Change FIPS source and utilities to use the "FIPS_" names directly

instead of using regular OpenSSL API names.

fips/aes/fips_aes_selftest.c

@@ -82,7 +82,7 @@ int FIPS_selftest_aes()
     int n;
     int ret = 0;
     EVP_CIPHER_CTX ctx;
-    EVP_CIPHER_CTX_init(&ctx);
+    FIPS_cipher_ctx_init(&ctx);
 
     for(n=0 ; n < 1 ; ++n)
 	{
@@ -95,7 +95,7 @@ int FIPS_selftest_aes()
 	}
     ret = 1;
     err:
-    EVP_CIPHER_CTX_cleanup(&ctx);
+    FIPS_cipher_ctx_cleanup(&ctx);
     if (ret == 0)
 	    FIPSerr(FIPS_F_FIPS_SELFTEST_AES,FIPS_R_SELFTEST_FAILED);
     return ret;

fips/aes/fips_aesavs.c

@@ -213,14 +213,14 @@ static int AESTest(EVP_CIPHER_CTX *ctx,
 	printf("Invalid key size: %d\n", akeysz);
 	return 0; 
 	}
-    if (EVP_CipherInit_ex(ctx, cipher, NULL, aKey, iVec, dir) <= 0)
+    if (FIPS_cipherinit(ctx, cipher, aKey, iVec, dir) <= 0)
 	return 0;
     if(!strcasecmp(amode,"CFB1"))
 	M_EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS);
     if (dir)
-		EVP_Cipher(ctx, ciphertext, plaintext, len);
+		FIPS_cipher(ctx, ciphertext, plaintext, len);
 	else
-		EVP_Cipher(ctx, plaintext, ciphertext, len);
+		FIPS_cipher(ctx, plaintext, ciphertext, len);
     return 1;
     }
 
@@ -254,7 +254,7 @@ static int do_mct(char *amode,
     int i, j, n, n1, n2;
     int imode = 0, nkeysz = akeysz/8;
     EVP_CIPHER_CTX ctx;
-    EVP_CIPHER_CTX_init(&ctx);
+    FIPS_cipher_ctx_init(&ctx);
 
     if (len > 32)
 	{
@@ -310,12 +310,12 @@ static int do_mct(char *amode,
 		    {
 		    if (dir == XENCRYPT)
 			{
-			EVP_Cipher(&ctx, ctext[j], ptext[j], len);
+			FIPS_cipher(&ctx, ctext[j], ptext[j], len);
 			memcpy(ptext[j+1], ctext[j], len);
 			}
 		    else
 			{
-			EVP_Cipher(&ctx, ptext[j], ctext[j], len);
+			FIPS_cipher(&ctx, ptext[j], ctext[j], len);
 			memcpy(ctext[j+1], ptext[j], len);
 			}
 		    }
@@ -338,12 +338,12 @@ static int do_mct(char *amode,
 		    {
 		    if (dir == XENCRYPT)
 			{
-			EVP_Cipher(&ctx, ctext[j], ptext[j], len);
+			FIPS_cipher(&ctx, ctext[j], ptext[j], len);
 			memcpy(ptext[j+1], ctext[j-1], len);
 			}
 		    else
 			{
-			EVP_Cipher(&ctx, ptext[j], ctext[j], len);
+			FIPS_cipher(&ctx, ptext[j], ctext[j], len);
 			memcpy(ctext[j+1], ptext[j-1], len);
 			}
 		    }
@@ -359,9 +359,9 @@ static int do_mct(char *amode,
 		else
 		    {
 		    if (dir == XENCRYPT)
-			EVP_Cipher(&ctx, ctext[j], ptext[j], len);
+			FIPS_cipher(&ctx, ctext[j], ptext[j], len);
 		    else
-			EVP_Cipher(&ctx, ptext[j], ctext[j], len);
+			FIPS_cipher(&ctx, ptext[j], ctext[j], len);
 		    }
 		if (dir == XENCRYPT)
 		    {
@@ -393,9 +393,9 @@ static int do_mct(char *amode,
 		else
 		    {
 		    if (dir == XENCRYPT)
-			EVP_Cipher(&ctx, ctext[j], ptext[j], len);
+			FIPS_cipher(&ctx, ctext[j], ptext[j], len);
 		    else
-			EVP_Cipher(&ctx, ptext[j], ctext[j], len);
+			FIPS_cipher(&ctx, ptext[j], ctext[j], len);
 
