MFH: r485226

net/freerdp1: Fix build with OpenSSL 1.1

Patch taken partially from upstream with some minor refactoring because
the patch from upstream was fairly far off from where this version of
FreeRDP is at.

Built with:	Poudriere (11.2 and 13.0-CURRENT)
Tested with:	OpenSSL 1.0.2 (11.2, base)
Tested with:	OpenSSL 1.1.1 (11.2, security/openssl111)

PR:		233014
Approved by:	ultima (ports), myself (maintainer)

Approved by:	ports-secteam (blanket, build fix)

net/freerdp1/Makefile

@@ -3,7 +3,7 @@
 
 PORTNAME=	freerdp
 PORTVERSION=	1.2.0
-PORTREVISION=	12
+PORTREVISION=	13
 CATEGORIES=	net comms ipv6
 PKGNAMESUFFIX=	1
 

net/freerdp1/files/patch-git_1b5f5747

@@ -0,0 +1,30 @@
+--- winpr/libwinpr/bcrypt/CMakeLists.txt.orig	2014-09-11 22:46:32 UTC
++++ winpr/libwinpr/bcrypt/CMakeLists.txt
+@@ -17,8 +17,3 @@
+ 
+ winpr_module_add(bcrypt.c)
+ 
+-winpr_include_directory_add(
+-	${OPENSSL_INCLUDE_DIR}
+-	${ZLIB_INCLUDE_DIRS})
+-
+-winpr_library_add(${ZLIB_LIBRARIES})
+--- winpr/libwinpr/crypto/CMakeLists.txt.orig	2014-09-11 22:46:32 UTC
++++ winpr/libwinpr/crypto/CMakeLists.txt
+@@ -20,6 +20,16 @@ winpr_module_add(
+ 	crypto.h
+ 	cert.c)
+ 
++if(OPENSSL_FOUND)
++	winpr_include_directory_add(${OPENSSL_INCLUDE_DIR})
++	winpr_library_add(${OPENSSL_LIBRARIES})
++endif()
++
++if(MBEDTLS_FOUND)
++	winpr_include_directory_add(${MBEDTLS_INCLUDE_DIR})
++	winpr_library_add(${MBEDTLS_LIBRARIES})
++endif()
++
+ if(WIN32)
+ 	winpr_library_add(crypt32)
+ endif()

net/freerdp1/files/patch-include_freerdp_crypto_crypto.h

@@ -0,0 +1,23 @@
+--- include/freerdp/crypto/crypto.h.orig	2018-11-06 02:55:10 UTC
++++ include/freerdp/crypto/crypto.h
+@@ -61,12 +61,20 @@ struct crypto_rc4_struct
+ 
+ struct crypto_des3_struct
+ {
++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
++	EVP_CIPHER_CTX *des3_ctx;
++#else
+ 	EVP_CIPHER_CTX des3_ctx;
++#endif
+ };
+ 
+ struct crypto_hmac_struct
+ {
++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
++	HMAC_CTX *hmac_ctx;
++#else
+ 	HMAC_CTX hmac_ctx;
++#endif
+ };
+ 
+ struct crypto_cert_struct

net/freerdp1/files/patch-libfreerdp_common_assistance.c

@@ -0,0 +1,156 @@
+--- libfreerdp/common/assistance.c.orig	2018-11-06 05:10:45 UTC
++++ libfreerdp/common/assistance.c
+@@ -478,7 +478,11 @@ BYTE* freerdp_assistance_encrypt_pass_stub(const char*
+ 	int cbPassStubW;
+ 	int EncryptedSize;
+ 	BYTE PasswordHash[16];
++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
++	EVP_CIPHER_CTX *rc4Ctx;
++#else
+ 	EVP_CIPHER_CTX rc4Ctx;
++#endif
+ 	BYTE *pbIn, *pbOut;
+ 	int cbOut, cbIn, cbFinal;
+ 	WCHAR* PasswordW = NULL;
+@@ -516,9 +520,16 @@ BYTE* freerdp_assistance_encrypt_pass_stub(const char*
+ 	*((UINT32*) pbIn) = cbPassStubW;
+ 	CopyMemory(&pbIn[4], PassStubW, cbPassStubW);
+ 
++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
++	rc4Ctx = EVP_CIPHER_CTX_new();
++	EVP_CIPHER_CTX_init(rc4Ctx);
++
++	status = EVP_EncryptInit_ex(rc4Ctx, EVP_rc4(), NULL, NULL, NULL);
++#else
+ 	EVP_CIPHER_CTX_init(&rc4Ctx);
+ 
+ 	status = EVP_EncryptInit_ex(&rc4Ctx, EVP_rc4(), NULL, NULL, NULL);
++#endif
+ 
+ 	if (!status)
+ 	{
+@@ -526,7 +537,11 @@ BYTE* freerdp_assistance_encrypt_pass_stub(const char*
+ 		return NULL;
+ 	}
+ 
++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
++	status = EVP_EncryptInit_ex(rc4Ctx, NULL, NULL, PasswordHash, NULL);
++#else
+ 	status = EVP_EncryptInit_ex(&rc4Ctx, NULL, NULL, PasswordHash, NULL);
++#endif
+ 
+ 	if (!status)
+ 	{
+@@ -537,7 +552,11 @@ BYTE* freerdp_assistance_encrypt_pass_stub(const char*
+ 	cbOut = cbFinal = 0;
+ 	cbIn = EncryptedSize;
+ 
++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
++	status = EVP_EncryptUpdate(rc4Ctx, pbOut, &cbOut, pbIn, cbIn);
++#else
+ 	status = EVP_EncryptUpdate(&rc4Ctx, pbOut, &cbOut, pbIn, cbIn);
++#endif
+ 
+ 	if (!status)
+ 	{
+@@ -545,7 +564,11 @@ BYTE* freerdp_assistance_encrypt_pass_stub(const char*
+ 		return NULL;
+ 	}
+ 
++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
++	status = EVP_EncryptFinal_ex(rc4Ctx, pbOut + cbOut, &cbFinal);
++#else
+ 	status = EVP_EncryptFinal_ex(&rc4Ctx, pbOut + cbOut, &cbFinal);
++#endif
+ 
+ 	if (!status)
+ 	{
+@@ -553,7 +576,11 @@ BYTE* freerdp_assistance_encrypt_pass_stub(const char*
+ 		return NULL;
+ 	}
+ 
++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
++	EVP_CIPHER_CTX_free(rc4Ctx);
++#else
+ 	EVP_CIPHER_CTX_cleanup(&rc4Ctx);
++#endif
+ 
+ 	free(pbIn);
+ 	free(PasswordW);
+@@ -571,7 +598,11 @@ int freerdp_assistance_decrypt2(rdpAssistanceFile* fil
+ 	int cbPasswordW;
+ 	int cchOutW = 0;
+ 	WCHAR* pbOutW = NULL;
++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
++	EVP_CIPHER_CTX *aesDec;
++#else
+ 	EVP_CIPHER_CTX aesDec;
++#endif
+ 	WCHAR* PasswordW = NULL;
+ 	BYTE *pbIn, *pbOut;
+ 	int cbOut, cbIn, cbFinal;
+@@ -598,17 +629,31 @@ int freerdp_assistance_decrypt2(rdpAssistanceFile* fil
+ 
+ 	ZeroMemory(InitializationVector, sizeof(InitializationVector));
+ 
++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
++	aesDec = EVP_CIPHER_CTX_new();
++	EVP_CIPHER_CTX_init(aesDec);
++
++	status = EVP_DecryptInit_ex(aesDec, EVP_aes_128_cbc(), NULL, NULL, NULL);
++#else
+ 	EVP_CIPHER_CTX_init(&aesDec);
+ 
+ 	status = EVP_DecryptInit_ex(&aesDec, EVP_aes_128_cbc(), NULL, NULL, NULL);
++#endif
+ 
+ 	if (status != 1)
+ 		return -1;
+ 
++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
++	EVP_CIPHER_CTX_set_key_length(aesDec, (128 / 8));
++	EVP_CIPHER_CTX_set_padding(aesDec, 0);
++
++	status = EVP_DecryptInit_ex(aesDec, EVP_aes_128_cbc(), NULL, DerivedKey, InitializationVector);
++#else
+ 	EVP_CIPHER_CTX_set_key_length(&aesDec, (128 / 8));
+ 	EVP_CIPHER_CTX_set_padding(&aesDec, 0);
+ 
+ 	status = EVP_DecryptInit_ex(&aesDec, EVP_aes_128_cbc(), NULL, DerivedKey, InitializationVector);
++#endif
+ 
+ 	if (status != 1)
+ 		return -1;
+@@ -621,12 +666,20 @@ int freerdp_assistance_decrypt2(rdpAssistanceFile* fil
+ 	if (!pbOut)
+ 		return -1;
+ 
++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
++	status = EVP_DecryptUpdate(aesDec, pbOut, &cbOut, pbIn, cbIn);
++#else
+ 	status = EVP_DecryptUpdate(&aesDec, pbOut, &cbOut, pbIn, cbIn);
++#endif
+ 
+ 	if (status != 1)
+ 		return -1;
+ 
++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
++	status = EVP_DecryptFinal_ex(aesDec, pbOut + cbOut, &cbFinal);
++#else
+ 	status = EVP_DecryptFinal_ex(&aesDec, pbOut + cbOut, &cbFinal);
++#endif
+ 
+ 	if (status != 1)
+ 	{
+@@ -634,7 +687,11 @@ int freerdp_assistance_decrypt2(rdpAssistanceFile* fil
+ 		return -1;
+ 	}
+ 
++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
++	EVP_CIPHER_CTX_free(aesDec);
++#else
+ 	EVP_CIPHER_CTX_cleanup(&aesDec);
++#endif
+ 
+ 	cbOut += cbFinal;
+ 	cbFinal = 0;

