@@ -58,7 +58,11 @@ void XzCheck_Init(CXzCheck *p, int mode)

   {

     case XZ_CHECK_CRC32: p->crc = CRC_INIT_VAL; break;

     case XZ_CHECK_CRC64: p->crc64 = CRC64_INIT_VAL; break;

-    case XZ_CHECK_SHA256: EVP_DigestInit(&p->sha, EVP_sha256()); break;

+    case XZ_CHECK_SHA256:

+        p->sha = EVP_MD_CTX_create();

+        if ((p->sha))

+            EVP_DigestInit_ex(p->sha, EVP_sha256(), NULL);

+        break;

   }

 }

@@ -68,7 +72,10 @@ void XzCheck_Update(CXzCheck *p, const void *data, size_t size)

   {

     case XZ_CHECK_CRC32: p->crc = CrcUpdate(p->crc, data, size); break;

     case XZ_CHECK_CRC64: p->crc64 = Crc64Update(p->crc64, data, size); break;

-    case XZ_CHECK_SHA256: EVP_DigestUpdate(&p->sha, (const Byte *)data, size); break;

+    case XZ_CHECK_SHA256:

+        if ((p->sha))

+            EVP_DigestUpdate(p->sha, (const Byte *)data, size);

+        break;

   }

 }

@@ -88,8 +95,11 @@ int XzCheck_Final(CXzCheck *p, Byte *digest)

       break;

     }

     case XZ_CHECK_SHA256:

-      EVP_DigestFinal(&p->sha, digest, NULL);

-      EVP_MD_CTX_cleanup(&(p->sha));

+      if (!(p->sha))

+          return 0;

+

+      EVP_DigestFinal_ex(p->sha, digest, NULL);

+      EVP_MD_CTX_destroy(p->sha);

       break;

     default:

       return 0;

@@ -81,7 +81,7 @@ typedef struct

   int mode;

   UInt32 crc;

   UInt64 crc64;

-  EVP_MD_CTX sha;

+  EVP_MD_CTX *sha;

 } CXzCheck;

 void XzCheck_Init(CXzCheck *p, int mode);

@@ -217,7 +217,7 @@ typedef struct

   CMixCoder decoder;

   CXzBlock block;

   CXzCheck check;

-  EVP_MD_CTX sha;

+  EVP_MD_CTX *sha;

   Byte shaDigest[SHA256_DIGEST_SIZE];

   Byte buf[XZ_BLOCK_HEADER_SIZE_MAX];

 } CXzUnpacker;

@@ -651,7 +651,8 @@ SRes XzUnpacker_Code(CXzUnpacker *p, Byte *dest, SizeT *destLen,

         Byte temp[32];

         unsigned num = Xz_WriteVarInt(temp, p->packSize + p->blockHeaderSize + XzFlags_GetCheckSize(p->streamFlags));

         num += Xz_WriteVarInt(temp + num, p->unpackSize);

-        EVP_DigestUpdate(&p->sha, temp, num);

+        if ((p->sha))

+            EVP_DigestUpdate(p->sha, temp, num);

         p->indexSize += num;

         p->numBlocks++;

@@ -686,7 +687,9 @@ SRes XzUnpacker_Code(CXzUnpacker *p, Byte *dest, SizeT *destLen,

         {

           RINOK(Xz_ParseHeader(&p->streamFlags, p->buf));

           p->state = XZ_STATE_BLOCK_HEADER;

-          EVP_DigestInit(&p->sha, EVP_sha256());

+          p->sha = EVP_MD_CTX_create();

+          if ((p->sha))

+              EVP_DigestInit_ex(p->sha, EVP_sha256(), NULL);

           p->indexSize = 0;

           p->numBlocks = 0;

           p->pos = 0;

@@ -705,9 +708,13 @@ SRes XzUnpacker_Code(CXzUnpacker *p, Byte *dest, SizeT *destLen,

             p->indexPreSize = 1 + Xz_WriteVarInt(p->buf + 1, p->numBlocks);

             p->indexPos = p->indexPreSize;

             p->indexSize += p->indexPreSize;

-            EVP_DigestFinal(&p->sha, p->shaDigest, NULL);

-            EVP_MD_CTX_cleanup(&p->sha);

-            EVP_DigestInit(&p->sha, EVP_sha256());

+            if ((p->sha)) {

+                EVP_DigestFinal_ex(p->sha, p->shaDigest, NULL);

+                EVP_MD_CTX_destroy(p->sha);

+                p->sha = EVP_MD_CTX_create();

+                if ((p->sha))

+                    EVP_DigestInit_ex(p->sha, EVP_sha256(), NULL);

+            }

             p->crc = CrcUpdate(CRC_INIT_VAL, p->buf, p->indexPreSize);

             p->state = XZ_STATE_STREAM_INDEX;

