Change all calls to low level digest routines in the library and

applications to use EVP. Add missing calls to HMAC_cleanup() and
don't assume HMAC_CTX can be copied using memcpy().

Note: this is almost identical to the patch submitted to openssl-dev
by Verdon Walker <VWalker@novell.com> except some redundant
EVP_add_digest_()/EVP_cleanup() calls were removed and some changes
made to avoid compiler warnings.

27 files changed, 158 insertions, 186 deletions

diff --git a/CHANGES b/CHANGES
index 589b1059aa..cf2d4f9e1c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -11,6 +11,11 @@
          *) applies to 0.9.6a (/0.9.6b) and 0.9.7
          +) applies to 0.9.7 only
 
+  *) Change all calls to low level digest routines in the library and
+     applications to use EVP. Add missing calls to HMAC_cleanup() and
+     don't assume HMAC_CTX can be copied using memcpy().
+     [Verdon Walker <VWalker@novell.com>, Steve Henson]
+
   +) Add the possibility to control engines through control names but with
      arbitrary arguments instead of just a string.
      Change the key loaders to take a UI_METHOD instead of a callback
diff --git a/apps/enc.c b/apps/enc.c
index fd25a21222..ac3014b24c 100644
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -66,9 +66,6 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/rand.h>
-#ifndef OPENSSL_NO_MD5
-#include <openssl/md5.h>
-#endif
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #include <ctype.h>
diff --git a/apps/passwd.c b/apps/passwd.c
index 53dbe073d2..750a3cb39d 100644
--- a/apps/passwd.c
+++ b/apps/passwd.c
@@ -20,7 +20,7 @@
 # include <openssl/des.h>
 #endif
 #ifndef NO_MD5CRYPT_1
-# include <openssl/md5.h>
+# include <openssl/evp.h>
 #endif
 
 
@@ -310,7 +310,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
 	unsigned char buf[MD5_DIGEST_LENGTH];
 	char *salt_out;
 	int n, i;
-	MD5_CTX md;
+	EVP_MD_CTX md;
 	size_t passwd_len, salt_len;
 
 	passwd_len = strlen(passwd);
@@ -325,48 +325,48 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
 	salt_len = strlen(salt_out);
 	assert(salt_len <= 8);
 	
-	MD5_Init(&md);
-	MD5_Update(&md, passwd, passwd_len);
-	MD5_Update(&md, "$", 1);
-	MD5_Update(&md, magic, strlen(magic));
-	MD5_Update(&md, "$", 1);
-	MD5_Update(&md, salt_out, salt_len);
+	EVP_DigestInit(&md,EVP_md5());
+	EVP_DigestUpdate(&md, passwd, passwd_len);
+	EVP_DigestUpdate(&md, "$", 1);
+	EVP_DigestUpdate(&md, magic, strlen(magic));
+	EVP_DigestUpdate(&md, "$", 1);
+	EVP_DigestUpdate(&md, salt_out, salt_len);
 	
 	 {
-		MD5_CTX md2;
+		EVP_MD_CTX md2;
 
-		MD5_Init(&md2);
-		MD5_Update(&md2, passwd, passwd_len);
-		MD5_Update(&md2, salt_out, salt_len);
-		MD5_Update(&md2, passwd, passwd_len);
-		MD5_Final(buf, &md2);
+		EVP_DigestInit(&md2,EVP_md5());
+		EVP_DigestUpdate(&md2, passwd, passwd_len);
+		EVP_DigestUpdate(&md2, salt_out, salt_len);
+		EVP_DigestUpdate(&md2, passwd, passwd_len);
+		EVP_DigestFinal(&md2, buf, NULL);
 	 }
 	for (i = passwd_len; i > sizeof buf; i -= sizeof buf)
-		MD5_Update(&md, buf, sizeof buf);
-	MD5_Update(&md, buf, i);
+		EVP_DigestUpdate(&md, buf, sizeof buf);
+	EVP_DigestUpdate(&md, buf, i);
 	
 	n = passwd_len;
 	while (n)
 		{
-		MD5_Update(&md, (n & 1) ? "\0" : passwd, 1);
+		EVP_DigestUpdate(&md, (n & 1) ? "\0" : passwd, 1);
 		n >>= 1;
 		}
-	MD5_Final(buf, &md);
+	EVP_DigestFinal(&md, buf, NULL);
 
 	for (i = 0; i < 1000; i++)
 		{
-		MD5_CTX md2;
+		EVP_MD_CTX md2;
 