net/freerdp1/files/patch-libfreerdp_core_certificate.c

@@ -0,0 +1,59 @@
+--- libfreerdp/core/certificate.c.orig	2014-09-11 22:46:32 UTC
++++ libfreerdp/core/certificate.c
+@@ -32,6 +32,7 @@
+ #include <openssl/rsa.h>
+ 
+ #include "certificate.h"
++#include "../crypto/opensslcompat.h"
+ 
+ #define TAG "com.freerdp.core"
+ 
+@@ -652,6 +653,9 @@ rdpRsaKey* key_new(const char* keyfile)
+ 	FILE* fp;
+ 	RSA* rsa;
+ 	rdpRsaKey* key;
++	const BIGNUM *rsa_e = NULL;
++	const BIGNUM *rsa_n = NULL;
++	const BIGNUM *rsa_d = NULL;
+ 	key = (rdpRsaKey*)calloc(1, sizeof(rdpRsaKey));
+ 
+ 	if (!key)
+@@ -692,31 +696,31 @@ rdpRsaKey* key_new(const char* keyfile)
+ 			ERR_print_errors_fp(stderr);
+ 			goto out_free_rsa;
+ 	}
+-
+-	if (BN_num_bytes(rsa->e) > 4)
++	RSA_get0_key(rsa, &rsa_n, &rsa_e, &rsa_d);
++	if (BN_num_bytes(rsa_e) > 4)
+ 	{
+ 		DEBUG_WARN("%s: RSA public exponent too large in %s\n", __FUNCTION__, keyfile);
+ 		goto out_free_rsa;
+ 	}
+ 
+-	key->ModulusLength = BN_num_bytes(rsa->n);
++	key->ModulusLength = BN_num_bytes(rsa_n);
+ 	key->Modulus = (BYTE*)malloc(key->ModulusLength);
+ 
+ 	if (!key->Modulus)
+ 		goto out_free_rsa;
+ 
+-	BN_bn2bin(rsa->n, key->Modulus);
++	BN_bn2bin(rsa_n, key->Modulus);
+ 	crypto_reverse(key->Modulus, key->ModulusLength);
+-	key->PrivateExponentLength = BN_num_bytes(rsa->d);
++	key->PrivateExponentLength = BN_num_bytes(rsa_d);
+ 	key->PrivateExponent = (BYTE*)malloc(key->PrivateExponentLength);
+ 
+ 	if (!key->PrivateExponent)
+ 		goto out_free_modulus;
+ 
+-	BN_bn2bin(rsa->d, key->PrivateExponent);
++	BN_bn2bin(rsa_d, key->PrivateExponent);
+ 	crypto_reverse(key->PrivateExponent, key->PrivateExponentLength);
+ 	memset(key->exponent, 0, sizeof(key->exponent));
+-	BN_bn2bin(rsa->e, key->exponent + sizeof(key->exponent) - BN_num_bytes(rsa->e));
++	BN_bn2bin(rsa_e, key->exponent + sizeof(key->exponent) - BN_num_bytes(rsa_e));
+ 	crypto_reverse(key->exponent, sizeof(key->exponent));
+ 	RSA_free(rsa);
+ 	return key;

