793 files changed, 69583 insertions, 24959 deletions

diff --git a/deps/openssl/openssl/crypto/LPdir_nyi.c b/deps/openssl/openssl/crypto/LPdir_nyi.c
index 049044c4ca..b02449f7c0 100644
--- a/deps/openssl/openssl/crypto/LPdir_nyi.c
+++ b/deps/openssl/openssl/crypto/LPdir_nyi.c
@@ -8,6 +8,9 @@
  */
 
 /*
+ * This file is dual-licensed and is also available under the following
+ * terms:
+ *
  * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
  * All rights reserved.
  *
diff --git a/deps/openssl/openssl/crypto/LPdir_unix.c b/deps/openssl/openssl/crypto/LPdir_unix.c
index 1bb2940b95..b1022895c8 100644
--- a/deps/openssl/openssl/crypto/LPdir_unix.c
+++ b/deps/openssl/openssl/crypto/LPdir_unix.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -8,7 +8,10 @@
  */
 
 /*
- * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
+ * This file is dual-licensed and is also available under the following
+ * terms:
+ *
+ * Copyright (c) 2004, 2018, Richard Levitte <richard@levitte.org>
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -43,9 +46,12 @@
 #ifndef LPDIR_H
 # include "LPdir.h"
 #endif
+#ifdef __VMS
+# include <ctype.h>
+#endif
 
 /*
- * The POSIXly macro for the maximum number of characters in a file path is
+ * The POSIX macro for the maximum number of characters in a file path is
  * NAME_MAX.  However, some operating systems use PATH_MAX instead.
  * Therefore, it seems natural to first check for PATH_MAX and use that, and
  * if it doesn't exist, use NAME_MAX.
@@ -70,6 +76,10 @@
 struct LP_dir_context_st {
     DIR *dir;
     char entry_name[LP_ENTRY_SIZE + 1];
+#ifdef __VMS
+    int expect_file_generations;
+    char previous_entry_name[LP_ENTRY_SIZE + 1];
+#endif
 };
 
 const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
@@ -90,6 +100,15 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
         }
         memset(*ctx, 0, sizeof(**ctx));
 
+#ifdef __VMS
+        {
+            char c = directory[strlen(directory) - 1];
+
+            if (c == ']' || c == '>' || c == ':')
+                (*ctx)->expect_file_generations = 1;
+        }
+#endif
+
         (*ctx)->dir = opendir(directory);
         if ((*ctx)->dir == NULL) {
             int save_errno = errno; /* Probably not needed, but I'm paranoid */
@@ -100,6 +119,13 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
         }
     }
 
+#ifdef __VMS
+    strncpy((*ctx)->previous_entry_name, (*ctx)->entry_name,
+            sizeof((*ctx)->previous_entry_name));
+
+ again:
+#endif
+
     direntry = readdir((*ctx)->dir);
     if (direntry == NULL) {
         return 0;
@@ -108,6 +134,18 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
     strncpy((*ctx)->entry_name, direntry->d_name,
             sizeof((*ctx)->entry_name) - 1);
     (*ctx)->entry_name[sizeof((*ctx)->entry_name) - 1] = '\0';
+#ifdef __VMS
+    if ((*ctx)->expect_file_generations) {
+        char *p = (*ctx)->entry_name + strlen((*ctx)->entry_name);
+
+        while(p > (*ctx)->entry_name && isdigit(p[-1]))
+            p--;
+        if (p > (*ctx)->entry_name && p[-1] == ';')
+            p[-1] = '\0';
+        if (strcasecmp((*ctx)->entry_name, (*ctx)->previous_entry_name) == 0)
+            goto again;
+    }
+#endif
     return (*ctx)->entry_name;
 }
 
diff --git a/deps/openssl/openssl/crypto/LPdir_vms.c b/deps/openssl/openssl/crypto/LPdir_vms.c
index 1a5b60febf..e35363fd66 100644
--- a/deps/openssl/openssl/crypto/LPdir_vms.c
+++ b/deps/openssl/openssl/crypto/LPdir_vms.c
@@ -8,6 +8,9 @@
  */
 
 /*
+ * This file is dual-licensed and is also available under the following
+ * terms:
+ *
  * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
  * All rights reserved.
  *
diff --git a/deps/openssl/openssl/crypto/LPdir_win.c b/deps/openssl/openssl/crypto/LPdir_win.c
index 8f674d305b..1dc1ef122c 100644
--- a/deps/openssl/openssl/crypto/LPdir_win.c
+++ b/deps/openssl/openssl/crypto/LPdir_win.c
@@ -8,6 +8,9 @@
  */
 
 /*
+ * This file is dual-licensed and is also available under the following
+ * terms:
+ *
  * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
  * All rights reserved.
  *
diff --git a/deps/openssl/openssl/crypto/LPdir_win32.c b/deps/openssl/openssl/crypto/LPdir_win32.c
index 59ed485791..edceb98d6f 100644
--- a/deps/openssl/openssl/crypto/LPdir_win32.c
+++ b/deps/openssl/openssl/crypto/LPdir_win32.c
@@ -8,6 +8,9 @@
  */
 
 /*
+ * This file is dual-licensed and is also available under the following
+ * terms:
+ *
  * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
  * All rights reserved.
  *
diff --git a/deps/openssl/openssl/crypto/LPdir_wince.c b/deps/openssl/openssl/crypto/LPdir_wince.c
index dbc10529dc..a24e738292 100644
--- a/deps/openssl/openssl/crypto/LPdir_wince.c
+++ b/deps/openssl/openssl/crypto/LPdir_wince.c
@@ -8,6 +8,9 @@
  */
 
 /*
+ * This file is dual-licensed and is also available under the following
+ * terms:
+ *
  * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
  * All rights reserved.
  *
diff --git a/deps/openssl/openssl/crypto/aes/aes_core.c b/deps/openssl/openssl/crypto/aes/aes_core.c
index bd5c7793be..f1f11fd8de 100644
--- a/deps/openssl/openssl/crypto/aes/aes_core.c
+++ b/deps/openssl/openssl/crypto/aes/aes_core.c
@@ -14,9 +14,9 @@
  *
  * Optimised ANSI C code for the Rijndael cipher (now AES)
  *
- * @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
- * @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
- * @author Paulo Barreto <paulo.barreto@terra.com.br>
+ * @author Vincent Rijmen
+ * @author Antoon Bosselaers
+ * @author Paulo Barreto
  *
  * This code is hereby placed in the public domain.
  *
diff --git a/deps/openssl/openssl/crypto/aes/aes_x86core.c b/deps/openssl/openssl/crypto/aes/aes_x86core.c
index 95b49bbabc..1b660d716d 100644
--- a/deps/openssl/openssl/crypto/aes/aes_x86core.c
+++ b/deps/openssl/openssl/crypto/aes/aes_x86core.c
@@ -7,6 +7,14 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * This is experimental x86[_64] derivative. It assumes little-endian
+ * byte order and expects CPU to sustain unaligned memory references.
+ * It is used as playground for cache-time attack mitigations and
+ * serves as reference C implementation for x86[_64] as well as some
+ * other assembly modules.
+ */
+
 /**
  * rijndael-alg-fst.c
  *
@@ -14,9 +22,9 @@
  *
  * Optimised ANSI C code for the Rijndael cipher (now AES)
  *
- * @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
- * @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
- * @author Paulo Barreto <paulo.barreto@terra.com.br>
+ * @author Vincent Rijmen
+ * @author Antoon Bosselaers
+ * @author Paulo Barreto
  *
  * This code is hereby placed in the public domain.
  *
@@ -33,15 +41,6 @@
  * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-/*
- * This is experimental x86[_64] derivative. It assumes little-endian
- * byte order and expects CPU to sustain unaligned memory references.
- * It is used as playground for cache-time attack mitigations and
- * serves as reference C implementation for x86[_64] assembler.
- *
- *                  <appro@fy.chalmers.se>
- */
-
 
 #include <assert.h>
 
diff --git a/deps/openssl/openssl/crypto/aes/asm/aes-586.pl b/deps/openssl/openssl/crypto/aes/asm/aes-586.pl
index 1ba356508a..29059edf8b 100755
--- a/deps/openssl/openssl/crypto/aes/asm/aes-586.pl
+++ b/deps/openssl/openssl/crypto/aes/asm/aes-586.pl
@@ -8,7 +8,7 @@
 
 #
 # ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
 # project. The module is, however, dual licensed under OpenSSL and
 # CRYPTOGAMS licenses depending on where you obtain it. For further
 # details see http://www.openssl.org/~appro/cryptogams/.
@@ -39,7 +39,7 @@
 # for scaling too, I [try to] avoid the latter by favoring off-by-2
 # shifts and masking the result with 0xFF<<2 instead of "boring" 0xFF.
 #
-# As was shown by Dean Gaudet <dean@arctic.org>, the above note turned
+# As was shown by Dean Gaudet, the above note turned out to be
 # void. Performance improvement with off-by-2 shifts was observed on
 # intermediate implementation, which was spilling yet another register
 # to stack... Final offset*4 code below runs just a tad faster on P4,
@@ -55,8 +55,8 @@
 # better performance on most recent µ-archs...
 #
 # Third version adds AES_cbc_encrypt implementation, which resulted in
-# up to 40% performance imrovement of CBC benchmark results. 40% was
-# observed on P4 core, where "overall" imrovement coefficient, i.e. if
+# up to 40% performance improvement of CBC benchmark results. 40% was
+# observed on P4 core, where "overall" improvement coefficient, i.e. if
 # compared to PIC generated by GCC and in CBC mode, was observed to be
 # as large as 4x:-) CBC performance is virtually identical to ECB now
 # and on some platforms even better, e.g. 17.6 "small" cycles/byte on
@@ -123,7 +123,7 @@
 # words every cache-line is *guaranteed* to be accessed within ~50
 # cycles window. Why just SSE? Because it's needed on hyper-threading
 # CPU! Which is also why it's prefetched with 64 byte stride. Best
-# part is that it has no negative effect on performance:-)  
+# part is that it has no negative effect on performance:-)
 #
 # Version 4.3 implements switch between compact and non-compact block
 # functions in AES_cbc_encrypt depending on how much data was asked
@@ -159,7 +159,7 @@
 # combinations then attack becomes infeasible. This is why revised
 # AES_cbc_encrypt "dares" to switch to larger S-box when larger chunk
 # of data is to be processed in one stroke. The current size limit of
-# 512 bytes is chosen to provide same [diminishigly low] probability
+# 512 bytes is chosen to provide same [diminishingly low] probability
 # for cache-line to remain untouched in large chunk operation with
 # large S-box as for single block operation with compact S-box and
 # surely needs more careful consideration...
@@ -171,12 +171,12 @@
 # yield execution to process performing AES just before timer fires
 # off the scheduler, immediately regain control of CPU and analyze the
 # cache state. For this attack to be efficient attacker would have to
-# effectively slow down the operation by several *orders* of magnitute,
+# effectively slow down the operation by several *orders* of magnitude,
 # by ratio of time slice to duration of handful of AES rounds, which
 # unlikely to remain unnoticed. Not to mention that this also means
-# that he would spend correspondigly more time to collect enough
+# that he would spend correspondingly more time to collect enough
 # statistical data to mount the attack. It's probably appropriate to
-# say that if adeversary reckons that this attack is beneficial and
+# say that if adversary reckons that this attack is beneficial and
 # risks to be noticed, you probably have larger problems having him
 # mere opportunity. In other words suggested code design expects you
 # to preclude/mitigate this attack by overall system security design.
@@ -202,7 +202,7 @@ $output = pop;
 open OUT,">$output";
 *STDOUT=*OUT;
 
-&asm_init($ARGV[0],"aes-586.pl",$x86only = $ARGV[$#ARGV] eq "386");
+&asm_init($ARGV[0],$x86only = $ARGV[$#ARGV] eq "386");
 &static_label("AES_Te");
 &static_label("AES_Td");
 
@@ -240,7 +240,7 @@ $small_footprint=1;	# $small_footprint=1 code is ~5% slower [on
 			# contention and in hope to "collect" 5% back
 			# in real-life applications...
 
-$vertical_spin=0;	# shift "verticaly" defaults to 0, because of
+$vertical_spin=0;	# shift "vertically" defaults to 0, because of
 			# its proof-of-concept status...
 # Note that there is no decvert(), as well as last encryption round is
 # performed with "horizontal" shifts. This is because this "vertical"
@@ -585,7 +585,7 @@ sub enctransform()
 # +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
 # |          mm4          |          mm0          |
 # +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-# |     s3    |     s2    |     s1    |     s0    |    
+# |     s3    |     s2    |     s1    |     s0    |
 # +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
 # |15|14|13|12|11|10| 9| 8| 7| 6| 5| 4| 3| 2| 1| 0|
 # +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
@@ -805,7 +805,7 @@ sub encstep()
 
 	if ($i==3)  {	$tmp=$s[3]; &mov ($s[2],$__s1);		}##%ecx
 	elsif($i==2){	&movz	($tmp,&HB($s[3]));		}#%ebx[2]
-	else        {	&mov	($tmp,$s[3]); 
+	else        {	&mov	($tmp,$s[3]);
 			&shr	($tmp,24)			}
 			&xor	($out,&DWP(1,$te,$tmp,8));
 	if ($i<2)   {	&mov	(&DWP(4+4*$i,"esp"),$out);	}
@@ -1558,7 +1558,7 @@ sub sse_deccompact()
 		&pxor	("mm1","mm3");		&pxor	("mm5","mm7");	# tp4
 		&pshufw	("mm3","mm1",0xb1);	&pshufw	("mm7","mm5",0xb1);
 		&pxor	("mm0","mm1");		&pxor	("mm4","mm5");	# ^= tp4
-		&pxor	("mm0","mm3");		&pxor	("mm4","mm7");	# ^= ROTATE(tp4,16)	
+		&pxor	("mm0","mm3");		&pxor	("mm4","mm7");	# ^= ROTATE(tp4,16)
 
 		&pxor	("mm3","mm3");		&pxor	("mm7","mm7");
 		&pcmpgtb("mm3","mm1");		&pcmpgtb("mm7","mm5");
@@ -1606,7 +1606,7 @@ sub decstep()
 	# no instructions are reordered, as performance appears
 	# optimal... or rather that all attempts to reorder didn't
 	# result in better performance [which by the way is not a
-	# bit lower than ecryption].
+	# bit lower than encryption].
 	if($i==3)   {	&mov	($key,$__key);			}
 	else        {	&mov	($out,$s[0]);			}
 			&and	($out,0xFF);
@@ -2028,7 +2028,7 @@ sub declast()
 {
 # stack frame layout
 #             -4(%esp)		# return address	 0(%esp)
-#              0(%esp)		# s0 backing store	 4(%esp)	
+#              0(%esp)		# s0 backing store	 4(%esp)
 #              4(%esp)		# s1 backing store	 8(%esp)
 #              8(%esp)		# s2 backing store	12(%esp)
 #             12(%esp)		# s3 backing store	16(%esp)
@@ -2738,7 +2738,7 @@ sub enckey()
 	&mov	(&DWP(80,"edi"),10);		# setup number of rounds
 	&xor	("eax","eax");
 	&jmp	(&label("exit"));
-		
+
     &set_label("12rounds");
 	&mov	("eax",&DWP(0,"esi"));		# copy first 6 dwords
 	&mov	("ebx",&DWP(4,"esi"));
diff --git a/deps/openssl/openssl/crypto/aes/asm/aes-ia64.S b/deps/openssl/openssl/crypto/aes/asm/aes-ia64.S
index f7f1f63c9d..03f79b7ae3 100644
--- a/deps/openssl/openssl/crypto/aes/asm/aes-ia64.S
+++ b/deps/openssl/openssl/crypto/aes/asm/aes-ia64.S
@@ -6,7 +6,7 @@
 // https://www.openssl.org/source/license.html
 //
 // ====================================================================
-// Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+// Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
 // project. Rights for redistribution and usage in source and binary
 // forms are granted according to the OpenSSL license.
 // ====================================================================
@@ -33,7 +33,7 @@
 // 64 bytes line size and L2 - 128 bytes...
 
 .ident	"aes-ia64.S, version 1.2"
-.ident	"IA-64 ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"
+.ident	"IA-64 ISA artwork by Andy Polyakov <appro@openssl.org>"
 .explicit
 .text
 
diff --git a/deps/openssl/openssl/crypto/aes/asm/aes-mips.pl b/deps/openssl/openssl/crypto/aes/asm/aes-mips.pl
index 439578d9c2..716c3356ea 100644
--- a/deps/openssl/openssl/crypto/aes/asm/aes-mips.pl
+++ b/deps/openssl/openssl/crypto/aes/asm/aes-mips.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -65,8 +65,8 @@ $flavour = shift || "o32"; # supported flavours are o32,n32,64,nubi32,nubi64
 
 if ($flavour =~ /64|n32/i) {
 	$PTR_LA="dla";
-	$PTR_ADD="dadd";	# incidentally works even on n32
-	$PTR_SUB="dsub";	# incidentally works even on n32
+	$PTR_ADD="daddu";	# incidentally works even on n32
+	$PTR_SUB="dsubu";	# incidentally works even on n32
 	$PTR_INS="dins";
 	$REG_S="sd";
 	$REG_L="ld";
@@ -74,8 +74,8 @@ if ($flavour =~ /64|n32/i) {
 	$SZREG=8;
 } else {
 	$PTR_LA="la";
-	$PTR_ADD="add";
-	$PTR_SUB="sub";
+	$PTR_ADD="addu";
+	$PTR_SUB="subu";
 	$PTR_INS="ins";
 	$REG_S="sw";
 	$REG_L="lw";
@@ -88,7 +88,7 @@ $pf = ($flavour =~ /nubi/i) ? $t0 : $t2;
 #
 ######################################################################
 
-$big_endian=(`echo MIPSEL | $ENV{CC} -E -`=~/MIPSEL/)?1:0 if ($ENV{CC});
+$big_endian=(`echo MIPSEB | $ENV{CC} -E -`=~/MIPSEB/)?0:1 if ($ENV{CC});
 
 for (@ARGV) {	$output=$_ if (/\w[\w\-]*\.\w+$/);	}
 open STDOUT,">$output";
@@ -102,15 +102,9 @@ open STDOUT,">$output";
 my ($MSB,$LSB)=(0,3);	# automatically converted to little-endian
 
 $code.=<<___;
-.text
-#ifdef OPENSSL_FIPSCANISTER
-# include <openssl/fipssyms.h>
-#endif
-
-#if defined(__mips_smartmips) && !defined(_MIPS_ARCH_MIPS32R2)
-#define _MIPS_ARCH_MIPS32R2
-#endif
+#include "mips_arch.h"
 
+.text
 #if !defined(__mips_eabi) && (!defined(__vxworks) || defined(__pic__))
 .option	pic2
 #endif
@@ -126,7 +120,7 @@ my ($i0,$i1,$i2,$i3)=($at,$t0,$t1,$t2);
 my ($t0,$t1,$t2,$t3,$t4,$t5,$t6,$t7,$t8,$t9,$t10,$t11) = map("\$$_",(12..23));
 my ($key0,$cnt)=($gp,$fp);
 
-# instuction ordering is "stolen" from output from MIPSpro assembler
+# instruction ordering is "stolen" from output from MIPSpro assembler
 # invoked with -mips3 -O3 arguments...
 $code.=<<___;
 .align	5
@@ -146,7 +140,7 @@ _mips_AES_encrypt:
 	xor	$s2,$t2
 	xor	$s3,$t3
 
-	sub	$cnt,1
+	subu	$cnt,1
 #if defined(__mips_smartmips)
 	ext	$i0,$s1,16,8
 .Loop_enc:
@@ -218,7 +212,7 @@ _mips_AES_encrypt:
 	xor	$t2,$t6
 	xor	$t3,$t7
 
-	sub	$cnt,1
+	subu	$cnt,1
 	$PTR_ADD $key0,16
 	xor	$s0,$t0
 	xor	$s1,$t1
@@ -409,7 +403,7 @@ _mips_AES_encrypt:
 	xor	$t2,$t6
 	xor	$t3,$t7
 
-	sub	$cnt,1
+	subu	$cnt,1
 	$PTR_ADD $key0,16
 	xor	$s0,$t0
 	xor	$s1,$t1
@@ -657,6 +651,12 @@ $code.=<<___;
 	.set	reorder
 	$PTR_LA	$Tbl,AES_Te		# PIC-ified 'load address'
 
+#if defined(_MIPS_ARCH_MIPS32R6) || defined(_MIPS_ARCH_MIPS64R6)
+	lw	$s0,0($inp)
+	lw	$s1,4($inp)
+	lw	$s2,8($inp)
+	lw	$s3,12($inp)
+#else
 	lwl	$s0,0+$MSB($inp)
 	lwl	$s1,4+$MSB($inp)
 	lwl	$s2,8+$MSB($inp)
@@ -665,9 +665,16 @@ $code.=<<___;
 	lwr	$s1,4+$LSB($inp)
 	lwr	$s2,8+$LSB($inp)
 	lwr	$s3,12+$LSB($inp)
+#endif
 
 	bal	_mips_AES_encrypt
 
+#if defined(_MIPS_ARCH_MIPS32R6) || defined(_MIPS_ARCH_MIPS64R6)
+	sw	$s0,0($out)
+	sw	$s1,4($out)
+	sw	$s2,8($out)
+	sw	$s3,12($out)
+#else
 	swr	$s0,0+$LSB($out)
 	swr	$s1,4+$LSB($out)
 	swr	$s2,8+$LSB($out)
@@ -676,6 +683,7 @@ $code.=<<___;
 	swl	$s1,4+$MSB($out)
 	swl	$s2,8+$MSB($out)
 	swl	$s3,12+$MSB($out)
+#endif
 
 	.set	noreorder
 	$REG_L	$ra,$FRAMESIZE-1*$SZREG($sp)
@@ -720,7 +728,7 @@ _mips_AES_decrypt:
 	xor	$s2,$t2
 	xor	$s3,$t3
 
-	sub	$cnt,1
+	subu	$cnt,1
 #if defined(__mips_smartmips)
 	ext	$i0,$s3,16,8
 .Loop_dec:
@@ -792,7 +800,7 @@ _mips_AES_decrypt:
 	xor	$t2,$t6
 	xor	$t3,$t7
 
-	sub	$cnt,1
+	subu	$cnt,1
 	$PTR_ADD $key0,16
 	xor	$s0,$t0
 	xor	$s1,$t1
@@ -985,7 +993,7 @@ _mips_AES_decrypt:
 	xor	$t2,$t6
 	xor	$t3,$t7
 
-	sub	$cnt,1
+	subu	$cnt,1
 	$PTR_ADD $key0,16
 	xor	$s0,$t0
 	xor	$s1,$t1
@@ -1228,6 +1236,12 @@ $code.=<<___;
 	.set	reorder
 	$PTR_LA	$Tbl,AES_Td		# PIC-ified 'load address'
 
+#if defined(_MIPS_ARCH_MIPS32R6) || defined(_MIPS_ARCH_MIPS64R6)
+	lw	$s0,0($inp)
+	lw	$s1,4($inp)
+	lw	$s2,8($inp)
+	lw	$s3,12($inp)
+#else
 	lwl	$s0,0+$MSB($inp)
 	lwl	$s1,4+$MSB($inp)
 	lwl	$s2,8+$MSB($inp)
@@ -1236,9 +1250,16 @@ $code.=<<___;
 	lwr	$s1,4+$LSB($inp)
 	lwr	$s2,8+$LSB($inp)
 	lwr	$s3,12+$LSB($inp)
+#endif
 
 	bal	_mips_AES_decrypt
 
+#if defined(_MIPS_ARCH_MIPS32R6) || defined(_MIPS_ARCH_MIPS64R6)
+	sw	$s0,0($out)
+	sw	$s1,4($out)
+	sw	$s2,8($out)
+	sw	$s3,12($out)
+#else
 	swr	$s0,0+$LSB($out)
 	swr	$s1,4+$LSB($out)
 	swr	$s2,8+$LSB($out)
@@ -1247,6 +1268,7 @@ $code.=<<___;
 	swl	$s1,4+$MSB($out)
 	swl	$s2,8+$MSB($out)
 	swl	$s3,12+$MSB($out)
+#endif
 
 	.set	noreorder
 	$REG_L	$ra,$FRAMESIZE-1*$SZREG($sp)
@@ -1295,35 +1317,52 @@ _mips_AES_set_encrypt_key:
 	$PTR_ADD $rcon,$Tbl,256
 
 	.set	reorder
+#if defined(_MIPS_ARCH_MIPS32R6) || defined(_MIPS_ARCH_MIPS64R6)
+	lw	$rk0,0($inp)		# load 128 bits
+	lw	$rk1,4($inp)
+	lw	$rk2,8($inp)
+	lw	$rk3,12($inp)
+#else
 	lwl	$rk0,0+$MSB($inp)	# load 128 bits
 	lwl	$rk1,4+$MSB($inp)
 	lwl	$rk2,8+$MSB($inp)
 	lwl	$rk3,12+$MSB($inp)
-	li	$at,128
 	lwr	$rk0,0+$LSB($inp)
 	lwr	$rk1,4+$LSB($inp)
 	lwr	$rk2,8+$LSB($inp)
 	lwr	$rk3,12+$LSB($inp)
+#endif
+	li	$at,128
 	.set	noreorder
 	beq	$bits,$at,.L128bits
 	li	$cnt,10
 
 	.set	reorder
+#if defined(_MIPS_ARCH_MIPS32R6) || defined(_MIPS_ARCH_MIPS64R6)
+	lw	$rk4,16($inp)		# load 192 bits
+	lw	$rk5,20($inp)
+#else
 	lwl	$rk4,16+$MSB($inp)	# load 192 bits
 	lwl	$rk5,20+$MSB($inp)
-	li	$at,192
 	lwr	$rk4,16+$LSB($inp)
 	lwr	$rk5,20+$LSB($inp)
+#endif
+	li	$at,192
 	.set	noreorder
 	beq	$bits,$at,.L192bits
 	li	$cnt,8
 
 	.set	reorder
+#if defined(_MIPS_ARCH_MIPS32R6) || defined(_MIPS_ARCH_MIPS64R6)
+	lw	$rk6,24($inp)		# load 256 bits
+	lw	$rk7,28($inp)
+#else
 	lwl	$rk6,24+$MSB($inp)	# load 256 bits
 	lwl	$rk7,28+$MSB($inp)
-	li	$at,256
 	lwr	$rk6,24+$LSB($inp)
 	lwr	$rk7,28+$LSB($inp)
+#endif
+	li	$at,256
 	.set	noreorder
 	beq	$bits,$at,.L256bits
 	li	$cnt,7
@@ -1353,7 +1392,7 @@ _mips_AES_set_encrypt_key:
 	sw	$rk1,4($key)
 	sw	$rk2,8($key)
 	sw	$rk3,12($key)
-	sub	$cnt,1
+	subu	$cnt,1
 	$PTR_ADD $key,16
 
 	_bias	$i0,24
@@ -1410,7 +1449,7 @@ _mips_AES_set_encrypt_key:
 	sw	$rk3,12($key)
 	sw	$rk4,16($key)
 	sw	$rk5,20($key)
-	sub	$cnt,1
+	subu	$cnt,1
 	$PTR_ADD $key,24
 
 	_bias	$i0,24
@@ -1471,7 +1510,7 @@ _mips_AES_set_encrypt_key:
 	sw	$rk5,20($key)
 	sw	$rk6,24($key)
 	sw	$rk7,28($key)
-	sub	$cnt,1
+	subu	$cnt,1
 
 	_bias	$i0,24
 	_bias	$i1,16
@@ -1653,7 +1692,7 @@ $code.=<<___;
 
 	lw	$tp1,16($key)		# modulo-scheduled
 	lui	$x80808080,0x8080
-	sub	$cnt,1
+	subu	$cnt,1
 	or	$x80808080,0x8080
 	sll	$cnt,2
 	$PTR_ADD $key,16
@@ -1716,7 +1755,7 @@ $code.=<<___;
 	lw	$tp1,4($key)		# modulo-scheduled
 	xor	$tpe,$tp2
 #endif
-	sub	$cnt,1
+	subu	$cnt,1
 	sw	$tpe,0($key)
 	$PTR_ADD $key,4
 	bnez	$cnt,.Lmix
diff --git a/deps/openssl/openssl/crypto/aes/asm/aes-parisc.pl b/deps/openssl/openssl/crypto/aes/asm/aes-parisc.pl
index 2c785bc56d..e817c757f8 100644
--- a/deps/openssl/openssl/crypto/aes/asm/aes-parisc.pl
+++ b/deps/openssl/openssl/crypto/aes/asm/aes-parisc.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -8,7 +8,7 @@
 