-		MD5_Init(&md2);
-		MD5_Update(&md2, (i & 1) ? (unsigned char *) passwd : buf,
-		                 (i & 1) ? passwd_len : sizeof buf);
+		EVP_DigestInit(&md2,EVP_md5());
+		EVP_DigestUpdate(&md2, (i & 1) ? (unsigned char *) passwd : buf,
+		                       (i & 1) ? passwd_len : sizeof buf);
 		if (i % 3)
-			MD5_Update(&md2, salt_out, salt_len);
+			EVP_DigestUpdate(&md2, salt_out, salt_len);
 		if (i % 7)
-			MD5_Update(&md2, passwd, passwd_len);
-		MD5_Update(&md2, (i & 1) ? buf : (unsigned char *) passwd,
-		                 (i & 1) ? sizeof buf : passwd_len);
-		MD5_Final(buf, &md2);
+			EVP_DigestUpdate(&md2, passwd, passwd_len);
+		EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned char *) passwd,
+		                       (i & 1) ? sizeof buf : passwd_len);
+		EVP_DigestFinal(&md2, buf, NULL);
 		}
 	
 	 {
diff --git a/apps/speed.c b/apps/speed.c
index dd3270f6eb..dbf7732a2a 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -924,7 +924,7 @@ int MAIN(int argc, char **argv)
 			print_message(names[D_MD2],c[D_MD2][j],lengths[j]);
 			Time_F(START,usertime);
 			for (count=0,run=1; COND(c[D_MD2][j]); count++)
-				MD2(buf,(unsigned long)lengths[j],&(md2[0]));
+				EVP_Digest(buf,(unsigned long)lengths[j],&(md2[0]),NULL,EVP_md2());
 			d=Time_F(STOP,usertime);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
 				count,names[D_MD2],d);
@@ -940,7 +940,7 @@ int MAIN(int argc, char **argv)
 			print_message(names[D_MDC2],c[D_MDC2][j],lengths[j]);
 			Time_F(START,usertime);
 			for (count=0,run=1; COND(c[D_MDC2][j]); count++)
-				MDC2(buf,(unsigned long)lengths[j],&(mdc2[0]));
+				EVP_Digest(buf,(unsigned long)lengths[j],&(mdc2[0]),NULL,EVP_mdc2());
 			d=Time_F(STOP,usertime);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
 				count,names[D_MDC2],d);
@@ -957,7 +957,7 @@ int MAIN(int argc, char **argv)
 			print_message(names[D_MD4],c[D_MD4][j],lengths[j]);
 			Time_F(START,usertime);
 			for (count=0,run=1; COND(c[D_MD4][j]); count++)
-				MD4(&(buf[0]),(unsigned long)lengths[j],&(md4[0]));
+				EVP_Digest(&(buf[0]),(unsigned long)lengths[j],&(md4[0]),NULL,EVP_md4());
 			d=Time_F(STOP,usertime);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
 				count,names[D_MD4],d);
@@ -974,7 +974,7 @@ int MAIN(int argc, char **argv)
 			print_message(names[D_MD5],c[D_MD5][j],lengths[j]);
 			Time_F(START,usertime);
 			for (count=0,run=1; COND(c[D_MD5][j]); count++)
-				MD5(&(buf[0]),(unsigned long)lengths[j],&(md5[0]));
+				EVP_Digest(&(buf[0]),(unsigned long)lengths[j],&(md5[0]),NULL,EVP_md5());
 			d=Time_F(STOP,usertime);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
 				count,names[D_MD5],d);
@@ -1005,6 +1005,7 @@ int MAIN(int argc, char **argv)
 				count,names[D_HMAC],d);
 			results[D_HMAC][j]=((double)count)/d*lengths[j];
 			}
+		HMAC_cleanup(&hctx);
 		}
 #endif
 #ifndef OPENSSL_NO_SHA
@@ -1015,7 +1016,7 @@ int MAIN(int argc, char **argv)
 			print_message(names[D_SHA1],c[D_SHA1][j],lengths[j]);
 			Time_F(START,usertime);
 			for (count=0,run=1; COND(c[D_SHA1][j]); count++)
-				SHA1(buf,(unsigned long)lengths[j],&(sha[0]));
+				EVP_Digest(buf,(unsigned long)lengths[j],&(sha[0]),NULL,EVP_sha1());
 			d=Time_F(STOP,usertime);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
 				count,names[D_SHA1],d);
@@ -1031,7 +1032,7 @@ int MAIN(int argc, char **argv)
 			print_message(names[D_RMD160],c[D_RMD160][j],lengths[j]);
 			Time_F(START,usertime);
 			for (count=0,run=1; COND(c[D_RMD160][j]); count++)
-				RIPEMD160(buf,(unsigned long)lengths[j],&(rmd160[0]));
+				EVP_Digest(buf,(unsigned long)lengths[j],&(rmd160[0]),NULL,EVP_ripemd160());
 			d=Time_F(STOP,usertime);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
 				count,names[D_RMD160],d);
diff --git a/crypto/asn1/t_x509.c b/crypto/asn1/t_x509.c
index 17ed9f2f7f..0bba0861d1 100644
--- a/crypto/asn1/t_x509.c
+++ b/crypto/asn1/t_x509.c
@@ -259,7 +259,6 @@ int X509_ocspid_print (BIO *bp, X509 *x)
 	unsigned char *dertmp;
 	int derlen;
 	int i;
-	SHA_CTX SHA1buf ;
 	unsigned char SHA1md[SHA_DIGEST_LENGTH];
 