net/freerdp1/files/patch-libfreerdp_core_tcp.c

@@ -0,0 +1,338 @@
+--- libfreerdp/core/tcp.c.orig	2014-09-11 22:46:32 UTC
++++ libfreerdp/core/tcp.c
+@@ -71,6 +71,7 @@
+ #include <winpr/stream.h>
+ 
+ #include "tcp.h"
++#include "../crypto/opensslcompat.h"
+ 
+ /* Simple Socket BIO */
+ 
+@@ -86,13 +87,14 @@ static int transport_bio_simple_write(BIO* bio, const 
+ {
+ 	int error;
+ 	int status = 0;
++	int socket = (int)BIO_get_data(bio);
+ 
+ 	if (!buf)
+ 		return 0;
+ 
+ 	BIO_clear_flags(bio, BIO_FLAGS_WRITE);
+ 
+-	status = _send((SOCKET) bio->num, buf, size, 0);
++	status = _send(socket, buf, size, 0);
+ 
+ 	if (status <= 0)
+ 	{
+@@ -116,13 +118,14 @@ static int transport_bio_simple_read(BIO* bio, char* b
+ {
+ 	int error;
+ 	int status = 0;
++	int socket = (int)BIO_get_data(bio);
+ 
+ 	if (!buf)
+ 		return 0;
+ 
+ 	BIO_clear_flags(bio, BIO_FLAGS_READ);
+ 
+-	status = _recv((SOCKET) bio->num, buf, size, 0);
++	status = _recv(socket, buf, size, 0);
+ 	if (status > 0)
+ 		return status;
+ 
+@@ -160,6 +163,7 @@ static int transport_bio_simple_gets(BIO* bio, char* s
+ static long transport_bio_simple_ctrl(BIO* bio, int cmd, long arg1, void* arg2)
+ {
+ 	int status = -1;
++	int socket = (int)BIO_get_data(bio);
+ 
+ 	switch (cmd)
+ 	{
+@@ -167,29 +171,29 @@ static long transport_bio_simple_ctrl(BIO* bio, int cm
+ 			if (arg2)
+ 			{
+ 				transport_bio_simple_free(bio);
+-				bio->flags = BIO_FLAGS_SHOULD_RETRY;
+-				bio->num = *((int*) arg2);
+-				bio->shutdown = (int) arg1;
+-				bio->init = 1;
++				BIO_set_flags(bio, BIO_FLAGS_SHOULD_RETRY);
++				BIO_set_data(bio, *((int *) arg2));
++				BIO_set_shutdown(bio, (int) arg1);
++				BIO_set_init(bio, 1);
+ 				status = 1;
+ 			}
+ 			break;
+ 
+ 		case BIO_C_GET_FD:
+-			if (bio->init)
++			if (BIO_get_init(bio))
+ 			{
+ 				if (arg2)
+-					*((int*) arg2) = bio->num;
+-				status = bio->num;
++					*((int*) arg2) = socket;
++				status = socket;
+ 			}
+ 			break;
+ 
+ 		case BIO_CTRL_GET_CLOSE:
+-			status = bio->shutdown;
++			status = BIO_get_shutdown(bio);
+ 			break;
+ 
+ 		case BIO_CTRL_SET_CLOSE:
+-			bio->shutdown = (int) arg1;
++			BIO_set_shutdown(bio, (int) arg1);
+ 			status = 1;
+ 			break;
+ 
+@@ -211,47 +215,49 @@ static long transport_bio_simple_ctrl(BIO* bio, int cm
+ 
+ static int transport_bio_simple_new(BIO* bio)
+ {
+-	bio->init = 0;
+-	bio->num = 0;
+-	bio->ptr = NULL;
+-	bio->flags = BIO_FLAGS_SHOULD_RETRY;
++
++	BIO_set_init(bio, 0);
++	BIO_set_data(bio, 0);
++	BIO_set_flags(bio, BIO_FLAGS_SHOULD_RETRY);
+ 	return 1;
+ }
+ 
+ static int transport_bio_simple_free(BIO* bio)
+ {
++	int socket = (int)BIO_get_data(bio);
+ 	if (!bio)
+ 		return 0;
+ 
+-	if (bio->shutdown)
++	if (BIO_get_shutdown(bio))
+ 	{
+-		if (bio->init)
+-			closesocket((SOCKET) bio->num);
++		if (BIO_get_init(bio))
++			closesocket(socket);
+ 
+-		bio->init = 0;
+-		bio->flags = 0;
++		BIO_set_init(bio, 0);
++		BIO_set_flags(bio, 0);
++		BIO_set_data(bio, 0);
+ 	}
+ 
+ 	return 1;
+ }
+ 
+-static BIO_METHOD transport_bio_simple_socket_methods =
+-{
+-	BIO_TYPE_SIMPLE,
+-	"SimpleSocket",
+-	transport_bio_simple_write,
+-	transport_bio_simple_read,
+-	transport_bio_simple_puts,
+-	transport_bio_simple_gets,
+-	transport_bio_simple_ctrl,
+-	transport_bio_simple_new,
+-	transport_bio_simple_free,
+-	NULL,
+-};
+-
+ BIO_METHOD* BIO_s_simple_socket(void)
+ {
+-	return &transport_bio_simple_socket_methods;
++	static BIO_METHOD* bio_methods = NULL;
++
++	if (bio_methods == NULL)
++	{
++		if (!(bio_methods = BIO_meth_new(BIO_TYPE_SIMPLE, "SimpleSocket")))
++			return NULL;
++		BIO_meth_set_write(bio_methods, transport_bio_simple_write);
++		BIO_meth_set_read(bio_methods, transport_bio_simple_read);
++		BIO_meth_set_puts(bio_methods, transport_bio_simple_puts);
++		BIO_meth_set_gets(bio_methods, transport_bio_simple_gets);
++		BIO_meth_set_ctrl(bio_methods, transport_bio_simple_ctrl);
++		BIO_meth_set_create(bio_methods, transport_bio_simple_new);
++		BIO_meth_set_destroy(bio_methods, transport_bio_simple_free);
++	}
++	return bio_methods;
+ }
+ 
+ /* Buffered Socket BIO */
+@@ -264,7 +270,8 @@ long transport_bio_buffered_callback(BIO* bio, int mod
+ static int transport_bio_buffered_write(BIO* bio, const char* buf, int num)
+ {
+ 	int status, ret;
+-	rdpTcp* tcp = (rdpTcp*) bio->ptr;
++	rdpTcp* tcp = (rdpTcp*) BIO_get_data(bio);
++	BIO *next_bio = NULL;
+ 	int nchunks, committedBytes, i;
+ 	DataChunk chunks[2];
+ 
+@@ -283,23 +290,24 @@ static int transport_bio_buffered_write(BIO* bio, cons
+ 
+ 	committedBytes = 0;
+ 	nchunks = ringbuffer_peek(&tcp->xmitBuffer, chunks, ringbuffer_used(&tcp->xmitBuffer));
++	next_bio = BIO_next(bio);
+ 
+ 	for (i = 0; i < nchunks; i++)
+ 	{
+ 		while (chunks[i].size)
+ 		{
+-			status = BIO_write(bio->next_bio, chunks[i].data, chunks[i].size);
++			status = BIO_write(next_bio, chunks[i].data, chunks[i].size);
+ 
+ 			if (status <= 0)
+ 			{
+-				if (!BIO_should_retry(bio->next_bio))
++				if (!BIO_should_retry(next_bio))
+ 				{
+ 					BIO_clear_flags(bio, BIO_FLAGS_SHOULD_RETRY);
+ 					ret = -1; /* fatal error */
+ 					goto out;
+ 				}
+ 
+-				if (BIO_should_write(bio->next_bio))
++				if (BIO_should_write(next_bio))
+ 				{
+ 					BIO_set_flags(bio, BIO_FLAGS_WRITE);
+ 					tcp->writeBlocked = TRUE;
+@@ -321,16 +329,17 @@ out:
+ static int transport_bio_buffered_read(BIO* bio, char* buf, int size)
+ {
+ 	int status;
+-	rdpTcp* tcp = (rdpTcp*) bio->ptr;
++	rdpTcp* tcp = (rdpTcp*) BIO_get_data(bio);
++	BIO* next_bio = BIO_next(bio);
+ 
+ 	tcp->readBlocked = FALSE;
+ 	BIO_clear_flags(bio, BIO_FLAGS_READ);
+ 
+-	status = BIO_read(bio->next_bio, buf, size);
++	status = BIO_read(next_bio, buf, size);
+ 
+ 	if (status <= 0)
+ 	{
+-		if (!BIO_should_retry(bio->next_bio))
++		if (!BIO_should_retry(next_bio))
+ 		{
+ 			BIO_clear_flags(bio, BIO_FLAGS_SHOULD_RETRY);
+ 			goto out;
+@@ -338,7 +347,7 @@ static int transport_bio_buffered_read(BIO* bio, char*
+ 
+ 		BIO_set_flags(bio, BIO_FLAGS_SHOULD_RETRY);
+ 
+-		if (BIO_should_read(bio->next_bio))
++		if (BIO_should_read(next_bio))
+ 		{
+ 			BIO_set_flags(bio, BIO_FLAGS_READ);
+ 			tcp->readBlocked = TRUE;
+@@ -362,7 +371,7 @@ static int transport_bio_buffered_gets(BIO* bio, char*
+ 
+ static long transport_bio_buffered_ctrl(BIO* bio, int cmd, long arg1, void* arg2)
+ {
+-	rdpTcp* tcp = (rdpTcp*) bio->ptr;
++	rdpTcp* tcp = (rdpTcp*) BIO_get_data(bio);
+ 
+ 	switch (cmd)
+ 	{
+@@ -376,7 +385,7 @@ static long transport_bio_buffered_ctrl(BIO* bio, int 
+ 			return 0;
+ 
+ 		default:
+-			return BIO_ctrl(bio->next_bio, cmd, arg1, arg2);
++			return BIO_ctrl(BIO_next(bio), cmd, arg1, arg2);
+ 	}
+ 
+ 	return 0;
+@@ -384,10 +393,9 @@ static long transport_bio_buffered_ctrl(BIO* bio, int 
+ 
+ static int transport_bio_buffered_new(BIO* bio)
+ {
+-	bio->init = 1;
+-	bio->num = 0;
+-	bio->ptr = NULL;
+-	bio->flags = BIO_FLAGS_SHOULD_RETRY;
++	BIO_set_init(bio, 1);
++	BIO_set_data(bio, 0);
++	BIO_set_flags(bio, BIO_FLAGS_SHOULD_RETRY);
+ 	return 1;
+ }
+ 
+@@ -396,29 +404,28 @@ static int transport_bio_buffered_free(BIO* bio)
+ 	return 1;
+ }
+ 
+-static BIO_METHOD transport_bio_buffered_socket_methods =
+-{
+-	BIO_TYPE_BUFFERED,
+-	"BufferedSocket",
+-	transport_bio_buffered_write,
+-	transport_bio_buffered_read,
+-	transport_bio_buffered_puts,
+-	transport_bio_buffered_gets,
+-	transport_bio_buffered_ctrl,
+-	transport_bio_buffered_new,
+-	transport_bio_buffered_free,
+-	NULL,
+-};
+-
+ BIO_METHOD* BIO_s_buffered_socket(void)
+ {
+-	return &transport_bio_buffered_socket_methods;
++	static BIO_METHOD* bio_methods = NULL;
++	if (bio_methods == NULL)
++	{
++		if (!(bio_methods = BIO_meth_new(BIO_TYPE_BUFFERED, "BufferedSocket")))
++			return NULL;
++		BIO_meth_set_write(bio_methods, transport_bio_buffered_write);
++		BIO_meth_set_read(bio_methods, transport_bio_buffered_read);
++		BIO_meth_set_puts(bio_methods, transport_bio_buffered_puts);
++		BIO_meth_set_gets(bio_methods, transport_bio_buffered_gets);
++		BIO_meth_set_ctrl(bio_methods, transport_bio_buffered_ctrl);
++		BIO_meth_set_create(bio_methods, transport_bio_buffered_new);
++		BIO_meth_set_destroy(bio_methods, transport_bio_buffered_free);
++	}
++	return bio_methods;
+ }
+ 
+ BOOL transport_bio_buffered_drain(BIO *bio)
+ {
+ 	int status;
+-	rdpTcp* tcp = (rdpTcp*) bio->ptr;
++	rdpTcp* tcp = (rdpTcp*) BIO_get_data(bio);
+ 
+ 	if (!ringbuffer_used(&tcp->xmitBuffer))
+ 		return 1;
+@@ -527,7 +534,10 @@ BOOL tcp_connect(rdpTcp* tcp, const char* hostname, in
+ 		if (!tcp->socketBio)
+ 			return FALSE;
+ 
+-		if (BIO_set_conn_hostname(tcp->socketBio, hostname) < 0 || BIO_set_conn_int_port(tcp->socketBio, &port) < 0)
++		char strport[10];
++		/* XXX HACK */
++		snprintf(strport, 10, "%d", port);
++		if (BIO_set_conn_hostname(tcp->socketBio, hostname) < 0 || BIO_set_conn_port(tcp->socketBio, strport) < 0)
+ 			return FALSE;
+ 
+ 		BIO_set_nbio(tcp->socketBio, 1);
+@@ -620,7 +630,7 @@ BOOL tcp_connect(rdpTcp* tcp, const char* hostname, in
+ 	if (!tcp->bufferedBio)
+ 		return FALSE;
+ 
+-	tcp->bufferedBio->ptr = tcp;
++	BIO_set_data(tcp->bufferedBio, tcp);
+ 
+ 	tcp->bufferedBio = BIO_push(tcp->bufferedBio, tcp->socketBio);
+ 
+@@ -771,7 +781,7 @@ int tcp_attach(rdpTcp* tcp, int sockfd)
+ 		if (!tcp->bufferedBio)
+ 			return FALSE;
+ 
+-		tcp->bufferedBio->ptr = tcp;
++		BIO_set_data(tcp->bufferedBio, tcp);
+ 
+ 		tcp->bufferedBio = BIO_push(tcp->bufferedBio, tcp->socketBio);
+ 	}

