diff --git a/lib/libcrypt/Makefile b/lib/libcrypt/Makefile
index 611b42ab038c..1aa4c66d9cc7 100644
--- a/lib/libcrypt/Makefile
+++ b/lib/libcrypt/Makefile
@@ -31,6 +31,7 @@ CFLAGS+=	-I${.CURDIR} -DHAS_DES -DHAS_BLOWFISH
 
 .for sym in MD4Init MD4Final MD4Update MD4Pad \
 	    MD5Init MD5Final MD5Update MD5Pad \
+	    SHA224_Init SHA224_Final SHA224_Update \
 	    SHA256_Init SHA256_Final SHA256_Update \
 	    SHA512_224_Init SHA512_224_Final SHA512_224_Update \
 	    SHA512_256_Init SHA512_256_Final SHA512_256_Update \
diff --git a/lib/libmd/Makefile b/lib/libmd/Makefile
index 98c352917dba..2fc24d90043d 100644
--- a/lib/libmd/Makefile
+++ b/lib/libmd/Makefile
@@ -7,13 +7,13 @@ SHLIBDIR?= /lib
 SRCS=	md4c.c md5c.c md4hl.c md5hl.c \
 	rmd160c.c rmd160hl.c \
 	sha0c.c sha0hl.c sha1c.c sha1hl.c \
-	sha256c.c sha256hl.c \
+	sha224hl.c sha256c.c sha256hl.c \
 	sha384hl.c \
 	sha512c.c sha512hl.c sha512thl.c \
 	skein.c skein_block.c \
 	skein256hl.c skein512hl.c skein1024hl.c
-INCS=	md4.h md5.h ripemd.h sha.h sha256.h sha384.h sha512.h sha512t.h \
-	skein.h skein_port.h skein_freebsd.h skein_iv.h
+INCS=	md4.h md5.h ripemd.h sha.h sha224.h sha256.h sha384.h sha512.h \
+	sha512t.h skein.h skein_port.h skein_freebsd.h skein_iv.h
 
 WARNS?=	0
 
@@ -34,6 +34,10 @@ MLINKS+=sha.3 SHA_Data.3
 MLINKS+=sha.3 SHA1_Init.3 sha.3 SHA1_Update.3 sha.3 SHA1_Final.3
 MLINKS+=sha.3 SHA1_End.3  sha.3 SHA1_File.3   sha.3 SHA1_FileChunk.3
 MLINKS+=sha.3 SHA1_Data.3
+MLINKS+=sha256.3 SHA224_Init.3  sha256.3 SHA224_Update.3
+MLINKS+=sha256.3 SHA224_Final.3 sha256.3 SHA224_End.3
+MLINKS+=sha256.3 SHA224_File.3  sha256.3 SHA224_FileChunk.3
+MLINKS+=sha256.3 SHA224_Data.3
 MLINKS+=sha256.3 SHA256_Init.3  sha256.3 SHA256_Update.3
 MLINKS+=sha256.3 SHA256_Final.3 sha256.3 SHA256_End.3
 MLINKS+=sha256.3 SHA256_File.3  sha256.3 SHA256_FileChunk.3
@@ -66,7 +70,8 @@ MLINKS+=skein.3 SKEIN1024_Data.3  skein.3 skein1024.3
 CLEANFILES+=	md[245]hl.c md[245].ref md[245].3 mddriver \
 		rmd160.ref rmd160hl.c rmddriver \
 		sha0.ref sha0hl.c sha1.ref sha1hl.c shadriver \
-		sha256.ref sha256hl.c sha384hl.c sha384.ref \
+		sha224.ref sha256.ref sha224hl.c sha256hl.c \
+		sha384hl.c sha384.ref \
 		sha512.ref sha512hl.c sha512t256.ref sha512thl.c \
 		skein256hl.c skein512hl.c skein1024hl.c \
 		skein256.ref skein512.ref skein1024.ref \
@@ -130,6 +135,12 @@ sha1hl.c: mdXhl.c
 		sed -e 's/mdX/sha/g' -e 's/MDX/SHA1_/g' -e 's/SHA1__/SHA1_/g' \
 		${.ALLSRC}) > ${.TARGET}
 