 	/* display the hash of the subject as it would appear
@@ -271,9 +270,7 @@ int X509_ocspid_print (BIO *bp, X509 *x)
 		goto err;
 	i2d_X509_NAME(x->cert_info->subject, &dertmp);
 
-	SHA1_Init(&SHA1buf);
-	SHA1_Update(&SHA1buf, der, derlen);
-	SHA1_Final(SHA1md,&SHA1buf);
+	EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1());
 	for (i=0; i < SHA_DIGEST_LENGTH; i++)
 		{
 		if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0) goto err;
@@ -286,10 +283,8 @@ int X509_ocspid_print (BIO *bp, X509 *x)
 	if (BIO_printf(bp,"\n        Public key OCSP hash: ") <= 0)
 		goto err;
 
-	SHA1_Init(&SHA1buf);
-	SHA1_Update(&SHA1buf, x->cert_info->key->public_key->data,
-		x->cert_info->key->public_key->length);
-	SHA1_Final(SHA1md,&SHA1buf);
+	EVP_Digest(x->cert_info->key->public_key->data,
+		x->cert_info->key->public_key->length, SHA1md, NULL, EVP_sha1());
 	for (i=0; i < SHA_DIGEST_LENGTH; i++)
 		{
 		if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0)
diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index 0b61177515..7440e917a5 100644
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -61,12 +61,12 @@
 #ifdef GENUINE_DSA
 /* Parameter generation follows the original release of FIPS PUB 186,
  * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) */
-#define HASH    SHA
+#define HASH    EVP_sha()
 #else
 /* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
  * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in
  * FIPS PUB 180-1) */
-#define HASH    SHA1
+#define HASH    EVP_sha1()
 #endif 
 
 #ifndef OPENSSL_NO_SHA
@@ -74,7 +74,7 @@
 #include <stdio.h>
 #include <time.h>
 #include "cryptlib.h"
-#include <openssl/sha.h>
+#include <openssl/evp.h>
 #include <openssl/bn.h>
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
@@ -158,8 +158,8 @@ DSA *DSA_generate_parameters(int bits,
 				}
 
 			/* step 2 */
-			HASH(seed,SHA_DIGEST_LENGTH,md);
-			HASH(buf,SHA_DIGEST_LENGTH,buf2);
+			EVP_Digest(seed,SHA_DIGEST_LENGTH,md,NULL,HASH);
+			EVP_Digest(buf,SHA_DIGEST_LENGTH,buf2,NULL,HASH);
 			for (i=0; i<SHA_DIGEST_LENGTH; i++)
 				md[i]^=buf2[i];
 
@@ -206,7 +206,7 @@ DSA *DSA_generate_parameters(int bits,
 					if (buf[i] != 0) break;
 					}
 
-				HASH(buf,SHA_DIGEST_LENGTH,md);
+				EVP_Digest(buf,SHA_DIGEST_LENGTH,md,NULL,HASH);
 
