Remove MD4 support from LibreSSL.

MD4 should have been removed a long time ago.  Also, RFC 6150 moved it to
historic in 2011.  Rides the major crank from removing SHA-0.

Discussed with many including beck@, millert@, djm@, sthen@
ok jsing@, input + ok bcook@

25 files changed, 42 insertions, 862 deletions

diff --git a/lib/libcrypto/crypto/Makefile b/lib/libcrypto/crypto/Makefile
index 76a099cd5bf..121aaf1d0a8 100644
--- a/lib/libcrypto/crypto/Makefile
+++ b/lib/libcrypto/crypto/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.63 2015/09/13 21:09:56 doug Exp $
+# $OpenBSD: Makefile,v 1.64 2015/09/13 23:36:21 doug Exp $
 
 LIB=	crypto
 
@@ -144,7 +144,7 @@ SRCS+= encode.c digest.c evp_enc.c evp_key.c
 SRCS+= e_des.c e_bf.c e_idea.c e_des3.c e_camellia.c
 SRCS+= e_rc4.c e_aes.c names.c
 SRCS+= e_xcbc_d.c e_rc2.c e_cast.c
-SRCS+= m_null.c m_md4.c m_md5.c m_sha1.c m_wp.c
+SRCS+= m_null.c m_md5.c m_sha1.c m_wp.c
 SRCS+= m_dss.c m_dss1.c m_ripemd.c m_ecdsa.c
 SRCS+= p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c
 SRCS+= bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c
@@ -173,9 +173,6 @@ SRCS+= krb5_asn.c
 # lhash/
 SRCS+= lhash.c lh_stats.c
 
-# md4/
-SRCS+= md4_dgst.c md4_one.c
-
 # md5/
 SRCS+= md5_dgst.c md5_one.c
 
@@ -286,7 +283,6 @@ SRCS+= pcy_cache.c pcy_node.c pcy_data.c pcy_map.c pcy_tree.c pcy_lib.c
 	${LCRYPTO_SRC}/idea \
 	${LCRYPTO_SRC}/krb5 \
 	${LCRYPTO_SRC}/lhash \
-	${LCRYPTO_SRC}/md4 \
 	${LCRYPTO_SRC}/md5 \
 	${LCRYPTO_SRC}/modes \
 	${LCRYPTO_SRC}/objects \
@@ -344,7 +340,6 @@ HDRS=\
 	crypto/idea/idea.h \
 	crypto/krb5/krb5_asn.h \
 	crypto/lhash/lhash.h \
-	crypto/md4/md4.h \
 	crypto/md5/md5.h \
 	crypto/modes/modes.h \
 	crypto/objects/objects.h \
diff --git a/lib/libcrypto/man/Makefile b/lib/libcrypto/man/Makefile
index c968943cc03..101f79b6ffd 100644
--- a/lib/libcrypto/man/Makefile
+++ b/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.21 2015/06/20 01:07:24 doug Exp $
+# $OpenBSD: Makefile,v 1.22 2015/09/13 23:36:21 doug Exp $
 
 .include <bsd.own.mk>		# for NOMAN
 
@@ -642,11 +642,9 @@ MLINKS+=\
 	EVP_DigestInit.3 EVP_get_digestbyname.3 \
 	EVP_DigestInit.3 EVP_get_digestbynid.3 \
 	EVP_DigestInit.3 EVP_get_digestbyobj.3 \
-	EVP_DigestInit.3 EVP_md2.3 \
 	EVP_DigestInit.3 EVP_md5.3 \
 	EVP_DigestInit.3 EVP_md_null.3 \
 	EVP_DigestInit.3 EVP_ripemd160.3 \
-	EVP_DigestInit.3 EVP_sha.3 \
 	EVP_DigestInit.3 EVP_sha1.3 \
 	EVP_DigestSignInit.3 EVP_DigestSignUpdate.3 \
 	EVP_DigestSignInit.3 EVP_DigestSignFinal.3 \
@@ -795,14 +793,6 @@ MLINKS+=\
 	HMAC.3 HMAC_Init.3 \
 	HMAC.3 HMAC_Update.3 \
 	HMAC.3 HMAC_cleanup.3 \
-	MD5.3 MD2.3 \
-	MD5.3 MD2_Final.3 \
-	MD5.3 MD2_Init.3 \
-	MD5.3 MD2_Update.3 \
-	MD5.3 MD4.3 \
-	MD5.3 MD4_Final.3 \
-	MD5.3 MD4_Init.3 \
-	MD5.3 MD4_Update.3 \
 	MD5.3 MD5_Final.3 \
 	MD5.3 MD5_Init.3 \
 	MD5.3 MD5_Update.3 \
diff --git a/lib/libssl/src/crypto/evp/c_all.c b/lib/libssl/src/crypto/evp/c_all.c
index 6568f2ba5a9..6b23460210c 100644
--- a/lib/libssl/src/crypto/evp/c_all.c
+++ b/lib/libssl/src/crypto/evp/c_all.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: c_all.c,v 1.18 2015/09/13 21:09:56 doug Exp $ */
+/* $OpenBSD: c_all.c,v 1.19 2015/09/13 23:36:21 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -228,10 +228,6 @@ OpenSSL_add_all_ciphers(void)
 void
 OpenSSL_add_all_digests(void)
 {
-#ifndef OPENSSL_NO_MD4
-	EVP_add_digest(EVP_md4());
-#endif
-
 #ifndef OPENSSL_NO_MD5
 	EVP_add_digest(EVP_md5());
 	EVP_add_digest_alias(SN_md5, "ssl2-md5");
diff --git a/lib/libssl/src/crypto/evp/evp.h b/lib/libssl/src/crypto/evp/evp.h
index c9a11c3a5f7..381d4a45c19 100644
--- a/lib/libssl/src/crypto/evp/evp.h
+++ b/lib/libssl/src/crypto/evp/evp.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp.h,v 1.46 2015/09/13 21:09:56 doug Exp $ */
+/* $OpenBSD: evp.h,v 1.47 2015/09/13 23:36:21 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -648,9 +648,6 @@ void BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k,
 #endif
 
