path: root/patchsets/skey/1.1.5/01_all_gentoo.patch

porting some updates to this skey implementation from the
NetBSD project, some other updates and fixes, and the addition
of some new features like shadow password and cracklib support.
	(05 Nov 2003) -taviso@gentoo.org

Updated skeyinfo.c and skey.3 from newer NetBSD version, which is
under a 2-clause BSD license. Removed some whitespace changes.
	(05 Jan 2012) -ulm@gentoo.org

--- skey-1.1.5.orig/CHANGES	2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/CHANGES	2003-11-06 17:46:45.000000000 +0000
@@ -1,6 +1,19 @@
 *** Changes in version 1.1.5
 
 -  Bug fixes for errx/warnx
+(05/11/2003) taviso@gentoo.org
+	- ported some updates from the NetBSD project to Linux.
+	- removed a load of cast to voids.
+	- syntax changes.
+	- killing skeyaudit, using a shell script modified from NetBSD.
+	- cleanups to stop warnings with gcc.
+	- building a library for dynamic linking.
+	- swapping some str{cat,cpy} for strn{cat,cpy}
+	- killing rmd160 support.
+	- removing strlcpy function, not useful.
+	- quick hack for shadow support.
+	- quick hack for cracklib support.
+	- various other stuff.
 
 *** Changes in version 1.1.4
 
--- skey-1.1.5.orig/config.h.in	2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/config.h.in	2003-11-06 17:46:45.000000000 +0000
@@ -109,6 +109,9 @@
 /* Define if you have the strtol function.  */
 #undef HAVE_STRTOL
 
+/* Define if you have the <crack.h> header file.  */
+#undef HAVE_CRACK_H
+
 /* Define if you have the <crypt.h> header file.  */
 #undef HAVE_CRYPT_H
 
@@ -130,12 +133,12 @@
 /* Define if you have the <md5global.h> header file.  */
 #undef HAVE_MD5GLOBAL_H
 
-/* Define if you have the <rmd160.h> header file.  */
-#undef HAVE_RMD160_H
-
 /* Define if you have the <sha1.h> header file.  */
 #undef HAVE_SHA1_H
 
+/* Define if you have the <shadow.h> header file.  */
+#undef HAVE_SHADOW_H
+
 /* Define if you have the <sys/cdefs.h> header file.  */
 #undef HAVE_SYS_CDEFS_H
 
--- skey-1.1.5.orig/configure	2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/configure	2003-11-06 17:47:49.000000000 +0000
@@ -960,47 +960,11 @@
   echo "$ac_t""no" 1>&6
 fi
 
-# Extract the first word of "sendmail", so it can be a program name with args.
-set dummy sendmail; ac_word=$2
-echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:967: checking for $ac_word" >&5
-if eval "test \"`echo '$''{'ac_cv_path_SENDMAIL'+set}'`\" = set"; then
-  echo $ac_n "(cached) $ac_c" 1>&6
-else
-  case "$SENDMAIL" in
-  /*)
-  ac_cv_path_SENDMAIL="$SENDMAIL" # Let the user override the test with a path.
-  ;;
-  ?:/*)			 
-  ac_cv_path_SENDMAIL="$SENDMAIL" # Let the user override the test with a dos path.
-  ;;
-  *)
-  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=":"
-  ac_dummy="$PATH:/usr/sbin:/usr/lib:/usr/bin"
-  for ac_dir in $ac_dummy; do 
-    test -z "$ac_dir" && ac_dir=.
-    if test -f $ac_dir/$ac_word; then
-      ac_cv_path_SENDMAIL="$ac_dir/$ac_word"
-      break
-    fi
-  done
-  IFS="$ac_save_ifs"
-  test -z "$ac_cv_path_SENDMAIL" && ac_cv_path_SENDMAIL="/usr/lib/sendmail"
-  ;;
-esac
-fi
-SENDMAIL="$ac_cv_path_SENDMAIL"
-if test -n "$SENDMAIL"; then
-  echo "$ac_t""$SENDMAIL" 1>&6
-else
-  echo "$ac_t""no" 1>&6
-fi
-
 
 
 
 echo $ac_n "checking for crypt in -lcrypt""... $ac_c" 1>&6
-echo "configure:1004: checking for crypt in -lcrypt" >&5
+echo "configure:968: checking for crypt in -lcrypt" >&5
 ac_lib_var=`echo crypt'_'crypt | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -1008,7 +972,7 @@
   ac_save_LIBS="$LIBS"
 LIBS="-lcrypt  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 1012 "configure"
+#line 976 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -1019,7 +983,7 @@
 crypt()
 ; return 0; }
 EOF
-if { (eval echo configure:1023: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:987: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -1040,7 +1004,7 @@
 fi
 
 echo $ac_n "checking for flock in -lucb""... $ac_c" 1>&6
-echo "configure:1044: checking for flock in -lucb" >&5
+echo "configure:1008: checking for flock in -lucb" >&5
 ac_lib_var=`echo ucb'_'flock | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -1048,7 +1012,7 @@
   ac_save_LIBS="$LIBS"
 LIBS="-lucb  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 1052 "configure"
+#line 1016 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -1059,7 +1023,7 @@
 flock()
 ; return 0; }
 EOF
-if { (eval echo configure:1063: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:1027: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -1079,10 +1043,50 @@
   echo "$ac_t""no" 1>&6
 fi
 
+echo $ac_n "checking for FascistCheck in -lcrack""... $ac_c" 1>&6
+echo "configure:1048: checking for FascistCheck in -lcrack" >&5
+ac_lib_var=`echo crack'_'FascistCheck | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_save_LIBS="$LIBS"
+LIBS="-lcrack  $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 1056 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char FascistCheck();
+
+int main() {
+FascistCheck()
+; return 0; }
+EOF
+if { (eval echo configure:1067: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+  LIBS="$LIBS -lcrack"
+else
+  echo "$ac_t""no" 1>&6
+fi
+
 
 
 echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6
-echo "configure:1086: checking how to run the C preprocessor" >&5
+echo "configure:1090: checking how to run the C preprocessor" >&5
 # On Suns, sometimes $CPP names a directory.
 if test -n "$CPP" && test -d "$CPP"; then
   CPP=
@@ -1097,13 +1101,13 @@
   # On the NeXT, cc -E runs the code through the compiler's parser,
   # not just through cpp.
   cat > conftest.$ac_ext <<EOF
-#line 1101 "configure"
+#line 1105 "configure"
 #include "confdefs.h"
 #include <assert.h>
 Syntax Error
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:1107: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:1111: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   :
@@ -1114,13 +1118,13 @@
   rm -rf conftest*
   CPP="${CC-cc} -E -traditional-cpp"
   cat > conftest.$ac_ext <<EOF
-#line 1118 "configure"
+#line 1122 "configure"
 #include "confdefs.h"
 #include <assert.h>
 Syntax Error
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:1124: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:1128: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   :
@@ -1131,13 +1135,13 @@
   rm -rf conftest*
   CPP="${CC-cc} -nologo -E"
   cat > conftest.$ac_ext <<EOF
-#line 1135 "configure"
+#line 1139 "configure"
 #include "confdefs.h"
 #include <assert.h>
 Syntax Error
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:1141: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:1145: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   :
@@ -1162,12 +1166,12 @@
 echo "$ac_t""$CPP" 1>&6
 
 echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6
-echo "configure:1166: checking for ANSI C header files" >&5
+echo "configure:1170: checking for ANSI C header files" >&5
 if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 1171 "configure"
+#line 1175 "configure"
 #include "confdefs.h"
 #include <stdlib.h>
 #include <stdarg.h>
@@ -1175,7 +1179,7 @@
 #include <float.h>
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:1179: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:1183: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   rm -rf conftest*
@@ -1192,7 +1196,7 @@
 if test $ac_cv_header_stdc = yes; then
   # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
 cat > conftest.$ac_ext <<EOF
-#line 1196 "configure"
+#line 1200 "configure"
 #include "confdefs.h"
 #include <string.h>
 EOF
@@ -1210,7 +1214,7 @@
 if test $ac_cv_header_stdc = yes; then
   # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
 cat > conftest.$ac_ext <<EOF
-#line 1214 "configure"
+#line 1218 "configure"
 #include "confdefs.h"
 #include <stdlib.h>
 EOF
@@ -1231,7 +1235,7 @@
   :
 else
   cat > conftest.$ac_ext <<EOF
-#line 1235 "configure"
+#line 1239 "configure"
 #include "confdefs.h"
 #include <ctype.h>
 #define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
@@ -1242,7 +1246,7 @@
 exit (0); }
 
 EOF
-if { (eval echo configure:1246: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:1250: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   :
 else
@@ -1266,12 +1270,12 @@
 fi
 
 echo $ac_n "checking for sys/wait.h that is POSIX.1 compatible""... $ac_c" 1>&6
-echo "configure:1270: checking for sys/wait.h that is POSIX.1 compatible" >&5
+echo "configure:1274: checking for sys/wait.h that is POSIX.1 compatible" >&5
 if eval "test \"`echo '$''{'ac_cv_header_sys_wait_h'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 1275 "configure"
+#line 1279 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <sys/wait.h>
@@ -1287,7 +1291,7 @@
 s = WIFEXITED (s) ? WEXITSTATUS (s) : 1;
 ; return 0; }
 EOF
-if { (eval echo configure:1291: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:1295: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_header_sys_wait_h=yes
 else
@@ -1307,21 +1311,21 @@
 
 fi
 
-for ac_hdr in fcntl.h limits.h sys/file.h sys/time.h sys/cdefs.h syslog.h unistd.h sha1.h rmd160.h md4.h md5.h md5global.h err.h crypt.h
+for ac_hdr in fcntl.h limits.h sys/file.h sys/time.h sys/cdefs.h syslog.h unistd.h sha1.h md4.h md5.h md5global.h err.h crypt.h shadow.h crack.h
 do
 ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
 echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "configure:1315: checking for $ac_hdr" >&5
+echo "configure:1319: checking for $ac_hdr" >&5
 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 1320 "configure"
+#line 1324 "configure"
 #include "confdefs.h"
 #include <$ac_hdr>
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:1325: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:1329: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   rm -rf conftest*
@@ -1349,12 +1353,12 @@
 
 
 echo $ac_n "checking for working const""... $ac_c" 1>&6
-echo "configure:1353: checking for working const" >&5
+echo "configure:1357: checking for working const" >&5
 if eval "test \"`echo '$''{'ac_cv_c_const'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 1358 "configure"
+#line 1362 "configure"
 #include "confdefs.h"
 
 int main() {
@@ -1403,7 +1407,7 @@
 
 ; return 0; }
 EOF
-if { (eval echo configure:1407: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:1411: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_c_const=yes
 else
@@ -1424,14 +1428,14 @@
 fi
 
 echo $ac_n "checking whether byte ordering is bigendian""... $ac_c" 1>&6
-echo "configure:1428: checking whether byte ordering is bigendian" >&5
+echo "configure:1432: checking whether byte ordering is bigendian" >&5
 if eval "test \"`echo '$''{'ac_cv_c_bigendian'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   ac_cv_c_bigendian=unknown
 # See if sys/param.h defines the BYTE_ORDER macro.
 cat > conftest.$ac_ext <<EOF
-#line 1435 "configure"
+#line 1439 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <sys/param.h>
@@ -1442,11 +1446,11 @@
 #endif
 ; return 0; }
 EOF
-if { (eval echo configure:1446: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:1450: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   # It does; now see whether it defined to BIG_ENDIAN or not.
 cat > conftest.$ac_ext <<EOF
-#line 1450 "configure"
+#line 1454 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <sys/param.h>
@@ -1457,7 +1461,7 @@
 #endif
 ; return 0; }
 EOF
-if { (eval echo configure:1461: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:1465: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_c_bigendian=yes
 else
@@ -1477,7 +1481,7 @@
     { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; }
 else
   cat > conftest.$ac_ext <<EOF
-#line 1481 "configure"
+#line 1485 "configure"
 #include "confdefs.h"
 main () {
   /* Are we little or big endian?  From Harbison&Steele.  */
@@ -1490,7 +1494,7 @@
   exit (u.c[sizeof (long) - 1] == 1);
 }
 EOF
-if { (eval echo configure:1494: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:1498: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   ac_cv_c_bigendian=no
 else
@@ -1514,12 +1518,12 @@
 fi
 
 echo $ac_n "checking for uid_t in sys/types.h""... $ac_c" 1>&6
-echo "configure:1518: checking for uid_t in sys/types.h" >&5
+echo "configure:1522: checking for uid_t in sys/types.h" >&5
 if eval "test \"`echo '$''{'ac_cv_type_uid_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 1523 "configure"
+#line 1527 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 EOF
@@ -1548,12 +1552,12 @@
 fi
 
 echo $ac_n "checking for off_t""... $ac_c" 1>&6
-echo "configure:1552: checking for off_t" >&5
+echo "configure:1556: checking for off_t" >&5
 if eval "test \"`echo '$''{'ac_cv_type_off_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 1557 "configure"
+#line 1561 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if STDC_HEADERS
@@ -1581,12 +1585,12 @@
 fi
 
 echo $ac_n "checking for size_t""... $ac_c" 1>&6
-echo "configure:1585: checking for size_t" >&5
+echo "configure:1589: checking for size_t" >&5
 if eval "test \"`echo '$''{'ac_cv_type_size_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 1590 "configure"
+#line 1594 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if STDC_HEADERS
@@ -1614,12 +1618,12 @@
 fi
 
 echo $ac_n "checking whether struct tm is in sys/time.h or time.h""... $ac_c" 1>&6
-echo "configure:1618: checking whether struct tm is in sys/time.h or time.h" >&5
+echo "configure:1622: checking whether struct tm is in sys/time.h or time.h" >&5
 if eval "test \"`echo '$''{'ac_cv_struct_tm'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 1623 "configure"
+#line 1627 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <time.h>
@@ -1627,7 +1631,7 @@
 struct tm *tp; tp->tm_sec;
 ; return 0; }
 EOF
-if { (eval echo configure:1631: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:1635: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_struct_tm=time.h
 else
@@ -1649,7 +1653,7 @@
 
 
 echo $ac_n "checking size of char""... $ac_c" 1>&6
-echo "configure:1653: checking size of char" >&5
+echo "configure:1657: checking size of char" >&5
 if eval "test \"`echo '$''{'ac_cv_sizeof_char'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -1657,7 +1661,7 @@
   ac_cv_sizeof_char=1
 else
   cat > conftest.$ac_ext <<EOF
-#line 1661 "configure"
+#line 1665 "configure"
 #include "confdefs.h"
 #include <stdio.h>
 main()
@@ -1668,7 +1672,7 @@
   exit(0);
 }
 EOF
-if { (eval echo configure:1672: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:1676: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   ac_cv_sizeof_char=`cat conftestval`
 else
@@ -1688,7 +1692,7 @@
 
 
 echo $ac_n "checking size of short int""... $ac_c" 1>&6
-echo "configure:1692: checking size of short int" >&5
+echo "configure:1696: checking size of short int" >&5
 if eval "test \"`echo '$''{'ac_cv_sizeof_short_int'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -1696,7 +1700,7 @@
   ac_cv_sizeof_short_int=2
 else
   cat > conftest.$ac_ext <<EOF
-#line 1700 "configure"
+#line 1704 "configure"
 #include "confdefs.h"
 #include <stdio.h>
 main()
@@ -1707,7 +1711,7 @@
   exit(0);
 }
 EOF
-if { (eval echo configure:1711: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:1715: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   ac_cv_sizeof_short_int=`cat conftestval`
 else
@@ -1727,7 +1731,7 @@
 
 
 echo $ac_n "checking size of int""... $ac_c" 1>&6
-echo "configure:1731: checking size of int" >&5
+echo "configure:1735: checking size of int" >&5
 if eval "test \"`echo '$''{'ac_cv_sizeof_int'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -1735,7 +1739,7 @@
   ac_cv_sizeof_int=4
 else
   cat > conftest.$ac_ext <<EOF
-#line 1739 "configure"
+#line 1743 "configure"
 #include "confdefs.h"
 #include <stdio.h>
 main()
@@ -1746,7 +1750,7 @@
   exit(0);
 }
 EOF
-if { (eval echo configure:1750: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:1754: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   ac_cv_sizeof_int=`cat conftestval`
 else
@@ -1766,7 +1770,7 @@
 
 
 echo $ac_n "checking size of long int""... $ac_c" 1>&6
-echo "configure:1770: checking size of long int" >&5
+echo "configure:1774: checking size of long int" >&5
 if eval "test \"`echo '$''{'ac_cv_sizeof_long_int'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -1774,7 +1778,7 @@
   ac_cv_sizeof_long_int=4
 else
   cat > conftest.$ac_ext <<EOF
-#line 1778 "configure"
+#line 1782 "configure"
 #include "confdefs.h"
 #include <stdio.h>
 main()
@@ -1785,7 +1789,7 @@
   exit(0);
 }
 EOF
-if { (eval echo configure:1789: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:1793: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   ac_cv_sizeof_long_int=`cat conftestval`
 else
@@ -1805,7 +1809,7 @@
 
 
 echo $ac_n "checking size of long long int""... $ac_c" 1>&6
-echo "configure:1809: checking size of long long int" >&5
+echo "configure:1813: checking size of long long int" >&5
 if eval "test \"`echo '$''{'ac_cv_sizeof_long_long_int'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -1813,7 +1817,7 @@
   ac_cv_sizeof_long_long_int=8
 else
   cat > conftest.$ac_ext <<EOF
-#line 1817 "configure"
+#line 1821 "configure"
 #include "confdefs.h"
 #include <stdio.h>
 main()
@@ -1824,7 +1828,7 @@
   exit(0);
 }
 EOF
-if { (eval echo configure:1828: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:1832: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   ac_cv_sizeof_long_long_int=`cat conftestval`
 else
@@ -1854,7 +1858,7 @@
         fi
         CFLAGS="$CFLAGS -D_HPUX_SOURCE"
         echo $ac_n "checking for HPUX trusted system password database""... $ac_c" 1>&6
-echo "configure:1858: checking for HPUX trusted system password database" >&5
+echo "configure:1862: checking for HPUX trusted system password database" >&5
         if test -f /tcb/files/auth/system/default; then
                 echo "$ac_t""yes" 1>&6
                 cat >> confdefs.h <<\EOF
@@ -1903,16 +1907,16 @@
 
 
 echo $ac_n "checking for intXX_t types""... $ac_c" 1>&6
-echo "configure:1907: checking for intXX_t types" >&5
+echo "configure:1911: checking for intXX_t types" >&5
 cat > conftest.$ac_ext <<EOF
-#line 1909 "configure"
+#line 1913 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 int main() {
 int16_t a; int32_t b; a = 1235; b = 1235;
 ; return 0; }
 EOF
-if { (eval echo configure:1916: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:1920: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   
                 cat >> confdefs.h <<\EOF
@@ -1932,16 +1936,16 @@
 rm -f conftest* 
 
 echo $ac_n "checking for u_intXX_t types""... $ac_c" 1>&6
-echo "configure:1936: checking for u_intXX_t types" >&5
+echo "configure:1940: checking for u_intXX_t types" >&5
 cat > conftest.$ac_ext <<EOF
-#line 1938 "configure"
+#line 1942 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 int main() {
 u_int16_t c; u_int32_t d; c = 1235; d = 1235;
 ; return 0; }
 EOF
-if { (eval echo configure:1945: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:1949: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   
                 cat >> confdefs.h <<\EOF
@@ -1964,9 +1968,9 @@
            "x$ac_cv_header_sys_bitypes_h" = "xyes"
 then
         echo $ac_n "checking for intXX_t and u_intXX_t types in sys/bitypes.h""... $ac_c" 1>&6
-echo "configure:1968: checking for intXX_t and u_intXX_t types in sys/bitypes.h" >&5
+echo "configure:1972: checking for intXX_t and u_intXX_t types in sys/bitypes.h" >&5
         cat > conftest.$ac_ext <<EOF
-#line 1970 "configure"
+#line 1974 "configure"
 #include "confdefs.h"
 #include <sys/bitypes.h>
 int main() {
@@ -1978,7 +1982,7 @@
                 
 ; return 0; }
 EOF
-if { (eval echo configure:1982: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:1986: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   
                         cat >> confdefs.h <<\EOF
@@ -2002,16 +2006,16 @@
 fi
 
 echo $ac_n "checking for uintXX_t types""... $ac_c" 1>&6
-echo "configure:2006: checking for uintXX_t types" >&5
+echo "configure:2010: checking for uintXX_t types" >&5
 cat > conftest.$ac_ext <<EOF
-#line 2008 "configure"
+#line 2012 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 int main() {
 uint16_t c; uint32_t d; c = 1235; d = 1235;
 ; return 0; }
 EOF
-if { (eval echo configure:2015: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:2019: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   
                 cat >> confdefs.h <<\EOF
@@ -2054,7 +2058,7 @@
 
 
 echo $ac_n "checking for 8-bit clean memcmp""... $ac_c" 1>&6
-echo "configure:2058: checking for 8-bit clean memcmp" >&5
+echo "configure:2062: checking for 8-bit clean memcmp" >&5
 if eval "test \"`echo '$''{'ac_cv_func_memcmp_clean'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -2062,7 +2066,7 @@
   ac_cv_func_memcmp_clean=no
 else
   cat > conftest.$ac_ext <<EOF
-#line 2066 "configure"
+#line 2070 "configure"
 #include "confdefs.h"
 
 main()
@@ -2072,7 +2076,7 @@
 }
 
 EOF
-if { (eval echo configure:2076: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:2080: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   ac_cv_func_memcmp_clean=yes
 else
@@ -2090,12 +2094,12 @@
 test $ac_cv_func_memcmp_clean = no && LIBOBJS="$LIBOBJS memcmp.${ac_objext}"
 
 echo $ac_n "checking return type of signal handlers""... $ac_c" 1>&6
-echo "configure:2094: checking return type of signal handlers" >&5
+echo "configure:2098: checking return type of signal handlers" >&5
 if eval "test \"`echo '$''{'ac_cv_type_signal'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 2099 "configure"
+#line 2103 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <signal.h>
@@ -2112,7 +2116,7 @@
 int i;
 ; return 0; }
 EOF
-if { (eval echo configure:2116: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:2120: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_type_signal=void
 else
@@ -2131,12 +2135,12 @@
 
 
 echo $ac_n "checking for strftime""... $ac_c" 1>&6
-echo "configure:2135: checking for strftime" >&5
+echo "configure:2139: checking for strftime" >&5
 if eval "test \"`echo '$''{'ac_cv_func_strftime'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 2140 "configure"
+#line 2144 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char strftime(); below.  */
@@ -2159,7 +2163,7 @@
 
