38 files changed, 45 insertions, 1062 deletions

diff --git a/src/lib/libcrypto/crypto/Makefile b/src/lib/libcrypto/crypto/Makefile
index a4e65fd6a6..d523e8029d 100644
--- a/src/lib/libcrypto/crypto/Makefile
+++ b/src/lib/libcrypto/crypto/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.57 2015/04/11 16:16:15 deraadt Exp $
+# $OpenBSD: Makefile,v 1.58 2015/06/20 01:07:24 doug Exp $
 
 LIB=    crypto
 
@@ -146,7 +146,7 @@ SRCS+= e_des.c e_bf.c e_idea.c e_des3.c e_camellia.c
 SRCS+= e_rc4.c e_aes.c names.c
 SRCS+= e_xcbc_d.c e_rc2.c e_cast.c
 SRCS+= m_null.c m_md4.c m_md5.c m_sha.c m_sha1.c m_wp.c
-SRCS+= m_dss.c m_dss1.c m_mdc2.c m_ripemd.c m_ecdsa.c
+SRCS+= m_dss.c m_dss1.c m_ripemd.c m_ecdsa.c
 SRCS+= p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c
 SRCS+= bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c
 SRCS+= c_all.c evp_lib.c
@@ -180,9 +180,6 @@ SRCS+= md4_dgst.c md4_one.c
 # md5/
 SRCS+= md5_dgst.c md5_one.c
 
-# mdc2/
-SRCS+= mdc2dgst.c mdc2_one.c
-
 # modes/
 SRCS+= cbc128.c ctr128.c cts128.c cfb128.c ofb128.c gcm128.c ccm128.c xts128.c
 
@@ -292,7 +289,6 @@ SRCS+= pcy_cache.c pcy_node.c pcy_data.c pcy_map.c pcy_tree.c pcy_lib.c
         ${LCRYPTO_SRC}/lhash \
         ${LCRYPTO_SRC}/md4 \
         ${LCRYPTO_SRC}/md5 \
-        ${LCRYPTO_SRC}/mdc2 \
         ${LCRYPTO_SRC}/modes \
         ${LCRYPTO_SRC}/objects \
         ${LCRYPTO_SRC}/ocsp \
@@ -352,7 +348,6 @@ HDRS=\
         crypto/lhash/lhash.h \
         crypto/md4/md4.h \
         crypto/md5/md5.h \
-        crypto/mdc2/mdc2.h \
         crypto/modes/modes.h \
         crypto/objects/objects.h \
         crypto/ocsp/ocsp.h \
diff --git a/src/lib/libcrypto/doc/EVP_DigestInit.pod b/src/lib/libcrypto/doc/EVP_DigestInit.pod
index 4b48080b4a..ccb19fc0a7 100644
--- a/src/lib/libcrypto/doc/EVP_DigestInit.pod
+++ b/src/lib/libcrypto/doc/EVP_DigestInit.pod
@@ -8,7 +8,7 @@ EVP_MD_CTX_copy_ex, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type,
 EVP_MD_size, EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size,
 EVP_MD_CTX_block_size, EVP_MD_CTX_type, EVP_md_null, EVP_md2, EVP_md5, EVP_sha,
 EVP_sha1, EVP_sha224, EVP_sha256, EVP_sha384, EVP_sha512, EVP_dss, EVP_dss1,
-EVP_mdc2, EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid,
+EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid,
 EVP_get_digestbyobj - EVP digest routines
 
 =head1 SYNOPSIS
@@ -53,7 +53,6 @@ EVP_get_digestbyobj - EVP digest routines
  const EVP_MD *EVP_sha1(void);
  const EVP_MD *EVP_dss(void);
  const EVP_MD *EVP_dss1(void);
- const EVP_MD *EVP_mdc2(void);
  const EVP_MD *EVP_ripemd160(void);
 
  const EVP_MD *EVP_sha224(void);
@@ -134,8 +133,8 @@ algorithms are no longer linked this function is only retained for
 compatibility reasons.
 
 EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_sha224(), EVP_sha256(),
-EVP_sha384(), EVP_sha512(), EVP_mdc2() and EVP_ripemd160() return B<EVP_MD>
-structures for the MD2, MD5, SHA, SHA1, SHA224, SHA256, SHA384, SHA512, MDC2
+EVP_sha384(), EVP_sha512() and EVP_ripemd160() return B<EVP_MD>
+structures for the MD2, MD5, SHA, SHA1, SHA224, SHA256, SHA384, SHA512
 and RIPEMD160 digest algorithms respectively.
 
 EVP_dss() and EVP_dss1() return B<EVP_MD> structures for SHA and SHA1 digest
@@ -165,7 +164,7 @@ EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size() and
 EVP_MD_CTX_block_size() return the digest or block size in bytes.
 
 EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_dss(),
-EVP_dss1(), EVP_mdc2() and EVP_ripemd160() return pointers to the
+EVP_dss1() and EVP_ripemd160() return pointers to the
 corresponding EVP_MD structures.
 
 EVP_get_digestbyname(), EVP_get_digestbynid() and EVP_get_digestbyobj()
@@ -253,7 +252,7 @@ digest name passed on the command line.
 =head1 SEE ALSO
 
 L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
-L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+L<md5(3)|md5(3)>, L<ripemd(3)|ripemd(3)>,
 L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
 
 =head1 HISTORY
@@ -266,7 +265,7 @@ EVP_MD_CTX_cleanup(), EVP_MD_CTX_destroy(), EVP_DigestInit_ex()
 and EVP_DigestFinal_ex() were added in OpenSSL 0.9.7.
 
 EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(),
-EVP_dss(), EVP_dss1(), EVP_mdc2() and EVP_ripemd160() were
+EVP_dss(), EVP_dss1() and EVP_ripemd160() were
 changed to return truely const EVP_MD * in OpenSSL 0.9.7.
 
