@@ -731,7 +731,7 @@ static int asn1_parse_mscat(fmap_t *map, size_t offset, unsigned int size, crtmg

     unsigned int dsize, message_size, attrs_size;

     cli_crt_hashtype hashtype;

     cli_crt *x509;

-    EVP_MD_CTX *ctx;

+    EVP_MD_CTX ctx;

     int result;

     int isBlacklisted = 0;

@@ -1021,15 +1021,10 @@ static int asn1_parse_mscat(fmap_t *map, size_t offset, unsigned int size, crtmg

 	    break;

 	}

-    ctx = EVP_MD_CTX_create();

-    if (!(ctx))

-        break;

-

-    EVP_DigestInit(ctx, EVP_sha1());

-	EVP_DigestUpdate(ctx, "\x31", 1);

-	EVP_DigestUpdate(ctx, attrs + 1, attrs_size - 1);

-	EVP_DigestFinal(ctx, sha1, NULL);

-    EVP_MD_CTX_destroy(ctx);

+    EVP_DigestInit(&ctx, EVP_sha1());

+	EVP_DigestUpdate(&ctx, "\x31", 1);

+	EVP_DigestUpdate(&ctx, attrs + 1, attrs_size - 1);

+	EVP_DigestFinal(&ctx, sha1, NULL);

 	if(!fmap_need_ptr_once(map, asn1.content, asn1.size)) {

 	    cli_dbgmsg("asn1_parse_mscat: failed to read encryptedDigest\n");

@@ -1267,25 +1262,15 @@ static int asn1_parse_mscat(fmap_t *map, size_t offset, unsigned int size, crtmg

 	}

 	if(hashtype == CLI_SHA1RSA) {

-        ctx = EVP_MD_CTX_create();

-        if (!(ctx))

-            break;

-

-        EVP_DigestInit(ctx, EVP_sha1());

-        EVP_DigestUpdate(ctx, "\x31", 1);

-        EVP_DigestUpdate(ctx, attrs + 1, attrs_size - 1);

-        EVP_DigestFinal(ctx, sha1, NULL);

-        EVP_MD_CTX_destroy(ctx);

+        EVP_DigestInit(&ctx, EVP_sha1());

+        EVP_DigestUpdate(&ctx, "\x31", 1);

+        EVP_DigestUpdate(&ctx, attrs + 1, attrs_size - 1);

+        EVP_DigestFinal(&ctx, sha1, NULL);

 	} else {

-        ctx = EVP_MD_CTX_create();

-        if (!(ctx))

-            break;

-

-        EVP_DigestInit(ctx, EVP_md5());

-        EVP_DigestUpdate(ctx, "\x31", 1);

-        EVP_DigestUpdate(ctx, attrs + 1, attrs_size - 1);

-        EVP_DigestFinal(ctx, sha1, NULL);

-        EVP_MD_CTX_destroy(ctx);

+        EVP_DigestInit(&ctx, EVP_md5());

+        EVP_DigestUpdate(&ctx, "\x31", 1);

+        EVP_DigestUpdate(&ctx, attrs + 1, attrs_size - 1);

+        EVP_DigestFinal(&ctx, sha1, NULL);

 	}

 	if(!fmap_need_ptr_once(map, asn1.content, asn1.size)) {

@@ -905,7 +905,7 @@ void cache_remove(unsigned char *md5, size_t size, const struct cl_engine *engin

 int cache_check(unsigned char *hash, cli_ctx *ctx) {

     fmap_t *map;

     size_t todo, at = 0;

-    EVP_MD_CTX *hashctx;

+    EVP_MD_CTX hashctx;

     int ret;

     if(!ctx || !ctx->engine || !ctx->engine->cache)

@@ -919,10 +919,7 @@ int cache_check(unsigned char *hash, cli_ctx *ctx) {

     map = *ctx->fmap;

     todo = map->len;

-    hashctx = EVP_MD_CTX_create();

-    if (!(hashctx))

-        return CL_VIRUS;

-    EVP_DigestInit(hashctx, EVP_md5());

+    EVP_DigestInit(&hashctx, EVP_md5());

     while(todo) {

         const void *buf;

@@ -934,14 +931,13 @@ int cache_check(unsigned char *hash, cli_ctx *ctx) {

         todo -= readme;

         at += readme;

