diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
index a82429326..6cff75c64 100644
--- a/src/crypto/crypto_openssl.c
+++ b/src/crypto/crypto_openssl.c
@@ -304,6 +304,7 @@ void aes_decrypt_deinit(void *ctx)
 
 
 #ifndef CONFIG_FIPS
+#ifndef CONFIG_OPENSSL_INTERNAL_AES_WRAP
 
 int aes_wrap(const u8 *kek, size_t kek_len, int n, const u8 *plain, u8 *cipher)
 {
@@ -331,6 +332,7 @@ int aes_unwrap(const u8 *kek, size_t kek_len, int n, const u8 *cipher,
 	return res <= 0 ? -1 : 0;
 }
 
+#endif /* CONFIG_OPENSSL_INTERNAL_AES_WRAP */
 #endif /* CONFIG_FIPS */
 
 
diff --git a/wpa_supplicant/Android.mk b/wpa_supplicant/Android.mk
index 791f857ef..3673ba77d 100644
--- a/wpa_supplicant/Android.mk
+++ b/wpa_supplicant/Android.mk
@@ -1140,6 +1140,11 @@ endif
 ifneq ($(CONFIG_TLS), openssl)
 NEED_INTERNAL_AES_WRAP=y
 endif
+ifdef CONFIG_OPENSSL_INTERNAL_AES_WRAP
+# Seems to be needed at least with BoringSSL
+NEED_INTERNAL_AES_WRAP=y
+L_CFLAGS += -DCONFIG_OPENSSL_INTERNAL_AES_WRAP
+endif
 ifdef CONFIG_FIPS
 # Have to use internal AES key wrap routines to use OpenSSL EVP since the
 # OpenSSL AES_wrap_key()/AES_unwrap_key() API is not available in FIPS mode.
diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile
index 6acbf43e6..1f1527a3a 100644
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
@@ -1152,6 +1152,11 @@ endif
 ifneq ($(CONFIG_TLS), openssl)
 NEED_INTERNAL_AES_WRAP=y
 endif
+ifdef CONFIG_OPENSSL_INTERNAL_AES_WRAP
+# Seems to be needed at least with BoringSSL
+NEED_INTERNAL_AES_WRAP=y
+CFLAGS += -DCONFIG_OPENSSL_INTERNAL_AES_WRAP
+endif
 ifdef CONFIG_FIPS
 # Have to use internal AES key wrap routines to use OpenSSL EVP since the
 # OpenSSL AES_wrap_key()/AES_unwrap_key() API is not available in FIPS mode.