Modify EVP cipher behaviour in a similar way

to digests to retain compatibility.

CHANGES

@@ -12,6 +12,10 @@
          *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7
          +) applies to 0.9.7 only
 
+  +) Modify the behaviour of EVP cipher functions in similar way to digests
+     to retain compatibility with existing code.
+     [Steve Henson]
+
   +) Modify the behaviour of EVP_DigestInit() and EVP_DigestFinal() to retain
      compatibility with existing code. In particular the 'ctx' parameter is
      not assumed to be valid before the call to EVP_DigestInit() and it is tidied

apps/speed.c

@@ -1216,9 +1216,9 @@ int MAIN(int argc, char **argv)
 			print_message(names[D_EVP],save_count,
 						  lengths[j]);
 			if(decrypt)
-				EVP_DecryptInit(&ctx,evp,key16,iv);
+				EVP_DecryptInit_ex(&ctx,evp,NULL,key16,iv);
 			else
-				EVP_EncryptInit(&ctx,evp,key16,iv);
+				EVP_EncryptInit_ex(&ctx,evp,NULL,key16,iv);
 				
 			Time_F(START,usertime);
 			if(decrypt)
@@ -1228,9 +1228,9 @@ int MAIN(int argc, char **argv)
 				for (count=0,run=1; COND(save_count*4*lengths[0]/lengths[j]); count++)
 					EVP_EncryptUpdate(&ctx,buf,&outl,buf,lengths[j]);
 			if(decrypt)
-				EVP_DecryptFinal(&ctx,buf,&outl);
+				EVP_DecryptFinal_ex(&ctx,buf,&outl);
 			else
-				EVP_EncryptFinal(&ctx,buf,&outl);
+				EVP_EncryptFinal_ex(&ctx,buf,&outl);
 			d=Time_F(STOP,usertime);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
 					   count,names[D_EVP],d);

crypto/asn1/n_pkey.c

@@ -207,9 +207,9 @@ int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey)
 	/* Encrypt private key in place */
 	zz = enckey->enckey->digest->data;
 	EVP_CIPHER_CTX_init(&ctx);
-	EVP_EncryptInit(&ctx,EVP_rc4(),key,NULL);
+	EVP_EncryptInit_ex(&ctx,EVP_rc4(),NULL,key,NULL);
 	EVP_EncryptUpdate(&ctx,zz,&i,zz,pkeylen);
-	EVP_EncryptFinal(&ctx,zz + i,&j);
+	EVP_EncryptFinal_ex(&ctx,zz + i,&j);
 	EVP_CIPHER_CTX_cleanup(&ctx);
 
 	ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp);
@@ -293,9 +293,9 @@ static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
 	memset(buf,0,256);
 
 	EVP_CIPHER_CTX_init(&ctx);
-	EVP_DecryptInit(&ctx,EVP_rc4(),key,NULL);
+	EVP_DecryptInit_ex(&ctx,EVP_rc4(),NULL, key,NULL);
 	EVP_DecryptUpdate(&ctx,os->data,&i,os->data,os->length);
-	EVP_DecryptFinal(&ctx,&(os->data[i]),&j);
+	EVP_DecryptFinal_ex(&ctx,&(os->data[i]),&j);
 	EVP_CIPHER_CTX_cleanup(&ctx);
 	os->length=i+j;
 

crypto/asn1/p5_pbev2.c

@@ -117,7 +117,7 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
 		goto err;
 
 	/* Dummy cipherinit to just setup the IV */
-	EVP_CipherInit(&ctx, cipher, NULL, iv, 0);
+	EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0);
 	if(EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {
 		ASN1err(ASN1_F_PKCS5_PBE2_SET,
 					ASN1_R_ERROR_SETTING_CIPHER_PARAMS);