 The link between digests and signing algorithms was fixed in OpenSSL 1.0 and
diff --git a/src/lib/libcrypto/doc/EVP_DigestSignInit.pod b/src/lib/libcrypto/doc/EVP_DigestSignInit.pod
index e70b88a4a9..7fd4c22e79 100644
--- a/src/lib/libcrypto/doc/EVP_DigestSignInit.pod
+++ b/src/lib/libcrypto/doc/EVP_DigestSignInit.pod
@@ -74,7 +74,7 @@ which indicates the maximum possible signature for any set of parameters.
 L<EVP_DigestVerifyInit(3)|EVP_DigestVerifyInit(3)>,
 L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
 L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
-L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+L<md5(3)|md5(3)>, L<ripemd(3)|ripemd(3)>,
 L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
 
 =head1 HISTORY
diff --git a/src/lib/libcrypto/doc/EVP_DigestVerifyInit.pod b/src/lib/libcrypto/doc/EVP_DigestVerifyInit.pod
index 9eebb15d22..0817cf0b02 100644
--- a/src/lib/libcrypto/doc/EVP_DigestVerifyInit.pod
+++ b/src/lib/libcrypto/doc/EVP_DigestVerifyInit.pod
@@ -69,7 +69,7 @@ will occur.
 L<EVP_DigestSignInit(3)|EVP_DigestSignInit(3)>,
 L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
 L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
-L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+L<md5(3)|md5(3)>, L<ripemd(3)|ripemd(3)>,
 L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
 
 =head1 HISTORY
diff --git a/src/lib/libcrypto/doc/EVP_SignInit.pod b/src/lib/libcrypto/doc/EVP_SignInit.pod
index 5a1b67e006..9aafa3d63a 100644
--- a/src/lib/libcrypto/doc/EVP_SignInit.pod
+++ b/src/lib/libcrypto/doc/EVP_SignInit.pod
@@ -89,7 +89,7 @@ The previous two bugs are fixed in the newer EVP_SignDigest*() function.
 L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>,
 L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
 L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
-L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+L<md5(3)|md5(3)>, L<ripemd(3)|ripemd(3)>,
 L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
 
 =head1 HISTORY
diff --git a/src/lib/libcrypto/doc/EVP_VerifyInit.pod b/src/lib/libcrypto/doc/EVP_VerifyInit.pod
index c665ee2ebc..b0d3f8e4c9 100644
--- a/src/lib/libcrypto/doc/EVP_VerifyInit.pod
+++ b/src/lib/libcrypto/doc/EVP_VerifyInit.pod
@@ -83,7 +83,7 @@ L<evp(3)|evp(3)>,
 L<EVP_SignInit(3)|EVP_SignInit(3)>,
 L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
 L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
-L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+L<md5(3)|md5(3)>, L<ripemd(3)|ripemd(3)>,
 L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
 
 =head1 HISTORY
diff --git a/src/lib/libcrypto/evp/c_all.c b/src/lib/libcrypto/evp/c_all.c
index d794629ca8..5f9df3a7ad 100644
--- a/src/lib/libcrypto/evp/c_all.c
+++ b/src/lib/libcrypto/evp/c_all.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: c_all.c,v 1.16 2015/02/10 11:45:09 jsing Exp $ */
+/* $OpenBSD: c_all.c,v 1.17 2015/06/20 01:07:24 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -265,9 +265,6 @@ OpenSSL_add_all_digests(void)
         EVP_add_digest(EVP_streebog256());
         EVP_add_digest(EVP_streebog512());
 #endif
-#if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES)
-        EVP_add_digest(EVP_mdc2());
-#endif
 #ifndef OPENSSL_NO_RIPEMD
         EVP_add_digest(EVP_ripemd160());
         EVP_add_digest_alias(SN_ripemd160, "ripemd");
diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h
index 330e01e0e6..57f8753ced 100644
--- a/src/lib/libcrypto/evp/evp.h
+++ b/src/lib/libcrypto/evp/evp.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp.h,v 1.44 2015/02/10 11:45:09 jsing Exp $ */
+/* $OpenBSD: evp.h,v 1.45 2015/06/20 01:07:24 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -669,9 +669,6 @@ const EVP_MD *EVP_sha256(void);
 const EVP_MD *EVP_sha384(void);
 const EVP_MD *EVP_sha512(void);
 #endif
-#ifndef OPENSSL_NO_MDC2
-const EVP_MD *EVP_mdc2(void);
-#endif
 #ifndef OPENSSL_NO_RIPEMD
 const EVP_MD *EVP_ripemd160(void);
 #endif
diff --git a/src/lib/libcrypto/evp/m_mdc2.c b/src/lib/libcrypto/evp/m_mdc2.c
deleted file mode 100644
index cfbdfc3852..0000000000
--- a/src/lib/libcrypto/evp/m_mdc2.c
+++ /dev/null
@@ -1,118 +0,0 @@
-/* $OpenBSD: m_mdc2.c,v 1.15 2014/07/13 09:30:02 miod Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-
-#include <openssl/opensslconf.h>
-
-#ifndef OPENSSL_NO_MDC2
-
-#include <openssl/evp.h>
-#include <openssl/mdc2.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-
-static int
-init(EVP_MD_CTX *ctx)
-{
-        return MDC2_Init(ctx->md_data);
-}
-
-static int
-update(EVP_MD_CTX *ctx, const void *data, size_t count)
-{
-        return MDC2_Update(ctx->md_data, data, count);
-}
-
-static int
-final(EVP_MD_CTX *ctx, unsigned char *md)
-{
-        return MDC2_Final(md, ctx->md_data);
-}
-
-static const EVP_MD mdc2_md = {
-        .type = NID_mdc2,
-        .pkey_type = NID_mdc2WithRSA,
-        .md_size = MDC2_DIGEST_LENGTH,
-        .flags = 0,
-        .init = init,
-        .update = update,
-        .final = final,
-        .copy = NULL,
-        .cleanup = NULL,
-#ifndef OPENSSL_NO_RSA
-        .sign = (evp_sign_method *)RSA_sign_ASN1_OCTET_STRING,
-        .verify = (evp_verify_method *)RSA_verify_ASN1_OCTET_STRING,
-        .required_pkey_type = {
-                EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0,
-        },
-#endif
-        .block_size = MDC2_BLOCK,
-        .ctx_size = sizeof(EVP_MD *) + sizeof(MDC2_CTX),
-};
-
-const EVP_MD *
-EVP_mdc2(void)
-{
-        return (&mdc2_md);
-}
-#endif
diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile
index 872391db3e..c968943cc0 100644
--- a/src/lib/libcrypto/man/Makefile
+++ b/src/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.20 2015/05/24 15:44:52 schwarze Exp $
+# $OpenBSD: Makefile,v 1.21 2015/06/20 01:07:24 doug Exp $
 
