diff --git a/dpkg.changes b/dpkg.changes
index f708bc8..db31b68 100644
--- a/dpkg.changes
+++ b/dpkg.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu Jul 20 11:25:20 UTC 2023 - Adam Majer <adam.majer@suse.de>
+
+- openssl.patch: use openssl library for MD5 calculation instead
+  of relying on libmd. libmd is not in Ring0
+
 -------------------------------------------------------------------
 Wed Jun  7 11:15:53 UTC 2023 - pgajdos@suse.com
 
diff --git a/dpkg.spec b/dpkg.spec
index dc7df03..7902bc2 100644
--- a/dpkg.spec
+++ b/dpkg.spec
@@ -30,15 +30,16 @@ Patch1:         update-alternatives-suse.patch
 # PATCH-FIX-SUSE: tar of Leap 42.{2,3} does not recognize --sort=name, --clamp-mtime options
 Patch2:         drop-tar-option.patch
 Patch3:         ncurses-fix.patch
+Patch4:         openssl.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  gcc-c++
 BuildRequires:  gpg2
 BuildRequires:  libbz2-devel
-BuildRequires:  libmd-devel
 BuildRequires:  libselinux-devel
 BuildRequires:  libtool
 BuildRequires:  ncurses-devel
+BuildRequires:  openssl-devel
 BuildRequires:  po4a >= 0.59
 BuildRequires:  update-alternatives
 BuildRequires:  xz-devel
@@ -89,6 +90,7 @@ Libraries and header files for dpkg.
 %patch2 -p1
 %endif
 %patch3 -p1
+%patch4 -p1
 
 %build
 %global _lto_cflags %{_lto_cflags} -ffat-lto-objects
diff --git a/openssl.patch b/openssl.patch
new file mode 100644
index 0000000..d6120fd
--- /dev/null
+++ b/openssl.patch
@@ -0,0 +1,97 @@
+Index: dpkg-1.21.22/configure.ac
+===================================================================
+--- dpkg-1.21.22.orig/configure.ac
++++ dpkg-1.21.22/configure.ac
+@@ -94,6 +94,13 @@ AC_SYS_LARGEFILE
+ 
+ # Checks for libraries.
+ DPKG_LIB_MD
++AS_IF([test "x$have_libmd" = "xno"], [
++  DPKG_LIB_OPENSSL
++  AS_IF([test "x$have_libopenssl" = "xno"], [
++    AC_MSG_FAILURE([md5 digest functions not found in libmd or openssl])
++  ])
++])
++
+ DPKG_LIB_Z
+ DPKG_LIB_BZ2
+ DPKG_LIB_LZMA
+@@ -286,6 +293,7 @@ Configuration:
+     libkvm  . . . . . . . . . . . : ${have_libkvm:-no}
+     libselinux  . . . . . . . . . : $have_libselinux
+     libmd . . . . . . . . . . . . : $have_libmd
++    libcryto  . . . . . . . . . . : $have_libcrypto
+     libz  . . . . . . . . . . . . : $have_libz_impl
+     liblzma . . . . . . . . . . . : $have_liblzma
+     libzstd . . . . . . . . . . . : $have_libzstd
+Index: dpkg-1.21.22/lib/dpkg/Makefile.am
+===================================================================
+--- dpkg-1.21.22.orig/lib/dpkg/Makefile.am
++++ dpkg-1.21.22/lib/dpkg/Makefile.am
+@@ -36,7 +36,7 @@ libdpkg_la_LDFLAGS += \
+ 	-Wl,--version-script=$(srcdir)/libdpkg.map \
+ 	# EOL
+ endif
+-libdpkg_la_LDFLAGS += $(MD_LIBS)
++libdpkg_la_LDFLAGS += $(MD_LIBS) $(OPENSSL_LIBS)
+ libdpkg_la_LIBADD = \
+ 	../compat/libcompat.la \
+ 	# EOL
+Index: dpkg-1.21.22/lib/dpkg/buffer.c
+===================================================================
+--- dpkg-1.21.22.orig/lib/dpkg/buffer.c
++++ dpkg-1.21.22/lib/dpkg/buffer.c
+@@ -23,10 +23,18 @@
+ #include <config.h>
+ #include <compat.h>
+ 
++#ifdef HAVE_MD5_H
++#include <md5.h>
++#elif HAVE_OPENSSL_MD5_H
++#include <openssl/md5.h>
++#define MD5Init MD5_Init
++#define MD5Update MD5_Update
++#define MD5Final MD5_Final
++#endif
++
+ #include <sys/types.h>
+ 
+ #include <errno.h>
+-#include <md5.h>
+ #include <string.h>
+ #include <unistd.h>
+ #include <stdlib.h>
+Index: dpkg-1.21.22/m4/dpkg-libs.m4
+===================================================================
+--- dpkg-1.21.22.orig/m4/dpkg-libs.m4
++++ dpkg-1.21.22/m4/dpkg-libs.m4
+@@ -20,11 +20,26 @@ AC_DEFUN([DPKG_LIB_MD], [
+       MD_LIBS="$ac_cv_search_MD5Init"
+     ])
+   ])
+-  AS_IF([test "x$have_libmd" = "xno"], [
+-    AC_MSG_FAILURE([md5 digest functions not found])
+-  ])
+ ])# DPKG_LIB_MD
+ 
++# DPKG_LIB_OPENSSL
++# -----------
++# Check for the digests support in openssl library.
++AC_DEFUN([DPKG_LIB_OPENSSL], [
++  AC_ARG_VAR([OPENSSL_LIBS], [linker flags for openssl library])
++  have_libcryto="no"
++  AC_CHECK_HEADERS([openssl/md5.h], [
++    dpkg_save_libcrypto_LIBS=$LIBS
++    AC_SEARCH_LIBS([MD5_Init], [crypto])
++    LIBS=$dpkg_save_libcrypto_LIBS
++    AS_IF([test "x$ac_cv_search_MD5_Init" != "xno"], [
++      have_libcrypto="yes"
++      OPENSSL_LIBS="$ac_cv_search_MD5_Init"
++    ])
++  ])
++])# DPKG_LIB_OPENSSL
++
++
+ # DPKG_WITH_COMPRESS_LIB(NAME, HEADER, FUNC)
+ # -------------------------------------------------
+ # Check for availability of a compression library.
diff --git a/update-alternatives.spec b/update-alternatives.spec
index d000b0d..523cdb2 100644
--- a/update-alternatives.spec
+++ b/update-alternatives.spec
@@ -29,7 +29,6 @@ Patch0:         update-alternatives-suse.patch
 Patch1:         update-alternatives-slavetomaster.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
-BuildRequires:  libmd-devel
 BuildRequires:  libtool
 BuildRequires:  ncurses-devel
 BuildRequires:  pkgconfig