diff -ruN FreeRDP-6b66f199e624b7203818fc55298e4695ed82ba84.original/channels/tsmf/client/ffmpeg/tsmf_ffmpeg.c FreeRDP-6b66f199e624b7203818fc55298e4695ed82ba84/channels/tsmf/client/ffmpeg/tsmf_ffmpeg.c
--- FreeRDP-6b66f199e624b7203818fc55298e4695ed82ba84.original/channels/tsmf/client/ffmpeg/tsmf_ffmpeg.c	2019-05-17 09:48:21.000000000 +0200
+++ FreeRDP-6b66f199e624b7203818fc55298e4695ed82ba84/channels/tsmf/client/ffmpeg/tsmf_ffmpeg.c	2019-12-19 13:46:03.870000000 +0100
@@ -107,7 +107,7 @@
 	mdecoder->codec_context->time_base.den = media_type->SamplesPerSecond.Numerator;
 	mdecoder->codec_context->time_base.num = media_type->SamplesPerSecond.Denominator;
 
-	mdecoder->frame = avcodec_alloc_frame();
+	mdecoder->frame = avcodec_send_frame();
 
 	return TRUE;
 }
@@ -206,8 +206,8 @@
 		}
 	}
 
-	if (mdecoder->codec->capabilities & CODEC_CAP_TRUNCATED)
-		mdecoder->codec_context->flags |= CODEC_FLAG_TRUNCATED;
+	if (mdecoder->codec->capabilities & AV_CODEC_CAP_TRUNCATED)
+		mdecoder->codec_context->flags |= AV_CODEC_FLAG_TRUNCATED;
 
 	return TRUE;
 }
@@ -342,7 +342,7 @@
 			mdecoder->codec_context->width, mdecoder->codec_context->height);
 		mdecoder->decoded_data = malloc(mdecoder->decoded_size);
 		ZeroMemory(mdecoder->decoded_data, mdecoder->decoded_size);
-		frame = avcodec_alloc_frame();
+		frame = avcodec_send_frame();
 		avpicture_fill((AVPicture*) frame, mdecoder->decoded_data,
 			mdecoder->codec_context->pix_fmt,
 			mdecoder->codec_context->width, mdecoder->codec_context->height);
@@ -412,7 +412,7 @@
 			(int16_t*) dst, &frame_size, src, src_size);
 #else
 		{
-			AVFrame* decoded_frame = avcodec_alloc_frame();
+			AVFrame* decoded_frame = avcodec_send_frame();
 			int got_frame = 0;
 			AVPacket pkt;
 			av_init_packet(&pkt);
@@ -501,7 +501,7 @@
 
 	switch (mdecoder->codec_context->pix_fmt)
 	{
-		case PIX_FMT_YUV420P:
+		case AV_PIX_FMT_YUV420P:
 			return RDP_PIXFMT_I420;
 
 		default:
diff -ruN FreeRDP-6b66f199e624b7203818fc55298e4695ed82ba84.original/include/freerdp/crypto/crypto.h FreeRDP-6b66f199e624b7203818fc55298e4695ed82ba84/include/freerdp/crypto/crypto.h
--- FreeRDP-6b66f199e624b7203818fc55298e4695ed82ba84.original/include/freerdp/crypto/crypto.h	2019-05-17 09:48:21.000000000 +0200
+++ FreeRDP-6b66f199e624b7203818fc55298e4695ed82ba84/include/freerdp/crypto/crypto.h	2019-12-19 17:40:41.540000000 +0100
@@ -61,12 +61,12 @@
 
 struct crypto_des3_struct
 {
-	EVP_CIPHER_CTX des3_ctx;
+	EVP_CIPHER_CTX * des3_ctx;
 };
 
 struct crypto_hmac_struct
 {
-	HMAC_CTX hmac_ctx;
+	HMAC_CTX * hmac_ctx;
 };
 