+sha224hl.c: mdXhl.c
+	(echo '#define LENGTH 28'; \
+		sed -e 's/mdX/sha224/g' -e 's/MDX/SHA224_/g'	\
+			-e  's/SHA224__/SHA224_/g' \
+		${.ALLSRC}) > ${.TARGET}
+
 sha256hl.c: mdXhl.c
 	(echo '#define LENGTH 32'; \
 		sed -e 's/mdX/sha256/g' -e 's/MDX/SHA256_/g'	\
@@ -234,6 +245,20 @@ sha1.ref:
 	@echo 'SHA-1 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \
 		'50abf5706a150990a08b2c5ea40fa0e585554732' >> ${.TARGET}
 
+sha224.ref:
+	echo 'SHA-224 test suite:' > ${.TARGET}
+	@echo 'SHA-224 ("") = d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f' >> ${.TARGET}
+	@echo 'SHA-224 ("abc") =' \
+		'23097d223405d8228642a477bda255b32aadbce4bda0b3f7e36c9da7' >> ${.TARGET}
+	@echo 'SHA-224 ("message digest") =' \
+		'2cb21c83ae2f004de7e81c3c7019cbcb65b71ab656b22d6d0c39b8eb' >> ${.TARGET}
+	@echo 'SHA-224 ("abcdefghijklmnopqrstuvwxyz") =' \
+		'45a5f72c39c5cff2522eb3429799e49e5f44b356ef926bcf390dccc2' >> ${.TARGET}
+	@echo 'SHA-224 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") =' \
+		'bff72b4fcb7d75e5632900ac5f90d219e05e97a7bde72e740db393d9' >> ${.TARGET}
+	@echo 'SHA-224 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \
+		'b50aecbe4e9bb0b57bc5f3ae760a8e01db24f203fb3cdcd13148046e' >> ${.TARGET}
+
 sha256.ref:
 	echo 'SHA-256 test suite:' > ${.TARGET}
 	@echo 'SHA-256 ("") = e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855' >> ${.TARGET}
@@ -349,7 +374,7 @@ skein1024.ref:
 	@echo 'SKEIN1024 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \
 		'cf21a613620e6c119eca31fdfaad449a8e02f95ca256c21d2a105f8e4157048f9fe1e897893ea18b64e0e37cb07d5ac947f27ba544caf7cbc1ad094e675aed77a366270f7eb7f46543bccfa61c526fd628408058ed00ed566ac35a9761d002e629c4fb0d430b2f4ad016fcc49c44d2981c4002da0eecc42144160e2eaea4855a' >> ${.TARGET}
 