 ; return 0; }
 EOF
-if { (eval echo configure:2163: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:2167: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_strftime=yes"
 else
@@ -2181,7 +2185,7 @@
   echo "$ac_t""no" 1>&6
 # strftime is in -lintl on SCO UNIX.
 echo $ac_n "checking for strftime in -lintl""... $ac_c" 1>&6
-echo "configure:2185: checking for strftime in -lintl" >&5
+echo "configure:2189: checking for strftime in -lintl" >&5
 ac_lib_var=`echo intl'_'strftime | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -2189,7 +2193,7 @@
   ac_save_LIBS="$LIBS"
 LIBS="-lintl  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 2193 "configure"
+#line 2197 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -2200,7 +2204,7 @@
 strftime()
 ; return 0; }
 EOF
-if { (eval echo configure:2204: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:2208: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -2227,12 +2231,12 @@
 fi
 
 echo $ac_n "checking for vprintf""... $ac_c" 1>&6
-echo "configure:2231: checking for vprintf" >&5
+echo "configure:2235: checking for vprintf" >&5
 if eval "test \"`echo '$''{'ac_cv_func_vprintf'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 2236 "configure"
+#line 2240 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char vprintf(); below.  */
@@ -2255,7 +2259,7 @@
 
 ; return 0; }
 EOF
-if { (eval echo configure:2259: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:2263: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_vprintf=yes"
 else
@@ -2279,12 +2283,12 @@
 
 if test "$ac_cv_func_vprintf" != yes; then
 echo $ac_n "checking for _doprnt""... $ac_c" 1>&6
-echo "configure:2283: checking for _doprnt" >&5
+echo "configure:2287: checking for _doprnt" >&5
 if eval "test \"`echo '$''{'ac_cv_func__doprnt'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 2288 "configure"
+#line 2292 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char _doprnt(); below.  */
@@ -2307,7 +2311,7 @@
 
 ; return 0; }
 EOF
-if { (eval echo configure:2311: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:2315: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func__doprnt=yes"
 else
@@ -2334,12 +2338,12 @@
 for ac_func in gethostname strcspn strdup strerror strspn strtol flock fcntl lockf strlcpy setusercontext
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:2338: checking for $ac_func" >&5
+echo "configure:2342: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 2343 "configure"
+#line 2347 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -2362,7 +2366,7 @@
 
 ; return 0; }
 EOF
-if { (eval echo configure:2366: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:2370: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
--- skey-1.1.5.orig/configure.in	2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/configure.in	2003-11-06 17:47:14.000000000 +0000
@@ -9,19 +9,19 @@
 AC_CHECK_PROG(AR, ar, ar)
 AC_PATH_PROG(PERL, perl)
 AC_PATH_PROG(TOUCH, touch)
-AC_PATH_PROG(SENDMAIL, sendmail, /usr/lib/sendmail, $PATH:/usr/sbin:/usr/lib:/usr/bin)
 AC_SUBST(PERL)
 AC_SUBST(SENDMAIL)
 
 dnl Checks for libraries.
 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
 AC_CHECK_LIB(ucb, flock, LIBS="$LIBS -lucb" LDFLAGS="$LDFLAGS -L/usr/ucblib")
+AC_CHECK_LIB(crack, FascistCheck, LIBS="$LIBS -lcrack")
 
 
 dnl Checks for header files.
 AC_HEADER_STDC
 AC_HEADER_SYS_WAIT
-AC_CHECK_HEADERS(fcntl.h limits.h sys/file.h sys/time.h sys/cdefs.h syslog.h unistd.h sha1.h rmd160.h md4.h md5.h md5global.h err.h crypt.h)
+AC_CHECK_HEADERS(fcntl.h limits.h sys/file.h sys/time.h sys/cdefs.h syslog.h unistd.h sha1.h md4.h md5.h md5global.h err.h crypt.h shadow.h crack.h)
 
 dnl Checks for typedefs, structures, and compiler characteristics.
 AC_C_CONST
--- skey-1.1.5.orig/login_cap.c	2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/login_cap.c	2003-11-06 17:46:45.000000000 +0000
@@ -37,6 +37,7 @@
 #include <errno.h>
 #include <unistd.h>
 #include <pwd.h>
+#include <grp.h>
 #include <syslog.h>
 
 /* 
--- skey-1.1.5.orig/Makefile.in	2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/Makefile.in	2003-11-06 17:47:42.000000000 +0000
@@ -27,12 +27,11 @@
 TOUCH=@TOUCH@
 LDFLAGS=-L. @LDFLAGS@
 
-TARGETS=skey skeyinit skeyinfo skeyaudit
-LIBOBJS=skeylogin.o skeysubr.o put.o errx.o md4c.o md5c.o rmd160.o rmd160hl.o sha1.o sha1hl.o flock.o strlcpy.o login_cap.o
+TARGETS=skey skeyinit skeyinfo libskey.a
+LIBOBJS=skeylogin.o skeysubr.o put.o errx.o md4c.o md5c.o sha1.o sha1hl.o flock.o login_cap.o
 SKEYOBJS=skey.o
 SKEYINITOBJS=skeyinit.o
 SKEYINFOOBJS=skeyinfo.o
-SKEYAUDITOBJS=skeyaudit.o
 
 
 SCRIPTS=skeyprune.pl
@@ -41,11 +40,11 @@
 CATMAN		= skey.0 skeyinit.0 skeyinfo.0 skeyaudit.0 skeyprune.0
 MANPAGES	= @MANTYPE@
 
-PATHSUBS	= -D/etc/skeykeys=${sysconfdir}/skeykeys -D/usr/bin/perl=${PERL} -D/usr/lib/sendmail=${SENDMAIL}
+PATHSUBS	= -D/etc/skeykeys=${sysconfdir}/skeykeys -D/usr/bin/perl=${PERL}
 
 FIXPATHSCMD     = $(PERL) $(srcdir)/fixpaths $(PATHSUBS)
 
-HDRS=	skey.h sha1.h rmd160.h
+HDRS=	skey.h sha1.h
 
 all: ${TARGETS} ${MANPAGES}
 
@@ -55,24 +54,27 @@
 	${AR} rv $@ ${LIBOBJS}
 	${RANLIB} $@
 
-skey: libskey.a ${SKEYOBJS}
+libskey.so: ${LIBOBJS}
+	${CC} ${LDFLAGS} -shared -Wl,-soname,libskey.so.1 -o libskey.so.1.1.5 ${LIBOBJS}
+	ln -fs libskey.so.1.1.5 libskey.so
+	ln -fs libskey.so.1.1.5 libskey.so.1
+	ln -fs libskey.so.1.1.5 libskey.so.1.1
+
+skey: libskey.so ${SKEYOBJS}
 	${CC} -o $@ ${SKEYOBJS} ${LDFLAGS} -lskey ${LIBS}
 
-skeyinit: libskey.a ${SKEYINITOBJS}
+skeyinit: libskey.so ${SKEYINITOBJS}
 	${CC} -o $@ ${SKEYINITOBJS} ${LDFLAGS} -lskey ${LIBS} 
 
-skeyinfo: libskey.a ${SKEYINFOOBJS}
+skeyinfo: libskey.so ${SKEYINFOOBJS}
 	${CC} -o $@ ${SKEYINFOOBJS} ${LDFLAGS} -lskey ${LIBS}
 
-skeyaudit: libskey.a ${SKEYAUDITOBJS}
-	${CC} -o $@ ${SKEYAUDITOBJS} ${LDFLAGS} -lskey ${LIBS}
-
 ${MANPAGES} ${SCRIPTS}::
 	${FIXPATHSCMD} ${srcdir}/$@
 
 clean:
 	rm -f *.o *.a ${TARGETS} config.status config.cache config.log
-	rm -f *.out core
+	rm -f *.out core *.so *.so.*
 
 distclean: clean
 	rm -f Makefile config.h core *~
@@ -97,6 +99,10 @@
 	$(INSTALL) -d $(DESTDIR)$(includedir)
 	$(INSTALL) -d $(DESTDIR)$(sysconfdir)
 	${INSTALL_DATA} libskey.a $(DESTDIR)$(libdir)
+	${INSTALL_DATA} libskey.so.1.1.5 $(DESTDIR)$(libdir)
+	${INSTALL_DATA} libskey.so.1.1 $(DESTDIR)$(libdir)
+	${INSTALL_DATA} libskey.so.1 $(DESTDIR)$(libdir)
+	${INSTALL_DATA} libskey.so $(DESTDIR)$(libdir)
 	${INSTALL_DATA} ${HDRS} $(DESTDIR)$(includedir)
 	@for target in ${TARGETS}; do \
 		${INSTALL_PROGRAM} $$target $(DESTDIR)$(bindir); \
@@ -119,9 +125,9 @@
 	-rm -f $(DESTDIR)$(bindir)/skeyaudit
 	-rm -f $(DESTDIR)$(bindir)/skeyprune
 	-rm -f $(DESTDIR)$(libdir)/libskey.a
+	-rm -f $(DESTDIR)$(libdir)/libskey.so*
 	-rm -f $(DESTDIR)$(includedir)/skey.h
 	-rm -f $(DESTDIR)$(includedir)/sha1.h
-	-rm -f $(DESTDIR)$(includedir)/rmd160.h
 	-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/skey.1
 	-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/skeyinfo.1
 	-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/skeyinit.1
--- skey-1.1.5.orig/put.c	2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/put.c	2003-11-06 17:46:45.000000000 +0000
@@ -14,7 +14,7 @@
 #include <stdio.h>
 #include <string.h>
 #include <assert.h>
-/*#include <ctype.h>*/
+#include <ctype.h>
 #include "config.h"
 
 #include "skey.h"
@@ -22,10 +22,10 @@
 static unsigned int extract __P ((char *s, int start, int length));
 static void standard __P ((char *word));
 static void insert __P ((char *s, int x, int start, int length));
-static int wsrch __P ((char *w, int low, int high));
+static int wsrch __P ((const char *w, int low, int high));
 
 /* Dictionary for integer-word translations */
-static char Wp[2048][4] = {
+char Wp[2048][4] = {
 	"A",
 	"ABE",
 	"ACE",
@@ -2079,19 +2079,13 @@
 /* Encode 8 bytes in 'c' as a string of English words.
  * Returns a pointer to a static buffer
  */
-char *
-btoe(engout, c)
-	char *c;
-	char *engout;
+char *btoe(char *engout, const char *c)
 {
-	char cp[10];	/* add in room for the parity 2 bits + extract() slop */
+	char cp[9];	/* add in room for the parity 2 bits */
 	int p, i;
 
 	engout[0] = '\0';
-
-	/* workaround for extract() reads beyond end of data */
-	(void)memset(cp, 0, sizeof(cp));
-	(void)memcpy(cp, c, 8);
+	memcpy(cp, c, 8);
 
 	/* compute parity */
 	for (p = 0, i = 0; i < 64; i += 2)
@@ -2099,20 +2093,20 @@
 
 	cp[8] = (char)p << 6;
 
-	(void)strncat(engout, &Wp[extract (cp, 0, 11)][0], 4);
-	(void)strcat(engout, " ");
-	(void)strncat(engout, &Wp[extract (cp, 11, 11)][0], 4);
-	(void)strcat(engout, " ");
-	(void)strncat(engout, &Wp[extract (cp, 22, 11)][0], 4);
-	(void)strcat(engout, " ");
-	(void)strncat(engout, &Wp[extract (cp, 33, 11)][0], 4);
-	(void)strcat(engout, " ");
-	(void)strncat(engout, &Wp[extract (cp, 44, 11)][0], 4);
-	(void)strcat(engout, " ");
-	(void)strncat(engout, &Wp[extract (cp, 55, 11)][0], 4);
+	strncat(engout, &Wp[extract (cp, 0, 11)][0], 4);
+	strcat(engout, " ");
+	strncat(engout, &Wp[extract (cp, 11, 11)][0], 4);
+	strcat(engout, " ");
+	strncat(engout, &Wp[extract (cp, 22, 11)][0], 4);
+	strcat(engout, " ");
+	strncat(engout, &Wp[extract (cp, 33, 11)][0], 4);
+	strcat(engout, " ");
+	strncat(engout, &Wp[extract (cp, 44, 11)][0], 4);
+	strcat(engout, " ");
+	strncat(engout, &Wp[extract (cp, 55, 11)][0], 4);
 
 #ifdef	notdef
-	(void)fprintf(stderr, "engout is %s\n\r", engout);
+	printf ("engout is %s\n\r", engout);
 #endif
 	return(engout);
 }
@@ -2123,41 +2117,42 @@
  *        -1 badly formed in put ie > 4 char word
  *        -2 words OK but parity is wrong
  */
-int
-etob(out, e)
-	char *out;
-	char *e;
+int etob(char *out, const char *e)
 {
 	char *word;
 	int i, p, v, l, low, high;
-	char b[SKEY_BINKEY_SIZE+1];
+	char b[9];
 	char input[36];
+	char *last;
 
 	if (e == NULL)
-		return(-1);
+		return -1;
 
-	(void)strncpy(input, e, sizeof(input) - 1);
-	input[sizeof(input) - 1] = '\0';
-	(void)memset(b, 0, sizeof(b));
-	(void)memset(out, 0, SKEY_BINKEY_SIZE);
-	for (i = 0, p = 0; i < 6; i++, p += 11) {
-		if ((word = strtok(i == 0 ? input : NULL, " ")) == NULL) 
-			return(-1);
-
-		l = strlen(word);
-		if (l > 4 || l < 1) {
-			return(-1);
-		} else if (l < 4) {
+	strncpy (input, e, sizeof(input));
+	memset(b, 0, sizeof(b));
+	memset(out, 0, 8);
+	for (i = 0, p = 0; i < 6; i++, p += 11) 
+	{
+		if ((word = strtok_r(i == 0 ? input : NULL, " ", &last)) == NULL) 
+			return -1;
+
+		l = strlen (word);
+		if (l > 4 || l < 1)
+			return -1;
+		else if (l < 4) 
+		{
 			low = 0;
 			high = 570;
-		} else {
+		} 
+		else 
+		{
 			low = 571;
 			high = 2047;
 		}
 		standard(word);
 
 		if ((v = wsrch(word, low, high)) < 0) 
-			return(0);
+			return 0;
 
 		insert(b, v, p, 11);
 	}
@@ -2167,55 +2162,47 @@
 		p += extract (b, i, 2);
 
 	if ((p & 3) != extract (b, 64, 2)) 
-		return(-2);
+		return -2;
 
-	(void)memcpy(out, b, SKEY_BINKEY_SIZE);
+	memcpy(out, b, 8);
 
-	return(1);
+	return 1;
 }
 
 /* Display 8 bytes as a series of 16-bit hex digits */
-char *
-put8(out, s)
-	char *out;
-	char *s;
+char *put8(char *out, const char *s)
 {
-	(void)sprintf(out, "%02X%02X %02X%02X %02X%02X %02X%02X",
+	sprintf(out, "%02X%02X %02X%02X %02X%02X %02X%02X",
 			s[0] & 0xff, s[1] & 0xff, s[2] & 0xff,
 			s[3] & 0xff, s[4] & 0xff, s[5] & 0xff,
 			s[6] & 0xff, s[7] & 0xff);
-	return(out);
+	return out;
 }
 
 #ifdef	notdef
 /* Encode 8 bytes in 'cp' as stream of ascii letters.
  * Provided as a possible alternative to btoe()
  */
-char *
-btoc(cp)
-	char *cp;
+char *btoc(char *cp)
 {
 	int i;
 	static char out[31];
 
 	/* code out put by characters 6 bits each added to 0x21 (!) */
-	for (i = 0; i <= 10; i++) {
+	for (i = 0; i <= 10; i++) 
+	{
 		/* last one is only 4 bits not 6 */
 		out[i] = '!' + extract (cp, 6 * i, i >= 10 ? 4 : 6);
 	}
 	out[i] = '\0';
-	return(out);
+	return out;
 }
 #endif
 
 /* Internal subroutines for word encoding/decoding */
 
 /* Dictionary binary search */
-static int
-wsrch(w, low, high)
-	char *w;
-	int low;
-	int high;
+static int wsrch(const char *w, int low, int high)
 {
 	int i, j;
 
@@ -2223,18 +2210,18 @@
 		i = (low + high) / 2;
 
 		if ((j = strncmp(w, Wp[i], 4)) == 0)
-			return(i);			/* Found it */
-
-		if (high == low + 1) {
+			return i;			/* Found it */
+		if (high == low + 1) 
+		{
 			/* Avoid effects of integer truncation in /2 */
 			if (strncmp(w, Wp[high], 4) == 0)
-				return(high);
+				return high;
 			else
-				return(-1);
+				return -1;
 		}
 
 		if (low >= high)
-			return(-1);	/* I don't *think* this can happen... */
+			return -1;	/* I don't *think* this can happen... */
 		if (j < 0)
 			high = i;	/* Search lower half */
 		else
@@ -2242,12 +2229,7 @@
 	}
 }
 
-static void
-insert(s, x, start, length)
-	char *s;
-	int x;
-	int start;
-	int length;
+static void insert(char *s, int x, int start, int length)
 {
 	unsigned char cl;
 	unsigned char cc;
@@ -2261,25 +2243,28 @@
 	assert(start + length <= 66);
 
 	shift = ((8 - ((start + length) % 8)) % 8);
-	y = x << shift;
+	y = (int) x << shift;
 	cl = (y >> 16) & 0xff;
 	cc = (y >> 8) & 0xff;
 	cr = y & 0xff;
-	if (shift + length > 16) {
+	if (shift + length > 16) 
+	{
 		s[start / 8] |= cl;
 		s[start / 8 + 1] |= cc;
 		s[start / 8 + 2] |= cr;
-	} else if (shift + length > 8) {
+	} 
+	else if (shift + length > 8) 
+	{
 		s[start / 8] |= cc;
 		s[start / 8 + 1] |= cr;
-	} else {
+	} 
+	else 
+	{
 		s[start / 8] |= cr;
  	}
 }
 
-static void
-standard(word)
-	register char *word;
+static void standard(char *word)
 {
 	while (*word) {
 		if (!isascii(*word))
@@ -2297,11 +2282,7 @@
 }
 
 /* Extract 'length' bits from the char array 's' starting with bit 'start' */
-static unsigned int
-extract(s, start, length)
-	char *s;
-	int start;
-	int length;
+static unsigned int extract(char *s, int start, int length)
 {
 	unsigned char cl;
 	unsigned char cc;
@@ -2320,5 +2301,5 @@
 	x = x >> (24 - (length + (start % 8)));
 	x = (x & (0xffff >> (16 - length)));
 
