Retain compatibility of EVP_DigestInit() and EVP_DigestFinal()

with existing code.

Modify library to use digest *_ex() functions.

CHANGES

@@ -12,6 +12,16 @@
          *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7
          +) applies to 0.9.7 only
 
+  +) Modify the behaviour of EVP_DigestInit() and EVP_DigestFinal() to retain
+     compatibility with existing code. In particular the 'ctx' parameter is
+     not assumed to be valid before the call to EVP_DigestInit() and it is tidied
+     up after a call to EVP_DigestFinal(). A new function EVP_DigestFinal_ex()
+     but does not free up the ctx. Also change function EVP_MD_CTX_copy() to
+     assume the destination is uninitialized: EVP_MD_CTX_copy_ex() do assumes
+     the destiation is valid. Also modify all the OpenSSL digest calls to call 
+     EVP_DigestInit_ex(), EVP_DigestFinal_ex() and EVP_MD_CTX_copy_ex().
+     [Steve Henson]
+
   +) Change ssl3_get_message (ssl/s3_both.c) and the functions using it
      so that complete 'Handshake' protocol structures are kept in memory
      instead of overwriting 'msg_type' and 'length' with 'body' data.

apps/passwd.c

@@ -327,7 +327,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
 	assert(salt_len <= 8);
 	
 	EVP_MD_CTX_init(&md);
-	EVP_DigestInit(&md,EVP_md5());
+	EVP_DigestInit_ex(&md,EVP_md5(), NULL);
 	EVP_DigestUpdate(&md, passwd, passwd_len);
 	EVP_DigestUpdate(&md, "$", 1);
 	EVP_DigestUpdate(&md, magic, strlen(magic));
@@ -335,11 +335,11 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
 	EVP_DigestUpdate(&md, salt_out, salt_len);
 	
 	EVP_MD_CTX_init(&md2);
-	EVP_DigestInit(&md2,EVP_md5());
+	EVP_DigestInit_ex(&md2,EVP_md5(), NULL);
 	EVP_DigestUpdate(&md2, passwd, passwd_len);
 	EVP_DigestUpdate(&md2, salt_out, salt_len);
 	EVP_DigestUpdate(&md2, passwd, passwd_len);
-	EVP_DigestFinal(&md2, buf, NULL);
+	EVP_DigestFinal_ex(&md2, buf, NULL);
 
 	for (i = passwd_len; i > sizeof buf; i -= sizeof buf)
 		EVP_DigestUpdate(&md, buf, sizeof buf);
@@ -351,11 +351,11 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
 		EVP_DigestUpdate(&md, (n & 1) ? "\0" : passwd, 1);
 		n >>= 1;
 		}
-	EVP_DigestFinal(&md, buf, NULL);
+	EVP_DigestFinal_ex(&md, buf, NULL);
 
 	for (i = 0; i < 1000; i++)
 		{
-		EVP_DigestInit(&md2,EVP_md5());
+		EVP_DigestInit_ex(&md2,EVP_md5(), NULL);
 		EVP_DigestUpdate(&md2, (i & 1) ? (unsigned char *) passwd : buf,
 		                       (i & 1) ? passwd_len : sizeof buf);
 		if (i % 3)
@@ -364,7 +364,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
 			EVP_DigestUpdate(&md2, passwd, passwd_len);
 		EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned char *) passwd,
 		                       (i & 1) ? sizeof buf : passwd_len);
-		EVP_DigestFinal(&md2, buf, NULL);
+		EVP_DigestFinal_ex(&md2, buf, NULL);
 		}
 	EVP_MD_CTX_cleanup(&md2);
 	

apps/speed.c

@@ -944,7 +944,7 @@ int MAIN(int argc, char **argv)
 			print_message(names[D_MD2],c[D_MD2][j],lengths[j]);
 			Time_F(START,usertime);
 			for (count=0,run=1; COND(c[D_MD2][j]); count++)
-				EVP_Digest(buf,(unsigned long)lengths[j],&(md2[0]),NULL,EVP_md2());
+				EVP_Digest(buf,(unsigned long)lengths[j],&(md2[0]),NULL,EVP_md2(), NULL);
 			d=Time_F(STOP,usertime);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
 				count,names[D_MD2],d);
@@ -960,7 +960,7 @@ int MAIN(int argc, char **argv)
 			print_message(names[D_MDC2],c[D_MDC2][j],lengths[j]);
 			Time_F(START,usertime);
 			for (count=0,run=1; COND(c[D_MDC2][j]); count++)
-				EVP_Digest(buf,(unsigned long)lengths[j],&(mdc2[0]),NULL,EVP_mdc2());
+				EVP_Digest(buf,(unsigned long)lengths[j],&(mdc2[0]),NULL,EVP_mdc2(), NULL);
 			d=Time_F(STOP,usertime);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
 				count,names[D_MDC2],d);
@@ -977,7 +977,7 @@ int MAIN(int argc, char **argv)
 			print_message(names[D_MD4],c[D_MD4][j],lengths[j]);
 			Time_F(START,usertime);
 			for (count=0,run=1; COND(c[D_MD4][j]); count++)
-				EVP_Digest(&(buf[0]),(unsigned long)lengths[j],&(md4[0]),NULL,EVP_md4());
+				EVP_Digest(&(buf[0]),(unsigned long)lengths[j],&(md4[0]),NULL,EVP_md4(), NULL);
 			d=Time_F(STOP,usertime);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
 				count,names[D_MD4],d);
@@ -994,7 +994,8 @@ int MAIN(int argc, char **argv)
 			print_message(names[D_MD5],c[D_MD5][j],lengths[j]);
 			Time_F(START,usertime);
 			for (count=0,run=1; COND(c[D_MD5][j]); count++)
-				EVP_Digest(&(buf[0]),(unsigned long)lengths[j],&(md5[0]),NULL,EVP_get_digestbyname("md5"));
+				EVP_Digest(&(buf[0]),(unsigned long)lengths[j],&(md5[0]),NULL,
+										EVP_get_digestbyname("md5"), NULL);
 			d=Time_F(STOP,usertime);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
 				count,names[D_MD5],d);
@@ -1038,7 +1039,7 @@ int MAIN(int argc, char **argv)
 			print_message(names[D_SHA1],c[D_SHA1][j],lengths[j]);
 			Time_F(START,usertime);
 			for (count=0,run=1; COND(c[D_SHA1][j]); count++)
-				EVP_Digest(buf,(unsigned long)lengths[j],&(sha[0]),NULL,EVP_sha1());
+				EVP_Digest(buf,(unsigned long)lengths[j],&(sha[0]),NULL,EVP_sha1(), NULL);
 			d=Time_F(STOP,usertime);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
 				count,names[D_SHA1],d);
@@ -1054,7 +1055,7 @@ int MAIN(int argc, char **argv)
 			print_message(names[D_RMD160],c[D_RMD160][j],lengths[j]);
 			Time_F(START,usertime);
 			for (count=0,run=1; COND(c[D_RMD160][j]); count++)
-				EVP_Digest(buf,(unsigned long)lengths[j],&(rmd160[0]),NULL,EVP_ripemd160());
+				EVP_Digest(buf,(unsigned long)lengths[j],&(rmd160[0]),NULL,EVP_ripemd160(), NULL);
 			d=Time_F(STOP,usertime);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
 				count,names[D_RMD160],d);

crypto/asn1/a_digest.c

@@ -82,7 +82,7 @@ int ASN1_digest(int (*i2d)(), const EVP_MD *type, char *data,
 	p=str;
 	i2d(data,&p);
 