crypto/evp/bio_enc.c

@@ -184,7 +184,7 @@ static int enc_read(BIO *b, char *out, int outl)
 			if (!BIO_should_retry(b->next_bio))
 				{
 				ctx->cont=i;
-				i=EVP_CipherFinal(&(ctx->cipher),
+				i=EVP_CipherFinal_ex(&(ctx->cipher),
 					(unsigned char *)ctx->buf,
 					&(ctx->buf_len));
 				ctx->ok=i;
@@ -298,7 +298,7 @@ static long enc_ctrl(BIO *b, int cmd, long num, void *ptr)
 	case BIO_CTRL_RESET:
 		ctx->ok=1;
 		ctx->finished=0;
-		EVP_CipherInit(&(ctx->cipher),NULL,NULL,NULL,
+		EVP_CipherInit_ex(&(ctx->cipher),NULL,NULL,NULL,NULL,
 			ctx->cipher.encrypt);
 		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
 		break;
@@ -335,7 +335,7 @@ again:
 			{
 			ctx->finished=1;
 			ctx->buf_off=0;
-			ret=EVP_CipherFinal(&(ctx->cipher),
+			ret=EVP_CipherFinal_ex(&(ctx->cipher),
 				(unsigned char *)ctx->buf,
 				&(ctx->buf_len));
 			ctx->ok=(int)ret;
@@ -421,7 +421,7 @@ void BIO_set_cipher(BIO *b, const EVP_CIPHER *c, unsigned char *k,
 
 	b->init=1;
 	ctx=(BIO_ENC_CTX *)b->ptr;
-	EVP_CipherInit(&(ctx->cipher),c,k,i,e);
+	EVP_CipherInit_ex(&(ctx->cipher),c,NULL, k,i,e);
 	
 	if (b->callback != NULL)
 		b->callback(b,BIO_CB_CTRL,(const char *)c,BIO_CTRL_SET,e,1L);

crypto/evp/e_rc2.c

@@ -180,7 +180,7 @@ static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
 		key_bits =rc2_magic_to_meth((int)num);
 		if (!key_bits)
 			return(-1);
-		if(i > 0) EVP_CipherInit(c, NULL, NULL, iv, -1);
+		if(i > 0) EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1);
 		EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL);
 		EVP_CIPHER_CTX_set_key_length(c, key_bits / 8);
 		}

crypto/evp/evp.h

@@ -488,6 +488,7 @@ int	EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *imp
 		const unsigned char *key, const unsigned char *iv);
 int	EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
 		int *outl, const unsigned char *in, int inl);
+int	EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
 int	EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
 
 int	EVP_DecryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
@@ -497,6 +498,7 @@ int	EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *imp
 int	EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
 		int *outl, const unsigned char *in, int inl);
 int	EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
+int	EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
 
 int	EVP_CipherInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
 		       const unsigned char *key,const unsigned char *iv,
@@ -507,6 +509,7 @@ int	EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl
 int	EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
 		int *outl, const unsigned char *in, int inl);
 int	EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
+int	EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
 
 int	EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s,
 		EVP_PKEY *pkey);

crypto/evp/evp_enc.c

@@ -73,11 +73,14 @@ void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
 	/* ctx->cipher=NULL; */
 	}
 
+
 int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
 	     const unsigned char *key, const unsigned char *iv, int enc)
 	{
+	EVP_CIPHER_CTX_init(ctx);
 	return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc);
 	}
+
 int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
 	     const unsigned char *key, const unsigned char *iv, int enc)
 	{
@@ -187,6 +190,13 @@ int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
 	else	return EVP_DecryptUpdate(ctx,out,outl,in,inl);
 	}
 
+int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+	{
+	if (ctx->encrypt)
+		return EVP_EncryptFinal_ex(ctx,out,outl);
+	else	return EVP_DecryptFinal_ex(ctx,out,outl);
+	}
+
 int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 	{
 	if (ctx->encrypt)
@@ -197,7 +207,7 @@ int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
 	     const unsigned char *key, const unsigned char *iv)
 	{
-	return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 1);
+	return EVP_CipherInit(ctx, cipher, key, iv, 1);
 	}
 
 int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
@@ -275,6 +285,14 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
 	}
 
 int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+	{
+	int ret;
+	ret = EVP_EncryptFinal_ex(ctx, out, outl);
+	EVP_CIPHER_CTX_cleanup(ctx);
+	return ret;
+	}
+
+int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 	{
 	int i,n,b,bl,ret;
 
@@ -358,6 +376,14 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
 	}
 
 int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+	{
+	int ret;
+	ret = EVP_DecryptFinal_ex(ctx, out, outl);
+	EVP_CIPHER_CTX_cleanup(ctx);
+	return ret;
+	}
+
+int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 	{
 	int i,b;
 	int n;

crypto/evp/evp_test.c

@@ -142,7 +142,7 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn,
 	exit(5);
 	}
     EVP_CIPHER_CTX_init(&ctx);
-    if(!EVP_EncryptInit(&ctx,c,key,iv))
+    if(!EVP_EncryptInit_ex(&ctx,c,NULL,key,iv))
 	{
 	fprintf(stderr,"EncryptInit failed\n");
 	exit(10);
@@ -154,7 +154,7 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn,
 	fprintf(stderr,"Encrypt failed\n");
 	exit(6);
 	}
-    if(!EVP_EncryptFinal(&ctx,out+outl,&outl2))
+    if(!EVP_EncryptFinal_ex(&ctx,out+outl,&outl2))
 	{
 	fprintf(stderr,"EncryptFinal failed\n");
 	exit(7);
@@ -175,7 +175,7 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn,
 	exit(9);
 	}
 