-	return(x);
+	return x;
 }
--- skey-1.1.5.orig/rmd160.c	2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/rmd160.c	1970-01-01 01:00:00.000000000 +0100
@@ -1,428 +0,0 @@
-/********************************************************************\
- *
- *      FILE:     rmd160.c
- *
- *      CONTENTS: A sample C-implementation of the RIPEMD-160
- *		  hash-function.
- *      TARGET:   any computer with an ANSI C compiler
- *
- *      AUTHOR:   Antoon Bosselaers, ESAT-COSIC
- *		  (Arranged for libc by Todd C. Miller)
- *      DATE:     1 March 1996
- *      VERSION:  1.0
- *
- *      Copyright (c) Katholieke Universiteit Leuven
- *      1996, All Rights Reserved
- *
-\********************************************************************/
-#ifndef HAVE_RMD160_H
-
-/* header files */
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include "config.h"
-#include "rmd160.h"
-
-/********************************************************************/
-
-/* macro definitions */
-
-/* collect four bytes into one word: */
-#define BYTES_TO_DWORD(strptr)			\
-    (((u_int32_t) *((strptr)+3) << 24) |	\
-    ((u_int32_t) *((strptr)+2) << 16) |		\
-    ((u_int32_t) *((strptr)+1) <<  8) |		\
-    ((u_int32_t) *(strptr)))
-
-/* ROL(x, n) cyclically rotates x over n bits to the left */
-/* x must be of an unsigned 32 bits type and 0 <= n < 32. */
-#define ROL(x, n)	(((x) << (n)) | ((x) >> (32-(n))))
-
-/* the three basic functions F(), G() and H() */
-#define F(x, y, z)	((x) ^ (y) ^ (z))
-#define G(x, y, z)	(((x) & (y)) | (~(x) & (z)))
-#define H(x, y, z)	(((x) | ~(y)) ^ (z))
-#define I(x, y, z)	(((x) & (z)) | ((y) & ~(z)))
-#define J(x, y, z)	((x) ^ ((y) | ~(z)))
-
-/* the eight basic operations FF() through III() */
-#define FF(a, b, c, d, e, x, s)	{			\
-      (a) += F((b), (c), (d)) + (x);			\
-      (a) = ROL((a), (s)) + (e);			\
-      (c) = ROL((c), 10);				\
-}
-#define GG(a, b, c, d, e, x, s)	{			\
-      (a) += G((b), (c), (d)) + (x) + 0x5a827999U;	\
-      (a) = ROL((a), (s)) + (e);			\
-      (c) = ROL((c), 10);				\
-}
-#define HH(a, b, c, d, e, x, s)	{			\
-      (a) += H((b), (c), (d)) + (x) + 0x6ed9eba1U;	\
-      (a) = ROL((a), (s)) + (e);			\
-      (c) = ROL((c), 10);				\
-}
-#define II(a, b, c, d, e, x, s)	{			\
-      (a) += I((b), (c), (d)) + (x) + 0x8f1bbcdcU;	\
-      (a) = ROL((a), (s)) + (e);			\
-      (c) = ROL((c), 10);				\
-}
-#define JJ(a, b, c, d, e, x, s)	{			\
-      (a) += J((b), (c), (d)) + (x) + 0xa953fd4eU;	\
-      (a) = ROL((a), (s)) + (e);			\
-      (c) = ROL((c), 10);				\
-}
-#define FFF(a, b, c, d, e, x, s)	{		\
-      (a) += F((b), (c), (d)) + (x);			\
-      (a) = ROL((a), (s)) + (e);			\
-      (c) = ROL((c), 10);				\
-}
-#define GGG(a, b, c, d, e, x, s)	{		\
-      (a) += G((b), (c), (d)) + (x) + 0x7a6d76e9U;	\
-      (a) = ROL((a), (s)) + (e);			\
-      (c) = ROL((c), 10);				\
-}
-#define HHH(a, b, c, d, e, x, s)	{		\
-      (a) += H((b), (c), (d)) + (x) + 0x6d703ef3U;	\
-      (a) = ROL((a), (s)) + (e);			\
-      (c) = ROL((c), 10);				\
-}
-#define III(a, b, c, d, e, x, s)	{		\
-      (a) += I((b), (c), (d)) + (x) + 0x5c4dd124U;	\
-      (a) = ROL((a), (s)) + (e);			\
-      (c) = ROL((c), 10);				\
-}
-#define JJJ(a, b, c, d, e, x, s)	{		\
-      (a) += J((b), (c), (d)) + (x) + 0x50a28be6U;	\
-      (a) = ROL((a), (s)) + (e);			\
-      (c) = ROL((c), 10);				\
-}
-
-/********************************************************************/
-
-void
-RMD160Init(context)
-	RMD160_CTX *context;
-{
-
-	/* ripemd-160 initialization constants */
-	context->state[0] = 0x67452301U;
-	context->state[1] = 0xefcdab89U;
-	context->state[2] = 0x98badcfeU;
-	context->state[3] = 0x10325476U;
-	context->state[4] = 0xc3d2e1f0U;
-	context->length[0] = context->length[1] = 0;
-	context->buflen = 0;
-}
-
-/********************************************************************/
-
-void
-RMD160Transform(state, block)
-	u_int32_t state[5];
-	const u_int32_t block[16];
-{
-	u_int32_t aa = state[0],  bb = state[1],  cc = state[2],
-	    dd = state[3],  ee = state[4];
-	u_int32_t aaa = state[0], bbb = state[1], ccc = state[2],
-	    ddd = state[3], eee = state[4];
-
-	/* round 1 */
-	FF(aa, bb, cc, dd, ee, block[ 0], 11);
-	FF(ee, aa, bb, cc, dd, block[ 1], 14);
-	FF(dd, ee, aa, bb, cc, block[ 2], 15);
-	FF(cc, dd, ee, aa, bb, block[ 3], 12);
-	FF(bb, cc, dd, ee, aa, block[ 4],  5);
-	FF(aa, bb, cc, dd, ee, block[ 5],  8);
-	FF(ee, aa, bb, cc, dd, block[ 6],  7);
-	FF(dd, ee, aa, bb, cc, block[ 7],  9);
-	FF(cc, dd, ee, aa, bb, block[ 8], 11);
-	FF(bb, cc, dd, ee, aa, block[ 9], 13);
-	FF(aa, bb, cc, dd, ee, block[10], 14);
-	FF(ee, aa, bb, cc, dd, block[11], 15);
-	FF(dd, ee, aa, bb, cc, block[12],  6);
-	FF(cc, dd, ee, aa, bb, block[13],  7);
-	FF(bb, cc, dd, ee, aa, block[14],  9);
-	FF(aa, bb, cc, dd, ee, block[15],  8);
-
-	/* round 2 */
-	GG(ee, aa, bb, cc, dd, block[ 7],  7);
-	GG(dd, ee, aa, bb, cc, block[ 4],  6);
-	GG(cc, dd, ee, aa, bb, block[13],  8);
-	GG(bb, cc, dd, ee, aa, block[ 1], 13);
-	GG(aa, bb, cc, dd, ee, block[10], 11);
-	GG(ee, aa, bb, cc, dd, block[ 6],  9);
-	GG(dd, ee, aa, bb, cc, block[15],  7);
-	GG(cc, dd, ee, aa, bb, block[ 3], 15);
-	GG(bb, cc, dd, ee, aa, block[12],  7);
-	GG(aa, bb, cc, dd, ee, block[ 0], 12);
-	GG(ee, aa, bb, cc, dd, block[ 9], 15);
-	GG(dd, ee, aa, bb, cc, block[ 5],  9);
-	GG(cc, dd, ee, aa, bb, block[ 2], 11);
-	GG(bb, cc, dd, ee, aa, block[14],  7);
-	GG(aa, bb, cc, dd, ee, block[11], 13);
-	GG(ee, aa, bb, cc, dd, block[ 8], 12);
-
-	/* round 3 */
-	HH(dd, ee, aa, bb, cc, block[ 3], 11);
-	HH(cc, dd, ee, aa, bb, block[10], 13);
-	HH(bb, cc, dd, ee, aa, block[14],  6);
-	HH(aa, bb, cc, dd, ee, block[ 4],  7);
-	HH(ee, aa, bb, cc, dd, block[ 9], 14);
-	HH(dd, ee, aa, bb, cc, block[15],  9);
-	HH(cc, dd, ee, aa, bb, block[ 8], 13);
-	HH(bb, cc, dd, ee, aa, block[ 1], 15);
-	HH(aa, bb, cc, dd, ee, block[ 2], 14);
-	HH(ee, aa, bb, cc, dd, block[ 7],  8);
-	HH(dd, ee, aa, bb, cc, block[ 0], 13);
-	HH(cc, dd, ee, aa, bb, block[ 6],  6);
-	HH(bb, cc, dd, ee, aa, block[13],  5);
-	HH(aa, bb, cc, dd, ee, block[11], 12);
-	HH(ee, aa, bb, cc, dd, block[ 5],  7);
-	HH(dd, ee, aa, bb, cc, block[12],  5);
-
-	/* round 4 */
-	II(cc, dd, ee, aa, bb, block[ 1], 11);
-	II(bb, cc, dd, ee, aa, block[ 9], 12);
-	II(aa, bb, cc, dd, ee, block[11], 14);
-	II(ee, aa, bb, cc, dd, block[10], 15);
-	II(dd, ee, aa, bb, cc, block[ 0], 14);
-	II(cc, dd, ee, aa, bb, block[ 8], 15);
-	II(bb, cc, dd, ee, aa, block[12],  9);
-	II(aa, bb, cc, dd, ee, block[ 4],  8);
-	II(ee, aa, bb, cc, dd, block[13],  9);
-	II(dd, ee, aa, bb, cc, block[ 3], 14);
-	II(cc, dd, ee, aa, bb, block[ 7],  5);
-	II(bb, cc, dd, ee, aa, block[15],  6);
-	II(aa, bb, cc, dd, ee, block[14],  8);
-	II(ee, aa, bb, cc, dd, block[ 5],  6);
-	II(dd, ee, aa, bb, cc, block[ 6],  5);
-	II(cc, dd, ee, aa, bb, block[ 2], 12);
-
-	/* round 5 */
-	JJ(bb, cc, dd, ee, aa, block[ 4],  9);
-	JJ(aa, bb, cc, dd, ee, block[ 0], 15);
-	JJ(ee, aa, bb, cc, dd, block[ 5],  5);
-	JJ(dd, ee, aa, bb, cc, block[ 9], 11);
-	JJ(cc, dd, ee, aa, bb, block[ 7],  6);
-	JJ(bb, cc, dd, ee, aa, block[12],  8);
-	JJ(aa, bb, cc, dd, ee, block[ 2], 13);
-	JJ(ee, aa, bb, cc, dd, block[10], 12);
-	JJ(dd, ee, aa, bb, cc, block[14],  5);
-	JJ(cc, dd, ee, aa, bb, block[ 1], 12);
-	JJ(bb, cc, dd, ee, aa, block[ 3], 13);
-	JJ(aa, bb, cc, dd, ee, block[ 8], 14);
-	JJ(ee, aa, bb, cc, dd, block[11], 11);
-	JJ(dd, ee, aa, bb, cc, block[ 6],  8);
-	JJ(cc, dd, ee, aa, bb, block[15],  5);
-	JJ(bb, cc, dd, ee, aa, block[13],  6);
-
-	/* parallel round 1 */
-	JJJ(aaa, bbb, ccc, ddd, eee, block[ 5],  8);
-	JJJ(eee, aaa, bbb, ccc, ddd, block[14],  9);
-	JJJ(ddd, eee, aaa, bbb, ccc, block[ 7],  9);
-	JJJ(ccc, ddd, eee, aaa, bbb, block[ 0], 11);
-	JJJ(bbb, ccc, ddd, eee, aaa, block[ 9], 13);
-	JJJ(aaa, bbb, ccc, ddd, eee, block[ 2], 15);
-	JJJ(eee, aaa, bbb, ccc, ddd, block[11], 15);
-	JJJ(ddd, eee, aaa, bbb, ccc, block[ 4],  5);
-	JJJ(ccc, ddd, eee, aaa, bbb, block[13],  7);
-	JJJ(bbb, ccc, ddd, eee, aaa, block[ 6],  7);
-	JJJ(aaa, bbb, ccc, ddd, eee, block[15],  8);
-	JJJ(eee, aaa, bbb, ccc, ddd, block[ 8], 11);
-	JJJ(ddd, eee, aaa, bbb, ccc, block[ 1], 14);
-	JJJ(ccc, ddd, eee, aaa, bbb, block[10], 14);
-	JJJ(bbb, ccc, ddd, eee, aaa, block[ 3], 12);
-	JJJ(aaa, bbb, ccc, ddd, eee, block[12],  6);
-
-	/* parallel round 2 */
-	III(eee, aaa, bbb, ccc, ddd, block[ 6],  9);
-	III(ddd, eee, aaa, bbb, ccc, block[11], 13);
-	III(ccc, ddd, eee, aaa, bbb, block[ 3], 15);
-	III(bbb, ccc, ddd, eee, aaa, block[ 7],  7);
-	III(aaa, bbb, ccc, ddd, eee, block[ 0], 12);
-	III(eee, aaa, bbb, ccc, ddd, block[13],  8);
-	III(ddd, eee, aaa, bbb, ccc, block[ 5],  9);
-	III(ccc, ddd, eee, aaa, bbb, block[10], 11);
-	III(bbb, ccc, ddd, eee, aaa, block[14],  7);
-	III(aaa, bbb, ccc, ddd, eee, block[15],  7);
-	III(eee, aaa, bbb, ccc, ddd, block[ 8], 12);
-	III(ddd, eee, aaa, bbb, ccc, block[12],  7);
-	III(ccc, ddd, eee, aaa, bbb, block[ 4],  6);
-	III(bbb, ccc, ddd, eee, aaa, block[ 9], 15);
-	III(aaa, bbb, ccc, ddd, eee, block[ 1], 13);
-	III(eee, aaa, bbb, ccc, ddd, block[ 2], 11);
-
-	/* parallel round 3 */
-	HHH(ddd, eee, aaa, bbb, ccc, block[15],  9);
-	HHH(ccc, ddd, eee, aaa, bbb, block[ 5],  7);
-	HHH(bbb, ccc, ddd, eee, aaa, block[ 1], 15);
-	HHH(aaa, bbb, ccc, ddd, eee, block[ 3], 11);
-	HHH(eee, aaa, bbb, ccc, ddd, block[ 7],  8);
-	HHH(ddd, eee, aaa, bbb, ccc, block[14],  6);
-	HHH(ccc, ddd, eee, aaa, bbb, block[ 6],  6);
-	HHH(bbb, ccc, ddd, eee, aaa, block[ 9], 14);
-	HHH(aaa, bbb, ccc, ddd, eee, block[11], 12);
-	HHH(eee, aaa, bbb, ccc, ddd, block[ 8], 13);
-	HHH(ddd, eee, aaa, bbb, ccc, block[12],  5);
-	HHH(ccc, ddd, eee, aaa, bbb, block[ 2], 14);
-	HHH(bbb, ccc, ddd, eee, aaa, block[10], 13);
-	HHH(aaa, bbb, ccc, ddd, eee, block[ 0], 13);
-	HHH(eee, aaa, bbb, ccc, ddd, block[ 4],  7);
-	HHH(ddd, eee, aaa, bbb, ccc, block[13],  5);
-
-	/* parallel round 4 */
-	GGG(ccc, ddd, eee, aaa, bbb, block[ 8], 15);
-	GGG(bbb, ccc, ddd, eee, aaa, block[ 6],  5);
-	GGG(aaa, bbb, ccc, ddd, eee, block[ 4],  8);
-	GGG(eee, aaa, bbb, ccc, ddd, block[ 1], 11);
-	GGG(ddd, eee, aaa, bbb, ccc, block[ 3], 14);
-	GGG(ccc, ddd, eee, aaa, bbb, block[11], 14);
-	GGG(bbb, ccc, ddd, eee, aaa, block[15],  6);
-	GGG(aaa, bbb, ccc, ddd, eee, block[ 0], 14);
-	GGG(eee, aaa, bbb, ccc, ddd, block[ 5],  6);
-	GGG(ddd, eee, aaa, bbb, ccc, block[12],  9);
-	GGG(ccc, ddd, eee, aaa, bbb, block[ 2], 12);
-	GGG(bbb, ccc, ddd, eee, aaa, block[13],  9);
-	GGG(aaa, bbb, ccc, ddd, eee, block[ 9], 12);
-	GGG(eee, aaa, bbb, ccc, ddd, block[ 7],  5);
-	GGG(ddd, eee, aaa, bbb, ccc, block[10], 15);
-	GGG(ccc, ddd, eee, aaa, bbb, block[14],  8);
-
-	/* parallel round 5 */
-	FFF(bbb, ccc, ddd, eee, aaa, block[12] ,  8);
-	FFF(aaa, bbb, ccc, ddd, eee, block[15] ,  5);
-	FFF(eee, aaa, bbb, ccc, ddd, block[10] , 12);
-	FFF(ddd, eee, aaa, bbb, ccc, block[ 4] ,  9);
-	FFF(ccc, ddd, eee, aaa, bbb, block[ 1] , 12);
-	FFF(bbb, ccc, ddd, eee, aaa, block[ 5] ,  5);
-	FFF(aaa, bbb, ccc, ddd, eee, block[ 8] , 14);
-	FFF(eee, aaa, bbb, ccc, ddd, block[ 7] ,  6);
-	FFF(ddd, eee, aaa, bbb, ccc, block[ 6] ,  8);
-	FFF(ccc, ddd, eee, aaa, bbb, block[ 2] , 13);
-	FFF(bbb, ccc, ddd, eee, aaa, block[13] ,  6);
-	FFF(aaa, bbb, ccc, ddd, eee, block[14] ,  5);
-	FFF(eee, aaa, bbb, ccc, ddd, block[ 0] , 15);
-	FFF(ddd, eee, aaa, bbb, ccc, block[ 3] , 13);
-	FFF(ccc, ddd, eee, aaa, bbb, block[ 9] , 11);
-	FFF(bbb, ccc, ddd, eee, aaa, block[11] , 11);
-
-	/* combine results */
-	ddd += cc + state[1];		/* final result for state[0] */
-	state[1] = state[2] + dd + eee;
-	state[2] = state[3] + ee + aaa;
-	state[3] = state[4] + aa + bbb;
-	state[4] = state[0] + bb + ccc;
-	state[0] = ddd;
-}
-
-/********************************************************************/
-
-void
-RMD160Update(context, data, nbytes)
-	RMD160_CTX *context;
-	const u_char *data;
-	u_int32_t nbytes;
-{
-	u_int32_t X[16];
-	u_int32_t ofs = 0;
-	u_int32_t i;
-#ifdef WORDS_BIGENDIAN
-	u_int32_t j;
-#endif
-
-	/* update length[] */
-	if (context->length[0] + nbytes < context->length[0])
-		context->length[1]++;		/* overflow to msb of length */
-	context->length[0] += nbytes;
-
-	(void)memset(X, 0, sizeof(X));
-
-        if ( context->buflen + nbytes < 64 )
-        {
-                (void)memcpy(context->bbuffer + context->buflen, data, nbytes);
-                context->buflen += nbytes;
-        }
-        else
-        {
-                /* process first block */
-                ofs = 64 - context->buflen;
-                (void)memcpy(context->bbuffer + context->buflen, data, ofs);
-#ifndef WORDS_BIGENDIAN
-                (void)memcpy(X, context->bbuffer, sizeof(X));
-#else
-                for (j=0; j < 16; j++)
-                        X[j] = BYTES_TO_DWORD(context->bbuffer + (4 * j));
-#endif
-                RMD160Transform(context->state, X);
-                nbytes -= ofs;
-
-                /* process remaining complete blocks */
-                for (i = 0; i < (nbytes >> 6); i++) {
-#ifndef WORDS_BIGENDIAN
-                        (void)memcpy(X, data + (64 * i) + ofs, sizeof(X));
-#else
-                        for (j=0; j < 16; j++)
-                                X[j] = BYTES_TO_DWORD(data + (64 * i) + (4 * j) + ofs);
-#endif
-                        RMD160Transform(context->state, X);
-                }
-
-                /*
-                 * Put last bytes from data into context's buffer
-                 */
-                context->buflen = nbytes & 63;
-                memcpy(context->bbuffer, data + (64 * i) + ofs, context->buflen);
-        }
-}
-
-/********************************************************************/
-
-void
-RMD160Final(digest, context)
-	u_char digest[20];
-	RMD160_CTX *context;
-{
-	u_int32_t i;
-	u_int32_t X[16];
-#ifdef WORDS_BIGENDIAN
-	u_int32_t j;
-#endif
-
-	/* append the bit m_n == 1 */
-	context->bbuffer[context->buflen] = '\200';
-
-	(void)memset(context->bbuffer + context->buflen + 1, 0,
-		63 - context->buflen);
-#ifndef WORDS_BIGENDIAN
-	(void)memcpy(X, context->bbuffer, sizeof(X));
-#else
-	for (j=0; j < 16; j++)
-		X[j] = BYTES_TO_DWORD(context->bbuffer + (4 * j));
-#endif
-	if ((context->buflen) > 55) {
-		/* length goes to next block */
-		RMD160Transform(context->state, X);
-		(void)memset(X, 0, sizeof(X));
-	}
-
-	/* append length in bits */
-	X[14] = context->length[0] << 3;
-	X[15] = (context->length[0] >> 29) |
-	    (context->length[1] << 3);
-	RMD160Transform(context->state, X);
-
-	if (digest != NULL) {
-		for (i = 0; i < 20; i += 4) {
-			/* extracts the 8 least significant bits. */
-			digest[i]     =  context->state[i>>2];
-			digest[i + 1] = (context->state[i>>2] >>  8);
-			digest[i + 2] = (context->state[i>>2] >> 16);
-			digest[i + 3] = (context->state[i>>2] >> 24);
-		}
-	}
-}
-
-/************************ end of file rmd160.c **********************/
-#endif
--- skey-1.1.5.orig/rmd160.h	2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/rmd160.h	1970-01-01 01:00:00.000000000 +0100
@@ -1,48 +0,0 @@
-/*	$OpenBSD: rmd160.h,v 1.4 1999/08/16 09:59:04 millert Exp $	*/
-
-/********************************************************************\
- *
- *      FILE:     rmd160.h
- *
- *      CONTENTS: Header file for a sample C-implementation of the
- *                RIPEMD-160 hash-function. 
- *      TARGET:   any computer with an ANSI C compiler
- *
- *      AUTHOR:   Antoon Bosselaers, ESAT-COSIC
- *      DATE:     1 March 1996
- *      VERSION:  1.0
- *
- *      Copyright (c) Katholieke Universiteit Leuven
- *      1996, All Rights Reserved
- *
-\********************************************************************/
-
-#ifndef  _RMD160_H	/* make sure this file is read only once */
-#define  _RMD160_H
-
-/********************************************************************/
-
-/* structure definitions */
-
-typedef struct {
-	u_int32_t state[5];	/* state (ABCDE) */
-	u_int32_t length[2];	/* number of bits */
-	u_char	bbuffer[64];    /* overflow buffer */
-	u_int32_t buflen;	/* number of chars in bbuffer */
-} RMD160_CTX;
-
-/********************************************************************/
-
-/* function prototypes */
-
-void RMD160Init __P((RMD160_CTX *context));
-void RMD160Transform __P((u_int32_t state[5], const u_int32_t block[16]));
-void RMD160Update __P((RMD160_CTX *context, const u_char *data, u_int32_t nbytes));
-void RMD160Final __P((u_char digest[20], RMD160_CTX *context));
-char *RMD160End __P((RMD160_CTX *, char *));
-char *RMD160File __P((char *, char *));
-char *RMD160Data __P((const u_char *, size_t, char *));
-
-#endif  /* _RMD160_H */
-
-/*********************** end of file rmd160.h ***********************/
--- skey-1.1.5.orig/rmd160hl.c	2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/rmd160hl.c	1970-01-01 01:00:00.000000000 +0100
@@ -1,85 +0,0 @@
-/* rmd160hl.c
- * ----------------------------------------------------------------------------
- * "THE BEER-WARE LICENSE" (Revision 42):
- * <phk@login.dkuug.dk> wrote this file.  As long as you retain this notice you
- * can do whatever you want with this stuff. If we meet some day, and you think
- * this stuff is worth it, you can buy me a beer in return.   Poul-Henning Kamp
- * ----------------------------------------------------------------------------
- */
-
-#if defined(LIBC_SCCS) && !defined(lint)
-static char rcsid[] = "$OpenBSD: rmd160hl.c,v 1.2 1999/08/17 09:13:12 millert Exp $";
-#endif /* LIBC_SCCS and not lint */
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <sys/types.h>
-#include <sys/uio.h>
-#include <unistd.h>
-#include "config.h"
-#ifdef HAVE_RMD160_H
-#include <rmd160.h>
-#else
-#include "rmd160.h"
-#endif
-
-/* ARGSUSED */
-char *
-RMD160End(ctx, buf)
-    RMD160_CTX *ctx;
-    char *buf;
-{
-    int i;
-    char *p = buf;
-    u_char digest[20];
-    static const char hex[]="0123456789abcdef";
-
-    if (p == NULL && (p = malloc(41)) == NULL)
-	return 0;
-
-    RMD160Final(digest,ctx);
-    for (i = 0; i < 20; i++) {
-	p[i + i] = hex[digest[i] >> 4];
-	p[i + i + 1] = hex[digest[i] & 0x0f];
-    }
-    p[i + i] = '\0';
-    return(p);
-}
-
-char *
-RMD160File (filename, buf)
-    char *filename;
-    char *buf;
-{
-    u_char buffer[BUFSIZ];
-    RMD160_CTX ctx;
-    int fd, num, oerrno;
-
-    RMD160Init(&ctx);
-
-    if ((fd = open(filename, O_RDONLY)) < 0)
-	return(0);
-
-    while ((num = read(fd, buffer, sizeof(buffer))) > 0)
-	RMD160Update(&ctx, buffer, num);
-
-    oerrno = errno;
-    close(fd);
-    errno = oerrno;
-    return(num < 0 ? 0 : RMD160End(&ctx, buf));
-}
-
-char *
-RMD160Data (data, len, buf)
-    const u_char *data;
-    size_t len;
-    char *buf;
-{
-    RMD160_CTX ctx;
-
-    RMD160Init(&ctx);
-    RMD160Update(&ctx, data, len);
-    return(RMD160End(&ctx, buf));
-}
--- skey-1.1.5.orig/skey.1	2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/skey.1	2003-11-06 17:46:45.000000000 +0000
@@ -1,95 +1,165 @@
-.\" $OpenBSD: skey.1,v 1.21 2000/11/09 17:52:38 aaron Exp $
-.\"	@(#)skey.1	1.1 	10/28/93
+.\"	$NetBSD: skey.1,v 1.21 2003/09/07 16:22:24 wiz Exp $
 .\"
-.Dd October 28, 1993
+.\"	from: @(#)skey.1	1.1 	10/28/93
+.\"
+.Dd July 25, 2001
 .Dt SKEY 1
 .Os
 .Sh NAME
-.Nm skey, otp-md4, otp-md5, otp-sha1, otp-rmd160
+.Nm skey
 .Nd respond to an OTP challenge
 .Sh SYNOPSIS
-.Nm skey
-.Op Fl x
-.Oo
-.Fl md4 | Fl md5 | Fl sha1 |
-.Fl rmd160
-.Oc
+.Nm
 .Op Fl n Ar count
-.Op Fl p Ar passwd
-<sequence#>[/] key
+.Op Fl p Ar password
+.Op Fl t Ar hash
+.Op Fl x
+.Ar sequence#
+.Op /
+.Ar key
 .Sh DESCRIPTION
-.Nm S/key
-is a procedure for using one-time passwords to authenticate access to
-computer systems.
-It uses 64 bits of information transformed by the
-MD4, MD5, SHA1, or RIPEMD-160 algorithms.
-The user supplies the 64 bits
-in the form of 6 English words that are generated by a secure computer.
-This implementation of
-.Nm s/key
-is RFC 1938 compliant.
+.Em S/Key