-	EVP_Digest(str, i, md, len, type);
+	EVP_Digest(str, i, md, len, type, NULL);
 	OPENSSL_free(str);
 	return(1);
 	}
@@ -99,7 +99,7 @@ int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn,
 	i=ASN1_item_i2d(asn,&str, it);
 	if (!str) return(0);
 
-	EVP_Digest(str, i, md, len, type);
+	EVP_Digest(str, i, md, len, type, NULL);
 	OPENSSL_free(str);
 	return(1);
 	}

crypto/asn1/a_sign.c

@@ -123,7 +123,7 @@ int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
 	p=buf_in;
 
 	i2d(data,&p);
-	EVP_SignInit(&ctx,type);
+	EVP_SignInit_ex(&ctx,type, NULL);
 	EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
 	if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
 			(unsigned int *)&outl,pkey))
@@ -199,7 +199,7 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
 		goto err;
 		}
 
-	EVP_SignInit(&ctx,type);
+	EVP_SignInit_ex(&ctx,type, NULL);
 	EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
 	if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
 			(unsigned int *)&outl,pkey))

crypto/asn1/a_verify.c

@@ -100,7 +100,7 @@ int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
 	p=buf_in;
 
 	i2d(data,&p);
-	EVP_VerifyInit(&ctx,type);
+	EVP_VerifyInit_ex(&ctx,type, NULL);
 	EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
 
 	memset(buf_in,0,(unsigned int)inl);
@@ -150,7 +150,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat
 		goto err;
 		}
 
-	EVP_VerifyInit(&ctx,type);
+	EVP_VerifyInit_ex(&ctx,type, NULL);
 	EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
 
 	memset(buf_in,0,(unsigned int)inl);

crypto/asn1/n_pkey.c

@@ -196,7 +196,7 @@ int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey)
 	i = strlen((char *)buf);
 	/* If the key is used for SGC the algorithm is modified a little. */
 	if(sgckey) {
-		EVP_Digest(buf, i, buf, NULL, EVP_md5());
+		EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL);
 		memcpy(buf + 16, "SGCKEYSALT", 10);
 		i = 26;
 	}
@@ -284,7 +284,7 @@ static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
 
 	i = strlen((char *)buf);
 	if(sgckey){
-		EVP_Digest(buf, i, buf, NULL, EVP_md5());
+		EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL);
 		memcpy(buf + 16, "SGCKEYSALT", 10);
 		i = 26;
 	}

crypto/asn1/t_x509.c

@@ -270,7 +270,7 @@ int X509_ocspid_print (BIO *bp, X509 *x)
 		goto err;
 	i2d_X509_NAME(x->cert_info->subject, &dertmp);
 
-	EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1());
+	EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL);
 	for (i=0; i < SHA_DIGEST_LENGTH; i++)
 		{
 		if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0) goto err;
@@ -284,7 +284,7 @@ int X509_ocspid_print (BIO *bp, X509 *x)
 		goto err;
 
 	EVP_Digest(x->cert_info->key->public_key->data,
-		x->cert_info->key->public_key->length, SHA1md, NULL, EVP_sha1());
+		x->cert_info->key->public_key->length, SHA1md, NULL, EVP_sha1(), NULL);
 	for (i=0; i < SHA_DIGEST_LENGTH; i++)
 		{
 		if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0)

crypto/dsa/dsa_gen.c

@@ -159,8 +159,8 @@ DSA *DSA_generate_parameters(int bits,
 				}
 
 			/* step 2 */
-			EVP_Digest(seed,SHA_DIGEST_LENGTH,md,NULL,HASH);
-			EVP_Digest(buf,SHA_DIGEST_LENGTH,buf2,NULL,HASH);
+			EVP_Digest(seed,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL);
+			EVP_Digest(buf,SHA_DIGEST_LENGTH,buf2,NULL,HASH, NULL);
 			for (i=0; i<SHA_DIGEST_LENGTH; i++)
 				md[i]^=buf2[i];
 
@@ -207,7 +207,7 @@ DSA *DSA_generate_parameters(int bits,
 					if (buf[i] != 0) break;
 					}
 
-				EVP_Digest(buf,SHA_DIGEST_LENGTH,md,NULL,HASH);
+				EVP_Digest(buf,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL);
 
 				/* step 8 */
 				if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0))

crypto/evp/bio_md.c

@@ -176,7 +176,7 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr)
 		{
 	case BIO_CTRL_RESET:
 		if (b->init)
-			EVP_DigestInit(ctx,ctx->digest);
+			EVP_DigestInit_ex(ctx,ctx->digest, NULL);
 		else
 			ret=0;
 		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
@@ -207,13 +207,13 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr)
 
 	case BIO_C_SET_MD:
 		md=ptr;
-		EVP_DigestInit(ctx,md);
+		EVP_DigestInit_ex(ctx,md, NULL);
 		b->init=1;
 		break;
 	case BIO_CTRL_DUP:
 		dbio=ptr;
 		dctx=dbio->ptr;
-		EVP_MD_CTX_copy(dctx,ctx);
+		EVP_MD_CTX_copy_ex(dctx,ctx);
 		b->init=1;
 		break;
 	default:
@@ -246,7 +246,7 @@ static int md_gets(BIO *bp, char *buf, int size)
 	ctx=bp->ptr;
 	if (size < ctx->digest->md_size)
 		return(0);
-	EVP_DigestFinal(ctx,(unsigned char *)buf,&ret);
+	EVP_DigestFinal_ex(ctx,(unsigned char *)buf,&ret);
 	return((int)ret);
 	}
 

crypto/evp/bio_ok.c

@@ -415,7 +415,7 @@ static long ok_ctrl(BIO *b, int cmd, long num, void *ptr)
 		break;
 	case BIO_C_SET_MD:
 		md=ptr;
-		EVP_DigestInit(&ctx->md,md);
+		EVP_DigestInit_ex(&ctx->md, md, NULL);
 		b->init=1;
 		break;
 	case BIO_C_GET_MD:
@@ -470,7 +470,7 @@ static void sig_out(BIO* b)
 
 	if(ctx->buf_len+ 2* md->digest->md_size > OK_BLOCK_SIZE) return;
 
-	EVP_DigestInit(md, md->digest);
+	EVP_DigestInit_ex(md, md->digest, NULL);
 	/* FIXME: there's absolutely no guarantee this makes any sense at all,
 	 * particularly now EVP_MD_CTX has been restructured.
 	 */
@@ -480,7 +480,7 @@ static void sig_out(BIO* b)
 	ctx->buf_len+= md->digest->md_size;
 
 	EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN));
-	EVP_DigestFinal(md, &(ctx->buf[ctx->buf_len]), NULL);
+	EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL);
 	ctx->buf_len+= md->digest->md_size;
 	ctx->blockout= 1;
 	ctx->sigio= 0;
@@ -498,13 +498,13 @@ static void sig_in(BIO* b)
 
 	if(ctx->buf_len- ctx->buf_off < 2* md->digest->md_size) return;
 
-	EVP_DigestInit(md, md->digest);
+	EVP_DigestInit_ex(md, md->digest, NULL);
 	memcpy(md->md_data, &(ctx->buf[ctx->buf_off]), md->digest->md_size);
 	longswap(md->md_data, md->digest->md_size);
 	ctx->buf_off+= md->digest->md_size;
 
