--- a/src/p11_misc.c	2016-03-19 13:42:13.000000000 -0400
+++ b/src/p11_misc.c	2019-02-26 22:47:09.801888291 -0500
@@ -43,7 +43,7 @@
  * CRYPTO dynlock wrappers: 0 is an invalid dynamic lock ID
  */
 
-#if OPENSSL_VERSION_NUMBER < 0x10100004L
+#if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100004L
 
 int CRYPTO_THREAD_lock_new()
 {
--- a/src/p11_rsa.c	2016-11-29 13:57:01.000000000 -0500
+++ b/src/p11_rsa.c	2019-02-26 23:00:05.804934673 -0500
@@ -29,7 +29,7 @@
 
 static int rsa_ex_index = 0;
 
-#if OPENSSL_VERSION_NUMBER < 0x10100003L
+#if OPENSSL_VERSION_NUMBER < 0x10100003L && !defined(LIBRESSL_VERSION_NUMBER)
 #define EVP_PKEY_get0_RSA(key) ((key)->pkey.rsa)
 #endif
 
@@ -310,7 +310,7 @@
 	return RSA_size(rsa);
 }
 
-#if OPENSSL_VERSION_NUMBER < 0x10100005L
+#if OPENSSL_VERSION_NUMBER < 0x10100005L || defined(LIBRESSL_VERSION_NUMBER)
 
 int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth))
 		(int flen, const unsigned char *from,
@@ -374,7 +374,7 @@
 static void free_rsa_ex_index()
 {
 	/* CRYPTO_free_ex_index requires OpenSSL version >= 1.1.0-pre1 */
-#if OPENSSL_VERSION_NUMBER >= 0x10100001L
+#if OPENSSL_VERSION_NUMBER >= 0x10100001L && !defined(LIBRESSL_VERSION_NUMBER)
 	if (rsa_ex_index > 0) {
 		CRYPTO_free_ex_index(CRYPTO_EX_INDEX_RSA, rsa_ex_index);
 		rsa_ex_index = 0;
@@ -382,7 +382,17 @@
 #endif
 }
 
-#if OPENSSL_VERSION_NUMBER < 0x10100005L
+#if defined(LIBRESSL_VERSION_NUMBER)
+
+static int RSA_meth_set_flags(RSA_METHOD *meth, int flags)
+{
+	meth->flags = flags;
+	return 1;
+}
+
+#endif
+
+#if OPENSSL_VERSION_NUMBER < 0x10100005L && !defined(LIBRESSL_VERSION_NUMBER)
 
 static RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth)
 {

--- a/src/libp11-int.h	2016-10-01 16:46:51.000000000 -0400
+++ b/src/libp11-int.h	2019-02-28 00:24:14.686400582 -0500
@@ -32,8 +32,9 @@
 extern void *C_LoadModule(const char *name, CK_FUNCTION_LIST_PTR_PTR);
 extern CK_RV C_UnloadModule(void *module);
 
-#if OPENSSL_VERSION_NUMBER < 0x10100004L
+#if (defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100004L)
 typedef int PKCS11_RWLOCK;
+typedef PKCS11_RWLOCK CRYPTO_RWLOCK;
 #else
 typedef CRYPTO_RWLOCK *PKCS11_RWLOCK;
 #endif
@@ -144,7 +145,7 @@
 #define PKCS11_DUP(s) \
 	pkcs11_strdup((char *) s, sizeof(s))
 
-#if OPENSSL_VERSION_NUMBER < 0x10100004L
+#if (defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100004L)
 /* Emulate the OpenSSL 1.1 locking API for older OpenSSL versions */
 int CRYPTO_THREAD_lock_new();
 void CRYPTO_THREAD_lock_free(int);
--- a/src/eng_back.c	2017-01-18 13:52:25.000000000 -0500
+++ b/src/eng_back.c	2019-02-26 19:45:07.384235457 -0500
@@ -49,7 +49,7 @@
 	char *init_args;
 