-    if(!EVP_DecryptInit(&ctx,c,key,iv))
+    if(!EVP_DecryptInit_ex(&ctx,c,NULL,key,iv))
 	{
 	fprintf(stderr,"DecryptInit failed\n");
 	exit(11);
@@ -187,7 +187,7 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn,
 	fprintf(stderr,"Decrypt failed\n");
 	exit(6);
 	}
-    if(!EVP_DecryptFinal(&ctx,out+outl,&outl2))
+    if(!EVP_DecryptFinal_ex(&ctx,out+outl,&outl2))
 	{
 	fprintf(stderr,"DecryptFinal failed\n");
 	exit(7);

crypto/evp/p5_crpt.c

@@ -143,7 +143,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
 	memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher));
 	memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
 						 EVP_CIPHER_iv_length(cipher));
-	EVP_CipherInit(cctx, cipher, key, iv, en_de);
+	EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de);
 	memset(md_tmp, 0, EVP_MAX_MD_SIZE);
 	memset(key, 0, EVP_MAX_KEY_LENGTH);
 	memset(iv, 0, EVP_MAX_IV_LENGTH);

crypto/evp/p5_crpt2.c

@@ -183,7 +183,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
 	}
 
 	/* Fixup cipher based on AlgorithmIdentifier */
-	EVP_CipherInit(ctx, cipher, NULL, NULL, en_de);
+	EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de);
 	if(EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) {
 		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
 					EVP_R_CIPHER_PARAMETER_ERROR);
@@ -229,7 +229,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
 	saltlen = kdf->salt->value.octet_string->length;
 	iter = ASN1_INTEGER_get(kdf->iter);
 	PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key);
-	EVP_CipherInit(ctx, NULL, key, NULL, en_de);
+	EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de);
 	memset(key, 0, keylen);
 	PBKDF2PARAM_free(kdf);
 	return 1;

crypto/evp/p_open.c

@@ -71,7 +71,7 @@ int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char *ek,
 
 	if(type) {	
 		EVP_CIPHER_CTX_init(ctx);
-		if(!EVP_DecryptInit(ctx,type,NULL,NULL)) return 0;
+		if(!EVP_DecryptInit_ex(ctx,type,NULL, NULL,NULL)) return 0;
 	}
 
 	if(!priv) return 1;
@@ -97,7 +97,7 @@ int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char *ek,
 		/* ERROR */
 		goto err;
 		}
-	if(!EVP_DecryptInit(ctx,NULL,key,iv)) goto err;
+	if(!EVP_DecryptInit_ex(ctx,NULL,NULL,key,iv)) goto err;
 
 	ret=1;
 err:
@@ -110,8 +110,8 @@ int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 	{
 	int i;
 
-	i=EVP_DecryptFinal(ctx,out,outl);
-	EVP_DecryptInit(ctx,NULL,NULL,NULL);
+	i=EVP_DecryptFinal_ex(ctx,out,outl);
+	EVP_DecryptInit_ex(ctx,NULL,NULL,NULL,NULL);
 	return(i);
 	}
 #else /* !OPENSSL_NO_RSA */

crypto/evp/p_seal.c

@@ -74,7 +74,7 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek
 	
 	if(type) {
 		EVP_CIPHER_CTX_init(ctx);
-		if(!EVP_EncryptInit(ctx,type,NULL,NULL)) return 0;
+		if(!EVP_EncryptInit_ex(ctx,type,NULL,NULL,NULL)) return 0;
 	}
 	if (npubk <= 0) return(0);
 	if (RAND_bytes(key,EVP_MAX_KEY_LENGTH) <= 0)
@@ -82,7 +82,7 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek
 	if (EVP_CIPHER_CTX_iv_length(ctx))
 		RAND_pseudo_bytes(iv,EVP_CIPHER_CTX_iv_length(ctx));
 