 	EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN));
-	EVP_DigestFinal(md, tmp, NULL);
+	EVP_DigestFinal_ex(md, tmp, NULL);
 	ret= memcmp(&(ctx->buf[ctx->buf_off]), tmp, md->digest->md_size) == 0;
 	ctx->buf_off+= md->digest->md_size;
 	if(ret == 1)
@@ -537,7 +537,7 @@ static void block_out(BIO* b)
 	memcpy(ctx->buf, &tl, OK_BLOCK_BLOCK);
 	tl= swapem(tl);
 	EVP_DigestUpdate(md, (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl);
-	EVP_DigestFinal(md, &(ctx->buf[ctx->buf_len]), NULL);
+	EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL);
 	ctx->buf_len+= md->digest->md_size;
 	ctx->blockout= 1;
 	}
@@ -557,7 +557,7 @@ static void block_in(BIO* b)
 	if (ctx->buf_len < tl+ OK_BLOCK_BLOCK+ md->digest->md_size) return;
  
 	EVP_DigestUpdate(md, (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl);
-	EVP_DigestFinal(md, tmp, NULL);
+	EVP_DigestFinal_ex(md, tmp, NULL);
 	if(memcmp(&(ctx->buf[tl+ OK_BLOCK_BLOCK]), tmp, md->digest->md_size) == 0)
 		{
 		/* there might be parts from next block lurking around ! */

crypto/evp/digest.c

@@ -131,6 +131,7 @@ EVP_MD_CTX *EVP_MD_CTX_create(void)
 
 int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type)
 	{
+	EVP_MD_CTX_init(ctx);
 	return EVP_DigestInit_ex(ctx, type, NULL);
 	}
 
@@ -199,6 +200,15 @@ int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data,
 
 /* The caller can assume that this removes any secret data from the context */
 int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
+	{
+	int ret;
+	ret = EVP_DigestFinal_ex(ctx, md, size);
+	EVP_MD_CTX_cleanup(ctx);
+	return ret;
+	}
+
+/* The caller can assume that this removes any secret data from the context */
+int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
 	{
 	int ret;
 	ret=ctx->digest->final(ctx,md);
@@ -214,6 +224,12 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
 	}
 
 int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
+	{
+	EVP_MD_CTX_init(out);
+	return EVP_MD_CTX_copy_ex(out, in);
+	}
+
+int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
 	{
 	if ((in == NULL) || (in->digest == NULL))
 		{
@@ -243,16 +259,16 @@ int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
 	}
 
 int EVP_Digest(void *data, unsigned int count,
-		unsigned char *md, unsigned int *size, const EVP_MD *type)
+		unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl)
 	{
 	EVP_MD_CTX ctx;
 	int ret;
 
 	EVP_MD_CTX_init(&ctx);
 	EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_ONESHOT);
-	ret=EVP_DigestInit(&ctx, type)
+	ret=EVP_DigestInit_ex(&ctx, type, impl)
 	  && EVP_DigestUpdate(&ctx, data, count)
-	  && EVP_DigestFinal(&ctx, md, size);
+	  && EVP_DigestFinal_ex(&ctx, md, size);
 	EVP_MD_CTX_cleanup(&ctx);
 
 	return ret;

crypto/evp/evp.h

@@ -425,8 +425,10 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
 #define EVP_ENCODE_LENGTH(l)	(((l+2)/3*4)+(l/48+1)*2+80)
 #define EVP_DECODE_LENGTH(l)	((l+3)/4*3+80)
 
+#define EVP_SignInit_ex(a,b,c)		EVP_DigestInit_ex(a,b,c)
 #define EVP_SignInit(a,b)		EVP_DigestInit(a,b)
 #define EVP_SignUpdate(a,b,c)		EVP_DigestUpdate(a,b,c)
+#define	EVP_VerifyInit_ex(a,b,c)	EVP_DigestInit_ex(a,b,c)
 #define	EVP_VerifyInit(a,b)		EVP_DigestInit(a,b)
 #define	EVP_VerifyUpdate(a,b,c)		EVP_DigestUpdate(a,b,c)
 #define EVP_OpenUpdate(a,b,c,d,e)	EVP_DecryptUpdate(a,b,c,d,e)
@@ -457,17 +459,20 @@ void	EVP_MD_CTX_init(EVP_MD_CTX *ctx);
 int	EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);
 EVP_MD_CTX *EVP_MD_CTX_create(void);
 void	EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
-int     EVP_MD_CTX_copy(EVP_MD_CTX *out,const EVP_MD_CTX *in);  
+int     EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in);  
 #define EVP_MD_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs))
 #define EVP_MD_CTX_clear_flags(ctx,flgs) ((ctx)->flags&=~(flgs))
 #define EVP_MD_CTX_test_flags(ctx,flgs) ((ctx)->flags&(flgs))
-int	EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
 int	EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
 int	EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d,
 			 unsigned int cnt);
-int	EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
+int	EVP_DigestFinal_ex(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
 int	EVP_Digest(void *data, unsigned int count,
-		unsigned char *md, unsigned int *size, const EVP_MD *type);
+		unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl);
+
+int     EVP_MD_CTX_copy(EVP_MD_CTX *out,const EVP_MD_CTX *in);  
+int	EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
+int	EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
 
 int	EVP_read_pw_string(char *buf,int length,const char *prompt,int verify);
 void	EVP_set_pw_prompt(char *prompt);

crypto/evp/evp_key.c

@@ -121,19 +121,19 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
 	EVP_MD_CTX_init(&c);
 	for (;;)
 		{
-		EVP_DigestInit(&c,md);
+		EVP_DigestInit_ex(&c,md, NULL);
 		if (addmd++)
 			EVP_DigestUpdate(&c,&(md_buf[0]),mds);
 		EVP_DigestUpdate(&c,data,datal);
 		if (salt != NULL)
 			EVP_DigestUpdate(&c,salt,PKCS5_SALT_LEN);
-		EVP_DigestFinal(&c,&(md_buf[0]),&mds);
+		EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds);
 
 		for (i=1; i<(unsigned int)count; i++)
 			{
-			EVP_DigestInit(&c,md);
+			EVP_DigestInit_ex(&c,md, NULL);
 			EVP_DigestUpdate(&c,&(md_buf[0]),mds);
-			EVP_DigestFinal(&c,&(md_buf[0]),&mds);
+			EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds);
 			}
 		i=0;
 		if (nkey)

crypto/evp/evp_test.c

@@ -245,7 +245,7 @@ static int test_digest(const char *digest,
     hexdump(stdout,"Digest",ciphertext,cn);
 
     EVP_MD_CTX_init(&ctx);
-    if(!EVP_DigestInit(&ctx,d))
+    if(!EVP_DigestInit_ex(&ctx,d, NULL))
 	{
 	fprintf(stderr,"DigestInit failed\n");
 	exit(100);
@@ -255,7 +255,7 @@ static int test_digest(const char *digest,
 	fprintf(stderr,"DigestUpdate failed\n");
 	exit(101);
 	}
-    if(!EVP_DigestFinal(&ctx,md,&mdn))
+    if(!EVP_DigestFinal_ex(&ctx,md,&mdn))
 	{
 	fprintf(stderr,"DigestFinal failed\n");
 	exit(101);

crypto/evp/p5_crpt.c

@@ -129,19 +129,19 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
 	else if(passlen == -1) passlen = strlen(pass);
 
