46 files changed, 59 insertions, 1239 deletions

diff --git a/src/lib/libcrypto/crypto/Makefile b/src/lib/libcrypto/crypto/Makefile
index a4e65fd6a6..d523e8029d 100644
--- a/src/lib/libcrypto/crypto/Makefile
+++ b/src/lib/libcrypto/crypto/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.57 2015/04/11 16:16:15 deraadt Exp $
+# $OpenBSD: Makefile,v 1.58 2015/06/20 01:07:24 doug Exp $
 
 LIB=    crypto
 
@@ -146,7 +146,7 @@ SRCS+= e_des.c e_bf.c e_idea.c e_des3.c e_camellia.c
 SRCS+= e_rc4.c e_aes.c names.c
 SRCS+= e_xcbc_d.c e_rc2.c e_cast.c
 SRCS+= m_null.c m_md4.c m_md5.c m_sha.c m_sha1.c m_wp.c
-SRCS+= m_dss.c m_dss1.c m_mdc2.c m_ripemd.c m_ecdsa.c
+SRCS+= m_dss.c m_dss1.c m_ripemd.c m_ecdsa.c
 SRCS+= p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c
 SRCS+= bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c
 SRCS+= c_all.c evp_lib.c
@@ -180,9 +180,6 @@ SRCS+= md4_dgst.c md4_one.c
 # md5/
 SRCS+= md5_dgst.c md5_one.c
 
-# mdc2/
-SRCS+= mdc2dgst.c mdc2_one.c
-
 # modes/
 SRCS+= cbc128.c ctr128.c cts128.c cfb128.c ofb128.c gcm128.c ccm128.c xts128.c
 
@@ -292,7 +289,6 @@ SRCS+= pcy_cache.c pcy_node.c pcy_data.c pcy_map.c pcy_tree.c pcy_lib.c
         ${LCRYPTO_SRC}/lhash \
         ${LCRYPTO_SRC}/md4 \
         ${LCRYPTO_SRC}/md5 \
-        ${LCRYPTO_SRC}/mdc2 \
         ${LCRYPTO_SRC}/modes \
         ${LCRYPTO_SRC}/objects \
         ${LCRYPTO_SRC}/ocsp \
@@ -352,7 +348,6 @@ HDRS=\
         crypto/lhash/lhash.h \
         crypto/md4/md4.h \
         crypto/md5/md5.h \
-        crypto/mdc2/mdc2.h \
         crypto/modes/modes.h \
         crypto/objects/objects.h \
         crypto/ocsp/ocsp.h \
diff --git a/src/lib/libcrypto/doc/EVP_DigestInit.pod b/src/lib/libcrypto/doc/EVP_DigestInit.pod
index 4b48080b4a..ccb19fc0a7 100644
--- a/src/lib/libcrypto/doc/EVP_DigestInit.pod
+++ b/src/lib/libcrypto/doc/EVP_DigestInit.pod
@@ -8,7 +8,7 @@ EVP_MD_CTX_copy_ex, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type,
 EVP_MD_size, EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size,
 EVP_MD_CTX_block_size, EVP_MD_CTX_type, EVP_md_null, EVP_md2, EVP_md5, EVP_sha,
 EVP_sha1, EVP_sha224, EVP_sha256, EVP_sha384, EVP_sha512, EVP_dss, EVP_dss1,
-EVP_mdc2, EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid,
+EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid,
 EVP_get_digestbyobj - EVP digest routines
 
 =head1 SYNOPSIS
@@ -53,7 +53,6 @@ EVP_get_digestbyobj - EVP digest routines
  const EVP_MD *EVP_sha1(void);
  const EVP_MD *EVP_dss(void);
  const EVP_MD *EVP_dss1(void);
- const EVP_MD *EVP_mdc2(void);
  const EVP_MD *EVP_ripemd160(void);
 
  const EVP_MD *EVP_sha224(void);
@@ -134,8 +133,8 @@ algorithms are no longer linked this function is only retained for
 compatibility reasons.
 
 EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_sha224(), EVP_sha256(),
-EVP_sha384(), EVP_sha512(), EVP_mdc2() and EVP_ripemd160() return B<EVP_MD>
-structures for the MD2, MD5, SHA, SHA1, SHA224, SHA256, SHA384, SHA512, MDC2
+EVP_sha384(), EVP_sha512() and EVP_ripemd160() return B<EVP_MD>
+structures for the MD2, MD5, SHA, SHA1, SHA224, SHA256, SHA384, SHA512
 and RIPEMD160 digest algorithms respectively.
 
 EVP_dss() and EVP_dss1() return B<EVP_MD> structures for SHA and SHA1 digest
@@ -165,7 +164,7 @@ EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size() and
 EVP_MD_CTX_block_size() return the digest or block size in bytes.
 
 EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_dss(),
-EVP_dss1(), EVP_mdc2() and EVP_ripemd160() return pointers to the
+EVP_dss1() and EVP_ripemd160() return pointers to the
 corresponding EVP_MD structures.
 
 EVP_get_digestbyname(), EVP_get_digestbynid() and EVP_get_digestbyobj()
@@ -253,7 +252,7 @@ digest name passed on the command line.
 =head1 SEE ALSO
 
 L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
-L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+L<md5(3)|md5(3)>, L<ripemd(3)|ripemd(3)>,
 L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
 
 =head1 HISTORY
@@ -266,7 +265,7 @@ EVP_MD_CTX_cleanup(), EVP_MD_CTX_destroy(), EVP_DigestInit_ex()
 and EVP_DigestFinal_ex() were added in OpenSSL 0.9.7.
 
 EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(),
-EVP_dss(), EVP_dss1(), EVP_mdc2() and EVP_ripemd160() were
+EVP_dss(), EVP_dss1() and EVP_ripemd160() were
 changed to return truely const EVP_MD * in OpenSSL 0.9.7.
 
 The link between digests and signing algorithms was fixed in OpenSSL 1.0 and
diff --git a/src/lib/libcrypto/doc/EVP_DigestSignInit.pod b/src/lib/libcrypto/doc/EVP_DigestSignInit.pod
index e70b88a4a9..7fd4c22e79 100644
--- a/src/lib/libcrypto/doc/EVP_DigestSignInit.pod
+++ b/src/lib/libcrypto/doc/EVP_DigestSignInit.pod
@@ -74,7 +74,7 @@ which indicates the maximum possible signature for any set of parameters.
 L<EVP_DigestVerifyInit(3)|EVP_DigestVerifyInit(3)>,
 L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
 L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
-L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+L<md5(3)|md5(3)>, L<ripemd(3)|ripemd(3)>,
 L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
 
 =head1 HISTORY
diff --git a/src/lib/libcrypto/doc/EVP_DigestVerifyInit.pod b/src/lib/libcrypto/doc/EVP_DigestVerifyInit.pod
index 9eebb15d22..0817cf0b02 100644
--- a/src/lib/libcrypto/doc/EVP_DigestVerifyInit.pod
+++ b/src/lib/libcrypto/doc/EVP_DigestVerifyInit.pod
@@ -69,7 +69,7 @@ will occur.
 L<EVP_DigestSignInit(3)|EVP_DigestSignInit(3)>,
 L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
 L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
-L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+L<md5(3)|md5(3)>, L<ripemd(3)|ripemd(3)>,
 L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
 
 =head1 HISTORY
diff --git a/src/lib/libcrypto/doc/EVP_SignInit.pod b/src/lib/libcrypto/doc/EVP_SignInit.pod
index 5a1b67e006..9aafa3d63a 100644
--- a/src/lib/libcrypto/doc/EVP_SignInit.pod
+++ b/src/lib/libcrypto/doc/EVP_SignInit.pod
@@ -89,7 +89,7 @@ The previous two bugs are fixed in the newer EVP_SignDigest*() function.
 L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>,
 L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
 L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
-L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+L<md5(3)|md5(3)>, L<ripemd(3)|ripemd(3)>,
 L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
 