-	if(!EVP_EncryptInit(ctx,NULL,key,iv)) return 0;
+	if(!EVP_EncryptInit_ex(ctx,NULL,NULL,key,iv)) return 0;
 
 	for (i=0; i<npubk; i++)
 		{
@@ -107,6 +107,6 @@ int inl;
 
 void EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 	{
-	EVP_EncryptFinal(ctx,out,outl);
-	EVP_EncryptInit(ctx,NULL,NULL,NULL);
+	EVP_EncryptFinal_ex(ctx,out,outl);
+	EVP_EncryptInit_ex(ctx,NULL,NULL,NULL,NULL);
 	}

crypto/pem/pem_lib.c

@@ -346,9 +346,9 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x,
 		PEM_dek_info(buf,objstr,8,(char *)iv);
 		/* k=strlen(buf); */
 	
-		EVP_EncryptInit(&ctx,enc,key,iv);
+		EVP_EncryptInit_ex(&ctx,enc,NULL,key,iv);
 		EVP_EncryptUpdate(&ctx,data,&j,data,i);
-		EVP_EncryptFinal(&ctx,&(data[j]),&i);
+		EVP_EncryptFinal_ex(&ctx,&(data[j]),&i);
 		i+=j;
 		ret=1;
 		}
@@ -399,9 +399,9 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
 		(unsigned char *)buf,klen,1,key,NULL);
 
 	j=(int)len;
-	EVP_DecryptInit(&ctx,cipher->cipher,key,&(cipher->iv[0]));
+	EVP_DecryptInit_ex(&ctx,cipher->cipher,NULL, key,&(cipher->iv[0]));
 	EVP_DecryptUpdate(&ctx,data,&i,data,j);
-	o=EVP_DecryptFinal(&ctx,&(data[i]),&j);
+	o=EVP_DecryptFinal_ex(&ctx,&(data[i]),&j);
 	EVP_CIPHER_CTX_cleanup(&ctx);
 	memset((char *)buf,0,sizeof(buf));
 	memset((char *)key,0,sizeof(key));

crypto/pem/pem_seal.c

@@ -161,7 +161,7 @@ int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl,
 		goto err;
 		}
 
-	EVP_EncryptFinal(&ctx->cipher,s,(int *)&i);
+	EVP_EncryptFinal_ex(&ctx->cipher,s,(int *)&i);
 	EVP_EncodeUpdate(&ctx->encode,out,&j,s,i);
 	*outl=j;
 	out+=j;

crypto/pkcs12/p12_crpt.c

@@ -117,7 +117,7 @@ int PKCS12_PBE_keyivgen (EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
 		return 0;
 	}
 	PBEPARAM_free(pbe);
-	EVP_CipherInit(ctx, cipher, key, iv, en_de);
+	EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de);
 	memset(key, 0, EVP_MAX_KEY_LENGTH);
 	memset(iv, 0, EVP_MAX_IV_LENGTH);
 	return 1;

crypto/pkcs12/p12_decr.c

@@ -90,7 +90,7 @@ unsigned char * PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,
 
 	EVP_CipherUpdate (&ctx, out, &i, in, inlen);
 	outlen = i;
-	if(!EVP_CipherFinal (&ctx, out + i, &i)) {
+	if(!EVP_CipherFinal_ex (&ctx, out + i, &i)) {
 		OPENSSL_free (out);
 		PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,PKCS12_R_PKCS12_CIPHERFINAL_ERROR);
 		return NULL;

crypto/pkcs7/bio_ber.c

@@ -339,7 +339,7 @@ static long ber_ctrl(BIO *b, int cmd, long num, char *ptr)
 	case BIO_CTRL_RESET:
 		ctx->ok=1;
 		ctx->finished=0;
-		EVP_CipherInit(&(ctx->cipher),NULL,NULL,NULL,
+		EVP_CipherInit_ex(&(ctx->cipher),NULL,NULL,NULL,NULL,
 			ctx->cipher.berrypt);
 		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
 		break;
@@ -376,7 +376,7 @@ again:
 			{
 			ctx->finished=1;
 			ctx->buf_off=0;
-			ret=EVP_CipherFinal(&(ctx->cipher),
+			ret=EVP_CipherFinal_ex(&(ctx->cipher),
 				(unsigned char *)ctx->buf,
 				&(ctx->buf_len));
 			ctx->ok=(int)ret;
@@ -458,7 +458,7 @@ void BIO_set_cipher(BIO *b, EVP_CIPHER *c, unsigned char *k, unsigned char *i,
 
