diff --git a/src/tss2-esys/esys_crypto_ossl.c b/src/tss2-esys/esys_crypto_ossl.c
index 89d312f70..961d7707f 100644
--- a/src/tss2-esys/esys_crypto_ossl.c
+++ b/src/tss2-esys/esys_crypto_ossl.c
@@ -392,7 +392,7 @@ iesys_cryptossl_hmac_start(ESYS_CRYPTO_CONTEXT_BLOB ** context,
                    "Error EVP_MD_CTX_create", cleanup);
     }
 
-#if OPENSSL_VERSION_NUMBER < 0x10101000L
+#if OPENSSL_VERSION_NUMBER < 0x10101000L || defined(LIBRESSL_VERSION_NUMBER)
     if (!(hkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, key, size))) {
 #else
     /* this is preferred, but available since OpenSSL 1.1.1 only */
@@ -558,7 +558,11 @@ iesys_cryptossl_random2b(
     int rc;
 #if OPENSSL_VERSION_NUMBER < 0x30000000L
     const RAND_METHOD *rand_save = RAND_get_rand_method();
+#ifdef LIBRESSL_VERSION_NUMBER
+    RAND_set_rand_method(RAND_SSLeay());
+#else
     RAND_set_rand_method(RAND_OpenSSL());
+#endif
 #else
     OSSL_LIB_CTX *libctx = OSSL_LIB_CTX_new();
     if (!libctx)
@@ -615,8 +619,11 @@ iesys_cryptossl_pk_encrypt(TPM2B_PUBLIC * pub_tpm_key,
     RSA *rsa_key = NULL;
     const EVP_MD * hashAlg = NULL;
     const RAND_METHOD *rand_save = RAND_get_rand_method();
-
+#ifdef LIBRESSL_VERSION_NUMBER
+    RAND_set_rand_method(RAND_SSLeay());
+#else
     RAND_set_rand_method(RAND_OpenSSL());
+#endif
 #else
     OSSL_LIB_CTX *libctx = NULL;
     EVP_MD * hashAlg = NULL;
@@ -919,7 +926,7 @@ iesys_cryptossl_get_ecdh_point(TPM2B_PUBLIC *key,
         curveId = NID_secp521r1;
         key_size = 66;
         break;
-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
+#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
     case TPM2_ECC_SM2_P256:
         curveId = NID_sm2;
         key_size = 32;
diff --git a/src/tss2-fapi/fapi_crypto.c b/src/tss2-fapi/fapi_crypto.c
index 2fe37c0c4..c1563237a 100644
--- a/src/tss2-fapi/fapi_crypto.c
+++ b/src/tss2-fapi/fapi_crypto.c
@@ -544,7 +544,7 @@ ossl_ecc_pub_from_tpm(const TPM2B_PUBLIC *tpmPublicKey, EVP_PKEY **evpPublicKey)
     case TPM2_ECC_NIST_P521:
         curveId = NID_secp521r1;
         break;
-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
+#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
     case TPM2_ECC_SM2_P256:
         curveId = NID_sm2;
         break;
@@ -1155,7 +1155,7 @@ get_ecc_tpm2b_public_from_evp(
     case NID_secp521r1:
         tpmCurveId = TPM2_ECC_NIST_P521;
         break;
-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
+#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
     case NID_sm2:
         tpmCurveId = TPM2_ECC_SM2_P256;
         break;