 const EVP_MD *EVP_md_null(void);
-#ifndef OPENSSL_NO_MD4
-const EVP_MD *EVP_md4(void);
-#endif
 #ifndef OPENSSL_NO_MD5
 const EVP_MD *EVP_md5(void);
 #endif
diff --git a/lib/libssl/src/crypto/evp/m_md4.c b/lib/libssl/src/crypto/evp/m_md4.c
deleted file mode 100644
index e08980b1ede..00000000000
--- a/lib/libssl/src/crypto/evp/m_md4.c
+++ /dev/null
@@ -1,118 +0,0 @@
-/* $OpenBSD: m_md4.c,v 1.14 2014/07/13 09:30:02 miod Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-
-#include <openssl/opensslconf.h>
-
-#ifndef OPENSSL_NO_MD4
-
-#include <openssl/evp.h>
-#include <openssl/md4.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-
-static int
-init(EVP_MD_CTX *ctx)
-{
-	return MD4_Init(ctx->md_data);
-}
-
-static int
-update(EVP_MD_CTX *ctx, const void *data, size_t count)
-{
-	return MD4_Update(ctx->md_data, data, count);
-}
-
-static int
-final(EVP_MD_CTX *ctx, unsigned char *md)
-{
-	return MD4_Final(md, ctx->md_data);
-}
-
-static const EVP_MD md4_md = {
-	.type = NID_md4,
-	.pkey_type = NID_md4WithRSAEncryption,
-	.md_size = MD4_DIGEST_LENGTH,
-	.flags = 0,
-	.init = init,
-	.update = update,
-	.final = final,
-	.copy = NULL,
-	.cleanup = NULL,
-#ifndef OPENSSL_NO_RSA
-	.sign = (evp_sign_method *)RSA_sign,
-	.verify = (evp_verify_method *)RSA_verify,
-	.required_pkey_type = {
-		EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0,
-	},
-#endif
-	.block_size = MD4_CBLOCK,
-	.ctx_size = sizeof(EVP_MD *) + sizeof(MD4_CTX),
-};
-
-const EVP_MD *
-EVP_md4(void)
-{
-	return (&md4_md);
-}
-#endif
diff --git a/lib/libssl/src/crypto/md4/md4.h b/lib/libssl/src/crypto/md4/md4.h
deleted file mode 100644
index 5d9b787a28f..00000000000
--- a/lib/libssl/src/crypto/md4/md4.h
+++ /dev/null
@@ -1,103 +0,0 @@
-/* $OpenBSD: md4.h,v 1.14 2014/10/20 13:06:54 bcook Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stddef.h>
-
-#ifndef HEADER_MD4_H
-#define HEADER_MD4_H
-
-#include <openssl/opensslconf.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#ifdef OPENSSL_NO_MD4
-#error MD4 is disabled.
-#endif
-
-/*
- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- * ! MD4_LONG has to be at least 32 bits wide.                     !
- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- */
-
-#define MD4_LONG unsigned int
-
-#define MD4_CBLOCK	64
-#define MD4_LBLOCK	(MD4_CBLOCK/4)
-#define MD4_DIGEST_LENGTH 16
-
-typedef struct MD4state_st
-	{
-	MD4_LONG A,B,C,D;
-	MD4_LONG Nl,Nh;
-	MD4_LONG data[MD4_LBLOCK];
-	unsigned int num;
-	} MD4_CTX;
-
-int MD4_Init(MD4_CTX *c);
-int MD4_Update(MD4_CTX *c, const void *data, size_t len);
-int MD4_Final(unsigned char *md, MD4_CTX *c);
-unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md);
-void MD4_Transform(MD4_CTX *c, const unsigned char *b);
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/lib/libssl/src/crypto/md4/md4_dgst.c b/lib/libssl/src/crypto/md4/md4_dgst.c
deleted file mode 100644
index d4a0c6ff066..00000000000
--- a/lib/libssl/src/crypto/md4/md4_dgst.c
+++ /dev/null
@@ -1,167 +0,0 @@
-/* $OpenBSD: md4_dgst.c,v 1.14 2014/10/28 07:35:59 jsg Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/opensslv.h>
-#include <openssl/crypto.h>
-#include "md4_locl.h"
-
-/* Implemented from RFC1186 The MD4 Message-Digest Algorithm
- */
-
-#define INIT_DATA_A (unsigned long)0x67452301L
-#define INIT_DATA_B (unsigned long)0xefcdab89L
-#define INIT_DATA_C (unsigned long)0x98badcfeL
-#define INIT_DATA_D (unsigned long)0x10325476L
-
-int MD4_Init(MD4_CTX *c)
-	{
-	memset (c,0,sizeof(*c));
-	c->A=INIT_DATA_A;
-	c->B=INIT_DATA_B;
-	c->C=INIT_DATA_C;
-	c->D=INIT_DATA_D;
-	return 1;
-	}
-
-#ifndef md4_block_data_order
-#ifdef X
-#undef X
-#endif
-void md4_block_data_order (MD4_CTX *c, const void *data_, size_t num)
-	{
-	const unsigned char *data=data_;
-	unsigned MD32_REG_T A,B,C,D,l;
-#ifndef MD32_XARRAY
-	/* See comment in crypto/sha/sha_locl.h for details. */
-	unsigned MD32_REG_T	XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
-				XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15;
-# define X(i)	XX##i
-#else
-	MD4_LONG XX[MD4_LBLOCK];
-# define X(i)	XX[i]
-#endif
-
-	A=c->A;
-	B=c->B;
-	C=c->C;
-	D=c->D;
-
-	for (;num--;)
-		{
-	HOST_c2l(data,l); X( 0)=l;
-	HOST_c2l(data,l); X( 1)=l;
-	/* Round 0 */
-	R0(A,B,C,D,X( 0), 3,0);	HOST_c2l(data,l); X( 2)=l;
-	R0(D,A,B,C,X( 1), 7,0);	HOST_c2l(data,l); X( 3)=l;
-	R0(C,D,A,B,X( 2),11,0);	HOST_c2l(data,l); X( 4)=l;
-	R0(B,C,D,A,X( 3),19,0);	HOST_c2l(data,l); X( 5)=l;
-	R0(A,B,C,D,X( 4), 3,0);	HOST_c2l(data,l); X( 6)=l;
-	R0(D,A,B,C,X( 5), 7,0);	HOST_c2l(data,l); X( 7)=l;
-	R0(C,D,A,B,X( 6),11,0);	HOST_c2l(data,l); X( 8)=l;
-	R0(B,C,D,A,X( 7),19,0);	HOST_c2l(data,l); X( 9)=l;