-        if (!EVP_DigestUpdate(hashctx, buf, readme)) {

+        if (!EVP_DigestUpdate(&hashctx, buf, readme)) {

             cli_errmsg("cache_check: error reading while generating hash!\n");

             return CL_EREAD;

         }

     }

-    EVP_DigestFinal(hashctx, hash, NULL);

-    EVP_MD_CTX_destroy(hashctx);

+    EVP_DigestFinal(&hashctx, hash, NULL);

     ret = cache_lookup_hash(hash, map->len, ctx->engine->cache, ctx->recursion);

     cli_dbgmsg("cache_check: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x is %s\n", hash[0], hash[1], hash[2], hash[3], hash[4], hash[5], hash[6], hash[7], hash[8], hash[9], hash[10], hash[11], hash[12], hash[13], hash[14], hash[15], (ret == CL_VIRUS) ? "negative" : "positive");

@@ -78,7 +78,7 @@ void cl_cleanup_crypto(void)

 unsigned char *cl_hash_data(char *alg, const void *buf, size_t len, unsigned char *obuf, unsigned int *olen)

 {

-    EVP_MD_CTX *ctx;

+    EVP_MD_CTX ctx;

     unsigned char *ret;

     size_t mdsz;

     const EVP_MD *md;

@@ -95,55 +95,42 @@ unsigned char *cl_hash_data(char *alg, const void *buf, size_t len, unsigned cha

     if (!(ret))

         return NULL;

-    ctx = EVP_MD_CTX_create();

-    if (!(ctx)) {

-        if (!(obuf))

-            free(ret);

-

-        return NULL;

-    }

-

-    if (!EVP_DigestInit(ctx, md)) {

+    if (!EVP_DigestInit(&ctx, md)) {

         if (!(obuf))

             free(ret);

         if ((olen))

             *olen = 0;

-        EVP_MD_CTX_destroy(ctx);

         return NULL;

     }

     cur=0;

     while (cur < len) {

         size_t todo = MIN(EVP_MD_block_size(md), len-cur);

-        if (!EVP_DigestUpdate(ctx, (void *)(((unsigned char *)buf)+cur), todo)) {

+        if (!EVP_DigestUpdate(&ctx, (void *)(((unsigned char *)buf)+cur), todo)) {

             if (!(obuf))

                 free(ret);

             if ((olen))

                 *olen = 0;

-            EVP_MD_CTX_destroy(ctx);

             return NULL;

         }

         cur += todo;

     }

-    if (!EVP_DigestFinal(ctx, ret, &i)) {

+    if (!EVP_DigestFinal(&ctx, ret, &i)) {

         if (!(obuf))

             free(ret);

         if ((olen))

             *olen = 0;

-        EVP_MD_CTX_destroy(ctx);

         return NULL;

     }

-    EVP_MD_CTX_destroy(ctx);

-

     if ((olen))

         *olen = i;

@@ -152,7 +139,7 @@ unsigned char *cl_hash_data(char *alg, const void *buf, size_t len, unsigned cha

 unsigned char *cl_hash_file_fd(int fd, char *alg, unsigned int *olen)

 {

-    EVP_MD_CTX *ctx;

+    EVP_MD_CTX ctx;

     const EVP_MD *md;

     unsigned char *res;

@@ -160,18 +147,12 @@ unsigned char *cl_hash_file_fd(int fd, char *alg, unsigned int *olen)

     if (!(md))

         return NULL;

-    ctx = EVP_MD_CTX_create();

-    if (!(ctx))

-        return NULL;

-

-    if (!EVP_DigestInit(ctx, md)) {

-        EVP_MD_CTX_destroy(ctx);

+    if (!EVP_DigestInit(&ctx, md)) {

         return NULL;

     }

-    res = cl_hash_file_fd_ctx(ctx, fd, olen);

+    res = cl_hash_file_fd_ctx(&ctx, fd, olen);

-    EVP_MD_CTX_destroy(ctx);

     return res;

 }

@@ -259,7 +240,7 @@ unsigned char *cl_sha1(const void *buf, size_t len, unsigned char *obuf, unsigne

 int cl_verify_signature_hash(EVP_PKEY *pkey, char *alg, unsigned char *sig, unsigned int siglen, unsigned char *digest)

 {

-    EVP_MD_CTX *ctx;

+    EVP_MD_CTX ctx;

     const EVP_MD *md;

     size_t mdsz;

