summary refs log tree commit diff
path: root/src/usr.bin
diff options
context:
space:
mode:
Diffstat (limited to 'src/usr.bin')
-rw-r--r--src/usr.bin/gzsig/Makefile9
-rw-r--r--src/usr.bin/gzsig/extern.h47
-rw-r--r--src/usr.bin/gzsig/gzip.h107
-rw-r--r--src/usr.bin/gzsig/gzsig.1131
-rw-r--r--src/usr.bin/gzsig/gzsig.c65
-rw-r--r--src/usr.bin/gzsig/key.c220
-rw-r--r--src/usr.bin/gzsig/key.h57
-rw-r--r--src/usr.bin/gzsig/sign.c313
-rw-r--r--src/usr.bin/gzsig/ssh.c345
-rw-r--r--src/usr.bin/gzsig/ssh.h39
-rw-r--r--src/usr.bin/gzsig/ssh2.c223
-rw-r--r--src/usr.bin/gzsig/ssh2.h29
-rw-r--r--src/usr.bin/gzsig/util.c88
-rw-r--r--src/usr.bin/gzsig/util.h41
-rw-r--r--src/usr.bin/gzsig/verify.c216
-rw-r--r--src/usr.bin/gzsig/x509.c137
-rw-r--r--src/usr.bin/gzsig/x509.h40
17 files changed, 0 insertions, 2107 deletions
diff --git a/src/usr.bin/gzsig/Makefile b/src/usr.bin/gzsig/Makefile
deleted file mode 100644
index 785cbbe..0000000
--- a/src/usr.bin/gzsig/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
-# $OpenBSD: Makefile,v 1.4 2014/04/25 12:20:17 mikeb Exp $
-
-PROG	= gzsig
-SRCS	= gzsig.c key.c sign.c ssh.c ssh2.c util.c verify.c x509.c
-
-LDADD	= -lcrypto -lm
-DPADD	= ${LIBCRYPTO} ${LIBM}
-
-.include <bsd.prog.mk>
diff --git a/src/usr.bin/gzsig/extern.h b/src/usr.bin/gzsig/extern.h
deleted file mode 100644
index ce310bb..0000000
--- a/src/usr.bin/gzsig/extern.h
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * extern.h
- *
- * Copyright (c) 2001 Dug Song <dugsong@arbor.net>
- * Copyright (c) 2001 Arbor Networks, Inc.
- *
- *   Redistribution and use in source and binary forms, with or without
- *   modification, are permitted provided that the following conditions
- *   are met:
- * 
- *   1. Redistributions of source code must retain the above copyright
- *      notice, this list of conditions and the following disclaimer.
- *   2. Redistributions in binary form must reproduce the above copyright
- *      notice, this list of conditions and the following disclaimer in the
- *      documentation and/or other materials provided with the distribution.
- *   3. The names of the copyright holders may not be used to endorse or
- *      promote products derived from this software without specific
- *      prior written permission.
- * 
- *   THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- *   INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- *   AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
- *   THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- *   EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- *   PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
- *   OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- *   WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- *   OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- *   ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- * $Vendor: extern.h,v 1.2 2005/04/01 16:47:31 dugsong Exp $
- */
-
-#ifndef EXTERN_H
-#define EXTERN_H
-
-void	sign(int argc, char *argv[]);
-void	verify(int argc, char *argv[]);
-
-int     sign_passwd_cb(char *buf, int size, int rwflag, void *u);
-
-void	sign_usage(void);
-void	verify_usage(void);
-
-extern char *__progname;		/* from crt0.o */
-
-#endif /* EXTERN_H */
diff --git a/src/usr.bin/gzsig/gzip.h b/src/usr.bin/gzsig/gzip.h
deleted file mode 100644
index 750a327..0000000
--- a/src/usr.bin/gzsig/gzip.h
+++ /dev/null
@@ -1,107 +0,0 @@
-/*
- * gzip.h
- *
- * Copyright (c) 2001 Dug Song <dugsong@arbor.net>
- * Copyright (c) 2001 Arbor Networks, Inc.
- *
- *   Redistribution and use in source and binary forms, with or without
- *   modification, are permitted provided that the following conditions
- *   are met:
- * 
- *   1. Redistributions of source code must retain the above copyright
- *      notice, this list of conditions and the following disclaimer.
- *   2. Redistributions in binary form must reproduce the above copyright
- *      notice, this list of conditions and the following disclaimer in the
- *      documentation and/or other materials provided with the distribution.
- *   3. The names of the copyright holders may not be used to endorse or
- *      promote products derived from this software without specific
- *      prior written permission.
- * 
- *   THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- *   INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- *   AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
- *   THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- *   EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- *   PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
- *   OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- *   WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- *   OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- *   ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- * $Vendor: gzip.h,v 1.2 2005/04/01 16:47:31 dugsong Exp $
- */
-
-#ifndef GZIP_H
-#define GZIP_H
-
-/* RFC 1952 is b0rked! This is from gzip-1.2.4's algorithm.doc... */
-
-/* Magic header */
-#define GZIP_MAGIC		"\037\213"
-
-/* Compression methods */
-#define GZIP_MSTORED		0
-#define GZIP_MCOMPRESS		1
-#define GZIP_MPACKED		2
-#define GZIP_MLZHED		3
-#define GZIP_MDEFLATE		8
-
-/* Flags */
-#define GZIP_FTEXT		0x01
-#define GZIP_FCONT		0x02	/* never set by gzip-1.2.4 */
-#define GZIP_FEXTRA		0x04
-#define GZIP_FNAME		0x08
-#define GZIP_FCOMMENT		0x10
-#define GZIP_FENCRYPT		0x20
-#define GZIP_FRESERVED		0xC0
-
-#define GZIP_FENCRYPT_LEN	12
-
-#define GZSIG_ID		"GS"
-#define GZSIG_VERSION		1
-
-struct gzsig_data {
-	u_char	version;
-#ifdef COMMENT_ONLY
-	u_char	signature[];
-#endif
-};
-
-/*
- * Note: all number fields below are in little-endian byte order.
- */
-
-struct gzip_xfield {
-	u_short	len;
-	struct gzip_subfield {
-		u_char	id[2];
-		u_short	len;
-#ifdef COMMENT_ONLY
-		u_char	data[];
-#endif
-	} subfield;
-};
-
-struct gzip_header {
-	u_char		magic[2];
-	u_char		method;
-	u_char		flags;
-	u_char		mtime[4];
-	u_char		xflags;
-	u_char		os;
-#if COMMENT_ONLY
-	/* Optional fields */
-	u_char		part[2];		/* flags & GZIP_FCONT */
-	struct gzip_xfield xfield;		/* flags & GZIP_FEXTRA */
-	char		filename[];		/* flags & GZIP_FNAME */
-	char		comment[];		/* flags & GZIP_FCOMMENT */
-	u_char		encrypt_hdr[12];	/* flags & GZIP_FENCRYPT */
-#endif
-};
-
-struct gzip_trailer {
-	u_int32_t	crc32[4];
-	u_int32_t	size[4];
-};
-
-#endif /* GZIP_H */
diff --git a/src/usr.bin/gzsig/gzsig.1 b/src/usr.bin/gzsig/gzsig.1
deleted file mode 100644
index 87d7b2f..0000000
--- a/src/usr.bin/gzsig/gzsig.1
+++ /dev/null
@@ -1,131 +0,0 @@
-.\" $OpenBSD: gzsig.1,v 1.16 2013/07/16 07:01:02 schwarze Exp $
-.\" $Id: gzsig.1,v 1.16 2013/07/16 07:01:02 schwarze Exp $
-.\"
-.\"  Copyright (c) 2001 Dug Song <dugsong@arbor.net>
-.\"  Copyright (c) 2001 Arbor Networks, Inc.
-.\"
-.\"    Redistribution and use in source and binary forms, with or without
-.\"    modification, are permitted provided that the following conditions
-.\"    are met:
-.\"
-.\"    1. Redistributions of source code must retain the above copyright
-.\"       notice, this list of conditions and the following disclaimer.
-.\"    2. Redistributions in binary form must reproduce the above copyright
-.\"       notice, this list of conditions and the following disclaimer in the
-.\"       documentation and/or other materials provided with the distribution.
-.\"    3. The names of the copyright holders may not be used to endorse or
-.\"       promote products derived from this software without specific
-.\"       prior written permission.