 		    }
 		if(dir == XENCRYPT)
@@ -565,7 +565,7 @@ static int proc_file(char *rqfile, char *rspfile)
     unsigned char ciphertext[2048];
     char *rp;
     EVP_CIPHER_CTX ctx;
-    EVP_CIPHER_CTX_init(&ctx);
+    FIPS_cipher_ctx_init(&ctx);
 
     if (!rqfile || !(*rqfile))
 	{

fips/aes/fips_gcmtest.c

@@ -87,7 +87,7 @@ static void gcmtest(int encrypt)
 	unsigned char *ct = NULL, *pt = NULL;
 	EVP_CIPHER_CTX ctx;
 	const EVP_CIPHER *gcm;
-	EVP_CIPHER_CTX_init(&ctx);
+	FIPS_cipher_ctx_init(&ctx);
 
 	while(fgets(buf,sizeof buf,stdin) != NULL)
 		{
@@ -175,20 +175,20 @@ static void gcmtest(int encrypt)
 		if (encrypt && pt && aad && (iv || encrypt==1))
 			{
 			tag = OPENSSL_malloc(taglen);
-			EVP_CipherInit_ex(&ctx, gcm, NULL, NULL, NULL, 1);
+			FIPS_cipherinit(&ctx, gcm, NULL, NULL, 1);
 			/* Relax FIPS constraints for testing */
 			M_EVP_CIPHER_CTX_set_flags(&ctx, EVP_CIPH_FLAG_NON_FIPS_ALLOW);
-			EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, ivlen, 0);
+			FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, ivlen, 0);
 			if (encrypt == 1)
 				{
 				static unsigned char iv_fixed[4] = {1,2,3,4};
 				if (!iv)
 					iv = OPENSSL_malloc(ivlen);
-				EVP_CipherInit_ex(&ctx, NULL, NULL, key, NULL, 1);
-				EVP_CIPHER_CTX_ctrl(&ctx,
+				FIPS_cipherinit(&ctx, NULL, key, NULL, 1);
+				FIPS_cipher_ctx_ctrl(&ctx,
 						EVP_CTRL_GCM_SET_IV_FIXED,
 						4, iv_fixed);
-				if (!EVP_CIPHER_CTX_ctrl(&ctx,
+				if (!FIPS_cipher_ctx_ctrl(&ctx,
 					EVP_CTRL_GCM_IV_GEN, 0, iv))
 					{
 					fprintf(stderr, "IV gen error\n");
@@ -197,18 +197,18 @@ static void gcmtest(int encrypt)
 				OutputValue("IV", iv, ivlen, stdout, 0);
 				}
 			else
-				EVP_CipherInit_ex(&ctx, NULL, NULL, key, iv, 1);
+				FIPS_cipherinit(&ctx, NULL, key, iv, 1);
 
 
 			if (aadlen)
-				EVP_Cipher(&ctx, NULL, aad, aadlen);
+				FIPS_cipher(&ctx, NULL, aad, aadlen);
 			if (ptlen)
 				{
 				ct = OPENSSL_malloc(ptlen);
-				rv = EVP_Cipher(&ctx, ct, pt, ptlen);
+				rv = FIPS_cipher(&ctx, ct, pt, ptlen);
 				}
-			EVP_Cipher(&ctx, NULL, NULL, 0);
-			EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG,
+			FIPS_cipher(&ctx, NULL, NULL, 0);
+			FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG,
 								taglen, tag);	
 			OutputValue("CT", ct, ptlen, stdout, 0);
 			OutputValue("Tag", tag, taglen, stdout, 0);
@@ -228,20 +228,20 @@ static void gcmtest(int encrypt)
 			}	
 		if (!encrypt && tag)
 			{
-			EVP_CipherInit_ex(&ctx, gcm, NULL, NULL, NULL, 0);
+			FIPS_cipherinit(&ctx, gcm, NULL, NULL, 0);
 			/* Relax FIPS constraints for testing */
 			M_EVP_CIPHER_CTX_set_flags(&ctx, EVP_CIPH_FLAG_NON_FIPS_ALLOW);
-			EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, ivlen, 0);
-			EVP_CipherInit_ex(&ctx, NULL, NULL, key, iv, 0);
-			EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, taglen, tag);
+			FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, ivlen, 0);
+			FIPS_cipherinit(&ctx, NULL, key, iv, 0);
+			FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, taglen, tag);
 			if (aadlen)
-				EVP_Cipher(&ctx, NULL, aad, aadlen);
+				FIPS_cipher(&ctx, NULL, aad, aadlen);
 			if (ptlen)
 				{
 				pt = OPENSSL_malloc(ptlen);
-				rv = EVP_Cipher(&ctx, pt, ct, ptlen);
+				rv = FIPS_cipher(&ctx, pt, ct, ptlen);
 				}
-			rv = EVP_Cipher(&ctx, NULL, NULL, 0);
+			rv = FIPS_cipher(&ctx, NULL, NULL, 0);
 			if (rv < 0)
 				printf("FAIL\n");
 			else

