diff --git a/trousers-openssl1.1.patch b/trousers-openssl1.1.patch
new file mode 100644
index 0000000..1fa2ebc
--- /dev/null
+++ b/trousers-openssl1.1.patch
@@ -0,0 +1,448 @@
+@@ -, +, @@ 
+---
+ src/tcs/crypto/openssl/crypto.c      | 15 ++++++---
+ src/trspi/crypto/openssl/hash.c      | 17 ++++++----
+ src/trspi/crypto/openssl/rsa.c       | 64 ++++++++++++++++++++++++++++++-----
+ src/trspi/crypto/openssl/symmetric.c | 65 +++++++++++++++++++++---------------
+ 4 files changed, 115 insertions(+), 46 deletions(-)
+--- a/src/tcs/crypto/openssl/crypto.c	
++++ a/src/tcs/crypto/openssl/crypto.c	
+@@ -31,13 +31,17 @@ 
+ TSS_RESULT
+ Hash(UINT32 HashType, UINT32 BufSize, BYTE* Buf, BYTE* Digest)
+ {
+-	EVP_MD_CTX md_ctx;
++	EVP_MD_CTX *md_ctx;
+ 	unsigned int result_size;
+ 	int rv;
+ 
++	md_ctx = EVP_MD_CTX_new();
++	if (md_ctx == NULL)
++		return TSPERR(TSS_E_OUTOFMEMORY);
++
+ 	switch (HashType) {
+ 		case TSS_HASH_SHA1:
+-			rv = EVP_DigestInit(&md_ctx, EVP_sha1());
++			rv = EVP_DigestInit(md_ctx, EVP_sha1());
+ 			break;
+ 		default:
+ 			rv = TCSERR(TSS_E_BAD_PARAMETER);
+@@ -50,19 +54,20 @@ Hash(UINT32 HashType, UINT32 BufSize, BYTE* Buf, BYTE* Digest)
+ 		goto out;
+ 	}
+ 
+-	rv = EVP_DigestUpdate(&md_ctx, Buf, BufSize);
++	rv = EVP_DigestUpdate(md_ctx, Buf, BufSize);
+ 	if (rv != EVP_SUCCESS) {
+ 		rv = TCSERR(TSS_E_INTERNAL_ERROR);
+ 		goto out;
+ 	}
+ 
+-	result_size = EVP_MD_CTX_size(&md_ctx);
+-	rv = EVP_DigestFinal(&md_ctx, Digest, &result_size);
++	result_size = EVP_MD_CTX_size(md_ctx);
++	rv = EVP_DigestFinal(md_ctx, Digest, &result_size);
+ 	if (rv != EVP_SUCCESS) {
+ 		rv = TCSERR(TSS_E_INTERNAL_ERROR);
+ 	} else
+ 		rv = TSS_SUCCESS;
+ 
+ out:
++	EVP_MD_CTX_free(md_ctx);
+ 	return rv;
+ }
+--- a/src/trspi/crypto/openssl/hash.c	
++++ a/src/trspi/crypto/openssl/hash.c	
+@@ -56,13 +56,17 @@ int MGF1(unsigned char *, long, const unsigned char *, long);
+ TSS_RESULT
+ Trspi_Hash(UINT32 HashType, UINT32 BufSize, BYTE* Buf, BYTE* Digest)
+ {
+-	EVP_MD_CTX md_ctx;
++	EVP_MD_CTX *md_ctx;
+ 	unsigned int result_size;
+ 	int rv;
+ 
++	md_ctx = EVP_MD_CTX_new();
++	if (md_ctx == NULL)
++		return TSPERR(TSS_E_OUTOFMEMORY);
++
+ 	switch (HashType) {
+ 		case TSS_HASH_SHA1:
+-			rv = EVP_DigestInit(&md_ctx, EVP_sha1());
++			rv = EVP_DigestInit(md_ctx, EVP_sha1());
+ 			break;
+ 		default:
+ 			rv = TSPERR(TSS_E_BAD_PARAMETER);
+@@ -75,14 +79,14 @@ Trspi_Hash(UINT32 HashType, UINT32 BufSize, BYTE* Buf, BYTE* Digest)