 .include <bsd.own.mk>           # for NOMAN
 
@@ -645,7 +645,6 @@ MLINKS+=\
         EVP_DigestInit.3 EVP_md2.3 \
         EVP_DigestInit.3 EVP_md5.3 \
         EVP_DigestInit.3 EVP_md_null.3 \
-        EVP_DigestInit.3 EVP_mdc2.3 \
         EVP_DigestInit.3 EVP_ripemd160.3 \
         EVP_DigestInit.3 EVP_sha.3 \
         EVP_DigestInit.3 EVP_sha1.3 \
diff --git a/src/lib/libcrypto/mdc2/mdc2.h b/src/lib/libcrypto/mdc2/mdc2.h
deleted file mode 100644
index 9128eeb878..0000000000
--- a/src/lib/libcrypto/mdc2/mdc2.h
+++ /dev/null
@@ -1,97 +0,0 @@
-/* $OpenBSD: mdc2.h,v 1.13 2014/07/10 22:45:57 jsing Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_MDC2_H
-#define HEADER_MDC2_H
-
-#include <openssl/opensslconf.h>
-
-#include <openssl/des.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#ifdef OPENSSL_NO_MDC2
-#error MDC2 is disabled.
-#endif
-
-#define MDC2_BLOCK              8
-#define MDC2_DIGEST_LENGTH      16
- 
-typedef struct mdc2_ctx_st
-        {
-        unsigned int num;
-        unsigned char data[MDC2_BLOCK];
-        DES_cblock h,hh;
-        int pad_type; /* either 1 or 2, default 1 */
-        } MDC2_CTX;
-
-
-int MDC2_Init(MDC2_CTX *c);
-int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len);
-int MDC2_Final(unsigned char *md, MDC2_CTX *c);
-unsigned char *MDC2(const unsigned char *d, size_t n,
-        unsigned char *md);
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
-
diff --git a/src/lib/libcrypto/mdc2/mdc2_one.c b/src/lib/libcrypto/mdc2/mdc2_one.c
deleted file mode 100644
index 8f922b1c7d..0000000000
--- a/src/lib/libcrypto/mdc2/mdc2_one.c
+++ /dev/null
@@ -1,77 +0,0 @@
-/* $OpenBSD: mdc2_one.c,v 1.4 2014/07/11 08:44:49 jsing Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-
-#include <openssl/crypto.h>
-#include <openssl/mdc2.h>
-
-unsigned char *MDC2(const unsigned char *d, size_t n, unsigned char *md)
-        {
-        MDC2_CTX c;
-        static unsigned char m[MDC2_DIGEST_LENGTH];
-
-        if (md == NULL) md=m;
-        if (!MDC2_Init(&c))
-                return NULL;
-        MDC2_Update(&c,d,n);
-        MDC2_Final(md,&c);
-        OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
-        return(md);
-        }
-
diff --git a/src/lib/libcrypto/mdc2/mdc2dgst.c b/src/lib/libcrypto/mdc2/mdc2dgst.c
deleted file mode 100644
index b4b0068d59..0000000000
--- a/src/lib/libcrypto/mdc2/mdc2dgst.c
+++ /dev/null
@@ -1,179 +0,0 @@
-/* $OpenBSD: mdc2dgst.c,v 1.7 2014/10/28 07:35:59 jsg Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/des.h>
-#include <openssl/mdc2.h>
-
-#undef c2l
-#define c2l(c,l)        (l =((DES_LONG)(*((c)++)))    , \
-                         l|=((DES_LONG)(*((c)++)))<< 8L, \
-                         l|=((DES_LONG)(*((c)++)))<<16L, \
-                         l|=((DES_LONG)(*((c)++)))<<24L)
-
-#undef l2c
-#define l2c(l,c)        (*((c)++)=(unsigned char)(((l)     )&0xff), \
-                        *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
-                        *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
-                        *((c)++)=(unsigned char)(((l)>>24L)&0xff))
-
-static void mdc2_body(MDC2_CTX *c, const unsigned char *in, size_t len);
-int MDC2_Init(MDC2_CTX *c)
-        {
-        c->num=0;
-        c->pad_type=1;
-        memset(&(c->h[0]),0x52,MDC2_BLOCK);
-        memset(&(c->hh[0]),0x25,MDC2_BLOCK);
-        return 1;
-        }
-
-int MDC2_Update(MDC2_CTX *c, const unsigned char *in, size_t len)
-        {
-        size_t i,j;
-
-        i=c->num;
-        if (i != 0)
-                {
-                if (i+len < MDC2_BLOCK)
-                        {
-                        /* partial block */
-                        memcpy(&(c->data[i]),in,len);
-                        c->num+=(int)len;
-                        return 1;
-                        }
-                else
-                        {
-                        /* filled one */
-                        j=MDC2_BLOCK-i;
-                        memcpy(&(c->data[i]),in,j);
-                        len-=j;
-                        in+=j;
-                        c->num=0;
-                        mdc2_body(c,&(c->data[0]),MDC2_BLOCK);
-                        }
-                }
-        i=len&~((size_t)MDC2_BLOCK-1);
-        if (i > 0) mdc2_body(c,in,i);
-        j=len-i;
-        if (j > 0)
-                {
-                memcpy(&(c->data[0]),&(in[i]),j);
-                c->num=(int)j;
-                }
-        return 1;
-        }
-
-static void mdc2_body(MDC2_CTX *c, const unsigned char *in, size_t len)
-        {
-        DES_LONG tin0,tin1;
-        DES_LONG ttin0,ttin1;
-        DES_LONG d[2],dd[2];
-        DES_key_schedule k;
-        unsigned char *p;
-        size_t i;
-
-        for (i=0; i<len; i+=8)
-                {
-                c2l(in,tin0); d[0]=dd[0]=tin0;
-                c2l(in,tin1); d[1]=dd[1]=tin1;
-                c->h[0]=(c->h[0]&0x9f)|0x40;
-                c->hh[0]=(c->hh[0]&0x9f)|0x20;
-
-                DES_set_odd_parity(&c->h);
-                DES_set_key_unchecked(&c->h,&k);
-                DES_encrypt1(d,&k,1);
-
-                DES_set_odd_parity(&c->hh);
-                DES_set_key_unchecked(&c->hh,&k);
-                DES_encrypt1(dd,&k,1);
-
-                ttin0=tin0^dd[0];
-                ttin1=tin1^dd[1];
-                tin0^=d[0];
-                tin1^=d[1];
-
-                p=c->h;
-                l2c(tin0,p);
-                l2c(ttin1,p);
-                p=c->hh;
-                l2c(ttin0,p);
-                l2c(tin1,p);
-                }
-        }
-
-int MDC2_Final(unsigned char *md, MDC2_CTX *c)
-        {
-        unsigned int i;
-        int j;
-
-        i=c->num;
-        j=c->pad_type;
-        if ((i > 0) || (j == 2))
-                {
-                if (j == 2)
-                        c->data[i++]=0x80;
-                memset(&(c->data[i]),0,MDC2_BLOCK-i);
-                mdc2_body(c,c->data,MDC2_BLOCK);
-                }
-        memcpy(md,(char *)c->h,MDC2_BLOCK);
-        memcpy(&(md[MDC2_BLOCK]),(char *)c->hh,MDC2_BLOCK);
-        return 1;
-        }
diff --git a/src/lib/libcrypto/opensslfeatures.h b/src/lib/libcrypto/opensslfeatures.h
index 811fac610f..a0fcc0078e 100644
--- a/src/lib/libcrypto/opensslfeatures.h
+++ b/src/lib/libcrypto/opensslfeatures.h
@@ -6,6 +6,7 @@
 # define OPENSSL_NO_JPAKE
 # define OPENSSL_NO_KRB5
 # define OPENSSL_NO_MD2
+# define OPENSSL_NO_MDC2
 # define OPENSSL_NO_PSK
 # define OPENSSL_NO_RC5
 # define OPENSSL_NO_RFC3779
diff --git a/src/lib/libcrypto/rsa/rsa_pmeth.c b/src/lib/libcrypto/rsa/rsa_pmeth.c
index 09166e105b..0b648138ee 100644
--- a/src/lib/libcrypto/rsa/rsa_pmeth.c
+++ b/src/lib/libcrypto/rsa/rsa_pmeth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_pmeth.c,v 1.16 2015/02/11 04:05:14 beck Exp $ */
+/* $OpenBSD: rsa_pmeth.c,v 1.17 2015/06/20 01:07:25 doug Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -178,18 +178,7 @@ pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
                         return -1;
                 }
 