-.\"
-.\"    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
-.\"    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
-.\"    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
-.\"    THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
-.\"    EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
-.\"    PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
-.\"    OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-.\"    WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
-.\"    OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
-.\"    ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: July 16 2013 $
-.Dt GZSIG 1
-.Os
-.Sh NAME
-.Nm gzsig
-.Nd gzip signing utility
-.Sh SYNOPSIS
-.Nm gzsig
-.Ic sign
-.Op Fl q | v
-.Op Fl f Ar secret_file
-.Ar privkey
-.Op Ar
-.Nm gzsig
-.Ic verify
-.Op Fl q | v
-.Op Fl f Ar secret_file
-.Ar pubkey
-.Op Ar
-.Sh DESCRIPTION
-.Nm
-embeds or verifies RSA PKCS #1 v2.0 or DSA SHA1 signatures in
-.Xr gzip 1
-compressed files using SSH identity keys or X.509 certificates.
-.Pp
-The
-.Ar file
-operands are processed in command-line order.
-If
-.Ar file
-is a single dash
-.Pq Sq -
-or absent,
-.Nm
-reads from the standard input.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl f Ar secret_file
-Indicates that the passphrase for the key should be read from
-.Ar secret_file
-instead of being supplied manually.
-.It Fl q
-Enable quiet mode.
-The options
-.Fl q
-and
-.Fl v
-are mutually exclusive;
-the last one specified takes precedence.
-.It Fl v
-Enable verbose mode.
-This is the default.
-The options
-.Fl q
-and
-.Fl v
-are mutually exclusive;
-the last one specified takes precedence.
-.It Ic sign
-Sign the input using the private key in
-.Ar privkey .
-.It Ic verify
-Verify the signature using the public key in
-.Ar pubkey .
-.El
-.Sh EXIT STATUS
-.Ex -std gzsig
-.Sh EXAMPLES
-Sign
-.Ar file1
-and
-.Ar file2
-with the SSH2 identity key in
-.Ar ~/.ssh/id_rsa :
-.Pp
-.Dl $ gzsig sign ~/.ssh/id_rsa file1 file2
-.Pp
-Sign
-.Ar file1
-with the SSH2 identity key, saving the signed file in
-.Ar file2 :
-.Pp
-.Dl $ gzsig sign ~/.ssh/id_rsa \*(Ltfile1 \*(Gtfile2
-.Pp
-Verify the signature on
-.Ar file1
-using the SSL certificate in
-.Ar /etc/ssl/server.crt :
-.Pp
-.Dl $ gzsig verify /etc/ssl/server.crt \*(Ltfile1
-.Sh SEE ALSO
-.Xr gzip 1 ,
-.Xr ssh-keygen 1 ,
-.Xr ssl 8
-.Sh AUTHORS
-.An -nosplit
-.An Dug Song Aq Mt dugsong@arbor.net .
-.Pp
-SSH2 support by
-.An Marius Eriksen Aq Mt marius@openbsd.org .
diff --git a/src/usr.bin/gzsig/gzsig.c b/src/usr.bin/gzsig/gzsig.c
deleted file mode 100644
index af5ff78..0000000
--- a/src/usr.bin/gzsig/gzsig.c
+++ /dev/null
@@ -1,65 +0,0 @@
-/* $OpenBSD: gzsig.c,v 1.3 2005/05/29 09:10:23 djm Exp $ */
-
-/*
- * gzsig.c
- *
- * Copyright (c) 2001 Dug Song <dugsong@arbor.net>
- * Copyright (c) 2001 Arbor Networks, Inc.
- *
- *   Redistribution and use in source and binary forms, with or without
- *   modification, are permitted provided that the following conditions
- *   are met:
- * 
- *   1. Redistributions of source code must retain the above copyright
- *      notice, this list of conditions and the following disclaimer.
- *   2. Redistributions in binary form must reproduce the above copyright
- *      notice, this list of conditions and the following disclaimer in the
- *      documentation and/or other materials provided with the distribution.
- *   3. The names of the copyright holders may not be used to endorse or
- *      promote products derived from this software without specific
- *      prior written permission.
- * 
- *   THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- *   INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- *   AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
- *   THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- *   EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- *   PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
- *   OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- *   WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- *   OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- *   ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- * 
- * $Vendor: gzsig.c,v 1.2 2005/04/01 16:47:31 dugsong Exp $
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-
-#include "extern.h"
-
-static void
-usage(void)
-{
-	sign_usage();
-	verify_usage();
-	exit(1);
-}
-
-int
-main(int argc, char *argv[])
-{
-	if (argc < 2)
-		usage();
-
-	if (strcmp(argv[1], "sign") == 0) {
-		sign(argc - 1, argv + 1);
-	} else if (strcmp(argv[1], "verify") == 0) {
-		verify(argc - 1, argv + 1);
-	} else {
-		usage();
-	}
-
-	exit(0);
-}
diff --git a/src/usr.bin/gzsig/key.c b/src/usr.bin/gzsig/key.c
deleted file mode 100644
index 1d40fe7..0000000
--- a/src/usr.bin/gzsig/key.c
+++ /dev/null
@@ -1,220 +0,0 @@
-/* $OpenBSD: key.c,v 1.6 2010/08/11 18:38:30 jasper Exp $ */
-
-/*
- * key.c
- *
- * Copyright (c) 2001 Dug Song <dugsong@arbor.net>
- * Copyright (c) 2001 Arbor Networks, Inc.
- *
- *   Redistribution and use in source and binary forms, with or without
- *   modification, are permitted provided that the following conditions
- *   are met:
- * 
- *   1. Redistributions of source code must retain the above copyright
- *      notice, this list of conditions and the following disclaimer.
- *   2. Redistributions in binary form must reproduce the above copyright
- *      notice, this list of conditions and the following disclaimer in the
- *      documentation and/or other materials provided with the distribution.
- *   3. The names of the copyright holders may not be used to endorse or
- *      promote products derived from this software without specific
- *      prior written permission.
- * 
- *   THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- *   INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- *   AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
- *   THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- *   EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- *   PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
- *   OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- *   WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- *   OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- *   ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- * $Vendor: key.c,v 1.2 2005/04/01 16:47:31 dugsong Exp $
- */
-
-#include <sys/limits.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/uio.h>
-
-#include <openssl/ssl.h>
-
-#include <errno.h>
-#include <fcntl.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <unistd.h>
-
-#include "key.h"
-#include "ssh.h"
-#include "ssh2.h"
-#include "util.h"
-#include "x509.h"
-
-typedef int (*key_loader)(struct key *, struct iovec *);
-
-static key_loader pubkey_loaders[] = {
-	ssh_load_public,
-	ssh2_load_public,
-	x509_load_public,
-	NULL
-};
-
-static key_loader privkey_loaders[] = {
-	ssh_load_private,
-	x509_load_private,
-	NULL
-};
-
-static int
-load_file(struct iovec *iov, char *filename)
-{
-	struct stat st;
-	int fd;
-	int rval = -1;
-	
-	if ((fd = open(filename, O_RDONLY)) < 0)
-		goto done;
-	
-	if (fstat(fd, &st) < 0)
-		goto done;
-	