 =head1 HISTORY
diff --git a/src/lib/libcrypto/doc/EVP_VerifyInit.pod b/src/lib/libcrypto/doc/EVP_VerifyInit.pod
index c665ee2ebc..b0d3f8e4c9 100644
--- a/src/lib/libcrypto/doc/EVP_VerifyInit.pod
+++ b/src/lib/libcrypto/doc/EVP_VerifyInit.pod
@@ -83,7 +83,7 @@ L<evp(3)|evp(3)>,
 L<EVP_SignInit(3)|EVP_SignInit(3)>,
 L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
 L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
-L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+L<md5(3)|md5(3)>, L<ripemd(3)|ripemd(3)>,
 L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
 
 =head1 HISTORY
diff --git a/src/lib/libcrypto/evp/c_all.c b/src/lib/libcrypto/evp/c_all.c
index d794629ca8..5f9df3a7ad 100644
--- a/src/lib/libcrypto/evp/c_all.c
+++ b/src/lib/libcrypto/evp/c_all.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: c_all.c,v 1.16 2015/02/10 11:45:09 jsing Exp $ */
+/* $OpenBSD: c_all.c,v 1.17 2015/06/20 01:07:24 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -265,9 +265,6 @@ OpenSSL_add_all_digests(void)
         EVP_add_digest(EVP_streebog256());
         EVP_add_digest(EVP_streebog512());
 #endif
-#if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES)
-        EVP_add_digest(EVP_mdc2());
-#endif
 #ifndef OPENSSL_NO_RIPEMD
         EVP_add_digest(EVP_ripemd160());
         EVP_add_digest_alias(SN_ripemd160, "ripemd");
diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h
index 330e01e0e6..57f8753ced 100644
--- a/src/lib/libcrypto/evp/evp.h
+++ b/src/lib/libcrypto/evp/evp.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp.h,v 1.44 2015/02/10 11:45:09 jsing Exp $ */
+/* $OpenBSD: evp.h,v 1.45 2015/06/20 01:07:24 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -669,9 +669,6 @@ const EVP_MD *EVP_sha256(void);
 const EVP_MD *EVP_sha384(void);
 const EVP_MD *EVP_sha512(void);
 #endif
-#ifndef OPENSSL_NO_MDC2
-const EVP_MD *EVP_mdc2(void);
-#endif
 #ifndef OPENSSL_NO_RIPEMD
 const EVP_MD *EVP_ripemd160(void);
 #endif
diff --git a/src/lib/libcrypto/evp/m_mdc2.c b/src/lib/libcrypto/evp/m_mdc2.c
deleted file mode 100644
index cfbdfc3852..0000000000
--- a/src/lib/libcrypto/evp/m_mdc2.c
+++ /dev/null
@@ -1,118 +0,0 @@
-/* $OpenBSD: m_mdc2.c,v 1.15 2014/07/13 09:30:02 miod Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-
-#include <openssl/opensslconf.h>
-
-#ifndef OPENSSL_NO_MDC2
-
-#include <openssl/evp.h>
-#include <openssl/mdc2.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-
-static int
-init(EVP_MD_CTX *ctx)
-{
-        return MDC2_Init(ctx->md_data);
-}
-
-static int
-update(EVP_MD_CTX *ctx, const void *data, size_t count)
-{
-        return MDC2_Update(ctx->md_data, data, count);
-}
-
-static int
-final(EVP_MD_CTX *ctx, unsigned char *md)
-{
-        return MDC2_Final(md, ctx->md_data);
-}
-
-static const EVP_MD mdc2_md = {
-        .type = NID_mdc2,
-        .pkey_type = NID_mdc2WithRSA,
-        .md_size = MDC2_DIGEST_LENGTH,
-        .flags = 0,
-        .init = init,
-        .update = update,
-        .final = final,
-        .copy = NULL,
-        .cleanup = NULL,
-#ifndef OPENSSL_NO_RSA
-        .sign = (evp_sign_method *)RSA_sign_ASN1_OCTET_STRING,
-        .verify = (evp_verify_method *)RSA_verify_ASN1_OCTET_STRING,
-        .required_pkey_type = {
-                EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0,
-        },
-#endif
-        .block_size = MDC2_BLOCK,
-        .ctx_size = sizeof(EVP_MD *) + sizeof(MDC2_CTX),
-};
-
-const EVP_MD *
-EVP_mdc2(void)
-{
-        return (&mdc2_md);
-}
-#endif
diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile
index 872391db3e..c968943cc0 100644
--- a/src/lib/libcrypto/man/Makefile
+++ b/src/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.20 2015/05/24 15:44:52 schwarze Exp $
+# $OpenBSD: Makefile,v 1.21 2015/06/20 01:07:24 doug Exp $
 