 
 # ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
 # project. The module is, however, dual licensed under OpenSSL and
 # CRYPTOGAMS licenses depending on where you obtain it. For further
 # details see http://www.openssl.org/~appro/cryptogams/.
@@ -1012,18 +1012,27 @@ L\$AES_Td
 	.STRINGZ "AES for PA-RISC, CRYPTOGAMS by <appro\@openssl.org>"
 ___
 
+if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+	=~ /GNU assembler/) {
+    $gnuas = 1;
+}
+
 foreach (split("\n",$code)) {
 	s/\`([^\`]*)\`/eval $1/ge;
 
-	# translate made up instructons: _ror, _srm
+	# translate made up instructions: _ror, _srm
 	s/_ror(\s+)(%r[0-9]+),/shd$1$2,$2,/				or
 
 	s/_srm(\s+%r[0-9]+),([0-9]+),/
 		$SIZE_T==4 ? sprintf("extru%s,%d,8,",$1,31-$2)
 		:            sprintf("extrd,u%s,%d,8,",$1,63-$2)/e;
 
+	s/(\.LEVEL\s+2\.0)W/$1w/	if ($gnuas && $SIZE_T==8);
+	s/\.SPACE\s+\$TEXT\$/.text/	if ($gnuas && $SIZE_T==8);
+	s/\.SUBSPA.*//			if ($gnuas && $SIZE_T==8);
 	s/,\*/,/			if ($SIZE_T==4);
 	s/\bbv\b(.*\(%r2\))/bve$1/	if ($SIZE_T==8);
+
 	print $_,"\n";
 }
 close STDOUT;
diff --git a/deps/openssl/openssl/crypto/aes/asm/aes-ppc.pl b/deps/openssl/openssl/crypto/aes/asm/aes-ppc.pl
index 1558d8e454..ca69df4c3e 100644
--- a/deps/openssl/openssl/crypto/aes/asm/aes-ppc.pl
+++ b/deps/openssl/openssl/crypto/aes/asm/aes-ppc.pl
@@ -8,7 +8,7 @@
 
 
 # ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
 # project. The module is, however, dual licensed under OpenSSL and
 # CRYPTOGAMS licenses depending on where you obtain it. For further
 # details see http://www.openssl.org/~appro/cryptogams/.
@@ -1433,10 +1433,10 @@ $code.=<<___;
 	xor	$s1,$s1,$acc05
 	xor	$s2,$s2,$acc06
 	xor	$s3,$s3,$acc07
-	xor	$s0,$s0,$acc08		# ^= ROTATE(r8,8)	
-	xor	$s1,$s1,$acc09	
-	xor	$s2,$s2,$acc10	
-	xor	$s3,$s3,$acc11	
+	xor	$s0,$s0,$acc08		# ^= ROTATE(r8,8)
+	xor	$s1,$s1,$acc09
+	xor	$s2,$s2,$acc10
+	xor	$s3,$s3,$acc11
 
 	b	Ldec_compact_loop
 .align	4
diff --git a/deps/openssl/openssl/crypto/aes/asm/aes-s390x.pl b/deps/openssl/openssl/crypto/aes/asm/aes-s390x.pl
index fd8a737166..0c40059066 100644
--- a/deps/openssl/openssl/crypto/aes/asm/aes-s390x.pl
+++ b/deps/openssl/openssl/crypto/aes/asm/aes-s390x.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -8,7 +8,7 @@
 
 
 # ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
 # project. The module is, however, dual licensed under OpenSSL and
 # CRYPTOGAMS licenses depending on where you obtain it. For further
 # details see http://www.openssl.org/~appro/cryptogams/.
@@ -44,7 +44,7 @@
 # minimize/avoid Address Generation Interlock hazard and to favour
 # dual-issue z10 pipeline. This gave ~25% improvement on z10 and
 # almost 50% on z9. The gain is smaller on z10, because being dual-
-# issue z10 makes it improssible to eliminate the interlock condition:
+# issue z10 makes it impossible to eliminate the interlock condition:
 # critial path is not long enough. Yet it spends ~24 cycles per byte
 # processed with 128-bit key.
 #
@@ -129,6 +129,8 @@ sub _data_word()
 }
 
 $code=<<___;
+#include "s390x_arch.h"
+
 .text
 
 .type	AES_Te,\@object
@@ -404,7 +406,7 @@ _s390x_AES_encrypt:
 	or	$s1,$t1
 	or	$t2,$i2
 	or	$t3,$i3
-	
+
 	srlg	$i1,$s2,`8-3`	# i0
 	srlg	$i2,$s2,`16-3`	# i1
 	nr	$i1,$mask
@@ -457,7 +459,7 @@ _s390x_AES_encrypt:
 	x	$s2,24($key)
 	x	$s3,28($key)
 
-	br	$ra	
+	br	$ra
 .size	_s390x_AES_encrypt,.-_s390x_AES_encrypt
 ___
 
@@ -779,7 +781,7 @@ _s390x_AES_decrypt:
 	x	$s2,24($key)
 	x	$s3,28($key)
 
-	br	$ra	
+	br	$ra
 .size	_s390x_AES_decrypt,.-_s390x_AES_decrypt
 ___
 
@@ -823,8 +825,8 @@ $code.=<<___ if (!$softonly);
 	larl	%r1,OPENSSL_s390xcap_P
 	llihh	%r0,0x8000
 	srlg	%r0,%r0,0(%r5)
-	ng	%r0,32(%r1)	# check availability of both km...
-	ng	%r0,48(%r1)	# ...and kmc support for given key length
+	ng	%r0,S390X_KM(%r1)  # check availability of both km...
+	ng	%r0,S390X_KMC(%r1) # ...and kmc support for given key length
 	jz	.Lekey_internal
 
 	lmg	%r0,%r1,0($inp)	# just copy 128 bits...
@@ -1084,7 +1086,7 @@ $code.=<<___ if (!$softonly);
 	lhi	$t1,16
 	cr	$t0,$t1
 	jl	.Lgo
-	oill	$t0,0x80	# set "decrypt" bit
+	oill	$t0,S390X_DECRYPT	# set "decrypt" bit
 	st	$t0,240($key)
 	br	$ra
 ___
@@ -1223,7 +1225,7 @@ $code.=<<___ if (!$softonly);
 .align	16
 .Lkmc_truncated:
 	ahi	$key,-1		# it's the way it's encoded in mvc
-	tmll	%r0,0x80
+	tmll	%r0,S390X_DECRYPT
 	jnz	.Lkmc_truncated_dec
 	lghi	%r1,0
 	stg	%r1,16*$SIZE_T($sp)
@@ -1294,7 +1296,7 @@ $code.=<<___;
 .Lcbc_enc_done:
 	l${g}	$ivp,6*$SIZE_T($sp)
 	st	$s0,0($ivp)
-	st	$s1,4($ivp)	
+	st	$s1,4($ivp)
 	st	$s2,8($ivp)
 	st	$s3,12($ivp)
 
@@ -1403,7 +1405,61 @@ $code.=<<___ if (!$softonly);
 	clr	%r0,%r1
 	jl	.Lctr32_software
 
-	stm${g}	%r6,$s3,6*$SIZE_T($sp)
+	st${g}	$s2,10*$SIZE_T($sp)
+	st${g}	$s3,11*$SIZE_T($sp)
+
+	clr	$len,%r1		# does work even in 64-bit mode
+	jle	.Lctr32_nokma		# kma is slower for <= 16 blocks
+
+	larl	%r1,OPENSSL_s390xcap_P
+	lr	$s2,%r0
+	llihh	$s3,0x8000
+	srlg	$s3,$s3,0($s2)
+	ng	$s3,S390X_KMA(%r1)		# check kma capability vector
+	jz	.Lctr32_nokma
+
+	l${g}hi	%r1,-$stdframe-112
+	l${g}r	$s3,$sp
+	la	$sp,0(%r1,$sp)			# prepare parameter block
+
+	lhi	%r1,0x0600
+	sllg	$len,$len,4
+	or	%r0,%r1				# set HS and LAAD flags
+
+	st${g}	$s3,0($sp)			# backchain
+	la	%r1,$stdframe($sp)
+
+	lmg	$s2,$s3,0($key)			# copy key
+	stg	$s2,$stdframe+80($sp)
+	stg	$s3,$stdframe+88($sp)
+	lmg	$s2,$s3,16($key)
+	stg	$s2,$stdframe+96($sp)
+	stg	$s3,$stdframe+104($sp)
+
+	lmg	$s2,$s3,0($ivp)			# copy iv
+	stg	$s2,$stdframe+64($sp)
+	ahi	$s3,-1				# kma requires counter-1
+	stg	$s3,$stdframe+72($sp)
+	st	$s3,$stdframe+12($sp)		# copy counter
+
+	lghi	$s2,0				# no AAD
+	lghi	$s3,0
+
+	.long	0xb929a042	# kma $out,$s2,$inp
+	brc	1,.-4		# pay attention to "partial completion"
+
+	stg	%r0,$stdframe+80($sp)		# wipe key
+	stg	%r0,$stdframe+88($sp)
+	stg	%r0,$stdframe+96($sp)
+	stg	%r0,$stdframe+104($sp)
+	la	$sp,$stdframe+112($sp)
+
+	lm${g}	$s2,$s3,10*$SIZE_T($sp)
+	br	$ra
+
+.align	16
+.Lctr32_nokma:
+	stm${g}	%r6,$s1,6*$SIZE_T($sp)
 
 	slgr	$out,$inp
 	la	%r1,0($key)	# %r1 is permanent copy of $key
@@ -1442,7 +1498,7 @@ $code.=<<___ if (!$softonly && 0);# kmctr code was measured to be ~12% slower
 	larl	%r1,OPENSSL_s390xcap_P
 	llihh	%r0,0x8000	# check if kmctr supports the function code
 	srlg	%r0,%r0,0($s0)
-	ng	%r0,64(%r1)	# check kmctr capability vector
+	ng	%r0,S390X_KMCTR(%r1)	# check kmctr capability vector
 	lgr	%r0,$s0
 	lgr	%r1,$s1
 	jz	.Lctr32_km_loop
@@ -1567,8 +1623,8 @@ ___
 }
 
 ########################################################################
-# void AES_xts_encrypt(const char *inp,char *out,size_t len,
-#	const AES_KEY *key1, const AES_KEY *key2,
+# void AES_xts_encrypt(const unsigned char *inp, unsigned char *out,
+#	size_t len, const AES_KEY *key1, const AES_KEY *key2,
 #	const unsigned char iv[16]);
 #
 {
@@ -1592,7 +1648,7 @@ $code.=<<___ if(1);
 	larl	%r1,OPENSSL_s390xcap_P
 	llihh	%r0,0x8000
 	srlg	%r0,%r0,32($s1)		# check for 32+function code
-	ng	%r0,32(%r1)		# check km capability vector
+	ng	%r0,S390X_KM(%r1)	# check km capability vector
 	lgr	%r0,$s0			# restore the function code
 	la	%r1,0($key1)		# restore $key1
 	jz	.Lxts_km_vanilla
@@ -1627,7 +1683,7 @@ $code.=<<___ if(1);
 	llgc	$len,2*$SIZE_T-1($sp)
 	nill	$len,0x0f		# $len%=16
 	br	$ra
-	
+
 .align	16
 .Lxts_km_vanilla:
 ___
@@ -1854,7 +1910,7 @@ $code.=<<___;
 	xgr	$s1,%r1
 	lrvgr	$s1,$s1			# flip byte order
 	lrvgr	$s3,$s3
-	srlg	$s0,$s1,32		# smash the tweak to 4x32-bits 
+	srlg	$s0,$s1,32		# smash the tweak to 4x32-bits
 	stg	$s1,$tweak+0($sp)	# save the tweak
 	llgfr	$s1,$s1
 	srlg	$s2,$s3,32
@@ -1905,7 +1961,7 @@ $code.=<<___;
 	xgr	$s1,%r1
 	lrvgr	$s1,$s1			# flip byte order
 	lrvgr	$s3,$s3
-	srlg	$s0,$s1,32		# smash the tweak to 4x32-bits 
+	srlg	$s0,$s1,32		# smash the tweak to 4x32-bits
 	stg	$s1,$tweak+0($sp)	# save the tweak
 	llgfr	$s1,$s1
 	srlg	$s2,$s3,32
@@ -1936,8 +1992,8 @@ $code.=<<___;
 	br	$ra
 .size	AES_xts_encrypt,.-AES_xts_encrypt
 ___
-# void AES_xts_decrypt(const char *inp,char *out,size_t len,
-#	const AES_KEY *key1, const AES_KEY *key2,
+# void AES_xts_decrypt(const unsigned char *inp, unsigned char *out,
+#	size_t len, const AES_KEY *key1, const AES_KEY *key2,
 #	const unsigned char iv[16]);
 #
 $code.=<<___;
@@ -2097,7 +2153,7 @@ $code.=<<___;
 	xgr	$s1,%r1
 	lrvgr	$s1,$s1			# flip byte order
 	lrvgr	$s3,$s3
-	srlg	$s0,$s1,32		# smash the tweak to 4x32-bits 
+	srlg	$s0,$s1,32		# smash the tweak to 4x32-bits
 	stg	$s1,$tweak+0($sp)	# save the tweak
 	llgfr	$s1,$s1
 	srlg	$s2,$s3,32
diff --git a/deps/openssl/openssl/crypto/aes/asm/aes-sparcv9.pl b/deps/openssl/openssl/crypto/aes/asm/aes-sparcv9.pl
index 883fae820f..40d1f94ccd 100755
--- a/deps/openssl/openssl/crypto/aes/asm/aes-sparcv9.pl
+++ b/deps/openssl/openssl/crypto/aes/asm/aes-sparcv9.pl
@@ -8,7 +8,7 @@
 
 #
 # ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
 # project. Rights for redistribution and usage in source and binary
 # forms are granted according to the OpenSSL license.
 # ====================================================================
diff --git a/deps/openssl/openssl/crypto/aes/asm/aes-x86_64.pl b/deps/openssl/openssl/crypto/aes/asm/aes-x86_64.pl
index ce4ca30b1a..4d1dc9c701 100755
--- a/deps/openssl/openssl/crypto/aes/asm/aes-x86_64.pl
+++ b/deps/openssl/openssl/crypto/aes/asm/aes-x86_64.pl
@@ -8,7 +8,7 @@
 
 #
 # ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
 # project. The module is, however, dual licensed under OpenSSL and
 # CRYPTOGAMS licenses depending on where you obtain it. For further
 # details see http://www.openssl.org/~appro/cryptogams/.
@@ -599,15 +599,23 @@ $code.=<<___;
 .hidden	asm_AES_encrypt
 asm_AES_encrypt:
 AES_encrypt:
+.cfi_startproc
+	mov	%rsp,%rax
+.cfi_def_cfa_register	%rax
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
 
 	# allocate frame "above" key schedule
-	mov	%rsp,%r10
 	lea	-63(%rdx),%rcx	# %rdx is key argument
 	and	\$-64,%rsp
 	sub	%rsp,%rcx
@@ -617,7 +625,8 @@ AES_encrypt:
 	sub	\$32,%rsp
 
 	mov	%rsi,16(%rsp)	# save out
-	mov	%r10,24(%rsp)	# save real stack pointer
+	mov	%rax,24(%rsp)	# save original stack pointer
+.cfi_cfa_expression	%rsp+24,deref,+8
 .Lenc_prologue:
 
 	mov	%rdx,$key
@@ -644,20 +653,29 @@ AES_encrypt:
 
 	mov	16(%rsp),$out	# restore out
 	mov	24(%rsp),%rsi	# restore saved stack pointer
+.cfi_def_cfa	%rsi,8
 	mov	$s0,0($out)	# write output vector
 	mov	$s1,4($out)
 	mov	$s2,8($out)
 	mov	$s3,12($out)
 
-	mov	(%rsi),%r15
-	mov	8(%rsi),%r14
-	mov	16(%rsi),%r13
-	mov	24(%rsi),%r12
-	mov	32(%rsi),%rbp
-	mov	40(%rsi),%rbx
-	lea	48(%rsi),%rsp
+	mov	-48(%rsi),%r15
+.cfi_restore	%r15
+	mov	-40(%rsi),%r14
+.cfi_restore	%r14
+	mov	-32(%rsi),%r13
+.cfi_restore	%r13
+	mov	-24(%rsi),%r12
+.cfi_restore	%r12
+	mov	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	mov	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	lea	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
 .Lenc_epilogue:
 	ret
+.cfi_endproc
 .size	AES_encrypt,.-AES_encrypt
 ___
 
@@ -1197,15 +1215,23 @@ $code.=<<___;
 .hidden	asm_AES_decrypt
 asm_AES_decrypt:
 AES_decrypt:
+.cfi_startproc
+	mov	%rsp,%rax
+.cfi_def_cfa_register	%rax
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
 
 	# allocate frame "above" key schedule
-	mov	%rsp,%r10
 	lea	-63(%rdx),%rcx	# %rdx is key argument
 	and	\$-64,%rsp
 	sub	%rsp,%rcx
@@ -1215,7 +1241,8 @@ AES_decrypt:
 	sub	\$32,%rsp
 
 	mov	%rsi,16(%rsp)	# save out
-	mov	%r10,24(%rsp)	# save real stack pointer
+	mov	%rax,24(%rsp)	# save original stack pointer
+.cfi_cfa_expression	%rsp+24,deref,+8
 .Ldec_prologue:
 
 	mov	%rdx,$key
@@ -1244,20 +1271,29 @@ AES_decrypt:
 
 	mov	16(%rsp),$out	# restore out
 	mov	24(%rsp),%rsi	# restore saved stack pointer
+.cfi_def_cfa	%rsi,8
 	mov	$s0,0($out)	# write output vector
 	mov	$s1,4($out)
 	mov	$s2,8($out)
 	mov	$s3,12($out)
 
-	mov	(%rsi),%r15
-	mov	8(%rsi),%r14
-	mov	16(%rsi),%r13
-	mov	24(%rsi),%r12
-	mov	32(%rsi),%rbp
-	mov	40(%rsi),%rbx
-	lea	48(%rsi),%rsp
+	mov	-48(%rsi),%r15
+.cfi_restore	%r15
+	mov	-40(%rsi),%r14
+.cfi_restore	%r14
+	mov	-32(%rsi),%r13
+.cfi_restore	%r13
+	mov	-24(%rsi),%r12
+.cfi_restore	%r12
+	mov	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	mov	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	lea	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
 .Ldec_epilogue:
 	ret
+.cfi_endproc
 .size	AES_decrypt,.-AES_decrypt
 ___
 #------------------------------------------------------------------#
@@ -1296,22 +1332,34 @@ $code.=<<___;
 .type	AES_set_encrypt_key,\@function,3
 .align	16
 AES_set_encrypt_key:
+.cfi_startproc
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
-	push	%r12			# redundant, but allows to share 
+.cfi_push	%rbp
+	push	%r12			# redundant, but allows to share
+.cfi_push	%r12
 	push	%r13			# exception handler...
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
 	sub	\$8,%rsp
+.cfi_adjust_cfa_offset	8
 .Lenc_key_prologue:
 
 	call	_x86_64_AES_set_encrypt_key
 
 	mov	40(%rsp),%rbp
+.cfi_restore	%rbp
 	mov	48(%rsp),%rbx
+.cfi_restore	%rbx
 	add	\$56,%rsp
+.cfi_adjust_cfa_offset	-56
 .Lenc_key_epilogue:
 	ret
+.cfi_endproc
 .size	AES_set_encrypt_key,.-AES_set_encrypt_key
 
 .type	_x86_64_AES_set_encrypt_key,\@abi-omnipotent
@@ -1424,7 +1472,7 @@ $code.=<<___;
 	xor	%rax,%rax
 	jmp	.Lexit
 
-.L14rounds:		
+.L14rounds:
 	mov	0(%rsi),%rax			# copy first 8 dwords
 	mov	8(%rsi),%rbx
 	mov	16(%rsi),%rcx
@@ -1562,13 +1610,21 @@ $code.=<<___;
 .type	AES_set_decrypt_key,\@function,3
 .align	16
 AES_set_decrypt_key:
+.cfi_startproc
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
 	push	%rdx			# save key schedule
+.cfi_adjust_cfa_offset	8
 .Ldec_key_prologue:
 
 	call	_x86_64_AES_set_encrypt_key
@@ -1622,14 +1678,22 @@ $code.=<<___;
 	xor	%rax,%rax
 .Labort:
 	mov	8(%rsp),%r15
+.cfi_restore	%r15
 	mov	16(%rsp),%r14
+.cfi_restore	%r14
 	mov	24(%rsp),%r13
+.cfi_restore	%r13
 	mov	32(%rsp),%r12
+.cfi_restore	%r12
 	mov	40(%rsp),%rbp
+.cfi_restore	%rbp
 	mov	48(%rsp),%rbx
+.cfi_restore	%rbx
 	add	\$56,%rsp
+.cfi_adjust_cfa_offset	-56
 .Ldec_key_epilogue:
 	ret
+.cfi_endproc
 .size	AES_set_decrypt_key,.-AES_set_decrypt_key
 ___
 
@@ -1660,25 +1724,32 @@ $code.=<<___;
 .hidden	asm_AES_cbc_encrypt
 asm_AES_cbc_encrypt:
 AES_cbc_encrypt:
+.cfi_startproc
 	cmp	\$0,%rdx	# check length
 	je	.Lcbc_epilogue
 	pushfq
+.cfi_push	49		# %rflags
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
 .Lcbc_prologue:
 
 	cld
 	mov	%r9d,%r9d	# clear upper half of enc
 
 	lea	.LAES_Te(%rip),$sbox
+	lea	.LAES_Td(%rip),%r10
 	cmp	\$0,%r9
-	jne	.Lcbc_picked_te
-	lea	.LAES_Td(%rip),$sbox
-.Lcbc_picked_te:
+	cmoveq	%r10,$sbox
 
 	mov	OPENSSL_ia32cap_P(%rip),%r10d
 	cmp	\$$speed_limit,%rdx
@@ -1714,8 +1785,10 @@ AES_cbc_encrypt:
 .Lcbc_te_ok:
 
 	xchg	%rsp,$key
+.cfi_def_cfa_register	$key
 	#add	\$8,%rsp	# reserve for return address!
 	mov	$key,$_rsp	# save %rsp
+.cfi_cfa_expression	$_rsp,deref,+64
 .Lcbc_fast_body:
 	mov	%rdi,$_inp	# save copy of inp
 	mov	%rsi,$_out	# save copy of out
@@ -1945,7 +2018,7 @@ AES_cbc_encrypt:
 	lea	($key,%rax),%rax
 	mov	%rax,$keyend
 
-	# pick Te4 copy which can't "overlap" with stack frame or key scdedule
+	# pick Te4 copy which can't "overlap" with stack frame or key schedule
 	lea	2048($sbox),$sbox
 	lea	768-8(%rsp),%rax
 	sub	$sbox,%rax
@@ -2097,17 +2170,27 @@ AES_cbc_encrypt:
 .align	16
 .Lcbc_exit:
 	mov	$_rsp,%rsi
+.cfi_def_cfa	%rsi,64
 	mov	(%rsi),%r15
+.cfi_restore	%r15
 	mov	8(%rsi),%r14
+.cfi_restore	%r14
 	mov	16(%rsi),%r13
+.cfi_restore	%r13
 	mov	24(%rsi),%r12
+.cfi_restore	%r12
 	mov	32(%rsi),%rbp
+.cfi_restore	%rbp
 	mov	40(%rsi),%rbx
+.cfi_restore	%rbx
 	lea	48(%rsi),%rsp
+.cfi_def_cfa	%rsp,16
 .Lcbc_popfq:
 	popfq
+.cfi_pop	49		# %rflags
 .Lcbc_epilogue:
 	ret
+.cfi_endproc
 .size	AES_cbc_encrypt,.-AES_cbc_encrypt
 ___
 }
@@ -2580,7 +2663,6 @@ block_se_handler:
 	jae	.Lin_block_prologue
 
 	mov	24(%rax),%rax		# pull saved real stack pointer
-	lea	48(%rax),%rax		# adjust...
 
 	mov	-8(%rax),%rbx
 	mov	-16(%rax),%rbp
diff --git a/deps/openssl/openssl/crypto/aes/asm/aesfx-sparcv9.pl b/deps/openssl/openssl/crypto/aes/asm/aesfx-sparcv9.pl
index 04b3cf7116..9ddf0b4b00 100644
--- a/deps/openssl/openssl/crypto/aes/asm/aesfx-sparcv9.pl
+++ b/deps/openssl/openssl/crypto/aes/asm/aesfx-sparcv9.pl
@@ -22,7 +22,7 @@
 # April 2016
 #
 # Add "teaser" CBC and CTR mode-specific subroutines. "Teaser" means
-# that parallelizeable nature of CBC decrypt and CTR is not utilized
+# that parallelizable nature of CBC decrypt and CTR is not utilized
 # yet. CBC encrypt on the other hand is as good as it can possibly
 # get processing one byte in 4.1 cycles with 128-bit key on SPARC64 X.
 # This is ~6x faster than pure software implementation...
diff --git a/deps/openssl/openssl/crypto/aes/asm/aesni-mb-x86_64.pl b/deps/openssl/openssl/crypto/aes/asm/aesni-mb-x86_64.pl
index aa2735e06a..1f356d2d3f 100644
--- a/deps/openssl/openssl/crypto/aes/asm/aesni-mb-x86_64.pl
+++ b/deps/openssl/openssl/crypto/aes/asm/aesni-mb-x86_64.pl
@@ -105,6 +105,7 @@ $code.=<<___;
 .type	aesni_multi_cbc_encrypt,\@function,3
 .align	32
 aesni_multi_cbc_encrypt:
+.cfi_startproc
 ___
 $code.=<<___ if ($avx);
 	cmp	\$2,$num
@@ -118,12 +119,19 @@ $code.=<<___ if ($avx);
 ___
 $code.=<<___;
 	mov	%rsp,%rax
+.cfi_def_cfa_register	%rax
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
 ___
 $code.=<<___ if ($win64);
 	lea	-0xa8(%rsp),%rsp
@@ -134,7 +142,7 @@ $code.=<<___ if ($win64);
 	movaps	%xmm10,0x40(%rsp)
 	movaps	%xmm11,0x50(%rsp)
 	movaps	%xmm12,0x60(%rsp)
-	movaps	%xmm13,-0x68(%rax)	# not used, saved to share se_handler 
+	movaps	%xmm13,-0x68(%rax)	# not used, saved to share se_handler
 	movaps	%xmm14,-0x58(%rax)
 	movaps	%xmm15,-0x48(%rax)
 ___
@@ -148,6 +156,7 @@ $code.=<<___;
 	sub	\$48,%rsp
 	and	\$-64,%rsp
 	mov	%rax,16(%rsp)			# original %rsp
+.cfi_cfa_expression	%rsp+16,deref,+8
 
 .Lenc4x_body:
 	movdqu	($key),$zero			# 0-round key
@@ -308,9 +317,9 @@ $code.=<<___;
 
 	movups		@out[0],-16(@outptr[0],$offset)
 	 pxor		@inp[0],@out[0]
-	movups		@out[1],-16(@outptr[1],$offset)	
+	movups		@out[1],-16(@outptr[1],$offset)
 	 pxor		@inp[1],@out[1]
-	movups		@out[2],-16(@outptr[2],$offset)	
+	movups		@out[2],-16(@outptr[2],$offset)
 	 pxor		@inp[2],@out[2]
 	movups		@out[3],-16(@outptr[3],$offset)
 	 pxor		@inp[3],@out[3]
@@ -319,6 +328,7 @@ $code.=<<___;
 	jnz	.Loop_enc4x
 
 	mov	16(%rsp),%rax			# original %rsp
+.cfi_def_cfa	%rax,8
 	mov	24(%rsp),$num
 
 	#pxor	@inp[0],@out[0]
@@ -350,20 +360,29 @@ $code.=<<___ if ($win64);
 ___
 $code.=<<___;
 	mov	-48(%rax),%r15
+.cfi_restore	%r15
 	mov	-40(%rax),%r14
+.cfi_restore	%r14
 	mov	-32(%rax),%r13
+.cfi_restore	%r13
 	mov	-24(%rax),%r12
+.cfi_restore	%r12
 	mov	-16(%rax),%rbp
+.cfi_restore	%rbp
 	mov	-8(%rax),%rbx
+.cfi_restore	%rbx
 	lea	(%rax),%rsp
+.cfi_def_cfa_register	%rsp
 .Lenc4x_epilogue:
 	ret
+.cfi_endproc
 .size	aesni_multi_cbc_encrypt,.-aesni_multi_cbc_encrypt
 