 struct crypto_cert_struct
diff -ruN FreeRDP-6b66f199e624b7203818fc55298e4695ed82ba84.original/libfreerdp/core/certificate.c FreeRDP-6b66f199e624b7203818fc55298e4695ed82ba84/libfreerdp/core/certificate.c
--- FreeRDP-6b66f199e624b7203818fc55298e4695ed82ba84.original/libfreerdp/core/certificate.c	2019-05-17 09:48:21.000000000 +0200
+++ FreeRDP-6b66f199e624b7203818fc55298e4695ed82ba84/libfreerdp/core/certificate.c	2019-12-19 17:40:41.540000000 +0100
@@ -657,8 +657,12 @@
 			free(key) ;
 			return NULL;
 	}
-
-	if (BN_num_bytes(rsa->e) > 4)
+	BIGNUM *rsan, *rsae, *rsad;
+	rsan = BN_new();
+	rsae = BN_new();
+	rsad = BN_new();
+	RSA_set0_key(rsa, rsan, rsae, rsad);
+	if (BN_num_bytes(rsae) > 4)
 	{
 		RSA_free(rsa);
 		fprintf(stderr, "RSA public exponent too large in %s", keyfile);
@@ -666,20 +670,23 @@
 		return NULL;
 	}
 
-	key->ModulusLength = BN_num_bytes(rsa->n);
+	key->ModulusLength = BN_num_bytes(rsan);
 	key->Modulus = (BYTE*) malloc(key->ModulusLength);
-	BN_bn2bin(rsa->n, key->Modulus);
+	BN_bn2bin(rsan, key->Modulus);
 	crypto_reverse(key->Modulus, key->ModulusLength);
 
-	key->PrivateExponentLength = BN_num_bytes(rsa->d);
+	key->PrivateExponentLength = BN_num_bytes(rsad);
 	key->PrivateExponent = (BYTE*) malloc(key->PrivateExponentLength);
-	BN_bn2bin(rsa->d, key->PrivateExponent);
+	BN_bn2bin(rsad, key->PrivateExponent);
 	crypto_reverse(key->PrivateExponent, key->PrivateExponentLength);
 
 	memset(key->exponent, 0, sizeof(key->exponent));
-	BN_bn2bin(rsa->e, key->exponent + sizeof(key->exponent) - BN_num_bytes(rsa->e));
+	BN_bn2bin(rsae, key->exponent + sizeof(key->exponent) - BN_num_bytes(rsae));
 	crypto_reverse(key->exponent, sizeof(key->exponent));
 
+	BN_free(rsan);
+	BN_free(rsae);
+	BN_free(rsad);
 	RSA_free(rsa);
 
 	return key;
diff -ruN FreeRDP-6b66f199e624b7203818fc55298e4695ed82ba84.original/libfreerdp/crypto/crypto.c FreeRDP-6b66f199e624b7203818fc55298e4695ed82ba84/libfreerdp/crypto/crypto.c
--- FreeRDP-6b66f199e624b7203818fc55298e4695ed82ba84.original/libfreerdp/crypto/crypto.c	2019-05-17 09:48:21.000000000 +0200
+++ FreeRDP-6b66f199e624b7203818fc55298e4695ed82ba84/libfreerdp/crypto/crypto.c	2019-12-19 17:40:41.540000000 +0100
@@ -82,31 +82,31 @@
 CryptoDes3 crypto_des3_encrypt_init(const BYTE* key, const BYTE* ivec)
 {
 	CryptoDes3 des3 = malloc(sizeof(*des3));
-	EVP_CIPHER_CTX_init(&des3->des3_ctx);
-	EVP_EncryptInit_ex(&des3->des3_ctx, EVP_des_ede3_cbc(), NULL, key, ivec);
-	EVP_CIPHER_CTX_set_padding(&des3->des3_ctx, 0);
+	EVP_CIPHER_CTX_init(des3->des3_ctx);
+	EVP_EncryptInit_ex(des3->des3_ctx, EVP_des_ede3_cbc(), NULL, key, ivec);
+	EVP_CIPHER_CTX_set_padding(des3->des3_ctx, 0);
 	return des3;
 }
 