 .include <bsd.own.mk>           # for NOMAN
 
@@ -645,7 +645,6 @@ MLINKS+=\
         EVP_DigestInit.3 EVP_md2.3 \
         EVP_DigestInit.3 EVP_md5.3 \
         EVP_DigestInit.3 EVP_md_null.3 \
-        EVP_DigestInit.3 EVP_mdc2.3 \
         EVP_DigestInit.3 EVP_ripemd160.3 \
         EVP_DigestInit.3 EVP_sha.3 \
         EVP_DigestInit.3 EVP_sha1.3 \
diff --git a/src/lib/libcrypto/mdc2/mdc2.h b/src/lib/libcrypto/mdc2/mdc2.h
deleted file mode 100644
index 9128eeb878..0000000000
--- a/src/lib/libcrypto/mdc2/mdc2.h
+++ /dev/null
@@ -1,97 +0,0 @@
-/* $OpenBSD: mdc2.h,v 1.13 2014/07/10 22:45:57 jsing Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_MDC2_H
-#define HEADER_MDC2_H
-
-#include <openssl/opensslconf.h>
-
-#include <openssl/des.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#ifdef OPENSSL_NO_MDC2
-#error MDC2 is disabled.
-#endif
-
-#define MDC2_BLOCK              8
-#define MDC2_DIGEST_LENGTH      16
- 
-typedef struct mdc2_ctx_st
-        {
-        unsigned int num;
-        unsigned char data[MDC2_BLOCK];
-        DES_cblock h,hh;
-        int pad_type; /* either 1 or 2, default 1 */
-        } MDC2_CTX;
-
-
-int MDC2_Init(MDC2_CTX *c);
-int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len);
-int MDC2_Final(unsigned char *md, MDC2_CTX *c);
-unsigned char *MDC2(const unsigned char *d, size_t n,
-        unsigned char *md);
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
-
diff --git a/src/lib/libcrypto/mdc2/mdc2_one.c b/src/lib/libcrypto/mdc2/mdc2_one.c
deleted file mode 100644
index 8f922b1c7d..0000000000
--- a/src/lib/libcrypto/mdc2/mdc2_one.c
+++ /dev/null
@@ -1,77 +0,0 @@
-/* $OpenBSD: mdc2_one.c,v 1.4 2014/07/11 08:44:49 jsing Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-
-#include <openssl/crypto.h>
-#include <openssl/mdc2.h>
-
-unsigned char *MDC2(const unsigned char *d, size_t n, unsigned char *md)
-        {
-        MDC2_CTX c;
-        static unsigned char m[MDC2_DIGEST_LENGTH];
-
-        if (md == NULL) md=m;
-        if (!MDC2_Init(&c))
-                return NULL;
-        MDC2_Update(&c,d,n);
-        MDC2_Final(md,&c);
-        OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
-        return(md);
-        }
-
diff --git a/src/lib/libcrypto/mdc2/mdc2dgst.c b/src/lib/libcrypto/mdc2/mdc2dgst.c
deleted file mode 100644
index b4b0068d59..0000000000
--- a/src/lib/libcrypto/mdc2/mdc2dgst.c
+++ /dev/null
@@ -1,179 +0,0 @@
-/* $OpenBSD: mdc2dgst.c,v 1.7 2014/10/28 07:35:59 jsg Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/des.h>
-#include <openssl/mdc2.h>
-
-#undef c2l
-#define c2l(c,l)        (l =((DES_LONG)(*((c)++)))    , \
-                         l|=((DES_LONG)(*((c)++)))<< 8L, \
-                         l|=((DES_LONG)(*((c)++)))<<16L, \
-                         l|=((DES_LONG)(*((c)++)))<<24L)
-
-#undef l2c
-#define l2c(l,c)        (*((c)++)=(unsigned char)(((l)     )&0xff), \
-                        *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
-                        *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
-                        *((c)++)=(unsigned char)(((l)>>24L)&0xff))
-
-static void mdc2_body(MDC2_CTX *c, const unsigned char *in, size_t len);
-int MDC2_Init(MDC2_CTX *c)
-        {
-        c->num=0;
-        c->pad_type=1;
-        memset(&(c->h[0]),0x52,MDC2_BLOCK);
-        memset(&(c->hh[0]),0x25,MDC2_BLOCK);
-        return 1;
-        }
-
-int MDC2_Update(MDC2_CTX *c, const unsigned char *in, size_t len)
-        {
-        size_t i,j;
-
-        i=c->num;
-        if (i != 0)
-                {
-                if (i+len < MDC2_BLOCK)
-                        {
-                        /* partial block */
-                        memcpy(&(c->data[i]),in,len);
-                        c->num+=(int)len;
-                        return 1;
-                        }
-                else
-                        {
-                        /* filled one */
-                        j=MDC2_BLOCK-i;
-                        memcpy(&(c->data[i]),in,j);
-                        len-=j;
-                        in+=j;
-                        c->num=0;
-                        mdc2_body(c,&(c->data[0]),MDC2_BLOCK);
-                        }
-                }
-        i=len&~((size_t)MDC2_BLOCK-1);
-        if (i > 0) mdc2_body(c,in,i);
-        j=len-i;
-        if (j > 0)
-                {
-                memcpy(&(c->data[0]),&(in[i]),j);
-                c->num=(int)j;
-                }
-        return 1;
-        }
-
-static void mdc2_body(MDC2_CTX *c, const unsigned char *in, size_t len)
-        {
-        DES_LONG tin0,tin1;
-        DES_LONG ttin0,ttin1;
-        DES_LONG d[2],dd[2];
-        DES_key_schedule k;
-        unsigned char *p;
-        size_t i;
-
-        for (i=0; i<len; i+=8)
-                {
-                c2l(in,tin0); d[0]=dd[0]=tin0;
-                c2l(in,tin1); d[1]=dd[1]=tin1;
-                c->h[0]=(c->h[0]&0x9f)|0x40;
-                c->hh[0]=(c->hh[0]&0x9f)|0x20;
-
-                DES_set_odd_parity(&c->h);
-                DES_set_key_unchecked(&c->h,&k);
-                DES_encrypt1(d,&k,1);
-
-                DES_set_odd_parity(&c->hh);
-                DES_set_key_unchecked(&c->hh,&k);
-                DES_encrypt1(dd,&k,1);
-
-                ttin0=tin0^dd[0];
-                ttin1=tin1^dd[1];
-                tin0^=d[0];
-                tin1^=d[1];
-
-                p=c->h;
-                l2c(tin0,p);
-                l2c(ttin1,p);
-                p=c->hh;
-                l2c(ttin0,p);
-                l2c(tin1,p);
-                }
-        }
-
-int MDC2_Final(unsigned char *md, MDC2_CTX *c)
-        {
-        unsigned int i;
-        int j;
-
-        i=c->num;
-        j=c->pad_type;
-        if ((i > 0) || (j == 2))
-                {
-                if (j == 2)
-                        c->data[i++]=0x80;
-                memset(&(c->data[i]),0,MDC2_BLOCK-i);
-                mdc2_body(c,c->data,MDC2_BLOCK);
-                }
-        memcpy(md,(char *)c->h,MDC2_BLOCK);
-        memcpy(&(md[MDC2_BLOCK]),(char *)c->hh,MDC2_BLOCK);
-        return 1;
-        }
diff --git a/src/lib/libcrypto/opensslfeatures.h b/src/lib/libcrypto/opensslfeatures.h
index 811fac610f..a0fcc0078e 100644
--- a/src/lib/libcrypto/opensslfeatures.h
+++ b/src/lib/libcrypto/opensslfeatures.h
@@ -6,6 +6,7 @@
 # define OPENSSL_NO_JPAKE
 # define OPENSSL_NO_KRB5
 # define OPENSSL_NO_MD2
+# define OPENSSL_NO_MDC2
 # define OPENSSL_NO_PSK
 # define OPENSSL_NO_RC5
 # define OPENSSL_NO_RFC3779
diff --git a/src/lib/libcrypto/rsa/rsa_pmeth.c b/src/lib/libcrypto/rsa/rsa_pmeth.c
index 09166e105b..0b648138ee 100644
--- a/src/lib/libcrypto/rsa/rsa_pmeth.c
+++ b/src/lib/libcrypto/rsa/rsa_pmeth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_pmeth.c,v 1.16 2015/02/11 04:05:14 beck Exp $ */
+/* $OpenBSD: rsa_pmeth.c,v 1.17 2015/06/20 01:07:25 doug Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -178,18 +178,7 @@ pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
                         return -1;
                 }
 
-                if (EVP_MD_type(rctx->md) == NID_mdc2) {
-                        unsigned int sltmp;
-
-                        if (rctx->pad_mode != RSA_PKCS1_PADDING)
-                                return -1;
-                        ret = RSA_sign_ASN1_OCTET_STRING(NID_mdc2, tbs, tbslen,
-                            sig, &sltmp, rsa);
-
-                        if (ret <= 0)
-                                return ret;
-                        ret = sltmp;
-                } else if (rctx->pad_mode == RSA_X931_PADDING) {
+                if (rctx->pad_mode == RSA_X931_PADDING) {
                         if (!setup_tbuf(rctx, ctx))
                                 return -1;
                         memcpy(rctx->tbuf, tbs, tbslen);
diff --git a/src/lib/libcrypto/rsa/rsa_sign.c b/src/lib/libcrypto/rsa/rsa_sign.c
index a446b563b3..09d8ef329d 100644
--- a/src/lib/libcrypto/rsa/rsa_sign.c
+++ b/src/lib/libcrypto/rsa/rsa_sign.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_sign.c,v 1.22 2014/07/11 08:44:49 jsing Exp $ */
+/* $OpenBSD: rsa_sign.c,v 1.23 2015/06/20 01:07:25 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -180,21 +180,6 @@ int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
         if (i <= 0)
                 goto err;
 