-	if (st.st_size == 0 || st.st_size >= SIZE_MAX) {
-		errno = EINVAL;
-		goto done;
-	}
-	if ((iov->iov_base = malloc(st.st_size + 1)) == NULL)
-		goto done;
-
-	iov->iov_len = st.st_size;
-	((u_char *)iov->iov_base)[iov->iov_len] = '\0';
-	
-	if (read(fd, iov->iov_base, iov->iov_len) != iov->iov_len) {
-		free(iov->iov_base);
-		goto done;
-	}
-
-	rval = 0;
-
-done:
-	if (fd != -1)
-	    close(fd);
-	return (rval);
-}
-
-struct key *
-key_new(void)
-{
-	return (calloc(1, sizeof(struct key)));
-}
-
-int
-key_load_private(struct key *k, char *filename)
-{
-	struct iovec iov;
-	int i;
-	
-	if (load_file(&iov, filename) < 0)
-		return (-1);
-
-	for (i = 0; privkey_loaders[i] != NULL; i++) {
-		if (privkey_loaders[i](k, &iov) == 0)
-			return (0);
-	}
-	return (-1);
-}
-
-int
-key_load_public(struct key *k, char *filename)
-{
-	struct iovec iov;
-	int i;
-
-	if (load_file(&iov, filename) < 0)
-		return (-1);
-
-	for (i = 0; pubkey_loaders[i] != NULL; i++) {
-		if (pubkey_loaders[i](k, &iov) == 0)
-			return (0);
-	}
-	return (-1);
-}
-
-int
-key_sign(struct key *k, u_char *msg, int mlen, u_char *sig, int slen)
-{
-	switch (k->type) {
-	case KEY_RSA:
-		if (RSA_size((RSA *)k->data) > slen) {
-			fprintf(stderr, "RSA modulus too large: %d bits\n",
-			    RSA_size((RSA *)k->data));
-			return (-1);
-		}
-		if (RSA_sign(NID_sha1, msg, mlen, sig, &slen,
-		    (RSA *)k->data) <= 0) {
-			fprintf(stderr, "RSA signing failed\n");
-			return (-1);
-		}
-		break;
-
-	case KEY_DSA:
-		if (DSA_size((DSA *)k->data) > slen) {
-			fprintf(stderr, "DSA signature size too large: "
-			    "%d bits\n", DSA_size((DSA *)k->data));
-			return (-1);
-		}
-		if (DSA_sign(NID_sha1, msg, mlen, sig, &slen,
-		    (DSA *)k->data) <= 0) {
-			fprintf(stderr, "DSA signing failed\n");
-			return (-1);
-		}
-		break;
-
-	default:
-		fprintf(stderr, "Unknown key type: %d\n", k->type);
-		return (-1);
-	}
-	return (slen);
-}
-
-int
-key_verify(struct key *k, u_char *msg, int mlen, u_char *sig, int slen)
-{
-	switch (k->type) {
-
-	case KEY_RSA:
-		if (RSA_verify(NID_sha1, msg, mlen,
-		    sig, slen, (RSA *)k->data) <= 0) {
-			fprintf(stderr, "RSA verification failed\n");
-			return (-1);
-		}
-		break;
-
-	case KEY_DSA:
-		if (DSA_verify(NID_sha1, msg, mlen,
-		    sig, slen, (DSA *)k->data) <= 0) {
-			fprintf(stderr, "DSA verification failed\n");
-			return (-1);
-		}
-		break;
-
-	default:
-		fprintf(stderr, "Unknown key type: %d\n", k->type);
-		return (-1);
-	}
-	return (slen);
-}
-
-void
-key_free(struct key *k)
-{
-	if (k->type == KEY_RSA)
-		RSA_free((RSA *)k->data);
-	else if (k->type == KEY_DSA)
-		DSA_free((DSA *)k->data);
-	else if (k->data != NULL)
-		free(k->data);
-	
-	free(k);
-}
diff --git a/src/usr.bin/gzsig/key.h b/src/usr.bin/gzsig/key.h
deleted file mode 100644
index 460ea97..0000000
--- a/src/usr.bin/gzsig/key.h
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * key.h
- *
- * Copyright (c) 2001 Dug Song <dugsong@arbor.net>
- * Copyright (c) 2001 Arbor Networks, Inc.
- *
- *   Redistribution and use in source and binary forms, with or without
- *   modification, are permitted provided that the following conditions
- *   are met:
- * 
- *   1. Redistributions of source code must retain the above copyright
- *      notice, this list of conditions and the following disclaimer.
- *   2. Redistributions in binary form must reproduce the above copyright
- *      notice, this list of conditions and the following disclaimer in the
- *      documentation and/or other materials provided with the distribution.
- *   3. The names of the copyright holders may not be used to endorse or
- *      promote products derived from this software without specific
- *      prior written permission.
- * 
- *   THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- *   INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- *   AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
- *   THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- *   EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- *   PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
- *   OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- *   WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- *   OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- *   ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- * $Vendor: key.h,v 1.2 2005/04/01 16:47:31 dugsong Exp $
- */
-
-#ifndef KEY_H
-#define KEY_H
-
-enum key_type {
-	KEY_UNSPEC,
-	KEY_RSA,
-	KEY_DSA
-};
-
-struct key {
-	int	 type;
-	void	*data;
-};
-
-struct key	*key_new(void);
-int		 key_load_public(struct key *k, char *filename);
-int		 key_load_private(struct key *k, char *filename);
-int		 key_sign(struct key *k, u_char *msg, int mlen,
-	             u_char *sig, int slen);
-int		 key_verify(struct key *k, u_char *msg, int mlen,
-	             u_char *sig, int slen);
-void		 key_free(struct key *k);
-
-#endif /* KEY_H */
diff --git a/src/usr.bin/gzsig/sign.c b/src/usr.bin/gzsig/sign.c
deleted file mode 100644
index 7795a85..0000000
--- a/src/usr.bin/gzsig/sign.c
+++ /dev/null
@@ -1,313 +0,0 @@
-/* $OpenBSD: sign.c,v 1.13 2013/03/10 10:36:57 tobias Exp $ */
-
-/*
- * sign.c
- *
- * Copyright (c) 2001 Dug Song <dugsong@arbor.net>
- * Copyright (c) 2001 Arbor Networks, Inc.
- *
- *   Redistribution and use in source and binary forms, with or without
- *   modification, are permitted provided that the following conditions
- *   are met:
- * 
- *   1. Redistributions of source code must retain the above copyright
- *      notice, this list of conditions and the following disclaimer.
- *   2. Redistributions in binary form must reproduce the above copyright
- *      notice, this list of conditions and the following disclaimer in the
- *      documentation and/or other materials provided with the distribution.
- *   3. The names of the copyright holders may not be used to endorse or
- *      promote products derived from this software without specific
- *      prior written permission.
- * 
- *   THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- *   INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- *   AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
- *   THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- *   EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- *   PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
- *   OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- *   WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- *   OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- *   ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- * $Vendor: sign.c,v 1.2 2005/04/01 16:47:31 dugsong Exp $
- */
-
-#include <sys/param.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-
-#include <openssl/ssl.h>
-#include <openssl/evp.h>
-#include <openssl/sha.h>
-
-#include <errno.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <err.h>
-
-#include "extern.h"
-#include "gzip.h"
-#include "key.h"
-#include "util.h"
-
-static char *passphrase_file = NULL;
-
-static int
-embed_signature(struct key *key, FILE *fin, FILE *fout)
-{
-	struct gzip_header gh;
-	struct gzip_xfield *gx;
-	struct gzsig_data *gd;
-	u_char *sig, digest[20], buf[8192];
-	SHA_CTX ctx;
-	int i, siglen;
