diff --git a/devicemodel/hw/pci/ahci.c b/devicemodel/hw/pci/ahci.c
index ff166fbf4..40a52836f 100644
--- a/devicemodel/hw/pci/ahci.c
+++ b/devicemodel/hw/pci/ahci.c
@@ -34,6 +34,9 @@
 #include <pthread.h>
 #include <inttypes.h>
 #include <openssl/md5.h>
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+#include <openssl/evp.h>
+#endif
 
 #include "dm.h"
 #include "pci_core.h"
@@ -2354,7 +2357,6 @@ pci_ahci_init(struct vmctx *ctx, struct pci_vdev *dev, char *opts, int atapi)
 	struct pci_ahci_vdev *ahci_dev;
 	int ret, slots, rc;
 	uint8_t p;
-	MD5_CTX mdctx;
 	u_char digest[16];
 	char *next, *next2;
 
@@ -2418,9 +2420,18 @@ pci_ahci_init(struct vmctx *ctx, struct pci_vdev *dev, char *opts, int atapi)
 		 * Create an identifier for the backing file.
 		 * Use parts of the md5 sum of the filename
 		 */
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+		EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
+		EVP_DigestInit_ex(mdctx, EVP_md5(), NULL);
+		EVP_DigestUpdate(mdctx, opts, strnlen(opts, MAX_OPTS_LEN));
+		EVP_DigestFinal_ex(mdctx, digest, NULL);
+		EVP_MD_CTX_free(mdctx);
+#else
+		MD5_CTX mdctx;
 		MD5_Init(&mdctx);
 		MD5_Update(&mdctx, opts, strnlen(opts, MAX_OPTS_LEN));
 		MD5_Final(digest, &mdctx);
+#endif
 		rc = snprintf(ahci_dev->port[p].ident,
 			sizeof(ahci_dev->port[p].ident),
 			"ACRN--%02X%02X-%02X%02X-%02X%02X", digest[0],
diff --git a/devicemodel/hw/pci/virtio/virtio_block.c b/devicemodel/hw/pci/virtio/virtio_block.c
index 9032960e1..fd296c890 100644
--- a/devicemodel/hw/pci/virtio/virtio_block.c
+++ b/devicemodel/hw/pci/virtio/virtio_block.c
@@ -33,6 +33,9 @@
 #include <string.h>
 #include <pthread.h>
 #include <openssl/md5.h>
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+#include <openssl/evp.h>
+#endif
 
 #include "dm.h"
 #include "pci_core.h"
@@ -438,7 +441,6 @@ virtio_blk_init(struct vmctx *ctx, struct pci_vdev *dev, char *opts)
 	bool dummy_bctxt;
 	char bident[16];
 	struct blockif_ctxt *bctxt;
-	MD5_CTX mdctx;
 	u_char digest[16];
 	struct virtio_blk *blk;
 	int i;
@@ -521,9 +523,18 @@ virtio_blk_init(struct vmctx *ctx, struct pci_vdev *dev, char *opts)
 	 * Create an identifier for the backing file. Use parts of the
 	 * md5 sum of the filename
 	 */
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+	EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
+	EVP_DigestInit_ex(mdctx, EVP_md5(), NULL);
+	EVP_DigestUpdate(mdctx, opts, strnlen(opts, VIRTIO_BLK_MAX_OPTS_LEN));
+	EVP_DigestFinal_ex(mdctx, digest, NULL);
+	EVP_MD_CTX_free(mdctx);
+#else
+	MD5_CTX mdctx;
 	MD5_Init(&mdctx);
 	MD5_Update(&mdctx, opts, strnlen(opts, VIRTIO_BLK_MAX_OPTS_LEN));
 	MD5_Final(digest, &mdctx);
+#endif
 	rc = snprintf(blk->ident, sizeof(blk->ident),
 		"ACRN--%02X%02X-%02X%02X-%02X%02X", digest[0],
 		digest[1], digest[2], digest[3], digest[4], digest[5]);
diff --git a/devicemodel/hw/pci/virtio/virtio_i2c.c b/devicemodel/hw/pci/virtio/virtio_i2c.c
index 40dee5fdd..955270c16 100644
--- a/devicemodel/hw/pci/virtio/virtio_i2c.c
+++ b/devicemodel/hw/pci/virtio/virtio_i2c.c
@@ -13,6 +13,9 @@
 #include <string.h>
 #include <pthread.h>
 #include <openssl/md5.h>
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+#include <openssl/evp.h>
+#endif
 #include <linux/i2c.h>
 #include <linux/i2c-dev.h>
 #include <sys/ioctl.h>
@@ -725,7 +728,6 @@ virtio_i2c_notify(void *vdev, struct virtio_vq_info *vq)
 static int
 virtio_i2c_init(struct vmctx *ctx, struct pci_vdev *dev, char *opts)
 {
-	MD5_CTX mdctx;
 	u_char digest[16];
 	struct virtio_i2c *vi2c;
 	pthread_mutexattr_t attr;
@@ -771,9 +773,18 @@ virtio_i2c_init(struct vmctx *ctx, struct pci_vdev *dev, char *opts)
 	vi2c->vq.qsize = 64;
 	vi2c->native_adapter_num = 0;
 