           }

@@ -785,7 +792,8 @@ SRes XzUnpacker_Code(CXzUnpacker *p, Byte *dest, SizeT *destLen,

             if (srcRem > cur)

               srcRem = (SizeT)cur;

             p->crc = CrcUpdate(p->crc, src, srcRem);

-            EVP_DigestUpdate(&p->sha, src, srcRem);

+            if ((p->sha))

+                EVP_DigestUpdate(p->sha, src, srcRem);

             (*srcLen) += srcRem;

             src += srcRem;

             p->indexPos += srcRem;

@@ -806,8 +814,11 @@ SRes XzUnpacker_Code(CXzUnpacker *p, Byte *dest, SizeT *destLen,

             p->state = XZ_STATE_STREAM_INDEX_CRC;

             p->indexSize += 4;

             p->pos = 0;

-            EVP_DigestFinal(&p->sha, digest, NULL);

-            EVP_MD_CTX_cleanup(&p->sha);

+            if ((p->sha)) {

+                EVP_DigestFinal_ex(p->sha, digest, NULL);

+                EVP_MD_CTX_destroy(p->sha);

+            }

+

             if (memcmp(digest, p->shaDigest, SHA256_DIGEST_SIZE) != 0)

               return SZ_ERROR_CRC;

           }

@@ -731,7 +731,7 @@ static int asn1_parse_mscat(fmap_t *map, size_t offset, unsigned int size, crtmg

     unsigned int dsize, message_size, attrs_size;

     cli_crt_hashtype hashtype;

     cli_crt *x509;

-    EVP_MD_CTX ctx;

+    EVP_MD_CTX *ctx;

     int result;

     int isBlacklisted = 0;

@@ -1021,11 +1021,15 @@ static int asn1_parse_mscat(fmap_t *map, size_t offset, unsigned int size, crtmg

 	    break;

 	}

-    EVP_DigestInit(&ctx, EVP_sha1());

-	EVP_DigestUpdate(&ctx, "\x31", 1);

-	EVP_DigestUpdate(&ctx, attrs + 1, attrs_size - 1);

-	EVP_DigestFinal(&ctx, sha1, NULL);

-    EVP_MD_CTX_cleanup(&ctx);

+    ctx = EVP_MD_CTX_create();

+    if (!(ctx))

+        break;

+

+    EVP_DigestInit_ex(ctx, EVP_sha1(), NULL);

+	EVP_DigestUpdate(ctx, "\x31", 1);

+	EVP_DigestUpdate(ctx, attrs + 1, attrs_size - 1);

+	EVP_DigestFinal_ex(ctx, sha1, NULL);

+    EVP_MD_CTX_destroy(ctx);

 	if(!fmap_need_ptr_once(map, asn1.content, asn1.size)) {

 	    cli_dbgmsg("asn1_parse_mscat: failed to read encryptedDigest\n");

@@ -1263,17 +1267,25 @@ static int asn1_parse_mscat(fmap_t *map, size_t offset, unsigned int size, crtmg

 	}

 	if(hashtype == CLI_SHA1RSA) {

-        EVP_DigestInit(&ctx, EVP_sha1());

-        EVP_DigestUpdate(&ctx, "\x31", 1);

-        EVP_DigestUpdate(&ctx, attrs + 1, attrs_size - 1);

-        EVP_DigestFinal(&ctx, sha1, NULL);

-        EVP_MD_CTX_cleanup(&ctx);

+        ctx = EVP_MD_CTX_create();

+        if (!(ctx))

+            break;

+

+        EVP_DigestInit_ex(ctx, EVP_sha1(), NULL);

+        EVP_DigestUpdate(ctx, "\x31", 1);

+        EVP_DigestUpdate(ctx, attrs + 1, attrs_size - 1);

+        EVP_DigestFinal_ex(ctx, sha1, NULL);

+        EVP_MD_CTX_destroy(ctx);

 	} else {

-        EVP_DigestInit(&ctx, EVP_md5());

-        EVP_DigestUpdate(&ctx, "\x31", 1);

-        EVP_DigestUpdate(&ctx, attrs + 1, attrs_size - 1);

-        EVP_DigestFinal(&ctx, sha1, NULL);

-        EVP_MD_CTX_cleanup(&ctx);

+        ctx = EVP_MD_CTX_create();

+        if (!(ctx))

+            break;

+

+        EVP_DigestInit_ex(ctx, EVP_md5(), NULL);

+        EVP_DigestUpdate(ctx, "\x31", 1);

+        EVP_DigestUpdate(ctx, attrs + 1, attrs_size - 1);

+        EVP_DigestFinal_ex(ctx, sha1, NULL);

+        EVP_MD_CTX_destroy(ctx);