+ 		goto err;
+ 	}
+ 
+-	rv = EVP_DigestUpdate(&md_ctx, Buf, BufSize);
++	rv = EVP_DigestUpdate(md_ctx, Buf, BufSize);
+ 	if (rv != EVP_SUCCESS) {
+ 		rv = TSPERR(TSS_E_INTERNAL_ERROR);
+ 		goto err;
+ 	}
+ 
+-	result_size = EVP_MD_CTX_size(&md_ctx);
+-	rv = EVP_DigestFinal(&md_ctx, Digest, &result_size);
++	result_size = EVP_MD_CTX_size(md_ctx);
++	rv = EVP_DigestFinal(md_ctx, Digest, &result_size);
+ 	if (rv != EVP_SUCCESS) {
+ 		rv = TSPERR(TSS_E_INTERNAL_ERROR);
+ 		goto err;
+@@ -94,6 +98,7 @@ Trspi_Hash(UINT32 HashType, UINT32 BufSize, BYTE* Buf, BYTE* Digest)
+ err:
+ 	DEBUG_print_openssl_errors();
+ out:
++	EVP_MD_CTX_free(md_ctx);
+         return rv;
+ }
+ 
+@@ -112,7 +117,7 @@ Trspi_HashInit(Trspi_HashCtx *ctx, UINT32 HashType)
+ 			break;
+ 	}
+ 
+-	if ((ctx->ctx = malloc(sizeof(EVP_MD_CTX))) == NULL)
++	if ((ctx->ctx = EVP_MD_CTX_new()) == NULL)
+ 		return TSPERR(TSS_E_OUTOFMEMORY);
+ 
+ 	rv = EVP_DigestInit((EVP_MD_CTX *)ctx->ctx, (const EVP_MD *)md);
+--- a/src/trspi/crypto/openssl/rsa.c	
++++ a/src/trspi/crypto/openssl/rsa.c	
+@@ -38,6 +38,25 @@ 
+ #define DEBUG_print_openssl_errors()
+ #endif
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100001L
++static int
++RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
++{
++	if (n != NULL) {
++		BN_free(r->n);
++		r->n = n;
++	}
++	if (e != NULL) {
++		BN_free(r->e);
++		r->e = e;
++	}
++	if (d != NULL) {
++		BN_free(r->d);
++		r->d = d;
++	}
++	return 1;
++}
++#endif
+ 
+ /*
+  * Hopefully this will make the code clearer since
+@@ -61,6 +80,7 @@ Trspi_RSA_Encrypt(unsigned char *dataToEncrypt, /* in */
+ 	RSA *rsa = RSA_new();
+ 	BYTE encodedData[256];
+ 	int encodedDataLen;
++	BIGNUM *rsa_n = NULL, *rsa_e = NULL;
+ 
+ 	if (rsa == NULL) {
+ 		rv = TSPERR(TSS_E_OUTOFMEMORY);
+@@ -68,12 +88,20 @@ Trspi_RSA_Encrypt(unsigned char *dataToEncrypt, /* in */
+ 	}
+ 
+ 	/* set the public key value in the OpenSSL object */
+-	rsa->n = BN_bin2bn(publicKey, keysize, rsa->n);
++	rsa_n = BN_bin2bn(publicKey, keysize, NULL);
+ 	/* set the public exponent */
+-	rsa->e = BN_bin2bn(exp, sizeof(exp), rsa->e);
++	rsa_e = BN_bin2bn(exp, sizeof(exp), NULL);
+ 
+-	if (rsa->n == NULL || rsa->e == NULL) {
++	if (rsa_n == NULL || rsa_e == NULL) {
+ 		rv = TSPERR(TSS_E_OUTOFMEMORY);
++		BN_free(rsa_n);
++		BN_free(rsa_e);
++		goto err;
++	}
++	if (!RSA_set0_key(rsa, rsa_n, rsa_e, NULL)) {
++		rv = TSPERR(TSS_E_FAIL);
++		BN_free(rsa_n);
++		BN_free(rsa_e);