 				/* step 8 */
 				if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0))
diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c
index bd5d0ce567..ef87c3e637 100644
--- a/crypto/dsa/dsa_key.c
+++ b/crypto/dsa/dsa_key.c
@@ -60,7 +60,6 @@
 #include <stdio.h>
 #include <time.h>
 #include "cryptlib.h"
-#include <openssl/sha.h>
 #include <openssl/bn.h>
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
diff --git a/crypto/evp/bio_ok.c b/crypto/evp/bio_ok.c
index e617ce1d43..1703a2457d 100644
--- a/crypto/evp/bio_ok.c
+++ b/crypto/evp/bio_ok.c
@@ -162,7 +162,7 @@ typedef struct ok_struct
 	EVP_MD_CTX md;
 	int blockout;		/* output block is ready */ 
 	int sigio;		/* must process signature */
-	char buf[IOBS];
+	unsigned char buf[IOBS];
 	} BIO_OK_CTX;
 
 static BIO_METHOD methods_ok=
@@ -474,7 +474,7 @@ static void sig_out(BIO* b)
 	ctx->buf_len+= md->digest->md_size;
 
 	EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN));
-	md->digest->final(&(ctx->buf[ctx->buf_len]), &(md->md.base[0]));
+	EVP_DigestFinal(md, &(ctx->buf[ctx->buf_len]), NULL);
 	ctx->buf_len+= md->digest->md_size;
 	ctx->blockout= 1;
 	ctx->sigio= 0;
@@ -498,7 +498,7 @@ static void sig_in(BIO* b)
 	ctx->buf_off+= md->digest->md_size;
 
 	EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN));
-	md->digest->final(tmp, &(md->md.base[0]));
+	EVP_DigestFinal(md, tmp, NULL);
 	ret= memcmp(&(ctx->buf[ctx->buf_off]), tmp, md->digest->md_size) == 0;
 	ctx->buf_off+= md->digest->md_size;
 	if(ret == 1)
@@ -531,7 +531,7 @@ static void block_out(BIO* b)
 	memcpy(ctx->buf, &tl, OK_BLOCK_BLOCK);
 	tl= swapem(tl);
 	EVP_DigestUpdate(md, (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl);
-	md->digest->final(&(ctx->buf[ctx->buf_len]), &(md->md.base[0]));
+	EVP_DigestFinal(md, &(ctx->buf[ctx->buf_len]), NULL);
 	ctx->buf_len+= md->digest->md_size;
 	ctx->blockout= 1;
 	}
@@ -551,7 +551,7 @@ static void block_in(BIO* b)
 	if (ctx->buf_len < tl+ OK_BLOCK_BLOCK+ md->digest->md_size) return;
  
 	EVP_DigestUpdate(md, (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl);
-	md->digest->final(tmp, &(md->md.base[0]));
+	EVP_DigestFinal(md, tmp, NULL);
 	if(memcmp(&(ctx->buf[tl+ OK_BLOCK_BLOCK]), tmp, md->digest->md_size) == 0)
 		{
 		/* there might be parts from next block lurking around ! */
diff --git a/crypto/md2/md2test.c b/crypto/md2/md2test.c
index 70725ef917..78901475eb 100644
--- a/crypto/md2/md2test.c
+++ b/crypto/md2/md2test.c
@@ -67,7 +67,7 @@ int main(int argc, char *argv[])
     return(0);
 }
 #else
-#include <openssl/md2.h>
+#include <openssl/evp.h>
 
 #ifdef CHARSET_EBCDIC
 #include <openssl/ebcdic.h>
@@ -100,13 +100,15 @@ int main(int argc, char *argv[])
 	int i,err=0;
 	char **P,**R;
 	char *p;
+	unsigned char md[MD2_DIGEST_LENGTH];
 
 	P=test;
 	R=ret;
 	i=1;
 	while (*P != NULL)
 		{
-		p=pt(MD2((unsigned char *)*P,(unsigned long)strlen(*P),NULL));
+		EVP_Digest((unsigned char *)*P,(unsigned long)strlen(*P),md,NULL,EVP_md2());
+		p=pt(md);
 		if (strcmp(p,*R) != 0)
 			{
 			printf("error calculating MD2 on '%s'\n",*P);
diff --git a/crypto/md4/md4test.c b/crypto/md4/md4test.c
index 78bcd4394a..9e8cadb6cd 100644
--- a/crypto/md4/md4test.c
+++ b/crypto/md4/md4test.c
@@ -67,7 +67,7 @@ int main(int argc, char *argv[])
     return(0);
 }
 #else
-#include <openssl/md4.h>
+#include <openssl/evp.h>
 
 static char *test[]={
 	"",
@@ -96,13 +96,15 @@ int main(int argc, char *argv[])
 	int i,err=0;
 	unsigned char **P,**R;
 	char *p;
+	unsigned char md[MD4_DIGEST_LENGTH];
 
