Initialize cipher context in KRB5
("D. Russell" <russelld@aol.net>)

Allow HMAC functions to use an alternative ENGINE.
diff --git a/apps/speed.c b/apps/speed.c
index e817a0d..95979e5 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -1138,7 +1138,7 @@
 
 		HMAC_CTX_init(&hctx);
 		HMAC_Init_ex(&hctx,(unsigned char *)"This is a key...",
-			16,EVP_md5());
+			16,EVP_md5(), NULL);
 
 		for (j=0; j<SIZE_NUM; j++)
 			{
@@ -1146,9 +1146,9 @@
 			Time_F(START);
 			for (count=0,run=1; COND(c[D_HMAC][j]); count++)
 				{
-				HMAC_Init_ex(&hctx,NULL,0,NULL);
-                                HMAC_Update(&hctx,buf,lengths[j]);
-                                HMAC_Final(&hctx,&(hmac[0]),NULL);
+				HMAC_Init_ex(&hctx,NULL,0,NULL,NULL);
+				HMAC_Update(&hctx,buf,lengths[j]);
+				HMAC_Final(&hctx,&(hmac[0]),NULL);
 				}
 			d=Time_F(STOP);
 			print_result(D_HMAC,j,count,d);
diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c
index 14cad73..7881860 100644
--- a/crypto/evp/p5_crpt2.c
+++ b/crypto/evp/p5_crpt2.c
@@ -100,7 +100,7 @@
 		itmp[1] = (unsigned char)((i >> 16) & 0xff);
 		itmp[2] = (unsigned char)((i >> 8) & 0xff);
 		itmp[3] = (unsigned char)(i & 0xff);
-		HMAC_Init_ex(&hctx, pass, passlen, EVP_sha1());
+		HMAC_Init_ex(&hctx, pass, passlen, EVP_sha1(), NULL);
 		HMAC_Update(&hctx, salt, saltlen);
 		HMAC_Update(&hctx, itmp, 4);
 		HMAC_Final(&hctx, digtmp, NULL);
diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c
index 3fff7b1..da363b7 100644
--- a/crypto/hmac/hmac.c
+++ b/crypto/hmac/hmac.c
@@ -61,7 +61,7 @@
 #include <openssl/hmac.h>
 
 void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
-		  const EVP_MD *md)
+		  const EVP_MD *md, ENGINE *impl)
 	{
 	int i,j,reset=0;
 	unsigned char pad[HMAC_MAX_MD_CBLOCK];
@@ -80,7 +80,7 @@
 		j=EVP_MD_block_size(md);
 		if (j < len)
 			{
-			EVP_DigestInit_ex(&ctx->md_ctx,md, NULL);
+			EVP_DigestInit_ex(&ctx->md_ctx,md, impl);
 			EVP_DigestUpdate(&ctx->md_ctx,key,len);
 			EVP_DigestFinal_ex(&(ctx->md_ctx),ctx->key,
 				&ctx->key_length);
@@ -99,12 +99,12 @@
 		{
 		for (i=0; i<HMAC_MAX_MD_CBLOCK; i++)
 			pad[i]=0x36^ctx->key[i];
-		EVP_DigestInit_ex(&ctx->i_ctx,md, NULL);
+		EVP_DigestInit_ex(&ctx->i_ctx,md, impl);
 		EVP_DigestUpdate(&ctx->i_ctx,pad,EVP_MD_block_size(md));
 
 		for (i=0; i<HMAC_MAX_MD_CBLOCK; i++)
 			pad[i]=0x5c^ctx->key[i];
-		EVP_DigestInit_ex(&ctx->o_ctx,md, NULL);
+		EVP_DigestInit_ex(&ctx->o_ctx,md, impl);
 		EVP_DigestUpdate(&ctx->o_ctx,pad,EVP_MD_block_size(md));
 		}
 	EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->i_ctx);
@@ -115,7 +115,7 @@
 	{
 	if(key && md)
 	    HMAC_CTX_init(ctx);
-	HMAC_Init_ex(ctx,key,len,md);
+	HMAC_Init_ex(ctx,key,len,md, NULL);
 	}
 