fips/des/fips_des_selftest.c

@@ -110,7 +110,7 @@ int FIPS_selftest_des()
     {
     int n, ret = 0;
     EVP_CIPHER_CTX ctx;
-    EVP_CIPHER_CTX_init(&ctx);
+    FIPS_cipher_ctx_init(&ctx);
     /* Encrypt/decrypt with 2-key 3DES and compare to known answers */
     for(n=0 ; n < 2 ; ++n)
 	{
@@ -130,7 +130,7 @@ int FIPS_selftest_des()
 	}
     ret = 1;
     err:
-    EVP_CIPHER_CTX_cleanup(&ctx);
+    FIPS_cipher_ctx_cleanup(&ctx);
     if (ret == 0)
 	    FIPSerr(FIPS_F_FIPS_SELFTEST_DES,FIPS_R_SELFTEST_FAILED);
 

fips/des/fips_desmovs.c

@@ -122,11 +122,11 @@ static int DESTest(EVP_CIPHER_CTX *ctx,
 	EXIT(1);
 	}
 
-    if (EVP_CipherInit_ex(ctx, cipher, NULL, aKey, iVec, dir) <= 0)
+    if (FIPS_cipherinit(ctx, cipher, aKey, iVec, dir) <= 0)
 	return 0;
     if(!strcasecmp(amode,"CFB1"))
 	M_EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS);
-    EVP_Cipher(ctx, out, in, len);
+    FIPS_cipher(ctx, out, in, len);
 
     return 1;
     }
@@ -184,7 +184,7 @@ static void do_mct(char *amode,
 	int kp=akeysz/64;
 	unsigned char old_iv[8];
 	EVP_CIPHER_CTX ctx;
-	EVP_CIPHER_CTX_init(&ctx);
+	FIPS_cipher_ctx_init(&ctx);
 
 	fprintf(rfp,"\nCOUNT = %d\n",i);
 	if(kp == 1)
@@ -219,7 +219,7 @@ static void do_mct(char *amode,
 	    else
 		{
 		memcpy(old_iv,ctx.iv,8);
-		EVP_Cipher(&ctx,text,text,len);
+		FIPS_cipher(&ctx,text,text,len);
 		}
 	    if(j == 9999)
 		{
@@ -282,7 +282,7 @@ static int proc_file(char *rqfile, char *rspfile)
     char *rp;
     EVP_CIPHER_CTX ctx;
     int numkeys=1;
-    EVP_CIPHER_CTX_init(&ctx);
+    FIPS_cipher_ctx_init(&ctx);
 
     if (!rqfile || !(*rqfile))
 	{

fips/dsa/fips_dsa_selftest.c

@@ -118,7 +118,7 @@ int FIPS_selftest_dsa()
     EVP_MD_CTX mctx;
     DSA_SIG *dsig = NULL;
 
-    EVP_MD_CTX_init(&mctx);
+    FIPS_md_ctx_init(&mctx);
 
     dsa = FIPS_dsa_new();
 
@@ -134,17 +134,17 @@ int FIPS_selftest_dsa()
 
     DSA_generate_key(dsa);
 
-    if (!EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL))
+    if (!FIPS_digestinit(&mctx, EVP_sha1()))
 	goto err;
-    if (!EVP_DigestUpdate(&mctx, str1, 20))
+    if (!FIPS_digestupdate(&mctx, str1, 20))
 	goto err;
     dsig = FIPS_dsa_sign_ctx(dsa, &mctx);
     if (!dsig)
 	goto err;
 
-    if (!EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL))
+    if (!FIPS_digestinit(&mctx, EVP_sha1()))
 	goto err;
-    if (!EVP_DigestUpdate(&mctx, str1, 20))
+    if (!FIPS_digestupdate(&mctx, str1, 20))
 	goto err;
     if (FIPS_dsa_verify_ctx(dsa, &mctx, dsig) != 1)
 	goto err;
@@ -152,7 +152,7 @@ int FIPS_selftest_dsa()
     ret = 1;
 
     err:
-    EVP_MD_CTX_cleanup(&mctx);
+    FIPS_md_ctx_cleanup(&mctx);
     if (dsa)
 	FIPS_dsa_free(dsa);
     if (dsig)