 	EVP_MD_CTX_init(&ctx);
-	EVP_DigestInit (&ctx, md);
-	EVP_DigestUpdate (&ctx, pass, passlen);
-	EVP_DigestUpdate (&ctx, salt, saltlen);
+	EVP_DigestInit_ex(&ctx, md, NULL);
+	EVP_DigestUpdate(&ctx, pass, passlen);
+	EVP_DigestUpdate(&ctx, salt, saltlen);
 	PBEPARAM_free(pbe);
-	EVP_DigestFinal (&ctx, md_tmp, NULL);
+	EVP_DigestFinal_ex(&ctx, md_tmp, NULL);
 	for (i = 1; i < iter; i++) {
-		EVP_DigestInit(&ctx, md);
+		EVP_DigestInit_ex(&ctx, md, NULL);
 		EVP_DigestUpdate(&ctx, md_tmp, EVP_MD_size(md));
-		EVP_DigestFinal (&ctx, md_tmp, NULL);
+		EVP_DigestFinal_ex (&ctx, md_tmp, NULL);
 	}
 	EVP_MD_CTX_cleanup(&ctx);
-	memcpy (key, md_tmp, EVP_CIPHER_key_length(cipher));
-	memcpy (iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
+	memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher));
+	memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
 						 EVP_CIPHER_iv_length(cipher));
 	EVP_CipherInit(cctx, cipher, key, iv, en_de);
 	memset(md_tmp, 0, EVP_MAX_MD_SIZE);

crypto/evp/p_sign.c

@@ -65,7 +65,7 @@
 #ifdef undef
 void EVP_SignInit(EVP_MD_CTX *ctx, EVP_MD *type)
 	{
-	EVP_DigestInit(ctx,type);
+	EVP_DigestInit_ex(ctx,type);
 	}
 
 void EVP_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data,
@@ -85,8 +85,8 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen,
 
 	*siglen=0;
 	EVP_MD_CTX_init(&tmp_ctx);
-	EVP_MD_CTX_copy(&tmp_ctx,ctx);   
-	EVP_DigestFinal(&tmp_ctx,&(m[0]),&m_len);
+	EVP_MD_CTX_copy_ex(&tmp_ctx,ctx);   
+	EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len);
 	EVP_MD_CTX_cleanup(&tmp_ctx);
 	for (i=0; i<4; i++)
 		{

crypto/evp/p_verify.c

@@ -86,8 +86,8 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, unsigned char *sigbuf,
 		return(-1);
 		}
 	EVP_MD_CTX_init(&tmp_ctx);
-	EVP_MD_CTX_copy(&tmp_ctx,ctx);     
-	EVP_DigestFinal(&tmp_ctx,&(m[0]),&m_len);
+	EVP_MD_CTX_copy_ex(&tmp_ctx,ctx);     
+	EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len);
 	EVP_MD_CTX_cleanup(&tmp_ctx);
         if (ctx->digest->verify == NULL)
                 {

crypto/hmac/hmac.c

@@ -80,9 +80,9 @@ void HMAC_Init(HMAC_CTX *ctx, const void *key, int len,
 		j=EVP_MD_block_size(md);
 		if (j < len)
 			{
-			EVP_DigestInit(&ctx->md_ctx,md);
+			EVP_DigestInit_ex(&ctx->md_ctx,md, NULL);
 			EVP_DigestUpdate(&ctx->md_ctx,key,len);
-			EVP_DigestFinal(&(ctx->md_ctx),ctx->key,
+			EVP_DigestFinal_ex(&(ctx->md_ctx),ctx->key,
 				&ctx->key_length);
 			}
 		else
@@ -99,15 +99,15 @@ void HMAC_Init(HMAC_CTX *ctx, const void *key, int len,
 		{
 		for (i=0; i<HMAC_MAX_MD_CBLOCK; i++)
 			pad[i]=0x36^ctx->key[i];
-		EVP_DigestInit(&ctx->i_ctx,md);
+		EVP_DigestInit_ex(&ctx->i_ctx,md, NULL);
 		EVP_DigestUpdate(&ctx->i_ctx,pad,EVP_MD_block_size(md));
 
 		for (i=0; i<HMAC_MAX_MD_CBLOCK; i++)
 			pad[i]=0x5c^ctx->key[i];
-		EVP_DigestInit(&ctx->o_ctx,md);
+		EVP_DigestInit_ex(&ctx->o_ctx,md, NULL);
 		EVP_DigestUpdate(&ctx->o_ctx,pad,EVP_MD_block_size(md));
 		}
-	EVP_MD_CTX_copy(&ctx->md_ctx,&ctx->i_ctx);
+	EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->i_ctx);
 	}
 
 void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len)
@@ -123,10 +123,10 @@ void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
 
 	j=EVP_MD_block_size(ctx->md);
 
-	EVP_DigestFinal(&ctx->md_ctx,buf,&i);
-	EVP_MD_CTX_copy(&ctx->md_ctx,&ctx->o_ctx);
+	EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i);
+	EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->o_ctx);
 	EVP_DigestUpdate(&ctx->md_ctx,buf,i);
-	EVP_DigestFinal(&ctx->md_ctx,md,len);
+	EVP_DigestFinal_ex(&ctx->md_ctx,md,len);
 	}
 
 void HMAC_CTX_init(HMAC_CTX *ctx)

crypto/md2/md2test.c

@@ -108,7 +108,7 @@ int main(int argc, char *argv[])
 	i=1;
 	while (*P != NULL)
 		{
-		EVP_Digest((unsigned char *)*P,(unsigned long)strlen(*P),md,NULL,EVP_md2());
+		EVP_Digest((unsigned char *)*P,(unsigned long)strlen(*P),md,NULL,EVP_md2(), NULL);
 		p=pt(md);
 		if (strcmp(p,*R) != 0)
 			{

crypto/md4/md4test.c

@@ -104,7 +104,7 @@ int main(int argc, char *argv[])
 	i=1;
 	while (*P != NULL)
 		{
-		EVP_Digest(&(P[0][0]),(unsigned long)strlen((char *)*P),md,NULL,EVP_md4());
+		EVP_Digest(&(P[0][0]),(unsigned long)strlen((char *)*P),md,NULL,EVP_md4(), NULL);
 		p=pt(md);
 		if (strcmp(p,(char *)*R) != 0)
 			{

crypto/md5/md5test.c

@@ -104,7 +104,7 @@ int main(int argc, char *argv[])
 	i=1;
 	while (*P != NULL)
 		{
-		EVP_Digest(&(P[0][0]),(unsigned long)strlen((char *)*P),md,NULL,EVP_md5());
+		EVP_Digest(&(P[0][0]),(unsigned long)strlen((char *)*P),md,NULL,EVP_md5(), NULL);
 		p=pt(md);
 		if (strcmp(p,(char *)*R) != 0)
 			{

crypto/mdc2/mdc2test.c

@@ -101,9 +101,9 @@ int main(int argc, char *argv[])
 #endif
 
 	EVP_MD_CTX_init(&c);
-	EVP_DigestInit(&c,EVP_mdc2());
+	EVP_DigestInit_ex(&c,EVP_mdc2(), NULL);
 	EVP_DigestUpdate(&c,(unsigned char *)text,strlen(text));
-	EVP_DigestFinal(&c,&(md[0]),NULL);
+	EVP_DigestFinal_ex(&c,&(md[0]),NULL);
 
 	if (memcmp(md,pad1,MDC2_DIGEST_LENGTH) != 0)
 		{
@@ -118,11 +118,11 @@ int main(int argc, char *argv[])
 	else
 		printf("pad1 - ok\n");
 