-                if (EVP_MD_type(rctx->md) == NID_mdc2) {
-                        unsigned int sltmp;
-
-                        if (rctx->pad_mode != RSA_PKCS1_PADDING)
-                                return -1;
-                        ret = RSA_sign_ASN1_OCTET_STRING(NID_mdc2, tbs, tbslen,
-                            sig, &sltmp, rsa);
-
-                        if (ret <= 0)
-                                return ret;
-                        ret = sltmp;
-                } else if (rctx->pad_mode == RSA_X931_PADDING) {
+                if (rctx->pad_mode == RSA_X931_PADDING) {
                         if (!setup_tbuf(rctx, ctx))
                                 return -1;
                         memcpy(rctx->tbuf, tbs, tbslen);
diff --git a/src/lib/libcrypto/rsa/rsa_sign.c b/src/lib/libcrypto/rsa/rsa_sign.c
index a446b563b3..09d8ef329d 100644
--- a/src/lib/libcrypto/rsa/rsa_sign.c
+++ b/src/lib/libcrypto/rsa/rsa_sign.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_sign.c,v 1.22 2014/07/11 08:44:49 jsing Exp $ */
+/* $OpenBSD: rsa_sign.c,v 1.23 2015/06/20 01:07:25 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -180,21 +180,6 @@ int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
         if (i <= 0)
                 goto err;
 
