Corporation authorizes the reproduction,
- * distribution and modification of this software subject to the following
- * restrictions:
- *
- * 1.  Any partial or whole copy of this software, or any modification
- * thereof, must include this copyright notice in its entirety.
- *
- * 2.  This software is supplied "as is" with no warranty of any kind,
- * expressed or implied, for any purpose, including any warranty of fitness
- * or merchantibility.  DIGITAL assumes no responsibility for the use or
- * reliability of this software, nor promises to provide any form of
- * support for it on any basis.
- *
- * 3.  Distribution of this software is authorized only if no profit or
- * remuneration of any kind is received in exchange for such distribution.
- *
- * 4.  This software produces public key authentication certificates
- * bearing an expiration date established by DIGITAL and RSA Data
- * Security, Inc.  It may cease to generate certificates after the expiration
- * date.  Any modification of this software that changes or defeats
- * the expiration date or its effect is unauthorized.
- *
- * 5.  Software that will renew or extend the expiration date of
- * authentication certificates produced by this software may be obtained
- * from RSA Data Security, Inc., 10 Twin Dolphin Drive, Redwood City, CA
- * 94065, (415)595-8782, or from DIGITAL"
- *
- */
-
-#include <sys/types.h>
-#include <arpa/telnet.h>
-#include <pwd.h>
-#include <stdio.h>
-
-#include <des.h>
-#include <krb.h>
-#ifdef	__STDC__
-#include <stdlib.h>
-#endif
-#ifdef	NO_STRING_H
-#include <strings.h>
-#else
-#include <string.h>
-#endif
-
-#include "encrypt.h"
-#include "auth.h"
-#include "misc.h"
-
-int krb_mk_encpwd_req P((KTEXT, char *, char *, char *, char *, char *, char *));
-int krb_rd_encpwd_req P((KTEXT, char *, char *, u_long, AUTH_DAT *, char *, char *, char *, char *));
-
-extern auth_debug_mode;
-
-static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
-			  		AUTHTYPE_KRB4_ENCPWD, };
-static unsigned char str_name[1024] = { IAC, SB, TELOPT_AUTHENTICATION,
-					TELQUAL_NAME, };
-
-#define	KRB4_ENCPWD_AUTH	0	/* Authentication data follows */
-#define	KRB4_ENCPWD_REJECT	1	/* Rejected (reason might follow) */
-#define KRB4_ENCPWD_ACCEPT	2	/* Accepted */
-#define	KRB4_ENCPWD_CHALLENGE	3	/* Challenge for mutual auth. */
-#define	KRB4_ENCPWD_ACK		4	/* Acknowledge */
-
-#define KRB_SERVICE_NAME    "rcmd"
-
-static	KTEXT_ST auth;
-static	char name[ANAME_SZ];
-static	char user_passwd[ANAME_SZ];
-static	AUTH_DAT adat = { 0 };
-#ifdef	ENCRYPTION
-static Block	session_key	= { 0 };
-#endif	/* ENCRYPTION */
-static Schedule sched;
-static char  challenge[REALM_SZ];
-
-	static int
-Data(ap, type, d, c)
-	Authenticator *ap;
-	int type;
-	void *d;
-	int c;
-{
-        unsigned char *p = str_data + 4;
-	unsigned char *cd = (unsigned char *)d;
-
-	if (c == -1)
-		c = strlen((char *)cd);
-
-        if (0) {
-                printf("%s:%d: [%d] (%d)",
-                        str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
-                        str_data[3],
-                        type, c);
-                printd(d, c);
-                printf("\r\n");
-        }
-	*p++ = ap->type;
-	*p++ = ap->way;
-	*p++ = type;
-        while (c-- > 0) {
-                if ((*p++ = *cd++) == IAC)
-                        *p++ = IAC;
-        }
-        *p++ = IAC;
-        *p++ = SE;
-	if (str_data[3] == TELQUAL_IS)
-		printsub('>', &str_data[2], p - (&str_data[2]));
-        return(net_write(str_data, p - str_data));
-}
-
-	int
-krb4encpwd_init(ap, server)
-	Authenticator *ap;
-	int server;
-{
-        char hostname[80], *cp, *realm;
-	C_Block skey;
-
-	if (server) {
-		str_data[3] = TELQUAL_REPLY;
-	} else {
-		str_data[3] = TELQUAL_IS;
-		gethostname(hostname, sizeof(hostname));
-		realm = krb_realmofhost(hostname);
-		cp = strchr(hostname, '.');
-		if (*cp != NULL) *cp = NULL;
-		if (read_service_key(KRB_SERVICE_NAME, hostname, realm, 0,
-					KEYFILE, (char *)skey)) {
-		  return(0);
-		}
-	}
-	return(1);
-}
-
-	int
-krb4encpwd_send(ap)
-	Authenticator *ap;
-{
-
-	printf("[ Trying KRB4ENCPWD ... ]\n");
-	if (!UserNameRequested) {
-		return(0);
-	}
-	if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) {
-		return(0);
-	}
-
-	if (!Data(ap, KRB4_ENCPWD_ACK, (void *)NULL, 0)) {
-		return(0);
-	}
-
-	return(1);
-}
-
-	void
-krb4encpwd_is(ap, data, cnt)
-	Authenticator *ap;
-	unsigned char *data;
-	int cnt;
-{
-	Session_Key skey;
-	Block datablock;
-	char  r_passwd[ANAME_SZ], r_user[ANAME_SZ];
-	char  lhostname[ANAME_SZ], *cp;
-	int r;
-	time_t now;
-
-	if (cnt-- < 1)
-		return;
-	switch (*data++) {
-	case KRB4_ENCPWD_AUTH:
-		memmove((void *)auth.dat, (void *)data, auth.length = cnt);
-
-		gethostname(lhostname, sizeof(lhostname));
-		if ((cp = strchr(lhostname, '.')) != 0)  *cp = '\0';
-
-		if (r = krb_rd_encpwd_req(&auth, KRB_SERVICE_NAME, lhostname, 0, &adat, NULL, challenge, r_user, r_passwd)) {
-			Data(ap, KRB4_ENCPWD_REJECT, (void *)"Auth failed", -1);
-			auth_finished(ap, AUTH_REJECT);
-			return;
-		}
-		auth_encrypt_userpwd(r_passwd);
-		if (passwdok(UserNameRequested, UserPassword) == 0) {
-		  /*
-		   *  illegal username and password
-		   */
-		  Data(ap, KRB4_ENCPWD_REJECT, (void *)"Illegal password", -1);
-		  auth_finished(ap, AUTH_REJECT);
-		  return;
-		}
-
-		memmove((void *)session_key, (void *)adat.session, sizeof(Block));
-		Data(ap, KRB4_ENCPWD_ACCEPT, (void *)0, 0);
-		auth_finished(ap, AUTH_USER);
-		break;
-
-	case KRB4_ENCPWD_CHALLENGE:
-		/*
-		 *  Take the received random challenge text and save
-		 *  for future authentication.
-		 */
-		memmove((void *)challenge, (void *)data, sizeof(Block));
-		break;
-
-
-	case KRB4_ENCPWD_ACK:
-		/*
-		 *  Receive ack, if mutual then send random challenge
-		 */
-
-		/*
-		 * If we are doing mutual authentication, get set up to send
-		 * the challenge, and verify it when the response comes back.
-		 */
-
-		if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
-		  register int i;
-
-		  time(&now);
-		  sprintf(challenge, "%x", now);
-		  Data(ap, KRB4_ENCPWD_CHALLENGE, (void *)challenge, strlen(challenge));
-		}
-		break;
-
-	default:
-		Data(ap, KRB4_ENCPWD_REJECT, 0, 0);
-		break;
-	}
-}
-
-
-	void
-krb4encpwd_reply(ap, data, cnt)
-	Authenticator *ap;
-	unsigned char *data;
-	int cnt;
-{
-	Session_Key skey;
-	KTEXT_ST krb_token;
-	Block enckey;
-	CREDENTIALS cred;
-	int r;
-	char        randchal[REALM_SZ], instance[ANAME_SZ], *cp;
-        char        hostname[80], *realm;
-
-	if (cnt-- < 1)
-		return;
-	switch (*data++) {
-	case KRB4_ENCPWD_REJECT:
-		if (cnt > 0) {
-			printf("[ KRB4_ENCPWD refuses authentication because %.*s ]\r\n",
-				cnt, data);
-		} else
-			printf("[ KRB4_ENCPWD refuses authentication ]\r\n");
-		auth_send_retry();
-		return;
-	case KRB4_ENCPWD_ACCEPT:
-		printf("[ KRB4_ENCPWD accepts you ]\n");
-		auth_finished(ap, AUTH_USER);
-		return;
-	case KRB4_ENCPWD_CHALLENGE:
-		/*
-		 * Verify that the response to the challenge is correct.
-		 */
-
-		gethostname(hostname, sizeof(hostname));
-		realm = krb_realmofhost(hostname);
-		memmove((void *)challenge, (void *)data, cnt);
-		memset(user_passwd, 0, sizeof(user_passwd));
-		local_des_read_pw_string(user_passwd, sizeof(user_passwd)-1, "Password: ", 0);
-		UserPassword = user_passwd;
-		Challenge = challenge;
-		strcpy(instance, RemoteHostName);
-		if ((cp = strchr(instance, '.')) != 0)  *cp = '\0';
-
-		if (r = krb_mk_encpwd_req(&krb_token, KRB_SERVICE_NAME, instance, realm, Challenge, UserNameRequested, user_passwd)) {
-		  krb_token.length = 0;
-		}
-
-		if (!Data(ap, KRB4_ENCPWD_AUTH, (void *)krb_token.dat, krb_token.length)) {
-		  return;
-		}
-
-		break;
-
-	default:
-		return;
-	}
-}
-
-	int
-krb4encpwd_status(ap, name, level)
-	Authenticator *ap;
-	char *name;
-	int level;
-{
-
-	if (level < AUTH_USER)
-		return(level);
-
-	if (UserNameRequested && passwdok(UserNameRequested, UserPassword)) {
-		strcpy(name, UserNameRequested);
-		return(AUTH_VALID);
-	} else {
-		return(AUTH_USER);
-	}
-}
-
-#define	BUMP(buf, len)		while (*(buf)) {++(buf), --(len);}
-#define	ADDC(buf, len, c)	if ((len) > 0) {*(buf)++ = (c); --(len);}
-
-	void
-krb4encpwd_printsub(data, cnt, buf, buflen)
-	unsigned char *data, *buf;
-	int cnt, buflen;
-{
-	char lbuf[32];
-	register int i;
-
-	buf[buflen-1] = '\0';		/* make sure its NULL terminated */
-	buflen -= 1;
-
-	switch(data[3]) {
-	case KRB4_ENCPWD_REJECT:	/* Rejected (reason might follow) */
-		strncpy((char *)buf, " REJECT ", buflen);
-		goto common;
-
-	case KRB4_ENCPWD_ACCEPT:	/* Accepted (name might follow) */
-		strncpy((char *)buf, " ACCEPT ", buflen);
-	common:
-		BUMP(buf, buflen);
-		if (cnt <= 4)
-			break;
-		ADDC(buf, buflen, '"');
-		for (i = 4; i < cnt; i++)
-			ADDC(buf, buflen, data[i]);
-		ADDC(buf, buflen, '"');
-		ADDC(buf, buflen, '\0');
-		break;
-
-	case KRB4_ENCPWD_AUTH:		/* Authentication data follows */
-		strncpy((char *)buf, " AUTH", buflen);
-		goto common2;
-
-	case KRB4_ENCPWD_CHALLENGE:
-		strncpy((char *)buf, " CHALLENGE", buflen);
-		goto common2;
-
-	case KRB4_ENCPWD_ACK:
-		strncpy((char *)buf, " ACK", buflen);
-		goto common2;
-
-	default:
-		sprintf(lbuf, " %d (unknown)", data[3]);
-		strncpy((char *)buf, lbuf, buflen);
-	common2:
-		BUMP(buf, buflen);
-		for (i = 4; i < cnt; i++) {
-			sprintf(lbuf, " %d", data[i]);
-			strncpy((char *)buf, lbuf, buflen);
-			BUMP(buf, buflen);
-		}
-		break;
-	}
-}
-
-int passwdok(name, passwd)
-char *name, *passwd;
-{
-  char *crypt();
-  char *salt, *p;
-  struct passwd *pwd;
-  int   passwdok_status = 0;
-
-  if (pwd = getpwnam(name))
-    salt = pwd->pw_passwd;
-  else salt = "xx";
-
-  p = crypt(passwd, salt);
-
-  if (pwd && !strcmp(p, pwd->pw_passwd)) {
-    passwdok_status = 1;
-  } else passwdok_status = 0;
-  return(passwdok_status);
-}
-
-#endif
-
-#ifdef notdef
-
-prkey(msg, key)
-	char *msg;
-	unsigned char *key;
-{
-	register int i;
-	printf("%s:", msg);
-	for (i = 0; i < 8; i++)
-		printf(" %3d", key[i]);
-	printf("\r\n");
-}
-#endif
diff --git a/secure/lib/libtelnet/misc-proto.h b/secure/lib/libtelnet/misc-proto.h
deleted file mode 100644
index e5f334a9bdd0..000000000000
--- a/secure/lib/libtelnet/misc-proto.h
+++ /dev/null
@@ -1,79 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)misc-proto.h	8.1 (Berkeley) 6/4/93
- */
-
-/*
- * Copyright (C) 1990 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- */
-
-#ifndef	__MISC_PROTO__
-#define	__MISC_PROTO__
-
-#if	!defined(P)
-#ifdef	__STDC__
-#define	P(x)	x
-#else
-#define	P(x)	()
-#endif
-#endif
-
-void auth_encrypt_init P((char *, char *, char *, int));
-void auth_encrypt_connect P((int));
-void printd P((unsigned char *, int));
-
-/*
- * These functions are imported from the application
- */
-int net_write P((unsigned char *, int));
-void net_encrypt P((void));
-int telnet_spin P((void));
-char *telnet_getenv P((char *));
-char *telnet_gets P((char *, char *, int, int));
-#endif
diff --git a/secure/lib/libtelnet/misc.c b/secure/lib/libtelnet/misc.c
deleted file mode 100644
index 9565900a391e..000000000000
--- a/secure/lib/libtelnet/misc.c
+++ /dev/null
@@ -1,94 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#)misc.c	8.1 (Berkeley) 6/4/93";
-#endif /* not lint */
-
-#include "misc.h"
-
-char *RemoteHostName;
-char *LocalHostName;
-char *UserNameRequested = 0;
-int ConnectedCount = 0;
-
-	void
-auth_encrypt_init(local, remote, name, server)
-	char *local;
-	char *remote;
-	char *name;
-	int server;
-{
-	RemoteHostName = remote;
-	LocalHostName = local;
-#if	defined(AUTHENTICATION)
-	auth_init(name, server);
-#endif
-#ifdef	ENCRYPTION
-	encrypt_init(name, server);
-#endif	/* ENCRYPTION */
-	if (UserNameRequested) {
-		free(UserNameRequested);
-		UserNameRequested = 0;
-	}
-}
-
-	void
-auth_encrypt_user(name)
-	char *name;
-{
-	extern char *strdup();
-
-	if (UserNameRequested)
-		free(UserNameRequested);
-	UserNameRequested = name ? strdup(name) : 0;
-}
-
-	void
-auth_encrypt_connect(cnt)
-	int cnt;
-{
-}
-
-	void
-printd(data, cnt)
-	unsigned char *data;
-	int cnt;
-{
-	if (cnt > 16)
-		cnt = 16;
-	while (cnt-- > 0) {
-		printf(" %02x", *data);
-		++data;
-	}
-}
diff --git a/secure/lib/libtelnet/misc.h b/secure/lib/libtelnet/misc.h
deleted file mode 100644
index 41ffa7f67aa7..000000000000
--- a/secure/lib/libtelnet/misc.h
+++ /dev/null
@@ -1,42 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)misc.h	8.1 (Berkeley) 6/4/93
- */
-
-extern char *UserNameRequested;
-extern char *LocalHostName;
-extern char *RemoteHostName;
-extern int ConnectedCount;
-extern int ReservedPort;
-
-#include "misc-proto.h"
diff --git a/secure/lib/libtelnet/read_password.c b/secure/lib/libtelnet/read_password.c
deleted file mode 100644
index 4ae412c5fc61..000000000000
--- a/secure/lib/libtelnet/read_password.c
+++ /dev/null
@@ -1,145 +0,0 @@
-/*-
- * Copyright (c) 1992, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#)read_password.c	8.3 (Berkeley) 5/30/95";
-#endif /* not lint */
-
-/*
- * $Source: /home/ncvs/src/secure/lib/libtelnet/read_password.c,v $
- * $Author: pst $
- *
- * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- *
- * This routine prints the supplied string to standard
- * output as a prompt, and reads a password string without
- * echoing.
- */
-
-#if	defined(RSA_ENCPWD) || defined(KRB4_ENCPWD)
-
-#include <stdio.h>
-#include <strings.h>
-#include <sys/ioctl.h>
-#include <signal.h>
-#include <setjmp.h>
-
-static jmp_buf env;
-
-/*** Routines ****************************************************** */
-/*
- * This version just returns the string, doesn't map to key.
- *
- * Returns 0 on success, non-zero on failure.
- */
-
-int
-local_des_read_pw_string(s,max,prompt,verify)
-    char *s;
-    int	max;
-    char *prompt;
-    int	verify;
-{
-    int ok = 0;
-    char *ptr;
-
-    jmp_buf old_env;
-    struct sgttyb tty_state;
-    char key_string[BUFSIZ];
-
-    if (max > BUFSIZ) {
-	return -1;
-    }
-
-    /* XXX assume jmp_buf is typedef'ed to an array */
-    memmove((char *)env, (char *)old_env, sizeof(env));
-    if (setjmp(env))
-	goto lose;
-
-    /* save terminal state*/
-    if (ioctl(0,TIOCGETP,(char *)&tty_state) == -1)
-	return -1;
-/*
-    push_signals();
-*/
-    /* Turn off echo */
-    tty_state.sg_flags &= ~ECHO;
-    if (ioctl(0,TIOCSETP,(char *)&tty_state) == -1)
-	return -1;
-    while (!ok) {
-	(void) printf(prompt);
-	(void) fflush(stdout);
-	while (!fgets(s, max, stdin));
-
-	if ((ptr = strchr(s, '\n')))
-	    *ptr = '\0';
-	if (verify) {
-	    printf("\nVerifying, please re-enter %s",prompt);
-	    (void) fflush(stdout);
-	    if (!fgets(key_string, sizeof(key_string), stdin)) {
-		clearerr(stdin);
-		continue;
-	    }
-	    if ((ptr = strchr(key_string, '\n')))
-	    *ptr = '\0';
-	    if (strcmp(s,key_string)) {
-		printf("\n\07\07Mismatch - try again\n");
-		(void) fflush(stdout);
-		continue;
-	    }
-	}
-	ok = 1;
-    }
-
-lose:
-    if (!ok)
-	memset(s, 0, max);
-    printf("\n");
-    /* turn echo back on */
-    tty_state.sg_flags |= ECHO;
-    if (ioctl(0,TIOCSETP,(char *)&tty_state))
-	ok = 0;
-/*
-    pop_signals();
-*/
-    memmove((char *)old_env, (char *)env, sizeof(env));
-    if (verify)
-	memset(key_string, 0, sizeof (key_string));
-    s[max-1] = 0;		/* force termination */
-    return !ok;			/* return nonzero if not okay */
-}
-#endif	/* defined(RSA_ENCPWD) || defined(KRB4_ENCPWD) */
diff --git a/secure/lib/libtelnet/rsaencpwd.c b/secure/lib/libtelnet/rsaencpwd.c
deleted file mode 100644
index 3492132a5df2..000000000000
--- a/secure/lib/libtelnet/rsaencpwd.c
+++ /dev/null
@@ -1,492 +0,0 @@
-/*-
- * Copyright (c) 1992, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#)rsaencpwd.c	8.3 (Berkeley) 5/30/95";
-#endif /* not lint */
-
-
-#ifdef	RSA_ENCPWD
-/*
- * COPYRIGHT (C) 1990 DIGITAL EQUIPMENT CORPORATION
- * ALL RIGHTS RESERVED
- *
- * "Digital Equipment Corporation authorizes the reproduction,
- * distribution and modification of this software subject to the following
- * restrictions:
- *
- * 1.  Any partial or whole copy of this software, or any modification
- * thereof, must include this copyright notice in its entirety.
- *
- * 2.  This software is supplied "as is" with no warranty of any kind,
- * expressed or implied, for any purpose, including any warranty of fitness
- * or merchantibility.  DIGITAL assumes no responsibility for the use or
- * reliability of this software, nor promises to provide any form of
- * support for it on any basis.
- *
- * 3.  Distribution of this software is authorized only if no profit or
- * remuneration of any kind is received in exchange for such distribution.
- *
- * 4.  This software produces public key authentication certificates
- * bearing an expiration date established by DIGITAL and RSA Data
- * Security, Inc.  It may cease to generate certificates after the expiration
- * date.  Any modification of this software that changes or defeats
- * the expiration date or its effect is unauthorized.
- *
- * 5.  Software that will renew or extend the expiration date of
- * authentication certificates produced by this software may be obtained
- * from RSA Data Security, Inc., 10 Twin Dolphin Drive, Redwood City, CA
- * 94065, (415)595-8782, or from DIGITAL"
- *
- */
-
-#include <sys/types.h>
-#include <arpa/telnet.h>
-#include <pwd.h>
-#include <stdio.h>
-
-#ifdef	__STDC__
-#include <stdlib.h>
-#endif
-#ifdef	NO_STRING_H
-#include <strings.h>
-#else
-#include <string.h>
-#endif
-
-#include "encrypt.h"
-#include "auth.h"
-#include "misc.h"
-#include "cdc.h"
-
-extern auth_debug_mode;
-
-static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
-			  		AUTHTYPE_RSA_ENCPWD, };
-static unsigned char str_name[1024] = { IAC, SB, TELOPT_AUTHENTICATION,
-					TELQUAL_NAME, };
-
-#define	RSA_ENCPWD_AUTH	0	/* Authentication data follows */
-#define	RSA_ENCPWD_REJECT	1	/* Rejected (reason might follow) */
-#define RSA_ENCPWD_ACCEPT	2	/* Accepted */
-#define	RSA_ENCPWD_CHALLENGEKEY	3	/* Challenge and public key */
-
-#define NAME_SZ   40
-#define CHAL_SZ   20
-#define PWD_SZ    40
-
-static	KTEXT_ST auth;
-static	char name[NAME_SZ];
-static	char user_passwd[PWD_SZ];
-static  char key_file[2*NAME_SZ];
-static  char lhostname[NAME_SZ];
-static char  challenge[CHAL_SZ];
-static int   challenge_len;
-
-	static int
-Data(ap, type, d, c)
-	Authenticator *ap;
-	int type;
-	void *d;
-	int c;
-{
-        unsigned char *p = str_data + 4;
-	unsigned char *cd = (unsigned char *)d;
-
-	if (c == -1)
-		c = strlen((char *)cd);
-
-        if (0) {
-                printf("%s:%d: [%d] (%d)",
-                        str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
-                        str_data[3],
-                        type, c);
-                printd(d, c);
-                printf("\r\n");
-        }
-	*p++ = ap->type;
-	*p++ = ap->way;
-	if (type != NULL) *p++ = type;
-        while (c-- > 0) {
-                if ((*p++ = *cd++) == IAC)
-                        *p++ = IAC;
-        }
-        *p++ = IAC;
-        *p++ = SE;
-	if (str_data[3] == TELQUAL_IS)
-		printsub('>', &str_data[2], p - (&str_data[2]));
-        return(net_write(str_data, p - str_data));
-}
-
-	int
-rsaencpwd_init(ap, server)
-	Authenticator *ap;
-	int server;
-{
-	char  *cp;
-	FILE  *fp;
-
-	if (server) {
-		str_data[3] = TELQUAL_REPLY;
-		memset(key_file, 0, sizeof(key_file));
-		gethostname(lhostname, sizeof(lhostname));
-		if ((cp = strchr(lhostname, '.')) != 0)  *cp = '\0';
-		strcpy(key_file, "/etc/.");
-		strcat(key_file, lhostname);
-		strcat(key_file, "_privkey");
-		if ((fp=fopen(key_file, "r"))==NULL) return(0);
-		fclose(fp);
-	} else {
-		str_data[3] = TELQUAL_IS;
-	}
-	return(1);
-}
-
-	int
-rsaencpwd_send(ap)
-	Authenticator *ap;
-{
-
-	printf("[ Trying RSAENCPWD ... ]\n");
-	if (!UserNameRequested) {
-		return(0);
-	}
-	if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) {
-		return(0);
-	}
-	if (!Data(ap, NULL, (void *)NULL, 0)) {
-		return(0);
-	}
-
-
-	return(1);
-}
-
-	void
-rsaencpwd_is(ap, data, cnt)
-	Authenticator *ap;
-	unsigned char *data;
-	int cnt;
-{
-	Session_Key skey;
-	Block datablock;
-	char  r_passwd[PWD_SZ], r_user[NAME_SZ];
-	char  *cp, key[160];
-	char  chalkey[160], *ptr;
-	FILE  *fp;
-	int r, i, j, chalkey_len, len;
-	time_t now;
-
-	cnt--;
-	switch (*data++) {
-	case RSA_ENCPWD_AUTH:
-		memmove((void *)auth.dat, (void *)data, auth.length = cnt);
-
-		if ((fp=fopen(key_file, "r"))==NULL) {
-		  Data(ap, RSA_ENCPWD_REJECT, (void *)"Auth failed", -1);
-		  auth_finished(ap, AUTH_REJECT);
-		  return;
-		}
-		/*
-		 *  get privkey
-		 */
-		fscanf(fp, "%x;", &len);
-		for (i=0;i<len;i++) {
-		  j = getc(fp);  key[i]=j;
-		}
-		fclose(fp);
-
-		r = accept_rsa_encpwd(&auth, key, challenge,
-				      challenge_len, r_passwd);
-		if (r < 0) {
-		  Data(ap, RSA_ENCPWD_REJECT, (void *)"Auth failed", -1);
-		  auth_finished(ap, AUTH_REJECT);
-		  return;
-		}
-		auth_encrypt_userpwd(r_passwd);
-		if (rsaencpwd_passwdok(UserNameRequested, UserPassword) == 0) {
-		  /*
-		   *  illegal username and password
-		   */
-		  Data(ap, RSA_ENCPWD_REJECT, (void *)"Illegal password", -1);
-		  auth_finished(ap, AUTH_REJECT);
-		  return;
-		}
-
-		Data(ap, RSA_ENCPWD_ACCEPT, (void *)0, 0);
-		auth_finished(ap, AUTH_USER);
-		break;
-
-
-	case IAC:
-
-		/*
-		 * If we are doing mutual authentication, get set up to send
-		 * the challenge, and verify it when the response comes back.
-		 */
-		if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_ONE_WAY) {
-		  register int i;
-
-
-		  time(&now);
-		  if ((now % 2) == 0) {
-		    sprintf(challenge, "%x", now);
-		    challenge_len = strlen(challenge);
-		  } else {
-		    strcpy(challenge, "randchal");
-		    challenge_len = 8;
-		  }
-
-		  if ((fp=fopen(key_file, "r"))==NULL) {
-		    Data(ap, RSA_ENCPWD_REJECT, (void *)"Auth failed", -1);
-		    auth_finished(ap, AUTH_REJECT);
-		    return;
-		  }
-		  /*
-		   *  skip privkey
-		   */
-		  fscanf(fp, "%x;", &len);
-		  for (i=0;i<len;i++) {
-		    j = getc(fp);
-		  }
-		  /*
-		   * get pubkey
-		   */
-		  fscanf(fp, "%x;", &len);
-		  for (i=0;i<len;i++) {
-		    j = getc(fp);  key[i]=j;
-		  }
-		  fclose(fp);
-		  chalkey[0] = 0x30;
-		  ptr = (char *) &chalkey[1];
-		  chalkey_len = 1+NumEncodeLengthOctets(i)+i+1+NumEncodeLengthOctets(challenge_len)+challenge_len;
-		  EncodeLength(ptr, chalkey_len);
-		  ptr +=NumEncodeLengthOctets(chalkey_len);
-		  *ptr++ = 0x04;  /* OCTET STRING */
-		  *ptr++ = challenge_len;
-		  memmove(ptr, challenge, challenge_len);
-		  ptr += challenge_len;
-		  *ptr++ = 0x04;  /* OCTET STRING */
-		  EncodeLength(ptr, i);
-		  ptr += NumEncodeLengthOctets(i);
-		  memmove(ptr, key, i);
-		  chalkey_len = 1+NumEncodeLengthOctets(chalkey_len)+chalkey_len;
-		  Data(ap, RSA_ENCPWD_CHALLENGEKEY, (void *)chalkey, chalkey_len);
-		}
-		break;
-
-	default:
-		Data(ap, RSA_ENCPWD_REJECT, 0, 0);
-		break;
-	}
-}
-
-
-	void
-rsaencpwd_reply(ap, data, cnt)
-	Authenticator *ap;
-	unsigned char *data;
-	int cnt;
-{
-	Session_Key skey;
-	KTEXT_ST token;
-	Block enckey;
-	int r, pubkey_len;
-	char        randchal[CHAL_SZ], *cp;
-	char        chalkey[160], pubkey[128], *ptr;
-
-	if (cnt-- < 1)
-		return;
-	switch (*data++) {
-	case RSA_ENCPWD_REJECT:
-		if (cnt > 0) {
-			printf("[ RSA_ENCPWD refuses authentication because %.*s ]\r\n",
-				cnt, data);
-		} else
-			printf("[ RSA_ENCPWD refuses authentication ]\r\n");
-		auth_send_retry();
-		return;
-	case RSA_ENCPWD_ACCEPT:
-		printf("[ RSA_ENCPWD accepts you ]\n");
-		auth_finished(ap, AUTH_USER);
-		return;
-	case RSA_ENCPWD_CHALLENGEKEY:
-		/*
-		 * Verify that the response to the challenge is correct.
-		 */
-
-		memmove((void *)chalkey, (void *)data, cnt);
-		ptr = (char *) &chalkey[0];
-		ptr += DecodeHeaderLength(chalkey);
-		if (*ptr != 0x04) {
-                  return;
-                }
-		*ptr++;
-		challenge_len = DecodeValueLength(ptr);
-		ptr += NumEncodeLengthOctets(challenge_len);
-		memmove(challenge, ptr, challenge_len);
-		ptr += challenge_len;
-		if (*ptr != 0x04) {
-                  return;
-                }
-                *ptr++;
-		pubkey_len = DecodeValueLength(ptr);
-		ptr += NumEncodeLengthOctets(pubkey_len);
-		memmove(pubkey, ptr, pubkey_len);
-		memset(user_passwd, 0, sizeof(user_passwd));
-		local_des_read_pw_string(user_passwd, sizeof(user_passwd)-1, "Password: ", 0);
-		UserPassword = user_passwd;
-		Challenge = challenge;
-		r = init_rsa_encpwd(&token, user_passwd, challenge, challenge_len, pubkey);
-		if (r < 0) {
-		  token.length = 1;
-		}
-
-		if (!Data(ap, RSA_ENCPWD_AUTH, (void *)token.dat, token.length)) {
-		  return;
-		}
-
-		break;
-
-	default:
-		return;
-	}
-}
-
-	int
-rsaencpwd_status(ap, name, level)
-	Authenticator *ap;
-	char *name;
-	int level;
-{
-
-	if (level < AUTH_USER)
-		return(level);
-
-	if (UserNameRequested && rsaencpwd_passwdok(UserNameRequested, UserPassword)) {
-		strcpy(name, UserNameRequested);
-		return(AUTH_VALID);
-	} else {
-		return(AUTH_USER);
-	}
-}
-
-#define	BUMP(buf, len)		while (*(buf)) {++(buf), --(len);}
-#define	ADDC(buf, len, c)	if ((len) > 0) {*(buf)++ = (c); --(len);}
-
-	void
-rsaencpwd_printsub(data, cnt, buf, buflen)
-	unsigned char *data, *buf;
-	int cnt, buflen;
-{
-	char lbuf[32];
-	register int i;
-
-	buf[buflen-1] = '\0';		/* make sure its NULL terminated */
-	buflen -= 1;
-
-	switch(data[3]) {
-	case RSA_ENCPWD_REJECT:	/* Rejected (reason might follow) */
-		strncpy((char *)buf, " REJECT ", buflen);
-		goto common;
-
-	case RSA_ENCPWD_ACCEPT:	/* Accepted (name might follow) */
-		strncpy((char *)buf, " ACCEPT ", buflen);
-	common:
-		BUMP(buf, buflen);
-		if (cnt <= 4)
-			break;
-		ADDC(buf, buflen, '"');
-		for (i = 4; i < cnt; i++)
-			ADDC(buf, buflen, data[i]);
-		ADDC(buf, buflen, '"');
-		ADDC(buf, buflen, '\0');
-		break;
-
-	case RSA_ENCPWD_AUTH:		/* Authentication data follows */
-		strncpy((char *)buf, " AUTH", buflen);
-		goto common2;
-
-	case RSA_ENCPWD_CHALLENGEKEY:
-		strncpy((char *)buf, " CHALLENGEKEY", buflen);
-		goto common2;
-
-	default:
-		sprintf(lbuf, " %d (unknown)", data[3]);
-		strncpy((char *)buf, lbuf, buflen);
-	common2:
-		BUMP(buf, buflen);
-		for (i = 4; i < cnt; i++) {
-			sprintf(lbuf, " %d", data[i]);
-			strncpy((char *)buf, lbuf, buflen);
-			BUMP(buf, buflen);
-		}
-		break;
-	}
-}
-
-int rsaencpwd_passwdok(name, passwd)
-char *name, *passwd;
-{
-  char *crypt();
-  char *salt, *p;
-  struct passwd *pwd;
-  int   passwdok_status = 0;
-
-  if (pwd = getpwnam(name))
-    salt = pwd->pw_passwd;
-  else salt = "xx";
-
-  p = crypt(passwd, salt);
-
-  if (pwd && !strcmp(p, pwd->pw_passwd)) {
-    passwdok_status = 1;
-  } else passwdok_status = 0;
-  return(passwdok_status);
-}
-
-#endif
-
-#ifdef notdef
-
-prkey(msg, key)
-	char *msg;
-	unsigned char *key;
-{
-	register int i;
-	printf("%s:", msg);
-	for (i = 0; i < 8; i++)
-		printf(" %3d", key[i]);
-	printf("\r\n");
-}
-#endif
diff --git a/secure/lib/libtelnet/spx.c b/secure/lib/libtelnet/spx.c
deleted file mode 100644
index 5b625c7cfad2..000000000000
--- a/secure/lib/libtelnet/spx.c
+++ /dev/null
@@ -1,588 +0,0 @@
-/*-
- * Copyright (c) 1992, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#)spx.c	8.2 (Berkeley) 5/30/95";
-#endif /* not lint */
-
-#ifdef	SPX
-/*
- * COPYRIGHT (C) 1990 DIGITAL EQUIPMENT CORPORATION
- * ALL RIGHTS RESERVED
- *
- * "Digital Equipment Corporation authorizes the reproduction,
- * distribution and modification of this software subject to the following
- * restrictions:
- *
- * 1.  Any partial or whole copy of this software, or any modification
- * thereof, must include this copyright notice in its entirety.
- *
- * 2.  This software is supplied "as is" with no warranty of any kind,
- * expressed or implied, for any purpose, including any warranty of fitness
- * or merchantibility.  DIGITAL assumes no responsibility for the use or
- * reliability of this software, nor promises to provide any form of
- * support for it on any basis.
- *
- * 3.  Distribution of this software is authorized only if no profit or
- * remuneration of any kind is received in exchange for such distribution.
- *
- * 4.  This software produces public key authentication certificates
- * bearing an expiration date established by DIGITAL and RSA Data
- * Security, Inc.  It may cease to generate certificates after the expiration
- * date.  Any modification of this software that changes or defeats
- * the expiration date or its effect is unauthorized.
- *
- * 5.  Software that will renew or extend the expiration date of
- * authentication certificates produced by this software may be obtained
- * from RSA Data Security, Inc., 10 Twin Dolphin Drive, Redwood City, CA
- * 94065, (415)595-8782, or from DIGITAL"
- *
- */
-
-#include <sys/types.h>
-#include <arpa/telnet.h>
-#include <stdio.h>
-#include "gssapi_defs.h"
-#ifdef	__STDC__
-#include <stdlib.h>
-#endif
-#ifdef	NO_STRING_H
-#include <strings.h>
-#else
-#include <string.h>
-#endif
-
-#include <pwd.h>
-#include "encrypt.h"
-#include "auth.h"
-#include "misc.h"
-
-extern auth_debug_mode;
-
-static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
-			  		AUTHTYPE_SPX, };
-static unsigned char str_name[1024] = { IAC, SB, TELOPT_AUTHENTICATION,
-					TELQUAL_NAME, };
-
-#define	SPX_AUTH	0		/* Authentication data follows */
-#define	SPX_REJECT	1		/* Rejected (reason might follow) */
-#define SPX_ACCEPT	2		/* Accepted */
-
-#ifdef	ENCRYPTION
-static Block	session_key	= { 0 };
-#endif	/* ENCRYPTION */
-static Schedule sched;
-static Block	challenge	= { 0 };
-
-
-/*******************************************************************/
-
-gss_OID_set           actual_mechs;
-gss_OID               actual_mech_type, output_name_type;
-int                   major_status, status, msg_ctx = 0, new_status;
-int                   req_flags = 0, ret_flags, lifetime_rec;
-gss_cred_id_t         gss_cred_handle;
-gss_ctx_id_t          actual_ctxhandle, context_handle;
-gss_buffer_desc       output_token, input_token, input_name_buffer;
-gss_buffer_desc       status_string;
-gss_name_t            desired_targname, src_name;
-gss_channel_bindings  input_chan_bindings;
-char                  lhostname[GSS_C_MAX_PRINTABLE_NAME];
-char                  targ_printable[GSS_C_MAX_PRINTABLE_NAME];
-int                   to_addr=0, from_addr=0;
-char                  *address;
-gss_buffer_desc       fullname_buffer;
-gss_OID               fullname_type;
-gss_cred_id_t         gss_delegated_cred_handle;
-
-/*******************************************************************/
-
-
-
-	static int
-Data(ap, type, d, c)
-	Authenticator *ap;
-	int type;
-	void *d;
-	int c;
-{
-        unsigned char *p = str_data + 4;
-	unsigned char *cd = (unsigned char *)d;
-
-	if (c == -1)
-		c = strlen((char *)cd);
-
-        if (0) {
-                printf("%s:%d: [%d] (%d)",
-                        str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
-                        str_data[3],
-                        type, c);
-                printd(d, c);
-                printf("\r\n");
-        }
-	*p++ = ap->type;
-	*p++ = ap->way;
-	*p++ = type;
-        while (c-- > 0) {
-                if ((*p++ = *cd++) == IAC)
-                        *p++ = IAC;
-        }
-        *p++ = IAC;
-        *p++ = SE;
-	if (str_data[3] == TELQUAL_IS)
-		printsub('>', &str_data[2], p - (&str_data[2]));
-        return(net_write(str_data, p - str_data));
-}
-
-	int
-spx_init(ap, server)
-	Authenticator *ap;
-	int server;
-{
-        gss_cred_id_t    tmp_cred_handle;
-
-	if (server) {
-		str_data[3] = TELQUAL_REPLY;
-		gethostname(lhostname, sizeof(lhostname));
-		strcpy(targ_printable, "SERVICE:rcmd@");
-		strcat(targ_printable, lhostname);
-		input_name_buffer.length = strlen(targ_printable);
-		input_name_buffer.value = targ_printable;
-		major_status = gss_import_name(&status,
-                                       &input_name_buffer,
-                                       GSS_C_NULL_OID,
-                                       &desired_targname);
-		major_status = gss_acquire_cred(&status,
-                                        desired_targname,
-                                        0,
-                                        GSS_C_NULL_OID_SET,
-                                        GSS_C_ACCEPT,
-                                        &tmp_cred_handle,
-                                        &actual_mechs,
-                                        &lifetime_rec);
-		if (major_status != GSS_S_COMPLETE) return(0);
-	} else {
-		str_data[3] = TELQUAL_IS;
-	}
-	return(1);
-}
-
-	int
-spx_send(ap)
-	Authenticator *ap;
-{
-	Block enckey;
-	int r;
-
-	gss_OID  actual_mech_type, output_name_type;
-	int           msg_ctx = 0, new_status, status;
-	int           req_flags = 0, ret_flags, lifetime_rec, major_status;
-	gss_buffer_desc  output_token, input_token, input_name_buffer;
-	gss_buffer_desc  output_name_buffer, status_string;
-	gss_name_t    desired_targname;
-	gss_channel_bindings  input_chan_bindings;
-	char targ_printable[GSS_C_MAX_PRINTABLE_NAME];
-	int  from_addr=0, to_addr=0, myhostlen, j;
-	int  deleg_flag=1, mutual_flag=0, replay_flag=0, seq_flag=0;
-	char *address;
-
-	printf("[ Trying SPX ... ]\n");
-	strcpy(targ_printable, "SERVICE:rcmd@");
-	strcat(targ_printable, RemoteHostName);
-
-	input_name_buffer.length = strlen(targ_printable);
-	input_name_buffer.value = targ_printable;
-
-	if (!UserNameRequested) {
-		return(0);
-	}
-
-	major_status = gss_import_name(&status,
-				       &input_name_buffer,
-				       GSS_C_NULL_OID,
-				       &desired_targname);
-
-
-	major_status = gss_display_name(&status,
-					desired_targname,
-					&output_name_buffer,
-					&output_name_type);
-
-	printf("target is '%s'\n", output_name_buffer.value); fflush(stdout);
-
-	major_status = gss_release_buffer(&status, &output_name_buffer);
-
-	input_chan_bindings = (gss_channel_bindings)
-	  malloc(sizeof(gss_channel_bindings_desc));
-
-	input_chan_bindings->initiator_addrtype = GSS_C_AF_INET;
-	input_chan_bindings->initiator_address.length = 4;
-	address = (char *) malloc(4);
-	input_chan_bindings->initiator_address.value = (char *) address;
-	address[0] = ((from_addr & 0xff000000) >> 24);
-	address[1] = ((from_addr & 0xff0000) >> 16);
-	address[2] = ((from_addr & 0xff00) >> 8);
-	address[3] = (from_addr & 0xff);
-	input_chan_bindings->acceptor_addrtype = GSS_C_AF_INET;
-	input_chan_bindings->acceptor_address.length = 4;
-	address = (char *) malloc(4);
-	input_chan_bindings->acceptor_address.value = (char *) address;
-	address[0] = ((to_addr & 0xff000000) >> 24);
-	address[1] = ((to_addr & 0xff0000) >> 16);
-	address[2] = ((to_addr & 0xff00) >> 8);
-	address[3] = (to_addr & 0xff);
-	input_chan_bindings->application_data.length = 0;
-
-        req_flags = 0;
-        if (deleg_flag)  req_flags = req_flags | 1;
-        if (mutual_flag) req_flags = req_flags | 2;
-        if (replay_flag) req_flags = req_flags | 4;
-        if (seq_flag)    req_flags = req_flags | 8;
-
-        major_status = gss_init_sec_context(&status,         /* minor status */
-					GSS_C_NO_CREDENTIAL, /* cred handle */
-                                        &actual_ctxhandle,   /* ctx handle */
-                                        desired_targname,    /* target name */
-                                        GSS_C_NULL_OID,      /* mech type */
-                                        req_flags,           /* req flags */
-                                        0,                   /* time req */
-                                        input_chan_bindings, /* chan binding */
-                                        GSS_C_NO_BUFFER,     /* input token */
-                                        &actual_mech_type,   /* actual mech */
-                                        &output_token,       /* output token */
-                                        &ret_flags,          /* ret flags */
-                                        &lifetime_rec);      /* time rec */
-
-	if ((major_status != GSS_S_COMPLETE) &&
-	    (major_status != GSS_S_CONTINUE_NEEDED)) {
-          gss_display_status(&new_status,
-                             status,
-                             GSS_C_MECH_CODE,
-                             GSS_C_NULL_OID,
-                             &msg_ctx,
-                             &status_string);
-          printf("%s\n", status_string.value);
-	  return(0);
-	}
-
-	if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) {
-		return(0);
-	}
-
-	if (!Data(ap, SPX_AUTH, (void *)output_token.value, output_token.length)) {
-		return(0);
-	}
-
-	return(1);
-}
-
-	void
-spx_is(ap, data, cnt)
-	Authenticator *ap;
-	unsigned char *data;
-	int cnt;
-{
-	Session_Key skey;
-	Block datablock;
-	int r;
-
-	if (cnt-- < 1)
-		return;
-	switch (*data++) {
-	case SPX_AUTH:
-	        input_token.length = cnt;
-		input_token.value = (char *) data;
-
-		gethostname(lhostname, sizeof(lhostname));
-
-		strcpy(targ_printable, "SERVICE:rcmd@");
-		strcat(targ_printable, lhostname);
-
-		input_name_buffer.length = strlen(targ_printable);
-		input_name_buffer.value = targ_printable;
-
-		major_status = gss_import_name(&status,
-                                       &input_name_buffer,
-                                       GSS_C_NULL_OID,
-                                       &desired_targname);
-
-		major_status = gss_acquire_cred(&status,
-                                        desired_targname,
-                                        0,
-                                        GSS_C_NULL_OID_SET,
-                                        GSS_C_ACCEPT,
-                                        &gss_cred_handle,
-                                        &actual_mechs,
-                                        &lifetime_rec);
-
-		major_status = gss_release_name(&status, desired_targname);
-
-		input_chan_bindings = (gss_channel_bindings)
-		  malloc(sizeof(gss_channel_bindings_desc));
-
-		input_chan_bindings->initiator_addrtype = GSS_C_AF_INET;
-		input_chan_bindings->initiator_address.length = 4;
-		address = (char *) malloc(4);
-		input_chan_bindings->initiator_address.value = (char *) address;
-		address[0] = ((from_addr & 0xff000000) >> 24);
-		address[1] = ((from_addr & 0xff0000) >> 16);
-		address[2] = ((from_addr & 0xff00) >> 8);
-		address[3] = (from_addr & 0xff);
-		input_chan_bindings->acceptor_addrtype = GSS_C_AF_INET;
-		input_chan_bindings->acceptor_address.length = 4;
-		address = (char *) malloc(4);
-		input_chan_bindings->acceptor_address.value = (char *) address;
-		address[0] = ((to_addr & 0xff000000) >> 24);
-		address[1] = ((to_addr & 0xff0000) >> 16);
-		address[2] = ((to_addr & 0xff00) >> 8);
-		address[3] = (to_addr & 0xff);
-		input_chan_bindings->application_data.length = 0;
-
-		major_status = gss_accept_sec_context(&status,
-					      &context_handle,
-                                              gss_cred_handle,
-                                              &input_token,
-                                              input_chan_bindings,
-                                              &src_name,
-                                              &actual_mech_type,
-                                              &output_token,
-                                              &ret_flags,
-                                              &lifetime_rec,
-                                              &gss_delegated_cred_handle);
-
-
-		if (major_status != GSS_S_COMPLETE) {
-
-		  major_status = gss_display_name(&status,
-					  src_name,
-                                          &fullname_buffer,
-                                          &fullname_type);
-			Data(ap, SPX_REJECT, (void *)"auth failed", -1);
-			auth_finished(ap, AUTH_REJECT);
-			return;
-		}
-
-		major_status = gss_display_name(&status,
-                                          src_name,
-                                          &fullname_buffer,
-                                          &fullname_type);
-
-
-		Data(ap, SPX_ACCEPT, (void *)output_token.value, output_token.length);
-		auth_finished(ap, AUTH_USER);
-		break;
-
-	default:
-		Data(ap, SPX_REJECT, 0, 0);
-		break;
-	}
-}
-
-
-	void
-spx_reply(ap, data, cnt)
-	Authenticator *ap;
-	unsigned char *data;
-	int cnt;
-{
-	Session_Key skey;
-
-	if (cnt-- < 1)
-		return;
-	switch (*data++) {
-	case SPX_REJECT:
-		if (cnt > 0) {
-			printf("[ SPX refuses authentication because %.*s ]\r\n",
-				cnt, data);
-		} else
-			printf("[ SPX refuses authentication ]\r\n");
-		auth_send_retry();
-		return;
-	case SPX_ACCEPT:
-		printf("[ SPX accepts you ]\n");
-		if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
-			/*
-			 * Send over the encrypted challenge.
-		 	 */
-		  input_token.value = (char *) data;
-		  input_token.length = cnt;
-
-		  major_status = gss_init_sec_context(&status, /* minor stat */
-                                        GSS_C_NO_CREDENTIAL, /* cred handle */
-                                        &actual_ctxhandle,   /* ctx handle */
-                                        desired_targname,    /* target name */
-                                        GSS_C_NULL_OID,      /* mech type */
-                                        req_flags,           /* req flags */
-                                        0,                   /* time req */
-                                        input_chan_bindings, /* chan binding */
-                                        &input_token,        /* input token */
-                                        &actual_mech_type,   /* actual mech */
-                                        &output_token,       /* output token */
-                                        &ret_flags,          /* ret flags */
-                                        &lifetime_rec);      /* time rec */
-
-		  if (major_status != GSS_S_COMPLETE) {
-		    gss_display_status(&new_status,
-				       status,
-				       GSS_C_MECH_CODE,
-				       GSS_C_NULL_OID,
-				       &msg_ctx,
-				       &status_string);
-		    printf("[ SPX mutual response fails ... '%s' ]\r\n",
-			 status_string.value);
-		    auth_send_retry();
-		    return;
-		  }
-		}
-		auth_finished(ap, AUTH_USER);
-		return;
-
-	default:
-		return;
-	}
-}
-
-	int
-spx_status(ap, name, level)
-	Authenticator *ap;
-	char *name;
-	int level;
-{
-
-	gss_buffer_desc  fullname_buffer, acl_file_buffer;
-	gss_OID          fullname_type;
-        char acl_file[160], fullname[160];
-        int major_status, status = 0;
-	struct passwd  *pwd;
-
-        /*
-         * hard code fullname to
-         *   "SPX:/C=US/O=Digital/OU=LKG/OU=Sphinx/OU=Users/CN=Kannan Alagappan"
-         * and acl_file to "~kannan/.sphinx"
-         */
-
-	pwd = getpwnam(UserNameRequested);
-	if (pwd == NULL) {
-          return(AUTH_USER);   /*  not authenticated  */
-        }
-
-	strcpy(acl_file, pwd->pw_dir);
-	strcat(acl_file, "/.sphinx");
-        acl_file_buffer.value = acl_file;
-        acl_file_buffer.length = strlen(acl_file);
-
-	major_status = gss_display_name(&status,
-					src_name,
-					&fullname_buffer,
-					&fullname_type);
-
-	if (level < AUTH_USER)
-		return(level);
-
-        major_status = gss__check_acl(&status, &fullname_buffer,
-                                      &acl_file_buffer);
-
-        if (major_status == GSS_S_COMPLETE) {
-	  strcpy(name, UserNameRequested);
-	  return(AUTH_VALID);
-        } else {
-           return(AUTH_USER);
-        }
-
-}
-
-#define	BUMP(buf, len)		while (*(buf)) {++(buf), --(len);}
-#define	ADDC(buf, len, c)	if ((len) > 0) {*(buf)++ = (c); --(len);}
-
-	void
-spx_printsub(data, cnt, buf, buflen)
-	unsigned char *data, *buf;
-	int cnt, buflen;
-{
-	char lbuf[32];
-	register int i;
-
-	buf[buflen-1] = '\0';		/* make sure its NULL terminated */
-	buflen -= 1;
-
-	switch(data[3]) {
-	case SPX_REJECT:		/* Rejected (reason might follow) */
-		strncpy((char *)buf, " REJECT ", buflen);
-		goto common;
-
-	case SPX_ACCEPT:		/* Accepted (name might follow) */
-		strncpy((char *)buf, " ACCEPT ", buflen);
-	common:
-		BUMP(buf, buflen);
-		if (cnt <= 4)
-			break;
-		ADDC(buf, buflen, '"');
-		for (i = 4; i < cnt; i++)
-			ADDC(buf, buflen, data[i]);
-		ADDC(buf, buflen, '"');
-		ADDC(buf, buflen, '\0');
-		break;
-
-	case SPX_AUTH:			/* Authentication data follows */
-		strncpy((char *)buf, " AUTH", buflen);
-		goto common2;
-
-	default:
-		sprintf(lbuf, " %d (unknown)", data[3]);
-		strncpy((char *)buf, lbuf, buflen);
-	common2:
-		BUMP(buf, buflen);
-		for (i = 4; i < cnt; i++) {
-			sprintf(lbuf, " %d", data[i]);
-			strncpy((char *)buf, lbuf, buflen);
-			BUMP(buf, buflen);
-		}
-		break;
-	}
-}
-
-#endif
-
-#ifdef notdef
-
-prkey(msg, key)
-	char *msg;
-	unsigned char *key;
-{
-	register int i;
-	printf("%s:", msg);
-	for (i = 0; i < 8; i++)
-		printf(" %3d", key[i]);
-	printf("\r\n");
-}
-#endif
diff --git a/secure/libexec/Makefile.inc b/secure/libexec/Makefile.inc
deleted file mode 100644
index 26d868c39153..000000000000
--- a/secure/libexec/Makefile.inc
+++ /dev/null
@@ -1,6 +0,0 @@
-#	@(#)Makefile.inc	8.1 (Berkeley) 6/4/93
-#	$Id: Makefile.inc,v 1.2 1995/07/29 12:49:22 markm Exp $
-
-BINDIR?=	/usr/libexec
-
-.include "${.CURDIR}/../../Makefile.inc"
diff --git a/secure/libexec/telnetd/Makefile b/secure/libexec/telnetd/Makefile
deleted file mode 100644
index f04e2a31edc1..000000000000
--- a/secure/libexec/telnetd/Makefile
+++ /dev/null
@@ -1,30 +0,0 @@
-#	@(#)Makefile	8.2 (Berkeley) 12/15/93
-#	$Id$
-
-# Do not define -DKLUDGELINEMODE, as it does not interact well with many
-# telnet implementations.
-
-DISTRIBUTION=	krb
-
-PROG=	telnetd
-MAN8=	telnetd.8
-
-SRCS=	authenc.c global.c slc.c state.c sys_term.c telnetd.c \
-	termstat.c utility.c
-
-DPADD=	${TELNETOBJDIR}/libtelnet.a ${LIBUTIL} ${LIBTERMCAP}
-LDADD=	-L${TELNETOBJDIR} -lutil -ltermcap -ltelnet
-
-CFLAGS+= -DLINEMODE -DUSE_TERMIO -DDIAGNOSTICS -DOLD_ENVIRON -DENV_HACK
-CFLAGS+= -DENCRYPTION -I${.CURDIR}/../../lib
-
-.if exists(${DESTDIR}/usr/lib/libkrb.a) && (defined(MAKE_EBONES))
-CFLAGS+=-DAUTHENTICATION
-LDADD+= -ldes -lkrb
-DPADD+= ${LIBDES} ${LIBKRB}
-.endif
-
-# Used only in krb4encpwd.c and rsaencpwd.c (libtelnet), not yet active
-#LDADD+= -ldescrypt
-
-.include <bsd.prog.mk>
diff --git a/secure/libexec/telnetd/authenc.c b/secure/libexec/telnetd/authenc.c
deleted file mode 100644
index ccb463c94d1e..000000000000
--- a/secure/libexec/telnetd/authenc.c
+++ /dev/null
@@ -1,91 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#)authenc.c	8.2 (Berkeley) 5/30/95";
-#endif /* not lint */
-
-#if	defined(AUTHENTICATION) || defined(ENCRYPTION)
-#include "telnetd.h"
-#include <libtelnet/misc.h>
-
-	int
-net_write(str, len)
-	unsigned char *str;
-	int len;
-{
-	if (nfrontp + len < netobuf + BUFSIZ) {
-		memmove((void *)nfrontp, (void *)str, len);
-		nfrontp += len;
-		return(len);
-	}
-	return(0);
-}
-
-	void
-net_encrypt()
-{
-#ifdef	ENCRYPTION
-	char *s = (nclearto > nbackp) ? nclearto : nbackp;
-	if (s < nfrontp && encrypt_output) {
-		(*encrypt_output)((unsigned char *)s, nfrontp - s);
-	}
-	nclearto = nfrontp;
-#endif /* ENCRYPTION */
-}
-
-	int
-telnet_spin()
-{
-	ttloop();
-	return(0);
-}
-
-	char *
-telnet_getenv(val)
-	char *val;
-{
-	extern char *getenv();
-	return(getenv(val));
-}
-
-	char *
-telnet_gets(prompt, result, length, echo)
-	char *prompt;
-	char *result;
-	int length;
-	int echo;
-{
-	return((char *)0);
-}
-#endif	/* defined(AUTHENTICATION) || defined(ENCRYPTION) */
diff --git a/secure/libexec/telnetd/defs.h b/secure/libexec/telnetd/defs.h
deleted file mode 100644
index a73d4a619978..000000000000
--- a/secure/libexec/telnetd/defs.h
+++ /dev/null
@@ -1,296 +0,0 @@
-/*
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)defs.h	8.1 (Berkeley) 6/4/93
- */
-
-/*
- * Telnet server defines
- */
-#include <sys/types.h>
-#include <sys/param.h>
-
-#ifndef	BSD
-# define	BSD 43
-#endif
-
-#if	defined(CRAY) && !defined(LINEMODE)
-# define SYSV_TERMIO
-# define LINEMODE
-# define KLUDGELINEMODE
-# define DIAGNOSTICS
-# if defined(UNICOS50) && !defined(UNICOS5)
-#  define UNICOS5
-# endif
-# if !defined(UNICOS5)
-#  define BFTPDAEMON
-#  define HAS_IP_TOS
-# endif
-#endif /* CRAY */
-#if defined(UNICOS5) && !defined(NO_SETSID)
-# define NO_SETSID
-#endif
-
-#if defined(PRINTOPTIONS) && defined(DIAGNOSTICS)
-#define TELOPTS
-#define TELCMDS
-#define	SLC_NAMES
-#endif
-
-#if	defined(SYSV_TERMIO) && !defined(USE_TERMIO)
-# define	USE_TERMIO
-#endif
-
-#include <sys/socket.h>
-#ifndef	CRAY
-#include <sys/wait.h>
-#endif	/* CRAY */
-#include <fcntl.h>
-#include <sys/file.h>
-#include <sys/stat.h>
-#include <sys/time.h>
-#ifndef	FILIO_H
-#include <sys/ioctl.h>
-#else
-#include <sys/filio.h>
-#endif
-
-#include <netinet/in.h>
-
-#include <arpa/telnet.h>
-
-#include <stdio.h>
-#ifdef	__STDC__
-#include <stdlib.h>
-#endif
-#include <signal.h>
-#include <errno.h>
-#include <netdb.h>
-#include <syslog.h>
-#ifndef	LOG_DAEMON
-#define	LOG_DAEMON	0
-#endif
-#ifndef	LOG_ODELAY
-#define	LOG_ODELAY	0
-#endif
-#include <ctype.h>
-#ifndef NO_STRING_H
-#include <string.h>
-#else
-#include <strings.h>
-#endif
-
-#ifndef	USE_TERMIO
-#include <sgtty.h>
-#else
-# ifdef	SYSV_TERMIO
-# include <termio.h>
-# else
-# include <termios.h>
-# endif
-#endif
-#if !defined(USE_TERMIO) || defined(NO_CC_T)
-typedef unsigned char cc_t;
-#endif
-
-#ifdef	__STDC__
-#include <unistd.h>
-#endif
-
-#ifndef _POSIX_VDISABLE
-# ifdef VDISABLE
-#  define _POSIX_VDISABLE VDISABLE
-# else
-#  define _POSIX_VDISABLE ((unsigned char)'\377')
-# endif
-#endif
-
-
-#ifdef	CRAY
-# ifdef	CRAY1
-# include <sys/pty.h>
-#  ifndef FD_ZERO
-# include <sys/select.h>
-#  endif /* FD_ZERO */
-# endif	/* CRAY1 */
-
-#include <memory.h>
-#endif	/* CRAY */
-
-#ifdef __hpux
-#include <sys/ptyio.h>
-#endif
-
-#if	!defined(TIOCSCTTY) && defined(TCSETCTTY)
-# define	TIOCSCTTY TCSETCTTY
-#endif
-
-#ifndef	FD_SET
-#ifndef	HAVE_fd_set
-typedef struct fd_set { int fds_bits[1]; } fd_set;
-#endif
-
-#define	FD_SET(n, p)	((p)->fds_bits[0] |= (1<<(n)))
-#define	FD_CLR(n, p)	((p)->fds_bits[0] &= ~(1<<(n)))
-#define	FD_ISSET(n, p)	((p)->fds_bits[0] & (1<<(n)))
-#define FD_ZERO(p)	((p)->fds_bits[0] = 0)
-#endif	/* FD_SET */
-
-/*
- * I/O data buffers defines
- */
-#define	NETSLOP	64
-#ifdef CRAY
-#undef BUFSIZ
-#define BUFSIZ  2048
-#endif
-
-#define	NIACCUM(c)	{   *netip++ = c; \
-			    ncc++; \
-			}
-
-/* clock manipulations */
-#define	settimer(x)	(clocks.x = ++clocks.system)
-#define	sequenceIs(x,y)	(clocks.x < clocks.y)
-
-/*
- * Linemode support states, in decreasing order of importance
- */
-#define REAL_LINEMODE	0x04
-#define KLUDGE_OK	0x03
-#define	NO_AUTOKLUDGE	0x02
-#define KLUDGE_LINEMODE	0x01
-#define NO_LINEMODE	0x00
-
-/*
- * Structures of information for each special character function.
- */
-typedef struct {
-	unsigned char	flag;		/* the flags for this function */
-	cc_t		val;		/* the value of the special character */
-} slcent, *Slcent;
-
-typedef struct {
-	slcent		defset;		/* the default settings */
-	slcent		current;	/* the current settings */
-	cc_t		*sptr;		/* a pointer to the char in */
-					/* system data structures */
-} slcfun, *Slcfun;
-
-#ifdef DIAGNOSTICS
-/*
- * Diagnostics capabilities
- */
-#define	TD_REPORT	0x01	/* Report operations to client */
-#define TD_EXERCISE	0x02	/* Exercise client's implementation */
-#define TD_NETDATA	0x04	/* Display received data stream */
-#define TD_PTYDATA	0x08	/* Display data passed to pty */
-#define	TD_OPTIONS	0x10	/* Report just telnet options */
-#endif /* DIAGNOSTICS */
-
-/*
- * We keep track of each side of the option negotiation.
- */
-
-#define	MY_STATE_WILL		0x01
-#define	MY_WANT_STATE_WILL	0x02
-#define	MY_STATE_DO		0x04
-#define	MY_WANT_STATE_DO	0x08
-
-/*
- * Macros to check the current state of things
- */
-
-#define	my_state_is_do(opt)		(options[opt]&MY_STATE_DO)
-#define	my_state_is_will(opt)		(options[opt]&MY_STATE_WILL)
-#define my_want_state_is_do(opt)	(options[opt]&MY_WANT_STATE_DO)
-#define my_want_state_is_will(opt)	(options[opt]&MY_WANT_STATE_WILL)
-
-#define	my_state_is_dont(opt)		(!my_state_is_do(opt))
-#define	my_state_is_wont(opt)		(!my_state_is_will(opt))
-#define my_want_state_is_dont(opt)	(!my_want_state_is_do(opt))
-#define my_want_state_is_wont(opt)	(!my_want_state_is_will(opt))
-
-#define	set_my_state_do(opt)		(options[opt] |= MY_STATE_DO)
-#define	set_my_state_will(opt)		(options[opt] |= MY_STATE_WILL)
-#define	set_my_want_state_do(opt)	(options[opt] |= MY_WANT_STATE_DO)
-#define	set_my_want_state_will(opt)	(options[opt] |= MY_WANT_STATE_WILL)
-
-#define	set_my_state_dont(opt)		(options[opt] &= ~MY_STATE_DO)
-#define	set_my_state_wont(opt)		(options[opt] &= ~MY_STATE_WILL)
-#define	set_my_want_state_dont(opt)	(options[opt] &= ~MY_WANT_STATE_DO)
-#define	set_my_want_state_wont(opt)	(options[opt] &= ~MY_WANT_STATE_WILL)
-
-/*
- * Tricky code here.  What we want to know is if the MY_STATE_WILL
- * and MY_WANT_STATE_WILL bits have the same value.  Since the two
- * bits are adjacent, a little arithmatic will show that by adding
- * in the lower bit, the upper bit will be set if the two bits were
- * different, and clear if they were the same.
- */
-#define my_will_wont_is_changing(opt) \
-			((options[opt]+MY_STATE_WILL) & MY_WANT_STATE_WILL)
-
-#define my_do_dont_is_changing(opt) \
-			((options[opt]+MY_STATE_DO) & MY_WANT_STATE_DO)
-
-/*
- * Make everything symetrical
- */
-
-#define	HIS_STATE_WILL			MY_STATE_DO
-#define	HIS_WANT_STATE_WILL		MY_WANT_STATE_DO
-#define HIS_STATE_DO			MY_STATE_WILL
-#define HIS_WANT_STATE_DO		MY_WANT_STATE_WILL
-
-#define	his_state_is_do			my_state_is_will
-#define	his_state_is_will		my_state_is_do
-#define his_want_state_is_do		my_want_state_is_will
-#define his_want_state_is_will		my_want_state_is_do
-
-#define	his_state_is_dont		my_state_is_wont
-#define	his_state_is_wont		my_state_is_dont
-#define his_want_state_is_dont		my_want_state_is_wont
-#define his_want_state_is_wont		my_want_state_is_dont
-
-#define	set_his_state_do		set_my_state_will
-#define	set_his_state_will		set_my_state_do
-#define	set_his_want_state_do		set_my_want_state_will
-#define	set_his_want_state_will		set_my_want_state_do
-
-#define	set_his_state_dont		set_my_state_wont
-#define	set_his_state_wont		set_my_state_dont
-#define	set_his_want_state_dont		set_my_want_state_wont
-#define	set_his_want_state_wont		set_my_want_state_dont
-
-#define his_will_wont_is_changing	my_do_dont_is_changing
-#define his_do_dont_is_changing		my_will_wont_is_changing
diff --git a/secure/libexec/telnetd/ext.h b/secure/libexec/telnetd/ext.h
deleted file mode 100644
index db3f1c395313..000000000000
--- a/secure/libexec/telnetd/ext.h
+++ /dev/null
@@ -1,242 +0,0 @@
-/*
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)ext.h	8.2 (Berkeley) 12/15/93
- */
-
-/*
- * Telnet server variable declarations
- */
-extern char	options[256];
-extern char	do_dont_resp[256];
-extern char	will_wont_resp[256];
-extern int	linemode;	/* linemode on/off */
-#ifdef	LINEMODE
-extern int	uselinemode;	/* what linemode to use (on/off) */
-extern int	editmode;	/* edit modes in use */
-extern int	useeditmode;	/* edit modes to use */
-extern int	alwayslinemode;	/* command line option */
-extern int	lmodetype;	/* Client support for linemode */
-#endif	/* LINEMODE */
-extern int	flowmode;	/* current flow control state */
-extern int	restartany;	/* restart output on any character state */
-#ifdef DIAGNOSTICS
-extern int	diagnostic;	/* telnet diagnostic capabilities */
-#endif /* DIAGNOSTICS */
-#ifdef BFTPDAEMON
-extern int	bftpd;		/* behave as bftp daemon */
-#endif /* BFTPDAEMON */
-#if	defined(SecurID)
-extern int	require_SecurID;
-#endif
-#if	defined(AUTHENTICATION)
-extern int	auth_level;
-#endif
-
-extern slcfun	slctab[NSLC + 1];	/* slc mapping table */
-
-char	*terminaltype;
-
-/*
- * I/O data buffers, pointers, and counters.
- */
-extern char	ptyobuf[BUFSIZ+NETSLOP], *pfrontp, *pbackp;
-
-extern char	netibuf[BUFSIZ], *netip;
-
-extern char	netobuf[BUFSIZ+NETSLOP], *nfrontp, *nbackp;
-extern char	*neturg;		/* one past last bye of urgent data */
-
-extern int	pcc, ncc;
-
-#if defined(CRAY2) && defined(UNICOS5)
-extern int unpcc;  /* characters left unprocessed by CRAY-2 terminal routine */
-extern char *unptyip;  /* pointer to remaining characters in buffer */
-#endif
-
-extern int	pty, net;
-extern char	*line;
-extern int	SYNCHing;		/* we are in TELNET SYNCH mode */
-
-#ifndef	P
-# ifdef	__STDC__
-#  define P(x)	x
-# else
-#  define P(x)	()
-# endif
-#endif
-
-extern void
-	_termstat P((void)),
-	add_slc P((int, int, int)),
-	check_slc P((void)),
-	change_slc P((int, int, int)),
-	cleanup P((int)),
-	clientstat P((int, int, int)),
-	copy_termbuf P((char *, int)),
-	deferslc P((void)),
-	defer_terminit P((void)),
-	do_opt_slc P((unsigned char *, int)),
-	doeof P((void)),
-	dooption P((int)),
-	dontoption P((int)),
-	edithost P((char *, char *)),
-	fatal P((int, char *)),
-	fatalperror P((int, char *)),
-	get_slc_defaults P((void)),
-	init_env P((void)),
-	init_termbuf P((void)),
-	interrupt P((void)),
-	localstat P((void)),
-	flowstat P((void)),
-	netclear P((void)),
-	netflush P((void)),
-#ifdef DIAGNOSTICS
-	printoption P((char *, int)),
-	printdata P((char *, char *, int)),
-	printsub P((int, unsigned char *, int)),
-#endif
-	ptyflush P((void)),
-	putchr P((int)),
-	putf P((char *, char *)),
-	recv_ayt P((void)),
-	send_do P((int, int)),
-	send_dont P((int, int)),
-	send_slc P((void)),
-	send_status P((void)),
-	send_will P((int, int)),
-	send_wont P((int, int)),
-	sendbrk P((void)),
-	sendsusp P((void)),
-	set_termbuf P((void)),
-	start_login P((char *, int, char *)),
-	start_slc P((int)),
-#if	defined(AUTHENTICATION)
-	start_slave P((char *)),
-#else
-	start_slave P((char *, int, char *)),
-#endif
-	suboption P((void)),
-	telrcv P((void)),
-	ttloop P((void)),
-	tty_binaryin P((int)),
-	tty_binaryout P((int));
-
-extern int
-	end_slc P((unsigned char **)),
-	getnpty P((void)),
-#ifndef convex
-	getpty P((int *)),
-#endif
-	login_tty P((int)),
-	spcset P((int, cc_t *, cc_t **)),
-	stilloob P((int)),
-	terminit P((void)),
-	termstat P((void)),
-	tty_flowmode P((void)),
-	tty_restartany P((void)),
-	tty_isbinaryin P((void)),
-	tty_isbinaryout P((void)),
-	tty_iscrnl P((void)),
-	tty_isecho P((void)),
-	tty_isediting P((void)),
-	tty_islitecho P((void)),
-	tty_isnewmap P((void)),
-	tty_israw P((void)),
-	tty_issofttab P((void)),
-	tty_istrapsig P((void)),
-	tty_linemode P((void));
-
-extern void
-	tty_rspeed P((int)),
-	tty_setecho P((int)),
-	tty_setedit P((int)),
-	tty_setlinemode P((int)),
-	tty_setlitecho P((int)),
-	tty_setsig P((int)),
-	tty_setsofttab P((int)),
-	tty_tspeed P((int)),
-	willoption P((int)),
-	wontoption P((int)),
-	writenet P((unsigned char *, int));
-
-#ifdef	ENCRYPTION
-extern void	(*encrypt_output) P((unsigned char *, int));
-extern int	(*decrypt_input) P((int));
-extern char	*nclearto;
-#endif	/* ENCRYPTION */
-
-
-/*
- * The following are some clocks used to decide how to interpret
- * the relationship between various variables.
- */
-
-extern struct {
-    int
-	system,			/* what the current time is */
-	echotoggle,		/* last time user entered echo character */
-	modenegotiated,		/* last time operating mode negotiated */
-	didnetreceive,		/* last time we read data from network */
-	ttypesubopt,		/* ttype subopt is received */
-	tspeedsubopt,		/* tspeed subopt is received */
-	environsubopt,		/* environ subopt is received */
-	oenvironsubopt,		/* old environ subopt is received */
-	xdisplocsubopt,		/* xdisploc subopt is received */
-	baseline,		/* time started to do timed action */
-	gotDM;			/* when did we last see a data mark */
-} clocks;
-
-
-#if	defined(CRAY2) && defined(UNICOS5)
-extern int	needtermstat;
-#endif
-
-#ifndef	DEFAULT_IM
-# ifdef CRAY
-#  define DEFAULT_IM	"\r\n\r\nCray UNICOS (%h) (%t)\r\n\r\r\n\r"
-# else
-#  ifdef sun
-#   define DEFAULT_IM	"\r\n\r\nSunOS UNIX (%h) (%t)\r\n\r\r\n\r"
-#  else
-#   ifdef ultrix
-#    define DEFAULT_IM	"\r\n\r\nULTRIX (%h) (%t)\r\n\r\r\n\r"
-#   else
-#    ifdef __FreeBSD__
-#     define DEFAULT_IM  "\r\n\r\nFreeBSD (%h) (%t)\r\n\r\r\n\r"
-#    else
-#     define DEFAULT_IM  "\r\n\r\n4.4 BSD UNIX (%h) (%t)\r\n\r\r\n\r"
-#    endif
-#   endif
-#  endif
-# endif
-#endif
diff --git a/secure/libexec/telnetd/global.c b/secure/libexec/telnetd/global.c
deleted file mode 100644
index af21acc69fb1..000000000000
--- a/secure/libexec/telnetd/global.c
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#)global.c	8.1 (Berkeley) 6/4/93";
-#endif /* not lint */
-
-/*
- * Allocate global variables.  We do this
- * by including the header file that defines
- * them all as externs, but first we define
- * the keyword "extern" to be nothing, so that
- * we will actually allocate the space.
- */
-
-#include "defs.h"
-#define extern
-#include "ext.h"
diff --git a/secure/libexec/telnetd/pathnames.h b/secure/libexec/telnetd/pathnames.h
deleted file mode 100644
index 4e14a88b49cd..000000000000
--- a/secure/libexec/telnetd/pathnames.h
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)pathnames.h	8.1 (Berkeley) 6/4/93
- */
-
-#if BSD > 43
-
-# include <paths.h>
-
-# ifndef _PATH_LOGIN
-#  define	_PATH_LOGIN	"/usr/bin/login"
-# endif
-
-#else
-
-# define	_PATH_TTY	"/dev/tty"
-# ifndef _PATH_LOGIN
-#  define	_PATH_LOGIN	"/bin/login"
-# endif
-
-#endif
-
-#ifdef BFTPDAEMON
-#define		BFTPPATH	"/usr/ucb/bftp"
-#endif  /* BFTPDAEMON */
diff --git a/secure/libexec/telnetd/slc.c b/secure/libexec/telnetd/slc.c
deleted file mode 100644
index 6cbb7ababa1b..000000000000
--- a/secure/libexec/telnetd/slc.c
+++ /dev/null
@@ -1,491 +0,0 @@
-/*
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#)slc.c	8.2 (Berkeley) 5/30/95";
-#endif /* not lint */
-
-#include "telnetd.h"
-
-#ifdef	LINEMODE
-/*
- * local varibles
- */
-static unsigned char	*def_slcbuf = (unsigned char *)0;
-static int		def_slclen = 0;
-static int		slcchange;	/* change to slc is requested */
-static unsigned char	*slcptr;	/* pointer into slc buffer */
-static unsigned char	slcbuf[NSLC*6];	/* buffer for slc negotiation */
-
-/*
- * send_slc
- *
- * Write out the current special characters to the client.
- */
-	void
-send_slc()
-{
-	register int i;
-
-	/*
-	 * Send out list of triplets of special characters
-	 * to client.  We only send info on the characters
-	 * that are currently supported.
-	 */
-	for (i = 1; i <= NSLC; i++) {
-		if ((slctab[i].defset.flag & SLC_LEVELBITS) == SLC_NOSUPPORT)
-			continue;
-		add_slc((unsigned char)i, slctab[i].current.flag,
-							slctab[i].current.val);
-	}
-
-}  /* end of send_slc */
-
-/*
- * default_slc
- *
- * Set pty special characters to all the defaults.
- */
-	void
-default_slc()
-{
-	register int i;
-
-	for (i = 1; i <= NSLC; i++) {
-		slctab[i].current.val = slctab[i].defset.val;
-		if (slctab[i].current.val == (cc_t)(_POSIX_VDISABLE))
-			slctab[i].current.flag = SLC_NOSUPPORT;
-		else
-			slctab[i].current.flag = slctab[i].defset.flag;
-		if (slctab[i].sptr) {
-			*(slctab[i].sptr) = slctab[i].defset.val;
-		}
-	}
-	slcchange = 1;
-
-}  /* end of default_slc */
-#endif	/* LINEMODE */
-
-/*
- * get_slc_defaults
- *
- * Initialize the slc mapping table.
- */
-	void
-get_slc_defaults()
-{
-	register int i;
-
-	init_termbuf();
-
-	for (i = 1; i <= NSLC; i++) {
-		slctab[i].defset.flag =
-			spcset(i, &slctab[i].defset.val, &slctab[i].sptr);
-		slctab[i].current.flag = SLC_NOSUPPORT;
-		slctab[i].current.val = 0;
-	}
-
-}  /* end of get_slc_defaults */
-
-#ifdef	LINEMODE
-/*
- * add_slc
- *
- * Add an slc triplet to the slc buffer.
- */
-	void
-add_slc(func, flag, val)
-	register char func, flag;
-	register cc_t val;
-{
-
-	if ((*slcptr++ = (unsigned char)func) == 0xff)
-		*slcptr++ = 0xff;
-
-	if ((*slcptr++ = (unsigned char)flag) == 0xff)
-		*slcptr++ = 0xff;
-
-	if ((*slcptr++ = (unsigned char)val) == 0xff)
-		*slcptr++ = 0xff;
-
-}  /* end of add_slc */
-
-/*
- * start_slc
- *
- * Get ready to process incoming slc's and respond to them.
- *
- * The parameter getit is non-zero if it is necessary to grab a copy
- * of the terminal control structures.
- */
-	void
-start_slc(getit)
-	register int getit;
-{
-
-	slcchange = 0;
-	if (getit)
-		init_termbuf();
-	(void) sprintf((char *)slcbuf, "%c%c%c%c",
-					IAC, SB, TELOPT_LINEMODE, LM_SLC);
-	slcptr = slcbuf + 4;
-
-}  /* end of start_slc */
-
-/*
- * end_slc
- *
- * Finish up the slc negotiation.  If something to send, then send it.
- */
-	int
-end_slc(bufp)
-	register unsigned char **bufp;
-{
-	register int len;
-	void netflush();
-
-	/*
-	 * If a change has occured, store the new terminal control
-	 * structures back to the terminal driver.
-	 */
-	if (slcchange) {
-		set_termbuf();
-	}
-
-	/*
-	 * If the pty state has not yet been fully processed and there is a
-	 * deferred slc request from the client, then do not send any
-	 * sort of slc negotiation now.  We will respond to the client's
-	 * request very soon.
-	 */
-	if (def_slcbuf && (terminit() == 0)) {
-		return(0);
-	}
-
-	if (slcptr > (slcbuf + 4)) {
-		if (bufp) {
-			*bufp = &slcbuf[4];
-			return(slcptr - slcbuf - 4);
-		} else {
-			(void) sprintf((char *)slcptr, "%c%c", IAC, SE);
-			slcptr += 2;
-			len = slcptr - slcbuf;
-			writenet(slcbuf, len);
-			netflush();  /* force it out immediately */
-			DIAG(TD_OPTIONS, printsub('>', slcbuf+2, len-2););
-		}
-	}
-	return (0);
-
-}  /* end of end_slc */
-
-/*
- * process_slc
- *
- * Figure out what to do about the client's slc
- */
-	void
-process_slc(func, flag, val)
-	register unsigned char func, flag;
-	register cc_t val;
-{
-	register int hislevel, mylevel, ack;
-
-	/*
-	 * Ensure that we know something about this function
-	 */
-	if (func > NSLC) {
-		add_slc(func, SLC_NOSUPPORT, 0);
-		return;
-	}
-
-	/*
-	 * Process the special case requests of 0 SLC_DEFAULT 0
-	 * and 0 SLC_VARIABLE 0.  Be a little forgiving here, don't
-	 * worry about whether the value is actually 0 or not.
-	 */
-	if (func == 0) {
-		if ((flag = flag & SLC_LEVELBITS) == SLC_DEFAULT) {
-			default_slc();
-			send_slc();
-		} else if (flag == SLC_VARIABLE) {
-			send_slc();
-		}
-		return;
-	}
-
-	/*
-	 * Appears to be a function that we know something about.  So
-	 * get on with it and see what we know.
-	 */
-
-	hislevel = flag & SLC_LEVELBITS;
-	mylevel = slctab[func].current.flag & SLC_LEVELBITS;
-	ack = flag & SLC_ACK;
-	/*
-	 * ignore the command if:
-	 * the function value and level are the same as what we already have;
-	 * or the level is the same and the ack bit is set
-	 */
-	if (hislevel == mylevel && (val == slctab[func].current.val || ack)) {
-		return;
-	} else if (ack) {
-		/*
-		 * If we get here, we got an ack, but the levels don't match.
-		 * This shouldn't happen.  If it does, it is probably because
-		 * we have sent two requests to set a variable without getting
-		 * a response between them, and this is the first response.
-		 * So, ignore it, and wait for the next response.
-		 */
-		return;
-	} else {
-		change_slc(func, flag, val);
-	}
-
-}  /* end of process_slc */
-
-/*
- * change_slc
- *
- * Process a request to change one of our special characters.
- * Compare client's request with what we are capable of supporting.
- */
-	void
-change_slc(func, flag, val)
-	register char func, flag;
-	register cc_t val;
-{
-	register int hislevel, mylevel;
-
-	hislevel = flag & SLC_LEVELBITS;
-	mylevel = slctab[func].defset.flag & SLC_LEVELBITS;
-	/*
-	 * If client is setting a function to NOSUPPORT
-	 * or DEFAULT, then we can easily and directly
-	 * accomodate the request.
-	 */
-	if (hislevel == SLC_NOSUPPORT) {
-		slctab[func].current.flag = flag;
-		slctab[func].current.val = (cc_t)_POSIX_VDISABLE;
-		flag |= SLC_ACK;
-		add_slc(func, flag, val);
-		return;
-	}
-	if (hislevel == SLC_DEFAULT) {
-		/*
-		 * Special case here.  If client tells us to use
-		 * the default on a function we don't support, then
-		 * return NOSUPPORT instead of what we may have as a
-		 * default level of DEFAULT.
-		 */
-		if (mylevel == SLC_DEFAULT) {
-			slctab[func].current.flag = SLC_NOSUPPORT;
-		} else {
-			slctab[func].current.flag = slctab[func].defset.flag;
-		}
-		slctab[func].current.val = slctab[func].defset.val;
-		add_slc(func, slctab[func].current.flag,
-						slctab[func].current.val);
-		return;
-	}
-
-	/*
-	 * Client wants us to change to a new value or he
-	 * is telling us that he can't change to our value.
-	 * Some of the slc's we support and can change,
-	 * some we do support but can't change,
-	 * and others we don't support at all.
-	 * If we can change it then we have a pointer to
-	 * the place to put the new value, so change it,
-	 * otherwise, continue the negotiation.
-	 */
-	if (slctab[func].sptr) {
-		/*
-		 * We can change this one.
-		 */
-		slctab[func].current.val = val;
-		*(slctab[func].sptr) = val;
-		slctab[func].current.flag = flag;
-		flag |= SLC_ACK;
-		slcchange = 1;
-		add_slc(func, flag, val);
-	} else {
-		/*
-		* It is not possible for us to support this
-		* request as he asks.
-		*
-		* If our level is DEFAULT, then just ack whatever was
-		* sent.
-		*
-		* If he can't change and we can't change,
-		* then degenerate to NOSUPPORT.
-		*
-		* Otherwise we send our level back to him, (CANTCHANGE
-		* or NOSUPPORT) and if CANTCHANGE, send
-		* our value as well.
-		*/
-		if (mylevel == SLC_DEFAULT) {
-			slctab[func].current.flag = flag;
-			slctab[func].current.val = val;
-			flag |= SLC_ACK;
-		} else if (hislevel == SLC_CANTCHANGE &&
-				    mylevel == SLC_CANTCHANGE) {
-			flag &= ~SLC_LEVELBITS;
-			flag |= SLC_NOSUPPORT;
-			slctab[func].current.flag = flag;
-		} else {
-			flag &= ~SLC_LEVELBITS;
-			flag |= mylevel;
-			slctab[func].current.flag = flag;
-			if (mylevel == SLC_CANTCHANGE) {
-				slctab[func].current.val =
-					slctab[func].defset.val;
-				val = slctab[func].current.val;
-			}
-		}
-		add_slc(func, flag, val);
-	}
-
-}  /* end of change_slc */
-
-#if	defined(USE_TERMIO) && (VEOF == VMIN)
-cc_t oldeofc = '\004';
-#endif
-
-/*
- * check_slc
- *
- * Check the special characters in use and notify the client if any have
- * changed.  Only those characters that are capable of being changed are
- * likely to have changed.  If a local change occurs, kick the support level
- * and flags up to the defaults.
- */
-	void
-check_slc()
-{
-	register int i;
-
-	for (i = 1; i <= NSLC; i++) {
-#if	defined(USE_TERMIO) && (VEOF == VMIN)
-		/*
-		 * In a perfect world this would be a neat little
-		 * function.  But in this world, we should not notify
-		 * client of changes to the VEOF char when
-		 * ICANON is off, because it is not representing
-		 * a special character.
-		 */
-		if (i == SLC_EOF) {
-			if (!tty_isediting())
-				continue;
-			else if (slctab[i].sptr)
-				oldeofc = *(slctab[i].sptr);
-		}
-#endif	/* defined(USE_TERMIO) && defined(SYSV_TERMIO) */
-		if (slctab[i].sptr &&
-				(*(slctab[i].sptr) != slctab[i].current.val)) {
-			slctab[i].current.val = *(slctab[i].sptr);
-			if (*(slctab[i].sptr) == (cc_t)_POSIX_VDISABLE)
-				slctab[i].current.flag = SLC_NOSUPPORT;
-			else
-				slctab[i].current.flag = slctab[i].defset.flag;
-			add_slc((unsigned char)i, slctab[i].current.flag,
-						slctab[i].current.val);
-		}
-	}
-}  /* check_slc */
-
-/*
- * do_opt_slc
- *
- * Process an slc option buffer.  Defer processing of incoming slc's
- * until after the terminal state has been processed.  Save the first slc
- * request that comes along, but discard all others.
- *
- * ptr points to the beginning of the buffer, len is the length.
- */
-	void
-do_opt_slc(ptr, len)
-	register unsigned char *ptr;
-	register int len;
-{
-	register unsigned char func, flag;
-	cc_t val;
-	register unsigned char *end = ptr + len;
-
-	if (terminit()) {  /* go ahead */
-		while (ptr < end) {
-			func = *ptr++;
-			if (ptr >= end) break;
-			flag = *ptr++;
-			if (ptr >= end) break;
-			val = (cc_t)*ptr++;
-
-			process_slc(func, flag, val);
-
-		}
-	} else {
-		/*
-		 * save this slc buffer if it is the first, otherwise dump
-		 * it.
-		 */
-		if (def_slcbuf == (unsigned char *)0) {
-			def_slclen = len;
-			def_slcbuf = (unsigned char *)malloc((unsigned)len);
-			if (def_slcbuf == (unsigned char *)0)
-				return;  /* too bad */
-			memmove(def_slcbuf, ptr, len);
-		}
-	}
-
-}  /* end of do_opt_slc */
-
-/*
- * deferslc
- *
- * Do slc stuff that was deferred.
- */
-	void
-deferslc()
-{
-	if (def_slcbuf) {
-		start_slc(1);
-		do_opt_slc(def_slcbuf, def_slclen);
-		(void) end_slc(0);
-		free(def_slcbuf);
-		def_slcbuf = (unsigned char *)0;
-		def_slclen = 0;
-	}
-
-}  /* end of deferslc */
-
-#endif	/* LINEMODE */
diff --git a/secure/libexec/telnetd/state.c b/secure/libexec/telnetd/state.c
deleted file mode 100644
index 4ee8bea66f97..000000000000
--- a/secure/libexec/telnetd/state.c
+++ /dev/null
@@ -1,1612 +0,0 @@
-/*
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#)state.c	8.5 (Berkeley) 5/30/95";
-#endif /* not lint */
-
-#include "telnetd.h"
-#if	defined(AUTHENTICATION)
-#include <libtelnet/auth.h>
-#endif
-
-unsigned char	doopt[] = { IAC, DO, '%', 'c', 0 };
-unsigned char	dont[] = { IAC, DONT, '%', 'c', 0 };
-unsigned char	will[] = { IAC, WILL, '%', 'c', 0 };
-unsigned char	wont[] = { IAC, WONT, '%', 'c', 0 };
-int	not42 = 1;
-
-/*
- * Buffer for sub-options, and macros
- * for suboptions buffer manipulations
- */
-unsigned char subbuffer[512], *subpointer= subbuffer, *subend= subbuffer;
-
-#define	SB_CLEAR()	subpointer = subbuffer
-#define	SB_TERM()	{ subend = subpointer; SB_CLEAR(); }
-#define	SB_ACCUM(c)	if (subpointer < (subbuffer+sizeof subbuffer)) { \
-				*subpointer++ = (c); \
-			}
-#define	SB_GET()	((*subpointer++)&0xff)
-#define	SB_EOF()	(subpointer >= subend)
-#define	SB_LEN()	(subend - subpointer)
-
-#ifdef	ENV_HACK
-unsigned char *subsave;
-#define SB_SAVE()	subsave = subpointer;
-#define	SB_RESTORE()	subpointer = subsave;
-#endif
-
-
-/*
- * State for recv fsm
- */
-#define	TS_DATA		0	/* base state */
-#define	TS_IAC		1	/* look for double IAC's */
-#define	TS_CR		2	/* CR-LF ->'s CR */
-#define	TS_SB		3	/* throw away begin's... */
-#define	TS_SE		4	/* ...end's (suboption negotiation) */
-#define	TS_WILL		5	/* will option negotiation */
-#define	TS_WONT		6	/* wont " */
-#define	TS_DO		7	/* do " */
-#define	TS_DONT		8	/* dont " */
-
-	void
-telrcv()
-{
-	register int c;
-	static int state = TS_DATA;
-#if	defined(CRAY2) && defined(UNICOS5)
-	char *opfrontp = pfrontp;
-#endif
-
-	while (ncc > 0) {
-		if ((&ptyobuf[BUFSIZ] - pfrontp) < 2)
-			break;
-		c = *netip++ & 0377, ncc--;
-#ifdef	ENCRYPTION
-		if (decrypt_input)
-			c = (*decrypt_input)(c);
-#endif	/* ENCRYPTION */
-		switch (state) {
-
-		case TS_CR:
-			state = TS_DATA;
-			/* Strip off \n or \0 after a \r */
-			if ((c == 0) || (c == '\n')) {
-				break;
-			}
-			/* FALL THROUGH */
-
-		case TS_DATA:
-			if (c == IAC) {
-				state = TS_IAC;
-				break;
-			}
-			/*
-			 * We now map \r\n ==> \r for pragmatic reasons.
-			 * Many client implementations send \r\n when
-			 * the user hits the CarriageReturn key.
-			 *
-			 * We USED to map \r\n ==> \n, since \r\n says
-			 * that we want to be in column 1 of the next
-			 * printable line, and \n is the standard
-			 * unix way of saying that (\r is only good
-			 * if CRMOD is set, which it normally is).
-			 */
-			if ((c == '\r') && his_state_is_wont(TELOPT_BINARY)) {
-				int nc = *netip;
-#ifdef	ENCRYPTION
-				if (decrypt_input)
-					nc = (*decrypt_input)(nc & 0xff);
-#endif	/* ENCRYPTION */
-#ifdef	LINEMODE
-				/*
-				 * If we are operating in linemode,
-				 * convert to local end-of-line.
-				 */
-				if (linemode && (ncc > 0) && (('\n' == nc) ||
-					 ((0 == nc) && tty_iscrnl())) ) {
-					netip++; ncc--;
-					c = '\n';
-				} else
-#endif
-				{
-#ifdef	ENCRYPTION
-					if (decrypt_input)
-						(void)(*decrypt_input)(-1);
-#endif	/* ENCRYPTION */
-					state = TS_CR;
-				}
-			}
-			*pfrontp++ = c;
-			break;
-
-		case TS_IAC:
-gotiac:			switch (c) {
-
-			/*
-			 * Send the process on the pty side an
-			 * interrupt.  Do this with a NULL or
-			 * interrupt char; depending on the tty mode.
-			 */
-			case IP:
-				DIAG(TD_OPTIONS,
-					printoption("td: recv IAC", c));
-				interrupt();
-				break;
-
-			case BREAK:
-				DIAG(TD_OPTIONS,
-					printoption("td: recv IAC", c));
-				sendbrk();
-				break;
-
-			/*
-			 * Are You There?
-			 */
-			case AYT:
-				DIAG(TD_OPTIONS,
-					printoption("td: recv IAC", c));
-				recv_ayt();
-				break;
-
-			/*
-			 * Abort Output
-			 */
-			case AO:
-			    {
-				DIAG(TD_OPTIONS,
-					printoption("td: recv IAC", c));
-				ptyflush();	/* half-hearted */
-				init_termbuf();
-
-				if (slctab[SLC_AO].sptr &&
-				    *slctab[SLC_AO].sptr != (cc_t)(_POSIX_VDISABLE)) {
-				    *pfrontp++ =
-					(unsigned char)*slctab[SLC_AO].sptr;
-				}
-
-				netclear();	/* clear buffer back */
-				*nfrontp++ = IAC;
-				*nfrontp++ = DM;
-				neturg = nfrontp-1; /* off by one XXX */
-				DIAG(TD_OPTIONS,
-					printoption("td: send IAC", DM));
-				break;
-			    }
-
-			/*
-			 * Erase Character and
-			 * Erase Line
-			 */
-			case EC:
-			case EL:
-			    {
-				cc_t ch;
-
-				DIAG(TD_OPTIONS,
-					printoption("td: recv IAC", c));
-				ptyflush();	/* half-hearted */
-				init_termbuf();
-				if (c == EC)
-					ch = *slctab[SLC_EC].sptr;
-				else
-					ch = *slctab[SLC_EL].sptr;
-				if (ch != (cc_t)(_POSIX_VDISABLE))
-					*pfrontp++ = (unsigned char)ch;
-				break;
-			    }
-
-			/*
-			 * Check for urgent data...
-			 */
-			case DM:
-				DIAG(TD_OPTIONS,
-					printoption("td: recv IAC", c));
-				SYNCHing = stilloob(net);
-				settimer(gotDM);
-				break;
-
-
-			/*
-			 * Begin option subnegotiation...
-			 */
-			case SB:
-				state = TS_SB;
-				SB_CLEAR();
-				continue;
-
-			case WILL:
-				state = TS_WILL;
-				continue;
-
-			case WONT:
-				state = TS_WONT;
-				continue;
-
-			case DO:
-				state = TS_DO;
-				continue;
-
-			case DONT:
-				state = TS_DONT;
-				continue;
-			case EOR:
-				if (his_state_is_will(TELOPT_EOR))
-					doeof();
-				break;
-
-			/*
-			 * Handle RFC 10xx Telnet linemode option additions
-			 * to command stream (EOF, SUSP, ABORT).
-			 */
-			case xEOF:
-				doeof();
-				break;
-
-			case SUSP:
-				sendsusp();
-				break;
-
-			case ABORT:
-				sendbrk();
-				break;
-
-			case IAC:
-				*pfrontp++ = c;
-				break;
-			}
-			state = TS_DATA;
-			break;
-
-		case TS_SB:
-			if (c == IAC) {
-				state = TS_SE;
-			} else {
-				SB_ACCUM(c);
-			}
-			break;
-
-		case TS_SE:
-			if (c != SE) {
-				if (c != IAC) {
-					/*
-					 * bad form of suboption negotiation.
-					 * handle it in such a way as to avoid
-					 * damage to local state.  Parse
-					 * suboption buffer found so far,
-					 * then treat remaining stream as
-					 * another command sequence.
-					 */
-
-					/* for DIAGNOSTICS */
-					SB_ACCUM(IAC);
-					SB_ACCUM(c);
-					subpointer -= 2;
-
-					SB_TERM();
-					suboption();
-					state = TS_IAC;
-					goto gotiac;
-				}
-				SB_ACCUM(c);
-				state = TS_SB;
-			} else {
-				/* for DIAGNOSTICS */
-				SB_ACCUM(IAC);
-				SB_ACCUM(SE);
-				subpointer -= 2;
-
-				SB_TERM();
-				suboption();	/* handle sub-option */
-				state = TS_DATA;
-			}
-			break;
-
-		case TS_WILL:
-			willoption(c);
-			state = TS_DATA;
-			continue;
-
-		case TS_WONT:
-			wontoption(c);
-			state = TS_DATA;
-			continue;
-
-		case TS_DO:
-			dooption(c);
-			state = TS_DATA;
-			continue;
-
-		case TS_DONT:
-			dontoption(c);
-			state = TS_DATA;
-			continue;
-
-		default:
-			syslog(LOG_ERR, "telnetd: panic state=%d\n", state);
-			printf("telnetd: panic state=%d\n", state);
-			exit(1);
-		}
-	}
-#if	defined(CRAY2) && defined(UNICOS5)
-	if (!linemode) {
-		char	xptyobuf[BUFSIZ+NETSLOP];
-		char	xbuf2[BUFSIZ];
-		register char *cp;
-		int n = pfrontp - opfrontp, oc;
-		memmove(xptyobuf, opfrontp, n);
-		pfrontp = opfrontp;
-		pfrontp += term_input(xptyobuf, pfrontp, n, BUFSIZ+NETSLOP,
-					xbuf2, &oc, BUFSIZ);
-		for (cp = xbuf2; oc > 0; --oc)
-			if ((*nfrontp++ = *cp++) == IAC)
-				*nfrontp++ = IAC;
-	}
-#endif	/* defined(CRAY2) && defined(UNICOS5) */
-}  /* end of telrcv */
-
-/*
- * The will/wont/do/dont state machines are based on Dave Borman's
- * Telnet option processing state machine.
- *
- * These correspond to the following states:
- *	my_state = the last negotiated state
- *	want_state = what I want the state to go to
- *	want_resp = how many requests I have sent
- * All state defaults are negative, and resp defaults to 0.
- *
- * When initiating a request to change state to new_state:
- *
- * if ((want_resp == 0 && new_state == my_state) || want_state == new_state) {
- *	do nothing;
- * } else {
- *	want_state = new_state;
- *	send new_state;
- *	want_resp++;
- * }
- *
- * When receiving new_state:
- *
- * if (want_resp) {
- *	want_resp--;
- *	if (want_resp && (new_state == my_state))
- *		want_resp--;
- * }
- * if ((want_resp == 0) && (new_state != want_state)) {
- *	if (ok_to_switch_to new_state)
- *		want_state = new_state;
- *	else
- *		want_resp++;
- *	send want_state;
- * }
- * my_state = new_state;
- *
- * Note that new_state is implied in these functions by the function itself.
- * will and do imply positive new_state, wont and dont imply negative.
- *
- * Finally, there is one catch.  If we send a negative response to a
- * positive request, my_state will be the positive while want_state will
- * remain negative.  my_state will revert to negative when the negative
- * acknowlegment arrives from the peer.  Thus, my_state generally tells
- * us not only the last negotiated state, but also tells us what the peer
- * wants to be doing as well.  It is important to understand this difference
- * as we may wish to be processing data streams based on our desired state
- * (want_state) or based on what the peer thinks the state is (my_state).
- *
- * This all works fine because if the peer sends a positive request, the data
- * that we receive prior to negative acknowlegment will probably be affected
- * by the positive state, and we can process it as such (if we can; if we
- * can't then it really doesn't matter).  If it is that important, then the
- * peer probably should be buffering until this option state negotiation
- * is complete.
- *
- */
-	void
-send_do(option, init)
-	int option, init;
-{
-	if (init) {
-		if ((do_dont_resp[option] == 0 && his_state_is_will(option)) ||
-		    his_want_state_is_will(option))
-			return;
-		/*
-		 * Special case for TELOPT_TM:  We send a DO, but pretend
-		 * that we sent a DONT, so that we can send more DOs if
-		 * we want to.
-		 */
-		if (option == TELOPT_TM)
-			set_his_want_state_wont(option);
-		else
-			set_his_want_state_will(option);
-		do_dont_resp[option]++;
-	}
-	(void) sprintf(nfrontp, (char *)doopt, option);
-	nfrontp += sizeof (dont) - 2;
-
-	DIAG(TD_OPTIONS, printoption("td: send do", option));
-}
-
-#ifdef	AUTHENTICATION
-extern void auth_request();
-#endif
-#ifdef	LINEMODE
-extern void doclientstat();
-#endif
-#ifdef	ENCRYPTION
-extern void encrypt_send_support();
-#endif	/* ENCRYPTION */
-
-	void
-willoption(option)
-	int option;
-{
-	int changeok = 0;
-	void (*func)() = 0;
-
-	/*
-	 * process input from peer.
-	 */
-
-	DIAG(TD_OPTIONS, printoption("td: recv will", option));
-
-	if (do_dont_resp[option]) {
-		do_dont_resp[option]--;
-		if (do_dont_resp[option] && his_state_is_will(option))
-			do_dont_resp[option]--;
-	}
-	if (do_dont_resp[option] == 0) {
-	    if (his_want_state_is_wont(option)) {
-		switch (option) {
-
-		case TELOPT_BINARY:
-			init_termbuf();
-			tty_binaryin(1);
-			set_termbuf();
-			changeok++;
-			break;
-
-		case TELOPT_ECHO:
-			/*
-			 * See comments below for more info.
-			 */
-			not42 = 0;	/* looks like a 4.2 system */
-			break;
-
-		case TELOPT_TM:
-#if	defined(LINEMODE) && defined(KLUDGELINEMODE)
-			/*
-			 * This telnetd implementation does not really
-			 * support timing marks, it just uses them to
-			 * support the kludge linemode stuff.  If we
-			 * receive a will or wont TM in response to our
-			 * do TM request that may have been sent to
-			 * determine kludge linemode support, process
-			 * it, otherwise TM should get a negative
-			 * response back.
-			 */
-			/*
-			 * Handle the linemode kludge stuff.
-			 * If we are not currently supporting any
-			 * linemode at all, then we assume that this
-			 * is the client telling us to use kludge
-			 * linemode in response to our query.  Set the
-			 * linemode type that is to be supported, note
-			 * that the client wishes to use linemode, and
-			 * eat the will TM as though it never arrived.
-			 */
-			if (lmodetype < KLUDGE_LINEMODE) {
-				lmodetype = KLUDGE_LINEMODE;
-				clientstat(TELOPT_LINEMODE, WILL, 0);
-				send_wont(TELOPT_SGA, 1);
-			} else if (lmodetype == NO_AUTOKLUDGE) {
-				lmodetype = KLUDGE_OK;
-			}
-#endif	/* defined(LINEMODE) && defined(KLUDGELINEMODE) */
-			/*
-			 * We never respond to a WILL TM, and
-			 * we leave the state WONT.
-			 */
-			return;
-
-		case TELOPT_LFLOW:
-			/*
-			 * If we are going to support flow control
-			 * option, then don't worry peer that we can't
-			 * change the flow control characters.
-			 */
-			slctab[SLC_XON].defset.flag &= ~SLC_LEVELBITS;
-			slctab[SLC_XON].defset.flag |= SLC_DEFAULT;
-			slctab[SLC_XOFF].defset.flag &= ~SLC_LEVELBITS;
-			slctab[SLC_XOFF].defset.flag |= SLC_DEFAULT;
-		case TELOPT_TTYPE:
-		case TELOPT_SGA:
-		case TELOPT_NAWS:
-		case TELOPT_TSPEED:
-		case TELOPT_XDISPLOC:
-		case TELOPT_NEW_ENVIRON:
-		case TELOPT_OLD_ENVIRON:
-			changeok++;
-			break;
-
-#ifdef	LINEMODE
-		case TELOPT_LINEMODE:
-# ifdef	KLUDGELINEMODE
-			/*
-			 * Note client's desire to use linemode.
-			 */
-			lmodetype = REAL_LINEMODE;
-# endif	/* KLUDGELINEMODE */
-			func = doclientstat;
-			changeok++;
-			break;
-#endif	/* LINEMODE */
-
-#ifdef	AUTHENTICATION
-		case TELOPT_AUTHENTICATION:
-			func = auth_request;
-			changeok++;
-			break;
-#endif
-
-#ifdef	ENCRYPTION
-		case TELOPT_ENCRYPT:
-			func = encrypt_send_support;
-			changeok++;
-			break;
-#endif	/* ENCRYPTION */
-
-		default:
-			break;
-		}
-		if (changeok) {
-			set_his_want_state_will(option);
-			send_do(option, 0);
-		} else {
-			do_dont_resp[option]++;
-			send_dont(option, 0);
-		}
-	    } else {
-		/*
-		 * Option processing that should happen when
-		 * we receive conformation of a change in
-		 * state that we had requested.
-		 */
-		switch (option) {
-		case TELOPT_ECHO:
-			not42 = 0;	/* looks like a 4.2 system */
-			/*
-			 * Egads, he responded "WILL ECHO".  Turn
-			 * it off right now!
-			 */
-			send_dont(option, 1);
-			/*
-			 * "WILL ECHO".  Kludge upon kludge!
-			 * A 4.2 client is now echoing user input at
-			 * the tty.  This is probably undesireable and
-			 * it should be stopped.  The client will
-			 * respond WONT TM to the DO TM that we send to
-			 * check for kludge linemode.  When the WONT TM
-			 * arrives, linemode will be turned off and a
-			 * change propogated to the pty.  This change
-			 * will cause us to process the new pty state
-			 * in localstat(), which will notice that
-			 * linemode is off and send a WILL ECHO
-			 * so that we are properly in character mode and
-			 * all is well.
-			 */
-			break;
-#ifdef	LINEMODE
-		case TELOPT_LINEMODE:
-# ifdef	KLUDGELINEMODE
-			/*
-			 * Note client's desire to use linemode.
-			 */
-			lmodetype = REAL_LINEMODE;
-# endif	/* KLUDGELINEMODE */
-			func = doclientstat;
-			break;
-#endif	/* LINEMODE */
-
-#ifdef	AUTHENTICATION
-		case TELOPT_AUTHENTICATION:
-			func = auth_request;
-			break;
-#endif
-
-#ifdef	ENCRYPTION
-		case TELOPT_ENCRYPT:
-			func = encrypt_send_support;
-			break;
-#endif	/* ENCRYPTION */
-		case TELOPT_LFLOW:
-			func = flowstat;
-			break;
-		}
-	    }
-	}
-	set_his_state_will(option);
-	if (func)
-		(*func)();
-}  /* end of willoption */
-
-	void
-send_dont(option, init)
-	int option, init;
-{
-	if (init) {
-		if ((do_dont_resp[option] == 0 && his_state_is_wont(option)) ||
-		    his_want_state_is_wont(option))
-			return;
-		set_his_want_state_wont(option);
-		do_dont_resp[option]++;
-	}
-	(void) sprintf(nfrontp, (char *)dont, option);
-	nfrontp += sizeof (doopt) - 2;
-
-	DIAG(TD_OPTIONS, printoption("td: send dont", option));
-}
-
-	void
-wontoption(option)
-	int option;
-{
-	/*
-	 * Process client input.
-	 */
-
-	DIAG(TD_OPTIONS, printoption("td: recv wont", option));
-
-	if (do_dont_resp[option]) {
-		do_dont_resp[option]--;
-		if (do_dont_resp[option] && his_state_is_wont(option))
-			do_dont_resp[option]--;
-	}
-	if (do_dont_resp[option] == 0) {
-	    if (his_want_state_is_will(option)) {
-		/* it is always ok to change to negative state */
-		switch (option) {
-		case TELOPT_ECHO:
-			not42 = 1; /* doesn't seem to be a 4.2 system */
-			break;
-
-		case TELOPT_BINARY:
-			init_termbuf();
-			tty_binaryin(0);
-			set_termbuf();
-			break;
-
-#ifdef	LINEMODE
-		case TELOPT_LINEMODE:
-# ifdef	KLUDGELINEMODE
-			/*
-			 * If real linemode is supported, then client is
-			 * asking to turn linemode off.
-			 */
-			if (lmodetype != REAL_LINEMODE)
-				break;
-# endif	/* KLUDGELINEMODE */
-			clientstat(TELOPT_LINEMODE, WONT, 0);
-			break;
-#endif	/* LINEMODE */
-
-		case TELOPT_TM:
-			/*
-			 * If we get a WONT TM, and had sent a DO TM,
-			 * don't respond with a DONT TM, just leave it
-			 * as is.  Short circut the state machine to
-			 * achive this.
-			 */
-			set_his_want_state_wont(TELOPT_TM);
-			return;
-
-		case TELOPT_LFLOW:
-			/*
-			 * If we are not going to support flow control
-			 * option, then let peer know that we can't
-			 * change the flow control characters.
-			 */
-			slctab[SLC_XON].defset.flag &= ~SLC_LEVELBITS;
-			slctab[SLC_XON].defset.flag |= SLC_CANTCHANGE;
-			slctab[SLC_XOFF].defset.flag &= ~SLC_LEVELBITS;
-			slctab[SLC_XOFF].defset.flag |= SLC_CANTCHANGE;
-			break;
-
-#if	defined(AUTHENTICATION)
-		case TELOPT_AUTHENTICATION:
-			auth_finished(0, AUTH_REJECT);
-			break;
-#endif
-
-		/*
-		 * For options that we might spin waiting for
-		 * sub-negotiation, if the client turns off the
-		 * option rather than responding to the request,
-		 * we have to treat it here as if we got a response
-		 * to the sub-negotiation, (by updating the timers)
-		 * so that we'll break out of the loop.