+is a One Time Password (OTP) authentication system.
+It is intended to be used when the communication channel between
+a user and host is not secure (e.g. not encrypted or hardwired).
+Since each password is used only once, even if it is "seen" by a
+hostile third party, it cannot be used again to gain access to the host.
 .Pp
-When
-.Nm skey
-is invoked as
-.Nm otp-method ,
-.Nm skey
-will use
-.Ar method
-as the hash function where
-.Ar method
-is currently one of md4, md5, sha1, or rmd160.
+.Em S/Key
+uses 64 bits of information, transformed by the
+.Tn MD4
+algorithm into 6 English words.
+The user supplies the words to authenticate himself to programs like
+.Xr login 1
+or
+.Xr ftpd 8 .
+.Pp
+Example use of the
+.Em S/Key
+program
+.Nm :
+.Bd -literal -offset indent
+% skey  99  th91334
+Enter password: \*[Lt]your secret password is entered here\*[Gt]
+OMEN US HORN OMIT BACK AHOY
+%
+.Ed
+.Pp
+The string that is given back by
+.Nm
+can then be used to log into a system.
+.Pp
+The programs that are part of the
+.Em S/Key
+system are:
+.Bl -tag -width skeyauditxxx
+.It Xr skeyinit 1
+used to set up your
+.Em S/Key .
+.It Nm
+used to get the one time password(s).
+.It Xr skeyinfo 1
+used to initialize the
+.Em S/Key
+database for the specified user.
+It also tells the user what the next challenge will be.
+.It Xr skeyaudit 1
+used to inform users that they will soon have to rerun
+.Xr skeyinit 1 .
+.El
 .Pp
-If you misspell your password while running
-.Nm skey ,
+When you run
+.Xr skeyinit 1
+you inform the system of your
+secret password.
+Running
+.Nm
+then generates the
+one-time password(s), after requiring your secret password.
+If however, you misspell your secret password that you have given to
+.Xr skeyinit 1
+while running
+.Xr skey 1
 you will get a list of passwords
-that will not work, and no indication of the problem.
+that will not work, and no indication about the problem.
 .Pp
-Password sequence numbers count backwards.
+Password sequence numbers count backward from 99.
 You can enter the passwords using small letters, even though
-.Nm skey
+.Xr skey 1
 prints them capitalized.
 .Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl n Ar count
-Prints out
+The
+.Fl n Ar count
+argument asks for
 .Ar count
-one-time passwords.
-The default is to print one.
-.It Fl p Ar password
-Uses
-.Ar password
-as the secret password.
-Use of this option is discouraged as
-your secret password could be visible in a process listing.
-.It Fl x
-Causes output to be in hexadecimal instead of ASCII.
-.It Fl md4
-Selects MD4 as the hash algorithm.
-.It Fl md5
-Selects MD5 as the hash algorithm.
-.It Fl sha1
-Selects SHA-1 (NIST Secure Hash Algorithm Revision 1) as the hash algorithm.
-.It Fl rmd160
-Selects RMD-160 (160 bit Ripe Message Digest) as the hash algorithm.
-.El
+password sequences to be printed out ending with the requested
+sequence number.
+.Pp
+The hash algorithm is selected using the
+.Fl t Ar hash
+option, possible choices here are md4, md5 or sha1.
+.Pp
+The
+.Fl p Ar password
+allows the user to specify the
+.Em S/Key
+password on the command line.
+.Pp
+To output the S/Key list in hexadecimal instead of words,
+use the
+.Fl x
+option.
 .Sh EXAMPLES
-.sp 0
-    % skey 99 th91334
-.sp 0
-    Enter secret password: <your secret password is entered here>
-.sp 0
-    OMEN US HORN OMIT BACK AHOY
-.sp 0
-    %
+Initialize generation of one time passwords:
+.Bd -literal -offset indent
+host% skeyinit
+Password: \*[Lt]normal login password\*[Gt]
+[Adding username]
+Enter secret password: \*[Lt]new secret password\*[Gt]
+Again secret password: \*[Lt]new secret password again\*[Gt]
+ID username s/key is 99 host12345
+Next login password: SOME SIX WORDS THAT WERE COMPUTED
+.Ed
+.Pp
+Produce a list of one time passwords to take with to a conference:
+.Bd -literal -offset indent
+host% skey -n 3 99 host12345
+Enter secret password: \*[Lt]secret password as used with skeyinit\*[Gt]
+97: NOSE FOOT RUSH FEAR GREY JUST
+98: YAWN LEO DEED BIND WACK BRAE
+99: SOME SIX WORDS THAT WERE COMPUTED
+.Ed
+.Pp
+Logging in to a host where
+.Nm
+is installed:
+.Bd -literal -offset indent
+host% telnet host
+
+login: \*[Lt]username\*[Gt]
+Password [s/key 97 host12345]:
+.Ed
+.Pp
+Note that the user can use either his/her
+.Em S/Key
+password at the prompt but also the normal one unless the
+.Fl s
+flag is given to
+.Xr login 1 .
 .Sh SEE ALSO
 .Xr login 1 ,
+.Xr skeyaudit 1 ,
 .Xr skeyinfo 1 ,
-.Xr skeyinit 1
+.Xr skeyinit 1 ,
+.Xr ftpd 8
 .Pp
-.Em RFC1938
+.Em RFC 2289
 .Sh TRADEMARKS AND PATENTS
-S/Key is a Trademark of Bellcore.
+.Em S/Key
+is a trademark of
+.Tn Bellcore .
 .Sh AUTHORS
-Phil Karn, Neil M. Haller, John S. Walden, Scott Chasin
+Phil Karn,
+Neil M. Haller,
+John S. Walden,
+Scott Chasin
--- skey-1.1.5.orig/skey.3	1970-01-01 01:00:00.000000000 +0100
+++ skey-1.1.5/skey.3	2008-04-30 14:10:52.000000000 +0100
@@ -0,0 +1,257 @@
+.\"     $NetBSD: skey.3,v 1.9 2008/04/30 13:10:52 martin Exp $
+.\"
+.\" Copyright (c) 2001 The NetBSD Foundation, Inc.
+.\" All rights reserved.
+.\"
+.\" This code is derived from software contributed to The NetBSD Foundation
+.\" by Gregory McGarry.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+.\" POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd November 10, 2001
+.Dt SKEY 3
+.Os
+.Sh NAME
+.Nm skey ,
+.Nm skeychallenge ,
+.Nm skeylookup ,
+.Nm skeygetnext ,
+.Nm skeyverify ,
+.Nm skeyzero ,
+.Nm getskeyprompt ,
+.Nm skey_set_algorithm ,
+.Nm skey_get_algorithm ,
+.Nm skey_haskey ,
+.Nm skey_keyinfo ,
+.Nm skey_passcheck ,
+.Nm skey_authenticate
+.Nd one-time password (OTP) library
+.Sh LIBRARY
+S/key One-Time Password Library (libskey, -lskey)
+.Sh SYNOPSIS
+.In skey.h
+.Ft int
+.Fn skeychallenge "struct skey *mp" "const char *name" "char *ss" \
+"size_t sslen"
+.Ft int
+.Fn skeylookup "struct skey *mp" "const char *name"
+.Ft int
+.Fn skeygetnext "struct skey *mp"
+.Ft int
+.Fn skeyverify "struct skey *mp" "char *response"
+.Ft int
+.Fn skeyzero "struct skey *mp" "char *response"
+.Ft int
+.Fn getskeyprompt "struct skey *mp" "char *name" "char *prompt"
+.Ft const char *
+.Fn skey_set_algorithm "const char *new"
+.Ft const char *
+.Fn skey_get_algorithm "void"
+.Ft int
+.Fn skey_haskey "const char *username"
+.Ft const char *
+.Fn skey_keyinfo "const char *username"
+.Ft int
+.Fn skey_passcheck "const char *username" "char *passwd"
+.Ft int
+.Fn skey_authenticate "const char *username"
+.Ft void
+.Fn f "char *x"
+.Ft int
+.Fn keycrunch "char *result" "const char *seed" "const char *passwd"
+.Ft void
+.Fn rip "char *buf"
+.Ft char *
+.Fn readpass "char *buf " "int n"
+.Ft char *
+.Fn readskey "char *buf" "int n"
+.Ft int
+.Fn atob8 "char *out" "const char *in"
+.Ft int
+.Fn btoa8 "char *out" "const char *in"
+.Ft int
+.Fn htoi "int c"
+.Ft const char *
+.Fn skipspace "const char *cp"
+.Ft void
+.Fn backspace "char *buf"
+.Ft void
+.Fn sevenbit "char *buf"
+.Ft char *
+.Fn btoe "char *engout" "const char *c"
+.Ft int
+.Fn etob "char *out" "const char *e"
+.Ft char *
+.Fn put8 "char *out" "const char *s"
+.Sh DESCRIPTION
+The
+.Nm
+library provides routines for accessing
+.Nx Ns 's
+one-time password (OTP) authentication system.
+.Pp
+Most S/Key operations take a pointer to a
+.Em struct skey ,
+which should be considered as an opaque identifier.
+.Sh FUNCTIONS
+The following high-level functions are available:
+.Bl -tag -width compact
+.It Fn skeychallenge "mp" "name" "ss" "sslen"
+Return a S/Key challenge for user
+.Fa name .
+If successful, the caller's skey structure
+.Fa mp
+is filled and 0 is returned.
+If unsuccessful (e.g. if name is unknown),
+\-1 is returned.
+.It Fn skeylookup "mp" "name"
+Find an entry for user
+.Fa name
+in the one-time password database.
+Returns 0 if the entry is found and 1 if the entry is not found.
+If an error occurs accessing the database, \-1 is returned.
+.It Fn skeygetnext "mp"
+Get the next entry in the one-time password database.
+Returns 0 on success and the entry is stored in
+.Ar mp
+and 1 if no more entries are available.
+If an error occurs accessing the database, \-1 is returned.
+.It Fn skeyverify "mp" "response"
+Verify response
+.Fa response
+to a S/Key challenge.
+Returns 0 if the verification is successful and 1 if the verification failed.
+If an error occurs accessing the database, \-1 is returned.
+.It Fn skeyzero "mp" "response"
+Comment out user's entry in the S/Key database.
+Returns 0 on success and the database is updated,
+otherwise \-1 is returned and the database remains unchanged.
+.It Fn getskeyprompt "mp" "name" "prompt"
+Issue a S/Key challenge for user
+.Ar name .
+If successful, fill in the caller's skey structure
+.Fa mp
+and return 0.
+If unsuccessful (e.g. if name is unknown) \-1 is returned.
+.El
+.Pp
+The following lower-level functions are available:
+.Bl -tag -width compact
+.It Fn skey_set_algorithm "new"
+Set hash algorithm type.
+Valid values for
+.Fa new
+are "md4", "md5" and "sha1".
+.It Fn skey_get_algorithm "void"
+Get current hash type.
+.It Fn skey_haskey "username"
+Returns 0 if the user
+.Fa username
+exists and 1 if the user doesn't exist.
+Returns \-1 on file error.
+.It Fn skey_keyinfo "username"
+Returns the current sequence number and seed for user
+.Ar username .
+.It Fn skey_passcheck "username" "passwd"
+Checks to see if answer is the correct one to the current challenge.
+.It Fn skey_authenticate "username"
+Used when calling program will allow input of the user's response to
+the challenge.
+Returns zero on success or \-1 on failure.
+.El
+.Pp
+The following miscellaneous functions are available:
+.Bl -tag -width compact
+.It Fn f "x"
+One-way function to take 8 bytes pointed to by
+.Fa x
+and return 8 bytes in place.
+.It Fn keycrunch "char *result" "const char *seed" "const char *passwd"
+Crunch a key.
+.It Fn rip "buf"
+Strip trailing CR/LF characters from a line of text
+.Fa buf .
+.It Fn readpass "buf" "n"
+Read in secret passwd (turns off echo).
+.It Fn readskey "buf" "n"
+Read in an s/key OTP (does not turn off echo).
+.It Fn atob8 "out" "in"
+Convert 8-byte hex-ascii string
+.Fa in
+to binary array
+.Fa out .
+Returns 0 on success, \-1 on error.
+.It Fn btoa8 "out" "in"
+Convert 8-byte binary array
+.Fa in
+to hex-ascii string
+.Fa out .
+Returns 0 on success, \-1 on error.
+.It Fn htoi "int c"
+Convert hex digit to binary integer.
+.It Fn skipspace "cp"
+Skip leading spaces from the string
+.Fa cp .
+.It Fn backspace "buf"
+Remove backspaced over characters from the string
+.Fa buf .
+.It Fn sevenbit "buf"
+Ensure line
+.Fa buf
+is all seven bits.
+.It Fn btoe "engout" "c"
+Encode 8 bytes in
+.Ar c
+as a string of English words.
+Returns a pointer to a static buffer in
+.Fa engout .
+.It Fn etob "out" "e"
+Convert English to binary.
+Returns 0 if the word is not in the database, 1 if all good words and
+parity is valid, \-1 if badly formed input (i.e. \*[Gt] 4 char word)
+and -2 if words are valid but parity is wrong.
+.It Fn put8 "out" "s"
+Display 8 bytes
+.Fa s
+as a series of 16-bit hex digits.
+.El
+.Sh FILES
+.Bl -tag -width /usr/lib/libskey_p.a -compact
+.It Pa /usr/lib/libskey.a
+static skey library
+.It Pa /usr/lib/libskey.so
+dynamic skey library
+.It Pa /usr/lib/libskey_p.a
+static skey library compiled for profiling
+.El
+.Sh SEE ALSO
+.Xr skey 1 ,
+.Xr skeyaudit 1 ,
+.Xr skeyinfo 1
+.Sh BUGS
+The
+.Nm
+library functions are not re-entrant or thread-safe.
+.Pp
+The
+.Nm
+library defines many poorly named functions which pollute the name space.
--- skey-1.1.5.orig/skeyaudit.1	2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/skeyaudit.1	2003-11-06 17:46:45.000000000 +0000
@@ -1,46 +1,29 @@
-.\" $OpenBSD: skeyaudit.1,v 1.8 2000/11/09 17:52:38 aaron Exp $
+.\"	$NetBSD: skeyaudit.1,v 1.6 2001/04/09 12:34:14 wiz Exp $
 .\"
-.Dd 22 July 1997
+.Dd June 9, 1994
 .Dt SKEYAUDIT 1
 .Os
 .Sh NAME
 .Nm skeyaudit
 .Nd warn users if their S/Key will soon expire
 .Sh SYNOPSIS
-.Nm skeyaudit
-.Op Fl a
-.Op Fl i
-.Op Fl l Ar limit
+.Nm
+.Op Ar limit
 .Sh DESCRIPTION
 .Nm
 searches through the file
-.Pa /etc/skeykeys
+.Dq Pa /etc/skey/skeykeys
 for users whose S/Key sequence number is less than
 .Ar limit ,
-and mails them a reminder to run
+and sends them a reminder to run
 .Xr skeyinit 1
-soon.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl a
-Check all keys in
-.Pa /etc/skeykeys .
-This option is only available to the superuser and
-is useful to run regularly via
-.Xr cron 8 .
-.It Fl i
-Interactive mode.
-Don't send mail, just print to the standard output.
-.It Fl l Ar limit
-The limit used to determine whether or not a user should be notified.
-The default is to notify if there are fewer than 12 keys left.
-.El
+soon. If no limit is specified a default of 12 is used.
 .Sh FILES
-.Bl -tag -width /etc/skeykeys -compact
-.It Pa /etc/skeykeys
-S/Key key information database
+.Bl -tag -width /etc/skey/skeykeys -compact
+.It Pa /etc/skey/skeykeys
+The S/Key key information database
 .El
 .Sh SEE ALSO
 .Xr skey 1 ,
+.Xr skeyinfo 1 ,
 .Xr skeyinit 1
--- skey-1.1.5.orig/skeyaudit.c	2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/skeyaudit.c	1970-01-01 01:00:00.000000000 +0100
@@ -1,236 +0,0 @@
-/*	$OpenBSD: skeyaudit.c,v 1.10 2000/09/20 21:53:49 pjanzen Exp $	*/
-
-/*
- * Copyright (c) 1997, 2000 Todd C. Miller <Todd.Miller@courtesan.com>
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. The name of the author may not be used to endorse or promote products
- *    derived from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL
- * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
- * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include <errno.h>
-/*#include <limits.h>*/
-#include <pwd.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <netdb.h>
-#include "config.h"
-#ifdef HAVE_ERR_H
-#include <err.h>
-#else
-#include "err.h"
-#endif
-#include "skey.h"
-
-#include <sys/types.h>
-#include <sys/param.h>
-#include <sys/wait.h>
-
-#ifdef HAVE_LOGIN_CAP_H
-#   include <login_cap.h>
-#else
-#   include "login_cap.h"
-#endif
-
-char *__progname;
-
-void notify __P((struct passwd *, int, int));
-FILE *runsendmail __P((struct passwd *, int *));
-void usage __P((void));
-
-int
-main(argc, argv)
-	int argc;
-	char **argv;
-{
-	struct passwd *pw;
-	struct skey key;
-	int ch, errs = 0, left = 0, aflag = 0, iflag = 0, limit = 12;
-	char *name;
-
-	__progname = argv[0];
-
-	if (geteuid() != 0)
-		errx(1, "must be setuid root");
-
-	while ((ch = getopt(argc, argv, "ail:")) != -1)
-		switch(ch) {
-		case 'a':
-			aflag = 1;
-			if (getuid() != 0)
-				errx(1, "only root may use the -a flag");
-			break;
-		case 'i':
-			iflag = 1;
-			break;
-		case 'l':
-			errno = 0;
-			if ((limit = (int)strtol(optarg, NULL, 10)) == 0)
-				errno = ERANGE;
-			if (errno) {
-				warn("key limit");
-				usage();
-			}
-			break;
-		default:
-			usage();
-	}
-
-	if (argc - optind > 0)
-		usage();
-
-	/* Need key.keyfile zero'd at the very least */
-	(void)memset(&key, 0, sizeof(key));
-
-	if (aflag) {
-		while ((ch = skeygetnext(&key)) == 0) {
-			left = key.n - 1;
-			if ((pw = getpwnam(key.logname)) == NULL)
-				continue;
-			if (left >= limit)
-				continue;
-			notify(pw, left, iflag);
-		}
-		if (ch == -1)
-			errx(-1, "cannot open %s", SKEYKEYS);
-		else
-			(void)fclose(key.keyfile);
-	} else {
-		if ((pw = getpwuid(getuid())) == NULL)
-			errx(1, "no passwd entry for uid %u", getuid());
-		if ((name = strdup(pw->pw_name)) == NULL)
-			err(1, "cannot allocate memory");
-		sevenbit(name);
-
-		errs = skeylookup(&key, name);
-		switch (errs) {
-			case 0:		/* Success! */
-				left = key.n - 1;
-				break;
-			case -1:	/* File error */
-				errx(errs, "cannot open %s", SKEYKEYS);
-				break;
-			case 1:		/* Unknown user */
-				warnx("%s is not listed in %s", name,
-				    SKEYKEYS);
-		}
-		(void)fclose(key.keyfile);
-
-		if (!errs && left < limit)
-			notify(pw, left, iflag);
-	}
-		
-	exit(errs);
-}
-
-void
-notify(pw, seq, interactive)
-	struct passwd *pw;
-	int seq;
-	int interactive;
-{
-	static char hostname[MAXHOSTNAMELEN];
-	int pid;
-	FILE *out;
-
-	/* Only set this once */
-	if (hostname[0] == '\0' && gethostname(hostname, sizeof(hostname)) == -1)
-		strcpy(hostname, "unknown");
-
-	if (interactive)
-		out = stdout;
-	else
-		out = runsendmail(pw, &pid);
-
-	if (!interactive)
-		(void)fprintf(out,
-		   "To: %s\nSubject: IMPORTANT action required\n", pw->pw_name);
-
-	if (seq)
-		(void)fprintf(out,
-"\nYou are nearing the end of your current S/Key sequence for account\n\
-%s on system %s.\n\n\
-Your S/Key sequence number is now %d.  When it reaches zero\n\
-you will no longer be able to use S/Key to log into the system.\n\n",
-pw->pw_name, hostname, seq);
-	else
-		(void)fprintf(out,
-"\nYou are at the end of your current S/Key sequence for account\n\
-%s on system %s.\n\n\
-At this point you can no longer use S/Key to log into the system.\n\n",
-pw->pw_name, hostname);
-	(void)fprintf(out,
-"Type \"skeyinit -s\" to reinitialize your sequence number.\n\n");
-
-	(void)fclose(out);
-	if (!interactive)
-		(void)waitpid(pid, NULL, 0);
-}
-
-FILE *
-runsendmail(pw, pidp)
-	struct passwd *pw;
-	int *pidp;
-{
-	FILE *fp;
-	int pfd[2], pid;
-
-	if (pipe(pfd) < 0)
-		return(NULL);
-
-	switch (pid = fork()) {
-	case -1:			/* fork(2) failed */
-		(void)close(pfd[0]);
-		(void)close(pfd[1]);
-		return(NULL);
-	case 0:				/* In child */
-		(void)close(pfd[1]);
-		(void)dup2(pfd[0], STDIN_FILENO);
-		(void)close(pfd[0]);
-
-		/* Run sendmail as target user not root */
-		if (setusercontext(NULL, pw, pw->pw_uid, LOGIN_SETALL) != 0) {
-			warn("cannot set user context");
-			_exit(127);
-		}
-
-		execl(SENDMAIL, "sendmail", "-t", NULL);
-		warn("cannot run \"%s -t\"", SENDMAIL);
-		_exit(127);
-	}
-
-	/* In parent */
-	*pidp = pid;
-	fp = fdopen(pfd[1], "w");
-	(void)close(pfd[0]);
-
-	return(fp);
-}
-void
-usage()
-{
-	(void)fprintf(stderr, "Usage: %s [-i] [-l limit]\n",
-	    __progname);
-	exit(1);
-}
--- skey-1.1.5.orig/skeyaudit.sh	1970-01-01 01:00:00.000000000 +0100
+++ skey-1.1.5/skeyaudit.sh	2003-11-06 17:46:45.000000000 +0000
@@ -0,0 +1,58 @@
+#!/bin/sh
+#
+#	$NetBSD: skeyaudit.sh,v 1.2.12.2 2000/07/28 12:42:59 mjl Exp $
+#
+# This script will look thru the skeykeys file for
+# people with sequence numbers less than LOWLIMIT=12
+# and send them an e-mail reminder to use skeyinit soon
+# 
+
+KEYDB=/etc/skey/skeykeys
+LOWLIMIT=12
+ADMIN=root
+SUBJECT="Reminder: Run skeyinit"
+HOST=`/bin/hostname`
+
+
+if [ "$1" != "" ]
+then
+ LOWLIMIT=$1
+fi
+
+if [ ! -s "${KEYDB}" ]; then
+  exit 0
+fi
+
+# an skeykeys entry looks like
+#   jsw 0076 la13079          ba20a75528de9d3a
+#   #oot md5 0005 aspa26398        9432d570ff4421f0  Jul 07,2000 01:36:43
+#   mjl sha1 0099 alpha2           459a5dac23d20a90  Jul 07,2000 02:14:17
+# the sequence number is the second (or third) entry
+#
+
+SKEYS=`awk '/^#/ {next} {if($2 ~ /^[0-9]+$/) print $1,$2,$3; else print $1,$3,$4; }' $KEYDB`
+
+set -- ${SKEYS}
+
+while [ "X$1" != "X" ]; do
+  USER=$1
+  SEQ=$2
+  KEY=$3
+  shift 3
+  # echo "$USER -- $SEQ -- $KEY"
+  if [ $SEQ -lt $LOWLIMIT ]; then
+    if [ $SEQ -lt  3 ]; then
+      SUBJECT="IMPORTANT action required"
+    fi
+    (
+    echo "You are nearing the end of your current S/Key sequence for account $i"
+    echo "on system $HOST."
+    echo ""
+    echo "Your S/key sequence number is now $SEQ.  When it reaches zero you"
+    echo "will no longer be able to use S/Key to login into the system.  "
+    echo " "
+    echo "Use \"skeyinit -s\" to reinitialize your sequence number."
+    echo ""
+    ) | mail -s "$SUBJECT"  $USER $ADMIN
+  fi
+done
--- skey-1.1.5.orig/skey.c	2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/skey.c	2003-11-06 17:46:45.000000000 +0000
@@ -25,6 +25,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
+#include <ctype.h>
 #include "config.h"
 