 void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len)
diff --git a/crypto/hmac/hmac.h b/crypto/hmac/hmac.h
index 58ac3d0..0364a1f 100644
--- a/crypto/hmac/hmac.h
+++ b/crypto/hmac/hmac.h
@@ -91,7 +91,7 @@
 void HMAC_Init(HMAC_CTX *ctx, const void *key, int len,
 	       const EVP_MD *md); /* deprecated */
 void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
-		  const EVP_MD *md);
+		  const EVP_MD *md, ENGINE *impl);
 void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len);
 void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
 unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c
index b6a10de..0fb67f7 100644
--- a/crypto/pkcs12/p12_mutl.c
+++ b/crypto/pkcs12/p12_mutl.c
@@ -87,11 +87,11 @@
 		return 0;
 	}
 	HMAC_CTX_init(&hmac);
-	HMAC_Init_ex (&hmac, key, PKCS12_MAC_KEY_LENGTH, md_type);
-    	HMAC_Update (&hmac, p12->authsafes->d.data->data,
+	HMAC_Init_ex(&hmac, key, PKCS12_MAC_KEY_LENGTH, md_type, NULL);
+    	HMAC_Update(&hmac, p12->authsafes->d.data->data,
 					 p12->authsafes->d.data->length);
-    	HMAC_Final (&hmac, mac, maclen);
-    	HMAC_CTX_cleanup (&hmac);
+    	HMAC_Final(&hmac, mac, maclen);
+    	HMAC_CTX_cleanup(&hmac);
 	return 1;
 }
 
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 62571ef..e5853ed 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1494,6 +1494,8 @@
 						+ EVP_MAX_IV_LENGTH];
 			int 		padl, outl = sizeof(epms);
 
+			EVP_CIPHER_CTX_init(&ciph_ctx);
+
 #ifdef KSSL_DEBUG
                         printf("ssl3_send_client_key_exchange(%lx & %lx)\n",
                                 l, SSL_kKRB5);
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 61ed0ad..d6247a6 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1557,6 +1557,8 @@
 		krb5_timestamp		authtime = 0;
 		krb5_ticket_times	ttimes;
 
+		EVP_CIPHER_CTX_init(&ciph_ctx);
+
                 if (!kssl_ctx)  kssl_ctx = kssl_ctx_new();
 
 		n2s(p,i);
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 0548533..8b7844c 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -78,16 +78,16 @@
 
 	HMAC_CTX_init(&ctx);
 	HMAC_CTX_init(&ctx_tmp);
-	HMAC_Init_ex(&ctx,sec,sec_len,md);
-	HMAC_Init_ex(&ctx_tmp,sec,sec_len,md);
+	HMAC_Init_ex(&ctx,sec,sec_len,md, NULL);
+	HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL);
 	HMAC_Update(&ctx,seed,seed_len);
 	HMAC_Final(&ctx,A1,&A1_len);
 
 	n=0;
 	for (;;)
 		{
-		HMAC_Init_ex(&ctx,NULL,0,NULL); /* re-init */
-		HMAC_Init_ex(&ctx_tmp,NULL,0,NULL); /* re-init */
+		HMAC_Init_ex(&ctx,NULL,0,NULL,NULL); /* re-init */
+		HMAC_Init_ex(&ctx_tmp,NULL,0,NULL,NULL); /* re-init */
 		HMAC_Update(&ctx,A1,A1_len);
 		HMAC_Update(&ctx_tmp,A1,A1_len);
 		HMAC_Update(&ctx,seed,seed_len);
@@ -652,7 +652,7 @@
 
 	/* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */
 	HMAC_CTX_init(&hmac);
-	HMAC_Init_ex(&hmac,mac_sec,EVP_MD_size(hash),hash);
+	HMAC_Init_ex(&hmac,mac_sec,EVP_MD_size(hash),hash,NULL);
 	HMAC_Update(&hmac,seq,8);
 	HMAC_Update(&hmac,buf,5);
 	HMAC_Update(&hmac,rec->input,rec->length);