-		 */
-		case TELOPT_TTYPE:
-			settimer(ttypesubopt);
-			break;
-
-		case TELOPT_TSPEED:
-			settimer(tspeedsubopt);
-			break;
-
-		case TELOPT_XDISPLOC:
-			settimer(xdisplocsubopt);
-			break;
-
-		case TELOPT_OLD_ENVIRON:
-			settimer(oenvironsubopt);
-			break;
-
-		case TELOPT_NEW_ENVIRON:
-			settimer(environsubopt);
-			break;
-
-		default:
-			break;
-		}
-		set_his_want_state_wont(option);
-		if (his_state_is_will(option))
-			send_dont(option, 0);
-	    } else {
-		switch (option) {
-		case TELOPT_TM:
-#if	defined(LINEMODE) && defined(KLUDGELINEMODE)
-			if (lmodetype < NO_AUTOKLUDGE) {
-				lmodetype = NO_LINEMODE;
-				clientstat(TELOPT_LINEMODE, WONT, 0);
-				send_will(TELOPT_SGA, 1);
-				send_will(TELOPT_ECHO, 1);
-			}
-#endif	/* defined(LINEMODE) && defined(KLUDGELINEMODE) */
-			break;
-
-#if	defined(AUTHENTICATION)
-		case TELOPT_AUTHENTICATION:
-			auth_finished(0, AUTH_REJECT);
-			break;
-#endif
-		default:
-			break;
-		}
-	    }
-	}
-	set_his_state_wont(option);
-
-}  /* end of wontoption */
-
-	void
-send_will(option, init)
-	int option, init;
-{
-	if (init) {
-		if ((will_wont_resp[option] == 0 && my_state_is_will(option))||
-		    my_want_state_is_will(option))
-			return;
-		set_my_want_state_will(option);
-		will_wont_resp[option]++;
-	}
-	(void) sprintf(nfrontp, (char *)will, option);
-	nfrontp += sizeof (doopt) - 2;
-
-	DIAG(TD_OPTIONS, printoption("td: send will", option));
-}
-
-#if	!defined(LINEMODE) || !defined(KLUDGELINEMODE)
-/*
- * When we get a DONT SGA, we will try once to turn it
- * back on.  If the other side responds DONT SGA, we
- * leave it at that.  This is so that when we talk to
- * clients that understand KLUDGELINEMODE but not LINEMODE,
- * we'll keep them in char-at-a-time mode.
- */
-int turn_on_sga = 0;
-#endif
-
-	void
-dooption(option)
-	int option;
-{
-	int changeok = 0;
-
-	/*
-	 * Process client input.
-	 */
-
-	DIAG(TD_OPTIONS, printoption("td: recv do", option));
-
-	if (will_wont_resp[option]) {
-		will_wont_resp[option]--;
-		if (will_wont_resp[option] && my_state_is_will(option))
-			will_wont_resp[option]--;
-	}
-	if ((will_wont_resp[option] == 0) && (my_want_state_is_wont(option))) {
-		switch (option) {
-		case TELOPT_ECHO:
-#ifdef	LINEMODE
-# ifdef	KLUDGELINEMODE
-			if (lmodetype == NO_LINEMODE)
-# else
-			if (his_state_is_wont(TELOPT_LINEMODE))
-# endif
-#endif
-			{
-				init_termbuf();
-				tty_setecho(1);
-				set_termbuf();
-			}
-			changeok++;
-			break;
-
-		case TELOPT_BINARY:
-			init_termbuf();
-			tty_binaryout(1);
-			set_termbuf();
-			changeok++;
-			break;
-
-		case TELOPT_SGA:
-#if	defined(LINEMODE) && defined(KLUDGELINEMODE)
-			/*
-			 * If kludge linemode is in use, then we must
-			 * process an incoming do SGA for linemode
-			 * purposes.
-			 */
-			if (lmodetype == KLUDGE_LINEMODE) {
-				/*
-				 * Receipt of "do SGA" in kludge
-				 * linemode is the peer asking us to
-				 * turn off linemode.  Make note of
-				 * the request.
-				 */
-				clientstat(TELOPT_LINEMODE, WONT, 0);
-				/*
-				 * If linemode did not get turned off
-				 * then don't tell peer that we did.
-				 * Breaking here forces a wont SGA to
-				 * be returned.
-				 */
-				if (linemode)
-					break;
-			}
-#else
-			turn_on_sga = 0;
-#endif	/* defined(LINEMODE) && defined(KLUDGELINEMODE) */
-			changeok++;
-			break;
-
-		case TELOPT_STATUS:
-			changeok++;
-			break;
-
-		case TELOPT_TM:
-			/*
-			 * Special case for TM.  We send a WILL, but
-			 * pretend we sent a WONT.
-			 */
-			send_will(option, 0);
-			set_my_want_state_wont(option);
-			set_my_state_wont(option);
-			return;
-
-		case TELOPT_LOGOUT:
-			/*
-			 * When we get a LOGOUT option, respond
-			 * with a WILL LOGOUT, make sure that
-			 * it gets written out to the network,
-			 * and then just go away...
-			 */
-			set_my_want_state_will(TELOPT_LOGOUT);
-			send_will(TELOPT_LOGOUT, 0);
-			set_my_state_will(TELOPT_LOGOUT);
-			(void)netflush();
-			cleanup(0);
-			/* NOT REACHED */
-			break;
-
-#ifdef	ENCRYPTION
-		case TELOPT_ENCRYPT:
-			changeok++;
-			break;
-#endif	/* ENCRYPTION */
-		case TELOPT_LINEMODE:
-		case TELOPT_TTYPE:
-		case TELOPT_NAWS:
-		case TELOPT_TSPEED:
-		case TELOPT_LFLOW:
-		case TELOPT_XDISPLOC:
-#ifdef	TELOPT_ENVIRON
-		case TELOPT_NEW_ENVIRON:
-#endif
-		case TELOPT_OLD_ENVIRON:
-		default:
-			break;
-		}
-		if (changeok) {
-			set_my_want_state_will(option);
-			send_will(option, 0);
-		} else {
-			will_wont_resp[option]++;
-			send_wont(option, 0);
-		}
-	}
-	set_my_state_will(option);
-
-}  /* end of dooption */
-
-	void
-send_wont(option, init)
-	int option, init;
-{
-	if (init) {
-		if ((will_wont_resp[option] == 0 && my_state_is_wont(option)) ||
-		    my_want_state_is_wont(option))
-			return;
-		set_my_want_state_wont(option);
-		will_wont_resp[option]++;
-	}
-	(void) sprintf(nfrontp, (char *)wont, option);
-	nfrontp += sizeof (wont) - 2;
-
-	DIAG(TD_OPTIONS, printoption("td: send wont", option));
-}
-
-	void
-dontoption(option)
-	int option;
-{
-	/*
-	 * Process client input.
-	 */
-
-
-	DIAG(TD_OPTIONS, printoption("td: recv dont", option));
-
-	if (will_wont_resp[option]) {
-		will_wont_resp[option]--;
-		if (will_wont_resp[option] && my_state_is_wont(option))
-			will_wont_resp[option]--;
-	}
-	if ((will_wont_resp[option] == 0) && (my_want_state_is_will(option))) {
-		switch (option) {
-		case TELOPT_BINARY:
-			init_termbuf();
-			tty_binaryout(0);
-			set_termbuf();
-			break;
-
-		case TELOPT_ECHO:	/* we should stop echoing */
-#ifdef	LINEMODE
-# ifdef	KLUDGELINEMODE
-			if ((lmodetype != REAL_LINEMODE) &&
-			    (lmodetype != KLUDGE_LINEMODE))
-# else
-			if (his_state_is_wont(TELOPT_LINEMODE))
-# endif
-#endif
-			{
-				init_termbuf();
-				tty_setecho(0);
-				set_termbuf();
-			}
-			break;
-
-		case TELOPT_SGA:
-#if	defined(LINEMODE) && defined(KLUDGELINEMODE)
-			/*
-			 * If kludge linemode is in use, then we
-			 * must process an incoming do SGA for
-			 * linemode purposes.
-			 */
-			if ((lmodetype == KLUDGE_LINEMODE) ||
-			    (lmodetype == KLUDGE_OK)) {
-				/*
-				 * The client is asking us to turn
-				 * linemode on.
-				 */
-				lmodetype = KLUDGE_LINEMODE;
-				clientstat(TELOPT_LINEMODE, WILL, 0);
-				/*
-				 * If we did not turn line mode on,
-				 * then what do we say?  Will SGA?
-				 * This violates design of telnet.
-				 * Gross.  Very Gross.
-				 */
-			}
-			break;
-#else
-			set_my_want_state_wont(option);
-			if (my_state_is_will(option))
-				send_wont(option, 0);
-			set_my_state_wont(option);
-			if (turn_on_sga ^= 1)
-				send_will(option, 1);
-			return;
-#endif	/* defined(LINEMODE) && defined(KLUDGELINEMODE) */
-
-		default:
-			break;
-		}
-
-		set_my_want_state_wont(option);
-		if (my_state_is_will(option))
-			send_wont(option, 0);
-	}
-	set_my_state_wont(option);
-
-}  /* end of dontoption */
-
-#ifdef	ENV_HACK
-int env_ovar = -1;
-int env_ovalue = -1;
-#else	/* ENV_HACK */
-# define env_ovar OLD_ENV_VAR
-# define env_ovalue OLD_ENV_VALUE
-#endif	/* ENV_HACK */
-
-/*
- * suboption()
- *
- *	Look at the sub-option buffer, and try to be helpful to the other
- * side.
- *
- *	Currently we recognize:
- *
- *	Terminal type is
- *	Linemode
- *	Window size
- *	Terminal speed
- */
-	void
-suboption()
-{
-    register int subchar;
-
-    DIAG(TD_OPTIONS, {netflush(); printsub('<', subpointer, SB_LEN()+2);});
-
-    subchar = SB_GET();
-    switch (subchar) {
-    case TELOPT_TSPEED: {
-	register int xspeed, rspeed;
-
-	if (his_state_is_wont(TELOPT_TSPEED))	/* Ignore if option disabled */
-		break;
-
-	settimer(tspeedsubopt);
-
-	if (SB_EOF() || SB_GET() != TELQUAL_IS)
-		return;
-
-	xspeed = atoi((char *)subpointer);
-
-	while (SB_GET() != ',' && !SB_EOF());
-	if (SB_EOF())
-		return;
-
-	rspeed = atoi((char *)subpointer);
-	clientstat(TELOPT_TSPEED, xspeed, rspeed);
-
-	break;
-
-    }  /* end of case TELOPT_TSPEED */
-
-    case TELOPT_TTYPE: {		/* Yaaaay! */
-	static char terminalname[41];
-
-	if (his_state_is_wont(TELOPT_TTYPE))	/* Ignore if option disabled */
-		break;
-	settimer(ttypesubopt);
-
-	if (SB_EOF() || SB_GET() != TELQUAL_IS) {
-	    return;		/* ??? XXX but, this is the most robust */
-	}
-
-	terminaltype = terminalname;
-
-	while ((terminaltype < (terminalname + sizeof terminalname-1)) &&
-								    !SB_EOF()) {
-	    register int c;
-
-	    c = SB_GET();
-	    if (isupper(c)) {
-		c = tolower(c);
-	    }
-	    *terminaltype++ = c;    /* accumulate name */
-	}
-	*terminaltype = 0;
-	terminaltype = terminalname;
-	break;
-    }  /* end of case TELOPT_TTYPE */
-
-    case TELOPT_NAWS: {
-	register int xwinsize, ywinsize;
-
-	if (his_state_is_wont(TELOPT_NAWS))	/* Ignore if option disabled */
-		break;
-
-	if (SB_EOF())
-		return;
-	xwinsize = SB_GET() << 8;
-	if (SB_EOF())
-		return;
-	xwinsize |= SB_GET();
-	if (SB_EOF())
-		return;
-	ywinsize = SB_GET() << 8;
-	if (SB_EOF())
-		return;
-	ywinsize |= SB_GET();
-	clientstat(TELOPT_NAWS, xwinsize, ywinsize);
-
-	break;
-
-    }  /* end of case TELOPT_NAWS */
-
-#ifdef	LINEMODE
-    case TELOPT_LINEMODE: {
-	register int request;
-
-	if (his_state_is_wont(TELOPT_LINEMODE))	/* Ignore if option disabled */
-		break;
-	/*
-	 * Process linemode suboptions.
-	 */
-	if (SB_EOF())
-	    break;		/* garbage was sent */
-	request = SB_GET();	/* get will/wont */
-
-	if (SB_EOF())
-	    break;		/* another garbage check */
-
-	if (request == LM_SLC) {  /* SLC is not preceeded by WILL or WONT */
-		/*
-		 * Process suboption buffer of slc's
-		 */
-		start_slc(1);
-		do_opt_slc(subpointer, subend - subpointer);
-		(void) end_slc(0);
-		break;
-	} else if (request == LM_MODE) {
-		if (SB_EOF())
-		    return;
-		useeditmode = SB_GET();  /* get mode flag */
-		clientstat(LM_MODE, 0, 0);
-		break;
-	}
-
-	if (SB_EOF())
-	    break;
-	switch (SB_GET()) {  /* what suboption? */
-	case LM_FORWARDMASK:
-		/*
-		 * According to spec, only server can send request for
-		 * forwardmask, and client can only return a positive response.
-		 * So don't worry about it.
-		 */
-
-	default:
-		break;
-	}
-	break;
-    }  /* end of case TELOPT_LINEMODE */
-#endif
-    case TELOPT_STATUS: {
-	int mode;
-
-	if (SB_EOF())
-	    break;
-	mode = SB_GET();
-	switch (mode) {
-	case TELQUAL_SEND:
-	    if (my_state_is_will(TELOPT_STATUS))
-		send_status();
-	    break;
-
-	case TELQUAL_IS:
-	    break;
-
-	default:
-	    break;
-	}
-	break;
-    }  /* end of case TELOPT_STATUS */
-
-    case TELOPT_XDISPLOC: {
-	if (SB_EOF() || SB_GET() != TELQUAL_IS)
-		return;
-	settimer(xdisplocsubopt);
-	subpointer[SB_LEN()] = '\0';
-	(void)setenv("DISPLAY", (char *)subpointer, 1);
-	break;
-    }  /* end of case TELOPT_XDISPLOC */
-
-#ifdef	TELOPT_NEW_ENVIRON
-    case TELOPT_NEW_ENVIRON:
-#endif
-    case TELOPT_OLD_ENVIRON: {
-	register int c;
-	register char *cp, *varp, *valp;
-
-	if (SB_EOF())
-		return;
-	c = SB_GET();
-	if (c == TELQUAL_IS) {
-		if (subchar == TELOPT_OLD_ENVIRON)
-			settimer(oenvironsubopt);
-		else
-			settimer(environsubopt);
-	} else if (c != TELQUAL_INFO) {
-		return;
-	}
-
-#ifdef	TELOPT_NEW_ENVIRON
-	if (subchar == TELOPT_NEW_ENVIRON) {
-	    while (!SB_EOF()) {
-		c = SB_GET();
-		if ((c == NEW_ENV_VAR) || (c == ENV_USERVAR))
-			break;
-	    }
-	} else
-#endif
-	{
-#ifdef	ENV_HACK
-	    /*
-	     * We only want to do this if we haven't already decided
-	     * whether or not the other side has its VALUE and VAR
-	     * reversed.
-	     */
-	    if (env_ovar < 0) {
-		register int last = -1;		/* invalid value */
-		int empty = 0;
-		int got_var = 0, got_value = 0, got_uservar = 0;
-
-		/*
-		 * The other side might have its VALUE and VAR values
-		 * reversed.  To be interoperable, we need to determine
-		 * which way it is.  If the first recognized character
-		 * is a VAR or VALUE, then that will tell us what
-		 * type of client it is.  If the fist recognized
-		 * character is a USERVAR, then we continue scanning
-		 * the suboption looking for two consecutive
-		 * VAR or VALUE fields.  We should not get two
-		 * consecutive VALUE fields, so finding two
-		 * consecutive VALUE or VAR fields will tell us
-		 * what the client is.
-		 */
-		SB_SAVE();
-		while (!SB_EOF()) {
-			c = SB_GET();
-			switch(c) {
-			case OLD_ENV_VAR:
-				if (last < 0 || last == OLD_ENV_VAR
-				    || (empty && (last == OLD_ENV_VALUE)))
-					goto env_ovar_ok;
-				got_var++;
-				last = OLD_ENV_VAR;
-				break;
-			case OLD_ENV_VALUE:
-				if (last < 0 || last == OLD_ENV_VALUE
-				    || (empty && (last == OLD_ENV_VAR)))
-					goto env_ovar_wrong;
-				got_value++;
-				last = OLD_ENV_VALUE;
-				break;
-			case ENV_USERVAR:
-				/* count strings of USERVAR as one */
-				if (last != ENV_USERVAR)
-					got_uservar++;
-				if (empty) {
-					if (last == OLD_ENV_VALUE)
-						goto env_ovar_ok;
-					if (last == OLD_ENV_VAR)
-						goto env_ovar_wrong;
-				}
-				last = ENV_USERVAR;
-				break;
-			case ENV_ESC:
-				if (!SB_EOF())
-					c = SB_GET();
-				/* FALL THROUGH */
-			default:
-				empty = 0;
-				continue;
-			}
-			empty = 1;
-		}
-		if (empty) {
-			if (last == OLD_ENV_VALUE)
-				goto env_ovar_ok;
-			if (last == OLD_ENV_VAR)
-				goto env_ovar_wrong;
-		}
-		/*
-		 * Ok, the first thing was a USERVAR, and there
-		 * are not two consecutive VAR or VALUE commands,
-		 * and none of the VAR or VALUE commands are empty.
-		 * If the client has sent us a well-formed option,
-		 * then the number of VALUEs received should always
-		 * be less than or equal to the number of VARs and
-		 * USERVARs received.
-		 *
-		 * If we got exactly as many VALUEs as VARs and
-		 * USERVARs, the client has the same definitions.
-		 *
-		 * If we got exactly as many VARs as VALUEs and
-		 * USERVARS, the client has reversed definitions.
-		 */
-		if (got_uservar + got_var == got_value) {
-	    env_ovar_ok:
-			env_ovar = OLD_ENV_VAR;
-			env_ovalue = OLD_ENV_VALUE;
-		} else if (got_uservar + got_value == got_var) {
-	    env_ovar_wrong:
-			env_ovar = OLD_ENV_VALUE;
-			env_ovalue = OLD_ENV_VAR;
-			DIAG(TD_OPTIONS, {sprintf(nfrontp,
-				"ENVIRON VALUE and VAR are reversed!\r\n");
-				nfrontp += strlen(nfrontp);});
-
-		}
-	    }
-	    SB_RESTORE();
-#endif
-
-	    while (!SB_EOF()) {
-		c = SB_GET();
-		if ((c == env_ovar) || (c == ENV_USERVAR))
-			break;
-	    }
-	}
-
-	if (SB_EOF())
-		return;
-
-	cp = varp = (char *)subpointer;
-	valp = 0;
-
-	while (!SB_EOF()) {
-		c = SB_GET();
-		if (subchar == TELOPT_OLD_ENVIRON) {
-			if (c == env_ovar)
-				c = NEW_ENV_VAR;
-			else if (c == env_ovalue)
-				c = NEW_ENV_VALUE;
-		}
-		switch (c) {
-
-		case NEW_ENV_VALUE:
-			*cp = '\0';
-			cp = valp = (char *)subpointer;
-			break;
-
-		case NEW_ENV_VAR:
-		case ENV_USERVAR:
-			*cp = '\0';
-			if (valp)
-				(void)setenv(varp, valp, 1);
-			else
-				unsetenv(varp);
-			cp = varp = (char *)subpointer;
-			valp = 0;
-			break;
-
-		case ENV_ESC:
-			if (SB_EOF())
-				break;
-			c = SB_GET();
-			/* FALL THROUGH */
-		default:
-			*cp++ = c;
-			break;
-		}
-	}
-	*cp = '\0';
-	if (valp)
-		(void)setenv(varp, valp, 1);
-	else
-		unsetenv(varp);
-	break;
-    }  /* end of case TELOPT_NEW_ENVIRON */
-#if	defined(AUTHENTICATION)
-    case TELOPT_AUTHENTICATION:
-	if (SB_EOF())
-		break;
-	switch(SB_GET()) {
-	case TELQUAL_SEND:
-	case TELQUAL_REPLY:
-		/*
-		 * These are sent by us and cannot be sent by
-		 * the client.
-		 */
-		break;
-	case TELQUAL_IS:
-		auth_is(subpointer, SB_LEN());
-		break;
-	case TELQUAL_NAME:
-		auth_name(subpointer, SB_LEN());
-		break;
-	}
-	break;
-#endif
-#ifdef	ENCRYPTION
-    case TELOPT_ENCRYPT:
-	if (SB_EOF())
-		break;
-	switch(SB_GET()) {
-	case ENCRYPT_SUPPORT:
-		encrypt_support(subpointer, SB_LEN());
-		break;
-	case ENCRYPT_IS:
-		encrypt_is(subpointer, SB_LEN());
-		break;
-	case ENCRYPT_REPLY:
-		encrypt_reply(subpointer, SB_LEN());
-		break;
-	case ENCRYPT_START:
-		encrypt_start(subpointer, SB_LEN());
-		break;
-	case ENCRYPT_END:
-		encrypt_end();
-		break;
-	case ENCRYPT_REQSTART:
-		encrypt_request_start(subpointer, SB_LEN());
-		break;
-	case ENCRYPT_REQEND:
-		/*
-		 * We can always send an REQEND so that we cannot
-		 * get stuck encrypting.  We should only get this
-		 * if we have been able to get in the correct mode
-		 * anyhow.
-		 */
-		encrypt_request_end();
-		break;
-	case ENCRYPT_ENC_KEYID:
-		encrypt_enc_keyid(subpointer, SB_LEN());
-		break;
-	case ENCRYPT_DEC_KEYID:
-		encrypt_dec_keyid(subpointer, SB_LEN());
-		break;
-	default:
-		break;
-	}
-	break;
-#endif	/* ENCRYPTION */
-
-    default:
-	break;
-    }  /* end of switch */
-
-}  /* end of suboption */
-
-	void
-doclientstat()
-{
-	clientstat(TELOPT_LINEMODE, WILL, 0);
-}
-
-#define	ADD(c)	 *ncp++ = c
-#define	ADD_DATA(c) { *ncp++ = c; if (c == SE || c == IAC) *ncp++ = c; }
-	void
-send_status()
-{
-	unsigned char statusbuf[256];
-	register unsigned char *ncp;
-	register unsigned char i;
-
-	ncp = statusbuf;
-
-	netflush();	/* get rid of anything waiting to go out */
-
-	ADD(IAC);
-	ADD(SB);
-	ADD(TELOPT_STATUS);
-	ADD(TELQUAL_IS);
-
-	/*
-	 * We check the want_state rather than the current state,
-	 * because if we received a DO/WILL for an option that we
-	 * don't support, and the other side didn't send a DONT/WONT
-	 * in response to our WONT/DONT, then the "state" will be
-	 * WILL/DO, and the "want_state" will be WONT/DONT.  We
-	 * need to go by the latter.
-	 */
-	for (i = 0; i < (unsigned char)NTELOPTS; i++) {
-		if (my_want_state_is_will(i)) {
-			ADD(WILL);
-			ADD_DATA(i);
-		}
-		if (his_want_state_is_will(i)) {
-			ADD(DO);
-			ADD_DATA(i);
-		}
-	}
-
-	if (his_want_state_is_will(TELOPT_LFLOW)) {
-		ADD(SB);
-		ADD(TELOPT_LFLOW);
-		if (flowmode) {
-			ADD(LFLOW_ON);
-		} else {
-			ADD(LFLOW_OFF);
-		}
-		ADD(SE);
-
-		if (restartany >= 0) {
-			ADD(SB);
-			ADD(TELOPT_LFLOW);
-			if (restartany) {
-				ADD(LFLOW_RESTART_ANY);
-			} else {
-				ADD(LFLOW_RESTART_XON);
-			}
-			ADD(SE);
-		}
-	}
-
-#ifdef	LINEMODE
-	if (his_want_state_is_will(TELOPT_LINEMODE)) {
-		unsigned char *cp, *cpe;
-		int len;
-
-		ADD(SB);
-		ADD(TELOPT_LINEMODE);
-		ADD(LM_MODE);
-		ADD_DATA(editmode);
-		ADD(SE);
-
-		ADD(SB);
-		ADD(TELOPT_LINEMODE);
-		ADD(LM_SLC);
-		start_slc(0);
-		send_slc();
-		len = end_slc(&cp);
-		for (cpe = cp + len; cp < cpe; cp++)
-			ADD_DATA(*cp);
-		ADD(SE);
-	}
-#endif	/* LINEMODE */
-
-	ADD(IAC);
-	ADD(SE);
-
-	writenet(statusbuf, ncp - statusbuf);
-	netflush();	/* Send it on its way */
-
-	DIAG(TD_OPTIONS,
-		{printsub('>', statusbuf, ncp - statusbuf); netflush();});
-}
diff --git a/secure/libexec/telnetd/sys_term.c b/secure/libexec/telnetd/sys_term.c
deleted file mode 100644
index 87db5745a838..000000000000
--- a/secure/libexec/telnetd/sys_term.c
+++ /dev/null
@@ -1,2318 +0,0 @@
-/*
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#)sys_term.c	8.4+1 (Berkeley) 5/30/95";
-#endif /* not lint */
-
-#include "telnetd.h"
-#include "pathnames.h"
-
-#if	defined(AUTHENTICATION)
-#include <libtelnet/auth.h>
-#endif
-
-#if defined(CRAY) || defined(__hpux)
-# define PARENT_DOES_UTMP
-#endif
-
-int     utmp_len = MAXHOSTNAMELEN;
-#ifdef	NEWINIT
-#include <initreq.h>
-#else	/* NEWINIT*/
-# ifdef	UTMPX
-# include <utmpx.h>
-struct	utmpx wtmp;
-# else
-# include <utmp.h>
-struct	utmp wtmp;
-# endif /* UTMPX */
-
-# ifndef PARENT_DOES_UTMP
-#ifdef _PATH_WTMP
-char    wtmpf[] = _PATH_WTMP;
-#else
-char	wtmpf[]	= "/usr/adm/wtmp";
-#endif
-#ifdef _PATH_UTMP
-char    utmpf[] = _PATH_UTMP;
-#else
-char	utmpf[] = "/etc/utmp";
-#endif
-# else /* PARENT_DOES_UTMP */
-char	wtmpf[]	= "/etc/wtmp";
-# endif /* PARENT_DOES_UTMP */
-
-# ifdef CRAY
-#include <tmpdir.h>
-#include <sys/wait.h>
-#  if (UNICOS_LVL == '7.0') || (UNICOS_LVL == '7.1')
-#   define UNICOS7x
-#  endif
-
-#  ifdef UNICOS7x
-#include <sys/sysv.h>
-#include <sys/secstat.h>
-extern int secflag;
-extern struct sysv sysv;
-#  endif /* UNICOS7x */
-# endif	/* CRAY */
-#endif	/* NEWINIT */
-
-#ifdef	STREAMSPTY
-#include <sac.h>
-#include <sys/stropts.h>
-#endif
-
-#define SCPYN(a, b)	(void) strncpy(a, b, sizeof(a))
-#define SCMPN(a, b)	strncmp(a, b, sizeof(a))
-
-#ifdef	STREAMS
-#include <sys/stream.h>
-#endif
-#ifdef __hpux
-#include <sys/resource.h>
-#include <sys/proc.h>
-#endif
-#include <sys/tty.h>
-#ifdef	t_erase
-#undef	t_erase
-#undef	t_kill
-#undef	t_intrc
-#undef	t_quitc
-#undef	t_startc
-#undef	t_stopc
-#undef	t_eofc
-#undef	t_brkc
-#undef	t_suspc
-#undef	t_dsuspc
-#undef	t_rprntc
-#undef	t_flushc
-#undef	t_werasc
-#undef	t_lnextc
-#endif
-
-#if defined(UNICOS5) && defined(CRAY2) && !defined(EXTPROC)
-# define EXTPROC 0400
-#endif
-
-#ifndef	USE_TERMIO
-struct termbuf {
-	struct sgttyb sg;
-	struct tchars tc;
-	struct ltchars ltc;
-	int state;
-	int lflags;
-} termbuf, termbuf2;
-# define	cfsetospeed(tp, val)	(tp)->sg.sg_ospeed = (val)
-# define	cfsetispeed(tp, val)	(tp)->sg.sg_ispeed = (val)
-# define	cfgetospeed(tp)		(tp)->sg.sg_ospeed
-# define	cfgetispeed(tp)		(tp)->sg.sg_ispeed
-#else	/* USE_TERMIO */
-# ifdef	SYSV_TERMIO
-#	define termios termio
-# endif
-# ifndef	TCSANOW
-#  ifdef TCSETS
-#   define	TCSANOW		TCSETS
-#   define	TCSADRAIN	TCSETSW
-#   define	tcgetattr(f, t)	ioctl(f, TCGETS, (char *)t)
-#  else
-#   ifdef TCSETA
-#    define	TCSANOW		TCSETA
-#    define	TCSADRAIN	TCSETAW
-#    define	tcgetattr(f, t)	ioctl(f, TCGETA, (char *)t)
-#   else
-#    define	TCSANOW		TIOCSETA
-#    define	TCSADRAIN	TIOCSETAW
-#    define	tcgetattr(f, t)	ioctl(f, TIOCGETA, (char *)t)
-#   endif
-#  endif
-#  define	tcsetattr(f, a, t)	ioctl(f, a, t)
-#  define	cfsetospeed(tp, val)	(tp)->c_cflag &= ~CBAUD; \
-					(tp)->c_cflag |= (val)
-#  define	cfgetospeed(tp)		((tp)->c_cflag & CBAUD)
-#  ifdef CIBAUD
-#   define	cfsetispeed(tp, val)	(tp)->c_cflag &= ~CIBAUD; \
-					(tp)->c_cflag |= ((val)<<IBSHIFT)
-#   define	cfgetispeed(tp)		(((tp)->c_cflag & CIBAUD)>>IBSHIFT)
-#  else
-#   define	cfsetispeed(tp, val)	(tp)->c_cflag &= ~CBAUD; \
-					(tp)->c_cflag |= (val)
-#   define	cfgetispeed(tp)		((tp)->c_cflag & CBAUD)
-#  endif
-# endif /* TCSANOW */
-struct termios termbuf, termbuf2;	/* pty control structure */
-# ifdef  STREAMSPTY
-int ttyfd = -1;
-# endif
-#endif	/* USE_TERMIO */
-
-/*
- * init_termbuf()
- * copy_termbuf(cp)
- * set_termbuf()
- *
- * These three routines are used to get and set the "termbuf" structure
- * to and from the kernel.  init_termbuf() gets the current settings.
- * copy_termbuf() hands in a new "termbuf" to write to the kernel, and
- * set_termbuf() writes the structure into the kernel.
- */
-
-	void
-init_termbuf()
-{
-#ifndef	USE_TERMIO
-	(void) ioctl(pty, TIOCGETP, (char *)&termbuf.sg);
-	(void) ioctl(pty, TIOCGETC, (char *)&termbuf.tc);
-	(void) ioctl(pty, TIOCGLTC, (char *)&termbuf.ltc);
-# ifdef	TIOCGSTATE
-	(void) ioctl(pty, TIOCGSTATE, (char *)&termbuf.state);
-# endif
-#else
-# ifdef  STREAMSPTY
-	(void) tcgetattr(ttyfd, &termbuf);
-# else
-	(void) tcgetattr(pty, &termbuf);
-# endif
-#endif
-	termbuf2 = termbuf;
-}
-
-#if	defined(LINEMODE) && defined(TIOCPKT_IOCTL)
-	void
-copy_termbuf(cp, len)
-	char *cp;
-	int len;
-{
-	if (len > sizeof(termbuf))
-		len = sizeof(termbuf);
-	memmove((char *)&termbuf, cp, len);
-	termbuf2 = termbuf;
-}
-#endif	/* defined(LINEMODE) && defined(TIOCPKT_IOCTL) */
-
-	void
-set_termbuf()
-{
-	/*
-	 * Only make the necessary changes.
-	 */
-#ifndef	USE_TERMIO
-	if (memcmp((char *)&termbuf.sg, (char *)&termbuf2.sg,
-							sizeof(termbuf.sg)))
-		(void) ioctl(pty, TIOCSETN, (char *)&termbuf.sg);
-	if (memcmp((char *)&termbuf.tc, (char *)&termbuf2.tc,
-							sizeof(termbuf.tc)))
-		(void) ioctl(pty, TIOCSETC, (char *)&termbuf.tc);
-	if (memcmp((char *)&termbuf.ltc, (char *)&termbuf2.ltc,
-							sizeof(termbuf.ltc)))
-		(void) ioctl(pty, TIOCSLTC, (char *)&termbuf.ltc);
-	if (termbuf.lflags != termbuf2.lflags)
-		(void) ioctl(pty, TIOCLSET, (char *)&termbuf.lflags);
-#else	/* USE_TERMIO */
-	if (memcmp((char *)&termbuf, (char *)&termbuf2, sizeof(termbuf)))
-# ifdef  STREAMSPTY
-		(void) tcsetattr(ttyfd, TCSANOW, &termbuf);
-# else
-		(void) tcsetattr(pty, TCSANOW, &termbuf);
-# endif
-# if	defined(CRAY2) && defined(UNICOS5)
-	needtermstat = 1;
-# endif
-#endif	/* USE_TERMIO */
-}
-
-
-/*
- * spcset(func, valp, valpp)
- *
- * This function takes various special characters (func), and
- * sets *valp to the current value of that character, and
- * *valpp to point to where in the "termbuf" structure that
- * value is kept.
- *
- * It returns the SLC_ level of support for this function.
- */
-
-#ifndef	USE_TERMIO
-	int
-spcset(func, valp, valpp)
-	int func;
-	cc_t *valp;
-	cc_t **valpp;
-{
-	switch(func) {
-	case SLC_EOF:
-		*valp = termbuf.tc.t_eofc;
-		*valpp = (cc_t *)&termbuf.tc.t_eofc;
-		return(SLC_VARIABLE);
-	case SLC_EC:
-		*valp = termbuf.sg.sg_erase;
-		*valpp = (cc_t *)&termbuf.sg.sg_erase;
-		return(SLC_VARIABLE);
-	case SLC_EL:
-		*valp = termbuf.sg.sg_kill;
-		*valpp = (cc_t *)&termbuf.sg.sg_kill;
-		return(SLC_VARIABLE);
-	case SLC_IP:
-		*valp = termbuf.tc.t_intrc;
-		*valpp = (cc_t *)&termbuf.tc.t_intrc;
-		return(SLC_VARIABLE|SLC_FLUSHIN|SLC_FLUSHOUT);
-	case SLC_ABORT:
-		*valp = termbuf.tc.t_quitc;
-		*valpp = (cc_t *)&termbuf.tc.t_quitc;
-		return(SLC_VARIABLE|SLC_FLUSHIN|SLC_FLUSHOUT);
-	case SLC_XON:
-		*valp = termbuf.tc.t_startc;
-		*valpp = (cc_t *)&termbuf.tc.t_startc;
-		return(SLC_VARIABLE);
-	case SLC_XOFF:
-		*valp = termbuf.tc.t_stopc;
-		*valpp = (cc_t *)&termbuf.tc.t_stopc;
-		return(SLC_VARIABLE);
-	case SLC_AO:
-		*valp = termbuf.ltc.t_flushc;
-		*valpp = (cc_t *)&termbuf.ltc.t_flushc;
-		return(SLC_VARIABLE);
-	case SLC_SUSP:
-		*valp = termbuf.ltc.t_suspc;
-		*valpp = (cc_t *)&termbuf.ltc.t_suspc;
-		return(SLC_VARIABLE);
-	case SLC_EW:
-		*valp = termbuf.ltc.t_werasc;
-		*valpp = (cc_t *)&termbuf.ltc.t_werasc;
-		return(SLC_VARIABLE);
-	case SLC_RP:
-		*valp = termbuf.ltc.t_rprntc;
-		*valpp = (cc_t *)&termbuf.ltc.t_rprntc;
-		return(SLC_VARIABLE);
-	case SLC_LNEXT:
-		*valp = termbuf.ltc.t_lnextc;
-		*valpp = (cc_t *)&termbuf.ltc.t_lnextc;
-		return(SLC_VARIABLE);
-	case SLC_FORW1:
-		*valp = termbuf.tc.t_brkc;
-		*valpp = (cc_t *)&termbuf.ltc.t_lnextc;
-		return(SLC_VARIABLE);
-	case SLC_BRK:
-	case SLC_SYNCH:
-	case SLC_AYT:
-	case SLC_EOR:
-		*valp = (cc_t)0;
-		*valpp = (cc_t *)0;
-		return(SLC_DEFAULT);
-	default:
-		*valp = (cc_t)0;
-		*valpp = (cc_t *)0;
-		return(SLC_NOSUPPORT);
-	}
-}
-
-#else	/* USE_TERMIO */
-
-	int
-spcset(func, valp, valpp)
-	int func;
-	cc_t *valp;
-	cc_t **valpp;
-{
-
-#define	setval(a, b)	*valp = termbuf.c_cc[a]; \
-			*valpp = &termbuf.c_cc[a]; \
-			return(b);
-#define	defval(a) *valp = ((cc_t)a); *valpp = (cc_t *)0; return(SLC_DEFAULT);
-
-	switch(func) {
-	case SLC_EOF:
-		setval(VEOF, SLC_VARIABLE);
-	case SLC_EC:
-		setval(VERASE, SLC_VARIABLE);
-	case SLC_EL:
-		setval(VKILL, SLC_VARIABLE);
-	case SLC_IP:
-		setval(VINTR, SLC_VARIABLE|SLC_FLUSHIN|SLC_FLUSHOUT);
-	case SLC_ABORT:
-		setval(VQUIT, SLC_VARIABLE|SLC_FLUSHIN|SLC_FLUSHOUT);
-	case SLC_XON:
-#ifdef	VSTART
-		setval(VSTART, SLC_VARIABLE);
-#else
-		defval(0x13);
-#endif
-	case SLC_XOFF:
-#ifdef	VSTOP
-		setval(VSTOP, SLC_VARIABLE);
-#else
-		defval(0x11);
-#endif
-	case SLC_EW:
-#ifdef	VWERASE
-		setval(VWERASE, SLC_VARIABLE);
-#else
-		defval(0);
-#endif
-	case SLC_RP:
-#ifdef	VREPRINT
-		setval(VREPRINT, SLC_VARIABLE);
-#else
-		defval(0);
-#endif
-	case SLC_LNEXT:
-#ifdef	VLNEXT
-		setval(VLNEXT, SLC_VARIABLE);
-#else
-		defval(0);
-#endif
-	case SLC_AO:
-#if	!defined(VDISCARD) && defined(VFLUSHO)
-# define VDISCARD VFLUSHO
-#endif
-#ifdef	VDISCARD
-		setval(VDISCARD, SLC_VARIABLE|SLC_FLUSHOUT);
-#else
-		defval(0);
-#endif
-	case SLC_SUSP:
-#ifdef	VSUSP
-		setval(VSUSP, SLC_VARIABLE|SLC_FLUSHIN);
-#else
-		defval(0);
-#endif
-#ifdef	VEOL
-	case SLC_FORW1:
-		setval(VEOL, SLC_VARIABLE);
-#endif
-#ifdef	VEOL2
-	case SLC_FORW2:
-		setval(VEOL2, SLC_VARIABLE);
-#endif
-	case SLC_AYT:
-#ifdef	VSTATUS
-		setval(VSTATUS, SLC_VARIABLE);
-#else
-		defval(0);
-#endif
-
-	case SLC_BRK:
-	case SLC_SYNCH:
-	case SLC_EOR:
-		defval(0);
-
-	default:
-		*valp = 0;
-		*valpp = 0;
-		return(SLC_NOSUPPORT);
-	}
-}
-#endif	/* USE_TERMIO */
-
-#ifdef CRAY
-/*
- * getnpty()
- *
- * Return the number of pty's configured into the system.
- */
-	int
-getnpty()
-{
-#ifdef _SC_CRAY_NPTY
-	int numptys;
-
-	if ((numptys = sysconf(_SC_CRAY_NPTY)) != -1)
-		return numptys;
-	else
-#endif /* _SC_CRAY_NPTY */
-		return 128;
-}
-#endif /* CRAY */
-
-#ifndef	convex
-/*
- * getpty()
- *
- * Allocate a pty.  As a side effect, the external character
- * array "line" contains the name of the slave side.
- *
- * Returns the file descriptor of the opened pty.
- */
-#ifndef	__GNUC__
-char *line = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
-#else
-static char Xline[] = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
-char *line = Xline;
-#endif
-#ifdef	CRAY
-char *myline = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
-#endif	/* CRAY */
-
-	int
-getpty(ptynum)
-int *ptynum;
-{
-	register int p;
-#ifdef	STREAMSPTY
-	int t;
-	char *ptsname();
-
-	p = open("/dev/ptmx", 2);
-	if (p > 0) {
-		grantpt(p);
-		unlockpt(p);
-		strcpy(line, ptsname(p));
-		return(p);
-	}
-
-#else	/* ! STREAMSPTY */
-#ifndef CRAY
-	register char *cp, *p1, *p2;
-	register int i;
-#if defined(sun) && defined(TIOCGPGRP) && BSD < 199207
-	int dummy;
-#endif
-
-#ifndef	__hpux
-	(void) sprintf(line, "/dev/ptyXX");
-	p1 = &line[8];
-	p2 = &line[9];
-#else
-	(void) sprintf(line, "/dev/ptym/ptyXX");
-	p1 = &line[13];
-	p2 = &line[14];
-#endif
-
-	for (cp = "pqrsPQRS"; *cp; cp++) {
-		struct stat stb;
-
-		*p1 = *cp;
-		*p2 = '0';
-		/*
-		 * This stat() check is just to keep us from
-		 * looping through all 256 combinations if there
-		 * aren't that many ptys available.
-		 */
-		if (stat(line, &stb) < 0)
-			break;
-		for (i = 0; i < 32; i++) {
-			*p2 = "0123456789abcdefghijklmnopqrstuv"[i];
-			p = open(line, 2);
-			if (p > 0) {
-#ifndef	__hpux
-				line[5] = 't';
-#else
-				for (p1 = &line[8]; *p1; p1++)
-					*p1 = *(p1+1);
-				line[9] = 't';
-#endif
-				chown(line, 0, 0);
-				chmod(line, 0600);
-#if defined(sun) && defined(TIOCGPGRP) && BSD < 199207
-				if (ioctl(p, TIOCGPGRP, &dummy) == 0
-				    || errno != EIO) {
-					chmod(line, 0666);
-					close(p);
-					line[5] = 'p';
-				} else
-#endif /* defined(sun) && defined(TIOCGPGRP) && BSD < 199207 */
-					return(p);
-			}
-		}
-	}
-#else	/* CRAY */
-	extern lowpty, highpty;
-	struct stat sb;
-
-	for (*ptynum = lowpty; *ptynum <= highpty; (*ptynum)++) {
-		(void) sprintf(myline, "/dev/pty/%03d", *ptynum);
-		p = open(myline, 2);
-		if (p < 0)
-			continue;
-		(void) sprintf(line, "/dev/ttyp%03d", *ptynum);
-		/*
-		 * Here are some shenanigans to make sure that there
-		 * are no listeners lurking on the line.
-		 */
-		if(stat(line, &sb) < 0) {
-			(void) close(p);
-			continue;
-		}
-		if(sb.st_uid || sb.st_gid || sb.st_mode != 0600) {
-			chown(line, 0, 0);
-			chmod(line, 0600);
-			(void)close(p);
-			p = open(myline, 2);
-			if (p < 0)
-				continue;
-		}
-		/*
-		 * Now it should be safe...check for accessability.
-		 */
-		if (access(line, 6) == 0)
-			return(p);
-		else {
-			/* no tty side to pty so skip it */
-			(void) close(p);
-		}
-	}
-#endif	/* CRAY */
-#endif	/* STREAMSPTY */
-	return(-1);
-}
-#endif	/* convex */
-
-#ifdef	LINEMODE
-/*
- * tty_flowmode()	Find out if flow control is enabled or disabled.
- * tty_linemode()	Find out if linemode (external processing) is enabled.
- * tty_setlinemod(on)	Turn on/off linemode.
- * tty_isecho()		Find out if echoing is turned on.
- * tty_setecho(on)	Enable/disable character echoing.
- * tty_israw()		Find out if terminal is in RAW mode.
- * tty_binaryin(on)	Turn on/off BINARY on input.
- * tty_binaryout(on)	Turn on/off BINARY on output.
- * tty_isediting()	Find out if line editing is enabled.
- * tty_istrapsig()	Find out if signal trapping is enabled.
- * tty_setedit(on)	Turn on/off line editing.
- * tty_setsig(on)	Turn on/off signal trapping.
- * tty_issofttab()	Find out if tab expansion is enabled.
- * tty_setsofttab(on)	Turn on/off soft tab expansion.
- * tty_islitecho()	Find out if typed control chars are echoed literally
- * tty_setlitecho()	Turn on/off literal echo of control chars
- * tty_tspeed(val)	Set transmit speed to val.
- * tty_rspeed(val)	Set receive speed to val.
- */
-
-#ifdef convex
-static int linestate;
-#endif
-
-	int
-tty_linemode()
-{
-#ifndef convex
-#ifndef	USE_TERMIO
-	return(termbuf.state & TS_EXTPROC);
-#else
-	return(termbuf.c_lflag & EXTPROC);
-#endif
-#else
-	return(linestate);
-#endif
-}
-
-	void
-tty_setlinemode(on)
-	int on;
-{
-#ifdef	TIOCEXT
-# ifndef convex
-	set_termbuf();
-# else
-	linestate = on;
-# endif
-	(void) ioctl(pty, TIOCEXT, (char *)&on);
-# ifndef convex
-	init_termbuf();
-# endif
-#else	/* !TIOCEXT */
-# ifdef	EXTPROC
-	if (on)
-		termbuf.c_lflag |= EXTPROC;
-	else
-		termbuf.c_lflag &= ~EXTPROC;
-# endif
-#endif	/* TIOCEXT */
-}
-#endif	/* LINEMODE */
-
-	int
-tty_isecho()
-{
-#ifndef USE_TERMIO
-	return (termbuf.sg.sg_flags & ECHO);
-#else
-	return (termbuf.c_lflag & ECHO);
-#endif
-}
-
-	int
-tty_flowmode()
-{
-#ifndef USE_TERMIO
-	return(((termbuf.tc.t_startc) > 0 && (termbuf.tc.t_stopc) > 0) ? 1 : 0);
-#else
-	return((termbuf.c_iflag & IXON) ? 1 : 0);
-#endif
-}
-
-	int
-tty_restartany()
-{
-#ifndef USE_TERMIO
-# ifdef	DECCTQ
-	return((termbuf.lflags & DECCTQ) ? 0 : 1);
-# else
-	return(-1);
-# endif
-#else
-	return((termbuf.c_iflag & IXANY) ? 1 : 0);
-#endif
-}
-
-	void
-tty_setecho(on)
-	int on;
-{
-#ifndef	USE_TERMIO
-	if (on)
-		termbuf.sg.sg_flags |= ECHO|CRMOD;
-	else
-		termbuf.sg.sg_flags &= ~(ECHO|CRMOD);
-#else
-	if (on)
-		termbuf.c_lflag |= ECHO;
-	else
-		termbuf.c_lflag &= ~ECHO;
-#endif
-}
-
-	int
-tty_israw()
-{
-#ifndef USE_TERMIO
-	return(termbuf.sg.sg_flags & RAW);
-#else
-	return(!(termbuf.c_lflag & ICANON));
-#endif
-}
-
-#if	defined (AUTHENTICATION) && defined(NO_LOGIN_F) && defined(LOGIN_R)
-	int
-tty_setraw(on)
-{
-#  ifndef USE_TERMIO
-	if (on)
-		termbuf.sg.sg_flags |= RAW;
-	else
-		termbuf.sg.sg_flags &= ~RAW;
-#  else
-	if (on)
-		termbuf.c_lflag &= ~ICANON;
-	else
-		termbuf.c_lflag |= ICANON;
-#  endif
-}
-#endif
-
-	void
-tty_binaryin(on)
-	int on;
-{
-#ifndef	USE_TERMIO
-	if (on)
-		termbuf.lflags |= LPASS8;
-	else
-		termbuf.lflags &= ~LPASS8;
-#else
-	if (on) {
-		termbuf.c_iflag &= ~ISTRIP;
-	} else {
-		termbuf.c_iflag |= ISTRIP;
-	}
-#endif
-}
-
-	void
-tty_binaryout(on)
-	int on;
-{
-#ifndef	USE_TERMIO
-	if (on)
-		termbuf.lflags |= LLITOUT;
-	else
-		termbuf.lflags &= ~LLITOUT;
-#else
-	if (on) {
-		termbuf.c_cflag &= ~(CSIZE|PARENB);
-		termbuf.c_cflag |= CS8;
-		termbuf.c_oflag &= ~OPOST;
-	} else {
-		termbuf.c_cflag &= ~CSIZE;
-		termbuf.c_cflag |= CS7|PARENB;
-		termbuf.c_oflag |= OPOST;
-	}
-#endif
-}
-
-	int
-tty_isbinaryin()
-{
-#ifndef	USE_TERMIO
-	return(termbuf.lflags & LPASS8);
-#else
-	return(!(termbuf.c_iflag & ISTRIP));
-#endif
-}
-
-	int
-tty_isbinaryout()
-{
-#ifndef	USE_TERMIO
-	return(termbuf.lflags & LLITOUT);
-#else
-	return(!(termbuf.c_oflag&OPOST));
-#endif
-}
-
-#ifdef	LINEMODE
-	int
-tty_isediting()
-{
-#ifndef USE_TERMIO
-	return(!(termbuf.sg.sg_flags & (CBREAK|RAW)));
-#else
-	return(termbuf.c_lflag & ICANON);
-#endif
-}
-
-	int
-tty_istrapsig()
-{
-#ifndef USE_TERMIO
-	return(!(termbuf.sg.sg_flags&RAW));
-#else
-	return(termbuf.c_lflag & ISIG);
-#endif
-}
-
-	void
-tty_setedit(on)
-	int on;
-{
-#ifndef USE_TERMIO
-	if (on)
-		termbuf.sg.sg_flags &= ~CBREAK;
-	else
-		termbuf.sg.sg_flags |= CBREAK;
-#else
-	if (on)
-		termbuf.c_lflag |= ICANON;
-	else
-		termbuf.c_lflag &= ~ICANON;
-#endif
-}
-
-	void
-tty_setsig(on)
-	int on;
-{
-#ifndef	USE_TERMIO
-	if (on)
-		;
-#else
-	if (on)
-		termbuf.c_lflag |= ISIG;
-	else
-		termbuf.c_lflag &= ~ISIG;
-#endif
-}
-#endif	/* LINEMODE */
-
-	int
-tty_issofttab()
-{
-#ifndef	USE_TERMIO
-	return (termbuf.sg.sg_flags & XTABS);
-#else
-# ifdef	OXTABS
-	return (termbuf.c_oflag & OXTABS);
-# endif
-# ifdef	TABDLY
-	return ((termbuf.c_oflag & TABDLY) == TAB3);
-# endif
-#endif
-}
-
-	void
-tty_setsofttab(on)
-	int on;
-{
-#ifndef	USE_TERMIO
-	if (on)
-		termbuf.sg.sg_flags |= XTABS;
-	else
-		termbuf.sg.sg_flags &= ~XTABS;
-#else
-	if (on) {
-# ifdef	OXTABS
-		termbuf.c_oflag |= OXTABS;
-# endif
-# ifdef	TABDLY
-		termbuf.c_oflag &= ~TABDLY;
-		termbuf.c_oflag |= TAB3;
-# endif
-	} else {
-# ifdef	OXTABS
-		termbuf.c_oflag &= ~OXTABS;
-# endif
-# ifdef	TABDLY
-		termbuf.c_oflag &= ~TABDLY;
-		termbuf.c_oflag |= TAB0;
-# endif
-	}
-#endif
-}
-
-	int
-tty_islitecho()
-{
-#ifndef	USE_TERMIO
-	return (!(termbuf.lflags & LCTLECH));
-#else
-# ifdef	ECHOCTL
-	return (!(termbuf.c_lflag & ECHOCTL));
-# endif
-# ifdef	TCTLECH
-	return (!(termbuf.c_lflag & TCTLECH));
-# endif
-# if	!defined(ECHOCTL) && !defined(TCTLECH)
-	return (0);	/* assumes ctl chars are echoed '^x' */
-# endif
-#endif
-}
-
-	void
-tty_setlitecho(on)
-	int on;
-{
-#ifndef	USE_TERMIO
-	if (on)
-		termbuf.lflags &= ~LCTLECH;
-	else
-		termbuf.lflags |= LCTLECH;
-#else
-# ifdef	ECHOCTL
-	if (on)
-		termbuf.c_lflag &= ~ECHOCTL;
-	else
-		termbuf.c_lflag |= ECHOCTL;
-# endif
-# ifdef	TCTLECH
-	if (on)
-		termbuf.c_lflag &= ~TCTLECH;
-	else
-		termbuf.c_lflag |= TCTLECH;
-# endif
-#endif
-}
-
-	int
-tty_iscrnl()
-{
-#ifndef	USE_TERMIO
-	return (termbuf.sg.sg_flags & CRMOD);
-#else
-	return (termbuf.c_iflag & ICRNL);
-#endif
-}
-
-/*
- * Try to guess whether speeds are "encoded" (4.2BSD) or just numeric (4.4BSD).
- */
-#if B4800 != 4800
-#define	DECODE_BAUD
-#endif
-
-#ifdef	DECODE_BAUD
-
-/*
- * A table of available terminal speeds
- */
-struct termspeeds {
-	int	speed;
-	int	value;
-} termspeeds[] = {
-	{ 0,     B0 },    { 50,    B50 },   { 75,    B75 },
-	{ 110,   B110 },  { 134,   B134 },  { 150,   B150 },
-	{ 200,   B200 },  { 300,   B300 },  { 600,   B600 },
-	{ 1200,  B1200 }, { 1800,  B1800 }, { 2400,  B2400 },
-	{ 4800,   B4800 },
-#ifdef	B7200
-	{ 7200,  B7200 },
-#endif
-	{ 9600,   B9600 },
-#ifdef	B14400
-	{ 14400,  B14400 },
-#endif
-#ifdef	B19200
-	{ 19200,  B19200 },
-#endif
-#ifdef	B28800
-	{ 28800,  B28800 },
-#endif
-#ifdef	B38400
-	{ 38400,  B38400 },
-#endif
-#ifdef	B57600
-	{ 57600,  B57600 },
-#endif
-#ifdef	B115200
-	{ 115200, B115200 },
-#endif
-#ifdef	B230400
-	{ 230400, B230400 },
-#endif
-	{ -1,     0 }
-};
-#endif	/* DECODE_BUAD */
-
-	void
-tty_tspeed(val)
-	int val;
-{
-#ifdef	DECODE_BAUD
-	register struct termspeeds *tp;
-
-	for (tp = termspeeds; (tp->speed != -1) && (val > tp->speed); tp++)
-		;
-	if (tp->speed == -1)	/* back up to last valid value */
-		--tp;
-	cfsetospeed(&termbuf, tp->value);
-#else	/* DECODE_BUAD */
-	cfsetospeed(&termbuf, val);
-#endif	/* DECODE_BUAD */
-}
-
-	void
-tty_rspeed(val)
-	int val;
-{
-#ifdef	DECODE_BAUD
-	register struct termspeeds *tp;
-
-	for (tp = termspeeds; (tp->speed != -1) && (val > tp->speed); tp++)
-		;
-	if (tp->speed == -1)	/* back up to last valid value */
-		--tp;
-	cfsetispeed(&termbuf, tp->value);
-#else	/* DECODE_BAUD */
-	cfsetispeed(&termbuf, val);
-#endif	/* DECODE_BAUD */
-}
-
-#if	defined(CRAY2) && defined(UNICOS5)
-	int
-tty_isnewmap()
-{
-	return((termbuf.c_oflag & OPOST) && (termbuf.c_oflag & ONLCR) &&
-			!(termbuf.c_oflag & ONLRET));
-}
-#endif
-
-#ifdef PARENT_DOES_UTMP
-# ifndef NEWINIT
-extern	struct utmp wtmp;
-extern char wtmpf[];
-# else	/* NEWINIT */
-int	gotalarm;
-
-	/* ARGSUSED */
-	void
-nologinproc(sig)
-	int sig;
-{
-	gotalarm++;
-}
-# endif	/* NEWINIT */
-#endif /* PARENT_DOES_UTMP */
-
-#ifndef	NEWINIT
-# ifdef PARENT_DOES_UTMP
-extern void utmp_sig_init P((void));
-extern void utmp_sig_reset P((void));
-extern void utmp_sig_wait P((void));
-extern void utmp_sig_notify P((int));
-# endif /* PARENT_DOES_UTMP */
-#endif
-
-/*
- * getptyslave()
- *
- * Open the slave side of the pty, and do any initialization
- * that is necessary.  The return value is a file descriptor
- * for the slave side.
- */
-	int
-getptyslave()
-{
-	register int t = -1;
-	char erase;
-
-#if	!defined(CRAY) || !defined(NEWINIT)
-# ifdef	LINEMODE
-	int waslm;
-# endif
-# ifdef	TIOCGWINSZ
-	struct winsize ws;
-	extern int def_row, def_col;
-# endif
-	extern int def_tspeed, def_rspeed;
-	/*
-	 * Opening the slave side may cause initilization of the
-	 * kernel tty structure.  We need remember the state of
-	 * 	if linemode was turned on
-	 *	terminal window size
-	 *	terminal speed
-	 *	erase character
-	 * so that we can re-set them if we need to.
-	 */
-# ifdef	LINEMODE
-	waslm = tty_linemode();
-# endif
-	erase = termbuf.c_cc[VERASE];
-
-	/*
-	 * Make sure that we don't have a controlling tty, and
-	 * that we are the session (process group) leader.
-	 */
-# ifdef	TIOCNOTTY
-	t = open(_PATH_TTY, O_RDWR);
-	if (t >= 0) {
-		(void) ioctl(t, TIOCNOTTY, (char *)0);
-		(void) close(t);
-	}
-# endif
-
-
-# ifdef PARENT_DOES_UTMP
-	/*
-	 * Wait for our parent to get the utmp stuff to get done.
-	 */
-	utmp_sig_wait();
-# endif
-
-	t = cleanopen(line);
-	if (t < 0)
-		fatalperror(net, line);
-
-#ifdef  STREAMSPTY
-#ifdef	USE_TERMIO
-	ttyfd = t;
-#endif
-	if (ioctl(t, I_PUSH, "ptem") < 0)
-		fatal(net, "I_PUSH ptem");
-	if (ioctl(t, I_PUSH, "ldterm") < 0)
-		fatal(net, "I_PUSH ldterm");
-	if (ioctl(t, I_PUSH, "ttcompat") < 0)
-		fatal(net, "I_PUSH ttcompat");
-	if (ioctl(pty, I_PUSH, "pckt") < 0)
-		fatal(net, "I_PUSH pckt");
-#endif
-
-	/*
-	 * set up the tty modes as we like them to be.
-	 */
-	init_termbuf();
-# ifdef	TIOCGWINSZ
-	if (def_row || def_col) {
-		memset((char *)&ws, 0, sizeof(ws));
-		ws.ws_col = def_col;
-		ws.ws_row = def_row;
-		(void)ioctl(t, TIOCSWINSZ, (char *)&ws);
-	}
-# endif
-
-	/*
-	 * Settings for sgtty based systems
-	 */
-# ifndef	USE_TERMIO
-	termbuf.sg.sg_flags |= CRMOD|ANYP|ECHO|XTABS;
-# endif	/* USE_TERMIO */
-
-	/*
-	 * Settings for UNICOS (and HPUX)
-	 */
-# if defined(CRAY) || defined(__hpux)
-	termbuf.c_oflag = OPOST|ONLCR|TAB3;
-	termbuf.c_iflag = IGNPAR|ISTRIP|ICRNL|IXON;
-	termbuf.c_lflag = ISIG|ICANON|ECHO|ECHOE|ECHOK;
-	termbuf.c_cflag = EXTB|HUPCL|CS8;
-# endif
-
-	/*
-	 * Settings for all other termios/termio based
-	 * systems, other than 4.4BSD.  In 4.4BSD the
-	 * kernel does the initial terminal setup.
-	 */
-# if defined(USE_TERMIO) && !(defined(CRAY) || defined(__hpux)) && (BSD <= 43)
-#  ifndef	OXTABS
-#   define OXTABS	0
-#  endif
-	termbuf.c_lflag |= ECHO;
-	termbuf.c_oflag |= ONLCR|OXTABS;
-	termbuf.c_iflag |= ICRNL;
-	termbuf.c_iflag &= ~IXOFF;
-# endif /* defined(USE_TERMIO) && !defined(CRAY) && (BSD <= 43) */
-	tty_rspeed((def_rspeed > 0) ? def_rspeed : 9600);
-	tty_tspeed((def_tspeed > 0) ? def_tspeed : 9600);
-	if (erase)
-		termbuf.c_cc[VERASE] = erase;
-# ifdef	LINEMODE
-	if (waslm)
-		tty_setlinemode(1);
-# endif	/* LINEMODE */
-
-	/*
-	 * Set the tty modes, and make this our controlling tty.
-	 */
-	set_termbuf();
-	if (login_tty(t) == -1)
-		fatalperror(net, "login_tty");
-#endif	/* !defined(CRAY) || !defined(NEWINIT) */
-	if (net > 2)
-		(void) close(net);
-#if	defined(AUTHENTICATION) && defined(NO_LOGIN_F) && defined(LOGIN_R)
-	/*
-	 * Leave the pty open so that we can write out the rlogin
-	 * protocol for /bin/login, if the authentication works.
-	 */
-#else
-	if (pty > 2) {
-		(void) close(pty);
-		pty = -1;
-	}
-#endif
-}
-
-#if	!defined(CRAY) || !defined(NEWINIT)
-#ifndef	O_NOCTTY
-#define	O_NOCTTY	0
-#endif
-/*
- * Open the specified slave side of the pty,
- * making sure that we have a clean tty.
- */
-	int
-cleanopen(line)
-	char *line;
-{
-	register int t;
-#ifdef	UNICOS7x
-	struct secstat secbuf;
-#endif	/* UNICOS7x */
-
-#ifndef STREAMSPTY
-	/*
-	 * Make sure that other people can't open the
-	 * slave side of the connection.
-	 */
-	(void) chown(line, 0, 0);
-	(void) chmod(line, 0600);
-#endif
-
-# if !defined(CRAY) && (BSD > 43)
-	(void) revoke(line);
-# endif
-#ifdef	UNICOS7x
-	if (secflag) {
-		if (secstat(line, &secbuf) < 0)
-			return(-1);
-		if (setulvl(secbuf.st_slevel) < 0)
-			return(-1);
-		if (setucmp(secbuf.st_compart) < 0)
-			return(-1);
-	}
-#endif	/* UNICOS7x */
-
-	t = open(line, O_RDWR|O_NOCTTY);
-
-#ifdef	UNICOS7x
-	if (secflag) {
-		if (setulvl(sysv.sy_minlvl) < 0)
-			return(-1);
-		if (setucmp(0) < 0)
-			return(-1);
-	}
-#endif	/* UNICOS7x */
-
-	if (t < 0)
-		return(-1);
-
-	/*
-	 * Hangup anybody else using this ttyp, then reopen it for
-	 * ourselves.
-	 */
-# if !(defined(CRAY) || defined(__hpux)) && (BSD <= 43) && !defined(STREAMSPTY)
-	(void) signal(SIGHUP, SIG_IGN);
-	vhangup();
-	(void) signal(SIGHUP, SIG_DFL);
-	t = open(line, O_RDWR|O_NOCTTY);
-	if (t < 0)
-		return(-1);
-# endif
-# if	defined(CRAY) && defined(TCVHUP)
-	{
-		register int i;
-		(void) signal(SIGHUP, SIG_IGN);
-		(void) ioctl(t, TCVHUP, (char *)0);
-		(void) signal(SIGHUP, SIG_DFL);
-
-#ifdef	UNICOS7x
-		if (secflag) {
-			if (secstat(line, &secbuf) < 0)
-				return(-1);
-			if (setulvl(secbuf.st_slevel) < 0)
-				return(-1);
-			if (setucmp(secbuf.st_compart) < 0)
-				return(-1);
-		}
-#endif	/* UNICOS7x */
-
-		i = open(line, O_RDWR);
-
-#ifdef	UNICOS7x
-		if (secflag) {
-			if (setulvl(sysv.sy_minlvl) < 0)
-				return(-1);
-			if (setucmp(0) < 0)
-				return(-1);
-		}
-#endif	/* UNICOS7x */
-
-		if (i < 0)
-			return(-1);
-		(void) close(t);
-		t = i;
-	}
-# endif	/* defined(CRAY) && defined(TCVHUP) */
-	return(t);
-}
-#endif	/* !defined(CRAY) || !defined(NEWINIT) */
-
-#if BSD <= 43
-
-	int
-login_tty(t)
-	int t;
-{
-	if (setsid() < 0) {
-#ifdef ultrix
-		/*
-		 * The setsid() may have failed because we
-		 * already have a pgrp == pid.  Zero out
-		 * our pgrp and try again...
-		 */
-		if ((setpgrp(0, 0) < 0) || (setsid() < 0))
-#endif
-			fatalperror(net, "setsid()");
-	}
-# ifdef	TIOCSCTTY
-	if (ioctl(t, TIOCSCTTY, (char *)0) < 0)
-		fatalperror(net, "ioctl(sctty)");
-#  if defined(CRAY)
-	/*
-	 * Close the hard fd to /dev/ttypXXX, and re-open through
-	 * the indirect /dev/tty interface.
-	 */
-	close(t);
-	if ((t = open("/dev/tty", O_RDWR)) < 0)
-		fatalperror(net, "open(/dev/tty)");
-#  endif
-# else
-	/*
-	 * We get our controlling tty assigned as a side-effect
-	 * of opening up a tty device.  But on BSD based systems,
-	 * this only happens if our process group is zero.  The
-	 * setsid() call above may have set our pgrp, so clear
-	 * it out before opening the tty...
-	 */
-#  ifndef SOLARIS
-	(void) setpgrp(0, 0);
-#  else
-	(void) setpgrp();
-#  endif
-	close(open(line, O_RDWR));
-# endif
-	if (t != 0)
-		(void) dup2(t, 0);
-	if (t != 1)
-		(void) dup2(t, 1);
-	if (t != 2)
-		(void) dup2(t, 2);
-	if (t > 2)
-		close(t);
-	return(0);
-}
-#endif	/* BSD <= 43 */
-
-#ifdef	NEWINIT
-char *gen_id = "fe";
-#endif
-
-/*
- * startslave(host)
- *
- * Given a hostname, do whatever
- * is necessary to startup the login process on the slave side of the pty.
- */
-
-/* ARGSUSED */
-	void
-startslave(host, autologin, autoname)
-	char *host;
-	int autologin;
-	char *autoname;
-{
-	register int i;
-	long time();
-	char name[256];
-#ifdef	NEWINIT
-	extern char *ptyip;
-	struct init_request request;
-	void nologinproc();
-	register int n;
-#endif	/* NEWINIT */
-
-#if	defined(AUTHENTICATION)
-	if (!autoname || !autoname[0])
-		autologin = 0;
-
-	if (autologin < auth_level) {
-		fatal(net, "Authorization failed");
-		exit(1);
-	}
-#endif
-
-#ifndef	NEWINIT
-# ifdef	PARENT_DOES_UTMP
-	utmp_sig_init();
-# endif	/* PARENT_DOES_UTMP */
-
-	if ((i = fork()) < 0)
-		fatalperror(net, "fork");
-	if (i) {
-# ifdef PARENT_DOES_UTMP
-		/*
-		 * Cray parent will create utmp entry for child and send
-		 * signal to child to tell when done.  Child waits for signal
-		 * before doing anything important.
-		 */
-		register int pid = i;
-		void sigjob P((int));
-
-		setpgrp();
-		utmp_sig_reset();		/* reset handler to default */
-		/*
-		 * Create utmp entry for child
-		 */
-		(void) time(&wtmp.ut_time);
-		wtmp.ut_type = LOGIN_PROCESS;
-		wtmp.ut_pid = pid;
-		SCPYN(wtmp.ut_user, "LOGIN");
-		SCPYN(wtmp.ut_host, host);
-		SCPYN(wtmp.ut_line, line + sizeof("/dev/") - 1);
-#ifndef	__hpux
-		SCPYN(wtmp.ut_id, wtmp.ut_line+3);
-#else
-		SCPYN(wtmp.ut_id, wtmp.ut_line+7);
-#endif
-		pututline(&wtmp);
-		endutent();
-		if ((i = open(wtmpf, O_WRONLY|O_APPEND)) >= 0) {
-			(void) write(i, (char *)&wtmp, sizeof(struct utmp));
-			(void) close(i);
-		}
-#ifdef	CRAY
-		(void) signal(WJSIGNAL, sigjob);
-#endif
-		utmp_sig_notify(pid);
-# endif	/* PARENT_DOES_UTMP */
-	} else {
-		getptyslave(autologin);
-		start_login(host, autologin, autoname);
-		/*NOTREACHED*/
-	}
-#else	/* NEWINIT */
-
-	/*
-	 * Init will start up login process if we ask nicely.  We only wait
-	 * for it to start up and begin normal telnet operation.
-	 */
-	if ((i = open(INIT_FIFO, O_WRONLY)) < 0) {
-		char tbuf[128];
-		(void) sprintf(tbuf, "Can't open %s\n", INIT_FIFO);
-		fatalperror(net, tbuf);
-	}
-	memset((char *)&request, 0, sizeof(request));
-	request.magic = INIT_MAGIC;
-	SCPYN(request.gen_id, gen_id);
-	SCPYN(request.tty_id, &line[8]);
-	SCPYN(request.host, host);
-	SCPYN(request.term_type, terminaltype ? terminaltype : "network");
-#if	!defined(UNICOS5)
-	request.signal = SIGCLD;
-	request.pid = getpid();
-#endif
-#ifdef BFTPDAEMON
-	/*
-	 * Are we working as the bftp daemon?
-	 */
-	if (bftpd) {
-		SCPYN(request.exec_name, BFTPPATH);
-	}
-#endif /* BFTPDAEMON */
-	if (write(i, (char *)&request, sizeof(request)) < 0) {
-		char tbuf[128];
-		(void) sprintf(tbuf, "Can't write to %s\n", INIT_FIFO);
-		fatalperror(net, tbuf);
-	}
-	(void) close(i);
-	(void) signal(SIGALRM, nologinproc);
-	for (i = 0; ; i++) {
-		char tbuf[128];
-		alarm(15);
-		n = read(pty, ptyip, BUFSIZ);
-		if (i == 3 || n >= 0 || !gotalarm)
-			break;
-		gotalarm = 0;
-		sprintf(tbuf, "telnetd: waiting for /etc/init to start login process on %s\r\n", line);
-		(void) write(net, tbuf, strlen(tbuf));
-	}
-	if (n < 0 && gotalarm)
-		fatal(net, "/etc/init didn't start login process");
-	pcc += n;
-	alarm(0);
-	(void) signal(SIGALRM, SIG_DFL);
-
-	return;
-#endif	/* NEWINIT */
-}
-
-char	*envinit[3];
-extern char **environ;
-
-	void
-init_env()
-{
-	extern char *getenv();
-	char **envp;
-
-	envp = envinit;
-	if (*envp = getenv("TZ"))
-		*envp++ -= 3;
-#if	defined(CRAY) || defined(__hpux)
-	else
-		*envp++ = "TZ=GMT0";
-#endif
-	*envp = 0;
-	environ = envinit;
-}
-
-#ifndef	NEWINIT
-
-/*
- * start_login(host)
- *
- * Assuming that we are now running as a child processes, this
- * function will turn us into the login process.
- */
-
-	void
-start_login(host, autologin, name)
-	char *host;
-	int autologin;
-	char *name;
-{
-	register char *cp;
-	register char **argv;
-	char **addarg(), *user;
-	extern char *getenv();
-#ifdef	UTMPX
-	register int pid = getpid();
-	struct utmpx utmpx;
-#endif
-#ifdef SOLARIS
-	char *term;
-	char termbuf[64];
-#endif
-
-#ifdef	UTMPX
-	/*
-	 * Create utmp entry for child
-	 */
-
-	memset(&utmpx, 0, sizeof(utmpx));
-	SCPYN(utmpx.ut_user, ".telnet");
-	SCPYN(utmpx.ut_line, line + sizeof("/dev/") - 1);
-	utmpx.ut_pid = pid;
-	utmpx.ut_id[0] = 't';
-	utmpx.ut_id[1] = 'n';
-	utmpx.ut_id[2] = SC_WILDC;
-	utmpx.ut_id[3] = SC_WILDC;
-	utmpx.ut_type = LOGIN_PROCESS;
-	(void) time(&utmpx.ut_tv.tv_sec);
-	if (makeutx(&utmpx) == NULL)
-		fatal(net, "makeutx failed");
-#endif
-
-	scrub_env();
-
-	/*
-	 * -h : pass on name of host.
-	 *		WARNING:  -h is accepted by login if and only if
-	 *			getuid() == 0.
-	 * -p : don't clobber the environment (so terminal type stays set).
-	 *
-	 * -f : force this login, he has already been authenticated
-	 */
-	argv = addarg(0, "login");
-
-#if	!defined(NO_LOGIN_H)
-
-# if	defined (AUTHENTICATION) && defined(NO_LOGIN_F) && defined(LOGIN_R)
-	/*
-	 * Don't add the "-h host" option if we are going
-	 * to be adding the "-r host" option down below...
-	 */
-	if ((auth_level < 0) || (autologin != AUTH_VALID))
-# endif
-	{
-		argv = addarg(argv, "-h");
-		argv = addarg(argv, host);
-#ifdef	SOLARIS
-		/*
-		 * SVR4 version of -h takes TERM= as second arg, or -
-		 */
-		term = getenv("TERM");
-		if (term == NULL || term[0] == 0) {
-			term = "-";
-		} else {
-			strcpy(termbuf, "TERM=");
-			strncat(termbuf, term, sizeof(termbuf) - 6);
-			term = termbuf;
-		}
-		argv = addarg(argv, term);
-#endif
-	}
-#endif
-#if	!defined(NO_LOGIN_P)
-	argv = addarg(argv, "-p");
-#endif
-#ifdef	LINEMODE
-	/*
-	 * Set the environment variable "LINEMODE" to either
-	 * "real" or "kludge" if we are operating in either
-	 * real or kludge linemode.
-	 */
-	if (lmodetype == REAL_LINEMODE)
-		setenv("LINEMODE", "real", 1);
-# ifdef KLUDGELINEMODE
-	else if (lmodetype == KLUDGE_LINEMODE || lmodetype == KLUDGE_OK)
-		setenv("LINEMODE", "kludge", 1);
-# endif
-#endif
-#ifdef	BFTPDAEMON
-	/*
-	 * Are we working as the bftp daemon?  If so, then ask login
-	 * to start bftp instead of shell.
-	 */
-	if (bftpd) {
-		argv = addarg(argv, "-e");
-		argv = addarg(argv, BFTPPATH);
-	} else
-#endif
-#if	defined (SecurID)
-	/*
-	 * don't worry about the -f that might get sent.
-	 * A -s is supposed to override it anyhow.
-	 */
-	if (require_SecurID)
-		argv = addarg(argv, "-s");
-#endif
-#if	defined (AUTHENTICATION)
-	if (auth_level >= 0 && autologin == AUTH_VALID) {
-# if	!defined(NO_LOGIN_F)
-		argv = addarg(argv, "-f");
-		argv = addarg(argv, name);
-# else
-#  if defined(LOGIN_R)
-		/*
-		 * We don't have support for "login -f", but we
-		 * can fool /bin/login into thinking that we are
-		 * rlogind, and allow us to log in without a
-		 * password.  The rlogin protocol expects
-		 *	local-user\0remote-user\0term/speed\0
-		 */
-
-		if (pty > 2) {
-			register char *cp;
-			char speed[128];
-			int isecho, israw, xpty, len;
-			extern int def_rspeed;
-#  ifndef LOGIN_HOST
-			/*
-			 * Tell login that we are coming from "localhost".
-			 * If we passed in the real host name, then the
-			 * user would have to allow .rhost access from
-			 * every machine that they want authenticated
-			 * access to work from, which sort of defeats
-			 * the purpose of an authenticated login...
-			 * So, we tell login that the session is coming
-			 * from "localhost", and the user will only have
-			 * to have "localhost" in their .rhost file.
-			 */
-#			define LOGIN_HOST "localhost"
-#  endif
-			argv = addarg(argv, "-r");
-			argv = addarg(argv, LOGIN_HOST);
-
-			xpty = pty;
-# ifndef  STREAMSPTY
-			pty = 0;
-# else
-			ttyfd = 0;
-# endif
-			init_termbuf();
-			isecho = tty_isecho();
-			israw = tty_israw();
-			if (isecho || !israw) {
-				tty_setecho(0);		/* Turn off echo */
-				tty_setraw(1);		/* Turn on raw */
-				set_termbuf();
-			}
-			len = strlen(name)+1;
-			write(xpty, name, len);
-			write(xpty, name, len);
-			sprintf(speed, "%s/%d", (cp = getenv("TERM")) ? cp : "",
-				(def_rspeed > 0) ? def_rspeed : 9600);
-			len = strlen(speed)+1;
-			write(xpty, speed, len);
-
-			if (isecho || !israw) {
-				init_termbuf();
-				tty_setecho(isecho);
-				tty_setraw(israw);
-				set_termbuf();
-				if (!israw) {
-					/*
-					 * Write a newline to ensure
-					 * that login will be able to
-					 * read the line...
-					 */
-					write(xpty, "\n", 1);
-				}
-			}
-			pty = xpty;
-		}
-#  else
-		argv = addarg(argv, name);
-#  endif
-# endif
-	} else
-#endif
-	if (user = getenv("USER")) {
-	if (strchr(user, '-')) {
-			syslog(LOG_ERR, "tried to pass user \"%s\" to login",
-			       user);
-			fatal(net, "invalid user");
-		}
-		argv = addarg(argv, getenv("USER"));
-#if	defined(LOGIN_ARGS) && defined(NO_LOGIN_P)
-		{
-			register char **cpp;
-			for (cpp = environ; *cpp; cpp++)
-				argv = addarg(argv, *cpp);
-		}
-#endif
-		/*
-		 * Assume that login will set the USER variable
-		 * correctly.  For SysV systems, this means that
-		 * USER will no longer be set, just LOGNAME by
-		 * login.  (The problem is that if the auto-login
-		 * fails, and the user then specifies a different
-		 * account name, he can get logged in with both
-		 * LOGNAME and USER in his environment, but the
-		 * USER value will be wrong.
-		 */
-		unsetenv("USER");
-	}
-#ifdef	SOLARIS
-	else {
-		char **p;
-
-		argv = addarg(argv, "");	/* no login name */
-		for (p = environ; *p; p++) {
-			argv = addarg(argv, *p);
-		}
-	}
-#endif	/* SOLARIS */
-#if	defined(AUTHENTICATION) && defined(NO_LOGIN_F) && defined(LOGIN_R)
-	if (pty > 2)
-		close(pty);
-#endif
-	closelog();
-	execv(_PATH_LOGIN, argv);
-
-	syslog(LOG_ERR, "%s: %m\n", _PATH_LOGIN);
-	fatalperror(net, _PATH_LOGIN);
-	/*NOTREACHED*/
-}
-
-	char **
-addarg(argv, val)
-	register char **argv;
-	register char *val;
-{
-	register char **cpp;
-
-	if (argv == NULL) {
-		/*
-		 * 10 entries, a leading length, and a null
-		 */
-		argv = (char **)malloc(sizeof(*argv) * 12);
-		if (argv == NULL)
-			return(NULL);
-		*argv++ = (char *)10;
-		*argv = (char *)0;
-	}
-	for (cpp = argv; *cpp; cpp++)
-		;
-	if (cpp == &argv[(int)argv[-1]]) {
-		--argv;
-		*argv = (char *)((int)(*argv) + 10);
-		argv = (char **)realloc(argv, sizeof(*argv)*((int)(*argv) + 2));
-		if (argv == NULL)
-			return(NULL);
-		argv++;
-		cpp = &argv[(int)argv[-1] - 10];
-	}
-	*cpp++ = val;
-	*cpp = 0;
-	return(argv);
-}
-#endif	/* NEWINIT */
-
-/*
- * scrub_env()
- *
- * Remove a few things from the environment that
- * don't need to be there.
- */
-scrub_env()
-{
-	register char **cpp, **cpp2;
-
-	for (cpp2 = cpp = environ; *cpp; cpp++) {
-#ifdef __FreeBSD__
-		if (strncmp(*cpp, "LD_LIBRARY_PATH=", 16) &&
-		    strncmp(*cpp, "LD_PRELOAD=", 11) &&
-#else
-		if (strncmp(*cpp, "LD_", 3) &&
-		    strncmp(*cpp, "_RLD_", 5) &&
-		    strncmp(*cpp, "LIBPATH=", 8) &&
-#endif
-		    strncmp(*cpp, "IFS=", 4))
-			*cpp2++ = *cpp;
-	}
-	*cpp2 = 0;
-}
-
-/*
- * cleanup()
- *
- * This is the routine to call when we are all through, to
- * clean up anything that needs to be cleaned up.
- */
-	/* ARGSUSED */
-	void
-cleanup(sig)
-	int sig;
-{
-#ifndef	PARENT_DOES_UTMP
-# if (BSD > 43) || defined(convex)
-	char *p;
-
-	p = line + sizeof("/dev/") - 1;
-	if (logout(p))
-		logwtmp(p, "", "");
-	(void)chmod(line, 0666);
-	(void)chown(line, 0, 0);
-	*p = 'p';
-	(void)chmod(line, 0666);
-	(void)chown(line, 0, 0);
-	(void) shutdown(net, 2);
-	exit(1);
-# else
-	void rmut();
-
-	rmut();
-	vhangup();	/* XXX */
-	(void) shutdown(net, 2);
-	exit(1);
-# endif
-#else	/* PARENT_DOES_UTMP */
-# ifdef	NEWINIT
-	(void) shutdown(net, 2);
-	exit(1);
-# else	/* NEWINIT */
-#  ifdef CRAY
-	static int incleanup = 0;
-	register int t;
-	int child_status; /* status of child process as returned by waitpid */
-	int flags = WNOHANG|WUNTRACED;
-
-	/*
-	 * 1: Pick up the zombie, if we are being called
-	 *    as the signal handler.
-	 * 2: If we are a nested cleanup(), return.
-	 * 3: Try to clean up TMPDIR.
-	 * 4: Fill in utmp with shutdown of process.
-	 * 5: Close down the network and pty connections.
-	 * 6: Finish up the TMPDIR cleanup, if needed.
-	 */
-	if (sig == SIGCHLD) {
-		while (waitpid(-1, &child_status, flags) > 0)
-			;	/* VOID */
-		/* Check if the child process was stopped
-		 * rather than exited.  We want cleanup only if
-		 * the child has died.
-		 */
-		if (WIFSTOPPED(child_status)) {
-			return;
-		}
-	}
-	t = sigblock(sigmask(SIGCHLD));
-	if (incleanup) {
-		sigsetmask(t);
-		return;
-	}
-	incleanup = 1;
-	sigsetmask(t);
-#ifdef	UNICOS7x
-	if (secflag) {
-		/*
-		 *	We need to set ourselves back to a null
-		 *	label to clean up.
-		 */
-
-		setulvl(sysv.sy_minlvl);
-		setucmp((long)0);
-	}
-#endif	/* UNICOS7x */
-
-	t = cleantmp(&wtmp);
-	setutent();	/* just to make sure */
-#  endif /* CRAY */
-	rmut(line);
-	close(pty);
-	(void) shutdown(net, 2);
-#  ifdef CRAY
-	if (t == 0)
-		cleantmp(&wtmp);
-#  endif /* CRAY */
-	exit(1);
-# endif	/* NEWINT */
-#endif	/* PARENT_DOES_UTMP */
-}
-
-#if defined(PARENT_DOES_UTMP) && !defined(NEWINIT)
-/*
- * _utmp_sig_rcv
- * utmp_sig_init
- * utmp_sig_wait
- *	These three functions are used to coordinate the handling of
- *	the utmp file between the server and the soon-to-be-login shell.
- *	The server actually creates the utmp structure, the child calls
- *	utmp_sig_wait(), until the server calls utmp_sig_notify() and
- *	signals the future-login shell to proceed.
- */
-static int caught=0;		/* NZ when signal intercepted */
-static void (*func)();		/* address of previous handler */
-
-	void
-_utmp_sig_rcv(sig)
-	int sig;
-{
-	caught = 1;
-	(void) signal(SIGUSR1, func);
-}
-
-	void
-utmp_sig_init()
-{
-	/*
-	 * register signal handler for UTMP creation
-	 */
-	if ((int)(func = signal(SIGUSR1, _utmp_sig_rcv)) == -1)
-		fatalperror(net, "telnetd/signal");
-}
-
-	void
-utmp_sig_reset()
-{
-	(void) signal(SIGUSR1, func);	/* reset handler to default */
-}
-
-# ifdef __hpux
-# define sigoff() /* do nothing */
-# define sigon() /* do nothing */
-# endif
-
-	void
-utmp_sig_wait()
-{
-	/*
-	 * Wait for parent to write our utmp entry.
-	 */
-	sigoff();
-	while (caught == 0) {
-		pause();	/* wait until we get a signal (sigon) */
-		sigoff();	/* turn off signals while we check caught */
-	}
-	sigon();		/* turn on signals again */
-}
-
-	void
-utmp_sig_notify(pid)
-{
-	kill(pid, SIGUSR1);
-}
-
-# ifdef CRAY
-static int gotsigjob = 0;
-
-	/*ARGSUSED*/
-	void
-sigjob(sig)
-	int sig;
-{
-	register int jid;
-	register struct jobtemp *jp;
-
-	while ((jid = waitjob(NULL)) != -1) {
-		if (jid == 0) {
-			return;
-		}
-		gotsigjob++;
-		jobend(jid, NULL, NULL);
-	}
-}
-
-/*
- *	jid_getutid:
- *		called by jobend() before calling cleantmp()
- *		to find the correct $TMPDIR to cleanup.
- */
-
-	struct utmp *
-jid_getutid(jid)
-	int jid;
-{
-	struct utmp *cur = NULL;
-
-	setutent();	/* just to make sure */
-	while (cur = getutent()) {
-		if ( (cur->ut_type != NULL) && (jid == cur->ut_jid) ) {
-			return(cur);
-		}
-	}
-
-	return(0);
-}
-
-/*
- * Clean up the TMPDIR that login created.
- * The first time this is called we pick up the info
- * from the utmp.  If the job has already gone away,
- * then we'll clean up and be done.  If not, then
- * when this is called the second time it will wait
- * for the signal that the job is done.
- */
-	int
-cleantmp(wtp)
-	register struct utmp *wtp;
-{
-	struct utmp *utp;
-	static int first = 1;
-	register int mask, omask, ret;
-	extern struct utmp *getutid P((const struct utmp *_Id));
-
-
-	mask = sigmask(WJSIGNAL);
-
-	if (first == 0) {
-		omask = sigblock(mask);
-		while (gotsigjob == 0)
-			sigpause(omask);
-		return(1);
-	}
-	first = 0;
-	setutent();	/* just to make sure */
-
-	utp = getutid(wtp);
-	if (utp == 0) {
-		syslog(LOG_ERR, "Can't get /etc/utmp entry to clean TMPDIR");
-		return(-1);
-	}
-	/*
-	 * Nothing to clean up if the user shell was never started.
-	 */
-	if (utp->ut_type != USER_PROCESS || utp->ut_jid == 0)
-		return(1);
-
-	/*
-	 * Block the WJSIGNAL while we are in jobend().
-	 */
-	omask = sigblock(mask);
-	ret = jobend(utp->ut_jid, utp->ut_tpath, utp->ut_user);
-	sigsetmask(omask);
-	return(ret);
-}
-
-	int
-jobend(jid, path, user)
-	register int jid;
-	register char *path;
-	register char *user;
-{
-	static int saved_jid = 0;
-	static int pty_saved_jid = 0;
-	static char saved_path[sizeof(wtmp.ut_tpath)+1];
-	static char saved_user[sizeof(wtmp.ut_user)+1];
-
-	/*
-	 * this little piece of code comes into play
-	 * only when ptyreconnect is used to reconnect
-	 * to an previous session.
-	 *
-	 * this is the only time when the
-	 * "saved_jid != jid" code is executed.
-	 */
-
-	if ( saved_jid && saved_jid != jid ) {
-		if (!path) {	/* called from signal handler */
-			pty_saved_jid = jid;
-		} else {
-			pty_saved_jid = saved_jid;
-		}
-	}
-
-	if (path) {
-		strncpy(saved_path, path, sizeof(wtmp.ut_tpath));
-		strncpy(saved_user, user, sizeof(wtmp.ut_user));
-		saved_path[sizeof(saved_path)] = '\0';
-		saved_user[sizeof(saved_user)] = '\0';
-	}
-	if (saved_jid == 0) {
-		saved_jid = jid;
-		return(0);
-	}
-
-	/* if the jid has changed, get the correct entry from the utmp file */
-
-	if ( saved_jid != jid ) {
-		struct utmp *utp = NULL;
-		struct utmp *jid_getutid();
-
-		utp = jid_getutid(pty_saved_jid);
-
-		if (utp == 0) {
-			syslog(LOG_ERR, "Can't get /etc/utmp entry to clean TMPDIR");
-			return(-1);
-		}
-
-		cleantmpdir(jid, utp->ut_tpath, utp->ut_user);
-		return(1);
-	}
-
-	cleantmpdir(jid, saved_path, saved_user);
-	return(1);
-}
-
-/*
- * Fork a child process to clean up the TMPDIR
- */
-cleantmpdir(jid, tpath, user)
-	register int jid;
-	register char *tpath;
-	register char *user;
-{
-	switch(fork()) {
-	case -1:
-		syslog(LOG_ERR, "TMPDIR cleanup(%s): fork() failed: %m\n",
-							tpath);
-		break;
-	case 0:
-		execl(CLEANTMPCMD, CLEANTMPCMD, user, tpath, 0);
-		syslog(LOG_ERR, "TMPDIR cleanup(%s): execl(%s) failed: %m\n",
-							tpath, CLEANTMPCMD);
-		exit(1);
-	default:
-		/*
-		 * Forget about child.  We will exit, and
-		 * /etc/init will pick it up.
-		 */
-		break;
-	}
-}
-# endif /* CRAY */
-#endif	/* defined(PARENT_DOES_UTMP) && !defined(NEWINIT) */
-
-/*
- * rmut()
- *
- * This is the function called by cleanup() to
- * remove the utmp entry for this person.
- */
-
-#ifdef	UTMPX
-	void
-rmut()
-{
-	register f;
-	int found = 0;
-	struct utmp *u, *utmp;
-	int nutmp;
-	struct stat statbf;
-
-	struct utmpx *utxp, utmpx;
-
-	/*
-	 * This updates the utmpx and utmp entries and make a wtmp/x entry
-	 */
-
-	SCPYN(utmpx.ut_line, line + sizeof("/dev/") - 1);
-	utxp = getutxline(&utmpx);
-	if (utxp) {
-		utxp->ut_type = DEAD_PROCESS;
-		utxp->ut_exit.e_termination = 0;
-		utxp->ut_exit.e_exit = 0;
-		(void) time(&utmpx.ut_tv.tv_sec);
-		utmpx.ut_tv.tv_usec = 0;
-		modutx(utxp);
-	}
-	endutxent();
-}  /* end of rmut */
-#endif
-
-#if	!defined(UTMPX) && !(defined(CRAY) || defined(__hpux)) && BSD <= 43
-	void
-rmut()
-{
-	register f;
-	int found = 0;
-	struct utmp *u, *utmp;
-	int nutmp;
-	struct stat statbf;
-
-	f = open(utmpf, O_RDWR);
-	if (f >= 0) {
-		(void) fstat(f, &statbf);
-		utmp = (struct utmp *)malloc((unsigned)statbf.st_size);
-		if (!utmp)
-			syslog(LOG_ERR, "utmp malloc failed");
-		if (statbf.st_size && utmp) {
-			nutmp = read(f, (char *)utmp, (int)statbf.st_size);
-			nutmp /= sizeof(struct utmp);
-
-			for (u = utmp ; u < &utmp[nutmp] ; u++) {
-				if (SCMPN(u->ut_line, line+5) ||
-				    u->ut_name[0]==0)
-					continue;
-				(void) lseek(f, ((long)u)-((long)utmp), L_SET);
-				SCPYN(u->ut_name, "");
-				SCPYN(u->ut_host, "");
-				(void) time(&u->ut_time);
-				(void) write(f, (char *)u, sizeof(wtmp));
-				found++;
-			}
-		}
-		(void) close(f);
-	}
-	if (found) {
-		f = open(wtmpf, O_WRONLY|O_APPEND);
-		if (f >= 0) {
-			SCPYN(wtmp.ut_line, line+5);
-			SCPYN(wtmp.ut_name, "");
-			SCPYN(wtmp.ut_host, "");
-			(void) time(&wtmp.ut_time);
-			(void) write(f, (char *)&wtmp, sizeof(wtmp));
-			(void) close(f);
-		}
-	}
-	(void) chmod(line, 0666);
-	(void) chown(line, 0, 0);
-	line[strlen("/dev/")] = 'p';
-	(void) chmod(line, 0666);
-	(void) chown(line, 0, 0);
-}  /* end of rmut */
-#endif	/* CRAY */
-
-#ifdef __hpux
-rmut (line)
-char *line;
-{
-	struct utmp utmp;
-	struct utmp *utptr;
-	int fd;			/* for /etc/wtmp */
-
-	utmp.ut_type = USER_PROCESS;
-	(void) strncpy(utmp.ut_id, line+12, sizeof(utmp.ut_id));
-	(void) setutent();
-	utptr = getutid(&utmp);
-	/* write it out only if it exists */
-	if (utptr) {
-		utptr->ut_type = DEAD_PROCESS;
-		utptr->ut_time = time((long *) 0);
-		(void) pututline(utptr);
-		/* set wtmp entry if wtmp file exists */
-		if ((fd = open(wtmpf, O_WRONLY | O_APPEND)) >= 0) {
-			(void) write(fd, utptr, sizeof(utmp));
-			(void) close(fd);
-		}
-	}
-	(void) endutent();
-
-	(void) chmod(line, 0666);
-	(void) chown(line, 0, 0);
-	line[14] = line[13];
-	line[13] = line[12];
-	line[8] = 'm';
-	line[9] = '/';
-	line[10] = 'p';
-	line[11] = 't';
-	line[12] = 'y';
-	(void) chmod(line, 0666);
-	(void) chown(line, 0, 0);
-}
-#endif
diff --git a/secure/libexec/telnetd/telnetd.8 b/secure/libexec/telnetd/telnetd.8
deleted file mode 100644
index f618385ed09b..000000000000
--- a/secure/libexec/telnetd/telnetd.8
+++ /dev/null
@@ -1,607 +0,0 @@
-.\" Copyright (c) 1983, 1993
-.\"	The Regents of the University of California.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\"    must display the following acknowledgement:
-.\"	This product includes software developed by the University of
-.\"	California, Berkeley and its contributors.
-.\" 4. Neither the name of the University nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\"	@(#)telnetd.8	8.4 (Berkeley) 6/1/94
-.\"
-.Dd June 1, 1994
-.Dt TELNETD 8
-.Os BSD 4.2
-.Sh NAME
-.Nm telnetd
-.Nd DARPA
-.Tn TELNET
-protocol server
-.Sh SYNOPSIS
-.Nm /usr/libexec/telnetd
-.Op Fl BUhlkns
-.Op Fl D Ar debugmode
-.Op Fl I Ns Ar initid
-.Op Fl S Ar tos
-.Op Fl X Ar authtype
-.Op Fl a Ar authmode
-.Op Fl edebug
-.Op Fl r Ns Ar lowpty-highpty
-.Op Fl u Ar len
-.Op Fl debug Op Ar port
-.Sh DESCRIPTION
-The
-.Nm telnetd
-command is a server which supports the
-.Tn DARPA
-standard
-.Tn TELNET
-virtual terminal protocol.
-.Nm Telnetd
-is normally invoked by the internet server (see
-.Xr inetd 8 )
-for requests to connect to the
-.Tn TELNET
-port as indicated by the
-.Pa /etc/services
-file (see
-.Xr services 5 ) .
-The
-.Fl debug
-option may be used to start up
-.Nm telnetd
-manually, instead of through
-.Xr inetd 8 .
-If started up this way, 
-.Ar port
-may be specified to run
-.Nm telnetd
-on an alternate
-.Tn TCP
-port number.
-.Pp
-The
-.Nm telnetd
-command accepts the following options:
-.Bl -tag -width "-a authmode"
-.It Fl a Ar authmode
-This option may be used for specifying what mode should
-be used for authentication.
-Note that this option is only useful if
-.Nm telnetd
-has been compiled with support for the
-.Dv AUTHENTICATION
-option.
-There are several valid values for
-.Ar authmode:
-.Bl -tag -width debug
-.It debug
-Turns on authentication debugging code.
-.It user
-Only allow connections when the remote user
-can provide valid authentication information
-to identify the remote user,
-and is allowed access to the specified account
-without providing a password.
-.It valid
-Only allow connections when the remote user
-can provide valid authentication information
-to identify the remote user.
-The
-.Xr login 1
-command will provide any additional user verification
-needed if the remote user is not allowed automatic
-access to the specified account.
-.It other
-Only allow connections that supply some authentication information.
-This option is currently not supported
-by any of the existing authentication mechanisms,
-and is thus the same as specifying
-.Fl a
-.Cm valid .
-.It none
-This is the default state.
-Authentication information is not required.
-If no or insufficient authentication information
-is provided, then the
-.Xr login 1
-program will provide the necessary user
-verification.
-.It off
-This disables the authentication code.
-All user verification will happen through the
-.Xr login 1
-program.
-.El
-.It Fl B
-Specifies bftp server mode.  In this mode,
-.Nm telnetd
-causes login to start a
-.Xr bftp 1
-session rather than the user's
-normal shell.  In bftp daemon mode normal
-logins are not supported, and it must be used
-on a port other than the normal
-.Tn TELNET
-port.
-.It Fl D Ar debugmode
-This option may be used for debugging purposes.
-This allows
-.Nm telnetd
-to print out debugging information
-to the connection, allowing the user to see what
-.Nm telnetd
-is doing.
-There are several possible values for 
-.Ar debugmode:
-.Bl -tag -width exercise
-.It Cm options
-Prints information about the negotiation of
-.Tn TELNET
-options.
-.It Cm report
-Prints the 
-.Cm options
-information, plus some additional information
-about what processing is going on.
-.It Cm netdata
-Displays the data stream received by
-.Nm telnetd.
-.It Cm ptydata
-Displays data written to the pty.
-.It Cm exercise
-Has not been implemented yet.
-.El
-.It Fl debug
-Enables debugging on each socket created by
-.Nm telnetd
-(see
-.Dv SO_DEBUG
-in
-.Xr socket 2 ) .
-.It Fl edebug
-If
-.Nm telnetd
-has been compiled with support for data encryption, then the
-.Fl edebug
-option may be used to enable encryption debugging code.
-.It Fl h
-Disables the printing of host-specific information before
-login has been completed.
-.It Fl I Ar initid
-This option is only applicable to
-.Tn UNICOS
-systems prior to 7.0.
-It specifies the
-.Dv ID
-from
-.Pa /etc/inittab
-to use when init starts login sessions.  The default
-.Dv ID
-is
-.Dv fe.
-.It Fl k
-This option is only useful if
-.Nm telnetd
-has been compiled with both linemode and kludge linemode
-support.  If the
-.Fl k
-option is specified, then if the remote client does not
-support the
-.Dv LINEMODE
-option, then
-.Nm telnetd
-will operate in character at a time mode.
-It will still support kludge linemode, but will only
-go into kludge linemode if the remote client requests
-it.
-(This is done by by the client sending
-.Dv DONT SUPPRESS-GO-AHEAD
-and
-.Dv DONT ECHO . )
-The
-.Fl k
-option is most useful when there are remote clients
-that do not support kludge linemode, but pass the heuristic
-(if they respond with
-.Dv WILL TIMING-MARK
-in response to a
-.Dv DO TIMING-MARK)
-for kludge linemode support.
-.It Fl l
-Specifies line mode.  Tries to force clients to use line-
-at-a-time mode.
-If the
-.Dv LINEMODE
-option is not supported, it will go
-into kludge linemode.
-.It Fl n
-Disable
-.Dv TCP
-keep-alives.  Normally
-.Nm telnetd
-enables the
-.Tn TCP
-keep-alive mechanism to probe connections that
-have been idle for some period of time to determine
-if the client is still there, so that idle connections
-from machines that have crashed or can no longer
-be reached may be cleaned up.
-.It Fl r Ar lowpty-highpty
-This option is only enabled when
-.Nm telnetd
-is compiled for
-.Dv UNICOS.
-It specifies an inclusive range of pseudo-terminal devices to
-use.  If the system has sysconf variable
-.Dv _SC_CRAY_NPTY
-configured, the default pty search range is 0 to
-.Dv _SC_CRAY_NPTY;
-otherwise, the default range is 0 to 128.  Either
-.Ar lowpty
-or
-.Ar highpty
-may be omitted to allow changing
-either end of the search range.  If
-.Ar lowpty
-is omitted, the - character is still required so that
-.Nm telnetd
-can differentiate
-.Ar highpty
-from
-.Ar lowpty .
-.It Fl s
-This option is only enabled if
-.Nm telnetd
-is compiled with support for
-.Tn SecurID
-cards.
-It causes the
-.Fl s
-option to be passed on to
-.Xr login 1 ,
-and thus is only useful if
-.Xr login 1
-supports the
-.Fl s
-flag to indicate that only
-.Tn SecurID
-validated logins are allowed, and is
-usually useful for controlling remote logins
-from outside of a firewall.
-.It Fl S Ar tos
-.It Fl u Ar len
-This option is used to specify the size of the field
-in the
-.Dv utmp
-structure that holds the remote host name.
-If the resolved host name is longer than
-.Ar len ,
-the dotted decimal value will be used instead.
-This allows hosts with very long host names that
-overflow this field to still be uniquely identified.
-Specifying
-.Fl u0
-indicates that only dotted decimal addresses
-should be put into the
-.Pa utmp
-file.
-.ne 1i
-.It Fl U
-This option causes
-.Nm telnetd
-to refuse connections from addresses that
-cannot be mapped back into a symbolic name
-via the
-.Xr gethostbyaddr 3
-routine.
-.It Fl X Ar authtype
-This option is only valid if
-.Nm telnetd
-has been built with support for the authentication option.
-It disables the use of
-.Ar authtype
-authentication, and
-can be used to temporarily disable
-a specific authentication type without having to recompile
-.Nm telnetd .
-.El
-.Pp
-.Nm Telnetd
-operates by allocating a pseudo-terminal device (see
-.Xr pty 4 )
-for a client, then creating a login process which has
-the slave side of the pseudo-terminal as 
-.Dv stdin ,
-.Dv stdout
-and
-.Dv stderr .
-.Nm Telnetd
-manipulates the master side of the pseudo-terminal,
-implementing the
-.Tn TELNET
-protocol and passing characters
-between the remote client and the login process.
-.Pp
-When a
-.Tn TELNET
-session is started up, 
-.Nm telnetd
-sends
-.Tn TELNET
-options to the client side indicating
-a willingness to do the
-following
-.Tn TELNET
-options, which are described in more detail below:
-.Bd -literal -offset indent
-DO AUTHENTICATION
-WILL ENCRYPT
-DO TERMINAL TYPE
-DO TSPEED
-DO XDISPLOC
-DO NEW-ENVIRON
-DO ENVIRON
-WILL SUPPRESS GO AHEAD
-DO ECHO
-DO LINEMODE
-DO NAWS
-WILL STATUS
-DO LFLOW
-DO TIMING-MARK
-.Ed
-.Pp
-The pseudo-terminal allocated to the client is configured
-to operate in \*(lqcooked\*(rq mode, and with
-.Dv XTABS and
-.Dv CRMOD
-enabled (see
-.Xr tty 4 ) .
-.Pp
-.Nm Telnetd
-has support for enabling locally the following
-.Tn TELNET
-options:
-.Bl -tag -width "DO AUTHENTICATION"
-.It "WILL ECHO"
-When the
-.Dv LINEMODE
-option is enabled, a
-.Dv WILL ECHO
-or
-.Dv WONT ECHO
-will be sent to the client to indicate the
-current state of terminal echoing.
-When terminal echo is not desired, a
-.Dv WILL ECHO
-is sent to indicate that
-.Tn telnetd
-will take care of echoing any data that needs to be
-echoed to the terminal, and then nothing is echoed.
-When terminal echo is desired, a
-.Dv WONT ECHO
-is sent to indicate that
-.Tn telnetd
-will not be doing any terminal echoing, so the
-client should do any terminal echoing that is needed.
-.It "WILL BINARY"
-Indicates that the client is willing to send a
-8 bits of data, rather than the normal 7 bits
-of the Network Virtual Terminal.
-.It "WILL SGA"
-Indicates that it will not be sending
-.Dv IAC GA,
-go ahead, commands.
-.It "WILL STATUS"
-Indicates a willingness to send the client, upon
-request, of the current status of all
-.Tn TELNET
-options.
-.It "WILL TIMING-MARK"
-Whenever a
-.Dv DO TIMING-MARK
-command is received, it is always responded
-to with a
-.Dv WILL TIMING-MARK
-.ne 1i
-.It "WILL LOGOUT"
-When a
-.Dv DO LOGOUT
-is received, a
-.Dv WILL LOGOUT
-is sent in response, and the
-.Tn TELNET
-session is shut down.
-.It "WILL ENCRYPT"
-Only sent if
-.Nm telnetd
-is compiled with support for data encryption, and
-indicates a willingness to decrypt
-the data stream.
-.El
-.Pp
-.Nm Telnetd
-has support for enabling remotely the following
-.Tn TELNET
-options:
-.Bl -tag -width "DO AUTHENTICATION"
-.It "DO BINARY"
-Sent to indicate that
-.Tn telnetd
-is willing to receive an 8 bit data stream.
-.It "DO LFLOW"
-Requests that the client handle flow control
-characters remotely.
-.It "DO ECHO"
-This is not really supported, but is sent to identify a 4.2BSD
-.Xr telnet 1
-client, which will improperly respond with
-.Dv WILL ECHO.
-If a
-.Dv WILL ECHO
-is received, a
-.Dv DONT ECHO
-will be sent in response.
-.It "DO TERMINAL-TYPE"
-Indicates a desire to be able to request the
-name of the type of terminal that is attached
-to the client side of the connection.
-.It "DO SGA"
-Indicates that it does not need to receive
-.Dv IAC GA,
-the go ahead command.
-.It "DO NAWS"
-Requests that the client inform the server when
-the window (display) size changes.
-.It "DO TERMINAL-SPEED"
-Indicates a desire to be able to request information
-about the speed of the serial line to which
-the client is attached.
-.It "DO XDISPLOC"
-Indicates a desire to be able to request the name
-of the X windows display that is associated with
-the telnet client.
-.It "DO NEW-ENVIRON"
-Indicates a desire to be able to request environment
-variable information, as described in RFC 1572.
-.It "DO ENVIRON"
-Indicates a desire to be able to request environment
-variable information, as described in RFC 1408.
-.It "DO LINEMODE"
-Only sent if
-.Nm telnetd
-is compiled with support for linemode, and
-requests that the client do line by line processing.
-.It "DO TIMING-MARK"
-Only sent if
-.Nm telnetd
-is compiled with support for both linemode and
-kludge linemode, and the client responded with
-.Dv WONT LINEMODE.
-If the client responds with
-.Dv WILL TM,
-the it is assumed that the client supports
-kludge linemode.
-Note that the
-.Op Fl k
-option can be used to disable this.
-.It "DO AUTHENTICATION"
-Only sent if
-.Nm telnetd
-is compiled with support for authentication, and
-indicates a willingness to receive authentication
-information for automatic login.
-.It "DO ENCRYPT"
-Only sent if
-.Nm telnetd
-is compiled with support for data encryption, and
-indicates a willingness to decrypt
-the data stream.
-.Sh ENVIRONMENT
-.Sh FILES
-.Pa /etc/services
-.br
-.Pa /etc/inittab
-(UNICOS systems only)
-.br
-.Pa /etc/iptos
-(if supported)
-.br
-.Pa /usr/ucb/bftp
-(if supported)
-.Sh "SEE ALSO"
-.Xr telnet 1 ,
-.Xr login 1 ,
-.Xr bftp 1
-(if supported)
-.Sh STANDARDS
-.Bl -tag -compact -width RFC-1572
-.It Cm RFC-854
-.Tn TELNET
-PROTOCOL SPECIFICATION
-.It Cm RFC-855
-TELNET OPTION SPECIFICATIONS
-.It Cm RFC-856
-TELNET BINARY TRANSMISSION
-.It Cm RFC-857
-TELNET ECHO OPTION
-.It Cm RFC-858
-TELNET SUPPRESS GO AHEAD OPTION
-.It Cm RFC-859
-TELNET STATUS OPTION
-.It Cm RFC-860
-TELNET TIMING MARK OPTION
-.It Cm RFC-861
-TELNET EXTENDED OPTIONS - LIST OPTION
-.It Cm RFC-885
-TELNET END OF RECORD OPTION
-.It Cm RFC-1073
-Telnet Window Size Option
-.It Cm RFC-1079
-Telnet Terminal Speed Option
-.It Cm RFC-1091
-Telnet Terminal-Type Option
-.It Cm RFC-1096
-Telnet X Display Location Option
-.It Cm RFC-1123
-Requirements for Internet Hosts -- Application and Support
-.It Cm RFC-1184
-Telnet Linemode Option
-.It Cm RFC-1372
-Telnet Remote Flow Control Option
-.It Cm RFC-1416
-Telnet Authentication Option
-.It Cm RFC-1411
-Telnet Authentication: Kerberos Version 4
-.It Cm RFC-1412
-Telnet Authentication: SPX
-.It Cm RFC-1571
-Telnet Environment Option Interoperability Issues
-.It Cm RFC-1572
-Telnet Environment Option
-.Sh BUGS
-Some
-.Tn TELNET
-commands are only partially implemented.