 	b->init=1;
 	ctx=(BIO_ENC_CTX *)b->ptr;
-	EVP_CipherInit(&(ctx->cipher),c,k,i,e);
+	EVP_CipherInit_ex(&(ctx->cipher),c,NULL,k,i,e);
 	
 	if (b->callback != NULL)
 		b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L);

crypto/pkcs7/pk7_doit.c

@@ -165,7 +165,7 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
 			goto err;
 		xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher));
 		if (ivlen > 0) RAND_pseudo_bytes(iv,ivlen);
-		EVP_CipherInit(ctx, evp_cipher, key, iv, 1);
+		EVP_CipherInit_ex(ctx, evp_cipher, NULL, key, iv, 1);
 
 		if (ivlen > 0) {
 			if (xalg->parameter == NULL) 
@@ -391,7 +391,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
 
 		evp_ctx=NULL;
 		BIO_get_cipher_ctx(etmp,&evp_ctx);
-		EVP_CipherInit(evp_ctx,evp_cipher,NULL,NULL,0);
+		EVP_CipherInit_ex(evp_ctx,evp_cipher,NULL,NULL,NULL,0);
 		if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0)
 			goto err;
 
@@ -407,7 +407,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
 				goto err;
 				}
 		} 
-		EVP_CipherInit(evp_ctx,NULL,tmp,NULL,0);
+		EVP_CipherInit_ex(evp_ctx,NULL,NULL,tmp,NULL,0);
 
 		memset(tmp,0,jj);
 

demos/maurice/example1.c

@@ -126,7 +126,7 @@ void main_encrypt(void)
 
 void main_decrypt(void)
 {
-	char buf[512];
+	char buf[520];
 	char ebuf[512];
 	unsigned int buflen;
         EVP_CIPHER_CTX ectx;
@@ -164,7 +164,6 @@ void main_decrypt(void)
 
 	read(STDIN, encryptKey, ekeylen);
 	read(STDIN, iv, sizeof(iv));
-
 	EVP_OpenInit(&ectx,
 		   EVP_des_ede3_cbc(), 
 		   encryptKey,
@@ -185,7 +184,6 @@ void main_decrypt(void)
 		}
 
 		EVP_OpenUpdate(&ectx, buf, &buflen, ebuf, readlen);
-
 		write(STDOUT, buf, buflen);
 	}
 

demos/maurice/example3.c

@@ -57,7 +57,8 @@ void do_cipher(char *pw, int operation)
 
 	EVP_BytesToKey(ALG, EVP_md5(), "salu", pw, strlen(pw), 1, key, iv);
 
-	EVP_CipherInit(&ectx, ALG, key, iv, operation);
+	EVP_CIPHER_CTX_init(&ectx);
+	EVP_CipherInit_ex(&ectx, ALG, NULL, key, iv, operation);
 
 	while(1)
 	{
@@ -79,7 +80,8 @@ void do_cipher(char *pw, int operation)
 		write(STDOUT, ebuf, ebuflen);
 	}
 
-        EVP_CipherFinal(&ectx, ebuf, &ebuflen); 
+        EVP_CipherFinal_ex(&ectx, ebuf, &ebuflen); 
+	EVP_CIPHER_CTX_cleanup(&ectx);
 
 	write(STDOUT, ebuf, ebuflen); 
 }

ssl/kssl.c

@@ -1997,10 +1997,10 @@ krb5_error_code  kssl_check_authent(
 		*/
 		goto err;
 		}
-	if (!EVP_DecryptInit(&ciph_ctx, enc, kssl_ctx->key, iv))
+	if (!EVP_DecryptInit_ex(&ciph_ctx, enc, NULL, kssl_ctx->key, iv))
 		{
 		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
-			"EVP_DecryptInit error decrypting authenticator.\n");
+			"EVP_DecryptInit_ex error decrypting authenticator.\n");
 		krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
 		goto err;
 		}
@@ -2019,10 +2019,10 @@ krb5_error_code  kssl_check_authent(
 		krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
 		goto err;
 		}
-	if (!EVP_DecryptFinal(&ciph_ctx, &(unenc_authent[outl]), &padl))
+	if (!EVP_DecryptFinal_ex(&ciph_ctx, &(unenc_authent[outl]), &padl))
 		{
 		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
-			"EVP_DecryptFinal error decrypting authenticator.\n");
+			"EVP_DecryptFinal_ex error decrypting authenticator.\n");
 		krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
 		goto err;
 		}

ssl/s2_enc.c

@@ -98,9 +98,9 @@ int ssl2_enc_init(SSL *s, int client)
 
 	ssl2_generate_key_material(s);
 
