Index: lib/libfetch/common.c
===================================================================
--- lib/libfetch/common.c	(revision 267293)
+++ lib/libfetch/common.c	(working copy)
@@ -888,6 +888,7 @@
 	return (0);
 #else
 	(void)conn;
+	(void)URL;
 	(void)verbose;
 	fprintf(stderr, "SSL support disabled\n");
 	return (-1);
Index: usr.sbin/ctld/Makefile
===================================================================
--- usr.sbin/ctld/Makefile	(revision 267293)
+++ usr.sbin/ctld/Makefile	(working copy)
@@ -9,8 +9,8 @@
 #CFLAGS+=	-DICL_KERNEL_PROXY
 MAN=		ctld.8 ctl.conf.5
 
-DPADD=		${LIBCAM} ${LIBSBUF} ${LIBBSDXML} ${LIBUTIL}
-LDADD=		-lbsdxml -lcam -lcrypto -lfl -lsbuf -lssl -lutil
+DPADD=		${LIBCAM} ${LIBMD} ${LIBSBUF} ${LIBBSDXML} ${LIBUTIL}
+LDADD=		-lbsdxml -lcam -lfl -lmd -lsbuf -lutil -lmd
 
 YFLAGS+=	-v
 CLEANFILES=	y.tab.c y.tab.h y.output
Index: usr.sbin/ctld/login.c
===================================================================
--- usr.sbin/ctld/login.c	(revision 267293)
+++ usr.sbin/ctld/login.c	(working copy)
@@ -37,9 +37,7 @@
 #include <string.h>
 #include <unistd.h>
 #include <netinet/in.h>
-#include <openssl/err.h>
-#include <openssl/md5.h>
-#include <openssl/rand.h>
+#include <md5.h>
 
 #include "ctld.h"
 #include "iscsi_proto.h"
@@ -356,17 +354,14 @@
     size_t response_len)
 {
 	MD5_CTX ctx;
-	int rv;
 
 	assert(response_len == MD5_DIGEST_LENGTH);
 
-	MD5_Init(&ctx);
-	MD5_Update(&ctx, &id, sizeof(id));
-	MD5_Update(&ctx, secret, strlen(secret));
-	MD5_Update(&ctx, challenge, challenge_len);
-	rv = MD5_Final(response, &ctx);
-	if (rv != 1)
-		log_errx(1, "MD5_Final");
+	MD5Init(&ctx);
+	MD5Update(&ctx, &id, sizeof(id));
+	MD5Update(&ctx, secret, strlen(secret));
+	MD5Update(&ctx, challenge, challenge_len);
+	MD5Final(response, &ctx);
 }
 
 #define	LOGIN_CHALLENGE_LEN	1024
@@ -565,7 +560,6 @@
 	struct pdu *request;
 	char challenge_bin[LOGIN_CHALLENGE_LEN];
 	unsigned char id;
-	int rv;
 
 	/*
 	 * Receive CHAP_A PDU.
@@ -576,18 +570,8 @@
 	/*
 	 * Generate the challenge.
 	 */
-	rv = RAND_bytes(challenge_bin, sizeof(challenge_bin));
-	if (rv != 1) {
-		login_send_error(request, 0x03, 0x02);
-		log_errx(1, "RAND_bytes failed: %s",
-		    ERR_error_string(ERR_get_error(), NULL));
-	}
-	rv = RAND_bytes(&id, sizeof(id));
-	if (rv != 1) {
-		login_send_error(request, 0x03, 0x02);
-		log_errx(1, "RAND_bytes failed: %s",
-		    ERR_error_string(ERR_get_error(), NULL));
-	}
+	arc4random_buf(challenge_bin, sizeof(challenge_bin));
+	arc4random_buf(&id, sizeof(id));
 
 	/*
 	 * Send the challenge.
Index: usr.sbin/iscsid/Makefile
===================================================================
--- usr.sbin/iscsid/Makefile	(revision 267293)
+++ usr.sbin/iscsid/Makefile	(working copy)
@@ -8,8 +8,8 @@
 #CFLAGS+=	-DICL_KERNEL_PROXY
 MAN=		iscsid.8
 
-DPADD=		${LIBUTIL}
-LDADD=		-lcrypto -lssl -lutil
+DPADD=		${LIBMD} ${LIBUTIL}
+LDADD=		-lmd -lutil
 
 WARNS=		6
 
Index: usr.sbin/iscsid/login.c
===================================================================
--- usr.sbin/iscsid/login.c	(revision 267293)
+++ usr.sbin/iscsid/login.c	(working copy)
@@ -36,9 +36,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <netinet/in.h>
-#include <openssl/err.h>
-#include <openssl/md5.h>
-#include <openssl/rand.h>
+#include <md5.h>
 
 #include "iscsid.h"
 #include "iscsi_proto.h"
@@ -376,17 +374,14 @@
     size_t response_len)
 {
 	MD5_CTX ctx;
-	int rv;
 
 	assert(response_len == MD5_DIGEST_LENGTH);
 
-	MD5_Init(&ctx);
-	MD5_Update(&ctx, &id, sizeof(id));
-	MD5_Update(&ctx, secret, strlen(secret));
-	MD5_Update(&ctx, challenge, challenge_len);
-	rv = MD5_Final(response, &ctx);
-	if (rv != 1)
-		log_errx(1, "MD5_Final");
+	MD5Init(&ctx);
+	MD5Update(&ctx, &id, sizeof(id));
+	MD5Update(&ctx, secret, strlen(secret));
+	MD5Update(&ctx, challenge, challenge_len);
+	MD5Final(response, &ctx);
 }
 
 static void
@@ -588,7 +583,7 @@
 	const char *chap_a, *chap_c, *chap_i;
 	char *chap_r, *challenge, response_bin[MD5_DIGEST_LENGTH];
 	size_t challenge_len;
-	int error, rv;
+	int error;
 	unsigned char id;
         char *mutual_chap_c, mutual_chap_i[4];
 
@@ -647,18 +642,10 @@
 		    "binary challenge size is %zd bytes",
 		    sizeof(conn->conn_mutual_challenge));
 
-		rv = RAND_bytes(conn->conn_mutual_challenge,
+		arc4random_buf(conn->conn_mutual_challenge,
 		    sizeof(conn->conn_mutual_challenge));
-		if (rv != 1) {
-			log_errx(1, "RAND_bytes failed: %s",
-			    ERR_error_string(ERR_get_error(), NULL));
-		}
-		rv = RAND_bytes(&conn->conn_mutual_id,
+		arc4random_buf(&conn->conn_mutual_id,
 		    sizeof(conn->conn_mutual_id));
-		if (rv != 1) {
-			log_errx(1, "RAND_bytes failed: %s",
-			    ERR_error_string(ERR_get_error(), NULL));
-		}
 		mutual_chap_c = login_bin2hex(conn->conn_mutual_challenge,
 		    sizeof(conn->conn_mutual_challenge));
 		snprintf(mutual_chap_i, sizeof(mutual_chap_i),
@@ -752,8 +739,6 @@
 static void
 login_create_isid(struct connection *conn)
 {
-	int rv;
-
 	/*
 	 * RFC 3720, 10.12.5: 10b, "Random" ISID.
 	 *
@@ -760,11 +745,7 @@
 	 */
 	conn->conn_isid[0] = 0x80; 
 
-	rv = RAND_bytes(&conn->conn_isid[1], 3);
-	if (rv != 1) {
-		log_errx(1, "RAND_bytes failed: %s",
-		    ERR_error_string(ERR_get_error(), NULL));
-	}
+	arc4random_buf(&conn->conn_isid[1], 3);
 }
 
 void