-.Pp
-Because of bugs in the original 4.2 BSD
-.Xr telnet 1 ,
-.Nm telnetd
-performs some dubious protocol exchanges to try to discover if the remote
-client is, in fact, a 4.2 BSD
-.Xr telnet 1 .
-.Pp
-Binary mode
-has no common interpretation except between similar operating systems
-(Unix in this case).
-.Pp
-The terminal type name received from the remote client is converted to
-lower case.
-.Pp
-.Nm Telnetd
-never sends
-.Tn TELNET
-.Dv IAC GA
-(go ahead) commands.
diff --git a/secure/libexec/telnetd/telnetd.c b/secure/libexec/telnetd/telnetd.c
deleted file mode 100644
index 707c68ad6fe9..000000000000
--- a/secure/libexec/telnetd/telnetd.c
+++ /dev/null
@@ -1,1593 +0,0 @@
-/*
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static char copyright[] =
-"@(#) Copyright (c) 1989, 1993\n\
-	The Regents of the University of California.  All rights reserved.\n";
-#endif /* not lint */
-
-#ifndef lint
-static char sccsid[] = "@(#)telnetd.c	8.4 (Berkeley) 5/30/95";
-#endif /* not lint */
-
-#include "telnetd.h"
-#include "pathnames.h"
-
-#if	defined(_SC_CRAY_SECURE_SYS) && !defined(SCM_SECURITY)
-/*
- * UNICOS 6.0/6.1 do not have SCM_SECURITY defined, so we can
- * use it to tell us to turn off all the socket security code,
- * since that is only used in UNICOS 7.0 and later.
- */
-# undef _SC_CRAY_SECURE_SYS
-#endif
-
-#if	defined(_SC_CRAY_SECURE_SYS)
-#include <sys/sysv.h>
-#include <sys/secdev.h>
-# ifdef SO_SEC_MULTI		/* 8.0 code */
-#include <sys/secparm.h>
-#include <sys/usrv.h>
-# endif /* SO_SEC_MULTI */
-int	secflag;
-char	tty_dev[16];
-struct	secdev dv;
-struct	sysv sysv;
-# ifdef SO_SEC_MULTI		/* 8.0 code */
-struct	socksec ss;
-# else /* SO_SEC_MULTI */	/* 7.0 code */
-struct	socket_security ss;
-# endif /* SO_SEC_MULTI */
-#endif	/* _SC_CRAY_SECURE_SYS */
-
-#if	defined(AUTHENTICATION)
-#include <libtelnet/auth.h>
-int	auth_level = 0;
-#endif
-#if	defined(SecurID)
-int	require_SecurID = 0;
-#endif
-
-extern	int utmp_len;
-int	registerd_host_only = 0;
-
-#ifdef	STREAMSPTY
-# include <stropts.h>
-# include <termio.h>
-/* make sure we don't get the bsd version */
-# include "/usr/include/sys/tty.h"
-# include <sys/ptyvar.h>
-
-/*
- * Because of the way ptyibuf is used with streams messages, we need
- * ptyibuf+1 to be on a full-word boundary.  The following wierdness
- * is simply to make that happen.
- */
-long	ptyibufbuf[BUFSIZ/sizeof(long)+1];
-char	*ptyibuf = ((char *)&ptyibufbuf[1])-1;
-char	*ptyip = ((char *)&ptyibufbuf[1])-1;
-char	ptyibuf2[BUFSIZ];
-unsigned char ctlbuf[BUFSIZ];
-struct	strbuf strbufc, strbufd;
-
-int readstream();
-
-#else	/* ! STREAMPTY */
-
-/*
- * I/O data buffers,
- * pointers, and counters.
- */
-char	ptyibuf[BUFSIZ], *ptyip = ptyibuf;
-char	ptyibuf2[BUFSIZ];
-
-#endif /* ! STREAMPTY */
-
-int	hostinfo = 1;			/* do we print login banner? */
-
-#ifdef	CRAY
-extern int      newmap; /* nonzero if \n maps to ^M^J */
-int	lowpty = 0, highpty;	/* low, high pty numbers */
-#endif /* CRAY */
-
-int debug = 0;
-int keepalive = 1;
-char *progname;
-
-extern void usage P((void));
-
-/*
- * The string to pass to getopt().  We do it this way so
- * that only the actual options that we support will be
- * passed off to getopt().
- */
-char valid_opts[] = {
-	'd', ':', 'h', 'k', 'n', 'S', ':', 'u', ':', 'U',
-#ifdef	AUTHENTICATION
-	'a', ':', 'X', ':',
-#endif
-#ifdef BFTPDAEMON
-	'B',
-#endif
-#ifdef DIAGNOSTICS
-	'D', ':',
-#endif
-#ifdef	ENCRYPTION
-	'e', ':',
-#endif
-#if	defined(CRAY) && defined(NEWINIT)
-	'I', ':',
-#endif
-#ifdef	LINEMODE
-	'l',
-#endif
-#ifdef CRAY
-	'r', ':',
-#endif
-#ifdef	SecurID
-	's',
-#endif
-	'\0'
-};
-
-main(argc, argv)
-	char *argv[];
-{
-	struct sockaddr_in from;
-	int on = 1, fromlen;
-	register int ch;
-	extern char *optarg;
-	extern int optind;
-#if	defined(IPPROTO_IP) && defined(IP_TOS)
-	int tos = -1;
-#endif
-
-	pfrontp = pbackp = ptyobuf;
-	netip = netibuf;
-	nfrontp = nbackp = netobuf;
-#ifdef	ENCRYPTION
-	nclearto = 0;
-#endif	/* ENCRYPTION */
-
-	progname = *argv;
-
-#ifdef CRAY
-	/*
-	 * Get number of pty's before trying to process options,
-	 * which may include changing pty range.
-	 */
-	highpty = getnpty();
-#endif /* CRAY */
-
-	while ((ch = getopt(argc, argv, valid_opts)) != EOF) {
-		switch(ch) {
-
-#ifdef	AUTHENTICATION
-		case 'a':
-			/*
-			 * Check for required authentication level
-			 */
-			if (strcmp(optarg, "debug") == 0) {
-				extern int auth_debug_mode;
-				auth_debug_mode = 1;
-			} else if (strcasecmp(optarg, "none") == 0) {
-				auth_level = 0;
-			} else if (strcasecmp(optarg, "other") == 0) {
-				auth_level = AUTH_OTHER;
-			} else if (strcasecmp(optarg, "user") == 0) {
-				auth_level = AUTH_USER;
-			} else if (strcasecmp(optarg, "valid") == 0) {
-				auth_level = AUTH_VALID;
-			} else if (strcasecmp(optarg, "off") == 0) {
-				/*
-				 * This hack turns off authentication
-				 */
-				auth_level = -1;
-			} else {
-				fprintf(stderr,
-			    "telnetd: unknown authorization level for -a\n");
-			}
-			break;
-#endif	/* AUTHENTICATION */
-
-#ifdef BFTPDAEMON
-		case 'B':
-			bftpd++;
-			break;
-#endif /* BFTPDAEMON */
-
-		case 'd':
-			if (strcmp(optarg, "ebug") == 0) {
-				debug++;
-				break;
-			}
-			usage();
-			/* NOTREACHED */
-			break;
-
-#ifdef DIAGNOSTICS
-		case 'D':
-			/*
-			 * Check for desired diagnostics capabilities.
-			 */
-			if (!strcmp(optarg, "report")) {
-				diagnostic |= TD_REPORT|TD_OPTIONS;
-			} else if (!strcmp(optarg, "exercise")) {
-				diagnostic |= TD_EXERCISE;
-			} else if (!strcmp(optarg, "netdata")) {
-				diagnostic |= TD_NETDATA;
-			} else if (!strcmp(optarg, "ptydata")) {
-				diagnostic |= TD_PTYDATA;
-			} else if (!strcmp(optarg, "options")) {
-				diagnostic |= TD_OPTIONS;
-			} else {
-				usage();
-				/* NOT REACHED */
-			}
-			break;
-#endif /* DIAGNOSTICS */
-
-#ifdef	ENCRYPTION
-		case 'e':
-			if (strcmp(optarg, "debug") == 0) {
-				extern int encrypt_debug_mode;
-				encrypt_debug_mode = 1;
-				break;
-			}
-			usage();
-			/* NOTREACHED */
-			break;
-#endif	/* ENCRYPTION */
-
-		case 'h':
-			hostinfo = 0;
-			break;
-
-#if	defined(CRAY) && defined(NEWINIT)
-		case 'I':
-		    {
-			extern char *gen_id;
-			gen_id = optarg;
-			break;
-		    }
-#endif	/* defined(CRAY) && defined(NEWINIT) */
-
-#ifdef	LINEMODE
-		case 'l':
-			alwayslinemode = 1;
-			break;
-#endif	/* LINEMODE */
-
-		case 'k':
-#if	defined(LINEMODE) && defined(KLUDGELINEMODE)
-			lmodetype = NO_AUTOKLUDGE;
-#else
-			/* ignore -k option if built without kludge linemode */
-#endif	/* defined(LINEMODE) && defined(KLUDGELINEMODE) */
-			break;
-
-		case 'n':
-			keepalive = 0;
-			break;
-
-#ifdef CRAY
-		case 'r':
-		    {
-			char *strchr();
-			char *c;
-
-			/*
-			 * Allow the specification of alterations
-			 * to the pty search range.  It is legal to
-			 * specify only one, and not change the
-			 * other from its default.
-			 */
-			c = strchr(optarg, '-');
-			if (c) {
-				*c++ = '\0';
-				highpty = atoi(c);
-			}
-			if (*optarg != '\0')
-				lowpty = atoi(optarg);
-			if ((lowpty > highpty) || (lowpty < 0) ||
-							(highpty > 32767)) {
-				usage();
-				/* NOT REACHED */
-			}
-			break;
-		    }
-#endif	/* CRAY */
-
-#ifdef	SecurID
-		case 's':
-			/* SecurID required */
-			require_SecurID = 1;
-			break;
-#endif	/* SecurID */
-		case 'S':
-#ifdef	HAS_GETTOS
-			if ((tos = parsetos(optarg, "tcp")) < 0)
-				fprintf(stderr, "%s%s%s\n",
-					"telnetd: Bad TOS argument '", optarg,
-					"'; will try to use default TOS");
-#else
-			fprintf(stderr, "%s%s\n", "TOS option unavailable; ",
-						"-S flag not supported\n");
-#endif
-			break;
-
-		case 'u':
-			utmp_len = atoi(optarg);
-			break;
-
-		case 'U':
-			registerd_host_only = 1;
-			break;
-
-#ifdef	AUTHENTICATION
-		case 'X':
-			/*
-			 * Check for invalid authentication types
-			 */
-			auth_disable_name(optarg);
-			break;
-#endif	/* AUTHENTICATION */
-
-		default:
-			fprintf(stderr, "telnetd: %c: unknown option\n", ch);
-			/* FALLTHROUGH */
-		case '?':
-			usage();
-			/* NOTREACHED */
-		}
-	}
-
-	argc -= optind;
-	argv += optind;
-
-	if (debug) {
-	    int s, ns, foo;
-	    struct servent *sp;
-	    static struct sockaddr_in sin = { AF_INET };
-
-	    if (argc > 1) {
-		usage();
-		/* NOT REACHED */
-	    } else if (argc == 1) {
-		    if (sp = getservbyname(*argv, "tcp")) {
-			sin.sin_port = sp->s_port;
-		    } else {
-			sin.sin_port = atoi(*argv);
-			if ((int)sin.sin_port <= 0) {
-			    fprintf(stderr, "telnetd: %s: bad port #\n", *argv);
-			    usage();
-			    /* NOT REACHED */
-			}
-			sin.sin_port = htons((u_short)sin.sin_port);
-		   }
-	    } else {
-		sp = getservbyname("telnet", "tcp");
-		if (sp == 0) {
-		    fprintf(stderr, "telnetd: tcp/telnet: unknown service\n");
-		    exit(1);
-		}
-		sin.sin_port = sp->s_port;
-	    }
-
-	    s = socket(AF_INET, SOCK_STREAM, 0);
-	    if (s < 0) {
-		    perror("telnetd: socket");;
-		    exit(1);
-	    }
-	    (void) setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
-				(char *)&on, sizeof(on));
-	    if (bind(s, (struct sockaddr *)&sin, sizeof sin) < 0) {
-		perror("bind");
-		exit(1);
-	    }
-	    if (listen(s, 1) < 0) {
-		perror("listen");
-		exit(1);
-	    }
-	    foo = sizeof sin;
-	    ns = accept(s, (struct sockaddr *)&sin, &foo);
-	    if (ns < 0) {
-		perror("accept");
-		exit(1);
-	    }
-	    (void) dup2(ns, 0);
-	    (void) close(ns);
-	    (void) close(s);
-#ifdef convex
-	} else if (argc == 1) {
-		; /* VOID*/		/* Just ignore the host/port name */
-#endif
-	} else if (argc > 0) {
-		usage();
-		/* NOT REACHED */
-	}
-
-#if	defined(_SC_CRAY_SECURE_SYS)
-	secflag = sysconf(_SC_CRAY_SECURE_SYS);
-
-	/*
-	 *	Get socket's security label
-	 */
-	if (secflag)  {
-		int szss = sizeof(ss);
-#ifdef SO_SEC_MULTI			/* 8.0 code */
-		int sock_multi;
-		int szi = sizeof(int);
-#endif /* SO_SEC_MULTI */
-
-		memset((char *)&dv, 0, sizeof(dv));
-
-		if (getsysv(&sysv, sizeof(struct sysv)) != 0) {
-			perror("getsysv");
-			exit(1);
-		}
-
-		/*
-		 *	Get socket security label and set device values
-		 *	   {security label to be set on ttyp device}
-		 */
-#ifdef SO_SEC_MULTI			/* 8.0 code */
-		if ((getsockopt(0, SOL_SOCKET, SO_SECURITY,
-			       (char *)&ss, &szss) < 0) ||
-		    (getsockopt(0, SOL_SOCKET, SO_SEC_MULTI,
-				(char *)&sock_multi, &szi) < 0)) {
-			perror("getsockopt");
-			exit(1);
-		} else {
-			dv.dv_actlvl = ss.ss_actlabel.lt_level;
-			dv.dv_actcmp = ss.ss_actlabel.lt_compart;
-			if (!sock_multi) {
-				dv.dv_minlvl = dv.dv_maxlvl = dv.dv_actlvl;
-				dv.dv_valcmp = dv.dv_actcmp;
-			} else {
-				dv.dv_minlvl = ss.ss_minlabel.lt_level;
-				dv.dv_maxlvl = ss.ss_maxlabel.lt_level;
-				dv.dv_valcmp = ss.ss_maxlabel.lt_compart;
-			}
-			dv.dv_devflg = 0;
-		}
-#else /* SO_SEC_MULTI */		/* 7.0 code */
-		if (getsockopt(0, SOL_SOCKET, SO_SECURITY,
-				(char *)&ss, &szss) >= 0) {
-			dv.dv_actlvl = ss.ss_slevel;
-			dv.dv_actcmp = ss.ss_compart;
-			dv.dv_minlvl = ss.ss_minlvl;
-			dv.dv_maxlvl = ss.ss_maxlvl;
-			dv.dv_valcmp = ss.ss_maxcmp;
-		}
-#endif /* SO_SEC_MULTI */
-	}
-#endif	/* _SC_CRAY_SECURE_SYS */
-
-	openlog("telnetd", LOG_PID | LOG_ODELAY, LOG_DAEMON);
-	fromlen = sizeof (from);
-	if (getpeername(0, (struct sockaddr *)&from, &fromlen) < 0) {
-		fprintf(stderr, "%s: ", progname);
-		perror("getpeername");
-		_exit(1);
-	}
-	if (keepalive &&
-	    setsockopt(0, SOL_SOCKET, SO_KEEPALIVE,
-			(char *)&on, sizeof (on)) < 0) {
-		syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");
-	}
-
-#if	defined(IPPROTO_IP) && defined(IP_TOS)
-	{
-# if	defined(HAS_GETTOS)
-		struct tosent *tp;
-		if (tos < 0 && (tp = gettosbyname("telnet", "tcp")))
-			tos = tp->t_tos;
-# endif
-		if (tos < 0)
-			tos = 020;	/* Low Delay bit */
-		if (tos
-		   && (setsockopt(0, IPPROTO_IP, IP_TOS,
-				  (char *)&tos, sizeof(tos)) < 0)
-		   && (errno != ENOPROTOOPT) )
-			syslog(LOG_WARNING, "setsockopt (IP_TOS): %m");
-	}
-#endif	/* defined(IPPROTO_IP) && defined(IP_TOS) */
-	net = 0;
-	doit(&from);
-	/* NOTREACHED */
-}  /* end of main */
-
-	void
-usage()
-{
-	fprintf(stderr, "Usage: telnetd");
-#ifdef	AUTHENTICATION
-	fprintf(stderr, " [-a (debug|other|user|valid|off|none)]\n\t");
-#endif
-#ifdef BFTPDAEMON
-	fprintf(stderr, " [-B]");
-#endif
-	fprintf(stderr, " [-debug]");
-#ifdef DIAGNOSTICS
-	fprintf(stderr, " [-D (options|report|exercise|netdata|ptydata)]\n\t");
-#endif
-#ifdef	AUTHENTICATION
-	fprintf(stderr, " [-edebug]");
-#endif
-	fprintf(stderr, " [-h]");
-#if	defined(CRAY) && defined(NEWINIT)
-	fprintf(stderr, " [-Iinitid]");
-#endif
-#if	defined(LINEMODE) && defined(KLUDGELINEMODE)
-	fprintf(stderr, " [-k]");
-#endif
-#ifdef LINEMODE
-	fprintf(stderr, " [-l]");
-#endif
-	fprintf(stderr, " [-n]");
-#ifdef	CRAY
-	fprintf(stderr, " [-r[lowpty]-[highpty]]");
-#endif
-	fprintf(stderr, "\n\t");
-#ifdef	SecurID
-	fprintf(stderr, " [-s]");
-#endif
-#ifdef	HAS_GETTOS
-	fprintf(stderr, " [-S tos]");
-#endif
-#ifdef	AUTHENTICATION
-	fprintf(stderr, " [-X auth-type]");
-#endif
-	fprintf(stderr, " [-u utmp_hostname_length] [-U]");
-	fprintf(stderr, " [port]\n");
-	exit(1);
-}
-
-/*
- * getterminaltype
- *
- *	Ask the other end to send along its terminal type and speed.
- * Output is the variable terminaltype filled in.
- */
-static unsigned char ttytype_sbbuf[] = {
-	IAC, SB, TELOPT_TTYPE, TELQUAL_SEND, IAC, SE
-};
-
-    int
-getterminaltype(name)
-    char *name;
-{
-    int retval = -1;
-    void _gettermname();
-
-    settimer(baseline);
-#if	defined(AUTHENTICATION)
-    /*
-     * Handle the Authentication option before we do anything else.
-     */
-    send_do(TELOPT_AUTHENTICATION, 1);
-    while (his_will_wont_is_changing(TELOPT_AUTHENTICATION))
-	ttloop();
-    if (his_state_is_will(TELOPT_AUTHENTICATION)) {
-	retval = auth_wait(name);
-    }
-#endif
-
-#ifdef	ENCRYPTION
-    send_will(TELOPT_ENCRYPT, 1);
-#endif	/* ENCRYPTION */
-    send_do(TELOPT_TTYPE, 1);
-    send_do(TELOPT_TSPEED, 1);
-    send_do(TELOPT_XDISPLOC, 1);
-    send_do(TELOPT_NEW_ENVIRON, 1);
-    send_do(TELOPT_OLD_ENVIRON, 1);
-    while (
-#ifdef	ENCRYPTION
-	   his_do_dont_is_changing(TELOPT_ENCRYPT) ||
-#endif	/* ENCRYPTION */
-	   his_will_wont_is_changing(TELOPT_TTYPE) ||
-	   his_will_wont_is_changing(TELOPT_TSPEED) ||
-	   his_will_wont_is_changing(TELOPT_XDISPLOC) ||
-	   his_will_wont_is_changing(TELOPT_NEW_ENVIRON) ||
-	   his_will_wont_is_changing(TELOPT_OLD_ENVIRON)) {
-	ttloop();
-    }
-#ifdef	ENCRYPTION
-    /*
-     * Wait for the negotiation of what type of encryption we can
-     * send with.  If autoencrypt is not set, this will just return.
-     */
-    if (his_state_is_will(TELOPT_ENCRYPT)) {
-	encrypt_wait();
-    }
-#endif	/* ENCRYPTION */
-    if (his_state_is_will(TELOPT_TSPEED)) {
-	static unsigned char sb[] =
-			{ IAC, SB, TELOPT_TSPEED, TELQUAL_SEND, IAC, SE };
-
-	memmove(nfrontp, sb, sizeof sb);
-	nfrontp += sizeof sb;
-	DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2););
-    }
-    if (his_state_is_will(TELOPT_XDISPLOC)) {
-	static unsigned char sb[] =
-			{ IAC, SB, TELOPT_XDISPLOC, TELQUAL_SEND, IAC, SE };
-
-	memmove(nfrontp, sb, sizeof sb);
-	nfrontp += sizeof sb;
-	DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2););
-    }
-    if (his_state_is_will(TELOPT_NEW_ENVIRON)) {
-	static unsigned char sb[] =
-			{ IAC, SB, TELOPT_NEW_ENVIRON, TELQUAL_SEND, IAC, SE };
-
-	memmove(nfrontp, sb, sizeof sb);
-	nfrontp += sizeof sb;
-	DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2););
-    }
-    else if (his_state_is_will(TELOPT_OLD_ENVIRON)) {
-	static unsigned char sb[] =
-			{ IAC, SB, TELOPT_OLD_ENVIRON, TELQUAL_SEND, IAC, SE };
-
-	memmove(nfrontp, sb, sizeof sb);
-	nfrontp += sizeof sb;
-	DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2););
-    }
-    if (his_state_is_will(TELOPT_TTYPE)) {
-
-	memmove(nfrontp, ttytype_sbbuf, sizeof ttytype_sbbuf);
-	nfrontp += sizeof ttytype_sbbuf;
-	DIAG(TD_OPTIONS, printsub('>', ttytype_sbbuf + 2,
-					sizeof ttytype_sbbuf - 2););
-    }
-    if (his_state_is_will(TELOPT_TSPEED)) {
-	while (sequenceIs(tspeedsubopt, baseline))
-	    ttloop();
-    }
-    if (his_state_is_will(TELOPT_XDISPLOC)) {
-	while (sequenceIs(xdisplocsubopt, baseline))
-	    ttloop();
-    }
-    if (his_state_is_will(TELOPT_NEW_ENVIRON)) {
-	while (sequenceIs(environsubopt, baseline))
-	    ttloop();
-    }
-    if (his_state_is_will(TELOPT_OLD_ENVIRON)) {
-	while (sequenceIs(oenvironsubopt, baseline))
-	    ttloop();
-    }
-    if (his_state_is_will(TELOPT_TTYPE)) {
-	char first[256], last[256];
-
-	while (sequenceIs(ttypesubopt, baseline))
-	    ttloop();
-
-	/*
-	 * If the other side has already disabled the option, then
-	 * we have to just go with what we (might) have already gotten.
-	 */
-	if (his_state_is_will(TELOPT_TTYPE) && !terminaltypeok(terminaltype)) {
-	    (void) strncpy(first, terminaltype, sizeof(first));
-	    for(;;) {
-		/*
-		 * Save the unknown name, and request the next name.
-		 */
-		(void) strncpy(last, terminaltype, sizeof(last));
-		_gettermname();
-		if (terminaltypeok(terminaltype))
-		    break;
-		if ((strncmp(last, terminaltype, sizeof(last)) == 0) ||
-		    his_state_is_wont(TELOPT_TTYPE)) {
-		    /*
-		     * We've hit the end.  If this is the same as
-		     * the first name, just go with it.
-		     */
-		    if (strncmp(first, terminaltype, sizeof(first)) == 0)
-			break;
-		    /*
-		     * Get the terminal name one more time, so that
-		     * RFC1091 compliant telnets will cycle back to
-		     * the start of the list.
-		     */
-		     _gettermname();
-		    if (strncmp(first, terminaltype, sizeof(first)) != 0)
-			(void) strncpy(terminaltype, first, sizeof(first));
-		    break;
-		}
-	    }
-	}
-    }
-    return(retval);
-}  /* end of getterminaltype */
-
-    void
-_gettermname()
-{
-    /*
-     * If the client turned off the option,
-     * we can't send another request, so we
-     * just return.
-     */
-    if (his_state_is_wont(TELOPT_TTYPE))
-	return;
-    settimer(baseline);
-    memmove(nfrontp, ttytype_sbbuf, sizeof ttytype_sbbuf);
-    nfrontp += sizeof ttytype_sbbuf;
-    DIAG(TD_OPTIONS, printsub('>', ttytype_sbbuf + 2,
-					sizeof ttytype_sbbuf - 2););
-    while (sequenceIs(ttypesubopt, baseline))
-	ttloop();
-}
-
-    int
-terminaltypeok(s)
-    char *s;
-{
-    char buf[1024];
-
-    if (terminaltype == NULL)
-	return(1);
-
-    /*
-     * tgetent() will return 1 if the type is known, and
-     * 0 if it is not known.  If it returns -1, it couldn't
-     * open the database.  But if we can't open the database,
-     * it won't help to say we failed, because we won't be
-     * able to verify anything else.  So, we treat -1 like 1.
-     */
-    if (tgetent(buf, s) == 0)
-	return(0);
-    return(1);
-}
-
-#ifndef	MAXHOSTNAMELEN
-#define	MAXHOSTNAMELEN 64
-#endif	/* MAXHOSTNAMELEN */
-
-char *hostname;
-char host_name[MAXHOSTNAMELEN];
-char remote_host_name[MAXHOSTNAMELEN];
-
-extern void telnet P((int, int, char *));
-
-int level;
-char user_name[256];
-/*
- * Get a pty, scan input lines.
- */
-doit(who)
-	struct sockaddr_in *who;
-{
-	char *host, *inet_ntoa();
-	int t;
-	struct hostent *hp;
-	int ptynum;
-
-	/*
-	 * Find an available pty to use.
-	 */
-#ifndef	convex
-	pty = getpty(&ptynum);
-	if (pty < 0)
-		fatal(net, "All network ports in use");
-#else
-	for (;;) {
-		char *lp;
-		extern char *line, *getpty();
-
-		if ((lp = getpty()) == NULL)
-			fatal(net, "Out of ptys");
-
-		if ((pty = open(lp, 2)) >= 0) {
-			strcpy(line,lp);
-			line[5] = 't';
-			break;
-		}
-	}
-#endif
-
-#if	defined(_SC_CRAY_SECURE_SYS)
-	/*
-	 *	set ttyp line security label
-	 */
-	if (secflag) {
-		char slave_dev[16];
-
-		sprintf(tty_dev, "/dev/pty/%03d", ptynum);
-		if (setdevs(tty_dev, &dv) < 0)
-		 	fatal(net, "cannot set pty security");
-		sprintf(slave_dev, "/dev/ttyp%03d", ptynum);
-		if (setdevs(slave_dev, &dv) < 0)
-		 	fatal(net, "cannot set tty security");
-	}
-#endif	/* _SC_CRAY_SECURE_SYS */
-
-	/* get name of connected client */
-	hp = gethostbyaddr((char *)&who->sin_addr, sizeof (struct in_addr),
-		who->sin_family);
-
-	if (hp == NULL && registerd_host_only) {
-		fatal(net, "Couldn't resolve your address into a host name.\r\n\
-         Please contact your net administrator");
-	} else if (hp &&
-	    (strlen(hp->h_name) <= (unsigned int)((utmp_len < 0) ? -utmp_len
-								 : utmp_len))) {
-		host = hp->h_name;
-	} else {
-		host = inet_ntoa(who->sin_addr);
-	}
-	/*
-	 * We must make a copy because Kerberos is probably going
-	 * to also do a gethost* and overwrite the static data...
-	 */
-	strncpy(remote_host_name, host, sizeof(remote_host_name)-1);
-	remote_host_name[sizeof(remote_host_name)-1] = 0;
-	host = remote_host_name;
-
-	(void) gethostname(host_name, sizeof (host_name));
-	hostname = host_name;
-
-#if	defined(AUTHENTICATION) || defined(ENCRYPTION)
-	auth_encrypt_init(hostname, host, "TELNETD", 1);
-#endif
-
-	init_env();
-	/*
-	 * get terminal type.
-	 */
-	*user_name = 0;
-	level = getterminaltype(user_name);
-	setenv("TERM", terminaltype ? terminaltype : "network", 1);
-
-#if	defined(_SC_CRAY_SECURE_SYS)
-	if (secflag) {
-		if (setulvl(dv.dv_actlvl) < 0)
-			fatal(net,"cannot setulvl()");
-		if (setucmp(dv.dv_actcmp) < 0)
-			fatal(net, "cannot setucmp()");
-	}
-#endif	/* _SC_CRAY_SECURE_SYS */
-
-	telnet(net, pty, host);		/* begin server process */
-
-	/*NOTREACHED*/
-}  /* end of doit */
-
-#if	defined(CRAY2) && defined(UNICOS5) && defined(UNICOS50)
-	int
-Xterm_output(ibufp, obuf, icountp, ocount)
-	char **ibufp, *obuf;
-	int *icountp, ocount;
-{
-	int ret;
-	ret = term_output(*ibufp, obuf, *icountp, ocount);
-	*ibufp += *icountp;
-	*icountp = 0;
-	return(ret);
-}
-#define	term_output	Xterm_output
-#endif	/* defined(CRAY2) && defined(UNICOS5) && defined(UNICOS50) */
-
-/*
- * Main loop.  Select from pty and network, and
- * hand data to telnet receiver finite state machine.
- */
-	void
-telnet(f, p, host)
-	int f, p;
-	char *host;
-{
-	int on = 1;
-#define	TABBUFSIZ	512
-	char	defent[TABBUFSIZ];
-	char	defstrs[TABBUFSIZ];
-#undef	TABBUFSIZ
-	char *HE;
-	char *HN;
-	char *IM;
-	void netflush();
-	int nfd;
-
-	/*
-	 * Initialize the slc mapping table.
-	 */
-	get_slc_defaults();
-
-	/*
-	 * Do some tests where it is desireable to wait for a response.
-	 * Rather than doing them slowly, one at a time, do them all
-	 * at once.
-	 */
-	if (my_state_is_wont(TELOPT_SGA))
-		send_will(TELOPT_SGA, 1);
-	/*
-	 * Is the client side a 4.2 (NOT 4.3) system?  We need to know this
-	 * because 4.2 clients are unable to deal with TCP urgent data.
-	 *
-	 * To find out, we send out a "DO ECHO".  If the remote system
-	 * answers "WILL ECHO" it is probably a 4.2 client, and we note
-	 * that fact ("WILL ECHO" ==> that the client will echo what
-	 * WE, the server, sends it; it does NOT mean that the client will
-	 * echo the terminal input).
-	 */
-	send_do(TELOPT_ECHO, 1);
-
-#ifdef	LINEMODE
-	if (his_state_is_wont(TELOPT_LINEMODE)) {
-		/* Query the peer for linemode support by trying to negotiate
-		 * the linemode option.
-		 */
-		linemode = 0;
-		editmode = 0;
-		send_do(TELOPT_LINEMODE, 1);  /* send do linemode */
-	}
-#endif	/* LINEMODE */
-
-	/*
-	 * Send along a couple of other options that we wish to negotiate.
-	 */
-	send_do(TELOPT_NAWS, 1);
-	send_will(TELOPT_STATUS, 1);
-	flowmode = 1;		/* default flow control state */
-	restartany = -1;	/* uninitialized... */
-	send_do(TELOPT_LFLOW, 1);
-
-	/*
-	 * Spin, waiting for a response from the DO ECHO.  However,
-	 * some REALLY DUMB telnets out there might not respond
-	 * to the DO ECHO.  So, we spin looking for NAWS, (most dumb
-	 * telnets so far seem to respond with WONT for a DO that
-	 * they don't understand...) because by the time we get the
-	 * response, it will already have processed the DO ECHO.
-	 * Kludge upon kludge.
-	 */
-	while (his_will_wont_is_changing(TELOPT_NAWS))
-		ttloop();
-
-	/*
-	 * But...
-	 * The client might have sent a WILL NAWS as part of its
-	 * startup code; if so, we'll be here before we get the
-	 * response to the DO ECHO.  We'll make the assumption
-	 * that any implementation that understands about NAWS
-	 * is a modern enough implementation that it will respond
-	 * to our DO ECHO request; hence we'll do another spin
-	 * waiting for the ECHO option to settle down, which is
-	 * what we wanted to do in the first place...
-	 */
-	if (his_want_state_is_will(TELOPT_ECHO) &&
-	    his_state_is_will(TELOPT_NAWS)) {
-		while (his_will_wont_is_changing(TELOPT_ECHO))
-			ttloop();
-	}
-	/*
-	 * On the off chance that the telnet client is broken and does not
-	 * respond to the DO ECHO we sent, (after all, we did send the
-	 * DO NAWS negotiation after the DO ECHO, and we won't get here
-	 * until a response to the DO NAWS comes back) simulate the
-	 * receipt of a will echo.  This will also send a WONT ECHO
-	 * to the client, since we assume that the client failed to
-	 * respond because it believes that it is already in DO ECHO
-	 * mode, which we do not want.
-	 */
-	if (his_want_state_is_will(TELOPT_ECHO)) {
-		DIAG(TD_OPTIONS,
-			{sprintf(nfrontp, "td: simulating recv\r\n");
-			 nfrontp += strlen(nfrontp);});
-		willoption(TELOPT_ECHO);
-	}
-
-	/*
-	 * Finally, to clean things up, we turn on our echo.  This
-	 * will break stupid 4.2 telnets out of local terminal echo.
-	 */
-
-	if (my_state_is_wont(TELOPT_ECHO))
-		send_will(TELOPT_ECHO, 1);
-
-#ifndef	STREAMSPTY
-	/*
-	 * Turn on packet mode
-	 */
-	(void) ioctl(p, TIOCPKT, (char *)&on);
-#endif
-
-#if	defined(LINEMODE) && defined(KLUDGELINEMODE)
-	/*
-	 * Continuing line mode support.  If client does not support
-	 * real linemode, attempt to negotiate kludge linemode by sending
-	 * the do timing mark sequence.
-	 */
-	if (lmodetype < REAL_LINEMODE)
-		send_do(TELOPT_TM, 1);
-#endif	/* defined(LINEMODE) && defined(KLUDGELINEMODE) */
-
-	/*
-	 * Call telrcv() once to pick up anything received during
-	 * terminal type negotiation, 4.2/4.3 determination, and
-	 * linemode negotiation.
-	 */
-	telrcv();
-
-	(void) ioctl(f, FIONBIO, (char *)&on);
-	(void) ioctl(p, FIONBIO, (char *)&on);
-#if	defined(CRAY2) && defined(UNICOS5)
-	init_termdriver(f, p, interrupt, sendbrk);
-#endif
-
-#if	defined(SO_OOBINLINE)
-	(void) setsockopt(net, SOL_SOCKET, SO_OOBINLINE,
-				(char *)&on, sizeof on);
-#endif	/* defined(SO_OOBINLINE) */
-
-#ifdef	SIGTSTP
-	(void) signal(SIGTSTP, SIG_IGN);
-#endif
-#ifdef	SIGTTOU
-	/*
-	 * Ignoring SIGTTOU keeps the kernel from blocking us
-	 * in ttioct() in /sys/tty.c.
-	 */
-	(void) signal(SIGTTOU, SIG_IGN);
-#endif
-
-	(void) signal(SIGCHLD, cleanup);
-
-#if	defined(CRAY2) && defined(UNICOS5)
-	/*
-	 * Cray-2 will send a signal when pty modes are changed by slave
-	 * side.  Set up signal handler now.
-	 */
-	if ((int)signal(SIGUSR1, termstat) < 0)
-		perror("signal");
-	else if (ioctl(p, TCSIGME, (char *)SIGUSR1) < 0)
-		perror("ioctl:TCSIGME");
-	/*
-	 * Make processing loop check terminal characteristics early on.
-	 */
-	termstat();
-#endif
-
-#ifdef  TIOCNOTTY
-	{
-		register int t;
-		t = open(_PATH_TTY, O_RDWR);
-		if (t >= 0) {
-			(void) ioctl(t, TIOCNOTTY, (char *)0);
-			(void) close(t);
-		}
-	}
-#endif
-
-#if	defined(CRAY) && defined(NEWINIT) && defined(TIOCSCTTY)
-	(void) setsid();
-	ioctl(p, TIOCSCTTY, 0);
-#endif
-
-	/*
-	 * Show banner that getty never gave.
-	 *
-	 * We put the banner in the pty input buffer.  This way, it
-	 * gets carriage return null processing, etc., just like all
-	 * other pty --> client data.
-	 */
-
-#if	!defined(CRAY) || !defined(NEWINIT)
-	if (getenv("USER"))
-		hostinfo = 0;
-#endif
-
-	if (getent(defent, "default") == 1) {
-		char *getstr();
-		char *cp=defstrs;
-
-		HE = getstr("he", &cp);
-		HN = getstr("hn", &cp);
-		IM = getstr("im", &cp);
-		if (HN && *HN)
-			(void) strcpy(host_name, HN);
-		if (IM == 0)
-			IM = "";
-	} else {
-		IM = DEFAULT_IM;
-		HE = 0;
-	}
-	edithost(HE, host_name);
-	if (hostinfo && *IM)
-		putf(IM, ptyibuf2);
-
-	if (pcc)
-		(void) strncat(ptyibuf2, ptyip, pcc+1);
-	ptyip = ptyibuf2;
-	pcc = strlen(ptyip);
-#ifdef	LINEMODE
-	/*
-	 * Last check to make sure all our states are correct.
-	 */
-	init_termbuf();
-	localstat();
-#endif	/* LINEMODE */
-
-	DIAG(TD_REPORT,
-		{sprintf(nfrontp, "td: Entering processing loop\r\n");
-		 nfrontp += strlen(nfrontp);});
-
-	/*
-	 * Startup the login process on the slave side of the terminal
-	 * now.  We delay this until here to insure option negotiation
-	 * is complete.
-	 */
-	startslave(host, level, user_name);
-
-	nfd = ((f > p) ? f : p) + 1;
-	for (;;) {
-		fd_set ibits, obits, xbits;
-		register int c;
-
-		if (ncc < 0 && pcc < 0)
-			break;
-
-#if	defined(CRAY2) && defined(UNICOS5)
-		if (needtermstat)
-			_termstat();
-#endif	/* defined(CRAY2) && defined(UNICOS5) */
-		FD_ZERO(&ibits);
-		FD_ZERO(&obits);
-		FD_ZERO(&xbits);
-		/*
-		 * Never look for input if there's still
-		 * stuff in the corresponding output buffer
-		 */
-		if (nfrontp - nbackp || pcc > 0) {
-			FD_SET(f, &obits);
-		} else {
-			FD_SET(p, &ibits);
-		}
-		if (pfrontp - pbackp || ncc > 0) {
-			FD_SET(p, &obits);
-		} else {
-			FD_SET(f, &ibits);
-		}
-		if (!SYNCHing) {
-			FD_SET(f, &xbits);
-		}
-		if ((c = select(nfd, &ibits, &obits, &xbits,
-						(struct timeval *)0)) < 1) {
-			if (c == -1) {
-				if (errno == EINTR) {
-					continue;
-				}
-			}
-			sleep(5);
-			continue;
-		}
-
-		/*
-		 * Any urgent data?
-		 */
-		if (FD_ISSET(net, &xbits)) {
-		    SYNCHing = 1;
-		}
-
-		/*
-		 * Something to read from the network...
-		 */
-		if (FD_ISSET(net, &ibits)) {
-#if	!defined(SO_OOBINLINE)
-			/*
-			 * In 4.2 (and 4.3 beta) systems, the
-			 * OOB indication and data handling in the kernel
-			 * is such that if two separate TCP Urgent requests
-			 * come in, one byte of TCP data will be overlaid.
-			 * This is fatal for Telnet, but we try to live
-			 * with it.
-			 *
-			 * In addition, in 4.2 (and...), a special protocol
-			 * is needed to pick up the TCP Urgent data in
-			 * the correct sequence.
-			 *
-			 * What we do is:  if we think we are in urgent
-			 * mode, we look to see if we are "at the mark".
-			 * If we are, we do an OOB receive.  If we run
-			 * this twice, we will do the OOB receive twice,
-			 * but the second will fail, since the second
-			 * time we were "at the mark", but there wasn't
-			 * any data there (the kernel doesn't reset
-			 * "at the mark" until we do a normal read).
-			 * Once we've read the OOB data, we go ahead
-			 * and do normal reads.
-			 *
-			 * There is also another problem, which is that
-			 * since the OOB byte we read doesn't put us
-			 * out of OOB state, and since that byte is most
-			 * likely the TELNET DM (data mark), we would
-			 * stay in the TELNET SYNCH (SYNCHing) state.
-			 * So, clocks to the rescue.  If we've "just"
-			 * received a DM, then we test for the
-			 * presence of OOB data when the receive OOB
-			 * fails (and AFTER we did the normal mode read
-			 * to clear "at the mark").
-			 */
-		    if (SYNCHing) {
-			int atmark;
-
-			(void) ioctl(net, SIOCATMARK, (char *)&atmark);
-			if (atmark) {
-			    ncc = recv(net, netibuf, sizeof (netibuf), MSG_OOB);
-			    if ((ncc == -1) && (errno == EINVAL)) {
-				ncc = read(net, netibuf, sizeof (netibuf));
-				if (sequenceIs(didnetreceive, gotDM)) {
-				    SYNCHing = stilloob(net);
-				}
-			    }
-			} else {
-			    ncc = read(net, netibuf, sizeof (netibuf));
-			}
-		    } else {
-			ncc = read(net, netibuf, sizeof (netibuf));
-		    }
-		    settimer(didnetreceive);
-#else	/* !defined(SO_OOBINLINE)) */
-		    ncc = read(net, netibuf, sizeof (netibuf));
-#endif	/* !defined(SO_OOBINLINE)) */
-		    if (ncc < 0 && errno == EWOULDBLOCK)
-			ncc = 0;
-		    else {
-			if (ncc <= 0) {
-			    break;
-			}
-			netip = netibuf;
-		    }
-		    DIAG((TD_REPORT | TD_NETDATA),
-			    {sprintf(nfrontp, "td: netread %d chars\r\n", ncc);
-			     nfrontp += strlen(nfrontp);});
-		    DIAG(TD_NETDATA, printdata("nd", netip, ncc));
-		}
-
-		/*
-		 * Something to read from the pty...
-		 */
-		if (FD_ISSET(p, &ibits)) {
-#ifndef	STREAMSPTY
-			pcc = read(p, ptyibuf, BUFSIZ);
-#else
-			pcc = readstream(p, ptyibuf, BUFSIZ);
-#endif
-			/*
-			 * On some systems, if we try to read something
-			 * off the master side before the slave side is
-			 * opened, we get EIO.
-			 */
-			if (pcc < 0 && (errno == EWOULDBLOCK ||
-#ifdef	EAGAIN
-					errno == EAGAIN ||
-#endif
-					errno == EIO)) {
-				pcc = 0;
-			} else {
-				if (pcc <= 0)
-					break;
-#if	!defined(CRAY2) || !defined(UNICOS5)
-#ifdef	LINEMODE
-				/*
-				 * If ioctl from pty, pass it through net
-				 */
-				if (ptyibuf[0] & TIOCPKT_IOCTL) {
-					copy_termbuf(ptyibuf+1, pcc-1);
-					localstat();
-					pcc = 1;
-				}
-#endif	/* LINEMODE */
-				if (ptyibuf[0] & TIOCPKT_FLUSHWRITE) {
-					netclear();	/* clear buffer back */
-#ifndef	NO_URGENT
-					/*
-					 * There are client telnets on some
-					 * operating systems get screwed up
-					 * royally if we send them urgent
-					 * mode data.
-					 */
-					*nfrontp++ = IAC;
-					*nfrontp++ = DM;
-					neturg = nfrontp-1; /* off by one XXX */
-					DIAG(TD_OPTIONS,
-					    printoption("td: send IAC", DM));
-
-#endif
-				}
-				if (his_state_is_will(TELOPT_LFLOW) &&
-				    (ptyibuf[0] &
-				     (TIOCPKT_NOSTOP|TIOCPKT_DOSTOP))) {
-					int newflow =
-					    ptyibuf[0] & TIOCPKT_DOSTOP ? 1 : 0;
-					if (newflow != flowmode) {
-						flowmode = newflow;
-						(void) sprintf(nfrontp,
-							"%c%c%c%c%c%c",
-							IAC, SB, TELOPT_LFLOW,
-							flowmode ? LFLOW_ON
-								 : LFLOW_OFF,
-							IAC, SE);
-						nfrontp += 6;
-						DIAG(TD_OPTIONS, printsub('>',
-						    (unsigned char *)nfrontp-4,
-						    4););
-					}
-				}
-				pcc--;
-				ptyip = ptyibuf+1;
-#else	/* defined(CRAY2) && defined(UNICOS5) */
-				if (!uselinemode) {
-					unpcc = pcc;
-					unptyip = ptyibuf;
-					pcc = term_output(&unptyip, ptyibuf2,
-								&unpcc, BUFSIZ);
-					ptyip = ptyibuf2;
-				} else
-					ptyip = ptyibuf;
-#endif	/* defined(CRAY2) && defined(UNICOS5) */
-			}
-		}
-
-		while (pcc > 0) {
-			if ((&netobuf[BUFSIZ] - nfrontp) < 2)
-				break;
-			c = *ptyip++ & 0377, pcc--;
-			if (c == IAC)
-				*nfrontp++ = c;
-#if	defined(CRAY2) && defined(UNICOS5)
-			else if (c == '\n' &&
-				     my_state_is_wont(TELOPT_BINARY) && newmap)
-				*nfrontp++ = '\r';
-#endif	/* defined(CRAY2) && defined(UNICOS5) */
-			*nfrontp++ = c;
-			if ((c == '\r') && (my_state_is_wont(TELOPT_BINARY))) {
-				if (pcc > 0 && ((*ptyip & 0377) == '\n')) {
-					*nfrontp++ = *ptyip++ & 0377;
-					pcc--;
-				} else
-					*nfrontp++ = '\0';
-			}
-		}
-#if	defined(CRAY2) && defined(UNICOS5)
-		/*
-		 * If chars were left over from the terminal driver,
-		 * note their existence.
-		 */
-		if (!uselinemode && unpcc) {
-			pcc = unpcc;
-			unpcc = 0;
-			ptyip = unptyip;
-		}
-#endif	/* defined(CRAY2) && defined(UNICOS5) */
-
-		if (FD_ISSET(f, &obits) && (nfrontp - nbackp) > 0)
-			netflush();
-		if (ncc > 0)
-			telrcv();
-		if (FD_ISSET(p, &obits) && (pfrontp - pbackp) > 0)
-			ptyflush();
-	}
-	cleanup(0);
-}  /* end of telnet */
-
-#ifndef	TCSIG
-# ifdef	TIOCSIG
-#  define TCSIG TIOCSIG
-# endif
-#endif
-
-#ifdef	STREAMSPTY
-
-int flowison = -1;  /* current state of flow: -1 is unknown */
-
-int readstream(p, ibuf, bufsize)
-	int p;
-	char *ibuf;
-	int bufsize;
-{
-	int flags = 0;
-	int ret = 0;
-	struct termios *tsp;
-	struct termio *tp;
-	struct iocblk *ip;
-	char vstop, vstart;
-	int ixon;
-	int newflow;
-
-	strbufc.maxlen = BUFSIZ;
-	strbufc.buf = (char *)ctlbuf;
-	strbufd.maxlen = bufsize-1;
-	strbufd.len = 0;
-	strbufd.buf = ibuf+1;
-	ibuf[0] = 0;
-
-	ret = getmsg(p, &strbufc, &strbufd, &flags);
-	if (ret < 0)  /* error of some sort -- probably EAGAIN */
-		return(-1);
-
-	if (strbufc.len <= 0 || ctlbuf[0] == M_DATA) {
-		/* data message */
-		if (strbufd.len > 0) {			/* real data */
-			return(strbufd.len + 1);	/* count header char */
-		} else {
-			/* nothing there */
-			errno = EAGAIN;
-			return(-1);
-		}
-	}
-
-	/*
-	 * It's a control message.  Return 1, to look at the flag we set
-	 */
-
-	switch (ctlbuf[0]) {
-	case M_FLUSH:
-		if (ibuf[1] & FLUSHW)
-			ibuf[0] = TIOCPKT_FLUSHWRITE;
-		return(1);
-
-	case M_IOCTL:
-		ip = (struct iocblk *) (ibuf+1);
-
-		switch (ip->ioc_cmd) {
-		case TCSETS:
-		case TCSETSW:
-		case TCSETSF:
-			tsp = (struct termios *)
-					(ibuf+1 + sizeof(struct iocblk));
-			vstop = tsp->c_cc[VSTOP];
-			vstart = tsp->c_cc[VSTART];
-			ixon = tsp->c_iflag & IXON;
-			break;
-		case TCSETA:
-		case TCSETAW:
-		case TCSETAF:
-			tp = (struct termio *) (ibuf+1 + sizeof(struct iocblk));
-			vstop = tp->c_cc[VSTOP];
-			vstart = tp->c_cc[VSTART];
-			ixon = tp->c_iflag & IXON;
-			break;
-		default:
-			errno = EAGAIN;
-			return(-1);
-		}
-
-		newflow =  (ixon && (vstart == 021) && (vstop == 023)) ? 1 : 0;
-		if (newflow != flowison) {  /* it's a change */
-			flowison = newflow;
-			ibuf[0] = newflow ? TIOCPKT_DOSTOP : TIOCPKT_NOSTOP;
-			return(1);
-		}
-	}
-
-	/* nothing worth doing anything about */
-	errno = EAGAIN;
-	return(-1);
-}
-#endif /* STREAMSPTY */
-
-/*
- * Send interrupt to process on other side of pty.
- * If it is in raw mode, just write NULL;
- * otherwise, write intr char.
- */
-	void
-interrupt()
-{
-	ptyflush();	/* half-hearted */
-
-#if defined(STREAMSPTY) && defined(TIOCSIGNAL)
-	/* Streams PTY style ioctl to post a signal */
-	{
-		int sig = SIGINT;
-		(void) ioctl(pty, TIOCSIGNAL, &sig);
-		(void) ioctl(pty, I_FLUSH, FLUSHR);
-	}
-#else
-#ifdef	TCSIG
-	(void) ioctl(pty, TCSIG, (char *)SIGINT);
-#else	/* TCSIG */
-	init_termbuf();
-	*pfrontp++ = slctab[SLC_IP].sptr ?
-			(unsigned char)*slctab[SLC_IP].sptr : '\177';
-#endif	/* TCSIG */
-#endif
-}
-
-/*
- * Send quit to process on other side of pty.
- * If it is in raw mode, just write NULL;
- * otherwise, write quit char.
- */
-	void
-sendbrk()
-{
-	ptyflush();	/* half-hearted */
-#ifdef	TCSIG
-	(void) ioctl(pty, TCSIG, (char *)SIGQUIT);
-#else	/* TCSIG */
-	init_termbuf();
-	*pfrontp++ = slctab[SLC_ABORT].sptr ?
-			(unsigned char)*slctab[SLC_ABORT].sptr : '\034';
-#endif	/* TCSIG */
-}
-
-	void
-sendsusp()
-{
-#ifdef	SIGTSTP
-	ptyflush();	/* half-hearted */
-# ifdef	TCSIG
-	(void) ioctl(pty, TCSIG, (char *)SIGTSTP);
-# else	/* TCSIG */
-	*pfrontp++ = slctab[SLC_SUSP].sptr ?
-			(unsigned char)*slctab[SLC_SUSP].sptr : '\032';
-# endif	/* TCSIG */
-#endif	/* SIGTSTP */
-}
-
-/*
- * When we get an AYT, if ^T is enabled, use that.  Otherwise,
- * just send back "[Yes]".
- */
-	void
-recv_ayt()
-{
-#if	defined(SIGINFO) && defined(TCSIG)
-	if (slctab[SLC_AYT].sptr && *slctab[SLC_AYT].sptr != _POSIX_VDISABLE) {
-		(void) ioctl(pty, TCSIG, (char *)SIGINFO);
-		return;
-	}
-#endif
-	(void) strcpy(nfrontp, "\r\n[Yes]\r\n");
-	nfrontp += 9;
-}
-
-	void
-doeof()
-{
-	init_termbuf();
-
-#if	defined(LINEMODE) && defined(USE_TERMIO) && (VEOF == VMIN)
-	if (!tty_isediting()) {
-		extern char oldeofc;
-		*pfrontp++ = oldeofc;
-		return;
-	}
-#endif
-	*pfrontp++ = slctab[SLC_EOF].sptr ?
-			(unsigned char)*slctab[SLC_EOF].sptr : '\004';
-}
diff --git a/secure/libexec/telnetd/telnetd.h b/secure/libexec/telnetd/telnetd.h
deleted file mode 100644
index 234b9739e758..000000000000
--- a/secure/libexec/telnetd/telnetd.h
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)telnetd.h	8.1 (Berkeley) 6/4/93
- */
-
-
-#include "defs.h"
-#include "ext.h"
-
-#ifdef	DIAGNOSTICS
-#define	DIAG(a,b)	if (diagnostic & (a)) b
-#else
-#define	DIAG(a,b)
-#endif
-
-/* other external variables */
-extern	char **environ;
-extern	int errno;
-
diff --git a/secure/libexec/telnetd/termstat.c b/secure/libexec/telnetd/termstat.c
deleted file mode 100644
index f499137366d2..000000000000
--- a/secure/libexec/telnetd/termstat.c
+++ /dev/null
@@ -1,669 +0,0 @@
-/*
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#)termstat.c	8.2 (Berkeley) 5/30/95";
-#endif /* not lint */
-
-#include "telnetd.h"
-
-/*
- * local variables
- */
-int def_tspeed = -1, def_rspeed = -1;
-#ifdef	TIOCSWINSZ
-int def_row = 0, def_col = 0;
-#endif
-#ifdef	LINEMODE
-static int _terminit = 0;
-#endif	/* LINEMODE */
-
-#if	defined(CRAY2) && defined(UNICOS5)
-int	newmap = 1;	/* nonzero if \n maps to ^M^J */
-#endif
-
-#ifdef	LINEMODE
-/*
- * localstat
- *
- * This function handles all management of linemode.
- *
- * Linemode allows the client to do the local editing of data
- * and send only complete lines to the server.  Linemode state is
- * based on the state of the pty driver.  If the pty is set for
- * external processing, then we can use linemode.  Further, if we
- * can use real linemode, then we can look at the edit control bits
- * in the pty to determine what editing the client should do.
- *
- * Linemode support uses the following state flags to keep track of
- * current and desired linemode state.
- *	alwayslinemode : true if -l was specified on the telnetd
- * 	command line.  It means to have linemode on as much as
- *	possible.
- *
- * 	lmodetype: signifies whether the client can
- *	handle real linemode, or if use of kludgeomatic linemode
- *	is preferred.  It will be set to one of the following:
- *		REAL_LINEMODE : use linemode option
- *		NO_KLUDGE : don't initiate kludge linemode.
- *		KLUDGE_LINEMODE : use kludge linemode
- *		NO_LINEMODE : client is ignorant of linemode
- *
- *	linemode, uselinemode : linemode is true if linemode
- *	is currently on, uselinemode is the state that we wish
- *	to be in.  If another function wishes to turn linemode
- *	on or off, it sets or clears uselinemode.
- *
- *	editmode, useeditmode : like linemode/uselinemode, but
- *	these contain the edit mode states (edit and trapsig).
- *
- * The state variables correspond to some of the state information
- * in the pty.
- *	linemode:
- *		In real linemode, this corresponds to whether the pty
- *		expects external processing of incoming data.
- *		In kludge linemode, this more closely corresponds to the
- *		whether normal processing is on or not.  (ICANON in
- *		system V, or COOKED mode in BSD.)
- *		If the -l option was specified (alwayslinemode), then
- *		an attempt is made to force external processing on at
- *		all times.
- *
- * The following heuristics are applied to determine linemode
- * handling within the server.
- *	1) Early on in starting up the server, an attempt is made
- *	   to negotiate the linemode option.  If this succeeds
- *	   then lmodetype is set to REAL_LINEMODE and all linemode
- *	   processing occurs in the context of the linemode option.
- *	2) If the attempt to negotiate the linemode option failed,
- *	   and the "-k" (don't initiate kludge linemode) isn't set,
- *	   then we try to use kludge linemode.  We test for this
- *	   capability by sending "do Timing Mark".  If a positive
- *	   response comes back, then we assume that the client
- *	   understands kludge linemode (ech!) and the
- *	   lmodetype flag is set to KLUDGE_LINEMODE.
- *	3) Otherwise, linemode is not supported at all and
- *	   lmodetype remains set to NO_LINEMODE (which happens
- *	   to be 0 for convenience).
- *	4) At any time a command arrives that implies a higher
- *	   state of linemode support in the client, we move to that
- *	   linemode support.
- *
- * A short explanation of kludge linemode is in order here.
- *	1) The heuristic to determine support for kludge linemode
- *	   is to send a do timing mark.  We assume that a client
- *	   that supports timing marks also supports kludge linemode.
- *	   A risky proposition at best.
- *	2) Further negotiation of linemode is done by changing the
- *	   the server's state regarding SGA.  If server will SGA,
- *	   then linemode is off, if server won't SGA, then linemode
- *	   is on.
- */
-	void
-localstat()
-{
-	void netflush();
-	int need_will_echo = 0;
-
-#if	defined(CRAY2) && defined(UNICOS5)
-	/*
-	 * Keep track of that ol' CR/NL mapping while we're in the
-	 * neighborhood.
-	 */
-	newmap = tty_isnewmap();
-#endif	/* defined(CRAY2) && defined(UNICOS5) */
-
-	/*
-	 * Check for changes to flow control if client supports it.
-	 */
-	flowstat();
-
-	/*
-	 * Check linemode on/off state
-	 */
-	uselinemode = tty_linemode();
-
-	/*
-	 * If alwayslinemode is on, and pty is changing to turn it off, then
-	 * force linemode back on.
-	 */
-	if (alwayslinemode && linemode && !uselinemode) {
-		uselinemode = 1;
-		tty_setlinemode(uselinemode);
-	}
-
-	if (uselinemode) {
-		/*
-		 * Check for state of BINARY options.
-		 *
-		 * We only need to do the binary dance if we are actually going
-		 * to use linemode.  As this confuses some telnet clients
-		 * that don't support linemode, and doesn't gain us
-		 * anything, we don't do it unless we're doing linemode.
-		 * -Crh (henrich@msu.edu)
-		 */
-
-		if (tty_isbinaryin()) {
-			if (his_want_state_is_wont(TELOPT_BINARY))
-				send_do(TELOPT_BINARY, 1);
-		} else {
-			if (his_want_state_is_will(TELOPT_BINARY))
-				send_dont(TELOPT_BINARY, 1);
-		}
-
-		if (tty_isbinaryout()) {
-			if (my_want_state_is_wont(TELOPT_BINARY))
-				send_will(TELOPT_BINARY, 1);
-		} else {
-			if (my_want_state_is_will(TELOPT_BINARY))
-				send_wont(TELOPT_BINARY, 1);
-		}
-	}
-
-#ifdef	ENCRYPTION
-	/*
-	 * If the terminal is not echoing, but editing is enabled,
-	 * something like password input is going to happen, so
-	 * if we the other side is not currently sending encrypted
-	 * data, ask the other side to start encrypting.
-	 */
-	if (his_state_is_will(TELOPT_ENCRYPT)) {
-		static int enc_passwd = 0;
-		if (uselinemode && !tty_isecho() && tty_isediting()
-		    && (enc_passwd == 0) && !decrypt_input) {
-			encrypt_send_request_start();
-			enc_passwd = 1;
-		} else if (enc_passwd) {
-			encrypt_send_request_end();
-			enc_passwd = 0;
-		}
-	}
-#endif	/* ENCRYPTION */
-
-	/*
-	 * Do echo mode handling as soon as we know what the
-	 * linemode is going to be.
-	 * If the pty has echo turned off, then tell the client that
-	 * the server will echo.  If echo is on, then the server
-	 * will echo if in character mode, but in linemode the
-	 * client should do local echoing.  The state machine will
-	 * not send anything if it is unnecessary, so don't worry
-	 * about that here.
-	 *
-	 * If we need to send the WILL ECHO (because echo is off),
-	 * then delay that until after we have changed the MODE.
-	 * This way, when the user is turning off both editing
-	 * and echo, the client will get editing turned off first.
-	 * This keeps the client from going into encryption mode
-	 * and then right back out if it is doing auto-encryption
-	 * when passwords are being typed.
-	 */
-	if (uselinemode) {
-		if (tty_isecho())
-			send_wont(TELOPT_ECHO, 1);
-		else
-			need_will_echo = 1;
-#ifdef	KLUDGELINEMODE
-		if (lmodetype == KLUDGE_OK)
-			lmodetype = KLUDGE_LINEMODE;
-#endif
-	}
-
-	/*
-	 * If linemode is being turned off, send appropriate
-	 * command and then we're all done.
-	 */
-	 if (!uselinemode && linemode) {
-# ifdef	KLUDGELINEMODE
-		if (lmodetype == REAL_LINEMODE) {
-# endif	/* KLUDGELINEMODE */
-			send_dont(TELOPT_LINEMODE, 1);
-# ifdef	KLUDGELINEMODE
-		} else if (lmodetype == KLUDGE_LINEMODE)
-			send_will(TELOPT_SGA, 1);
-# endif	/* KLUDGELINEMODE */
-		send_will(TELOPT_ECHO, 1);
-		linemode = uselinemode;
-		goto done;
-	}
-
-# ifdef	KLUDGELINEMODE
-	/*
-	 * If using real linemode check edit modes for possible later use.
-	 * If we are in kludge linemode, do the SGA negotiation.
-	 */
-	if (lmodetype == REAL_LINEMODE) {
-# endif	/* KLUDGELINEMODE */
-		useeditmode = 0;
-		if (tty_isediting())
-			useeditmode |= MODE_EDIT;
-		if (tty_istrapsig())
-			useeditmode |= MODE_TRAPSIG;
-		if (tty_issofttab())
-			useeditmode |= MODE_SOFT_TAB;
-		if (tty_islitecho())
-			useeditmode |= MODE_LIT_ECHO;
-# ifdef	KLUDGELINEMODE
-	} else if (lmodetype == KLUDGE_LINEMODE) {
-		if (tty_isediting() && uselinemode)
-			send_wont(TELOPT_SGA, 1);
-		else
-			send_will(TELOPT_SGA, 1);
-	}
-# endif	/* KLUDGELINEMODE */
-
-	/*
-	 * Negotiate linemode on if pty state has changed to turn it on.
-	 * Send appropriate command and send along edit mode, then all done.
-	 */
-	if (uselinemode && !linemode) {
-# ifdef	KLUDGELINEMODE
-		if (lmodetype == KLUDGE_LINEMODE) {
-			send_wont(TELOPT_SGA, 1);
-		} else if (lmodetype == REAL_LINEMODE) {
-# endif	/* KLUDGELINEMODE */
-			send_do(TELOPT_LINEMODE, 1);
-			/* send along edit modes */
-			(void) sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC, SB,
-				TELOPT_LINEMODE, LM_MODE, useeditmode,
-				IAC, SE);
-			nfrontp += 7;
-			editmode = useeditmode;
-# ifdef	KLUDGELINEMODE
-		}
-# endif	/* KLUDGELINEMODE */
-		linemode = uselinemode;
-		goto done;
-	}
-
-# ifdef	KLUDGELINEMODE
-	/*
-	 * None of what follows is of any value if not using
-	 * real linemode.
-	 */
-	if (lmodetype < REAL_LINEMODE)
-		goto done;
-# endif	/* KLUDGELINEMODE */
-
-	if (linemode && his_state_is_will(TELOPT_LINEMODE)) {
-		/*
-		 * If edit mode changed, send edit mode.
-		 */
-		 if (useeditmode != editmode) {
-			/*
-			 * Send along appropriate edit mode mask.
-			 */
-			(void) sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC, SB,
-				TELOPT_LINEMODE, LM_MODE, useeditmode,
-				IAC, SE);
-			nfrontp += 7;
-			editmode = useeditmode;
-		}
-
-
-		/*
-		 * Check for changes to special characters in use.
-		 */
-		start_slc(0);
-		check_slc();
-		(void) end_slc(0);
-	}
-
-done:
-	if (need_will_echo)
-		send_will(TELOPT_ECHO, 1);
-	/*
-	 * Some things should be deferred until after the pty state has
-	 * been set by the local process.  Do those things that have been
-	 * deferred now.  This only happens once.
-	 */
-	if (_terminit == 0) {
-		_terminit = 1;
-		defer_terminit();
-	}
-
-	netflush();
-	set_termbuf();
-	return;
-
-}  /* end of localstat */
-#endif	/* LINEMODE */
-
-/*
- * flowstat
- *
- * Check for changes to flow control
- */
-	void
-flowstat()
-{
-	if (his_state_is_will(TELOPT_LFLOW)) {
-		if (tty_flowmode() != flowmode) {
-			flowmode = tty_flowmode();
-			(void) sprintf(nfrontp, "%c%c%c%c%c%c",
-					IAC, SB, TELOPT_LFLOW,
-					flowmode ? LFLOW_ON : LFLOW_OFF,
-					IAC, SE);
-			nfrontp += 6;
-		}
-		if (tty_restartany() != restartany) {
-			restartany = tty_restartany();
-			(void) sprintf(nfrontp, "%c%c%c%c%c%c",
-					IAC, SB, TELOPT_LFLOW,
-					restartany ? LFLOW_RESTART_ANY
-						   : LFLOW_RESTART_XON,
-					IAC, SE);
-			nfrontp += 6;
-		}
-	}
-}
-
-/*
- * clientstat
- *
- * Process linemode related requests from the client.
- * Client can request a change to only one of linemode, editmode or slc's
- * at a time, and if using kludge linemode, then only linemode may be
- * affected.
- */
-	void
-clientstat(code, parm1, parm2)
-	register int code, parm1, parm2;
-{
-	void netflush();
-
-	/*
-	 * Get a copy of terminal characteristics.
-	 */
-	init_termbuf();
-
-	/*
-	 * Process request from client. code tells what it is.
-	 */
-	switch (code) {
-#ifdef	LINEMODE
-	case TELOPT_LINEMODE:
-		/*
-		 * Don't do anything unless client is asking us to change
-		 * modes.
-		 */
-		uselinemode = (parm1 == WILL);
-		if (uselinemode != linemode) {
-# ifdef	KLUDGELINEMODE
-			/*
-			 * If using kludge linemode, make sure that
-			 * we can do what the client asks.
-			 * We can not turn off linemode if alwayslinemode
-			 * and the ICANON bit is set.
-			 */
-			if (lmodetype == KLUDGE_LINEMODE) {
-				if (alwayslinemode && tty_isediting()) {
-					uselinemode = 1;
-				}
-			}
-
-			/*
-			 * Quit now if we can't do it.
-			 */
-			if (uselinemode == linemode)
-				return;
-
-			/*
-			 * If using real linemode and linemode is being
-			 * turned on, send along the edit mode mask.
-			 */
-			if (lmodetype == REAL_LINEMODE && uselinemode)
-# else	/* KLUDGELINEMODE */
-			if (uselinemode)
-# endif	/* KLUDGELINEMODE */
-			{
-				useeditmode = 0;
-				if (tty_isediting())
-					useeditmode |= MODE_EDIT;
-				if (tty_istrapsig)
-					useeditmode |= MODE_TRAPSIG;
-				if (tty_issofttab())
-					useeditmode |= MODE_SOFT_TAB;
-				if (tty_islitecho())
-					useeditmode |= MODE_LIT_ECHO;
-				(void) sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC,
-					SB, TELOPT_LINEMODE, LM_MODE,
-							useeditmode, IAC, SE);
-				nfrontp += 7;
-				editmode = useeditmode;
-			}
-
-
-			tty_setlinemode(uselinemode);
-
-			linemode = uselinemode;
-
-			if (!linemode)
-				send_will(TELOPT_ECHO, 1);
-		}
-		break;
-
-	case LM_MODE:
-	    {
-		register int ack, changed;
-
-		/*
-		 * Client has sent along a mode mask.  If it agrees with
-		 * what we are currently doing, ignore it; if not, it could
-		 * be viewed as a request to change.  Note that the server
-		 * will change to the modes in an ack if it is different from
-		 * what we currently have, but we will not ack the ack.
-		 */
-		 useeditmode &= MODE_MASK;
-		 ack = (useeditmode & MODE_ACK);
-		 useeditmode &= ~MODE_ACK;
-
-		 if (changed = (useeditmode ^ editmode)) {
-			/*
-			 * This check is for a timing problem.  If the
-			 * state of the tty has changed (due to the user
-			 * application) we need to process that info
-			 * before we write in the state contained in the
-			 * ack!!!  This gets out the new MODE request,
-			 * and when the ack to that command comes back
-			 * we'll set it and be in the right mode.
-			 */
-			if (ack)
-				localstat();
-			if (changed & MODE_EDIT)
-				tty_setedit(useeditmode & MODE_EDIT);
-
-			if (changed & MODE_TRAPSIG)
-				tty_setsig(useeditmode & MODE_TRAPSIG);
-
-			if (changed & MODE_SOFT_TAB)
-				tty_setsofttab(useeditmode & MODE_SOFT_TAB);
-
-			if (changed & MODE_LIT_ECHO)
-				tty_setlitecho(useeditmode & MODE_LIT_ECHO);
-
-			set_termbuf();
-
- 			if (!ack) {
- 				(void) sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC,
-					SB, TELOPT_LINEMODE, LM_MODE,
- 					useeditmode|MODE_ACK,
- 					IAC, SE);
- 				nfrontp += 7;
- 			}
-
-			editmode = useeditmode;
-		}
-
-		break;
-
-	    }  /* end of case LM_MODE */
-#endif	/* LINEMODE */
-
-	case TELOPT_NAWS:
-#ifdef	TIOCSWINSZ
-	    {
-		struct winsize ws;
-
-		def_col = parm1;
-		def_row = parm2;
-#ifdef	LINEMODE
-		/*
-		 * Defer changing window size until after terminal is
-		 * initialized.
-		 */
-		if (terminit() == 0)
-			return;
-#endif	/* LINEMODE */
-
-		/*
-		 * Change window size as requested by client.
-		 */
-
-		ws.ws_col = parm1;
-		ws.ws_row = parm2;
-		(void) ioctl(pty, TIOCSWINSZ, (char *)&ws);
-	    }
-#endif	/* TIOCSWINSZ */
-
-		break;
-
-	case TELOPT_TSPEED:
-	    {
-		def_tspeed = parm1;
-		def_rspeed = parm2;
-#ifdef	LINEMODE
-		/*
-		 * Defer changing the terminal speed.
-		 */
-		if (terminit() == 0)
-			return;
-#endif	/* LINEMODE */
-		/*
-		 * Change terminal speed as requested by client.
-		 * We set the receive speed first, so that if we can't
-		 * store seperate receive and transmit speeds, the transmit
-		 * speed will take precedence.
-		 */
-		tty_rspeed(parm2);
-		tty_tspeed(parm1);
-		set_termbuf();
-
-		break;
-
-	    }  /* end of case TELOPT_TSPEED */
-
-	default:
-		/* What? */
-		break;
-	}  /* end of switch */
-
-#if	defined(CRAY2) && defined(UNICOS5)
-	/*
-	 * Just in case of the likely event that we changed the pty state.
-	 */
-	rcv_ioctl();
-#endif	/* defined(CRAY2) && defined(UNICOS5) */
-
-	netflush();
-
-}  /* end of clientstat */
-
-#if	defined(CRAY2) && defined(UNICOS5)
-	void
-termstat()
-{
-	needtermstat = 1;
-}
-
-	void
-_termstat()
-{
-	needtermstat = 0;
-	init_termbuf();
-	localstat();
-	rcv_ioctl();
-}
-#endif	/* defined(CRAY2) && defined(UNICOS5) */
-
-#ifdef	LINEMODE
-/*
- * defer_terminit
- *
- * Some things should not be done until after the login process has started
- * and all the pty modes are set to what they are supposed to be.  This
- * function is called when the pty state has been processed for the first time.
- * It calls other functions that do things that were deferred in each module.
- */
-	void
-defer_terminit()
-{
-
-	/*
-	 * local stuff that got deferred.
-	 */
-	if (def_tspeed != -1) {
-		clientstat(TELOPT_TSPEED, def_tspeed, def_rspeed);
-		def_tspeed = def_rspeed = 0;
-	}
-
-#ifdef	TIOCSWINSZ
-	if (def_col || def_row) {
-		struct winsize ws;
-
-		memset((char *)&ws, 0, sizeof(ws));
-		ws.ws_col = def_col;
-		ws.ws_row = def_row;
-		(void) ioctl(pty, TIOCSWINSZ, (char *)&ws);
-	}
-#endif
-
-	/*
-	 * The only other module that currently defers anything.
-	 */
-	deferslc();
-
-}  /* end of defer_terminit */
-
-/*
- * terminit
- *
- * Returns true if the pty state has been processed yet.
- */
-	int
-terminit()
-{
-	return(_terminit);
-
-}  /* end of terminit */
-#endif	/* LINEMODE */
diff --git a/secure/libexec/telnetd/utility.c b/secure/libexec/telnetd/utility.c
deleted file mode 100644
index e2f285aa1c59..000000000000
--- a/secure/libexec/telnetd/utility.c
+++ /dev/null
@@ -1,1202 +0,0 @@
-/*
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#)utility.c	8.4 (Berkeley) 5/30/95";
-#endif /* not lint */
-
-#ifdef __FreeBSD__
-#include <locale.h>
-#endif
-#define PRINTOPTIONS
-#include "telnetd.h"
-
-/*
- * utility functions performing io related tasks
- */
-
-/*
- * ttloop
- *
- *	A small subroutine to flush the network output buffer, get some data
- * from the network, and pass it through the telnet state machine.  We
- * also flush the pty input buffer (by dropping its data) if it becomes
- * too full.
- */
-
-    void
-ttloop()
-{
-    void netflush();
-
-    DIAG(TD_REPORT, {sprintf(nfrontp, "td: ttloop\r\n");
-		     nfrontp += strlen(nfrontp);});
-    if (nfrontp-nbackp) {
-	netflush();
-    }
-    ncc = read(net, netibuf, sizeof netibuf);
-    if (ncc < 0) {
-	syslog(LOG_INFO, "ttloop:  read: %m\n");
-	exit(1);
-    } else if (ncc == 0) {
-	syslog(LOG_INFO, "ttloop:  peer died: %m\n");
-	exit(1);
-    }
-    DIAG(TD_REPORT, {sprintf(nfrontp, "td: ttloop read %d chars\r\n", ncc);
-		     nfrontp += strlen(nfrontp);});
-    netip = netibuf;
-    telrcv();			/* state machine */
-    if (ncc > 0) {
-	pfrontp = pbackp = ptyobuf;
-	telrcv();
-    }
-}  /* end of ttloop */
-
-/*
- * Check a descriptor to see if out of band data exists on it.
- */
-    int
-stilloob(s)
-    int	s;		/* socket number */
-{
-    static struct timeval timeout = { 0 };
-    fd_set	excepts;
-    int value;
-
-    do {
-	FD_ZERO(&excepts);
-	FD_SET(s, &excepts);
-	value = select(s+1, (fd_set *)0, (fd_set *)0, &excepts, &timeout);
-    } while ((value == -1) && (errno == EINTR));
-
-    if (value < 0) {
-	fatalperror(pty, "select");
-    }
-    if (FD_ISSET(s, &excepts)) {
-	return 1;
-    } else {
-	return 0;
-    }
-}
-
-	void
-ptyflush()
-{
-	int n;
-
-	if ((n = pfrontp - pbackp) > 0) {
-		DIAG((TD_REPORT | TD_PTYDATA),
-			{ sprintf(nfrontp, "td: ptyflush %d chars\r\n", n);
-			  nfrontp += strlen(nfrontp); });
-		DIAG(TD_PTYDATA, printdata("pd", pbackp, n));
-		n = write(pty, pbackp, n);
-	}
-	if (n < 0) {
-		if (errno == EWOULDBLOCK || errno == EINTR)
-			return;
-		cleanup(0);
-	}
-	pbackp += n;
-	if (pbackp == pfrontp)
-		pbackp = pfrontp = ptyobuf;
-}
-
-/*
- * nextitem()
- *
- *	Return the address of the next "item" in the TELNET data
- * stream.  This will be the address of the next character if
- * the current address is a user data character, or it will
- * be the address of the character following the TELNET command
- * if the current address is a TELNET IAC ("I Am a Command")
- * character.
- */
-    char *
-nextitem(current)
-    char	*current;
-{
-    if ((*current&0xff) != IAC) {
-	return current+1;
-    }
-    switch (*(current+1)&0xff) {
-    case DO:
-    case DONT:
-    case WILL:
-    case WONT:
-	return current+3;
-    case SB:		/* loop forever looking for the SE */
-	{
-	    register char *look = current+2;
-
-	    for (;;) {
-		if ((*look++&0xff) == IAC) {
-		    if ((*look++&0xff) == SE) {
-			return look;
-		    }
-		}
-	    }
-	}
-    default:
-	return current+2;
-    }
-}  /* end of nextitem */
-
-
-/*
- * netclear()
- *
- *	We are about to do a TELNET SYNCH operation.  Clear
- * the path to the network.
- *
- *	Things are a bit tricky since we may have sent the first
- * byte or so of a previous TELNET command into the network.
- * So, we have to scan the network buffer from the beginning
- * until we are up to where we want to be.
- *
- *	A side effect of what we do, just to keep things
- * simple, is to clear the urgent data pointer.  The principal
- * caller should be setting the urgent data pointer AFTER calling
- * us in any case.
- */
-    void
-netclear()
-{
-    register char *thisitem, *next;
-    char *good;
-#define	wewant(p)	((nfrontp > p) && ((*p&0xff) == IAC) && \
-				((*(p+1)&0xff) != EC) && ((*(p+1)&0xff) != EL))
-
-#ifdef	ENCRYPTION
-    thisitem = nclearto > netobuf ? nclearto : netobuf;
-#else	/* ENCRYPTION */
-    thisitem = netobuf;
-#endif	/* ENCRYPTION */
-
-    while ((next = nextitem(thisitem)) <= nbackp) {
-	thisitem = next;
-    }
-
-    /* Now, thisitem is first before/at boundary. */
-
-#ifdef	ENCRYPTION
-    good = nclearto > netobuf ? nclearto : netobuf;
-#else	/* ENCRYPTION */
-    good = netobuf;	/* where the good bytes go */
-#endif	/* ENCRYPTION */
-
-    while (nfrontp > thisitem) {
-	if (wewant(thisitem)) {
-	    int length;
-
-	    next = thisitem;
-	    do {
-		next = nextitem(next);
-	    } while (wewant(next) && (nfrontp > next));
-	    length = next-thisitem;
-	    memmove(good, thisitem, length);
-	    good += length;
-	    thisitem = next;
-	} else {
-	    thisitem = nextitem(thisitem);
-	}
-    }
-
-    nbackp = netobuf;
-    nfrontp = good;		/* next byte to be sent */
-    neturg = 0;
-}  /* end of netclear */
-
-/*
- *  netflush
- *		Send as much data as possible to the network,
- *	handling requests for urgent data.
- */
-    void
-netflush()
-{
-    int n;
-    extern int not42;
-
-    if ((n = nfrontp - nbackp) > 0) {
-	DIAG(TD_REPORT,
-	    { sprintf(nfrontp, "td: netflush %d chars\r\n", n);
-	      n += strlen(nfrontp);  /* get count first */
-	      nfrontp += strlen(nfrontp);  /* then move pointer */
-	    });
-#ifdef	ENCRYPTION
-	if (encrypt_output) {
-		char *s = nclearto ? nclearto : nbackp;
-		if (nfrontp - s > 0) {
-			(*encrypt_output)((unsigned char *)s, nfrontp-s);
-			nclearto = nfrontp;
-		}
-	}
-#endif	/* ENCRYPTION */
-	/*
-	 * if no urgent data, or if the other side appears to be an
-	 * old 4.2 client (and thus unable to survive TCP urgent data),
-	 * write the entire buffer in non-OOB mode.
-	 */
-	if ((neturg == 0) || (not42 == 0)) {
-	    n = write(net, nbackp, n);	/* normal write */
-	} else {
-	    n = neturg - nbackp;
-	    /*
-	     * In 4.2 (and 4.3) systems, there is some question about
-	     * what byte in a sendOOB operation is the "OOB" data.
-	     * To make ourselves compatible, we only send ONE byte
-	     * out of band, the one WE THINK should be OOB (though
-	     * we really have more the TCP philosophy of urgent data
-	     * rather than the Unix philosophy of OOB data).
-	     */
-	    if (n > 1) {
-		n = send(net, nbackp, n-1, 0);	/* send URGENT all by itself */
-	    } else {
-		n = send(net, nbackp, n, MSG_OOB);	/* URGENT data */
-	    }
-	}
-    }
-    if (n < 0) {
-	if (errno == EWOULDBLOCK || errno == EINTR)
-		return;
-	cleanup(0);
-    }
-    nbackp += n;
-#ifdef	ENCRYPTION
-    if (nbackp > nclearto)
-	nclearto = 0;
-#endif	/* ENCRYPTION */
-    if (nbackp >= neturg) {
-	neturg = 0;
-    }
-    if (nbackp == nfrontp) {
-	nbackp = nfrontp = netobuf;
-#ifdef	ENCRYPTION
-	nclearto = 0;
-#endif	/* ENCRYPTION */
-    }
-    return;
-}  /* end of netflush */
-
-
-/*
- * writenet
- *
- * Just a handy little function to write a bit of raw data to the net.
- * It will force a transmit of the buffer if necessary
- *
- * arguments
- *    ptr - A pointer to a character string to write
- *    len - How many bytes to write
- */
-	void
-writenet(ptr, len)
-	register unsigned char *ptr;
-	register int len;
-{
-	/* flush buffer if no room for new data) */
-	if ((&netobuf[BUFSIZ] - nfrontp) < len) {
-		/* if this fails, don't worry, buffer is a little big */
-		netflush();
-	}
-
-	memmove(nfrontp, ptr, len);
-	nfrontp += len;
-
-}  /* end of writenet */
-
-
-/*
- * miscellaneous functions doing a variety of little jobs follow ...
- */
-
-
-	void
-fatal(f, msg)
-	int f;
-	char *msg;
-{
-	char buf[BUFSIZ];
-
-	(void) sprintf(buf, "telnetd: %s.\r\n", msg);
-#ifdef	ENCRYPTION
-	if (encrypt_output) {
-		/*
-		 * Better turn off encryption first....
-		 * Hope it flushes...
-		 */
-		encrypt_send_end();
-		netflush();
-	}
-#endif	/* ENCRYPTION */
-	(void) write(f, buf, (int)strlen(buf));
-	sleep(1);	/*XXX*/
-	exit(1);
-}
-
-	void
-fatalperror(f, msg)
-	int f;
-	char *msg;
-{
-	char buf[BUFSIZ], *strerror();
-
-	(void) sprintf(buf, "%s: %s", msg, strerror(errno));
-	fatal(f, buf);
-}
-
-char editedhost[32];
-
-	void
-edithost(pat, host)
-	register char *pat;
-	register char *host;
-{
-	register char *res = editedhost;
-	char *strncpy();
-
-	if (!pat)
-		pat = "";
-	while (*pat) {
-		switch (*pat) {
-
-		case '#':
-			if (*host)
-				host++;
-			break;
-
-		case '@':
-			if (*host)
-				*res++ = *host++;
-			break;
-
-		default:
-			*res++ = *pat;
-			break;
-		}
-		if (res == &editedhost[sizeof editedhost - 1]) {
-			*res = '\0';
-			return;
-		}
-		pat++;
-	}
-	if (*host)
-		(void) strncpy(res, host,
-				sizeof editedhost - (res - editedhost) -1);
-	else
-		*res = '\0';
-	editedhost[sizeof editedhost - 1] = '\0';
-}
-
-static char *putlocation;
-
-	void
-putstr(s)
-	register char *s;
-{
-
-	while (*s)
-		putchr(*s++);
-}
-
-	void
-putchr(cc)
-	int cc;
-{
-	*putlocation++ = cc;
-}
-
-#ifdef __FreeBSD__
-static char fmtstr[] = { "%+" };
-#else
-/*
- * This is split on two lines so that SCCS will not see the M
- * between two % signs and expand it...
- */
-static char fmtstr[] = { "%l:%M\
-%P on %A, %d %B %Y" };
-#endif
-
-	void
-putf(cp, where)
-	register char *cp;
-	char *where;
-{
-	char *slash;
-	time_t t;
-	char db[100];
-#ifdef	STREAMSPTY
-	extern char *strchr();
-#else
-	extern char *strrchr();
-#endif
-
-	putlocation = where;
-
-	while (*cp) {
-		if (*cp != '%') {
-			putchr(*cp++);
-			continue;
-		}
-		switch (*++cp) {
-
-		case 't':
-#ifdef	STREAMSPTY
-			/* names are like /dev/pts/2 -- we want pts/2 */
-			slash = strchr(line+1, '/');
-#else
-			slash = strrchr(line, '/');
-#endif
-			if (slash == (char *) 0)
-				putstr(line);
-			else
-				putstr(&slash[1]);
-			break;
-
-		case 'h':
-			putstr(editedhost);
-			break;
-
-		case 'd':
-#ifdef __FreeBSD__
-			setlocale(LC_TIME, "");
-#endif
-			(void)time(&t);
-			(void)strftime(db, sizeof(db), fmtstr, localtime(&t));
-			putstr(db);
-			break;
-
-		case '%':
-			putchr('%');
-			break;
-		}
-		cp++;
-	}
-}
-
-#ifdef DIAGNOSTICS
-/*
- * Print telnet options and commands in plain text, if possible.
- */
-	void
-printoption(fmt, option)
-	register char *fmt;
-	register int option;
-{
-	if (TELOPT_OK(option))
-		sprintf(nfrontp, "%s %s\r\n", fmt, TELOPT(option));
-	else if (TELCMD_OK(option))
-		sprintf(nfrontp, "%s %s\r\n", fmt, TELCMD(option));
-	else
-		sprintf(nfrontp, "%s %d\r\n", fmt, option);
-	nfrontp += strlen(nfrontp);
-	return;
-}
-
-    void
-printsub(direction, pointer, length)
-    char		direction;	/* '<' or '>' */
-    unsigned char	*pointer;	/* where suboption data sits */
-    int			length;		/* length of suboption data */
-{
-    register int i;
-    char buf[512];
-
-        if (!(diagnostic & TD_OPTIONS))
-		return;
-
-	if (direction) {
-	    sprintf(nfrontp, "td: %s suboption ",
-					direction == '<' ? "recv" : "send");
-	    nfrontp += strlen(nfrontp);
-	    if (length >= 3) {
-		register int j;
-
-		i = pointer[length-2];
-		j = pointer[length-1];
-
-		if (i != IAC || j != SE) {
-		    sprintf(nfrontp, "(terminated by ");
-		    nfrontp += strlen(nfrontp);
-		    if (TELOPT_OK(i))
-			sprintf(nfrontp, "%s ", TELOPT(i));
-		    else if (TELCMD_OK(i))
-			sprintf(nfrontp, "%s ", TELCMD(i));
-		    else
-			sprintf(nfrontp, "%d ", i);
-		    nfrontp += strlen(nfrontp);
-		    if (TELOPT_OK(j))
-			sprintf(nfrontp, "%s", TELOPT(j));
-		    else if (TELCMD_OK(j))
-			sprintf(nfrontp, "%s", TELCMD(j));
-		    else
-			sprintf(nfrontp, "%d", j);
-		    nfrontp += strlen(nfrontp);
-		    sprintf(nfrontp, ", not IAC SE!) ");
-		    nfrontp += strlen(nfrontp);
-		}
-	    }
-	    length -= 2;
-	}
-	if (length < 1) {
-	    sprintf(nfrontp, "(Empty suboption??\?)");
-	    nfrontp += strlen(nfrontp);
-	    return;
-	}
-	switch (pointer[0]) {
-	case TELOPT_TTYPE:
-	    sprintf(nfrontp, "TERMINAL-TYPE ");
-	    nfrontp += strlen(nfrontp);
-	    switch (pointer[1]) {
-	    case TELQUAL_IS:
-		sprintf(nfrontp, "IS \"%.*s\"", length-2, (char *)pointer+2);
-		break;
-	    case TELQUAL_SEND:
-		sprintf(nfrontp, "SEND");
-		break;
-	    default:
-		sprintf(nfrontp,
-				"- unknown qualifier %d (0x%x).",
-				pointer[1], pointer[1]);
-	    }
-	    nfrontp += strlen(nfrontp);
-	    break;
-	case TELOPT_TSPEED:
-	    sprintf(nfrontp, "TERMINAL-SPEED");
-	    nfrontp += strlen(nfrontp);
-	    if (length < 2) {
-		sprintf(nfrontp, " (empty suboption??\?)");
-		nfrontp += strlen(nfrontp);
-		break;
-	    }
-	    switch (pointer[1]) {
-	    case TELQUAL_IS:
-		sprintf(nfrontp, " IS %.*s", length-2, (char *)pointer+2);
-		nfrontp += strlen(nfrontp);
-		break;
-	    default:
-		if (pointer[1] == 1)
-		    sprintf(nfrontp, " SEND");
-		else
-		    sprintf(nfrontp, " %d (unknown)", pointer[1]);
-		nfrontp += strlen(nfrontp);
-		for (i = 2; i < length; i++) {
-		    sprintf(nfrontp, " ?%d?", pointer[i]);
-		    nfrontp += strlen(nfrontp);
-		}
-		break;
-	    }
-	    break;
-
-	case TELOPT_LFLOW:
-	    sprintf(nfrontp, "TOGGLE-FLOW-CONTROL");
-	    nfrontp += strlen(nfrontp);
-	    if (length < 2) {
-		sprintf(nfrontp, " (empty suboption??\?)");
-		nfrontp += strlen(nfrontp);
-		break;
-	    }
-	    switch (pointer[1]) {
-	    case LFLOW_OFF:
-		sprintf(nfrontp, " OFF"); break;
-	    case LFLOW_ON:
-		sprintf(nfrontp, " ON"); break;
-	    case LFLOW_RESTART_ANY:
-		sprintf(nfrontp, " RESTART-ANY"); break;
-	    case LFLOW_RESTART_XON:
-		sprintf(nfrontp, " RESTART-XON"); break;
-	    default:
-		sprintf(nfrontp, " %d (unknown)", pointer[1]);
-	    }
-	    nfrontp += strlen(nfrontp);
-	    for (i = 2; i < length; i++) {
-		sprintf(nfrontp, " ?%d?", pointer[i]);
-		nfrontp += strlen(nfrontp);
-	    }
-	    break;
-
-	case TELOPT_NAWS:
-	    sprintf(nfrontp, "NAWS");
-	    nfrontp += strlen(nfrontp);
-	    if (length < 2) {
-		sprintf(nfrontp, " (empty suboption??\?)");
-		nfrontp += strlen(nfrontp);
-		break;
-	    }
-	    if (length == 2) {
-		sprintf(nfrontp, " ?%d?", pointer[1]);
-		nfrontp += strlen(nfrontp);
-		break;
-	    }
-	    sprintf(nfrontp, " %d %d (%d)",
-		pointer[1], pointer[2],
-		(int)((((unsigned int)pointer[1])<<8)|((unsigned int)pointer[2])));
-	    nfrontp += strlen(nfrontp);
-	    if (length == 4) {
-		sprintf(nfrontp, " ?%d?", pointer[3]);
-		nfrontp += strlen(nfrontp);
-		break;
-	    }
-	    sprintf(nfrontp, " %d %d (%d)",
-		pointer[3], pointer[4],
-		(int)((((unsigned int)pointer[3])<<8)|((unsigned int)pointer[4])));
-	    nfrontp += strlen(nfrontp);
-	    for (i = 5; i < length; i++) {
-		sprintf(nfrontp, " ?%d?", pointer[i]);
-		nfrontp += strlen(nfrontp);
-	    }
-	    break;
-
-	case TELOPT_LINEMODE:
-	    sprintf(nfrontp, "LINEMODE ");
-	    nfrontp += strlen(nfrontp);
-	    if (length < 2) {
-		sprintf(nfrontp, " (empty suboption??\?)");
-		nfrontp += strlen(nfrontp);
-		break;
-	    }
-	    switch (pointer[1]) {
-	    case WILL:
-		sprintf(nfrontp, "WILL ");
-		goto common;
-	    case WONT:
-		sprintf(nfrontp, "WONT ");
-		goto common;
-	    case DO:
-		sprintf(nfrontp, "DO ");
-		goto common;
-	    case DONT:
-		sprintf(nfrontp, "DONT ");
-	    common:
-		nfrontp += strlen(nfrontp);
-		if (length < 3) {
-		    sprintf(nfrontp, "(no option??\?)");
-		    nfrontp += strlen(nfrontp);
-		    break;
-		}
-		switch (pointer[2]) {
-		case LM_FORWARDMASK:
-		    sprintf(nfrontp, "Forward Mask");
-		    nfrontp += strlen(nfrontp);
-		    for (i = 3; i < length; i++) {
-			sprintf(nfrontp, " %x", pointer[i]);
-			nfrontp += strlen(nfrontp);
-		    }
-		    break;
-		default:
-		    sprintf(nfrontp, "%d (unknown)", pointer[2]);
-		    nfrontp += strlen(nfrontp);
-		    for (i = 3; i < length; i++) {
-			sprintf(nfrontp, " %d", pointer[i]);
-			nfrontp += strlen(nfrontp);
-		    }
-		    break;
-		}
-		break;
-
-	    case LM_SLC:
-		sprintf(nfrontp, "SLC");
-		nfrontp += strlen(nfrontp);
-		for (i = 2; i < length - 2; i += 3) {
-		    if (SLC_NAME_OK(pointer[i+SLC_FUNC]))
-			sprintf(nfrontp, " %s", SLC_NAME(pointer[i+SLC_FUNC]));
-		    else
-			sprintf(nfrontp, " %d", pointer[i+SLC_FUNC]);
-		    nfrontp += strlen(nfrontp);
-		    switch (pointer[i+SLC_FLAGS]&SLC_LEVELBITS) {
-		    case SLC_NOSUPPORT:
-			sprintf(nfrontp, " NOSUPPORT"); break;
-		    case SLC_CANTCHANGE:
-			sprintf(nfrontp, " CANTCHANGE"); break;
-		    case SLC_VARIABLE:
-			sprintf(nfrontp, " VARIABLE"); break;
-		    case SLC_DEFAULT:
-			sprintf(nfrontp, " DEFAULT"); break;
-		    }
-		    nfrontp += strlen(nfrontp);
-		    sprintf(nfrontp, "%s%s%s",
-			pointer[i+SLC_FLAGS]&SLC_ACK ? "|ACK" : "",
-			pointer[i+SLC_FLAGS]&SLC_FLUSHIN ? "|FLUSHIN" : "",
-			pointer[i+SLC_FLAGS]&SLC_FLUSHOUT ? "|FLUSHOUT" : "");
-		    nfrontp += strlen(nfrontp);
-		    if (pointer[i+SLC_FLAGS]& ~(SLC_ACK|SLC_FLUSHIN|
-						SLC_FLUSHOUT| SLC_LEVELBITS)) {
-			sprintf(nfrontp, "(0x%x)", pointer[i+SLC_FLAGS]);
-			nfrontp += strlen(nfrontp);
-		    }
-		    sprintf(nfrontp, " %d;", pointer[i+SLC_VALUE]);
-		    nfrontp += strlen(nfrontp);
-		    if ((pointer[i+SLC_VALUE] == IAC) &&
-			(pointer[i+SLC_VALUE+1] == IAC))
-				i++;
-		}
-		for (; i < length; i++) {
-		    sprintf(nfrontp, " ?%d?", pointer[i]);
-		    nfrontp += strlen(nfrontp);
-		}
-		break;
-
-	    case LM_MODE:
-		sprintf(nfrontp, "MODE ");
-		nfrontp += strlen(nfrontp);
-		if (length < 3) {
-		    sprintf(nfrontp, "(no mode??\?)");
-		    nfrontp += strlen(nfrontp);
-		    break;
-		}
-		{
-		    char tbuf[32];
-		    sprintf(tbuf, "%s%s%s%s%s",
-			pointer[2]&MODE_EDIT ? "|EDIT" : "",
-			pointer[2]&MODE_TRAPSIG ? "|TRAPSIG" : "",
-			pointer[2]&MODE_SOFT_TAB ? "|SOFT_TAB" : "",
-			pointer[2]&MODE_LIT_ECHO ? "|LIT_ECHO" : "",
-			pointer[2]&MODE_ACK ? "|ACK" : "");
-		    sprintf(nfrontp, "%s", tbuf[1] ? &tbuf[1] : "0");
-		    nfrontp += strlen(nfrontp);
-		}
-		if (pointer[2]&~(MODE_EDIT|MODE_TRAPSIG|MODE_ACK)) {
-		    sprintf(nfrontp, " (0x%x)", pointer[2]);
-		    nfrontp += strlen(nfrontp);
-		}
-		for (i = 3; i < length; i++) {
-		    sprintf(nfrontp, " ?0x%x?", pointer[i]);
-		    nfrontp += strlen(nfrontp);
-		}
-		break;
-	    default:
-		sprintf(nfrontp, "%d (unknown)", pointer[1]);
-		nfrontp += strlen(nfrontp);
-		for (i = 2; i < length; i++) {
-		    sprintf(nfrontp, " %d", pointer[i]);
-		    nfrontp += strlen(nfrontp);
-		}
-	    }
-	    break;
-
-	case TELOPT_STATUS: {
-	    register char *cp;
-	    register int j, k;
-
-	    sprintf(nfrontp, "STATUS");
-	    nfrontp += strlen(nfrontp);
-
-	    switch (pointer[1]) {
-	    default:
-		if (pointer[1] == TELQUAL_SEND)
-		    sprintf(nfrontp, " SEND");
-		else
-		    sprintf(nfrontp, " %d (unknown)", pointer[1]);
-		nfrontp += strlen(nfrontp);
-		for (i = 2; i < length; i++) {
-		    sprintf(nfrontp, " ?%d?", pointer[i]);
-		    nfrontp += strlen(nfrontp);
-		}
-		break;
-	    case TELQUAL_IS:
-		sprintf(nfrontp, " IS\r\n");
-		nfrontp += strlen(nfrontp);
-
-		for (i = 2; i < length; i++) {
-		    switch(pointer[i]) {
-		    case DO:	cp = "DO"; goto common2;
-		    case DONT:	cp = "DONT"; goto common2;
-		    case WILL:	cp = "WILL"; goto common2;
-		    case WONT:	cp = "WONT"; goto common2;
-		    common2:
-			i++;
-			if (TELOPT_OK(pointer[i]))
-			    sprintf(nfrontp, " %s %s", cp, TELOPT(pointer[i]));
-			else
-			    sprintf(nfrontp, " %s %d", cp, pointer[i]);
-			nfrontp += strlen(nfrontp);
-
-			sprintf(nfrontp, "\r\n");
-			nfrontp += strlen(nfrontp);
-			break;
-
-		    case SB:
-			sprintf(nfrontp, " SB ");
-			nfrontp += strlen(nfrontp);
-			i++;
-			j = k = i;
-			while (j < length) {
-			    if (pointer[j] == SE) {
-				if (j+1 == length)
-				    break;
-				if (pointer[j+1] == SE)
-				    j++;
-				else
-				    break;
-			    }
-			    pointer[k++] = pointer[j++];
-			}
-			printsub(0, &pointer[i], k - i);
-			if (i < length) {
-			    sprintf(nfrontp, " SE");
-			    nfrontp += strlen(nfrontp);
-			    i = j;
-			} else
-			    i = j - 1;
-
-			sprintf(nfrontp, "\r\n");
-			nfrontp += strlen(nfrontp);
-
-			break;
-
-		    default:
-			sprintf(nfrontp, " %d", pointer[i]);
-			nfrontp += strlen(nfrontp);
-			break;
-		    }
-		}
-		break;
-	    }
-	    break;
-	  }
-
-	case TELOPT_XDISPLOC:
-	    sprintf(nfrontp, "X-DISPLAY-LOCATION ");
-	    nfrontp += strlen(nfrontp);
-	    switch (pointer[1]) {
-	    case TELQUAL_IS:
-		sprintf(nfrontp, "IS \"%.*s\"", length-2, (char *)pointer+2);
-		break;
-	    case TELQUAL_SEND:
-		sprintf(nfrontp, "SEND");
-		break;
-	    default:
-		sprintf(nfrontp, "- unknown qualifier %d (0x%x).",
-				pointer[1], pointer[1]);
-	    }
-	    nfrontp += strlen(nfrontp);
-	    break;
-
-	case TELOPT_NEW_ENVIRON:
-	    sprintf(nfrontp, "NEW-ENVIRON ");
-	    goto env_common1;
-	case TELOPT_OLD_ENVIRON:
-	    sprintf(nfrontp, "OLD-ENVIRON");
-	env_common1:
-	    nfrontp += strlen(nfrontp);
-	    switch (pointer[1]) {
-	    case TELQUAL_IS:
-		sprintf(nfrontp, "IS ");
-		goto env_common;
-	    case TELQUAL_SEND:
-		sprintf(nfrontp, "SEND ");
-		goto env_common;
-	    case TELQUAL_INFO:
-		sprintf(nfrontp, "INFO ");
-	    env_common:
-		nfrontp += strlen(nfrontp);
-		{
-		    register int noquote = 2;
-		    for (i = 2; i < length; i++ ) {
-			switch (pointer[i]) {
-			case NEW_ENV_VAR:
-			    sprintf(nfrontp, "\" VAR " + noquote);
-			    nfrontp += strlen(nfrontp);
-			    noquote = 2;
-			    break;
-
-			case NEW_ENV_VALUE:
-			    sprintf(nfrontp, "\" VALUE " + noquote);
-			    nfrontp += strlen(nfrontp);
-			    noquote = 2;
-			    break;
-
-			case ENV_ESC:
-			    sprintf(nfrontp, "\" ESC " + noquote);
-			    nfrontp += strlen(nfrontp);
-			    noquote = 2;
-			    break;
-
-			case ENV_USERVAR:
-			    sprintf(nfrontp, "\" USERVAR " + noquote);
-			    nfrontp += strlen(nfrontp);
-			    noquote = 2;
-			    break;
-
-			default:
-			def_case:
-			    if (isprint(pointer[i]) && pointer[i] != '"') {
-				if (noquote) {
-				    *nfrontp++ = '"';
-				    noquote = 0;
-				}
-				*nfrontp++ = pointer[i];
-			    } else {
-				sprintf(nfrontp, "\" %03o " + noquote,
-							pointer[i]);
-				nfrontp += strlen(nfrontp);
-				noquote = 2;
-			    }
-			    break;
-			}
-		    }
-		    if (!noquote)
-			*nfrontp++ = '"';
-		    break;
-		}
-	    }
-	    break;
-
-#if	defined(AUTHENTICATION)
-	case TELOPT_AUTHENTICATION:
-	    sprintf(nfrontp, "AUTHENTICATION");
-	    nfrontp += strlen(nfrontp);
-
-	    if (length < 2) {
-		sprintf(nfrontp, " (empty suboption??\?)");
-		nfrontp += strlen(nfrontp);
-		break;
-	    }
-	    switch (pointer[1]) {
-	    case TELQUAL_REPLY:
-	    case TELQUAL_IS:
-		sprintf(nfrontp, " %s ", (pointer[1] == TELQUAL_IS) ?
-							"IS" : "REPLY");
-		nfrontp += strlen(nfrontp);
-		if (AUTHTYPE_NAME_OK(pointer[2]))
-		    sprintf(nfrontp, "%s ", AUTHTYPE_NAME(pointer[2]));
-		else
-		    sprintf(nfrontp, "%d ", pointer[2]);
-		nfrontp += strlen(nfrontp);
-		if (length < 3) {
-		    sprintf(nfrontp, "(partial suboption??\?)");
-		    nfrontp += strlen(nfrontp);
-		    break;
-		}
-		sprintf(nfrontp, "%s|%s",
-			((pointer[3] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ?
-			"CLIENT" : "SERVER",
-			((pointer[3] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ?
-			"MUTUAL" : "ONE-WAY");
-		nfrontp += strlen(nfrontp);
-
-		auth_printsub(&pointer[1], length - 1, buf, sizeof(buf));
-		sprintf(nfrontp, "%s", buf);
-		nfrontp += strlen(nfrontp);
-		break;
-
-	    case TELQUAL_SEND:
-		i = 2;
-		sprintf(nfrontp, " SEND ");
-		nfrontp += strlen(nfrontp);
-		while (i < length) {
-		    if (AUTHTYPE_NAME_OK(pointer[i]))
-			sprintf(nfrontp, "%s ", AUTHTYPE_NAME(pointer[i]));
-		    else
-			sprintf(nfrontp, "%d ", pointer[i]);
-		    nfrontp += strlen(nfrontp);
-		    if (++i >= length) {
-			sprintf(nfrontp, "(partial suboption??\?)");
-			nfrontp += strlen(nfrontp);
-			break;
-		    }
-		    sprintf(nfrontp, "%s|%s ",
-			((pointer[i] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ?
-							"CLIENT" : "SERVER",
-			((pointer[i] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ?
-							"MUTUAL" : "ONE-WAY");
-		    nfrontp += strlen(nfrontp);
-		    ++i;
-		}
-		break;
-
-	    case TELQUAL_NAME:
-		i = 2;
-		sprintf(nfrontp, " NAME \"");
-		nfrontp += strlen(nfrontp);
-		while (i < length)
-		    *nfrontp += pointer[i++];
-		*nfrontp += '"';
-		break;
-
-	    default:
-		    for (i = 2; i < length; i++) {
-			sprintf(nfrontp, " ?%d?", pointer[i]);
-			nfrontp += strlen(nfrontp);
-		    }
-		    break;
-	    }
-	    break;
-#endif
-
-#ifdef	ENCRYPTION
-	case TELOPT_ENCRYPT:
-	    sprintf(nfrontp, "ENCRYPT");
-	    nfrontp += strlen(nfrontp);
-	    if (length < 2) {
-		sprintf(nfrontp, " (empty suboption??\?)");
-		nfrontp += strlen(nfrontp);
-		break;
-	    }
-	    switch (pointer[1]) {
-	    case ENCRYPT_START:
-		sprintf(nfrontp, " START");
-		nfrontp += strlen(nfrontp);
-		break;
-
-	    case ENCRYPT_END:
-		sprintf(nfrontp, " END");
-		nfrontp += strlen(nfrontp);
-		break;
-
-	    case ENCRYPT_REQSTART:
-		sprintf(nfrontp, " REQUEST-START");
-		nfrontp += strlen(nfrontp);
-		break;
-
-	    case ENCRYPT_REQEND:
-		sprintf(nfrontp, " REQUEST-END");
-		nfrontp += strlen(nfrontp);
-		break;
-
-	    case ENCRYPT_IS:
-	    case ENCRYPT_REPLY:
-		sprintf(nfrontp, " %s ", (pointer[1] == ENCRYPT_IS) ?
-							"IS" : "REPLY");
-		nfrontp += strlen(nfrontp);
-		if (length < 3) {
-		    sprintf(nfrontp, " (partial suboption??\?)");
-		    nfrontp += strlen(nfrontp);
-		    break;
-		}
-		if (ENCTYPE_NAME_OK(pointer[2]))
-		    sprintf(nfrontp, "%s ", ENCTYPE_NAME(pointer[2]));
-		else
-		    sprintf(nfrontp, " %d (unknown)", pointer[2]);
-		nfrontp += strlen(nfrontp);
-
-		encrypt_printsub(&pointer[1], length - 1, buf, sizeof(buf));
-		sprintf(nfrontp, "%s", buf);
-		nfrontp += strlen(nfrontp);
-		break;
-
-	    case ENCRYPT_SUPPORT:
-		i = 2;
-		sprintf(nfrontp, " SUPPORT ");
-		nfrontp += strlen(nfrontp);
-		while (i < length) {
-		    if (ENCTYPE_NAME_OK(pointer[i]))
-			sprintf(nfrontp, "%s ", ENCTYPE_NAME(pointer[i]));
-		    else
-			sprintf(nfrontp, "%d ", pointer[i]);
-		    nfrontp += strlen(nfrontp);
-		    i++;
-		}
-		break;
-
-	    case ENCRYPT_ENC_KEYID:
-		sprintf(nfrontp, " ENC_KEYID", pointer[1]);
-		nfrontp += strlen(nfrontp);
-		goto encommon;
-
-	    case ENCRYPT_DEC_KEYID:
-		sprintf(nfrontp, " DEC_KEYID", pointer[1]);
-		nfrontp += strlen(nfrontp);
-		goto encommon;
-
-	    default:
-		sprintf(nfrontp, " %d (unknown)", pointer[1]);
-		nfrontp += strlen(nfrontp);
-	    encommon:
-		for (i = 2; i < length; i++) {
-		    sprintf(nfrontp, " %d", pointer[i]);
-		    nfrontp += strlen(nfrontp);
-		}
-		break;
-	    }
-	    break;
-#endif	/* ENCRYPTION */
-
-	default:
-	    if (TELOPT_OK(pointer[0]))
-	        sprintf(nfrontp, "%s (unknown)", TELOPT(pointer[0]));
-	    else
-	        sprintf(nfrontp, "%d (unknown)", pointer[i]);
-	    nfrontp += strlen(nfrontp);
-	    for (i = 1; i < length; i++) {
-		sprintf(nfrontp, " %d", pointer[i]);
-		nfrontp += strlen(nfrontp);
-	    }
-	    break;
-	}
-	sprintf(nfrontp, "\r\n");
-	nfrontp += strlen(nfrontp);
-}
-
-/*
- * Dump a data buffer in hex and ascii to the output data stream.
