diff --git a/CHANGES b/CHANGES
index a67170acd079e4b5fd7bc68c9a1266f82a42582e..3d8124a5ee1ad7f19067924b4dbe914d9dcc8dc8 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+4935.	[func]		Add support for LibreSSL >= 2.7.0 (some OpenSSL 1.1.0
+			call were added). [GL #191]
+
 4933.	[bug]		Not creating signing keys for an inline signed zone
 			prevented changes applied to the raw zone from being
 			reflected in the secure zone until signing keys were
diff --git a/config.h.in b/config.h.in
index 0cc04c5dd93fa49b3b3daa9659364a4fd23e1440..65ee20eeb572b468a29b253686d202e7405bd359 100644
--- a/config.h.in
+++ b/config.h.in
@@ -206,6 +206,9 @@ int sigwait(const unsigned int *set, int *sig);
 /* Define to 1 if you have the <devpoll.h> header file. */
 #undef HAVE_DEVPOLL_H
 
+/* Define to 1 if you have the `DH_get0_key' function. */
+#undef HAVE_DH_GET0_KEY
+
 /* Define to 1 if you have the `dlclose' function. */
 #undef HAVE_DLCLOSE
 
@@ -221,6 +224,12 @@ int sigwait(const unsigned int *set, int *sig);
 /* Define to 1 to enable dnstap support */
 #undef HAVE_DNSTAP
 
+/* Define to 1 if you have the `DSA_get0_pqg' function. */
+#undef HAVE_DSA_GET0_PQG
+
+/* Define to 1 if you have the `ECDSA_SIG_get0' function. */
+#undef HAVE_ECDSA_SIG_GET0
+
 /* Define to 1 if you have the <editline/readline.h> header file. */
 #undef HAVE_EDITLINE_READLINE_H
 
@@ -431,6 +440,9 @@ int sigwait(const unsigned int *set, int *sig);
 /* Define to 1 if you have the <regex.h> header file. */
 #undef HAVE_REGEX_H
 
+/* Define to 1 if you have the `RSA_set0_key' function. */
+#undef HAVE_RSA_SET0_KEY
+
 /* Define to 1 if you have the <sched.h> header file. */
 #undef HAVE_SCHED_H
 
diff --git a/configure b/configure
index fc9256fa8dfae27df172ee2528a3fe52dc5938c6..2dde1a681d1e1c109ccad558b10257c05d49524f 100755
--- a/configure
+++ b/configure
@@ -16724,6 +16724,19 @@ if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
 #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
 _ACEOF
 
+fi
+done
+
+
+	for ac_func in DH_get0_key ECDSA_SIG_get0 RSA_set0_key DSA_get0_pqg
+do :
+  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+  cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
 fi
 done
 
diff --git a/configure.in b/configure.in
index 99139ba5acdfefed7fda5e4000fd4c105a75f0cc..193562c783a0444689a96f0676ffae2c888ee178 100644
--- a/configure.in
+++ b/configure.in
@@ -1781,6 +1781,8 @@ DSO_METHOD_dlfcn();
 
 	AC_CHECK_FUNCS(EVP_sha256 EVP_sha384 EVP_sha512)
 
+	AC_CHECK_FUNCS([DH_get0_key ECDSA_SIG_get0 RSA_set0_key DSA_get0_pqg])
+
 	AC_MSG_CHECKING(for OpenSSL ECDSA support)
 	have_ecdsa=""
 	AC_TRY_RUN([
diff --git a/lib/dns/openssldh_link.c b/lib/dns/openssldh_link.c
index e74bee2e2d83b24d47a31444b4740e913c6751d3..8dfda0d2fa58d7f2386b2dc4650ff480b0bda859 100644
--- a/lib/dns/openssldh_link.c
+++ b/lib/dns/openssldh_link.c
@@ -44,6 +44,8 @@
 
