Wow thank you very much @Topaco for such a detailed answer - I tried it and it worked perfectly.

To answer the key derivation part of my own question, here's a faster performing version of the same key derivation. (Testing both the one you suggested Topaco (with the modifications you suggested) and this one, this was about 3x faster (I guess because it uses OpenSSL's deprecated MD5 functions which I read somewhere are faster performing than the new EVP functions).

char keyandiv[144];
unsigned char key[128];
unsigned char iv[16];
unsigned char digest[16];
int countingsize;
MD5_CTX ctx;
while (countingsize < 144 ) {
    MD5_Init(&ctx5);

    if (countingsize > 0) {
    MD5_Update(&ctx, digest, sizeof(digest));
    }
    MD5_Update(&ctx, password, sizeof(password));
    MD5_Update(&ctx, (unsigned char*)salt, sizeof(salt));
    MD5_Final(digest, &ctx5);   

    for (int j = 1; j < 10000; j++) {
        MD5_Init(&ctx);
    MD5_Update(&ctx, digest, sizeof(digest));
    MD5_Final(digest, &ctx);
    }

    memcpy(keyandiv + countingsize, digest, sizeof(digest));
    countingsize += sizeof(digest);
}

strncpy((char*) &key, keyandiv, 128);
for(int i5=128; i5<144; i5++){
    iv[i5-128] = keyandiv[i5];
}