-	long offset;
-
-	/* Read gzip header. */
-	if (fread((u_char *)&gh, 1, sizeof(gh), fin) != sizeof(gh)) {
-		fprintf(stderr, "Error reading gzip header: %s\n",
-		    strerror(errno));
-		return (-1);
-	}
-	/* Verify gzip header. */
-	if (memcmp(gh.magic, GZIP_MAGIC, sizeof(gh.magic)) != 0) {
-		fprintf(stderr, "Invalid gzip file\n");
-		return (-1);
-	}
-	if (gh.flags & GZIP_FCONT) {
-		fprintf(stderr, "Multi-part gzip files not supported\n");
-		return (-1);
-	}
-	/* Skip over any existing signature. */
-	if (gh.flags & GZIP_FEXTRA) {
-		gx = (struct gzip_xfield *)buf;
-		gd = (struct gzsig_data *)(gx + 1);
-
-		if (fread((u_char *)gx, 1, sizeof(*gx), fin) != sizeof(*gx)) {
-			fprintf(stderr, "Error reading extra field: %s\n",
-			    strerror(errno));
-			return (-1);
-		}
-		if (memcmp(gx->subfield.id, GZSIG_ID, 2) != 0) {
-			fprintf(stderr, "Unknown extra field\n");
-			return (-1);
-		}
-		gx->subfield.len = letoh16(gx->subfield.len);
-		
-		if (gx->subfield.len < sizeof(*gd) ||
-		    gx->subfield.len > sizeof(buf) - sizeof(*gx)) {
-			fprintf(stderr, "Invalid signature length\n");
-			return (-1);
-		}
-		if (fread((u_char *)gd, 1, gx->subfield.len, fin) !=
-		    gx->subfield.len) {
-			fprintf(stderr, "Error reading signature: %s\n",
-			    strerror(errno));
-			return (-1);
-		}
-		fprintf(stderr, "Overwriting existing signature\n");
-	}
-	/* Skip over any options. */
-	offset = ftell(fin);
-
-	if (gh.flags & GZIP_FNAME) {
-		if (skip_string(fin))
-			return (-1);
-	}
-	if (gh.flags & GZIP_FCOMMENT) {
-		if (skip_string(fin))
-			return (-1);
-	}
-	if (gh.flags & GZIP_FENCRYPT) {
-		if (fread(buf, 1, GZIP_FENCRYPT_LEN, fin) != GZIP_FENCRYPT_LEN)
-			return (-1);
-	}
-	/* Compute checksum over compressed data and trailer. */
-	SHA1_Init(&ctx);
-	
-	while ((i = fread(buf, 1, sizeof(buf), fin)) > 0) {
-		SHA1_Update(&ctx, buf, i);
-	}
-	SHA1_Final(digest, &ctx);
-	
-	/* Generate signature. */
-	gx = (struct gzip_xfield *)buf;
-	gd = (struct gzsig_data *)(gx + 1);
-	sig = (u_char *)(gd + 1);
-	
-	siglen = key_sign(key, digest, sizeof(digest), sig,
-	    sizeof(buf) - (sig - buf));
-	
-	if (siglen < 0) {
-		fprintf(stderr, "Error signing checksum\n");
-		return (-1);
-	}
-	i = sizeof(*gd) + siglen;
-	gx->subfield.len = htole16(i);
-	gx->len = htole16(sizeof(gx->subfield) + i);
-	memcpy(gx->subfield.id, GZSIG_ID, sizeof(gx->subfield.id));
-	gd->version = GZSIG_VERSION;
-	
-	/* Write out gzip header. */
-	gh.flags |= GZIP_FEXTRA;
-
-	if (fwrite((u_char *)&gh, 1, sizeof(gh), fout) != sizeof(gh)) {
-		fprintf(stderr, "Error writing output: %s\n", strerror(errno));
-		return (-1);
-	}
-	/* Write out signature. */
-	if (fwrite(buf, 1, sizeof(*gx) + i, fout) != sizeof(*gx) + i) {
-		fprintf(stderr, "Error writing output: %s\n", strerror(errno));
-		return (-1);
-	}
-	/* Write out options, compressed data, and trailer. */
-	if (fseek(fin, offset, SEEK_SET) < 0) {
-		fprintf(stderr, "Error writing output: %s\n", strerror(errno));
-		return (-1);
-	}
-	while ((i = fread(buf, 1, sizeof(buf), fin)) > 0) {		
-		if (fwrite(buf, 1, i, fout) != i) {
-			fprintf(stderr, "Error writing output: %s\n",
-			    strerror(errno));
-			return (-1);
-		}
-	}
-	if (ferror(fin)) {
-		fprintf(stderr, "Error reading input: %s\n", strerror(errno));
-		return (-1);
-	}
-	return (0);
-}
-
-void
-sign_usage(void)
-{
-	fprintf(stderr, "usage: %s sign [-q | -v] [-f secret_file] privkey "
-	    "[file ...]\n", __progname);
-}
-
-int
-sign_passwd_cb(char *buf, int size, int rwflag, void *u)
-{
-	char *p;
-	FILE *f;
-
-	if (passphrase_file != NULL) {
-		if ((f = fopen(passphrase_file, "r")) == NULL)
-			err(1, "fopen(%.64s)", passphrase_file);
-		if (fgets(buf, size, f) == NULL)
-			err(1, "fgets(%.64s)", passphrase_file);
-		fclose(f);
-		buf[strcspn(buf, "\n")] = '\0';
-	} else {
-		p = getpass("Enter passphrase: ");
-		if (strlcpy(buf, p, size) >= size)
-			errx(1, "Passphrase too long");
-		memset(p, 0, strlen(p));
-	}
-
-	return (strlen(buf));
-}
-
-void
-sign(int argc, char *argv[])
-{
-	struct key *key;
-	char *gzipfile, tmppath[MAXPATHLEN];
-	FILE *fin, *fout;
-	int i, fd, error, qflag;
-
-	qflag = 0;
-	
-	while ((i = getopt(argc, argv, "qvf:")) != -1) {
-		switch (i) {
-		case 'q':
-			qflag = 1;
-			break;
-		case 'v':
-			qflag = 0;
-			break;
-		case 'f':
-			passphrase_file = optarg;
-			break;
-		default:
-			sign_usage();
-			exit(1);
-		}
-	}
-	argc -= optind;
-	argv += optind;
-
-	if (argc < 1) {
-		sign_usage();
-		exit(1);
-	}
-	OpenSSL_add_all_algorithms();
-	
-	if ((key = key_new()) == NULL)
-		fatal(1, "Couldn't initialize private key");
-	
-	if (key_load_private(key, argv[0]) < 0)
-		fatal(1, "Couldn't load private key");
-	
-	if (argc == 1 || *argv[1] == '-') {
-		argc = 0;
-		
-		if (embed_signature(key, stdin, stdout) == 0) {
-			if (!qflag)
-				fprintf(stderr, "Signed input\n");
-		} else
-			fatal(1, "Couldn't sign input");
-	}
-	for (i = 1; i < argc; i++) {
-		gzipfile = argv[i];
-
-		if ((fin = fopen(gzipfile, "r+")) == NULL) {
-			fprintf(stderr,  "Error opening %s: %s\n",
-			    gzipfile, strerror(errno));
-			continue;
-		}
-		snprintf(tmppath, sizeof(tmppath), "%s.XXXXXX", gzipfile);
-		
-		if ((fd = mkstemp(tmppath)) < 0) {
-			fprintf(stderr, "Error creating %s: %s\n",
-			    tmppath, strerror(errno));
-			fclose(fin);
-			continue;
-		}
-		if ((fout = fdopen(fd, "w")) == NULL) {
-			fprintf(stderr, "Error opening %s: %s\n",
-			    tmppath, strerror(errno));
-			fclose(fin);
-			close(fd);
-			continue;
-		}
-		if (copy_permissions(fileno(fin), fd) < 0) {
-			fprintf(stderr, "Error initializing %s: %s\n",
-			    tmppath, strerror(errno));
-			fclose(fin);
-			fclose(fout);
-			continue;
-		}
-		error = embed_signature(key, fin, fout);
-		
-		fclose(fin);
-		fclose(fout);
-
-		if (!error) {
-			if (rename(tmppath, gzipfile) < 0) {
-				unlink(tmppath);
-				fatal(1, "Couldn't sign %s", gzipfile);
-			}
-			if (!qflag)
-				fprintf(stderr, "Signed %s\n", gzipfile);
-		} else {
-			unlink(tmppath);
-			fatal(1, "Couldn't sign %s", gzipfile);
-		}
-	}
-	key_free(key);
-}
diff --git a/src/usr.bin/gzsig/ssh.c b/src/usr.bin/gzsig/ssh.c
deleted file mode 100644
index e791141..0000000
--- a/src/usr.bin/gzsig/ssh.c
+++ /dev/null
@@ -1,345 +0,0 @@
-/* $OpenBSD: ssh.c,v 1.3 2014/04/16 05:16:39 miod Exp $ */
-
-/*
- * ssh.c
- *
- * Copyright (c) 2001 Dug Song <dugsong@monkey.org>
- * Copyright (c) 2000 Niels Provos <provos@monkey.org>
- * Copyright (c) 2000 Markus Friedl <markus@monkey.org>
- *
- *   Redistribution and use in source and binary forms, with or without
- *   modification, are permitted provided that the following conditions
- *   are met:
- * 
- *   1. Redistributions of source code must retain the above copyright
- *      notice, this list of conditions and the following disclaimer.
- *   2. Redistributions in binary form must reproduce the above copyright
- *      notice, this list of conditions and the following disclaimer in the
- *      documentation and/or other materials provided with the distribution.
- *   3. The names of the copyright holders may not be used to endorse or
- *      promote products derived from this software without specific
- *      prior written permission.