+ 		goto err;
+ 	}
+ 
+@@ -123,6 +151,7 @@ Trspi_Verify(UINT32 HashType, BYTE *pHash, UINT32 iHashLength,
+ 	unsigned char exp[] = { 0x01, 0x00, 0x01 }; /* The default public exponent for the TPM */
+ 	unsigned char buf[256];
+ 	RSA *rsa = RSA_new();
++	BIGNUM *rsa_n = NULL, *rsa_e = NULL;
+ 
+ 	if (rsa == NULL) {
+ 		rv = TSPERR(TSS_E_OUTOFMEMORY);
+@@ -146,12 +175,20 @@ Trspi_Verify(UINT32 HashType, BYTE *pHash, UINT32 iHashLength,
+ 	}
+ 
+ 	/* set the public key value in the OpenSSL object */
+-	rsa->n = BN_bin2bn(pModulus, iKeyLength, rsa->n);
++	rsa_n = BN_bin2bn(pModulus, iKeyLength, NULL);
+ 	/* set the public exponent */
+-	rsa->e = BN_bin2bn(exp, sizeof(exp), rsa->e);
++	rsa_e = BN_bin2bn(exp, sizeof(exp), NULL);
+ 
+-	if (rsa->n == NULL || rsa->e == NULL) {
++	if (rsa_n == NULL || rsa_e == NULL) {
+ 		rv = TSPERR(TSS_E_OUTOFMEMORY);
++		BN_free(rsa_n);
++		BN_free(rsa_e);
++		goto err;
++	}
++	if (!RSA_set0_key(rsa, rsa_n, rsa_e, NULL)) {
++		rv = TSPERR(TSS_E_FAIL);
++		BN_free(rsa_n);
++		BN_free(rsa_e);
+ 		goto err;
+ 	}
+ 
+@@ -195,6 +232,7 @@ Trspi_RSA_Public_Encrypt(unsigned char *in, unsigned int inlen,
+ 	int rv, e_size = 3;
+ 	unsigned char exp[] = { 0x01, 0x00, 0x01 };
+ 	RSA *rsa = RSA_new();
++	BIGNUM *rsa_n = NULL, *rsa_e = NULL;
+ 
+ 	if (rsa == NULL) {
+ 		rv = TSPERR(TSS_E_OUTOFMEMORY);
+@@ -237,12 +275,20 @@ Trspi_RSA_Public_Encrypt(unsigned char *in, unsigned int inlen,
+ 	}
+ 
+ 	/* set the public key value in the OpenSSL object */
+-	rsa->n = BN_bin2bn(pubkey, pubsize, rsa->n);
++	rsa_n = BN_bin2bn(pubkey, pubsize, NULL);
+ 	/* set the public exponent */
+-	rsa->e = BN_bin2bn(exp, e_size, rsa->e);
++	rsa_e = BN_bin2bn(exp, e_size, NULL);
+ 
+-	if (rsa->n == NULL || rsa->e == NULL) {
++	if (rsa_n == NULL || rsa_e == NULL) {
+ 		rv = TSPERR(TSS_E_OUTOFMEMORY);
++		BN_free(rsa_n);
++		BN_free(rsa_e);
++		goto err;
++	}
++	if (!RSA_set0_key(rsa, rsa_n, rsa_e, NULL)) {
++		rv = TSPERR(TSS_E_FAIL);
++		BN_free(rsa_n);
++		BN_free(rsa_e);
+ 		goto err;
+ 	}
+ 
+--- a/src/trspi/crypto/openssl/symmetric.c	
++++ a/src/trspi/crypto/openssl/symmetric.c	
+@@ -52,7 +52,7 @@ Trspi_Encrypt_ECB(UINT16 alg, BYTE *key, BYTE *in, UINT32 in_len, BYTE *out,
+ 		  UINT32 *out_len)
+ {
+ 	TSS_RESULT result = TSS_SUCCESS;
+-	EVP_CIPHER_CTX ctx;
++	EVP_CIPHER_CTX *ctx = NULL;
+ 	UINT32 tmp;
+ 
+ 	switch (alg) {
+@@ -64,33 +64,37 @@ Trspi_Encrypt_ECB(UINT16 alg, BYTE *key, BYTE *in, UINT32 in_len, BYTE *out,