-        /*
-         * Oddball MDC2 case: signature can be OCTET STRING.
-         * check for correct tag and length octets.
-         */
-        if (dtype == NID_mdc2 && i == 18 && s[0] == 0x04 && s[1] == 0x10) {
-                if (rm) {
-                        memcpy(rm, s + 2, 16);
-                        *prm_len = 16;
-                        ret = 1;
-                } else if (memcmp(m, s + 2, 16))
-                        RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
-                else
-                        ret = 1;
-        }
-
         /* Special case: SSL signature */
         if (dtype == NID_md5_sha1) {
                 if (i != SSL_SIG_LENGTH || memcmp(s, m, SSL_SIG_LENGTH))
diff --git a/src/lib/libssl/src/crypto/evp/c_all.c b/src/lib/libssl/src/crypto/evp/c_all.c
index d794629ca8..5f9df3a7ad 100644
--- a/src/lib/libssl/src/crypto/evp/c_all.c
+++ b/src/lib/libssl/src/crypto/evp/c_all.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: c_all.c,v 1.16 2015/02/10 11:45:09 jsing Exp $ */
+/* $OpenBSD: c_all.c,v 1.17 2015/06/20 01:07:24 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -265,9 +265,6 @@ OpenSSL_add_all_digests(void)
         EVP_add_digest(EVP_streebog256());
         EVP_add_digest(EVP_streebog512());
 #endif
-#if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES)
-        EVP_add_digest(EVP_mdc2());
-#endif
 #ifndef OPENSSL_NO_RIPEMD
         EVP_add_digest(EVP_ripemd160());
         EVP_add_digest_alias(SN_ripemd160, "ripemd");
diff --git a/src/lib/libssl/src/crypto/evp/evp.h b/src/lib/libssl/src/crypto/evp/evp.h
index 330e01e0e6..57f8753ced 100644
--- a/src/lib/libssl/src/crypto/evp/evp.h
+++ b/src/lib/libssl/src/crypto/evp/evp.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp.h,v 1.44 2015/02/10 11:45:09 jsing Exp $ */
+/* $OpenBSD: evp.h,v 1.45 2015/06/20 01:07:24 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -669,9 +669,6 @@ const EVP_MD *EVP_sha256(void);
 const EVP_MD *EVP_sha384(void);
 const EVP_MD *EVP_sha512(void);
 #endif
-#ifndef OPENSSL_NO_MDC2
-const EVP_MD *EVP_mdc2(void);
-#endif
 #ifndef OPENSSL_NO_RIPEMD
 const EVP_MD *EVP_ripemd160(void);
 #endif
diff --git a/src/lib/libssl/src/crypto/evp/m_mdc2.c b/src/lib/libssl/src/crypto/evp/m_mdc2.c
deleted file mode 100644
index cfbdfc3852..0000000000
--- a/src/lib/libssl/src/crypto/evp/m_mdc2.c
+++ /dev/null
@@ -1,118 +0,0 @@
-/* $OpenBSD: m_mdc2.c,v 1.15 2014/07/13 09:30:02 miod Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-
-#include <openssl/opensslconf.h>
-
-#ifndef OPENSSL_NO_MDC2
-
-#include <openssl/evp.h>
-#include <openssl/mdc2.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-
-static int
-init(EVP_MD_CTX *ctx)
-{
-        return MDC2_Init(ctx->md_data);
-}
-
-static int
-update(EVP_MD_CTX *ctx, const void *data, size_t count)
-{
-        return MDC2_Update(ctx->md_data, data, count);
-}
-
-static int
-final(EVP_MD_CTX *ctx, unsigned char *md)
-{
-        return MDC2_Final(md, ctx->md_data);
-}
-
-static const EVP_MD mdc2_md = {
-        .type = NID_mdc2,
-        .pkey_type = NID_mdc2WithRSA,
-        .md_size = MDC2_DIGEST_LENGTH,
-        .flags = 0,
-        .init = init,
-        .update = update,
-        .final = final,
-        .copy = NULL,
-        .cleanup = NULL,
-#ifndef OPENSSL_NO_RSA
-        .sign = (evp_sign_method *)RSA_sign_ASN1_OCTET_STRING,
-        .verify = (evp_verify_method *)RSA_verify_ASN1_OCTET_STRING,
-        .required_pkey_type = {
-                EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0,
-        },
-#endif
-        .block_size = MDC2_BLOCK,
-        .ctx_size = sizeof(EVP_MD *) + sizeof(MDC2_CTX),
-};
-
-const EVP_MD *
-EVP_mdc2(void)
-{
-        return (&mdc2_md);
-}
-#endif
diff --git a/src/lib/libssl/src/crypto/mdc2/mdc2.h b/src/lib/libssl/src/crypto/mdc2/mdc2.h
deleted file mode 100644
index 9128eeb878..0000000000
--- a/src/lib/libssl/src/crypto/mdc2/mdc2.h
+++ /dev/null
@@ -1,97 +0,0 @@
-/* $OpenBSD: mdc2.h,v 1.13 2014/07/10 22:45:57 jsing Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_MDC2_H
-#define HEADER_MDC2_H
-
-#include <openssl/opensslconf.h>
-
-#include <openssl/des.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#ifdef OPENSSL_NO_MDC2
-#error MDC2 is disabled.
-#endif
-
-#define MDC2_BLOCK              8
-#define MDC2_DIGEST_LENGTH      16
- 
-typedef struct mdc2_ctx_st
-        {
-        unsigned int num;
-        unsigned char data[MDC2_BLOCK];
-        DES_cblock h,hh;
-        int pad_type; /* either 1 or 2, default 1 */
-        } MDC2_CTX;
-
-
-int MDC2_Init(MDC2_CTX *c);
-int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len);
-int MDC2_Final(unsigned char *md, MDC2_CTX *c);
-unsigned char *MDC2(const unsigned char *d, size_t n,
-        unsigned char *md);
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
-
diff --git a/src/lib/libssl/src/crypto/mdc2/mdc2_one.c b/src/lib/libssl/src/crypto/mdc2/mdc2_one.c
deleted file mode 100644
index 8f922b1c7d..0000000000
--- a/src/lib/libssl/src/crypto/mdc2/mdc2_one.c
+++ /dev/null
@@ -1,77 +0,0 @@
-/* $OpenBSD: mdc2_one.c,v 1.4 2014/07/11 08:44:49 jsing Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-
-#include <openssl/crypto.h>
-#include <openssl/mdc2.h>
-
-unsigned char *MDC2(const unsigned char *d, size_t n, unsigned char *md)
-        {
-        MDC2_CTX c;
-        static unsigned char m[MDC2_DIGEST_LENGTH];
-
-        if (md == NULL) md=m;
-        if (!MDC2_Init(&c))
-                return NULL;
-        MDC2_Update(&c,d,n);
-        MDC2_Final(md,&c);
-        OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
-        return(md);
-        }
-
diff --git a/src/lib/libssl/src/crypto/mdc2/mdc2dgst.c b/src/lib/libssl/src/crypto/mdc2/mdc2dgst.c
deleted file mode 100644
index b4b0068d59..0000000000
--- a/src/lib/libssl/src/crypto/mdc2/mdc2dgst.c
+++ /dev/null
@@ -1,179 +0,0 @@
-/* $OpenBSD: mdc2dgst.c,v 1.7 2014/10/28 07:35:59 jsg Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/des.h>
-#include <openssl/mdc2.h>
-
-#undef c2l
-#define c2l(c,l)        (l =((DES_LONG)(*((c)++)))    , \
-                         l|=((DES_LONG)(*((c)++)))<< 8L, \
-                         l|=((DES_LONG)(*((c)++)))<<16L, \
-                         l|=((DES_LONG)(*((c)++)))<<24L)
-
-#undef l2c
-#define l2c(l,c)        (*((c)++)=(unsigned char)(((l)     )&0xff), \
-                        *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
-                        *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
-                        *((c)++)=(unsigned char)(((l)>>24L)&0xff))
-
-static void mdc2_body(MDC2_CTX *c, const unsigned char *in, size_t len);
-int MDC2_Init(MDC2_CTX *c)
-        {
-        c->num=0;
-        c->pad_type=1;
-        memset(&(c->h[0]),0x52,MDC2_BLOCK);
-        memset(&(c->hh[0]),0x25,MDC2_BLOCK);
-        return 1;
-        }
-
-int MDC2_Update(MDC2_CTX *c, const unsigned char *in, size_t len)
-        {
-        size_t i,j;
-
-        i=c->num;
-        if (i != 0)
-                {
-                if (i+len < MDC2_BLOCK)
-                        {
-                        /* partial block */
-                        memcpy(&(c->data[i]),in,len);
-                        c->num+=(int)len;
-                        return 1;
-                        }
-                else
-                        {
-                        /* filled one */
-                        j=MDC2_BLOCK-i;
-                        memcpy(&(c->data[i]),in,j);
-                        len-=j;
-                        in+=j;
-                        c->num=0;
-                        mdc2_body(c,&(c->data[0]),MDC2_BLOCK);
-                        }
-                }
-        i=len&~((size_t)MDC2_BLOCK-1);
-        if (i > 0) mdc2_body(c,in,i);
-        j=len-i;
-        if (j > 0)
-                {
-                memcpy(&(c->data[0]),&(in[i]),j);
-                c->num=(int)j;
-                }
-        return 1;
-        }
-
-static void mdc2_body(MDC2_CTX *c, const unsigned char *in, size_t len)
-        {
-        DES_LONG tin0,tin1;
-        DES_LONG ttin0,ttin1;
-        DES_LONG d[2],dd[2];
-        DES_key_schedule k;
-        unsigned char *p;
-        size_t i;
-
-        for (i=0; i<len; i+=8)
-                {
-                c2l(in,tin0); d[0]=dd[0]=tin0;
-                c2l(in,tin1); d[1]=dd[1]=tin1;
-                c->h[0]=(c->h[0]&0x9f)|0x40;
-                c->hh[0]=(c->hh[0]&0x9f)|0x20;
-
-                DES_set_odd_parity(&c->h);
-                DES_set_key_unchecked(&c->h,&k);
-                DES_encrypt1(d,&k,1);
-
-                DES_set_odd_parity(&c->hh);
-                DES_set_key_unchecked(&c->hh,&k);
-                DES_encrypt1(dd,&k,1);
-
-                ttin0=tin0^dd[0];
-                ttin1=tin1^dd[1];
-                tin0^=d[0];
-                tin1^=d[1];
-
-                p=c->h;
-                l2c(tin0,p);
-                l2c(ttin1,p);
-                p=c->hh;
-                l2c(ttin0,p);
-                l2c(tin1,p);
-                }
-        }
-
-int MDC2_Final(unsigned char *md, MDC2_CTX *c)
-        {
-        unsigned int i;
-        int j;
-
-        i=c->num;
-        j=c->pad_type;
-        if ((i > 0) || (j == 2))
-                {
-                if (j == 2)
-                        c->data[i++]=0x80;
-                memset(&(c->data[i]),0,MDC2_BLOCK-i);
-                mdc2_body(c,c->data,MDC2_BLOCK);
-                }
-        memcpy(md,(char *)c->h,MDC2_BLOCK);
-        memcpy(&(md[MDC2_BLOCK]),(char *)c->hh,MDC2_BLOCK);
-        return 1;
-        }
diff --git a/src/lib/libssl/src/crypto/opensslfeatures.h b/src/lib/libssl/src/crypto/opensslfeatures.h
index 811fac610f..a0fcc0078e 100644
--- a/src/lib/libssl/src/crypto/opensslfeatures.h
+++ b/src/lib/libssl/src/crypto/opensslfeatures.h
@@ -6,6 +6,7 @@
 # define OPENSSL_NO_JPAKE
 # define OPENSSL_NO_KRB5
 # define OPENSSL_NO_MD2
+# define OPENSSL_NO_MDC2
 # define OPENSSL_NO_PSK
 # define OPENSSL_NO_RC5
 # define OPENSSL_NO_RFC3779
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_pmeth.c b/src/lib/libssl/src/crypto/rsa/rsa_pmeth.c
index 09166e105b..0b648138ee 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_pmeth.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_pmeth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_pmeth.c,v 1.16 2015/02/11 04:05:14 beck Exp $ */
+/* $OpenBSD: rsa_pmeth.c,v 1.17 2015/06/20 01:07:25 doug Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -178,18 +178,7 @@ pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
                         return -1;
                 }
 