 .globl	aesni_multi_cbc_decrypt
 .type	aesni_multi_cbc_decrypt,\@function,3
 .align	32
 aesni_multi_cbc_decrypt:
+.cfi_startproc
 ___
 $code.=<<___ if ($avx);
 	cmp	\$2,$num
@@ -377,12 +396,19 @@ $code.=<<___ if ($avx);
 ___
 $code.=<<___;
 	mov	%rsp,%rax
+.cfi_def_cfa_register	%rax
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
 ___
 $code.=<<___ if ($win64);
 	lea	-0xa8(%rsp),%rsp
@@ -393,7 +419,7 @@ $code.=<<___ if ($win64);
 	movaps	%xmm10,0x40(%rsp)
 	movaps	%xmm11,0x50(%rsp)
 	movaps	%xmm12,0x60(%rsp)
-	movaps	%xmm13,-0x68(%rax)	# not used, saved to share se_handler 
+	movaps	%xmm13,-0x68(%rax)	# not used, saved to share se_handler
 	movaps	%xmm14,-0x58(%rax)
 	movaps	%xmm15,-0x48(%rax)
 ___
@@ -407,6 +433,7 @@ $code.=<<___;
 	sub	\$48,%rsp
 	and	\$-64,%rsp
 	mov	%rax,16(%rsp)			# original %rsp
+.cfi_cfa_expression	%rsp+16,deref,+8
 
 .Ldec4x_body:
 	movdqu	($key),$zero			# 0-round key
@@ -563,10 +590,10 @@ $code.=<<___;
 
 	movups		@out[0],-16(@outptr[0],$offset)
 	 movdqu		(@inptr[0],$offset),@out[0]
-	movups		@out[1],-16(@outptr[1],$offset)	
+	movups		@out[1],-16(@outptr[1],$offset)
 	 movdqu		(@inptr[1],$offset),@out[1]
 	 pxor		$zero,@out[0]
-	movups		@out[2],-16(@outptr[2],$offset)	
+	movups		@out[2],-16(@outptr[2],$offset)
 	 movdqu		(@inptr[2],$offset),@out[2]
 	 pxor		$zero,@out[1]
 	movups		@out[3],-16(@outptr[3],$offset)
@@ -578,6 +605,7 @@ $code.=<<___;
 	jnz	.Loop_dec4x
 
 	mov	16(%rsp),%rax			# original %rsp
+.cfi_def_cfa	%rax,8
 	mov	24(%rsp),$num
 
 	lea	`40*4`($inp),$inp
@@ -600,14 +628,22 @@ $code.=<<___ if ($win64);
 ___
 $code.=<<___;
 	mov	-48(%rax),%r15
+.cfi_restore	%r15
 	mov	-40(%rax),%r14
+.cfi_restore	%r14
 	mov	-32(%rax),%r13
+.cfi_restore	%r13
 	mov	-24(%rax),%r12
+.cfi_restore	%r12
 	mov	-16(%rax),%rbp
+.cfi_restore	%rbp
 	mov	-8(%rax),%rbx
+.cfi_restore	%rbx
 	lea	(%rax),%rsp
+.cfi_def_cfa_register	%rsp
 .Ldec4x_epilogue:
 	ret
+.cfi_endproc
 .size	aesni_multi_cbc_decrypt,.-aesni_multi_cbc_decrypt
 ___
 
@@ -623,14 +659,22 @@ $code.=<<___;
 .type	aesni_multi_cbc_encrypt_avx,\@function,3
 .align	32
 aesni_multi_cbc_encrypt_avx:
+.cfi_startproc
 _avx_cbc_enc_shortcut:
 	mov	%rsp,%rax
+.cfi_def_cfa_register	%rax
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
 ___
 $code.=<<___ if ($win64);
 	lea	-0xa8(%rsp),%rsp
@@ -657,6 +701,7 @@ $code.=<<___;
 	sub	\$192,%rsp
 	and	\$-128,%rsp
 	mov	%rax,16(%rsp)			# original %rsp
+.cfi_cfa_expression	%rsp+16,deref,+8
 
 .Lenc8x_body:
 	vzeroupper
@@ -835,10 +880,10 @@ $code.=<<___;
 	vmovups		@out[0],-16(@ptr[0])		# write output
 	 sub		$offset,@ptr[0]			# switch to input
 	 vpxor		0x00($offload),@out[0],@out[0]
-	vmovups		@out[1],-16(@ptr[1])	
+	vmovups		@out[1],-16(@ptr[1])
 	 sub		`64+1*8`(%rsp),@ptr[1]
 	 vpxor		0x10($offload),@out[1],@out[1]
-	vmovups		@out[2],-16(@ptr[2])	
+	vmovups		@out[2],-16(@ptr[2])
 	 sub		`64+2*8`(%rsp),@ptr[2]
 	 vpxor		0x20($offload),@out[2],@out[2]
 	vmovups		@out[3],-16(@ptr[3])
@@ -847,10 +892,10 @@ $code.=<<___;
 	vmovups		@out[4],-16(@ptr[4])
 	 sub		`64+4*8`(%rsp),@ptr[4]
 	 vpxor		@inp[0],@out[4],@out[4]
-	vmovups		@out[5],-16(@ptr[5])	
+	vmovups		@out[5],-16(@ptr[5])
 	 sub		`64+5*8`(%rsp),@ptr[5]
 	 vpxor		@inp[1],@out[5],@out[5]
-	vmovups		@out[6],-16(@ptr[6])	
+	vmovups		@out[6],-16(@ptr[6])
 	 sub		`64+6*8`(%rsp),@ptr[6]
 	 vpxor		@inp[2],@out[6],@out[6]
 	vmovups		@out[7],-16(@ptr[7])
@@ -861,6 +906,7 @@ $code.=<<___;
 	jnz	.Loop_enc8x
 
 	mov	16(%rsp),%rax			# original %rsp
+.cfi_def_cfa	%rax,8
 	#mov	24(%rsp),$num
 	#lea	`40*8`($inp),$inp
 	#dec	$num
@@ -883,27 +929,43 @@ $code.=<<___ if ($win64);
 ___
 $code.=<<___;
 	mov	-48(%rax),%r15
+.cfi_restore	%r15
 	mov	-40(%rax),%r14
+.cfi_restore	%r14
 	mov	-32(%rax),%r13
+.cfi_restore	%r13
 	mov	-24(%rax),%r12
+.cfi_restore	%r12
 	mov	-16(%rax),%rbp
+.cfi_restore	%rbp
 	mov	-8(%rax),%rbx
+.cfi_restore	%rbx
 	lea	(%rax),%rsp
+.cfi_def_cfa_register	%rsp
 .Lenc8x_epilogue:
 	ret
+.cfi_endproc
 .size	aesni_multi_cbc_encrypt_avx,.-aesni_multi_cbc_encrypt_avx
 
 .type	aesni_multi_cbc_decrypt_avx,\@function,3
 .align	32
 aesni_multi_cbc_decrypt_avx:
+.cfi_startproc
 _avx_cbc_dec_shortcut:
 	mov	%rsp,%rax
+.cfi_def_cfa_register	%rax
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
 ___
 $code.=<<___ if ($win64);
 	lea	-0xa8(%rsp),%rsp
@@ -932,6 +994,7 @@ $code.=<<___;
 	and	\$-256,%rsp
 	sub	\$192,%rsp
 	mov	%rax,16(%rsp)			# original %rsp
+.cfi_cfa_expression	%rsp+16,deref,+8
 
 .Ldec8x_body:
 	vzeroupper
@@ -1128,12 +1191,12 @@ $code.=<<___;
 	 sub		$offset,@ptr[0]			# switch to input
 	 vmovdqu	128+0(%rsp),@out[0]
 	vpxor		0x70($offload),@out[7],@out[7]
-	vmovups		@out[1],-16(@ptr[1])	
+	vmovups		@out[1],-16(@ptr[1])
 	 sub		`64+1*8`(%rsp),@ptr[1]
 	 vmovdqu	@out[0],0x00($offload)
 	 vpxor		$zero,@out[0],@out[0]
 	 vmovdqu	128+16(%rsp),@out[1]
-	vmovups		@out[2],-16(@ptr[2])	
+	vmovups		@out[2],-16(@ptr[2])
 	 sub		`64+2*8`(%rsp),@ptr[2]
 	 vmovdqu	@out[1],0x10($offload)
 	 vpxor		$zero,@out[1],@out[1]
@@ -1149,11 +1212,11 @@ $code.=<<___;
 	 vpxor		$zero,@out[3],@out[3]
 	 vmovdqu	@inp[0],0x40($offload)
 	 vpxor		@inp[0],$zero,@out[4]
-	vmovups		@out[5],-16(@ptr[5])	
+	vmovups		@out[5],-16(@ptr[5])
 	 sub		`64+5*8`(%rsp),@ptr[5]
 	 vmovdqu	@inp[1],0x50($offload)
 	 vpxor		@inp[1],$zero,@out[5]
-	vmovups		@out[6],-16(@ptr[6])	
+	vmovups		@out[6],-16(@ptr[6])
 	 sub		`64+6*8`(%rsp),@ptr[6]
 	 vmovdqu	@inp[2],0x60($offload)
 	 vpxor		@inp[2],$zero,@out[6]
@@ -1167,6 +1230,7 @@ $code.=<<___;
 	jnz	.Loop_dec8x
 
 	mov	16(%rsp),%rax			# original %rsp
+.cfi_def_cfa	%rax,8
 	#mov	24(%rsp),$num
 	#lea	`40*8`($inp),$inp
 	#dec	$num
@@ -1189,14 +1253,22 @@ $code.=<<___ if ($win64);
 ___
 $code.=<<___;
 	mov	-48(%rax),%r15
+.cfi_restore	%r15
 	mov	-40(%rax),%r14
+.cfi_restore	%r14
 	mov	-32(%rax),%r13
+.cfi_restore	%r13
 	mov	-24(%rax),%r12
+.cfi_restore	%r12
 	mov	-16(%rax),%rbp
+.cfi_restore	%rbp
 	mov	-8(%rax),%rbx
+.cfi_restore	%rbx
 	lea	(%rax),%rsp
+.cfi_def_cfa_register	%rsp
 .Ldec8x_epilogue:
 	ret
+.cfi_endproc
 .size	aesni_multi_cbc_decrypt_avx,.-aesni_multi_cbc_decrypt_avx
 ___
 						}}}
@@ -1253,10 +1325,10 @@ se_handler:
 	mov	-48(%rax),%r15
 	mov	%rbx,144($context)	# restore context->Rbx
 	mov	%rbp,160($context)	# restore context->Rbp
-	mov	%r12,216($context)	# restore cotnext->R12
-	mov	%r13,224($context)	# restore cotnext->R13
-	mov	%r14,232($context)	# restore cotnext->R14
-	mov	%r15,240($context)	# restore cotnext->R15
+	mov	%r12,216($context)	# restore context->R12
+	mov	%r13,224($context)	# restore context->R13
+	mov	%r14,232($context)	# restore context->R14
+	mov	%r15,240($context)	# restore context->R15
 
 	lea	-56-10*16(%rax),%rsi
 	lea	512($context),%rdi	# &context.Xmm6
diff --git a/deps/openssl/openssl/crypto/aes/asm/aesni-sha1-x86_64.pl b/deps/openssl/openssl/crypto/aes/asm/aesni-sha1-x86_64.pl
index 33a7f0cf44..b01a4c55c8 100644
--- a/deps/openssl/openssl/crypto/aes/asm/aesni-sha1-x86_64.pl
+++ b/deps/openssl/openssl/crypto/aes/asm/aesni-sha1-x86_64.pl
@@ -191,16 +191,24 @@ $code.=<<___;
 .type	aesni_cbc_sha1_enc_ssse3,\@function,6
 .align	32
 aesni_cbc_sha1_enc_ssse3:
+.cfi_startproc
 	mov	`($win64?56:8)`(%rsp),$inp	# load 7th argument
 	#shr	\$6,$len			# debugging artefact
 	#jz	.Lepilogue_ssse3		# debugging artefact
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
 	lea	`-104-($win64?10*16:0)`(%rsp),%rsp
+.cfi_adjust_cfa_offset	`104+($win64?10*16:0)`
 	#mov	$in0,$inp			# debugging artefact
 	#lea	64(%rsp),$ctx			# debugging artefact
 ___
@@ -726,15 +734,24 @@ $code.=<<___ if ($win64);
 ___
 $code.=<<___;
 	lea	`104+($win64?10*16:0)`(%rsp),%rsi
+.cfi_def_cfa	%rsi,56
 	mov	0(%rsi),%r15
+.cfi_restore	%r15
 	mov	8(%rsi),%r14
+.cfi_restore	%r14
 	mov	16(%rsi),%r13
+.cfi_restore	%r13
 	mov	24(%rsi),%r12
+.cfi_restore	%r12
 	mov	32(%rsi),%rbp
+.cfi_restore	%rbp
 	mov	40(%rsi),%rbx
+.cfi_restore	%rbx
 	lea	48(%rsi),%rsp
+.cfi_def_cfa	%rsp,8
 .Lepilogue_ssse3:
 	ret
+.cfi_endproc
 .size	aesni_cbc_sha1_enc_ssse3,.-aesni_cbc_sha1_enc_ssse3
 ___
 
@@ -798,7 +815,7 @@ sub body_00_19_dec () {	# ((c^d)&b)^d
 sub body_20_39_dec () {	# b^d^c
     # on entry @T[0]=b^d
     return &body_40_59_dec() if ($rx==39);
-  
+
     my @r=@body_20_39;
 
 	unshift (@r,@aes256_dec[$rx])	if (@aes256_dec[$rx]);
@@ -842,14 +859,22 @@ $code.=<<___;
 .type	aesni256_cbc_sha1_dec_ssse3,\@function,6
 .align	32
 aesni256_cbc_sha1_dec_ssse3:
+.cfi_startproc
 	mov	`($win64?56:8)`(%rsp),$inp	# load 7th argument
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
 	lea	`-104-($win64?10*16:0)`(%rsp),%rsp
+.cfi_adjust_cfa_offset	`104+($win64?10*16:0)`
 ___
 $code.=<<___ if ($win64);
 	movaps	%xmm6,96+0(%rsp)
@@ -997,15 +1022,24 @@ $code.=<<___ if ($win64);
 ___
 $code.=<<___;
 	lea	`104+($win64?10*16:0)`(%rsp),%rsi
+.cfi_cfa_def	%rsi,56
 	mov	0(%rsi),%r15
+.cfi_restore	%r15
 	mov	8(%rsi),%r14
+.cfi_restore	%r14
 	mov	16(%rsi),%r13
+.cfi_restore	%r13
 	mov	24(%rsi),%r12
+.cfi_restore	%r12
 	mov	32(%rsi),%rbp
+.cfi_restore	%rbp
 	mov	40(%rsi),%rbx
+.cfi_restore	%rbx
 	lea	48(%rsi),%rsp
+.cfi_cfa_def	%rsp,8
 .Lepilogue_dec_ssse3:
 	ret
+.cfi_endproc
 .size	aesni256_cbc_sha1_dec_ssse3,.-aesni256_cbc_sha1_dec_ssse3
 ___
 						}}}
@@ -1031,16 +1065,24 @@ $code.=<<___;
 .type	aesni_cbc_sha1_enc_avx,\@function,6
 .align	32
 aesni_cbc_sha1_enc_avx:
+.cfi_startproc
 	mov	`($win64?56:8)`(%rsp),$inp	# load 7th argument
 	#shr	\$6,$len			# debugging artefact
 	#jz	.Lepilogue_avx			# debugging artefact
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
 	lea	`-104-($win64?10*16:0)`(%rsp),%rsp
+.cfi_adjust_cfa_offset	`104+($win64?10*16:0)`
 	#mov	$in0,$inp			# debugging artefact
 	#lea	64(%rsp),$ctx			# debugging artefact
 ___
@@ -1439,15 +1481,24 @@ $code.=<<___ if ($win64);
 ___
 $code.=<<___;
 	lea	`104+($win64?10*16:0)`(%rsp),%rsi
+.cfi_def_cfa	%rsi,56
 	mov	0(%rsi),%r15
+.cfi_restore	%r15
 	mov	8(%rsi),%r14
+.cfi_restore	%r14
 	mov	16(%rsi),%r13
+.cfi_restore	%r13
 	mov	24(%rsi),%r12
+.cfi_restore	%r12
 	mov	32(%rsi),%rbp
+.cfi_restore	%rbp
 	mov	40(%rsi),%rbx
+.cfi_restore	%rbx
 	lea	48(%rsi),%rsp
+.cfi_def_cfa	%rsp,8
 .Lepilogue_avx:
 	ret
+.cfi_endproc
 .size	aesni_cbc_sha1_enc_avx,.-aesni_cbc_sha1_enc_avx
 ___
 
@@ -1496,14 +1547,22 @@ $code.=<<___;
 .type	aesni256_cbc_sha1_dec_avx,\@function,6
 .align	32
 aesni256_cbc_sha1_dec_avx:
+.cfi_startproc
 	mov	`($win64?56:8)`(%rsp),$inp	# load 7th argument
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
 	lea	`-104-($win64?10*16:0)`(%rsp),%rsp
+.cfi_adjust_cfa_offset	`104+($win64?10*16:0)`
 ___
 $code.=<<___ if ($win64);
 	movaps	%xmm6,96+0(%rsp)
@@ -1650,15 +1709,24 @@ $code.=<<___ if ($win64);
 ___
 $code.=<<___;
 	lea	`104+($win64?10*16:0)`(%rsp),%rsi
+.cfi_def_cfa	%rsi,56
 	mov	0(%rsi),%r15
+.cfi_restore	%r15
 	mov	8(%rsi),%r14
+.cfi_restore	%r14
 	mov	16(%rsi),%r13
+.cfi_restore	%r13
 	mov	24(%rsi),%r12
+.cfi_restore	%r12
 	mov	32(%rsi),%rbp
+.cfi_restore	%rbp
 	mov	40(%rsi),%rbx
+.cfi_restore	%rbx
 	lea	48(%rsi),%rsp
+.cfi_def_cfa	%rsp,8
 .Lepilogue_dec_avx:
 	ret
+.cfi_endproc
 .size	aesni256_cbc_sha1_dec_avx,.-aesni256_cbc_sha1_dec_avx
 ___
 						}}}
diff --git a/deps/openssl/openssl/crypto/aes/asm/aesni-sha256-x86_64.pl b/deps/openssl/openssl/crypto/aes/asm/aesni-sha256-x86_64.pl
index 0e49f26faf..ef46023710 100644
--- a/deps/openssl/openssl/crypto/aes/asm/aesni-sha256-x86_64.pl
+++ b/deps/openssl/openssl/crypto/aes/asm/aesni-sha256-x86_64.pl
@@ -112,7 +112,7 @@ $_key="16*$SZ+3*8(%rsp)";
 $_ivp="16*$SZ+4*8(%rsp)";
 $_ctx="16*$SZ+5*8(%rsp)";
 $_in0="16*$SZ+6*8(%rsp)";
-$_rsp="16*$SZ+7*8(%rsp)";
+$_rsp="`16*$SZ+7*8`(%rsp)";
 $framesz=16*$SZ+8*8;
 
 $code=<<___;
@@ -342,15 +342,23 @@ $code.=<<___;
 .type	${func}_xop,\@function,6
 .align	64
 ${func}_xop:
+.cfi_startproc
 .Lxop_shortcut:
 	mov	`($win64?56:8)`(%rsp),$in0	# load 7th parameter
+	mov	%rsp,%rax		# copy %rsp
+.cfi_def_cfa_register	%rax
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
-	mov	%rsp,%r11		# copy %rsp
+.cfi_push	%r15
 	sub	\$`$framesz+$win64*16*10`,%rsp
 	and	\$-64,%rsp		# align stack frame
 
@@ -366,7 +374,8 @@ ${func}_xop:
 	mov	$ivp,$_ivp
 	mov	$ctx,$_ctx
 	mov	$in0,$_in0
-	mov	%r11,$_rsp
+	mov	%rax,$_rsp
+.cfi_cfa_expression	$_rsp,deref,+8
 ___
 $code.=<<___ if ($win64);
 	movaps	%xmm6,`$framesz+16*0`(%rsp)
@@ -604,6 +613,7 @@ $code.=<<___;
 
 	mov	$_ivp,$ivp
 	mov	$_rsp,%rsi
+.cfi_def_cfa	%rsi,8
 	vmovdqu	$iv,($ivp)		# output IV
 	vzeroall
 ___
@@ -620,15 +630,23 @@ $code.=<<___ if ($win64);
 	movaps	`$framesz+16*9`(%rsp),%xmm15
 ___
 $code.=<<___;
-	mov	(%rsi),%r15
-	mov	8(%rsi),%r14
-	mov	16(%rsi),%r13
-	mov	24(%rsi),%r12
-	mov	32(%rsi),%rbp
-	mov	40(%rsi),%rbx
-	lea	48(%rsi),%rsp
+	mov	-48(%rsi),%r15
+.cfi_restore	%r15
+	mov	-40(%rsi),%r14
+.cfi_restore	%r14
+	mov	-32(%rsi),%r13
+.cfi_restore	%r13
+	mov	-24(%rsi),%r12
+.cfi_restore	%r12
+	mov	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	mov	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	lea	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
 .Lepilogue_xop:
 	ret
+.cfi_endproc
 .size	${func}_xop,.-${func}_xop
 ___
 ######################################################################
@@ -640,15 +658,23 @@ $code.=<<___;
 .type	${func}_avx,\@function,6
 .align	64
 ${func}_avx:
+.cfi_startproc
 .Lavx_shortcut:
 	mov	`($win64?56:8)`(%rsp),$in0	# load 7th parameter
+	mov	%rsp,%rax		# copy %rsp
+.cfi_def_cfa_register	%rax
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
-	mov	%rsp,%r11		# copy %rsp
+.cfi_push	%r15
 	sub	\$`$framesz+$win64*16*10`,%rsp
 	and	\$-64,%rsp		# align stack frame
 
@@ -664,7 +690,8 @@ ${func}_avx:
 	mov	$ivp,$_ivp
 	mov	$ctx,$_ctx
 	mov	$in0,$_in0
-	mov	%r11,$_rsp
+	mov	%rax,$_rsp
+.cfi_cfa_expression	$_rsp,deref,+8
 ___
 $code.=<<___ if ($win64);
 	movaps	%xmm6,`$framesz+16*0`(%rsp)
@@ -855,6 +882,7 @@ $code.=<<___;
 
 	mov	$_ivp,$ivp
 	mov	$_rsp,%rsi
+.cfi_def_cfa	%rsi,8
 	vmovdqu	$iv,($ivp)		# output IV
 	vzeroall
 ___
@@ -871,15 +899,23 @@ $code.=<<___ if ($win64);
 	movaps	`$framesz+16*9`(%rsp),%xmm15
 ___
 $code.=<<___;
-	mov	(%rsi),%r15
-	mov	8(%rsi),%r14
-	mov	16(%rsi),%r13
-	mov	24(%rsi),%r12
-	mov	32(%rsi),%rbp
-	mov	40(%rsi),%rbx
-	lea	48(%rsi),%rsp
+	mov	-48(%rsi),%r15
+.cfi_restore	%r15
+	mov	-40(%rsi),%r14
+.cfi_restore	%r14
+	mov	-32(%rsi),%r13
+.cfi_restore	%r13
+	mov	-24(%rsi),%r12
+.cfi_restore	%r12
+	mov	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	mov	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	lea	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
 .Lepilogue_avx:
 	ret
+.cfi_endproc
 .size	${func}_avx,.-${func}_avx
 ___
 
@@ -887,7 +923,7 @@ if ($avx>1) {{
 ######################################################################
 # AVX2+BMI code path
 #
-my $a5=$SZ==4?"%esi":"%rsi";	# zap $inp 
+my $a5=$SZ==4?"%esi":"%rsi";	# zap $inp
 my $PUSH8=8*2*$SZ;
 use integer;
 
@@ -936,15 +972,23 @@ $code.=<<___;
 .type	${func}_avx2,\@function,6
 .align	64
 ${func}_avx2:
+.cfi_startproc
 .Lavx2_shortcut:
 	mov	`($win64?56:8)`(%rsp),$in0	# load 7th parameter
+	mov	%rsp,%rax		# copy %rsp
+.cfi_def_cfa_register	%rax
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
-	mov	%rsp,%r11		# copy %rsp
+.cfi_push	%r15
 	sub	\$`2*$SZ*$rounds+8*8+$win64*16*10`,%rsp
 	and	\$-256*$SZ,%rsp		# align stack frame
 	add	\$`2*$SZ*($rounds-8)`,%rsp
@@ -961,7 +1005,8 @@ ${func}_avx2:
 	mov	$ivp,$_ivp
 	mov	$ctx,$_ctx
 	mov	$in0,$_in0
-	mov	%r11,$_rsp
+	mov	%rax,$_rsp
+.cfi_cfa_expression	$_rsp,deref,+8
 ___
 $code.=<<___ if ($win64);
 	movaps	%xmm6,`$framesz+16*0`(%rsp)
@@ -1192,6 +1237,7 @@ $code.=<<___;
 	lea	($Tbl),%rsp
 	mov	$_ivp,$ivp
 	mov	$_rsp,%rsi
+.cfi_def_cfa	%rsi,8
 	vmovdqu	$iv,($ivp)		# output IV
 	vzeroall
 ___
@@ -1208,15 +1254,23 @@ $code.=<<___ if ($win64);
 	movaps	`$framesz+16*9`(%rsp),%xmm15
 ___
 $code.=<<___;
-	mov	(%rsi),%r15
-	mov	8(%rsi),%r14
-	mov	16(%rsi),%r13
-	mov	24(%rsi),%r12
-	mov	32(%rsi),%rbp
-	mov	40(%rsi),%rbx
-	lea	48(%rsi),%rsp
+	mov	-48(%rsi),%r15
+.cfi_restore	%r15
+	mov	-40(%rsi),%r14
+.cfi_restore	%r14
+	mov	-32(%rsi),%r13
+.cfi_restore	%r13
+	mov	-24(%rsi),%r12
+.cfi_restore	%r12
+	mov	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	mov	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	lea	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
 .Lepilogue_avx2:
 	ret
+.cfi_endproc
 .size	${func}_avx2,.-${func}_avx2
 ___
 }}
@@ -1573,7 +1627,6 @@ ___
 $code.=<<___;
 	mov	%rax,%rsi		# put aside Rsp
 	mov	16*$SZ+7*8(%rax),%rax	# pull $_rsp
-	lea	48(%rax),%rax
 
 	mov	-8(%rax),%rbx
 	mov	-16(%rax),%rbp
diff --git a/deps/openssl/openssl/crypto/aes/asm/aesni-x86.pl b/deps/openssl/openssl/crypto/aes/asm/aesni-x86.pl
index ed1a47c30c..b351fca28e 100644
--- a/deps/openssl/openssl/crypto/aes/asm/aesni-x86.pl
+++ b/deps/openssl/openssl/crypto/aes/asm/aesni-x86.pl
@@ -62,7 +62,9 @@
 # Westmere	3.77/1.37	1.37	1.52	1.27
 # * Bridge	5.07/0.98	0.99	1.09	0.91	1.10
 # Haswell	4.44/0.80	0.97	1.03	0.72	0.76
+# Skylake	2.68/0.65	0.65	0.66	0.64	0.66
 # Silvermont	5.77/3.56	3.67	4.03	3.46	4.03
+# Goldmont	3.84/1.39	1.39	1.63	1.31	1.70
 # Bulldozer	5.80/0.98	1.05	1.24	0.93	1.23
 
 $PREFIX="aesni";	# if $PREFIX is set to "AES", the script
@@ -78,7 +80,7 @@ $output = pop;
 open OUT,">$output";
 *STDOUT=*OUT;
 
-&asm_init($ARGV[0],$0);
+&asm_init($ARGV[0]);
 
 &external_label("OPENSSL_ia32cap_P");
 &static_label("key_const");
@@ -237,7 +239,7 @@ sub aesni_generate1	# fully unrolled loop
 # can schedule aes[enc|dec] every cycle optimal interleave factor
 # equals to corresponding instructions latency. 8x is optimal for
 # * Bridge, but it's unfeasible to accommodate such implementation
-# in XMM registers addreassable in 32-bit mode and therefore maximum
+# in XMM registers addressable in 32-bit mode and therefore maximum
 # of 6x is used instead...
 