-	EVP_DigestInit(&c,EVP_mdc2());
+	EVP_DigestInit_ex(&c,EVP_mdc2(), NULL);
 	/* FIXME: use a ctl function? */
 	((MDC2_CTX *)c.md_data)->pad_type=2;
 	EVP_DigestUpdate(&c,(unsigned char *)text,strlen(text));
-	EVP_DigestFinal(&c,&(md[0]),NULL);
+	EVP_DigestFinal_ex(&c,&(md[0]),NULL);
 
 	if (memcmp(md,pad2,MDC2_DIGEST_LENGTH) != 0)
 		{

crypto/ocsp/ocsp_lib.c

@@ -123,7 +123,7 @@ OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
 	if (!(ASN1_OCTET_STRING_set(cid->issuerNameHash, md, i))) goto err;
 
 	/* Calculate the issuerKey hash, excluding tag and length */
-	EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst);
+	EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst, NULL);
 
 	if (!(ASN1_OCTET_STRING_set(cid->issuerKeyHash, md, i))) goto err;
 

crypto/pem/pem_sign.c

@@ -66,7 +66,7 @@
 
 void PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type)
 	{
-	EVP_DigestInit(ctx,type);
+	EVP_DigestInit_ex(ctx, type, NULL);
 	}
 
 void PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data,

crypto/pkcs12/p12_key.c

@@ -148,14 +148,14 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
 	for (i = 0; i < Slen; i++) *p++ = salt[i % saltlen];
 	for (i = 0; i < Plen; i++) *p++ = pass[i % passlen];
 	for (;;) {
-		EVP_DigestInit (&ctx, md_type);
-		EVP_DigestUpdate (&ctx, D, v);
-		EVP_DigestUpdate (&ctx, I, Ilen);
-		EVP_DigestFinal (&ctx, Ai, NULL);
+		EVP_DigestInit_ex(&ctx, md_type, NULL);
+		EVP_DigestUpdate(&ctx, D, v);
+		EVP_DigestUpdate(&ctx, I, Ilen);
+		EVP_DigestFinal_ex(&ctx, Ai, NULL);
 		for (j = 1; j < iter; j++) {
-			EVP_DigestInit (&ctx, md_type);
-			EVP_DigestUpdate (&ctx, Ai, u);
-			EVP_DigestFinal (&ctx, Ai, NULL);
+			EVP_DigestInit_ex(&ctx, md_type, NULL);
+			EVP_DigestUpdate(&ctx, Ai, u);
+			EVP_DigestFinal_ex(&ctx, Ai, NULL);
 		}
 		memcpy (out, Ai, min (n, u));
 		if (u >= n) {

crypto/pkcs7/pk7_doit.c

@@ -538,7 +538,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
 			/* We now have the EVP_MD_CTX, lets do the
 			 * signing. */
 			EVP_MD_CTX_init(&ctx_tmp);
-			EVP_MD_CTX_copy(&ctx_tmp,mdc);
+			EVP_MD_CTX_copy_ex(&ctx_tmp,mdc);
 			if (!BUF_MEM_grow(buf,EVP_PKEY_size(si->pkey)))
 				{
 				PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_BIO_LIB);
@@ -565,7 +565,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
 
 				/* Add digest */
 				md_tmp=EVP_MD_CTX_md(&ctx_tmp);
-				EVP_DigestFinal(&ctx_tmp,md_data,&md_len);
+				EVP_DigestFinal_ex(&ctx_tmp,md_data,&md_len);
 				digest=M_ASN1_OCTET_STRING_new();
 				M_ASN1_OCTET_STRING_set(digest,md_data,md_len);
 				PKCS7_add_signed_attribute(si,
@@ -573,7 +573,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
 					V_ASN1_OCTET_STRING,digest);
 
 				/* Now sign the attributes */
-				EVP_SignInit(&ctx_tmp,md_tmp);
+				EVP_SignInit_ex(&ctx_tmp,md_tmp,NULL);
 				alen = ASN1_item_i2d((ASN1_VALUE *)sk,&abuf,
 							ASN1_ITEM_rptr(PKCS7_ATTR_SIGN));
 				if(!abuf) goto err;
@@ -729,7 +729,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
 
 	/* mdc is the digest ctx that we want, unless there are attributes,
 	 * in which case the digest is the signed attributes */
-	EVP_MD_CTX_copy(&mdc_tmp,mdc);
+	EVP_MD_CTX_copy_ex(&mdc_tmp,mdc);
 
 	sk=si->auth_attr;
 	if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0))
@@ -738,7 +738,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
                 unsigned int md_len, alen;
 		ASN1_OCTET_STRING *message_digest;
 
-		EVP_DigestFinal(&mdc_tmp,md_dat,&md_len);
+		EVP_DigestFinal_ex(&mdc_tmp,md_dat,&md_len);
 		message_digest=PKCS7_digest_from_attributes(sk);
 		if (!message_digest)
 			{
@@ -763,7 +763,7 @@ for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc\n");
 			goto err;
 			}
 
-		EVP_VerifyInit(&mdc_tmp,EVP_get_digestbynid(md_type));
+		EVP_VerifyInit_ex(&mdc_tmp,EVP_get_digestbynid(md_type), NULL);
 
 		alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf,
 						ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY));

crypto/rand/rand_lcl.h

@@ -131,26 +131,26 @@
 
 #include <openssl/evp.h>
 #define MD_Update(a,b,c)	EVP_DigestUpdate(a,b,c)
-#define	MD_Final(a,b)		EVP_DigestFinal(a,b,NULL)
+#define	MD_Final(a,b)		EVP_DigestFinal_ex(a,b,NULL)
 #if defined(USE_MD5_RAND)
 #include <openssl/md5.h>
 #define MD_DIGEST_LENGTH	MD5_DIGEST_LENGTH
-#define MD_Init(a)		EVP_DigestInit(a,EVP_md5())
+#define MD_Init(a)		EVP_DigestInit_ex(a,EVP_md5(), NULL)
 #define	MD(a,b,c)		EVP_Digest(a,b,c,NULL,EVP_md5())
 #elif defined(USE_SHA1_RAND)
 #include <openssl/sha.h>
 #define MD_DIGEST_LENGTH	SHA_DIGEST_LENGTH
-#define MD_Init(a)		EVP_DigestInit(a,EVP_sha1())
+#define MD_Init(a)		EVP_DigestInit_ex(a,EVP_sha1(), NULL)
 #define	MD(a,b,c)		EVP_Digest(a,b,c,NULL,EVP_sha1())
 #elif defined(USE_MDC2_RAND)
 #include <openssl/mdc2.h>
 #define MD_DIGEST_LENGTH	MDC2_DIGEST_LENGTH
-#define MD_Init(a)		EVP_DigestInit(a,EVP_mdc2())
+#define MD_Init(a)		EVP_DigestInit_ex(a,EVP_mdc2(), NULL)
 #define	MD(a,b,c)		EVP_Digest(a,b,c,NULL,EVP_mdc2())
 #elif defined(USE_MD2_RAND)
 #include <openssl/md2.h>
 #define MD_DIGEST_LENGTH	MD2_DIGEST_LENGTH
-#define MD_Init(a)		EVP_DigestInit(a,EVP_md2())
+#define MD_Init(a)		EVP_DigestInit_ex(a,EVP_md2(), NULL)
 #define	MD(a,b,c)		EVP_Digest(a,b,c,NULL,EVP_md2())
 #endif
 

