The thread you point to doesn't describe a bug in 1.0.2. The command
line provided to OpenSSL in that thread is in error. The hex string
provided for the key is too long (by 2 bytes) so OpenSSL is doing the
right thing by issuing an error message. It seems that this was
tolerated in older versions of OpenSSL (1.0.1) - but that behaviour can
probably be considered a bug in those older (out of support) versions.