-test:	md4.ref md5.ref sha0.ref rmd160.ref sha1.ref sha256.ref sha384.ref \
+test:	md4.ref md5.ref sha0.ref rmd160.ref sha1.ref sha224.ref sha256.ref sha384.ref \
 		sha512.ref sha512t256.ref skein256.ref skein512.ref skein1024.ref
 	@${ECHO} if any of these test fail, the code produces wrong results
 	@${ECHO} and should NOT be used.
@@ -370,6 +395,9 @@ test:	md4.ref md5.ref sha0.ref rmd160.ref sha1.ref sha256.ref sha384.ref \
 	${CC} ${CFLAGS} ${LDFLAGS} -DSHA=1 -o shadriver ${.CURDIR}/shadriver.c libmd.a
 	./shadriver | cmp sha1.ref -
 	@${ECHO} SHA-1 passed test
+	${CC} ${CFLAGS} ${LDFLAGS} -DSHA=224 -o shadriver ${.CURDIR}/shadriver.c libmd.a
+	./shadriver | cmp sha224.ref -
+	@${ECHO} SHA-224 passed test
 	${CC} ${CFLAGS} ${LDFLAGS} -DSHA=256 -o shadriver ${.CURDIR}/shadriver.c libmd.a
 	./shadriver | cmp sha256.ref -
 	@${ECHO} SHA-256 passed test
diff --git a/lib/libmd/sha256.3 b/lib/libmd/sha256.3
index 530c64416df0..25bbb1220486 100644
--- a/lib/libmd/sha256.3
+++ b/lib/libmd/sha256.3
@@ -9,10 +9,17 @@
 .\" 	From: Id: mdX.3,v 1.14 1999/02/11 20:31:49 wollman Exp
 .\" $FreeBSD$
 .\"
-.Dd April 26, 2016
+.Dd July 9, 2018
 .Dt SHA256 3
 .Os
 .Sh NAME
+.Nm SHA224_Init ,
+.Nm SHA224_Update ,
+.Nm SHA224_Final ,
+.Nm SHA224_End ,
+.Nm SHA224_File ,
+.Nm SHA224_FileChunk ,
+.Nm SHA224_Data ,
 .Nm SHA256_Init ,
 .Nm SHA256_Update ,
 .Nm SHA256_Final ,
@@ -20,11 +27,26 @@
 .Nm SHA256_File ,
 .Nm SHA256_FileChunk ,
 .Nm SHA256_Data
-.Nd calculate the FIPS 180-2 ``SHA-256'' message digest
+.Nd calculate the FIPS 180-2 ``SHA-256'' (or SHA-224) message digest
 .Sh LIBRARY
 .Lb libmd
 .Sh SYNOPSIS
 .In sys/types.h
+.In sha224.h
+.Ft void
+.Fn SHA224_Init "SHA224_CTX *context"
+.Ft void
+.Fn SHA224_Update "SHA224_CTX *context" "const unsigned char *data" "size_t len"
+.Ft void
+.Fn SHA224_Final "unsigned char digest[32]" "SHA224_CTX *context"
+.Ft "char *"
+.Fn SHA224_End "SHA224_CTX *context" "char *buf"
+.Ft "char *"
+.Fn SHA224_File "const char *filename" "char *buf"
+.Ft "char *"
+.Fn SHA224_FileChunk "const char *filename" "char *buf" "off_t offset" "off_t length"
+.Ft "char *"
+.Fn SHA224_Data "const unsigned char *data" "unsigned int len" "char *buf"
 .In sha256.h
 .Ft void
 .Fn SHA256_Init "SHA256_CTX *context"
@@ -119,12 +141,14 @@ after use.
 If the
 .Fa buf
 argument is non-null it must point to at least 65 characters of buffer space.
+.Pp
+SHA224 is identical SHA256, except it has slightly different initialization
+vectors, and is truncated to a shorter digest.
 .Sh SEE ALSO
 .Xr md4 3 ,
 .Xr md5 3 ,
 .Xr ripemd 3 ,
 .Xr sha 3 ,
-.Xr sha256 3 ,
 .Xr sha512 3 ,
 .Xr skein 3
 .Sh HISTORY
diff --git a/lib/libmd/shadriver.c b/lib/libmd/shadriver.c
index a0472f016364..f5026eb3cc5d 100644
--- a/lib/libmd/shadriver.c
+++ b/lib/libmd/shadriver.c
@@ -24,6 +24,7 @@ __FBSDID("$FreeBSD$");
 #include <string.h>
 
 #include "sha.h"
+#include "sha224.h"
 #include "sha256.h"
 #include "sha384.h"
 #include "sha512.h"
@@ -38,6 +39,9 @@ __FBSDID("$FreeBSD$");
 #if SHA == 1
 #undef SHA_Data
 #define SHA_Data SHA1_Data
+#elif SHA == 224
+#undef SHA_Data
+#define SHA_Data SHA224_Data
 #elif SHA == 256
 #undef SHA_Data
 #define SHA_Data SHA256_Data
diff --git a/sbin/md5/Makefile b/sbin/md5/Makefile
index cb643ea18bef..c284be13161b 100644
--- a/sbin/md5/Makefile
+++ b/sbin/md5/Makefile
@@ -6,6 +6,7 @@ PROG=	md5
 
 LINKS=	${BINDIR}/md5 ${BINDIR}/rmd160 \
 	${BINDIR}/md5 ${BINDIR}/sha1 \
+	${BINDIR}/md5 ${BINDIR}/sha224 \
 	${BINDIR}/md5 ${BINDIR}/sha256 \
 	${BINDIR}/md5 ${BINDIR}/sha384 \
 	${BINDIR}/md5 ${BINDIR}/sha512 \
@@ -16,6 +17,7 @@ LINKS=	${BINDIR}/md5 ${BINDIR}/rmd160 \
 