- * 
- *   THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- *   INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- *   AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
- *   THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- *   EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- *   PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
- *   OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- *   WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- *   OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- *   ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- * $Vendor: ssh.c,v 1.2 2005/04/01 16:47:31 dugsong Exp $
- */
-
-#include <sys/types.h>
-#include <sys/uio.h>
-
-#include <arpa/nameser.h>
-#include <openssl/ssl.h>
-#include <openssl/des.h>
-#include <openssl/md5.h>
-
-#include <errno.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-
-#include "key.h"
-#include "ssh.h"
-
-#define SSH1_MAGIC		"SSH PRIVATE KEY FILE FORMAT 1.1\n"
-
-extern int sign_passwd_cb(char *, int, int, void *);
-
-struct des3_state {
-	DES_key_schedule	k1, k2, k3;
-	DES_cblock		iv1, iv2, iv3;
-};
-
-static int
-get_bn(BIGNUM *bn, u_char **pp, int *lenp)
-{
-	short i;
-
-	if (*lenp < 2) {
-		errno = EINVAL;
-		return (-1);
-	}
-	GETSHORT(i, *pp); *lenp -= 2;
-
-	i = ((i + 7) / 8);
-
-	if (*lenp < i) {
-		errno = EINVAL;
-		return (-1);
-	}
-	BN_bin2bn(*pp, i, bn);
-	
-	*pp += i; *lenp -= i;
-
-	return (0);
-}
-
-static int
-get_string(char *dst, int len, u_char **pp, int *lenp)
-{
-	long i;
-	
-	if (*lenp < 4) {
-		errno = EINVAL;
-		return (-1);
-	}
-	GETLONG(i, *pp); *lenp -= 4;
-
-	if (*lenp < i || len < i) {
-		errno = EINVAL;
-		return (-1);
-	}
-	memcpy(dst, *pp, i);
-
-	*pp += i; *lenp -= i;
-
-	return (0);
-}
-
-static int
-read_ssh1_bn(BIGNUM *value, char **cpp)
-{
-	char *cp = *cpp;
-	int old;
-	
-	/* Skip any leading whitespace. */
-	for (; *cp == ' ' || *cp == '\t'; cp++)
-		;
-	
-	/* Check that it begins with a decimal digit. */
-	if (*cp < '0' || *cp > '9') {
-		errno = EINVAL;
-		return (-1);
-	}
-	/* Save starting position. */
-	*cpp = cp;
-	
-	/* Move forward until all decimal digits skipped. */
-	for (; *cp >= '0' && *cp <= '9'; cp++)
-		;
-	
-	/* Save the old terminating character, and replace it by \0. */
-	old = *cp;
-	*cp = 0;
-	
-	/* Parse the number. */
-	if (BN_dec2bn(&value, *cpp) == 0)
-		return (-1);
-	
-	/* Restore old terminating character. */
-	*cp = old;
-	
-	/* Move beyond the number and return success. */
-	*cpp = cp;
-	return (0);
-}
-
-/* XXX - SSH1's weirdo 3DES... */
-static void *
-des3_init(u_char *sesskey, int len)
-{
-	struct des3_state *state;
-	
-	if ((state = malloc(sizeof(*state))) == NULL)
-		return (NULL);
-
-	DES_set_key((const_DES_cblock *)sesskey, &state->k1);
-	DES_set_key((const_DES_cblock *)(sesskey + 8), &state->k2);
-
-	if (len <= 16)
-		DES_set_key((const_DES_cblock *)sesskey, &state->k3);
-	else
-		DES_set_key((const_DES_cblock *)(sesskey + 16), &state->k3);
-	
-	memset(state->iv1, 0, 8);
-	memset(state->iv2, 0, 8);
-	memset(state->iv3, 0, 8);
-	
-	return (state);
-}
-
-static void
-des3_decrypt(u_char *src, u_char *dst, int len, void *state)
-{
-	struct des3_state *dstate;
-	
-	dstate = (struct des3_state *)state;
-	memcpy(dstate->iv1, dstate->iv2, 8);
-	
-	DES_ncbc_encrypt(src, dst, len, &dstate->k3, &dstate->iv3, DES_DECRYPT);
-	DES_ncbc_encrypt(dst, dst, len, &dstate->k2, &dstate->iv2, DES_ENCRYPT);
-	DES_ncbc_encrypt(dst, dst, len, &dstate->k1, &dstate->iv1, DES_DECRYPT);
-}
-
-static int
-load_ssh1_public(RSA *rsa, struct iovec *iov)
-{
-	char *p;
-	u_int bits;
-
-	/* Skip leading whitespace. */
-	for (p = iov->iov_base; *p == ' ' || *p == '\t'; p++)
-		;
-
-	/* Get number of bits. */
-	if (*p < '0' || *p > '9')
-		return (-1);
-	
-	for (bits = 0; *p >= '0' && *p <= '9'; p++)
-		bits = 10 * bits + *p - '0';
-
-	if (bits == 0)
-		return (-1);
-	
-	/* Get public exponent, public modulus. */
-	if (read_ssh1_bn(rsa->e, &p) < 0)
-		return (-1);
-		
-	if (read_ssh1_bn(rsa->n, &p) < 0)
-		return (-1);
-
-	return (0);
-}
-
-static int
-load_ssh1_private(RSA *rsa, struct iovec *iov)
-{
-	BN_CTX *ctx;
-	BIGNUM *aux;
-	MD5_CTX md;
-	char pass[128], comment[BUFSIZ];
-	u_char *p, cipher_type, digest[16];
-	void *dstate;
-	int i;
-
-	i = strlen(SSH1_MAGIC) + 1;
-
-	/* Make sure it begins with the id string. */
-	if (iov->iov_len < i || memcmp(iov->iov_base, SSH1_MAGIC, i) != 0)
-		return (-1);
-	
-	p = (u_char *)iov->iov_base + i;
-	i = iov->iov_len - i;
-	
-	/* Skip cipher_type, reserved data, bits. */
-	cipher_type = *p;
-	p += 1 + 4 + 4;
-	i -= 1 + 4 + 4;
-
-	/* Read public key. */
-	if (get_bn(rsa->n, &p, &i) < 0 || get_bn(rsa->e, &p, &i) < 0)
-		return (-1);
-	
-	/* Read comment. */
-	if (get_string(comment, sizeof(comment), &p, &i) < 0)
-		return (-1);
-	
-	/* Decrypt private key. */
-	if (cipher_type != 0) {
-		sign_passwd_cb(pass, sizeof(pass), 0, NULL);
-
-		MD5_Init(&md);
-		MD5_Update(&md, (const u_char *)pass, strlen(pass));
-		MD5_Final(digest, &md);
-		
-		memset(pass, 0, strlen(pass));
-		
-		if ((dstate = des3_init(digest, sizeof(digest))) == NULL)
-			return (-1);
-		
-		des3_decrypt(p, p, i, dstate);
-
-		if (p[0] != p[2] || p[1] != p[3]) {
-			fprintf(stderr, "Bad passphrase for %s\n", comment);
-			return (-1);
-		}
-	}
-	else if (p[0] != p[2] || p[1] != p[3])
-		return (-1);
-	
-	p += 4;
-	i -= 4;
-	
-	/* Read the private key. */
-	if (get_bn(rsa->d, &p, &i) < 0 ||
-	    get_bn(rsa->iqmp, &p, &i) < 0)
-		return (-1);
-	
-	/* In SSL and SSH v1 p and q are exchanged. */
-	if (get_bn(rsa->q, &p, &i) < 0 ||
-	    get_bn(rsa->p, &p, &i) < 0)
-		return (-1);
-	
-	/* Calculate p-1 and q-1. */
-	ctx = BN_CTX_new();
-	aux = BN_new();
-
-	BN_sub(aux, rsa->q, BN_value_one());
-	BN_mod(rsa->dmq1, rsa->d, aux, ctx);
-
-	BN_sub(aux, rsa->p, BN_value_one());
-	BN_mod(rsa->dmp1, rsa->d, aux, ctx);
-
-	BN_clear_free(aux);
-	BN_CTX_free(ctx);
-	
-	return (0);
-}
-
-int
-ssh_load_public(struct key *k, struct iovec *iov)
-{
-	RSA *rsa;
-	
-	rsa = RSA_new();
-
-	rsa->n = BN_new();
-	rsa->e = BN_new();
-
-	if (load_ssh1_public(rsa, iov) < 0) {
-		RSA_free(rsa);
-		return (-1);
-	}
-	k->type = KEY_RSA;
-	k->data = (void *)rsa;
-	
-	return (0);
-}
-
-int
-ssh_load_private(struct key *k, struct iovec *iov)
-{
-	RSA *rsa;
-	
-	rsa = RSA_new();
-
-	rsa->n = BN_new();
-	rsa->e = BN_new();
-	
-	rsa->d = BN_new();
-	rsa->iqmp = BN_new();
-	rsa->q = BN_new();
-	rsa->p = BN_new();
-	rsa->dmq1 = BN_new();
-	rsa->dmp1 = BN_new();
-	
-	if (load_ssh1_private(rsa, iov) < 0) {
-		RSA_free(rsa);
-		return (-1);
-
-	}
-	k->type = KEY_RSA;
-	k->data = (void *)rsa;
-	
-	return (0);
-}
diff --git a/src/usr.bin/gzsig/ssh.h b/src/usr.bin/gzsig/ssh.h
deleted file mode 100644
index 19c1d8a..0000000
--- a/src/usr.bin/gzsig/ssh.h
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * ssh.h
- *
- * Copyright (c) 2001 Dug Song <dugsong@monkey.org>
- *
- *   Redistribution and use in source and binary forms, with or without
- *   modification, are permitted provided that the following conditions
- *   are met:
- * 
- *   1. Redistributions of source code must retain the above copyright
- *      notice, this list of conditions and the following disclaimer.