 	P=(unsigned char **)test;
 	R=(unsigned char **)ret;
 	i=1;
 	while (*P != NULL)
 		{
-		p=pt(MD4(&(P[0][0]),(unsigned long)strlen((char *)*P),NULL));
+		EVP_Digest(&(P[0][0]),(unsigned long)strlen((char *)*P),md,NULL,EVP_md4());
+		p=pt(md);
 		if (strcmp(p,(char *)*R) != 0)
 			{
 			printf("error calculating MD4 on '%s'\n",*P);
diff --git a/crypto/md5/md5test.c b/crypto/md5/md5test.c
index cf8cf51b6b..4e64319832 100644
--- a/crypto/md5/md5test.c
+++ b/crypto/md5/md5test.c
@@ -67,7 +67,7 @@ int main(int argc, char *argv[])
     return(0);
 }
 #else
-#include <openssl/md5.h>
+#include <openssl/evp.h>
 
 static char *test[]={
 	"",
@@ -96,13 +96,15 @@ int main(int argc, char *argv[])
 	int i,err=0;
 	unsigned char **P,**R;
 	char *p;
+	unsigned char md[MD5_DIGEST_LENGTH];
 
 	P=(unsigned char **)test;
 	R=(unsigned char **)ret;
 	i=1;
 	while (*P != NULL)
 		{
-		p=pt(MD5(&(P[0][0]),(unsigned long)strlen((char *)*P),NULL));
+		EVP_Digest(&(P[0][0]),(unsigned long)strlen((char *)*P),md,NULL,EVP_md5());
+		p=pt(md);
 		if (strcmp(p,(char *)*R) != 0)
 			{
 			printf("error calculating MD5 on '%s'\n",*P);
diff --git a/crypto/mdc2/mdc2test.c b/crypto/mdc2/mdc2test.c
index 6a50e9debe..9507fed7db 100644
--- a/crypto/mdc2/mdc2test.c
+++ b/crypto/mdc2/mdc2test.c
@@ -71,7 +71,7 @@ int main(int argc, char *argv[])
     return(0);
 }
 #else
-#include <openssl/mdc2.h>
+#include <openssl/evp.h>
 
 #ifdef CHARSET_EBCDIC
 #include <openssl/ebcdic.h>
@@ -92,16 +92,16 @@ int main(int argc, char *argv[])
 	int ret=0;
 	unsigned char md[MDC2_DIGEST_LENGTH];
 	int i;
-	MDC2_CTX c;
+	EVP_MD_CTX c;
 	static char *text="Now is the time for all ";
 
 #ifdef CHARSET_EBCDIC
 	ebcdic2ascii(text,text,strlen(text));
 #endif
 
-	MDC2_Init(&c);
-	MDC2_Update(&c,(unsigned char *)text,strlen(text));
-	MDC2_Final(&(md[0]),&c);
+	EVP_DigestInit(&c,EVP_mdc2());
+	EVP_DigestUpdate(&c,(unsigned char *)text,strlen(text));
+	EVP_DigestFinal(&c,&(md[0]),NULL);
 
 	if (memcmp(md,pad1,MDC2_DIGEST_LENGTH) != 0)
 		{
@@ -116,10 +116,10 @@ int main(int argc, char *argv[])
 	else
 		printf("pad1 - ok\n");
 
-	MDC2_Init(&c);
-	c.pad_type=2;
-	MDC2_Update(&c,(unsigned char *)text,strlen(text));
-	MDC2_Final(&(md[0]),&c);
+	EVP_DigestInit(&c,EVP_mdc2());
+	c.md.mdc2.pad_type=2;
+	EVP_DigestUpdate(&c,(unsigned char *)text,strlen(text));
+	EVP_DigestFinal(&c,&(md[0]),NULL);
 
 	if (memcmp(md,pad2,MDC2_DIGEST_LENGTH) != 0)
 		{
diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c
index 32b6e17c24..f67715e869 100644
--- a/crypto/pkcs12/p12_mutl.c
+++ b/crypto/pkcs12/p12_mutl.c
@@ -89,6 +89,7 @@ int PKCS12_gen_mac (PKCS12 *p12, const char *pass, int passlen,
     	HMAC_Update (&hmac, p12->authsafes->d.data->data,
 					 p12->authsafes->d.data->length);
     	HMAC_Final (&hmac, mac, maclen);
+    	HMAC_cleanup (&hmac);
 	return 1;
 }
 
diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c
index d4d2f36ad4..1c87f21171 100644
--- a/crypto/rand/md_rand.c
+++ b/crypto/rand/md_rand.c
@@ -264,7 +264,7 @@ static void ssleay_rand_add(const void *buf, int num, double add)
 			