 CryptoDes3 crypto_des3_decrypt_init(const BYTE* key, const BYTE* ivec)
 {
 	CryptoDes3 des3 = malloc(sizeof(*des3));
-	EVP_CIPHER_CTX_init(&des3->des3_ctx);
-	EVP_DecryptInit_ex(&des3->des3_ctx, EVP_des_ede3_cbc(), NULL, key, ivec);
-	EVP_CIPHER_CTX_set_padding(&des3->des3_ctx, 0);
+	EVP_CIPHER_CTX_init(des3->des3_ctx);
+	EVP_DecryptInit_ex(des3->des3_ctx, EVP_des_ede3_cbc(), NULL, key, ivec);
+	EVP_CIPHER_CTX_set_padding(des3->des3_ctx, 0);
 	return des3;
 }
 
 void crypto_des3_encrypt(CryptoDes3 des3, UINT32 length, const BYTE* in_data, BYTE* out_data)
 {
 	int len;
-	EVP_EncryptUpdate(&des3->des3_ctx, out_data, &len, in_data, length);
+	EVP_EncryptUpdate(des3->des3_ctx, out_data, &len, in_data, length);
 }
 
 void crypto_des3_decrypt(CryptoDes3 des3, UINT32 length, const BYTE* in_data, BYTE* out_data)
 {
 	int len;
-	EVP_DecryptUpdate(&des3->des3_ctx, out_data, &len, in_data, length);
+	EVP_DecryptUpdate(des3->des3_ctx, out_data, &len, in_data, length);
 
 	if (length != len)
 		abort(); /* TODO */
@@ -116,30 +116,30 @@
 {
 	if (des3 == NULL)
 		return;
-	EVP_CIPHER_CTX_cleanup(&des3->des3_ctx);
+	EVP_CIPHER_CTX_free(des3->des3_ctx);
 	free(des3);
 }
 
 CryptoHmac crypto_hmac_new(void)
 {
 	CryptoHmac hmac = malloc(sizeof(*hmac));
-	HMAC_CTX_init(&hmac->hmac_ctx);
+	hmac->hmac_ctx = HMAC_CTX_new();
 	return hmac;
 }
 
 void crypto_hmac_sha1_init(CryptoHmac hmac, const BYTE* data, UINT32 length)
 {
-	HMAC_Init_ex(&hmac->hmac_ctx, data, length, EVP_sha1(), NULL);
+	HMAC_Init_ex(hmac->hmac_ctx, data, length, EVP_sha1(), NULL);
 }
 
 void crypto_hmac_update(CryptoHmac hmac, const BYTE* data, UINT32 length)
 {
-	HMAC_Update(&hmac->hmac_ctx, data, length);
+	HMAC_Update(hmac->hmac_ctx, data, length);
 }
 
 void crypto_hmac_final(CryptoHmac hmac, BYTE* out_data, UINT32 length)
 {
-	HMAC_Final(&hmac->hmac_ctx, out_data, &length);
+	HMAC_Final(hmac->hmac_ctx, out_data, &length);
 }
 
 void crypto_hmac_free(CryptoHmac hmac)
@@ -147,7 +147,7 @@
 	if (hmac == NULL)
 		return;
 
-	HMAC_CTX_cleanup(&hmac->hmac_ctx);
+	HMAC_CTX_free(hmac->hmac_ctx);
 	free(hmac);
 }
 
@@ -214,7 +214,7 @@
 	BYTE* input_reverse;
 	BYTE* modulus_reverse;
 	BYTE* exponent_reverse;
-	BIGNUM mod, exp, x, y;
+	BIGNUM *mod, *exp, *x, *y;
 
 	input_reverse = (BYTE*) malloc(2 * key_length + exponent_size);
 	modulus_reverse = input_reverse + key_length;
@@ -228,26 +228,26 @@
 	crypto_reverse(input_reverse, length);
 
 	ctx = BN_CTX_new();
-	BN_init(&mod);
-	BN_init(&exp);
-	BN_init(&x);
-	BN_init(&y);
-
-	BN_bin2bn(modulus_reverse, key_length, &mod);
-	BN_bin2bn(exponent_reverse, exponent_size, &exp);
-	BN_bin2bn(input_reverse, length, &x);
-	BN_mod_exp(&y, &x, &exp, &mod, ctx);
+	mod = BN_new();
+	exp = BN_new();
+	x = BN_new();
+	y = BN_new();
+
+	BN_bin2bn(modulus_reverse, key_length, mod);
+	BN_bin2bn(exponent_reverse, exponent_size, exp);
+	BN_bin2bn(input_reverse, length, x);
+	BN_mod_exp(y, x, exp, mod, ctx);
 