crypto/ripemd/rmdtest.c

@@ -113,7 +113,7 @@ int main(int argc, char *argv[])
 #ifdef CHARSET_EBCDIC
 		ebcdic2ascii((char *)*P, (char *)*P, strlen((char *)*P));
 #endif
-		EVP_Digest(&(P[0][0]),(unsigned long)strlen((char *)*P),md,NULL,EVP_ripemd160());
+		EVP_Digest(&(P[0][0]),(unsigned long)strlen((char *)*P),md,NULL,EVP_ripemd160(), NULL);
 		p=pt(md);
 		if (strcmp(p,(char *)*R) != 0)
 			{

crypto/rsa/rsa_oaep.c

@@ -63,7 +63,7 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
 	seed = to + 1;
 	db = to + SHA_DIGEST_LENGTH + 1;
 
-	EVP_Digest((void *)param, plen, db, NULL, EVP_sha1());
+	EVP_Digest((void *)param, plen, db, NULL, EVP_sha1(), NULL);
 	memset(db + SHA_DIGEST_LENGTH, 0,
 		emlen - flen - 2 * SHA_DIGEST_LENGTH - 1);
 	db[emlen - flen - SHA_DIGEST_LENGTH - 1] = 0x01;
@@ -134,7 +134,7 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
 	for (i = 0; i < dblen; i++)
 		db[i] ^= maskeddb[i];
 
-	EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1());
+	EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL);
 
 	if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad)
 		goto decoding_err;
@@ -185,17 +185,17 @@ int MGF1(unsigned char *mask, long len,
 		cnt[1] = (unsigned char)((i >> 16) & 255);
 		cnt[2] = (unsigned char)((i >> 8)) & 255;
 		cnt[3] = (unsigned char)(i & 255);
-		EVP_DigestInit(&c,EVP_sha1());
+		EVP_DigestInit_ex(&c,EVP_sha1(), NULL);
 		EVP_DigestUpdate(&c, seed, seedlen);
 		EVP_DigestUpdate(&c, cnt, 4);
 		if (outlen + SHA_DIGEST_LENGTH <= len)
 			{
-			EVP_DigestFinal(&c, mask + outlen, NULL);
+			EVP_DigestFinal_ex(&c, mask + outlen, NULL);
 			outlen += SHA_DIGEST_LENGTH;
 			}
 		else
 			{
-			EVP_DigestFinal(&c, md, NULL);
+			EVP_DigestFinal_ex(&c, md, NULL);
 			memcpy(mask + outlen, md, len - outlen);
 			outlen = len;
 			}

crypto/sha/sha1test.c

@@ -121,7 +121,7 @@ int main(int argc, char *argv[])
 	i=1;
 	while (*P != NULL)
 		{
-		EVP_Digest(*P,(unsigned long)strlen((char *)*P),md,NULL,EVP_sha1());
+		EVP_Digest(*P,(unsigned long)strlen((char *)*P),md,NULL,EVP_sha1(), NULL);
 		p=pt(md);
 		if (strcmp(p,(char *)*R) != 0)
 			{
@@ -140,10 +140,10 @@ int main(int argc, char *argv[])
 #ifdef CHARSET_EBCDIC
 	ebcdic2ascii(buf, buf, 1000);
 #endif /*CHARSET_EBCDIC*/
-	EVP_DigestInit(&c,EVP_sha1());
+	EVP_DigestInit_ex(&c,EVP_sha1(), NULL);
 	for (i=0; i<1000; i++)
 		EVP_DigestUpdate(&c,buf,1000);
-	EVP_DigestFinal(&c,md,NULL);
+	EVP_DigestFinal_ex(&c,md,NULL);
 	p=pt(md);
 
 	r=bigret;

crypto/sha/shatest.c

@@ -121,7 +121,7 @@ int main(int argc, char *argv[])
 	i=1;
 	while (*P != NULL)
 		{
-		EVP_Digest(*P,(unsigned long)strlen((char *)*P),md,NULL,EVP_sha());
+		EVP_Digest(*P,(unsigned long)strlen((char *)*P),md,NULL,EVP_sha(), NULL);
 		p=pt(md);
 		if (strcmp(p,(char *)*R) != 0)
 			{
@@ -140,10 +140,10 @@ int main(int argc, char *argv[])
 #ifdef CHARSET_EBCDIC
 	ebcdic2ascii(buf, buf, 1000);
 #endif /*CHARSET_EBCDIC*/
-	EVP_DigestInit(&c,EVP_sha());
+	EVP_DigestInit_ex(&c,EVP_sha(), NULL);
 	for (i=0; i<1000; i++)
 		EVP_DigestUpdate(&c,buf,1000);
-	EVP_DigestFinal(&c,md,NULL);
+	EVP_DigestFinal_ex(&c,md,NULL);
 	p=pt(md);
 
 	r=bigret;

crypto/x509/x509_cmp.c

@@ -86,11 +86,11 @@ unsigned long X509_issuer_and_serial_hash(X509 *a)
 	EVP_MD_CTX_init(&ctx);
 	X509_NAME_oneline(a->cert_info->issuer,str,256);
 	ret=strlen(str);
-	EVP_DigestInit(&ctx,EVP_md5());
+	EVP_DigestInit_ex(&ctx, EVP_md5(), NULL);
 	EVP_DigestUpdate(&ctx,(unsigned char *)str,ret);
 	EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data,
 		(unsigned long)a->cert_info->serialNumber->length);
-	EVP_DigestFinal(&ctx,&(md[0]),NULL);
+	EVP_DigestFinal_ex(&ctx,&(md[0]),NULL);
 	ret=(	((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
 		((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
 		)&0xffffffffL;
@@ -204,7 +204,7 @@ unsigned long X509_NAME_hash(X509_NAME *x)
 
 	/* Make sure X509_NAME structure contains valid cached encoding */
 	i2d_X509_NAME(x,NULL);
-	EVP_Digest(x->bytes->data, x->bytes->length, md, NULL, EVP_md5());
+	EVP_Digest(x->bytes->data, x->bytes->length, md, NULL, EVP_md5(), NULL);
 
 	ret=(	((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
 		((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)

crypto/x509/x_all.c

@@ -331,7 +331,7 @@ int X509_pubkey_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
 	ASN1_BIT_STRING *key;
 	key = X509_get0_pubkey_bitstr(data);
 	if(!key) return 0;
-	return EVP_Digest(key->data, key->length, md, len, type);
+	return EVP_Digest(key->data, key->length, md, len, type, NULL);
 	}
 
 int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,

crypto/x509v3/v3_skey.c

@@ -129,7 +129,7 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
 		goto err;
 	}
 