 	}

 	if(!fmap_need_ptr_once(map, asn1.content, asn1.size)) {

@@ -905,7 +905,7 @@ void cache_remove(unsigned char *md5, size_t size, const struct cl_engine *engin

 int cache_check(unsigned char *hash, cli_ctx *ctx) {

     fmap_t *map;

     size_t todo, at = 0;

-    EVP_MD_CTX hashctx;

+    EVP_MD_CTX *hashctx;

     int ret;

     if(!ctx || !ctx->engine || !ctx->engine->cache)

@@ -919,7 +919,11 @@ int cache_check(unsigned char *hash, cli_ctx *ctx) {

     map = *ctx->fmap;

     todo = map->len;

-    EVP_DigestInit(&hashctx, EVP_md5());

+    hashctx = EVP_MD_CTX_create();

+    if (!(hashctx))

+        return CL_VIRUS;

+

+    EVP_DigestInit_ex(hashctx, EVP_md5(), NULL);

     while(todo) {

         const void *buf;

@@ -931,14 +935,14 @@ int cache_check(unsigned char *hash, cli_ctx *ctx) {

         todo -= readme;

         at += readme;

-        if (!EVP_DigestUpdate(&hashctx, buf, readme)) {

+        if (!EVP_DigestUpdate(hashctx, buf, readme)) {

             cli_errmsg("cache_check: error reading while generating hash!\n");

             return CL_EREAD;

         }

     }

-    EVP_DigestFinal(&hashctx, hash, NULL);

-    EVP_MD_CTX_cleanup(&hashctx);

+    EVP_DigestFinal_ex(hashctx, hash, NULL);

+    EVP_MD_CTX_destroy(hashctx);

     ret = cache_lookup_hash(hash, map->len, ctx->engine->cache, ctx->recursion);

     cli_dbgmsg("cache_check: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x is %s\n", hash[0], hash[1], hash[2], hash[3], hash[4], hash[5], hash[6], hash[7], hash[8], hash[9], hash[10], hash[11], hash[12], hash[13], hash[14], hash[15], (ret == CL_VIRUS) ? "negative" : "positive");

@@ -78,7 +78,7 @@ void cl_cleanup_crypto(void)

 unsigned char *cl_hash_data(char *alg, const void *buf, size_t len, unsigned char *obuf, unsigned int *olen)

 {

-    EVP_MD_CTX ctx;

+    EVP_MD_CTX *ctx;

     unsigned char *ret;

     size_t mdsz;

     const EVP_MD *md;

@@ -95,43 +95,54 @@ unsigned char *cl_hash_data(char *alg, const void *buf, size_t len, unsigned cha

     if (!(ret))

         return NULL;

-    if (!EVP_DigestInit(&ctx, md)) {

+    ctx = EVP_MD_CTX_create();

+    if (!(ctx)) {

+        if (!(obuf))

+            free(ret);

+

+        return NULL;

+    }

+

+    if (!EVP_DigestInit_ex(ctx, md, NULL)) {

         if (!(obuf))

             free(ret);

         if ((olen))

             *olen = 0;

+        EVP_MD_CTX_destroy(ctx);

         return NULL;

     }

     cur=0;

     while (cur < len) {

         size_t todo = MIN(EVP_MD_block_size(md), len-cur);

-        if (!EVP_DigestUpdate(&ctx, (void *)(((unsigned char *)buf)+cur), todo)) {

+        if (!EVP_DigestUpdate(ctx, (void *)(((unsigned char *)buf)+cur), todo)) {

             if (!(obuf))

                 free(ret);

             if ((olen))

                 *olen = 0;

+            EVP_MD_CTX_destroy(ctx);

             return NULL;

         }

         cur += todo;

     }

-    if (!EVP_DigestFinal(&ctx, ret, &i)) {

+    if (!EVP_DigestFinal_ex(ctx, ret, &i)) {

         if (!(obuf))

             free(ret);

         if ((olen))

             *olen = 0;

+        EVP_MD_CTX_destroy(ctx);

         return NULL;

     }

-    EVP_MD_CTX_cleanup(&ctx);

+    EVP_MD_CTX_destroy(ctx);

     if ((olen))

         *olen = i;

@@ -141,7 +152,7 @@ unsigned char *cl_hash_data(char *alg, const void *buf, size_t len, unsigned cha

 unsigned char *cl_hash_file_fd(int fd, char *alg, unsigned int *olen)

 {

-    EVP_MD_CTX ctx;

+    EVP_MD_CTX *ctx;

     const EVP_MD *md;

     unsigned char *res;

@@ -149,11 +160,17 @@ unsigned char *cl_hash_file_fd(int fd, char *alg, unsigned int *olen)

     if (!(md))

         return NULL;

-    if (!EVP_DigestInit(&ctx, md)) {

+    ctx = EVP_MD_CTX_create();

+    if (!(ctx))

+        return NULL;