-        /*
-         * Oddball MDC2 case: signature can be OCTET STRING.
-         * check for correct tag and length octets.
-         */
-        if (dtype == NID_mdc2 && i == 18 && s[0] == 0x04 && s[1] == 0x10) {
-                if (rm) {
-                        memcpy(rm, s + 2, 16);
-                        *prm_len = 16;
-                        ret = 1;
-                } else if (memcmp(m, s + 2, 16))
-                        RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
-                else
-                        ret = 1;
-        }
-
         /* Special case: SSL signature */
         if (dtype == NID_md5_sha1) {
                 if (i != SSL_SIG_LENGTH || memcmp(s, m, SSL_SIG_LENGTH))
diff --git a/src/lib/libssl/src/crypto/evp/c_all.c b/src/lib/libssl/src/crypto/evp/c_all.c
index d794629ca8..5f9df3a7ad 100644
--- a/src/lib/libssl/src/crypto/evp/c_all.c
+++ b/src/lib/libssl/src/crypto/evp/c_all.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: c_all.c,v 1.16 2015/02/10 11:45:09 jsing Exp $ */
+/* $OpenBSD: c_all.c,v 1.17 2015/06/20 01:07:24 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -265,9 +265,6 @@ OpenSSL_add_all_digests(void)
         EVP_add_digest(EVP_streebog256());
         EVP_add_digest(EVP_streebog512());
 #endif
-#if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES)
-        EVP_add_digest(EVP_mdc2());
-#endif
 #ifndef OPENSSL_NO_RIPEMD
         EVP_add_digest(EVP_ripemd160());
         EVP_add_digest_alias(SN_ripemd160, "ripemd");
diff --git a/src/lib/libssl/src/crypto/evp/evp.h b/src/lib/libssl/src/crypto/evp/evp.h
index 330e01e0e6..57f8753ced 100644
--- a/src/lib/libssl/src/crypto/evp/evp.h
+++ b/src/lib/libssl/src/crypto/evp/evp.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp.h,v 1.44 2015/02/10 11:45:09 jsing Exp $ */
+/* $OpenBSD: evp.h,v 1.45 2015/06/20 01:07:24 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -669,9 +669,6 @@ const EVP_MD *EVP_sha256(void);
 const EVP_MD *EVP_sha384(void);
 const EVP_MD *EVP_sha512(void);
 #endif
-#ifndef OPENSSL_NO_MDC2
-const EVP_MD *EVP_mdc2(void);
-#endif
 #ifndef OPENSSL_NO_RIPEMD
 const EVP_MD *EVP_ripemd160(void);
 #endif
diff --git a/src/lib/libssl/src/crypto/evp/m_mdc2.c b/src/lib/libssl/src/crypto/evp/m_mdc2.c
deleted file mode 100644
index cfbdfc3852..0000000000
--- a/src/lib/libssl/src/crypto/evp/m_mdc2.c
+++ /dev/null
@@ -1,118 +0,0 @@
-/* $OpenBSD: m_mdc2.c,v 1.15 2014/07/13 09:30:02 miod Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-
-#include <openssl/opensslconf.h>
-
-#ifndef OPENSSL_NO_MDC2
-
-#include <openssl/evp.h>
-#include <openssl/mdc2.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-
-static int
-init(EVP_MD_CTX *ctx)
-{
-        return MDC2_Init(ctx->md_data);
-}
-
-static int
-update(EVP_MD_CTX *ctx, const void *data, size_t count)
-{
-        return MDC2_Update(ctx->md_data, data, count);
-}
-
-static int
-final(EVP_MD_CTX *ctx, unsigned char *md)
-{
-        return MDC2_Final(md, ctx->md_data);
-}
-
-static const EVP_MD mdc2_md = {
-        .type = NID_mdc2,
-        .pkey_type = NID_mdc2WithRSA,
-        .md_size = MDC2_DIGEST_LENGTH,
-        .flags = 0,
-        .init = init,
-        .update = update,
-        .final = final,
-        .copy = NULL,
-        .cleanup = NULL,
-#ifndef OPENSSL_NO_RSA
-        .sign = (evp_sign_method *)RSA_sign_ASN1_OCTET_STRING,
-        .verify = (evp_verify_method *)RSA_verify_ASN1_OCTET_STRING,
-        .required_pkey_type = {
-                EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0,
-        },
-#endif
-        .block_size = MDC2_BLOCK,
-        .ctx_size = sizeof(EVP_MD *) + sizeof(MDC2_CTX),
-};
-
-const EVP_MD *
-EVP_mdc2(void)
-{
-        return (&mdc2_md);
-}
-#endif
diff --git a/src/lib/libssl/src/crypto/mdc2/mdc2.h b/src/lib/libssl/src/crypto/mdc2/mdc2.h
deleted file mode 100644
index 9128eeb878..0000000000
--- a/src/lib/libssl/src/crypto/mdc2/mdc2.h
+++ /dev/null
@@ -1,97 +0,0 @@
-/* $OpenBSD: mdc2.h,v 1.13 2014/07/10 22:45:57 jsing Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_MDC2_H
-#define HEADER_MDC2_H
-
-#include <openssl/opensslconf.h>
-
-#include <openssl/des.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#ifdef OPENSSL_NO_MDC2
-#error MDC2 is disabled.
-#endif
-
-#define MDC2_BLOCK              8
-#define MDC2_DIGEST_LENGTH      16
- 
-typedef struct mdc2_ctx_st
-        {
-        unsigned int num;
-        unsigned char data[MDC2_BLOCK];
-        DES_cblock h,hh;
-        int pad_type; /* either 1 or 2, default 1 */
-        } MDC2_CTX;
-
-
-int MDC2_Init(MDC2_CTX *c);
-int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len);
-int MDC2_Final(unsigned char *md, MDC2_CTX *c);
-unsigned char *MDC2(const unsigned char *d, size_t n,
-        unsigned char *md);
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
-
diff --git a/src/lib/libssl/src/crypto/mdc2/mdc2_one.c b/src/lib/libssl/src/crypto/mdc2/mdc2_one.c
deleted file mode 100644
index 8f922b1c7d..0000000000
--- a/src/lib/libssl/src/crypto/mdc2/mdc2_one.c
+++ /dev/null
@@ -1,77 +0,0 @@
-/* $OpenBSD: mdc2_one.c,v 1.4 2014/07/11 08:44:49 jsing Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-
-#include <openssl/crypto.h>
-#include <openssl/mdc2.h>
-
-unsigned char *MDC2(const unsigned char *d, size_t n, unsigned char *md)
-        {
-        MDC2_CTX c;
-        static unsigned char m[MDC2_DIGEST_LENGTH];
-
-        if (md == NULL) md=m;
-        if (!MDC2_Init(&c))
-                return NULL;
-        MDC2_Update(&c,d,n);
-        MDC2_Final(md,&c);
-        OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
-        return(md);
-        }
-
diff --git a/src/lib/libssl/src/crypto/mdc2/mdc2dgst.c b/src/lib/libssl/src/crypto/mdc2/mdc2dgst.c
deleted file mode 100644
index b4b0068d59..0000000000
--- a/src/lib/libssl/src/crypto/mdc2/mdc2dgst.c
+++ /dev/null
@@ -1,179 +0,0 @@
-/* $OpenBSD: mdc2dgst.c,v 1.7 2014/10/28 07:35:59 jsg Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/des.h>
-#include <openssl/mdc2.h>
-
-#undef c2l
-#define c2l(c,l)        (l =((DES_LONG)(*((c)++)))    , \
-                         l|=((DES_LONG)(*((c)++)))<< 8L, \
-                         l|=((DES_LONG)(*((c)++)))<<16L, \
-                         l|=((DES_LONG)(*((c)++)))<<24L)
-
-#undef l2c
-#define l2c(l,c)        (*((c)++)=(unsigned char)(((l)     )&0xff), \
-                        *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
-                        *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
-                        *((c)++)=(unsigned char)(((l)>>24L)&0xff))
-
-static void mdc2_body(MDC2_CTX *c, const unsigned char *in, size_t len);
-int MDC2_Init(MDC2_CTX *c)
-        {
-        c->num=0;
-        c->pad_type=1;
-        memset(&(c->h[0]),0x52,MDC2_BLOCK);
-        memset(&(c->hh[0]),0x25,MDC2_BLOCK);
-        return 1;
-        }
-
-int MDC2_Update(MDC2_CTX *c, const unsigned char *in, size_t len)
-        {
-        size_t i,j;
-
-        i=c->num;
-        if (i != 0)
-                {
-                if (i+len < MDC2_BLOCK)
-                        {
-                        /* partial block */
-                        memcpy(&(c->data[i]),in,len);
-                        c->num+=(int)len;
-                        return 1;
-                        }
-                else
-                        {
-                        /* filled one */
-                        j=MDC2_BLOCK-i;
-                        memcpy(&(c->data[i]),in,j);
-                        len-=j;
-                        in+=j;
-                        c->num=0;
-                        mdc2_body(c,&(c->data[0]),MDC2_BLOCK);
-                        }
-                }
-        i=len&~((size_t)MDC2_BLOCK-1);
-        if (i > 0) mdc2_body(c,in,i);
-        j=len-i;
-        if (j > 0)
-                {
-                memcpy(&(c->data[0]),&(in[i]),j);
-                c->num=(int)j;
-                }
-        return 1;
-        }
-
-static void mdc2_body(MDC2_CTX *c, const unsigned char *in, size_t len)
-        {
-        DES_LONG tin0,tin1;
-        DES_LONG ttin0,ttin1;
-        DES_LONG d[2],dd[2];
-        DES_key_schedule k;
-        unsigned char *p;
-        size_t i;
-
-        for (i=0; i<len; i+=8)
-                {
-                c2l(in,tin0); d[0]=dd[0]=tin0;
-                c2l(in,tin1); d[1]=dd[1]=tin1;
-                c->h[0]=(c->h[0]&0x9f)|0x40;
-                c->hh[0]=(c->hh[0]&0x9f)|0x20;
-
-                DES_set_odd_parity(&c->h);
-                DES_set_key_unchecked(&c->h,&k);
-                DES_encrypt1(d,&k,1);
-
-                DES_set_odd_parity(&c->hh);
-                DES_set_key_unchecked(&c->hh,&k);
-                DES_encrypt1(dd,&k,1);
-
-                ttin0=tin0^dd[0];
-                ttin1=tin1^dd[1];
-                tin0^=d[0];
-                tin1^=d[1];
-
-                p=c->h;
-                l2c(tin0,p);
-                l2c(ttin1,p);
-                p=c->hh;
-                l2c(ttin0,p);
-                l2c(tin1,p);
-                }
-        }
-
-int MDC2_Final(unsigned char *md, MDC2_CTX *c)
-        {
-        unsigned int i;
-        int j;
-
-        i=c->num;
-        j=c->pad_type;
-        if ((i > 0) || (j == 2))
-                {
-                if (j == 2)
-                        c->data[i++]=0x80;
-                memset(&(c->data[i]),0,MDC2_BLOCK-i);
-                mdc2_body(c,c->data,MDC2_BLOCK);
-                }
-        memcpy(md,(char *)c->h,MDC2_BLOCK);
-        memcpy(&(md[MDC2_BLOCK]),(char *)c->hh,MDC2_BLOCK);
-        return 1;
-        }
diff --git a/src/lib/libssl/src/crypto/opensslfeatures.h b/src/lib/libssl/src/crypto/opensslfeatures.h
index 811fac610f..a0fcc0078e 100644
--- a/src/lib/libssl/src/crypto/opensslfeatures.h
+++ b/src/lib/libssl/src/crypto/opensslfeatures.h
@@ -6,6 +6,7 @@
 # define OPENSSL_NO_JPAKE
 # define OPENSSL_NO_KRB5
 # define OPENSSL_NO_MD2
+# define OPENSSL_NO_MDC2
 # define OPENSSL_NO_PSK
 # define OPENSSL_NO_RC5
 # define OPENSSL_NO_RFC3779
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_pmeth.c b/src/lib/libssl/src/crypto/rsa/rsa_pmeth.c
index 09166e105b..0b648138ee 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_pmeth.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_pmeth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_pmeth.c,v 1.16 2015/02/11 04:05:14 beck Exp $ */
+/* $OpenBSD: rsa_pmeth.c,v 1.17 2015/06/20 01:07:25 doug Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -178,18 +178,7 @@ pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
                         return -1;
                 }
 
