diff --git a/share/man/man9/crypto.9 b/share/man/man9/crypto.9
index 40111cb95b50..afb7da1f5c69 100644
--- a/share/man/man9/crypto.9
+++ b/share/man/man9/crypto.9
@@ -107,14 +107,12 @@ The following authentication algorithms are supported:
 .It Dv CRYPTO_BLAKE2B
 .It Dv CRYPTO_BLAKE2S
 .It Dv CRYPTO_MD5_HMAC
-.It Dv CRYPTO_MD5_KPDK
 .It Dv CRYPTO_NULL_HMAC
 .It Dv CRYPTO_POLY1305
 .It Dv CRYPTO_RIPEMD160
 .It Dv CRYPTO_RIPEMD160_HMAC
 .It Dv CRYPTO_SHA1
 .It Dv CRYPTO_SHA1_HMAC
-.It Dv CRYPTO_SHA1_KPDK
 .It Dv CRYPTO_SHA2_224
 .It Dv CRYPTO_SHA2_224_HMAC
 .It Dv CRYPTO_SHA2_256
diff --git a/sys/opencrypto/crypto.c b/sys/opencrypto/crypto.c
index a8c310f72e31..1f064a64426d 100644
--- a/sys/opencrypto/crypto.c
+++ b/sys/opencrypto/crypto.c
@@ -546,10 +546,6 @@ crypto_auth_hash(const struct crypto_session_params *csp)
 		return (&auth_hash_null);
 	case CRYPTO_RIPEMD160_HMAC:
 		return (&auth_hash_hmac_ripemd_160);
-	case CRYPTO_MD5_KPDK:
-		return (&auth_hash_key_md5);
-	case CRYPTO_SHA1_KPDK:
-		return (&auth_hash_key_sha1);
 	case CRYPTO_SHA1:
 		return (&auth_hash_sha1);
 	case CRYPTO_SHA2_224:
@@ -690,8 +686,6 @@ static enum alg_type {
 	[CRYPTO_MD5_HMAC] = ALG_KEYED_DIGEST,
 	[CRYPTO_SHA1_HMAC] = ALG_KEYED_DIGEST,
 	[CRYPTO_RIPEMD160_HMAC] = ALG_KEYED_DIGEST,
-	[CRYPTO_MD5_KPDK] = ALG_KEYED_DIGEST,
-	[CRYPTO_SHA1_KPDK] = ALG_KEYED_DIGEST,
 	[CRYPTO_AES_CBC] = ALG_CIPHER,
 	[CRYPTO_ARC4] = ALG_CIPHER,
 	[CRYPTO_SHA1] = ALG_DIGEST,
diff --git a/sys/opencrypto/cryptodev.h b/sys/opencrypto/cryptodev.h
index 8e47c1d8527f..2f1eef20d318 100644
--- a/sys/opencrypto/cryptodev.h
+++ b/sys/opencrypto/cryptodev.h
@@ -81,8 +81,6 @@
 #define	SHA2_256_HASH_LEN	32
 #define	SHA2_384_HASH_LEN	48
 #define	SHA2_512_HASH_LEN	64
-#define	MD5_KPDK_HASH_LEN	16
-#define	SHA1_KPDK_HASH_LEN	20
 #define	AES_GMAC_HASH_LEN	16
 #define	POLY1305_HASH_LEN	16
 #define	AES_CBC_MAC_HASH_LEN	16
diff --git a/sys/opencrypto/cryptosoft.c b/sys/opencrypto/cryptosoft.c
index a14e0f2bd4a6..5ef38e4c22ca 100644
--- a/sys/opencrypto/cryptosoft.c
+++ b/sys/opencrypto/cryptosoft.c
@@ -64,7 +64,6 @@ struct swcr_auth {
 	void		*sw_octx;
 	struct auth_hash *sw_axf;
 	uint16_t	sw_mlen;
-	uint16_t	sw_octx_len;
 };
 
 struct swcr_encdec {
@@ -349,27 +348,6 @@ swcr_authprepare(struct auth_hash *axf, struct swcr_auth *sw,
 		hmac_init_ipad(axf, key, klen, sw->sw_ictx);
 		hmac_init_opad(axf, key, klen, sw->sw_octx);
 		break;
-	case CRYPTO_MD5_KPDK:
-	case CRYPTO_SHA1_KPDK:
-	{
-		/* 
-		 * We need a buffer that can hold an md5 and a sha1 result
-		 * just to throw it away.
-		 * What we do here is the initial part of:
-		 *   ALGO( key, keyfill, .. )
-		 * adding the key to sw_ictx and abusing Final() to get the
-		 * "keyfill" padding.
-		 * In addition we abuse the sw_octx to save the key to have
-		 * it to be able to append it at the end in swcr_authcompute().
-		 */
-		u_char buf[SHA1_RESULTLEN];
-
-		bcopy(key, sw->sw_octx, klen);
-		axf->Init(sw->sw_ictx);
-		axf->Update(sw->sw_ictx, key, klen);
-		axf->Final(buf, sw->sw_ictx);
-		break;
-	}
 	case CRYPTO_POLY1305:
 	case CRYPTO_BLAKE2B:
 	case CRYPTO_BLAKE2S:
@@ -442,23 +420,6 @@ swcr_authcompute(struct swcr_session *ses, struct cryptop *crp)
 		axf->Final(aalg, &ctx);
 		break;
 