- */
-	void
-printdata(tag, ptr, cnt)
-	register char *tag;
-	register char *ptr;
-	register int cnt;
-{
-	register int i;
-	char xbuf[30];
-
-	while (cnt) {
-		/* flush net output buffer if no room for new data) */
-		if ((&netobuf[BUFSIZ] - nfrontp) < 80) {
-			netflush();
-		}
-
-		/* add a line of output */
-		sprintf(nfrontp, "%s: ", tag);
-		nfrontp += strlen(nfrontp);
-		for (i = 0; i < 20 && cnt; i++) {
-			sprintf(nfrontp, "%02x", *ptr);
-			nfrontp += strlen(nfrontp);
-			if (isprint(*ptr)) {
-				xbuf[i] = *ptr;
-			} else {
-				xbuf[i] = '.';
-			}
-			if (i % 2) {
-				*nfrontp = ' ';
-				nfrontp++;
-			}
-			cnt--;
-			ptr++;
-		}
-		xbuf[i] = '\0';
-		sprintf(nfrontp, " %s\r\n", xbuf );
-		nfrontp += strlen(nfrontp);
-	}
-}
-#endif /* DIAGNOSTICS */
diff --git a/secure/usr.bin/Makefile b/secure/usr.bin/Makefile
deleted file mode 100644
index 94e0a3d8a7a8..000000000000
--- a/secure/usr.bin/Makefile
+++ /dev/null
@@ -1,6 +0,0 @@
-#	$Id$
-
-SUBDIR= bdes
-
-.include <bsd.subdir.mk>
-
diff --git a/secure/usr.bin/Makefile.inc b/secure/usr.bin/Makefile.inc
deleted file mode 100644
index e09ccebf3f5d..000000000000
--- a/secure/usr.bin/Makefile.inc
+++ /dev/null
@@ -1,4 +0,0 @@
-#	$Id: Makefile.inc,v 1.1 1994/09/07 07:16:50 pst Exp $
-
-BINDIR=	/usr/bin
-.include "${.CURDIR}/../../Makefile.inc"
diff --git a/secure/usr.bin/bdes/Makefile b/secure/usr.bin/bdes/Makefile
deleted file mode 100644
index 0878ccc72b3a..000000000000
--- a/secure/usr.bin/bdes/Makefile
+++ /dev/null
@@ -1,16 +0,0 @@
-#	@(#)Makefile	8.1 (Berkeley) 6/6/93
-#	$Id$
-
-PROG=	bdes
-SRCS=	bdes.c
-
-.if exists(${.CURDIR}/../../lib/libcipher/obj)
-LDFLAGS+= -L${.CURDIR}/../../lib/libcipher/obj
-.else
-LDFLAGS+= -L${.CURDIR}/../../lib/libcipher
-.endif
-
-LDADD+= -lcipher
-DPADD+= libcipher.a
-
-.include <bsd.prog.mk>
diff --git a/secure/usr.bin/bdes/bdes.1 b/secure/usr.bin/bdes/bdes.1
deleted file mode 100644
index 48179fda7624..000000000000
--- a/secure/usr.bin/bdes/bdes.1
+++ /dev/null
@@ -1,304 +0,0 @@
-.\" Copyright (c) 1991, 1993
-.\"	The Regents of the University of California.  All rights reserved.
-.\"
-.\" This code is derived from software contributed to Berkeley by
-.\" Matt Bishop of Dartmouth College.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\"    must display the following acknowledgement:
-.\"	This product includes software developed by the University of
-.\"	California, Berkeley and its contributors.
-.\" 4. Neither the name of the University nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\"	@(#)bdes.1	8.1 (Berkeley) 6/29/93
-.\"
-.TH BDES 1 "June 29, 1993"
-.UC 6
-.SH NAME
-bdes \- encrypt/decrypt using the Data Encryption Standard
-.SH SYNOPSIS
-.nf
-.ft B
-bdes [ \-abdp ] [ \-F N ] [ \-f N ] [ \-k key ]
-.ti +5
-[ \-m N ] [ \-o N ] [ \-v vector ]
-.ft R
-.fi
-.SH DESCRIPTION
-.I Bdes
-implements all DES modes of operation described in FIPS PUB 81, 
-including alternative cipher feedback mode and both authentication
-modes.
-.I Bdes
-reads from the standard input and writes to the standard output.
-By default, the input is encrypted using cipher block chaining mode.
-Using the same key for encryption and decryption preserves plain text.
-.PP
-All modes but the electronic code book mode require an initialization
-vector; if none is supplied, the zero vector is used.
-If no
-.I key
-is specified on the command line, the user is prompted for one (see
-.IR getpass (3)
-for more details).
-.PP
-The options are as follows:
-.TP
-\-a
-The key and initialization vector strings are to be taken as ASCII,
-suppressing the special interpretation given to leading ``0X'', ``0x'',
-``0B'', and ``0b'' characters.
-This flag applies to
-.I both
-the key and initialization vector.
-.TP
-\-b
-Use electronic code book mode.
-.TP
-\-d
-Decrypt the input.
-.TP
-\-F
-Use
-.IR N -bit
-alternative cipher feedback mode.
-Currently
-.I N
-must be a multiple of 7 between 7 and 56 inclusive (this does not conform
-to the alternative CFB mode specification).
-.TP
-\-f
-Use
-.IR N -bit
-cipher feedback mode.
-Currently
-.I N
-must be a multiple of 8 between 8 and 64 inclusive (this does not conform
-to the standard CFB mode specification).
-.TP
-\-k
-Use
-.I key
-as the cryptographic key.
-.TP
-\-m
-Compute a message authentication code (MAC) of
-.I N
-bits on the input.
-The value of
-.I N
-must be between 1 and 64 inclusive; if
-.I N
-is not a multiple of 8, enough 0 bits will be added to pad the MAC length
-to the nearest multiple of 8.
-Only the MAC is output.
-MACs are only available in cipher block chaining mode or in cipher feedback
-mode.
-.TP
-\-o
-Use
-.IR N -bit
-output feedback mode.
-Currently
-.I N
-must be a multiple of 8 between 8 and 64 inclusive (this does not conform
-to the OFB mode specification).
-.TP
-\-p
-Disable the resetting of the parity bit.
-This flag forces the parity bit of the key to be used as typed, rather than
-making each character be of odd parity.
-It is used only if the key is given in ASCII.
-.TP
-\-v
-Set the initialization vector to
-.IR vector ;
-the vector is interpreted in the same way as the key.
-The vector is ignored in electronic codebook mode.
-.PP
-The key and initialization vector are taken as sequences of ASCII
-characters which are then mapped into their bit representations.
-If either begins with ``0X'' or ``0x'',
-that one is taken as a sequence of hexadecimal digits indicating the
-bit pattern;
-if either begins with ``0B'' or ``0b'',
-that one is taken as a sequence of binary digits indicating the bit pattern.
-In either case,
-only the leading 64 bits of the key or initialization vector
-are used,
-and if fewer than 64 bits are provided, enough 0 bits are appended
-to pad the key to 64 bits.
-.PP
-According to the DES standard, the low-order bit of each character in the
-key string is deleted.
-Since most ASCII representations set the high-order bit to 0, simply
-deleting the low-order bit effectively reduces the size of the key space
-from 2\u\s-356\s0\d to 2\u\s-348\s0\d keys.
-To prevent this, the high-order bit must be a function depending in part
-upon the low-order bit; so, the high-order bit is set to whatever value
-gives odd parity.
-This preserves the key space size.
-Note this resetting of the parity bit is
-.I not
-done if the key is given in binary or hex, and can be disabled for ASCII
-keys as well.
-.PP
-The DES is considered a very strong cryptosystem, and other than table lookup
-attacks, key search attacks, and Hellman's time-memory tradeoff (all of which
-are very expensive and time-consuming), no cryptanalytic methods for breaking
-the DES are known in the open literature.
-No doubt the choice of keys and key security are the most vulnerable aspect
-of
-.IR bdes .
-.SH IMPLEMENTATION NOTES
-For implementors wishing to write software compatible with this program,
-the following notes are provided.
-This software is believed to be compatible with the implementation of the
-data encryption standard distributed by Sun Microsystems, Inc.
-.PP
-In the ECB and CBC modes, plaintext is encrypted in units of 64 bits (8 bytes,
-also called a block).
-To ensure that the plaintext file is encrypted correctly,
-.I bdes
-will (internally) append from 1 to 8 bytes, the last byte containing an
-integer stating how many bytes of that final block are from the plaintext
-file, and encrypt the resulting block.
-Hence, when decrypting, the last block may contain from 0 to 7 characters
-present in the plaintext file, and the last byte tells how many.
-Note that if during decryption the last byte of the file does not contain an
-integer between 0 and 7, either the file has been corrupted or an incorrect
-key has been given.
-A similar mechanism is used for the OFB and CFB modes, except that those
-simply require the length of the input to be a multiple of the mode size,
-and the final byte contains an integer between 0 and one less than the number
-of bytes being used as the mode.
-(This was another reason that the mode size must be a multiple of 8 for those
-modes.)
-.PP
-Unlike Sun's implementation, unused bytes of that last block are not filled
-with random data, but instead contain what was in those byte positions in
-the preceding block.
-This is quicker and more portable, and does not weaken the encryption
-significantly.
-.PP
-If the key is entered in ASCII, the parity bits of the key characters are set
-so that each key character is of odd parity.
-Unlike Sun's implementation, it is possible to enter binary or hexadecimal
-keys on the command line, and if this is done, the parity bits are
-.I not
-reset.
-This allows testing using arbitrary bit patterns as keys.
-.PP
-The Sun implementation always uses an initialization vector of 0
-(that is, all zeroes).
-By default,
-.I bdes
-does too, but this may be changed from the command line.
-.SH SEE ALSO
-crypt(3), getpass(3)
-.sp
-.IR "Data Encryption Standard" ,
-Federal Information Processing Standard #46,
-National Bureau of Standards,
-U.S. Department of Commerce,
-Washington DC
-(Jan. 1977)
-.sp
-.IR "DES Modes of Operation" ,
-Federal Information Processing Standard #81,
-National Bureau of Standards,
-U.S. Department of Commerce
-Washington DC
-(Dec. 1980)
-.sp
-Dorothy Denning,
-.IR "Cryptography and Data Security" ,
-Addison-Wesley Publishing Co.,
-Reading, MA
-\(co1982.
-.sp
-Matt Bishop,
-.IR "Implementation Notes on bdes(1)" ,
-Technical Report PCS-TR-91-158,
-Department of Mathematics and Computer Science,
-Dartmouth College,
-Hanover, NH  03755
-(Apr. 1991).
-.SH DISCLAIMER
-.nf
-THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGE.
-.fi
-.SH BUGS
-There is a controversy raging over whether the DES will still be secure
-in a few years.
-The advent of special-purpose hardware could reduce the cost of any of the
-methods of attack named above so that they are no longer computationally
-infeasible.
-.PP
-As the key or key schedule is stored in memory, the encryption can be
-compromised if memory is readable.
-Additionally, programs which display programs' arguments may compromise the
-key and initialization vector, if they are specified on the command line.
-To avoid this
-.I bdes
-overwrites its arguments, however, the obvious race cannot currently be
-avoided.
-.PP
-Certain specific keys should be avoided because they introduce potential
-weaknesses; these keys, called the
-.I weak
-and
-.I semiweak
-keys, are (in hex notation, where p is either 0 or 1, and P is either
-e or f):
-.sp
-.nf
-.in +10n
-.ta \w'0x0p0p0p0p0p0p0p0p\0\0\0'u+5n
-0x0p0p0p0p0p0p0p0p	0x0p1P0p1P0p0P0p0P
-0x0pep0pep0pfp0pfp	0x0pfP0pfP0pfP0pfP
-0x1P0p1P0p0P0p0P0p	0x1P1P1P1P0P0P0P0P
-0x1Pep1Pep0Pfp0Pfp	0x1PfP1PfP0PfP0PfP
-0xep0pep0pfp0pfp0p	0xep1Pep1pfp0Pfp0P
-0xepepepepepepepep	0xepfPepfPfpfPfpfP
-0xfP0pfP0pfP0pfP0p	0xfP1PfP1PfP0PfP0P
-0xfPepfPepfPepfPep	0xfPfPfPfPfPfPfPfP
-.fi
-.in -10n
-.sp
-This is inherent in the DES algorithm (see Moore and Simmons,
-\*(LqCycle structure of the DES with weak and semi-weak keys,\*(Rq
-.I "Advances in Cryptology \- Crypto '86 Proceedings" ,
-Springer-Verlag New York, \(co1987, pp. 9-32.)
diff --git a/secure/usr.bin/bdes/bdes.c b/secure/usr.bin/bdes/bdes.c
deleted file mode 100644
index 257d54968953..000000000000
--- a/secure/usr.bin/bdes/bdes.c
+++ /dev/null
@@ -1,1046 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * This code is derived from software contributed to Berkeley by
- * Matt Bishop of Dartmouth College.
- *
- * The United States Government has rights in this work pursuant
- * to contract no. NAG 2-680 between the National Aeronautics and
- * Space Administration and Dartmouth College.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static char copyright[] =
-"@(#) Copyright (c) 1991, 1993\n\
-	The Regents of the University of California.  All rights reserved.\n";
-#endif /* not lint */
-
-#ifndef lint
-static char sccsid[] = "@(#)bdes.c	8.1 (Berkeley) 6/6/93";
-#endif /* not lint */
-
-/*
- * BDES -- DES encryption package for Berkeley Software Distribution 4.4
- * options:
- *	-a	key is in ASCII
- *	-b	use ECB (electronic code book) mode
- *	-d	invert (decrypt) input
- *	-f b	use b-bit CFB (cipher feedback) mode
- *	-F b	use b-bit CFB (cipher feedback) alternative mode
- *	-k key	use key as the cryptographic key
- *	-m b	generate a MAC of length b
- *	-o b	use b-bit OFB (output feedback) mode
- *	-p	don't reset the parity bit
- *	-v v	use v as the initialization vector (ignored for ECB)
- * note: the last character of the last block is the integer indicating
- * how many characters of that block are to be output
- *
- * Author: Matt Bishop
- *	   Department of Mathematics and Computer Science
- *	   Dartmouth College
- *	   Hanover, NH  03755
- * Email:  Matt.Bishop@dartmouth.edu
- *	   ...!decvax!dartvax!Matt.Bishop
- *
- * See Technical Report PCS-TR91-158, Department of Mathematics and Computer
- * Science, Dartmouth College, for a detailed description of the implemen-
- * tation and differences between it and Sun's.  The DES is described in
- * FIPS PUB 46, and the modes in FIPS PUB 81 (see either the manual page
- * or the technical report for a complete reference).
- */
-
-#include <errno.h>
-#include <unistd.h>
-#include <stdio.h>
-#include <ctype.h>
-#include <stdlib.h>
-#include <string.h>
-
-/*
- * BSD and System V systems offer special library calls that do
- * block moves and fills, so if possible we take advantage of them
- */
-#define	MEMCPY(dest,src,len)	bcopy((src),(dest),(len))
-#define	MEMZERO(dest,len)	bzero((dest),(len))
-
-/* Hide the calls to the primitive encryption routines. */
-#define	FASTWAY
-#ifdef	FASTWAY
-#define	DES_KEY(buf) \
-	if (des_setkey(buf)) \
-		err("des_setkey", 0);
-#define	DES_XFORM(buf) \
-	if (des_cipher(buf, buf, 0L, (inverse ? -1 : 1))) \
-		err("des_cipher", 0);
-#else
-#define	DES_KEY(buf)	{						\
-				char bits1[64];	/* bits of key */	\
-				expand(buf, bits1);			\
-				if (setkey(bits1))			\
-					err("setkey", 0);		\
-			}
-#define	DES_XFORM(buf)	{						\
-				char bits1[64];	/* bits of message */	\
-				expand(buf, bits1);			\
-				if (encrypt(bits1, inverse))		\
-					err("encrypt", 0);		\
-				compress(bits1, buf);			\
-			}
-#endif
-
-/*
- * this does an error-checking write
- */
-#define	READ(buf, n)	fread(buf, sizeof(char), n, stdin)
-#define WRITE(buf,n)						\
-		if (fwrite(buf, sizeof(char), n, stdout) != n)	\
-			err(bn, NULL);
-
-/*
- * some things to make references easier
- */
-typedef char Desbuf[8];
-#define	CHAR(x,i)	(x[i])
-#define	UCHAR(x,i)	(x[i])
-#define	BUFFER(x)	(x)
-#define	UBUFFER(x)	(x)
-
-/*
- * global variables and related macros
- */
-#define KEY_DEFAULT		0	/* interpret radix of key from key */
-#define KEY_ASCII		1	/* key is in ASCII characters */
-int keybase = KEY_DEFAULT;		/* how to interpret the key */
-
-enum { 					/* encrypt, decrypt, authenticate */
-	MODE_ENCRYPT, MODE_DECRYPT, MODE_AUTHENTICATE
-} mode = MODE_ENCRYPT;
-enum {					/* ecb, cbc, cfb, cfba, ofb? */
-	ALG_ECB, ALG_CBC, ALG_CFB, ALG_OFB, ALG_CFBA
-} alg = ALG_CBC;
-
-Desbuf ivec;				/* initialization vector */
-char bits[] = {				/* used to extract bits from a char */
-	'\200', '\100', '\040', '\020', '\010', '\004', '\002', '\001'
-};
-int inverse;				/* 0 to encrypt, 1 to decrypt */
-int macbits = -1;			/* number of bits in authentication */
-int fbbits = -1;			/* number of feedback bits */
-int pflag;				/* 1 to preserve parity bits */
-
-main(ac, av)
-	int ac;				/* arg count */
-	char **av;			/* arg vector */
-{
-	extern int optind;		/* option (argument) number */
-	extern char *optarg;		/* argument to option if any */
-	register int i;			/* counter in a for loop */
-	register char *p;		/* used to obtain the key */
-	Desbuf msgbuf;			/* I/O buffer */
-	int kflag;			/* command-line encryptiooon key */
-	int argc;			/* the real arg count */
-	char **argv;			/* the real argument vector */
-
-	/*
-	 * Hide the arguments from ps(1) by making private copies of them
-	 * and clobbering the global (visible to ps(1)) ones.
-	 */
-	argc = ac;
-	ac = 1;
-	argv = malloc((argc + 1) * sizeof(char *));
-	for (i = 0; i < argc; ++i) {
-		argv[i] = strdup(av[i]);
-		MEMZERO(av[i], strlen(av[i]));
-	}
-	argv[argc] = NULL;
-
-	/* initialize the initialization vctor */
-	MEMZERO(ivec, 8);
-
-	/* process the argument list */
-	kflag = 0;
-	while ((i = getopt(argc, argv, "abdF:f:k:m:o:pv:")) != EOF)
-		switch(i) {
-		case 'a':		/* key is ASCII */
-			keybase = KEY_ASCII;
-			break;
-		case 'b':		/* use ECB mode */
-			alg = ALG_ECB;
-			break;
-		case 'd':		/* decrypt */
-			mode = MODE_DECRYPT;
-			break;
-		case 'F':		/* use alternative CFB mode */
-			alg = ALG_CFBA;
-			if ((fbbits = setbits(optarg, 7)) > 56 || fbbits == 0)
-				err(-1, "-F: number must be 1-56 inclusive");
-			else if (fbbits == -1)
-				err(-1, "-F: number must be a multiple of 7");
-			break;
-		case 'f':		/* use CFB mode */
-			alg = ALG_CFB;
-			if ((fbbits = setbits(optarg, 8)) > 64 || fbbits == 0)
-				err(-1, "-f: number must be 1-64 inclusive");
-			else if (fbbits == -1)
-				err(-1, "-f: number must be a multiple of 8");
-			break;
-		case 'k':		/* encryption key */
-			kflag = 1;
-			cvtkey(BUFFER(msgbuf), optarg);
-			break;
-		case 'm':		/* number of bits for MACing */
-			mode = MODE_AUTHENTICATE;
-			if ((macbits = setbits(optarg, 1)) > 64)
-				err(-1, "-m: number must be 0-64 inclusive");
-			break;
-		case 'o':		/* use OFB mode */
-			alg = ALG_OFB;
-			if ((fbbits = setbits(optarg, 8)) > 64 || fbbits == 0)
-				err(-1, "-o: number must be 1-64 inclusive");
-			else if (fbbits == -1)
-				err(-1, "-o: number must be a multiple of 8");
-			break;
-		case 'p':		/* preserve parity bits */
-			pflag = 1;
-			break;
-		case 'v':		/* set initialization vector */
-			cvtkey(BUFFER(ivec), optarg);
-			break;
-		default:		/* error */
-			usage();
-		}
-
-	if (!kflag) {
-		/*
-		 * if the key's not ASCII, assume it is
-		 */
-		keybase = KEY_ASCII;
-		/*
-		 * get the key
-		 */
-		p = getpass("Enter key: ");
-		/*
-		 * copy it, nul-padded, into the key area
-		 */
-		cvtkey(BUFFER(msgbuf), p);
-	}
-
-	makekey(msgbuf);
-	inverse = (alg == ALG_CBC || alg == ALG_ECB) && mode == MODE_DECRYPT;
-
-	switch(alg) {
-	case ALG_CBC:
-		switch(mode) {
-		case MODE_AUTHENTICATE:	/* authenticate using CBC mode */
-			cbcauth();
-			break;
-		case MODE_DECRYPT:	/* decrypt using CBC mode */
-			cbcdec();
-			break;
-		case MODE_ENCRYPT:	/* encrypt using CBC mode */
-			cbcenc();
-			break;
-		}
-		break;
-	case ALG_CFB:
-		switch(mode) {
-		case MODE_AUTHENTICATE:	/* authenticate using CFB mode */
-			cfbauth();
-			break;
-		case MODE_DECRYPT:	/* decrypt using CFB mode */
-			cfbdec();
-			break;
-		case MODE_ENCRYPT:	/* encrypt using CFB mode */
-			cfbenc();
-			break;
-		}
-		break;
-	case ALG_CFBA:
-		switch(mode) {
-		case MODE_AUTHENTICATE:	/* authenticate using CFBA mode */
-			err(-1, "can't authenticate with CFBA mode");
-			break;
-		case MODE_DECRYPT:	/* decrypt using CFBA mode */
-			cfbadec();
-			break;
-		case MODE_ENCRYPT:	/* encrypt using CFBA mode */
-			cfbaenc();
-			break;
-		}
-		break;
-	case ALG_ECB:
-		switch(mode) {
-		case MODE_AUTHENTICATE:	/* authenticate using ECB mode */
-			err(-1, "can't authenticate with ECB mode");
-			break;
-		case MODE_DECRYPT:	/* decrypt using ECB mode */
-			ecbdec();
-			break;
-		case MODE_ENCRYPT:	/* encrypt using ECB mode */
-			ecbenc();
-			break;
-		}
-		break;
-	case ALG_OFB:
-		switch(mode) {
-		case MODE_AUTHENTICATE:	/* authenticate using OFB mode */
-			err(-1, "can't authenticate with OFB mode");
-			break;
-		case MODE_DECRYPT:	/* decrypt using OFB mode */
-			ofbdec();
-			break;
-		case MODE_ENCRYPT:	/* encrypt using OFB mode */
-			ofbenc();
-			break;
-		}
-		break;
-	}
-	exit(0);
-}
-
-/*
- * print a warning message and, possibly, terminate
- */
-err(n, s)
-	int n;			/* offending block number */
-	char *s;		/* the message */
-{
-	if (n > 0)
-		(void)fprintf(stderr, "bdes (block %d): ", n);
-	else
-		(void)fprintf(stderr, "bdes: ");
-	(void)fprintf(stderr, "%s\n", s ? s : strerror(errno));
-	exit(1);
-}
-
-/*
- * map a hex character to an integer
- */
-tobinhex(c, radix)
-	char c;			/* char to be converted */
-	int radix;		/* base (2 to 16) */
-{
-	switch(c) {
-	case '0':		return(0x0);
-	case '1':		return(0x1);
-	case '2':		return(radix > 2 ? 0x2 : -1);
-	case '3':		return(radix > 3 ? 0x3 : -1);
-	case '4':		return(radix > 4 ? 0x4 : -1);
-	case '5':		return(radix > 5 ? 0x5 : -1);
-	case '6':		return(radix > 6 ? 0x6 : -1);
-	case '7':		return(radix > 7 ? 0x7 : -1);
-	case '8':		return(radix > 8 ? 0x8 : -1);
-	case '9':		return(radix > 9 ? 0x9 : -1);
-	case 'A': case 'a':	return(radix > 10 ? 0xa : -1);
-	case 'B': case 'b':	return(radix > 11 ? 0xb : -1);
-	case 'C': case 'c':	return(radix > 12 ? 0xc : -1);
-	case 'D': case 'd':	return(radix > 13 ? 0xd : -1);
-	case 'E': case 'e':	return(radix > 14 ? 0xe : -1);
-	case 'F': case 'f':	return(radix > 15 ? 0xf : -1);
-	}
-	/*
-	 * invalid character
-	 */
-	return(-1);
-}
-
-/*
- * convert the key to a bit pattern
- */
-cvtkey(obuf, ibuf)
-	char *obuf;			/* bit pattern */
-	char *ibuf;			/* the key itself */
-{
-	register int i, j;		/* counter in a for loop */
-	int nbuf[64];			/* used for hex/key translation */
-
-	/*
-	 * just switch on the key base
-	 */
-	switch(keybase) {
-	case KEY_ASCII:			/* ascii to integer */
-		(void)strncpy(obuf, ibuf, 8);
-		return;
-	case KEY_DEFAULT:		/* tell from context */
-		/*
-		 * leading '0x' or '0X' == hex key
-		 */
-		if (ibuf[0] == '0' && (ibuf[1] == 'x' || ibuf[1] == 'X')) {
-			ibuf = &ibuf[2];
-			/*
-			 * now translate it, bombing on any illegal hex digit
-			 */
-			for (i = 0; ibuf[i] && i < 16; i++)
-				if ((nbuf[i] = tobinhex(ibuf[i], 16)) == -1)
-					err(-1, "bad hex digit in key");
-			while (i < 16)
-				nbuf[i++] = 0;
-			for (i = 0; i < 8; i++)
-				obuf[i] =
-				    ((nbuf[2*i]&0xf)<<4) | (nbuf[2*i+1]&0xf);
-			/* preserve parity bits */
-			pflag = 1;
-			return;
-		}
-		/*
-		 * leading '0b' or '0B' == binary key
-		 */
-		if (ibuf[0] == '0' && (ibuf[1] == 'b' || ibuf[1] == 'B')) {
-			ibuf = &ibuf[2];
-			/*
-			 * now translate it, bombing on any illegal binary digit
-			 */
-			for (i = 0; ibuf[i] && i < 16; i++)
-				if ((nbuf[i] = tobinhex(ibuf[i], 2)) == -1)
-					err(-1, "bad binary digit in key");
-			while (i < 64)
-				nbuf[i++] = 0;
-			for (i = 0; i < 8; i++)
-				for (j = 0; j < 8; j++)
-					obuf[i] = (obuf[i]<<1)|nbuf[8*i+j];
-			/* preserve parity bits */
-			pflag = 1;
-			return;
-		}
-		/*
-		 * no special leader -- ASCII
-		 */
-		(void)strncpy(obuf, ibuf, 8);
-	}
-}
-
-/*
- * convert an ASCII string into a decimal number:
- * 1. must be between 0 and 64 inclusive
- * 2. must be a valid decimal number
- * 3. must be a multiple of mult
- */
-setbits(s, mult)
-	char *s;			/* the ASCII string */
-	int mult;			/* what it must be a multiple of */
-{
-	register char *p;		/* pointer in a for loop */
-	register int n = 0;		/* the integer collected */
-
-	/*
-	 * skip white space
-	 */
-	while (isspace(*s))
-		s++;
-	/*
-	 * get the integer
-	 */
-	for (p = s; *p; p++) {
-		if (isdigit(*p))
-			n = n * 10 + *p - '0';
-		else {
-			err(-1, "bad decimal digit in MAC length");
-		}
-	}
-	/*
-	 * be sure it's a multiple of mult
-	 */
-	return((n % mult != 0) ? -1 : n);
-}
-
-/*****************
- * DES FUNCTIONS *
- *****************/
-/*
- * This sets the DES key and (if you're using the deszip version)
- * the direction of the transformation.  This uses the Sun
- * to map the 64-bit key onto the 56 bits that the key schedule
- * generation routines use: the old way, which just uses the user-
- * supplied 64 bits as is, and the new way, which resets the parity
- * bit to be the same as the low-order bit in each character.  The
- * new way generates a greater variety of key schedules, since many
- * systems set the parity (high) bit of each character to 0, and the
- * DES ignores the low order bit of each character.
- */
-makekey(buf)
-	Desbuf buf;				/* key block */
-{
-	register int i, j;			/* counter in a for loop */
-	register int par;			/* parity counter */
-
-	/*
-	 * if the parity is not preserved, flip it
-	 */
-	if (!pflag) {
-		for (i = 0; i < 8; i++) {
-			par = 0;
-			for (j = 1; j < 8; j++)
-				if ((bits[j]&UCHAR(buf, i)) != 0)
-					par++;
-			if ((par&01) == 01)
-				UCHAR(buf, i) = UCHAR(buf, i)&0177;
-			else
-				UCHAR(buf, i) = (UCHAR(buf, i)&0177)|0200;
-		}
-	}
-
-	DES_KEY(UBUFFER(buf));
-}
-
-/*
- * This encrypts using the Electronic Code Book mode of DES
- */
-ecbenc()
-{
-	register int n;		/* number of bytes actually read */
-	register int bn;	/* block number */
-	Desbuf msgbuf;		/* I/O buffer */
-
-	for (bn = 0; (n = READ(BUFFER(msgbuf),  8)) == 8; bn++) {
-		/*
-		 * do the transformation
-		 */
-		DES_XFORM(UBUFFER(msgbuf));
-		WRITE(BUFFER(msgbuf), 8);
-	}
-	/*
-	 * at EOF or last block -- in either ase, the last byte contains
-	 * the character representation of the number of bytes in it
-	 */
-	bn++;
-	MEMZERO(&CHAR(msgbuf, n), 8 - n);
-	CHAR(msgbuf, 7) = n;
-	DES_XFORM(UBUFFER(msgbuf));
-	WRITE(BUFFER(msgbuf), 8);
-
-}
-
-/*
- * This decrypts using the Electronic Code Book mode of DES
- */
-ecbdec()
-{
-	register int n;		/* number of bytes actually read */
-	register int c;		/* used to test for EOF */
-	register int bn;	/* block number */
-	Desbuf msgbuf;		/* I/O buffer */
-
-	for (bn = 1; (n = READ(BUFFER(msgbuf), 8)) == 8; bn++) {
-		/*
-		 * do the transformation
-		 */
-		DES_XFORM(UBUFFER(msgbuf));
-		/*
-		 * if the last one, handle it specially
-		 */
-		if ((c = getchar()) == EOF) {
-			n = CHAR(msgbuf, 7);
-			if (n < 0 || n > 7)
-				err(bn, "decryption failed (block corrupted)");
-		}
-		else
-			(void)ungetc(c, stdin);
-		WRITE(BUFFER(msgbuf), n);
-	}
-	if (n > 0)
-		err(bn, "decryption failed (incomplete block)");
-}
-
-/*
- * This encrypts using the Cipher Block Chaining mode of DES
- */
-cbcenc()
-{
-	register int n;		/* number of bytes actually read */
-	register int bn;	/* block number */
-	Desbuf msgbuf;		/* I/O buffer */
-
-	/*
-	 * do the transformation
-	 */
-	for (bn = 1; (n = READ(BUFFER(msgbuf), 8)) == 8; bn++) {
-		for (n = 0; n < 8; n++)
-			CHAR(msgbuf, n) ^= CHAR(ivec, n);
-		DES_XFORM(UBUFFER(msgbuf));
-		MEMCPY(BUFFER(ivec), BUFFER(msgbuf), 8);
-		WRITE(BUFFER(msgbuf), 8);
-	}
-	/*
-	 * at EOF or last block -- in either case, the last byte contains
-	 * the character representation of the number of bytes in it
-	 */
-	bn++;
-	MEMZERO(&CHAR(msgbuf, n), 8 - n);
-	CHAR(msgbuf, 7) = n;
-	for (n = 0; n < 8; n++)
-		CHAR(msgbuf, n) ^= CHAR(ivec, n);
-	DES_XFORM(UBUFFER(msgbuf));
-	WRITE(BUFFER(msgbuf), 8);
-
-}
-
-/*
- * This decrypts using the Cipher Block Chaining mode of DES
- */
-cbcdec()
-{
-	register int n;		/* number of bytes actually read */
-	Desbuf msgbuf;		/* I/O buffer */
-	Desbuf ibuf;		/* temp buffer for initialization vector */
-	register int c;		/* used to test for EOF */
-	register int bn;	/* block number */
-
-	for (bn = 0; (n = READ(BUFFER(msgbuf), 8)) == 8; bn++) {
-		/*
-		 * do the transformation
-		 */
-		MEMCPY(BUFFER(ibuf), BUFFER(msgbuf), 8);
-		DES_XFORM(UBUFFER(msgbuf));
-		for (c = 0; c < 8; c++)
-			UCHAR(msgbuf, c) ^= UCHAR(ivec, c);
-		MEMCPY(BUFFER(ivec), BUFFER(ibuf), 8);
-		/*
-		 * if the last one, handle it specially
-		 */
-		if ((c = getchar()) == EOF) {
-			n = CHAR(msgbuf, 7);
-			if (n < 0 || n > 7)
-				err(bn, "decryption failed (block corrupted)");
-		}
-		else
-			(void)ungetc(c, stdin);
-		WRITE(BUFFER(msgbuf), n);
-	}
-	if (n > 0)
-		err(bn, "decryption failed (incomplete block)");
-}
-
-/*
- * This authenticates using the Cipher Block Chaining mode of DES
- */
-cbcauth()
-{
-	register int n, j;		/* number of bytes actually read */
-	Desbuf msgbuf;		/* I/O buffer */
-	Desbuf encbuf;		/* encryption buffer */
-
-	/*
-	 * do the transformation
-	 * note we DISCARD the encrypted block;
-	 * we only care about the last one
-	 */
-	while ((n = READ(BUFFER(msgbuf), 8)) == 8) {
-		for (n = 0; n < 8; n++)
-			CHAR(encbuf, n) = CHAR(msgbuf, n) ^ CHAR(ivec, n);
-		DES_XFORM(UBUFFER(encbuf));
-		MEMCPY(BUFFER(ivec), BUFFER(encbuf), 8);
-	}
-	/*
-	 * now compute the last one, right padding with '\0' if need be
-	 */
-	if (n > 0) {
-		MEMZERO(&CHAR(msgbuf, n), 8 - n);
-		for (n = 0; n < 8; n++)
-			CHAR(encbuf, n) = CHAR(msgbuf, n) ^ CHAR(ivec, n);
-		DES_XFORM(UBUFFER(encbuf));
-	}
-	/*
-	 * drop the bits
-	 * we write chars until fewer than 7 bits,
-	 * and then pad the last one with 0 bits
-	 */
-	for (n = 0; macbits > 7; n++, macbits -= 8)
-		(void)putchar(CHAR(encbuf, n));
-	if (macbits > 0) {
-		CHAR(msgbuf, 0) = 0x00;
-		for (j = 0; j < macbits; j++)
-			CHAR(msgbuf, 0) |= (CHAR(encbuf, n)&bits[j]);
-		(void)putchar(CHAR(msgbuf, 0));
-	}
-}
-
-/*
- * This encrypts using the Cipher FeedBack mode of DES
- */
-cfbenc()
-{
-	register int n;		/* number of bytes actually read */
-	register int nbytes;	/* number of bytes to read */
-	register int bn;	/* block number */
-	char ibuf[8];		/* input buffer */
-	Desbuf msgbuf;		/* encryption buffer */
-
-	/*
-	 * do things in bytes, not bits
-	 */
-	nbytes = fbbits / 8;
-	/*
-	 * do the transformation
-	 */
-	for (bn = 1; (n = READ(ibuf, nbytes)) == nbytes; bn++) {
-		MEMCPY(BUFFER(msgbuf), BUFFER(ivec), 8);
-		DES_XFORM(UBUFFER(msgbuf));
-		for (n = 0; n < 8 - nbytes; n++)
-			UCHAR(ivec, n) = UCHAR(ivec, n+nbytes);
-		for (n = 0; n < nbytes; n++)
-			UCHAR(ivec, 8-nbytes+n) = ibuf[n] ^ UCHAR(msgbuf, n);
-		WRITE(&CHAR(ivec, 8-nbytes), nbytes);
-	}
-	/*
-	 * at EOF or last block -- in either case, the last byte contains
-	 * the character representation of the number of bytes in it
-	 */
-	bn++;
-	MEMZERO(&ibuf[n], nbytes - n);
-	ibuf[nbytes - 1] = n;
-	MEMCPY(BUFFER(msgbuf), BUFFER(ivec), 8);
-	DES_XFORM(UBUFFER(msgbuf));
-	for (n = 0; n < nbytes; n++)
-		ibuf[n] ^= UCHAR(msgbuf, n);
-	WRITE(ibuf, nbytes);
-}
-
-/*
- * This decrypts using the Cipher Block Chaining mode of DES
- */
-cfbdec()
-{
-	register int n;		/* number of bytes actually read */
-	register int c;		/* used to test for EOF */
-	register int nbytes;	/* number of bytes to read */
-	register int bn;	/* block number */
-	char ibuf[8];		/* input buffer */
-	char obuf[8];		/* output buffer */
-	Desbuf msgbuf;		/* encryption buffer */
-
-	/*
-	 * do things in bytes, not bits
-	 */
-	nbytes = fbbits / 8;
-	/*
-	 * do the transformation
-	 */
-	for (bn = 1; (n = READ(ibuf, nbytes)) == nbytes; bn++) {
-		MEMCPY(BUFFER(msgbuf), BUFFER(ivec), 8);
-		DES_XFORM(UBUFFER(msgbuf));
-		for (c = 0; c < 8 - nbytes; c++)
-			CHAR(ivec, c) = CHAR(ivec, c+nbytes);
-		for (c = 0; c < nbytes; c++) {
-			CHAR(ivec, 8-nbytes+c) = ibuf[c];
-			obuf[c] = ibuf[c] ^ UCHAR(msgbuf, c);
-		}
-		/*
-		 * if the last one, handle it specially
-		 */
-		if ((c = getchar()) == EOF) {
-			n = obuf[nbytes-1];
-			if (n < 0 || n > nbytes-1)
-				err(bn, "decryption failed (block corrupted)");
-		}
-		else
-			(void)ungetc(c, stdin);
-		WRITE(obuf, n);
-	}
-	if (n > 0)
-		err(bn, "decryption failed (incomplete block)");
-}
-
-/*
- * This encrypts using the alternative Cipher FeedBack mode of DES
- */
-cfbaenc()
-{
-	register int n;		/* number of bytes actually read */
-	register int nbytes;	/* number of bytes to read */
-	register int bn;	/* block number */
-	char ibuf[8];		/* input buffer */
-	char obuf[8];		/* output buffer */
-	Desbuf msgbuf;		/* encryption buffer */
-
-	/*
-	 * do things in bytes, not bits
-	 */
-	nbytes = fbbits / 7;
-	/*
-	 * do the transformation
-	 */
-	for (bn = 1; (n = READ(ibuf, nbytes)) == nbytes; bn++) {
-		MEMCPY(BUFFER(msgbuf), BUFFER(ivec), 8);
-		DES_XFORM(UBUFFER(msgbuf));
-		for (n = 0; n < 8 - nbytes; n++)
-			UCHAR(ivec, n) = UCHAR(ivec, n+nbytes);
-		for (n = 0; n < nbytes; n++)
-			UCHAR(ivec, 8-nbytes+n) = (ibuf[n] ^ UCHAR(msgbuf, n))
-							|0200;
-		for (n = 0; n < nbytes; n++)
-			obuf[n] = CHAR(ivec, 8-nbytes+n)&0177;
-		WRITE(obuf, nbytes);
-	}
-	/*
-	 * at EOF or last block -- in either case, the last byte contains
-	 * the character representation of the number of bytes in it
-	 */
-	bn++;
-	MEMZERO(&ibuf[n], nbytes - n);
-	ibuf[nbytes - 1] = ('0' + n)|0200;
-	MEMCPY(BUFFER(msgbuf), BUFFER(ivec), 8);
-	DES_XFORM(UBUFFER(msgbuf));
-	for (n = 0; n < nbytes; n++)
-		ibuf[n] ^= UCHAR(msgbuf, n);
-	WRITE(ibuf, nbytes);
-}
-
-/*
- * This decrypts using the alternative Cipher Block Chaining mode of DES
- */
-cfbadec()
-{
-	register int n;		/* number of bytes actually read */
-	register int c;		/* used to test for EOF */
-	register int nbytes;	/* number of bytes to read */
-	register int bn;	/* block number */
-	char ibuf[8];		/* input buffer */
-	char obuf[8];		/* output buffer */
-	Desbuf msgbuf;		/* encryption buffer */
-
-	/*
-	 * do things in bytes, not bits
-	 */
-	nbytes = fbbits / 7;
-	/*
-	 * do the transformation
-	 */
-	for (bn = 1; (n = READ(ibuf, nbytes)) == nbytes; bn++) {
-		MEMCPY(BUFFER(msgbuf), BUFFER(ivec), 8);
-		DES_XFORM(UBUFFER(msgbuf));
-		for (c = 0; c < 8 - nbytes; c++)
-			CHAR(ivec, c) = CHAR(ivec, c+nbytes);
-		for (c = 0; c < nbytes; c++) {
-			CHAR(ivec, 8-nbytes+c) = ibuf[c]|0200;
-			obuf[c] = (ibuf[c] ^ UCHAR(msgbuf, c))&0177;
-		}
-		/*
-		 * if the last one, handle it specially
-		 */
-		if ((c = getchar()) == EOF) {
-			if ((n = (obuf[nbytes-1] - '0')) < 0
-						|| n > nbytes-1)
-				err(bn, "decryption failed (block corrupted)");
-		}
-		else
-			(void)ungetc(c, stdin);
-		WRITE(obuf, n);
-	}
-	if (n > 0)
-		err(bn, "decryption failed (incomplete block)");
-}
-
-
-/*
- * This encrypts using the Output FeedBack mode of DES
- */
-ofbenc()
-{
-	register int n;		/* number of bytes actually read */
-	register int c;		/* used to test for EOF */
-	register int nbytes;	/* number of bytes to read */
-	register int bn;	/* block number */
-	char ibuf[8];		/* input buffer */
-	char obuf[8];		/* output buffer */
-	Desbuf msgbuf;		/* encryption buffer */
-
-	/*
-	 * do things in bytes, not bits
-	 */
-	nbytes = fbbits / 8;
-	/*
-	 * do the transformation
-	 */
-	for (bn = 1; (n = READ(ibuf, nbytes)) == nbytes; bn++) {
-		MEMCPY(BUFFER(msgbuf), BUFFER(ivec), 8);
-		DES_XFORM(UBUFFER(msgbuf));
-		for (n = 0; n < 8 - nbytes; n++)
-			UCHAR(ivec, n) = UCHAR(ivec, n+nbytes);
-		for (n = 0; n < nbytes; n++) {
-			UCHAR(ivec, 8-nbytes+n) = UCHAR(msgbuf, n);
-			obuf[n] = ibuf[n] ^ UCHAR(msgbuf, n);
-		}
-		WRITE(obuf, nbytes);
-	}
-	/*
-	 * at EOF or last block -- in either case, the last byte contains
-	 * the character representation of the number of bytes in it
-	 */
-	bn++;
-	MEMZERO(&ibuf[n], nbytes - n);
-	ibuf[nbytes - 1] = n;
-	MEMCPY(BUFFER(msgbuf), BUFFER(ivec), 8);
-	DES_XFORM(UBUFFER(msgbuf));
-	for (c = 0; c < nbytes; c++)
-		ibuf[c] ^= UCHAR(msgbuf, c);
-	WRITE(ibuf, nbytes);
-}
-
-/*
- * This decrypts using the Output Block Chaining mode of DES
- */
-ofbdec()
-{
-	register int n;		/* number of bytes actually read */
-	register int c;		/* used to test for EOF */
-	register int nbytes;	/* number of bytes to read */
-	register int bn;	/* block number */
-	char ibuf[8];		/* input buffer */
-	char obuf[8];		/* output buffer */
-	Desbuf msgbuf;		/* encryption buffer */
-
-	/*
-	 * do things in bytes, not bits
-	 */
-	nbytes = fbbits / 8;
-	/*
-	 * do the transformation
-	 */
-	for (bn = 1; (n = READ(ibuf, nbytes)) == nbytes; bn++) {
-		MEMCPY(BUFFER(msgbuf), BUFFER(ivec), 8);
-		DES_XFORM(UBUFFER(msgbuf));
-		for (c = 0; c < 8 - nbytes; c++)
-			CHAR(ivec, c) = CHAR(ivec, c+nbytes);
-		for (c = 0; c < nbytes; c++) {
-			CHAR(ivec, 8-nbytes+c) = UCHAR(msgbuf, c);
-			obuf[c] = ibuf[c] ^ UCHAR(msgbuf, c);
-		}
-		/*
-		 * if the last one, handle it specially
-		 */
-		if ((c = getchar()) == EOF) {
-			n = obuf[nbytes-1];
-			if (n < 0 || n > nbytes-1)
-				err(bn, "decryption failed (block corrupted)");
-		}
-		else
-			(void)ungetc(c, stdin);
-		/*
-		 * dump it
-		 */
-		WRITE(obuf, n);
-	}
-	if (n > 0)
-		err(bn, "decryption failed (incomplete block)");
-}
-
-/*
- * This authenticates using the Cipher FeedBack mode of DES
- */
-cfbauth()
-{
-	register int n, j;	/* number of bytes actually read */
-	register int nbytes;	/* number of bytes to read */
-	char ibuf[8];		/* input buffer */
-	Desbuf msgbuf;		/* encryption buffer */
-
-	/*
-	 * do things in bytes, not bits
-	 */
-	nbytes = fbbits / 8;
-	/*
-	 * do the transformation
-	 */
-	while ((n = READ(ibuf, nbytes)) == nbytes) {
-		MEMCPY(BUFFER(msgbuf), BUFFER(ivec), 8);
-		DES_XFORM(UBUFFER(msgbuf));
-		for (n = 0; n < 8 - nbytes; n++)
-			UCHAR(ivec, n) = UCHAR(ivec, n+nbytes);
-		for (n = 0; n < nbytes; n++)
-			UCHAR(ivec, 8-nbytes+n) = ibuf[n] ^ UCHAR(msgbuf, n);
-	}
-	/*
-	 * at EOF or last block -- in either case, the last byte contains
-	 * the character representation of the number of bytes in it
-	 */
-	MEMZERO(&ibuf[n], nbytes - n);
-	ibuf[nbytes - 1] = '0' + n;
-	MEMCPY(BUFFER(msgbuf), BUFFER(ivec), 8);
-	DES_XFORM(UBUFFER(msgbuf));
-	for (n = 0; n < nbytes; n++)
-		ibuf[n] ^= UCHAR(msgbuf, n);
-	/*
-	 * drop the bits
-	 * we write chars until fewer than 7 bits,
-	 * and then pad the last one with 0 bits
-	 */
-	for (n = 0; macbits > 7; n++, macbits -= 8)
-		(void)putchar(CHAR(msgbuf, n));
-	if (macbits > 0) {
-		CHAR(msgbuf, 0) = 0x00;
-		for (j = 0; j < macbits; j++)
-			CHAR(msgbuf, 0) |= (CHAR(msgbuf, n)&bits[j]);
-		(void)putchar(CHAR(msgbuf, 0));
-	}
-}
-
-#ifndef FASTWAY
-/*
- * change from 8 bits/Uchar to 1 bit/Uchar
- */
-expand(from, to)
-	Desbuf from;			/* 8bit/unsigned char string */
-	char *to;			/* 1bit/char string */
-{
-	register int i, j;		/* counters in for loop */
-
-	for (i = 0; i < 8; i++)
-		for (j = 0; j < 8; j++)
-			*to++ = (CHAR(from, i)>>(7-j))&01;
-}
-
-/*
- * change from 1 bit/char to 8 bits/Uchar
- */
-compress(from, to)
-	char *from;			/* 1bit/char string */
-	Desbuf to;			/* 8bit/unsigned char string */
-{
-	register int i, j;		/* counters in for loop */
-
-	for (i = 0; i < 8; i++) {
-	 	CHAR(to, i) = 0;
-		for (j = 0; j < 8; j++)
-			CHAR(to, i) = ((*from++)<<(7-j))|CHAR(to, i);
-	}
-}
-#endif
-
-/*
- * message about usage
- */
-usage()
-{
-	(void)fprintf(stderr, "%s\n",
-"usage: bdes [-abdp] [-F bit] [-f bit] [-k key] [-m bit] [-o bit] [-v vector]");
-	exit(1);
-}
diff --git a/secure/usr.bin/bdes/bdes.ps b/secure/usr.bin/bdes/bdes.ps
deleted file mode 100644
index 471c267af751..000000000000
--- a/secure/usr.bin/bdes/bdes.ps
+++ /dev/null
@@ -1,2945 +0,0 @@
-%!
-%%BoundingBox: (atend)
-%%Pages: (atend)
-%%DocumentFonts: (atend)
-%%EndComments
-%
-% FrameMaker PostScript Prolog 2.0, for use with FrameMaker 2.0
-% Copyright (c) 1986,87,89 by Frame Technology, Inc.  All rights reserved.
-%
-% Known Problems:
-%	Due to bugs in Transcript, the 'PS-Adobe-' is omitted from line 1
-/FMversion (2.0) def 
-% Set up Color vs. Black-and-White
-	/FMPrintInColor systemdict /colorimage known def
-% Uncomment this line to force b&w on color printer
-%   /FMPrintInColor false def
-/FrameDict 190 dict def 
-systemdict /errordict known not {/errordict 10 dict def
-		errordict /rangecheck {stop} put} if
-% The readline in 23.0 doesn't recognize cr's as nl's on AppleTalk
-FrameDict /tmprangecheck errordict /rangecheck get put 
-errordict /rangecheck {FrameDict /bug true put} put 
-FrameDict /bug false put 
-mark 
-% Some PS machines read past the CR, so keep the following 3 lines together!
-currentfile 5 string readline
-00
-0000000000
-cleartomark 
-errordict /rangecheck FrameDict /tmprangecheck get put 
-FrameDict /bug get { 
-	/readline {
-		/gstring exch def
-		/gfile exch def
-		/gindex 0 def
-		{
-			gfile read pop 
-			dup 10 eq {exit} if 
-			dup 13 eq {exit} if 
-			gstring exch gindex exch put 
-			/gindex gindex 1 add def 
-		} loop
-		pop 
-		gstring 0 gindex getinterval true 
-		} def
-	} if
-/FMVERSION {
-	FMversion ne {
-		/Times-Roman findfont 18 scalefont setfont
-		100 100 moveto
-		(FrameMaker version does not match postscript_prolog!)
-		dup =
-		show showpage
-		} if
-	} def 
-/FMLOCAL {
-	FrameDict begin
-	0 def 
-	end 
-	} def 
-	/gstring FMLOCAL
-	/gfile FMLOCAL
-	/gindex FMLOCAL
-	/orgxfer FMLOCAL
-	/orgproc FMLOCAL
-	/organgle FMLOCAL
-	/orgfreq FMLOCAL
-	/yscale FMLOCAL
-	/xscale FMLOCAL
-	/manualfeed FMLOCAL
-	/paperheight FMLOCAL
-	/paperwidth FMLOCAL
-/FMDOCUMENT { 
-	array /FMfonts exch def 
-	/#copies exch def
-	FrameDict begin
-	0 ne dup {setmanualfeed} if
-	/manualfeed exch def
-	/paperheight exch def
-	/paperwidth exch def
-	setpapername
-	manualfeed {true} {papersize} ifelse 
-	{manualpapersize} {false} ifelse 
-	{desperatepapersize} if
-	/yscale exch def
-	/xscale exch def
-	currenttransfer cvlit /orgxfer exch def
-	currentscreen cvlit /orgproc exch def
-	/organgle exch def /orgfreq exch def
-	end 
-	} def 
-	/pagesave FMLOCAL
-	/orgmatrix FMLOCAL
-	/landscape FMLOCAL
-/FMBEGINPAGE { 
-	FrameDict begin 
-	/pagesave save def
-	3.86 setmiterlimit
-	/landscape exch 0 ne def
-	landscape { 
-		90 rotate 0 exch neg translate pop 
-		}
-		{pop pop}
-		ifelse
-	xscale yscale scale
-	/orgmatrix matrix def
-	gsave 
-	} def 
-/FMENDPAGE {
-	grestore 
-	pagesave restore
-	end 
-	showpage
-	} def 
-/FMDEFINEFONT { 
-	FrameDict begin
-	findfont 
-	ReEncode 
-	2 index exch 
-	definefont exch 
-	scalefont 
-	FMfonts 3 1 roll 
-	put
-	end 
-	} bind def
-/FMNORMALIZEGRAPHICS { 
-	newpath
-	0.0 0.0 moveto
-	1 setlinewidth
-	0 setlinecap
-	0 0 0 sethsbcolor
-	0 setgray 
-	} bind def
-	/fx FMLOCAL
-	/fy FMLOCAL
-	/fh FMLOCAL
-	/fw FMLOCAL
-	/llx FMLOCAL
-	/lly FMLOCAL
-	/urx FMLOCAL
-	/ury FMLOCAL
-/FMBEGINEPSF { 
-	end 
-	/FMEPSF save def 
-	/showpage {} def 
-	FMNORMALIZEGRAPHICS 
-	[/fy /fx /fh /fw /ury /urx /lly /llx] {exch def} forall 
-	fx fy translate 
-	rotate
-	fw urx llx sub div fh ury lly sub div scale 
-	llx neg lly neg translate 
-	} bind def
-/FMENDEPSF {
-	FMEPSF restore
-	FrameDict begin 
-	} bind def
-FrameDict begin 
-/setmanualfeed {
-%%BeginFeature *ManualFeed True
-	 statusdict /manualfeed true put
-%%EndFeature
-	} def
-/max {2 copy lt {exch} if pop} bind def
-/min {2 copy gt {exch} if pop} bind def
-/inch {72 mul} def
-/pagedimen { 
-	paperheight sub abs 16 lt exch 
-	paperwidth sub abs 16 lt and
-	{/papername exch def} {pop} ifelse
-	} def
-	/papersizedict FMLOCAL
-/setpapername { 
-	/papersizedict 14 dict def 
-	papersizedict begin
-	/papername /unknown def 
-		/Letter 8.5 inch 11.0 inch pagedimen
-		/LetterSmall 7.68 inch 10.16 inch pagedimen
-		/Tabloid 11.0 inch 17.0 inch pagedimen
-		/Ledger 17.0 inch 11.0 inch pagedimen
-		/Legal 8.5 inch 14.0 inch pagedimen
-		/Statement 5.5 inch 8.5 inch pagedimen
-		/Executive 7.5 inch 10.0 inch pagedimen
-		/A3 11.69 inch 16.5 inch pagedimen
-		/A4 8.26 inch 11.69 inch pagedimen
-		/A4Small 7.47 inch 10.85 inch pagedimen
-		/B4 10.125 inch 14.33 inch pagedimen
-		/B5 7.16 inch 10.125 inch pagedimen
-	end
-	} def
-/papersize {
-	papersizedict begin
-		/Letter {lettertray} def
-		/LetterSmall {lettertray lettersmall} def
-		/Tabloid {11x17tray} def
-		/Ledger {ledgertray} def
-		/Legal {legaltray} def
-		/Statement {statementtray} def
-		/Executive {executivetray} def
-		/A3 {a3tray} def
-		/A4 {a4tray} def
-		/A4Small {a4tray a4small} def
-		/B4 {b4tray} def
-		/B5 {b5tray} def
-		/unknown {unknown} def
-	papersizedict dup papername known {papername} {/unknown} ifelse get
-	end
-	/FMdicttop countdictstack 1 add def
-	statusdict begin stopped end 
-	countdictstack -1 FMdicttop {pop end} for
-	} def
-/manualpapersize {
-	papersizedict begin
-		/Letter {letter} def
-		/LetterSmall {lettersmall} def
-		/Tabloid {11x17} def
-		/Ledger {ledger} def
-		/Legal {legal} def
-		/Statement {statement} def
-		/Executive {executive} def
-		/A3 {a3} def
-		/A4 {a4} def
-		/A4Small {a4small} def
-		/B4 {b4} def
-		/B5 {b5} def
-		/unknown {unknown} def
-	papersizedict dup papername known {papername} {/unknown} ifelse get
-	end
-	stopped 
-	} def
-/desperatepapersize {
-	statusdict /setpageparams known
-		{
-		paperwidth paperheight 0 1 
-		statusdict begin
-		{setpageparams} stopped pop 
-		end
-		} if
-	} def
-/savematrix {
-	orgmatrix currentmatrix pop
-	} bind def
-/restorematrix {
-	orgmatrix setmatrix
-	} bind def
-/dmatrix matrix def
-/dpi    72 0 dmatrix defaultmatrix dtransform
-    dup mul exch   dup mul add   sqrt def
-/freq dpi 18.75 div 8 div round dup 0 eq {pop 1} if 8 mul dpi exch div def
-/sangle 1 0 dmatrix defaultmatrix dtransform exch atan def
-/DiacriticEncoding [
-/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
-/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
-/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
-/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
-/.notdef /.notdef /.notdef /.notdef /space /exclam /quotedbl
-/numbersign /dollar /percent /ampersand /quotesingle /parenleft
-/parenright /asterisk /plus /comma /hyphen /period /slash /zero /one
-/two /three /four /five /six /seven /eight /nine /colon /semicolon
-/less /equal /greater /question /at /A /B /C /D /E /F /G /H /I /J /K
-/L /M /N /O /P /Q /R /S /T /U /V /W /X /Y /Z /bracketleft /backslash
-/bracketright /asciicircum /underscore /grave /a /b /c /d /e /f /g /h
-/i /j /k /l /m /n /o /p /q /r /s /t /u /v /w /x /y /z /braceleft /bar
-/braceright /asciitilde /.notdef /Adieresis /Aring /Ccedilla /Eacute
-/Ntilde /Odieresis /Udieresis /aacute /agrave /acircumflex /adieresis
-/atilde /aring /ccedilla /eacute /egrave /ecircumflex /edieresis
-/iacute /igrave /icircumflex /idieresis /ntilde /oacute /ograve
-/ocircumflex /odieresis /otilde /uacute /ugrave /ucircumflex
-/udieresis /dagger /.notdef /cent /sterling /section /bullet
-/paragraph /germandbls /registered /copyright /trademark /acute
-/dieresis /.notdef /AE /Oslash /.notdef /.notdef /.notdef /.notdef
-/yen /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
-/ordfeminine /ordmasculine /.notdef /ae /oslash /questiondown
-/exclamdown /logicalnot /.notdef /florin /.notdef /.notdef
-/guillemotleft /guillemotright /ellipsis /.notdef /Agrave /Atilde
-/Otilde /OE /oe /endash /emdash /quotedblleft /quotedblright
-/quoteleft /quoteright /.notdef /.notdef /ydieresis /Ydieresis
-/fraction /currency /guilsinglleft /guilsinglright /fi /fl /daggerdbl
-/periodcentered /quotesinglbase /quotedblbase /perthousand
-/Acircumflex /Ecircumflex /Aacute /Edieresis /Egrave /Iacute
-/Icircumflex /Idieresis /Igrave /Oacute /Ocircumflex /.notdef /Ograve
-/Uacute /Ucircumflex /Ugrave /dotlessi /circumflex /tilde /macron
-/breve /dotaccent /ring /cedilla /hungarumlaut /ogonek /caron
-] def
-/ReEncode { 
-	dup 
-	length 
-	dict begin 
-	{
-	1 index /FID ne 
-		{def} 
-		{pop pop} ifelse 
-	} forall
-	Encoding StandardEncoding eq 
-	{
-		/Encoding DiacriticEncoding def
-	}if
-	currentdict 
-	end 
-	} bind def
-/graymode true def
-	/bwidth FMLOCAL
-	/bpside FMLOCAL
-	/bstring FMLOCAL
-	/onbits FMLOCAL
-	/offbits FMLOCAL
-	/xindex FMLOCAL
-	/yindex FMLOCAL
-	/x FMLOCAL
-	/y FMLOCAL
-/setpattern {
-	 /bwidth  exch def
-	 /bpside  exch def
-	 /bstring exch def
-	 /onbits 0 def  /offbits 0 def
-	 freq sangle landscape {90 add} if 
-		{/y exch def
-		 /x exch def
-		 /xindex x 1 add 2 div bpside mul cvi def
-		 /yindex y 1 add 2 div bpside mul cvi def
-		 bstring yindex bwidth mul xindex 8 idiv add get
-		 1 7 xindex 8 mod sub bitshift and 0 ne
-		 {/onbits  onbits  1 add def 1}
-		 {/offbits offbits 1 add def 0}
-		 ifelse
-		}
-		setscreen
-	 {} settransfer
-	 offbits offbits onbits add div FMsetgray
-	/graymode false def
-	} bind def
-/grayness {
-	FMsetgray
-	graymode not {
-		/graymode true def
-		orgxfer cvx settransfer
-		orgfreq organgle orgproc cvx setscreen
-		} if
-	} bind def
-	/HUE FMLOCAL
-	/SAT FMLOCAL
-	/BRIGHT FMLOCAL
-	/Colors FMLOCAL
-FMPrintInColor 
-	
-	{
-	/HUE 0 def
-	/SAT 0 def
-	/BRIGHT 0 def
-	% array of arrays Hue and Sat values for the separations [HUE BRIGHT]
-	/Colors   
-	[[0    0  ]    % black
-	 [0    0  ]    % white
-	 [0.00 1.0]    % red
-	 [0.37 1.0]    % green
-	 [0.60 1.0]    % blue
-	 [0.50 1.0]    % cyan
-	 [0.83 1.0]    % magenta
-	 [0.16 1.0]    % comment / yellow
-	 ] def
-      
-	/BEGINBITMAPCOLOR { 
-		BITMAPCOLOR} def
-	/BEGINBITMAPCOLORc { 
-		BITMAPCOLORc} def
-	/K { 
-		Colors exch get dup
-		0 get /HUE exch store 
-		1 get /BRIGHT exch store
-		  HUE 0 eq BRIGHT 0 eq and
-			{1.0 SAT sub setgray}
-			{HUE SAT BRIGHT sethsbcolor} 
-		  ifelse
-		} def
-	/FMsetgray { 
-		/SAT exch 1.0 exch sub store 
-		  HUE 0 eq BRIGHT 0 eq and
-			{1.0 SAT sub setgray}
-			{HUE SAT BRIGHT sethsbcolor} 
-		  ifelse
-		} bind def
-	}
-	
-	{
-	/BEGINBITMAPCOLOR { 
-		BITMAPGRAY} def
-	/BEGINBITMAPCOLORc { 
-		BITMAPGRAYc} def
-	/FMsetgray {setgray} bind def
-	/K { 
-		pop
-		} def
-	}
-ifelse
-/normalize {
-	transform round exch round exch itransform
-	} bind def
-/dnormalize {
-	dtransform round exch round exch idtransform
-	} bind def
-/lnormalize { 
-	0 dtransform exch cvi 2 idiv 2 mul 1 add exch idtransform pop
-	} bind def
-/H { 
-	lnormalize setlinewidth
-	} bind def
-/Z {
-	setlinecap
-	} bind def
-/X { 
-	fillprocs exch get exec
-	} bind def
-/V { 
-	gsave eofill grestore
-	} bind def
-/N { 
-	stroke
-	} bind def
-/M {newpath moveto} bind def
-/E {lineto} bind def
-/D {curveto} bind def
-/O {closepath} bind def
-	/n FMLOCAL
-/L { 
- 	/n exch def
-	newpath
-	normalize
-	moveto 
-	2 1 n {pop normalize lineto} for
-	} bind def
-/Y { 
-	L 
-	closepath
-	} bind def
-	/x1 FMLOCAL
-	/x2 FMLOCAL
-	/y1 FMLOCAL
-	/y2 FMLOCAL
-	/rad FMLOCAL
-/R { 
-	/y2 exch def
-	/x2 exch def
-	/y1 exch def
-	/x1 exch def
-	x1 y1
-	x2 y1
-	x2 y2
-	x1 y2
-	4 Y 
-	} bind def
-/RR { 
-	/rad exch def
-	normalize
-	/y2 exch def
-	/x2 exch def
-	normalize
-	/y1 exch def
-	/x1 exch def
-	newpath
-	x1 y1 rad add moveto
-	x1 y2 x2 y2 rad arcto
-	x2 y2 x2 y1 rad arcto
-	x2 y1 x1 y1 rad arcto
-	x1 y1 x1 y2 rad arcto
-	closepath
-	16 {pop} repeat
-	} bind def
-/C { 
-	grestore
-	gsave
-	R 
-	clip
-	} bind def
-/U { 
-	grestore
-	gsave
-	} bind def
-/F { 
-	FMfonts exch get
-	setfont
-	} bind def
-/T { 
-	moveto show
-	} bind def
-/RF { 
-	rotate
-	0 ne {-1 1 scale} if
-	} bind def
-/TF { 
-	gsave
-	moveto 
-	RF
-	show
-	grestore
-	} bind def
-/P { 
-	moveto
-	0 32 3 2 roll widthshow
-	} bind def
-/PF { 
-	gsave
-	moveto 
-	RF
-	0 32 3 2 roll widthshow
-	grestore
-	} bind def
-/S { 
-	moveto
-	0 exch ashow
-	} bind def
-/SF { 
-	gsave
-	moveto
-	RF
-	0 exch ashow
-	grestore
-	} bind def
-/B { 
-	moveto
-	0 32 4 2 roll 0 exch awidthshow
-	} bind def
-/BF { 
-	gsave
-	moveto
-	RF
-	0 32 4 2 roll 0 exch awidthshow
-	grestore
-	} bind def
-	/x FMLOCAL
-	/y FMLOCAL
-	/dx FMLOCAL
-	/dy FMLOCAL
-	/dl FMLOCAL
-	/t FMLOCAL
-	/t2 FMLOCAL
-	/Cos FMLOCAL
-	/Sin FMLOCAL
-	/r FMLOCAL
-/W { 
-	dnormalize
-	/dy exch def
-	/dx exch def
-	normalize
-	/y  exch def
-	/x  exch def
-	/dl dx dx mul dy dy mul add sqrt def
-	dl 0.0 gt {
-		/t currentlinewidth def
-		savematrix
-		/Cos dx dl div def
-		/Sin dy dl div def
-		/r [Cos Sin Sin neg Cos 0.0 0.0] def
-		/t2 t 2.5 mul 3.5 max def
-		newpath
-		x y translate
-		r concat
-		0.0 0.0 moveto
-		dl t 2.7 mul sub 0.0 rlineto
-		stroke
-		restorematrix
-		x dx add y dy add translate
-		r concat
-		t 0.67 mul setlinewidth
-		t 1.61 mul neg  0.0 translate
-		0.0 0.0 moveto
-		t2 1.7 mul neg  t2 2.0 div     moveto
-		0.0 0.0 lineto
-		t2 1.7 mul neg  t2 2.0 div neg lineto
-		stroke
-		t setlinewidth
-		restorematrix
-		} if
-	} bind def
-/G { 
-	gsave
-	newpath
-	normalize translate 0.0 0.0 moveto 
-	dnormalize scale 
-	0.0 0.0 1.0 5 3 roll arc 
-	closepath fill
-	grestore
-	} bind def
-/A { 
-	gsave
-	savematrix
-	newpath
-	2 index 2 div add exch 3 index 2 div sub exch 
-	normalize 2 index 2 div sub exch 3 index 2 div add exch 
-	translate 
-	scale 
-	0.0 0.0 1.0 5 3 roll arc 
-	restorematrix
-	stroke
-	grestore
-	} bind def
-	/x FMLOCAL
-	/y FMLOCAL
-	/w FMLOCAL
-	/h FMLOCAL
-	/xx FMLOCAL
-	/yy FMLOCAL
-	/ww FMLOCAL
-	/hh FMLOCAL
-	/FMsaveobject FMLOCAL
-	/FMoptop FMLOCAL
-	/FMdicttop FMLOCAL
-/BEGINPRINTCODE { 
-	/FMdicttop countdictstack 1 add def 
-	/FMoptop count 4 sub def 
-	/FMsaveobject save def
-	userdict begin 
-	/showpage {} def 
-	FMNORMALIZEGRAPHICS 
-	3 index neg 3 index neg translate
-	} bind def
-/ENDPRINTCODE {
-	count -1 FMoptop {pop pop} for 
-	countdictstack -1 FMdicttop {pop end} for 
-	FMsaveobject restore 
-	} bind def
-/gn { 
-	0 
-	{	46 mul 
-		cf read pop 
-		32 sub 
-		dup 46 lt {exit} if 
-		46 sub add 
-		} loop
-	add 
-	} bind def
-	/str FMLOCAL
-/cfs { 
-	/str sl string def 
-	0 1 sl 1 sub {str exch val put} for 
-	str def 
-	} bind def
-/ic [ 
-	0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0223
-	0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0223
-	0
-	{0 hx} {1 hx} {2 hx} {3 hx} {4 hx} {5 hx} {6 hx} {7 hx} {8 hx} {9 hx}
-	{10 hx} {11 hx} {12 hx} {13 hx} {14 hx} {15 hx} {16 hx} {17 hx} {18 hx}
-	{19 hx} {gn hx} {0} {1} {2} {3} {4} {5} {6} {7} {8} {9} {10} {11} {12}
-	{13} {14} {15} {16} {17} {18} {19} {gn} {0 wh} {1 wh} {2 wh} {3 wh}
-	{4 wh} {5 wh} {6 wh} {7 wh} {8 wh} {9 wh} {10 wh} {11 wh} {12 wh}
-	{13 wh} {14 wh} {gn wh} {0 bl} {1 bl} {2 bl} {3 bl} {4 bl} {5 bl} {6 bl}
-	{7 bl} {8 bl} {9 bl} {10 bl} {11 bl} {12 bl} {13 bl} {14 bl} {gn bl}
-	{0 fl} {1 fl} {2 fl} {3 fl} {4 fl} {5 fl} {6 fl} {7 fl} {8 fl} {9 fl}
-	{10 fl} {11 fl} {12 fl} {13 fl} {14 fl} {gn fl}
-	] def
-	/sl FMLOCAL
-	/val FMLOCAL
-	/ws FMLOCAL
-	/im FMLOCAL
-	/bs FMLOCAL
-	/cs FMLOCAL
-	/len FMLOCAL
-	/pos FMLOCAL
-/ms { 
-	/sl exch def 
-	/val 255 def 
-	/ws cfs 
-	/im cfs 
-	/val 0 def 
-	/bs cfs 
-	/cs cfs 
-	} bind def
-400 ms 
-/ip { 
-	is 
-	0 
-	cf cs readline pop 
-	{	ic exch get exec 
-		add 
-		} forall 
-	pop 
-	
-	} bind def
-/wh { 
-	/len exch def 
-	/pos exch def 
-	ws 0 len getinterval im pos len getinterval copy pop
-	pos len 
-	} bind def
-/bl { 
-	/len exch def 
-	/pos exch def 
-	bs 0 len getinterval im pos len getinterval copy pop
-	pos len 
-	} bind def
-/s1 1 string def
-/fl { 
-	/len exch def 
-	/pos exch def 
-	/val cf s1 readhexstring pop 0 get def
-	pos 1 pos len add 1 sub {im exch val put} for
-	pos len 
-	} bind def
-/hx { 
-	3 copy getinterval 
-	cf exch readhexstring pop pop 
-	} bind def
-	/h FMLOCAL
-	/w FMLOCAL
-	/d FMLOCAL
-	/lb FMLOCAL
-	/bitmapsave FMLOCAL
-	/is FMLOCAL
-	/cf FMLOCAL
-/wbytes { 
-	dup 
-	8 eq {pop} {1 eq {7 add 8 idiv} {3 add 4 idiv} ifelse} ifelse
-	} bind def
-/BEGINBITMAPBWc { 
-	1 {} COMMONBITMAPc
-	} bind def
-/BEGINBITMAPGRAYc { 
-	8 {} COMMONBITMAPc
-	} bind def
-/BEGINBITMAP2BITc { 
-	2 {} COMMONBITMAPc
-	} bind def
-/COMMONBITMAPc { 
-	/r exch def
-	/d exch def
-	gsave
-	translate rotate scale /h exch def /w exch def
-	/lb w d wbytes def 
-	sl lb lt {lb ms} if 
-	/bitmapsave save def 
-	r                    
-	/is im 0 lb getinterval def 
-	ws 0 lb getinterval is copy pop 
-	/cf currentfile def 
-	w h d [w 0 0 h neg 0 h] 
-	{ip} image 
-	bitmapsave restore 
-	grestore
-	} bind def
-/BEGINBITMAPBW { 
-	1 {} COMMONBITMAP
-	} bind def
-/BEGINBITMAPGRAY { 
-	8 {} COMMONBITMAP
-	} bind def
-/BEGINBITMAP2BIT { 
-	2 {} COMMONBITMAP
-	} bind def
-/COMMONBITMAP { 
-	/r exch def
-	/d exch def
-	gsave
-	translate rotate scale /h exch def /w exch def
-	/bitmapsave save def 
-	r                    
-	/is w d wbytes string def
-	/cf currentfile def 
-	w h d [w 0 0 h neg 0 h] 
-	{cf is readhexstring pop} image
-	bitmapsave restore 
-	grestore
-	} bind def
-	/proc1 FMLOCAL
-	/proc2 FMLOCAL
-	/newproc FMLOCAL
-/Fmcc {
-    /proc2 exch cvlit def
-    /proc1 exch cvlit def
-    /newproc proc1 length proc2 length add array def
-    newproc 0 proc1 putinterval
-    newproc proc1 length proc2 putinterval
-    newproc cvx
-} bind def
-/ngrayt 256 array def
-/nredt 256 array def
-/nbluet 256 array def
-/ngreent 256 array def
-	/gryt FMLOCAL
-	/blut FMLOCAL
-	/grnt FMLOCAL
-	/redt FMLOCAL
-	/indx FMLOCAL
-	/cynu FMLOCAL
-	/magu FMLOCAL
-	/yelu FMLOCAL
-	/k FMLOCAL
-	/u FMLOCAL
-/colorsetup {
-	currentcolortransfer
-	/gryt exch def
-	/blut exch def
-	/grnt exch def
-	/redt exch def
-	0 1 255 {
-		/indx exch def
-		/cynu 1 red indx get 255 div sub def
-		/magu 1 green indx get 255 div sub def
-		/yelu 1 blue indx get 255 div sub def
-		/k cynu magu min yelu min def
-		/u k currentundercolorremoval exec def
-		nredt indx 1 0 cynu u sub max sub redt exec put
-		ngreent indx 1 0 magu u sub max sub grnt exec put
-		nbluet indx 1 0 yelu u sub max sub blut exec put
-		ngrayt indx 1 k currentblackgeneration exec sub gryt exec put
-	} for
-	{255 mul cvi nredt exch get}
-	{255 mul cvi ngreent exch get}
-	{255 mul cvi nbluet exch get}
-	{255 mul cvi ngrayt exch get}
-	setcolortransfer
-	{pop 0} setundercolorremoval
-	{} setblackgeneration
-	} bind def
-	/tran FMLOCAL
-/fakecolorsetup {
-	/tran 256 string def
-	0 1 255 {/indx exch def 
-		tran indx
-		red indx get 77 mul
-		green indx get 151 mul
-		blue indx get 28 mul
-		add add 256 idiv put} for
-	currenttransfer
-	{255 mul cvi tran exch get 255.0 div}
-	exch Fmcc settransfer
-} bind def
-/BITMAPCOLOR { 
-	/d 8 def
-	gsave
-	translate rotate scale /h exch def /w exch def
-	/bitmapsave save def 
-	colorsetup
-	/is w d wbytes string def
-	/cf currentfile def 
-	w h d [w 0 0 h neg 0 h] 
-	{cf is readhexstring pop} {is} {is} true 3 colorimage 
-	bitmapsave restore 
-	grestore
-	} bind def
-/BITMAPCOLORc { 
-	/d 8 def
-	gsave
-	translate rotate scale /h exch def /w exch def
-	/lb w d wbytes def 
-	sl lb lt {lb ms} if 
-	/bitmapsave save def 
-	colorsetup
-	/is im 0 lb getinterval def 
-	ws 0 lb getinterval is copy pop 
-	/cf currentfile def 
-	w h d [w 0 0 h neg 0 h] 
-	{ip} {is} {is} true 3 colorimage
-	bitmapsave restore 
-	grestore
-	} bind def
-/BITMAPGRAY { 
-	8 {fakecolorsetup} COMMONBITMAP
-	} bind def
-/BITMAPGRAYc { 
-	8 {fakecolorsetup} COMMONBITMAPc
-	} bind def
-/ENDBITMAP {
-	} bind def
-end 
-%%EndProlog
-%%BeginSetup
-(2.0) FMVERSION
-1 1 612 792 0 1 16 FMDOCUMENT
-/fillprocs 32 array def
-fillprocs 0 { 0.000000 grayness } put
-fillprocs 1 { 0.100000 grayness } put
-fillprocs 2 { 0.300000 grayness } put
-fillprocs 3 { 0.500000 grayness } put
-fillprocs 4 { 0.700000 grayness } put
-fillprocs 5 { 0.900000 grayness } put
-fillprocs 6 { 0.970000 grayness } put
-fillprocs 7 { 1.000000 grayness } put
-fillprocs 8 {<0f87c3e1f0783c1e> 8 1 setpattern } put
-fillprocs 9 {<0f1e3c78f0e1c387> 8 1 setpattern } put
-fillprocs 10 {<cccccccccccccccc> 8 1 setpattern } put
-fillprocs 11 {<ffff0000ffff0000> 8 1 setpattern } put
-fillprocs 12 {<8142241818244281> 8 1 setpattern } put
-fillprocs 13 {<8040201008040201> 8 1 setpattern } put
-fillprocs 14 {<03060c183060c081> 8 1 setpattern } put
-fillprocs 15 {} put
-fillprocs 16 { 1.000000 grayness } put
-fillprocs 17 { 0.900000 grayness } put
-fillprocs 18 { 0.700000 grayness } put
-fillprocs 19 { 0.500000 grayness } put
-fillprocs 20 { 0.300000 grayness } put
-fillprocs 21 { 0.100000 grayness } put
-fillprocs 22 { 0.030000 grayness } put
-fillprocs 23 { 0.000000 grayness } put
-fillprocs 24 {<f0783c1e0f87c3e1> 8 1 setpattern } put
-fillprocs 25 {<f0e1c3870f1e3c78> 8 1 setpattern } put
-fillprocs 26 {<3333333333333333> 8 1 setpattern } put
-fillprocs 27 {<0000ffff0000ffff> 8 1 setpattern } put
-fillprocs 28 {<7ebddbe7e7dbbd7e> 8 1 setpattern } put
-fillprocs 29 {<7fbfdfeff7fbfdfe> 8 1 setpattern } put
-fillprocs 30 {<fcf9f3e7cf9f3f7e> 8 1 setpattern } put
-fillprocs 31 {} put
-%%EndSetup
-0 12 /Helvetica-Bold FMDEFINEFONT
-1 12 /Helvetica-BoldOblique FMDEFINEFONT
-%%Page: "-1" 1
-%%BeginPaperSize: Letter
-%%EndPaperSize
-612 792 0 FMBEGINPAGE
-144 144 468 396 R
-7 X
-0 K
-V
-0 F
-0 X
-1.2 (IMPLEMENT) 178.34 388 S
-1.2 (A) 258.88 388 S
-1.2 (TION NOTES ON ) 267.85 388 S
-1 F
-1.2 (bdes) 382.61 388 S
-0 F
-1.2 (\0501\051) 415.4 388 S
-1.2 (Matt Bishop) 265.09 338 S
-1.2 (T) 197.74 288 S
-1.2 (echnical Report PCS-TR91-158) 205.38 288 S
-FMENDPAGE
-%%EndPage: "-1" 2
-%%Page: "0" 2
-612 792 0 FMBEGINPAGE
-72 72 540 720 R
-7 X
-0 K
-V
-FMENDPAGE
-%%EndPage: "0" 3
-0 12 /Times-Roman FMDEFINEFONT
-1 18 /Times-Bold FMDEFINEFONT
-2 18 /Times-BoldItalic FMDEFINEFONT
-3 12 /Times-Italic FMDEFINEFONT
-4 12 /Times-Bold FMDEFINEFONT
-5 10 /Times-Roman FMDEFINEFONT
-6 12 /Courier FMDEFINEFONT
-7 12 /Courier-Oblique FMDEFINEFONT
-8 12 /ZapfDingbats FMDEFINEFONT
-9 12 /Symbol FMDEFINEFONT
-10 12 /Courier-Bold FMDEFINEFONT
-%%Page: "1" 3
-612 792 0 FMBEGINPAGE
-72 745.99 540 756 R
-7 X
-0 K
-V
-72 32.69 540 42.7 R
-V
-0 F
-0 X
-(Page 1 of 11) 479.71 34.7 T
-72 72 540 720 R
-7 X
-V
-1 F
-0 X
-(Implementation Notes on ) 179.84 708 T
-2 F
-(bdes) 378.21 708 T
-1 F
-(\0501\051) 411.19 708 T
-0 F
-( ) 432.17 708 T
-3 F
-(Matt Bishop) 276.51 676 T
-0 F
-(Department of Mathematics and Computer Science) 182.92 656 T
-(Dartmouth College) 259.86 642 T
-(Hanover) 257.45 628 T
-(, NH 03755) 298.26 628 T
-3 F
-(ABSTRACT) 277.68 602 T
-0 F
-0.27 (This note describes the implementation of ) 108 582 P
-3 F
-0.27 (bdes) 314.13 582 P
-0 F
-0.27 (, the \336le encryption program being) 336.12 582 P
-0.36 (distributed in the 4.4 release of the Berkeley Software Distribution. It implements) 108 568 P
-(all modes of the Data Encryption Standard program.) 108 554 T
-4 F
-(1. Intr) 72 528 T
-(oduction) 104.43 528 T
-0 F
--0.09 (The Data Encryption Standard is a standard endorsed by the federal government. It is con-) 108 504 P
--0.56 (siderably stronger than the algorithm used by the ) 72 484 P
-5 F
--0.47 (UNIX) 305.36 484 P
-0 F
--0.56 (\252 ) 330.34 484 P
-3 F
--0.56 (crypt) 344.53 484 P
-0 F
--0.56 (\0501\051 program, and therefore is a more) 369.18 484 P
-0.11 (suitable candidate for protecting information, especially information contained in ) 72 464 P
-5 F
-0.09 (ASCII) 466.05 464 P
-0 F
-0.11 ( \336les. The) 492.14 464 P
--0.65 (program ) 72 444 P
-3 F
--0.65 (bdes) 114.99 444 P
-0 F
--0.65 (\0501\051 implements the DES and all of its modes, including the two authentication modes.) 136.97 444 P
--0.59 (Because others may wish to write software compatible with this program, this note presents) 108 420 P
--0.04 (the layout of the encrypted \336les produced by ) 72 400 P
-3 F
--0.04 (bdes) 288.86 400 P
-0 F
--0.04 ( as well as internal details relevant to the imple-) 310.85 400 P
--0.15 (mentation. Whereever possible and appropriate, the description of the ) 72 380 P
-3 F
--0.15 (des) 408.04 380 P
-0 F
--0.15 (\0501\051 program given in [4]) 424.03 380 P
--0.2 (has been followed; thus, ) 72 360 P
-3 F
--0.2 (bdes) 190.77 360 P
-0 F
--0.2 ( is completely compatible with that program. However) 212.75 360 P
--0.2 (, ) 473.33 360 P
-3 F
--0.2 (bdes) 479.12 360 P
-0 F
--0.2 ( also of-) 501.11 360 P
-(fers several extensions to ) 72 340 T
-3 F
-(des) 195.9 340 T
-0 F
-( that are not compatible, and these will be explicitly pointed out.) 211.89 340 T
--0.14 (In this note, strings typed as shown will be in ) 108 316 P
-6 F
--0.34 (Courier Roman font) 326.78 316 P
-0 F
--0.14 (, and strings to be) 455.62 316 P
--0.42 (chosen by the user will be in ) 72 296 P
-7 F
--1 (Courier Oblique font) 209.32 296 P
-0 F
--0.42 (. The space character \050) 351.24 296 P
-5 F
--0.35 (ASCII) 457.79 296 P
-0 F
--0.42 ( <) 483.88 296 P
-5 F
--0.35 (SP) 493.23 296 P
-0 F
--0.42 (>, octal) 504.34 296 P
--0.43 (40, decimal 32, hex 20\051 will be represented as \322) 72 276 P
-8 F
--0.47 (z) 296.98 276 P
-0 F
--0.43 (\323 and the newline character \050) 301.96 276 P
-5 F
--0.35 (ASCII) 438.03 276 P
-0 F
--0.43 ( <) 464.13 276 P
-5 F
--0.35 (NL) 473.46 276 P
-0 F
--0.43 (>, octal 12,) 486.79 276 P
--0.05 (decimal 10, hex a\051 as \322) 72 256 P
-9 F
--0.05 (\277) 181.65 256 P
-0 F
--0.05 (\323. Because it is often more convenient to represent arbitrary characters as) 189.54 256 P
-1.13 (a sequence of hexadecimal digits, that representation will often be used; these digits will be in) 72 236 P
-10 F
-(Courier Bold font) 72 216 T
-0 F
-( with spaces often inserted for readability) 194.33 216 T
-(.) 392.07 216 T
-4 F
-(2. Overview and Use) 72 184 T
-3 F
--0.39 (Bdes) 108 160 P
-0 F
--0.39 ( implements the Data Encryption Standard algorithm in software, and enables the user) 131.32 160 P
--0.61 (to encrypt data using any of the four modes of operation of the DES \050Electronic Code Book, Cipher) 72 140 P
-72 72 540 720 C
-72 72 540 117 C
-72 72 549 108 R
-7 X
-0 K
-V
-5 F
-0 X
-(This work is based on work funded by grant NAG2-680 from the National
-Aeronautics and Space Administration to ) 72 101.33 T
-(Dartmouth College.) 72 89.33 T
-(UNIX is a Registered T) 72 77.33 T
-(rademark of A) 166.58 77.33 T
-(T&T Bell Laboratories.) 223.75 77.33 T
-72 72 540 720 C
-0 0 612 792 C
-72 126 225 126 2 L
-7 X
-0 K
-V
-0.5 H
-2 Z
-0 X
-N
-FMENDPAGE
-%%EndPage: "1" 4
-%%Page: "2" 4
-612 792 0 FMBEGINPAGE
-72 745.99 540 756 R
-7 X
-0 K
-V
-72 32.69 540 42.7 R
-V
-0 F
-0 X
-(Page 2 of 11) 479.71 34.7 T
-72 72 540 720 R
-7 X
-V
-0 X
-0.31 (Block Chaining, ) 72 712 P
-3 F
-0.31 (k) 154.25 712 P
-0 F
-0.31 (-bit Cipher Feed Back, and ) 159.58 712 P
-3 F
-0.31 (k) 293.71 712 P
-0 F
-0.31 (-bit Output Feed Back\051 as well as the Alternate ) 299.04 712 P
-3 F
-0.31 (k) 530.68 712 P
-0 F
-0.31 (-) 536.01 712 P
--0.04 (bit Cipher Feed Back mode. Further) 72 692 P
--0.04 (, ) 244.52 692 P
-3 F
--0.04 (bdes) 250.48 692 P
-0 F
--0.04 ( supports message authentication code generation based) 272.46 692 P
-(on both the Cipher Block Chaining mode and the ) 72 672 T
-3 F
-(k) 310.86 672 T
-0 F
-(-bit Cipher Feed Back mode.) 316.19 672 T
-0.07 (By default, ) 108 648 P
-3 F
-0.07 (bdes) 164.43 648 P
-0 F
-0.07 ( encrypts an input \336le using Cipher Block Chaining mode, and is invoked) 186.41 648 P
--0.4 (as a \336lter) 72 628 P
--0.4 (. The key may be speci\336ed either on the command line or may be typed to the prompt. So,) 114.51 628 P
-(if the input \336le ) 72 608 T
-7 F
-(inputf) 145.96 608 T
-(ile) 189.14 608 T
-0 F
-( contains the message) 210.73 608 T
-6 F
-(a) 253.9 584 T
-8 F
-(z) 261.1 584 T
-6 F
-(test) 266.07 584 T
-8 F
-(z) 294.86 584 T
-6 F
-(message) 299.83 584 T
-9 F
-(\277) 350.21 584 T
-0 F
-(then the following command encrypts it using the key ) 72 560 T
-6 F
-(abcdefgh) 333.5 560 T
-0 F
-(:) 391.07 560 T
-6 F
-(bdes -k abcdefgh < ) 158.48 536 T
-7 F
-(inputf) 295.21 536 T
-(ile) 338.38 536 T
-6 F
-( > ) 359.97 536 T
-7 F
-(outputf) 381.56 536 T
-(ile) 431.93 536 T
-0 F
-(The option ) 72 512 T
-4 F
-(-k) 127.3 512 T
-0 F
-( indicates the next ar) 137.96 512 T
-(gument is the key) 237.01 512 T
-(. Now ) 321.17 512 T
-7 F
-(outputf) 353.48 512 T
-(ile) 403.86 512 T
-0 F
-( contains) 425.45 512 T
-10 F
-(16 0e eb af 68 a0 d0 19 f1 a2 9b 31 0d 8a 01 c3) 136.89 488 T
-0 F
-0.06 (Other modes are speci\336ed using command-line options, as is control of the way the key is) 108 464 P
-(interpreted. The next sections contain several examples, and the Appendix has the manual page.) 72 444 T
-4 F
-(3. Keys and Parity) 72 412 T
-0 F
-0.58 (The key consists of 64 bits, and may be presented in any of hex, binary) 108 388 P
-0.58 (, or as a string of) 456.48 388 P
-5 F
-0.12 (ASCII) 72 368 P
-0 F
-0.14 ( characters. If the key is given in hex or binary) 98.1 368 P
-0.14 (, it is used as is with no changes. However) 322.21 368 P
-0.14 (, if) 526.53 368 P
--0.27 (the key is given in ) 72 348 P
-5 F
--0.23 (ASCII) 161.59 348 P
-0 F
--0.27 (, a delicate problem arises: by convention, the parity bit is usually set to 0.) 187.69 348 P
--0.47 (This high-order bit is generally ignored by applications; but the DES
-does not do so. Instead, it dis-) 72 328 P
--0.14 (cards the low-order bit, ef) 72 308 P
--0.14 (fectively reducing the size of the space of possible keys from 2) 195.44 308 P
-5 F
--0.12 (56) 495.97 312.8 P
-0 F
--0.14 ( to 2) 505.97 308 P
-5 F
--0.12 (48) 527.01 312.8 P
-0 F
--0.14 (.) 537 308 P
--0.46 ( T) 108 284 P
--0.46 (o preserve the size of the key space, the value of the parity bit must be related to the value) 117.03 284 P
--0.09 (in the low-order bit, so the program sets the high-order bit to make each character in the key be of) 72 264 P
--0.7 (odd parity) 72 244 P
--0.7 (. \050Note that the initial value of the parity bit is ) 119.49 244 P
-3 F
--0.7 (not) 334.99 244 P
-0 F
--0.7 ( used in this computation.\051 For example,) 350.31 244 P
-(if the key is ) 72 224 T
-6 F
-(abcdefgh) 131.29 224 T
-0 F
-(, the actual key bits used are determined as follows:) 188.86 224 T
-5 F
-(ASCII) 99 200 T
-0 F
-( key) 125.1 200 T
-6 F
-(a) 243 200 T
-(b) 279 200 T
-(c) 315 200 T
-(d) 351 200 T
-(e) 387 200 T
-(f) 423 200 T
-(g) 459 200 T
-(h) 495 200 T
-5 F
-(ASCII) 99 180 T
-0 F
-( key bits \050hex\051) 125.1 180 T
-10 F
-(61) 243 180 T
-(62) 279 180 T
-(63) 315 180 T
-(64) 351 180 T
-(65) 387 180 T
-(66) 423 180 T
-(67) 459 180 T
-(68) 495 180 T
-0 F
-(parity) 99 160 T
-(odd) 243 160 T
-(odd) 279 160 T
-(even) 315 160 T
-(odd) 351 160 T
-(even) 387 160 T
-(even) 423 160 T
-(odd) 459 160 T
-(odd) 495 160 T
-(key bits used \050hex\051) 99 140 T
-10 F
-(61) 243 140 T
-(62) 279 140 T
-(e3) 315 140 T
-(64) 351 140 T
-(e5) 387 140 T
-(e6) 423 140 T
-(67) 459 140 T
-(68) 495 140 T
-0 F
-0.18 (This convention \050as opposed to requiring even parity) 108 120 P
-0.18 (, or simply copying the low-order bit) 362 120 P
--0.41 (to the high-order bit\051 was chosen to provide compatibility with the encryption program ) 72 100 P
-3 F
--0.41 (des) 486.77 100 P
-0 F
--0.41 ( distrib-) 502.76 100 P
--0.52 (uted by Sun Microsystems, Inc. [4]. Whether the key is entered on the command line or on the key-) 72 80 P
-FMENDPAGE
-%%EndPage: "2" 5
-%%Page: "3" 5
-612 792 0 FMBEGINPAGE
-72 745.99 540 756 R
-7 X
-0 K
-V
-72 32.69 540 42.7 R
-V
-0 F
-0 X
-(Page 3 of 11) 479.71 34.7 T
-72 72 540 720 R
-7 X
-V
-0 X
-1.89 (board, by default it is processed into the same key schedule generated by Sun\325) 72 712 P
-1.89 (s ) 471.02 712 P
-3 F
-1.89 (des) 480.58 712 P
-0 F
-1.89 (, so \336les) 496.56 712 P
-(encrypted on a Sun can be decrypted using ) 72 692 T
-3 F
-(bdes) 280.51 692 T
-0 F
-( \050and vice versa\051.) 302.49 692 T
--0.3 (If the user does not wish to use the Sun convention, the option \320) 108 668 P
-4 F
--0.3 (p) 411.9 668 P
-0 F
--0.3 ( will disable the parity bit) 418.57 668 P
--0.62 (changing; with it, the parity bit is that of the character typed. This
-is useful when the key is a known) 72 648 P
-5 F
-(ASCII) 72 628 T
-0 F
-( string and the \336le was encrypted on a system which does not alter parity bits.) 98.1 628 T
--0.24 (A key may be represented as a bit vector) 108 604 P
--0.24 (, rather than an ) 300.74 604 P
-5 F
--0.2 (ASCII) 374.7 604 P
-0 F
--0.24 ( string, in one of two ways. It) 400.8 604 P
-0.19 (may be represented as a string of up to 16 hexadecimal digits; if fewer than 16 are given, the key) 72 584 P
-0.16 (is right \336lled with 0 bits. Or) 72 564 P
-0.16 (, it may be represented as a string of up to 64 binary digits, and again) 206.11 564 P
-0.15 (if fewer than 64 are given, the key is right-\336lled with 0 bits. Bit
-vector keys must be given on the) 72 544 P
-0.51 (command line, and must begin with the characters ) 72 524 P
-6 F
-1.24 (0x) 320.28 524 P
-0 F
-0.51 ( or ) 334.67 524 P
-6 F
-1.24 (0X) 351.69 524 P
-0 F
-0.51 ( \050for hexadecimal\051 or ) 366.08 524 P
-6 F
-1.24 (0b) 472.71 524 P
-0 F
-0.51 ( or ) 487.1 524 P
-6 F
-1.24 (0B) 504.12 524 P
-0 F
-0.51 ( \050for) 518.51 524 P
-(binary\051. For example, all of the following strings generate the same key schedule:) 72 504 T
-5 F
-(ASCII) 72 480 T
-0 F
-( key) 98.1 480 T
-6 F
-(abcdefgh) 180 480 T
-0 F
-(hexadecimal key) 72 460 T
-6 F
-(0x6162e364e5e66768) 180 460 T
-0 F
-(binary key) 72 440 T
-6 F
-(0b0110000101100010111000110110100011100101111000-) 180 440 T
-(1100110011101101000) 180 420 T
-0 F
--0.14 ( Note that giving the key on the command line as ) 108 396 P
-6 F
--0.34 (0x6162636465666768) 345.27 396 P
-0 F
--0.14 ( will ) 474.8 396 P
-3 F
--0.14 (not) 499.17 396 P
-0 F
--0.14 ( reset) 514.5 396 P
-0.25 (the parity bits, because it is interpreted as a sequence of hex digits, not ) 72 376 P
-5 F
-0.21 (ASCII) 416.58 376 P
-0 F
-0.25 ( characters. The dif-) 442.68 376 P
-0.69 (ference in interpretation is that here the user can specify all bits of the key exactly) 72 356 P
-0.69 (, whereas \050on) 474.34 356 P
-0.25 (most terminals\051 it is not possible to control how the parity bit of ) 72 336 P
-5 F
-0.21 (ASCII) 384.76 336 P
-0 F
-0.25 ( characters is set. On some) 410.85 336 P
-0.36 (systems, it is possible to use a \322Meta\323 key to set the parity bit for an ) 72 316 P
-5 F
-0.3 (ASCII) 407.23 316 P
-0 F
-0.36 ( character; should this) 433.33 316 P
--0.3 (be the case and the user desire ) 72 296 P
-3 F
--0.3 (bdes) 218.09 296 P
-0 F
--0.3 ( not to reset the parity bit, the option ) 240.07 296 P
-4 F
--0.3 (\320p) 415.25 296 P
-0 F
--0.3 ( will force the parity bit) 427.92 296 P
-(to be used as typed.) 72 276 T
-4 F
-(4. Encryption Output Repr) 72 244 T
-(esentation) 211.05 244 T
-0 F
-0.01 (All modes of the DES output ciphertext in blocks; the size of the block is 64 bits \0508 bytes\051) 108 220 P
--0.25 (for ECB and CBC modes, and ) 72 200 P
-3 F
--0.25 (k) 218.74 200 P
-0 F
--0.25 ( bits for the ) 224.07 200 P
-3 F
--0.25 (k) 281.02 200 P
-0 F
--0.25 (-bit CFB and OFB modes, and there are as many out-) 286.35 200 P
--0.5 (put blocks as input blocks. However) 72 180 P
--0.5 (, as the length of the input is usually not a multiple of the block) 243.55 180 P
--0.35 (size, some padding is necessary; but as padding must be done by appending characters, these char-) 72 160 P
-0.29 (acters must be distinguished from the input characters somehow) 72 140 P
-0.29 (. The mechanism used is that the) 381.35 140 P
-0.31 (last character of the \050decrypted\051 last block is the
-\050integer\051 number of characters from the input in) 72 120 P
-(the last block.) 72 100 T
-FMENDPAGE
-%%EndPage: "3" 6
-%%Page: "4" 6
-612 792 0 FMBEGINPAGE
-72 745.99 540 756 R
-7 X
-0 K
-V
-72 32.69 540 42.7 R
-V
-0 F
-0 X
-(Page 4 of 11) 479.71 34.7 T
-72 72 540 720 R
-7 X
-V
-0 X
--0.59 (For example, suppose ) 108 712 P
-7 F
--1.41 (inputf) 214.16 712 P
--1.41 (ile) 257.34 712 P
-0 F
--0.59 ( contains \322) 278.93 712 P
-6 F
--1.41 (This) 329.04 712 P
-8 F
--0.65 (z) 357.83 712 P
-6 F
--1.41 (is) 362.8 712 P
-8 F
--0.65 (z) 377.2 712 P
-6 F
--1.41 (a) 382.17 712 P
-8 F
--0.65 (z) 389.37 712 P
-6 F
--1.41 (test) 394.35 712 P
-9 F
--0.59 (\277) 423.13 712 P
-0 F
--0.59 (\323, and it is encrypted in) 431.02 712 P
-(CBC mode using the key \322) 72 692 T
-6 F
-(abcdef#@) 200.93 692 T
-0 F
-(\323 and the initialization vector ) 258.5 692 T
-6 F
-(0x0) 401.4 692 T
-0 F
-(; the command is) 422.99 692 T
-6 F
-(bdes -k abcdef#@ < ) 158.48 668 T
-7 F
-(inputf) 295.21 668 T
-(ile) 338.38 668 T
-6 F
-( > ) 359.97 668 T
-7 F
-(outputf) 381.56 668 T
-(ile) 431.93 668 T
-0 F
-(as CBC is the default encryption mode and ) 72 644 T
-6 F
-(0x0) 281.2 644 T
-0 F
-( the default initialization vector:) 302.79 644 T
-(text) 72 620 T
-6 F
-(T) 117 620 T
-(h) 144 620 T
-(i) 171 620 T
-(s) 198 620 T
-8 F
-(z) 225 620 T
-6 F
-(i) 252 620 T
-(s) 279 620 T
-8 F
-(z) 306 620 T
-6 F
-(a) 333 620 T
-8 F
-(z) 360 620 T
-6 F
-(t) 387 620 T
-(e) 414 620 T
-(s) 441 620 T
-(t) 468 620 T
-9 F
-(\277) 495 620 T
-0 F
-(hex) 72 600 T
-10 F
-(54) 117 600 T
-(68) 144 600 T
-(69) 171 600 T
-(73) 198 600 T
-(20) 225 600 T
-(69) 252 600 T
-(73) 279 600 T
-(20) 306 600 T
-(61) 333 600 T
-(20) 360 600 T
-(74) 387 600 T
-(65) 414 600 T
-(73) 441 600 T
-(74) 468 600 T
-(0a) 495 600 T
-0 F
-(input) 72 580 T
-10 F
-(54) 117 580 T
-(68) 144 580 T
-(69) 171 580 T
-(73) 198 580 T
-(20) 225 580 T
-(69) 252 580 T
-(73) 279 580 T
-(20) 306 580 T
-(61) 333 580 T
-(20) 360 580 T
-(74) 387 580 T
-(65) 414 580 T
-(73) 441 580 T
-(74) 468 580 T
-(0a) 495 580 T
-(07) 522 580 T
-0 F
-(output) 72 560 T
-10 F
-(a5) 117 560 T
-(5f) 144 560 T
-(81) 171 560 T
-(53) 198 560 T
-(51) 225 560 T
-(98) 252 560 T
-(47) 279 560 T
-(02) 306 560 T
-(db) 333 560 T
-(5a) 360 560 T
-(c5) 387 560 T
-(fe) 414 560 T
-(50) 441 560 T
-(3d) 468 560 T
-(40) 495 560 T
-(ce) 522 560 T
-0 F
-0.04 (Notice that the text is 15 characters long, so there are 7 bytes following the last full block.) 108 540 P
-3 F
-0.22 (Bdes) 72 520 P
-0 F
-0.22 ( pads this to a full block by appending one byte containing the ) 95.32 520 P
-5 F
-0.19 (ASCII) 399.67 520 P
-0 F
-0.22 ( character with numeric) 425.77 520 P
-(value 7 \050the ) 72 500 T
-5 F
-(ASCII) 131.62 500 T
-0 F
-( character <) 157.71 500 T
-5 F
-(BEL) 214.42 500 T
-0 F
-(>\051. The result is then encrypted.) 233.3 500 T
-0.44 (As another example, suppose ) 108 476 P
-7 F
-1.07 (inputf) 253.34 476 P
-1.07 (ile) 296.52 476 P
-0 F
-0.44 ( contains \322) 318.11 476 P
-6 F
-1.07 (test) 370.29 476 P
-0 F
-0.44 (\323, and it is encrypted in ECB) 399.08 476 P
-(mode using the key \322) 72 456 T
-6 F
-(abcdef#@) 173.93 456 T
-0 F
-(\323; the command is) 231.5 456 T
-6 F
-(bdes -b \320k abcdef#@ < ) 147.69 432 T
-7 F
-(inputf) 306 432 T
-(ile) 349.18 432 T
-6 F
-( > ) 370.76 432 T
-7 F
-(outputf) 392.35 432 T
-(ile) 442.73 432 T
-0 F
-(because the option ) 72 408 T
-4 F
-(\320b) 164.26 408 T
-0 F
-( signi\336es ECB mode:) 176.93 408 T
-(text) 72 384 T
-6 F
-(t) 144 384 T
-(e) 171 384 T
-(s) 198 384 T
-(t) 225 384 T
-0 F
-(hex) 72 364 T
-10 F
-(74) 144 364 T
-(65) 171 364 T
-(73) 198 364 T
-(74) 225 364 T
-0 F
-(input) 72 344 T
-10 F
-(74) 144 344 T
-(65) 171 344 T
-(73) 198 344 T
-(74) 225 344 T
-(00) 252 344 T
-(00) 279 344 T
-(00) 306 344 T
-(04) 333 344 T
-0 F
-(output) 72 324 T
-10 F
-(0d) 144 324 T
-(8a) 171 324 T
-(6e) 198 324 T
-(57) 225 324 T
-(9c) 252 324 T
-(8f) 279 324 T
-(27) 306 324 T
-(5d) 333 324 T
-0 F
--0.31 (Finally) 108 304 P
--0.31 (, if the length of the message is indeed a multiple of the block size, an extra block of) 141.21 304 P
-0.83 (all 0 bits is added. Suppose ) 72 284 P
-7 F
-1.99 (inputf) 210.57 284 P
-1.99 (ile) 253.74 284 P
-0 F
-0.83 ( contains \322) 275.33 284 P
-6 F
-1.99 (test) 328.28 284 P
-9 F
-0.83 (\277) 357.07 284 P
-0 F
-0.83 (\323, and it is encrypted in 40-bit CFB) 364.96 284 P
-1.51 (mode using the key \322) 72 264 P
-6 F
-3.62 (abcdef#@) 179.96 264 P
-0 F
-1.51 (\323 and the initialization vector ) 237.53 264 P
-6 F
-3.62 (0x0123456789abcdef) 387.97 264 P
-0 F
-1.51 (; the) 517.5 264 P
-(command is) 72 244 T
-6 F
--0.99 (bdes -f40 -v0x0123456789abcdef -kabcdef#@ < ) 72 220 P
-7 F
--0.99 (inputf) 383.67 220 P
--0.99 (ile) 426.85 220 P
-6 F
--0.99 ( > ) 448.43 220 P
-7 F
--0.99 (outputf) 468.04 220 P
--0.99 (ile) 518.41 220 P
-0 F
-0.16 (because the option ) 72 196 P
-4 F
-0.16 (\320f40 ) 164.75 196 P
-0 F
-0.16 (signi\336es 40-bit CFB mode, and ) 189.89 196 P
-4 F
-0.16 (-v0x01234566789abcdef) 343.96 196 P
-0 F
-0.16 ( sets the initial-) 465.89 196 P
-(ization vector \050note that spaces between the option and its ar) 72 176 T
-(gument are optional\051:) 361.57 176 T
-(text) 72 152 T
-6 F
-(t) 144 152 T
-(e) 171 152 T
-(s) 198 152 T
-(t) 225 152 T
-9 F
-(\277) 252 152 T
-0 F
-(hex) 72 132 T
-10 F
-(74) 144 132 T
-(65) 171 132 T
-(73) 198 132 T
-(74) 225 132 T
-(0a) 252 132 T
-0 F
-(input) 72 112 T
-10 F
-(74) 144 112 T
-(65) 171 112 T
-(73) 198 112 T
-(74) 225 112 T
-(0a) 252 112 T
-(00) 279 112 T
-(00) 306 112 T
-(00) 333 112 T
-(00) 360 112 T
-(00) 387 112 T
-0 F
-(output) 72 92 T
-10 F
-(e2) 144 92 T
-(c2) 171 92 T
-(69) 198 92 T
-(a4) 225 92 T
-(5b) 252 92 T
-(3c) 279 92 T
-(3d) 306 92 T
-(b3) 333 92 T
-(f5) 360 92 T
-(3c) 387 92 T
-FMENDPAGE
-%%EndPage: "4" 7
-1 12 /Times-BoldItalic FMDEFINEFONT
-2 14 /Symbol FMDEFINEFONT
-%%Page: "5" 7
-612 792 0 FMBEGINPAGE
-72 745.99 540 756 R
-7 X
-0 K
-V
-72 32.69 540 42.7 R
-V
-0 F
-0 X
-(Page 5 of 11) 479.71 34.7 T
-72 72 540 720 R
-7 X
-V
-0 X
-(Note here the block size is 40 bits \0505 bytes\051, not 64 bits \0508 bytes\051.) 108 712 T
--0.4 (This technique allows complete compatibility with Sun\325) 108 688 P
--0.4 (s ) 374.11 688 P
-3 F
--0.4 (des) 381.37 688 P
-0 F
--0.4 ( program. In Sun\325) 397.36 688 P
--0.4 (s implemen-) 480.77 688 P
-0.02 (tation, padding is done with random bytes rather than bytes containing all zero bits. Cryptograph-) 72 668 P
-0.85 (ically) 72 648 P
-0.85 (, this makes no dif) 97.87 648 P
-0.85 (ference, as the DES is a suf) 189.32 648 P
-0.85 (\336ciently good random cipher to obscure the) 325.74 648 P
-(input \050see for example [2], Chapter 6\051, and known plaintext attacks are very dif) 72 628 T
-(\336cult [1].) 451.82 628 T
-4 F
-(5. Differ) 72 596 T
-(ences Between the Standard CFB and OFB Modes and ) 114.41 596 T
-1 F
-(bdes) 397.26 596 T
-0 F
--0.11 (The UNIX operating system treats all \336les as streams of 8-bit bytes. In order to implement) 108 572 P
--0.08 (the CFB and OFB modes properly) 72 552 P
--0.08 (, it would be necessary to read ) 235.74 552 P
-3 F
--0.08 (k) 383.74 552 P
-0 F
--0.08 ( bits from the \336le, where ) 389.07 552 P
-3 F
--0.08 (k) 509.51 552 P
-0 F
--0.08 ( is an) 514.84 552 P
-0.98 (integer between 1 and 64 inclusive. However) 72 532 P
-0.98 (, this would require considerable buf) 294.22 532 P
-0.98 (fering and be) 474.77 532 P
-0.23 (quite inef) 72 512 P
-0.23 (\336cient and prohibitively slow) 117.65 512 P
-0.23 (. For these reasons, the current implementation of ) 258.48 512 P
-3 F
-0.23 (bdes) 501.48 512 P
-0 F
-0.23 ( re-) 523.46 512 P
-0.47 (quires that ) 72 492 P
-3 F
-0.47 (k) 126.23 492 P
-0 F
-0.47 ( be a multiple of 8, so that an integral number of bytes will always be read from the) 131.56 492 P
-(\336le. Other than this change, this mode is implemented as described in [3].) 72 472 T
--0.58 (A similar observation holds for the alternate CFB mode described in [3]. Here, only the low) 108 448 P
-0.23 (7 bits of each byte are signi\336cant, and hence the parameter ) 72 428 P
-3 F
-0.23 (k) 358.95 428 P
-0 F
-0.23 ( is an integer from 1 to 56 inclusive;) 364.28 428 P
-(bdes requires k to be a multiple of 7. The high-order bit is retained for encryption and decryption,) 72 408 T
-(but output \050whether from encryption or decryption\051 always has the high-order bit set to zero.) 72 388 T
-4 F
-(6. Message Authentication Code Modes) 72 356 T
-0 F
-0.57 (The Data Encryption Standard provides two modes of authentication, each providing be-) 108 332 P
-1.27 (tween 1 and 64 bits of authentication data. In both cases an ) 72 312 P
-3 F
-1.27 (n) 373.32 312 P
-0 F
-1.27 (-bit message authentication code) 379.32 312 P
-0.62 (\050MAC\051 is generated, where 1) 72 292 P
-2 F
-0.73 ( ) 214.71 292 P
-9 F
-0.62 (\243) 218.94 292 P
-0 F
-0.62 ( ) 225.52 292 P
-3 F
-0.62 (n) 229.15 292 P
-0 F
-0.62 ( ) 235.14 292 P
-9 F
-0.62 (\243) 238.76 292 P
-0 F
-0.62 ( 64. The \336rst is based on the CBC encryption mode, and the) 245.35 292 P
-(second on CFB mode. Both work the same.) 72 272 T
-0.13 (First, the \336le is padded to a multiple of the block size by appending enough zero bits. It is) 108 248 P
--0.16 (then encrypted using the standard CBC \050or CFB\051 algorithm, but
-all encrypted text is discarded ex-) 72 228 P
--0.44 (cept for the last block. The ) 72 208 P
-3 F
--0.44 (n) 200.9 208 P
-0 F
--0.44 ( leading bits of the last block are used as the MAC. Note that the block) 206.9 208 P
-(size constrains the number of bits available as the MAC.) 72 188 T
-0.71 (The implementation allows the user to specify that the MAC is to be computed in either) 108 164 P
--0.01 (CBC or CFB mode, and the user can specify any number of bits from 1 to 64 inclusive. However) 72 144 P
--0.01 (,) 537 144 P
--0.11 (because the UNIX operating system can only output bits in multiples of 8, if the number of bits of) 72 124 P
--0.08 (MAC is not a multiple of 8, the MAC will be right-padded with the minimum number of zero bits) 72 104 P
--0.31 (necessary to make the MAC length be a multiple of 8. However) 72 84 P
--0.31 (, note that as the standard \050[3], Ap-) 374.6 84 P
-FMENDPAGE
-%%EndPage: "5" 8
-%%Page: "6" 8
-612 792 0 FMBEGINPAGE
-72 745.99 540 756 R
-7 X
-0 K
-V
-72 32.69 540 42.7 R
-V
-0 F
-0 X
-(Page 6 of 11) 479.71 34.7 T
-72 72 540 720 R
-7 X
-V
-0 X
--0.14 (pendix F\051 requires an incomplete \336nal block be right-padded with
-zeroes, the technique of forcing) 72 712 P
-(the last octet to contain the number of bytes in the message is ) 72 692 T
-3 F
-(not) 369.47 692 T
-0 F
-( used here.) 384.8 692 T
--0.39 (For example, suppose ) 108 668 P
-7 F
--0.94 (inputf) 214.76 668 P
--0.94 (ile) 257.93 668 P
-0 F
--0.39 ( contains \322) 279.52 668 P
-6 F
--0.94 (This) 330.04 668 P
-8 F
--0.43 (z) 358.82 668 P
-6 F
--0.94 (is) 363.8 668 P
-8 F
--0.43 (z) 378.19 668 P
-6 F
--0.94 (a) 383.17 668 P
-8 F
--0.43 (z) 390.36 668 P
-6 F
--0.94 (test) 395.34 668 P
-9 F
--0.39 (\277) 424.13 668 P
-0 F
--0.39 (\323, and a 64-bit MAC is) 432.02 668 P
--0.73 (to be generated using CBC mode, the key \322) 72 648 P
-6 F
--1.74 (abcdef#@) 274.39 648 P
-0 F
--0.73 (\323 and the initialization vector ) 331.96 648 P
-6 F
--1.74 (0x0) 471.23 648 P
-0 F
--0.73 (; the com-) 492.82 648 P
-(mand is) 72 628 T
-6 F
-(bdes -m 64 -k abcdef#@ < ) 136.89 604 T
-7 F
-(inputf) 316.79 604 T
-(ile) 359.97 604 T
-6 F
-( > ) 381.56 604 T
-7 F
-(outputf) 403.15 604 T
-(ile) 453.52 604 T
-0 F
-(as CBC is the default encryption mode and ) 72 580 T
-6 F
-(0x0) 281.2 580 T
-0 F
-( the default initialization vector:) 302.79 580 T
-(text) 72 556 T
-6 F
-(T) 117 556 T
-(h) 144 556 T
-(i) 171 556 T
-(s) 198 556 T
-8 F
-(z) 225 556 T
-6 F
-(i) 252 556 T
-(s) 279 556 T
-8 F
-(z) 306 556 T
-6 F
-(a) 333 556 T
-8 F
-(z) 360 556 T
-6 F
-(t) 387 556 T
-(e) 414 556 T
-(s) 441 556 T
-(t) 468 556 T
-9 F
-(\277) 495 556 T
-0 F
-(hex) 72 536 T
-10 F
-(54) 117 536 T
-(68) 144 536 T
-(69) 171 536 T
-(73) 198 536 T
-(20) 225 536 T
-(69) 252 536 T
-(73) 279 536 T
-(20) 306 536 T
-(61) 333 536 T