net/freerdp1/files/patch-libfreerdp_core_transport.c

@@ -0,0 +1,92 @@
+--- libfreerdp/core/transport.c.orig	2014-09-11 22:46:32 UTC
++++ libfreerdp/core/transport.c
+@@ -54,6 +54,7 @@
+ #include "fastpath.h"
+ #include "transport.h"
+ #include "rdp.h"
++#include "../crypto/opensslcompat.h"
+ 
+ #define TAG FREERDP_TAG("core")
+ 
+@@ -122,7 +123,7 @@ static int transport_bio_tsg_write(BIO* bio, const cha
+ {
+ 	int status;
+ 	rdpTsg* tsg;
+-	tsg = (rdpTsg*) bio->ptr;
++	tsg = (rdpTsg*) BIO_get_data(bio);
+ 	BIO_clear_flags(bio, BIO_FLAGS_WRITE);
+ 	status = tsg_write(tsg, (BYTE*) buf, num);
+ 
+@@ -142,9 +143,9 @@ static int transport_bio_tsg_read(BIO* bio, char* buf,
+ {
+ 	int status;
+ 	rdpTsg* tsg;
+-	tsg = (rdpTsg*) bio->ptr;
++	tsg = (rdpTsg*) BIO_get_data(bio);
+ 	BIO_clear_flags(bio, BIO_FLAGS_READ);
+-	status = tsg_read(bio->ptr, (BYTE*) buf, size);
++	status = tsg_read(tsg, (BYTE*) buf, size);
+ 
+ 	if (status < 0)
+ 	{
+@@ -180,10 +181,9 @@ static long transport_bio_tsg_ctrl(BIO* bio, int cmd, 
+ 
+ static int transport_bio_tsg_new(BIO* bio)
+ {
+-	bio->init = 1;
+-	bio->num = 0;
+-	bio->ptr = NULL;
+-	bio->flags = BIO_FLAGS_SHOULD_RETRY;
++	BIO_set_init(bio, 1);
++	BIO_set_data(bio, 0);
++	BIO_set_flags(bio, BIO_FLAGS_SHOULD_RETRY);
+ 	return 1;
+ }
+ 
+@@ -194,23 +194,22 @@ static int transport_bio_tsg_free(BIO* bio)
+ 
+ #define BIO_TYPE_TSG	65
+ 
+-static BIO_METHOD transport_bio_tsg_methods =
+-{
+-	BIO_TYPE_TSG,
+-	"TSGateway",
+-	transport_bio_tsg_write,
+-	transport_bio_tsg_read,
+-	transport_bio_tsg_puts,
+-	transport_bio_tsg_gets,
+-	transport_bio_tsg_ctrl,
+-	transport_bio_tsg_new,
+-	transport_bio_tsg_free,
+-	NULL,
+-};
+-
+ BIO_METHOD* BIO_s_tsg(void)
+ {
+-	return &transport_bio_tsg_methods;
++	static BIO_METHOD* bio_methods = NULL;
++	if (bio_methods == NULL)
++	{
++		if (!(bio_methods = BIO_meth_new(BIO_TYPE_TSG, "TSGateway")))
++			return NULL;
++		BIO_meth_set_write(bio_methods, transport_bio_tsg_write);
++		BIO_meth_set_read(bio_methods, transport_bio_tsg_read);
++		BIO_meth_set_puts(bio_methods, transport_bio_tsg_puts);
++		BIO_meth_set_gets(bio_methods, transport_bio_tsg_gets);
++		BIO_meth_set_ctrl(bio_methods, transport_bio_tsg_ctrl);
++		BIO_meth_set_create(bio_methods, transport_bio_tsg_new);
++		BIO_meth_set_destroy(bio_methods, transport_bio_tsg_free);
++	}
++	return bio_methods;
+ }
+ 
+ BOOL transport_connect_tls(rdpTransport* transport)
+@@ -426,7 +425,7 @@ BOOL transport_tsg_connect(rdpTransport* transport, co
+ 		return FALSE;
+ 
+ 	transport->frontBio = BIO_new(BIO_s_tsg());
+-	transport->frontBio->ptr = tsg;
++	BIO_set_data(transport->frontBio, tsg);
+ 	return TRUE;
+ }
+ 

net/freerdp1/files/patch-libfreerdp_crypto_CMakeLists.txt

@@ -0,0 +1,12 @@
+--- libfreerdp/crypto/CMakeLists.txt.orig	2018-11-15 22:43:06 UTC
++++ libfreerdp/crypto/CMakeLists.txt
+@@ -26,7 +26,8 @@ freerdp_module_add(
+ 	base64.c
+ 	certificate.c
+ 	crypto.c
+-	tls.c)
++	tls.c
++	opensslcompat.c)
+ 
+ freerdp_include_directory_add(${OPENSSL_INCLUDE_DIR})
+ freerdp_include_directory_add(${ZLIB_INCLUDE_DIRS})

net/freerdp1/files/patch-libfreerdp_crypto_crypto.c

@@ -0,0 +1,189 @@
+--- libfreerdp/crypto/crypto.c.orig	2018-11-06 02:56:44 UTC
++++ libfreerdp/crypto/crypto.c
+@@ -92,9 +92,16 @@ CryptoDes3 crypto_des3_encrypt_init(const BYTE* key, c
+ 	if (!des3)
+ 		return NULL;
+ 
++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
++	des3->des3_ctx = EVP_CIPHER_CTX_new();
++	EVP_CIPHER_CTX_init(des3->des3_ctx);
++	EVP_EncryptInit_ex(des3->des3_ctx, EVP_des_ede3_cbc(), NULL, key, ivec);
++	EVP_CIPHER_CTX_set_padding(des3->des3_ctx, 0);
++#else
+ 	EVP_CIPHER_CTX_init(&des3->des3_ctx);
+ 	EVP_EncryptInit_ex(&des3->des3_ctx, EVP_des_ede3_cbc(), NULL, key, ivec);
+ 	EVP_CIPHER_CTX_set_padding(&des3->des3_ctx, 0);
++#endif
+ 	return des3;
+ }
+ 
+@@ -103,23 +110,37 @@ CryptoDes3 crypto_des3_decrypt_init(const BYTE* key, c
+ 	CryptoDes3 des3 = malloc(sizeof(*des3));
+ 	if (!des3)
+ 		return NULL;
+-
++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
++	des3->des3_ctx = EVP_CIPHER_CTX_new();
++	EVP_CIPHER_CTX_init(des3->des3_ctx);
++	EVP_DecryptInit_ex(des3->des3_ctx, EVP_des_ede3_cbc(), NULL, key, ivec);
++	EVP_CIPHER_CTX_set_padding(des3->des3_ctx, 0);
++#else
+ 	EVP_CIPHER_CTX_init(&des3->des3_ctx);
+ 	EVP_DecryptInit_ex(&des3->des3_ctx, EVP_des_ede3_cbc(), NULL, key, ivec);
+ 	EVP_CIPHER_CTX_set_padding(&des3->des3_ctx, 0);
++#endif
+ 	return des3;
+ }
+ 
+ void crypto_des3_encrypt(CryptoDes3 des3, UINT32 length, const BYTE* in_data, BYTE* out_data)
+ {
+ 	int len;
++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
++	EVP_EncryptUpdate(des3->des3_ctx, out_data, &len, in_data, length);
++#else
+ 	EVP_EncryptUpdate(&des3->des3_ctx, out_data, &len, in_data, length);
++#endif
+ }
+ 
+ void crypto_des3_decrypt(CryptoDes3 des3, UINT32 length, const BYTE* in_data, BYTE* out_data)
+ {
+ 	int len;
++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
++	EVP_DecryptUpdate(des3->des3_ctx, out_data, &len, in_data, length);
++#else
+ 	EVP_DecryptUpdate(&des3->des3_ctx, out_data, &len, in_data, length);
++#endif
+ 
+ 	if (length != len)
+ 		abort(); /* TODO */
+@@ -129,7 +150,12 @@ void crypto_des3_free(CryptoDes3 des3)
+ {
+ 	if (des3 == NULL)
+ 		return;
++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
++	EVP_CIPHER_CTX_cleanup(des3->des3_ctx);
++	EVP_CIPHER_CTX_free(des3->des3_ctx);
++#else
+ 	EVP_CIPHER_CTX_cleanup(&des3->des3_ctx);
++#endif
+ 	free(des3);
+ }
+ 
+@@ -139,28 +165,48 @@ CryptoHmac crypto_hmac_new(void)
+ 	if (!hmac)
+ 		return NULL;
+ 
++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
++	hmac->hmac_ctx = HMAC_CTX_new();
++#else
+ 	HMAC_CTX_init(&hmac->hmac_ctx);
++#endif
+ 	return hmac;
+ }
+ 
+ void crypto_hmac_sha1_init(CryptoHmac hmac, const BYTE* data, UINT32 length)
+ {
++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
++	HMAC_Init_ex(hmac->hmac_ctx, data, length, EVP_sha1(), NULL);
++#else
+ 	HMAC_Init_ex(&hmac->hmac_ctx, data, length, EVP_sha1(), NULL);
++#endif
+ }
+ 
+ void crypto_hmac_md5_init(CryptoHmac hmac, const BYTE* data, UINT32 length)
+ {
++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
++	HMAC_Init_ex(hmac->hmac_ctx, data, length, EVP_md5(), NULL);
++#else
+ 	HMAC_Init_ex(&hmac->hmac_ctx, data, length, EVP_md5(), NULL);
++#endif
+ }
+ 
+ void crypto_hmac_update(CryptoHmac hmac, const BYTE* data, UINT32 length)
+ {
++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
++	HMAC_Update(hmac->hmac_ctx, data, length);
++#else
+ 	HMAC_Update(&hmac->hmac_ctx, data, length);
++#endif
+ }
+ 
+ void crypto_hmac_final(CryptoHmac hmac, BYTE* out_data, UINT32 length)
+ {
++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
++	HMAC_Final(hmac->hmac_ctx, out_data, &length);
++#else
+ 	HMAC_Final(&hmac->hmac_ctx, out_data, &length);
++#endif
+ }
+ 
+ void crypto_hmac_free(CryptoHmac hmac)
+@@ -168,7 +214,11 @@ void crypto_hmac_free(CryptoHmac hmac)
+ 	if (hmac == NULL)
+ 		return;
+ 
++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
++	HMAC_CTX_free(hmac->hmac_ctx);
++#else
+ 	HMAC_CTX_cleanup(&hmac->hmac_ctx);
++#endif
+ 	free(hmac);
+ }
+ 
+@@ -236,7 +286,11 @@ static int crypto_rsa_common(const BYTE* input, int le
+ 	BYTE* input_reverse;
+ 	BYTE* modulus_reverse;
+ 	BYTE* exponent_reverse;
++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
++	BIGNUM *mod, *exp, *x, *y;
++#else
+ 	BIGNUM mod, exp, x, y;
++#endif
+ 
+ 	input_reverse = (BYTE*) malloc(2 * key_length + exponent_size);
+ 	if (!input_reverse)
+@@ -254,6 +308,18 @@ static int crypto_rsa_common(const BYTE* input, int le
+ 	ctx = BN_CTX_new();
+ 	if (!ctx)
+ 		goto out_free_input_reverse;
++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
++	mod = BN_new();
++	exp = BN_new();
++	x = BN_new();
++	y = BN_new();
++
++	BN_bin2bn(modulus_reverse, key_length, mod);
++	BN_bin2bn(exponent_reverse, exponent_size, exp);
++	BN_bin2bn(input_reverse, length, x);
++	BN_mod_exp(y, x, exp, mod, ctx);
++	output_length = BN_bn2bin(y, output);
++#else
+ 	BN_init(&mod);
+ 	BN_init(&exp);
+ 	BN_init(&x);
+@@ -263,17 +329,24 @@ static int crypto_rsa_common(const BYTE* input, int le
+ 	BN_bin2bn(exponent_reverse, exponent_size, &exp);
+ 	BN_bin2bn(input_reverse, length, &x);
+ 	BN_mod_exp(&y, &x, &exp, &mod, ctx);
+-
+ 	output_length = BN_bn2bin(&y, output);
++#endif
+ 	crypto_reverse(output, output_length);
+ 
+ 	if (output_length < (int) key_length)
+ 		memset(output + output_length, 0, key_length - output_length);
+ 
++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
++	BN_free(y);
++	BN_clear_free(x);
++	BN_free(exp);
++	BN_free(mod);
++#else
+ 	BN_free(&y);
+ 	BN_clear_free(&x);
+ 	BN_free(&exp);
+ 	BN_free(&mod);
++#endif
+ 	BN_CTX_free(ctx);
+ 
+ out_free_input_reverse:

net/freerdp1/files/patch-libfreerdp_crypto_opensslcompat.c

@@ -0,0 +1,47 @@
+--- libfreerdp/crypto/opensslcompat.c.orig	2018-11-15 22:42:44 UTC
++++ libfreerdp/crypto/opensslcompat.c
+@@ -0,0 +1,44 @@
++/**
++ * FreeRDP: A Remote Desktop Protocol Implementation
++ * OpenSSL Compatibility
++ *
++ * Copyright (C) 2016 Norbert Federa <norbert.federa@thincast.com>
++ *
++ * Licensed under the Apache License, Version 2.0 (the "License");
++ * you may not use this file except in compliance with the License.
++ * You may obtain a copy of the License at
++ *
++ *		 http://www.apache.org/licenses/LICENSE-2.0
++ *
++ * Unless required by applicable law or agreed to in writing, software
++ * distributed under the License is distributed on an "AS IS" BASIS,
++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++ * See the License for the specific language governing permissions and
++ * limitations under the License.
++ */
++
++#include "opensslcompat.h"
++
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++
++BIO_METHOD* BIO_meth_new(int type, const char* name)
++{
++	BIO_METHOD* m;
++	if (!(m = calloc(1, sizeof(BIO_METHOD))))
++		return NULL;
++	m->type = type;
++	m->name = name;
++	return m;
++}
++
++void RSA_get0_key(const RSA* r, const BIGNUM** n, const BIGNUM** e, const BIGNUM** d)
++{
++	if (n != NULL)
++		*n = r->n;
++	if (e != NULL)
++		*e = r->e;
++	if (d != NULL)
++		*d = r->d;
++}
++
++#endif /* OPENSSL < 1.1.0 */

net/freerdp1/files/patch-libfreerdp_crypto_opensslcompat.h

@@ -0,0 +1,64 @@
+--- libfreerdp/crypto/opensslcompat.h.orig	2018-11-15 22:42:46 UTC
++++ libfreerdp/crypto/opensslcompat.h
+@@ -0,0 +1,61 @@
++/**
++ * FreeRDP: A Remote Desktop Protocol Implementation
++ * OpenSSL Compatibility
++ *
++ * Copyright (C) 2016 Norbert Federa <norbert.federa@thincast.com>
++ *
++ * Licensed under the Apache License, Version 2.0 (the "License");
++ * you may not use this file except in compliance with the License.
++ * You may obtain a copy of the License at
++ *
++ *		 http://www.apache.org/licenses/LICENSE-2.0
++ *
++ * Unless required by applicable law or agreed to in writing, software
++ * distributed under the License is distributed on an "AS IS" BASIS,
++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++ * See the License for the specific language governing permissions and
++ * limitations under the License.
++ */
++
++#ifndef FREERDP_CRYPTO_OPENSSLCOMPAT_H
++#define FREERDP_CRYPTO_OPENSSLCOMPAT_H
++
++#ifdef HAVE_CONFIG_H
++#include "config.h"
++#endif
++
++#include <freerdp/api.h>
++
++#include <openssl/opensslv.h>
++
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++
++#include <openssl/bio.h>
++#include <openssl/rsa.h>
++#include <openssl/bn.h>
++
++#define BIO_get_data(b)                 (b)->ptr
++#define BIO_set_data(b,v)               (b)->ptr = v
++#define BIO_get_init(b)                 (b)->init
++#define BIO_set_init(b,v)               (b)->init = v
++#define BIO_get_next(b,v)               (b)->next_bio
++#define BIO_set_next(b,v)               (b)->next_bio = v
++#define BIO_get_shutdown(b)             (b)->shutdown
++#define BIO_set_shutdown(b,v)           (b)->shutdown = v
++#define BIO_get_retry_reason(b)         (b)->retry_reason
++#define BIO_set_retry_reason(b,v)       (b)->retry_reason = v
++
++#define BIO_meth_set_write(b,f)         (b)->bwrite = (f)
++#define BIO_meth_set_read(b,f)          (b)->bread = (f)
++#define BIO_meth_set_puts(b,f)          (b)->bputs = (f)
++#define BIO_meth_set_gets(b,f)          (b)->bgets = (f)
++#define BIO_meth_set_ctrl(b,f)          (b)->ctrl = (f)
++#define BIO_meth_set_create(b,f)        (b)->create = (f)
++#define BIO_meth_set_destroy(b,f)       (b)->destroy = (f)
++#define BIO_meth_set_callback_ctrl(b,f) (b)->callback_ctrl = (f)
++
++BIO_METHOD* BIO_meth_new(int type, const char* name);
++void RSA_get0_key(const RSA* r, const BIGNUM** n, const BIGNUM** e, const BIGNUM** d);
++
++#endif /* OPENSSL < 1.1.0 */
++#endif /* FREERDP_CRYPTO_OPENSSLCOMPAT_H */