 		MD_Update(&m,buf,j);
 		MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
-		MD_Final(local_md,&m);
+		MD_Final(&m,local_md);
 		md_c[1]++;
 
 		buf=(const char *)buf + j;
@@ -457,7 +457,7 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
 			}
 		else
 			MD_Update(&m,&(state[st_idx]),j);
-		MD_Final(local_md,&m);
+		MD_Final(&m,local_md);
 
 		for (i=0; i<j; i++)
 			{
@@ -473,7 +473,7 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
 	MD_Update(&m,local_md,MD_DIGEST_LENGTH);
 	CRYPTO_w_lock(CRYPTO_LOCK_RAND);
 	MD_Update(&m,md,MD_DIGEST_LENGTH);
-	MD_Final(md,&m);
+	MD_Final(&m,md);
 	CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
 
 	memset(&m,0,sizeof(m));
diff --git a/crypto/rand/rand_lcl.h b/crypto/rand/rand_lcl.h
index 1d9670738e..44d7cbba67 100644
--- a/crypto/rand/rand_lcl.h
+++ b/crypto/rand/rand_lcl.h
@@ -129,55 +129,26 @@
 #endif
 #endif
 
+#include <openssl/evp.h>
+#define MD_CTX			EVP_MD_CTX
+#define MD_Update(a,b,c)	EVP_DigestUpdate(a,b,c)
+#define	MD_Final(a,b)		EVP_DigestFinal(a,b,NULL)
 #if defined(USE_MD5_RAND)
-#include <openssl/md5.h>
 #define MD_DIGEST_LENGTH	MD5_DIGEST_LENGTH
-#define	MD(a,b,c)		MD5(a,b,c)
+#define MD_Init(a)		EVP_DigestInit(a,EVP_md5())
+#define	MD(a,b,c)		EVP_Digest(a,b,c,EVP_md5())
 #elif defined(USE_SHA1_RAND)
-#include <openssl/sha.h>
 #define MD_DIGEST_LENGTH	SHA_DIGEST_LENGTH
-#define	MD(a,b,c)		SHA1(a,b,c)
+#define MD_Init(a)		EVP_DigestInit(a,EVP_sha1())
+#define	MD(a,b,c)		EVP_Digest(a,b,c,EVP_sha1())
 #elif defined(USE_MDC2_RAND)
-#include <openssl/mdc2.h>
 #define MD_DIGEST_LENGTH	MDC2_DIGEST_LENGTH
-#define	MD(a,b,c)		MDC2(a,b,c)
+#define MD_Init(a)		EVP_DigestInit(a,EVP_mdc2())
+#define	MD(a,b,c)		EVP_Digest(a,b,c,EVP_mdc2())
 #elif defined(USE_MD2_RAND)
-#include <openssl/md2.h>
 #define MD_DIGEST_LENGTH	MD2_DIGEST_LENGTH
-#define	MD(a,b,c)		MD2(a,b,c)
-#endif
-#if defined(USE_MD5_RAND)
-#include <openssl/md5.h>
-#define MD_DIGEST_LENGTH	MD5_DIGEST_LENGTH
-#define MD_CTX			MD5_CTX
-#define MD_Init(a)		MD5_Init(a)
-#define MD_Update(a,b,c)	MD5_Update(a,b,c)
-#define	MD_Final(a,b)		MD5_Final(a,b)
-#define	MD(a,b,c)		MD5(a,b,c)
-#elif defined(USE_SHA1_RAND)
-#include <openssl/sha.h>
-#define MD_DIGEST_LENGTH	SHA_DIGEST_LENGTH
-#define MD_CTX			SHA_CTX
-#define MD_Init(a)		SHA1_Init(a)
-#define MD_Update(a,b,c)	SHA1_Update(a,b,c)
-#define	MD_Final(a,b)		SHA1_Final(a,b)
-#define	MD(a,b,c)		SHA1(a,b,c)
-#elif defined(USE_MDC2_RAND)
-#include <openssl/mdc2.h>
-#define MD_DIGEST_LENGTH	MDC2_DIGEST_LENGTH
-#define MD_CTX			MDC2_CTX
-#define MD_Init(a)		MDC2_Init(a)
-#define MD_Update(a,b,c)	MDC2_Update(a,b,c)
-#define	MD_Final(a,b)		MDC2_Final(a,b)
-#define	MD(a,b,c)		MDC2(a,b,c)
-#elif defined(USE_MD2_RAND)
-#include <openssl/md2.h>
-#define MD_DIGEST_LENGTH	MD2_DIGEST_LENGTH
-#define MD_CTX			MD2_CTX
-#define MD_Init(a)		MD2_Init(a)
-#define MD_Update(a,b,c)	MD2_Update(a,b,c)
-#define	MD_Final(a,b)		MD2_Final(a,b)
-#define	MD(a,b,c)		MD2(a,b,c)
+#define MD_Init(a)		EVP_DigestInit(a,EVP_md2())
+#define	MD(a,b,c)		EVP_Digest(a,b,c,EVP_md2())
 #endif
 