fips/dsa/fips_dsa_sign.c

@@ -76,7 +76,7 @@ DSA_SIG * FIPS_dsa_sign_ctx(DSA *dsa, EVP_MD_CTX *ctx)
 	DSA_SIG *s;
 	unsigned char dig[EVP_MAX_MD_SIZE];
 	unsigned int dlen;
-        EVP_DigestFinal_ex(ctx, dig, &dlen);
+        FIPS_digestfinal(ctx, dig, &dlen);
 	s = dsa->meth->dsa_do_sign(dig,dlen,dsa);
 	OPENSSL_cleanse(dig, dlen);
 	return s;
@@ -92,7 +92,7 @@ int FIPS_dsa_verify_ctx(DSA *dsa, EVP_MD_CTX *ctx, DSA_SIG *s)
 	int ret=-1;
 	unsigned char dig[EVP_MAX_MD_SIZE];
 	unsigned int dlen;
-        EVP_DigestFinal_ex(ctx, dig, &dlen);
+        FIPS_digestfinal(ctx, dig, &dlen);
 	ret=dsa->meth->dsa_do_verify(dig,dlen,s,dsa);
 	OPENSSL_cleanse(dig, dlen);
 	return ret;

fips/dsa/fips_dsatest.c

@@ -156,7 +156,7 @@ int main(int argc, char **argv)
 	BN_GENCB cb;
 	EVP_MD_CTX mctx;
 	BN_GENCB_set(&cb, dsa_cb, stderr);
-	EVP_MD_CTX_init(&mctx);
+	FIPS_md_ctx_init(&mctx);
 
     	fips_set_error_print();
 	if(!FIPS_mode_set(1))
@@ -212,17 +212,17 @@ int main(int argc, char **argv)
 		}
 	DSA_generate_key(dsa);
 
-	if (!EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL))
+	if (!FIPS_digestinit(&mctx, EVP_sha1()))
 		goto end;
-	if (!EVP_DigestUpdate(&mctx, str1, 20))
+	if (!FIPS_digestupdate(&mctx, str1, 20))
 		goto end;
 	sig = FIPS_dsa_sign_ctx(dsa, &mctx);
 	if (!sig)
 		goto end;
 
-	if (!EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL))
+	if (!FIPS_digestinit(&mctx, EVP_sha1()))
 		goto end;
-	if (!EVP_DigestUpdate(&mctx, str1, 20))
+	if (!FIPS_digestupdate(&mctx, str1, 20))
 		goto end;
 	if (FIPS_dsa_verify_ctx(dsa, &mctx, sig) != 1)
 		goto end;
@@ -233,7 +233,7 @@ end:
 	if (sig)
 		DSA_SIG_free(sig);
 	if (dsa != NULL) FIPS_dsa_free(dsa);
-	EVP_MD_CTX_cleanup(&mctx);
+	FIPS_md_ctx_cleanup(&mctx);
 #if 0
 	CRYPTO_mem_leaks(bio_err);
 #endif

fips/dsa/fips_dssvs.c

@@ -533,7 +533,7 @@ static void siggen()
 	    int n;
 	    EVP_MD_CTX mctx;
 	    DSA_SIG *sig;
-	    EVP_MD_CTX_init(&mctx);
+	    FIPS_md_ctx_init(&mctx);
 
 	    n=hex2bin(value,msg);
 
@@ -541,15 +541,15 @@ static void siggen()
 		exit(1);
 	    pbn("Y",dsa->pub_key);
 
-	    EVP_DigestInit_ex(&mctx, md, NULL);
-	    EVP_DigestUpdate(&mctx, msg, n);
+	    FIPS_digestinit(&mctx, md);
+	    FIPS_digestupdate(&mctx, msg, n);
 	    sig = FIPS_dsa_sign_ctx(dsa, &mctx);
 
 	    pbn("R",sig->r);
 	    pbn("S",sig->s);
 	    putc('\n',stdout);
 	    DSA_SIG_free(sig);
-	    EVP_MD_CTX_cleanup(&mctx);
+	    FIPS_md_ctx_cleanup(&mctx);
 	    }
 	}
 	if (dsa)
@@ -606,15 +606,15 @@ static void sigver()
 	    {
 	    EVP_MD_CTX mctx;
 	    int r;
-	    EVP_MD_CTX_init(&mctx);
+	    FIPS_md_ctx_init(&mctx);
 	    sig->s=hex2bn(value);
 
-	    EVP_DigestInit_ex(&mctx, md, NULL);
-	    EVP_DigestUpdate(&mctx, msg, n);
+	    FIPS_digestinit(&mctx, md);
+	    FIPS_digestupdate(&mctx, msg, n);
 	    no_err = 1;
 	    r = FIPS_dsa_verify_ctx(dsa, &mctx, sig);
 	    no_err = 0;
-	    EVP_MD_CTX_cleanup(&mctx);
+	    FIPS_md_ctx_cleanup(&mctx);
 	
 	    printf("Result = %c\n", r == 1 ? 'P' : 'F');
 	    putc('\n',stdout);

fips/fips.c

@@ -438,7 +438,7 @@ int fips_pkey_signature_test(EVP_PKEY *pkey,
 	unsigned int siglen;
 	DSA_SIG *dsig = NULL;
 	EVP_MD_CTX mctx;
-	EVP_MD_CTX_init(&mctx);
+	FIPS_md_ctx_init(&mctx);
 
 	if ((pkey->type == EVP_PKEY_RSA)
 		&& ((size_t)RSA_size(pkey->pkey.rsa) > sizeof(sigtmp)))
@@ -454,9 +454,9 @@ int fips_pkey_signature_test(EVP_PKEY *pkey,
 	if (tbslen == -1)
 		tbslen = strlen((char *)tbs);
 