 #ifdef HAVE_ERR_H
@@ -35,102 +36,93 @@
 
 #include "skey.h"
 
-void    usage __P((char *));
+int		main(int, char **);
+void	usage(char *);
 
 int
-main(argc, argv)
-	int	argc;
-	char	*argv[];
+main(int	argc, char	**argv)
 {
-	int     n, i, cnt = 1, pass = 0, hexmode = 0;
-	char    passwd[SKEY_MAX_PW_LEN+1], key[SKEY_BINKEY_SIZE];
-	char	buf[33], *seed, *slash;
-
-	/* If we were called as otp-METHOD, set algorithm based on that */
-	if ((slash = strrchr(argv[0], '/')))
-	    slash++;
-	else
-	    slash = argv[0];
-	if (strncmp(slash, "otp-", 4) == 0) {
-		slash += 4;
-		if (skey_set_algorithm(slash) == NULL)
-			errx(1, "Unknown hash algorithm %s", slash);
-	}
-
-	for (i = 1; i < argc && argv[i][0] == '-' && strcmp(argv[i], "--");) {
-		if (argv[i][2] == '\0') {
-			/* Single character switch */
-			switch (argv[i][1]) {
+	int		n, cnt = 1, i, pass = 0, hexmode = 0;
+	char	passwd[SKEY_MAX_PW_LEN+1], key[SKEY_BINKEY_SIZE];
+	char	buf[33], *seed, *slash, *t;
+
+	while ((i = getopt(argc, argv, "fn:p:t:x")) != -1) {
+		switch(i) {
+			case 'f':
+				break; /* unused */
 			case 'n':
-				if (i + 1 == argc)
-					usage(argv[0]);
-				cnt = atoi(argv[++i]);
+				cnt = atoi(optarg);
 				break;
 			case 'p':
-				if (i + 1 == argc)
-					usage(argv[0]);
-				if (strlcpy(passwd, argv[++i], sizeof(passwd)) >=
-				    sizeof(passwd))
-					errx(1, "Password too long");
+				if (strncpy(passwd, optarg, sizeof(passwd)) == NULL)
+						errx(1, "Password too long");
 				pass = 1;
 				break;
+			case 't':
+				if (skey_set_algorithm(optarg) == NULL)
+					errx(1, "Unknown hash algorithm %s", optarg);
+				break;
 			case 'x':
 				hexmode = 1;
 				break;
 			default:
 				usage(argv[0]);
-			}
-		} else {
-			/* Multi character switches are hash types */
-			if (skey_set_algorithm(&argv[i][1]) == NULL) {
-				warnx("Unknown hash algorithm %s", &argv[i][1]);
-				usage(argv[0]);
-			}
+				break;
 		}
-		i++;
 	}
 
-	if (argc > i + 2)
-		usage(argv[0]);
-
-	/* Could be in the form <number>/<seed> */
-	if (argc <= i + 1) {
+	/* could be in the form <number>/<seed> */
+	if (argc <= optind + 1) {
 		/* look for / in it */
-		if (argc <= i)
+		if (argc <= optind)
 			usage(argv[0]);
-		slash = strchr(argv[i], '/');
+		slash = strchr(argv[optind], '/');
 		if (slash == NULL)
 			usage(argv[0]);
 		*slash++ = '\0';
 		seed = slash;
 
-		if ((n = atoi(argv[i])) < 0) {
-			warnx("%d not positive", n);
+		if ((n = atoi(argv[optind])) < 0) {
+			fprintf(stderr, "%s is not positive\n", argv[optind]);
 			usage(argv[0]);
 		} else if (n > SKEY_MAX_SEQ) {
 			warnx("%d is larger than max (%d)", n, SKEY_MAX_SEQ);
 			usage(argv[0]);
 		}
 	} else {
-		if ((n = atoi(argv[i])) < 0) {
-			warnx("%d not positive", n);
+		if ((n = atoi(argv[optind])) < 0) {
+			fprintf(stderr, "%s not positive\n", argv[optind]);
 			usage(argv[0]);
 		} else if (n > SKEY_MAX_SEQ) {
 			warnx("%d is larger than max (%d)", n, SKEY_MAX_SEQ);
 			usage(argv[0]);
 		}
-		seed = argv[++i];
+		seed = argv[++optind];
+	}
+
+	for (t = seed; *t; t++) {
+		if (!isalnum(*t))
+			errx(1, "seed must be alphanumeric");
 	}
 
+	if (!*seed || strlen(seed) > SKEY_MAX_SEED_LEN)
+		errx(1, "seed must be between 1 and %d long", SKEY_MAX_SEED_LEN);
+
 	/* Get user's secret password */
 	if (!pass) {
-		(void)fputs("Reminder - Do not use this program while logged in via telnet or rlogin.\n", stderr);
-		(void)fputs("Enter secret password: ", stderr);
+		fputs("Reminder - Do not use this program while "
+					"logged in via telnet or rlogin.\n", stderr);
+		fprintf(stderr, "Enter secret password: ");
 		readpass(passwd, sizeof(passwd));
 		if (passwd[0] == '\0') 
 			exit(1);
 	}
 
+	if (strlen(passwd) < SKEY_MIN_PW_LEN)
+		warnx(
+	"RFC2289 states that password should be at least %d characters long",
+	SKEY_MIN_PW_LEN);
+
 	/* Crunch seed and password into starting key */
 	if (keycrunch(key, seed, passwd) != 0)
 		errx(1, "key crunch failed");
@@ -138,16 +130,15 @@
 	if (cnt == 1) {
 		while (n-- != 0)
 			f(key);
-		(void)puts(hexmode ? put8(buf, key) : btoe(buf, key));
+			puts(hexmode ? put8(buf, key) : btoe(buf, key));
 	} else {
 		for (i = 0; i <= n - cnt; i++)
 			f(key);
 		for (; i <= n; i++) {
+			printf("%3d: %-29s", i, btoe(buf, key));
 			if (hexmode)
-				(void)printf("%d: %-29s  %s\n", i,
-				    btoe(buf, key), put8(buf, key));
-			else
-				(void)printf("%d: %-29s\n", i, btoe(buf, key));
+				printf("\t%s", put8(buf, key));
+			puts("");
 			f(key);
 		}
 	}
@@ -155,9 +146,10 @@
 }
 
 void
-usage(s)
-	char   *s;
+usage(char *s)
 {
-	(void)fprintf(stderr, "Usage: %s [-x] [-md4|-md5|-sha1|-rmd160] [-n count] [-p password] <sequence#>[/] key\n", s);
+	fprintf(stderr, 
+"Usage: %s [-n count] [-p password] [-t hash] [-x] sequence# [/] key\n",
+	s);
 	exit(1);
 }
--- skey-1.1.5.orig/skey.h	2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/skey.h	2003-11-06 17:46:45.000000000 +0000
@@ -38,17 +38,17 @@
 #define SKEY_MAX_SEQ		10000
 #endif
 
-/* Minimum secret password length (rfc1938) */
+/* Minimum secret password length (rfc2289) */
 #ifndef SKEY_MIN_PW_LEN
 #define SKEY_MIN_PW_LEN		10
 #endif
 
-/* Max secret password length (rfc1938 says 63 but allows more) */
+/* Max secret password length (rfc2289 says 63 but allows more) */
 #ifndef SKEY_MAX_PW_LEN
 #define SKEY_MAX_PW_LEN		255
 #endif
 
-/* Max length of an S/Key seed (rfc1938) */
+/* Max length of an S/Key seed (rfc2289) */
 #ifndef SKEY_MAX_SEED_LEN
 #define SKEY_MAX_SEED_LEN	16
 #endif
@@ -68,29 +68,29 @@
 #define _SKEY_RAND_FILE_PATH_	"/var/db/host.random"
 
 /* Prototypes */
-void f(char *x);
-int keycrunch(char *result, char *seed, char *passwd);
-char *btoe(char *engout, char *c);
-char *put8(char *out, char *s);
-int etob(char *out, char *e);
-void rip(char *buf);
-int skeychallenge(struct skey * mp, char *name, char *ss);
-int skeylookup (struct skey * mp, char *name);
-int skeyverify (struct skey * mp, char *response);
-int skeyzero (struct skey * mp, char *response);
-void sevenbit (char *s);
-void backspace (char *s);
-char *skipspace (char *s);
-char *readpass (char *buf, int n);
-char *readskey (char *buf, int n);
-int skey_authenticate (char *username);
-int skey_passcheck (char *username, char *passwd);
-char *skey_keyinfo (char *username);
-int skey_haskey (char *username);
-int getskeyprompt (struct skey *mp, char *name, char *prompt);
-int atob8 (char *out, char *in);
-int btoa8 (char *out, char *in);
-int htoi (int c);
-const char *skey_get_algorithm (void);
-char *skey_set_algorithm (char *new);
-int skeygetnext (struct skey *mp);
+void f __P ((char *));
+int keycrunch __P ((char *, const char *, const char *));
+char *btoe __P ((char *, const char *));
+char *put8 __P ((char *, const char *));
+int etob __P ((char *, const char *));
+void rip __P ((char *));
+int skeychallenge __P ((struct skey *, const char *, char *, size_t));
+int skeylookup __P ((struct skey *, const char *));
+int skeyverify __P ((struct skey *, char *));
+void sevenbit __P ((char *));
+void backspace __P ((char *));
+const char *skipspace __P ((const char *));
+char *readpass __P ((char *, int));
+char *readskey __P ((char *, int));
+int skey_authenticate __P ((const char *));
+int skey_passcheck __P ((const char *, char *));
+const char *skey_keyinfo __P ((const char *));
+int skey_haskey __P ((const char *));
+int getskeyprompt __P ((struct skey *, char *, char *));
+int atob8 __P((char *, const char *));
+int btoa8 __P((char *, const char *));
+int htoi __P((int));
+const char *skey_get_algorithm __P((void));
+const char *skey_set_algorithm __P((const char *));
+int skeygetnext __P((struct skey *));
+int skeyzero __P((struct skey *, char *));
--- skey-1.1.5.orig/skeyinfo.1	2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/skeyinfo.1	2003-11-06 17:46:45.000000000 +0000
@@ -1,30 +1,19 @@
-.\" $OpenBSD: skeyinfo.1,v 1.3 2000/03/11 21:40:02 aaron Exp $
+.\"	$NetBSD: skeyinfo.1,v 1.5 2001/04/09 12:34:44 wiz Exp $
 .\"
-.Dd 22 July 1997
+.Dd June 9, 1994
 .Dt SKEYINFO 1
 .Os
 .Sh NAME
 .Nm skeyinfo
 .Nd obtain the next S/Key challenge for a user
 .Sh SYNOPSIS
-.Nm skeyinfo
-.Op Fl v
+.Nm
 .Op Ar user
 .Sh DESCRIPTION
 .Nm
 prints out the next S/Key challenge for the specified user or for the
 current user if no user is specified.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl v
-Print the hash algorithm as well.
-.El
-.Sh EXAMPLES
-% skey -n <number of passwords to print> `skeyinfo` | lpr
-.Pp
-This would print out a list of S/Key passwords for use over
-an untrusted network (perhaps for use at a conference).
 .Sh SEE ALSO
 .Xr skey 1 ,
+.Xr skeyaudit 1 ,
 .Xr skeyinit 1
--- skey-1.1.5.orig/skeyinfo.c	2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/skeyinfo.c	2012-01-05 11:24:15.000000000 +0000
@@ -1,9 +1,12 @@
-/*    $OpenBSD: skeyinfo.c,v 1.6 2001/02/05 16:58:11 millert Exp $    */
+/*	$NetBSD: skeyinfo.c,v 1.5 2008/04/28 20:24:15 martin Exp $	*/
 
-/*
- * Copyright (c) 1997 Todd C. Miller <Todd.Miller@courtesan.com>
+/*-
+ * Copyright (c) 1997 The NetBSD Foundation, Inc.
  * All rights reserved.
  *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Andrew Brown.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -12,104 +15,72 @@
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
- * 3. The name of the author may not be used to endorse or promote products
- *    derived from this software without specific prior written permission.
  *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL
- * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
- * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
  */
 
-/*#include <limits.h>*/
-#include <pwd.h>
 #include <stdio.h>
-#include <stdlib.h>
+#include <pwd.h>
+#include <err.h>
 #include <string.h>
 #include <unistd.h>
-#include "config.h"
-#include "skey.h"
-/*#include "defines.h"*/
 
-char *__progname;
+#include "skey.h"
 
-void usage(void);
+int main __P((int, char *[]));
 
-int
-main(argc, argv)
-	int argc;
-	char **argv;
+int main(int argc, char **argv)
 {
-	struct passwd *pw;
-	struct skey key;
-	char *name = NULL;
-	int error, ch, verbose = 0;
-
- 	__progname=argv[0];
-
-	if (geteuid() != 0)
-		errx(1, "must be setuid root");
-
-	while ((ch = getopt(argc, argv, "v")) != -1)
-		switch(ch) {
-		case 'v':
-			verbose = 1;
-			break;
-		default:
-			usage();
+	struct skey     skey;
+	char            name[100], prompt[1024];
+	int             uid;
+	struct passwd  *pw = NULL;
+
+	argc--;
+	argv++;
+
+	if (geteuid())
+		errx(1, "must be root to read %s", SKEYKEYS);
+
+	uid = getuid();
+
+	if (!argc)
+		pw = getpwuid(uid);
+	else if (!uid)
+		pw = getpwnam(argv[0]);
+	else
+		errx(1, "permission denied to look other users skeys");
+
+	if (!pw) {
+		if (argc)
+			errx(1, "%s: no such user", argv[0]);
+		else
+			errx(1, "who are you?");
 	}
-	argc -= optind;
-	argv += optind;
 
-	if (argc == 1)
-		name = argv[0];
-	else if (argc > 1)
-		usage();
-
-	if (name && getuid() != 0)
-		errx(1, "only root may specify an alternate user");
-
-	if (name) {
-		if (strlen(name) > PASS_MAX)
-			errx(1, "username too long (%d chars max)", PASS_MAX);
-		if ((pw = getpwnam(name)) == NULL)
-			errx(1, "no passwd entry for %s", name);
-	} else {
-		if ((pw = getpwuid(getuid())) == NULL)
-			errx(1, "no passwd entry for uid %u", getuid());
-	}
+	strncpy(name, pw->pw_name, sizeof(name));
 
-	if ((name = strdup(pw->pw_name)) == NULL)
-		err(1, "cannot allocate memory");
-	sevenbit(name);
-
-	error = skeylookup(&key, name);
-	switch (error) {
-		case 0:		/* Success! */
-			if (verbose)
-				(void)printf("otp-%s ", skey_get_algorithm());
-			(void)printf("%d %s\n", key.n - 1, key.seed);
-			break;
-		case -1:	/* File error */
-			warnx("cannot open %s", SKEYKEYS);
-			break;
-		case 1:		/* Unknown user */
-			warnx("%s is not listed in %s", name, SKEYKEYS);
+	if (getskeyprompt(&skey, name, prompt) == -1) {
+		printf("%s %s no s/key\n",
+		       argc ? name : "You",
+		       argc ? "has" : "have");
 	}
-	(void)fclose(key.keyfile);
-
-	exit(error);
-}
-
-void
-usage()
-{
-	(void)fprintf(stderr, "Usage: %s [-v] [user]\n", __progname);
-	exit(1);
+	else {
+		if (argc)
+			printf("%s's ", pw->pw_name);
+		else
+			printf("Your ");
+		printf("next %s", prompt);
+	}
+	return 0;
 }
--- skey-1.1.5.orig/skeyinit.1	2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/skeyinit.1	2003-11-06 17:46:45.000000000 +0000
@@ -1,22 +1,18 @@
-.\"	$OpenBSD: skeyinit.1,v 1.19 2000/11/09 17:52:39 aaron Exp $
-.\"	$NetBSD: skeyinit.1,v 1.4 1995/07/07 22:24:09 jtc Exp $
+.\"	$NetBSD: skeyinit.1,v 1.11 2001/04/09 12:35:00 wiz Exp $
 .\"	@(#)skeyinit.1	1.1 	10/28/93
 .\"
-.Dd February 24, 1998
+.Dd June 7, 2000
 .Dt SKEYINIT 1
 .Os
 .Sh NAME
 .Nm skeyinit
 .Nd change password or add user to S/Key authentication system
 .Sh SYNOPSIS
-.Nm skeyinit
+.Nm
+.Op Fl n Ar count
 .Op Fl s
+.Op Fl t Ar hash
 .Op Fl z
-.Op Fl n Ar count
-.Oo
-.Fl md4 | Fl md5 | Fl sha1 |
-.Fl rmd160
-.Oc
 .Op Ar user
 .Sh DESCRIPTION
 .Nm
@@ -30,52 +26,17 @@
 .Nm
 requires you to type a secret password, so it should be used
 only on a secure terminal.
-For example, on the console of a
-workstation or over an encrypted network session.
-If you are using
-.Nm
-while logged in over an untrusted network, follow the instructions
-given below with the
-.Fl s
-option.
-.Pp
-Before initializing an S/Key entry, the user must authenticate
-using either a standard password or an S/Key challenge.
-When used over an untrusted network, a password of
-.Sq s/key
-should be used.
-The user will then be presented with the standard
-S/Key challenge and allowed to proceed if it is correct.
-.Pp
-The options are as follows:
+.Sh OPTIONS
 .Bl -tag -width Ds
-.It Fl x
-Displays pass phrase in hexadecimal instead of ASCII.
 .It Fl s
-Set secure mode where the user is expected to have used a secure
-machine to generate the first one-time password.
-Without the
-.Fl s
-option the system will assume you are directly connected over secure
-communications and prompt you for your secret password.
-The
-.Fl s
-option also allows one to set the seed and count for complete
-control of the parameters.
-You can use
-.Ic skeyinit -s
-in combination with the
-.Nm skey
-command to set the seed and count if you do not like the defaults.
-To do this run
-.Nm
-in one window and put in your count and seed, then run
-.Nm skey
-in another window to generate the correct 6 English words for that
-count and seed.
-You can then "cut-and-paste" or type the words into the
-.Nm
-window.
+allows the user to set the seed and count for complete control
+of the parameters.
+To do this run skeyinit in one window and put in your count and seed;
+then run
+.Xr skey 1
+in another window to generate the correct 6 english words
+for that count and seed.
+You can then "cut-and-paste" or type the words into the skeyinit window.
 .It Fl z
 Allows the user to zero their S/Key entry.
 .It Fl n Ar count
@@ -84,30 +45,22 @@
 sequence at
 .Ar count
 (default is 100).
-.It Fl md4
-Selects MD4 as the hash algorithm.
-.It Fl md5
-Selects MD5 as the hash algorithm.
-.It Fl sha1
-Selects SHA (NIST Secure Hash Algorithm Revision 1) as the hash algorithm.
-.It Fl rmd160
-Selects RMD-160 (160 bit Ripe Message Digest) as the hash algorithm.
+.It Fl t Ar hash
+Selects the hash algorithm to use.
+Available choices are md4 (the default), md5 or sha1.
 .It Ar user
 The username to be changed/added.
-By default the current user is operated on.
+By default the current user is operated on, only root may
+change other user's entries.
 .El
-.Sh ERRORS
-.Bl -tag -width "skey disabled"
-.It skey disabled
-.Pa /etc/skeykeys
-does not exist.
-It must be created by the superuser in order to use
-.Nm skeyinit .
 .Sh FILES
-.Bl -tag -width /etc/skeykeys
-.It Pa /etc/skeykeys
-database of information for S/Key system
+.Bl -tag -width /etc/skey/skeykeys
+.It Pa /etc/skey/skeykeys
+data base of information for S/Key system.
+.El
 .Sh SEE ALSO
-.Xr skey 1
+.Xr skey 1 ,
+.Xr skeyaudit 1 ,
+.Xr skeyinfo 1
 .Sh AUTHORS
 Phil Karn, Neil M. Haller, John S. Walden, Scott Chasin
--- skey-1.1.5.orig/skeyinit.c	2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/skeyinit.c	2003-11-06 17:46:45.000000000 +0000
@@ -43,6 +43,18 @@
 