-                if (EVP_MD_type(rctx->md) == NID_mdc2) {
-                        unsigned int sltmp;
-
-                        if (rctx->pad_mode != RSA_PKCS1_PADDING)
-                                return -1;
-                        ret = RSA_sign_ASN1_OCTET_STRING(NID_mdc2, tbs, tbslen,
-                            sig, &sltmp, rsa);
-
-                        if (ret <= 0)
-                                return ret;
-                        ret = sltmp;
-                } else if (rctx->pad_mode == RSA_X931_PADDING) {
+                if (rctx->pad_mode == RSA_X931_PADDING) {
                         if (!setup_tbuf(rctx, ctx))
                                 return -1;
                         memcpy(rctx->tbuf, tbs, tbslen);
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_sign.c b/src/lib/libssl/src/crypto/rsa/rsa_sign.c
index a446b563b3..09d8ef329d 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_sign.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_sign.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_sign.c,v 1.22 2014/07/11 08:44:49 jsing Exp $ */
+/* $OpenBSD: rsa_sign.c,v 1.23 2015/06/20 01:07:25 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -180,21 +180,6 @@ int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
         if (i <= 0)
                 goto err;
 
-        /*
-         * Oddball MDC2 case: signature can be OCTET STRING.
-         * check for correct tag and length octets.
-         */
-        if (dtype == NID_mdc2 && i == 18 && s[0] == 0x04 && s[1] == 0x10) {
-                if (rm) {
-                        memcpy(rm, s + 2, 16);
-                        *prm_len = 16;
-                        ret = 1;
-                } else if (memcmp(m, s + 2, 16))
-                        RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
-                else
-                        ret = 1;
-        }
-
         /* Special case: SSL signature */
         if (dtype == NID_md5_sha1) {
                 if (i != SSL_SIG_LENGTH || memcmp(s, m, SSL_SIG_LENGTH))
diff --git a/src/lib/libssl/src/doc/apps/ca.pod b/src/lib/libssl/src/doc/apps/ca.pod
index 7294627d16..ecbe7954d6 100644
--- a/src/lib/libssl/src/doc/apps/ca.pod
+++ b/src/lib/libssl/src/doc/apps/ca.pod
@@ -159,7 +159,7 @@ the number of days to certify the certificate for.
 