+ 			break;
+ 	}
+ 
+-	EVP_CIPHER_CTX_init(&ctx);
++	ctx = EVP_CIPHER_CTX_new();
++	if (ctx == NULL) {
++		result = TSPERR(TSS_E_OUTOFMEMORY);
++		goto done;
++	}
+ 
+-	if (!EVP_EncryptInit(&ctx, EVP_aes_256_ecb(), key, NULL)) {
++	if (!EVP_EncryptInit(ctx, EVP_aes_256_ecb(), key, NULL)) {
+ 		result = TSPERR(TSS_E_INTERNAL_ERROR);
+ 		DEBUG_print_openssl_errors();
+ 		goto done;
+ 	}
+ 
+-	if (*out_len < in_len + EVP_CIPHER_CTX_block_size(&ctx) - 1) {
++	if (*out_len < in_len + EVP_CIPHER_CTX_block_size(ctx) - 1) {
+ 		result = TSPERR(TSS_E_INTERNAL_ERROR);
+ 		goto done;
+ 	}
+ 
+-	if (!EVP_EncryptUpdate(&ctx, out, (int *)out_len, in, in_len)) {
++	if (!EVP_EncryptUpdate(ctx, out, (int *)out_len, in, in_len)) {
+ 		result = TSPERR(TSS_E_INTERNAL_ERROR);
+ 		DEBUG_print_openssl_errors();
+ 		goto done;
+ 	}
+ 
+-	if (!EVP_EncryptFinal(&ctx, out + *out_len, (int *)&tmp)) {
++	if (!EVP_EncryptFinal(ctx, out + *out_len, (int *)&tmp)) {
+ 		result = TSPERR(TSS_E_INTERNAL_ERROR);
+ 		DEBUG_print_openssl_errors();
+ 		goto done;
+ 	}
+ 	*out_len += tmp;
+ done:
+-	EVP_CIPHER_CTX_cleanup(&ctx);
++	EVP_CIPHER_CTX_free(ctx);
+ 	return result;
+ }
+ 
+@@ -99,7 +103,7 @@ Trspi_Decrypt_ECB(UINT16 alg, BYTE *key, BYTE *in, UINT32 in_len, BYTE *out,
+ 		  UINT32 *out_len)
+ {
+ 	TSS_RESULT result = TSS_SUCCESS;
+-	EVP_CIPHER_CTX ctx;
++	EVP_CIPHER_CTX *ctx = NULL;
+ 	UINT32 tmp;
+ 
+ 	switch (alg) {
+@@ -111,28 +115,32 @@ Trspi_Decrypt_ECB(UINT16 alg, BYTE *key, BYTE *in, UINT32 in_len, BYTE *out,
+ 			break;
+ 	}
+ 
+-	EVP_CIPHER_CTX_init(&ctx);
++	ctx = EVP_CIPHER_CTX_new();
++	if (ctx == NULL) {
++		result = TSPERR(TSS_E_OUTOFMEMORY);
++		goto done;
++	}
+ 
+-	if (!EVP_DecryptInit(&ctx, EVP_aes_256_ecb(), key, NULL)) {
++	if (!EVP_DecryptInit(ctx, EVP_aes_256_ecb(), key, NULL)) {
+ 		result = TSPERR(TSS_E_INTERNAL_ERROR);
+ 		DEBUG_print_openssl_errors();
+ 		goto done;
+ 	}
+ 
+-	if (!EVP_DecryptUpdate(&ctx, out, (int *)out_len, in, in_len)) {
++	if (!EVP_DecryptUpdate(ctx, out, (int *)out_len, in, in_len)) {
+ 		result = TSPERR(TSS_E_INTERNAL_ERROR);
+ 		DEBUG_print_openssl_errors();
+ 		goto done;
+ 	}
+ 
+-	if (!EVP_DecryptFinal(&ctx, out + *out_len, (int *)&tmp)) {
++	if (!EVP_DecryptFinal(ctx, out + *out_len, (int *)&tmp)) {
+ 		result = TSPERR(TSS_E_INTERNAL_ERROR);
+ 		DEBUG_print_openssl_errors();
+ 		goto done;
+ 	}
+ 	*out_len += tmp;
+ done:
+-	EVP_CIPHER_CTX_cleanup(&ctx);
++	EVP_CIPHER_CTX_free(ctx);