net/freerdp1/files/patch-libfreerdp_crypto_tls.c

@@ -0,0 +1,396 @@
+--- libfreerdp/crypto/tls.c.orig	2014-09-11 22:46:32 UTC
++++ libfreerdp/crypto/tls.c
+@@ -34,6 +34,7 @@
+ #include <freerdp/utils/debug.h>
+ #include <freerdp/crypto/tls.h>
+ #include "../core/tcp.h"
++#include "opensslcompat.h"
+ 
+ #ifdef HAVE_POLL_H
+ #include <poll.h>
+@@ -55,7 +56,7 @@ static int bio_rdp_tls_write(BIO* bio, const char* buf
+ {
+ 	int error;
+ 	int status;
+-	BIO_RDP_TLS* tls = (BIO_RDP_TLS*) bio->ptr;
++	BIO_RDP_TLS* tls = (BIO_RDP_TLS*) BIO_get_data(bio);
+ 
+ 	if (!buf || !tls)
+ 		return 0;
+@@ -82,12 +83,12 @@ static int bio_rdp_tls_write(BIO* bio, const char* buf
+ 
+ 			case SSL_ERROR_WANT_X509_LOOKUP:
+ 				BIO_set_flags(bio, BIO_FLAGS_IO_SPECIAL);
+-				bio->retry_reason = BIO_RR_SSL_X509_LOOKUP;
++				BIO_set_retry_reason(bio, BIO_RR_SSL_X509_LOOKUP);
+ 				break;
+ 
+ 			case SSL_ERROR_WANT_CONNECT:
+ 				BIO_set_flags(bio, BIO_FLAGS_IO_SPECIAL);
+-				bio->retry_reason = BIO_RR_CONNECT;
++				BIO_set_retry_reason(bio, BIO_RR_CONNECT);
+ 				break;
+ 
+ 			case SSL_ERROR_SYSCALL:
+@@ -116,7 +117,7 @@ static int bio_rdp_tls_read(BIO* bio, char* buf, int s
+ {
+ 	int error;
+ 	int status;
+-	BIO_RDP_TLS* tls = (BIO_RDP_TLS*) bio->ptr;
++	BIO_RDP_TLS* tls = (BIO_RDP_TLS*) BIO_get_data(bio);
+ 
+ 	if (!buf || !tls)
+ 		return 0;
+@@ -143,17 +144,17 @@ static int bio_rdp_tls_read(BIO* bio, char* buf, int s
+ 
+ 			case SSL_ERROR_WANT_X509_LOOKUP:
+ 				BIO_set_flags(bio, BIO_FLAGS_IO_SPECIAL);
+-				bio->retry_reason = BIO_RR_SSL_X509_LOOKUP;
++				BIO_set_retry_reason(bio, BIO_RR_SSL_X509_LOOKUP);
+ 				break;
+ 
+ 			case SSL_ERROR_WANT_ACCEPT:
+ 				BIO_set_flags(bio, BIO_FLAGS_IO_SPECIAL);
+-				bio->retry_reason = BIO_RR_ACCEPT;
++				BIO_set_retry_reason(bio, BIO_RR_ACCEPT);
+ 				break;
+ 
+ 			case SSL_ERROR_WANT_CONNECT:
+ 				BIO_set_flags(bio, BIO_FLAGS_IO_SPECIAL);
+-				bio->retry_reason = BIO_RR_CONNECT;
++				BIO_set_retry_reason(bio, BIO_RR_CONNECT);
+ 				break;
+ 
+ 			case SSL_ERROR_SSL:
+@@ -203,9 +204,11 @@ static int bio_rdp_tls_gets(BIO* bio, char* str, int s
+ 
+ static long bio_rdp_tls_ctrl(BIO* bio, int cmd, long num, void* ptr)
+ {
+-	BIO* rbio;
++	BIO* ssl_rbio;
++	BIO* ssl_wbio;
++	BIO* next_bio;
+ 	int status = -1;
+-	BIO_RDP_TLS* tls = (BIO_RDP_TLS*) bio->ptr;
++	BIO_RDP_TLS* tls = (BIO_RDP_TLS*) BIO_get_data(bio);
+ 
+ 	if (!tls)
+ 		return 0;
+@@ -213,28 +216,32 @@ static long bio_rdp_tls_ctrl(BIO* bio, int cmd, long n
+ 	if (!tls->ssl && (cmd != BIO_C_SET_SSL))
+ 		return 0;
+ 
++	next_bio = BIO_next(bio);
++	ssl_rbio = tls->ssl ? SSL_get_rbio(tls->ssl) : NULL;
++	ssl_wbio = tls->ssl ? SSL_get_wbio(tls->ssl) : NULL;
++
+ 	switch (cmd)
+ 	{
+ 		case BIO_CTRL_RESET:
+ 			SSL_shutdown(tls->ssl);
+ 
+-			if (tls->ssl->handshake_func == tls->ssl->method->ssl_connect)
++			if (SSL_in_connect_init(tls->ssl))
+ 				SSL_set_connect_state(tls->ssl);
+-			else if (tls->ssl->handshake_func == tls->ssl->method->ssl_accept)
++			else if (SSL_in_accept_init(tls->ssl))
+ 				SSL_set_accept_state(tls->ssl);
+ 
+ 			SSL_clear(tls->ssl);
+ 
+-			if (bio->next_bio)
+-				status = BIO_ctrl(bio->next_bio, cmd, num, ptr);
+-			else if (tls->ssl->rbio)
+-				status = BIO_ctrl(tls->ssl->rbio, cmd, num, ptr);
++			if (next_bio)
++				status = BIO_ctrl(next_bio, cmd, num, ptr);
++			else if (ssl_rbio)
++				status = BIO_ctrl(ssl_rbio, cmd, num, ptr);
+ 			else
+ 				status = 1;
+ 			break;
+ 
+ 		case BIO_C_GET_FD:
+-			status = BIO_ctrl(tls->ssl->rbio, cmd, num, ptr);
++			status = BIO_ctrl(ssl_rbio, cmd, num, ptr);
+ 			break;
+ 
+ 		case BIO_CTRL_INFO:
+@@ -259,36 +266,41 @@ static long bio_rdp_tls_ctrl(BIO* bio, int cmd, long n
+ 			break;
+ 
+ 		case BIO_CTRL_GET_CLOSE:
+-			status = bio->shutdown;
++			status = BIO_get_shutdown(bio);
+ 			break;
+ 
+ 		case BIO_CTRL_SET_CLOSE:
+-			bio->shutdown = (int) num;
++			BIO_set_shutdown(bio, (int) num);
+ 			status = 1;
+ 			break;
+ 
+ 		case BIO_CTRL_WPENDING:
+-			status = BIO_ctrl(tls->ssl->wbio, cmd, num, ptr);
++			status = BIO_ctrl(ssl_wbio, cmd, num, ptr);
+ 			break;
+ 
+ 		case BIO_CTRL_PENDING:
+ 			status = SSL_pending(tls->ssl);
+ 			if (status == 0)
+-				status = BIO_pending(tls->ssl->rbio);
++				status = BIO_pending(ssl_rbio);
+ 			break;
+ 
+ 		case BIO_CTRL_FLUSH:
+ 			BIO_clear_retry_flags(bio);
+-			status = BIO_ctrl(tls->ssl->wbio, cmd, num, ptr);
++			status = BIO_ctrl(ssl_wbio, cmd, num, ptr);
+ 			BIO_copy_next_retry(bio);
+ 			status = 1;
+ 			break;
+ 
+ 		case BIO_CTRL_PUSH:
+-			if (bio->next_bio && (bio->next_bio != tls->ssl->rbio))
++			if (next_bio && (next_bio != ssl_rbio))
+ 			{
+-				SSL_set_bio(tls->ssl, bio->next_bio, bio->next_bio);
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++				SSL_set_bio(tls->ssl, next_bio, next_bio);
+ 				CRYPTO_add(&(bio->next_bio->references), 1, CRYPTO_LOCK_BIO);
++#else
++				BIO_up_ref(next_bio);
++				SSL_set_bio(tls->ssl, next_bio, next_bio);
++#endif
+ 			}
+ 			status = 1;
+ 			break;
+@@ -296,13 +308,17 @@ static long bio_rdp_tls_ctrl(BIO* bio, int cmd, long n
+ 		case BIO_CTRL_POP:
+ 			if (bio == ptr)
+ 			{
+-				if (tls->ssl->rbio != tls->ssl->wbio)
+-					BIO_free_all(tls->ssl->wbio);
++				if (ssl_rbio != ssl_wbio)
++					BIO_free_all(ssl_wbio);
+ 
+-				if (bio->next_bio)
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++				if (next_bio)
+ 					CRYPTO_add(&(bio->next_bio->references), -1, CRYPTO_LOCK_BIO);
+ 
+ 				tls->ssl->wbio = tls->ssl->rbio = NULL;
++#else
++				SSL_set_bio(tls->ssl, NULL, NULL);
++#endif
+ 			}
+ 			status = 1;
+ 			break;
+@@ -316,29 +332,34 @@ static long bio_rdp_tls_ctrl(BIO* bio, int cmd, long n
+ 			break;
+ 
+ 		case BIO_C_SET_SSL:
+-			bio->shutdown = (int) num;
++			BIO_set_shutdown(bio, (int) num);
+ 
+-			if (ptr)
++			if (ptr) {
+ 				tls->ssl = (SSL*) ptr;
++				ssl_rbio = SSL_get_rbio(tls->ssl);
++				ssl_wbio = SSL_get_wbio(tls->ssl);
++			}
+ 
+-			rbio = SSL_get_rbio(tls->ssl);
+-
+-			if (rbio)
++			if (ssl_rbio)
+ 			{
+-				if (bio->next_bio)
+-					BIO_push(rbio, bio->next_bio);
++				if (next_bio)
++					BIO_push(ssl_rbio, next_bio);
+ 
+-				bio->next_bio = rbio;
+-				CRYPTO_add(&(rbio->references), 1, CRYPTO_LOCK_BIO);
++				BIO_set_next(bio, ssl_rbio);
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++				CRYPTO_add(&(ssl_rbio->references), 1, CRYPTO_LOCK_BIO);
++#else
++				BIO_up_ref(ssl_rbio);
++#endif
+ 			}
+ 
+-			bio->init = 1;
++			BIO_set_init(bio, 1);
+ 			status = 1;
+ 			break;
+ 
+ 		case BIO_C_DO_STATE_MACHINE:
+ 			BIO_clear_flags(bio, BIO_FLAGS_READ | BIO_FLAGS_WRITE | BIO_FLAGS_IO_SPECIAL);
+-			bio->retry_reason = 0;
++			BIO_set_retry_reason(bio, 0);
+ 
+ 			status = SSL_do_handshake(tls->ssl);
+ 
+@@ -356,7 +377,7 @@ static long bio_rdp_tls_ctrl(BIO* bio, int cmd, long n
+ 
+ 					case SSL_ERROR_WANT_CONNECT:
+ 						BIO_set_flags(bio, BIO_FLAGS_IO_SPECIAL | BIO_FLAGS_SHOULD_RETRY);
+-						bio->retry_reason = bio->next_bio->retry_reason;
++						BIO_set_retry_reason(bio, BIO_get_retry_reason(next_bio));
+ 						break;
+ 
+ 					default:
+@@ -367,7 +388,7 @@ static long bio_rdp_tls_ctrl(BIO* bio, int cmd, long n
+ 			break;
+ 
+ 		default:
+-			status = BIO_ctrl(tls->ssl->rbio, cmd, num, ptr);
++			status = BIO_ctrl(ssl_rbio, cmd, num, ptr);
+ 			break;
+ 	}
+ 
+@@ -378,17 +399,16 @@ static int bio_rdp_tls_new(BIO* bio)
+ {
+ 	BIO_RDP_TLS* tls;
+ 
+-	bio->init = 0;
+-	bio->num = 0;
+-	bio->flags = BIO_FLAGS_SHOULD_RETRY;
+-	bio->next_bio = NULL;
++	BIO_set_init(bio, 0);
++	BIO_set_data(bio, 0);
++	BIO_set_flags(bio, BIO_FLAGS_SHOULD_RETRY);
+ 
+ 	tls = calloc(1, sizeof(BIO_RDP_TLS));
+ 
+ 	if (!tls)
+ 		return 0;
+ 
+-	bio->ptr = (void*) tls;
++	BIO_set_data(bio, (void*) tls);
+ 
+ 	return 1;
+ }
+@@ -400,21 +420,21 @@ static int bio_rdp_tls_free(BIO* bio)
+ 	if (!bio)
+ 		return 0;
+ 
+-	tls = (BIO_RDP_TLS*) bio->ptr;
++	tls = (BIO_RDP_TLS*) BIO_get_data(bio);
+ 
+ 	if (!tls)
+ 		return 0;
+ 
+-	if (bio->shutdown)
++	if (BIO_get_shutdown(bio))
+ 	{
+-		if (bio->init && tls->ssl)
++		if (BIO_get_init(bio) && tls->ssl)
+ 		{
+ 			SSL_shutdown(tls->ssl);
+ 			SSL_free(tls->ssl);
+ 		}
+ 
+-		bio->init = 0;
+-		bio->flags = 0;
++		BIO_set_init(bio, 0);
++		BIO_set_flags(bio, 0);
+ 	}
+ 
+ 	free(tls);
+@@ -430,7 +450,7 @@ static long bio_rdp_tls_callback_ctrl(BIO* bio, int cm
+ 	if (!bio)
+ 		return 0;
+ 
+-	tls = (BIO_RDP_TLS*) bio->ptr;
++	tls = (BIO_RDP_TLS*) BIO_get_data(bio);
+ 
+ 	if (!tls)
+ 		return 0;
+@@ -443,7 +463,7 @@ static long bio_rdp_tls_callback_ctrl(BIO* bio, int cm
+ 			break;
+ 
+ 		default:
+-			status = BIO_callback_ctrl(tls->ssl->rbio, cmd, fp);
++			status = BIO_callback_ctrl(SSL_get_rbio(tls->ssl), cmd, fp);
+ 			break;
+ 	}
+ 
+@@ -452,23 +472,26 @@ static long bio_rdp_tls_callback_ctrl(BIO* bio, int cm
+ 
+ #define BIO_TYPE_RDP_TLS	68
+ 
+-static BIO_METHOD bio_rdp_tls_methods =
+-{
+-	BIO_TYPE_RDP_TLS,
+-	"RdpTls",
+-	bio_rdp_tls_write,
+-	bio_rdp_tls_read,
+-	bio_rdp_tls_puts,
+-	bio_rdp_tls_gets,
+-	bio_rdp_tls_ctrl,
+-	bio_rdp_tls_new,
+-	bio_rdp_tls_free,
+-	bio_rdp_tls_callback_ctrl,
+-};
+-
+ BIO_METHOD* BIO_s_rdp_tls(void)
+ {
+-	return &bio_rdp_tls_methods;
++	static BIO_METHOD* bio_methods = NULL;
++
++	if (bio_methods == NULL)
++	{
++		if (!(bio_methods = BIO_meth_new(BIO_TYPE_RDP_TLS, "RdpTls")))
++			return NULL;
++
++		BIO_meth_set_write(bio_methods, bio_rdp_tls_write);
++		BIO_meth_set_read(bio_methods, bio_rdp_tls_read);
++		BIO_meth_set_puts(bio_methods, bio_rdp_tls_puts);
++		BIO_meth_set_gets(bio_methods, bio_rdp_tls_gets);
++		BIO_meth_set_ctrl(bio_methods, bio_rdp_tls_ctrl);
++		BIO_meth_set_create(bio_methods, bio_rdp_tls_new);
++		BIO_meth_set_destroy(bio_methods, bio_rdp_tls_free);
++		BIO_meth_set_callback_ctrl(bio_methods, bio_rdp_tls_callback_ctrl);
++	}
++
++	return bio_methods;
+ }
+ 
+ BIO* BIO_new_rdp_tls(SSL_CTX* ctx, int client)
+@@ -825,6 +848,8 @@ BOOL tls_disconnect(rdpTls* tls)
+ 	if (!tls->ssl)
+ 		return TRUE;
+ 
++	/* Not functional with newer OpenSSL */
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 	if (tls->alertDescription != TLS_ALERT_DESCRIPTION_CLOSE_NOTIFY)
+ 	{
+ 		/**
+@@ -855,6 +880,7 @@ BOOL tls_disconnect(rdpTls* tls)
+ 	{
+ 		SSL_shutdown(tls->ssl);
+ 	}
++#endif
+ 
+ 	return TRUE;
+ }
+@@ -868,7 +894,7 @@ BIO *findBufferedBio(BIO *front)
+ 	{
+ 		if (BIO_method_type(ret) == BIO_TYPE_BUFFERED)
+ 			return ret;
+-		ret = ret->next_bio;
++		ret = BIO_next(ret);
+ 	}
+ 
+ 	return ret;
+@@ -896,7 +922,7 @@ int tls_write_all(rdpTls* tls, const BYTE* data, int l
+ 		return -1;
+ 	}
+ 
+-	tcp = (rdpTcp*) bufferedBio->ptr;
++	tcp = (rdpTcp*) BIO_get_data(bufferedBio);
+ 
+ 	do
+ 	{