@@ -269,33 +250,24 @@ int cl_verify_signature_hash(EVP_PKEY *pkey, char *alg, unsigned char *sig, unsi

     mdsz = EVP_MD_size(md);

-    ctx = EVP_MD_CTX_create();

-    if (!(ctx)) {

-        return -1;

-    }

-

-    if (!EVP_VerifyInit(ctx, md)) {

-        EVP_MD_CTX_destroy(ctx);

+    if (!EVP_VerifyInit(&ctx, md)) {

         return -1;

     }

-    if (!EVP_VerifyUpdate(ctx, digest, mdsz)) {

-        EVP_MD_CTX_destroy(ctx);

+    if (!EVP_VerifyUpdate(&ctx, digest, mdsz)) {

         return -1;

     }

-    if (EVP_VerifyFinal(ctx, sig, siglen, pkey) != 0) {

-        EVP_MD_CTX_destroy(ctx);

+    if (EVP_VerifyFinal(&ctx, sig, siglen, pkey) != 0) {

         return -1;

     }

-    EVP_MD_CTX_destroy(ctx);

     return 0;

 }

 int cl_verify_signature_fd(EVP_PKEY *pkey, char *alg, unsigned char *sig, unsigned int siglen, int fd)

 {

-    EVP_MD_CTX *ctx;

+    EVP_MD_CTX ctx;

     const EVP_MD *md;

     size_t mdsz;

     unsigned char *digest;

@@ -310,38 +282,28 @@ int cl_verify_signature_fd(EVP_PKEY *pkey, char *alg, unsigned char *sig, unsign

     mdsz = EVP_MD_size(md);

-    ctx = EVP_MD_CTX_create();

-    if (!(ctx)) {

-        free(digest);

-        return -1;

-    }

-

-    if (!EVP_VerifyInit(ctx, md)) {

+    if (!EVP_VerifyInit(&ctx, md)) {

         free(digest);

-        EVP_MD_CTX_destroy(ctx);

         return -1;

     }

-    if (!EVP_VerifyUpdate(ctx, digest, mdsz)) {

+    if (!EVP_VerifyUpdate(&ctx, digest, mdsz)) {

         free(digest);

-        EVP_MD_CTX_destroy(ctx);

         return -1;

     }

-    if (EVP_VerifyFinal(ctx, sig, siglen, pkey) != 0) {

+    if (EVP_VerifyFinal(&ctx, sig, siglen, pkey) != 0) {

         free(digest);

-        EVP_MD_CTX_destroy(ctx);

         return -1;

     }

-    EVP_MD_CTX_destroy(ctx);

     free(digest);

     return 0;

 }

 int cl_verify_signature(EVP_PKEY *pkey, char *alg, unsigned char *sig, unsigned int siglen, unsigned char *data, size_t datalen, int decode)

 {

-    EVP_MD_CTX *ctx;

+    EVP_MD_CTX ctx;

     const EVP_MD *md;

     size_t mdsz;

     unsigned char *digest;

@@ -377,8 +339,7 @@ int cl_verify_signature(EVP_PKEY *pkey, char *alg, unsigned char *sig, unsigned

     mdsz = EVP_MD_size(md);

-    ctx = EVP_MD_CTX_create();

-    if (!(ctx)) {

+    if (!EVP_VerifyInit(&ctx, md)) {

         free(digest);

         if (decode)

             free(sig);

@@ -386,9 +347,7 @@ int cl_verify_signature(EVP_PKEY *pkey, char *alg, unsigned char *sig, unsigned

         return -1;

     }

-    if (!EVP_VerifyInit(ctx, md)) {

-        EVP_MD_CTX_destroy(ctx);

-

+    if (!EVP_VerifyUpdate(&ctx, digest, mdsz)) {

         free(digest);

         if (decode)

             free(sig);

@@ -396,9 +355,7 @@ int cl_verify_signature(EVP_PKEY *pkey, char *alg, unsigned char *sig, unsigned

         return -1;

     }

-    if (!EVP_VerifyUpdate(ctx, digest, mdsz)) {

-        EVP_MD_CTX_destroy(ctx);

-

+    if (EVP_VerifyFinal(&ctx, sig, siglen, pkey) != 0) {

         free(digest);

         if (decode)

             free(sig);

@@ -406,18 +363,6 @@ int cl_verify_signature(EVP_PKEY *pkey, char *alg, unsigned char *sig, unsigned

         return -1;