 sub aesni_generate2
@@ -1051,7 +1053,7 @@ if ($PREFIX eq "aesni") {
 &set_label("ctr32_one_shortcut",16);
 	&movups	($inout0,&QWP(0,$rounds_));	# load ivec
 	&mov	($rounds,&DWP(240,$key));
-	
+
 &set_label("ctr32_one");
 	if ($inline)
 	{   &aesni_inline_generate1("enc");	}
diff --git a/deps/openssl/openssl/crypto/aes/asm/aesni-x86_64.pl b/deps/openssl/openssl/crypto/aes/asm/aesni-x86_64.pl
index 98ca17991d..2a202c53e5 100644
--- a/deps/openssl/openssl/crypto/aes/asm/aesni-x86_64.pl
+++ b/deps/openssl/openssl/crypto/aes/asm/aesni-x86_64.pl
@@ -34,7 +34,7 @@
 # ECB	4.25/4.25   1.38/1.38   1.28/1.28   1.26/1.26	1.26/1.26
 # CTR	5.42/5.42   1.92/1.92   1.44/1.44   1.28/1.28   1.26/1.26
 # CBC	4.38/4.43   4.15/1.43   4.07/1.32   4.07/1.29   4.06/1.28
-# CCM	5.66/9.42   4.42/5.41   4.16/4.40   4.09/4.15   4.06/4.07   
+# CCM	5.66/9.42   4.42/5.41   4.16/4.40   4.09/4.15   4.06/4.07
 # OFB	5.42/5.42   4.64/4.64   4.44/4.44   4.39/4.39   4.38/4.38
 # CFB	5.73/5.85   5.56/5.62   5.48/5.56   5.47/5.55   5.47/5.55
 #
@@ -60,7 +60,7 @@
 # identical to CBC, because CBC-MAC is essentially CBC encrypt without
 # saving output. CCM CTR "stays invisible," because it's neatly
 # interleaved wih CBC-MAC. This provides ~30% improvement over
-# "straghtforward" CCM implementation with CTR and CBC-MAC performed
+# "straightforward" CCM implementation with CTR and CBC-MAC performed
 # disjointly. Parallelizable modes practically achieve the theoretical
 # limit.
 #
@@ -118,7 +118,7 @@
 # performance is achieved by interleaving instructions working on
 # independent blocks. In which case asymptotic limit for such modes
 # can be obtained by dividing above mentioned numbers by AES
-# instructions' interleave factor. Westmere can execute at most 3 
+# instructions' interleave factor. Westmere can execute at most 3
 # instructions at a time, meaning that optimal interleave factor is 3,
 # and that's where the "magic" number of 1.25 come from. "Optimal
 # interleave factor" means that increase of interleave factor does
@@ -143,14 +143,14 @@
 # asymptotic, if it can be surpassed, isn't it? What happens there?
 # Rewind to CBC paragraph for the answer. Yes, out-of-order execution
 # magic is responsible for this. Processor overlaps not only the
-# additional instructions with AES ones, but even AES instuctions
+# additional instructions with AES ones, but even AES instructions
 # processing adjacent triplets of independent blocks. In the 6x case
 # additional instructions  still claim disproportionally small amount
 # of additional cycles, but in 8x case number of instructions must be
 # a tad too high for out-of-order logic to cope with, and AES unit
 # remains underutilized... As you can see 8x interleave is hardly
 # justifiable, so there no need to feel bad that 32-bit aesni-x86.pl
-# utilizies 6x interleave because of limited register bank capacity.
+# utilizes 6x interleave because of limited register bank capacity.
 #
 # Higher interleave factors do have negative impact on Westmere
 # performance. While for ECB mode it's negligible ~1.5%, other
@@ -179,8 +179,10 @@
 # Haswell	4.44/0.63	0.63	0.73	0.63	0.70
 # Skylake	2.62/0.63	0.63	0.63	0.63
 # Silvermont	5.75/3.54	3.56	4.12	3.87(*)	4.11
+# Knights L	2.54/0.77	0.78	0.85	-	1.50
 # Goldmont	3.82/1.26	1.26	1.29	1.29	1.50
 # Bulldozer	5.77/0.70	0.72	0.90	0.70	0.95
+# Ryzen		2.71/0.35	0.35	0.44	0.38	0.49
 #
 # (*)	Atom Silvermont ECB result is suboptimal because of penalties
 #	incurred by operations on %xmm8-15. As ECB is not considered
@@ -313,7 +315,7 @@ ___
 # on 2x subroutine on Atom Silvermont account. For processors that
 # can schedule aes[enc|dec] every cycle optimal interleave factor
 # equals to corresponding instructions latency. 8x is optimal for
-# * Bridge and "super-optimal" for other Intel CPUs... 
+# * Bridge and "super-optimal" for other Intel CPUs...
 
 sub aesni_generate2 {
 my $dir=shift;
@@ -1172,7 +1174,7 @@ ___
 # with zero-round key xor.
 {
 my ($in0,$in1,$in2,$in3,$in4,$in5)=map("%xmm$_",(10..15));
-my ($key0,$ctr)=("${key_}d","${ivp}d");
+my ($key0,$ctr)=("%ebp","${ivp}d");
 my $frame_size = 0x80 + ($win64?160:0);
 
 $code.=<<___;
@@ -1180,6 +1182,7 @@ $code.=<<___;
 .type	aesni_ctr32_encrypt_blocks,\@function,5
 .align	16
 aesni_ctr32_encrypt_blocks:
+.cfi_startproc
 	cmp	\$1,$len
 	jne	.Lctr32_bulk
 
@@ -1201,26 +1204,27 @@ $code.=<<___;
 
 .align	16
 .Lctr32_bulk:
-	lea	(%rsp),%rax
+	lea	(%rsp),$key_			# use $key_ as frame pointer
+.cfi_def_cfa_register	$key_
 	push	%rbp
+.cfi_push	%rbp
 	sub	\$$frame_size,%rsp
 	and	\$-16,%rsp	# Linux kernel stack can be incorrectly seeded
 ___
 $code.=<<___ if ($win64);
-	movaps	%xmm6,-0xa8(%rax)		# offload everything
-	movaps	%xmm7,-0x98(%rax)
-	movaps	%xmm8,-0x88(%rax)
-	movaps	%xmm9,-0x78(%rax)
-	movaps	%xmm10,-0x68(%rax)
-	movaps	%xmm11,-0x58(%rax)
-	movaps	%xmm12,-0x48(%rax)
-	movaps	%xmm13,-0x38(%rax)
-	movaps	%xmm14,-0x28(%rax)
-	movaps	%xmm15,-0x18(%rax)
+	movaps	%xmm6,-0xa8($key_)		# offload everything
+	movaps	%xmm7,-0x98($key_)
+	movaps	%xmm8,-0x88($key_)
+	movaps	%xmm9,-0x78($key_)
+	movaps	%xmm10,-0x68($key_)
+	movaps	%xmm11,-0x58($key_)
+	movaps	%xmm12,-0x48($key_)
+	movaps	%xmm13,-0x38($key_)
+	movaps	%xmm14,-0x28($key_)
+	movaps	%xmm15,-0x18($key_)
 .Lctr32_body:
 ___
 $code.=<<___;
-	lea	-8(%rax),%rbp
 
 	# 8 16-byte words on top of stack are counter values
 	# xor-ed with zero-round key
@@ -1272,7 +1276,7 @@ $code.=<<___;
 	lea	7($ctr),%r9
 	 mov	%r10d,0x60+12(%rsp)
 	bswap	%r9d
-	 mov	OPENSSL_ia32cap_P+4(%rip),%r10d 
+	 mov	OPENSSL_ia32cap_P+4(%rip),%r10d
 	xor	$key0,%r9d
 	 and	\$`1<<26|1<<22`,%r10d		# isolate XSAVE+MOVBE
 	mov	%r9d,0x70+12(%rsp)
@@ -1546,13 +1550,13 @@ $code.=<<___;
 	sub	\$8,$len
 	jnc	.Lctr32_loop8			# loop if $len-=8 didn't borrow
 
-	add	\$8,$len			# restore real remainig $len
+	add	\$8,$len			# restore real remaining $len
 	jz	.Lctr32_done			# done if ($len==0)
 	lea	-0x80($key),$key
 
 .Lctr32_tail:
 	# note that at this point $inout0..5 are populated with
-	# counter values xor-ed with 0-round key 
+	# counter values xor-ed with 0-round key
 	lea	16($key),$key
 	cmp	\$4,$len
 	jb	.Lctr32_loop3
@@ -1663,7 +1667,7 @@ $code.=<<___;
 	movups	$inout2,0x20($out)		# $len was 3, stop store
 
 .Lctr32_done:
-	xorps	%xmm0,%xmm0			# clear regiser bank
+	xorps	%xmm0,%xmm0			# clear register bank
 	xor	$key0,$key0
 	pxor	%xmm1,%xmm1
 	pxor	%xmm2,%xmm2
@@ -1692,26 +1696,26 @@ $code.=<<___ if (!$win64);
 	pxor	%xmm15,%xmm15
 ___
 $code.=<<___ if ($win64);
-	movaps	-0xa0(%rbp),%xmm6
-	movaps	%xmm0,-0xa0(%rbp)		# clear stack
-	movaps	-0x90(%rbp),%xmm7
-	movaps	%xmm0,-0x90(%rbp)
-	movaps	-0x80(%rbp),%xmm8
-	movaps	%xmm0,-0x80(%rbp)
-	movaps	-0x70(%rbp),%xmm9
-	movaps	%xmm0,-0x70(%rbp)
-	movaps	-0x60(%rbp),%xmm10
-	movaps	%xmm0,-0x60(%rbp)
-	movaps	-0x50(%rbp),%xmm11
-	movaps	%xmm0,-0x50(%rbp)
-	movaps	-0x40(%rbp),%xmm12
-	movaps	%xmm0,-0x40(%rbp)
-	movaps	-0x30(%rbp),%xmm13
-	movaps	%xmm0,-0x30(%rbp)
-	movaps	-0x20(%rbp),%xmm14
-	movaps	%xmm0,-0x20(%rbp)
-	movaps	-0x10(%rbp),%xmm15
-	movaps	%xmm0,-0x10(%rbp)
+	movaps	-0xa8($key_),%xmm6
+	movaps	%xmm0,-0xa8($key_)		# clear stack
+	movaps	-0x98($key_),%xmm7
+	movaps	%xmm0,-0x98($key_)
+	movaps	-0x88($key_),%xmm8
+	movaps	%xmm0,-0x88($key_)
+	movaps	-0x78($key_),%xmm9
+	movaps	%xmm0,-0x78($key_)
+	movaps	-0x68($key_),%xmm10
+	movaps	%xmm0,-0x68($key_)
+	movaps	-0x58($key_),%xmm11
+	movaps	%xmm0,-0x58($key_)
+	movaps	-0x48($key_),%xmm12
+	movaps	%xmm0,-0x48($key_)
+	movaps	-0x38($key_),%xmm13
+	movaps	%xmm0,-0x38($key_)
+	movaps	-0x28($key_),%xmm14
+	movaps	%xmm0,-0x28($key_)
+	movaps	-0x18($key_),%xmm15
+	movaps	%xmm0,-0x18($key_)
 	movaps	%xmm0,0x00(%rsp)
 	movaps	%xmm0,0x10(%rsp)
 	movaps	%xmm0,0x20(%rsp)
@@ -1722,10 +1726,13 @@ $code.=<<___ if ($win64);
 	movaps	%xmm0,0x70(%rsp)
 ___
 $code.=<<___;
-	lea	(%rbp),%rsp
-	pop	%rbp
+	mov	-8($key_),%rbp
+.cfi_restore	%rbp
+	lea	($key_),%rsp
+.cfi_def_cfa_register	%rsp
 .Lctr32_epilogue:
 	ret
+.cfi_endproc
 .size	aesni_ctr32_encrypt_blocks,.-aesni_ctr32_encrypt_blocks
 ___
 }
@@ -1740,32 +1747,35 @@ my @tweak=map("%xmm$_",(10..15));
 my ($twmask,$twres,$twtmp)=("%xmm8","%xmm9",@tweak[4]);
 my ($key2,$ivp,$len_)=("%r8","%r9","%r9");
 my $frame_size = 0x70 + ($win64?160:0);
+my $key_ = "%rbp";	# override so that we can use %r11 as FP
 
 $code.=<<___;
 .globl	aesni_xts_encrypt
 .type	aesni_xts_encrypt,\@function,6
 .align	16
 aesni_xts_encrypt:
-	lea	(%rsp),%rax
+.cfi_startproc
+	lea	(%rsp),%r11			# frame pointer
+.cfi_def_cfa_register	%r11
 	push	%rbp
+.cfi_push	%rbp
 	sub	\$$frame_size,%rsp
 	and	\$-16,%rsp	# Linux kernel stack can be incorrectly seeded
 ___
 $code.=<<___ if ($win64);
-	movaps	%xmm6,-0xa8(%rax)		# offload everything
-	movaps	%xmm7,-0x98(%rax)
-	movaps	%xmm8,-0x88(%rax)
-	movaps	%xmm9,-0x78(%rax)
-	movaps	%xmm10,-0x68(%rax)
-	movaps	%xmm11,-0x58(%rax)
-	movaps	%xmm12,-0x48(%rax)
-	movaps	%xmm13,-0x38(%rax)
-	movaps	%xmm14,-0x28(%rax)
-	movaps	%xmm15,-0x18(%rax)
+	movaps	%xmm6,-0xa8(%r11)		# offload everything
+	movaps	%xmm7,-0x98(%r11)
+	movaps	%xmm8,-0x88(%r11)
+	movaps	%xmm9,-0x78(%r11)
+	movaps	%xmm10,-0x68(%r11)
+	movaps	%xmm11,-0x58(%r11)
+	movaps	%xmm12,-0x48(%r11)
+	movaps	%xmm13,-0x38(%r11)
+	movaps	%xmm14,-0x28(%r11)
+	movaps	%xmm15,-0x18(%r11)
 .Lxts_enc_body:
 ___
 $code.=<<___;
-	lea	-8(%rax),%rbp
 	movups	($ivp),$inout0			# load clear-text tweak
 	mov	240(%r8),$rounds		# key2->rounds
 	mov	240($key),$rnds_		# key1->rounds
@@ -1846,7 +1856,7 @@ $code.=<<___;
 	lea	`16*6`($inp),$inp
 	pxor	$twmask,$inout5
 
-	 pxor	$twres,@tweak[0]		# calclulate tweaks^round[last]
+	 pxor	$twres,@tweak[0]		# calculate tweaks^round[last]
 	aesenc		$rndkey1,$inout4
 	 pxor	$twres,@tweak[1]
 	 movdqa	@tweak[0],`16*0`(%rsp)		# put aside tweaks^round[last]
@@ -2183,26 +2193,26 @@ $code.=<<___ if (!$win64);
 	pxor	%xmm15,%xmm15
 ___
 $code.=<<___ if ($win64);
-	movaps	-0xa0(%rbp),%xmm6
-	movaps	%xmm0,-0xa0(%rbp)		# clear stack
-	movaps	-0x90(%rbp),%xmm7
-	movaps	%xmm0,-0x90(%rbp)
-	movaps	-0x80(%rbp),%xmm8
-	movaps	%xmm0,-0x80(%rbp)
-	movaps	-0x70(%rbp),%xmm9
-	movaps	%xmm0,-0x70(%rbp)
-	movaps	-0x60(%rbp),%xmm10
-	movaps	%xmm0,-0x60(%rbp)
-	movaps	-0x50(%rbp),%xmm11
-	movaps	%xmm0,-0x50(%rbp)
-	movaps	-0x40(%rbp),%xmm12
-	movaps	%xmm0,-0x40(%rbp)
-	movaps	-0x30(%rbp),%xmm13
-	movaps	%xmm0,-0x30(%rbp)
-	movaps	-0x20(%rbp),%xmm14
-	movaps	%xmm0,-0x20(%rbp)
-	movaps	-0x10(%rbp),%xmm15
-	movaps	%xmm0,-0x10(%rbp)
+	movaps	-0xa8(%r11),%xmm6
+	movaps	%xmm0,-0xa8(%r11)		# clear stack
+	movaps	-0x98(%r11),%xmm7
+	movaps	%xmm0,-0x98(%r11)
+	movaps	-0x88(%r11),%xmm8
+	movaps	%xmm0,-0x88(%r11)
+	movaps	-0x78(%r11),%xmm9
+	movaps	%xmm0,-0x78(%r11)
+	movaps	-0x68(%r11),%xmm10
+	movaps	%xmm0,-0x68(%r11)
+	movaps	-0x58(%r11),%xmm11
+	movaps	%xmm0,-0x58(%r11)
+	movaps	-0x48(%r11),%xmm12
+	movaps	%xmm0,-0x48(%r11)
+	movaps	-0x38(%r11),%xmm13
+	movaps	%xmm0,-0x38(%r11)
+	movaps	-0x28(%r11),%xmm14
+	movaps	%xmm0,-0x28(%r11)
+	movaps	-0x18(%r11),%xmm15
+	movaps	%xmm0,-0x18(%r11)
 	movaps	%xmm0,0x00(%rsp)
 	movaps	%xmm0,0x10(%rsp)
 	movaps	%xmm0,0x20(%rsp)
@@ -2212,10 +2222,13 @@ $code.=<<___ if ($win64);
 	movaps	%xmm0,0x60(%rsp)
 ___
 $code.=<<___;
-	lea	(%rbp),%rsp
-	pop	%rbp
+	mov	-8(%r11),%rbp
+.cfi_restore	%rbp
+	lea	(%r11),%rsp
+.cfi_def_cfa_register	%rsp
 .Lxts_enc_epilogue:
 	ret
+.cfi_endproc
 .size	aesni_xts_encrypt,.-aesni_xts_encrypt
 ___
 
@@ -2224,26 +2237,28 @@ $code.=<<___;
 .type	aesni_xts_decrypt,\@function,6
 .align	16
 aesni_xts_decrypt:
-	lea	(%rsp),%rax
+.cfi_startproc
+	lea	(%rsp),%r11			# frame pointer
+.cfi_def_cfa_register	%r11
 	push	%rbp
+.cfi_push	%rbp
 	sub	\$$frame_size,%rsp
 	and	\$-16,%rsp	# Linux kernel stack can be incorrectly seeded
 ___
 $code.=<<___ if ($win64);
-	movaps	%xmm6,-0xa8(%rax)		# offload everything
-	movaps	%xmm7,-0x98(%rax)
-	movaps	%xmm8,-0x88(%rax)
-	movaps	%xmm9,-0x78(%rax)
-	movaps	%xmm10,-0x68(%rax)
-	movaps	%xmm11,-0x58(%rax)
-	movaps	%xmm12,-0x48(%rax)
-	movaps	%xmm13,-0x38(%rax)
-	movaps	%xmm14,-0x28(%rax)
-	movaps	%xmm15,-0x18(%rax)
+	movaps	%xmm6,-0xa8(%r11)		# offload everything
+	movaps	%xmm7,-0x98(%r11)
+	movaps	%xmm8,-0x88(%r11)
+	movaps	%xmm9,-0x78(%r11)
+	movaps	%xmm10,-0x68(%r11)
+	movaps	%xmm11,-0x58(%r11)
+	movaps	%xmm12,-0x48(%r11)
+	movaps	%xmm13,-0x38(%r11)
+	movaps	%xmm14,-0x28(%r11)
+	movaps	%xmm15,-0x18(%r11)
 .Lxts_dec_body:
 ___
 $code.=<<___;
-	lea	-8(%rax),%rbp
 	movups	($ivp),$inout0			# load clear-text tweak
 	mov	240($key2),$rounds		# key2->rounds
 	mov	240($key),$rnds_		# key1->rounds
@@ -2327,7 +2342,7 @@ $code.=<<___;
 	lea	`16*6`($inp),$inp
 	pxor	$twmask,$inout5
 
-	 pxor	$twres,@tweak[0]		# calclulate tweaks^round[last]
+	 pxor	$twres,@tweak[0]		# calculate tweaks^round[last]
 	aesdec		$rndkey1,$inout4
 	 pxor	$twres,@tweak[1]
 	 movdqa	@tweak[0],`16*0`(%rsp)		# put aside tweaks^last round key
@@ -2687,26 +2702,26 @@ $code.=<<___ if (!$win64);
 	pxor	%xmm15,%xmm15
 ___
 $code.=<<___ if ($win64);
-	movaps	-0xa0(%rbp),%xmm6
-	movaps	%xmm0,-0xa0(%rbp)		# clear stack
-	movaps	-0x90(%rbp),%xmm7
-	movaps	%xmm0,-0x90(%rbp)
-	movaps	-0x80(%rbp),%xmm8
-	movaps	%xmm0,-0x80(%rbp)
-	movaps	-0x70(%rbp),%xmm9
-	movaps	%xmm0,-0x70(%rbp)
-	movaps	-0x60(%rbp),%xmm10
-	movaps	%xmm0,-0x60(%rbp)
-	movaps	-0x50(%rbp),%xmm11
-	movaps	%xmm0,-0x50(%rbp)
-	movaps	-0x40(%rbp),%xmm12
-	movaps	%xmm0,-0x40(%rbp)
-	movaps	-0x30(%rbp),%xmm13
-	movaps	%xmm0,-0x30(%rbp)
-	movaps	-0x20(%rbp),%xmm14
-	movaps	%xmm0,-0x20(%rbp)
-	movaps	-0x10(%rbp),%xmm15
-	movaps	%xmm0,-0x10(%rbp)
+	movaps	-0xa8(%r11),%xmm6
+	movaps	%xmm0,-0xa8(%r11)		# clear stack
+	movaps	-0x98(%r11),%xmm7
+	movaps	%xmm0,-0x98(%r11)
+	movaps	-0x88(%r11),%xmm8
+	movaps	%xmm0,-0x88(%r11)
+	movaps	-0x78(%r11),%xmm9
+	movaps	%xmm0,-0x78(%r11)
+	movaps	-0x68(%r11),%xmm10
+	movaps	%xmm0,-0x68(%r11)
+	movaps	-0x58(%r11),%xmm11
+	movaps	%xmm0,-0x58(%r11)
+	movaps	-0x48(%r11),%xmm12
+	movaps	%xmm0,-0x48(%r11)
+	movaps	-0x38(%r11),%xmm13
+	movaps	%xmm0,-0x38(%r11)
+	movaps	-0x28(%r11),%xmm14
+	movaps	%xmm0,-0x28(%r11)
+	movaps	-0x18(%r11),%xmm15
+	movaps	%xmm0,-0x18(%r11)
 	movaps	%xmm0,0x00(%rsp)
 	movaps	%xmm0,0x10(%rsp)
 	movaps	%xmm0,0x20(%rsp)
@@ -2716,10 +2731,13 @@ $code.=<<___ if ($win64);
 	movaps	%xmm0,0x60(%rsp)
 ___
 $code.=<<___;
-	lea	(%rbp),%rsp
-	pop	%rbp
+	mov	-8(%r11),%rbp
+.cfi_restore	%rbp
+	lea	(%r11),%rsp
+.cfi_def_cfa_register	%rsp
 .Lxts_dec_epilogue:
 	ret
+.cfi_endproc
 .size	aesni_xts_decrypt,.-aesni_xts_decrypt
 ___
 }
@@ -2744,12 +2762,18 @@ $code.=<<___;
 .type	aesni_ocb_encrypt,\@function,6
 .align	32
 aesni_ocb_encrypt:
+.cfi_startproc
 	lea	(%rsp),%rax
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 ___
 $code.=<<___ if ($win64);
 	lea	-0xa0(%rsp),%rsp
@@ -2943,6 +2967,8 @@ $code.=<<___ if (!$win64);
 	pxor	%xmm13,%xmm13
 	pxor	%xmm14,%xmm14
 	pxor	%xmm15,%xmm15
+	lea	0x28(%rsp),%rax
+.cfi_def_cfa	%rax,8
 ___
 $code.=<<___ if ($win64);
 	movaps	0x00(%rsp),%xmm6
@@ -2967,16 +2993,23 @@ $code.=<<___ if ($win64);
 	movaps	%xmm0,0x90(%rsp)
 	lea	0xa0+0x28(%rsp),%rax
 .Locb_enc_pop:
-	lea	0xa0(%rsp),%rsp
 ___
 $code.=<<___;
-	pop	%r14
-	pop	%r13
-	pop	%r12
-	pop	%rbp
-	pop	%rbx
+	mov	-40(%rax),%r14
+.cfi_restore	%r14
+	mov	-32(%rax),%r13
+.cfi_restore	%r13
+	mov	-24(%rax),%r12
+.cfi_restore	%r12
+	mov	-16(%rax),%rbp
+.cfi_restore	%rbp
+	mov	-8(%rax),%rbx
+.cfi_restore	%rbx
+	lea	(%rax),%rsp
+.cfi_def_cfa_register	%rsp
 .Locb_enc_epilogue:
 	ret
+.cfi_endproc
 .size	aesni_ocb_encrypt,.-aesni_ocb_encrypt
 
 .type	__ocb_encrypt6,\@abi-omnipotent
@@ -3189,12 +3222,18 @@ __ocb_encrypt1:
 .type	aesni_ocb_decrypt,\@function,6
 .align	32
 aesni_ocb_decrypt:
+.cfi_startproc
 	lea	(%rsp),%rax
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 ___
 $code.=<<___ if ($win64);
 	lea	-0xa0(%rsp),%rsp
@@ -3410,6 +3449,8 @@ $code.=<<___ if (!$win64);
 	pxor	%xmm13,%xmm13
 	pxor	%xmm14,%xmm14
 	pxor	%xmm15,%xmm15
+	lea	0x28(%rsp),%rax
+.cfi_def_cfa	%rax,8
 ___
 $code.=<<___ if ($win64);
 	movaps	0x00(%rsp),%xmm6
@@ -3434,16 +3475,23 @@ $code.=<<___ if ($win64);
 	movaps	%xmm0,0x90(%rsp)
 	lea	0xa0+0x28(%rsp),%rax
 .Locb_dec_pop:
-	lea	0xa0(%rsp),%rsp
 ___
 $code.=<<___;
-	pop	%r14
-	pop	%r13
-	pop	%r12
-	pop	%rbp
-	pop	%rbx
+	mov	-40(%rax),%r14
+.cfi_restore	%r14
+	mov	-32(%rax),%r13
+.cfi_restore	%r13
+	mov	-24(%rax),%r12
+.cfi_restore	%r12
+	mov	-16(%rax),%rbp
+.cfi_restore	%rbp
+	mov	-8(%rax),%rbx
+.cfi_restore	%rbx
+	lea	(%rax),%rsp
+.cfi_def_cfa_register	%rsp
 .Locb_dec_epilogue:
 	ret
+.cfi_endproc
 .size	aesni_ocb_decrypt,.-aesni_ocb_decrypt
 
 .type	__ocb_decrypt6,\@abi-omnipotent
@@ -3650,13 +3698,13 @@ ___
 {
 my $frame_size = 0x10 + ($win64?0xa0:0);	# used in decrypt
 my ($iv,$in0,$in1,$in2,$in3,$in4)=map("%xmm$_",(10..15));
-my $inp_=$key_;
 
 $code.=<<___;
 .globl	${PREFIX}_cbc_encrypt
 .type	${PREFIX}_cbc_encrypt,\@function,6
 .align	16
 ${PREFIX}_cbc_encrypt:
+.cfi_startproc
 	test	$len,$len		# check length
 	jz	.Lcbc_ret
 
@@ -3732,8 +3780,10 @@ $code.=<<___;
 	jmp	.Lcbc_ret
 .align	16
 .Lcbc_decrypt_bulk:
-	lea	(%rsp),%rax
+	lea	(%rsp),%r11		# frame pointer
+.cfi_def_cfa_register	%r11
 	push	%rbp
+.cfi_push	%rbp
 	sub	\$$frame_size,%rsp
 	and	\$-16,%rsp	# Linux kernel stack can be incorrectly seeded
 ___
@@ -3750,8 +3800,11 @@ $code.=<<___ if ($win64);
 	movaps	%xmm15,0xa0(%rsp)
 .Lcbc_decrypt_body:
 ___
+
+my $inp_=$key_="%rbp";			# reassign $key_
+
 $code.=<<___;
-	lea	-8(%rax),%rbp
+	mov	$key,$key_		# [re-]backup $key [after reassignment]
 	movups	($ivp),$iv
 	mov	$rnds_,$rounds
 	cmp	\$0x50,$len
@@ -3791,7 +3844,7 @@ $code.=<<___;
 	pxor		$rndkey0,$inout1
 	$movkey		0x10-0x70($key),$rndkey1
 	pxor		$rndkey0,$inout2
-	xor		$inp_,$inp_
+	mov		\$-1,$inp_
 	cmp		\$0x70,$len	# is there at least 0x60 bytes ahead?
 	pxor		$rndkey0,$inout3
 	pxor		$rndkey0,$inout4
@@ -3807,8 +3860,8 @@ $code.=<<___;
 	aesdec		$rndkey1,$inout4
 	aesdec		$rndkey1,$inout5
 	aesdec		$rndkey1,$inout6
-	setnc		${inp_}b
-	shl		\$7,$inp_
+	adc		\$0,$inp_
+	and		\$128,$inp_
 	aesdec		$rndkey1,$inout7
 	add		$inp,$inp_
 	$movkey		0x30-0x70($key),$rndkey1
@@ -4172,10 +4225,13 @@ $code.=<<___ if ($win64);
 	movaps	%xmm0,0xa0(%rsp)
 ___
 $code.=<<___;
-	lea	(%rbp),%rsp
-	pop	%rbp
+	mov	-8(%r11),%rbp
+.cfi_restore	%rbp
+	lea	(%r11),%rsp
+.cfi_def_cfa_register	%rsp
 .Lcbc_ret:
 	ret
+.cfi_endproc
 .size	${PREFIX}_cbc_encrypt,.-${PREFIX}_cbc_encrypt
 ___
 } 
@@ -4196,7 +4252,9 @@ $code.=<<___;
 .type	${PREFIX}_set_decrypt_key,\@abi-omnipotent
 .align	16
 ${PREFIX}_set_decrypt_key:
+.cfi_startproc
 	.byte	0x48,0x83,0xEC,0x08	# sub rsp,8
+.cfi_adjust_cfa_offset	8
 	call	__aesni_set_encrypt_key
 	shl	\$4,$bits		# rounds-1 after _aesni_set_encrypt_key
 	test	%eax,%eax
@@ -4229,15 +4287,16 @@ ${PREFIX}_set_decrypt_key:
 	pxor	%xmm0,%xmm0
 .Ldec_key_ret:
 	add	\$8,%rsp
+.cfi_adjust_cfa_offset	-8
 	ret
+.cfi_endproc
 .LSEH_end_set_decrypt_key:
 .size	${PREFIX}_set_decrypt_key,.-${PREFIX}_set_decrypt_key
 ___
 