+

+    if (!EVP_DigestInit_ex(ctx, md, NULL)) {

+        EVP_MD_CTX_destroy(ctx);

         return NULL;

     }

-    res = cl_hash_file_fd_ctx(&ctx, fd, olen);

+    res = cl_hash_file_fd_ctx(ctx, fd, olen);

+    EVP_MD_CTX_destroy(ctx);

     return res;

 }

@@ -210,15 +227,13 @@ unsigned char *cl_hash_file_fd_ctx(EVP_MD_CTX *ctx, int fd, unsigned int *olen)

         }

     }

-    if (!EVP_DigestFinal(ctx, hash, &hashlen)) {

+    if (!EVP_DigestFinal_ex(ctx, hash, &hashlen)) {

         free(hash);

         free(buf);

         return NULL;

     }

-    EVP_MD_CTX_cleanup(ctx);

-

     if ((olen))

         *olen = hashlen;

@@ -244,7 +259,7 @@ unsigned char *cl_sha1(const void *buf, size_t len, unsigned char *obuf, unsigne

 int cl_verify_signature_hash(EVP_PKEY *pkey, char *alg, unsigned char *sig, unsigned int siglen, unsigned char *digest)

 {

-    EVP_MD_CTX ctx;

+    EVP_MD_CTX *ctx;

     const EVP_MD *md;

     size_t mdsz;

@@ -252,26 +267,34 @@ int cl_verify_signature_hash(EVP_PKEY *pkey, char *alg, unsigned char *sig, unsi

     if (!(md))

         return -1;

+    ctx = EVP_MD_CTX_create();

+    if (!(ctx))

+        return -1;

+

     mdsz = EVP_MD_size(md);

-    if (!EVP_VerifyInit(&ctx, md)) {

+    if (!EVP_VerifyInit_ex(ctx, md, NULL)) {

+        EVP_MD_CTX_destroy(ctx);

         return -1;

     }

-    if (!EVP_VerifyUpdate(&ctx, digest, mdsz)) {

+    if (!EVP_VerifyUpdate(ctx, digest, mdsz)) {

+        EVP_MD_CTX_destroy(ctx);

         return -1;

     }

-    if (EVP_VerifyFinal(&ctx, sig, siglen, pkey) != 0) {

+    if (EVP_VerifyFinal(ctx, sig, siglen, pkey) != 0) {

+        EVP_MD_CTX_destroy(ctx);

         return -1;

     }

+    EVP_MD_CTX_destroy(ctx);

     return 0;

 }

 int cl_verify_signature_fd(EVP_PKEY *pkey, char *alg, unsigned char *sig, unsigned int siglen, int fd)

 {

-    EVP_MD_CTX ctx;

+    EVP_MD_CTX *ctx;

     const EVP_MD *md;

     size_t mdsz;

     unsigned char *digest;

@@ -281,33 +304,45 @@ int cl_verify_signature_fd(EVP_PKEY *pkey, char *alg, unsigned char *sig, unsign

         return -1;

     md = EVP_get_digestbyname(alg);

-    if (!(md))

+    if (!(md)) {

+        free(digest);

         return -1;

+    }

     mdsz = EVP_MD_size(md);

-    if (!EVP_VerifyInit(&ctx, md)) {

+    ctx = EVP_MD_CTX_create();

+    if (!(ctx)) {

         free(digest);

         return -1;

     }

-    if (!EVP_VerifyUpdate(&ctx, digest, mdsz)) {

+    if (!EVP_VerifyInit_ex(ctx, md, NULL)) {

         free(digest);

+        EVP_MD_CTX_destroy(ctx);

         return -1;

     }

-    if (EVP_VerifyFinal(&ctx, sig, siglen, pkey) != 0) {

+    if (!EVP_VerifyUpdate(ctx, digest, mdsz)) {

         free(digest);

+        EVP_MD_CTX_destroy(ctx);

+        return -1;

+    }

+

+    if (EVP_VerifyFinal(ctx, sig, siglen, pkey) != 0) {

+        free(digest);

+        EVP_MD_CTX_destroy(ctx);

         return -1;

     }

     free(digest);

+    EVP_MD_CTX_destroy(ctx);

     return 0;

 }

 int cl_verify_signature(EVP_PKEY *pkey, char *alg, unsigned char *sig, unsigned int siglen, unsigned char *data, size_t datalen, int decode)

 {

-    EVP_MD_CTX ctx;

+    EVP_MD_CTX *ctx;

     const EVP_MD *md;

     size_t mdsz;

     unsigned char *digest;

@@ -343,27 +378,39 @@ int cl_verify_signature(EVP_PKEY *pkey, char *alg, unsigned char *sig, unsigned

     mdsz = EVP_MD_size(md);

-    if (!EVP_VerifyInit(&ctx, md)) {

+    ctx = EVP_MD_CTX_create();