     }

-    if (EVP_VerifyFinal(ctx, sig, siglen, pkey) != 0) {

-        EVP_MD_CTX_destroy(ctx);

-

-        free(digest);

-        if (decode)

-            free(sig);

-

-        return -1;

-    }

-

-    EVP_MD_CTX_destroy(ctx);

-

     if (decode)

         free(sig);

@@ -579,7 +524,7 @@ unsigned char *cl_sign_data_keyfile(char *keypath, char *alg, unsigned char *has

 unsigned char *cl_sign_data(EVP_PKEY *pkey, char *alg, unsigned char *hash, unsigned int *olen, int encode)

 {

-    EVP_MD_CTX *ctx;

+    EVP_MD_CTX ctx;

     const EVP_MD *md;

     unsigned int siglen;

     unsigned char *sig;

@@ -588,35 +533,25 @@ unsigned char *cl_sign_data(EVP_PKEY *pkey, char *alg, unsigned char *hash, unsi

     if (!(md))

         return NULL;

-    ctx = EVP_MD_CTX_create();

-    if (!(ctx)) {

-        free(hash);

-        return NULL;

-    }

-

     sig = (unsigned char *)calloc(1, EVP_PKEY_size(pkey));

     if (!(sig)) {

-        EVP_MD_CTX_destroy(ctx);

         free(hash);

         return NULL;

     }

-    if (!EVP_SignInit(ctx, md)) {

-        EVP_MD_CTX_destroy(ctx);

+    if (!EVP_SignInit(&ctx, md)) {

         free(sig);

         free(hash);

         return NULL;

     }

-    if (!EVP_SignUpdate(ctx, hash, EVP_MD_size(md))) {

-        EVP_MD_CTX_destroy(ctx);

+    if (!EVP_SignUpdate(&ctx, hash, EVP_MD_size(md))) {

         free(sig);

         free(hash);

         return NULL;

     }

-    if (!EVP_SignFinal(ctx, sig, &siglen, pkey)) {

-        EVP_MD_CTX_destroy(ctx);

+    if (!EVP_SignFinal(&ctx, sig, &siglen, pkey)) {

         free(sig);

         free(hash);

         return NULL;

@@ -625,7 +560,6 @@ unsigned char *cl_sign_data(EVP_PKEY *pkey, char *alg, unsigned char *hash, unsi

     if (encode) {

         unsigned char *newsig = (unsigned char *)cl_base64_encode(sig, siglen);

         if (!(newsig)) {

-            EVP_MD_CTX_destroy(ctx);

             free(sig);

             free(hash);

             return NULL;

@@ -636,7 +570,6 @@ unsigned char *cl_sign_data(EVP_PKEY *pkey, char *alg, unsigned char *hash, unsi

         siglen = (unsigned int)strlen((const char *)newsig);

     }

-    EVP_MD_CTX_destroy(ctx);

     free(hash);

     *olen = siglen;

@@ -315,12 +315,7 @@ static int cli_tgzload(int fd, struct cl_engine *engine, unsigned int *signo, un

 	dbio->readsize = dbio->size < dbio->bufsize ? dbio->size : dbio->bufsize - 1;

 	dbio->bufpt = NULL;

 	dbio->readpt = dbio->buf;

-    dbio->hashctx = EVP_MD_CTX_create();

-    if (!(dbio->hashctx)) {

-        cli_tgzload_cleanup(compr, dbio, fdd);

-        return CL_EMALFDB;;

-    }

-    EVP_DigestInit(dbio->hashctx, EVP_sha256());

+    EVP_DigestInit(&(dbio->hashctx), EVP_sha256());

 	dbio->bread = 0;

 	/* cli_dbgmsg("cli_tgzload: Loading %s, size: %u\n", name, size); */

@@ -354,7 +349,7 @@ static int cli_tgzload(int fd, struct cl_engine *engine, unsigned int *signo, un

 			cli_tgzload_cleanup(compr, dbio, fdd);

 			return CL_EMALFDB;

 		    }

-            EVP_DigestFinal(dbio->hashctx, hash, NULL);

+            EVP_DigestFinal(&(dbio->hashctx), hash, NULL);

 		    if(memcmp(db->hash, hash, 32)) {

 			cli_errmsg("cli_tgzload: Invalid checksum for file %s\n", name);

 			cli_tgzload_cleanup(compr, dbio, fdd);

