5 files changed, 49 insertions, 16 deletions

diff --git a/src/usr.bin/openssl/openssl.1 b/src/usr.bin/openssl/openssl.1
index de0a56735a..1ce8e84291 100644
--- a/src/usr.bin/openssl/openssl.1
+++ b/src/usr.bin/openssl/openssl.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: openssl.1,v 1.27 2015/09/13 23:36:21 doug Exp $
+.\" $OpenBSD: openssl.1,v 1.28 2015/09/14 01:45:03 doug Exp $
 .\" ====================================================================
 .\" Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 .\"
@@ -112,7 +112,7 @@
 .\"
 .\" OPENSSL
 .\"
-.Dd $Mdocdate: September 13 2015 $
+.Dd $Mdocdate: September 14 2015 $
 .Dt OPENSSL 1
 .Os
 .Sh NAME
@@ -383,6 +383,8 @@ Streebog-256 digest.
 Streebog-512 digest.
 .It Cm md_gost94
 GOST R 34.11-94 digest.
+.It Cm md4
+MD4 digest.
 .It Cm md5
 MD5 digest.
 .It Cm ripemd160
@@ -1793,7 +1795,7 @@ install user certificates and CAs in MSIE using the Xenroll control.
 .Bk -words
 .Oo
 .Fl gost-mac | streebog256 | streebog512 | md_gost94 |
-.Fl md5 | ripemd160 | sha1 |
+.Fl md4 | md5 | ripemd160 | sha | sha1 |
 .Fl sha224 | sha256 | sha384 | sha512 | whirlpool
 .Oc
 .Op Fl binary
@@ -1816,7 +1818,7 @@ install user certificates and CAs in MSIE using the Xenroll control.
 .Pp
 .Nm openssl
 .Cm gost-mac | streebog256 | streebog512 | md_gost94 |
-.Cm md5 | ripemd160 | sha | sha1 |
+.Cm md4 | md5 | ripemd160 | sha | sha1 |
 .Cm sha224 | sha256 | sha384 | sha512 | whirlpool
 .Op Fl c
 .Op Fl d
@@ -5083,7 +5085,7 @@ instead of standard output.
 .Op Fl key Ar keyfile
 .Op Fl keyform Ar DER | PEM
 .Op Fl keyout Ar file
-.Op Fl md5 | sha1
+.Op Fl md4 | md5 | sha1
 .Op Fl modulus
 .Op Fl nameopt Ar option
 .Op Fl new
@@ -7662,6 +7664,7 @@ command were first added in
 .Op Cm dsa2048
 .Op Cm hmac
 .Op Cm md2
+.Op Cm md4
 .Op Cm md5
 .Op Cm rc2
 .Op Cm rc2-cbc
@@ -7712,7 +7715,7 @@ benchmarks in parallel.
 .Nm "openssl ts"
 .Bk -words
 .Fl query
-.Op Fl md5 | ripemd160 | sha1
+.Op Fl md4 | md5 | ripemd160 | sha | sha1
 .Op Fl cert
 .Op Fl config Ar configfile
 .Op Fl data Ar file_to_hash
@@ -7833,7 +7836,7 @@ This option specifies a previously created time stamp request in DER
 format that will be printed into the output file.
 Useful when you need to examine the content of a request in human-readable
 format.
-.It Fl md5|ripemd160|sha1
+.It Fl md4|md5|ripemd160|sha|sha1
 The message digest to apply to the data file.
 It supports all the message digest algorithms that are supported by the
 .Nm dgst
diff --git a/src/usr.bin/openssl/openssl.c b/src/usr.bin/openssl/openssl.c
index 1bda338356..604cfddcea 100644
--- a/src/usr.bin/openssl/openssl.c
+++ b/src/usr.bin/openssl/openssl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: openssl.c,v 1.11 2015/09/13 23:36:21 doug Exp $ */
+/* $OpenBSD: openssl.c,v 1.12 2015/09/14 01:45:03 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -217,6 +217,9 @@ FUNCTION functions[] = {
         { FUNC_TYPE_MD, "streebog256", dgst_main },
         { FUNC_TYPE_MD, "streebog512", dgst_main },
 #endif
+#ifndef OPENSSL_NO_MD4
+        { FUNC_TYPE_MD, "md4", dgst_main },
+#endif
 #ifndef OPENSSL_NO_MD5
         { FUNC_TYPE_MD, "md5", dgst_main },
 #endif
diff --git a/src/usr.bin/openssl/req.c b/src/usr.bin/openssl/req.c
index f359e7392e..c7256ae59a 100644
--- a/src/usr.bin/openssl/req.c
+++ b/src/usr.bin/openssl/req.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: req.c,v 1.8 2015/09/13 23:36:21 doug Exp $ */
+/* $OpenBSD: req.c,v 1.9 2015/09/14 01:45:03 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -354,7 +354,7 @@ bad:
                 BIO_printf(bio_err, " -newkey rsa:bits generate a new RSA key of 'bits' in size\n");
                 BIO_printf(bio_err, " -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");
                 BIO_printf(bio_err, " -newkey ec:file generate a new EC key, parameters taken from CA in 'file'\n");
-                BIO_printf(bio_err, " -[digest]      Digest to sign with (md5, sha1)\n");
+                BIO_printf(bio_err, " -[digest]      Digest to sign with (md5, sha1, md4)\n");
                 BIO_printf(bio_err, " -config file   request template file.\n");
                 BIO_printf(bio_err, " -subj arg      set or modify request subject\n");
                 BIO_printf(bio_err, " -multivalue-rdn enable support for multivalued RDNs\n");
diff --git a/src/usr.bin/openssl/speed.c b/src/usr.bin/openssl/speed.c
index d9fe3309b7..292fa28634 100644
--- a/src/usr.bin/openssl/speed.c
+++ b/src/usr.bin/openssl/speed.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: speed.c,v 1.14 2015/09/13 23:36:21 doug Exp $ */
+/* $OpenBSD: speed.c,v 1.15 2015/09/14 01:45:03 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -124,6 +124,9 @@
 #ifndef OPENSSL_NO_IDEA
 #include <openssl/idea.h>
 #endif
+#ifndef OPENSSL_NO_MD4
+#include <openssl/md4.h>
+#endif
 #ifndef OPENSSL_NO_MD5
 #include <openssl/md5.h>
 #endif
@@ -170,8 +173,7 @@ static int do_multi(int multi);
 #define MAX_ECDH_SIZE 256
 