-# This is based on submission by
-#
-#	Huang Ying <ying.huang@intel.com>
-#	Vinodh Gopal <vinodh.gopal@intel.com>
+# This is based on submission from Intel by
+#	Huang Ying
+#	Vinodh Gopal
 #	Kahraman Akdemir
 #
 # Aggressively optimized in respect to aeskeygenassist's critical path
@@ -4265,7 +4324,9 @@ $code.=<<___;
 .align	16
 ${PREFIX}_set_encrypt_key:
 __aesni_set_encrypt_key:
+.cfi_startproc
 	.byte	0x48,0x83,0xEC,0x08	# sub rsp,8
+.cfi_adjust_cfa_offset	8
 	mov	\$-1,%rax
 	test	$inp,$inp
 	jz	.Lenc_key_ret
@@ -4454,7 +4515,7 @@ __aesni_set_encrypt_key:
 
 .align	16
 .L14rounds:
-	movups	16($inp),%xmm2			# remaning half of *userKey
+	movups	16($inp),%xmm2			# remaining half of *userKey
 	mov	\$13,$bits			# 14 rounds for 256
 	lea	16(%rax),%rax
 	cmp	\$`1<<28`,%r10d			# AVX, but no XOP
@@ -4558,7 +4619,9 @@ __aesni_set_encrypt_key:
 	pxor	%xmm4,%xmm4
 	pxor	%xmm5,%xmm5
 	add	\$8,%rsp
+.cfi_adjust_cfa_offset	-8
 	ret
+.cfi_endproc
 .LSEH_end_set_encrypt_key:
 
 .align	16
@@ -4744,13 +4807,16 @@ ctr_xts_se_handler:
 	cmp	%r10,%rbx		# context->Rip>=epilogue label
 	jae	.Lcommon_seh_tail
 
-	mov	160($context),%rax	# pull context->Rbp
-	lea	-0xa0(%rax),%rsi	# %xmm save area
+	mov	208($context),%rax	# pull context->R11
+
+	lea	-0xa8(%rax),%rsi	# %xmm save area
 	lea	512($context),%rdi	# & context.Xmm6
 	mov	\$20,%ecx		# 10*sizeof(%xmm0)/sizeof(%rax)
 	.long	0xa548f3fc		# cld; rep movsq
 
-	jmp	.Lcommon_rbp_tail
+	mov	-8(%rax),%rbp		# restore saved %rbp
+	mov	%rbp,160($context)	# restore context->Rbp
+	jmp	.Lcommon_seh_tail
 .size	ctr_xts_se_handler,.-ctr_xts_se_handler
 
 .type	ocb_se_handler,\@abi-omnipotent
@@ -4834,9 +4900,13 @@ cbc_se_handler:
 	cmp	%r10,%rbx		# context->Rip<"prologue" label
 	jb	.Lcommon_seh_tail
 
+	mov	120($context),%rax	# pull context->Rax
+
 	lea	.Lcbc_decrypt_body(%rip),%r10
 	cmp	%r10,%rbx		# context->Rip<cbc_decrypt_body
-	jb	.Lrestore_cbc_rax
+	jb	.Lcommon_seh_tail
+
+	mov	152($context),%rax	# pull context->Rsp
 
 	lea	.Lcbc_ret(%rip),%r10
 	cmp	%r10,%rbx		# context->Rip>="epilogue" label
@@ -4847,15 +4917,10 @@ cbc_se_handler:
 	mov	\$20,%ecx		# 10*sizeof(%xmm0)/sizeof(%rax)
 	.long	0xa548f3fc		# cld; rep movsq
 
-.Lcommon_rbp_tail:
-	mov	160($context),%rax	# pull context->Rbp
-	mov	(%rax),%rbp		# restore saved %rbp
-	lea	8(%rax),%rax		# adjust stack pointer
-	mov	%rbp,160($context)	# restore context->Rbp
-	jmp	.Lcommon_seh_tail
+	mov	208($context),%rax	# pull context->R11
 
-.Lrestore_cbc_rax:
-	mov	120($context),%rax
+	mov	-8(%rax),%rbp		# restore saved %rbp
+	mov	%rbp,160($context)	# restore context->Rbp
 
 .Lcommon_seh_tail:
 	mov	8(%rax),%rdi
diff --git a/deps/openssl/openssl/crypto/aes/asm/aesp8-ppc.pl b/deps/openssl/openssl/crypto/aes/asm/aesp8-ppc.pl
index b7e92f6538..488b133250 100755
--- a/deps/openssl/openssl/crypto/aes/asm/aesp8-ppc.pl
+++ b/deps/openssl/openssl/crypto/aes/asm/aesp8-ppc.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -40,6 +40,8 @@
 #		CBC en-/decrypt	CTR	XTS
 # POWER8[le]	3.96/0.72	0.74	1.1
 # POWER8[be]	3.75/0.65	0.66	1.0
+# POWER9[le]	4.02/0.86	0.84	1.05
+# POWER9[be]	3.99/0.78	0.79	0.97
 
 $flavour = shift;
 
@@ -3773,7 +3775,7 @@ foreach(split("\n",$code)) {
 	    if ($flavour =~ /le$/o) {
 		SWITCH: for($conv)  {
 		    /\?inv/ && do   { @bytes=map($_^0xf,@bytes); last; };
-		    /\?rev/ && do   { @bytes=reverse(@bytes);    last; }; 
+		    /\?rev/ && do   { @bytes=reverse(@bytes);    last; };
 		}
 	    }
 
diff --git a/deps/openssl/openssl/crypto/aes/asm/aest4-sparcv9.pl b/deps/openssl/openssl/crypto/aes/asm/aest4-sparcv9.pl
index bf479c60ae..54d0c58821 100644
--- a/deps/openssl/openssl/crypto/aes/asm/aest4-sparcv9.pl
+++ b/deps/openssl/openssl/crypto/aes/asm/aest4-sparcv9.pl
@@ -8,9 +8,9 @@
 
 
 # ====================================================================
-# Written by David S. Miller <davem@devemloft.net> and Andy Polyakov
-# <appro@openssl.org>. The module is licensed under 2-clause BSD
-# license. October 2012. All rights reserved.
+# Written by David S. Miller and Andy Polyakov.
+# The module is licensed under 2-clause BSD license. October 2012.
+# All rights reserved.
 # ====================================================================
 
 ######################################################################
@@ -44,7 +44,7 @@
 # instructions with those on critical path. Amazing!
 #
 # As with Intel AES-NI, question is if it's possible to improve
-# performance of parallelizeable modes by interleaving round
+# performance of parallelizable modes by interleaving round
 # instructions. Provided round instruction latency and throughput
 # optimal interleave factor is 2. But can we expect 2x performance
 # improvement? Well, as round instructions can be issued one per
diff --git a/deps/openssl/openssl/crypto/aes/asm/aesv8-armx.pl b/deps/openssl/openssl/crypto/aes/asm/aesv8-armx.pl
index 1782d5b414..8b37cfc452 100755
--- a/deps/openssl/openssl/crypto/aes/asm/aesv8-armx.pl
+++ b/deps/openssl/openssl/crypto/aes/asm/aesv8-armx.pl
@@ -35,6 +35,7 @@
 # Cortex-A57(*)	1.95		0.85		0.93
 # Denver	1.96		0.86		0.80
 # Mongoose	1.33		1.20		1.20
+# Kryo		1.26		0.94		1.00
 #
 # (*)	original 3.64/1.34/1.32 results were for r0p0 revision
 #	and are still same even for updated module;
@@ -929,7 +930,7 @@ if ($flavour =~ /64/) {			######## 64-bit code
 	s/^(\s+)v/$1/o		or	# strip off v prefix
 	s/\bbx\s+lr\b/ret/o;
 
-	# fix up remainig legacy suffixes
+	# fix up remaining legacy suffixes
 	s/\.[ui]?8//o;
 	m/\],#8/o and s/\.16b/\.8b/go;
 	s/\.[ui]?32//o and s/\.16b/\.4s/go;
@@ -964,21 +965,21 @@ if ($flavour =~ /64/) {			######## 64-bit code
 
 	$arg =~ m/q([0-9]+),\s*\{q([0-9]+)\},\s*q([0-9]+)/o &&
 	sprintf	"vtbl.8	d%d,{q%d},d%d\n\t".
-		"vtbl.8	d%d,{q%d},d%d", 2*$1,$2,2*$3, 2*$1+1,$2,2*$3+1;	
+		"vtbl.8	d%d,{q%d},d%d", 2*$1,$2,2*$3, 2*$1+1,$2,2*$3+1;
     }
 
     sub unvdup32 {
 	my $arg=shift;
 
 	$arg =~ m/q([0-9]+),\s*q([0-9]+)\[([0-3])\]/o &&
-	sprintf	"vdup.32	q%d,d%d[%d]",$1,2*$2+($3>>1),$3&1;	
+	sprintf	"vdup.32	q%d,d%d[%d]",$1,2*$2+($3>>1),$3&1;
     }
 
     sub unvmov32 {
 	my $arg=shift;
 
 	$arg =~ m/q([0-9]+)\[([0-3])\],(.*)/o &&
-	sprintf	"vmov.32	d%d[%d],%s",2*$1+($2>>1),$2&1,$3;	
+	sprintf	"vmov.32	d%d[%d],%s",2*$1+($2>>1),$2&1,$3;
     }
 
     foreach(split("\n",$code)) {
@@ -988,7 +989,7 @@ if ($flavour =~ /64/) {			######## 64-bit code
 	s/\bv([0-9])\.[12468]+[bsd]\b/q$1/go;	# new->old registers
 	s/\/\/\s?/@ /o;				# new->old style commentary
 
-	# fix up remainig new-style suffixes
+	# fix up remaining new-style suffixes
 	s/\{q([0-9]+)\},\s*\[(.+)\],#8/sprintf "{d%d},[$2]!",2*$1/eo	or
 	s/\],#[0-9]+/]!/o;
 
diff --git a/deps/openssl/openssl/crypto/aes/asm/bsaes-armv7.pl b/deps/openssl/openssl/crypto/aes/asm/bsaes-armv7.pl
index 7af38afcb6..bfe825af0d 100644
--- a/deps/openssl/openssl/crypto/aes/asm/bsaes-armv7.pl
+++ b/deps/openssl/openssl/crypto/aes/asm/bsaes-armv7.pl
@@ -14,8 +14,7 @@
 # details see http://www.openssl.org/~appro/cryptogams/.
 #
 # Specific modes and adaptation for Linux kernel by Ard Biesheuvel
-# <ard.biesheuvel@linaro.org>. Permission to use under GPL terms is
-# granted.
+# of Linaro. Permission to use under GPL terms is granted.
 # ====================================================================
 
 # Bit-sliced AES for ARM NEON
@@ -49,10 +48,7 @@
 #						<appro@openssl.org>
 
 # April-August 2013
-#
-# Add CBC, CTR and XTS subroutines, adapt for kernel use.
-#
-#					<ard.biesheuvel@linaro.org>
+# Add CBC, CTR and XTS subroutines and adapt for kernel use; courtesy of Ard.
 
 $flavour = shift;
 if ($flavour=~/\w[\w\-]*\.\w+$/) { $output=$flavour; undef $flavour; }
@@ -91,7 +87,7 @@ my @s=@_[12..15];
 
 sub InBasisChange {
 # input in  lsb > [b0, b1, b2, b3, b4, b5, b6, b7] < msb
-# output in lsb > [b6, b5, b0, b3, b7, b1, b4, b2] < msb 
+# output in lsb > [b6, b5, b0, b3, b7, b1, b4, b2] < msb
 my @b=@_[0..7];
 $code.=<<___;
 	veor	@b[2], @b[2], @b[1]
diff --git a/deps/openssl/openssl/crypto/aes/asm/bsaes-x86_64.pl b/deps/openssl/openssl/crypto/aes/asm/bsaes-x86_64.pl
index 921d870e98..2c79c2b67c 100644
--- a/deps/openssl/openssl/crypto/aes/asm/bsaes-x86_64.pl
+++ b/deps/openssl/openssl/crypto/aes/asm/bsaes-x86_64.pl
@@ -131,7 +131,7 @@ my @s=@_[12..15];
 
 sub InBasisChange {
 # input in  lsb > [b0, b1, b2, b3, b4, b5, b6, b7] < msb
-# output in lsb > [b6, b5, b0, b3, b7, b1, b4, b2] < msb 
+# output in lsb > [b6, b5, b0, b3, b7, b1, b4, b2] < msb
 my @b=@_[0..7];
 $code.=<<___;
 	pxor	@b[6], @b[5]
@@ -381,7 +381,7 @@ $code.=<<___;
 	pxor	@s[0], @t[3]
 	pxor	@s[1], @t[2]
 	pxor	@s[2], @t[1]
-	pxor	@s[3], @t[0] 
+	pxor	@s[3], @t[0]
 
 	#Inv_GF16 \t0, \t1, \t2, \t3, \s0, \s1, \s2, \s3
 
@@ -1165,15 +1165,23 @@ $code.=<<___;
 .type	bsaes_ecb_encrypt_blocks,\@abi-omnipotent
 .align	16
 bsaes_ecb_encrypt_blocks:
+.cfi_startproc
 	mov	%rsp, %rax
 .Lecb_enc_prologue:
 	push	%rbp
+.cfi_push	%rbp
 	push	%rbx
+.cfi_push	%rbx
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
 	lea	-0x48(%rsp),%rsp
+.cfi_adjust_cfa_offset	0x48
 ___
 $code.=<<___ if ($win64);
 	lea	-0xa0(%rsp), %rsp
@@ -1191,6 +1199,7 @@ $code.=<<___ if ($win64);
 ___
 $code.=<<___;
 	mov	%rsp,%rbp		# backup %rsp
+.cfi_def_cfa_register	%rbp
 	mov	240($arg4),%eax		# rounds
 	mov	$arg1,$inp		# backup arguments
 	mov	$arg2,$out
@@ -1334,7 +1343,8 @@ $code.=<<___;
 	cmp	%rax, %rbp
 	jb	.Lecb_enc_bzero
 
-	lea	(%rbp),%rsp		# restore %rsp
+	lea	0x78(%rbp),%rax
+.cfi_def_cfa	%rax,8
 ___
 $code.=<<___ if ($win64);
 	movaps	0x40(%rbp), %xmm6
@@ -1347,34 +1357,50 @@ $code.=<<___ if ($win64);
 	movaps	0xb0(%rbp), %xmm13
 	movaps	0xc0(%rbp), %xmm14
 	movaps	0xd0(%rbp), %xmm15
-	lea	0xa0(%rbp), %rsp
+	lea	0xa0(%rax), %rax
+.Lecb_enc_tail:
 ___
 $code.=<<___;
-	mov	0x48(%rsp), %r15
-	mov	0x50(%rsp), %r14
-	mov	0x58(%rsp), %r13
-	mov	0x60(%rsp), %r12
-	mov	0x68(%rsp), %rbx
-	mov	0x70(%rsp), %rax
-	lea	0x78(%rsp), %rsp
-	mov	%rax, %rbp
+	mov	-48(%rax), %r15
+.cfi_restore	%r15
+	mov	-40(%rax), %r14
+.cfi_restore	%r14
+	mov	-32(%rax), %r13
+.cfi_restore	%r13
+	mov	-24(%rax), %r12
+.cfi_restore	%r12
+	mov	-16(%rax), %rbx
+.cfi_restore	%rbx
+	mov	-8(%rax), %rbp
+.cfi_restore	%rbp
+	lea	(%rax), %rsp		# restore %rsp
+.cfi_def_cfa_register	%rsp
 .Lecb_enc_epilogue:
 	ret
+.cfi_endproc
 .size	bsaes_ecb_encrypt_blocks,.-bsaes_ecb_encrypt_blocks
 
 .globl	bsaes_ecb_decrypt_blocks
 .type	bsaes_ecb_decrypt_blocks,\@abi-omnipotent
 .align	16
 bsaes_ecb_decrypt_blocks:
+.cfi_startproc
 	mov	%rsp, %rax
 .Lecb_dec_prologue:
 	push	%rbp
+.cfi_push	%rbp
 	push	%rbx
+.cfi_push	%rbx
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
 	lea	-0x48(%rsp),%rsp
+.cfi_adjust_cfa_offset	0x48
 ___
 $code.=<<___ if ($win64);
 	lea	-0xa0(%rsp), %rsp
@@ -1392,6 +1418,7 @@ $code.=<<___ if ($win64);
 ___
 $code.=<<___;
 	mov	%rsp,%rbp		# backup %rsp
+.cfi_def_cfa_register	%rbp
 	mov	240($arg4),%eax		# rounds
 	mov	$arg1,$inp		# backup arguments
 	mov	$arg2,$out
@@ -1536,7 +1563,8 @@ $code.=<<___;
 	cmp	%rax, %rbp
 	jb	.Lecb_dec_bzero
 
-	lea	(%rbp),%rsp		# restore %rsp
+	lea	0x78(%rbp),%rax
+.cfi_def_cfa	%rax,8
 ___
 $code.=<<___ if ($win64);
 	movaps	0x40(%rbp), %xmm6
@@ -1549,19 +1577,27 @@ $code.=<<___ if ($win64);
 	movaps	0xb0(%rbp), %xmm13
 	movaps	0xc0(%rbp), %xmm14
 	movaps	0xd0(%rbp), %xmm15
-	lea	0xa0(%rbp), %rsp
+	lea	0xa0(%rax), %rax
+.Lecb_dec_tail:
 ___
 $code.=<<___;
-	mov	0x48(%rsp), %r15
-	mov	0x50(%rsp), %r14
-	mov	0x58(%rsp), %r13
-	mov	0x60(%rsp), %r12
-	mov	0x68(%rsp), %rbx
-	mov	0x70(%rsp), %rax
-	lea	0x78(%rsp), %rsp
-	mov	%rax, %rbp
+	mov	-48(%rax), %r15
+.cfi_restore	%r15
+	mov	-40(%rax), %r14
+.cfi_restore	%r14
+	mov	-32(%rax), %r13
+.cfi_restore	%r13
+	mov	-24(%rax), %r12
+.cfi_restore	%r12
+	mov	-16(%rax), %rbx
+.cfi_restore	%rbx
+	mov	-8(%rax), %rbp
+.cfi_restore	%rbp
+	lea	(%rax), %rsp		# restore %rsp
+.cfi_def_cfa_register	%rsp
 .Lecb_dec_epilogue:
 	ret
+.cfi_endproc
 .size	bsaes_ecb_decrypt_blocks,.-bsaes_ecb_decrypt_blocks
 ___
 }
@@ -1571,6 +1607,7 @@ $code.=<<___;
 .type	bsaes_cbc_encrypt,\@abi-omnipotent
 .align	16
 bsaes_cbc_encrypt:
+.cfi_startproc
 ___
 $code.=<<___ if ($win64);
 	mov	48(%rsp),$arg6		# pull direction flag
@@ -1584,12 +1621,19 @@ $code.=<<___;
 	mov	%rsp, %rax
 .Lcbc_dec_prologue:
 	push	%rbp
+.cfi_push	%rbp
 	push	%rbx
+.cfi_push	%rbx
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
 	lea	-0x48(%rsp), %rsp
+.cfi_adjust_cfa_offset	0x48
 ___
 $code.=<<___ if ($win64);
 	mov	0xa0(%rsp),$arg5	# pull ivp
@@ -1608,6 +1652,7 @@ $code.=<<___ if ($win64);
 ___
 $code.=<<___;
 	mov	%rsp, %rbp		# backup %rsp
+.cfi_def_cfa_register	%rbp
 	mov	240($arg4), %eax	# rounds
 	mov	$arg1, $inp		# backup arguments
 	mov	$arg2, $out
@@ -1826,7 +1871,8 @@ $code.=<<___;
 	cmp	%rax, %rbp
 	ja	.Lcbc_dec_bzero
 
-	lea	(%rbp),%rsp		# restore %rsp
+	lea	0x78(%rbp),%rax
+.cfi_def_cfa	%rax,8
 ___
 $code.=<<___ if ($win64);
 	movaps	0x40(%rbp), %xmm6
@@ -1839,34 +1885,50 @@ $code.=<<___ if ($win64);
 	movaps	0xb0(%rbp), %xmm13
 	movaps	0xc0(%rbp), %xmm14
 	movaps	0xd0(%rbp), %xmm15
-	lea	0xa0(%rbp), %rsp
+	lea	0xa0(%rax), %rax
+.Lcbc_dec_tail:
 ___
 $code.=<<___;
-	mov	0x48(%rsp), %r15
-	mov	0x50(%rsp), %r14
-	mov	0x58(%rsp), %r13
-	mov	0x60(%rsp), %r12
-	mov	0x68(%rsp), %rbx
-	mov	0x70(%rsp), %rax
-	lea	0x78(%rsp), %rsp
-	mov	%rax, %rbp
+	mov	-48(%rax), %r15
+.cfi_restore	%r15
+	mov	-40(%rax), %r14
+.cfi_restore	%r14
+	mov	-32(%rax), %r13
+.cfi_restore	%r13
+	mov	-24(%rax), %r12
+.cfi_restore	%r12
+	mov	-16(%rax), %rbx
+.cfi_restore	%rbx
+	mov	-8(%rax), %rbp
+.cfi_restore	%rbp
+	lea	(%rax), %rsp		# restore %rsp
+.cfi_def_cfa_register	%rsp
 .Lcbc_dec_epilogue:
 	ret
+.cfi_endproc
 .size	bsaes_cbc_encrypt,.-bsaes_cbc_encrypt
 
 .globl	bsaes_ctr32_encrypt_blocks
 .type	bsaes_ctr32_encrypt_blocks,\@abi-omnipotent
 .align	16
 bsaes_ctr32_encrypt_blocks:
+.cfi_startproc
 	mov	%rsp, %rax
 .Lctr_enc_prologue:
 	push	%rbp
+.cfi_push	%rbp
 	push	%rbx
+.cfi_push	%rbx
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
 	lea	-0x48(%rsp), %rsp
+.cfi_adjust_cfa_offset	0x48
 ___
 $code.=<<___ if ($win64);
 	mov	0xa0(%rsp),$arg5	# pull ivp
@@ -1885,6 +1947,7 @@ $code.=<<___ if ($win64);
 ___
 $code.=<<___;
 	mov	%rsp, %rbp		# backup %rsp
+.cfi_def_cfa_register	%rbp
 	movdqu	($arg5), %xmm0		# load counter
 	mov	240($arg4), %eax	# rounds
 	mov	$arg1, $inp		# backup arguments
@@ -2058,7 +2121,8 @@ $code.=<<___;
 	cmp	%rax, %rbp
 	ja	.Lctr_enc_bzero
 
-	lea	(%rbp),%rsp		# restore %rsp
+	lea	0x78(%rbp),%rax
+.cfi_def_cfa	%rax,8
 ___
 $code.=<<___ if ($win64);
 	movaps	0x40(%rbp), %xmm6
@@ -2071,19 +2135,27 @@ $code.=<<___ if ($win64);
 	movaps	0xb0(%rbp), %xmm13
 	movaps	0xc0(%rbp), %xmm14
 	movaps	0xd0(%rbp), %xmm15
-	lea	0xa0(%rbp), %rsp
+	lea	0xa0(%rax), %rax
+.Lctr_enc_tail:
 ___
 $code.=<<___;
-	mov	0x48(%rsp), %r15
-	mov	0x50(%rsp), %r14
-	mov	0x58(%rsp), %r13
-	mov	0x60(%rsp), %r12
-	mov	0x68(%rsp), %rbx
-	mov	0x70(%rsp), %rax
-	lea	0x78(%rsp), %rsp
-	mov	%rax, %rbp
+	mov	-48(%rax), %r15
+.cfi_restore	%r15
+	mov	-40(%rax), %r14
+.cfi_restore	%r14
+	mov	-32(%rax), %r13
+.cfi_restore	%r13
+	mov	-24(%rax), %r12
+.cfi_restore	%r12
+	mov	-16(%rax), %rbx
+.cfi_restore	%rbx
+	mov	-8(%rax), %rbp
+.cfi_restore	%rbp
+	lea	(%rax), %rsp		# restore %rsp
+.cfi_def_cfa_register	%rsp
 .Lctr_enc_epilogue:
 	ret
+.cfi_endproc
 .size	bsaes_ctr32_encrypt_blocks,.-bsaes_ctr32_encrypt_blocks
 ___
 ######################################################################
@@ -2099,15 +2171,23 @@ $code.=<<___;
 .type	bsaes_xts_encrypt,\@abi-omnipotent
 .align	16
 bsaes_xts_encrypt:
+.cfi_startproc
 	mov	%rsp, %rax
 .Lxts_enc_prologue:
 	push	%rbp
+.cfi_push	%rbp
 	push	%rbx
+.cfi_push	%rbx
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
 	lea	-0x48(%rsp), %rsp
+.cfi_adjust_cfa_offset	0x48
 ___
 $code.=<<___ if ($win64);
 	mov	0xa0(%rsp),$arg5	# pull key2
@@ -2127,6 +2207,7 @@ $code.=<<___ if ($win64);
 ___
 $code.=<<___;
 	mov	%rsp, %rbp		# backup %rsp
+.cfi_def_cfa_register	%rbp
 	mov	$arg1, $inp		# backup arguments
 	mov	$arg2, $out
 	mov	$arg3, $len
@@ -2448,7 +2529,8 @@ $code.=<<___;
 	cmp	%rax, %rbp
 	ja	.Lxts_enc_bzero
 
-	lea	(%rbp),%rsp		# restore %rsp
+	lea	0x78(%rbp),%rax
+.cfi_def_cfa	%rax,8
 ___
 $code.=<<___ if ($win64);
 	movaps	0x40(%rbp), %xmm6
@@ -2461,34 +2543,50 @@ $code.=<<___ if ($win64);
 	movaps	0xb0(%rbp), %xmm13
 	movaps	0xc0(%rbp), %xmm14
 	movaps	0xd0(%rbp), %xmm15
-	lea	0xa0(%rbp), %rsp
+	lea	0xa0(%rax), %rax
+.Lxts_enc_tail:
 ___
 $code.=<<___;
-	mov	0x48(%rsp), %r15
-	mov	0x50(%rsp), %r14
-	mov	0x58(%rsp), %r13
-	mov	0x60(%rsp), %r12
-	mov	0x68(%rsp), %rbx
-	mov	0x70(%rsp), %rax
-	lea	0x78(%rsp), %rsp
-	mov	%rax, %rbp
+	mov	-48(%rax), %r15
+.cfi_restore	%r15
+	mov	-40(%rax), %r14
+.cfi_restore	%r14
+	mov	-32(%rax), %r13
+.cfi_restore	%r13
+	mov	-24(%rax), %r12
+.cfi_restore	%r12
+	mov	-16(%rax), %rbx
+.cfi_restore	%rbx
+	mov	-8(%rax), %rbp
+.cfi_restore	%rbp
+	lea	(%rax), %rsp		# restore %rsp
+.cfi_def_cfa_register	%rsp
 .Lxts_enc_epilogue:
 	ret
+.cfi_endproc
 .size	bsaes_xts_encrypt,.-bsaes_xts_encrypt
 