@@ -32,7 +32,7 @@ struct cli_dbio {

     char *buf, *bufpt, *readpt;

     unsigned int usebuf, bufsize, readsize;

     unsigned int chkonly;

-    EVP_MD_CTX *hashctx;

+    EVP_MD_CTX hashctx;

 };

 int cli_cvdload(FILE *fs, struct cl_engine *engine, unsigned int *signo, unsigned int options, unsigned int dbtype, const char *filename, unsigned int chkonly);

@@ -158,7 +158,7 @@ int cli_versig2(const unsigned char *sha256, const char *dsig_str, const char *n

 	unsigned char *decoded, digest1[HASH_LEN], digest2[HASH_LEN], digest3[HASH_LEN], *salt;

 	unsigned char mask[BLK_LEN], data[BLK_LEN], final[8 + 2 * HASH_LEN], c[4];

 	unsigned int i, rounds;

-    EVP_MD_CTX *ctx;

+    EVP_MD_CTX ctx;

 	mp_int n, e;

     mp_init(&e);

@@ -187,15 +187,10 @@ int cli_versig2(const unsigned char *sha256, const char *dsig_str, const char *n

 	c[2] = (unsigned char) (i / 256);

 	c[3] = (unsigned char) i;

-    ctx = EVP_MD_CTX_create();

-    if (!(ctx))

-        return CL_EVERIFY;

-

-    EVP_DigestInit(ctx, EVP_sha256());

-	EVP_DigestUpdate(ctx, digest2, HASH_LEN);

-	EVP_DigestUpdate(ctx, c, 4);

-	EVP_DigestFinal(ctx, digest3, NULL);

-    EVP_MD_CTX_destroy(ctx);

+    EVP_DigestInit(&ctx, EVP_sha256());

+	EVP_DigestUpdate(&ctx, digest2, HASH_LEN);

+	EVP_DigestUpdate(&ctx, c, 4);

+	EVP_DigestFinal(&ctx, digest3, NULL);

 	if(i + 1 == rounds)

             memcpy(&data[i * 32], digest3, BLK_LEN - i * HASH_LEN);

 	else

@@ -217,14 +212,9 @@ int cli_versig2(const unsigned char *sha256, const char *dsig_str, const char *n

     memcpy(&final[8], sha256, HASH_LEN);

     memcpy(&final[8 + HASH_LEN], salt, SALT_LEN);

-    ctx = EVP_MD_CTX_create();

-    if (!(ctx))

-        return CL_EVERIFY;

-

-    EVP_DigestInit(ctx, EVP_sha256());

-	EVP_DigestUpdate(ctx, final, sizeof(final));

-	EVP_DigestFinal(ctx, digest1, NULL);

-    EVP_MD_CTX_destroy(ctx);

+    EVP_DigestInit(&ctx, EVP_sha256());

+	EVP_DigestUpdate(&ctx, final, sizeof(final));

+	EVP_DigestFinal(&ctx, digest1, NULL);

     return memcmp(digest1, digest2, HASH_LEN) ? CL_EVERIFY : CL_SUCCESS;

 }

@@ -718,48 +718,22 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli

     const char *virname = NULL;

     uint32_t viroffset = 0;

     uint32_t viruses_found = 0;

-    EVP_MD_CTX *md5ctx, *sha1ctx, *sha256ctx;

+    EVP_MD_CTX md5ctx, sha1ctx, sha256ctx;

     if(!ctx->engine) {

         cli_errmsg("cli_scandesc: engine == NULL\n");

         return CL_ENULLARG;

     }

-    md5ctx = EVP_MD_CTX_create();

-    if (!(md5ctx))

-        return CL_CLEAN;

-

-    sha1ctx = EVP_MD_CTX_create();

-    if (!(sha1ctx)) {

-        EVP_MD_CTX_destroy(md5ctx);

-        return CL_CLEAN;

-    }

-

-    sha256ctx = EVP_MD_CTX_create();

-    if (!(sha256ctx)) {

-        EVP_MD_CTX_destroy(md5ctx);

-        EVP_MD_CTX_destroy(sha1ctx);

+    if (!EVP_DigestInit(&md5ctx, EVP_md5())) {

         return CL_CLEAN;

     }

-    if (!EVP_DigestInit(md5ctx, EVP_md5())) {

-        EVP_MD_CTX_destroy(md5ctx);

-        EVP_MD_CTX_destroy(sha1ctx);