 #include <dst/result.h>
 
+#include <openssl/opensslv.h>
+
 #include "dst_internal.h"
 #include "dst_openssl.h"
 #include "dst_parse.h"
@@ -71,62 +73,81 @@ static isc_result_t openssldh_todns(const dst_key_t *key, isc_buffer_t *data);
 
 static BIGNUM *bn2, *bn768, *bn1024, *bn1536;
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+#if !defined(HAVE_DH_GET0_KEY)
 /*
  * DH_get0_key, DH_set0_key, DH_get0_pqg and DH_set0_pqg
  * are from OpenSSL 1.1.0.
  */
 static void
 DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key) {
-	if (pub_key != NULL)
+	if (pub_key != NULL) {
 		*pub_key = dh->pub_key;
-	if (priv_key != NULL)
+	}
+	if (priv_key != NULL) {
 		*priv_key = dh->priv_key;
+	}
 }
 
 static int
 DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) {
-	/* Note that it is valid for priv_key to be NULL */
-	if (pub_key == NULL)
-		return 0;
+	if (pub_key != NULL) {
+		BN_free(dh->pub_key);
+		dh->pub_key = pub_key;
+	}
 
-	BN_free(dh->pub_key);
-	BN_free(dh->priv_key);
-	dh->pub_key = pub_key;
-	dh->priv_key = priv_key;
+	if (priv_key != NULL) {
+		BN_free(dh->priv_key);
+		dh->priv_key = priv_key;
+	}
 
-	return 1;
+	return (1);
 }
 
 static void
 DH_get0_pqg(const DH *dh,
 	    const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
 {
-	if (p != NULL)
+	if (p != NULL) {
 		*p = dh->p;
-	if (q != NULL)
+	}
+	if (q != NULL) {
 		*q = dh->q;
-	if (g != NULL)
+	}
+	if (g != NULL) {
 		*g = dh->g;
+	}
 }
 
 static int
-DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) {
-	/* q is optional */
-	if (p == NULL || g == NULL)
-		return(0);
-	BN_free(dh->p);
-	BN_free(dh->q);
-	BN_free(dh->g);
-	dh->p = p;
-	dh->q = q;
-	dh->g = g;
+DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
+{
+	/* If the fields p and g in d are NULL, the corresponding input
+	 * parameters MUST be non-NULL.  q may remain NULL.
+	 */
+	if ((dh->p == NULL && p == NULL)
+	    || (dh->g == NULL && g == NULL))
+	{
+		return 0;
+	}
+
+	if (p != NULL) {
+		BN_free(dh->p);
+		dh->p = p;
+	}
+	if (q != NULL) {
+		BN_free(dh->q);
+		dh->q = q;
+	}
+	if (g != NULL) {
+		BN_free(dh->g);
+		dh->g = g;
+	}
 
 	if (q != NULL) {
 		dh->length = BN_num_bits(q);
 	}
 
-	return(1);
+	return (1);
 }
 
 #define DH_clear_flags(d, f) (d)->flags &= ~(f)
@@ -545,7 +566,15 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
 		DH_free(dh);
 		return (dst__openssl_toresult(ISC_R_NOMEMORY));
 	}
+#if (LIBRESSL_VERSION_NUMBER >= 0x2070000fL) && (LIBRESSL_VERSION_NUMBER <= 0x2070200fL)
+	/*
+	 * LibreSSL << 2.7.3 DH_get0_key requires priv_key to be set when
+	 * DH structure is empty, hence we cannot use DH_get0_key().
+	 */
+	dh->pub_key = pub_key;
+#else /* LIBRESSL_VERSION_NUMBER */
 	DH_set0_key(dh, pub_key, NULL);
+#endif /* LIBRESSL_VERSION_NUMBER */
 	isc_region_consume(&r, publen);
 
 	key->key_size = BN_num_bits(p);
diff --git a/lib/dns/openssldsa_link.c b/lib/dns/openssldsa_link.c
index 1c541ae73a8e55a970a67c36f492137d222580b9..dfbd484247855bcc411fa323fe216040476ea60e 100644
--- a/lib/dns/openssldsa_link.c
+++ b/lib/dns/openssldsa_link.c
@@ -52,7 +52,7 @@
 
 static isc_result_t openssldsa_todns(const dst_key_t *key, isc_buffer_t *data);
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+#if !defined(HAVE_DSA_GET0_PQG)
 static void
 DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q,
 	     const BIGNUM **g)
diff --git a/lib/dns/opensslecdsa_link.c b/lib/dns/opensslecdsa_link.c
index a8941a808a673820564fa3b1cfa2f3e96b908746..2e474592492741480281c76d14403a6e642b3d91 100644
--- a/lib/dns/opensslecdsa_link.c
+++ b/lib/dns/opensslecdsa_link.c
@@ -45,20 +45,23 @@
 