-	output_length = BN_bn2bin(&y, output);
+	output_length = BN_bn2bin(y, output);
 	crypto_reverse(output, output_length);
 
 	if (output_length < (int) key_length)
 		memset(output + output_length, 0, key_length - output_length);
 
-	BN_free(&y);
-	BN_clear_free(&x);
-	BN_free(&exp);
-	BN_free(&mod);
+	BN_free(y);
+	BN_clear_free(x);
+	BN_free(exp);
+	BN_free(mod);
 	BN_CTX_free(ctx);
 	free(input_reverse);
 
diff -ruN FreeRDP-6b66f199e624b7203818fc55298e4695ed82ba84.original/winpr/libwinpr/sspi/NTLM/ntlm.c FreeRDP-6b66f199e624b7203818fc55298e4695ed82ba84/winpr/libwinpr/sspi/NTLM/ntlm.c
--- FreeRDP-6b66f199e624b7203818fc55298e4695ed82ba84.original/winpr/libwinpr/sspi/NTLM/ntlm.c	2019-05-17 09:48:21.000000000 +0200
+++ FreeRDP-6b66f199e624b7203818fc55298e4695ed82ba84/winpr/libwinpr/sspi/NTLM/ntlm.c	2019-12-19 13:41:17.440000000 +0100
@@ -625,7 +625,7 @@
 	void* data;
 	UINT32 value;
 	UINT32 SeqNo;
-	HMAC_CTX hmac;
+	HMAC_CTX *hmac;
 	BYTE digest[16];
 	BYTE checksum[8];
 	BYTE* signature;
@@ -657,14 +657,14 @@
 	CopyMemory(data, data_buffer->pvBuffer, length);
 
 	/* Compute the HMAC-MD5 hash of ConcatenationOf(seq_num,data) using the client signing key */
-	HMAC_CTX_init(&hmac);
-	HMAC_Init_ex(&hmac, context->SendSigningKey, 16, EVP_md5(), NULL);
-
+	hmac = HMAC_CTX_new();
+	HMAC_Init_ex(hmac, context->SendSigningKey, 16, EVP_md5(), NULL);
 	Data_Write_UINT32(&value, SeqNo);
-	HMAC_Update(&hmac, (void*) &value, 4);
-	HMAC_Update(&hmac, data, length);
-	HMAC_Final(&hmac, digest, NULL);
-	HMAC_CTX_cleanup(&hmac);
+	HMAC_Update(hmac, (void*) &(SeqNo), 4);
+	HMAC_Update(hmac, data, length);
+	HMAC_Final(hmac, digest, NULL);
+	HMAC_CTX_free(hmac);
+	hmac = NULL;
 
 	/* Encrypt message using with RC4, result overwrites original buffer */
 
@@ -711,7 +711,7 @@
 	int length;
 	void* data;
 	UINT32 SeqNo;
-	HMAC_CTX hmac;
+	HMAC_CTX *hmac;
 	BYTE digest[16];
 	BYTE checksum[8];
 	UINT32 version = 1;
@@ -750,12 +750,13 @@
 		CopyMemory(data_buffer->pvBuffer, data, length);
 
 	/* Compute the HMAC-MD5 hash of ConcatenationOf(seq_num,data) using the client signing key */
-	HMAC_CTX_init(&hmac);
-	HMAC_Init_ex(&hmac, context->RecvSigningKey, 16, EVP_md5(), NULL);
-	HMAC_Update(&hmac, (void*) &(SeqNo), 4);
-	HMAC_Update(&hmac, data_buffer->pvBuffer, data_buffer->cbBuffer);
-	HMAC_Final(&hmac, digest, NULL);
-	HMAC_CTX_cleanup(&hmac);
+	hmac = HMAC_CTX_new();
+	HMAC_Init_ex(hmac, context->RecvSigningKey, 16, EVP_md5(), NULL);
+	HMAC_Update(hmac, (void*) &(SeqNo), 4);
+	HMAC_Update(hmac, data_buffer->pvBuffer, data_buffer->cbBuffer);
+	HMAC_Final(hmac, digest, NULL);
+	HMAC_CTX_free(hmac);
+	hmac = NULL;
 
