diff --git a/rtc_base/openssl_digest.h b/rtc_base/openssl_digest.h
index 00f883c9f4..ee39eb80dd 100644
--- a/rtc_base/openssl_digest.h
+++ b/rtc_base/openssl_digest.h
@@ -11,7 +11,7 @@
 #ifndef RTC_BASE_OPENSSL_DIGEST_H_
 #define RTC_BASE_OPENSSL_DIGEST_H_
 
-#include <openssl/base.h>
+#include <openssl/ossl_typ.h>
 #include <stddef.h>
 #include <string>
 
diff --git a/rtc_base/openssl_key_derivation_hkdf.cc b/rtc_base/openssl_key_derivation_hkdf.cc
index 52af667645..10e23eceee 100644
--- a/rtc_base/openssl_key_derivation_hkdf.cc
+++ b/rtc_base/openssl_key_derivation_hkdf.cc
@@ -10,9 +10,42 @@
 
 #include "rtc_base/openssl_key_derivation_hkdf.h"
 
+#include <openssl/ossl_typ.h>
+#ifdef OPENSSL_IS_BORINGSSL
 #include <openssl/digest.h>
-#include <openssl/err.h>
 #include <openssl/hkdf.h>
+#else
+#include <openssl/evp.h>
+#include <openssl/kdf.h>
+namespace {
+// the function with this interface is static within openssl and hence not
+// accessible to the caller. Implementing here to match boringssl.
+static int HKDF(uint8_t* out_key,
+                size_t out_len,
+                const EVP_MD* digest,
+                const uint8_t* secret,
+                size_t secret_len,
+                const uint8_t* salt,
+                size_t salt_len,
+                const uint8_t* info,
+                size_t info_len) {
+  EVP_PKEY_CTX* pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
+
+  if (EVP_PKEY_derive_init(pctx) <= 0 ||
+      EVP_PKEY_CTX_set_hkdf_md(pctx, digest) <= 0 ||
+      EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, salt_len) <= 0 ||
+      EVP_PKEY_CTX_set1_hkdf_key(pctx, secret, secret_len) <= 0 ||
+      EVP_PKEY_CTX_add1_hkdf_info(pctx, info, info_len) <= 0 ||
+      EVP_PKEY_derive(pctx, out_key, &out_len) <= 0) {
+    EVP_PKEY_CTX_free(pctx);
+    return 0;
+  }
+  EVP_PKEY_CTX_free(pctx);
+  return 1;
+}
+}  // namespace
+#endif
+#include <openssl/err.h>
 #include <openssl/sha.h>
 
 #include <algorithm>
diff --git a/rtc_base/openssl_stream_adapter.cc b/rtc_base/openssl_stream_adapter.cc
index bbb2dce395..5ad4e03156 100644
--- a/rtc_base/openssl_stream_adapter.cc
+++ b/rtc_base/openssl_stream_adapter.cc
@@ -25,6 +25,7 @@
 #include <utility>
 #include <vector>
 
+#include "absl/memory/memory.h"
 #include "rtc_base/checks.h"
 #include "rtc_base/logging.h"
 #include "rtc_base/numerics/safe_conversions.h"
@@ -1081,7 +1082,7 @@ int OpenSSLStreamAdapter::SSLVerifyCallback(X509_STORE_CTX* store, void* arg) {
   // Record the peer's certificate.
   X509* cert = X509_STORE_CTX_get0_cert(store);
   stream->peer_cert_chain_.reset(
-      new SSLCertChain(new OpenSSLCertificate(cert)));
+      new SSLCertChain(absl::make_unique<OpenSSLCertificate>(cert)));
 #endif
 
   // If the peer certificate digest isn't known yet, we'll wait to verify