-(20) 360 536 T
-(74) 387 536 T
-(65) 414 536 T
-(73) 441 536 T
-(74) 468 536 T
-(0a) 495 536 T
-0 F
-(input) 72 516 T
-10 F
-(54) 117 516 T
-(68) 144 516 T
-(69) 171 516 T
-(73) 198 516 T
-(20) 225 516 T
-(69) 252 516 T
-(73) 279 516 T
-(20) 306 516 T
-(61) 333 516 T
-(20) 360 516 T
-(74) 387 516 T
-(65) 414 516 T
-(73) 441 516 T
-(74) 468 516 T
-(0a) 495 516 T
-(00) 522 516 T
-0 F
-(output) 72 496 T
-10 F
-(43) 117 496 T
-(18) 144 496 T
-(de) 171 496 T
-(74) 198 496 T
-(24) 225 496 T
-(a9) 252 496 T
-(65) 279 496 T
-(d1) 306 496 T
-0 F
-0.04 (Notice that the text is 15 characters long, so there are 7 bytes following the last full block.) 108 476 P
-3 F
-(Bdes) 72 456 T
-0 F
-( pads this to a full block by appending a zero-\336lled byte. The result is then encrypted and the) 95.32 456 T
-(last block of output is used as the MAC.) 72 436 T
-0.06 (As another example, suppose we used the same text, and wanted a 36-bit MAC to be gen-) 108 412 P
-6.91 (erated using 40-bit CFB mode, the key \322) 72 392 P
-6 F
-16.58 (abcdef#@) 314.9 392 P
-0 F
-6.91 (\323 and the initialization vector) 372.47 392 P
-6 F
-(0x0123456789abcdef) 72 372 T
-0 F
-(; the command is) 201.53 372 T
-6 F
-(bdes -m 36 -f 40 -v 0x0123456789abcdef < ) 79.32 348 T
-7 F
-(inputf) 374.36 348 T
-(ile) 417.54 348 T
-6 F
-( > ) 439.13 348 T
-7 F
-(outputf) 460.71 348 T
-(ile) 511.09 348 T
-0 F
--0.19 (where ) 72 324 P
-4 F
--0.19 (\320m 36) 104.11 324 P
-0 F
--0.19 ( is the option to generate a 36-bit MAC, ) 134.91 324 P
-4 F
--0.19 (\320f 40) 327.79 324 P
-0 F
--0.19 ( indicates 40-bit CFB is to be used, and) 352.58 324 P
-4 F
--0.31 (\320v 0x123456789abcdef) 72 304 P
-0 F
--0.31 ( sets the initialization vector) 186.62 304 P
--0.31 (. Note that, as the key is not given on the com-) 319.95 304 P
-(mand line, the user will be prompted for it. It gives:) 72 284 T
-(text) 72 260 T
-6 F
-(T) 117 260 T
-(h) 144 260 T
-(i) 171 260 T
-(s) 198 260 T
-8 F
-(z) 225 260 T
-6 F
-(i) 252 260 T
-(s) 279 260 T
-8 F
-(z) 306 260 T
-6 F
-(a) 333 260 T
-8 F
-(z) 360 260 T
-6 F
-(t) 387 260 T
-(e) 414 260 T
-(s) 441 260 T
-(t) 468 260 T
-9 F
-(\277) 495 260 T
-0 F
-(hex) 72 240 T
-10 F
-(54) 117 240 T
-(68) 144 240 T
-(69) 171 240 T
-(73) 198 240 T
-(20) 225 240 T
-(69) 252 240 T
-(73) 279 240 T
-(20) 306 240 T
-(61) 333 240 T
-(20) 360 240 T
-(74) 387 240 T
-(65) 414 240 T
-(73) 441 240 T
-(74) 468 240 T
-(0a) 495 240 T
-0 F
-(input) 72 220 T
-10 F
-(54) 117 220 T
-(68) 144 220 T
-(69) 171 220 T
-(73) 198 220 T
-(20) 225 220 T
-(69) 252 220 T
-(73) 279 220 T
-(20) 306 220 T
-(61) 333 220 T
-(20) 360 220 T
-(74) 387 220 T
-(65) 414 220 T
-(73) 441 220 T
-(74) 468 220 T
-(0a) 495 220 T
-0 F
-(output) 72 200 T
-10 F
-(2b) 117 200 T
-(18) 144 200 T
-(68) 171 200 T
-(2d) 198 200 T
-(60) 225 200 T
-0 F
-0.19 (Note that the MAC is padded on the right by four zero bits to produce \336ve characters that) 108 180 P
-(can be output.) 72 160 T
-4 F
-(7. Differ) 72 128 T
-(ences Between ) 114.41 128 T
-1 F
-(bdes) 191.01 128 T
-4 F
-( and Sun\325) 212.99 128 T
-(s DES Implementation) 261.88 128 T
-0 F
-0.02 (The program ) 108 104 P
-3 F
-0.02 (bdes) 173.33 104 P
-0 F
-0.02 ( is designed to be completely compatible with Sun Microsystems, Inc.\325) 195.31 104 P
-0.02 (s) 535.33 104 P
-0.57 (implementation of the Data Encryption Standard, called ) 72 84 P
-3 F
-0.57 (des) 347.14 84 P
-0 F
-0.57 ( and described in [4]. Thus, \336les en-) 363.13 84 P
-FMENDPAGE
-%%EndPage: "6" 9
-%%Page: "7" 9
-612 792 0 FMBEGINPAGE
-72 745.99 540 756 R
-7 X
-0 K
-V
-72 32.69 540 42.7 R
-V
-0 F
-0 X
-(Page 7 of 11) 479.71 34.7 T
-72 72 540 720 R
-7 X
-V
-0 X
-0.44 (crypted using ) 72 712 P
-3 F
-0.44 (des) 140.84 712 P
-0 F
-0.44 ( can be decrypted using ) 156.83 712 P
-3 F
-0.44 (bdes) 275.29 712 P
-0 F
-0.44 (, and vice versa, provided modes common to both) 297.27 712 P
--0.34 (are used. However) 72 692 P
--0.34 (, ) 160.41 692 P
-3 F
--0.34 (bdes) 166.06 692 P
-0 F
--0.34 ( does not allow \336les to be named on the command line, nor does it support) 188.05 692 P
--0.68 (hardware devices \050and so the ) 72 672 P
-4 F
--0.68 (-s) 210.83 672 P
-0 F
--0.68 ( and ) 219.49 672 P
-4 F
--0.68 (-f) 241.45 672 P
-0 F
--0.68 ( options of Sun\325) 249.44 672 P
--0.68 (s ) 323.71 672 P
-3 F
--0.68 (des) 330.7 672 P
-0 F
--0.68 ( are not available\051. Further) 346.69 672 P
--0.68 (, as encryption) 471.07 672 P
--0.05 (is the default, the Sun ) 72 652 P
-3 F
--0.05 (des) 179.01 652 P
-0 F
--0.05 ( ) 195 652 P
-4 F
--0.05 (-e) 197.95 652 P
-0 F
--0.05 ( option is not recognized. As the manual page to ) 207.27 652 P
-3 F
--0.05 (bdes) 441.6 652 P
-0 F
--0.05 ( is in the appen-) 463.59 652 P
-(dix, these dif) 72 632 T
-(ferences will not be elaborated upon further) 134.08 632 T
-(.) 343.24 632 T
-0.44 (Sun\325) 108 608 P
-0.44 (s ) 130 608 P
-3 F
-0.44 (des) 138.1 608 P
-0 F
-0.44 ( supports the use of special-purpose hardware to encrypt and decrypt. Although) 154.09 608 P
-3 F
-1.33 (bdes) 72 588 P
-0 F
-1.33 ( does not directly support the use of such hardware, it uses the library routine ) 93.98 588 P
-3 F
-1.33 (encrypt) 487.05 588 P
-0 F
-1.33 (\0503\051,) 523.02 588 P
--0.09 (which may) 72 568 P
--0.09 (. Hardware support was not included directly to support as lar) 124.1 568 P
--0.09 (ge a number of platforms) 419.11 568 P
-(as possible with installers needing to know as little about the hardware as possible.) 72 548 T
--0.08 (Sun\325) 108 524 P
--0.08 (s ) 130 524 P
-3 F
--0.08 (des) 137.58 524 P
-0 F
--0.08 ( supports only the CBC and ECB encryption modes; ) 153.57 524 P
-3 F
--0.08 (bdes) 407.07 524 P
-0 F
--0.08 ( supports all modes de-) 429.05 524 P
-0.26 (scribed in [3] \050although CFB and OFB are not completely supported\051 as well as both CBC-based) 72 504 P
-(and CFB-based MACs.) 72 484 T
-0.15 (Although input with length not a multiple of the block size is handled in the same way by) 108 460 P
--0.47 (both ) 72 440 P
-3 F
--0.47 (des) 95.85 440 P
-0 F
--0.47 ( and ) 111.84 440 P
-3 F
--0.47 (bdes) 134.21 440 P
-0 F
--0.47 (, dif) 156.19 440 P
--0.47 (ferent values of the padding bytes are used in all but the last byte of the input.) 174.82 440 P
-(Where ) 72 420 T
-3 F
-(bdes) 106.96 420 T
-0 F
-( puts zero bytes, ) 128.94 420 T
-3 F
-(des) 209.89 420 T
-0 F
-( puts bytes containing random values. The reason for Sun\325) 225.87 420 T
-(s doing) 505.02 420 T
-0.47 (so is to prevent a known plaintext attack on the \336le should an
-attacker determine that the input\325) 72 400 P
-0.47 (s) 535.33 400 P
--0.29 (length were a multiple of the block size. W) 72 380 P
--0.29 (ith ) 276.05 380 P
-3 F
--0.29 (bdes) 291.43 380 P
-0 F
--0.29 (, the plaintext contents of the last block of input) 313.41 380 P
-0.31 (for such a \336le is known \050a block with all bits zero\051. W) 72 360 P
-0.31 (ith ) 333.99 360 P
-3 F
-0.31 (des) 349.96 360 P
-0 F
-0.31 (, the plaintext contents of that block) 365.95 360 P
-0.73 (are not known. Cryptanalytically) 72 340 P
-0.73 (, given the information about the strength of the DES currently) 231.29 340 P
-0.2 (known, it is widely believed that known plaintext attacks are infeasible
-\050see for example [1]\051 and) 72 320 P
-1.86 (so initializing and invoking the pseudorandom number generator seems unnecessary) 72 300 P
-1.86 (. But this) 492.63 300 P
-(means that ciphertexts produced from a plaintext by ) 72 280 T
-3 F
-(bdes) 324.48 280 T
-0 F
-( and ) 346.47 280 T
-3 F
-(des) 369.78 280 T
-0 F
-( will dif) 385.77 280 T
-(fer in the last block.) 423.54 280 T
-4 F
-(Refer) 72 248 T
-(ences) 100.41 248 T
-0 F
-([1]) 72 224 T
-0.37 (D. Denning, \322The Data Encryption Standard: Fifteen Y) 108 224 P
-0.37 (ears of Public Scrutiny) 374.87 224 P
-0.37 (,\323 ) 484.8 224 P
-3 F
-0.37 (Pr) 496.49 224 P
-0.37 (oceed-) 508.04 224 P
--0.47 (ings of the Sixth Annual Computer Security Applications Confer) 108 204 P
--0.47 (ence) 411.65 204 P
-0 F
--0.47 ( pp. x\320xv \050Dec. 1990\051.) 433.62 204 P
-([2]) 72 180 T
-(A. Konheim, ) 108 180 T
-3 F
-(Cryptography: A Primer) 173.29 180 T
-0 F
-(, John W) 291.4 180 T
-(iley and Sons, Inc., New Y) 333.9 180 T
-(ork, NY \0501981\051.) 461.94 180 T
-([3]) 72 156 T
-3 F
-0.63 (DES Modes of Operation) 108 156 P
-0 F
-0.63 (, Federal Information Processing Standards Publication 81, Na-) 231.47 156 P
--0.07 (tional Bureau of Standards, U.S. Department of Commerce, W) 108 136 P
--0.07 (ashington, DC \050Dec. 1980\051.) 407.62 136 P
-([4]) 72 112 T
-3 F
-(UNIX User) 108 112 T
-(\325) 162.74 112 T
-(s Manual) 165.18 112 T
-0 F
-(, Sun Microsystems Inc., Mountain V) 210.16 112 T
-(iew) 390 112 T
-(, CA \050Mar) 406.54 112 T
-(. 1988\051.) 455.51 112 T
-4 F
-(Appendix. The UNIX System Manual Page for ) 72 80 T
-1 F
-(bdes) 313.2 80 T
-FMENDPAGE
-%%EndPage: "7" 10
-1 11 /Times-Bold FMDEFINEFONT
-%%Page: "8" 10
-612 792 0 FMBEGINPAGE
-72 745.99 540 756 R
-7 X
-0 K
-V
-72 32.69 540 42.7 R
-V
-0 F
-0 X
-(Page 8 of 11) 479.71 34.7 T
-72 72 540 720 R
-7 X
-V
-1 F
-0 X
-(NAME) 72 712.67 T
-0 F
-(bdes - encrypt/decrypt using the Data Encryption Standard) 108 689 T
-1 F
-(SYNOPSIS) 72 663.67 T
-4 F
-(bdes) 108 640 T
-0 F
-( [) 131.33 640 T
-3 F
-( ) 138.32 640 T
-4 F
-(-abdp) 141.32 640 T
-0 F
-( ] [ ) 171.31 640 T
-4 F
-(-F) 188.3 640 T
-0 F
-( ) 199.62 640 T
-3 F
-(b) 202.62 640 T
-0 F
-( ] [ ) 208.61 640 T
-4 F
-(-f) 225.6 640 T
-0 F
-( ) 233.58 640 T
-3 F
-(b) 236.58 640 T
-0 F
-( ] [ ) 242.58 640 T
-4 F
-(-k) 259.56 640 T
-0 F
-( ) 270.22 640 T
-3 F
-(key) 273.22 640 T
-0 F
-( ] [ ) 289.2 640 T
-4 F
-(-m) 306.18 640 T
-0 F
-( ) 320.16 640 T
-3 F
-(b) 323.16 640 T
-0 F
-( ] [ ) 329.16 640 T
-4 F
-(-o) 346.14 640 T
-0 F
-( ) 356.13 640 T
-3 F
-(b) 359.13 640 T
-0 F
-( ] [ ) 365.13 640 T
-4 F
-(-v) 382.11 640 T
-0 F
-( ) 392.1 640 T
-3 F
-(vector) 395.1 640 T
-0 F
-( ]) 425.07 640 T
-1 F
-(DESCRIPTION) 72 614.67 T
-3 F
--0.69 (Bdes) 108 591 P
-0 F
--0.69 ( reads from the standard input and writes on the standard output. It implements all DES) 131.32 591 P
--0.09 (modes of operation described in FIPS PUB 81 including alternative cipher feedback mode) 108 577 P
-0.74 (and both authentication modes. All modes but the electronic code book mode require an) 108 563 P
--0.14 (initialization vector; if none is supplied, the zero vector is used. T) 108 549 P
--0.14 (o protect the key and ini-) 420.44 549 P
-0.29 (tialization vector from being read by) 108 535 P
-3 F
-0.29 ( ps) 284.98 535 P
-0 F
-0.29 (\0501\051, ) 298.94 535 P
-3 F
-0.29 (bdes ) 319.21 535 P
-0 F
-0.29 (hides its ar) 344.48 535 P
-0.29 (guments on entry) 396.81 535 P
-0.29 (. If no ) 479.89 535 P
-3 F
-0.29 (key ) 512.74 535 P
-0 F
-0.29 (is) 532 535 P
--0.61 (given, one is requested from the controlling terminal if that can be opened, or from the stan-) 108 521 P
-(dard input if not.) 108 507 T
--0.17 (The key and initialization vector are taken as sequences of ) 108 489 P
-5 F
--0.14 (ASCII) 389.38 489 P
-0 F
--0.17 ( characters which are then) 415.48 489 P
--0.35 (mapped into their bit representations. If either begins with
-\3240x\325 or \3240X\325, that one is taken as) 108 475 P
-1.02 (a sequence of hexadecimal digits indicating the bit pattern; if either begins with \3240b\325 or) 108 461 P
--0.73 (\3240B\325, that one is taken as a sequence of binary digits
-indicating the bit pattern. In either case,) 108 447 P
--0.37 (only the leading 64 bits of the key or initialization vector are used, and if fewer than 64 bits) 108 433 P
-0.35 (are provided, enough 0 bits are appended to pad the key to 64 bits. Note that if the key is) 108 419 P
-0.03 (not entered on the command line, it is interpreted in the same way) 108 405 P
-0.03 (, because with 4.4 BSD,) 424.31 405 P
--0.36 (the password reading function ) 108 391 P
-3 F
--0.36 (getpass) 254.45 391 P
-0 F
--0.36 (\0503\051 allows enough characters for either hex or binary) 290.43 391 P
-(keys to be entered.) 108 377 T
-0.04 (According to the DES standard, the low-order bit of each character in the key string is de-) 108 359 P
--0.18 (leted. Since most ) 108 345 P
-5 F
--0.15 (ASCII) 192.75 345 P
-0 F
--0.18 ( representations set the high-order bit to 0, simply deleting the low-) 218.84 345 P
--0.29 (order bit ef) 108 331 P
--0.29 (fectively reduces the size of the key space from 2) 160.49 331 P
-5 F
--0.24 (56) 394.67 335.8 P
-0 F
--0.29 ( to 2) 404.67 331 P
-5 F
--0.24 (48) 425.41 335.8 P
-0 F
--0.29 ( keys. T) 435.4 331 P
--0.29 (o prevent this,) 472.29 331 P
--0.46 (the high-order bit must be a function depending in part upon the low-order bit; so, the high-) 108 317 P
-0.11 (order bit is set to whatever value gives odd parity) 108 303 P
-0.11 (. This preserves the key space size. Note) 345.05 303 P
-(this resetting of the parity bit is ) 108 289 T
-3 F
-(not) 260.92 289 T
-0 F
-( done if the key is given in binary or hex.) 276.24 289 T
--0.38 (By default, the standard input is encrypted using cipher block chaining mode and is written) 108 271 P
-0.18 (to the standard output. Using the same key for encryption and decryption preserves plain-) 108 257 P
-(text, so) 108 243 T
-( bdes ) 225.81 225 T
-3 F
-(key) 253.79 225 T
-0 F
-( < plaintext | bdes \320i ) 269.77 225 T
-3 F
-(key) 370.21 225 T
-0 F
-( ) 386.19 225 T
-(is a very expensive equivalent of ) 108 201 T
-3 F
-(cat) 268.54 201 T
-0 F
-(\0501\051.) 283.2 201 T
-(Options are:) 108 183 T
-( ) 108 165 T
-4 F
-(\320a) 111 165 T
-0 F
--0.75 (The key and initialization vector strings are to be taken as ) 144 165 P
-5 F
--0.62 (ASCII) 415.89 165 P
-0 F
--0.75 ( suppressing the spe-) 441.98 165 P
-0.3 (cial interpretation given to leading \3240x\325, \3240X\325, \3240b\325,
-and \3240B\325 characters. Note this) 144 151 P
-(\337ag applies to ) 144 137 T
-3 F
-(both) 214.29 137 T
-0 F
-( the key and initialization vector) 235.62 137 T
-(.) 389.85 137 T
-4 F
-(\320b) 108 119 T
-0 F
-(Use electronic code book mode.) 144 119 T
-4 F
-(\320d) 108 101 T
-0 F
-(Decrypt the input.) 144 101 T
-FMENDPAGE
-%%EndPage: "8" 11
-%%Page: "9" 11
-612 792 0 FMBEGINPAGE
-72 745.99 540 756 R
-7 X
-0 K
-V
-72 32.69 540 42.7 R
-V
-0 F
-0 X
-(Page 9 of 11) 479.71 34.7 T
-72 72 540 720 R
-7 X
-V
-4 F
-0 X
-(\320f) 108 712 T
-0 F
-( ) 117.99 712 T
-3 F
-(b) 120.99 712 T
-0 F
--0.29 (Use ) 144 712 P
-3 F
--0.29 (b) 165.36 712 P
-0 F
--0.29 (-bit cipher feedback mode. Currently ) 171.35 712 P
-3 F
--0.29 (b) 350.42 712 P
-0 F
--0.29 ( must be a multiple of 8 between 8 and) 356.42 712 P
-(64 inclusive \050this does not conform to the standard CFB mode speci\336cation\051.) 144 698 T
-4 F
-(\320F) 108 680 T
-0 F
-( ) 121.32 680 T
-3 F
-(b) 124.32 680 T
-0 F
--0.29 (Use ) 144 680 P
-3 F
--0.29 (b) 165.36 680 P
-0 F
--0.29 (-bit alternative cipher feedback mode. Currently ) 171.36 680 P
-3 F
--0.29 (b) 403.77 680 P
-0 F
--0.29 ( must be a multiple of 7 be-) 409.77 680 P
--0.12 (tween 7 and 56 inclusive \050this does not conform to the alternative CFB mode spec-) 144 666 P
-(i\336cation\051.) 144 652 T
-4 F
-(\320k) 108 634 T
-0 F
-( ) 120.67 634 T
-3 F
-(key) 123.66 634 T
-0 F
-0.37 (Use the string ) 144 616 P
-3 F
-0.37 (key) 214.74 616 P
-0 F
-0.37 ( as the cryptographic key) 230.72 616 P
-0.37 (. If this ar) 352.01 616 P
-0.37 (gument is not given, the user) 399.54 616 P
-(will be prompted for the key) 144 602 T
-(.) 280.12 602 T
-4 F
-(\320m) 108 584 T
-0 F
-( ) 123.99 584 T
-3 F
-(b) 126.99 584 T
-0 F
-0.71 (Compute a message authentication code \050MAC\051 of ) 144 584 P
-3 F
-0.71 (b) 395.78 584 P
-0 F
-0.71 ( bits on the input. ) 401.77 584 P
-3 F
-0.71 (b) 491.94 584 P
-0 F
-0.71 ( must be) 497.94 584 P
-0.11 (between 1 and 64 inclusive; if ) 144 570 P
-3 F
-0.11 (b) 291.87 570 P
-0 F
-0.11 ( is not a multiple of 8, enough 0 bits will be added) 297.86 570 P
--0.44 (to pad the MAC length to the nearest multiple of 8. Only the MAC is output. MACs) 144 556 P
-(are only available in cipher block chaining mode or in cipher feedback mode.) 144 542 T
-4 F
-(\320o) 108 524 T
-0 F
-( ) 119.99 524 T
-3 F
-(b) 122.99 524 T
-0 F
--0.34 (Use ) 144 524 P
-3 F
--0.34 (b) 165.31 524 P
-0 F
--0.34 (-bit output feedback mode. Currently ) 171.31 524 P
-3 F
--0.34 (b) 350.83 524 P
-0 F
--0.34 ( must be a multiple of 8 between 8 and) 356.83 524 P
-(64 inclusive \050this does not conform to the OFB mode speci\336cation\051.) 144 510 T
-4 F
-(\320p) 108 492 T
-0 F
--0.14 (Disable the resetting of the parity bit. This \337ag forces the parity bit of the key to be) 144 492 P
-0.03 (used as typed, rather than making each character be of odd parity) 144 478 P
-0.03 (. It is used only if) 455.91 478 P
-(the key is given in ) 144 464 T
-5 F
-(ASCII) 234.95 464 T
-0 F
-(.) 261.04 464 T
-4 F
-(\320v) 108 446 T
-0 F
-( ) 119.99 446 T
-3 F
-(vector) 122.99 446 T
-0 F
--0.5 (Set the initialization vector to ) 144 428 P
-3 F
--0.5 (v) 286.44 428 P
-0 F
--0.5 (; the vector is interpreted in the same way as the key) 291.76 428 P
--0.5 (.) 537 428 P
-(The vector is ignored in electronic codebook mode.) 144 414 T
--0.55 (The DES is considered a very strong cryptosystem, and other than table lookup attacks, key) 108 396 P
-0.24 (search attacks, and Hellman\325) 108 382 P
-0.24 (s time-memory tradeof) 246.61 382 P
-0.24 (f \050all of which are very expensive and) 356.8 382 P
-0.66 (time-consuming\051, no cryptanalytic methods for breaking the DES are known in the open) 108 368 P
-0.33 (literature. No doubt the choice of keys and key security are the most vulnerable aspect of) 108 354 P
-3 F
-(bdes) 108 340 T
-0 F
-(.) 129.98 340 T
-4 F
-(IMPLEMENT) 72 314 T
-(A) 146.41 314 T
-(TION NOTES) 154.18 314 T
-0 F
-0.57 (For implementors wishing to write software compatible with this program, the following) 108 290 P
--0.23 (notes are provided. This software is completely compatible with the implementation of the) 108 276 P
-(data encryption standard distributed by Sun Microsystems, Inc.) 108 262 T
-0.11 (In the ECB and CBC modes, plaintext is encrypted in units of 64 bits \0508 bytes, also called) 108 244 P
-0.52 (a block\051. T) 108 230 P
-0.52 (o ensure that the plaintext \336le is encrypted correctly) 160.49 230 P
-0.52 (, ) 413.01 230 P
-3 F
-0.52 (bdes ) 419.53 230 P
-0 F
-0.52 (will \050internally\051 ap-) 445.03 230 P
-0.29 (pend from 1 to 8 bytes, the last byte containing an integer stating how many bytes of that) 108 216 P
--0.71 (\336nal block are from the plaintext \336le, and encrypt the resulting block. Hence, when decrypt-) 108 202 P
-0.27 (ing, the last block may contain from 0 to 7 characters present in the plaintext \336le, and the) 108 188 P
--0.59 (last byte tells how many) 108 174 P
--0.59 (. Note that if during decryption the last byte of the \336le does not con-) 221.46 174 P
-0.41 (tain an integer between 0 and 7, either the \336le has been corrupted or an incorrect key has) 108 160 P
-0.48 (been given. A similar mechanism is used for the OFB and CFB modes, except that those) 108 146 P
-0.26 (simply require the length of the input to be a multiple of the mode size, and the \336nal byte) 108 132 P
--0.73 (contains an integer between 0 and one less than the number of bytes being used as the mode.) 108 118 P
-(\050This was another reason that the mode size must be a multiple of 8 for those modes.\051) 108 104 T
-FMENDPAGE
-%%EndPage: "9" 12
-%%Page: "10" 12
-612 792 0 FMBEGINPAGE
-72 745.99 540 756 R
-7 X
-0 K
-V
-72 32.69 540 42.7 R
-V
-0 F
-0 X
-(Page 10 of 11) 473.71 34.7 T
-72 72 540 720 R
-7 X
-V
-0 X
-0.94 (Unlike Sun\325) 108 712 P
-0.94 (s implementation, unused bytes of that last block are not \336lled with random) 166.58 712 P
-0.57 (data, but instead contain what was in those byte positions in the preceding block. This is) 108 698 P
-(quicker and more portable, and does not weaken the encryption signi\336cantly) 108 684 T
-(.) 473.95 684 T
-0.36 (If the key is entered in ) 108 666 P
-5 F
-0.3 (ASCII) 220.76 666 P
-0 F
-0.36 (, the parity bits of the key characters are set so that each key) 246.85 666 P
-1.03 (character is of odd parity) 108 652 P
-1.03 (. Unlike Sun\325) 231.23 652 P
-1.03 (s implementation, it is possible to enter binary or) 296.92 652 P
--0.57 (hexadecimal keys on the command line, and if this is done, the parity bits are ) 108 638 P
-3 F
--0.57 (not ) 472.85 638 P
-0 F
--0.57 (reset. This) 490.61 638 P
-(allows testing using arbitrary bit patterns as keys.) 108 624 T
-0.64 (The Sun implementation always uses an initialization vector of 0 \050that is, all zeroes\051. By) 108 606 P
-(default, ) 108 592 T
-3 F
-(bdes ) 147.3 592 T
-0 F
-(does too, but this may be changed from the command line.) 172.29 592 T
-4 F
-(FILES) 72 566 T
-0 F
-(/dev/tty) 108 542 T
-(controlling terminal for typed key) 180 542 T
-4 F
-(SEE ALSO) 72 516 T
-3 F
-(crypt) 108 492 T
-0 F
-(\0501\051, ) 132.65 492 T
-3 F
-(crypt) 152.63 492 T
-0 F
-(\0503\051) 177.27 492 T
-3 F
--0.4 (Data Encryption Standar) 108 474 P
--0.4 (d) 228.02 474 P
-0 F
--0.4 (, Federal Information Processing Standard #46, National Bureau) 234.02 474 P
-(of Standards, U.S. Department of Commerce, W) 108 460 T
-(ashington DC \050Jan. 1977\051.) 340.2 460 T
-3 F
-0.16 (DES) 108 442 P
-0 F
-0.16 ( ) 129.98 442 P
-3 F
-0.16 (Modes of Operation, ) 133.15 442 P
-0 F
-0.16 (Federal Information Processing Standard #81, National Bureau) 236.24 442 P
-(of Standards, U.S. Department of Commerce, W) 108 428 T
-(ashington DC \050Dec. 1980\051.) 340.2 428 T
-2.75 (Dorothy Denning, ) 108 410 P
-3 F
-2.75 (Cryptography and Data Security) 203.77 410 P
-0 F
-2.75 (, Addison-W) 368.8 410 P
-2.75 (esley Publishing Co.,) 432.55 410 P
-(Reading, MA \2511982.) 108 396 T
--0.19 ( Matt Bishop, \322Implementation Notes on ) 108 378 P
-3 F
--0.19 (bdes) 305.76 378 P
-0 F
--0.19 (\0501\051\323, T) 327.75 378 P
--0.19 (echnical Report PCS-TR-91-158, De-) 359.35 378 P
-0.34 (partment of Mathematics and Computer Science, Dartmouth College, Hanover) 108 364 P
-0.34 (, NH \050Apr) 488.01 364 P
-0.34 (.) 537 364 P
-(1991\051.) 108 350 T
-4 F
-(CAUTION) 72 324 T
-0 F
--0.55 (Certain speci\336c keys should be avoided because they introduce potential weaknesses; these) 108 300 P
--0.44 (keys, called the ) 108 286 P
-3 F
--0.44 (weak) 183.95 286 P
-0 F
--0.44 ( and ) 208.6 286 P
-3 F
--0.44 (semiweak) 231.03 286 P
-0 F
--0.44 ( keys, are \050in hex notation, where ) 277.66 286 P
-6 F
--1.06 (p) 437.45 286 P
-0 F
--0.44 ( is either ) 444.64 286 P
-6 F
--1.06 (0) 487.63 286 P
-0 F
--0.44 ( or ) 494.82 286 P
-6 F
--1.06 (1) 509.93 286 P
-0 F
--0.44 (, and) 517.12 286 P
-6 F
-(P) 108 272 T
-0 F
-( is either ) 115.2 272 T
-6 F
-(e) 159.5 272 T
-0 F
-( or ) 166.7 272 T
-6 F
-(f) 182.68 272 T
-0 F
-(\051:) 189.88 272 T
-6 F
-(0x0p0p0p0p0p0p0p0p) 144 254 T
-(0x0p1P0p1P0p0P0p0P) 360 254 T
-(0x0pep0pep0pfp0pfp) 144 236 T
-(0x0pfP0pfP0pfP0pfP) 360 236 T
-(0x1P0p1P0p0P0p0P0p) 144 218 T
-(0x1P1P1P1P0P0P0P0P) 360 218 T
-(0x1Pep1Pep0Pfp0Pfp) 144 200 T
-(0x1PfP1PfP0PfP0PfP) 360 200 T
-(0xep0pep0pfp0pfp0p) 144 182 T
-(0xep1Pep1pfp0Pfp0P) 360 182 T
-(0xepepepepepepepep) 144 164 T
-(0xepfPepfPfpfPfpfP) 360 164 T
-(0xfP0pfP0pfP0pfP0p) 144 146 T
-(0xfP1PfP1PfP0PfP0P) 360 146 T
-(0xfPepfPepfPepfPep) 144 128 T
-(0xfPfPfPfPfPfPfPfP) 360 128 T
-0 F
-0.13 (The weakness of these keys is inherent in the DES algorithm \050see for example Moore and) 108 110 P
--0.57 (Simmons, \322Cycle structure of the DES with weak and semi-weak keys,\323) 108 96 P
-3 F
--0.57 ( Advances in Cryp-) 449.43 96 P
-(tology \320 Crypto \32486 Pr) 108 82 T
-(oceedings) 216.83 82 T
-0 F
-(, Springer) 264.79 82 T
-(-V) 311.85 82 T
-(erlag New Y) 323.17 82 T
-(ork, \2511987, pp. 9-32\051.) 383.25 82 T
-FMENDPAGE
-%%EndPage: "10" 13
-%%Page: "11" 13
-612 792 0 FMBEGINPAGE
-72 745.99 540 756 R
-7 X
-0 K
-V
-72 32.69 540 42.7 R
-V
-0 F
-0 X
-(Page 11 of 11) 473.71 34.7 T
-72 72 540 720 R
-7 X
-V
-4 F
-0 X
-(BUGS) 72 712 T
-0 F
--0.18 (There is a controversy raging over whether the DES will still be secure in a few years. The) 108 688 P
-0.31 (advent of special-purpose hardware could reduce the cost of any of the methods of attack) 108 674 P
-(named above so that they are no longer computationally infeasible.) 108 660 T
-0.32 (Programs which display programs\325 ar) 108 642 P
-0.32 (guments may compromise the key and initialization) 289.59 642 P
-0.76 (vector if they are speci\336ed on the command line. T) 108 628 P
-0.76 (o avoid this ) 358.46 628 P
-3 F
-0.76 (bdes) 419.7 628 P
-0 F
-0.76 ( overwrites its ar) 441.68 628 P
-0.76 (gu-) 524.01 628 P
-(ments. However) 108 614 T
-(, the obvious race cannot currently be avoided.) 186.12 614 T
-0.25 (As the key or key schedule is kept in memory throughout the run of this program, the en-) 108 596 P
-(cryption can be compromised if memory is readable.) 108 582 T
--0.4 (There is no warranty of merchantability nor any warranty of \336tness for a particular purpose) 108 564 P
-0.05 (nor any other warranty) 108 550 P
-0.05 (, either express or implied, as to the accuracy of the enclosed mate-) 216.95 550 P
-(rials or as to their suitability for any particular purpose.) 108 536 T
--0.06 (Accordingly) 108 518 P
--0.06 (, the user assumes full responsibility for their use. Further) 167.18 518 P
--0.06 (, the author assumes) 442.93 518 P
--0.25 (no obligation to furnish any assistance of any kind whatsoever) 108 504 P
--0.25 (, or to furnish any additional) 404.69 504 P
-(information or documentation.) 108 490 T
-4 F
-(AUTHOR) 72 464 T
-0 F
--0.54 (Matt Bishop, Department of Mathematics and Computer Science, Bradley Hall, Dartmouth) 108 440 P
-(College, Hanover) 108 426 T
-(, NH 03755) 192.12 426 T
-(Electronic mail addresses:) 108 408 T
-(Internet: Matt.Bishop@dartmouth.edu) 108 390 T
-(UUCP: decvax!dartvax!Matt.Bishop) 108 372 T
-FMENDPAGE
-%%EndPage: "11" 14
-%%Trailer
-%%BoundingBox: 0 0 612 792
-%%Pages: 13 1
-%%DocumentFonts: Helvetica-Bold
-%%+ Helvetica-BoldOblique
-%%+ Times-Roman
-%%+ Times-Bold
-%%+ Times-BoldItalic
-%%+ Times-Italic
-%%+ Courier
-%%+ Courier-Oblique
-%%+ ZapfDingbats
-%%+ Symbol
-%%+ Courier-Bold
diff --git a/secure/usr.bin/telnet/Makefile b/secure/usr.bin/telnet/Makefile
deleted file mode 100644
index 8762a5a3797b..000000000000
--- a/secure/usr.bin/telnet/Makefile
+++ /dev/null
@@ -1,58 +0,0 @@
-#
-# Copyright (c) 1990 The Regents of the University of California.
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-#    notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-#    notice, this list of conditions and the following disclaimer in the
-#    documentation and/or other materials provided with the distribution.
-# 3. All advertising materials mentioning features or use of this software
-#    must display the following acknowledgement:
-#	This product includes software developed by the University of
-#	California, Berkeley and its contributors.
-# 4. Neither the name of the University nor the names of its contributors
-#    may be used to endorse or promote products derived from this software
-#    without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-# SUCH DAMAGE.
-#
-#	@(#)Makefile	8.1 (Berkeley) 6/6/93
-#	$Id$
-#
-
-DISTRIBUTION=	krb
-
-PROG=	telnet
-
-SRCS=	authenc.c commands.c main.c network.c ring.c sys_bsd.c telnet.c \
-	terminal.c tn3270.c utilities.c
-
-CFLAGS+=-DTERMCAP -DKLUDGELINEMODE -DUSE_TERMIO -DENV_HACK -DENCRYPTION
-CFLAGS+=-I${.CURDIR}/../../lib
-LDADD+= -L${TELNETOBJDIR} -ltermcap -ltelnet
-DPADD+= ${TELNETOBJDIR}/libtelnet.a ${LIBTERMCAP}
-
-.if exists(${DESTDIR}/usr/lib/libkrb.a) && (defined(MAKE_EBONES))
-CFLAGS+=-DAUTHENTICATION -DKRB4
-LDADD+= -ldes -lkrb
-DPADD+= ${LIBDES} ${LIBKRB}
-.endif
-
-# Used only in krb4encpwd.c and rsaencpwd.c (libtelnet), not yet active
-#LDADD+= -ldescrypt
-
-.include <bsd.prog.mk>
diff --git a/secure/usr.bin/telnet/README b/secure/usr.bin/telnet/README
deleted file mode 100644
index 086c88f29500..000000000000
--- a/secure/usr.bin/telnet/README
+++ /dev/null
@@ -1,566 +0,0 @@
-
-
-This is a distribution of both client and server telnet.  These programs
-have been compiled on:
-			telnet	telnetd
-	BSD 4.3 Reno	  X	  X
-	UNICOS 5.1	  X	  X
-	UNICOS 6.0	  X	  X
-	UNICOS 6.1	  X	  X
-	UNICOS 7.0	  X	  X
-	SunOs 3.5	  X	  X (no linemode in server)
-	SunOs 4.1	  X	  X (no linemode in server)
-	DYNIX V3.0.17.9	  X	  X (no linemode in server)
-	Ultrix 3.1	  X	  X (no linemode in server)
-	Ultrix 4.0	  X	  X (no linemode in server)
-
-In addition, previous versions have been compiled on the following
-machines, but were not available for testing this version.
-			telnet	telnetd
-	SunOs 4.0.3c	  X	  X (no linemode in server)
-	BSD 4.3		  X  	  X (no linemode in server)
-	DYNIX V3.0.12	  X	  X (no linemode in server)
-
-Februrary 22, 1991:
-
-    Features:
-
-	This version of telnet/telnetd has support for both
-	the AUTHENTICATION and ENCRYPTION options.  The
-	AUTHENTICATION option is fairly well defined, and
-	an option number has been assigned to it.  The
-	ENCRYPTION option is still in a state of flux; an
-	option number has NOT been assigned to it yet.
-	The code is provided in this release for experimental
-	and testing purposes.
-
-	The telnet "send" command can now be used to send
-	do/dont/will/wont commands, with any telnet option
-	name.  The rules for when do/dont/will/wont are sent
-	are still followed, so just because the user requests
-	that one of these be sent doesn't mean that it will
-	be sent...
-
-	The telnet "getstatus" command no longer requires
-	that option printing be enabled to see the response
-	to the "DO STATUS" command.
-
-	A -n flag has been added to telnetd to disable
-	keepalives.
-
-	A new telnet command, "auth" has been added (if
-	AUTHENTICATE is defined).  It has four sub-commands,
-	"status", "debug", "disable", "enable" and "help".
-
-	A new telnet command, "encrypt" has been added (if
-	ENCRYPT is defined).  It has many sub-commands:
-	"enable", "type", "start", "stop", "input",
-	"-input", "output", "-output", "status", "auto",
-	"verbose", "debug", and "help".
-
-	An "rlogin" interface has been added.  If the program
-	is named "rlogin", or the "-r" flag is given, then
-	an rlogin type of interface will be used.
-		~.	Terminates the session
-		~<susp> Suspend the session
-		~^]	Escape to telnet command mode
-		~~	Pass through the ~.
-	    BUG: If you type the rlogin escape character
-		 in the middle of a line while in rlogin
-		 mode, you cannot erase it or any characters
-		 before it.  Hopefully this can be fixed
-		 in a future release...
-
-    General changes:
-
-	A "libtelnet.a" has now been created.  This libraray
-	contains code that is common to both telnet and
-	telnetd.  This is also where library routines that
-	are needed, but are not in the standard C library,
-	are placed.
-
-	The makefiles have been re-done.  All of the site
-	specific configuration information has now been put
-	into a single "Config.generic" file, in the top level
-	directory.  Changing this one file will take care of
-	all three subdirectories.  Also, to add a new/local
-	definition, a "Config.local" file may be created
-	at the top level; if that file exists, the subdirectories
-	will use that file instead of "Config.generic".
-
-	Many 1-2 line functions in commands.c have been
-	removed, and just inserted in-line, or replaced
-	with a macro.
-
-    Bug Fixes:
-
-	The non-termio code in both telnet and telnetd was
-	setting/clearing CTLECH in the sg_flags word.  This
-	was incorrect, and has been changed to set/clear the
-	LCTLECH bit in the local mode word.
-
-	The SRCRT #define has been removed.  If IP_OPTIONS
-	and IPPROTO_IP are defined on the system, then the
-	source route code is automatically enabled.
-
-	The NO_GETTYTAB #define has been removed; there
-	is a compatability routine that can be built into
-	libtelnet to achive the same results.
-
-	The server, telnetd, has been switched to use getopt()
-	for parsing the argument list.
-
-	The code for getting the input/output speeds via
-	cfgetispeed()/cfgetospeed() was still not quite
-	right in telnet.  Posix says if the ispeed is 0,
-	then it is really equal to the ospeed.
-
-	The suboption processing code in telnet now has
-	explicit checks to make sure that we received
-	the entire suboption (telnetd was already doing this).
-
-	The telnet code for processing the terminal type
-	could cause a core dump if an existing connection
-	was closed, and a new connection opened without
-	exiting telnet.
-
-	Telnetd was doing a TCSADRAIN when setting the new
-	terminal settings;  This is not good, because it means
-	that the tcsetattr() will hang waiting for output to
-	drain, and telnetd is the only one that will drain
-	the output...  The fix is to use TCSANOW which does
-	not wait.
-
-	Telnetd was improperly setting/clearing the ISTRIP
-	flag in the c_lflag field, it should be using the
-	c_iflag field. 
-
-	When the child process of telnetd was opening the
-	slave side of the pty, it was re-setting the EXTPROC
-	bit too early, and some of the other initialization
-	code was wiping it out.  This would cause telnetd
-	to go out of linemode and into single character mode.
-
-	One instance of leaving linemode in telnetd forgot
-	to send a WILL ECHO to the client, the net result
-	would be that the user would see double character
-	echo.
-
-	If the MODE was being changed several times very
-	quickly, telnetd could get out of sync with the
-	state changes and the returning acks; and wind up
-	being left in the wrong state.
-
-September 14, 1990:
-
-	Switch the client to use getopt() for parsing the
-	argument list.  The 4.3Reno getopt.c is included for
-	systems that don't have getopt().
-
-	Use the posix _POSIX_VDISABLE value for what value
-	to use when disabling special characters.  If this
-	is undefined, it defaults to 0x3ff.
-
-	For non-termio systems, TIOCSETP was being used to
-	change the state of the terminal.  This causes the
-	input queue to be flushed, which we don't want.  This
-	is now changed to TIOCSETN.
-
-	Take out the "#ifdef notdef" around the code in the
-	server that generates a "sync" when the pty oputput
-	is flushed.  The potential problem is that some older
-	telnet clients may go into an infinate loop when they
-	receive a "sync", if so, the server can be compiled
-	with "NO_URGENT" defined.
-
-	Fix the client where it was setting/clearing the OPOST
-	bit in the c_lflag field, not the c_oflag field.
-
-	Fix the client where it was setting/clearing the ISTRIP
-	bit in the c_lflag field, not the c_iflag field.  (On
-	4.3Reno, this is the ECHOPRT bit in the c_lflag field.)
-	The client also had its interpretation of WILL BINARY
-	and DO BINARY reversed.
-
-	Fix a bug in client that would cause a core dump when
-	attempting to remove the last environment variable.
-
-	In the client, there were a few places were switch()
-	was being passed a character, and if it was a negative
-	value, it could get sign extended, and not match
-	the 8 bit case statements.  The fix is to and the
-	switch value with 0xff.
-
-	Add a couple more printoption() calls in the client, I
-	don't think there are any more places were a telnet
-	command can be received and not printed out when
-	"options" is on.
-
-	A new flag has been added to the client, "-a".  Currently,
-	this just causes the USER name to be sent across, in
-	the future this may be used to signify that automatic
-	authentication is requested.
-
-	The USER variable is now only sent by the client if
-	the "-a" or "-l user" options are explicity used, or
-	if the user explicitly asks for the "USER" environment
-	variable to be exported.  In the server, if it receives
-	the "USER" environment variable, it won't print out the
-	banner message, so that only "Password:" will be printed.
-	This makes the symantics more like rlogin, and should be
-	more familiar to the user.  (People are not used to
-	getting a banner message, and then getting just a
-	"Password:" prompt.)
-
-	Re-vamp the code for starting up the child login
-	process.  The code was getting ugly, and it was
-	hard to tell what was really going on.  What we
-	do now is after the fork(), in the child:
-		1) make sure we have no controlling tty
-		2) open and initialize the tty
-		3) do a setsid()/setpgrp()
-		4) makes the tty our controlling tty.
-	On some systems, #2 makes the tty our controlling
-	tty, and #4 is a no-op.  The parent process does
-	a gets rid of any controlling tty after the child
-	is fork()ed.
-
-	Use the strdup() library routine in telnet, instead
-	of the local savestr() routine.  If you don't have
-	strdup(), you need to define NO_STRDUP.
-
-	Add support for ^T (SIGINFO/VSTATUS), found in the
-	4.3Reno distribution.  This maps to the AYT character.
-	You need a 4-line bugfix in the kernel to get this
-	to work properly:
-
-	> *** tty_pty.c.ORG	Tue Sep 11 09:41:53 1990
-	> --- tty_pty.c	Tue Sep 11 17:48:03 1990
-	> ***************
-	> *** 609,613 ****
-	> 			if ((tp->t_lflag&NOFLSH) == 0)
-	> 				ttyflush(tp, FREAD|FWRITE);
-	> ! 			pgsignal(tp->t_pgrp, *(unsigned int *)data);
-	> 			return(0);
-	> 		}
-	> --- 609,616 ----
-	> 			if ((tp->t_lflag&NOFLSH) == 0)
-	> 				ttyflush(tp, FREAD|FWRITE);
-	> ! 			pgsignal(tp->t_pgrp, *(unsigned int *)data, 1);
-	> ! 			if ((*(unsigned int *)data == SIGINFO) &&
-	> ! 			    ((tp->t_lflag&NOKERNINFO) == 0))
-	> ! 				ttyinfo(tp);
-	> 			return(0);
-	> 		}
-
-	The client is now smarter when setting the telnet escape
-	character; it only sets it to one of VEOL and VEOL2 if
-	one of them is undefined, and the other one is not already
-	defined to the telnet escape character.
-
-	Handle TERMIOS systems that have seperate input and output
-	line speed settings imbedded in the flags.
-
-	Many other minor bug fixes.
-
-June 20, 1990:
-	Re-organize makefiles and source tree.  The telnet/Source
-	directory is now gone, and all the source that was in
-	telnet/Source is now just in the telnet directory.
-
-	Seperate makefile for each system are now gone.  There
-	are two makefiles, Makefile and Makefile.generic.
-	The "Makefile" has the definitions for the various
-	system, and "Makefile.generic" does all the work.
-	There is a variable called "WHAT" that is used to
-	specify what to make.  For example, in the telnet
-	directory, you might say:
-		make 4.4bsd WHAT=clean
-	to clean out the directory.
-
-	Add support for the ENVIRON and XDISPLOC options.
-	In order for the server to work, login has to have
-	the "-p" option to preserve environment variables.
-
-	Add the SOFT_TAB and LIT_ECHO modes in the LINEMODE support.
-
-	Add the "-l user" option to command line and open command
-	(This is passed through the ENVIRON option).
-
-	Add the "-e" command line option, for setting the escape
-	character.
-
-	Add the "-D", diagnostic, option to the server.  This allows
-	the server to print out debug information, which is very
-	useful when trying to debug a telnet that doesn't have any
-	debugging ability.
-
-	Turn off the literal next character when not in LINEMODE.
-
-	Don't recognize ^Y locally, just pass it through.
-
-	Make minor modifications for Sun4.0 and Sun4.1
-
-	Add support for both FORW1 and FORW2 characters.  The
-	telnet escpape character is set to whichever of the
-	two is not being used.  If both are in use, the escape
-	character is not set, so when in linemode the user will
-	have to follow the escape character with a <CR> or <EOF)
-	to get it passed through.
-
-	Commands can now be put in single and double quotes, and
-	a backslash is now an escape character.  This is needed
-	for allowing arbitrary strings to be assigned to environment
-	variables.
-
-	Switch telnetd to use macros like telnet for keeping
-	track of the state of all the options.
-
-	Fix telnetd's processing of options so that we always do
-	the right processing of the LINEMODE option, regardless
-	of who initiates the request to turn it on.  Also, make
-	sure that if the other side went "WILL ECHO" in response
-	to our "DO ECHO", that we send a "DONT ECHO" to get the
-	option turned back off!
-
-	Fix the TERMIOS setting of the terminal speed to handle both
-	BSD's seperate fields, and the SYSV method of CBAUD bits.
-
-	Change how we deal with the other side refusing to enable
-	an option.  The sequence used to be: send DO option; receive
-	WONT option; send DONT option.  Now, the sequence is: send
-	DO option; receive WONT option.  Both should be valid
-	according to the spec, but there has been at least one
-	client implementation of telnet identified that can get
-	really confused by this.  (The exact sequence, from a trace
-	on the server side, is (numbers are number of responses that
-	we expect to get after that line...):
-
-		send WILL ECHO	1 (initial request)
-		send WONT ECHO	2 (server is changing state)
-		recv DO ECHO	1 (first reply, ok.  expect DONT ECHO next)
-		send WILL ECHO	2 (server changes state again)
-		recv DONT ECHO	1 (second reply, ok.  expect DO ECHO next)
-		recv DONT ECHO	0 (third reply, wrong answer. got DONT!!!)
-	***	send WONT ECHO	  (send WONT to acknowledge the DONT)
-		send WILL ECHO	1 (ask again to enable option)
-		recv DO ECHO	0
-
-		recv DONT ECHO	0
-		send WONT ECHO	1
-		recv DONT ECHO	0
-		recv DO ECHO	1
-		send WILL ECHO	0
-		(and the last 5 lines loop forever)
-
-	The line with the "***" is last of the WILL/DONT/WONT sequence.
-	The change to the server to not generate that makes this same
-	example become:
-
-		send will ECHO	1
-		send wont ECHO	2
-		recv do ECHO	1
-		send will ECHO	2
-		recv dont ECHO	1
-		recv dont ECHO	0
-		recv do ECHO	1
-		send will ECHO	0
-
-	There is other option negotiation going on, and not sending
-	the third part changes some of the timings, but this specific
-	example no longer gets stuck in a loop.  The "telnet.state"
-	file has been modified to reflect this change to the algorithm.
-
-	A bunch of miscellaneous bug fixes and changes to make
-	lint happier.
-
-	This version of telnet also has some KERBEROS stuff in
-	it. This has not been tested, it uses an un-authorized
-	telnet option number, and uses an out-of-date version
-	of the (still being defined) AUTHENTICATION option.
-	There is no support for this code, do not enable it.
-
-
-March 1, 1990:
-CHANGES/BUGFIXES SINCE LAST RELEASE:
-	Some support for IP TOS has been added.  Requires that the
-	kernel support the IP_TOS socket option (currently this
-	is only in UNICOS 6.0).
-
-	Both telnet and telnetd now use the cc_t typedef.  typedefs are
-	included for systems that don't have it (in termios.h).
-
-	SLC_SUSP was not supported properly before.  It is now.
-
-	IAC EOF was not translated  properly in telnetd for SYSV_TERMIO
-	when not in linemode.  It now saves a copy of the VEOF character,
-	so that when ICANON is turned off and we can't trust it anymore
-	(because it is now the VMIN character) we use the saved value.
-
-	There were two missing "break" commands in the linemode
-	processing code in telnetd.
-
-	Telnetd wasn't setting the kernel window size information
-	properly.  It was using the rows for both rows and columns...
-
-Questions/comments go to
-		David Borman
-		Cray Research, Inc.
-		655F Lone Oak Drive
-		Eagan, MN 55123
-		dab@cray.com.
-
-README:	You are reading it.
-
-Config.generic:
-	This file contains all the OS specific definitions.  It
-	has pre-definitions for many common system types, and is
-	in standard makefile fromat.  See the comments at the top
-	of the file for more information.
-
-Config.local:
-	This is not part of the distribution, but if this file exists,
-	it is used instead of "Config.generic".  This allows site
-	specific configuration without having to modify the distributed
-	"Config.generic" file.
-
-kern.diff:
-	This file contains the diffs for the changes needed for the
-	kernel to support LINEMODE is the server.  These changes are
-	for a 4.3BSD system.  You may need to make some changes for
-	your particular system.
-
-	There is a new bit in the terminal state word, TS_EXTPROC.
-	When this bit is set, several aspects of the terminal driver
-	are disabled.  Input line editing, character echo, and
-	mapping of signals are all disabled.  This allows the telnetd
-	to turn of these functions when in linemode, but still keep
-	track of what state the user wants the terminal to be in.
-
-	New ioctl()s:
-
-		TIOCEXT		Turn on/off the TS_EXTPROC bit
-		TIOCGSTATE	Get t_state of tty to look at TS_EXTPROC bit
-		TIOCSIG		Generate a signal to processes in the
-				current process group of the pty.
-
-	There is a new mode for packet driver, the TIOCPKT_IOCTL bit.
-	When packet mode is turned on in the pty, and the TS_EXTPROC
-	bit is set, then whenever the state of the pty is changed, the
-	next read on the master side of the pty will have the TIOCPKT_IOCTL
-	bit set, and the data will contain the following:
-		struct xx {
-			struct sgttyb a;
-			struct tchars b;
-			struct ltchars c;
-			int t_state;
-			int t_flags;
-		}
-	This allows the process on the server side of the pty to know
-	when the state of the terminal has changed, and what the new
-	state is.
-
-	However, if you define USE_TERMIO or SYSV_TERMIO, the code will
-	expect that the structure returned in the TIOCPKT_IOCTL is
-	the termio/termios structure.
-
-stty.diff:
-	This file contains the changes needed for the stty(1) program
-	to report on the current status of the TS_EXTPROC bit.  It also
-	allows the user to turn on/off the TS_EXTPROC bit.  This is useful
-	because it allows the user to say "stty -extproc", and the
-	LINEMODE option will be automatically disabled, and saying "stty
-	extproc" will re-enable the LINEMODE option.
-
-telnet.state:
-	Both the client and server have code in them to deal
-	with option negotiation loops.  The algorithm that is
-	used is described in this file.
-
-tmac.doc:
-	Macros for use in formatting the man pages on non-4.3Reno
-	systems.
-
-telnet:
-	This directory contains the client code.  No kernel changes are
-	needed to use this code.
-
-telnetd:
-	This directory contains the server code.  If LINEMODE or KLUDGELINEMODE
-	are defined, then the kernel modifications listed above are needed.
-
-libtelnet:
-	This directory contains code that is common to both the client
-	and the server.
-
-arpa:
-	This directory has a new <arpa/telnet.h>
-
-
-The following TELNET options are supported:
-	
-	LINEMODE:
-		The LINEMODE option is supported as per RFC1116.  The
-		FORWARDMASK option is not currently supported.
-
-	BINARY: The client has the ability to turn on/off the BINARY
-		option in each direction.  Turning on BINARY from
-		server to client causes the LITOUT bit to get set in
-		the terminal driver on both ends,  turning on BINARY
-		from the client to the server causes the PASS8 bit
-		to get set in the terminal driver on both ends.
-
-	TERMINAL-TYPE:
-		This is supported as per RFC1091.  On the server side,
-		when a terminal type is received, termcap/terminfo
-		is consulted to determine if it is a known terminal
-		type.  It keeps requesting terminal types until it
-		gets one that it recongnizes, or hits the end of the
-		list.  The server side looks up the entry in the
-		termcap/terminfo data base, and generates a list of
-		names which it then passes one at a time to each
-		request for a terminal type, duplicating the last
-		entry in the list before cycling back to the beginning.
-
-	NAWS:	The Negotiate about Window Size, as per RFC 1073.
-
-	TERMINAL-SPEED:
-		Implemented as per RFC 1079
-
-	TOGGLE-FLOW-CONTROL:
-		Implemented as per RFC 1080
-
-	TIMING-MARK:
-		As per RFC 860
-
-	SGA:	As per RFC 858
-
-	ECHO:	As per RFC 857
-
-	STATUS:
-		The server will send its current status upon
-		request.  It does not ask for the clients status.
-		The client will request the servers current status
-		from the "send getstatus" command.
-
-	ENVIRON:
-		This option is currently being defined by the IETF
-		Telnet Working Group, and an RFC has not yet been
-		issued, but should be in the near future...
-
-	X-DISPLAY-LOCATION:
-		This functionality can be done through the ENVIRON
-		option, it is added here for completeness.
-
-	AUTHENTICATION:
-		This option is currently being defined by the IETF
-		Telnet Working Group, and an RFC has not yet been
-		issued.  The basic framework is pretty much decided,
-		but the definitions for the specific authentication
-		schemes is still in a state of flux.
-
-	ENCRYPT:
-		This option is currently being defined by the IETF
-		Telnet Working Group, and an RFC has not yet been
-		issued.  The draft RFC is still in a state of flux,
-		so this code may change in the future.
diff --git a/secure/usr.bin/telnet/authenc.c b/secure/usr.bin/telnet/authenc.c
deleted file mode 100644
index 545df780051d..000000000000
--- a/secure/usr.bin/telnet/authenc.c
+++ /dev/null
@@ -1,111 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#)authenc.c	8.1 (Berkeley) 6/6/93";
-#endif /* not lint */
-
-#if	defined(AUTHENTICATION) || defined(ENCRYPTION)
-#include <sys/types.h>
-#include <arpa/telnet.h>
-#include <libtelnet/encrypt.h>
-#include <libtelnet/misc.h>
-
-#include "general.h"
-#include "ring.h"
-#include "externs.h"
-#include "defines.h"
-#include "types.h"
-
-	int
-net_write(str, len)
-	unsigned char *str;
-	int len;
-{
-	if (NETROOM() > len) {
-		ring_supply_data(&netoring, str, len);
-		if (str[0] == IAC && str[1] == SE)
-			printsub('>', &str[2], len-2);
-		return(len);
-	}
-	return(0);
-}
-
-	void
-net_encrypt()
-{
-#ifdef	ENCRYPTION
-	if (encrypt_output)
-		ring_encrypt(&netoring, encrypt_output);
-	else
-		ring_clearto(&netoring);
-#endif	/* ENCRYPTION */
-}
-
-	int
-telnet_spin()
-{
-	return(-1);
-}
-
-	char *
-telnet_getenv(val)
-	char *val;
-{
-	return((char *)env_getvalue((unsigned char *)val));
-}
-
-	char *
-telnet_gets(prompt, result, length, echo)
-	char *prompt;
-	char *result;
-	int length;
-	int echo;
-{
-	extern char *getpass();
-	extern int globalmode;
-	int om = globalmode;
-	char *res;
-
-	TerminalNewMode(-1);
-	if (echo) {
-		printf("%s", prompt);
-		res = fgets(result, length, stdin);
-	} else if (res = getpass(prompt)) {
-		strncpy(result, res, length);
-		res = result;
-	}
-	TerminalNewMode(om);
-	return(res);
-}
-#endif	/* defined(AUTHENTICATION) || defined(ENCRYPTION) */
diff --git a/secure/usr.bin/telnet/commands.c b/secure/usr.bin/telnet/commands.c
deleted file mode 100644
index a6967b53940b..000000000000
--- a/secure/usr.bin/telnet/commands.c
+++ /dev/null
@@ -1,2945 +0,0 @@
-/*
- * Copyright (c) 1988, 1990, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#)commands.c	8.4 (Berkeley) 5/30/95";
-#endif /* not lint */
-
-#if	defined(unix)
-#include <sys/param.h>
-#if	defined(CRAY) || defined(sysV88)
-#include <sys/types.h>
-#endif
-#include <sys/file.h>
-#else
-#include <sys/types.h>
-#endif	/* defined(unix) */
-#include <sys/socket.h>
-#include <netinet/in.h>
-#ifdef	CRAY
-#include <fcntl.h>
-#endif	/* CRAY */
-
-#include <signal.h>
-#include <netdb.h>
-#include <ctype.h>
-#include <pwd.h>
-#include <varargs.h>
-#include <errno.h>
-
-#include <arpa/telnet.h>
-
-#include "general.h"
-
-#include "ring.h"
-
-#include "externs.h"
-#include "defines.h"
-#include "types.h"
-
-#if !defined(CRAY) && !defined(sysV88)
-#include <netinet/in_systm.h>
-# if (defined(vax) || defined(tahoe) || defined(hp300)) && !defined(ultrix)
-# include <machine/endian.h>
-# endif /* vax */
-#endif /* !defined(CRAY) && !defined(sysV88) */
-#include <netinet/ip.h>
-
-
-#ifndef       MAXHOSTNAMELEN
-#define       MAXHOSTNAMELEN 64
-#endif        MAXHOSTNAMELEN
-
-#if	defined(IPPROTO_IP) && defined(IP_TOS)
-int tos = -1;
-#endif	/* defined(IPPROTO_IP) && defined(IP_TOS) */
-
-char	*hostname;
-static char _hostname[MAXHOSTNAMELEN];
-
-extern char *getenv();
-
-extern int isprefix();
-extern char **genget();
-extern int Ambiguous();
-
-static call();
-
-typedef struct {
-	char	*name;		/* command name */
-	char	*help;		/* help string (NULL for no help) */
-	int	(*handler)();	/* routine which executes command */
-	int	needconnect;	/* Do we need to be connected to execute? */
-} Command;
-
-static char line[256];
-static char saveline[256];
-static int margc;
-static char *margv[20];
-
-    static void
-makeargv()
-{
-    register char *cp, *cp2, c;
-    register char **argp = margv;
-
-    margc = 0;
-    cp = line;
-    if (*cp == '!') {		/* Special case shell escape */
-	strcpy(saveline, line);	/* save for shell command */
-	*argp++ = "!";		/* No room in string to get this */
-	margc++;
-	cp++;
-    }
-    while (c = *cp) {
-	register int inquote = 0;
-	while (isspace(c))
-	    c = *++cp;
-	if (c == '\0')
-	    break;
-	*argp++ = cp;
-	margc += 1;
-	for (cp2 = cp; c != '\0'; c = *++cp) {
-	    if (inquote) {
-		if (c == inquote) {
-		    inquote = 0;
-		    continue;
-		}
-	    } else {
-		if (c == '\\') {
-		    if ((c = *++cp) == '\0')
-			break;
-		} else if (c == '"') {
-		    inquote = '"';
-		    continue;
-		} else if (c == '\'') {
-		    inquote = '\'';
-		    continue;
-		} else if (isspace(c))
-		    break;
-	    }
-	    *cp2++ = c;
-	}
-	*cp2 = '\0';
-	if (c == '\0')
-	    break;
-	cp++;
-    }
-    *argp++ = 0;
-}
-
-/*
- * Make a character string into a number.
- *
- * Todo:  1.  Could take random integers (12, 0x12, 012, 0b1).
- */
-
-	static
-special(s)
-	register char *s;
-{
-	register char c;
-	char b;
-
-	switch (*s) {
-	case '^':
-		b = *++s;
-		if (b == '?') {
-		    c = b | 0x40;		/* DEL */
-		} else {
-		    c = b & 0x1f;
-		}
-		break;
-	default:
-		c = *s;
-		break;
-	}
-	return c;
-}
-
-/*
- * Construct a control character sequence
- * for a special character.
- */
-	static char *
-control(c)
-	register cc_t c;
-{
-	static char buf[5];
-	/*
-	 * The only way I could get the Sun 3.5 compiler
-	 * to shut up about
-	 *	if ((unsigned int)c >= 0x80)
-	 * was to assign "c" to an unsigned int variable...
-	 * Arggg....
-	 */
-	register unsigned int uic = (unsigned int)c;
-
-	if (uic == 0x7f)
-		return ("^?");
-	if (c == (cc_t)_POSIX_VDISABLE) {
-		return "off";
-	}
-	if (uic >= 0x80) {
-		buf[0] = '\\';
-		buf[1] = ((c>>6)&07) + '0';
-		buf[2] = ((c>>3)&07) + '0';
-		buf[3] = (c&07) + '0';
-		buf[4] = 0;
-	} else if (uic >= 0x20) {
-		buf[0] = c;
-		buf[1] = 0;
-	} else {
-		buf[0] = '^';
-		buf[1] = '@'+c;
-		buf[2] = 0;
-	}
-	return (buf);
-}
-
-
-
-/*
- *	The following are data structures and routines for
- *	the "send" command.
- *
- */
-
-struct sendlist {
-    char	*name;		/* How user refers to it (case independent) */
-    char	*help;		/* Help information (0 ==> no help) */
-    int		needconnect;	/* Need to be connected */
-    int		narg;		/* Number of arguments */
-    int		(*handler)();	/* Routine to perform (for special ops) */
-    int		nbyte;		/* Number of bytes to send this command */
-    int		what;		/* Character to be sent (<0 ==> special) */
-};
-
-
-static int
-	send_esc P((void)),
-	send_help P((void)),
-	send_docmd P((char *)),
-	send_dontcmd P((char *)),
-	send_willcmd P((char *)),
-	send_wontcmd P((char *));
-
-static struct sendlist Sendlist[] = {
-    { "ao",	"Send Telnet Abort output",		1, 0, 0, 2, AO },
-    { "ayt",	"Send Telnet 'Are You There'",		1, 0, 0, 2, AYT },
-    { "brk",	"Send Telnet Break",			1, 0, 0, 2, BREAK },
-    { "break",	0,					1, 0, 0, 2, BREAK },
-    { "ec",	"Send Telnet Erase Character",		1, 0, 0, 2, EC },
-    { "el",	"Send Telnet Erase Line",		1, 0, 0, 2, EL },
-    { "escape",	"Send current escape character",	1, 0, send_esc, 1, 0 },
-    { "ga",	"Send Telnet 'Go Ahead' sequence",	1, 0, 0, 2, GA },
-    { "ip",	"Send Telnet Interrupt Process",	1, 0, 0, 2, IP },
-    { "intp",	0,					1, 0, 0, 2, IP },
-    { "interrupt", 0,					1, 0, 0, 2, IP },
-    { "intr",	0,					1, 0, 0, 2, IP },
-    { "nop",	"Send Telnet 'No operation'",		1, 0, 0, 2, NOP },
-    { "eor",	"Send Telnet 'End of Record'",		1, 0, 0, 2, EOR },
-    { "abort",	"Send Telnet 'Abort Process'",		1, 0, 0, 2, ABORT },
-    { "susp",	"Send Telnet 'Suspend Process'",	1, 0, 0, 2, SUSP },
-    { "eof",	"Send Telnet End of File Character",	1, 0, 0, 2, xEOF },
-    { "synch",	"Perform Telnet 'Synch operation'",	1, 0, dosynch, 2, 0 },
-    { "getstatus", "Send request for STATUS",		1, 0, get_status, 6, 0 },
-    { "?",	"Display send options",			0, 0, send_help, 0, 0 },
-    { "help",	0,					0, 0, send_help, 0, 0 },
-    { "do",	0,					0, 1, send_docmd, 3, 0 },
-    { "dont",	0,					0, 1, send_dontcmd, 3, 0 },
-    { "will",	0,					0, 1, send_willcmd, 3, 0 },
-    { "wont",	0,					0, 1, send_wontcmd, 3, 0 },
-    { 0 }
-};
-
-#define	GETSEND(name) ((struct sendlist *) genget(name, (char **) Sendlist, \
-				sizeof(struct sendlist)))
-
-    static int
-sendcmd(argc, argv)
-    int  argc;
-    char **argv;
-{
-    int count;		/* how many bytes we are going to need to send */
-    int i;
-    int question = 0;	/* was at least one argument a question */
-    struct sendlist *s;	/* pointer to current command */
-    int success = 0;
-    int needconnect = 0;
-
-    if (argc < 2) {
-	printf("need at least one argument for 'send' command\n");
-	printf("'send ?' for help\n");
-	return 0;
-    }
-    /*
-     * First, validate all the send arguments.
-     * In addition, we see how much space we are going to need, and
-     * whether or not we will be doing a "SYNCH" operation (which
-     * flushes the network queue).
-     */
-    count = 0;
-    for (i = 1; i < argc; i++) {
-	s = GETSEND(argv[i]);
-	if (s == 0) {
-	    printf("Unknown send argument '%s'\n'send ?' for help.\n",
-			argv[i]);
-	    return 0;
-	} else if (Ambiguous(s)) {
-	    printf("Ambiguous send argument '%s'\n'send ?' for help.\n",
-			argv[i]);
-	    return 0;
-	}
-	if (i + s->narg >= argc) {
-	    fprintf(stderr,
-	    "Need %d argument%s to 'send %s' command.  'send %s ?' for help.\n",
-		s->narg, s->narg == 1 ? "" : "s", s->name, s->name);
-	    return 0;
-	}
-	count += s->nbyte;
-	if (s->handler == send_help) {
-	    send_help();
-	    return 0;
-	}
-
-	i += s->narg;
-	needconnect += s->needconnect;
-    }
-    if (!connected && needconnect) {
-	printf("?Need to be connected first.\n");
-	printf("'send ?' for help\n");
-	return 0;
-    }
-    /* Now, do we have enough room? */
-    if (NETROOM() < count) {
-	printf("There is not enough room in the buffer TO the network\n");
-	printf("to process your request.  Nothing will be done.\n");
-	printf("('send synch' will throw away most data in the network\n");
-	printf("buffer, if this might help.)\n");
-	return 0;
-    }
-    /* OK, they are all OK, now go through again and actually send */
-    count = 0;
-    for (i = 1; i < argc; i++) {
-	if ((s = GETSEND(argv[i])) == 0) {
-	    fprintf(stderr, "Telnet 'send' error - argument disappeared!\n");
-	    (void) quit();
-	    /*NOTREACHED*/
-	}
-	if (s->handler) {
-	    count++;
-	    success += (*s->handler)((s->narg > 0) ? argv[i+1] : 0,
-				  (s->narg > 1) ? argv[i+2] : 0);
-	    i += s->narg;
-	} else {
-	    NET2ADD(IAC, s->what);
-	    printoption("SENT", IAC, s->what);
-	}
-    }
-    return (count == success);
-}
-
-    static int
-send_esc()
-{
-    NETADD(escape);
-    return 1;
-}
-
-    static int
-send_docmd(name)
-    char *name;
-{
-    return(send_tncmd(send_do, "do", name));
-}
-
-    static int
-send_dontcmd(name)
-    char *name;
-{
-    return(send_tncmd(send_dont, "dont", name));
-}
-    static int
-send_willcmd(name)
-    char *name;
-{
-    return(send_tncmd(send_will, "will", name));
-}
-    static int
-send_wontcmd(name)
-    char *name;
-{
-    return(send_tncmd(send_wont, "wont", name));
-}
-
-    int
-send_tncmd(func, cmd, name)
-    void	(*func)();
-    char	*cmd, *name;
-{
-    char **cpp;
-    extern char *telopts[];
-    register int val = 0;
-
-    if (isprefix(name, "help") || isprefix(name, "?")) {
-	register int col, len;
-
-	printf("Usage: send %s <value|option>\n", cmd);
-	printf("\"value\" must be from 0 to 255\n");
-	printf("Valid options are:\n\t");
-
-	col = 8;
-	for (cpp = telopts; *cpp; cpp++) {
-	    len = strlen(*cpp) + 3;
-	    if (col + len > 65) {
-		printf("\n\t");
-		col = 8;
-	    }
-	    printf(" \"%s\"", *cpp);
-	    col += len;
-	}
-	printf("\n");
-	return 0;
-    }
-    cpp = (char **)genget(name, telopts, sizeof(char *));
-    if (Ambiguous(cpp)) {
-	fprintf(stderr,"'%s': ambiguous argument ('send %s ?' for help).\n",
-					name, cmd);
-	return 0;
-    }
-    if (cpp) {
-	val = cpp - telopts;
-    } else {
-	register char *cp = name;
-
-	while (*cp >= '0' && *cp <= '9') {
-	    val *= 10;
-	    val += *cp - '0';
-	    cp++;
-	}
-	if (*cp != 0) {
-	    fprintf(stderr, "'%s': unknown argument ('send %s ?' for help).\n",
-					name, cmd);
-	    return 0;
-	} else if (val < 0 || val > 255) {
-	    fprintf(stderr, "'%s': bad value ('send %s ?' for help).\n",
-					name, cmd);
-	    return 0;
-	}
-    }
-    if (!connected) {
-	printf("?Need to be connected first.\n");
-	return 0;
-    }
-    (*func)(val, 1);
-    return 1;
-}
-
-    static int
-send_help()
-{
-    struct sendlist *s;	/* pointer to current command */
-    for (s = Sendlist; s->name; s++) {
-	if (s->help)
-	    printf("%-15s %s\n", s->name, s->help);
-    }
-    return(0);
-}
-
-/*
- * The following are the routines and data structures referred
- * to by the arguments to the "toggle" command.
- */
-
-    static int
-lclchars()
-{
-    donelclchars = 1;
-    return 1;
-}
-
-    static int
-togdebug()
-{
-#ifndef	NOT43
-    if (net > 0 &&
-	(SetSockOpt(net, SOL_SOCKET, SO_DEBUG, debug)) < 0) {
-	    perror("setsockopt (SO_DEBUG)");
-    }
-#else	/* NOT43 */
-    if (debug) {
-	if (net > 0 && SetSockOpt(net, SOL_SOCKET, SO_DEBUG, 0, 0) < 0)
-	    perror("setsockopt (SO_DEBUG)");
-    } else
-	printf("Cannot turn off socket debugging\n");
-#endif	/* NOT43 */
-    return 1;
-}
-
-
-    static int
-togcrlf()
-{
-    if (crlf) {
-	printf("Will send carriage returns as telnet <CR><LF>.\n");
-    } else {
-	printf("Will send carriage returns as telnet <CR><NUL>.\n");
-    }
-    return 1;
-}
-
-int binmode;
-
-    static int
-togbinary(val)
-    int val;
-{
-    donebinarytoggle = 1;
-
-    if (val >= 0) {
-	binmode = val;
-    } else {
-	if (my_want_state_is_will(TELOPT_BINARY) &&
-				my_want_state_is_do(TELOPT_BINARY)) {
-	    binmode = 1;
-	} else if (my_want_state_is_wont(TELOPT_BINARY) &&
-				my_want_state_is_dont(TELOPT_BINARY)) {
-	    binmode = 0;
-	}
-	val = binmode ? 0 : 1;
-    }
-
-    if (val == 1) {
-	if (my_want_state_is_will(TELOPT_BINARY) &&
-					my_want_state_is_do(TELOPT_BINARY)) {
-	    printf("Already operating in binary mode with remote host.\n");
-	} else {
-	    printf("Negotiating binary mode with remote host.\n");
-	    tel_enter_binary(3);
-	}
-    } else {
-	if (my_want_state_is_wont(TELOPT_BINARY) &&
-					my_want_state_is_dont(TELOPT_BINARY)) {
-	    printf("Already in network ascii mode with remote host.\n");
-	} else {
-	    printf("Negotiating network ascii mode with remote host.\n");
-	    tel_leave_binary(3);
-	}
-    }
-    return 1;
-}
-
-    static int
-togrbinary(val)
-    int val;
-{
-    donebinarytoggle = 1;
-
-    if (val == -1)
-	val = my_want_state_is_do(TELOPT_BINARY) ? 0 : 1;
-
-    if (val == 1) {
-	if (my_want_state_is_do(TELOPT_BINARY)) {
-	    printf("Already receiving in binary mode.\n");
-	} else {
-	    printf("Negotiating binary mode on input.\n");
-	    tel_enter_binary(1);
-	}
-    } else {
-	if (my_want_state_is_dont(TELOPT_BINARY)) {
-	    printf("Already receiving in network ascii mode.\n");
-	} else {
-	    printf("Negotiating network ascii mode on input.\n");
-	    tel_leave_binary(1);
-	}
-    }
-    return 1;
-}
-
-    static int
-togxbinary(val)
-    int val;
-{
-    donebinarytoggle = 1;
-
-    if (val == -1)
-	val = my_want_state_is_will(TELOPT_BINARY) ? 0 : 1;
-
-    if (val == 1) {
-	if (my_want_state_is_will(TELOPT_BINARY)) {
-	    printf("Already transmitting in binary mode.\n");
-	} else {
-	    printf("Negotiating binary mode on output.\n");
-	    tel_enter_binary(2);
-	}
-    } else {
-	if (my_want_state_is_wont(TELOPT_BINARY)) {
-	    printf("Already transmitting in network ascii mode.\n");
-	} else {
-	    printf("Negotiating network ascii mode on output.\n");
-	    tel_leave_binary(2);
-	}
-    }
-    return 1;
-}
-
-
-static int togglehelp P((void));
-#if	defined(AUTHENTICATION)
-extern int auth_togdebug P((int));
-#endif
-#ifdef	ENCRYPTION
-extern int EncryptAutoEnc P((int));
-extern int EncryptAutoDec P((int));
-extern int EncryptDebug P((int));
-extern int EncryptVerbose P((int));
-#endif	/* ENCRYPTION */
-
-struct togglelist {
-    char	*name;		/* name of toggle */
-    char	*help;		/* help message */
-    int		(*handler)();	/* routine to do actual setting */
-    int		*variable;
-    char	*actionexplanation;
-};
-
-static struct togglelist Togglelist[] = {
-    { "autoflush",
-	"flushing of output when sending interrupt characters",
-	    0,
-		&autoflush,
-		    "flush output when sending interrupt characters" },
-    { "autosynch",
-	"automatic sending of interrupt characters in urgent mode",
-	    0,
-		&autosynch,
-		    "send interrupt characters in urgent mode" },
-#if	defined(AUTHENTICATION)
-    { "autologin",
-	"automatic sending of login and/or authentication info",
-	    0,
-		&autologin,
-		    "send login name and/or authentication information" },
-    { "authdebug",
-	"Toggle authentication debugging",
-	    auth_togdebug,
-		0,
-		     "print authentication debugging information" },
-#endif
-#ifdef	ENCRYPTION
-    { "autoencrypt",
-	"automatic encryption of data stream",
-	    EncryptAutoEnc,
-		0,
-		    "automatically encrypt output" },
-    { "autodecrypt",
-	"automatic decryption of data stream",
-	    EncryptAutoDec,
-		0,
-		    "automatically decrypt input" },
-    { "verbose_encrypt",
-	"Toggle verbose encryption output",
-	    EncryptVerbose,
-		0,
-		    "print verbose encryption output" },
-    { "encdebug",
-	"Toggle encryption debugging",
-	    EncryptDebug,
-		0,
-		    "print encryption debugging information" },
-#endif	/* ENCRYPTION */
-    { "skiprc",
-	"don't read ~/.telnetrc file",
-	    0,
-		&skiprc,
-		    "skip reading of ~/.telnetrc file" },
-    { "binary",
-	"sending and receiving of binary data",
-	    togbinary,
-		0,
-		    0 },
-    { "inbinary",
-	"receiving of binary data",
-	    togrbinary,
-		0,
-		    0 },
-    { "outbinary",
-	"sending of binary data",
-	    togxbinary,
-		0,
-		    0 },
-    { "crlf",
-	"sending carriage returns as telnet <CR><LF>",
-	    togcrlf,
-		&crlf,
-		    0 },
-    { "crmod",
-	"mapping of received carriage returns",
-	    0,
-		&crmod,
-		    "map carriage return on output" },
-    { "localchars",
-	"local recognition of certain control characters",
-	    lclchars,
-		&localchars,
-		    "recognize certain control characters" },
-    { " ", "", 0 },		/* empty line */
-#if	defined(unix) && defined(TN3270)
-    { "apitrace",
-	"(debugging) toggle tracing of API transactions",
-	    0,
-		&apitrace,
-		    "trace API transactions" },
-    { "cursesdata",
-	"(debugging) toggle printing of hexadecimal curses data",
-	    0,
-		&cursesdata,
-		    "print hexadecimal representation of curses data" },
-#endif	/* defined(unix) && defined(TN3270) */
-    { "debug",
-	"debugging",
-	    togdebug,
-		&debug,
-		    "turn on socket level debugging" },
-    { "netdata",
-	"printing of hexadecimal network data (debugging)",
-	    0,
-		&netdata,
-		    "print hexadecimal representation of network traffic" },
-    { "prettydump",
-	"output of \"netdata\" to user readable format (debugging)",
-	    0,
-		&prettydump,
-		    "print user readable output for \"netdata\"" },
-    { "options",
-	"viewing of options processing (debugging)",
-	    0,
-		&showoptions,
-		    "show option processing" },
-#if	defined(unix)
-    { "termdata",
-	"(debugging) toggle printing of hexadecimal terminal data",
-	    0,
-		&termdata,
-		    "print hexadecimal representation of terminal traffic" },
-#endif	/* defined(unix) */
-    { "?",
-	0,
-	    togglehelp },
-    { "help",
-	0,
-	    togglehelp },
-    { 0 }
-};
-
-    static int
-togglehelp()
-{
-    struct togglelist *c;
-
-    for (c = Togglelist; c->name; c++) {
-	if (c->help) {
-	    if (*c->help)
-		printf("%-15s toggle %s\n", c->name, c->help);
-	    else
-		printf("\n");
-	}
-    }
-    printf("\n");
-    printf("%-15s %s\n", "?", "display help information");
-    return 0;
-}
-
-    static void
-settogglehelp(set)
-    int set;
-{
-    struct togglelist *c;
-
-    for (c = Togglelist; c->name; c++) {
-	if (c->help) {
-	    if (*c->help)
-		printf("%-15s %s %s\n", c->name, set ? "enable" : "disable",
-						c->help);
-	    else
-		printf("\n");
-	}
-    }
-}
-
-#define	GETTOGGLE(name) (struct togglelist *) \
-		genget(name, (char **) Togglelist, sizeof(struct togglelist))
-
-    static int
-toggle(argc, argv)
-    int  argc;
-    char *argv[];
-{
-    int retval = 1;
-    char *name;
-    struct togglelist *c;
-
-    if (argc < 2) {
-	fprintf(stderr,
-	    "Need an argument to 'toggle' command.  'toggle ?' for help.\n");
-	return 0;
-    }
-    argc--;
-    argv++;
-    while (argc--) {
-	name = *argv++;
-	c = GETTOGGLE(name);
-	if (Ambiguous(c)) {
-	    fprintf(stderr, "'%s': ambiguous argument ('toggle ?' for help).\n",
-					name);
-	    return 0;
-	} else if (c == 0) {
-	    fprintf(stderr, "'%s': unknown argument ('toggle ?' for help).\n",
-					name);
-	    return 0;
-	} else {
-	    if (c->variable) {
-		*c->variable = !*c->variable;		/* invert it */
-		if (c->actionexplanation) {
-		    printf("%s %s.\n", *c->variable? "Will" : "Won't",
-							c->actionexplanation);
-		}
-	    }
-	    if (c->handler) {
-		retval &= (*c->handler)(-1);
-	    }
-	}
-    }
-    return retval;
-}
-
-/*
- * The following perform the "set" command.
- */
-
-#ifdef	USE_TERMIO
-struct termio new_tc = { 0 };
-#endif
-
-struct setlist {
-    char *name;				/* name */
-    char *help;				/* help information */
-    void (*handler)();
-    cc_t *charp;			/* where it is located at */
-};
-
-static struct setlist Setlist[] = {
-#ifdef	KLUDGELINEMODE
-    { "echo", 	"character to toggle local echoing on/off", 0, &echoc },
-#endif
-    { "escape",	"character to escape back to telnet command mode", 0, &escape },
-    { "rlogin", "rlogin escape character", 0, &rlogin },
-    { "tracefile", "file to write trace information to", SetNetTrace, (cc_t *)NetTraceFile},
-    { " ", "" },
-    { " ", "The following need 'localchars' to be toggled true", 0, 0 },
-    { "flushoutput", "character to cause an Abort Output", 0, termFlushCharp },
-    { "interrupt", "character to cause an Interrupt Process", 0, termIntCharp },
-    { "quit",	"character to cause an Abort process", 0, termQuitCharp },
-    { "eof",	"character to cause an EOF ", 0, termEofCharp },
-    { " ", "" },
-    { " ", "The following are for local editing in linemode", 0, 0 },
-    { "erase",	"character to use to erase a character", 0, termEraseCharp },
-    { "kill",	"character to use to erase a line", 0, termKillCharp },
-    { "lnext",	"character to use for literal next", 0, termLiteralNextCharp },
-    { "susp",	"character to cause a Suspend Process", 0, termSuspCharp },
-    { "reprint", "character to use for line reprint", 0, termRprntCharp },
-    { "worderase", "character to use to erase a word", 0, termWerasCharp },
-    { "start",	"character to use for XON", 0, termStartCharp },
-    { "stop",	"character to use for XOFF", 0, termStopCharp },
-    { "forw1",	"alternate end of line character", 0, termForw1Charp },
-    { "forw2",	"alternate end of line character", 0, termForw2Charp },
-    { "ayt",	"alternate AYT character", 0, termAytCharp },
-    { 0 }
-};
-
-#if	defined(CRAY) && !defined(__STDC__)
-/* Work around compiler bug in pcc 4.1.5 */
-    void
-_setlist_init()
-{
-#ifndef	KLUDGELINEMODE
-#define	N 5
-#else
-#define	N 6
-#endif
-	Setlist[N+0].charp = &termFlushChar;
-	Setlist[N+1].charp = &termIntChar;
-	Setlist[N+2].charp = &termQuitChar;
-	Setlist[N+3].charp = &termEofChar;
-	Setlist[N+6].charp = &termEraseChar;
-	Setlist[N+7].charp = &termKillChar;
-	Setlist[N+8].charp = &termLiteralNextChar;
-	Setlist[N+9].charp = &termSuspChar;
-	Setlist[N+10].charp = &termRprntChar;
-	Setlist[N+11].charp = &termWerasChar;
-	Setlist[N+12].charp = &termStartChar;
-	Setlist[N+13].charp = &termStopChar;
-	Setlist[N+14].charp = &termForw1Char;
-	Setlist[N+15].charp = &termForw2Char;
-	Setlist[N+16].charp = &termAytChar;
-#undef	N
-}
-#endif	/* defined(CRAY) && !defined(__STDC__) */
-
-    static struct setlist *
-getset(name)
-    char *name;
-{
-    return (struct setlist *)
-		genget(name, (char **) Setlist, sizeof(struct setlist));
-}
-
-    void
-set_escape_char(s)
-    char *s;
-{
-	if (rlogin != _POSIX_VDISABLE) {
-		rlogin = (s && *s) ? special(s) : _POSIX_VDISABLE;
-		printf("Telnet rlogin escape character is '%s'.\n",
-					control(rlogin));
-	} else {
-		escape = (s && *s) ? special(s) : _POSIX_VDISABLE;
-		printf("Telnet escape character is '%s'.\n", control(escape));
-	}
-}
-
-    static int
-setcmd(argc, argv)
-    int  argc;
-    char *argv[];
-{
-    int value;
-    struct setlist *ct;
-    struct togglelist *c;
-
-    if (argc < 2 || argc > 3) {
-	printf("Format is 'set Name Value'\n'set ?' for help.\n");
-	return 0;
-    }
-    if ((argc == 2) && (isprefix(argv[1], "?") || isprefix(argv[1], "help"))) {
-	for (ct = Setlist; ct->name; ct++)
-	    printf("%-15s %s\n", ct->name, ct->help);
-	printf("\n");
-	settogglehelp(1);
-	printf("%-15s %s\n", "?", "display help information");
-	return 0;
-    }
-
-    ct = getset(argv[1]);
-    if (ct == 0) {
-	c = GETTOGGLE(argv[1]);
-	if (c == 0) {
-	    fprintf(stderr, "'%s': unknown argument ('set ?' for help).\n",
-			argv[1]);
-	    return 0;
-	} else if (Ambiguous(c)) {
-	    fprintf(stderr, "'%s': ambiguous argument ('set ?' for help).\n",
-			argv[1]);
-	    return 0;
-	}
-	if (c->variable) {
-	    if ((argc == 2) || (strcmp("on", argv[2]) == 0))
-		*c->variable = 1;
-	    else if (strcmp("off", argv[2]) == 0)
-		*c->variable = 0;
-	    else {
-		printf("Format is 'set togglename [on|off]'\n'set ?' for help.\n");
-		return 0;
-	    }
-	    if (c->actionexplanation) {
-		printf("%s %s.\n", *c->variable? "Will" : "Won't",
-							c->actionexplanation);
-	    }
-	}
-	if (c->handler)
-	    (*c->handler)(1);
-    } else if (argc != 3) {
-	printf("Format is 'set Name Value'\n'set ?' for help.\n");
-	return 0;
-    } else if (Ambiguous(ct)) {
-	fprintf(stderr, "'%s': ambiguous argument ('set ?' for help).\n",
-			argv[1]);
-	return 0;
-    } else if (ct->handler) {
-	(*ct->handler)(argv[2]);
-	printf("%s set to \"%s\".\n", ct->name, (char *)ct->charp);
-    } else {
-	if (strcmp("off", argv[2])) {
-	    value = special(argv[2]);
-	} else {
-	    value = _POSIX_VDISABLE;
-	}
-	*(ct->charp) = (cc_t)value;
-	printf("%s character is '%s'.\n", ct->name, control(*(ct->charp)));
-    }
-    slc_check();
-    return 1;
-}
-
-    static int
-unsetcmd(argc, argv)
-    int  argc;
-    char *argv[];
-{
-    struct setlist *ct;
-    struct togglelist *c;
-    register char *name;
-
-    if (argc < 2) {
-	fprintf(stderr,
-	    "Need an argument to 'unset' command.  'unset ?' for help.\n");
-	return 0;
-    }
-    if (isprefix(argv[1], "?") || isprefix(argv[1], "help")) {
-	for (ct = Setlist; ct->name; ct++)
-	    printf("%-15s %s\n", ct->name, ct->help);
-	printf("\n");
-	settogglehelp(0);
-	printf("%-15s %s\n", "?", "display help information");
-	return 0;
-    }
-
-    argc--;
-    argv++;
-    while (argc--) {
-	name = *argv++;
-	ct = getset(name);
-	if (ct == 0) {
-	    c = GETTOGGLE(name);
-	    if (c == 0) {
-		fprintf(stderr, "'%s': unknown argument ('unset ?' for help).\n",
-			name);
-		return 0;
-	    } else if (Ambiguous(c)) {
-		fprintf(stderr, "'%s': ambiguous argument ('unset ?' for help).\n",
-			name);
-		return 0;
-	    }
-	    if (c->variable) {
-		*c->variable = 0;
-		if (c->actionexplanation) {
-		    printf("%s %s.\n", *c->variable? "Will" : "Won't",
-							c->actionexplanation);
-		}
-	    }
-	    if (c->handler)
-		(*c->handler)(0);
-	} else if (Ambiguous(ct)) {
-	    fprintf(stderr, "'%s': ambiguous argument ('unset ?' for help).\n",
-			name);
-	    return 0;
-	} else if (ct->handler) {
-	    (*ct->handler)(0);
-	    printf("%s reset to \"%s\".\n", ct->name, (char *)ct->charp);
-	} else {
-	    *(ct->charp) = _POSIX_VDISABLE;
-	    printf("%s character is '%s'.\n", ct->name, control(*(ct->charp)));
-	}
-    }
-    return 1;
-}
-
-/*
- * The following are the data structures and routines for the
- * 'mode' command.
- */
-#ifdef	KLUDGELINEMODE
-extern int kludgelinemode;
-
-    static int
-dokludgemode()
-{
-    kludgelinemode = 1;
-    send_wont(TELOPT_LINEMODE, 1);
-    send_dont(TELOPT_SGA, 1);
-    send_dont(TELOPT_ECHO, 1);
-}
-#endif
-
-    static int
-dolinemode()
-{
-#ifdef	KLUDGELINEMODE
-    if (kludgelinemode)
-	send_dont(TELOPT_SGA, 1);
-#endif
-    send_will(TELOPT_LINEMODE, 1);
-    send_dont(TELOPT_ECHO, 1);
-    return 1;
-}
-
-    static int
-docharmode()
-{
-#ifdef	KLUDGELINEMODE
-    if (kludgelinemode)
-	send_do(TELOPT_SGA, 1);
-    else
-#endif
-    send_wont(TELOPT_LINEMODE, 1);
-    send_do(TELOPT_ECHO, 1);
-    return 1;
-}
-
-    static int
-dolmmode(bit, on)
-    int bit, on;
-{
-    unsigned char c;
-    extern int linemode;
-
-    if (my_want_state_is_wont(TELOPT_LINEMODE)) {
-	printf("?Need to have LINEMODE option enabled first.\n");
-	printf("'mode ?' for help.\n");
-	return 0;
-    }
-
-    if (on)
-	c = (linemode | bit);
-    else
-	c = (linemode & ~bit);
-    lm_mode(&c, 1, 1);
-    return 1;
-}
-
-    int
-setmode(bit)
-{
-    return dolmmode(bit, 1);
-}
-
-    int
-clearmode(bit)
-{
-    return dolmmode(bit, 0);
-}
-
-struct modelist {
-	char	*name;		/* command name */
-	char	*help;		/* help string */
-	int	(*handler)();	/* routine which executes command */
-	int	needconnect;	/* Do we need to be connected to execute? */
-	int	arg1;
-};
-
-extern int modehelp();
-
-static struct modelist ModeList[] = {
-    { "character", "Disable LINEMODE option",	docharmode, 1 },
-#ifdef	KLUDGELINEMODE
-    { "",	"(or disable obsolete line-by-line mode)", 0 },
-#endif
-    { "line",	"Enable LINEMODE option",	dolinemode, 1 },
-#ifdef	KLUDGELINEMODE
-    { "",	"(or enable obsolete line-by-line mode)", 0 },
-#endif
-    { "", "", 0 },
-    { "",	"These require the LINEMODE option to be enabled", 0 },
-    { "isig",	"Enable signal trapping",	setmode, 1, MODE_TRAPSIG },
-    { "+isig",	0,				setmode, 1, MODE_TRAPSIG },
-    { "-isig",	"Disable signal trapping",	clearmode, 1, MODE_TRAPSIG },
-    { "edit",	"Enable character editing",	setmode, 1, MODE_EDIT },
-    { "+edit",	0,				setmode, 1, MODE_EDIT },
-    { "-edit",	"Disable character editing",	clearmode, 1, MODE_EDIT },
-    { "softtabs", "Enable tab expansion",	setmode, 1, MODE_SOFT_TAB },
-    { "+softtabs", 0,				setmode, 1, MODE_SOFT_TAB },
-    { "-softtabs", "Disable character editing",	clearmode, 1, MODE_SOFT_TAB },
-    { "litecho", "Enable literal character echo", setmode, 1, MODE_LIT_ECHO },
-    { "+litecho", 0,				setmode, 1, MODE_LIT_ECHO },
-    { "-litecho", "Disable literal character echo", clearmode, 1, MODE_LIT_ECHO },
-    { "help",	0,				modehelp, 0 },
-#ifdef	KLUDGELINEMODE
-    { "kludgeline", 0,				dokludgemode, 1 },
-#endif
-    { "", "", 0 },
-    { "?",	"Print help information",	modehelp, 0 },
-    { 0 },
-};
-
-
-    int
-modehelp()
-{
-    struct modelist *mt;
-
-    printf("format is:  'mode Mode', where 'Mode' is one of:\n\n");
-    for (mt = ModeList; mt->name; mt++) {
-	if (mt->help) {
-	    if (*mt->help)
-		printf("%-15s %s\n", mt->name, mt->help);
-	    else
-		printf("\n");
-	}
-    }
-    return 0;
-}
-
-#define	GETMODECMD(name) (struct modelist *) \
-		genget(name, (char **) ModeList, sizeof(struct modelist))
-
-    static int
-modecmd(argc, argv)
-    int  argc;
-    char *argv[];
-{
-    struct modelist *mt;
-
-    if (argc != 2) {
-	printf("'mode' command requires an argument\n");
-	printf("'mode ?' for help.\n");
-    } else if ((mt = GETMODECMD(argv[1])) == 0) {
-	fprintf(stderr, "Unknown mode '%s' ('mode ?' for help).\n", argv[1]);
-    } else if (Ambiguous(mt)) {
-	fprintf(stderr, "Ambiguous mode '%s' ('mode ?' for help).\n", argv[1]);
-    } else if (mt->needconnect && !connected) {
-	printf("?Need to be connected first.\n");
-	printf("'mode ?' for help.\n");
-    } else if (mt->handler) {
-	return (*mt->handler)(mt->arg1);
-    }
-    return 0;
-}
-
-/*
- * The following data structures and routines implement the
- * "display" command.
- */
-
-    static int
-display(argc, argv)
-    int  argc;
-    char *argv[];
-{
-    struct togglelist *tl;
-    struct setlist *sl;
-
-#define	dotog(tl)	if (tl->variable && tl->actionexplanation) { \
-			    if (*tl->variable) { \
-				printf("will"); \
-			    } else { \
-				printf("won't"); \
-			    } \
-			    printf(" %s.\n", tl->actionexplanation); \
-			}
-
-#define	doset(sl)   if (sl->name && *sl->name != ' ') { \
-			if (sl->handler == 0) \
-			    printf("%-15s [%s]\n", sl->name, control(*sl->charp)); \
-			else \
-			    printf("%-15s \"%s\"\n", sl->name, (char *)sl->charp); \
-		    }
-
-    if (argc == 1) {
-	for (tl = Togglelist; tl->name; tl++) {
-	    dotog(tl);
-	}
-	printf("\n");
-	for (sl = Setlist; sl->name; sl++) {
-	    doset(sl);
-	}
-    } else {
-	int i;
-
-	for (i = 1; i < argc; i++) {
-	    sl = getset(argv[i]);
-	    tl = GETTOGGLE(argv[i]);
-	    if (Ambiguous(sl) || Ambiguous(tl)) {
-		printf("?Ambiguous argument '%s'.\n", argv[i]);
-		return 0;
-	    } else if (!sl && !tl) {
-		printf("?Unknown argument '%s'.\n", argv[i]);
-		return 0;
-	    } else {
-		if (tl) {
-		    dotog(tl);
-		}
-		if (sl) {
-		    doset(sl);
-		}
-	    }
-	}
-    }
-/*@*/optionstatus();
-#ifdef	ENCRYPTION
-    EncryptStatus();
-#endif	/* ENCRYPTION */
-    return 1;
-#undef	doset
-#undef	dotog
-}
-
-/*
- * The following are the data structures, and many of the routines,
- * relating to command processing.
- */
-
-/*
- * Set the escape character.
- */
-	static int
-setescape(argc, argv)
-	int argc;
-	char *argv[];
-{
-	register char *arg;
-	char buf[50];
-
-	printf(
-	    "Deprecated usage - please use 'set escape%s%s' in the future.\n",
-				(argc > 2)? " ":"", (argc > 2)? argv[1]: "");
-	if (argc > 2)
-		arg = argv[1];
-	else {
-		printf("new escape character: ");
-		(void) fgets(buf, sizeof(buf), stdin);
-		arg = buf;
-	}
-	if (arg[0] != '\0')
-		escape = arg[0];
-	if (!In3270) {
-		printf("Escape character is '%s'.\n", control(escape));
-	}
-	(void) fflush(stdout);
-	return 1;
-}
-
-    /*VARARGS*/
-    static int
-togcrmod()
-{
-    crmod = !crmod;
-    printf("Deprecated usage - please use 'toggle crmod' in the future.\n");
-    printf("%s map carriage return on output.\n", crmod ? "Will" : "Won't");
-    (void) fflush(stdout);
-    return 1;
-}
-
-    /*VARARGS*/
-    int
-suspend()
-{
-#ifdef	SIGTSTP
-    setcommandmode();
-    {
-	long oldrows, oldcols, newrows, newcols, err;
-
-	err = (TerminalWindowSize(&oldrows, &oldcols) == 0) ? 1 : 0;
-	(void) kill(0, SIGTSTP);
-	/*
-	 * If we didn't get the window size before the SUSPEND, but we
-	 * can get them now (?), then send the NAWS to make sure that
-	 * we are set up for the right window size.
-	 */
-	if (TerminalWindowSize(&newrows, &newcols) && connected &&
-	    (err || ((oldrows != newrows) || (oldcols != newcols)))) {
-		sendnaws();
-	}
-    }
-    /* reget parameters in case they were changed */
-    TerminalSaveState();
-    setconnmode(0);
-#else
-    printf("Suspend is not supported.  Try the '!' command instead\n");
-#endif
-    return 1;
-}
-
-#if	!defined(TN3270)
-    /*ARGSUSED*/
-    int
-shell(argc, argv)
-    int argc;
-    char *argv[];
-{
-    long oldrows, oldcols, newrows, newcols, err;
-
-    setcommandmode();
-
-    err = (TerminalWindowSize(&oldrows, &oldcols) == 0) ? 1 : 0;
-    switch(vfork()) {
-    case -1:
-	perror("Fork failed\n");
-	break;
-
-    case 0:
-	{
-	    /*
-	     * Fire up the shell in the child.
-	     */
-	    register char *shellp, *shellname;
-	    extern char *strrchr();
-
-	    shellp = getenv("SHELL");
-	    if (shellp == NULL)
-		shellp = "/bin/sh";
-	    if ((shellname = strrchr(shellp, '/')) == 0)
-		shellname = shellp;
-	    else
-		shellname++;
-	    if (argc > 1)
-		execl(shellp, shellname, "-c", &saveline[1], 0);
-	    else
-		execl(shellp, shellname, 0);
-	    perror("Execl");
-	    _exit(1);
-	}
-    default:
-	    (void)wait((int *)0);	/* Wait for the shell to complete */
-
-	    if (TerminalWindowSize(&newrows, &newcols) && connected &&
-		(err || ((oldrows != newrows) || (oldcols != newcols)))) {
-		    sendnaws();
-	    }
-	    break;
-    }
-    return 1;
-}
-#else	/* !defined(TN3270) */
-extern int shell();
-#endif	/* !defined(TN3270) */
-
-    /*VARARGS*/
-    static
-bye(argc, argv)
-    int  argc;		/* Number of arguments */
-    char *argv[];	/* arguments */
-{
-    extern int resettermname;
-
-    if (connected) {
-	(void) shutdown(net, 2);
-	printf("Connection closed.\n");
-	(void) NetClose(net);
-	connected = 0;
-	resettermname = 1;
-#if	defined(AUTHENTICATION) || defined(ENCRYPTION)
-	auth_encrypt_connect(connected);
-#endif	/* defined(AUTHENTICATION) || defined(ENCRYPTION) */
-	/* reset options */
-	tninit();
-#if	defined(TN3270)
-	SetIn3270();		/* Get out of 3270 mode */
-#endif	/* defined(TN3270) */
-    }
-    if ((argc != 2) || (strcmp(argv[1], "fromquit") != 0)) {
-	longjmp(toplevel, 1);
-	/* NOTREACHED */
-    }
-    return 1;			/* Keep lint, etc., happy */
-}
-
-/*VARARGS*/
-quit()
-{
-	(void) call(bye, "bye", "fromquit", 0);
-	Exit(0);
-	/*NOTREACHED*/
-}
-
-/*VARARGS*/
-	int
-logout()
-{
-	send_do(TELOPT_LOGOUT, 1);
-	(void) netflush();
-	return 1;
-}
-
-
-/*
- * The SLC command.