-	R0(A,B,C,D,X( 8), 3,0);	HOST_c2l(data,l); X(10)=l;
-	R0(D,A,B,C,X( 9), 7,0);	HOST_c2l(data,l); X(11)=l;
-	R0(C,D,A,B,X(10),11,0);	HOST_c2l(data,l); X(12)=l;
-	R0(B,C,D,A,X(11),19,0);	HOST_c2l(data,l); X(13)=l;
-	R0(A,B,C,D,X(12), 3,0);	HOST_c2l(data,l); X(14)=l;
-	R0(D,A,B,C,X(13), 7,0);	HOST_c2l(data,l); X(15)=l;
-	R0(C,D,A,B,X(14),11,0);
-	R0(B,C,D,A,X(15),19,0);
-	/* Round 1 */
-	R1(A,B,C,D,X( 0), 3,0x5A827999L);
-	R1(D,A,B,C,X( 4), 5,0x5A827999L);
-	R1(C,D,A,B,X( 8), 9,0x5A827999L);
-	R1(B,C,D,A,X(12),13,0x5A827999L);
-	R1(A,B,C,D,X( 1), 3,0x5A827999L);
-	R1(D,A,B,C,X( 5), 5,0x5A827999L);
-	R1(C,D,A,B,X( 9), 9,0x5A827999L);
-	R1(B,C,D,A,X(13),13,0x5A827999L);
-	R1(A,B,C,D,X( 2), 3,0x5A827999L);
-	R1(D,A,B,C,X( 6), 5,0x5A827999L);
-	R1(C,D,A,B,X(10), 9,0x5A827999L);
-	R1(B,C,D,A,X(14),13,0x5A827999L);
-	R1(A,B,C,D,X( 3), 3,0x5A827999L);
-	R1(D,A,B,C,X( 7), 5,0x5A827999L);
-	R1(C,D,A,B,X(11), 9,0x5A827999L);
-	R1(B,C,D,A,X(15),13,0x5A827999L);
-	/* Round 2 */
-	R2(A,B,C,D,X( 0), 3,0x6ED9EBA1L);
-	R2(D,A,B,C,X( 8), 9,0x6ED9EBA1L);
-	R2(C,D,A,B,X( 4),11,0x6ED9EBA1L);
-	R2(B,C,D,A,X(12),15,0x6ED9EBA1L);
-	R2(A,B,C,D,X( 2), 3,0x6ED9EBA1L);
-	R2(D,A,B,C,X(10), 9,0x6ED9EBA1L);
-	R2(C,D,A,B,X( 6),11,0x6ED9EBA1L);
-	R2(B,C,D,A,X(14),15,0x6ED9EBA1L);
-	R2(A,B,C,D,X( 1), 3,0x6ED9EBA1L);
-	R2(D,A,B,C,X( 9), 9,0x6ED9EBA1L);
-	R2(C,D,A,B,X( 5),11,0x6ED9EBA1L);
-	R2(B,C,D,A,X(13),15,0x6ED9EBA1L);
-	R2(A,B,C,D,X( 3), 3,0x6ED9EBA1L);
-	R2(D,A,B,C,X(11), 9,0x6ED9EBA1L);
-	R2(C,D,A,B,X( 7),11,0x6ED9EBA1L);
-	R2(B,C,D,A,X(15),15,0x6ED9EBA1L);
-
-	A = c->A += A;
-	B = c->B += B;
-	C = c->C += C;
-	D = c->D += D;
-		}
-	}
-#endif
diff --git a/lib/libssl/src/crypto/md4/md4_locl.h b/lib/libssl/src/crypto/md4/md4_locl.h
deleted file mode 100644
index efe0ec83a7b..00000000000
--- a/lib/libssl/src/crypto/md4/md4_locl.h
+++ /dev/null
@@ -1,108 +0,0 @@
-/* $OpenBSD: md4_locl.h,v 1.7 2014/10/20 13:06:54 bcook Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/opensslconf.h>
-#include <openssl/md4.h>
-
-void md4_block_data_order (MD4_CTX *c, const void *p,size_t num);
-
-#define DATA_ORDER_IS_LITTLE_ENDIAN
-
-#define HASH_LONG		MD4_LONG
-#define HASH_CTX		MD4_CTX
-#define HASH_CBLOCK		MD4_CBLOCK
-#define HASH_UPDATE		MD4_Update
-#define HASH_TRANSFORM		MD4_Transform
-#define HASH_FINAL		MD4_Final
-#define	HASH_MAKE_STRING(c,s)	do {	\
-	unsigned long ll;		\
-	ll=(c)->A; HOST_l2c(ll,(s));	\
-	ll=(c)->B; HOST_l2c(ll,(s));	\
-	ll=(c)->C; HOST_l2c(ll,(s));	\
-	ll=(c)->D; HOST_l2c(ll,(s));	\
-	} while (0)
-#define	HASH_BLOCK_DATA_ORDER	md4_block_data_order
-
-#include "md32_common.h"
-
-/*
-#define	F(x,y,z)	(((x) & (y))  |  ((~(x)) & (z)))
-#define	G(x,y,z)	(((x) & (y))  |  ((x) & ((z))) | ((y) & ((z))))
-*/
-
-/* As pointed out by Wei Dai <weidai@eskimo.com>, the above can be
- * simplified to the code below.  Wei attributes these optimizations
- * to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel.
- */
-#define	F(b,c,d)	((((c) ^ (d)) & (b)) ^ (d))
-#define G(b,c,d)	(((b) & (c)) | ((b) & (d)) | ((c) & (d)))
-#define	H(b,c,d)	((b) ^ (c) ^ (d))
-
-#define R0(a,b,c,d,k,s,t) { \
-	a+=((k)+(t)+F((b),(c),(d))); \
-	a=ROTATE(a,s); };
-
-#define R1(a,b,c,d,k,s,t) { \
-	a+=((k)+(t)+G((b),(c),(d))); \
-	a=ROTATE(a,s); };\
-
-#define R2(a,b,c,d,k,s,t) { \
-	a+=((k)+(t)+H((b),(c),(d))); \
-	a=ROTATE(a,s); };
diff --git a/lib/libssl/src/crypto/md4/md4_one.c b/lib/libssl/src/crypto/md4/md4_one.c
deleted file mode 100644
index 9577d6577bf..00000000000
--- a/lib/libssl/src/crypto/md4/md4_one.c
+++ /dev/null
@@ -1,77 +0,0 @@
-/* $OpenBSD: md4_one.c,v 1.8 2015/09/10 15:56:25 jsing Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <openssl/md4.h>
-#include <openssl/crypto.h>
-
-unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md)
-	{
-	MD4_CTX c;
-	static unsigned char m[MD4_DIGEST_LENGTH];
-
-	if (md == NULL) md=m;
-	if (!MD4_Init(&c))
-		return NULL;
-	MD4_Update(&c,d,n);
-	MD4_Final(md,&c);
-	explicit_bzero(&c,sizeof(c));
-	return(md);
-	}
-
diff --git a/lib/libssl/src/crypto/opensslfeatures.h b/lib/libssl/src/crypto/opensslfeatures.h
index ba4dbba9596..3d1972f6611 100644
--- a/lib/libssl/src/crypto/opensslfeatures.h
+++ b/lib/libssl/src/crypto/opensslfeatures.h
@@ -6,6 +6,7 @@
 # define OPENSSL_NO_JPAKE
 # define OPENSSL_NO_KRB5
 # define OPENSSL_NO_MD2
+# define OPENSSL_NO_MD4
 # define OPENSSL_NO_MDC2
 # define OPENSSL_NO_PSK
 # define OPENSSL_NO_RC5
diff --git a/lib/libssl/src/doc/apps/dgst.pod b/lib/libssl/src/doc/apps/dgst.pod
index d8b2abc6fbd..daaa87a50ad 100644
--- a/lib/libssl/src/doc/apps/dgst.pod
+++ b/lib/libssl/src/doc/apps/dgst.pod
@@ -2,12 +2,12 @@
 