 	/* Engine initialization mutex */
-#if OPENSSL_VERSION_NUMBER >= 0x10100004L
+#if OPENSSL_VERSION_NUMBER >= 0x10100004L && !defined(LIBRESSL_VERSION_NUMBER)
 	CRYPTO_RWLOCK *rwlock;
 #else
 	int rwlock;
@@ -206,7 +206,7 @@
 #endif
 	}
 
-#if OPENSSL_VERSION_NUMBER >= 0x10100004L
+#if OPENSSL_VERSION_NUMBER >= 0x10100004L && !defined(LIBRESSL_VERSION_NUMBER)
 	ctx->rwlock = CRYPTO_THREAD_lock_new();
 #else
 	ctx->rwlock = CRYPTO_get_dynlock_create_callback() ?
@@ -224,7 +224,7 @@
 		ctx_destroy_pin(ctx);
 		OPENSSL_free(ctx->module);
 		OPENSSL_free(ctx->init_args);
-#if OPENSSL_VERSION_NUMBER >= 0x10100004L
+#if OPENSSL_VERSION_NUMBER >= 0x10100004L && !defined(LIBRESSL_VERSION_NUMBER)
 		CRYPTO_THREAD_lock_free(ctx->rwlock);
 #else
 		if (ctx->rwlock)
@@ -274,7 +274,7 @@
 
 static int ctx_init_libp11(ENGINE_CTX *ctx)
 {
-#if OPENSSL_VERSION_NUMBER >= 0x10100004L
+#if OPENSSL_VERSION_NUMBER >= 0x10100004L && !defined(LIBRESSL_VERSION_NUMBER)
 	CRYPTO_THREAD_write_lock(ctx->rwlock);
 #else
 	if (ctx->rwlock)
@@ -282,7 +282,7 @@
 #endif
 	if (ctx->pkcs11_ctx == NULL || ctx->slot_list == NULL)
 		ctx_init_libp11_unlocked(ctx);
-#if OPENSSL_VERSION_NUMBER >= 0x10100004L
+#if OPENSSL_VERSION_NUMBER >= 0x10100004L && !defined(LIBRESSL_VERSION_NUMBER)
 	CRYPTO_THREAD_unlock(ctx->rwlock);
 #else
 	if (ctx->rwlock)
@@ -302,7 +302,7 @@
 	/* Only attempt initialization when dynamic locks are unavailable.
 	 * This likely also indicates a single-threaded application,
 	 * so temporarily unlocking CRYPTO_LOCK_ENGINE should be safe. */
-#if OPENSSL_VERSION_NUMBER < 0x10100004L
+#if (defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100004L)
 	if (CRYPTO_get_dynlock_create_callback() == NULL ||
 			CRYPTO_get_dynlock_lock_callback() == NULL ||
 			CRYPTO_get_dynlock_destroy_callback() == NULL) {
--- a/src/libp11.h	2016-12-02 15:36:16.000000000 -0500
+++ b/src/libp11.h	2019-02-26 19:55:20.286272090 -0500
@@ -370,7 +370,7 @@
  */
 RSA_METHOD *PKCS11_get_rsa_method(void);
 /* Also define unsupported methods to retain backward compatibility */
-#if OPENSSL_VERSION_NUMBER >= 0x10100002L
+#if OPENSSL_VERSION_NUMBER >= 0x10100002L && !defined(LIBRESSL_VERSION_NUMBER)
 EC_KEY_METHOD *PKCS11_get_ec_key_method(void);
 void *PKCS11_get_ecdsa_method(void);
 void *PKCS11_get_ecdh_method(void);
--- a/src/p11_ec.c	2016-12-02 15:36:16.000000000 -0500
+++ b/src/p11_ec.c	2019-03-02 17:08:21.722942462 -0500
@@ -56,7 +56,7 @@
 typedef ECDSA_SIG *(*sign_sig_fn)(const unsigned char *, int,
 	const BIGNUM *, const BIGNUM *, EC_KEY *);
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 
 /* ecdsa_method maintains unchanged layout between 0.9.8 and 1.0.2 */
 