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+	EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
+	EVP_DigestInit_ex(mdctx, EVP_md5(), NULL);
+	EVP_DigestUpdate(mdctx, "vi2c", strlen("vi2c"));
+	EVP_DigestFinal_ex(mdctx, digest, NULL);
+	EVP_MD_CTX_free(mdctx);
+#else
+	MD5_CTX mdctx;
 	MD5_Init(&mdctx);
 	MD5_Update(&mdctx, "vi2c", strlen("vi2c"));
 	MD5_Final(digest, &mdctx);
+#endif
 	rc = snprintf(vi2c->ident, sizeof(vi2c->ident),
 		"ACRN--%02X%02X-%02X%02X-%02X%02X", digest[0],
 		digest[1], digest[2], digest[3], digest[4],
diff --git a/devicemodel/hw/pci/virtio/virtio_net.c b/devicemodel/hw/pci/virtio/virtio_net.c
index cef5024ab..b181161be 100644
--- a/devicemodel/hw/pci/virtio/virtio_net.c
+++ b/devicemodel/hw/pci/virtio/virtio_net.c
@@ -34,6 +34,9 @@
 #include <string.h>
 #include <unistd.h>
 #include <openssl/md5.h>
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+#include <openssl/evp.h>
+#endif
 #include <pthread.h>
 #include <sys/ioctl.h>
 #include <sys/errno.h>
@@ -812,7 +815,7 @@ virtio_net_tap_setup(struct virtio_net *net, char *devname)
 static int
 virtio_net_init(struct vmctx *ctx, struct pci_vdev *dev, char *opts)
 {
-	MD5_CTX mdctx;
+
 	unsigned char digest[16];
 	char nstr[80];
 	char tname[MAXCOMLEN + 1];
@@ -935,10 +938,18 @@ virtio_net_init(struct vmctx *ctx, struct pci_vdev *dev, char *opts)
 	if (!mac_provided) {
 		snprintf(nstr, sizeof(nstr), "%d-%d-%s", dev->slot,
 		    dev->func, mac_seed);
-
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+		EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
+		EVP_DigestInit_ex(mdctx, EVP_md5(), NULL);
+		EVP_DigestUpdate(mdctx, nstr, strnlen(nstr, sizeof(nstr)));
+		EVP_DigestFinal_ex(mdctx, digest, NULL);
+		EVP_MD_CTX_free(mdctx);
+#else
+		MD5_CTX mdctx;
 		MD5_Init(&mdctx);
 		MD5_Update(&mdctx, nstr, strnlen(nstr, sizeof(nstr)));
 		MD5_Final(digest, &mdctx);
+#endif
 
 		net->config.mac[0] = 0x00;
 		net->config.mac[1] = 0x16;
diff --git a/devicemodel/hw/platform/rpmb/rpmb_sim.c b/devicemodel/hw/platform/rpmb/rpmb_sim.c
index fe69cab39..ee5134a5e 100644
--- a/devicemodel/hw/platform/rpmb/rpmb_sim.c
+++ b/devicemodel/hw/platform/rpmb/rpmb_sim.c
@@ -32,6 +32,9 @@
 #include <unistd.h>
 #include <openssl/hmac.h>
 #include <openssl/opensslv.h>
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+#include <openssl/evp.h>
+#endif
 
 #include "rpmb.h"
 #include "rpmb_sim.h"
@@ -56,7 +59,9 @@ static FILE *rpmb_fd = NULL;
 #define TEEDATA_SIZE		(4*1024*1024) //4M
 #define TEEDATA_BLOCK_COUNT		(TEEDATA_SIZE/256)
 