-                if (EVP_MD_type(rctx->md) == NID_mdc2) {
-                        unsigned int sltmp;
-
-                        if (rctx->pad_mode != RSA_PKCS1_PADDING)
-                                return -1;
-                        ret = RSA_sign_ASN1_OCTET_STRING(NID_mdc2, tbs, tbslen,
-                            sig, &sltmp, rsa);
-
-                        if (ret <= 0)
-                                return ret;
-                        ret = sltmp;
-                } else if (rctx->pad_mode == RSA_X931_PADDING) {
+                if (rctx->pad_mode == RSA_X931_PADDING) {
                         if (!setup_tbuf(rctx, ctx))
                                 return -1;
                         memcpy(rctx->tbuf, tbs, tbslen);
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_sign.c b/src/lib/libssl/src/crypto/rsa/rsa_sign.c
index a446b563b3..09d8ef329d 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_sign.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_sign.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_sign.c,v 1.22 2014/07/11 08:44:49 jsing Exp $ */
+/* $OpenBSD: rsa_sign.c,v 1.23 2015/06/20 01:07:25 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -180,21 +180,6 @@ int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
         if (i <= 0)
                 goto err;
 
-        /*
-         * Oddball MDC2 case: signature can be OCTET STRING.
-         * check for correct tag and length octets.
-         */
-        if (dtype == NID_mdc2 && i == 18 && s[0] == 0x04 && s[1] == 0x10) {
-                if (rm) {
-                        memcpy(rm, s + 2, 16);
-                        *prm_len = 16;
-                        ret = 1;
-                } else if (memcmp(m, s + 2, 16))
-                        RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
-                else
-                        ret = 1;
-        }
-
         /* Special case: SSL signature */
         if (dtype == NID_md5_sha1) {
                 if (i != SSL_SIG_LENGTH || memcmp(s, m, SSL_SIG_LENGTH))
diff --git a/src/lib/libssl/src/doc/apps/ca.pod b/src/lib/libssl/src/doc/apps/ca.pod
index 7294627d16..ecbe7954d6 100644
--- a/src/lib/libssl/src/doc/apps/ca.pod
+++ b/src/lib/libssl/src/doc/apps/ca.pod
@@ -159,7 +159,7 @@ the number of days to certify the certificate for.
 
 =item B<-md alg>
 
-the message digest to use. Possible values include md5, sha1 and mdc2.
+the message digest to use. Possible values include md5 and sha1.
 This option also applies to CRLs.
 
 =item B<-policy arg>
diff --git a/src/lib/libssl/src/doc/apps/dgst.pod b/src/lib/libssl/src/doc/apps/dgst.pod
index da690472a3..d8b2abc6fb 100644
--- a/src/lib/libssl/src/doc/apps/dgst.pod
+++ b/src/lib/libssl/src/doc/apps/dgst.pod
@@ -2,12 +2,12 @@
 
 =head1 NAME
 
-dgst, md5, md4, md2, sha1, sha, mdc2, ripemd160 - message digests
+dgst, md5, md4, md2, sha1, sha, ripemd160 - message digests
 
 =head1 SYNOPSIS
 
 B<openssl> B<dgst>
-[B<-md5|-md4|-md2|-sha1|-sha|-mdc2|-ripemd160|-dss1>]
+[B<-md5|-md4|-md2|-sha1|-sha|-ripemd160|-dss1>]
 [B<-c>]
 [B<-d>]
 [B<-hex>]
@@ -22,7 +22,7 @@ B<openssl> B<dgst>
 [B<-hmac key>]
 [B<file...>]
 
-[B<md5|md4|md2|sha1|sha|mdc2|ripemd160>]
+[B<md5|md4|md2|sha1|sha|ripemd160>]
 [B<-c>]
 [B<-d>]
 [B<file...>]
diff --git a/src/lib/libssl/src/doc/apps/openssl.pod b/src/lib/libssl/src/doc/apps/openssl.pod
index c40b50d950..718d679dbb 100644
--- a/src/lib/libssl/src/doc/apps/openssl.pod
+++ b/src/lib/libssl/src/doc/apps/openssl.pod
@@ -271,10 +271,6 @@ MD2 Digest
 
 MD5 Digest
 
-=item B<mdc2>
-
-MDC2 Digest
-
 =item B<rmd160>
 
 RMD-160 Digest
diff --git a/src/lib/libssl/src/doc/apps/req.pod b/src/lib/libssl/src/doc/apps/req.pod
index 4f6d64766d..3d556bd968 100644
--- a/src/lib/libssl/src/doc/apps/req.pod
+++ b/src/lib/libssl/src/doc/apps/req.pod
@@ -387,7 +387,7 @@ option. For compatibility B<encrypt_rsa_key> is an equivalent option.
 =item B<default_md>
 
 This option specifies the digest algorithm to use. Possible values
-include B<md5 sha1 mdc2>. If not present then MD5 is used. This
+include B<md5 sha1>. If not present then MD5 is used. This
 option can be overridden on the command line.
 