-	if (!EVP_DigestInit_ex(&mctx, digest, NULL))
+	if (!FIPS_digestinit(&mctx, digest))
 		goto error;
-	if (!EVP_DigestUpdate(&mctx, tbs, tbslen))
+	if (!FIPS_digestupdate(&mctx, tbs, tbslen))
 		goto error;
 	if (pkey->type == EVP_PKEY_RSA)
 		{
@@ -478,9 +478,9 @@ int fips_pkey_signature_test(EVP_PKEY *pkey,
 	if (kat && ((siglen != katlen) || memcmp(kat, sig, katlen)))
 		goto error;
 
-	if (!EVP_DigestInit_ex(&mctx, digest, NULL))
+	if (!FIPS_digestinit(&mctx, digest))
 		goto error;
-	if (!EVP_DigestUpdate(&mctx, tbs, tbslen))
+	if (!FIPS_digestupdate(&mctx, tbs, tbslen))
 		goto error;
 	if (pkey->type == EVP_PKEY_RSA)
 		{
@@ -501,12 +501,12 @@ int fips_pkey_signature_test(EVP_PKEY *pkey,
 		DSA_SIG_free(dsig);
 	if (sig != sigtmp)
 		OPENSSL_free(sig);
-	EVP_MD_CTX_cleanup(&mctx);
+	FIPS_md_ctx_cleanup(&mctx);
 	if (ret != 1)
 		{
 		FIPSerr(FIPS_F_FIPS_PKEY_SIGNATURE_TEST,FIPS_R_TEST_FAILURE);
 		if (fail_str)
-			ERR_add_error_data(2, "Type=", fail_str);
+			FIPS_add_error_data(2, "Type=", fail_str);
 		return 0;
 		}
 	return 1;
@@ -526,14 +526,14 @@ int fips_cipher_test(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
 	unsigned char pltmp[FIPS_MAX_CIPHER_TEST_SIZE];
 	unsigned char citmp[FIPS_MAX_CIPHER_TEST_SIZE];
 	OPENSSL_assert(len <= FIPS_MAX_CIPHER_TEST_SIZE);
-	if (EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 1) <= 0)
+	if (FIPS_cipherinit(ctx, cipher, key, iv, 1) <= 0)
 		return 0;
-	EVP_Cipher(ctx, citmp, plaintext, len);
+	FIPS_cipher(ctx, citmp, plaintext, len);
 	if (memcmp(citmp, ciphertext, len))
 		return 0;
-	if (EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 0) <= 0)
+	if (FIPS_cipherinit(ctx, cipher, key, iv, 0) <= 0)
 		return 0;
-	EVP_Cipher(ctx, pltmp, citmp, len);
+	FIPS_cipher(ctx, pltmp, citmp, len);
 	if (memcmp(pltmp, plaintext, len))
 		return 0;
 	return 1;

fips/fips_test_suite.c

@@ -54,18 +54,18 @@ static int FIPS_aes_test(void)
 	unsigned char key[16] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16};
 	unsigned char plaintext[16] = "etaonrishdlcu";
 	EVP_CIPHER_CTX ctx;
-	EVP_CIPHER_CTX_init(&ctx);
-	if (EVP_CipherInit_ex(&ctx, EVP_aes_128_ecb(),NULL, key, NULL, 1) <= 0)
+	FIPS_cipher_ctx_init(&ctx);
+	if (FIPS_cipherinit(&ctx, EVP_aes_128_ecb(), key, NULL, 1) <= 0)
 		goto err;
-	EVP_Cipher(&ctx, citmp, plaintext, 16);
-	if (EVP_CipherInit_ex(&ctx, EVP_aes_128_ecb(),NULL, key, NULL, 0) <= 0)
+	FIPS_cipher(&ctx, citmp, plaintext, 16);
+	if (FIPS_cipherinit(&ctx, EVP_aes_128_ecb(), key, NULL, 0) <= 0)
 		goto err;
-	EVP_Cipher(&ctx, pltmp, citmp, 16);
+	FIPS_cipher(&ctx, pltmp, citmp, 16);
 	if (memcmp(pltmp, plaintext, 16))
 		goto err;
 	ret = 1;
 	err:
-	EVP_CIPHER_CTX_cleanup(&ctx);
+	FIPS_cipher_ctx_cleanup(&ctx);
 	return ret;
 	}
 