 =head1 NAME
 
-dgst, md5, md4, md2, sha1, sha, ripemd160 - message digests
+dgst, md5, sha1, ripemd160 - message digests
 
 =head1 SYNOPSIS
 
 B<openssl> B<dgst>
-[B<-md5|-md4|-md2|-sha1|-sha|-ripemd160|-dss1>]
+[B<-md5|-sha1|-ripemd160|-dss1>]
 [B<-c>]
 [B<-d>]
 [B<-hex>]
@@ -22,7 +22,7 @@ B<openssl> B<dgst>
 [B<-hmac key>]
 [B<file...>]
 
-[B<md5|md4|md2|sha1|sha|ripemd160>]
+[B<md5|sha1|ripemd160>]
 [B<-c>]
 [B<-d>]
 [B<file...>]
diff --git a/lib/libssl/src/doc/apps/openssl.pod b/lib/libssl/src/doc/apps/openssl.pod
index 718d679dbbc..a000a023312 100644
--- a/lib/libssl/src/doc/apps/openssl.pod
+++ b/lib/libssl/src/doc/apps/openssl.pod
@@ -263,10 +263,6 @@ X.509 Certificate Data Management.
 
 =over 10
 
-=item B<md2>
-
-MD2 Digest
-
 =item B<md5>
 
 MD5 Digest
@@ -275,10 +271,6 @@ MD5 Digest
 
 RMD-160 Digest
 
-=item B<sha>
-
-SHA Digest
-
 =item B<sha1>
 
 SHA-1 Digest
diff --git a/lib/libssl/src/doc/apps/speed.pod b/lib/libssl/src/doc/apps/speed.pod
index c309d9a0603..61990f0dd52 100644
--- a/lib/libssl/src/doc/apps/speed.pod
+++ b/lib/libssl/src/doc/apps/speed.pod
@@ -8,7 +8,6 @@ speed - test library performance
 