- */
-
-struct slclist {
-	char	*name;
-	char	*help;
-	void	(*handler)();
-	int	arg;
-};
-
-static void slc_help();
-
-struct slclist SlcList[] = {
-    { "export",	"Use local special character definitions",
-						slc_mode_export,	0 },
-    { "import",	"Use remote special character definitions",
-						slc_mode_import,	1 },
-    { "check",	"Verify remote special character definitions",
-						slc_mode_import,	0 },
-    { "help",	0,				slc_help,		0 },
-    { "?",	"Print help information",	slc_help,		0 },
-    { 0 },
-};
-
-    static void
-slc_help()
-{
-    struct slclist *c;
-
-    for (c = SlcList; c->name; c++) {
-	if (c->help) {
-	    if (*c->help)
-		printf("%-15s %s\n", c->name, c->help);
-	    else
-		printf("\n");
-	}
-    }
-}
-
-    static struct slclist *
-getslc(name)
-    char *name;
-{
-    return (struct slclist *)
-		genget(name, (char **) SlcList, sizeof(struct slclist));
-}
-
-    static
-slccmd(argc, argv)
-    int  argc;
-    char *argv[];
-{
-    struct slclist *c;
-
-    if (argc != 2) {
-	fprintf(stderr,
-	    "Need an argument to 'slc' command.  'slc ?' for help.\n");
-	return 0;
-    }
-    c = getslc(argv[1]);
-    if (c == 0) {
-        fprintf(stderr, "'%s': unknown argument ('slc ?' for help).\n",
-    				argv[1]);
-        return 0;
-    }
-    if (Ambiguous(c)) {
-        fprintf(stderr, "'%s': ambiguous argument ('slc ?' for help).\n",
-    				argv[1]);
-        return 0;
-    }
-    (*c->handler)(c->arg);
-    slcstate();
-    return 1;
-}
-
-/*
- * The ENVIRON command.
- */
-
-struct envlist {
-	char	*name;
-	char	*help;
-	void	(*handler)();
-	int	narg;
-};
-
-extern struct env_lst *
-	env_define P((unsigned char *, unsigned char *));
-extern void
-	env_undefine P((unsigned char *)),
-	env_export P((unsigned char *)),
-	env_unexport P((unsigned char *)),
-	env_send P((unsigned char *)),
-#if defined(OLD_ENVIRON) && defined(ENV_HACK)
-	env_varval P((unsigned char *)),
-#endif
-	env_list P((void));
-static void
-	env_help P((void));
-
-struct envlist EnvList[] = {
-    { "define",	"Define an environment variable",
-						(void (*)())env_define,	2 },
-    { "undefine", "Undefine an environment variable",
-						env_undefine,	1 },
-    { "export",	"Mark an environment variable for automatic export",
-						env_export,	1 },
-    { "unexport", "Don't mark an environment variable for automatic export",
-						env_unexport,	1 },
-    { "send",	"Send an environment variable", env_send,	1 },
-    { "list",	"List the current environment variables",
-						env_list,	0 },
-#if defined(OLD_ENVIRON) && defined(ENV_HACK)
-    { "varval", "Reverse VAR and VALUE (auto, right, wrong, status)",
-						env_varval,    1 },
-#endif
-    { "help",	0,				env_help,		0 },
-    { "?",	"Print help information",	env_help,		0 },
-    { 0 },
-};
-
-    static void
-env_help()
-{
-    struct envlist *c;
-
-    for (c = EnvList; c->name; c++) {
-	if (c->help) {
-	    if (*c->help)
-		printf("%-15s %s\n", c->name, c->help);
-	    else
-		printf("\n");
-	}
-    }
-}
-
-    static struct envlist *
-getenvcmd(name)
-    char *name;
-{
-    return (struct envlist *)
-		genget(name, (char **) EnvList, sizeof(struct envlist));
-}
-
-env_cmd(argc, argv)
-    int  argc;
-    char *argv[];
-{
-    struct envlist *c;
-
-    if (argc < 2) {
-	fprintf(stderr,
-	    "Need an argument to 'environ' command.  'environ ?' for help.\n");
-	return 0;
-    }
-    c = getenvcmd(argv[1]);
-    if (c == 0) {
-        fprintf(stderr, "'%s': unknown argument ('environ ?' for help).\n",
-    				argv[1]);
-        return 0;
-    }
-    if (Ambiguous(c)) {
-        fprintf(stderr, "'%s': ambiguous argument ('environ ?' for help).\n",
-    				argv[1]);
-        return 0;
-    }
-    if (c->narg + 2 != argc) {
-	fprintf(stderr,
-	    "Need %s%d argument%s to 'environ %s' command.  'environ ?' for help.\n",
-		c->narg < argc + 2 ? "only " : "",
-		c->narg, c->narg == 1 ? "" : "s", c->name);
-	return 0;
-    }
-    (*c->handler)(argv[2], argv[3]);
-    return 1;
-}
-
-struct env_lst {
-	struct env_lst *next;	/* pointer to next structure */
-	struct env_lst *prev;	/* pointer to previous structure */
-	unsigned char *var;	/* pointer to variable name */
-	unsigned char *value;	/* pointer to variable value */
-	int export;		/* 1 -> export with default list of variables */
-	int welldefined;	/* A well defined variable */
-};
-
-struct env_lst envlisthead;
-
-	struct env_lst *
-env_find(var)
-	unsigned char *var;
-{
-	register struct env_lst *ep;
-
-	for (ep = envlisthead.next; ep; ep = ep->next) {
-		if (strcmp((char *)ep->var, (char *)var) == 0)
-			return(ep);
-	}
-	return(NULL);
-}
-
-	void
-env_init()
-{
-	extern char **environ;
-	register char **epp, *cp;
-	register struct env_lst *ep;
-	extern char *strchr();
-
-	for (epp = environ; *epp; epp++) {
-		if (cp = strchr(*epp, '=')) {
-			*cp = '\0';
-			ep = env_define((unsigned char *)*epp,
-					(unsigned char *)cp+1);
-			ep->export = 0;
-			*cp = '=';
-		}
-	}
-	/*
-	 * Special case for DISPLAY variable.  If it is ":0.0" or
-	 * "unix:0.0", we have to get rid of "unix" and insert our
-	 * hostname.
-	 */
-	if ((ep = env_find("DISPLAY"))
-	    && ((*ep->value == ':')
-	        || (strncmp((char *)ep->value, "unix:", 5) == 0))) {
-		char hbuf[256+1];
-		char *cp2 = strchr((char *)ep->value, ':');
-
-		gethostname(hbuf, 256);
-		hbuf[256] = '\0';
-		cp = (char *)malloc(strlen(hbuf) + strlen(cp2) + 1);
-		sprintf((char *)cp, "%s%s", hbuf, cp2);
-		free(ep->value);
-		ep->value = (unsigned char *)cp;
-	}
-	/*
-	 * If USER is not defined, but LOGNAME is, then add
-	 * USER with the value from LOGNAME.  By default, we
-	 * don't export the USER variable.
-	 */
-	if ((env_find("USER") == NULL) && (ep = env_find("LOGNAME"))) {
-		env_define((unsigned char *)"USER", ep->value);
-		env_unexport((unsigned char *)"USER");
-	}
-	env_export((unsigned char *)"DISPLAY");
-	env_export((unsigned char *)"PRINTER");
-}
-
-	struct env_lst *
-env_define(var, value)
-	unsigned char *var, *value;
-{
-	register struct env_lst *ep;
-
-	if (ep = env_find(var)) {
-		if (ep->var)
-			free(ep->var);
-		if (ep->value)
-			free(ep->value);
-	} else {
-		ep = (struct env_lst *)malloc(sizeof(struct env_lst));
-		ep->next = envlisthead.next;
-		envlisthead.next = ep;
-		ep->prev = &envlisthead;
-		if (ep->next)
-			ep->next->prev = ep;
-	}
-	ep->welldefined = opt_welldefined(var);
-	ep->export = 1;
-	ep->var = (unsigned char *)strdup((char *)var);
-	ep->value = (unsigned char *)strdup((char *)value);
-	return(ep);
-}
-
-	void
-env_undefine(var)
-	unsigned char *var;
-{
-	register struct env_lst *ep;
-
-	if (ep = env_find(var)) {
-		ep->prev->next = ep->next;
-		if (ep->next)
-			ep->next->prev = ep->prev;
-		if (ep->var)
-			free(ep->var);
-		if (ep->value)
-			free(ep->value);
-		free(ep);
-	}
-}
-
-	void
-env_export(var)
-	unsigned char *var;
-{
-	register struct env_lst *ep;
-
-	if (ep = env_find(var))
-		ep->export = 1;
-}
-
-	void
-env_unexport(var)
-	unsigned char *var;
-{
-	register struct env_lst *ep;
-
-	if (ep = env_find(var))
-		ep->export = 0;
-}
-
-	void
-env_send(var)
-	unsigned char *var;
-{
-	register struct env_lst *ep;
-
-        if (my_state_is_wont(TELOPT_NEW_ENVIRON)
-#ifdef	OLD_ENVIRON
-	    && my_state_is_wont(TELOPT_OLD_ENVIRON)
-#endif
-		) {
-		fprintf(stderr,
-		    "Cannot send '%s': Telnet ENVIRON option not enabled\n",
-									var);
-		return;
-	}
-	ep = env_find(var);
-	if (ep == 0) {
-		fprintf(stderr, "Cannot send '%s': variable not defined\n",
-									var);
-		return;
-	}
-	env_opt_start_info();
-	env_opt_add(ep->var);
-	env_opt_end(0);
-}
-
-	void
-env_list()
-{
-	register struct env_lst *ep;
-
-	for (ep = envlisthead.next; ep; ep = ep->next) {
-		printf("%c %-20s %s\n", ep->export ? '*' : ' ',
-					ep->var, ep->value);
-	}
-}
-
-	unsigned char *
-env_default(init, welldefined)
-	int init;
-{
-	static struct env_lst *nep = NULL;
-
-	if (init) {
-		nep = &envlisthead;
-		return;
-	}
-	if (nep) {
-		while (nep = nep->next) {
-			if (nep->export && (nep->welldefined == welldefined))
-				return(nep->var);
-		}
-	}
-	return(NULL);
-}
-
-	unsigned char *
-env_getvalue(var)
-	unsigned char *var;
-{
-	register struct env_lst *ep;
-
-	if (ep = env_find(var))
-		return(ep->value);
-	return(NULL);
-}
-
-#if defined(OLD_ENVIRON) && defined(ENV_HACK)
-	void
-env_varval(what)
-	unsigned char *what;
-{
-	extern int old_env_var, old_env_value, env_auto;
-	int len = strlen((char *)what);
-
-	if (len == 0)
-		goto unknown;
-
-	if (strncasecmp((char *)what, "status", len) == 0) {
-		if (env_auto)
-			printf("%s%s", "VAR and VALUE are/will be ",
-					"determined automatically\n");
-		if (old_env_var == OLD_ENV_VAR)
-			printf("VAR and VALUE set to correct definitions\n");
-		else
-			printf("VAR and VALUE definitions are reversed\n");
-	} else if (strncasecmp((char *)what, "auto", len) == 0) {
-		env_auto = 1;
-		old_env_var = OLD_ENV_VALUE;
-		old_env_value = OLD_ENV_VAR;
-	} else if (strncasecmp((char *)what, "right", len) == 0) {
-		env_auto = 0;
-		old_env_var = OLD_ENV_VAR;
-		old_env_value = OLD_ENV_VALUE;
-	} else if (strncasecmp((char *)what, "wrong", len) == 0) {
-		env_auto = 0;
-		old_env_var = OLD_ENV_VALUE;
-		old_env_value = OLD_ENV_VAR;
-	} else {
-unknown:
-		printf("Unknown \"varval\" command. (\"auto\", \"right\", \"wrong\", \"status\")\n");
-	}
-}
-#endif
-
-#if	defined(AUTHENTICATION)
-/*
- * The AUTHENTICATE command.
- */
-
-struct authlist {
-	char	*name;
-	char	*help;
-	int	(*handler)();
-	int	narg;
-};
-
-extern int
-	auth_enable P((char *)),
-	auth_disable P((char *)),
-	auth_status P((void));
-static int
-	auth_help P((void));
-
-struct authlist AuthList[] = {
-    { "status",	"Display current status of authentication information",
-						auth_status,	0 },
-    { "disable", "Disable an authentication type ('auth disable ?' for more)",
-						auth_disable,	1 },
-    { "enable", "Enable an authentication type ('auth enable ?' for more)",
-						auth_enable,	1 },
-    { "help",	0,				auth_help,		0 },
-    { "?",	"Print help information",	auth_help,		0 },
-    { 0 },
-};
-
-    static int
-auth_help()
-{
-    struct authlist *c;
-
-    for (c = AuthList; c->name; c++) {
-	if (c->help) {
-	    if (*c->help)
-		printf("%-15s %s\n", c->name, c->help);
-	    else
-		printf("\n");
-	}
-    }
-    return 0;
-}
-
-auth_cmd(argc, argv)
-    int  argc;
-    char *argv[];
-{
-    struct authlist *c;
-
-    if (argc < 2) {
-      fprintf(stderr,
-          "Need an argument to 'auth' command.  'auth ?' for help.\n");
-      return 0;
-    }
-
-    c = (struct authlist *)
-		genget(argv[1], (char **) AuthList, sizeof(struct authlist));
-    if (c == 0) {
-        fprintf(stderr, "'%s': unknown argument ('auth ?' for help).\n",
-    				argv[1]);
-        return 0;
-    }
-    if (Ambiguous(c)) {
-        fprintf(stderr, "'%s': ambiguous argument ('auth ?' for help).\n",
-    				argv[1]);
-        return 0;
-    }
-    if (c->narg + 2 != argc) {
-	fprintf(stderr,
-	    "Need %s%d argument%s to 'auth %s' command.  'auth ?' for help.\n",
-		c->narg < argc + 2 ? "only " : "",
-		c->narg, c->narg == 1 ? "" : "s", c->name);
-	return 0;
-    }
-    return((*c->handler)(argv[2], argv[3]));
-}
-#endif
-
-#ifdef	ENCRYPTION
-/*
- * The ENCRYPT command.
- */
-
-struct encryptlist {
-	char	*name;
-	char	*help;
-	int	(*handler)();
-	int	needconnect;
-	int	minarg;
-	int	maxarg;
-};
-
-extern int
-	EncryptEnable P((char *, char *)),
-	EncryptDisable P((char *, char *)),
-	EncryptType P((char *, char *)),
-	EncryptStart P((char *)),
-	EncryptStartInput P((void)),
-	EncryptStartOutput P((void)),
-	EncryptStop P((char *)),
-	EncryptStopInput P((void)),
-	EncryptStopOutput P((void)),
-	EncryptStatus P((void));
-static int
-	EncryptHelp P((void));
-
-struct encryptlist EncryptList[] = {
-    { "enable", "Enable encryption. ('encrypt enable ?' for more)",
-						EncryptEnable, 1, 1, 2 },
-    { "disable", "Disable encryption. ('encrypt enable ?' for more)",
-						EncryptDisable, 0, 1, 2 },
-    { "type", "Set encryption type. ('encrypt type ?' for more)",
-						EncryptType, 0, 1, 1 },
-    { "start", "Start encryption. ('encrypt start ?' for more)",
-						EncryptStart, 1, 0, 1 },
-    { "stop", "Stop encryption. ('encrypt stop ?' for more)",
-						EncryptStop, 1, 0, 1 },
-    { "input", "Start encrypting the input stream",
-						EncryptStartInput, 1, 0, 0 },
-    { "-input", "Stop encrypting the input stream",
-						EncryptStopInput, 1, 0, 0 },
-    { "output", "Start encrypting the output stream",
-						EncryptStartOutput, 1, 0, 0 },
-    { "-output", "Stop encrypting the output stream",
-						EncryptStopOutput, 1, 0, 0 },
-
-    { "status",	"Display current status of authentication information",
-						EncryptStatus,	0, 0, 0 },
-    { "help",	0,				EncryptHelp,	0, 0, 0 },
-    { "?",	"Print help information",	EncryptHelp,	0, 0, 0 },
-    { 0 },
-};
-
-    static int
-EncryptHelp()
-{
-    struct encryptlist *c;
-
-    for (c = EncryptList; c->name; c++) {
-	if (c->help) {
-	    if (*c->help)
-		printf("%-15s %s\n", c->name, c->help);
-	    else
-		printf("\n");
-	}
-    }
-    return 0;
-}
-
-encrypt_cmd(argc, argv)
-    int  argc;
-    char *argv[];
-{
-    struct encryptlist *c;
-
-    if (argc < 2) {
-	fprintf(stderr,
-	    "Need an argument to 'encrypt' command.  'encrypt ?' for help.\n");
-	return 0;
-    }
-
-    c = (struct encryptlist *)
-		genget(argv[1], (char **) EncryptList, sizeof(struct encryptlist));
-    if (c == 0) {
-        fprintf(stderr, "'%s': unknown argument ('encrypt ?' for help).\n",
-    				argv[1]);
-        return 0;
-    }
-    if (Ambiguous(c)) {
-        fprintf(stderr, "'%s': ambiguous argument ('encrypt ?' for help).\n",
-    				argv[1]);
-        return 0;
-    }
-    argc -= 2;
-    if (argc < c->minarg || argc > c->maxarg) {
-	if (c->minarg == c->maxarg) {
-	    fprintf(stderr, "Need %s%d argument%s ",
-		c->minarg < argc ? "only " : "", c->minarg,
-		c->minarg == 1 ? "" : "s");
-	} else {
-	    fprintf(stderr, "Need %s%d-%d arguments ",
-		c->maxarg < argc ? "only " : "", c->minarg, c->maxarg);
-	}
-	fprintf(stderr, "to 'encrypt %s' command.  'encrypt ?' for help.\n",
-		c->name);
-	return 0;
-    }
-    if (c->needconnect && !connected) {
-	if (!(argc && (isprefix(argv[2], "help") || isprefix(argv[2], "?")))) {
-	    printf("?Need to be connected first.\n");
-	    return 0;
-	}
-    }
-    return ((*c->handler)(argc > 0 ? argv[2] : 0,
-			argc > 1 ? argv[3] : 0,
-			argc > 2 ? argv[4] : 0));
-}
-#endif	/* ENCRYPTION */
-
-#if	defined(unix) && defined(TN3270)
-    static void
-filestuff(fd)
-    int fd;
-{
-    int res;
-
-#ifdef	F_GETOWN
-    setconnmode(0);
-    res = fcntl(fd, F_GETOWN, 0);
-    setcommandmode();
-
-    if (res == -1) {
-	perror("fcntl");
-	return;
-    }
-    printf("\tOwner is %d.\n", res);
-#endif
-
-    setconnmode(0);
-    res = fcntl(fd, F_GETFL, 0);
-    setcommandmode();
-
-    if (res == -1) {
-	perror("fcntl");
-	return;
-    }
-#ifdef notdef
-    printf("\tFlags are 0x%x: %s\n", res, decodeflags(res));
-#endif
-}
-#endif /* defined(unix) && defined(TN3270) */
-
-/*
- * Print status about the connection.
- */
-    /*ARGSUSED*/
-    static
-status(argc, argv)
-    int	 argc;
-    char *argv[];
-{
-    if (connected) {
-	printf("Connected to %s.\n", hostname);
-	if ((argc < 2) || strcmp(argv[1], "notmuch")) {
-	    int mode = getconnmode();
-
-	    if (my_want_state_is_will(TELOPT_LINEMODE)) {
-		printf("Operating with LINEMODE option\n");
-		printf("%s line editing\n", (mode&MODE_EDIT) ? "Local" : "No");
-		printf("%s catching of signals\n",
-					(mode&MODE_TRAPSIG) ? "Local" : "No");
-		slcstate();
-#ifdef	KLUDGELINEMODE
-	    } else if (kludgelinemode && my_want_state_is_dont(TELOPT_SGA)) {
-		printf("Operating in obsolete linemode\n");
-#endif
-	    } else {
-		printf("Operating in single character mode\n");
-		if (localchars)
-		    printf("Catching signals locally\n");
-	    }
-	    printf("%s character echo\n", (mode&MODE_ECHO) ? "Local" : "Remote");
-	    if (my_want_state_is_will(TELOPT_LFLOW))
-		printf("%s flow control\n", (mode&MODE_FLOW) ? "Local" : "No");
-#ifdef	ENCRYPTION
-	    encrypt_display();
-#endif	/* ENCRYPTION */
-	}
-    } else {
-	printf("No connection.\n");
-    }
-#   if !defined(TN3270)
-    printf("Escape character is '%s'.\n", control(escape));
-    (void) fflush(stdout);
-#   else /* !defined(TN3270) */
-    if ((!In3270) && ((argc < 2) || strcmp(argv[1], "notmuch"))) {
-	printf("Escape character is '%s'.\n", control(escape));
-    }
-#   if defined(unix)
-    if ((argc >= 2) && !strcmp(argv[1], "everything")) {
-	printf("SIGIO received %d time%s.\n",
-				sigiocount, (sigiocount == 1)? "":"s");
-	if (In3270) {
-	    printf("Process ID %d, process group %d.\n",
-					    getpid(), getpgrp(getpid()));
-	    printf("Terminal input:\n");
-	    filestuff(tin);
-	    printf("Terminal output:\n");
-	    filestuff(tout);
-	    printf("Network socket:\n");
-	    filestuff(net);
-	}
-    }
-    if (In3270 && transcom) {
-       printf("Transparent mode command is '%s'.\n", transcom);
-    }
-#   endif /* defined(unix) */
-    (void) fflush(stdout);
-    if (In3270) {
-	return 0;
-    }
-#   endif /* defined(TN3270) */
-    return 1;
-}
-
-#ifdef	SIGINFO
-/*
- * Function that gets called when SIGINFO is received.
- */
-ayt_status()
-{
-    (void) call(status, "status", "notmuch", 0);
-}
-#endif
-
-unsigned long inet_addr();
-
-    int
-tn(argc, argv)
-    int argc;
-    char *argv[];
-{
-    register struct hostent *host = 0;
-    struct sockaddr_in sin;
-    struct servent *sp = 0;
-    unsigned long temp;
-    extern char *inet_ntoa();
-#if	defined(IP_OPTIONS) && defined(IPPROTO_IP)
-    char *srp = 0, *strrchr();
-    unsigned long sourceroute(), srlen;
-#endif
-    char *cmd, *hostp = 0, *portp = 0, *user = 0;
-
-    /* clear the socket address prior to use */
-    memset((char *)&sin, 0, sizeof(sin));
-
-    if (connected) {
-	printf("?Already connected to %s\n", hostname);
-	setuid(getuid());
-	return 0;
-    }
-    if (argc < 2) {
-	(void) strcpy(line, "open ");
-	printf("(to) ");
-	(void) fgets(&line[strlen(line)], sizeof(line) - strlen(line), stdin);
-	makeargv();
-	argc = margc;
-	argv = margv;
-    }
-    cmd = *argv;
-    --argc; ++argv;
-    while (argc) {
-	if (strcmp(*argv, "help") == 0 || isprefix(*argv, "?"))
-	    goto usage;
-	if (strcmp(*argv, "-l") == 0) {
-	    --argc; ++argv;
-	    if (argc == 0)
-		goto usage;
-	    user = *argv++;
-	    --argc;
-	    continue;
-	}
-	if (strcmp(*argv, "-a") == 0) {
-	    --argc; ++argv;
-	    autologin = 1;
-	    continue;
-	}
-	if (hostp == 0) {
-	    hostp = *argv++;
-	    --argc;
-	    continue;
-	}
-	if (portp == 0) {
-	    portp = *argv++;
-	    --argc;
-	    continue;
-	}
-    usage:
-	printf("usage: %s [-l user] [-a] host-name [port]\n", cmd);
-	setuid(getuid());
-	return 0;
-    }
-    if (hostp == 0)
-	goto usage;
-
-#if	defined(IP_OPTIONS) && defined(IPPROTO_IP)
-    if (hostp[0] == '@' || hostp[0] == '!') {
-	if ((hostname = strrchr(hostp, ':')) == NULL)
-	    hostname = strrchr(hostp, '@');
-	hostname++;
-	srp = 0;
-	temp = sourceroute(hostp, &srp, &srlen);
-	if (temp == 0) {
-	    herror(srp);
-	    setuid(getuid());
-	    return 0;
-	} else if (temp == -1) {
-	    printf("Bad source route option: %s\n", hostp);
-	    setuid(getuid());
-	    return 0;
-	} else {
-	    sin.sin_addr.s_addr = temp;
-	    sin.sin_family = AF_INET;
-	}
-    } else {
-#endif
-	temp = inet_addr(hostp);
-	if (temp != (unsigned long) -1) {
-	    sin.sin_addr.s_addr = temp;
-	    sin.sin_family = AF_INET;
-	    (void) strcpy(_hostname, hostp);
-	    hostname = _hostname;
-	} else {
-	    host = gethostbyname(hostp);
-	    if (host) {
-		sin.sin_family = host->h_addrtype;
-#if	defined(h_addr)		/* In 4.3, this is a #define */
-		memmove((caddr_t)&sin.sin_addr,
-				host->h_addr_list[0], host->h_length);
-#else	/* defined(h_addr) */
-		memmove((caddr_t)&sin.sin_addr, host->h_addr, host->h_length);
-#endif	/* defined(h_addr) */
-		strncpy(_hostname, host->h_name, sizeof(_hostname));
-		_hostname[sizeof(_hostname)-1] = '\0';
-		hostname = _hostname;
-	    } else {
-		herror(hostp);
-	        setuid(getuid());
-		return 0;
-	    }
-	}
-#if	defined(IP_OPTIONS) && defined(IPPROTO_IP)
-    }
-#endif
-    if (portp) {
-	if (*portp == '-') {
-	    portp++;
-	    telnetport = 1;
-	} else
-	    telnetport = 0;
-	sin.sin_port = atoi(portp);
-	if (sin.sin_port == 0) {
-	    sp = getservbyname(portp, "tcp");
-	    if (sp)
-		sin.sin_port = sp->s_port;
-	    else {
-		printf("%s: bad port number\n", portp);
-	        setuid(getuid());
-		return 0;
-	    }
-	} else {
-#if	!defined(htons)
-	    u_short htons P((unsigned short));
-#endif	/* !defined(htons) */
-	    sin.sin_port = htons(sin.sin_port);
-	}
-    } else {
-	if (sp == 0) {
-	    sp = getservbyname("telnet", "tcp");
-	    if (sp == 0) {
-		fprintf(stderr, "telnet: tcp/telnet: unknown service\n");
-	        setuid(getuid());
-		return 0;
-	    }
-	    sin.sin_port = sp->s_port;
-	}
-	telnetport = 1;
-    }
-    printf("Trying %s...\n", inet_ntoa(sin.sin_addr));
-    do {
-	net = socket(AF_INET, SOCK_STREAM, 0);
-	setuid(getuid());
-	if (net < 0) {
-	    perror("telnet: socket");
-	    return 0;
-	}
-#if	defined(IP_OPTIONS) && defined(IPPROTO_IP)
-	if (srp && setsockopt(net, IPPROTO_IP, IP_OPTIONS, (char *)srp, srlen) < 0)
-		perror("setsockopt (IP_OPTIONS)");
-#endif
-#if	defined(IPPROTO_IP) && defined(IP_TOS)
-	{
-# if	defined(HAS_GETTOS)
-	    struct tosent *tp;
-	    if (tos < 0 && (tp = gettosbyname("telnet", "tcp")))
-		tos = tp->t_tos;
-# endif
-	    if (tos < 0)
-		tos = 020;	/* Low Delay bit */
-	    if (tos
-		&& (setsockopt(net, IPPROTO_IP, IP_TOS,
-		    (char *)&tos, sizeof(int)) < 0)
-		&& (errno != ENOPROTOOPT))
-		    perror("telnet: setsockopt (IP_TOS) (ignored)");
-	}
-#endif	/* defined(IPPROTO_IP) && defined(IP_TOS) */
-
-	if (debug && SetSockOpt(net, SOL_SOCKET, SO_DEBUG, 1) < 0) {
-		perror("setsockopt (SO_DEBUG)");
-	}
-
-	if (connect(net, (struct sockaddr *)&sin, sizeof (sin)) < 0) {
-#if	defined(h_addr)		/* In 4.3, this is a #define */
-	    if (host && host->h_addr_list[1]) {
-		int oerrno = errno;
-
-		fprintf(stderr, "telnet: connect to address %s: ",
-						inet_ntoa(sin.sin_addr));
-		errno = oerrno;
-		perror((char *)0);
-		host->h_addr_list++;
-		memmove((caddr_t)&sin.sin_addr,
-			host->h_addr_list[0], host->h_length);
-		(void) NetClose(net);
-		continue;
-	    }
-#endif	/* defined(h_addr) */
-	    perror("telnet: Unable to connect to remote host");
-	    return 0;
-	}
-	connected++;
-#if	defined(AUTHENTICATION) || defined(ENCRYPTION)
-	auth_encrypt_connect(connected);
-#endif	/* defined(AUTHENTICATION) || defined(ENCRYPTION) */
-    } while (connected == 0);
-    cmdrc(hostp, hostname);
-    if (autologin && user == NULL) {
-	struct passwd *pw;
-
-	user = getenv("USER");
-	if (user == NULL ||
-	    (pw = getpwnam(user)) && pw->pw_uid != getuid()) {
-		if (pw = getpwuid(getuid()))
-			user = pw->pw_name;
-		else
-			user = NULL;
-	}
-    }
-    if (user) {
-	env_define((unsigned char *)"USER", (unsigned char *)user);
-	env_export((unsigned char *)"USER");
-    }
-    (void) call(status, "status", "notmuch", 0);
-    if (setjmp(peerdied) == 0)
-	telnet(user);
-    (void) NetClose(net);
-    ExitString("Connection closed by foreign host.\n",1);
-    /*NOTREACHED*/
-}
-
-#define HELPINDENT (sizeof ("connect"))
-
-static char
-	openhelp[] =	"connect to a site",
-	closehelp[] =	"close current connection",
-	logouthelp[] =	"forcibly logout remote user and close the connection",
-	quithelp[] =	"exit telnet",
-	statushelp[] =	"print status information",
-	helphelp[] =	"print help information",
-	sendhelp[] =	"transmit special characters ('send ?' for more)",
-	sethelp[] = 	"set operating parameters ('set ?' for more)",
-	unsethelp[] = 	"unset operating parameters ('unset ?' for more)",
-	togglestring[] ="toggle operating parameters ('toggle ?' for more)",
-	slchelp[] =	"change state of special charaters ('slc ?' for more)",
-	displayhelp[] =	"display operating parameters",
-#if	defined(TN3270) && defined(unix)
-	transcomhelp[] = "specify Unix command for transparent mode pipe",
-#endif	/* defined(TN3270) && defined(unix) */
-#if	defined(AUTHENTICATION)
-	authhelp[] =	"turn on (off) authentication ('auth ?' for more)",
-#endif
-#ifdef	ENCRYPTION
-	encrypthelp[] =	"turn on (off) encryption ('encrypt ?' for more)",
-#endif	/* ENCRYPTION */
-#if	defined(unix)
-	zhelp[] =	"suspend telnet",
-#endif	/* defined(unix) */
-	shellhelp[] =	"invoke a subshell",
-	envhelp[] =	"change environment variables ('environ ?' for more)",
-	modestring[] = "try to enter line or character mode ('mode ?' for more)";
-
-static int	help();
-
-static Command cmdtab[] = {
-	{ "close",	closehelp,	bye,		1 },
-	{ "logout",	logouthelp,	logout,		1 },
-	{ "display",	displayhelp,	display,	0 },
-	{ "mode",	modestring,	modecmd,	0 },
-	{ "open",	openhelp,	tn,		0 },
-	{ "quit",	quithelp,	quit,		0 },
-	{ "send",	sendhelp,	sendcmd,	0 },
-	{ "set",	sethelp,	setcmd,		0 },
-	{ "unset",	unsethelp,	unsetcmd,	0 },
-	{ "status",	statushelp,	status,		0 },
-	{ "toggle",	togglestring,	toggle,		0 },
-	{ "slc",	slchelp,	slccmd,		0 },
-#if	defined(TN3270) && defined(unix)
-	{ "transcom",	transcomhelp,	settranscom,	0 },
-#endif	/* defined(TN3270) && defined(unix) */
-#if	defined(AUTHENTICATION)
-	{ "auth",	authhelp,	auth_cmd,	0 },
-#endif
-#ifdef	ENCRYPTION
-	{ "encrypt",	encrypthelp,	encrypt_cmd,	0 },
-#endif	/* ENCRYPTION */
-#if	defined(unix)
-	{ "z",		zhelp,		suspend,	0 },
-#endif	/* defined(unix) */
-#if	defined(TN3270)
-	{ "!",		shellhelp,	shell,		1 },
-#else
-	{ "!",		shellhelp,	shell,		0 },
-#endif
-	{ "environ",	envhelp,	env_cmd,	0 },
-	{ "?",		helphelp,	help,		0 },
-	0
-};
-
-static char	crmodhelp[] =	"deprecated command -- use 'toggle crmod' instead";
-static char	escapehelp[] =	"deprecated command -- use 'set escape' instead";
-
-static Command cmdtab2[] = {
-	{ "help",	0,		help,		0 },
-	{ "escape",	escapehelp,	setescape,	0 },
-	{ "crmod",	crmodhelp,	togcrmod,	0 },
-	0
-};
-
-
-/*
- * Call routine with argc, argv set from args (terminated by 0).
- */
-
-    /*VARARGS1*/
-    static
-call(va_alist)
-    va_dcl
-{
-    va_list ap;
-    typedef int (*intrtn_t)();
-    intrtn_t routine;
-    char *args[100];
-    int argno = 0;
-
-    va_start(ap);
-    routine = (va_arg(ap, intrtn_t));
-    while ((args[argno++] = va_arg(ap, char *)) != 0) {
-	;
-    }
-    va_end(ap);
-    return (*routine)(argno-1, args);
-}
-
-
-    static Command *
-getcmd(name)
-    char *name;
-{
-    Command *cm;
-
-    if (cm = (Command *) genget(name, (char **) cmdtab, sizeof(Command)))
-	return cm;
-    return (Command *) genget(name, (char **) cmdtab2, sizeof(Command));
-}
-
-    void
-command(top, tbuf, cnt)
-    int top;
-    char *tbuf;
-    int cnt;
-{
-    register Command *c;
-
-    setcommandmode();
-    if (!top) {
-	putchar('\n');
-#if	defined(unix)
-    } else {
-	(void) signal(SIGINT, SIG_DFL);
-	(void) signal(SIGQUIT, SIG_DFL);
-#endif	/* defined(unix) */
-    }
-    for (;;) {
-	if (rlogin == _POSIX_VDISABLE)
-		printf("%s> ", prompt);
-	if (tbuf) {
-	    register char *cp;
-	    cp = line;
-	    while (cnt > 0 && (*cp++ = *tbuf++) != '\n')
-		cnt--;
-	    tbuf = 0;
-	    if (cp == line || *--cp != '\n' || cp == line)
-		goto getline;
-	    *cp = '\0';
-	    if (rlogin == _POSIX_VDISABLE)
-	        printf("%s\n", line);
-	} else {
-	getline:
-	    if (rlogin != _POSIX_VDISABLE)
-		printf("%s> ", prompt);
-	    if (fgets(line, sizeof(line), stdin) == NULL) {
-		if (feof(stdin) || ferror(stdin)) {
-		    (void) quit();
-		    /*NOTREACHED*/
-		}
-		break;
-	    }
-	}
-	if (line[0] == 0)
-	    break;
-	makeargv();
-	if (margv[0] == 0) {
-	    break;
-	}
-	c = getcmd(margv[0]);
-	if (Ambiguous(c)) {
-	    printf("?Ambiguous command\n");
-	    continue;
-	}
-	if (c == 0) {
-	    printf("?Invalid command\n");
-	    continue;
-	}
-	if (c->needconnect && !connected) {
-	    printf("?Need to be connected first.\n");
-	    continue;
-	}
-	if ((*c->handler)(margc, margv)) {
-	    break;
-	}
-    }
-    if (!top) {
-	if (!connected) {
-	    longjmp(toplevel, 1);
-	    /*NOTREACHED*/
-	}
-#if	defined(TN3270)
-	if (shell_active == 0) {
-	    setconnmode(0);
-	}
-#else	/* defined(TN3270) */
-	setconnmode(0);
-#endif	/* defined(TN3270) */
-    }
-}
-
-/*
- * Help command.
- */
-	static
-help(argc, argv)
-	int argc;
-	char *argv[];
-{
-	register Command *c;
-
-	if (argc == 1) {
-		printf("Commands may be abbreviated.  Commands are:\n\n");
-		for (c = cmdtab; c->name; c++)
-			if (c->help) {
-				printf("%-*s\t%s\n", HELPINDENT, c->name,
-								    c->help);
-			}
-		return 0;
-	}
-	while (--argc > 0) {
-		register char *arg;
-		arg = *++argv;
-		c = getcmd(arg);
-		if (Ambiguous(c))
-			printf("?Ambiguous help command %s\n", arg);
-		else if (c == (Command *)0)
-			printf("?Invalid help command %s\n", arg);
-		else
-			printf("%s\n", c->help);
-	}
-	return 0;
-}
-
-static char *rcname = 0;
-static char rcbuf[128];
-
-cmdrc(m1, m2)
-	char *m1, *m2;
-{
-    register Command *c;
-    FILE *rcfile;
-    int gotmachine = 0;
-    int l1 = strlen(m1);
-    int l2 = strlen(m2);
-    char m1save[64];
-
-    if (skiprc)
-	return;
-
-    strcpy(m1save, m1);
-    m1 = m1save;
-
-    if (rcname == 0) {
-	rcname = getenv("HOME");
-	if (rcname)
-	    strcpy(rcbuf, rcname);
-	else
-	    rcbuf[0] = '\0';
-	strcat(rcbuf, "/.telnetrc");
-	rcname = rcbuf;
-    }
-
-    if ((rcfile = fopen(rcname, "r")) == 0) {
-	return;
-    }
-
-    for (;;) {
-	if (fgets(line, sizeof(line), rcfile) == NULL)
-	    break;
-	if (line[0] == 0)
-	    break;
-	if (line[0] == '#')
-	    continue;
-	if (gotmachine) {
-	    if (!isspace(line[0]))
-		gotmachine = 0;
-	}
-	if (gotmachine == 0) {
-	    if (isspace(line[0]))
-		continue;
-	    if (strncasecmp(line, m1, l1) == 0)
-		strncpy(line, &line[l1], sizeof(line) - l1);
-	    else if (strncasecmp(line, m2, l2) == 0)
-		strncpy(line, &line[l2], sizeof(line) - l2);
-	    else if (strncasecmp(line, "DEFAULT", 7) == 0)
-		strncpy(line, &line[7], sizeof(line) - 7);
-	    else
-		continue;
-	    if (line[0] != ' ' && line[0] != '\t' && line[0] != '\n')
-		continue;
-	    gotmachine = 1;
-	}
-	makeargv();
-	if (margv[0] == 0)
-	    continue;
-	c = getcmd(margv[0]);
-	if (Ambiguous(c)) {
-	    printf("?Ambiguous command: %s\n", margv[0]);
-	    continue;
-	}
-	if (c == 0) {
-	    printf("?Invalid command: %s\n", margv[0]);
-	    continue;
-	}
-	/*
-	 * This should never happen...
-	 */
-	if (c->needconnect && !connected) {
-	    printf("?Need to be connected first for %s.\n", margv[0]);
-	    continue;
-	}
-	(*c->handler)(margc, margv);
-    }
-    fclose(rcfile);
-}
-
-#if	defined(IP_OPTIONS) && defined(IPPROTO_IP)
-
-/*
- * Source route is handed in as
- *	[!]@hop1@hop2...[@|:]dst
- * If the leading ! is present, it is a
- * strict source route, otherwise it is
- * assmed to be a loose source route.
- *
- * We fill in the source route option as
- *	hop1,hop2,hop3...dest
- * and return a pointer to hop1, which will
- * be the address to connect() to.
- *
- * Arguments:
- *	arg:	pointer to route list to decipher
- *
- *	cpp: 	If *cpp is not equal to NULL, this is a
- *		pointer to a pointer to a character array
- *		that should be filled in with the option.
- *
- *	lenp:	pointer to an integer that contains the
- *		length of *cpp if *cpp != NULL.
- *
- * Return values:
- *
- *	Returns the address of the host to connect to.  If the
- *	return value is -1, there was a syntax error in the
- *	option, either unknown characters, or too many hosts.
- *	If the return value is 0, one of the hostnames in the
- *	path is unknown, and *cpp is set to point to the bad
- *	hostname.
- *
- *	*cpp:	If *cpp was equal to NULL, it will be filled
- *		in with a pointer to our static area that has
- *		the option filled in.  This will be 32bit aligned.
- *
- *	*lenp:	This will be filled in with how long the option
- *		pointed to by *cpp is.
- *
- */
-	unsigned long
-sourceroute(arg, cpp, lenp)
-	char	*arg;
-	char	**cpp;
-	int	*lenp;
-{
-	static char lsr[44];
-#ifdef	sysV88
-	static IOPTN ipopt;
-#endif
-	char *cp, *cp2, *lsrp, *lsrep;
-	register int tmp;
-	struct in_addr sin_addr;
-	register struct hostent *host = 0;
-	register char c;
-
-	/*
-	 * Verify the arguments, and make sure we have
-	 * at least 7 bytes for the option.
-	 */
-	if (cpp == NULL || lenp == NULL)
-		return((unsigned long)-1);
-	if (*cpp != NULL && *lenp < 7)
-		return((unsigned long)-1);
-	/*
-	 * Decide whether we have a buffer passed to us,
-	 * or if we need to use our own static buffer.
-	 */
-	if (*cpp) {
-		lsrp = *cpp;
-		lsrep = lsrp + *lenp;
-	} else {
-		*cpp = lsrp = lsr;
-		lsrep = lsrp + 44;
-	}
-
-	cp = arg;
-
-	/*
-	 * Next, decide whether we have a loose source
-	 * route or a strict source route, and fill in
-	 * the begining of the option.
-	 */
-#ifndef	sysV88
-	if (*cp == '!') {
-		cp++;
-		*lsrp++ = IPOPT_SSRR;
-	} else
-		*lsrp++ = IPOPT_LSRR;
-#else
-	if (*cp == '!') {
-		cp++;
-		ipopt.io_type = IPOPT_SSRR;
-	} else
-		ipopt.io_type = IPOPT_LSRR;
-#endif
-
-	if (*cp != '@')
-		return((unsigned long)-1);
-
-#ifndef	sysV88
-	lsrp++;		/* skip over length, we'll fill it in later */
-	*lsrp++ = 4;
-#endif
-
-	cp++;
-
-	sin_addr.s_addr = 0;
-
-	for (c = 0;;) {
-		if (c == ':')
-			cp2 = 0;
-		else for (cp2 = cp; c = *cp2; cp2++) {
-			if (c == ',') {
-				*cp2++ = '\0';
-				if (*cp2 == '@')
-					cp2++;
-			} else if (c == '@') {
-				*cp2++ = '\0';
-			} else if (c == ':') {
-				*cp2++ = '\0';
-			} else
-				continue;
-			break;
-		}
-		if (!c)
-			cp2 = 0;
-
-		if ((tmp = inet_addr(cp)) != -1) {
-			sin_addr.s_addr = tmp;
-		} else if (host = gethostbyname(cp)) {
-#if	defined(h_addr)
-			memmove((caddr_t)&sin_addr,
-				host->h_addr_list[0], host->h_length);
-#else
-			memmove((caddr_t)&sin_addr, host->h_addr, host->h_length);
-#endif
-		} else {
-			*cpp = cp;
-			return(0);
-		}
-		memmove(lsrp, (char *)&sin_addr, 4);
-		lsrp += 4;
-		if (cp2)
-			cp = cp2;
-		else
-			break;
-		/*
-		 * Check to make sure there is space for next address
-		 */
-		if (lsrp + 4 > lsrep)
-			return((unsigned long)-1);
-	}
-#ifndef	sysV88
-	if ((*(*cpp+IPOPT_OLEN) = lsrp - *cpp) <= 7) {
-		*cpp = 0;
-		*lenp = 0;
-		return((unsigned long)-1);
-	}
-	*lsrp++ = IPOPT_NOP; /* 32 bit word align it */
-	*lenp = lsrp - *cpp;
-#else
-	ipopt.io_len = lsrp - *cpp;
-	if (ipopt.io_len <= 5) {		/* Is 3 better ? */
-		*cpp = 0;
-		*lenp = 0;
-		return((unsigned long)-1);
-	}
-	*lenp = sizeof(ipopt);
-	*cpp = (char *) &ipopt;
-#endif
-	return(sin_addr.s_addr);
-}
-#endif
diff --git a/secure/usr.bin/telnet/defines.h b/secure/usr.bin/telnet/defines.h
deleted file mode 100644
index 0978173ea995..000000000000
--- a/secure/usr.bin/telnet/defines.h
+++ /dev/null
@@ -1,61 +0,0 @@
-/*
- * Copyright (c) 1988, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)defines.h	8.1 (Berkeley) 6/6/93
- */
-
-#define	settimer(x)	clocks.x = clocks.system++
-
-#if	!defined(TN3270)
-
-#define	SetIn3270()
-
-#endif	/* !defined(TN3270) */
-
-#define	NETADD(c)	{ *netoring.supply = c; ring_supplied(&netoring, 1); }
-#define	NET2ADD(c1,c2)	{ NETADD(c1); NETADD(c2); }
-#define	NETBYTES()	(ring_full_count(&netoring))
-#define	NETROOM()	(ring_empty_count(&netoring))
-
-#define	TTYADD(c)	if (!(SYNCHing||flushout)) { \
-				*ttyoring.supply = c; \
-				ring_supplied(&ttyoring, 1); \
-			}
-#define	TTYBYTES()	(ring_full_count(&ttyoring))
-#define	TTYROOM()	(ring_empty_count(&ttyoring))
-
-/*	Various modes */
-#define	MODE_LOCAL_CHARS(m)	((m)&(MODE_EDIT|MODE_TRAPSIG))
-#define	MODE_LOCAL_ECHO(m)	((m)&MODE_ECHO)
-#define	MODE_COMMAND_LINE(m)	((m)==-1)
-
-#define	CONTROL(x)	((x)&0x1f)		/* CTRL(x) is not portable */
diff --git a/secure/usr.bin/telnet/externs.h b/secure/usr.bin/telnet/externs.h
deleted file mode 100644
index 7c52be982aa0..000000000000
--- a/secure/usr.bin/telnet/externs.h
+++ /dev/null
@@ -1,482 +0,0 @@
-/*
- * Copyright (c) 1988, 1990, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)externs.h	8.3 (Berkeley) 5/30/95
- */
-
-#ifndef	BSD
-# define BSD 43
-#endif
-
-/*
- * ucb stdio.h defines BSD as something wierd
- */
-#if defined(sun) && defined(__svr4__)
-#define BSD 43
-#endif
-
-#ifndef	USE_TERMIO
-# if BSD > 43 || defined(SYSV_TERMIO)
-#  define USE_TERMIO
-# endif
-#endif
-
-#include <stdio.h>
-#include <setjmp.h>
-#if defined(CRAY) && !defined(NO_BSD_SETJMP)
-#include <bsdsetjmp.h>
-#endif
-#ifndef	FILIO_H
-#include <sys/ioctl.h>
-#else
-#include <sys/filio.h>
-#endif
-#ifdef CRAY
-# include <errno.h>
-#endif /* CRAY */
-#ifdef	USE_TERMIO
-# ifndef	VINTR
-#  ifdef SYSV_TERMIO
-#   include <sys/termio.h>
-#  else
-#   include <sys/termios.h>
-#   define termio termios
-#  endif
-# endif
-#endif
-#if defined(NO_CC_T) || !defined(USE_TERMIO)
-# if !defined(USE_TERMIO)
-typedef char cc_t;
-# else
-typedef unsigned char cc_t;
-# endif
-#endif
-
-#ifndef	NO_STRING_H
-#include <string.h>
-#else
-#include <strings.h>
-#endif
-
-#ifndef	_POSIX_VDISABLE
-# ifdef sun
-#  include <sys/param.h>	/* pick up VDISABLE definition, mayby */
-# endif
-# ifdef VDISABLE
-#  define _POSIX_VDISABLE VDISABLE
-# else
-#  define _POSIX_VDISABLE ((cc_t)'\377')
-# endif
-#endif
-
-#define	SUBBUFSIZE	256
-
-#ifndef CRAY
-extern int errno;		/* outside this world */
-#endif /* !CRAY */
-
-#if	!defined(P)
-# ifdef	__STDC__
-#  define	P(x)	x
-# else
-#  define	P(x)	()
-# endif
-#endif
-
-extern int
-    autologin,		/* Autologin enabled */
-    skiprc,		/* Don't process the ~/.telnetrc file */
-    eight,		/* use eight bit mode (binary in and/or out */
-    flushout,		/* flush output */
-    connected,		/* Are we connected to the other side? */
-    globalmode,		/* Mode tty should be in */
-    In3270,			/* Are we in 3270 mode? */
-    telnetport,		/* Are we connected to the telnet port? */
-    localflow,		/* Flow control handled locally */
-    restartany,		/* If flow control, restart output on any character */
-    localchars,		/* we recognize interrupt/quit */
-    donelclchars,		/* the user has set "localchars" */
-    showoptions,
-    net,		/* Network file descriptor */
-    tin,		/* Terminal input file descriptor */
-    tout,		/* Terminal output file descriptor */
-    crlf,		/* Should '\r' be mapped to <CR><LF> (or <CR><NUL>)? */
-    autoflush,		/* flush output when interrupting? */
-    autosynch,		/* send interrupt characters with SYNCH? */
-    SYNCHing,		/* Is the stream in telnet SYNCH mode? */
-    donebinarytoggle,	/* the user has put us in binary */
-    dontlecho,		/* do we suppress local echoing right now? */
-    crmod,
-    netdata,		/* Print out network data flow */
-    prettydump,		/* Print "netdata" output in user readable format */
-#if	defined(unix)
-#if	defined(TN3270)
-    cursesdata,		/* Print out curses data flow */
-    apitrace,		/* Trace API transactions */
-#endif	/* defined(TN3270) */
-    termdata,		/* Print out terminal data flow */
-#endif	/* defined(unix) */
-    debug;			/* Debug level */
-
-extern cc_t escape;	/* Escape to command mode */
-extern cc_t rlogin;	/* Rlogin mode escape character */
-#ifdef	KLUDGELINEMODE
-extern cc_t echoc;	/* Toggle local echoing */
-#endif
-
-extern char
-    *prompt;		/* Prompt for command. */
-
-extern char
-    doopt[],
-    dont[],
-    will[],
-    wont[],
-    options[],		/* All the little options */
-    *hostname;		/* Who are we connected to? */
-#ifdef	ENCRYPTION
-extern void (*encrypt_output) P((unsigned char *, int));
-extern int (*decrypt_input) P((int));
-#endif	/* ENCRYPTION */
-
-/*
- * We keep track of each side of the option negotiation.
- */
-
-#define	MY_STATE_WILL		0x01
-#define	MY_WANT_STATE_WILL	0x02
-#define	MY_STATE_DO		0x04
-#define	MY_WANT_STATE_DO	0x08
-
-/*
- * Macros to check the current state of things
- */
-
-#define	my_state_is_do(opt)		(options[opt]&MY_STATE_DO)
-#define	my_state_is_will(opt)		(options[opt]&MY_STATE_WILL)
-#define my_want_state_is_do(opt)	(options[opt]&MY_WANT_STATE_DO)
-#define my_want_state_is_will(opt)	(options[opt]&MY_WANT_STATE_WILL)
-
-#define	my_state_is_dont(opt)		(!my_state_is_do(opt))
-#define	my_state_is_wont(opt)		(!my_state_is_will(opt))
-#define my_want_state_is_dont(opt)	(!my_want_state_is_do(opt))
-#define my_want_state_is_wont(opt)	(!my_want_state_is_will(opt))
-
-#define	set_my_state_do(opt)		{options[opt] |= MY_STATE_DO;}
-#define	set_my_state_will(opt)		{options[opt] |= MY_STATE_WILL;}
-#define	set_my_want_state_do(opt)	{options[opt] |= MY_WANT_STATE_DO;}
-#define	set_my_want_state_will(opt)	{options[opt] |= MY_WANT_STATE_WILL;}
-
-#define	set_my_state_dont(opt)		{options[opt] &= ~MY_STATE_DO;}
-#define	set_my_state_wont(opt)		{options[opt] &= ~MY_STATE_WILL;}
-#define	set_my_want_state_dont(opt)	{options[opt] &= ~MY_WANT_STATE_DO;}
-#define	set_my_want_state_wont(opt)	{options[opt] &= ~MY_WANT_STATE_WILL;}
-
-/*
- * Make everything symetrical
- */
-
-#define	HIS_STATE_WILL			MY_STATE_DO
-#define	HIS_WANT_STATE_WILL		MY_WANT_STATE_DO
-#define HIS_STATE_DO			MY_STATE_WILL
-#define HIS_WANT_STATE_DO		MY_WANT_STATE_WILL
-
-#define	his_state_is_do			my_state_is_will
-#define	his_state_is_will		my_state_is_do
-#define his_want_state_is_do		my_want_state_is_will
-#define his_want_state_is_will		my_want_state_is_do
-
-#define	his_state_is_dont		my_state_is_wont
-#define	his_state_is_wont		my_state_is_dont
-#define his_want_state_is_dont		my_want_state_is_wont
-#define his_want_state_is_wont		my_want_state_is_dont
-
-#define	set_his_state_do		set_my_state_will
-#define	set_his_state_will		set_my_state_do
-#define	set_his_want_state_do		set_my_want_state_will
-#define	set_his_want_state_will		set_my_want_state_do
-
-#define	set_his_state_dont		set_my_state_wont
-#define	set_his_state_wont		set_my_state_dont
-#define	set_his_want_state_dont		set_my_want_state_wont
-#define	set_his_want_state_wont		set_my_want_state_dont
-
-
-extern FILE
-    *NetTrace;		/* Where debugging output goes */
-extern unsigned char
-    NetTraceFile[];	/* Name of file where debugging output goes */
-extern void
-    SetNetTrace P((char *));	/* Function to change where debugging goes */
-
-extern jmp_buf
-    peerdied,
-    toplevel;		/* For error conditions. */
-
-extern void
-    command P((int, char *, int)),
-    Dump P((int, unsigned char *, int)),
-    init_3270 P((void)),
-    printoption P((char *, int, int)),
-    printsub P((int, unsigned char *, int)),
-    sendnaws P((void)),
-    setconnmode P((int)),
-    setcommandmode P((void)),
-    setneturg P((void)),
-    sys_telnet_init P((void)),
-    telnet P((char *)),
-    tel_enter_binary P((int)),
-    TerminalFlushOutput P((void)),
-    TerminalNewMode P((int)),
-    TerminalRestoreState P((void)),
-    TerminalSaveState P((void)),
-    tninit P((void)),
-    upcase P((char *)),
-    willoption P((int)),
-    wontoption P((int));
-
-extern void
-    send_do P((int, int)),
-    send_dont P((int, int)),
-    send_will P((int, int)),
-    send_wont P((int, int));
-
-extern void
-    lm_will P((unsigned char *, int)),
-    lm_wont P((unsigned char *, int)),
-    lm_do P((unsigned char *, int)),
-    lm_dont P((unsigned char *, int)),
-    lm_mode P((unsigned char *, int, int));
-
-extern void
-    slc_init P((void)),
-    slcstate P((void)),
-    slc_mode_export P((void)),
-    slc_mode_import P((int)),
-    slc_import P((int)),
-    slc_export P((void)),
-    slc P((unsigned char *, int)),
-    slc_check P((void)),
-    slc_start_reply P((void)),
-    slc_add_reply P((int, int, int)),
-    slc_end_reply P((void));
-extern int
-    slc_update P((void));
-
-extern void
-    env_opt P((unsigned char *, int)),
-    env_opt_start P((void)),
-    env_opt_start_info P((void)),
-    env_opt_add P((unsigned char *)),
-    env_opt_end P((int));
-
-extern unsigned char
-    *env_default P((int, int)),
-    *env_getvalue P((unsigned char *));
-
-extern int
-    get_status P((void)),
-    dosynch P((void));
-
-extern cc_t
-    *tcval P((int));
-
-#ifndef	USE_TERMIO
-
-extern struct	tchars ntc;
-extern struct	ltchars nltc;
-extern struct	sgttyb nttyb;
-
-# define termEofChar		ntc.t_eofc
-# define termEraseChar		nttyb.sg_erase
-# define termFlushChar		nltc.t_flushc
-# define termIntChar		ntc.t_intrc
-# define termKillChar		nttyb.sg_kill
-# define termLiteralNextChar	nltc.t_lnextc
-# define termQuitChar		ntc.t_quitc
-# define termSuspChar		nltc.t_suspc
-# define termRprntChar		nltc.t_rprntc
-# define termWerasChar		nltc.t_werasc
-# define termStartChar		ntc.t_startc
-# define termStopChar		ntc.t_stopc
-# define termForw1Char		ntc.t_brkc
-extern cc_t termForw2Char;
-extern cc_t termAytChar;
-
-# define termEofCharp		(cc_t *)&ntc.t_eofc
-# define termEraseCharp		(cc_t *)&nttyb.sg_erase
-# define termFlushCharp		(cc_t *)&nltc.t_flushc
-# define termIntCharp		(cc_t *)&ntc.t_intrc
-# define termKillCharp		(cc_t *)&nttyb.sg_kill
-# define termLiteralNextCharp	(cc_t *)&nltc.t_lnextc
-# define termQuitCharp		(cc_t *)&ntc.t_quitc
-# define termSuspCharp		(cc_t *)&nltc.t_suspc
-# define termRprntCharp		(cc_t *)&nltc.t_rprntc
-# define termWerasCharp		(cc_t *)&nltc.t_werasc
-# define termStartCharp		(cc_t *)&ntc.t_startc
-# define termStopCharp		(cc_t *)&ntc.t_stopc
-# define termForw1Charp		(cc_t *)&ntc.t_brkc
-# define termForw2Charp		(cc_t *)&termForw2Char
-# define termAytCharp		(cc_t *)&termAytChar
-
-# else
-
-extern struct	termio new_tc;
-
-# define termEofChar		new_tc.c_cc[VEOF]
-# define termEraseChar		new_tc.c_cc[VERASE]
-# define termIntChar		new_tc.c_cc[VINTR]
-# define termKillChar		new_tc.c_cc[VKILL]
-# define termQuitChar		new_tc.c_cc[VQUIT]
-
-# ifndef	VSUSP
-extern cc_t termSuspChar;
-# else
-#  define termSuspChar		new_tc.c_cc[VSUSP]
-# endif
-# if	defined(VFLUSHO) && !defined(VDISCARD)
-#  define VDISCARD VFLUSHO
-# endif
-# ifndef	VDISCARD
-extern cc_t termFlushChar;
-# else
-#  define termFlushChar		new_tc.c_cc[VDISCARD]
-# endif
-# ifndef VWERASE
-extern cc_t termWerasChar;
-# else
-#  define termWerasChar		new_tc.c_cc[VWERASE]
-# endif
-# ifndef	VREPRINT
-extern cc_t termRprntChar;
-# else
-#  define termRprntChar		new_tc.c_cc[VREPRINT]
-# endif
-# ifndef	VLNEXT
-extern cc_t termLiteralNextChar;
-# else
-#  define termLiteralNextChar	new_tc.c_cc[VLNEXT]
-# endif
-# ifndef	VSTART
-extern cc_t termStartChar;
-# else
-#  define termStartChar		new_tc.c_cc[VSTART]
-# endif
-# ifndef	VSTOP
-extern cc_t termStopChar;
-# else
-#  define termStopChar		new_tc.c_cc[VSTOP]
-# endif
-# ifndef	VEOL
-extern cc_t termForw1Char;
-# else
-#  define termForw1Char		new_tc.c_cc[VEOL]
-# endif
-# ifndef	VEOL2
-extern cc_t termForw2Char;
-# else
-#  define termForw2Char		new_tc.c_cc[VEOL]
-# endif
-# ifndef	VSTATUS
-extern cc_t termAytChar;
-#else
-#  define termAytChar		new_tc.c_cc[VSTATUS]
-#endif
-
-# if !defined(CRAY) || defined(__STDC__)
-#  define termEofCharp		&termEofChar
-#  define termEraseCharp	&termEraseChar
-#  define termIntCharp		&termIntChar
-#  define termKillCharp		&termKillChar
-#  define termQuitCharp		&termQuitChar
-#  define termSuspCharp		&termSuspChar
-#  define termFlushCharp	&termFlushChar
-#  define termWerasCharp	&termWerasChar
-#  define termRprntCharp	&termRprntChar
-#  define termLiteralNextCharp	&termLiteralNextChar
-#  define termStartCharp	&termStartChar
-#  define termStopCharp		&termStopChar
-#  define termForw1Charp	&termForw1Char
-#  define termForw2Charp	&termForw2Char
-#  define termAytCharp		&termAytChar
-# else
-	/* Work around a compiler bug */
-#  define termEofCharp		0
-#  define termEraseCharp	0
-#  define termIntCharp		0
-#  define termKillCharp		0
-#  define termQuitCharp		0
-#  define termSuspCharp		0
-#  define termFlushCharp	0
-#  define termWerasCharp	0
-#  define termRprntCharp	0
-#  define termLiteralNextCharp	0
-#  define termStartCharp	0
-#  define termStopCharp		0
-#  define termForw1Charp	0
-#  define termForw2Charp	0
-#  define termAytCharp		0
-# endif
-#endif
-
-
-/* Ring buffer structures which are shared */
-
-extern Ring
-    netoring,
-    netiring,
-    ttyoring,
-    ttyiring;
-
-/* Tn3270 section */
-#if	defined(TN3270)
-
-extern int
-    HaveInput,		/* Whether an asynchronous I/O indication came in */
-    noasynchtty,	/* Don't do signals on I/O (SIGURG, SIGIO) */
-    noasynchnet,	/* Don't do signals on I/O (SIGURG, SIGIO) */
-    sigiocount,		/* Count of SIGIO receptions */
-    shell_active;	/* Subshell is active */
-
-extern char
-    *Ibackp,		/* Oldest byte of 3270 data */
-    Ibuf[],		/* 3270 buffer */
-    *Ifrontp,		/* Where next 3270 byte goes */
-    tline[],
-    *transcom;		/* Transparent command */
-
-extern int
-    settranscom P((int, char**));
-
-extern void
-    inputAvailable P((int));
-#endif	/* defined(TN3270) */
diff --git a/secure/usr.bin/telnet/fdset.h b/secure/usr.bin/telnet/fdset.h
deleted file mode 100644
index 045bb7221419..000000000000
--- a/secure/usr.bin/telnet/fdset.h
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright (c) 1988, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)fdset.h	8.1 (Berkeley) 6/6/93
- */
-
-/*
- * The following is defined just in case someone should want to run
- * this telnet on a 4.2 system.
- *
- */
-
-#ifndef	FD_SETSIZE
-
-#define	FD_SET(n, p)	((p)->fds_bits[0] |= (1<<(n)))
-#define	FD_CLR(n, p)	((p)->fds_bits[0] &= ~(1<<(n)))
-#define	FD_ISSET(n, p)	((p)->fds_bits[0] & (1<<(n)))
-#define FD_ZERO(p)	((p)->fds_bits[0] = 0)
-
-#endif
diff --git a/secure/usr.bin/telnet/general.h b/secure/usr.bin/telnet/general.h
deleted file mode 100644
index 4efa9519469e..000000000000
--- a/secure/usr.bin/telnet/general.h
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * Copyright (c) 1988, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)general.h	8.1 (Berkeley) 6/6/93
- */
-
-/*
- * Some general definitions.
- */
-
-
-#define	numberof(x)	(sizeof x/sizeof x[0])
-#define	highestof(x)	(numberof(x)-1)
-
-#define	ClearElement(x)		memset((char *)&x, 0, sizeof x)
-#define	ClearArray(x)		memset((char *)x, 0, sizeof x)
diff --git a/secure/usr.bin/telnet/main.c b/secure/usr.bin/telnet/main.c
deleted file mode 100644
index 09ac26c38caf..000000000000
--- a/secure/usr.bin/telnet/main.c
+++ /dev/null
@@ -1,322 +0,0 @@
-/*
- * Copyright (c) 1988, 1990, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static char copyright[] =
-"@(#) Copyright (c) 1988, 1990, 1993\n\
-	The Regents of the University of California.  All rights reserved.\n";
-#endif /* not lint */
-
-#ifndef lint
-static char sccsid[] = "@(#)main.c	8.3 (Berkeley) 5/30/95";
-#endif /* not lint */
-
-#include <sys/types.h>
-
-#include "ring.h"
-#include "externs.h"
-#include "defines.h"
-
-/* These values need to be the same as defined in libtelnet/kerberos5.c */
-/* Either define them in both places, or put in some common header file. */
-#define OPTS_FORWARD_CREDS           0x00000002
-#define OPTS_FORWARDABLE_CREDS       0x00000001
-
-#if 0
-#define FORWARD
-#endif
-
-/*
- * Initialize variables.
- */
-    void
-tninit()
-{
-    init_terminal();
-
-    init_network();
-
-    init_telnet();
-
-    init_sys();
-
-#if defined(TN3270)
-    init_3270();
-#endif
-}
-
-	void
-usage()
-{
-	fprintf(stderr, "Usage: %s %s%s%s%s\n",
-	    prompt,
-#ifdef	AUTHENTICATION
-	    "[-8] [-E] [-K] [-L] [-S tos] [-X atype] [-a] [-c] [-d] [-e char]",
-	    "\n\t[-k realm] [-l user] [-f/-F] [-n tracefile] ",
-#else
-	    "[-8] [-E] [-L] [-S tos] [-a] [-c] [-d] [-e char] [-l user]",
-	    "\n\t[-n tracefile]",
-#endif
-#if defined(TN3270) && defined(unix)
-# ifdef AUTHENTICATION
-	    "[-noasynch] [-noasynctty]\n\t[-noasyncnet] [-r] [-t transcom] ",
-# else
-	    "[-noasynch] [-noasynctty] [-noasyncnet] [-r]\n\t[-t transcom]",
-# endif
-#else
-	    "[-r] ",
-#endif
-#ifdef	ENCRYPTION
-	    "[-x] [host-name [port]]"
-#else	/* ENCRYPTION */
-	    "[host-name [port]]"
-#endif	/* ENCRYPTION */
-	);
-	exit(1);
-}
-
-/*
- * main.  Parse arguments, invoke the protocol or command parser.
- */
-
-
-main(argc, argv)
-	int argc;
-	char *argv[];
-{
-	extern char *optarg;
-	extern int optind;
-	int ch;
-	char *user, *strrchr();
-#ifdef	FORWARD
-	extern int forward_flags;
-#endif	/* FORWARD */
-
-	tninit();		/* Clear out things */
-#if	defined(CRAY) && !defined(__STDC__)
-	_setlist_init();	/* Work around compiler bug */
-#endif
-
-	TerminalSaveState();
-
-	if (prompt = strrchr(argv[0], '/'))
-		++prompt;
-	else
-		prompt = argv[0];
-
-	user = NULL;
-
-	rlogin = (strncmp(prompt, "rlog", 4) == 0) ? '~' : _POSIX_VDISABLE;
-	autologin = -1;
-
-	while ((ch = getopt(argc, argv, "8EKLS:X:acde:fFk:l:n:rt:x")) != EOF) {
-		switch(ch) {
-		case '8':
-			eight = 3;	/* binary output and input */
-			break;
-		case 'E':
-			rlogin = escape = _POSIX_VDISABLE;
-			break;
-		case 'K':
-#ifdef	AUTHENTICATION
-			autologin = 0;
-#endif
-			break;
-		case 'L':
-			eight |= 2;	/* binary output only */
-			break;
-		case 'S':
-		    {
-#ifdef	HAS_GETTOS
-			extern int tos;
-
-			if ((tos = parsetos(optarg, "tcp")) < 0)
-				fprintf(stderr, "%s%s%s%s\n",
-					prompt, ": Bad TOS argument '",
-					optarg,
-					"; will try to use default TOS");
-#else
-			fprintf(stderr,
-			   "%s: Warning: -S ignored, no parsetos() support.\n",
-								prompt);
-#endif
-		    }
-			break;
-		case 'X':
-#ifdef	AUTHENTICATION
-			auth_disable_name(optarg);
-#endif
-			break;
-		case 'a':
-			autologin = 1;
-			break;
-		case 'c':
-			skiprc = 1;
-			break;
-		case 'd':
-			debug = 1;
-			break;
-		case 'e':
-			set_escape_char(optarg);
-			break;
-		case 'f':
-#if defined(AUTHENTICATION) && defined(KRB5) && defined(FORWARD)
-			if (forward_flags & OPTS_FORWARD_CREDS) {
-			    fprintf(stderr,
-				    "%s: Only one of -f and -F allowed.\n",
-				    prompt);
-			    usage();
-			}
-			forward_flags |= OPTS_FORWARD_CREDS;
-#else
-			fprintf(stderr,
-			 "%s: Warning: -f ignored, no Kerberos V5 support.\n",
-				prompt);
-#endif
-			break;
-		case 'F':
-#if defined(AUTHENTICATION) && defined(KRB5) && defined(FORWARD)
-			if (forward_flags & OPTS_FORWARD_CREDS) {
-			    fprintf(stderr,
-				    "%s: Only one of -f and -F allowed.\n",
-				    prompt);
-			    usage();
-			}
-			forward_flags |= OPTS_FORWARD_CREDS;
-			forward_flags |= OPTS_FORWARDABLE_CREDS;
-#else
-			fprintf(stderr,
-			 "%s: Warning: -F ignored, no Kerberos V5 support.\n",
-				prompt);
-#endif
-			break;
-		case 'k':
-#if defined(AUTHENTICATION) && defined(KRB4)
-		    {
-			extern char *dest_realm, dst_realm_buf[], dst_realm_sz;
-			dest_realm = dst_realm_buf;
-			(void)strncpy(dest_realm, optarg, dst_realm_sz);
-		    }
-#else
-			fprintf(stderr,
-			   "%s: Warning: -k ignored, no Kerberos V4 support.\n",
-								prompt);
-#endif
-			break;
-		case 'l':
-			autologin = 1;
-			user = optarg;
-			break;
-		case 'n':
-#if defined(TN3270) && defined(unix)
-			/* distinguish between "-n oasynch" and "-noasynch" */
-			if (argv[optind - 1][0] == '-' && argv[optind - 1][1]
-			    == 'n' && argv[optind - 1][2] == 'o') {
-				if (!strcmp(optarg, "oasynch")) {
-					noasynchtty = 1;
-					noasynchnet = 1;
-				} else if (!strcmp(optarg, "oasynchtty"))
-					noasynchtty = 1;
-				else if (!strcmp(optarg, "oasynchnet"))
-					noasynchnet = 1;
-			} else
-#endif	/* defined(TN3270) && defined(unix) */
-				SetNetTrace(optarg);
-			break;
-		case 'r':
-			rlogin = '~';
-			break;
-		case 't':
-#if defined(TN3270) && defined(unix)
-			transcom = tline;
-			(void)strcpy(transcom, optarg);
-#else
-			fprintf(stderr,
-			   "%s: Warning: -t ignored, no TN3270 support.\n",
-								prompt);
-#endif
-			break;
-		case 'x':
-#ifdef	ENCRYPTION
-			encrypt_auto(1);
-			decrypt_auto(1);
-#else	/* ENCRYPTION */
-			fprintf(stderr,
-			    "%s: Warning: -x ignored, no ENCRYPT support.\n",
-								prompt);
-#endif	/* ENCRYPTION */
-			break;
-		case '?':
-		default:
-			usage();
-			/* NOTREACHED */
-		}
-	}
-	if (autologin == -1)
-		autologin = (rlogin == _POSIX_VDISABLE) ? 0 : 1;
-
-	argc -= optind;
-	argv += optind;
-
-	if (argc) {
-		char *args[7], **argp = args;
-
-		if (argc > 2)
-			usage();
-		*argp++ = prompt;
-		if (user) {
-			*argp++ = "-l";
-			*argp++ = user;
-		}
-		*argp++ = argv[0];		/* host */
-		if (argc > 1)
-			*argp++ = argv[1];	/* port */
-		*argp = 0;
-
-		if (setjmp(toplevel) != 0)
-			Exit(0);
-		if (tn(argp - args, args) == 1)
-			return (0);
-		else
-			return (1);
-	}
-	(void)setjmp(toplevel);
-	for (;;) {
-#ifdef TN3270
-		if (shell_active)
-			shell_continue();
-		else
-#endif
-			command(1, 0, 0);
-	}
-}
diff --git a/secure/usr.bin/telnet/network.c b/secure/usr.bin/telnet/network.c
deleted file mode 100644
index 0fe5cee0be4c..000000000000
--- a/secure/usr.bin/telnet/network.c
+++ /dev/null
@@ -1,177 +0,0 @@
-/*
- * Copyright (c) 1988, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#)network.c	8.2 (Berkeley) 12/15/93";
-#endif /* not lint */
-
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <sys/time.h>
-
-#include <errno.h>
-
-#include <arpa/telnet.h>
-
-#include "ring.h"
-
-#include "defines.h"
-#include "externs.h"
-#include "fdset.h"
-
-Ring		netoring, netiring;
-unsigned char	netobuf[2*BUFSIZ], netibuf[BUFSIZ];
-
-/*
- * Initialize internal network data structures.
- */
-
-    void
-init_network()
-{
-    if (ring_init(&netoring, netobuf, sizeof netobuf) != 1) {
-	exit(1);
-    }
-    if (ring_init(&netiring, netibuf, sizeof netibuf) != 1) {
-	exit(1);
-    }
-    NetTrace = stdout;
-}
-
-
-/*
- * Check to see if any out-of-band data exists on a socket (for
- * Telnet "synch" processing).
- */
-
-    int
-stilloob()
-{
-    static struct timeval timeout = { 0 };
-    fd_set	excepts;
-    int value;
-
-    do {
-	FD_ZERO(&excepts);
-	FD_SET(net, &excepts);
-	value = select(net+1, (fd_set *)0, (fd_set *)0, &excepts, &timeout);
-    } while ((value == -1) && (errno == EINTR));
-
-    if (value < 0) {
-	perror("select");
-	(void) quit();
-	/* NOTREACHED */
-    }
-    if (FD_ISSET(net, &excepts)) {
-	return 1;
-    } else {
-	return 0;
-    }
-}
-
-
-/*
- *  setneturg()
- *
- *	Sets "neturg" to the current location.
- */
-
-    void
-setneturg()
-{
-    ring_mark(&netoring);
-}
-
-
-/*
- *  netflush
- *		Send as much data as possible to the network,
- *	handling requests for urgent data.
- *
- *		The return value indicates whether we did any
- *	useful work.
- */
-
-
-    int
-netflush()
-{
-    register int n, n1;
-
-#ifdef	ENCRYPTION
-    if (encrypt_output)
-	ring_encrypt(&netoring, encrypt_output);
-#endif	/* ENCRYPTION */
-    if ((n1 = n = ring_full_consecutive(&netoring)) > 0) {
-	if (!ring_at_mark(&netoring)) {
-	    n = send(net, (char *)netoring.consume, n, 0); /* normal write */
-	} else {
-	    /*
-	     * In 4.2 (and 4.3) systems, there is some question about
-	     * what byte in a sendOOB operation is the "OOB" data.
-	     * To make ourselves compatible, we only send ONE byte
-	     * out of band, the one WE THINK should be OOB (though
-	     * we really have more the TCP philosophy of urgent data
-	     * rather than the Unix philosophy of OOB data).
-	     */
-	    n = send(net, (char *)netoring.consume, 1, MSG_OOB);/* URGENT data */
-	}
-    }
-    if (n < 0) {
-	if (errno != ENOBUFS && errno != EWOULDBLOCK) {
-	    setcommandmode();
-	    perror(hostname);
-	    (void)NetClose(net);
-	    ring_clear_mark(&netoring);
-	    longjmp(peerdied, -1);
-	    /*NOTREACHED*/
-	}
-	n = 0;
-    }
-    if (netdata && n) {
-	Dump('>', netoring.consume, n);
-    }
-    if (n) {
-	ring_consumed(&netoring, n);
-	/*
-	 * If we sent all, and more to send, then recurse to pick
-	 * up the other half.
-	 */
-	if ((n1 == n) && ring_full_consecutive(&netoring)) {
-	    (void) netflush();
-	}
-	return 1;
-    } else {
-	return 0;
-    }
-}
diff --git a/secure/usr.bin/telnet/ring.c b/secure/usr.bin/telnet/ring.c
deleted file mode 100644
index 37dfda8bc499..000000000000
--- a/secure/usr.bin/telnet/ring.c
+++ /dev/null
@@ -1,362 +0,0 @@
-/*
- * Copyright (c) 1988, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#)ring.c	8.2 (Berkeley) 5/30/95";
-#endif /* not lint */
-
-/*
- * This defines a structure for a ring buffer.
- *
- * The circular buffer has two parts:
- *(((
- *	full:	[consume, supply)
- *	empty:	[supply, consume)
- *]]]
- *
- */
-
-#include	<stdio.h>
-#include	<errno.h>
-
-#ifdef	size_t
-#undef	size_t
-#endif
-
-#include	<sys/types.h>
-#ifndef	FILIO_H
-#include	<sys/ioctl.h>
-#endif
-#include	<sys/socket.h>
-
-#include	"ring.h"
-#include	"general.h"
-
-/* Internal macros */
-
-#if	!defined(MIN)
-#define	MIN(a,b)	(((a)<(b))? (a):(b))
-#endif	/* !defined(MIN) */
-
-#define	ring_subtract(d,a,b)	(((a)-(b) >= 0)? \
-					(a)-(b): (((a)-(b))+(d)->size))
-
-#define	ring_increment(d,a,c)	(((a)+(c) < (d)->top)? \
-					(a)+(c) : (((a)+(c))-(d)->size))
-
-#define	ring_decrement(d,a,c)	(((a)-(c) >= (d)->bottom)? \
-					(a)-(c) : (((a)-(c))-(d)->size))
-
-
-/*
- * The following is a clock, used to determine full, empty, etc.
- *
- * There is some trickiness here.  Since the ring buffers are initialized
- * to ZERO on allocation, we need to make sure, when interpreting the
- * clock, that when the times are EQUAL, then the buffer is FULL.
- */
-static u_long ring_clock = 0;
-
-
-#define	ring_empty(d) (((d)->consume == (d)->supply) && \
-				((d)->consumetime >= (d)->supplytime))
-#define	ring_full(d) (((d)->supply == (d)->consume) && \
-				((d)->supplytime > (d)->consumetime))
-
-
-
-
-
-/* Buffer state transition routines */
-
-    ring_init(ring, buffer, count)
-Ring *ring;
-    unsigned char *buffer;
-    int count;
-{
-    memset((char *)ring, 0, sizeof *ring);
-
-    ring->size = count;
-
-    ring->supply = ring->consume = ring->bottom = buffer;
-
-    ring->top = ring->bottom+ring->size;
-
-#ifdef	ENCRYPTION
-    ring->clearto = 0;
-#endif	/* ENCRYPTION */
-
-    return 1;
-}
-
-/* Mark routines */
-
-/*
- * Mark the most recently supplied byte.
- */
-
-    void
-ring_mark(ring)
-    Ring *ring;
-{
-    ring->mark = ring_decrement(ring, ring->supply, 1);
-}
-
-/*
- * Is the ring pointing to the mark?
- */
-
-    int
-ring_at_mark(ring)
-    Ring *ring;
-{
-    if (ring->mark == ring->consume) {
-	return 1;
-    } else {
-	return 0;
-    }
-}
-
-/*
- * Clear any mark set on the ring.
- */
-
-    void
-ring_clear_mark(ring)
-    Ring *ring;
-{
-    ring->mark = 0;
-}
-
-/*
- * Add characters from current segment to ring buffer.
- */
-    void
-ring_supplied(ring, count)
-    Ring *ring;
-    int count;
-{
-    ring->supply = ring_increment(ring, ring->supply, count);
-    ring->supplytime = ++ring_clock;
-}
-
-/*
- * We have just consumed "c" bytes.
- */
-    void
-ring_consumed(ring, count)
-    Ring *ring;
-    int count;
-{
-    if (count == 0)	/* don't update anything */
-	return;
-
-    if (ring->mark &&
-		(ring_subtract(ring, ring->mark, ring->consume) < count)) {
-	ring->mark = 0;
-    }
-#ifdef	ENCRYPTION
-    if (ring->consume < ring->clearto &&
-		ring->clearto <= ring->consume + count)
-	ring->clearto = 0;
-    else if (ring->consume + count > ring->top &&
-		ring->bottom <= ring->clearto &&
-		ring->bottom + ((ring->consume + count) - ring->top))
-	ring->clearto = 0;
-#endif	/* ENCRYPTION */
-    ring->consume = ring_increment(ring, ring->consume, count);
-    ring->consumetime = ++ring_clock;
-    /*
-     * Try to encourage "ring_empty_consecutive()" to be large.
-     */
-    if (ring_empty(ring)) {
-	ring->consume = ring->supply = ring->bottom;
-    }
-}
-
-
-
-/* Buffer state query routines */
-
-
-/* Number of bytes that may be supplied */
-    int
-ring_empty_count(ring)
-    Ring *ring;
-{
-    if (ring_empty(ring)) {	/* if empty */
-	    return ring->size;
-    } else {
-	return ring_subtract(ring, ring->consume, ring->supply);
-    }
-}
-
-/* number of CONSECUTIVE bytes that may be supplied */
-    int
-ring_empty_consecutive(ring)
-    Ring *ring;
-{
-    if ((ring->consume < ring->supply) || ring_empty(ring)) {
-			    /*
-			     * if consume is "below" supply, or empty, then
-			     * return distance to the top
-			     */
-	return ring_subtract(ring, ring->top, ring->supply);
-    } else {
-				    /*
-				     * else, return what we may.
-				     */
-	return ring_subtract(ring, ring->consume, ring->supply);
-    }
-}
-
-/* Return the number of bytes that are available for consuming
- * (but don't give more than enough to get to cross over set mark)
- */
-
-    int
-ring_full_count(ring)
-    Ring *ring;
-{
-    if ((ring->mark == 0) || (ring->mark == ring->consume)) {
-	if (ring_full(ring)) {
-	    return ring->size;	/* nothing consumed, but full */
-	} else {
-	    return ring_subtract(ring, ring->supply, ring->consume);
-	}
-    } else {
-	return ring_subtract(ring, ring->mark, ring->consume);
-    }
-}
-
-/*
- * Return the number of CONSECUTIVE bytes available for consuming.
- * However, don't return more than enough to cross over set mark.
- */
-    int
-ring_full_consecutive(ring)
-    Ring *ring;
-{
-    if ((ring->mark == 0) || (ring->mark == ring->consume)) {
-	if ((ring->supply < ring->consume) || ring_full(ring)) {
-	    return ring_subtract(ring, ring->top, ring->consume);
-	} else {
-	    return ring_subtract(ring, ring->supply, ring->consume);
-	}
-    } else {
-	if (ring->mark < ring->consume) {
-	    return ring_subtract(ring, ring->top, ring->consume);
-	} else {	/* Else, distance to mark */
-	    return ring_subtract(ring, ring->mark, ring->consume);
-	}
-    }
-}
-
-/*
- * Move data into the "supply" portion of of the ring buffer.
- */
-    void
-ring_supply_data(ring, buffer, count)
-    Ring *ring;
-    unsigned char *buffer;
-    int count;
-{
-    int i;
-
-    while (count) {
-	i = MIN(count, ring_empty_consecutive(ring));
-	memmove(ring->supply, buffer, i);
-	ring_supplied(ring, i);
-	count -= i;
-	buffer += i;
-    }
-}
-
-#ifdef notdef
-
-/*
- * Move data from the "consume" portion of the ring buffer
- */
-    void
-ring_consume_data(ring, buffer, count)
-    Ring *ring;
-    unsigned char *buffer;
-    int count;
-{
-    int i;
-
-    while (count) {
-	i = MIN(count, ring_full_consecutive(ring));
-	memmove(buffer, ring->consume, i);
-	ring_consumed(ring, i);
-	count -= i;
-	buffer += i;
-    }
-}
-#endif
-
-#ifdef	ENCRYPTION
-    void
-ring_encrypt(ring, encryptor)
-    Ring *ring;
-    void (*encryptor)();
-{
-    unsigned char *s, *c;
-
-    if (ring_empty(ring) || ring->clearto == ring->supply)
-	return;
-
-    if (!(c = ring->clearto))
-	c = ring->consume;
-
-    s = ring->supply;
-
-    if (s <= c) {
-	(*encryptor)(c, ring->top - c);
-	(*encryptor)(ring->bottom, s - ring->bottom);
-    } else
-	(*encryptor)(c, s - c);
-
-    ring->clearto = ring->supply;
-}
-
-    void
-ring_clearto(ring)
-    Ring *ring;
-{
-    if (!ring_empty(ring))
-	ring->clearto = ring->supply;
-    else
-	ring->clearto = 0;
-}
-#endif	/* ENCRYPTION */
diff --git a/secure/usr.bin/telnet/ring.h b/secure/usr.bin/telnet/ring.h
deleted file mode 100644
index 2a36781e5ae5..000000000000
--- a/secure/usr.bin/telnet/ring.h
+++ /dev/null
@@ -1,105 +0,0 @@
-/*
- * Copyright (c) 1988, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)ring.h	8.1 (Berkeley) 6/6/93
- */
-
-#if defined(P)
-# undef P
-#endif
-
-#if defined(__STDC__) || defined(LINT_ARGS)
-# define	P(x)	x
-#else
-# define	P(x)	()
-#endif
-
-/*
- * This defines a structure for a ring buffer.
- *
- * The circular buffer has two parts:
- *(((
- *	full:	[consume, supply)
- *	empty:	[supply, consume)
- *]]]
- *
- */
-typedef struct {
-    unsigned char	*consume,	/* where data comes out of */
-			*supply,	/* where data comes in to */
-			*bottom,	/* lowest address in buffer */
-			*top,		/* highest address+1 in buffer */
-			*mark;		/* marker (user defined) */
-#ifdef	ENCRYPTION
-    unsigned char	*clearto;	/* Data to this point is clear text */
-    unsigned char	*encryyptedto;	/* Data is encrypted to here */
-#endif	/* ENCRYPTION */
-    int		size;		/* size in bytes of buffer */
-    u_long	consumetime,	/* help us keep straight full, empty, etc. */
-		supplytime;
-} Ring;
-
-/* Here are some functions and macros to deal with the ring buffer */
-
-/* Initialization routine */
-extern int
-	ring_init P((Ring *ring, unsigned char *buffer, int count));
-
-/* Data movement routines */
-extern void
-	ring_supply_data P((Ring *ring, unsigned char *buffer, int count));
-#ifdef notdef
-extern void
-	ring_consume_data P((Ring *ring, unsigned char *buffer, int count));
-#endif
-
-/* Buffer state transition routines */
-extern void
-	ring_supplied P((Ring *ring, int count)),
-	ring_consumed P((Ring *ring, int count));
-
-/* Buffer state query routines */
-extern int
-	ring_empty_count P((Ring *ring)),
-	ring_empty_consecutive P((Ring *ring)),
-	ring_full_count P((Ring *ring)),
-	ring_full_consecutive P((Ring *ring));
-
-#ifdef	ENCRYPTION
-extern void
-	ring_encrypt P((Ring *ring, void (*func)())),
-	ring_clearto P((Ring *ring));
-#endif	/* ENCRYPTION */
-
-extern void
-    ring_clear_mark(),
-    ring_mark();
diff --git a/secure/usr.bin/telnet/sys_bsd.c b/secure/usr.bin/telnet/sys_bsd.c
deleted file mode 100644
index 3ede7c4856d6..000000000000
--- a/secure/usr.bin/telnet/sys_bsd.c
+++ /dev/null
@@ -1,1220 +0,0 @@
-/*
- * Copyright (c) 1988, 1990, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#)sys_bsd.c	8.4 (Berkeley) 5/30/95";
-#endif /* not lint */
-
-/*
- * The following routines try to encapsulate what is system dependent
- * (at least between 4.x and dos) which is used in telnet.c.
- */
-
-
-#include <fcntl.h>
-#include <sys/types.h>
-#include <sys/time.h>
-#include <sys/socket.h>
-#include <signal.h>
-#include <errno.h>
-#include <arpa/telnet.h>
-
-#include "ring.h"
-
-#include "fdset.h"
-
-#include "defines.h"
-#include "externs.h"
-#include "types.h"
-
-#if	defined(CRAY) || (defined(USE_TERMIO) && !defined(SYSV_TERMIO))
-#define	SIG_FUNC_RET	void
-#else
-#define	SIG_FUNC_RET	int
-#endif
-
-#ifdef	SIGINFO
-extern SIG_FUNC_RET ayt_status();
-#endif
-
-int
-	tout,			/* Output file descriptor */
-	tin,			/* Input file descriptor */
-	net;
-
-#ifndef	USE_TERMIO
-struct	tchars otc = { 0 }, ntc = { 0 };
-struct	ltchars oltc = { 0 }, nltc = { 0 };
-struct	sgttyb ottyb = { 0 }, nttyb = { 0 };
-int	olmode = 0;
-# define cfgetispeed(ptr)	(ptr)->sg_ispeed
-# define cfgetospeed(ptr)	(ptr)->sg_ospeed
-# define old_tc ottyb
-
-#else	/* USE_TERMIO */
-struct	termio old_tc = { 0 };
-extern struct termio new_tc;
-
-# ifndef	TCSANOW
-#  ifdef TCSETS
-#   define	TCSANOW		TCSETS
-#   define	TCSADRAIN	TCSETSW
-#   define	tcgetattr(f, t) ioctl(f, TCGETS, (char *)t)
-#  else
-#   ifdef TCSETA
-#    define	TCSANOW		TCSETA
-#    define	TCSADRAIN	TCSETAW
-#    define	tcgetattr(f, t) ioctl(f, TCGETA, (char *)t)
-#   else
-#    define	TCSANOW		TIOCSETA
-#    define	TCSADRAIN	TIOCSETAW
-#    define	tcgetattr(f, t) ioctl(f, TIOCGETA, (char *)t)
-#   endif
-#  endif
-#  define	tcsetattr(f, a, t) ioctl(f, a, (char *)t)
-#  define	cfgetospeed(ptr)	((ptr)->c_cflag&CBAUD)
-#  ifdef CIBAUD
-#   define	cfgetispeed(ptr)	(((ptr)->c_cflag&CIBAUD) >> IBSHIFT)
-#  else
-#   define	cfgetispeed(ptr)	cfgetospeed(ptr)
-#  endif
-# endif /* TCSANOW */
-# ifdef	sysV88
-# define TIOCFLUSH TC_PX_DRAIN
-# endif
-#endif	/* USE_TERMIO */
-
-static fd_set ibits, obits, xbits;
-
-
-    void
-init_sys()
-{
-    tout = fileno(stdout);
-    tin = fileno(stdin);
-    FD_ZERO(&ibits);
-    FD_ZERO(&obits);
-    FD_ZERO(&xbits);
-
-    errno = 0;
-}
-
-
-    int
-TerminalWrite(buf, n)
-    char *buf;
-    int  n;
-{
-    return write(tout, buf, n);
-}
-
-    int
-TerminalRead(buf, n)
-    char *buf;
-    int  n;
-{
-    return read(tin, buf, n);
-}
-
-/*
- *
- */
-
-    int
-TerminalAutoFlush()
-{
-#if	defined(LNOFLSH)
-    int flush;
-
-    ioctl(0, TIOCLGET, (char *)&flush);
-    return !(flush&LNOFLSH);	/* if LNOFLSH, no autoflush */
-#else	/* LNOFLSH */
-    return 1;
-#endif	/* LNOFLSH */
-}
-
-#ifdef	KLUDGELINEMODE
-extern int kludgelinemode;
-#endif
-/*
- * TerminalSpecialChars()
- *
- * Look at an input character to see if it is a special character
- * and decide what to do.
- *
- * Output:
- *
- *	0	Don't add this character.
- *	1	Do add this character
- */
-
-extern void xmitAO(), xmitEL(), xmitEC(), intp(), sendbrk();
-
-    int
-TerminalSpecialChars(c)
-    int	c;
-{
-    if (c == termIntChar) {
-	intp();
-	return 0;
-    } else if (c == termQuitChar) {
-#ifdef	KLUDGELINEMODE
-	if (kludgelinemode)
-	    sendbrk();
-	else
-#endif
-	    sendabort();
-	return 0;
-    } else if (c == termEofChar) {
-	if (my_want_state_is_will(TELOPT_LINEMODE)) {
-	    sendeof();
-	    return 0;
-	}
-	return 1;
-    } else if (c == termSuspChar) {
-	sendsusp();
-	return(0);
-    } else if (c == termFlushChar) {
-	xmitAO();		/* Transmit Abort Output */
-	return 0;
-    } else if (!MODE_LOCAL_CHARS(globalmode)) {
-	if (c == termKillChar) {
-	    xmitEL();
-	    return 0;
-	} else if (c == termEraseChar) {
-	    xmitEC();		/* Transmit Erase Character */
-	    return 0;
-	}
-    }
-    return 1;
-}
-
-
-/*
- * Flush output to the terminal
- */
-
-    void
-TerminalFlushOutput()
-{
-#ifdef	TIOCFLUSH
-    (void) ioctl(fileno(stdout), TIOCFLUSH, (char *) 0);
-#else
-    (void) ioctl(fileno(stdout), TCFLSH, (char *) 0);
-#endif
-}
-
-    void
-TerminalSaveState()
-{
-#ifndef	USE_TERMIO
-    ioctl(0, TIOCGETP, (char *)&ottyb);
-    ioctl(0, TIOCGETC, (char *)&otc);
-    ioctl(0, TIOCGLTC, (char *)&oltc);
-    ioctl(0, TIOCLGET, (char *)&olmode);
-
-    ntc = otc;
-    nltc = oltc;
-    nttyb = ottyb;
-
-#else	/* USE_TERMIO */
-    tcgetattr(0, &old_tc);
-
-    new_tc = old_tc;
-
-#ifndef	VDISCARD
-    termFlushChar = CONTROL('O');
-#endif
-#ifndef	VWERASE
-    termWerasChar = CONTROL('W');
-#endif
-#ifndef	VREPRINT
-    termRprntChar = CONTROL('R');
-#endif
-#ifndef	VLNEXT
-    termLiteralNextChar = CONTROL('V');
-#endif
-#ifndef	VSTART
-    termStartChar = CONTROL('Q');
-#endif
-#ifndef	VSTOP
-    termStopChar = CONTROL('S');
-#endif
-#ifndef	VSTATUS
-    termAytChar = CONTROL('T');
-#endif
-#endif	/* USE_TERMIO */
-}
-
-    cc_t *
-tcval(func)
-    register int func;
-{
-    switch(func) {
-    case SLC_IP:	return(&termIntChar);
-    case SLC_ABORT:	return(&termQuitChar);
-    case SLC_EOF:	return(&termEofChar);
-    case SLC_EC:	return(&termEraseChar);
-    case SLC_EL:	return(&termKillChar);
-    case SLC_XON:	return(&termStartChar);
-    case SLC_XOFF:	return(&termStopChar);
-    case SLC_FORW1:	return(&termForw1Char);
-#ifdef	USE_TERMIO
-    case SLC_FORW2:	return(&termForw2Char);
-# ifdef	VDISCARD
-    case SLC_AO:	return(&termFlushChar);
-# endif
-# ifdef	VSUSP
-    case SLC_SUSP:	return(&termSuspChar);
-# endif
-# ifdef	VWERASE
-    case SLC_EW:	return(&termWerasChar);
-# endif
-# ifdef	VREPRINT
-    case SLC_RP:	return(&termRprntChar);
-# endif
-# ifdef	VLNEXT
-    case SLC_LNEXT:	return(&termLiteralNextChar);
-# endif
-# ifdef	VSTATUS
-    case SLC_AYT:	return(&termAytChar);
-# endif
-#endif
-
-    case SLC_SYNCH:
-    case SLC_BRK:
-    case SLC_EOR:
-    default:
-	return((cc_t *)0);
-    }
-}
-
-    void
-TerminalDefaultChars()
-{
-#ifndef	USE_TERMIO
-    ntc = otc;
-    nltc = oltc;
-    nttyb.sg_kill = ottyb.sg_kill;
-    nttyb.sg_erase = ottyb.sg_erase;
-#else	/* USE_TERMIO */
-    memmove(new_tc.c_cc, old_tc.c_cc, sizeof(old_tc.c_cc));
-# ifndef	VDISCARD
-    termFlushChar = CONTROL('O');
-# endif
-# ifndef	VWERASE
-    termWerasChar = CONTROL('W');
-# endif
-# ifndef	VREPRINT
-    termRprntChar = CONTROL('R');
-# endif
-# ifndef	VLNEXT
-    termLiteralNextChar = CONTROL('V');
-# endif
-# ifndef	VSTART
-    termStartChar = CONTROL('Q');
-# endif
-# ifndef	VSTOP
-    termStopChar = CONTROL('S');
-# endif
-# ifndef	VSTATUS
-    termAytChar = CONTROL('T');
-# endif
-#endif	/* USE_TERMIO */
-}
-
-#ifdef notdef
-void
-TerminalRestoreState()
-{
-}
-#endif
-
-/*
- * TerminalNewMode - set up terminal to a specific mode.
- *	MODE_ECHO: do local terminal echo
- *	MODE_FLOW: do local flow control
- *	MODE_TRAPSIG: do local mapping to TELNET IAC sequences
- *	MODE_EDIT: do local line editing
- *
- *	Command mode:
- *		MODE_ECHO|MODE_EDIT|MODE_FLOW|MODE_TRAPSIG
- *		local echo
- *		local editing
- *		local xon/xoff
- *		local signal mapping
- *
- *	Linemode:
- *		local/no editing
- *	Both Linemode and Single Character mode:
- *		local/remote echo
- *		local/no xon/xoff
- *		local/no signal mapping
- */
-
-
-    void
-TerminalNewMode(f)
-    register int f;
-{
-    static int prevmode = 0;
-#ifndef	USE_TERMIO
-    struct tchars tc;
-    struct ltchars ltc;
-    struct sgttyb sb;
-    int lmode;
-#else	/* USE_TERMIO */
-    struct termio tmp_tc;
-#endif	/* USE_TERMIO */
-    int onoff;
-    int old;
-    cc_t esc;
-
-    globalmode = f&~MODE_FORCE;
-    if (prevmode == f)
-	return;
-
-    /*
-     * Write any outstanding data before switching modes
-     * ttyflush() returns 0 only when there is no more data
-     * left to write out, it returns -1 if it couldn't do
-     * anything at all, otherwise it returns 1 + the number
-     * of characters left to write.
-#ifndef	USE_TERMIO
-     * We would really like ask the kernel to wait for the output
-     * to drain, like we can do with the TCSADRAIN, but we don't have
-     * that option.  The only ioctl that waits for the output to
-     * drain, TIOCSETP, also flushes the input queue, which is NOT
-     * what we want (TIOCSETP is like TCSADFLUSH).
-#endif
-     */
-    old = ttyflush(SYNCHing|flushout);
-    if (old < 0 || old > 1) {
-#ifdef	USE_TERMIO
-	tcgetattr(tin, &tmp_tc);
-#endif	/* USE_TERMIO */
-	do {
-	    /*
-	     * Wait for data to drain, then flush again.
-	     */
-#ifdef	USE_TERMIO
-	    tcsetattr(tin, TCSADRAIN, &tmp_tc);
-#endif	/* USE_TERMIO */
-	    old = ttyflush(SYNCHing|flushout);
-	} while (old < 0 || old > 1);
-    }
-
-    old = prevmode;
-    prevmode = f&~MODE_FORCE;
-#ifndef	USE_TERMIO
-    sb = nttyb;
-    tc = ntc;
-    ltc = nltc;
-    lmode = olmode;
-#else
-    tmp_tc = new_tc;
-#endif
-
-    if (f&MODE_ECHO) {
-#ifndef	USE_TERMIO
-	sb.sg_flags |= ECHO;
-#else
-	tmp_tc.c_lflag |= ECHO;
-	tmp_tc.c_oflag |= ONLCR;
-	if (crlf)
-		tmp_tc.c_iflag |= ICRNL;
-#endif
-    } else {
-#ifndef	USE_TERMIO
-	sb.sg_flags &= ~ECHO;
-#else
-	tmp_tc.c_lflag &= ~ECHO;
-	tmp_tc.c_oflag &= ~ONLCR;
-# ifdef notdef
-	if (crlf)
-		tmp_tc.c_iflag &= ~ICRNL;
-# endif
-#endif
-    }
-
-    if ((f&MODE_FLOW) == 0) {
-#ifndef	USE_TERMIO
-	tc.t_startc = _POSIX_VDISABLE;
-	tc.t_stopc = _POSIX_VDISABLE;
-#else
-	tmp_tc.c_iflag &= ~(IXOFF|IXON);	/* Leave the IXANY bit alone */
-    } else {
-	if (restartany < 0) {
-		tmp_tc.c_iflag |= IXOFF|IXON;	/* Leave the IXANY bit alone */
-	} else if (restartany > 0) {
-		tmp_tc.c_iflag |= IXOFF|IXON|IXANY;
-	} else {
-		tmp_tc.c_iflag |= IXOFF|IXON;
-		tmp_tc.c_iflag &= ~IXANY;
-	}
-#endif
-    }
-
-    if ((f&MODE_TRAPSIG) == 0) {
-#ifndef	USE_TERMIO
-	tc.t_intrc = _POSIX_VDISABLE;
-	tc.t_quitc = _POSIX_VDISABLE;
-	tc.t_eofc = _POSIX_VDISABLE;
-	ltc.t_suspc = _POSIX_VDISABLE;
-	ltc.t_dsuspc = _POSIX_VDISABLE;
-#else
-	tmp_tc.c_lflag &= ~ISIG;
-#endif
-	localchars = 0;
-    } else {
-#ifdef	USE_TERMIO
-	tmp_tc.c_lflag |= ISIG;
-#endif
-	localchars = 1;
-    }
-
-    if (f&MODE_EDIT) {
-#ifndef	USE_TERMIO
-	sb.sg_flags &= ~CBREAK;
-	sb.sg_flags |= CRMOD;
-#else
-	tmp_tc.c_lflag |= ICANON;
-#endif
-    } else {
-#ifndef	USE_TERMIO
-	sb.sg_flags |= CBREAK;
-	if (f&MODE_ECHO)
-	    sb.sg_flags |= CRMOD;
-	else
-	    sb.sg_flags &= ~CRMOD;
-#else
-	tmp_tc.c_lflag &= ~ICANON;
-	tmp_tc.c_iflag &= ~ICRNL;
-	tmp_tc.c_cc[VMIN] = 1;
-	tmp_tc.c_cc[VTIME] = 0;
-#endif
-    }
-
-    if ((f&(MODE_EDIT|MODE_TRAPSIG)) == 0) {
-#ifndef	USE_TERMIO
-	ltc.t_lnextc = _POSIX_VDISABLE;
-#else
-# ifdef VLNEXT
-	tmp_tc.c_cc[VLNEXT] = (cc_t)(_POSIX_VDISABLE);
-# endif
-#endif
-    }
-
-    if (f&MODE_SOFT_TAB) {
-#ifndef USE_TERMIO
-	sb.sg_flags |= XTABS;
-#else
-# ifdef	OXTABS
-	tmp_tc.c_oflag |= OXTABS;
-# endif
-# ifdef	TABDLY
-	tmp_tc.c_oflag &= ~TABDLY;
-	tmp_tc.c_oflag |= TAB3;
-# endif
-#endif
-    } else {
-#ifndef USE_TERMIO
-	sb.sg_flags &= ~XTABS;
-#else
-# ifdef	OXTABS
-	tmp_tc.c_oflag &= ~OXTABS;
-# endif
-# ifdef	TABDLY
-	tmp_tc.c_oflag &= ~TABDLY;
-# endif
-#endif
-    }
-
-    if (f&MODE_LIT_ECHO) {
-#ifndef USE_TERMIO
-	lmode &= ~LCTLECH;
-#else
-# ifdef	ECHOCTL
-	tmp_tc.c_lflag &= ~ECHOCTL;
-# endif
-#endif
-    } else {
-#ifndef USE_TERMIO
-	lmode |= LCTLECH;
-#else
-# ifdef	ECHOCTL
-	tmp_tc.c_lflag |= ECHOCTL;
-# endif
-#endif
-    }
-
-    if (f == -1) {
-	onoff = 0;
-    } else {
-#ifndef	USE_TERMIO
-	if (f & MODE_OUTBIN)
-		lmode |= LLITOUT;
-	else
-		lmode &= ~LLITOUT;
-
-	if (f & MODE_INBIN)
-		lmode |= LPASS8;
-	else
-		lmode &= ~LPASS8;
-#else
-	if (f & MODE_INBIN)
-		tmp_tc.c_iflag &= ~ISTRIP;
-	else
-		tmp_tc.c_iflag |= ISTRIP;
-	if (f & MODE_OUTBIN) {
-		tmp_tc.c_cflag &= ~(CSIZE|PARENB);
-		tmp_tc.c_cflag |= CS8;
-		tmp_tc.c_oflag &= ~OPOST;
-	} else {
-		tmp_tc.c_cflag &= ~(CSIZE|PARENB);
-		tmp_tc.c_cflag |= old_tc.c_cflag & (CSIZE|PARENB);
-		tmp_tc.c_oflag |= OPOST;
-	}
-#endif
-	onoff = 1;
-    }
-
-    if (f != -1) {
-#ifdef	SIGTSTP
-	SIG_FUNC_RET susp();
-#endif	/* SIGTSTP */
-#ifdef	SIGINFO
-	SIG_FUNC_RET ayt();
-#endif
-
-#ifdef	SIGTSTP
-	(void) signal(SIGTSTP, susp);
-#endif	/* SIGTSTP */
-#ifdef	SIGINFO
-	(void) signal(SIGINFO, ayt);
-#endif
-#if	defined(USE_TERMIO) && defined(NOKERNINFO)
-	tmp_tc.c_lflag |= NOKERNINFO;
-#endif
-	/*
-	 * We don't want to process ^Y here.  It's just another
-	 * character that we'll pass on to the back end.  It has
-	 * to process it because it will be processed when the
-	 * user attempts to read it, not when we send it.
-	 */
-#ifndef	USE_TERMIO
-	ltc.t_dsuspc = _POSIX_VDISABLE;
-#else
-# ifdef	VDSUSP
-	tmp_tc.c_cc[VDSUSP] = (cc_t)(_POSIX_VDISABLE);
-# endif
-#endif
-#ifdef	USE_TERMIO
-	/*
-	 * If the VEOL character is already set, then use VEOL2,
-	 * otherwise use VEOL.
-	 */
-	esc = (rlogin != _POSIX_VDISABLE) ? rlogin : escape;
-	if ((tmp_tc.c_cc[VEOL] != esc)
-# ifdef	VEOL2
-	    && (tmp_tc.c_cc[VEOL2] != esc)
-# endif
-	    ) {
-		if (tmp_tc.c_cc[VEOL] == (cc_t)(_POSIX_VDISABLE))
-		    tmp_tc.c_cc[VEOL] = esc;
-# ifdef	VEOL2
-		else if (tmp_tc.c_cc[VEOL2] == (cc_t)(_POSIX_VDISABLE))
-		    tmp_tc.c_cc[VEOL2] = esc;
-# endif
-	}
-#else
-	if (tc.t_brkc == (cc_t)(_POSIX_VDISABLE))
-		tc.t_brkc = esc;
-#endif
-    } else {
-#ifdef	SIGINFO
-	SIG_FUNC_RET ayt_status();
-
-	(void) signal(SIGINFO, ayt_status);
-#endif
-#ifdef	SIGTSTP
-	(void) signal(SIGTSTP, SIG_DFL);
-# ifndef SOLARIS
-	(void) sigsetmask(sigblock(0) & ~(1<<(SIGTSTP-1)));
-# else	SOLARIS
-	(void) sigrelse(SIGTSTP);
-# endif	SOLARIS
-#endif	/* SIGTSTP */
-#ifndef USE_TERMIO
-	ltc = oltc;
-	tc = otc;
-	sb = ottyb;
-	lmode = olmode;
-#else
-	tmp_tc = old_tc;
-#endif
-    }
-#ifndef USE_TERMIO
-    ioctl(tin, TIOCLSET, (char *)&lmode);
-    ioctl(tin, TIOCSLTC, (char *)&ltc);
-    ioctl(tin, TIOCSETC, (char *)&tc);
-    ioctl(tin, TIOCSETN, (char *)&sb);
-#else
-    if (tcsetattr(tin, TCSADRAIN, &tmp_tc) < 0)
-	tcsetattr(tin, TCSANOW, &tmp_tc);
-#endif
-
-#if	(!defined(TN3270)) || ((!defined(NOT43)) || defined(PUTCHAR))
-# if	!defined(sysV88)
-    ioctl(tin, FIONBIO, (char *)&onoff);
-    ioctl(tout, FIONBIO, (char *)&onoff);
-# endif
-#endif	/* (!defined(TN3270)) || ((!defined(NOT43)) || defined(PUTCHAR)) */
-#if	defined(TN3270)
-    if (noasynchtty == 0) {
-	ioctl(tin, FIOASYNC, (char *)&onoff);
-    }
-#endif	/* defined(TN3270) */
-
-}
-
-/*
- * Try to guess whether speeds are "encoded" (4.2BSD) or just numeric (4.4BSD).
- */
-#if B4800 != 4800
-#define	DECODE_BAUD
-#endif
-
-#ifdef	DECODE_BAUD
-#ifndef	B7200
-#define B7200   B4800
-#endif
-
-#ifndef	B14400
-#define B14400  B9600
-#endif
-
-#ifndef	B19200
-# define B19200 B14400
-#endif
-
-#ifndef	B28800
-#define B28800  B19200
-#endif
-
-#ifndef	B38400
-# define B38400 B28800
-#endif
-
-#ifndef B57600
-#define B57600  B38400
-#endif
-
-#ifndef B76800
-#define B76800  B57600
-#endif
-
-#ifndef B115200
-#define B115200 B76800
-#endif
-
-#ifndef B230400
-#define B230400 B115200
-#endif
-
-
-/*
- * This code assumes that the values B0, B50, B75...
- * are in ascending order.  They do not have to be
- * contiguous.