+    if (!(ctx)) {

+        free(digest);

+        if (decode)

+            free(sig);

+

+        return -1;

+    }

+

+    if (!EVP_VerifyInit_ex(ctx, md, NULL)) {

         free(digest);

         if (decode)

             free(sig);

+        EVP_MD_CTX_destroy(ctx);

         return -1;

     }

-    if (!EVP_VerifyUpdate(&ctx, digest, mdsz)) {

+    if (!EVP_VerifyUpdate(ctx, digest, mdsz)) {

         free(digest);

         if (decode)

             free(sig);

+        EVP_MD_CTX_destroy(ctx);

         return -1;

     }

-    if (EVP_VerifyFinal(&ctx, sig, siglen, pkey) != 0) {

+    if (EVP_VerifyFinal(ctx, sig, siglen, pkey) != 0) {

         free(digest);

         if (decode)

             free(sig);

+        EVP_MD_CTX_destroy(ctx);

         return -1;

     }

@@ -371,6 +418,7 @@ int cl_verify_signature(EVP_PKEY *pkey, char *alg, unsigned char *sig, unsigned

         free(sig);

     free(digest);

+    EVP_MD_CTX_destroy(ctx);

     return 0;

 }

@@ -528,7 +576,7 @@ unsigned char *cl_sign_data_keyfile(char *keypath, char *alg, unsigned char *has

 unsigned char *cl_sign_data(EVP_PKEY *pkey, char *alg, unsigned char *hash, unsigned int *olen, int encode)

 {

-    EVP_MD_CTX ctx;

+    EVP_MD_CTX *ctx;

     const EVP_MD *md;

     unsigned int siglen;

     unsigned char *sig;

@@ -537,27 +585,35 @@ unsigned char *cl_sign_data(EVP_PKEY *pkey, char *alg, unsigned char *hash, unsi

     if (!(md))

         return NULL;

+    ctx = EVP_MD_CTX_create();

+    if (!(ctx))

+        return NULL;

+

     sig = (unsigned char *)calloc(1, EVP_PKEY_size(pkey));

     if (!(sig)) {

         free(hash);

+        EVP_MD_CTX_destroy(ctx);

         return NULL;

     }

-    if (!EVP_SignInit(&ctx, md)) {

+    if (!EVP_SignInit_ex(ctx, md, NULL)) {

         free(sig);

         free(hash);

+        EVP_MD_CTX_destroy(ctx);

         return NULL;

     }

-    if (!EVP_SignUpdate(&ctx, hash, EVP_MD_size(md))) {

+    if (!EVP_SignUpdate(ctx, hash, EVP_MD_size(md))) {

         free(sig);

         free(hash);

+        EVP_MD_CTX_destroy(ctx);

         return NULL;

     }

-    if (!EVP_SignFinal(&ctx, sig, &siglen, pkey)) {

+    if (!EVP_SignFinal(ctx, sig, &siglen, pkey)) {

         free(sig);

         free(hash);

+        EVP_MD_CTX_destroy(ctx);

         return NULL;

     }

@@ -566,6 +622,7 @@ unsigned char *cl_sign_data(EVP_PKEY *pkey, char *alg, unsigned char *hash, unsi

         if (!(newsig)) {

             free(sig);

             free(hash);

+            EVP_MD_CTX_destroy(ctx);

             return NULL;

         }

@@ -577,6 +634,7 @@ unsigned char *cl_sign_data(EVP_PKEY *pkey, char *alg, unsigned char *hash, unsi

     free(hash);

     *olen = siglen;

+    EVP_MD_CTX_destroy(ctx);

     return sig;

 }

@@ -326,7 +326,7 @@ static int cli_tgzload(int fd, struct cl_engine *engine, unsigned int *signo, un

             cli_tgzload_cleanup(compr, dbio, fdd);

             return CL_EMALFDB;

         }

-        EVP_DigestInit(dbio->hashctx, EVP_sha256());

+        EVP_DigestInit_ex(dbio->hashctx, EVP_sha256(), NULL);

     }

 	dbio->bread = 0;

@@ -361,8 +361,8 @@ static int cli_tgzload(int fd, struct cl_engine *engine, unsigned int *signo, un

 			cli_tgzload_cleanup(compr, dbio, fdd);

 			return CL_EMALFDB;

 		    }

-            EVP_DigestFinal(dbio->hashctx, hash, NULL);

-            EVP_DigestInit(dbio->hashctx, EVP_sha256());

+            EVP_DigestFinal_ex(dbio->hashctx, hash, NULL);

+            EVP_DigestInit_ex(dbio->hashctx, EVP_sha256(), NULL);

 		    if(memcmp(db->hash, hash, 32)) {

 			cli_errmsg("cli_tgzload: Invalid checksum for file %s\n", name);

 			cli_tgzload_cleanup(compr, dbio, fdd);

