Remove MD4 support from LibreSSL.

MD4 should have been removed a long time ago.  Also, RFC 6150 moved it to
historic in 2011.  Rides the major crank from removing SHA-0.

Discussed with many including beck@, millert@, djm@, sthen@
ok jsing@, input + ok bcook@

5 files changed, 15 insertions, 48 deletions

diff --git a/src/usr.bin/openssl/openssl.1 b/src/usr.bin/openssl/openssl.1
index 50063b653d..de0a56735a 100644
--- a/src/usr.bin/openssl/openssl.1
+++ b/src/usr.bin/openssl/openssl.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: openssl.1,v 1.26 2015/09/13 17:57:11 jmc Exp $
+.\" $OpenBSD: openssl.1,v 1.27 2015/09/13 23:36:21 doug Exp $
 .\" ====================================================================
 .\" Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 .\"
@@ -383,8 +383,6 @@ Streebog-256 digest.
 Streebog-512 digest.
 .It Cm md_gost94
 GOST R 34.11-94 digest.
-.It Cm md4
-MD4 digest.
 .It Cm md5
 MD5 digest.
 .It Cm ripemd160
@@ -1795,7 +1793,7 @@ install user certificates and CAs in MSIE using the Xenroll control.
 .Bk -words
 .Oo
 .Fl gost-mac | streebog256 | streebog512 | md_gost94 |
-.Fl md4 | md5 | ripemd160 | sha | sha1 |
+.Fl md5 | ripemd160 | sha1 |
 .Fl sha224 | sha256 | sha384 | sha512 | whirlpool
 .Oc
 .Op Fl binary
@@ -1818,7 +1816,7 @@ install user certificates and CAs in MSIE using the Xenroll control.
 .Pp
 .Nm openssl
 .Cm gost-mac | streebog256 | streebog512 | md_gost94 |
-.Cm md4 | md5 | ripemd160 | sha | sha1 |
+.Cm md5 | ripemd160 | sha | sha1 |
 .Cm sha224 | sha256 | sha384 | sha512 | whirlpool
 .Op Fl c
 .Op Fl d
@@ -5085,7 +5083,7 @@ instead of standard output.
 .Op Fl key Ar keyfile
 .Op Fl keyform Ar DER | PEM
 .Op Fl keyout Ar file
-.Op Fl md4 | md5 | sha1
+.Op Fl md5 | sha1
 .Op Fl modulus
 .Op Fl nameopt Ar option
 .Op Fl new
@@ -7664,7 +7662,6 @@ command were first added in
 .Op Cm dsa2048
 .Op Cm hmac
 .Op Cm md2
-.Op Cm md4
 .Op Cm md5
 .Op Cm rc2
 .Op Cm rc2-cbc
@@ -7715,7 +7712,7 @@ benchmarks in parallel.
 .Nm "openssl ts"
 .Bk -words
 .Fl query
-.Op Fl md4 | md5 | ripemd160 | sha | sha1
+.Op Fl md5 | ripemd160 | sha1
 .Op Fl cert
 .Op Fl config Ar configfile
 .Op Fl data Ar file_to_hash
@@ -7836,7 +7833,7 @@ This option specifies a previously created time stamp request in DER
 format that will be printed into the output file.
 Useful when you need to examine the content of a request in human-readable
 format.
-.It Fl md4|md5|ripemd160|sha|sha1
+.It Fl md5|ripemd160|sha1
 The message digest to apply to the data file.
 It supports all the message digest algorithms that are supported by the
 .Nm dgst
diff --git a/src/usr.bin/openssl/openssl.c b/src/usr.bin/openssl/openssl.c
index d0c0ec0551..1bda338356 100644
--- a/src/usr.bin/openssl/openssl.c
+++ b/src/usr.bin/openssl/openssl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: openssl.c,v 1.10 2015/09/13 12:41:01 bcook Exp $ */
+/* $OpenBSD: openssl.c,v 1.11 2015/09/13 23:36:21 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -217,9 +217,6 @@ FUNCTION functions[] = {
         { FUNC_TYPE_MD, "streebog256", dgst_main },
         { FUNC_TYPE_MD, "streebog512", dgst_main },
 #endif
-#ifndef OPENSSL_NO_MD4
-        { FUNC_TYPE_MD, "md4", dgst_main },
-#endif
 #ifndef OPENSSL_NO_MD5
         { FUNC_TYPE_MD, "md5", dgst_main },
 #endif
diff --git a/src/usr.bin/openssl/req.c b/src/usr.bin/openssl/req.c
index 5ed658bfb1..f359e7392e 100644
--- a/src/usr.bin/openssl/req.c
+++ b/src/usr.bin/openssl/req.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: req.c,v 1.7 2015/09/11 14:30:23 bcook Exp $ */
+/* $OpenBSD: req.c,v 1.8 2015/09/13 23:36:21 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -354,7 +354,7 @@ bad:
                 BIO_printf(bio_err, " -newkey rsa:bits generate a new RSA key of 'bits' in size\n");
                 BIO_printf(bio_err, " -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");
                 BIO_printf(bio_err, " -newkey ec:file generate a new EC key, parameters taken from CA in 'file'\n");
-                BIO_printf(bio_err, " -[digest]      Digest to sign with (md5, sha1, md4)\n");
+                BIO_printf(bio_err, " -[digest]      Digest to sign with (md5, sha1)\n");
                 BIO_printf(bio_err, " -config file   request template file.\n");
                 BIO_printf(bio_err, " -subj arg      set or modify request subject\n");
                 BIO_printf(bio_err, " -multivalue-rdn enable support for multivalued RDNs\n");
diff --git a/src/usr.bin/openssl/speed.c b/src/usr.bin/openssl/speed.c
index a0fa9dcd8b..d9fe3309b7 100644
--- a/src/usr.bin/openssl/speed.c
+++ b/src/usr.bin/openssl/speed.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: speed.c,v 1.13 2015/09/12 15:49:53 bcook Exp $ */
+/* $OpenBSD: speed.c,v 1.14 2015/09/13 23:36:21 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -124,9 +124,6 @@
 #ifndef OPENSSL_NO_IDEA
 #include <openssl/idea.h>
 #endif
-#ifndef OPENSSL_NO_MD4
-#include <openssl/md4.h>
-#endif
 #ifndef OPENSSL_NO_MD5
 #include <openssl/md5.h>
 #endif
@@ -173,7 +170,8 @@ static int do_multi(int multi);
 #define MAX_ECDH_SIZE 256
 
 static const char *names[ALGOR_NUM] = {
-        "md2", NULL /* was mdc2 */, "md4", "md5", "hmac(md5)", "sha1", "rmd160",
+        "md2", NULL /* was mdc2 */, NULL /* was md4 */, "md5", "hmac(md5)",
+        "sha1", "rmd160",
         "rc4", "des cbc", "des ede3", "idea cbc", "seed cbc",
         "rc2 cbc", "rc5-32/12 cbc", "blowfish cbc", "cast cbc",
         "aes-128 cbc", "aes-192 cbc", "aes-256 cbc",
@@ -234,9 +232,6 @@ speed_main(int argc, char **argv)
         long rsa_count;
         unsigned rsa_num;
         unsigned char md[EVP_MAX_MD_SIZE];
-#ifndef OPENSSL_NO_MD4
-        unsigned char md4[MD4_DIGEST_LENGTH];
-#endif
 #ifndef OPENSSL_NO_MD5
         unsigned char md5[MD5_DIGEST_LENGTH];
         unsigned char hmac[MD5_DIGEST_LENGTH];
@@ -318,7 +313,6 @@ speed_main(int argc, char **argv)
         CAMELLIA_KEY camellia_ks1, camellia_ks2, camellia_ks3;
 #endif
 #define D_MD2           0
-#define D_MD4           2
 #define D_MD5           3
 #define D_HMAC          4
 #define D_SHA1          5
@@ -557,11 +551,6 @@ speed_main(int argc, char **argv)
                         j--;    /* Otherwise, -mr gets confused with an
                                  * algorithm. */
                 } else
-#ifndef OPENSSL_NO_MD4
-                if (strcmp(*argv, "md4") == 0)
-                        doit[D_MD4] = 1;
-                else
-#endif
 #ifndef OPENSSL_NO_MD5
                 if (strcmp(*argv, "md5") == 0)
                         doit[D_MD5] = 1;
@@ -812,9 +801,6 @@ speed_main(int argc, char **argv)
                         BIO_printf(bio_err, "Error: bad option or value\n");
                         BIO_printf(bio_err, "\n");
                         BIO_printf(bio_err, "Available values:\n");
-#ifndef OPENSSL_NO_MD4
-                        BIO_printf(bio_err, "md4      ");
-#endif
 #ifndef OPENSSL_NO_MD5
                         BIO_printf(bio_err, "md5      ");
 #ifndef OPENSSL_NO_HMAC
@@ -837,7 +823,7 @@ speed_main(int argc, char **argv)
                         BIO_printf(bio_err, "rmd160");
 #endif
 #if !defined(OPENSSL_NO_MD2) || \
-    !defined(OPENSSL_NO_MD4) || !defined(OPENSSL_NO_MD5) || \
+    !defined(OPENSSL_NO_MD5) || \
     !defined(OPENSSL_NO_SHA1) || !defined(OPENSSL_NO_RIPEMD160) || \
     !defined(OPENSSL_NO_WHIRLPOOL)
                         BIO_printf(bio_err, "\n");
@@ -996,19 +982,6 @@ speed_main(int argc, char **argv)
 #define COUNT(d) (count)
         signal(SIGALRM, sig_done);
 
-#ifndef OPENSSL_NO_MD4
-        if (doit[D_MD4]) {
-                for (j = 0; j < SIZE_NUM; j++) {
-                        print_message(names[D_MD4], c[D_MD4][j], lengths[j]);
-                        Time_F(START);
-                        for (count = 0, run = 1; COND(c[D_MD4][j]); count++)
-                                EVP_Digest(&(buf[0]), (unsigned long) lengths[j], &(md4[0]), NULL, EVP_md4(), NULL);
-                        d = Time_F(STOP);
-                        print_result(D_MD4, j, count, d);
-                }
-        }
-#endif
-
 #ifndef OPENSSL_NO_MD5
         if (doit[D_MD5]) {
                 for (j = 0; j < SIZE_NUM; j++) {
diff --git a/src/usr.bin/openssl/ts.c b/src/usr.bin/openssl/ts.c
index 258e636b03..d2bf2a6cd6 100644
--- a/src/usr.bin/openssl/ts.c
+++ b/src/usr.bin/openssl/ts.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ts.c,v 1.7 2015/09/12 19:34:07 lteo Exp $ */
+/* $OpenBSD: ts.c,v 1.8 2015/09/13 23:36:21 doug Exp $ */
 /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
  * project 2002.
  */
@@ -298,7 +298,7 @@ usage:
         BIO_printf(bio_err, "usage:\n"
             "ts -query [-config configfile] "
             "[-data file_to_hash] [-digest digest_bytes]"
-            "[-md2|-md4|-md5|-sha|-sha1|-ripemd160] "
+            "[-md5|-sha1|-ripemd160] "
             "[-policy object_id] [-no_nonce] [-cert] "
             "[-in request.tsq] [-out request.tsq] [-text]\n");
         BIO_printf(bio_err, "or\n"