+ 	return result;
+ }
+ 
+@@ -255,7 +263,7 @@ Trspi_SymEncrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32
+ 		 UINT32 *out_len)
+ {
+ 	TSS_RESULT result = TSS_SUCCESS;
+-	EVP_CIPHER_CTX ctx;
++	EVP_CIPHER_CTX *ctx;
+ 	EVP_CIPHER *cipher;
+ 	BYTE *def_iv = NULL, *outiv_ptr;
+ 	UINT32 tmp;
+@@ -269,7 +277,9 @@ Trspi_SymEncrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32
+ 	if ((cipher = get_openssl_cipher(alg, mode)) == NULL)
+ 		return TSPERR(TSS_E_INTERNAL_ERROR);
+ 
+-	EVP_CIPHER_CTX_init(&ctx);
++	ctx = EVP_CIPHER_CTX_new();
++	if (ctx == NULL)
++		return TSPERR(TSS_E_OUTOFMEMORY);
+ 
+ 	/* If the iv passed in is NULL, create a new random iv and prepend it to the ciphertext */
+ 	iv_len = EVP_CIPHER_iv_length(cipher);
+@@ -289,25 +299,25 @@ Trspi_SymEncrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32
+ 		outiv_ptr = out;
+ 	}
+ 
+-	if (!EVP_EncryptInit(&ctx, (const EVP_CIPHER *)cipher, key, def_iv)) {
++	if (!EVP_EncryptInit(ctx, (const EVP_CIPHER *)cipher, key, def_iv)) {
+ 		result = TSPERR(TSS_E_INTERNAL_ERROR);
+ 		DEBUG_print_openssl_errors();
+ 		goto done;
+ 	}
+ 
+-	if ((UINT32)outiv_len < in_len + (EVP_CIPHER_CTX_block_size(&ctx) * 2) - 1) {
++	if ((UINT32)outiv_len < in_len + (EVP_CIPHER_CTX_block_size(ctx) * 2) - 1) {
+ 		LogDebug("Not enough space to do symmetric encryption");
+ 		result = TSPERR(TSS_E_INTERNAL_ERROR);
+ 		goto done;
+ 	}
+ 
+-	if (!EVP_EncryptUpdate(&ctx, outiv_ptr, &outiv_len, in, in_len)) {
++	if (!EVP_EncryptUpdate(ctx, outiv_ptr, &outiv_len, in, in_len)) {
+ 		result = TSPERR(TSS_E_INTERNAL_ERROR);
+ 		DEBUG_print_openssl_errors();
+ 		goto done;
+ 	}
+ 
+-	if (!EVP_EncryptFinal(&ctx, outiv_ptr + outiv_len, (int *)&tmp)) {
++	if (!EVP_EncryptFinal(ctx, outiv_ptr + outiv_len, (int *)&tmp)) {
+ 		result = TSPERR(TSS_E_INTERNAL_ERROR);
+ 		DEBUG_print_openssl_errors();
+ 		goto done;
+@@ -320,7 +330,7 @@ done:
+ 		*out_len += iv_len;
+ 		free(def_iv);
+ 	}
+-	EVP_CIPHER_CTX_cleanup(&ctx);
++	EVP_CIPHER_CTX_free(ctx);
+ 	return result;
+ }
+ 
+@@ -329,7 +339,7 @@ Trspi_SymDecrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32
+ 		 UINT32 *out_len)
+ {
+ 	TSS_RESULT result = TSS_SUCCESS;
+-	EVP_CIPHER_CTX ctx;
++	EVP_CIPHER_CTX *ctx = NULL;
+ 	EVP_CIPHER *cipher;
+ 	BYTE *def_iv = NULL, *iniv_ptr;
+ 	UINT32 tmp;
+@@ -341,7 +351,10 @@ Trspi_SymDecrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32
+ 	if ((cipher = get_openssl_cipher(alg, mode)) == NULL)