 MLINKS=	md5.1 rmd160.1 \
 	md5.1 sha1.1 \
+	md5.1 sha224.1 \
 	md5.1 sha256.1 \
 	md5.1 sha384.1 \
 	md5.1 sha512.1 \
diff --git a/sbin/md5/md5.1 b/sbin/md5/md5.1
index 2c2566b71aab..1cf0db333b74 100644
--- a/sbin/md5/md5.1
+++ b/sbin/md5/md5.1
@@ -1,65 +1,22 @@
 .\" $FreeBSD$
-.Dd March 2, 2017
+.Dd July 9, 2018
 .Dt MD5 1
 .Os
 .Sh NAME
-.Nm md5 , sha1 , sha256 , sha384 , sha512 , sha512t256 , rmd160 ,
+.Nm md5 , sha1 , sha224 , sha256 , sha384 , sha512 , sha512t256 , rmd160 ,
 .Nm skein256 , skein512 , skein1024
 .Nd calculate a message-digest fingerprint (checksum) for a file
 .Sh SYNOPSIS
-.Nm md5
-.Op Fl pqrtx
-.Op Fl c Ar string
-.Op Fl s Ar string
-.Op Ar
-.Nm sha1
-.Op Fl pqrtx
-.Op Fl c Ar string
-.Op Fl s Ar string
-.Op Ar
-.Nm sha256
-.Op Fl pqrtx
-.Op Fl c Ar string
-.Op Fl s Ar string
-.Op Ar
-.Nm sha384
-.Op Fl pqrtx
-.Op Fl c Ar string
-.Op Fl s Ar string
-.Op Ar
-.Nm sha512
-.Op Fl pqrtx
-.Op Fl c Ar string
-.Op Fl s Ar string
-.Op Ar
-.Nm sha512t256
-.Op Fl pqrtx
-.Op Fl c Ar string
-.Op Fl s Ar string
-.Op Ar
-.Nm rmd160
-.Op Fl pqrtx
-.Op Fl c Ar string
-.Op Fl s Ar string
-.Op Ar
-.Nm skein256
-.Op Fl pqrtx
-.Op Fl c Ar string
-.Op Fl s Ar string
-.Op Ar
-.Nm skein512
-.Op Fl pqrtx
-.Op Fl c Ar string
-.Op Fl s Ar string
-.Op Ar
-.Nm skein1024
+.Nm
 .Op Fl pqrtx
 .Op Fl c Ar string
 .Op Fl s Ar string
 .Op Ar
+.Pp
+(All other hashes have the same options and usage.)
 .Sh DESCRIPTION
 The
-.Nm md5 , sha1 , sha256 , sha384 , sha512, sha512t256, rmd160,
+.Nm md5 , sha1 , sha224 , sha256 , sha384 , sha512, sha512t256, rmd160,
 .Nm skein256, skein512,
 and
 .Nm skein1024
@@ -73,7 +30,7 @@ It is conjectured that it is computationally infeasible to
 produce two messages having the same message digest, or to produce any
 message having a given prespecified target message digest.
 The
-.Tn MD5 , SHA-1 , SHA-256 , SHA-384 , SHA-512, RIPEMD-160,
+.Tn SHA-224 , SHA-256 , SHA-384 , SHA-512, RIPEMD-160,
 and
 .Tn SKEIN
 algorithms are intended for digital signature applications, where a
@@ -89,8 +46,8 @@ The
 and
 .Tn SHA-1
 algorithms have been proven to be vulnerable to practical collision
-attacks and should not be relied upon to produce unique outputs, nor
-should they be used as part of a cryptographic signature scheme.
+attacks and should not be relied upon to produce unique outputs,
+.Em nor should they be used as part of a cryptographic signature scheme.
 As of 2017-03-02, there is no publicly known method to
 .Em reverse
 either algorithm, i.e. to find an input that produces a specific
@@ -143,8 +100,8 @@ Run a built-in test script.
 .El
 .Sh EXIT STATUS
 The
-.Nm md5 , sha1 , sha256 , sha512, sha512t256, rmd160,
-.Nm skein256, skein512,
+.Nm md5 , sha1 , sha224 , sha256 , sha512 , sha512t256 , rmd160 ,
+.Nm skein256 , skein512,
 and
 .Nm skein1024
 utilities exit 0 on success,
@@ -157,6 +114,7 @@ option.
 .Xr md5 3 ,
 .Xr ripemd 3 ,
 .Xr sha 3 ,
+.Xr sha224 3 ,
 .Xr sha256 3 ,
 .Xr sha384 3 ,
 .Xr sha512 3 ,
diff --git a/sbin/md5/md5.c b/sbin/md5/md5.c
index 06f322a65fb1..9880c77ae0d5 100644
--- a/sbin/md5/md5.c
+++ b/sbin/md5/md5.c
@@ -29,6 +29,7 @@ __FBSDID("$FreeBSD$");
 #include <md5.h>
 #include <ripemd.h>
 #include <sha.h>
+#include <sha224.h>
 #include <sha256.h>
 #include <sha384.h>
 #include <sha512.h>
@@ -59,6 +60,7 @@ typedef char *(DIGEST_End)(void *, char *);
 