@@ -78,18 +78,18 @@ static int FIPS_des3_test(void)
 		              19,20,21,22,23,24};
     	unsigned char plaintext[] = { 'e', 't', 'a', 'o', 'n', 'r', 'i', 's' };
 	EVP_CIPHER_CTX ctx;
-	EVP_CIPHER_CTX_init(&ctx);
-	if (EVP_CipherInit_ex(&ctx, EVP_des_ede3_ecb(),NULL, key, NULL, 1) <= 0)
+	FIPS_cipher_ctx_init(&ctx);
+	if (FIPS_cipherinit(&ctx, EVP_des_ede3_ecb(), key, NULL, 1) <= 0)
 		goto err;
-	EVP_Cipher(&ctx, citmp, plaintext, 8);
-	if (EVP_CipherInit_ex(&ctx, EVP_des_ede3_ecb(),NULL, key, NULL, 0) <= 0)
+	FIPS_cipher(&ctx, citmp, plaintext, 8);
+	if (FIPS_cipherinit(&ctx, EVP_des_ede3_ecb(), key, NULL, 0) <= 0)
 		goto err;
-	EVP_Cipher(&ctx, pltmp, citmp, 8);
+	FIPS_cipher(&ctx, pltmp, citmp, 8);
 	if (memcmp(pltmp, plaintext, 8))
 		goto err;
 	ret = 1;
 	err:
-	EVP_CIPHER_CTX_cleanup(&ctx);
+	FIPS_cipher_ctx_cleanup(&ctx);
 	return ret;
 	}
 
@@ -105,7 +105,7 @@ static int FIPS_dsa_test(int bad)
     DSA_SIG *sig = NULL;
 
     ERR_clear_error();
-    EVP_MD_CTX_init(&mctx);
+    FIPS_md_ctx_init(&mctx);
     dsa = FIPS_dsa_new();
     if (!dsa)
 	goto end;
@@ -116,23 +116,23 @@ static int FIPS_dsa_test(int bad)
     if (bad)
 	    BN_add_word(dsa->pub_key, 1);
 
-    if (!EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL))
+    if (!FIPS_digestinit(&mctx, EVP_sha1()))
 	goto end;
-    if (!EVP_DigestUpdate(&mctx, dgst, sizeof(dgst) - 1))
+    if (!FIPS_digestupdate(&mctx, dgst, sizeof(dgst) - 1))
 	goto end;
     sig = FIPS_dsa_sign_ctx(dsa, &mctx);
     if (!sig)
 	goto end;
 
-    if (!EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL))
+    if (!FIPS_digestinit(&mctx, EVP_sha1()))
 	goto end;
-    if (!EVP_DigestUpdate(&mctx, dgst, sizeof(dgst) - 1))
+    if (!FIPS_digestupdate(&mctx, dgst, sizeof(dgst) - 1))
 	goto end;
     r = FIPS_dsa_verify_ctx(dsa, &mctx, sig);
     end:
     if (sig)
 	DSA_SIG_free(sig);
-    EVP_MD_CTX_cleanup(&mctx);
+    FIPS_md_ctx_cleanup(&mctx);
     if (dsa)
   	  FIPS_dsa_free(dsa);
     if (r != 1)
@@ -154,7 +154,7 @@ static int FIPS_rsa_test(int bad)
     int r = 0;
 
     ERR_clear_error();
-    EVP_MD_CTX_init(&mctx);
+    FIPS_md_ctx_init(&mctx);
     key = FIPS_rsa_new();
     bn = BN_new();
     if (!key || !bn)
@@ -166,20 +166,20 @@ static int FIPS_rsa_test(int bad)
     if (bad)
 	    BN_add_word(key->n, 1);
 
-    if (!EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL))
+    if (!FIPS_digestinit(&mctx, EVP_sha1()))
 	goto end;
-    if (!EVP_DigestUpdate(&mctx, input_ptext, sizeof(input_ptext) - 1))
+    if (!FIPS_digestupdate(&mctx, input_ptext, sizeof(input_ptext) - 1))
 	goto end;
     if (!FIPS_rsa_sign_ctx(key, &mctx, RSA_PKCS1_PADDING, 0, NULL, buf, &slen))
 	goto end;
 