 .globl	bsaes_xts_decrypt
 .type	bsaes_xts_decrypt,\@abi-omnipotent
 .align	16
 bsaes_xts_decrypt:
+.cfi_startproc
 	mov	%rsp, %rax
 .Lxts_dec_prologue:
 	push	%rbp
+.cfi_push	%rbp
 	push	%rbx
+.cfi_push	%rbx
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
 	lea	-0x48(%rsp), %rsp
+.cfi_adjust_cfa_offset	0x48
 ___
 $code.=<<___ if ($win64);
 	mov	0xa0(%rsp),$arg5	# pull key2
@@ -2855,7 +2953,8 @@ $code.=<<___;
 	cmp	%rax, %rbp
 	ja	.Lxts_dec_bzero
 
-	lea	(%rbp),%rsp		# restore %rsp
+	lea	0x78(%rbp),%rax
+.cfi_def_cfa	%rax,8
 ___
 $code.=<<___ if ($win64);
 	movaps	0x40(%rbp), %xmm6
@@ -2868,19 +2967,27 @@ $code.=<<___ if ($win64);
 	movaps	0xb0(%rbp), %xmm13
 	movaps	0xc0(%rbp), %xmm14
 	movaps	0xd0(%rbp), %xmm15
-	lea	0xa0(%rbp), %rsp
+	lea	0xa0(%rax), %rax
+.Lxts_dec_tail:
 ___
 $code.=<<___;
-	mov	0x48(%rsp), %r15
-	mov	0x50(%rsp), %r14
-	mov	0x58(%rsp), %r13
-	mov	0x60(%rsp), %r12
-	mov	0x68(%rsp), %rbx
-	mov	0x70(%rsp), %rax
-	lea	0x78(%rsp), %rsp
-	mov	%rax, %rbp
+	mov	-48(%rax), %r15
+.cfi_restore	%r15
+	mov	-40(%rax), %r14
+.cfi_restore	%r14
+	mov	-32(%rax), %r13
+.cfi_restore	%r13
+	mov	-24(%rax), %r12
+.cfi_restore	%r12
+	mov	-16(%rax), %rbx
+.cfi_restore	%rbx
+	mov	-8(%rax), %rbp
+.cfi_restore	%rbp
+	lea	(%rax), %rsp		# restore %rsp
+.cfi_def_cfa_register	%rsp
 .Lxts_dec_epilogue:
 	ret
+.cfi_endproc
 .size	bsaes_xts_decrypt,.-bsaes_xts_decrypt
 ___
 }
@@ -2974,31 +3081,34 @@ se_handler:
 
 	mov	0(%r11),%r10d		# HandlerData[0]
 	lea	(%rsi,%r10),%r10	# prologue label
-	cmp	%r10,%rbx		# context->Rip<prologue label
-	jb	.Lin_prologue
-
-	mov	152($context),%rax	# pull context->Rsp
+	cmp	%r10,%rbx		# context->Rip<=prologue label
+	jbe	.Lin_prologue
 
 	mov	4(%r11),%r10d		# HandlerData[1]
 	lea	(%rsi,%r10),%r10	# epilogue label
 	cmp	%r10,%rbx		# context->Rip>=epilogue label
 	jae	.Lin_prologue
 
+	mov	8(%r11),%r10d		# HandlerData[2]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=tail label
+	jae	.Lin_tail
+
 	mov	160($context),%rax	# pull context->Rbp
 
 	lea	0x40(%rax),%rsi		# %xmm save area
 	lea	512($context),%rdi	# &context.Xmm6
 	mov	\$20,%ecx		# 10*sizeof(%xmm0)/sizeof(%rax)
 	.long	0xa548f3fc		# cld; rep movsq
-	lea	0xa0(%rax),%rax		# adjust stack pointer
-
-	mov	0x70(%rax),%rbp
-	mov	0x68(%rax),%rbx
-	mov	0x60(%rax),%r12
-	mov	0x58(%rax),%r13
-	mov	0x50(%rax),%r14
-	mov	0x48(%rax),%r15
-	lea	0x78(%rax),%rax		# adjust stack pointer
+	lea	0xa0+0x78(%rax),%rax	# adjust stack pointer
+
+.Lin_tail:
+	mov	-48(%rax),%rbp
+	mov	-40(%rax),%rbx
+	mov	-32(%rax),%r12
+	mov	-24(%rax),%r13
+	mov	-16(%rax),%r14
+	mov	-8(%rax),%r15
 	mov	%rbx,144($context)	# restore context->Rbx
 	mov	%rbp,160($context)	# restore context->Rbp
 	mov	%r12,216($context)	# restore context->R12
@@ -3079,28 +3189,40 @@ $code.=<<___ if ($ecb);
 	.byte	9,0,0,0
 	.rva	se_handler
 	.rva	.Lecb_enc_body,.Lecb_enc_epilogue	# HandlerData[]
+	.rva	.Lecb_enc_tail
+	.long	0
 .Lecb_dec_info:
 	.byte	9,0,0,0
 	.rva	se_handler
 	.rva	.Lecb_dec_body,.Lecb_dec_epilogue	# HandlerData[]
+	.rva	.Lecb_dec_tail
+	.long	0
 ___
 $code.=<<___;
 .Lcbc_dec_info:
 	.byte	9,0,0,0
 	.rva	se_handler
 	.rva	.Lcbc_dec_body,.Lcbc_dec_epilogue	# HandlerData[]
+	.rva	.Lcbc_dec_tail
+	.long	0
 .Lctr_enc_info:
 	.byte	9,0,0,0
 	.rva	se_handler
 	.rva	.Lctr_enc_body,.Lctr_enc_epilogue	# HandlerData[]
+	.rva	.Lctr_enc_tail
+	.long	0
 .Lxts_enc_info:
 	.byte	9,0,0,0
 	.rva	se_handler
 	.rva	.Lxts_enc_body,.Lxts_enc_epilogue	# HandlerData[]
+	.rva	.Lxts_enc_tail
+	.long	0
 .Lxts_dec_info:
 	.byte	9,0,0,0
 	.rva	se_handler
 	.rva	.Lxts_dec_body,.Lxts_dec_epilogue	# HandlerData[]
+	.rva	.Lxts_dec_tail
+	.long	0
 ___
 }
 
diff --git a/deps/openssl/openssl/crypto/aes/asm/vpaes-armv8.pl b/deps/openssl/openssl/crypto/aes/asm/vpaes-armv8.pl
index d6b5f561c4..5131e13a09 100755
--- a/deps/openssl/openssl/crypto/aes/asm/vpaes-armv8.pl
+++ b/deps/openssl/openssl/crypto/aes/asm/vpaes-armv8.pl
@@ -31,7 +31,7 @@
 # Apple A7(***)     22.7(**)    10.9/14.3        [8.45/10.0         ]
 # Mongoose(***)     26.3(**)    21.0/25.0(**)    [13.3/16.8         ]
 #
-# (*)	ECB denotes approximate result for parallelizeable modes
+# (*)	ECB denotes approximate result for parallelizable modes
 #	such as CBC decrypt, CTR, etc.;
 # (**)	these results are worse than scalar compiler-generated
 #	code, but it's constant-time and therefore preferred;
@@ -137,7 +137,7 @@ _vpaes_consts:
 	.quad	0x07E4A34047A4E300, 0x1DFEB95A5DBEF91A
 	.quad	0x5F36B5DC83EA6900, 0x2841C2ABF49D1E77
 
-.asciz  "Vector Permutaion AES for ARMv8, Mike Hamburg (Stanford University)"
+.asciz  "Vector Permutation AES for ARMv8, Mike Hamburg (Stanford University)"
 .size	_vpaes_consts,.-_vpaes_consts
 .align	6
 ___
@@ -769,7 +769,7 @@ _vpaes_schedule_core:
 	ld1	{v0.16b}, [$inp]		// vmovdqu	16(%rdi),%xmm0		# load key part 2 (unaligned)
 	bl	_vpaes_schedule_transform	// input transform
 	mov	$inp, #7			// mov	\$7, %esi
-	
+
 .Loop_schedule_256:
 	sub	$inp, $inp, #1			// dec	%esi
 	bl	_vpaes_schedule_mangle		// output low result
@@ -778,7 +778,7 @@ _vpaes_schedule_core:
 	// high round
 	bl	_vpaes_schedule_round
 	cbz 	$inp, .Lschedule_mangle_last
-	bl	_vpaes_schedule_mangle	
+	bl	_vpaes_schedule_mangle
 
 	// low round. swap xmm7 and xmm6
 	dup	v0.4s, v0.s[3]			// vpshufd	\$0xFF,	%xmm0,	%xmm0
@@ -787,7 +787,7 @@ _vpaes_schedule_core:
 	mov	v7.16b, v6.16b			// vmovdqa	%xmm6,	%xmm7
 	bl	_vpaes_schedule_low_round
 	mov	v7.16b, v5.16b			// vmovdqa	%xmm5,	%xmm7
-	
+
 	b	.Loop_schedule_256
 
 ##
@@ -814,7 +814,7 @@ _vpaes_schedule_core:
 
 .Lschedule_mangle_last_dec:
 	ld1	{v20.2d-v21.2d}, [x11]		// reload constants
-	sub	$out, $out, #16			// add	\$-16,	%rdx 
+	sub	$out, $out, #16			// add	\$-16,	%rdx
 	eor	v0.16b, v0.16b, v16.16b		// vpxor	.Lk_s63(%rip),	%xmm0,	%xmm0
 	bl	_vpaes_schedule_transform	// output transform
 	st1	{v0.2d}, [$out]			// vmovdqu	%xmm0,	(%rdx)		# save last key
diff --git a/deps/openssl/openssl/crypto/aes/asm/vpaes-ppc.pl b/deps/openssl/openssl/crypto/aes/asm/vpaes-ppc.pl
index bb38fbe60c..3c771a7e98 100644
--- a/deps/openssl/openssl/crypto/aes/asm/vpaes-ppc.pl
+++ b/deps/openssl/openssl/crypto/aes/asm/vpaes-ppc.pl
@@ -1075,7 +1075,7 @@ Loop_schedule_256:
 	# high round
 	bl	_vpaes_schedule_round
 	bdz 	Lschedule_mangle_last	# dec	%esi
-	bl	_vpaes_schedule_mangle	
+	bl	_vpaes_schedule_mangle
 
 	# low round. swap xmm7 and xmm6
 	?vspltw	v0, v0, 3		# vpshufd	\$0xFF,	%xmm0,	%xmm0
@@ -1083,7 +1083,7 @@ Loop_schedule_256:
 	vmr	v7, v6			# vmovdqa	%xmm6,	%xmm7
 	bl	_vpaes_schedule_low_round
 	vmr	v7, v5			# vmovdqa	%xmm5,	%xmm7
-	
+
 	b	Loop_schedule_256
 ##
 ##  .aes_schedule_mangle_last
@@ -1131,7 +1131,7 @@ Lschedule_mangle_last:
 Lschedule_mangle_last_dec:
 	lvx	$iptlo, r11, r12	# reload $ipt
 	lvx	$ipthi, r9,  r12
-	addi	$out, $out, -16		# add	\$-16,	%rdx 
+	addi	$out, $out, -16		# add	\$-16,	%rdx
 	vxor	v0, v0, v26		# vpxor	.Lk_s63(%rip),	%xmm0,	%xmm0
 	bl	_vpaes_schedule_transform	# output transform
 
@@ -1566,7 +1566,7 @@ foreach  (split("\n",$code)) {
 	    if ($flavour =~ /le$/o) {
 		SWITCH: for($conv)  {
 		    /\?inv/ && do   { @bytes=map($_^0xf,@bytes); last; };
-		    /\?rev/ && do   { @bytes=reverse(@bytes);    last; }; 
+		    /\?rev/ && do   { @bytes=reverse(@bytes);    last; };
 		}
 	    }
 
diff --git a/deps/openssl/openssl/crypto/aes/asm/vpaes-x86.pl b/deps/openssl/openssl/crypto/aes/asm/vpaes-x86.pl
index 47615c0795..7d57edc0eb 100644
--- a/deps/openssl/openssl/crypto/aes/asm/vpaes-x86.pl
+++ b/deps/openssl/openssl/crypto/aes/asm/vpaes-x86.pl
@@ -62,7 +62,7 @@ $output = pop;
 open OUT,">$output";
 *STDOUT=*OUT;
 
-&asm_init($ARGV[0],"vpaes-x86.pl",$x86only = $ARGV[$#ARGV] eq "386");
+&asm_init($ARGV[0],$x86only = $ARGV[$#ARGV] eq "386");
 
 $PREFIX="vpaes";
 
@@ -445,7 +445,7 @@ $k_dsbo=0x2c0;		# decryption sbox final output
 ##
 &set_label("schedule_192",16);
 	&movdqu	("xmm0",&QWP(8,$inp));		# load key part 2 (very unaligned)
-	&call	("_vpaes_schedule_transform");	# input transform	
+	&call	("_vpaes_schedule_transform");	# input transform
 	&movdqa	("xmm6","xmm0");		# save short part
 	&pxor	("xmm4","xmm4");		# clear 4
 	&movhlps("xmm6","xmm4");		# clobber low side with zeros
@@ -476,7 +476,7 @@ $k_dsbo=0x2c0;		# decryption sbox final output
 ##
 &set_label("schedule_256",16);
 	&movdqu	("xmm0",&QWP(16,$inp));		# load key part 2 (unaligned)
-	&call	("_vpaes_schedule_transform");	# input transform	
+	&call	("_vpaes_schedule_transform");	# input transform
 	&mov	($round,7);
 
 &set_label("loop_schedule_256");
@@ -487,7 +487,7 @@ $k_dsbo=0x2c0;		# decryption sbox final output
 	&call	("_vpaes_schedule_round");
 	&dec	($round);
 	&jz	(&label("schedule_mangle_last"));
-	&call	("_vpaes_schedule_mangle");	
+	&call	("_vpaes_schedule_mangle");
 
 	# low round. swap xmm7 and xmm6
 	&pshufd	("xmm0","xmm0",0xFF);
@@ -610,7 +610,7 @@ $k_dsbo=0x2c0;		# decryption sbox final output
 	# subbyte
 	&movdqa	("xmm4",&QWP($k_s0F,$const));
 	&movdqa	("xmm5",&QWP($k_inv,$const));	# 4 : 1/j
-	&movdqa	("xmm1","xmm4");	
+	&movdqa	("xmm1","xmm4");
 	&pandn	("xmm1","xmm0");
 	&psrld	("xmm1",4);			# 1 = i
 	&pand	("xmm0","xmm4");		# 0 = k
diff --git a/deps/openssl/openssl/crypto/aes/asm/vpaes-x86_64.pl b/deps/openssl/openssl/crypto/aes/asm/vpaes-x86_64.pl
index 422e8ee442..b715aca167 100644
--- a/deps/openssl/openssl/crypto/aes/asm/vpaes-x86_64.pl
+++ b/deps/openssl/openssl/crypto/aes/asm/vpaes-x86_64.pl
@@ -172,7 +172,7 @@ _vpaes_encrypt_core:
 	pshufb	%xmm1,	%xmm0
 	ret
 .size	_vpaes_encrypt_core,.-_vpaes_encrypt_core
-	
+
 ##
 ##  Decryption core
 ##
@@ -333,7 +333,7 @@ _vpaes_schedule_core:
 ##
 .Lschedule_128:
 	mov	\$10, %esi
-	
+
 .Loop_schedule_128:
 	call 	_vpaes_schedule_round
 	dec	%rsi
@@ -367,7 +367,7 @@ _vpaes_schedule_core:
 
 .Loop_schedule_192:
 	call	_vpaes_schedule_round
-	palignr	\$8,%xmm6,%xmm0	
+	palignr	\$8,%xmm6,%xmm0
 	call	_vpaes_schedule_mangle	# save key n
 	call	_vpaes_schedule_192_smear
 	call	_vpaes_schedule_mangle	# save key n+1
@@ -393,7 +393,7 @@ _vpaes_schedule_core:
 	movdqu	16(%rdi),%xmm0		# load key part 2 (unaligned)
 	call	_vpaes_schedule_transform	# input transform
 	mov	\$7, %esi
-	
+
 .Loop_schedule_256:
 	call	_vpaes_schedule_mangle	# output low result
 	movdqa	%xmm0,	%xmm6		# save cur_lo in xmm6
@@ -402,7 +402,7 @@ _vpaes_schedule_core:
 	call	_vpaes_schedule_round
 	dec	%rsi
 	jz 	.Lschedule_mangle_last
-	call	_vpaes_schedule_mangle	
+	call	_vpaes_schedule_mangle
 
 	# low round. swap xmm7 and xmm6
 	pshufd	\$0xFF,	%xmm0,	%xmm0
@@ -410,10 +410,10 @@ _vpaes_schedule_core:
 	movdqa	%xmm6,	%xmm7
 	call	_vpaes_schedule_low_round
 	movdqa	%xmm5,	%xmm7
-	
+
 	jmp	.Loop_schedule_256
 
-	
+
 ##
 ##  .aes_schedule_mangle_last
 ##
@@ -512,9 +512,9 @@ _vpaes_schedule_round:
 	# rotate
 	pshufd	\$0xFF,	%xmm0,	%xmm0
 	palignr	\$1,	%xmm0,	%xmm0
-	
+
 	# fall through...
-	
+
 	# low round: same as high round, but no rotation and no rcon.
 _vpaes_schedule_low_round:
 	# smear xmm7
@@ -553,7 +553,7 @@ _vpaes_schedule_low_round:
 	pxor	%xmm4, 	%xmm0		# 0 = sbox output
 
 	# add in smeared stuff
-	pxor	%xmm7,	%xmm0	
+	pxor	%xmm7,	%xmm0
 	movdqa	%xmm0,	%xmm7
 	ret
 .size	_vpaes_schedule_round,.-_vpaes_schedule_round
diff --git a/deps/openssl/openssl/crypto/aes/build.info b/deps/openssl/openssl/crypto/aes/build.info
index 5240b9c87f..0f04863640 100644
--- a/deps/openssl/openssl/crypto/aes/build.info
+++ b/deps/openssl/openssl/crypto/aes/build.info
@@ -5,11 +5,14 @@ SOURCE[../../libcrypto]=\
 
 GENERATE[aes-ia64.s]=asm/aes-ia64.S
 
-GENERATE[aes-586.s]=asm/aes-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR)
+GENERATE[aes-586.s]=asm/aes-586.pl \
+        $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR)
 DEPEND[aes-586.s]=../perlasm/x86asm.pl
-GENERATE[vpaes-x86.s]=asm/vpaes-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR)
+GENERATE[vpaes-x86.s]=asm/vpaes-x86.pl \
+        $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR)
 DEPEND[vpaes-586.s]=../perlasm/x86asm.pl
-GENERATE[aesni-x86.s]=asm/aesni-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR)
+GENERATE[aesni-x86.s]=asm/aesni-x86.pl \
+        $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR)
 DEPEND[aesni-586.s]=../perlasm/x86asm.pl
 
 GENERATE[aes-x86_64.s]=asm/aes-x86_64.pl $(PERLASM_SCHEME)
@@ -35,6 +38,7 @@ GENERATE[aesp8-ppc.s]=asm/aesp8-ppc.pl $(PERLASM_SCHEME)
 GENERATE[aes-parisc.s]=asm/aes-parisc.pl $(PERLASM_SCHEME)
 
 GENERATE[aes-mips.S]=asm/aes-mips.pl $(PERLASM_SCHEME)
+INCLUDE[aes-mips.o]=..
 