-        EVP_MD_CTX_destroy(sha256ctx);

+    if (!EVP_DigestInit(&sha1ctx, EVP_sha1())) {

         return CL_CLEAN;

     }

-    if (!EVP_DigestInit(sha1ctx, EVP_sha1())) {

-        EVP_MD_CTX_destroy(md5ctx);

-        EVP_MD_CTX_destroy(sha1ctx);

-        EVP_MD_CTX_destroy(sha256ctx);

-        return CL_CLEAN;

-    }

-

-    if (!EVP_DigestInit(sha256ctx, EVP_sha256())) {

-        EVP_MD_CTX_destroy(md5ctx);

-        EVP_MD_CTX_destroy(sha1ctx);

-        EVP_MD_CTX_destroy(sha256ctx);

+    if (!EVP_DigestInit(&sha256ctx, EVP_sha256())) {

         return CL_CLEAN;

     }

@@ -795,9 +769,6 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli

                 free(info.exeinfo.section);

             cli_hashset_destroy(&info.exeinfo.vinfo);

-            EVP_MD_CTX_destroy(md5ctx);

-            EVP_MD_CTX_destroy(sha1ctx);

-            EVP_MD_CTX_destroy(sha256ctx);

             return ret;

         }

     }

@@ -810,9 +781,6 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli

                 free(info.exeinfo.section);

             cli_hashset_destroy(&info.exeinfo.vinfo);

-            EVP_MD_CTX_destroy(md5ctx);

-            EVP_MD_CTX_destroy(sha1ctx);

-            EVP_MD_CTX_destroy(sha256ctx);

             return ret;

         }

         if(troot->bm_offmode) {

@@ -826,9 +794,6 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli

                         free(info.exeinfo.section);

                     cli_hashset_destroy(&info.exeinfo.vinfo);

-                    EVP_MD_CTX_destroy(md5ctx);

-                    EVP_MD_CTX_destroy(sha1ctx);

-                    EVP_MD_CTX_destroy(sha256ctx);

                     return ret;

                 }

@@ -895,9 +860,6 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli

                     free(info.exeinfo.section);

                 cli_hashset_destroy(&info.exeinfo.vinfo);

-                EVP_MD_CTX_destroy(md5ctx);

-                EVP_MD_CTX_destroy(sha1ctx);

-                EVP_MD_CTX_destroy(sha256ctx);

                 return ret;

             }

         }

@@ -934,11 +896,11 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli

                 uint32_t data_len = bytes - maxpatlen * (offset!=0);

                 if(compute_hash[CLI_HASH_MD5])

-                    EVP_DigestUpdate(md5ctx, data, data_len);

+                    EVP_DigestUpdate(&md5ctx, data, data_len);

                 if(compute_hash[CLI_HASH_SHA1])

-                    EVP_DigestUpdate(sha1ctx, data, data_len);

+                    EVP_DigestUpdate(&sha1ctx, data, data_len);

                 if(compute_hash[CLI_HASH_SHA256])

-                    EVP_DigestUpdate(sha256ctx, data, data_len);

+                    EVP_DigestUpdate(&sha256ctx, data, data_len);

             }

         }

@@ -957,13 +919,13 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli

         enum CLI_HASH_TYPE hashtype, hashtype2;

         if(compute_hash[CLI_HASH_MD5])

-            EVP_DigestFinal(md5ctx, digest[CLI_HASH_MD5], NULL);

+            EVP_DigestFinal(&md5ctx, digest[CLI_HASH_MD5], NULL);

         if(refhash)

             compute_hash[CLI_HASH_MD5] = 1;

         if(compute_hash[CLI_HASH_SHA1])

-            EVP_DigestFinal(sha1ctx, digest[CLI_HASH_SHA1], NULL);

+            EVP_DigestFinal(&sha1ctx, digest[CLI_HASH_SHA1], NULL);

         if(compute_hash[CLI_HASH_SHA256])

-            EVP_DigestFinal(sha256ctx, digest[CLI_HASH_SHA256], NULL);

+            EVP_DigestFinal(&sha256ctx, digest[CLI_HASH_SHA256], NULL);

         virname = NULL;

         for(hashtype = CLI_HASH_MD5; hashtype < CLI_HASH_AVAIL_TYPES; hashtype++) {

@@ -1020,10 +982,6 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli

         }

     }

-    EVP_MD_CTX_destroy(md5ctx);