 =item B<-md alg>
 
-the message digest to use. Possible values include md5, sha1 and mdc2.
+the message digest to use. Possible values include md5 and sha1.
 This option also applies to CRLs.
 
 =item B<-policy arg>
diff --git a/src/lib/libssl/src/doc/apps/dgst.pod b/src/lib/libssl/src/doc/apps/dgst.pod
index da690472a3..d8b2abc6fb 100644
--- a/src/lib/libssl/src/doc/apps/dgst.pod
+++ b/src/lib/libssl/src/doc/apps/dgst.pod
@@ -2,12 +2,12 @@
 
 =head1 NAME
 
-dgst, md5, md4, md2, sha1, sha, mdc2, ripemd160 - message digests
+dgst, md5, md4, md2, sha1, sha, ripemd160 - message digests
 
 =head1 SYNOPSIS
 
 B<openssl> B<dgst>
-[B<-md5|-md4|-md2|-sha1|-sha|-mdc2|-ripemd160|-dss1>]
+[B<-md5|-md4|-md2|-sha1|-sha|-ripemd160|-dss1>]
 [B<-c>]
 [B<-d>]
 [B<-hex>]
@@ -22,7 +22,7 @@ B<openssl> B<dgst>
 [B<-hmac key>]
 [B<file...>]
 
-[B<md5|md4|md2|sha1|sha|mdc2|ripemd160>]
+[B<md5|md4|md2|sha1|sha|ripemd160>]
 [B<-c>]
 [B<-d>]
 [B<file...>]
diff --git a/src/lib/libssl/src/doc/apps/openssl.pod b/src/lib/libssl/src/doc/apps/openssl.pod
index c40b50d950..718d679dbb 100644
--- a/src/lib/libssl/src/doc/apps/openssl.pod
+++ b/src/lib/libssl/src/doc/apps/openssl.pod
@@ -271,10 +271,6 @@ MD2 Digest
 
 MD5 Digest
 
-=item B<mdc2>
-
-MDC2 Digest
-
 =item B<rmd160>
 
 RMD-160 Digest
diff --git a/src/lib/libssl/src/doc/apps/req.pod b/src/lib/libssl/src/doc/apps/req.pod
index 4f6d64766d..3d556bd968 100644
--- a/src/lib/libssl/src/doc/apps/req.pod
+++ b/src/lib/libssl/src/doc/apps/req.pod
@@ -387,7 +387,7 @@ option. For compatibility B<encrypt_rsa_key> is an equivalent option.
 =item B<default_md>
 
 This option specifies the digest algorithm to use. Possible values
-include B<md5 sha1 mdc2>. If not present then MD5 is used. This
+include B<md5 sha1>. If not present then MD5 is used. This
 option can be overridden on the command line.
 
 =item B<string_mask>
diff --git a/src/lib/libssl/src/doc/apps/speed.pod b/src/lib/libssl/src/doc/apps/speed.pod
index 1cd1998d16..c309d9a060 100644
--- a/src/lib/libssl/src/doc/apps/speed.pod
+++ b/src/lib/libssl/src/doc/apps/speed.pod
@@ -9,7 +9,6 @@ speed - test library performance
 B<openssl speed>
 [B<-engine id>]
 [B<md2>]
-[B<mdc2>]
 [B<md5>]
 [B<hmac>]
 [B<sha1>]
diff --git a/src/lib/libssl/src/doc/apps/ts.pod b/src/lib/libssl/src/doc/apps/ts.pod
index 1abf9df566..3075b6887a 100644
--- a/src/lib/libssl/src/doc/apps/ts.pod
+++ b/src/lib/libssl/src/doc/apps/ts.pod
@@ -12,7 +12,7 @@ B<-query>
 [B<-config> configfile]
 [B<-data> file_to_hash]
 [B<-digest> digest_bytes]
-[B<-md2>|B<-md4>|B<-md5>|B<-sha>|B<-sha1>|B<-mdc2>|B<-ripemd160>|B<...>]
+[B<-md2>|B<-md4>|B<-md5>|B<-sha>|B<-sha1>|B<-ripemd160>|B<...>]
 [B<-policy> object_id]
 [B<-no_nonce>]
 [B<-cert>]
@@ -124,7 +124,7 @@ per byte, the bytes optionally separated by colons (e.g. 1A:F6:01:... or
 1AF601...). The number of bytes must match the message digest algorithm
 in use. (Optional)
 
-=item B<-md2>|B<-md4>|B<-md5>|B<-sha>|B<-sha1>|B<-mdc2>|B<-ripemd160>|B<...>
+=item B<-md2>|B<-md4>|B<-md5>|B<-sha>|B<-sha1>|B<-ripemd160>|B<...>
 
 The message digest to apply to the data file, it supports all the message
 digest algorithms that are supported by the openssl B<dgst> command.
diff --git a/src/lib/libssl/src/doc/apps/x509.pod b/src/lib/libssl/src/doc/apps/x509.pod
index e6ea9cd9d2..25471736a0 100644
--- a/src/lib/libssl/src/doc/apps/x509.pod
+++ b/src/lib/libssl/src/doc/apps/x509.pod
@@ -50,7 +50,7 @@ B<openssl> B<x509>
 [B<-CAserial filename>]
 [B<-text>]
 [B<-C>]
-[B<-md2|-md5|-sha1|-mdc2>]
+[B<-md2|-md5|-sha1>]
 [B<-clrext>]
 [B<-extfile filename>]
 [B<-extensions section>]
@@ -96,7 +96,7 @@ if this option is not specified.
 This specifies the output filename to write to or standard output by
 default.
 