+#ifndef offsetof
 #define offsetof(s, m)		(size_t) &(((s *) 0)->m)
+#endif
 
 static int virtio_rpmb_debug = 1;
 #define DPRINTF(params) do { if (virtio_rpmb_debug) pr_dbg params; } while (0)
@@ -103,6 +108,54 @@ err:
 
 	return hmac_ret ? 0 : -1;
 }
+#elif OPENSSL_VERSION_NUMBER >= 0x30000000L
+int rpmb_mac(const uint8_t *key, const struct rpmb_frame *frames,
+			size_t frame_cnt, uint8_t *mac)
+{
+	int i;
+	int hmac_ret;
+	size_t md_len;
+	EVP_MAC_CTX *hmac_ctx;
+	EVP_MAC *hmac = EVP_MAC_fetch(NULL, "HMAC", NULL);
+
+	hmac_ctx = EVP_MAC_CTX_new(hmac);
+	if (hmac_ctx == NULL) {
+		DPRINTF(("get hmac_ctx failed\n"));
+		EVP_MAC_free(hmac);
+		return -1;
+	}
+
+	hmac_ret = EVP_MAC_init(hmac_ctx, key, 32, NULL);
+	if (!hmac_ret) {
+		DPRINTF(("HMAC_Init_ex failed\n"));
+		goto err;
+	}
+
+	for (i = 0; i < frame_cnt; i++) {
+		hmac_ret = EVP_MAC_update(hmac_ctx, frames[i].data, 284);
+		if (!hmac_ret) {
+			DPRINTF(("HMAC_Update failed\n"));
+			goto err;
+		}
+	}
+
+	hmac_ret = EVP_MAC_final(hmac_ctx, mac, &md_len, 32);
+	if (md_len != 32) {
+		DPRINTF(("bad md_len %d != 32.\n", md_len));
+		goto err;
+	}
+
+	if (!hmac_ret) {
+		DPRINTF(("HMAC_Final failed\n"));
+		goto err;
+	}
+
+err:
+	EVP_MAC_CTX_free(hmac_ctx);
+	EVP_MAC_free(hmac);
+
+	return hmac_ret ? 0 : -1;
+}
 #else
 int rpmb_mac(const uint8_t *key, const struct rpmb_frame *frames,
 			size_t frame_cnt, uint8_t *mac)
diff --git a/misc/debug_tools/acrn_crashlog/acrnprobe/probeutils.c b/misc/debug_tools/acrn_crashlog/acrnprobe/probeutils.c
index 599741c9c..36ab64795 100644
--- a/misc/debug_tools/acrn_crashlog/acrnprobe/probeutils.c
+++ b/misc/debug_tools/acrn_crashlog/acrnprobe/probeutils.c
@@ -26,6 +26,9 @@
 #include <stdlib.h>
 #include <limits.h>
 #include <openssl/sha.h>
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+#include <openssl/evp.h>
+#endif
 #include <time.h>
 #include "property.h"
 #include "fsutils.h"
@@ -102,7 +105,6 @@ int get_current_time_long(char *buf)
 static int compute_key(char *key, size_t klen, const char *seed,
 			const size_t slen)
 {
-	SHA256_CTX sha;
 	char buf[VERSION_SIZE];
 	int len;
 	long long time_ns;
@@ -115,17 +117,27 @@ static int compute_key(char *key, size_t klen, const char *seed,
 	if (klen > SHA256_DIGEST_LENGTH * 2 || !klen)
 		return -1;
 
-	SHA256_Init(&sha);
+
 	time_ns = get_uptime();
 	len = snprintf(buf, VERSION_SIZE, "%s%s%lld",
 			gbuildversion, guuid, time_ns);
 	if (s_not_expect(len , VERSION_SIZE))
 		return -1;
 
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+	EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
+	EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL);
+	EVP_DigestUpdate(mdctx, (unsigned char *)buf, strnlen(buf, VERSION_SIZE));
+	EVP_DigestUpdate(mdctx, (unsigned char *)seed, strnlen(seed, slen));
+	EVP_DigestFinal_ex(mdctx, results, NULL);
+	EVP_MD_CTX_free(mdctx);
+#else
+	SHA256_CTX sha;
+	SHA256_Init(&sha);
 	SHA256_Update(&sha, (unsigned char *)buf, strnlen(buf, VERSION_SIZE));
 	SHA256_Update(&sha, (unsigned char *)seed, strnlen(seed, slen));
-
 	SHA256_Final(results, &sha);
+#endif
 
 	for (i = 0; i < klen / 2; i++) {
 		len = snprintf(tmp_key, 3, "%02x", results[i]);