- *   2. Redistributions in binary form must reproduce the above copyright
- *      notice, this list of conditions and the following disclaimer in the
- *      documentation and/or other materials provided with the distribution.
- *   3. The names of the copyright holders may not be used to endorse or
- *      promote products derived from this software without specific
- *      prior written permission.
- * 
- *   THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- *   INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- *   AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
- *   THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- *   EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- *   PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
- *   OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- *   WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- *   OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- *   ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- * $Vendor: ssh.h,v 1.2 2005/04/01 16:47:31 dugsong Exp $
- */
-
-#ifndef SSH_H
-#define SSH_H
-
-int	ssh_load_public(struct key *k, struct iovec *iov);
-int	ssh_load_private(struct key *k, struct iovec *iov);
-
-#endif /* SSH_H */
diff --git a/src/usr.bin/gzsig/ssh2.c b/src/usr.bin/gzsig/ssh2.c
deleted file mode 100644
index c022a06..0000000
--- a/src/usr.bin/gzsig/ssh2.c
+++ /dev/null
@@ -1,223 +0,0 @@
-/* $OpenBSD: ssh2.c,v 1.4 2014/07/07 17:02:22 bluhm Exp $ */
-/*
- * ssh2.c
- *
- * Copyright (c) 2005 Marius Eriksen <marius@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include <sys/types.h>
-#include <sys/uio.h>
-
-#include <netinet/in.h>
-#include <arpa/nameser.h>
-#include <openssl/ssl.h>
-#include <openssl/des.h>
-#include <openssl/md5.h>
-
-#include <errno.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <resolv.h>
-#include <err.h>
-
-#include "key.h"
-#include "ssh2.h"
-
-#define GET_32BIT(cp) (((u_long)(u_char)(cp)[0] << 24) | \
-		       ((u_long)(u_char)(cp)[1] << 16) | \
-		       ((u_long)(u_char)(cp)[2] << 8) | \
-		       ((u_long)(u_char)(cp)[3]))
-
-/* From OpenSSH */
-static int
-_uudecode(const char *src, u_char *target, size_t targsize)
-{
-	int len;
-	char *encoded, *p;
-
-	/* copy the 'readonly' source */
-	if ((encoded = strdup(src)) == NULL)
-		err(1, "strdup");
-	/* skip whitespace and data */
-	for (p = encoded; *p == ' ' || *p == '\t'; p++)
-		;
-	for (; *p != '\0' && *p != ' ' && *p != '\t'; p++)
-		;
-	/* and remove trailing whitespace because __b64_pton needs this */
-	*p = '\0';
-	len = __b64_pton(encoded, target, targsize);
-
-	free(encoded);
-
-	return len;
-}
-
-/*
- * Small compatibility layer for the OpenSSH buffers.  Only what we
- * need here.
- */
-
-static int
-_keyfromstr(char *str, int len)
-{
-	if (strncmp(str, "rsa", len) == 0 ||
-	    strncmp(str, "ssh-rsa", len) == 0)
-		return KEY_RSA;
-	else if (strncmp(str, "dsa", len) == 0 ||
-	    strncmp(str, "ssh-dss", len) == 0)
-		return KEY_DSA;
-
-	return (-1);
-}
-
-static int
-_read_int(struct iovec *iov, int *ival)
-{
-	if (iov->iov_len < 4)
-		return (-1);
-	iov->iov_len -= 4;
-	*ival = GET_32BIT((u_char *)iov->iov_base);
-	iov->iov_base = (u_char*)iov->iov_base + 4;
-
-	return (0);
-}
-
-static int
-_read_opaque(struct iovec *iov, u_char **buf, int *len)
-{
-	if (_read_int(iov, len) < 0 || *len < 0)
-		return (-1);
-
-	if (iov->iov_len < (size_t)*len)
-		return (-1);
-	iov->iov_len -= *len;
-
-	*buf = iov->iov_base;
-	iov->iov_base = (u_char*)iov->iov_base + *len;
-
-	return (0);
-}
-
-static int
-_read_bignum(struct iovec *iov, BIGNUM *bn)
-{
-	u_char *bp;
-	int blen;
-
-	if (_read_opaque(iov, &bp, &blen) < 0)
-		return (-1);
-
-	if ((blen > 0 && bp[0] & 0x80) ||  /* No negative values */
-	    (blen > 8*1024))		   /* Too large */
-		return (-1);
-
-	BN_bin2bn(bp, blen, bn);
-
-	return (0);
-}
-
-int
-ssh2_load_public(struct key *k, struct iovec *iovp)
-{
-	int len, keytype, error = 0;
-	u_char *bp;
-	struct iovec iov;
-	/* iov->iov_base is NULL terminated */
-	char *cp0, *savep = NULL, *cp = iovp->iov_base;
-
-	if ((cp0 = strchr(cp, ' ')) == NULL)
-		return (-1);
-
-	len = cp0 - cp;
-
-	if ((keytype = _keyfromstr(cp, len)) < 0)
-		return (-1);
-
-	/* cp0 is a space (' '), so we have at least one more */
-	cp = cp0 + 1;
-
-	len = 2*strlen(cp);
-	if ((savep = iov.iov_base = malloc(len)) == NULL)
-		err(1, "malloc(%d)", len);
-	iov.iov_len = _uudecode(cp, iov.iov_base, len);
-
-	if (_read_opaque(&iov, &bp, &len) < 0 ||
-	    keytype != _keyfromstr(bp, len)) {
-		error = -1;
-		goto out;
-	}
-
-	k->type = keytype;
-	switch (keytype) {
-	case KEY_RSA: {
-		RSA *rsa;
-
-		if ((rsa = RSA_new()) == NULL ||
-		    (rsa->e = BN_new()) == NULL ||
-		    (rsa->n = BN_new()) == NULL)
-			errx(1, "BN_new");
-
-		if (_read_bignum(&iov, rsa->e) < 0 ||
-		    _read_bignum(&iov, rsa->n) < 0) {
-			error = -1;
-			RSA_free(rsa);
-			goto out;
-		}
-
-		k->data = (void *)rsa;
-
-		break;
-	}
-	case KEY_DSA: {
-		DSA *dsa;
-
-		if ((dsa = DSA_new()) == NULL ||
-		    (dsa->p = BN_new()) == NULL ||
-		    (dsa->q = BN_new()) == NULL ||
-		    (dsa->g = BN_new()) == NULL ||
-		    (dsa->pub_key = BN_new()) == NULL)
-			errx(1, "BN_new");
-
-		if (_read_bignum(&iov, dsa->p) < 0 ||
-		    _read_bignum(&iov, dsa->q) < 0 ||
-		    _read_bignum(&iov, dsa->g) < 0 ||
-		    _read_bignum(&iov, dsa->pub_key) < 0) {
-			error = -1;
-			DSA_free(dsa);
-			goto out;
-		}
-
-		k->data = (void *)dsa;
-
-		break;
-	}
-	default:
-		error = -1;
-	}
-
-#if 0
-	if (iov->iov_len != 0)
-		/* Sanity check. */
-		return (-1);
-#endif
-
-
-out:
-	if (savep != NULL)
-		free(savep);
-	return (error);
-}
diff --git a/src/usr.bin/gzsig/ssh2.h b/src/usr.bin/gzsig/ssh2.h
deleted file mode 100644
index d703822..0000000
--- a/src/usr.bin/gzsig/ssh2.h
+++ /dev/null
@@ -1,29 +0,0 @@
-/* $OpenBSD: ssh2.h,v 1.1.1.1 2005/05/28 01:57:30 marius Exp $ */
-/*
- * ssh2.h
- *
- * Copyright (c) 2005 Marius Eriksen <marius@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#ifndef SSH2_H
-#define SSH2_H
-
-int ssh2_load_public(struct key *k, struct iovec *iovp);
-
-#endif /* SSH2_H */
-
-
-
-
diff --git a/src/usr.bin/gzsig/util.c b/src/usr.bin/gzsig/util.c
deleted file mode 100644
index 0a3d734..0000000
--- a/src/usr.bin/gzsig/util.c
+++ /dev/null
@@ -1,88 +0,0 @@
-/* $OpenBSD: util.c,v 1.4 2013/03/10 10:36:57 tobias Exp $ */
-
-/*
- * util.c
- *
- * Copyright (c) 2001 Dug Song <dugsong@arbor.net>
- * Copyright (c) 2001 Arbor Networks, Inc.