-	EVP_Digest(pk->data, pk->length, pkey_dig, &diglen, EVP_sha1());
+	EVP_Digest(pk->data, pk->length, pkey_dig, &diglen, EVP_sha1(), NULL);
 
 	if(!M_ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) {
 		X509V3err(X509V3_F_S2I_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE);

ssl/s2_clnt.c

@@ -767,7 +767,7 @@ static int client_certificate(SSL *s)
 		 * do it first so we can reuse buf :-) */
 		p=buf;
 		EVP_MD_CTX_init(&ctx);
-		EVP_SignInit(&ctx,s->ctx->rsa_md5);
+		EVP_SignInit_ex(&ctx,s->ctx->rsa_md5, NULL);
 		EVP_SignUpdate(&ctx,s->s2->key_material,
 			(unsigned int)s->s2->key_material_length);
 		EVP_SignUpdate(&ctx,cert_ch,(unsigned int)cert_ch_len);

ssl/s2_enc.c

@@ -170,13 +170,13 @@ void ssl2_mac(SSL *s, unsigned char *md, int send)
 
 	/* There has to be a MAC algorithm. */
 	EVP_MD_CTX_init(&c);
-	EVP_DigestInit(&c,s->read_hash);
+	EVP_DigestInit_ex(&c, s->read_hash, NULL);
 	EVP_DigestUpdate(&c,sec,
 		EVP_CIPHER_CTX_key_length(s->enc_read_ctx));
 	EVP_DigestUpdate(&c,act,len); 
 	/* the above line also does the pad data */
 	EVP_DigestUpdate(&c,sequence,4); 
-	EVP_DigestFinal(&c,md,NULL);
+	EVP_DigestFinal_ex(&c,md,NULL);
 	EVP_MD_CTX_cleanup(&c);
 	}
 #else /* !OPENSSL_NO_SSL2 */

ssl/s2_lib.c

@@ -428,14 +428,14 @@ void ssl2_generate_key_material(SSL *s)
 	km=s->s2->key_material;
 	for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH)
 		{
-		EVP_DigestInit(&ctx,EVP_md5());
+		EVP_DigestInit_ex(&ctx,EVP_md5(), NULL);
 
 		EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length);
 		EVP_DigestUpdate(&ctx,&c,1);
 		c++;
 		EVP_DigestUpdate(&ctx,s->s2->challenge,s->s2->challenge_length);
 		EVP_DigestUpdate(&ctx,s->s2->conn_id,s->s2->conn_id_length);
-		EVP_DigestFinal(&ctx,km,NULL);
+		EVP_DigestFinal_ex(&ctx,km,NULL);
 		km+=MD5_DIGEST_LENGTH;
 		}
 	EVP_MD_CTX_cleanup(&ctx);

ssl/s2_srvr.c

@@ -911,7 +911,7 @@ static int request_certificate(SSL *s)
 		EVP_PKEY *pkey=NULL;
 
 		EVP_MD_CTX_init(&ctx);
-		EVP_VerifyInit(&ctx,s->ctx->rsa_md5);
+		EVP_VerifyInit_ex(&ctx,s->ctx->rsa_md5, NULL);
 		EVP_VerifyUpdate(&ctx,s->s2->key_material,
 			(unsigned int)s->s2->key_material_length);
 		EVP_VerifyUpdate(&ctx,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);

ssl/s3_clnt.c

@@ -1089,12 +1089,12 @@ static int ssl3_get_key_exchange(SSL *s)
 			q=md_buf;
 			for (num=2; num > 0; num--)
 				{
-				EVP_DigestInit(&md_ctx,(num == 2)
-					?s->ctx->md5:s->ctx->sha1);
+				EVP_DigestInit_ex(&md_ctx,(num == 2)
+					?s->ctx->md5:s->ctx->sha1, NULL);
 				EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
 				EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
 				EVP_DigestUpdate(&md_ctx,param,param_len);
-				EVP_DigestFinal(&md_ctx,q,(unsigned int *)&i);
+				EVP_DigestFinal_ex(&md_ctx,q,(unsigned int *)&i);
 				q+=i;
 				j+=i;
 				}
@@ -1120,7 +1120,7 @@ static int ssl3_get_key_exchange(SSL *s)
 			if (pkey->type == EVP_PKEY_DSA)
 			{
 			/* lets do DSS */
-			EVP_VerifyInit(&md_ctx,EVP_dss1());
+			EVP_VerifyInit_ex(&md_ctx,EVP_dss1(), NULL);
 			EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
 			EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
 			EVP_VerifyUpdate(&md_ctx,param,param_len);

ssl/s3_enc.c

@@ -107,25 +107,25 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
 		for (j=0; j<k; j++)
 			buf[j]=c;
 		c++;
-		EVP_DigestInit(&s1,EVP_sha1());
+		EVP_DigestInit_ex(&s1,EVP_sha1(), NULL);
 		EVP_DigestUpdate(&s1,buf,k);
 		EVP_DigestUpdate(&s1,s->session->master_key,
 			s->session->master_key_length);
 		EVP_DigestUpdate(&s1,s->s3->server_random,SSL3_RANDOM_SIZE);
 		EVP_DigestUpdate(&s1,s->s3->client_random,SSL3_RANDOM_SIZE);
-		EVP_DigestFinal(&s1,smd,NULL);
+		EVP_DigestFinal_ex(&s1,smd,NULL);
 
-		EVP_DigestInit(&m5,EVP_md5());
+		EVP_DigestInit_ex(&m5,EVP_md5(), NULL);
 		EVP_DigestUpdate(&m5,s->session->master_key,
 			s->session->master_key_length);
 		EVP_DigestUpdate(&m5,smd,SHA_DIGEST_LENGTH);
 		if ((i+MD5_DIGEST_LENGTH) > num)
 			{
-			EVP_DigestFinal(&m5,smd,NULL);
+			EVP_DigestFinal_ex(&m5,smd,NULL);
 			memcpy(km,smd,(num-i));
 			}
 		else
-			EVP_DigestFinal(&m5,km,NULL);
+			EVP_DigestFinal_ex(&m5,km,NULL);
 
 		km+=MD5_DIGEST_LENGTH;
 		}
@@ -256,19 +256,19 @@ int ssl3_change_cipher_state(SSL *s, int which)
 		/* In here I set both the read and write key/iv to the
 		 * same value since only the correct one will be used :-).
 		 */
-		EVP_DigestInit(&md,EVP_md5());
+		EVP_DigestInit_ex(&md,EVP_md5(), NULL);
 		EVP_DigestUpdate(&md,key,j);
 		EVP_DigestUpdate(&md,er1,SSL3_RANDOM_SIZE);
 		EVP_DigestUpdate(&md,er2,SSL3_RANDOM_SIZE);
-		EVP_DigestFinal(&md,&(exp_key[0]),NULL);
+		EVP_DigestFinal_ex(&md,&(exp_key[0]),NULL);
 		key= &(exp_key[0]);
 
 		if (k > 0)
 			{
-			EVP_DigestInit(&md,EVP_md5());
+			EVP_DigestInit_ex(&md,EVP_md5(), NULL);
 			EVP_DigestUpdate(&md,er1,SSL3_RANDOM_SIZE);
 			EVP_DigestUpdate(&md,er2,SSL3_RANDOM_SIZE);
-			EVP_DigestFinal(&md,&(exp_iv[0]),NULL);
+			EVP_DigestFinal_ex(&md,&(exp_iv[0]),NULL);
 			iv= &(exp_iv[0]);
 			}
 		}
@@ -421,8 +421,8 @@ int ssl3_enc(SSL *s, int send)
 
 void ssl3_init_finished_mac(SSL *s)
 	{
-	EVP_DigestInit(&(s->s3->finish_dgst1),s->ctx->md5);
-	EVP_DigestInit(&(s->s3->finish_dgst2),s->ctx->sha1);
+	EVP_DigestInit_ex(&(s->s3->finish_dgst1),s->ctx->md5, NULL);
+	EVP_DigestInit_ex(&(s->s3->finish_dgst2),s->ctx->sha1, NULL);
 	}
 
 void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len)
@@ -457,7 +457,7 @@ static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx,
 	EVP_MD_CTX ctx;
 