@@ -158,7 +158,7 @@ int cli_versig2(const unsigned char *sha256, const char *dsig_str, const char *n

 	unsigned char *decoded, digest1[HASH_LEN], digest2[HASH_LEN], digest3[HASH_LEN], *salt;

 	unsigned char mask[BLK_LEN], data[BLK_LEN], final[8 + 2 * HASH_LEN], c[4];

 	unsigned int i, rounds;

-    EVP_MD_CTX ctx;

+    EVP_MD_CTX *ctx;

 	mp_int n, e;

     mp_init(&e);

@@ -187,11 +187,15 @@ int cli_versig2(const unsigned char *sha256, const char *dsig_str, const char *n

 	c[2] = (unsigned char) (i / 256);

 	c[3] = (unsigned char) i;

-    EVP_DigestInit(&ctx, EVP_sha256());

-	EVP_DigestUpdate(&ctx, digest2, HASH_LEN);

-	EVP_DigestUpdate(&ctx, c, 4);

-	EVP_DigestFinal(&ctx, digest3, NULL);

-    EVP_MD_CTX_cleanup(&ctx);

+    ctx = EVP_MD_CTX_create();

+    if (!(ctx))

+        return CL_EMEM;

+

+    EVP_DigestInit_ex(ctx, EVP_sha256(), NULL);

+	EVP_DigestUpdate(ctx, digest2, HASH_LEN);

+	EVP_DigestUpdate(ctx, c, 4);

+	EVP_DigestFinal_ex(ctx, digest3, NULL);

+    EVP_MD_CTX_destroy(ctx);

 	if(i + 1 == rounds)

             memcpy(&data[i * 32], digest3, BLK_LEN - i * HASH_LEN);

 	else

@@ -213,10 +217,14 @@ int cli_versig2(const unsigned char *sha256, const char *dsig_str, const char *n

     memcpy(&final[8], sha256, HASH_LEN);

     memcpy(&final[8 + HASH_LEN], salt, SALT_LEN);

-    EVP_DigestInit(&ctx, EVP_sha256());

-	EVP_DigestUpdate(&ctx, final, sizeof(final));

-	EVP_DigestFinal(&ctx, digest1, NULL);

-    EVP_MD_CTX_cleanup(&ctx);

+    ctx = EVP_MD_CTX_create();

+    if (!(ctx))

+        return CL_EMEM;

+

+    EVP_DigestInit_ex(ctx, EVP_sha256(), NULL);

+	EVP_DigestUpdate(ctx, final, sizeof(final));

+	EVP_DigestFinal_ex(ctx, digest1, NULL);

+    EVP_MD_CTX_destroy(ctx);

     return memcmp(digest1, digest2, HASH_LEN) ? CL_EVERIFY : CL_SUCCESS;

 }

@@ -244,7 +244,7 @@ char *internal_get_host_id(void)

     unsigned char raw_md5[16];

     char *printable_md5;

     struct device *devices;

-    EVP_MD_CTX ctx;

+    EVP_MD_CTX *ctx;

     devices = get_devices();

     if (!(devices))

@@ -256,12 +256,23 @@ char *internal_get_host_id(void)

         return NULL;

     }

-    EVP_DigestInit(&ctx, EVP_md5());

+    ctx = EVP_MD_CTX_create();

+    if (!(ctx)) {

+        for (i=0; devices[i].name != NULL; i++)

+            free(devices[i].name);

+

+        free(devices);

+        free(printable_md5);

+

+        return NULL;

+    }

+

+    EVP_DigestInit_ex(ctx, EVP_md5(), NULL);

     for (i=0; devices[i].name != NULL; i++)

-        EVP_DigestUpdate(&ctx, devices[i].mac, sizeof(devices[i].mac));

+        EVP_DigestUpdate(ctx, devices[i].mac, sizeof(devices[i].mac));

-    EVP_DigestFinal(&ctx, raw_md5, NULL);

-    EVP_MD_CTX_cleanup(&ctx);

+    EVP_DigestFinal_ex(ctx, raw_md5, NULL);

+    EVP_MD_CTX_destroy(ctx);

     for (i=0; devices[i].name != NULL; i++)

         free(devices[i].name);

@@ -718,22 +718,39 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli

     const char *virname = NULL;

     uint32_t viroffset = 0;

     uint32_t viruses_found = 0;

-    EVP_MD_CTX md5ctx, sha1ctx, sha256ctx;

+    EVP_MD_CTX *md5ctx, *sha1ctx, *sha256ctx;

     if(!ctx->engine) {

         cli_errmsg("cli_scandesc: engine == NULL\n");

         return CL_ENULLARG;

     }

-    if (!EVP_DigestInit(&md5ctx, EVP_md5())) {

+    md5ctx = EVP_MD_CTX_create();