-	case CRYPTO_MD5_KPDK:
-	case CRYPTO_SHA1_KPDK:
-		/* If we have no key saved, return error. */
-		if (sw->sw_octx == NULL)
-			return EINVAL;
-
-		/*
-		 * Add the trailing copy of the key (see comment in
-		 * swcr_authprepare()) after the data:
-		 *   ALGO( .., key, algofill )
-		 * and let Final() do the proper, natural "algofill"
-		 * padding.
-		 */
-		axf->Update(&ctx, sw->sw_octx, sw->sw_octx_len);
-		axf->Final(aalg, &ctx);
-		break;
-
 	case CRYPTO_BLAKE2B:
 	case CRYPTO_BLAKE2S:
 	case CRYPTO_NULL_HMAC:
@@ -947,8 +908,7 @@ swcr_setup_auth(struct swcr_session *ses,
 	case CRYPTO_SHA2_512_HMAC:
 	case CRYPTO_NULL_HMAC:
 	case CRYPTO_RIPEMD160_HMAC:
-		swa->sw_octx_len = axf->ctxsize;
-		swa->sw_octx = malloc(swa->sw_octx_len, M_CRYPTO_DATA,
+		swa->sw_octx = malloc(axf->ctxsize, M_CRYPTO_DATA,
 		    M_NOWAIT);
 		if (swa->sw_octx == NULL)
 			return (ENOBUFS);
@@ -958,23 +918,6 @@ swcr_setup_auth(struct swcr_session *ses,
 			    csp->csp_auth_klen);
 		}
 
-		if (csp->csp_mode == CSP_MODE_DIGEST)
-			ses->swcr_process = swcr_authcompute;
-		break;
-	case CRYPTO_MD5_KPDK:
-	case CRYPTO_SHA1_KPDK:
-		swa->sw_octx_len = csp->csp_auth_klen;
-		swa->sw_octx = malloc(swa->sw_octx_len, M_CRYPTO_DATA,
-		    M_NOWAIT);
-		if (swa->sw_octx == NULL)
-			return (ENOBUFS);
-
-		/* Store the key so we can "append" it to the payload */
-		if (csp->csp_auth_key != NULL) {
-			swcr_authprepare(axf, swa, csp->csp_auth_key,
-			    csp->csp_auth_klen);
-		}
-
 		if (csp->csp_mode == CSP_MODE_DIGEST)
 			ses->swcr_process = swcr_authcompute;
 		break;
@@ -1151,8 +1094,6 @@ swcr_auth_supported(const struct crypto_session_params *csp)
 	case CRYPTO_SHA2_512_HMAC:
 	case CRYPTO_NULL_HMAC:
 	case CRYPTO_RIPEMD160_HMAC:
-	case CRYPTO_MD5_KPDK:
-	case CRYPTO_SHA1_KPDK:
 		break;
 	case CRYPTO_AES_NIST_GMAC:
 		switch (csp->csp_auth_klen * 8) {
@@ -1399,7 +1340,7 @@ swcr_freesession(device_t dev, crypto_session_t cses)
 			free(swa->sw_ictx, M_CRYPTO_DATA);
 		}
 		if (swa->sw_octx != NULL) {
-			explicit_bzero(swa->sw_octx, swa->sw_octx_len);
+			explicit_bzero(swa->sw_octx, axf->ctxsize);
 			free(swa->sw_octx, M_CRYPTO_DATA);
 		}
 	}
diff --git a/sys/opencrypto/xform_auth.h b/sys/opencrypto/xform_auth.h
index 9b0726257d77..49ce5089d76c 100644
--- a/sys/opencrypto/xform_auth.h
+++ b/sys/opencrypto/xform_auth.h
@@ -66,8 +66,6 @@ struct auth_hash {
 };
 
 extern struct auth_hash auth_hash_null;
-extern struct auth_hash auth_hash_key_md5;
-extern struct auth_hash auth_hash_key_sha1;
 extern struct auth_hash auth_hash_hmac_md5;
 extern struct auth_hash auth_hash_hmac_sha1;
 extern struct auth_hash auth_hash_hmac_ripemd_160;
diff --git a/sys/opencrypto/xform_md5.c b/sys/opencrypto/xform_md5.c
index 5611ee397251..25c634632d5d 100644
--- a/sys/opencrypto/xform_md5.c
+++ b/sys/opencrypto/xform_md5.c
@@ -68,18 +68,6 @@ struct auth_hash auth_hash_hmac_md5 = {
 	.Final = (void (*) (u_int8_t *, void *)) MD5Final,
 };
 
-struct auth_hash auth_hash_key_md5 = {
-	.type = CRYPTO_MD5_KPDK,
-	.name = "Keyed MD5",
-	.keysize = 0,
-	.hashsize = MD5_KPDK_HASH_LEN,
-	.ctxsize = sizeof(MD5_CTX),
-	.blocksize = 0,
-	.Init = (void (*)(void *)) MD5Init,
-	.Update = MD5Update_int,
-	.Final = (void (*)(u_int8_t *, void *)) MD5Final,
-};
-
 /*
  * And now for auth.
  */
diff --git a/sys/opencrypto/xform_sha1.c b/sys/opencrypto/xform_sha1.c
index 44ac8c0e8b77..e6becf03d36c 100644
--- a/sys/opencrypto/xform_sha1.c
+++ b/sys/opencrypto/xform_sha1.c
@@ -82,18 +82,6 @@ struct auth_hash auth_hash_hmac_sha1 = {
 	.Final = SHA1Final_int,
 };
 
-struct auth_hash auth_hash_key_sha1 = {
-	.type = CRYPTO_SHA1_KPDK,
-	.name = "Keyed SHA1",
-	.keysize = 0,
-	.hashsize = SHA1_KPDK_HASH_LEN,
-	.ctxsize = sizeof(SHA1_CTX),
-	.blocksize = 0,
-	.Init = SHA1Init_int,
-	.Update = SHA1Update_int,
-	.Final = SHA1Final_int,
-};
-
 /*
  * And now for auth.
  */