7 files changed, 15 insertions, 43 deletions
diff --git a/docs/faq.rst b/docs/faq.rst
index 10c8656b..363a350f 100644
--- a/docs/faq.rst
+++ b/docs/faq.rst
@@ -14,5 +14,14 @@ to NaCl.
 
 If you prefer NaCl's design, we highly recommend `PyNaCl`_.
 
+Compiling ``cryptography`` on OS X produces a ``fatal error: 'openssl/aes.h' file not found`` error
+---------------------------------------------------------------------------------------------------
+
+This happens because OS X 10.11 no longer includes a copy of OpenSSL.
+``cryptography`` now provides wheels which include a statically linked copy of
+OpenSSL. You're seeing this error because your copy of pip is too old to find
+our wheel files. Upgrade your copy of pip with ``pip install -U pip`` and then
+try install ``cryptography`` again.
+
 .. _`NaCl`: https://nacl.cr.yp.to/
 .. _`PyNaCl`: https://pynacl.readthedocs.org
diff --git a/src/_cffi_src/openssl/asn1.py b/src/_cffi_src/openssl/asn1.py
index 5d45c583..084eec2c 100644
--- a/src/_cffi_src/openssl/asn1.py
+++ b/src/_cffi_src/openssl/asn1.py
@@ -153,4 +153,10 @@ ASN1_TYPE *d2i_ASN1_TYPE(ASN1_TYPE **, const unsigned char **, long);
 """
 
 CUSTOMIZATIONS = """
+/* This macro is removed in 1.1.0. We re-add it if required to support
+   pyOpenSSL versions older than whatever resolves
+   https://github.com/pyca/pyopenssl/issues/431 */
+#if !defined(M_ASN1_TIME_dup)
+#define M_ASN1_TIME_dup(a) (ASN1_TIME *)ASN1_STRING_dup((const ASN1_STRING *)a)
+#endif
 """
diff --git a/src/_cffi_src/openssl/dh.py b/src/_cffi_src/openssl/dh.py
index 8df66f8b..8055d0c8 100644
--- a/src/_cffi_src/openssl/dh.py
+++ b/src/_cffi_src/openssl/dh.py
@@ -29,7 +29,6 @@ FUNCTIONS = """
 DH *DH_new(void);
 void DH_free(DH *);
 int DH_size(const DH *);
-DH *DH_generate_parameters(int, int, void (*)(int, int, void *), void *);
 int DH_check(const DH *, int *);
 int DH_check_pub_key(const DH *, const BIGNUM *, int *);
 int DH_generate_key(DH *);
diff --git a/src/_cffi_src/openssl/ecdh.py b/src/_cffi_src/openssl/ecdh.py
index 3116c3b6..099f53cb 100644
--- a/src/_cffi_src/openssl/ecdh.py
+++ b/src/_cffi_src/openssl/ecdh.py
@@ -20,13 +20,6 @@ FUNCTIONS = """
 MACROS = """
 int ECDH_compute_key(void *, size_t, const EC_POINT *, EC_KEY *,
                      void *(*)(const void *, size_t, void *, size_t *));
-
-int ECDH_get_ex_new_index(long, void *, CRYPTO_EX_new *, CRYPTO_EX_dup *,
-                          CRYPTO_EX_free *);
-
-int ECDH_set_ex_data(EC_KEY *, int, void *);
-
-void *ECDH_get_ex_data(EC_KEY *, int);
 """
 
 CUSTOMIZATIONS = """
@@ -37,13 +30,6 @@ int (*ECDH_compute_key)(void *, size_t, const EC_POINT *, EC_KEY *,
                         void *(*)(const void *, size_t, void *,
                         size_t *)) = NULL;
 
-int (*ECDH_get_ex_new_index)(long, void *, CRYPTO_EX_new *, CRYPTO_EX_dup *,
-                             CRYPTO_EX_free *) = NULL;
-
-int (*ECDH_set_ex_data)(EC_KEY *, int, void *) = NULL;
-
-void *(*ECDH_get_ex_data)(EC_KEY *, int) = NULL;
-
 #else
 static const long Cryptography_HAS_ECDH = 1;
 #endif
diff --git a/src/_cffi_src/openssl/ecdsa.py b/src/_cffi_src/openssl/ecdsa.py
index f231864b..7cbe5215 100644
--- a/src/_cffi_src/openssl/ecdsa.py
+++ b/src/_cffi_src/openssl/ecdsa.py
@@ -44,14 +44,6 @@ int ECDSA_verify(int, const unsigned char *, int, const unsigned char *, int,
                  EC_KEY *);
 int ECDSA_size(const EC_KEY *);
 
-const ECDSA_METHOD *ECDSA_OpenSSL();
-void ECDSA_set_default_method(const ECDSA_METHOD *);
-const ECDSA_METHOD *ECDSA_get_default_method();
-int ECDSA_get_ex_new_index(long, void *, CRYPTO_EX_new *,
-                           CRYPTO_EX_dup *, CRYPTO_EX_free *);
-int ECDSA_set_method(EC_KEY *, const ECDSA_METHOD *);
-int ECDSA_set_ex_data(EC_KEY *, int, void *);
-void *ECDSA_get_ex_data(EC_KEY *, int);
 """
 
 CUSTOMIZATIONS = """
@@ -83,14 +75,6 @@ int (*ECDSA_verify)(int, const unsigned char *, int, const unsigned char *,
                     int, EC_KEY *) = NULL;
 int (*ECDSA_size)(const EC_KEY *) = NULL;
 
-const ECDSA_METHOD* (*ECDSA_OpenSSL)() = NULL;
-void (*ECDSA_set_default_method)(const ECDSA_METHOD *) = NULL;
-const ECDSA_METHOD* (*ECDSA_get_default_method)() = NULL;
-int (*ECDSA_set_method)(EC_KEY *, const ECDSA_METHOD *) = NULL;
-int (*ECDSA_get_ex_new_index)(long, void *, CRYPTO_EX_new *,
-                              CRYPTO_EX_dup *, CRYPTO_EX_free *) = NULL;
-int (*ECDSA_set_ex_data)(EC_KEY *, int, void *) = NULL;
-void* (*ECDSA_get_ex_data)(EC_KEY *, int) = NULL;
 #else
 static const long Cryptography_HAS_ECDSA = 1;
 #endif
diff --git a/src/_cffi_src/openssl/err.py b/src/_cffi_src/openssl/err.py
index 4ba90662..f6e9632d 100644
--- a/src/_cffi_src/openssl/err.py
+++ b/src/_cffi_src/openssl/err.py
@@ -236,8 +236,6 @@ static const int RSA_F_RSA_SIGN;
 """
 
 FUNCTIONS = """
-void ERR_load_crypto_strings(void);
-void ERR_load_SSL_strings(void);
 void ERR_free_strings(void);
 char *ERR_error_string(unsigned long, char *);
 void ERR_error_string_n(unsigned long, char *, size_t);
diff --git a/src/cryptography/hazmat/bindings/openssl/_conditional.py b/src/cryptography/hazmat/bindings/openssl/_conditional.py
index 8bd9551d..f5999312 100644
--- a/src/cryptography/hazmat/bindings/openssl/_conditional.py
+++ b/src/cryptography/hazmat/bindings/openssl/_conditional.py
@@ -168,9 +168,6 @@ CONDITIONAL_NAMES = {
     ],
     "Cryptography_HAS_ECDH": [
         "ECDH_compute_key",
-        "ECDH_get_ex_new_index",
-        "ECDH_set_ex_data",
-        "ECDH_get_ex_data",
     ],
     "Cryptography_HAS_ECDSA": [
         "ECDSA_SIG_new",
@@ -185,13 +182,6 @@ CONDITIONAL_NAMES = {
         "ECDSA_sign_ex",
         "ECDSA_verify",
         "ECDSA_size",
-        "ECDSA_OpenSSL",
-        "ECDSA_set_default_method",
-        "ECDSA_get_default_method",
-        "ECDSA_set_method",
-        "ECDSA_get_ex_new_index",
-        "ECDSA_set_ex_data",
-        "ECDSA_get_ex_data",
     ],
     "Cryptography_HAS_ENGINE_CRYPTODEV": [
         "ENGINE_load_cryptodev"