+ 		return TSPERR(TSS_E_INTERNAL_ERROR);
+ 
+-	EVP_CIPHER_CTX_init(&ctx);
++	ctx = EVP_CIPHER_CTX_new();
++	if (ctx == NULL) {
++		return TSPERR(TSS_E_OUTOFMEMORY);
++	}
+ 
+ 	/* If the iv is NULL, assume that its prepended to the ciphertext */
+ 	if (iv == NULL) {
+@@ -361,19 +374,19 @@ Trspi_SymDecrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32
+ 		iniv_len = in_len;
+ 	}
+ 
+-	if (!EVP_DecryptInit(&ctx, cipher, key, def_iv)) {
++	if (!EVP_DecryptInit(ctx, cipher, key, def_iv)) {
+ 		result = TSPERR(TSS_E_INTERNAL_ERROR);
+ 		DEBUG_print_openssl_errors();
+ 		goto done;
+ 	}
+ 
+-	if (!EVP_DecryptUpdate(&ctx, out, (int *)out_len, iniv_ptr, iniv_len)) {
++	if (!EVP_DecryptUpdate(ctx, out, (int *)out_len, iniv_ptr, iniv_len)) {
+ 		result = TSPERR(TSS_E_INTERNAL_ERROR);
+ 		DEBUG_print_openssl_errors();
+ 		goto done;
+ 	}
+ 
+-	if (!EVP_DecryptFinal(&ctx, out + *out_len, (int *)&tmp)) {
++	if (!EVP_DecryptFinal(ctx, out + *out_len, (int *)&tmp)) {
+ 		result = TSPERR(TSS_E_INTERNAL_ERROR);
+ 		DEBUG_print_openssl_errors();
+ 		goto done;
+@@ -383,6 +396,6 @@ Trspi_SymDecrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32
+ done:
+ 	if (def_iv != iv)
+ 		free(def_iv);
+-	EVP_CIPHER_CTX_cleanup(&ctx);
++	EVP_CIPHER_CTX_free(ctx);
+ 	return result;
+ }
+-- 
diff --git a/trousers.spec b/trousers.spec
index c6d7f84..6429b58 100644
--- a/trousers.spec
+++ b/trousers.spec
@@ -1,7 +1,7 @@
 Name: trousers
 Summary: TCG's Software Stack v1.2
 Version: 0.3.13
-Release: 6%{?dist}
+Release: 7%{?dist}
 License: BSD
 Group: System Environment/Libraries
 Url: http://trousers.sourceforge.net
@@ -9,6 +9,7 @@ Url: http://trousers.sourceforge.net
 Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
 Source1: tcsd.service
 Patch1:  trousers-0.3.13-noinline.patch
+Patch2:  trousers-openssl1.1.patch
 
 BuildRequires: libtool, openssl-devel
 BuildRequires: systemd
@@ -57,6 +58,7 @@ applications.
 %prep
 %setup -q
 %patch1 -p1 -b .noinline
+%patch2 -p1 -b .ssl1.1
 # fix man page paths
 sed -i -e 's|/var/tpm|/var/lib/tpm|g' -e 's|/usr/local/var|/var|g' man/man5/tcsd.conf.5.in man/man8/tcsd.8.in
 
@@ -118,6 +120,9 @@ exit 0
 %{_libdir}/libtddl.a
 
 %changelog
+* Tue Feb  7 2017 Peter Robinson <pbrobinson@fedoraproject.org> 0.3.13-7
+- Add patch for OpenSSL 1.1
+
 * Fri Feb 05 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.13-6
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild