http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-current.git;a=blob_plain;f=source/lib/heimdal/drop_md2_support.diff;hb=HEAD

--- include/crypto-headers.h
+++ include/crypto-headers.h
@@ -13,7 +13,6 @@
 #include <openssl/des.h>
 #include <openssl/rc4.h>
 #include <openssl/rc2.h>
-#include <openssl/md2.h>
 #include <openssl/md4.h>
 #include <openssl/md5.h>
 #include <openssl/sha.h>
@@ -39,7 +38,6 @@
 
 #include <hcrypto/evp.h>
 #include <hcrypto/des.h>
-#include <hcrypto/md2.h>
 #include <hcrypto/md4.h>
 #include <hcrypto/md5.h>
 #include <hcrypto/sha.h>
--- lib/hx509/crypto.c
+++ lib/hx509/crypto.c
@@ -148,11 +148,6 @@
     { 6, rk_UNCONST(md5_oid_tree) }, rk_UNCONST(&null_entry_oid)
 };
 
-static const unsigned md2_oid_tree[] = { 1, 2, 840, 113549, 2, 2 };
-const AlgorithmIdentifier _hx509_signature_md2_data = {
-    { 6, rk_UNCONST(md2_oid_tree) }, rk_UNCONST(&null_entry_oid)
-};
-
 static const unsigned ecPublicKey[] ={ 1, 2, 840, 10045, 2, 1 };
 const AlgorithmIdentifier _hx509_signature_ecPublicKey = {
     { 6, rk_UNCONST(ecPublicKey) }, NULL
@@ -193,11 +188,6 @@
     { 7, rk_UNCONST(rsa_with_md5_oid) }, NULL
 };
 
-static const unsigned rsa_with_md2_oid[] ={ 1, 2, 840, 113549, 1, 1, 2 };
-const AlgorithmIdentifier _hx509_signature_rsa_with_md2_data = {
-    { 7, rk_UNCONST(rsa_with_md2_oid) }, NULL
-};
-
 static const unsigned rsa_oid[] ={ 1, 2, 840, 113549, 1, 1, 1 };
 const AlgorithmIdentifier _hx509_signature_rsa_data = {
     { 7, rk_UNCONST(rsa_oid) }, NULL
@@ -1289,19 +1279,6 @@
     rsa_create_signature
 };
 
-static const struct signature_alg rsa_with_md2_alg = {
-    "rsa-with-md2",
-    &asn1_oid_id_pkcs1_md2WithRSAEncryption,
-    &_hx509_signature_rsa_with_md2_data,
-    &asn1_oid_id_pkcs1_rsaEncryption,
-    &_hx509_signature_md2_data,
-    PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
-    1230739889,
-    NULL,
-    rsa_verify_signature,
-    rsa_create_signature
-};
-
 static const struct signature_alg dsa_sha1_alg = {
     "dsa-with-sha1",
     &asn1_oid_id_dsa_with_sha1,
@@ -1354,19 +1331,6 @@
     NULL
 };
 
-static const struct signature_alg md2_alg = {
-    "rsa-md2",
-    &asn1_oid_id_rsa_digest_md2,
-    &_hx509_signature_md2_data,
-    NULL,
-    NULL,
-    SIG_DIGEST,
-    0,
-    EVP_md2,
-    evp_md_verify_signature,
-    NULL
-};
-
 /*
  * Order matter in this structure, "best" first for each "key
  * compatible" type (type is ECDSA, RSA, DSA, none, etc)
@@ -1381,13 +1345,11 @@
     &rsa_with_sha1_alg,
     &pkcs1_rsa_sha1_alg,
     &rsa_with_md5_alg,
-    &rsa_with_md2_alg,
     &heim_rsa_pkcs1_x509,
     &dsa_sha1_alg,
     &sha256_alg,
     &sha1_alg,
     &md5_alg,
-    &md2_alg,
     NULL
 };
 
@@ -1823,10 +1785,6 @@
 { return &_hx509_signature_md5_data; }
 
 const AlgorithmIdentifier *
-hx509_signature_md2(void)
-{ return &_hx509_signature_md2_data; }
-
-const AlgorithmIdentifier *
 hx509_signature_ecPublicKey(void)
 { return &_hx509_signature_ecPublicKey; }
 
@@ -1859,10 +1817,6 @@
 { return &_hx509_signature_rsa_with_md5_data; }
 
 const AlgorithmIdentifier *
-hx509_signature_rsa_with_md2(void)
-{ return &_hx509_signature_rsa_with_md2_data; }
-
-const AlgorithmIdentifier *
 hx509_signature_rsa(void)
 { return &_hx509_signature_rsa_data; }
 
--- lib/hx509/hx509-protos.h
+++ lib/hx509/hx509-protos.h
@@ -976,9 +976,6 @@
 hx509_signature_ecdsa_with_sha256 (void);
 
 const AlgorithmIdentifier *
-hx509_signature_md2 (void);
-
-const AlgorithmIdentifier *
 hx509_signature_md5 (void);
 
 const AlgorithmIdentifier *
@@ -988,9 +985,6 @@
 hx509_signature_rsa_pkcs1_x509 (void);
 
 const AlgorithmIdentifier *
-hx509_signature_rsa_with_md2 (void);
-
-const AlgorithmIdentifier *
 hx509_signature_rsa_with_md5 (void);
 
 const AlgorithmIdentifier *
--- lib/hx509/ks_p11.c
+++ lib/hx509/ks_p11.c
@@ -1139,7 +1139,6 @@
 		MECHNAME(CKM_SHA256, "sha256");
 		MECHNAME(CKM_SHA_1, "sha1");
 		MECHNAME(CKM_MD5, "md5");
-		MECHNAME(CKM_MD2, "md2");
 		MECHNAME(CKM_RIPEMD160, "ripemd-160");
 		MECHNAME(CKM_DES_ECB, "des-ecb");
 		MECHNAME(CKM_DES_CBC, "des-cbc");
--- lib/hx509/tst-crypto-available2
+++ lib/hx509/tst-crypto-available2
@@ -1,4 +1,3 @@
 2.16.840.1.101.3.4.2.1
 1.3.14.3.2.26
 1.2.840.113549.2.5
-1.2.840.113549.2.2
--- lib/hx509/version-script.map
+++ lib/hx509/version-script.map
@@ -200,10 +200,8 @@
 		hx509_revoke_verify;
 		hx509_set_error_string;
 		hx509_set_error_stringv;
-		hx509_signature_md2;
 		hx509_signature_md5;
 		hx509_signature_rsa;
-		hx509_signature_rsa_with_md2;
 		hx509_signature_rsa_with_md5;
 		hx509_signature_rsa_with_sha1;
 		hx509_signature_rsa_with_sha256;