 =item B<string_mask>
diff --git a/src/lib/libssl/src/doc/apps/speed.pod b/src/lib/libssl/src/doc/apps/speed.pod
index 1cd1998d16..c309d9a060 100644
--- a/src/lib/libssl/src/doc/apps/speed.pod
+++ b/src/lib/libssl/src/doc/apps/speed.pod
@@ -9,7 +9,6 @@ speed - test library performance
 B<openssl speed>
 [B<-engine id>]
 [B<md2>]
-[B<mdc2>]
 [B<md5>]
 [B<hmac>]
 [B<sha1>]
diff --git a/src/lib/libssl/src/doc/apps/ts.pod b/src/lib/libssl/src/doc/apps/ts.pod
index 1abf9df566..3075b6887a 100644
--- a/src/lib/libssl/src/doc/apps/ts.pod
+++ b/src/lib/libssl/src/doc/apps/ts.pod
@@ -12,7 +12,7 @@ B<-query>
 [B<-config> configfile]
 [B<-data> file_to_hash]
 [B<-digest> digest_bytes]
-[B<-md2>|B<-md4>|B<-md5>|B<-sha>|B<-sha1>|B<-mdc2>|B<-ripemd160>|B<...>]
+[B<-md2>|B<-md4>|B<-md5>|B<-sha>|B<-sha1>|B<-ripemd160>|B<...>]
 [B<-policy> object_id]
 [B<-no_nonce>]
 [B<-cert>]
@@ -124,7 +124,7 @@ per byte, the bytes optionally separated by colons (e.g. 1A:F6:01:... or
 1AF601...). The number of bytes must match the message digest algorithm
 in use. (Optional)
 
-=item B<-md2>|B<-md4>|B<-md5>|B<-sha>|B<-sha1>|B<-mdc2>|B<-ripemd160>|B<...>
+=item B<-md2>|B<-md4>|B<-md5>|B<-sha>|B<-sha1>|B<-ripemd160>|B<...>
 
 The message digest to apply to the data file, it supports all the message
 digest algorithms that are supported by the openssl B<dgst> command.
diff --git a/src/lib/libssl/src/doc/apps/x509.pod b/src/lib/libssl/src/doc/apps/x509.pod
index e6ea9cd9d2..25471736a0 100644
--- a/src/lib/libssl/src/doc/apps/x509.pod
+++ b/src/lib/libssl/src/doc/apps/x509.pod
@@ -50,7 +50,7 @@ B<openssl> B<x509>
 [B<-CAserial filename>]
 [B<-text>]
 [B<-C>]
-[B<-md2|-md5|-sha1|-mdc2>]
+[B<-md2|-md5|-sha1>]
 [B<-clrext>]
 [B<-extfile filename>]
 [B<-extensions section>]
@@ -96,7 +96,7 @@ if this option is not specified.
 This specifies the output filename to write to or standard output by
 default.
 
-=item B<-md2|-md5|-sha1|-mdc2>
+=item B<-md2|-md5|-sha1>
 
 the digest to use. This affects any signing or display option that uses a message
 digest, such as the B<-fingerprint>, B<-signkey> and B<-CA> options. If not
diff --git a/src/lib/libssl/src/doc/crypto/EVP_DigestInit.pod b/src/lib/libssl/src/doc/crypto/EVP_DigestInit.pod
index 4b48080b4a..ccb19fc0a7 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_DigestInit.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_DigestInit.pod
@@ -8,7 +8,7 @@ EVP_MD_CTX_copy_ex, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type,
 EVP_MD_size, EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size,
 EVP_MD_CTX_block_size, EVP_MD_CTX_type, EVP_md_null, EVP_md2, EVP_md5, EVP_sha,
 EVP_sha1, EVP_sha224, EVP_sha256, EVP_sha384, EVP_sha512, EVP_dss, EVP_dss1,
-EVP_mdc2, EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid,
+EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid,
 EVP_get_digestbyobj - EVP digest routines
 
 =head1 SYNOPSIS
@@ -53,7 +53,6 @@ EVP_get_digestbyobj - EVP digest routines
  const EVP_MD *EVP_sha1(void);
  const EVP_MD *EVP_dss(void);
  const EVP_MD *EVP_dss1(void);
- const EVP_MD *EVP_mdc2(void);
  const EVP_MD *EVP_ripemd160(void);
 
  const EVP_MD *EVP_sha224(void);
@@ -134,8 +133,8 @@ algorithms are no longer linked this function is only retained for
 compatibility reasons.
 
 EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_sha224(), EVP_sha256(),
-EVP_sha384(), EVP_sha512(), EVP_mdc2() and EVP_ripemd160() return B<EVP_MD>
-structures for the MD2, MD5, SHA, SHA1, SHA224, SHA256, SHA384, SHA512, MDC2
+EVP_sha384(), EVP_sha512() and EVP_ripemd160() return B<EVP_MD>
+structures for the MD2, MD5, SHA, SHA1, SHA224, SHA256, SHA384, SHA512
 and RIPEMD160 digest algorithms respectively.
 
 EVP_dss() and EVP_dss1() return B<EVP_MD> structures for SHA and SHA1 digest
@@ -165,7 +164,7 @@ EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size() and
 EVP_MD_CTX_block_size() return the digest or block size in bytes.
 
 EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_dss(),
-EVP_dss1(), EVP_mdc2() and EVP_ripemd160() return pointers to the
+EVP_dss1() and EVP_ripemd160() return pointers to the
 corresponding EVP_MD structures.
 
 EVP_get_digestbyname(), EVP_get_digestbynid() and EVP_get_digestbyobj()
@@ -253,7 +252,7 @@ digest name passed on the command line.
 =head1 SEE ALSO
 
 L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
-L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+L<md5(3)|md5(3)>, L<ripemd(3)|ripemd(3)>,
 L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
 
 =head1 HISTORY
@@ -266,7 +265,7 @@ EVP_MD_CTX_cleanup(), EVP_MD_CTX_destroy(), EVP_DigestInit_ex()
 and EVP_DigestFinal_ex() were added in OpenSSL 0.9.7.
 
 EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(),
-EVP_dss(), EVP_dss1(), EVP_mdc2() and EVP_ripemd160() were
+EVP_dss(), EVP_dss1() and EVP_ripemd160() were
 changed to return truely const EVP_MD * in OpenSSL 0.9.7.
 
 The link between digests and signing algorithms was fixed in OpenSSL 1.0 and
diff --git a/src/lib/libssl/src/doc/crypto/EVP_DigestSignInit.pod b/src/lib/libssl/src/doc/crypto/EVP_DigestSignInit.pod
index e70b88a4a9..7fd4c22e79 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_DigestSignInit.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_DigestSignInit.pod
@@ -74,7 +74,7 @@ which indicates the maximum possible signature for any set of parameters.
 L<EVP_DigestVerifyInit(3)|EVP_DigestVerifyInit(3)>,
 L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
 L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
-L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+L<md5(3)|md5(3)>, L<ripemd(3)|ripemd(3)>,
 L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
 
 =head1 HISTORY
diff --git a/src/lib/libssl/src/doc/crypto/EVP_DigestVerifyInit.pod b/src/lib/libssl/src/doc/crypto/EVP_DigestVerifyInit.pod
index 9eebb15d22..0817cf0b02 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_DigestVerifyInit.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_DigestVerifyInit.pod
@@ -69,7 +69,7 @@ will occur.
 L<EVP_DigestSignInit(3)|EVP_DigestSignInit(3)>,
 L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
 L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
-L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+L<md5(3)|md5(3)>, L<ripemd(3)|ripemd(3)>,
 L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
 
 =head1 HISTORY
diff --git a/src/lib/libssl/src/doc/crypto/EVP_SignInit.pod b/src/lib/libssl/src/doc/crypto/EVP_SignInit.pod
index 5a1b67e006..9aafa3d63a 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_SignInit.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_SignInit.pod
@@ -89,7 +89,7 @@ The previous two bugs are fixed in the newer EVP_SignDigest*() function.
 L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>,
 L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
 L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
-L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+L<md5(3)|md5(3)>, L<ripemd(3)|ripemd(3)>,
 L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
 