-    EVP_MD_CTX_destroy(sha1ctx);

-    EVP_MD_CTX_destroy(sha256ctx);

-

     if(troot) {

         if(ret != CL_VIRUS || SCAN_ALL)

             ret = cli_lsig_eval(ctx, troot, &tdata, &info, refhash);

@@ -2796,7 +2796,6 @@ rfc1341(message *m, const char *dir)

 	int n;

 	char pdir[NAME_MAX + 1];

 	unsigned char md5_val[16];

-	EVP_MD_CTX *ctx;

 	char *md5_hex;

 	id = (char *)messageFindArgument(m, "id");

@@ -2853,14 +2852,7 @@ rfc1341(message *m, const char *dir)

 	}

 	n = atoi(number);

-    ctx = EVP_MD_CTX_create();

-    if (!(ctx)) {

-        free(id);

-        return CL_EMEM;

-    }

-    EVP_DigestInit(ctx, EVP_md5());

-    EVP_DigestUpdate(ctx, id, strlen(id));

-    EVP_DigestFinal(ctx, md5_val, NULL);

+    cl_hash_data("md5", id, strlen(id), md5_val, NULL);

 	md5_hex = cli_str2hex((const char*)md5_val, 16);

 	if(!md5_hex) {

@@ -864,24 +864,19 @@ char *cli_hashstream(FILE *fs, unsigned char *digcpy, int type)

     char buff[FILEBUFF];

     char *hashstr, *pt;

     int i, bytes, size;

-    EVP_MD_CTX *ctx;

-

-    ctx = EVP_MD_CTX_create();

-    if (!(ctx))

-        return NULL;

+    EVP_MD_CTX ctx;

     if(type == 1)

-        EVP_DigestInit(ctx, EVP_md5());

+        EVP_DigestInit(&ctx, EVP_md5());

     else if(type == 2)

-        EVP_DigestInit(ctx, EVP_sha1());

+        EVP_DigestInit(&ctx, EVP_sha1());

     else

-        EVP_DigestInit(ctx, EVP_sha256());

+        EVP_DigestInit(&ctx, EVP_sha256());

     while((bytes = fread(buff, 1, FILEBUFF, fs)))

-        EVP_DigestUpdate(ctx, buff, bytes);

+        EVP_DigestUpdate(&ctx, buff, bytes);

-    EVP_DigestFinal(ctx, digest, &size);

-    EVP_MD_CTX_destroy(ctx);

+    EVP_DigestFinal(&ctx, digest, &size);

     if(!(hashstr = (char *) cli_calloc(size*2 + 1, sizeof(char))))

         return NULL;

@@ -2800,7 +2800,7 @@ int cli_checkfp_pe(cli_ctx *ctx, uint8_t *authsha1, stats_section_t *hashes, uin

     struct cli_exe_section *exe_sections;

     struct pe_image_data_dir *dirs;

     fmap_t *map = *ctx->fmap;

-    EVP_MD_CTX *hashctx;

+    EVP_MD_CTX hashctx;

     if (flags & CL_CHECKFP_PE_FLAG_STATS)

         if (!(hashes))

@@ -2939,13 +2939,7 @@ int cli_checkfp_pe(cli_ctx *ctx, uint8_t *authsha1, stats_section_t *hashes, uin

             }

         }

-        hashctx = EVP_MD_CTX_create();

-        if (!(hashctx)) {

-            free(exe_sections);

-            return CL_EMEM;

-        }

-

-        EVP_DigestInit(hashctx, EVP_sha1());

+        EVP_DigestInit(&hashctx, EVP_sha1());

     }

 #define hash_chunk(where, size, isStatAble, section) \

@@ -2957,16 +2951,12 @@ int cli_checkfp_pe(cli_ctx *ctx, uint8_t *authsha1, stats_section_t *hashes, uin

             return CL_EFORMAT; \

         } \

         if (flags & CL_CHECKFP_PE_FLAG_AUTHENTICODE) \

-            EVP_DigestUpdate(hashctx, hptr, size); \

+            EVP_DigestUpdate(&hashctx, hptr, size); \

         if (isStatAble && flags & CL_CHECKFP_PE_FLAG_STATS) { \

-            EVP_MD_CTX *md5ctx; \

-            md5ctx = EVP_MD_CTX_create(); \

-            if ((md5ctx)) { \

-                EVP_DigestInit(md5ctx, EVP_md5()); \

-                EVP_DigestUpdate(md5ctx, hptr, size); \

-                EVP_DigestFinal(md5ctx, hashes->sections[section].md5, NULL); \

-                EVP_MD_CTX_destroy(md5ctx); \

-            } \

+            EVP_MD_CTX md5ctx; \

+            EVP_DigestInit(&md5ctx, EVP_md5()); \

+            EVP_DigestUpdate(&md5ctx, hptr, size); \

+            EVP_DigestFinal(&md5ctx, hashes->sections[section].md5, NULL); \

         } \

     } while(0)