 #include <netdb.h>
 
+#ifdef HAVE_SHADOW_H
+#include <shadow.h>
+#endif
+
+#ifdef HAVE_CRACK_H
+#include <crack.h>
+#ifndef CRACKLIB_DICTPATH
+#define CRACKLIB_DICTPATH "/usr/lib/cracklib_dict"
+#endif
+#endif
+
+#include "err.h"
 #include "skey.h"
 
 
@@ -50,62 +62,80 @@
 #define SKEY_NAMELEN    4
 #endif
 
-void	usage __P((char *));
+int	main __P((int, char **));
 
-int
-main(argc, argv)
-	int     argc;
-	char   *argv[];
+int main(int argc, char **argv)
 {
-	int     rval, nn, i, l, n=0, defaultsetup=1, zerokey=0, hexmode=0;
+	int     rval, nn, i, l, n=0, defaultsetup=1, c, zerokey=0, hexmode=0;
 	time_t  now;
-	struct utmp old_ut;
-
-#ifndef UT_LINESIZE
-#  define UT_LINESIZE (sizeof(old_ut.ut_line))
-#  define UT_NAMESIZE (sizeof(old_ut.ut_name))
-#  define UT_HOSTSIZE (sizeof(old_ut.ut_host))
-# endif
-
-	char	hostname[MAXHOSTNAMELEN];
+	char	hostname[MAXHOSTNAMELEN+1];
+	char	seed[SKEY_MAX_PW_LEN+2], key[SKEY_BINKEY_SIZE];
+	char	defaultseed[SKEY_MAX_SEED_LEN+1];
 	char    passwd[SKEY_MAX_PW_LEN+2], passwd2[SKEY_MAX_PW_LEN+2];
-	char	seed[SKEY_MAX_SEED_LEN+2], defaultseed[SKEY_MAX_SEED_LEN+1];
-	char    tbuf[27], buf[80], key[SKEY_BINKEY_SIZE];
-	char    lastc, me[UT_NAMESIZE+1], *salt, *p, *pw, *ht=NULL;
-	struct skey skey;
-	struct passwd *pp;
-	struct tm *tm;
+	char    tbuf[27], buf[80];
+	char    lastc, me[LOGIN_NAME_MAX+1], *p, *pw, *ht=NULL, *msg;
+	const 	char *salt;
+	struct	skey skey;
+	struct	passwd *pp;
+	struct	tm *tm;
+#ifdef HAVE_SHADOW_H
+	struct	spwd *sp;
+#endif
+
+	i = open(_PATH_DEVNULL, O_RDWR);
+	while (i >= 0 && i < 2)
+		i = dup(i);
+	if (i > 2)
+		close(i);
 
 	if (geteuid() != 0)
 		errx(1, "must be setuid root.");
 
 	if (gethostname(hostname, sizeof(hostname)) < 0)
-		err(1, "gethostname");
-	for (i = 0, p = defaultseed; hostname[i] && i < SKEY_NAMELEN; i++) {
-		if (isalpha(hostname[i])) {
-			if (isupper(hostname[i]))
-				hostname[i] = tolower(hostname[i]);
-			*p++ = hostname[i];
-		} else if (isdigit(hostname[i]))
-			*p++ = hostname[i];
+		err(1, "gethostname() error");
+
+	for (i = 0, l = 0; l < sizeof(defaultseed); i++) {
+		if (hostname[i] == '\0') {
+			defaultseed[l] = hostname[i];
+			break;
+		}
+		if (isalnum(hostname[i]))
+			defaultseed[l++] = hostname[i];
 	}
-	*p = '\0';
-	(void)time(&now);
-	(void)sprintf(tbuf, "%05ld", (long) (now % 100000));
-	(void)strncat(defaultseed, tbuf, sizeof(defaultseed) - 5);
+
+	defaultseed[SKEY_NAMELEN] = '\0';
+	time(&now);
+	snprintf(tbuf, sizeof(tbuf), "%05ld", (long) (now % 100000));
+	strncat(defaultseed, tbuf, sizeof(defaultseed));
 
 	if ((pp = getpwuid(getuid())) == NULL)
-		err(1, "no user with uid %d", getuid());
-	(void)strcpy(me, pp->pw_name);
+		err(1, "no user with uid %ld", (u_long)getuid());
+	strncpy(me, pp->pw_name, sizeof(me));
 
 	if ((pp = getpwnam(me)) == NULL)
-		err(1, "Who are you?");
+		err(1, "getpwnam() returned NULL, Who are you?");
+#ifdef HAVE_SHADOW_H
+	/* hacking in shadow support... */
+	else if (strcmp(pp->pw_passwd, "x") == 0) {
+		if ((sp = getspnam(me)) == NULL)
+		      err(1, "Unable to verify Password");
+		pp->pw_passwd = sp->sp_pwdp;
+	}
+#endif
 	salt = pp->pw_passwd;
 
-	for (i = 1; i < argc && argv[i][0] == '-' && strcmp(argv[i], "--");) {
-		if (argv[i][2] == '\0') {
-			/* Single character switch */
-			switch (argv[i][1]) {
+	while((c = getopt(argc, argv, "n:t:sxz")) != -1) {
+		switch(c) {
+			case 'n':
+				n = atoi(optarg);
+				if (n < 1 || n > SKEY_MAX_SEQ)
+					errx(1, "count must be between 1 and %d", SKEY_MAX_SEQ);
+				break;
+			case 't':
+				if(skey_set_algorithm(optarg) == NULL)
+					errx(1, "Unknown hash algorithm %s", optarg);
+				ht = optarg;
+				break;
 			case 's':
 				defaultsetup = 0;
 				break;
@@ -115,105 +145,51 @@
 			case 'z':
 				zerokey = 1;
 				break;
-			case 'n':
-				if (argv[++i] == NULL || argv[i][0] == '\0')
-					usage(argv[0]);
-				if ((n = atoi(argv[i])) < 1 || n >= SKEY_MAX_SEQ)
-					errx(1, "count must be > 0 and < %d",
-					     SKEY_MAX_SEQ);
-				break;
 			default:
-				usage(argv[0]);
-			}
-		} else {
-			/* Multi character switches are hash types */
-			if ((ht = skey_set_algorithm(&argv[i][1])) == NULL) {
-				warnx("Unknown hash algorithm %s", &argv[i][1]);
-				usage(argv[0]);
+				errx(1, "Usage: %s [-n count] [-t md4|md5|sha1] [-s] [-x] [-z] [user]", argv[0]);
 			}
 		}
-		i++;
-	}
+		
+		if (argc > optind) {
+			pp = getpwnam(argv[optind]);
+			if (pp == NULL)
+				errx(1, "User %s unknown", argv[optind]);
+		}
 
-	/* check for optional user string */
-	if (argc - i  > 1) {
-		usage(argv[0]);
-	} else if (argv[i]) {
-		if ((pp = getpwnam(argv[i])) == NULL) {
-			if (getuid() == 0) {
-				static struct passwd _pp;
-
-				_pp.pw_name = argv[i];
-				pp = &_pp;
-				warnx("Warning, user unknown: %s", argv[i]);
-			} else {
-				errx(1, "User unknown: %s", argv[i]);
-			}
-		} else if (strcmp(pp->pw_name, me) != 0) {
+		if (strcmp(pp->pw_name, me) != 0) {
 			if (getuid() != 0) {
 				/* Only root can change other's passwds */
 				errx(1, "Permission denied.");
 			}
 		}
-	}
 
 	if (getuid() != 0) {
-		pw = getpass("Password (or `s/key'):");
-		if (strcasecmp(pw, "s/key") == 0) {
-			if (skey_haskey(me))
-				exit(1);
-			if (skey_authenticate(me))
-				errx(1, "Password incorrect.");
-		} else {
-			p = crypt(pw, salt);
-			if (strcmp(p, pp->pw_passwd))
-				errx(1, "Password incorrect.");
-		}
+		pw = getpass("Password: ");
+		p = crypt(pw, salt);
+		if (strcmp(p, pp->pw_passwd))
+			errx(1, "Password incorrect.");
 	}
 
 	rval = skeylookup(&skey, pp->pw_name);
 	switch (rval) {
 		case -1:
-			if (errno == ENOENT)
-				errx(1, "S/Key disabled");
-			else
-				err(1, "cannot open database");
-			break;
+			err(1, "cannot open database");
 		case 0:
-			/* comment out user if asked to */
 			if (zerokey)
-				exit(skeyzero(&skey, pp->pw_name));
+				exit (skeyzero(&skey, pp->pw_name));
+			printf("[Updating %s]\n", pp->pw_name);
+			printf("Old key: [%s] %s\n", skey_get_algorithm(), skey.seed);
 
-			(void)printf("[Updating %s]\n", pp->pw_name);
-			(void)printf("Old key: [%s] %s\n", skey_get_algorithm(),
-				     skey.seed);
-
-			/*
-			 * Sanity check old seed.
-			 */
 			l = strlen(skey.seed);
-			for (p = skey.seed; *p; p++) {
-				if (isalpha(*p)) {
-					if (isupper(*p))
-						*p = tolower(*p);
-				} else if (!isdigit(*p)) {
-					memmove(p, p + 1, l - (p - skey.seed));
-					l--;
-				}
-			}
-
-			/*
-			 * Let's be nice if they have an skey.seed that
-			 * ends in 0-8 just add one
-			 */
 			if (l > 0) {
 				lastc = skey.seed[l - 1];
-				if (isdigit(lastc) && lastc != '9') {
-					(void)strcpy(defaultseed, skey.seed);
+				if (isdigit((unsigned char)lastc) && lastc != '9') {
+					strncpy(defaultseed, skey.seed, sizeof(defaultseed));
 					defaultseed[l - 1] = lastc + 1;
 				}
-				if (isdigit(lastc) && lastc == '9' && l < 16) {
-					(void)strcpy(defaultseed, skey.seed);
+				if (isdigit((unsigned char)lastc) && lastc == '9' && 
+					l < 16) {
+					strncpy(defaultseed, skey.seed, sizeof(defaultseed));
 					defaultseed[l - 1] = '0';
 					defaultseed[l] = '0';
 					defaultseed[l + 1] = '\0';
@@ -223,7 +199,7 @@
 		case 1:
 			if (zerokey)
 				errx(1, "You have no entry to zero.");
-			(void)printf("[Adding %s]\n", pp->pw_name);
+			printf("[Adding %s]\n", pp->pw_name);
 			break;
 	}
 	if (n == 0)
@@ -237,37 +213,33 @@
 	}
 
 	if (!defaultsetup) {
-		(void)printf("You need the 6 english words generated from the \"skey\" command.\n");
+		printf("You need the 6 english words generated from the \"skey\" command.\n");
 		for (i = 0; ; i++) {
 			if (i >= 2)
 				exit(1);
 
-			(void)printf("Enter sequence count from 1 to %d: ",
-				     SKEY_MAX_SEQ);
-			(void)fgets(buf, sizeof(buf), stdin);
+			printf("Enter sequence count from 1 to %d: ", SKEY_MAX_SEQ);
+			fgets(buf, sizeof(buf), stdin);
 			n = atoi(buf);
 			if (n > 0 && n < SKEY_MAX_SEQ)
 				break;	/* Valid range */
-			(void)printf("Error: Count must be > 0 and < %d\n",
-				     SKEY_MAX_SEQ);
+			printf("\nError: Count must be between 0 and %d\n", SKEY_MAX_SEQ);
 		}
 
 		for (i = 0;; i++) {
 			if (i >= 2)
 				exit(1);
 
-			(void)printf("Enter new key [default %s]: ",
-				     defaultseed);
-			(void)fgets(seed, sizeof(seed), stdin);
+			printf("Enter new seed [default %s]: ", defaultseed);
+			fflush(stdout);
+			fgets(seed, sizeof(seed), stdin);
 			rip(seed);
-			if (seed[0] == '\0')
-				(void)strcpy(seed, defaultseed);
 			for (p = seed; *p; p++) {
 				if (isalpha(*p)) {
 					if (isupper(*p))
 						*p = tolower(*p);
 				} else if (!isdigit(*p)) {
-					(void)puts("Error: seed may only contain alpha numeric characters");
+					puts("Error: seed may only contain alpha numeric characters");
 					break;
 				}
 			}
@@ -275,66 +247,75 @@
 				break;  /* Valid seed */
 		}
 		if (strlen(seed) > SKEY_MAX_SEED_LEN) {
-			(void)printf("Notice: Seed truncated to %d characters.\n",
-				     SKEY_MAX_SEED_LEN);
+			printf("Notice: Seed truncated to %d characters.\n", SKEY_MAX_SEED_LEN);
 			seed[SKEY_MAX_SEED_LEN] = '\0';
 		} 
+		if (seed[0] == '\0')
+			strncpy(seed, defaultseed, sizeof(seed));
 
 		for (i = 0;; i++) {
 			if (i >= 2)
 				exit(1);
 
-			(void)printf("otp-%s %d %s\nS/Key access password: ",
+			printf("otp-%s %d %s\ns/key access password: ",
 				     skey_get_algorithm(), n, seed);
-			(void)fgets(buf, sizeof(buf), stdin);
+			fgets(buf, sizeof(buf), stdin);
 			rip(buf);
 			backspace(buf);
 
 			if (buf[0] == '?') {
-				(void)puts("Enter 6 English words from secure S/Key calculation.");
+				puts("Enter 6 English words from secure s/key calculation.");
 				continue;
 			} else if (buf[0] == '\0')
 				exit(1);
 			if (etob(key, buf) == 1 || atob8(key, buf) == 0)
 				break;	/* Valid format */
-			(void)puts("Invalid format - try again with 6 English words.");
+			puts("Invalid format - try again with 6 English words.");
 		}
 	} else {
 		/* Get user's secret password */
-		fputs("Reminder - Only use this method if you are directly connected\n           or have an encrypted channel.  If you are using telnet\n           or rlogin, exit with no password and use skeyinit -s.\n", stderr);
+		puts("Reminder - Only use this method if you are directly connected\n"
+			"or have an encrypted channel.  If you are using telnet\n"
+			"or rlogin, exit with no password and use skeyinit -s.\n");
 
 		for (i = 0;; i++) {
-			if (i > 2)
+			if (i >= 3)
 				exit(1);
 
-			(void)fputs("Enter secret password: ", stderr);
+			printf("Enter secret password: ");
 			readpass(passwd, sizeof(passwd));
 			if (passwd[0] == '\0')
 				exit(1);
 
 			if (strlen(passwd) < SKEY_MIN_PW_LEN) {
-				(void)fprintf(stderr,
-				    "Your password must be at least %d characters long.\n", SKEY_MIN_PW_LEN);
+				fprintf(stderr,
+	"Your password must be at least %d characters long.\n", SKEY_MIN_PW_LEN);
 				continue;
 			} else if (strcmp(passwd, pp->pw_name) == 0) {
-				(void)fputs("Your password may not be the same as your user name.\n", stderr);
-				continue;
-			} else if (strspn(passwd, "abcdefghijklmnopqrstuvwxyz") == strlen(passwd)) {
-				(void)fputs("Your password must contain more than just lower case letters.\nWhitespace, numbers, and puctuation are suggested.\n", stderr);
+				fputs("Your password may not be the same as your user name.\n", stderr);
 				continue;
+			} 
+#ifdef HAVE_CRACK_H
+			if (msg = (char *) FascistCheck(passwd, CRACKLIB_DICTPATH)) {
+				warnx("Warning: %s", msg);
+				/* if (!i) */ /* reject passwords cracklib doesnt like the first time its entered... */
+				/*	continue; */
 			}
+#endif
 
-			(void)fputs("Again secret password: ", stderr);
+			printf("Again secret password: ");
 			readpass(passwd2, sizeof(passwd));
+			if (passwd2[0] == '\0')
+				exit(1);
 
 			if (strcmp(passwd, passwd2) == 0)
 				break;
 
-			(void)fputs("Passwords do not match.\n", stderr);
+			puts("Passwords do not match.");
 		}
 
 		/* Crunch seed and password into starting key */
-		(void)strcpy(seed, defaultseed);
+		strncpy(seed, defaultseed, sizeof(seed));
 		if (keycrunch(key, seed, passwd) != 0)
 			err(2, "key crunch failed");
 
@@ -342,16 +323,16 @@
 		while (nn-- != 0)
 			f(key);
 	}
-	(void)time(&now);
+	time(&now);
 	tm = localtime(&now);
-	(void)strftime(tbuf, sizeof(tbuf), " %b %d,%Y %T", tm);
+	strftime(tbuf, sizeof(tbuf), " %b %d,%Y %T", tm);
 
 	if ((skey.val = (char *)malloc(16 + 1)) == NULL)
 		err(1, "Can't allocate memory");
 
-	/* Zero out old key if necesary (entry would change size) */
+	/* Zero out old key if necessary (entry would change size) */
 	if (zerokey) {
-		(void)skeyzero(&skey, pp->pw_name);
+		skeyzero(&skey, pp->pw_name);
 		/* Re-open keys file and seek to the end */
 		if (skeylookup(&skey, pp->pw_name) == -1)
 			err(1, "cannot open database");
@@ -376,26 +357,17 @@
 
 	/* Don't save algorithm type for md4 (keep record length same) */
 	if (strcmp(skey_get_algorithm(), "md4") == 0)
-		(void)fprintf(skey.keyfile, "%s %04d %-16s %s %-21s\n",
+		fprintf(skey.keyfile, "%s %04d %-16s %s %-21s\n",
 		    pp->pw_name, n, seed, skey.val, tbuf);
 	else
-		(void)fprintf(skey.keyfile, "%s %s %04d %-16s %s %-21s\n",
+		fprintf(skey.keyfile, "%s %s %04d %-16s %s %-21s\n",
 		    pp->pw_name, skey_get_algorithm(), n, seed, skey.val, tbuf);
 
-	(void)fclose(skey.keyfile);
+	fclose(skey.keyfile);
 
-	(void)printf("\nID %s skey is otp-%s %d %s\n", pp->pw_name,
+	printf("\nID %s skey is otp-%s %d %s\n", pp->pw_name,
 		     skey_get_algorithm(), n, seed);
-	(void)printf("Next login password: %s\n\n",
+	printf("Next login password: %s\n\n",
 		     hexmode ? put8(buf, key) : btoe(buf, key));
-	exit(0);
-}
-
-void
-usage(s)
-	char *s;
-{
-	(void)fprintf(stderr,
-		"Usage: %s [-s] [-x] [-z] [-n count] [-md4|-md5|-sha1|-rmd160] [user]\n", s);
-	exit(1);
+	return 0;
 }
--- skey-1.1.5.orig/skeylogin.c	2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/skeylogin.c	2003-11-06 17:46:45.000000000 +0000
@@ -20,6 +20,7 @@
 #include <sys/quota.h>
 #endif
 #include <sys/stat.h>
+#include <sys/file.h>
 #include <sys/time.h>
 #include <sys/resource.h>
 #include <sys/types.h>
@@ -32,6 +33,7 @@
 #include <string.h>
 #include <time.h>
 #include <unistd.h>
+#include <grp.h>
 
 #include "config.h"
 
@@ -45,73 +47,85 @@
 #include "sha1.h"
 #endif
 
+#include "err.h"
 #include "skey.h"
 
-char *skipspace __P((char *));
-int skeylookup __P((struct skey *, char *));
+#define OTP_FMT "otp-%.*s %d %.*s"
 