 GENERATE[aesv8-armx.S]=asm/aesv8-armx.pl $(PERLASM_SCHEME)
 INCLUDE[aesv8-armx.o]=..
diff --git a/deps/openssl/openssl/crypto/aria/aria.c b/deps/openssl/openssl/crypto/aria/aria.c
new file mode 100644
index 0000000000..293bcc72bd
--- /dev/null
+++ b/deps/openssl/openssl/crypto/aria/aria.c
@@ -0,0 +1,1212 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2017, Oracle and/or its affiliates.  All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Copyright (C) 2017 National Security Research Institute. All Rights Reserved.
+ *
+ * Information for ARIA
+ *     http://210.104.33.10/ARIA/index-e.html (English)
+ *     http://seed.kisa.or.kr/ (Korean)
+ *
+ * Public domain version is distributed above.
+ */
+
+#include <openssl/e_os2.h>
+#include "internal/aria.h"
+
+#include <assert.h>
+#include <string.h>
+
+#ifndef OPENSSL_SMALL_FOOTPRINT
+
+/* Begin macro */
+
+/* rotation */
+#define rotl32(v, r) (((uint32_t)(v) << (r)) | ((uint32_t)(v) >> (32 - r)))
+#define rotr32(v, r) (((uint32_t)(v) >> (r)) | ((uint32_t)(v) << (32 - r)))
+
+#define bswap32(v)                                          \
+    (((v) << 24) ^ ((v) >> 24) ^                            \
+    (((v) & 0x0000ff00) << 8) ^ (((v) & 0x00ff0000) >> 8))
+
+#define GET_U8_BE(X, Y) ((uint8_t)((X) >> ((3 - Y) * 8)))
+#define GET_U32_BE(X, Y) (                                  \
+    ((uint32_t)((const uint8_t *)(X))[Y * 4    ] << 24) ^   \
+    ((uint32_t)((const uint8_t *)(X))[Y * 4 + 1] << 16) ^   \
+    ((uint32_t)((const uint8_t *)(X))[Y * 4 + 2] <<  8) ^   \
+    ((uint32_t)((const uint8_t *)(X))[Y * 4 + 3]      )     )
+
+#define PUT_U32_BE(DEST, IDX, VAL)                              \
+    do {                                                        \
+        ((uint8_t *)(DEST))[IDX * 4    ] = GET_U8_BE(VAL, 0);   \
+        ((uint8_t *)(DEST))[IDX * 4 + 1] = GET_U8_BE(VAL, 1);   \
+        ((uint8_t *)(DEST))[IDX * 4 + 2] = GET_U8_BE(VAL, 2);   \
+        ((uint8_t *)(DEST))[IDX * 4 + 3] = GET_U8_BE(VAL, 3);   \
+    } while(0)
+
+#define MAKE_U32(V0, V1, V2, V3) (      \
+    ((uint32_t)((uint8_t)(V0)) << 24) | \
+    ((uint32_t)((uint8_t)(V1)) << 16) | \
+    ((uint32_t)((uint8_t)(V2)) <<  8) | \
+    ((uint32_t)((uint8_t)(V3))      )   )
+
+/* End Macro*/
+
+/* Key Constant
+ * 128bit : 0, 1,    2
+ * 192bit : 1, 2,    3(0)
+ * 256bit : 2, 3(0), 4(1)
+ */
+static const uint32_t Key_RC[5][4] = {
+    { 0x517cc1b7, 0x27220a94, 0xfe13abe8, 0xfa9a6ee0 },
+    { 0x6db14acc, 0x9e21c820, 0xff28b1d5, 0xef5de2b0 },
+    { 0xdb92371d, 0x2126e970, 0x03249775, 0x04e8c90e },
+    { 0x517cc1b7, 0x27220a94, 0xfe13abe8, 0xfa9a6ee0 },
+    { 0x6db14acc, 0x9e21c820, 0xff28b1d5, 0xef5de2b0 }
+};
+
+/* 32bit expanded s-box */
+static const uint32_t S1[256] = {
+    0x00636363, 0x007c7c7c, 0x00777777, 0x007b7b7b,
+    0x00f2f2f2, 0x006b6b6b, 0x006f6f6f, 0x00c5c5c5,
+    0x00303030, 0x00010101, 0x00676767, 0x002b2b2b,
+    0x00fefefe, 0x00d7d7d7, 0x00ababab, 0x00767676,
+    0x00cacaca, 0x00828282, 0x00c9c9c9, 0x007d7d7d,
+    0x00fafafa, 0x00595959, 0x00474747, 0x00f0f0f0,
+    0x00adadad, 0x00d4d4d4, 0x00a2a2a2, 0x00afafaf,
+    0x009c9c9c, 0x00a4a4a4, 0x00727272, 0x00c0c0c0,
+    0x00b7b7b7, 0x00fdfdfd, 0x00939393, 0x00262626,
+    0x00363636, 0x003f3f3f, 0x00f7f7f7, 0x00cccccc,
+    0x00343434, 0x00a5a5a5, 0x00e5e5e5, 0x00f1f1f1,
+    0x00717171, 0x00d8d8d8, 0x00313131, 0x00151515,
+    0x00040404, 0x00c7c7c7, 0x00232323, 0x00c3c3c3,
+    0x00181818, 0x00969696, 0x00050505, 0x009a9a9a,
+    0x00070707, 0x00121212, 0x00808080, 0x00e2e2e2,
+    0x00ebebeb, 0x00272727, 0x00b2b2b2, 0x00757575,
+    0x00090909, 0x00838383, 0x002c2c2c, 0x001a1a1a,
+    0x001b1b1b, 0x006e6e6e, 0x005a5a5a, 0x00a0a0a0,
+    0x00525252, 0x003b3b3b, 0x00d6d6d6, 0x00b3b3b3,
+    0x00292929, 0x00e3e3e3, 0x002f2f2f, 0x00848484,
+    0x00535353, 0x00d1d1d1, 0x00000000, 0x00ededed,
+    0x00202020, 0x00fcfcfc, 0x00b1b1b1, 0x005b5b5b,
+    0x006a6a6a, 0x00cbcbcb, 0x00bebebe, 0x00393939,
+    0x004a4a4a, 0x004c4c4c, 0x00585858, 0x00cfcfcf,
+    0x00d0d0d0, 0x00efefef, 0x00aaaaaa, 0x00fbfbfb,
+    0x00434343, 0x004d4d4d, 0x00333333, 0x00858585,
+    0x00454545, 0x00f9f9f9, 0x00020202, 0x007f7f7f,
+    0x00505050, 0x003c3c3c, 0x009f9f9f, 0x00a8a8a8,
+    0x00515151, 0x00a3a3a3, 0x00404040, 0x008f8f8f,
+    0x00929292, 0x009d9d9d, 0x00383838, 0x00f5f5f5,
+    0x00bcbcbc, 0x00b6b6b6, 0x00dadada, 0x00212121,
+    0x00101010, 0x00ffffff, 0x00f3f3f3, 0x00d2d2d2,
+    0x00cdcdcd, 0x000c0c0c, 0x00131313, 0x00ececec,
+    0x005f5f5f, 0x00979797, 0x00444444, 0x00171717,
+    0x00c4c4c4, 0x00a7a7a7, 0x007e7e7e, 0x003d3d3d,
+    0x00646464, 0x005d5d5d, 0x00191919, 0x00737373,
+    0x00606060, 0x00818181, 0x004f4f4f, 0x00dcdcdc,
+    0x00222222, 0x002a2a2a, 0x00909090, 0x00888888,
+    0x00464646, 0x00eeeeee, 0x00b8b8b8, 0x00141414,
+    0x00dedede, 0x005e5e5e, 0x000b0b0b, 0x00dbdbdb,
+    0x00e0e0e0, 0x00323232, 0x003a3a3a, 0x000a0a0a,
+    0x00494949, 0x00060606, 0x00242424, 0x005c5c5c,
+    0x00c2c2c2, 0x00d3d3d3, 0x00acacac, 0x00626262,
+    0x00919191, 0x00959595, 0x00e4e4e4, 0x00797979,
+    0x00e7e7e7, 0x00c8c8c8, 0x00373737, 0x006d6d6d,
+    0x008d8d8d, 0x00d5d5d5, 0x004e4e4e, 0x00a9a9a9,
+    0x006c6c6c, 0x00565656, 0x00f4f4f4, 0x00eaeaea,
+    0x00656565, 0x007a7a7a, 0x00aeaeae, 0x00080808,
+    0x00bababa, 0x00787878, 0x00252525, 0x002e2e2e,
+    0x001c1c1c, 0x00a6a6a6, 0x00b4b4b4, 0x00c6c6c6,
+    0x00e8e8e8, 0x00dddddd, 0x00747474, 0x001f1f1f,
+    0x004b4b4b, 0x00bdbdbd, 0x008b8b8b, 0x008a8a8a,
+    0x00707070, 0x003e3e3e, 0x00b5b5b5, 0x00666666,
+    0x00484848, 0x00030303, 0x00f6f6f6, 0x000e0e0e,
+    0x00616161, 0x00353535, 0x00575757, 0x00b9b9b9,
+    0x00868686, 0x00c1c1c1, 0x001d1d1d, 0x009e9e9e,
+    0x00e1e1e1, 0x00f8f8f8, 0x00989898, 0x00111111,
+    0x00696969, 0x00d9d9d9, 0x008e8e8e, 0x00949494,
+    0x009b9b9b, 0x001e1e1e, 0x00878787, 0x00e9e9e9,
+    0x00cecece, 0x00555555, 0x00282828, 0x00dfdfdf,
+    0x008c8c8c, 0x00a1a1a1, 0x00898989, 0x000d0d0d,
+    0x00bfbfbf, 0x00e6e6e6, 0x00424242, 0x00686868,
+    0x00414141, 0x00999999, 0x002d2d2d, 0x000f0f0f,
+    0x00b0b0b0, 0x00545454, 0x00bbbbbb, 0x00161616
+};
+
+static const uint32_t S2[256] = {
+    0xe200e2e2, 0x4e004e4e, 0x54005454, 0xfc00fcfc,
+    0x94009494, 0xc200c2c2, 0x4a004a4a, 0xcc00cccc,
+    0x62006262, 0x0d000d0d, 0x6a006a6a, 0x46004646,
+    0x3c003c3c, 0x4d004d4d, 0x8b008b8b, 0xd100d1d1,
+    0x5e005e5e, 0xfa00fafa, 0x64006464, 0xcb00cbcb,
+    0xb400b4b4, 0x97009797, 0xbe00bebe, 0x2b002b2b,
+    0xbc00bcbc, 0x77007777, 0x2e002e2e, 0x03000303,
+    0xd300d3d3, 0x19001919, 0x59005959, 0xc100c1c1,
+    0x1d001d1d, 0x06000606, 0x41004141, 0x6b006b6b,
+    0x55005555, 0xf000f0f0, 0x99009999, 0x69006969,
+    0xea00eaea, 0x9c009c9c, 0x18001818, 0xae00aeae,
+    0x63006363, 0xdf00dfdf, 0xe700e7e7, 0xbb00bbbb,
+    0x00000000, 0x73007373, 0x66006666, 0xfb00fbfb,
+    0x96009696, 0x4c004c4c, 0x85008585, 0xe400e4e4,
+    0x3a003a3a, 0x09000909, 0x45004545, 0xaa00aaaa,
+    0x0f000f0f, 0xee00eeee, 0x10001010, 0xeb00ebeb,
+    0x2d002d2d, 0x7f007f7f, 0xf400f4f4, 0x29002929,
+    0xac00acac, 0xcf00cfcf, 0xad00adad, 0x91009191,
+    0x8d008d8d, 0x78007878, 0xc800c8c8, 0x95009595,
+    0xf900f9f9, 0x2f002f2f, 0xce00cece, 0xcd00cdcd,
+    0x08000808, 0x7a007a7a, 0x88008888, 0x38003838,
+    0x5c005c5c, 0x83008383, 0x2a002a2a, 0x28002828,
+    0x47004747, 0xdb00dbdb, 0xb800b8b8, 0xc700c7c7,
+    0x93009393, 0xa400a4a4, 0x12001212, 0x53005353,
+    0xff00ffff, 0x87008787, 0x0e000e0e, 0x31003131,
+    0x36003636, 0x21002121, 0x58005858, 0x48004848,
+    0x01000101, 0x8e008e8e, 0x37003737, 0x74007474,
+    0x32003232, 0xca00caca, 0xe900e9e9, 0xb100b1b1,
+    0xb700b7b7, 0xab00abab, 0x0c000c0c, 0xd700d7d7,
+    0xc400c4c4, 0x56005656, 0x42004242, 0x26002626,
+    0x07000707, 0x98009898, 0x60006060, 0xd900d9d9,
+    0xb600b6b6, 0xb900b9b9, 0x11001111, 0x40004040,
+    0xec00ecec, 0x20002020, 0x8c008c8c, 0xbd00bdbd,
+    0xa000a0a0, 0xc900c9c9, 0x84008484, 0x04000404,
+    0x49004949, 0x23002323, 0xf100f1f1, 0x4f004f4f,
+    0x50005050, 0x1f001f1f, 0x13001313, 0xdc00dcdc,
+    0xd800d8d8, 0xc000c0c0, 0x9e009e9e, 0x57005757,
+    0xe300e3e3, 0xc300c3c3, 0x7b007b7b, 0x65006565,
+    0x3b003b3b, 0x02000202, 0x8f008f8f, 0x3e003e3e,
+    0xe800e8e8, 0x25002525, 0x92009292, 0xe500e5e5,
+    0x15001515, 0xdd00dddd, 0xfd00fdfd, 0x17001717,
+    0xa900a9a9, 0xbf00bfbf, 0xd400d4d4, 0x9a009a9a,
+    0x7e007e7e, 0xc500c5c5, 0x39003939, 0x67006767,
+    0xfe00fefe, 0x76007676, 0x9d009d9d, 0x43004343,
+    0xa700a7a7, 0xe100e1e1, 0xd000d0d0, 0xf500f5f5,
+    0x68006868, 0xf200f2f2, 0x1b001b1b, 0x34003434,
+    0x70007070, 0x05000505, 0xa300a3a3, 0x8a008a8a,
+    0xd500d5d5, 0x79007979, 0x86008686, 0xa800a8a8,
+    0x30003030, 0xc600c6c6, 0x51005151, 0x4b004b4b,
+    0x1e001e1e, 0xa600a6a6, 0x27002727, 0xf600f6f6,
+    0x35003535, 0xd200d2d2, 0x6e006e6e, 0x24002424,
+    0x16001616, 0x82008282, 0x5f005f5f, 0xda00dada,
+    0xe600e6e6, 0x75007575, 0xa200a2a2, 0xef00efef,
+    0x2c002c2c, 0xb200b2b2, 0x1c001c1c, 0x9f009f9f,
+    0x5d005d5d, 0x6f006f6f, 0x80008080, 0x0a000a0a,
+    0x72007272, 0x44004444, 0x9b009b9b, 0x6c006c6c,
+    0x90009090, 0x0b000b0b, 0x5b005b5b, 0x33003333,
+    0x7d007d7d, 0x5a005a5a, 0x52005252, 0xf300f3f3,
+    0x61006161, 0xa100a1a1, 0xf700f7f7, 0xb000b0b0,
+    0xd600d6d6, 0x3f003f3f, 0x7c007c7c, 0x6d006d6d,
+    0xed00eded, 0x14001414, 0xe000e0e0, 0xa500a5a5,
+    0x3d003d3d, 0x22002222, 0xb300b3b3, 0xf800f8f8,
+    0x89008989, 0xde00dede, 0x71007171, 0x1a001a1a,
+    0xaf00afaf, 0xba00baba, 0xb500b5b5, 0x81008181
+};
+
+static const uint32_t X1[256] = {
+    0x52520052, 0x09090009, 0x6a6a006a, 0xd5d500d5,
+    0x30300030, 0x36360036, 0xa5a500a5, 0x38380038,
+    0xbfbf00bf, 0x40400040, 0xa3a300a3, 0x9e9e009e,
+    0x81810081, 0xf3f300f3, 0xd7d700d7, 0xfbfb00fb,
+    0x7c7c007c, 0xe3e300e3, 0x39390039, 0x82820082,
+    0x9b9b009b, 0x2f2f002f, 0xffff00ff, 0x87870087,
+    0x34340034, 0x8e8e008e, 0x43430043, 0x44440044,
+    0xc4c400c4, 0xdede00de, 0xe9e900e9, 0xcbcb00cb,
+    0x54540054, 0x7b7b007b, 0x94940094, 0x32320032,
+    0xa6a600a6, 0xc2c200c2, 0x23230023, 0x3d3d003d,
+    0xeeee00ee, 0x4c4c004c, 0x95950095, 0x0b0b000b,
+    0x42420042, 0xfafa00fa, 0xc3c300c3, 0x4e4e004e,
+    0x08080008, 0x2e2e002e, 0xa1a100a1, 0x66660066,
+    0x28280028, 0xd9d900d9, 0x24240024, 0xb2b200b2,
+    0x76760076, 0x5b5b005b, 0xa2a200a2, 0x49490049,
+    0x6d6d006d, 0x8b8b008b, 0xd1d100d1, 0x25250025,
+    0x72720072, 0xf8f800f8, 0xf6f600f6, 0x64640064,
+    0x86860086, 0x68680068, 0x98980098, 0x16160016,
+    0xd4d400d4, 0xa4a400a4, 0x5c5c005c, 0xcccc00cc,
+    0x5d5d005d, 0x65650065, 0xb6b600b6, 0x92920092,
+    0x6c6c006c, 0x70700070, 0x48480048, 0x50500050,
+    0xfdfd00fd, 0xeded00ed, 0xb9b900b9, 0xdada00da,
+    0x5e5e005e, 0x15150015, 0x46460046, 0x57570057,
+    0xa7a700a7, 0x8d8d008d, 0x9d9d009d, 0x84840084,
+    0x90900090, 0xd8d800d8, 0xabab00ab, 0x00000000,
+    0x8c8c008c, 0xbcbc00bc, 0xd3d300d3, 0x0a0a000a,
+    0xf7f700f7, 0xe4e400e4, 0x58580058, 0x05050005,
+    0xb8b800b8, 0xb3b300b3, 0x45450045, 0x06060006,
+    0xd0d000d0, 0x2c2c002c, 0x1e1e001e, 0x8f8f008f,
+    0xcaca00ca, 0x3f3f003f, 0x0f0f000f, 0x02020002,
+    0xc1c100c1, 0xafaf00af, 0xbdbd00bd, 0x03030003,
+    0x01010001, 0x13130013, 0x8a8a008a, 0x6b6b006b,
+    0x3a3a003a, 0x91910091, 0x11110011, 0x41410041,
+    0x4f4f004f, 0x67670067, 0xdcdc00dc, 0xeaea00ea,
+    0x97970097, 0xf2f200f2, 0xcfcf00cf, 0xcece00ce,
+    0xf0f000f0, 0xb4b400b4, 0xe6e600e6, 0x73730073,
+    0x96960096, 0xacac00ac, 0x74740074, 0x22220022,
+    0xe7e700e7, 0xadad00ad, 0x35350035, 0x85850085,
+    0xe2e200e2, 0xf9f900f9, 0x37370037, 0xe8e800e8,
+    0x1c1c001c, 0x75750075, 0xdfdf00df, 0x6e6e006e,
+    0x47470047, 0xf1f100f1, 0x1a1a001a, 0x71710071,
+    0x1d1d001d, 0x29290029, 0xc5c500c5, 0x89890089,
+    0x6f6f006f, 0xb7b700b7, 0x62620062, 0x0e0e000e,
+    0xaaaa00aa, 0x18180018, 0xbebe00be, 0x1b1b001b,
+    0xfcfc00fc, 0x56560056, 0x3e3e003e, 0x4b4b004b,
+    0xc6c600c6, 0xd2d200d2, 0x79790079, 0x20200020,
+    0x9a9a009a, 0xdbdb00db, 0xc0c000c0, 0xfefe00fe,
+    0x78780078, 0xcdcd00cd, 0x5a5a005a, 0xf4f400f4,
+    0x1f1f001f, 0xdddd00dd, 0xa8a800a8, 0x33330033,
+    0x88880088, 0x07070007, 0xc7c700c7, 0x31310031,
+    0xb1b100b1, 0x12120012, 0x10100010, 0x59590059,
+    0x27270027, 0x80800080, 0xecec00ec, 0x5f5f005f,
+    0x60600060, 0x51510051, 0x7f7f007f, 0xa9a900a9,
+    0x19190019, 0xb5b500b5, 0x4a4a004a, 0x0d0d000d,
+    0x2d2d002d, 0xe5e500e5, 0x7a7a007a, 0x9f9f009f,
+    0x93930093, 0xc9c900c9, 0x9c9c009c, 0xefef00ef,
+    0xa0a000a0, 0xe0e000e0, 0x3b3b003b, 0x4d4d004d,
+    0xaeae00ae, 0x2a2a002a, 0xf5f500f5, 0xb0b000b0,
+    0xc8c800c8, 0xebeb00eb, 0xbbbb00bb, 0x3c3c003c,
+    0x83830083, 0x53530053, 0x99990099, 0x61610061,
+    0x17170017, 0x2b2b002b, 0x04040004, 0x7e7e007e,
+    0xbaba00ba, 0x77770077, 0xd6d600d6, 0x26260026,
+    0xe1e100e1, 0x69690069, 0x14140014, 0x63630063,
+    0x55550055, 0x21210021, 0x0c0c000c, 0x7d7d007d
+};
+
+static const uint32_t X2[256] = {
+    0x30303000, 0x68686800, 0x99999900, 0x1b1b1b00,
+    0x87878700, 0xb9b9b900, 0x21212100, 0x78787800,
+    0x50505000, 0x39393900, 0xdbdbdb00, 0xe1e1e100,
+    0x72727200, 0x09090900, 0x62626200, 0x3c3c3c00,
+    0x3e3e3e00, 0x7e7e7e00, 0x5e5e5e00, 0x8e8e8e00,
+    0xf1f1f100, 0xa0a0a000, 0xcccccc00, 0xa3a3a300,
+    0x2a2a2a00, 0x1d1d1d00, 0xfbfbfb00, 0xb6b6b600,
+    0xd6d6d600, 0x20202000, 0xc4c4c400, 0x8d8d8d00,
+    0x81818100, 0x65656500, 0xf5f5f500, 0x89898900,
+    0xcbcbcb00, 0x9d9d9d00, 0x77777700, 0xc6c6c600,
+    0x57575700, 0x43434300, 0x56565600, 0x17171700,
+    0xd4d4d400, 0x40404000, 0x1a1a1a00, 0x4d4d4d00,
+    0xc0c0c000, 0x63636300, 0x6c6c6c00, 0xe3e3e300,
+    0xb7b7b700, 0xc8c8c800, 0x64646400, 0x6a6a6a00,
+    0x53535300, 0xaaaaaa00, 0x38383800, 0x98989800,
+    0x0c0c0c00, 0xf4f4f400, 0x9b9b9b00, 0xededed00,
+    0x7f7f7f00, 0x22222200, 0x76767600, 0xafafaf00,
+    0xdddddd00, 0x3a3a3a00, 0x0b0b0b00, 0x58585800,
+    0x67676700, 0x88888800, 0x06060600, 0xc3c3c300,
+    0x35353500, 0x0d0d0d00, 0x01010100, 0x8b8b8b00,
+    0x8c8c8c00, 0xc2c2c200, 0xe6e6e600, 0x5f5f5f00,
+    0x02020200, 0x24242400, 0x75757500, 0x93939300,
+    0x66666600, 0x1e1e1e00, 0xe5e5e500, 0xe2e2e200,
+    0x54545400, 0xd8d8d800, 0x10101000, 0xcecece00,
+    0x7a7a7a00, 0xe8e8e800, 0x08080800, 0x2c2c2c00,
+    0x12121200, 0x97979700, 0x32323200, 0xababab00,
+    0xb4b4b400, 0x27272700, 0x0a0a0a00, 0x23232300,
+    0xdfdfdf00, 0xefefef00, 0xcacaca00, 0xd9d9d900,
+    0xb8b8b800, 0xfafafa00, 0xdcdcdc00, 0x31313100,
+    0x6b6b6b00, 0xd1d1d100, 0xadadad00, 0x19191900,
+    0x49494900, 0xbdbdbd00, 0x51515100, 0x96969600,
+    0xeeeeee00, 0xe4e4e400, 0xa8a8a800, 0x41414100,
+    0xdadada00, 0xffffff00, 0xcdcdcd00, 0x55555500,
+    0x86868600, 0x36363600, 0xbebebe00, 0x61616100,
+    0x52525200, 0xf8f8f800, 0xbbbbbb00, 0x0e0e0e00,
+    0x82828200, 0x48484800, 0x69696900, 0x9a9a9a00,
+    0xe0e0e000, 0x47474700, 0x9e9e9e00, 0x5c5c5c00,
+    0x04040400, 0x4b4b4b00, 0x34343400, 0x15151500,
+    0x79797900, 0x26262600, 0xa7a7a700, 0xdedede00,
+    0x29292900, 0xaeaeae00, 0x92929200, 0xd7d7d700,
+    0x84848400, 0xe9e9e900, 0xd2d2d200, 0xbababa00,
+    0x5d5d5d00, 0xf3f3f300, 0xc5c5c500, 0xb0b0b000,
+    0xbfbfbf00, 0xa4a4a400, 0x3b3b3b00, 0x71717100,
+    0x44444400, 0x46464600, 0x2b2b2b00, 0xfcfcfc00,
+    0xebebeb00, 0x6f6f6f00, 0xd5d5d500, 0xf6f6f600,
+    0x14141400, 0xfefefe00, 0x7c7c7c00, 0x70707000,
+    0x5a5a5a00, 0x7d7d7d00, 0xfdfdfd00, 0x2f2f2f00,
+    0x18181800, 0x83838300, 0x16161600, 0xa5a5a500,
+    0x91919100, 0x1f1f1f00, 0x05050500, 0x95959500,
+    0x74747400, 0xa9a9a900, 0xc1c1c100, 0x5b5b5b00,
+    0x4a4a4a00, 0x85858500, 0x6d6d6d00, 0x13131300,
+    0x07070700, 0x4f4f4f00, 0x4e4e4e00, 0x45454500,
+    0xb2b2b200, 0x0f0f0f00, 0xc9c9c900, 0x1c1c1c00,
+    0xa6a6a600, 0xbcbcbc00, 0xececec00, 0x73737300,
+    0x90909000, 0x7b7b7b00, 0xcfcfcf00, 0x59595900,
+    0x8f8f8f00, 0xa1a1a100, 0xf9f9f900, 0x2d2d2d00,
+    0xf2f2f200, 0xb1b1b100, 0x00000000, 0x94949400,
+    0x37373700, 0x9f9f9f00, 0xd0d0d000, 0x2e2e2e00,
+    0x9c9c9c00, 0x6e6e6e00, 0x28282800, 0x3f3f3f00,
+    0x80808000, 0xf0f0f000, 0x3d3d3d00, 0xd3d3d300,
+    0x25252500, 0x8a8a8a00, 0xb5b5b500, 0xe7e7e700,
+    0x42424200, 0xb3b3b300, 0xc7c7c700, 0xeaeaea00,
+    0xf7f7f700, 0x4c4c4c00, 0x11111100, 0x33333300,
+    0x03030300, 0xa2a2a200, 0xacacac00, 0x60606000
+};
+
+/* Key XOR Layer */
+#define ARIA_ADD_ROUND_KEY(RK, T0, T1, T2, T3)  \
+    do {                                        \
+        (T0) ^= (RK)->u[0];                     \
+        (T1) ^= (RK)->u[1];                     \
+        (T2) ^= (RK)->u[2];                     \
+        (T3) ^= (RK)->u[3];                     \
+    } while(0)
+
+/* S-Box Layer 1 + M */
+#define ARIA_SBOX_LAYER1_WITH_PRE_DIFF(T0, T1, T2, T3)  \
+    do {                                                \
+        (T0) =                                          \
+            S1[GET_U8_BE(T0, 0)] ^                      \
+            S2[GET_U8_BE(T0, 1)] ^                      \
+            X1[GET_U8_BE(T0, 2)] ^                      \
+            X2[GET_U8_BE(T0, 3)];                       \
+        (T1) =                                          \
+            S1[GET_U8_BE(T1, 0)] ^                      \
+            S2[GET_U8_BE(T1, 1)] ^                      \
+            X1[GET_U8_BE(T1, 2)] ^                      \
+            X2[GET_U8_BE(T1, 3)];                       \
+        (T2) =                                          \
+            S1[GET_U8_BE(T2, 0)] ^                      \
+            S2[GET_U8_BE(T2, 1)] ^                      \
+            X1[GET_U8_BE(T2, 2)] ^                      \
+            X2[GET_U8_BE(T2, 3)];                       \
+        (T3) =                                          \
+            S1[GET_U8_BE(T3, 0)] ^                      \
+            S2[GET_U8_BE(T3, 1)] ^                      \
+            X1[GET_U8_BE(T3, 2)] ^                      \
+            X2[GET_U8_BE(T3, 3)];                       \
+    } while(0)
+
+/* S-Box Layer 2 + M */
+#define ARIA_SBOX_LAYER2_WITH_PRE_DIFF(T0, T1, T2, T3)  \
+    do {                                                \
+        (T0) =                                          \
+            X1[GET_U8_BE(T0, 0)] ^                      \
+            X2[GET_U8_BE(T0, 1)] ^                      \
+            S1[GET_U8_BE(T0, 2)] ^                      \
+            S2[GET_U8_BE(T0, 3)];                       \
+        (T1) =                                          \
+            X1[GET_U8_BE(T1, 0)] ^                      \
+            X2[GET_U8_BE(T1, 1)] ^                      \
+            S1[GET_U8_BE(T1, 2)] ^                      \
+            S2[GET_U8_BE(T1, 3)];                       \
+        (T2) =                                          \
+            X1[GET_U8_BE(T2, 0)] ^                      \
+            X2[GET_U8_BE(T2, 1)] ^                      \
+            S1[GET_U8_BE(T2, 2)] ^                      \
+            S2[GET_U8_BE(T2, 3)];                       \
+        (T3) =                                          \
+            X1[GET_U8_BE(T3, 0)] ^                      \
+            X2[GET_U8_BE(T3, 1)] ^                      \
+            S1[GET_U8_BE(T3, 2)] ^                      \
+            S2[GET_U8_BE(T3, 3)];                       \
+    } while(0)
+
+/* Word-level diffusion */
+#define ARIA_DIFF_WORD(T0,T1,T2,T3) \
+    do {                            \
+        (T1) ^= (T2);               \
+        (T2) ^= (T3);               \
+        (T0) ^= (T1);               \
+                                    \
+        (T3) ^= (T1);               \
+        (T2) ^= (T0);               \
+        (T1) ^= (T2);               \
+    } while(0)
+
+/* Byte-level diffusion */
+#define ARIA_DIFF_BYTE(T0, T1, T2, T3)                                  \
+    do {                                                                \
+        (T1) = (((T1) << 8) & 0xff00ff00) ^ (((T1) >> 8) & 0x00ff00ff); \
+        (T2) = rotr32(T2, 16);                                          \
+        (T3) = bswap32(T3);                                             \
+    } while(0)
+
+/* Odd round Substitution & Diffusion */
+#define ARIA_SUBST_DIFF_ODD(T0, T1, T2, T3)             \
+    do {                                                \
+        ARIA_SBOX_LAYER1_WITH_PRE_DIFF(T0, T1, T2, T3); \
+        ARIA_DIFF_WORD(T0, T1, T2, T3);                 \
+        ARIA_DIFF_BYTE(T0, T1, T2, T3);                 \
+        ARIA_DIFF_WORD(T0, T1, T2, T3);                 \
+    } while(0)
+
+/* Even round Substitution & Diffusion */
+#define ARIA_SUBST_DIFF_EVEN(T0, T1, T2, T3)            \
+    do {                                                \
+        ARIA_SBOX_LAYER2_WITH_PRE_DIFF(T0, T1, T2, T3); \
+        ARIA_DIFF_WORD(T0, T1, T2, T3);                 \
+        ARIA_DIFF_BYTE(T2, T3, T0, T1);                 \
+        ARIA_DIFF_WORD(T0, T1, T2, T3);                 \
+    } while(0)
+
+/* Q, R Macro expanded ARIA GSRK */
+#define _ARIA_GSRK(RK, X, Y, Q, R)                  \
+    do {                                            \
+        (RK)->u[0] =                                \
+            ((X)[0]) ^                              \
+            (((Y)[((Q)    ) % 4]) >> (R)) ^         \
+            (((Y)[((Q) + 3) % 4]) << (32 - (R)));   \
+        (RK)->u[1] =                                \
+            ((X)[1]) ^                              \
+            (((Y)[((Q) + 1) % 4]) >> (R)) ^         \
+            (((Y)[((Q)    ) % 4]) << (32 - (R)));   \
+        (RK)->u[2] =                                \
+            ((X)[2]) ^                              \
+            (((Y)[((Q) + 2) % 4]) >> (R)) ^         \
+            (((Y)[((Q) + 1) % 4]) << (32 - (R)));   \
+        (RK)->u[3] =                                \
+            ((X)[3]) ^                              \
+            (((Y)[((Q) + 3) % 4]) >> (R)) ^         \
+            (((Y)[((Q) + 2) % 4]) << (32 - (R)));   \
+    } while(0)
+
+#define ARIA_GSRK(RK, X, Y, N) _ARIA_GSRK(RK, X, Y, 4 - ((N) / 32), (N) % 32)
+
+#define ARIA_DEC_DIFF_BYTE(X, Y, TMP, TMP2)         \
+    do {                                            \
+        (TMP) = (X);                                \
+        (TMP2) = rotr32((TMP), 8);                  \
+        (Y) = (TMP2) ^ rotr32((TMP) ^ (TMP2), 16);  \
+    } while(0)
+
+void aria_encrypt(const unsigned char *in, unsigned char *out,
+                  const ARIA_KEY *key)
+{
+    register uint32_t reg0, reg1, reg2, reg3;
+    int Nr;
+    const ARIA_u128 *rk;
+
+    if (in == NULL || out == NULL || key == NULL) {
+        return;
+    }
+
+    rk = key->rd_key;
+    Nr = key->rounds;
+
+    if (Nr != 12 && Nr != 14 && Nr != 16) {
+        return;
+    }
+
+    reg0 = GET_U32_BE(in, 0);
+    reg1 = GET_U32_BE(in, 1);
+    reg2 = GET_U32_BE(in, 2);
+    reg3 = GET_U32_BE(in, 3);
+
+    ARIA_ADD_ROUND_KEY(rk, reg0, reg1, reg2, reg3);
+    rk++;
+
+    ARIA_SUBST_DIFF_ODD(reg0, reg1, reg2, reg3);