@@ -73,7 +73,7 @@
 
 #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
 
-#if OPENSSL_VERSION_NUMBER < 0x10002000L
+#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER)
 
 /* Define missing functions */
 
@@ -104,7 +104,7 @@
 
 /********** Missing ECDH_METHOD functions for OpenSSL < 1.1.0 */
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 
 /* ecdh_method maintains unchanged layout between 0.9.8 and 1.0.2 */
 
@@ -156,7 +156,7 @@
 {
 	if (ec_ex_index == 0) {
 		while (ec_ex_index == 0) /* Workaround for OpenSSL RT3710 */
-#if OPENSSL_VERSION_NUMBER >= 0x10100002L
+#if OPENSSL_VERSION_NUMBER >= 0x10100002L && !defined(LIBRESSL_VERSION_NUMBER)
 			ec_ex_index = EC_KEY_get_ex_new_index(0, "libp11 ec_key",
 				NULL, NULL, NULL);
 #else
@@ -265,7 +265,7 @@
 	EVP_PKEY_set1_EC_KEY(pk, ec); /* Also increments the ec ref count */
 
 	if (key->isPrivate) {
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 		EC_KEY_set_method(ec, PKCS11_get_ec_key_method());
 #else
 		ECDSA_set_method(ec, PKCS11_get_ecdsa_method());
@@ -275,7 +275,7 @@
 	/* TODO: Retrieve the ECDSA private key object attributes instead,
 	 * unless the key has the "sensitive" attribute set */
 
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 	EC_KEY_set_ex_data(ec, ec_ex_index, key);
 #else
 	ECDSA_set_ex_data(ec, ec_ex_index, key);
@@ -345,14 +345,14 @@
 	(void)kinv; /* Precomputed values are not used for PKCS#11 */
 	(void)rp; /* Precomputed values are not used for PKCS#11 */
 
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 	key = (PKCS11_KEY *)EC_KEY_get_ex_data(ec, ec_ex_index);
 #else
 	key = (PKCS11_KEY *)ECDSA_get_ex_data(ec, ec_ex_index);
 #endif
 	if (key == NULL) {
 		sign_sig_fn orig_sign_sig;
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 		const EC_KEY_METHOD *meth = EC_KEY_OpenSSL();
 		EC_KEY_METHOD_get_sign((EC_KEY_METHOD *)meth,
 			NULL, NULL, &orig_sign_sig);
@@ -515,7 +515,7 @@
 	return 0;
 }
 
-#if OPENSSL_VERSION_NUMBER >= 0x10100004L
+#if OPENSSL_VERSION_NUMBER >= 0x10100004L && !defined(LIBRESSL_VERSION_NUMBER)
 
 /**
  * ECDH key derivation method (replaces ossl_ecdh_compute_key)
@@ -578,13 +578,18 @@
 	size_t buflen;
 	int rv;
 
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 	key = (PKCS11_KEY *)EC_KEY_get_ex_data(ecdh, ec_ex_index);
 #else
 	key = (PKCS11_KEY *)ECDSA_get_ex_data((EC_KEY *)ecdh, ec_ex_index);
 #endif
+#if !defined(LIBRESSL_VERSION_NUMBER)
 	if (key == NULL) /* The private key is not handled by PKCS#11 */
 		return ossl_ecdh_compute_key(out, outlen, peer_point, ecdh, KDF);
+#else
+	if (key ==NULL)
+		return ECDH_compute_key(out, outlen, peer_point, ecdh, KDF);
+#endif
 	/* TODO: Add an atfork check */
 
 	/* both peer and ecdh use same group parameters */
@@ -623,7 +628,7 @@
 /* New way to allocate an ECDSA_METOD object */
 /* OpenSSL 1.1 has single method  EC_KEY_METHOD for ECDSA and ECDH */
 
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined (LIBRESSL_VERSION_NUMBER)
 
 EC_KEY_METHOD *PKCS11_get_ec_key_method(void)
 {