 /* Issue a skey challenge for user 'name'. If successful,
- * fill in the caller's skey structure and return(0). If unsuccessful
- * (e.g., if name is unknown) return(-1).
+ * fill in the caller's skey structure and return 0. If unsuccessful
+ * (e.g., if name is unknown) return -1.
  *
  * The file read/write pointer is left at the start of the
  * record.
  */
-int
-getskeyprompt(mp, name, prompt)
-	struct skey *mp;
-	char *name;
-	char *prompt;
+int getskeyprompt(struct skey *mp, char *name, char *prompt)
 {
 	int rval;
 
 	sevenbit(name);
 	rval = skeylookup(mp, name);
-	(void)strcpy(prompt, "otp-md0 55 latour1\n");
+
+	*prompt = '\0';
 	switch (rval) {
-	case -1:	/* File error */
-		return(-1);
-	case 0:		/* Lookup succeeded, return challenge */
-		(void)sprintf(prompt, "otp-%.*s %d %.*s\n",
-			      SKEY_MAX_HASHNAME_LEN, skey_get_algorithm(),
+		case -1:	/* File error */
+			return -1;
+		case 0:		/* Lookup succeeded, return challenge */
+			sprintf(prompt, OTP_FMT "\n",
+				SKEY_MAX_HASHNAME_LEN, skey_get_algorithm(),
 			      mp->n - 1, SKEY_MAX_SEED_LEN, mp->seed);
-		return(0);
-	case 1:		/* User not found */
-		(void)fclose(mp->keyfile);
-		return(-1);
+			return 0;
+		case 1:		/* User not found */
+			fclose(mp->keyfile);
+			mp->keyfile = NULL;
+			return -1;
 	}
-	return(-1);	/* Can't happen */
+	return -1;	/* Can't happen, never ever ever. ever. I'm serious. */
 }
 
 /* Return  a skey challenge string for user 'name'. If successful,
- * fill in the caller's skey structure and return(0). If unsuccessful
- * (e.g., if name is unknown) return(-1).
+ * fill in the caller's skey structure and return 0. If unsuccessful
+ * (e.g., if name is unknown) return -1.
  *
  * The file read/write pointer is left at the start of the
  * record.
  */
-int
-skeychallenge(mp, name, ss)
-	struct skey *mp;
-	char *name;
-	char *ss;
+int skeychallenge(struct skey *mp, const char *name, char *ss, size_t sslen)
 {
 	int rval;
 
 	rval = skeylookup(mp,name);
+	*ss = '\0';
 	switch(rval){
-	case -1:	/* File error */
-		return(-1);
-	case 0:		/* Lookup succeeded, issue challenge */
-		(void)sprintf(ss, "otp-%.*s %d %.*s", SKEY_MAX_HASHNAME_LEN,
+		case -1:	/* File error */
+			return -1;
+		case 0:		/* Lookup succeeded, issue challenge */
+			snprintf(ss, sslen, OTP_FMT, SKEY_MAX_HASHNAME_LEN,
 			      skey_get_algorithm(), mp->n - 1,
 			      SKEY_MAX_SEED_LEN, mp->seed);
-		return(0);
-	case 1:		/* User not found */
-		(void)fclose(mp->keyfile);
-		return(-1);
+			return 0;
+		case 1:		/* User not found */
+			fclose(mp->keyfile);
+			mp->keyfile = NULL;
+			return -1;
+	}
+	return -1;	/* Can't happen - or your money back */
+}
+
+static FILE *openskey(void)
+{
+	struct stat statbuf;
+	FILE *keyfile = NULL;
+
+	if (stat(SKEYKEYS, &statbuf) == 0 &&
+		(keyfile = fopen(SKEYKEYS, "r+"))) {
+			if ((statbuf.st_mode & 0007777) != 0600)
+				fchmod(fileno(keyfile), 0600);
+	} else {
+		keyfile = NULL;
 	}
-	return(-1);	/* Can't happen */
+
+	return keyfile;
 }
 
 /* Find an entry in the One-time Password database.
@@ -120,27 +134,19 @@
  *  0: entry found, file R/W pointer positioned at beginning of record
  *  1: entry not found, file R/W pointer positioned at EOF
  */
-int
-skeylookup(mp, name)
-	struct skey *mp;
-	char *name;
+int skeylookup(struct skey *mp, const char *name)
 {
 	int found = 0;
 	long recstart = 0;
-	char *cp, *ht = NULL;
-	struct stat statbuf;
-
-	/* Open SKEYKEYS if it exists, else return an error */
-	if (stat(SKEYKEYS, &statbuf) == 0 &&
-	    (mp->keyfile = fopen(SKEYKEYS, "r+")) != NULL) {
-		if ((statbuf.st_mode & 0007777) != 0600)
-			fchmod(fileno(mp->keyfile), 0600);
-	} else {
-		return(-1);
-	}
+	const char *ht = NULL;
+	char *last;
 
+	if(!(mp->keyfile = openskey()))
+		return -1;
+	
 	/* Look up user name in database */
 	while (!feof(mp->keyfile)) {
+		char *cp;
 		recstart = ftell(mp->keyfile);
 		mp->recstart = recstart;
 		if (fgets(mp->buf, sizeof(mp->buf), mp->keyfile) != mp->buf)
@@ -148,22 +154,22 @@
 		rip(mp->buf);
 		if (mp->buf[0] == '#')
 			continue;	/* Comment */
-		if ((mp->logname = strtok(mp->buf, " \t")) == NULL)
+		if ((mp->logname = strtok_r(mp->buf, " \t", &last)) == NULL)
 			continue;
-		if ((cp = strtok(NULL, " \t")) == NULL)
+		if ((cp = strtok_r(NULL, " \t", &last)) == NULL)
 			continue;
 		/* Save hash type if specified, else use md4 */
-		if (isalpha(*cp)) {
+		if (isalpha((u_char) *cp)) {
 			ht = cp;
-			if ((cp = strtok(NULL, " \t")) == NULL)
+			if ((cp = strtok_r(NULL, " \t", &last)) == NULL)
 				continue;
 		} else {
 			ht = "md4";
 		}
 		mp->n = atoi(cp);
-		if ((mp->seed = strtok(NULL, " \t")) == NULL)
+		if ((mp->seed = strtok_r(NULL, " \t", &last)) == NULL)
 			continue;
-		if ((mp->val = strtok(NULL, " \t")) == NULL)
+		if ((mp->val = strtok_r(NULL, " \t", &last)) == NULL)
 			continue;
 		if (strcmp(mp->logname, name) == 0) {
 			found = 1;
@@ -171,7 +177,7 @@
 		}
 	}
 	if (found) {
-		(void)fseek(mp->keyfile, recstart, SEEK_SET);
+		fseek(mp->keyfile, recstart, SEEK_SET);
 		/* Set hash type */
 		if (ht && skey_set_algorithm(ht) == NULL) {
 			warnx("Unknown hash algorithm %s, using %s", ht,
@@ -189,27 +195,21 @@
  *  0: next entry found and stored in mp
  *  1: no more entries, file R/W pointer positioned at EOF
  */
-int
-skeygetnext(mp)
-	struct skey *mp;
+int skeygetnext(struct skey *mp)
 {
 	long recstart = 0;
-	char *cp;
-	struct stat statbuf;
+	char *last;
 
 	/* Open SKEYKEYS if it exists, else return an error */
 	if (mp->keyfile == NULL) {
-		if (stat(SKEYKEYS, &statbuf) == 0 &&
-		    (mp->keyfile = fopen(SKEYKEYS, "r+")) != NULL) {
-			if ((statbuf.st_mode & 0007777) != 0600)
-				fchmod(fileno(mp->keyfile), 0600);
-		} else {
-			return(-1);
-		}
+		if(!(mp->keyfile = openskey()))
+			return -1;
 	}
 
 	/* Look up next user in database */
 	while (!feof(mp->keyfile)) {
+		char *cp;
+
 		recstart = ftell(mp->keyfile);
 		mp->recstart = recstart;
 		if (fgets(mp->buf, sizeof(mp->buf), mp->keyfile) != mp->buf)
@@ -217,19 +217,19 @@
 		rip(mp->buf);
 		if (mp->buf[0] == '#')
 			continue;	/* Comment */
-		if ((mp->logname = strtok(mp->buf, " \t")) == NULL)
+		if ((mp->logname = strtok_r(mp->buf, " \t", &last)) == NULL)
 			continue;
-		if ((cp = strtok(NULL, " \t")) == NULL)
+		if ((cp = strtok_r(NULL, " \t", &last)) == NULL)
 			continue;
 		/* Save hash type if specified, else use md4 */
-		if (isalpha(*cp)) {
-			if ((cp = strtok(NULL, " \t")) == NULL)
+		if (isalpha((u_char) *cp)) {
+			if ((cp = strtok_r(NULL, " \t", &last)) == NULL)
 				continue;
 		}
 		mp->n = atoi(cp);
-		if ((mp->seed = strtok(NULL, " \t")) == NULL)
+		if ((mp->seed = strtok_r(NULL, " \t", &last)) == NULL)
 			continue;
-		if ((mp->val = strtok(NULL, " \t")) == NULL)
+		if ((mp->val = strtok_r(NULL, " \t", &last)) == NULL)
 			continue;
 		/* Got a real entry */
 		break;
@@ -246,10 +246,7 @@
  *
  * The database file is always closed by this call.
  */
-int
-skeyverify(mp, response)
-	struct skey *mp;
-	char *response;
+int skeyverify(struct skey *mp, char *response)
 {
 	char key[SKEY_BINKEY_SIZE];
 	char fkey[SKEY_BINKEY_SIZE];
@@ -257,29 +254,31 @@
 	time_t now;
 	struct tm *tm;
 	char tbuf[27];
-	char *cp;
+	char *cp, *last;
 	int i, rval;
 
 	time(&now);
 	tm = localtime(&now);
-	(void)strftime(tbuf, sizeof(tbuf), " %b %d,%Y %T", tm);
+	strftime(tbuf, sizeof(tbuf), " %b %d,%Y %T", tm);
 
 	if (response == NULL) {
-		(void)fclose(mp->keyfile);
-		return(-1);
+		fclose(mp->keyfile);
+		mp->keyfile = NULL;
+		return -1;
 	}
 	rip(response);
 
 	/* Convert response to binary */
 	if (etob(key, response) != 1 && atob8(key, response) != 0) {
 		/* Neither english words or ascii hex */
-		(void)fclose(mp->keyfile);
-		return(-1);
+		fclose(mp->keyfile);
+		mp->keyfile = NULL;
+		return -1;
 	}
 
 	/* Compute fkey = f(key) */
-	(void)memcpy(fkey, key, sizeof(key));
-        (void)fflush(stdout);
+	memcpy(fkey, key, sizeof(key));
+    fflush(stdout);
 	f(fkey);
 
 	/*
@@ -298,26 +297,33 @@
 	}
 
 	/* Reread the file record NOW */
-	(void)fseek(mp->keyfile, mp->recstart, SEEK_SET);
+	fseek(mp->keyfile, mp->recstart, SEEK_SET);
 	if (fgets(mp->buf, sizeof(mp->buf), mp->keyfile) != mp->buf) {
-		(void)fclose(mp->keyfile);
-		return(-1);
+		fclose(mp->keyfile);
+		mp->keyfile = NULL;
+		return -1;
 	}
 	rip(mp->buf);
-	mp->logname = strtok(mp->buf, " \t");
-	cp = strtok(NULL, " \t") ;
-	if (isalpha(*cp))
-		cp = strtok(NULL, " \t") ;
-	mp->seed = strtok(NULL, " \t");
-	mp->val = strtok(NULL, " \t");
+	if ((mp->logname = strtok_r(mp->buf, " \t", &last)) == NULL)
+		goto verify_failure;
+	if ((cp = strtok_r(NULL, " \t", &last)) == NULL)
+		goto verify_failure;
+	if (isalpha((u_char) *cp))
+		if ((cp = strtok_r(NULL, " \t", &last)) == NULL)
+			goto verify_failure;
+	if ((mp->seed = strtok_r(NULL, " \t", &last)) == NULL)
+		goto verify_failure;
+	if ((mp->val = strtok_r(NULL, " \t", &last)) == NULL)
+		goto verify_failure;
 	/* And convert file value to hex for comparison */
 	atob8(filekey, mp->val);
 
 	/* Do actual comparison */
 	if (memcmp(filekey, fkey, SKEY_BINKEY_SIZE) != 0){
 		/* Wrong response */
-		(void)fclose(mp->keyfile);
-		return(1);
+		fclose(mp->keyfile);
+		mp->keyfile = NULL;
+		return 1;
 	}
 
 	/*
@@ -327,19 +333,24 @@
 	 */
 	btoa8(mp->val,key);
 	mp->n--;
-	(void)fseek(mp->keyfile, mp->recstart, SEEK_SET);
+	fseek(mp->keyfile, mp->recstart, SEEK_SET);
 	/* Don't save algorithm type for md4 (keep record length same) */
 	if (strcmp(skey_get_algorithm(), "md4") == 0)
-		(void)fprintf(mp->keyfile, "%s %04d %-16s %s %-21s\n",
+		fprintf(mp->keyfile, "%s %04d %-16s %s %-21s\n",
 			      mp->logname, mp->n, mp->seed, mp->val, tbuf);
 	else
-		(void)fprintf(mp->keyfile, "%s %s %04d %-16s %s %-21s\n",
+		fprintf(mp->keyfile, "%s %s %04d %-16s %s %-21s\n",
 			      mp->logname, skey_get_algorithm(), mp->n,
 			      mp->seed, mp->val, tbuf);
 
-	(void)fclose(mp->keyfile);
-	
-	return(0);
+	fclose(mp->keyfile);
+	mp->keyfile = NULL;
+	return 0;
+
+	verify_failure:
+		fclose(mp->keyfile);
+		mp->keyfile = NULL;
+		return -1;
 }
 
 /*
@@ -348,13 +359,18 @@
  * Returns: 1 user doesnt exist, -1 fle error, 0 user exists.
  *
  */
-int
-skey_haskey(username)
-	char *username;
+int skey_haskey(const char *username)
 {
 	struct skey skey;
+	int i;
+
+	i = skeylookup(&skey, username);
  
-	return(skeylookup(&skey, username));
+ 	if (skey.keyfile != NULL) {
+		fclose(skey.keyfile);
+		skey.keyfile = NULL;
+	}
+	return i;
 }
  
 /*
@@ -364,19 +380,21 @@
  * seed for the passed user.
  *
  */
-char *
-skey_keyinfo(username)
-	char *username;
+const char *skey_keyinfo(const char *username)
 {
 	int i;
 	static char str[SKEY_MAX_CHALLENGE];
 	struct skey skey;
 
-	i = skeychallenge(&skey, username, str);
+	i = skeychallenge(&skey, username, str, sizeof str);
 	if (i == -1)
-		return(0);
+		return 0;
 
-	return(str);
+	if (skey.keyfile != NULL) {
+		fclose(skey.keyfile);
+		skey.keyfile = NULL;
+	}
+	return str;
 }
  
 /*
@@ -388,40 +406,38 @@
  * Returns: 0 success, -1 failure
  *
  */
-int
-skey_passcheck(username, passwd)
-	char *username, *passwd;
+int skey_passcheck(const char *username, char *passwd)
 {
 	int i;
 	struct skey skey;
 
 	i = skeylookup(&skey, username);
 	if (i == -1 || i == 1)
-		return(-1);
+		return -1;
 
 	if (skeyverify(&skey, passwd) == 0)
-		return(skey.n);
+		return skey.n;
 
-	return(-1);
+	return -1;
 }
 
+#if DO_FAKE_CHALLENGE
 #define ROUND(x)   (((x)[0] << 24) + (((x)[1]) << 16) + (((x)[2]) << 8) + \
 		    ((x)[3]))
 
 /*
  * hash_collapse()
  */
-static u_int32_t
-hash_collapse(s)
-        u_char *s;
+static u_int32_t hash_collapse(u_char *s)
 {
-        int len, target;
+    int len, target, slen;
 	u_int32_t i;
-	
-	if ((strlen(s) % sizeof(u_int32_t)) == 0)
-  		target = strlen(s);    /* Multiple of 4 */
+
+	slen = strlen((char *)s);
+	if ((slen % sizeof(u_int32_t)) == 0)
+  		target = slen;    /* Multiple of 4 */
 	else
-		target = strlen(s) - (strlen(s) % sizeof(u_int32_t));
+		target = slen - slen % sizeof(u_int32_t);
   
 	for (i = 0, len = 0; len < target; len += 4)
         	i ^= ROUND(s + len);
@@ -429,6 +445,8 @@
 	return i;
 }
 
+#endif 
+
 /*
  * skey_authenticate()
  *
@@ -438,22 +456,22 @@
  * Returns: 0 success, -1 failure
  *
  */
-int
-skey_authenticate(username)
-	char *username;
+int skey_authenticate(const char *username)
 {
 	int i;
+	char pbuf[SKEY_MAX_PW_LEN+1], skeyprompt[SKEY_MAX_CHALLENGE+1];
+	struct skey skey;
+#if DO_FAKE_CHALLENGE
 	u_int ptr;
 	u_char hseed[SKEY_MAX_SEED_LEN], flg = 1, *up;
-	char pbuf[SKEY_MAX_PW_LEN+1], skeyprompt[SKEY_MAX_CHALLENGE+1];
-	char *secret;
 	size_t secretlen;
-	struct skey skey;
 	SHA1_CTX ctx;
-	
+#endif
+
 	/* Attempt an S/Key challenge */
-	i = skeychallenge(&skey, username, skeyprompt);
+	i = skeychallenge(&skey, username, skeyprompt, sizeof skeyprompt);
 
+#if DO_FAKE_CHALLENGE
 	/* Cons up a fake prompt if no entry in keys file */
 	if (i != 0) {
 		char *p, *u;
@@ -465,11 +483,11 @@
 		if (gethostname(pbuf, sizeof(pbuf)) == -1)
 			*(p = pbuf) = '.';
 		else
-			for (p = pbuf; *p && isalnum(*p); p++)
-				if (isalpha(*p) && isupper(*p))
-					*p = tolower(*p);
+			for (p = pbuf; *p && isalnum((u_char)*p); p++)
+				if (isalpha((u_char)*p) && isupper((u_char)*p))
+					*p = tolower((u_char)*p);
 		if (*p && pbuf - p < 4)
-			(void)strncpy(p, "asjd", 4 - (pbuf - p));
+			strncpy(p, "asjd", 4 - (pbuf - p));
 		pbuf[4] = '\0';
 
 		/* Hash the username if possible */
@@ -490,6 +508,7 @@
 			    SEEK_SET) != -1 && read(fd, hseed,
 			    SKEY_MAX_SEED_LEN) == SKEY_MAX_SEED_LEN) {
 				close(fd);
+				fd = -1;
 				secret = hseed;
 				secretlen = SKEY_MAX_SEED_LEN;
 				flg = 0;
@@ -499,6 +518,8 @@
 				secretlen = strlen(secret);
 				flg = 0;
 			}
+			if (fd != -1)
+				close(fd);
 		}
 
 		/* Put that in your pipe and smoke it */
@@ -531,7 +552,7 @@
 			memset(up, 0, 20); /* SHA1 specific */
 			free(up);
 
-			(void)sprintf(skeyprompt,
+			sprintf(skeyprompt,
 				      "otp-%.*s %d %.*s",
 				      SKEY_MAX_HASHNAME_LEN,
 				      skey_get_algorithm(),
@@ -554,29 +575,30 @@
 			} while (--i != 0);
 			pbuf[12] = '\0';
 
-			(void)sprintf(skeyprompt, "otp-%.*s %d %.*s",
+			sprintf(skeyprompt, "otp-%.*s %d %.*s",
 				      SKEY_MAX_HASHNAME_LEN,
 				      skey_get_algorithm(),
 				      99, SKEY_MAX_SEED_LEN, pbuf);
 		}
 	}
+#endif
 
-	(void)fprintf(stderr, "%s\n", skeyprompt);
-	(void)fflush(stderr);
+	fprintf(stderr, "[%s]\n", skeyprompt);
+	fflush(stderr);
 
-	(void)fputs("Response: ", stderr);
+	fputs("Response: ", stderr);
 	readskey(pbuf, sizeof(pbuf));
 
 	/* Is it a valid response? */
 	if (i == 0 && skeyverify(&skey, pbuf) == 0) {
 		if (skey.n < 5) {
-			(void)fprintf(stderr,
+			fprintf(stderr,
 			    "\nWarning! Key initialization needed soon.  (%d logins left)\n",
 			    skey.n);
 		}
-		return(0);
+		return 0;
 	}
-	return(-1);
+	return -1;
 }
 
 /* Comment out user's entry in the s/key database
@@ -587,22 +609,21 @@
  *
  * The database file is always closed by this call.
  */
-int
-skeyzero(mp, response)
-	struct skey *mp;
-	char *response;
+int skeyzero(struct skey *mp, char *response)
 {
 	/*
 	 * Seek to the right place and write comment character
 	 * which effectively zero's out the entry.
 	 */
-	(void)fseek(mp->keyfile, mp->recstart, SEEK_SET);
+	fseek(mp->keyfile, mp->recstart, SEEK_SET);
 	if (fputc('#', mp->keyfile) == EOF) {
 		fclose(mp->keyfile);
-		return(-1);
+		mp->keyfile = NULL;
+		return -1;
 	}
 
-	(void)fclose(mp->keyfile);
+	fclose(mp->keyfile);
+	mp->keyfile = NULL;
 	
-	return(0);
+	return 0;
 }
--- skey-1.1.5.orig/skeyprune.8	2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/skeyprune.8	2003-11-06 17:46:45.000000000 +0000
@@ -13,7 +13,7 @@
 .Sh DESCRIPTION
 .Nm skeyprune
 searches through the file
-.Dq Pa /etc/skeykeys
+.Dq Pa /etc/skey/skeykeys
 and prunes out users who have zeroed their entries via
 .Xr skeyinit 1
 as well as entries that have not been modified in
@@ -22,8 +22,8 @@
 .Ar days
 is not specified only commented out entries are pruned.
 .Sh FILES
-.Bl -tag -width /etc/skeykeys -compact
-.It Pa /etc/skeykeys
+.Bl -tag -width /etc/skey/skeykeys -compact
+.It Pa /etc/skey/skeykeys
 S/Key key information database
 .El
 .Sh SEE ALSO
@@ -33,7 +33,7 @@
 Since
 .Nm skeyprune
 rewrites
-.Dq Pa /etc/skeykeys ,
+.Dq Pa /etc/skey/skeykeys ,
 there is a window where S/Key changes could get lost.
 It is therefore suggested that
 .Nm skeyprune
--- skey-1.1.5.orig/skeysubr.c	2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/skeysubr.c	2003-11-06 17:46:45.000000000 +0000
@@ -40,11 +40,6 @@
 #else
 #include "sha1.h"
 #endif
-#ifdef HAVE_RMD160_H
-#include <rmd160.h>
-#else
-#include "rmd160.h"
-#endif
 