net/freerdp1/files/patch-winpr_libwinpr_crypto_crypto.c

@@ -0,0 +1,57 @@
+--- winpr/libwinpr/crypto/crypto.c.orig	2018-11-06 02:41:23 UTC
++++ winpr/libwinpr/crypto/crypto.c
+@@ -177,20 +177,37 @@ BOOL CryptProtectMemory(LPVOID pData, DWORD cbData, DW
+ 
+ 	SecureZeroMemory(randomKey, sizeof(randomKey));
+ 
++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
++	pMemBlock->enc = EVP_CIPHER_CTX_new();
++	pMemBlock->dec = EVP_CIPHER_CTX_new();
++
++	EVP_CIPHER_CTX_init(pMemBlock->enc);
++	EVP_EncryptInit_ex(pMemBlock->enc, EVP_aes_256_cbc(), NULL, pMemBlock->key, pMemBlock->iv);
++
++	EVP_CIPHER_CTX_init(pMemBlock->dec);
++	EVP_DecryptInit_ex(pMemBlock->dec, EVP_aes_256_cbc(), NULL, pMemBlock->key, pMemBlock->iv);
++#else
+ 	EVP_CIPHER_CTX_init(&(pMemBlock->enc));
+ 	EVP_EncryptInit_ex(&(pMemBlock->enc), EVP_aes_256_cbc(), NULL, pMemBlock->key, pMemBlock->iv);
+ 
+ 	EVP_CIPHER_CTX_init(&(pMemBlock->dec));
+ 	EVP_DecryptInit_ex(&(pMemBlock->dec), EVP_aes_256_cbc(), NULL, pMemBlock->key, pMemBlock->iv);
++#endif
+ 
+ 	/* AES Encryption */
+ 
+ 	cbOut = pMemBlock->cbData + AES_BLOCK_SIZE - 1;
+ 	pCipherText = (BYTE*) malloc(cbOut);
+ 
++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
++	EVP_EncryptInit_ex(pMemBlock->enc, NULL, NULL, NULL, NULL);
++	EVP_EncryptUpdate(pMemBlock->enc, pCipherText, &cbOut, pMemBlock->pData, pMemBlock->cbData);
++	EVP_EncryptFinal_ex(pMemBlock->enc, pCipherText + cbOut, &cbFinal);
++#else
+ 	EVP_EncryptInit_ex(&(pMemBlock->enc), NULL, NULL, NULL, NULL);
+ 	EVP_EncryptUpdate(&(pMemBlock->enc), pCipherText, &cbOut, pMemBlock->pData, pMemBlock->cbData);
+ 	EVP_EncryptFinal_ex(&(pMemBlock->enc), pCipherText + cbOut, &cbFinal);
++#endif
+ 
+ 	CopyMemory(pMemBlock->pData, pCipherText, pMemBlock->cbData);
+ 	free(pCipherText);
+@@ -233,9 +250,15 @@ BOOL CryptUnprotectMemory(LPVOID pData, DWORD cbData, 
+ 	ListDictionary_Remove(g_ProtectedMemoryBlocks, pData);
+ 
+ 	/* AES Cleanup */
+-
++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
++	EVP_CIPHER_CTX_cleanup(pMemBlock->enc);
++	EVP_CIPHER_CTX_cleanup(pMemBlock->dec);
++	EVP_CIPHER_CTX_free(pMemBlock->enc);
++	EVP_CIPHER_CTX_free(pMemBlock->dec);
++#else
+ 	EVP_CIPHER_CTX_cleanup(&(pMemBlock->enc));
+ 	EVP_CIPHER_CTX_cleanup(&(pMemBlock->dec));
++#endif
+ 
+ 	free(pMemBlock);
+ 