+    if (!(md5ctx))

+        return CL_EMEM;

+

+    sha1ctx = EVP_MD_CTX_create();

+    if (!(sha1ctx)) {

+        EVP_MD_CTX_destroy(md5ctx);

+        return CL_EMEM;

+    }

+

+    sha256ctx = EVP_MD_CTX_create();

+    if (!(sha256ctx)) {

+        EVP_MD_CTX_destroy(md5ctx);

+        EVP_MD_CTX_destroy(sha1ctx);

+        return CL_EMEM;

+    }

+

+    if (!EVP_DigestInit_ex(md5ctx, EVP_md5(), NULL)) {

         return CL_CLEAN;

     }

-    if (!EVP_DigestInit(&sha1ctx, EVP_sha1())) {

+    if (!EVP_DigestInit_ex(sha1ctx, EVP_sha1(), NULL)) {

         return CL_CLEAN;

     }

-    if (!EVP_DigestInit(&sha256ctx, EVP_sha256())) {

+    if (!EVP_DigestInit_ex(sha256ctx, EVP_sha256(), NULL)) {

         return CL_CLEAN;

     }

@@ -751,9 +768,9 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli

     if(ftonly) {

         if(!troot) {

-            EVP_MD_CTX_cleanup(&md5ctx);

-            EVP_MD_CTX_cleanup(&sha1ctx);

-            EVP_MD_CTX_cleanup(&sha256ctx);

+            EVP_MD_CTX_destroy(md5ctx);

+            EVP_MD_CTX_destroy(sha1ctx);

+            EVP_MD_CTX_destroy(sha256ctx);

             return CL_CLEAN;

         }

@@ -773,9 +790,9 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli

                 free(info.exeinfo.section);

             cli_hashset_destroy(&info.exeinfo.vinfo);

-            EVP_MD_CTX_cleanup(&md5ctx);

-            EVP_MD_CTX_cleanup(&sha1ctx);

-            EVP_MD_CTX_cleanup(&sha256ctx);

+            EVP_MD_CTX_destroy(md5ctx);

+            EVP_MD_CTX_destroy(sha1ctx);

+            EVP_MD_CTX_destroy(sha256ctx);

             return ret;

         }

     }

@@ -788,9 +805,9 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli

                 free(info.exeinfo.section);

             cli_hashset_destroy(&info.exeinfo.vinfo);

-            EVP_MD_CTX_cleanup(&md5ctx);

-            EVP_MD_CTX_cleanup(&sha1ctx);

-            EVP_MD_CTX_cleanup(&sha256ctx);

+            EVP_MD_CTX_destroy(md5ctx);

+            EVP_MD_CTX_destroy(sha1ctx);

+            EVP_MD_CTX_destroy(sha256ctx);

             return ret;

         }

         if(troot->bm_offmode) {

@@ -804,9 +821,9 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli

                         free(info.exeinfo.section);

                     cli_hashset_destroy(&info.exeinfo.vinfo);

-                    EVP_MD_CTX_cleanup(&md5ctx);

-                    EVP_MD_CTX_cleanup(&sha1ctx);

-                    EVP_MD_CTX_cleanup(&sha256ctx);

+                    EVP_MD_CTX_destroy(md5ctx);

+                    EVP_MD_CTX_destroy(sha1ctx);

+                    EVP_MD_CTX_destroy(sha256ctx);

                     return ret;

                 }

@@ -873,9 +890,9 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli

                     free(info.exeinfo.section);

                 cli_hashset_destroy(&info.exeinfo.vinfo);

-                EVP_MD_CTX_cleanup(&md5ctx);

-                EVP_MD_CTX_cleanup(&sha1ctx);

-                EVP_MD_CTX_cleanup(&sha256ctx);

+                EVP_MD_CTX_destroy(md5ctx);

+                EVP_MD_CTX_destroy(sha1ctx);

+                EVP_MD_CTX_destroy(sha256ctx);

                 return ret;

             }

         }

@@ -912,11 +929,11 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli

                 uint32_t data_len = bytes - maxpatlen * (offset!=0);

                 if(compute_hash[CLI_HASH_MD5])

-                    EVP_DigestUpdate(&md5ctx, data, data_len);

+                    EVP_DigestUpdate(md5ctx, data, data_len);

                 if(compute_hash[CLI_HASH_SHA1])

-                    EVP_DigestUpdate(&sha1ctx, data, data_len);

+                    EVP_DigestUpdate(sha1ctx, data, data_len);

                 if(compute_hash[CLI_HASH_SHA256])

-                    EVP_DigestUpdate(&sha256ctx, data, data_len);

+                    EVP_DigestUpdate(sha256ctx, data, data_len);

