7 files changed, 80 insertions, 26 deletions
diff --git a/src/_cffi_src/openssl/engine.py b/src/_cffi_src/openssl/engine.py
index 77c97fe5..afdd54e4 100644
--- a/src/_cffi_src/openssl/engine.py
+++ b/src/_cffi_src/openssl/engine.py
@@ -16,12 +16,10 @@ typedef ... RSA_METHOD;
 typedef ... DSA_METHOD;
 typedef ... DH_METHOD;
 typedef struct {
-    void (*seed)(const void *, int);
     int (*bytes)(unsigned char *, int);
-    void (*cleanup)();
-    void (*add)(const void *, int, double);
     int (*pseudorand)(unsigned char *, int);
     int (*status)();
+    ...;
 } RAND_METHOD;
 typedef int (*ENGINE_GEN_INT_FUNC_PTR)(ENGINE *);
 typedef ... *ENGINE_CTRL_FUNC_PTR;
diff --git a/src/_cffi_src/openssl/err.py b/src/_cffi_src/openssl/err.py
index f6e9632d..e31b1808 100644
--- a/src/_cffi_src/openssl/err.py
+++ b/src/_cffi_src/openssl/err.py
@@ -88,7 +88,6 @@ static const int ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM;
 static const int ASN1_R_UNKNOWN_OBJECT_TYPE;
 static const int ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE;
 static const int ASN1_R_UNKNOWN_TAG;
-static const int ASN1_R_UNKOWN_FORMAT;
 static const int ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE;
 static const int ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM;
 static const int ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE;
@@ -121,11 +120,6 @@ static const int EVP_F_EVP_PKEY2PKCS8_BROKEN;
 static const int EVP_F_EVP_PKEY_COPY_PARAMETERS;
 static const int EVP_F_EVP_PKEY_DECRYPT;
 static const int EVP_F_EVP_PKEY_ENCRYPT;
-static const int EVP_F_EVP_PKEY_GET1_DH;
-static const int EVP_F_EVP_PKEY_GET1_DSA;
-static const int EVP_F_EVP_PKEY_GET1_ECDSA;
-static const int EVP_F_EVP_PKEY_GET1_EC_KEY;
-static const int EVP_F_EVP_PKEY_GET1_RSA;
 static const int EVP_F_EVP_PKEY_NEW;
 static const int EVP_F_EVP_RIJNDAEL;
 static const int EVP_F_EVP_SIGNFINAL;
@@ -195,8 +189,6 @@ static const int PEM_F_PEM_READ;
 static const int PEM_F_PEM_READ_BIO;
 static const int PEM_F_PEM_READ_BIO_PRIVATEKEY;
 static const int PEM_F_PEM_READ_PRIVATEKEY;
-static const int PEM_F_PEM_SEALFINAL;
-static const int PEM_F_PEM_SEALINIT;
 static const int PEM_F_PEM_SIGNFINAL;
 static const int PEM_F_PEM_WRITE;
 static const int PEM_F_PEM_WRITE_BIO;
diff --git a/src/_cffi_src/openssl/evp.py b/src/_cffi_src/openssl/evp.py
index d3ec568a..5abc6451 100644
--- a/src/_cffi_src/openssl/evp.py
+++ b/src/_cffi_src/openssl/evp.py
@@ -12,9 +12,7 @@ TYPES = """
 typedef ... EVP_CIPHER;
 typedef ... EVP_CIPHER_CTX;
 typedef ... EVP_MD;
-typedef struct env_md_ctx_st {
-    ...;
-} EVP_MD_CTX;
+typedef struct { ...; } EVP_MD_CTX;
 
 typedef ... EVP_PKEY;
 typedef ... EVP_PKEY_CTX;
@@ -51,18 +49,15 @@ int EVP_CipherUpdate(EVP_CIPHER_CTX *, unsigned char *, int *,
                      const unsigned char *, int);
 int EVP_CipherFinal_ex(EVP_CIPHER_CTX *, unsigned char *, int *);
 int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *);
-void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *);
 EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void);
 void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *);
 int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *, int);
 
-EVP_MD_CTX *EVP_MD_CTX_create(void);
 int EVP_MD_CTX_copy_ex(EVP_MD_CTX *, const EVP_MD_CTX *);
 int EVP_DigestInit_ex(EVP_MD_CTX *, const EVP_MD *, ENGINE *);
 int EVP_DigestUpdate(EVP_MD_CTX *, const void *, size_t);
 int EVP_DigestFinal_ex(EVP_MD_CTX *, unsigned char *, unsigned int *);
 int EVP_MD_CTX_cleanup(EVP_MD_CTX *);
-void EVP_MD_CTX_destroy(EVP_MD_CTX *);
 const EVP_MD *EVP_get_digestbyname(const char *);
 
 EVP_PKEY *EVP_PKEY_new(void);
@@ -116,9 +111,18 @@ int EVP_PKEY_cmp(const EVP_PKEY *, const EVP_PKEY *);
 EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *);
 
 int Cryptography_EVP_PKEY_id(const EVP_PKEY *);
+
+/* in 1.1.0 _create and _destroy were renamed to _new and _free. The following
+   two functions wrap both the old and new functions so we can call them
+   without worrying about what OpenSSL we're running against. */
+EVP_MD_CTX *Cryptography_EVP_MD_CTX_new(void);
+void Cryptography_EVP_MD_CTX_free(EVP_MD_CTX *);
 """
 
 MACROS = """
+/* became a macro in 1.1.0 */
+void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *);
+
 void OpenSSL_add_all_algorithms(void);
 int EVP_PKEY_assign_RSA(EVP_PKEY *, RSA *);
 int EVP_PKEY_assign_DSA(EVP_PKEY *, DSA *);
@@ -233,4 +237,18 @@ int Cryptography_EVP_PKEY_id(const EVP_PKEY *key) {
         return key->type;
     #endif
 }
+EVP_MD_CTX *Cryptography_EVP_MD_CTX_new(void) {
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+    return EVP_MD_CTX_create();
+#else
+    return EVP_MD_CTX_new();
+#endif
+}
+void Cryptography_EVP_MD_CTX_free(EVP_MD_CTX *ctx) {
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+    EVP_MD_CTX_destroy(ctx);
+#else
+    EVP_MD_CTX_free(ctx);
+#endif
+}
 """
diff --git a/src/_cffi_src/openssl/hmac.py b/src/_cffi_src/openssl/hmac.py
index 7178e573..bcc8a861 100644
--- a/src/_cffi_src/openssl/hmac.py
+++ b/src/_cffi_src/openssl/hmac.py
@@ -9,18 +9,17 @@ INCLUDES = """
 """
 
 TYPES = """
-typedef struct { ...; } HMAC_CTX;
+typedef ... HMAC_CTX;
 """
 
 FUNCTIONS = """
-void HMAC_CTX_init(HMAC_CTX *);
-void HMAC_CTX_cleanup(HMAC_CTX *);
-
 int Cryptography_HMAC_Init_ex(HMAC_CTX *, const void *, int, const EVP_MD *,
                               ENGINE *);
 int Cryptography_HMAC_Update(HMAC_CTX *, const unsigned char *, size_t);
 int Cryptography_HMAC_Final(HMAC_CTX *, unsigned char *, unsigned int *);
 int Cryptography_HMAC_CTX_copy(HMAC_CTX *, HMAC_CTX *);
+HMAC_CTX *Cryptography_HMAC_CTX_new(void);
+void Cryptography_HMAC_CTX_free(HMAC_CTX *ctx);
 """
 
 MACROS = """
@@ -80,4 +79,28 @@ int Cryptography_HMAC_CTX_copy(HMAC_CTX *dst_ctx, HMAC_CTX *src_ctx) {
         return 0;
 #endif
 }
+
+HMAC_CTX *Cryptography_HMAC_CTX_new(void) {
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+    return HMAC_CTX_new();
+#else
+    /* This uses OPENSSL_zalloc in 1.1.0, which is malloc + memset */
+    HMAC_CTX *ctx = (HMAC_CTX *)OPENSSL_malloc(sizeof(HMAC_CTX));
+    memset(ctx, 0, sizeof(HMAC_CTX));
+    return ctx;
+#endif
+}
+
+
+
+void Cryptography_HMAC_CTX_free(HMAC_CTX *ctx) {
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+    return HMAC_CTX_free(ctx);
+#else
+    if (ctx != NULL) {
+        HMAC_CTX_cleanup(ctx);
+        OPENSSL_free(ctx);
+    }
+#endif
+}
 """
diff --git a/src/_cffi_src/openssl/ssl.py b/src/_cffi_src/openssl/ssl.py
index e97a1d7d..2fc86a31 100644
--- a/src/_cffi_src/openssl/ssl.py
+++ b/src/_cffi_src/openssl/ssl.py
@@ -11,9 +11,8 @@ typedef STACK_OF(SSL_CIPHER) Cryptography_STACK_OF_SSL_CIPHER;
 """
 
 TYPES = """
-/*
- * Internally invented symbols to tell which versions of SSL/TLS are supported.
-*/
+static const long Cryptography_HAS_SSL_ST;
+static const long Cryptography_HAS_TLS_ST;
 static const long Cryptography_HAS_SSL2;
 static const long Cryptography_HAS_SSL3_METHOD;
 static const long Cryptography_HAS_TLSv1_1;
@@ -126,6 +125,8 @@ static const long SSL_MODE_ENABLE_PARTIAL_WRITE;
 static const long SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER;
 static const long SSL_MODE_AUTO_RETRY;
 static const long SSL3_RANDOM_SIZE;
+static const long TLS_ST_BEFORE;
+static const long TLS_ST_OK;
 
 typedef ... SSL_METHOD;
 typedef ... SSL_CTX;
@@ -657,4 +658,22 @@ static const long Cryptography_HAS_SSL_CTX_SET_CLIENT_CERT_ENGINE = 0;
 static const long Cryptography_HAS_SSL_CTX_SET_CLIENT_CERT_ENGINE = 1;
 #endif
 
+/* in OpenSSL 1.1.0 the SSL_ST values were renamed to TLS_ST and several were
+   removed */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+static const long Cryptography_HAS_SSL_ST = 1;
+#else
+static const long Cryptography_HAS_SSL_ST = 0;
+static const long SSL_ST_BEFORE = 0;
+static const long SSL_ST_OK = 0;
+static const long SSL_ST_INIT = 0;
+static const long SSL_ST_RENEGOTIATE = 0;
+#endif
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+static const long Cryptography_HAS_TLS_ST = 1;
+#else
+static const long Cryptography_HAS_TLS_ST = 0;
+static const long TLS_ST_BEFORE = 0;
+static const long TLS_ST_OK = 0;
+#endif
 """
diff --git a/src/_cffi_src/openssl/x509.py b/src/_cffi_src/openssl/x509.py
index 4484a8ac..2fe3a1bf 100644
--- a/src/_cffi_src/openssl/x509.py
+++ b/src/_cffi_src/openssl/x509.py
@@ -36,6 +36,8 @@ typedef struct {
     ...;
 } X509_CINF;
 
+/* TODO: opaque X509_EXTENSION. Cryptography no longer depends on it being
+   non-opaque but pyOpenSSL needs a release where it doesn't depend on this */
 typedef struct {
     ASN1_OBJECT *object;
     ASN1_BOOLEAN critical;
diff --git a/src/_cffi_src/openssl/x509_vfy.py b/src/_cffi_src/openssl/x509_vfy.py
index f8467a76..13287797 100644
--- a/src/_cffi_src/openssl/x509_vfy.py
+++ b/src/_cffi_src/openssl/x509_vfy.py
@@ -173,8 +173,6 @@ int X509_STORE_CTX_get_error(X509_STORE_CTX *);
 void X509_STORE_CTX_set_error(X509_STORE_CTX *, int);
 int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *);
 X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *);
-int X509_STORE_CTX_get_ex_new_index(long, void *, CRYPTO_EX_new *,
-                                    CRYPTO_EX_dup *, CRYPTO_EX_free *);
 int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *, int, void *);
 void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *, int);
 
@@ -194,6 +192,10 @@ int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *);
 """
 
 MACROS = """
+/* this CRYPTO_EX_DATA function became a macro in 1.1.0 */
+int X509_STORE_CTX_get_ex_new_index(long, void *, CRYPTO_EX_new *,
+                                    CRYPTO_EX_dup *, CRYPTO_EX_free *);
+
 /* X509_STORE_CTX */
 void X509_STORE_CTX_set0_crls(X509_STORE_CTX *,
                               Cryptography_STACK_OF_X509_CRL *);