 #ifdef WITH_DEBUG_NTLM
 	fprintf(stderr, "Encrypted Data Buffer (length = %d)\n", length);
diff -ruN FreeRDP-6b66f199e624b7203818fc55298e4695ed82ba84.original/winpr/libwinpr/sspi/NTLM/ntlm_compute.c FreeRDP-6b66f199e624b7203818fc55298e4695ed82ba84/winpr/libwinpr/sspi/NTLM/ntlm_compute.c
--- FreeRDP-6b66f199e624b7203818fc55298e4695ed82ba84.original/winpr/libwinpr/sspi/NTLM/ntlm_compute.c	2019-05-17 09:48:21.000000000 +0200
+++ FreeRDP-6b66f199e624b7203818fc55298e4695ed82ba84/winpr/libwinpr/sspi/NTLM/ntlm_compute.c	2019-12-19 17:40:41.540000000 +0100
@@ -646,19 +646,20 @@
 
 void ntlm_compute_message_integrity_check(NTLM_CONTEXT* context)
 {
-	HMAC_CTX hmac_ctx;
+	HMAC_CTX *hmac_ctx;
 
 	/*
 	 * Compute the HMAC-MD5 hash of ConcatenationOf(NEGOTIATE_MESSAGE,
 	 * CHALLENGE_MESSAGE, AUTHENTICATE_MESSAGE) using the ExportedSessionKey
 	 */
 
-	HMAC_CTX_init(&hmac_ctx);
-	HMAC_Init_ex(&hmac_ctx, context->ExportedSessionKey, 16, EVP_md5(), NULL);
-	HMAC_Update(&hmac_ctx, context->NegotiateMessage.pvBuffer, context->NegotiateMessage.cbBuffer);
-	HMAC_Update(&hmac_ctx, context->ChallengeMessage.pvBuffer, context->ChallengeMessage.cbBuffer);
-	HMAC_Update(&hmac_ctx, context->AuthenticateMessage.pvBuffer, context->AuthenticateMessage.cbBuffer);
-	HMAC_Final(&hmac_ctx, context->MessageIntegrityCheck, NULL);
-	HMAC_CTX_cleanup(&hmac_ctx);
+	hmac_ctx = HMAC_CTX_new();
+	HMAC_Init_ex(hmac_ctx, context->ExportedSessionKey, 16, EVP_md5(), NULL);
+	HMAC_Update(hmac_ctx, context->NegotiateMessage.pvBuffer, context->NegotiateMessage.cbBuffer);
+	HMAC_Update(hmac_ctx, context->ChallengeMessage.pvBuffer, context->ChallengeMessage.cbBuffer);
+	HMAC_Update(hmac_ctx, context->AuthenticateMessage.pvBuffer, context->AuthenticateMessage.cbBuffer);
+	HMAC_Final(hmac_ctx, context->MessageIntegrityCheck, NULL);
+	HMAC_CTX_free(hmac_ctx);
+	hmac_ctx = NULL;
 }
 
diff -ruN FreeRDP-6b66f199e624b7203818fc55298e4695ed82ba84.original/winpr/tools/makecert/makecert.c FreeRDP-6b66f199e624b7203818fc55298e4695ed82ba84/winpr/tools/makecert/makecert.c
--- FreeRDP-6b66f199e624b7203818fc55298e4695ed82ba84.original/winpr/tools/makecert/makecert.c	2019-05-17 09:48:21.000000000 +0200
+++ FreeRDP-6b66f199e624b7203818fc55298e4695ed82ba84/winpr/tools/makecert/makecert.c	2019-12-19 17:40:41.540000000 +0100
@@ -626,7 +626,8 @@
 
 		CRYPTO_cleanup_all_ex_data();
 
-		CRYPTO_mem_leaks(context->bio);
+		// Only available when OPENSSL_NO_CRYPTO_MDEBUG is not defined
+		//CRYPTO_mem_leaks(context->bio);
 		BIO_free(context->bio);
 
 		free(context);