-    if (!EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL))
+    if (!FIPS_digestinit(&mctx, EVP_sha1()))
 	goto end;
-    if (!EVP_DigestUpdate(&mctx, input_ptext, sizeof(input_ptext) - 1))
+    if (!FIPS_digestupdate(&mctx, input_ptext, sizeof(input_ptext) - 1))
 	goto end;
     r = FIPS_rsa_verify_ctx(key, &mctx, RSA_PKCS1_PADDING, 0, NULL, buf, slen);
     end:
-    EVP_MD_CTX_cleanup(&mctx);
+    FIPS_md_ctx_cleanup(&mctx);
     if (key)
   	  FIPS_rsa_free(key);
     if (r != 1)
@@ -199,7 +199,7 @@ static int FIPS_sha1_test()
     unsigned char md[SHA_DIGEST_LENGTH];
 
     ERR_clear_error();
-    if (!EVP_Digest(str,sizeof(str) - 1,md, NULL, EVP_sha1(), NULL)) return 0;
+    if (!FIPS_digest(str,sizeof(str) - 1,md, NULL, EVP_sha1())) return 0;
     if (memcmp(md,digest,sizeof(md)))
         return 0;
     return 1;
@@ -218,7 +218,7 @@ static int FIPS_sha256_test()
     unsigned char md[SHA256_DIGEST_LENGTH];
 
     ERR_clear_error();
-    if (!EVP_Digest(str,sizeof(str) - 1,md, NULL, EVP_sha256(), NULL)) return 0;
+    if (!FIPS_digest(str,sizeof(str) - 1,md, NULL, EVP_sha256())) return 0;
     if (memcmp(md,digest,sizeof(md)))
         return 0;
     return 1;
@@ -239,7 +239,7 @@ static int FIPS_sha512_test()
     unsigned char md[SHA512_DIGEST_LENGTH];
 
     ERR_clear_error();
-    if (!EVP_Digest(str,sizeof(str) - 1,md, NULL, EVP_sha512(), NULL)) return 0;
+    if (!FIPS_digest(str,sizeof(str) - 1,md, NULL, EVP_sha512())) return 0;
     if (memcmp(md,digest,sizeof(md)))
         return 0;
     return 1;

fips/rsa/fips_rsa_sign.c

@@ -197,7 +197,7 @@ int FIPS_rsa_sign_ctx(RSA *rsa, EVP_MD_CTX *ctx,
 	{
 	unsigned int md_len, rv;
 	unsigned char md[EVP_MAX_MD_SIZE];
-        EVP_DigestFinal_ex(ctx, md, &md_len);
+        FIPS_digestfinal(ctx, md, &md_len);
 	rv = FIPS_rsa_sign_digest(rsa, md, md_len,
 					M_EVP_MD_CTX_md(ctx),
 					rsa_pad_mode, saltlen,
@@ -300,7 +300,7 @@ int FIPS_rsa_verify_ctx(RSA *rsa, EVP_MD_CTX *ctx,
 	{
 	unsigned int md_len, rv;
 	unsigned char md[EVP_MAX_MD_SIZE];
-        EVP_DigestFinal_ex(ctx, md, &md_len);
+        FIPS_digestfinal(ctx, md, &md_len);
 	rv = FIPS_rsa_verify_digest(rsa, md, md_len, M_EVP_MD_CTX_md(ctx),
 					rsa_pad_mode, saltlen, mgf1Hash,
 					sigbuf, siglen);

fips/rsa/fips_rsastest.c

@@ -331,7 +331,7 @@ static int rsa_printsig(FILE *out, RSA *rsa, const EVP_MD *dgst,
 	if (!sigbuf)
 		goto error;
 
-	EVP_MD_CTX_init(&ctx);
+	FIPS_md_ctx_init(&ctx);
 
 	if (Saltlen >= 0)
 		pad_mode = RSA_PKCS1_PSS_PADDING;
@@ -340,15 +340,15 @@ static int rsa_printsig(FILE *out, RSA *rsa, const EVP_MD *dgst,
 	else
 		pad_mode = RSA_PKCS1_PADDING;
 
-	if (!EVP_DigestInit_ex(&ctx, dgst, NULL))
+	if (!FIPS_digestinit(&ctx, dgst))
 		goto error;
-	if (!EVP_DigestUpdate(&ctx, Msg, Msglen))
+	if (!FIPS_digestupdate(&ctx, Msg, Msglen))
 		goto error;
 	if (!FIPS_rsa_sign_ctx(rsa, &ctx, pad_mode, Saltlen, NULL,
 				sigbuf, (unsigned int *)&siglen))
 		goto error;
 
-	EVP_MD_CTX_cleanup(&ctx);
+	FIPS_md_ctx_cleanup(&ctx);
 
 	fputs("S = ", out);
 

fips/rsa/fips_rsavtest.c

@@ -332,7 +332,7 @@ static int rsa_printver(FILE *out,
 	if (!rsa_pubkey->n || !rsa_pubkey->e)
 		goto error;
 