             }

         }

@@ -935,15 +952,15 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli

         enum CLI_HASH_TYPE hashtype, hashtype2;

         if(compute_hash[CLI_HASH_MD5]) {

-            EVP_DigestFinal(&md5ctx, digest[CLI_HASH_MD5], NULL);

+            EVP_DigestFinal_ex(md5ctx, digest[CLI_HASH_MD5], NULL);

         }

         if(refhash)

             compute_hash[CLI_HASH_MD5] = 1;

         if(compute_hash[CLI_HASH_SHA1]) {

-            EVP_DigestFinal(&sha1ctx, digest[CLI_HASH_SHA1], NULL);

+            EVP_DigestFinal_ex(sha1ctx, digest[CLI_HASH_SHA1], NULL);

         }

         if(compute_hash[CLI_HASH_SHA256]) {

-            EVP_DigestFinal(&sha256ctx, digest[CLI_HASH_SHA256], NULL);

+            EVP_DigestFinal_ex(sha256ctx, digest[CLI_HASH_SHA256], NULL);

         }

         virname = NULL;

@@ -1001,9 +1018,9 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli

         }

     }

-    EVP_MD_CTX_cleanup(&md5ctx);

-    EVP_MD_CTX_cleanup(&sha1ctx);

-    EVP_MD_CTX_cleanup(&sha256ctx);

+    EVP_MD_CTX_destroy(md5ctx);

+    EVP_MD_CTX_destroy(sha1ctx);

+    EVP_MD_CTX_destroy(sha256ctx);

     if(troot) {

         if(ret != CL_VIRUS || SCAN_ALL)

@@ -881,20 +881,24 @@ char *cli_hashstream(FILE *fs, unsigned char *digcpy, int type)

     char buff[FILEBUFF];

     char *hashstr, *pt;

     int i, bytes, size;

-    EVP_MD_CTX ctx;

+    EVP_MD_CTX *ctx;

+

+    ctx = EVP_MD_CTX_create();

+    if (!(ctx))

+        return NULL;

     if(type == 1)

-        EVP_DigestInit(&ctx, EVP_md5());

+        EVP_DigestInit_ex(ctx, EVP_md5(), NULL);

     else if(type == 2)

-        EVP_DigestInit(&ctx, EVP_sha1());

+        EVP_DigestInit_ex(ctx, EVP_sha1(), NULL);

     else

-        EVP_DigestInit(&ctx, EVP_sha256());

+        EVP_DigestInit_ex(ctx, EVP_sha256(), NULL);

     while((bytes = fread(buff, 1, FILEBUFF, fs)))

-        EVP_DigestUpdate(&ctx, buff, bytes);

+        EVP_DigestUpdate(ctx, buff, bytes);

-    EVP_DigestFinal(&ctx, digest, &size);

-    EVP_MD_CTX_cleanup(&ctx);

+    EVP_DigestFinal_ex(ctx, digest, &size);

+    EVP_MD_CTX_destroy(ctx);

     if(!(hashstr = (char *) cli_calloc(size*2 + 1, sizeof(char))))

         return NULL;

@@ -2800,7 +2800,7 @@ int cli_checkfp_pe(cli_ctx *ctx, uint8_t *authsha1, stats_section_t *hashes, uin

     struct cli_exe_section *exe_sections;

     struct pe_image_data_dir *dirs;

     fmap_t *map = *ctx->fmap;

-    EVP_MD_CTX hashctx;

+    EVP_MD_CTX *hashctx=NULL;

     if (flags & CL_CHECKFP_PE_FLAG_STATS)

         if (!(hashes))

@@ -2927,7 +2927,13 @@ int cli_checkfp_pe(cli_ctx *ctx, uint8_t *authsha1, stats_section_t *hashes, uin

     }

     cli_qsort(exe_sections, nsections, sizeof(*exe_sections), sort_sects);

-    EVP_DigestInit(&hashctx, EVP_sha1());

+    hashctx = EVP_MD_CTX_create();

+    if (!(hashctx)) {

+        if (flags & CL_CHECKFP_PE_FLAG_AUTHENTICODE)

+            flags ^= CL_CHECKFP_PE_FLAG_AUTHENTICODE;

+    }

+    if (hashctx)

+        EVP_DigestInit_ex(hashctx, EVP_sha1(), NULL);

     if (flags & CL_CHECKFP_PE_FLAG_AUTHENTICODE) {

         /* Check to see if we have a security section. */

@@ -2936,7 +2942,8 @@ int cli_checkfp_pe(cli_ctx *ctx, uint8_t *authsha1, stats_section_t *hashes, uin

                 /* If stats is enabled, continue parsing the sample */

                 flags ^= CL_CHECKFP_PE_FLAG_AUTHENTICODE;

             } else {

-                EVP_MD_CTX_cleanup(&hashctx);

+                if (hashctx)

+                    EVP_MD_CTX_destroy(hashctx);

                 return CL_BREAK;

             }

         }