 =head1 HISTORY
diff --git a/src/lib/libssl/src/doc/crypto/EVP_VerifyInit.pod b/src/lib/libssl/src/doc/crypto/EVP_VerifyInit.pod
index c665ee2ebc..b0d3f8e4c9 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_VerifyInit.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_VerifyInit.pod
@@ -83,7 +83,7 @@ L<evp(3)|evp(3)>,
 L<EVP_SignInit(3)|EVP_SignInit(3)>,
 L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
 L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
-L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+L<md5(3)|md5(3)>, L<ripemd(3)|ripemd(3)>,
 L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
 
 =head1 HISTORY
diff --git a/src/lib/libssl/src/doc/crypto/crypto.pod b/src/lib/libssl/src/doc/crypto/crypto.pod
index 2349014fce..bbd6ce9ea9 100644
--- a/src/lib/libssl/src/doc/crypto/crypto.pod
+++ b/src/lib/libssl/src/doc/crypto/crypto.pod
@@ -41,7 +41,7 @@ L<x509(3)|x509(3)>, L<x509v3(3)|x509v3(3)>
 =item AUTHENTICATION CODES, HASH FUNCTIONS
 
 L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>, L<md4(3)|md4(3)>,
-L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+L<md5(3)|md5(3)>, L<ripemd(3)|ripemd(3)>,
 L<sha(3)|sha(3)>
 
 =item AUXILIARY FUNCTIONS
diff --git a/src/regress/lib/libcrypto/Makefile b/src/regress/lib/libcrypto/Makefile
index 3836a55d98..b2247a7b29 100644
--- a/src/regress/lib/libcrypto/Makefile
+++ b/src/regress/lib/libcrypto/Makefile
@@ -1,4 +1,4 @@
-#       $OpenBSD: Makefile,v 1.17 2014/11/18 21:52:43 miod Exp $
+#       $OpenBSD: Makefile,v 1.18 2015/06/20 01:07:25 doug Exp $
 
 SUBDIR= \
         aead \
@@ -26,7 +26,6 @@ SUBDIR= \
         ige \
         md4 \
         md5 \
-        mdc2 \
         pbkdf2 \
         pkcs7 \
         poly1305 \
diff --git a/src/regress/lib/libcrypto/mdc2/Makefile b/src/regress/lib/libcrypto/mdc2/Makefile
deleted file mode 100644
index 67764ec7df..0000000000
--- a/src/regress/lib/libcrypto/mdc2/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
-#       $OpenBSD: Makefile,v 1.3 2014/07/08 15:53:52 jsing Exp $
-
-PROG=   mdc2test
-LDADD=  -lcrypto
-DPADD=  ${LIBCRYPTO}
-WARNINGS=       Yes
-CFLAGS+=        -DLIBRESSL_INTERNAL -Werror
-
-.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/mdc2/mdc2test.c b/src/regress/lib/libcrypto/mdc2/mdc2test.c
deleted file mode 100644
index aa84a3a00b..0000000000
--- a/src/regress/lib/libcrypto/mdc2/mdc2test.c
+++ /dev/null
@@ -1,123 +0,0 @@
-/* crypto/mdc2/mdc2test.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <openssl/evp.h>
-#include <openssl/mdc2.h>
-
-static unsigned char pad1[16]={
-        0x42,0xE5,0x0C,0xD2,0x24,0xBA,0xCE,0xBA,
-        0x76,0x0B,0xDD,0x2B,0xD4,0x09,0x28,0x1A
-        };
-
-static unsigned char pad2[16]={
-        0x2E,0x46,0x79,0xB5,0xAD,0xD9,0xCA,0x75,
-        0x35,0xD8,0x7A,0xFE,0xAB,0x33,0xBE,0xE2
-        };
-
-int main(int argc, char *argv[])
-        {
-        int ret=0;
-        unsigned char md[MDC2_DIGEST_LENGTH];
-        int i;
-        EVP_MD_CTX c;
-        static char *text="Now is the time for all ";
-
-        EVP_MD_CTX_init(&c);
-        EVP_DigestInit_ex(&c,EVP_mdc2(), NULL);
-        EVP_DigestUpdate(&c,(unsigned char *)text,strlen(text));
-        EVP_DigestFinal_ex(&c,&(md[0]),NULL);
-
-        if (memcmp(md,pad1,MDC2_DIGEST_LENGTH) != 0)
-                {
-                for (i=0; i<MDC2_DIGEST_LENGTH; i++)
-                        printf("%02X",md[i]);
-                printf(" <- generated\n");
-                for (i=0; i<MDC2_DIGEST_LENGTH; i++)
-                        printf("%02X",pad1[i]);
-                printf(" <- correct\n");
-                ret=1;
-                }
-        else
-                printf("pad1 - ok\n");
-
-        EVP_DigestInit_ex(&c,EVP_mdc2(), NULL);
-        /* FIXME: use a ctl function? */
-        ((MDC2_CTX *)c.md_data)->pad_type=2;
-        EVP_DigestUpdate(&c,(unsigned char *)text,strlen(text));
-        EVP_DigestFinal_ex(&c,&(md[0]),NULL);
-
-        if (memcmp(md,pad2,MDC2_DIGEST_LENGTH) != 0)
-                {
-                for (i=0; i<MDC2_DIGEST_LENGTH; i++)
-                        printf("%02X",md[i]);
-                printf(" <- generated\n");
-                for (i=0; i<MDC2_DIGEST_LENGTH; i++)
-                        printf("%02X",pad2[i]);
-                printf(" <- correct\n");
-                ret=1;
-                }
-        else
-                printf("pad2 - ok\n");
-
-        EVP_MD_CTX_cleanup(&c);
-        exit(ret);
-        }
diff --git a/src/usr.bin/openssl/openssl.1 b/src/usr.bin/openssl/openssl.1
index c90d998cb6..5106943640 100644
--- a/src/usr.bin/openssl/openssl.1
+++ b/src/usr.bin/openssl/openssl.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: openssl.1,v 1.14 2015/06/18 11:38:41 jmc Exp $
+.\" $OpenBSD: openssl.1,v 1.15 2015/06/20 01:07:25 doug Exp $
 .\" ====================================================================
 .\" Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 .\"
@@ -112,7 +112,7 @@
 .\"
 .\" OPENSSL
 .\"
-.Dd $Mdocdate: June 18 2015 $
+.Dd $Mdocdate: June 20 2015 $
 .Dt OPENSSL 1
 .Os
 .Sh NAME
@@ -389,8 +389,6 @@ GOST R 34.11-94 digest.
 MD4 digest.
 .It Cm md5
 MD5 digest.
-.It Cm mdc2
-MDC-2 digest.
 .It Cm ripemd160
 RIPEMD-160 digest.
 .It Cm sha
@@ -1814,7 +1812,7 @@ install user certificates and CAs in MSIE using the Xenroll control.
 .Bk -words
 .Oo
 .Fl gost-mac | streebog256 | streebog512 | md_gost94 |
-.Fl md4 | md5 | mdc2 | ripemd160 | sha | sha1 |
+.Fl md4 | md5 | ripemd160 | sha | sha1 |
 .Fl sha224 | sha256 | sha384 | sha512 | whirlpool
 .Oc
 .Op Fl binary
@@ -1838,7 +1836,7 @@ install user certificates and CAs in MSIE using the Xenroll control.
 .Pp
 .Nm openssl
 .Cm gost-mac | streebog256 | streebog512 | md_gost94 |
-.Cm md4 | md5 | mdc2 | ripemd160 | sha | sha1 |
+.Cm md4 | md5 | ripemd160 | sha | sha1 |
 .Cm sha224 | sha256 | sha384 | sha512 | whirlpool
 .Op Fl c
 .Op Fl d
diff --git a/src/usr.bin/openssl/req.c b/src/usr.bin/openssl/req.c
index 1d50524052..93742971ff 100644
--- a/src/usr.bin/openssl/req.c
+++ b/src/usr.bin/openssl/req.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: req.c,v 1.4 2014/10/16 10:43:54 jsing Exp $ */
+/* $OpenBSD: req.c,v 1.5 2015/06/20 01:07:25 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -379,7 +379,7 @@ bad:
                 BIO_printf(bio_err, " -newkey rsa:bits generate a new RSA key of 'bits' in size\n");
                 BIO_printf(bio_err, " -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");
                 BIO_printf(bio_err, " -newkey ec:file generate a new EC key, parameters taken from CA in 'file'\n");
-                BIO_printf(bio_err, " -[digest]      Digest to sign with (md5, sha1, md2, mdc2, md4)\n");
+                BIO_printf(bio_err, " -[digest]      Digest to sign with (md5, sha1, md4)\n");
                 BIO_printf(bio_err, " -config file   request template file.\n");
                 BIO_printf(bio_err, " -subj arg      set or modify request subject\n");
                 BIO_printf(bio_err, " -multivalue-rdn enable support for multivalued RDNs\n");
diff --git a/src/usr.bin/openssl/speed.c b/src/usr.bin/openssl/speed.c
index 8795d6c434..236e0267bb 100644
--- a/src/usr.bin/openssl/speed.c
+++ b/src/usr.bin/openssl/speed.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: speed.c,v 1.5 2015/02/08 10:22:45 doug Exp $ */
+/* $OpenBSD: speed.c,v 1.6 2015/06/20 01:07:25 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -124,9 +124,6 @@
 #ifndef OPENSSL_NO_IDEA
 #include <openssl/idea.h>
 #endif
-#ifndef OPENSSL_NO_MDC2
-#include <openssl/mdc2.h>
-#endif
 #ifndef OPENSSL_NO_MD4
 #include <openssl/md4.h>
 #endif
@@ -179,7 +176,7 @@ static int do_multi(int multi);
 #define MAX_ECDH_SIZE 256
 
