diff --git a/src/borg/crypto/low_level.pyx b/src/borg/crypto/low_level.pyx
index ba4905b75..5eafc5eba 100644
--- a/src/borg/crypto/low_level.pyx
+++ b/src/borg/crypto/low_level.pyx
@@ -111,6 +111,9 @@ cdef extern from "openssl/hmac.h":
     void HMAC_CTX_init(HMAC_CTX *ctx)
     void HMAC_CTX_cleanup(HMAC_CTX *ctx)
 
+    HMAC_CTX *HMAC_CTX_new()
+    void HMAC_CTX_free(HMAC_CTX *a)
+
     int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len, const EVP_MD *md, ENGINE *impl)
     int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len)
     int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
@@ -183,7 +186,7 @@ cdef class AES256_CTR_HMAC_SHA256:
     # Layout: HEADER + HMAC 32 + IV 8 + CT (same as attic / borg < 1.2 IF HEADER = TYPE_BYTE, no AAD)
 
     cdef EVP_CIPHER_CTX *ctx
-    cdef HMAC_CTX hmac_ctx
+    cdef HMAC_CTX *hmac_ctx
     cdef unsigned char *mac_key
     cdef unsigned char *enc_key
     cdef unsigned char iv[16]
@@ -200,11 +203,11 @@ cdef class AES256_CTR_HMAC_SHA256:
 
     def __cinit__(self, mac_key, enc_key, iv=None):
         self.ctx = EVP_CIPHER_CTX_new()
-        HMAC_CTX_init(&self.hmac_ctx) # XXX
+        self.hmac_ctx = HMAC_CTX_new()
 
     def __dealloc__(self):
         EVP_CIPHER_CTX_free(self.ctx)
-        HMAC_CTX_cleanup(&self.hmac_ctx) # XXX
+        HMAC_CTX_free(self.hmac_ctx)
 
     def encrypt(self, data, header=b'', aad_offset=0):
         """
@@ -241,13 +244,13 @@ cdef class AES256_CTR_HMAC_SHA256:
             if not rc:
                 raise CryptoError('EVP_EncryptFinal_ex failed')
             offset += olen
-            if not HMAC_Init_ex(&self.hmac_ctx, self.mac_key, 32, EVP_sha256(), NULL):
+            if not HMAC_Init_ex(self.hmac_ctx, self.mac_key, 32, EVP_sha256(), NULL):
                 raise CryptoError('HMAC_Init_ex failed')
-            if not HMAC_Update(&self.hmac_ctx, <const unsigned char *> hdata.buf+aoffset, alen):
+            if not HMAC_Update(self.hmac_ctx, <const unsigned char *> hdata.buf+aoffset, alen):
                 raise CryptoError('HMAC_Update failed')
-            if not HMAC_Update(&self.hmac_ctx, odata+hlen+32, offset-hlen-32):
+            if not HMAC_Update(self.hmac_ctx, odata+hlen+32, offset-hlen-32):
                 raise CryptoError('HMAC_Update failed')
-            if not HMAC_Final(&self.hmac_ctx, odata+hlen, NULL):
+            if not HMAC_Final(self.hmac_ctx, odata+hlen, NULL):
                 raise CryptoError('HMAC_Final failed')
             self.blocks += num_aes_blocks(ilen)
             return odata[:offset]
@@ -272,13 +275,13 @@ cdef class AES256_CTR_HMAC_SHA256:
         cdef unsigned char hmac_buf[32]
         cdef Py_buffer idata = ro_buffer(envelope)
         try:
-            if not HMAC_Init_ex(&self.hmac_ctx, self.mac_key, 32, EVP_sha256(), NULL):
+            if not HMAC_Init_ex(self.hmac_ctx, self.mac_key, 32, EVP_sha256(), NULL):
                 raise CryptoError('HMAC_Init_ex failed')
-            if not HMAC_Update(&self.hmac_ctx, <const unsigned char *> idata.buf+aoffset, alen):
+            if not HMAC_Update(self.hmac_ctx, <const unsigned char *> idata.buf+aoffset, alen):
                 raise CryptoError('HMAC_Update failed')
-            if not HMAC_Update(&self.hmac_ctx, <const unsigned char *> idata.buf+hlen+32, ilen-hlen-32):
+            if not HMAC_Update(self.hmac_ctx, <const unsigned char *> idata.buf+hlen+32, ilen-hlen-32):
                 raise CryptoError('HMAC_Update failed')
-            if not HMAC_Final(&self.hmac_ctx, hmac_buf, NULL):
+            if not HMAC_Final(self.hmac_ctx, hmac_buf, NULL):
                 raise CryptoError('HMAC_Final failed')
             if CRYPTO_memcmp(hmac_buf, idata.buf+hlen, 32):
                 raise IntegrityError('HMAC Authentication failed')