 B<openssl speed>
 [B<-engine id>]
-[B<md2>]
 [B<md5>]
 [B<hmac>]
 [B<sha1>]
diff --git a/lib/libssl/src/doc/apps/ts.pod b/lib/libssl/src/doc/apps/ts.pod
index 3075b6887a2..f495a140382 100644
--- a/lib/libssl/src/doc/apps/ts.pod
+++ b/lib/libssl/src/doc/apps/ts.pod
@@ -12,7 +12,7 @@ B<-query>
 [B<-config> configfile]
 [B<-data> file_to_hash]
 [B<-digest> digest_bytes]
-[B<-md2>|B<-md4>|B<-md5>|B<-sha>|B<-sha1>|B<-ripemd160>|B<...>]
+[B<-md5>|B<-sha1>|B<-ripemd160>|B<...>]
 [B<-policy> object_id]
 [B<-no_nonce>]
 [B<-cert>]
@@ -124,7 +124,7 @@ per byte, the bytes optionally separated by colons (e.g. 1A:F6:01:... or
 1AF601...). The number of bytes must match the message digest algorithm
 in use. (Optional)
 
-=item B<-md2>|B<-md4>|B<-md5>|B<-sha>|B<-sha1>|B<-ripemd160>|B<...>
+=item B<-md5>|B<-sha1>|B<-ripemd160>|B<...>
 
 The message digest to apply to the data file, it supports all the message
 digest algorithms that are supported by the openssl B<dgst> command.
diff --git a/lib/libssl/src/doc/crypto/MD5.pod b/lib/libssl/src/doc/crypto/MD5.pod
index b0edd5416f7..056f94bd9e1 100644
--- a/lib/libssl/src/doc/crypto/MD5.pod
+++ b/lib/libssl/src/doc/crypto/MD5.pod
@@ -2,33 +2,10 @@
 
 =head1 NAME
 
-MD2, MD4, MD5, MD2_Init, MD2_Update, MD2_Final, MD4_Init, MD4_Update,
-MD4_Final, MD5_Init, MD5_Update, MD5_Final - MD2, MD4, and MD5 hash functions
+MD5, MD5_Init, MD5_Update, MD5_Final - MD5 hash functions
 
 =head1 SYNOPSIS
 
- #include <openssl/md2.h>
-
- unsigned char *MD2(const unsigned char *d, unsigned long n,
-                  unsigned char *md);
-
- int MD2_Init(MD2_CTX *c);
- int MD2_Update(MD2_CTX *c, const unsigned char *data,
-                  unsigned long len);
- int MD2_Final(unsigned char *md, MD2_CTX *c);
-
-
- #include <openssl/md4.h>
-
- unsigned char *MD4(const unsigned char *d, unsigned long n,
-                  unsigned char *md);
-
- int MD4_Init(MD4_CTX *c);
- int MD4_Update(MD4_CTX *c, const void *data,
-                  unsigned long len);
- int MD4_Final(unsigned char *md, MD4_CTX *c);
-
-
  #include <openssl/md5.h>
 
  unsigned char *MD5(const unsigned char *d, unsigned long n,
@@ -41,61 +18,43 @@ MD4_Final, MD5_Init, MD5_Update, MD5_Final - MD2, MD4, and MD5 hash functions
 
 =head1 DESCRIPTION
 
-MD2, MD4, and MD5 are cryptographic hash functions with a 128 bit output.
+MD5 is a cryptographic hash function with a 128 bit output.
 
-MD2(), MD4(), and MD5() compute the MD2, MD4, and MD5 message digest
-of the B<n> bytes at B<d> and place it in B<md> (which must have space
-for MD2_DIGEST_LENGTH == MD4_DIGEST_LENGTH == MD5_DIGEST_LENGTH == 16
+MD5() computes the MD5 message digest of the B<n> bytes at B<d> and
+places it in B<md> (which must have space for MD5_DIGEST_LENGTH == 16
 bytes of output). If B<md> is NULL, the digest is placed in a static
 array.
 
 The following functions may be used if the message is not completely
 stored in memory:
 
-MD2_Init() initializes a B<MD2_CTX> structure.
-
-MD2_Update() can be called repeatedly with chunks of the message to
-be hashed (B<len> bytes at B<data>).
-
-MD2_Final() places the message digest in B<md>, which must have space
-for MD2_DIGEST_LENGTH == 16 bytes of output, and erases the B<MD2_CTX>.
-
-MD4_Init(), MD4_Update(), MD4_Final(), MD5_Init(), MD5_Update(), and
-MD5_Final() are analogous using an B<MD4_CTX> and B<MD5_CTX> structure.
-
 Applications should use the higher level functions
 L<EVP_DigestInit(3)|EVP_DigestInit(3)>
 etc. instead of calling the hash functions directly.
 
 =head1 NOTE
 
-MD2, MD4, and MD5 are recommended only for compatibility with existing
-applications. In new applications, SHA-1 or RIPEMD-160 should be
-preferred.
+MD5 is recommended only for compatibility with legacy applications.
+In new applications, SHA-2 should be preferred.
 
 =head1 RETURN VALUES
 
-MD2(), MD4(), and MD5() return pointers to the hash value.
+MD5() returns a pointer to the hash value.
 
-MD2_Init(), MD2_Update(), MD2_Final(), MD4_Init(), MD4_Update(),
-MD4_Final(), MD5_Init(), MD5_Update(), and MD5_Final() return 1 for
-success, 0 otherwise.
+MD5_Init(), MD5_Update(), and MD5_Final() return 1 for success, 0
+otherwise.
 
 =head1 CONFORMING TO
 
-RFC 1319, RFC 1320, RFC 1321
+RFC 1321
 
 =head1 SEE ALSO
 
-L<sha(3)|sha(3)>, L<ripemd(3)|ripemd(3)>, L<EVP_DigestInit(3)|EVP_DigestInit(3)>
+L<EVP_DigestInit(3)|EVP_DigestInit(3)>
 
 =head1 HISTORY
 
-MD2(), MD2_Init(), MD2_Update() MD2_Final(), MD5(), MD5_Init(),
-MD5_Update() and MD5_Final() are available in all versions of SSLeay
-and OpenSSL.
-
-MD4(), MD4_Init(), and MD4_Update() are available in OpenSSL 0.9.6 and
-above.
+MD5(), MD5_Init(), MD5_Update() and MD5_Final() are available in all
+versions of OpenSSL.
 