 
diff --git a/crypto/rc4/rc4.c b/crypto/rc4/rc4.c
index 75616c3179..c2165b0b75 100644
--- a/crypto/rc4/rc4.c
+++ b/crypto/rc4/rc4.c
@@ -162,7 +162,7 @@ bad:
 		keystr=buf;
 		}
 
-	MD5((unsigned char *)keystr,(unsigned long)strlen(keystr),md);
+	EVP_Digest((unsigned char *)keystr,(unsigned long)strlen(keystr),md,NULL,EVP_md5());
 	memset(keystr,0,strlen(keystr));
 	RC4_set_key(&key,MD5_DIGEST_LENGTH,md);
 	
diff --git a/crypto/ripemd/rmdtest.c b/crypto/ripemd/rmdtest.c
index 6bc90d5afc..e1aae630e9 100644
--- a/crypto/ripemd/rmdtest.c
+++ b/crypto/ripemd/rmdtest.c
@@ -67,7 +67,7 @@ int main(int argc, char *argv[])
     return(0);
 }
 #else
-#include <openssl/ripemd.h>
+#include <openssl/evp.h>
 
 #ifdef CHARSET_EBCDIC
 #include <openssl/ebcdic.h>
@@ -102,6 +102,7 @@ int main(int argc, char *argv[])
 	int i,err=0;
 	unsigned char **P,**R;
 	char *p;
+	unsigned char md[RIPEMD160_DIGEST_LENGTH];
 
 	P=(unsigned char **)test;
 	R=(unsigned char **)ret;
@@ -111,7 +112,8 @@ int main(int argc, char *argv[])
 #ifdef CHARSET_EBCDIC
 		ebcdic2ascii((char *)*P, (char *)*P, strlen((char *)*P));
 #endif
-		p=pt(RIPEMD160(&(P[0][0]),(unsigned long)strlen((char *)*P),NULL));
+		EVP_Digest(&(P[0][0]),(unsigned long)strlen((char *)*P),md,NULL,EVP_ripemd160());
+		p=pt(md);
 		if (strcmp(p,(char *)*R) != 0)
 			{
 			printf("error calculating RIPEMD160 on '%s'\n",*P);
diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c
index a489639259..8da765e4d7 100644
--- a/crypto/rsa/rsa_oaep.c
+++ b/crypto/rsa/rsa_oaep.c
@@ -24,7 +24,7 @@
 #include "cryptlib.h"
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
-#include <openssl/sha.h>
+#include <openssl/evp.h>
 #include <openssl/rand.h>
 
 int MGF1(unsigned char *mask, long len,
@@ -62,7 +62,7 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
     seed = to + 1;
     db = to + SHA_DIGEST_LENGTH + 1;
 
-    SHA1(param, plen, db);
+    EVP_Digest((void *)param, plen, db, NULL, EVP_sha1());
     memset(db + SHA_DIGEST_LENGTH, 0,
 	   emlen - flen - 2 * SHA_DIGEST_LENGTH - 1);
     db[emlen - flen - SHA_DIGEST_LENGTH - 1] = 0x01;
@@ -120,7 +120,7 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
     for (i = 0; i < dblen; i++)
 	db[i] ^= maskeddb[i];
 
-    SHA1(param, plen, phash);
+    EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1());
 
     if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0)
 	goto decoding_err;
@@ -159,24 +159,24 @@ int MGF1(unsigned char *mask, long len,
     {
     long i, outlen = 0;
     unsigned char cnt[4];
-    SHA_CTX c;
+    EVP_MD_CTX c;
     unsigned char md[SHA_DIGEST_LENGTH];
 