- */
-struct termspeeds {
-	long speed;
-	long value;
-} termspeeds[] = {
-	{ 0,     B0 },     { 50,    B50 },   { 75,    B75 },
-	{ 110,   B110 },   { 134,   B134 },  { 150,   B150 },
-	{ 200,   B200 },   { 300,   B300 },  { 600,   B600 },
-	{ 1200,  B1200 },  { 1800,  B1800 }, { 2400,  B2400 },
-	{ 4800,   B4800 },   { 7200,  B7200 },  { 9600,   B9600 },
-	{ 14400,  B14400 },  { 19200, B19200 }, { 28800,  B28800 },
-	{ 38400,  B38400 },  { 57600, B57600 }, { 115200, B115200 },
-	{ 230400, B230400 }, { -1,    B230400 }
-};
-#endif	/* DECODE_BAUD */
-
-    void
-TerminalSpeeds(ispeed, ospeed)
-    long *ispeed;
-    long *ospeed;
-{
-#ifdef	DECODE_BAUD
-    register struct termspeeds *tp;
-#endif	/* DECODE_BAUD */
-    register long in, out;
-
-    out = cfgetospeed(&old_tc);
-    in = cfgetispeed(&old_tc);
-    if (in == 0)
-	in = out;
-
-#ifdef	DECODE_BAUD
-    tp = termspeeds;
-    while ((tp->speed != -1) && (tp->value < in))
-	tp++;
-    *ispeed = tp->speed;
-
-    tp = termspeeds;
-    while ((tp->speed != -1) && (tp->value < out))
-	tp++;
-    *ospeed = tp->speed;
-#else	/* DECODE_BAUD */
-	*ispeed = in;
-	*ospeed = out;
-#endif	/* DECODE_BAUD */
-}
-
-    int
-TerminalWindowSize(rows, cols)
-    long *rows, *cols;
-{
-#ifdef	TIOCGWINSZ
-    struct winsize ws;
-
-    if (ioctl(fileno(stdin), TIOCGWINSZ, (char *)&ws) >= 0) {
-	*rows = ws.ws_row;
-	*cols = ws.ws_col;
-	return 1;
-    }
-#endif	/* TIOCGWINSZ */
-    return 0;
-}
-
-    int
-NetClose(fd)
-    int	fd;
-{
-    return close(fd);
-}
-
-
-    void
-NetNonblockingIO(fd, onoff)
-    int fd;
-    int onoff;
-{
-    ioctl(fd, FIONBIO, (char *)&onoff);
-}
-
-#if	defined(TN3270)
-    void
-NetSigIO(fd, onoff)
-    int fd;
-    int onoff;
-{
-    ioctl(fd, FIOASYNC, (char *)&onoff);	/* hear about input */
-}
-
-    void
-NetSetPgrp(fd)
-    int fd;
-{
-    int myPid;
-
-    myPid = getpid();
-    fcntl(fd, F_SETOWN, myPid);
-}
-#endif	/*defined(TN3270)*/
-
-/*
- * Various signal handling routines.
- */
-
-    /* ARGSUSED */
-    SIG_FUNC_RET
-deadpeer(sig)
-    int sig;
-{
-	setcommandmode();
-	longjmp(peerdied, -1);
-}
-
-    /* ARGSUSED */
-    SIG_FUNC_RET
-intr(sig)
-    int sig;
-{
-    if (localchars) {
-	intp();
-	return;
-    }
-    setcommandmode();
-    longjmp(toplevel, -1);
-}
-
-    /* ARGSUSED */
-    SIG_FUNC_RET
-intr2(sig)
-    int sig;
-{
-    if (localchars) {
-#ifdef	KLUDGELINEMODE
-	if (kludgelinemode)
-	    sendbrk();
-	else
-#endif
-	    sendabort();
-	return;
-    }
-}
-
-#ifdef	SIGTSTP
-    /* ARGSUSED */
-    SIG_FUNC_RET
-susp(sig)
-    int sig;
-{
-    if ((rlogin != _POSIX_VDISABLE) && rlogin_susp())
-	return;
-    if (localchars)
-	sendsusp();
-}
-#endif
-
-#ifdef	SIGWINCH
-    /* ARGSUSED */
-    SIG_FUNC_RET
-sendwin(sig)
-    int sig;
-{
-    if (connected) {
-	sendnaws();
-    }
-}
-#endif
-
-#ifdef	SIGINFO
-    /* ARGSUSED */
-    SIG_FUNC_RET
-ayt(sig)
-    int sig;
-{
-    if (connected)
-	sendayt();
-    else
-	ayt_status();
-}
-#endif
-
-
-    void
-sys_telnet_init()
-{
-    (void) signal(SIGINT, intr);
-    (void) signal(SIGQUIT, intr2);
-    (void) signal(SIGPIPE, deadpeer);
-#ifdef	SIGWINCH
-    (void) signal(SIGWINCH, sendwin);
-#endif
-#ifdef	SIGTSTP
-    (void) signal(SIGTSTP, susp);
-#endif
-#ifdef	SIGINFO
-    (void) signal(SIGINFO, ayt);
-#endif
-
-    setconnmode(0);
-
-    NetNonblockingIO(net, 1);
-
-#if	defined(TN3270)
-    if (noasynchnet == 0) {			/* DBX can't handle! */
-	NetSigIO(net, 1);
-	NetSetPgrp(net);
-    }
-#endif	/* defined(TN3270) */
-
-#if	defined(SO_OOBINLINE)
-    if (SetSockOpt(net, SOL_SOCKET, SO_OOBINLINE, 1) == -1) {
-	perror("SetSockOpt");
-    }
-#endif	/* defined(SO_OOBINLINE) */
-}
-
-/*
- * Process rings -
- *
- *	This routine tries to fill up/empty our various rings.
- *
- *	The parameter specifies whether this is a poll operation,
- *	or a block-until-something-happens operation.
- *
- *	The return value is 1 if something happened, 0 if not.
- */
-
-    int
-process_rings(netin, netout, netex, ttyin, ttyout, poll)
-    int poll;		/* If 0, then block until something to do */
-{
-    register int c;
-		/* One wants to be a bit careful about setting returnValue
-		 * to one, since a one implies we did some useful work,
-		 * and therefore probably won't be called to block next
-		 * time (TN3270 mode only).
-		 */
-    int returnValue = 0;
-    static struct timeval TimeValue = { 0 };
-
-    if (netout) {
-	FD_SET(net, &obits);
-    }
-    if (ttyout) {
-	FD_SET(tout, &obits);
-    }
-#if	defined(TN3270)
-    if (ttyin) {
-	FD_SET(tin, &ibits);
-    }
-#else	/* defined(TN3270) */
-    if (ttyin) {
-	FD_SET(tin, &ibits);
-    }
-#endif	/* defined(TN3270) */
-#if	defined(TN3270)
-    if (netin) {
-	FD_SET(net, &ibits);
-    }
-#   else /* !defined(TN3270) */
-    if (netin) {
-	FD_SET(net, &ibits);
-    }
-#   endif /* !defined(TN3270) */
-    if (netex) {
-	FD_SET(net, &xbits);
-    }
-    if ((c = select(16, &ibits, &obits, &xbits,
-			(poll == 0)? (struct timeval *)0 : &TimeValue)) < 0) {
-	if (c == -1) {
-		    /*
-		     * we can get EINTR if we are in line mode,
-		     * and the user does an escape (TSTP), or
-		     * some other signal generator.
-		     */
-	    if (errno == EINTR) {
-		return 0;
-	    }
-#	    if defined(TN3270)
-		    /*
-		     * we can get EBADF if we were in transparent
-		     * mode, and the transcom process died.
-		    */
-	    if (errno == EBADF) {
-			/*
-			 * zero the bits (even though kernel does it)
-			 * to make sure we are selecting on the right
-			 * ones.
-			*/
-		FD_ZERO(&ibits);
-		FD_ZERO(&obits);
-		FD_ZERO(&xbits);
-		return 0;
-	    }
-#	    endif /* defined(TN3270) */
-		    /* I don't like this, does it ever happen? */
-	    printf("sleep(5) from telnet, after select\r\n");
-	    sleep(5);
-	}
-	return 0;
-    }
-
-    /*
-     * Any urgent data?
-     */
-    if (FD_ISSET(net, &xbits)) {
-	FD_CLR(net, &xbits);
-	SYNCHing = 1;
-	(void) ttyflush(1);	/* flush already enqueued data */
-    }
-
-    /*
-     * Something to read from the network...
-     */
-    if (FD_ISSET(net, &ibits)) {
-	int canread;
-
-	FD_CLR(net, &ibits);
-	canread = ring_empty_consecutive(&netiring);
-#if	!defined(SO_OOBINLINE)
-	    /*
-	     * In 4.2 (and some early 4.3) systems, the
-	     * OOB indication and data handling in the kernel
-	     * is such that if two separate TCP Urgent requests
-	     * come in, one byte of TCP data will be overlaid.
-	     * This is fatal for Telnet, but we try to live
-	     * with it.
-	     *
-	     * In addition, in 4.2 (and...), a special protocol
-	     * is needed to pick up the TCP Urgent data in
-	     * the correct sequence.
-	     *
-	     * What we do is:  if we think we are in urgent
-	     * mode, we look to see if we are "at the mark".
-	     * If we are, we do an OOB receive.  If we run
-	     * this twice, we will do the OOB receive twice,
-	     * but the second will fail, since the second
-	     * time we were "at the mark", but there wasn't
-	     * any data there (the kernel doesn't reset
-	     * "at the mark" until we do a normal read).
-	     * Once we've read the OOB data, we go ahead
-	     * and do normal reads.
-	     *
-	     * There is also another problem, which is that
-	     * since the OOB byte we read doesn't put us
-	     * out of OOB state, and since that byte is most
-	     * likely the TELNET DM (data mark), we would
-	     * stay in the TELNET SYNCH (SYNCHing) state.
-	     * So, clocks to the rescue.  If we've "just"
-	     * received a DM, then we test for the
-	     * presence of OOB data when the receive OOB
-	     * fails (and AFTER we did the normal mode read
-	     * to clear "at the mark").
-	     */
-	if (SYNCHing) {
-	    int atmark;
-	    static int bogus_oob = 0, first = 1;
-
-	    ioctl(net, SIOCATMARK, (char *)&atmark);
-	    if (atmark) {
-		c = recv(net, netiring.supply, canread, MSG_OOB);
-		if ((c == -1) && (errno == EINVAL)) {
-		    c = recv(net, netiring.supply, canread, 0);
-		    if (clocks.didnetreceive < clocks.gotDM) {
-			SYNCHing = stilloob(net);
-		    }
-		} else if (first && c > 0) {
-		    /*
-		     * Bogosity check.  Systems based on 4.2BSD
-		     * do not return an error if you do a second
-		     * recv(MSG_OOB).  So, we do one.  If it
-		     * succeeds and returns exactly the same
-		     * data, then assume that we are running
-		     * on a broken system and set the bogus_oob
-		     * flag.  (If the data was different, then
-		     * we probably got some valid new data, so
-		     * increment the count...)
-		     */
-		    int i;
-		    i = recv(net, netiring.supply + c, canread - c, MSG_OOB);
-		    if (i == c &&
-			 memcmp(netiring.supply, netiring.supply + c, i) == 0) {
-			bogus_oob = 1;
-			first = 0;
-		    } else if (i < 0) {
-			bogus_oob = 0;
-			first = 0;
-		    } else
-			c += i;
-		}
-		if (bogus_oob && c > 0) {
-		    int i;
-		    /*
-		     * Bogosity.  We have to do the read
-		     * to clear the atmark to get out of
-		     * an infinate loop.
-		     */
-		    i = read(net, netiring.supply + c, canread - c);
-		    if (i > 0)
-			c += i;
-		}
-	    } else {
-		c = recv(net, netiring.supply, canread, 0);
-	    }
-	} else {
-	    c = recv(net, netiring.supply, canread, 0);
-	}
-	settimer(didnetreceive);
-#else	/* !defined(SO_OOBINLINE) */
-	c = recv(net, (char *)netiring.supply, canread, 0);
-#endif	/* !defined(SO_OOBINLINE) */
-	if (c < 0 && errno == EWOULDBLOCK) {
-	    c = 0;
-	} else if (c <= 0) {
-	    return -1;
-	}
-	if (netdata) {
-	    Dump('<', netiring.supply, c);
-	}
-	if (c)
-	    ring_supplied(&netiring, c);
-	returnValue = 1;
-    }
-
-    /*
-     * Something to read from the tty...
-     */
-    if (FD_ISSET(tin, &ibits)) {
-	FD_CLR(tin, &ibits);
-	c = TerminalRead(ttyiring.supply, ring_empty_consecutive(&ttyiring));
-	if (c < 0 && errno == EIO)
-	    c = 0;
-	if (c < 0 && errno == EWOULDBLOCK) {
-	    c = 0;
-	} else {
-	    /* EOF detection for line mode!!!! */
-	    if ((c == 0) && MODE_LOCAL_CHARS(globalmode) && isatty(tin)) {
-			/* must be an EOF... */
-		*ttyiring.supply = termEofChar;
-		c = 1;
-	    }
-	    if (c <= 0) {
-		return -1;
-	    }
-	    if (termdata) {
-		Dump('<', ttyiring.supply, c);
-	    }
-	    ring_supplied(&ttyiring, c);
-	}
-	returnValue = 1;		/* did something useful */
-    }
-
-    if (FD_ISSET(net, &obits)) {
-	FD_CLR(net, &obits);
-	returnValue |= netflush();
-    }
-    if (FD_ISSET(tout, &obits)) {
-	FD_CLR(tout, &obits);
-	returnValue |= (ttyflush(SYNCHing|flushout) > 0);
-    }
-
-    return returnValue;
-}
diff --git a/secure/usr.bin/telnet/telnet.1 b/secure/usr.bin/telnet/telnet.1
deleted file mode 100644
index b996fea3b2b4..000000000000
--- a/secure/usr.bin/telnet/telnet.1
+++ /dev/null
@@ -1,1366 +0,0 @@
-.\" Copyright (c) 1983, 1990, 1993
-.\"	The Regents of the University of California.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\"    must display the following acknowledgement:
-.\"	This product includes software developed by the University of
-.\"	California, Berkeley and its contributors.
-.\" 4. Neither the name of the University nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\"	@(#)telnet.1	8.6 (Berkeley) 6/1/94
-.\"
-.Dd June 1, 1994
-.Dt TELNET 1
-.Os BSD 4.2
-.Sh NAME
-.Nm telnet
-.Nd user interface to the 
-.Tn TELNET
-protocol
-.Sh SYNOPSIS
-.Nm telnet
-.Op Fl 8EFKLacdfrx
-.Op Fl S Ar tos
-.Op Fl X Ar authtype
-.Op Fl e Ar escapechar
-.Op Fl k Ar realm
-.Op Fl l Ar user
-.Op Fl n Ar tracefile
-.Oo
-.Ar host
-.Op port
-.Oc
-.Sh DESCRIPTION
-The
-.Nm telnet
-command
-is used to communicate with another host using the 
-.Tn TELNET
-protocol.
-If
-.Nm telnet
-is invoked without the
-.Ar host
-argument, it enters command mode,
-indicated by its prompt
-.Pq Nm telnet\&> .
-In this mode, it accepts and executes the commands listed below.
-If it is invoked with arguments, it performs an
-.Ic open
-command with those arguments.
-.Pp
-Options:
-.Bl -tag -width indent
-.It Fl 8
-Specifies an 8-bit data path.  This causes an attempt to
-negotiate the
-.Dv TELNET BINARY
-option on both input and output.
-.It Fl E
-Stops any character from being recognized as an escape character.
-.It Fl F
-If Kerberos V5 authentication is being used, the
-.Fl F
-option allows the local credentials to be forwarded
-to the remote system, including any credentials that
-have already been forwarded into the local environment.
-.It Fl K
-Specifies no automatic login to the remote system.
-.It Fl L
-Specifies an 8-bit data path on output.  This causes the
-BINARY option to be negotiated on output.
-.It Fl S Ar tos
-Sets the IP type-of-service (TOS) option for the telnet
-connection to the value
-.Ar tos,
-which can be a numeric TOS value
-or, on systems that support it, a symbolic
-TOS name found in the /etc/iptos file.
-.It Fl X Ar atype 
-Disables the
-.Ar atype
-type of authentication.
-.It Fl a
-Attempt automatic login.
-Currently, this sends the user name via the
-.Ev USER
-variable
-of the
-.Ev ENVIRON
-option if supported by the remote system.
-The name used is that of the current user as returned by
-.Xr getlogin 2
-if it agrees with the current user ID,
-otherwise it is the name associated with the user ID.
-.It Fl c
-Disables the reading of the user's
-.Pa \&.telnetrc
-file.  (See the
-.Ic toggle skiprc
-command on this man page.)
-.It Fl d
-Sets the initial value of the
-.Ic debug
-toggle to
-.Dv TRUE
-.It Fl e Ar escape char 
-Sets the initial
-.Nm
-.Nm telnet
-escape character to
-.Ar escape char.
-If
-.Ar escape char
-is omitted, then
-there will be no escape character.
-.It Fl f
-If Kerberos V5 authentication is being used, the
-.Fl f
-option allows the local credentials to be forwarded to the remote system.
-.ne 1i
-.It Fl k Ar realm
-If Kerberos authentication is being used, the
-.Fl k
-option requests that telnet obtain tickets for the remote host in
-realm realm instead of the remote host's realm, as determined
-by
-.Xr krb_realmofhost 3 .
-.It Fl l Ar user 
-When connecting to the remote system, if the remote system
-understands the
-.Ev ENVIRON
-option, then
-.Ar user
-will be sent to the remote system as the value for the variable USER.
-This option implies the
-.Fl a
-option.
-This option may also be used with the
-.Ic open
-command.
-.It Fl n Ar tracefile 
-Opens
-.Ar tracefile
-for recording trace information.
-See the
-.Ic set tracefile
-command below.
-.It Fl r
-Specifies a user interface similar to
-.Xr rlogin 1 .
-In this
-mode, the escape character is set to the tilde (~) character,
-unless modified by the -e option.
-.It Fl x
-Turns on encryption of the data stream if possible.  This
-option is not available outside of the United States and
-Canada.
-.It Ar host
-Indicates the official name, an alias, or the Internet address
-of a remote host.
-.It Ar port
-Indicates a port number (address of an application).  If a number is
-not specified, the default
-.Nm telnet
-port is used.
-.El
-.Pp
-When in rlogin mode, a line of the form ~.  disconnects from the
-remote host; ~ is the telnet escape character.
-Similarly, the line ~^Z suspends the telnet session.
-The line ~^] escapes to the normal telnet escape prompt.
-.Pp
-Once a connection has been opened,
-.Nm telnet
-will attempt to enable the
-.Dv TELNET LINEMODE
-option.
-If this fails, then
-.Nm telnet
-will revert to one of two input modes:
-either \*(Lqcharacter at a time\*(Rq
-or \*(Lqold line by line\*(Rq
-depending on what the remote system supports.
-.Pp
-When 
-.Dv LINEMODE
-is enabled, character processing is done on the
-local system, under the control of the remote system.  When input
-editing or character echoing is to be disabled, the remote system
-will relay that information.  The remote system will also relay
-changes to any special characters that happen on the remote
-system, so that they can take effect on the local system.
-.Pp
-In \*(Lqcharacter at a time\*(Rq mode, most
-text typed is immediately sent to the remote host for processing.
-.Pp
-In \*(Lqold line by line\*(Rq mode, all text is echoed locally,
-and (normally) only completed lines are sent to the remote host.
-The \*(Lqlocal echo character\*(Rq (initially \*(Lq^E\*(Rq) may be used
-to turn off and on the local echo
-(this would mostly be used to enter passwords
-without the password being echoed).
-.Pp
-If the 
-.Dv LINEMODE
-option is enabled, or if the
-.Ic localchars
-toggle is
-.Dv TRUE
-(the default for \*(Lqold line by line\*(Lq; see below),
-the user's
-.Ic quit  ,
-.Ic intr ,
-and
-.Ic flush
-characters are trapped locally, and sent as
-.Tn TELNET
-protocol sequences to the remote side.
-If 
-.Dv LINEMODE
-has ever been enabled, then the user's
-.Ic susp
-and
-.Ic eof
-are also sent as
-.Tn TELNET
-protocol sequences,
-and
-.Ic quit
-is sent as a 
-.Dv TELNET ABORT
-instead of 
-.Dv BREAK
-There are options (see
-.Ic toggle
-.Ic autoflush
-and
-.Ic toggle
-.Ic autosynch
-below)
-which cause this action to flush subsequent output to the terminal
-(until the remote host acknowledges the
-.Tn TELNET
-sequence) and flush previous terminal input
-(in the case of
-.Ic quit
-and
-.Ic intr  ) .
-.Pp
-While connected to a remote host,
-.Nm telnet
-command mode may be entered by typing the
-.Nm telnet
-\*(Lqescape character\*(Rq (initially \*(Lq^]\*(Rq).
-When in command mode, the normal terminal editing conventions are available.
-.Pp
-The following
-.Nm telnet
-commands are available.
-Only enough of each command to uniquely identify it need be typed
-(this is also true for arguments to the
-.Ic mode  ,
-.Ic set ,
-.Ic toggle  ,
-.Ic unset ,
-.Ic slc  ,
-.Ic environ ,
-and
-.Ic display
-commands).
-.Pp
-.Bl -tag -width "mode type"
-.It Ic auth Ar argument ... 
-The auth command manipulates the information sent through the
-.Dv TELNET AUTHENTICATE
-option.  Valid arguments for the
-auth command are as follows:
-.Bl -tag -width "disable type"
-.It Ic disable Ar type
-Disables the specified type of authentication.  To
-obtain a list of available types, use the
-.Ic auth disable \&?
-command.
-.It Ic enable Ar type
-Enables the specified type of authentication.  To
-obtain a list of available types, use the
-.Ic auth enable \&?
-command.
-.It Ic status
-Lists the current status of the various types of
-authentication.
-.El
-.It Ic close
-Close a
-.Tn TELNET
-session and return to command mode.
-.It Ic display Ar argument ... 
-Displays all, or some, of the
-.Ic set
-and
-.Ic toggle
-values (see below).
-.It Ic encrypt Ar argument ...
-The encrypt command manipulates the information sent through the
-.Dv TELNET ENCRYPT
-option.
-.Pp
-Note:  Because of export controls, the
-.Dv TELNET ENCRYPT
-option is not supported outside of the United States and Canada.
-.Pp
-Valid arguments for the encrypt command are as follows:
-.Bl -tag -width Ar
-.It Ic disable Ar type Ic [input|output]
-Disables the specified type of encryption.  If you
-omit the input and output, both input and output
-are disabled.  To obtain a list of available
-types, use the
-.Ic encrypt disable \&?
-command.
-.It Ic enable Ar type Ic [input|output]
-Enables the specified type of encryption.  If you
-omit input and output, both input and output are
-enabled.  To obtain a list of available types, use the
-.Ic encrypt enable \&?
-command.
-.It Ic input
-This is the same as the
-.Ic encrypt start input
-command.
-.It Ic -input
-This is the same as the
-.Ic encrypt stop input
-command.
-.It Ic output
-This is the same as the
-.Ic encrypt start output
-command.
-.It Ic -output
-This is the same as the
-.Ic encrypt stop output
-command.
-.It Ic start Ic [input|output]
-Attempts to start encryption.  If you omit
-.Ic input
-and
-.Ic output,
-both input and output are enabled.  To
-obtain a list of available types, use the
-.Ic encrypt enable \&?
-command.
-.It Ic status
-Lists the current status of encryption.
-.It Ic stop Ic [input|output]
-Stops encryption.  If you omit input and output,
-encryption is on both input and output.
-.It Ic type Ar type
-Sets the default type of encryption to be used
-with later
-.Ic encrypt start
-or
-.Ic encrypt stop
-commands.
-.El
-.It Ic environ Ar arguments... 
-The
-.Ic environ
-command is used to manipulate the
-the variables that my be sent through the
-.Dv TELNET ENVIRON
-option.
-The initial set of variables is taken from the users
-environment, with only the
-.Ev DISPLAY
-and
-.Ev PRINTER
-variables being exported by default.
-The
-.Ev USER
-variable is also exported if the
-.Fl a
-or
-.Fl l
-options are used.
-.br
-Valid arguments for the
-.Ic environ
-command are:
-.Bl -tag -width Fl
-.It Ic define Ar variable value 
-Define the variable
-.Ar variable
-to have a value of
-.Ar value.
-Any variables defined by this command are automatically exported.
-The
-.Ar value
-may be enclosed in single or double quotes so
-that tabs and spaces may be included.
-.It Ic undefine Ar variable 
-Remove
-.Ar variable
-from the list of environment variables.
-.It Ic export Ar variable 
-Mark the variable
-.Ar variable
-to be exported to the remote side.
-.It Ic unexport Ar variable 
-Mark the variable
-.Ar variable
-to not be exported unless
-explicitly asked for by the remote side.
-.It Ic list
-List the current set of environment variables.
-Those marked with a
-.Cm *
-will be sent automatically,
-other variables will only be sent if explicitly requested.
-.It Ic \&?
-Prints out help information for the
-.Ic environ
-command.
-.El
-.It Ic logout
-Sends the
-.Dv TELNET LOGOUT
-option to the remote side.
-This command is similar to a
-.Ic close
-command; however, if the remote side does not support the
-.Dv LOGOUT
-option, nothing happens.
-If, however, the remote side does support the
-.Dv LOGOUT
-option, this command should cause the remote side to close the
-.Tn TELNET
-connection.
-If the remote side also supports the concept of
-suspending a user's session for later reattachment,
-the logout argument indicates that you
-should terminate the session immediately.
-.It Ic mode Ar type 
-.Ar Type
-is one of several options, depending on the state of the
-.Tn TELNET
-session.
-The remote host is asked for permission to go into the requested mode.
-If the remote host is capable of entering that mode, the requested
-mode will be entered.
-.Bl -tag -width Ar
-.It Ic character
-Disable the
-.Dv TELNET LINEMODE
-option, or, if the remote side does not understand the
-.Dv LINEMODE
-option, then enter \*(Lqcharacter at a time\*(Lq mode.
-.It Ic line
-Enable the
-.Dv TELNET LINEMODE
-option, or, if the remote side does not understand the
-.Dv LINEMODE
-option, then attempt to enter \*(Lqold-line-by-line\*(Lq mode.
-.It Ic isig Pq Ic \-isig 
-Attempt to enable (disable) the 
-.Dv TRAPSIG
-mode of the 
-.Dv LINEMODE
-option.
-This requires that the 
-.Dv LINEMODE
-option be enabled.
-.It Ic edit Pq Ic \-edit 
-Attempt to enable (disable) the 
-.Dv EDIT
-mode of the 
-.Dv LINEMODE
-option.
-This requires that the 
-.Dv LINEMODE
-option be enabled.
-.It Ic softtabs Pq Ic \-softtabs 
-Attempt to enable (disable) the 
-.Dv SOFT_TAB
-mode of the 
-.Dv LINEMODE
-option.
-This requires that the 
-.Dv LINEMODE
-option be enabled.
-.ne 1i
-.It Ic litecho Pq Ic \-litecho 
-Attempt to enable (disable) the 
-.Dv LIT_ECHO
-mode of the 
-.Dv LINEMODE
-option.
-This requires that the 
-.Dv LINEMODE
-option be enabled.
-.It Ic \&?
-Prints out help information for the
-.Ic mode
-command.
-.El
-.It Xo
-.Ic open Ar host
-.Oo Op Fl l
-.Ar user
-.Oc Ns Oo Fl
-.Ar port Oc
-.Xc
-Open a connection to the named host.
-If no port number
-is specified,
-.Nm telnet
-will attempt to contact a
-.Tn TELNET
-server at the default port.
-The host specification may be either a host name (see
-.Xr hosts  5  )
-or an Internet address specified in the \*(Lqdot notation\*(Rq (see
-.Xr inet 3 ) .
-The
-.Op Fl l
-option may be used to specify the user name
-to be passed to the remote system via the
-.Ev ENVIRON
-option.
-When connecting to a non-standard port,
-.Nm telnet
-omits any automatic initiation of
-.Tn TELNET
-options.  When the port number is preceded by a minus sign,
-the initial option negotiation is done.
-After establishing a connection, the file
-.Pa \&.telnetrc
-in the
-users home directory is opened.  Lines beginning with a # are
-comment lines.  Blank lines are ignored.  Lines that begin
-without white space are the start of a machine entry.  The
-first thing on the line is the name of the machine that is
-being connected to.  The rest of the line, and successive
-lines that begin with white space are assumed to be
-.Nm telnet
-commands and are processed as if they had been typed
-in manually to the
-.Nm telnet
-command prompt.
-.It Ic quit
-Close any open
-.Tn TELNET
-session and exit
-.Nm telnet  .
-An end of file (in command mode) will also close a session and exit.
-.It Ic send Ar arguments 
-Sends one or more special character sequences to the remote host.
-The following are the arguments which may be specified
-(more than one argument may be specified at a time):
-.Pp
-.Bl -tag -width escape
-.It Ic abort
-Sends the
-.Dv TELNET ABORT
-(Abort
-processes)
-sequence.
-.It Ic ao
-Sends the
-.Dv TELNET AO
-(Abort Output) sequence, which should cause the remote system to flush
-all output
-.Em from
-the remote system
-.Em to
-the user's terminal.
-.It Ic ayt
-Sends the
-.Dv TELNET AYT
-(Are You There)
-sequence, to which the remote system may or may not choose to respond.
-.It Ic brk
-Sends the
-.Dv TELNET BRK
-(Break) sequence, which may have significance to the remote
-system.
-.It Ic ec
-Sends the
-.Dv TELNET EC
-(Erase Character)
-sequence, which should cause the remote system to erase the last character
-entered.
-.It Ic el
-Sends the
-.Dv TELNET EL
-(Erase Line)
-sequence, which should cause the remote system to erase the line currently
-being entered.
-.It Ic eof
-Sends the
-.Dv TELNET EOF
-(End Of File)
-sequence.
-.It Ic eor
-Sends the
-.Dv TELNET EOR
-(End of Record)
-sequence.
-.It Ic escape
-Sends the current
-.Nm telnet
-escape character (initially \*(Lq^\*(Rq).
-.It Ic ga
-Sends the
-.Dv TELNET GA
-(Go Ahead)
-sequence, which likely has no significance to the remote system.
-.It Ic getstatus
-If the remote side supports the
-.Dv TELNET STATUS
-command,
-.Ic getstatus
-will send the subnegotiation to request that the server send
-its current option status.
-.ne 1i
-.It Ic ip
-Sends the
-.Dv TELNET IP
-(Interrupt Process) sequence, which should cause the remote
-system to abort the currently running process.
-.It Ic nop
-Sends the
-.Dv TELNET NOP
-(No OPeration)
-sequence.
-.It Ic susp
-Sends the
-.Dv TELNET SUSP
-(SUSPend process)
-sequence.
-.It Ic synch
-Sends the
-.Dv TELNET SYNCH
-sequence.
-This sequence causes the remote system to discard all previously typed
-(but not yet read) input.
-This sequence is sent as
-.Tn TCP
-urgent
-data (and may not work if the remote system is a
-.Bx 4.2
-system -- if
-it doesn't work, a lower case \*(Lqr\*(Rq may be echoed on the terminal).
-.It Ic do Ar cmd
-.It Ic dont Ar cmd
-.It Ic will Ar cmd
-.It Ic wont Ar cmd
-Sends the
-.Dv TELNET DO
-.Ar cmd
-sequence.
-.Ar Cmd
-can be either a decimal number between 0 and 255,
-or a symbolic name for a specific
-.Dv TELNET
-command.
-.Ar Cmd
-can also be either
-.Ic help
-or
-.Ic \&?
-to print out help information, including
-a list of known symbolic names.
-.It Ic \&?
-Prints out help information for the
-.Ic send
-command.
-.El
-.It Ic set Ar argument value 
-.It Ic unset Ar argument value 
-The
-.Ic set
-command will set any one of a number of
-.Nm telnet
-variables to a specific value or to
-.Dv TRUE .
-The special value
-.Ic off
-turns off the function associated with
-the variable, this is equivalent to using the
-.Ic unset
-command.
-The
-.Ic unset
-command will disable or set to
-.Dv FALSE
-any of the specified functions.
-The values of variables may be interrogated with the
-.Ic display
-command.
-The variables which may be set or unset, but not toggled, are
-listed here.  In addition, any of the variables for the
-.Ic toggle
-command may be explicitly set or unset using
-the
-.Ic set
-and
-.Ic unset
-commands.
-.Bl -tag -width escape
-.It Ic ayt
-If
-.Tn TELNET
-is in localchars mode, or
-.Dv LINEMODE
-is enabled, and the status character is typed, a
-.Dv TELNET AYT
-sequence (see
-.Ic send ayt
-preceding) is sent to the
-remote host.  The initial value for the "Are You There"
-character is the terminal's status character.
-.It Ic echo
-This is the value (initially \*(Lq^E\*(Rq) which, when in
-\*(Lqline by line\*(Rq mode, toggles between doing local echoing
-of entered characters (for normal processing), and suppressing
-echoing of entered characters (for entering, say, a password).
-.It Ic eof
-If
-.Nm telnet
-is operating in
-.Dv LINEMODE
-or \*(Lqold line by line\*(Rq mode, entering this character
-as the first character on a line will cause this character to be
-sent to the remote system.
-The initial value of the eof character is taken to be the terminal's
-.Ic eof
-character.
-.It Ic erase
-If
-.Nm telnet
-is in
-.Ic localchars
-mode (see
-.Ic toggle
-.Ic localchars
-below),
-.Sy and
-if
-.Nm telnet
-is operating in \*(Lqcharacter at a time\*(Rq mode, then when this
-character is typed, a
-.Dv TELNET EC
-sequence (see
-.Ic send
-.Ic ec
-above)
-is sent to the remote system.
-The initial value for the erase character is taken to be
-the terminal's
-.Ic erase
-character.
-.It Ic escape
-This is the
-.Nm telnet
-escape character (initially \*(Lq^[\*(Rq) which causes entry
-into
-.Nm telnet
-command mode (when connected to a remote system).
-.It Ic flushoutput
-If
-.Nm telnet
-is in
-.Ic localchars
-mode (see
-.Ic toggle
-.Ic localchars
-below)
-and the
-.Ic flushoutput
-character is typed, a
-.Dv TELNET AO
-sequence (see
-.Ic send
-.Ic ao
-above)
-is sent to the remote host.
-The initial value for the flush character is taken to be
-the terminal's
-.Ic flush
-character.
-.It Ic forw1
-.It Ic forw2
-If
-.Tn TELNET
-is operating in
-.Dv LINEMODE ,
-these are the
-characters that, when typed, cause partial lines to be
-forwarded to the remote system.  The initial value for
-the forwarding characters are taken from the terminal's
-eol and eol2 characters.
-.It Ic interrupt
-If
-.Nm telnet
-is in
-.Ic localchars
-mode (see
-.Ic toggle
-.Ic localchars
-below)
-and the
-.Ic interrupt
-character is typed, a
-.Dv TELNET IP
-sequence (see
-.Ic send
-.Ic ip
-above)
-is sent to the remote host.
-The initial value for the interrupt character is taken to be
-the terminal's
-.Ic intr
-character.
-.It Ic kill
-If
-.Nm telnet
-is in
-.Ic localchars
-mode (see
-.Ic toggle
-.Ic localchars
-below),
-.Ic and
-if
-.Nm telnet
-is operating in \*(Lqcharacter at a time\*(Rq mode, then when this
-character is typed, a
-.Dv TELNET EL
-sequence (see
-.Ic send
-.Ic el
-above)
-is sent to the remote system.
-The initial value for the kill character is taken to be
-the terminal's
-.Ic kill
-character.
-.It Ic lnext
-If
-.Nm telnet
-is operating in
-.Dv LINEMODE
-or \*(Lqold line by line\*(Lq mode, then this character is taken to
-be the terminal's
-.Ic lnext
-character.
-The initial value for the lnext character is taken to be
-the terminal's
-.Ic lnext
-character.
-.It Ic quit
-If
-.Nm telnet
-is in
-.Ic localchars
-mode (see
-.Ic toggle
-.Ic localchars
-below)
-and the
-.Ic quit
-character is typed, a
-.Dv TELNET BRK
-sequence (see
-.Ic send
-.Ic brk
-above)
-is sent to the remote host.
-The initial value for the quit character is taken to be
-the terminal's
-.Ic quit
-character.
-.It Ic reprint
-If
-.Nm telnet
-is operating in
-.Dv LINEMODE
-or \*(Lqold line by line\*(Lq mode, then this character is taken to
-be the terminal's
-.Ic reprint
-character.
-The initial value for the reprint character is taken to be
-the terminal's
-.Ic reprint
-character.
-.It Ic rlogin
-This is the rlogin escape character.
-If set, the normal
-.Tn TELNET
-escape character is ignored unless it is
-preceded by this character at the beginning of a line.
-This character, at the beginning of a line followed by
-a "."  closes the connection; when followed by a ^Z it
-suspends the telnet command.  The initial state is to
-disable the rlogin escape character.
-.It Ic start
-If the
-.Dv TELNET TOGGLE-FLOW-CONTROL
-option has been enabled,
-then this character is taken to
-be the terminal's
-.Ic start
-character.
-The initial value for the kill character is taken to be
-the terminal's
-.Ic start
-character.
-.It Ic stop
-If the
-.Dv TELNET TOGGLE-FLOW-CONTROL
-option has been enabled,
-then this character is taken to
-be the terminal's
-.Ic stop
-character.
-The initial value for the kill character is taken to be
-the terminal's
-.Ic stop
-character.
-.It Ic susp
-If
-.Nm telnet
-is in
-.Ic localchars
-mode, or
-.Dv LINEMODE
-is enabled, and the
-.Ic suspend
-character is typed, a
-.Dv TELNET SUSP
-sequence (see
-.Ic send
-.Ic susp
-above)
-is sent to the remote host.
-The initial value for the suspend character is taken to be
-the terminal's
-.Ic suspend
-character.
-.ne 1i
-.It Ic tracefile
-This is the file to which the output, caused by
-.Ic netdata
-or
-.Ic option
-tracing being
-.Dv TRUE ,
-will be written.  If it is set to
-.Dq Fl ,
-then tracing information will be written to standard output (the default).
-.It Ic worderase
-If
-.Nm telnet
-is operating in
-.Dv LINEMODE
-or \*(Lqold line by line\*(Lq mode, then this character is taken to
-be the terminal's
-.Ic worderase
-character.
-The initial value for the worderase character is taken to be
-the terminal's
-.Ic worderase
-character.
-.It Ic \&?
-Displays the legal
-.Ic set
-.Pq Ic unset
-commands.
-.El
-.It Ic slc Ar state 
-The
-.Ic slc
-command (Set Local Characters) is used to set
-or change the state of the the special
-characters when the 
-.Dv TELNET LINEMODE
-option has
-been enabled.  Special characters are characters that get
-mapped to 
-.Tn TELNET
-commands sequences (like
-.Ic ip
-or
-.Ic quit  )
-or line editing characters (like
-.Ic erase
-and
-.Ic kill  ) .
-By default, the local special characters are exported.
-.Bl -tag -width Fl
-.It Ic check
-Verify the current settings for the current special characters.
-The remote side is requested to send all the current special
-character settings, and if there are any discrepancies with
-the local side, the local side will switch to the remote value.
-.It Ic export
-Switch to the local defaults for the special characters.  The
-local default characters are those of the local terminal at
-the time when
-.Nm telnet
-was started.
-.It Ic import
-Switch to the remote defaults for the special characters.
-The remote default characters are those of the remote system
-at the time when the 
-.Tn TELNET
-connection was established.
-.It Ic \&?
-Prints out help information for the
-.Ic slc
-command.
-.El
-.It Ic status
-Show the current status of
-.Nm telnet  .
-This includes the peer one is connected to, as well
-as the current mode.
-.It Ic toggle Ar arguments ... 
-Toggle (between
-.Dv TRUE
-and
-.Dv FALSE )
-various flags that control how
-.Nm telnet
-responds to events.
-These flags may be set explicitly to
-.Dv TRUE
-or
-.Dv FALSE
-using the
-.Ic set
-and
-.Ic unset
-commands listed above.
-More than one argument may be specified.
-The state of these flags may be interrogated with the
-.Ic display
-command.
-Valid arguments are:
-.Bl -tag -width Ar
-.It Ic authdebug
-Turns on debugging information for the authentication code.
-.It Ic autoflush
-If
-.Ic autoflush
-and
-.Ic localchars
-are both
-.Dv TRUE ,
-then when the
-.Ic ao  ,
-or
-.Ic quit
-characters are recognized (and transformed into
-.Tn TELNET
-sequences; see
-.Ic set
-above for details),
-.Nm telnet
-refuses to display any data on the user's terminal
-until the remote system acknowledges (via a
-.Dv TELNET TIMING MARK
-option)
-that it has processed those
-.Tn TELNET
-sequences.
-The initial value for this toggle is
-.Dv TRUE
-if the terminal user had not
-done an "stty noflsh", otherwise
-.Dv FALSE
-(see
-.Xr stty  1  ) .
-.It Ic autodecrypt
-When the
-.Dv TELNET ENCRYPT
-option is negotiated, by
-default the actual encryption (decryption) of the data
-stream does not start automatically.  The autoencrypt
-(autodecrypt) command states that encryption of the
-output (input) stream should be enabled as soon as
-possible.
-.sp
-.Pp
-Note:  Because of export controls, the
-.Dv TELNET ENCRYPT
-option is not supported outside the United States and Canada.
-.It Ic autologin
-If the remote side supports the
-.Dv TELNET AUTHENTICATION
-option
-.Tn TELNET
-attempts to use it to perform automatic authentication.  If the
-.Dv AUTHENTICATION
-option is not supported, the user's login
-name are propagated through the
-.Dv TELNET ENVIRON
-option.
-This command is the same as specifying
-.Ar a
-option on the
-.Ic open
-command.
-.It Ic autosynch
-If
-.Ic autosynch
-and
-.Ic localchars
-are both
-.Dv TRUE ,
-then when either the
-.Ic intr
-or
-.Ic quit
-characters is typed (see
-.Ic set
-above for descriptions of the
-.Ic intr
-and
-.Ic quit
-characters), the resulting
-.Tn TELNET
-sequence sent is followed by the
-.Dv TELNET SYNCH
-sequence.
-This procedure
-.Ic should
-cause the remote system to begin throwing away all previously
-typed input until both of the
-.Tn TELNET
-sequences have been read and acted upon.
-The initial value of this toggle is
-.Dv FALSE .
-.It Ic binary
-Enable or disable the
-.Dv TELNET BINARY
-option on both input and output.
-.It Ic inbinary
-Enable or disable the
-.Dv TELNET BINARY
-option on input.
-.It Ic outbinary
-Enable or disable the
-.Dv TELNET BINARY
-option on output.
-.It Ic crlf
-If this is
-.Dv TRUE ,
-then carriage returns will be sent as
-.Li <CR><LF> .
-If this is
-.Dv FALSE ,
-then carriage returns will be send as
-.Li <CR><NUL> .
-The initial value for this toggle is
-.Dv FALSE .
-.It Ic crmod
-Toggle carriage return mode.
-When this mode is enabled, most carriage return characters received from
-the remote host will be mapped into a carriage return followed by
-a line feed.
-This mode does not affect those characters typed by the user, only
-those received from the remote host.
-This mode is not very useful unless the remote host
-only sends carriage return, but never line feed.
-The initial value for this toggle is
-.Dv FALSE .
-.It Ic debug
-Toggles socket level debugging (useful only to the
-.Ic super user  ) .
-The initial value for this toggle is
-.Dv FALSE .
-.It Ic encdebug
-Turns on debugging information for the encryption code.
-.It Ic localchars
-If this is
-.Dv TRUE ,
-then the
-.Ic flush  ,
-.Ic interrupt ,
-.Ic quit  ,
-.Ic erase ,
-and
-.Ic kill
-characters (see
-.Ic set
-above) are recognized locally, and transformed into (hopefully) appropriate
-.Tn TELNET
-control sequences
-(respectively
-.Ic ao  ,
-.Ic ip ,
-.Ic brk  ,
-.Ic ec ,
-and
-.Ic el  ;
-see
-.Ic send
-above).
-The initial value for this toggle is
-.Dv TRUE
-in \*(Lqold line by line\*(Rq mode,
-and
-.Dv FALSE
-in \*(Lqcharacter at a time\*(Rq mode.
-When the
-.Dv LINEMODE
-option is enabled, the value of
-.Ic localchars
-is ignored, and assumed to always be
-.Dv TRUE .
-If
-.Dv LINEMODE
-has ever been enabled, then
-.Ic quit
-is sent as
-.Ic abort  ,
-and
-.Ic eof and
-.B suspend
-are sent as
-.Ic eof and
-.Ic susp ,
-see
-.Ic send
-above).
-.It Ic netdata
-Toggles the display of all network data (in hexadecimal format).
-The initial value for this toggle is
-.Dv FALSE .
-.It Ic options
-Toggles the display of some internal
-.Nm telnet
-protocol processing (having to do with
-.Tn TELNET
-options).
-The initial value for this toggle is
-.Dv FALSE .
-.ne 1i
-.It Ic prettydump
-When the
-.Ic netdata
-toggle is enabled, if
-.Ic prettydump
-is enabled the output from the
-.Ic netdata
-command will be formatted in a more user readable format.
-Spaces are put between each character in the output, and the
-beginning of any
-.Tn TELNET
-escape sequence is preceded by a '*' to aid in locating them.
-.It Ic skiprc
-When the skiprc toggle is
-.Dv TRUE ,
-.Tn TELNET
-skips the reading of the
-.Pa \&.telnetrc
-file in the users home
-directory when connections are opened.  The initial
-value for this toggle is
-.Dv FALSE.
-.It Ic termdata
-Toggles the display of all terminal data (in hexadecimal format).
-The initial value for this toggle is
-.Dv FALSE .
-.It Ic verbose_encrypt
-When the
-.Ic verbose_encrypt
-toggle is
-.Dv TRUE ,
-.Tn TELNET
-prints out a message each time encryption is enabled or
-disabled.  The initial value for this toggle is
-.Dv FALSE.
-Note:  Because of export controls, data encryption
-is not supported outside of the United States and Canada.
-.It Ic \&?
-Displays the legal
-.Ic toggle
-commands.
-.El
-.It Ic z
-Suspend
-.Nm telnet  .
-This command only works when the user is using the
-.Xr csh  1  .
-.It Ic \&! Op Ar command 
-Execute a single command in a subshell on the local
-system.  If
-.Ic command
-is omitted, then an interactive
-subshell is invoked.
-.It Ic \&? Op Ar command 
-Get help.  With no arguments,
-.Nm telnet
-prints a help summary.
-If a command is specified,
-.Nm telnet
-will print the help information for just that command.
-.El
-.Sh ENVIRONMENT
-.Nm Telnet
-uses at least the
-.Ev HOME ,
-.Ev SHELL ,
-.Ev DISPLAY ,
-and
-.Ev TERM
-environment variables.
-Other environment variables may be propagated
-to the other side via the
-.Dv TELNET ENVIRON
-option.
-.Sh FILES
-.Bl -tag -width ~/.telnetrc -compact
-.It Pa ~/.telnetrc
-user customized telnet startup values
-.El
-.Sh HISTORY
-The
-.Nm Telnet
-command appeared in
-.Bx 4.2 .
-.Sh NOTES
-.Pp
-On some remote systems, echo has to be turned off manually when in
-\*(Lqold line by line\*(Rq mode.
-.Pp
-In \*(Lqold line by line\*(Rq mode or 
-.Dv LINEMODE
-the terminal's
-.Ic eof
-character is only recognized (and sent to the remote system)
-when it is the first character on a line.
diff --git a/secure/usr.bin/telnet/telnet.c b/secure/usr.bin/telnet/telnet.c
deleted file mode 100644
index 4402fdd3ae42..000000000000
--- a/secure/usr.bin/telnet/telnet.c
+++ /dev/null
@@ -1,2650 +0,0 @@
-/*
- * Copyright (c) 1988, 1990, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#)telnet.c	8.4 (Berkeley) 5/30/95";
-#endif /* not lint */
-
-#include <sys/types.h>
-
-#if	defined(unix)
-#include <signal.h>
-/* By the way, we need to include curses.h before telnet.h since,
- * among other things, telnet.h #defines 'DO', which is a variable
- * declared in curses.h.
- */
-#endif	/* defined(unix) */
-
-#include <arpa/telnet.h>
-
-#include <ctype.h>
-
-#include "ring.h"
-
-#include "defines.h"
-#include "externs.h"
-#include "types.h"
-#include "general.h"
-
-
-#define	strip(x) ((my_want_state_is_wont(TELOPT_BINARY)) ? ((x)&0x7f) : (x))
-
-static unsigned char	subbuffer[SUBBUFSIZE],
-			*subpointer, *subend;	 /* buffer for sub-options */
-#define	SB_CLEAR()	subpointer = subbuffer;
-#define	SB_TERM()	{ subend = subpointer; SB_CLEAR(); }
-#define	SB_ACCUM(c)	if (subpointer < (subbuffer+sizeof subbuffer)) { \
-				*subpointer++ = (c); \
-			}
-
-#define	SB_GET()	((*subpointer++)&0xff)
-#define	SB_PEEK()	((*subpointer)&0xff)
-#define	SB_EOF()	(subpointer >= subend)
-#define	SB_LEN()	(subend - subpointer)
-
-char	options[256];		/* The combined options */
-char	do_dont_resp[256];
-char	will_wont_resp[256];
-
-int
-	eight = 0,
-	autologin = 0,	/* Autologin anyone? */
-	skiprc = 0,
-	connected,
-	showoptions,
-	In3270,		/* Are we in 3270 mode? */
-	ISend,		/* trying to send network data in */
-	debug = 0,
-	crmod,
-	netdata,	/* Print out network data flow */
-	crlf,		/* Should '\r' be mapped to <CR><LF> (or <CR><NUL>)? */
-#if	defined(TN3270)
-	noasynchtty = 0,/* User specified "-noasynch" on command line */
-	noasynchnet = 0,/* User specified "-noasynch" on command line */
-	askedSGA = 0,	/* We have talked about suppress go ahead */
-#endif	/* defined(TN3270) */
-	telnetport,
-	SYNCHing,	/* we are in TELNET SYNCH mode */
-	flushout,	/* flush output */
-	autoflush = 0,	/* flush output when interrupting? */
-	autosynch,	/* send interrupt characters with SYNCH? */
-	localflow,	/* we handle flow control locally */
-	restartany,	/* if flow control enabled, restart on any character */
-	localchars,	/* we recognize interrupt/quit */
-	donelclchars,	/* the user has set "localchars" */
-	donebinarytoggle,	/* the user has put us in binary */
-	dontlecho,	/* do we suppress local echoing right now? */
-	globalmode;
-
-char *prompt = 0;
-
-cc_t escape;
-cc_t rlogin;
-#ifdef	KLUDGELINEMODE
-cc_t echoc;
-#endif
-
-/*
- * Telnet receiver states for fsm
- */
-#define	TS_DATA		0
-#define	TS_IAC		1
-#define	TS_WILL		2
-#define	TS_WONT		3
-#define	TS_DO		4
-#define	TS_DONT		5
-#define	TS_CR		6
-#define	TS_SB		7		/* sub-option collection */
-#define	TS_SE		8		/* looking for sub-option end */
-
-static int	telrcv_state;
-#ifdef	OLD_ENVIRON
-unsigned char telopt_environ = TELOPT_NEW_ENVIRON;
-#else
-# define telopt_environ TELOPT_NEW_ENVIRON
-#endif
-
-jmp_buf	toplevel = { 0 };
-jmp_buf	peerdied;
-
-int	flushline;
-int	linemode;
-
-#ifdef	KLUDGELINEMODE
-int	kludgelinemode = 1;
-#endif
-
-/*
- * The following are some clocks used to decide how to interpret
- * the relationship between various variables.
- */
-
-Clocks clocks;
-
-#ifdef	notdef
-Modelist modelist[] = {
-	{ "telnet command mode", COMMAND_LINE },
-	{ "character-at-a-time mode", 0 },
-	{ "character-at-a-time mode (local echo)", LOCAL_ECHO|LOCAL_CHARS },
-	{ "line-by-line mode (remote echo)", LINE | LOCAL_CHARS },
-	{ "line-by-line mode", LINE | LOCAL_ECHO | LOCAL_CHARS },
-	{ "line-by-line mode (local echoing suppressed)", LINE | LOCAL_CHARS },
-	{ "3270 mode", 0 },
-};
-#endif
-
-
-/*
- * Initialize telnet environment.
- */
-
-    void
-init_telnet()
-{
-    env_init();
-
-    SB_CLEAR();
-    ClearArray(options);
-
-    connected = In3270 = ISend = localflow = donebinarytoggle = 0;
-#if	defined(AUTHENTICATION) || defined(ENCRYPTION)
-    auth_encrypt_connect(connected);
-#endif	/* defined(AUTHENTICATION) || defined(ENCRYPTION)  */
-    restartany = -1;
-
-    SYNCHing = 0;
-
-    /* Don't change NetTrace */
-
-    escape = CONTROL(']');
-    rlogin = _POSIX_VDISABLE;
-#ifdef	KLUDGELINEMODE
-    echoc = CONTROL('E');
-#endif
-
-    flushline = 1;
-    telrcv_state = TS_DATA;
-}
-
-
-#ifdef	notdef
-#include <varargs.h>
-
-    /*VARARGS*/
-    static void
-printring(va_alist)
-    va_dcl
-{
-    va_list ap;
-    char buffer[100];		/* where things go */
-    char *ptr;
-    char *format;
-    char *string;
-    Ring *ring;
-    int i;
-
-    va_start(ap);
-
-    ring = va_arg(ap, Ring *);
-    format = va_arg(ap, char *);
-    ptr = buffer;
-
-    while ((i = *format++) != 0) {
-	if (i == '%') {
-	    i = *format++;
-	    switch (i) {
-	    case 'c':
-		*ptr++ = va_arg(ap, int);
-		break;
-	    case 's':
-		string = va_arg(ap, char *);
-		ring_supply_data(ring, buffer, ptr-buffer);
-		ring_supply_data(ring, string, strlen(string));
-		ptr = buffer;
-		break;
-	    case 0:
-		ExitString("printring: trailing %%.\n", 1);
-		/*NOTREACHED*/
-	    default:
-		ExitString("printring: unknown format character.\n", 1);
-		/*NOTREACHED*/
-	    }
-	} else {
-	    *ptr++ = i;
-	}
-    }
-    ring_supply_data(ring, buffer, ptr-buffer);
-}
-#endif
-
-/*
- * These routines are in charge of sending option negotiations
- * to the other side.
- *
- * The basic idea is that we send the negotiation if either side
- * is in disagreement as to what the current state should be.
- */
-
-    void
-send_do(c, init)
-    register int c, init;
-{
-    if (init) {
-	if (((do_dont_resp[c] == 0) && my_state_is_do(c)) ||
-				my_want_state_is_do(c))
-	    return;
-	set_my_want_state_do(c);
-	do_dont_resp[c]++;
-    }
-    NET2ADD(IAC, DO);
-    NETADD(c);
-    printoption("SENT", DO, c);
-}
-
-    void
-send_dont(c, init)
-    register int c, init;
-{
-    if (init) {
-	if (((do_dont_resp[c] == 0) && my_state_is_dont(c)) ||
-				my_want_state_is_dont(c))
-	    return;
-	set_my_want_state_dont(c);
-	do_dont_resp[c]++;
-    }
-    NET2ADD(IAC, DONT);
-    NETADD(c);
-    printoption("SENT", DONT, c);
-}
-
-    void
-send_will(c, init)
-    register int c, init;
-{
-    if (init) {
-	if (((will_wont_resp[c] == 0) && my_state_is_will(c)) ||
-				my_want_state_is_will(c))
-	    return;
-	set_my_want_state_will(c);
-	will_wont_resp[c]++;
-    }
-    NET2ADD(IAC, WILL);
-    NETADD(c);
-    printoption("SENT", WILL, c);
-}
-
-    void
-send_wont(c, init)
-    register int c, init;
-{
-    if (init) {
-	if (((will_wont_resp[c] == 0) && my_state_is_wont(c)) ||
-				my_want_state_is_wont(c))
-	    return;
-	set_my_want_state_wont(c);
-	will_wont_resp[c]++;
-    }
-    NET2ADD(IAC, WONT);
-    NETADD(c);
-    printoption("SENT", WONT, c);
-}
-
-
-	void
-willoption(option)
-	int option;
-{
-	int new_state_ok = 0;
-
-	if (do_dont_resp[option]) {
-	    --do_dont_resp[option];
-	    if (do_dont_resp[option] && my_state_is_do(option))
-		--do_dont_resp[option];
-	}
-
-	if ((do_dont_resp[option] == 0) && my_want_state_is_dont(option)) {
-
-	    switch (option) {
-
-	    case TELOPT_ECHO:
-#	    if defined(TN3270)
-		/*
-		 * The following is a pain in the rear-end.
-		 * Various IBM servers (some versions of Wiscnet,
-		 * possibly Fibronics/Spartacus, and who knows who
-		 * else) will NOT allow us to send "DO SGA" too early
-		 * in the setup proceedings.  On the other hand,
-		 * 4.2 servers (telnetd) won't set SGA correctly.
-		 * So, we are stuck.  Empirically (but, based on
-		 * a VERY small sample), the IBM servers don't send
-		 * out anything about ECHO, so we postpone our sending
-		 * "DO SGA" until we see "WILL ECHO" (which 4.2 servers
-		 * DO send).
-		  */
-		{
-		    if (askedSGA == 0) {
-			askedSGA = 1;
-			if (my_want_state_is_dont(TELOPT_SGA))
-			    send_do(TELOPT_SGA, 1);
-		    }
-		}
-		    /* Fall through */
-	    case TELOPT_EOR:
-#endif	    /* defined(TN3270) */
-	    case TELOPT_BINARY:
-	    case TELOPT_SGA:
-		settimer(modenegotiated);
-		/* FALL THROUGH */
-	    case TELOPT_STATUS:
-#if	defined(AUTHENTICATION)
-	    case TELOPT_AUTHENTICATION:
-#endif
-#ifdef	ENCRYPTION
-	    case TELOPT_ENCRYPT:
-#endif /* ENCRYPTION */
-		new_state_ok = 1;
-		break;
-
-	    case TELOPT_TM:
-		if (flushout)
-		    flushout = 0;
-		/*
-		 * Special case for TM.  If we get back a WILL,
-		 * pretend we got back a WONT.
-		 */
-		set_my_want_state_dont(option);
-		set_my_state_dont(option);
-		return;			/* Never reply to TM will's/wont's */
-
-	    case TELOPT_LINEMODE:
-	    default:
-		break;
-	    }
-
-	    if (new_state_ok) {
-		set_my_want_state_do(option);
-		send_do(option, 0);
-		setconnmode(0);		/* possibly set new tty mode */
-	    } else {
-		do_dont_resp[option]++;
-		send_dont(option, 0);
-	    }
-	}
-	set_my_state_do(option);
-#ifdef	ENCRYPTION
-	if (option == TELOPT_ENCRYPT)
-		encrypt_send_support();
-#endif	/* ENCRYPTION */
-}
-
-	void
-wontoption(option)
-	int option;
-{
-	if (do_dont_resp[option]) {
-	    --do_dont_resp[option];
-	    if (do_dont_resp[option] && my_state_is_dont(option))
-		--do_dont_resp[option];
-	}
-
-	if ((do_dont_resp[option] == 0) && my_want_state_is_do(option)) {
-
-	    switch (option) {
-
-#ifdef	KLUDGELINEMODE
-	    case TELOPT_SGA:
-		if (!kludgelinemode)
-		    break;
-		/* FALL THROUGH */
-#endif
-	    case TELOPT_ECHO:
-		settimer(modenegotiated);
-		break;
-
-	    case TELOPT_TM:
-		if (flushout)
-		    flushout = 0;
-		set_my_want_state_dont(option);
-		set_my_state_dont(option);
-		return;		/* Never reply to TM will's/wont's */
-
-	    default:
-		break;
-	    }
-	    set_my_want_state_dont(option);
-	    if (my_state_is_do(option))
-		send_dont(option, 0);
-	    setconnmode(0);			/* Set new tty mode */
-	} else if (option == TELOPT_TM) {
-	    /*
-	     * Special case for TM.
-	     */
-	    if (flushout)
-		flushout = 0;
-	    set_my_want_state_dont(option);
-	}
-	set_my_state_dont(option);
-}
-
-	static void
-dooption(option)
-	int option;
-{
-	int new_state_ok = 0;
-
-	if (will_wont_resp[option]) {
-	    --will_wont_resp[option];
-	    if (will_wont_resp[option] && my_state_is_will(option))
-		--will_wont_resp[option];
-	}
-
-	if (will_wont_resp[option] == 0) {
-	  if (my_want_state_is_wont(option)) {
-
-	    switch (option) {
-
-	    case TELOPT_TM:
-		/*
-		 * Special case for TM.  We send a WILL, but pretend
-		 * we sent WONT.
-		 */
-		send_will(option, 0);
-		set_my_want_state_wont(TELOPT_TM);
-		set_my_state_wont(TELOPT_TM);
-		return;
-
-#	if defined(TN3270)
-	    case TELOPT_EOR:		/* end of record */
-#	endif	/* defined(TN3270) */
-	    case TELOPT_BINARY:		/* binary mode */
-	    case TELOPT_NAWS:		/* window size */
-	    case TELOPT_TSPEED:		/* terminal speed */
-	    case TELOPT_LFLOW:		/* local flow control */
-	    case TELOPT_TTYPE:		/* terminal type option */
-	    case TELOPT_SGA:		/* no big deal */
-#ifdef	ENCRYPTION
-	    case TELOPT_ENCRYPT:	/* encryption variable option */
-#endif	/* ENCRYPTION */
-		new_state_ok = 1;
-		break;
-
-	    case TELOPT_NEW_ENVIRON:	/* New environment variable option */
-#ifdef	OLD_ENVIRON
-		if (my_state_is_will(TELOPT_OLD_ENVIRON))
-			send_wont(TELOPT_OLD_ENVIRON, 1); /* turn off the old */
-		goto env_common;
-	    case TELOPT_OLD_ENVIRON:	/* Old environment variable option */
-		if (my_state_is_will(TELOPT_NEW_ENVIRON))
-			break;		/* Don't enable if new one is in use! */
-	    env_common:
-		telopt_environ = option;
-#endif
-		new_state_ok = 1;
-		break;
-
-#if	defined(AUTHENTICATION)
-	    case TELOPT_AUTHENTICATION:
-		if (autologin)
-			new_state_ok = 1;
-		break;
-#endif
-
-	    case TELOPT_XDISPLOC:	/* X Display location */
-		if (env_getvalue((unsigned char *)"DISPLAY"))
-		    new_state_ok = 1;
-		break;
-
-	    case TELOPT_LINEMODE:
-#ifdef	KLUDGELINEMODE
-		kludgelinemode = 0;
-		send_do(TELOPT_SGA, 1);
-#endif
-		set_my_want_state_will(TELOPT_LINEMODE);
-		send_will(option, 0);
-		set_my_state_will(TELOPT_LINEMODE);
-		slc_init();
-		return;
-
-	    case TELOPT_ECHO:		/* We're never going to echo... */
-	    default:
-		break;
-	    }
-
-	    if (new_state_ok) {
-		set_my_want_state_will(option);
-		send_will(option, 0);
-		setconnmode(0);			/* Set new tty mode */
-	    } else {
-		will_wont_resp[option]++;
-		send_wont(option, 0);
-	    }
-	  } else {
-	    /*
-	     * Handle options that need more things done after the
-	     * other side has acknowledged the option.
-	     */
-	    switch (option) {
-	    case TELOPT_LINEMODE:
-#ifdef	KLUDGELINEMODE
-		kludgelinemode = 0;
-		send_do(TELOPT_SGA, 1);
-#endif
-		set_my_state_will(option);
-		slc_init();
-		send_do(TELOPT_SGA, 0);
-		return;
-	    }
-	  }
-	}
-	set_my_state_will(option);
-}
-
-	static void
-dontoption(option)
-	int option;
-{
-
-	if (will_wont_resp[option]) {
-	    --will_wont_resp[option];
-	    if (will_wont_resp[option] && my_state_is_wont(option))
-		--will_wont_resp[option];
-	}
-
-	if ((will_wont_resp[option] == 0) && my_want_state_is_will(option)) {
-	    switch (option) {
-	    case TELOPT_LINEMODE:
-		linemode = 0;	/* put us back to the default state */
-		break;
-#ifdef	OLD_ENVIRON
-	    case TELOPT_NEW_ENVIRON:
-		/*
-		 * The new environ option wasn't recognized, try
-		 * the old one.
-		 */
-		send_will(TELOPT_OLD_ENVIRON, 1);
-		telopt_environ = TELOPT_OLD_ENVIRON;
-		break;
-#endif
-	    }
-	    /* we always accept a DONT */
-	    set_my_want_state_wont(option);
-	    if (my_state_is_will(option))
-		send_wont(option, 0);
-	    setconnmode(0);			/* Set new tty mode */
-	}
-	set_my_state_wont(option);
-}
-
-/*
- * Given a buffer returned by tgetent(), this routine will turn
- * the pipe seperated list of names in the buffer into an array
- * of pointers to null terminated names.  We toss out any bad,
- * duplicate, or verbose names (names with spaces).
- */
-
-static char *name_unknown = "UNKNOWN";
-static char *unknown[] = { 0, 0 };
-
-	char **
-mklist(buf, name)
-	char *buf, *name;
-{
-	register int n;
-	register char c, *cp, **argvp, *cp2, **argv, **avt;
-
-	if (name) {
-		if ((int)strlen(name) > 40) {
-			name = 0;
-			unknown[0] = name_unknown;
-		} else {
-			unknown[0] = name;
-			upcase(name);
-		}
-	} else
-		unknown[0] = name_unknown;
-	/*
-	 * Count up the number of names.
-	 */
-	for (n = 1, cp = buf; *cp && *cp != ':'; cp++) {
-		if (*cp == '|')
-			n++;
-	}
-	/*
-	 * Allocate an array to put the name pointers into
-	 */
-	argv = (char **)malloc((n+3)*sizeof(char *));
-	if (argv == 0)
-		return(unknown);
-
-	/*
-	 * Fill up the array of pointers to names.
-	 */
-	*argv = 0;
-	argvp = argv+1;
-	n = 0;
-	for (cp = cp2 = buf; (c = *cp);  cp++) {
-		if (c == '|' || c == ':') {
-			*cp++ = '\0';
-			/*
-			 * Skip entries that have spaces or are over 40
-			 * characters long.  If this is our environment
-			 * name, then put it up front.  Otherwise, as
-			 * long as this is not a duplicate name (case
-			 * insensitive) add it to the list.
-			 */
-			if (n || (cp - cp2 > 41))
-				;
-			else if (name && (strncasecmp(name, cp2, cp-cp2) == 0))
-				*argv = cp2;
-			else if (is_unique(cp2, argv+1, argvp))
-				*argvp++ = cp2;
-			if (c == ':')
-				break;
-			/*
-			 * Skip multiple delimiters. Reset cp2 to
-			 * the beginning of the next name. Reset n,
-			 * the flag for names with spaces.
-			 */
-			while ((c = *cp) == '|')
-				cp++;
-			cp2 = cp;
-			n = 0;
-		}
-		/*
-		 * Skip entries with spaces or non-ascii values.
-		 * Convert lower case letters to upper case.
-		 */
-		if ((c == ' ') || !isascii(c))
-			n = 1;
-		else if (islower(c))
-			*cp = toupper(c);
-	}
-
-	/*
-	 * Check for an old V6 2 character name.  If the second
-	 * name points to the beginning of the buffer, and is
-	 * only 2 characters long, move it to the end of the array.
-	 */
-	if ((argv[1] == buf) && (strlen(argv[1]) == 2)) {
-		--argvp;
-		for (avt = &argv[1]; avt < argvp; avt++)
-			*avt = *(avt+1);
-		*argvp++ = buf;
-	}
-
-	/*
-	 * Duplicate last name, for TTYPE option, and null
-	 * terminate the array.  If we didn't find a match on
-	 * our terminal name, put that name at the beginning.
-	 */
-	cp = *(argvp-1);
-	*argvp++ = cp;
-	*argvp = 0;
-
-	if (*argv == 0) {
-		if (name)
-			*argv = name;
-		else {
-			--argvp;
-			for (avt = argv; avt < argvp; avt++)
-				*avt = *(avt+1);
-		}
-	}
-	if (*argv)
-		return(argv);
-	else
-		return(unknown);
-}
-
-	int
-is_unique(name, as, ae)
-	register char *name, **as, **ae;
-{
-	register char **ap;
-	register int n;
-
-	n = strlen(name) + 1;
-	for (ap = as; ap < ae; ap++)
-		if (strncasecmp(*ap, name, n) == 0)
-			return(0);
-	return (1);
-}
-
-#ifdef	TERMCAP
-char termbuf[1024];
-
-	/*ARGSUSED*/
-	int
-setupterm(tname, fd, errp)
-	char *tname;
-	int fd, *errp;
-{
-	if (tgetent(termbuf, tname) == 1) {
-		termbuf[1023] = '\0';
-		if (errp)
-			*errp = 1;
-		return(0);
-	}
-	if (errp)
-		*errp = 0;
-	return(-1);
-}
-#else
-#define	termbuf	ttytype
-extern char ttytype[];
-#endif
-
-int resettermname = 1;
-
-	char *
-gettermname()
-{
-	char *tname;
-	static char **tnamep = 0;
-	static char **next;
-	int err;
-
-	if (resettermname) {
-		resettermname = 0;
-		if (tnamep && tnamep != unknown)
-			free(tnamep);
-		if ((tname = (char *)env_getvalue((unsigned char *)"TERM")) &&
-				(setupterm(tname, 1, &err) == 0)) {
-			tnamep = mklist(termbuf, tname);
-		} else {
-			if (tname && ((int)strlen(tname) <= 40)) {
-				unknown[0] = tname;
-				upcase(tname);
-			} else
-				unknown[0] = name_unknown;
-			tnamep = unknown;
-		}
-		next = tnamep;
-	}
-	if (*next == 0)
-		next = tnamep;
-	return(*next++);
-}
-/*
- * suboption()
- *
- *	Look at the sub-option buffer, and try to be helpful to the other
- * side.
- *
- *	Currently we recognize:
- *
- *		Terminal type, send request.
- *		Terminal speed (send request).
- *		Local flow control (is request).
- *		Linemode
- */
-
-    static void
-suboption()
-{
-    unsigned char subchar;
-
-    printsub('<', subbuffer, SB_LEN()+2);
-    switch (subchar = SB_GET()) {
-    case TELOPT_TTYPE:
-	if (my_want_state_is_wont(TELOPT_TTYPE))
-	    return;
-	if (SB_EOF() || SB_GET() != TELQUAL_SEND) {
-	    return;
-	} else {
-	    char *name;
-	    unsigned char temp[50];
-	    int len;
-
-#if	defined(TN3270)
-	    if (tn3270_ttype()) {
-		return;
-	    }
-#endif	/* defined(TN3270) */
-	    name = gettermname();
-	    len = strlen(name) + 4 + 2;
-	    if (len < NETROOM()) {
-		sprintf((char *)temp, "%c%c%c%c%s%c%c", IAC, SB, TELOPT_TTYPE,
-				TELQUAL_IS, name, IAC, SE);
-		ring_supply_data(&netoring, temp, len);
-		printsub('>', &temp[2], len-2);
-	    } else {
-		ExitString("No room in buffer for terminal type.\n", 1);
-		/*NOTREACHED*/
-	    }
-	}
-	break;
-    case TELOPT_TSPEED:
-	if (my_want_state_is_wont(TELOPT_TSPEED))
-	    return;
-	if (SB_EOF())
-	    return;
-	if (SB_GET() == TELQUAL_SEND) {
-	    long ospeed, ispeed;
-	    unsigned char temp[50];
-	    int len;
-
-	    TerminalSpeeds(&ispeed, &ospeed);
-
-	    sprintf((char *)temp, "%c%c%c%c%d,%d%c%c", IAC, SB, TELOPT_TSPEED,
-		    TELQUAL_IS, ospeed, ispeed, IAC, SE);
-	    len = strlen((char *)temp+4) + 4;	/* temp[3] is 0 ... */
-
-	    if (len < NETROOM()) {
-		ring_supply_data(&netoring, temp, len);
-		printsub('>', temp+2, len - 2);
-	    }
-/*@*/	    else printf("lm_will: not enough room in buffer\n");
-	}
-	break;
-    case TELOPT_LFLOW:
-	if (my_want_state_is_wont(TELOPT_LFLOW))
-	    return;
-	if (SB_EOF())
-	    return;
-	switch(SB_GET()) {
-	case LFLOW_RESTART_ANY:
-	    restartany = 1;
-	    break;
-	case LFLOW_RESTART_XON:
-	    restartany = 0;
-	    break;
-	case LFLOW_ON:
-	    localflow = 1;
-	    break;
-	case LFLOW_OFF:
-	    localflow = 0;
-	    break;
-	default:
-	    return;
-	}
-	setcommandmode();
-	setconnmode(0);
-	break;
-
-    case TELOPT_LINEMODE:
-	if (my_want_state_is_wont(TELOPT_LINEMODE))
-	    return;
-	if (SB_EOF())
-	    return;
-	switch (SB_GET()) {
-	case WILL:
-	    lm_will(subpointer, SB_LEN());
-	    break;
-	case WONT:
-	    lm_wont(subpointer, SB_LEN());
-	    break;
-	case DO:
-	    lm_do(subpointer, SB_LEN());
-	    break;
-	case DONT:
-	    lm_dont(subpointer, SB_LEN());
-	    break;
-	case LM_SLC:
-	    slc(subpointer, SB_LEN());
-	    break;
-	case LM_MODE:
-	    lm_mode(subpointer, SB_LEN(), 0);
-	    break;
-	default:
-	    break;
-	}
-	break;
-
-#ifdef	OLD_ENVIRON
-    case TELOPT_OLD_ENVIRON:
-#endif
-    case TELOPT_NEW_ENVIRON:
-	if (SB_EOF())
-	    return;
-	switch(SB_PEEK()) {
-	case TELQUAL_IS:
-	case TELQUAL_INFO:
-	    if (my_want_state_is_dont(subchar))
-		return;
-	    break;
-	case TELQUAL_SEND:
-	    if (my_want_state_is_wont(subchar)) {
-		return;
-	    }
-	    break;
-	default:
-	    return;
-	}
-	env_opt(subpointer, SB_LEN());
-	break;
-
-    case TELOPT_XDISPLOC:
-	if (my_want_state_is_wont(TELOPT_XDISPLOC))
-	    return;
-	if (SB_EOF())
-	    return;
-	if (SB_GET() == TELQUAL_SEND) {
-	    unsigned char temp[50], *dp;
-	    int len;
-
-	    if ((dp = env_getvalue((unsigned char *)"DISPLAY")) == NULL) {
-		/*
-		 * Something happened, we no longer have a DISPLAY
-		 * variable.  So, turn off the option.
-		 */
-		send_wont(TELOPT_XDISPLOC, 1);
-		break;
-	    }
-	    sprintf((char *)temp, "%c%c%c%c%s%c%c", IAC, SB, TELOPT_XDISPLOC,
-		    TELQUAL_IS, dp, IAC, SE);
-	    len = strlen((char *)temp+4) + 4;	/* temp[3] is 0 ... */
-
-	    if (len < NETROOM()) {
-		ring_supply_data(&netoring, temp, len);
-		printsub('>', temp+2, len - 2);
-	    }
-/*@*/	    else printf("lm_will: not enough room in buffer\n");
-	}
-	break;
-
-#if	defined(AUTHENTICATION)
-	case TELOPT_AUTHENTICATION: {
-		if (!autologin)
-			break;
-		if (SB_EOF())
-			return;
-		switch(SB_GET()) {
-		case TELQUAL_IS:
-			if (my_want_state_is_dont(TELOPT_AUTHENTICATION))
-				return;
-			auth_is(subpointer, SB_LEN());
-			break;
-		case TELQUAL_SEND:
-			if (my_want_state_is_wont(TELOPT_AUTHENTICATION))
-				return;
-			auth_send(subpointer, SB_LEN());
-			break;
-		case TELQUAL_REPLY:
-			if (my_want_state_is_wont(TELOPT_AUTHENTICATION))
-				return;
-			auth_reply(subpointer, SB_LEN());
-			break;
-		case TELQUAL_NAME:
-			if (my_want_state_is_dont(TELOPT_AUTHENTICATION))
-				return;
-			auth_name(subpointer, SB_LEN());
-			break;
-		}
-	}
-	break;
-#endif
-#ifdef	ENCRYPTION
-	case TELOPT_ENCRYPT:
-		if (SB_EOF())
-			return;
-		switch(SB_GET()) {
-		case ENCRYPT_START:
-			if (my_want_state_is_dont(TELOPT_ENCRYPT))
-				return;
-			encrypt_start(subpointer, SB_LEN());
-			break;
-		case ENCRYPT_END:
-			if (my_want_state_is_dont(TELOPT_ENCRYPT))
-				return;
-			encrypt_end();
-			break;
-		case ENCRYPT_SUPPORT:
-			if (my_want_state_is_wont(TELOPT_ENCRYPT))
-				return;
-			encrypt_support(subpointer, SB_LEN());
-			break;
-		case ENCRYPT_REQSTART:
-			if (my_want_state_is_wont(TELOPT_ENCRYPT))
-				return;
-			encrypt_request_start(subpointer, SB_LEN());
-			break;
-		case ENCRYPT_REQEND:
-			if (my_want_state_is_wont(TELOPT_ENCRYPT))
-				return;
-			/*
-			 * We can always send an REQEND so that we cannot
-			 * get stuck encrypting.  We should only get this
-			 * if we have been able to get in the correct mode
-			 * anyhow.
-			 */
-			encrypt_request_end();
-			break;
-		case ENCRYPT_IS:
-			if (my_want_state_is_dont(TELOPT_ENCRYPT))
-				return;
-			encrypt_is(subpointer, SB_LEN());
-			break;
-		case ENCRYPT_REPLY:
-			if (my_want_state_is_wont(TELOPT_ENCRYPT))
-				return;
-			encrypt_reply(subpointer, SB_LEN());
-			break;
-		case ENCRYPT_ENC_KEYID:
-			if (my_want_state_is_dont(TELOPT_ENCRYPT))
-				return;
-			encrypt_enc_keyid(subpointer, SB_LEN());
-			break;
-		case ENCRYPT_DEC_KEYID:
-			if (my_want_state_is_wont(TELOPT_ENCRYPT))
-				return;
-			encrypt_dec_keyid(subpointer, SB_LEN());
-			break;
-		default:
-			break;
-		}
-		break;
-#endif	/* ENCRYPTION */
-    default:
-	break;
-    }
-}
-
-static unsigned char str_lm[] = { IAC, SB, TELOPT_LINEMODE, 0, 0, IAC, SE };
-
-    void
-lm_will(cmd, len)
-    unsigned char *cmd;
-    int len;
-{
-    if (len < 1) {
-/*@*/	printf("lm_will: no command!!!\n");	/* Should not happen... */
-	return;
-    }
-    switch(cmd[0]) {
-    case LM_FORWARDMASK:	/* We shouldn't ever get this... */
-    default:
-	str_lm[3] = DONT;
-	str_lm[4] = cmd[0];
-	if (NETROOM() > sizeof(str_lm)) {
-	    ring_supply_data(&netoring, str_lm, sizeof(str_lm));
-	    printsub('>', &str_lm[2], sizeof(str_lm)-2);
-	}
-/*@*/	else printf("lm_will: not enough room in buffer\n");
-	break;
-    }
-}
-
-    void
-lm_wont(cmd, len)
-    unsigned char *cmd;
-    int len;
-{
-    if (len < 1) {
-/*@*/	printf("lm_wont: no command!!!\n");	/* Should not happen... */
-	return;
-    }
-    switch(cmd[0]) {
-    case LM_FORWARDMASK:	/* We shouldn't ever get this... */
-    default:
-	/* We are always DONT, so don't respond */
-	return;
-    }
-}
-
-    void
-lm_do(cmd, len)
-    unsigned char *cmd;
-    int len;
-{
-    if (len < 1) {
-/*@*/	printf("lm_do: no command!!!\n");	/* Should not happen... */
-	return;
-    }
-    switch(cmd[0]) {
-    case LM_FORWARDMASK:
-    default:
-	str_lm[3] = WONT;
-	str_lm[4] = cmd[0];
-	if (NETROOM() > sizeof(str_lm)) {
-	    ring_supply_data(&netoring, str_lm, sizeof(str_lm));
-	    printsub('>', &str_lm[2], sizeof(str_lm)-2);
-	}
-/*@*/	else printf("lm_do: not enough room in buffer\n");
-	break;
-    }
-}
-
-    void
-lm_dont(cmd, len)
-    unsigned char *cmd;
-    int len;
-{
-    if (len < 1) {
-/*@*/	printf("lm_dont: no command!!!\n");	/* Should not happen... */
-	return;
-    }
-    switch(cmd[0]) {
-    case LM_FORWARDMASK:
-    default:
-	/* we are always WONT, so don't respond */
-	break;
-    }
-}
-
-static unsigned char str_lm_mode[] = {
-	IAC, SB, TELOPT_LINEMODE, LM_MODE, 0, IAC, SE
-};
-
-	void
-lm_mode(cmd, len, init)
-	unsigned char *cmd;
-	int len, init;
-{
-	if (len != 1)
-		return;
-	if ((linemode&MODE_MASK&~MODE_ACK) == *cmd)
-		return;
-	if (*cmd&MODE_ACK)
-		return;
-	linemode = *cmd&(MODE_MASK&~MODE_ACK);
-	str_lm_mode[4] = linemode;
-	if (!init)
-	    str_lm_mode[4] |= MODE_ACK;
-	if (NETROOM() > sizeof(str_lm_mode)) {
-	    ring_supply_data(&netoring, str_lm_mode, sizeof(str_lm_mode));
-	    printsub('>', &str_lm_mode[2], sizeof(str_lm_mode)-2);
-	}
-/*@*/	else printf("lm_mode: not enough room in buffer\n");
-	setconnmode(0);	/* set changed mode */
-}
-
-
-
-/*
- * slc()
- * Handle special character suboption of LINEMODE.
- */
-
-struct spc {
-	cc_t val;
-	cc_t *valp;
-	char flags;	/* Current flags & level */
-	char mylevel;	/* Maximum level & flags */
-} spc_data[NSLC+1];
-
-#define SLC_IMPORT	0
-#define	SLC_EXPORT	1
-#define SLC_RVALUE	2
-static int slc_mode = SLC_EXPORT;
-
-	void
-slc_init()
-{
-	register struct spc *spcp;
-
-	localchars = 1;
-	for (spcp = spc_data; spcp < &spc_data[NSLC+1]; spcp++) {
-		spcp->val = 0;
-		spcp->valp = 0;
-		spcp->flags = spcp->mylevel = SLC_NOSUPPORT;
-	}
-
-#define	initfunc(func, flags) { \
-					spcp = &spc_data[func]; \
-					if (spcp->valp = tcval(func)) { \
-					    spcp->val = *spcp->valp; \
-					    spcp->mylevel = SLC_VARIABLE|flags; \
-					} else { \
-					    spcp->val = 0; \
-					    spcp->mylevel = SLC_DEFAULT; \
-					} \
-				    }
-
-	initfunc(SLC_SYNCH, 0);
-	/* No BRK */
-	initfunc(SLC_AO, 0);
-	initfunc(SLC_AYT, 0);
-	/* No EOR */
-	initfunc(SLC_ABORT, SLC_FLUSHIN|SLC_FLUSHOUT);
-	initfunc(SLC_EOF, 0);
-#ifndef	SYSV_TERMIO
-	initfunc(SLC_SUSP, SLC_FLUSHIN);
-#endif
-	initfunc(SLC_EC, 0);
-	initfunc(SLC_EL, 0);
-#ifndef	SYSV_TERMIO
-	initfunc(SLC_EW, 0);
-	initfunc(SLC_RP, 0);
-	initfunc(SLC_LNEXT, 0);
-#endif
-	initfunc(SLC_XON, 0);
-	initfunc(SLC_XOFF, 0);
-#ifdef	SYSV_TERMIO
-	spc_data[SLC_XON].mylevel = SLC_CANTCHANGE;
-	spc_data[SLC_XOFF].mylevel = SLC_CANTCHANGE;
-#endif
-	initfunc(SLC_FORW1, 0);
-#ifdef	USE_TERMIO
-	initfunc(SLC_FORW2, 0);
-	/* No FORW2 */
-#endif
-
-	initfunc(SLC_IP, SLC_FLUSHIN|SLC_FLUSHOUT);
-#undef	initfunc
-
-	if (slc_mode == SLC_EXPORT)
-		slc_export();
-	else
-		slc_import(1);
-
-}
-
-    void
-slcstate()
-{
-    printf("Special characters are %s values\n",
-		slc_mode == SLC_IMPORT ? "remote default" :
-		slc_mode == SLC_EXPORT ? "local" :
-					 "remote");
-}
-
-    void
-slc_mode_export()
-{
-    slc_mode = SLC_EXPORT;
-    if (my_state_is_will(TELOPT_LINEMODE))
-	slc_export();
-}
-
-    void
-slc_mode_import(def)
-    int def;
-{
-    slc_mode = def ? SLC_IMPORT : SLC_RVALUE;
-    if (my_state_is_will(TELOPT_LINEMODE))
-	slc_import(def);
-}
-
-unsigned char slc_import_val[] = {
-	IAC, SB, TELOPT_LINEMODE, LM_SLC, 0, SLC_VARIABLE, 0, IAC, SE
-};
-unsigned char slc_import_def[] = {
-	IAC, SB, TELOPT_LINEMODE, LM_SLC, 0, SLC_DEFAULT, 0, IAC, SE
-};
-
-    void
-slc_import(def)
-    int def;
-{
-    if (NETROOM() > sizeof(slc_import_val)) {
-	if (def) {
-	    ring_supply_data(&netoring, slc_import_def, sizeof(slc_import_def));
-	    printsub('>', &slc_import_def[2], sizeof(slc_import_def)-2);
-	} else {
-	    ring_supply_data(&netoring, slc_import_val, sizeof(slc_import_val));
-	    printsub('>', &slc_import_val[2], sizeof(slc_import_val)-2);
-	}
-    }
-/*@*/ else printf("slc_import: not enough room\n");
-}
-
-    void
-slc_export()
-{
-    register struct spc *spcp;
-
-    TerminalDefaultChars();
-
-    slc_start_reply();
-    for (spcp = &spc_data[1]; spcp < &spc_data[NSLC+1]; spcp++) {
-	if (spcp->mylevel != SLC_NOSUPPORT) {
-	    if (spcp->val == (cc_t)(_POSIX_VDISABLE))
-		spcp->flags = SLC_NOSUPPORT;
-	    else
-		spcp->flags = spcp->mylevel;
-	    if (spcp->valp)
-		spcp->val = *spcp->valp;
-	    slc_add_reply(spcp - spc_data, spcp->flags, spcp->val);
-	}
-    }
-    slc_end_reply();
-    (void)slc_update();
-    setconnmode(1);	/* Make sure the character values are set */
-}
-
-	void
-slc(cp, len)
-	register unsigned char *cp;
-	int len;
-{
-	register struct spc *spcp;
-	register int func,level;
-
-	slc_start_reply();
-
-	for (; len >= 3; len -=3, cp +=3) {
-
-		func = cp[SLC_FUNC];
-
-		if (func == 0) {
-			/*
-			 * Client side: always ignore 0 function.
-			 */
-			continue;
-		}
-		if (func > NSLC) {
-			if ((cp[SLC_FLAGS] & SLC_LEVELBITS) != SLC_NOSUPPORT)
-				slc_add_reply(func, SLC_NOSUPPORT, 0);
-			continue;
-		}
-
-		spcp = &spc_data[func];
-
-		level = cp[SLC_FLAGS]&(SLC_LEVELBITS|SLC_ACK);
-
-		if ((cp[SLC_VALUE] == (unsigned char)spcp->val) &&
-		    ((level&SLC_LEVELBITS) == (spcp->flags&SLC_LEVELBITS))) {
-			continue;
-		}
-
-		if (level == (SLC_DEFAULT|SLC_ACK)) {
-			/*
-			 * This is an error condition, the SLC_ACK
-			 * bit should never be set for the SLC_DEFAULT
-			 * level.  Our best guess to recover is to
-			 * ignore the SLC_ACK bit.
-			 */
-			cp[SLC_FLAGS] &= ~SLC_ACK;
-		}
-
-		if (level == ((spcp->flags&SLC_LEVELBITS)|SLC_ACK)) {
-			spcp->val = (cc_t)cp[SLC_VALUE];
-			spcp->flags = cp[SLC_FLAGS];	/* include SLC_ACK */
-			continue;
-		}
-
-		level &= ~SLC_ACK;
-
-		if (level <= (spcp->mylevel&SLC_LEVELBITS)) {
-			spcp->flags = cp[SLC_FLAGS]|SLC_ACK;
-			spcp->val = (cc_t)cp[SLC_VALUE];
-		}
-		if (level == SLC_DEFAULT) {
-			if ((spcp->mylevel&SLC_LEVELBITS) != SLC_DEFAULT)
-				spcp->flags = spcp->mylevel;
-			else
-				spcp->flags = SLC_NOSUPPORT;
-		}
-		slc_add_reply(func, spcp->flags, spcp->val);
-	}
-	slc_end_reply();
-	if (slc_update())
-		setconnmode(1);	/* set the  new character values */
-}
-
-    void
-slc_check()
-{
-    register struct spc *spcp;
-
-    slc_start_reply();
-    for (spcp = &spc_data[1]; spcp < &spc_data[NSLC+1]; spcp++) {
-	if (spcp->valp && spcp->val != *spcp->valp) {
-	    spcp->val = *spcp->valp;
-	    if (spcp->val == (cc_t)(_POSIX_VDISABLE))
-		spcp->flags = SLC_NOSUPPORT;
-	    else
-		spcp->flags = spcp->mylevel;
-	    slc_add_reply(spcp - spc_data, spcp->flags, spcp->val);
-	}
-    }
-    slc_end_reply();
-    setconnmode(1);
-}
-
-
-unsigned char slc_reply[128];
-unsigned char *slc_replyp;
-
-	void
-slc_start_reply()
-{
-	slc_replyp = slc_reply;
-	*slc_replyp++ = IAC;
-	*slc_replyp++ = SB;
-	*slc_replyp++ = TELOPT_LINEMODE;
-	*slc_replyp++ = LM_SLC;
-}
-
-	void
-slc_add_reply(func, flags, value)
-	unsigned char func;
-	unsigned char flags;
-	cc_t value;
-{
-	if ((*slc_replyp++ = func) == IAC)
-		*slc_replyp++ = IAC;
-	if ((*slc_replyp++ = flags) == IAC)
-		*slc_replyp++ = IAC;
-	if ((*slc_replyp++ = (unsigned char)value) == IAC)
-		*slc_replyp++ = IAC;
-}
-
-    void
-slc_end_reply()
-{
-    register int len;
-
-    *slc_replyp++ = IAC;
-    *slc_replyp++ = SE;
-    len = slc_replyp - slc_reply;
-    if (len <= 6)
-	return;
-    if (NETROOM() > len) {
-	ring_supply_data(&netoring, slc_reply, slc_replyp - slc_reply);
-	printsub('>', &slc_reply[2], slc_replyp - slc_reply - 2);
-    }
-/*@*/else printf("slc_end_reply: not enough room\n");
-}
-
-	int
-slc_update()
-{
-	register struct spc *spcp;
-	int need_update = 0;
-
-	for (spcp = &spc_data[1]; spcp < &spc_data[NSLC+1]; spcp++) {
-		if (!(spcp->flags&SLC_ACK))
-			continue;
-		spcp->flags &= ~SLC_ACK;
-		if (spcp->valp && (*spcp->valp != spcp->val)) {
-			*spcp->valp = spcp->val;
-			need_update = 1;
-		}
-	}
-	return(need_update);
-}
-
-#ifdef	OLD_ENVIRON
-# ifdef	ENV_HACK
-/*
- * Earlier version of telnet/telnetd from the BSD code had
- * the definitions of VALUE and VAR reversed.  To ensure
- * maximum interoperability, we assume that the server is
- * an older BSD server, until proven otherwise.  The newer
- * BSD servers should be able to handle either definition,
- * so it is better to use the wrong values if we don't
- * know what type of server it is.
- */
-int env_auto = 1;
-int old_env_var = OLD_ENV_VAR;
-int old_env_value = OLD_ENV_VALUE;
-# else
-#  define old_env_var OLD_ENV_VAR
-#  define old_env_value OLD_ENV_VALUE
-# endif
-#endif
-
-	void
-env_opt(buf, len)
-	register unsigned char *buf;
-	register int len;
-{
-	register unsigned char *ep = 0, *epc = 0;
-	register int i;
-
-	switch(buf[0]&0xff) {
-	case TELQUAL_SEND:
-		env_opt_start();
-		if (len == 1) {
-			env_opt_add(NULL);
-		} else for (i = 1; i < len; i++) {
-			switch (buf[i]&0xff) {
-#ifdef	OLD_ENVIRON
-			case OLD_ENV_VAR:
-# ifdef	ENV_HACK
-				if (telopt_environ == TELOPT_OLD_ENVIRON
-				    && env_auto) {
-					/* Server has the same definitions */
-					old_env_var = OLD_ENV_VAR;
-					old_env_value = OLD_ENV_VALUE;
-				}
-				/* FALL THROUGH */
-# endif
-			case OLD_ENV_VALUE:
-				/*
-				 * Although OLD_ENV_VALUE is not legal, we will
-				 * still recognize it, just in case it is an
-				 * old server that has VAR & VALUE mixed up...
-				 */
-				/* FALL THROUGH */
-#else
-			case NEW_ENV_VAR:
-#endif
-			case ENV_USERVAR:
-				if (ep) {
-					*epc = 0;
-					env_opt_add(ep);
-				}
-				ep = epc = &buf[i+1];
-				break;
-			case ENV_ESC:
-				i++;
-				/*FALL THROUGH*/
-			default:
-				if (epc)
-					*epc++ = buf[i];
-				break;
-			}
-		}
-		if (ep) {
-			*epc = 0;
-			env_opt_add(ep);
-		}
-		env_opt_end(1);
-		break;
-
-	case TELQUAL_IS:
-	case TELQUAL_INFO:
-		/* Ignore for now.  We shouldn't get it anyway. */
-		break;
-
-	default:
-		break;
-	}
-}
-
-#define	OPT_REPLY_SIZE	256
-unsigned char *opt_reply;
-unsigned char *opt_replyp;
-unsigned char *opt_replyend;
-
-	void
-env_opt_start()
-{
-	if (opt_reply)
-		opt_reply = (unsigned char *)realloc(opt_reply, OPT_REPLY_SIZE);
-	else
-		opt_reply = (unsigned char *)malloc(OPT_REPLY_SIZE);
-	if (opt_reply == NULL) {
-/*@*/		printf("env_opt_start: malloc()/realloc() failed!!!\n");
-		opt_reply = opt_replyp = opt_replyend = NULL;
-		return;
-	}
-	opt_replyp = opt_reply;
-	opt_replyend = opt_reply + OPT_REPLY_SIZE;
-	*opt_replyp++ = IAC;
-	*opt_replyp++ = SB;
-	*opt_replyp++ = telopt_environ;
-	*opt_replyp++ = TELQUAL_IS;
-}
-
-	void
-env_opt_start_info()
-{
-	env_opt_start();
-	if (opt_replyp)
-	    opt_replyp[-1] = TELQUAL_INFO;
-}
-
-	void
-env_opt_add(ep)
-	register unsigned char *ep;
-{
-	register unsigned char *vp, c;
-
-	if (opt_reply == NULL)		/*XXX*/
-		return;			/*XXX*/
-
-	if (ep == NULL || *ep == '\0') {
-		/* Send user defined variables first. */
-		env_default(1, 0);
-		while (ep = env_default(0, 0))
-			env_opt_add(ep);
-
-		/* Now add the list of well know variables.  */
-		env_default(1, 1);
-		while (ep = env_default(0, 1))
-			env_opt_add(ep);
-		return;
-	}
-	vp = env_getvalue(ep);
-	if (opt_replyp + (vp ? strlen((char *)vp) : 0) +
-				strlen((char *)ep) + 6 > opt_replyend)
-	{
-		register int len;
-		opt_replyend += OPT_REPLY_SIZE;
-		len = opt_replyend - opt_reply;
-		opt_reply = (unsigned char *)realloc(opt_reply, len);
-		if (opt_reply == NULL) {
-/*@*/			printf("env_opt_add: realloc() failed!!!\n");
-			opt_reply = opt_replyp = opt_replyend = NULL;
-			return;
-		}
-		opt_replyp = opt_reply + len - (opt_replyend - opt_replyp);
-		opt_replyend = opt_reply + len;
-	}
-	if (opt_welldefined(ep))
-#ifdef	OLD_ENVIRON
-		if (telopt_environ == TELOPT_OLD_ENVIRON)
-			*opt_replyp++ = old_env_var;
-		else
-#endif
-			*opt_replyp++ = NEW_ENV_VAR;
-	else
-		*opt_replyp++ = ENV_USERVAR;
-	for (;;) {
-		while (c = *ep++) {
-			switch(c&0xff) {
-			case IAC:
-				*opt_replyp++ = IAC;
-				break;
-			case NEW_ENV_VAR:
-			case NEW_ENV_VALUE:
-			case ENV_ESC:
-			case ENV_USERVAR:
-				*opt_replyp++ = ENV_ESC;
-				break;
-			}
-			*opt_replyp++ = c;
-		}
-		if (ep = vp) {
-#ifdef	OLD_ENVIRON
-			if (telopt_environ == TELOPT_OLD_ENVIRON)
-				*opt_replyp++ = old_env_value;
-			else
-#endif
-				*opt_replyp++ = NEW_ENV_VALUE;
-			vp = NULL;
-		} else
-			break;
-	}
-}
-
-	int
-opt_welldefined(ep)
-	char *ep;
-{
-	if ((strcmp(ep, "USER") == 0) ||
-	    (strcmp(ep, "DISPLAY") == 0) ||
-	    (strcmp(ep, "PRINTER") == 0) ||
-	    (strcmp(ep, "SYSTEMTYPE") == 0) ||
-	    (strcmp(ep, "JOB") == 0) ||
-	    (strcmp(ep, "ACCT") == 0))
-		return(1);
-	return(0);
-}
-	void
-env_opt_end(emptyok)
-	register int emptyok;
-{
-	register int len;
-
-	len = opt_replyp - opt_reply + 2;
-	if (emptyok || len > 6) {
-		*opt_replyp++ = IAC;
-		*opt_replyp++ = SE;
-		if (NETROOM() > len) {
-			ring_supply_data(&netoring, opt_reply, len);
-			printsub('>', &opt_reply[2], len - 2);
-		}
-/*@*/		else printf("slc_end_reply: not enough room\n");
-	}
-	if (opt_reply) {
-		free(opt_reply);
-		opt_reply = opt_replyp = opt_replyend = NULL;
-	}
-}
-
-
-
-    int
-telrcv()
-{
-    register int c;
-    register int scc;
-    register unsigned char *sbp;
-    int count;
-    int returnValue = 0;
-
-    scc = 0;
-    count = 0;
-    while (TTYROOM() > 2) {
-	if (scc == 0) {
-	    if (count) {
-		ring_consumed(&netiring, count);
-		returnValue = 1;
-		count = 0;
-	    }
-	    sbp = netiring.consume;
-	    scc = ring_full_consecutive(&netiring);
-	    if (scc == 0) {
-		/* No more data coming in */
-		break;
-	    }
-	}
-
-	c = *sbp++ & 0xff, scc--; count++;
-#ifdef	ENCRYPTION
-	if (decrypt_input)
-		c = (*decrypt_input)(c);
-#endif	/* ENCRYPTION */
-
-	switch (telrcv_state) {
-
-	case TS_CR:
-	    telrcv_state = TS_DATA;
-	    if (c == '\0') {
-		break;	/* Ignore \0 after CR */
-	    }
-	    else if ((c == '\n') && my_want_state_is_dont(TELOPT_ECHO) && !crmod) {
-		TTYADD(c);
-		break;
-	    }
-	    /* Else, fall through */
-
-	case TS_DATA:
-	    if (c == IAC) {
-		telrcv_state = TS_IAC;
-		break;
-	    }
-#	    if defined(TN3270)
-	    if (In3270) {
-		*Ifrontp++ = c;
-		while (scc > 0) {
-		    c = *sbp++ & 0377, scc--; count++;
-#ifdef	ENCRYPTION
-		    if (decrypt_input)
-			c = (*decrypt_input)(c);
-#endif	/* ENCRYPTION */
-		    if (c == IAC) {
-			telrcv_state = TS_IAC;
-			break;
-		    }
-		    *Ifrontp++ = c;
-		}
-	    } else
-#	    endif /* defined(TN3270) */
-		    /*
-		     * The 'crmod' hack (see following) is needed
-		     * since we can't * set CRMOD on output only.
-		     * Machines like MULTICS like to send \r without
-		     * \n; since we must turn off CRMOD to get proper
-		     * input, the mapping is done here (sigh).
-		     */
-	    if ((c == '\r') && my_want_state_is_dont(TELOPT_BINARY)) {
-		if (scc > 0) {
-		    c = *sbp&0xff;
-#ifdef	ENCRYPTION
-		    if (decrypt_input)
-			c = (*decrypt_input)(c);
-#endif	/* ENCRYPTION */
-		    if (c == 0) {
-			sbp++, scc--; count++;
-			/* a "true" CR */
-			TTYADD('\r');
-		    } else if (my_want_state_is_dont(TELOPT_ECHO) &&
-					(c == '\n')) {
-			sbp++, scc--; count++;
-			TTYADD('\n');
-		    } else {
-#ifdef	ENCRYPTION
-		        if (decrypt_input)
-			    (*decrypt_input)(-1);
-#endif	/* ENCRYPTION */
-
-			TTYADD('\r');
-			if (crmod) {
-				TTYADD('\n');
-			}
-		    }
-		} else {
-		    telrcv_state = TS_CR;
-		    TTYADD('\r');
-		    if (crmod) {
-			    TTYADD('\n');
-		    }
-		}
-	    } else {
-		TTYADD(c);
-	    }
-	    continue;
-
-	case TS_IAC:
-process_iac:
-	    switch (c) {
-
-	    case WILL:
-		telrcv_state = TS_WILL;
-		continue;
-
-	    case WONT:
-		telrcv_state = TS_WONT;
-		continue;
-
-	    case DO:
-		telrcv_state = TS_DO;
-		continue;
-
-	    case DONT:
-		telrcv_state = TS_DONT;
-		continue;
-
-	    case DM:
-		    /*
-		     * We may have missed an urgent notification,
-		     * so make sure we flush whatever is in the
-		     * buffer currently.
-		     */
-		printoption("RCVD", IAC, DM);
-		SYNCHing = 1;
-		(void) ttyflush(1);
-		SYNCHing = stilloob();
-		settimer(gotDM);
-		break;
-
-	    case SB:
-		SB_CLEAR();
-		telrcv_state = TS_SB;
-		continue;
-
-#	    if defined(TN3270)
-	    case EOR:
-		if (In3270) {
-		    if (Ibackp == Ifrontp) {
-			Ibackp = Ifrontp = Ibuf;
-			ISend = 0;	/* should have been! */
-		    } else {
-			Ibackp += DataFromNetwork(Ibackp, Ifrontp-Ibackp, 1);
-			ISend = 1;
-		    }
-		}
-		printoption("RCVD", IAC, EOR);
-		break;
-#	    endif /* defined(TN3270) */
-
-	    case IAC:
-#	    if !defined(TN3270)
-		TTYADD(IAC);
-#	    else /* !defined(TN3270) */
-		if (In3270) {
-		    *Ifrontp++ = IAC;
-		} else {
-		    TTYADD(IAC);
-		}
-#	    endif /* !defined(TN3270) */
-		break;
-
-	    case NOP:
-	    case GA:
-	    default:
-		printoption("RCVD", IAC, c);
-		break;
-	    }
-	    telrcv_state = TS_DATA;
-	    continue;
-
-	case TS_WILL:
-	    printoption("RCVD", WILL, c);
-	    willoption(c);
-	    SetIn3270();
-	    telrcv_state = TS_DATA;
-	    continue;
-
-	case TS_WONT:
-	    printoption("RCVD", WONT, c);
-	    wontoption(c);
-	    SetIn3270();
-	    telrcv_state = TS_DATA;
-	    continue;
-
-	case TS_DO:
-	    printoption("RCVD", DO, c);
-	    dooption(c);
-	    SetIn3270();
-	    if (c == TELOPT_NAWS) {
-		sendnaws();
-	    } else if (c == TELOPT_LFLOW) {
-		localflow = 1;
-		setcommandmode();
-		setconnmode(0);
-	    }
-	    telrcv_state = TS_DATA;
-	    continue;
-
-	case TS_DONT:
-	    printoption("RCVD", DONT, c);
-	    dontoption(c);
-	    flushline = 1;
-	    setconnmode(0);	/* set new tty mode (maybe) */
-	    SetIn3270();
-	    telrcv_state = TS_DATA;
-	    continue;
-
-	case TS_SB:
-	    if (c == IAC) {
-		telrcv_state = TS_SE;
-	    } else {
-		SB_ACCUM(c);
-	    }
-	    continue;
-
-	case TS_SE:
-	    if (c != SE) {
-		if (c != IAC) {
-		    /*
-		     * This is an error.  We only expect to get
-		     * "IAC IAC" or "IAC SE".  Several things may
-		     * have happend.  An IAC was not doubled, the
-		     * IAC SE was left off, or another option got
-		     * inserted into the suboption are all possibilities.
-		     * If we assume that the IAC was not doubled,
-		     * and really the IAC SE was left off, we could
-		     * get into an infinate loop here.  So, instead,
-		     * we terminate the suboption, and process the
-		     * partial suboption if we can.
-		     */
-		    SB_ACCUM(IAC);
-		    SB_ACCUM(c);
-		    subpointer -= 2;
-		    SB_TERM();
-
-		    printoption("In SUBOPTION processing, RCVD", IAC, c);
-		    suboption();	/* handle sub-option */
-		    SetIn3270();
-		    telrcv_state = TS_IAC;
-		    goto process_iac;
-		}
-		SB_ACCUM(c);
-		telrcv_state = TS_SB;
-	    } else {
-		SB_ACCUM(IAC);
-		SB_ACCUM(SE);
-		subpointer -= 2;
-		SB_TERM();
-		suboption();	/* handle sub-option */
-		SetIn3270();
-		telrcv_state = TS_DATA;
-	    }
-	}
-    }
-    if (count)
-	ring_consumed(&netiring, count);
-    return returnValue||count;
-}
-
-static int bol = 1, local = 0;
-
-    int
-rlogin_susp()
-{
-    if (local) {
-	local = 0;
-	bol = 1;
-	command(0, "z\n", 2);
-	return(1);
-    }
-    return(0);
-}
-
-    static int
-telsnd()
-{
-    int tcc;
-    int count;
-    int returnValue = 0;
-    unsigned char *tbp;
-
-    tcc = 0;
-    count = 0;
-    while (NETROOM() > 2) {
-	register int sc;
-	register int c;
-
-	if (tcc == 0) {
-	    if (count) {
-		ring_consumed(&ttyiring, count);
-		returnValue = 1;
-		count = 0;
-	    }
-	    tbp = ttyiring.consume;
-	    tcc = ring_full_consecutive(&ttyiring);
-	    if (tcc == 0) {
-		break;
-	    }
-	}
-	c = *tbp++ & 0xff, sc = strip(c), tcc--; count++;
-	if (rlogin != _POSIX_VDISABLE) {
-		if (bol) {
-			bol = 0;
-			if (sc == rlogin) {
-				local = 1;
-				continue;
-			}
-		} else if (local) {
-			local = 0;
-			if (sc == '.' || c == termEofChar) {
-				bol = 1;
-				command(0, "close\n", 6);
-				continue;
-			}
-			if (sc == termSuspChar) {
-				bol = 1;
-				command(0, "z\n", 2);
-				continue;
-			}
-			if (sc == escape) {
-				command(0, (char *)tbp, tcc);
-				bol = 1;
-				count += tcc;
-				tcc = 0;
-				flushline = 1;
-				break;
-			}
-			if (sc != rlogin) {
-				++tcc;
-				--tbp;
-				--count;
-				c = sc = rlogin;
-			}
-		}
-		if ((sc == '\n') || (sc == '\r'))
-			bol = 1;
-	} else if (sc == escape) {
-	    /*
-	     * Double escape is a pass through of a single escape character.
-	     */
-	    if (tcc && strip(*tbp) == escape) {
-		tbp++;
-		tcc--;
-		count++;
-		bol = 0;
-	    } else {
-		command(0, (char *)tbp, tcc);
-		bol = 1;
-		count += tcc;
-		tcc = 0;
-		flushline = 1;
-		break;
-	    }
-	} else
-	    bol = 0;
-#ifdef	KLUDGELINEMODE
-	if (kludgelinemode && (globalmode&MODE_EDIT) && (sc == echoc)) {
-	    if (tcc > 0 && strip(*tbp) == echoc) {
-		tcc--; tbp++; count++;
-	    } else {
-		dontlecho = !dontlecho;
-		settimer(echotoggle);
-		setconnmode(0);
-		flushline = 1;
-		break;
-	    }
-	}
-#endif
-	if (MODE_LOCAL_CHARS(globalmode)) {
-	    if (TerminalSpecialChars(sc) == 0) {
-		bol = 1;
-		break;
-	    }
-	}
-	if (my_want_state_is_wont(TELOPT_BINARY)) {
-	    switch (c) {
-	    case '\n':
-		    /*
-		     * If we are in CRMOD mode (\r ==> \n)
-		     * on our local machine, then probably
-		     * a newline (unix) is CRLF (TELNET).
-		     */
-		if (MODE_LOCAL_CHARS(globalmode)) {
-		    NETADD('\r');
-		}
-		NETADD('\n');
-		bol = flushline = 1;
-		break;
-	    case '\r':
-		if (!crlf) {
-		    NET2ADD('\r', '\0');
-		} else {
-		    NET2ADD('\r', '\n');
-		}
-		bol = flushline = 1;
-		break;
-	    case IAC:
-		NET2ADD(IAC, IAC);
-		break;
-	    default:
-		NETADD(c);
-		break;
-	    }
-	} else if (c == IAC) {
-	    NET2ADD(IAC, IAC);
-	} else {
-	    NETADD(c);
-	}
-    }
-    if (count)
-	ring_consumed(&ttyiring, count);
-    return returnValue||count;		/* Non-zero if we did anything */
-}
-
-/*
- * Scheduler()
- *
- * Try to do something.