 =cut
diff --git a/lib/libssl/src/doc/crypto/crypto.pod b/lib/libssl/src/doc/crypto/crypto.pod
index bbd6ce9ea97..11087ccc1fe 100644
--- a/lib/libssl/src/doc/crypto/crypto.pod
+++ b/lib/libssl/src/doc/crypto/crypto.pod
@@ -28,7 +28,7 @@ hash functions and a cryptographic pseudo-random number generator.
 =item SYMMETRIC CIPHERS
 
 L<blowfish(3)|blowfish(3)>, L<cast(3)|cast(3)>, L<des(3)|des(3)>,
-L<idea(3)|idea(3)>, L<rc2(3)|rc2(3)>, L<rc4(3)|rc4(3)>, L<rc5(3)|rc5(3)>
+L<idea(3)|idea(3)>, L<rc2(3)|rc2(3)>, L<rc4(3)|rc4(3)>
 
 =item PUBLIC KEY CRYPTOGRAPHY AND KEY AGREEMENT
 
@@ -40,9 +40,7 @@ L<x509(3)|x509(3)>, L<x509v3(3)|x509v3(3)>
 
 =item AUTHENTICATION CODES, HASH FUNCTIONS
 
-L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>, L<md4(3)|md4(3)>,
-L<md5(3)|md5(3)>, L<ripemd(3)|ripemd(3)>,
-L<sha(3)|sha(3)>
+L<hmac(3)|hmac(3)>, L<md5(3)|md5(3)>, L<ripemd(3)|ripemd(3)>
 
 =item AUXILIARY FUNCTIONS
 
diff --git a/lib/libssl/src/doc/standards.txt b/lib/libssl/src/doc/standards.txt
index 7bada8d35f2..e9eacc58405 100644
--- a/lib/libssl/src/doc/standards.txt
+++ b/lib/libssl/src/doc/standards.txt
@@ -27,12 +27,6 @@ Implemented:
 These are documents that describe things that are implemented (in
 whole or at least great parts) in OpenSSL.
 
-1319 The MD2 Message-Digest Algorithm. B. Kaliski. April 1992.
-     (Format: TXT=25661 bytes) (Status: INFORMATIONAL)
-
-1320 The MD4 Message-Digest Algorithm. R. Rivest. April 1992. (Format:
-     TXT=32407 bytes) (Status: INFORMATIONAL)
-
 1321 The MD5 Message-Digest Algorithm. R. Rivest. April 1992. (Format:
      TXT=35222 bytes) (Status: INFORMATIONAL)
 
diff --git a/regress/lib/libcrypto/Makefile b/regress/lib/libcrypto/Makefile
index a6c1bbffd3f..d3d86ab6b2c 100644
--- a/regress/lib/libcrypto/Makefile
+++ b/regress/lib/libcrypto/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.19 2015/09/13 21:09:56 doug Exp $
+#	$OpenBSD: Makefile,v 1.20 2015/09/13 23:36:21 doug Exp $
 