- *
- *   Redistribution and use in source and binary forms, with or without
- *   modification, are permitted provided that the following conditions
- *   are met:
- * 
- *   1. Redistributions of source code must retain the above copyright
- *      notice, this list of conditions and the following disclaimer.
- *   2. Redistributions in binary form must reproduce the above copyright
- *      notice, this list of conditions and the following disclaimer in the
- *      documentation and/or other materials provided with the distribution.
- *   3. The names of the copyright holders may not be used to endorse or
- *      promote products derived from this software without specific
- *      prior written permission.
- * 
- *   THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- *   INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- *   AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
- *   THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- *   EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- *   PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
- *   OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- *   WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- *   OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- *   ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- * $Vendor: util.c,v 1.2 2005/04/01 16:47:31 dugsong Exp $
- */
-
-#include <sys/types.h>
-#include <sys/stat.h>
-
-#include <errno.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <stdarg.h>
-#include <string.h>
-#include <unistd.h>
-
-#include "util.h"
-
-int
-copy_permissions(int srcfd, int dstfd)
-{
-	struct stat st;
-
-	if (fstat(srcfd, &st) < 0)
-		return (-1);
-
-	if (fchown(dstfd, st.st_uid, st.st_gid) < 0)
-		return (-1);
-
-	if (fchmod(dstfd, st.st_mode) < 0)
-		return (-1);
-
-	return (0);
-}
-
-int
-skip_string(FILE *fin)
-{
-	int c;
-
-	while ((c = getc(fin)) != '\0')
-		if (c == EOF)
-			return (-1);
-	return (0);
-}
-
-void
-fatal(int status, const char *fmt, ...)
-{
-	va_list ap;
-
-	va_start(ap, fmt);
-	vfprintf(stderr, fmt, ap);
-	va_end(ap);
-
-	fprintf(stderr, "\n");
-
-	exit(status);
-}
diff --git a/src/usr.bin/gzsig/util.h b/src/usr.bin/gzsig/util.h
deleted file mode 100644
index 66e2870..0000000
--- a/src/usr.bin/gzsig/util.h
+++ /dev/null
@@ -1,41 +0,0 @@
-/* $OpenBSD: util.h,v 1.4 2013/03/10 10:36:57 tobias Exp $ */
-/*
- * util.h
- *
- * Copyright (c) 2001 Dug Song <dugsong@arbor.net>
- * Copyright (c) 2001 Arbor Networks, Inc.
- *
- *   Redistribution and use in source and binary forms, with or without
- *   modification, are permitted provided that the following conditions
- *   are met:
- * 
- *   1. Redistributions of source code must retain the above copyright
- *      notice, this list of conditions and the following disclaimer.
- *   2. Redistributions in binary form must reproduce the above copyright
- *      notice, this list of conditions and the following disclaimer in the
- *      documentation and/or other materials provided with the distribution.
- *   3. The names of the copyright holders may not be used to endorse or
- *      promote products derived from this software without specific
- *      prior written permission.
- * 
- *   THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- *   INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- *   AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
- *   THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- *   EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- *   PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
- *   OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- *   WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- *   OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- *   ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- * $Vendor: util.h,v 1.2 2005/04/01 16:47:31 dugsong Exp $
- */
-
-#ifndef UTIL_H
-
-int		copy_permissions(int srcfd, int dstfd);
-int		skip_string(FILE *fin);
-void		fatal(int status, const char *fmt, ...);
-
-#endif /* UTIL_H */
diff --git a/src/usr.bin/gzsig/verify.c b/src/usr.bin/gzsig/verify.c
deleted file mode 100644
index f0e9373..0000000
--- a/src/usr.bin/gzsig/verify.c
+++ /dev/null
@@ -1,216 +0,0 @@
-/* $OpenBSD: verify.c,v 1.10 2013/03/10 10:36:57 tobias Exp $ */
-
-/*
- * verify.c
- *
- * Copyright (c) 2001 Dug Song <dugsong@arbor.net>
- * Copyright (c) 2001 Arbor Networks, Inc.
- *
- *   Redistribution and use in source and binary forms, with or without
- *   modification, are permitted provided that the following conditions
- *   are met:
- * 
- *   1. Redistributions of source code must retain the above copyright
- *      notice, this list of conditions and the following disclaimer.
- *   2. Redistributions in binary form must reproduce the above copyright
- *      notice, this list of conditions and the following disclaimer in the
- *      documentation and/or other materials provided with the distribution.
- *   3. The names of the copyright holders may not be used to endorse or
- *      promote products derived from this software without specific
- *      prior written permission.
- * 
- *   THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- *   INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- *   AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
- *   THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- *   EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- *   PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
- *   OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- *   WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- *   OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- *   ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- * $Vendor: verify.c,v 1.3 2005/04/07 23:19:35 dugsong Exp $
- */
-
-#include <sys/types.h>
-
-#include <openssl/ssl.h>
-#include <openssl/evp.h>
-#include <openssl/sha.h>
-
-#include <errno.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-
-#include "extern.h"
-#include "gzip.h"
-#include "key.h"
-#include "util.h"
-
-static int
-verify_signature(struct key *key, FILE *fin)
-{
-	struct gzip_header gh;
-	struct gzip_xfield *gx;
-	struct gzsig_data *gd;
-	u_char *sig, digest[20], buf[8192], sbuf[4096];
-	SHA_CTX ctx;
-	int i, siglen;
-
-	/* Read gzip header. */
-	if ((i = fread((u_char *)&gh, 1, sizeof(gh), fin)) != sizeof(gh)) {
-		fprintf(stderr, "Error reading gzip header: %s\n",
-		    strerror(errno));
-		return (-1);
-	}
-	/* Verify gzip header. */
-	if (memcmp(gh.magic, GZIP_MAGIC, sizeof(gh.magic)) != 0) {
-		fprintf(stderr, "Invalid gzip file\n");
-		return (-1);
-	} else if (gh.flags & GZIP_FCONT){
-		fprintf(stderr, "Multi-part gzip files not supported\n");
-		return (-1);
-	} else if ((gh.flags & GZIP_FEXTRA) == 0) {
-		fprintf(stderr, "No gzip signature found\n");
-		return (-1);
-	}
-	/* Read signature. */
-	gx = (struct gzip_xfield *)buf;
-	
-	if ((i = fread((u_char *)gx, 1, sizeof(*gx), fin)) != sizeof(*gx)) {
-		fprintf(stderr, "Error reading extra field: %s\n",
-		    strerror(errno));
-		return (-1);
-	}
-	if (memcmp(gx->subfield.id, GZSIG_ID, sizeof(gx->subfield.id)) != 0) {
-		fprintf(stderr, "Unknown extra field\n");
-		return (-1);
-	}
-	gx->subfield.len = letoh16(gx->subfield.len);
-
-	if (gx->subfield.len <= 0 || gx->subfield.len > sizeof(sbuf)) {
-		fprintf(stderr, "Invalid signature length\n");
-		return (-1);
-	}
-	gd = (struct gzsig_data *)sbuf;
-	
-	if ((i = fread((u_char *)gd, 1, gx->subfield.len, fin)) !=
-	    gx->subfield.len) {
-		fprintf(stderr, "Error reading signature: %s\n",
-		    strerror(errno));
-		return (-1);
-	}
-	/* Skip over any options. */
-	if (gh.flags & GZIP_FNAME) {
-		if (skip_string(fin))
-			return (-1);
-	}
-	if (gh.flags & GZIP_FCOMMENT) {
-		if (skip_string(fin))
-			return (-1);
-	}
-	if (gh.flags & GZIP_FENCRYPT &&