 static const char *names[ALGOR_NUM] = {
-        "md2", "mdc2", "md4", "md5", "hmac(md5)", "sha1", "rmd160", "rc4",
+        "md2", "md4", "md5", "hmac(md5)", "sha1", "rmd160", "rc4",
         "des cbc", "des ede3", "idea cbc", "seed cbc",
         "rc2 cbc", "rc5-32/12 cbc", "blowfish cbc", "cast cbc",
         "aes-128 cbc", "aes-192 cbc", "aes-256 cbc",
@@ -241,9 +238,6 @@ speed_main(int argc, char **argv)
         long rsa_count;
         unsigned rsa_num;
         unsigned char md[EVP_MAX_MD_SIZE];
-#ifndef OPENSSL_NO_MDC2
-        unsigned char mdc2[MDC2_DIGEST_LENGTH];
-#endif
 #ifndef OPENSSL_NO_MD4
         unsigned char md4[MD4_DIGEST_LENGTH];
 #endif
@@ -331,7 +325,6 @@ speed_main(int argc, char **argv)
         CAMELLIA_KEY camellia_ks1, camellia_ks2, camellia_ks3;
 #endif
 #define D_MD2           0
-#define D_MDC2          1
 #define D_MD4           2
 #define D_MD5           3
 #define D_HMAC          4
@@ -586,11 +579,6 @@ speed_main(int argc, char **argv)
                         j--;    /* Otherwise, -mr gets confused with an
                                  * algorithm. */
                 } else
-#ifndef OPENSSL_NO_MDC2
-                if (strcmp(*argv, "mdc2") == 0)
-                        doit[D_MDC2] = 1;
-                else
-#endif
 #ifndef OPENSSL_NO_MD4
                 if (strcmp(*argv, "md4") == 0)
                         doit[D_MD4] = 1;
@@ -844,9 +832,6 @@ speed_main(int argc, char **argv)
                         BIO_printf(bio_err, "Error: bad option or value\n");
                         BIO_printf(bio_err, "\n");
                         BIO_printf(bio_err, "Available values:\n");
-#ifndef OPENSSL_NO_MDC2
-                        BIO_printf(bio_err, "mdc2     ");
-#endif
 #ifndef OPENSSL_NO_MD4
                         BIO_printf(bio_err, "md4      ");
 #endif
@@ -871,7 +856,7 @@ speed_main(int argc, char **argv)
 #ifndef OPENSSL_NO_RIPEMD160
                         BIO_printf(bio_err, "rmd160");
 #endif
-#if !defined(OPENSSL_NO_MD2) || !defined(OPENSSL_NO_MDC2) || \
+#if !defined(OPENSSL_NO_MD2) || \
     !defined(OPENSSL_NO_MD4) || !defined(OPENSSL_NO_MD5) || \
     !defined(OPENSSL_NO_SHA1) || !defined(OPENSSL_NO_RIPEMD160) || \
     !defined(OPENSSL_NO_WHIRLPOOL)
@@ -1042,19 +1027,6 @@ speed_main(int argc, char **argv)
 #define COUNT(d) (count)
         signal(SIGALRM, sig_done);
 
-#ifndef OPENSSL_NO_MDC2
-        if (doit[D_MDC2]) {
-                for (j = 0; j < SIZE_NUM; j++) {
-                        print_message(names[D_MDC2], c[D_MDC2][j], lengths[j]);
-                        Time_F(START);
-                        for (count = 0, run = 1; COND(c[D_MDC2][j]); count++)
-                                EVP_Digest(buf, (unsigned long) lengths[j], &(mdc2[0]), NULL, EVP_mdc2(), NULL);
-                        d = Time_F(STOP);
-                        print_result(D_MDC2, j, count, d);
-                }
-        }
-#endif
-
 #ifndef OPENSSL_NO_MD4
         if (doit[D_MD4]) {
                 for (j = 0; j < SIZE_NUM; j++) {
diff --git a/src/usr.bin/openssl/ts.c b/src/usr.bin/openssl/ts.c
index cd7d9cc81e..341d9395c7 100644
--- a/src/usr.bin/openssl/ts.c
+++ b/src/usr.bin/openssl/ts.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ts.c,v 1.3 2014/10/22 13:54:03 jsing Exp $ */
+/* $OpenBSD: ts.c,v 1.4 2015/06/20 01:07:25 doug Exp $ */
 /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
  * project 2002.
  */
@@ -306,7 +306,7 @@ usage:
         BIO_printf(bio_err, "usage:\n"
             "ts -query [-config configfile] "
             "[-data file_to_hash] [-digest digest_bytes]"
-            "[-md2|-md4|-md5|-sha|-sha1|-mdc2|-ripemd160] "
+            "[-md2|-md4|-md5|-sha|-sha1|-ripemd160] "
             "[-policy object_id] [-no_nonce] [-cert] "
             "[-in request.tsq] [-out request.tsq] [-text]\n");
         BIO_printf(bio_err, "or\n"
diff --git a/src/usr.bin/openssl/x509.c b/src/usr.bin/openssl/x509.c
index db3173e74d..0e4d7dcd77 100644
--- a/src/usr.bin/openssl/x509.c
+++ b/src/usr.bin/openssl/x509.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509.c,v 1.2 2014/08/28 14:23:52 jsing Exp $ */
+/* $OpenBSD: x509.c,v 1.3 2015/06/20 01:07:25 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -135,7 +135,7 @@ static const char *x509_usage[] = {
         " -set_serial     - serial number to use\n",
         " -text           - print the certificate in text form\n",
         " -C              - print out C code forms\n",
-        " -md2/-md5/-sha1/-mdc2 - digest to use\n",
+        " -md2/-md5/-sha1 - digest to use\n",
         " -extfile        - configuration file with X509V3 extensions to add\n",
         " -extensions     - section from config file with X509V3 extensions to add\n",
         " -clrext         - delete extensions before signing and input certificate\n",