 SUBDIR= \
 	aead \
@@ -24,7 +24,6 @@ SUBDIR= \
 	hmac \
 	idea \
 	ige \
-	md4 \
 	md5 \
 	pbkdf2 \
 	pkcs7 \
diff --git a/regress/lib/libcrypto/md4/Makefile b/regress/lib/libcrypto/md4/Makefile
deleted file mode 100644
index a46047a40a3..00000000000
--- a/regress/lib/libcrypto/md4/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
-#	$OpenBSD: Makefile,v 1.3 2014/07/08 15:53:52 jsing Exp $
-
-PROG=	md4test
-LDADD=	-lcrypto
-DPADD=	${LIBCRYPTO}
-WARNINGS=	Yes
-CFLAGS+=	-DLIBRESSL_INTERNAL -Werror
-
-.include <bsd.regress.mk>
diff --git a/regress/lib/libcrypto/md4/md4test.c b/regress/lib/libcrypto/md4/md4test.c
deleted file mode 100644
index 60b2c0eedb8..00000000000
--- a/regress/lib/libcrypto/md4/md4test.c
+++ /dev/null
@@ -1,125 +0,0 @@
-/* crypto/md4/md4test.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-
-#include <openssl/evp.h>
-#include <openssl/md4.h>
-
-static char *test[]={
-	"",
-	"a",
-	"abc",
-	"message digest",
-	"abcdefghijklmnopqrstuvwxyz",
-	"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
-	"12345678901234567890123456789012345678901234567890123456789012345678901234567890",
-	NULL,
-	};
-
-static char *ret[]={
-"31d6cfe0d16ae931b73c59d7e0c089c0",
-"bde52cb31de33e46245e05fbdbd6fb24",
-"a448017aaf21d8525fc10ae87aa6729d",
-"d9130a8164549fe818874806e1c7014b",
-"d79e1c308aa5bbcdeea8ed63df412da9",
-"043f8582f241db351ce627e153e7f0e4",
-"e33b4ddc9c38f2199c3e7b164fcc0536",
-};
-
-static char *pt(unsigned char *md);
-int main(int argc, char *argv[])
-	{
-	int i,err=0;
-	char **P,**R;
-	char *p;
-	unsigned char md[MD4_DIGEST_LENGTH];
-
-	P=test;
-	R=ret;
-	i=1;
-	while (*P != NULL)
-		{
-		EVP_Digest(&(P[0][0]),strlen((char *)*P),md,NULL,EVP_md4(), NULL);
-		p=pt(md);
-		if (strcmp(p,(char *)*R) != 0)
-			{
-			printf("error calculating MD4 on '%s'\n",*P);
-			printf("got %s instead of %s\n",p,*R);
-			err++;
-			}
-		else
-			printf("test %d ok\n",i);
-		i++;
-		R++;
-		P++;
-		}
-	exit(err);
-	}
-
-static char *pt(unsigned char *md)
-	{
-	int i;
-	static char buf[80];
-
-	for (i=0; i<MD4_DIGEST_LENGTH; i++)
-		snprintf(buf + i*2, sizeof(buf) - i*2, "%02x",md[i]);
-	return(buf);
-	}
diff --git a/usr.bin/openssl/openssl.1 b/usr.bin/openssl/openssl.1
index 50063b653d4..de0a56735a0 100644
--- a/usr.bin/openssl/openssl.1
+++ b/usr.bin/openssl/openssl.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: openssl.1,v 1.26 2015/09/13 17:57:11 jmc Exp $
+.\" $OpenBSD: openssl.1,v 1.27 2015/09/13 23:36:21 doug Exp $
 .\" ====================================================================
 .\" Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 .\"
@@ -383,8 +383,6 @@ Streebog-256 digest.
 Streebog-512 digest.
 .It Cm md_gost94
 GOST R 34.11-94 digest.
-.It Cm md4
-MD4 digest.
 .It Cm md5
 MD5 digest.
 .It Cm ripemd160
@@ -1795,7 +1793,7 @@ install user certificates and CAs in MSIE using the Xenroll control.
 .Bk -words
 .Oo
 .Fl gost-mac | streebog256 | streebog512 | md_gost94 |
-.Fl md4 | md5 | ripemd160 | sha | sha1 |
+.Fl md5 | ripemd160 | sha1 |
 .Fl sha224 | sha256 | sha384 | sha512 | whirlpool
 .Oc
 .Op Fl binary
@@ -1818,7 +1816,7 @@ install user certificates and CAs in MSIE using the Xenroll control.
 .Pp
 .Nm openssl
 .Cm gost-mac | streebog256 | streebog512 | md_gost94 |
-.Cm md4 | md5 | ripemd160 | sha | sha1 |
+.Cm md5 | ripemd160 | sha | sha1 |
 .Cm sha224 | sha256 | sha384 | sha512 | whirlpool
 .Op Fl c
 .Op Fl d
@@ -5085,7 +5083,7 @@ instead of standard output.
 .Op Fl key Ar keyfile
 .Op Fl keyform Ar DER | PEM
 .Op Fl keyout Ar file
-.Op Fl md4 | md5 | sha1
+.Op Fl md5 | sha1
 .Op Fl modulus
 .Op Fl nameopt Ar option
 .Op Fl new
@@ -7664,7 +7662,6 @@ command were first added in
 .Op Cm dsa2048
 .Op Cm hmac
 .Op Cm md2
-.Op Cm md4
 .Op Cm md5
 .Op Cm rc2
 .Op Cm rc2-cbc
@@ -7715,7 +7712,7 @@ benchmarks in parallel.
 .Nm "openssl ts"
 .Bk -words
 .Fl query
-.Op Fl md4 | md5 | ripemd160 | sha | sha1
+.Op Fl md5 | ripemd160 | sha1
 .Op Fl cert
 .Op Fl config Ar configfile
 .Op Fl data Ar file_to_hash
@@ -7836,7 +7833,7 @@ This option specifies a previously created time stamp request in DER
 format that will be printed into the output file.
 Useful when you need to examine the content of a request in human-readable
 format.
-.It Fl md4|md5|ripemd160|sha|sha1
+.It Fl md5|ripemd160|sha1
 The message digest to apply to the data file.
 It supports all the message digest algorithms that are supported by the
 .Nm dgst
diff --git a/usr.bin/openssl/openssl.c b/usr.bin/openssl/openssl.c
index d0c0ec05518..1bda338356f 100644
--- a/usr.bin/openssl/openssl.c
+++ b/usr.bin/openssl/openssl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: openssl.c,v 1.10 2015/09/13 12:41:01 bcook Exp $ */
+/* $OpenBSD: openssl.c,v 1.11 2015/09/13 23:36:21 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -217,9 +217,6 @@ FUNCTION functions[] = {
 	{ FUNC_TYPE_MD, "streebog256", dgst_main },
 	{ FUNC_TYPE_MD, "streebog512", dgst_main },
 #endif
-#ifndef OPENSSL_NO_MD4
-	{ FUNC_TYPE_MD, "md4", dgst_main },
-#endif
 #ifndef OPENSSL_NO_MD5
 	{ FUNC_TYPE_MD, "md5", dgst_main },
 #endif
diff --git a/usr.bin/openssl/req.c b/usr.bin/openssl/req.c
index 5ed658bfb1f..f359e7392e7 100644
--- a/usr.bin/openssl/req.c
+++ b/usr.bin/openssl/req.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: req.c,v 1.7 2015/09/11 14:30:23 bcook Exp $ */
+/* $OpenBSD: req.c,v 1.8 2015/09/13 23:36:21 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -354,7 +354,7 @@ bad:
 		BIO_printf(bio_err, " -newkey rsa:bits generate a new RSA key of 'bits' in size\n");
 		BIO_printf(bio_err, " -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");
 		BIO_printf(bio_err, " -newkey ec:file generate a new EC key, parameters taken from CA in 'file'\n");
-		BIO_printf(bio_err, " -[digest]      Digest to sign with (md5, sha1, md4)\n");
+		BIO_printf(bio_err, " -[digest]      Digest to sign with (md5, sha1)\n");
 		BIO_printf(bio_err, " -config file   request template file.\n");
 		BIO_printf(bio_err, " -subj arg      set or modify request subject\n");
 		BIO_printf(bio_err, " -multivalue-rdn enable support for multivalued RDNs\n");
diff --git a/usr.bin/openssl/speed.c b/usr.bin/openssl/speed.c
index a0fa9dcd8b6..d9fe3309b71 100644
--- a/usr.bin/openssl/speed.c
+++ b/usr.bin/openssl/speed.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: speed.c,v 1.13 2015/09/12 15:49:53 bcook Exp $ */
+/* $OpenBSD: speed.c,v 1.14 2015/09/13 23:36:21 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -124,9 +124,6 @@
 #ifndef OPENSSL_NO_IDEA
 #include <openssl/idea.h>
 #endif
-#ifndef OPENSSL_NO_MD4
-#include <openssl/md4.h>
-#endif
 #ifndef OPENSSL_NO_MD5
 #include <openssl/md5.h>
 #endif
@@ -173,7 +170,8 @@ static int do_multi(int multi);
 #define MAX_ECDH_SIZE 256
 