 static const char *names[ALGOR_NUM] = {
-        "md2", NULL /* was mdc2 */, NULL /* was md4 */, "md5", "hmac(md5)",
-        "sha1", "rmd160",
+        "md2", NULL /* was mdc2 */, "md4", "md5", "hmac(md5)", "sha1", "rmd160",
         "rc4", "des cbc", "des ede3", "idea cbc", "seed cbc",
         "rc2 cbc", "rc5-32/12 cbc", "blowfish cbc", "cast cbc",
         "aes-128 cbc", "aes-192 cbc", "aes-256 cbc",
@@ -232,6 +234,9 @@ speed_main(int argc, char **argv)
         long rsa_count;
         unsigned rsa_num;
         unsigned char md[EVP_MAX_MD_SIZE];
+#ifndef OPENSSL_NO_MD4
+        unsigned char md4[MD4_DIGEST_LENGTH];
+#endif
 #ifndef OPENSSL_NO_MD5
         unsigned char md5[MD5_DIGEST_LENGTH];
         unsigned char hmac[MD5_DIGEST_LENGTH];
@@ -313,6 +318,7 @@ speed_main(int argc, char **argv)
         CAMELLIA_KEY camellia_ks1, camellia_ks2, camellia_ks3;
 #endif
 #define D_MD2           0
+#define D_MD4           2
 #define D_MD5           3
 #define D_HMAC          4
 #define D_SHA1          5
@@ -551,6 +557,11 @@ speed_main(int argc, char **argv)
                         j--;    /* Otherwise, -mr gets confused with an
                                  * algorithm. */
                 } else
+#ifndef OPENSSL_NO_MD4
+                if (strcmp(*argv, "md4") == 0)
+                        doit[D_MD4] = 1;
+                else
+#endif
 #ifndef OPENSSL_NO_MD5
                 if (strcmp(*argv, "md5") == 0)
                         doit[D_MD5] = 1;
@@ -801,6 +812,9 @@ speed_main(int argc, char **argv)
                         BIO_printf(bio_err, "Error: bad option or value\n");
                         BIO_printf(bio_err, "\n");
                         BIO_printf(bio_err, "Available values:\n");
+#ifndef OPENSSL_NO_MD4
+                        BIO_printf(bio_err, "md4      ");
+#endif
 #ifndef OPENSSL_NO_MD5
                         BIO_printf(bio_err, "md5      ");
 #ifndef OPENSSL_NO_HMAC
@@ -823,7 +837,7 @@ speed_main(int argc, char **argv)
                         BIO_printf(bio_err, "rmd160");
 #endif
 #if !defined(OPENSSL_NO_MD2) || \
-    !defined(OPENSSL_NO_MD5) || \
+    !defined(OPENSSL_NO_MD4) || !defined(OPENSSL_NO_MD5) || \
     !defined(OPENSSL_NO_SHA1) || !defined(OPENSSL_NO_RIPEMD160) || \
     !defined(OPENSSL_NO_WHIRLPOOL)
                         BIO_printf(bio_err, "\n");
@@ -982,6 +996,19 @@ speed_main(int argc, char **argv)
 #define COUNT(d) (count)
         signal(SIGALRM, sig_done);
 
+#ifndef OPENSSL_NO_MD4
+        if (doit[D_MD4]) {
+                for (j = 0; j < SIZE_NUM; j++) {
+                        print_message(names[D_MD4], c[D_MD4][j], lengths[j]);
+                        Time_F(START);
+                        for (count = 0, run = 1; COND(c[D_MD4][j]); count++)
+                                EVP_Digest(&(buf[0]), (unsigned long) lengths[j], &(md4[0]), NULL, EVP_md4(), NULL);
+                        d = Time_F(STOP);
+                        print_result(D_MD4, j, count, d);
+                }
+        }
+#endif
+
 #ifndef OPENSSL_NO_MD5
         if (doit[D_MD5]) {
                 for (j = 0; j < SIZE_NUM; j++) {
diff --git a/src/usr.bin/openssl/ts.c b/src/usr.bin/openssl/ts.c
index d2bf2a6cd6..e193636868 100644
--- a/src/usr.bin/openssl/ts.c
+++ b/src/usr.bin/openssl/ts.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ts.c,v 1.8 2015/09/13 23:36:21 doug Exp $ */
+/* $OpenBSD: ts.c,v 1.9 2015/09/14 01:45:03 doug Exp $ */
 /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
  * project 2002.
  */
@@ -298,7 +298,7 @@ usage:
         BIO_printf(bio_err, "usage:\n"
             "ts -query [-config configfile] "
             "[-data file_to_hash] [-digest digest_bytes]"
-            "[-md5|-sha1|-ripemd160] "
+            "[-md2|-md4|-md5|-sha|-sha1|-ripemd160] "
             "[-policy object_id] [-no_nonce] [-cert] "
             "[-in request.tsq] [-out request.tsq] [-text]\n");
         BIO_printf(bio_err, "or\n"