@@ -3018,11 +3008,9 @@ int cli_checkfp_pe(cli_ctx *ctx, uint8_t *authsha1, stats_section_t *hashes, uin

             hlen = fsize - at;

             if(dirs[4].Size > hlen) {

                 if (flags & CL_CHECKFP_PE_FLAG_STATS) {

-                    EVP_MD_CTX_destroy(hashctx);

                     flags ^= CL_CHECKFP_PE_FLAG_AUTHENTICODE;

                     break;

                 } else {

-                    EVP_MD_CTX_destroy(hashctx);

                     free(exe_sections);

                     return CL_EFORMAT;

                 }

@@ -3039,8 +3027,7 @@ int cli_checkfp_pe(cli_ctx *ctx, uint8_t *authsha1, stats_section_t *hashes, uin

     free(exe_sections);

     if (flags & CL_CHECKFP_PE_FLAG_AUTHENTICODE) {

-        EVP_DigestFinal(hashctx, authsha1, NULL);

-        EVP_MD_CTX_destroy(hashctx);

+        EVP_DigestFinal(&hashctx, authsha1, NULL);

         if(cli_debug_flag) {

             char shatxt[SHA1_HASH_SIZE*2+1];

@@ -1202,18 +1202,13 @@ static int hash_match(const struct regex_matcher *rlist, const char *host, size_

 	    unsigned char h[65];

 	    unsigned char sha256_dig[32];

 	    unsigned i;

-        EVP_MD_CTX *sha256;

+        EVP_MD_CTX sha256;

-        sha256 = EVP_MD_CTX_create();

-        if (!(sha256))

-            return CL_SUCCESS;

+        EVP_DigestInit(&sha256, EVP_sha256());

+        EVP_DigestUpdate(&sha256, host, hlen);

+        EVP_DigestUpdate(&sha256, path, plen);

+        EVP_DigestFinal(&sha256, sha256_dig, NULL);

-        EVP_DigestInit(sha256, EVP_sha256());

-        EVP_DigestUpdate(sha256, host, hlen);

-        EVP_DigestUpdate(sha256, path, plen);

-        EVP_DigestFinal(sha256, sha256_dig, NULL);

-

-        EVP_MD_CTX_destroy(sha256);

 	    for(i=0;i<32;i++) {

 		h[2*i] = hexchars[sha256_dig[i]>>4];

 		h[2*i+1] = hexchars[sha256_dig[i]&0xf];

@@ -420,8 +420,7 @@ char *cli_dbgets(char *buff, unsigned int size, FILE *fs, struct cli_dbio *dbio)

 		dbio->bufpt = dbio->buf;

 		dbio->size -= bread;

 		dbio->bread += bread;

-        if ((dbio->hashctx))

-            EVP_DigestUpdate(dbio->hashctx, dbio->readpt, bread);

+        EVP_DigestUpdate(&(dbio->hashctx), dbio->readpt, bread);

 	    }

 	    if(dbio->chkonly && dbio->bufpt) {

 		dbio->bufpt = NULL;

@@ -478,8 +477,7 @@ char *cli_dbgets(char *buff, unsigned int size, FILE *fs, struct cli_dbio *dbio)

 	bs = strlen(buff);

 	dbio->size -= bs;

 	dbio->bread += bs;

-    if ((dbio->hashctx))

-        EVP_DigestUpdate(dbio->hashctx, buff, bs);

+    EVP_DigestUpdate(&(dbio->hashctx), buff, bs);

 	return pt;

     }

 }

@@ -64,3 +64,13 @@

     fun:sendmmsg

     ...

 }

+{

+    openssl-leak-01

+    Memcheck:Leak

+    fun:malloc

+    ...

+    fun:CRYPTO_malloc

+    ...

+    fun:EVP_DigestInit_ex

+    ...

+}