-	    fread(buf, 1, GZIP_FENCRYPT_LEN, fin) != GZIP_FENCRYPT_LEN)
-		return (-1);
-	
-	/* Check signature version. */
-	if (gd->version != GZSIG_VERSION) {
-		fprintf(stderr, "Unknown signature version: %d\n",
-		    gd->version);
-		return (-1);
-	}
-	/* Compute SHA1 checksum over compressed data and trailer. */
-	sig = (u_char *)(gd + 1);
-	siglen = gx->subfield.len - sizeof(*gd);
-
-	SHA1_Init(&ctx);
-	
-	while ((i = fread(buf, 1, sizeof(buf), fin)) > 0) {
-		SHA1_Update(&ctx, buf, i);
-	}
-	SHA1_Final(digest, &ctx);
-	
-	/* Verify signature. */
-	if (key_verify(key, digest, sizeof(digest), sig, siglen) < 0) {
-		fprintf(stderr, "Error verifying signature\n");
-		return (-1);
-	}
-	return (0);
-}
-
-void
-verify_usage(void)
-{
-	fprintf(stderr, "usage: %s verify [-q | -v] [-f secret_file] pubkey "
-	    "[file ...]\n", __progname);
-}
-
-void
-verify(int argc, char *argv[])
-{
-	struct key *key;
-	char *gzipfile;
-	FILE *fin;
-	int i, error, qflag;
-
-	qflag = 0;
-	
-	while ((i = getopt(argc, argv, "qv")) != -1) {
-		switch (i) {
-		case 'q':
-			qflag = 1;
-			break;
-		case 'v':
-			qflag = 0;
-			break;
-		default:
-			verify_usage();
-			exit(1);
-		}
-	}
-	argc -= optind;
-	argv += optind;
-
-	if (argc < 1) {
-		verify_usage();
-		exit(1);
-	}
-	OpenSSL_add_all_algorithms();
-	
-	if ((key = key_new()) == NULL)
-		fatal(1, "Can't initialize public key");
-	
-	if (key_load_public(key, argv[0]) < 0)
-		fatal(1, "Can't load public key");
-
-	if (argc == 1 || *argv[1] == '-') {
-		argc = 0;
-		
-		if (verify_signature(key, stdin) == 0) {
-			if (!qflag)
-				fprintf(stderr, "Verified input\n");
-		} else
-			fatal(1, "Couldn't verify input");
-	}
-	for (i = 1; i < argc; i++) {
-		gzipfile = argv[i];
-
-		if ((fin = fopen(gzipfile, "r")) == NULL) {
-			fprintf(stderr,  "Couldn't open %s: %s\n",
-			    gzipfile, strerror(errno));
-			continue;
-		}
-		error = verify_signature(key, fin);
-		fclose(fin);
-
-		if (!error) {
-			if (!qflag)
-				fprintf(stderr, "Verified %s\n", gzipfile);
-		} else
-			fatal(1, "Couldn't verify %s", gzipfile);
-	}
-	key_free(key);
-}
diff --git a/src/usr.bin/gzsig/x509.c b/src/usr.bin/gzsig/x509.c
deleted file mode 100644
index 99dcc52..0000000
--- a/src/usr.bin/gzsig/x509.c
+++ /dev/null
@@ -1,137 +0,0 @@
-/* $OpenBSD: x509.c,v 1.2 2005/05/28 08:07:45 marius Exp $ */
-
-/*
- * x509.c
- *
- * Copyright (c) 2001 Dug Song <dugsong@arbor.net>
- * Copyright (c) 2001 Arbor Networks, Inc.
- *
- *   Redistribution and use in source and binary forms, with or without
- *   modification, are permitted provided that the following conditions
- *   are met:
- * 
- *   1. Redistributions of source code must retain the above copyright
- *      notice, this list of conditions and the following disclaimer.
- *   2. Redistributions in binary form must reproduce the above copyright
- *      notice, this list of conditions and the following disclaimer in the
- *      documentation and/or other materials provided with the distribution.
- *   3. The names of the copyright holders may not be used to endorse or
- *      promote products derived from this software without specific
- *      prior written permission.
- * 
- *   THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- *   INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- *   AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
- *   THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- *   EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- *   PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
- *   OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- *   WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- *   OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- *   ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- * $Vendor: x509.c,v 1.2 2005/04/01 16:47:31 dugsong Exp $
- */
-
-#include <sys/types.h>
-#include <sys/uio.h>
-
-#include <openssl/ssl.h>
-
-#include <stdio.h>
-#include <string.h>
-#include <unistd.h>
-
-#include "key.h"
-#include "extern.h"
-#include "x509.h"
-
-#define X509_CERT_MAGIC	"-----BEGIN CERTIFICATE-----"
-#define X509_RSA_MAGIC	"-----BEGIN RSA PRIVATE KEY-----"
-#define X509_DSA_MAGIC	"-----BEGIN DSA PRIVATE KEY-----"
-
-int
-x509_load_public(struct key *k, struct iovec *iov)
-{
-	BIO *bio;
-	X509 *cert;
-	EVP_PKEY *evp;
-	
-	if (strncmp((char *)iov->iov_base, X509_CERT_MAGIC,
-	    strlen(X509_CERT_MAGIC)) != 0)
-		return (-1);
-	
-	if ((bio = BIO_new(BIO_s_mem())) == NULL)
-		return (-1);
-	
-	if (BIO_write(bio, iov->iov_base, iov->iov_len + 1) <= 0) {
-		BIO_free(bio);
-		return (-1);
-	}
-	cert = PEM_read_bio_X509(bio, NULL, NULL, NULL);
-	BIO_free(bio);
-
-	if (cert == NULL)
-		return (-1);
-
-	evp = X509_get_pubkey(cert);
-	
-	if (evp->type == EVP_PKEY_RSA) {
-		k->type = KEY_RSA;
-		k->data = (void *)RSAPublicKey_dup(evp->pkey.rsa);
-	} else if (evp->type == EVP_PKEY_DSA) {
-		k->type = KEY_DSA;
-		k->data = (void *)evp->pkey.dsa;
-		evp->pkey.dsa = NULL;			/* XXX */
-	} else {
-		X509_free(cert);
-		return (-1);
-	}
-	X509_free(cert);
-	
-	return (0);
-}
-
-int
-x509_load_private(struct key *k, struct iovec *iov)
-{
-	BIO *bio;
-	EVP_PKEY *evp;
-	
-	if (strncmp((char *)iov->iov_base, X509_RSA_MAGIC,
-	        strlen(X509_RSA_MAGIC)) != 0 &&
-	    strncmp((char *)iov->iov_base, X509_DSA_MAGIC,
-		strlen(X509_DSA_MAGIC)) != 0) {
-		return (-1);
-	}
-	if ((bio = BIO_new(BIO_s_mem())) == NULL)
-		return (-1);
-	
-	if (BIO_write(bio, iov->iov_base, iov->iov_len + 1) <= 0) {
-		BIO_free(bio);
-		return (-1);
-	}
-
-	evp = PEM_read_bio_PrivateKey(bio, NULL, sign_passwd_cb, NULL);
-
-	BIO_free(bio);
-
-	if (evp == NULL)
-		return (-1);
-
-	if (evp->type == EVP_PKEY_RSA) {
-		k->type = KEY_RSA;
-		k->data = (void *)evp->pkey.rsa;
-		evp->pkey.rsa = NULL;			/* XXX */
-	} else if (evp->type == EVP_PKEY_DSA) {
-		k->type = KEY_DSA;
-		k->data = (void *)evp->pkey.dsa;
-		evp->pkey.dsa = NULL;			/* XXX */
-	} else {
-		EVP_PKEY_free(evp);
-		return (-1);
-	}
-	EVP_PKEY_free(evp);
-	
-	return (0);
-}
diff --git a/src/usr.bin/gzsig/x509.h b/src/usr.bin/gzsig/x509.h
deleted file mode 100644
index 636bbb6..0000000
--- a/src/usr.bin/gzsig/x509.h
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * x509.h
- *
- * Copyright (c) 2001 Dug Song <dugsong@arbor.net>
- * Copyright (c) 2001 Arbor Networks, Inc.
- *
- *   Redistribution and use in source and binary forms, with or without
- *   modification, are permitted provided that the following conditions
- *   are met:
- * 
- *   1. Redistributions of source code must retain the above copyright
- *      notice, this list of conditions and the following disclaimer.
- *   2. Redistributions in binary form must reproduce the above copyright
- *      notice, this list of conditions and the following disclaimer in the
- *      documentation and/or other materials provided with the distribution.
- *   3. The names of the copyright holders may not be used to endorse or
- *      promote products derived from this software without specific
- *      prior written permission.
- * 
- *   THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- *   INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- *   AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
- *   THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- *   EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- *   PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
- *   OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- *   WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- *   OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- *   ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- * $Vendor: x509.h,v 1.2 2005/04/01 16:47:31 dugsong Exp $
- */
-
-#ifndef X509_H
-#define X509_H
-
-int	x509_load_public(struct key *k, struct iovec *iov);
-int	x509_load_private(struct key *k, struct iovec *iov);
-
-#endif /* X509_H */