-=item B<-md2|-md5|-sha1|-mdc2>
+=item B<-md2|-md5|-sha1>
 
 the digest to use. This affects any signing or display option that uses a message
 digest, such as the B<-fingerprint>, B<-signkey> and B<-CA> options. If not
diff --git a/src/lib/libssl/src/doc/crypto/EVP_DigestInit.pod b/src/lib/libssl/src/doc/crypto/EVP_DigestInit.pod
index 4b48080b4a..ccb19fc0a7 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_DigestInit.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_DigestInit.pod
@@ -8,7 +8,7 @@ EVP_MD_CTX_copy_ex, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type,
 EVP_MD_size, EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size,
 EVP_MD_CTX_block_size, EVP_MD_CTX_type, EVP_md_null, EVP_md2, EVP_md5, EVP_sha,
 EVP_sha1, EVP_sha224, EVP_sha256, EVP_sha384, EVP_sha512, EVP_dss, EVP_dss1,
-EVP_mdc2, EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid,
+EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid,
 EVP_get_digestbyobj - EVP digest routines
 
 =head1 SYNOPSIS
@@ -53,7 +53,6 @@ EVP_get_digestbyobj - EVP digest routines
  const EVP_MD *EVP_sha1(void);
  const EVP_MD *EVP_dss(void);
  const EVP_MD *EVP_dss1(void);
- const EVP_MD *EVP_mdc2(void);
  const EVP_MD *EVP_ripemd160(void);
 
  const EVP_MD *EVP_sha224(void);
@@ -134,8 +133,8 @@ algorithms are no longer linked this function is only retained for
 compatibility reasons.
 
 EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_sha224(), EVP_sha256(),
-EVP_sha384(), EVP_sha512(), EVP_mdc2() and EVP_ripemd160() return B<EVP_MD>
-structures for the MD2, MD5, SHA, SHA1, SHA224, SHA256, SHA384, SHA512, MDC2
+EVP_sha384(), EVP_sha512() and EVP_ripemd160() return B<EVP_MD>
+structures for the MD2, MD5, SHA, SHA1, SHA224, SHA256, SHA384, SHA512
 and RIPEMD160 digest algorithms respectively.
 
 EVP_dss() and EVP_dss1() return B<EVP_MD> structures for SHA and SHA1 digest
@@ -165,7 +164,7 @@ EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size() and
 EVP_MD_CTX_block_size() return the digest or block size in bytes.
 
 EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_dss(),
-EVP_dss1(), EVP_mdc2() and EVP_ripemd160() return pointers to the
+EVP_dss1() and EVP_ripemd160() return pointers to the
 corresponding EVP_MD structures.
 
 EVP_get_digestbyname(), EVP_get_digestbynid() and EVP_get_digestbyobj()
@@ -253,7 +252,7 @@ digest name passed on the command line.
 =head1 SEE ALSO
 
 L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
-L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+L<md5(3)|md5(3)>, L<ripemd(3)|ripemd(3)>,
 L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
 
 =head1 HISTORY
@@ -266,7 +265,7 @@ EVP_MD_CTX_cleanup(), EVP_MD_CTX_destroy(), EVP_DigestInit_ex()
 and EVP_DigestFinal_ex() were added in OpenSSL 0.9.7.
 
 EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(),
-EVP_dss(), EVP_dss1(), EVP_mdc2() and EVP_ripemd160() were
+EVP_dss(), EVP_dss1() and EVP_ripemd160() were
 changed to return truely const EVP_MD * in OpenSSL 0.9.7.
 
 The link between digests and signing algorithms was fixed in OpenSSL 1.0 and
diff --git a/src/lib/libssl/src/doc/crypto/EVP_DigestSignInit.pod b/src/lib/libssl/src/doc/crypto/EVP_DigestSignInit.pod
index e70b88a4a9..7fd4c22e79 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_DigestSignInit.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_DigestSignInit.pod
@@ -74,7 +74,7 @@ which indicates the maximum possible signature for any set of parameters.
 L<EVP_DigestVerifyInit(3)|EVP_DigestVerifyInit(3)>,
 L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
 L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
-L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+L<md5(3)|md5(3)>, L<ripemd(3)|ripemd(3)>,
 L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
 
 =head1 HISTORY
diff --git a/src/lib/libssl/src/doc/crypto/EVP_DigestVerifyInit.pod b/src/lib/libssl/src/doc/crypto/EVP_DigestVerifyInit.pod
index 9eebb15d22..0817cf0b02 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_DigestVerifyInit.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_DigestVerifyInit.pod
@@ -69,7 +69,7 @@ will occur.
 L<EVP_DigestSignInit(3)|EVP_DigestSignInit(3)>,
 L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
 L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
-L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+L<md5(3)|md5(3)>, L<ripemd(3)|ripemd(3)>,
 L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
 
 =head1 HISTORY
diff --git a/src/lib/libssl/src/doc/crypto/EVP_SignInit.pod b/src/lib/libssl/src/doc/crypto/EVP_SignInit.pod
index 5a1b67e006..9aafa3d63a 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_SignInit.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_SignInit.pod
@@ -89,7 +89,7 @@ The previous two bugs are fixed in the newer EVP_SignDigest*() function.
 L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>,
 L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
 L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
-L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+L<md5(3)|md5(3)>, L<ripemd(3)|ripemd(3)>,
 L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
 
 =head1 HISTORY
diff --git a/src/lib/libssl/src/doc/crypto/EVP_VerifyInit.pod b/src/lib/libssl/src/doc/crypto/EVP_VerifyInit.pod
index c665ee2ebc..b0d3f8e4c9 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_VerifyInit.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_VerifyInit.pod
@@ -83,7 +83,7 @@ L<evp(3)|evp(3)>,
 L<EVP_SignInit(3)|EVP_SignInit(3)>,
 L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
 L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
-L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+L<md5(3)|md5(3)>, L<ripemd(3)|ripemd(3)>,
 L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
 
 =head1 HISTORY
diff --git a/src/lib/libssl/src/doc/crypto/crypto.pod b/src/lib/libssl/src/doc/crypto/crypto.pod
index 2349014fce..bbd6ce9ea9 100644
--- a/src/lib/libssl/src/doc/crypto/crypto.pod
+++ b/src/lib/libssl/src/doc/crypto/crypto.pod
@@ -41,7 +41,7 @@ L<x509(3)|x509(3)>, L<x509v3(3)|x509v3(3)>
 =item AUTHENTICATION CODES, HASH FUNCTIONS
 
 L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>, L<md4(3)|md4(3)>,
-L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+L<md5(3)|md5(3)>, L<ripemd(3)|ripemd(3)>,
 L<sha(3)|sha(3)>
 
 =item AUXILIARY FUNCTIONS