- *
- * If we do something useful, return 1; else return 0.
- *
- */
-
-
-    int
-Scheduler(block)
-    int	block;			/* should we block in the select ? */
-{
-		/* One wants to be a bit careful about setting returnValue
-		 * to one, since a one implies we did some useful work,
-		 * and therefore probably won't be called to block next
-		 * time (TN3270 mode only).
-		 */
-    int returnValue;
-    int netin, netout, netex, ttyin, ttyout;
-
-    /* Decide which rings should be processed */
-
-    netout = ring_full_count(&netoring) &&
-	    (flushline ||
-		(my_want_state_is_wont(TELOPT_LINEMODE)
-#ifdef	KLUDGELINEMODE
-			&& (!kludgelinemode || my_want_state_is_do(TELOPT_SGA))
-#endif
-		) ||
-			my_want_state_is_will(TELOPT_BINARY));
-    ttyout = ring_full_count(&ttyoring);
-
-#if	defined(TN3270)
-    ttyin = ring_empty_count(&ttyiring) && (shell_active == 0);
-#else	/* defined(TN3270) */
-    ttyin = ring_empty_count(&ttyiring);
-#endif	/* defined(TN3270) */
-
-#if	defined(TN3270)
-    netin = ring_empty_count(&netiring);
-#   else /* !defined(TN3270) */
-    netin = !ISend && ring_empty_count(&netiring);
-#   endif /* !defined(TN3270) */
-
-    netex = !SYNCHing;
-
-    /* If we have seen a signal recently, reset things */
-#   if defined(TN3270) && defined(unix)
-    if (HaveInput) {
-	HaveInput = 0;
-	(void) signal(SIGIO, inputAvailable);
-    }
-#endif	/* defined(TN3270) && defined(unix) */
-
-    /* Call to system code to process rings */
-
-    returnValue = process_rings(netin, netout, netex, ttyin, ttyout, !block);
-
-    /* Now, look at the input rings, looking for work to do. */
-
-    if (ring_full_count(&ttyiring)) {
-#   if defined(TN3270)
-	if (In3270) {
-	    int c;
-
-	    c = DataFromTerminal(ttyiring.consume,
-					ring_full_consecutive(&ttyiring));
-	    if (c) {
-		returnValue = 1;
-	        ring_consumed(&ttyiring, c);
-	    }
-	} else {
-#   endif /* defined(TN3270) */
-	    returnValue |= telsnd();
-#   if defined(TN3270)
-	}
-#   endif /* defined(TN3270) */
-    }
-
-    if (ring_full_count(&netiring)) {
-#	if !defined(TN3270)
-	returnValue |= telrcv();
-#	else /* !defined(TN3270) */
-	returnValue = Push3270();
-#	endif /* !defined(TN3270) */
-    }
-    return returnValue;
-}
-
-/*
- * Select from tty and network...
- */
-    void
-telnet(user)
-    char *user;
-{
-    sys_telnet_init();
-
-#if	defined(AUTHENTICATION) || defined(ENCRYPTION)
-    {
-	static char local_host[256] = { 0 };
-
-	if (!local_host[0]) {
-		gethostname(local_host, sizeof(local_host));
-		local_host[sizeof(local_host)-1] = 0;
-	}
-	auth_encrypt_init(local_host, hostname, "TELNET", 0);
-	auth_encrypt_user(user);
-    }
-#endif	/* defined(AUTHENTICATION) || defined(ENCRYPTION)  */
-#   if !defined(TN3270)
-    if (telnetport) {
-#if	defined(AUTHENTICATION)
-	if (autologin)
-		send_will(TELOPT_AUTHENTICATION, 1);
-#endif
-#ifdef	ENCRYPTION
-	send_do(TELOPT_ENCRYPT, 1);
-	send_will(TELOPT_ENCRYPT, 1);
-#endif	/* ENCRYPTION */
-	send_do(TELOPT_SGA, 1);
-	send_will(TELOPT_TTYPE, 1);
-	send_will(TELOPT_NAWS, 1);
-	send_will(TELOPT_TSPEED, 1);
-	send_will(TELOPT_LFLOW, 1);
-	send_will(TELOPT_LINEMODE, 1);
-	send_will(TELOPT_NEW_ENVIRON, 1);
-	send_do(TELOPT_STATUS, 1);
-	if (env_getvalue((unsigned char *)"DISPLAY"))
-	    send_will(TELOPT_XDISPLOC, 1);
-	if (eight)
-	    tel_enter_binary(eight);
-    }
-#   endif /* !defined(TN3270) */
-
-#   if !defined(TN3270)
-    for (;;) {
-	int schedValue;
-
-	while ((schedValue = Scheduler(0)) != 0) {
-	    if (schedValue == -1) {
-		setcommandmode();
-		return;
-	    }
-	}
-
-	if (Scheduler(1) == -1) {
-	    setcommandmode();
-	    return;
-	}
-    }
-#   else /* !defined(TN3270) */
-    for (;;) {
-	int schedValue;
-
-	while (!In3270 && !shell_active) {
-	    if (Scheduler(1) == -1) {
-		setcommandmode();
-		return;
-	    }
-	}
-
-	while ((schedValue = Scheduler(0)) != 0) {
-	    if (schedValue == -1) {
-		setcommandmode();
-		return;
-	    }
-	}
-		/* If there is data waiting to go out to terminal, don't
-		 * schedule any more data for the terminal.
-		 */
-	if (ring_full_count(&ttyoring)) {
-	    schedValue = 1;
-	} else {
-	    if (shell_active) {
-		if (shell_continue() == 0) {
-		    ConnectScreen();
-		}
-	    } else if (In3270) {
-		schedValue = DoTerminalOutput();
-	    }
-	}
-	if (schedValue && (shell_active == 0)) {
-	    if (Scheduler(1) == -1) {
-		setcommandmode();
-		return;
-	    }
-	}
-    }
-#   endif /* !defined(TN3270) */
-}
-
-#if	0	/* XXX - this not being in is a bug */
-/*
- * nextitem()
- *
- *	Return the address of the next "item" in the TELNET data
- * stream.  This will be the address of the next character if
- * the current address is a user data character, or it will
- * be the address of the character following the TELNET command
- * if the current address is a TELNET IAC ("I Am a Command")
- * character.
- */
-
-    static char *
-nextitem(current)
-    char *current;
-{
-    if ((*current&0xff) != IAC) {
-	return current+1;
-    }
-    switch (*(current+1)&0xff) {
-    case DO:
-    case DONT:
-    case WILL:
-    case WONT:
-	return current+3;
-    case SB:		/* loop forever looking for the SE */
-	{
-	    register char *look = current+2;
-
-	    for (;;) {
-		if ((*look++&0xff) == IAC) {
-		    if ((*look++&0xff) == SE) {
-			return look;
-		    }
-		}
-	    }
-	}
-    default:
-	return current+2;
-    }
-}
-#endif	/* 0 */
-
-/*
- * netclear()
- *
- *	We are about to do a TELNET SYNCH operation.  Clear
- * the path to the network.
- *
- *	Things are a bit tricky since we may have sent the first
- * byte or so of a previous TELNET command into the network.
- * So, we have to scan the network buffer from the beginning
- * until we are up to where we want to be.
- *
- *	A side effect of what we do, just to keep things
- * simple, is to clear the urgent data pointer.  The principal
- * caller should be setting the urgent data pointer AFTER calling
- * us in any case.
- */
-
-    static void
-netclear()
-{
-#if	0	/* XXX */
-    register char *thisitem, *next;
-    char *good;
-#define	wewant(p)	((nfrontp > p) && ((*p&0xff) == IAC) && \
-				((*(p+1)&0xff) != EC) && ((*(p+1)&0xff) != EL))
-
-    thisitem = netobuf;
-
-    while ((next = nextitem(thisitem)) <= netobuf.send) {
-	thisitem = next;
-    }
-
-    /* Now, thisitem is first before/at boundary. */
-
-    good = netobuf;	/* where the good bytes go */
-
-    while (netoring.add > thisitem) {
-	if (wewant(thisitem)) {
-	    int length;
-
-	    next = thisitem;
-	    do {
-		next = nextitem(next);
-	    } while (wewant(next) && (nfrontp > next));
-	    length = next-thisitem;
-	    memmove(good, thisitem, length);
-	    good += length;
-	    thisitem = next;
-	} else {
-	    thisitem = nextitem(thisitem);
-	}
-    }
-
-#endif	/* 0 */
-}
-
-/*
- * These routines add various telnet commands to the data stream.
- */
-
-    static void
-doflush()
-{
-    NET2ADD(IAC, DO);
-    NETADD(TELOPT_TM);
-    flushline = 1;
-    flushout = 1;
-    (void) ttyflush(1);			/* Flush/drop output */
-    /* do printoption AFTER flush, otherwise the output gets tossed... */
-    printoption("SENT", DO, TELOPT_TM);
-}
-
-    void
-xmitAO()
-{
-    NET2ADD(IAC, AO);
-    printoption("SENT", IAC, AO);
-    if (autoflush) {
-	doflush();
-    }
-}
-
-
-    void
-xmitEL()
-{
-    NET2ADD(IAC, EL);
-    printoption("SENT", IAC, EL);
-}
-
-    void
-xmitEC()
-{
-    NET2ADD(IAC, EC);
-    printoption("SENT", IAC, EC);
-}
-
-
-    int
-dosynch()
-{
-    netclear();			/* clear the path to the network */
-    NETADD(IAC);
-    setneturg();
-    NETADD(DM);
-    printoption("SENT", IAC, DM);
-    return 1;
-}
-
-int want_status_response = 0;
-
-    int
-get_status()
-{
-    unsigned char tmp[16];
-    register unsigned char *cp;
-
-    if (my_want_state_is_dont(TELOPT_STATUS)) {
-	printf("Remote side does not support STATUS option\n");
-	return 0;
-    }
-    cp = tmp;
-
-    *cp++ = IAC;
-    *cp++ = SB;
-    *cp++ = TELOPT_STATUS;
-    *cp++ = TELQUAL_SEND;
-    *cp++ = IAC;
-    *cp++ = SE;
-    if (NETROOM() >= cp - tmp) {
-	ring_supply_data(&netoring, tmp, cp-tmp);
-	printsub('>', tmp+2, cp - tmp - 2);
-    }
-    ++want_status_response;
-    return 1;
-}
-
-    void
-intp()
-{
-    NET2ADD(IAC, IP);
-    printoption("SENT", IAC, IP);
-    flushline = 1;
-    if (autoflush) {
-	doflush();
-    }
-    if (autosynch) {
-	dosynch();
-    }
-}
-
-    void
-sendbrk()
-{
-    NET2ADD(IAC, BREAK);
-    printoption("SENT", IAC, BREAK);
-    flushline = 1;
-    if (autoflush) {
-	doflush();
-    }
-    if (autosynch) {
-	dosynch();
-    }
-}
-
-    void
-sendabort()
-{
-    NET2ADD(IAC, ABORT);
-    printoption("SENT", IAC, ABORT);
-    flushline = 1;
-    if (autoflush) {
-	doflush();
-    }
-    if (autosynch) {
-	dosynch();
-    }
-}
-
-    void
-sendsusp()
-{
-    NET2ADD(IAC, SUSP);
-    printoption("SENT", IAC, SUSP);
-    flushline = 1;
-    if (autoflush) {
-	doflush();
-    }
-    if (autosynch) {
-	dosynch();
-    }
-}
-
-    void
-sendeof()
-{
-    NET2ADD(IAC, xEOF);
-    printoption("SENT", IAC, xEOF);
-}
-
-    void
-sendayt()
-{
-    NET2ADD(IAC, AYT);
-    printoption("SENT", IAC, AYT);
-}
-
-/*
- * Send a window size update to the remote system.
- */
-
-    void
-sendnaws()
-{
-    long rows, cols;
-    unsigned char tmp[16];
-    register unsigned char *cp;
-
-    if (my_state_is_wont(TELOPT_NAWS))
-	return;
-
-#define	PUTSHORT(cp, x) { if ((*cp++ = ((x)>>8)&0xff) == IAC) *cp++ = IAC; \
-			    if ((*cp++ = ((x))&0xff) == IAC) *cp++ = IAC; }
-
-    if (TerminalWindowSize(&rows, &cols) == 0) {	/* Failed */
-	return;
-    }
-
-    cp = tmp;
-
-    *cp++ = IAC;
-    *cp++ = SB;
-    *cp++ = TELOPT_NAWS;
-    PUTSHORT(cp, cols);
-    PUTSHORT(cp, rows);
-    *cp++ = IAC;
-    *cp++ = SE;
-    if (NETROOM() >= cp - tmp) {
-	ring_supply_data(&netoring, tmp, cp-tmp);
-	printsub('>', tmp+2, cp - tmp - 2);
-    }
-}
-
-    void
-tel_enter_binary(rw)
-    int rw;
-{
-    if (rw&1)
-	send_do(TELOPT_BINARY, 1);
-    if (rw&2)
-	send_will(TELOPT_BINARY, 1);
-}
-
-    void
-tel_leave_binary(rw)
-    int rw;
-{
-    if (rw&1)
-	send_dont(TELOPT_BINARY, 1);
-    if (rw&2)
-	send_wont(TELOPT_BINARY, 1);
-}
diff --git a/secure/usr.bin/telnet/terminal.c b/secure/usr.bin/telnet/terminal.c
deleted file mode 100644
index b5ceeda2b525..000000000000
--- a/secure/usr.bin/telnet/terminal.c
+++ /dev/null
@@ -1,240 +0,0 @@
-/*
- * Copyright (c) 1988, 1990, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#)terminal.c	8.2 (Berkeley) 2/16/95";
-#endif /* not lint */
-
-#include <arpa/telnet.h>
-#include <sys/types.h>
-
-#include "ring.h"
-
-#include "externs.h"
-#include "types.h"
-
-Ring		ttyoring, ttyiring;
-unsigned char	ttyobuf[2*BUFSIZ], ttyibuf[BUFSIZ];
-
-int termdata;			/* Debugging flag */
-
-#ifdef	USE_TERMIO
-# ifndef VDISCARD
-cc_t termFlushChar;
-# endif
-# ifndef VLNEXT
-cc_t termLiteralNextChar;
-# endif
-# ifndef VSUSP
-cc_t termSuspChar;
-# endif
-# ifndef VWERASE
-cc_t termWerasChar;
-# endif
-# ifndef VREPRINT
-cc_t termRprntChar;
-# endif
-# ifndef VSTART
-cc_t termStartChar;
-# endif
-# ifndef VSTOP
-cc_t termStopChar;
-# endif
-# ifndef VEOL
-cc_t termForw1Char;
-# endif
-# ifndef VEOL2
-cc_t termForw2Char;
-# endif
-# ifndef VSTATUS
-cc_t termAytChar;
-# endif
-#else
-cc_t termForw2Char;
-cc_t termAytChar;
-#endif
-
-/*
- * initialize the terminal data structures.
- */
-
-    void
-init_terminal()
-{
-    if (ring_init(&ttyoring, ttyobuf, sizeof ttyobuf) != 1) {
-	exit(1);
-    }
-    if (ring_init(&ttyiring, ttyibuf, sizeof ttyibuf) != 1) {
-	exit(1);
-    }
-    autoflush = TerminalAutoFlush();
-}
-
-
-/*
- *		Send as much data as possible to the terminal.
- *
- *		Return value:
- *			-1: No useful work done, data waiting to go out.
- *			 0: No data was waiting, so nothing was done.
- *			 1: All waiting data was written out.
- *			 n: All data - n was written out.
- */
-
-
-    int
-ttyflush(drop)
-    int drop;
-{
-    register int n, n0, n1;
-
-    n0 = ring_full_count(&ttyoring);
-    if ((n1 = n = ring_full_consecutive(&ttyoring)) > 0) {
-	if (drop) {
-	    TerminalFlushOutput();
-	    /* we leave 'n' alone! */
-	} else {
-	    n = TerminalWrite(ttyoring.consume, n);
-	}
-    }
-    if (n > 0) {
-	if (termdata && n) {
-	    Dump('>', ttyoring.consume, n);
-	}
-	/*
-	 * If we wrote everything, and the full count is
-	 * larger than what we wrote, then write the
-	 * rest of the buffer.
-	 */
-	if (n1 == n && n0 > n) {
-		n1 = n0 - n;
-		if (!drop)
-			n1 = TerminalWrite(ttyoring.bottom, n1);
-		if (n1 > 0)
-			n += n1;
-	}
-	ring_consumed(&ttyoring, n);
-    }
-    if (n < 0)
-	return -1;
-    if (n == n0) {
-	if (n0)
-	    return -1;
-	return 0;
-    }
-    return n0 - n + 1;
-}
-
-
-/*
- * These routines decides on what the mode should be (based on the values
- * of various global variables).
- */
-
-
-    int
-getconnmode()
-{
-    extern int linemode;
-    int mode = 0;
-#ifdef	KLUDGELINEMODE
-    extern int kludgelinemode;
-#endif
-
-    if (In3270)
-	return(MODE_FLOW);
-
-    if (my_want_state_is_dont(TELOPT_ECHO))
-	mode |= MODE_ECHO;
-
-    if (localflow)
-	mode |= MODE_FLOW;
-
-    if (my_want_state_is_will(TELOPT_BINARY))
-	mode |= MODE_INBIN;
-
-    if (his_want_state_is_will(TELOPT_BINARY))
-	mode |= MODE_OUTBIN;
-
-#ifdef	KLUDGELINEMODE
-    if (kludgelinemode) {
-	if (my_want_state_is_dont(TELOPT_SGA)) {
-	    mode |= (MODE_TRAPSIG|MODE_EDIT);
-	    if (dontlecho && (clocks.echotoggle > clocks.modenegotiated)) {
-		mode &= ~MODE_ECHO;
-	    }
-	}
-	return(mode);
-    }
-#endif
-    if (my_want_state_is_will(TELOPT_LINEMODE))
-	mode |= linemode;
-    return(mode);
-}
-
-    void
-setconnmode(force)
-    int force;
-{
-#ifdef	ENCRYPTION
-    static int enc_passwd = 0;
-#endif	/* ENCRYPTION */
-    register int newmode;
-
-    newmode = getconnmode()|(force?MODE_FORCE:0);
-
-    TerminalNewMode(newmode);
-
-#ifdef  ENCRYPTION
-    if ((newmode & (MODE_ECHO|MODE_EDIT)) == MODE_EDIT) {
-	if (my_want_state_is_will(TELOPT_ENCRYPT)
-				&& (enc_passwd == 0) && !encrypt_output) {
-	    encrypt_request_start(0, 0);
-	    enc_passwd = 1;
-	}
-    } else {
-	if (enc_passwd) {
-	    encrypt_request_end();
-	    enc_passwd = 0;
-	}
-    }
-#endif	/* ENCRYPTION */
-
-}
-
-
-    void
-setcommandmode()
-{
-    TerminalNewMode(-1);
-}
diff --git a/secure/usr.bin/telnet/tn3270.c b/secure/usr.bin/telnet/tn3270.c
deleted file mode 100644
index a75cd1ecb5a9..000000000000
--- a/secure/usr.bin/telnet/tn3270.c
+++ /dev/null
@@ -1,411 +0,0 @@
-/*
- * Copyright (c) 1988, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#)tn3270.c	8.2 (Berkeley) 5/30/95";
-#endif /* not lint */
-
-#include <sys/types.h>
-#include <arpa/telnet.h>
-
-#include "general.h"
-
-#include "defines.h"
-#include "ring.h"
-#include "externs.h"
-#include "fdset.h"
-
-#if	defined(TN3270)
-
-#include "../ctlr/screen.h"
-#include "../general/globals.h"
-
-#include "../sys_curses/telextrn.h"
-#include "../ctlr/externs.h"
-
-#if	defined(unix)
-int
-	HaveInput,		/* There is input available to scan */
-	cursesdata,		/* Do we dump curses data? */
-	sigiocount;		/* Number of times we got a SIGIO */
-
-char	tline[200];
-char	*transcom = 0;	/* transparent mode command (default: none) */
-#endif	/* defined(unix) */
-
-char	Ibuf[8*BUFSIZ], *Ifrontp, *Ibackp;
-
-static char	sb_terminal[] = { IAC, SB,
-			TELOPT_TTYPE, TELQUAL_IS,
-			'I', 'B', 'M', '-', '3', '2', '7', '8', '-', '2',
-			IAC, SE };
-#define	SBTERMMODEL	13
-
-static int
-	Sent3270TerminalType;	/* Have we said we are a 3270? */
-
-#endif	/* defined(TN3270) */
-
-
-    void
-init_3270()
-{
-#if	defined(TN3270)
-#if	defined(unix)
-    HaveInput = 0;
-    sigiocount = 0;
-#endif	/* defined(unix) */
-    Sent3270TerminalType = 0;
-    Ifrontp = Ibackp = Ibuf;
-    init_ctlr();		/* Initialize some things */
-    init_keyboard();
-    init_screen();
-    init_system();
-#endif	/* defined(TN3270) */
-}
-
-
-#if	defined(TN3270)
-
-/*
- * DataToNetwork - queue up some data to go to network.  If "done" is set,
- * then when last byte is queued, we add on an IAC EOR sequence (so,
- * don't call us with "done" until you want that done...)
- *
- * We actually do send all the data to the network buffer, since our
- * only client needs for us to do that.
- */
-
-    int
-DataToNetwork(buffer, count, done)
-    register char *buffer;	/* where the data is */
-    register int  count;	/* how much to send */
-    int		  done;		/* is this the last of a logical block */
-{
-    register int loop, c;
-    int origCount;
-
-    origCount = count;
-
-    while (count) {
-	/* If not enough room for EORs, IACs, etc., wait */
-	if (NETROOM() < 6) {
-	    fd_set o;
-
-	    FD_ZERO(&o);
-	    netflush();
-	    while (NETROOM() < 6) {
-		FD_SET(net, &o);
-		(void) select(net+1, (fd_set *) 0, &o, (fd_set *) 0,
-						(struct timeval *) 0);
-		netflush();
-	    }
-	}
-	c = ring_empty_count(&netoring);
-	if (c > count) {
-	    c = count;
-	}
-	loop = c;
-	while (loop) {
-	    if (((unsigned char)*buffer) == IAC) {
-		break;
-	    }
-	    buffer++;
-	    loop--;
-	}
-	if ((c = c-loop)) {
-	    ring_supply_data(&netoring, buffer-c, c);
-	    count -= c;
-	}
-	if (loop) {
-	    NET2ADD(IAC, IAC);
-	    count--;
-	    buffer++;
-	}
-    }
-
-    if (done) {
-	NET2ADD(IAC, EOR);
-	netflush();		/* try to move along as quickly as ... */
-    }
-    return(origCount - count);
-}
-
-
-#if	defined(unix)
-    void
-inputAvailable(signo)
-	int signo;
-{
-    HaveInput = 1;
-    sigiocount++;
-}
-#endif	/* defined(unix) */
-
-    void
-outputPurge()
-{
-    (void) ttyflush(1);
-}
-
-
-/*
- * The following routines are places where the various tn3270
- * routines make calls into telnet.c.
- */
-
-/*
- * DataToTerminal - queue up some data to go to terminal.
- *
- * Note: there are people who call us and depend on our processing
- * *all* the data at one time (thus the select).
- */
-
-    int
-DataToTerminal(buffer, count)
-    register char	*buffer;		/* where the data is */
-    register int	count;			/* how much to send */
-{
-    register int c;
-    int origCount;
-
-    origCount = count;
-
-    while (count) {
-	if (TTYROOM() == 0) {
-#if	defined(unix)
-	    fd_set o;
-
-	    FD_ZERO(&o);
-#endif	/* defined(unix) */
-	    (void) ttyflush(0);
-	    while (TTYROOM() == 0) {
-#if	defined(unix)
-		FD_SET(tout, &o);
-		(void) select(tout+1, (fd_set *) 0, &o, (fd_set *) 0,
-						(struct timeval *) 0);
-#endif	/* defined(unix) */
-		(void) ttyflush(0);
-	    }
-	}
-	c = TTYROOM();
-	if (c > count) {
-	    c = count;
-	}
-	ring_supply_data(&ttyoring, buffer, c);
-	count -= c;
-	buffer += c;
-    }
-    return(origCount);
-}
-
-
-/*
- * Push3270 - Try to send data along the 3270 output (to screen) direction.
- */
-
-    int
-Push3270()
-{
-    int save = ring_full_count(&netiring);
-
-    if (save) {
-	if (Ifrontp+save > Ibuf+sizeof Ibuf) {
-	    if (Ibackp != Ibuf) {
-		memmove(Ibuf, Ibackp, Ifrontp-Ibackp);
-		Ifrontp -= (Ibackp-Ibuf);
-		Ibackp = Ibuf;
-	    }
-	}
-	if (Ifrontp+save < Ibuf+sizeof Ibuf) {
-	    (void)telrcv();
-	}
-    }
-    return save != ring_full_count(&netiring);
-}
-
-
-/*
- * Finish3270 - get the last dregs of 3270 data out to the terminal
- *		before quitting.
- */
-
-    void
-Finish3270()
-{
-    while (Push3270() || !DoTerminalOutput()) {
-#if	defined(unix)
-	HaveInput = 0;
-#endif	/* defined(unix) */
-	;
-    }
-}
-
-
-/* StringToTerminal - output a null terminated string to the terminal */
-
-    void
-StringToTerminal(s)
-    char *s;
-{
-    int count;
-
-    count = strlen(s);
-    if (count) {
-	(void) DataToTerminal(s, count);	/* we know it always goes... */
-    }
-}
-
-
-#if	((!defined(NOT43)) || defined(PUTCHAR))
-/* _putchar - output a single character to the terminal.  This name is so that
- *	curses(3x) can call us to send out data.
- */
-
-    void
-_putchar(c)
-    char c;
-{
-#if	defined(sun)		/* SunOS 4.0 bug */
-    c &= 0x7f;
-#endif	/* defined(sun) */
-    if (cursesdata) {
-	Dump('>', &c, 1);
-    }
-    if (!TTYROOM()) {
-	(void) DataToTerminal(&c, 1);
-    } else {
-	TTYADD(c);
-    }
-}
-#endif	/* ((!defined(NOT43)) || defined(PUTCHAR)) */
-
-    void
-SetIn3270()
-{
-    if (Sent3270TerminalType && my_want_state_is_will(TELOPT_BINARY)
-		&& my_want_state_is_do(TELOPT_BINARY) && !donebinarytoggle) {
-	if (!In3270) {
-	    In3270 = 1;
-	    Init3270();		/* Initialize 3270 functions */
-	    /* initialize terminal key mapping */
-	    InitTerminal();	/* Start terminal going */
-	    setconnmode(0);
-	}
-    } else {
-	if (In3270) {
-	    StopScreen(1);
-	    In3270 = 0;
-	    Stop3270();		/* Tell 3270 we aren't here anymore */
-	    setconnmode(0);
-	}
-    }
-}
-
-/*
- * tn3270_ttype()
- *
- *	Send a response to a terminal type negotiation.
- *
- *	Return '0' if no more responses to send; '1' if a response sent.
- */
-
-    int
-tn3270_ttype()
-{
-    /*
-     * Try to send a 3270 type terminal name.  Decide which one based
-     * on the format of our screen, and (in the future) color
-     * capaiblities.
-     */
-    InitTerminal();		/* Sets MaxNumberColumns, MaxNumberLines */
-    if ((MaxNumberLines >= 24) && (MaxNumberColumns >= 80)) {
-	Sent3270TerminalType = 1;
-	if ((MaxNumberLines >= 27) && (MaxNumberColumns >= 132)) {
-	    MaxNumberLines = 27;
-	    MaxNumberColumns = 132;
-	    sb_terminal[SBTERMMODEL] = '5';
-	} else if (MaxNumberLines >= 43) {
-	    MaxNumberLines = 43;
-	    MaxNumberColumns = 80;
-	    sb_terminal[SBTERMMODEL] = '4';
-	} else if (MaxNumberLines >= 32) {
-	    MaxNumberLines = 32;
-	    MaxNumberColumns = 80;
-	    sb_terminal[SBTERMMODEL] = '3';
-	} else {
-	    MaxNumberLines = 24;
-	    MaxNumberColumns = 80;
-	    sb_terminal[SBTERMMODEL] = '2';
-	}
-	NumberLines = 24;		/* before we start out... */
-	NumberColumns = 80;
-	ScreenSize = NumberLines*NumberColumns;
-	if ((MaxNumberLines*MaxNumberColumns) > MAXSCREENSIZE) {
-	    ExitString("Programming error:  MAXSCREENSIZE too small.\n",
-								1);
-	    /*NOTREACHED*/
-	}
-	printsub('>', sb_terminal+2, sizeof sb_terminal-2);
-	ring_supply_data(&netoring, sb_terminal, sizeof sb_terminal);
-	return 1;
-    } else {
-	return 0;
-    }
-}
-
-#if	defined(unix)
-	int
-settranscom(argc, argv)
-	int argc;
-	char *argv[];
-{
-	int i;
-
-	if (argc == 1 && transcom) {
-	   transcom = 0;
-	}
-	if (argc == 1) {
-	   return 1;
-	}
-	transcom = tline;
-	(void) strcpy(transcom, argv[1]);
-	for (i = 2; i < argc; ++i) {
-	    (void) strcat(transcom, " ");
-	    (void) strcat(transcom, argv[i]);
-	}
-	return 1;
-}
-#endif	/* defined(unix) */
-
-#endif	/* defined(TN3270) */
diff --git a/secure/usr.bin/telnet/types.h b/secure/usr.bin/telnet/types.h
deleted file mode 100644
index 191d311fd154..000000000000
--- a/secure/usr.bin/telnet/types.h
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright (c) 1988, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)types.h	8.1 (Berkeley) 6/6/93
- */
-
-typedef struct {
-    char *modedescriptions;
-    char modetype;
-} Modelist;
-
-extern Modelist modelist[];
-
-typedef struct {
-    int
-	system,			/* what the current time is */
-	echotoggle,		/* last time user entered echo character */
-	modenegotiated,		/* last time operating mode negotiated */
-	didnetreceive,		/* last time we read data from network */
-	gotDM;			/* when did we last see a data mark */
-} Clocks;
-
-extern Clocks clocks;
diff --git a/secure/usr.bin/telnet/utilities.c b/secure/usr.bin/telnet/utilities.c
deleted file mode 100644
index 06d08a45120c..000000000000
--- a/secure/usr.bin/telnet/utilities.c
+++ /dev/null
@@ -1,939 +0,0 @@
-/*
- * Copyright (c) 1988, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#)utilities.c	8.3 (Berkeley) 5/30/95";
-#endif /* not lint */
-
-#define	TELOPTS
-#define	TELCMDS
-#define	SLC_NAMES
-#include <arpa/telnet.h>
-#include <sys/types.h>
-#include <sys/time.h>
-
-#include <ctype.h>
-
-#include "general.h"
-
-#include "fdset.h"
-
-#include "ring.h"
-
-#include "defines.h"
-
-#include "externs.h"
-
-FILE	*NetTrace = 0;		/* Not in bss, since needs to stay */
-int	prettydump;
-
-/*
- * upcase()
- *
- *	Upcase (in place) the argument.
- */
-
-    void
-upcase(argument)
-    register char *argument;
-{
-    register int c;
-
-    while ((c = *argument) != 0) {
-	if (islower(c)) {
-	    *argument = toupper(c);
-	}
-	argument++;
-    }
-}
-
-/*
- * SetSockOpt()
- *
- * Compensate for differences in 4.2 and 4.3 systems.
- */
-
-    int
-SetSockOpt(fd, level, option, yesno)
-    int fd, level, option, yesno;
-{
-#ifndef	NOT43
-    return setsockopt(fd, level, option,
-				(char *)&yesno, sizeof yesno);
-#else	/* NOT43 */
-    if (yesno == 0) {		/* Can't do that in 4.2! */
-	fprintf(stderr, "Error: attempt to turn off an option 0x%x.\n",
-				option);
-	return -1;
-    }
-    return setsockopt(fd, level, option, 0, 0);
-#endif	/* NOT43 */
-}
-
-/*
- * The following are routines used to print out debugging information.
- */
-
-unsigned char NetTraceFile[256] = "(standard output)";
-
-    void
-SetNetTrace(file)
-    register char *file;
-{
-    if (NetTrace && NetTrace != stdout)
-	fclose(NetTrace);
-    if (file  && (strcmp(file, "-") != 0)) {
-	NetTrace = fopen(file, "w");
-	if (NetTrace) {
-	    strcpy((char *)NetTraceFile, file);
-	    return;
-	}
-	fprintf(stderr, "Cannot open %s.\n", file);
-    }
-    NetTrace = stdout;
-    strcpy((char *)NetTraceFile, "(standard output)");
-}
-
-    void
-Dump(direction, buffer, length)
-    char direction;
-    unsigned char *buffer;
-    int length;
-{
-#   define BYTES_PER_LINE	32
-#   define min(x,y)	((x<y)? x:y)
-    unsigned char *pThis;
-    int offset;
-    extern pettydump;
-
-    offset = 0;
-
-    while (length) {
-	/* print one line */
-	fprintf(NetTrace, "%c 0x%x\t", direction, offset);
-	pThis = buffer;
-	if (prettydump) {
-	    buffer = buffer + min(length, BYTES_PER_LINE/2);
-	    while (pThis < buffer) {
-		fprintf(NetTrace, "%c%.2x",
-		    (((*pThis)&0xff) == 0xff) ? '*' : ' ',
-		    (*pThis)&0xff);
-		pThis++;
-	    }
-	    length -= BYTES_PER_LINE/2;
-	    offset += BYTES_PER_LINE/2;
-	} else {
-	    buffer = buffer + min(length, BYTES_PER_LINE);
-	    while (pThis < buffer) {
-		fprintf(NetTrace, "%.2x", (*pThis)&0xff);
-		pThis++;
-	    }
-	    length -= BYTES_PER_LINE;
-	    offset += BYTES_PER_LINE;
-	}
-	if (NetTrace == stdout) {
-	    fprintf(NetTrace, "\r\n");
-	} else {
-	    fprintf(NetTrace, "\n");
-	}
-	if (length < 0) {
-	    fflush(NetTrace);
-	    return;
-	}
-	/* find next unique line */
-    }
-    fflush(NetTrace);
-}
-
-
-	void
-printoption(direction, cmd, option)
-	char *direction;
-	int cmd, option;
-{
-	if (!showoptions)
-		return;
-	if (cmd == IAC) {
-		if (TELCMD_OK(option))
-		    fprintf(NetTrace, "%s IAC %s", direction, TELCMD(option));
-		else
-		    fprintf(NetTrace, "%s IAC %d", direction, option);
-	} else {
-		register char *fmt;
-		fmt = (cmd == WILL) ? "WILL" : (cmd == WONT) ? "WONT" :
-			(cmd == DO) ? "DO" : (cmd == DONT) ? "DONT" : 0;
-		if (fmt) {
-		    fprintf(NetTrace, "%s %s ", direction, fmt);
-		    if (TELOPT_OK(option))
-			fprintf(NetTrace, "%s", TELOPT(option));
-		    else if (option == TELOPT_EXOPL)
-			fprintf(NetTrace, "EXOPL");
-		    else
-			fprintf(NetTrace, "%d", option);
-		} else
-		    fprintf(NetTrace, "%s %d %d", direction, cmd, option);
-	}
-	if (NetTrace == stdout) {
-	    fprintf(NetTrace, "\r\n");
-	    fflush(NetTrace);
-	} else {
-	    fprintf(NetTrace, "\n");
-	}
-	return;
-}
-
-    void
-optionstatus()
-{
-    register int i;
-    extern char will_wont_resp[], do_dont_resp[];
-
-    for (i = 0; i < 256; i++) {
-	if (do_dont_resp[i]) {
-	    if (TELOPT_OK(i))
-		printf("resp DO_DONT %s: %d\n", TELOPT(i), do_dont_resp[i]);
-	    else if (TELCMD_OK(i))
-		printf("resp DO_DONT %s: %d\n", TELCMD(i), do_dont_resp[i]);
-	    else
-		printf("resp DO_DONT %d: %d\n", i,
-				do_dont_resp[i]);
-	    if (my_want_state_is_do(i)) {
-		if (TELOPT_OK(i))
-		    printf("want DO   %s\n", TELOPT(i));
-		else if (TELCMD_OK(i))
-		    printf("want DO   %s\n", TELCMD(i));
-		else
-		    printf("want DO   %d\n", i);
-	    } else {
-		if (TELOPT_OK(i))
-		    printf("want DONT %s\n", TELOPT(i));
-		else if (TELCMD_OK(i))
-		    printf("want DONT %s\n", TELCMD(i));
-		else
-		    printf("want DONT %d\n", i);
-	    }
-	} else {
-	    if (my_state_is_do(i)) {
-		if (TELOPT_OK(i))
-		    printf("     DO   %s\n", TELOPT(i));
-		else if (TELCMD_OK(i))
-		    printf("     DO   %s\n", TELCMD(i));
-		else
-		    printf("     DO   %d\n", i);
-	    }
-	}
-	if (will_wont_resp[i]) {
-	    if (TELOPT_OK(i))
-		printf("resp WILL_WONT %s: %d\n", TELOPT(i), will_wont_resp[i]);
-	    else if (TELCMD_OK(i))
-		printf("resp WILL_WONT %s: %d\n", TELCMD(i), will_wont_resp[i]);
-	    else
-		printf("resp WILL_WONT %d: %d\n",
-				i, will_wont_resp[i]);
-	    if (my_want_state_is_will(i)) {
-		if (TELOPT_OK(i))
-		    printf("want WILL %s\n", TELOPT(i));
-		else if (TELCMD_OK(i))
-		    printf("want WILL %s\n", TELCMD(i));
-		else
-		    printf("want WILL %d\n", i);
-	    } else {
-		if (TELOPT_OK(i))
-		    printf("want WONT %s\n", TELOPT(i));
-		else if (TELCMD_OK(i))
-		    printf("want WONT %s\n", TELCMD(i));
-		else
-		    printf("want WONT %d\n", i);
-	    }
-	} else {
-	    if (my_state_is_will(i)) {
-		if (TELOPT_OK(i))
-		    printf("     WILL %s\n", TELOPT(i));
-		else if (TELCMD_OK(i))
-		    printf("     WILL %s\n", TELCMD(i));
-		else
-		    printf("     WILL %d\n", i);
-	    }
-	}
-    }
-
-}
-
-    void
-printsub(direction, pointer, length)
-    char direction;	/* '<' or '>' */
-    unsigned char *pointer;	/* where suboption data sits */
-    int		  length;	/* length of suboption data */
-{
-    register int i;
-    char buf[512];
-    extern int want_status_response;
-
-    if (showoptions || direction == 0 ||
-	(want_status_response && (pointer[0] == TELOPT_STATUS))) {
-	if (direction) {
-	    fprintf(NetTrace, "%s IAC SB ",
-				(direction == '<')? "RCVD":"SENT");
-	    if (length >= 3) {
-		register int j;
-
-		i = pointer[length-2];
-		j = pointer[length-1];
-
-		if (i != IAC || j != SE) {
-		    fprintf(NetTrace, "(terminated by ");
-		    if (TELOPT_OK(i))
-			fprintf(NetTrace, "%s ", TELOPT(i));
-		    else if (TELCMD_OK(i))
-			fprintf(NetTrace, "%s ", TELCMD(i));
-		    else
-			fprintf(NetTrace, "%d ", i);
-		    if (TELOPT_OK(j))
-			fprintf(NetTrace, "%s", TELOPT(j));
-		    else if (TELCMD_OK(j))
-			fprintf(NetTrace, "%s", TELCMD(j));
-		    else
-			fprintf(NetTrace, "%d", j);
-		    fprintf(NetTrace, ", not IAC SE!) ");
-		}
-	    }
-	    length -= 2;
-	}
-	if (length < 1) {
-	    fprintf(NetTrace, "(Empty suboption??\?)");
-	    if (NetTrace == stdout)
-		fflush(NetTrace);
-	    return;
-	}
-	switch (pointer[0]) {
-	case TELOPT_TTYPE:
-	    fprintf(NetTrace, "TERMINAL-TYPE ");
-	    switch (pointer[1]) {
-	    case TELQUAL_IS:
-		fprintf(NetTrace, "IS \"%.*s\"", length-2, (char *)pointer+2);
-		break;
-	    case TELQUAL_SEND:
-		fprintf(NetTrace, "SEND");
-		break;
-	    default:
-		fprintf(NetTrace,
-				"- unknown qualifier %d (0x%x).",
-				pointer[1], pointer[1]);
-	    }
-	    break;
-	case TELOPT_TSPEED:
-	    fprintf(NetTrace, "TERMINAL-SPEED");
-	    if (length < 2) {
-		fprintf(NetTrace, " (empty suboption??\?)");
-		break;
-	    }
-	    switch (pointer[1]) {
-	    case TELQUAL_IS:
-		fprintf(NetTrace, " IS ");
-		fprintf(NetTrace, "%.*s", length-2, (char *)pointer+2);
-		break;
-	    default:
-		if (pointer[1] == 1)
-		    fprintf(NetTrace, " SEND");
-		else
-		    fprintf(NetTrace, " %d (unknown)", pointer[1]);
-		for (i = 2; i < length; i++)
-		    fprintf(NetTrace, " ?%d?", pointer[i]);
-		break;
-	    }
-	    break;
-
-	case TELOPT_LFLOW:
-	    fprintf(NetTrace, "TOGGLE-FLOW-CONTROL");
-	    if (length < 2) {
-		fprintf(NetTrace, " (empty suboption??\?)");
-		break;
-	    }
-	    switch (pointer[1]) {
-	    case LFLOW_OFF:
-		fprintf(NetTrace, " OFF"); break;
-	    case LFLOW_ON:
-		fprintf(NetTrace, " ON"); break;
-	    case LFLOW_RESTART_ANY:
-		fprintf(NetTrace, " RESTART-ANY"); break;
-	    case LFLOW_RESTART_XON:
-		fprintf(NetTrace, " RESTART-XON"); break;
-	    default:
-		fprintf(NetTrace, " %d (unknown)", pointer[1]);
-	    }
-	    for (i = 2; i < length; i++)
-		fprintf(NetTrace, " ?%d?", pointer[i]);
-	    break;
-
-	case TELOPT_NAWS:
-	    fprintf(NetTrace, "NAWS");
-	    if (length < 2) {
-		fprintf(NetTrace, " (empty suboption??\?)");
-		break;
-	    }
-	    if (length == 2) {
-		fprintf(NetTrace, " ?%d?", pointer[1]);
-		break;
-	    }
-	    fprintf(NetTrace, " %d %d (%d)",
-		pointer[1], pointer[2],
-		(int)((((unsigned int)pointer[1])<<8)|((unsigned int)pointer[2])));
-	    if (length == 4) {
-		fprintf(NetTrace, " ?%d?", pointer[3]);
-		break;
-	    }
-	    fprintf(NetTrace, " %d %d (%d)",
-		pointer[3], pointer[4],
-		(int)((((unsigned int)pointer[3])<<8)|((unsigned int)pointer[4])));
-	    for (i = 5; i < length; i++)
-		fprintf(NetTrace, " ?%d?", pointer[i]);
-	    break;
-
-#if	defined(AUTHENTICATION)
-	case TELOPT_AUTHENTICATION:
-	    fprintf(NetTrace, "AUTHENTICATION");
-	    if (length < 2) {
-		fprintf(NetTrace, " (empty suboption??\?)");
-		break;
-	    }
-	    switch (pointer[1]) {
-	    case TELQUAL_REPLY:
-	    case TELQUAL_IS:
-		fprintf(NetTrace, " %s ", (pointer[1] == TELQUAL_IS) ?
-							"IS" : "REPLY");
-		if (AUTHTYPE_NAME_OK(pointer[2]))
-		    fprintf(NetTrace, "%s ", AUTHTYPE_NAME(pointer[2]));
-		else
-		    fprintf(NetTrace, "%d ", pointer[2]);
-		if (length < 3) {
-		    fprintf(NetTrace, "(partial suboption??\?)");
-		    break;
-		}
-		fprintf(NetTrace, "%s|%s",
-			((pointer[3] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ?
-			"CLIENT" : "SERVER",
-			((pointer[3] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ?
-			"MUTUAL" : "ONE-WAY");
-
-		auth_printsub(&pointer[1], length - 1, buf, sizeof(buf));
-		fprintf(NetTrace, "%s", buf);
-		break;
-
-	    case TELQUAL_SEND:
-		i = 2;
-		fprintf(NetTrace, " SEND ");
-		while (i < length) {
-		    if (AUTHTYPE_NAME_OK(pointer[i]))
-			fprintf(NetTrace, "%s ", AUTHTYPE_NAME(pointer[i]));
-		    else
-			fprintf(NetTrace, "%d ", pointer[i]);
-		    if (++i >= length) {
-			fprintf(NetTrace, "(partial suboption??\?)");
-			break;
-		    }
-		    fprintf(NetTrace, "%s|%s ",
-			((pointer[i] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ?
-							"CLIENT" : "SERVER",
-			((pointer[i] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ?
-							"MUTUAL" : "ONE-WAY");
-		    ++i;
-		}
-		break;
-
-	    case TELQUAL_NAME:
-		i = 2;
-		fprintf(NetTrace, " NAME \"");
-		while (i < length)
-		    putc(pointer[i++], NetTrace);
-		putc('"', NetTrace);
-		break;
-
-	    default:
-		    for (i = 2; i < length; i++)
-			fprintf(NetTrace, " ?%d?", pointer[i]);
-		    break;
-	    }
-	    break;
-#endif
-
-#ifdef	ENCRYPTION
-	case TELOPT_ENCRYPT:
-	    fprintf(NetTrace, "ENCRYPT");
-	    if (length < 2) {
-		fprintf(NetTrace, " (empty suboption??\?)");
-		break;
-	    }
-	    switch (pointer[1]) {
-	    case ENCRYPT_START:
-		fprintf(NetTrace, " START");
-		break;
-
-	    case ENCRYPT_END:
-		fprintf(NetTrace, " END");
-		break;
-
-	    case ENCRYPT_REQSTART:
-		fprintf(NetTrace, " REQUEST-START");
-		break;
-
-	    case ENCRYPT_REQEND:
-		fprintf(NetTrace, " REQUEST-END");
-		break;
-
-	    case ENCRYPT_IS:
-	    case ENCRYPT_REPLY:
-		fprintf(NetTrace, " %s ", (pointer[1] == ENCRYPT_IS) ?
-							"IS" : "REPLY");
-		if (length < 3) {
-		    fprintf(NetTrace, " (partial suboption??\?)");
-		    break;
-		}
-		if (ENCTYPE_NAME_OK(pointer[2]))
-		    fprintf(NetTrace, "%s ", ENCTYPE_NAME(pointer[2]));
-		else
-		    fprintf(NetTrace, " %d (unknown)", pointer[2]);
-
-		encrypt_printsub(&pointer[1], length - 1, buf, sizeof(buf));
-		fprintf(NetTrace, "%s", buf);
-		break;
-
-	    case ENCRYPT_SUPPORT:
-		i = 2;
-		fprintf(NetTrace, " SUPPORT ");
-		while (i < length) {
-		    if (ENCTYPE_NAME_OK(pointer[i]))
-			fprintf(NetTrace, "%s ", ENCTYPE_NAME(pointer[i]));
-		    else
-			fprintf(NetTrace, "%d ", pointer[i]);
-		    i++;
-		}
-		break;
-
-	    case ENCRYPT_ENC_KEYID:
-		fprintf(NetTrace, " ENC_KEYID ");
-		goto encommon;
-
-	    case ENCRYPT_DEC_KEYID:
-		fprintf(NetTrace, " DEC_KEYID ");
-		goto encommon;
-
-	    default:
-		fprintf(NetTrace, " %d (unknown)", pointer[1]);
-	    encommon:
-		for (i = 2; i < length; i++)
-		    fprintf(NetTrace, " %d", pointer[i]);
-		break;
-	    }
-	    break;
-#endif	/* ENCRYPTION */
-
-	case TELOPT_LINEMODE:
-	    fprintf(NetTrace, "LINEMODE ");
-	    if (length < 2) {
-		fprintf(NetTrace, " (empty suboption??\?)");
-		break;
-	    }
-	    switch (pointer[1]) {
-	    case WILL:
-		fprintf(NetTrace, "WILL ");
-		goto common;
-	    case WONT:
-		fprintf(NetTrace, "WONT ");
-		goto common;
-	    case DO:
-		fprintf(NetTrace, "DO ");
-		goto common;
-	    case DONT:
-		fprintf(NetTrace, "DONT ");
-	    common:
-		if (length < 3) {
-		    fprintf(NetTrace, "(no option??\?)");
-		    break;
-		}
-		switch (pointer[2]) {
-		case LM_FORWARDMASK:
-		    fprintf(NetTrace, "Forward Mask");
-		    for (i = 3; i < length; i++)
-			fprintf(NetTrace, " %x", pointer[i]);
-		    break;
-		default:
-		    fprintf(NetTrace, "%d (unknown)", pointer[2]);
-		    for (i = 3; i < length; i++)
-			fprintf(NetTrace, " %d", pointer[i]);
-		    break;
-		}
-		break;
-
-	    case LM_SLC:
-		fprintf(NetTrace, "SLC");
-		for (i = 2; i < length - 2; i += 3) {
-		    if (SLC_NAME_OK(pointer[i+SLC_FUNC]))
-			fprintf(NetTrace, " %s", SLC_NAME(pointer[i+SLC_FUNC]));
-		    else
-			fprintf(NetTrace, " %d", pointer[i+SLC_FUNC]);
-		    switch (pointer[i+SLC_FLAGS]&SLC_LEVELBITS) {
-		    case SLC_NOSUPPORT:
-			fprintf(NetTrace, " NOSUPPORT"); break;
-		    case SLC_CANTCHANGE:
-			fprintf(NetTrace, " CANTCHANGE"); break;
-		    case SLC_VARIABLE:
-			fprintf(NetTrace, " VARIABLE"); break;
-		    case SLC_DEFAULT:
-			fprintf(NetTrace, " DEFAULT"); break;
-		    }
-		    fprintf(NetTrace, "%s%s%s",
-			pointer[i+SLC_FLAGS]&SLC_ACK ? "|ACK" : "",
-			pointer[i+SLC_FLAGS]&SLC_FLUSHIN ? "|FLUSHIN" : "",
-			pointer[i+SLC_FLAGS]&SLC_FLUSHOUT ? "|FLUSHOUT" : "");
-		    if (pointer[i+SLC_FLAGS]& ~(SLC_ACK|SLC_FLUSHIN|
-						SLC_FLUSHOUT| SLC_LEVELBITS))
-			fprintf(NetTrace, "(0x%x)", pointer[i+SLC_FLAGS]);
-		    fprintf(NetTrace, " %d;", pointer[i+SLC_VALUE]);
-		    if ((pointer[i+SLC_VALUE] == IAC) &&
-			(pointer[i+SLC_VALUE+1] == IAC))
-				i++;
-		}
-		for (; i < length; i++)
-		    fprintf(NetTrace, " ?%d?", pointer[i]);
-		break;
-
-	    case LM_MODE:
-		fprintf(NetTrace, "MODE ");
-		if (length < 3) {
-		    fprintf(NetTrace, "(no mode??\?)");
-		    break;
-		}
-		{
-		    char tbuf[64];
-		    sprintf(tbuf, "%s%s%s%s%s",
-			pointer[2]&MODE_EDIT ? "|EDIT" : "",
-			pointer[2]&MODE_TRAPSIG ? "|TRAPSIG" : "",
-			pointer[2]&MODE_SOFT_TAB ? "|SOFT_TAB" : "",
-			pointer[2]&MODE_LIT_ECHO ? "|LIT_ECHO" : "",
-			pointer[2]&MODE_ACK ? "|ACK" : "");
-		    fprintf(NetTrace, "%s", tbuf[1] ? &tbuf[1] : "0");
-		}
-		if (pointer[2]&~(MODE_MASK))
-		    fprintf(NetTrace, " (0x%x)", pointer[2]);
-		for (i = 3; i < length; i++)
-		    fprintf(NetTrace, " ?0x%x?", pointer[i]);
-		break;
-	    default:
-		fprintf(NetTrace, "%d (unknown)", pointer[1]);
-		for (i = 2; i < length; i++)
-		    fprintf(NetTrace, " %d", pointer[i]);
-	    }
-	    break;
-
-	case TELOPT_STATUS: {
-	    register char *cp;
-	    register int j, k;
-
-	    fprintf(NetTrace, "STATUS");
-
-	    switch (pointer[1]) {
-	    default:
-		if (pointer[1] == TELQUAL_SEND)
-		    fprintf(NetTrace, " SEND");
-		else
-		    fprintf(NetTrace, " %d (unknown)", pointer[1]);
-		for (i = 2; i < length; i++)
-		    fprintf(NetTrace, " ?%d?", pointer[i]);
-		break;
-	    case TELQUAL_IS:
-		if (--want_status_response < 0)
-		    want_status_response = 0;
-		if (NetTrace == stdout)
-		    fprintf(NetTrace, " IS\r\n");
-		else
-		    fprintf(NetTrace, " IS\n");
-
-		for (i = 2; i < length; i++) {
-		    switch(pointer[i]) {
-		    case DO:	cp = "DO"; goto common2;
-		    case DONT:	cp = "DONT"; goto common2;
-		    case WILL:	cp = "WILL"; goto common2;
-		    case WONT:	cp = "WONT"; goto common2;
-		    common2:
-			i++;
-			if (TELOPT_OK((int)pointer[i]))
-			    fprintf(NetTrace, " %s %s", cp, TELOPT(pointer[i]));
-			else
-			    fprintf(NetTrace, " %s %d", cp, pointer[i]);
-
-			if (NetTrace == stdout)
-			    fprintf(NetTrace, "\r\n");
-			else
-			    fprintf(NetTrace, "\n");
-			break;
-
-		    case SB:
-			fprintf(NetTrace, " SB ");
-			i++;
-			j = k = i;
-			while (j < length) {
-			    if (pointer[j] == SE) {
-				if (j+1 == length)
-				    break;
-				if (pointer[j+1] == SE)
-				    j++;
-				else
-				    break;
-			    }
-			    pointer[k++] = pointer[j++];
-			}
-			printsub(0, &pointer[i], k - i);
-			if (i < length) {
-			    fprintf(NetTrace, " SE");
-			    i = j;
-			} else
-			    i = j - 1;
-
-			if (NetTrace == stdout)
-			    fprintf(NetTrace, "\r\n");
-			else
-			    fprintf(NetTrace, "\n");
-
-			break;
-
-		    default:
-			fprintf(NetTrace, " %d", pointer[i]);
-			break;
-		    }
-		}
-		break;
-	    }
-	    break;
-	  }
-
-	case TELOPT_XDISPLOC:
-	    fprintf(NetTrace, "X-DISPLAY-LOCATION ");
-	    switch (pointer[1]) {
-	    case TELQUAL_IS:
-		fprintf(NetTrace, "IS \"%.*s\"", length-2, (char *)pointer+2);
-		break;
-	    case TELQUAL_SEND:
-		fprintf(NetTrace, "SEND");
-		break;
-	    default:
-		fprintf(NetTrace, "- unknown qualifier %d (0x%x).",
-				pointer[1], pointer[1]);
-	    }
-	    break;
-
-	case TELOPT_NEW_ENVIRON:
-	    fprintf(NetTrace, "NEW-ENVIRON ");
-#ifdef	OLD_ENVIRON
-	    goto env_common1;
-	case TELOPT_OLD_ENVIRON:
-	    fprintf(NetTrace, "OLD-ENVIRON");
-	env_common1:
-#endif
-	    switch (pointer[1]) {
-	    case TELQUAL_IS:
-		fprintf(NetTrace, "IS ");
-		goto env_common;
-	    case TELQUAL_SEND:
-		fprintf(NetTrace, "SEND ");
-		goto env_common;
-	    case TELQUAL_INFO:
-		fprintf(NetTrace, "INFO ");
-	    env_common:
-		{
-		    register int noquote = 2;
-#if defined(ENV_HACK) && defined(OLD_ENVIRON)
-		    extern int old_env_var, old_env_value;
-#endif
-		    for (i = 2; i < length; i++ ) {
-			switch (pointer[i]) {
-			case NEW_ENV_VALUE:
-#ifdef OLD_ENVIRON
-		     /*	case NEW_ENV_OVAR: */
-			    if (pointer[0] == TELOPT_OLD_ENVIRON) {
-# ifdef	ENV_HACK
-				if (old_env_var == OLD_ENV_VALUE)
-				    fprintf(NetTrace, "\" (VALUE) " + noquote);
-				else
-# endif
-				    fprintf(NetTrace, "\" VAR " + noquote);
-			    } else
-#endif /* OLD_ENVIRON */
-				fprintf(NetTrace, "\" VALUE " + noquote);
-			    noquote = 2;
-			    break;
-
-			case NEW_ENV_VAR:
-#ifdef OLD_ENVIRON
-		     /* case OLD_ENV_VALUE: */
-			    if (pointer[0] == TELOPT_OLD_ENVIRON) {
-# ifdef	ENV_HACK
-				if (old_env_value == OLD_ENV_VAR)
-				    fprintf(NetTrace, "\" (VAR) " + noquote);
-				else
-# endif
-				    fprintf(NetTrace, "\" VALUE " + noquote);
-			    } else
-#endif /* OLD_ENVIRON */
-				fprintf(NetTrace, "\" VAR " + noquote);
-			    noquote = 2;
-			    break;
-
-			case ENV_ESC:
-			    fprintf(NetTrace, "\" ESC " + noquote);
-			    noquote = 2;
-			    break;
-
-			case ENV_USERVAR:
-			    fprintf(NetTrace, "\" USERVAR " + noquote);
-			    noquote = 2;
-			    break;
-
-			default:
-			def_case:
-			    if (isprint(pointer[i]) && pointer[i] != '"') {
-				if (noquote) {
-				    putc('"', NetTrace);
-				    noquote = 0;
-				}
-				putc(pointer[i], NetTrace);
-			    } else {
-				fprintf(NetTrace, "\" %03o " + noquote,
-							pointer[i]);
-				noquote = 2;
-			    }
-			    break;
-			}
-		    }
-		    if (!noquote)
-			putc('"', NetTrace);
-		    break;
-		}
-	    }
-	    break;
-
-	default:
-	    if (TELOPT_OK(pointer[0]))
-		fprintf(NetTrace, "%s (unknown)", TELOPT(pointer[0]));
-	    else
-		fprintf(NetTrace, "%d (unknown)", pointer[0]);
-	    for (i = 1; i < length; i++)
-		fprintf(NetTrace, " %d", pointer[i]);
-	    break;
-	}
-	if (direction) {
-	    if (NetTrace == stdout)
-		fprintf(NetTrace, "\r\n");
-	    else
-		fprintf(NetTrace, "\n");
-	}
-	if (NetTrace == stdout)
-	    fflush(NetTrace);
-    }
-}
-
-/* EmptyTerminal - called to make sure that the terminal buffer is empty.
- *			Note that we consider the buffer to run all the
- *			way to the kernel (thus the select).
- */
-
-    void
-EmptyTerminal()
-{
-#if	defined(unix)
-    fd_set	o;
-
-    FD_ZERO(&o);
-#endif	/* defined(unix) */
-
-    if (TTYBYTES() == 0) {
-#if	defined(unix)
-	FD_SET(tout, &o);
-	(void) select(tout+1, (fd_set *) 0, &o, (fd_set *) 0,
-			(struct timeval *) 0);	/* wait for TTLOWAT */
-#endif	/* defined(unix) */
-    } else {
-	while (TTYBYTES()) {
-	    (void) ttyflush(0);
-#if	defined(unix)
-	    FD_SET(tout, &o);
-	    (void) select(tout+1, (fd_set *) 0, &o, (fd_set *) 0,
-				(struct timeval *) 0);	/* wait for TTLOWAT */
-#endif	/* defined(unix) */
-	}
-    }
-}
-
-    void
-SetForExit()
-{
-    setconnmode(0);
-#if	defined(TN3270)
-    if (In3270) {
-	Finish3270();
-    }
-#else	/* defined(TN3270) */
-    do {
-	(void)telrcv();			/* Process any incoming data */
-	EmptyTerminal();
-    } while (ring_full_count(&netiring));	/* While there is any */
-#endif	/* defined(TN3270) */
-    setcommandmode();
-    fflush(stdout);
-    fflush(stderr);
-#if	defined(TN3270)
-    if (In3270) {
-	StopScreen(1);
-    }
-#endif	/* defined(TN3270) */
-    setconnmode(0);
-    EmptyTerminal();			/* Flush the path to the tty */
-    setcommandmode();
-}
-
-    void
-Exit(returnCode)
-    int returnCode;
-{
-    SetForExit();
-    exit(returnCode);
-}
-
-    void
-ExitString(string, returnCode)
-    char *string;
-    int returnCode;
-{
-    SetForExit();
-    fwrite(string, 1, strlen(string), stderr);
-    exit(returnCode);
-}
diff --git a/secure/usr.sbin/xntpd/lib/authdes.c b/secure/usr.sbin/xntpd/lib/authdes.c
deleted file mode 100644
index d6d8d1bb6622..000000000000
--- a/secure/usr.sbin/xntpd/lib/authdes.c
+++ /dev/null
@@ -1,869 +0,0 @@
-/*
- * authdes.c - an implementation of the DES cipher algorithm for NTP
- */
-#include <sys/types.h>
-
-#include <netinet/in.h>
-
-#if BYTE_ORDER == BIG_ENDIAN
-#define XNTP_BIG_ENDIAN
-#endif
-#if BYTE_ORDER == LITTLE_ENDIAN
-#define XNTP_LITTLE_ENDIAN
-#endif
-
-/*
- * There are two entries in here.  auth_subkeys() called to
- * compute the encryption and decryption key schedules, while
- * auth_des() is called to do the actual encryption/decryption
- */
-
-/*
- * Byte order woes.  The DES code is sensitive to byte order.  This
- * used to be resolved by calling ntohl() and htonl() to swap things
- * around, but this turned out to be quite costly on Vaxes where those
- * things are actual functions.  The code now straightens out byte
- * order troubles on its own, with no performance penalty for little
- * end first machines, but at great expense to cleanliness.
- */
-#if !defined(XNTP_BIG_ENDIAN) && !defined(XNTP_LITTLE_ENDIAN)
-	/*
-	 * Pick one or the other.
-	 */
-	BYTE_ORDER_NOT_DEFINED_FOR_AUTHENTICATION
-#endif
-
-/*
- * Key setup.  Here we entirely permute a key, saving the results
- * for both the encryption and decryption.  Note that while the
- * decryption subkeys are simply the encryption keys reordered,
- * we save both so that a common cipher routine may be used.
- */
-
-/*
- * Permuted choice 1 tables.  These are used to extract bits
- * from the left and right parts of the key to form Ci and Di.
- * The code that uses these tables knows which bits from which
- * part of each key are used to form Ci and Di.
- */
-static u_long PC1_CL[8] = {
-	0x00000000, 0x00000010, 0x00001000, 0x00001010,
-	0x00100000, 0x00100010, 0x00101000, 0x00101010
-};
-
-static u_long PC1_DL[16] = {
-	0x00000000, 0x00100000, 0x00001000, 0x00101000,
-	0x00000010, 0x00100010, 0x00001010, 0x00101010,
-	0x00000001, 0x00100001, 0x00001001, 0x00101001,
-	0x00000011, 0x00100011, 0x00001011, 0x00101011
-};
-
-static u_long PC1_CR[16] = {
-	0x00000000, 0x00000001, 0x00000100, 0x00000101,
-	0x00010000, 0x00010001, 0x00010100, 0x00010101,
-	0x01000000, 0x01000001, 0x01000100, 0x01000101,
-	0x01010000, 0x01010001, 0x01010100, 0x01010101
-};
-
-static u_long PC1_DR[8] = {
-	0x00000000, 0x01000000, 0x00010000, 0x01010000,
-	0x00000100, 0x01000100, 0x00010100, 0x01010100
-};
-
-
-/*
- * At the start of some iterations of the key schedule we do
- * a circular left shift by one place, while for others we do a shift by
- * two places.  This has bits set for the iterations where we do 2 bit
- * shifts, starting at the low order bit.
- */
-#define	TWO_BIT_SHIFTS	0x7efc
-
-/*
- * Permuted choice 2 tables.  The first actually produces the low order
- * 24 bits of the subkey Ki from the 28 bit value of Ci.  The second produces
- * the high order 24 bits from Di.  The tables are indexed by six bit
- * segments of Ci and Di respectively.  The code is handcrafted to compute
- * the appropriate 6 bit chunks.
- *
- * Note that for ease of computation, the 24 bit values are produced with
- * six bits going into each byte.
- */
-static u_long PC2_C[4][64] = {
-	0x00000000, 0x00040000, 0x01000000, 0x01040000,
-	0x00000400, 0x00040400, 0x01000400, 0x01040400,
-	0x00200000, 0x00240000, 0x01200000, 0x01240000,
-	0x00200400, 0x00240400, 0x01200400, 0x01240400,
-	0x00000001, 0x00040001, 0x01000001, 0x01040001,
-	0x00000401, 0x00040401, 0x01000401, 0x01040401,
-	0x00200001, 0x00240001, 0x01200001, 0x01240001,
-	0x00200401, 0x00240401, 0x01200401, 0x01240401,
-	0x02000000, 0x02040000, 0x03000000, 0x03040000,
-	0x02000400, 0x02040400, 0x03000400, 0x03040400,
-	0x02200000, 0x02240000, 0x03200000, 0x03240000,
-	0x02200400, 0x02240400, 0x03200400, 0x03240400,
-	0x02000001, 0x02040001, 0x03000001, 0x03040001,
-	0x02000401, 0x02040401, 0x03000401, 0x03040401,
-	0x02200001, 0x02240001, 0x03200001, 0x03240001,
-	0x02200401, 0x02240401, 0x03200401, 0x03240401,
-
-	0x00000000, 0x00000002, 0x00000800, 0x00000802,
-	0x08000000, 0x08000002, 0x08000800, 0x08000802,
-	0x00010000, 0x00010002, 0x00010800, 0x00010802,
-	0x08010000, 0x08010002, 0x08010800, 0x08010802,
-	0x00000100, 0x00000102, 0x00000900, 0x00000902,
-	0x08000100, 0x08000102, 0x08000900, 0x08000902,
-	0x00010100, 0x00010102, 0x00010900, 0x00010902,
-	0x08010100, 0x08010102, 0x08010900, 0x08010902,
-	0x00000010, 0x00000012, 0x00000810, 0x00000812,
-	0x08000010, 0x08000012, 0x08000810, 0x08000812,
-	0x00010010, 0x00010012, 0x00010810, 0x00010812,
-	0x08010010, 0x08010012, 0x08010810, 0x08010812,
-	0x00000110, 0x00000112, 0x00000910, 0x00000912,
-	0x08000110, 0x08000112, 0x08000910, 0x08000912,
-	0x00010110, 0x00010112, 0x00010910, 0x00010912,
-	0x08010110, 0x08010112, 0x08010910, 0x08010912,
-
-	0x00000000, 0x04000000, 0x00002000, 0x04002000,
-	0x10000000, 0x14000000, 0x10002000, 0x14002000,
-	0x00000020, 0x04000020, 0x00002020, 0x04002020,
-	0x10000020, 0x14000020, 0x10002020, 0x14002020,
-	0x00080000, 0x04080000, 0x00082000, 0x04082000,
-	0x10080000, 0x14080000, 0x10082000, 0x14082000,
-	0x00080020, 0x04080020, 0x00082020, 0x04082020,
-	0x10080020, 0x14080020, 0x10082020, 0x14082020,
-	0x20000000, 0x24000000, 0x20002000, 0x24002000,
-	0x30000000, 0x34000000, 0x30002000, 0x34002000,
-	0x20000020, 0x24000020, 0x20002020, 0x24002020,
-	0x30000020, 0x34000020, 0x30002020, 0x34002020,
-	0x20080000, 0x24080000, 0x20082000, 0x24082000,
-	0x30080000, 0x34080000, 0x30082000, 0x34082000,
-	0x20080020, 0x24080020, 0x20082020, 0x24082020,
-	0x30080020, 0x34080020, 0x30082020, 0x34082020,
-
-	0x00000000, 0x00100000, 0x00000008, 0x00100008,
-	0x00000200, 0x00100200, 0x00000208, 0x00100208,
-	0x00020000, 0x00120000, 0x00020008, 0x00120008,
-	0x00020200, 0x00120200, 0x00020208, 0x00120208,
-	0x00000004, 0x00100004, 0x0000000c, 0x0010000c,
-	0x00000204, 0x00100204, 0x0000020c, 0x0010020c,
-	0x00020004, 0x00120004, 0x0002000c, 0x0012000c,
-	0x00020204, 0x00120204, 0x0002020c, 0x0012020c,
-	0x00001000, 0x00101000, 0x00001008, 0x00101008,
-	0x00001200, 0x00101200, 0x00001208, 0x00101208,
-	0x00021000, 0x00121000, 0x00021008, 0x00121008,
-	0x00021200, 0x00121200, 0x00021208, 0x00121208,
-	0x00001004, 0x00101004, 0x0000100c, 0x0010100c,
-	0x00001204, 0x00101204, 0x0000120c, 0x0010120c,
-	0x00021004, 0x00121004, 0x0002100c, 0x0012100c,
-	0x00021204, 0x00121204, 0x0002120c, 0x0012120c
-};
-
-static u_long PC2_D[4][64] = {
-	0x00000000, 0x00000200, 0x00020000, 0x00020200,
-	0x00000001, 0x00000201, 0x00020001, 0x00020201,
-	0x08000000, 0x08000200, 0x08020000, 0x08020200,
-	0x08000001, 0x08000201, 0x08020001, 0x08020201,
-	0x00200000, 0x00200200, 0x00220000, 0x00220200,
-	0x00200001, 0x00200201, 0x00220001, 0x00220201,
-	0x08200000, 0x08200200, 0x08220000, 0x08220200,
-	0x08200001, 0x08200201, 0x08220001, 0x08220201,
-	0x00000002, 0x00000202, 0x00020002, 0x00020202,
-	0x00000003, 0x00000203, 0x00020003, 0x00020203,
-	0x08000002, 0x08000202, 0x08020002, 0x08020202,
-	0x08000003, 0x08000203, 0x08020003, 0x08020203,
-	0x00200002, 0x00200202, 0x00220002, 0x00220202,
-	0x00200003, 0x00200203, 0x00220003, 0x00220203,
-	0x08200002, 0x08200202, 0x08220002, 0x08220202,
-	0x08200003, 0x08200203, 0x08220003, 0x08220203,
-
-	0x00000000, 0x00000010, 0x20000000, 0x20000010,
-	0x00100000, 0x00100010, 0x20100000, 0x20100010,
-	0x00000800, 0x00000810, 0x20000800, 0x20000810,
-	0x00100800, 0x00100810, 0x20100800, 0x20100810,
-	0x04000000, 0x04000010, 0x24000000, 0x24000010,
-	0x04100000, 0x04100010, 0x24100000, 0x24100010,
-	0x04000800, 0x04000810, 0x24000800, 0x24000810,
-	0x04100800, 0x04100810, 0x24100800, 0x24100810,
-	0x00000004, 0x00000014, 0x20000004, 0x20000014,
-	0x00100004, 0x00100014, 0x20100004, 0x20100014,
-	0x00000804, 0x00000814, 0x20000804, 0x20000814,
-	0x00100804, 0x00100814, 0x20100804, 0x20100814,
-	0x04000004, 0x04000014, 0x24000004, 0x24000014,
-	0x04100004, 0x04100014, 0x24100004, 0x24100014,
-	0x04000804, 0x04000814, 0x24000804, 0x24000814,
-	0x04100804, 0x04100814, 0x24100804, 0x24100814,
-
-	0x00000000, 0x00001000, 0x00010000, 0x00011000,
-	0x02000000, 0x02001000, 0x02010000, 0x02011000,
-	0x00000020, 0x00001020, 0x00010020, 0x00011020,
-	0x02000020, 0x02001020, 0x02010020, 0x02011020,
-	0x00040000, 0x00041000, 0x00050000, 0x00051000,
-	0x02040000, 0x02041000, 0x02050000, 0x02051000,
-	0x00040020, 0x00041020, 0x00050020, 0x00051020,
-	0x02040020, 0x02041020, 0x02050020, 0x02051020,
-	0x00002000, 0x00003000, 0x00012000, 0x00013000,
-	0x02002000, 0x02003000, 0x02012000, 0x02013000,
-	0x00002020, 0x00003020, 0x00012020, 0x00013020,
-	0x02002020, 0x02003020, 0x02012020, 0x02013020,
-	0x00042000, 0x00043000, 0x00052000, 0x00053000,
-	0x02042000, 0x02043000, 0x02052000, 0x02053000,
-	0x00042020, 0x00043020, 0x00052020, 0x00053020,
-	0x02042020, 0x02043020, 0x02052020, 0x02053020,
-
-	0x00000000, 0x00000400, 0x01000000, 0x01000400,
-	0x00000100, 0x00000500, 0x01000100, 0x01000500,
-	0x10000000, 0x10000400, 0x11000000, 0x11000400,
-	0x10000100, 0x10000500, 0x11000100, 0x11000500,
-	0x00080000, 0x00080400, 0x01080000, 0x01080400,
-	0x00080100, 0x00080500, 0x01080100, 0x01080500,
-	0x10080000, 0x10080400, 0x11080000, 0x11080400,
-	0x10080100, 0x10080500, 0x11080100, 0x11080500,
-	0x00000008, 0x00000408, 0x01000008, 0x01000408,
-	0x00000108, 0x00000508, 0x01000108, 0x01000508,
-	0x10000008, 0x10000408, 0x11000008, 0x11000408,
-	0x10000108, 0x10000508, 0x11000108, 0x11000508,
-	0x00080008, 0x00080408, 0x01080008, 0x01080408,
-	0x00080108, 0x00080508, 0x01080108, 0x01080508,
-	0x10080008, 0x10080408, 0x11080008, 0x11080408,
-	0x10080108, 0x10080508, 0x11080108, 0x11080508
-};
-
-
-
-/*
- * Permute the key to give us our key schedule.
- */
-void
-DESauth_subkeys(key, encryptkeys, decryptkeys)
-	u_long *key;
-	u_char *encryptkeys;
-	u_char *decryptkeys;
-{
-	register u_long tmp;
-	register u_long c, d;
-	register u_char *ek, *dk;
-	register int two_bit_shifts;
-	register int i;
-
-	/*
-	 * The first permutted choice gives us the 28 bits for C0 and
-	 * 28 for D0.  C0 gets 12 bits from the left key and 16 from
-	 * the right, while D0 gets 16 from the left and 12 from the
-	 * right.  The code knows which bits go where.
-	 */
-	tmp = *key;	/* left part of key */
-	c =  PC1_CL[(tmp >> 29) & 0x7]
-	  | (PC1_CL[(tmp >> 21) & 0x7] << 1)
-	  | (PC1_CL[(tmp >> 13) & 0x7] << 2)
-	  | (PC1_CL[(tmp >>  5) & 0x7] << 3);
-	d =  PC1_DL[(tmp >> 25) & 0xf]
-	  | (PC1_DL[(tmp >> 17) & 0xf] << 1)
-	  | (PC1_DL[(tmp >>  9) & 0xf] << 2)
-	  | (PC1_DL[(tmp >>  1) & 0xf] << 3);
-
-	tmp = *(key+1);	/* right part of key */
-	c |= PC1_CR[(tmp >> 28) & 0xf]
-	  | (PC1_CR[(tmp >> 20) & 0xf] << 1)
-	  | (PC1_CR[(tmp >> 12) & 0xf] << 2)
-	  | (PC1_CR[(tmp >>  4) & 0xf] << 3);
-	d |= PC1_DR[(tmp >> 25) & 0x7]
-	  | (PC1_DR[(tmp >> 17) & 0x7] << 1)
-	  | (PC1_DR[(tmp >>  9) & 0x7] << 2)
-	  | (PC1_DR[(tmp >>  1) & 0x7] << 3);
-
-	/*
-	 * Now iterate to compute the key schedule.  Note that we
-	 * record the entire set of subkeys in 6 bit chunks since
-	 * they are used that way.  At 6 bits/char, we need
-	 * 48/6 char's/subkey * 16 subkeys/encryption == 128 chars.
-	 * encryptkeys and decryptkeys must be this big.
-	 */
-	ek = encryptkeys;
-	dk = decryptkeys + (8 * 15);
-	two_bit_shifts = TWO_BIT_SHIFTS;
-	for (i = 16; i > 0; i--) {
-		/*
-		 * Do the rotation.  One bit and two bit rotations
-		 * are done separately.  Note C and D are 28 bits.
-		 */
-		if (two_bit_shifts & 0x1) {
-			c = ((c << 2) & 0xffffffc) | (c >> 26);
-			d = ((d << 2) & 0xffffffc) | (d >> 26);
-		} else {
-			c = ((c << 1) & 0xffffffe) | (c >> 27);
-			d = ((d << 1) & 0xffffffe) | (d >> 27);
-		}
-		two_bit_shifts >>= 1;
-
-		/*
-		 * Apply permutted choice 2 to C to get the first
-		 * 24 bits worth of keys.  Note that bits 9, 18, 22
-		 * and 25 (using DES numbering) in C are unused.  The
-		 * shift-mask stuff is done to delete these bits from
-		 * the indices, since this cuts the table size in half.
-		 */
-		tmp = PC2_C[0][((c >> 22) & 0x3f)]
-		    | PC2_C[1][((c >> 15) & 0xf) | ((c >> 16) & 0x30)]
-		    | PC2_C[2][((c >>  4) & 0x3) | ((c >>  9) & 0x3c)]
-		    | PC2_C[3][((c      ) & 0x7) | ((c >>  4) & 0x38)];
-		*ek++ = *dk++ = (u_char)(tmp >> 24);
-		*ek++ = *dk++ = (u_char)(tmp >> 16);
-		*ek++ = *dk++ = (u_char)(tmp >>  8);
-		*ek++ = *dk++ = (u_char)tmp;
-
-		/*
-		 * Apply permutted choice 2 to D to get the other half.
-		 * Here, bits 7, 10, 15 and 26 go unused.  The sqeezing
-		 * actually turns out to be cheaper here.
-		 */
-		tmp = PC2_D[0][((d >> 22) & 0x3f)]
-		    | PC2_D[1][((d >> 14) & 0xf) | ((d >> 15) & 0x30)]
-		    | PC2_D[2][((d >>  7) & 0x3f)]
-		    | PC2_D[3][((d      ) & 0x3) | ((d >>  1) & 0x3c)];
-		*ek++ = *dk++ = (u_char)(tmp >> 24);
-		*ek++ = *dk++ = (u_char)(tmp >> 16);
-		*ek++ = *dk++ = (u_char)(tmp >>  8);
-		*ek++ = *dk++ = (u_char)tmp;
-
-		/*
-		 * We are filling in the decryption subkeys from the end.
-		 * Space it back 16 elements to get to the start of the
-		 * next set.
-		 */
-		dk -= 16;
-	}
-}
-
-/*
- * The DES algorithm.  This is intended to be fairly speedy at the
- * expense of some memory.
- *
- * This uses all the standard hacks.  The S boxes and the P permutation
- * are precomputed into one table.  The E box never actually appears
- * explicitly since it is easy to apply this algorithmically.  The
- * initial permutation and final (inverse initial) permuation are
- * computed from tables designed to permute four bits at a time.  This
- * should run pretty fast on machines with 32 bit words and
- * bit field/multiple bit shift instructions which are fast.
- */
-
-/*
- * The initial permutation array.  This is used to compute both the
- * left and the right halves of the initial permutation using bytes
- * from words made from the following operations:
- *
- * ((left & 0x55555555) << 1) | (right & 0x55555555)  for left half
- * (left & 0xaaaaaaaa) | ((right & 0xaaaaaaaa) >> 1)  for right half
- *
- * The scheme is that we index into the table using each byte.  The
- * result from the high order byte is or'd with the result from the
- * next byte shifted left once is or'd with the result from the next
- * byte shifted left twice if or'd with the result from the low order
- * byte shifted left by three.  Clear?
- */
-static u_long IP[256] = {
-	0x00000000, 0x00000010, 0x00000001, 0x00000011,
-	0x00001000, 0x00001010, 0x00001001, 0x00001011,
-	0x00000100, 0x00000110, 0x00000101, 0x00000111,
-	0x00001100, 0x00001110, 0x00001101, 0x00001111,
-	0x00100000, 0x00100010, 0x00100001, 0x00100011,
-	0x00101000, 0x00101010, 0x00101001, 0x00101011,
-	0x00100100, 0x00100110, 0x00100101, 0x00100111,
-	0x00101100, 0x00101110, 0x00101101, 0x00101111,
-	0x00010000, 0x00010010, 0x00010001, 0x00010011,
-	0x00011000, 0x00011010, 0x00011001, 0x00011011,
-	0x00010100, 0x00010110, 0x00010101, 0x00010111,
-	0x00011100, 0x00011110, 0x00011101, 0x00011111,
-	0x00110000, 0x00110010, 0x00110001, 0x00110011,
-	0x00111000, 0x00111010, 0x00111001, 0x00111011,
-	0x00110100, 0x00110110, 0x00110101, 0x00110111,
-	0x00111100, 0x00111110, 0x00111101, 0x00111111,
-	0x10000000, 0x10000010, 0x10000001, 0x10000011,
-	0x10001000, 0x10001010, 0x10001001, 0x10001011,
-	0x10000100, 0x10000110, 0x10000101, 0x10000111,
-	0x10001100, 0x10001110, 0x10001101, 0x10001111,
-	0x10100000, 0x10100010, 0x10100001, 0x10100011,
-	0x10101000, 0x10101010, 0x10101001, 0x10101011,
-	0x10100100, 0x10100110, 0x10100101, 0x10100111,
-	0x10101100, 0x10101110, 0x10101101, 0x10101111,
-	0x10010000, 0x10010010, 0x10010001, 0x10010011,
-	0x10011000, 0x10011010, 0x10011001, 0x10011011,
-	0x10010100, 0x10010110, 0x10010101, 0x10010111,
-	0x10011100, 0x10011110, 0x10011101, 0x10011111,
-	0x10110000, 0x10110010, 0x10110001, 0x10110011,
-	0x10111000, 0x10111010, 0x10111001, 0x10111011,
-	0x10110100, 0x10110110, 0x10110101, 0x10110111,
-	0x10111100, 0x10111110, 0x10111101, 0x10111111,
-	0x01000000, 0x01000010, 0x01000001, 0x01000011,
-	0x01001000, 0x01001010, 0x01001001, 0x01001011,
-	0x01000100, 0x01000110, 0x01000101, 0x01000111,
-	0x01001100, 0x01001110, 0x01001101, 0x01001111,
-	0x01100000, 0x01100010, 0x01100001, 0x01100011,
-	0x01101000, 0x01101010, 0x01101001, 0x01101011,
-	0x01100100, 0x01100110, 0x01100101, 0x01100111,
-	0x01101100, 0x01101110, 0x01101101, 0x01101111,
-	0x01010000, 0x01010010, 0x01010001, 0x01010011,
-	0x01011000, 0x01011010, 0x01011001, 0x01011011,
-	0x01010100, 0x01010110, 0x01010101, 0x01010111,
-	0x01011100, 0x01011110, 0x01011101, 0x01011111,
-	0x01110000, 0x01110010, 0x01110001, 0x01110011,
-	0x01111000, 0x01111010, 0x01111001, 0x01111011,
-	0x01110100, 0x01110110, 0x01110101, 0x01110111,
-	0x01111100, 0x01111110, 0x01111101, 0x01111111,
-	0x11000000, 0x11000010, 0x11000001, 0x11000011,
-	0x11001000, 0x11001010, 0x11001001, 0x11001011,
-	0x11000100, 0x11000110, 0x11000101, 0x11000111,
-	0x11001100, 0x11001110, 0x11001101, 0x11001111,
-	0x11100000, 0x11100010, 0x11100001, 0x11100011,
-	0x11101000, 0x11101010, 0x11101001, 0x11101011,
-	0x11100100, 0x11100110, 0x11100101, 0x11100111,
-	0x11101100, 0x11101110, 0x11101101, 0x11101111,
-	0x11010000, 0x11010010, 0x11010001, 0x11010011,
-	0x11011000, 0x11011010, 0x11011001, 0x11011011,
-	0x11010100, 0x11010110, 0x11010101, 0x11010111,
-	0x11011100, 0x11011110, 0x11011101, 0x11011111,
-	0x11110000, 0x11110010, 0x11110001, 0x11110011,
-	0x11111000, 0x11111010, 0x11111001, 0x11111011,
-	0x11110100, 0x11110110, 0x11110101, 0x11110111,
-	0x11111100, 0x11111110, 0x11111101, 0x11111111
-};
-
-/*
- * The final permutation array.  Like the IP array, used
- * to compute both the left and right results from the nibbles
- * of words computed from:
- *
- * ((left & 0x0f0f0f0f) << 4) | (right & 0x0f0f0f0f)  for left result
- * (left & 0xf0f0f0f0) | ((right & 0xf0f0f0f0) >> 4)  for right result
- *
- * The result from the high order byte is shifted left 6 bits and
- * or'd with the result from the next byte shifted left 4 bits, which
- * is or'd with the result from the next byte shifted left 2 bits,
- * which is or'd with the result from the low byte.
- *
- * There is one of these for big end machines (the natural order for
- * DES) and a second for little end machines.  One is a byte swapped
- * version of the other.
- */
-#ifndef XNTP_LITTLE_ENDIAN
-	/*
-	 * Big end version
-	 */
-static u_long FP[256] = {
-	0x00000000, 0x02000000, 0x00020000, 0x02020000,
-	0x00000200, 0x02000200, 0x00020200, 0x02020200,
-	0x00000002, 0x02000002, 0x00020002, 0x02020002,
-	0x00000202, 0x02000202, 0x00020202, 0x02020202,
-	0x01000000, 0x03000000, 0x01020000, 0x03020000,
-	0x01000200, 0x03000200, 0x01020200, 0x03020200,
-	0x01000002, 0x03000002, 0x01020002, 0x03020002,
-	0x01000202, 0x03000202, 0x01020202, 0x03020202,
-	0x00010000, 0x02010000, 0x00030000, 0x02030000,
-	0x00010200, 0x02010200, 0x00030200, 0x02030200,
-	0x00010002, 0x02010002, 0x00030002, 0x02030002,
-	0x00010202, 0x02010202, 0x00030202, 0x02030202,
-	0x01010000, 0x03010000, 0x01030000, 0x03030000,
-	0x01010200, 0x03010200, 0x01030200, 0x03030200,
-	0x01010002, 0x03010002, 0x01030002, 0x03030002,
-	0x01010202, 0x03010202, 0x01030202, 0x03030202,
-	0x00000100, 0x02000100, 0x00020100, 0x02020100,
-	0x00000300, 0x02000300, 0x00020300, 0x02020300,
-	0x00000102, 0x02000102, 0x00020102, 0x02020102,
-	0x00000302, 0x02000302, 0x00020302, 0x02020302,
-	0x01000100, 0x03000100, 0x01020100, 0x03020100,
-	0x01000300, 0x03000300, 0x01020300, 0x03020300,
-	0x01000102, 0x03000102, 0x01020102, 0x03020102,
-	0x01000302, 0x03000302, 0x01020302, 0x03020302,
-	0x00010100, 0x02010100, 0x00030100, 0x02030100,
-	0x00010300, 0x02010300, 0x00030300, 0x02030300,
-	0x00010102, 0x02010102, 0x00030102, 0x02030102,
-	0x00010302, 0x02010302, 0x00030302, 0x02030302,
-	0x01010100, 0x03010100, 0x01030100, 0x03030100,
-	0x01010300, 0x03010300, 0x01030300, 0x03030300,
-	0x01010102, 0x03010102, 0x01030102, 0x03030102,
-	0x01010302, 0x03010302, 0x01030302, 0x03030302,
-	0x00000001, 0x02000001, 0x00020001, 0x02020001,
-	0x00000201, 0x02000201, 0x00020201, 0x02020201,
-	0x00000003, 0x02000003, 0x00020003, 0x02020003,
-	0x00000203, 0x02000203, 0x00020203, 0x02020203,
-	0x01000001, 0x03000001, 0x01020001, 0x03020001,
-	0x01000201, 0x03000201, 0x01020201, 0x03020201,
-	0x01000003, 0x03000003, 0x01020003, 0x03020003,
-	0x01000203, 0x03000203, 0x01020203, 0x03020203,
-	0x00010001, 0x02010001, 0x00030001, 0x02030001,
-	0x00010201, 0x02010201, 0x00030201, 0x02030201,
-	0x00010003, 0x02010003, 0x00030003, 0x02030003,
-	0x00010203, 0x02010203, 0x00030203, 0x02030203,
-	0x01010001, 0x03010001, 0x01030001, 0x03030001,
-	0x01010201, 0x03010201, 0x01030201, 0x03030201,
-	0x01010003, 0x03010003, 0x01030003, 0x03030003,
-	0x01010203, 0x03010203, 0x01030203, 0x03030203,
-	0x00000101, 0x02000101, 0x00020101, 0x02020101,
-	0x00000301, 0x02000301, 0x00020301, 0x02020301,
-	0x00000103, 0x02000103, 0x00020103, 0x02020103,
-	0x00000303, 0x02000303, 0x00020303, 0x02020303,
-	0x01000101, 0x03000101, 0x01020101, 0x03020101,
-	0x01000301, 0x03000301, 0x01020301, 0x03020301,
-	0x01000103, 0x03000103, 0x01020103, 0x03020103,
-	0x01000303, 0x03000303, 0x01020303, 0x03020303,
-	0x00010101, 0x02010101, 0x00030101, 0x02030101,
-	0x00010301, 0x02010301, 0x00030301, 0x02030301,
-	0x00010103, 0x02010103, 0x00030103, 0x02030103,
-	0x00010303, 0x02010303, 0x00030303, 0x02030303,
-	0x01010101, 0x03010101, 0x01030101, 0x03030101,
-	0x01010301, 0x03010301, 0x01030301, 0x03030301,
-	0x01010103, 0x03010103, 0x01030103, 0x03030103,
-	0x01010303, 0x03010303, 0x01030303, 0x03030303
-};
-#else
-	/*
-	 * Byte swapped for little end machines.
-	 */
-static u_long FP[256] = {
-	0x00000000, 0x00000002, 0x00000200, 0x00000202,
-	0x00020000, 0x00020002, 0x00020200, 0x00020202,
-	0x02000000, 0x02000002, 0x02000200, 0x02000202,
-	0x02020000, 0x02020002, 0x02020200, 0x02020202,
-	0x00000001, 0x00000003, 0x00000201, 0x00000203,
-	0x00020001, 0x00020003, 0x00020201, 0x00020203,
-	0x02000001, 0x02000003, 0x02000201, 0x02000203,
-	0x02020001, 0x02020003, 0x02020201, 0x02020203,
-	0x00000100, 0x00000102, 0x00000300, 0x00000302,
-	0x00020100, 0x00020102, 0x00020300, 0x00020302,
-	0x02000100, 0x02000102, 0x02000300, 0x02000302,
-	0x02020100, 0x02020102, 0x02020300, 0x02020302,
-	0x00000101, 0x00000103, 0x00000301, 0x00000303,
-	0x00020101, 0x00020103, 0x00020301, 0x00020303,
-	0x02000101, 0x02000103, 0x02000301, 0x02000303,
-	0x02020101, 0x02020103, 0x02020301, 0x02020303,
-	0x00010000, 0x00010002, 0x00010200, 0x00010202,
-	0x00030000, 0x00030002, 0x00030200, 0x00030202,
-	0x02010000, 0x02010002, 0x02010200, 0x02010202,
-	0x02030000, 0x02030002, 0x02030200, 0x02030202,
-	0x00010001, 0x00010003, 0x00010201, 0x00010203,
-	0x00030001, 0x00030003, 0x00030201, 0x00030203,
-	0x02010001, 0x02010003, 0x02010201, 0x02010203,
-	0x02030001, 0x02030003, 0x02030201, 0x02030203,
-	0x00010100, 0x00010102, 0x00010300, 0x00010302,
-	0x00030100, 0x00030102, 0x00030300, 0x00030302,
-	0x02010100, 0x02010102, 0x02010300, 0x02010302,
-	0x02030100, 0x02030102, 0x02030300, 0x02030302,
-	0x00010101, 0x00010103, 0x00010301, 0x00010303,
-	0x00030101, 0x00030103, 0x00030301, 0x00030303,
-	0x02010101, 0x02010103, 0x02010301, 0x02010303,
-	0x02030101, 0x02030103, 0x02030301, 0x02030303,
-	0x01000000, 0x01000002, 0x01000200, 0x01000202,
-	0x01020000, 0x01020002, 0x01020200, 0x01020202,
-	0x03000000, 0x03000002, 0x03000200, 0x03000202,
-	0x03020000, 0x03020002, 0x03020200, 0x03020202,
-	0x01000001, 0x01000003, 0x01000201, 0x01000203,
-	0x01020001, 0x01020003, 0x01020201, 0x01020203,
-	0x03000001, 0x03000003, 0x03000201, 0x03000203,
-	0x03020001, 0x03020003, 0x03020201, 0x03020203,
-	0x01000100, 0x01000102, 0x01000300, 0x01000302,
-	0x01020100, 0x01020102, 0x01020300, 0x01020302,
-	0x03000100, 0x03000102, 0x03000300, 0x03000302,
-	0x03020100, 0x03020102, 0x03020300, 0x03020302,
-	0x01000101, 0x01000103, 0x01000301, 0x01000303,
-	0x01020101, 0x01020103, 0x01020301, 0x01020303,
-	0x03000101, 0x03000103, 0x03000301, 0x03000303,
-	0x03020101, 0x03020103, 0x03020301, 0x03020303,
-	0x01010000, 0x01010002, 0x01010200, 0x01010202,
-	0x01030000, 0x01030002, 0x01030200, 0x01030202,
-	0x03010000, 0x03010002, 0x03010200, 0x03010202,
-	0x03030000, 0x03030002, 0x03030200, 0x03030202,
-	0x01010001, 0x01010003, 0x01010201, 0x01010203,
-	0x01030001, 0x01030003, 0x01030201, 0x01030203,
-	0x03010001, 0x03010003, 0x03010201, 0x03010203,
-	0x03030001, 0x03030003, 0x03030201, 0x03030203,
-	0x01010100, 0x01010102, 0x01010300, 0x01010302,
-	0x01030100, 0x01030102, 0x01030300, 0x01030302,
-	0x03010100, 0x03010102, 0x03010300, 0x03010302,
-	0x03030100, 0x03030102, 0x03030300, 0x03030302,
-	0x01010101, 0x01010103, 0x01010301, 0x01010303,
-	0x01030101, 0x01030103, 0x01030301, 0x01030303,
-	0x03010101, 0x03010103, 0x03010301, 0x03010303,
-	0x03030101, 0x03030103, 0x03030301, 0x03030303
-};
-#endif
-
-
-/*
- * The SP table is actually the S boxes and the P permutation
- * table combined.
- */
-static u_long SP[8][64] = {
-	0x00808200, 0x00000000, 0x00008000, 0x00808202,
-	0x00808002, 0x00008202, 0x00000002, 0x00008000,
-	0x00000200, 0x00808200, 0x00808202, 0x00000200,
-	0x00800202, 0x00808002, 0x00800000, 0x00000002,
-	0x00000202, 0x00800200, 0x00800200, 0x00008200,
-	0x00008200, 0x00808000, 0x00808000, 0x00800202,
-	0x00008002, 0x00800002, 0x00800002, 0x00008002,
-	0x00000000, 0x00000202, 0x00008202, 0x00800000,
-	0x00008000, 0x00808202, 0x00000002, 0x00808000,
-	0x00808200, 0x00800000, 0x00800000, 0x00000200,
-	0x00808002, 0x00008000, 0x00008200, 0x00800002,
-	0x00000200, 0x00000002, 0x00800202, 0x00008202,
-	0x00808202, 0x00008002, 0x00808000, 0x00800202,
-	0x00800002, 0x00000202, 0x00008202, 0x00808200,
-	0x00000202, 0x00800200, 0x00800200, 0x00000000,
-	0x00008002, 0x00008200, 0x00000000, 0x00808002,
-
-	0x40084010, 0x40004000, 0x00004000, 0x00084010,
-	0x00080000, 0x00000010, 0x40080010, 0x40004010,
-	0x40000010, 0x40084010, 0x40084000, 0x40000000,
-	0x40004000, 0x00080000, 0x00000010, 0x40080010,
-	0x00084000, 0x00080010, 0x40004010, 0x00000000,
-	0x40000000, 0x00004000, 0x00084010, 0x40080000,
-	0x00080010, 0x40000010, 0x00000000, 0x00084000,
-	0x00004010, 0x40084000, 0x40080000, 0x00004010,
-	0x00000000, 0x00084010, 0x40080010, 0x00080000,
-	0x40004010, 0x40080000, 0x40084000, 0x00004000,
-	0x40080000, 0x40004000, 0x00000010, 0x40084010,
-	0x00084010, 0x00000010, 0x00004000, 0x40000000,
-	0x00004010, 0x40084000, 0x00080000, 0x40000010,
-	0x00080010, 0x40004010, 0x40000010, 0x00080010,
-	0x00084000, 0x00000000, 0x40004000, 0x00004010,
-	0x40000000, 0x40080010, 0x40084010, 0x00084000,
-
-	0x00000104, 0x04010100, 0x00000000, 0x04010004,
-	0x04000100, 0x00000000, 0x00010104, 0x04000100,
-	0x00010004, 0x04000004, 0x04000004, 0x00010000,
-	0x04010104, 0x00010004, 0x04010000, 0x00000104,
-	0x04000000, 0x00000004, 0x04010100, 0x00000100,
-	0x00010100, 0x04010000, 0x04010004, 0x00010104,
-	0x04000104, 0x00010100, 0x00010000, 0x04000104,
-	0x00000004, 0x04010104, 0x00000100, 0x04000000,
-	0x04010100, 0x04000000, 0x00010004, 0x00000104,
-	0x00010000, 0x04010100, 0x04000100, 0x00000000,
-	0x00000100, 0x00010004, 0x04010104, 0x04000100,
-	0x04000004, 0x00000100, 0x00000000, 0x04010004,
-	0x04000104, 0x00010000, 0x04000000, 0x04010104,
-	0x00000004, 0x00010104, 0x00010100, 0x04000004,
-	0x04010000, 0x04000104, 0x00000104, 0x04010000,
-	0x00010104, 0x00000004, 0x04010004, 0x00010100,
-
-	0x80401000, 0x80001040, 0x80001040, 0x00000040,
-	0x00401040, 0x80400040, 0x80400000, 0x80001000,
-	0x00000000, 0x00401000, 0x00401000, 0x80401040,
-	0x80000040, 0x00000000, 0x00400040, 0x80400000,
-	0x80000000, 0x00001000, 0x00400000, 0x80401000,
-	0x00000040, 0x00400000, 0x80001000, 0x00001040,
-	0x80400040, 0x80000000, 0x00001040, 0x00400040,
-	0x00001000, 0x00401040, 0x80401040, 0x80000040,
-	0x00400040, 0x80400000, 0x00401000, 0x80401040,
-	0x80000040, 0x00000000, 0x00000000, 0x00401000,
-	0x00001040, 0x00400040, 0x80400040, 0x80000000,
-	0x80401000, 0x80001040, 0x80001040, 0x00000040,
-	0x80401040, 0x80000040, 0x80000000, 0x00001000,
-	0x80400000, 0x80001000, 0x00401040, 0x80400040,
-	0x80001000, 0x00001040, 0x00400000, 0x80401000,
-	0x00000040, 0x00400000, 0x00001000, 0x00401040,
-
-	0x00000080, 0x01040080, 0x01040000, 0x21000080,
-	0x00040000, 0x00000080, 0x20000000, 0x01040000,
-	0x20040080, 0x00040000, 0x01000080, 0x20040080,
-	0x21000080, 0x21040000, 0x00040080, 0x20000000,
-	0x01000000, 0x20040000, 0x20040000, 0x00000000,
-	0x20000080, 0x21040080, 0x21040080, 0x01000080,
-	0x21040000, 0x20000080, 0x00000000, 0x21000000,
-	0x01040080, 0x01000000, 0x21000000, 0x00040080,
-	0x00040000, 0x21000080, 0x00000080, 0x01000000,
-	0x20000000, 0x01040000, 0x21000080, 0x20040080,
-	0x01000080, 0x20000000, 0x21040000, 0x01040080,
-	0x20040080, 0x00000080, 0x01000000, 0x21040000,
-	0x21040080, 0x00040080, 0x21000000, 0x21040080,
-	0x01040000, 0x00000000, 0x20040000, 0x21000000,
-	0x00040080, 0x01000080, 0x20000080, 0x00040000,
-	0x00000000, 0x20040000, 0x01040080, 0x20000080,
-
-	0x10000008, 0x10200000, 0x00002000, 0x10202008,
-	0x10200000, 0x00000008, 0x10202008, 0x00200000,
-	0x10002000, 0x00202008, 0x00200000, 0x10000008,
-	0x00200008, 0x10002000, 0x10000000, 0x00002008,
-	0x00000000, 0x00200008, 0x10002008, 0x00002000,
-	0x00202000, 0x10002008, 0x00000008, 0x10200008,
-	0x10200008, 0x00000000, 0x00202008, 0x10202000,
-	0x00002008, 0x00202000, 0x10202000, 0x10000000,
-	0x10002000, 0x00000008, 0x10200008, 0x00202000,
-	0x10202008, 0x00200000, 0x00002008, 0x10000008,
-	0x00200000, 0x10002000, 0x10000000, 0x00002008,
-	0x10000008, 0x10202008, 0x00202000, 0x10200000,
-	0x00202008, 0x10202000, 0x00000000, 0x10200008,
-	0x00000008, 0x00002000, 0x10200000, 0x00202008,
-	0x00002000, 0x00200008, 0x10002008, 0x00000000,
-	0x10202000, 0x10000000, 0x00200008, 0x10002008,
-
-	0x00100000, 0x02100001, 0x02000401, 0x00000000,
-	0x00000400, 0x02000401, 0x00100401, 0x02100400,
-	0x02100401, 0x00100000, 0x00000000, 0x02000001,
-	0x00000001, 0x02000000, 0x02100001, 0x00000401,
-	0x02000400, 0x00100401, 0x00100001, 0x02000400,
-	0x02000001, 0x02100000, 0x02100400, 0x00100001,
-	0x02100000, 0x00000400, 0x00000401, 0x02100401,
-	0x00100400, 0x00000001, 0x02000000, 0x00100400,
-	0x02000000, 0x00100400, 0x00100000, 0x02000401,
-	0x02000401, 0x02100001, 0x02100001, 0x00000001,
-	0x00100001, 0x02000000, 0x02000400, 0x00100000,
-	0x02100400, 0x00000401, 0x00100401, 0x02100400,
-	0x00000401, 0x02000001, 0x02100401, 0x02100000,
-	0x00100400, 0x00000000, 0x00000001, 0x02100401,
-	0x00000000, 0x00100401, 0x02100000, 0x00000400,
-	0x02000001, 0x02000400, 0x00000400, 0x00100001,
-
-	0x08000820, 0x00000800, 0x00020000, 0x08020820,
-	0x08000000, 0x08000820, 0x00000020, 0x08000000,
-	0x00020020, 0x08020000, 0x08020820, 0x00020800,
-	0x08020800, 0x00020820, 0x00000800, 0x00000020,
-	0x08020000, 0x08000020, 0x08000800, 0x00000820,
-	0x00020800, 0x00020020, 0x08020020, 0x08020800,
-	0x00000820, 0x00000000, 0x00000000, 0x08020020,
-	0x08000020, 0x08000800, 0x00020820, 0x00020000,
-	0x00020820, 0x00020000, 0x08020800, 0x00000800,
-	0x00000020, 0x08020020, 0x00000800, 0x00020820,
-	0x08000800, 0x00000020, 0x08000020, 0x08020000,
-	0x08020020, 0x08000000, 0x00020000, 0x08000820,
-	0x00000000, 0x08020820, 0x00020020, 0x08000020,
-	0x08020000, 0x08000800, 0x08000820, 0x00000000,
-	0x08020820, 0x00020800, 0x00020800, 0x00000820,
-	0x00000820, 0x00020020, 0x08000000, 0x08020800
-};
-
-
-
-/*
- * DESauth_des - perform an in place DES encryption on 64 bits
- *
- * Note that the `data' argument is always in big-end-first
- * byte order, i.e. *(char *)data is the high order byte of
- * the 8 byte data word.  We modify the initial and final
- * permutation computations for little-end-first machines to
- * swap bytes into the natural host order at the beginning and
- * back to big-end order at the end.  This is unclean but avoids
- * a byte swapping performance penalty on Vaxes (which are slow already).
- */
-void
-DESauth_des(data, subkeys)
-	u_long *data;
-	u_char *subkeys;
-{
-	register u_long left, right;
-	register u_long temp;
-	register u_char *kp;
-	register int i;
-
-	/*
-	 * Do the initial permutation.  The first operation gets
-	 * all the bits which are used to form the left half of the
-	 * permutted result in one word, which is then used to
-	 * index the appropriate table a byte at a time.
-	 */
-	temp = ((*data & 0x55555555) << 1) | (*(data+1) & 0x55555555);
-#ifdef XNTP_LITTLE_ENDIAN
-	/*
-	 * Modify the computation to use the opposite set of bytes.
-	 */
-	left = (IP[(temp >> 24) & 0xff] << 3)
-	     | (IP[(temp >> 16) & 0xff] << 2)
-	     | (IP[(temp >>  8) & 0xff] << 1)
-	     | IP[temp & 0xff];
-#else
-	left = IP[(temp >> 24) & 0xff]
-	     | (IP[(temp >> 16) & 0xff] << 1)
-	     | (IP[(temp >>  8) & 0xff] << 2)
-	     | (IP[temp & 0xff] << 3);
-#endif
-
-	/*
-	 * Same thing again except for the right half.
-	 */
-	temp = (*data & 0xaaaaaaaa) | ((*(data+1) & 0xaaaaaaaa) >> 1);
-#ifdef XNTP_LITTLE_ENDIAN
-	right = (IP[(temp >> 24) & 0xff] << 3)
-	      | (IP[(temp >> 16) & 0xff] << 2)
-	      | (IP[(temp >>  8) & 0xff] << 1)
-	      | IP[temp & 0xff];
-#else
-	right = IP[(temp >> 24) & 0xff]
-	      | (IP[(temp >> 16) & 0xff] << 1)
-	      | (IP[(temp >>  8) & 0xff] << 2)
-	      | (IP[temp & 0xff] << 3);
-#endif
-
-	/*
-	 * Do the 16 rounds through the cipher function.  We actually
-	 * do two at a time, one on the left half and one on the right
-	 * half.
-	 */
-	kp = subkeys;
-	for (i = 0; i < 8; i++) {
-		/*
-		 * The E expansion is easy to compute algorithmically.
-		 * Take a look at its form and compare it to
-		 * everything involving temp below.  Note that
-		 * since SP[0-7] don't have any bits in common set
-		 * it is okay to do the successive xor's.
-		 */
-		temp = (right >> 1) | ((right & 1) ? 0x80000000 : 0);
-		left ^= SP[0][((temp >> 26) & 0x3f) ^ *kp++];
-		left ^= SP[1][((temp >> 22) & 0x3f) ^ *kp++];
-		left ^= SP[2][((temp >> 18) & 0x3f) ^ *kp++];
-		left ^= SP[3][((temp >> 14) & 0x3f) ^ *kp++];
-		left ^= SP[4][((temp >> 10) & 0x3f) ^ *kp++];
-		left ^= SP[5][((temp >>  6) & 0x3f) ^ *kp++];
-		left ^= SP[6][((temp >>  2) & 0x3f) ^ *kp++];
-		left ^= SP[7][(((right << 1) | ((right & 0x80000000)?1:0))
-				& 0x3f) ^ *kp++];
-
-		/*
-		 * Careful here.  Right now `right' is actually the
-		 * left side and `left' is the right side.  Do the
-		 * same thing again, except swap `left' and `right'
-		 */
-		temp = (left >> 1) | ((left & 1) ? 0x80000000 : 0);
-		right ^= SP[0][((temp >> 26) & 0x3f) ^ *kp++];
-		right ^= SP[1][((temp >> 22) & 0x3f) ^ *kp++];
-		right ^= SP[2][((temp >> 18) & 0x3f) ^ *kp++];
-		right ^= SP[3][((temp >> 14) & 0x3f) ^ *kp++];
-		right ^= SP[4][((temp >> 10) & 0x3f) ^ *kp++];
-		right ^= SP[5][((temp >>  6) & 0x3f) ^ *kp++];
-		right ^= SP[6][((temp >>  2) & 0x3f) ^ *kp++];
-		right ^= SP[7][(((left << 1) | ((left & 0x80000000)?1:0))
-				& 0x3f) ^ *kp++];
-
-		/*
-		 * By the time we get here, all is straightened out
-		 * again.  `left' is left and `right' is right.
-		 */
-	}
-
-	/*
-	 * Now the final permutation.  Note this is like the IP above
-	 * except that the data is computed from
-	 *
- 	 * ((left & 0x0f0f0f0f) << 4) | (right & 0x0f0f0f0f)  for left result
- 	 * (left & 0xf0f0f0f0) | ((right & 0xf0f0f0f0) >> 4)  for right result
-	 *
-	 * Just to confuse things more, we're supposed to swap the right
-	 * and the left halves before doing this.  Instead, we'll just
-	 * switch which goes where when computing the temporary.
-	 *
-	 * This operation also byte swaps stuff back into big end byte
-	 * order.  This is accomplished by modifying the FP table for
-	 * little end machines, however, so we don't have to worry about
-	 * it here.
-	 */
-	temp = ((right & 0x0f0f0f0f) << 4) | (left & 0x0f0f0f0f);
-	*data = (FP[(temp >> 24) & 0xff] << 6)
-	      | (FP[(temp >> 16) & 0xff] << 4)
-	      | (FP[(temp >>  8) & 0xff] << 2)
-	      |  FP[temp & 0xff];
-
-	temp = (right & 0xf0f0f0f0) | ((left & 0xf0f0f0f0) >> 4);
-	*(data+1) = (FP[(temp >> 24) & 0xff] << 6)
-		  | (FP[(temp >> 16) & 0xff] << 4)
-		  | (FP[(temp >>  8) & 0xff] << 2)
-		  |  FP[temp & 0xff];
-};