-	EVP_MD_CTX_init(&ctx);
+	FIPS_md_ctx_init(&ctx);
 
 	if (Saltlen >= 0)
 		pad_mode = RSA_PKCS1_PSS_PADDING;
@@ -341,9 +341,9 @@ static int rsa_printver(FILE *out,
 	else
 		pad_mode = RSA_PKCS1_PADDING;
 
-	if (!EVP_DigestInit_ex(&ctx, dgst, NULL))
+	if (!FIPS_digestinit(&ctx, dgst))
 		goto error;
-	if (!EVP_DigestUpdate(&ctx, Msg, Msglen))
+	if (!FIPS_digestupdate(&ctx, Msg, Msglen))
 		goto error;
 
 	no_err = 1;
@@ -352,7 +352,7 @@ static int rsa_printver(FILE *out,
 	no_err = 0;
 
 
-	EVP_MD_CTX_cleanup(&ctx);
+	FIPS_md_ctx_cleanup(&ctx);
 
 	if (r < 0)
 		goto error;

fips/sha/fips_sha1_selftest.c

@@ -86,7 +86,7 @@ int FIPS_selftest_sha1()
 	{
 	unsigned char md[SHA_DIGEST_LENGTH];
 
-	EVP_Digest(test[n],strlen(test[n]),md, NULL, EVP_sha1(), NULL);
+	FIPS_digest(test[n],strlen(test[n]),md, NULL, EVP_sha1());
 	if(memcmp(md,ret[n],sizeof md))
 	    {
 	    FIPSerr(FIPS_F_FIPS_SELFTEST_SHA1,FIPS_R_SELFTEST_FAILED);

fips/sha/fips_shatest.c

@@ -300,7 +300,7 @@ static int print_dgst(const EVP_MD *emd, FILE *out,
 	{
 	int i, mdlen;
 	unsigned char md[EVP_MAX_MD_SIZE];
-	if (!EVP_Digest(Msg, Msglen, md, (unsigned int *)&mdlen, emd, NULL))
+	if (!FIPS_digest(Msg, Msglen, md, (unsigned int *)&mdlen, emd))
 		{
 		fputs("Error calculating HASH\n", stderr);
 		return 0;
@@ -321,7 +321,7 @@ static int print_monte(const EVP_MD *md, FILE *out,
 	unsigned char *m1, *m2, *m3, *p;
 	unsigned int mlen, m1len, m2len, m3len;
 
-	EVP_MD_CTX_init(&ctx);
+	FIPS_md_ctx_init(&ctx);
 
 	if (SeedLen > EVP_MAX_MD_SIZE)
 		mlen = SeedLen;
@@ -346,17 +346,17 @@ static int print_monte(const EVP_MD *md, FILE *out,
 		{
 		for (i = 0; i < 1000; i++)
 			{
-			EVP_DigestInit_ex(&ctx, md, NULL);
-			EVP_DigestUpdate(&ctx, m1, m1len);
-			EVP_DigestUpdate(&ctx, m2, m2len);
-			EVP_DigestUpdate(&ctx, m3, m3len);
+			FIPS_digestinit(&ctx, md);
+			FIPS_digestupdate(&ctx, m1, m1len);
+			FIPS_digestupdate(&ctx, m2, m2len);
+			FIPS_digestupdate(&ctx, m3, m3len);
 			p = m1;
 			m1 = m2;
 			m1len = m2len;
 			m2 = m3;
 			m2len = m3len;
 			m3 = p;
-			EVP_DigestFinal_ex(&ctx, m3, &m3len);
+			FIPS_digestfinal(&ctx, m3, &m3len);
 			}
 		fprintf(out, "COUNT = %d\n", j);
 		fputs("MD = ", out);
@@ -378,7 +378,7 @@ static int print_monte(const EVP_MD *md, FILE *out,
 	if (m3)
 		OPENSSL_free(m3);
 
-	EVP_MD_CTX_cleanup(&ctx);
+	FIPS_md_ctx_cleanup(&ctx);
 
 	return ret;
 	}

fips/utl/fips_md.c

@@ -208,7 +208,7 @@ void FIPS_md_ctx_destroy(EVP_MD_CTX *ctx)
 /* This call frees resources associated with the context */
 int FIPS_md_ctx_cleanup(EVP_MD_CTX *ctx)
 	{
-	/* Don't assume ctx->md_data was cleaned in EVP_Digest_Final,
+	/* Don't assume ctx->md_data was cleaned in FIPS_digest_Final,
 	 * because sometimes only copies of the context are ever finalised.
 	 */
 	if (ctx->digest && ctx->digest->cleanup