net/freerdp1/files/patch-winpr_libwinpr_crypto_crypto.h

@@ -0,0 +1,16 @@
+--- winpr/libwinpr/crypto/crypto.h.orig	2018-11-06 02:39:40 UTC
++++ winpr/libwinpr/crypto/crypto.h
+@@ -41,8 +41,13 @@ struct _WINPR_PROTECTED_MEMORY_BLOCK
+ 	BYTE key[32];
+ 	BYTE iv[32];
+ 	BYTE salt[8];
++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
++	EVP_CIPHER_CTX *enc;
++	EVP_CIPHER_CTX *dec;
++#else
+ 	EVP_CIPHER_CTX enc;
+ 	EVP_CIPHER_CTX dec;
++#endif
+ };
+ typedef struct _WINPR_PROTECTED_MEMORY_BLOCK WINPR_PROTECTED_MEMORY_BLOCK;
+ 

net/freerdp1/files/patch-winpr_libwinpr_sspi_NTLM_ntlm.c

@@ -0,0 +1,70 @@
+--- winpr/libwinpr/sspi/NTLM/ntlm.c.orig	2014-09-11 22:46:32 UTC
++++ winpr/libwinpr/sspi/NTLM/ntlm.c
+@@ -793,7 +793,11 @@ SECURITY_STATUS SEC_ENTRY ntlm_EncryptMessage(PCtxtHan
+ 	int length;
+ 	void* data;
+ 	UINT32 SeqNo;
++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
++	HMAC_CTX *hmac;
++#else
+ 	HMAC_CTX hmac;
++#endif
+ 	BYTE digest[16];
+ 	BYTE checksum[8];
+ 	BYTE* signature;
+@@ -827,12 +831,21 @@ SECURITY_STATUS SEC_ENTRY ntlm_EncryptMessage(PCtxtHan
+ 
+ 	CopyMemory(data, data_buffer->pvBuffer, length);
+ 	/* Compute the HMAC-MD5 hash of ConcatenationOf(seq_num,data) using the client signing key */
++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
++	hmac = HMAC_CTX_new();
++	HMAC_Init_ex(hmac, context->SendSigningKey, 16, EVP_md5(), NULL);
++	HMAC_Update(hmac, (void*) &(SeqNo), 4);
++	HMAC_Update(hmac, (void*) data, length);
++	HMAC_Final(hmac, digest, NULL);
++	HMAC_CTX_free(hmac);
++#else
+ 	HMAC_CTX_init(&hmac);
+ 	HMAC_Init_ex(&hmac, context->SendSigningKey, 16, EVP_md5(), NULL);
+ 	HMAC_Update(&hmac, (void*) &(SeqNo), 4);
+ 	HMAC_Update(&hmac, (void*) data, length);
+ 	HMAC_Final(&hmac, digest, NULL);
+ 	HMAC_CTX_cleanup(&hmac);
++#endif
+ 
+ 	/* Encrypt message using with RC4, result overwrites original buffer */
+ 
+@@ -869,7 +882,11 @@ SECURITY_STATUS SEC_ENTRY ntlm_DecryptMessage(PCtxtHan
+ 	int length;
+ 	void* data;
+ 	UINT32 SeqNo;
++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
++	HMAC_CTX *hmac;
++#else
+ 	HMAC_CTX hmac;
++#endif
+ 	BYTE digest[16];
+ 	BYTE checksum[8];
+ 	UINT32 version = 1;
+@@ -911,12 +928,21 @@ SECURITY_STATUS SEC_ENTRY ntlm_DecryptMessage(PCtxtHan
+ 		CopyMemory(data_buffer->pvBuffer, data, length);
+ 
+ 	/* Compute the HMAC-MD5 hash of ConcatenationOf(seq_num,data) using the client signing key */
++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
++	hmac = HMAC_CTX_new();
++	HMAC_Init_ex(hmac, context->RecvSigningKey, 16, EVP_md5(), NULL);
++	HMAC_Update(hmac, (void*) &(SeqNo), 4);
++	HMAC_Update(hmac, (void*) data_buffer->pvBuffer, data_buffer->cbBuffer);
++	HMAC_Final(hmac, digest, NULL);
++	HMAC_CTX_free(hmac);
++#else
+ 	HMAC_CTX_init(&hmac);
+ 	HMAC_Init_ex(&hmac, context->RecvSigningKey, 16, EVP_md5(), NULL);
+ 	HMAC_Update(&hmac, (void*) &(SeqNo), 4);
+ 	HMAC_Update(&hmac, (void*) data_buffer->pvBuffer, data_buffer->cbBuffer);
+ 	HMAC_Final(&hmac, digest, NULL);
+ 	HMAC_CTX_cleanup(&hmac);
++#endif
+ #ifdef WITH_DEBUG_NTLM
+ 	WLog_DBG(TAG, "Encrypted Data Buffer (length = %d)", length);
+ 	winpr_HexDump(TAG, WLOG_DEBUG, data, length);

net/freerdp1/files/patch-winpr_libwinpr_sspi_NTLM_ntlm__compute.c

@@ -0,0 +1,34 @@
+--- winpr/libwinpr/sspi/NTLM/ntlm_compute.c.orig	2014-09-11 22:46:32 UTC
++++ winpr/libwinpr/sspi/NTLM/ntlm_compute.c
+@@ -673,11 +673,24 @@ void ntlm_init_rc4_seal_states(NTLM_CONTEXT* context)
+ 
+ void ntlm_compute_message_integrity_check(NTLM_CONTEXT* context)
+ {
++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
++	HMAC_CTX *hmac_ctx;
++#else
+ 	HMAC_CTX hmac_ctx;
++#endif
+ 	/*
+ 	 * Compute the HMAC-MD5 hash of ConcatenationOf(NEGOTIATE_MESSAGE,
+ 	 * CHALLENGE_MESSAGE, AUTHENTICATE_MESSAGE) using the ExportedSessionKey
+ 	 */
++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
++	hmac_ctx = HMAC_CTX_new();
++	HMAC_Init_ex(hmac_ctx, context->ExportedSessionKey, 16, EVP_md5(), NULL);
++	HMAC_Update(hmac_ctx, (BYTE*) context->NegotiateMessage.pvBuffer, context->NegotiateMessage.cbBuffer);
++	HMAC_Update(hmac_ctx, (BYTE*) context->ChallengeMessage.pvBuffer, context->ChallengeMessage.cbBuffer);
++	HMAC_Update(hmac_ctx, (BYTE*) context->AuthenticateMessage.pvBuffer, context->AuthenticateMessage.cbBuffer);
++	HMAC_Final(hmac_ctx, context->MessageIntegrityCheck, NULL);
++	HMAC_CTX_free(hmac_ctx);
++#else
+ 	HMAC_CTX_init(&hmac_ctx);
+ 	HMAC_Init_ex(&hmac_ctx, context->ExportedSessionKey, 16, EVP_md5(), NULL);
+ 	HMAC_Update(&hmac_ctx, (BYTE*) context->NegotiateMessage.pvBuffer, context->NegotiateMessage.cbBuffer);
+@@ -685,5 +698,6 @@ void ntlm_compute_message_integrity_check(NTLM_CONTEXT
+ 	HMAC_Update(&hmac_ctx, (BYTE*) context->AuthenticateMessage.pvBuffer, context->AuthenticateMessage.cbBuffer);
+ 	HMAC_Final(&hmac_ctx, context->MessageIntegrityCheck, NULL);
+ 	HMAC_CTX_cleanup(&hmac_ctx);
++#endif
+ }
+ 

net/freerdp1/files/patch-winpr_tools_makecert_makecert.c

@@ -0,0 +1,18 @@
+--- winpr/tools/makecert/makecert.c.orig	2018-11-06 05:00:05 UTC
++++ winpr/tools/makecert/makecert.c
+@@ -27,6 +27,7 @@
+ #include <winpr/cmdline.h>
+ #include <winpr/sysinfo.h>
+ 
++#include <openssl/crypto.h>
+ #include <openssl/conf.h>
+ #include <openssl/pem.h>
+ #include <openssl/err.h>
+@@ -757,7 +758,6 @@ void makecert_context_free(MAKECERT_CONTEXT* context)
+ 
+ 		CRYPTO_cleanup_all_ex_data();
+ 
+-		CRYPTO_mem_leaks(context->bio);
+ 		BIO_free(context->bio);
+ 
+ 		free(context);