     for (i = 0; outlen < len; i++)
 	{
 	cnt[0] = (i >> 24) & 255, cnt[1] = (i >> 16) & 255,
 	  cnt[2] = (i >> 8) & 255, cnt[3] = i & 255;
-	SHA1_Init(&c);
-	SHA1_Update(&c, seed, seedlen);
-	SHA1_Update(&c, cnt, 4);
+	EVP_DigestInit(&c,EVP_sha1());
+	EVP_DigestUpdate(&c, seed, seedlen);
+	EVP_DigestUpdate(&c, cnt, 4);
 	if (outlen + SHA_DIGEST_LENGTH <= len)
 	    {
-	    SHA1_Final(mask + outlen, &c);
+	    EVP_DigestFinal(&c, mask + outlen, NULL);
 	    outlen += SHA_DIGEST_LENGTH;
 	    }
 	else
 	    {
-	    SHA1_Final(md, &c);
+	    EVP_DigestFinal(&c, md, NULL);
 	    memcpy(mask + outlen, md, len - outlen);
 	    outlen = len;
 	    }
diff --git a/crypto/sha/sha1test.c b/crypto/sha/sha1test.c
index 3b09039cc8..a915981b5b 100644
--- a/crypto/sha/sha1test.c
+++ b/crypto/sha/sha1test.c
@@ -67,7 +67,7 @@ int main(int argc, char *argv[])
     return(0);
 }
 #else
-#include <openssl/sha.h>
+#include <openssl/evp.h>
 
 #ifdef CHARSET_EBCDIC
 #include <openssl/ebcdic.h>
@@ -106,7 +106,7 @@ int main(int argc, char *argv[])
 	unsigned char **P,**R;
 	static unsigned char buf[1000];
 	char *p,*r;
-	SHA_CTX c;
+	EVP_MD_CTX c;
 	unsigned char md[SHA_DIGEST_LENGTH];
 
 #ifdef CHARSET_EBCDIC
@@ -119,7 +119,8 @@ int main(int argc, char *argv[])
 	i=1;
 	while (*P != NULL)
 		{
-		p=pt(SHA1(*P,(unsigned long)strlen((char *)*P),NULL));
+		EVP_Digest(*P,(unsigned long)strlen((char *)*P),md,NULL,EVP_sha1());
+		p=pt(md);
 		if (strcmp(p,(char *)*R) != 0)
 			{
 			printf("error calculating SHA1 on '%s'\n",*P);
@@ -137,10 +138,10 @@ int main(int argc, char *argv[])
 #ifdef CHARSET_EBCDIC
 	ebcdic2ascii(buf, buf, 1000);
 #endif /*CHARSET_EBCDIC*/
-	SHA1_Init(&c);
+	EVP_DigestInit(&c,EVP_sha1());
 	for (i=0; i<1000; i++)
-		SHA1_Update(&c,buf,1000);
-	SHA1_Final(md,&c);
+		EVP_DigestUpdate(&c,buf,1000);
+	EVP_DigestFinal(&c,md,NULL);
 	p=pt(md);
 
 	r=bigret;
diff --git a/crypto/sha/shatest.c b/crypto/sha/shatest.c
index d3bc4b58c9..d492c1515b 100644
--- a/crypto/sha/shatest.c
+++ b/crypto/sha/shatest.c
@@ -67,7 +67,7 @@ int main(int argc, char *argv[])
     return(0);
 }
 #else
-#include <openssl/sha.h>
+#include <openssl/evp.h>
 
 #ifdef CHARSET_EBCDIC
 #include <openssl/ebcdic.h>
@@ -106,7 +106,7 @@ int main(int argc, char *argv[])
 	unsigned char **P,**R;
 	static unsigned char buf[1000];
 	char *p,*r;
-	SHA_CTX c;
+	EVP_MD_CTX c;
 	unsigned char md[SHA_DIGEST_LENGTH];
 
 #ifdef CHARSET_EBCDIC
@@ -119,7 +119,8 @@ int main(int argc, char *argv[])
 	i=1;
 	while (*P != NULL)
 		{
-		p=pt(SHA(*P,(unsigned long)strlen((char *)*P),NULL));
+		EVP_Digest(*P,(unsigned long)strlen((char *)*P),md,NULL,EVP_sha());
+		p=pt(md);
 		if (strcmp(p,(char *)*R) != 0)
 			{
 			printf("error calculating SHA on '%s'\n",*P);
@@ -137,10 +138,10 @@ int main(int argc, char *argv[])
 #ifdef CHARSET_EBCDIC
 	ebcdic2ascii(buf, buf, 1000);
 #endif /*CHARSET_EBCDIC*/
-	SHA_Init(&c);
+	EVP_DigestInit(&c,EVP_sha());
 	for (i=0; i<1000; i++)
-		SHA_Update(&c,buf,1000);<