 extern const char *MD5TestOutput[MDTESTCOUNT];
 extern const char *SHA1_TestOutput[MDTESTCOUNT];
+extern const char *SHA224_TestOutput[MDTESTCOUNT];
 extern const char *SHA256_TestOutput[MDTESTCOUNT];
 extern const char *SHA384_TestOutput[MDTESTCOUNT];
 extern const char *SHA512_TestOutput[MDTESTCOUNT];
@@ -89,6 +91,7 @@ static void usage(const Algorithm_t *);
 typedef union {
 	MD5_CTX md5;
 	SHA1_CTX sha1;
+	SHA224_CTX sha224;
 	SHA256_CTX sha256;
 	SHA384_CTX sha384;
 	SHA512_CTX sha512;
@@ -112,6 +115,9 @@ static const struct Algorithm_t Algorithm[] = {
 	{ "sha1", "SHA1", &SHA1_TestOutput, (DIGEST_Init*)&SHA1_Init,
 		(DIGEST_Update*)&SHA1_Update, (DIGEST_End*)&SHA1_End,
 		&SHA1_Data, &SHA1_Fd },
+	{ "sha224", "SHA224", &SHA224_TestOutput, (DIGEST_Init*)&SHA224_Init,
+		(DIGEST_Update*)&SHA224_Update, (DIGEST_End*)&SHA224_End,
+		&SHA224_Data, &SHA224_Fd },
 	{ "sha256", "SHA256", &SHA256_TestOutput, (DIGEST_Init*)&SHA256_Init,
 		(DIGEST_Update*)&SHA256_Update, (DIGEST_End*)&SHA256_End,
 		&SHA256_Data, &SHA256_Fd },
@@ -368,6 +374,17 @@ const char *SHA1_TestOutput[MDTESTCOUNT] = {
 	"18eca4333979c4181199b7b4fab8786d16cf2846"
 };
 
+const char *SHA224_TestOutput[MDTESTCOUNT] = {
+	"d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f",
+	"abd37534c7d9a2efb9465de931cd7055ffdb8879563ae98078d6d6d5",
+	"23097d223405d8228642a477bda255b32aadbce4bda0b3f7e36c9da7",
+	"2cb21c83ae2f004de7e81c3c7019cbcb65b71ab656b22d6d0c39b8eb",
+	"45a5f72c39c5cff2522eb3429799e49e5f44b356ef926bcf390dccc2",
+	"bff72b4fcb7d75e5632900ac5f90d219e05e97a7bde72e740db393d9",
+	"b50aecbe4e9bb0b57bc5f3ae760a8e01db24f203fb3cdcd13148046e",
+	"5ae55f3779c8a1204210d7ed7689f661fbe140f96f272ab79e19d470"
+};
+
 const char *SHA256_TestOutput[MDTESTCOUNT] = {
 	"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
 	"ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb",