deps: upgrade openssl sources to 1.1.1b

This updates all sources in deps/openssl/openssl with openssl-1.1.1b.

PR-URL: https://github.com/nodejs/node/pull/26327
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>

383 files changed, 6857 insertions, 4247 deletions

diff --git a/deps/openssl/openssl/.gitattributes b/deps/openssl/openssl/.gitattributes
deleted file mode 100644
index 15121c861c..0000000000
--- a/deps/openssl/openssl/.gitattributes
+++ /dev/null
@@ -1,3 +0,0 @@
-*.der binary
-/fuzz/corpora/** binary
-*.pfx binary
diff --git a/deps/openssl/openssl/.github/PULL_REQUEST_TEMPLATE.md b/deps/openssl/openssl/.github/PULL_REQUEST_TEMPLATE.md
deleted file mode 100644
index 7b384b1149..0000000000
--- a/deps/openssl/openssl/.github/PULL_REQUEST_TEMPLATE.md
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-Thank you for your pull request. Please review these requirements:
-
-Contributors guide: https://github.com/openssl/openssl/blob/master/CONTRIBUTING
-
-Other than that, provide a description above this comment if there isn't one already
-
-If this fixes a github issue, make sure to have a line saying 'Fixes #XXXX' (without quotes) in the commit message.
--->
-
-##### Checklist
-<!-- Remove items that do not apply. For completed items, change [ ] to [x]. -->
-- [ ] documentation is added or updated
-- [ ] tests are added or updated
diff --git a/deps/openssl/openssl/.gitmodules b/deps/openssl/openssl/.gitmodules
deleted file mode 100644
index af32ea618c..0000000000
--- a/deps/openssl/openssl/.gitmodules
+++ /dev/null
@@ -1,11 +0,0 @@
-[submodule "boringssl"]
-	path = boringssl
-	url = https://boringssl.googlesource.com/boringssl
-
-[submodule "pyca.cryptography"]
-	path = pyca-cryptography
-	url = https://github.com/pyca/cryptography.git
-
-[submodule "krb5"]
-	path = krb5
-	url = https://github.com/krb5/krb5
diff --git a/deps/openssl/openssl/.travis-apt-pin.preferences b/deps/openssl/openssl/.travis-apt-pin.preferences
deleted file mode 100644
index 1797bd0414..0000000000
--- a/deps/openssl/openssl/.travis-apt-pin.preferences
+++ /dev/null
@@ -1,15 +0,0 @@
-Package: clang-3.9
-Pin: release o=Ubuntu
-Pin-Priority: -1
-
-Package: libclang-common-3.9-dev
-Pin: release o=Ubuntu
-Pin-Priority: -1
-
-Package: libclang1-3.9
-Pin: release o=Ubuntu
-Pin-Priority: -1
-
-Package: libllvm3.9v4
-Pin: release o=Ubuntu
-Pin-Priority: -1
diff --git a/deps/openssl/openssl/.travis-create-release.sh b/deps/openssl/openssl/.travis-create-release.sh
deleted file mode 100644
index b39a00137a..0000000000
--- a/deps/openssl/openssl/.travis-create-release.sh
+++ /dev/null
@@ -1,11 +0,0 @@
-#! /bin/sh
-
-# $1 is expected to be $TRAVIS_OS_NAME
-
-./Configure dist
-if [ "$1" == osx ]; then
-    make NAME='_srcdist' TARFILE='_srcdist.tar' \
-         TAR_COMMAND='$(TAR) $(TARFLAGS) -cf -' tar
-else
-    make TARFILE='_srcdist.tar' NAME='_srcdist' dist
-fi
diff --git a/deps/openssl/openssl/.travis.yml b/deps/openssl/openssl/.travis.yml
deleted file mode 100644
index 764da2885e..0000000000
--- a/deps/openssl/openssl/.travis.yml
+++ /dev/null
@@ -1,254 +0,0 @@
-dist: trusty
-sudo: required
-
-osx_image: xcode9.3
-
-language: c
-cache: ccache
-git:
-    submodules: false
-    quiet: true
-
-before_install:
-    - if [ -n "$COVERALLS" ]; then
-          pip install --user cpp-coveralls;
-      fi;
-    - if expr "$CONFIG_OPTS" ":" ".*enable-external-tests" > /dev/null; then
-          git submodule update --init --recursive;
-      fi;
-
-os:
-    - linux
-    - osx
-
-compiler:
-    - clang
-    - gcc
-
-env:
-    - CONFIG_OPTS="" DESTDIR="_install"
-    - CONFIG_OPTS="no-asm -Werror --debug no-afalgeng no-shared enable-crypto-mdebug enable-rc5 enable-md2"
-    - CONFIG_OPTS="no-asm no-makedepend --strict-warnings -std=c89 -D_DEFAULT_SOURCE" BUILDONLY="yes" CHECKDOCS="yes" GENERATE="yes"
-
-matrix:
-    include:
-        - os: linux-ppc64le
-          sudo: false
-          compiler: clang
-          env: CONFIG_OPTS="--strict-warnings -D__NO_STRING_INLINES"
-        - os: linux
-          addons:
-              apt:
-                  packages:
-                      - gcc-5
-                      - g++-5
-                  sources:
-                      - ubuntu-toolchain-r-test
-          compiler: gcc-5
-          env: CONFIG_OPTS="--strict-warnings" COMMENT="Move to the BORINGTEST build when interoperable"
-        - os: linux
-          compiler: clang
-          env: CONFIG_OPTS="--strict-warnings -D__NO_STRING_INLINES no-deprecated" BUILDONLY="yes"
-        - os: linux
-          addons:
-              apt:
-                  packages:
-                      - binutils-mingw-w64
-                      - gcc-mingw-w64
-          compiler: i686-w64-mingw32-gcc
-          env: CONFIG_OPTS="no-stdio" BUILDONLY="yes"
-        # Uncomment if there is reason to believe that PPC-specific problem
-        # can be diagnosed with this possibly >30 mins sanitizer build...
-        #- os: linux-ppc64le
-        #  sudo: false
-        #  compiler: gcc
-        #  env: EXTENDED_TEST="yes" CONFIG_OPTS="no-asm enable-asan enable-ubsan no-shared -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -D__NO_STRING_INLINES"
-        - os: linux
-          addons:
-              apt:
-                  packages:
-                      - gcc-5
-                      - g++-5
-                      - golang-1.6
-                  sources:
-                      - ubuntu-toolchain-r-test
-          compiler: gcc-5
-          env:  EXTENDED_TEST="yes" CONFIG_OPTS="--debug --coverage no-asm enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-ssl3 enable-ssl3-method enable-nextprotoneg enable-weak-ssl-ciphers no-shared -DPEDANTIC -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION" COVERALLS="yes" BORINGSSL_TESTS="yes" CXX="g++-5"
-        - os: linux
-          addons:
-              apt:
-                  packages:
-                      - gcc-5
-                      - g++-5
-                      - golang-1.6
-                  sources:
-                      - ubuntu-toolchain-r-test
-          compiler: gcc-5
-          env:  EXTENDED_TEST="yes" CONFIG_OPTS="--debug enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-external-tests" BORINGSSL_TESTS="yes" CXX="g++-5" TESTS=95
-        - os: linux
-          compiler: clang
-          env: EXTENDED_TEST="yes" CONFIG_OPTS="enable-msan -D__NO_STRING_INLINES -Wno-unused-command-line-argument"
-        - os: linux
-          compiler: clang
-          env:  EXTENDED_TEST="yes" CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-nextprotoneg no-shared -fno-sanitize=alignment -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -D__NO_STRING_INLINES -Wno-unused-command-line-argument"
-        - os: linux
-          compiler: clang
-          env: EXTENDED_TEST="yes" CONFIG_OPTS="no-asm enable-asan enable-rc5 enable-md2 no-shared -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -D__NO_STRING_INLINES -Wno-unused-command-line-argument"
-        - os: linux
-          addons:
-              apt:
-                  packages:
-                      - gcc-5
-                      - g++-5
-                  sources:
-                      - ubuntu-toolchain-r-test
-          compiler: gcc-5
-          env: UBUNTU_GCC_HACK="yes" EXTENDED_TEST="yes" CONFIG_OPTS="--debug no-asm enable-ubsan enable-rc5 enable-md2 -DPEDANTIC" OPENSSL_TEST_RAND_ORDER=0
-        - os: linux
-          addons:
-              apt:
-                  packages:
-                      - binutils-mingw-w64
-                      - gcc-mingw-w64
-          compiler: i686-w64-mingw32-gcc
-          env: EXTENDED_TEST="yes" CONFIG_OPTS="no-pic"
-        - os: linux
-          addons:
-              apt:
-                  packages:
-                      - binutils-mingw-w64
-                      - gcc-mingw-w64
-          compiler: x86_64-w64-mingw32-gcc
-          env: EXTENDED_TEST="yes" CONFIG_OPTS="no-pic"
-    exclude:
-        - os: linux
-          compiler: clang
-        - os: osx
-          compiler: gcc
-
-before_script:
-    - env
-    - if [ "$TRAVIS_PULL_REQUEST" != "false" -a -n "$EXTENDED_TEST" ]; then
-          (git log -1 $TRAVIS_COMMIT_RANGE | grep '\[extended tests\]' > /dev/null) || exit 0;
-      fi
-    - if [ -n "$DESTDIR" ]; then
-          sh .travis-create-release.sh $TRAVIS_OS_NAME;
-          tar -xzf _srcdist.tar.gz;
-          mkdir _build;
-          cd _build;
-          srcdir=../_srcdist;
-          top=..;
-      else
-          srcdir=.;
-          top=.;
-      fi
-    - if [ -n "$UBUNTU_GCC_HACK" ]; then
-          $CC -dumpspecs | sed "s/--push-state//g; s/--pop-state/--as-needed/g" > gcc-specs.txt;
-          CC="$CC -specs=gcc-specs.txt";
-      fi
-    - if [ "$CC" = i686-w64-mingw32-gcc ]; then
-          export CROSS_COMPILE=${CC%%gcc}; unset CC;
-          $srcdir/Configure mingw $CONFIG_OPTS -Wno-pedantic-ms-format;
-      elif [ "$CC" = x86_64-w64-mingw32-gcc ]; then
-          export CROSS_COMPILE=${CC%%gcc}; unset CC;
-          $srcdir/Configure mingw64 $CONFIG_OPTS -Wno-pedantic-ms-format;
-      else
-          if [ "$CC" = clang-3.9 ]; then
-              sudo cp .travis-apt-pin.preferences /etc/apt/preferences.d/no-ubuntu-clang;
-              curl -sSL "http://apt.llvm.org/llvm-snapshot.gpg.key" | sudo -E apt-key add -;
-              echo "deb http://apt.llvm.org/trusty/ llvm-toolchain-trusty-3.9 main" | sudo tee -a /etc/apt/sources.list > /dev/null;
-              sudo -E apt-add-repository -y "ppa:ubuntu-toolchain-r/test";
-              sudo -E apt-get -yq update;
-              sudo -E apt-get -yq --no-install-suggests --no-install-recommends --force-yes install clang-3.9;
-          elif which ccache >/dev/null; then
-              CC="ccache $CC";
-          fi;
-          $srcdir/config -v $CONFIG_OPTS;
-      fi
-    - ./configdata.pm --dump
-    - cd $top
-
-script:
-    - if [ -z "$BUILDONLY" ]; then
-          make="make -s";
-      else
-          make="make";
-      fi
-    - if [ -n "$GENERATE" ]; then
-          make2="$make PERL=no-perl";
-      else
-          make2="$make";
-      fi
-    - top=${PWD}
-    - if [ -n "$DESTDIR" ]; then
-          cd _build;
-      fi
-    - if $make update; then
-          echo -e '+\057 MAKE UPDATE OK';
-      else
-          echo -e '+\057 MAKE UPDATE FAILED'; false;
-      fi
-    - git diff --exit-code
-    - if [ -n "$CHECKDOCS" ]; then
-          if $make doc-nits; then
-              echo -e '+\057\057 MAKE DOC-NITS OK';
-          else
-              echo -e '+\057\057 MAKE DOC-NITS FAILED'; false;
-          fi;
-      fi
-    - if [ -n "$GENERATE" ]; then
-          if $make build_all_generated; then
-              echo -e '+\057\057\057 MAKE BUILD_ALL_GENERATED OK';
-          else
-              echo -e '+\057\057\057 MAKE BUILD_ALL_GENERATED FAILED'; false;
-          fi;
-      fi
-    - if $make2; then
-          echo -e '+\057\057\057\057 MAKE OK';
-      else
-          echo -e '+\057\057\057\057 MAKE FAILED'; false;
-      fi;
-    - if [ -z "$BUILDONLY" ]; then
-          if [ -n "$CROSS_COMPILE" ]; then
-              sudo dpkg --add-architecture i386;
-              sudo apt-get update;
-              sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install wine;
-              export EXE_SHELL="wine" WINEPREFIX=`pwd`;
-          fi;
-          if [ -e krb5/src ]; then
-              sudo apt-get -yq install bison dejagnu gettext keyutils ldap-utils libldap2-dev libkeyutils-dev python-cjson python-paste python-pyrad slapd tcl-dev tcsh;
-          fi;
-          if HARNESS_VERBOSE=yes BORING_RUNNER_DIR=$top/boringssl/ssl/test/runner make test; then
-              echo -e '+\057\057\057\057\057 MAKE TEST OK';
-          else
-              echo -e '+\057\057\057\057\057 MAKE TEST FAILED'; false;
-          fi;
-      else
-          if $make build_tests >~/build.log 2>&1; then
-              echo -e '+\057\057\057\057\057\057 MAKE BUILD_TESTS OK';
-          else
-              echo -e '+\057\057\057\057\057\057 MAKE BUILD_TESTS FAILED';
-              cat ~/build.log
-              false;
-          fi;
-      fi
-    - if [ -n "$DESTDIR" ]; then
-          mkdir "$top/$DESTDIR";
-          if $make install DESTDIR="$top/$DESTDIR" >~/install.log 2>&1 ; then
-              echo -e '+\057\057\057\057\057\057\057 MAKE INSTALL OK';
-          else
-              echo -e '+\057\057\057\057\057\057\057 MAKE INSTALL FAILED';
-              cat ~/install.log;
-              false;
-          fi;
-      fi
-    - cd $top
-
-after_success:
-    - if [ -n "$COVERALLS" ]; then
-          coveralls -b . --gcov gcov-5 --gcov-options '\-lpbc';
-      fi;
-
-notifications:
-    email:
-        secure: "xeGNgWO7aoaDgRvcZubposqMsj36aU8c6F0oHfw+rUqltCQ14IgYCUwzocmR2O+Pa7B3Cx5VjMfBFHbQaajZsfod8vu7g+aGq/zkjwbhsr/SR4dljJjFJXLGZjIalm9KgP6KInmVDuINfCqP+MHIY5lZkNI7DMcyHDhVc5nSKvCXV7xTDNgmstvh8rB/z51WfHDqGqfBtiuK5FDNxmvYK8OFJ5W94Lu9LDlizcxwK3GAj7arOui7Z5w8bQ6p4seUE3IvJL1Zbj0pZHxvNb6Zeb2Pn8QF1qLlN8YmBktD4aiw0ce4wYRiL87uLgcOxZY7SVXtv2XYFIYWapU/FKjCqa6vK93V/H9eZWEIYNMKnN3wXm2beqVdnKek3OeGJ8v0y7MbSfuLfRtBqbTSNYnpU1Zuo4MQAvHvEPuwCAYkYQajOSRplMH5sULFKptuVqNtOMfjL8jHb8AEoL1acYIk43ydxeYrzzas4fqgCDJ52573/u0RNdF1lkQBLkuM365OB8VRqtpnoxcdEIY/qBc/8TzZ24fxyrs5qdHFcxGSgpN2EP6cJMqpvkemnCNSdhxUqfzm22N7a3O8+4LFSBGOnHto/PwdsvF/01yGYL0LoZTnoO1i6x7AMJPBh+eyDU0ZjGhj/msjmqeb9C8vRqQ+1WjHrIS1iqCD0Czib8tUPD4="
diff --git a/deps/openssl/openssl/CHANGES b/deps/openssl/openssl/CHANGES
index 4b68f48329..67a6bd2338 100644
--- a/deps/openssl/openssl/CHANGES
+++ b/deps/openssl/openssl/CHANGES
@@ -7,6 +7,44 @@
  https://github.com/openssl/openssl/commits/ and pick the appropriate
  release branch.
 
+ Changes between 1.1.1a and 1.1.1b [26 Feb 2019]
+
+  *) Added SCA hardening for modular field inversion in EC_GROUP through
+     a new dedicated field_inv() pointer in EC_METHOD.
+     This also addresses a leakage affecting conversions from projective
+     to affine coordinates.
+     [Billy Bob Brumley, Nicola Tuveri]
+
+  *) Change the info callback signals for the start and end of a post-handshake
+     message exchange in TLSv1.3. In 1.1.1/1.1.1a we used SSL_CB_HANDSHAKE_START
+     and SSL_CB_HANDSHAKE_DONE. Experience has shown that many applications get
+     confused by this and assume that a TLSv1.2 renegotiation has started. This
+     can break KeyUpdate handling. Instead we no longer signal the start and end
+     of a post handshake message exchange (although the messages themselves are
+     still signalled). This could break some applications that were expecting
+     the old signals. However without this KeyUpdate is not usable for many
+     applications.
+     [Matt Caswell]
+
+  *) Fix a bug in the computation of the endpoint-pair shared secret used
+     by DTLS over SCTP. This breaks interoperability with older versions
+     of OpenSSL like OpenSSL 1.1.0 and OpenSSL 1.0.2. There is a runtime
+     switch SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG (off by default) enabling
+     interoperability with such broken implementations. However, enabling
+     this switch breaks interoperability with correct implementations.
+
+  *) Fix a use after free bug in d2i_X509_PUBKEY when overwriting a
+     re-used X509_PUBKEY object if the second PUBKEY is malformed.
+     [Bernd Edlinger]
+
+  *) Move strictness check from EVP_PKEY_asn1_new() to EVP_PKEY_asn1_add0().
+     [Richard Levitte]
+
+  *) Remove the 'dist' target and add a tarball building script.  The
+     'dist' target has fallen out of use, and it shouldn't be
+     necessary to configure just to create a source distribution.
+     [Richard Levitte]
+
  Changes between 1.1.1 and 1.1.1a [20 Nov 2018]
 
   *) Timing vulnerability in DSA signature generation
diff --git a/deps/openssl/openssl/CONTRIBUTING b/deps/openssl/openssl/CONTRIBUTING
index c0eed39e34..5d717763d5 100644
--- a/deps/openssl/openssl/CONTRIBUTING
+++ b/deps/openssl/openssl/CONTRIBUTING
@@ -57,7 +57,7 @@ guidelines:
     7.  For user visible changes (API changes, behaviour changes, ...),
     consider adding a note in CHANGES.  This could be a summarising
     description of the change, and could explain the grander details.
-    Have a look through existing entries for inspiration. 
+    Have a look through existing entries for inspiration.
     Please note that this is NOT simply a copy of git-log oneliners.
     Also note that security fixes get an entry in CHANGES.
     This file helps users get more in depth information of what comes
diff --git a/deps/openssl/openssl/Configurations/00-base-templates.conf b/deps/openssl/openssl/Configurations/00-base-templates.conf
index 8555ba158b..5fd995cb33 100644
--- a/deps/openssl/openssl/Configurations/00-base-templates.conf
+++ b/deps/openssl/openssl/Configurations/00-base-templates.conf
@@ -306,7 +306,7 @@ my %targets=(
 	sha1_asm_src    => "sha1-armv4-large.S sha256-armv4.S sha512-armv4.S",
 	modes_asm_src   => "ghash-armv4.S ghashv8-armx.S",
 	chacha_asm_src  => "chacha-armv4.S",
-	poly1305_asm_src=> "poly1305-armv4.S", 
+	poly1305_asm_src=> "poly1305-armv4.S",
 	keccak1600_asm_src	=> "keccak1600-armv4.S",
 	perlasm_scheme	=> "void"
     },
diff --git a/deps/openssl/openssl/Configurations/10-main.conf b/deps/openssl/openssl/Configurations/10-main.conf
index 5cf345da0a..930f2d3c92 100644
--- a/deps/openssl/openssl/Configurations/10-main.conf
+++ b/deps/openssl/openssl/Configurations/10-main.conf
@@ -360,7 +360,7 @@ my %targets = (
         inherit_from     => [ "BASE_unix" ],
         template         => 1,
         cppflags         => threads("-D_SGI_MP_SOURCE"),
-        lib_cppflags     => "-DB_ENDIAN -DBN_DIV3W",
+        lib_cppflags     => "-DB_ENDIAN",
         ex_libs          => add(threads("-lpthread")),
         thread_scheme    => "pthreads",
         dso_scheme       => "dlfcn",
@@ -651,7 +651,7 @@ my %targets = (
         dso_scheme       => "dlfcn",
         shared_target    => "linux-shared",
         shared_cflag     => "-fPIC",
-        shared_ldflag    => "-Wl,-znodelete",
+        shared_ldflag    => sub { $disabled{pinshared} ? () : "-Wl,-znodelete" },
         shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)",
         enable           => [ "afalgeng" ],
     },
@@ -733,7 +733,6 @@ my %targets = (
         inherit_from     => [ "linux-generic32", asm("mips32_asm") ],
         cflags           => add("-mabi=32"),
         cxxflags         => add("-mabi=32"),
-        lib_cppflags     => add("-DBN_DIV3W"),
         perlasm_scheme   => "o32",
     },
     # mips32 and mips64 below refer to contemporary MIPS Architecture
@@ -742,7 +741,6 @@ my %targets = (
         inherit_from     => [ "linux-generic32", asm("mips64_asm") ],
         cflags           => add("-mabi=n32"),
         cxxflags         => add("-mabi=n32"),
-        lib_cppflags     => add("-DBN_DIV3W"),
         bn_ops           => "SIXTY_FOUR_BIT RC4_CHAR",
         perlasm_scheme   => "n32",
         multilib         => "32",
@@ -751,7 +749,6 @@ my %targets = (
         inherit_from     => [ "linux-generic64", asm("mips64_asm") ],
         cflags           => add("-mabi=64"),
         cxxflags         => add("-mabi=64"),
-        lib_cppflags     => add("-DBN_DIV3W"),
         perlasm_scheme   => "64",
         multilib         => "64",
     },
@@ -1115,7 +1112,7 @@ my %targets = (
         dso_scheme       => "dlfcn",
         shared_target    => "self",
         module_ldflags   => "-Wl,-G,-bsymbolic,-bexpall",
-        shared_ldflag    => "-Wl,-G,-bsymbolic",
+        shared_ldflag    => "-Wl,-G,-bsymbolic,-bnoentry",
         shared_defflag   => "-Wl,-bE:",
         shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)",
         dso_extension    => ".so",
@@ -1747,6 +1744,8 @@ my %targets = (
         asflags          => sub { vms_info()->{asflags} },
         perlasm_scheme   => sub { vms_info()->{perlasm_scheme} },
 
+        disable          => add('pinshared'),
+
         apps_aux_src     => "vms_term_sock.c",
         apps_init_src    => "vms_decc_init.c",
     },
@@ -1782,7 +1781,7 @@ my %targets = (
     },
     "vms-ia64" => {
         inherit_from     => [ "vms-generic",
-                              sub { vms_info()->{as}
+                              sub { vms_info()->{AS}
                                         ? asm("ia64_asm")->() : () } ],
         bn_ops           => "SIXTY_FOUR_BIT RC4_INT",
         pointer_size     => "",
diff --git a/deps/openssl/openssl/Configurations/15-android.conf b/deps/openssl/openssl/Configurations/15-android.conf
index 10342ed5e3..7b496a4529 100644
--- a/deps/openssl/openssl/Configurations/15-android.conf
+++ b/deps/openssl/openssl/Configurations/15-android.conf
@@ -22,13 +22,19 @@
                 return $android_ndk = { bn_ops => "BN_AUTO" };
             }
 
-            my $ndk = $ENV{ANDROID_NDK};
-            die "\$ANDROID_NDK is not defined"  if (!$ndk);
+            my $ndk_var;
+            my $ndk;
+            foreach (qw(ANDROID_NDK_HOME ANDROID_NDK)) {
+                $ndk_var = $_;
+                $ndk = $ENV{$ndk_var};
+                last if defined $ndk;
+            }
+            die "\$ANDROID_NDK_HOME is not defined"  if (!$ndk);
             if (!-d "$ndk/platforms" && !-f "$ndk/AndroidVersion.txt") {
                 # $ndk/platforms is traditional "all-inclusive" NDK, while
                 # $ndk/AndroidVersion.txt is so-called standalone toolchain
                 # tailored for specific target down to API level.
-                die "\$ANDROID_NDK=$ndk is invalid";
+                die "\$ANDROID_NDK_HOME=$ndk is invalid";
             }
             $ndk = canonpath($ndk);
 
@@ -90,7 +96,7 @@
                 (my $tridefault = $triarch) =~ s/^arm-/$arm-/;
                 (my $tritools   = $triarch) =~ s/(?:x|i6)86(_64)?-.*/x86$1/;
                 $cflags .= " -target $tridefault "
-                        .  "-gcc-toolchain \$(ANDROID_NDK)/toolchains"
+                        .  "-gcc-toolchain \$($ndk_var)/toolchains"
                         .  "/$tritools-4.9/prebuilt/$host";
                 $user{CC} = "clang" if ($user{CC} !~ m|clang|);
                 $user{CROSS_COMPILE} = undef;
@@ -127,13 +133,13 @@
                 die "no $incroot/$triarch" if (!-d "$incroot/$triarch");
                 $incroot =~ s|^$ndk/||;
                 $cppflags  = "-D__ANDROID_API__=$api";
-                $cppflags .= " -isystem \$(ANDROID_NDK)/$incroot/$triarch";
-                $cppflags .= " -isystem \$(ANDROID_NDK)/$incroot";
+                $cppflags .= " -isystem \$($ndk_var)/$incroot/$triarch";
+                $cppflags .= " -isystem \$($ndk_var)/$incroot";
             }
 
             $sysroot =~ s|^$ndk/||;
             $android_ndk = {
-                cflags   => "$cflags --sysroot=\$(ANDROID_NDK)/$sysroot",
+                cflags   => "$cflags --sysroot=\$($ndk_var)/$sysroot",
                 cppflags => $cppflags,
                 bn_ops   => $arch =~ m/64$/ ? "SIXTY_FOUR_BIT_LONG"
                                             : "BN_LLONG",
diff --git a/deps/openssl/openssl/Configurations/50-win-onecore.conf b/deps/openssl/openssl/Configurations/50-win-onecore.conf
index c71d3646f2..51cb3819cb 100644
--- a/deps/openssl/openssl/Configurations/50-win-onecore.conf
+++ b/deps/openssl/openssl/Configurations/50-win-onecore.conf
@@ -4,7 +4,7 @@
 # Mobile[?] Windows editions. It's a set up "umbrella" libraries that
 # export subset of Win32 API that are common to all Windows 10 devices.
 #
-# OneCore Configuration temporarly dedicated for console applications 
+# OneCore Configuration temporarly dedicated for console applications
 # due to disabled event logging, which is incompatible with one core.
 # Error messages are provided via standard error only.
 # TODO: extend error handling to use ETW based eventing
diff --git a/deps/openssl/openssl/Configurations/README b/deps/openssl/openssl/Configurations/README
index d2d893d8d2..0b856284da 100644
--- a/deps/openssl/openssl/Configurations/README
+++ b/deps/openssl/openssl/Configurations/README
@@ -118,7 +118,7 @@ In each table entry, the following keys are significant:
                            '<unistd.h>'.  This is very rarely needed.
 
         shared_extension => File name extension used for shared
-                            libraries. 
+                            libraries.
         obj_extension   => File name extension used for object files.
                            On unix, this defaults to ".o" (NOTE: this
                            is here for future use, it's not
@@ -518,7 +518,7 @@ clash with those generated by Configure, it's possible to tell it
 not to generate them with the use of OVERRIDES, for example:
 
     SOURCE[libfoo]=foo.c bar.c
-    
+
     OVERRIDES=bar.o
     BEGINRAW[Makefile(unix)]
     bar.o: bar.c
diff --git a/deps/openssl/openssl/Configurations/README.design b/deps/openssl/openssl/Configurations/README.design
index cae08fc249..5fb2737c25 100644
--- a/deps/openssl/openssl/Configurations/README.design
+++ b/deps/openssl/openssl/Configurations/README.design
@@ -86,7 +86,7 @@ depends on the library 'libssl' to function properly.
     LIBS=../libcrypto
     SOURCE[../libcrypto]=aes.c evp.c cversion.c
     DEPEND[cversion.o]=buildinf.h
-    
+
     GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)"
     DEPEND[buildinf.h]=../Makefile
     DEPEND[../util/mkbuildinf.pl]=../util/Foo.pm
@@ -101,7 +101,7 @@ show that duplicate information isn't an issue.
 This build.info file informs us that 'libcrypto' is built from a few
 source files, 'crypto/aes.c', 'crypto/evp.c' and 'crypto/cversion.c'.
 It also shows us that building the object file inferred from
-'crypto/cversion.c' depends on 'crypto/buildinf.h'.  Finally, it 
+'crypto/cversion.c' depends on 'crypto/buildinf.h'.  Finally, it
 also shows the possibility to declare how some files are generated
 using some script, in this case a perl script, and how such scripts
 can be declared to depend on other files, in this case a perl module.
@@ -152,7 +152,7 @@ information comes down to this:
     SOURCE[libssl]=ssl/tls.c
     INCLUDE[libssl]=include
     DEPEND[libssl]=libcrypto
-    
+
     PROGRAMS=apps/openssl
     SOURCE[apps/openssl]=apps/openssl.c
     INCLUDE[apps/openssl]=. include
@@ -167,7 +167,7 @@ information comes down to this:
     SOURCE[engines/ossltest]=engines/e_ossltest.c
     DEPEND[engines/ossltest]=libcrypto.a
     INCLUDE[engines/ossltest]=include
-    
+
     GENERATE[crypto/buildinf.h]=util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)"
     DEPEND[crypto/buildinf.h]=Makefile
     DEPEND[util/mkbuildinf.pl]=util/Foo.pm
diff --git a/deps/openssl/openssl/Configurations/descrip.mms.tmpl b/deps/openssl/openssl/Configurations/descrip.mms.tmpl
index 40876bdf88..0ccd5f0751 100644
--- a/deps/openssl/openssl/Configurations/descrip.mms.tmpl
+++ b/deps/openssl/openssl/Configurations/descrip.mms.tmpl
@@ -795,10 +795,10 @@ $target : $args{generator}->[0] $deps
 	$generator \$\@-S
         \@ $incs_on
 	PIPE \$(CPP) $cppflags \$\@-S | -
-        \$(PERL) -ne "/^#(\\s*line)?\\s*[0-9]+\\s+""/ or print" > \$\@-i
+             \$(PERL) -ne "/^#(\\s*line)?\\s*[0-9]+\\s+""/ or print" > \$\@-i
         \@ $incs_off
         RENAME \$\@-i \$\@
-        DELETE \$\@-S
+        DELETE \$\@-S;
 EOF
               }
               # Otherwise....
@@ -840,19 +840,6 @@ EOF
       my $before = $unified_info{before}->{$obj.".OBJ"} || "\@ !";
       my $after = $unified_info{after}->{$obj.".OBJ"} || "\@ !";
 
-      if ($srcs[0] =~ /\.asm$/) {
-          my $asflags = { lib => ' $(LIB_ASFLAGS)',
-		          dso => ' $(DSO_ASFLAGS)',
-		          bin => ' $(BIN_ASFLAGS)' } -> {$args{intent}};
-          return <<"EOF";
-$obj.OBJ : $deps
-        ${before}
-        SET DEFAULT $forward
-        \$(AS) $asflags \$(ASOUTFLAG)${objd}${objn}.OBJ $srcs
-        SET DEFAULT $backward
-EOF
-      }
-
       my $cflags;
       if ($args{installed}) {
           $cflags = { lib => '$(LIB_CFLAGS)',
@@ -866,6 +853,9 @@ EOF
       $cflags .= { lib => '$(LIB_CPPFLAGS)',
 		   dso => '$(DSO_CPPFLAGS)',
 		   bin => '$(BIN_CPPFLAGS)' } -> {$args{intent}};
+      my $asflags = { lib => ' $(LIB_ASFLAGS)',
+		      dso => ' $(DSO_ASFLAGS)',
+		      bin => ' $(BIN_ASFLAGS)' } -> {$args{intent}};
 
       my @incs_cmds = includes({ lib => '$(LIB_INCLUDES)',
                                  dso => '$(DSO_INCLUDES)',
@@ -877,6 +867,34 @@ EOF
                                } @{$args{incs}});
       my $incs_on = join("\n\t\@ ", @{$incs_cmds[0]}) || '!';
       my $incs_off = join("\n\t\@ ", @{$incs_cmds[1]}) || '!';
+
+      if ($srcs[0] =~ /\.asm$/) {
+          return <<"EOF";
+$obj.OBJ : $deps
+        ${before}
+        SET DEFAULT $forward
+        \$(AS) $asflags \$(ASOUTFLAG)${objd}${objn}.OBJ $srcs
+        SET DEFAULT $backward
+        ${after}
+        - PURGE $obj.OBJ
+EOF
+      } elsif ($srcs[0] =~ /.S$/) {
+         return <<"EOF";
+$obj.OBJ : $deps
+        ${before}
+        SET DEFAULT $forward
+        \@ $incs_on
+        PIPE \$(CPP) ${cflags} $srcs | -
+             \$(PERL) -ne "/^#(\\s*line)?\\s*[0-9]+\\s+""/ or print" -
+             > ${objd}${objn}.asm
+        \@ $incs_off
+        SET DEFAULT $backward
+        ${after}
+        \$(AS) $asflags \$(ASOUTFLAG)$obj.OBJ $obj.asm
+        - PURGE $obj.OBJ
+EOF
+      }
+
       my $depbuild = $disabled{makedepend} ? ""
           : " /MMS=(FILE=${objd}${objn}.D,TARGET=$obj.OBJ)";
 
@@ -1028,7 +1046,7 @@ EOF
                                  push @lines, "\@ WRITE OPT_FILE \"$x/SHARE\"";
                              } elsif ($x =~ m|\.OLB$|) {
                                  (my $l = $x) =~ s/\W/_/g;
-                                 push @lines, 
+                                 push @lines,
                                      "\@ IF nomain THEN WRITE OPT_FILE \"$x/LIB\$(INCLUDE_MAIN_$l)\"",
                                      "\@ IF .NOT. nomain THEN WRITE OPT_FILE \"$x/LIB\""
                              }
diff --git a/deps/openssl/openssl/Configurations/dist.conf b/deps/openssl/openssl/Configurations/dist.conf
deleted file mode 100644
index 2a458bcddf..0000000000
--- a/deps/openssl/openssl/Configurations/dist.conf
+++ /dev/null
@@ -1,12 +0,0 @@
-## -*- mode: perl; -*-
-## Build configuration targets for openssl-team members
-
-# This is to support 'make dist'
-my %targets = (
-    "dist" => {
-        inherit_from     => [ 'BASE_unix' ],
-        CC               => "cc",
-        CFLAGS           => "-O",
-        thread_scheme    => "(unknown)",
-    },
-);
diff --git a/deps/openssl/openssl/Configurations/unix-Makefile.tmpl b/deps/openssl/openssl/Configurations/unix-Makefile.tmpl
index e7120194ef..288b79202a 100644
--- a/deps/openssl/openssl/Configurations/unix-Makefile.tmpl
+++ b/deps/openssl/openssl/Configurations/unix-Makefile.tmpl
@@ -227,6 +227,7 @@ TARFLAGS= {- $target{TARFLAGS} -}
 
 BASENAME=       openssl
 NAME=           $(BASENAME)-$(VERSION)
+# Relative to $(SRCDIR)
 TARFILE=        ../$(NAME).tar
 
 ##### Project flags ##################################################
@@ -650,7 +651,7 @@ install_runtime_libs: build_libs
 		: {- output_off() unless windowsdll(); "" -}; \
 		$(ECHO) "install $$s -> $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \
 		cp $$s $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \
-		chmod 644 $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \
+		chmod 755 $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \
 		mv -f $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new \
 		      $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \
 		: {- output_on() unless windowsdll(); "" -}{- output_off() if windowsdll(); "" -}; \
@@ -830,37 +831,8 @@ tags TAGS: FORCE
 
 # Release targets (note: only available on Unix) #####################
 
-# If your tar command doesn't support --owner and --group, make sure to
-# use one that does, for example GNU tar
-TAR_COMMAND=$(TAR) $(TARFLAGS) --owner 0 --group 0 -cf -
-PREPARE_CMD=:
 tar:
-	set -e; \
-	TMPDIR=/var/tmp/openssl-copy.$$$$; \
-	DISTDIR=$(NAME); \
-	mkdir -p $$TMPDIR/$$DISTDIR; \
-	(cd $(SRCDIR); \
-	 excl_re=`git submodule status | sed -e 's/^.//' | cut -d' ' -f2`; \
-	 excl_re="^(fuzz/corpora|Configurations/.*\.norelease\.conf|`echo $$excl_re | sed -e 's/ /$$|/g'`\$$)"; \
-	 echo "$$excl_re"; \
-	 git ls-tree -r --name-only --full-tree HEAD \
-	 | egrep -v "$$excl_re" \
-	 | while read F; do \
-	       mkdir -p $$TMPDIR/$$DISTDIR/`dirname $$F`; \
-	       cp $$F $$TMPDIR/$$DISTDIR/$$F; \
-	   done); \
-	(cd $$TMPDIR/$$DISTDIR; \
-	 $(PREPARE_CMD); \
-	 find . -type d -print | xargs chmod 755; \
-	 find . -type f -print | xargs chmod a+r; \
-	 find . -type f -perm -0100 -print | xargs chmod a+x); \
-	(cd $$TMPDIR; $(TAR_COMMAND) $$DISTDIR) \
-	| (cd $(SRCDIR); gzip --best > $(TARFILE).gz); \
-	rm -rf $$TMPDIR
-	cd $(SRCDIR); ls -l $(TARFILE).gz
-
-dist:
-	@$(MAKE) PREPARE_CMD='$(PERL) ./Configure dist' TARFILE="$(TARFILE)" NAME="$(NAME)" tar
+	(cd $(SRCDIR); ./util/mktar.sh --name='$(NAME)' --tarfile='$(TARFILE)')
 
 # Helper targets #####################################################
 
diff --git a/deps/openssl/openssl/Configure b/deps/openssl/openssl/Configure
index d5dc36c285..608012225c 100755
--- a/deps/openssl/openssl/Configure
+++ b/deps/openssl/openssl/Configure
@@ -1,6 +1,6 @@
 #! /usr/bin/env perl
 # -*- mode: perl; -*-
-# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -144,6 +144,8 @@ my $gcc_devteam_warn = "-DDEBUG_UNUSED"
 #       -Wlanguage-extension-token -- no, we use asm()
 #       -Wunused-macros -- no, too tricky for BN and _XOPEN_SOURCE etc
 #       -Wextended-offsetof -- no, needed in CMS ASN1 code
+#       -Wunused-function -- no, it forces header use of safestack et al
+#                            DEFINE macros
 my $clang_devteam_warn = ""
         . " -Wswitch-default"
         . " -Wno-parentheses-equality"
@@ -153,6 +155,7 @@ my $clang_devteam_warn = ""
         . " -Wincompatible-pointer-types-discards-qualifiers"
         . " -Wmissing-variable-declarations"
         . " -Wno-unknown-warning-option"
+        . " -Wno-unused-function"
         ;
 
 # This adds backtrace information to the memory leak info.  Is only used
@@ -374,6 +377,7 @@ my @disablables = (
     "msan",
     "multiblock",
     "nextprotoneg",
+    "pinshared",
     "ocb",
     "ocsp",
     "pic",
@@ -1110,13 +1114,13 @@ foreach my $feature (@{$target{disable}}) {
     $disabled{$feature} = 'config';
 }
 foreach my $feature (@{$target{enable}}) {
-    if ("default" eq ($disabled{$_} // "")) {
+    if ("default" eq ($disabled{$feature} // "")) {
         if (exists $deprecated_disablables{$feature}) {
             warn "***** config $target enables deprecated feature $feature\n";
         } elsif (!grep { $feature eq $_ } @disablables) {
             die "***** config $target enables unknown feature $feature\n";
         }
-        delete $disabled{$_};
+        delete $disabled{$feature};
     }
 }
 
@@ -1370,6 +1374,7 @@ unless ($disabled{asm}) {
     push @{$config{lib_defines}}, "OPENSSL_BN_ASM_MONT" if ($target{bn_asm_src} =~ /-mont/);
     push @{$config{lib_defines}}, "OPENSSL_BN_ASM_MONT5" if ($target{bn_asm_src} =~ /-mont5/);
     push @{$config{lib_defines}}, "OPENSSL_BN_ASM_GF2m" if ($target{bn_asm_src} =~ /-gf2m/);
+    push @{$config{lib_defines}}, "BN_DIV3W" if ($target{bn_asm_src} =~ /-div3w/);
 
     if ($target{sha1_asm_src}) {
 	push @{$config{lib_defines}}, "SHA1_ASM"   if ($target{sha1_asm_src} =~ /sx86/ || $target{sha1_asm_src} =~ /sha1/);
diff --git a/deps/openssl/openssl/INSTALL b/deps/openssl/openssl/INSTALL
index 4ce6651b6b..7fe55d428f 100644
--- a/deps/openssl/openssl/INSTALL
+++ b/deps/openssl/openssl/INSTALL
@@ -326,6 +326,11 @@
                    Don't build support for datagram based BIOs. Selecting this
                    option will also force the disabling of DTLS.
 
+  enable-devcryptoeng
+                   Build the /dev/crypto engine.  It is automatically selected
+                   on BSD implementations, in which case it can be disabled with
+                   no-devcryptoeng.
+
   no-dso
                    Don't build support for loading Dynamic Shared Objects.
 
@@ -402,6 +407,24 @@
   no-pic
                    Don't build with support for Position Independent Code.
 
+  no-pinshared     By default OpenSSL will attempt to stay in memory until the
+                   process exits. This is so that libcrypto and libssl can be
+                   properly cleaned up automatically via an "atexit()" handler.
+                   The handler is registered by libcrypto and cleans up both
+                   libraries. On some platforms the atexit() handler will run on
+                   unload of libcrypto (if it has been dynamically loaded)
+                   rather than at process exit. This option can be used to stop
+                   OpenSSL from attempting to stay in memory until the process
+                   exits. This could lead to crashes if either libcrypto or
+                   libssl have already been unloaded at the point
+                   that the atexit handler is invoked, e.g. on a platform which
+                   calls atexit() on unload of the library, and libssl is
+                   unloaded before libcrypto then a crash is likely to happen.
+                   Applications can suppress running of the atexit() handler at
+                   run time by using the OPENSSL_INIT_NO_ATEXIT option to
+                   OPENSSL_init_crypto(). See the man page for it for further
+                   details.
+
   no-posix-io
                    Don't use POSIX IO capabilities.
 
@@ -941,10 +964,10 @@
 
   *  COMPILING existing applications
 
-     OpenSSL 1.1.0 hides a number of structures that were previously
-     open.  This includes all internal libssl structures and a number
-     of EVP types.  Accessor functions have been added to allow
-     controlled access to the structures' data.
+     Starting with version 1.1.0, OpenSSL hides a number of structures
+     that were previously open.  This includes all internal libssl
+     structures and a number of EVP types.  Accessor functions have
+     been added to allow controlled access to the structures' data.
 
      This means that some software needs to be rewritten to adapt to
      the new ways of doing things.  This often amounts to allocating
@@ -1047,7 +1070,7 @@
 
  depend
                 Rebuild the dependencies in the Makefiles. This is a legacy
-                option that no longer needs to be used in OpenSSL 1.1.0.
+                option that no longer needs to be used since OpenSSL 1.1.0.
 
  install
                 Install all OpenSSL components.
diff --git a/deps/openssl/openssl/LICENSE b/deps/openssl/openssl/LICENSE
index e953f590cb..9601ab4357 100644
--- a/deps/openssl/openssl/LICENSE
+++ b/deps/openssl/openssl/LICENSE
@@ -10,14 +10,14 @@
   ---------------
 
 /* ====================================================================
- * Copyright (c) 1998-2018 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2019 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -72,21 +72,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -101,10 +101,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -116,7 +116,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
diff --git a/deps/openssl/openssl/NEWS b/deps/openssl/openssl/NEWS
index b95e93027f..aa104ddc05 100644
--- a/deps/openssl/openssl/NEWS
+++ b/deps/openssl/openssl/NEWS
@@ -5,6 +5,13 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 1.1.1a and OpenSSL 1.1.1b [26 Feb 2019]
+
+      o Change the info callback signals for the start and end of a post-handshake
+        message exchange in TLSv1.3.
+      o Fix a bug in DTLS over SCTP. This breaks interoperability with older versions
+        of OpenSSL like OpenSSL 1.1.0 and OpenSSL 1.0.2.
+
   Major changes between OpenSSL 1.1.1 and OpenSSL 1.1.1a [20 Nov 2018]
 
       o Timing vulnerability in DSA signature generation (CVE-2018-0734)
diff --git a/deps/openssl/openssl/NOTES.ANDROID b/deps/openssl/openssl/NOTES.ANDROID
index bbbd8e4db9..86459778fa 100644
--- a/deps/openssl/openssl/NOTES.ANDROID
+++ b/deps/openssl/openssl/NOTES.ANDROID
@@ -23,22 +23,22 @@
  platform. Though you still need to know the prefix to extend your PATH,
  in order to invoke $(CROSS_COMPILE)gcc and company. (Configure will fail
  and give you a hint if you get it wrong.) Apart from PATH adjustment
- you need to set ANDROID_NDK environment to point at NDK directory
+ you need to set ANDROID_NDK_HOME environment to point at NDK directory
  as /some/where/android-ndk-<ver>. Both variables are significant at both
  configuration and compilation times. NDK customarily supports multiple
- Android API levels, e.g. android-14, android-21, etc. By default latest 
+ Android API levels, e.g. android-14, android-21, etc. By default latest
  one available is chosen. If you need to target older platform, pass
  additional -D__ANDROID_API__=N to Configure. N is numeric value of the
  target platform version. For example, to compile for ICS on ARM with
  NDK 10d:
 
-    export ANDROID_NDK=/some/where/android-ndk-10d
-    PATH=$ANDROID_NDK/toolchains/arm-linux-androideabi-4.8/prebuilt/linux-x86_64/bin:$PATH
+    export ANDROID_NDK_HOME=/some/where/android-ndk-10d
+    PATH=$ANDROID_NDK_HOME/toolchains/arm-linux-androideabi-4.8/prebuilt/linux-x86_64/bin:$PATH
     ./Configure android-arm -D__ANDROID_API__=14
     make
 
  Caveat lector! Earlier OpenSSL versions relied on additional CROSS_SYSROOT
- variable set to $ANDROID_NDK/platforms/android-<api>/arch-<arch> to
+ variable set to $ANDROID_NDK_HOME/platforms/android-<api>/arch-<arch> to
  appoint headers-n-libraries' location. It's still recognized in order
  to facilitate migration from older projects. However, since API level
  appears in CROSS_SYSROOT value, passing -D__ANDROID_API__=N can be in
@@ -53,9 +53,9 @@
 
  Another option is to create so called "standalone toolchain" tailored
  for single specific platform including Android API level, and assign its
- location to ANDROID_NDK. In such case you have to pass matching target
- name to Configure and shouldn't use -D__ANDROID_API__=N. PATH adjusment
- becomes simpler, $ANDROID_NDK/bin:$PATH suffices.
+ location to ANDROID_NDK_HOME. In such case you have to pass matching
+ target name to Configure and shouldn't use -D__ANDROID_API__=N. PATH
+ adjustment becomes simpler, $ANDROID_NDK_HOME/bin:$PATH suffices.
 
  Running tests (on Linux)
  ------------------------
diff --git a/deps/openssl/openssl/NOTES.DJGPP b/deps/openssl/openssl/NOTES.DJGPP
index bbe63dc154..d43d4e86de 100644
--- a/deps/openssl/openssl/NOTES.DJGPP
+++ b/deps/openssl/openssl/NOTES.DJGPP
@@ -1,5 +1,5 @@
 
- 
+
  INSTALLATION ON THE DOS PLATFORM WITH DJGPP
  -------------------------------------------
 
@@ -29,7 +29,7 @@
  running "./Configure" with appropriate arguments:
 
 	./Configure no-threads --prefix=/dev/env/DJDIR DJGPP
- 
+
  And finally fire up "make". You may run out of DPMI selectors when
  running in a DOS box under Windows. If so, just close the BASH
  shell, go back to Windows, and restart BASH. Then run "make" again.
diff --git a/deps/openssl/openssl/NOTES.VMS b/deps/openssl/openssl/NOTES.VMS
index 98def0689a..d6a336ff7c 100644
--- a/deps/openssl/openssl/NOTES.VMS
+++ b/deps/openssl/openssl/NOTES.VMS
@@ -42,7 +42,7 @@
  for now is to rename the OpenSSL source directory, as follows (please
  adjust for the actual source directory name you have):
 
-    $ rename openssl-1^.1^.0.DIR openssl-1_1_0.DIR 
+    $ rename openssl-1^.1^.0.DIR openssl-1_1_0.DIR
 
 
  About MMS and DCL
diff --git a/deps/openssl/openssl/README b/deps/openssl/openssl/README
index affb172e8b..d002322957 100644
--- a/deps/openssl/openssl/README
+++ b/deps/openssl/openssl/README
@@ -1,5 +1,5 @@
 
- OpenSSL 1.1.1a 20 Nov 2018
+ OpenSSL 1.1.1b 26 Feb 2019
 
  Copyright (c) 1998-2018 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
diff --git a/deps/openssl/openssl/apps/apps.c b/deps/openssl/openssl/apps/apps.c
index 653e3973e0..36cb0b2783 100644
--- a/deps/openssl/openssl/apps/apps.c
+++ b/deps/openssl/openssl/apps/apps.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -1561,7 +1561,7 @@ CA_DB *load_index(const char *dbfile, DB_ATTR *db_attr)
 #else
     BIO_snprintf(buf, sizeof(buf), "%s-attr", dbfile);
 #endif
-    dbattr_conf = app_load_config(buf);
+    dbattr_conf = app_load_config_quiet(buf);
 
     retdb = app_malloc(sizeof(*retdb), "new DB");
     retdb->db = tmpdb;
@@ -2196,7 +2196,7 @@ double app_tminterval(int stop, int usertime)
 
     return ret;
 }
-#elif defined(OPENSSL_SYSTEM_VXWORKS)
+#elif defined(OPENSSL_SYS_VXWORKS)
 # include <time.h>
 
 double app_tminterval(int stop, int usertime)
diff --git a/deps/openssl/openssl/apps/ct_log_list.cnf b/deps/openssl/openssl/apps/ct_log_list.cnf
index 650aa22da5..e643cfdbdf 100644
--- a/deps/openssl/openssl/apps/ct_log_list.cnf
+++ b/deps/openssl/openssl/apps/ct_log_list.cnf
@@ -2,8 +2,8 @@
 # that are to be trusted.
 
 # Google's list of logs can be found here:
-#       www.certificate-transparency.org/known-logs 
+#       www.certificate-transparency.org/known-logs
 # A Python program to convert the log list to OpenSSL's format can be
 # found here:
-#       https://github.com/google/certificate-transparency/blob/master/python/utilities/log_list/print_log_list.py 
+#       https://github.com/google/certificate-transparency/blob/master/python/utilities/log_list/print_log_list.py
 # Use the "--openssl_output" flag.
diff --git a/deps/openssl/openssl/apps/demoSRP/srp_verifier.txt b/deps/openssl/openssl/apps/demoSRP/srp_verifier.txt
index ccae629247..c2d5c60336 100644
--- a/deps/openssl/openssl/apps/demoSRP/srp_verifier.txt
+++ b/deps/openssl/openssl/apps/demoSRP/srp_verifier.txt
@@ -3,4 +3,4 @@
 # records starting with a I followed by the g and N values and the id.
 # The exact values ... you have to dig this out from the source of srp.c
 # or srp_vfy.c
-# The last value of an I is used as the default group for new users.  
+# The last value of an I is used as the default group for new users.
diff --git a/deps/openssl/openssl/apps/dh1024.pem b/deps/openssl/openssl/apps/dh1024.pem
index f1a5e180aa..813e8a4a48 100644
--- a/deps/openssl/openssl/apps/dh1024.pem
+++ b/deps/openssl/openssl/apps/dh1024.pem
@@ -4,7 +4,7 @@ Sgh5jjQE3e+VGbPNOkMbMCsKbfJfFDdP4TVtbVHCReSFtXZiXn7G9ExC6aY37WsL
 /1y29Aa37e44a/taiZ+lrp8kEXxLH+ZJKGZR7OZTgf//////////AgEC
 -----END DH PARAMETERS-----
 
-These are the 1024-bit DH parameters from "Internet Key Exchange 
+These are the 1024-bit DH parameters from "Internet Key Exchange
 Protocol Version 2 (IKEv2)": https://tools.ietf.org/html/rfc5996
 
 See https://tools.ietf.org/html/rfc2412 for how they were generated.
diff --git a/deps/openssl/openssl/apps/dh2048.pem b/deps/openssl/openssl/apps/dh2048.pem
index e899f2e029..288a20997e 100644
--- a/deps/openssl/openssl/apps/dh2048.pem
+++ b/deps/openssl/openssl/apps/dh2048.pem
@@ -7,8 +7,8 @@ fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq
 5RXSJhiY+gUQFXKOWoqsqmj//////////wIBAg==
 -----END DH PARAMETERS-----
 
-These are the 2048-bit DH parameters from "More Modular Exponential 
-(MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)": 
+These are the 2048-bit DH parameters from "More Modular Exponential
+(MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)":
 https://tools.ietf.org/html/rfc3526
 
 See https://tools.ietf.org/html/rfc2412 for how they were generated.
diff --git a/deps/openssl/openssl/apps/dh4096.pem b/deps/openssl/openssl/apps/dh4096.pem
index adada2b558..08560e1284 100644
--- a/deps/openssl/openssl/apps/dh4096.pem
+++ b/deps/openssl/openssl/apps/dh4096.pem
@@ -12,8 +12,8 @@ ARpyPBKnh+bXiHGaEL26WyaZwycYavTiPBqUaDS2FQvaJYPpyirUTOjbu8LbBN6O
 HNAGkSfVsFqpk7TqmI2P3cGG/7fckKbAj030Nck0BjGZ//////////8CAQI=
 -----END DH PARAMETERS-----
 
-These are the 4096-bit DH parameters from "More Modular Exponential 
-(MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)": 
+These are the 4096-bit DH parameters from "More Modular Exponential
+(MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)":
 https://tools.ietf.org/html/rfc3526
 
 See https://tools.ietf.org/html/rfc2412 for how they were generated.
diff --git a/deps/openssl/openssl/apps/ocsp.c b/deps/openssl/openssl/apps/ocsp.c
index 7fd78624bb..e8aeb11cc5 100644
--- a/deps/openssl/openssl/apps/ocsp.c
+++ b/deps/openssl/openssl/apps/ocsp.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -36,7 +36,21 @@ NON_EMPTY_TRANSLATION_UNIT
 # include <openssl/x509v3.h>
 # include <openssl/rand.h>
 
-# if defined(OPENSSL_SYS_UNIX) && !defined(OPENSSL_NO_SOCK) \
+#ifndef HAVE_FORK
+# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS)
+#  define HAVE_FORK 0
+# else
+#  define HAVE_FORK 1
+# endif
+#endif
+
+#if HAVE_FORK
+# undef NO_FORK
+#else
+# define NO_FORK
+#endif
+
+# if !defined(NO_FORK) && !defined(OPENSSL_NO_SOCK) \
      && !defined(OPENSSL_NO_POSIX_IO)
 #  define OCSP_DAEMON
 #  include <sys/types.h>
@@ -53,6 +67,20 @@ NON_EMPTY_TRANSLATION_UNIT
 #  define LOG_ERR       2
 # endif
 
+# if defined(OPENSSL_SYS_VXWORKS)
+/* not supported */
+int setpgid(pid_t pid, pid_t pgid)
+{
+    errno = ENOSYS;
+    return 0;
+}
+/* not supported */
+pid_t fork(void)
+{
+    errno = ENOSYS;
+    return (pid_t) -1;
+}
+# endif
 /* Maximum leeway in validity period: default 5 minutes */
 # define MAX_VALIDITY_PERIOD    (5 * 60)
 
@@ -863,6 +891,7 @@ static void killall(int ret, pid_t *kidpids)
     for (i = 0; i < multi; ++i)
         if (kidpids[i] != 0)
             (void)kill(kidpids[i], SIGTERM);
+    OPENSSL_free(kidpids);
     sleep(1);
     exit(ret);
 }
@@ -977,7 +1006,6 @@ static void spawn_loop(void)
     }
 
     /* The loop above can only break on termsig */
-    OPENSSL_free(kidpids);
     syslog(LOG_INFO, "terminating on signal: %d", termsig);
     killall(0, kidpids);
 }
diff --git a/deps/openssl/openssl/apps/openssl-vms.cnf b/deps/openssl/openssl/apps/openssl-vms.cnf
index 178a0b0f2d..e64cc9f3a6 100644
--- a/deps/openssl/openssl/apps/openssl-vms.cnf
+++ b/deps/openssl/openssl/apps/openssl-vms.cnf
@@ -18,7 +18,7 @@ oid_section		= new_oids
 # To use this configuration file with the "-extfile" option of the
 # "openssl x509" utility, name here the section containing the
 # X.509v3 extensions to use:
-# extensions		= 
+# extensions		=
 # (Alternatively, use a configuration file that has only
 # X.509v3 extensions in its main [= default] section.)
 
@@ -115,7 +115,7 @@ x509_extensions	= v3_ca	# The extensions to add to the self signed cert
 # input_password = secret
 # output_password = secret
 
-# This sets a mask for permitted string types. There are several options. 
+# This sets a mask for permitted string types. There are several options.
 # default: PrintableString, T61String, BMPString.
 # pkix	 : PrintableString, BMPString (PKIX recommendation before 2004)
 # utf8only: only UTF8Strings (PKIX recommendation after 2004).
diff --git a/deps/openssl/openssl/apps/openssl.cnf b/deps/openssl/openssl/apps/openssl.cnf
index 6df2878d50..4acca4b044 100644
--- a/deps/openssl/openssl/apps/openssl.cnf
+++ b/deps/openssl/openssl/apps/openssl.cnf
@@ -18,7 +18,7 @@ oid_section		= new_oids
 # To use this configuration file with the "-extfile" option of the
 # "openssl x509" utility, name here the section containing the
 # X.509v3 extensions to use:
-# extensions		= 
+# extensions		=
 # (Alternatively, use a configuration file that has only
 # X.509v3 extensions in its main [= default] section.)
 
@@ -115,7 +115,7 @@ x509_extensions	= v3_ca	# The extensions to add to the self signed cert
 # input_password = secret
 # output_password = secret
 
-# This sets a mask for permitted string types. There are several options. 
+# This sets a mask for permitted string types. There are several options.
 # default: PrintableString, T61String, BMPString.
 # pkix	 : PrintableString, BMPString (PKIX recommendation before 2004)
 # utf8only: only UTF8Strings (PKIX recommendation after 2004).
diff --git a/deps/openssl/openssl/apps/pkcs12.c b/deps/openssl/openssl/apps/pkcs12.c
index c8fc452ec6..719a309a86 100644
--- a/deps/openssl/openssl/apps/pkcs12.c
+++ b/deps/openssl/openssl/apps/pkcs12.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -311,6 +311,13 @@ int pkcs12_main(int argc, char **argv)
     if (cpass != NULL) {
         mpass = cpass;
         noprompt = 1;
+        if (twopass) {
+            if (export_cert)
+                BIO_printf(bio_err, "Option -twopass cannot be used with -passout or -password\n");
+            else
+                BIO_printf(bio_err, "Option -twopass cannot be used with -passin or -password\n");
+            goto end;
+        }
     } else {
         cpass = pass;
         mpass = macpass;
diff --git a/deps/openssl/openssl/apps/rehash.c b/deps/openssl/openssl/apps/rehash.c
index bb41d3129f..2b769fbceb 100644
--- a/deps/openssl/openssl/apps/rehash.c
+++ b/deps/openssl/openssl/apps/rehash.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2013-2014 Timo Teräs <timo.teras@gmail.com>
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
@@ -51,6 +51,26 @@
 # endif
 # define MAX_COLLISIONS  256
 
+# if defined(OPENSSL_SYS_VXWORKS)
+/*
+ * VxWorks has no symbolic links
+ */
+
+#  define lstat(path, buf) stat(path, buf)
+
+int symlink(const char *target, const char *linkpath)
+{
+    errno = ENOSYS;
+    return -1;
+}
+
+ssize_t readlink(const char *pathname, char *buf, size_t bufsiz)
+{
+    errno = ENOSYS;
+    return -1;
+}
+# endif
+
 typedef struct hentry_st {
     struct hentry_st *next;
     char *filename;
diff --git a/deps/openssl/openssl/apps/s_cb.c b/deps/openssl/openssl/apps/s_cb.c
index 2d4568f40c..d0e332a708 100644
--- a/deps/openssl/openssl/apps/s_cb.c
+++ b/deps/openssl/openssl/apps/s_cb.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -24,7 +24,7 @@
 
 #define COOKIE_SECRET_LENGTH    16
 
-VERIFY_CB_ARGS verify_args = { 0, 0, X509_V_OK, 0 };
+VERIFY_CB_ARGS verify_args = { -1, 0, X509_V_OK, 0 };
 
 #ifndef OPENSSL_NO_SOCK
 static unsigned char cookie_secret[COOKIE_SECRET_LENGTH];
@@ -63,7 +63,7 @@ int verify_callback(int ok, X509_STORE_CTX *ctx)
     if (!ok) {
         BIO_printf(bio_err, "verify error:num=%d:%s\n", err,
                    X509_verify_cert_error_string(err));
-        if (verify_args.depth >= depth) {
+        if (verify_args.depth < 0 || verify_args.depth >= depth) {
             if (!verify_args.return_error)
                 ok = 1;
             verify_args.error = err;
diff --git a/deps/openssl/openssl/apps/s_client.c b/deps/openssl/openssl/apps/s_client.c
index dcaa10cf44..66c32c176e 100644
--- a/deps/openssl/openssl/apps/s_client.c
+++ b/deps/openssl/openssl/apps/s_client.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright 2005 Nokia. All rights reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
@@ -74,6 +74,7 @@ static void print_stuff(BIO *berr, SSL *con, int full);
 static int ocsp_resp_cb(SSL *s, void *arg);
 #endif
 static int ldap_ExtendedResponse_parse(const char *buf, long rem);
+static int is_dNS_name(const char *host);
 
 static int saved_errno;
 
@@ -596,6 +597,7 @@ typedef enum OPTION_choice {
 #endif
     OPT_DANE_TLSA_RRDATA, OPT_DANE_EE_NO_NAME,
     OPT_ENABLE_PHA,
+    OPT_SCTP_LABEL_BUG,
     OPT_R_ENUM
 } OPTION_CHOICE;
 
@@ -750,6 +752,7 @@ const OPTIONS s_client_options[] = {
 #endif
 #ifndef OPENSSL_NO_SCTP
     {"sctp", OPT_SCTP, '-', "Use SCTP"},
+    {"sctp_label_bug", OPT_SCTP_LABEL_BUG, '-', "Enable SCTP label length bug"},
 #endif
 #ifndef OPENSSL_NO_SSL_TRACE
     {"trace", OPT_TRACE, '-', "Show trace output of protocol messages"},
@@ -976,6 +979,9 @@ int s_client_main(int argc, char **argv)
 #endif
     char *psksessf = NULL;
     int enable_pha = 0;
+#ifndef OPENSSL_NO_SCTP
+    int sctp_label_bug = 0;
+#endif
 
     FD_ZERO(&readfds);
     FD_ZERO(&writefds);
@@ -1121,6 +1127,7 @@ int s_client_main(int argc, char **argv)
                 goto opthelp;
             break;
         case OPT_VERIFY_RET_ERROR:
+            verify = SSL_VERIFY_PEER;
             verify_args.return_error = 1;
             break;
         case OPT_VERIFY_QUIET:
@@ -1323,6 +1330,11 @@ int s_client_main(int argc, char **argv)
             protocol = IPPROTO_SCTP;
 #endif
             break;
+        case OPT_SCTP_LABEL_BUG:
+#ifndef OPENSSL_NO_SCTP
+            sctp_label_bug = 1;
+#endif
+            break;
         case OPT_TIMEOUT:
 #ifndef OPENSSL_NO_DTLS
             enable_timeouts = 1;
@@ -1707,6 +1719,11 @@ int s_client_main(int argc, char **argv)
         }
     }
 
+#ifndef OPENSSL_NO_SCTP
+    if (protocol == IPPROTO_SCTP && sctp_label_bug == 1)
+        SSL_CTX_set_mode(ctx, SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG);
+#endif
+
     if (min_version != 0
         && SSL_CTX_set_min_proto_version(ctx, min_version) == 0)
         goto end;
@@ -1975,9 +1992,11 @@ int s_client_main(int argc, char **argv)
         SSL_set_mode(con, SSL_MODE_SEND_FALLBACK_SCSV);
 
     if (!noservername && (servername != NULL || dane_tlsa_domain == NULL)) {
-        if (servername == NULL)
-            servername = (host == NULL) ? "localhost" : host;
-        if (!SSL_set_tlsext_host_name(con, servername)) {
+        if (servername == NULL) {
+            if(host == NULL || is_dNS_name(host))
+                servername = (host == NULL) ? "localhost" : host;
+        }
+        if (servername != NULL && !SSL_set_tlsext_host_name(con, servername)) {
             BIO_printf(bio_err, "Unable to set TLS servername extension.\n");
             ERR_print_errors(bio_err);
             goto end;
@@ -3031,9 +3050,7 @@ int s_client_main(int argc, char **argv)
                 BIO_printf(bio_err, "RENEGOTIATING\n");
                 SSL_renegotiate(con);
                 cbuf_len = 0;
-            }
-
-            if (!c_ign_eof && (cbuf[0] == 'K' || cbuf[0] == 'k' )
+	    } else if (!c_ign_eof && (cbuf[0] == 'K' || cbuf[0] == 'k' )
                     && cmdletters) {
                 BIO_printf(bio_err, "KEYUPDATE\n");
                 SSL_key_update(con,
@@ -3459,4 +3476,69 @@ static int ldap_ExtendedResponse_parse(const char *buf, long rem)
     return ret;
 }
 
+/*
+ * Host dNS Name verifier: used for checking that the hostname is in dNS format
+ * before setting it as SNI
+ */
+static int is_dNS_name(const char *host)
+{
+    const size_t MAX_LABEL_LENGTH = 63;
+    size_t i;
+    int isdnsname = 0;
+    size_t length = strlen(host);
+    size_t label_length = 0;
+    int all_numeric = 1;
+
+    /*
+     * Deviation from strict DNS name syntax, also check names with '_'
+     * Check DNS name syntax, any '-' or '.' must be internal,
+     * and on either side of each '.' we can't have a '-' or '.'.
+     *
+     * If the name has just one label, we don't consider it a DNS name.
+     */
+    for (i = 0; i < length && label_length < MAX_LABEL_LENGTH; ++i) {
+        char c = host[i];
+
+        if ((c >= 'a' && c <= 'z')
+            || (c >= 'A' && c <= 'Z')
+            || c == '_') {
+            label_length += 1;
+            all_numeric = 0;
+            continue;
+        }
+
+        if (c >= '0' && c <= '9') {
+            label_length += 1;
+            continue;
+        }
+
+        /* Dot and hyphen cannot be first or last. */
+        if (i > 0 && i < length - 1) {
+            if (c == '-') {
+                label_length += 1;
+                continue;
+            }
+            /*
+             * Next to a dot the preceding and following characters must not be
+             * another dot or a hyphen.  Otherwise, record that the name is
+             * plausible, since it has two or more labels.
+             */
+            if (c == '.'
+                && host[i + 1] != '.'
+                && host[i - 1] != '-'
+                && host[i + 1] != '-') {
+                label_length = 0;
+                isdnsname = 1;
+                continue;
+            }
+        }
+        isdnsname = 0;
+        break;
+    }
+
+    /* dNS name must not be all numeric and labels must be shorter than 64 characters. */
+    isdnsname &= !all_numeric && !(label_length == MAX_LABEL_LENGTH);
+
+    return isdnsname;
+}
 #endif                          /* OPENSSL_NO_SOCK */
diff --git a/deps/openssl/openssl/apps/s_server.c b/deps/openssl/openssl/apps/s_server.c
index ac7dca607b..929a08bd85 100644
--- a/deps/openssl/openssl/apps/s_server.c
+++ b/deps/openssl/openssl/apps/s_server.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -751,7 +751,7 @@ typedef enum OPTION_choice {
     OPT_CERT2, OPT_KEY2, OPT_NEXTPROTONEG, OPT_ALPN,
     OPT_SRTP_PROFILES, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN,
     OPT_KEYLOG_FILE, OPT_MAX_EARLY, OPT_RECV_MAX_EARLY, OPT_EARLY_DATA,
-    OPT_S_NUM_TICKETS, OPT_ANTI_REPLAY, OPT_NO_ANTI_REPLAY,
+    OPT_S_NUM_TICKETS, OPT_ANTI_REPLAY, OPT_NO_ANTI_REPLAY, OPT_SCTP_LABEL_BUG,
     OPT_R_ENUM,
     OPT_S_ENUM,
     OPT_V_ENUM,
@@ -938,6 +938,7 @@ const OPTIONS s_server_options[] = {
 #endif
 #ifndef OPENSSL_NO_SCTP
     {"sctp", OPT_SCTP, '-', "Use SCTP"},
+    {"sctp_label_bug", OPT_SCTP_LABEL_BUG, '-', "Enable SCTP label length bug"},
 #endif
 #ifndef OPENSSL_NO_DH
     {"no_dhe", OPT_NO_DHE, '-', "Disable ephemeral DH"},
@@ -1047,6 +1048,9 @@ int s_server_main(int argc, char *argv[])
     const char *keylog_file = NULL;
     int max_early_data = -1, recv_max_early_data = -1;
     char *psksessf = NULL;
+#ifndef OPENSSL_NO_SCTP
+    int sctp_label_bug = 0;
+#endif
 
     /* Init of few remaining global variables */
     local_argc = argc;
@@ -1407,7 +1411,7 @@ int s_server_main(int argc, char *argv[])
             for (p = psk_key = opt_arg(); *p; p++) {
                 if (isxdigit(_UC(*p)))
                     continue;
-                BIO_printf(bio_err, "Not a hex number '%s'\n", *argv);
+                BIO_printf(bio_err, "Not a hex number '%s'\n", psk_key);
                 goto end;
             }
             break;
@@ -1490,6 +1494,11 @@ int s_server_main(int argc, char *argv[])
             protocol = IPPROTO_SCTP;
 #endif
             break;
+        case OPT_SCTP_LABEL_BUG:
+#ifndef OPENSSL_NO_SCTP
+            sctp_label_bug = 1;
+#endif
+            break;
         case OPT_TIMEOUT:
 #ifndef OPENSSL_NO_DTLS
             enable_timeouts = 1;
@@ -1792,6 +1801,12 @@ int s_server_main(int argc, char *argv[])
             goto end;
         }
     }
+
+#ifndef OPENSSL_NO_SCTP
+    if (protocol == IPPROTO_SCTP && sctp_label_bug == 1)
+        SSL_CTX_set_mode(ctx, SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG);
+#endif
+
     if (min_version != 0
         && SSL_CTX_set_min_proto_version(ctx, min_version) == 0)
         goto end;
@@ -2754,6 +2769,8 @@ static int init_ssl_connection(SSL *con)
                     BIO_ADDR_free(client);
                     return 0;
                 }
+
+                (void)BIO_ctrl_set_connected(wbio, client);
                 BIO_ADDR_free(client);
                 dtlslisten = 0;
             } else {
diff --git a/deps/openssl/openssl/apps/speed.c b/deps/openssl/openssl/apps/speed.c
index 40e990408a..506737d05f 100644
--- a/deps/openssl/openssl/apps/speed.c
+++ b/deps/openssl/openssl/apps/speed.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
@@ -100,7 +100,7 @@
 #include <openssl/modes.h>
 
 #ifndef HAVE_FORK
-# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS)
+# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_VXWORKS)
 #  define HAVE_FORK 0
 # else
 #  define HAVE_FORK 1
@@ -1499,11 +1499,11 @@ int speed_main(int argc, char **argv)
         {"nistp192", NID_X9_62_prime192v1, 192},
         {"nistp224", NID_secp224r1, 224},
         {"nistp256", NID_X9_62_prime256v1, 256},
-        {"nistp384", NID_secp384r1, 384}, 
+        {"nistp384", NID_secp384r1, 384},
         {"nistp521", NID_secp521r1, 521},
         /* Binary Curves */
         {"nistk163", NID_sect163k1, 163},
-        {"nistk233", NID_sect233k1, 233}, 
+        {"nistk233", NID_sect233k1, 233},
         {"nistk283", NID_sect283k1, 283},
         {"nistk409", NID_sect409k1, 409},
         {"nistk571", NID_sect571k1, 571},
diff --git a/deps/openssl/openssl/apps/verify.c b/deps/openssl/openssl/apps/verify.c
index 38377a57e4..1f93856060 100644
--- a/deps/openssl/openssl/apps/verify.c
+++ b/deps/openssl/openssl/apps/verify.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -286,16 +286,19 @@ static int cb(int ok, X509_STORE_CTX *ctx)
                cert_error,
                X509_STORE_CTX_get_error_depth(ctx),
                X509_verify_cert_error_string(cert_error));
+
+        /*
+         * Pretend that some errors are ok, so they don't stop further
+         * processing of the certificate chain.  Setting ok = 1 does this.
+         * After X509_verify_cert() is done, we verify that there were
+         * no actual errors, even if the returned value was positive.
+         */
         switch (cert_error) {
         case X509_V_ERR_NO_EXPLICIT_POLICY:
             policies_print(ctx);
             /* fall thru */
         case X509_V_ERR_CERT_HAS_EXPIRED:
-
-            /*
-             * since we are just checking the certificates, it is ok if they
-             * are self signed. But we should still warn the user.
-             */
+            /* Continue even if the leaf is a self signed cert */
         case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
             /* Continue after extension errors too */
         case X509_V_ERR_INVALID_CA:
diff --git a/deps/openssl/openssl/config b/deps/openssl/openssl/config
index b8adf34999..d0e31b6512 100755
--- a/deps/openssl/openssl/config
+++ b/deps/openssl/openssl/config
@@ -1,5 +1,5 @@
 #!/bin/sh
-# Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 1998-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -19,7 +19,7 @@ THERE=`dirname $0`
 # pick up any command line args to config
 for i
 do
-case "$i" in 
+case "$i" in
 -d*) options=$options" --debug";;
 -t*) DRYRUN="true" VERBOSE="true";;
 -v*) VERBOSE="true";;
@@ -59,7 +59,7 @@ __CNF_LDLIBS=
 
 # Now test for ISC and SCO, since it is has a braindamaged uname.
 #
-# We need to work around FreeBSD 1.1.5.1 
+# We need to work around FreeBSD 1.1.5.1
 (
 XREL=`uname -X 2>/dev/null | grep "^Release" | awk '{print $3}'`
 if [ "x$XREL" != "x" ]; then
@@ -363,7 +363,7 @@ esac
 # At this point we gone through all the one's
 # we know of: Punt
 
-echo "${MACHINE}-whatever-${SYSTEM}" 
+echo "${MACHINE}-whatever-${SYSTEM}"
 exit 0
 ) 2>/dev/null | (
 
@@ -433,7 +433,7 @@ fi
 
 CCVER=${CCVER:-0}
 
-# read the output of the embedded GuessOS 
+# read the output of the embedded GuessOS
 read GUESSOS
 
 echo Operating system: $GUESSOS
@@ -732,7 +732,7 @@ case "$GUESSOS" in
   *-*-[Uu]nix[Ww]are7)
 	if [ "$CC" = "gcc" ]; then
 	  OUT="unixware-7-gcc" ; options="$options no-sse2"
-	else    
+	else
 	  OUT="unixware-7" ; options="$options no-sse2"
 	  __CNF_CPPFLAGS="$__CNF_CPPFLAGS -D__i386__"
 	fi
@@ -793,7 +793,7 @@ case "$GUESSOS" in
             OUT="aix64-gcc"
           fi
 	elif [ $OBJECT_MODE -eq 64 ]; then
-	    echo 'Your $OBJECT_MODE was found to be set to 64' 
+	    echo 'Your $OBJECT_MODE was found to be set to 64'
 	    OUT="aix64-cc"
 	else
 	    OUT="aix-cc"
@@ -897,7 +897,7 @@ if [ ".$PERL" = . ] ; then
 	exit 1
 fi
 
-# run Configure to check to see if we need to specify the 
+# run Configure to check to see if we need to specify the
 # compiler for the platform ... in which case we add it on
 # the end ... otherwise we leave it off
 
@@ -920,7 +920,7 @@ if [ $? = "0" ]; then
 	 __CNF_LDFLAGS="'$__CNF_LDFLAGS'" \
 	 __CNF_LDLIBS="'$__CNF_LDLIBS'" \
 	 $PERL $THERE/Configure $OUT $options
-  fi  
+  fi
   if [ "$DRYRUN" = "false" ]; then
     # eval to make sure quoted options, possibly with spaces inside,
     # are treated right
diff --git a/deps/openssl/openssl/crypto/aes/asm/aes-x86_64.pl b/deps/openssl/openssl/crypto/aes/asm/aes-x86_64.pl
index 4d1dc9c701..d87e201147 100755
--- a/deps/openssl/openssl/crypto/aes/asm/aes-x86_64.pl
+++ b/deps/openssl/openssl/crypto/aes/asm/aes-x86_64.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2005-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -554,6 +554,7 @@ $code.=<<___;
 .type	_x86_64_AES_encrypt_compact,\@abi-omnipotent
 .align	16
 _x86_64_AES_encrypt_compact:
+.cfi_startproc
 	lea	128($sbox),$inp			# size optimization
 	mov	0-128($inp),$acc1		# prefetch Te4
 	mov	32-128($inp),$acc2
@@ -587,6 +588,7 @@ $code.=<<___;
 	xor	8($key),$s2
 	xor	12($key),$s3
 	.byte	0xf3,0xc3			# rep ret
+.cfi_endproc
 .size	_x86_64_AES_encrypt_compact,.-_x86_64_AES_encrypt_compact
 ___
 
@@ -1161,6 +1163,7 @@ $code.=<<___;
 .type	_x86_64_AES_decrypt_compact,\@abi-omnipotent
 .align	16
 _x86_64_AES_decrypt_compact:
+.cfi_startproc
 	lea	128($sbox),$inp			# size optimization
 	mov	0-128($inp),$acc1		# prefetch Td4
 	mov	32-128($inp),$acc2
@@ -1203,6 +1206,7 @@ $code.=<<___;
 	xor	8($key),$s2
 	xor	12($key),$s3
 	.byte	0xf3,0xc3			# rep ret
+.cfi_endproc
 .size	_x86_64_AES_decrypt_compact,.-_x86_64_AES_decrypt_compact
 ___
 
@@ -1365,6 +1369,7 @@ AES_set_encrypt_key:
 .type	_x86_64_AES_set_encrypt_key,\@abi-omnipotent
 .align	16
 _x86_64_AES_set_encrypt_key:
+.cfi_startproc
 	mov	%esi,%ecx			# %ecx=bits
 	mov	%rdi,%rsi			# %rsi=userKey
 	mov	%rdx,%rdi			# %rdi=key
@@ -1546,6 +1551,7 @@ $code.=<<___;
 	mov	\$-1,%rax
 .Lexit:
 	.byte	0xf3,0xc3			# rep ret
+.cfi_endproc
 .size	_x86_64_AES_set_encrypt_key,.-_x86_64_AES_set_encrypt_key
 ___
 
@@ -1728,7 +1734,9 @@ AES_cbc_encrypt:
 	cmp	\$0,%rdx	# check length
 	je	.Lcbc_epilogue
 	pushfq
-.cfi_push	49		# %rflags
+# This could be .cfi_push 49, but libunwind fails on registers it does not
+# recognize. See https://bugzilla.redhat.com/show_bug.cgi?id=217087.
+.cfi_adjust_cfa_offset	8
 	push	%rbx
 .cfi_push	%rbx
 	push	%rbp
@@ -1751,6 +1759,7 @@ AES_cbc_encrypt:
 	cmp	\$0,%r9
 	cmoveq	%r10,$sbox
 
+.cfi_remember_state
 	mov	OPENSSL_ia32cap_P(%rip),%r10d
 	cmp	\$$speed_limit,%rdx
 	jb	.Lcbc_slow_prologue
@@ -1986,6 +1995,7 @@ AES_cbc_encrypt:
 #--------------------------- SLOW ROUTINE ---------------------------#
 .align	16
 .Lcbc_slow_prologue:
+.cfi_restore_state
 	# allocate aligned stack frame...
 	lea	-88(%rsp),%rbp
 	and	\$-64,%rbp
@@ -1997,8 +2007,10 @@ AES_cbc_encrypt:
 	sub	%r10,%rbp
 
 	xchg	%rsp,%rbp
+.cfi_def_cfa_register	%rbp
 	#add	\$8,%rsp	# reserve for return address!
 	mov	%rbp,$_rsp	# save %rsp
+.cfi_cfa_expression	$_rsp,deref,+64
 .Lcbc_slow_body:
 	#mov	%rdi,$_inp	# save copy of inp
 	#mov	%rsi,$_out	# save copy of out
@@ -2187,7 +2199,9 @@ AES_cbc_encrypt:
 .cfi_def_cfa	%rsp,16
 .Lcbc_popfq:
 	popfq
-.cfi_pop	49		# %rflags
+# This could be .cfi_pop 49, but libunwind fails on registers it does not
+# recognize. See https://bugzilla.redhat.com/show_bug.cgi?id=217087.
+.cfi_adjust_cfa_offset	-8
 .Lcbc_epilogue:
 	ret
 .cfi_endproc
diff --git a/deps/openssl/openssl/crypto/aes/asm/aesni-x86_64.pl b/deps/openssl/openssl/crypto/aes/asm/aesni-x86_64.pl
index 2a202c53e5..b68c14da60 100644
--- a/deps/openssl/openssl/crypto/aes/asm/aesni-x86_64.pl
+++ b/deps/openssl/openssl/crypto/aes/asm/aesni-x86_64.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2009-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -274,6 +274,7 @@ $code.=<<___;
 .type	${PREFIX}_encrypt,\@abi-omnipotent
 .align	16
 ${PREFIX}_encrypt:
+.cfi_startproc
 	movups	($inp),$inout0		# load input
 	mov	240($key),$rounds	# key->rounds
 ___
@@ -284,12 +285,14 @@ $code.=<<___;
 	movups	$inout0,($out)		# output
 	 pxor	$inout0,$inout0
 	ret
+.cfi_endproc
 .size	${PREFIX}_encrypt,.-${PREFIX}_encrypt
 
 .globl	${PREFIX}_decrypt
 .type	${PREFIX}_decrypt,\@abi-omnipotent
 .align	16
 ${PREFIX}_decrypt:
+.cfi_startproc
 	movups	($inp),$inout0		# load input
 	mov	240($key),$rounds	# key->rounds
 ___
@@ -300,6 +303,7 @@ $code.=<<___;
 	movups	$inout0,($out)		# output
 	 pxor	$inout0,$inout0
 	ret
+.cfi_endproc
 .size	${PREFIX}_decrypt, .-${PREFIX}_decrypt
 ___
 }
@@ -325,6 +329,7 @@ $code.=<<___;
 .type	_aesni_${dir}rypt2,\@abi-omnipotent
 .align	16
 _aesni_${dir}rypt2:
+.cfi_startproc
 	$movkey	($key),$rndkey0
 	shl	\$4,$rounds
 	$movkey	16($key),$rndkey1
@@ -350,6 +355,7 @@ _aesni_${dir}rypt2:
 	aes${dir}last	$rndkey0,$inout0
 	aes${dir}last	$rndkey0,$inout1
 	ret
+.cfi_endproc
 .size	_aesni_${dir}rypt2,.-_aesni_${dir}rypt2
 ___
 }
@@ -361,6 +367,7 @@ $code.=<<___;
 .type	_aesni_${dir}rypt3,\@abi-omnipotent
 .align	16
 _aesni_${dir}rypt3:
+.cfi_startproc
 	$movkey	($key),$rndkey0
 	shl	\$4,$rounds
 	$movkey	16($key),$rndkey1
@@ -391,6 +398,7 @@ _aesni_${dir}rypt3:
 	aes${dir}last	$rndkey0,$inout1
 	aes${dir}last	$rndkey0,$inout2
 	ret
+.cfi_endproc
 .size	_aesni_${dir}rypt3,.-_aesni_${dir}rypt3
 ___
 }
@@ -406,6 +414,7 @@ $code.=<<___;
 .type	_aesni_${dir}rypt4,\@abi-omnipotent
 .align	16
 _aesni_${dir}rypt4:
+.cfi_startproc
 	$movkey	($key),$rndkey0
 	shl	\$4,$rounds
 	$movkey	16($key),$rndkey1
@@ -442,6 +451,7 @@ _aesni_${dir}rypt4:
 	aes${dir}last	$rndkey0,$inout2
 	aes${dir}last	$rndkey0,$inout3
 	ret
+.cfi_endproc
 .size	_aesni_${dir}rypt4,.-_aesni_${dir}rypt4
 ___
 }
@@ -453,6 +463,7 @@ $code.=<<___;
 .type	_aesni_${dir}rypt6,\@abi-omnipotent
 .align	16
 _aesni_${dir}rypt6:
+.cfi_startproc
 	$movkey		($key),$rndkey0
 	shl		\$4,$rounds
 	$movkey		16($key),$rndkey1
@@ -503,6 +514,7 @@ _aesni_${dir}rypt6:
 	aes${dir}last	$rndkey0,$inout4
 	aes${dir}last	$rndkey0,$inout5
 	ret
+.cfi_endproc
 .size	_aesni_${dir}rypt6,.-_aesni_${dir}rypt6
 ___
 }
@@ -514,6 +526,7 @@ $code.=<<___;
 .type	_aesni_${dir}rypt8,\@abi-omnipotent
 .align	16
 _aesni_${dir}rypt8:
+.cfi_startproc
 	$movkey		($key),$rndkey0
 	shl		\$4,$rounds
 	$movkey		16($key),$rndkey1
@@ -574,6 +587,7 @@ _aesni_${dir}rypt8:
 	aes${dir}last	$rndkey0,$inout6
 	aes${dir}last	$rndkey0,$inout7
 	ret
+.cfi_endproc
 .size	_aesni_${dir}rypt8,.-_aesni_${dir}rypt8
 ___
 }
@@ -598,6 +612,7 @@ $code.=<<___;
 .type	aesni_ecb_encrypt,\@function,5
 .align	16
 aesni_ecb_encrypt:
+.cfi_startproc
 ___
 $code.=<<___ if ($win64);
 	lea	-0x58(%rsp),%rsp
@@ -943,6 +958,7 @@ $code.=<<___ if ($win64);
 ___
 $code.=<<___;
 	ret
+.cfi_endproc
 .size	aesni_ecb_encrypt,.-aesni_ecb_encrypt
 ___
 
diff --git a/deps/openssl/openssl/crypto/aes/asm/aesv8-armx.pl b/deps/openssl/openssl/crypto/aes/asm/aesv8-armx.pl
index 8b37cfc452..eec0ed230a 100755
--- a/deps/openssl/openssl/crypto/aes/asm/aesv8-armx.pl
+++ b/deps/openssl/openssl/crypto/aes/asm/aesv8-armx.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2014-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -262,6 +262,7 @@ $code.=<<___;
 ${prefix}_set_decrypt_key:
 ___
 $code.=<<___	if ($flavour =~ /64/);
+	.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-16]!
 	add	x29,sp,#0
 ___
@@ -305,6 +306,7 @@ $code.=<<___	if ($flavour !~ /64/);
 ___
 $code.=<<___	if ($flavour =~ /64/);
 	ldp	x29,x30,[sp],#16
+	.inst	0xd50323bf		// autiasp
 	ret
 ___
 $code.=<<___;
diff --git a/deps/openssl/openssl/crypto/aes/asm/bsaes-x86_64.pl b/deps/openssl/openssl/crypto/aes/asm/bsaes-x86_64.pl
index 2c79c2b67c..e62342729e 100644
--- a/deps/openssl/openssl/crypto/aes/asm/bsaes-x86_64.pl
+++ b/deps/openssl/openssl/crypto/aes/asm/bsaes-x86_64.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -816,6 +816,7 @@ $code.=<<___;
 .type	_bsaes_encrypt8,\@abi-omnipotent
 .align	64
 _bsaes_encrypt8:
+.cfi_startproc
 	lea	.LBS0(%rip), $const	# constants table
 
 	movdqa	($key), @XMM[9]		# round 0 key
@@ -875,11 +876,13 @@ $code.=<<___;
 	pxor	@XMM[8], @XMM[0]
 	pxor	@XMM[8], @XMM[1]
 	ret
+.cfi_endproc
 .size	_bsaes_encrypt8,.-_bsaes_encrypt8
 
 .type	_bsaes_decrypt8,\@abi-omnipotent
 .align	64
 _bsaes_decrypt8:
+.cfi_startproc
 	lea	.LBS0(%rip), $const	# constants table
 
 	movdqa	($key), @XMM[9]		# round 0 key
@@ -937,6 +940,7 @@ $code.=<<___;
 	pxor	@XMM[8], @XMM[0]
 	pxor	@XMM[8], @XMM[1]
 	ret
+.cfi_endproc
 .size	_bsaes_decrypt8,.-_bsaes_decrypt8
 ___
 }
@@ -971,6 +975,7 @@ $code.=<<___;
 .type	_bsaes_key_convert,\@abi-omnipotent
 .align	16
 _bsaes_key_convert:
+.cfi_startproc
 	lea	.Lmasks(%rip), $const
 	movdqu	($inp), %xmm7		# load round 0 key
 	lea	0x10($inp), $inp
@@ -1049,6 +1054,7 @@ _bsaes_key_convert:
 	movdqa	0x50($const), %xmm7	# .L63
 	#movdqa	%xmm6, ($out)		# don't save last round key
 	ret
+.cfi_endproc
 .size	_bsaes_key_convert,.-_bsaes_key_convert
 ___
 }
diff --git a/deps/openssl/openssl/crypto/aes/asm/vpaes-armv8.pl b/deps/openssl/openssl/crypto/aes/asm/vpaes-armv8.pl
index 5131e13a09..e38288af55 100755
--- a/deps/openssl/openssl/crypto/aes/asm/vpaes-armv8.pl
+++ b/deps/openssl/openssl/crypto/aes/asm/vpaes-armv8.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -255,6 +255,7 @@ _vpaes_encrypt_core:
 .type	vpaes_encrypt,%function
 .align	4
 vpaes_encrypt:
+	.inst	0xd503233f			// paciasp
 	stp	x29,x30,[sp,#-16]!
 	add	x29,sp,#0
 
@@ -264,6 +265,7 @@ vpaes_encrypt:
 	st1	{v0.16b}, [$out]
 
 	ldp	x29,x30,[sp],#16
+	.inst	0xd50323bf			// autiasp
 	ret
 .size	vpaes_encrypt,.-vpaes_encrypt
 
@@ -486,6 +488,7 @@ _vpaes_decrypt_core:
 .type	vpaes_decrypt,%function
 .align	4
 vpaes_decrypt:
+	.inst	0xd503233f			// paciasp
 	stp	x29,x30,[sp,#-16]!
 	add	x29,sp,#0
 
@@ -495,6 +498,7 @@ vpaes_decrypt:
 	st1	{v0.16b}, [$out]
 
 	ldp	x29,x30,[sp],#16
+	.inst	0xd50323bf			// autiasp
 	ret
 .size	vpaes_decrypt,.-vpaes_decrypt
 
@@ -665,6 +669,7 @@ _vpaes_key_preheat:
 .type	_vpaes_schedule_core,%function
 .align	4
 _vpaes_schedule_core:
+	.inst	0xd503233f			// paciasp
 	stp	x29, x30, [sp,#-16]!
 	add	x29,sp,#0
 
@@ -829,6 +834,7 @@ _vpaes_schedule_core:
 	eor	v6.16b, v6.16b, v6.16b		// vpxor	%xmm6,	%xmm6,	%xmm6
 	eor	v7.16b, v7.16b, v7.16b		// vpxor	%xmm7,	%xmm7,	%xmm7
 	ldp	x29, x30, [sp],#16
+	.inst	0xd50323bf			// autiasp
 	ret
 .size	_vpaes_schedule_core,.-_vpaes_schedule_core
 
@@ -1041,6 +1047,7 @@ _vpaes_schedule_mangle:
 .type	vpaes_set_encrypt_key,%function
 .align	4
 vpaes_set_encrypt_key:
+	.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-16]!
 	add	x29,sp,#0
 	stp	d8,d9,[sp,#-16]!	// ABI spec says so
@@ -1056,6 +1063,7 @@ vpaes_set_encrypt_key:
 
 	ldp	d8,d9,[sp],#16
 	ldp	x29,x30,[sp],#16
+	.inst	0xd50323bf		// autiasp
 	ret
 .size	vpaes_set_encrypt_key,.-vpaes_set_encrypt_key
 
@@ -1063,6 +1071,7 @@ vpaes_set_encrypt_key:
 .type	vpaes_set_decrypt_key,%function
 .align	4
 vpaes_set_decrypt_key:
+	.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-16]!
 	add	x29,sp,#0
 	stp	d8,d9,[sp,#-16]!	// ABI spec says so
@@ -1082,6 +1091,7 @@ vpaes_set_decrypt_key:
 
 	ldp	d8,d9,[sp],#16
 	ldp	x29,x30,[sp],#16
+	.inst	0xd50323bf		// autiasp
 	ret
 .size	vpaes_set_decrypt_key,.-vpaes_set_decrypt_key
 ___
@@ -1098,6 +1108,7 @@ vpaes_cbc_encrypt:
 	cmp	w5, #0			// check direction
 	b.eq	vpaes_cbc_decrypt
 
+	.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-16]!
 	add	x29,sp,#0
 
@@ -1120,6 +1131,7 @@ vpaes_cbc_encrypt:
 	st1	{v0.16b}, [$ivec]	// write ivec
 
 	ldp	x29,x30,[sp],#16
+	.inst	0xd50323bf		// autiasp
 .Lcbc_abort:
 	ret
 .size	vpaes_cbc_encrypt,.-vpaes_cbc_encrypt
@@ -1127,6 +1139,7 @@ vpaes_cbc_encrypt:
 .type	vpaes_cbc_decrypt,%function
 .align	4
 vpaes_cbc_decrypt:
+	.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-16]!
 	add	x29,sp,#0
 	stp	d8,d9,[sp,#-16]!	// ABI spec says so
@@ -1168,6 +1181,7 @@ vpaes_cbc_decrypt:
 	ldp	d10,d11,[sp],#16
 	ldp	d8,d9,[sp],#16
 	ldp	x29,x30,[sp],#16
+	.inst	0xd50323bf		// autiasp
 	ret
 .size	vpaes_cbc_decrypt,.-vpaes_cbc_decrypt
 ___
@@ -1177,6 +1191,7 @@ $code.=<<___;
 .type	vpaes_ecb_encrypt,%function
 .align	4
 vpaes_ecb_encrypt:
+	.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-16]!
 	add	x29,sp,#0
 	stp	d8,d9,[sp,#-16]!	// ABI spec says so
@@ -1210,6 +1225,7 @@ vpaes_ecb_encrypt:
 	ldp	d10,d11,[sp],#16
 	ldp	d8,d9,[sp],#16
 	ldp	x29,x30,[sp],#16
+	.inst	0xd50323bf		// autiasp
 	ret
 .size	vpaes_ecb_encrypt,.-vpaes_ecb_encrypt
 
@@ -1217,6 +1233,7 @@ vpaes_ecb_encrypt:
 .type	vpaes_ecb_decrypt,%function
 .align	4
 vpaes_ecb_decrypt:
+	.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-16]!
 	add	x29,sp,#0
 	stp	d8,d9,[sp,#-16]!	// ABI spec says so
@@ -1250,6 +1267,7 @@ vpaes_ecb_decrypt:
 	ldp	d10,d11,[sp],#16
 	ldp	d8,d9,[sp],#16
 	ldp	x29,x30,[sp],#16
+	.inst	0xd50323bf		// autiasp
 	ret
 .size	vpaes_ecb_decrypt,.-vpaes_ecb_decrypt
 ___
diff --git a/deps/openssl/openssl/crypto/aes/asm/vpaes-x86_64.pl b/deps/openssl/openssl/crypto/aes/asm/vpaes-x86_64.pl
index b715aca167..33d293e623 100644
--- a/deps/openssl/openssl/crypto/aes/asm/vpaes-x86_64.pl
+++ b/deps/openssl/openssl/crypto/aes/asm/vpaes-x86_64.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -91,6 +91,7 @@ $code.=<<___;
 .type	_vpaes_encrypt_core,\@abi-omnipotent
 .align 16
 _vpaes_encrypt_core:
+.cfi_startproc
 	mov	%rdx,	%r9
 	mov	\$16,	%r11
 	mov	240(%rdx),%eax
@@ -171,6 +172,7 @@ _vpaes_encrypt_core:
 	pxor	%xmm4,	%xmm0	# 0 = A
 	pshufb	%xmm1,	%xmm0
 	ret
+.cfi_endproc
 .size	_vpaes_encrypt_core,.-_vpaes_encrypt_core
 
 ##
@@ -181,6 +183,7 @@ _vpaes_encrypt_core:
 .type	_vpaes_decrypt_core,\@abi-omnipotent
 .align	16
 _vpaes_decrypt_core:
+.cfi_startproc
 	mov	%rdx,	%r9		# load key
 	mov	240(%rdx),%eax
 	movdqa	%xmm9,	%xmm1
@@ -277,6 +280,7 @@ _vpaes_decrypt_core:
 	pxor	%xmm4,	%xmm0	# 0 = A
 	pshufb	%xmm2,	%xmm0
 	ret
+.cfi_endproc
 .size	_vpaes_decrypt_core,.-_vpaes_decrypt_core
 
 ########################################################
@@ -287,6 +291,7 @@ _vpaes_decrypt_core:
 .type	_vpaes_schedule_core,\@abi-omnipotent
 .align	16
 _vpaes_schedule_core:
+.cfi_startproc
 	# rdi = key
 	# rsi = size in bits
 	# rdx = buffer
@@ -453,6 +458,7 @@ _vpaes_schedule_core:
 	pxor	%xmm6,  %xmm6
 	pxor	%xmm7,  %xmm7
 	ret
+.cfi_endproc
 .size	_vpaes_schedule_core,.-_vpaes_schedule_core
 
 ##
@@ -472,6 +478,7 @@ _vpaes_schedule_core:
 .type	_vpaes_schedule_192_smear,\@abi-omnipotent
 .align	16
 _vpaes_schedule_192_smear:
+.cfi_startproc
 	pshufd	\$0x80,	%xmm6,	%xmm1	# d c 0 0 -> c 0 0 0
 	pshufd	\$0xFE,	%xmm7,	%xmm0	# b a _ _ -> b b b a
 	pxor	%xmm1,	%xmm6		# -> c+d c 0 0
@@ -480,6 +487,7 @@ _vpaes_schedule_192_smear:
 	movdqa	%xmm6,	%xmm0
 	movhlps	%xmm1,	%xmm6		# clobber low side with zeros
 	ret
+.cfi_endproc
 .size	_vpaes_schedule_192_smear,.-_vpaes_schedule_192_smear
 
 ##
@@ -503,6 +511,7 @@ _vpaes_schedule_192_smear:
 .type	_vpaes_schedule_round,\@abi-omnipotent
 .align	16
 _vpaes_schedule_round:
+.cfi_startproc
 	# extract rcon from xmm8
 	pxor	%xmm1,	%xmm1
 	palignr	\$15,	%xmm8,	%xmm1
@@ -556,6 +565,7 @@ _vpaes_schedule_low_round:
 	pxor	%xmm7,	%xmm0
 	movdqa	%xmm0,	%xmm7
 	ret
+.cfi_endproc
 .size	_vpaes_schedule_round,.-_vpaes_schedule_round
 
 ##
@@ -570,6 +580,7 @@ _vpaes_schedule_low_round:
 .type	_vpaes_schedule_transform,\@abi-omnipotent
 .align	16
 _vpaes_schedule_transform:
+.cfi_startproc
 	movdqa	%xmm9,	%xmm1
 	pandn	%xmm0,	%xmm1
 	psrld	\$4,	%xmm1
@@ -580,6 +591,7 @@ _vpaes_schedule_transform:
 	pshufb	%xmm1,	%xmm0
 	pxor	%xmm2,	%xmm0
 	ret
+.cfi_endproc
 .size	_vpaes_schedule_transform,.-_vpaes_schedule_transform
 
 ##
@@ -608,6 +620,7 @@ _vpaes_schedule_transform:
 .type	_vpaes_schedule_mangle,\@abi-omnipotent
 .align	16
 _vpaes_schedule_mangle:
+.cfi_startproc
 	movdqa	%xmm0,	%xmm4	# save xmm0 for later
 	movdqa	.Lk_mc_forward(%rip),%xmm5
 	test	%rcx, 	%rcx
@@ -672,6 +685,7 @@ _vpaes_schedule_mangle:
 	and	\$0x30,	%r8
 	movdqu	%xmm3,	(%rdx)
 	ret
+.cfi_endproc
 .size	_vpaes_schedule_mangle,.-_vpaes_schedule_mangle
 
 #
@@ -681,6 +695,7 @@ _vpaes_schedule_mangle:
 .type	${PREFIX}_set_encrypt_key,\@function,3
 .align	16
 ${PREFIX}_set_encrypt_key:
+.cfi_startproc
 ___
 $code.=<<___ if ($win64);
 	lea	-0xb8(%rsp),%rsp
@@ -723,12 +738,14 @@ ___
 $code.=<<___;
 	xor	%eax,%eax
 	ret
+.cfi_endproc
 .size	${PREFIX}_set_encrypt_key,.-${PREFIX}_set_encrypt_key
 
 .globl	${PREFIX}_set_decrypt_key
 .type	${PREFIX}_set_decrypt_key,\@function,3
 .align	16
 ${PREFIX}_set_decrypt_key:
+.cfi_startproc
 ___
 $code.=<<___ if ($win64);
 	lea	-0xb8(%rsp),%rsp
@@ -776,12 +793,14 @@ ___
 $code.=<<___;
 	xor	%eax,%eax
 	ret
+.cfi_endproc
 .size	${PREFIX}_set_decrypt_key,.-${PREFIX}_set_decrypt_key
 
 .globl	${PREFIX}_encrypt
 .type	${PREFIX}_encrypt,\@function,3
 .align	16
 ${PREFIX}_encrypt:
+.cfi_startproc
 ___
 $code.=<<___ if ($win64);
 	lea	-0xb8(%rsp),%rsp
@@ -819,12 +838,14 @@ $code.=<<___ if ($win64);
 ___
 $code.=<<___;
 	ret
+.cfi_endproc
 .size	${PREFIX}_encrypt,.-${PREFIX}_encrypt
 
 .globl	${PREFIX}_decrypt
 .type	${PREFIX}_decrypt,\@function,3
 .align	16
 ${PREFIX}_decrypt:
+.cfi_startproc
 ___
 $code.=<<___ if ($win64);
 	lea	-0xb8(%rsp),%rsp
@@ -862,6 +883,7 @@ $code.=<<___ if ($win64);
 ___
 $code.=<<___;
 	ret
+.cfi_endproc
 .size	${PREFIX}_decrypt,.-${PREFIX}_decrypt
 ___
 {
@@ -874,6 +896,7 @@ $code.=<<___;
 .type	${PREFIX}_cbc_encrypt,\@function,6
 .align	16
 ${PREFIX}_cbc_encrypt:
+.cfi_startproc
 	xchg	$key,$len
 ___
 ($len,$key)=($key,$len);
@@ -944,6 +967,7 @@ ___
 $code.=<<___;
 .Lcbc_abort:
 	ret
+.cfi_endproc
 .size	${PREFIX}_cbc_encrypt,.-${PREFIX}_cbc_encrypt
 ___
 }
@@ -957,6 +981,7 @@ $code.=<<___;
 .type	_vpaes_preheat,\@abi-omnipotent
 .align	16
 _vpaes_preheat:
+.cfi_startproc
 	lea	.Lk_s0F(%rip), %r10
 	movdqa	-0x20(%r10), %xmm10	# .Lk_inv
 	movdqa	-0x10(%r10), %xmm11	# .Lk_inv+16
@@ -966,6 +991,7 @@ _vpaes_preheat:
 	movdqa	0x50(%r10), %xmm15	# .Lk_sb2
 	movdqa	0x60(%r10), %xmm14	# .Lk_sb2+16
 	ret
+.cfi_endproc
 .size	_vpaes_preheat,.-_vpaes_preheat
 ########################################################
 ##                                                    ##
diff --git a/deps/openssl/openssl/crypto/armcap.c b/deps/openssl/openssl/crypto/armcap.c
index 1b3c2722d1..58e54f0da2 100644
--- a/deps/openssl/openssl/crypto/armcap.c
+++ b/deps/openssl/openssl/crypto/armcap.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -62,14 +62,12 @@ uint32_t OPENSSL_rdtsc(void)
 # if defined(__GNUC__) && __GNUC__>=2
 void OPENSSL_cpuid_setup(void) __attribute__ ((constructor));
 # endif
-/*
- * Use a weak reference to getauxval() so we can use it if it is available but
- * don't break the build if it is not.
- */
-# if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__)
-extern unsigned long getauxval(unsigned long type) __attribute__ ((weak));
-# else
-static unsigned long (*getauxval) (unsigned long) = NULL;
+
+# if defined(__GLIBC__) && defined(__GLIBC_PREREQ)
+#  if __GLIBC_PREREQ(2, 16)
+#   include <sys/auxv.h>
+#   define OSSL_IMPLEMENT_GETAUXVAL
+#  endif
 # endif
 
 /*
@@ -134,6 +132,33 @@ void OPENSSL_cpuid_setup(void)
      */
 # endif
 
+    OPENSSL_armcap_P = 0;
+
+# ifdef OSSL_IMPLEMENT_GETAUXVAL
+    if (getauxval(HWCAP) & HWCAP_NEON) {
+        unsigned long hwcap = getauxval(HWCAP_CE);
+
+        OPENSSL_armcap_P |= ARMV7_NEON;
+
+        if (hwcap & HWCAP_CE_AES)
+            OPENSSL_armcap_P |= ARMV8_AES;
+
+        if (hwcap & HWCAP_CE_PMULL)
+            OPENSSL_armcap_P |= ARMV8_PMULL;
+
+        if (hwcap & HWCAP_CE_SHA1)
+            OPENSSL_armcap_P |= ARMV8_SHA1;
+
+        if (hwcap & HWCAP_CE_SHA256)
+            OPENSSL_armcap_P |= ARMV8_SHA256;
+
+#  ifdef __aarch64__
+        if (hwcap & HWCAP_CE_SHA512)
+            OPENSSL_armcap_P |= ARMV8_SHA512;
+#  endif
+    }
+# endif
+
     sigfillset(&all_masked);
     sigdelset(&all_masked, SIGILL);
     sigdelset(&all_masked, SIGTRAP);
@@ -141,8 +166,6 @@ void OPENSSL_cpuid_setup(void)
     sigdelset(&all_masked, SIGBUS);
     sigdelset(&all_masked, SIGSEGV);
 
-    OPENSSL_armcap_P = 0;
-
     memset(&ill_act, 0, sizeof(ill_act));
     ill_act.sa_handler = ill_handler;
     ill_act.sa_mask = all_masked;
@@ -150,30 +173,9 @@ void OPENSSL_cpuid_setup(void)
     sigprocmask(SIG_SETMASK, &ill_act.sa_mask, &oset);
     sigaction(SIGILL, &ill_act, &ill_oact);
 
-    if (getauxval != NULL) {
-        if (getauxval(HWCAP) & HWCAP_NEON) {
-            unsigned long hwcap = getauxval(HWCAP_CE);
-
-            OPENSSL_armcap_P |= ARMV7_NEON;
-
-            if (hwcap & HWCAP_CE_AES)
-                OPENSSL_armcap_P |= ARMV8_AES;
-
-            if (hwcap & HWCAP_CE_PMULL)
-                OPENSSL_armcap_P |= ARMV8_PMULL;
-
-            if (hwcap & HWCAP_CE_SHA1)
-                OPENSSL_armcap_P |= ARMV8_SHA1;
-
-            if (hwcap & HWCAP_CE_SHA256)
-                OPENSSL_armcap_P |= ARMV8_SHA256;
-
-# ifdef __aarch64__
-            if (hwcap & HWCAP_CE_SHA512)
-                OPENSSL_armcap_P |= ARMV8_SHA512;
-# endif
-        }
-    } else if (sigsetjmp(ill_jmp, 1) == 0) {
+    /* If we used getauxval, we already have all the values */
+# ifndef OSSL_IMPLEMENT_GETAUXVAL
+    if (sigsetjmp(ill_jmp, 1) == 0) {
         _armv7_neon_probe();
         OPENSSL_armcap_P |= ARMV7_NEON;
         if (sigsetjmp(ill_jmp, 1) == 0) {
@@ -191,13 +193,16 @@ void OPENSSL_cpuid_setup(void)
             _armv8_sha256_probe();
             OPENSSL_armcap_P |= ARMV8_SHA256;
         }
-# if defined(__aarch64__) && !defined(__APPLE__)
+#  if defined(__aarch64__) && !defined(__APPLE__)
         if (sigsetjmp(ill_jmp, 1) == 0) {
             _armv8_sha512_probe();
             OPENSSL_armcap_P |= ARMV8_SHA512;
         }
-# endif
+#  endif
     }
+# endif
+
+    /* Things that getauxval didn't tell us */
     if (sigsetjmp(ill_jmp, 1) == 0) {
         _armv7_tick();
         OPENSSL_armcap_P |= ARMV7_TICK;
diff --git a/deps/openssl/openssl/crypto/asn1/a_digest.c b/deps/openssl/openssl/crypto/asn1/a_digest.c
index f4cc1f2e0e..cc3532ea7d 100644
--- a/deps/openssl/openssl/crypto/asn1/a_digest.c
+++ b/deps/openssl/openssl/crypto/asn1/a_digest.c
@@ -23,18 +23,22 @@
 int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data,
                 unsigned char *md, unsigned int *len)
 {
-    int i;
+    int inl;
     unsigned char *str, *p;
 
-    i = i2d(data, NULL);
-    if ((str = OPENSSL_malloc(i)) == NULL) {
+    inl = i2d(data, NULL);
+    if (inl <= 0) {
+        ASN1err(ASN1_F_ASN1_DIGEST, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    if ((str = OPENSSL_malloc(inl)) == NULL) {
         ASN1err(ASN1_F_ASN1_DIGEST, ERR_R_MALLOC_FAILURE);
         return 0;
     }
     p = str;
     i2d(data, &p);
 
-    if (!EVP_Digest(str, i, md, len, type, NULL)) {
+    if (!EVP_Digest(str, inl, md, len, type, NULL)) {
         OPENSSL_free(str);
         return 0;
     }
diff --git a/deps/openssl/openssl/crypto/asn1/a_sign.c b/deps/openssl/openssl/crypto/asn1/a_sign.c
index 130e23eaaa..146fdb9626 100644
--- a/deps/openssl/openssl/crypto/asn1/a_sign.c
+++ b/deps/openssl/openssl/crypto/asn1/a_sign.c
@@ -29,7 +29,8 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2,
 {
     EVP_MD_CTX *ctx = EVP_MD_CTX_new();
     unsigned char *p, *buf_in = NULL, *buf_out = NULL;
-    int i, inl = 0, outl = 0, outll = 0;
+    int i, inl = 0, outl = 0;
+    size_t inll = 0, outll = 0;
     X509_ALGOR *a;
 
     if (ctx == NULL) {
@@ -70,10 +71,15 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2,
         }
     }
     inl = i2d(data, NULL);
-    buf_in = OPENSSL_malloc((unsigned int)inl);
+    if (inl <= 0) {
+        ASN1err(ASN1_F_ASN1_SIGN, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    inll = (size_t)inl;
+    buf_in = OPENSSL_malloc(inll);
     outll = outl = EVP_PKEY_size(pkey);
-    buf_out = OPENSSL_malloc((unsigned int)outl);
-    if ((buf_in == NULL) || (buf_out == NULL)) {
+    buf_out = OPENSSL_malloc(outll);
+    if (buf_in == NULL || buf_out == NULL) {
         outl = 0;
         ASN1err(ASN1_F_ASN1_SIGN, ERR_R_MALLOC_FAILURE);
         goto err;
@@ -101,7 +107,7 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2,
     signature->flags |= ASN1_STRING_FLAG_BITS_LEFT;
  err:
     EVP_MD_CTX_free(ctx);
-    OPENSSL_clear_free((char *)buf_in, (unsigned int)inl);
+    OPENSSL_clear_free((char *)buf_in, inll);
     OPENSSL_clear_free((char *)buf_out, outll);
     return outl;
 }
@@ -138,7 +144,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it,
     EVP_PKEY *pkey;
     unsigned char *buf_in = NULL, *buf_out = NULL;
     size_t inl = 0, outl = 0, outll = 0;
-    int signid, paramtype;
+    int signid, paramtype, buf_len = 0;
     int rv;
 
     type = EVP_MD_CTX_md(ctx);
@@ -198,10 +204,16 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it,
 
     }
 
-    inl = ASN1_item_i2d(asn, &buf_in, it);
+    buf_len = ASN1_item_i2d(asn, &buf_in, it);
+    if (buf_len <= 0) {
+        outl = 0;
+        ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    inl = buf_len;
     outll = outl = EVP_PKEY_size(pkey);
-    buf_out = OPENSSL_malloc((unsigned int)outl);
-    if ((buf_in == NULL) || (buf_out == NULL)) {
+    buf_out = OPENSSL_malloc(outll);
+    if (buf_in == NULL || buf_out == NULL) {
         outl = 0;
         ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_MALLOC_FAILURE);
         goto err;
@@ -223,7 +235,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it,
     signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
     signature->flags |= ASN1_STRING_FLAG_BITS_LEFT;
  err:
-    OPENSSL_clear_free((char *)buf_in, (unsigned int)inl);
+    OPENSSL_clear_free((char *)buf_in, inl);
     OPENSSL_clear_free((char *)buf_out, outll);
     return outl;
 }
diff --git a/deps/openssl/openssl/crypto/asn1/a_verify.c b/deps/openssl/openssl/crypto/asn1/a_verify.c
index 973d50d24d..cdaf17c3cb 100644
--- a/deps/openssl/openssl/crypto/asn1/a_verify.c
+++ b/deps/openssl/openssl/crypto/asn1/a_verify.c
@@ -48,6 +48,10 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
     }
 
     inl = i2d(data, NULL);
+    if (inl <= 0) {
+        ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
     buf_in = OPENSSL_malloc((unsigned int)inl);
     if (buf_in == NULL) {
         ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_MALLOC_FAILURE);
@@ -87,8 +91,8 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
     EVP_MD_CTX *ctx = NULL;
     unsigned char *buf_in = NULL;
     int ret = -1, inl = 0;
-
     int mdnid, pknid;
+    size_t inll = 0;
 
     if (!pkey) {
         ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
@@ -127,8 +131,8 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
             goto err;
         ret = -1;
     } else {
-        const EVP_MD *type;
-        type = EVP_get_digestbynid(mdnid);
+        const EVP_MD *type = EVP_get_digestbynid(mdnid);
+
         if (type == NULL) {
             ASN1err(ASN1_F_ASN1_ITEM_VERIFY,
                     ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
@@ -150,11 +154,15 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
     }
 
     inl = ASN1_item_i2d(asn, &buf_in, it);
-
+    if (inl <= 0) {
+        ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
     if (buf_in == NULL) {
         ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_MALLOC_FAILURE);
         goto err;
     }
+    inll = inl;
 
     ret = EVP_DigestVerify(ctx, signature->data, (size_t)signature->length,
                            buf_in, inl);
@@ -164,7 +172,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
     }
     ret = 1;
  err:
-    OPENSSL_clear_free(buf_in, (unsigned int)inl);
+    OPENSSL_clear_free(buf_in, inll);
     EVP_MD_CTX_free(ctx);
     return ret;
 }
diff --git a/deps/openssl/openssl/crypto/asn1/ameth_lib.c b/deps/openssl/openssl/crypto/asn1/ameth_lib.c
index 9a1644148a..d7d270dbb5 100644
--- a/deps/openssl/openssl/crypto/asn1/ameth_lib.c
+++ b/deps/openssl/openssl/crypto/asn1/ameth_lib.c
@@ -140,6 +140,22 @@ int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth)
 {
     EVP_PKEY_ASN1_METHOD tmp = { 0, };
 
+    /*
+     * One of the following must be true:
+     *
+     * pem_str == NULL AND ASN1_PKEY_ALIAS is set
+     * pem_str != NULL AND ASN1_PKEY_ALIAS is clear
+     *
+     * Anything else is an error and may lead to a corrupt ASN1 method table
+     */
+    if (!((ameth->pem_str == NULL
+           && (ameth->pkey_flags & ASN1_PKEY_ALIAS) != 0)
+          || (ameth->pem_str != NULL
+              && (ameth->pkey_flags & ASN1_PKEY_ALIAS) == 0))) {
+        EVPerr(EVP_F_EVP_PKEY_ASN1_ADD0, ERR_R_PASSED_INVALID_ARGUMENT);
+        return 0;
+    }
+
     if (app_methods == NULL) {
         app_methods = sk_EVP_PKEY_ASN1_METHOD_new(ameth_cmp);
         if (app_methods == NULL)
@@ -216,18 +232,6 @@ EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags,
             goto err;
     }
 
-    /*
-     * One of the following must be true:
-     *
-     * pem_str == NULL AND ASN1_PKEY_ALIAS is set
-     * pem_str != NULL AND ASN1_PKEY_ALIAS is clear
-     *
-     * Anything else is an error and may lead to a corrupt ASN1 method table
-     */
-    if (!((pem_str == NULL && (flags & ASN1_PKEY_ALIAS) != 0)
-          || (pem_str != NULL && (flags & ASN1_PKEY_ALIAS) == 0)))
-        goto err;
-
     if (pem_str) {
         ameth->pem_str = OPENSSL_strdup(pem_str);
         if (!ameth->pem_str)
diff --git a/deps/openssl/openssl/crypto/asn1/charmap.h b/deps/openssl/openssl/crypto/asn1/charmap.h
index bfccac2cb4..f15d72d736 100644
--- a/deps/openssl/openssl/crypto/asn1/charmap.h
+++ b/deps/openssl/openssl/crypto/asn1/charmap.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by crypto/asn1/charmap.pl
  *
- * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/deps/openssl/openssl/crypto/asn1/charmap.pl b/deps/openssl/openssl/crypto/asn1/charmap.pl
index fbab1f3b0a..dadd8df774 100644
--- a/deps/openssl/openssl/crypto/asn1/charmap.pl
+++ b/deps/openssl/openssl/crypto/asn1/charmap.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
diff --git a/deps/openssl/openssl/crypto/asn1/d2i_pu.c b/deps/openssl/openssl/crypto/asn1/d2i_pu.c
index 9452e08a58..7bc16c7bce 100644
--- a/deps/openssl/openssl/crypto/asn1/d2i_pu.c
+++ b/deps/openssl/openssl/crypto/asn1/d2i_pu.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -32,7 +32,7 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp,
     } else
         ret = *a;
 
-    if (!EVP_PKEY_set_type(ret, type)) {
+    if (type != EVP_PKEY_id(ret) && !EVP_PKEY_set_type(ret, type)) {
         ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_EVP_LIB);
         goto err;
     }
diff --git a/deps/openssl/openssl/crypto/bio/b_addr.c b/deps/openssl/openssl/crypto/bio/b_addr.c
index abec7bb8db..4395ab7a06 100644
--- a/deps/openssl/openssl/crypto/bio/b_addr.c
+++ b/deps/openssl/openssl/crypto/bio/b_addr.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -782,7 +782,12 @@ int BIO_lookup_ex(const char *host, const char *service, int lookup_type,
                  * anyway [above getaddrinfo/gai_strerror is]. We just let
                  * system administrator figure this out...
                  */
+# if defined(OPENSSL_SYS_VXWORKS)
+                /* h_errno doesn't exist on VxWorks */
+                SYSerr(SYS_F_GETHOSTBYNAME, 1000 );
+# else
                 SYSerr(SYS_F_GETHOSTBYNAME, 1000 + h_errno);
+# endif
 #else
                 SYSerr(SYS_F_GETHOSTBYNAME, WSAGetLastError());
 #endif
diff --git a/deps/openssl/openssl/crypto/bio/bss_file.c b/deps/openssl/openssl/crypto/bio/bss_file.c
index 8de2391267..057344783d 100644
--- a/deps/openssl/openssl/crypto/bio/bss_file.c
+++ b/deps/openssl/openssl/crypto/bio/bss_file.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -253,9 +253,7 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr)
             }
 #  elif defined(OPENSSL_SYS_WIN32_CYGWIN)
             int fd = fileno((FILE *)ptr);
-            if (num & BIO_FP_TEXT)
-                setmode(fd, O_TEXT);
-            else
+            if (!(num & BIO_FP_TEXT))
                 setmode(fd, O_BINARY);
 #  endif
         }
@@ -279,11 +277,14 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr)
             ret = 0;
             break;
         }
-#  if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32_CYGWIN)
+#  if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS)
         if (!(num & BIO_FP_TEXT))
             OPENSSL_strlcat(p, "b", sizeof(p));
         else
             OPENSSL_strlcat(p, "t", sizeof(p));
+#  elif defined(OPENSSL_SYS_WIN32_CYGWIN)
+        if (!(num & BIO_FP_TEXT))
+            OPENSSL_strlcat(p, "b", sizeof(p));
 #  endif
         fp = openssl_fopen(ptr, p);
         if (fp == NULL) {
diff --git a/deps/openssl/openssl/crypto/bio/bss_mem.c b/deps/openssl/openssl/crypto/bio/bss_mem.c
index e0a97c3b43..10fcbf7a7c 100644
--- a/deps/openssl/openssl/crypto/bio/bss_mem.c
+++ b/deps/openssl/openssl/crypto/bio/bss_mem.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -20,7 +20,7 @@ static long mem_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int mem_new(BIO *h);
 static int secmem_new(BIO *h);
 static int mem_free(BIO *data);
-static int mem_buf_free(BIO *data, int free_all);
+static int mem_buf_free(BIO *data);
 static int mem_buf_sync(BIO *h);
 
 static const BIO_METHOD mem_method = {
@@ -140,10 +140,20 @@ static int secmem_new(BIO *bi)
 
 static int mem_free(BIO *a)
 {
-    return mem_buf_free(a, 1);
+    BIO_BUF_MEM *bb;
+
+    if (a == NULL)
+        return 0;
+
+    bb = (BIO_BUF_MEM *)a->ptr;
+    if (!mem_buf_free(a))
+        return 0;
+    OPENSSL_free(bb->readp);
+    OPENSSL_free(bb);
+    return 1;
 }
 
-static int mem_buf_free(BIO *a, int free_all)
+static int mem_buf_free(BIO *a)
 {
     if (a == NULL)
         return 0;
@@ -155,11 +165,6 @@ static int mem_buf_free(BIO *a, int free_all)
         if (a->flags & BIO_FLAGS_MEM_RDONLY)
             b->data = NULL;
         BUF_MEM_free(b);
-        if (free_all) {
-            OPENSSL_free(bb->readp);
-            OPENSSL_free(bb);
-        }
-        a->ptr = NULL;
     }
     return 1;
 }
@@ -266,11 +271,10 @@ static long mem_ctrl(BIO *b, int cmd, long num, void *ptr)
         }
         break;
     case BIO_C_SET_BUF_MEM:
-        mem_buf_free(b, 0);
+        mem_buf_free(b);
         b->shutdown = (int)num;
         bbm->buf = ptr;
         *bbm->readp = *bbm->buf;
-        b->ptr = bbm;
         break;
     case BIO_C_GET_BUF_MEM_PTR:
         if (ptr != NULL) {
diff --git a/deps/openssl/openssl/crypto/bn/asm/armv8-mont.pl b/deps/openssl/openssl/crypto/bn/asm/armv8-mont.pl
index 5d5af1b6be..d8347bf932 100755
--- a/deps/openssl/openssl/crypto/bn/asm/armv8-mont.pl
+++ b/deps/openssl/openssl/crypto/bn/asm/armv8-mont.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -287,6 +287,7 @@ __bn_sqr8x_mont:
 	cmp	$ap,$bp
 	b.ne	__bn_mul4x_mont
 .Lsqr8x_mont:
+	.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-128]!
 	add	x29,sp,#0
 	stp	x19,x20,[sp,#16]
@@ -1040,6 +1041,7 @@ $code.=<<___;
 	ldp	x25,x26,[x29,#64]
 	ldp	x27,x28,[x29,#80]
 	ldr	x29,[sp],#128
+	.inst	0xd50323bf		// autiasp
 	ret
 .size	__bn_sqr8x_mont,.-__bn_sqr8x_mont
 ___
@@ -1063,6 +1065,7 @@ $code.=<<___;
 .type	__bn_mul4x_mont,%function
 .align	5
 __bn_mul4x_mont:
+	.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-128]!
 	add	x29,sp,#0
 	stp	x19,x20,[sp,#16]
@@ -1496,6 +1499,7 @@ __bn_mul4x_mont:
 	ldp	x25,x26,[x29,#64]
 	ldp	x27,x28,[x29,#80]
 	ldr	x29,[sp],#128
+	.inst	0xd50323bf		// autiasp
 	ret
 .size	__bn_mul4x_mont,.-__bn_mul4x_mont
 ___
diff --git a/deps/openssl/openssl/crypto/bn/asm/ia64.S b/deps/openssl/openssl/crypto/bn/asm/ia64.S
index d235c45e2d..0a26735c69 100644
--- a/deps/openssl/openssl/crypto/bn/asm/ia64.S
+++ b/deps/openssl/openssl/crypto/bn/asm/ia64.S
@@ -3,7 +3,7 @@
 .ident	"ia64.S, Version 2.1"
 .ident	"IA-64 ISA artwork by Andy Polyakov <appro@openssl.org>"
 
-// Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+// Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
 //
 // Licensed under the OpenSSL license (the "License").  You may not use
 // this file except in compliance with the License.  You can obtain a copy
@@ -48,7 +48,7 @@
 // on Itanium2! What to do? Reschedule loops for Itanium2? But then
 // Itanium would exhibit anti-scalability. So I've chosen to reschedule
 // for worst latency for every instruction aiming for best *all-round*
-// performance.  
+// performance.
 
 // Q.	How much faster does it get?
 // A.	Here is the output from 'openssl speed rsa dsa' for vanilla
@@ -472,7 +472,7 @@ bn_mul_add_words:
 .global	bn_sqr_words#
 .proc	bn_sqr_words#
 .align	64
-.skip	32	// makes the loop body aligned at 64-byte boundary 
+.skip	32	// makes the loop body aligned at 64-byte boundary
 bn_sqr_words:
 	.prologue
 	.save	ar.pfs,r2
diff --git a/deps/openssl/openssl/crypto/bn/asm/mips.pl b/deps/openssl/openssl/crypto/bn/asm/mips.pl
index da35ec1b30..3875132bd2 100644
--- a/deps/openssl/openssl/crypto/bn/asm/mips.pl
+++ b/deps/openssl/openssl/crypto/bn/asm/mips.pl
@@ -798,6 +798,11 @@ $code.=<<___;
 	move	$a0,$v0
 .end	bn_sub_words_internal
 
+#if 0
+/*
+ * The bn_div_3_words entry point is re-used for constant-time interface.
+ * Implementation is retained as hystorical reference.
+ */
 .align 5
 .globl	bn_div_3_words
 .ent	bn_div_3_words
@@ -877,6 +882,7 @@ $code.=<<___;
 	jr	$ra
 	move	$a0,$v0
 .end	bn_div_3_words_internal
+#endif
 
 .align	5
 .globl	bn_div_words
diff --git a/deps/openssl/openssl/crypto/bn/asm/rsaz-avx2.pl b/deps/openssl/openssl/crypto/bn/asm/rsaz-avx2.pl
index f1292cc75c..85cd73c668 100755
--- a/deps/openssl/openssl/crypto/bn/asm/rsaz-avx2.pl
+++ b/deps/openssl/openssl/crypto/bn/asm/rsaz-avx2.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2013-2019 The OpenSSL Project Authors. All Rights Reserved.
 # Copyright (c) 2012, Intel Corporation. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
@@ -1492,6 +1492,7 @@ $code.=<<___;
 .type	rsaz_1024_red2norm_avx2,\@abi-omnipotent
 .align	32
 rsaz_1024_red2norm_avx2:
+.cfi_startproc
 	sub	\$-128,$inp	# size optimization
 	xor	%rax,%rax
 ___
@@ -1525,12 +1526,14 @@ ___
 }
 $code.=<<___;
 	ret
+.cfi_endproc
 .size	rsaz_1024_red2norm_avx2,.-rsaz_1024_red2norm_avx2
 
 .globl	rsaz_1024_norm2red_avx2
 .type	rsaz_1024_norm2red_avx2,\@abi-omnipotent
 .align	32
 rsaz_1024_norm2red_avx2:
+.cfi_startproc
 	sub	\$-128,$out	# size optimization
 	mov	($inp),@T[0]
 	mov	\$0x1fffffff,%eax
@@ -1562,6 +1565,7 @@ $code.=<<___;
 	mov	@T[0],`8*($j+2)-128`($out)
 	mov	@T[0],`8*($j+3)-128`($out)
 	ret
+.cfi_endproc
 .size	rsaz_1024_norm2red_avx2,.-rsaz_1024_norm2red_avx2
 ___
 }
@@ -1573,6 +1577,7 @@ $code.=<<___;
 .type	rsaz_1024_scatter5_avx2,\@abi-omnipotent
 .align	32
 rsaz_1024_scatter5_avx2:
+.cfi_startproc
 	vzeroupper
 	vmovdqu	.Lscatter_permd(%rip),%ymm5
 	shl	\$4,$power
@@ -1592,6 +1597,7 @@ rsaz_1024_scatter5_avx2:
 
 	vzeroupper
 	ret
+.cfi_endproc
 .size	rsaz_1024_scatter5_avx2,.-rsaz_1024_scatter5_avx2
 
 .globl	rsaz_1024_gather5_avx2
diff --git a/deps/openssl/openssl/crypto/bn/asm/sparcv8plus.S b/deps/openssl/openssl/crypto/bn/asm/sparcv8plus.S
index fe4699b2bd..d520ffa7c2 100644
--- a/deps/openssl/openssl/crypto/bn/asm/sparcv8plus.S
+++ b/deps/openssl/openssl/crypto/bn/asm/sparcv8plus.S
@@ -3,7 +3,7 @@
 
 /*
  * ====================================================================
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -154,9 +154,9 @@
   .register	%g2,#scratch
   .register	%g3,#scratch
 # define	FRAME_SIZE	-192
-#else 
+#else
 # define	FRAME_SIZE	-96
-#endif 
+#endif
 /*
  * GNU assembler can't stand stuw:-(
  */
diff --git a/deps/openssl/openssl/crypto/bn/asm/x86_64-mont5.pl b/deps/openssl/openssl/crypto/bn/asm/x86_64-mont5.pl
index ad6e8ada3c..f43e13d116 100755
--- a/deps/openssl/openssl/crypto/bn/asm/x86_64-mont5.pl
+++ b/deps/openssl/openssl/crypto/bn/asm/x86_64-mont5.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -2910,6 +2910,7 @@ bn_powerx5:
 .align	32
 bn_sqrx8x_internal:
 __bn_sqrx8x_internal:
+.cfi_startproc
 	##################################################################
 	# Squaring part:
 	#
@@ -3542,6 +3543,7 @@ __bn_sqrx8x_reduction:
 	cmp	8+8(%rsp),%r8		# end of t[]?
 	jb	.Lsqrx8x_reduction_loop
 	ret
+.cfi_endproc
 .size	bn_sqrx8x_internal,.-bn_sqrx8x_internal
 ___
 }
diff --git a/deps/openssl/openssl/crypto/bn/bn_ctx.c b/deps/openssl/openssl/crypto/bn/bn_ctx.c
index aa08b31a34..54b799961a 100644
--- a/deps/openssl/openssl/crypto/bn/bn_ctx.c
+++ b/deps/openssl/openssl/crypto/bn/bn_ctx.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -227,6 +227,8 @@ BIGNUM *BN_CTX_get(BN_CTX *ctx)
     }
     /* OK, make sure the returned bignum is "zero" */
     BN_zero(ret);
+    /* clear BN_FLG_CONSTTIME if leaked from previous frames */
+    ret->flags &= (~BN_FLG_CONSTTIME);
     ctx->used++;
     CTXDBG_RET(ctx, ret);
     return ret;
@@ -256,7 +258,7 @@ static int BN_STACK_push(BN_STACK *st, unsigned int idx)
         unsigned int newsize =
             st->size ? (st->size * 3 / 2) : BN_CTX_START_FRAMES;
         unsigned int *newitems;
-        
+
         if ((newitems = OPENSSL_malloc(sizeof(*newitems) * newsize)) == NULL) {
             BNerr(BN_F_BN_STACK_PUSH, ERR_R_MALLOC_FAILURE);
             return 0;
@@ -310,7 +312,7 @@ static BIGNUM *BN_POOL_get(BN_POOL *p, int flag)
     /* Full; allocate a new pool item and link it in. */
     if (p->used == p->size) {
         BN_POOL_ITEM *item;
-        
+
         if ((item = OPENSSL_malloc(sizeof(*item))) == NULL) {
             BNerr(BN_F_BN_POOL_GET, ERR_R_MALLOC_FAILURE);
             return NULL;
diff --git a/deps/openssl/openssl/crypto/bn/bn_depr.c b/deps/openssl/openssl/crypto/bn/bn_depr.c
index 7d89214b1c..58bcf197a4 100644
--- a/deps/openssl/openssl/crypto/bn/bn_depr.c
+++ b/deps/openssl/openssl/crypto/bn/bn_depr.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -40,7 +40,7 @@ BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
         goto err;
 
     /* we have a prime :-) */
-    return ret;
+    return rnd;
  err:
     BN_free(rnd);
     return NULL;
diff --git a/deps/openssl/openssl/crypto/bn/bn_div.c b/deps/openssl/openssl/crypto/bn/bn_div.c
index 70add10c7d..3a6fa0a1b1 100644
--- a/deps/openssl/openssl/crypto/bn/bn_div.c
+++ b/deps/openssl/openssl/crypto/bn/bn_div.c
@@ -7,6 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
+#include <assert.h>
 #include <openssl/bn.h>
 #include "internal/cryptlib.h"
 #include "bn_lcl.h"
@@ -86,6 +87,77 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
 
 #else
 
+# if defined(BN_DIV3W)
+BN_ULONG bn_div_3_words(const BN_ULONG *m, BN_ULONG d1, BN_ULONG d0);
+# elif 0
+/*
+ * This is #if-ed away, because it's a reference for assembly implementations,
+ * where it can and should be made constant-time. But if you want to test it,
+ * just replace 0 with 1.
+ */
+#  if BN_BITS2 == 64 && defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16
+#   undef BN_ULLONG
+#   define BN_ULLONG __uint128_t
+#   define BN_LLONG
+#  endif
+
+#  ifdef BN_LLONG
+#   define BN_DIV3W
+/*
+ * Interface is somewhat quirky, |m| is pointer to most significant limb,
+ * and less significant limb is referred at |m[-1]|. This means that caller
+ * is responsible for ensuring that |m[-1]| is valid. Second condition that
+ * has to be met is that |d0|'s most significant bit has to be set. Or in
+ * other words divisor has to be "bit-aligned to the left." bn_div_fixed_top
+ * does all this. The subroutine considers four limbs, two of which are
+ * "overlapping," hence the name...
+ */
+static BN_ULONG bn_div_3_words(const BN_ULONG *m, BN_ULONG d1, BN_ULONG d0)
+{
+    BN_ULLONG R = ((BN_ULLONG)m[0] << BN_BITS2) | m[-1];
+    BN_ULLONG D = ((BN_ULLONG)d0 << BN_BITS2) | d1;
+    BN_ULONG Q = 0, mask;
+    int i;
+
+    for (i = 0; i < BN_BITS2; i++) {
+        Q <<= 1;
+        if (R >= D) {
+            Q |= 1;
+            R -= D;
+        }
+        D >>= 1;
+    }
+
+    mask = 0 - (Q >> (BN_BITS2 - 1));   /* does it overflow? */
+
+    Q <<= 1;
+    Q |= (R >= D);
+
+    return (Q | mask) & BN_MASK2;
+}
+#  endif
+# endif
+
+static int bn_left_align(BIGNUM *num)
+{
+    BN_ULONG *d = num->d, n, m, rmask;
+    int top = num->top;
+    int rshift = BN_num_bits_word(d[top - 1]), lshift, i;
+
+    lshift = BN_BITS2 - rshift;
+    rshift %= BN_BITS2;            /* say no to undefined behaviour */
+    rmask = (BN_ULONG)0 - rshift;  /* rmask = 0 - (rshift != 0) */
+    rmask |= rmask >> 8;
+
+    for (i = 0, m = 0; i < top; i++) {
+        n = d[i];
+        d[i] = ((n << lshift) | m) & BN_MASK2;
+        m = (n >> rshift) & rmask;
+    }
+
+    return lshift;
+}
+
 # if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) \
     && !defined(PEDANTIC) && !defined(BN_DIV3W)
 #  if defined(__GNUC__) && __GNUC__>=2
@@ -137,55 +209,73 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
 int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
            BN_CTX *ctx)
 {
-    int norm_shift, i, loop;
-    BIGNUM *tmp, wnum, *snum, *sdiv, *res;
-    BN_ULONG *resp, *wnump;
-    BN_ULONG d0, d1;
-    int num_n, div_n;
-    int no_branch = 0;
+    int ret;
+
+    if (BN_is_zero(divisor)) {
+        BNerr(BN_F_BN_DIV, BN_R_DIV_BY_ZERO);
+        return 0;
+    }
 
     /*
      * Invalid zero-padding would have particularly bad consequences so don't
      * just rely on bn_check_top() here (bn_check_top() works only for
      * BN_DEBUG builds)
      */
-    if ((num->top > 0 && num->d[num->top - 1] == 0) ||
-        (divisor->top > 0 && divisor->d[divisor->top - 1] == 0)) {
+    if (divisor->d[divisor->top - 1] == 0) {
         BNerr(BN_F_BN_DIV, BN_R_NOT_INITIALIZED);
         return 0;
     }
 
-    bn_check_top(num);
-    bn_check_top(divisor);
+    ret = bn_div_fixed_top(dv, rm, num, divisor, ctx);
 
-    if ((BN_get_flags(num, BN_FLG_CONSTTIME) != 0)
-        || (BN_get_flags(divisor, BN_FLG_CONSTTIME) != 0)) {
-        no_branch = 1;
+    if (ret) {
+        if (dv != NULL)
+            bn_correct_top(dv);
+        if (rm != NULL)
+            bn_correct_top(rm);
     }
 
-    bn_check_top(dv);
-    bn_check_top(rm);
-    /*- bn_check_top(num); *//*
-     * 'num' has been checked already
-     */
-    /*- bn_check_top(divisor); *//*
-     * 'divisor' has been checked already
-     */
+    return ret;
+}
 
-    if (BN_is_zero(divisor)) {
-        BNerr(BN_F_BN_DIV, BN_R_DIV_BY_ZERO);
-        return 0;
-    }
+/*
+ * It's argued that *length* of *significant* part of divisor is public.
+ * Even if it's private modulus that is. Again, *length* is assumed
+ * public, but not *value*. Former is likely to be pre-defined by
+ * algorithm with bit granularity, though below subroutine is invariant
+ * of limb length. Thanks to this assumption we can require that |divisor|
+ * may not be zero-padded, yet claim this subroutine "constant-time"(*).
+ * This is because zero-padded dividend, |num|, is tolerated, so that
+ * caller can pass dividend of public length(*), but with smaller amount
+ * of significant limbs. This naturally means that quotient, |dv|, would
+ * contain correspongly less significant limbs as well, and will be zero-
+ * padded accordingly. Returned remainder, |rm|, will have same bit length
+ * as divisor, also zero-padded if needed. These actually leave sign bits
+ * in ambiguous state. In sense that we try to avoid negative zeros, while
+ * zero-padded zeros would retain sign.
+ *
+ * (*) "Constant-time-ness" has two pre-conditions:
+ *
+ *     - availability of constant-time bn_div_3_words;
+ *     - dividend is at least as "wide" as divisor, limb-wise, zero-padded
+ *       if so requied, which shouldn't be a privacy problem, because
+ *       divisor's length is considered public;
+ */
+int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num,
+                     const BIGNUM *divisor, BN_CTX *ctx)
+{
+    int norm_shift, i, j, loop;
+    BIGNUM *tmp, *snum, *sdiv, *res;
+    BN_ULONG *resp, *wnum, *wnumtop;
+    BN_ULONG d0, d1;
+    int num_n, div_n;
 
-    if (!no_branch && BN_ucmp(num, divisor) < 0) {
-        if (rm != NULL) {
-            if (BN_copy(rm, num) == NULL)
-                return 0;
-        }
-        if (dv != NULL)
-            BN_zero(dv);
-        return 1;
-    }
+    assert(divisor->top > 0 && divisor->d[divisor->top - 1] != 0);
+
+    bn_check_top(num);
+    bn_check_top(divisor);
+    bn_check_top(dv);
+    bn_check_top(rm);
 
     BN_CTX_start(ctx);
     res = (dv == NULL) ? BN_CTX_get(ctx) : dv;
@@ -196,113 +286,72 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
         goto err;
 
     /* First we normalise the numbers */
-    norm_shift = BN_BITS2 - ((BN_num_bits(divisor)) % BN_BITS2);
-    if (!(BN_lshift(sdiv, divisor, norm_shift)))
+    if (!BN_copy(sdiv, divisor))
         goto err;
+    norm_shift = bn_left_align(sdiv);
     sdiv->neg = 0;
-    norm_shift += BN_BITS2;
-    if (!(BN_lshift(snum, num, norm_shift)))
+    /*
+     * Note that bn_lshift_fixed_top's output is always one limb longer
+     * than input, even when norm_shift is zero. This means that amount of
+     * inner loop iterations is invariant of dividend value, and that one
+     * doesn't need to compare dividend and divisor if they were originally
+     * of the same bit length.
+     */
+    if (!(bn_lshift_fixed_top(snum, num, norm_shift)))
         goto err;
-    snum->neg = 0;
-
-    if (no_branch) {
-        /*
-         * Since we don't know whether snum is larger than sdiv, we pad snum
-         * with enough zeroes without changing its value.
-         */
-        if (snum->top <= sdiv->top + 1) {
-            if (bn_wexpand(snum, sdiv->top + 2) == NULL)
-                goto err;
-            for (i = snum->top; i < sdiv->top + 2; i++)
-                snum->d[i] = 0;
-            snum->top = sdiv->top + 2;
-        } else {
-            if (bn_wexpand(snum, snum->top + 1) == NULL)
-                goto err;
-            snum->d[snum->top] = 0;
-            snum->top++;
-        }
-    }
 
     div_n = sdiv->top;
     num_n = snum->top;
+
+    if (num_n <= div_n) {
+        /* caller didn't pad dividend -> no constant-time guarantee... */
+        if (bn_wexpand(snum, div_n + 1) == NULL)
+            goto err;
+        memset(&(snum->d[num_n]), 0, (div_n - num_n + 1) * sizeof(BN_ULONG));
+        snum->top = num_n = div_n + 1;
+    }
+
     loop = num_n - div_n;
     /*
      * Lets setup a 'window' into snum This is the part that corresponds to
      * the current 'area' being divided
      */
-    wnum.neg = 0;
-    wnum.d = &(snum->d[loop]);
-    wnum.top = div_n;
-    wnum.flags = BN_FLG_STATIC_DATA;
-    /*
-     * only needed when BN_ucmp messes up the values between top and max
-     */
-    wnum.dmax = snum->dmax - loop; /* so we don't step out of bounds */
+    wnum = &(snum->d[loop]);
+    wnumtop = &(snum->d[num_n - 1]);
 
     /* Get the top 2 words of sdiv */
-    /* div_n=sdiv->top; */
     d0 = sdiv->d[div_n - 1];
     d1 = (div_n == 1) ? 0 : sdiv->d[div_n - 2];
 
-    /* pointer to the 'top' of snum */
-    wnump = &(snum->d[num_n - 1]);
-
-    /* Setup to 'res' */
-    if (!bn_wexpand(res, (loop + 1)))
+    /* Setup quotient */
+    if (!bn_wexpand(res, loop))
         goto err;
     res->neg = (num->neg ^ divisor->neg);
-    res->top = loop - no_branch;
-    resp = &(res->d[loop - 1]);
+    res->top = loop;
+    res->flags |= BN_FLG_FIXED_TOP;
+    resp = &(res->d[loop]);
 
     /* space for temp */
     if (!bn_wexpand(tmp, (div_n + 1)))
         goto err;
 
-    if (!no_branch) {
-        if (BN_ucmp(&wnum, sdiv) >= 0) {
-            /*
-             * If BN_DEBUG_RAND is defined BN_ucmp changes (via bn_pollute)
-             * the const bignum arguments => clean the values between top and
-             * max again
-             */
-            bn_clear_top2max(&wnum);
-            bn_sub_words(wnum.d, wnum.d, sdiv->d, div_n);
-            *resp = 1;
-        } else
-            res->top--;
-    }
-
-    /* Increase the resp pointer so that we never create an invalid pointer. */
-    resp++;
-
-    /*
-     * if res->top == 0 then clear the neg value otherwise decrease the resp
-     * pointer
-     */
-    if (res->top == 0)
-        res->neg = 0;
-    else
-        resp--;
-
-    for (i = 0; i < loop - 1; i++, wnump--) {
+    for (i = 0; i < loop; i++, wnumtop--) {
         BN_ULONG q, l0;
         /*
          * the first part of the loop uses the top two words of snum and sdiv
          * to calculate a BN_ULONG q such that | wnum - sdiv * q | < sdiv
          */
-# if defined(BN_DIV3W) && !defined(OPENSSL_NO_ASM)
-        BN_ULONG bn_div_3_words(BN_ULONG *, BN_ULONG, BN_ULONG);
-        q = bn_div_3_words(wnump, d1, d0);
+# if defined(BN_DIV3W)
+        q = bn_div_3_words(wnumtop, d1, d0);
 # else
         BN_ULONG n0, n1, rem = 0;
 
-        n0 = wnump[0];
-        n1 = wnump[-1];
+        n0 = wnumtop[0];
+        n1 = wnumtop[-1];
         if (n0 == d0)
             q = BN_MASK2;
         else {                  /* n0 < d0 */
-
+            BN_ULONG n2 = (wnumtop == wnum) ? 0 : wnumtop[-2];
 #  ifdef BN_LLONG
             BN_ULLONG t2;
 
@@ -322,7 +371,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
             t2 = (BN_ULLONG) d1 *q;
 
             for (;;) {
-                if (t2 <= ((((BN_ULLONG) rem) << BN_BITS2) | wnump[-2]))
+                if (t2 <= ((((BN_ULLONG) rem) << BN_BITS2) | n2))
                     break;
                 q--;
                 rem += d0;
@@ -355,7 +404,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
 #   endif
 
             for (;;) {
-                if ((t2h < rem) || ((t2h == rem) && (t2l <= wnump[-2])))
+                if ((t2h < rem) || ((t2h == rem) && (t2l <= n2)))
                     break;
                 q--;
                 rem += d0;
@@ -371,43 +420,33 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
 
         l0 = bn_mul_words(tmp->d, sdiv->d, div_n, q);
         tmp->d[div_n] = l0;
-        wnum.d--;
+        wnum--;
         /*
-         * ingore top values of the bignums just sub the two BN_ULONG arrays
+         * ignore top values of the bignums just sub the two BN_ULONG arrays
          * with bn_sub_words
          */
-        if (bn_sub_words(wnum.d, wnum.d, tmp->d, div_n + 1)) {
-            /*
-             * Note: As we have considered only the leading two BN_ULONGs in
-             * the calculation of q, sdiv * q might be greater than wnum (but
-             * then (q-1) * sdiv is less or equal than wnum)
-             */
-            q--;
-            if (bn_add_words(wnum.d, wnum.d, sdiv->d, div_n))
-                /*
-                 * we can't have an overflow here (assuming that q != 0, but
-                 * if q == 0 then tmp is zero anyway)
-                 */
-                (*wnump)++;
-        }
-        /* store part of the result */
-        resp--;
-        *resp = q;
-    }
-    bn_correct_top(snum);
-    if (rm != NULL) {
+        l0 = bn_sub_words(wnum, wnum, tmp->d, div_n + 1);
+        q -= l0;
         /*
-         * Keep a copy of the neg flag in num because if rm==num BN_rshift()
-         * will overwrite it.
+         * Note: As we have considered only the leading two BN_ULONGs in
+         * the calculation of q, sdiv * q might be greater than wnum (but
+         * then (q-1) * sdiv is less or equal than wnum)
          */
-        int neg = num->neg;
-        BN_rshift(rm, snum, norm_shift);
-        if (!BN_is_zero(rm))
-            rm->neg = neg;
-        bn_check_top(rm);
+        for (l0 = 0 - l0, j = 0; j < div_n; j++)
+            tmp->d[j] = sdiv->d[j] & l0;
+        l0 = bn_add_words(wnum, wnum, tmp->d, div_n);
+        (*wnumtop) += l0;
+        assert((*wnumtop) == 0);
+
+        /* store part of the result */
+        *--resp = q;
     }
-    if (no_branch)
-        bn_correct_top(res);
+    /* snum holds remainder, it's as wide as divisor */
+    snum->neg = num->neg;
+    snum->top = div_n;
+    snum->flags |= BN_FLG_FIXED_TOP;
+    if (rm != NULL)
+        bn_rshift_fixed_top(rm, snum, norm_shift);
     BN_CTX_end(ctx);
     return 1;
  err:
diff --git a/deps/openssl/openssl/crypto/bn/bn_exp.c b/deps/openssl/openssl/crypto/bn/bn_exp.c
index c026ffcb33..88f2baf0e5 100644
--- a/deps/openssl/openssl/crypto/bn/bn_exp.c
+++ b/deps/openssl/openssl/crypto/bn/bn_exp.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -648,34 +648,41 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
             goto err;
     }
 
+    if (a->neg || BN_ucmp(a, m) >= 0) {
+        BIGNUM *reduced = BN_CTX_get(ctx);
+        if (reduced == NULL
+            || !BN_nnmod(reduced, a, m, ctx)) {
+            goto err;
+        }
+        a = reduced;
+    }
+
 #ifdef RSAZ_ENABLED
-    if (!a->neg) {
-        /*
-         * If the size of the operands allow it, perform the optimized
-         * RSAZ exponentiation. For further information see
-         * crypto/bn/rsaz_exp.c and accompanying assembly modules.
-         */
-        if ((16 == a->top) && (16 == p->top) && (BN_num_bits(m) == 1024)
-            && rsaz_avx2_eligible()) {
-            if (NULL == bn_wexpand(rr, 16))
-                goto err;
-            RSAZ_1024_mod_exp_avx2(rr->d, a->d, p->d, m->d, mont->RR.d,
-                                   mont->n0[0]);
-            rr->top = 16;
-            rr->neg = 0;
-            bn_correct_top(rr);
-            ret = 1;
+    /*
+     * If the size of the operands allow it, perform the optimized
+     * RSAZ exponentiation. For further information see
+     * crypto/bn/rsaz_exp.c and accompanying assembly modules.
+     */
+    if ((16 == a->top) && (16 == p->top) && (BN_num_bits(m) == 1024)
+        && rsaz_avx2_eligible()) {
+        if (NULL == bn_wexpand(rr, 16))
             goto err;
-        } else if ((8 == a->top) && (8 == p->top) && (BN_num_bits(m) == 512)) {
-            if (NULL == bn_wexpand(rr, 8))
-                goto err;
-            RSAZ_512_mod_exp(rr->d, a->d, p->d, m->d, mont->n0[0], mont->RR.d);
-            rr->top = 8;
-            rr->neg = 0;
-            bn_correct_top(rr);
-            ret = 1;
+        RSAZ_1024_mod_exp_avx2(rr->d, a->d, p->d, m->d, mont->RR.d,
+                               mont->n0[0]);
+        rr->top = 16;
+        rr->neg = 0;
+        bn_correct_top(rr);
+        ret = 1;
+        goto err;
+    } else if ((8 == a->top) && (8 == p->top) && (BN_num_bits(m) == 512)) {
+        if (NULL == bn_wexpand(rr, 8))
             goto err;
-        }
+        RSAZ_512_mod_exp(rr->d, a->d, p->d, m->d, mont->n0[0], mont->RR.d);
+        rr->top = 8;
+        rr->neg = 0;
+        bn_correct_top(rr);
+        ret = 1;
+        goto err;
     }
 #endif
 
@@ -747,12 +754,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
         goto err;
 
     /* prepare a^1 in Montgomery domain */
-    if (a->neg || BN_ucmp(a, m) >= 0) {
-        if (!BN_nnmod(&am, a, m, ctx))
-            goto err;
-        if (!bn_to_mont_fixed_top(&am, &am, mont, ctx))
-            goto err;
-    } else if (!bn_to_mont_fixed_top(&am, a, mont, ctx))
+    if (!bn_to_mont_fixed_top(&am, a, mont, ctx))
         goto err;
 
 #if defined(SPARC_T4_MONT)
diff --git a/deps/openssl/openssl/crypto/bn/bn_lib.c b/deps/openssl/openssl/crypto/bn/bn_lib.c
index 80f910c807..8286b3855a 100644
--- a/deps/openssl/openssl/crypto/bn/bn_lib.c
+++ b/deps/openssl/openssl/crypto/bn/bn_lib.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -695,6 +695,9 @@ int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n)
     int i;
     BN_ULONG aa, bb;
 
+    if (n == 0)
+        return 0;
+
     aa = a[n - 1];
     bb = b[n - 1];
     if (aa != bb)
@@ -737,26 +740,25 @@ int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, int cl, int dl)
     return bn_cmp_words(a, b, cl);
 }
 
-/*
+/*-
  * Constant-time conditional swap of a and b.
- * a and b are swapped if condition is not 0.  The code assumes that at most one bit of condition is set.
- * nwords is the number of words to swap.  The code assumes that at least nwords are allocated in both a and b,
- * and that no more than nwords are used by either a or b.
- * a and b cannot be the same number
+ * a and b are swapped if condition is not 0.
+ * nwords is the number of words to swap.
+ * Assumes that at least nwords are allocated in both a and b.
+ * Assumes that no more than nwords are used by either a or b.
  */
 void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
 {
     BN_ULONG t;
     int i;
 
+    if (a == b)
+        return;
+
     bn_wcheck_size(a, nwords);
     bn_wcheck_size(b, nwords);
 
-    assert(a != b);
-    assert((condition & (condition - 1)) == 0);
-    assert(sizeof(BN_ULONG) >= sizeof(int));
-
-    condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1;
+    condition = ((~condition & ((condition - 1))) >> (BN_BITS2 - 1)) - 1;
 
     t = (a->top ^ b->top) & condition;
     a->top ^= t;
@@ -794,42 +796,16 @@ void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
     a->flags ^= t;
     b->flags ^= t;
 
-#define BN_CONSTTIME_SWAP(ind) \
-        do { \
-                t = (a->d[ind] ^ b->d[ind]) & condition; \
-                a->d[ind] ^= t; \
-                b->d[ind] ^= t; \
-        } while (0)
-
-    switch (nwords) {
-    default:
-        for (i = 10; i < nwords; i++)
-            BN_CONSTTIME_SWAP(i);
-        /* Fallthrough */
-    case 10:
-        BN_CONSTTIME_SWAP(9);   /* Fallthrough */
-    case 9:
-        BN_CONSTTIME_SWAP(8);   /* Fallthrough */
-    case 8:
-        BN_CONSTTIME_SWAP(7);   /* Fallthrough */
-    case 7:
-        BN_CONSTTIME_SWAP(6);   /* Fallthrough */
-    case 6:
-        BN_CONSTTIME_SWAP(5);   /* Fallthrough */
-    case 5:
-        BN_CONSTTIME_SWAP(4);   /* Fallthrough */
-    case 4:
-        BN_CONSTTIME_SWAP(3);   /* Fallthrough */
-    case 3:
-        BN_CONSTTIME_SWAP(2);   /* Fallthrough */
-    case 2:
-        BN_CONSTTIME_SWAP(1);   /* Fallthrough */
-    case 1:
-        BN_CONSTTIME_SWAP(0);
-    }
-#undef BN_CONSTTIME_SWAP
+    /* conditionally swap the data */
+    for (i = 0; i < nwords; i++) {
+        t = (a->d[i] ^ b->d[i]) & condition;
+        a->d[i] ^= t;
+        b->d[i] ^= t;
+    }
 }
 
+#undef BN_CONSTTIME_SWAP_FLAGS
+
 /* Bits of security, see SP800-57 */
 
 int BN_security_bits(int L, int N)
diff --git a/deps/openssl/openssl/crypto/bn/bn_prime.h b/deps/openssl/openssl/crypto/bn/bn_prime.h
index a64c9630f3..2eb7b52f76 100644
--- a/deps/openssl/openssl/crypto/bn/bn_prime.h
+++ b/deps/openssl/openssl/crypto/bn/bn_prime.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by crypto/bn/bn_prime.pl
  *
- * Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1998-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/deps/openssl/openssl/crypto/bn/bn_prime.pl b/deps/openssl/openssl/crypto/bn/bn_prime.pl
index eeca475b93..b0b1608742 100644
--- a/deps/openssl/openssl/crypto/bn/bn_prime.pl
+++ b/deps/openssl/openssl/crypto/bn/bn_prime.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 1998-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
diff --git a/deps/openssl/openssl/crypto/bn/bn_shift.c b/deps/openssl/openssl/crypto/bn/bn_shift.c
index 15d4b321ba..b7a1e0ff9a 100644
--- a/deps/openssl/openssl/crypto/bn/bn_shift.c
+++ b/deps/openssl/openssl/crypto/bn/bn_shift.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -7,6 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
+#include <assert.h>
 #include "internal/cryptlib.h"
 #include "bn_lcl.h"
 
@@ -82,40 +83,70 @@ int BN_rshift1(BIGNUM *r, const BIGNUM *a)
 
 int BN_lshift(BIGNUM *r, const BIGNUM *a, int n)
 {
-    int i, nw, lb, rb;
-    BN_ULONG *t, *f;
-    BN_ULONG l;
-
-    bn_check_top(r);
-    bn_check_top(a);
+    int ret;
 
     if (n < 0) {
         BNerr(BN_F_BN_LSHIFT, BN_R_INVALID_SHIFT);
         return 0;
     }
 
+    ret = bn_lshift_fixed_top(r, a, n);
+
+    bn_correct_top(r);
+    bn_check_top(r);
+
+    return ret;
+}
+
+/*
+ * In respect to shift factor the execution time is invariant of
+ * |n % BN_BITS2|, but not |n / BN_BITS2|. Or in other words pre-condition
+ * for constant-time-ness is |n < BN_BITS2| or |n / BN_BITS2| being
+ * non-secret.
+ */
+int bn_lshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n)
+{
+    int i, nw;
+    unsigned int lb, rb;
+    BN_ULONG *t, *f;
+    BN_ULONG l, m, rmask = 0;
+
+    assert(n >= 0);
+
+    bn_check_top(r);
+    bn_check_top(a);
+
     nw = n / BN_BITS2;
     if (bn_wexpand(r, a->top + nw + 1) == NULL)
         return 0;
-    r->neg = a->neg;
-    lb = n % BN_BITS2;
-    rb = BN_BITS2 - lb;
-    f = a->d;
-    t = r->d;
-    t[a->top + nw] = 0;
-    if (lb == 0)
-        for (i = a->top - 1; i >= 0; i--)
-            t[nw + i] = f[i];
-    else
-        for (i = a->top - 1; i >= 0; i--) {
-            l = f[i];
-            t[nw + i + 1] |= (l >> rb) & BN_MASK2;
-            t[nw + i] = (l << lb) & BN_MASK2;
+
+    if (a->top != 0) {
+        lb = (unsigned int)n % BN_BITS2;
+        rb = BN_BITS2 - lb;
+        rb %= BN_BITS2;            /* say no to undefined behaviour */
+        rmask = (BN_ULONG)0 - rb;  /* rmask = 0 - (rb != 0) */
+        rmask |= rmask >> 8;
+        f = &(a->d[0]);
+        t = &(r->d[nw]);
+        l = f[a->top - 1];
+        t[a->top] = (l >> rb) & rmask;
+        for (i = a->top - 1; i > 0; i--) {
+            m = l << lb;
+            l = f[i - 1];
+            t[i] = (m | ((l >> rb) & rmask)) & BN_MASK2;
         }
-    memset(t, 0, sizeof(*t) * nw);
+        t[0] = (l << lb) & BN_MASK2;
+    } else {
+        /* shouldn't happen, but formally required */
+        r->d[nw] = 0;
+    }
+    if (nw != 0)
+        memset(r->d, 0, sizeof(*t) * nw);
+
+    r->neg = a->neg;
     r->top = a->top + nw + 1;
-    bn_correct_top(r);
-    bn_check_top(r);
+    r->flags |= BN_FLG_FIXED_TOP;
+
     return 1;
 }
 
@@ -173,3 +204,54 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n)
     bn_check_top(r);
     return 1;
 }
+
+/*
+ * In respect to shift factor the execution time is invariant of
+ * |n % BN_BITS2|, but not |n / BN_BITS2|. Or in other words pre-condition
+ * for constant-time-ness for sufficiently[!] zero-padded inputs is
+ * |n < BN_BITS2| or |n / BN_BITS2| being non-secret.
+ */
+int bn_rshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n)
+{
+    int i, top, nw;
+    unsigned int lb, rb;
+    BN_ULONG *t, *f;
+    BN_ULONG l, m, mask;
+
+    bn_check_top(r);
+    bn_check_top(a);
+
+    assert(n >= 0);
+
+    nw = n / BN_BITS2;
+    if (nw >= a->top) {
+        /* shouldn't happen, but formally required */
+        BN_zero(r);
+        return 1;
+    }
+
+    rb = (unsigned int)n % BN_BITS2;
+    lb = BN_BITS2 - rb;
+    lb %= BN_BITS2;            /* say no to undefined behaviour */
+    mask = (BN_ULONG)0 - lb;   /* mask = 0 - (lb != 0) */
+    mask |= mask >> 8;
+    top = a->top - nw;
+    if (r != a && bn_wexpand(r, top) == NULL)
+        return 0;
+
+    t = &(r->d[0]);
+    f = &(a->d[nw]);
+    l = f[0];
+    for (i = 0; i < top - 1; i++) {
+        m = f[i + 1];
+        t[i] = (l >> rb) | ((m << lb) & mask);
+        l = m;
+    }
+    t[i] = l >> rb;
+
+    r->neg = a->neg;
+    r->top = top;
+    r->flags |= BN_FLG_FIXED_TOP;
+
+    return 1;
+}
diff --git a/deps/openssl/openssl/crypto/chacha/asm/chacha-armv8.pl b/deps/openssl/openssl/crypto/chacha/asm/chacha-armv8.pl
index 4a838bc2b3..e90be6d0e5 100755
--- a/deps/openssl/openssl/crypto/chacha/asm/chacha-armv8.pl
+++ b/deps/openssl/openssl/crypto/chacha/asm/chacha-armv8.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -157,6 +157,7 @@ ChaCha20_ctr32:
 	b.ne	ChaCha20_neon
 
 .Lshort:
+	.inst	0xd503233f			// paciasp
 	stp	x29,x30,[sp,#-96]!
 	add	x29,sp,#0
 
@@ -276,6 +277,7 @@ $code.=<<___;
 	ldp	x25,x26,[x29,#64]
 	ldp	x27,x28,[x29,#80]
 	ldp	x29,x30,[sp],#96
+	.inst	0xd50323bf			// autiasp
 .Labort:
 	ret
 
@@ -332,6 +334,7 @@ $code.=<<___;
 	ldp	x25,x26,[x29,#64]
 	ldp	x27,x28,[x29,#80]
 	ldp	x29,x30,[sp],#96
+	.inst	0xd50323bf			// autiasp
 	ret
 .size	ChaCha20_ctr32,.-ChaCha20_ctr32
 ___
@@ -377,6 +380,7 @@ $code.=<<___;
 .type	ChaCha20_neon,%function
 .align	5
 ChaCha20_neon:
+	.inst	0xd503233f			// paciasp
 	stp	x29,x30,[sp,#-96]!
 	add	x29,sp,#0
 
@@ -575,6 +579,7 @@ $code.=<<___;
 	ldp	x25,x26,[x29,#64]
 	ldp	x27,x28,[x29,#80]
 	ldp	x29,x30,[sp],#96
+	.inst	0xd50323bf			// autiasp
 	ret
 
 .Ltail_neon:
@@ -684,6 +689,7 @@ $code.=<<___;
 	ldp	x25,x26,[x29,#64]
 	ldp	x27,x28,[x29,#80]
 	ldp	x29,x30,[sp],#96
+	.inst	0xd50323bf			// autiasp
 	ret
 .size	ChaCha20_neon,.-ChaCha20_neon
 ___
@@ -696,6 +702,7 @@ $code.=<<___;
 .type	ChaCha20_512_neon,%function
 .align	5
 ChaCha20_512_neon:
+	.inst	0xd503233f			// paciasp
 	stp	x29,x30,[sp,#-96]!
 	add	x29,sp,#0
 
@@ -1114,6 +1121,7 @@ $code.=<<___;
 	ldp	x25,x26,[x29,#64]
 	ldp	x27,x28,[x29,#80]
 	ldp	x29,x30,[sp],#96
+	.inst	0xd50323bf			// autiasp
 	ret
 .size	ChaCha20_512_neon,.-ChaCha20_512_neon
 ___
diff --git a/deps/openssl/openssl/crypto/chacha/build.info b/deps/openssl/openssl/crypto/chacha/build.info
index e75ca72b67..02f8e518ae 100644
--- a/deps/openssl/openssl/crypto/chacha/build.info
+++ b/deps/openssl/openssl/crypto/chacha/build.info
@@ -9,8 +9,6 @@ GENERATE[chacha-armv4.S]=asm/chacha-armv4.pl $(PERLASM_SCHEME)
 INCLUDE[chacha-armv4.o]=..
 GENERATE[chacha-armv8.S]=asm/chacha-armv8.pl $(PERLASM_SCHEME)
 INCLUDE[chacha-armv8.o]=..
-GENERATE[chacha-s390x.S]=asm/chacha-s390x.pl $(PERLASM_SCHEME)
-INCLUDE[chacha-s390x.o]=..
 
 BEGINRAW[Makefile(unix)]
 ##### CHACHA assembler implementations
diff --git a/deps/openssl/openssl/crypto/cms/cms_kari.c b/deps/openssl/openssl/crypto/cms/cms_kari.c
index 3bc46febf6..5e83814d0f 100644
--- a/deps/openssl/openssl/crypto/cms/cms_kari.c
+++ b/deps/openssl/openssl/crypto/cms/cms_kari.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2013-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -282,7 +282,7 @@ static int cms_kari_create_ephemeral_key(CMS_KeyAgreeRecipientInfo *kari,
     return rv;
 }
 
-/* Initialise a ktri based on passed certificate and key */
+/* Initialise a kari based on passed certificate and key */
 
 int cms_RecipientInfo_kari_init(CMS_RecipientInfo *ri, X509 *recip,
                                 EVP_PKEY *pk, unsigned int flags)
@@ -299,6 +299,9 @@ int cms_RecipientInfo_kari_init(CMS_RecipientInfo *ri, X509 *recip,
     kari->version = 3;
 
     rek = M_ASN1_new_of(CMS_RecipientEncryptedKey);
+    if (rek == NULL)
+        return 0;
+
     if (!sk_CMS_RecipientEncryptedKey_push(kari->recipientEncryptedKeys, rek)) {
         M_ASN1_free_of(rek, CMS_RecipientEncryptedKey);
         return 0;
diff --git a/deps/openssl/openssl/crypto/cms/cms_pwri.c b/deps/openssl/openssl/crypto/cms/cms_pwri.c
index eac9c2fc86..26e3bdcf9e 100644
--- a/deps/openssl/openssl/crypto/cms/cms_pwri.c
+++ b/deps/openssl/openssl/crypto/cms/cms_pwri.c
@@ -373,6 +373,7 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
             goto err;
         }
 
+        OPENSSL_clear_free(ec->key, ec->keylen);
         ec->key = key;
         ec->keylen = keylen;
 
diff --git a/deps/openssl/openssl/crypto/conf/conf_def.c b/deps/openssl/openssl/crypto/conf/conf_def.c
index 7f0d70ea69..8e3f42a0ca 100644
--- a/deps/openssl/openssl/crypto/conf/conf_def.c
+++ b/deps/openssl/openssl/crypto/conf/conf_def.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -348,10 +348,15 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
                 psection = section;
             }
             p = eat_ws(conf, end);
-            if (strncmp(pname, ".include", 8) == 0 && p != pname + 8) {
+            if (strncmp(pname, ".include", 8) == 0
+                && (p != pname + 8 || *p == '=')) {
                 char *include = NULL;
                 BIO *next;
 
+                if (*p == '=') {
+                    p++;
+                    p = eat_ws(conf, p);
+                }
                 trim_ws(conf, p);
                 if (!str_copy(conf, psection, &include, p))
                     goto err;
diff --git a/deps/openssl/openssl/crypto/conf/conf_def.h b/deps/openssl/openssl/crypto/conf/conf_def.h
index 73e88baa8b..2016d31b89 100644
--- a/deps/openssl/openssl/crypto/conf/conf_def.h
+++ b/deps/openssl/openssl/crypto/conf/conf_def.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by crypto/conf/keysets.pl
  *
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
diff --git a/deps/openssl/openssl/crypto/conf/conf_lib.c b/deps/openssl/openssl/crypto/conf/conf_lib.c
index 07110d8502..2d40ac97ec 100644
--- a/deps/openssl/openssl/crypto/conf/conf_lib.c
+++ b/deps/openssl/openssl/crypto/conf/conf_lib.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -358,11 +358,36 @@ OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void)
 
     if (ret != NULL)
         memset(ret, 0, sizeof(*ret));
+    ret->flags = DEFAULT_CONF_MFLAGS;
+
     return ret;
 }
 
 
 #ifndef OPENSSL_NO_STDIO
+int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *settings,
+                                     const char *filename)
+{
+    char *newfilename = NULL;
+
+    if (filename != NULL) {
+        newfilename = strdup(filename);
+        if (newfilename == NULL)
+            return 0;
+    }
+
+    free(settings->filename);
+    settings->filename = newfilename;
+
+    return 1;
+}
+
+void OPENSSL_INIT_set_config_file_flags(OPENSSL_INIT_SETTINGS *settings,
+                                        unsigned long flags)
+{
+    settings->flags = flags;
+}
+
 int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *settings,
                                     const char *appname)
 {
@@ -383,6 +408,7 @@ int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *settings,
 
 void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *settings)
 {
+    free(settings->filename);
     free(settings->appname);
     free(settings);
 }
diff --git a/deps/openssl/openssl/crypto/conf/conf_mod.c b/deps/openssl/openssl/crypto/conf/conf_mod.c
index 51f262e774..e703d97f54 100644
--- a/deps/openssl/openssl/crypto/conf/conf_mod.c
+++ b/deps/openssl/openssl/crypto/conf/conf_mod.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -142,6 +142,9 @@ int CONF_modules_load_file(const char *filename, const char *appname,
         OPENSSL_free(file);
     NCONF_free(conf);
 
+    if (flags & CONF_MFLAGS_IGNORE_RETURN_CODES)
+        return 1;
+
     return ret;
 }
 
diff --git a/deps/openssl/openssl/crypto/conf/conf_sap.c b/deps/openssl/openssl/crypto/conf/conf_sap.c
index 3d2e065e5b..2ce42f0c67 100644
--- a/deps/openssl/openssl/crypto/conf/conf_sap.c
+++ b/deps/openssl/openssl/crypto/conf/conf_sap.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -39,10 +39,24 @@ void OPENSSL_config(const char *appname)
 }
 #endif
 
-void openssl_config_int(const char *appname)
+int openssl_config_int(const OPENSSL_INIT_SETTINGS *settings)
 {
+    int ret;
+    const char *filename;
+    const char *appname;
+    unsigned long flags;
+
     if (openssl_configured)
-        return;
+        return 1;
+
+    filename = settings ? settings->filename : NULL;
+    appname = settings ? settings->appname : NULL;
+    flags = settings ? settings->flags : DEFAULT_CONF_MFLAGS;
+
+#ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: openssl_config_int(%s, %s, %lu)\n",
+            filename, appname, flags);
+#endif
 
     OPENSSL_load_builtin_modules();
 #ifndef OPENSSL_NO_ENGINE
@@ -51,11 +65,10 @@ void openssl_config_int(const char *appname)
 #endif
     ERR_clear_error();
 #ifndef OPENSSL_SYS_UEFI
-    CONF_modules_load_file(NULL, appname,
-                               CONF_MFLAGS_DEFAULT_SECTION |
-                               CONF_MFLAGS_IGNORE_MISSING_FILE);
+    ret = CONF_modules_load_file(filename, appname, flags);
 #endif
     openssl_configured = 1;
+    return ret;
 }
 
 void openssl_no_config_int(void)
diff --git a/deps/openssl/openssl/crypto/conf/conf_ssl.c b/deps/openssl/openssl/crypto/conf/conf_ssl.c
index 024bdb4808..387f2cf46c 100644
--- a/deps/openssl/openssl/crypto/conf/conf_ssl.c
+++ b/deps/openssl/openssl/crypto/conf/conf_ssl.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -78,6 +78,8 @@ static int ssl_module_init(CONF_IMODULE *md, const CONF *cnf)
     cnt = sk_CONF_VALUE_num(cmd_lists);
     ssl_module_free(md);
     ssl_names = OPENSSL_zalloc(sizeof(*ssl_names) * cnt);
+    if (ssl_names == NULL)
+        goto err;
     ssl_names_count = cnt;
     for (i = 0; i < ssl_names_count; i++) {
         struct ssl_conf_name_st *ssl_name = ssl_names + i;
diff --git a/deps/openssl/openssl/crypto/conf/keysets.pl b/deps/openssl/openssl/crypto/conf/keysets.pl
index cfa230ec3a..27a7214cc5 100644
--- a/deps/openssl/openssl/crypto/conf/keysets.pl
+++ b/deps/openssl/openssl/crypto/conf/keysets.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
diff --git a/deps/openssl/openssl/crypto/cryptlib.c b/deps/openssl/openssl/crypto/cryptlib.c
index 1cd77c96d2..7b761a3adc 100644
--- a/deps/openssl/openssl/crypto/cryptlib.c
+++ b/deps/openssl/openssl/crypto/cryptlib.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1998-2019 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
@@ -352,9 +352,9 @@ void OPENSSL_showfatal(const char *fmta, ...)
 
     /*
     * TODO: (For non GUI and no std error cases)
-    * Add event logging feature here. 
+    * Add event logging feature here.
     */
-    
+
 #   if !defined(NDEBUG)
         /*
         * We are in a situation where we tried to report a critical
@@ -393,7 +393,7 @@ void OPENSSL_showfatal(const char *fmta, ...)
 #  endif
 # else
     MessageBox(NULL, buf, _T("OpenSSL: FATAL"), MB_OK | MB_ICONERROR);
-# endif     
+# endif
 }
 #else
 void OPENSSL_showfatal(const char *fmta, ...)
@@ -460,4 +460,14 @@ uint32_t OPENSSL_rdtsc(void)
 {
     return 0;
 }
+
+size_t OPENSSL_instrument_bus(unsigned int *out, size_t cnt)
+{
+    return 0;
+}
+
+size_t OPENSSL_instrument_bus2(unsigned int *out, size_t cnt, size_t max)
+{
+    return 0;
+}
 #endif
diff --git a/deps/openssl/openssl/crypto/des/asm/des_enc.m4 b/deps/openssl/openssl/crypto/des/asm/des_enc.m4
index 4a0d15620c..4ada97b175 100644
--- a/deps/openssl/openssl/crypto/des/asm/des_enc.m4
+++ b/deps/openssl/openssl/crypto/des/asm/des_enc.m4
@@ -1,4 +1,4 @@
-! Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+! Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
 !
 ! Licensed under the OpenSSL license (the "License").  You may not use
 ! this file except in compliance with the License.  You can obtain a copy
@@ -313,7 +313,7 @@ $4:
 	sll	out1, 28, out1            ! rotate
 	xor	$1, local1, $1            ! 1 finished, local1 now sbox 7
 
-	ld	[global2+local2], local2  ! 2 
+	ld	[global2+local2], local2  ! 2
 	srl	out0, 24, local1          ! 7
 	or	out1, local0, out1        ! rotate
 
@@ -1392,7 +1392,7 @@ DES_ncbc_encrypt:
 	add	%o7,global1,global1
 	sub	global1,.PIC.DES_SPtrans-.des_and,out2
 
-	cmp	in5, 0                    ! enc   
+	cmp	in5, 0                    ! enc
 
 	be	.ncbc.dec
 	STPTR	in4, IVEC
diff --git a/deps/openssl/openssl/crypto/dso/dso_dlfcn.c b/deps/openssl/openssl/crypto/dso/dso_dlfcn.c
index ad8899c289..4240f5f5e3 100644
--- a/deps/openssl/openssl/crypto/dso/dso_dlfcn.c
+++ b/deps/openssl/openssl/crypto/dso/dso_dlfcn.c
@@ -17,6 +17,7 @@
 #endif
 
 #include "dso_locl.h"
+#include "e_os.h"
 
 #ifdef DSO_DLFCN
 
@@ -99,6 +100,7 @@ static int dlfcn_load(DSO *dso)
     /* See applicable comments in dso_dl.c */
     char *filename = DSO_convert_filename(dso, NULL);
     int flags = DLOPEN_FLAG;
+    int saveerrno = get_last_sys_error();
 
     if (filename == NULL) {
         DSOerr(DSO_F_DLFCN_LOAD, DSO_R_NO_FILENAME);
@@ -118,6 +120,11 @@ static int dlfcn_load(DSO *dso)
         ERR_add_error_data(4, "filename(", filename, "): ", dlerror());
         goto err;
     }
+    /*
+     * Some dlopen() implementations (e.g. solaris) do no preserve errno, even
+     * on a successful call.
+     */
+    set_sys_error(saveerrno);
     if (!sk_void_push(dso->meth_data, (char *)ptr)) {
         DSOerr(DSO_F_DLFCN_LOAD, DSO_R_STACK_ERROR);
         goto err;
diff --git a/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-armv8.pl b/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-armv8.pl
index 1361cb395f..887ddfb1ea 100644
--- a/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-armv8.pl
+++ b/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-armv8.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -119,6 +119,7 @@ $code.=<<___;
 .type	ecp_nistz256_to_mont,%function
 .align	6
 ecp_nistz256_to_mont:
+	.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-32]!
 	add	x29,sp,#0
 	stp	x19,x20,[sp,#16]
@@ -134,6 +135,7 @@ ecp_nistz256_to_mont:
 
 	ldp	x19,x20,[sp,#16]
 	ldp	x29,x30,[sp],#32
+	.inst	0xd50323bf		// autiasp
 	ret
 .size	ecp_nistz256_to_mont,.-ecp_nistz256_to_mont
 
@@ -142,6 +144,7 @@ ecp_nistz256_to_mont:
 .type	ecp_nistz256_from_mont,%function
 .align	4
 ecp_nistz256_from_mont:
+	.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-32]!
 	add	x29,sp,#0
 	stp	x19,x20,[sp,#16]
@@ -157,6 +160,7 @@ ecp_nistz256_from_mont:
 
 	ldp	x19,x20,[sp,#16]
 	ldp	x29,x30,[sp],#32
+	.inst	0xd50323bf		// autiasp
 	ret
 .size	ecp_nistz256_from_mont,.-ecp_nistz256_from_mont
 
@@ -166,6 +170,7 @@ ecp_nistz256_from_mont:
 .type	ecp_nistz256_mul_mont,%function
 .align	4
 ecp_nistz256_mul_mont:
+	.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-32]!
 	add	x29,sp,#0
 	stp	x19,x20,[sp,#16]
@@ -180,6 +185,7 @@ ecp_nistz256_mul_mont:
 
 	ldp	x19,x20,[sp,#16]
 	ldp	x29,x30,[sp],#32
+	.inst	0xd50323bf		// autiasp
 	ret
 .size	ecp_nistz256_mul_mont,.-ecp_nistz256_mul_mont
 
@@ -188,6 +194,7 @@ ecp_nistz256_mul_mont:
 .type	ecp_nistz256_sqr_mont,%function
 .align	4
 ecp_nistz256_sqr_mont:
+	.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-32]!
 	add	x29,sp,#0
 	stp	x19,x20,[sp,#16]
@@ -201,6 +208,7 @@ ecp_nistz256_sqr_mont:
 
 	ldp	x19,x20,[sp,#16]
 	ldp	x29,x30,[sp],#32
+	.inst	0xd50323bf		// autiasp
 	ret
 .size	ecp_nistz256_sqr_mont,.-ecp_nistz256_sqr_mont
 
@@ -210,6 +218,7 @@ ecp_nistz256_sqr_mont:
 .type	ecp_nistz256_add,%function
 .align	4
 ecp_nistz256_add:
+	.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-16]!
 	add	x29,sp,#0
 
@@ -223,6 +232,7 @@ ecp_nistz256_add:
 	bl	__ecp_nistz256_add
 
 	ldp	x29,x30,[sp],#16
+	.inst	0xd50323bf		// autiasp
 	ret
 .size	ecp_nistz256_add,.-ecp_nistz256_add
 
@@ -231,6 +241,7 @@ ecp_nistz256_add:
 .type	ecp_nistz256_div_by_2,%function
 .align	4
 ecp_nistz256_div_by_2:
+	.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-16]!
 	add	x29,sp,#0
 
@@ -242,6 +253,7 @@ ecp_nistz256_div_by_2:
 	bl	__ecp_nistz256_div_by_2
 
 	ldp	x29,x30,[sp],#16
+	.inst	0xd50323bf		//  autiasp
 	ret
 .size	ecp_nistz256_div_by_2,.-ecp_nistz256_div_by_2
 
@@ -250,6 +262,7 @@ ecp_nistz256_div_by_2:
 .type	ecp_nistz256_mul_by_2,%function
 .align	4
 ecp_nistz256_mul_by_2:
+	.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-16]!
 	add	x29,sp,#0
 
@@ -265,6 +278,7 @@ ecp_nistz256_mul_by_2:
 	bl	__ecp_nistz256_add	// ret = a+a	// 2*a
 
 	ldp	x29,x30,[sp],#16
+	.inst	0xd50323bf		// autiasp
 	ret
 .size	ecp_nistz256_mul_by_2,.-ecp_nistz256_mul_by_2
 
@@ -273,6 +287,7 @@ ecp_nistz256_mul_by_2:
 .type	ecp_nistz256_mul_by_3,%function
 .align	4
 ecp_nistz256_mul_by_3:
+	.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-16]!
 	add	x29,sp,#0
 
@@ -299,6 +314,7 @@ ecp_nistz256_mul_by_3:
 	bl	__ecp_nistz256_add	// ret += a	// 2*a+a=3*a
 
 	ldp	x29,x30,[sp],#16
+	.inst	0xd50323bf		// autiasp
 	ret
 .size	ecp_nistz256_mul_by_3,.-ecp_nistz256_mul_by_3
 
@@ -308,6 +324,7 @@ ecp_nistz256_mul_by_3:
 .type	ecp_nistz256_sub,%function
 .align	4
 ecp_nistz256_sub:
+	.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-16]!
 	add	x29,sp,#0
 
@@ -319,6 +336,7 @@ ecp_nistz256_sub:
 	bl	__ecp_nistz256_sub_from
 
 	ldp	x29,x30,[sp],#16
+	.inst	0xd50323bf		// autiasp
 	ret
 .size	ecp_nistz256_sub,.-ecp_nistz256_sub
 
@@ -327,6 +345,7 @@ ecp_nistz256_sub:
 .type	ecp_nistz256_neg,%function
 .align	4
 ecp_nistz256_neg:
+	.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-16]!
 	add	x29,sp,#0
 
@@ -341,6 +360,7 @@ ecp_nistz256_neg:
 	bl	__ecp_nistz256_sub_from
 
 	ldp	x29,x30,[sp],#16
+	.inst	0xd50323bf		// autiasp
 	ret
 .size	ecp_nistz256_neg,.-ecp_nistz256_neg
 
@@ -701,6 +721,7 @@ $code.=<<___;
 .type	ecp_nistz256_point_double,%function
 .align	5
 ecp_nistz256_point_double:
+	.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-80]!
 	add	x29,sp,#0
 	stp	x19,x20,[sp,#16]
@@ -835,6 +856,7 @@ ecp_nistz256_point_double:
 	ldp	x19,x20,[x29,#16]
 	ldp	x21,x22,[x29,#32]
 	ldp	x29,x30,[sp],#80
+	.inst	0xd50323bf		// autiasp
 	ret
 .size	ecp_nistz256_point_double,.-ecp_nistz256_point_double
 ___
@@ -857,6 +879,7 @@ $code.=<<___;
 .type	ecp_nistz256_point_add,%function
 .align	5
 ecp_nistz256_point_add:
+	.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-80]!
 	add	x29,sp,#0
 	stp	x19,x20,[sp,#16]
@@ -1094,12 +1117,13 @@ $code.=<<___;
 	stp	$acc2,$acc3,[$rp_real,#$i+16]
 
 .Ladd_done:
-	add	sp,x29,#0	// destroy frame
+	add	sp,x29,#0		// destroy frame
 	ldp	x19,x20,[x29,#16]
 	ldp	x21,x22,[x29,#32]
 	ldp	x23,x24,[x29,#48]
 	ldp	x25,x26,[x29,#64]
 	ldp	x29,x30,[sp],#80
+	.inst	0xd50323bf		// autiasp
 	ret
 .size	ecp_nistz256_point_add,.-ecp_nistz256_point_add
 ___
@@ -1121,6 +1145,7 @@ $code.=<<___;
 .type	ecp_nistz256_point_add_affine,%function
 .align	5
 ecp_nistz256_point_add_affine:
+	.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-80]!
 	add	x29,sp,#0
 	stp	x19,x20,[sp,#16]
@@ -1309,6 +1334,7 @@ $code.=<<___;
 	ldp	x23,x24,[x29,#48]
 	ldp	x25,x26,[x29,#64]
 	ldp	x29,x30,[sp],#80
+	.inst	0xd50323bf		// autiasp
 	ret
 .size	ecp_nistz256_point_add_affine,.-ecp_nistz256_point_add_affine
 ___
diff --git a/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-x86_64.pl b/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-x86_64.pl
index eba6ffd430..87149e7f68 100755
--- a/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-x86_64.pl
+++ b/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-x86_64.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2014-2019 The OpenSSL Project Authors. All Rights Reserved.
 # Copyright (c) 2014, Intel Corporation. All Rights Reserved.
 # Copyright (c) 2015 CloudFlare, Inc.
 #
@@ -1674,6 +1674,7 @@ $code.=<<___;
 .type	__ecp_nistz256_mul_montq,\@abi-omnipotent
 .align	32
 __ecp_nistz256_mul_montq:
+.cfi_startproc
 	########################################################################
 	# Multiply a by b[0]
 	mov	%rax, $t1
@@ -1885,6 +1886,7 @@ __ecp_nistz256_mul_montq:
 	mov	$acc1, 8*3($r_ptr)
 
 	ret
+.cfi_endproc
 .size	__ecp_nistz256_mul_montq,.-__ecp_nistz256_mul_montq
 
 ################################################################################
@@ -1968,6 +1970,7 @@ $code.=<<___;
 .type	__ecp_nistz256_sqr_montq,\@abi-omnipotent
 .align	32
 __ecp_nistz256_sqr_montq:
+.cfi_startproc
 	mov	%rax, $acc5
 	mulq	$acc6			# a[1]*a[0]
 	mov	%rax, $acc1
@@ -2125,6 +2128,7 @@ __ecp_nistz256_sqr_montq:
 	mov	$acc7, 8*3($r_ptr)
 
 	ret
+.cfi_endproc
 .size	__ecp_nistz256_sqr_montq,.-__ecp_nistz256_sqr_montq
 ___
 
@@ -2133,6 +2137,7 @@ $code.=<<___;
 .type	__ecp_nistz256_mul_montx,\@abi-omnipotent
 .align	32
 __ecp_nistz256_mul_montx:
+.cfi_startproc
 	########################################################################
 	# Multiply by b[0]
 	mulx	$acc1, $acc0, $acc1
@@ -2295,11 +2300,13 @@ __ecp_nistz256_mul_montx:
 	mov	$acc1, 8*3($r_ptr)
 
 	ret
+.cfi_endproc
 .size	__ecp_nistz256_mul_montx,.-__ecp_nistz256_mul_montx
 
 .type	__ecp_nistz256_sqr_montx,\@abi-omnipotent
 .align	32
 __ecp_nistz256_sqr_montx:
+.cfi_startproc
 	mulx	$acc6, $acc1, $acc2	# a[0]*a[1]
 	mulx	$acc7, $t0, $acc3	# a[0]*a[2]
 	xor	%eax, %eax
@@ -2423,6 +2430,7 @@ __ecp_nistz256_sqr_montx:
 	mov	$acc7, 8*3($r_ptr)
 
 	ret
+.cfi_endproc
 .size	__ecp_nistz256_sqr_montx,.-__ecp_nistz256_sqr_montx
 ___
 }
@@ -2578,6 +2586,7 @@ ecp_nistz256_scatter_w5:
 .type	ecp_nistz256_gather_w5,\@abi-omnipotent
 .align	32
 ecp_nistz256_gather_w5:
+.cfi_startproc
 ___
 $code.=<<___	if ($avx>1);
 	mov	OPENSSL_ia32cap_P+8(%rip), %eax
@@ -2666,6 +2675,7 @@ $code.=<<___	if ($win64);
 ___
 $code.=<<___;
 	ret
+.cfi_endproc
 .LSEH_end_ecp_nistz256_gather_w5:
 .size	ecp_nistz256_gather_w5,.-ecp_nistz256_gather_w5
 
@@ -2694,6 +2704,7 @@ ecp_nistz256_scatter_w7:
 .type	ecp_nistz256_gather_w7,\@abi-omnipotent
 .align	32
 ecp_nistz256_gather_w7:
+.cfi_startproc
 ___
 $code.=<<___	if ($avx>1);
 	mov	OPENSSL_ia32cap_P+8(%rip), %eax
@@ -2771,6 +2782,7 @@ $code.=<<___	if ($win64);
 ___
 $code.=<<___;
 	ret
+.cfi_endproc
 .LSEH_end_ecp_nistz256_gather_w7:
 .size	ecp_nistz256_gather_w7,.-ecp_nistz256_gather_w7
 ___
@@ -2787,6 +2799,7 @@ $code.=<<___;
 .type	ecp_nistz256_avx2_gather_w5,\@abi-omnipotent
 .align	32
 ecp_nistz256_avx2_gather_w5:
+.cfi_startproc
 .Lavx2_gather_w5:
 	vzeroupper
 ___
@@ -2874,6 +2887,7 @@ $code.=<<___	if ($win64);
 ___
 $code.=<<___;
 	ret
+.cfi_endproc
 .LSEH_end_ecp_nistz256_avx2_gather_w5:
 .size	ecp_nistz256_avx2_gather_w5,.-ecp_nistz256_avx2_gather_w5
 ___
@@ -2893,6 +2907,7 @@ $code.=<<___;
 .type	ecp_nistz256_avx2_gather_w7,\@abi-omnipotent
 .align	32
 ecp_nistz256_avx2_gather_w7:
+.cfi_startproc
 .Lavx2_gather_w7:
 	vzeroupper
 ___
@@ -2995,6 +3010,7 @@ $code.=<<___	if ($win64);
 ___
 $code.=<<___;
 	ret
+.cfi_endproc
 .LSEH_end_ecp_nistz256_avx2_gather_w7:
 .size	ecp_nistz256_avx2_gather_w7,.-ecp_nistz256_avx2_gather_w7
 ___
@@ -3064,6 +3080,7 @@ $code.=<<___;
 .type	__ecp_nistz256_add_toq,\@abi-omnipotent
 .align	32
 __ecp_nistz256_add_toq:
+.cfi_startproc
 	xor	$t4,$t4
 	add	8*0($b_ptr), $a0
 	adc	8*1($b_ptr), $a1
@@ -3091,11 +3108,13 @@ __ecp_nistz256_add_toq:
 	mov	$a3, 8*3($r_ptr)
 
 	ret
+.cfi_endproc
 .size	__ecp_nistz256_add_toq,.-__ecp_nistz256_add_toq
 
 .type	__ecp_nistz256_sub_fromq,\@abi-omnipotent
 .align	32
 __ecp_nistz256_sub_fromq:
+.cfi_startproc
 	sub	8*0($b_ptr), $a0
 	sbb	8*1($b_ptr), $a1
 	 mov	$a0, $t0
@@ -3122,11 +3141,13 @@ __ecp_nistz256_sub_fromq:
 	mov	$a3, 8*3($r_ptr)
 
 	ret
+.cfi_endproc
 .size	__ecp_nistz256_sub_fromq,.-__ecp_nistz256_sub_fromq
 
 .type	__ecp_nistz256_subq,\@abi-omnipotent
 .align	32
 __ecp_nistz256_subq:
+.cfi_startproc
 	sub	$a0, $t0
 	sbb	$a1, $t1
 	 mov	$t0, $a0
@@ -3149,11 +3170,13 @@ __ecp_nistz256_subq:
 	cmovnz	$t3, $a3
 
 	ret
+.cfi_endproc
 .size	__ecp_nistz256_subq,.-__ecp_nistz256_subq
 
 .type	__ecp_nistz256_mul_by_2q,\@abi-omnipotent
 .align	32
 __ecp_nistz256_mul_by_2q:
+.cfi_startproc
 	xor	$t4, $t4
 	add	$a0, $a0		# a0:a3+a0:a3
 	adc	$a1, $a1
@@ -3181,6 +3204,7 @@ __ecp_nistz256_mul_by_2q:
 	mov	$a3, 8*3($r_ptr)
 
 	ret
+.cfi_endproc
 .size	__ecp_nistz256_mul_by_2q,.-__ecp_nistz256_mul_by_2q
 ___
 									}
@@ -3620,7 +3644,9 @@ $code.=<<___;
 	movq	%xmm1, $a_ptr			# restore $a_ptr
 	movq	%xmm0, $r_ptr			# restore $r_ptr
 	add	\$`32*(18-5)`, %rsp		# difference in frame sizes
+.cfi_adjust_cfa_offset	`-32*(18-5)`
 	jmp	.Lpoint_double_shortcut$x
+.cfi_adjust_cfa_offset	`32*(18-5)`
 
 .align	32
 .Ladd_proceed$x:
@@ -4156,6 +4182,7 @@ $code.=<<___;
 .type	__ecp_nistz256_add_tox,\@abi-omnipotent
 .align	32
 __ecp_nistz256_add_tox:
+.cfi_startproc
 	xor	$t4, $t4
 	adc	8*0($b_ptr), $a0
 	adc	8*1($b_ptr), $a1
@@ -4184,11 +4211,13 @@ __ecp_nistz256_add_tox:
 	mov	$a3, 8*3($r_ptr)
 
 	ret
+.cfi_endproc
 .size	__ecp_nistz256_add_tox,.-__ecp_nistz256_add_tox
 
 .type	__ecp_nistz256_sub_fromx,\@abi-omnipotent
 .align	32
 __ecp_nistz256_sub_fromx:
+.cfi_startproc
 	xor	$t4, $t4
 	sbb	8*0($b_ptr), $a0
 	sbb	8*1($b_ptr), $a1
@@ -4217,11 +4246,13 @@ __ecp_nistz256_sub_fromx:
 	mov	$a3, 8*3($r_ptr)
 
 	ret
+.cfi_endproc
 .size	__ecp_nistz256_sub_fromx,.-__ecp_nistz256_sub_fromx
 
 .type	__ecp_nistz256_subx,\@abi-omnipotent
 .align	32
 __ecp_nistz256_subx:
+.cfi_startproc
 	xor	$t4, $t4
 	sbb	$a0, $t0
 	sbb	$a1, $t1
@@ -4246,11 +4277,13 @@ __ecp_nistz256_subx:
 	cmovc	$t3, $a3
 
 	ret
+.cfi_endproc
 .size	__ecp_nistz256_subx,.-__ecp_nistz256_subx
 
 .type	__ecp_nistz256_mul_by_2x,\@abi-omnipotent
 .align	32
 __ecp_nistz256_mul_by_2x:
+.cfi_startproc
 	xor	$t4, $t4
 	adc	$a0, $a0		# a0:a3+a0:a3
 	adc	$a1, $a1
@@ -4279,6 +4312,7 @@ __ecp_nistz256_mul_by_2x:
 	mov	$a3, 8*3($r_ptr)
 
 	ret
+.cfi_endproc
 .size	__ecp_nistz256_mul_by_2x,.-__ecp_nistz256_mul_by_2x
 ___
 									}
diff --git a/deps/openssl/openssl/crypto/ec/curve25519.c b/deps/openssl/openssl/crypto/ec/curve25519.c
index abe9b9cbf6..aa999cc591 100644
--- a/deps/openssl/openssl/crypto/ec/curve25519.c
+++ b/deps/openssl/openssl/crypto/ec/curve25519.c
@@ -744,91 +744,99 @@ static void x25519_scalar_mult(uint8_t out[32], const uint8_t scalar[32],
 
 /*
  * Reference base 2^25.5 implementation.
- */
-/*
+ *
  * This code is mostly taken from the ref10 version of Ed25519 in SUPERCOP
  * 20141124 (http://bench.cr.yp.to/supercop.html).
  *
  * The field functions are shared by Ed25519 and X25519 where possible.
  */
 
-/* fe means field element. Here the field is \Z/(2^255-19). An element t,
+/*
+ * fe means field element. Here the field is \Z/(2^255-19). An element t,
  * entries t[0]...t[9], represents the integer t[0]+2^26 t[1]+2^51 t[2]+2^77
  * t[3]+2^102 t[4]+...+2^230 t[9]. Bounds on each t[i] vary depending on
- * context.  */
+ * context.
+ */
 typedef int32_t fe[10];
 
+static const int64_t kBottom21Bits =  0x1fffffLL;
 static const int64_t kBottom25Bits = 0x1ffffffLL;
 static const int64_t kBottom26Bits = 0x3ffffffLL;
 static const int64_t kTop39Bits = 0xfffffffffe000000LL;
 static const int64_t kTop38Bits = 0xfffffffffc000000LL;
 
-static uint64_t load_3(const uint8_t *in) {
-  uint64_t result;
-  result = (uint64_t)in[0];
-  result |= ((uint64_t)in[1]) << 8;
-  result |= ((uint64_t)in[2]) << 16;
-  return result;
+static uint64_t load_3(const uint8_t *in)
+{
+    uint64_t result;
+
+    result  = ((uint64_t)in[0]);
+    result |= ((uint64_t)in[1]) << 8;
+    result |= ((uint64_t)in[2]) << 16;
+    return result;
 }
 
-static uint64_t load_4(const uint8_t *in) {
-  uint64_t result;
-  result = (uint64_t)in[0];
-  result |= ((uint64_t)in[1]) << 8;
-  result |= ((uint64_t)in[2]) << 16;
-  result |= ((uint64_t)in[3]) << 24;
-  return result;
+static uint64_t load_4(const uint8_t *in)
+{
+    uint64_t result;
+
+    result  = ((uint64_t)in[0]);
+    result |= ((uint64_t)in[1]) << 8;
+    result |= ((uint64_t)in[2]) << 16;
+    result |= ((uint64_t)in[3]) << 24;
+    return result;
 }
 
-static void fe_frombytes(fe h, const uint8_t *s) {
-  /* Ignores top bit of h. */
-  int64_t h0 = load_4(s);
-  int64_t h1 = load_3(s + 4) << 6;
-  int64_t h2 = load_3(s + 7) << 5;
-  int64_t h3 = load_3(s + 10) << 3;
-  int64_t h4 = load_3(s + 13) << 2;
-  int64_t h5 = load_4(s + 16);
-  int64_t h6 = load_3(s + 20) << 7;
-  int64_t h7 = load_3(s + 23) << 5;
-  int64_t h8 = load_3(s + 26) << 4;
-  int64_t h9 = (load_3(s + 29) & 8388607) << 2;
-  int64_t carry0;
-  int64_t carry1;
-  int64_t carry2;
-  int64_t carry3;
-  int64_t carry4;
-  int64_t carry5;
-  int64_t carry6;
-  int64_t carry7;
-  int64_t carry8;
-  int64_t carry9;
-
-  carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits;
-  carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits;
-  carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits;
-  carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits;
-  carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits;
-
-  carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits;
-  carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits;
-  carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits;
-  carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits;
-  carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits;
-
-  h[0] = (int32_t)h0;
-  h[1] = (int32_t)h1;
-  h[2] = (int32_t)h2;
-  h[3] = (int32_t)h3;
-  h[4] = (int32_t)h4;
-  h[5] = (int32_t)h5;
-  h[6] = (int32_t)h6;
-  h[7] = (int32_t)h7;
-  h[8] = (int32_t)h8;
-  h[9] = (int32_t)h9;
+static void fe_frombytes(fe h, const uint8_t *s)
+{
+    /* Ignores top bit of h. */
+    int64_t h0 =  load_4(s);
+    int64_t h1 =  load_3(s +  4) << 6;
+    int64_t h2 =  load_3(s +  7) << 5;
+    int64_t h3 =  load_3(s + 10) << 3;
+    int64_t h4 =  load_3(s + 13) << 2;
+    int64_t h5 =  load_4(s + 16);
+    int64_t h6 =  load_3(s + 20) << 7;
+    int64_t h7 =  load_3(s + 23) << 5;
+    int64_t h8 =  load_3(s + 26) << 4;
+    int64_t h9 = (load_3(s + 29) & 0x7fffff) << 2;
+    int64_t carry0;
+    int64_t carry1;
+    int64_t carry2;
+    int64_t carry3;
+    int64_t carry4;
+    int64_t carry5;
+    int64_t carry6;
+    int64_t carry7;
+    int64_t carry8;
+    int64_t carry9;
+
+    carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits;
+    carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits;
+    carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits;
+    carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits;
+    carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits;
+
+    carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits;
+    carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits;
+    carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits;
+    carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits;
+    carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits;
+
+    h[0] = (int32_t)h0;
+    h[1] = (int32_t)h1;
+    h[2] = (int32_t)h2;
+    h[3] = (int32_t)h3;
+    h[4] = (int32_t)h4;
+    h[5] = (int32_t)h5;
+    h[6] = (int32_t)h6;
+    h[7] = (int32_t)h7;
+    h[8] = (int32_t)h8;
+    h[9] = (int32_t)h9;
 }
 
-/* Preconditions:
- *  |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+/*
+ * Preconditions:
+ *   |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
  *
  * Write p=2^255-19; q=floor(h/p).
  * Basic claim: q = floor(2^(-255)(h + 19 2^(-25)h9 + 2^(-1))).
@@ -848,102 +856,112 @@ static void fe_frombytes(fe h, const uint8_t *s) {
  *   Then 0<x<2^255 so floor(2^(-255)x) = 0 so floor(q+2^(-255)x) = q.
  *
  *   Have q+2^(-255)x = 2^(-255)(h + 19 2^(-25) h9 + 2^(-1))
- *   so floor(2^(-255)(h + 19 2^(-25) h9 + 2^(-1))) = q. */
-static void fe_tobytes(uint8_t *s, const fe h) {
-  int32_t h0 = h[0];
-  int32_t h1 = h[1];
-  int32_t h2 = h[2];
-  int32_t h3 = h[3];
-  int32_t h4 = h[4];
-  int32_t h5 = h[5];
-  int32_t h6 = h[6];
-  int32_t h7 = h[7];
-  int32_t h8 = h[8];
-  int32_t h9 = h[9];
-  int32_t q;
-
-  q = (19 * h9 + (((int32_t) 1) << 24)) >> 25;
-  q = (h0 + q) >> 26;
-  q = (h1 + q) >> 25;
-  q = (h2 + q) >> 26;
-  q = (h3 + q) >> 25;
-  q = (h4 + q) >> 26;
-  q = (h5 + q) >> 25;
-  q = (h6 + q) >> 26;
-  q = (h7 + q) >> 25;
-  q = (h8 + q) >> 26;
-  q = (h9 + q) >> 25;
-
-  /* Goal: Output h-(2^255-19)q, which is between 0 and 2^255-20. */
-  h0 += 19 * q;
-  /* Goal: Output h-2^255 q, which is between 0 and 2^255-20. */
-
-  h1 += h0 >> 26; h0 &= kBottom26Bits;
-  h2 += h1 >> 25; h1 &= kBottom25Bits;
-  h3 += h2 >> 26; h2 &= kBottom26Bits;
-  h4 += h3 >> 25; h3 &= kBottom25Bits;
-  h5 += h4 >> 26; h4 &= kBottom26Bits;
-  h6 += h5 >> 25; h5 &= kBottom25Bits;
-  h7 += h6 >> 26; h6 &= kBottom26Bits;
-  h8 += h7 >> 25; h7 &= kBottom25Bits;
-  h9 += h8 >> 26; h8 &= kBottom26Bits;
-                  h9 &= kBottom25Bits;
-                  /* h10 = carry9 */
-
-  /* Goal: Output h0+...+2^255 h10-2^255 q, which is between 0 and 2^255-20.
-   * Have h0+...+2^230 h9 between 0 and 2^255-1;
-   * evidently 2^255 h10-2^255 q = 0.
-   * Goal: Output h0+...+2^230 h9.  */
-
-  s[0] = (uint8_t)(h0 >> 0);
-  s[1] = (uint8_t)(h0 >> 8);
-  s[2] = (uint8_t)(h0 >> 16);
-  s[3] = (uint8_t)((h0 >> 24) | ((uint32_t)(h1) << 2));
-  s[4] = (uint8_t)(h1 >> 6);
-  s[5] = (uint8_t)(h1 >> 14);
-  s[6] = (uint8_t)((h1 >> 22) | ((uint32_t)(h2) << 3));
-  s[7] = (uint8_t)(h2 >> 5);
-  s[8] = (uint8_t)(h2 >> 13);
-  s[9] = (uint8_t)((h2 >> 21) | ((uint32_t)(h3) << 5));
-  s[10] = (uint8_t)(h3 >> 3);
-  s[11] = (uint8_t)(h3 >> 11);
-  s[12] = (uint8_t)((h3 >> 19) | ((uint32_t)(h4) << 6));
-  s[13] = (uint8_t)(h4 >> 2);
-  s[14] = (uint8_t)(h4 >> 10);
-  s[15] = (uint8_t)(h4 >> 18);
-  s[16] = (uint8_t)(h5 >> 0);
-  s[17] = (uint8_t)(h5 >> 8);
-  s[18] = (uint8_t)(h5 >> 16);
-  s[19] = (uint8_t)((h5 >> 24) | ((uint32_t)(h6) << 1));
-  s[20] = (uint8_t)(h6 >> 7);
-  s[21] = (uint8_t)(h6 >> 15);
-  s[22] = (uint8_t)((h6 >> 23) | ((uint32_t)(h7) << 3));
-  s[23] = (uint8_t)(h7 >> 5);
-  s[24] = (uint8_t)(h7 >> 13);
-  s[25] = (uint8_t)((h7 >> 21) | ((uint32_t)(h8) << 4));
-  s[26] = (uint8_t)(h8 >> 4);
-  s[27] = (uint8_t)(h8 >> 12);
-  s[28] = (uint8_t)((h8 >> 20) | ((uint32_t)(h9) << 6));
-  s[29] = (uint8_t)(h9 >> 2);
-  s[30] = (uint8_t)(h9 >> 10);
-  s[31] = (uint8_t)(h9 >> 18);
+ *   so floor(2^(-255)(h + 19 2^(-25) h9 + 2^(-1))) = q.
+ */
+static void fe_tobytes(uint8_t *s, const fe h)
+{
+    int32_t h0 = h[0];
+    int32_t h1 = h[1];
+    int32_t h2 = h[2];
+    int32_t h3 = h[3];
+    int32_t h4 = h[4];
+    int32_t h5 = h[5];
+    int32_t h6 = h[6];
+    int32_t h7 = h[7];
+    int32_t h8 = h[8];
+    int32_t h9 = h[9];
+    int32_t q;
+
+    q = (19 * h9 + (((int32_t) 1) << 24)) >> 25;
+    q = (h0 + q) >> 26;
+    q = (h1 + q) >> 25;
+    q = (h2 + q) >> 26;
+    q = (h3 + q) >> 25;
+    q = (h4 + q) >> 26;
+    q = (h5 + q) >> 25;
+    q = (h6 + q) >> 26;
+    q = (h7 + q) >> 25;
+    q = (h8 + q) >> 26;
+    q = (h9 + q) >> 25;
+
+    /* Goal: Output h-(2^255-19)q, which is between 0 and 2^255-20. */
+    h0 += 19 * q;
+    /* Goal: Output h-2^255 q, which is between 0 and 2^255-20. */
+
+    h1 += h0 >> 26; h0 &= kBottom26Bits;
+    h2 += h1 >> 25; h1 &= kBottom25Bits;
+    h3 += h2 >> 26; h2 &= kBottom26Bits;
+    h4 += h3 >> 25; h3 &= kBottom25Bits;
+    h5 += h4 >> 26; h4 &= kBottom26Bits;
+    h6 += h5 >> 25; h5 &= kBottom25Bits;
+    h7 += h6 >> 26; h6 &= kBottom26Bits;
+    h8 += h7 >> 25; h7 &= kBottom25Bits;
+    h9 += h8 >> 26; h8 &= kBottom26Bits;
+                    h9 &= kBottom25Bits;
+    /* h10 = carry9 */
+
+    /*
+     * Goal: Output h0+...+2^255 h10-2^255 q, which is between 0 and 2^255-20.
+     * Have h0+...+2^230 h9 between 0 and 2^255-1;
+     * evidently 2^255 h10-2^255 q = 0.
+     * Goal: Output h0+...+2^230 h9.
+     */
+    s[ 0] = (uint8_t) (h0 >>  0);
+    s[ 1] = (uint8_t) (h0 >>  8);
+    s[ 2] = (uint8_t) (h0 >> 16);
+    s[ 3] = (uint8_t)((h0 >> 24) | ((uint32_t)(h1) << 2));
+    s[ 4] = (uint8_t) (h1 >>  6);
+    s[ 5] = (uint8_t) (h1 >> 14);
+    s[ 6] = (uint8_t)((h1 >> 22) | ((uint32_t)(h2) << 3));
+    s[ 7] = (uint8_t) (h2 >>  5);
+    s[ 8] = (uint8_t) (h2 >> 13);
+    s[ 9] = (uint8_t)((h2 >> 21) | ((uint32_t)(h3) << 5));
+    s[10] = (uint8_t) (h3 >>  3);
+    s[11] = (uint8_t) (h3 >> 11);
+    s[12] = (uint8_t)((h3 >> 19) | ((uint32_t)(h4) << 6));
+    s[13] = (uint8_t) (h4 >>  2);
+    s[14] = (uint8_t) (h4 >> 10);
+    s[15] = (uint8_t) (h4 >> 18);
+    s[16] = (uint8_t) (h5 >>  0);
+    s[17] = (uint8_t) (h5 >>  8);
+    s[18] = (uint8_t) (h5 >> 16);
+    s[19] = (uint8_t)((h5 >> 24) | ((uint32_t)(h6) << 1));
+    s[20] = (uint8_t) (h6 >>  7);
+    s[21] = (uint8_t) (h6 >> 15);
+    s[22] = (uint8_t)((h6 >> 23) | ((uint32_t)(h7) << 3));
+    s[23] = (uint8_t) (h7 >>  5);
+    s[24] = (uint8_t) (h7 >> 13);
+    s[25] = (uint8_t)((h7 >> 21) | ((uint32_t)(h8) << 4));
+    s[26] = (uint8_t) (h8 >>  4);
+    s[27] = (uint8_t) (h8 >> 12);
+    s[28] = (uint8_t)((h8 >> 20) | ((uint32_t)(h9) << 6));
+    s[29] = (uint8_t) (h9 >>  2);
+    s[30] = (uint8_t) (h9 >> 10);
+    s[31] = (uint8_t) (h9 >> 18);
 }
 
 /* h = f */
-static void fe_copy(fe h, const fe f) {
-  memmove(h, f, sizeof(int32_t) * 10);
+static void fe_copy(fe h, const fe f)
+{
+    memmove(h, f, sizeof(int32_t) * 10);
 }
 
 /* h = 0 */
-static void fe_0(fe h) { memset(h, 0, sizeof(int32_t) * 10); }
+static void fe_0(fe h)
+{
+    memset(h, 0, sizeof(int32_t) * 10);
+}
 
 /* h = 1 */
-static void fe_1(fe h) {
-  memset(h, 0, sizeof(int32_t) * 10);
-  h[0] = 1;
+static void fe_1(fe h)
+{
+    memset(h, 0, sizeof(int32_t) * 10);
+    h[0] = 1;
 }
 
-/* h = f + g
+/*
+ * h = f + g
+ *
  * Can overlap h with f or g.
  *
  * Preconditions:
@@ -951,15 +969,20 @@ static void fe_1(fe h) {
  *    |g| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
  *
  * Postconditions:
- *    |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. */
-static void fe_add(fe h, const fe f, const fe g) {
-  unsigned i;
-  for (i = 0; i < 10; i++) {
-    h[i] = f[i] + g[i];
-  }
+ *    |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+ */
+static void fe_add(fe h, const fe f, const fe g)
+{
+    unsigned i;
+
+    for (i = 0; i < 10; i++) {
+        h[i] = f[i] + g[i];
+    }
 }
 
-/* h = f - g
+/*
+ * h = f - g
+ *
  * Can overlap h with f or g.
  *
  * Preconditions:
@@ -967,15 +990,20 @@ static void fe_add(fe h, const fe f, const fe g) {
  *    |g| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
  *
  * Postconditions:
- *    |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. */
-static void fe_sub(fe h, const fe f, const fe g) {
-  unsigned i;
-  for (i = 0; i < 10; i++) {
-    h[i] = f[i] - g[i];
-  }
+ *    |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+ */
+static void fe_sub(fe h, const fe f, const fe g)
+{
+    unsigned i;
+
+    for (i = 0; i < 10; i++) {
+        h[i] = f[i] - g[i];
+    }
 }
 
-/* h = f * g
+/*
+ * h = f * g
+ *
  * Can overlap h with f or g.
  *
  * Preconditions:
@@ -1001,224 +1029,228 @@ static void fe_sub(fe h, const fe f, const fe g) {
  * 10 of them are 2-way parallelizable and vectorizable.
  * Can get away with 11 carries, but then data flow is much deeper.
  *
- * With tighter constraints on inputs can squeeze carries into int32. */
-static void fe_mul(fe h, const fe f, const fe g) {
-  int32_t f0 = f[0];
-  int32_t f1 = f[1];
-  int32_t f2 = f[2];
-  int32_t f3 = f[3];
-  int32_t f4 = f[4];
-  int32_t f5 = f[5];
-  int32_t f6 = f[6];
-  int32_t f7 = f[7];
-  int32_t f8 = f[8];
-  int32_t f9 = f[9];
-  int32_t g0 = g[0];
-  int32_t g1 = g[1];
-  int32_t g2 = g[2];
-  int32_t g3 = g[3];
-  int32_t g4 = g[4];
-  int32_t g5 = g[5];
-  int32_t g6 = g[6];
-  int32_t g7 = g[7];
-  int32_t g8 = g[8];
-  int32_t g9 = g[9];
-  int32_t g1_19 = 19 * g1; /* 1.959375*2^29 */
-  int32_t g2_19 = 19 * g2; /* 1.959375*2^30; still ok */
-  int32_t g3_19 = 19 * g3;
-  int32_t g4_19 = 19 * g4;
-  int32_t g5_19 = 19 * g5;
-  int32_t g6_19 = 19 * g6;
-  int32_t g7_19 = 19 * g7;
-  int32_t g8_19 = 19 * g8;
-  int32_t g9_19 = 19 * g9;
-  int32_t f1_2 = 2 * f1;
-  int32_t f3_2 = 2 * f3;
-  int32_t f5_2 = 2 * f5;
-  int32_t f7_2 = 2 * f7;
-  int32_t f9_2 = 2 * f9;
-  int64_t f0g0    = f0   * (int64_t) g0;
-  int64_t f0g1    = f0   * (int64_t) g1;
-  int64_t f0g2    = f0   * (int64_t) g2;
-  int64_t f0g3    = f0   * (int64_t) g3;
-  int64_t f0g4    = f0   * (int64_t) g4;
-  int64_t f0g5    = f0   * (int64_t) g5;
-  int64_t f0g6    = f0   * (int64_t) g6;
-  int64_t f0g7    = f0   * (int64_t) g7;
-  int64_t f0g8    = f0   * (int64_t) g8;
-  int64_t f0g9    = f0   * (int64_t) g9;
-  int64_t f1g0    = f1   * (int64_t) g0;
-  int64_t f1g1_2  = f1_2 * (int64_t) g1;
-  int64_t f1g2    = f1   * (int64_t) g2;
-  int64_t f1g3_2  = f1_2 * (int64_t) g3;
-  int64_t f1g4    = f1   * (int64_t) g4;
-  int64_t f1g5_2  = f1_2 * (int64_t) g5;
-  int64_t f1g6    = f1   * (int64_t) g6;
-  int64_t f1g7_2  = f1_2 * (int64_t) g7;
-  int64_t f1g8    = f1   * (int64_t) g8;
-  int64_t f1g9_38 = f1_2 * (int64_t) g9_19;
-  int64_t f2g0    = f2   * (int64_t) g0;
-  int64_t f2g1    = f2   * (int64_t) g1;
-  int64_t f2g2    = f2   * (int64_t) g2;
-  int64_t f2g3    = f2   * (int64_t) g3;
-  int64_t f2g4    = f2   * (int64_t) g4;
-  int64_t f2g5    = f2   * (int64_t) g5;
-  int64_t f2g6    = f2   * (int64_t) g6;
-  int64_t f2g7    = f2   * (int64_t) g7;
-  int64_t f2g8_19 = f2   * (int64_t) g8_19;
-  int64_t f2g9_19 = f2   * (int64_t) g9_19;
-  int64_t f3g0    = f3   * (int64_t) g0;
-  int64_t f3g1_2  = f3_2 * (int64_t) g1;
-  int64_t f3g2    = f3   * (int64_t) g2;
-  int64_t f3g3_2  = f3_2 * (int64_t) g3;
-  int64_t f3g4    = f3   * (int64_t) g4;
-  int64_t f3g5_2  = f3_2 * (int64_t) g5;
-  int64_t f3g6    = f3   * (int64_t) g6;
-  int64_t f3g7_38 = f3_2 * (int64_t) g7_19;
-  int64_t f3g8_19 = f3   * (int64_t) g8_19;
-  int64_t f3g9_38 = f3_2 * (int64_t) g9_19;
-  int64_t f4g0    = f4   * (int64_t) g0;
-  int64_t f4g1    = f4   * (int64_t) g1;
-  int64_t f4g2    = f4   * (int64_t) g2;
-  int64_t f4g3    = f4   * (int64_t) g3;
-  int64_t f4g4    = f4   * (int64_t) g4;
-  int64_t f4g5    = f4   * (int64_t) g5;
-  int64_t f4g6_19 = f4   * (int64_t) g6_19;
-  int64_t f4g7_19 = f4   * (int64_t) g7_19;
-  int64_t f4g8_19 = f4   * (int64_t) g8_19;
-  int64_t f4g9_19 = f4   * (int64_t) g9_19;
-  int64_t f5g0    = f5   * (int64_t) g0;
-  int64_t f5g1_2  = f5_2 * (int64_t) g1;
-  int64_t f5g2    = f5   * (int64_t) g2;
-  int64_t f5g3_2  = f5_2 * (int64_t) g3;
-  int64_t f5g4    = f5   * (int64_t) g4;
-  int64_t f5g5_38 = f5_2 * (int64_t) g5_19;
-  int64_t f5g6_19 = f5   * (int64_t) g6_19;
-  int64_t f5g7_38 = f5_2 * (int64_t) g7_19;
-  int64_t f5g8_19 = f5   * (int64_t) g8_19;
-  int64_t f5g9_38 = f5_2 * (int64_t) g9_19;
-  int64_t f6g0    = f6   * (int64_t) g0;
-  int64_t f6g1    = f6   * (int64_t) g1;
-  int64_t f6g2    = f6   * (int64_t) g2;
-  int64_t f6g3    = f6   * (int64_t) g3;
-  int64_t f6g4_19 = f6   * (int64_t) g4_19;
-  int64_t f6g5_19 = f6   * (int64_t) g5_19;
-  int64_t f6g6_19 = f6   * (int64_t) g6_19;
-  int64_t f6g7_19 = f6   * (int64_t) g7_19;
-  int64_t f6g8_19 = f6   * (int64_t) g8_19;
-  int64_t f6g9_19 = f6   * (int64_t) g9_19;
-  int64_t f7g0    = f7   * (int64_t) g0;
-  int64_t f7g1_2  = f7_2 * (int64_t) g1;
-  int64_t f7g2    = f7   * (int64_t) g2;
-  int64_t f7g3_38 = f7_2 * (int64_t) g3_19;
-  int64_t f7g4_19 = f7   * (int64_t) g4_19;
-  int64_t f7g5_38 = f7_2 * (int64_t) g5_19;
-  int64_t f7g6_19 = f7   * (int64_t) g6_19;
-  int64_t f7g7_38 = f7_2 * (int64_t) g7_19;
-  int64_t f7g8_19 = f7   * (int64_t) g8_19;
-  int64_t f7g9_38 = f7_2 * (int64_t) g9_19;
-  int64_t f8g0    = f8   * (int64_t) g0;
-  int64_t f8g1    = f8   * (int64_t) g1;
-  int64_t f8g2_19 = f8   * (int64_t) g2_19;
-  int64_t f8g3_19 = f8   * (int64_t) g3_19;
-  int64_t f8g4_19 = f8   * (int64_t) g4_19;
-  int64_t f8g5_19 = f8   * (int64_t) g5_19;
-  int64_t f8g6_19 = f8   * (int64_t) g6_19;
-  int64_t f8g7_19 = f8   * (int64_t) g7_19;
-  int64_t f8g8_19 = f8   * (int64_t) g8_19;
-  int64_t f8g9_19 = f8   * (int64_t) g9_19;
-  int64_t f9g0    = f9   * (int64_t) g0;
-  int64_t f9g1_38 = f9_2 * (int64_t) g1_19;
-  int64_t f9g2_19 = f9   * (int64_t) g2_19;
-  int64_t f9g3_38 = f9_2 * (int64_t) g3_19;
-  int64_t f9g4_19 = f9   * (int64_t) g4_19;
-  int64_t f9g5_38 = f9_2 * (int64_t) g5_19;
-  int64_t f9g6_19 = f9   * (int64_t) g6_19;
-  int64_t f9g7_38 = f9_2 * (int64_t) g7_19;
-  int64_t f9g8_19 = f9   * (int64_t) g8_19;
-  int64_t f9g9_38 = f9_2 * (int64_t) g9_19;
-  int64_t h0 = f0g0+f1g9_38+f2g8_19+f3g7_38+f4g6_19+f5g5_38+f6g4_19+f7g3_38+f8g2_19+f9g1_38;
-  int64_t h1 = f0g1+f1g0   +f2g9_19+f3g8_19+f4g7_19+f5g6_19+f6g5_19+f7g4_19+f8g3_19+f9g2_19;
-  int64_t h2 = f0g2+f1g1_2 +f2g0   +f3g9_38+f4g8_19+f5g7_38+f6g6_19+f7g5_38+f8g4_19+f9g3_38;
-  int64_t h3 = f0g3+f1g2   +f2g1   +f3g0   +f4g9_19+f5g8_19+f6g7_19+f7g6_19+f8g5_19+f9g4_19;
-  int64_t h4 = f0g4+f1g3_2 +f2g2   +f3g1_2 +f4g0   +f5g9_38+f6g8_19+f7g7_38+f8g6_19+f9g5_38;
-  int64_t h5 = f0g5+f1g4   +f2g3   +f3g2   +f4g1   +f5g0   +f6g9_19+f7g8_19+f8g7_19+f9g6_19;
-  int64_t h6 = f0g6+f1g5_2 +f2g4   +f3g3_2 +f4g2   +f5g1_2 +f6g0   +f7g9_38+f8g8_19+f9g7_38;
-  int64_t h7 = f0g7+f1g6   +f2g5   +f3g4   +f4g3   +f5g2   +f6g1   +f7g0   +f8g9_19+f9g8_19;
-  int64_t h8 = f0g8+f1g7_2 +f2g6   +f3g5_2 +f4g4   +f5g3_2 +f6g2   +f7g1_2 +f8g0   +f9g9_38;
-  int64_t h9 = f0g9+f1g8   +f2g7   +f3g6   +f4g5   +f5g4   +f6g3   +f7g2   +f8g1   +f9g0   ;
-  int64_t carry0;
-  int64_t carry1;
-  int64_t carry2;
-  int64_t carry3;
-  int64_t carry4;
-  int64_t carry5;
-  int64_t carry6;
-  int64_t carry7;
-  int64_t carry8;
-  int64_t carry9;
-
-  /* |h0| <= (1.65*1.65*2^52*(1+19+19+19+19)+1.65*1.65*2^50*(38+38+38+38+38))
-   *   i.e. |h0| <= 1.4*2^60; narrower ranges for h2, h4, h6, h8
-   * |h1| <= (1.65*1.65*2^51*(1+1+19+19+19+19+19+19+19+19))
-   *   i.e. |h1| <= 1.7*2^59; narrower ranges for h3, h5, h7, h9 */
-
-  carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits;
-  carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits;
-  /* |h0| <= 2^25 */
-  /* |h4| <= 2^25 */
-  /* |h1| <= 1.71*2^59 */
-  /* |h5| <= 1.71*2^59 */
-
-  carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits;
-  carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits;
-  /* |h1| <= 2^24; from now on fits into int32 */
-  /* |h5| <= 2^24; from now on fits into int32 */
-  /* |h2| <= 1.41*2^60 */
-  /* |h6| <= 1.41*2^60 */
-
-  carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits;
-  carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits;
-  /* |h2| <= 2^25; from now on fits into int32 unchanged */
-  /* |h6| <= 2^25; from now on fits into int32 unchanged */
-  /* |h3| <= 1.71*2^59 */
-  /* |h7| <= 1.71*2^59 */
-
-  carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits;
-  carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits;
-  /* |h3| <= 2^24; from now on fits into int32 unchanged */
-  /* |h7| <= 2^24; from now on fits into int32 unchanged */
-  /* |h4| <= 1.72*2^34 */
-  /* |h8| <= 1.41*2^60 */
-
-  carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits;
-  carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits;
-  /* |h4| <= 2^25; from now on fits into int32 unchanged */
-  /* |h8| <= 2^25; from now on fits into int32 unchanged */
-  /* |h5| <= 1.01*2^24 */
-  /* |h9| <= 1.71*2^59 */
-
-  carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits;
-  /* |h9| <= 2^24; from now on fits into int32 unchanged */
-  /* |h0| <= 1.1*2^39 */
-
-  carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits;
-  /* |h0| <= 2^25; from now on fits into int32 unchanged */
-  /* |h1| <= 1.01*2^24 */
-
-  h[0] = (int32_t)h0;
-  h[1] = (int32_t)h1;
-  h[2] = (int32_t)h2;
-  h[3] = (int32_t)h3;
-  h[4] = (int32_t)h4;
-  h[5] = (int32_t)h5;
-  h[6] = (int32_t)h6;
-  h[7] = (int32_t)h7;
-  h[8] = (int32_t)h8;
-  h[9] = (int32_t)h9;
+ * With tighter constraints on inputs can squeeze carries into int32.
+ */
+static void fe_mul(fe h, const fe f, const fe g)
+{
+    int32_t f0 = f[0];
+    int32_t f1 = f[1];
+    int32_t f2 = f[2];
+    int32_t f3 = f[3];
+    int32_t f4 = f[4];
+    int32_t f5 = f[5];
+    int32_t f6 = f[6];
+    int32_t f7 = f[7];
+    int32_t f8 = f[8];
+    int32_t f9 = f[9];
+    int32_t g0 = g[0];
+    int32_t g1 = g[1];
+    int32_t g2 = g[2];
+    int32_t g3 = g[3];
+    int32_t g4 = g[4];
+    int32_t g5 = g[5];
+    int32_t g6 = g[6];
+    int32_t g7 = g[7];
+    int32_t g8 = g[8];
+    int32_t g9 = g[9];
+    int32_t g1_19 = 19 * g1; /* 1.959375*2^29 */
+    int32_t g2_19 = 19 * g2; /* 1.959375*2^30; still ok */
+    int32_t g3_19 = 19 * g3;
+    int32_t g4_19 = 19 * g4;
+    int32_t g5_19 = 19 * g5;
+    int32_t g6_19 = 19 * g6;
+    int32_t g7_19 = 19 * g7;
+    int32_t g8_19 = 19 * g8;
+    int32_t g9_19 = 19 * g9;
+    int32_t f1_2 = 2 * f1;
+    int32_t f3_2 = 2 * f3;
+    int32_t f5_2 = 2 * f5;
+    int32_t f7_2 = 2 * f7;
+    int32_t f9_2 = 2 * f9;
+    int64_t f0g0    = f0   * (int64_t) g0;
+    int64_t f0g1    = f0   * (int64_t) g1;
+    int64_t f0g2    = f0   * (int64_t) g2;
+    int64_t f0g3    = f0   * (int64_t) g3;
+    int64_t f0g4    = f0   * (int64_t) g4;
+    int64_t f0g5    = f0   * (int64_t) g5;
+    int64_t f0g6    = f0   * (int64_t) g6;
+    int64_t f0g7    = f0   * (int64_t) g7;
+    int64_t f0g8    = f0   * (int64_t) g8;
+    int64_t f0g9    = f0   * (int64_t) g9;
+    int64_t f1g0    = f1   * (int64_t) g0;
+    int64_t f1g1_2  = f1_2 * (int64_t) g1;
+    int64_t f1g2    = f1   * (int64_t) g2;
+    int64_t f1g3_2  = f1_2 * (int64_t) g3;
+    int64_t f1g4    = f1   * (int64_t) g4;
+    int64_t f1g5_2  = f1_2 * (int64_t) g5;
+    int64_t f1g6    = f1   * (int64_t) g6;
+    int64_t f1g7_2  = f1_2 * (int64_t) g7;
+    int64_t f1g8    = f1   * (int64_t) g8;
+    int64_t f1g9_38 = f1_2 * (int64_t) g9_19;
+    int64_t f2g0    = f2   * (int64_t) g0;
+    int64_t f2g1    = f2   * (int64_t) g1;
+    int64_t f2g2    = f2   * (int64_t) g2;
+    int64_t f2g3    = f2   * (int64_t) g3;
+    int64_t f2g4    = f2   * (int64_t) g4;
+    int64_t f2g5    = f2   * (int64_t) g5;
+    int64_t f2g6    = f2   * (int64_t) g6;
+    int64_t f2g7    = f2   * (int64_t) g7;
+    int64_t f2g8_19 = f2   * (int64_t) g8_19;
+    int64_t f2g9_19 = f2   * (int64_t) g9_19;
+    int64_t f3g0    = f3   * (int64_t) g0;
+    int64_t f3g1_2  = f3_2 * (int64_t) g1;
+    int64_t f3g2    = f3   * (int64_t) g2;
+    int64_t f3g3_2  = f3_2 * (int64_t) g3;
+    int64_t f3g4    = f3   * (int64_t) g4;
+    int64_t f3g5_2  = f3_2 * (int64_t) g5;
+    int64_t f3g6    = f3   * (int64_t) g6;
+    int64_t f3g7_38 = f3_2 * (int64_t) g7_19;
+    int64_t f3g8_19 = f3   * (int64_t) g8_19;
+    int64_t f3g9_38 = f3_2 * (int64_t) g9_19;
+    int64_t f4g0    = f4   * (int64_t) g0;
+    int64_t f4g1    = f4   * (int64_t) g1;
+    int64_t f4g2    = f4   * (int64_t) g2;
+    int64_t f4g3    = f4   * (int64_t) g3;
+    int64_t f4g4    = f4   * (int64_t) g4;
+    int64_t f4g5    = f4   * (int64_t) g5;
+    int64_t f4g6_19 = f4   * (int64_t) g6_19;
+    int64_t f4g7_19 = f4   * (int64_t) g7_19;
+    int64_t f4g8_19 = f4   * (int64_t) g8_19;
+    int64_t f4g9_19 = f4   * (int64_t) g9_19;
+    int64_t f5g0    = f5   * (int64_t) g0;
+    int64_t f5g1_2  = f5_2 * (int64_t) g1;
+    int64_t f5g2    = f5   * (int64_t) g2;
+    int64_t f5g3_2  = f5_2 * (int64_t) g3;
+    int64_t f5g4    = f5   * (int64_t) g4;
+    int64_t f5g5_38 = f5_2 * (int64_t) g5_19;
+    int64_t f5g6_19 = f5   * (int64_t) g6_19;
+    int64_t f5g7_38 = f5_2 * (int64_t) g7_19;
+    int64_t f5g8_19 = f5   * (int64_t) g8_19;
+    int64_t f5g9_38 = f5_2 * (int64_t) g9_19;
+    int64_t f6g0    = f6   * (int64_t) g0;
+    int64_t f6g1    = f6   * (int64_t) g1;
+    int64_t f6g2    = f6   * (int64_t) g2;
+    int64_t f6g3    = f6   * (int64_t) g3;
+    int64_t f6g4_19 = f6   * (int64_t) g4_19;
+    int64_t f6g5_19 = f6   * (int64_t) g5_19;
+    int64_t f6g6_19 = f6   * (int64_t) g6_19;
+    int64_t f6g7_19 = f6   * (int64_t) g7_19;
+    int64_t f6g8_19 = f6   * (int64_t) g8_19;
+    int64_t f6g9_19 = f6   * (int64_t) g9_19;
+    int64_t f7g0    = f7   * (int64_t) g0;
+    int64_t f7g1_2  = f7_2 * (int64_t) g1;
+    int64_t f7g2    = f7   * (int64_t) g2;
+    int64_t f7g3_38 = f7_2 * (int64_t) g3_19;
+    int64_t f7g4_19 = f7   * (int64_t) g4_19;
+    int64_t f7g5_38 = f7_2 * (int64_t) g5_19;
+    int64_t f7g6_19 = f7   * (int64_t) g6_19;
+    int64_t f7g7_38 = f7_2 * (int64_t) g7_19;
+    int64_t f7g8_19 = f7   * (int64_t) g8_19;
+    int64_t f7g9_38 = f7_2 * (int64_t) g9_19;
+    int64_t f8g0    = f8   * (int64_t) g0;
+    int64_t f8g1    = f8   * (int64_t) g1;
+    int64_t f8g2_19 = f8   * (int64_t) g2_19;
+    int64_t f8g3_19 = f8   * (int64_t) g3_19;
+    int64_t f8g4_19 = f8   * (int64_t) g4_19;
+    int64_t f8g5_19 = f8   * (int64_t) g5_19;
+    int64_t f8g6_19 = f8   * (int64_t) g6_19;
+    int64_t f8g7_19 = f8   * (int64_t) g7_19;
+    int64_t f8g8_19 = f8   * (int64_t) g8_19;
+    int64_t f8g9_19 = f8   * (int64_t) g9_19;
+    int64_t f9g0    = f9   * (int64_t) g0;
+    int64_t f9g1_38 = f9_2 * (int64_t) g1_19;
+    int64_t f9g2_19 = f9   * (int64_t) g2_19;
+    int64_t f9g3_38 = f9_2 * (int64_t) g3_19;
+    int64_t f9g4_19 = f9   * (int64_t) g4_19;
+    int64_t f9g5_38 = f9_2 * (int64_t) g5_19;
+    int64_t f9g6_19 = f9   * (int64_t) g6_19;
+    int64_t f9g7_38 = f9_2 * (int64_t) g7_19;
+    int64_t f9g8_19 = f9   * (int64_t) g8_19;
+    int64_t f9g9_38 = f9_2 * (int64_t) g9_19;
+    int64_t h0 = f0g0 + f1g9_38 + f2g8_19 + f3g7_38 + f4g6_19 + f5g5_38 + f6g4_19 + f7g3_38 + f8g2_19 + f9g1_38;
+    int64_t h1 = f0g1 + f1g0    + f2g9_19 + f3g8_19 + f4g7_19 + f5g6_19 + f6g5_19 + f7g4_19 + f8g3_19 + f9g2_19;
+    int64_t h2 = f0g2 + f1g1_2  + f2g0    + f3g9_38 + f4g8_19 + f5g7_38 + f6g6_19 + f7g5_38 + f8g4_19 + f9g3_38;
+    int64_t h3 = f0g3 + f1g2    + f2g1    + f3g0    + f4g9_19 + f5g8_19 + f6g7_19 + f7g6_19 + f8g5_19 + f9g4_19;
+    int64_t h4 = f0g4 + f1g3_2  + f2g2    + f3g1_2  + f4g0    + f5g9_38 + f6g8_19 + f7g7_38 + f8g6_19 + f9g5_38;
+    int64_t h5 = f0g5 + f1g4    + f2g3    + f3g2    + f4g1    + f5g0    + f6g9_19 + f7g8_19 + f8g7_19 + f9g6_19;
+    int64_t h6 = f0g6 + f1g5_2  + f2g4    + f3g3_2  + f4g2    + f5g1_2  + f6g0    + f7g9_38 + f8g8_19 + f9g7_38;
+    int64_t h7 = f0g7 + f1g6    + f2g5    + f3g4    + f4g3    + f5g2    + f6g1    + f7g0    + f8g9_19 + f9g8_19;
+    int64_t h8 = f0g8 + f1g7_2  + f2g6    + f3g5_2  + f4g4    + f5g3_2  + f6g2    + f7g1_2  + f8g0    + f9g9_38;
+    int64_t h9 = f0g9 + f1g8    + f2g7    + f3g6    + f4g5    + f5g4    + f6g3    + f7g2    + f8g1    + f9g0   ;
+    int64_t carry0;
+    int64_t carry1;
+    int64_t carry2;
+    int64_t carry3;
+    int64_t carry4;
+    int64_t carry5;
+    int64_t carry6;
+    int64_t carry7;
+    int64_t carry8;
+    int64_t carry9;
+
+    /* |h0| <= (1.65*1.65*2^52*(1+19+19+19+19)+1.65*1.65*2^50*(38+38+38+38+38))
+     *   i.e. |h0| <= 1.4*2^60; narrower ranges for h2, h4, h6, h8
+     * |h1| <= (1.65*1.65*2^51*(1+1+19+19+19+19+19+19+19+19))
+     *   i.e. |h1| <= 1.7*2^59; narrower ranges for h3, h5, h7, h9 */
+
+    carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits;
+    carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits;
+    /* |h0| <= 2^25 */
+    /* |h4| <= 2^25 */
+    /* |h1| <= 1.71*2^59 */
+    /* |h5| <= 1.71*2^59 */
+
+    carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits;
+    carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits;
+    /* |h1| <= 2^24; from now on fits into int32 */
+    /* |h5| <= 2^24; from now on fits into int32 */
+    /* |h2| <= 1.41*2^60 */
+    /* |h6| <= 1.41*2^60 */
+
+    carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits;
+    carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits;
+    /* |h2| <= 2^25; from now on fits into int32 unchanged */
+    /* |h6| <= 2^25; from now on fits into int32 unchanged */
+    /* |h3| <= 1.71*2^59 */
+    /* |h7| <= 1.71*2^59 */
+
+    carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits;
+    carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits;
+    /* |h3| <= 2^24; from now on fits into int32 unchanged */
+    /* |h7| <= 2^24; from now on fits into int32 unchanged */
+    /* |h4| <= 1.72*2^34 */
+    /* |h8| <= 1.41*2^60 */
+
+    carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits;
+    carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits;
+    /* |h4| <= 2^25; from now on fits into int32 unchanged */
+    /* |h8| <= 2^25; from now on fits into int32 unchanged */
+    /* |h5| <= 1.01*2^24 */
+    /* |h9| <= 1.71*2^59 */
+
+    carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits;
+    /* |h9| <= 2^24; from now on fits into int32 unchanged */
+    /* |h0| <= 1.1*2^39 */
+
+    carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits;
+    /* |h0| <= 2^25; from now on fits into int32 unchanged */
+    /* |h1| <= 1.01*2^24 */
+
+    h[0] = (int32_t)h0;
+    h[1] = (int32_t)h1;
+    h[2] = (int32_t)h2;
+    h[3] = (int32_t)h3;
+    h[4] = (int32_t)h4;
+    h[5] = (int32_t)h5;
+    h[6] = (int32_t)h6;
+    h[7] = (int32_t)h7;
+    h[8] = (int32_t)h8;
+    h[9] = (int32_t)h9;
 }
 
-/* h = f * f
+/*
+ * h = f * f
+ *
  * Can overlap h with f.
  *
  * Preconditions:
@@ -1227,286 +1259,307 @@ static void fe_mul(fe h, const fe f, const fe g) {
  * Postconditions:
  *    |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc.
  *
- * See fe_mul.c for discussion of implementation strategy. */
-static void fe_sq(fe h, const fe f) {
-  int32_t f0 = f[0];
-  int32_t f1 = f[1];
-  int32_t f2 = f[2];
-  int32_t f3 = f[3];
-  int32_t f4 = f[4];
-  int32_t f5 = f[5];
-  int32_t f6 = f[6];
-  int32_t f7 = f[7];
-  int32_t f8 = f[8];
-  int32_t f9 = f[9];
-  int32_t f0_2 = 2 * f0;
-  int32_t f1_2 = 2 * f1;
-  int32_t f2_2 = 2 * f2;
-  int32_t f3_2 = 2 * f3;
-  int32_t f4_2 = 2 * f4;
-  int32_t f5_2 = 2 * f5;
-  int32_t f6_2 = 2 * f6;
-  int32_t f7_2 = 2 * f7;
-  int32_t f5_38 = 38 * f5; /* 1.959375*2^30 */
-  int32_t f6_19 = 19 * f6; /* 1.959375*2^30 */
-  int32_t f7_38 = 38 * f7; /* 1.959375*2^30 */
-  int32_t f8_19 = 19 * f8; /* 1.959375*2^30 */
-  int32_t f9_38 = 38 * f9; /* 1.959375*2^30 */
-  int64_t f0f0    = f0   * (int64_t) f0;
-  int64_t f0f1_2  = f0_2 * (int64_t) f1;
-  int64_t f0f2_2  = f0_2 * (int64_t) f2;
-  int64_t f0f3_2  = f0_2 * (int64_t) f3;
-  int64_t f0f4_2  = f0_2 * (int64_t) f4;
-  int64_t f0f5_2  = f0_2 * (int64_t) f5;
-  int64_t f0f6_2  = f0_2 * (int64_t) f6;
-  int64_t f0f7_2  = f0_2 * (int64_t) f7;
-  int64_t f0f8_2  = f0_2 * (int64_t) f8;
-  int64_t f0f9_2  = f0_2 * (int64_t) f9;
-  int64_t f1f1_2  = f1_2 * (int64_t) f1;
-  int64_t f1f2_2  = f1_2 * (int64_t) f2;
-  int64_t f1f3_4  = f1_2 * (int64_t) f3_2;
-  int64_t f1f4_2  = f1_2 * (int64_t) f4;
-  int64_t f1f5_4  = f1_2 * (int64_t) f5_2;
-  int64_t f1f6_2  = f1_2 * (int64_t) f6;
-  int64_t f1f7_4  = f1_2 * (int64_t) f7_2;
-  int64_t f1f8_2  = f1_2 * (int64_t) f8;
-  int64_t f1f9_76 = f1_2 * (int64_t) f9_38;
-  int64_t f2f2    = f2   * (int64_t) f2;
-  int64_t f2f3_2  = f2_2 * (int64_t) f3;
-  int64_t f2f4_2  = f2_2 * (int64_t) f4;
-  int64_t f2f5_2  = f2_2 * (int64_t) f5;
-  int64_t f2f6_2  = f2_2 * (int64_t) f6;
-  int64_t f2f7_2  = f2_2 * (int64_t) f7;
-  int64_t f2f8_38 = f2_2 * (int64_t) f8_19;
-  int64_t f2f9_38 = f2   * (int64_t) f9_38;
-  int64_t f3f3_2  = f3_2 * (int64_t) f3;
-  int64_t f3f4_2  = f3_2 * (int64_t) f4;
-  int64_t f3f5_4  = f3_2 * (int64_t) f5_2;
-  int64_t f3f6_2  = f3_2 * (int64_t) f6;
-  int64_t f3f7_76 = f3_2 * (int64_t) f7_38;
-  int64_t f3f8_38 = f3_2 * (int64_t) f8_19;
-  int64_t f3f9_76 = f3_2 * (int64_t) f9_38;
-  int64_t f4f4    = f4   * (int64_t) f4;
-  int64_t f4f5_2  = f4_2 * (int64_t) f5;
-  int64_t f4f6_38 = f4_2 * (int64_t) f6_19;
-  int64_t f4f7_38 = f4   * (int64_t) f7_38;
-  int64_t f4f8_38 = f4_2 * (int64_t) f8_19;
-  int64_t f4f9_38 = f4   * (int64_t) f9_38;
-  int64_t f5f5_38 = f5   * (int64_t) f5_38;
-  int64_t f5f6_38 = f5_2 * (int64_t) f6_19;
-  int64_t f5f7_76 = f5_2 * (int64_t) f7_38;
-  int64_t f5f8_38 = f5_2 * (int64_t) f8_19;
-  int64_t f5f9_76 = f5_2 * (int64_t) f9_38;
-  int64_t f6f6_19 = f6   * (int64_t) f6_19;
-  int64_t f6f7_38 = f6   * (int64_t) f7_38;
-  int64_t f6f8_38 = f6_2 * (int64_t) f8_19;
-  int64_t f6f9_38 = f6   * (int64_t) f9_38;
-  int64_t f7f7_38 = f7   * (int64_t) f7_38;
-  int64_t f7f8_38 = f7_2 * (int64_t) f8_19;
-  int64_t f7f9_76 = f7_2 * (int64_t) f9_38;
-  int64_t f8f8_19 = f8   * (int64_t) f8_19;
-  int64_t f8f9_38 = f8   * (int64_t) f9_38;
-  int64_t f9f9_38 = f9   * (int64_t) f9_38;
-  int64_t h0 = f0f0  +f1f9_76+f2f8_38+f3f7_76+f4f6_38+f5f5_38;
-  int64_t h1 = f0f1_2+f2f9_38+f3f8_38+f4f7_38+f5f6_38;
-  int64_t h2 = f0f2_2+f1f1_2 +f3f9_76+f4f8_38+f5f7_76+f6f6_19;
-  int64_t h3 = f0f3_2+f1f2_2 +f4f9_38+f5f8_38+f6f7_38;
-  int64_t h4 = f0f4_2+f1f3_4 +f2f2   +f5f9_76+f6f8_38+f7f7_38;
-  int64_t h5 = f0f5_2+f1f4_2 +f2f3_2 +f6f9_38+f7f8_38;
-  int64_t h6 = f0f6_2+f1f5_4 +f2f4_2 +f3f3_2 +f7f9_76+f8f8_19;
-  int64_t h7 = f0f7_2+f1f6_2 +f2f5_2 +f3f4_2 +f8f9_38;
-  int64_t h8 = f0f8_2+f1f7_4 +f2f6_2 +f3f5_4 +f4f4   +f9f9_38;
-  int64_t h9 = f0f9_2+f1f8_2 +f2f7_2 +f3f6_2 +f4f5_2;
-  int64_t carry0;
-  int64_t carry1;
-  int64_t carry2;
-  int64_t carry3;
-  int64_t carry4;
-  int64_t carry5;
-  int64_t carry6;
-  int64_t carry7;
-  int64_t carry8;
-  int64_t carry9;
-
-  carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits;
-  carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits;
-
-  carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits;
-  carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits;
-
-  carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits;
-  carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits;
-
-  carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits;
-  carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits;
-
-  carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits;
-  carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits;
-
-  carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits;
-
-  carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits;
-
-  h[0] = (int32_t)h0;
-  h[1] = (int32_t)h1;
-  h[2] = (int32_t)h2;
-  h[3] = (int32_t)h3;
-  h[4] = (int32_t)h4;
-  h[5] = (int32_t)h5;
-  h[6] = (int32_t)h6;
-  h[7] = (int32_t)h7;
-  h[8] = (int32_t)h8;
-  h[9] = (int32_t)h9;
+ * See fe_mul.c for discussion of implementation strategy.
+ */
+static void fe_sq(fe h, const fe f)
+{
+    int32_t f0 = f[0];
+    int32_t f1 = f[1];
+    int32_t f2 = f[2];
+    int32_t f3 = f[3];
+    int32_t f4 = f[4];
+    int32_t f5 = f[5];
+    int32_t f6 = f[6];
+    int32_t f7 = f[7];
+    int32_t f8 = f[8];
+    int32_t f9 = f[9];
+    int32_t f0_2 = 2 * f0;
+    int32_t f1_2 = 2 * f1;
+    int32_t f2_2 = 2 * f2;
+    int32_t f3_2 = 2 * f3;
+    int32_t f4_2 = 2 * f4;
+    int32_t f5_2 = 2 * f5;
+    int32_t f6_2 = 2 * f6;
+    int32_t f7_2 = 2 * f7;
+    int32_t f5_38 = 38 * f5; /* 1.959375*2^30 */
+    int32_t f6_19 = 19 * f6; /* 1.959375*2^30 */
+    int32_t f7_38 = 38 * f7; /* 1.959375*2^30 */
+    int32_t f8_19 = 19 * f8; /* 1.959375*2^30 */
+    int32_t f9_38 = 38 * f9; /* 1.959375*2^30 */
+    int64_t f0f0    = f0   * (int64_t) f0;
+    int64_t f0f1_2  = f0_2 * (int64_t) f1;
+    int64_t f0f2_2  = f0_2 * (int64_t) f2;
+    int64_t f0f3_2  = f0_2 * (int64_t) f3;
+    int64_t f0f4_2  = f0_2 * (int64_t) f4;
+    int64_t f0f5_2  = f0_2 * (int64_t) f5;
+    int64_t f0f6_2  = f0_2 * (int64_t) f6;
+    int64_t f0f7_2  = f0_2 * (int64_t) f7;
+    int64_t f0f8_2  = f0_2 * (int64_t) f8;
+    int64_t f0f9_2  = f0_2 * (int64_t) f9;
+    int64_t f1f1_2  = f1_2 * (int64_t) f1;
+    int64_t f1f2_2  = f1_2 * (int64_t) f2;
+    int64_t f1f3_4  = f1_2 * (int64_t) f3_2;
+    int64_t f1f4_2  = f1_2 * (int64_t) f4;
+    int64_t f1f5_4  = f1_2 * (int64_t) f5_2;
+    int64_t f1f6_2  = f1_2 * (int64_t) f6;
+    int64_t f1f7_4  = f1_2 * (int64_t) f7_2;
+    int64_t f1f8_2  = f1_2 * (int64_t) f8;
+    int64_t f1f9_76 = f1_2 * (int64_t) f9_38;
+    int64_t f2f2    = f2   * (int64_t) f2;
+    int64_t f2f3_2  = f2_2 * (int64_t) f3;
+    int64_t f2f4_2  = f2_2 * (int64_t) f4;
+    int64_t f2f5_2  = f2_2 * (int64_t) f5;
+    int64_t f2f6_2  = f2_2 * (int64_t) f6;
+    int64_t f2f7_2  = f2_2 * (int64_t) f7;
+    int64_t f2f8_38 = f2_2 * (int64_t) f8_19;
+    int64_t f2f9_38 = f2   * (int64_t) f9_38;
+    int64_t f3f3_2  = f3_2 * (int64_t) f3;
+    int64_t f3f4_2  = f3_2 * (int64_t) f4;
+    int64_t f3f5_4  = f3_2 * (int64_t) f5_2;
+    int64_t f3f6_2  = f3_2 * (int64_t) f6;
+    int64_t f3f7_76 = f3_2 * (int64_t) f7_38;
+    int64_t f3f8_38 = f3_2 * (int64_t) f8_19;
+    int64_t f3f9_76 = f3_2 * (int64_t) f9_38;
+    int64_t f4f4    = f4   * (int64_t) f4;
+    int64_t f4f5_2  = f4_2 * (int64_t) f5;
+    int64_t f4f6_38 = f4_2 * (int64_t) f6_19;
+    int64_t f4f7_38 = f4   * (int64_t) f7_38;
+    int64_t f4f8_38 = f4_2 * (int64_t) f8_19;
+    int64_t f4f9_38 = f4   * (int64_t) f9_38;
+    int64_t f5f5_38 = f5   * (int64_t) f5_38;
+    int64_t f5f6_38 = f5_2 * (int64_t) f6_19;
+    int64_t f5f7_76 = f5_2 * (int64_t) f7_38;
+    int64_t f5f8_38 = f5_2 * (int64_t) f8_19;
+    int64_t f5f9_76 = f5_2 * (int64_t) f9_38;
+    int64_t f6f6_19 = f6   * (int64_t) f6_19;
+    int64_t f6f7_38 = f6   * (int64_t) f7_38;
+    int64_t f6f8_38 = f6_2 * (int64_t) f8_19;
+    int64_t f6f9_38 = f6   * (int64_t) f9_38;
+    int64_t f7f7_38 = f7   * (int64_t) f7_38;
+    int64_t f7f8_38 = f7_2 * (int64_t) f8_19;
+    int64_t f7f9_76 = f7_2 * (int64_t) f9_38;
+    int64_t f8f8_19 = f8   * (int64_t) f8_19;
+    int64_t f8f9_38 = f8   * (int64_t) f9_38;
+    int64_t f9f9_38 = f9   * (int64_t) f9_38;
+    int64_t h0 = f0f0   + f1f9_76 + f2f8_38 + f3f7_76 + f4f6_38 + f5f5_38;
+    int64_t h1 = f0f1_2 + f2f9_38 + f3f8_38 + f4f7_38 + f5f6_38;
+    int64_t h2 = f0f2_2 + f1f1_2  + f3f9_76 + f4f8_38 + f5f7_76 + f6f6_19;
+    int64_t h3 = f0f3_2 + f1f2_2  + f4f9_38 + f5f8_38 + f6f7_38;
+    int64_t h4 = f0f4_2 + f1f3_4  + f2f2    + f5f9_76 + f6f8_38 + f7f7_38;
+    int64_t h5 = f0f5_2 + f1f4_2  + f2f3_2  + f6f9_38 + f7f8_38;
+    int64_t h6 = f0f6_2 + f1f5_4  + f2f4_2  + f3f3_2  + f7f9_76 + f8f8_19;
+    int64_t h7 = f0f7_2 + f1f6_2  + f2f5_2  + f3f4_2  + f8f9_38;
+    int64_t h8 = f0f8_2 + f1f7_4  + f2f6_2  + f3f5_4  + f4f4    + f9f9_38;
+    int64_t h9 = f0f9_2 + f1f8_2  + f2f7_2  + f3f6_2  + f4f5_2;
+    int64_t carry0;
+    int64_t carry1;
+    int64_t carry2;
+    int64_t carry3;
+    int64_t carry4;
+    int64_t carry5;
+    int64_t carry6;
+    int64_t carry7;
+    int64_t carry8;
+    int64_t carry9;
+
+    carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits;
+    carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits;
+
+    carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits;
+    carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits;
+
+    carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits;
+    carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits;
+
+    carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits;
+    carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits;
+
+    carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits;
+    carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits;
+
+    carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits;
+
+    carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits;
+
+    h[0] = (int32_t)h0;
+    h[1] = (int32_t)h1;
+    h[2] = (int32_t)h2;
+    h[3] = (int32_t)h3;
+    h[4] = (int32_t)h4;
+    h[5] = (int32_t)h5;
+    h[6] = (int32_t)h6;
+    h[7] = (int32_t)h7;
+    h[8] = (int32_t)h8;
+    h[9] = (int32_t)h9;
 }
 
-static void fe_invert(fe out, const fe z) {
-  fe t0;
-  fe t1;
-  fe t2;
-  fe t3;
-  int i;
+static void fe_invert(fe out, const fe z)
+{
+    fe t0;
+    fe t1;
+    fe t2;
+    fe t3;
+    int i;
 
-  /*
-   * Compute z ** -1 = z ** (2 ** 255 - 19 - 2) with the exponent as
-   * 2 ** 255 - 21 = (2 ** 5) * (2 ** 250 - 1) + 11.
-   */
+    /*
+     * Compute z ** -1 = z ** (2 ** 255 - 19 - 2) with the exponent as
+     * 2 ** 255 - 21 = (2 ** 5) * (2 ** 250 - 1) + 11.
+     */
 
-  /* t0 = z ** 2 */
-  fe_sq(t0, z);
+    /* t0 = z ** 2 */
+    fe_sq(t0, z);
 
-  /* t1 = t0 ** (2 ** 2) = z ** 8 */
-  fe_sq(t1, t0);
-  fe_sq(t1, t1);
+    /* t1 = t0 ** (2 ** 2) = z ** 8 */
+    fe_sq(t1, t0);
+    fe_sq(t1, t1);
 
-  /* t1 = z * t1 = z ** 9 */
-  fe_mul(t1, z, t1);
-  /* t0 = t0 * t1 = z ** 11 -- stash t0 away for the end. */
-  fe_mul(t0, t0, t1);
+    /* t1 = z * t1 = z ** 9 */
+    fe_mul(t1, z, t1);
+    /* t0 = t0 * t1 = z ** 11 -- stash t0 away for the end. */
+    fe_mul(t0, t0, t1);
 
-  /* t2 = t0 ** 2 = z ** 22 */
-  fe_sq(t2, t0);
+    /* t2 = t0 ** 2 = z ** 22 */
+    fe_sq(t2, t0);
 
-  /* t1 = t1 * t2 = z ** (2 ** 5 - 1) */
-  fe_mul(t1, t1, t2);
+    /* t1 = t1 * t2 = z ** (2 ** 5 - 1) */
+    fe_mul(t1, t1, t2);
 
-  /* t2 = t1 ** (2 ** 5) = z ** ((2 ** 5) * (2 ** 5 - 1)) */
-  fe_sq(t2, t1);
-  for (i = 1; i < 5; ++i) {
-    fe_sq(t2, t2);
-  }
+    /* t2 = t1 ** (2 ** 5) = z ** ((2 ** 5) * (2 ** 5 - 1)) */
+    fe_sq(t2, t1);
+    for (i = 1; i < 5; ++i) {
+        fe_sq(t2, t2);
+    }
 
-  /* t1 = t1 * t2 = z ** ((2 ** 5 + 1) * (2 ** 5 - 1)) = z ** (2 ** 10 - 1) */
-  fe_mul(t1, t2, t1);
+    /* t1 = t1 * t2 = z ** ((2 ** 5 + 1) * (2 ** 5 - 1)) = z ** (2 ** 10 - 1) */
+    fe_mul(t1, t2, t1);
 
-  /* Continuing similarly... */
+    /* Continuing similarly... */
 
-  /* t2 = z ** (2 ** 20 - 1) */
-  fe_sq(t2, t1);
-  for (i = 1; i < 10; ++i) {
-    fe_sq(t2, t2);
-  }
-  fe_mul(t2, t2, t1);
-
-  /* t2 = z ** (2 ** 40 - 1) */
-  fe_sq(t3, t2);
-  for (i = 1; i < 20; ++i) {
-    fe_sq(t3, t3);
-  }
-  fe_mul(t2, t3, t2);
-
-  /* t2 = z ** (2 ** 10) * (2 ** 40 - 1) */
-  for (i = 0; i < 10; ++i) {
-    fe_sq(t2, t2);
-  }
-  /* t1 = z ** (2 ** 50 - 1) */
-  fe_mul(t1, t2, t1);
+    /* t2 = z ** (2 ** 20 - 1) */
+    fe_sq(t2, t1);
+    for (i = 1; i < 10; ++i) {
+        fe_sq(t2, t2);
+    }
+    fe_mul(t2, t2, t1);
 
-  /* t2 = z ** (2 ** 100 - 1) */
-  fe_sq(t2, t1);
-  for (i = 1; i < 50; ++i) {
-    fe_sq(t2, t2);
-  }
-  fe_mul(t2, t2, t1);
-
-  /* t2 = z ** (2 ** 200 - 1) */
-  fe_sq(t3, t2);
-  for (i = 1; i < 100; ++i) {
-    fe_sq(t3, t3);
-  }
-  fe_mul(t2, t3, t2);
-
-  /* t2 = z ** ((2 ** 50) * (2 ** 200 - 1) */
-  fe_sq(t2, t2);
-  for (i = 1; i < 50; ++i) {
+    /* t2 = z ** (2 ** 40 - 1) */
+    fe_sq(t3, t2);
+    for (i = 1; i < 20; ++i) {
+        fe_sq(t3, t3);
+    }
+    fe_mul(t2, t3, t2);
+
+    /* t2 = z ** (2 ** 10) * (2 ** 40 - 1) */
+    for (i = 0; i < 10; ++i) {
+        fe_sq(t2, t2);
+    }
+    /* t1 = z ** (2 ** 50 - 1) */
+    fe_mul(t1, t2, t1);
+
+    /* t2 = z ** (2 ** 100 - 1) */
+    fe_sq(t2, t1);
+    for (i = 1; i < 50; ++i) {
+        fe_sq(t2, t2);
+    }
+    fe_mul(t2, t2, t1);
+
+    /* t2 = z ** (2 ** 200 - 1) */
+    fe_sq(t3, t2);
+    for (i = 1; i < 100; ++i) {
+        fe_sq(t3, t3);
+    }
+    fe_mul(t2, t3, t2);
+
+    /* t2 = z ** ((2 ** 50) * (2 ** 200 - 1) */
     fe_sq(t2, t2);
-  }
+    for (i = 1; i < 50; ++i) {
+        fe_sq(t2, t2);
+    }
 
-  /* t1 = z ** (2 ** 250 - 1) */
-  fe_mul(t1, t2, t1);
+    /* t1 = z ** (2 ** 250 - 1) */
+    fe_mul(t1, t2, t1);
 
-  /* t1 = z ** ((2 ** 5) * (2 ** 250 - 1)) */
-  fe_sq(t1, t1);
-  for (i = 1; i < 5; ++i) {
+    /* t1 = z ** ((2 ** 5) * (2 ** 250 - 1)) */
     fe_sq(t1, t1);
-  }
+    for (i = 1; i < 5; ++i) {
+        fe_sq(t1, t1);
+    }
 
-  /* Recall t0 = z ** 11; out = z ** (2 ** 255 - 21) */
-  fe_mul(out, t1, t0);
+    /* Recall t0 = z ** 11; out = z ** (2 ** 255 - 21) */
+    fe_mul(out, t1, t0);
 }
 
-/* h = -f
+/*
+ * h = -f
  *
  * Preconditions:
  *    |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
  *
  * Postconditions:
- *    |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. */
-static void fe_neg(fe h, const fe f) {
-  unsigned i;
-  for (i = 0; i < 10; i++) {
-    h[i] = -f[i];
-  }
+ *    |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+ */
+static void fe_neg(fe h, const fe f)
+{
+    unsigned i;
+
+    for (i = 0; i < 10; i++) {
+        h[i] = -f[i];
+    }
 }
 
-/* Replace (f,g) with (g,g) if b == 1;
+/*
+ * Replace (f,g) with (g,g) if b == 1;
  * replace (f,g) with (f,g) if b == 0.
  *
- * Preconditions: b in {0,1}. */
-static void fe_cmov(fe f, const fe g, unsigned b) {
-  size_t i;
-  b = 0-b;
-  for (i = 0; i < 10; i++) {
-    int32_t x = f[i] ^ g[i];
-    x &= b;
-    f[i] ^= x;
-  }
+ * Preconditions: b in {0,1}.
+ */
+static void fe_cmov(fe f, const fe g, unsigned b)
+{
+    size_t i;
+
+    b = 0-b;
+    for (i = 0; i < 10; i++) {
+        int32_t x = f[i] ^ g[i];
+        x &= b;
+        f[i] ^= x;
+    }
 }
 
-/* return 0 if f == 0
+/*
+ * return 0 if f == 0
  * return 1 if f != 0
  *
  * Preconditions:
- *    |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. */
-static int fe_isnonzero(const fe f) {
-  uint8_t s[32];
-  static const uint8_t zero[32] = {0};
-  fe_tobytes(s, f);
+ *    |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+ */
+static int fe_isnonzero(const fe f)
+{
+    uint8_t s[32];
+    static const uint8_t zero[32] = {0};
 
-  return CRYPTO_memcmp(s, zero, sizeof(zero)) != 0;
+    fe_tobytes(s, f);
+
+    return CRYPTO_memcmp(s, zero, sizeof(zero)) != 0;
 }
 
-/* return 1 if f is in {1,3,5,...,q-2}
+/*
+ * return 1 if f is in {1,3,5,...,q-2}
  * return 0 if f is in {0,2,4,...,q-1}
  *
  * Preconditions:
- *    |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. */
-static int fe_isnegative(const fe f) {
-  uint8_t s[32];
-  fe_tobytes(s, f);
-  return s[0] & 1;
+ *    |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+ */
+static int fe_isnegative(const fe f)
+{
+    uint8_t s[32];
+
+    fe_tobytes(s, f);
+    return s[0] & 1;
 }
 
-/* h = 2 * f * f
+/*
+ * h = 2 * f * f
+ *
  * Can overlap h with f.
  *
  * Preconditions:
@@ -1515,208 +1568,212 @@ static int fe_isnegative(const fe f) {
  * Postconditions:
  *    |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc.
  *
- * See fe_mul.c for discussion of implementation strategy. */
-static void fe_sq2(fe h, const fe f) {
-  int32_t f0 = f[0];
-  int32_t f1 = f[1];
-  int32_t f2 = f[2];
-  int32_t f3 = f[3];
-  int32_t f4 = f[4];
-  int32_t f5 = f[5];
-  int32_t f6 = f[6];
-  int32_t f7 = f[7];
-  int32_t f8 = f[8];
-  int32_t f9 = f[9];
-  int32_t f0_2 = 2 * f0;
-  int32_t f1_2 = 2 * f1;
-  int32_t f2_2 = 2 * f2;
-  int32_t f3_2 = 2 * f3;
-  int32_t f4_2 = 2 * f4;
-  int32_t f5_2 = 2 * f5;
-  int32_t f6_2 = 2 * f6;
-  int32_t f7_2 = 2 * f7;
-  int32_t f5_38 = 38 * f5; /* 1.959375*2^30 */
-  int32_t f6_19 = 19 * f6; /* 1.959375*2^30 */
-  int32_t f7_38 = 38 * f7; /* 1.959375*2^30 */
-  int32_t f8_19 = 19 * f8; /* 1.959375*2^30 */
-  int32_t f9_38 = 38 * f9; /* 1.959375*2^30 */
-  int64_t f0f0    = f0   * (int64_t) f0;
-  int64_t f0f1_2  = f0_2 * (int64_t) f1;
-  int64_t f0f2_2  = f0_2 * (int64_t) f2;
-  int64_t f0f3_2  = f0_2 * (int64_t) f3;
-  int64_t f0f4_2  = f0_2 * (int64_t) f4;
-  int64_t f0f5_2  = f0_2 * (int64_t) f5;
-  int64_t f0f6_2  = f0_2 * (int64_t) f6;
-  int64_t f0f7_2  = f0_2 * (int64_t) f7;
-  int64_t f0f8_2  = f0_2 * (int64_t) f8;
-  int64_t f0f9_2  = f0_2 * (int64_t) f9;
-  int64_t f1f1_2  = f1_2 * (int64_t) f1;
-  int64_t f1f2_2  = f1_2 * (int64_t) f2;
-  int64_t f1f3_4  = f1_2 * (int64_t) f3_2;
-  int64_t f1f4_2  = f1_2 * (int64_t) f4;
-  int64_t f1f5_4  = f1_2 * (int64_t) f5_2;
-  int64_t f1f6_2  = f1_2 * (int64_t) f6;
-  int64_t f1f7_4  = f1_2 * (int64_t) f7_2;
-  int64_t f1f8_2  = f1_2 * (int64_t) f8;
-  int64_t f1f9_76 = f1_2 * (int64_t) f9_38;
-  int64_t f2f2    = f2   * (int64_t) f2;
-  int64_t f2f3_2  = f2_2 * (int64_t) f3;
-  int64_t f2f4_2  = f2_2 * (int64_t) f4;
-  int64_t f2f5_2  = f2_2 * (int64_t) f5;
-  int64_t f2f6_2  = f2_2 * (int64_t) f6;
-  int64_t f2f7_2  = f2_2 * (int64_t) f7;
-  int64_t f2f8_38 = f2_2 * (int64_t) f8_19;
-  int64_t f2f9_38 = f2   * (int64_t) f9_38;
-  int64_t f3f3_2  = f3_2 * (int64_t) f3;
-  int64_t f3f4_2  = f3_2 * (int64_t) f4;
-  int64_t f3f5_4  = f3_2 * (int64_t) f5_2;
-  int64_t f3f6_2  = f3_2 * (int64_t) f6;
-  int64_t f3f7_76 = f3_2 * (int64_t) f7_38;
-  int64_t f3f8_38 = f3_2 * (int64_t) f8_19;
-  int64_t f3f9_76 = f3_2 * (int64_t) f9_38;
-  int64_t f4f4    = f4   * (int64_t) f4;
-  int64_t f4f5_2  = f4_2 * (int64_t) f5;
-  int64_t f4f6_38 = f4_2 * (int64_t) f6_19;
-  int64_t f4f7_38 = f4   * (int64_t) f7_38;
-  int64_t f4f8_38 = f4_2 * (int64_t) f8_19;
-  int64_t f4f9_38 = f4   * (int64_t) f9_38;
-  int64_t f5f5_38 = f5   * (int64_t) f5_38;
-  int64_t f5f6_38 = f5_2 * (int64_t) f6_19;
-  int64_t f5f7_76 = f5_2 * (int64_t) f7_38;
-  int64_t f5f8_38 = f5_2 * (int64_t) f8_19;
-  int64_t f5f9_76 = f5_2 * (int64_t) f9_38;
-  int64_t f6f6_19 = f6   * (int64_t) f6_19;
-  int64_t f6f7_38 = f6   * (int64_t) f7_38;
-  int64_t f6f8_38 = f6_2 * (int64_t) f8_19;
-  int64_t f6f9_38 = f6   * (int64_t) f9_38;
-  int64_t f7f7_38 = f7   * (int64_t) f7_38;
-  int64_t f7f8_38 = f7_2 * (int64_t) f8_19;
-  int64_t f7f9_76 = f7_2 * (int64_t) f9_38;
-  int64_t f8f8_19 = f8   * (int64_t) f8_19;
-  int64_t f8f9_38 = f8   * (int64_t) f9_38;
-  int64_t f9f9_38 = f9   * (int64_t) f9_38;
-  int64_t h0 = f0f0  +f1f9_76+f2f8_38+f3f7_76+f4f6_38+f5f5_38;
-  int64_t h1 = f0f1_2+f2f9_38+f3f8_38+f4f7_38+f5f6_38;
-  int64_t h2 = f0f2_2+f1f1_2 +f3f9_76+f4f8_38+f5f7_76+f6f6_19;
-  int64_t h3 = f0f3_2+f1f2_2 +f4f9_38+f5f8_38+f6f7_38;
-  int64_t h4 = f0f4_2+f1f3_4 +f2f2   +f5f9_76+f6f8_38+f7f7_38;
-  int64_t h5 = f0f5_2+f1f4_2 +f2f3_2 +f6f9_38+f7f8_38;
-  int64_t h6 = f0f6_2+f1f5_4 +f2f4_2 +f3f3_2 +f7f9_76+f8f8_19;
-  int64_t h7 = f0f7_2+f1f6_2 +f2f5_2 +f3f4_2 +f8f9_38;
-  int64_t h8 = f0f8_2+f1f7_4 +f2f6_2 +f3f5_4 +f4f4   +f9f9_38;
-  int64_t h9 = f0f9_2+f1f8_2 +f2f7_2 +f3f6_2 +f4f5_2;
-  int64_t carry0;
-  int64_t carry1;
-  int64_t carry2;
-  int64_t carry3;
-  int64_t carry4;
-  int64_t carry5;
-  int64_t carry6;
-  int64_t carry7;
-  int64_t carry8;
-  int64_t carry9;
-
-  h0 += h0;
-  h1 += h1;
-  h2 += h2;
-  h3 += h3;
-  h4 += h4;
-  h5 += h5;
-  h6 += h6;
-  h7 += h7;
-  h8 += h8;
-  h9 += h9;
-
-  carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits;
-  carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits;
-
-  carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits;
-  carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits;
-
-  carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits;
-  carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits;
-
-  carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits;
-  carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits;
-
-  carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits;
-  carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits;
-
-  carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits;
-
-  carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits;
-
-  h[0] = (int32_t)h0;
-  h[1] = (int32_t)h1;
-  h[2] = (int32_t)h2;
-  h[3] = (int32_t)h3;
-  h[4] = (int32_t)h4;
-  h[5] = (int32_t)h5;
-  h[6] = (int32_t)h6;
-  h[7] = (int32_t)h7;
-  h[8] = (int32_t)h8;
-  h[9] = (int32_t)h9;
+ * See fe_mul.c for discussion of implementation strategy.
+ */
+static void fe_sq2(fe h, const fe f)
+{
+    int32_t f0 = f[0];
+    int32_t f1 = f[1];
+    int32_t f2 = f[2];
+    int32_t f3 = f[3];
+    int32_t f4 = f[4];
+    int32_t f5 = f[5];
+    int32_t f6 = f[6];
+    int32_t f7 = f[7];
+    int32_t f8 = f[8];
+    int32_t f9 = f[9];
+    int32_t f0_2 = 2 * f0;
+    int32_t f1_2 = 2 * f1;
+    int32_t f2_2 = 2 * f2;
+    int32_t f3_2 = 2 * f3;
+    int32_t f4_2 = 2 * f4;
+    int32_t f5_2 = 2 * f5;
+    int32_t f6_2 = 2 * f6;
+    int32_t f7_2 = 2 * f7;
+    int32_t f5_38 = 38 * f5; /* 1.959375*2^30 */
+    int32_t f6_19 = 19 * f6; /* 1.959375*2^30 */
+    int32_t f7_38 = 38 * f7; /* 1.959375*2^30 */
+    int32_t f8_19 = 19 * f8; /* 1.959375*2^30 */
+    int32_t f9_38 = 38 * f9; /* 1.959375*2^30 */
+    int64_t f0f0    = f0   * (int64_t) f0;
+    int64_t f0f1_2  = f0_2 * (int64_t) f1;
+    int64_t f0f2_2  = f0_2 * (int64_t) f2;
+    int64_t f0f3_2  = f0_2 * (int64_t) f3;
+    int64_t f0f4_2  = f0_2 * (int64_t) f4;
+    int64_t f0f5_2  = f0_2 * (int64_t) f5;
+    int64_t f0f6_2  = f0_2 * (int64_t) f6;
+    int64_t f0f7_2  = f0_2 * (int64_t) f7;
+    int64_t f0f8_2  = f0_2 * (int64_t) f8;
+    int64_t f0f9_2  = f0_2 * (int64_t) f9;
+    int64_t f1f1_2  = f1_2 * (int64_t) f1;
+    int64_t f1f2_2  = f1_2 * (int64_t) f2;
+    int64_t f1f3_4  = f1_2 * (int64_t) f3_2;
+    int64_t f1f4_2  = f1_2 * (int64_t) f4;
+    int64_t f1f5_4  = f1_2 * (int64_t) f5_2;
+    int64_t f1f6_2  = f1_2 * (int64_t) f6;
+    int64_t f1f7_4  = f1_2 * (int64_t) f7_2;
+    int64_t f1f8_2  = f1_2 * (int64_t) f8;
+    int64_t f1f9_76 = f1_2 * (int64_t) f9_38;
+    int64_t f2f2    = f2   * (int64_t) f2;
+    int64_t f2f3_2  = f2_2 * (int64_t) f3;
+    int64_t f2f4_2  = f2_2 * (int64_t) f4;
+    int64_t f2f5_2  = f2_2 * (int64_t) f5;
+    int64_t f2f6_2  = f2_2 * (int64_t) f6;
+    int64_t f2f7_2  = f2_2 * (int64_t) f7;
+    int64_t f2f8_38 = f2_2 * (int64_t) f8_19;
+    int64_t f2f9_38 = f2   * (int64_t) f9_38;
+    int64_t f3f3_2  = f3_2 * (int64_t) f3;
+    int64_t f3f4_2  = f3_2 * (int64_t) f4;
+    int64_t f3f5_4  = f3_2 * (int64_t) f5_2;
+    int64_t f3f6_2  = f3_2 * (int64_t) f6;
+    int64_t f3f7_76 = f3_2 * (int64_t) f7_38;
+    int64_t f3f8_38 = f3_2 * (int64_t) f8_19;
+    int64_t f3f9_76 = f3_2 * (int64_t) f9_38;
+    int64_t f4f4    = f4   * (int64_t) f4;
+    int64_t f4f5_2  = f4_2 * (int64_t) f5;
+    int64_t f4f6_38 = f4_2 * (int64_t) f6_19;
+    int64_t f4f7_38 = f4   * (int64_t) f7_38;
+    int64_t f4f8_38 = f4_2 * (int64_t) f8_19;
+    int64_t f4f9_38 = f4   * (int64_t) f9_38;
+    int64_t f5f5_38 = f5   * (int64_t) f5_38;
+    int64_t f5f6_38 = f5_2 * (int64_t) f6_19;
+    int64_t f5f7_76 = f5_2 * (int64_t) f7_38;
+    int64_t f5f8_38 = f5_2 * (int64_t) f8_19;
+    int64_t f5f9_76 = f5_2 * (int64_t) f9_38;
+    int64_t f6f6_19 = f6   * (int64_t) f6_19;
+    int64_t f6f7_38 = f6   * (int64_t) f7_38;
+    int64_t f6f8_38 = f6_2 * (int64_t) f8_19;
+    int64_t f6f9_38 = f6   * (int64_t) f9_38;
+    int64_t f7f7_38 = f7   * (int64_t) f7_38;
+    int64_t f7f8_38 = f7_2 * (int64_t) f8_19;
+    int64_t f7f9_76 = f7_2 * (int64_t) f9_38;
+    int64_t f8f8_19 = f8   * (int64_t) f8_19;
+    int64_t f8f9_38 = f8   * (int64_t) f9_38;
+    int64_t f9f9_38 = f9   * (int64_t) f9_38;
+    int64_t h0 = f0f0   + f1f9_76 + f2f8_38 + f3f7_76 + f4f6_38 + f5f5_38;
+    int64_t h1 = f0f1_2 + f2f9_38 + f3f8_38 + f4f7_38 + f5f6_38;
+    int64_t h2 = f0f2_2 + f1f1_2  + f3f9_76 + f4f8_38 + f5f7_76 + f6f6_19;
+    int64_t h3 = f0f3_2 + f1f2_2  + f4f9_38 + f5f8_38 + f6f7_38;
+    int64_t h4 = f0f4_2 + f1f3_4  + f2f2    + f5f9_76 + f6f8_38 + f7f7_38;
+    int64_t h5 = f0f5_2 + f1f4_2  + f2f3_2  + f6f9_38 + f7f8_38;
+    int64_t h6 = f0f6_2 + f1f5_4  + f2f4_2  + f3f3_2  + f7f9_76 + f8f8_19;
+    int64_t h7 = f0f7_2 + f1f6_2  + f2f5_2  + f3f4_2  + f8f9_38;
+    int64_t h8 = f0f8_2 + f1f7_4  + f2f6_2  + f3f5_4  + f4f4    + f9f9_38;
+    int64_t h9 = f0f9_2 + f1f8_2  + f2f7_2  + f3f6_2  + f4f5_2;
+    int64_t carry0;
+    int64_t carry1;
+    int64_t carry2;
+    int64_t carry3;
+    int64_t carry4;
+    int64_t carry5;
+    int64_t carry6;
+    int64_t carry7;
+    int64_t carry8;
+    int64_t carry9;
+
+    h0 += h0;
+    h1 += h1;
+    h2 += h2;
+    h3 += h3;
+    h4 += h4;
+    h5 += h5;
+    h6 += h6;
+    h7 += h7;
+    h8 += h8;
+    h9 += h9;
+
+    carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits;
+    carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits;
+
+    carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits;
+    carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits;
+
+    carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits;
+    carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits;
+
+    carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits;
+    carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits;
+
+    carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits;
+    carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits;
+
+    carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits;
+
+    carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits;
+
+    h[0] = (int32_t)h0;
+    h[1] = (int32_t)h1;
+    h[2] = (int32_t)h2;
+    h[3] = (int32_t)h3;
+    h[4] = (int32_t)h4;
+    h[5] = (int32_t)h5;
+    h[6] = (int32_t)h6;
+    h[7] = (int32_t)h7;
+    h[8] = (int32_t)h8;
+    h[9] = (int32_t)h9;
 }
 
-static void fe_pow22523(fe out, const fe z) {
-  fe t0;
-  fe t1;
-  fe t2;
-  int i;
+static void fe_pow22523(fe out, const fe z)
+{
+    fe t0;
+    fe t1;
+    fe t2;
+    int i;
 
-  fe_sq(t0, z);
-  fe_sq(t1, t0);
-  for (i = 1; i < 2; ++i) {
-    fe_sq(t1, t1);
-  }
-  fe_mul(t1, z, t1);
-  fe_mul(t0, t0, t1);
-  fe_sq(t0, t0);
-  fe_mul(t0, t1, t0);
-  fe_sq(t1, t0);
-  for (i = 1; i < 5; ++i) {
-    fe_sq(t1, t1);
-  }
-  fe_mul(t0, t1, t0);
-  fe_sq(t1, t0);
-  for (i = 1; i < 10; ++i) {
-    fe_sq(t1, t1);
-  }
-  fe_mul(t1, t1, t0);
-  fe_sq(t2, t1);
-  for (i = 1; i < 20; ++i) {
-    fe_sq(t2, t2);
-  }
-  fe_mul(t1, t2, t1);
-  fe_sq(t1, t1);
-  for (i = 1; i < 10; ++i) {
-    fe_sq(t1, t1);
-  }
-  fe_mul(t0, t1, t0);
-  fe_sq(t1, t0);
-  for (i = 1; i < 50; ++i) {
+    fe_sq(t0, z);
+    fe_sq(t1, t0);
+    for (i = 1; i < 2; ++i) {
+        fe_sq(t1, t1);
+    }
+    fe_mul(t1, z, t1);
+    fe_mul(t0, t0, t1);
+    fe_sq(t0, t0);
+    fe_mul(t0, t1, t0);
+    fe_sq(t1, t0);
+    for (i = 1; i < 5; ++i) {
+        fe_sq(t1, t1);
+    }
+    fe_mul(t0, t1, t0);
+    fe_sq(t1, t0);
+    for (i = 1; i < 10; ++i) {
+        fe_sq(t1, t1);
+    }
+    fe_mul(t1, t1, t0);
+    fe_sq(t2, t1);
+    for (i = 1; i < 20; ++i) {
+        fe_sq(t2, t2);
+    }
+    fe_mul(t1, t2, t1);
     fe_sq(t1, t1);
-  }
-  fe_mul(t1, t1, t0);
-  fe_sq(t2, t1);
-  for (i = 1; i < 100; ++i) {
-    fe_sq(t2, t2);
-  }
-  fe_mul(t1, t2, t1);
-  fe_sq(t1, t1);
-  for (i = 1; i < 50; ++i) {
+    for (i = 1; i < 10; ++i) {
+        fe_sq(t1, t1);
+    }
+    fe_mul(t0, t1, t0);
+    fe_sq(t1, t0);
+    for (i = 1; i < 50; ++i) {
+        fe_sq(t1, t1);
+    }
+    fe_mul(t1, t1, t0);
+    fe_sq(t2, t1);
+    for (i = 1; i < 100; ++i) {
+        fe_sq(t2, t2);
+    }
+    fe_mul(t1, t2, t1);
     fe_sq(t1, t1);
-  }
-  fe_mul(t0, t1, t0);
-  fe_sq(t0, t0);
-  for (i = 1; i < 2; ++i) {
+    for (i = 1; i < 50; ++i) {
+        fe_sq(t1, t1);
+    }
+    fe_mul(t0, t1, t0);
     fe_sq(t0, t0);
-  }
-  fe_mul(out, t0, z);
+    for (i = 1; i < 2; ++i) {
+        fe_sq(t0, t0);
+    }
+    fe_mul(out, t0, z);
 }
 
-/* ge means group element.
-
+/*
+ * ge means group element.
+ *
  * Here the group is the set of pairs (x,y) of field elements (see fe.h)
  * satisfying -x^2 + y^2 = 1 + d x^2y^2
  * where d = -121665/121666.
@@ -1725,268 +1782,292 @@ static void fe_pow22523(fe out, const fe z) {
  *   ge_p2 (projective): (X:Y:Z) satisfying x=X/Z, y=Y/Z
  *   ge_p3 (extended): (X:Y:Z:T) satisfying x=X/Z, y=Y/Z, XY=ZT
  *   ge_p1p1 (completed): ((X:Z),(Y:T)) satisfying x=X/Z, y=Y/T
- *   ge_precomp (Duif): (y+x,y-x,2dxy) */
-
+ *   ge_precomp (Duif): (y+x,y-x,2dxy)
+ */
 typedef struct {
-  fe X;
-  fe Y;
-  fe Z;
+    fe X;
+    fe Y;
+    fe Z;
 } ge_p2;
 
 typedef struct {
-  fe X;
-  fe Y;
-  fe Z;
-  fe T;
+    fe X;
+    fe Y;
+    fe Z;
+    fe T;
 } ge_p3;
 
 typedef struct {
-  fe X;
-  fe Y;
-  fe Z;
-  fe T;
+    fe X;
+    fe Y;
+    fe Z;
+    fe T;
 } ge_p1p1;
 
 typedef struct {
-  fe yplusx;
-  fe yminusx;
-  fe xy2d;
+    fe yplusx;
+    fe yminusx;
+    fe xy2d;
 } ge_precomp;
 
 typedef struct {
-  fe YplusX;
-  fe YminusX;
-  fe Z;
-  fe T2d;
+    fe YplusX;
+    fe YminusX;
+    fe Z;
+    fe T2d;
 } ge_cached;
 
-static void ge_tobytes(uint8_t *s, const ge_p2 *h) {
-  fe recip;
-  fe x;
-  fe y;
+static void ge_tobytes(uint8_t *s, const ge_p2 *h)
+{
+    fe recip;
+    fe x;
+    fe y;
+
+    fe_invert(recip, h->Z);
+    fe_mul(x, h->X, recip);
+    fe_mul(y, h->Y, recip);
+    fe_tobytes(s, y);
+    s[31] ^= fe_isnegative(x) << 7;
+}
 
-  fe_invert(recip, h->Z);
-  fe_mul(x, h->X, recip);
-  fe_mul(y, h->Y, recip);
-  fe_tobytes(s, y);
-  s[31] ^= fe_isnegative(x) << 7;
+static void ge_p3_tobytes(uint8_t *s, const ge_p3 *h)
+{
+    fe recip;
+    fe x;
+    fe y;
+
+    fe_invert(recip, h->Z);
+    fe_mul(x, h->X, recip);
+    fe_mul(y, h->Y, recip);
+    fe_tobytes(s, y);
+    s[31] ^= fe_isnegative(x) << 7;
 }
 
-static void ge_p3_tobytes(uint8_t *s, const ge_p3 *h) {
-  fe recip;
-  fe x;
-  fe y;
+static const fe d = {
+    -10913610, 13857413, -15372611, 6949391,   114729,
+    -8787816,  -6275908, -3247719,  -18696448, -12055116
+};
 
-  fe_invert(recip, h->Z);
-  fe_mul(x, h->X, recip);
-  fe_mul(y, h->Y, recip);
-  fe_tobytes(s, y);
-  s[31] ^= fe_isnegative(x) << 7;
-}
+static const fe sqrtm1 = {
+    -32595792, -7943725,  9377950,  3500415, 12389472,
+    -272473,   -25146209, -2005654, 326686,  11406482
+};
 
-static const fe d = {-10913610, 13857413, -15372611, 6949391,   114729,
-                     -8787816,  -6275908, -3247719,  -18696448, -12055116};
-
-static const fe sqrtm1 = {-32595792, -7943725,  9377950,  3500415, 12389472,
-                          -272473,   -25146209, -2005654, 326686,  11406482};
-
-static int ge_frombytes_vartime(ge_p3 *h, const uint8_t *s) {
-  fe u;
-  fe v;
-  fe v3;
-  fe vxx;
-  fe check;
-
-  fe_frombytes(h->Y, s);
-  fe_1(h->Z);
-  fe_sq(u, h->Y);
-  fe_mul(v, u, d);
-  fe_sub(u, u, h->Z); /* u = y^2-1 */
-  fe_add(v, v, h->Z); /* v = dy^2+1 */
-
-  fe_sq(v3, v);
-  fe_mul(v3, v3, v); /* v3 = v^3 */
-  fe_sq(h->X, v3);
-  fe_mul(h->X, h->X, v);
-  fe_mul(h->X, h->X, u); /* x = uv^7 */
-
-  fe_pow22523(h->X, h->X); /* x = (uv^7)^((q-5)/8) */
-  fe_mul(h->X, h->X, v3);
-  fe_mul(h->X, h->X, u); /* x = uv^3(uv^7)^((q-5)/8) */
-
-  fe_sq(vxx, h->X);
-  fe_mul(vxx, vxx, v);
-  fe_sub(check, vxx, u); /* vx^2-u */
-  if (fe_isnonzero(check)) {
-    fe_add(check, vxx, u); /* vx^2+u */
+static int ge_frombytes_vartime(ge_p3 *h, const uint8_t *s)
+{
+    fe u;
+    fe v;
+    fe v3;
+    fe vxx;
+    fe check;
+
+    fe_frombytes(h->Y, s);
+    fe_1(h->Z);
+    fe_sq(u, h->Y);
+    fe_mul(v, u, d);
+    fe_sub(u, u, h->Z); /* u = y^2-1 */
+    fe_add(v, v, h->Z); /* v = dy^2+1 */
+
+    fe_sq(v3, v);
+    fe_mul(v3, v3, v); /* v3 = v^3 */
+    fe_sq(h->X, v3);
+    fe_mul(h->X, h->X, v);
+    fe_mul(h->X, h->X, u); /* x = uv^7 */
+
+    fe_pow22523(h->X, h->X); /* x = (uv^7)^((q-5)/8) */
+    fe_mul(h->X, h->X, v3);
+    fe_mul(h->X, h->X, u); /* x = uv^3(uv^7)^((q-5)/8) */
+
+    fe_sq(vxx, h->X);
+    fe_mul(vxx, vxx, v);
+    fe_sub(check, vxx, u); /* vx^2-u */
     if (fe_isnonzero(check)) {
-      return -1;
+        fe_add(check, vxx, u); /* vx^2+u */
+        if (fe_isnonzero(check)) {
+            return -1;
+        }
+        fe_mul(h->X, h->X, sqrtm1);
     }
-    fe_mul(h->X, h->X, sqrtm1);
-  }
 
-  if (fe_isnegative(h->X) != (s[31] >> 7)) {
-    fe_neg(h->X, h->X);
-  }
+    if (fe_isnegative(h->X) != (s[31] >> 7)) {
+        fe_neg(h->X, h->X);
+    }
 
-  fe_mul(h->T, h->X, h->Y);
-  return 0;
+    fe_mul(h->T, h->X, h->Y);
+    return 0;
 }
 
-static void ge_p2_0(ge_p2 *h) {
-  fe_0(h->X);
-  fe_1(h->Y);
-  fe_1(h->Z);
+static void ge_p2_0(ge_p2 *h)
+{
+    fe_0(h->X);
+    fe_1(h->Y);
+    fe_1(h->Z);
 }
 
-static void ge_p3_0(ge_p3 *h) {
-  fe_0(h->X);
-  fe_1(h->Y);
-  fe_1(h->Z);
-  fe_0(h->T);
+static void ge_p3_0(ge_p3 *h)
+{
+    fe_0(h->X);
+    fe_1(h->Y);
+    fe_1(h->Z);
+    fe_0(h->T);
 }
 
-static void ge_precomp_0(ge_precomp *h) {
-  fe_1(h->yplusx);
-  fe_1(h->yminusx);
-  fe_0(h->xy2d);
+static void ge_precomp_0(ge_precomp *h)
+{
+    fe_1(h->yplusx);
+    fe_1(h->yminusx);
+    fe_0(h->xy2d);
 }
 
 /* r = p */
-static void ge_p3_to_p2(ge_p2 *r, const ge_p3 *p) {
-  fe_copy(r->X, p->X);
-  fe_copy(r->Y, p->Y);
-  fe_copy(r->Z, p->Z);
+static void ge_p3_to_p2(ge_p2 *r, const ge_p3 *p)
+{
+    fe_copy(r->X, p->X);
+    fe_copy(r->Y, p->Y);
+    fe_copy(r->Z, p->Z);
 }
 
-static const fe d2 = {-21827239, -5839606,  -30745221, 13898782, 229458,
-                      15978800,  -12551817, -6495438,  29715968, 9444199};
+static const fe d2 = {
+    -21827239, -5839606,  -30745221, 13898782, 229458,
+    15978800,  -12551817, -6495438,  29715968, 9444199
+};
 
 /* r = p */
-static void ge_p3_to_cached(ge_cached *r, const ge_p3 *p) {
-  fe_add(r->YplusX, p->Y, p->X);
-  fe_sub(r->YminusX, p->Y, p->X);
-  fe_copy(r->Z, p->Z);
-  fe_mul(r->T2d, p->T, d2);
+static void ge_p3_to_cached(ge_cached *r, const ge_p3 *p)
+{
+    fe_add(r->YplusX, p->Y, p->X);
+    fe_sub(r->YminusX, p->Y, p->X);
+    fe_copy(r->Z, p->Z);
+    fe_mul(r->T2d, p->T, d2);
 }
 
 /* r = p */
-static void ge_p1p1_to_p2(ge_p2 *r, const ge_p1p1 *p) {
-  fe_mul(r->X, p->X, p->T);
-  fe_mul(r->Y, p->Y, p->Z);
-  fe_mul(r->Z, p->Z, p->T);
+static void ge_p1p1_to_p2(ge_p2 *r, const ge_p1p1 *p)
+{
+    fe_mul(r->X, p->X, p->T);
+    fe_mul(r->Y, p->Y, p->Z);
+    fe_mul(r->Z, p->Z, p->T);
 }
 
 /* r = p */
-static void ge_p1p1_to_p3(ge_p3 *r, const ge_p1p1 *p) {
-  fe_mul(r->X, p->X, p->T);
-  fe_mul(r->Y, p->Y, p->Z);
-  fe_mul(r->Z, p->Z, p->T);
-  fe_mul(r->T, p->X, p->Y);
+static void ge_p1p1_to_p3(ge_p3 *r, const ge_p1p1 *p)
+{
+    fe_mul(r->X, p->X, p->T);
+    fe_mul(r->Y, p->Y, p->Z);
+    fe_mul(r->Z, p->Z, p->T);
+    fe_mul(r->T, p->X, p->Y);
 }
 
 /* r = 2 * p */
-static void ge_p2_dbl(ge_p1p1 *r, const ge_p2 *p) {
-  fe t0;
-
-  fe_sq(r->X, p->X);
-  fe_sq(r->Z, p->Y);
-  fe_sq2(r->T, p->Z);
-  fe_add(r->Y, p->X, p->Y);
-  fe_sq(t0, r->Y);
-  fe_add(r->Y, r->Z, r->X);
-  fe_sub(r->Z, r->Z, r->X);
-  fe_sub(r->X, t0, r->Y);
-  fe_sub(r->T, r->T, r->Z);
+static void ge_p2_dbl(ge_p1p1 *r, const ge_p2 *p)
+{
+    fe t0;
+
+    fe_sq(r->X, p->X);
+    fe_sq(r->Z, p->Y);
+    fe_sq2(r->T, p->Z);
+    fe_add(r->Y, p->X, p->Y);
+    fe_sq(t0, r->Y);
+    fe_add(r->Y, r->Z, r->X);
+    fe_sub(r->Z, r->Z, r->X);
+    fe_sub(r->X, t0, r->Y);
+    fe_sub(r->T, r->T, r->Z);
 }
 
 /* r = 2 * p */
-static void ge_p3_dbl(ge_p1p1 *r, const ge_p3 *p) {
-  ge_p2 q;
-  ge_p3_to_p2(&q, p);
-  ge_p2_dbl(r, &q);
+static void ge_p3_dbl(ge_p1p1 *r, const ge_p3 *p)
+{
+    ge_p2 q;
+    ge_p3_to_p2(&q, p);
+    ge_p2_dbl(r, &q);
 }
 
 /* r = p + q */
-static void ge_madd(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q) {
-  fe t0;
-
-  fe_add(r->X, p->Y, p->X);
-  fe_sub(r->Y, p->Y, p->X);
-  fe_mul(r->Z, r->X, q->yplusx);
-  fe_mul(r->Y, r->Y, q->yminusx);
-  fe_mul(r->T, q->xy2d, p->T);
-  fe_add(t0, p->Z, p->Z);
-  fe_sub(r->X, r->Z, r->Y);
-  fe_add(r->Y, r->Z, r->Y);
-  fe_add(r->Z, t0, r->T);
-  fe_sub(r->T, t0, r->T);
+static void ge_madd(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q)
+{
+    fe t0;
+
+    fe_add(r->X, p->Y, p->X);
+    fe_sub(r->Y, p->Y, p->X);
+    fe_mul(r->Z, r->X, q->yplusx);
+    fe_mul(r->Y, r->Y, q->yminusx);
+    fe_mul(r->T, q->xy2d, p->T);
+    fe_add(t0, p->Z, p->Z);
+    fe_sub(r->X, r->Z, r->Y);
+    fe_add(r->Y, r->Z, r->Y);
+    fe_add(r->Z, t0, r->T);
+    fe_sub(r->T, t0, r->T);
 }
 
 /* r = p - q */
-static void ge_msub(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q) {
-  fe t0;
-
-  fe_add(r->X, p->Y, p->X);
-  fe_sub(r->Y, p->Y, p->X);
-  fe_mul(r->Z, r->X, q->yminusx);
-  fe_mul(r->Y, r->Y, q->yplusx);
-  fe_mul(r->T, q->xy2d, p->T);
-  fe_add(t0, p->Z, p->Z);
-  fe_sub(r->X, r->Z, r->Y);
-  fe_add(r->Y, r->Z, r->Y);
-  fe_sub(r->Z, t0, r->T);
-  fe_add(r->T, t0, r->T);
+static void ge_msub(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q)
+{
+    fe t0;
+
+    fe_add(r->X, p->Y, p->X);
+    fe_sub(r->Y, p->Y, p->X);
+    fe_mul(r->Z, r->X, q->yminusx);
+    fe_mul(r->Y, r->Y, q->yplusx);
+    fe_mul(r->T, q->xy2d, p->T);
+    fe_add(t0, p->Z, p->Z);
+    fe_sub(r->X, r->Z, r->Y);
+    fe_add(r->Y, r->Z, r->Y);
+    fe_sub(r->Z, t0, r->T);
+    fe_add(r->T, t0, r->T);
 }
 
 /* r = p + q */
-static void ge_add(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q) {
-  fe t0;
-
-  fe_add(r->X, p->Y, p->X);
-  fe_sub(r->Y, p->Y, p->X);
-  fe_mul(r->Z, r->X, q->YplusX);
-  fe_mul(r->Y, r->Y, q->YminusX);
-  fe_mul(r->T, q->T2d, p->T);
-  fe_mul(r->X, p->Z, q->Z);
-  fe_add(t0, r->X, r->X);
-  fe_sub(r->X, r->Z, r->Y);
-  fe_add(r->Y, r->Z, r->Y);
-  fe_add(r->Z, t0, r->T);
-  fe_sub(r->T, t0, r->T);
+static void ge_add(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q)
+{
+    fe t0;
+
+    fe_add(r->X, p->Y, p->X);
+    fe_sub(r->Y, p->Y, p->X);
+    fe_mul(r->Z, r->X, q->YplusX);
+    fe_mul(r->Y, r->Y, q->YminusX);
+    fe_mul(r->T, q->T2d, p->T);
+    fe_mul(r->X, p->Z, q->Z);
+    fe_add(t0, r->X, r->X);
+    fe_sub(r->X, r->Z, r->Y);
+    fe_add(r->Y, r->Z, r->Y);
+    fe_add(r->Z, t0, r->T);
+    fe_sub(r->T, t0, r->T);
 }
 
 /* r = p - q */
-static void ge_sub(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q) {
-  fe t0;
-
-  fe_add(r->X, p->Y, p->X);
-  fe_sub(r->Y, p->Y, p->X);
-  fe_mul(r->Z, r->X, q->YminusX);
-  fe_mul(r->Y, r->Y, q->YplusX);
-  fe_mul(r->T, q->T2d, p->T);
-  fe_mul(r->X, p->Z, q->Z);
-  fe_add(t0, r->X, r->X);
-  fe_sub(r->X, r->Z, r->Y);
-  fe_add(r->Y, r->Z, r->Y);
-  fe_sub(r->Z, t0, r->T);
-  fe_add(r->T, t0, r->T);
+static void ge_sub(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q)
+{
+    fe t0;
+
+    fe_add(r->X, p->Y, p->X);
+    fe_sub(r->Y, p->Y, p->X);
+    fe_mul(r->Z, r->X, q->YminusX);
+    fe_mul(r->Y, r->Y, q->YplusX);
+    fe_mul(r->T, q->T2d, p->T);
+    fe_mul(r->X, p->Z, q->Z);
+    fe_add(t0, r->X, r->X);
+    fe_sub(r->X, r->Z, r->Y);
+    fe_add(r->Y, r->Z, r->Y);
+    fe_sub(r->Z, t0, r->T);
+    fe_add(r->T, t0, r->T);
 }
 
-static uint8_t equal(signed char b, signed char c) {
-  uint8_t ub = b;
-  uint8_t uc = c;
-  uint8_t x = ub ^ uc; /* 0: yes; 1..255: no */
-  uint32_t y = x;      /* 0: yes; 1..255: no */
-  y -= 1;              /* 4294967295: yes; 0..254: no */
-  y >>= 31;            /* 1: yes; 0: no */
-  return y;
+static uint8_t equal(signed char b, signed char c)
+{
+    uint8_t ub = b;
+    uint8_t uc = c;
+    uint8_t x = ub ^ uc; /* 0: yes; 1..255: no */
+    uint32_t y = x;      /* 0: yes; 1..255: no */
+    y -= 1;              /* 4294967295: yes; 0..254: no */
+    y >>= 31;            /* 1: yes; 0: no */
+    return y;
 }
 
-static void cmov(ge_precomp *t, const ge_precomp *u, uint8_t b) {
-  fe_cmov(t->yplusx, u->yplusx, b);
-  fe_cmov(t->yminusx, u->yminusx, b);
-  fe_cmov(t->xy2d, u->xy2d, b);
+static void cmov(ge_precomp *t, const ge_precomp *u, uint8_t b)
+{
+    fe_cmov(t->yplusx, u->yplusx, b);
+    fe_cmov(t->yminusx, u->yminusx, b);
+    fe_cmov(t->xy2d, u->xy2d, b);
 }
 
 /* k25519Precomp[i][j] = (j+1)*256^i*B */
@@ -4105,257 +4186,273 @@ static const ge_precomp k25519Precomp[32][8] = {
     },
 };
 
-static uint8_t negative(signed char b) {
-  uint32_t x = b;
-  x >>= 31; /* 1: yes; 0: no */
-  return x;
+static uint8_t negative(signed char b)
+{
+    uint32_t x = b;
+
+    x >>= 31; /* 1: yes; 0: no */
+    return x;
 }
 
-static void table_select(ge_precomp *t, int pos, signed char b) {
-  ge_precomp minust;
-  uint8_t bnegative = negative(b);
-  uint8_t babs = b - ((uint8_t)((-bnegative) & b) << 1);
-
-  ge_precomp_0(t);
-  cmov(t, &k25519Precomp[pos][0], equal(babs, 1));
-  cmov(t, &k25519Precomp[pos][1], equal(babs, 2));
-  cmov(t, &k25519Precomp[pos][2], equal(babs, 3));
-  cmov(t, &k25519Precomp[pos][3], equal(babs, 4));
-  cmov(t, &k25519Precomp[pos][4], equal(babs, 5));
-  cmov(t, &k25519Precomp[pos][5], equal(babs, 6));
-  cmov(t, &k25519Precomp[pos][6], equal(babs, 7));
-  cmov(t, &k25519Precomp[pos][7], equal(babs, 8));
-  fe_copy(minust.yplusx, t->yminusx);
-  fe_copy(minust.yminusx, t->yplusx);
-  fe_neg(minust.xy2d, t->xy2d);
-  cmov(t, &minust, bnegative);
+static void table_select(ge_precomp *t, int pos, signed char b)
+{
+    ge_precomp minust;
+    uint8_t bnegative = negative(b);
+    uint8_t babs = b - ((uint8_t)((-bnegative) & b) << 1);
+
+    ge_precomp_0(t);
+    cmov(t, &k25519Precomp[pos][0], equal(babs, 1));
+    cmov(t, &k25519Precomp[pos][1], equal(babs, 2));
+    cmov(t, &k25519Precomp[pos][2], equal(babs, 3));
+    cmov(t, &k25519Precomp[pos][3], equal(babs, 4));
+    cmov(t, &k25519Precomp[pos][4], equal(babs, 5));
+    cmov(t, &k25519Precomp[pos][5], equal(babs, 6));
+    cmov(t, &k25519Precomp[pos][6], equal(babs, 7));
+    cmov(t, &k25519Precomp[pos][7], equal(babs, 8));
+    fe_copy(minust.yplusx, t->yminusx);
+    fe_copy(minust.yminusx, t->yplusx);
+    fe_neg(minust.xy2d, t->xy2d);
+    cmov(t, &minust, bnegative);
 }
 
-/* h = a * B
+/*
+ * h = a * B
+ *
  * where a = a[0]+256*a[1]+...+256^31 a[31]
  * B is the Ed25519 base point (x,4/5) with x positive.
  *
  * Preconditions:
- *   a[31] <= 127 */
-static void ge_scalarmult_base(ge_p3 *h, const uint8_t *a) {
-  signed char e[64];
-  signed char carry;
-  ge_p1p1 r;
-  ge_p2 s;
-  ge_precomp t;
-  int i;
-
-  for (i = 0; i < 32; ++i) {
-    e[2 * i + 0] = (a[i] >> 0) & 15;
-    e[2 * i + 1] = (a[i] >> 4) & 15;
-  }
-  /* each e[i] is between 0 and 15 */
-  /* e[63] is between 0 and 7 */
-
-  carry = 0;
-  for (i = 0; i < 63; ++i) {
-    e[i] += carry;
-    carry = e[i] + 8;
-    carry >>= 4;
-    e[i] -= carry << 4;
-  }
-  e[63] += carry;
-  /* each e[i] is between -8 and 8 */
-
-  ge_p3_0(h);
-  for (i = 1; i < 64; i += 2) {
-    table_select(&t, i / 2, e[i]);
-    ge_madd(&r, h, &t);
-    ge_p1p1_to_p3(h, &r);
-  }
-
-  ge_p3_dbl(&r, h);
-  ge_p1p1_to_p2(&s, &r);
-  ge_p2_dbl(&r, &s);
-  ge_p1p1_to_p2(&s, &r);
-  ge_p2_dbl(&r, &s);
-  ge_p1p1_to_p2(&s, &r);
-  ge_p2_dbl(&r, &s);
-  ge_p1p1_to_p3(h, &r);
-
-  for (i = 0; i < 64; i += 2) {
-    table_select(&t, i / 2, e[i]);
-    ge_madd(&r, h, &t);
+ *   a[31] <= 127
+ */
+static void ge_scalarmult_base(ge_p3 *h, const uint8_t *a)
+{
+    signed char e[64];
+    signed char carry;
+    ge_p1p1 r;
+    ge_p2 s;
+    ge_precomp t;
+    int i;
+
+    for (i = 0; i < 32; ++i) {
+        e[2 * i + 0] = (a[i] >> 0) & 15;
+        e[2 * i + 1] = (a[i] >> 4) & 15;
+    }
+    /* each e[i] is between 0 and 15 */
+    /* e[63] is between 0 and 7 */
+
+    carry = 0;
+    for (i = 0; i < 63; ++i) {
+        e[i] += carry;
+        carry = e[i] + 8;
+        carry >>= 4;
+        e[i] -= carry << 4;
+    }
+    e[63] += carry;
+    /* each e[i] is between -8 and 8 */
+
+    ge_p3_0(h);
+    for (i = 1; i < 64; i += 2) {
+        table_select(&t, i / 2, e[i]);
+        ge_madd(&r, h, &t);
+        ge_p1p1_to_p3(h, &r);
+    }
+
+    ge_p3_dbl(&r, h);
+    ge_p1p1_to_p2(&s, &r);
+    ge_p2_dbl(&r, &s);
+    ge_p1p1_to_p2(&s, &r);
+    ge_p2_dbl(&r, &s);
+    ge_p1p1_to_p2(&s, &r);
+    ge_p2_dbl(&r, &s);
     ge_p1p1_to_p3(h, &r);
-  }
 
-  OPENSSL_cleanse(e, sizeof(e));
+    for (i = 0; i < 64; i += 2) {
+        table_select(&t, i / 2, e[i]);
+        ge_madd(&r, h, &t);
+        ge_p1p1_to_p3(h, &r);
+    }
+
+    OPENSSL_cleanse(e, sizeof(e));
 }
 
 #if !defined(BASE_2_51_IMPLEMENTED)
-/* Replace (f,g) with (g,f) if b == 1;
+/*
+ * Replace (f,g) with (g,f) if b == 1;
  * replace (f,g) with (f,g) if b == 0.
  *
- * Preconditions: b in {0,1}. */
-static void fe_cswap(fe f, fe g, unsigned int b) {
-  size_t i;
-  b = 0-b;
-  for (i = 0; i < 10; i++) {
-    int32_t x = f[i] ^ g[i];
-    x &= b;
-    f[i] ^= x;
-    g[i] ^= x;
-  }
+ * Preconditions: b in {0,1}.
+ */
+static void fe_cswap(fe f, fe g, unsigned int b)
+{
+    size_t i;
+
+    b = 0-b;
+    for (i = 0; i < 10; i++) {
+        int32_t x = f[i] ^ g[i];
+        x &= b;
+        f[i] ^= x;
+        g[i] ^= x;
+    }
 }
 
-/* h = f * 121666
+/*
+ * h = f * 121666
+ *
  * Can overlap h with f.
  *
  * Preconditions:
  *    |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
  *
  * Postconditions:
- *    |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. */
-static void fe_mul121666(fe h, fe f) {
-  int32_t f0 = f[0];
-  int32_t f1 = f[1];
-  int32_t f2 = f[2];
-  int32_t f3 = f[3];
-  int32_t f4 = f[4];
-  int32_t f5 = f[5];
-  int32_t f6 = f[6];
-  int32_t f7 = f[7];
-  int32_t f8 = f[8];
-  int32_t f9 = f[9];
-  int64_t h0 = f0 * (int64_t) 121666;
-  int64_t h1 = f1 * (int64_t) 121666;
-  int64_t h2 = f2 * (int64_t) 121666;
-  int64_t h3 = f3 * (int64_t) 121666;
-  int64_t h4 = f4 * (int64_t) 121666;
-  int64_t h5 = f5 * (int64_t) 121666;
-  int64_t h6 = f6 * (int64_t) 121666;
-  int64_t h7 = f7 * (int64_t) 121666;
-  int64_t h8 = f8 * (int64_t) 121666;
-  int64_t h9 = f9 * (int64_t) 121666;
-  int64_t carry0;
-  int64_t carry1;
-  int64_t carry2;
-  int64_t carry3;
-  int64_t carry4;
-  int64_t carry5;
-  int64_t carry6;
-  int64_t carry7;
-  int64_t carry8;
-  int64_t carry9;
-
-  carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits;
-  carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits;
-  carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits;
-  carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits;
-  carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits;
-
-  carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits;
-  carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits;
-  carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits;
-  carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits;
-  carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits;
-
-  h[0] = (int32_t)h0;
-  h[1] = (int32_t)h1;
-  h[2] = (int32_t)h2;
-  h[3] = (int32_t)h3;
-  h[4] = (int32_t)h4;
-  h[5] = (int32_t)h5;
-  h[6] = (int32_t)h6;
-  h[7] = (int32_t)h7;
-  h[8] = (int32_t)h8;
-  h[9] = (int32_t)h9;
+ *    |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+ */
+static void fe_mul121666(fe h, fe f)
+{
+    int32_t f0 = f[0];
+    int32_t f1 = f[1];
+    int32_t f2 = f[2];
+    int32_t f3 = f[3];
+    int32_t f4 = f[4];
+    int32_t f5 = f[5];
+    int32_t f6 = f[6];
+    int32_t f7 = f[7];
+    int32_t f8 = f[8];
+    int32_t f9 = f[9];
+    int64_t h0 = f0 * (int64_t) 121666;
+    int64_t h1 = f1 * (int64_t) 121666;
+    int64_t h2 = f2 * (int64_t) 121666;
+    int64_t h3 = f3 * (int64_t) 121666;
+    int64_t h4 = f4 * (int64_t) 121666;
+    int64_t h5 = f5 * (int64_t) 121666;
+    int64_t h6 = f6 * (int64_t) 121666;
+    int64_t h7 = f7 * (int64_t) 121666;
+    int64_t h8 = f8 * (int64_t) 121666;
+    int64_t h9 = f9 * (int64_t) 121666;
+    int64_t carry0;
+    int64_t carry1;
+    int64_t carry2;
+    int64_t carry3;
+    int64_t carry4;
+    int64_t carry5;
+    int64_t carry6;
+    int64_t carry7;
+    int64_t carry8;
+    int64_t carry9;
+
+    carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits;
+    carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits;
+    carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits;
+    carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits;
+    carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits;
+
+    carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits;
+    carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits;
+    carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits;
+    carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits;
+    carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits;
+
+    h[0] = (int32_t)h0;
+    h[1] = (int32_t)h1;
+    h[2] = (int32_t)h2;
+    h[3] = (int32_t)h3;
+    h[4] = (int32_t)h4;
+    h[5] = (int32_t)h5;
+    h[6] = (int32_t)h6;
+    h[7] = (int32_t)h7;
+    h[8] = (int32_t)h8;
+    h[9] = (int32_t)h9;
 }
 
 static void x25519_scalar_mult_generic(uint8_t out[32],
                                        const uint8_t scalar[32],
                                        const uint8_t point[32]) {
-  fe x1, x2, z2, x3, z3, tmp0, tmp1;
-  uint8_t e[32];
-  unsigned swap = 0;
-  int pos;
-
-  memcpy(e, scalar, 32);
-  e[0] &= 248;
-  e[31] &= 127;
-  e[31] |= 64;
-  fe_frombytes(x1, point);
-  fe_1(x2);
-  fe_0(z2);
-  fe_copy(x3, x1);
-  fe_1(z3);
-
-  for (pos = 254; pos >= 0; --pos) {
-    unsigned b = 1 & (e[pos / 8] >> (pos & 7));
-    swap ^= b;
-    fe_cswap(x2, x3, swap);
-    fe_cswap(z2, z3, swap);
-    swap = b;
-    fe_sub(tmp0, x3, z3);
-    fe_sub(tmp1, x2, z2);
-    fe_add(x2, x2, z2);
-    fe_add(z2, x3, z3);
-    fe_mul(z3, tmp0, x2);
-    fe_mul(z2, z2, tmp1);
-    fe_sq(tmp0, tmp1);
-    fe_sq(tmp1, x2);
-    fe_add(x3, z3, z2);
-    fe_sub(z2, z3, z2);
-    fe_mul(x2, tmp1, tmp0);
-    fe_sub(tmp1, tmp1, tmp0);
-    fe_sq(z2, z2);
-    fe_mul121666(z3, tmp1);
-    fe_sq(x3, x3);
-    fe_add(tmp0, tmp0, z3);
-    fe_mul(z3, x1, z2);
-    fe_mul(z2, tmp1, tmp0);
-  }
-
-  fe_invert(z2, z2);
-  fe_mul(x2, x2, z2);
-  fe_tobytes(out, x2);
-
-  OPENSSL_cleanse(e, sizeof(e));
+    fe x1, x2, z2, x3, z3, tmp0, tmp1;
+    uint8_t e[32];
+    unsigned swap = 0;
+    int pos;
+
+    memcpy(e, scalar, 32);
+    e[0] &= 248;
+    e[31] &= 127;
+    e[31] |= 64;
+    fe_frombytes(x1, point);
+    fe_1(x2);
+    fe_0(z2);
+    fe_copy(x3, x1);
+    fe_1(z3);
+
+    for (pos = 254; pos >= 0; --pos) {
+        unsigned b = 1 & (e[pos / 8] >> (pos & 7));
+        swap ^= b;
+        fe_cswap(x2, x3, swap);
+        fe_cswap(z2, z3, swap);
+        swap = b;
+        fe_sub(tmp0, x3, z3);
+        fe_sub(tmp1, x2, z2);
+        fe_add(x2, x2, z2);
+        fe_add(z2, x3, z3);
+        fe_mul(z3, tmp0, x2);
+        fe_mul(z2, z2, tmp1);
+        fe_sq(tmp0, tmp1);
+        fe_sq(tmp1, x2);
+        fe_add(x3, z3, z2);
+        fe_sub(z2, z3, z2);
+        fe_mul(x2, tmp1, tmp0);
+        fe_sub(tmp1, tmp1, tmp0);
+        fe_sq(z2, z2);
+        fe_mul121666(z3, tmp1);
+        fe_sq(x3, x3);
+        fe_add(tmp0, tmp0, z3);
+        fe_mul(z3, x1, z2);
+        fe_mul(z2, tmp1, tmp0);
+    }
+
+    fe_invert(z2, z2);
+    fe_mul(x2, x2, z2);
+    fe_tobytes(out, x2);
+
+    OPENSSL_cleanse(e, sizeof(e));
 }
 
 static void x25519_scalar_mult(uint8_t out[32], const uint8_t scalar[32],
                                const uint8_t point[32]) {
-  x25519_scalar_mult_generic(out, scalar, point);
+    x25519_scalar_mult_generic(out, scalar, point);
 }
 #endif
 
-static void slide(signed char *r, const uint8_t *a) {
-  int i;
-  int b;
-  int k;
-
-  for (i = 0; i < 256; ++i) {
-    r[i] = 1 & (a[i >> 3] >> (i & 7));
-  }
-
-  for (i = 0; i < 256; ++i) {
-    if (r[i]) {
-      for (b = 1; b <= 6 && i + b < 256; ++b) {
-        if (r[i + b]) {
-          if (r[i] + (r[i + b] << b) <= 15) {
-            r[i] += r[i + b] << b;
-            r[i + b] = 0;
-          } else if (r[i] - (r[i + b] << b) >= -15) {
-            r[i] -= r[i + b] << b;
-            for (k = i + b; k < 256; ++k) {
-              if (!r[k]) {
-                r[k] = 1;
-                break;
-              }
-              r[k] = 0;
+static void slide(signed char *r, const uint8_t *a)
+{
+    int i;
+    int b;
+    int k;
+
+    for (i = 0; i < 256; ++i) {
+        r[i] = 1 & (a[i >> 3] >> (i & 7));
+    }
+
+    for (i = 0; i < 256; ++i) {
+        if (r[i]) {
+            for (b = 1; b <= 6 && i + b < 256; ++b) {
+                if (r[i + b]) {
+                    if (r[i] + (r[i + b] << b) <= 15) {
+                        r[i] += r[i + b] << b;
+                        r[i + b] = 0;
+                    } else if (r[i] - (r[i + b] << b) >= -15) {
+                        r[i] -= r[i + b] << b;
+                        for (k = i + b; k < 256; ++k) {
+                            if (!r[k]) {
+                                r[k] = 1;
+                                break;
+                            }
+                            r[k] = 0;
+                        }
+                    } else {
+                        break;
+                    }
+                }
             }
-          } else {
-            break;
-          }
         }
-      }
     }
-  }
 }
 
 static const ge_precomp Bi[8] = {
@@ -4425,1033 +4522,1075 @@ static const ge_precomp Bi[8] = {
     },
 };
 
-/* r = a * A + b * B
+/*
+ * r = a * A + b * B
+ *
  * where a = a[0]+256*a[1]+...+256^31 a[31].
  * and b = b[0]+256*b[1]+...+256^31 b[31].
- * B is the Ed25519 base point (x,4/5) with x positive. */
+ * B is the Ed25519 base point (x,4/5) with x positive.
+ */
 static void ge_double_scalarmult_vartime(ge_p2 *r, const uint8_t *a,
-                                         const ge_p3 *A, const uint8_t *b) {
-  signed char aslide[256];
-  signed char bslide[256];
-  ge_cached Ai[8]; /* A,3A,5A,7A,9A,11A,13A,15A */
-  ge_p1p1 t;
-  ge_p3 u;
-  ge_p3 A2;
-  int i;
-
-  slide(aslide, a);
-  slide(bslide, b);
-
-  ge_p3_to_cached(&Ai[0], A);
-  ge_p3_dbl(&t, A);
-  ge_p1p1_to_p3(&A2, &t);
-  ge_add(&t, &A2, &Ai[0]);
-  ge_p1p1_to_p3(&u, &t);
-  ge_p3_to_cached(&Ai[1], &u);
-  ge_add(&t, &A2, &Ai[1]);
-  ge_p1p1_to_p3(&u, &t);
-  ge_p3_to_cached(&Ai[2], &u);
-  ge_add(&t, &A2, &Ai[2]);
-  ge_p1p1_to_p3(&u, &t);
-  ge_p3_to_cached(&Ai[3], &u);
-  ge_add(&t, &A2, &Ai[3]);
-  ge_p1p1_to_p3(&u, &t);
-  ge_p3_to_cached(&Ai[4], &u);
-  ge_add(&t, &A2, &Ai[4]);
-  ge_p1p1_to_p3(&u, &t);
-  ge_p3_to_cached(&Ai[5], &u);
-  ge_add(&t, &A2, &Ai[5]);
-  ge_p1p1_to_p3(&u, &t);
-  ge_p3_to_cached(&Ai[6], &u);
-  ge_add(&t, &A2, &Ai[6]);
-  ge_p1p1_to_p3(&u, &t);
-  ge_p3_to_cached(&Ai[7], &u);
-
-  ge_p2_0(r);
-
-  for (i = 255; i >= 0; --i) {
-    if (aslide[i] || bslide[i]) {
-      break;
+                                         const ge_p3 *A, const uint8_t *b)
+{
+    signed char aslide[256];
+    signed char bslide[256];
+    ge_cached Ai[8]; /* A,3A,5A,7A,9A,11A,13A,15A */
+    ge_p1p1 t;
+    ge_p3 u;
+    ge_p3 A2;
+    int i;
+
+    slide(aslide, a);
+    slide(bslide, b);
+
+    ge_p3_to_cached(&Ai[0], A);
+    ge_p3_dbl(&t, A);
+    ge_p1p1_to_p3(&A2, &t);
+    ge_add(&t, &A2, &Ai[0]);
+    ge_p1p1_to_p3(&u, &t);
+    ge_p3_to_cached(&Ai[1], &u);
+    ge_add(&t, &A2, &Ai[1]);
+    ge_p1p1_to_p3(&u, &t);
+    ge_p3_to_cached(&Ai[2], &u);
+    ge_add(&t, &A2, &Ai[2]);
+    ge_p1p1_to_p3(&u, &t);
+    ge_p3_to_cached(&Ai[3], &u);
+    ge_add(&t, &A2, &Ai[3]);
+    ge_p1p1_to_p3(&u, &t);
+    ge_p3_to_cached(&Ai[4], &u);
+    ge_add(&t, &A2, &Ai[4]);
+    ge_p1p1_to_p3(&u, &t);
+    ge_p3_to_cached(&Ai[5], &u);
+    ge_add(&t, &A2, &Ai[5]);
+    ge_p1p1_to_p3(&u, &t);
+    ge_p3_to_cached(&Ai[6], &u);
+    ge_add(&t, &A2, &Ai[6]);
+    ge_p1p1_to_p3(&u, &t);
+    ge_p3_to_cached(&Ai[7], &u);
+
+    ge_p2_0(r);
+
+    for (i = 255; i >= 0; --i) {
+        if (aslide[i] || bslide[i]) {
+            break;
+        }
     }
-  }
 
-  for (; i >= 0; --i) {
-    ge_p2_dbl(&t, r);
+    for (; i >= 0; --i) {
+        ge_p2_dbl(&t, r);
 
-    if (aslide[i] > 0) {
-      ge_p1p1_to_p3(&u, &t);
-      ge_add(&t, &u, &Ai[aslide[i] / 2]);
-    } else if (aslide[i] < 0) {
-      ge_p1p1_to_p3(&u, &t);
-      ge_sub(&t, &u, &Ai[(-aslide[i]) / 2]);
-    }
+        if (aslide[i] > 0) {
+            ge_p1p1_to_p3(&u, &t);
+            ge_add(&t, &u, &Ai[aslide[i] / 2]);
+        } else if (aslide[i] < 0) {
+            ge_p1p1_to_p3(&u, &t);
+            ge_sub(&t, &u, &Ai[(-aslide[i]) / 2]);
+        }
 
-    if (bslide[i] > 0) {
-      ge_p1p1_to_p3(&u, &t);
-      ge_madd(&t, &u, &Bi[bslide[i] / 2]);
-    } else if (bslide[i] < 0) {
-      ge_p1p1_to_p3(&u, &t);
-      ge_msub(&t, &u, &Bi[(-bslide[i]) / 2]);
-    }
+        if (bslide[i] > 0) {
+            ge_p1p1_to_p3(&u, &t);
+            ge_madd(&t, &u, &Bi[bslide[i] / 2]);
+        } else if (bslide[i] < 0) {
+            ge_p1p1_to_p3(&u, &t);
+            ge_msub(&t, &u, &Bi[(-bslide[i]) / 2]);
+        }
 
-    ge_p1p1_to_p2(r, &t);
-  }
+        ge_p1p1_to_p2(r, &t);
+    }
 }
 
-/* The set of scalars is \Z/l
- * where l = 2^252 + 27742317777372353535851937790883648493. */
-
-/* Input:
+/*
+ * The set of scalars is \Z/l
+ * where l = 2^252 + 27742317777372353535851937790883648493.
+ *
+ * Input:
  *   s[0]+256*s[1]+...+256^63*s[63] = s
  *
  * Output:
  *   s[0]+256*s[1]+...+256^31*s[31] = s mod l
  *   where l = 2^252 + 27742317777372353535851937790883648493.
- *   Overwrites s in place. */
-static void x25519_sc_reduce(uint8_t *s) {
-  int64_t s0 = 2097151 & load_3(s);
-  int64_t s1 = 2097151 & (load_4(s + 2) >> 5);
-  int64_t s2 = 2097151 & (load_3(s + 5) >> 2);
-  int64_t s3 = 2097151 & (load_4(s + 7) >> 7);
-  int64_t s4 = 2097151 & (load_4(s + 10) >> 4);
-  int64_t s5 = 2097151 & (load_3(s + 13) >> 1);
-  int64_t s6 = 2097151 & (load_4(s + 15) >> 6);
-  int64_t s7 = 2097151 & (load_3(s + 18) >> 3);
-  int64_t s8 = 2097151 & load_3(s + 21);
-  int64_t s9 = 2097151 & (load_4(s + 23) >> 5);
-  int64_t s10 = 2097151 & (load_3(s + 26) >> 2);
-  int64_t s11 = 2097151 & (load_4(s + 28) >> 7);
-  int64_t s12 = 2097151 & (load_4(s + 31) >> 4);
-  int64_t s13 = 2097151 & (load_3(s + 34) >> 1);
-  int64_t s14 = 2097151 & (load_4(s + 36) >> 6);
-  int64_t s15 = 2097151 & (load_3(s + 39) >> 3);
-  int64_t s16 = 2097151 & load_3(s + 42);
-  int64_t s17 = 2097151 & (load_4(s + 44) >> 5);
-  int64_t s18 = 2097151 & (load_3(s + 47) >> 2);
-  int64_t s19 = 2097151 & (load_4(s + 49) >> 7);
-  int64_t s20 = 2097151 & (load_4(s + 52) >> 4);
-  int64_t s21 = 2097151 & (load_3(s + 55) >> 1);
-  int64_t s22 = 2097151 & (load_4(s + 57) >> 6);
-  int64_t s23 = (load_4(s + 60) >> 3);
-  int64_t carry0;
-  int64_t carry1;
-  int64_t carry2;
-  int64_t carry3;
-  int64_t carry4;
-  int64_t carry5;
-  int64_t carry6;
-  int64_t carry7;
-  int64_t carry8;
-  int64_t carry9;
-  int64_t carry10;
-  int64_t carry11;
-  int64_t carry12;
-  int64_t carry13;
-  int64_t carry14;
-  int64_t carry15;
-  int64_t carry16;
-
-  s11 += s23 * 666643;
-  s12 += s23 * 470296;
-  s13 += s23 * 654183;
-  s14 -= s23 * 997805;
-  s15 += s23 * 136657;
-  s16 -= s23 * 683901;
-  s23 = 0;
-
-  s10 += s22 * 666643;
-  s11 += s22 * 470296;
-  s12 += s22 * 654183;
-  s13 -= s22 * 997805;
-  s14 += s22 * 136657;
-  s15 -= s22 * 683901;
-  s22 = 0;
-
-  s9 += s21 * 666643;
-  s10 += s21 * 470296;
-  s11 += s21 * 654183;
-  s12 -= s21 * 997805;
-  s13 += s21 * 136657;
-  s14 -= s21 * 683901;
-  s21 = 0;
-
-  s8 += s20 * 666643;
-  s9 += s20 * 470296;
-  s10 += s20 * 654183;
-  s11 -= s20 * 997805;
-  s12 += s20 * 136657;
-  s13 -= s20 * 683901;
-  s20 = 0;
-
-  s7 += s19 * 666643;
-  s8 += s19 * 470296;
-  s9 += s19 * 654183;
-  s10 -= s19 * 997805;
-  s11 += s19 * 136657;
-  s12 -= s19 * 683901;
-  s19 = 0;
-
-  s6 += s18 * 666643;
-  s7 += s18 * 470296;
-  s8 += s18 * 654183;
-  s9 -= s18 * 997805;
-  s10 += s18 * 136657;
-  s11 -= s18 * 683901;
-  s18 = 0;
-
-  carry6 = (s6 + (1 << 20)) >> 21;
-  s7 += carry6;
-  s6 -= carry6 * (1 << 21);
-  carry8 = (s8 + (1 << 20)) >> 21;
-  s9 += carry8;
-  s8 -= carry8 * (1 << 21);
-  carry10 = (s10 + (1 << 20)) >> 21;
-  s11 += carry10;
-  s10 -= carry10 * (1 << 21);
-  carry12 = (s12 + (1 << 20)) >> 21;
-  s13 += carry12;
-  s12 -= carry12 * (1 << 21);
-  carry14 = (s14 + (1 << 20)) >> 21;
-  s15 += carry14;
-  s14 -= carry14 * (1 << 21);
-  carry16 = (s16 + (1 << 20)) >> 21;
-  s17 += carry16;
-  s16 -= carry16 * (1 << 21);
-
-  carry7 = (s7 + (1 << 20)) >> 21;
-  s8 += carry7;
-  s7 -= carry7 * (1 << 21);
-  carry9 = (s9 + (1 << 20)) >> 21;
-  s10 += carry9;
-  s9 -= carry9 * (1 << 21);
-  carry11 = (s11 + (1 << 20)) >> 21;
-  s12 += carry11;
-  s11 -= carry11 * (1 << 21);
-  carry13 = (s13 + (1 << 20)) >> 21;
-  s14 += carry13;
-  s13 -= carry13 * (1 << 21);
-  carry15 = (s15 + (1 << 20)) >> 21;
-  s16 += carry15;
-  s15 -= carry15 * (1 << 21);
-
-  s5 += s17 * 666643;
-  s6 += s17 * 470296;
-  s7 += s17 * 654183;
-  s8 -= s17 * 997805;
-  s9 += s17 * 136657;
-  s10 -= s17 * 683901;
-  s17 = 0;
-
-  s4 += s16 * 666643;
-  s5 += s16 * 470296;
-  s6 += s16 * 654183;
-  s7 -= s16 * 997805;
-  s8 += s16 * 136657;
-  s9 -= s16 * 683901;
-  s16 = 0;
-
-  s3 += s15 * 666643;
-  s4 += s15 * 470296;
-  s5 += s15 * 654183;
-  s6 -= s15 * 997805;
-  s7 += s15 * 136657;
-  s8 -= s15 * 683901;
-  s15 = 0;
-
-  s2 += s14 * 666643;
-  s3 += s14 * 470296;
-  s4 += s14 * 654183;
-  s5 -= s14 * 997805;
-  s6 += s14 * 136657;
-  s7 -= s14 * 683901;
-  s14 = 0;
-
-  s1 += s13 * 666643;
-  s2 += s13 * 470296;
-  s3 += s13 * 654183;
-  s4 -= s13 * 997805;
-  s5 += s13 * 136657;
-  s6 -= s13 * 683901;
-  s13 = 0;
-
-  s0 += s12 * 666643;
-  s1 += s12 * 470296;
-  s2 += s12 * 654183;
-  s3 -= s12 * 997805;
-  s4 += s12 * 136657;
-  s5 -= s12 * 683901;
-  s12 = 0;
-
-  carry0 = (s0 + (1 << 20)) >> 21;
-  s1 += carry0;
-  s0 -= carry0 * (1 << 21);
-  carry2 = (s2 + (1 << 20)) >> 21;
-  s3 += carry2;
-  s2 -= carry2 * (1 << 21);
-  carry4 = (s4 + (1 << 20)) >> 21;
-  s5 += carry4;
-  s4 -= carry4 * (1 << 21);
-  carry6 = (s6 + (1 << 20)) >> 21;
-  s7 += carry6;
-  s6 -= carry6 * (1 << 21);
-  carry8 = (s8 + (1 << 20)) >> 21;
-  s9 += carry8;
-  s8 -= carry8 * (1 << 21);
-  carry10 = (s10 + (1 << 20)) >> 21;
-  s11 += carry10;
-  s10 -= carry10 * (1 << 21);
-
-  carry1 = (s1 + (1 << 20)) >> 21;
-  s2 += carry1;
-  s1 -= carry1 * (1 << 21);
-  carry3 = (s3 + (1 << 20)) >> 21;
-  s4 += carry3;
-  s3 -= carry3 * (1 << 21);
-  carry5 = (s5 + (1 << 20)) >> 21;
-  s6 += carry5;
-  s5 -= carry5 * (1 << 21);
-  carry7 = (s7 + (1 << 20)) >> 21;
-  s8 += carry7;
-  s7 -= carry7 * (1 << 21);
-  carry9 = (s9 + (1 << 20)) >> 21;
-  s10 += carry9;
-  s9 -= carry9 * (1 << 21);
-  carry11 = (s11 + (1 << 20)) >> 21;
-  s12 += carry11;
-  s11 -= carry11 * (1 << 21);
-
-  s0 += s12 * 666643;
-  s1 += s12 * 470296;
-  s2 += s12 * 654183;
-  s3 -= s12 * 997805;
-  s4 += s12 * 136657;
-  s5 -= s12 * 683901;
-  s12 = 0;
-
-  carry0 = s0 >> 21;
-  s1 += carry0;
-  s0 -= carry0 * (1 << 21);
-  carry1 = s1 >> 21;
-  s2 += carry1;
-  s1 -= carry1 * (1 << 21);
-  carry2 = s2 >> 21;
-  s3 += carry2;
-  s2 -= carry2 * (1 << 21);
-  carry3 = s3 >> 21;
-  s4 += carry3;
-  s3 -= carry3 * (1 << 21);
-  carry4 = s4 >> 21;
-  s5 += carry4;
-  s4 -= carry4 * (1 << 21);
-  carry5 = s5 >> 21;
-  s6 += carry5;
-  s5 -= carry5 * (1 << 21);
-  carry6 = s6 >> 21;
-  s7 += carry6;
-  s6 -= carry6 * (1 << 21);
-  carry7 = s7 >> 21;
-  s8 += carry7;
-  s7 -= carry7 * (1 << 21);
-  carry8 = s8 >> 21;
-  s9 += carry8;
-  s8 -= carry8 * (1 << 21);
-  carry9 = s9 >> 21;
-  s10 += carry9;
-  s9 -= carry9 * (1 << 21);
-  carry10 = s10 >> 21;
-  s11 += carry10;
-  s10 -= carry10 * (1 << 21);
-  carry11 = s11 >> 21;
-  s12 += carry11;
-  s11 -= carry11 * (1 << 21);
-
-  s0 += s12 * 666643;
-  s1 += s12 * 470296;
-  s2 += s12 * 654183;
-  s3 -= s12 * 997805;
-  s4 += s12 * 136657;
-  s5 -= s12 * 683901;
-  s12 = 0;
-
-  carry0 = s0 >> 21;
-  s1 += carry0;
-  s0 -= carry0 * (1 << 21);
-  carry1 = s1 >> 21;
-  s2 += carry1;
-  s1 -= carry1 * (1 << 21);
-  carry2 = s2 >> 21;
-  s3 += carry2;
-  s2 -= carry2 * (1 << 21);
-  carry3 = s3 >> 21;
-  s4 += carry3;
-  s3 -= carry3 * (1 << 21);
-  carry4 = s4 >> 21;
-  s5 += carry4;
-  s4 -= carry4 * (1 << 21);
-  carry5 = s5 >> 21;
-  s6 += carry5;
-  s5 -= carry5 * (1 << 21);
-  carry6 = s6 >> 21;
-  s7 += carry6;
-  s6 -= carry6 * (1 << 21);
-  carry7 = s7 >> 21;
-  s8 += carry7;
-  s7 -= carry7 * (1 << 21);
-  carry8 = s8 >> 21;
-  s9 += carry8;
-  s8 -= carry8 * (1 << 21);
-  carry9 = s9 >> 21;
-  s10 += carry9;
-  s9 -= carry9 * (1 << 21);
-  carry10 = s10 >> 21;
-  s11 += carry10;
-  s10 -= carry10 * (1 << 21);
-
-  s[0] = (uint8_t)(s0 >> 0);
-  s[1] = (uint8_t)(s0 >> 8);
-  s[2] = (uint8_t)((s0 >> 16) | (s1 << 5));
-  s[3] = (uint8_t)(s1 >> 3);
-  s[4] = (uint8_t)(s1 >> 11);
-  s[5] = (uint8_t)((s1 >> 19) | (s2 << 2));
-  s[6] = (uint8_t)(s2 >> 6);
-  s[7] = (uint8_t)((s2 >> 14) | (s3 << 7));
-  s[8] = (uint8_t)(s3 >> 1);
-  s[9] = (uint8_t)(s3 >> 9);
-  s[10] = (uint8_t)((s3 >> 17) | (s4 << 4));
-  s[11] = (uint8_t)(s4 >> 4);
-  s[12] = (uint8_t)(s4 >> 12);
-  s[13] = (uint8_t)((s4 >> 20) | (s5 << 1));
-  s[14] = (uint8_t)(s5 >> 7);
-  s[15] = (uint8_t)((s5 >> 15) | (s6 << 6));
-  s[16] = (uint8_t)(s6 >> 2);
-  s[17] = (uint8_t)(s6 >> 10);
-  s[18] = (uint8_t)((s6 >> 18) | (s7 << 3));
-  s[19] = (uint8_t)(s7 >> 5);
-  s[20] = (uint8_t)(s7 >> 13);
-  s[21] = (uint8_t)(s8 >> 0);
-  s[22] = (uint8_t)(s8 >> 8);
-  s[23] = (uint8_t)((s8 >> 16) | (s9 << 5));
-  s[24] = (uint8_t)(s9 >> 3);
-  s[25] = (uint8_t)(s9 >> 11);
-  s[26] = (uint8_t)((s9 >> 19) | (s10 << 2));
-  s[27] = (uint8_t)(s10 >> 6);
-  s[28] = (uint8_t)((s10 >> 14) | (s11 << 7));
-  s[29] = (uint8_t)(s11 >> 1);
-  s[30] = (uint8_t)(s11 >> 9);
-  s[31] = (uint8_t)(s11 >> 17);
+ *   Overwrites s in place.
+*/
+static void x25519_sc_reduce(uint8_t *s)
+{
+    int64_t s0  = kBottom21Bits &  load_3(s);
+    int64_t s1  = kBottom21Bits & (load_4(s +  2) >> 5);
+    int64_t s2  = kBottom21Bits & (load_3(s +  5) >> 2);
+    int64_t s3  = kBottom21Bits & (load_4(s +  7) >> 7);
+    int64_t s4  = kBottom21Bits & (load_4(s + 10) >> 4);
+    int64_t s5  = kBottom21Bits & (load_3(s + 13) >> 1);
+    int64_t s6  = kBottom21Bits & (load_4(s + 15) >> 6);
+    int64_t s7  = kBottom21Bits & (load_3(s + 18) >> 3);
+    int64_t s8  = kBottom21Bits &  load_3(s + 21);
+    int64_t s9  = kBottom21Bits & (load_4(s + 23) >> 5);
+    int64_t s10 = kBottom21Bits & (load_3(s + 26) >> 2);
+    int64_t s11 = kBottom21Bits & (load_4(s + 28) >> 7);
+    int64_t s12 = kBottom21Bits & (load_4(s + 31) >> 4);
+    int64_t s13 = kBottom21Bits & (load_3(s + 34) >> 1);
+    int64_t s14 = kBottom21Bits & (load_4(s + 36) >> 6);
+    int64_t s15 = kBottom21Bits & (load_3(s + 39) >> 3);
+    int64_t s16 = kBottom21Bits &  load_3(s + 42);
+    int64_t s17 = kBottom21Bits & (load_4(s + 44) >> 5);
+    int64_t s18 = kBottom21Bits & (load_3(s + 47) >> 2);
+    int64_t s19 = kBottom21Bits & (load_4(s + 49) >> 7);
+    int64_t s20 = kBottom21Bits & (load_4(s + 52) >> 4);
+    int64_t s21 = kBottom21Bits & (load_3(s + 55) >> 1);
+    int64_t s22 = kBottom21Bits & (load_4(s + 57) >> 6);
+    int64_t s23 =                 (load_4(s + 60) >> 3);
+    int64_t carry0;
+    int64_t carry1;
+    int64_t carry2;
+    int64_t carry3;
+    int64_t carry4;
+    int64_t carry5;
+    int64_t carry6;
+    int64_t carry7;
+    int64_t carry8;
+    int64_t carry9;
+    int64_t carry10;
+    int64_t carry11;
+    int64_t carry12;
+    int64_t carry13;
+    int64_t carry14;
+    int64_t carry15;
+    int64_t carry16;
+
+    s11 += s23 * 666643;
+    s12 += s23 * 470296;
+    s13 += s23 * 654183;
+    s14 -= s23 * 997805;
+    s15 += s23 * 136657;
+    s16 -= s23 * 683901;
+    s23  = 0;
+
+    s10 += s22 * 666643;
+    s11 += s22 * 470296;
+    s12 += s22 * 654183;
+    s13 -= s22 * 997805;
+    s14 += s22 * 136657;
+    s15 -= s22 * 683901;
+    s22  = 0;
+
+    s9  += s21 * 666643;
+    s10 += s21 * 470296;
+    s11 += s21 * 654183;
+    s12 -= s21 * 997805;
+    s13 += s21 * 136657;
+    s14 -= s21 * 683901;
+    s21  = 0;
+
+    s8  += s20 * 666643;
+    s9  += s20 * 470296;
+    s10 += s20 * 654183;
+    s11 -= s20 * 997805;
+    s12 += s20 * 136657;
+    s13 -= s20 * 683901;
+    s20  = 0;
+
+    s7  += s19 * 666643;
+    s8  += s19 * 470296;
+    s9  += s19 * 654183;
+    s10 -= s19 * 997805;
+    s11 += s19 * 136657;
+    s12 -= s19 * 683901;
+    s19  = 0;
+
+    s6  += s18 * 666643;
+    s7  += s18 * 470296;
+    s8  += s18 * 654183;
+    s9  -= s18 * 997805;
+    s10 += s18 * 136657;
+    s11 -= s18 * 683901;
+    s18  = 0;
+
+    carry6 = (s6 + (1 << 20)) >> 21;
+    s7  += carry6;
+    s6  -= carry6 * (1 << 21);
+    carry8 = (s8 + (1 << 20)) >> 21;
+    s9  += carry8;
+    s8  -= carry8 * (1 << 21);
+    carry10 = (s10 + (1 << 20)) >> 21;
+    s11 += carry10;
+    s10 -= carry10 * (1 << 21);
+    carry12 = (s12 + (1 << 20)) >> 21;
+    s13 += carry12;
+    s12 -= carry12 * (1 << 21);
+    carry14 = (s14 + (1 << 20)) >> 21;
+    s15 += carry14;
+    s14 -= carry14 * (1 << 21);
+    carry16 = (s16 + (1 << 20)) >> 21;
+    s17 += carry16;
+    s16 -= carry16 * (1 << 21);
+
+    carry7 = (s7 + (1 << 20)) >> 21;
+    s8  += carry7;
+    s7  -= carry7 * (1 << 21);
+    carry9 = (s9 + (1 << 20)) >> 21;
+    s10 += carry9;
+    s9  -= carry9 * (1 << 21);
+    carry11 = (s11 + (1 << 20)) >> 21;
+    s12 += carry11;
+    s11 -= carry11 * (1 << 21);
+    carry13 = (s13 + (1 << 20)) >> 21;
+    s14 += carry13;
+    s13 -= carry13 * (1 << 21);
+    carry15 = (s15 + (1 << 20)) >> 21;
+    s16 += carry15;
+    s15 -= carry15 * (1 << 21);
+
+    s5  += s17 * 666643;
+    s6  += s17 * 470296;
+    s7  += s17 * 654183;
+    s8  -= s17 * 997805;
+    s9  += s17 * 136657;
+    s10 -= s17 * 683901;
+    s17  = 0;
+
+    s4  += s16 * 666643;
+    s5  += s16 * 470296;
+    s6  += s16 * 654183;
+    s7  -= s16 * 997805;
+    s8  += s16 * 136657;
+    s9  -= s16 * 683901;
+    s16  = 0;
+
+    s3  += s15 * 666643;
+    s4  += s15 * 470296;
+    s5  += s15 * 654183;
+    s6  -= s15 * 997805;
+    s7  += s15 * 136657;
+    s8  -= s15 * 683901;
+    s15  = 0;
+
+    s2  += s14 * 666643;
+    s3  += s14 * 470296;
+    s4  += s14 * 654183;
+    s5  -= s14 * 997805;
+    s6  += s14 * 136657;
+    s7  -= s14 * 683901;
+    s14  = 0;
+
+    s1  += s13 * 666643;
+    s2  += s13 * 470296;
+    s3  += s13 * 654183;
+    s4  -= s13 * 997805;
+    s5  += s13 * 136657;
+    s6  -= s13 * 683901;
+    s13  = 0;
+
+    s0  += s12 * 666643;
+    s1  += s12 * 470296;
+    s2  += s12 * 654183;
+    s3  -= s12 * 997805;
+    s4  += s12 * 136657;
+    s5  -= s12 * 683901;
+    s12  = 0;
+
+    carry0 = (s0 + (1 << 20)) >> 21;
+    s1  += carry0;
+    s0  -= carry0 * (1 << 21);
+    carry2 = (s2 + (1 << 20)) >> 21;
+    s3  += carry2;
+    s2  -= carry2 * (1 << 21);
+    carry4 = (s4 + (1 << 20)) >> 21;
+    s5  += carry4;
+    s4  -= carry4 * (1 << 21);
+    carry6 = (s6 + (1 << 20)) >> 21;
+    s7 += carry6;
+    s6 -= carry6 * (1 << 21);
+    carry8 = (s8 + (1 << 20)) >> 21;
+    s9  += carry8;
+    s8  -= carry8 * (1 << 21);
+    carry10 = (s10 + (1 << 20)) >> 21;
+    s11 += carry10;
+    s10 -= carry10 * (1 << 21);
+
+    carry1 = (s1 + (1 << 20)) >> 21;
+    s2  += carry1;
+    s1  -= carry1 * (1 << 21);
+    carry3 = (s3 + (1 << 20)) >> 21;
+    s4  += carry3;
+    s3  -= carry3 * (1 << 21);
+    carry5 = (s5 + (1 << 20)) >> 21;
+    s6  += carry5;
+    s5  -= carry5 * (1 << 21);
+    carry7 = (s7 + (1 << 20)) >> 21;
+    s8  += carry7;
+    s7  -= carry7 * (1 << 21);
+    carry9 = (s9 + (1 << 20)) >> 21;
+    s10 += carry9;
+    s9  -= carry9 * (1 << 21);
+    carry11 = (s11 + (1 << 20)) >> 21;
+    s12 += carry11;
+    s11 -= carry11 * (1 << 21);
+
+    s0  += s12 * 666643;
+    s1  += s12 * 470296;
+    s2  += s12 * 654183;
+    s3  -= s12 * 997805;
+    s4  += s12 * 136657;
+    s5  -= s12 * 683901;
+    s12  = 0;
+
+    carry0 = s0 >> 21;
+    s1  += carry0;
+    s0  -= carry0 * (1 << 21);
+    carry1 = s1 >> 21;
+    s2  += carry1;
+    s1  -= carry1 * (1 << 21);
+    carry2 = s2 >> 21;
+    s3  += carry2;
+    s2  -= carry2 * (1 << 21);
+    carry3 = s3 >> 21;
+    s4  += carry3;
+    s3  -= carry3 * (1 << 21);
+    carry4 = s4 >> 21;
+    s5  += carry4;
+    s4  -= carry4 * (1 << 21);
+    carry5 = s5 >> 21;
+    s6  += carry5;
+    s5  -= carry5 * (1 << 21);
+    carry6 = s6 >> 21;
+    s7  += carry6;
+    s6  -= carry6 * (1 << 21);
+    carry7 = s7 >> 21;
+    s8  += carry7;
+    s7  -= carry7 * (1 << 21);
+    carry8 = s8 >> 21;
+    s9  += carry8;
+    s8  -= carry8 * (1 << 21);
+    carry9 = s9 >> 21;
+    s10 += carry9;
+    s9  -= carry9 * (1 << 21);
+    carry10 = s10 >> 21;
+    s11 += carry10;
+    s10 -= carry10 * (1 << 21);
+    carry11 = s11 >> 21;
+    s12 += carry11;
+    s11 -= carry11 * (1 << 21);
+
+    s0  += s12 * 666643;
+    s1  += s12 * 470296;
+    s2  += s12 * 654183;
+    s3  -= s12 * 997805;
+    s4  += s12 * 136657;
+    s5  -= s12 * 683901;
+    s12  = 0;
+
+    carry0 = s0 >> 21;
+    s1  += carry0;
+    s0  -= carry0 * (1 << 21);
+    carry1 = s1 >> 21;
+    s2  += carry1;
+    s1  -= carry1 * (1 << 21);
+    carry2 = s2 >> 21;
+    s3  += carry2;
+    s2  -= carry2 * (1 << 21);
+    carry3 = s3 >> 21;
+    s4  += carry3;
+    s3  -= carry3 * (1 << 21);
+    carry4 = s4 >> 21;
+    s5  += carry4;
+    s4  -= carry4 * (1 << 21);
+    carry5 = s5 >> 21;
+    s6  += carry5;
+    s5  -= carry5 * (1 << 21);
+    carry6 = s6 >> 21;
+    s7  += carry6;
+    s6  -= carry6 * (1 << 21);
+    carry7 = s7 >> 21;
+    s8  += carry7;
+    s7  -= carry7 * (1 << 21);
+    carry8 = s8 >> 21;
+    s9  += carry8;
+    s8  -= carry8 * (1 << 21);
+    carry9 = s9 >> 21;
+    s10 += carry9;
+    s9  -= carry9 * (1 << 21);
+    carry10 = s10 >> 21;
+    s11 += carry10;
+    s10 -= carry10 * (1 << 21);
+
+    s[ 0] = (uint8_t) (s0  >>  0);
+    s[ 1] = (uint8_t) (s0  >>  8);
+    s[ 2] = (uint8_t)((s0  >> 16) | (s1  <<  5));
+    s[ 3] = (uint8_t) (s1  >>  3);
+    s[ 4] = (uint8_t) (s1  >> 11);
+    s[ 5] = (uint8_t)((s1  >> 19) | (s2  <<  2));
+    s[ 6] = (uint8_t) (s2  >>  6);
+    s[ 7] = (uint8_t)((s2  >> 14) | (s3  <<  7));
+    s[ 8] = (uint8_t) (s3  >>  1);
+    s[ 9] = (uint8_t) (s3  >>  9);
+    s[10] = (uint8_t)((s3  >> 17) | (s4  <<  4));
+    s[11] = (uint8_t) (s4  >>  4);
+    s[12] = (uint8_t) (s4  >> 12);
+    s[13] = (uint8_t)((s4  >> 20) | (s5  <<  1));
+    s[14] = (uint8_t) (s5  >>  7);
+    s[15] = (uint8_t)((s5  >> 15) | (s6  <<  6));
+    s[16] = (uint8_t) (s6  >>  2);
+    s[17] = (uint8_t) (s6  >> 10);
+    s[18] = (uint8_t)((s6  >> 18) | (s7  <<  3));
+    s[19] = (uint8_t) (s7  >>  5);
+    s[20] = (uint8_t) (s7  >> 13);
+    s[21] = (uint8_t) (s8  >>  0);
+    s[22] = (uint8_t) (s8  >>  8);
+    s[23] = (uint8_t)((s8  >> 16) | (s9  <<  5));
+    s[24] = (uint8_t) (s9  >>  3);
+    s[25] = (uint8_t) (s9  >> 11);
+    s[26] = (uint8_t)((s9  >> 19) | (s10 <<  2));
+    s[27] = (uint8_t) (s10 >>  6);
+    s[28] = (uint8_t)((s10 >> 14) | (s11 <<  7));
+    s[29] = (uint8_t) (s11 >>  1);
+    s[30] = (uint8_t) (s11 >>  9);
+    s[31] = (uint8_t) (s11 >> 17);
 }
 
-/* Input:
+/*
+ * Input:
  *   a[0]+256*a[1]+...+256^31*a[31] = a
  *   b[0]+256*b[1]+...+256^31*b[31] = b
  *   c[0]+256*c[1]+...+256^31*c[31] = c
  *
  * Output:
  *   s[0]+256*s[1]+...+256^31*s[31] = (ab+c) mod l
- *   where l = 2^252 + 27742317777372353535851937790883648493. */
+ *   where l = 2^252 + 27742317777372353535851937790883648493.
+ */
 static void sc_muladd(uint8_t *s, const uint8_t *a, const uint8_t *b,
-                      const uint8_t *c) {
-  int64_t a0 = 2097151 & load_3(a);
-  int64_t a1 = 2097151 & (load_4(a + 2) >> 5);
-  int64_t a2 = 2097151 & (load_3(a + 5) >> 2);
-  int64_t a3 = 2097151 & (load_4(a + 7) >> 7);
-  int64_t a4 = 2097151 & (load_4(a + 10) >> 4);
-  int64_t a5 = 2097151 & (load_3(a + 13) >> 1);
-  int64_t a6 = 2097151 & (load_4(a + 15) >> 6);
-  int64_t a7 = 2097151 & (load_3(a + 18) >> 3);
-  int64_t a8 = 2097151 & load_3(a + 21);
-  int64_t a9 = 2097151 & (load_4(a + 23) >> 5);
-  int64_t a10 = 2097151 & (load_3(a + 26) >> 2);
-  int64_t a11 = (load_4(a + 28) >> 7);
-  int64_t b0 = 2097151 & load_3(b);
-  int64_t b1 = 2097151 & (load_4(b + 2) >> 5);
-  int64_t b2 = 2097151 & (load_3(b + 5) >> 2);
-  int64_t b3 = 2097151 & (load_4(b + 7) >> 7);
-  int64_t b4 = 2097151 & (load_4(b + 10) >> 4);
-  int64_t b5 = 2097151 & (load_3(b + 13) >> 1);
-  int64_t b6 = 2097151 & (load_4(b + 15) >> 6);
-  int64_t b7 = 2097151 & (load_3(b + 18) >> 3);
-  int64_t b8 = 2097151 & load_3(b + 21);
-  int64_t b9 = 2097151 & (load_4(b + 23) >> 5);
-  int64_t b10 = 2097151 & (load_3(b + 26) >> 2);
-  int64_t b11 = (load_4(b + 28) >> 7);
-  int64_t c0 = 2097151 & load_3(c);
-  int64_t c1 = 2097151 & (load_4(c + 2) >> 5);
-  int64_t c2 = 2097151 & (load_3(c + 5) >> 2);
-  int64_t c3 = 2097151 & (load_4(c + 7) >> 7);
-  int64_t c4 = 2097151 & (load_4(c + 10) >> 4);
-  int64_t c5 = 2097151 & (load_3(c + 13) >> 1);
-  int64_t c6 = 2097151 & (load_4(c + 15) >> 6);
-  int64_t c7 = 2097151 & (load_3(c + 18) >> 3);
-  int64_t c8 = 2097151 & load_3(c + 21);
-  int64_t c9 = 2097151 & (load_4(c + 23) >> 5);
-  int64_t c10 = 2097151 & (load_3(c + 26) >> 2);
-  int64_t c11 = (load_4(c + 28) >> 7);
-  int64_t s0;
-  int64_t s1;
-  int64_t s2;
-  int64_t s3;
-  int64_t s4;
-  int64_t s5;
-  int64_t s6;
-  int64_t s7;
-  int64_t s8;
-  int64_t s9;
-  int64_t s10;
-  int64_t s11;
-  int64_t s12;
-  int64_t s13;
-  int64_t s14;
-  int64_t s15;
-  int64_t s16;
-  int64_t s17;
-  int64_t s18;
-  int64_t s19;
-  int64_t s20;
-  int64_t s21;
-  int64_t s22;
-  int64_t s23;
-  int64_t carry0;
-  int64_t carry1;
-  int64_t carry2;
-  int64_t carry3;
-  int64_t carry4;
-  int64_t carry5;
-  int64_t carry6;
-  int64_t carry7;
-  int64_t carry8;
-  int64_t carry9;
-  int64_t carry10;
-  int64_t carry11;
-  int64_t carry12;
-  int64_t carry13;
-  int64_t carry14;
-  int64_t carry15;
-  int64_t carry16;
-  int64_t carry17;
-  int64_t carry18;
-  int64_t carry19;
-  int64_t carry20;
-  int64_t carry21;
-  int64_t carry22;
-
-  s0 = c0 + a0 * b0;
-  s1 = c1 + a0 * b1 + a1 * b0;
-  s2 = c2 + a0 * b2 + a1 * b1 + a2 * b0;
-  s3 = c3 + a0 * b3 + a1 * b2 + a2 * b1 + a3 * b0;
-  s4 = c4 + a0 * b4 + a1 * b3 + a2 * b2 + a3 * b1 + a4 * b0;
-  s5 = c5 + a0 * b5 + a1 * b4 + a2 * b3 + a3 * b2 + a4 * b1 + a5 * b0;
-  s6 = c6 + a0 * b6 + a1 * b5 + a2 * b4 + a3 * b3 + a4 * b2 + a5 * b1 + a6 * b0;
-  s7 = c7 + a0 * b7 + a1 * b6 + a2 * b5 + a3 * b4 + a4 * b3 + a5 * b2 +
-       a6 * b1 + a7 * b0;
-  s8 = c8 + a0 * b8 + a1 * b7 + a2 * b6 + a3 * b5 + a4 * b4 + a5 * b3 +
-       a6 * b2 + a7 * b1 + a8 * b0;
-  s9 = c9 + a0 * b9 + a1 * b8 + a2 * b7 + a3 * b6 + a4 * b5 + a5 * b4 +
-       a6 * b3 + a7 * b2 + a8 * b1 + a9 * b0;
-  s10 = c10 + a0 * b10 + a1 * b9 + a2 * b8 + a3 * b7 + a4 * b6 + a5 * b5 +
-        a6 * b4 + a7 * b3 + a8 * b2 + a9 * b1 + a10 * b0;
-  s11 = c11 + a0 * b11 + a1 * b10 + a2 * b9 + a3 * b8 + a4 * b7 + a5 * b6 +
-        a6 * b5 + a7 * b4 + a8 * b3 + a9 * b2 + a10 * b1 + a11 * b0;
-  s12 = a1 * b11 + a2 * b10 + a3 * b9 + a4 * b8 + a5 * b7 + a6 * b6 + a7 * b5 +
-        a8 * b4 + a9 * b3 + a10 * b2 + a11 * b1;
-  s13 = a2 * b11 + a3 * b10 + a4 * b9 + a5 * b8 + a6 * b7 + a7 * b6 + a8 * b5 +
-        a9 * b4 + a10 * b3 + a11 * b2;
-  s14 = a3 * b11 + a4 * b10 + a5 * b9 + a6 * b8 + a7 * b7 + a8 * b6 + a9 * b5 +
-        a10 * b4 + a11 * b3;
-  s15 = a4 * b11 + a5 * b10 + a6 * b9 + a7 * b8 + a8 * b7 + a9 * b6 + a10 * b5 +
-        a11 * b4;
-  s16 = a5 * b11 + a6 * b10 + a7 * b9 + a8 * b8 + a9 * b7 + a10 * b6 + a11 * b5;
-  s17 = a6 * b11 + a7 * b10 + a8 * b9 + a9 * b8 + a10 * b7 + a11 * b6;
-  s18 = a7 * b11 + a8 * b10 + a9 * b9 + a10 * b8 + a11 * b7;
-  s19 = a8 * b11 + a9 * b10 + a10 * b9 + a11 * b8;
-  s20 = a9 * b11 + a10 * b10 + a11 * b9;
-  s21 = a10 * b11 + a11 * b10;
-  s22 = a11 * b11;
-  s23 = 0;
-
-  carry0 = (s0 + (1 << 20)) >> 21;
-  s1 += carry0;
-  s0 -= carry0 * (1 << 21);
-  carry2 = (s2 + (1 << 20)) >> 21;
-  s3 += carry2;
-  s2 -= carry2 * (1 << 21);
-  carry4 = (s4 + (1 << 20)) >> 21;
-  s5 += carry4;
-  s4 -= carry4 * (1 << 21);
-  carry6 = (s6 + (1 << 20)) >> 21;
-  s7 += carry6;
-  s6 -= carry6 * (1 << 21);
-  carry8 = (s8 + (1 << 20)) >> 21;
-  s9 += carry8;
-  s8 -= carry8 * (1 << 21);
-  carry10 = (s10 + (1 << 20)) >> 21;
-  s11 += carry10;
-  s10 -= carry10 * (1 << 21);
-  carry12 = (s12 + (1 << 20)) >> 21;
-  s13 += carry12;
-  s12 -= carry12 * (1 << 21);
-  carry14 = (s14 + (1 << 20)) >> 21;
-  s15 += carry14;
-  s14 -= carry14 * (1 << 21);
-  carry16 = (s16 + (1 << 20)) >> 21;
-  s17 += carry16;
-  s16 -= carry16 * (1 << 21);
-  carry18 = (s18 + (1 << 20)) >> 21;
-  s19 += carry18;
-  s18 -= carry18 * (1 << 21);
-  carry20 = (s20 + (1 << 20)) >> 21;
-  s21 += carry20;
-  s20 -= carry20 * (1 << 21);
-  carry22 = (s22 + (1 << 20)) >> 21;
-  s23 += carry22;
-  s22 -= carry22 * (1 << 21);
-
-  carry1 = (s1 + (1 << 20)) >> 21;
-  s2 += carry1;
-  s1 -= carry1 * (1 << 21);
-  carry3 = (s3 + (1 << 20)) >> 21;
-  s4 += carry3;
-  s3 -= carry3 * (1 << 21);
-  carry5 = (s5 + (1 << 20)) >> 21;
-  s6 += carry5;
-  s5 -= carry5 * (1 << 21);
-  carry7 = (s7 + (1 << 20)) >> 21;
-  s8 += carry7;
-  s7 -= carry7 * (1 << 21);
-  carry9 = (s9 + (1 << 20)) >> 21;
-  s10 += carry9;
-  s9 -= carry9 * (1 << 21);
-  carry11 = (s11 + (1 << 20)) >> 21;
-  s12 += carry11;
-  s11 -= carry11 * (1 << 21);
-  carry13 = (s13 + (1 << 20)) >> 21;
-  s14 += carry13;
-  s13 -= carry13 * (1 << 21);
-  carry15 = (s15 + (1 << 20)) >> 21;
-  s16 += carry15;
-  s15 -= carry15 * (1 << 21);
-  carry17 = (s17 + (1 << 20)) >> 21;
-  s18 += carry17;
-  s17 -= carry17 * (1 << 21);
-  carry19 = (s19 + (1 << 20)) >> 21;
-  s20 += carry19;
-  s19 -= carry19 * (1 << 21);
-  carry21 = (s21 + (1 << 20)) >> 21;
-  s22 += carry21;
-  s21 -= carry21 * (1 << 21);
-
-  s11 += s23 * 666643;
-  s12 += s23 * 470296;
-  s13 += s23 * 654183;
-  s14 -= s23 * 997805;
-  s15 += s23 * 136657;
-  s16 -= s23 * 683901;
-  s23 = 0;
-
-  s10 += s22 * 666643;
-  s11 += s22 * 470296;
-  s12 += s22 * 654183;
-  s13 -= s22 * 997805;
-  s14 += s22 * 136657;
-  s15 -= s22 * 683901;
-  s22 = 0;
-
-  s9 += s21 * 666643;
-  s10 += s21 * 470296;
-  s11 += s21 * 654183;
-  s12 -= s21 * 997805;
-  s13 += s21 * 136657;
-  s14 -= s21 * 683901;
-  s21 = 0;
-
-  s8 += s20 * 666643;
-  s9 += s20 * 470296;
-  s10 += s20 * 654183;
-  s11 -= s20 * 997805;
-  s12 += s20 * 136657;
-  s13 -= s20 * 683901;
-  s20 = 0;
-
-  s7 += s19 * 666643;
-  s8 += s19 * 470296;
-  s9 += s19 * 654183;
-  s10 -= s19 * 997805;
-  s11 += s19 * 136657;
-  s12 -= s19 * 683901;
-  s19 = 0;
-
-  s6 += s18 * 666643;
-  s7 += s18 * 470296;
-  s8 += s18 * 654183;
-  s9 -= s18 * 997805;
-  s10 += s18 * 136657;
-  s11 -= s18 * 683901;
-  s18 = 0;
-
-  carry6 = (s6 + (1 << 20)) >> 21;
-  s7 += carry6;
-  s6 -= carry6 * (1 << 21);
-  carry8 = (s8 + (1 << 20)) >> 21;
-  s9 += carry8;
-  s8 -= carry8 * (1 << 21);
-  carry10 = (s10 + (1 << 20)) >> 21;
-  s11 += carry10;
-  s10 -= carry10 * (1 << 21);
-  carry12 = (s12 + (1 << 20)) >> 21;
-  s13 += carry12;
-  s12 -= carry12 * (1 << 21);
-  carry14 = (s14 + (1 << 20)) >> 21;
-  s15 += carry14;
-  s14 -= carry14 * (1 << 21);
-  carry16 = (s16 + (1 << 20)) >> 21;
-  s17 += carry16;
-  s16 -= carry16 * (1 << 21);
-
-  carry7 = (s7 + (1 << 20)) >> 21;
-  s8 += carry7;
-  s7 -= carry7 * (1 << 21);
-  carry9 = (s9 + (1 << 20)) >> 21;
-  s10 += carry9;
-  s9 -= carry9 * (1 << 21);
-  carry11 = (s11 + (1 << 20)) >> 21;
-  s12 += carry11;
-  s11 -= carry11 * (1 << 21);
-  carry13 = (s13 + (1 << 20)) >> 21;
-  s14 += carry13;
-  s13 -= carry13 * (1 << 21);
-  carry15 = (s15 + (1 << 20)) >> 21;
-  s16 += carry15;
-  s15 -= carry15 * (1 << 21);
-
-  s5 += s17 * 666643;
-  s6 += s17 * 470296;
-  s7 += s17 * 654183;
-  s8 -= s17 * 997805;
-  s9 += s17 * 136657;
-  s10 -= s17 * 683901;
-  s17 = 0;
-
-  s4 += s16 * 666643;
-  s5 += s16 * 470296;
-  s6 += s16 * 654183;
-  s7 -= s16 * 997805;
-  s8 += s16 * 136657;
-  s9 -= s16 * 683901;
-  s16 = 0;
-
-  s3 += s15 * 666643;
-  s4 += s15 * 470296;
-  s5 += s15 * 654183;
-  s6 -= s15 * 997805;
-  s7 += s15 * 136657;
-  s8 -= s15 * 683901;
-  s15 = 0;
-
-  s2 += s14 * 666643;
-  s3 += s14 * 470296;
-  s4 += s14 * 654183;
-  s5 -= s14 * 997805;
-  s6 += s14 * 136657;
-  s7 -= s14 * 683901;
-  s14 = 0;
-
-  s1 += s13 * 666643;
-  s2 += s13 * 470296;
-  s3 += s13 * 654183;
-  s4 -= s13 * 997805;
-  s5 += s13 * 136657;
-  s6 -= s13 * 683901;
-  s13 = 0;
-
-  s0 += s12 * 666643;
-  s1 += s12 * 470296;
-  s2 += s12 * 654183;
-  s3 -= s12 * 997805;
-  s4 += s12 * 136657;
-  s5 -= s12 * 683901;
-  s12 = 0;
-
-  carry0 = (s0 + (1 << 20)) >> 21;
-  s1 += carry0;
-  s0 -= carry0 * (1 << 21);
-  carry2 = (s2 + (1 << 20)) >> 21;
-  s3 += carry2;
-  s2 -= carry2 * (1 << 21);
-  carry4 = (s4 + (1 << 20)) >> 21;
-  s5 += carry4;
-  s4 -= carry4 * (1 << 21);
-  carry6 = (s6 + (1 << 20)) >> 21;
-  s7 += carry6;
-  s6 -= carry6 * (1 << 21);
-  carry8 = (s8 + (1 << 20)) >> 21;
-  s9 += carry8;
-  s8 -= carry8 * (1 << 21);
-  carry10 = (s10 + (1 << 20)) >> 21;
-  s11 += carry10;
-  s10 -= carry10 * (1 << 21);
-
-  carry1 = (s1 + (1 << 20)) >> 21;
-  s2 += carry1;
-  s1 -= carry1 * (1 << 21);
-  carry3 = (s3 + (1 << 20)) >> 21;
-  s4 += carry3;
-  s3 -= carry3 * (1 << 21);
-  carry5 = (s5 + (1 << 20)) >> 21;
-  s6 += carry5;
-  s5 -= carry5 * (1 << 21);
-  carry7 = (s7 + (1 << 20)) >> 21;
-  s8 += carry7;
-  s7 -= carry7 * (1 << 21);
-  carry9 = (s9 + (1 << 20)) >> 21;
-  s10 += carry9;
-  s9 -= carry9 * (1 << 21);
-  carry11 = (s11 + (1 << 20)) >> 21;
-  s12 += carry11;
-  s11 -= carry11 * (1 << 21);
-
-  s0 += s12 * 666643;
-  s1 += s12 * 470296;
-  s2 += s12 * 654183;
-  s3 -= s12 * 997805;
-  s4 += s12 * 136657;
-  s5 -= s12 * 683901;
-  s12 = 0;
-
-  carry0 = s0 >> 21;
-  s1 += carry0;
-  s0 -= carry0 * (1 << 21);
-  carry1 = s1 >> 21;
-  s2 += carry1;
-  s1 -= carry1 * (1 << 21);
-  carry2 = s2 >> 21;
-  s3 += carry2;
-  s2 -= carry2 * (1 << 21);
-  carry3 = s3 >> 21;
-  s4 += carry3;
-  s3 -= carry3 * (1 << 21);
-  carry4 = s4 >> 21;
-  s5 += carry4;
-  s4 -= carry4 * (1 << 21);
-  carry5 = s5 >> 21;
-  s6 += carry5;
-  s5 -= carry5 * (1 << 21);
-  carry6 = s6 >> 21;
-  s7 += carry6;
-  s6 -= carry6 * (1 << 21);
-  carry7 = s7 >> 21;
-  s8 += carry7;
-  s7 -= carry7 * (1 << 21);
-  carry8 = s8 >> 21;
-  s9 += carry8;
-  s8 -= carry8 * (1 << 21);
-  carry9 = s9 >> 21;
-  s10 += carry9;
-  s9 -= carry9 * (1 << 21);
-  carry10 = s10 >> 21;
-  s11 += carry10;
-  s10 -= carry10 * (1 << 21);
-  carry11 = s11 >> 21;
-  s12 += carry11;
-  s11 -= carry11 * (1 << 21);
-
-  s0 += s12 * 666643;
-  s1 += s12 * 470296;
-  s2 += s12 * 654183;
-  s3 -= s12 * 997805;
-  s4 += s12 * 136657;
-  s5 -= s12 * 683901;
-  s12 = 0;
-
-  carry0 = s0 >> 21;
-  s1 += carry0;
-  s0 -= carry0 * (1 << 21);
-  carry1 = s1 >> 21;
-  s2 += carry1;
-  s1 -= carry1 * (1 << 21);
-  carry2 = s2 >> 21;
-  s3 += carry2;
-  s2 -= carry2 * (1 << 21);
-  carry3 = s3 >> 21;
-  s4 += carry3;
-  s3 -= carry3 * (1 << 21);
-  carry4 = s4 >> 21;
-  s5 += carry4;
-  s4 -= carry4 * (1 << 21);
-  carry5 = s5 >> 21;
-  s6 += carry5;
-  s5 -= carry5 * (1 << 21);
-  carry6 = s6 >> 21;
-  s7 += carry6;
-  s6 -= carry6 * (1 << 21);
-  carry7 = s7 >> 21;
-  s8 += carry7;
-  s7 -= carry7 * (1 << 21);
-  carry8 = s8 >> 21;
-  s9 += carry8;
-  s8 -= carry8 * (1 << 21);
-  carry9 = s9 >> 21;
-  s10 += carry9;
-  s9 -= carry9 * (1 << 21);
-  carry10 = s10 >> 21;
-  s11 += carry10;
-  s10 -= carry10 * (1 << 21);
-
-  s[0] = (uint8_t)(s0 >> 0);
-  s[1] = (uint8_t)(s0 >> 8);
-  s[2] = (uint8_t)((s0 >> 16) | (s1 << 5));
-  s[3] = (uint8_t)(s1 >> 3);
-  s[4] = (uint8_t)(s1 >> 11);
-  s[5] = (uint8_t)((s1 >> 19) | (s2 << 2));
-  s[6] = (uint8_t)(s2 >> 6);
-  s[7] = (uint8_t)((s2 >> 14) | (s3 << 7));
-  s[8] = (uint8_t)(s3 >> 1);
-  s[9] = (uint8_t)(s3 >> 9);
-  s[10] = (uint8_t)((s3 >> 17) | (s4 << 4));
-  s[11] = (uint8_t)(s4 >> 4);
-  s[12] = (uint8_t)(s4 >> 12);
-  s[13] = (uint8_t)((s4 >> 20) | (s5 << 1));
-  s[14] = (uint8_t)(s5 >> 7);
-  s[15] = (uint8_t)((s5 >> 15) | (s6 << 6));
-  s[16] = (uint8_t)(s6 >> 2);
-  s[17] = (uint8_t)(s6 >> 10);
-  s[18] = (uint8_t)((s6 >> 18) | (s7 << 3));
-  s[19] = (uint8_t)(s7 >> 5);
-  s[20] = (uint8_t)(s7 >> 13);
-  s[21] = (uint8_t)(s8 >> 0);
-  s[22] = (uint8_t)(s8 >> 8);
-  s[23] = (uint8_t)((s8 >> 16) | (s9 << 5));
-  s[24] = (uint8_t)(s9 >> 3);
-  s[25] = (uint8_t)(s9 >> 11);
-  s[26] = (uint8_t)((s9 >> 19) | (s10 << 2));
-  s[27] = (uint8_t)(s10 >> 6);
-  s[28] = (uint8_t)((s10 >> 14) | (s11 << 7));
-  s[29] = (uint8_t)(s11 >> 1);
-  s[30] = (uint8_t)(s11 >> 9);
-  s[31] = (uint8_t)(s11 >> 17);
+                      const uint8_t *c)
+{
+    int64_t a0  = kBottom21Bits &  load_3(a);
+    int64_t a1  = kBottom21Bits & (load_4(a +  2) >> 5);
+    int64_t a2  = kBottom21Bits & (load_3(a +  5) >> 2);
+    int64_t a3  = kBottom21Bits & (load_4(a +  7) >> 7);
+    int64_t a4  = kBottom21Bits & (load_4(a + 10) >> 4);
+    int64_t a5  = kBottom21Bits & (load_3(a + 13) >> 1);
+    int64_t a6  = kBottom21Bits & (load_4(a + 15) >> 6);
+    int64_t a7  = kBottom21Bits & (load_3(a + 18) >> 3);
+    int64_t a8  = kBottom21Bits &  load_3(a + 21);
+    int64_t a9  = kBottom21Bits & (load_4(a + 23) >> 5);
+    int64_t a10 = kBottom21Bits & (load_3(a + 26) >> 2);
+    int64_t a11 =                 (load_4(a + 28) >> 7);
+    int64_t b0  = kBottom21Bits &  load_3(b);
+    int64_t b1  = kBottom21Bits & (load_4(b +  2) >> 5);
+    int64_t b2  = kBottom21Bits & (load_3(b +  5) >> 2);
+    int64_t b3  = kBottom21Bits & (load_4(b +  7) >> 7);
+    int64_t b4  = kBottom21Bits & (load_4(b + 10) >> 4);
+    int64_t b5  = kBottom21Bits & (load_3(b + 13) >> 1);
+    int64_t b6  = kBottom21Bits & (load_4(b + 15) >> 6);
+    int64_t b7  = kBottom21Bits & (load_3(b + 18) >> 3);
+    int64_t b8  = kBottom21Bits &  load_3(b + 21);
+    int64_t b9  = kBottom21Bits & (load_4(b + 23) >> 5);
+    int64_t b10 = kBottom21Bits & (load_3(b + 26) >> 2);
+    int64_t b11 =                 (load_4(b + 28) >> 7);
+    int64_t c0  = kBottom21Bits &  load_3(c);
+    int64_t c1  = kBottom21Bits & (load_4(c +  2) >> 5);
+    int64_t c2  = kBottom21Bits & (load_3(c +  5) >> 2);
+    int64_t c3  = kBottom21Bits & (load_4(c +  7) >> 7);
+    int64_t c4  = kBottom21Bits & (load_4(c + 10) >> 4);
+    int64_t c5  = kBottom21Bits & (load_3(c + 13) >> 1);
+    int64_t c6  = kBottom21Bits & (load_4(c + 15) >> 6);
+    int64_t c7  = kBottom21Bits & (load_3(c + 18) >> 3);
+    int64_t c8  = kBottom21Bits &  load_3(c + 21);
+    int64_t c9  = kBottom21Bits & (load_4(c + 23) >> 5);
+    int64_t c10 = kBottom21Bits & (load_3(c + 26) >> 2);
+    int64_t c11 =                 (load_4(c + 28) >> 7);
+    int64_t s0;
+    int64_t s1;
+    int64_t s2;
+    int64_t s3;
+    int64_t s4;
+    int64_t s5;
+    int64_t s6;
+    int64_t s7;
+    int64_t s8;
+    int64_t s9;
+    int64_t s10;
+    int64_t s11;
+    int64_t s12;
+    int64_t s13;
+    int64_t s14;
+    int64_t s15;
+    int64_t s16;
+    int64_t s17;
+    int64_t s18;
+    int64_t s19;
+    int64_t s20;
+    int64_t s21;
+    int64_t s22;
+    int64_t s23;
+    int64_t carry0;
+    int64_t carry1;
+    int64_t carry2;
+    int64_t carry3;
+    int64_t carry4;
+    int64_t carry5;
+    int64_t carry6;
+    int64_t carry7;
+    int64_t carry8;
+    int64_t carry9;
+    int64_t carry10;
+    int64_t carry11;
+    int64_t carry12;
+    int64_t carry13;
+    int64_t carry14;
+    int64_t carry15;
+    int64_t carry16;
+    int64_t carry17;
+    int64_t carry18;
+    int64_t carry19;
+    int64_t carry20;
+    int64_t carry21;
+    int64_t carry22;
+
+    s0  = c0   +   a0 * b0;
+    s1  = c1   +   a0 * b1   +   a1 * b0;
+    s2  = c2   +   a0 * b2   +   a1 * b1   +   a2 * b0;
+    s3  = c3   +   a0 * b3   +   a1 * b2   +   a2 * b1  +   a3 * b0;
+    s4  = c4   +   a0 * b4   +   a1 * b3   +   a2 * b2  +   a3 * b1  +   a4 * b0;
+    s5  = c5   +   a0 * b5   +   a1 * b4   +   a2 * b3  +   a3 * b2  +   a4 * b1  +   a5 * b0;
+    s6  = c6   +   a0 * b6   +   a1 * b5   +   a2 * b4  +   a3 * b3  +   a4 * b2  +   a5 * b1 +   a6 * b0;
+    s7  = c7   +   a0 * b7   +   a1 * b6   +   a2 * b5  +   a3 * b4  +   a4 * b3  +   a5 * b2 +   a6 * b1   +   a7 * b0;
+    s8  = c8   +   a0 * b8   +   a1 * b7   +   a2 * b6  +   a3 * b5  +   a4 * b4  +   a5 * b3 +   a6 * b2   +   a7 * b1   +   a8 * b0;
+    s9  = c9   +   a0 * b9   +   a1 * b8   +   a2 * b7  +   a3 * b6  +   a4 * b5  +   a5 * b4 +   a6 * b3   +   a7 * b2   +   a8 * b1  +   a9 * b0;
+    s10 = c10  +   a0 * b10  +   a1 * b9   +   a2 * b8  +   a3 * b7  +   a4 * b6  +   a5 * b5 +   a6 * b4   +   a7 * b3   +   a8 * b2  +   a9 * b1  +  a10 * b0;
+    s11 = c11  +   a0 * b11  +   a1 * b10  +   a2 * b9  +   a3 * b8  +   a4 * b7  +   a5 * b6 +   a6 * b5   +   a7 * b4   +   a8 * b3  +   a9 * b2  +  a10 * b1  +  a11 * b0;
+    s12 =          a1 * b11  +   a2 * b10  +   a3 * b9  +   a4 * b8  +   a5 * b7  +   a6 * b6 +   a7 * b5   +   a8 * b4   +   a9 * b3  +  a10 * b2  +  a11 * b1;
+    s13 =          a2 * b11  +   a3 * b10  +   a4 * b9  +   a5 * b8  +   a6 * b7  +   a7 * b6 +   a8 * b5   +   a9 * b4   +  a10 * b3  +  a11 * b2;
+    s14 =          a3 * b11  +   a4 * b10  +   a5 * b9  +   a6 * b8  +   a7 * b7  +   a8 * b6 +   a9 * b5   +  a10 * b4   +  a11 * b3;
+    s15 =          a4 * b11  +   a5 * b10  +   a6 * b9  +   a7 * b8  +   a8 * b7  +   a9 * b6 +  a10 * b5   +  a11 * b4;
+    s16 =          a5 * b11  +   a6 * b10  +   a7 * b9  +   a8 * b8  +   a9 * b7  +  a10 * b6 +  a11 * b5;
+    s17 =          a6 * b11  +   a7 * b10  +   a8 * b9  +   a9 * b8  +  a10 * b7  +  a11 * b6;
+    s18 =          a7 * b11  +   a8 * b10  +   a9 * b9  +  a10 * b8  +  a11 * b7;
+    s19 =          a8 * b11  +   a9 * b10  +  a10 * b9  +  a11 * b8;
+    s20 =          a9 * b11  +  a10 * b10  +  a11 * b9;
+    s21 =         a10 * b11  +  a11 * b10;
+    s22 =         a11 * b11;
+    s23 =         0;
+
+    carry0 = (s0 + (1 << 20)) >> 21;
+    s1  += carry0;
+    s0  -= carry0 * (1 << 21);
+    carry2 = (s2 + (1 << 20)) >> 21;
+    s3  += carry2;
+    s2  -= carry2 * (1 << 21);
+    carry4 = (s4 + (1 << 20)) >> 21;
+    s5  += carry4;
+    s4  -= carry4 * (1 << 21);
+    carry6 = (s6 + (1 << 20)) >> 21;
+    s7  += carry6;
+    s6  -= carry6 * (1 << 21);
+    carry8 = (s8 + (1 << 20)) >> 21;
+    s9  += carry8;
+    s8  -= carry8 * (1 << 21);
+    carry10 = (s10 + (1 << 20)) >> 21;
+    s11 += carry10;
+    s10 -= carry10 * (1 << 21);
+    carry12 = (s12 + (1 << 20)) >> 21;
+    s13 += carry12;
+    s12 -= carry12 * (1 << 21);
+    carry14 = (s14 + (1 << 20)) >> 21;
+    s15 += carry14;
+    s14 -= carry14 * (1 << 21);
+    carry16 = (s16 + (1 << 20)) >> 21;
+    s17 += carry16;
+    s16 -= carry16 * (1 << 21);
+    carry18 = (s18 + (1 << 20)) >> 21;
+    s19 += carry18;
+    s18 -= carry18 * (1 << 21);
+    carry20 = (s20 + (1 << 20)) >> 21;
+    s21 += carry20;
+    s20 -= carry20 * (1 << 21);
+    carry22 = (s22 + (1 << 20)) >> 21;
+    s23 += carry22;
+    s22 -= carry22 * (1 << 21);
+
+    carry1 = (s1 + (1 << 20)) >> 21;
+    s2  += carry1;
+    s1  -= carry1 * (1 << 21);
+    carry3 = (s3 + (1 << 20)) >> 21;
+    s4  += carry3;
+    s3  -= carry3 * (1 << 21);
+    carry5 = (s5 + (1 << 20)) >> 21;
+    s6  += carry5;
+    s5  -= carry5 * (1 << 21);
+    carry7 = (s7 + (1 << 20)) >> 21;
+    s8  += carry7;
+    s7  -= carry7 * (1 << 21);
+    carry9 = (s9 + (1 << 20)) >> 21;
+    s10 += carry9;
+    s9  -= carry9 * (1 << 21);
+    carry11 = (s11 + (1 << 20)) >> 21;
+    s12 += carry11;
+    s11 -= carry11 * (1 << 21);
+    carry13 = (s13 + (1 << 20)) >> 21;
+    s14 += carry13;
+    s13 -= carry13 * (1 << 21);
+    carry15 = (s15 + (1 << 20)) >> 21;
+    s16 += carry15;
+    s15 -= carry15 * (1 << 21);
+    carry17 = (s17 + (1 << 20)) >> 21;
+    s18 += carry17;
+    s17 -= carry17 * (1 << 21);
+    carry19 = (s19 + (1 << 20)) >> 21;
+    s20 += carry19;
+    s19 -= carry19 * (1 << 21);
+    carry21 = (s21 + (1 << 20)) >> 21;
+    s22 += carry21;
+    s21 -= carry21 * (1 << 21);
+
+    s11 += s23 * 666643;
+    s12 += s23 * 470296;
+    s13 += s23 * 654183;
+    s14 -= s23 * 997805;
+    s15 += s23 * 136657;
+    s16 -= s23 * 683901;
+    s23  = 0;
+
+    s10 += s22 * 666643;
+    s11 += s22 * 470296;
+    s12 += s22 * 654183;
+    s13 -= s22 * 997805;
+    s14 += s22 * 136657;
+    s15 -= s22 * 683901;
+    s22  = 0;
+
+    s9  += s21 * 666643;
+    s10 += s21 * 470296;
+    s11 += s21 * 654183;
+    s12 -= s21 * 997805;
+    s13 += s21 * 136657;
+    s14 -= s21 * 683901;
+    s21  = 0;
+
+    s8  += s20 * 666643;
+    s9  += s20 * 470296;
+    s10 += s20 * 654183;
+    s11 -= s20 * 997805;
+    s12 += s20 * 136657;
+    s13 -= s20 * 683901;
+    s20  = 0;
+
+    s7  += s19 * 666643;
+    s8  += s19 * 470296;
+    s9  += s19 * 654183;
+    s10 -= s19 * 997805;
+    s11 += s19 * 136657;
+    s12 -= s19 * 683901;
+    s19  = 0;
+
+    s6  += s18 * 666643;
+    s7  += s18 * 470296;
+    s8  += s18 * 654183;
+    s9  -= s18 * 997805;
+    s10 += s18 * 136657;
+    s11 -= s18 * 683901;
+    s18  = 0;
+
+    carry6 = (s6 + (1 << 20)) >> 21;
+    s7  += carry6;
+    s6  -= carry6 * (1 << 21);
+    carry8 = (s8 + (1 << 20)) >> 21;
+    s9  += carry8;
+    s8  -= carry8 * (1 << 21);
+    carry10 = (s10 + (1 << 20)) >> 21;
+    s11 += carry10;
+    s10 -= carry10 * (1 << 21);
+    carry12 = (s12 + (1 << 20)) >> 21;
+    s13 += carry12;
+    s12 -= carry12 * (1 << 21);
+    carry14 = (s14 + (1 << 20)) >> 21;
+    s15 += carry14;
+    s14 -= carry14 * (1 << 21);
+    carry16 = (s16 + (1 << 20)) >> 21;
+    s17 += carry16;
+    s16 -= carry16 * (1 << 21);
+
+    carry7 = (s7 + (1 << 20)) >> 21;
+    s8  += carry7;
+    s7  -= carry7 * (1 << 21);
+    carry9 = (s9 + (1 << 20)) >> 21;
+    s10 += carry9;
+    s9  -= carry9 * (1 << 21);
+    carry11 = (s11 + (1 << 20)) >> 21;
+    s12 += carry11;
+    s11 -= carry11 * (1 << 21);
+    carry13 = (s13 + (1 << 20)) >> 21;
+    s14 += carry13;
+    s13 -= carry13 * (1 << 21);
+    carry15 = (s15 + (1 << 20)) >> 21;
+    s16 += carry15;
+    s15 -= carry15 * (1 << 21);
+
+    s5  += s17 * 666643;
+    s6  += s17 * 470296;
+    s7  += s17 * 654183;
+    s8  -= s17 * 997805;
+    s9  += s17 * 136657;
+    s10 -= s17 * 683901;
+    s17  = 0;
+
+    s4  += s16 * 666643;
+    s5  += s16 * 470296;
+    s6  += s16 * 654183;
+    s7  -= s16 * 997805;
+    s8  += s16 * 136657;
+    s9  -= s16 * 683901;
+    s16  = 0;
+
+    s3  += s15 * 666643;
+    s4  += s15 * 470296;
+    s5  += s15 * 654183;
+    s6  -= s15 * 997805;
+    s7  += s15 * 136657;
+    s8  -= s15 * 683901;
+    s15  = 0;
+
+    s2  += s14 * 666643;
+    s3  += s14 * 470296;
+    s4  += s14 * 654183;
+    s5  -= s14 * 997805;
+    s6  += s14 * 136657;
+    s7  -= s14 * 683901;
+    s14  = 0;
+
+    s1  += s13 * 666643;
+    s2  += s13 * 470296;
+    s3  += s13 * 654183;
+    s4  -= s13 * 997805;
+    s5  += s13 * 136657;
+    s6  -= s13 * 683901;
+    s13  = 0;
+
+    s0  += s12 * 666643;
+    s1  += s12 * 470296;
+    s2  += s12 * 654183;
+    s3  -= s12 * 997805;
+    s4  += s12 * 136657;
+    s5  -= s12 * 683901;
+    s12 = 0;
+
+    carry0 = (s0 + (1 << 20)) >> 21;
+    s1  += carry0;
+    s0  -= carry0 * (1 << 21);
+    carry2 = (s2 + (1 << 20)) >> 21;
+    s3  += carry2;
+    s2  -= carry2 * (1 << 21);
+    carry4 = (s4 + (1 << 20)) >> 21;
+    s5  += carry4;
+    s4  -= carry4 * (1 << 21);
+    carry6 = (s6 + (1 << 20)) >> 21;
+    s7  += carry6;
+    s6  -= carry6 * (1 << 21);
+    carry8 = (s8 + (1 << 20)) >> 21;
+    s9  += carry8;
+    s8  -= carry8 * (1 << 21);
+    carry10 = (s10 + (1 << 20)) >> 21;
+    s11 += carry10;
+    s10 -= carry10 * (1 << 21);
+
+    carry1 = (s1 + (1 << 20)) >> 21;
+    s2  += carry1;
+    s1  -= carry1 * (1 << 21);
+    carry3 = (s3 + (1 << 20)) >> 21;
+    s4  += carry3;
+    s3  -= carry3 * (1 << 21);
+    carry5 = (s5 + (1 << 20)) >> 21;
+    s6  += carry5;
+    s5  -= carry5 * (1 << 21);
+    carry7 = (s7 + (1 << 20)) >> 21;
+    s8  += carry7;
+    s7  -= carry7 * (1 << 21);
+    carry9 = (s9 + (1 << 20)) >> 21;
+    s10 += carry9;
+    s9  -= carry9 * (1 << 21);
+    carry11 = (s11 + (1 << 20)) >> 21;
+    s12 += carry11;
+    s11 -= carry11 * (1 << 21);
+
+    s0  += s12 * 666643;
+    s1  += s12 * 470296;
+    s2  += s12 * 654183;
+    s3  -= s12 * 997805;
+    s4  += s12 * 136657;
+    s5  -= s12 * 683901;
+    s12  = 0;
+
+    carry0 = s0 >> 21;
+    s1  += carry0;
+    s0  -= carry0 * (1 << 21);
+    carry1 = s1 >> 21;
+    s2  += carry1;
+    s1  -= carry1 * (1 << 21);
+    carry2 = s2 >> 21;
+    s3  += carry2;
+    s2  -= carry2 * (1 << 21);
+    carry3 = s3 >> 21;
+    s4  += carry3;
+    s3  -= carry3 * (1 << 21);
+    carry4 = s4 >> 21;
+    s5  += carry4;
+    s4  -= carry4 * (1 << 21);
+    carry5 = s5 >> 21;
+    s6  += carry5;
+    s5  -= carry5 * (1 << 21);
+    carry6 = s6 >> 21;
+    s7  += carry6;
+    s6  -= carry6 * (1 << 21);
+    carry7 = s7 >> 21;
+    s8  += carry7;
+    s7  -= carry7 * (1 << 21);
+    carry8 = s8 >> 21;
+    s9  += carry8;
+    s8  -= carry8 * (1 << 21);
+    carry9 = s9 >> 21;
+    s10 += carry9;
+    s9  -= carry9 * (1 << 21);
+    carry10 = s10 >> 21;
+    s11 += carry10;
+    s10 -= carry10 * (1 << 21);
+    carry11 = s11 >> 21;
+    s12 += carry11;
+    s11 -= carry11 * (1 << 21);
+
+    s0  += s12 * 666643;
+    s1  += s12 * 470296;
+    s2  += s12 * 654183;
+    s3  -= s12 * 997805;
+    s4  += s12 * 136657;
+    s5  -= s12 * 683901;
+    s12  = 0;
+
+    carry0 = s0 >> 21;
+    s1  += carry0;
+    s0  -= carry0 * (1 << 21);
+    carry1 = s1 >> 21;
+    s2  += carry1;
+    s1  -= carry1 * (1 << 21);
+    carry2 = s2 >> 21;
+    s3  += carry2;
+    s2  -= carry2 * (1 << 21);
+    carry3 = s3 >> 21;
+    s4  += carry3;
+    s3  -= carry3 * (1 << 21);
+    carry4 = s4 >> 21;
+    s5  += carry4;
+    s4  -= carry4 * (1 << 21);
+    carry5 = s5 >> 21;
+    s6  += carry5;
+    s5  -= carry5 * (1 << 21);
+    carry6 = s6 >> 21;
+    s7  += carry6;
+    s6  -= carry6 * (1 << 21);
+    carry7 = s7 >> 21;
+    s8  += carry7;
+    s7  -= carry7 * (1 << 21);
+    carry8 = s8 >> 21;
+    s9  += carry8;
+    s8  -= carry8 * (1 << 21);
+    carry9 = s9 >> 21;
+    s10 += carry9;
+    s9  -= carry9 * (1 << 21);
+    carry10 = s10 >> 21;
+    s11 += carry10;
+    s10 -= carry10 * (1 << 21);
+
+    s[ 0] = (uint8_t) (s0  >>  0);
+    s[ 1] = (uint8_t) (s0  >>  8);
+    s[ 2] = (uint8_t)((s0  >> 16) | (s1 << 5));
+    s[ 3] = (uint8_t) (s1  >>  3);
+    s[ 4] = (uint8_t) (s1  >> 11);
+    s[ 5] = (uint8_t)((s1  >> 19) | (s2 << 2));
+    s[ 6] = (uint8_t) (s2  >>  6);
+    s[ 7] = (uint8_t)((s2  >> 14) | (s3 << 7));
+    s[ 8] = (uint8_t) (s3  >>  1);
+    s[ 9] = (uint8_t) (s3  >>  9);
+    s[10] = (uint8_t)((s3  >> 17) | (s4 << 4));
+    s[11] = (uint8_t) (s4  >>  4);
+    s[12] = (uint8_t) (s4  >> 12);
+    s[13] = (uint8_t)((s4  >> 20) | (s5 << 1));
+    s[14] = (uint8_t) (s5  >>  7);
+    s[15] = (uint8_t)((s5  >> 15) | (s6 << 6));
+    s[16] = (uint8_t) (s6  >>  2);
+    s[17] = (uint8_t) (s6  >> 10);
+    s[18] = (uint8_t)((s6  >> 18) | (s7 << 3));
+    s[19] = (uint8_t) (s7  >>  5);
+    s[20] = (uint8_t) (s7  >> 13);
+    s[21] = (uint8_t) (s8  >>  0);
+    s[22] = (uint8_t) (s8  >>  8);
+    s[23] = (uint8_t)((s8  >> 16) | (s9 << 5));
+    s[24] = (uint8_t) (s9  >>  3);
+    s[25] = (uint8_t) (s9  >> 11);
+    s[26] = (uint8_t)((s9  >> 19) | (s10 << 2));
+    s[27] = (uint8_t) (s10 >>  6);
+    s[28] = (uint8_t)((s10 >> 14) | (s11 << 7));
+    s[29] = (uint8_t) (s11 >>  1);
+    s[30] = (uint8_t) (s11 >>  9);
+    s[31] = (uint8_t) (s11 >> 17);
 }
 
 int ED25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len,
-                 const uint8_t public_key[32], const uint8_t private_key[32]) {
-  uint8_t az[SHA512_DIGEST_LENGTH];
-  uint8_t nonce[SHA512_DIGEST_LENGTH];
-  ge_p3 R;
-  uint8_t hram[SHA512_DIGEST_LENGTH];
-  SHA512_CTX hash_ctx;
-
-  SHA512_Init(&hash_ctx);
-  SHA512_Update(&hash_ctx, private_key, 32);
-  SHA512_Final(az, &hash_ctx);
-
-  az[0] &= 248;
-  az[31] &= 63;
-  az[31] |= 64;
-
-  SHA512_Init(&hash_ctx);
-  SHA512_Update(&hash_ctx, az + 32, 32);
-  SHA512_Update(&hash_ctx, message, message_len);
-  SHA512_Final(nonce, &hash_ctx);
-
-  x25519_sc_reduce(nonce);
-  ge_scalarmult_base(&R, nonce);
-  ge_p3_tobytes(out_sig, &R);
-
-  SHA512_Init(&hash_ctx);
-  SHA512_Update(&hash_ctx, out_sig, 32);
-  SHA512_Update(&hash_ctx, public_key, 32);
-  SHA512_Update(&hash_ctx, message, message_len);
-  SHA512_Final(hram, &hash_ctx);
-
-  x25519_sc_reduce(hram);
-  sc_muladd(out_sig + 32, hram, az, nonce);
-
-  OPENSSL_cleanse(&hash_ctx, sizeof(hash_ctx));
-  OPENSSL_cleanse(nonce, sizeof(nonce));
-  OPENSSL_cleanse(az, sizeof(az));
-
-  return 1;
+                 const uint8_t public_key[32], const uint8_t private_key[32])
+{
+    uint8_t az[SHA512_DIGEST_LENGTH];
+    uint8_t nonce[SHA512_DIGEST_LENGTH];
+    ge_p3 R;
+    uint8_t hram[SHA512_DIGEST_LENGTH];
+    SHA512_CTX hash_ctx;
+
+    SHA512_Init(&hash_ctx);
+    SHA512_Update(&hash_ctx, private_key, 32);
+    SHA512_Final(az, &hash_ctx);
+
+    az[0] &= 248;
+    az[31] &= 63;
+    az[31] |= 64;
+
+    SHA512_Init(&hash_ctx);
+    SHA512_Update(&hash_ctx, az + 32, 32);
+    SHA512_Update(&hash_ctx, message, message_len);
+    SHA512_Final(nonce, &hash_ctx);
+
+    x25519_sc_reduce(nonce);
+    ge_scalarmult_base(&R, nonce);
+    ge_p3_tobytes(out_sig, &R);
+
+    SHA512_Init(&hash_ctx);
+    SHA512_Update(&hash_ctx, out_sig, 32);
+    SHA512_Update(&hash_ctx, public_key, 32);
+    SHA512_Update(&hash_ctx, message, message_len);
+    SHA512_Final(hram, &hash_ctx);
+
+    x25519_sc_reduce(hram);
+    sc_muladd(out_sig + 32, hram, az, nonce);
+
+    OPENSSL_cleanse(&hash_ctx, sizeof(hash_ctx));
+    OPENSSL_cleanse(nonce, sizeof(nonce));
+    OPENSSL_cleanse(az, sizeof(az));
+
+    return 1;
 }
 
+static const char allzeroes[15];
+
 int ED25519_verify(const uint8_t *message, size_t message_len,
-                   const uint8_t signature[64], const uint8_t public_key[32]) {
-  ge_p3 A;
-  uint8_t rcopy[32];
-  uint8_t scopy[32];
-  SHA512_CTX hash_ctx;
-  ge_p2 R;
-  uint8_t rcheck[32];
-  uint8_t h[SHA512_DIGEST_LENGTH];
-
-  if ((signature[63] & 224) != 0 ||
-      ge_frombytes_vartime(&A, public_key) != 0) {
-    return 0;
-  }
+                   const uint8_t signature[64], const uint8_t public_key[32])
+{
+    int i;
+    ge_p3 A;
+    const uint8_t *r, *s;
+    SHA512_CTX hash_ctx;
+    ge_p2 R;
+    uint8_t rcheck[32];
+    uint8_t h[SHA512_DIGEST_LENGTH];
+    /* 27742317777372353535851937790883648493 in little endian format */
+    const uint8_t l_low[16] = {
+        0xED, 0xD3, 0xF5, 0x5C, 0x1A, 0x63, 0x12, 0x58, 0xD6, 0x9C, 0xF7, 0xA2,
+        0xDE, 0xF9, 0xDE, 0x14
+    };
+
+    r = signature;
+    s = signature + 32;
+
+    /*
+     * Check 0 <= s < L where L = 2^252 + 27742317777372353535851937790883648493
+     *
+     * If not the signature is publicly invalid. Since it's public we can do the
+     * check in variable time.
+     *
+     * First check the most significant byte
+     */
+    if (s[31] > 0x10)
+        return 0;
+    if (s[31] == 0x10) {
+        /*
+         * Most significant byte indicates a value close to 2^252 so check the
+         * rest
+         */
+        if (memcmp(s + 16, allzeroes, sizeof(allzeroes)) != 0)
+            return 0;
+        for (i = 15; i >= 0; i--) {
+            if (s[i] < l_low[i])
+                break;
+            if (s[i] > l_low[i])
+                return 0;
+        }
+        if (i < 0)
+            return 0;
+    }
 
-  fe_neg(A.X, A.X);
-  fe_neg(A.T, A.T);
+    if (ge_frombytes_vartime(&A, public_key) != 0) {
+        return 0;
+    }
 
-  memcpy(rcopy, signature, 32);
-  memcpy(scopy, signature + 32, 32);
+    fe_neg(A.X, A.X);
+    fe_neg(A.T, A.T);
 
-  SHA512_Init(&hash_ctx);
-  SHA512_Update(&hash_ctx, signature, 32);
-  SHA512_Update(&hash_ctx, public_key, 32);
-  SHA512_Update(&hash_ctx, message, message_len);
-  SHA512_Final(h, &hash_ctx);
+    SHA512_Init(&hash_ctx);
+    SHA512_Update(&hash_ctx, r, 32);
+    SHA512_Update(&hash_ctx, public_key, 32);
+    SHA512_Update(&hash_ctx, message, message_len);
+    SHA512_Final(h, &hash_ctx);
 
-  x25519_sc_reduce(h);
+    x25519_sc_reduce(h);
 
-  ge_double_scalarmult_vartime(&R, h, &A, scopy);
+    ge_double_scalarmult_vartime(&R, h, &A, s);
 
-  ge_tobytes(rcheck, &R);
+    ge_tobytes(rcheck, &R);
 
-  return CRYPTO_memcmp(rcheck, rcopy, sizeof(rcheck)) == 0;
+    return CRYPTO_memcmp(rcheck, r, sizeof(rcheck)) == 0;
 }
 
 void ED25519_public_from_private(uint8_t out_public_key[32],
-                                 const uint8_t private_key[32]) {
-  uint8_t az[SHA512_DIGEST_LENGTH];
-  ge_p3 A;
+                                 const uint8_t private_key[32])
+{
+    uint8_t az[SHA512_DIGEST_LENGTH];
+    ge_p3 A;
 
-  SHA512(private_key, 32, az);
+    SHA512(private_key, 32, az);
 
-  az[0] &= 248;
-  az[31] &= 63;
-  az[31] |= 64;
+    az[0] &= 248;
+    az[31] &= 63;
+    az[31] |= 64;
 
-  ge_scalarmult_base(&A, az);
-  ge_p3_tobytes(out_public_key, &A);
+    ge_scalarmult_base(&A, az);
+    ge_p3_tobytes(out_public_key, &A);
 
-  OPENSSL_cleanse(az, sizeof(az));
+    OPENSSL_cleanse(az, sizeof(az));
 }
 
 int X25519(uint8_t out_shared_key[32], const uint8_t private_key[32],
-           const uint8_t peer_public_value[32]) {
-  static const uint8_t kZeros[32] = {0};
-  x25519_scalar_mult(out_shared_key, private_key, peer_public_value);
-  /* The all-zero output results when the input is a point of small order. */
-  return CRYPTO_memcmp(kZeros, out_shared_key, 32) != 0;
+           const uint8_t peer_public_value[32])
+{
+    static const uint8_t kZeros[32] = {0};
+    x25519_scalar_mult(out_shared_key, private_key, peer_public_value);
+    /* The all-zero output results when the input is a point of small order. */
+    return CRYPTO_memcmp(kZeros, out_shared_key, 32) != 0;
 }
 
 void X25519_public_from_private(uint8_t out_public_value[32],
-                                const uint8_t private_key[32]) {
-  uint8_t e[32];
-  ge_p3 A;
-  fe zplusy, zminusy, zminusy_inv;
-
-  memcpy(e, private_key, 32);
-  e[0] &= 248;
-  e[31] &= 127;
-  e[31] |= 64;
-
-  ge_scalarmult_base(&A, e);
-
-  /* We only need the u-coordinate of the curve25519 point. The map is
-   * u=(y+1)/(1-y). Since y=Y/Z, this gives u=(Z+Y)/(Z-Y). */
-  fe_add(zplusy, A.Z, A.Y);
-  fe_sub(zminusy, A.Z, A.Y);
-  fe_invert(zminusy_inv, zminusy);
-  fe_mul(zplusy, zplusy, zminusy_inv);
-  fe_tobytes(out_public_value, zplusy);
-
-  OPENSSL_cleanse(e, sizeof(e));
+                                const uint8_t private_key[32])
+{
+    uint8_t e[32];
+    ge_p3 A;
+    fe zplusy, zminusy, zminusy_inv;
+
+    memcpy(e, private_key, 32);
+    e[0] &= 248;
+    e[31] &= 127;
+    e[31] |= 64;
+
+    ge_scalarmult_base(&A, e);
+
+    /*
+     * We only need the u-coordinate of the curve25519 point.
+     * The map is u=(y+1)/(1-y). Since y=Y/Z, this gives
+     * u=(Z+Y)/(Z-Y).
+     */
+    fe_add(zplusy, A.Z, A.Y);
+    fe_sub(zminusy, A.Z, A.Y);
+    fe_invert(zminusy_inv, zminusy);
+    fe_mul(zplusy, zplusy, zminusy_inv);
+    fe_tobytes(out_public_value, zplusy);
+
+    OPENSSL_cleanse(e, sizeof(e));
 }
diff --git a/deps/openssl/openssl/crypto/ec/curve448/eddsa.c b/deps/openssl/openssl/crypto/ec/curve448/eddsa.c
index 909413a535..b28f7dff91 100644
--- a/deps/openssl/openssl/crypto/ec/curve448/eddsa.c
+++ b/deps/openssl/openssl/crypto/ec/curve448/eddsa.c
@@ -246,10 +246,36 @@ c448_error_t c448_ed448_verify(
                     uint8_t context_len)
 {
     curve448_point_t pk_point, r_point;
-    c448_error_t error =
-        curve448_point_decode_like_eddsa_and_mul_by_ratio(pk_point, pubkey);
+    c448_error_t error;
     curve448_scalar_t challenge_scalar;
     curve448_scalar_t response_scalar;
+    /* Order in little endian format */
+    static const uint8_t order[] = {
+        0xF3, 0x44, 0x58, 0xAB, 0x92, 0xC2, 0x78, 0x23, 0x55, 0x8F, 0xC5, 0x8D,
+        0x72, 0xC2, 0x6C, 0x21, 0x90, 0x36, 0xD6, 0xAE, 0x49, 0xDB, 0x4E, 0xC4,
+        0xE9, 0x23, 0xCA, 0x7C, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x3F, 0x00
+    };
+    int i;
+
+    /*
+     * Check that s (second 57 bytes of the sig) is less than the order. Both
+     * s and the order are in little-endian format. This can be done in
+     * variable time, since if this is not the case the signature if publicly
+     * invalid.
+     */
+    for (i = EDDSA_448_PUBLIC_BYTES - 1; i >= 0; i--) {
+        if (signature[i + EDDSA_448_PUBLIC_BYTES] > order[i])
+            return C448_FAILURE;
+        if (signature[i + EDDSA_448_PUBLIC_BYTES] < order[i])
+            break;
+    }
+    if (i < 0)
+        return C448_FAILURE;
+
+    error =
+        curve448_point_decode_like_eddsa_and_mul_by_ratio(pk_point, pubkey);
 
     if (C448_SUCCESS != error)
         return error;
diff --git a/deps/openssl/openssl/crypto/ec/curve448/point_448.h b/deps/openssl/openssl/crypto/ec/curve448/point_448.h
index 0ef3b8714e..399f91b9a1 100644
--- a/deps/openssl/openssl/crypto/ec/curve448/point_448.h
+++ b/deps/openssl/openssl/crypto/ec/curve448/point_448.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright 2015-2016 Cryptography Research, Inc.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
@@ -116,7 +116,7 @@ void curve448_scalar_encode(unsigned char ser[C448_SCALAR_BYTES],
 
 /*
  * Add two scalars. |a|, |b| and |out| may alias each other.
- * 
+ *
  * a (in): One scalar.
  * b (in): Another scalar.
  * out (out): a+b.
@@ -135,7 +135,7 @@ void curve448_scalar_sub(curve448_scalar_t out,
 
 /*
  * Multiply two scalars. |a|, |b| and |out| may alias each other.
- * 
+ *
  * a (in): One scalar.
  * b (in): Another scalar.
  * out (out): a*b.
@@ -145,7 +145,7 @@ void curve448_scalar_mul(curve448_scalar_t out,
 
 /*
 * Halve a scalar.  |a| and |out| may alias each other.
-* 
+*
 * a (in): A scalar.
 * out (out): a/2.
 */
@@ -154,7 +154,7 @@ void curve448_scalar_halve(curve448_scalar_t out, const curve448_scalar_t a);
 /*
  * Copy a scalar.  The scalars may alias each other, in which case this
  * function does nothing.
- * 
+ *
  * a (in): A scalar.
  * out (out): Will become a copy of a.
  */
@@ -183,7 +183,7 @@ static ossl_inline void curve448_point_copy(curve448_point_t a,
  *
  * a (in): A point.
  * b (in): Another point.
- * 
+ *
  * Returns:
  * C448_TRUE: The points are equal.
  * C448_FALSE: The points are not equal.
@@ -243,7 +243,7 @@ void curve448_point_mul_by_ratio_and_encode_like_x448(
 /*
  * RFC 7748 Diffie-Hellman base point scalarmul.  This function uses a different
  * (non-Decaf) encoding.
- * 
+ *
  * out (out): The scaled point base*scalar
  * scalar (in): The scalar to multiply by.
  */
@@ -273,7 +273,7 @@ void curve448_precomputed_scalarmul(curve448_point_t scaled,
  * base2 (in): A second point to be scaled.
  * scalar2 (in) A second scalar to multiply by.
  *
- * Warning: This function takes variable time, and may leak the scalars used. 
+ * Warning: This function takes variable time, and may leak the scalars used.
  * It is designed for signature verification.
  */
 void curve448_base_double_scalarmul_non_secret(curve448_point_t combo,
diff --git a/deps/openssl/openssl/crypto/ec/ec2_smpl.c b/deps/openssl/openssl/crypto/ec/ec2_smpl.c
index 87f7ce5691..0a05a7aeea 100644
--- a/deps/openssl/openssl/crypto/ec/ec2_smpl.c
+++ b/deps/openssl/openssl/crypto/ec/ec2_smpl.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
@@ -810,7 +810,7 @@ int ec_GF2m_simple_ladder_post(const EC_GROUP *group,
         || !group->meth->field_mul(group, t2, t2, t0, ctx)
         || !BN_GF2m_add(t1, t2, t1)
         || !group->meth->field_mul(group, t2, p->X, t0, ctx)
-        || !BN_GF2m_mod_inv(t2, t2, group->field, ctx)
+        || !group->meth->field_inv(group, t2, t2, ctx)
         || !group->meth->field_mul(group, t1, t1, t2, ctx)
         || !group->meth->field_mul(group, r->X, r->Z, t2, ctx)
         || !BN_GF2m_add(t2, p->X, r->X)
@@ -889,6 +889,21 @@ int ec_GF2m_simple_points_mul(const EC_GROUP *group, EC_POINT *r,
     return ret;
 }
 
+/*-
+ * Computes the multiplicative inverse of a in GF(2^m), storing the result in r.
+ * If a is zero (or equivalent), you'll get a EC_R_CANNOT_INVERT error.
+ * SCA hardening is with blinding: BN_GF2m_mod_inv does that.
+ */
+static int ec_GF2m_simple_field_inv(const EC_GROUP *group, BIGNUM *r,
+                                    const BIGNUM *a, BN_CTX *ctx)
+{
+    int ret;
+
+    if (!(ret = BN_GF2m_mod_inv(r, a, group->field, ctx)))
+        ECerr(EC_F_EC_GF2M_SIMPLE_FIELD_INV, EC_R_CANNOT_INVERT);
+    return ret;
+}
+
 const EC_METHOD *EC_GF2m_simple_method(void)
 {
     static const EC_METHOD ret = {
@@ -929,6 +944,7 @@ const EC_METHOD *EC_GF2m_simple_method(void)
         ec_GF2m_simple_field_mul,
         ec_GF2m_simple_field_sqr,
         ec_GF2m_simple_field_div,
+        ec_GF2m_simple_field_inv,
         0, /* field_encode */
         0, /* field_decode */
         0, /* field_set_to_one */
diff --git a/deps/openssl/openssl/crypto/ec/ec_ameth.c b/deps/openssl/openssl/crypto/ec/ec_ameth.c
index a3164b5b2e..8b363e096b 100644
--- a/deps/openssl/openssl/crypto/ec/ec_ameth.c
+++ b/deps/openssl/openssl/crypto/ec/ec_ameth.c
@@ -505,7 +505,7 @@ static int ec_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
 
     case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
         *(int *)arg2 = NID_sha256;
-        return 2;
+        return 1;
 
     case ASN1_PKEY_CTRL_SET1_TLS_ENCPT:
         return EC_KEY_oct2key(EVP_PKEY_get0_EC_KEY(pkey), arg2, arg1, NULL);
diff --git a/deps/openssl/openssl/crypto/ec/ec_err.c b/deps/openssl/openssl/crypto/ec/ec_err.c
index 8f4911abec..ce34938232 100644
--- a/deps/openssl/openssl/crypto/ec/ec_err.c
+++ b/deps/openssl/openssl/crypto/ec/ec_err.c
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -66,6 +66,8 @@ static const ERR_STRING_DATA EC_str_functs[] = {
      "ec_asn1_group2fieldid"},
     {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY, 0),
      "ec_GF2m_montgomery_point_multiply"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_FIELD_INV, 0),
+     "ec_GF2m_simple_field_inv"},
     {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT, 0),
      "ec_GF2m_simple_group_check_discriminant"},
     {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE, 0),
@@ -90,6 +92,8 @@ static const ERR_STRING_DATA EC_str_functs[] = {
      "ec_GFp_mont_field_decode"},
     {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_MONT_FIELD_ENCODE, 0),
      "ec_GFp_mont_field_encode"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_MONT_FIELD_INV, 0),
+     "ec_GFp_mont_field_inv"},
     {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_MONT_FIELD_MUL, 0),
      "ec_GFp_mont_field_mul"},
     {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE, 0),
@@ -124,6 +128,8 @@ static const ERR_STRING_DATA EC_str_functs[] = {
      "ec_GFp_nist_group_set_curve"},
     {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES, 0),
      "ec_GFp_simple_blind_coordinates"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_FIELD_INV, 0),
+     "ec_GFp_simple_field_inv"},
     {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT, 0),
      "ec_GFp_simple_group_check_discriminant"},
     {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, 0),
@@ -287,6 +293,7 @@ static const ERR_STRING_DATA EC_str_reasons[] = {
     {ERR_PACK(ERR_LIB_EC, 0, EC_R_BAD_SIGNATURE), "bad signature"},
     {ERR_PACK(ERR_LIB_EC, 0, EC_R_BIGNUM_OUT_OF_RANGE), "bignum out of range"},
     {ERR_PACK(ERR_LIB_EC, 0, EC_R_BUFFER_TOO_SMALL), "buffer too small"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_CANNOT_INVERT), "cannot invert"},
     {ERR_PACK(ERR_LIB_EC, 0, EC_R_COORDINATES_OUT_OF_RANGE),
     "coordinates out of range"},
     {ERR_PACK(ERR_LIB_EC, 0, EC_R_CURVE_DOES_NOT_SUPPORT_ECDH),
diff --git a/deps/openssl/openssl/crypto/ec/ec_lcl.h b/deps/openssl/openssl/crypto/ec/ec_lcl.h
index e055ddab1c..119255f1dc 100644
--- a/deps/openssl/openssl/crypto/ec/ec_lcl.h
+++ b/deps/openssl/openssl/crypto/ec/ec_lcl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
@@ -15,7 +15,6 @@
 #include <openssl/bn.h>
 #include "internal/refcount.h"
 #include "internal/ec_int.h"
-#include "curve448/curve448_lcl.h"
 
 #if defined(__SUNPRO_C)
 # if __SUNPRO_C >= 0x520
@@ -154,6 +153,13 @@ struct ec_method_st {
     int (*field_sqr) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
     int (*field_div) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
                       const BIGNUM *b, BN_CTX *);
+    /*-
+     * 'field_inv' computes the multipicative inverse of a in the field,
+     * storing the result in r.
+     *
+     * If 'a' is zero (or equivalent), you'll get an EC_R_CANNOT_INVERT error.
+     */
+    int (*field_inv) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
     /* e.g. to Montgomery */
     int (*field_encode) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
                          BN_CTX *);
@@ -390,6 +396,8 @@ int ec_GFp_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
                             const BIGNUM *b, BN_CTX *);
 int ec_GFp_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
                             BN_CTX *);
+int ec_GFp_simple_field_inv(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                            BN_CTX *);
 int ec_GFp_simple_blind_coordinates(const EC_GROUP *group, EC_POINT *p,
                                     BN_CTX *ctx);
 int ec_GFp_simple_ladder_pre(const EC_GROUP *group,
@@ -413,6 +421,8 @@ int ec_GFp_mont_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
                           const BIGNUM *b, BN_CTX *);
 int ec_GFp_mont_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
                           BN_CTX *);
+int ec_GFp_mont_field_inv(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                          BN_CTX *);
 int ec_GFp_mont_field_encode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
                              BN_CTX *);
 int ec_GFp_mont_field_decode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
diff --git a/deps/openssl/openssl/crypto/ec/ecp_mont.c b/deps/openssl/openssl/crypto/ec/ecp_mont.c
index 36682e5cfb..252e66ef37 100644
--- a/deps/openssl/openssl/crypto/ec/ecp_mont.c
+++ b/deps/openssl/openssl/crypto/ec/ecp_mont.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
@@ -50,6 +50,7 @@ const EC_METHOD *EC_GFp_mont_method(void)
         ec_GFp_mont_field_mul,
         ec_GFp_mont_field_sqr,
         0 /* field_div */ ,
+        ec_GFp_mont_field_inv,
         ec_GFp_mont_field_encode,
         ec_GFp_mont_field_decode,
         ec_GFp_mont_field_set_to_one,
@@ -206,6 +207,54 @@ int ec_GFp_mont_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
     return BN_mod_mul_montgomery(r, a, a, group->field_data1, ctx);
 }
 
+/*-
+ * Computes the multiplicative inverse of a in GF(p), storing the result in r.
+ * If a is zero (or equivalent), you'll get a EC_R_CANNOT_INVERT error.
+ * We have a Mont structure, so SCA hardening is FLT inversion.
+ */
+int ec_GFp_mont_field_inv(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
+                            BN_CTX *ctx)
+{
+    BIGNUM *e = NULL;
+    BN_CTX *new_ctx = NULL;
+    int ret = 0;
+
+    if (group->field_data1 == NULL)
+        return 0;
+
+    if (ctx == NULL && (ctx = new_ctx = BN_CTX_secure_new()) == NULL)
+        return 0;
+
+    BN_CTX_start(ctx);
+    if ((e = BN_CTX_get(ctx)) == NULL)
+        goto err;
+
+    /* Inverse in constant time with Fermats Little Theorem */
+    if (!BN_set_word(e, 2))
+        goto err;
+    if (!BN_sub(e, group->field, e))
+        goto err;
+    /*-
+     * Exponent e is public.
+     * No need for scatter-gather or BN_FLG_CONSTTIME.
+     */
+    if (!BN_mod_exp_mont(r, a, e, group->field, ctx, group->field_data1))
+        goto err;
+
+    /* throw an error on zero */
+    if (BN_is_zero(r)) {
+        ECerr(EC_F_EC_GFP_MONT_FIELD_INV, EC_R_CANNOT_INVERT);
+        goto err;
+    }
+
+    ret = 1;
+
+  err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
 int ec_GFp_mont_field_encode(const EC_GROUP *group, BIGNUM *r,
                              const BIGNUM *a, BN_CTX *ctx)
 {
diff --git a/deps/openssl/openssl/crypto/ec/ecp_nist.c b/deps/openssl/openssl/crypto/ec/ecp_nist.c
index f53de1a163..5eaa99d840 100644
--- a/deps/openssl/openssl/crypto/ec/ecp_nist.c
+++ b/deps/openssl/openssl/crypto/ec/ecp_nist.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
@@ -52,6 +52,7 @@ const EC_METHOD *EC_GFp_nist_method(void)
         ec_GFp_nist_field_mul,
         ec_GFp_nist_field_sqr,
         0 /* field_div */ ,
+        ec_GFp_simple_field_inv,
         0 /* field_encode */ ,
         0 /* field_decode */ ,
         0,                      /* field_set_to_one */
diff --git a/deps/openssl/openssl/crypto/ec/ecp_nistp224.c b/deps/openssl/openssl/crypto/ec/ecp_nistp224.c
index 555bf307dd..025273a144 100644
--- a/deps/openssl/openssl/crypto/ec/ecp_nistp224.c
+++ b/deps/openssl/openssl/crypto/ec/ecp_nistp224.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2010-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -279,6 +279,7 @@ const EC_METHOD *EC_GFp_nistp224_method(void)
         ec_GFp_nist_field_mul,
         ec_GFp_nist_field_sqr,
         0 /* field_div */ ,
+        ec_GFp_simple_field_inv,
         0 /* field_encode */ ,
         0 /* field_decode */ ,
         0,                      /* field_set_to_one */
diff --git a/deps/openssl/openssl/crypto/ec/ecp_nistp256.c b/deps/openssl/openssl/crypto/ec/ecp_nistp256.c
index c87a5e548d..a21e5f78fc 100644
--- a/deps/openssl/openssl/crypto/ec/ecp_nistp256.c
+++ b/deps/openssl/openssl/crypto/ec/ecp_nistp256.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -1810,6 +1810,7 @@ const EC_METHOD *EC_GFp_nistp256_method(void)
         ec_GFp_nist_field_mul,
         ec_GFp_nist_field_sqr,
         0 /* field_div */ ,
+        ec_GFp_simple_field_inv,
         0 /* field_encode */ ,
         0 /* field_decode */ ,
         0,                      /* field_set_to_one */
diff --git a/deps/openssl/openssl/crypto/ec/ecp_nistp521.c b/deps/openssl/openssl/crypto/ec/ecp_nistp521.c
index 14f2feeb69..2f47772a34 100644
--- a/deps/openssl/openssl/crypto/ec/ecp_nistp521.c
+++ b/deps/openssl/openssl/crypto/ec/ecp_nistp521.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -1647,6 +1647,7 @@ const EC_METHOD *EC_GFp_nistp521_method(void)
         ec_GFp_nist_field_mul,
         ec_GFp_nist_field_sqr,
         0 /* field_div */ ,
+        ec_GFp_simple_field_inv,
         0 /* field_encode */ ,
         0 /* field_decode */ ,
         0,                      /* field_set_to_one */
diff --git a/deps/openssl/openssl/crypto/ec/ecp_nistz256.c b/deps/openssl/openssl/crypto/ec/ecp_nistz256.c
index b0564bdbd0..aea6394169 100644
--- a/deps/openssl/openssl/crypto/ec/ecp_nistz256.c
+++ b/deps/openssl/openssl/crypto/ec/ecp_nistz256.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2014-2019 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2014, Intel Corporation. All Rights Reserved.
  * Copyright (c) 2015, CloudFlare, Inc.
  *
@@ -1677,6 +1677,7 @@ const EC_METHOD *EC_GFp_nistz256_method(void)
         ec_GFp_mont_field_mul,
         ec_GFp_mont_field_sqr,
         0,                                          /* field_div */
+        ec_GFp_mont_field_inv,
         ec_GFp_mont_field_encode,
         ec_GFp_mont_field_decode,
         ec_GFp_mont_field_set_to_one,
diff --git a/deps/openssl/openssl/crypto/ec/ecp_smpl.c b/deps/openssl/openssl/crypto/ec/ecp_smpl.c
index d0c5557ff4..f6a6cedb0a 100644
--- a/deps/openssl/openssl/crypto/ec/ecp_smpl.c
+++ b/deps/openssl/openssl/crypto/ec/ecp_smpl.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
@@ -51,6 +51,7 @@ const EC_METHOD *EC_GFp_simple_method(void)
         ec_GFp_simple_field_mul,
         ec_GFp_simple_field_sqr,
         0 /* field_div */ ,
+        ec_GFp_simple_field_inv,
         0 /* field_encode */ ,
         0 /* field_decode */ ,
         0,                      /* field_set_to_one */
@@ -553,7 +554,7 @@ int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group,
             }
         }
     } else {
-        if (!BN_mod_inverse(Z_1, Z_, group->field, ctx)) {
+        if (!group->meth->field_inv(group, Z_1, Z_, ctx)) {
             ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES,
                   ERR_R_BN_LIB);
             goto err;
@@ -1266,7 +1267,7 @@ int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num,
      * points[i]->Z by its inverse.
      */
 
-    if (!BN_mod_inverse(tmp, prod_Z[num - 1], group->field, ctx)) {
+    if (!group->meth->field_inv(group, tmp, prod_Z[num - 1], ctx)) {
         ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB);
         goto err;
     }
@@ -1370,6 +1371,50 @@ int ec_GFp_simple_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
 }
 
 /*-
+ * Computes the multiplicative inverse of a in GF(p), storing the result in r.
+ * If a is zero (or equivalent), you'll get a EC_R_CANNOT_INVERT error.
+ * Since we don't have a Mont structure here, SCA hardening is with blinding.
+ */
+int ec_GFp_simple_field_inv(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
+                            BN_CTX *ctx)
+{
+    BIGNUM *e = NULL;
+    BN_CTX *new_ctx = NULL;
+    int ret = 0;
+
+    if (ctx == NULL && (ctx = new_ctx = BN_CTX_secure_new()) == NULL)
+        return 0;
+
+    BN_CTX_start(ctx);
+    if ((e = BN_CTX_get(ctx)) == NULL)
+        goto err;
+
+    do {
+        if (!BN_priv_rand_range(e, group->field))
+        goto err;
+    } while (BN_is_zero(e));
+
+    /* r := a * e */
+    if (!group->meth->field_mul(group, r, a, e, ctx))
+        goto err;
+    /* r := 1/(a * e) */
+    if (!BN_mod_inverse(r, r, group->field, ctx)) {
+        ECerr(EC_F_EC_GFP_SIMPLE_FIELD_INV, EC_R_CANNOT_INVERT);
+        goto err;
+    }
+    /* r := e/(a * e) = 1/a */
+    if (!group->meth->field_mul(group, r, r, e, ctx))
+        goto err;
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+/*-
  * Apply randomization of EC point projective coordinates:
  *
  *   (X, Y ,Z ) = (lambda^2*X, lambda^3*Y, lambda*Z)
diff --git a/deps/openssl/openssl/crypto/ec/ecx_meth.c b/deps/openssl/openssl/crypto/ec/ecx_meth.c
index b76bfdb6dc..e4cac99e2d 100644
--- a/deps/openssl/openssl/crypto/ec/ecx_meth.c
+++ b/deps/openssl/openssl/crypto/ec/ecx_meth.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -15,6 +15,7 @@
 #include "internal/asn1_int.h"
 #include "internal/evp_int.h"
 #include "ec_lcl.h"
+#include "curve448/curve448_lcl.h"
 
 #define X25519_BITS          253
 #define X25519_SECURITY_BITS 128
diff --git a/deps/openssl/openssl/crypto/engine/README b/deps/openssl/openssl/crypto/engine/README
index 0050b9e509..c7a5696ca1 100644
--- a/deps/openssl/openssl/crypto/engine/README
+++ b/deps/openssl/openssl/crypto/engine/README
@@ -26,7 +26,7 @@ algorithm/mode pair are;
      EVP_EncryptInit(&ctx, cipher, key, iv);
      [ ... use EVP_EncryptUpdate() and EVP_EncryptFinal() ...]
 
-(ii) indirectly; 
+(ii) indirectly;
      OpenSSL_add_all_ciphers();
      cipher = EVP_get_cipherbyname("des_cbc");
      EVP_EncryptInit(&ctx, cipher, key, iv);
diff --git a/deps/openssl/openssl/crypto/engine/eng_devcrypto.c b/deps/openssl/openssl/crypto/engine/eng_devcrypto.c
index 4a0ba09a38..717d7c2779 100644
--- a/deps/openssl/openssl/crypto/engine/eng_devcrypto.c
+++ b/deps/openssl/openssl/crypto/engine/eng_devcrypto.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -24,6 +24,8 @@
 
 #include "internal/engine.h"
 
+/* #define ENGINE_DEVCRYPTO_DEBUG */
+
 #ifdef CRYPTO_ALGORITHM_MIN
 # define CHECK_BSD_STYLE_MACROS
 #endif
@@ -35,6 +37,15 @@
  */
 static int cfd;
 
+static int clean_devcrypto_session(struct session_op *sess) {
+    if (ioctl(cfd, CIOCFSESSION, &sess->ses) < 0) {
+        SYSerr(SYS_F_IOCTL, errno);
+        return 0;
+    }
+    memset(sess, 0, sizeof(struct session_op));
+    return 1;
+}
+
 /******************************************************************************
  *
  * Ciphers
@@ -47,10 +58,12 @@ static int cfd;
 
 struct cipher_ctx {
     struct session_op sess;
-
-    /* to pass from init to do_cipher */
-    const unsigned char *iv;
     int op;                      /* COP_ENCRYPT or COP_DECRYPT */
+    unsigned long mode;          /* EVP_CIPH_*_MODE */
+
+    /* to handle ctr mode being a stream cipher */
+    unsigned char partial[EVP_MAX_BLOCK_LENGTH];
+    unsigned int blocksize, num;
 };
 
 static const struct cipher_data_st {
@@ -87,9 +100,9 @@ static const struct cipher_data_st {
     { NID_aes_256_xts, 16, 256 / 8 * 2, 16, EVP_CIPH_XTS_MODE, CRYPTO_AES_XTS },
 #endif
 #if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_AES_ECB)
-    { NID_aes_128_ecb, 16, 128 / 8, 16, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB },
-    { NID_aes_192_ecb, 16, 192 / 8, 16, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB },
-    { NID_aes_256_ecb, 16, 256 / 8, 16, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB },
+    { NID_aes_128_ecb, 16, 128 / 8, 0, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB },
+    { NID_aes_192_ecb, 16, 192 / 8, 0, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB },
+    { NID_aes_256_ecb, 16, 256 / 8, 0, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB },
 #endif
 #if 0                            /* Not yet supported */
     { NID_aes_128_gcm, 16, 128 / 8, 16, EVP_CIPH_GCM_MODE, CRYPTO_AES_GCM },
@@ -141,11 +154,17 @@ static int cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
     const struct cipher_data_st *cipher_d =
         get_cipher_data(EVP_CIPHER_CTX_nid(ctx));
 
-    memset(&cipher_ctx->sess, 0, sizeof(cipher_ctx->sess));
+    /* cleanup a previous session */
+    if (cipher_ctx->sess.ses != 0 &&
+        clean_devcrypto_session(&cipher_ctx->sess) == 0)
+        return 0;
+
     cipher_ctx->sess.cipher = cipher_d->devcryptoid;
     cipher_ctx->sess.keylen = cipher_d->keylen;
     cipher_ctx->sess.key = (void *)key;
     cipher_ctx->op = enc ? COP_ENCRYPT : COP_DECRYPT;
+    cipher_ctx->mode = cipher_d->flags & EVP_CIPH_MODE;
+    cipher_ctx->blocksize = cipher_d->blocksize;
     if (ioctl(cfd, CIOCGSESSION, &cipher_ctx->sess) < 0) {
         SYSerr(SYS_F_IOCTL, errno);
         return 0;
@@ -160,8 +179,11 @@ static int cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     struct cipher_ctx *cipher_ctx =
         (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
     struct crypt_op cryp;
+    unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);
 #if !defined(COP_FLAG_WRITE_IV)
     unsigned char saved_iv[EVP_MAX_IV_LENGTH];
+    const unsigned char *ivptr;
+    size_t nblocks, ivlen;
 #endif
 
     memset(&cryp, 0, sizeof(cryp));
@@ -169,19 +191,28 @@ static int cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     cryp.len = inl;
     cryp.src = (void *)in;
     cryp.dst = (void *)out;
-    cryp.iv = (void *)EVP_CIPHER_CTX_iv_noconst(ctx);
+    cryp.iv = (void *)iv;
     cryp.op = cipher_ctx->op;
 #if !defined(COP_FLAG_WRITE_IV)
     cryp.flags = 0;
 
-    if (EVP_CIPHER_CTX_iv_length(ctx) > 0) {
-        assert(inl >= EVP_CIPHER_CTX_iv_length(ctx));
-        if (!EVP_CIPHER_CTX_encrypting(ctx)) {
-            unsigned char *ivptr = in + inl - EVP_CIPHER_CTX_iv_length(ctx);
-
-            memcpy(saved_iv, ivptr, EVP_CIPHER_CTX_iv_length(ctx));
+    ivlen = EVP_CIPHER_CTX_iv_length(ctx);
+    if (ivlen > 0)
+        switch (cipher_ctx->mode) {
+        case EVP_CIPH_CBC_MODE:
+            assert(inl >= ivlen);
+            if (!EVP_CIPHER_CTX_encrypting(ctx)) {
+                ivptr = in + inl - ivlen;
+                memcpy(saved_iv, ivptr, ivlen);
+            }
+            break;
+
+        case EVP_CIPH_CTR_MODE:
+            break;
+
+        default: /* should not happen */
+            return 0;
         }
-    }
 #else
     cryp.flags = COP_FLAG_WRITE_IV;
 #endif
@@ -192,32 +223,113 @@ static int cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     }
 
 #if !defined(COP_FLAG_WRITE_IV)
-    if (EVP_CIPHER_CTX_iv_length(ctx) > 0) {
-        unsigned char *ivptr = saved_iv;
+    if (ivlen > 0)
+        switch (cipher_ctx->mode) {
+        case EVP_CIPH_CBC_MODE:
+            assert(inl >= ivlen);
+            if (EVP_CIPHER_CTX_encrypting(ctx))
+                ivptr = out + inl - ivlen;
+            else
+                ivptr = saved_iv;
+
+            memcpy(iv, ivptr, ivlen);
+            break;
+
+        case EVP_CIPH_CTR_MODE:
+            nblocks = (inl + cipher_ctx->blocksize - 1)
+                      / cipher_ctx->blocksize;
+            do {
+                ivlen--;
+                nblocks += iv[ivlen];
+                iv[ivlen] = (uint8_t) nblocks;
+                nblocks >>= 8;
+            } while (ivlen);
+            break;
+
+        default: /* should not happen */
+            return 0;
+        }
+#endif
+
+    return 1;
+}
 
-        assert(inl >= EVP_CIPHER_CTX_iv_length(ctx));
-        if (!EVP_CIPHER_CTX_encrypting(ctx))
-            ivptr = out + inl - EVP_CIPHER_CTX_iv_length(ctx);
+static int ctr_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                         const unsigned char *in, size_t inl)
+{
+    struct cipher_ctx *cipher_ctx =
+        (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
+    size_t nblocks, len;
 
-        memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), ivptr,
-               EVP_CIPHER_CTX_iv_length(ctx));
+    /* initial partial block */
+    while (cipher_ctx->num && inl) {
+        (*out++) = *(in++) ^ cipher_ctx->partial[cipher_ctx->num];
+        --inl;
+        cipher_ctx->num = (cipher_ctx->num + 1) % cipher_ctx->blocksize;
+    }
+
+    /* full blocks */
+    if (inl > (unsigned int) cipher_ctx->blocksize) {
+        nblocks = inl/cipher_ctx->blocksize;
+        len = nblocks * cipher_ctx->blocksize;
+        if (cipher_do_cipher(ctx, out, in, len) < 1)
+            return 0;
+        inl -= len;
+        out += len;
+        in += len;
+    }
+
+    /* final partial block */
+    if (inl) {
+        memset(cipher_ctx->partial, 0, cipher_ctx->blocksize);
+        if (cipher_do_cipher(ctx, cipher_ctx->partial, cipher_ctx->partial,
+            cipher_ctx->blocksize) < 1)
+            return 0;
+        while (inl--) {
+            out[cipher_ctx->num] = in[cipher_ctx->num]
+                                   ^ cipher_ctx->partial[cipher_ctx->num];
+            cipher_ctx->num++;
+        }
     }
-#endif
 
     return 1;
 }
 
-static int cipher_cleanup(EVP_CIPHER_CTX *ctx)
+static int cipher_ctrl(EVP_CIPHER_CTX *ctx, int type, int p1, void* p2)
 {
     struct cipher_ctx *cipher_ctx =
         (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
+    EVP_CIPHER_CTX *to_ctx = (EVP_CIPHER_CTX *)p2;
+    struct cipher_ctx *to_cipher_ctx;
+
+    switch (type) {
+    case EVP_CTRL_COPY:
+        if (cipher_ctx == NULL)
+            return 1;
+        /* when copying the context, a new session needs to be initialized */
+        to_cipher_ctx =
+            (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(to_ctx);
+        memset(&to_cipher_ctx->sess, 0, sizeof(to_cipher_ctx->sess));
+        return cipher_init(to_ctx, cipher_ctx->sess.key, EVP_CIPHER_CTX_iv(ctx),
+                           (cipher_ctx->op == COP_ENCRYPT));
+
+    case EVP_CTRL_INIT:
+        memset(&cipher_ctx->sess, 0, sizeof(cipher_ctx->sess));
+        return 1;
 
-    if (ioctl(cfd, CIOCFSESSION, &cipher_ctx->sess.ses) < 0) {
-        SYSerr(SYS_F_IOCTL, errno);
-        return 0;
+    default:
+        break;
     }
 
-    return 1;
+    return -1;
+}
+
+static int cipher_cleanup(EVP_CIPHER_CTX *ctx)
+{
+    struct cipher_ctx *cipher_ctx =
+        (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
+
+    return clean_devcrypto_session(&cipher_ctx->sess);
 }
 
 /*
@@ -233,6 +345,7 @@ static void prepare_cipher_methods(void)
 {
     size_t i;
     struct session_op sess;
+    unsigned long cipher_mode;
 
     memset(&sess, 0, sizeof(sess));
     sess.key = (void *)"01234567890123456789012345678901234567890123456789";
@@ -250,18 +363,26 @@ static void prepare_cipher_methods(void)
             || ioctl(cfd, CIOCFSESSION, &sess.ses) < 0)
             continue;
 
+        cipher_mode = cipher_data[i].flags & EVP_CIPH_MODE;
+
         if ((known_cipher_methods[i] =
                  EVP_CIPHER_meth_new(cipher_data[i].nid,
-                                     cipher_data[i].blocksize,
+                                     cipher_mode == EVP_CIPH_CTR_MODE ? 1 :
+                                                    cipher_data[i].blocksize,
                                      cipher_data[i].keylen)) == NULL
             || !EVP_CIPHER_meth_set_iv_length(known_cipher_methods[i],
                                               cipher_data[i].ivlen)
             || !EVP_CIPHER_meth_set_flags(known_cipher_methods[i],
                                           cipher_data[i].flags
+                                          | EVP_CIPH_CUSTOM_COPY
+                                          | EVP_CIPH_CTRL_INIT
                                           | EVP_CIPH_FLAG_DEFAULT_ASN1)
             || !EVP_CIPHER_meth_set_init(known_cipher_methods[i], cipher_init)
             || !EVP_CIPHER_meth_set_do_cipher(known_cipher_methods[i],
+                                     cipher_mode == EVP_CIPH_CTR_MODE ?
+                                              ctr_do_cipher :
                                               cipher_do_cipher)
+            || !EVP_CIPHER_meth_set_ctrl(known_cipher_methods[i], cipher_ctrl)
             || !EVP_CIPHER_meth_set_cleanup(known_cipher_methods[i],
                                             cipher_cleanup)
             || !EVP_CIPHER_meth_set_impl_ctx_size(known_cipher_methods[i],
@@ -338,34 +459,36 @@ static int devcrypto_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
 
 struct digest_ctx {
     struct session_op sess;
-    int init;
+    /* This signals that the init function was called, not that it succeeded. */
+    int init_called;
 };
 
 static const struct digest_data_st {
     int nid;
+    int blocksize;
     int digestlen;
     int devcryptoid;
 } digest_data[] = {
 #ifndef OPENSSL_NO_MD5
-    { NID_md5, 16, CRYPTO_MD5 },
+    { NID_md5, /* MD5_CBLOCK */ 64, 16, CRYPTO_MD5 },
 #endif
-    { NID_sha1, 20, CRYPTO_SHA1 },
+    { NID_sha1, SHA_CBLOCK, 20, CRYPTO_SHA1 },
 #ifndef OPENSSL_NO_RMD160
 # if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_RIPEMD160)
-    { NID_ripemd160, 20, CRYPTO_RIPEMD160 },
+    { NID_ripemd160, /* RIPEMD160_CBLOCK */ 64, 20, CRYPTO_RIPEMD160 },
 # endif
 #endif
 #if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_SHA2_224)
-    { NID_sha224, 224 / 8, CRYPTO_SHA2_224 },
+    { NID_sha224, SHA256_CBLOCK, 224 / 8, CRYPTO_SHA2_224 },
 #endif
 #if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_SHA2_256)
-    { NID_sha256, 256 / 8, CRYPTO_SHA2_256 },
+    { NID_sha256, SHA256_CBLOCK, 256 / 8, CRYPTO_SHA2_256 },
 #endif
 #if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_SHA2_384)
-    { NID_sha384, 384 / 8, CRYPTO_SHA2_384 },
+    { NID_sha384, SHA512_CBLOCK, 384 / 8, CRYPTO_SHA2_384 },
 #endif
 #if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_SHA2_512)
-    { NID_sha512, 512 / 8, CRYPTO_SHA2_512 },
+    { NID_sha512, SHA512_CBLOCK, 512 / 8, CRYPTO_SHA2_512 },
 #endif
 };
 
@@ -403,7 +526,7 @@ static int digest_init(EVP_MD_CTX *ctx)
     const struct digest_data_st *digest_d =
         get_digest_data(EVP_MD_CTX_type(ctx));
 
-    digest_ctx->init = 1;
+    digest_ctx->init_called = 1;
 
     memset(&digest_ctx->sess, 0, sizeof(digest_ctx->sess));
     digest_ctx->sess.mac = digest_d->devcryptoid;
@@ -438,6 +561,9 @@ static int digest_update(EVP_MD_CTX *ctx, const void *data, size_t count)
     if (count == 0)
         return 1;
 
+    if (digest_ctx == NULL)
+        return 0;
+
     if (digest_op(digest_ctx, data, count, NULL, COP_FLAG_UPDATE) < 0) {
         SYSerr(SYS_F_IOCTL, errno);
         return 0;
@@ -451,11 +577,9 @@ static int digest_final(EVP_MD_CTX *ctx, unsigned char *md)
     struct digest_ctx *digest_ctx =
         (struct digest_ctx *)EVP_MD_CTX_md_data(ctx);
 
-    if (digest_op(digest_ctx, NULL, 0, md, COP_FLAG_FINAL) < 0) {
-        SYSerr(SYS_F_IOCTL, errno);
+    if (md == NULL || digest_ctx == NULL)
         return 0;
-    }
-    if (ioctl(cfd, CIOCFSESSION, &digest_ctx->sess.ses) < 0) {
+    if (digest_op(digest_ctx, NULL, 0, md, COP_FLAG_FINAL) < 0) {
         SYSerr(SYS_F_IOCTL, errno);
         return 0;
     }
@@ -471,14 +595,9 @@ static int digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
         (struct digest_ctx *)EVP_MD_CTX_md_data(to);
     struct cphash_op cphash;
 
-    if (digest_from == NULL)
+    if (digest_from == NULL || digest_from->init_called != 1)
         return 1;
 
-    if (digest_from->init != 1) {
-        SYSerr(SYS_F_IOCTL, EINVAL);
-        return 0;
-    }
-
     if (!digest_init(to)) {
         SYSerr(SYS_F_IOCTL, errno);
         return 0;
@@ -495,7 +614,37 @@ static int digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
 
 static int digest_cleanup(EVP_MD_CTX *ctx)
 {
-    return 1;
+    struct digest_ctx *digest_ctx =
+        (struct digest_ctx *)EVP_MD_CTX_md_data(ctx);
+
+    if (digest_ctx == NULL)
+        return 1;
+
+    return clean_devcrypto_session(&digest_ctx->sess);
+}
+
+static int devcrypto_test_digest(size_t digest_data_index)
+{
+    struct session_op sess1, sess2;
+    struct cphash_op cphash;
+    int ret=0;
+
+    memset(&sess1, 0, sizeof(sess1));
+    memset(&sess2, 0, sizeof(sess2));
+    sess1.mac = digest_data[digest_data_index].devcryptoid;
+    if (ioctl(cfd, CIOCGSESSION, &sess1) < 0)
+        return 0;
+    /* Make sure the driver is capable of hash state copy */
+    sess2.mac = sess1.mac;
+    if (ioctl(cfd, CIOCGSESSION, &sess2) >= 0) {
+        cphash.src_ses = sess1.ses;
+        cphash.dst_ses = sess2.ses;
+        if (ioctl(cfd, CIOCCPHASH, &cphash) >= 0)
+            ret = 1;
+        ioctl(cfd, CIOCFSESSION, &sess2.ses);
+    }
+    ioctl(cfd, CIOCFSESSION, &sess1.ses);
+    return ret;
 }
 
 /*
@@ -510,24 +659,20 @@ static EVP_MD *known_digest_methods[OSSL_NELEM(digest_data)] = { NULL, };
 static void prepare_digest_methods(void)
 {
     size_t i;
-    struct session_op sess;
-
-    memset(&sess, 0, sizeof(sess));
 
     for (i = 0, known_digest_nids_amount = 0; i < OSSL_NELEM(digest_data);
          i++) {
 
         /*
-         * Check that the algo is really availably by trying to open and close
-         * a session.
+         * Check that the algo is usable
          */
-        sess.mac = digest_data[i].devcryptoid;
-        if (ioctl(cfd, CIOCGSESSION, &sess) < 0
-            || ioctl(cfd, CIOCFSESSION, &sess.ses) < 0)
+        if (!devcrypto_test_digest(i))
             continue;
 
         if ((known_digest_methods[i] = EVP_MD_meth_new(digest_data[i].nid,
                                                        NID_undef)) == NULL
+            || !EVP_MD_meth_set_input_blocksize(known_digest_methods[i],
+                                                digest_data[i].blocksize)
             || !EVP_MD_meth_set_result_size(known_digest_methods[i],
                                             digest_data[i].digestlen)
             || !EVP_MD_meth_set_init(known_digest_methods[i], digest_init)
@@ -615,15 +760,13 @@ void engine_load_devcrypto_int()
     ENGINE *e = NULL;
 
     if ((cfd = open("/dev/crypto", O_RDWR, 0)) < 0) {
-        fprintf(stderr, "Could not open /dev/crypto: %s\n", strerror(errno));
+#ifndef ENGINE_DEVCRYPTO_DEBUG
+        if (errno != ENOENT)
+#endif
+            fprintf(stderr, "Could not open /dev/crypto: %s\n", strerror(errno));
         return;
     }
 
-    prepare_cipher_methods();
-#ifdef IMPLEMENT_DIGEST
-    prepare_digest_methods();
-#endif
-
     if ((e = ENGINE_new()) == NULL
         || !ENGINE_set_destroy_function(e, devcrypto_unload)) {
         ENGINE_free(e);
@@ -636,6 +779,11 @@ void engine_load_devcrypto_int()
         return;
     }
 
+    prepare_cipher_methods();
+#ifdef IMPLEMENT_DIGEST
+    prepare_digest_methods();
+#endif
+
     if (!ENGINE_set_id(e, "devcrypto")
         || !ENGINE_set_name(e, "/dev/crypto engine")
 
diff --git a/deps/openssl/openssl/crypto/engine/eng_lib.c b/deps/openssl/openssl/crypto/engine/eng_lib.c
index 3ef3aae28a..d7f2026fac 100644
--- a/deps/openssl/openssl/crypto/engine/eng_lib.c
+++ b/deps/openssl/openssl/crypto/engine/eng_lib.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -124,7 +124,7 @@ static int int_cleanup_check(int create)
 static ENGINE_CLEANUP_ITEM *int_cleanup_item(ENGINE_CLEANUP_CB *cb)
 {
     ENGINE_CLEANUP_ITEM *item;
-    
+
     if ((item = OPENSSL_malloc(sizeof(*item))) == NULL) {
         ENGINEerr(ENGINE_F_INT_CLEANUP_ITEM, ERR_R_MALLOC_FAILURE);
         return NULL;
diff --git a/deps/openssl/openssl/crypto/err/err.c b/deps/openssl/openssl/crypto/err/err.c
index 03cbd738e1..c737b2a9c3 100644
--- a/deps/openssl/openssl/crypto/err/err.c
+++ b/deps/openssl/openssl/crypto/err/err.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -19,6 +19,9 @@
 #include <openssl/bio.h>
 #include <openssl/opensslconf.h>
 #include "internal/thread_once.h"
+#include "internal/ctype.h"
+#include "internal/constant_time_locl.h"
+#include "e_os.h"
 
 static int err_load_strings(const ERR_STRING_DATA *str);
 
@@ -181,8 +184,9 @@ static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *d)
 }
 
 #ifndef OPENSSL_NO_ERR
+/* A measurement on Linux 2018-11-21 showed about 3.5kib */
+# define SPACE_SYS_STR_REASONS 4 * 1024
 # define NUM_SYS_STR_REASONS 127
-# define LEN_SYS_STR_REASON 32
 
 static ERR_STRING_DATA SYS_str_reasons[NUM_SYS_STR_REASONS + 1];
 /*
@@ -198,9 +202,12 @@ static ERR_STRING_DATA SYS_str_reasons[NUM_SYS_STR_REASONS + 1];
 static void build_SYS_str_reasons(void)
 {
     /* OPENSSL_malloc cannot be used here, use static storage instead */
-    static char strerror_tab[NUM_SYS_STR_REASONS][LEN_SYS_STR_REASON];
+    static char strerror_pool[SPACE_SYS_STR_REASONS];
+    char *cur = strerror_pool;
+    size_t cnt = 0;
     static int init = 1;
     int i;
+    int saveerrno = get_last_sys_error();
 
     CRYPTO_THREAD_write_lock(err_string_lock);
     if (!init) {
@@ -213,9 +220,26 @@ static void build_SYS_str_reasons(void)
 
         str->error = ERR_PACK(ERR_LIB_SYS, 0, i);
         if (str->string == NULL) {
-            char (*dest)[LEN_SYS_STR_REASON] = &(strerror_tab[i - 1]);
-            if (openssl_strerror_r(i, *dest, sizeof(*dest)))
-                str->string = *dest;
+            if (openssl_strerror_r(i, cur, sizeof(strerror_pool) - cnt)) {
+                size_t l = strlen(cur);
+
+                str->string = cur;
+                cnt += l;
+                if (cnt > sizeof(strerror_pool))
+                    cnt = sizeof(strerror_pool);
+                cur += l;
+
+                /*
+                 * VMS has an unusual quirk of adding spaces at the end of
+                 * some (most? all?) messages.  Lets trim them off.
+                 */
+                while (ossl_isspace(cur[-1])) {
+                    cur--;
+                    cnt--;
+                }
+                *cur++ = '\0';
+                cnt++;
+            }
         }
         if (str->string == NULL)
             str->string = "unknown";
@@ -229,6 +253,8 @@ static void build_SYS_str_reasons(void)
     init = 0;
 
     CRYPTO_THREAD_unlock(err_string_lock);
+    /* openssl_strerror_r could change errno, but we want to preserve it */
+    set_sys_error(saveerrno);
     err_load_strings(SYS_str_reasons);
 }
 #endif
@@ -671,6 +697,7 @@ DEFINE_RUN_ONCE_STATIC(err_do_init)
 ERR_STATE *ERR_get_state(void)
 {
     ERR_STATE *state;
+    int saveerrno = get_last_sys_error();
 
     if (!OPENSSL_init_crypto(OPENSSL_INIT_BASE_ONLY, NULL))
         return NULL;
@@ -702,6 +729,7 @@ ERR_STATE *ERR_get_state(void)
         OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
     }
 
+    set_sys_error(saveerrno);
     return state;
 }
 
@@ -711,6 +739,20 @@ ERR_STATE *ERR_get_state(void)
  */
 int err_shelve_state(void **state)
 {
+    int saveerrno = get_last_sys_error();
+
+    /*
+     * Note, at present our only caller is OPENSSL_init_crypto(), indirectly
+     * via ossl_init_load_crypto_nodelete(), by which point the requested
+     * "base" initialization has already been performed, so the below call is a
+     * NOOP, that re-enters OPENSSL_init_crypto() only to quickly return.
+     *
+     * If are no other valid callers of this function, the call below can be
+     * removed, avoiding the re-entry into OPENSSL_init_crypto().  If there are
+     * potential uses that are not from inside OPENSSL_init_crypto(), then this
+     * call is needed, but some care is required to make sure that the re-entry
+     * remains a NOOP.
+     */
     if (!OPENSSL_init_crypto(OPENSSL_INIT_BASE_ONLY, NULL))
         return 0;
 
@@ -721,6 +763,7 @@ int err_shelve_state(void **state)
     if (!CRYPTO_THREAD_set_local(&err_thread_local, (ERR_STATE*)-1))
         return 0;
 
+    set_sys_error(saveerrno);
     return 1;
 }
 
@@ -747,20 +790,31 @@ int ERR_get_next_error_library(void)
     return ret;
 }
 
-void ERR_set_error_data(char *data, int flags)
+static int err_set_error_data_int(char *data, int flags)
 {
     ERR_STATE *es;
     int i;
 
     es = ERR_get_state();
     if (es == NULL)
-        return;
+        return 0;
 
     i = es->top;
 
     err_clear_data(es, i);
     es->err_data[i] = data;
     es->err_data_flags[i] = flags;
+
+    return 1;
+}
+
+void ERR_set_error_data(char *data, int flags)
+{
+    /*
+     * This function is void so we cannot propagate the error return. Since it
+     * is also in the public API we can't change the return type.
+     */
+    err_set_error_data_int(data, flags);
 }
 
 void ERR_add_error_data(int num, ...)
@@ -800,7 +854,8 @@ void ERR_add_error_vdata(int num, va_list args)
         }
         OPENSSL_strlcat(str, a, (size_t)s + 1);
     }
-    ERR_set_error_data(str, ERR_TXT_MALLOCED | ERR_TXT_STRING);
+    if (!err_set_error_data_int(str, ERR_TXT_MALLOCED | ERR_TXT_STRING))
+        OPENSSL_free(str);
 }
 
 int ERR_set_mark(void)
@@ -857,3 +912,42 @@ int ERR_clear_last_mark(void)
     es->err_flags[top] &= ~ERR_FLAG_MARK;
     return 1;
 }
+
+#ifdef UINTPTR_T
+# undef UINTPTR_T
+#endif
+/*
+ * uintptr_t is the answer, but unfortunately C89, current "least common
+ * denominator" doesn't define it. Most legacy platforms typedef it anyway,
+ * so that attempt to fill the gaps means that one would have to identify
+ * that track these gaps, which would be undesirable. Macro it is...
+ */
+#if defined(__VMS) && __INITIAL_POINTER_SIZE==64
+/*
+ * But we can't use size_t on VMS, because it adheres to sizeof(size_t)==4
+ * even in 64-bit builds, which means that it won't work as mask.
+ */
+# define UINTPTR_T unsigned long long
+#else
+# define UINTPTR_T size_t
+#endif
+
+void err_clear_last_constant_time(int clear)
+{
+    ERR_STATE *es;
+    int top;
+
+    es = ERR_get_state();
+    if (es == NULL)
+        return;
+
+    top = es->top;
+
+    es->err_flags[top] &= ~(0 - clear);
+    es->err_buffer[top] &= ~(0UL - clear);
+    es->err_file[top] = (const char *)((UINTPTR_T)es->err_file[top] &
+                                       ~((UINTPTR_T)0 - clear));
+    es->err_line[top] |= 0 - clear;
+
+    es->top = (top + ERR_NUM_ERRORS - clear) % ERR_NUM_ERRORS;
+}
diff --git a/deps/openssl/openssl/crypto/err/openssl.txt b/deps/openssl/openssl/crypto/err/openssl.txt
index 5003d8735a..feff1dccde 100644
--- a/deps/openssl/openssl/crypto/err/openssl.txt
+++ b/deps/openssl/openssl/crypto/err/openssl.txt
@@ -1,4 +1,4 @@
-# Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -519,6 +519,7 @@ EC_F_ECX_PUB_ENCODE:268:ecx_pub_encode
 EC_F_EC_ASN1_GROUP2CURVE:153:ec_asn1_group2curve
 EC_F_EC_ASN1_GROUP2FIELDID:154:ec_asn1_group2fieldid
 EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY:208:ec_GF2m_montgomery_point_multiply
+EC_F_EC_GF2M_SIMPLE_FIELD_INV:296:ec_GF2m_simple_field_inv
 EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT:159:\
 	ec_GF2m_simple_group_check_discriminant
 EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE:195:ec_GF2m_simple_group_set_curve
@@ -535,6 +536,7 @@ EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES:164:\
 	ec_GF2m_simple_set_compressed_coordinates
 EC_F_EC_GFP_MONT_FIELD_DECODE:133:ec_GFp_mont_field_decode
 EC_F_EC_GFP_MONT_FIELD_ENCODE:134:ec_GFp_mont_field_encode
+EC_F_EC_GFP_MONT_FIELD_INV:297:ec_GFp_mont_field_inv
 EC_F_EC_GFP_MONT_FIELD_MUL:131:ec_GFp_mont_field_mul
 EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE:209:ec_GFp_mont_field_set_to_one
 EC_F_EC_GFP_MONT_FIELD_SQR:132:ec_GFp_mont_field_sqr
@@ -555,6 +557,7 @@ EC_F_EC_GFP_NIST_FIELD_MUL:200:ec_GFp_nist_field_mul
 EC_F_EC_GFP_NIST_FIELD_SQR:201:ec_GFp_nist_field_sqr
 EC_F_EC_GFP_NIST_GROUP_SET_CURVE:202:ec_GFp_nist_group_set_curve
 EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES:287:ec_GFp_simple_blind_coordinates
+EC_F_EC_GFP_SIMPLE_FIELD_INV:298:ec_GFp_simple_field_inv
 EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT:165:\
 	ec_GFp_simple_group_check_discriminant
 EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE:166:ec_GFp_simple_group_set_curve
@@ -737,6 +740,7 @@ EVP_F_EVP_DECRYPTFINAL_EX:101:EVP_DecryptFinal_ex
 EVP_F_EVP_DECRYPTUPDATE:166:EVP_DecryptUpdate
 EVP_F_EVP_DIGESTFINALXOF:174:EVP_DigestFinalXOF
 EVP_F_EVP_DIGESTINIT_EX:128:EVP_DigestInit_ex
+EVP_F_EVP_ENCRYPTDECRYPTUPDATE:219:evp_EncryptDecryptUpdate
 EVP_F_EVP_ENCRYPTFINAL_EX:127:EVP_EncryptFinal_ex
 EVP_F_EVP_ENCRYPTUPDATE:167:EVP_EncryptUpdate
 EVP_F_EVP_MD_CTX_COPY_EX:110:EVP_MD_CTX_copy_ex
@@ -2115,6 +2119,7 @@ EC_R_ASN1_ERROR:115:asn1 error
 EC_R_BAD_SIGNATURE:156:bad signature
 EC_R_BIGNUM_OUT_OF_RANGE:144:bignum out of range
 EC_R_BUFFER_TOO_SMALL:100:buffer too small
+EC_R_CANNOT_INVERT:165:cannot invert
 EC_R_COORDINATES_OUT_OF_RANGE:146:coordinates out of range
 EC_R_CURVE_DOES_NOT_SUPPORT_ECDH:160:curve does not support ecdh
 EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING:159:curve does not support signing
@@ -2722,6 +2727,8 @@ SSL_R_MISSING_SRP_PARAM:358:can't find SRP server param
 SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION:209:missing supported groups extension
 SSL_R_MISSING_TMP_DH_KEY:171:missing tmp dh key
 SSL_R_MISSING_TMP_ECDH_KEY:311:missing tmp ecdh key
+SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA:293:\
+	mixed handshake and non handshake data
 SSL_R_NOT_ON_RECORD_BOUNDARY:182:not on record boundary
 SSL_R_NOT_REPLACING_CERTIFICATE:289:not replacing certificate
 SSL_R_NOT_SERVER:284:not server
diff --git a/deps/openssl/openssl/crypto/evp/evp_enc.c b/deps/openssl/openssl/crypto/evp/evp_enc.c
index 38633410cd..05dd791b6c 100644
--- a/deps/openssl/openssl/crypto/evp/evp_enc.c
+++ b/deps/openssl/openssl/crypto/evp/evp_enc.c
@@ -294,8 +294,9 @@ int is_partially_overlapping(const void *ptr1, const void *ptr2, int len)
     return overlapped;
 }
 
-int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
-                      const unsigned char *in, int inl)
+static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx,
+                                    unsigned char *out, int *outl,
+                                    const unsigned char *in, int inl)
 {
     int i, j, bl, cmpl = inl;
 
@@ -307,7 +308,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
     if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
         /* If block size > 1 then the cipher will have to do this check */
         if (bl == 1 && is_partially_overlapping(out, in, cmpl)) {
-            EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
+            EVPerr(EVP_F_EVP_ENCRYPTDECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
             return 0;
         }
 
@@ -324,7 +325,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
         return inl == 0;
     }
     if (is_partially_overlapping(out + ctx->buf_len, in, cmpl)) {
-        EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
+        EVPerr(EVP_F_EVP_ENCRYPTDECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
         return 0;
     }
 
@@ -371,6 +372,19 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
     return 1;
 }
 
+
+int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
+                      const unsigned char *in, int inl)
+{
+    /* Prevent accidental use of decryption context when encrypting */
+    if (!ctx->encrypt) {
+        EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_INVALID_OPERATION);
+        return 0;
+    }
+
+    return evp_EncryptDecryptUpdate(ctx, out, outl, in, inl);
+}
+
 int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 {
     int ret;
@@ -383,6 +397,12 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
     int n, ret;
     unsigned int i, b, bl;
 
+    /* Prevent accidental use of decryption context when encrypting */
+    if (!ctx->encrypt) {
+        EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX, EVP_R_INVALID_OPERATION);
+        return 0;
+    }
+
     if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
         ret = ctx->cipher->do_cipher(ctx, out, NULL, 0);
         if (ret < 0)
@@ -426,6 +446,12 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
     int fix_len, cmpl = inl;
     unsigned int b;
 
+    /* Prevent accidental use of encryption context when decrypting */
+    if (ctx->encrypt) {
+        EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_INVALID_OPERATION);
+        return 0;
+    }
+
     b = ctx->cipher->block_size;
 
     if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
@@ -452,7 +478,7 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
     }
 
     if (ctx->flags & EVP_CIPH_NO_PADDING)
-        return EVP_EncryptUpdate(ctx, out, outl, in, inl);
+        return evp_EncryptDecryptUpdate(ctx, out, outl, in, inl);
 
     OPENSSL_assert(b <= sizeof(ctx->final));
 
@@ -469,7 +495,7 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
     } else
         fix_len = 0;
 
-    if (!EVP_EncryptUpdate(ctx, out, outl, in, inl))
+    if (!evp_EncryptDecryptUpdate(ctx, out, outl, in, inl))
         return 0;
 
     /*
@@ -500,6 +526,13 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 {
     int i, n;
     unsigned int b;
+
+    /* Prevent accidental use of encryption context when decrypting */
+    if (ctx->encrypt) {
+        EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_INVALID_OPERATION);
+        return 0;
+    }
+
     *outl = 0;
 
     if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
diff --git a/deps/openssl/openssl/crypto/evp/evp_err.c b/deps/openssl/openssl/crypto/evp/evp_err.c
index 3e14a7b509..60df27cbc2 100644
--- a/deps/openssl/openssl/crypto/evp/evp_err.c
+++ b/deps/openssl/openssl/crypto/evp/evp_err.c
@@ -50,6 +50,8 @@ static const ERR_STRING_DATA EVP_str_functs[] = {
     {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DECRYPTUPDATE, 0), "EVP_DecryptUpdate"},
     {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DIGESTFINALXOF, 0), "EVP_DigestFinalXOF"},
     {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DIGESTINIT_EX, 0), "EVP_DigestInit_ex"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_ENCRYPTDECRYPTUPDATE, 0),
+     "evp_EncryptDecryptUpdate"},
     {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_ENCRYPTFINAL_EX, 0),
      "EVP_EncryptFinal_ex"},
     {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_ENCRYPTUPDATE, 0), "EVP_EncryptUpdate"},
diff --git a/deps/openssl/openssl/crypto/evp/p_lib.c b/deps/openssl/openssl/crypto/evp/p_lib.c
index 9429be97e3..148df90f84 100644
--- a/deps/openssl/openssl/crypto/evp/p_lib.c
+++ b/deps/openssl/openssl/crypto/evp/p_lib.c
@@ -42,7 +42,7 @@ int EVP_PKEY_security_bits(const EVP_PKEY *pkey)
     return pkey->ameth->pkey_security_bits(pkey);
 }
 
-int EVP_PKEY_size(EVP_PKEY *pkey)
+int EVP_PKEY_size(const EVP_PKEY *pkey)
 {
     if (pkey && pkey->ameth && pkey->ameth->pkey_size)
         return pkey->ameth->pkey_size(pkey);
diff --git a/deps/openssl/openssl/crypto/include/internal/bn_conf.h b/deps/openssl/openssl/crypto/include/internal/bn_conf.h
deleted file mode 100644
index 79400c6472..0000000000
--- a/deps/openssl/openssl/crypto/include/internal/bn_conf.h
+++ /dev/null
@@ -1 +0,0 @@
-#include "../../../config/bn_conf.h"
diff --git a/deps/openssl/openssl/crypto/include/internal/bn_int.h b/deps/openssl/openssl/crypto/include/internal/bn_int.h
index cffe5cfc16..30be7efe14 100644
--- a/deps/openssl/openssl/crypto/include/internal/bn_int.h
+++ b/deps/openssl/openssl/crypto/include/internal/bn_int.h
@@ -65,7 +65,10 @@ int bn_set_words(BIGNUM *a, const BN_ULONG *words, int num_words);
  * is customarily arranged by bn_correct_top. Output from below functions
  * is not processed with bn_correct_top, and for this reason it may not be
  * returned out of public API. It may only be passed internally into other
- * functions known to support non-minimal or zero-padded BIGNUMs.
+ * functions known to support non-minimal or zero-padded BIGNUMs. Even
+ * though the goal is to facilitate constant-time-ness, not each subroutine
+ * is constant-time by itself. They all have pre-conditions, consult source
+ * code...
  */
 int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
                           BN_MONT_CTX *mont, BN_CTX *ctx);
@@ -79,5 +82,9 @@ int bn_mod_sub_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
                          const BIGNUM *m);
 int bn_mul_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
 int bn_sqr_fixed_top(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx);
+int bn_lshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n);
+int bn_rshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n);
+int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
+                     const BIGNUM *d, BN_CTX *ctx);
 
 #endif
diff --git a/deps/openssl/openssl/crypto/include/internal/dso_conf.h b/deps/openssl/openssl/crypto/include/internal/dso_conf.h
deleted file mode 100644
index e7f2afa987..0000000000
--- a/deps/openssl/openssl/crypto/include/internal/dso_conf.h
+++ /dev/null
@@ -1 +0,0 @@
-#include "../../../config/dso_conf.h"
diff --git a/deps/openssl/openssl/crypto/init.c b/deps/openssl/openssl/crypto/init.c
index 209d1a483d..b9a7334a7e 100644
--- a/deps/openssl/openssl/crypto/init.c
+++ b/deps/openssl/openssl/crypto/init.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -100,10 +100,6 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_base)
         return 0;
     if ((init_lock = CRYPTO_THREAD_lock_new()) == NULL)
         goto err;
-#ifndef OPENSSL_SYS_UEFI
-    if (atexit(OPENSSL_cleanup) != 0)
-        goto err;
-#endif
     OPENSSL_cpuid_setup();
 
     destructor_key.value = key;
@@ -121,13 +117,53 @@ err:
     return 0;
 }
 
+static CRYPTO_ONCE register_atexit = CRYPTO_ONCE_STATIC_INIT;
+#if !defined(OPENSSL_SYS_UEFI) && defined(_WIN32)
+static int win32atexit(void)
+{
+    OPENSSL_cleanup();
+    return 0;
+}
+#endif
+
+DEFINE_RUN_ONCE_STATIC(ossl_init_register_atexit)
+{
+#ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_register_atexit()\n");
+#endif
+#ifndef OPENSSL_SYS_UEFI
+# ifdef _WIN32
+    /* We use _onexit() in preference because it gets called on DLL unload */
+    if (_onexit(win32atexit) == NULL)
+        return 0;
+# else
+    if (atexit(OPENSSL_cleanup) != 0)
+        return 0;
+# endif
+#endif
+
+    return 1;
+}
+
+DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_register_atexit,
+                           ossl_init_register_atexit)
+{
+#ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_no_register_atexit ok!\n");
+#endif
+    /* Do nothing in this case */
+    return 1;
+}
+
 static CRYPTO_ONCE load_crypto_nodelete = CRYPTO_ONCE_STATIC_INIT;
 DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_nodelete)
 {
 #ifdef OPENSSL_INIT_DEBUG
     fprintf(stderr, "OPENSSL_INIT: ossl_init_load_crypto_nodelete()\n");
 #endif
-#if !defined(OPENSSL_NO_DSO) && !defined(OPENSSL_USE_NODELETE)
+#if !defined(OPENSSL_NO_DSO) \
+    && !defined(OPENSSL_USE_NODELETE) \
+    && !defined(OPENSSL_NO_PINSHARED)
 # ifdef DSO_WIN32
     {
         HMODULE handle = NULL;
@@ -177,12 +213,6 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_nodelete)
 
 static CRYPTO_ONCE load_crypto_strings = CRYPTO_ONCE_STATIC_INIT;
 static int load_crypto_strings_inited = 0;
-DEFINE_RUN_ONCE_STATIC(ossl_init_no_load_crypto_strings)
-{
-    /* Do nothing in this case */
-    return 1;
-}
-
 DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_strings)
 {
     int ret = 1;
@@ -201,6 +231,13 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_strings)
     return ret;
 }
 
+DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_load_crypto_strings,
+                           ossl_init_load_crypto_strings)
+{
+    /* Do nothing in this case */
+    return 1;
+}
+
 static CRYPTO_ONCE add_all_ciphers = CRYPTO_ONCE_STATIC_INIT;
 DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_ciphers)
 {
@@ -218,6 +255,13 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_ciphers)
     return 1;
 }
 
+DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_add_all_ciphers,
+                           ossl_init_add_all_ciphers)
+{
+    /* Do nothing */
+    return 1;
+}
+
 static CRYPTO_ONCE add_all_digests = CRYPTO_ONCE_STATIC_INIT;
 DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_digests)
 {
@@ -235,7 +279,8 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_digests)
     return 1;
 }
 
-DEFINE_RUN_ONCE_STATIC(ossl_init_no_add_algs)
+DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_add_all_digests,
+                           ossl_init_add_all_digests)
 {
     /* Do nothing */
     return 1;
@@ -243,19 +288,14 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_no_add_algs)
 
 static CRYPTO_ONCE config = CRYPTO_ONCE_STATIC_INIT;
 static int config_inited = 0;
-static const char *appname;
+static const OPENSSL_INIT_SETTINGS *conf_settings = NULL;
 DEFINE_RUN_ONCE_STATIC(ossl_init_config)
 {
-#ifdef OPENSSL_INIT_DEBUG
-    fprintf(stderr,
-            "OPENSSL_INIT: ossl_init_config: openssl_config(%s)\n",
-            appname == NULL ? "NULL" : appname);
-#endif
-    openssl_config_int(appname);
+    int ret = openssl_config_int(conf_settings);
     config_inited = 1;
-    return 1;
+    return ret;
 }
-DEFINE_RUN_ONCE_STATIC(ossl_init_no_config)
+DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_config, ossl_init_config)
 {
 #ifdef OPENSSL_INIT_DEBUG
     fprintf(stderr,
@@ -586,17 +626,43 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
         return 0;
     }
 
+    /*
+     * When the caller specifies OPENSSL_INIT_BASE_ONLY, that should be the
+     * *only* option specified.  With that option we return immediately after
+     * doing the requested limited initialization.  Note that
+     * err_shelve_state() called by us via ossl_init_load_crypto_nodelete()
+     * re-enters OPENSSL_init_crypto() with OPENSSL_INIT_BASE_ONLY, but with
+     * base already initialized this is a harmless NOOP.
+     *
+     * If we remain the only caller of err_shelve_state() the recursion should
+     * perhaps be removed, but if in doubt, it can be left in place.
+     */
     if (!RUN_ONCE(&base, ossl_init_base))
         return 0;
+    if (opts & OPENSSL_INIT_BASE_ONLY)
+        return 1;
+
+    /*
+     * Now we don't always set up exit handlers, the INIT_BASE_ONLY calls
+     * should not have the side-effect of setting up exit handlers, and
+     * therefore, this code block is below the INIT_BASE_ONLY-conditioned early
+     * return above.
+     */
+    if ((opts & OPENSSL_INIT_NO_ATEXIT) != 0) {
+        if (!RUN_ONCE_ALT(&register_atexit, ossl_init_no_register_atexit,
+                          ossl_init_register_atexit))
+            return 0;
+    } else if (!RUN_ONCE(&register_atexit, ossl_init_register_atexit)) {
+        return 0;
+    }
 
-    if (!(opts & OPENSSL_INIT_BASE_ONLY)
-            && !RUN_ONCE(&load_crypto_nodelete,
-                         ossl_init_load_crypto_nodelete))
+    if (!RUN_ONCE(&load_crypto_nodelete, ossl_init_load_crypto_nodelete))
         return 0;
 
     if ((opts & OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS)
-            && !RUN_ONCE(&load_crypto_strings,
-                         ossl_init_no_load_crypto_strings))
+            && !RUN_ONCE_ALT(&load_crypto_strings,
+                             ossl_init_no_load_crypto_strings,
+                             ossl_init_load_crypto_strings))
         return 0;
 
     if ((opts & OPENSSL_INIT_LOAD_CRYPTO_STRINGS)
@@ -604,7 +670,8 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
         return 0;
 
     if ((opts & OPENSSL_INIT_NO_ADD_ALL_CIPHERS)
-            && !RUN_ONCE(&add_all_ciphers, ossl_init_no_add_algs))
+            && !RUN_ONCE_ALT(&add_all_ciphers, ossl_init_no_add_all_ciphers,
+                             ossl_init_add_all_ciphers))
         return 0;
 
     if ((opts & OPENSSL_INIT_ADD_ALL_CIPHERS)
@@ -612,7 +679,8 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
         return 0;
 
     if ((opts & OPENSSL_INIT_NO_ADD_ALL_DIGESTS)
-            && !RUN_ONCE(&add_all_digests, ossl_init_no_add_algs))
+            && !RUN_ONCE_ALT(&add_all_digests, ossl_init_no_add_all_digests,
+                             ossl_init_add_all_digests))
         return 0;
 
     if ((opts & OPENSSL_INIT_ADD_ALL_DIGESTS)
@@ -624,14 +692,15 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
         return 0;
 
     if ((opts & OPENSSL_INIT_NO_LOAD_CONFIG)
-            && !RUN_ONCE(&config, ossl_init_no_config))
+            && !RUN_ONCE_ALT(&config, ossl_init_no_config, ossl_init_config))
         return 0;
 
     if (opts & OPENSSL_INIT_LOAD_CONFIG) {
         int ret;
         CRYPTO_THREAD_write_lock(init_lock);
-        appname = (settings == NULL) ? NULL : settings->appname;
+        conf_settings = settings;
         ret = RUN_ONCE(&config, ossl_init_config);
+        conf_settings = NULL;
         CRYPTO_THREAD_unlock(init_lock);
         if (!ret)
             return 0;
@@ -695,7 +764,9 @@ int OPENSSL_atexit(void (*handler)(void))
 {
     OPENSSL_INIT_STOP *newhand;
 
-#if !defined(OPENSSL_NO_DSO) && !defined(OPENSSL_USE_NODELETE)
+#if !defined(OPENSSL_NO_DSO) \
+    && !defined(OPENSSL_USE_NODELETE)\
+    && !defined(OPENSSL_NO_PINSHARED)
     {
         union {
             void *sym;
diff --git a/deps/openssl/openssl/crypto/modes/asm/ghash-x86_64.pl b/deps/openssl/openssl/crypto/modes/asm/ghash-x86_64.pl
index afc30c3e72..30158aa076 100644
--- a/deps/openssl/openssl/crypto/modes/asm/ghash-x86_64.pl
+++ b/deps/openssl/openssl/crypto/modes/asm/ghash-x86_64.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2010-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -529,6 +529,7 @@ $code.=<<___;
 .type	gcm_init_clmul,\@abi-omnipotent
 .align	16
 gcm_init_clmul:
+.cfi_startproc
 .L_init_clmul:
 ___
 $code.=<<___ if ($win64);
@@ -598,6 +599,7 @@ $code.=<<___ if ($win64);
 ___
 $code.=<<___;
 	ret
+.cfi_endproc
 .size	gcm_init_clmul,.-gcm_init_clmul
 ___
 }
@@ -609,6 +611,7 @@ $code.=<<___;
 .type	gcm_gmult_clmul,\@abi-omnipotent
 .align	16
 gcm_gmult_clmul:
+.cfi_startproc
 .L_gmult_clmul:
 	movdqu		($Xip),$Xi
 	movdqa		.Lbswap_mask(%rip),$T3
@@ -645,6 +648,7 @@ $code.=<<___;
 	pshufb		$T3,$Xi
 	movdqu		$Xi,($Xip)
 	ret
+.cfi_endproc
 .size	gcm_gmult_clmul,.-gcm_gmult_clmul
 ___
 }
@@ -658,6 +662,7 @@ $code.=<<___;
 .type	gcm_ghash_clmul,\@abi-omnipotent
 .align	32
 gcm_ghash_clmul:
+.cfi_startproc
 .L_ghash_clmul:
 ___
 $code.=<<___ if ($win64);
@@ -1005,6 +1010,7 @@ $code.=<<___ if ($win64);
 ___
 $code.=<<___;
 	ret
+.cfi_endproc
 .size	gcm_ghash_clmul,.-gcm_ghash_clmul
 ___
 }
@@ -1014,6 +1020,7 @@ $code.=<<___;
 .type	gcm_init_avx,\@abi-omnipotent
 .align	32
 gcm_init_avx:
+.cfi_startproc
 ___
 if ($avx) {
 my ($Htbl,$Xip)=@_4args;
@@ -1142,6 +1149,7 @@ $code.=<<___ if ($win64);
 ___
 $code.=<<___;
 	ret
+.cfi_endproc
 .size	gcm_init_avx,.-gcm_init_avx
 ___
 } else {
@@ -1156,7 +1164,9 @@ $code.=<<___;
 .type	gcm_gmult_avx,\@abi-omnipotent
 .align	32
 gcm_gmult_avx:
+.cfi_startproc
 	jmp	.L_gmult_clmul
+.cfi_endproc
 .size	gcm_gmult_avx,.-gcm_gmult_avx
 ___
 
@@ -1165,6 +1175,7 @@ $code.=<<___;
 .type	gcm_ghash_avx,\@abi-omnipotent
 .align	32
 gcm_ghash_avx:
+.cfi_startproc
 ___
 if ($avx) {
 my ($Xip,$Htbl,$inp,$len)=@_4args;
@@ -1577,6 +1588,7 @@ $code.=<<___ if ($win64);
 ___
 $code.=<<___;
 	ret
+.cfi_endproc
 .size	gcm_ghash_avx,.-gcm_ghash_avx
 ___
 } else {
diff --git a/deps/openssl/openssl/crypto/objects/obj_dat.h b/deps/openssl/openssl/crypto/objects/obj_dat.h
index e931f7f516..9ab1a14b9e 100644
--- a/deps/openssl/openssl/crypto/objects/obj_dat.h
+++ b/deps/openssl/openssl/crypto/objects/obj_dat.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by crypto/objects/obj_dat.pl
  *
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
diff --git a/deps/openssl/openssl/crypto/objects/obj_dat.pl b/deps/openssl/openssl/crypto/objects/obj_dat.pl
index e80900d09d..e5d38147ec 100644
--- a/deps/openssl/openssl/crypto/objects/obj_dat.pl
+++ b/deps/openssl/openssl/crypto/objects/obj_dat.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
diff --git a/deps/openssl/openssl/crypto/objects/obj_xref.h b/deps/openssl/openssl/crypto/objects/obj_xref.h
index 9606e57d61..9144d569dc 100644
--- a/deps/openssl/openssl/crypto/objects/obj_xref.h
+++ b/deps/openssl/openssl/crypto/objects/obj_xref.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by objxref.pl
  *
- * Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1998-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/deps/openssl/openssl/crypto/objects/objects.pl b/deps/openssl/openssl/crypto/objects/objects.pl
index 8f9b67f959..d7d1962c99 100644
--- a/deps/openssl/openssl/crypto/objects/objects.pl
+++ b/deps/openssl/openssl/crypto/objects/objects.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
diff --git a/deps/openssl/openssl/crypto/objects/objxref.pl b/deps/openssl/openssl/crypto/objects/objxref.pl
index 0ec63f067e..ce76cadae3 100644
--- a/deps/openssl/openssl/crypto/objects/objxref.pl
+++ b/deps/openssl/openssl/crypto/objects/objxref.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 1998-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
diff --git a/deps/openssl/openssl/crypto/pem/pem_info.c b/deps/openssl/openssl/crypto/pem/pem_info.c
index a45fe83001..f90cb44650 100644
--- a/deps/openssl/openssl/crypto/pem/pem_info.c
+++ b/deps/openssl/openssl/crypto/pem/pem_info.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -297,7 +297,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
                 goto err;
             }
 
-            /* Create the right magic header stuff */ 
+            /* Create the right magic header stuff */
             buf[0] = '\0';
             PEM_proc_type(buf, PEM_TYPE_ENCRYPTED);
             PEM_dek_info(buf, objstr, EVP_CIPHER_iv_length(enc),
diff --git a/deps/openssl/openssl/crypto/perlasm/x86_64-xlate.pl b/deps/openssl/openssl/crypto/perlasm/x86_64-xlate.pl
index f8380f2e9c..29a0eacfd5 100755
--- a/deps/openssl/openssl/crypto/perlasm/x86_64-xlate.pl
+++ b/deps/openssl/openssl/crypto/perlasm/x86_64-xlate.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2005-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -541,6 +541,7 @@ my %globals;
 	);
 
     my ($cfa_reg, $cfa_rsp);
+    my @cfa_stack;
 
     # [us]leb128 format is variable-length integer representation base
     # 2^128, with most significant bit of each byte being 0 denoting
@@ -648,7 +649,13 @@ my %globals;
 	    # why it starts with -8. Recall that CFA is top of caller's
 	    # stack...
 	    /startproc/	&& do {	($cfa_reg, $cfa_rsp) = ("%rsp", -8); last; };
-	    /endproc/	&& do {	($cfa_reg, $cfa_rsp) = ("%rsp",  0); last; };
+	    /endproc/	&& do {	($cfa_reg, $cfa_rsp) = ("%rsp",  0);
+				# .cfi_remember_state directives that are not
+				# matched with .cfi_restore_state are
+				# unnecessary.
+				die "unpaired .cfi_remember_state" if (@cfa_stack);
+				last;
+			      };
 	    /def_cfa_register/
 			&& do {	$cfa_reg = $$line; last; };
 	    /def_cfa_offset/
@@ -688,6 +695,14 @@ my %globals;
 						      cfa_expression($$line)));
 				last;
 			      };
+	    /remember_state/
+			&& do {	push @cfa_stack, [$cfa_reg, $cfa_rsp];
+				last;
+			      };
+	    /restore_state/
+			&& do {	($cfa_reg, $cfa_rsp) = @{pop @cfa_stack};
+				last;
+			      };
 	    }
 
 	    $self->{value} = ".cfi_$dir\t$$line" if ($dir);
diff --git a/deps/openssl/openssl/crypto/poly1305/asm/poly1305-armv8.pl b/deps/openssl/openssl/crypto/poly1305/asm/poly1305-armv8.pl
index ac06457b65..6c6c9bb05b 100755
--- a/deps/openssl/openssl/crypto/poly1305/asm/poly1305-armv8.pl
+++ b/deps/openssl/openssl/crypto/poly1305/asm/poly1305-armv8.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -291,6 +291,7 @@ poly1305_blocks_neon:
 	cbz	$is_base2_26,poly1305_blocks
 
 .Lblocks_neon:
+	.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-80]!
 	add	x29,sp,#0
 
@@ -859,6 +860,7 @@ poly1305_blocks_neon:
 	st1	{$ACC4}[0],[$ctx]
 
 .Lno_data_neon:
+	.inst	0xd50323bf		// autiasp
 	ldr	x29,[sp],#80
 	ret
 .size	poly1305_blocks_neon,.-poly1305_blocks_neon
diff --git a/deps/openssl/openssl/crypto/poly1305/build.info b/deps/openssl/openssl/crypto/poly1305/build.info
index b730524afb..631b32b8e0 100644
--- a/deps/openssl/openssl/crypto/poly1305/build.info
+++ b/deps/openssl/openssl/crypto/poly1305/build.info
@@ -17,8 +17,6 @@ GENERATE[poly1305-armv8.S]=asm/poly1305-armv8.pl $(PERLASM_SCHEME)
 INCLUDE[poly1305-armv8.o]=..
 GENERATE[poly1305-mips.S]=asm/poly1305-mips.pl $(PERLASM_SCHEME)
 INCLUDE[poly1305-mips.o]=..
-GENERATE[poly1305-s390x.S]=asm/poly1305-s390x.pl $(PERLASM_SCHEME)
-INCLUDE[poly1305-s390x.o]=..
 
 BEGINRAW[Makefile(unix)]
 {- $builddir -}/poly1305-%.S:	{- $sourcedir -}/asm/poly1305-%.pl
diff --git a/deps/openssl/openssl/crypto/ppc_arch.h b/deps/openssl/openssl/crypto/ppc_arch.h
index 65cf96fc1f..72bd746874 100644
--- a/deps/openssl/openssl/crypto/ppc_arch.h
+++ b/deps/openssl/openssl/crypto/ppc_arch.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2014-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -22,5 +22,7 @@ extern unsigned int OPENSSL_ppccap_P;
 # define PPC_CRYPTO207   (1<<2)
 # define PPC_FPU         (1<<3)
 # define PPC_MADD300     (1<<4)
+# define PPC_MFTB        (1<<5)
+# define PPC_MFSPR268    (1<<6)
 
 #endif
diff --git a/deps/openssl/openssl/crypto/ppccap.c b/deps/openssl/openssl/crypto/ppccap.c
index 8b7d765c3a..afb9e31b00 100644
--- a/deps/openssl/openssl/crypto/ppccap.c
+++ b/deps/openssl/openssl/crypto/ppccap.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2009-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -168,16 +168,50 @@ void OPENSSL_altivec_probe(void);
 void OPENSSL_crypto207_probe(void);
 void OPENSSL_madd300_probe(void);
 
-/*
- * Use a weak reference to getauxval() so we can use it if it is available
- * but don't break the build if it is not. Note that this is *link-time*
- * feature detection, not *run-time*. In other words if we link with
- * symbol present, it's expected to be present even at run-time.
- */
-#if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__)
-extern unsigned long getauxval(unsigned long type) __attribute__ ((weak));
-#else
-static unsigned long (*getauxval) (unsigned long) = NULL;
+long OPENSSL_rdtsc_mftb(void);
+long OPENSSL_rdtsc_mfspr268(void);
+
+uint32_t OPENSSL_rdtsc(void)
+{
+    if (OPENSSL_ppccap_P & PPC_MFTB)
+        return OPENSSL_rdtsc_mftb();
+    else if (OPENSSL_ppccap_P & PPC_MFSPR268)
+        return OPENSSL_rdtsc_mfspr268();
+    else
+        return 0;
+}
+
+size_t OPENSSL_instrument_bus_mftb(unsigned int *, size_t);
+size_t OPENSSL_instrument_bus_mfspr268(unsigned int *, size_t);
+
+size_t OPENSSL_instrument_bus(unsigned int *out, size_t cnt)
+{
+    if (OPENSSL_ppccap_P & PPC_MFTB)
+        return OPENSSL_instrument_bus_mftb(out, cnt);
+    else if (OPENSSL_ppccap_P & PPC_MFSPR268)
+        return OPENSSL_instrument_bus_mfspr268(out, cnt);
+    else
+        return 0;
+}
+
+size_t OPENSSL_instrument_bus2_mftb(unsigned int *, size_t, size_t);
+size_t OPENSSL_instrument_bus2_mfspr268(unsigned int *, size_t, size_t);
+
+size_t OPENSSL_instrument_bus2(unsigned int *out, size_t cnt, size_t max)
+{
+    if (OPENSSL_ppccap_P & PPC_MFTB)
+        return OPENSSL_instrument_bus2_mftb(out, cnt, max);
+    else if (OPENSSL_ppccap_P & PPC_MFSPR268)
+        return OPENSSL_instrument_bus2_mfspr268(out, cnt, max);
+    else
+        return 0;
+}
+
+#if defined(__GLIBC__) && defined(__GLIBC_PREREQ)
+# if __GLIBC_PREREQ(2, 16)
+#  include <sys/auxv.h>
+#  define OSSL_IMPLEMENT_GETAUXVAL
+# endif
 #endif
 
 /* I wish <sys/auxv.h> was universally available */
@@ -277,7 +311,8 @@ void OPENSSL_cpuid_setup(void)
     }
 #endif
 
-    if (getauxval != NULL) {
+#ifdef OSSL_IMPLEMENT_GETAUXVAL
+    {
         unsigned long hwcap = getauxval(HWCAP);
 
         if (hwcap & HWCAP_FPU) {
@@ -304,9 +339,8 @@ void OPENSSL_cpuid_setup(void)
         if (hwcap & HWCAP_ARCH_3_00) {
             OPENSSL_ppccap_P |= PPC_MADD300;
         }
-
-        return;
     }
+#endif
 
     sigfillset(&all_masked);
     sigdelset(&all_masked, SIGILL);
@@ -325,15 +359,16 @@ void OPENSSL_cpuid_setup(void)
     sigprocmask(SIG_SETMASK, &ill_act.sa_mask, &oset);
     sigaction(SIGILL, &ill_act, &ill_oact);
 
+#ifndef OSSL_IMPLEMENT_GETAUXVAL
     if (sigsetjmp(ill_jmp,1) == 0) {
         OPENSSL_fpu_probe();
         OPENSSL_ppccap_P |= PPC_FPU;
 
         if (sizeof(size_t) == 4) {
-#ifdef __linux
+# ifdef __linux
             struct utsname uts;
             if (uname(&uts) == 0 && strcmp(uts.machine, "ppc64") == 0)
-#endif
+# endif
                 if (sigsetjmp(ill_jmp, 1) == 0) {
                     OPENSSL_ppc64_probe();
                     OPENSSL_ppccap_P |= PPC_FPU64;
@@ -358,6 +393,15 @@ void OPENSSL_cpuid_setup(void)
         OPENSSL_madd300_probe();
         OPENSSL_ppccap_P |= PPC_MADD300;
     }
+#endif
+
+    if (sigsetjmp(ill_jmp, 1) == 0) {
+        OPENSSL_rdtsc_mftb();
+        OPENSSL_ppccap_P |= PPC_MFTB;
+    } else if (sigsetjmp(ill_jmp, 1) == 0) {
+        OPENSSL_rdtsc_mfspr268();
+        OPENSSL_ppccap_P |= PPC_MFSPR268;
+    }
 
     sigaction(SIGILL, &ill_oact, NULL);
     sigprocmask(SIG_SETMASK, &oset, NULL);
diff --git a/deps/openssl/openssl/crypto/ppccpuid.pl b/deps/openssl/openssl/crypto/ppccpuid.pl
index 9d1cada4dc..a38445fd3c 100755
--- a/deps/openssl/openssl/crypto/ppccpuid.pl
+++ b/deps/openssl/openssl/crypto/ppccpuid.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -124,26 +124,23 @@ Ladd:	lwarx	r5,0,r3
 	.long	0
 .size	.OPENSSL_atomic_add,.-.OPENSSL_atomic_add
 
-.globl	.OPENSSL_rdtsc
+.globl	.OPENSSL_rdtsc_mftb
 .align	4
-.OPENSSL_rdtsc:
-___
-$code.=<<___	if ($flavour =~ /64/);
-	mftb	r3
-___
-$code.=<<___	if ($flavour !~ /64/);
-Loop_rdtsc:
-	mftbu	r5
+.OPENSSL_rdtsc_mftb:
 	mftb	r3
-	mftbu	r4
-	cmplw	r4,r5
-	bne	Loop_rdtsc
-___
-$code.=<<___;
 	blr
 	.long	0
 	.byte	0,12,0x14,0,0,0,0,0
-.size	.OPENSSL_rdtsc,.-.OPENSSL_rdtsc
+.size	.OPENSSL_rdtsc_mftb,.-.OPENSSL_rdtsc_mftb
+
+.globl	.OPENSSL_rdtsc_mfspr268
+.align	4
+.OPENSSL_rdtsc_mfspr268:
+	mfspr	r3,268
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+.size	.OPENSSL_rdtsc_mfspr268,.-.OPENSSL_rdtsc_mfspr268
 
 .globl	.OPENSSL_cleanse
 .align	4
@@ -210,9 +207,9 @@ my ($tick,$lasttick)=("r6","r7");
 my ($diff,$lastdiff)=("r8","r9");
 
 $code.=<<___;
-.globl	.OPENSSL_instrument_bus
+.globl	.OPENSSL_instrument_bus_mftb
 .align	4
-.OPENSSL_instrument_bus:
+.OPENSSL_instrument_bus_mftb:
 	mtctr	$cnt
 
 	mftb	$lasttick		# collect 1st tick
@@ -240,11 +237,11 @@ Loop:	mftb	$tick
 	.long	0
 	.byte	0,12,0x14,0,0,0,2,0
 	.long	0
-.size	.OPENSSL_instrument_bus,.-.OPENSSL_instrument_bus
+.size	.OPENSSL_instrument_bus_mftb,.-.OPENSSL_instrument_bus_mftb
 
-.globl	.OPENSSL_instrument_bus2
+.globl	.OPENSSL_instrument_bus2_mftb
 .align	4
-.OPENSSL_instrument_bus2:
+.OPENSSL_instrument_bus2_mftb:
 	mr	r0,$cnt
 	slwi	$cnt,$cnt,2
 
@@ -292,7 +289,91 @@ Ldone2:
 	.long	0
 	.byte	0,12,0x14,0,0,0,3,0
 	.long	0
-.size	.OPENSSL_instrument_bus2,.-.OPENSSL_instrument_bus2
+.size	.OPENSSL_instrument_bus2_mftb,.-.OPENSSL_instrument_bus2_mftb
+
+.globl	.OPENSSL_instrument_bus_mfspr268
+.align	4
+.OPENSSL_instrument_bus_mfspr268:
+	mtctr	$cnt
+
+	mfspr	$lasttick,268		# collect 1st tick
+	li	$diff,0
+
+	dcbf	0,$out			# flush cache line
+	lwarx	$tick,0,$out		# load and lock
+	add	$tick,$tick,$diff
+	stwcx.	$tick,0,$out
+	stwx	$tick,0,$out
+
+Loop3:	mfspr	$tick,268
+	sub	$diff,$tick,$lasttick
+	mr	$lasttick,$tick
+	dcbf	0,$out			# flush cache line
+	lwarx	$tick,0,$out		# load and lock
+	add	$tick,$tick,$diff
+	stwcx.	$tick,0,$out
+	stwx	$tick,0,$out
+	addi	$out,$out,4		# ++$out
+	bdnz	Loop3
+
+	mr	r3,$cnt
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,2,0
+	.long	0
+.size	.OPENSSL_instrument_bus_mfspr268,.-.OPENSSL_instrument_bus_mfspr268
+
+.globl	.OPENSSL_instrument_bus2_mfspr268
+.align	4
+.OPENSSL_instrument_bus2_mfspr268:
+	mr	r0,$cnt
+	slwi	$cnt,$cnt,2
+
+	mfspr	$lasttick,268		# collect 1st tick
+	li	$diff,0
+
+	dcbf	0,$out			# flush cache line
+	lwarx	$tick,0,$out		# load and lock
+	add	$tick,$tick,$diff
+	stwcx.	$tick,0,$out
+	stwx	$tick,0,$out
+
+	mfspr	$tick,268		# collect 1st diff
+	sub	$diff,$tick,$lasttick
+	mr	$lasttick,$tick
+	mr	$lastdiff,$diff
+Loop4:
+	dcbf	0,$out			# flush cache line
+	lwarx	$tick,0,$out		# load and lock
+	add	$tick,$tick,$diff
+	stwcx.	$tick,0,$out
+	stwx	$tick,0,$out
+
+	addic.	$max,$max,-1
+	beq	Ldone4
+
+	mfspr	$tick,268
+	sub	$diff,$tick,$lasttick
+	mr	$lasttick,$tick
+	cmplw	7,$diff,$lastdiff
+	mr	$lastdiff,$diff
+
+	mfcr	$tick			# pull cr
+	not	$tick,$tick		# flip bits
+	rlwinm	$tick,$tick,1,29,29	# isolate flipped eq bit and scale
+
+	sub.	$cnt,$cnt,$tick		# conditional --$cnt
+	add	$out,$out,$tick		# conditional ++$out
+	bne	Loop4
+
+Ldone4:
+	srwi	$cnt,$cnt,2
+	sub	r3,r0,$cnt
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,3,0
+	.long	0
+.size	.OPENSSL_instrument_bus2_mfspr268,.-.OPENSSL_instrument_bus2_mfspr268
 ___
 }
 
diff --git a/deps/openssl/openssl/crypto/rand/rand_unix.c b/deps/openssl/openssl/crypto/rand/rand_unix.c
index 9d8ffdd537..9cbc9ade77 100644
--- a/deps/openssl/openssl/crypto/rand/rand_unix.c
+++ b/deps/openssl/openssl/crypto/rand/rand_unix.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -93,6 +93,27 @@ static uint64_t get_timer_bits(void);
 # error "UEFI and VXWorks only support seeding NONE"
 #endif
 
+#if defined(OPENSSL_SYS_VXWORKS)
+/* empty implementation */
+int rand_pool_init(void)
+{
+    return 1;
+}
+
+void rand_pool_cleanup(void)
+{
+}
+
+void rand_pool_keep_random_devices_open(int keep)
+{
+}
+
+size_t rand_pool_acquire_entropy(RAND_POOL *pool)
+{
+    return rand_pool_entropy_available(pool);
+}
+#endif
+
 #if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) \
     || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_VXWORKS) \
     || defined(OPENSSL_SYS_UEFI))
diff --git a/deps/openssl/openssl/crypto/rc4/build.info b/deps/openssl/openssl/crypto/rc4/build.info
index 913942b5e9..46ee66b61c 100644
--- a/deps/openssl/openssl/crypto/rc4/build.info
+++ b/deps/openssl/openssl/crypto/rc4/build.info
@@ -11,8 +11,6 @@ GENERATE[rc4-md5-x86_64.s]=asm/rc4-md5-x86_64.pl $(PERLASM_SCHEME)
 
 GENERATE[rc4-parisc.s]=asm/rc4-parisc.pl $(PERLASM_SCHEME)
 
-GENERATE[rc4-s390x.s]=asm/rc4-s390x.pl $(PERLASM_SCHEME)
-
 BEGINRAW[Makefile]
 # GNU make "catch all"
 {- $builddir -}/rc4-%.s:	{- $sourcedir -}/asm/rc4-%.pl
diff --git a/deps/openssl/openssl/crypto/rsa/rsa_ameth.c b/deps/openssl/openssl/crypto/rsa/rsa_ameth.c
index a6595aec05..75debb3e0a 100644
--- a/deps/openssl/openssl/crypto/rsa/rsa_ameth.c
+++ b/deps/openssl/openssl/crypto/rsa/rsa_ameth.c
@@ -34,7 +34,7 @@ static int rsa_param_encode(const EVP_PKEY *pkey,
 
     *pstr = NULL;
     /* If RSA it's just NULL type */
-    if (pkey->ameth->pkey_id == EVP_PKEY_RSA) {
+    if (pkey->ameth->pkey_id != EVP_PKEY_RSA_PSS) {
         *pstrtype = V_ASN1_NULL;
         return 1;
     }
@@ -58,7 +58,7 @@ static int rsa_param_decode(RSA *rsa, const X509_ALGOR *alg)
     int algptype;
 
     X509_ALGOR_get0(&algoid, &algptype, &algp, alg);
-    if (OBJ_obj2nid(algoid) == EVP_PKEY_RSA)
+    if (OBJ_obj2nid(algoid) != EVP_PKEY_RSA_PSS)
         return 1;
     if (algptype == V_ASN1_UNDEF)
         return 1;
@@ -109,7 +109,10 @@ static int rsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
         RSA_free(rsa);
         return 0;
     }
-    EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, rsa);
+    if (!EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, rsa)) {
+        RSA_free(rsa);
+        return 0;
+    }
     return 1;
 }
 
diff --git a/deps/openssl/openssl/crypto/rsa/rsa_oaep.c b/deps/openssl/openssl/crypto/rsa/rsa_oaep.c
index f13c6fc9e5..689e6dc222 100644
--- a/deps/openssl/openssl/crypto/rsa/rsa_oaep.c
+++ b/deps/openssl/openssl/crypto/rsa/rsa_oaep.c
@@ -120,7 +120,7 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
                                       const EVP_MD *mgf1md)
 {
     int i, dblen = 0, mlen = -1, one_index = 0, msg_index;
-    unsigned int good, found_one_byte;
+    unsigned int good = 0, found_one_byte, mask;
     const unsigned char *maskedseed, *maskeddb;
     /*
      * |em| is the encoded message, zero-padded to exactly |num| bytes: em =
@@ -147,8 +147,11 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
      * the ciphertext, see PKCS #1 v2.2, section 7.1.2.
      * This does not leak any side-channel information.
      */
-    if (num < flen || num < 2 * mdlen + 2)
-        goto decoding_err;
+    if (num < flen || num < 2 * mdlen + 2) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1,
+               RSA_R_OAEP_DECODING_ERROR);
+        return -1;
+    }
 
     dblen = num - mdlen - 1;
     db = OPENSSL_malloc(dblen);
@@ -157,25 +160,26 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
         goto cleanup;
     }
 
-    if (flen != num) {
-        em = OPENSSL_zalloc(num);
-        if (em == NULL) {
-            RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1,
-                   ERR_R_MALLOC_FAILURE);
-            goto cleanup;
-        }
+    em = OPENSSL_malloc(num);
+    if (em == NULL) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1,
+               ERR_R_MALLOC_FAILURE);
+        goto cleanup;
+    }
 
-        /*
-         * Caller is encouraged to pass zero-padded message created with
-         * BN_bn2binpad, but if it doesn't, we do this zero-padding copy
-         * to avoid leaking that information. The copy still leaks some
-         * side-channel information, but it's impossible to have a fixed
-         * memory access pattern since we can't read out of the bounds of
-         * |from|.
-         */
-        memcpy(em + num - flen, from, flen);
-        from = em;
+    /*
+     * Caller is encouraged to pass zero-padded message created with
+     * BN_bn2binpad. Trouble is that since we can't read out of |from|'s
+     * bounds, it's impossible to have an invariant memory access pattern
+     * in case |from| was not zero-padded in advance.
+     */
+    for (from += flen, em += num, i = 0; i < num; i++) {
+        mask = ~constant_time_is_zero(flen);
+        flen -= 1 & mask;
+        from -= 1 & mask;
+        *--em = *from & mask;
     }
+    from = em;
 
     /*
      * The first byte must be zero, however we must not leak if this is
@@ -222,32 +226,48 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
      * so plaintext-awareness ensures timing side-channels are no longer a
      * concern.
      */
-    if (!good)
-        goto decoding_err;
-
     msg_index = one_index + 1;
     mlen = dblen - msg_index;
 
-    if (tlen < mlen) {
-        RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1, RSA_R_DATA_TOO_LARGE);
-        mlen = -1;
-    } else {
-        memcpy(to, db + msg_index, mlen);
-        goto cleanup;
+    /*
+     * For good measure, do this check in constant tine as well.
+     */
+    good &= constant_time_ge(tlen, mlen);
+
+    /*
+     * Even though we can't fake result's length, we can pretend copying
+     * |tlen| bytes where |mlen| bytes would be real. Last |tlen| of |dblen|
+     * bytes are viewed as circular buffer with start at |tlen|-|mlen'|,
+     * where |mlen'| is "saturated" |mlen| value. Deducing information
+     * about failure or |mlen| would take attacker's ability to observe
+     * memory access pattern with byte granularity *as it occurs*. It
+     * should be noted that failure is indistinguishable from normal
+     * operation if |tlen| is fixed by protocol.
+     */
+    tlen = constant_time_select_int(constant_time_lt(dblen, tlen), dblen, tlen);
+    msg_index = constant_time_select_int(good, msg_index, dblen - tlen);
+    mlen = dblen - msg_index;
+    for (from = db + msg_index, mask = good, i = 0; i < tlen; i++) {
+        unsigned int equals = constant_time_eq(i, mlen);
+
+        from -= dblen & equals; /* if (i == dblen) rewind   */
+        mask &= mask ^ equals;  /* if (i == dblen) mask = 0 */
+        to[i] = constant_time_select_8(mask, from[i], to[i]);
     }
 
- decoding_err:
     /*
      * To avoid chosen ciphertext attacks, the error message should not
      * reveal which kind of decoding error happened.
      */
     RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1,
            RSA_R_OAEP_DECODING_ERROR);
+    err_clear_last_constant_time(1 & good);
  cleanup:
     OPENSSL_cleanse(seed, sizeof(seed));
     OPENSSL_clear_free(db, dblen);
     OPENSSL_clear_free(em, num);
-    return mlen;
+
+    return constant_time_select_int(good, mlen, -1);
 }
 
 int PKCS1_MGF1(unsigned char *mask, long len,
diff --git a/deps/openssl/openssl/crypto/rsa/rsa_ossl.c b/deps/openssl/openssl/crypto/rsa/rsa_ossl.c
index 2b1b006c28..465134257f 100644
--- a/deps/openssl/openssl/crypto/rsa/rsa_ossl.c
+++ b/deps/openssl/openssl/crypto/rsa/rsa_ossl.c
@@ -10,6 +10,7 @@
 #include "internal/cryptlib.h"
 #include "internal/bn_int.h"
 #include "rsa_locl.h"
+#include "internal/constant_time_locl.h"
 
 static int rsa_ossl_public_encrypt(int flen, const unsigned char *from,
                                   unsigned char *to, RSA *rsa, int padding);
@@ -286,6 +287,11 @@ static int rsa_ossl_private_encrypt(int flen, const unsigned char *from,
         goto err;
     }
 
+    if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
+        if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, rsa->lock,
+                                    rsa->n, ctx))
+            goto err;
+
     if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) {
         blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
         if (blinding == NULL) {
@@ -318,13 +324,6 @@ static int rsa_ossl_private_encrypt(int flen, const unsigned char *from,
         }
         BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
 
-        if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
-            if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, rsa->lock,
-                                        rsa->n, ctx)) {
-                BN_free(d);
-                goto err;
-            }
-
         if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx,
                                    rsa->_method_mod_n)) {
             BN_free(d);
@@ -481,8 +480,8 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
         RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
         goto err;
     }
-    if (r < 0)
-        RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_PADDING_CHECK_FAILED);
+    RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_PADDING_CHECK_FAILED);
+    err_clear_last_constant_time(r >= 0);
 
  err:
     if (ctx != NULL)
diff --git a/deps/openssl/openssl/crypto/rsa/rsa_pk1.c b/deps/openssl/openssl/crypto/rsa/rsa_pk1.c
index d07c0d6f85..0626907418 100644
--- a/deps/openssl/openssl/crypto/rsa/rsa_pk1.c
+++ b/deps/openssl/openssl/crypto/rsa/rsa_pk1.c
@@ -158,10 +158,10 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
     int i;
     /* |em| is the encoded message, zero-padded to exactly |num| bytes */
     unsigned char *em = NULL;
-    unsigned int good, found_zero_byte;
+    unsigned int good, found_zero_byte, mask;
     int zero_index = 0, msg_index, mlen = -1;
 
-    if (tlen < 0 || flen < 0)
+    if (tlen <= 0 || flen <= 0)
         return -1;
 
     /*
@@ -169,39 +169,41 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
      * section 7.2.2.
      */
 
-    if (flen > num)
-        goto err;
-
-    if (num < 11)
-        goto err;
+    if (flen > num || num < 11) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,
+               RSA_R_PKCS_DECODING_ERROR);
+        return -1;
+    }
 
-    if (flen != num) {
-        em = OPENSSL_zalloc(num);
-        if (em == NULL) {
-            RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, ERR_R_MALLOC_FAILURE);
-            return -1;
-        }
-        /*
-         * Caller is encouraged to pass zero-padded message created with
-         * BN_bn2binpad, but if it doesn't, we do this zero-padding copy
-         * to avoid leaking that information. The copy still leaks some
-         * side-channel information, but it's impossible to have a fixed
-         * memory access pattern since we can't read out of the bounds of
-         * |from|.
-         */
-        memcpy(em + num - flen, from, flen);
-        from = em;
+    em = OPENSSL_malloc(num);
+    if (em == NULL) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+    /*
+     * Caller is encouraged to pass zero-padded message created with
+     * BN_bn2binpad. Trouble is that since we can't read out of |from|'s
+     * bounds, it's impossible to have an invariant memory access pattern
+     * in case |from| was not zero-padded in advance.
+     */
+    for (from += flen, em += num, i = 0; i < num; i++) {
+        mask = ~constant_time_is_zero(flen);
+        flen -= 1 & mask;
+        from -= 1 & mask;
+        *--em = *from & mask;
     }
+    from = em;
 
     good = constant_time_is_zero(from[0]);
     good &= constant_time_eq(from[1], 2);
 
+    /* scan over padding data */
     found_zero_byte = 0;
     for (i = 2; i < num; i++) {
         unsigned int equals0 = constant_time_is_zero(from[i]);
-        zero_index =
-            constant_time_select_int(~found_zero_byte & equals0, i,
-                                     zero_index);
+
+        zero_index = constant_time_select_int(~found_zero_byte & equals0,
+                                              i, zero_index);
         found_zero_byte |= equals0;
     }
 
@@ -210,7 +212,7 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
      * If we never found a 0-byte, then |zero_index| is 0 and the check
      * also fails.
      */
-    good &= constant_time_ge((unsigned int)(zero_index), 2 + 8);
+    good &= constant_time_ge(zero_index, 2 + 8);
 
     /*
      * Skip the zero byte. This is incorrect if we never found a zero-byte
@@ -220,27 +222,34 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
     mlen = num - msg_index;
 
     /*
-     * For good measure, do this check in constant time as well; it could
-     * leak something if |tlen| was assuming valid padding.
+     * For good measure, do this check in constant time as well.
      */
-    good &= constant_time_ge((unsigned int)(tlen), (unsigned int)(mlen));
+    good &= constant_time_ge(tlen, mlen);
 
     /*
-     * We can't continue in constant-time because we need to copy the result
-     * and we cannot fake its length. This unavoidably leaks timing
-     * information at the API boundary.
+     * Even though we can't fake result's length, we can pretend copying
+     * |tlen| bytes where |mlen| bytes would be real. Last |tlen| of |num|
+     * bytes are viewed as circular buffer with start at |tlen|-|mlen'|,
+     * where |mlen'| is "saturated" |mlen| value. Deducing information
+     * about failure or |mlen| would take attacker's ability to observe
+     * memory access pattern with byte granularity *as it occurs*. It
+     * should be noted that failure is indistinguishable from normal
+     * operation if |tlen| is fixed by protocol.
      */
-    if (!good) {
-        mlen = -1;
-        goto err;
-    }
+    tlen = constant_time_select_int(constant_time_lt(num, tlen), num, tlen);
+    msg_index = constant_time_select_int(good, msg_index, num - tlen);
+    mlen = num - msg_index;
+    for (from += msg_index, mask = good, i = 0; i < tlen; i++) {
+        unsigned int equals = constant_time_eq(i, mlen);
 
-    memcpy(to, from + msg_index, mlen);
+        from -= tlen & equals;  /* if (i == mlen) rewind   */
+        mask &= mask ^ equals;  /* if (i == mlen) mask = 0 */
+        to[i] = constant_time_select_8(mask, from[i], to[i]);
+    }
 
- err:
     OPENSSL_clear_free(em, num);
-    if (mlen == -1)
-        RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,
-               RSA_R_PKCS_DECODING_ERROR);
-    return mlen;
+    RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, RSA_R_PKCS_DECODING_ERROR);
+    err_clear_last_constant_time(1 & good);
+
+    return constant_time_select_int(good, mlen, -1);
 }
diff --git a/deps/openssl/openssl/crypto/rsa/rsa_ssl.c b/deps/openssl/openssl/crypto/rsa/rsa_ssl.c
index 286d0a42de..c5654595fb 100644
--- a/deps/openssl/openssl/crypto/rsa/rsa_ssl.c
+++ b/deps/openssl/openssl/crypto/rsa/rsa_ssl.c
@@ -12,6 +12,7 @@
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
 #include <openssl/rand.h>
+#include "internal/constant_time_locl.h"
 
 int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
                            const unsigned char *from, int flen)
@@ -52,57 +53,115 @@ int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
     return 1;
 }
 
+/*
+ * Copy of RSA_padding_check_PKCS1_type_2 with a twist that rejects padding
+ * if nul delimiter is preceded by 8 consecutive 0x03 bytes. It also
+ * preserves error code reporting for backward compatibility.
+ */
 int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
                              const unsigned char *from, int flen, int num)
 {
-    int i, j, k;
-    const unsigned char *p;
+    int i;
+    /* |em| is the encoded message, zero-padded to exactly |num| bytes */
+    unsigned char *em = NULL;
+    unsigned int good, found_zero_byte, mask, threes_in_row;
+    int zero_index = 0, msg_index, mlen = -1, err;
 
-    p = from;
     if (flen < 10) {
         RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_DATA_TOO_SMALL);
         return -1;
     }
-    /* Accept even zero-padded input */
-    if (flen == num) {
-        if (*(p++) != 0) {
-            RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_BLOCK_TYPE_IS_NOT_02);
-            return -1;
-        }
-        flen--;
-    }
-    if ((num != (flen + 1)) || (*(p++) != 02)) {
-        RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_BLOCK_TYPE_IS_NOT_02);
-        return -1;
-    }
 
-    /* scan over padding data */
-    j = flen - 1;               /* one for type */
-    for (i = 0; i < j; i++)
-        if (*(p++) == 0)
-            break;
-
-    if ((i == j) || (i < 8)) {
-        RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,
-               RSA_R_NULL_BEFORE_BLOCK_MISSING);
+    em = OPENSSL_malloc(num);
+    if (em == NULL) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, ERR_R_MALLOC_FAILURE);
         return -1;
     }
-    for (k = -9; k < -1; k++) {
-        if (p[k] != 0x03)
-            break;
+    /*
+     * Caller is encouraged to pass zero-padded message created with
+     * BN_bn2binpad. Trouble is that since we can't read out of |from|'s
+     * bounds, it's impossible to have an invariant memory access pattern
+     * in case |from| was not zero-padded in advance.
+     */
+    for (from += flen, em += num, i = 0; i < num; i++) {
+        mask = ~constant_time_is_zero(flen);
+        flen -= 1 & mask;
+        from -= 1 & mask;
+        *--em = *from & mask;
     }
-    if (k == -1) {
-        RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_SSLV3_ROLLBACK_ATTACK);
-        return -1;
+    from = em;
+
+    good = constant_time_is_zero(from[0]);
+    good &= constant_time_eq(from[1], 2);
+    err = constant_time_select_int(good, 0, RSA_R_BLOCK_TYPE_IS_NOT_02);
+    mask = ~good;
+
+    /* scan over padding data */
+    found_zero_byte = 0;
+    threes_in_row = 0;
+    for (i = 2; i < num; i++) {
+        unsigned int equals0 = constant_time_is_zero(from[i]);
+
+        zero_index = constant_time_select_int(~found_zero_byte & equals0,
+                                              i, zero_index);
+        found_zero_byte |= equals0;
+
+        threes_in_row += 1 & ~found_zero_byte;
+        threes_in_row &= found_zero_byte | constant_time_eq(from[i], 3);
     }
 
-    i++;                        /* Skip over the '\0' */
-    j -= i;
-    if (j > tlen) {
-        RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_DATA_TOO_LARGE);
-        return -1;
+    /*
+     * PS must be at least 8 bytes long, and it starts two bytes into |from|.
+     * If we never found a 0-byte, then |zero_index| is 0 and the check
+     * also fails.
+     */
+    good &= constant_time_ge(zero_index, 2 + 8);
+    err = constant_time_select_int(mask | good, err,
+                                   RSA_R_NULL_BEFORE_BLOCK_MISSING);
+    mask = ~good;
+
+    good &= constant_time_lt(threes_in_row, 8);
+    err = constant_time_select_int(mask | good, err,
+                                   RSA_R_SSLV3_ROLLBACK_ATTACK);
+    mask = ~good;
+
+    /*
+     * Skip the zero byte. This is incorrect if we never found a zero-byte
+     * but in this case we also do not copy the message out.
+     */
+    msg_index = zero_index + 1;
+    mlen = num - msg_index;
+
+    /*
+     * For good measure, do this check in constant time as well.
+     */
+    good &= constant_time_ge(tlen, mlen);
+    err = constant_time_select_int(mask | good, err, RSA_R_DATA_TOO_LARGE);
+
+    /*
+     * Even though we can't fake result's length, we can pretend copying
+     * |tlen| bytes where |mlen| bytes would be real. Last |tlen| of |num|
+     * bytes are viewed as circular buffer with start at |tlen|-|mlen'|,
+     * where |mlen'| is "saturated" |mlen| value. Deducing information
+     * about failure or |mlen| would take attacker's ability to observe
+     * memory access pattern with byte granularity *as it occurs*. It
+     * should be noted that failure is indistinguishable from normal
+     * operation if |tlen| is fixed by protocol.
+     */
+    tlen = constant_time_select_int(constant_time_lt(num, tlen), num, tlen);
+    msg_index = constant_time_select_int(good, msg_index, num - tlen);
+    mlen = num - msg_index;
+    for (from += msg_index, mask = good, i = 0; i < tlen; i++) {
+        unsigned int equals = constant_time_eq(i, mlen);
+
+        from -= tlen & equals;  /* if (i == mlen) rewind   */
+        mask &= mask ^ equals;  /* if (i == mlen) mask = 0 */
+        to[i] = constant_time_select_8(mask, from[i], to[i]);
     }
-    memcpy(to, p, (unsigned int)j);
 
-    return j;
+    OPENSSL_clear_free(em, num);
+    RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, err);
+    err_clear_last_constant_time(1 & good);
+
+    return constant_time_select_int(good, mlen, -1);
 }
diff --git a/deps/openssl/openssl/crypto/rsa/rsa_x931g.c b/deps/openssl/openssl/crypto/rsa/rsa_x931g.c
index 3563670a12..15e40e8d1d 100644
--- a/deps/openssl/openssl/crypto/rsa/rsa_x931g.c
+++ b/deps/openssl/openssl/crypto/rsa/rsa_x931g.c
@@ -128,6 +128,8 @@ int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1,
 
     /* calculate inverse of q mod p */
     rsa->iqmp = BN_mod_inverse(NULL, rsa->q, rsa->p, ctx2);
+    if (rsa->iqmp == NULL)
+        goto err;
 
     ret = 1;
  err:
diff --git a/deps/openssl/openssl/crypto/sha/asm/keccak1600-armv8.pl b/deps/openssl/openssl/crypto/sha/asm/keccak1600-armv8.pl
index 704ab4a7e4..a3117bd750 100755
--- a/deps/openssl/openssl/crypto/sha/asm/keccak1600-armv8.pl
+++ b/deps/openssl/openssl/crypto/sha/asm/keccak1600-armv8.pl
@@ -1,5 +1,5 @@
 #!/usr/bin/env perl
-# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -121,6 +121,7 @@ $code.=<<___;
 .align	5
 KeccakF1600_int:
 	adr	$C[2],iotas
+	.inst	0xd503233f			// paciasp
 	stp	$C[2],x30,[sp,#16]		// 32 bytes on top are mine
 	b	.Loop
 .align	4
@@ -292,12 +293,14 @@ $code.=<<___;
 	bne	.Loop
 
 	ldr	x30,[sp,#24]
+	.inst	0xd50323bf			// autiasp
 	ret
 .size	KeccakF1600_int,.-KeccakF1600_int
 
 .type	KeccakF1600,%function
 .align	5
 KeccakF1600:
+	.inst	0xd503233f			// paciasp
 	stp	x29,x30,[sp,#-128]!
 	add	x29,sp,#0
 	stp	x19,x20,[sp,#16]
@@ -347,6 +350,7 @@ KeccakF1600:
 	ldp	x25,x26,[x29,#64]
 	ldp	x27,x28,[x29,#80]
 	ldp	x29,x30,[sp],#128
+	.inst	0xd50323bf			// autiasp
 	ret
 .size	KeccakF1600,.-KeccakF1600
 
@@ -354,6 +358,7 @@ KeccakF1600:
 .type	SHA3_absorb,%function
 .align	5
 SHA3_absorb:
+	.inst	0xd503233f			// paciasp
 	stp	x29,x30,[sp,#-128]!
 	add	x29,sp,#0
 	stp	x19,x20,[sp,#16]
@@ -451,6 +456,7 @@ $code.=<<___;
 	ldp	x25,x26,[x29,#64]
 	ldp	x27,x28,[x29,#80]
 	ldp	x29,x30,[sp],#128
+	.inst	0xd50323bf			// autiasp
 	ret
 .size	SHA3_absorb,.-SHA3_absorb
 ___
@@ -461,6 +467,7 @@ $code.=<<___;
 .type	SHA3_squeeze,%function
 .align	5
 SHA3_squeeze:
+	.inst	0xd503233f			// paciasp
 	stp	x29,x30,[sp,#-48]!
 	add	x29,sp,#0
 	stp	x19,x20,[sp,#16]
@@ -523,6 +530,7 @@ SHA3_squeeze:
 	ldp	x19,x20,[sp,#16]
 	ldp	x21,x22,[sp,#32]
 	ldp	x29,x30,[sp],#48
+	.inst	0xd50323bf			// autiasp
 	ret
 .size	SHA3_squeeze,.-SHA3_squeeze
 ___
@@ -649,6 +657,7 @@ $code.=<<___;
 .type	KeccakF1600_cext,%function
 .align	5
 KeccakF1600_cext:
+	.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-80]!
 	add	x29,sp,#0
 	stp	d8,d9,[sp,#16]		// per ABI requirement
@@ -681,6 +690,7 @@ $code.=<<___;
 	ldp	d12,d13,[sp,#48]
 	ldp	d14,d15,[sp,#64]
 	ldr	x29,[sp],#80
+	.inst	0xd50323bf		// autiasp
 	ret
 .size	KeccakF1600_cext,.-KeccakF1600_cext
 ___
@@ -693,6 +703,7 @@ $code.=<<___;
 .type	SHA3_absorb_cext,%function
 .align	5
 SHA3_absorb_cext:
+	.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-80]!
 	add	x29,sp,#0
 	stp	d8,d9,[sp,#16]		// per ABI requirement
@@ -764,6 +775,7 @@ $code.=<<___;
 	ldp	d12,d13,[sp,#48]
 	ldp	d14,d15,[sp,#64]
 	ldp	x29,x30,[sp],#80
+	.inst	0xd50323bf		// autiasp
 	ret
 .size	SHA3_absorb_cext,.-SHA3_absorb_cext
 ___
@@ -775,6 +787,7 @@ $code.=<<___;
 .type	SHA3_squeeze_cext,%function
 .align	5
 SHA3_squeeze_cext:
+	.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-16]!
 	add	x29,sp,#0
 	mov	x9,$ctx
@@ -830,6 +843,7 @@ SHA3_squeeze_cext:
 
 .Lsqueeze_done_ce:
 	ldr	x29,[sp],#16
+	.inst	0xd50323bf		// autiasp
 	ret
 .size	SHA3_squeeze_cext,.-SHA3_squeeze_cext
 ___
diff --git a/deps/openssl/openssl/crypto/sha/asm/sha512-armv8.pl b/deps/openssl/openssl/crypto/sha/asm/sha512-armv8.pl
index ac84ebb52e..01ffe9f98c 100644
--- a/deps/openssl/openssl/crypto/sha/asm/sha512-armv8.pl
+++ b/deps/openssl/openssl/crypto/sha/asm/sha512-armv8.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2014-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -219,6 +219,7 @@ $code.=<<___	if ($SZ==8);
 ___
 $code.=<<___;
 #endif
+	.inst	0xd503233f				// paciasp
 	stp	x29,x30,[sp,#-128]!
 	add	x29,sp,#0
 
@@ -280,6 +281,7 @@ $code.=<<___;
 	ldp	x25,x26,[x29,#64]
 	ldp	x27,x28,[x29,#80]
 	ldp	x29,x30,[sp],#128
+	.inst	0xd50323bf				// autiasp
 	ret
 .size	$func,.-$func
 
diff --git a/deps/openssl/openssl/crypto/srp/srp_lib.c b/deps/openssl/openssl/crypto/srp/srp_lib.c
index b97d630d37..ca20f6d097 100644
--- a/deps/openssl/openssl/crypto/srp/srp_lib.c
+++ b/deps/openssl/openssl/crypto/srp/srp_lib.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2004-2019 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2004, EdelKey Project. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
@@ -26,6 +26,7 @@ static BIGNUM *srp_Calc_xy(const BIGNUM *x, const BIGNUM *y, const BIGNUM *N)
     unsigned char *tmp = NULL;
     int numN = BN_num_bytes(N);
     BIGNUM *res = NULL;
+
     if (x != N && BN_ucmp(x, N) >= 0)
         return NULL;
     if (y != N && BN_ucmp(y, N) >= 0)
@@ -139,7 +140,8 @@ BIGNUM *SRP_Calc_x(const BIGNUM *s, const char *user, const char *pass)
         || !EVP_DigestFinal_ex(ctxt, dig, NULL)
         || !EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL))
         goto err;
-    BN_bn2bin(s, cs);
+    if (BN_bn2bin(s, cs) < 0)
+        goto err;
     if (!EVP_DigestUpdate(ctxt, cs, BN_num_bytes(s)))
         goto err;
 
diff --git a/deps/openssl/openssl/crypto/srp/srp_vfy.c b/deps/openssl/openssl/crypto/srp/srp_vfy.c
index 17b35c00f9..eb279dd418 100644
--- a/deps/openssl/openssl/crypto/srp/srp_vfy.c
+++ b/deps/openssl/openssl/crypto/srp/srp_vfy.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2004-2019 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2004, EdelKey Project. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
@@ -187,7 +187,7 @@ void SRP_user_pwd_free(SRP_user_pwd *user_pwd)
 static SRP_user_pwd *SRP_user_pwd_new(void)
 {
     SRP_user_pwd *ret;
-    
+
     if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) {
         /* SRPerr(SRP_F_SRP_USER_PWD_NEW, ERR_R_MALLOC_FAILURE); */ /*ckerr_ignore*/
         return NULL;
@@ -598,10 +598,14 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt,
         if ((len = t_fromb64(tmp, sizeof(tmp), N)) <= 0)
             goto err;
         N_bn_alloc = BN_bin2bn(tmp, len, NULL);
+        if (N_bn_alloc == NULL)
+            goto err;
         N_bn = N_bn_alloc;
         if ((len = t_fromb64(tmp, sizeof(tmp) ,g)) <= 0)
             goto err;
         g_bn_alloc = BN_bin2bn(tmp, len, NULL);
+        if (g_bn_alloc == NULL)
+            goto err;
         g_bn = g_bn_alloc;
         defgNid = "*";
     } else {
@@ -623,15 +627,19 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt,
             goto err;
         s = BN_bin2bn(tmp2, len, NULL);
     }
+    if (s == NULL)
+        goto err;
 
     if (!SRP_create_verifier_BN(user, pass, &s, &v, N_bn, g_bn))
         goto err;
 
-    BN_bn2bin(v, tmp);
+    if (BN_bn2bin(v, tmp) < 0)
+        goto err;
     vfsize = BN_num_bytes(v) * 2;
     if (((vf = OPENSSL_malloc(vfsize)) == NULL))
         goto err;
-    t_tob64(vf, tmp, BN_num_bytes(v));
+    if (!t_tob64(vf, tmp, BN_num_bytes(v)))
+        goto err;
 
     if (*salt == NULL) {
         char *tmp_salt;
@@ -639,7 +647,10 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt,
         if ((tmp_salt = OPENSSL_malloc(SRP_RANDOM_SALT_LEN * 2)) == NULL) {
             goto err;
         }
-        t_tob64(tmp_salt, tmp2, SRP_RANDOM_SALT_LEN);
+        if (!t_tob64(tmp_salt, tmp2, SRP_RANDOM_SALT_LEN)) {
+            OPENSSL_free(tmp_salt);
+            goto err;
+        }
         *salt = tmp_salt;
     }
 
@@ -686,11 +697,15 @@ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
             goto err;
 
         salttmp = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL);
+        if (salttmp == NULL)
+            goto err;
     } else {
         salttmp = *salt;
     }
 
     x = SRP_Calc_x(salttmp, user, pass);
+    if (x == NULL)
+        goto err;
 
     *verifier = BN_new();
     if (*verifier == NULL)
diff --git a/deps/openssl/openssl/crypto/ui/ui_openssl.c b/deps/openssl/openssl/crypto/ui/ui_openssl.c
index 6b996134df..5ca418d248 100644
--- a/deps/openssl/openssl/crypto/ui/ui_openssl.c
+++ b/deps/openssl/openssl/crypto/ui/ui_openssl.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -101,6 +101,12 @@
 
 # endif
 
+# if defined(OPENSSL_SYS_VXWORKS)
+#  undef TERMIOS
+#  undef TERMIO
+#  undef SGTTY
+# endif
+
 # ifdef TERMIOS
 #  include <termios.h>
 #  define TTY_STRUCT             struct termios
diff --git a/deps/openssl/openssl/crypto/uid.c b/deps/openssl/openssl/crypto/uid.c
index f7ae2610b3..b2b096446f 100644
--- a/deps/openssl/openssl/crypto/uid.c
+++ b/deps/openssl/openssl/crypto/uid.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -34,12 +34,13 @@ int OPENSSL_issetugid(void)
 # if defined(__GLIBC__) && defined(__GLIBC_PREREQ)
 #  if __GLIBC_PREREQ(2, 16)
 #   include <sys/auxv.h>
+#   define OSSL_IMPLEMENT_GETAUXVAL
 #  endif
 # endif
 
 int OPENSSL_issetugid(void)
 {
-# ifdef AT_SECURE
+# ifdef OSSL_IMPLEMENT_GETAUXVAL
     return getauxval(AT_SECURE) != 0;
 # else
     return getuid() != geteuid() || getgid() != getegid();
diff --git a/deps/openssl/openssl/crypto/x509/x509_vfy.c b/deps/openssl/openssl/crypto/x509/x509_vfy.c
index 61e81922b4..4ced716e36 100644
--- a/deps/openssl/openssl/crypto/x509/x509_vfy.c
+++ b/deps/openssl/openssl/crypto/x509/x509_vfy.c
@@ -3232,12 +3232,19 @@ static int check_key_level(X509_STORE_CTX *ctx, X509 *cert)
     EVP_PKEY *pkey = X509_get0_pubkey(cert);
     int level = ctx->param->auth_level;
 
+    /*
+     * At security level zero, return without checking for a supported public
+     * key type.  Some engines support key types not understood outside the
+     * engine, and we only need to understand the key when enforcing a security
+     * floor.
+     */
+    if (level <= 0)
+        return 1;
+
     /* Unsupported or malformed keys are not secure */
     if (pkey == NULL)
         return 0;
 
-    if (level <= 0)
-        return 1;
     if (level > NUM_AUTH_LEVELS)
         level = NUM_AUTH_LEVELS;
 
diff --git a/deps/openssl/openssl/crypto/x509/x_crl.c b/deps/openssl/openssl/crypto/x509/x_crl.c
index 10733b58bc..12ab3cca42 100644
--- a/deps/openssl/openssl/crypto/x509/x_crl.c
+++ b/deps/openssl/openssl/crypto/x509/x_crl.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -158,6 +158,18 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
     int idx;
 
     switch (operation) {
+    case ASN1_OP_D2I_PRE:
+        if (crl->meth->crl_free) {
+            if (!crl->meth->crl_free(crl))
+                return 0;
+        }
+        AUTHORITY_KEYID_free(crl->akid);
+        ISSUING_DIST_POINT_free(crl->idp);
+        ASN1_INTEGER_free(crl->crl_number);
+        ASN1_INTEGER_free(crl->base_crl_number);
+        sk_GENERAL_NAMES_pop_free(crl->issuers, GENERAL_NAMES_free);
+        /* fall thru */
+
     case ASN1_OP_NEW_POST:
         crl->idp = NULL;
         crl->akid = NULL;
diff --git a/deps/openssl/openssl/crypto/x509/x_pubkey.c b/deps/openssl/openssl/crypto/x509/x_pubkey.c
index d050b0b4b3..1c87b8268e 100644
--- a/deps/openssl/openssl/crypto/x509/x_pubkey.c
+++ b/deps/openssl/openssl/crypto/x509/x_pubkey.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -36,6 +36,7 @@ static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
         /* Attempt to decode public key and cache in pubkey structure. */
         X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval;
         EVP_PKEY_free(pubkey->pkey);
+        pubkey->pkey = NULL;
         /*
          * Opportunistically decode the key but remove any non fatal errors
          * from the queue. Subsequent explicit attempts to decode/use the key
diff --git a/deps/openssl/openssl/crypto/x509/x_x509.c b/deps/openssl/openssl/crypto/x509/x_x509.c
index 4c04f12c94..afe59c46c5 100644
--- a/deps/openssl/openssl/crypto/x509/x_x509.c
+++ b/deps/openssl/openssl/crypto/x509/x_x509.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -40,12 +40,35 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
 
     switch (operation) {
 
+    case ASN1_OP_D2I_PRE:
+        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
+        X509_CERT_AUX_free(ret->aux);
+        ASN1_OCTET_STRING_free(ret->skid);
+        AUTHORITY_KEYID_free(ret->akid);
+        CRL_DIST_POINTS_free(ret->crldp);
+        policy_cache_free(ret->policy_cache);
+        GENERAL_NAMES_free(ret->altname);
+        NAME_CONSTRAINTS_free(ret->nc);
+#ifndef OPENSSL_NO_RFC3779
+        sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free);
+        ASIdentifiers_free(ret->rfc3779_asid);
+#endif
+
+        /* fall thru */
+
     case ASN1_OP_NEW_POST:
+        ret->ex_cached = 0;
+        ret->ex_kusage = 0;
+        ret->ex_xkusage = 0;
+        ret->ex_nscert = 0;
         ret->ex_flags = 0;
         ret->ex_pathlen = -1;
         ret->ex_pcpathlen = -1;
         ret->skid = NULL;
         ret->akid = NULL;
+        ret->policy_cache = NULL;
+        ret->altname = NULL;
+        ret->nc = NULL;
 #ifndef OPENSSL_NO_RFC3779
         ret->rfc3779_addr = NULL;
         ret->rfc3779_asid = NULL;
diff --git a/deps/openssl/openssl/demos/bio/accept.cnf b/deps/openssl/openssl/demos/bio/accept.cnf
index eb6965832f..cb0cefba75 100644
--- a/deps/openssl/openssl/demos/bio/accept.cnf
+++ b/deps/openssl/openssl/demos/bio/accept.cnf
@@ -6,7 +6,7 @@ Port = 4433
 # Only support 3 curves
 Curves = P-521:P-384:P-256
 # Restricted signature algorithms
-SignatureAlgorithms = RSA+SHA512:ECDSA+SHA512 
+SignatureAlgorithms = RSA+SHA512:ECDSA+SHA512
 Certificate=server.pem
 PrivateKey=server.pem
 ChainCAFile=root.pem
diff --git a/deps/openssl/openssl/demos/bio/connect.cnf b/deps/openssl/openssl/demos/bio/connect.cnf
index 4dee03c373..ab764403a4 100644
--- a/deps/openssl/openssl/demos/bio/connect.cnf
+++ b/deps/openssl/openssl/demos/bio/connect.cnf
@@ -6,4 +6,4 @@ Connect = localhost:4433
 # Only support 3 curves
 Curves = P-521:P-384:P-256
 # Restricted signature algorithms
-SignatureAlgorithms = RSA+SHA512:ECDSA+SHA512 
+SignatureAlgorithms = RSA+SHA512:ECDSA+SHA512
diff --git a/deps/openssl/openssl/demos/bio/descrip.mms b/deps/openssl/openssl/demos/bio/descrip.mms
index 8e127b079a..d49725ffd1 100644
--- a/deps/openssl/openssl/demos/bio/descrip.mms
+++ b/deps/openssl/openssl/demos/bio/descrip.mms
@@ -23,7 +23,7 @@ SHARED = TRUE
 	@ !
 
 # Because we use an option file, we need to redefine this
-.obj.exe : 
+.obj.exe :
 	$(LINK) $(LINKFLAGS) $<,OPT:/OPT
 
 all : client-arg.exe client-conf.exe saccept.exe sconnect.exe -
diff --git a/deps/openssl/openssl/demos/certs/README b/deps/openssl/openssl/demos/certs/README
index 126663a1d8..fde832eb2f 100644
--- a/deps/openssl/openssl/demos/certs/README
+++ b/deps/openssl/openssl/demos/certs/README
@@ -8,7 +8,7 @@ automatically using scripts. Example creates a root CA, an intermediate CA
 signed by the root and several certificates signed by the intermediate CA.
 
 The script then creates an empty index.txt file and adds entries for the
-certificates and generates a CRL. Then one certificate is revoked and a 
+certificates and generates a CRL. Then one certificate is revoked and a
 second CRL generated.
 
 The script ocsprun.sh runs the test responder on port 8888 covering the
diff --git a/deps/openssl/openssl/demos/certs/apps/mkxcerts.sh b/deps/openssl/openssl/demos/certs/apps/mkxcerts.sh
index 0f88a48fb8..ebe1920432 100644
--- a/deps/openssl/openssl/demos/certs/apps/mkxcerts.sh
+++ b/deps/openssl/openssl/demos/certs/apps/mkxcerts.sh
@@ -13,7 +13,7 @@ CN="OpenSSL Test RSA SHA-512 cert" $OPENSSL req \
 	-config apps.cnf -extensions usr_cert -x509 -nodes \
 	-keyout tsha512.pem -out tsha512.pem -new -days 3650 -sha512
 
-# Create EC parameters 
+# Create EC parameters
 
 $OPENSSL ecparam -name P-256 -out ecp256.pem
 $OPENSSL ecparam -name P-384 -out ecp384.pem
diff --git a/deps/openssl/openssl/demos/certs/mkcerts.sh b/deps/openssl/openssl/demos/certs/mkcerts.sh
index 18daa6bcfb..2d14a95989 100644
--- a/deps/openssl/openssl/demos/certs/mkcerts.sh
+++ b/deps/openssl/openssl/demos/certs/mkcerts.sh
@@ -42,7 +42,7 @@ CN="Test OCSP Responder Cert" $OPENSSL req -config ca.cnf -nodes \
 $OPENSSL x509 -req -in respreq.pem -CA intca.pem -CAkey intkey.pem -days 3600 \
 	-extfile ca.cnf -extensions ocsp_cert -CAcreateserial -out resp.pem
 
-# Example creating a PKCS#3 DH certificate. 
+# Example creating a PKCS#3 DH certificate.
 
 # First DH parameters
 
diff --git a/deps/openssl/openssl/doc/HOWTO/certificates.txt b/deps/openssl/openssl/doc/HOWTO/certificates.txt
index c2efdca8dc..cfd2bdabb1 100644
--- a/deps/openssl/openssl/doc/HOWTO/certificates.txt
+++ b/deps/openssl/openssl/doc/HOWTO/certificates.txt
@@ -106,5 +106,5 @@ some applications, you don't even have to do that.
 By now, you have your certificate and your private key and can start
 using applications that depend on it.
 
--- 
+--
 Richard Levitte
diff --git a/deps/openssl/openssl/doc/HOWTO/proxy_certificates.txt b/deps/openssl/openssl/doc/HOWTO/proxy_certificates.txt
index 18b3e0340f..2936cd6e51 100644
--- a/deps/openssl/openssl/doc/HOWTO/proxy_certificates.txt
+++ b/deps/openssl/openssl/doc/HOWTO/proxy_certificates.txt
@@ -315,5 +315,5 @@ certificates checked properly, using the code above:
   SSL_CTX_set_cert_verify_callback(s_ctx, my_X509_verify_cert, &needed_rights);
 
 
--- 
+--
 Richard Levitte
diff --git a/deps/openssl/openssl/doc/fingerprints.txt b/deps/openssl/openssl/doc/fingerprints.txt
index 2cb74aec27..51e76c8f71 100644
--- a/deps/openssl/openssl/doc/fingerprints.txt
+++ b/deps/openssl/openssl/doc/fingerprints.txt
@@ -18,7 +18,7 @@ uid                  Richard Levitte <richard@opensslfoundation.com>
 uid                  Richard Levitte <levitte@openssl.org>
 uid                  Richard Levitte <richard@openssl.com>
 
-pub   2048R/0E604491 2013-04-30            
+pub   2048R/0E604491 2013-04-30
       Key fingerprint = 8657 ABB2 60F0 56B1 E519 0839 D9C4 D26D 0E60 4491
 uid                  Matt Caswell <matt@openssl.org>
 uid                  Matt Caswell <frodo@baggins.org>
diff --git a/deps/openssl/openssl/doc/man1/ca.pod b/deps/openssl/openssl/doc/man1/ca.pod
index e998eabf83..7385a00941 100644
--- a/deps/openssl/openssl/doc/man1/ca.pod
+++ b/deps/openssl/openssl/doc/man1/ca.pod
@@ -230,7 +230,7 @@ The section of the configuration file containing certificate extensions
 to be added when a certificate is issued (defaults to B<x509_extensions>
 unless the B<-extfile> option is used). If no extension section is
 present then, a V1 certificate is created. If the extension section
-is present (even if it is empty), then a V3 certificate is created. See the:w
+is present (even if it is empty), then a V3 certificate is created. See the
 L<x509v3_config(5)> manual page for details of the
 extension section format.
 
@@ -475,7 +475,7 @@ the B<-selfsign> command line option.
 
 Note that it is valid in some circumstances for certificates to be created
 without any subject. In the case where there are multiple certificates without
-subjects this does not count as a duplicate. 
+subjects this does not count as a duplicate.
 
 =item B<serial>
 
@@ -753,7 +753,7 @@ L<config(5)>, L<x509v3_config(5)>
 
 =head1 COPYRIGHT
 
-Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/deps/openssl/openssl/doc/man1/ciphers.pod b/deps/openssl/openssl/doc/man1/ciphers.pod
index 3aea982384..faf9e53814 100644
--- a/deps/openssl/openssl/doc/man1/ciphers.pod
+++ b/deps/openssl/openssl/doc/man1/ciphers.pod
@@ -762,7 +762,7 @@ The B<-V> option for the B<ciphers> command was added in OpenSSL 1.0.0.
 The B<-stdname> is only available if OpenSSL is built with tracing enabled
 (B<enable-ssl-trace> argument to Configure) before OpenSSL 1.1.1.
 
-The B<-convert> was added in OpenSSL 1.1.1.
+The B<-convert> option was added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man1/cms.pod b/deps/openssl/openssl/doc/man1/cms.pod
index 60ee3b505e..72cd9b5d4e 100644
--- a/deps/openssl/openssl/doc/man1/cms.pod
+++ b/deps/openssl/openssl/doc/man1/cms.pod
@@ -724,14 +724,14 @@ No revocation checking is done on the signer's certificate.
 The use of multiple B<-signer> options and the B<-resign> command were first
 added in OpenSSL 1.0.0.
 
-The B<keyopt> option was first added in OpenSSL 1.0.2.
+The B<keyopt> option was added in OpenSSL 1.0.2.
 
-Support for RSA-OAEP and RSA-PSS was first added to OpenSSL 1.0.2.
+Support for RSA-OAEP and RSA-PSS was added in OpenSSL 1.0.2.
 
-The use of non-RSA keys with B<-encrypt> and B<-decrypt> was first added
-to OpenSSL 1.0.2.
+The use of non-RSA keys with B<-encrypt> and B<-decrypt>
+was added in OpenSSL 1.0.2.
 
-The -no_alt_chains options was first added to OpenSSL 1.0.2b.
+The -no_alt_chains option was added in OpenSSL 1.0.2b.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man1/dgst.pod b/deps/openssl/openssl/doc/man1/dgst.pod
index 47e163b170..66a6697eb1 100644
--- a/deps/openssl/openssl/doc/man1/dgst.pod
+++ b/deps/openssl/openssl/doc/man1/dgst.pod
@@ -230,12 +230,12 @@ prior to verification.
 
 =head1 HISTORY
 
-The default digest was changed from MD5 to SHA256 in OpenSSL 1.1.0
-The FIPS-related options were removed in OpenSSL 1.1.0
+The default digest was changed from MD5 to SHA256 in OpenSSL 1.1.0.
+The FIPS-related options were removed in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/deps/openssl/openssl/doc/man1/ec.pod b/deps/openssl/openssl/doc/man1/ec.pod
index 0b836603ca..4d368e20ae 100644
--- a/deps/openssl/openssl/doc/man1/ec.pod
+++ b/deps/openssl/openssl/doc/man1/ec.pod
@@ -101,10 +101,6 @@ Prints out the public, private key components and parameters.
 
 This option prevents output of the encoded version of the key.
 
-=item B<-modulus>
-
-This option prints out the value of the public key component of the key.
-
 =item B<-pubin>
 
 By default, a private key is read from the input file. With this option a
@@ -197,7 +193,7 @@ L<ecparam(1)>, L<dsa(1)>, L<rsa(1)>
 
 =head1 COPYRIGHT
 
-Copyright 2003-2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2003-2019 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/deps/openssl/openssl/doc/man1/enc.pod b/deps/openssl/openssl/doc/man1/enc.pod
index 2136a94978..a3e0b03b20 100644
--- a/deps/openssl/openssl/doc/man1/enc.pod
+++ b/deps/openssl/openssl/doc/man1/enc.pod
@@ -417,7 +417,7 @@ certain parameters. So if, for example, you want to use RC2 with a
 
 =head1 HISTORY
 
-The default digest was changed from MD5 to SHA256 in Openssl 1.1.0.
+The default digest was changed from MD5 to SHA256 in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man1/genpkey.pod b/deps/openssl/openssl/doc/man1/genpkey.pod
index fa62973abd..202e531c7e 100644
--- a/deps/openssl/openssl/doc/man1/genpkey.pod
+++ b/deps/openssl/openssl/doc/man1/genpkey.pod
@@ -319,9 +319,9 @@ Generate an ED448 private key:
 =head1 HISTORY
 
 The ability to use NIST curve names, and to generate an EC key directly,
-were added in OpenSSL 1.0.2. The ability to generate X25519 keys was added in
-OpenSSL 1.1.0. The ability to generate X448, ED25519 and ED448 keys was added in
-OpenSSL 1.1.1.
+were added in OpenSSL 1.0.2.
+The ability to generate X25519 keys was added in OpenSSL 1.1.0.
+The ability to generate X448, ED25519 and ED448 keys was added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man1/ocsp.pod b/deps/openssl/openssl/doc/man1/ocsp.pod
index c9feef8f0e..736055b1b6 100644
--- a/deps/openssl/openssl/doc/man1/ocsp.pod
+++ b/deps/openssl/openssl/doc/man1/ocsp.pod
@@ -486,7 +486,7 @@ to a second file.
 
 =head1 HISTORY
 
-The -no_alt_chains options was first added to OpenSSL 1.1.0.
+The -no_alt_chains option was added in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man1/pkcs12.pod b/deps/openssl/openssl/doc/man1/pkcs12.pod
index 3389e595fe..6f890c120f 100644
--- a/deps/openssl/openssl/doc/man1/pkcs12.pod
+++ b/deps/openssl/openssl/doc/man1/pkcs12.pod
@@ -154,7 +154,8 @@ Don't attempt to verify the integrity MAC before reading the file.
 
 Prompt for separate integrity and encryption passwords: most software
 always assumes these are the same so this option will render such
-PKCS#12 files unreadable.
+PKCS#12 files unreadable. Cannot be used in combination with the options
+-password, -passin (if importing) or -passout (if exporting).
 
 =back
 
@@ -381,7 +382,7 @@ L<pkcs8(1)>
 
 =head1 COPYRIGHT
 
-Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/deps/openssl/openssl/doc/man1/pkcs8.pod b/deps/openssl/openssl/doc/man1/pkcs8.pod
index 9c923b87c9..b079885d2f 100644
--- a/deps/openssl/openssl/doc/man1/pkcs8.pod
+++ b/deps/openssl/openssl/doc/man1/pkcs8.pod
@@ -305,7 +305,7 @@ L<gendsa(1)>
 
 =head1 HISTORY
 
-The B<-iter> option was added to OpenSSL 1.1.0.
+The B<-iter> option was added in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man1/req.pod b/deps/openssl/openssl/doc/man1/req.pod
index c76d63d6fd..a9b5b1690a 100644
--- a/deps/openssl/openssl/doc/man1/req.pod
+++ b/deps/openssl/openssl/doc/man1/req.pod
@@ -502,7 +502,7 @@ The actual permitted field names are any object identifier short or
 long names. These are compiled into OpenSSL and include the usual
 values such as commonName, countryName, localityName, organizationName,
 organizationalUnitName, stateOrProvinceName. Additionally emailAddress
-is include as well as name, surname, givenName initials and dnQualifier.
+is included as well as name, surname, givenName, initials, and dnQualifier.
 
 Additional object identifiers can be defined with the B<oid_file> or
 B<oid_section> options in the configuration file. Any additional fields
diff --git a/deps/openssl/openssl/doc/man1/s_client.pod b/deps/openssl/openssl/doc/man1/s_client.pod
index fa5cb0a92d..55278ac1e7 100644
--- a/deps/openssl/openssl/doc/man1/s_client.pod
+++ b/deps/openssl/openssl/doc/man1/s_client.pod
@@ -100,6 +100,7 @@ B<openssl> B<s_client>
 [B<-dtls1>]
 [B<-dtls1_2>]
 [B<-sctp>]
+[B<-sctp_label_bug>]
 [B<-fallback_scsv>]
 [B<-async>]
 [B<-max_send_frag>]
@@ -190,14 +191,17 @@ Use IPv6 only.
 =item B<-servername name>
 
 Set the TLS SNI (Server Name Indication) extension in the ClientHello message to
-the given value. If both this option and the B<-noservername> are not given, the
-TLS SNI extension is still set to the hostname provided to the B<-connect> option,
-or "localhost" if B<-connect> has not been supplied. This is default since OpenSSL
-1.1.1.
+the given value.
+If B<-servername> is not provided, the TLS SNI extension will be populated with
+the name given to B<-connect> if it follows a DNS name format. If B<-connect> is
+not provided either, the SNI is set to "localhost".
+This is the default since OpenSSL 1.1.1.
 
-Even though SNI name should normally be a DNS name and not an IP address, this
-option will not make the distinction when parsing B<-connect> and will send
-IP address if one passed.
+Even though SNI should normally be a DNS name and not an IP address, if
+B<-servername> is provided then that name will be sent, regardless of whether
+it is a DNS name or not.
+
+This option cannot be used in conjuction with B<-noservername>.
 
 =item B<-noservername>
 
@@ -489,6 +493,14 @@ Use SCTP for the transport protocol instead of UDP in DTLS. Must be used in
 conjunction with B<-dtls>, B<-dtls1> or B<-dtls1_2>. This option is only
 available where OpenSSL has support for SCTP enabled.
 
+=item B<-sctp_label_bug>
+
+Use the incorrect behaviour of older OpenSSL implementations when computing
+endpoint-pair shared secrets for DTLS/SCTP. This allows communication with
+older broken implementations but breaks interoperability with correct
+implementations. Must be used in conjunction with B<-sctp>. This option is only
+available where OpenSSL has support for SCTP enabled.
+
 =item B<-fallback_scsv>
 
 Send TLS_FALLBACK_SCSV in the ClientHello.
@@ -811,12 +823,12 @@ L<SSL_CTX_set_max_pipelines(3)>
 
 =head1 HISTORY
 
-The B<-no_alt_chains> option was first added to OpenSSL 1.1.0.
+The B<-no_alt_chains> option was added in OpenSSL 1.1.0.
 The B<-name> option was added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/deps/openssl/openssl/doc/man1/s_server.pod b/deps/openssl/openssl/doc/man1/s_server.pod
index f4c4eda353..c4c014fdc1 100644
--- a/deps/openssl/openssl/doc/man1/s_server.pod
+++ b/deps/openssl/openssl/doc/man1/s_server.pod
@@ -98,6 +98,7 @@ B<openssl> B<s_server>
 [B<-no_comp>]
 [B<-comp>]
 [B<-no_ticket>]
+[B<-num_tickets>]
 [B<-serverpref>]
 [B<-legacy_renegotiation>]
 [B<-no_renegotiation>]
@@ -172,6 +173,7 @@ B<openssl> B<s_server>
 [B<-dtls1>]
 [B<-dtls1_2>]
 [B<-sctp>]
+[B<-sctp_label_bug>]
 [B<-no_dhe>]
 [B<-nextprotoneg val>]
 [B<-use_srtp val>]
@@ -558,7 +560,14 @@ OpenSSL 1.1.0.
 
 =item B<-no_ticket>
 
-Disable RFC4507bis session ticket support.
+Disable RFC4507bis session ticket support. This option has no effect if TLSv1.3
+is negotiated. See B<-num_tickets>.
+
+=item B<-num_tickets>
+
+Control the number of tickets that will be sent to the client after a full
+handshake in TLSv1.3. The default number of tickets is 2. This option does not
+affect the number of tickets sent after a resumption handshake.
 
 =item B<-serverpref>
 
@@ -677,6 +686,14 @@ Use SCTP for the transport protocol instead of UDP in DTLS. Must be used in
 conjunction with B<-dtls>, B<-dtls1> or B<-dtls1_2>. This option is only
 available where OpenSSL has support for SCTP enabled.
 
+=item B<-sctp_label_bug>
+
+Use the incorrect behaviour of older OpenSSL implementations when computing
+endpoint-pair shared secrets for DTLS/SCTP. This allows communication with
+older broken implementations but breaks interoperability with correct
+implementations. Must be used in conjunction with B<-sctp>. This option is only
+available where OpenSSL has support for SCTP enabled.
+
 =item B<-no_dhe>
 
 If this option is set then no DH parameters will be loaded effectively
@@ -817,18 +834,18 @@ unknown cipher suites a client says it supports.
 L<SSL_CONF_cmd(3)>, L<sess_id(1)>, L<s_client(1)>, L<ciphers(1)>
 L<SSL_CTX_set_max_send_fragment(3)>,
 L<SSL_CTX_set_split_send_fragment(3)>,
-L<SSL_CTX_set_max_pipelines(3)> 
+L<SSL_CTX_set_max_pipelines(3)>
 
 =head1 HISTORY
 
-The -no_alt_chains option was first added to OpenSSL 1.1.0.
+The -no_alt_chains option was added in OpenSSL 1.1.0.
 
-The -allow-no-dhe-kex and -prioritize_chacha options were first added to
-OpenSSL 1.1.1.
+The
+-allow-no-dhe-kex and -prioritize_chacha options were added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/deps/openssl/openssl/doc/man1/smime.pod b/deps/openssl/openssl/doc/man1/smime.pod
index 0acdd08254..7f224fdc5e 100644
--- a/deps/openssl/openssl/doc/man1/smime.pod
+++ b/deps/openssl/openssl/doc/man1/smime.pod
@@ -510,7 +510,7 @@ structures may cause parsing errors.
 The use of multiple B<-signer> options and the B<-resign> command were first
 added in OpenSSL 1.0.0
 
-The -no_alt_chains options was first added to OpenSSL 1.1.0.
+The -no_alt_chains option was added in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man1/storeutl.pod b/deps/openssl/openssl/doc/man1/storeutl.pod
index 083f028246..a8d82bfb61 100644
--- a/deps/openssl/openssl/doc/man1/storeutl.pod
+++ b/deps/openssl/openssl/doc/man1/storeutl.pod
@@ -119,7 +119,7 @@ L<openssl(1)>
 
 =head1 HISTORY
 
-B<openssl> B<storeutl> was added to OpenSSL 1.1.1.
+The B<openssl> B<storeutl> app was added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man1/verify.pod b/deps/openssl/openssl/doc/man1/verify.pod
index b67890af3c..63ba850b91 100644
--- a/deps/openssl/openssl/doc/man1/verify.pod
+++ b/deps/openssl/openssl/doc/man1/verify.pod
@@ -762,7 +762,7 @@ L<x509(1)>
 
 =head1 HISTORY
 
-The B<-show_chain> option was first added to OpenSSL 1.1.0.
+The B<-show_chain> option was added in OpenSSL 1.1.0.
 
 The B<-issuer_checks> option is deprecated as of OpenSSL 1.1.0 and
 is silently ignored.
diff --git a/deps/openssl/openssl/doc/man1/x509.pod b/deps/openssl/openssl/doc/man1/x509.pod
index 547da5da23..7878753414 100644
--- a/deps/openssl/openssl/doc/man1/x509.pod
+++ b/deps/openssl/openssl/doc/man1/x509.pod
@@ -173,7 +173,7 @@ options. See the B<TEXT OPTIONS> section for more information.
 
 =item B<-noout>
 
-This option prevents output of the encoded version of the request.
+This option prevents output of the encoded version of the certificate.
 
 =item B<-pubkey>
 
@@ -925,7 +925,7 @@ the old form must have their links rebuilt using B<c_rehash> or similar.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/deps/openssl/openssl/doc/man3/ASN1_INTEGER_get_int64.pod b/deps/openssl/openssl/doc/man3/ASN1_INTEGER_get_int64.pod
index d0a6a3c810..9b73290742 100644
--- a/deps/openssl/openssl/doc/man3/ASN1_INTEGER_get_int64.pod
+++ b/deps/openssl/openssl/doc/man3/ASN1_INTEGER_get_int64.pod
@@ -119,7 +119,7 @@ L<ERR_get_error(3)>
 
 ASN1_INTEGER_set_int64(), ASN1_INTEGER_get_int64(),
 ASN1_ENUMERATED_set_int64() and ASN1_ENUMERATED_get_int64()
-were added to OpenSSL 1.1.0.
+were added in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/ASYNC_WAIT_CTX_new.pod b/deps/openssl/openssl/doc/man3/ASYNC_WAIT_CTX_new.pod
index 204280210e..e4d809c08f 100644
--- a/deps/openssl/openssl/doc/man3/ASYNC_WAIT_CTX_new.pod
+++ b/deps/openssl/openssl/doc/man3/ASYNC_WAIT_CTX_new.pod
@@ -127,10 +127,10 @@ L<crypto(7)>, L<ASYNC_start_job(3)>
 
 =head1 HISTORY
 
-ASYNC_WAIT_CTX_new, ASYNC_WAIT_CTX_free, ASYNC_WAIT_CTX_set_wait_fd,
-ASYNC_WAIT_CTX_get_fd, ASYNC_WAIT_CTX_get_all_fds,
-ASYNC_WAIT_CTX_get_changed_fds, ASYNC_WAIT_CTX_clear_fd were first added to
-OpenSSL 1.1.0.
+ASYNC_WAIT_CTX_new(), ASYNC_WAIT_CTX_free(), ASYNC_WAIT_CTX_set_wait_fd(),
+ASYNC_WAIT_CTX_get_fd(), ASYNC_WAIT_CTX_get_all_fds(),
+ASYNC_WAIT_CTX_get_changed_fds() and ASYNC_WAIT_CTX_clear_fd()
+were added in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/ASYNC_start_job.pod b/deps/openssl/openssl/doc/man3/ASYNC_start_job.pod
index 21b77a96b9..9bd1044b26 100644
--- a/deps/openssl/openssl/doc/man3/ASYNC_start_job.pod
+++ b/deps/openssl/openssl/doc/man3/ASYNC_start_job.pod
@@ -317,7 +317,7 @@ L<crypto(7)>, L<ERR_print_errors(3)>
 ASYNC_init_thread, ASYNC_cleanup_thread,
 ASYNC_start_job, ASYNC_pause_job, ASYNC_get_current_job, ASYNC_get_wait_ctx(),
 ASYNC_block_pause(), ASYNC_unblock_pause() and ASYNC_is_capable() were first
-added to OpenSSL 1.1.0.
+added in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/BIO_new_CMS.pod b/deps/openssl/openssl/doc/man3/BIO_new_CMS.pod
index b06c224f71..f8d4c3bde6 100644
--- a/deps/openssl/openssl/doc/man3/BIO_new_CMS.pod
+++ b/deps/openssl/openssl/doc/man3/BIO_new_CMS.pod
@@ -61,7 +61,7 @@ L<CMS_encrypt(3)>
 
 =head1 HISTORY
 
-BIO_new_CMS() was added to OpenSSL 1.0.0
+The BIO_new_CMS() function was added in OpenSSL 1.0.0.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/BN_generate_prime.pod b/deps/openssl/openssl/doc/man3/BN_generate_prime.pod
index b505841832..b6e9145106 100644
--- a/deps/openssl/openssl/doc/man3/BN_generate_prime.pod
+++ b/deps/openssl/openssl/doc/man3/BN_generate_prime.pod
@@ -197,8 +197,8 @@ L<RSA_generate_key(3)>, L<ERR_get_error(3)>, L<RAND_bytes(3)>
 
 =head1 HISTORY
 
-BN_GENCB_new(), BN_GENCB_free(),
-and BN_GENCB_get_arg() were added in OpenSSL 1.1.0
+The BN_GENCB_new(), BN_GENCB_free(),
+and BN_GENCB_get_arg() functions were added in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/BN_rand.pod b/deps/openssl/openssl/doc/man3/BN_rand.pod
index eb0a6b1386..90b50ffc31 100644
--- a/deps/openssl/openssl/doc/man3/BN_rand.pod
+++ b/deps/openssl/openssl/doc/man3/BN_rand.pod
@@ -73,7 +73,8 @@ a future release.
 
 =item *
 
-BN_priv_rand() and BN_priv_rand_range() were added in OpenSSL 1.1.1.
+The
+BN_priv_rand() and BN_priv_rand_range() functions were added in OpenSSL 1.1.1.
 
 =back
 
diff --git a/deps/openssl/openssl/doc/man3/BN_security_bits.pod b/deps/openssl/openssl/doc/man3/BN_security_bits.pod
index 1aed85a71a..f6e5857a4e 100644
--- a/deps/openssl/openssl/doc/man3/BN_security_bits.pod
+++ b/deps/openssl/openssl/doc/man3/BN_security_bits.pod
@@ -33,7 +33,7 @@ function. The symmetric algorithms are not covered neither.
 
 =head1 HISTORY
 
-BN_security_bits() was added in OpenSSL 1.1.0.
+The BN_security_bits() function was added in OpenSSL 1.1.0.
 
 =head1 SEE ALSO
 
diff --git a/deps/openssl/openssl/doc/man3/BUF_MEM_new.pod b/deps/openssl/openssl/doc/man3/BUF_MEM_new.pod
index 61922502a3..0c68f3776f 100644
--- a/deps/openssl/openssl/doc/man3/BUF_MEM_new.pod
+++ b/deps/openssl/openssl/doc/man3/BUF_MEM_new.pod
@@ -61,7 +61,7 @@ L<CRYPTO_secure_malloc(3)>.
 
 =head1 HISTORY
 
-BUF_MEM_new_ex() was added in OpenSSL 1.1.0.
+The BUF_MEM_new_ex() function was added in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/CMS_get0_type.pod b/deps/openssl/openssl/doc/man3/CMS_get0_type.pod
index cad8d3f662..bc38a09bdc 100644
--- a/deps/openssl/openssl/doc/man3/CMS_get0_type.pod
+++ b/deps/openssl/openssl/doc/man3/CMS_get0_type.pod
@@ -16,11 +16,12 @@ CMS_get0_type, CMS_set1_eContentType, CMS_get0_eContentType, CMS_get0_content -
 =head1 DESCRIPTION
 
 CMS_get0_type() returns the content type of a CMS_ContentInfo structure as
-and ASN1_OBJECT pointer. An application can then decide how to process the
+an ASN1_OBJECT pointer. An application can then decide how to process the
 CMS_ContentInfo structure based on this value.
 
 CMS_set1_eContentType() sets the embedded content type of a CMS_ContentInfo
-structure. It should be called with CMS functions with the B<CMS_PARTIAL>
+structure. It should be called with CMS functions (such as L<CMS_sign>, L<CMS_encrypt>)
+with the B<CMS_PARTIAL>
 flag and B<before> the structure is finalised, otherwise the results are
 undefined.
 
@@ -60,7 +61,7 @@ embedded content as it is normally set by higher level functions.
 
 =head1 RETURN VALUES
 
-CMS_get0_type() and CMS_get0_eContentType() return and ASN1_OBJECT structure.
+CMS_get0_type() and CMS_get0_eContentType() return an ASN1_OBJECT structure.
 
 CMS_set1_eContentType() returns 1 for success or 0 if an error occurred.  The
 error can be obtained from ERR_get_error(3).
@@ -71,7 +72,7 @@ L<ERR_get_error(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/deps/openssl/openssl/doc/man3/CONF_modules_load_file.pod b/deps/openssl/openssl/doc/man3/CONF_modules_load_file.pod
index ecf294a2c6..485cf797b1 100644
--- a/deps/openssl/openssl/doc/man3/CONF_modules_load_file.pod
+++ b/deps/openssl/openssl/doc/man3/CONF_modules_load_file.pod
@@ -28,13 +28,21 @@ reads configuration information from B<cnf>.
 
 The following B<flags> are currently recognized:
 
-B<CONF_MFLAGS_IGNORE_ERRORS> if set errors returned by individual
+If B<CONF_MFLAGS_IGNORE_ERRORS> is set errors returned by individual
 configuration modules are ignored. If not set the first module error is
 considered fatal and no further modules are loaded.
 
 Normally any modules errors will add error information to the error queue. If
 B<CONF_MFLAGS_SILENT> is set no error information is added.
 
+If B<CONF_MFLAGS_IGNORE_RETURN_CODES> is set the function unconditionally
+returns success.
+This is used by default in L<OPENSSL_init_crypto(3)> to ignore any errors in
+the default system-wide configuration file, as having all OpenSSL applications
+fail to start when there are potentially minor issues in the file is too risky.
+Applications calling B<CONF_modules_load_file> explicitly should not generally
+set this flag.
+
 If B<CONF_MFLAGS_NO_DSO> is set configuration module loading from DSOs is
 disabled.
 
@@ -126,7 +134,7 @@ L<config(5)>, L<OPENSSL_config(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2004-2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2004-2019 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/deps/openssl/openssl/doc/man3/CRYPTO_get_ex_new_index.pod b/deps/openssl/openssl/doc/man3/CRYPTO_get_ex_new_index.pod
index 4d5a2b93a0..b2d33ef90d 100644
--- a/deps/openssl/openssl/doc/man3/CRYPTO_get_ex_new_index.pod
+++ b/deps/openssl/openssl/doc/man3/CRYPTO_get_ex_new_index.pod
@@ -100,7 +100,7 @@ to avoid likely double-free crashes.
 The function B<CRYPTO_free_ex_data> is used to free all exdata attached
 to a structure. The appropriate type-specific routine must be used.
 The B<class_index> identifies the structure type, the B<obj> is
-be the pointer to the actual structure, and B<r> is a pointer to the
+a pointer to the actual structure, and B<r> is a pointer to the
 structure's exdata field.
 
 =head2 Callback Functions
@@ -157,7 +157,7 @@ dup_func() should return 0 for failure and 1 for success.
 
 =head1 COPYRIGHT
 
-Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/deps/openssl/openssl/doc/man3/CTLOG_STORE_get0_log_by_id.pod b/deps/openssl/openssl/doc/man3/CTLOG_STORE_get0_log_by_id.pod
index 36063b62e8..86696a5594 100644
--- a/deps/openssl/openssl/doc/man3/CTLOG_STORE_get0_log_by_id.pod
+++ b/deps/openssl/openssl/doc/man3/CTLOG_STORE_get0_log_by_id.pod
@@ -35,7 +35,7 @@ L<CTLOG_STORE_new(3)>
 
 =head1 HISTORY
 
-This function was added in OpenSSL 1.1.0.
+The CTLOG_STORE_get0_log_by_id() function was added in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/DH_size.pod b/deps/openssl/openssl/doc/man3/DH_size.pod
index 3b65d7ea6d..3cbdbc67da 100644
--- a/deps/openssl/openssl/doc/man3/DH_size.pod
+++ b/deps/openssl/openssl/doc/man3/DH_size.pod
@@ -43,7 +43,7 @@ L<BN_num_bits(3)>
 
 =head1 HISTORY
 
-DH_bits() was added in OpenSSL 1.1.0.
+The DH_bits() function was added in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/DTLS_get_data_mtu.pod b/deps/openssl/openssl/doc/man3/DTLS_get_data_mtu.pod
index ab7147217a..81b945f134 100644
--- a/deps/openssl/openssl/doc/man3/DTLS_get_data_mtu.pod
+++ b/deps/openssl/openssl/doc/man3/DTLS_get_data_mtu.pod
@@ -22,7 +22,7 @@ Returns the maximum data payload size on success, or 0 on failure.
 
 =head1 HISTORY
 
-This function was added in OpenSSL 1.1.1
+The DTLS_get_data_mtu() function was added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/DTLS_set_timer_cb.pod b/deps/openssl/openssl/doc/man3/DTLS_set_timer_cb.pod
index 6e1347213e..c5154dca35 100644
--- a/deps/openssl/openssl/doc/man3/DTLS_set_timer_cb.pod
+++ b/deps/openssl/openssl/doc/man3/DTLS_set_timer_cb.pod
@@ -26,7 +26,7 @@ Returns void.
 
 =head1 HISTORY
 
-This function was added in OpenSSL 1.1.1
+The DTLS_set_timer_cb() function was added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/DTLSv1_listen.pod b/deps/openssl/openssl/doc/man3/DTLSv1_listen.pod
index 858e393161..76be40b68f 100644
--- a/deps/openssl/openssl/doc/man3/DTLSv1_listen.pod
+++ b/deps/openssl/openssl/doc/man3/DTLSv1_listen.pod
@@ -117,10 +117,10 @@ L<ssl(7)>, L<bio(7)>
 
 =head1 HISTORY
 
-SSL_stateless() was first added in OpenSSL 1.1.1.
+The SSL_stateless() function was added in OpenSSL 1.1.1.
 
-DTLSv1_listen() return codes were clarified in OpenSSL 1.1.0. The type of "peer"
-also changed in OpenSSL 1.1.0.
+The DTLSv1_listen() return codes were clarified in OpenSSL 1.1.0.
+The type of "peer" also changed in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/EC_GROUP_copy.pod b/deps/openssl/openssl/doc/man3/EC_GROUP_copy.pod
index ee20f9526a..7bf3500623 100644
--- a/deps/openssl/openssl/doc/man3/EC_GROUP_copy.pod
+++ b/deps/openssl/openssl/doc/man3/EC_GROUP_copy.pod
@@ -89,7 +89,7 @@ named curve form is used and the parameters must have a corresponding
 named curve NID set. If asn1_flags is B<OPENSSL_EC_EXPLICIT_CURVE> the
 parameters are explicitly encoded. The functions EC_GROUP_get_asn1_flag and
 EC_GROUP_set_asn1_flag get and set the status of the asn1_flag for the curve.
-Note: B<OPENSSL_EC_EXPLICIT_CURVE> was first added to OpenSSL 1.1.0, for
+Note: B<OPENSSL_EC_EXPLICIT_CURVE> was added in OpenSSL 1.1.0, for
 previous versions of OpenSSL the value 0 must be used instead. Before OpenSSL
 1.1.0 the default form was to use explicit parameters (meaning that
 applications would have to explicitly set the named curve form) in OpenSSL
@@ -175,7 +175,7 @@ and EC_GROUP_get_degree return the order, cofactor, curve name (NID), ASN1 flag,
 specified curve respectively. If there is no curve name associated with a curve then EC_GROUP_get_curve_name will return 0.
 
 EC_GROUP_get0_order() returns an internal pointer to the group order.
-EC_GROUP_get_order_bits() returns the number of bits in the group order.
+EC_GROUP_order_bits() returns the number of bits in the group order.
 EC_GROUP_get0_cofactor() returns an internal pointer to the group cofactor.
 
 EC_GROUP_get0_seed returns a pointer to the seed that was used to generate the parameter b, or NULL if the seed is not
diff --git a/deps/openssl/openssl/doc/man3/EVP_DigestInit.pod b/deps/openssl/openssl/doc/man3/EVP_DigestInit.pod
index 5ecbcc5e89..37bc10d380 100644
--- a/deps/openssl/openssl/doc/man3/EVP_DigestInit.pod
+++ b/deps/openssl/openssl/doc/man3/EVP_DigestInit.pod
@@ -369,15 +369,15 @@ L<EVP_whirlpool(3)>
 
 =head1 HISTORY
 
-EVP_MD_CTX_create() and EVP_MD_CTX_destroy() were renamed to
-EVP_MD_CTX_new() and EVP_MD_CTX_free() in OpenSSL 1.1.0.
+The EVP_MD_CTX_create() and EVP_MD_CTX_destroy() functions were renamed to
+EVP_MD_CTX_new() and EVP_MD_CTX_free() in OpenSSL 1.1.0, respectively.
 
 The link between digests and signing algorithms was fixed in OpenSSL 1.0 and
 later, so now EVP_sha1() can be used with RSA and DSA.
 
-EVP_dss1() was removed in OpenSSL 1.1.0.
+The EVP_dss1() function was removed in OpenSSL 1.1.0.
 
-EVP_MD_CTX_set_pkey_ctx() was added in 1.1.1.
+The EVP_MD_CTX_set_pkey_ctx() function was added in 1.1.1.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/EVP_DigestSignInit.pod b/deps/openssl/openssl/doc/man3/EVP_DigestSignInit.pod
index 773de87efa..7b74a23cbc 100644
--- a/deps/openssl/openssl/doc/man3/EVP_DigestSignInit.pod
+++ b/deps/openssl/openssl/doc/man3/EVP_DigestSignInit.pod
@@ -152,7 +152,7 @@ L<SHA1(3)>, L<dgst(1)>
 =head1 HISTORY
 
 EVP_DigestSignInit(), EVP_DigestSignUpdate() and EVP_DigestSignFinal()
-were first added to OpenSSL 1.0.0.
+were added in OpenSSL 1.0.0.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/EVP_DigestVerifyInit.pod b/deps/openssl/openssl/doc/man3/EVP_DigestVerifyInit.pod
index e93ac2ef08..98a0987a3a 100644
--- a/deps/openssl/openssl/doc/man3/EVP_DigestVerifyInit.pod
+++ b/deps/openssl/openssl/doc/man3/EVP_DigestVerifyInit.pod
@@ -98,7 +98,7 @@ L<SHA1(3)>, L<dgst(1)>
 =head1 HISTORY
 
 EVP_DigestVerifyInit(), EVP_DigestVerifyUpdate() and EVP_DigestVerifyFinal()
-were first added to OpenSSL 1.0.0.
+were added in OpenSSL 1.0.0.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/EVP_EncryptInit.pod b/deps/openssl/openssl/doc/man3/EVP_EncryptInit.pod
index 5fdbc33ac1..b43a3e5468 100644
--- a/deps/openssl/openssl/doc/man3/EVP_EncryptInit.pod
+++ b/deps/openssl/openssl/doc/man3/EVP_EncryptInit.pod
@@ -632,7 +632,7 @@ L<EVP_sm4(3)>
 
 =head1 HISTORY
 
-Support for OCB mode was added in OpenSSL 1.1.0
+Support for OCB mode was added in OpenSSL 1.1.0.
 
 B<EVP_CIPHER_CTX> was made opaque in OpenSSL 1.1.0.  As a result,
 EVP_CIPHER_CTX_reset() appeared and EVP_CIPHER_CTX_cleanup()
diff --git a/deps/openssl/openssl/doc/man3/EVP_PKEY_CTX_ctrl.pod b/deps/openssl/openssl/doc/man3/EVP_PKEY_CTX_ctrl.pod
index 4982e92053..75fad0f70c 100644
--- a/deps/openssl/openssl/doc/man3/EVP_PKEY_CTX_ctrl.pod
+++ b/deps/openssl/openssl/doc/man3/EVP_PKEY_CTX_ctrl.pod
@@ -359,7 +359,7 @@ B<param_enc> when generating EC parameters or an EC key. The encoding can be
 B<OPENSSL_EC_EXPLICIT_CURVE> for explicit parameters (the default in versions
 of OpenSSL before 1.1.0) or B<OPENSSL_EC_NAMED_CURVE> to use named curve form.
 For maximum compatibility the named curve form should be used. Note: the
-B<OPENSSL_EC_NAMED_CURVE> value was only added to OpenSSL 1.1.0; previous
+B<OPENSSL_EC_NAMED_CURVE> value was added in OpenSSL 1.1.0; previous
 versions should use 0 instead.
 
 =head2 ECDH parameters
@@ -439,8 +439,9 @@ L<EVP_PKEY_keygen(3)>
 
 =head1 HISTORY
 
+The
 EVP_PKEY_CTX_set1_id(), EVP_PKEY_CTX_get1_id() and EVP_PKEY_CTX_get1_id_len()
-macros were added in 1.1.1, other functions were first added to OpenSSL 1.0.0.
+macros were added in 1.1.1, other functions were added in OpenSSL 1.0.0.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/EVP_PKEY_CTX_new.pod b/deps/openssl/openssl/doc/man3/EVP_PKEY_CTX_new.pod
index eff94cd943..f01fc97522 100644
--- a/deps/openssl/openssl/doc/man3/EVP_PKEY_CTX_new.pod
+++ b/deps/openssl/openssl/doc/man3/EVP_PKEY_CTX_new.pod
@@ -48,7 +48,7 @@ L<EVP_PKEY_new(3)>
 
 =head1 HISTORY
 
-These functions were first added to OpenSSL 1.0.0.
+These functions were added in OpenSSL 1.0.0.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/EVP_PKEY_asn1_get_count.pod b/deps/openssl/openssl/doc/man3/EVP_PKEY_asn1_get_count.pod
index 9ad2daed4f..cd99e4d757 100644
--- a/deps/openssl/openssl/doc/man3/EVP_PKEY_asn1_get_count.pod
+++ b/deps/openssl/openssl/doc/man3/EVP_PKEY_asn1_get_count.pod
@@ -48,7 +48,7 @@ engine that implements it.
 
 EVP_PKEY_asn1_get0_info() returns the public key ID, base public key
 ID (both NIDs), any flags, the method description and PEM type string
-associated with the public key ASN.1 method B<*ameth>. 
+associated with the public key ASN.1 method B<*ameth>.
 
 EVP_PKEY_asn1_count(), EVP_PKEY_asn1_get0(), EVP_PKEY_asn1_find() and
 EVP_PKEY_asn1_find_str() are not thread safe, but as long as all
@@ -70,7 +70,7 @@ L<EVP_PKEY_asn1_new(3)>, L<EVP_PKEY_asn1_add0(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/deps/openssl/openssl/doc/man3/EVP_PKEY_decrypt.pod b/deps/openssl/openssl/doc/man3/EVP_PKEY_decrypt.pod
index 2a691a6177..2e3d266541 100644
--- a/deps/openssl/openssl/doc/man3/EVP_PKEY_decrypt.pod
+++ b/deps/openssl/openssl/doc/man3/EVP_PKEY_decrypt.pod
@@ -91,7 +91,7 @@ L<EVP_PKEY_derive(3)>
 
 =head1 HISTORY
 
-These functions were first added to OpenSSL 1.0.0.
+These functions were added in OpenSSL 1.0.0.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/EVP_PKEY_derive.pod b/deps/openssl/openssl/doc/man3/EVP_PKEY_derive.pod
index 8cd0b54740..a74065e31f 100644
--- a/deps/openssl/openssl/doc/man3/EVP_PKEY_derive.pod
+++ b/deps/openssl/openssl/doc/man3/EVP_PKEY_derive.pod
@@ -89,7 +89,7 @@ L<EVP_PKEY_verify_recover(3)>,
 
 =head1 HISTORY
 
-These functions were first added to OpenSSL 1.0.0.
+These functions were added in OpenSSL 1.0.0.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/EVP_PKEY_encrypt.pod b/deps/openssl/openssl/doc/man3/EVP_PKEY_encrypt.pod
index 4e9a34e740..3718910464 100644
--- a/deps/openssl/openssl/doc/man3/EVP_PKEY_encrypt.pod
+++ b/deps/openssl/openssl/doc/man3/EVP_PKEY_encrypt.pod
@@ -96,7 +96,7 @@ L<EVP_PKEY_derive(3)>
 
 =head1 HISTORY
 
-These functions were first added to OpenSSL 1.0.0.
+These functions were added in OpenSSL 1.0.0.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/EVP_PKEY_get_default_digest_nid.pod b/deps/openssl/openssl/doc/man3/EVP_PKEY_get_default_digest_nid.pod
index da76677044..ed52e9696c 100644
--- a/deps/openssl/openssl/doc/man3/EVP_PKEY_get_default_digest_nid.pod
+++ b/deps/openssl/openssl/doc/man3/EVP_PKEY_get_default_digest_nid.pod
@@ -37,7 +37,7 @@ L<EVP_PKEY_verify_recover(3)>,
 
 =head1 HISTORY
 
-This function was first added to OpenSSL 1.0.0.
+This function was added in OpenSSL 1.0.0.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/EVP_PKEY_keygen.pod b/deps/openssl/openssl/doc/man3/EVP_PKEY_keygen.pod
index 0b86eaaaa3..83cebe7ce2 100644
--- a/deps/openssl/openssl/doc/man3/EVP_PKEY_keygen.pod
+++ b/deps/openssl/openssl/doc/man3/EVP_PKEY_keygen.pod
@@ -189,7 +189,7 @@ L<EVP_PKEY_derive(3)>
 
 =head1 HISTORY
 
-These functions were first added to OpenSSL 1.0.0.
+These functions were added in OpenSSL 1.0.0.
 
 EVP_PKEY_check(), EVP_PKEY_public_check() and EVP_PKEY_param_check() were added
 in OpenSSL 1.1.1.
diff --git a/deps/openssl/openssl/doc/man3/EVP_PKEY_new.pod b/deps/openssl/openssl/doc/man3/EVP_PKEY_new.pod
index a3532a3596..ebe20986db 100644
--- a/deps/openssl/openssl/doc/man3/EVP_PKEY_new.pod
+++ b/deps/openssl/openssl/doc/man3/EVP_PKEY_new.pod
@@ -114,12 +114,15 @@ L<EVP_PKEY_set1_EC_KEY>
 
 =head1 HISTORY
 
-EVP_PKEY_new() and EVP_PKEY_free() exist in all versions of OpenSSL.
+The
+EVP_PKEY_new() and EVP_PKEY_free() functions exist in all versions of OpenSSL.
 
-EVP_PKEY_up_ref() was first added to OpenSSL 1.1.0.
+The EVP_PKEY_up_ref() function was added in OpenSSL 1.1.0.
+
+The
 EVP_PKEY_new_raw_private_key(), EVP_PKEY_new_raw_public_key(),
 EVP_PKEY_new_CMAC_key(), EVP_PKEY_new_raw_private_key() and
-EVP_PKEY_get_raw_public_key() were first added to OpenSSL 1.1.1.
+EVP_PKEY_get_raw_public_key() functions were added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/EVP_PKEY_print_private.pod b/deps/openssl/openssl/doc/man3/EVP_PKEY_print_private.pod
index 3ebd086a1c..e0750c7eed 100644
--- a/deps/openssl/openssl/doc/man3/EVP_PKEY_print_private.pod
+++ b/deps/openssl/openssl/doc/man3/EVP_PKEY_print_private.pod
@@ -47,7 +47,7 @@ L<EVP_PKEY_keygen(3)>
 
 =head1 HISTORY
 
-These functions were first added to OpenSSL 1.0.0.
+These functions were added in OpenSSL 1.0.0.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/EVP_PKEY_sign.pod b/deps/openssl/openssl/doc/man3/EVP_PKEY_sign.pod
index bdebf0b924..1672831ff0 100644
--- a/deps/openssl/openssl/doc/man3/EVP_PKEY_sign.pod
+++ b/deps/openssl/openssl/doc/man3/EVP_PKEY_sign.pod
@@ -101,7 +101,7 @@ L<EVP_PKEY_derive(3)>
 
 =head1 HISTORY
 
-These functions were first added to OpenSSL 1.0.0.
+These functions were added in OpenSSL 1.0.0.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/EVP_PKEY_verify.pod b/deps/openssl/openssl/doc/man3/EVP_PKEY_verify.pod
index 57d7f8cf86..cdbb80b99d 100644
--- a/deps/openssl/openssl/doc/man3/EVP_PKEY_verify.pod
+++ b/deps/openssl/openssl/doc/man3/EVP_PKEY_verify.pod
@@ -89,7 +89,7 @@ L<EVP_PKEY_derive(3)>
 
 =head1 HISTORY
 
-These functions were first added to OpenSSL 1.0.0.
+These functions were added in OpenSSL 1.0.0.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/EVP_PKEY_verify_recover.pod b/deps/openssl/openssl/doc/man3/EVP_PKEY_verify_recover.pod
index 85d76f84ac..2513606561 100644
--- a/deps/openssl/openssl/doc/man3/EVP_PKEY_verify_recover.pod
+++ b/deps/openssl/openssl/doc/man3/EVP_PKEY_verify_recover.pod
@@ -100,7 +100,7 @@ L<EVP_PKEY_derive(3)>
 
 =head1 HISTORY
 
-These functions were first added to OpenSSL 1.0.0.
+These functions were added in OpenSSL 1.0.0.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/EVP_SignInit.pod b/deps/openssl/openssl/doc/man3/EVP_SignInit.pod
index 12e67f8cbf..86fec82fb0 100644
--- a/deps/openssl/openssl/doc/man3/EVP_SignInit.pod
+++ b/deps/openssl/openssl/doc/man3/EVP_SignInit.pod
@@ -17,7 +17,7 @@ functions
 
  void EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type);
 
- int EVP_PKEY_size(EVP_PKEY *pkey);
+ int EVP_PKEY_size(const EVP_PKEY *pkey);
  int EVP_PKEY_security_bits(const EVP_PKEY *pkey);
 
 =head1 DESCRIPTION
diff --git a/deps/openssl/openssl/doc/man3/HMAC.pod b/deps/openssl/openssl/doc/man3/HMAC.pod
index c480a9c9eb..65386a7baa 100644
--- a/deps/openssl/openssl/doc/man3/HMAC.pod
+++ b/deps/openssl/openssl/doc/man3/HMAC.pod
@@ -91,7 +91,7 @@ because reuse of an existing key with a different digest is not supported.
 
 HMAC_Init() initializes a B<HMAC_CTX> structure to use the hash
 function B<evp_md> and the key B<key> which is B<key_len> bytes
-long. 
+long.
 
 HMAC_Update() can be called repeatedly with chunks of the message to
 be authenticated (B<len> bytes at B<data>).
@@ -147,7 +147,7 @@ OpenSSL before version 1.0.0.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/deps/openssl/openssl/doc/man3/OPENSSL_init_crypto.pod b/deps/openssl/openssl/doc/man3/OPENSSL_init_crypto.pod
index a259539f05..c7823e32d6 100644
--- a/deps/openssl/openssl/doc/man3/OPENSSL_init_crypto.pod
+++ b/deps/openssl/openssl/doc/man3/OPENSSL_init_crypto.pod
@@ -2,10 +2,11 @@
 
 =head1 NAME
 
-OPENSSL_INIT_new, OPENSSL_INIT_set_config_appname, OPENSSL_INIT_free,
-OPENSSL_init_crypto, OPENSSL_cleanup,
-OPENSSL_atexit, OPENSSL_thread_stop - OpenSSL
-initialisation and deinitialisation functions
+OPENSSL_INIT_new, OPENSSL_INIT_set_config_filename,
+OPENSSL_INIT_set_config_appname, OPENSSL_INIT_set_config_file_flags,
+OPENSSL_INIT_free, OPENSSL_init_crypto, OPENSSL_cleanup, OPENSSL_atexit,
+OPENSSL_thread_stop - OpenSSL initialisation
+and deinitialisation functions
 
 =head1 SYNOPSIS
 
@@ -17,6 +18,10 @@ initialisation and deinitialisation functions
  void OPENSSL_thread_stop(void);
 
  OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void);
+ int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *init,
+                                      const char* filename);
+ int OPENSSL_INIT_set_config_file_flags(OPENSSL_INIT_SETTINGS *init,
+                                        unsigned long flags);
  int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *init,
                                      const char* name);
  void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *init);
@@ -33,7 +38,7 @@ As of version 1.1.0 OpenSSL will automatically allocate all resources that it
 needs so no explicit initialisation is required. Similarly it will also
 automatically deinitialise as required.
 
-However, there way be situations when explicit initialisation is desirable or
+However, there may be situations when explicit initialisation is desirable or
 needed, for example when some non-default initialisation is required. The
 function OPENSSL_init_crypto() can be used for this purpose for
 libcrypto (see also L<OPENSSL_init_ssl(3)> for the libssl
@@ -96,7 +101,7 @@ B<OPENSSL_INIT_ADD_ALL_DIGESTS> will be ignored.
 
 With this option an OpenSSL configuration file will be automatically loaded and
 used by calling OPENSSL_config(). This is not a default option for libcrypto.
-From OpenSSL 1.1.1 this is a default option for libssl (see
+As of OpenSSL 1.1.1 this is a default option for libssl (see
 L<OPENSSL_init_ssl(3)> for further details about libssl initialisation). See the
 description of OPENSSL_INIT_new(), below.
 
@@ -157,6 +162,13 @@ engines. This not a default option.
 With this option the library will register its fork handlers.
 See OPENSSL_fork_prepare(3) for details.
 
+=item OPENSSL_INIT_NO_ATEXIT
+
+By default OpenSSL will attempt to clean itself up when the process exits via an
+"atexit" handler. Using this option suppresses that behaviour. This means that
+the application will have to clean up OpenSSL explicitly using
+OPENSSL_cleanup().
+
 =back
 
 Multiple options may be combined together in a single call to
@@ -196,12 +208,22 @@ the library when the thread exits. This should only be called directly if
 resources should be freed at an earlier time, or under the circumstances
 described in the NOTES section below.
 
-The B<OPENSSL_INIT_LOAD_CONFIG> flag will load a default configuration
-file. For optional configuration file settings, an B<OPENSSL_INIT_SETTINGS>
-must be created and used.
-The routines OPENSSL_init_new() and OPENSSL_INIT_set_config_appname() can
-be used to allocate the object and set the application name, and then the
-object can be released with OPENSSL_INIT_free() when done.
+The B<OPENSSL_INIT_LOAD_CONFIG> flag will load a configuration file, as with
+L<CONF_modules_load_file(3)> with NULL filename and application name and the
+B<CONF_MFLAGS_IGNORE_MISSING_FILE>, B<CONF_MFLAGS_IGNORE_RETURN_CODES>  and
+B<CONF_MFLAGS_DEFAULT_SECTION> flags.
+The filename, application name, and flags can be customized by providing a
+non-null B<OPENSSL_INIT_SETTINGS> object.
+The object can be allocated via B<OPENSSL_init_new()>.
+The B<OPENSSL_INIT_set_config_filename()> function can be used to specify a
+non-default filename, which is copied and need not refer to persistent storage.
+Similarly, OPENSSL_INIT_set_config_appname() can be used to specify a
+non-default application name.
+Finally, OPENSSL_INIT_set_file_flags can be used to specify non-default flags.
+If the B<CONF_MFLAGS_IGNORE_RETURN_CODES> flag is not included, any errors in
+the configuration file will cause an error return from B<OPENSSL_init_crypto>
+or indirectly L<OPENSSL_init_ssl(3)>.
+The object can be released with OPENSSL_INIT_free() when done.
 
 =head1 NOTES
 
@@ -242,7 +264,7 @@ and OPENSSL_INIT_free() functions were added in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
 
-Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/deps/openssl/openssl/doc/man3/OPENSSL_malloc.pod b/deps/openssl/openssl/doc/man3/OPENSSL_malloc.pod
index 049a12556a..2d678c951f 100644
--- a/deps/openssl/openssl/doc/man3/OPENSSL_malloc.pod
+++ b/deps/openssl/openssl/doc/man3/OPENSSL_malloc.pod
@@ -90,10 +90,8 @@ generally macro's that add the standard C B<__FILE__> and B<__LINE__>
 parameters and call a lower-level B<CRYPTO_xxx> API.
 Some functions do not add those parameters, but exist for consistency.
 
-OPENSSL_malloc_init() sets the lower-level memory allocation functions
-to their default implementation.
-It is generally not necessary to call this, except perhaps in certain
-shared-library situations.
+OPENSSL_malloc_init() does nothing and does not need to be called. It is
+included for compatibility with older versions of OpenSSL.
 
 OPENSSL_malloc(), OPENSSL_realloc(), and OPENSSL_free() are like the
 C malloc(), realloc(), and free() functions.
@@ -247,7 +245,7 @@ only, say, the malloc() implementation is outright dangerous.>
 
 =head1 COPYRIGHT
 
-Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/deps/openssl/openssl/doc/man3/OPENSSL_secure_malloc.pod b/deps/openssl/openssl/doc/man3/OPENSSL_secure_malloc.pod
index 5a01c82469..6c39538351 100644
--- a/deps/openssl/openssl/doc/man3/OPENSSL_secure_malloc.pod
+++ b/deps/openssl/openssl/doc/man3/OPENSSL_secure_malloc.pod
@@ -120,7 +120,7 @@ L<BN_new(3)>
 
 =head1 HISTORY
 
-OPENSSL_secure_clear_free() was added in OpenSSL 1.1.0g.
+The OPENSSL_secure_clear_free() function was added in OpenSSL 1.1.0g.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/OSSL_STORE_INFO.pod b/deps/openssl/openssl/doc/man3/OSSL_STORE_INFO.pod
index 20d41ac534..4c68986c56 100644
--- a/deps/openssl/openssl/doc/man3/OSSL_STORE_INFO.pod
+++ b/deps/openssl/openssl/doc/man3/OSSL_STORE_INFO.pod
@@ -190,7 +190,7 @@ OSSL_STORE_INFO_get0_CERT(), OSSL_STORE_INFO_get0_CRL(),
 OSSL_STORE_INFO_type_string(), OSSL_STORE_INFO_free(), OSSL_STORE_INFO_new_NAME(),
 OSSL_STORE_INFO_new_PARAMS(), OSSL_STORE_INFO_new_PKEY(),
 OSSL_STORE_INFO_new_CERT() and OSSL_STORE_INFO_new_CRL()
-were added to OpenSSL 1.1.1.
+were added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/OSSL_STORE_LOADER.pod b/deps/openssl/openssl/doc/man3/OSSL_STORE_LOADER.pod
index 87c135a127..1503754114 100644
--- a/deps/openssl/openssl/doc/man3/OSSL_STORE_LOADER.pod
+++ b/deps/openssl/openssl/doc/man3/OSSL_STORE_LOADER.pod
@@ -250,7 +250,7 @@ OSSL_STORE_LOADER_set_eof(), OSSL_STORE_LOADER_set_close(),
 OSSL_STORE_LOADER_free(), OSSL_STORE_register_loader(),
 OSSL_STORE_unregister_loader(), OSSL_STORE_open_fn(), OSSL_STORE_ctrl_fn(),
 OSSL_STORE_load_fn(), OSSL_STORE_eof_fn() and OSSL_STORE_close_fn()
-were added to OpenSSL 1.1.1.
+were added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/OSSL_STORE_SEARCH.pod b/deps/openssl/openssl/doc/man3/OSSL_STORE_SEARCH.pod
index 6d36a190ae..0c2dd2bc24 100644
--- a/deps/openssl/openssl/doc/man3/OSSL_STORE_SEARCH.pod
+++ b/deps/openssl/openssl/doc/man3/OSSL_STORE_SEARCH.pod
@@ -179,7 +179,7 @@ OSSL_STORE_SEARCH_get0_name(),
 OSSL_STORE_SEARCH_get0_serial(),
 OSSL_STORE_SEARCH_get0_bytes(),
 and OSSL_STORE_SEARCH_get0_string()
-were added to OpenSSL 1.1.1.
+were added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/OSSL_STORE_expect.pod b/deps/openssl/openssl/doc/man3/OSSL_STORE_expect.pod
index e3f06b55be..154472a76b 100644
--- a/deps/openssl/openssl/doc/man3/OSSL_STORE_expect.pod
+++ b/deps/openssl/openssl/doc/man3/OSSL_STORE_expect.pod
@@ -65,7 +65,7 @@ L<OSSL_STORE_load(3)>
 =head1 HISTORY
 
 OSSL_STORE_expect(), OSSL_STORE_supports_search() and OSSL_STORE_find()
-were added to OpenSSL 1.1.1.
+were added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/OSSL_STORE_open.pod b/deps/openssl/openssl/doc/man3/OSSL_STORE_open.pod
index b1467f4100..1e8ebf7ce1 100644
--- a/deps/openssl/openssl/doc/man3/OSSL_STORE_open.pod
+++ b/deps/openssl/openssl/doc/man3/OSSL_STORE_open.pod
@@ -147,7 +147,7 @@ L<passphrase-encoding(7)>
 
 OSSL_STORE_CTX(), OSSL_STORE_post_process_info_fn(), OSSL_STORE_open(),
 OSSL_STORE_ctrl(), OSSL_STORE_load(), OSSL_STORE_eof() and OSSL_STORE_close()
-were added to OpenSSL 1.1.1.
+were added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/PEM_read_bio_ex.pod b/deps/openssl/openssl/doc/man3/PEM_read_bio_ex.pod
index e171bff245..a16b0ede5a 100644
--- a/deps/openssl/openssl/doc/man3/PEM_read_bio_ex.pod
+++ b/deps/openssl/openssl/doc/man3/PEM_read_bio_ex.pod
@@ -56,7 +56,7 @@ L<PEM(3)>
 
 =head1 HISTORY
 
-PEM_read_bio_ex() was added in OpenSSL 1.1.1.
+The PEM_read_bio_ex() function was added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/PEM_write_bio_CMS_stream.pod b/deps/openssl/openssl/doc/man3/PEM_write_bio_CMS_stream.pod
index c73fafd44b..bc3ee167e0 100644
--- a/deps/openssl/openssl/doc/man3/PEM_write_bio_CMS_stream.pod
+++ b/deps/openssl/openssl/doc/man3/PEM_write_bio_CMS_stream.pod
@@ -36,7 +36,7 @@ L<i2d_CMS_bio_stream(3)>
 
 =head1 HISTORY
 
-PEM_write_bio_CMS_stream() was added to OpenSSL 1.0.0
+The PEM_write_bio_CMS_stream() function was added in OpenSSL 1.0.0.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/PEM_write_bio_PKCS7_stream.pod b/deps/openssl/openssl/doc/man3/PEM_write_bio_PKCS7_stream.pod
index 77f97aaa2b..32b7ef2ef7 100644
--- a/deps/openssl/openssl/doc/man3/PEM_write_bio_PKCS7_stream.pod
+++ b/deps/openssl/openssl/doc/man3/PEM_write_bio_PKCS7_stream.pod
@@ -35,7 +35,7 @@ L<i2d_PKCS7_bio_stream(3)>
 
 =head1 HISTORY
 
-PEM_write_bio_PKCS7_stream() was added to OpenSSL 1.0.0
+The PEM_write_bio_PKCS7_stream() function was added in OpenSSL 1.0.0.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/PKCS12_parse.pod b/deps/openssl/openssl/doc/man3/PKCS12_parse.pod
index 747a36f5ed..208644c019 100644
--- a/deps/openssl/openssl/doc/man3/PKCS12_parse.pod
+++ b/deps/openssl/openssl/doc/man3/PKCS12_parse.pod
@@ -8,7 +8,8 @@ PKCS12_parse - parse a PKCS#12 structure
 
  #include <openssl/pkcs12.h>
 
-int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca);
+ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
+                  STACK_OF(X509) **ca);
 
 =head1 DESCRIPTION
 
diff --git a/deps/openssl/openssl/doc/man3/PKCS7_sign.pod b/deps/openssl/openssl/doc/man3/PKCS7_sign.pod
index c1df5f19a0..6fd54777d1 100644
--- a/deps/openssl/openssl/doc/man3/PKCS7_sign.pod
+++ b/deps/openssl/openssl/doc/man3/PKCS7_sign.pod
@@ -108,9 +108,9 @@ L<ERR_get_error(3)>, L<PKCS7_verify(3)>
 =head1 HISTORY
 
 The B<PKCS7_PARTIAL> flag, and the ability for B<certs>, B<signcert>,
-and B<pkey> parameters to be B<NULL> to be was added in OpenSSL 1.0.0
+and B<pkey> parameters to be B<NULL> were added in OpenSSL 1.0.0.
 
-The B<PKCS7_STREAM> flag was added in OpenSSL 1.0.0
+The B<PKCS7_STREAM> flag was added in OpenSSL 1.0.0.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/PKCS7_sign_add_signer.pod b/deps/openssl/openssl/doc/man3/PKCS7_sign_add_signer.pod
index 2bc6c40bd2..d4a27a2f61 100644
--- a/deps/openssl/openssl/doc/man3/PKCS7_sign_add_signer.pod
+++ b/deps/openssl/openssl/doc/man3/PKCS7_sign_add_signer.pod
@@ -83,7 +83,7 @@ L<PKCS7_final(3)>,
 
 =head1 HISTORY
 
-PPKCS7_sign_add_signer() was added to OpenSSL 1.0.0
+The PPKCS7_sign_add_signer() function was added in OpenSSL 1.0.0.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/RAND_bytes.pod b/deps/openssl/openssl/doc/man3/RAND_bytes.pod
index fca1ad6961..f257e05006 100644
--- a/deps/openssl/openssl/doc/man3/RAND_bytes.pod
+++ b/deps/openssl/openssl/doc/man3/RAND_bytes.pod
@@ -53,7 +53,7 @@ RAND_pseudo_bytes() was deprecated in OpenSSL 1.1.0; use RAND_bytes() instead.
 
 =item *
 
-RAND_priv_bytes() was added in OpenSSL 1.1.1.
+The RAND_priv_bytes() function was added in OpenSSL 1.1.1.
 
 =back
 
diff --git a/deps/openssl/openssl/doc/man3/RIPEMD160_Init.pod b/deps/openssl/openssl/doc/man3/RIPEMD160_Init.pod
index 77ac4fbc12..d3cdf930d8 100644
--- a/deps/openssl/openssl/doc/man3/RIPEMD160_Init.pod
+++ b/deps/openssl/openssl/doc/man3/RIPEMD160_Init.pod
@@ -13,7 +13,7 @@ RIPEMD-160 hash function
                           unsigned char *md);
 
  int RIPEMD160_Init(RIPEMD160_CTX *c);
- int RIPEMD160_Update(RIPEMD_CTX *c, const void *data, unsigned long len);
+ int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, unsigned long len);
  int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);
 
 =head1 DESCRIPTION
@@ -61,7 +61,7 @@ L<EVP_DigestInit(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/deps/openssl/openssl/doc/man3/RSA_get0_key.pod b/deps/openssl/openssl/doc/man3/RSA_get0_key.pod
index cb7d0f66db..358c2de256 100644
--- a/deps/openssl/openssl/doc/man3/RSA_get0_key.pod
+++ b/deps/openssl/openssl/doc/man3/RSA_get0_key.pod
@@ -157,6 +157,7 @@ L<RSA_new(3)>, L<RSA_size(3)>
 
 =head1 HISTORY
 
+The
 RSA_get_multi_prime_extra_count(), RSA_get0_multi_prime_factors(),
 RSA_get0_multi_prime_crt_params(), RSA_set0_multi_prime_params(),
 and RSA_get_version() functions were added in OpenSSL 1.1.1.
diff --git a/deps/openssl/openssl/doc/man3/RSA_padding_add_PKCS1_type_1.pod b/deps/openssl/openssl/doc/man3/RSA_padding_add_PKCS1_type_1.pod
index 93911cac97..9ea2634c03 100644
--- a/deps/openssl/openssl/doc/man3/RSA_padding_add_PKCS1_type_1.pod
+++ b/deps/openssl/openssl/doc/man3/RSA_padding_add_PKCS1_type_1.pod
@@ -110,7 +110,12 @@ L<ERR_get_error(3)>.
 The RSA_padding_check_PKCS1_type_2() padding check leaks timing
 information which can potentially be used to mount a Bleichenbacher
 padding oracle attack. This is an inherent weakness in the PKCS #1
-v1.5 padding design. Prefer PKCS1_OAEP padding.
+v1.5 padding design. Prefer PKCS1_OAEP padding. Otherwise it can
+be recommended to pass zero-padded B<f>, so that B<fl> equals to
+B<rsa_len>, and if fixed by protocol, B<tlen> being set to the
+expected length. In such case leakage would be minimal, it would
+take attacker's ability to observe memory access pattern with byte
+granilarity as it occurs, post-factum timing analysis won't do.
 
 =head1 SEE ALSO
 
diff --git a/deps/openssl/openssl/doc/man3/RSA_size.pod b/deps/openssl/openssl/doc/man3/RSA_size.pod
index 022620078a..9949865086 100644
--- a/deps/openssl/openssl/doc/man3/RSA_size.pod
+++ b/deps/openssl/openssl/doc/man3/RSA_size.pod
@@ -41,7 +41,7 @@ L<BN_num_bits(3)>
 
 =head1 HISTORY
 
-RSA_bits() was added in OpenSSL 1.1.0.
+The RSA_bits() function was added in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/SSL_CIPHER_get_name.pod b/deps/openssl/openssl/doc/man3/SSL_CIPHER_get_name.pod
index af59b58946..4c12c5ed20 100644
--- a/deps/openssl/openssl/doc/man3/SSL_CIPHER_get_name.pod
+++ b/deps/openssl/openssl/doc/man3/SSL_CIPHER_get_name.pod
@@ -179,19 +179,19 @@ protocol-specific ID.
 
 =head1 HISTORY
 
-SSL_CIPHER_get_version() was updated to always return the correct protocol
-string in OpenSSL 1.1.0.
+The SSL_CIPHER_get_version() function was updated to always return the
+correct protocol string in OpenSSL 1.1.0.
 
-SSL_CIPHER_description() was changed to return B<NULL> on error,
+The SSL_CIPHER_description() function was changed to return B<NULL> on error,
 rather than a fixed string, in OpenSSL 1.1.0.
 
-SSL_CIPHER_get_handshake_digest() was added in OpenSSL 1.1.1.
+The SSL_CIPHER_get_handshake_digest() function was added in OpenSSL 1.1.1.
 
-SSL_CIPHER_standard_name() was globally available in OpenSSL 1.1.1. Before
-OpenSSL 1.1.1, tracing (B<enable-ssl-trace> argument to Configure) was
+The SSL_CIPHER_standard_name() function was globally available in OpenSSL 1.1.1.
+ Before OpenSSL 1.1.1, tracing (B<enable-ssl-trace> argument to Configure) was
 required to enable this function.
 
-OPENSSL_cipher_name() was added in OpenSSL 1.1.1.
+The OPENSSL_cipher_name() function was added in OpenSSL 1.1.1.
 
 =head1 SEE ALSO
 
diff --git a/deps/openssl/openssl/doc/man3/SSL_COMP_add_compression_method.pod b/deps/openssl/openssl/doc/man3/SSL_COMP_add_compression_method.pod
index 1dc8eb1499..76c036e5ce 100644
--- a/deps/openssl/openssl/doc/man3/SSL_COMP_add_compression_method.pod
+++ b/deps/openssl/openssl/doc/man3/SSL_COMP_add_compression_method.pod
@@ -91,9 +91,8 @@ L<ssl(7)>
 
 =head1 HISTORY
 
-SSL_COMP_free_compression_methods() was deprecated in OpenSSL 1.1.0;
-do not use it.
-SSL_COMP_get0_name() and SSL_comp_get_id() were added in OpenSSL 1.1.0d.
+The SSL_COMP_free_compression_methods() function was deprecated in OpenSSL 1.1.0.
+The SSL_COMP_get0_name() and SSL_comp_get_id() functions were added in OpenSSL 1.1.0d.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/SSL_CONF_CTX_new.pod b/deps/openssl/openssl/doc/man3/SSL_CONF_CTX_new.pod
index 79f0bbc7dd..df5492f79b 100644
--- a/deps/openssl/openssl/doc/man3/SSL_CONF_CTX_new.pod
+++ b/deps/openssl/openssl/doc/man3/SSL_CONF_CTX_new.pod
@@ -36,7 +36,7 @@ L<SSL_CONF_cmd_argv(3)>
 
 =head1 HISTORY
 
-These functions were first added to OpenSSL 1.0.2
+These functions were added in OpenSSL 1.0.2.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/SSL_CONF_CTX_set1_prefix.pod b/deps/openssl/openssl/doc/man3/SSL_CONF_CTX_set1_prefix.pod
index d986470254..b2eff5bf51 100644
--- a/deps/openssl/openssl/doc/man3/SSL_CONF_CTX_set1_prefix.pod
+++ b/deps/openssl/openssl/doc/man3/SSL_CONF_CTX_set1_prefix.pod
@@ -44,7 +44,7 @@ L<SSL_CONF_cmd_argv(3)>
 
 =head1 HISTORY
 
-These functions were first added to OpenSSL 1.0.2
+These functions were added in OpenSSL 1.0.2.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/SSL_CONF_CTX_set_flags.pod b/deps/openssl/openssl/doc/man3/SSL_CONF_CTX_set_flags.pod
index 766d984626..d6f6ff5897 100644
--- a/deps/openssl/openssl/doc/man3/SSL_CONF_CTX_set_flags.pod
+++ b/deps/openssl/openssl/doc/man3/SSL_CONF_CTX_set_flags.pod
@@ -70,7 +70,7 @@ L<SSL_CONF_cmd_argv(3)>
 
 =head1 HISTORY
 
-These functions were first added to OpenSSL 1.0.2
+These functions were added in OpenSSL 1.0.2.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/SSL_CONF_CTX_set_ssl_ctx.pod b/deps/openssl/openssl/doc/man3/SSL_CONF_CTX_set_ssl_ctx.pod
index 7e4120f7ce..3b001d1686 100644
--- a/deps/openssl/openssl/doc/man3/SSL_CONF_CTX_set_ssl_ctx.pod
+++ b/deps/openssl/openssl/doc/man3/SSL_CONF_CTX_set_ssl_ctx.pod
@@ -42,7 +42,7 @@ L<SSL_CONF_cmd_argv(3)>
 
 =head1 HISTORY
 
-These functions were first added to OpenSSL 1.0.2
+These functions were added in OpenSSL 1.0.2.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/SSL_CONF_cmd.pod b/deps/openssl/openssl/doc/man3/SSL_CONF_cmd.pod
index b399bcf499..a74e7284f9 100644
--- a/deps/openssl/openssl/doc/man3/SSL_CONF_cmd.pod
+++ b/deps/openssl/openssl/doc/man3/SSL_CONF_cmd.pod
@@ -308,11 +308,6 @@ Attempts to pad TLSv1.3 records so that they are a multiple of B<value> in
 length on send. A B<value> of 0 or 1 turns off padding. Otherwise, the
 B<value> must be >1 or <=16384.
 
-=item B<NoRenegotiation>
-
-Disables all attempts at renegotiation in TLSv1.2 and earlier, same as setting
-B<SSL_OP_NO_RENEGOTIATION>.
-
 =item B<SignatureAlgorithms>
 
 This sets the supported signature algorithms for TLSv1.2 and TLSv1.3.
@@ -456,6 +451,9 @@ Only used by servers.
 B<NoResumptionOnRenegotiation>: set
 B<SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION> flag. Only used by servers.
 
+B<NoRenegotiation>: disables all attempts at renegotiation in TLSv1.2 and
+earlier, same as setting B<SSL_OP_NO_RENEGOTIATION>.
+
 B<UnsafeLegacyRenegotiation>: permits the use of unsafe legacy renegotiation.
 Equivalent to B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION>.
 
@@ -670,12 +668,12 @@ L<SSL_CTX_set_options(3)>
 
 =head1 HISTORY
 
-SSL_CONF_cmd() was first added to OpenSSL 1.0.2
+The SSL_CONF_cmd() function was added in OpenSSL 1.0.2.
 
-B<SSL_OP_NO_SSL2> doesn't have effect since 1.1.0, but the macro is retained
-for backwards compatibility.
+The B<SSL_OP_NO_SSL2> option doesn't have effect since 1.1.0, but the macro
+is retained for backwards compatibility.
 
-B<SSL_CONF_TYPE_NONE> was first added to OpenSSL 1.1.0. In earlier versions of
+The B<SSL_CONF_TYPE_NONE> was added in OpenSSL 1.1.0. In earlier versions of
 OpenSSL passing a command which didn't take an argument would return
 B<SSL_CONF_TYPE_UNKNOWN>.
 
@@ -685,7 +683,7 @@ B<AllowNoDHEKEX> and B<PrioritizeChaCha> were added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
-Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2012-2019 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/deps/openssl/openssl/doc/man3/SSL_CONF_cmd_argv.pod b/deps/openssl/openssl/doc/man3/SSL_CONF_cmd_argv.pod
index 567fa5a508..130814803d 100644
--- a/deps/openssl/openssl/doc/man3/SSL_CONF_cmd_argv.pod
+++ b/deps/openssl/openssl/doc/man3/SSL_CONF_cmd_argv.pod
@@ -37,7 +37,7 @@ L<SSL_CONF_cmd(3)>
 
 =head1 HISTORY
 
-These functions were first added to OpenSSL 1.0.2
+These functions were added in OpenSSL 1.0.2.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/SSL_CTX_add1_chain_cert.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_add1_chain_cert.pod
index 24730024f8..8fe8a7d5e1 100644
--- a/deps/openssl/openssl/doc/man3/SSL_CTX_add1_chain_cert.pod
+++ b/deps/openssl/openssl/doc/man3/SSL_CTX_add1_chain_cert.pod
@@ -144,7 +144,7 @@ L<SSL_CTX_add_extra_chain_cert(3)>
 
 =head1 HISTORY
 
-These functions were first added to OpenSSL 1.0.2.
+These functions were added in OpenSSL 1.0.2.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/SSL_CTX_config.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_config.pod
index 5b2aed76c2..90d86746ce 100644
--- a/deps/openssl/openssl/doc/man3/SSL_CTX_config.pod
+++ b/deps/openssl/openssl/doc/man3/SSL_CTX_config.pod
@@ -77,7 +77,7 @@ L<CONF_modules_load_file(3)>
 
 =head1 HISTORY
 
-SSL_CTX_config() and SSL_config() were first added to OpenSSL 1.1.0
+The SSL_CTX_config() and SSL_config() functions were added in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/SSL_CTX_dane_enable.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_dane_enable.pod
index d767bb296e..d1b3c1aad7 100644
--- a/deps/openssl/openssl/doc/man3/SSL_CTX_dane_enable.pod
+++ b/deps/openssl/openssl/doc/man3/SSL_CTX_dane_enable.pod
@@ -368,7 +368,7 @@ L<EVP_PKEY_free(3)>
 
 =head1 HISTORY
 
-These functions were first added to OpenSSL 1.1.0.
+These functions were added in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/SSL_CTX_get0_param.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_get0_param.pod
index 6b93737458..8b99dc330a 100644
--- a/deps/openssl/openssl/doc/man3/SSL_CTX_get0_param.pod
+++ b/deps/openssl/openssl/doc/man3/SSL_CTX_get0_param.pod
@@ -50,7 +50,7 @@ L<X509_VERIFY_PARAM_set_flags(3)>
 
 =head1 HISTORY
 
-These functions were first added to OpenSSL 1.0.2.
+These functions were added in OpenSSL 1.0.2.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/SSL_CTX_set0_CA_list.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set0_CA_list.pod
index d7ed89775b..b483f83b71 100644
--- a/deps/openssl/openssl/doc/man3/SSL_CTX_set0_CA_list.pod
+++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set0_CA_list.pod
@@ -101,7 +101,7 @@ set CA names using the "client CA list" functions and then get them using the
 used on the server side then the "client CA list" functions take precedence.
 Typically, on the server side, the "client CA list " functions should be used in
 preference. As noted above in most cases it is not necessary to set CA names on
-the client side. 
+the client side.
 
 SSL_CTX_set0_CA_list() sets the list of CAs to be sent to the peer to
 B<name_list>. Ownership of B<name_list> is transferred to B<ctx> and
@@ -178,7 +178,7 @@ L<SSL_CTX_load_verify_locations(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/deps/openssl/openssl/doc/man3/SSL_CTX_set1_curves.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set1_curves.pod
index 7dca0e0161..6c3d4fc9e9 100644
--- a/deps/openssl/openssl/doc/man3/SSL_CTX_set1_curves.pod
+++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set1_curves.pod
@@ -97,8 +97,8 @@ L<SSL_CTX_add_extra_chain_cert(3)>
 
 =head1 HISTORY
 
-The curve functions were first added to OpenSSL 1.0.2. The equivalent group
-functions were first added to OpenSSL 1.1.1.
+The curve functions were added in OpenSSL 1.0.2. The equivalent group
+functions were added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/SSL_CTX_set1_verify_cert_store.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set1_verify_cert_store.pod
index bfe8b70af9..b42f2a499f 100644
--- a/deps/openssl/openssl/doc/man3/SSL_CTX_set1_verify_cert_store.pod
+++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set1_verify_cert_store.pod
@@ -86,7 +86,7 @@ L<SSL_build_cert_chain(3)>
 
 =head1 HISTORY
 
-These functions were first added to OpenSSL 1.0.2.
+These functions were added in OpenSSL 1.0.2.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/SSL_CTX_set_ctlog_list_file.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set_ctlog_list_file.pod
index 275831ab15..5fb0feb451 100644
--- a/deps/openssl/openssl/doc/man3/SSL_CTX_set_ctlog_list_file.pod
+++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set_ctlog_list_file.pod
@@ -24,7 +24,7 @@ See L<CTLOG_STORE_new(3)> for the file format.
 =head1 NOTES
 
 These functions will not clear the existing CT log list - it will be appended
-to. To replace the existing list, use L<SSL_CTX_set0_ctlog_store> first. 
+to. To replace the existing list, use L<SSL_CTX_set0_ctlog_store> first.
 
 If an error occurs whilst parsing a particular log entry in the file, that log
 entry will be skipped.
@@ -43,7 +43,7 @@ L<CTLOG_STORE_new(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/deps/openssl/openssl/doc/man3/SSL_CTX_set_default_passwd_cb.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set_default_passwd_cb.pod
index c7bdc9b92a..999a70c8c3 100644
--- a/deps/openssl/openssl/doc/man3/SSL_CTX_set_default_passwd_cb.pod
+++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set_default_passwd_cb.pod
@@ -94,7 +94,7 @@ truncated.
 
 SSL_CTX_get_default_passwd_cb(), SSL_CTX_get_default_passwd_cb_userdata(),
 SSL_set_default_passwd_cb() and SSL_set_default_passwd_cb_userdata() were
-first added to OpenSSL 1.1.0
+added in OpenSSL 1.1.0.
 
 =head1 SEE ALSO
 
diff --git a/deps/openssl/openssl/doc/man3/SSL_CTX_set_info_callback.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set_info_callback.pod
index f01ca66fce..01b03f9a59 100644
--- a/deps/openssl/openssl/doc/man3/SSL_CTX_set_info_callback.pod
+++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set_info_callback.pod
@@ -92,17 +92,13 @@ Callback has been called due to an alert being sent or received.
 
 =item SSL_CB_HANDSHAKE_START
 
-Callback has been called because a new handshake is started. In TLSv1.3 this is
-also used for the start of post-handshake message exchanges such as for the
-exchange of session tickets, or for key updates. It also occurs when resuming a
-handshake following a pause to handle early data.
+Callback has been called because a new handshake is started. It also occurs when
+resuming a handshake following a pause to handle early data.
 
-=item SSL_CB_HANDSHAKE_DONE           0x20
+=item SSL_CB_HANDSHAKE_DONE
 
-Callback has been called because a handshake is finished. In TLSv1.3 this is
-also used at the end of an exchange of post-handshake messages such as for
-session tickets or key updates. It also occurs if the handshake is paused to
-allow the exchange of early data.
+Callback has been called because a handshake is finished.  It also occurs if the
+handshake is paused to allow the exchange of early data.
 
 =back
 
@@ -160,7 +156,7 @@ L<SSL_alert_type_string(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/deps/openssl/openssl/doc/man3/SSL_CTX_set_mode.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set_mode.pod
index 8f8edcf054..387d1ec1ef 100644
--- a/deps/openssl/openssl/doc/man3/SSL_CTX_set_mode.pod
+++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set_mode.pod
@@ -105,6 +105,15 @@ Enable asynchronous processing. TLS I/O operations may indicate a retry with
 SSL_ERROR_WANT_ASYNC with this mode set if an asynchronous capable engine is
 used to perform cryptographic operations. See L<SSL_get_error(3)>.
 
+=item SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG
+
+Older versions of OpenSSL had a bug in the computation of the label length
+used for computing the endpoint-pair shared secret. The bug was that the
+terminating zero was included in the length of the label. Setting this option
+enables this behaviour to allow interoperability with such broken
+implementations. Please note that setting this option breaks interoperability
+with correct implementations. This option only applies to DTLS over SCTP.
+
 =back
 
 All modes are off by default except for SSL_MODE_AUTO_RETRY which is on by
@@ -124,11 +133,11 @@ L<SSL_write(3)>, L<SSL_get_error(3)>
 
 =head1 HISTORY
 
-SSL_MODE_ASYNC was first added to OpenSSL 1.1.0.
+SSL_MODE_ASYNC was added in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
 
-Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/deps/openssl/openssl/doc/man3/SSL_CTX_set_msg_callback.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set_msg_callback.pod
index bbc78b64b9..8cf77cc553 100644
--- a/deps/openssl/openssl/doc/man3/SSL_CTX_set_msg_callback.pod
+++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set_msg_callback.pod
@@ -128,8 +128,7 @@ L<ssl(7)>, L<SSL_new(3)>
 
 =head1 HISTORY
 
-The pseudo content type B<SSL3_RT_INNER_CONTENT_TYPE> was added in OpenSSL
-1.1.1.
+The pseudo content type B<SSL3_RT_INNER_CONTENT_TYPE> was added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/SSL_CTX_set_num_tickets.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set_num_tickets.pod
index b6b0e3ebee..ad13ed15f4 100644
--- a/deps/openssl/openssl/doc/man3/SSL_CTX_set_num_tickets.pod
+++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set_num_tickets.pod
@@ -20,10 +20,10 @@ SSL_CTX_get_num_tickets
 =head1 DESCRIPTION
 
 SSL_CTX_set_num_tickets() and SSL_set_num_tickets() can be called for a server
-application and set the number of session tickets that will be sent to the
-client after a full handshake. Set the desired value (which could be 0) in the
-B<num_tickets> argument. Typically these functions should be called before the
-start of the handshake.
+application and set the number of TLSv1.3 session tickets that will be sent to
+the client after a full handshake. Set the desired value (which could be 0) in
+the B<num_tickets> argument. Typically these functions should be called before
+the start of the handshake.
 
 The default number of tickets is 2; the default number of tickets sent following
 a resumption handshake is 1 but this cannot be changed using these functions.
diff --git a/deps/openssl/openssl/doc/man3/SSL_CTX_set_options.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set_options.pod
index ae5ca1bd5d..2d840b62cb 100644
--- a/deps/openssl/openssl/doc/man3/SSL_CTX_set_options.pod
+++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set_options.pod
@@ -361,10 +361,10 @@ L<dhparam(1)>
 =head1 HISTORY
 
 The attempt to always try to use secure renegotiation was added in
-Openssl 0.9.8m.
+OpenSSL 0.9.8m.
 
-B<SSL_OP_PRIORITIZE_CHACHA> and B<SSL_OP_NO_RENEGOTIATION> were added in
-OpenSSL 1.1.1.
+The B<SSL_OP_PRIORITIZE_CHACHA> and B<SSL_OP_NO_RENEGOTIATION> options
+were added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/SSL_CTX_set_record_padding_callback.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set_record_padding_callback.pod
index d0b2e30f25..13e56f0c57 100644
--- a/deps/openssl/openssl/doc/man3/SSL_CTX_set_record_padding_callback.pod
+++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set_record_padding_callback.pod
@@ -19,10 +19,10 @@ SSL_set_block_padding - install callback to specify TLS 1.3 record padding
  void SSL_set_record_padding_callback(SSL *ssl, size_t (*cb)(SSL *s, int type, size_t len, void *arg));
 
  void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg);
- void *SSL_CTX_get_record_padding_callback_arg(SSL_CTX *ctx);
+ void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx);
 
  void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg);
- void *SSL_get_record_padding_callback_arg(SSL *ssl);
+ void *SSL_get_record_padding_callback_arg(const SSL *ssl);
 
  int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size);
  int SSL_set_block_padding(SSL *ssl, size_t block_size);
@@ -86,7 +86,7 @@ The record padding API was added for TLS 1.3 support in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
-Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/deps/openssl/openssl/doc/man3/SSL_CTX_set_security_level.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set_security_level.pod
index 8baaaffec5..0cb6c1f52a 100644
--- a/deps/openssl/openssl/doc/man3/SSL_CTX_set_security_level.pod
+++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set_security_level.pod
@@ -176,7 +176,7 @@ data pointer or NULL if the ex data is not set.
 
 =head1 HISTORY
 
-These functions were first added to OpenSSL 1.1.0
+These functions were added in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/SSL_CTX_set_session_ticket_cb.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set_session_ticket_cb.pod
index 8f98c6f1c9..f3dfb62c23 100644
--- a/deps/openssl/openssl/doc/man3/SSL_CTX_set_session_ticket_cb.pod
+++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set_session_ticket_cb.pod
@@ -177,8 +177,8 @@ L<SSL_get_session(3)>
 
 =head1 HISTORY
 
-SSL_CTX_set_session_ticket_cb(), SSSL_SESSION_set1_ticket_appdata() and
-SSL_SESSION_get_ticket_appdata() were added to OpenSSL 1.1.1.
+The SSL_CTX_set_session_ticket_cb(), SSSL_SESSION_set1_ticket_appdata()
+and SSL_SESSION_get_ticket_appdata() functions were added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/SSL_CTX_set_split_send_fragment.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set_split_send_fragment.pod
index ef5e7cda35..877b4aecd9 100644
--- a/deps/openssl/openssl/doc/man3/SSL_CTX_set_split_send_fragment.pod
+++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set_split_send_fragment.pod
@@ -169,8 +169,8 @@ SSL_CTX_set_split_send_fragment(), SSL_set_split_send_fragment(),
 SSL_CTX_set_default_read_buffer_len() and  SSL_set_default_read_buffer_len()
 functions were added in OpenSSL 1.1.0.
 
-SSL_CTX_set_tlsext_max_fragment_length(), SSL_set_tlsext_max_fragment_length()
-and SSL_SESSION_get_max_fragment_length() were added in OpenSSL 1.1.1.
+The SSL_CTX_set_tlsext_max_fragment_length(), SSL_set_tlsext_max_fragment_length()
+and SSL_SESSION_get_max_fragment_length() functions were added in OpenSSL 1.1.1.
 
 =head1 SEE ALSO
 
diff --git a/deps/openssl/openssl/doc/man3/SSL_CTX_set_ssl_version.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set_ssl_version.pod
index 901c057f45..6c132756f2 100644
--- a/deps/openssl/openssl/doc/man3/SSL_CTX_set_ssl_version.pod
+++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set_ssl_version.pod
@@ -11,7 +11,7 @@ SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_get_ssl_method
 
  int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *method);
  int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method);
- const SSL_METHOD *SSL_get_ssl_method(SSL *ssl);
+ const SSL_METHOD *SSL_get_ssl_method(const SSL *ssl);
 
 =head1 DESCRIPTION
 
@@ -60,7 +60,7 @@ L<SSL_set_connect_state(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/deps/openssl/openssl/doc/man3/SSL_CTX_set_tlsext_status_cb.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set_tlsext_status_cb.pod
index d6c04eced8..cb40a9dbcb 100644
--- a/deps/openssl/openssl/doc/man3/SSL_CTX_set_tlsext_status_cb.pod
+++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set_tlsext_status_cb.pod
@@ -108,8 +108,8 @@ side if the client requested OCSP stapling. Otherwise -1 is returned.
 
 =head1 HISTORY
 
-SSL_get_tlsext_status_type(), SSL_CTX_get_tlsext_status_type() and
-SSL_CTX_set_tlsext_status_type() were added in OpenSSL 1.1.0.
+The SSL_get_tlsext_status_type(), SSL_CTX_get_tlsext_status_type()
+and SSL_CTX_set_tlsext_status_type() functions were added in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod
index 9b448db664..7a4bb34270 100644
--- a/deps/openssl/openssl/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod
+++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod
@@ -38,7 +38,7 @@ ticket information or it starts a full TLS handshake to create a new session
 ticket.
 
 Before the callback function is started I<ctx> and I<hctx> have been
-initialised with EVP_CIPHER_CTX_init and HMAC_CTX_init respectively.
+initialised with L<EVP_CIPHER_CTX_reset(3)> and L<HMAC_CTX_reset(3)> respectively.
 
 For new sessions tickets, when the client doesn't present a session ticket, or
 an attempted retrieval of the ticket failed, or a renew option was indicated,
diff --git a/deps/openssl/openssl/doc/man3/SSL_SESSION_free.pod b/deps/openssl/openssl/doc/man3/SSL_SESSION_free.pod
index 87a1cab1b4..9a3bf3ec98 100644
--- a/deps/openssl/openssl/doc/man3/SSL_SESSION_free.pod
+++ b/deps/openssl/openssl/doc/man3/SSL_SESSION_free.pod
@@ -73,7 +73,7 @@ L<d2i_SSL_SESSION(3)>
 
 =head1 HISTORY
 
-SSL_SESSION_dup() was added in OpenSSL 1.1.1.
+The SSL_SESSION_dup() function was added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/SSL_SESSION_get0_cipher.pod b/deps/openssl/openssl/doc/man3/SSL_SESSION_get0_cipher.pod
index 60f66a2d2b..5ef754c4a8 100644
--- a/deps/openssl/openssl/doc/man3/SSL_SESSION_get0_cipher.pod
+++ b/deps/openssl/openssl/doc/man3/SSL_SESSION_get0_cipher.pod
@@ -43,8 +43,8 @@ L<SSL_CTX_set_psk_use_session_callback(3)>
 
 =head1 HISTORY
 
-SSL_SESSION_get0_cipher() was first added to OpenSSL 1.1.0.
-SSL_SESSION_set_cipher() was first added to OpenSSL 1.1.1.
+The SSL_SESSION_get0_cipher() function was added in OpenSSL 1.1.0.
+The SSL_SESSION_set_cipher() function was added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/SSL_SESSION_get0_hostname.pod b/deps/openssl/openssl/doc/man3/SSL_SESSION_get0_hostname.pod
index c35c892795..989c997882 100644
--- a/deps/openssl/openssl/doc/man3/SSL_SESSION_get0_hostname.pod
+++ b/deps/openssl/openssl/doc/man3/SSL_SESSION_get0_hostname.pod
@@ -59,8 +59,8 @@ L<SSL_SESSION_free(3)>
 
 =head1 HISTORY
 
-SSL_SESSION_set1_hostname(), SSL_SESSION_get0_alpn_selected() and
-SSL_SESSION_set1_alpn_selected() were added in OpenSSL 1.1.1.
+The SSL_SESSION_set1_hostname(), SSL_SESSION_get0_alpn_selected() and
+SSL_SESSION_set1_alpn_selected() functions were added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/SSL_SESSION_get0_id_context.pod b/deps/openssl/openssl/doc/man3/SSL_SESSION_get0_id_context.pod
index 69619a72b4..99b21bd126 100644
--- a/deps/openssl/openssl/doc/man3/SSL_SESSION_get0_id_context.pod
+++ b/deps/openssl/openssl/doc/man3/SSL_SESSION_get0_id_context.pod
@@ -42,7 +42,7 @@ L<SSL_set_session_id_context(3)>
 
 =head1 HISTORY
 
-SSL_SESSION_get0_id_context() was first added to OpenSSL 1.1.0
+The SSL_SESSION_get0_id_context() function was added in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/SSL_SESSION_get_protocol_version.pod b/deps/openssl/openssl/doc/man3/SSL_SESSION_get_protocol_version.pod
index 84c9ac173b..961ed3e923 100644
--- a/deps/openssl/openssl/doc/man3/SSL_SESSION_get_protocol_version.pod
+++ b/deps/openssl/openssl/doc/man3/SSL_SESSION_get_protocol_version.pod
@@ -41,8 +41,8 @@ L<SSL_CTX_set_psk_use_session_callback(3)>
 
 =head1 HISTORY
 
-SSL_SESSION_get_protocol_version() was first added to OpenSSL 1.1.0.
-SSL_SESSION_set_protocol_version() was first added to OpenSSL 1.1.1.
+The SSL_SESSION_get_protocol_version() function was added in OpenSSL 1.1.0.
+The SSL_SESSION_set_protocol_version() function was added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/SSL_SESSION_has_ticket.pod b/deps/openssl/openssl/doc/man3/SSL_SESSION_has_ticket.pod
index 7197382369..6fb41b75cb 100644
--- a/deps/openssl/openssl/doc/man3/SSL_SESSION_has_ticket.pod
+++ b/deps/openssl/openssl/doc/man3/SSL_SESSION_has_ticket.pod
@@ -44,8 +44,8 @@ L<SSL_SESSION_free(3)>
 
 =head1 HISTORY
 
-SSL_SESSION_has_ticket, SSL_SESSION_get_ticket_lifetime_hint and
-SSL_SESSION_get0_ticket were added in OpenSSL 1.1.0.
+The SSL_SESSION_has_ticket(), SSL_SESSION_get_ticket_lifetime_hint()
+and SSL_SESSION_get0_ticket() functions were added in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/SSL_SESSION_is_resumable.pod b/deps/openssl/openssl/doc/man3/SSL_SESSION_is_resumable.pod
index 729479a99b..8e47eee09a 100644
--- a/deps/openssl/openssl/doc/man3/SSL_SESSION_is_resumable.pod
+++ b/deps/openssl/openssl/doc/man3/SSL_SESSION_is_resumable.pod
@@ -30,7 +30,7 @@ L<SSL_CTX_sess_set_new_cb(3)>
 
 =head1 HISTORY
 
-SSL_SESSION_is_resumable() was first added to OpenSSL 1.1.1
+The SSL_SESSION_is_resumable() function was added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/SSL_SESSION_set1_id.pod b/deps/openssl/openssl/doc/man3/SSL_SESSION_set1_id.pod
index f0b131d6a1..deafdf1ea5 100644
--- a/deps/openssl/openssl/doc/man3/SSL_SESSION_set1_id.pod
+++ b/deps/openssl/openssl/doc/man3/SSL_SESSION_set1_id.pod
@@ -36,7 +36,7 @@ L<ssl(7)>
 
 =head1 HISTORY
 
-SSL_SESSION_set1_id() was first added to OpenSSL 1.1.0
+The SSL_SESSION_set1_id() function was added in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/SSL_export_keying_material.pod b/deps/openssl/openssl/doc/man3/SSL_export_keying_material.pod
index abebf911fc..c6b9229cbf 100644
--- a/deps/openssl/openssl/doc/man3/SSL_export_keying_material.pod
+++ b/deps/openssl/openssl/doc/man3/SSL_export_keying_material.pod
@@ -59,7 +59,8 @@ B<label> and should be B<llen> bytes long. Typically this will be a value from
 the IANA Exporter Label Registry
 (L<https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#exporter-labels>).
 Alternatively labels beginning with "EXPERIMENTAL" are permitted by the standard
-to be used without registration.
+to be used without registration. TLSv1.3 imposes a maximum label length of
+249 bytes.
 
 Note that this function is only defined for TLSv1.0 and above, and DTLSv1.0 and
 above. Attempting to use it in SSLv3 will result in an error.
@@ -72,7 +73,7 @@ SSL_export_keying_material_early() returns 0 on failure or 1 on success.
 
 =head1 HISTORY
 
-SSL_export_keying_material_early() was first added in OpenSSL 1.1.1.
+The SSL_export_keying_material_early() function was added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/SSL_extension_supported.pod b/deps/openssl/openssl/doc/man3/SSL_extension_supported.pod
index 51ff6beeb5..df23ac6551 100644
--- a/deps/openssl/openssl/doc/man3/SSL_extension_supported.pod
+++ b/deps/openssl/openssl/doc/man3/SSL_extension_supported.pod
@@ -277,7 +277,7 @@ internally by OpenSSL and 0 otherwise.
 
 =head1 HISTORY
 
-The function SSL_CTX_add_custom_ext() was added in OpenSSL 1.1.1.
+The SSL_CTX_add_custom_ext() function was added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/SSL_get_all_async_fds.pod b/deps/openssl/openssl/doc/man3/SSL_get_all_async_fds.pod
index fd4515db55..5b17f091e3 100644
--- a/deps/openssl/openssl/doc/man3/SSL_get_all_async_fds.pod
+++ b/deps/openssl/openssl/doc/man3/SSL_get_all_async_fds.pod
@@ -73,8 +73,8 @@ L<SSL_get_error(3)>, L<SSL_CTX_set_mode(3)>
 
 =head1 HISTORY
 
-SSL_waiting_for_async(), SSL_get_all_async_fds() and SSL_get_changed_async_fds()
-were first added to OpenSSL 1.1.0.
+The SSL_waiting_for_async(), SSL_get_all_async_fds()
+and SSL_get_changed_async_fds() functions were added in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/SSL_get_error.pod b/deps/openssl/openssl/doc/man3/SSL_get_error.pod
index b3ab505687..5a7a4b7058 100644
--- a/deps/openssl/openssl/doc/man3/SSL_get_error.pod
+++ b/deps/openssl/openssl/doc/man3/SSL_get_error.pod
@@ -138,17 +138,20 @@ Details depend on the application.
 
 =item SSL_ERROR_SYSCALL
 
-Some non-recoverable I/O error occurred.
-The OpenSSL error queue may contain more information on the error.
-For socket I/O on Unix systems, consult B<errno> for details.
+Some non-recoverable, fatal I/O error occurred. The OpenSSL error queue may
+contain more information on the error. For socket I/O on Unix systems, consult
+B<errno> for details. If this error occurs then no further I/O operations should
+be performed on the connection and SSL_shutdown() must not be called.
 
 This value can also be returned for other errors, check the error queue for
 details.
 
 =item SSL_ERROR_SSL
 
-A failure in the SSL library occurred, usually a protocol error.  The
-OpenSSL error queue contains more information on the error.
+A non-recoverable, fatal error in the SSL library occurred, usually a protocol
+error.  The OpenSSL error queue contains more information on the error. If this
+error occurs then no further I/O operations should be performed on the
+connection and SSL_shutdown() must not be called.
 
 =back
 
@@ -158,8 +161,8 @@ L<ssl(7)>
 
 =head1 HISTORY
 
-SSL_ERROR_WANT_ASYNC was added in OpenSSL 1.1.0.
-SSL_ERROR_WANT_CLIENT_HELLO_CB was added in OpenSSL 1.1.1.
+The SSL_ERROR_WANT_ASYNC error code was added in OpenSSL 1.1.0.
+The SSL_ERROR_WANT_CLIENT_HELLO_CB error code was added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/SSL_get_version.pod b/deps/openssl/openssl/doc/man3/SSL_get_version.pod
index b0aaba3a59..5507ff3f3d 100644
--- a/deps/openssl/openssl/doc/man3/SSL_get_version.pod
+++ b/deps/openssl/openssl/doc/man3/SSL_get_version.pod
@@ -97,7 +97,7 @@ L<ssl(7)>
 
 =head1 HISTORY
 
-SSL_is_dtls() was added in OpenSSL 1.1.0.
+The SSL_is_dtls() function was added in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/SSL_key_update.pod b/deps/openssl/openssl/doc/man3/SSL_key_update.pod
index 7772b70bc6..068ace5978 100644
--- a/deps/openssl/openssl/doc/man3/SSL_key_update.pod
+++ b/deps/openssl/openssl/doc/man3/SSL_key_update.pod
@@ -14,11 +14,11 @@ SSL_renegotiate_pending
  #include <openssl/ssl.h>
 
  int SSL_key_update(SSL *s, int updatetype);
- int SSL_get_key_update_type(SSL *s);
+ int SSL_get_key_update_type(const SSL *s);
 
  int SSL_renegotiate(SSL *s);
  int SSL_renegotiate_abbreviated(SSL *s);
- int SSL_renegotiate_pending(SSL *s);
+ int SSL_renegotiate_pending(const SSL *s);
 
 =head1 DESCRIPTION
 
@@ -100,7 +100,7 @@ OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
-Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/deps/openssl/openssl/doc/man3/SSL_read.pod b/deps/openssl/openssl/doc/man3/SSL_read.pod
index e671b8eb79..1410a0228c 100644
--- a/deps/openssl/openssl/doc/man3/SSL_read.pod
+++ b/deps/openssl/openssl/doc/man3/SSL_read.pod
@@ -128,7 +128,7 @@ You should instead call SSL_get_error() to find out if it's retryable.
 
 =head1 HISTORY
 
-SSL_read_ex() and SSL_peek_ex() were added in OpenSSL 1.1.1.
+The SSL_read_ex() and SSL_peek_ex() functions were added in OpenSSL 1.1.1.
 
 =head1 SEE ALSO
 
diff --git a/deps/openssl/openssl/doc/man3/SSL_read_early_data.pod b/deps/openssl/openssl/doc/man3/SSL_read_early_data.pod
index 9769aa72e4..c51fe1359d 100644
--- a/deps/openssl/openssl/doc/man3/SSL_read_early_data.pod
+++ b/deps/openssl/openssl/doc/man3/SSL_read_early_data.pod
@@ -93,7 +93,7 @@ the server.
 A client uses the function SSL_write_early_data() to send early data. This
 function is similar to the L<SSL_write_ex(3)> function, but with the following
 differences. See L<SSL_write_ex(3)> for information on how to write bytes to
-the underlying connection, and how to handle any errors that may arise. This 
+the underlying connection, and how to handle any errors that may arise. This
 page describes the differences between SSL_write_early_data() and
 L<SSL_write_ex(3)>.
 
@@ -364,7 +364,7 @@ All of the functions described above were added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
-Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/deps/openssl/openssl/doc/man3/SSL_set1_host.pod b/deps/openssl/openssl/doc/man3/SSL_set1_host.pod
index 3ca3c6b013..a2c9f133ee 100644
--- a/deps/openssl/openssl/doc/man3/SSL_set1_host.pod
+++ b/deps/openssl/openssl/doc/man3/SSL_set1_host.pod
@@ -104,7 +104,7 @@ L<SSL_dane_enable(3)>.
 
 =head1 HISTORY
 
-These functions were first added to OpenSSL 1.1.0.
+These functions were added in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/SSL_shutdown.pod b/deps/openssl/openssl/doc/man3/SSL_shutdown.pod
index 0a3d6d370d..551fff6308 100644
--- a/deps/openssl/openssl/doc/man3/SSL_shutdown.pod
+++ b/deps/openssl/openssl/doc/man3/SSL_shutdown.pod
@@ -22,6 +22,10 @@ Whether the operation succeeds or not, the SSL_SENT_SHUTDOWN flag is set and
 a currently open session is considered closed and good and will be kept in the
 session cache for further reuse.
 
+Note that SSL_shutdown() must not be called if a previous fatal error has
+occurred on a connection i.e. if SSL_get_error() has returned SSL_ERROR_SYSCALL
+or SSL_ERROR_SSL.
+
 The shutdown procedure consists of two steps: sending of the close_notify
 shutdown alert, and reception of the peer's close_notify shutdown alert.
 The order of those two steps depends on the application.
diff --git a/deps/openssl/openssl/doc/man3/SSL_want.pod b/deps/openssl/openssl/doc/man3/SSL_want.pod
index ef4b2183e0..6840ccbfb6 100644
--- a/deps/openssl/openssl/doc/man3/SSL_want.pod
+++ b/deps/openssl/openssl/doc/man3/SSL_want.pod
@@ -101,7 +101,8 @@ L<ssl(7)>, L<SSL_get_error(3)>
 
 =head1 HISTORY
 
-SSL_want_client_hello_cb() and SSL_CLIENT_HELLO_CB were added in OpenSSL 1.1.1.
+The SSL_want_client_hello_cb() function and the SSL_CLIENT_HELLO_CB return value
+were added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/SSL_write.pod b/deps/openssl/openssl/doc/man3/SSL_write.pod
index 4dffd1fefc..3956f1def3 100644
--- a/deps/openssl/openssl/doc/man3/SSL_write.pod
+++ b/deps/openssl/openssl/doc/man3/SSL_write.pod
@@ -106,7 +106,7 @@ You should instead call SSL_get_error() to find out if it's retryable.
 
 =head1 HISTORY
 
-SSL_write_ex() was added in OpenSSL 1.1.1.
+The SSL_write_ex() function was added in OpenSSL 1.1.1.
 
 =head1 SEE ALSO
 
diff --git a/deps/openssl/openssl/doc/man3/UI_create_method.pod b/deps/openssl/openssl/doc/man3/UI_create_method.pod
index aefd41dac3..a01e1012dc 100644
--- a/deps/openssl/openssl/doc/man3/UI_create_method.pod
+++ b/deps/openssl/openssl/doc/man3/UI_create_method.pod
@@ -205,9 +205,8 @@ L<UI(3)>, L<CRYPTO_get_ex_data(3)>, L<UI_STRING(3)>
 
 =head1 HISTORY
 
-UI_method_set_data_duplicator(), UI_method_get_data_duplicator() and
-UI_method_get_data_destructor()
-were added in OpenSSL 1.1.1.
+The UI_method_set_data_duplicator(), UI_method_get_data_duplicator()
+and UI_method_get_data_destructor() functions were added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/UI_new.pod b/deps/openssl/openssl/doc/man3/UI_new.pod
index dd1b80ec63..3042b13f1f 100644
--- a/deps/openssl/openssl/doc/man3/UI_new.pod
+++ b/deps/openssl/openssl/doc/man3/UI_new.pod
@@ -233,14 +233,13 @@ UI_process() returns 0 on success or a negative value on error.
 
 UI_ctrl() returns a mask on success or -1 on error.
 
-UI_get_default_method(), UI_get_method(), UI_Openssl(), UI_null() and
+UI_get_default_method(), UI_get_method(), UI_OpenSSL(), UI_null() and
 UI_set_method() return either a valid B<UI_METHOD> structure or NULL
 respectively.
 
 =head1 HISTORY
 
-UI_dup_user_data()
-was added in OpenSSL 1.1.1.
+The UI_dup_user_data() function was added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/X509_NAME_ENTRY_get_object.pod b/deps/openssl/openssl/doc/man3/X509_NAME_ENTRY_get_object.pod
index 5de1b88b99..74f1a96d07 100644
--- a/deps/openssl/openssl/doc/man3/X509_NAME_ENTRY_get_object.pod
+++ b/deps/openssl/openssl/doc/man3/X509_NAME_ENTRY_get_object.pod
@@ -51,9 +51,6 @@ X509_NAME_ENTRY_get_object() and X509_NAME_ENTRY_get_data() can be
 used to examine an B<X509_NAME_ENTRY> function as returned by
 X509_NAME_get_entry() for example.
 
-X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_NID(),
-and X509_NAME_ENTRY_create_by_OBJ() create and return an
-
 X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_OBJ(),
 X509_NAME_ENTRY_create_by_NID() and X509_NAME_ENTRY_set_data()
 are seldom used in practice because B<X509_NAME_ENTRY> structures
diff --git a/deps/openssl/openssl/doc/man3/X509_STORE_CTX_new.pod b/deps/openssl/openssl/doc/man3/X509_STORE_CTX_new.pod
index 2828ed75d2..472db508bc 100644
--- a/deps/openssl/openssl/doc/man3/X509_STORE_CTX_new.pod
+++ b/deps/openssl/openssl/doc/man3/X509_STORE_CTX_new.pod
@@ -159,8 +159,8 @@ L<X509_VERIFY_PARAM_set_flags(3)>
 
 =head1 HISTORY
 
-X509_STORE_CTX_set0_crls() was first added to OpenSSL 1.0.0
-X509_STORE_CTX_get_num_untrusted() was first added to OpenSSL 1.1.0
+The X509_STORE_CTX_set0_crls() function was added in OpenSSL 1.0.0.
+The X509_STORE_CTX_get_num_untrusted() function was added in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/X509_STORE_CTX_set_verify_cb.pod b/deps/openssl/openssl/doc/man3/X509_STORE_CTX_set_verify_cb.pod
index 5688ab79a7..647ed2f174 100644
--- a/deps/openssl/openssl/doc/man3/X509_STORE_CTX_set_verify_cb.pod
+++ b/deps/openssl/openssl/doc/man3/X509_STORE_CTX_set_verify_cb.pod
@@ -192,12 +192,13 @@ L<X509_STORE_CTX_get_ex_new_index(3)>
 
 =head1 HISTORY
 
+The
 X509_STORE_CTX_get_get_issuer(),
 X509_STORE_CTX_get_check_issued(), X509_STORE_CTX_get_check_revocation(),
 X509_STORE_CTX_get_get_crl(), X509_STORE_CTX_get_check_crl(),
 X509_STORE_CTX_get_cert_crl(), X509_STORE_CTX_get_check_policy(),
 X509_STORE_CTX_get_lookup_certs(), X509_STORE_CTX_get_lookup_crls()
-and X509_STORE_CTX_get_cleanup() were added in OpenSSL 1.1.0.
+and X509_STORE_CTX_get_cleanup() functions were added in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/X509_STORE_new.pod b/deps/openssl/openssl/doc/man3/X509_STORE_new.pod
index f7a5c81416..b3bc96e20b 100644
--- a/deps/openssl/openssl/doc/man3/X509_STORE_new.pod
+++ b/deps/openssl/openssl/doc/man3/X509_STORE_new.pod
@@ -44,7 +44,7 @@ L<X509_STORE_get0_param(3)>
 =head1 HISTORY
 
 The X509_STORE_up_ref(), X509_STORE_lock() and X509_STORE_unlock()
-functions were added in OpenSSL 1.1.0
+functions were added in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/X509_STORE_set_verify_cb_func.pod b/deps/openssl/openssl/doc/man3/X509_STORE_set_verify_cb_func.pod
index 12a4646741..d16881edd8 100644
--- a/deps/openssl/openssl/doc/man3/X509_STORE_set_verify_cb_func.pod
+++ b/deps/openssl/openssl/doc/man3/X509_STORE_set_verify_cb_func.pod
@@ -237,8 +237,9 @@ L<CMS_verify(3)>
 
 =head1 HISTORY
 
-X509_STORE_set_verify_cb() was added to OpenSSL 1.0.0.
+The X509_STORE_set_verify_cb() function was added in OpenSSL 1.0.0.
 
+The functions
 X509_STORE_set_verify_cb(), X509_STORE_get_verify_cb(),
 X509_STORE_set_verify(), X509_STORE_CTX_get_verify(),
 X509_STORE_set_get_issuer(), X509_STORE_get_get_issuer(),
@@ -250,8 +251,8 @@ X509_STORE_set_cert_crl(), X509_STORE_get_cert_crl(),
 X509_STORE_set_check_policy(), X509_STORE_get_check_policy(),
 X509_STORE_set_lookup_certs(), X509_STORE_get_lookup_certs(),
 X509_STORE_set_lookup_crls(), X509_STORE_get_lookup_crls(),
-X509_STORE_set_cleanup() and X509_STORE_get_cleanup() were added in
-OpenSSL 1.1.0.
+X509_STORE_set_cleanup() and X509_STORE_get_cleanup()
+were added in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/deps/openssl/openssl/doc/man3/X509_VERIFY_PARAM_set_flags.pod
index 9b64e0a915..f45467cace 100644
--- a/deps/openssl/openssl/doc/man3/X509_VERIFY_PARAM_set_flags.pod
+++ b/deps/openssl/openssl/doc/man3/X509_VERIFY_PARAM_set_flags.pod
@@ -368,11 +368,11 @@ L<x509(1)>
 
 =head1 HISTORY
 
-The B<X509_V_FLAG_NO_ALT_CHAINS> flag was added in OpenSSL 1.1.0
-The flag B<X509_V_FLAG_CB_ISSUER_CHECK> was deprecated in
-OpenSSL 1.1.0, and has no effect.
+The B<X509_V_FLAG_NO_ALT_CHAINS> flag was added in OpenSSL 1.1.0.
+The flag B<X509_V_FLAG_CB_ISSUER_CHECK> was deprecated in OpenSSL 1.1.0
+and has no effect.
 
-X509_VERIFY_PARAM_get_hostflags() was added in OpenSSL 1.1.0i.
+The X509_VERIFY_PARAM_get_hostflags() function was added in OpenSSL 1.1.0i.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/X509_get0_signature.pod b/deps/openssl/openssl/doc/man3/X509_get0_signature.pod
index f63c5a5b68..4133bc37a9 100644
--- a/deps/openssl/openssl/doc/man3/X509_get0_signature.pod
+++ b/deps/openssl/openssl/doc/man3/X509_get0_signature.pod
@@ -109,12 +109,14 @@ L<X509_verify_cert(3)>
 
 =head1 HISTORY
 
-X509_get0_signature() and X509_get_signature_nid() were first added to
-OpenSSL 1.0.2.
+The
+X509_get0_signature() and X509_get_signature_nid() functions were
+added in OpenSSL 1.0.2.
 
+The
 X509_REQ_get0_signature(), X509_REQ_get_signature_nid(),
-X509_CRL_get0_signature() and X509_CRL_get_signature_nid() were first added
-to OpenSSL 1.1.0.
+X509_CRL_get0_signature() and X509_CRL_get_signature_nid() were
+added in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/X509_get_serialNumber.pod b/deps/openssl/openssl/doc/man3/X509_get_serialNumber.pod
index 2e81c62396..684adb7578 100644
--- a/deps/openssl/openssl/doc/man3/X509_get_serialNumber.pod
+++ b/deps/openssl/openssl/doc/man3/X509_get_serialNumber.pod
@@ -56,8 +56,9 @@ L<X509_verify_cert(3)>
 
 =head1 HISTORY
 
-X509_get_serialNumber() and X509_set_serialNumber() are available in
-all versions of OpenSSL. X509_get0_serialNumber() was added in OpenSSL 1.1.0.
+The X509_get_serialNumber() and X509_set_serialNumber() functions are
+available in all versions of OpenSSL.
+The X509_get0_serialNumber() function was added in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/X509_get_subject_name.pod b/deps/openssl/openssl/doc/man3/X509_get_subject_name.pod
index 2107c1d090..7c4a499225 100644
--- a/deps/openssl/openssl/doc/man3/X509_get_subject_name.pod
+++ b/deps/openssl/openssl/doc/man3/X509_get_subject_name.pod
@@ -53,8 +53,8 @@ and X509_CRL_set_issuer_name() return 1 for success and 0 for failure.
 X509_REQ_get_subject_name() is a function in OpenSSL 1.1.0 and a macro in
 earlier versions.
 
-X509_CRL_get_issuer() is a function in OpenSSL 1.1.0. It was first added
-to OpenSSL 1.0.0 as a macro.
+X509_CRL_get_issuer() is a function in OpenSSL 1.1.0. It was previously
+added in OpenSSL 1.0.0 as a macro.
 
 =head1 SEE ALSO
 
diff --git a/deps/openssl/openssl/doc/man3/X509_sign.pod b/deps/openssl/openssl/doc/man3/X509_sign.pod
index 994fd43881..8794c57e8d 100644
--- a/deps/openssl/openssl/doc/man3/X509_sign.pod
+++ b/deps/openssl/openssl/doc/man3/X509_sign.pod
@@ -81,11 +81,11 @@ L<X509_verify_cert(3)>
 
 =head1 HISTORY
 
-X509_sign(), X509_REQ_sign() and X509_CRL_sign() are available in all
-versions of OpenSSL.
+The X509_sign(), X509_REQ_sign() and X509_CRL_sign() functions are
+available in all versions of OpenSSL.
 
-X509_sign_ctx(), X509_REQ_sign_ctx() and X509_CRL_sign_ctx() were first added
-to OpenSSL 1.0.1.
+The X509_sign_ctx(), X509_REQ_sign_ctx()
+and X509_CRL_sign_ctx() functions were added OpenSSL 1.0.1.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/d2i_PrivateKey.pod b/deps/openssl/openssl/doc/man3/d2i_PrivateKey.pod
index 13415d5488..4e3f20f8b3 100644
--- a/deps/openssl/openssl/doc/man3/d2i_PrivateKey.pod
+++ b/deps/openssl/openssl/doc/man3/d2i_PrivateKey.pod
@@ -50,15 +50,19 @@ If the B<*a> is not NULL when calling d2i_PrivateKey() or d2i_AutoPrivateKey()
 (i.e. an existing structure is being reused) and the key format is PKCS#8
 then B<*a> will be freed and replaced on a successful call.
 
+To decode a key with type B<EVP_PKEY_EC>, d2i_PublicKey() requires B<*a> to be
+a non-NULL EVP_PKEY structure assigned an EC_KEY structure referencing the proper
+EC_GROUP.
+
 =head1 RETURN VALUES
 
-d2i_PrivateKey() and d2i_AutoPrivateKey() return a valid B<EVP_KEY> structure
-or B<NULL> if an error occurs. The error code can be obtained by calling
-L<ERR_get_error(3)>.
+The d2i_PrivateKey(), d2i_AutoPrivateKey(), d2i_PrivateKey_bio(), d2i_PrivateKey_fp(),
+and d2i_PublicKey() functions return a valid B<EVP_KEY> structure or B<NULL> if an
+error occurs. The error code can be obtained by calling L<ERR_get_error(3)>.
 
-i2d_PrivateKey() returns the number of bytes successfully encoded or a
-negative value if an error occurs. The error code can be obtained by calling
-L<ERR_get_error(3)>.
+i2d_PrivateKey() and i2d_PublicKey() return the number of bytes successfully
+encoded or a negative value if an error occurs. The error code can be obtained
+by calling L<ERR_get_error(3)>.
 
 =head1 SEE ALSO
 
@@ -67,7 +71,7 @@ L<d2i_PKCS8PrivateKey_bio(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/deps/openssl/openssl/doc/man3/i2d_CMS_bio_stream.pod b/deps/openssl/openssl/doc/man3/i2d_CMS_bio_stream.pod
index ece7a4800e..dd2bd213f1 100644
--- a/deps/openssl/openssl/doc/man3/i2d_CMS_bio_stream.pod
+++ b/deps/openssl/openssl/doc/man3/i2d_CMS_bio_stream.pod
@@ -39,7 +39,7 @@ L<PEM_write_bio_CMS_stream(3)>
 
 =head1 HISTORY
 
-i2d_CMS_bio_stream() was added to OpenSSL 1.0.0
+The i2d_CMS_bio_stream() function was added in OpenSSL 1.0.0.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man3/i2d_PKCS7_bio_stream.pod b/deps/openssl/openssl/doc/man3/i2d_PKCS7_bio_stream.pod
index b42940a83c..a33aa08f2d 100644
--- a/deps/openssl/openssl/doc/man3/i2d_PKCS7_bio_stream.pod
+++ b/deps/openssl/openssl/doc/man3/i2d_PKCS7_bio_stream.pod
@@ -39,7 +39,7 @@ L<PEM_write_bio_PKCS7_stream(3)>
 
 =head1 HISTORY
 
-i2d_PKCS7_bio_stream() was added to OpenSSL 1.0.0
+The i2d_PKCS7_bio_stream() function was added in OpenSSL 1.0.0.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/doc/man5/config.pod b/deps/openssl/openssl/doc/man5/config.pod
index 3e110b0313..992fdfccf9 100644
--- a/deps/openssl/openssl/doc/man5/config.pod
+++ b/deps/openssl/openssl/doc/man5/config.pod
@@ -42,6 +42,13 @@ working directory so unless the configuration file containing the
 B<.include> directive is application specific the inclusion will not
 work as expected.
 
+There can be optional B<=> character and whitespace characters between
+B<.include> directive and the path which can be useful in cases the
+configuration file needs to be loaded by old OpenSSL versions which do
+not support the B<.include> syntax. They would bail out with error
+if the B<=> character is not present but with it they just ignore
+the include.
+
 Each section in a configuration file consists of a number of name and
 value pairs of the form B<name=value>
 
@@ -419,7 +426,7 @@ L<x509(1)>, L<req(1)>, L<ca(1)>
 
 =head1 COPYRIGHT
 
-Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/deps/openssl/openssl/doc/man7/ct.pod b/deps/openssl/openssl/doc/man7/ct.pod
index 355204d2a6..9f82c0ba44 100644
--- a/deps/openssl/openssl/doc/man7/ct.pod
+++ b/deps/openssl/openssl/doc/man7/ct.pod
@@ -15,7 +15,7 @@ clients, as defined in RFC 6962. This verification can provide some confidence
 that a certificate has been publicly logged in a set of CT logs.
 
 By default, these checks are disabled. They can be enabled using
-SSL_CTX_ct_enable() or SSL_ct_enable().
+L<SSL_CTX_enable_ct(3)> or L<SSL_enable_ct(3)>.
 
 This library can also be used to parse and examine CT data structures, such as
 Signed Certificate Timestamps (SCTs), or to read a list of CT logs. There are
@@ -39,7 +39,7 @@ L<SSL_CTX_set_ct_validation_callback(3)>
 
 =head1 HISTORY
 
-This library was added in OpenSSL 1.1.0.
+The ct library was added in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
 
diff --git a/deps/openssl/openssl/e_os.h b/deps/openssl/openssl/e_os.h
index 534059382b..8e6efa9616 100644
--- a/deps/openssl/openssl/e_os.h
+++ b/deps/openssl/openssl/e_os.h
@@ -49,6 +49,7 @@
 
 # define get_last_sys_error()    errno
 # define clear_sys_error()       errno=0
+# define set_sys_error(e)        errno=(e)
 
 /********************************************************************
  The Microsoft section
@@ -66,8 +67,10 @@
 # ifdef WIN32
 #  undef get_last_sys_error
 #  undef clear_sys_error
+#  undef set_sys_error
 #  define get_last_sys_error()    GetLastError()
 #  define clear_sys_error()       SetLastError(0)
+#  define set_sys_error(e)        SetLastError(e)
 #  if !defined(WINNT)
 #   define WIN_CONSOLE_BUG
 #  endif
diff --git a/deps/openssl/openssl/engines/e_dasync.c b/deps/openssl/openssl/engines/e_dasync.c
index b005f421a6..5cdacb66a0 100644
--- a/deps/openssl/openssl/engines/e_dasync.c
+++ b/deps/openssl/openssl/engines/e_dasync.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -138,7 +138,6 @@ struct dasync_pipeline_ctx {
     unsigned char **inbufs;
     unsigned char **outbufs;
     size_t *lens;
-    int enc;
     unsigned char tlsaad[SSL_MAX_PIPELINES][EVP_AEAD_TLS1_AAD_LEN];
     unsigned int aadctr;
 };
@@ -156,6 +155,14 @@ static const EVP_CIPHER *dasync_aes_128_cbc(void)
 /*
  * Holds the EVP_CIPHER object for aes_128_cbc_hmac_sha1 in this engine. Set up
  * once only during engine bind and can then be reused many times.
+ *
+ * This 'stitched' cipher depends on the EVP_aes_128_cbc_hmac_sha1() cipher,
+ * which is implemented only if the AES-NI instruction set extension is available
+ * (see OPENSSL_IA32CAP(3)). If that's not the case, then this cipher will not
+ * be available either.
+ *
+ * Note: Since it is a legacy mac-then-encrypt cipher, modern TLS peers (which
+ * negotiate the encrypt-then-mac extension) won't negotiate it anyway.
  */
 static EVP_CIPHER *_hidden_aes_128_cbc_hmac_sha1 = NULL;
 static const EVP_CIPHER *dasync_aes_128_cbc_hmac_sha1(void)
@@ -603,7 +610,7 @@ static int dasync_cipher_ctrl_helper(EVP_CIPHER_CTX *ctx, int type, int arg,
 
             len = p[arg - 2] << 8 | p[arg - 1];
 
-            if (pipe_ctx->enc) {
+            if (EVP_CIPHER_CTX_encrypting(ctx)) {
                 if ((p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) {
                     if (len < AES_BLOCK_SIZE)
                         return 0;
@@ -752,6 +759,10 @@ static int dasync_aes128_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx,
                                                 const unsigned char *iv,
                                                 int enc)
 {
+    /*
+     * We can safely assume that EVP_aes_128_cbc_hmac_sha1() != NULL,
+     * see comment before the definition of dasync_aes_128_cbc_hmac_sha1().
+     */
     return dasync_cipher_init_key_helper(ctx, key, iv, enc,
                                          EVP_aes_128_cbc_hmac_sha1());
 }
@@ -766,5 +777,9 @@ static int dasync_aes128_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx,
 
 static int dasync_aes128_cbc_hmac_sha1_cleanup(EVP_CIPHER_CTX *ctx)
 {
+    /*
+     * We can safely assume that EVP_aes_128_cbc_hmac_sha1() != NULL,
+     * see comment before the definition of dasync_aes_128_cbc_hmac_sha1().
+     */
     return dasync_cipher_cleanup_helper(ctx, EVP_aes_128_cbc_hmac_sha1());
 }
diff --git a/deps/openssl/openssl/include/internal/conf.h b/deps/openssl/openssl/include/internal/conf.h
index dc1e72508a..29bc9f963c 100644
--- a/deps/openssl/openssl/include/internal/conf.h
+++ b/deps/openssl/openssl/include/internal/conf.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -12,11 +12,18 @@
 
 #include <openssl/conf.h>
 
+#define DEFAULT_CONF_MFLAGS \
+    (CONF_MFLAGS_DEFAULT_SECTION | \
+     CONF_MFLAGS_IGNORE_MISSING_FILE | \
+     CONF_MFLAGS_IGNORE_RETURN_CODES)
+
 struct ossl_init_settings_st {
+    char *filename;
     char *appname;
+    unsigned long flags;
 };
 
-void openssl_config_int(const char *appname);
+int openssl_config_int(const OPENSSL_INIT_SETTINGS *);
 void openssl_no_config_int(void);
 void conf_modules_free_int(void);
 
diff --git a/deps/openssl/openssl/include/internal/constant_time_locl.h b/deps/openssl/openssl/include/internal/constant_time_locl.h
index 82ff74652e..cde30f4067 100644
--- a/deps/openssl/openssl/include/internal/constant_time_locl.h
+++ b/deps/openssl/openssl/include/internal/constant_time_locl.h
@@ -324,4 +324,10 @@ static ossl_inline void constant_time_lookup(void *out,
     }
 }
 
+/*
+ * Expected usage pattern is to unconditionally set error and then
+ * wipe it if there was no actual error. |clear| is 1 or 0.
+ */
+void err_clear_last_constant_time(int clear);
+
 #endif                          /* HEADER_CONSTANT_TIME_LOCL_H */
diff --git a/deps/openssl/openssl/include/internal/cryptlib.h b/deps/openssl/openssl/include/internal/cryptlib.h
index 329ef62014..b4d76d5f2e 100644
--- a/deps/openssl/openssl/include/internal/cryptlib.h
+++ b/deps/openssl/openssl/include/internal/cryptlib.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -92,5 +92,7 @@ void *openssl_fopen(const char *filename, const char *mode);
 # endif
 
 uint32_t OPENSSL_rdtsc(void);
+size_t OPENSSL_instrument_bus(unsigned int *, size_t);
+size_t OPENSSL_instrument_bus2(unsigned int *, size_t, size_t);
 
 #endif
diff --git a/deps/openssl/openssl/include/internal/sockets.h b/deps/openssl/openssl/include/internal/sockets.h
index a6026dad08..5bb0355f07 100644
--- a/deps/openssl/openssl/include/internal/sockets.h
+++ b/deps/openssl/openssl/include/internal/sockets.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -72,11 +72,7 @@ struct servent *PASCAL getservbyname(const char *, const char *);
 #  else
 #   include <sys/socket.h>
 #   ifndef NO_SYS_UN_H
-#    ifdef OPENSSL_SYS_VXWORKS
-#     include <streams/un.h>
-#    else
-#     include <sys/un.h>
-#    endif
+#    include <sys/un.h>
 #    ifndef UNIX_PATH_MAX
 #     define UNIX_PATH_MAX sizeof(((struct sockaddr_un *)NULL)->sun_path)
 #    endif
diff --git a/deps/openssl/openssl/include/internal/thread_once.h b/deps/openssl/openssl/include/internal/thread_once.h
index 224244353a..8a25d04d2d 100644
--- a/deps/openssl/openssl/include/internal/thread_once.h
+++ b/deps/openssl/openssl/include/internal/thread_once.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -9,6 +9,20 @@
 
 #include <openssl/crypto.h>
 
+/*
+ * DEFINE_RUN_ONCE: Define an initialiser function that should be run exactly
+ * once. It takes no arguments and returns and int result (1 for success or
+ * 0 for failure). Typical usage might be:
+ *
+ * DEFINE_RUN_ONCE(myinitfunc)
+ * {
+ *     do_some_initialisation();
+ *     if (init_is_successful())
+ *         return 1;
+ *
+ *     return 0;
+ * }
+ */
 #define DEFINE_RUN_ONCE(init)                   \
     static int init(void);                     \
     int init##_ossl_ret_ = 0;                   \
@@ -17,10 +31,30 @@
         init##_ossl_ret_ = init();              \
     }                                           \
     static int init(void)
+
+/*
+ * DECLARE_RUN_ONCE: Declare an initialiser function that should be run exactly
+ * once that has been defined in another file via DEFINE_RUN_ONCE().
+ */
 #define DECLARE_RUN_ONCE(init)                  \
     extern int init##_ossl_ret_;                \
     void init##_ossl_(void);
 
+/*
+ * DEFINE_RUN_ONCE_STATIC: Define an initialiser function that should be run
+ * exactly once. This function will be declared as static within the file. It
+ * takes no arguments and returns and int result (1 for success or 0 for
+ * failure). Typical usage might be:
+ *
+ * DEFINE_RUN_ONCE_STATIC(myinitfunc)
+ * {
+ *     do_some_initialisation();
+ *     if (init_is_successful())
+ *         return 1;
+ *
+ *     return 0;
+ * }
+ */
 #define DEFINE_RUN_ONCE_STATIC(init)            \
     static int init(void);                     \
     static int init##_ossl_ret_ = 0;            \
@@ -31,6 +65,46 @@
     static int init(void)
 
 /*
+ * DEFINE_RUN_ONCE_STATIC_ALT: Define an alternative initialiser function. This
+ * function will be declared as static within the file. It takes no arguments
+ * and returns an int result (1 for success or 0 for failure). An alternative
+ * initialiser function is expected to be associated with a primary initialiser
+ * function defined via DEFINE_ONCE_STATIC where both functions use the same
+ * CRYPTO_ONCE object to synchronise. Where an alternative initialiser function
+ * is used only one of the primary or the alternative initialiser function will
+ * ever be called - and that function will be called exactly once. Definitition
+ * of an alternative initialiser function MUST occur AFTER the definition of the
+ * primary initialiser function.
+ *
+ * Typical usage might be:
+ *
+ * DEFINE_RUN_ONCE_STATIC(myinitfunc)
+ * {
+ *     do_some_initialisation();
+ *     if (init_is_successful())
+ *         return 1;
+ *
+ *     return 0;
+ * }
+ *
+ * DEFINE_RUN_ONCE_STATIC_ALT(myaltinitfunc, myinitfunc)
+ * {
+ *     do_some_alternative_initialisation();
+ *     if (init_is_successful())
+ *         return 1;
+ *
+ *     return 0;
+ * }
+ */
+#define DEFINE_RUN_ONCE_STATIC_ALT(initalt, init) \
+    static int initalt(void);                     \
+    static void initalt##_ossl_(void)             \
+    {                                             \
+        init##_ossl_ret_ = initalt();             \
+    }                                             \
+    static int initalt(void)
+
+/*
  * RUN_ONCE - use CRYPTO_THREAD_run_once, and check if the init succeeded
  * @once: pointer to static object of type CRYPTO_ONCE
  * @init: function name that was previously given to DEFINE_RUN_ONCE,
@@ -43,3 +117,21 @@
  */
 #define RUN_ONCE(once, init)                                            \
     (CRYPTO_THREAD_run_once(once, init##_ossl_) ? init##_ossl_ret_ : 0)
+
+/*
+ * RUN_ONCE_ALT - use CRYPTO_THREAD_run_once, to run an alternative initialiser
+ *                function and check if that initialisation succeeded
+ * @once:    pointer to static object of type CRYPTO_ONCE
+ * @initalt: alternative initialiser function name that was previously given to
+ *           DEFINE_RUN_ONCE_STATIC_ALT.  This function must return 1 for
+ *           success or 0 for failure.
+ * @init:    primary initialiser function name that was previously given to
+ *           DEFINE_RUN_ONCE_STATIC.  This function must return 1 for success or
+ *           0 for failure.
+ *
+ * The return value is 1 on success (*) or 0 in case of error.
+ *
+ * (*) by convention, since the init function must return 1 on success.
+ */
+#define RUN_ONCE_ALT(once, initalt, init)                               \
+    (CRYPTO_THREAD_run_once(once, initalt##_ossl_) ? init##_ossl_ret_ : 0)
diff --git a/deps/openssl/openssl/include/internal/tsan_assist.h b/deps/openssl/openssl/include/internal/tsan_assist.h
index f30ffe398a..38ba0c7ebb 100644
--- a/deps/openssl/openssl/include/internal/tsan_assist.h
+++ b/deps/openssl/openssl/include/internal/tsan_assist.h
@@ -1,12 +1,12 @@
 /*
- * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
  * https://www.openssl.org/source/license.html
  */
- 
+
 /*
  * Contemporary compilers implement lock-free atomic memory access
  * primitives that facilitate writing "thread-opportunistic" or even real
diff --git a/deps/openssl/openssl/include/openssl/crypto.h b/deps/openssl/openssl/include/openssl/crypto.h
index 7e50b1bf46..7d0b526236 100644
--- a/deps/openssl/openssl/include/openssl/crypto.h
+++ b/deps/openssl/openssl/include/openssl/crypto.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
@@ -109,13 +109,8 @@ DEFINE_STACK_OF(void)
 # define CRYPTO_EX_INDEX_DRBG            15
 # define CRYPTO_EX_INDEX__COUNT          16
 
-/*
- * This is the default callbacks, but we can have others as well: this is
- * needed in Win32 where the application malloc and the library malloc may
- * not be the same.
- */
-#define OPENSSL_malloc_init() \
-    CRYPTO_set_mem_functions(CRYPTO_malloc, CRYPTO_realloc, CRYPTO_free)
+/* No longer needed, so this is a no-op */
+#define OPENSSL_malloc_init() while(0) continue
 
 int CRYPTO_mem_ctrl(int mode);
 
@@ -377,6 +372,7 @@ int CRYPTO_memcmp(const void * in_a, const void * in_b, size_t len);
 /* OPENSSL_INIT_ZLIB                         0x00010000L */
 # define OPENSSL_INIT_ATFORK                 0x00020000L
 /* OPENSSL_INIT_BASE_ONLY                    0x00040000L */
+# define OPENSSL_INIT_NO_ATEXIT              0x00080000L
 /* OPENSSL_INIT flag range 0xfff00000 reserved for OPENSSL_init_ssl() */
 /* Max OPENSSL_INIT flag value is 0x80000000 */
 
@@ -396,8 +392,12 @@ void OPENSSL_thread_stop(void);
 /* Low-level control of initialization */
 OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void);
 # ifndef OPENSSL_NO_STDIO
+int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *settings,
+                                     const char *config_filename);
+void OPENSSL_INIT_set_config_file_flags(OPENSSL_INIT_SETTINGS *settings,
+                                        unsigned long flags);
 int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *settings,
-                                    const char *config_file);
+                                    const char *config_appname);
 # endif
 void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *settings);
 
diff --git a/deps/openssl/openssl/include/openssl/e_os2.h b/deps/openssl/openssl/include/openssl/e_os2.h
index eeae215445..97a776cdac 100644
--- a/deps/openssl/openssl/include/openssl/e_os2.h
+++ b/deps/openssl/openssl/include/openssl/e_os2.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -287,6 +287,13 @@ typedef unsigned __int64 uint64_t;
 #  define ossl_noreturn
 # endif
 
+/* ossl_unused: portable unused attribute for use in public headers */
+# if defined(__GNUC__)
+#  define ossl_unused __attribute__((unused))
+# else
+#  define ossl_unused
+# endif
+
 #ifdef  __cplusplus
 }
 #endif
diff --git a/deps/openssl/openssl/include/openssl/ecerr.h b/deps/openssl/openssl/include/openssl/ecerr.h
index 8d429387a2..be313d2856 100644
--- a/deps/openssl/openssl/include/openssl/ecerr.h
+++ b/deps/openssl/openssl/include/openssl/ecerr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -62,6 +62,7 @@ int ERR_load_EC_strings(void);
 #  define EC_F_EC_ASN1_GROUP2CURVE                         153
 #  define EC_F_EC_ASN1_GROUP2FIELDID                       154
 #  define EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY           208
+#  define EC_F_EC_GF2M_SIMPLE_FIELD_INV                    296
 #  define EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT     159
 #  define EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE              195
 #  define EC_F_EC_GF2M_SIMPLE_LADDER_POST                  285
@@ -74,6 +75,7 @@ int ERR_load_EC_strings(void);
 #  define EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES   164
 #  define EC_F_EC_GFP_MONT_FIELD_DECODE                    133
 #  define EC_F_EC_GFP_MONT_FIELD_ENCODE                    134
+#  define EC_F_EC_GFP_MONT_FIELD_INV                       297
 #  define EC_F_EC_GFP_MONT_FIELD_MUL                       131
 #  define EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE                209
 #  define EC_F_EC_GFP_MONT_FIELD_SQR                       132
@@ -91,6 +93,7 @@ int ERR_load_EC_strings(void);
 #  define EC_F_EC_GFP_NIST_FIELD_SQR                       201
 #  define EC_F_EC_GFP_NIST_GROUP_SET_CURVE                 202
 #  define EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES             287
+#  define EC_F_EC_GFP_SIMPLE_FIELD_INV                     298
 #  define EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT      165
 #  define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE               166
 #  define EC_F_EC_GFP_SIMPLE_MAKE_AFFINE                   102
@@ -202,6 +205,7 @@ int ERR_load_EC_strings(void);
 #  define EC_R_BAD_SIGNATURE                               156
 #  define EC_R_BIGNUM_OUT_OF_RANGE                         144
 #  define EC_R_BUFFER_TOO_SMALL                            100
+#  define EC_R_CANNOT_INVERT                               165
 #  define EC_R_COORDINATES_OUT_OF_RANGE                    146
 #  define EC_R_CURVE_DOES_NOT_SUPPORT_ECDH                 160
 #  define EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING              159
diff --git a/deps/openssl/openssl/include/openssl/evp.h b/deps/openssl/openssl/include/openssl/evp.h
index 8c8051993f..9f05b5a3b7 100644
--- a/deps/openssl/openssl/include/openssl/evp.h
+++ b/deps/openssl/openssl/include/openssl/evp.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -945,14 +945,9 @@ const EVP_CIPHER *EVP_sm4_ctr(void);
                         | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL)
 
 #  ifdef OPENSSL_LOAD_CONF
-#   define OpenSSL_add_all_algorithms() \
-    OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \
-                        | OPENSSL_INIT_ADD_ALL_DIGESTS \
-                        | OPENSSL_INIT_LOAD_CONFIG, NULL)
+#   define OpenSSL_add_all_algorithms() OPENSSL_add_all_algorithms_conf()
 #  else
-#   define OpenSSL_add_all_algorithms() \
-    OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \
-                        | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL)
+#   define OpenSSL_add_all_algorithms() OPENSSL_add_all_algorithms_noconf()
 #  endif
 
 #  define OpenSSL_add_all_ciphers() \
@@ -994,7 +989,7 @@ int EVP_PKEY_id(const EVP_PKEY *pkey);
 int EVP_PKEY_base_id(const EVP_PKEY *pkey);
 int EVP_PKEY_bits(const EVP_PKEY *pkey);
 int EVP_PKEY_security_bits(const EVP_PKEY *pkey);
-int EVP_PKEY_size(EVP_PKEY *pkey);
+int EVP_PKEY_size(const EVP_PKEY *pkey);
 int EVP_PKEY_set_type(EVP_PKEY *pkey, int type);
 int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len);
 int EVP_PKEY_set_alias_type(EVP_PKEY *pkey, int type);
diff --git a/deps/openssl/openssl/include/openssl/evperr.h b/deps/openssl/openssl/include/openssl/evperr.h
index 3484fa841d..84f03eb3c4 100644
--- a/deps/openssl/openssl/include/openssl/evperr.h
+++ b/deps/openssl/openssl/include/openssl/evperr.h
@@ -47,6 +47,7 @@ int ERR_load_EVP_strings(void);
 # define EVP_F_EVP_DECRYPTUPDATE                          166
 # define EVP_F_EVP_DIGESTFINALXOF                         174
 # define EVP_F_EVP_DIGESTINIT_EX                          128
+# define EVP_F_EVP_ENCRYPTDECRYPTUPDATE                   219
 # define EVP_F_EVP_ENCRYPTFINAL_EX                        127
 # define EVP_F_EVP_ENCRYPTUPDATE                          167
 # define EVP_F_EVP_MD_CTX_COPY_EX                         110
diff --git a/deps/openssl/openssl/include/openssl/lhash.h b/deps/openssl/openssl/include/openssl/lhash.h
index 88d7d977b9..47b99d17fb 100644
--- a/deps/openssl/openssl/include/openssl/lhash.h
+++ b/deps/openssl/openssl/include/openssl/lhash.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -127,52 +127,52 @@ void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH *lh, BIO *out);
         return (LHASH_OF(type) *) \
             OPENSSL_LH_new((OPENSSL_LH_HASHFUNC)hfn, (OPENSSL_LH_COMPFUNC)cfn); \
     } \
-    static ossl_inline void lh_##type##_free(LHASH_OF(type) *lh) \
+    static ossl_unused ossl_inline void lh_##type##_free(LHASH_OF(type) *lh) \
     { \
         OPENSSL_LH_free((OPENSSL_LHASH *)lh); \
     } \
-    static ossl_inline type *lh_##type##_insert(LHASH_OF(type) *lh, type *d) \
+    static ossl_unused ossl_inline type *lh_##type##_insert(LHASH_OF(type) *lh, type *d) \
     { \
         return (type *)OPENSSL_LH_insert((OPENSSL_LHASH *)lh, d); \
     } \
-    static ossl_inline type *lh_##type##_delete(LHASH_OF(type) *lh, const type *d) \
+    static ossl_unused ossl_inline type *lh_##type##_delete(LHASH_OF(type) *lh, const type *d) \
     { \
         return (type *)OPENSSL_LH_delete((OPENSSL_LHASH *)lh, d); \
     } \
-    static ossl_inline type *lh_##type##_retrieve(LHASH_OF(type) *lh, const type *d) \
+    static ossl_unused ossl_inline type *lh_##type##_retrieve(LHASH_OF(type) *lh, const type *d) \
     { \
         return (type *)OPENSSL_LH_retrieve((OPENSSL_LHASH *)lh, d); \
     } \
-    static ossl_inline int lh_##type##_error(LHASH_OF(type) *lh) \
+    static ossl_unused ossl_inline int lh_##type##_error(LHASH_OF(type) *lh) \
     { \
         return OPENSSL_LH_error((OPENSSL_LHASH *)lh); \
     } \
-    static ossl_inline unsigned long lh_##type##_num_items(LHASH_OF(type) *lh) \
+    static ossl_unused ossl_inline unsigned long lh_##type##_num_items(LHASH_OF(type) *lh) \
     { \
         return OPENSSL_LH_num_items((OPENSSL_LHASH *)lh); \
     } \
-    static ossl_inline void lh_##type##_node_stats_bio(const LHASH_OF(type) *lh, BIO *out) \
+    static ossl_unused ossl_inline void lh_##type##_node_stats_bio(const LHASH_OF(type) *lh, BIO *out) \
     { \
         OPENSSL_LH_node_stats_bio((const OPENSSL_LHASH *)lh, out); \
     } \
-    static ossl_inline void lh_##type##_node_usage_stats_bio(const LHASH_OF(type) *lh, BIO *out) \
+    static ossl_unused ossl_inline void lh_##type##_node_usage_stats_bio(const LHASH_OF(type) *lh, BIO *out) \
     { \
         OPENSSL_LH_node_usage_stats_bio((const OPENSSL_LHASH *)lh, out); \
     } \
-    static ossl_inline void lh_##type##_stats_bio(const LHASH_OF(type) *lh, BIO *out) \
+    static ossl_unused ossl_inline void lh_##type##_stats_bio(const LHASH_OF(type) *lh, BIO *out) \
     { \
         OPENSSL_LH_stats_bio((const OPENSSL_LHASH *)lh, out); \
     } \
-    static ossl_inline unsigned long lh_##type##_get_down_load(LHASH_OF(type) *lh) \
+    static ossl_unused ossl_inline unsigned long lh_##type##_get_down_load(LHASH_OF(type) *lh) \
     { \
         return OPENSSL_LH_get_down_load((OPENSSL_LHASH *)lh); \
     } \
-    static ossl_inline void lh_##type##_set_down_load(LHASH_OF(type) *lh, unsigned long dl) \
+    static ossl_unused ossl_inline void lh_##type##_set_down_load(LHASH_OF(type) *lh, unsigned long dl) \
     { \
         OPENSSL_LH_set_down_load((OPENSSL_LHASH *)lh, dl); \
     } \
-    static ossl_inline void lh_##type##_doall(LHASH_OF(type) *lh, \
-                                         void (*doall)(type *)) \
+    static ossl_unused ossl_inline void lh_##type##_doall(LHASH_OF(type) *lh, \
+                                                          void (*doall)(type *)) \
     { \
         OPENSSL_LH_doall((OPENSSL_LHASH *)lh, (OPENSSL_LH_DOALL_FUNC)doall); \
     } \
@@ -185,7 +185,7 @@ void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH *lh, BIO *out);
     int_implement_lhash_doall(type, argtype, type)
 
 #define int_implement_lhash_doall(type, argtype, cbargtype) \
-    static ossl_inline void \
+    static ossl_unused ossl_inline void \
         lh_##type##_doall_##argtype(LHASH_OF(type) *lh, \
                                    void (*fn)(cbargtype *, argtype *), \
                                    argtype *arg) \
@@ -210,6 +210,31 @@ DEFINE_LHASH_OF(OPENSSL_CSTRING);
 #  pragma warning (pop)
 # endif
 
+/*
+ * If called without higher optimization (min. -xO3) the Oracle Developer
+ * Studio compiler generates code for the defined (static inline) functions
+ * above.
+ * This would later lead to the linker complaining about missing symbols when
+ * this header file is included but the resulting object is not linked against
+ * the Crypto library (openssl#6912).
+ */
+# ifdef __SUNPRO_C
+#  pragma weak OPENSSL_LH_new
+#  pragma weak OPENSSL_LH_free
+#  pragma weak OPENSSL_LH_insert
+#  pragma weak OPENSSL_LH_delete
+#  pragma weak OPENSSL_LH_retrieve
+#  pragma weak OPENSSL_LH_error
+#  pragma weak OPENSSL_LH_num_items
+#  pragma weak OPENSSL_LH_node_stats_bio
+#  pragma weak OPENSSL_LH_node_usage_stats_bio
+#  pragma weak OPENSSL_LH_stats_bio
+#  pragma weak OPENSSL_LH_get_down_load
+#  pragma weak OPENSSL_LH_set_down_load
+#  pragma weak OPENSSL_LH_doall
+#  pragma weak OPENSSL_LH_doall_arg
+# endif /* __SUNPRO_C */
+
 #ifdef  __cplusplus
 }
 #endif
diff --git a/deps/openssl/openssl/include/openssl/obj_mac.h b/deps/openssl/openssl/include/openssl/obj_mac.h
index 80ff5a7c86..31fad4640f 100644
--- a/deps/openssl/openssl/include/openssl/obj_mac.h
+++ b/deps/openssl/openssl/include/openssl/obj_mac.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by crypto/objects/objects.pl
  *
- * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
diff --git a/deps/openssl/openssl/include/openssl/opensslconf.h b/deps/openssl/openssl/include/openssl/opensslconf.h
deleted file mode 100644
index 76c99d433a..0000000000
--- a/deps/openssl/openssl/include/openssl/opensslconf.h
+++ /dev/null
@@ -1 +0,0 @@
-#include "../../config/opensslconf.h"
diff --git a/deps/openssl/openssl/include/openssl/opensslv.h b/deps/openssl/openssl/include/openssl/opensslv.h
index af7a3b564e..a4aa45bd24 100644
--- a/deps/openssl/openssl/include/openssl/opensslv.h
+++ b/deps/openssl/openssl/include/openssl/opensslv.h
@@ -39,8 +39,8 @@ extern "C" {
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-# define OPENSSL_VERSION_NUMBER  0x1010101fL
-# define OPENSSL_VERSION_TEXT    "OpenSSL 1.1.1a  20 Nov 2018"
+# define OPENSSL_VERSION_NUMBER  0x1010102fL
+# define OPENSSL_VERSION_TEXT    "OpenSSL 1.1.1b  26 Feb 2019"
 
 /*-
  * The macros below are to be used for shared library (.so, .dll, ...)
diff --git a/deps/openssl/openssl/include/openssl/safestack.h b/deps/openssl/openssl/include/openssl/safestack.h
index 7438b19360..38b5578978 100644
--- a/deps/openssl/openssl/include/openssl/safestack.h
+++ b/deps/openssl/openssl/include/openssl/safestack.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -24,96 +24,96 @@ extern "C" {
     typedef int (*sk_##t1##_compfunc)(const t3 * const *a, const t3 *const *b); \
     typedef void (*sk_##t1##_freefunc)(t3 *a); \
     typedef t3 * (*sk_##t1##_copyfunc)(const t3 *a); \
-    static ossl_inline int sk_##t1##_num(const STACK_OF(t1) *sk) \
+    static ossl_unused ossl_inline int sk_##t1##_num(const STACK_OF(t1) *sk) \
     { \
         return OPENSSL_sk_num((const OPENSSL_STACK *)sk); \
     } \
-    static ossl_inline t2 *sk_##t1##_value(const STACK_OF(t1) *sk, int idx) \
+    static ossl_unused ossl_inline t2 *sk_##t1##_value(const STACK_OF(t1) *sk, int idx) \
     { \
         return (t2 *)OPENSSL_sk_value((const OPENSSL_STACK *)sk, idx); \
     } \
-    static ossl_inline STACK_OF(t1) *sk_##t1##_new(sk_##t1##_compfunc compare) \
+    static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_new(sk_##t1##_compfunc compare) \
     { \
         return (STACK_OF(t1) *)OPENSSL_sk_new((OPENSSL_sk_compfunc)compare); \
     } \
-    static ossl_inline STACK_OF(t1) *sk_##t1##_new_null(void) \
+    static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_new_null(void) \
     { \
         return (STACK_OF(t1) *)OPENSSL_sk_new_null(); \
     } \
-    static ossl_inline STACK_OF(t1) *sk_##t1##_new_reserve(sk_##t1##_compfunc compare, int n) \
+    static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_new_reserve(sk_##t1##_compfunc compare, int n) \
     { \
         return (STACK_OF(t1) *)OPENSSL_sk_new_reserve((OPENSSL_sk_compfunc)compare, n); \
     } \
-    static ossl_inline int sk_##t1##_reserve(STACK_OF(t1) *sk, int n) \
+    static ossl_unused ossl_inline int sk_##t1##_reserve(STACK_OF(t1) *sk, int n) \
     { \
         return OPENSSL_sk_reserve((OPENSSL_STACK *)sk, n); \
     } \
-    static ossl_inline void sk_##t1##_free(STACK_OF(t1) *sk) \
+    static ossl_unused ossl_inline void sk_##t1##_free(STACK_OF(t1) *sk) \
     { \
         OPENSSL_sk_free((OPENSSL_STACK *)sk); \
     } \
-    static ossl_inline void sk_##t1##_zero(STACK_OF(t1) *sk) \
+    static ossl_unused ossl_inline void sk_##t1##_zero(STACK_OF(t1) *sk) \
     { \
         OPENSSL_sk_zero((OPENSSL_STACK *)sk); \
     } \
-    static ossl_inline t2 *sk_##t1##_delete(STACK_OF(t1) *sk, int i) \
+    static ossl_unused ossl_inline t2 *sk_##t1##_delete(STACK_OF(t1) *sk, int i) \
     { \
         return (t2 *)OPENSSL_sk_delete((OPENSSL_STACK *)sk, i); \
     } \
-    static ossl_inline t2 *sk_##t1##_delete_ptr(STACK_OF(t1) *sk, t2 *ptr) \
+    static ossl_unused ossl_inline t2 *sk_##t1##_delete_ptr(STACK_OF(t1) *sk, t2 *ptr) \
     { \
         return (t2 *)OPENSSL_sk_delete_ptr((OPENSSL_STACK *)sk, \
                                            (const void *)ptr); \
     } \
-    static ossl_inline int sk_##t1##_push(STACK_OF(t1) *sk, t2 *ptr) \
+    static ossl_unused ossl_inline int sk_##t1##_push(STACK_OF(t1) *sk, t2 *ptr) \
     { \
         return OPENSSL_sk_push((OPENSSL_STACK *)sk, (const void *)ptr); \
     } \
-    static ossl_inline int sk_##t1##_unshift(STACK_OF(t1) *sk, t2 *ptr) \
+    static ossl_unused ossl_inline int sk_##t1##_unshift(STACK_OF(t1) *sk, t2 *ptr) \
     { \
         return OPENSSL_sk_unshift((OPENSSL_STACK *)sk, (const void *)ptr); \
     } \
-    static ossl_inline t2 *sk_##t1##_pop(STACK_OF(t1) *sk) \
+    static ossl_unused ossl_inline t2 *sk_##t1##_pop(STACK_OF(t1) *sk) \
     { \
         return (t2 *)OPENSSL_sk_pop((OPENSSL_STACK *)sk); \
     } \
-    static ossl_inline t2 *sk_##t1##_shift(STACK_OF(t1) *sk) \
+    static ossl_unused ossl_inline t2 *sk_##t1##_shift(STACK_OF(t1) *sk) \
     { \
         return (t2 *)OPENSSL_sk_shift((OPENSSL_STACK *)sk); \
     } \
-    static ossl_inline void sk_##t1##_pop_free(STACK_OF(t1) *sk, sk_##t1##_freefunc freefunc) \
+    static ossl_unused ossl_inline void sk_##t1##_pop_free(STACK_OF(t1) *sk, sk_##t1##_freefunc freefunc) \
     { \
         OPENSSL_sk_pop_free((OPENSSL_STACK *)sk, (OPENSSL_sk_freefunc)freefunc); \
     } \
-    static ossl_inline int sk_##t1##_insert(STACK_OF(t1) *sk, t2 *ptr, int idx) \
+    static ossl_unused ossl_inline int sk_##t1##_insert(STACK_OF(t1) *sk, t2 *ptr, int idx) \
     { \
         return OPENSSL_sk_insert((OPENSSL_STACK *)sk, (const void *)ptr, idx); \
     } \
-    static ossl_inline t2 *sk_##t1##_set(STACK_OF(t1) *sk, int idx, t2 *ptr) \
+    static ossl_unused ossl_inline t2 *sk_##t1##_set(STACK_OF(t1) *sk, int idx, t2 *ptr) \
     { \
         return (t2 *)OPENSSL_sk_set((OPENSSL_STACK *)sk, idx, (const void *)ptr); \
     } \
-    static ossl_inline int sk_##t1##_find(STACK_OF(t1) *sk, t2 *ptr) \
+    static ossl_unused ossl_inline int sk_##t1##_find(STACK_OF(t1) *sk, t2 *ptr) \
     { \
         return OPENSSL_sk_find((OPENSSL_STACK *)sk, (const void *)ptr); \
     } \
-    static ossl_inline int sk_##t1##_find_ex(STACK_OF(t1) *sk, t2 *ptr) \
+    static ossl_unused ossl_inline int sk_##t1##_find_ex(STACK_OF(t1) *sk, t2 *ptr) \
     { \
         return OPENSSL_sk_find_ex((OPENSSL_STACK *)sk, (const void *)ptr); \
     } \
-    static ossl_inline void sk_##t1##_sort(STACK_OF(t1) *sk) \
+    static ossl_unused ossl_inline void sk_##t1##_sort(STACK_OF(t1) *sk) \
     { \
         OPENSSL_sk_sort((OPENSSL_STACK *)sk); \
     } \
-    static ossl_inline int sk_##t1##_is_sorted(const STACK_OF(t1) *sk) \
+    static ossl_unused ossl_inline int sk_##t1##_is_sorted(const STACK_OF(t1) *sk) \
     { \
         return OPENSSL_sk_is_sorted((const OPENSSL_STACK *)sk); \
     } \
-    static ossl_inline STACK_OF(t1) * sk_##t1##_dup(const STACK_OF(t1) *sk) \
+    static ossl_unused ossl_inline STACK_OF(t1) * sk_##t1##_dup(const STACK_OF(t1) *sk) \
     { \
         return (STACK_OF(t1) *)OPENSSL_sk_dup((const OPENSSL_STACK *)sk); \
     } \
-    static ossl_inline STACK_OF(t1) *sk_##t1##_deep_copy(const STACK_OF(t1) *sk, \
+    static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_deep_copy(const STACK_OF(t1) *sk, \
                                                     sk_##t1##_copyfunc copyfunc, \
                                                     sk_##t1##_freefunc freefunc) \
     { \
@@ -121,7 +121,7 @@ extern "C" {
                                             (OPENSSL_sk_copyfunc)copyfunc, \
                                             (OPENSSL_sk_freefunc)freefunc); \
     } \
-    static ossl_inline sk_##t1##_compfunc sk_##t1##_set_cmp_func(STACK_OF(t1) *sk, sk_##t1##_compfunc compare) \
+    static ossl_unused ossl_inline sk_##t1##_compfunc sk_##t1##_set_cmp_func(STACK_OF(t1) *sk, sk_##t1##_compfunc compare) \
     { \
         return (sk_##t1##_compfunc)OPENSSL_sk_set_cmp_func((OPENSSL_STACK *)sk, (OPENSSL_sk_compfunc)compare); \
     }
@@ -166,6 +166,41 @@ DEFINE_SPECIAL_STACK_OF_CONST(OPENSSL_CSTRING, char)
 typedef void *OPENSSL_BLOCK;
 DEFINE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void)
 
+/*
+ * If called without higher optimization (min. -xO3) the Oracle Developer
+ * Studio compiler generates code for the defined (static inline) functions
+ * above.
+ * This would later lead to the linker complaining about missing symbols when
+ * this header file is included but the resulting object is not linked against
+ * the Crypto library (openssl#6912).
+ */
+# ifdef __SUNPRO_C
+#  pragma weak OPENSSL_sk_num
+#  pragma weak OPENSSL_sk_value
+#  pragma weak OPENSSL_sk_new
+#  pragma weak OPENSSL_sk_new_null
+#  pragma weak OPENSSL_sk_new_reserve
+#  pragma weak OPENSSL_sk_reserve
+#  pragma weak OPENSSL_sk_free
+#  pragma weak OPENSSL_sk_zero
+#  pragma weak OPENSSL_sk_delete
+#  pragma weak OPENSSL_sk_delete_ptr
+#  pragma weak OPENSSL_sk_push
+#  pragma weak OPENSSL_sk_unshift
+#  pragma weak OPENSSL_sk_pop
+#  pragma weak OPENSSL_sk_shift
+#  pragma weak OPENSSL_sk_pop_free
+#  pragma weak OPENSSL_sk_insert
+#  pragma weak OPENSSL_sk_set
+#  pragma weak OPENSSL_sk_find
+#  pragma weak OPENSSL_sk_find_ex
+#  pragma weak OPENSSL_sk_sort
+#  pragma weak OPENSSL_sk_is_sorted
+#  pragma weak OPENSSL_sk_dup
+#  pragma weak OPENSSL_sk_deep_copy
+#  pragma weak OPENSSL_sk_set_cmp_func
+# endif /* __SUNPRO_C */
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/deps/openssl/openssl/include/openssl/ssl.h b/deps/openssl/openssl/include/openssl/ssl.h
index d6b1b4e6a6..48e1152a27 100644
--- a/deps/openssl/openssl/include/openssl/ssl.h
+++ b/deps/openssl/openssl/include/openssl/ssl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -494,6 +494,19 @@ typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx);
  */
 # define SSL_MODE_ASYNC 0x00000100U
 
+/*
+ * When using DTLS/SCTP, include the terminating zero in the label
+ * used for computing the endpoint-pair shared secret. Required for
+ * interoperability with implementations having this bug like these
+ * older version of OpenSSL:
+ * - OpenSSL 1.0.0 series
+ * - OpenSSL 1.0.1 series
+ * - OpenSSL 1.0.2 series
+ * - OpenSSL 1.1.0 series
+ * - OpenSSL 1.1.1 and 1.1.1a
+ */
+# define SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG 0x00000400U
+
 /* Cert related flags */
 /*
  * Many implementations ignore some aspects of the TLS standards such as
@@ -1904,17 +1917,17 @@ __owur STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s);
 
 __owur int SSL_do_handshake(SSL *s);
 int SSL_key_update(SSL *s, int updatetype);
-int SSL_get_key_update_type(SSL *s);
+int SSL_get_key_update_type(const SSL *s);
 int SSL_renegotiate(SSL *s);
 int SSL_renegotiate_abbreviated(SSL *s);
-__owur int SSL_renegotiate_pending(SSL *s);
+__owur int SSL_renegotiate_pending(const SSL *s);
 int SSL_shutdown(SSL *s);
 __owur int SSL_verify_client_post_handshake(SSL *s);
 void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val);
 void SSL_set_post_handshake_auth(SSL *s, int val);
 
-__owur const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx);
-__owur const SSL_METHOD *SSL_get_ssl_method(SSL *s);
+__owur const SSL_METHOD *SSL_CTX_get_ssl_method(const SSL_CTX *ctx);
+__owur const SSL_METHOD *SSL_get_ssl_method(const SSL *s);
 __owur int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method);
 __owur const char *SSL_alert_type_string_long(int value);
 __owur const char *SSL_alert_type_string(int value);
@@ -2062,8 +2075,8 @@ void SSL_set_tmp_dh_callback(SSL *ssl,
                                         int keylength));
 # endif
 
-__owur const COMP_METHOD *SSL_get_current_compression(SSL *s);
-__owur const COMP_METHOD *SSL_get_current_expansion(SSL *s);
+__owur const COMP_METHOD *SSL_get_current_compression(const SSL *s);
+__owur const COMP_METHOD *SSL_get_current_expansion(const SSL *s);
 __owur const char *SSL_COMP_get_name(const COMP_METHOD *comp);
 __owur const char *SSL_COMP_get0_name(const SSL_COMP *comp);
 __owur int SSL_COMP_get_id(const SSL_COMP *comp);
@@ -2107,20 +2120,20 @@ void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx,
                                          size_t (*cb) (SSL *ssl, int type,
                                                        size_t len, void *arg));
 void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg);
-void *SSL_CTX_get_record_padding_callback_arg(SSL_CTX *ctx);
+void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx);
 int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size);
 
 void SSL_set_record_padding_callback(SSL *ssl,
                                     size_t (*cb) (SSL *ssl, int type,
                                                   size_t len, void *arg));
 void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg);
-void *SSL_get_record_padding_callback_arg(SSL *ssl);
+void *SSL_get_record_padding_callback_arg(const SSL *ssl);
 int SSL_set_block_padding(SSL *ssl, size_t block_size);
 
 int SSL_set_num_tickets(SSL *s, size_t num_tickets);
-size_t SSL_get_num_tickets(SSL *s);
+size_t SSL_get_num_tickets(const SSL *s);
 int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets);
-size_t SSL_CTX_get_num_tickets(SSL_CTX *ctx);
+size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx);
 
 # if OPENSSL_API_COMPAT < 0x10100000L
 #  define SSL_cache_hit(s) SSL_session_reused(s)
diff --git a/deps/openssl/openssl/include/openssl/sslerr.h b/deps/openssl/openssl/include/openssl/sslerr.h
index 87b295c9f9..a50a075b42 100644
--- a/deps/openssl/openssl/include/openssl/sslerr.h
+++ b/deps/openssl/openssl/include/openssl/sslerr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -596,6 +596,7 @@ int ERR_load_SSL_strings(void);
 # define SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION         209
 # define SSL_R_MISSING_TMP_DH_KEY                         171
 # define SSL_R_MISSING_TMP_ECDH_KEY                       311
+# define SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA     293
 # define SSL_R_NOT_ON_RECORD_BOUNDARY                     182
 # define SSL_R_NOT_REPLACING_CERTIFICATE                  289
 # define SSL_R_NOT_SERVER                                 284
diff --git a/deps/openssl/openssl/include/openssl/x509_vfy.h b/deps/openssl/openssl/include/openssl/x509_vfy.h
index 2adb155970..adb8bce7cb 100644
--- a/deps/openssl/openssl/include/openssl/x509_vfy.h
+++ b/deps/openssl/openssl/include/openssl/x509_vfy.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -362,7 +362,11 @@ X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(X509_STORE_CTX *ctx);
 # define X509_STORE_CTX_set_chain X509_STORE_CTX_set0_untrusted
 # define X509_STORE_CTX_trusted_stack X509_STORE_CTX_set0_trusted_stack
 # define X509_STORE_get_by_subject X509_STORE_CTX_get_by_subject
+# define X509_STORE_get1_certs X509_STORE_CTX_get1_certs
+# define X509_STORE_get1_crls X509_STORE_CTX_get1_crls
+/* the following macro is misspelled; use X509_STORE_get1_certs instead */
 # define X509_STORE_get1_cert X509_STORE_CTX_get1_certs
+/* the following macro is misspelled; use X509_STORE_get1_crls instead */
 # define X509_STORE_get1_crl X509_STORE_CTX_get1_crls
 #endif
 
diff --git a/deps/openssl/openssl/ms/uplink.c b/deps/openssl/openssl/ms/uplink.c
index 7f7abfbe57..cd4e96b780 100644
--- a/deps/openssl/openssl/ms/uplink.c
+++ b/deps/openssl/openssl/ms/uplink.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2004-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -28,7 +28,7 @@ static TCHAR msg[128];
 static void unimplemented(void)
 {
     OPENSSL_showfatal(sizeof(TCHAR) == sizeof(char) ? "%s\n" : "%S\n", msg);
-    ExitProcess(1);
+    TerminateProcess(GetCurrentProcess(), 1);
 }
 
 void OPENSSL_Uplink(volatile void **table, int index)
diff --git a/deps/openssl/openssl/ssl/record/rec_layer_d1.c b/deps/openssl/openssl/ssl/record/rec_layer_d1.c
index 1f9b31969d..cb5d54ef5a 100644
--- a/deps/openssl/openssl/ssl/record/rec_layer_d1.c
+++ b/deps/openssl/openssl/ssl/record/rec_layer_d1.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -440,19 +440,6 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
             && SSL3_RECORD_get_length(rr) != 0)
         s->rlayer.alert_count = 0;
 
-    if (SSL3_RECORD_get_type(rr) != SSL3_RT_HANDSHAKE
-            && SSL3_RECORD_get_type(rr) != SSL3_RT_CHANGE_CIPHER_SPEC
-            && !SSL_in_init(s)
-            && (s->d1->next_timeout.tv_sec != 0
-                || s->d1->next_timeout.tv_usec != 0)) {
-        /*
-         * The timer is still running but we've received something that isn't
-         * handshake data - so the peer must have finished processing our
-         * last handshake flight. Stop the timer.
-         */
-        dtls1_stop_timer(s);
-    }
-
     /* we now have a packet which can be read and processed */
 
     if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
diff --git a/deps/openssl/openssl/ssl/record/rec_layer_s3.c b/deps/openssl/openssl/ssl/record/rec_layer_s3.c
index 6d495715b2..b2f97ef905 100644
--- a/deps/openssl/openssl/ssl/record/rec_layer_s3.c
+++ b/deps/openssl/openssl/ssl/record/rec_layer_s3.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -1315,6 +1315,14 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
     } while (num_recs == 0);
     rr = &rr[curr_rec];
 
+    if (s->rlayer.handshake_fragment_len > 0
+            && SSL3_RECORD_get_type(rr) != SSL3_RT_HANDSHAKE
+            && SSL_IS_TLS13(s)) {
+        SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
+                 SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA);
+        return -1;
+    }
+
     /*
      * Reset the count of consecutive warning alerts if we've got a non-empty
      * record that isn't an alert.
diff --git a/deps/openssl/openssl/ssl/s3_enc.c b/deps/openssl/openssl/ssl/s3_enc.c
index fca84ef99a..2e185e9fba 100644
--- a/deps/openssl/openssl/ssl/s3_enc.c
+++ b/deps/openssl/openssl/ssl/s3_enc.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright 2005 Nokia. All rights reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
@@ -90,8 +90,6 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
 int ssl3_change_cipher_state(SSL *s, int which)
 {
     unsigned char *p, *mac_secret;
-    unsigned char exp_key[EVP_MAX_KEY_LENGTH];
-    unsigned char exp_iv[EVP_MAX_IV_LENGTH];
     unsigned char *ms, *key, *iv;
     EVP_CIPHER_CTX *dd;
     const EVP_CIPHER *c;
@@ -239,12 +237,8 @@ int ssl3_change_cipher_state(SSL *s, int which)
     }
 
     s->statem.enc_write_state = ENC_WRITE_STATE_VALID;
-    OPENSSL_cleanse(exp_key, sizeof(exp_key));
-    OPENSSL_cleanse(exp_iv, sizeof(exp_iv));
     return 1;
  err:
-    OPENSSL_cleanse(exp_key, sizeof(exp_key));
-    OPENSSL_cleanse(exp_iv, sizeof(exp_iv));
     return 0;
 }
 
diff --git a/deps/openssl/openssl/ssl/s3_lib.c b/deps/openssl/openssl/ssl/s3_lib.c
index 866ca4dfa9..99ae48199c 100644
--- a/deps/openssl/openssl/ssl/s3_lib.c
+++ b/deps/openssl/openssl/ssl/s3_lib.c
@@ -3781,7 +3781,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
                                   EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
                 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL);
                 EVP_PKEY_free(pkdh);
-                return 1;
+                return 0;
             }
             EVP_PKEY_free(ctx->cert->dh_tmp);
             ctx->cert->dh_tmp = pkdh;
diff --git a/deps/openssl/openssl/ssl/ssl_ciph.c b/deps/openssl/openssl/ssl/ssl_ciph.c
index 14066d0ea4..b60d67aa0d 100644
--- a/deps/openssl/openssl/ssl/ssl_ciph.c
+++ b/deps/openssl/openssl/ssl/ssl_ciph.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -171,6 +171,8 @@ static int ssl_mac_pkey_id[SSL_MD_NUM_IDX] = {
     EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, NID_undef,
     /* GOST2012_512 */
     EVP_PKEY_HMAC,
+    /* MD5/SHA1, SHA224, SHA512 */
+    NID_undef, NID_undef, NID_undef
 };
 
 static size_t ssl_mac_secret_size[SSL_MD_NUM_IDX];
diff --git a/deps/openssl/openssl/ssl/ssl_err.c b/deps/openssl/openssl/ssl/ssl_err.c
index 11331ce41f..4b12ed1485 100644
--- a/deps/openssl/openssl/ssl/ssl_err.c
+++ b/deps/openssl/openssl/ssl/ssl_err.c
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -965,6 +965,8 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_TMP_DH_KEY), "missing tmp dh key"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_TMP_ECDH_KEY),
     "missing tmp ecdh key"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA),
+    "mixed handshake and non handshake data"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NOT_ON_RECORD_BOUNDARY),
     "not on record boundary"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NOT_REPLACING_CERTIFICATE),
diff --git a/deps/openssl/openssl/ssl/ssl_init.c b/deps/openssl/openssl/ssl/ssl_init.c
index c0ccb9304a..f0969fa9b1 100644
--- a/deps/openssl/openssl/ssl/ssl_init.c
+++ b/deps/openssl/openssl/ssl/ssl_init.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -134,7 +134,8 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_load_ssl_strings)
     return 1;
 }
 
-DEFINE_RUN_ONCE_STATIC(ossl_init_no_load_ssl_strings)
+DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_load_ssl_strings,
+                           ossl_init_load_ssl_strings)
 {
     /* Do nothing in this case */
     return 1;
@@ -194,20 +195,22 @@ int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS * settings)
         return 0;
     }
 
-    if (!OPENSSL_init_crypto(opts
+    opts |= OPENSSL_INIT_ADD_ALL_CIPHERS
+         |  OPENSSL_INIT_ADD_ALL_DIGESTS;
 #ifndef OPENSSL_NO_AUTOLOAD_CONFIG
-                             | OPENSSL_INIT_LOAD_CONFIG
+    if ((opts & OPENSSL_INIT_NO_LOAD_CONFIG) == 0)
+        opts |= OPENSSL_INIT_LOAD_CONFIG;
 #endif
-                             | OPENSSL_INIT_ADD_ALL_CIPHERS
-                             | OPENSSL_INIT_ADD_ALL_DIGESTS,
-                             settings))
+
+    if (!OPENSSL_init_crypto(opts, settings))
         return 0;
 
     if (!RUN_ONCE(&ssl_base, ossl_init_ssl_base))
         return 0;
 
     if ((opts & OPENSSL_INIT_NO_LOAD_SSL_STRINGS)
-        && !RUN_ONCE(&ssl_strings, ossl_init_no_load_ssl_strings))
+        && !RUN_ONCE_ALT(&ssl_strings, ossl_init_no_load_ssl_strings,
+                         ossl_init_load_ssl_strings))
         return 0;
 
     if ((opts & OPENSSL_INIT_LOAD_SSL_STRINGS)
diff --git a/deps/openssl/openssl/ssl/ssl_lib.c b/deps/openssl/openssl/ssl/ssl_lib.c
index 61a0ea2cc9..4440a9ffe9 100644
--- a/deps/openssl/openssl/ssl/ssl_lib.c
+++ b/deps/openssl/openssl/ssl/ssl_lib.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -2107,7 +2107,7 @@ int SSL_key_update(SSL *s, int updatetype)
     return 1;
 }
 
-int SSL_get_key_update_type(SSL *s)
+int SSL_get_key_update_type(const SSL *s)
 {
     return s->key_update;
 }
@@ -2148,7 +2148,7 @@ int SSL_renegotiate_abbreviated(SSL *s)
     return s->method->ssl_renegotiate(s);
 }
 
-int SSL_renegotiate_pending(SSL *s)
+int SSL_renegotiate_pending(const SSL *s)
 {
     /*
      * becomes true when negotiation is requested; false again once a
@@ -2508,6 +2508,26 @@ STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx)
     return NULL;
 }
 
+/*
+ * Distinguish between ciphers controlled by set_ciphersuite() and
+ * set_cipher_list() when counting.
+ */
+static int cipher_list_tls12_num(STACK_OF(SSL_CIPHER) *sk)
+{
+    int i, num = 0;
+    const SSL_CIPHER *c;
+
+    if (sk == NULL)
+        return 0;
+    for (i = 0; i < sk_SSL_CIPHER_num(sk); ++i) {
+        c = sk_SSL_CIPHER_value(sk, i);
+        if (c->min_tls >= TLS1_3_VERSION)
+            continue;
+        num++;
+    }
+    return num;
+}
+
 /** specify the ciphers to be used by default by the SSL_CTX */
 int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
 {
@@ -2525,7 +2545,7 @@ int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
      */
     if (sk == NULL)
         return 0;
-    else if (sk_SSL_CIPHER_num(sk) == 0) {
+    else if (cipher_list_tls12_num(sk) == 0) {
         SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
         return 0;
     }
@@ -2543,7 +2563,7 @@ int SSL_set_cipher_list(SSL *s, const char *str)
     /* see comment in SSL_CTX_set_cipher_list */
     if (sk == NULL)
         return 0;
-    else if (sk_SSL_CIPHER_num(sk) == 0) {
+    else if (cipher_list_tls12_num(sk) == 0) {
         SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
         return 0;
     }
@@ -3428,12 +3448,12 @@ void ssl_update_cache(SSL *s, int mode)
     }
 }
 
-const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx)
+const SSL_METHOD *SSL_CTX_get_ssl_method(const SSL_CTX *ctx)
 {
     return ctx->method;
 }
 
-const SSL_METHOD *SSL_get_ssl_method(SSL *s)
+const SSL_METHOD *SSL_get_ssl_method(const SSL *s)
 {
     return s->method;
 }
@@ -3871,7 +3891,7 @@ const SSL_CIPHER *SSL_get_pending_cipher(const SSL *s)
     return s->s3->tmp.new_cipher;
 }
 
-const COMP_METHOD *SSL_get_current_compression(SSL *s)
+const COMP_METHOD *SSL_get_current_compression(const SSL *s)
 {
 #ifndef OPENSSL_NO_COMP
     return s->compress ? COMP_CTX_get_method(s->compress) : NULL;
@@ -3880,7 +3900,7 @@ const COMP_METHOD *SSL_get_current_compression(SSL *s)
 #endif
 }
 
-const COMP_METHOD *SSL_get_current_expansion(SSL *s)
+const COMP_METHOD *SSL_get_current_expansion(const SSL *s)
 {
 #ifndef OPENSSL_NO_COMP
     return s->expand ? COMP_CTX_get_method(s->expand) : NULL;
@@ -4328,7 +4348,7 @@ void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg)
     ctx->record_padding_arg = arg;
 }
 
-void *SSL_CTX_get_record_padding_callback_arg(SSL_CTX *ctx)
+void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx)
 {
     return ctx->record_padding_arg;
 }
@@ -4357,7 +4377,7 @@ void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg)
     ssl->record_padding_arg = arg;
 }
 
-void *SSL_get_record_padding_callback_arg(SSL *ssl)
+void *SSL_get_record_padding_callback_arg(const SSL *ssl)
 {
     return ssl->record_padding_arg;
 }
@@ -4381,7 +4401,7 @@ int SSL_set_num_tickets(SSL *s, size_t num_tickets)
     return 1;
 }
 
-size_t SSL_get_num_tickets(SSL *s)
+size_t SSL_get_num_tickets(const SSL *s)
 {
     return s->num_tickets;
 }
@@ -4393,7 +4413,7 @@ int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets)
     return 1;
 }
 
-size_t SSL_CTX_get_num_tickets(SSL_CTX *ctx)
+size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx)
 {
     return ctx->num_tickets;
 }
diff --git a/deps/openssl/openssl/ssl/ssl_locl.h b/deps/openssl/openssl/ssl/ssl_locl.h
index 70e5a1740f..f326399e03 100644
--- a/deps/openssl/openssl/ssl/ssl_locl.h
+++ b/deps/openssl/openssl/ssl/ssl_locl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -1170,8 +1170,6 @@ struct ssl_st {
     EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
     unsigned char write_iv[EVP_MAX_IV_LENGTH]; /* TLSv1.3 static write IV */
     EVP_MD_CTX *write_hash;     /* used for mac generation */
-    /* Count of how many KeyUpdate messages we have received */
-    unsigned int key_update_count;
     /* session info */
     /* client cert? */
     /* This is used to hold the server certificate used */
@@ -2461,7 +2459,7 @@ __owur int tls13_hkdf_expand(SSL *s, const EVP_MD *md,
                              const unsigned char *secret,
                              const unsigned char *label, size_t labellen,
                              const unsigned char *data, size_t datalen,
-                             unsigned char *out, size_t outlen);
+                             unsigned char *out, size_t outlen, int fatal);
 __owur int tls13_derive_key(SSL *s, const EVP_MD *md,
                             const unsigned char *secret, unsigned char *key,
                             size_t keylen);
diff --git a/deps/openssl/openssl/ssl/statem/extensions.c b/deps/openssl/openssl/ssl/statem/extensions.c
index 63e61c6184..c3d3441a1c 100644
--- a/deps/openssl/openssl/ssl/statem/extensions.c
+++ b/deps/openssl/openssl/ssl/statem/extensions.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -348,10 +348,12 @@ static const EXTENSION_DEFINITION ext_defs[] = {
     {
         /*
          * Special unsolicited ServerHello extension only used when
-         * SSL_OP_CRYPTOPRO_TLSEXT_BUG is set
+         * SSL_OP_CRYPTOPRO_TLSEXT_BUG is set. We allow it in a ClientHello but
+         * ignore it.
          */
         TLSEXT_TYPE_cryptopro_bug,
-        SSL_EXT_TLS1_2_SERVER_HELLO | SSL_EXT_TLS1_2_AND_BELOW_ONLY,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
+        | SSL_EXT_TLS1_2_AND_BELOW_ONLY,
         NULL, NULL, NULL, tls_construct_stoc_cryptopro_bug, NULL, NULL
     },
     {
@@ -623,7 +625,12 @@ int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context,
                 && type != TLSEXT_TYPE_cookie
                 && type != TLSEXT_TYPE_renegotiate
                 && type != TLSEXT_TYPE_signed_certificate_timestamp
-                && (s->ext.extflags[idx] & SSL_EXT_FLAG_SENT) == 0) {
+                && (s->ext.extflags[idx] & SSL_EXT_FLAG_SENT) == 0
+#ifndef OPENSSL_NO_GOST
+                && !((context & SSL_EXT_TLS1_2_SERVER_HELLO) != 0
+                     && type == TLSEXT_TYPE_cryptopro_bug)
+#endif
+								) {
             SSLfatal(s, SSL_AD_UNSUPPORTED_EXTENSION,
                      SSL_F_TLS_COLLECT_EXTENSIONS, SSL_R_UNSOLICITED_EXTENSION);
             goto err;
@@ -1506,7 +1513,7 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart,
 
     /* Generate the binder key */
     if (!tls13_hkdf_expand(s, md, early_secret, label, labelsize, hash,
-                           hashsize, binderkey, hashsize)) {
+                           hashsize, binderkey, hashsize, 1)) {
         /* SSLfatal() already called */
         goto err;
     }
diff --git a/deps/openssl/openssl/ssl/statem/statem.c b/deps/openssl/openssl/ssl/statem/statem.c
index f76c0e4803..e3c5ec0038 100644
--- a/deps/openssl/openssl/ssl/statem/statem.c
+++ b/deps/openssl/openssl/ssl/statem/statem.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -342,8 +342,10 @@ static int state_machine(SSL *s, int server)
         }
 
         s->server = server;
-        if (cb != NULL)
-            cb(s, SSL_CB_HANDSHAKE_START, 1);
+        if (cb != NULL) {
+            if (SSL_IS_FIRST_HANDSHAKE(s) || !SSL_IS_TLS13(s))
+                cb(s, SSL_CB_HANDSHAKE_START, 1);
+        }
 
         /*
          * Fatal errors in this block don't send an alert because we have
diff --git a/deps/openssl/openssl/ssl/statem/statem_clnt.c b/deps/openssl/openssl/ssl/statem/statem_clnt.c
index 0a11b88183..e56d24dfff 100644
--- a/deps/openssl/openssl/ssl/statem/statem_clnt.c
+++ b/deps/openssl/openssl/ssl/statem/statem_clnt.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -1112,13 +1112,6 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt)
     SSL_SESSION *sess = s->session;
     unsigned char *session_id;
 
-    if (!WPACKET_set_max_size(pkt, SSL3_RT_MAX_PLAIN_LENGTH)) {
-        /* Should not happen */
-        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
-                 SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
-        return 0;
-    }
-
     /* Work out what SSL/TLS/DTLS version to use */
     protverr = ssl_set_client_hello_version(s);
     if (protverr != 0) {
@@ -1714,6 +1707,7 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt)
     if (SSL_IS_DTLS(s) && s->hit) {
         unsigned char sctpauthkey[64];
         char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];
+        size_t labellen;
 
         /*
          * Add new shared key for SCTP-Auth, will be ignored if
@@ -1722,10 +1716,15 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt)
         memcpy(labelbuffer, DTLS1_SCTP_AUTH_LABEL,
                sizeof(DTLS1_SCTP_AUTH_LABEL));
 
+        /* Don't include the terminating zero. */
+        labellen = sizeof(labelbuffer) - 1;
+        if (s->mode & SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG)
+            labellen += 1;
+
         if (SSL_export_keying_material(s, sctpauthkey,
                                        sizeof(sctpauthkey),
                                        labelbuffer,
-                                       sizeof(labelbuffer), NULL, 0, 0) <= 0) {
+                                       labellen, NULL, 0, 0) <= 0) {
             SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SERVER_HELLO,
                      ERR_R_INTERNAL_ERROR);
             goto err;
@@ -2353,7 +2352,8 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
         }
 #ifdef SSL_DEBUG
         if (SSL_USE_SIGALGS(s))
-            fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
+            fprintf(stderr, "USING TLSv1.2 HASH %s\n",
+                    md == NULL ? "n/a" : EVP_MD_name(md));
 #endif
 
         if (!PACKET_get_length_prefixed_2(pkt, &signature)
@@ -2739,7 +2739,7 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt)
                                PACKET_data(&nonce),
                                PACKET_remaining(&nonce),
                                s->session->master_key,
-                               hashlen)) {
+                               hashlen, 1)) {
             /* SSLfatal() already called */
             goto err;
         }
@@ -3403,6 +3403,7 @@ int tls_client_key_exchange_post_work(SSL *s)
     if (SSL_IS_DTLS(s)) {
         unsigned char sctpauthkey[64];
         char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];
+        size_t labellen;
 
         /*
          * Add new shared key for SCTP-Auth, will be ignored if no SCTP
@@ -3411,9 +3412,14 @@ int tls_client_key_exchange_post_work(SSL *s)
         memcpy(labelbuffer, DTLS1_SCTP_AUTH_LABEL,
                sizeof(DTLS1_SCTP_AUTH_LABEL));
 
+        /* Don't include the terminating zero. */
+        labellen = sizeof(labelbuffer) - 1;
+        if (s->mode & SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG)
+            labellen += 1;
+
         if (SSL_export_keying_material(s, sctpauthkey,
                                        sizeof(sctpauthkey), labelbuffer,
-                                       sizeof(labelbuffer), NULL, 0, 0) <= 0) {
+                                       labellen, NULL, 0, 0) <= 0) {
             SSLfatal(s, SSL_AD_INTERNAL_ERROR,
                      SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK,
                      ERR_R_INTERNAL_ERROR);
diff --git a/deps/openssl/openssl/ssl/statem/statem_lib.c b/deps/openssl/openssl/ssl/statem/statem_lib.c
index 4324896f50..c0482b0a90 100644
--- a/deps/openssl/openssl/ssl/statem/statem_lib.c
+++ b/deps/openssl/openssl/ssl/statem/statem_lib.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
@@ -396,7 +396,8 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
 
 #ifdef SSL_DEBUG
     if (SSL_USE_SIGALGS(s))
-        fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
+        fprintf(stderr, "USING TLSv1.2 HASH %s\n",
+                md == NULL ? "n/a" : EVP_MD_name(md));
 #endif
 
     /* Check for broken implementations of GOST ciphersuites */
@@ -439,7 +440,8 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
     }
 
 #ifdef SSL_DEBUG
-    fprintf(stderr, "Using client verify alg %s\n", EVP_MD_name(md));
+    fprintf(stderr, "Using client verify alg %s\n",
+            md == NULL ? "n/a" : EVP_MD_name(md));
 #endif
     if (EVP_DigestVerifyInit(mctx, &pctx, md, NULL, pkey) <= 0) {
         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY,
@@ -612,13 +614,6 @@ MSG_PROCESS_RETURN tls_process_key_update(SSL *s, PACKET *pkt)
 {
     unsigned int updatetype;
 
-    s->key_update_count++;
-    if (s->key_update_count > MAX_KEY_UPDATE_MESSAGES) {
-        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_KEY_UPDATE,
-                 SSL_R_TOO_MANY_KEY_UPDATES);
-        return MSG_PROCESS_ERROR;
-    }
-
     /*
      * A KeyUpdate message signals a key change so the end of the message must
      * be on a record boundary.
@@ -1028,6 +1023,7 @@ unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt, CERT_PKEY *cpk)
 WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs, int stop)
 {
     void (*cb) (const SSL *ssl, int type, int val) = NULL;
+    int cleanuphand = s->statem.cleanuphand;
 
     if (clearbufs) {
         if (!SSL_IS_DTLS(s)) {
@@ -1054,7 +1050,7 @@ WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs, int stop)
      * Only set if there was a Finished message and this isn't after a TLSv1.3
      * post handshake exchange
      */
-    if (s->statem.cleanuphand) {
+    if (cleanuphand) {
         /* skipped if we just sent a HelloRequest */
         s->renegotiate = 0;
         s->new_session = 0;
@@ -1074,15 +1070,6 @@ WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs, int stop)
             /* N.B. s->ctx may not equal s->session_ctx */
             tsan_counter(&s->ctx->stats.sess_accept_good);
             s->handshake_func = ossl_statem_accept;
-
-            if (SSL_IS_DTLS(s) && !s->hit) {
-                /*
-                 * We are finishing after the client. We start the timer going
-                 * in case there are any retransmits of our final flight
-                 * required.
-                 */
-                dtls1_start_timer(s);
-            }
         } else {
             if (SSL_IS_TLS13(s)) {
                 /*
@@ -1104,15 +1091,6 @@ WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs, int stop)
 
             s->handshake_func = ossl_statem_connect;
             tsan_counter(&s->session_ctx->stats.sess_connect_good);
-
-            if (SSL_IS_DTLS(s) && s->hit) {
-                /*
-                 * We are finishing after the server. We start the timer going
-                 * in case there are any retransmits of our final flight
-                 * required.
-                 */
-                dtls1_start_timer(s);
-            }
         }
 
         if (SSL_IS_DTLS(s)) {
@@ -1132,8 +1110,12 @@ WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs, int stop)
     /* The callback may expect us to not be in init at handshake done */
     ossl_statem_set_in_init(s, 0);
 
-    if (cb != NULL)
-        cb(s, SSL_CB_HANDSHAKE_DONE, 1);
+    if (cb != NULL) {
+        if (cleanuphand
+                || !SSL_IS_TLS13(s)
+                || SSL_IS_FIRST_HANDSHAKE(s))
+            cb(s, SSL_CB_HANDSHAKE_DONE, 1);
+    }
 
     if (!stop) {
         /* If we've got more work to do we go back into init */
diff --git a/deps/openssl/openssl/ssl/statem/statem_locl.h b/deps/openssl/openssl/ssl/statem/statem_locl.h
index 6b8cf37faa..e27c0c13a2 100644
--- a/deps/openssl/openssl/ssl/statem/statem_locl.h
+++ b/deps/openssl/openssl/ssl/statem/statem_locl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -29,9 +29,6 @@
 /* Max should actually be 36 but we are generous */
 #define FINISHED_MAX_LENGTH             64
 
-/* The maximum number of incoming KeyUpdate messages we will accept */
-#define MAX_KEY_UPDATE_MESSAGES     32
-
 /* Dummy message type */
 #define SSL3_MT_DUMMY   -1
 
diff --git a/deps/openssl/openssl/ssl/statem/statem_srvr.c b/deps/openssl/openssl/ssl/statem/statem_srvr.c
index e7c11c4bea..6b8aae62cc 100644
--- a/deps/openssl/openssl/ssl/statem/statem_srvr.c
+++ b/deps/openssl/openssl/ssl/statem/statem_srvr.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -830,6 +830,7 @@ WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst)
         if (SSL_IS_DTLS(s) && s->hit) {
             unsigned char sctpauthkey[64];
             char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];
+            size_t labellen;
 
             /*
              * Add new shared key for SCTP-Auth, will be ignored if no
@@ -838,9 +839,14 @@ WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst)
             memcpy(labelbuffer, DTLS1_SCTP_AUTH_LABEL,
                    sizeof(DTLS1_SCTP_AUTH_LABEL));
 
+            /* Don't include the terminating zero. */
+            labellen = sizeof(labelbuffer) - 1;
+            if (s->mode & SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG)
+                labellen += 1;
+
             if (SSL_export_keying_material(s, sctpauthkey,
                                            sizeof(sctpauthkey), labelbuffer,
-                                           sizeof(labelbuffer), NULL, 0,
+                                           labellen, NULL, 0,
                                            0) <= 0) {
                 SSLfatal(s, SSL_AD_INTERNAL_ERROR,
                          SSL_F_OSSL_STATEM_SERVER_POST_WORK,
@@ -3500,6 +3506,7 @@ WORK_STATE tls_post_process_client_key_exchange(SSL *s, WORK_STATE wst)
         if (SSL_IS_DTLS(s)) {
             unsigned char sctpauthkey[64];
             char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];
+            size_t labellen;
             /*
              * Add new shared key for SCTP-Auth, will be ignored if no SCTP
              * used.
@@ -3507,9 +3514,14 @@ WORK_STATE tls_post_process_client_key_exchange(SSL *s, WORK_STATE wst)
             memcpy(labelbuffer, DTLS1_SCTP_AUTH_LABEL,
                    sizeof(DTLS1_SCTP_AUTH_LABEL));
 
+            /* Don't include the terminating zero. */
+            labellen = sizeof(labelbuffer) - 1;
+            if (s->mode & SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG)
+                labellen += 1;
+
             if (SSL_export_keying_material(s, sctpauthkey,
                                            sizeof(sctpauthkey), labelbuffer,
-                                           sizeof(labelbuffer), NULL, 0,
+                                           labellen, NULL, 0,
                                            0) <= 0) {
                 SSLfatal(s, SSL_AD_INTERNAL_ERROR,
                          SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE,
@@ -4028,7 +4040,6 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt)
         uint64_t nonce;
         static const unsigned char nonce_label[] = "resumption";
         const EVP_MD *md = ssl_handshake_md(s);
-        void (*cb) (const SSL *ssl, int type, int val) = NULL;
         int hashleni = EVP_MD_size(md);
 
         /* Ensure cast to size_t is safe */
@@ -4040,24 +4051,6 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt)
         }
         hashlen = (size_t)hashleni;
 
-        if (s->info_callback != NULL)
-            cb = s->info_callback;
-        else if (s->ctx->info_callback != NULL)
-            cb = s->ctx->info_callback;
-
-        if (cb != NULL) {
-            /*
-             * We don't start and stop the handshake in between each ticket when
-             * sending more than one - but it should appear that way to the info
-             * callback.
-             */
-            if (s->sent_tickets != 0) {
-                ossl_statem_set_in_init(s, 0);
-                cb(s, SSL_CB_HANDSHAKE_DONE, 1);
-                ossl_statem_set_in_init(s, 1);
-            }
-            cb(s, SSL_CB_HANDSHAKE_START, 1);
-        }
         /*
          * If we already sent one NewSessionTicket, or we resumed then
          * s->session may already be in a cache and so we must not modify it.
@@ -4099,7 +4092,7 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt)
                                tick_nonce,
                                TICKET_NONCE_SIZE,
                                s->session->master_key,
-                               hashlen)) {
+                               hashlen, 1)) {
             /* SSLfatal() already called */
             goto err;
         }
diff --git a/deps/openssl/openssl/ssl/t1_enc.c b/deps/openssl/openssl/ssl/t1_enc.c
index 2db913fb06..57fb17a660 100644
--- a/deps/openssl/openssl/ssl/t1_enc.c
+++ b/deps/openssl/openssl/ssl/t1_enc.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright 2005 Nokia. All rights reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
@@ -81,10 +81,6 @@ static int tls1_generate_key_block(SSL *s, unsigned char *km, size_t num)
 int tls1_change_cipher_state(SSL *s, int which)
 {
     unsigned char *p, *mac_secret;
-    unsigned char tmp1[EVP_MAX_KEY_LENGTH];
-    unsigned char tmp2[EVP_MAX_KEY_LENGTH];
-    unsigned char iv1[EVP_MAX_IV_LENGTH * 2];
-    unsigned char iv2[EVP_MAX_IV_LENGTH * 2];
     unsigned char *ms, *key, *iv;
     EVP_CIPHER_CTX *dd;
     const EVP_CIPHER *c;
@@ -334,16 +330,8 @@ int tls1_change_cipher_state(SSL *s, int which)
     printf("\n");
 #endif
 
-    OPENSSL_cleanse(tmp1, sizeof(tmp1));
-    OPENSSL_cleanse(tmp2, sizeof(tmp1));
-    OPENSSL_cleanse(iv1, sizeof(iv1));
-    OPENSSL_cleanse(iv2, sizeof(iv2));
     return 1;
  err:
-    OPENSSL_cleanse(tmp1, sizeof(tmp1));
-    OPENSSL_cleanse(tmp2, sizeof(tmp1));
-    OPENSSL_cleanse(iv1, sizeof(iv1));
-    OPENSSL_cleanse(iv2, sizeof(iv2));
     return 0;
 }
 
diff --git a/deps/openssl/openssl/ssl/t1_lib.c b/deps/openssl/openssl/ssl/t1_lib.c
index fc41ed90e7..68cb237ea9 100644
--- a/deps/openssl/openssl/ssl/t1_lib.c
+++ b/deps/openssl/openssl/ssl/t1_lib.c
@@ -2537,7 +2537,8 @@ static int tls12_get_cert_sigalg_idx(const SSL *s, const SIGALG_LOOKUP *lu)
 static int has_usable_cert(SSL *s, const SIGALG_LOOKUP *sig, int idx)
 {
     const SIGALG_LOOKUP *lu;
-    int mdnid, pknid;
+    int mdnid, pknid, default_mdnid;
+    int mandatory_md = 0;
     size_t i;
 
     /* TLS 1.2 callers can override lu->sig_idx, but not TLS 1.3 callers. */
@@ -2545,12 +2546,26 @@ static int has_usable_cert(SSL *s, const SIGALG_LOOKUP *sig, int idx)
         idx = sig->sig_idx;
     if (!ssl_has_cert(s, idx))
         return 0;
+    /* If the EVP_PKEY reports a mandatory digest, allow nothing else. */
+    ERR_set_mark();
+    switch (EVP_PKEY_get_default_digest_nid(s->cert->pkeys[idx].privatekey,
+                                            &default_mdnid)) {
+    case 2:
+        mandatory_md = 1;
+        break;
+    case 1:
+        break;
+    default: /* If it didn't report a mandatory NID, for whatever reasons,
+              * just clear the error and allow all hashes to be used. */
+        ERR_pop_to_mark();
+    }
     if (s->s3->tmp.peer_cert_sigalgs != NULL) {
         for (i = 0; i < s->s3->tmp.peer_cert_sigalgslen; i++) {
             lu = tls1_lookup_sigalg(s->s3->tmp.peer_cert_sigalgs[i]);
             if (lu == NULL
                 || !X509_get_signature_info(s->cert->pkeys[idx].x509, &mdnid,
-                                            &pknid, NULL, NULL))
+                                            &pknid, NULL, NULL)
+                || (mandatory_md && mdnid != default_mdnid))
                 continue;
             /*
              * TODO this does not differentiate between the
@@ -2563,7 +2578,7 @@ static int has_usable_cert(SSL *s, const SIGALG_LOOKUP *sig, int idx)
         }
         return 0;
     }
-    return 1;
+    return !mandatory_md || sig->hash == default_mdnid;
 }
 
 /*
diff --git a/deps/openssl/openssl/ssl/tls13_enc.c b/deps/openssl/openssl/ssl/tls13_enc.c
index b6825d20c2..1f956e61e9 100644
--- a/deps/openssl/openssl/ssl/tls13_enc.c
+++ b/deps/openssl/openssl/ssl/tls13_enc.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -13,14 +13,7 @@
 #include <openssl/evp.h>
 #include <openssl/kdf.h>
 
-/*
- * RFC 8446, 7.1 Key Schedule, says:
- * Note: With common hash functions, any label longer than 12 characters
- * requires an additional iteration of the hash function to compute.
- * The labels in this specification have all been chosen to fit within
- * this limit.
- */
-#define TLS13_MAX_LABEL_LEN     12
+#define TLS13_MAX_LABEL_LEN     249
 
 /* Always filled with zeros */
 static const unsigned char default_zeros[EVP_MAX_MD_SIZE];
@@ -29,12 +22,13 @@ static const unsigned char default_zeros[EVP_MAX_MD_SIZE];
  * Given a |secret|; a |label| of length |labellen|; and |data| of length
  * |datalen| (e.g. typically a hash of the handshake messages), derive a new
  * secret |outlen| bytes long and store it in the location pointed to be |out|.
- * The |data| value may be zero length. Returns 1 on success  0 on failure.
+ * The |data| value may be zero length. Any errors will be treated as fatal if
+ * |fatal| is set. Returns 1 on success  0 on failure.
  */
 int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret,
                              const unsigned char *label, size_t labellen,
                              const unsigned char *data, size_t datalen,
-                             unsigned char *out, size_t outlen)
+                             unsigned char *out, size_t outlen, int fatal)
 {
     static const unsigned char label_prefix[] = "tls13 ";
     EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
@@ -47,13 +41,28 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret,
      * + bytes for the hash itself
      */
     unsigned char hkdflabel[sizeof(uint16_t) + sizeof(uint8_t) +
-                            + sizeof(label_prefix) + TLS13_MAX_LABEL_LEN
-                            + EVP_MAX_MD_SIZE];
+                            + (sizeof(label_prefix) - 1) + TLS13_MAX_LABEL_LEN
+                            + 1 + EVP_MAX_MD_SIZE];
     WPACKET pkt;
 
     if (pctx == NULL)
         return 0;
 
+    if (labellen > TLS13_MAX_LABEL_LEN) {
+        if (fatal) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_HKDF_EXPAND,
+                     ERR_R_INTERNAL_ERROR);
+        } else {
+            /*
+             * Probably we have been called from SSL_export_keying_material(),
+             * or SSL_export_keying_material_early().
+             */
+            SSLerr(SSL_F_TLS13_HKDF_EXPAND, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL);
+        }
+        EVP_PKEY_CTX_free(pctx);
+        return 0;
+    }
+
     hashlen = EVP_MD_size(md);
 
     if (!WPACKET_init_static_len(&pkt, hkdflabel, sizeof(hkdflabel), 0)
@@ -67,8 +76,11 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret,
             || !WPACKET_finish(&pkt)) {
         EVP_PKEY_CTX_free(pctx);
         WPACKET_cleanup(&pkt);
-        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_HKDF_EXPAND,
-                 ERR_R_INTERNAL_ERROR);
+        if (fatal)
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_HKDF_EXPAND,
+                     ERR_R_INTERNAL_ERROR);
+        else
+            SSLerr(SSL_F_TLS13_HKDF_EXPAND, ERR_R_INTERNAL_ERROR);
         return 0;
     }
 
@@ -82,9 +94,13 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret,
 
     EVP_PKEY_CTX_free(pctx);
 
-    if (ret != 0)
-        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_HKDF_EXPAND,
-                 ERR_R_INTERNAL_ERROR);
+    if (ret != 0) {
+        if (fatal)
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_HKDF_EXPAND,
+                     ERR_R_INTERNAL_ERROR);
+        else
+            SSLerr(SSL_F_TLS13_HKDF_EXPAND, ERR_R_INTERNAL_ERROR);
+    }
 
     return ret == 0;
 }
@@ -99,7 +115,7 @@ int tls13_derive_key(SSL *s, const EVP_MD *md, const unsigned char *secret,
     static const unsigned char keylabel[] = "key";
 
     return tls13_hkdf_expand(s, md, secret, keylabel, sizeof(keylabel) - 1,
-                             NULL, 0, key, keylen);
+                             NULL, 0, key, keylen, 1);
 }
 
 /*
@@ -112,7 +128,7 @@ int tls13_derive_iv(SSL *s, const EVP_MD *md, const unsigned char *secret,
     static const unsigned char ivlabel[] = "iv";
 
     return tls13_hkdf_expand(s, md, secret, ivlabel, sizeof(ivlabel) - 1,
-                             NULL, 0, iv, ivlen);
+                             NULL, 0, iv, ivlen, 1);
 }
 
 int tls13_derive_finishedkey(SSL *s, const EVP_MD *md,
@@ -122,7 +138,7 @@ int tls13_derive_finishedkey(SSL *s, const EVP_MD *md,
     static const unsigned char finishedlabel[] = "finished";
 
     return tls13_hkdf_expand(s, md, secret, finishedlabel,
-                             sizeof(finishedlabel) - 1, NULL, 0, fin, finlen);
+                             sizeof(finishedlabel) - 1, NULL, 0, fin, finlen, 1);
 }
 
 /*
@@ -185,7 +201,7 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md,
         if (!tls13_hkdf_expand(s, md, prevsecret,
                                (unsigned char *)derived_secret_label,
                                sizeof(derived_secret_label) - 1, hash, mdlen,
-                               preextractsec, mdlen)) {
+                               preextractsec, mdlen, 1)) {
             /* SSLfatal() already called */
             EVP_PKEY_CTX_free(pctx);
             return 0;
@@ -307,11 +323,9 @@ int tls13_setup_key_block(SSL *s)
 {
     const EVP_CIPHER *c;
     const EVP_MD *hash;
-    int mac_type = NID_undef;
 
     s->session->cipher = s->s3->tmp.new_cipher;
-    if (!ssl_cipher_get_evp
-        (s->session, &c, &hash, &mac_type, NULL, NULL, 0)) {
+    if (!ssl_cipher_get_evp(s->session, &c, &hash, NULL, NULL, NULL, 0)) {
         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_SETUP_KEY_BLOCK,
                  SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
         return 0;
@@ -345,7 +359,7 @@ static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md,
     hashlen = (size_t)hashleni;
 
     if (!tls13_hkdf_expand(s, md, insecret, label, labellen, hash, hashlen,
-                           secret, hashlen)) {
+                           secret, hashlen, 1)) {
         /* SSLfatal() already called */
         goto err;
     }
@@ -525,7 +539,8 @@ int tls13_change_cipher_state(SSL *s, int which)
                                    early_exporter_master_secret,
                                    sizeof(early_exporter_master_secret) - 1,
                                    hashval, hashlen,
-                                   s->early_exporter_master_secret, hashlen)) {
+                                   s->early_exporter_master_secret, hashlen,
+                                   1)) {
                 SSLfatal(s, SSL_AD_INTERNAL_ERROR,
                          SSL_F_TLS13_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
                 goto err;
@@ -612,7 +627,7 @@ int tls13_change_cipher_state(SSL *s, int which)
                                resumption_master_secret,
                                sizeof(resumption_master_secret) - 1,
                                hashval, hashlen, s->resumption_master_secret,
-                               hashlen)) {
+                               hashlen, 1)) {
             /* SSLfatal() already called */
             goto err;
         }
@@ -632,7 +647,7 @@ int tls13_change_cipher_state(SSL *s, int which)
                                exporter_master_secret,
                                sizeof(exporter_master_secret) - 1,
                                hash, hashlen, s->exporter_master_secret,
-                               hashlen)) {
+                               hashlen, 1)) {
             /* SSLfatal() already called */
             goto err;
         }
@@ -746,10 +761,10 @@ int tls13_export_keying_material(SSL *s, unsigned char *out, size_t olen,
             || EVP_DigestFinal_ex(ctx, data, &datalen) <= 0
             || !tls13_hkdf_expand(s, md, s->exporter_master_secret,
                                   (const unsigned char *)label, llen,
-                                  data, datalen, exportsecret, hashsize)
+                                  data, datalen, exportsecret, hashsize, 0)
             || !tls13_hkdf_expand(s, md, exportsecret, exporterlabel,
                                   sizeof(exporterlabel) - 1, hash, hashsize,
-                                  out, olen))
+                                  out, olen, 0))
         goto err;
 
     ret = 1;
@@ -805,10 +820,10 @@ int tls13_export_keying_material_early(SSL *s, unsigned char *out, size_t olen,
             || EVP_DigestFinal_ex(ctx, data, &datalen) <= 0
             || !tls13_hkdf_expand(s, md, s->early_exporter_master_secret,
                                   (const unsigned char *)label, llen,
-                                  data, datalen, exportsecret, hashsize)
+                                  data, datalen, exportsecret, hashsize, 0)
             || !tls13_hkdf_expand(s, md, exportsecret, exporterlabel,
                                   sizeof(exporterlabel) - 1, hash, hashsize,
-                                  out, olen))
+                                  out, olen, 0))
         goto err;
 
     ret = 1;
diff --git a/deps/openssl/openssl/test/README.external b/deps/openssl/openssl/test/README.external
index f836b1b499..2f5423cbc8 100644
--- a/deps/openssl/openssl/test/README.external
+++ b/deps/openssl/openssl/test/README.external
@@ -145,7 +145,7 @@ To update the commit for any of the above test suites:
 
 - Enter subdirectory and pull from the repository (use a specific branch/tag if required):
 
-  $ cd <submodule-dir> 
+  $ cd <submodule-dir>
   $ git pull origin master
 
 - Go to root directory, there should be a new git status:
diff --git a/deps/openssl/openssl/test/bntest.c b/deps/openssl/openssl/test/bntest.c
index 0502497fe3..077f5e8d85 100644
--- a/deps/openssl/openssl/test/bntest.c
+++ b/deps/openssl/openssl/test/bntest.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -123,7 +123,7 @@ static int getint(STANZA *s, int *out, const char *attribute)
 
     *out = (int)word;
     st = 1;
-err:
+ err:
     BN_free(ret);
     return st;
 }
@@ -138,7 +138,6 @@ static int equalBN(const char *op, const BIGNUM *expected, const BIGNUM *actual)
     return 0;
 }
 
-
 /*
  * Return a "random" flag for if a BN should be negated.
  */
@@ -150,7 +149,6 @@ static int rand_neg(void)
     return sign[(neg++) % 8];
 }
 
-
 static int test_swap(void)
 {
     BIGNUM *a = NULL, *b = NULL, *c = NULL, *d = NULL;
@@ -166,7 +164,7 @@ static int test_swap(void)
     BN_bntest_rand(b, 1024, 1, 0);
     BN_copy(c, a);
     BN_copy(d, b);
-    top = BN_num_bits(a)/BN_BITS2;
+    top = BN_num_bits(a) / BN_BITS2;
 
     /* regular swap */
     BN_swap(a, b);
@@ -252,14 +250,13 @@ static int test_sub(void)
             goto err;
     }
     st = 1;
-err:
+ err:
     BN_free(a);
     BN_free(b);
     BN_free(c);
     return st;
 }
 
-
 static int test_div_recip(void)
 {
     BIGNUM *a = NULL, *b = NULL, *c = NULL, *d = NULL, *e = NULL;
@@ -293,7 +290,7 @@ static int test_div_recip(void)
             goto err;
     }
     st = 1;
-err:
+ err:
     BN_free(a);
     BN_free(b);
     BN_free(c);
@@ -303,7 +300,6 @@ err:
     return st;
 }
 
-
 static int test_mod(void)
 {
     BIGNUM *a = NULL, *b = NULL, *c = NULL, *d = NULL, *e = NULL;
@@ -328,7 +324,7 @@ static int test_mod(void)
             goto err;
     }
     st = 1;
-err:
+ err:
     BN_free(a);
     BN_free(b);
     BN_free(c);
@@ -519,6 +515,31 @@ static int test_modexp_mont5(void)
     if (!TEST_BN_eq(c, d))
         goto err;
 
+    /*
+     * rsaz_1024_mul_avx2 expects fully-reduced inputs.
+     * BN_mod_exp_mont_consttime should reduce the input first.
+     */
+    BN_hex2bn(&a,
+        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2020202020DF");
+    BN_hex2bn(&b,
+        "1FA53F26F8811C58BE0357897AA5E165693230BC9DF5F01DFA6A2D59229EC69D"
+        "9DE6A89C36E3B6957B22D6FAAD5A3C73AE587B710DBE92E83D3A9A3339A085CB"
+        "B58F508CA4F837924BB52CC1698B7FDC2FD74362456A595A5B58E38E38E38E38"
+        "E38E38E38E38E38E38E38E38E38E38E38E38E38E38E38E38E38E38E38E38E38E");
+    BN_hex2bn(&n,
+        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2020202020DF");
+    BN_MONT_CTX_set(mont, n, ctx);
+    BN_mod_exp_mont_consttime(c, a, b, n, ctx, mont);
+    BN_zero(d);
+    if (!TEST_BN_eq(c, d))
+        goto err;
+
     /* Zero input */
     BN_bntest_rand(p, 1024, 0, 0);
     BN_zero(a);
@@ -548,7 +569,7 @@ static int test_modexp_mont5(void)
 
     st = 1;
 
-err:
+ err:
     BN_MONT_CTX_free(mont);
     BN_free(a);
     BN_free(p);
@@ -1116,7 +1137,7 @@ static int file_sum(STANZA *s)
     }
     st = 1;
 
-err:
+ err:
     BN_free(a);
     BN_free(b);
     BN_free(sum);
@@ -1165,7 +1186,7 @@ static int file_lshift1(STANZA *s)
         goto err;
 
     st = 1;
-err:
+ err:
     BN_free(a);
     BN_free(lshift1);
     BN_free(zero);
@@ -1194,7 +1215,7 @@ static int file_lshift(STANZA *s)
         goto err;
 
     st = 1;
-err:
+ err:
     BN_free(a);
     BN_free(lshift);
     BN_free(ret);
@@ -1224,7 +1245,7 @@ static int file_rshift(STANZA *s)
     }
     st = 1;
 
-err:
+ err:
     BN_free(a);
     BN_free(rshift);
     BN_free(ret);
@@ -1281,7 +1302,7 @@ static int file_square(STANZA *s)
 #endif
 
     st = 1;
-err:
+ err:
     BN_free(a);
     BN_free(square);
     BN_free(zero);
@@ -1318,7 +1339,7 @@ static int file_product(STANZA *s)
         goto err;
 
     st = 1;
-err:
+ err:
     BN_free(a);
     BN_free(b);
     BN_free(product);
@@ -1401,7 +1422,7 @@ static int file_quotient(STANZA *s)
     }
 
     st = 1;
-err:
+ err:
     BN_free(a);
     BN_free(b);
     BN_free(quotient);
@@ -1455,7 +1476,7 @@ static int file_modmul(STANZA *s)
     }
 
     st = 1;
-err:
+ err:
     BN_free(a);
     BN_free(b);
     BN_free(m);
@@ -1507,7 +1528,7 @@ static int file_modexp(STANZA *s)
         goto err;
 
     st = 1;
-err:
+ err:
     BN_free(a);
     BN_free(b);
     BN_free(c);
@@ -1535,7 +1556,7 @@ static int file_exp(STANZA *s)
         goto err;
 
     st = 1;
-err:
+ err:
     BN_free(a);
     BN_free(e);
     BN_free(exp);
@@ -1566,7 +1587,7 @@ static int file_modsqrt(STANZA *s)
         goto err;
 
     st = 1;
-err:
+ err:
     BN_free(a);
     BN_free(p);
     BN_free(mod_sqrt);
@@ -1596,8 +1617,8 @@ static int test_bn2padded(void)
 
     /* Test a random numbers at various byte lengths. */
     for (size_t bytes = 128 - 7; bytes <= 128; bytes++) {
-#define TOP_BIT_ON 0
-#define BOTTOM_BIT_NOTOUCH 0
+# define TOP_BIT_ON 0
+# define BOTTOM_BIT_NOTOUCH 0
         if (!TEST_true(BN_rand(n, bytes * 8, TOP_BIT_ON, BOTTOM_BIT_NOTOUCH)))
             goto err;
         if (!TEST_int_eq(BN_num_bytes(n),A) bytes
@@ -1628,7 +1649,7 @@ static int test_bn2padded(void)
     }
 
     st = 1;
-err:
+ err:
     BN_free(n);
     return st;
 #else
@@ -1700,7 +1721,7 @@ static int test_dec2bn(void)
         goto err;
 
     st = 1;
-err:
+ err:
     BN_free(bn);
     return st;
 }
@@ -1766,7 +1787,7 @@ static int test_hex2bn(void)
         goto err;
     st = 1;
 
-err:
+ err:
     BN_free(bn);
     return st;
 }
@@ -1820,7 +1841,7 @@ static int test_asc2bn(void)
         goto err;
 
     st = 1;
-err:
+ err:
     BN_free(bn);
     return st;
 }
@@ -1864,7 +1885,7 @@ static int test_mpi(int i)
     BN_free(bn2);
 
     st = 1;
-err:
+ err:
     BN_free(bn);
     return st;
 }
@@ -1890,7 +1911,7 @@ static int test_rand(void)
         goto err;
 
     st = 1;
-err:
+ err:
     BN_free(bn);
     return st;
 }
@@ -1954,7 +1975,7 @@ static int test_negzero(void)
         goto err;
     st = 1;
 
-err:
+ err:
     BN_free(a);
     BN_free(b);
     BN_free(c);
@@ -1995,7 +2016,7 @@ static int test_badmod(void)
     ERR_clear_error();
 
     if (!TEST_false(BN_mod_exp_mont_consttime(a, BN_value_one(), BN_value_one(),
-                                             zero, ctx, NULL)))
+                                              zero, ctx, NULL)))
         goto err;
     ERR_clear_error();
 
@@ -2017,12 +2038,12 @@ static int test_badmod(void)
     ERR_clear_error();
 
     if (!TEST_false(BN_mod_exp_mont_consttime(a, BN_value_one(), BN_value_one(),
-                                  b, ctx, NULL)))
+                                              b, ctx, NULL)))
         goto err;
     ERR_clear_error();
 
     st = 1;
-err:
+ err:
     BN_free(a);
     BN_free(b);
     BN_free(zero);
@@ -2056,7 +2077,7 @@ static int test_expmodzero(void)
         goto err;
 
     st = 1;
-err:
+ err:
     BN_free(zero);
     BN_free(a);
     BN_free(r);
@@ -2102,7 +2123,7 @@ static int test_expmodone(void)
     }
 
     ret = 1;
-err:
+ err:
     BN_free(r);
     BN_free(a);
     BN_free(p);
@@ -2123,7 +2144,7 @@ static int test_smallprime(void)
         goto err;
 
     st = 1;
-err:
+ err:
     BN_free(r);
     return st;
 }
@@ -2147,7 +2168,7 @@ static int test_is_prime(int i)
     }
 
     ret = 1;
-err:
+ err:
     BN_free(r);
     return ret;
 }
@@ -2170,11 +2191,97 @@ static int test_not_prime(int i)
     }
 
     ret = 1;
-err:
+ err:
     BN_free(r);
     return ret;
 }
 
+static int test_ctx_set_ct_flag(BN_CTX *c)
+{
+    int st = 0;
+    size_t i;
+    BIGNUM *b[15];
+
+    BN_CTX_start(c);
+    for (i = 0; i < OSSL_NELEM(b); i++) {
+        if (!TEST_ptr(b[i] = BN_CTX_get(c)))
+            goto err;
+        if (i % 2 == 1)
+            BN_set_flags(b[i], BN_FLG_CONSTTIME);
+    }
+
+    st = 1;
+ err:
+    BN_CTX_end(c);
+    return st;
+}
+
+static int test_ctx_check_ct_flag(BN_CTX *c)
+{
+    int st = 0;
+    size_t i;
+    BIGNUM *b[30];
+
+    BN_CTX_start(c);
+    for (i = 0; i < OSSL_NELEM(b); i++) {
+        if (!TEST_ptr(b[i] = BN_CTX_get(c)))
+            goto err;
+        if (!TEST_false(BN_get_flags(b[i], BN_FLG_CONSTTIME)))
+            goto err;
+    }
+
+    st = 1;
+ err:
+    BN_CTX_end(c);
+    return st;
+}
+
+static int test_ctx_consttime_flag(void)
+{
+    /*-
+     * The constant-time flag should not "leak" among BN_CTX frames:
+     *
+     * - test_ctx_set_ct_flag() starts a frame in the given BN_CTX and
+     *   sets the BN_FLG_CONSTTIME flag on some of the BIGNUMs obtained
+     *   from the frame before ending it.
+     * - test_ctx_check_ct_flag() then starts a new frame and gets a
+     *   number of BIGNUMs from it. In absence of leaks, none of the
+     *   BIGNUMs in the new frame should have BN_FLG_CONSTTIME set.
+     *
+     * In actual BN_CTX usage inside libcrypto the leak could happen at
+     * any depth level in the BN_CTX stack, with varying results
+     * depending on the patterns of sibling trees of nested function
+     * calls sharing the same BN_CTX object, and the effect of
+     * unintended BN_FLG_CONSTTIME on the called BN_* functions.
+     *
+     * This simple unit test abstracts away this complexity and verifies
+     * that the leak does not happen between two sibling functions
+     * sharing the same BN_CTX object at the same level of nesting.
+     *
+     */
+    BN_CTX *nctx = NULL;
+    BN_CTX *sctx = NULL;
+    size_t i = 0;
+    int st = 0;
+
+    if (!TEST_ptr(nctx = BN_CTX_new())
+            || !TEST_ptr(sctx = BN_CTX_secure_new()))
+        goto err;
+
+    for (i = 0; i < 2; i++) {
+        BN_CTX *c = i == 0 ? nctx : sctx;
+        if (!TEST_true(test_ctx_set_ct_flag(c))
+                || !TEST_true(test_ctx_check_ct_flag(c)))
+            goto err;
+    }
+
+    st = 1;
+ err:
+    BN_CTX_free(nctx);
+    BN_CTX_free(sctx);
+    return st;
+}
+
 static int file_test_run(STANZA *s)
 {
     static const FILETEST filetests[] = {
@@ -2262,6 +2369,7 @@ int setup_tests(void)
         ADD_TEST(test_expmodone);
         ADD_TEST(test_smallprime);
         ADD_TEST(test_swap);
+        ADD_TEST(test_ctx_consttime_flag);
 #ifndef OPENSSL_NO_EC2M
         ADD_TEST(test_gf2m_add);
         ADD_TEST(test_gf2m_mod);
diff --git a/deps/openssl/openssl/test/build.info b/deps/openssl/openssl/test/build.info
index b6bb711c8b..52d4ee7d3b 100644
--- a/deps/openssl/openssl/test/build.info
+++ b/deps/openssl/openssl/test/build.info
@@ -41,7 +41,7 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN
           packettest asynctest secmemtest srptest memleaktest stack_test \
           dtlsv1listentest ct_test threadstest afalgtest d2i_test \
           ssl_test_ctx_test ssl_test x509aux cipherlist_test asynciotest \
-          bio_callback_test \
+          bio_callback_test bio_memleak_test \
           bioprinttest sslapitest dtlstest sslcorrupttest bio_enc_test \
           pkey_meth_test pkey_meth_kdf_test uitest cipherbytes_test \
           asn1_encode_test asn1_decode_test asn1_string_table_test \
@@ -299,6 +299,10 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN
   INCLUDE[bio_callback_test]=../include
   DEPEND[bio_callback_test]=../libcrypto libtestutil.a
 
+  SOURCE[bio_memleak_test]=bio_memleak_test.c
+  INCLUDE[bio_memleak_test]=../include
+  DEPEND[bio_memleak_test]=../libcrypto libtestutil.a
+
   SOURCE[bioprinttest]=bioprinttest.c
   INCLUDE[bioprinttest]=../include
   DEPEND[bioprinttest]=../libcrypto libtestutil.a
@@ -389,7 +393,6 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN
     PROGRAMS_NO_INST=shlibloadtest
     SOURCE[shlibloadtest]=shlibloadtest.c
     INCLUDE[shlibloadtest]=../include ../crypto/include
-    DEPEND[shlibloadtest]=libtestutil.a
   ENDIF
 
   IF[{- $disabled{shared} -}]
@@ -455,7 +458,7 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN
       PROGRAMS_NO_INST=sm4_internal_test
     ENDIF
     IF[{- !$disabled{ec} -}]
-      PROGRAMS_NO_INST=curve448_internal_test
+      PROGRAMS_NO_INST=ec_internal_test curve448_internal_test
     ENDIF
 
     SOURCE[poly1305_internal_test]=poly1305_internal_test.c
@@ -502,6 +505,10 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN
     INCLUDE[sm4_internal_test]=.. ../include ../crypto/include
     DEPEND[sm4_internal_test]=../libcrypto.a libtestutil.a
 
+    SOURCE[ec_internal_test]=ec_internal_test.c
+    INCLUDE[ec_internal_test]=../include ../crypto/ec ../crypto/include
+    DEPEND[ec_internal_test]=../libcrypto.a libtestutil.a
+
     SOURCE[curve448_internal_test]=curve448_internal_test.c
     INCLUDE[curve448_internal_test]=.. ../include ../crypto/ec/curve448
     DEPEND[curve448_internal_test]=../libcrypto.a libtestutil.a
diff --git a/deps/openssl/openssl/test/certs/root-cert-rsa2.pem b/deps/openssl/openssl/test/certs/root-cert-rsa2.pem
new file mode 100644
index 0000000000..b817fdf3e5
--- /dev/null
+++ b/deps/openssl/openssl/test/certs/root-cert-rsa2.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC7DCCAdSgAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjASMRAwDgYDVQQD
+DAdSb290IENBMIIBHTAIBgRVCAEBBQADggEPADCCAQoCggEBAOHmAPUGvKBGOHkP
+Px5xGRNtAt8rm3Zr/KywIe3WkQhCO6VjNexSW6CiSsXWAJQDl1o9uWco0n3jIVyk
+7cY8jY6E0Z1Uwz3ZdKKWdmdx+cYaUHez/XjuW+DjjIkjwpoi7D7UN54HzcArVREX
+OjRCHGkNOhiw7RWUXsb9nofGHOeUGpLAXwXBc0PlA94JkckkztiOi34u4DFI0YYq
+alUmeugLNk6XseCkydpcaUsDgAhWg6Mfsiq4wUz+xbFN1MABqu2+ziW97mmt9gfN
+biuhiVT1aOuYCe3JYGbLM2JKA7Bo1g6rX8E1VX79Ru6669y2oqPthX9337VoIkN+
+ZiQjr8UCAwEAAaNQME4wHQYDVR0OBBYEFI71Ja8em2uEPXyAmslTnE1y96NSMB8G
+A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wDQYJ
+KoZIhvcNAQELBQADggEBAJ0OIdog3uQ1pmsjv1Qtf1w4If1geOn5uK0EOj2wYBHt
+NxlFn7l8d9+51QMZFO+RlQJ0s3Webyo1ReuaL2dMn2LGJhWMoSBAwrMALAENU3lv
+8jioRbfO2OamsdpJpKxQUyUJYudNe+BoKNX/ry3rxezmsFsRr9nDMiJZpmBCXiMm
+mFFJOJkG0CheexBbMkua4kyStIOwO4rb5bSHszVso/9ucdGHBSC7oRcJXoWSDjBx
+PdQPPBK5g4yqL8Lz26ehgsmhRKL9k32eVyjDKcIzgpmgcPTfTqNbd1KHQJKx4ssb
+7nEpGKHalSo5Oq5L9s9qYrUv37kwBY4OpJFtmGaodoI=
+-----END CERTIFICATE-----
diff --git a/deps/openssl/openssl/test/cipherlist_test.c b/deps/openssl/openssl/test/cipherlist_test.c
index 5023c1c487..8ee491091d 100644
--- a/deps/openssl/openssl/test/cipherlist_test.c
+++ b/deps/openssl/openssl/test/cipherlist_test.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL licenses, (the "License");
  * you may not use this file except in compliance with the License.
@@ -215,9 +215,44 @@ static int test_default_cipherlist_explicit(void)
     return result;
 }
 
+/* SSL_CTX_set_cipher_list() should fail if it clears all TLSv1.2 ciphers. */
+static int test_default_cipherlist_clear(void)
+{
+    SETUP_CIPHERLIST_TEST_FIXTURE();
+    SSL *s = NULL;
+
+    if (fixture == NULL)
+        return 0;
+
+    if (!TEST_int_eq(SSL_CTX_set_cipher_list(fixture->server, "no-such"), 0))
+        goto end;
+
+    if (!TEST_int_eq(ERR_GET_REASON(ERR_get_error()), SSL_R_NO_CIPHER_MATCH))
+        goto end;
+
+    s = SSL_new(fixture->client);
+
+    if (!TEST_ptr(s))
+      goto end;
+
+    if (!TEST_int_eq(SSL_set_cipher_list(s, "no-such"), 0))
+        goto end;
+
+    if (!TEST_int_eq(ERR_GET_REASON(ERR_get_error()),
+                SSL_R_NO_CIPHER_MATCH))
+        goto end;
+
+    result = 1;
+end:
+    SSL_free(s);
+    tear_down(fixture);
+    return result;
+}
+
 int setup_tests(void)
 {
     ADD_TEST(test_default_cipherlist_implicit);
     ADD_TEST(test_default_cipherlist_explicit);
+    ADD_TEST(test_default_cipherlist_clear);
     return 1;
 }
diff --git a/deps/openssl/openssl/test/clienthellotest.c b/deps/openssl/openssl/test/clienthellotest.c
index 10e3b1b1b1..862ca9ff6c 100644
--- a/deps/openssl/openssl/test/clienthellotest.c
+++ b/deps/openssl/openssl/test/clienthellotest.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -99,8 +99,9 @@ static int test_client_hello(int currtest)
          * ClientHello is already going to be quite long. To avoid getting one
          * that is too long for this test we use a restricted ciphersuite list
          */
-        if (!TEST_true(SSL_CTX_set_cipher_list(ctx, "")))
+        if (!TEST_false(SSL_CTX_set_cipher_list(ctx, "")))
             goto end;
+        ERR_clear_error();
          /* Fall through */
     case TEST_ADD_PADDING:
     case TEST_PADDING_NOT_NEEDED:
diff --git a/deps/openssl/openssl/test/crltest.c b/deps/openssl/openssl/test/crltest.c
index 4d35fd4081..fe52282112 100644
--- a/deps/openssl/openssl/test/crltest.c
+++ b/deps/openssl/openssl/test/crltest.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -357,6 +357,20 @@ static int test_unknown_critical_crl(int n)
     return r;
 }
 
+static int test_reuse_crl(void)
+{
+    X509_CRL *reused_crl = CRL_from_strings(kBasicCRL);
+    char *p;
+    BIO *b = glue2bio(kRevokedCRL, &p);
+
+    reused_crl = PEM_read_bio_X509_CRL(b, &reused_crl, NULL, NULL);
+
+    OPENSSL_free(p);
+    BIO_free(b);
+    X509_CRL_free(reused_crl);
+    return 1;
+}
+
 int setup_tests(void)
 {
     if (!TEST_ptr(test_root = X509_from_strings(kCRLTestRoot))
@@ -368,6 +382,7 @@ int setup_tests(void)
     ADD_TEST(test_bad_issuer_crl);
     ADD_TEST(test_known_critical_crl);
     ADD_ALL_TESTS(test_unknown_critical_crl, OSSL_NELEM(unknown_critical_crls));
+    ADD_TEST(test_reuse_crl);
     return 1;
 }
 
diff --git a/deps/openssl/openssl/test/dtlstest.c b/deps/openssl/openssl/test/dtlstest.c
index 772528febf..9e6ed44382 100644
--- a/deps/openssl/openssl/test/dtlstest.c
+++ b/deps/openssl/openssl/test/dtlstest.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -87,17 +87,21 @@ static int test_dtls_unprocessed(int testidx)
     /*
      * Inject a dummy record from the next epoch. In test 0, this should never
      * get used because the message sequence number is too big. In test 1 we set
-     * the record sequence number to be way off in the future. This should not
-     * have an impact on the record replay protection because the record should
-     * be dropped before it is marked as arrived
+     * the record sequence number to be way off in the future.
      */
     c_to_s_mempacket = SSL_get_wbio(clientssl1);
     c_to_s_mempacket = BIO_next(c_to_s_mempacket);
     mempacket_test_inject(c_to_s_mempacket, (char *)certstatus,
                           sizeof(certstatus), 1, INJECT_PACKET_IGNORE_REC_SEQ);
 
-    if (!TEST_true(create_ssl_connection(serverssl1, clientssl1,
-                                         SSL_ERROR_NONE)))
+    /*
+     * Create the connection. We use "create_bare_ssl_connection" here so that
+     * we can force the connection to not do "SSL_read" once partly conencted.
+     * We don't want to accidentally read the dummy records we injected because
+     * they will fail to decrypt.
+     */
+    if (!TEST_true(create_bare_ssl_connection(serverssl1, clientssl1,
+                                              SSL_ERROR_NONE, 0)))
         goto end;
 
     if (timer_cb_count == 0) {
diff --git a/deps/openssl/openssl/test/ecdsatest.c b/deps/openssl/openssl/test/ecdsatest.c
index 96939a5b72..531562ed68 100644
--- a/deps/openssl/openssl/test/ecdsatest.c
+++ b/deps/openssl/openssl/test/ecdsatest.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
@@ -223,7 +223,7 @@ static int test_builtin(void)
     const BIGNUM *sig_r, *sig_s;
     BIGNUM *modified_r = NULL, *modified_s = NULL;
     BIGNUM *unmodified_r = NULL, *unmodified_s = NULL;
-    unsigned int sig_len, degree, r_len, s_len, bn_len, buf_len;
+    unsigned int sig_len, order, r_len, s_len, bn_len, buf_len;
     int nid, ret = 0;
 
     /* fill digest values with some random data */
@@ -251,7 +251,7 @@ static int test_builtin(void)
                 || !TEST_true(EC_KEY_set_group(eckey, group)))
             goto builtin_err;
         EC_GROUP_free(group);
-        degree = EC_GROUP_get_degree(EC_KEY_get0_group(eckey));
+        order = EC_GROUP_order_bits(EC_KEY_get0_group(eckey));
 
         TEST_info("testing %s", OBJ_nid2sn(nid));
 
@@ -316,7 +316,7 @@ static int test_builtin(void)
         /* Store the two BIGNUMs in raw_buf. */
         r_len = BN_num_bytes(sig_r);
         s_len = BN_num_bytes(sig_s);
-        bn_len = (degree + 7) / 8;
+        bn_len = (order + 7) / 8;
         if (!TEST_false(r_len > bn_len)
                 || !TEST_false(s_len > bn_len))
             goto builtin_err;
diff --git a/deps/openssl/openssl/test/evp_extra_test.c b/deps/openssl/openssl/test/evp_extra_test.c
index e396b07f5f..918c320543 100644
--- a/deps/openssl/openssl/test/evp_extra_test.c
+++ b/deps/openssl/openssl/test/evp_extra_test.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -299,6 +299,21 @@ static const unsigned char kExampleECPubKeyDER[] = {
     0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
 };
 
+/*
+ * kExampleBadECKeyDER is a sample EC public key with a wrong OID
+ * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
+ */
+static const unsigned char kExampleBadECPubKeyDER[] = {
+    0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+    0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
+    0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
+    0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
+    0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
+    0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
+    0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
+    0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
+};
+
 static const unsigned char pExampleECParamDER[] = {
     0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
 };
@@ -963,6 +978,37 @@ static int test_HKDF(void)
     return ret;
 }
 
+#ifndef OPENSSL_NO_EC
+static int test_X509_PUBKEY_inplace(void)
+{
+  int ret = 0;
+  X509_PUBKEY *xp = NULL;
+  const unsigned char *p = kExampleECPubKeyDER;
+  size_t input_len = sizeof(kExampleECPubKeyDER);
+
+  if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len)))
+    goto done;
+
+  if (!TEST_ptr(X509_PUBKEY_get0(xp)))
+    goto done;
+
+  p = kExampleBadECPubKeyDER;
+  input_len = sizeof(kExampleBadECPubKeyDER);
+
+  if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
+    goto done;
+
+  if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
+    goto done;
+
+  ret = 1;
+
+done:
+  X509_PUBKEY_free(xp);
+  return ret;
+}
+#endif
+
 int setup_tests(void)
 {
     ADD_TEST(test_EVP_DigestSignInit);
@@ -987,5 +1033,8 @@ int setup_tests(void)
         return 0;
     ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
     ADD_TEST(test_HKDF);
+#ifndef OPENSSL_NO_EC
+    ADD_TEST(test_X509_PUBKEY_inplace);
+#endif
     return 1;
 }
diff --git a/deps/openssl/openssl/test/evp_test.c b/deps/openssl/openssl/test/evp_test.c
index e7e376e657..85c1552a7a 100644
--- a/deps/openssl/openssl/test/evp_test.c
+++ b/deps/openssl/openssl/test/evp_test.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -1559,15 +1559,18 @@ static int encode_test_init(EVP_TEST *t, const char *encoding)
     } else if (strcmp(encoding, "invalid") == 0) {
         edata->encoding = BASE64_INVALID_ENCODING;
         if (!TEST_ptr(t->expected_err = OPENSSL_strdup("DECODE_ERROR")))
-            return 0;
+            goto err;
     } else {
         TEST_error("Bad encoding: %s."
                    " Should be one of {canonical, valid, invalid}",
                    encoding);
-        return 0;
+        goto err;
     }
     t->data = edata;
     return 1;
+err:
+    OPENSSL_free(edata);
+    return 0;
 }
 
 static void encode_test_cleanup(EVP_TEST *t)
@@ -1596,7 +1599,7 @@ static int encode_test_run(EVP_TEST *t)
     ENCODE_DATA *expected = t->data;
     unsigned char *encode_out = NULL, *decode_out = NULL;
     int output_len, chunk_len;
-    EVP_ENCODE_CTX *decode_ctx;
+    EVP_ENCODE_CTX *decode_ctx = NULL, *encode_ctx = NULL;
 
     if (!TEST_ptr(decode_ctx = EVP_ENCODE_CTX_new())) {
         t->err = "INTERNAL_ERROR";
@@ -1604,7 +1607,6 @@ static int encode_test_run(EVP_TEST *t)
     }
 
     if (expected->encoding == BASE64_CANONICAL_ENCODING) {
-        EVP_ENCODE_CTX *encode_ctx;
 
         if (!TEST_ptr(encode_ctx = EVP_ENCODE_CTX_new())
                 || !TEST_ptr(encode_out =
@@ -1612,15 +1614,15 @@ static int encode_test_run(EVP_TEST *t)
             goto err;
 
         EVP_EncodeInit(encode_ctx);
-        EVP_EncodeUpdate(encode_ctx, encode_out, &chunk_len,
-                         expected->input, expected->input_len);
+        if (!TEST_true(EVP_EncodeUpdate(encode_ctx, encode_out, &chunk_len,
+                                        expected->input, expected->input_len)))
+            goto err;
+
         output_len = chunk_len;
 
         EVP_EncodeFinal(encode_ctx, encode_out + chunk_len, &chunk_len);
         output_len += chunk_len;
 
-        EVP_ENCODE_CTX_free(encode_ctx);
-
         if (!memory_err_compare(t, "BAD_ENCODING",
                                 expected->output, expected->output_len,
                                 encode_out, output_len))
@@ -1658,6 +1660,7 @@ static int encode_test_run(EVP_TEST *t)
     OPENSSL_free(encode_out);
     OPENSSL_free(decode_out);
     EVP_ENCODE_CTX_free(decode_ctx);
+    EVP_ENCODE_CTX_free(encode_ctx);
     return 1;
 }
 
diff --git a/deps/openssl/openssl/test/handshake_helper.c b/deps/openssl/openssl/test/handshake_helper.c
index 40bfd3ec26..27ff794014 100644
--- a/deps/openssl/openssl/test/handshake_helper.c
+++ b/deps/openssl/openssl/test/handshake_helper.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -22,6 +22,10 @@
 #include "handshake_helper.h"
 #include "testutil.h"
 
+#if !defined(OPENSSL_NO_SCTP) && !defined(OPENSSL_NO_SOCK)
+#include <netinet/sctp.h>
+#endif
+
 HANDSHAKE_RESULT *HANDSHAKE_RESULT_new(void)
 {
     HANDSHAKE_RESULT *ret;
@@ -1282,13 +1286,33 @@ static int peer_pkey_type(SSL *s)
 #if !defined(OPENSSL_NO_SCTP) && !defined(OPENSSL_NO_SOCK)
 static int set_sock_as_sctp(int sock)
 {
+    struct sctp_assocparams assocparams;
+    struct sctp_rtoinfo rto_info;
+    BIO *tmpbio;
+
+    /*
+     * To allow tests to fail fast (within a second or so), reduce the
+     * retransmission timeouts and the number of retransmissions.
+     */
+    memset(&rto_info, 0, sizeof(struct sctp_rtoinfo));
+    rto_info.srto_initial = 100;
+    rto_info.srto_max = 200;
+    rto_info.srto_min = 50;
+    (void)setsockopt(sock, IPPROTO_SCTP, SCTP_RTOINFO,
+                     (const void *)&rto_info, sizeof(struct sctp_rtoinfo));
+    memset(&assocparams, 0, sizeof(struct sctp_assocparams));
+    assocparams.sasoc_asocmaxrxt = 2;
+    (void)setsockopt(sock, IPPROTO_SCTP, SCTP_ASSOCINFO,
+                     (const void *)&assocparams,
+                     sizeof(struct sctp_assocparams));
+
     /*
      * For SCTP we have to set various options on the socket prior to
      * connecting. This is done automatically by BIO_new_dgram_sctp().
      * We don't actually need the created BIO though so we free it again
      * immediately.
      */
-    BIO *tmpbio = BIO_new_dgram_sctp(sock, BIO_NOCLOSE);
+    tmpbio = BIO_new_dgram_sctp(sock, BIO_NOCLOSE);
 
     if (tmpbio == NULL)
         return 0;
@@ -1438,6 +1462,13 @@ static HANDSHAKE_RESULT *do_handshake_internal(
         return NULL;
     }
 
+#if !defined(OPENSSL_NO_SCTP) && !defined(OPENSSL_NO_SOCK)
+    if (test_ctx->enable_client_sctp_label_bug)
+        SSL_CTX_set_mode(client_ctx, SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG);
+    if (test_ctx->enable_server_sctp_label_bug)
+        SSL_CTX_set_mode(server_ctx, SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG);
+#endif
+
     /* Setup SSL and buffers; additional configuration happens below. */
     if (!create_peer(&server, server_ctx)) {
         TEST_note("creating server context");
diff --git a/deps/openssl/openssl/test/recipes/02-test_errstr.t b/deps/openssl/openssl/test/recipes/02-test_errstr.t
new file mode 100644
index 0000000000..3a04310e11
--- /dev/null
+++ b/deps/openssl/openssl/test/recipes/02-test_errstr.t
@@ -0,0 +1,121 @@
+#! /usr/bin/env perl
+# Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+no strict 'refs';               # To be able to use strings as function refs
+use OpenSSL::Test;
+use OpenSSL::Test::Utils;
+use Errno qw(:POSIX);
+use POSIX qw(strerror);
+
+# We actually have space for up to 4095 error messages,
+# numerically speaking...  but we're currently only using
+# numbers 1 through 127.
+# This constant should correspond to the same constant
+# defined in crypto/err/err.c, or at least must not be
+# assigned a greater number.
+use constant NUM_SYS_STR_REASONS => 127;
+
+setup('test_errstr');
+
+# In a cross compiled situation, there are chances that our
+# application is linked against different C libraries than
+# perl, and may thereby get different error messages for the
+# same error.
+# The safest is not to test under such circumstances.
+plan skip_all => 'This is unsupported for cross compiled configurations'
+    if config('CROSS_COMPILE');
+
+# The same can be said when compiling OpenSSL with mingw configuration
+# on Windows when built with msys perl.  Similar problems are also observed
+# in MSVC builds, depending on the perl implementation used.
+plan skip_all => 'This is unsupported on MSYS/MinGW or MSWin32'
+    if $^O eq 'msys' or $^O eq 'MSWin32';
+
+plan skip_all => 'OpenSSL is configured "no-autoerrinit" or "no-err"'
+    if disabled('autoerrinit') || disabled('err');
+
+# These are POSIX error names, which Errno implements as functions
+# (this is documented)
+my @posix_errors = @{$Errno::EXPORT_TAGS{POSIX}};
+
+if ($^O eq 'MSWin32') {
+    # On Windows, these errors have been observed to not always be loaded by
+    # apps/openssl, while they are in perl, which causes a difference that we
+    # consider a false alarm.  So we skip checking these errors.
+    # Because we can't know exactly what symbols exist in a perticular perl
+    # version, we resort to discovering them directly in the Errno package
+    # symbol table.
+    my @error_skiplist = qw(
+        ENETDOWN
+        ENETUNREACH
+        ENETRESET
+        ECONNABORTED
+        EISCONN
+        ENOTCONN
+        ESHUTDOWN
+        ETOOMANYREFS
+        ETIMEDOUT
+        EHOSTDOWN
+        EHOSTUNREACH
+        EALREADY
+        EINPROGRESS
+        ESTALE
+        EUCLEAN
+        ENOTNAM
+        ENAVAIL
+        ENOMEDIUM
+        ENOKEY
+    );
+    @posix_errors =
+        grep {
+            my $x = $_;
+            ! grep {
+                exists $Errno::{$_} && $x == $Errno::{$_}
+            } @error_skiplist
+        } @posix_errors;
+}
+
+plan tests => scalar @posix_errors
+    +1                          # Checking that error 128 gives 'reason(128)'
+    +1                          # Checking that error 0 gives the library name
+    ;
+
+foreach my $errname (@posix_errors) {
+    my $errnum = "Errno::$errname"->();
+
+ SKIP: {
+        skip "Error $errname ($errnum) isn't within our range", 1
+            if $errnum > NUM_SYS_STR_REASONS;
+
+        my $perr = eval {
+            # Set $! to the error number...
+            local $! = $errnum;
+            # ... and $! will give you the error string back
+            $!
+        };
+
+        # We know that the system reasons are in OpenSSL error library 2
+        my @oerr = run(app([ qw(openssl errstr), sprintf("2%06x", $errnum) ]),
+                       capture => 1);
+        $oerr[0] =~ s|\R$||;
+        $oerr[0] =~ s|.*system library:||g; # The actual message is last
+
+        ok($oerr[0] eq $perr, "($errnum) '$oerr[0]' == '$perr'");
+    }
+}
+
+my @after = run(app([ qw(openssl errstr 2000080) ]), capture => 1);
+$after[0] =~ s|\R$||;
+$after[0] =~ s|.*system library:||g;
+ok($after[0] eq "reason(128)", "(128) '$after[0]' == 'reason(128)'");
+
+my @zero = run(app([ qw(openssl errstr 2000000) ]), capture => 1);
+$zero[0] =~ s|\R$||;
+$zero[0] =~ s|.*system library:||g;
+ok($zero[0] eq "system library", "(0) '$zero[0]' == 'system library'");
diff --git a/deps/openssl/openssl/test/recipes/03-test_internal_ec.t b/deps/openssl/openssl/test/recipes/03-test_internal_ec.t
new file mode 100644
index 0000000000..0d31d0ac07
--- /dev/null
+++ b/deps/openssl/openssl/test/recipes/03-test_internal_ec.t
@@ -0,0 +1,19 @@
+#! /usr/bin/env perl
+# Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+use OpenSSL::Test;              # get 'plan'
+use OpenSSL::Test::Simple;
+use OpenSSL::Test::Utils;
+
+setup("test_internal_ec");
+
+plan skip_all => "This test is unsupported in a no-ec build"
+    if disabled("ec");
+
+simple_test("test_internal_ec", "ec_internal_test");
diff --git a/deps/openssl/openssl/test/recipes/25-test_verify.t b/deps/openssl/openssl/test/recipes/25-test_verify.t
index 6c3deab7c6..b80a1cde3e 100644
--- a/deps/openssl/openssl/test/recipes/25-test_verify.t
+++ b/deps/openssl/openssl/test/recipes/25-test_verify.t
@@ -27,7 +27,7 @@ sub verify {
     run(app([@args]));
 }
 
-plan tests => 134;
+plan tests => 135;
 
 # Canonical success
 ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]),
@@ -361,6 +361,8 @@ ok(verify("some-names2", "sslserver", ["many-constraints"], ["many-constraints"]
     "Not too many names and constraints to check (2)");
 ok(verify("some-names2", "sslserver", ["many-constraints"], ["many-constraints"], ),
     "Not too many names and constraints to check (3)");
+ok(verify("root-cert-rsa2", "sslserver", ["root-cert-rsa2"], [], "-check_ss_sig"),
+    "Public Key Algorithm rsa instead of rsaEncryption");
 
 SKIP: {
     skip "Ed25519 is not supported by this OpenSSL build", 1
diff --git a/deps/openssl/openssl/test/recipes/30-test_evp_data/evppkey.txt b/deps/openssl/openssl/test/recipes/30-test_evp_data/evppkey.txt
index f4470ff46b..736e0ce4d3 100644
--- a/deps/openssl/openssl/test/recipes/30-test_evp_data/evppkey.txt
+++ b/deps/openssl/openssl/test/recipes/30-test_evp_data/evppkey.txt
@@ -17601,6 +17601,14 @@ Key = ED25519-1-PUBLIC-Raw
 Input = ""
 Output = e5564300c360ac729086e2cc806e828a84877f1eb8e5d974d873e065224901555fb8821590a33bacc61e39701cf9b46bd25bf5f0595bbe24655141438e7a100b
 
+#Signature maleability test.
+#Same as the verify operation above but with the order added to s
+OneShotDigestVerify = NULL
+Key = ED25519-1-PUBLIC-Raw
+Input = ""
+Output = e5564300c360ac729086e2cc806e828a84877f1eb8e5d974d873e065224901554c8c7872aa064e049dbb3013fbf29380d25bf5f0595bbe24655141438e7a101b
+Result = VERIFY_ERROR
+
 Title = ED448 tests from RFC8032
 
 PrivateKey=ED448-1
@@ -17809,6 +17817,13 @@ Key = ED448-1-PUBLIC-Raw
 Input = ""
 Output = 533a37f6bbe457251f023c0d88f976ae2dfb504a843e34d2074fd823d41a591f2b233f034f628281f2fd7a22ddd47d7828c59bd0a21bfd3980ff0d2028d4b18a9df63e006c5d1c2d345b925d8dc00b4104852db99ac5c7cdda8530a113a0f4dbb61149f05a7363268c71d95808ff2e652600
 
+#Signature malelability test.
+#Same as the verify operation above but with the order added to s
+OneShotDigestVerify = NULL
+Key = ED448-1-PUBLIC-Raw
+Input = ""
+Output = 533a37f6bbe457251f023c0d88f976ae2dfb504a843e34d2074fd823d41a591f2b233f034f628281f2fd7a22ddd47d7828c59bd0a21bfd3980f25278d3667403c14bcec5f9cfde9955ebc8333c0ae78fc86e518317c5c7cdda8530a113a0f4dbb61149f05a7363268c71d95808ff2e656600
+Result = VERIFY_ERROR
 
 # Key generation tests
 KeyGen = rsaEncryption
diff --git a/deps/openssl/openssl/test/recipes/70-test_sslextension.t b/deps/openssl/openssl/test/recipes/70-test_sslextension.t
index 20e1933f00..469567cb72 100644
--- a/deps/openssl/openssl/test/recipes/70-test_sslextension.t
+++ b/deps/openssl/openssl/test/recipes/70-test_sslextension.t
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -88,9 +88,11 @@ sub inject_duplicate_extension
     foreach my $message (@{$proxy->message_list}) {
         if ($message->mt == $message_type) {
           my %extensions = %{$message->extension_data};
-            # Add a duplicate (unknown) extension.
-            $message->set_extension(TLSProxy::Message::EXT_DUPLICATE_EXTENSION, "");
-            $message->set_extension(TLSProxy::Message::EXT_DUPLICATE_EXTENSION, "");
+            # Add a duplicate extension. We use cryptopro_bug since we never
+            # normally write that one, and it is allowed as unsolicited in the
+            # ServerHello
+            $message->set_extension(TLSProxy::Message::EXT_CRYPTOPRO_BUG_EXTENSION, "");
+            $message->dupext(TLSProxy::Message::EXT_CRYPTOPRO_BUG_EXTENSION);
             $message->repack();
         }
     }
@@ -173,9 +175,23 @@ sub inject_unsolicited_extension
     $sent_unsolisited_extension = 1;
 }
 
+sub inject_cryptopro_extension
+{
+    my $proxy = shift;
+
+    # We're only interested in the initial ClientHello
+    if ($proxy->flight != 0) {
+        return;
+    }
+
+    my $message = ${$proxy->message_list}[0];
+    $message->set_extension(TLSProxy::Message::EXT_CRYPTOPRO_BUG_EXTENSION, "");
+    $message->repack();
+}
+
 # Test 1-2: Sending a duplicate extension should fail.
 $proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
-plan tests => 7;
+plan tests => 8;
 ok($fatal_alert, "Duplicate ClientHello extension");
 
 $fatal_alert = 0;
@@ -234,3 +250,11 @@ SKIP: {
     $proxy->start();
     ok($fatal_alert, "Unsolicited server name extension (TLSv1.3)");
 }
+
+#Test 8: Send the cryptopro extension in a ClientHello. Normally this is an
+#        unsolicited extension only ever seen in the ServerHello. We should
+#        ignore it in a ClientHello
+$proxy->clear();
+$proxy->filter(\&inject_cryptopro_extension);
+$proxy->start();
+ok(TLSProxy::Message->success(), "Cryptopro extension in ClientHello");
diff --git a/deps/openssl/openssl/test/recipes/70-test_sslrecords.t b/deps/openssl/openssl/test/recipes/70-test_sslrecords.t
index 1233028386..bb4e3543af 100644
--- a/deps/openssl/openssl/test/recipes/70-test_sslrecords.t
+++ b/deps/openssl/openssl/test/recipes/70-test_sslrecords.t
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -44,7 +44,7 @@ my $content_type = TLSProxy::Record::RT_APPLICATION_DATA;
 my $inject_recs_num = 1;
 $proxy->serverflags("-tls1_2");
 $proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
-plan tests => 18;
+plan tests => 20;
 ok($fatal_alert, "Out of context empty records test");
 
 #Test 2: Injecting in context empty records should succeed
@@ -155,7 +155,7 @@ ok($fatal_alert, "Changed record version in TLS1.2");
 
 #TLS1.3 specific tests
 SKIP: {
-    skip "TLSv1.3 disabled", 6 if disabled("tls1_3");
+    skip "TLSv1.3 disabled", 8 if disabled("tls1_3");
 
     #Test 13: Sending a different record version in TLS1.3 should fail
     $proxy->clear();
@@ -181,7 +181,9 @@ SKIP: {
     use constant {
         DATA_AFTER_SERVER_HELLO => 0,
         DATA_AFTER_FINISHED => 1,
-        DATA_AFTER_KEY_UPDATE => 2
+        DATA_AFTER_KEY_UPDATE => 2,
+        DATA_BETWEEN_KEY_UPDATE => 3,
+        NO_DATA_BETWEEN_KEY_UPDATE => 4,
     };
 
     #Test 16: Sending a ServerHello which doesn't end on a record boundary
@@ -198,7 +200,6 @@ SKIP: {
     $fatal_alert = 0;
     $proxy->clear();
     $boundary_test_type = DATA_AFTER_FINISHED;
-    $proxy->filter(\&not_on_record_boundary);
     $proxy->start();
     ok($fatal_alert, "Record not on boundary in TLS1.3 (Finished)");
 
@@ -207,9 +208,24 @@ SKIP: {
     $fatal_alert = 0;
     $proxy->clear();
     $boundary_test_type = DATA_AFTER_KEY_UPDATE;
-    $proxy->filter(\&not_on_record_boundary);
     $proxy->start();
     ok($fatal_alert, "Record not on boundary in TLS1.3 (KeyUpdate)");
+
+    #Test 19: Sending application data in the middle of a fragmented KeyUpdate
+    #         should fail. Strictly speaking this is not a record boundary test
+    #         but we use the same filter.
+    $fatal_alert = 0;
+    $proxy->clear();
+    $boundary_test_type = DATA_BETWEEN_KEY_UPDATE;
+    $proxy->start();
+    ok($fatal_alert, "Data between KeyUpdate");
+
+    #Test 20: Fragmented KeyUpdate. This should succeed. Strictly speaking this
+    #         is not a record boundary test but we use the same filter.
+    $proxy->clear();
+    $boundary_test_type = NO_DATA_BETWEEN_KEY_UPDATE;
+    $proxy->start();
+    ok(TLSProxy::Message->success(), "No data between KeyUpdate");
  }
 
 
@@ -573,7 +589,7 @@ sub not_on_record_boundary
         #Update the record
         $last_record->data($data);
         $last_record->len(length $data);
-    } else {
+    } elsif ($boundary_test_type == DATA_AFTER_KEY_UPDATE) {
         return if @{$proxy->{message_list}}[-1]->{mt}
                   != TLSProxy::Message::MT_FINISHED;
 
@@ -605,5 +621,79 @@ sub not_on_record_boundary
         $record->data($data);
         $record->len(length $data);
         push @{$records}, $record;
+    } else {
+        return if @{$proxy->{message_list}}[-1]->{mt}
+                  != TLSProxy::Message::MT_FINISHED;
+
+        my $record = TLSProxy::Record->new(
+            1,
+            TLSProxy::Record::RT_APPLICATION_DATA,
+            TLSProxy::Record::VERS_TLS_1_2,
+            0,
+            0,
+            0,
+            0,
+            "",
+            ""
+        );
+
+        #Add a partial KeyUpdate message into the record
+        $data = pack "C1",
+            0x18; # KeyUpdate message type. Omit the rest of the message header
+
+        #Add content type and tag
+        $data .= pack("C", TLSProxy::Record::RT_HANDSHAKE).("\0"x16);
+
+        $record->data($data);
+        $record->len(length $data);
+        push @{$records}, $record;
+
+        if ($boundary_test_type == DATA_BETWEEN_KEY_UPDATE) {
+            #Now add an app data record
+            $record = TLSProxy::Record->new(
+                1,
+                TLSProxy::Record::RT_APPLICATION_DATA,
+                TLSProxy::Record::VERS_TLS_1_2,
+                0,
+                0,
+                0,
+                0,
+                "",
+                ""
+            );
+
+            #Add an empty app data record (just content type and tag)
+            $data = pack("C", TLSProxy::Record::RT_APPLICATION_DATA).("\0"x16);
+
+            $record->data($data);
+            $record->len(length $data);
+            push @{$records}, $record;
+        }
+
+        #Now add the rest of the KeyUpdate message
+        $record = TLSProxy::Record->new(
+            1,
+            TLSProxy::Record::RT_APPLICATION_DATA,
+            TLSProxy::Record::VERS_TLS_1_2,
+            0,
+            0,
+            0,
+            0,
+            "",
+            ""
+        );
+
+        #Add the last 4 bytes of the KeyUpdate record
+        $data = pack "C4",
+            0x00, 0x00, 0x01, # Message length
+            0x00; # Update not requested
+
+        #Add content type and tag
+        $data .= pack("C", TLSProxy::Record::RT_HANDSHAKE).("\0"x16);
+
+        $record->data($data);
+        $record->len(length $data);
+        push @{$records}, $record;
+
     }
 }
diff --git a/deps/openssl/openssl/test/recipes/80-test_ssl_new.t b/deps/openssl/openssl/test/recipes/80-test_ssl_new.t
index db2271c388..81d8f59a70 100644
--- a/deps/openssl/openssl/test/recipes/80-test_ssl_new.t
+++ b/deps/openssl/openssl/test/recipes/80-test_ssl_new.t
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -28,7 +28,7 @@ map { s/\^// } @conf_files if $^O eq "VMS";
 
 # We hard-code the number of tests to double-check that the globbing above
 # finds all files as expected.
-plan tests => 28;  # = scalar @conf_srcs
+plan tests => 29;  # = scalar @conf_srcs
 
 # Some test results depend on the configuration of enabled protocols. We only
 # verify generated sources in the default configuration.
@@ -102,6 +102,7 @@ my %skip = (
   "24-padding.conf" => disabled("tls1_3"),
   "25-cipher.conf" => disabled("ec") || disabled("tls1_2"),
   "26-tls13_client_auth.conf" => disabled("tls1_3"),
+  "29-dtls-sctp-label-bug.conf" => disabled("sctp") || disabled("sock"),
 );
 
 foreach my $conf (@conf_files) {
diff --git a/deps/openssl/openssl/test/recipes/90-test_bio_memleak.t b/deps/openssl/openssl/test/recipes/90-test_bio_memleak.t
new file mode 100644
index 0000000000..1e063ed03d
--- /dev/null
+++ b/deps/openssl/openssl/test/recipes/90-test_bio_memleak.t
@@ -0,0 +1,12 @@
+#! /usr/bin/env perl
+# Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use OpenSSL::Test::Simple;
+
+simple_test("test_bio_memleak", "bio_memleak_test");
diff --git a/deps/openssl/openssl/test/recipes/90-test_gost.t b/deps/openssl/openssl/test/recipes/90-test_gost.t
index c7bbb4edd8..de9b0bfa04 100644
--- a/deps/openssl/openssl/test/recipes/90-test_gost.t
+++ b/deps/openssl/openssl/test/recipes/90-test_gost.t
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -12,11 +12,11 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/;
 setup("test_gost");
 
 # The GOST ciphers are dynamically loaded via the GOST engine, so we must be
-# able to support that. The engine also uses DSA and CMS symbols, so we skip
-# this test on no-dsa or no-cms.
+# able to support that. The engine also uses DSA, CMS and CMAC symbols, so we
+# skip this test on no-dsa, no-cms or no-cmac.
 plan skip_all => "GOST support is disabled in this OpenSSL build"
     if disabled("gost") || disabled("engine") || disabled("dynamic-engine")
-       || disabled("dsa") || disabled("cms");
+       || disabled("dsa") || disabled("cms") || disabled("cmac");
 
 plan skip_all => "TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build"
     if disabled("tls1_3") || disabled("tls1_2");
diff --git a/deps/openssl/openssl/test/recipes/90-test_includes.t b/deps/openssl/openssl/test/recipes/90-test_includes.t
index 5169700c4c..c6a86fc009 100644
--- a/deps/openssl/openssl/test/recipes/90-test_includes.t
+++ b/deps/openssl/openssl/test/recipes/90-test_includes.t
@@ -11,11 +11,13 @@ plan skip_all => "test_includes doesn't work without posix-io"
     if disabled("posix-io");
 
 plan tests =>                   # The number of tests being performed
-    3
+    5
     + ($^O eq "VMS" ? 2 : 0);
 
 ok(run(test(["conf_include_test", data_file("includes.cnf")])), "test directory includes");
 ok(run(test(["conf_include_test", data_file("includes-file.cnf")])), "test file includes");
+ok(run(test(["conf_include_test", data_file("includes-eq.cnf")])), "test includes with equal character");
+ok(run(test(["conf_include_test", data_file("includes-eq-ws.cnf")])), "test includes with equal and whitespaces");
 if ($^O eq "VMS") {
     ok(run(test(["conf_include_test", data_file("vms-includes.cnf")])),
        "test directory includes, VMS syntax");
diff --git a/deps/openssl/openssl/test/recipes/90-test_includes_data/includes-eq-ws.cnf b/deps/openssl/openssl/test/recipes/90-test_includes_data/includes-eq-ws.cnf
new file mode 100644
index 0000000000..38109a7ab3
--- /dev/null
+++ b/deps/openssl/openssl/test/recipes/90-test_includes_data/includes-eq-ws.cnf
@@ -0,0 +1,5 @@
+#
+# Example configuration file using includes.
+#
+
+.include = conf-includes
diff --git a/deps/openssl/openssl/test/recipes/90-test_includes_data/includes-eq.cnf b/deps/openssl/openssl/test/recipes/90-test_includes_data/includes-eq.cnf
new file mode 100644
index 0000000000..9d3715854b
--- /dev/null
+++ b/deps/openssl/openssl/test/recipes/90-test_includes_data/includes-eq.cnf
@@ -0,0 +1,5 @@
+#
+# Example configuration file using includes.
+#
+
+.include=conf-includes
diff --git a/deps/openssl/openssl/test/recipes/90-test_shlibload.t b/deps/openssl/openssl/test/recipes/90-test_shlibload.t
index 2761d58502..8372a61e88 100644
--- a/deps/openssl/openssl/test/recipes/90-test_shlibload.t
+++ b/deps/openssl/openssl/test/recipes/90-test_shlibload.t
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -8,6 +8,7 @@
 
 use OpenSSL::Test qw/:DEFAULT bldtop_dir bldtop_file/;
 use OpenSSL::Test::Utils;
+use File::Temp qw(tempfile);
 
 #Load configdata.pm
 
@@ -19,8 +20,10 @@ use configdata;
 
 plan skip_all => "Test only supported in a shared build" if disabled("shared");
 plan skip_all => "Test is disabled on AIX" if config('target') =~ m|^aix|;
+plan skip_all => "Test is disabled on VMS" if config('target') =~ m|^vms|;
+plan skip_all => "Test only supported in a dso build" if disabled("dso");
 
-plan tests => 4;
+plan tests => 10;
 
 # When libssl and libcrypto are compiled on Linux with "-rpath", but not
 # "--enable-new-dtags", the RPATH takes precedence over LD_LIBRARY_PATH,
@@ -30,14 +33,31 @@ plan tests => 4;
 my $libcrypto = bldtop_file(shlib('libcrypto'));
 my $libssl = bldtop_file(shlib('libssl'));
 
-ok(run(test(["shlibloadtest", "-crypto_first", $libcrypto, $libssl])),
-   "running shlibloadtest -crypto_first");
-ok(run(test(["shlibloadtest", "-ssl_first", $libcrypto, $libssl])),
-   "running shlibloadtest -ssl_first");
-ok(run(test(["shlibloadtest", "-just_crypto", $libcrypto, $libssl])),
-   "running shlibloadtest -just_crypto");
-ok(run(test(["shlibloadtest", "-dso_ref", $libcrypto, $libssl])),
-   "running shlibloadtest -dso_ref");
+(my $fh, my $filename) = tempfile();
+ok(run(test(["shlibloadtest", "-crypto_first", $libcrypto, $libssl, $filename])),
+   "running shlibloadtest -crypto_first $filename");
+ok(check_atexit($fh));
+unlink $filename;
+($fh, $filename) = tempfile();
+ok(run(test(["shlibloadtest", "-ssl_first", $libcrypto, $libssl, $filename])),
+   "running shlibloadtest -ssl_first $filename");
+ok(check_atexit($fh));
+unlink $filename;
+($fh, $filename) = tempfile();
+ok(run(test(["shlibloadtest", "-just_crypto", $libcrypto, $libssl, $filename])),
+   "running shlibloadtest -just_crypto $filename");
+ok(check_atexit($fh));
+unlink $filename;
+($fh, $filename) = tempfile();
+ok(run(test(["shlibloadtest", "-dso_ref", $libcrypto, $libssl, $filename])),
+   "running shlibloadtest -dso_ref $filename");
+ok(check_atexit($fh));
+unlink $filename;
+($fh, $filename) = tempfile();
+ok(run(test(["shlibloadtest", "-no_atexit", $libcrypto, $libssl, $filename])),
+   "running shlibloadtest -no_atexit $filename");
+ok(!check_atexit($fh));
+unlink $filename;
 
 sub shlib {
     my $lib = shift;
@@ -50,3 +70,12 @@ sub shlib {
              |.$config{shlib_version_number}|x;
     return $lib;
 }
+
+sub check_atexit {
+    my $fh = shift;
+    my $data = <$fh>;
+
+    return 1 if (defined $data && $data =~ m/atexit\(\) run/);
+
+    return 0;
+}
diff --git a/deps/openssl/openssl/test/shlibloadtest.c b/deps/openssl/openssl/test/shlibloadtest.c
index 53714aa125..86bbfcd849 100644
--- a/deps/openssl/openssl/test/shlibloadtest.c
+++ b/deps/openssl/openssl/test/shlibloadtest.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -14,13 +14,14 @@
 #include <openssl/ssl.h>
 #include <openssl/ossl_typ.h>
 #include "internal/dso_conf.h"
-#include "testutil.h"
 
 typedef void DSO;
 
 typedef const SSL_METHOD * (*TLS_method_t)(void);
 typedef SSL_CTX * (*SSL_CTX_new_t)(const SSL_METHOD *meth);
 typedef void (*SSL_CTX_free_t)(SSL_CTX *);
+typedef int (*OPENSSL_init_crypto_t)(uint64_t, void *);
+typedef int (*OPENSSL_atexit_t)(void (*handler)(void));
 typedef unsigned long (*ERR_get_error_t)(void);
 typedef unsigned long (*OpenSSL_version_num_t)(void);
 typedef DSO * (*DSO_dsobyaddr_t)(void (*addr)(void), int flags);
@@ -30,12 +31,14 @@ typedef enum test_types_en {
     CRYPTO_FIRST,
     SSL_FIRST,
     JUST_CRYPTO,
-    DSO_REFTEST
+    DSO_REFTEST,
+    NO_ATEXIT
 } TEST_TYPE;
 
 static TEST_TYPE test_type;
 static const char *path_crypto;
 static const char *path_ssl;
+static const char *path_atexit;
 
 #ifdef DSO_DLFCN
 
@@ -99,6 +102,20 @@ static int shlib_close(SHLIB lib)
 
 #if defined(DSO_DLFCN) || defined(DSO_WIN32)
 
+static int atexit_handler_done = 0;
+
+static void atexit_handler(void)
+{
+    FILE *atexit_file = fopen(path_atexit, "w");
+
+    if (atexit_file == NULL)
+        return;
+
+    fprintf(atexit_file, "atexit() run\n");
+    fclose(atexit_file);
+    atexit_handler_done++;
+}
+
 static int test_lib(void)
 {
     SHLIB ssllib = SHLIB_INIT;
@@ -113,64 +130,93 @@ static int test_lib(void)
     SSL_CTX_free_t mySSL_CTX_free;
     ERR_get_error_t myERR_get_error;
     OpenSSL_version_num_t myOpenSSL_version_num;
+    OPENSSL_atexit_t myOPENSSL_atexit;
     int result = 0;
 
     switch (test_type) {
     case JUST_CRYPTO:
-        if (!TEST_true(shlib_load(path_crypto, &cryptolib)))
-            goto end;
-        break;
+    case DSO_REFTEST:
+    case NO_ATEXIT:
     case CRYPTO_FIRST:
-        if (!TEST_true(shlib_load(path_crypto, &cryptolib))
-                || !TEST_true(shlib_load(path_ssl, &ssllib)))
+        if (!shlib_load(path_crypto, &cryptolib)) {
+            fprintf(stderr, "Failed to load libcrypto\n");
             goto end;
-        break;
+        }
+        if (test_type != CRYPTO_FIRST)
+            break;
+        /* Fall through */
+
     case SSL_FIRST:
-        if (!TEST_true(shlib_load(path_ssl, &ssllib))
-                || !TEST_true(shlib_load(path_crypto, &cryptolib)))
+        if (!shlib_load(path_ssl, &ssllib)) {
+            fprintf(stderr, "Failed to load libssl\n");
             goto end;
-        break;
-    case DSO_REFTEST:
-        if (!TEST_true(shlib_load(path_crypto, &cryptolib)))
+        }
+        if (test_type != SSL_FIRST)
+            break;
+        if (!shlib_load(path_crypto, &cryptolib)) {
+            fprintf(stderr, "Failed to load libcrypto\n");
             goto end;
+        }
         break;
     }
 
-    if (test_type != JUST_CRYPTO && test_type != DSO_REFTEST) {
-        if (!TEST_true(shlib_sym(ssllib, "TLS_method", &symbols[0].sym))
-                || !TEST_true(shlib_sym(ssllib, "SSL_CTX_new", &symbols[1].sym))
-                || !TEST_true(shlib_sym(ssllib, "SSL_CTX_free", &symbols[2].sym)))
+    if (test_type == NO_ATEXIT) {
+        OPENSSL_init_crypto_t myOPENSSL_init_crypto;
+
+        if (!shlib_sym(cryptolib, "OPENSSL_init_crypto", &symbols[0].sym)) {
+            fprintf(stderr, "Failed to load OPENSSL_init_crypto symbol\n");
+            goto end;
+        }
+        myOPENSSL_init_crypto = (OPENSSL_init_crypto_t)symbols[0].func;
+        if (!myOPENSSL_init_crypto(OPENSSL_INIT_NO_ATEXIT, NULL)) {
+            fprintf(stderr, "Failed to initialise libcrypto\n");
+            goto end;
+        }
+    }
+
+    if (test_type != JUST_CRYPTO
+            && test_type != DSO_REFTEST
+            && test_type != NO_ATEXIT) {
+        if (!shlib_sym(ssllib, "TLS_method", &symbols[0].sym)
+                || !shlib_sym(ssllib, "SSL_CTX_new", &symbols[1].sym)
+                || !shlib_sym(ssllib, "SSL_CTX_free", &symbols[2].sym)) {
+            fprintf(stderr, "Failed to load libssl symbols\n");
             goto end;
+        }
         myTLS_method = (TLS_method_t)symbols[0].func;
         mySSL_CTX_new = (SSL_CTX_new_t)symbols[1].func;
         mySSL_CTX_free = (SSL_CTX_free_t)symbols[2].func;
-        if (!TEST_ptr(ctx = mySSL_CTX_new(myTLS_method())))
+        ctx = mySSL_CTX_new(myTLS_method());
+        if (ctx == NULL) {
+            fprintf(stderr, "Failed to create SSL_CTX\n");
             goto end;
+        }
         mySSL_CTX_free(ctx);
     }
 
-    if (!TEST_true(shlib_sym(cryptolib, "ERR_get_error", &symbols[0].sym))
-            || !TEST_true(shlib_sym(cryptolib, "OpenSSL_version_num",
-                                    &symbols[1].sym)))
+    if (!shlib_sym(cryptolib, "ERR_get_error", &symbols[0].sym)
+           || !shlib_sym(cryptolib, "OpenSSL_version_num", &symbols[1].sym)
+           || !shlib_sym(cryptolib, "OPENSSL_atexit", &symbols[2].sym)) {
+        fprintf(stderr, "Failed to load libcrypto symbols\n");
         goto end;
+    }
     myERR_get_error = (ERR_get_error_t)symbols[0].func;
-    if (!TEST_int_eq(myERR_get_error(), 0))
+    if (myERR_get_error() != 0) {
+        fprintf(stderr, "Unexpected ERR_get_error() response\n");
         goto end;
+    }
 
-    /*
-     * The bits that COMPATIBILITY_MASK lets through MUST be the same in
-     * the library and in the application.
-     * The bits that are masked away MUST be a larger or equal number in
-     * the library compared to the application.
-     */
-# define COMPATIBILITY_MASK 0xfff00000L
     myOpenSSL_version_num = (OpenSSL_version_num_t)symbols[1].func;
-    if (!TEST_int_eq(myOpenSSL_version_num() & COMPATIBILITY_MASK,
-                     OPENSSL_VERSION_NUMBER & COMPATIBILITY_MASK))
+    if (myOpenSSL_version_num()  != OPENSSL_VERSION_NUMBER) {
+        fprintf(stderr, "Invalid library version number\n");
         goto end;
-    if (!TEST_int_ge(myOpenSSL_version_num() & ~COMPATIBILITY_MASK,
-                     OPENSSL_VERSION_NUMBER & ~COMPATIBILITY_MASK))
+    }
+
+    myOPENSSL_atexit = (OPENSSL_atexit_t)symbols[2].func;
+    if (!myOPENSSL_atexit(atexit_handler)) {
+        fprintf(stderr, "Failed to register atexit handler\n");
         goto end;
+    }
 
     if (test_type == DSO_REFTEST) {
 # ifdef DSO_DLFCN
@@ -185,10 +231,11 @@ static int test_lib(void)
          * will always return an error, because DSO_pathbyaddr() is not
          * implemented there.
          */
-        if (!TEST_true(shlib_sym(cryptolib, "DSO_dsobyaddr", &symbols[0].sym))
-                || !TEST_true(shlib_sym(cryptolib, "DSO_free",
-                                        &symbols[1].sym)))
+        if (!shlib_sym(cryptolib, "DSO_dsobyaddr", &symbols[0].sym)
+                || !shlib_sym(cryptolib, "DSO_free", &symbols[1].sym)) {
+            fprintf(stderr, "Unable to load DSO symbols\n");
             goto end;
+        }
 
         myDSO_dsobyaddr = (DSO_dsobyaddr_t)symbols[0].func;
         myDSO_free = (DSO_free_t)symbols[1].func;
@@ -196,33 +243,44 @@ static int test_lib(void)
         {
             DSO *hndl;
             /* use known symbol from crypto module */
-            if (!TEST_ptr(hndl = myDSO_dsobyaddr((void (*)(void))ERR_get_error, 0)))
+            hndl = myDSO_dsobyaddr((void (*)(void))myERR_get_error, 0);
+            if (hndl == NULL) {
+                fprintf(stderr, "DSO_dsobyaddr() failed\n");
                 goto end;
+            }
             myDSO_free(hndl);
         }
 # endif /* DSO_DLFCN */
     }
 
-    switch (test_type) {
-    case JUST_CRYPTO:
-        if (!TEST_true(shlib_close(cryptolib)))
-            goto end;
-        break;
-    case CRYPTO_FIRST:
-        if (!TEST_true(shlib_close(cryptolib))
-                || !TEST_true(shlib_close(ssllib)))
-            goto end;
-        break;
-    case SSL_FIRST:
-        if (!TEST_true(shlib_close(ssllib))
-                || !TEST_true(shlib_close(cryptolib)))
-            goto end;
-        break;
-    case DSO_REFTEST:
-        if (!TEST_true(shlib_close(cryptolib)))
+    if (!shlib_close(cryptolib)) {
+        fprintf(stderr, "Failed to close libcrypto\n");
+        goto end;
+    }
+
+    if (test_type == CRYPTO_FIRST || test_type == SSL_FIRST) {
+        if (!shlib_close(ssllib)) {
+            fprintf(stderr, "Failed to close libssl\n");
             goto end;
-        break;
+        }
+    }
+
+# if defined(OPENSSL_NO_PINSHARED) \
+    && defined(__GLIBC__) \
+    && defined(__GLIBC_PREREQ) \
+    && defined(OPENSSL_SYS_LINUX)
+#  if __GLIBC_PREREQ(2, 3)
+    /*
+     * If we didn't pin the so then we are hopefully on a platform that supports
+     * running atexit() on so unload. If not we might crash. We know this is
+     * true on linux since glibc 2.2.3
+     */
+    if (test_type != NO_ATEXIT && atexit_handler_done != 1) {
+        fprintf(stderr, "atexit() handler did not run\n");
+        goto end;
     }
+#  endif
+# endif
 
     result = 1;
 end:
@@ -231,9 +289,21 @@ end:
 #endif
 
 
-int setup_tests(void)
+/*
+ * shlibloadtest should not use the normal test framework because we don't want
+ * it to link against libcrypto (which the framework uses). The point of the
+ * test is to check dynamic loading and unloading of libcrypto/libssl.
+ */
+int main(int argc, char *argv[])
 {
-    const char *p = test_get_argument(0);
+    const char *p;
+
+    if (argc != 5) {
+        fprintf(stderr, "Incorrect number of arguments\n");
+        return 1;
+    }
+
+    p = argv[1];
 
     if (strcmp(p, "-crypto_first") == 0) {
         test_type = CRYPTO_FIRST;
@@ -242,17 +312,24 @@ int setup_tests(void)
     } else if (strcmp(p, "-just_crypto") == 0) {
         test_type = JUST_CRYPTO;
     } else if (strcmp(p, "-dso_ref") == 0) {
-        test_type = JUST_CRYPTO;
+        test_type = DSO_REFTEST;
+    } else if (strcmp(p, "-no_atexit") == 0) {
+        test_type = NO_ATEXIT;
     } else {
-        TEST_error("Unrecognised argument");
-        return 0;
+        fprintf(stderr, "Unrecognised argument\n");
+        return 1;
+    }
+    path_crypto = argv[2];
+    path_ssl = argv[3];
+    path_atexit = argv[4];
+    if (path_crypto == NULL || path_ssl == NULL) {
+        fprintf(stderr, "Invalid libcrypto/libssl path\n");
+        return 1;
     }
-    if (!TEST_ptr(path_crypto = test_get_argument(1))
-            || !TEST_ptr(path_ssl = test_get_argument(2)))
-        return 0;
 
 #if defined(DSO_DLFCN) || defined(DSO_WIN32)
-    ADD_TEST(test_lib);
+    if (!test_lib())
+        return 1;
 #endif
-    return 1;
+    return 0;
 }
diff --git a/deps/openssl/openssl/test/ssl-tests/29-dtls-sctp-label-bug.conf b/deps/openssl/openssl/test/ssl-tests/29-dtls-sctp-label-bug.conf
new file mode 100644
index 0000000000..2cd9bb1389
--- /dev/null
+++ b/deps/openssl/openssl/test/ssl-tests/29-dtls-sctp-label-bug.conf
@@ -0,0 +1,114 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 4
+
+test-0 = 0-SCTPLabelBug-good1
+test-1 = 1-SCTPLabelBug-good2
+test-2 = 2-SCTPLabelBug-bad1
+test-3 = 3-SCTPLabelBug-bad2
+# ===========================================================
+
+[0-SCTPLabelBug-good1]
+ssl_conf = 0-SCTPLabelBug-good1-ssl
+
+[0-SCTPLabelBug-good1-ssl]
+server = 0-SCTPLabelBug-good1-server
+client = 0-SCTPLabelBug-good1-client
+
+[0-SCTPLabelBug-good1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-SCTPLabelBug-good1-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+EnableClientSCTPLabelBug = No
+EnableServerSCTPLabelBug = No
+ExpectedResult = Success
+Method = DTLS
+UseSCTP = Yes
+
+
+# ===========================================================
+
+[1-SCTPLabelBug-good2]
+ssl_conf = 1-SCTPLabelBug-good2-ssl
+
+[1-SCTPLabelBug-good2-ssl]
+server = 1-SCTPLabelBug-good2-server
+client = 1-SCTPLabelBug-good2-client
+
+[1-SCTPLabelBug-good2-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[1-SCTPLabelBug-good2-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-1]
+EnableClientSCTPLabelBug = Yes
+EnableServerSCTPLabelBug = Yes
+ExpectedResult = Success
+Method = DTLS
+UseSCTP = Yes
+
+
+# ===========================================================
+
+[2-SCTPLabelBug-bad1]
+ssl_conf = 2-SCTPLabelBug-bad1-ssl
+
+[2-SCTPLabelBug-bad1-ssl]
+server = 2-SCTPLabelBug-bad1-server
+client = 2-SCTPLabelBug-bad1-client
+
+[2-SCTPLabelBug-bad1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[2-SCTPLabelBug-bad1-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-2]
+EnableClientSCTPLabelBug = Yes
+EnableServerSCTPLabelBug = No
+ExpectedResult = ClientFail
+Method = DTLS
+UseSCTP = Yes
+
+
+# ===========================================================
+
+[3-SCTPLabelBug-bad2]
+ssl_conf = 3-SCTPLabelBug-bad2-ssl
+
+[3-SCTPLabelBug-bad2-ssl]
+server = 3-SCTPLabelBug-bad2-server
+client = 3-SCTPLabelBug-bad2-client
+
+[3-SCTPLabelBug-bad2-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[3-SCTPLabelBug-bad2-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-3]
+EnableClientSCTPLabelBug = No
+EnableServerSCTPLabelBug = Yes
+ExpectedResult = ClientFail
+Method = DTLS
+UseSCTP = Yes
diff --git a/deps/openssl/openssl/test/ssl-tests/29-dtls-sctp-label-bug.conf.in b/deps/openssl/openssl/test/ssl-tests/29-dtls-sctp-label-bug.conf.in
new file mode 100644
index 0000000000..97476999b8
--- /dev/null
+++ b/deps/openssl/openssl/test/ssl-tests/29-dtls-sctp-label-bug.conf.in
@@ -0,0 +1,67 @@
+# -*- mode: perl; -*-
+# Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+## Test SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG handling
+
+use strict;
+use warnings;
+
+package ssltests;
+use OpenSSL::Test::Utils;
+
+our @tests = (
+    {
+        name => "SCTPLabelBug-good1",
+        server => {},
+        client => {},
+        test => {
+            "Method" => "DTLS",
+            "UseSCTP" => "Yes",
+            "EnableClientSCTPLabelBug" => "No",
+            "EnableServerSCTPLabelBug" => "No",
+            "ExpectedResult" => "Success"
+        }
+    },
+    {
+        name => "SCTPLabelBug-good2",
+        server => {},
+        client => {},
+        test => {
+            "Method" => "DTLS",
+            "UseSCTP" => "Yes",
+            "EnableClientSCTPLabelBug" => "Yes",
+            "EnableServerSCTPLabelBug" => "Yes",
+            "ExpectedResult" => "Success"
+        }
+    },
+    {
+        name => "SCTPLabelBug-bad1",
+        server => {},
+        client => {},
+        test => {
+            "Method" => "DTLS",
+            "UseSCTP" => "Yes",
+            "EnableClientSCTPLabelBug" => "Yes",
+            "EnableServerSCTPLabelBug" => "No",
+            "ExpectedResult" => "ClientFail"
+        }
+    },
+    {
+        name => "SCTPLabelBug-bad2",
+        server => {},
+        client => {},
+        test => {
+            "Method" => "DTLS",
+            "UseSCTP" => "Yes",
+            "EnableClientSCTPLabelBug" => "No",
+            "EnableServerSCTPLabelBug" => "Yes",
+            "ExpectedResult" => "ClientFail"
+        }
+    },
+);
diff --git a/deps/openssl/openssl/test/ssl_test_ctx.c b/deps/openssl/openssl/test/ssl_test_ctx.c
index 753338530d..6cdced5a16 100644
--- a/deps/openssl/openssl/test/ssl_test_ctx.c
+++ b/deps/openssl/openssl/test/ssl_test_ctx.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -446,6 +446,8 @@ const char *ssl_ct_validation_name(ssl_ct_validation_t mode)
 IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, resumption_expected)
 IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_SERVER_CONF, server, broken_session_ticket)
 IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, use_sctp)
+IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, enable_client_sctp_label_bug)
+IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, enable_server_sctp_label_bug)
 
 /* CertStatus */
 
@@ -669,6 +671,8 @@ static const ssl_test_ctx_option ssl_test_ctx_options[] = {
     { "ExpectedClientSignType", &parse_expected_client_sign_type },
     { "ExpectedClientCANames", &parse_expected_client_ca_names },
     { "UseSCTP", &parse_test_use_sctp },
+    { "EnableClientSCTPLabelBug", &parse_test_enable_client_sctp_label_bug },
+    { "EnableServerSCTPLabelBug", &parse_test_enable_server_sctp_label_bug },
     { "ExpectedCipher", &parse_test_expected_cipher },
     { "ExpectedSessionTicketAppData", &parse_test_expected_session_ticket_app_data },
 };
diff --git a/deps/openssl/openssl/test/ssl_test_ctx.h b/deps/openssl/openssl/test/ssl_test_ctx.h
index 86d227d865..36d73f752c 100644
--- a/deps/openssl/openssl/test/ssl_test_ctx.h
+++ b/deps/openssl/openssl/test/ssl_test_ctx.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -214,6 +214,10 @@ typedef struct {
     STACK_OF(X509_NAME) *expected_client_ca_names;
     /* Whether to use SCTP for the transport */
     int use_sctp;
+    /* Enable SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG on client side */
+    int enable_client_sctp_label_bug;
+    /* Enable SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG on server side */
+    int enable_server_sctp_label_bug;
     /* Whether to expect a session id from the server */
     ssl_session_id_t session_id_expected;
     char *expected_cipher;
diff --git a/deps/openssl/openssl/test/sslapitest.c b/deps/openssl/openssl/test/sslapitest.c
index 108d57e478..2261fe4a7a 100644
--- a/deps/openssl/openssl/test/sslapitest.c
+++ b/deps/openssl/openssl/test/sslapitest.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -4028,20 +4028,25 @@ static int test_serverinfo(int tst)
  * no test vectors so all we do is test that both sides of the communication
  * produce the same results for different protocol versions.
  */
+#define SMALL_LABEL_LEN 10
+#define LONG_LABEL_LEN  249
 static int test_export_key_mat(int tst)
 {
     int testresult = 0;
     SSL_CTX *cctx = NULL, *sctx = NULL, *sctx2 = NULL;
     SSL *clientssl = NULL, *serverssl = NULL;
-    const char label[] = "test label";
+    const char label[LONG_LABEL_LEN + 1] = "test label";
     const unsigned char context[] = "context";
     const unsigned char *emptycontext = NULL;
     unsigned char ckeymat1[80], ckeymat2[80], ckeymat3[80];
     unsigned char skeymat1[80], skeymat2[80], skeymat3[80];
+    size_t labellen;
     const int protocols[] = {
         TLS1_VERSION,
         TLS1_1_VERSION,
         TLS1_2_VERSION,
+        TLS1_3_VERSION,
+        TLS1_3_VERSION,
         TLS1_3_VERSION
     };
 
@@ -4058,7 +4063,7 @@ static int test_export_key_mat(int tst)
         return 1;
 #endif
 #ifdef OPENSSL_NO_TLS1_3
-    if (tst == 3)
+    if (tst >= 3)
         return 1;
 #endif
     if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
@@ -4076,33 +4081,52 @@ static int test_export_key_mat(int tst)
                                                 SSL_ERROR_NONE)))
         goto end;
 
+    if (tst == 5) {
+        /*
+         * TLSv1.3 imposes a maximum label len of 249 bytes. Check we fail if we
+         * go over that.
+         */
+        if (!TEST_int_le(SSL_export_keying_material(clientssl, ckeymat1,
+                                                    sizeof(ckeymat1), label,
+                                                    LONG_LABEL_LEN + 1, context,
+                                                    sizeof(context) - 1, 1), 0))
+            goto end;
+
+        testresult = 1;
+        goto end;
+    } else if (tst == 4) {
+        labellen = LONG_LABEL_LEN;
+    } else {
+        labellen = SMALL_LABEL_LEN;
+    }
+
     if (!TEST_int_eq(SSL_export_keying_material(clientssl, ckeymat1,
                                                 sizeof(ckeymat1), label,
-                                                sizeof(label) - 1, context,
+                                                labellen, context,
                                                 sizeof(context) - 1, 1), 1)
             || !TEST_int_eq(SSL_export_keying_material(clientssl, ckeymat2,
                                                        sizeof(ckeymat2), label,
-                                                       sizeof(label) - 1,
+                                                       labellen,
                                                        emptycontext,
                                                        0, 1), 1)
             || !TEST_int_eq(SSL_export_keying_material(clientssl, ckeymat3,
                                                        sizeof(ckeymat3), label,
-                                                       sizeof(label) - 1,
+                                                       labellen,
                                                        NULL, 0, 0), 1)
             || !TEST_int_eq(SSL_export_keying_material(serverssl, skeymat1,
                                                        sizeof(skeymat1), label,
-                                                       sizeof(label) - 1,
+                                                       labellen,
                                                        context,
                                                        sizeof(context) -1, 1),
                             1)
             || !TEST_int_eq(SSL_export_keying_material(serverssl, skeymat2,
                                                        sizeof(skeymat2), label,
-                                                       sizeof(label) - 1,
+                                                       labellen,
                                                        emptycontext,
                                                        0, 1), 1)
             || !TEST_int_eq(SSL_export_keying_material(serverssl, skeymat3,
                                                        sizeof(skeymat3), label,
-                                                       sizeof(label) - 1,
+                                                       labellen,
                                                        NULL, 0, 0), 1)
                /*
                 * Check that both sides created the same key material with the
@@ -4131,10 +4155,10 @@ static int test_export_key_mat(int tst)
      * Check that an empty context and no context produce different results in
      * protocols less than TLSv1.3. In TLSv1.3 they should be the same.
      */
-    if ((tst != 3 && !TEST_mem_ne(ckeymat2, sizeof(ckeymat2), ckeymat3,
+    if ((tst < 3 && !TEST_mem_ne(ckeymat2, sizeof(ckeymat2), ckeymat3,
                                   sizeof(ckeymat3)))
-            || (tst ==3 && !TEST_mem_eq(ckeymat2, sizeof(ckeymat2), ckeymat3,
-                                        sizeof(ckeymat3))))
+            || (tst >= 3 && !TEST_mem_eq(ckeymat2, sizeof(ckeymat2), ckeymat3,
+                                         sizeof(ckeymat3))))
         goto end;
 
     testresult = 1;
@@ -4226,6 +4250,58 @@ static int test_export_key_mat_early(int idx)
 
     return testresult;
 }
+
+#define NUM_KEY_UPDATE_MESSAGES 40
+/*
+ * Test KeyUpdate.
+ */
+static int test_key_update(void)
+{
+    SSL_CTX *cctx = NULL, *sctx = NULL;
+    SSL *clientssl = NULL, *serverssl = NULL;
+    int testresult = 0, i, j;
+    char buf[20];
+    static char *mess = "A test message";
+
+    if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
+                                       TLS_client_method(),
+                                       TLS1_3_VERSION,
+                                       0,
+                                       &sctx, &cctx, cert, privkey))
+            || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+                                             NULL, NULL))
+            || !TEST_true(create_ssl_connection(serverssl, clientssl,
+                                                SSL_ERROR_NONE)))
+        goto end;
+
+    for (j = 0; j < 2; j++) {
+        /* Send lots of KeyUpdate messages */
+        for (i = 0; i < NUM_KEY_UPDATE_MESSAGES; i++) {
+            if (!TEST_true(SSL_key_update(clientssl,
+                                          (j == 0)
+                                          ? SSL_KEY_UPDATE_NOT_REQUESTED
+                                          : SSL_KEY_UPDATE_REQUESTED))
+                    || !TEST_true(SSL_do_handshake(clientssl)))
+                goto end;
+        }
+
+        /* Check that sending and receiving app data is ok */
+        if (!TEST_int_eq(SSL_write(clientssl, mess, strlen(mess)), strlen(mess))
+                || !TEST_int_eq(SSL_read(serverssl, buf, sizeof(buf)),
+                                         strlen(mess)))
+            goto end;
+    }
+
+    testresult = 1;
+
+ end:
+    SSL_free(serverssl);
+    SSL_free(clientssl);
+    SSL_CTX_free(sctx);
+    SSL_CTX_free(cctx);
+
+    return testresult;
+}
 #endif /* OPENSSL_NO_TLS1_3 */
 
 static int test_ssl_clear(int idx)
@@ -4710,18 +4786,14 @@ static struct info_cb_states_st {
         {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWEE"}, {SSL_CB_LOOP, "TWSC"},
         {SSL_CB_LOOP, "TRSCV"}, {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_LOOP, "TED"},
         {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TED"}, {SSL_CB_LOOP, "TRFIN"},
-        {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_HANDSHAKE_START, NULL},
-        {SSL_CB_LOOP, "TWST"}, {SSL_CB_HANDSHAKE_DONE, NULL},
-        {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "TWST"},
-        {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL},
-        {SSL_CB_ALERT, NULL}, {SSL_CB_HANDSHAKE_START, NULL},
-        {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"},
-        {SSL_CB_LOOP, "TWSH"}, {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWEE"},
-        {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_LOOP, "TED"}, {SSL_CB_EXIT, NULL},
-        {SSL_CB_LOOP, "TED"}, {SSL_CB_LOOP, "TRFIN"},
-        {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_HANDSHAKE_START, NULL},
-        {SSL_CB_LOOP, "TWST"}, {SSL_CB_HANDSHAKE_DONE, NULL},
-        {SSL_CB_EXIT, NULL}, {0, NULL},
+        {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_LOOP, "TWST"},
+        {SSL_CB_LOOP, "TWST"}, {SSL_CB_EXIT, NULL}, {SSL_CB_ALERT, NULL},
+        {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "},
+        {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"},
+        {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWEE"}, {SSL_CB_LOOP, "TWFIN"},
+        {SSL_CB_LOOP, "TED"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TED"},
+        {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL},
+        {SSL_CB_LOOP, "TWST"}, {SSL_CB_EXIT, NULL}, {0, NULL},
     }, {
         /* TLSv1.3 client followed by resumption */
         {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "},
@@ -4729,20 +4801,16 @@ static struct info_cb_states_st {
         {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TREE"}, {SSL_CB_LOOP, "TRSC"},
         {SSL_CB_LOOP, "TRSCV"}, {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TWCCS"},
         {SSL_CB_LOOP, "TWFIN"},  {SSL_CB_HANDSHAKE_DONE, NULL},
-        {SSL_CB_EXIT, NULL}, {SSL_CB_HANDSHAKE_START, NULL},
-        {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "TRST"},
-        {SSL_CB_HANDSHAKE_DONE, NULL},  {SSL_CB_EXIT, NULL},
-        {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "SSLOK "},
-        {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "TRST"},
-        {SSL_CB_HANDSHAKE_DONE, NULL},  {SSL_CB_EXIT, NULL},
+        {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "SSLOK "},
+        {SSL_CB_LOOP, "TRST"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "SSLOK "},
+        {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "TRST"}, {SSL_CB_EXIT, NULL},
         {SSL_CB_ALERT, NULL}, {SSL_CB_HANDSHAKE_START, NULL},
         {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL},
         {SSL_CB_LOOP, "TWCH"}, {SSL_CB_LOOP, "TRSH"},  {SSL_CB_LOOP, "TREE"},
         {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWFIN"},
         {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL},
-        {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "SSLOK "},
-        {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "TRST"},
-        {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, {0, NULL},
+        {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "TRST"},
+        {SSL_CB_EXIT, NULL}, {0, NULL},
     }, {
         /* TLSv1.3 server, early_data */
         {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "},
@@ -4751,8 +4819,7 @@ static struct info_cb_states_st {
         {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL},
         {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "TED"},
         {SSL_CB_LOOP, "TED"}, {SSL_CB_LOOP, "TWEOED"}, {SSL_CB_LOOP, "TRFIN"},
-        {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_HANDSHAKE_START, NULL},
-        {SSL_CB_LOOP, "TWST"}, {SSL_CB_HANDSHAKE_DONE, NULL},
+        {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_LOOP, "TWST"},
         {SSL_CB_EXIT, NULL}, {0, NULL},
     }, {
         /* TLSv1.3 client, early_data */
@@ -4763,9 +4830,8 @@ static struct info_cb_states_st {
         {SSL_CB_LOOP, "TED"}, {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TREE"},
         {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TPEDE"}, {SSL_CB_LOOP, "TWEOED"},
         {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL},
-        {SSL_CB_EXIT, NULL}, {SSL_CB_HANDSHAKE_START, NULL},
-        {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "TRST"},
-        {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, {0, NULL},
+        {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "SSLOK "},
+        {SSL_CB_LOOP, "TRST"}, {SSL_CB_EXIT, NULL}, {0, NULL},
     }, {
         {0, NULL},
     }
@@ -4804,8 +4870,11 @@ static void sslapi_info_callback(const SSL *s, int where, int ret)
         return;
     }
 
-    /* Check that, if we've got SSL_CB_HANDSHAKE_DONE we are not in init */
-    if ((where & SSL_CB_HANDSHAKE_DONE) && SSL_in_init((SSL *)s) != 0) {
+    /*
+     * Check that, if we've got SSL_CB_HANDSHAKE_DONE we are not in init
+     */
+    if ((where & SSL_CB_HANDSHAKE_DONE)
+            && SSL_in_init((SSL *)s) != 0) {
         info_cb_failed = 1;
         return;
     }
@@ -5384,7 +5453,7 @@ static int test_shutdown(int tst)
 
     if (tst == 3) {
         if (!TEST_true(create_bare_ssl_connection(serverssl, clientssl,
-                                                  SSL_ERROR_NONE))
+                                                  SSL_ERROR_NONE, 1))
                 || !TEST_ptr_ne(sess = SSL_get_session(clientssl), NULL)
                 || !TEST_false(SSL_SESSION_is_resumable(sess)))
             goto end;
@@ -5909,9 +5978,10 @@ int setup_tests(void)
     ADD_ALL_TESTS(test_custom_exts, 3);
 #endif
     ADD_ALL_TESTS(test_serverinfo, 8);
-    ADD_ALL_TESTS(test_export_key_mat, 4);
+    ADD_ALL_TESTS(test_export_key_mat, 6);
 #ifndef OPENSSL_NO_TLS1_3
     ADD_ALL_TESTS(test_export_key_mat_early, 3);
+    ADD_TEST(test_key_update);
 #endif
     ADD_ALL_TESTS(test_ssl_clear, 2);
     ADD_ALL_TESTS(test_max_fragment_len_ext, OSSL_NELEM(max_fragment_len_test));
diff --git a/deps/openssl/openssl/test/ssltest_old.c b/deps/openssl/openssl/test/ssltest_old.c
index 92970776fd..36e6031f3a 100644
--- a/deps/openssl/openssl/test/ssltest_old.c
+++ b/deps/openssl/openssl/test/ssltest_old.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -1382,11 +1382,52 @@ int main(int argc, char *argv[])
         goto end;
 
     if (cipher != NULL) {
-        if (!SSL_CTX_set_cipher_list(c_ctx, cipher)
-            || !SSL_CTX_set_cipher_list(s_ctx, cipher)
-            || !SSL_CTX_set_cipher_list(s_ctx2, cipher)) {
-            ERR_print_errors(bio_err);
-            goto end;
+        if (strcmp(cipher, "") == 0) {
+            if (!SSL_CTX_set_cipher_list(c_ctx, cipher)) {
+                if (ERR_GET_REASON(ERR_peek_error()) == SSL_R_NO_CIPHER_MATCH) {
+                    ERR_clear_error();
+                } else {
+                    ERR_print_errors(bio_err);
+                    goto end;
+                }
+            } else {
+                /* Should have failed when clearing all TLSv1.2 ciphers. */
+                fprintf(stderr, "CLEARING ALL TLSv1.2 CIPHERS SHOULD FAIL\n");
+                goto end;
+            }
+
+            if (!SSL_CTX_set_cipher_list(s_ctx, cipher)) {
+                if (ERR_GET_REASON(ERR_peek_error()) == SSL_R_NO_CIPHER_MATCH) {
+                    ERR_clear_error();
+                } else {
+                    ERR_print_errors(bio_err);
+                    goto end;
+                }
+            } else {
+                /* Should have failed when clearing all TLSv1.2 ciphers. */
+                fprintf(stderr, "CLEARING ALL TLSv1.2 CIPHERS SHOULD FAIL\n");
+                goto end;
+            }
+
+            if (!SSL_CTX_set_cipher_list(s_ctx2, cipher)) {
+                if (ERR_GET_REASON(ERR_peek_error()) == SSL_R_NO_CIPHER_MATCH) {
+                    ERR_clear_error();
+                } else {
+                    ERR_print_errors(bio_err);
+                    goto end;
+                }
+            } else {
+                /* Should have failed when clearing all TLSv1.2 ciphers. */
+                fprintf(stderr, "CLEARING ALL TLSv1.2 CIPHERS SHOULD FAIL\n");
+                goto end;
+            }
+        } else {
+            if (!SSL_CTX_set_cipher_list(c_ctx, cipher)
+                    || !SSL_CTX_set_cipher_list(s_ctx, cipher)
+                    || !SSL_CTX_set_cipher_list(s_ctx2, cipher)) {
+                ERR_print_errors(bio_err);
+                goto end;
+            }
         }
     }
     if (ciphersuites != NULL) {
diff --git a/deps/openssl/openssl/test/ssltestlib.c b/deps/openssl/openssl/test/ssltestlib.c
index eafac3cc42..05139be750 100644
--- a/deps/openssl/openssl/test/ssltestlib.c
+++ b/deps/openssl/openssl/test/ssltestlib.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -17,18 +17,28 @@
 #ifdef OPENSSL_SYS_UNIX
 # include <unistd.h>
 
-static ossl_inline void ossl_sleep(unsigned int millis) {
+static ossl_inline void ossl_sleep(unsigned int millis)
+{
+# ifdef OPENSSL_SYS_VXWORKS
+    struct timespec ts;
+    ts.tv_sec = (long int) (millis / 1000);
+    ts.tv_nsec = (long int) (millis % 1000) * 1000000ul;
+    nanosleep(&ts, NULL);
+# else
     usleep(millis * 1000);
+# endif
 }
 #elif defined(_WIN32)
 # include <windows.h>
 
-static ossl_inline void ossl_sleep(unsigned int millis) {
+static ossl_inline void ossl_sleep(unsigned int millis)
+{
     Sleep(millis);
 }
 #else
 /* Fallback to a busy wait */
-static ossl_inline void ossl_sleep(unsigned int millis) {
+static ossl_inline void ossl_sleep(unsigned int millis)
+{
     struct timeval start, now;
     unsigned int elapsedms;
 
@@ -428,7 +438,7 @@ int mempacket_test_inject(BIO *bio, const char *in, int inl, int pktnum,
 {
     MEMPACKET_TEST_CTX *ctx = BIO_get_data(bio);
     MEMPACKET *thispkt = NULL, *looppkt, *nextpkt, *allpkts[3];
-    int i, duprec = ctx->duprec > 0;
+    int i, duprec;
     const unsigned char *inu = (const unsigned char *)in;
     size_t len = ((inu[RECORD_LEN_HI] << 8) | inu[RECORD_LEN_LO])
                  + DTLS1_RT_HEADER_LENGTH;
@@ -441,6 +451,8 @@ int mempacket_test_inject(BIO *bio, const char *in, int inl, int pktnum,
 
     if ((size_t)inl == len)
         duprec = 0;
+    else
+        duprec = ctx->duprec > 0;
 
     /* We don't support arbitrary injection when duplicating records */
     if (duprec && pktnum != -1)
@@ -717,8 +729,12 @@ int create_ssl_objects(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl,
 /*
  * Create an SSL connection, but does not ready any post-handshake
  * NewSessionTicket messages.
+ * If |read| is set and we're using DTLS then we will attempt to SSL_read on
+ * the connection once we've completed one half of it, to ensure any retransmits
+ * get triggered.
  */
-int create_bare_ssl_connection(SSL *serverssl, SSL *clientssl, int want)
+int create_bare_ssl_connection(SSL *serverssl, SSL *clientssl, int want,
+                               int read)
 {
     int retc = -1, rets = -1, err, abortctr = 0;
     int clienterr = 0, servererr = 0;
@@ -756,11 +772,24 @@ int create_bare_ssl_connection(SSL *serverssl, SSL *clientssl, int want)
             return 0;
         if (clienterr && servererr)
             return 0;
-        if (isdtls) {
-            if (rets > 0 && retc <= 0)
-                DTLSv1_handle_timeout(serverssl);
-            if (retc > 0 && rets <= 0)
-                DTLSv1_handle_timeout(clientssl);
+        if (isdtls && read) {
+            unsigned char buf[20];
+
+            /* Trigger any retransmits that may be appropriate */
+            if (rets > 0 && retc <= 0) {
+                if (SSL_read(serverssl, buf, sizeof(buf)) > 0) {
+                    /* We don't expect this to succeed! */
+                    TEST_info("Unexpected SSL_read() success!");
+                    return 0;
+                }
+            }
+            if (retc > 0 && rets <= 0) {
+                if (SSL_read(clientssl, buf, sizeof(buf)) > 0) {
+                    /* We don't expect this to succeed! */
+                    TEST_info("Unexpected SSL_read() success!");
+                    return 0;
+                }
+            }
         }
         if (++abortctr == MAXLOOPS) {
             TEST_info("No progress made");
@@ -789,7 +818,7 @@ int create_ssl_connection(SSL *serverssl, SSL *clientssl, int want)
     unsigned char buf;
     size_t readbytes;
 
-    if (!create_bare_ssl_connection(serverssl, clientssl, want))
+    if (!create_bare_ssl_connection(serverssl, clientssl, want, 1))
         return 0;
 
     /*
diff --git a/deps/openssl/openssl/test/ssltestlib.h b/deps/openssl/openssl/test/ssltestlib.h
index 27b040c3cf..fa19e7d80d 100644
--- a/deps/openssl/openssl/test/ssltestlib.h
+++ b/deps/openssl/openssl/test/ssltestlib.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -18,7 +18,8 @@ int create_ssl_ctx_pair(const SSL_METHOD *sm, const SSL_METHOD *cm,
                         char *privkeyfile);
 int create_ssl_objects(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl,
                        SSL **cssl, BIO *s_to_c_fbio, BIO *c_to_s_fbio);
-int create_bare_ssl_connection(SSL *serverssl, SSL *clientssl, int want);
+int create_bare_ssl_connection(SSL *serverssl, SSL *clientssl, int want,
+                               int read);
 int create_ssl_connection(SSL *serverssl, SSL *clientssl, int want);
 void shutdown_ssl_connection(SSL *serverssl, SSL *clientssl);
 
diff --git a/deps/openssl/openssl/test/testutil/main.c b/deps/openssl/openssl/test/testutil/main.c
index 6781a5245a..d3ccdda391 100644
--- a/deps/openssl/openssl/test/testutil/main.c
+++ b/deps/openssl/openssl/test/testutil/main.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -54,7 +54,7 @@ int main(int argc, char *argv[])
 
     ret = pulldown_test_framework(ret);
     test_close_streams();
-    return ret;    
+    return ret;
 }
 
 const char *test_get_program_name(void)
diff --git a/deps/openssl/openssl/test/x509aux.c b/deps/openssl/openssl/test/x509aux.c
index c8bef0094d..e41f1f6809 100644
--- a/deps/openssl/openssl/test/x509aux.c
+++ b/deps/openssl/openssl/test/x509aux.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL licenses, (the "License");
  * you may not use this file except in compliance with the License.
@@ -30,6 +30,7 @@ static int test_certs(int num)
     typedef int (*i2d_X509_t)(X509 *, unsigned char **);
     int err = 0;
     BIO *fp = BIO_new_file(test_get_argument(num), "r");
+    X509 *reuse = NULL;
 
     if (!TEST_ptr(fp))
         return 0;
@@ -91,6 +92,13 @@ static int test_certs(int num)
             err = 1;
             goto next;
         }
+        p = buf;
+        reuse = d2i(&reuse, &p, enclen);
+        if (reuse == NULL || X509_cmp (reuse, cert)) {
+            TEST_error("X509_cmp does not work with %s", name);
+            err = 1;
+            goto next;
+        }
         OPENSSL_free(buf);
         buf = NULL;
 
@@ -139,6 +147,7 @@ static int test_certs(int num)
         OPENSSL_free(data);
     }
     BIO_free(fp);
+    X509_free(reuse);
 
     if (ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE) {
         /* Reached end of PEM file */
diff --git a/deps/openssl/openssl/util/indent.pro b/deps/openssl/openssl/util/indent.pro
index 443bddb1cc..3d3f747bf8 100644
--- a/deps/openssl/openssl/util/indent.pro
+++ b/deps/openssl/openssl/util/indent.pro
@@ -26,7 +26,7 @@
 -nprs
 -npsl
 -nsc
--ppi1 
+-ppi1
 -saf
 -sai
 -saw
diff --git a/deps/openssl/openssl/util/libcrypto.num b/deps/openssl/openssl/util/libcrypto.num
index bad3a3814e..32c64cb2c7 100644
--- a/deps/openssl/openssl/util/libcrypto.num
+++ b/deps/openssl/openssl/util/libcrypto.num
@@ -4577,3 +4577,5 @@ OCSP_resp_get0_respdata                 4530	1_1_0j	EXIST::FUNCTION:OCSP
 EVP_MD_CTX_set_pkey_ctx                 4531	1_1_1	EXIST::FUNCTION:
 EVP_PKEY_meth_set_digest_custom         4532	1_1_1	EXIST::FUNCTION:
 EVP_PKEY_meth_get_digest_custom         4533	1_1_1	EXIST::FUNCTION:
+OPENSSL_INIT_set_config_filename        4534	1_1_1b	EXIST::FUNCTION:STDIO
+OPENSSL_INIT_set_config_file_flags      4535	1_1_1b	EXIST::FUNCTION:STDIO
diff --git a/deps/openssl/openssl/util/local_shlib.com.in b/deps/openssl/openssl/util/local_shlib.com.in
index e49aa15c77..a381872537 100644
--- a/deps/openssl/openssl/util/local_shlib.com.in
+++ b/deps/openssl/openssl/util/local_shlib.com.in
@@ -16,7 +16,7 @@ $
 $       NAMES := {- join(",", keys %names); -}
 {-
   join("\n", map { "\$       __$_ = \"".$names{$_}."\"" } keys %names);
--}      
+-}
 $       I = 0
 $       LOOP:
 $           E = F$ELEMENT(I,",",NAMES)
diff --git a/deps/openssl/openssl/util/openssl-format-source b/deps/openssl/openssl/util/openssl-format-source
index 2655e9c400..3d344b5f78 100755
--- a/deps/openssl/openssl/util/openssl-format-source
+++ b/deps/openssl/openssl/util/openssl-format-source
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -8,18 +8,18 @@
 # https://www.openssl.org/source/license.html
 
 #
-# openssl-format-source 
+# openssl-format-source
 # - format source tree according to OpenSSL coding style using indent
 #
 # usage:
 #   openssl-format-source [-v] [-n] [file|directory] ...
 #
 # note: the indent options assume GNU indent v2.2.10 which was released
-#       Feb-2009 so if you have an older indent the options may not 
+#       Feb-2009 so if you have an older indent the options may not
 #	match what is expected
 #
 # any marked block comment blocks have to be moved to align manually after
-# the reformatting has been completed as marking a block causes indent to 
+# the reformatting has been completed as marking a block causes indent to
 # not move it at all ...
 #
 
@@ -55,17 +55,17 @@ fi
 
 # Extra arguments; for adding the comment-formatting
 INDENT_ARGS=""
-for i 
+for i
 do
   if [ "$STOPARGS" != "true" ]; then
     case $i in
       --) STOPARGS="true"; continue;;
       -n) DONT="true"; continue;;
-      -v) VERBOSE="true"; 
+      -v) VERBOSE="true";
 	  echo "INDENT_PROFILE=$INDENT_PROFILE";
 	  continue;;
-      -c) COMMENTS="true"; 
-      	  INDENT_ARGS="-fc1 -fca -cdb -sc"; 
+      -c) COMMENTS="true";
+	  INDENT_ARGS="-fc1 -fca -cdb -sc";
 	  continue;;
       -nc) COMMENTS="true";
 	  continue;;
@@ -76,14 +76,14 @@ do
 
   if [ -d "$i" ]; then
     LIST=`find "$i" -name '*.[ch]' -print`
-  else 
+  else
     if [ ! -f "$i" ]; then
       echo "$0: source file not found: $i" >&2
       exit 1
     fi
     LIST="$i"
   fi
-  
+
   for j in $LIST
   do
     # ignore symlinks - we only ever process the base file - so if we
@@ -98,7 +98,7 @@ do
       tmp=$(mktemp /tmp/indent.XXXXXX)
       trap 'rm -f "$tmp"' HUP INT TERM EXIT
 
-      case `basename $j` in 
+      case `basename $j` in
 	# the list of files that indent is unable to handle correctly
 	# that we simply leave alone for manual formatting now
 	obj_dat.h|aes_core.c|aes_x86core.c|ecp_nistz256.c)
@@ -108,11 +108,11 @@ do
 	  if [ "$COMMENTS" = "true" ]; then
 	    # we have to mark single line comments as /*- ...*/ to stop indent
 	    # messing with them, run expand then indent as usual but with the
-	    # the process-comments options and then undo that marking, and then 
+	    # the process-comments options and then undo that marking, and then
 	    # finally re-run indent without process-comments so the marked-to-
-	    # be-ignored comments we did automatically end up getting moved 
-	    # into the right position within the code as indent leaves marked 
-	    # comments entirely untouched - we appear to have no way to avoid 
+	    # be-ignored comments we did automatically end up getting moved
+	    # into the right position within the code as indent leaves marked
+	    # comments entirely untouched - we appear to have no way to avoid
 	    # the double processing and get the desired output
 	    cat "$j" | \
 	    expand | \
diff --git a/deps/openssl/openssl/util/perl/TLSProxy/Alert.pm b/deps/openssl/openssl/util/perl/TLSProxy/Alert.pm
index e66883d459..e27497dbde 100644
--- a/deps/openssl/openssl/util/perl/TLSProxy/Alert.pm
+++ b/deps/openssl/openssl/util/perl/TLSProxy/Alert.pm
@@ -1,4 +1,4 @@
-# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -16,7 +16,7 @@ sub new
         $encrypted,
         $level,
         $description) = @_;
-    
+
     my $self = {
         server => $server,
         encrypted => $encrypted,
diff --git a/deps/openssl/openssl/util/perl/TLSProxy/Certificate.pm b/deps/openssl/openssl/util/perl/TLSProxy/Certificate.pm
index d3bf7f2180..73737137b1 100644
--- a/deps/openssl/openssl/util/perl/TLSProxy/Certificate.pm
+++ b/deps/openssl/openssl/util/perl/TLSProxy/Certificate.pm
@@ -1,4 +1,4 @@
-# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -138,11 +138,6 @@ sub set_message_contents
             $extensions .= pack("n", $key);
             $extensions .= pack("n", length($extdata));
             $extensions .= $extdata;
-            if ($key == TLSProxy::Message::EXT_DUPLICATE_EXTENSION) {
-              $extensions .= pack("n", $key);
-              $extensions .= pack("n", length($extdata));
-              $extensions .= $extdata;
-            }
         }
         $data = pack('C', length($self->context()));
         $data .= $self->context;
diff --git a/deps/openssl/openssl/util/perl/TLSProxy/ClientHello.pm b/deps/openssl/openssl/util/perl/TLSProxy/ClientHello.pm
index 2ae9d6f55d..76dce740ae 100644
--- a/deps/openssl/openssl/util/perl/TLSProxy/ClientHello.pm
+++ b/deps/openssl/openssl/util/perl/TLSProxy/ClientHello.pm
@@ -1,4 +1,4 @@
-# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -124,11 +124,6 @@ sub extension_contents
     $extension .= pack("n", $key);
     $extension .= pack("n", length($extdata));
     $extension .= $extdata;
-    if ($key == TLSProxy::Message::EXT_DUPLICATE_EXTENSION) {
-        $extension .= pack("n", $key);
-        $extension .= pack("n", length($extdata));
-        $extension .= $extdata;
-    }
     return $extension;
 }
 
@@ -151,6 +146,8 @@ sub set_message_contents
     foreach my $key (keys %{$self->extension_data}) {
         next if ($key == TLSProxy::Message::EXT_PSK);
         $extensions .= $self->extension_contents($key);
+        #Add extension twice if we are duplicating that extension
+        $extensions .= $self->extension_contents($key) if ($key == $self->dupext);
     }
     #PSK extension always goes last...
     if (defined ${$self->extension_data}{TLSProxy::Message::EXT_PSK}) {
diff --git a/deps/openssl/openssl/util/perl/TLSProxy/EncryptedExtensions.pm b/deps/openssl/openssl/util/perl/TLSProxy/EncryptedExtensions.pm
index 81242e29ff..262b720cf6 100644
--- a/deps/openssl/openssl/util/perl/TLSProxy/EncryptedExtensions.pm
+++ b/deps/openssl/openssl/util/perl/TLSProxy/EncryptedExtensions.pm
@@ -1,4 +1,4 @@
-# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -81,11 +81,6 @@ sub set_message_contents
         $extensions .= pack("n", $key);
         $extensions .= pack("n", length($extdata));
         $extensions .= $extdata;
-        if ($key == TLSProxy::Message::EXT_DUPLICATE_EXTENSION) {
-            $extensions .= pack("n", $key);
-            $extensions .= pack("n", length($extdata));
-            $extensions .= $extdata;
-        }
     }
 
     $data = pack('n', length($extensions));
diff --git a/deps/openssl/openssl/util/perl/TLSProxy/Message.pm b/deps/openssl/openssl/util/perl/TLSProxy/Message.pm
index 16ed012066..5682ae3e15 100644
--- a/deps/openssl/openssl/util/perl/TLSProxy/Message.pm
+++ b/deps/openssl/openssl/util/perl/TLSProxy/Message.pm
@@ -1,4 +1,4 @@
-# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -86,10 +86,7 @@ use constant {
     EXT_SIG_ALGS_CERT => 50,
     EXT_RENEGOTIATE => 65281,
     EXT_NPN => 13172,
-    # This extension is an unofficial extension only ever written by OpenSSL
-    # (i.e. not read), and even then only when enabled. We use it to test
-    # handling of duplicate extensions.
-    EXT_DUPLICATE_EXTENSION => 0xfde8,
+    EXT_CRYPTOPRO_BUG_EXTENSION => 0xfde8,
     EXT_UNKNOWN => 0xfffe,
     #Unknown extension that should appear last
     EXT_FORCE_LAST => 0xffff
@@ -241,7 +238,7 @@ sub get_messages
                 $startoffset = $recoffset;
                 $recoffset += 4;
                 $payload = "";
-                
+
                 if ($recoffset <= $record->decrypt_len) {
                     #Some payload data is present in this record
                     if ($record->decrypt_len - $recoffset >= $messlen) {
@@ -413,14 +410,15 @@ sub new
         $records,
         $startoffset,
         $message_frag_lens) = @_;
-    
+
     my $self = {
         server => $server,
         data => $data,
         records => $records,
         mt => $mt,
         startoffset => $startoffset,
-        message_frag_lens => $message_frag_lens
+        message_frag_lens => $message_frag_lens,
+        dupext => -1
     };
 
     return bless $self, $class;
@@ -575,6 +573,14 @@ sub encoded_length
     my $self = shift;
     return TLS_MESSAGE_HEADER_LENGTH + length($self->data);
 }
+sub dupext
+{
+    my $self = shift;
+    if (@_) {
+        $self->{dupext} = shift;
+    }
+    return $self->{dupext};
+}
 sub successondata
 {
     my $class = shift;
diff --git a/deps/openssl/openssl/util/perl/TLSProxy/Proxy.pm b/deps/openssl/openssl/util/perl/TLSProxy/Proxy.pm
index 8c13520ec6..f7bca02e58 100644
--- a/deps/openssl/openssl/util/perl/TLSProxy/Proxy.pm
+++ b/deps/openssl/openssl/util/perl/TLSProxy/Proxy.pm
@@ -1,4 +1,4 @@
-# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -44,7 +44,7 @@ BEGIN
         $s->close();
     };
     if ($@ eq "") {
-        $IP_factory = sub { IO::Socket::INET6->new(@_); };
+        $IP_factory = sub { IO::Socket::INET6->new(Domain => AF_INET6, @_); };
         $have_IPv6 = 1;
     } else {
         eval {
diff --git a/deps/openssl/openssl/util/perl/TLSProxy/Record.pm b/deps/openssl/openssl/util/perl/TLSProxy/Record.pm
index 0a280cb269..841467b8e0 100644
--- a/deps/openssl/openssl/util/perl/TLSProxy/Record.pm
+++ b/deps/openssl/openssl/util/perl/TLSProxy/Record.pm
@@ -1,4 +1,4 @@
-# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -173,7 +173,7 @@ sub new
         $decrypt_len,
         $data,
         $decrypt_data) = @_;
-    
+
     my $self = {
         flight => $flight,
         content_type => $content_type,
diff --git a/deps/openssl/openssl/util/perl/TLSProxy/ServerHello.pm b/deps/openssl/openssl/util/perl/TLSProxy/ServerHello.pm
index 84f2faab05..e9f1eca193 100644
--- a/deps/openssl/openssl/util/perl/TLSProxy/ServerHello.pm
+++ b/deps/openssl/openssl/util/perl/TLSProxy/ServerHello.pm
@@ -1,4 +1,4 @@
-# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -25,7 +25,7 @@ sub new
         $records,
         $startoffset,
         $message_frag_lens) = @_;
-    
+
     my $self = $class->SUPER::new(
         $server,
         TLSProxy::Message::MT_SERVER_HELLO,
@@ -78,7 +78,7 @@ sub parse
     my $extension_data;
     if ($extensions_len != 0) {
         $extension_data = substr($self->data, $ptr);
-    
+
         if (length($extension_data) != $extensions_len) {
             die "Invalid extension length\n";
         }
@@ -154,7 +154,7 @@ sub set_message_contents
         $extensions .= pack("n", $key);
         $extensions .= pack("n", length($extdata));
         $extensions .= $extdata;
-        if ($key == TLSProxy::Message::EXT_DUPLICATE_EXTENSION) {
+        if ($key == $self->dupext) {
           $extensions .= pack("n", $key);
           $extensions .= pack("n", length($extdata));
           $extensions .= $extdata;
diff --git a/deps/openssl/openssl/util/perl/TLSProxy/ServerKeyExchange.pm b/deps/openssl/openssl/util/perl/TLSProxy/ServerKeyExchange.pm
index cb4cc7c762..e0086e2bef 100644
--- a/deps/openssl/openssl/util/perl/TLSProxy/ServerKeyExchange.pm
+++ b/deps/openssl/openssl/util/perl/TLSProxy/ServerKeyExchange.pm
@@ -1,4 +1,4 @@
-# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -20,7 +20,7 @@ sub new
         $records,
         $startoffset,
         $message_frag_lens) = @_;
-    
+
     my $self = $class->SUPER::new(
         $server,
         TLSProxy::Message::MT_SERVER_KEY_EXCHANGE,