 	EVP_MD_CTX_init(&ctx);
-	EVP_MD_CTX_copy(&ctx,in_ctx);
+	EVP_MD_CTX_copy_ex(&ctx,in_ctx);
 
 	n=EVP_MD_CTX_size(&ctx);
 	npad=(48/n)*n;
@@ -467,14 +467,14 @@ static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx,
 	EVP_DigestUpdate(&ctx,s->session->master_key,
 		s->session->master_key_length);
 	EVP_DigestUpdate(&ctx,ssl3_pad_1,npad);
-	EVP_DigestFinal(&ctx,md_buf,&i);
+	EVP_DigestFinal_ex(&ctx,md_buf,&i);
 
-	EVP_DigestInit(&ctx,EVP_MD_CTX_md(&ctx));
+	EVP_DigestInit_ex(&ctx,EVP_MD_CTX_md(&ctx), NULL);
 	EVP_DigestUpdate(&ctx,s->session->master_key,
 		s->session->master_key_length);
 	EVP_DigestUpdate(&ctx,ssl3_pad_2,npad);
 	EVP_DigestUpdate(&ctx,md_buf,i);
-	EVP_DigestFinal(&ctx,p,&ret);
+	EVP_DigestFinal_ex(&ctx,p,&ret);
 
 	EVP_MD_CTX_cleanup(&ctx);
 
@@ -512,7 +512,7 @@ int ssl3_mac(SSL *ssl, unsigned char *md, int send)
 	/* Chop the digest off the end :-) */
 	EVP_MD_CTX_init(&md_ctx);
 
-	EVP_DigestInit(  &md_ctx,hash);
+	EVP_DigestInit_ex(  &md_ctx,hash, NULL);
 	EVP_DigestUpdate(&md_ctx,mac_sec,md_size);
 	EVP_DigestUpdate(&md_ctx,ssl3_pad_1,npad);
 	EVP_DigestUpdate(&md_ctx,seq,8);
@@ -522,13 +522,13 @@ int ssl3_mac(SSL *ssl, unsigned char *md, int send)
 	s2n(rec->length,p);
 	EVP_DigestUpdate(&md_ctx,md,2);
 	EVP_DigestUpdate(&md_ctx,rec->input,rec->length);
-	EVP_DigestFinal( &md_ctx,md,NULL);
+	EVP_DigestFinal_ex( &md_ctx,md,NULL);
 
-	EVP_DigestInit(  &md_ctx,hash);
+	EVP_DigestInit_ex(  &md_ctx,hash, NULL);
 	EVP_DigestUpdate(&md_ctx,mac_sec,md_size);
 	EVP_DigestUpdate(&md_ctx,ssl3_pad_2,npad);
 	EVP_DigestUpdate(&md_ctx,md,md_size);
-	EVP_DigestFinal( &md_ctx,md,&md_size);
+	EVP_DigestFinal_ex( &md_ctx,md,&md_size);
 
 	EVP_MD_CTX_cleanup(&md_ctx);
 
@@ -563,19 +563,19 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
 	EVP_MD_CTX_init(&ctx);
 	for (i=0; i<3; i++)
 		{
-		EVP_DigestInit(&ctx,s->ctx->sha1);
+		EVP_DigestInit_ex(&ctx,s->ctx->sha1, NULL);
 		EVP_DigestUpdate(&ctx,salt[i],strlen((const char *)salt[i]));
 		EVP_DigestUpdate(&ctx,p,len);
 		EVP_DigestUpdate(&ctx,&(s->s3->client_random[0]),
 			SSL3_RANDOM_SIZE);
 		EVP_DigestUpdate(&ctx,&(s->s3->server_random[0]),
 			SSL3_RANDOM_SIZE);
-		EVP_DigestFinal(&ctx,buf,&n);
+		EVP_DigestFinal_ex(&ctx,buf,&n);
 
-		EVP_DigestInit(&ctx,s->ctx->md5);
+		EVP_DigestInit_ex(&ctx,s->ctx->md5, NULL);
 		EVP_DigestUpdate(&ctx,p,len);
 		EVP_DigestUpdate(&ctx,buf,n);
-		EVP_DigestFinal(&ctx,out,&n);
+		EVP_DigestFinal_ex(&ctx,out,&n);
 		out+=n;
 		ret+=n;
 		}

ssl/s3_srvr.c

@@ -1174,12 +1174,12 @@ static int ssl3_send_server_key_exchange(SSL *s)
 				j=0;
 				for (num=2; num > 0; num--)
 					{
-					EVP_DigestInit(&md_ctx,(num == 2)
-						?s->ctx->md5:s->ctx->sha1);
+					EVP_DigestInit_ex(&md_ctx,(num == 2)
+						?s->ctx->md5:s->ctx->sha1, NULL);
 					EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
 					EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
 					EVP_DigestUpdate(&md_ctx,&(d[4]),n);
-					EVP_DigestFinal(&md_ctx,q,
+					EVP_DigestFinal_ex(&md_ctx,q,
 						(unsigned int *)&i);
 					q+=i;
 					j+=i;
@@ -1199,7 +1199,7 @@ static int ssl3_send_server_key_exchange(SSL *s)
 				if (pkey->type == EVP_PKEY_DSA)
 				{
 				/* lets do DSS */
-				EVP_SignInit(&md_ctx,EVP_dss1());
+				EVP_SignInit_ex(&md_ctx,EVP_dss1(), NULL);
 				EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
 				EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
 				EVP_SignUpdate(&md_ctx,&(d[4]),n);

ssl/t1_enc.c

@@ -576,8 +576,8 @@ int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in_ctx, unsigned char *out)
 	EVP_MD_CTX ctx;
 
 	EVP_MD_CTX_init(&ctx);
-	EVP_MD_CTX_copy(&ctx,in_ctx);
-	EVP_DigestFinal(&ctx,out,&ret);
+	EVP_MD_CTX_copy_ex(&ctx,in_ctx);
+	EVP_DigestFinal_ex(&ctx,out,&ret);
 	EVP_MD_CTX_cleanup(&ctx);
 	return((int)ret);
 	}
@@ -595,11 +595,11 @@ int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx,
 	q+=slen;
 
 	EVP_MD_CTX_init(&ctx);
-	EVP_MD_CTX_copy(&ctx,in1_ctx);
-	EVP_DigestFinal(&ctx,q,&i);
+	EVP_MD_CTX_copy_ex(&ctx,in1_ctx);
+	EVP_DigestFinal_ex(&ctx,q,&i);
 	q+=i;
-	EVP_MD_CTX_copy(&ctx,in2_ctx);
-	EVP_DigestFinal(&ctx,q,&i);
+	EVP_MD_CTX_copy_ex(&ctx,in2_ctx);
+	EVP_DigestFinal_ex(&ctx,q,&i);
 	q+=i;
 
 	tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(q-buf),