-	EVP_EncryptInit(ws,c,&(s->s2->key_material[(client)?num:0]),
+	EVP_EncryptInit_ex(ws,c,NULL,&(s->s2->key_material[(client)?num:0]),
 		s->session->key_arg);
-	EVP_DecryptInit(rs,c,&(s->s2->key_material[(client)?0:num]),
+	EVP_DecryptInit_ex(rs,c,NULL,&(s->s2->key_material[(client)?0:num]),
 		s->session->key_arg);
 	s->s2->read_key=  &(s->s2->key_material[(client)?0:num]);
 	s->s2->write_key= &(s->s2->key_material[(client)?num:0]);

ssl/s3_clnt.c

@@ -1519,17 +1519,17 @@ static int ssl3_send_client_key_exchange(SSL *s)
 			    goto err;
 
 			/*  20010420 VRS.  Tried it this way; failed.
-			**	EVP_EncryptInit(&ciph_ctx,enc, NULL,NULL);
+			**	EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
 			**	EVP_CIPHER_CTX_set_key_length(&ciph_ctx,
 			**				kssl_ctx->length);
-			**	EVP_EncryptInit(&ciph_ctx,NULL, key,iv);
+			**	EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
 			*/
 
 			memset(iv, 0, EVP_MAX_IV_LENGTH);  /* per RFC 1510 */
-			EVP_EncryptInit(&ciph_ctx,enc, kssl_ctx->key,iv);
+			EVP_EncryptInit_ex(&ciph_ctx,enc, kssl_ctx->key,iv);
 			EVP_EncryptUpdate(&ciph_ctx,epms,&outl,tmp_buf,
 						SSL_MAX_MASTER_KEY_LENGTH);
-			EVP_EncryptFinal(&ciph_ctx,&(epms[outl]),&padl);
+			EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);
 			outl += padl;
 			EVP_CIPHER_CTX_cleanup(&ciph_ctx);
 

ssl/s3_enc.c

@@ -275,7 +275,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
 
 	s->session->key_arg_length=0;
 
-	EVP_CipherInit(dd,c,key,iv,(which & SSL3_CC_WRITE));
+	EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE));
 
 	memset(&(exp_key[0]),0,sizeof(exp_key));
 	memset(&(exp_iv[0]),0,sizeof(exp_iv));

ssl/s3_srvr.c

@@ -1618,7 +1618,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
 
 		memset(iv, 0, EVP_MAX_IV_LENGTH);	/* per RFC 1510 */
 
-		if (!EVP_DecryptInit(&ciph_ctx,enc,kssl_ctx->key,iv))
+		if (!EVP_DecryptInit_ex(&ciph_ctx,enc,kssl_ctx->key,iv))
 			{
 			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
 				SSL_R_DECRYPTION_FAILED);
@@ -1637,7 +1637,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
 				SSL_R_DATA_LENGTH_TOO_LONG);
 			goto err;
 			}
-		if (!EVP_DecryptFinal(&ciph_ctx,&(pms[outl]),&padl))
+		if (!EVP_DecryptFinal_ex(&ciph_ctx,&(pms[outl]),&padl))
 			{
 			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
 				SSL_R_DECRYPTION_FAILED);

ssl/t1_enc.c

@@ -341,7 +341,7 @@ printf("which = %04X\nmac key=",which);
 #ifdef KSSL_DEBUG
 	{
         int i;
-	printf("EVP_CipherInit(dd,c,key=,iv=,which)\n");
+	printf("EVP_CipherInit_ex(dd,c,key=,iv=,which)\n");
 	printf("\tkey= "); for (i=0; i<c->key_len; i++) printf("%02x", key[i]);
 	printf("\n");
 	printf("\t iv= "); for (i=0; i<c->iv_len; i++) printf("%02x", iv[i]);
@@ -349,7 +349,7 @@ printf("which = %04X\nmac key=",which);
 	}
 #endif	/* KSSL_DEBUG */
 
-	EVP_CipherInit(dd,c,key,iv,(which & SSL3_CC_WRITE));
+	EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE));
 #ifdef TLS_DEBUG
 printf("which = %04X\nkey=",which);
 { int z; for (z=0; z<EVP_CIPHER_key_length(c); z++) printf("%02X%c",key[z],((z+1)%16)?' ':'\n'); }