 #include "skey.h"
 
@@ -53,17 +48,18 @@
 #define SKEY_HASH_DEFAULT	1
 #endif
 
-static void f_md4 __P((char *x));
-static void f_md5 __P((char *x));
-static void f_sha1 __P((char *x));
-static void f_rmd160 __P((char *x));
-static int keycrunch_md4 __P((char *result, char *seed, char *passwd));
-static int keycrunch_md5 __P((char *result, char *seed, char *passwd));
-static int keycrunch_sha1 __P((char *result, char *seed, char *passwd));
-static int keycrunch_rmd160 __P((char *result, char *seed, char *passwd));
-static void lowcase __P((char *s));
-static void skey_echo __P((int action));
-static void trapped __P((int sig));
+static void f_md4 __P((char *));
+static void f_md5 __P((char *));
+static void f_sha1 __P((char *));
+/* static void f_rmd160 __P((char *x)); */
+static int keycrunch_md4 __P((char *, const char *, const char *));
+static int keycrunch_md5 __P((char *, const char *, const char *));
+static int keycrunch_sha1 __P((char *, const char *, const char *));
+/* static int keycrunch_rmd160 __P((char *result, char *seed, char *passwd)); */
+static void lowcase __P((char *));
+static void skey_echo __P((int));
+static void trapped __P((int));
+static char *mkseedpassword(const char *, const char *, size_t *);
 
 /* Current hash type (index into skey_hash_types array) */
 static int skey_hash_type = SKEY_HASH_DEFAULT;
@@ -72,17 +68,16 @@
  * Hash types we support.
  * Each has an associated keycrunch() and f() function.
  */
-#define SKEY_ALGORITH_LAST	4
 struct skey_algorithm_table {
 	const char *name;
-	int (*keycrunch) (char *, char *, char *);
-	void (*f) (char *);
+	int (*keycrunch) __P((char *, const char *, const char *));
+	void (*f) __P((char *));
 };
 static struct skey_algorithm_table skey_algorithm_table[] = {
 	{ "md4", keycrunch_md4, f_md4 },
 	{ "md5", keycrunch_md5, f_md5 },
 	{ "sha1", keycrunch_sha1, f_sha1 },
-	{ "rmd160", keycrunch_rmd160, f_rmd160 }
+	{ NULL }
 };
 
 
@@ -91,242 +86,172 @@
  * concatenate the seed and the password, run through MD4/5 and
  * collapse to 64 bits. This is defined as the user's starting key.
  */
-int
-keycrunch(result, seed, passwd)
-	char *result;	/* SKEY_BINKEY_SIZE result */
-	char *seed;	/* Seed, any length */
-	char *passwd;	/* Password, any length */
+int keycrunch(char *result, const char *seed, const char *passwd)
 {
 	return(skey_algorithm_table[skey_hash_type].keycrunch(result, seed, passwd));
 }
 
-static int
-keycrunch_md4(result, seed, passwd)
-	char *result;	/* SKEY_BINKEY_SIZE result */
-	char *seed;	/* Seed, any length */
-	char *passwd;	/* Password, any length */
+static char *mkseedpassword(const char *seed, const char *passwd, size_t *buflen)
 {
 	char *buf;
-	MD4_CTX md;
-	u_int32_t results[4];
-	unsigned int buflen;
 
-	buflen = strlen(seed) + strlen(passwd);
-	if ((buf = (char *)malloc(buflen+1)) == NULL)
-		return(-1);
-	(void)strcpy(buf, seed);
+	*buflen = strlen(seed) + strlen(passwd);
+	if ((buf = (char *) malloc(*buflen + 1)) == NULL)
+		return NULL;
+	strcpy(buf, seed);
 	lowcase(buf);
-	(void)strcat(buf, passwd);
+	strcat(buf, passwd);
+	sevenbit(buf);
+
+	return buf;
+}
 
+static int keycrunch_md4(char *result, const char *seed, const char *passwd)
+{
+	char *buf;
+	MD4_CTX md;
+	size_t buflen;
+	u_int32_t results[4];
+
+	if ((buf = mkseedpassword(seed, passwd, &buflen)) == NULL)
+		return -1;
+	
 	/* Crunch the key through MD4 */
-	sevenbit(buf);
 	MD4Init(&md);
 	MD4Update(&md, (unsigned char *)buf, buflen);
-	MD4Final((unsigned char *)results, &md);
-	(void)free(buf);
+	MD4Final((unsigned char *) (void *) results, &md);
+	free(buf);
 
 	/* Fold result from 128 to 64 bits */
 	results[0] ^= results[2];
 	results[1] ^= results[3];
 
-	(void)memcpy((void *)result, (void *)results, SKEY_BINKEY_SIZE);
+	memcpy(result, results, SKEY_BINKEY_SIZE);
 
-	return(0);
+	return 0;
 }
 
-static int
-keycrunch_md5(result, seed, passwd)
-	char *result;	/* SKEY_BINKEY_SIZE result */
-	char *seed;	/* Seed, any length */
-	char *passwd;	/* Password, any length */
+static int keycrunch_md5(char *result, const char *seed, const char *passwd)
 {
 	char *buf;
 	MD5_CTX md;
 	u_int32_t results[4];
-	unsigned int buflen;
+	size_t buflen;
 
-	buflen = strlen(seed) + strlen(passwd);
-	if ((buf = (char *)malloc(buflen+1)) == NULL)
-		return(-1);
-	(void)strcpy(buf, seed);
-	lowcase(buf);
-	(void)strcat(buf, passwd);
+	if ((buf = mkseedpassword(seed, passwd, &buflen)) == NULL)
+		return -1;
 
 	/* Crunch the key through MD5 */
-	sevenbit(buf);
 	MD5Init(&md);
 	MD5Update(&md, (unsigned char *)buf, buflen);
-	MD5Final((unsigned char *)results, &md);
-	(void)free(buf);
+	MD5Final((unsigned char *) (void *)results, &md);
+	free(buf);
 
 	/* Fold result from 128 to 64 bits */
 	results[0] ^= results[2];
 	results[1] ^= results[3];
 
-	(void)memcpy((void *)result, (void *)results, SKEY_BINKEY_SIZE);
+	memcpy((void *)result, (void *)results, SKEY_BINKEY_SIZE);
 
 	return(0);
 }
 
-static int
-keycrunch_sha1(result, seed, passwd)
-	char *result;	/* SKEY_BINKEY_SIZE result */
-	char *seed;	/* Seed, any length */
-	char *passwd;	/* Password, any length */
+static int keycrunch_sha1(char *result, const char *seed, const char *passwd)
 {
 	char *buf;
 	SHA1_CTX sha;
-	u_int32_t results[5];
-	unsigned int buflen;
-
-	buflen = strlen(seed) + strlen(passwd);
-	if ((buf = (char *)malloc(buflen+1)) == NULL)
-		return(-1);
-	(void)strcpy(buf, seed);
-	lowcase(buf);
-	(void)strcat(buf, passwd);
+	size_t buflen;
+	int i, j;
 
+	if ((buf = mkseedpassword(seed, passwd, &buflen)) == NULL)
+		return -1;
+	
 	/* Crunch the key through SHA1 */
-	sevenbit(buf);
 	SHA1Init(&sha);
 	SHA1Update(&sha, (unsigned char *)buf, buflen);
-	SHA1Final((unsigned char *)results, &sha);
-	(void)free(buf);
+	SHA1Final(NULL, &sha);
+	free(buf);
 
 	/* Fold 160 to 64 bits */
-	results[0] ^= results[2];
-	results[1] ^= results[3];
-	results[0] ^= results[4];
-
-	(void)memcpy((void *)result, (void *)results, SKEY_BINKEY_SIZE);
-
-	return(0);
-}
-
-static int
-keycrunch_rmd160(result, seed, passwd)
-	char *result;	/* SKEY_BINKEY_SIZE result */
-	char *seed;	/* Seed, any length */
-	char *passwd;	/* Password, any length */
-{
-	char *buf;
-	RMD160_CTX rmd;
-	u_int32_t results[5];
-	unsigned int buflen;
-
-	buflen = strlen(seed) + strlen(passwd);
-	if ((buf = (char *)malloc(buflen+1)) == NULL)
-		return(-1);
-	(void)strcpy(buf, seed);
-	lowcase(buf);
-	(void)strcat(buf, passwd);
-
-	/* Crunch the key through RMD-160 */
-	sevenbit(buf);
-	RMD160Init(&rmd);
-	RMD160Update(&rmd, (unsigned char *)buf, buflen);
-	RMD160Final((unsigned char *)results, &rmd);
-	(void)free(buf);
-
-	/* Fold 160 to 64 bits */
-	results[0] ^= results[2];
-	results[1] ^= results[3];
-	results[0] ^= results[4];
-
-	(void)memcpy((void *)result, (void *)results, SKEY_BINKEY_SIZE);
+	sha.state[0] ^= sha.state[2];
+	sha.state[1] ^= sha.state[3];
+	sha.state[0] ^= sha.state[4];
+
+	for (i=j=0; j<8; i++, j+=4) {
+		result[j] = (unsigned char)(sha.state[i] & 0xff);
+		result[j+1] = (unsigned char)((sha.state[i] >> 8) & 0xff);
+		result[j+2] = (unsigned char)((sha.state[i] >> 16) & 0xff);
+		result[j+3] = (unsigned char)((sha.state[i] >> 24) & 0xff);
+	}
 
-	return(0);
+	return 0;
 }
 
 /*
  * The one-way function f().
  * Takes SKEY_BINKEY_SIZE bytes and returns SKEY_BINKEY_SIZE bytes in place.
  */
-void
-f(x)
-	char *x;
+void f(char *x)
 {
 	skey_algorithm_table[skey_hash_type].f(x);
 }
 
-static void
-f_md4(x)
-	char *x;
+static void f_md4(char *x)
 {
 	MD4_CTX md;
 	u_int32_t results[4];
 
 	MD4Init(&md);
 	MD4Update(&md, (unsigned char *)x, SKEY_BINKEY_SIZE);
-	MD4Final((unsigned char *)results, &md);
+	MD4Final((unsigned char *) (void *) results, &md);
 
 	/* Fold 128 to 64 bits */
 	results[0] ^= results[2];
 	results[1] ^= results[3];
 
-	(void)memcpy((void *)x, (void *)results, SKEY_BINKEY_SIZE);
+	memcpy(x, results, SKEY_BINKEY_SIZE);
 }
 
-static void
-f_md5(x)
-	char *x;
+static void f_md5(char *x)
 {
 	MD5_CTX md;
 	u_int32_t results[4];
 
 	MD5Init(&md);
 	MD5Update(&md, (unsigned char *)x, SKEY_BINKEY_SIZE);
-	MD5Final((unsigned char *)results, &md);
+	MD5Final((unsigned char *) (void *) results, &md);
 
 	/* Fold 128 to 64 bits */
 	results[0] ^= results[2];
 	results[1] ^= results[3];
 
-	(void)memcpy((void *)x, (void *)results, SKEY_BINKEY_SIZE);
+	memcpy((void *)x, (void *)results, SKEY_BINKEY_SIZE);
 }
 
-static void
-f_sha1(x)
-	char *x;
+static void f_sha1(char *x)
 {
 	SHA1_CTX sha;
-	u_int32_t results[5];
+	int i, j;
 
 	SHA1Init(&sha);
 	SHA1Update(&sha, (unsigned char *)x, SKEY_BINKEY_SIZE);
-	SHA1Final((unsigned char *)results, &sha);
+	SHA1Final(NULL, &sha);
 
 	/* Fold 160 to 64 bits */
-	results[0] ^= results[2];
-	results[1] ^= results[3];
-	results[0] ^= results[4];
-
-	(void)memcpy((void *)x, (void *)results, SKEY_BINKEY_SIZE);
-}
-
-static void
-f_rmd160(x)
-	char *x;
-{
-	RMD160_CTX rmd;
-	u_int32_t results[5];
-
-	RMD160Init(&rmd);
-	RMD160Update(&rmd, (unsigned char *)x, SKEY_BINKEY_SIZE);
-	RMD160Final((unsigned char *)results, &rmd);
-
-	/* Fold 160 to 64 bits */
-	results[0] ^= results[2];
-	results[1] ^= results[3];
-	results[0] ^= results[4];
-
-	(void)memcpy((void *)x, (void *)results, SKEY_BINKEY_SIZE);
+	sha.state[0] ^= sha.state[2];
+	sha.state[1] ^= sha.state[3];
+	sha.state[0] ^= sha.state[4];
+
+	for (i=j=0; j<8; i++, j+=4) {
+		x[j]	= (unsigned char)(sha.state[i] & 0xff);
+		x[j+1]	= (unsigned char)((sha.state[i] >> 8) & 0xff);
+		x[j+2]	= (unsigned char)((sha.state[i] >> 16) & 0xff);
+		x[j+3]	= (unsigned char)((sha.state[i] >> 24) & 0xff);
+	}
 }
 
 /* Strip trailing cr/lf from a line of text */
-void
-rip(buf)
-	char *buf;
+void rip(char *buf)
 {
 	buf += strcspn(buf, "\r\n");
 
@@ -335,12 +260,9 @@
 }
 
 /* Read in secret password (turns off echo) */
-char *
-readpass(buf, n)
-	char *buf;
-	int n;
+char *readpass(char *buf, int n)
 {
-	void (*old_handler) ();
+	void *old_handler;
 
 	/* Turn off echoing */
 	skey_echo(0);
@@ -348,131 +270,114 @@
 	/* Catch SIGINT and save old signal handler */
 	old_handler = signal(SIGINT, trapped);
 
-	(void)fgets(buf, n, stdin);
+	fgets(buf, n, stdin);
 	rip(buf);
 
-	(void)putc('\n', stderr);
-	(void)fflush(stderr);
+	putc('\n', stderr);
+	fflush(stderr);
 
 	/* Restore signal handler and turn echo back on */
 	if (old_handler != SIG_ERR)
-		(void)signal(SIGINT, old_handler);
+		signal(SIGINT, old_handler);
 	skey_echo(1);
 
 	sevenbit(buf);
 
-	return(buf);
+	return buf;
 }
 
 /* Read in an s/key OTP (does not turn off echo) */
-char *
-readskey(buf, n)
-	char *buf;
-	int n;
+char *readskey(char *buf, int n)
 {
-	(void)fgets(buf, n, stdin);
+	fgets(buf, n, stdin);
 	rip(buf);
 
 	sevenbit(buf);
 
-	return(buf);
+	return buf;
 }
 
 /* Signal handler for trapping ^C */
-static void
-trapped(sig)
-	int sig;
+static void trapped(int sig)
 {
-	(void)fputs("^C\n", stderr);
-	(void)fflush(stderr);
+	fputs("^C\n", stderr);
+	fflush(stderr);
 
-	/* Turn on echo if necesary */
+	/* Turn on echo if necemassary */
 	skey_echo(1);
 
-	exit(-1);
+	exit(1);
 }
 
 /*
  * Convert 8-byte hex-ascii string to binary array
  * Returns 0 on success, -1 on error
  */
-int
-atob8(out, in)
-	register char *out;
-	register char *in;
+int atob8(char *out, const char *in)
 {
-	register int i;
-	register int val;
+	int i;
+	int val;
 
 	if (in == NULL || out == NULL)
-		return(-1);
+		return -1;
 
 	for (i=0; i < 8; i++) {
 		if ((in = skipspace(in)) == NULL)
-			return(-1);
+			return -1;
 		if ((val = htoi(*in++)) == -1)
-			return(-1);
+			return -1;
 		*out = val << 4;
 
 		if ((in = skipspace(in)) == NULL)
-			return(-1);
+			return -1;
 		if ((val = htoi(*in++)) == -1)
-			return(-1);
+			return -1;
 		*out++ |= val;
 	}
-	return(0);
+	return 0;
 }
 
 /* Convert 8-byte binary array to hex-ascii string */
-int
-btoa8(out, in)
-	register char *out;
-	register char *in;
+int btoa8(char *out, const char *in)
 {
-	register int i;
+	int i;
 
 	if (in == NULL || out == NULL)
-		return(-1);
+		return -1;
 
 	for (i=0; i < 8; i++) {
-		(void)sprintf(out, "%02x", *in++ & 0xff);
+		sprintf(out, "%02x", *in++ & 0xff);
 		out += 2;
 	}
-	return(0);
+	return 0;
 }
 
 /* Convert hex digit to binary integer */
-int
-htoi(c)
-	register int c;
+int htoi(int c)
 {
 	if ('0' <= c && c <= '9')
-		return(c - '0');
+		return c - '0';
 	if ('a' <= c && c <= 'f')
-		return(10 + c - 'a');
+		return 10 + c - 'a';
 	if ('A' <= c && c <= 'F')
-		return(10 + c - 'A');
-	return(-1);
+		return 10 + c - 'A';
+	return -1;
 }
 
 /* Skip leading spaces from the string */
-char *
-skipspace(cp)
-	register char *cp;
+const char *skipspace(const char *cp)
 {
 	while (*cp == ' ' || *cp == '\t')
 		cp++;
 
 	if (*cp == '\0')
-		return(NULL);
+		return NULL;
 	else
-		return(cp);
+		return cp;
 }
 
 /* Remove backspaced over characters from the string */
-void
-backspace(buf)
-	char *buf;
+void backspace(char *buf)
 {
 	char bs = 0x8;
 	char *cp = buf;
@@ -496,77 +401,68 @@
 }
 
 /* Make sure line is all seven bits */
-void
-sevenbit(s)
-	char *s;
+void sevenbit(char *s)
 {
 	while (*s)
 		*s++ &= 0x7f;
 }
 
 /* Set hash algorithm type */
-char *
-skey_set_algorithm(new)
-	char *new;
+const char *skey_set_algorithm(const char *new)
 {
 	int i;
 
-	for (i = 0; i < SKEY_ALGORITH_LAST; i++) {
+	for (i = 0; skey_algorithm_table[i].name; i++) {
 		if (strcmp(new, skey_algorithm_table[i].name) == 0) {
 			skey_hash_type = i;
-			return(new);
+			return new;
 		}
 	}
 
-	return(NULL);
+	return NULL;
 }
 
 /* Get current hash type */
-const char *
-skey_get_algorithm()
+const char *skey_get_algorithm()
 {
 	return(skey_algorithm_table[skey_hash_type].name);
 }
 
 /* Turn echo on/off */
-static void
-skey_echo(action)
-	int action;
+static void skey_echo(int action)
 {
 	static struct termios term;
 	static int echo = 0;
 
 	if (action == 0) {
 		/* Turn echo off */
-		(void) tcgetattr(fileno(stdin), &term);
+		tcgetattr(fileno(stdin), &term);
 		if ((echo = (term.c_lflag & ECHO))) {
 			term.c_lflag &= ~ECHO;
 #ifdef TCSASOFT
-			(void) tcsetattr(fileno(stdin), TCSAFLUSH|TCSASOFT, &term);
+			tcsetattr(fileno(stdin), TCSAFLUSH|TCSASOFT, &term);
 #else
-			(void) tcsetattr(fileno(stdin), TCSAFLUSH, &term);
+			tcsetattr(fileno(stdin), TCSAFLUSH, &term);
 #endif
 		}
 	} else if (action && echo) {
 		/* Turn echo on */
 		term.c_lflag |= ECHO;
 #ifdef TCSASOFT
-		(void) tcsetattr(fileno(stdin), TCSAFLUSH|TCSASOFT, &term);
+		tcsetattr(fileno(stdin), TCSAFLUSH|TCSASOFT, &term);
 #else
-		(void) tcsetattr(fileno(stdin), TCSAFLUSH, &term);
+		tcsetattr(fileno(stdin), TCSAFLUSH, &term);
 #endif	       
 		echo = 0;
 	}
 }
 
 /* Convert string to lower case */
-static void
-lowcase(s)
-	char *s;
+static void lowcase(char *s)
 {
-	char *p;
+	u_char *p;
 
-	for (p = s; *p; p++)
+	for (p = (u_char *) s; *p; p++)
 		if (isupper(*p))
 			*p = tolower(*p);
 }
--- skey-1.1.5.orig/strlcpy.c	2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/strlcpy.c	1970-01-01 01:00:00.000000000 +0100
@@ -1,72 +0,0 @@
-/*	$OpenBSD: strlcpy.c,v 1.4 1999/05/01 18:56:41 millert Exp $	*/
-
-/*
- * Copyright (c) 1998 Todd C. Miller <Todd.Miller@courtesan.com>
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. The name of the author may not be used to endorse or promote products
- *    derived from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL
- * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
- * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-#include "config.h"
-#ifndef HAVE_STRLCPY
-
-#if defined(LIBC_SCCS) && !defined(lint)
-static char *rcsid = "$OpenBSD: strlcpy.c,v 1.4 1999/05/01 18:56:41 millert Exp $";
-#endif /* LIBC_SCCS and not lint */
-
-#include <sys/types.h>
-#include <string.h>
-
-/*
- * Copy src to string dst of size siz.  At most siz-1 characters
- * will be copied.  Always NUL terminates (unless siz == 0).
- * Returns strlen(src); if retval >= siz, truncation occurred.
- */
-size_t strlcpy(dst, src, siz)
-	char *dst;
-	const char *src;
-	size_t siz;
-{
-	register char *d = dst;
-	register const char *s = src;
-	register size_t n = siz;
-
-	/* Copy as many bytes as will fit */
-	if (n != 0 && --n != 0) {
-		do {
-			if ((*d++ = *s++) == 0)
-				break;
-		} while (--n != 0);
-	}
-
-	/* Not enough room in dst, add NUL and traverse rest of src */
-	if (n == 0) {
-		if (siz != 0)
-			*d = '\0';		/* NUL-terminate dst */
-		while (*s++)
-			;
-	}
-
-	return(s - src - 1);	/* count does not include NUL */
-}
-
-#endif