 #define DST_RET(a) {ret = a; goto err;}
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+#if !defined(HAVE_ECDSA_SIG_GET0)
 /* From OpenSSL 1.1 */
 static void
 ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) {
-	if (pr != NULL)
+	if (pr != NULL) {
 		*pr = sig->r;
-	if (ps != NULL)
+	}
+	if (ps != NULL) {
 		*ps = sig->s;
+	}
 }
 
 static int
 ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s) {
-	if (r == NULL || s == NULL)
+	if (r == NULL || s == NULL) {
 		return 0;
+	}
 
 	BN_clear_free(sig->r);
 	BN_clear_free(sig->s);
diff --git a/lib/dns/opensslrsa_link.c b/lib/dns/opensslrsa_link.c
index bdb0a3931d078780477bac288497a4c3da5ecda6..43f6d317bc91f3a24f5d3ba1065ae669d3a2937f 100644
--- a/lib/dns/opensslrsa_link.c
+++ b/lib/dns/opensslrsa_link.c
@@ -123,7 +123,7 @@
 #endif
 #define DST_RET(a) {ret = a; goto err;}
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+#if !defined(HAVE_RSA_SET0_KEY)
 /* From OpenSSL 1.1.0 */
 static int
 RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) {
@@ -133,8 +133,9 @@ RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) {
 	 * parameters MUST be non-NULL for n and e.  d may be
 	 * left NULL (in case only the public key is used).
 	 */
-	if ((r->n == NULL && n == NULL) || (r->e == NULL && e == NULL))
+	if ((r->n == NULL && n == NULL) || (r->e == NULL && e == NULL)) {
 		return 0;
+	}
 
 	if (n != NULL) {
 		BN_free(r->n);
@@ -159,8 +160,9 @@ RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q) {
 	 * If the fields p and q in r are NULL, the corresponding input
 	 * parameters MUST be non-NULL.
 	 */
-	if ((r->p == NULL && p == NULL) || (r->q == NULL && q == NULL))
+	if ((r->p == NULL && p == NULL) || (r->q == NULL && q == NULL)) {
 		return 0;
+	}
 
 	if (p != NULL) {
 		BN_free(r->p);
@@ -183,7 +185,9 @@ RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp) {
 	if ((r->dmp1 == NULL && dmp1 == NULL) ||
 	    (r->dmq1 == NULL && dmq1 == NULL) ||
 	    (r->iqmp == NULL && iqmp == NULL))
+	{
 		return 0;
+	}
 
 	if (dmp1 != NULL) {
 		BN_free(r->dmp1);
@@ -205,32 +209,40 @@ static void
 RSA_get0_key(const RSA *r,
 	     const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
 {
-	if (n != NULL)
+	if (n != NULL) {
 		*n = r->n;
-	if (e != NULL)
+	}
+	if (e != NULL) {
 		*e = r->e;
-	if (d != NULL)
+	}
+	if (d != NULL) {
 		*d = r->d;
+	}
 }
 
 static void
 RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q) {
-	if (p != NULL)
+	if (p != NULL) {
 		*p = r->p;
-	if (q != NULL)
-	*q = r->q;
+	}
+	if (q != NULL) {
+		*q = r->q;
+	}
 }
 
 static void
 RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1,
 		    const BIGNUM **iqmp)
 {
-	if (dmp1 != NULL)
+	if (dmp1 != NULL) {
 		*dmp1 = r->dmp1;
-	if (dmq1 != NULL)
+	}
+	if (dmq1 != NULL) {
 		*dmq1 = r->dmq1;
-	if (iqmp != NULL)
+	}
+	if (iqmp != NULL) {
 		*iqmp = r->iqmp;
+	}
 }
 
 static int