 static const char *names[ALGOR_NUM] = {
-	"md2", NULL /* was mdc2 */, "md4", "md5", "hmac(md5)", "sha1", "rmd160",
+	"md2", NULL /* was mdc2 */, NULL /* was md4 */, "md5", "hmac(md5)",
+	"sha1", "rmd160",
 	"rc4", "des cbc", "des ede3", "idea cbc", "seed cbc",
 	"rc2 cbc", "rc5-32/12 cbc", "blowfish cbc", "cast cbc",
 	"aes-128 cbc", "aes-192 cbc", "aes-256 cbc",
@@ -234,9 +232,6 @@ speed_main(int argc, char **argv)
 	long rsa_count;
 	unsigned rsa_num;
 	unsigned char md[EVP_MAX_MD_SIZE];
-#ifndef OPENSSL_NO_MD4
-	unsigned char md4[MD4_DIGEST_LENGTH];
-#endif
 #ifndef OPENSSL_NO_MD5
 	unsigned char md5[MD5_DIGEST_LENGTH];
 	unsigned char hmac[MD5_DIGEST_LENGTH];
@@ -318,7 +313,6 @@ speed_main(int argc, char **argv)
 	CAMELLIA_KEY camellia_ks1, camellia_ks2, camellia_ks3;
 #endif
 #define	D_MD2		0
-#define	D_MD4		2
 #define	D_MD5		3
 #define	D_HMAC		4
 #define	D_SHA1		5
@@ -557,11 +551,6 @@ speed_main(int argc, char **argv)
 			j--;	/* Otherwise, -mr gets confused with an
 				 * algorithm. */
 		} else
-#ifndef OPENSSL_NO_MD4
-		if (strcmp(*argv, "md4") == 0)
-			doit[D_MD4] = 1;
-		else
-#endif
 #ifndef OPENSSL_NO_MD5
 		if (strcmp(*argv, "md5") == 0)
 			doit[D_MD5] = 1;
@@ -812,9 +801,6 @@ speed_main(int argc, char **argv)
 			BIO_printf(bio_err, "Error: bad option or value\n");
 			BIO_printf(bio_err, "\n");
 			BIO_printf(bio_err, "Available values:\n");
-#ifndef OPENSSL_NO_MD4
-			BIO_printf(bio_err, "md4      ");
-#endif
 #ifndef OPENSSL_NO_MD5
 			BIO_printf(bio_err, "md5      ");
 #ifndef OPENSSL_NO_HMAC
@@ -837,7 +823,7 @@ speed_main(int argc, char **argv)
 			BIO_printf(bio_err, "rmd160");
 #endif
 #if !defined(OPENSSL_NO_MD2) || \
-    !defined(OPENSSL_NO_MD4) || !defined(OPENSSL_NO_MD5) || \
+    !defined(OPENSSL_NO_MD5) || \
     !defined(OPENSSL_NO_SHA1) || !defined(OPENSSL_NO_RIPEMD160) || \
     !defined(OPENSSL_NO_WHIRLPOOL)
 			BIO_printf(bio_err, "\n");
@@ -996,19 +982,6 @@ speed_main(int argc, char **argv)
 #define COUNT(d) (count)
 	signal(SIGALRM, sig_done);
 
-#ifndef OPENSSL_NO_MD4
-	if (doit[D_MD4]) {
-		for (j = 0; j < SIZE_NUM; j++) {
-			print_message(names[D_MD4], c[D_MD4][j], lengths[j]);
-			Time_F(START);
-			for (count = 0, run = 1; COND(c[D_MD4][j]); count++)
-				EVP_Digest(&(buf[0]), (unsigned long) lengths[j], &(md4[0]), NULL, EVP_md4(), NULL);
-			d = Time_F(STOP);
-			print_result(D_MD4, j, count, d);
-		}
-	}
-#endif
-
 #ifndef OPENSSL_NO_MD5
 	if (doit[D_MD5]) {
 		for (j = 0; j < SIZE_NUM; j++) {
diff --git a/usr.bin/openssl/ts.c b/usr.bin/openssl/ts.c
index 258e636b036..d2bf2a6cd6f 100644
--- a/usr.bin/openssl/ts.c
+++ b/usr.bin/openssl/ts.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ts.c,v 1.7 2015/09/12 19:34:07 lteo Exp $ */
+/* $OpenBSD: ts.c,v 1.8 2015/09/13 23:36:21 doug Exp $ */
 /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
  * project 2002.
  */
@@ -298,7 +298,7 @@ usage:
 	BIO_printf(bio_err, "usage:\n"
 	    "ts -query [-config configfile] "
 	    "[-data file_to_hash] [-digest digest_bytes]"
-	    "[-md2|-md4|-md5|-sha|-sha1|-ripemd160] "
+	    "[-md5|-sha1|-ripemd160] "
 	    "[-policy object_id] [-no_nonce] [-cert] "
 	    "[-in request.tsq] [-out request.tsq] [-text]\n");
 	BIO_printf(bio_err, "or\n"