+    ARIA_ADD_ROUND_KEY(rk, reg0, reg1, reg2, reg3);
+    rk++;
+
+    while(Nr -= 2){
+        ARIA_SUBST_DIFF_EVEN(reg0, reg1, reg2, reg3);
+        ARIA_ADD_ROUND_KEY(rk, reg0, reg1, reg2, reg3);
+        rk++;
+
+        ARIA_SUBST_DIFF_ODD(reg0, reg1, reg2, reg3);
+        ARIA_ADD_ROUND_KEY(rk, reg0, reg1, reg2, reg3);
+        rk++;
+    }
+
+    reg0 = rk->u[0] ^ MAKE_U32(
+        (uint8_t)(X1[GET_U8_BE(reg0, 0)]     ),
+        (uint8_t)(X2[GET_U8_BE(reg0, 1)] >> 8),
+        (uint8_t)(S1[GET_U8_BE(reg0, 2)]     ),
+        (uint8_t)(S2[GET_U8_BE(reg0, 3)]     ));
+    reg1 = rk->u[1] ^ MAKE_U32(
+        (uint8_t)(X1[GET_U8_BE(reg1, 0)]     ),
+        (uint8_t)(X2[GET_U8_BE(reg1, 1)] >> 8),
+        (uint8_t)(S1[GET_U8_BE(reg1, 2)]     ),
+        (uint8_t)(S2[GET_U8_BE(reg1, 3)]     ));
+    reg2 = rk->u[2] ^ MAKE_U32(
+        (uint8_t)(X1[GET_U8_BE(reg2, 0)]     ),
+        (uint8_t)(X2[GET_U8_BE(reg2, 1)] >> 8),
+        (uint8_t)(S1[GET_U8_BE(reg2, 2)]     ),
+        (uint8_t)(S2[GET_U8_BE(reg2, 3)]     ));
+    reg3 = rk->u[3] ^ MAKE_U32(
+        (uint8_t)(X1[GET_U8_BE(reg3, 0)]     ),
+        (uint8_t)(X2[GET_U8_BE(reg3, 1)] >> 8),
+        (uint8_t)(S1[GET_U8_BE(reg3, 2)]     ),
+        (uint8_t)(S2[GET_U8_BE(reg3, 3)]     ));
+
+    PUT_U32_BE(out, 0, reg0);
+    PUT_U32_BE(out, 1, reg1);
+    PUT_U32_BE(out, 2, reg2);
+    PUT_U32_BE(out, 3, reg3);
+}
+
+int aria_set_encrypt_key(const unsigned char *userKey, const int bits,
+                         ARIA_KEY *key)
+{
+    register uint32_t reg0, reg1, reg2, reg3;
+    uint32_t w0[4], w1[4], w2[4], w3[4];
+    const uint32_t *ck;
+
+    ARIA_u128 *rk;
+    int Nr = (bits + 256) / 32;
+
+    if (userKey == NULL || key == NULL) {
+        return -1;
+    }
+    if (bits != 128 && bits != 192 && bits != 256) {
+        return -2;
+    }
+
+    rk = key->rd_key;
+    key->rounds = Nr;
+    ck = &Key_RC[(bits - 128) / 64][0];
+
+    w0[0] = GET_U32_BE(userKey, 0);
+    w0[1] = GET_U32_BE(userKey, 1);
+    w0[2] = GET_U32_BE(userKey, 2);
+    w0[3] = GET_U32_BE(userKey, 3);
+
+    reg0 = w0[0] ^ ck[0];
+    reg1 = w0[1] ^ ck[1];
+    reg2 = w0[2] ^ ck[2];
+    reg3 = w0[3] ^ ck[3];
+
+    ARIA_SUBST_DIFF_ODD(reg0, reg1, reg2, reg3);
+
+    if (bits > 128) {
+        w1[0] = GET_U32_BE(userKey, 4);
+        w1[1] = GET_U32_BE(userKey, 5);
+        if (bits > 192) {
+            w1[2] = GET_U32_BE(userKey, 6);
+            w1[3] = GET_U32_BE(userKey, 7);
+        }
+        else {
+            w1[2] = w1[3] = 0;
+        }
+    }
+    else {
+        w1[0] = w1[1] = w1[2] = w1[3] = 0;
+    }
+
+    w1[0] ^= reg0;
+    w1[1] ^= reg1;
+    w1[2] ^= reg2;
+    w1[3] ^= reg3;
+
+    reg0 = w1[0];
+    reg1 = w1[1];
+    reg2 = w1[2];
+    reg3 = w1[3];
+
+    reg0 ^= ck[4];
+    reg1 ^= ck[5];
+    reg2 ^= ck[6];
+    reg3 ^= ck[7];
+
+    ARIA_SUBST_DIFF_EVEN(reg0, reg1, reg2, reg3);
+
+    reg0 ^= w0[0];
+    reg1 ^= w0[1];
+    reg2 ^= w0[2];
+    reg3 ^= w0[3];
+
+    w2[0] = reg0;
+    w2[1] = reg1;
+    w2[2] = reg2;
+    w2[3] = reg3;
+
+    reg0 ^= ck[8];
+    reg1 ^= ck[9];
+    reg2 ^= ck[10];
+    reg3 ^= ck[11];
+
+    ARIA_SUBST_DIFF_ODD(reg0, reg1, reg2, reg3);
+
+    w3[0] = reg0 ^ w1[0];
+    w3[1] = reg1 ^ w1[1];
+    w3[2] = reg2 ^ w1[2];
+    w3[3] = reg3 ^ w1[3];
+
+    ARIA_GSRK(rk, w0, w1, 19);
+    rk++;
+    ARIA_GSRK(rk, w1, w2, 19);
+    rk++;
+    ARIA_GSRK(rk, w2, w3, 19);
+    rk++;
+    ARIA_GSRK(rk, w3, w0, 19);
+
+    rk++;
+    ARIA_GSRK(rk, w0, w1, 31);
+    rk++;
+    ARIA_GSRK(rk, w1, w2, 31);
+    rk++;
+    ARIA_GSRK(rk, w2, w3, 31);
+    rk++;
+    ARIA_GSRK(rk, w3, w0, 31);
+
+    rk++;
+    ARIA_GSRK(rk, w0, w1, 67);
+    rk++;
+    ARIA_GSRK(rk, w1, w2, 67);
+    rk++;
+    ARIA_GSRK(rk, w2, w3, 67);
+    rk++;
+    ARIA_GSRK(rk, w3, w0, 67);
+
+    rk++;
+    ARIA_GSRK(rk, w0, w1, 97);
+    if (bits > 128) {
+        rk++;
+        ARIA_GSRK(rk, w1, w2, 97);
+        rk++;
+        ARIA_GSRK(rk, w2, w3, 97);
+    }
+    if (bits > 192) {
+        rk++;
+        ARIA_GSRK(rk, w3, w0, 97);
+
+        rk++;
+        ARIA_GSRK(rk, w0, w1, 109);
+    }
+
+    return 0;
+}
+
+int aria_set_decrypt_key(const unsigned char *userKey, const int bits,
+                         ARIA_KEY *key)
+{
+    ARIA_u128 *rk_head;
+    ARIA_u128 *rk_tail;
+    register uint32_t w1, w2;
+    register uint32_t reg0, reg1, reg2, reg3;
+    uint32_t s0, s1, s2, s3;
+
+    const int r = aria_set_encrypt_key(userKey, bits, key);
+
+    if (r != 0) {
+        return r;
+    }
+
+    rk_head = key->rd_key;
+    rk_tail = rk_head + key->rounds;
+
+    reg0 = rk_head->u[0];
+    reg1 = rk_head->u[1];
+    reg2 = rk_head->u[2];
+    reg3 = rk_head->u[3];
+
+    memcpy(rk_head, rk_tail, ARIA_BLOCK_SIZE);
+
+    rk_tail->u[0] = reg0;
+    rk_tail->u[1] = reg1;
+    rk_tail->u[2] = reg2;
+    rk_tail->u[3] = reg3;
+
+    rk_head++;
+    rk_tail--;
+
+    for (; rk_head < rk_tail; rk_head++, rk_tail--) {
+        ARIA_DEC_DIFF_BYTE(rk_head->u[0], reg0, w1, w2);
+        ARIA_DEC_DIFF_BYTE(rk_head->u[1], reg1, w1, w2);
+        ARIA_DEC_DIFF_BYTE(rk_head->u[2], reg2, w1, w2);
+        ARIA_DEC_DIFF_BYTE(rk_head->u[3], reg3, w1, w2);
+
+        ARIA_DIFF_WORD(reg0, reg1, reg2, reg3);
+        ARIA_DIFF_BYTE(reg0, reg1, reg2, reg3);
+        ARIA_DIFF_WORD(reg0, reg1, reg2, reg3);
+
+        s0 = reg0;
+        s1 = reg1;
+        s2 = reg2;
+        s3 = reg3;
+
+        ARIA_DEC_DIFF_BYTE(rk_tail->u[0], reg0, w1, w2);
+        ARIA_DEC_DIFF_BYTE(rk_tail->u[1], reg1, w1, w2);
+        ARIA_DEC_DIFF_BYTE(rk_tail->u[2], reg2, w1, w2);
+        ARIA_DEC_DIFF_BYTE(rk_tail->u[3], reg3, w1, w2);
+
+        ARIA_DIFF_WORD(reg0, reg1, reg2, reg3);
+        ARIA_DIFF_BYTE(reg0, reg1, reg2, reg3);
+        ARIA_DIFF_WORD(reg0, reg1, reg2, reg3);
+
+        rk_head->u[0] = reg0;
+        rk_head->u[1] = reg1;
+        rk_head->u[2] = reg2;
+        rk_head->u[3] = reg3;
+
+        rk_tail->u[0] = s0;
+        rk_tail->u[1] = s1;
+        rk_tail->u[2] = s2;
+        rk_tail->u[3] = s3;
+    }
+    ARIA_DEC_DIFF_BYTE(rk_head->u[0], reg0, w1, w2);
+    ARIA_DEC_DIFF_BYTE(rk_head->u[1], reg1, w1, w2);
+    ARIA_DEC_DIFF_BYTE(rk_head->u[2], reg2, w1, w2);
+    ARIA_DEC_DIFF_BYTE(rk_head->u[3], reg3, w1, w2);
+
+    ARIA_DIFF_WORD(reg0, reg1, reg2, reg3);
+    ARIA_DIFF_BYTE(reg0, reg1, reg2, reg3);
+    ARIA_DIFF_WORD(reg0, reg1, reg2, reg3);
+
+    rk_tail->u[0] = reg0;
+    rk_tail->u[1] = reg1;
+    rk_tail->u[2] = reg2;
+    rk_tail->u[3] = reg3;
+
+    return 0;
+}
+
+#else
+
+static const unsigned char sb1[256] = {
+    0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5,
+    0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
+    0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0,
+    0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
+    0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc,
+    0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
+    0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a,
+    0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
+    0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0,
+    0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
+    0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b,
+    0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
+    0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85,
+    0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
+    0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5,
+    0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
+    0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17,
+    0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
+    0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88,
+    0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
+    0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c,
+    0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
+    0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9,
+    0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
+    0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6,
+    0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
+    0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e,
+    0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
+    0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94,
+    0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
+    0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68,
+    0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
+};
+
+static const unsigned char sb2[256] = {
+    0xe2, 0x4e, 0x54, 0xfc, 0x94, 0xc2, 0x4a, 0xcc,
+    0x62, 0x0d, 0x6a, 0x46, 0x3c, 0x4d, 0x8b, 0xd1,
+    0x5e, 0xfa, 0x64, 0xcb, 0xb4, 0x97, 0xbe, 0x2b,
+    0xbc, 0x77, 0x2e, 0x03, 0xd3, 0x19, 0x59, 0xc1,
+    0x1d, 0x06, 0x41, 0x6b, 0x55, 0xf0, 0x99, 0x69,
+    0xea, 0x9c, 0x18, 0xae, 0x63, 0xdf, 0xe7, 0xbb,
+    0x00, 0x73, 0x66, 0xfb, 0x96, 0x4c, 0x85, 0xe4,
+    0x3a, 0x09, 0x45, 0xaa, 0x0f, 0xee, 0x10, 0xeb,
+    0x2d, 0x7f, 0xf4, 0x29, 0xac, 0xcf, 0xad, 0x91,
+    0x8d, 0x78, 0xc8, 0x95, 0xf9, 0x2f, 0xce, 0xcd,
+    0x08, 0x7a, 0x88, 0x38, 0x5c, 0x83, 0x2a, 0x28,
+    0x47, 0xdb, 0xb8, 0xc7, 0x93, 0xa4, 0x12, 0x53,
+    0xff, 0x87, 0x0e, 0x31, 0x36, 0x21, 0x58, 0x48,
+    0x01, 0x8e, 0x37, 0x74, 0x32, 0xca, 0xe9, 0xb1,
+    0xb7, 0xab, 0x0c, 0xd7, 0xc4, 0x56, 0x42, 0x26,
+    0x07, 0x98, 0x60, 0xd9, 0xb6, 0xb9, 0x11, 0x40,
+    0xec, 0x20, 0x8c, 0xbd, 0xa0, 0xc9, 0x84, 0x04,
+    0x49, 0x23, 0xf1, 0x4f, 0x50, 0x1f, 0x13, 0xdc,
+    0xd8, 0xc0, 0x9e, 0x57, 0xe3, 0xc3, 0x7b, 0x65,
+    0x3b, 0x02, 0x8f, 0x3e, 0xe8, 0x25, 0x92, 0xe5,
+    0x15, 0xdd, 0xfd, 0x17, 0xa9, 0xbf, 0xd4, 0x9a,
+    0x7e, 0xc5, 0x39, 0x67, 0xfe, 0x76, 0x9d, 0x43,
+    0xa7, 0xe1, 0xd0, 0xf5, 0x68, 0xf2, 0x1b, 0x34,
+    0x70, 0x05, 0xa3, 0x8a, 0xd5, 0x79, 0x86, 0xa8,
+    0x30, 0xc6, 0x51, 0x4b, 0x1e, 0xa6, 0x27, 0xf6,
+    0x35, 0xd2, 0x6e, 0x24, 0x16, 0x82, 0x5f, 0xda,
+    0xe6, 0x75, 0xa2, 0xef, 0x2c, 0xb2, 0x1c, 0x9f,
+    0x5d, 0x6f, 0x80, 0x0a, 0x72, 0x44, 0x9b, 0x6c,
+    0x90, 0x0b, 0x5b, 0x33, 0x7d, 0x5a, 0x52, 0xf3,
+    0x61, 0xa1, 0xf7, 0xb0, 0xd6, 0x3f, 0x7c, 0x6d,
+    0xed, 0x14, 0xe0, 0xa5, 0x3d, 0x22, 0xb3, 0xf8,
+    0x89, 0xde, 0x71, 0x1a, 0xaf, 0xba, 0xb5, 0x81
+};
+
+static const unsigned char sb3[256] = {
+    0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38,
+    0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb,
+    0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87,
+    0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb,
+    0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d,
+    0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e,
+    0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2,
+    0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25,
+    0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16,
+    0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92,
+    0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda,
+    0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84,
+    0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a,
+    0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06,
+    0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02,
+    0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b,
+    0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea,
+    0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73,
+    0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85,
+    0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e,
+    0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89,
+    0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b,
+    0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20,
+    0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4,
+    0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31,
+    0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f,
+    0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d,
+    0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef,
+    0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0,
+    0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61,
+    0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26,
+    0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
+};
+
+static const unsigned char sb4[256] = {
+    0x30, 0x68, 0x99, 0x1b, 0x87, 0xb9, 0x21, 0x78,
+    0x50, 0x39, 0xdb, 0xe1, 0x72, 0x09, 0x62, 0x3c,
+    0x3e, 0x7e, 0x5e, 0x8e, 0xf1, 0xa0, 0xcc, 0xa3,
+    0x2a, 0x1d, 0xfb, 0xb6, 0xd6, 0x20, 0xc4, 0x8d,
+    0x81, 0x65, 0xf5, 0x89, 0xcb, 0x9d, 0x77, 0xc6,
+    0x57, 0x43, 0x56, 0x17, 0xd4, 0x40, 0x1a, 0x4d,
+    0xc0, 0x63, 0x6c, 0xe3, 0xb7, 0xc8, 0x64, 0x6a,
+    0x53, 0xaa, 0x38, 0x98, 0x0c, 0xf4, 0x9b, 0xed,
+    0x7f, 0x22, 0x76, 0xaf, 0xdd, 0x3a, 0x0b, 0x58,
+    0x67, 0x88, 0x06, 0xc3, 0x35, 0x0d, 0x01, 0x8b,
+    0x8c, 0xc2, 0xe6, 0x5f, 0x02, 0x24, 0x75, 0x93,
+    0x66, 0x1e, 0xe5, 0xe2, 0x54, 0xd8, 0x10, 0xce,
+    0x7a, 0xe8, 0x08, 0x2c, 0x12, 0x97, 0x32, 0xab,
+    0xb4, 0x27, 0x0a, 0x23, 0xdf, 0xef, 0xca, 0xd9,
+    0xb8, 0xfa, 0xdc, 0x31, 0x6b, 0xd1, 0xad, 0x19,
+    0x49, 0xbd, 0x51, 0x96, 0xee, 0xe4, 0xa8, 0x41,
+    0xda, 0xff, 0xcd, 0x55, 0x86, 0x36, 0xbe, 0x61,
+    0x52, 0xf8, 0xbb, 0x0e, 0x82, 0x48, 0x69, 0x9a,
+    0xe0, 0x47, 0x9e, 0x5c, 0x04, 0x4b, 0x34, 0x15,
+    0x79, 0x26, 0xa7, 0xde, 0x29, 0xae, 0x92, 0xd7,
+    0x84, 0xe9, 0xd2, 0xba, 0x5d, 0xf3, 0xc5, 0xb0,
+    0xbf, 0xa4, 0x3b, 0x71, 0x44, 0x46, 0x2b, 0xfc,
+    0xeb, 0x6f, 0xd5, 0xf6, 0x14, 0xfe, 0x7c, 0x70,
+    0x5a, 0x7d, 0xfd, 0x2f, 0x18, 0x83, 0x16, 0xa5,
+    0x91, 0x1f, 0x05, 0x95, 0x74, 0xa9, 0xc1, 0x5b,
+    0x4a, 0x85, 0x6d, 0x13, 0x07, 0x4f, 0x4e, 0x45,
+    0xb2, 0x0f, 0xc9, 0x1c, 0xa6, 0xbc, 0xec, 0x73,
+    0x90, 0x7b, 0xcf, 0x59, 0x8f, 0xa1, 0xf9, 0x2d,
+    0xf2, 0xb1, 0x00, 0x94, 0x37, 0x9f, 0xd0, 0x2e,
+    0x9c, 0x6e, 0x28, 0x3f, 0x80, 0xf0, 0x3d, 0xd3,
+    0x25, 0x8a, 0xb5, 0xe7, 0x42, 0xb3, 0xc7, 0xea,
+    0xf7, 0x4c, 0x11, 0x33, 0x03, 0xa2, 0xac, 0x60
+};
+
+static const ARIA_u128 c1 = {{
+    0x51, 0x7c, 0xc1, 0xb7, 0x27, 0x22, 0x0a, 0x94,
+    0xfe, 0x13, 0xab, 0xe8, 0xfa, 0x9a, 0x6e, 0xe0
+}};
+
+static const ARIA_u128 c2 = {{
+    0x6d, 0xb1, 0x4a, 0xcc, 0x9e, 0x21, 0xc8, 0x20,
+    0xff, 0x28, 0xb1, 0xd5, 0xef, 0x5d, 0xe2, 0xb0
+}};
+
+static const ARIA_u128 c3 = {{
+    0xdb, 0x92, 0x37, 0x1d, 0x21, 0x26, 0xe9, 0x70,
+    0x03, 0x24, 0x97, 0x75, 0x04, 0xe8, 0xc9, 0x0e
+}};
+
+/*
+ * Exclusive or two 128 bit values into the result.
+ * It is safe for the result to be the same as the either input.
+ */
+static void xor128(ARIA_c128 o, const ARIA_c128 x, const ARIA_u128 *y)
+{
+    int i;
+
+    for (i = 0; i < ARIA_BLOCK_SIZE; i++)
+        o[i] = x[i] ^ y->c[i];
+}
+
+/*
+ * Generalised circular rotate right and exclusive or function.
+ * It is safe for the output to overlap either input.
+ */
+static ossl_inline void rotnr(unsigned int n, ARIA_u128 *o,
+                              const ARIA_u128 *xor, const ARIA_u128 *z)
+{
+    const unsigned int bytes = n / 8, bits = n % 8;
+    unsigned int i;
+    ARIA_u128 t;
+
+    for (i = 0; i < ARIA_BLOCK_SIZE; i++)
+        t.c[(i + bytes) % ARIA_BLOCK_SIZE] = z->c[i];
+    for (i = 0; i < ARIA_BLOCK_SIZE; i++)
+        o->c[i] = ((t.c[i] >> bits) |
+                (t.c[i ? i - 1 : ARIA_BLOCK_SIZE - 1] << (8 - bits))) ^
+                xor->c[i];
+}
+
+/*
+ * Circular rotate 19 bits right and xor.
+ * It is safe for the output to overlap either input.
+ */
+static void rot19r(ARIA_u128 *o, const ARIA_u128 *xor, const ARIA_u128 *z)
+{
+    rotnr(19, o, xor, z);
+}
+
+/*
+ * Circular rotate 31 bits right and xor.
+ * It is safe for the output to overlap either input.
+ */
+static void rot31r(ARIA_u128 *o, const ARIA_u128 *xor, const ARIA_u128 *z)
+{
+    rotnr(31, o, xor, z);
+}
+
+/*
+ * Circular rotate 61 bits left and xor.
+ * It is safe for the output to overlap either input.
+ */
+static void rot61l(ARIA_u128 *o, const ARIA_u128 *xor, const ARIA_u128 *z)
+{
+    rotnr(8 * ARIA_BLOCK_SIZE - 61, o, xor, z);
+}
+
+/*
+ * Circular rotate 31 bits left and xor.
+ * It is safe for the output to overlap either input.
+ */
+static void rot31l(ARIA_u128 *o, const ARIA_u128 *xor, const ARIA_u128 *z)
+{
+    rotnr(8 * ARIA_BLOCK_SIZE - 31, o, xor, z);
+}
+
+/*
+ * Circular rotate 19 bits left and xor.
+ * It is safe for the output to overlap either input.
+ */
+static void rot19l(ARIA_u128 *o, const ARIA_u128 *xor, const ARIA_u128 *z)
+{
+    rotnr(8 * ARIA_BLOCK_SIZE - 19, o, xor, z);
+}
+
+/*
+ * First substitution and xor layer, used for odd steps.
+ * It is safe for the input and output to be the same.
+ */
+static void sl1(ARIA_u128 *o, const ARIA_u128 *x, const ARIA_u128 *y)
+{
+    unsigned int i;
+    for (i = 0; i < ARIA_BLOCK_SIZE; i += 4) {
+        o->c[i    ] = sb1[x->c[i    ] ^ y->c[i    ]];
+        o->c[i + 1] = sb2[x->c[i + 1] ^ y->c[i + 1]];
+        o->c[i + 2] = sb3[x->c[i + 2] ^ y->c[i + 2]];
+        o->c[i + 3] = sb4[x->c[i + 3] ^ y->c[i + 3]];
+    }
+}
+
+/*
+ * Second substitution and xor layer, used for even steps.
+ * It is safe for the input and output to be the same.
+ */
+static void sl2(ARIA_c128 o, const ARIA_u128 *x, const ARIA_u128 *y)
+{
+    unsigned int i;
+    for (i = 0; i < ARIA_BLOCK_SIZE; i += 4) {
+        o[i    ] = sb3[x->c[i	 ] ^ y->c[i    ]];
+        o[i + 1] = sb4[x->c[i + 1] ^ y->c[i + 1]];
+        o[i + 2] = sb1[x->c[i + 2] ^ y->c[i + 2]];
+        o[i + 3] = sb2[x->c[i + 3] ^ y->c[i + 3]];
+    }
+}
+
+/*
+ * Diffusion layer step
+ * It is NOT safe for the input and output to overlap.
+ */
+static void a(ARIA_u128 *y, const ARIA_u128 *x)
+{
+    y->c[ 0] = x->c[ 3] ^ x->c[ 4] ^ x->c[ 6] ^ x->c[ 8] ^
+               x->c[ 9] ^ x->c[13] ^ x->c[14];
+    y->c[ 1] = x->c[ 2] ^ x->c[ 5] ^ x->c[ 7] ^ x->c[ 8] ^
+               x->c[ 9] ^ x->c[12] ^ x->c[15];
+    y->c[ 2] = x->c[ 1] ^ x->c[ 4] ^ x->c[ 6] ^ x->c[10] ^
+               x->c[11] ^ x->c[12] ^ x->c[15];
+    y->c[ 3] = x->c[ 0] ^ x->c[ 5] ^ x->c[ 7] ^ x->c[10] ^
+               x->c[11] ^ x->c[13] ^ x->c[14];
+    y->c[ 4] = x->c[ 0] ^ x->c[ 2] ^ x->c[ 5] ^ x->c[ 8] ^
+               x->c[11] ^ x->c[14] ^ x->c[15];
+    y->c[ 5] = x->c[ 1] ^ x->c[ 3] ^ x->c[ 4] ^ x->c[ 9] ^
+               x->c[10] ^ x->c[14] ^ x->c[15];
+    y->c[ 6] = x->c[ 0] ^ x->c[ 2] ^ x->c[ 7] ^ x->c[ 9] ^
+               x->c[10] ^ x->c[12] ^ x->c[13];
+    y->c[ 7] = x->c[ 1] ^ x->c[ 3] ^ x->c[ 6] ^ x->c[ 8] ^
+               x->c[11] ^ x->c[12] ^ x->c[13];
+    y->c[ 8] = x->c[ 0] ^ x->c[ 1] ^ x->c[ 4] ^ x->c[ 7] ^
+               x->c[10] ^ x->c[13] ^ x->c[15];
+    y->c[ 9] = x->c[ 0] ^ x->c[ 1] ^ x->c[ 5] ^ x->c[ 6] ^
+               x->c[11] ^ x->c[12] ^ x->c[14];
+    y->c[10] = x->c[ 2] ^ x->c[ 3] ^ x->c[ 5] ^ x->c[ 6] ^
+               x->c[ 8] ^ x->c[13] ^ x->c[15];
+    y->c[11] = x->c[ 2] ^ x->c[ 3] ^ x->c[ 4] ^ x->c[ 7] ^
+               x->c[ 9] ^ x->c[12] ^ x->c[14];
+    y->c[12] = x->c[ 1] ^ x->c[ 2] ^ x->c[ 6] ^ x->c[ 7] ^
+               x->c[ 9] ^ x->c[11] ^ x->c[12];
+    y->c[13] = x->c[ 0] ^ x->c[ 3] ^ x->c[ 6] ^ x->c[ 7] ^
+               x->c[ 8] ^ x->c[10] ^ x->c[13];
+    y->c[14] = x->c[ 0] ^ x->c[ 3] ^ x->c[ 4] ^ x->c[ 5] ^
+               x->c[ 9] ^ x->c[11] ^ x->c[14];
+    y->c[15] = x->c[ 1] ^ x->c[ 2] ^ x->c[ 4] ^ x->c[ 5] ^
+               x->c[ 8] ^ x->c[10] ^ x->c[15];
+}
+
+/*
+ * Odd round function
+ * Apply the first substitution layer and then a diffusion step.
+ * It is safe for the input and output to overlap.
+ */
+static ossl_inline void FO(ARIA_u128 *o, const ARIA_u128 *d,
+                           const ARIA_u128 *rk)
+{
+    ARIA_u128 y;
+
+    sl1(&y, d, rk);
+    a(o, &y);
+}
+
+/*
+ * Even round function
+ * Apply the second substitution layer and then a diffusion step.
+ * It is safe for the input and output to overlap.
+ */
+static ossl_inline void FE(ARIA_u128 *o, const ARIA_u128 *d,
+                           const ARIA_u128 *rk)
+{
+    ARIA_u128 y;
+
+    sl2(y.c, d, rk);
+    a(o, &y);
+}
+
+/*
+ * Encrypt or decrypt a single block
+ * in and out can overlap
+ */
+static void do_encrypt(unsigned char *o, const unsigned char *pin,
+                       unsigned int rounds, const ARIA_u128 *keys)
+{
+    ARIA_u128 p;
+    unsigned int i;
+
+    memcpy(&p, pin, sizeof(p));
+    for (i = 0; i < rounds - 2; i += 2) {
+        FO(&p, &p, &keys[i]);
+        FE(&p, &p, &keys[i + 1]);
+    }
+    FO(&p, &p, &keys[rounds - 2]);
+    sl2(o, &p, &keys[rounds - 1]);
+    xor128(o, o, &keys[rounds]);
+}
+
+/*
+ * Encrypt a single block
+ * in and out can overlap
+ */
+void aria_encrypt(const unsigned char *in, unsigned char *out,
+                  const ARIA_KEY *key)
+{
+    assert(in != NULL && out != NULL && key != NULL);
+    do_encrypt(out, in, key->rounds, key->rd_key);
+}
+
+
+/*
+ * Expand the cipher key into the encryption key schedule.
+ * We short circuit execution of the last two
+ * or four rotations based on the key size.
+ */
+int aria_set_encrypt_key(const unsigned char *userKey, const int bits,
+                         ARIA_KEY *key)
+{
+    const ARIA_u128 *ck1, *ck2, *ck3;
+    ARIA_u128 kr, w0, w1, w2, w3;
+
+    if (!userKey || !key)
+        return -1;
+    memcpy(w0.c, userKey, sizeof(w0));
+    switch (bits) {
+    default:
+        return -2;
+    case 128:
+        key->rounds = 12;
+        ck1 = &c1;
+        ck2 = &c2;
+        ck3 = &c3;
+        memset(kr.c, 0, sizeof(kr));
+        break;
+
+    case 192:
+        key->rounds = 14;
+        ck1 = &c2;
+        ck2 = &c3;
+        ck3 = &c1;
+        memcpy(kr.c, userKey + ARIA_BLOCK_SIZE, sizeof(kr) / 2);
+        memset(kr.c + ARIA_BLOCK_SIZE / 2, 0, sizeof(kr) / 2);
+        break;
+
+    case 256:
+        key->rounds = 16;
+        ck1 = &c3;
+        ck2 = &c1;
+        ck3 = &c2;
+        memcpy(kr.c, userKey + ARIA_BLOCK_SIZE, sizeof(kr));
+        break;
+    }
+
+    FO(&w3, &w0, ck1);    xor128(w1.c, w3.c, &kr);
+    FE(&w3, &w1, ck2);    xor128(w2.c, w3.c, &w0);
+    FO(&kr, &w2, ck3);    xor128(w3.c, kr.c, &w1);
+
+    rot19r(&key->rd_key[ 0], &w0, &w1);
+    rot19r(&key->rd_key[ 1], &w1, &w2);
+    rot19r(&key->rd_key[ 2], &w2, &w3);
+    rot19r(&key->rd_key[ 3], &w3, &w0);
+
+    rot31r(&key->rd_key[ 4], &w0, &w1);
+    rot31r(&key->rd_key[ 5], &w1, &w2);
+    rot31r(&key->rd_key[ 6], &w2, &w3);
+    rot31r(&key->rd_key[ 7], &w3, &w0);
+
+    rot61l(&key->rd_key[ 8], &w0, &w1);
+    rot61l(&key->rd_key[ 9], &w1, &w2);
+    rot61l(&key->rd_key[10], &w2, &w3);
+    rot61l(&key->rd_key[11], &w3, &w0);
+
+    rot31l(&key->rd_key[12], &w0, &w1);
+    if (key->rounds > 12) {
+        rot31l(&key->rd_key[13], &w1, &w2);
+        rot31l(&key->rd_key[14], &w2, &w3);
+
+        if (key->rounds > 14) {
+            rot31l(&key->rd_key[15], &w3, &w0);
+            rot19l(&key->rd_key[16], &w0, &w1);
+        }
+    }
+    return 0;
+}
+
+/*
+ * Expand the cipher key into the decryption key schedule.
+ */
+int aria_set_decrypt_key(const unsigned char *userKey, const int bits,
+                         ARIA_KEY *key)
+{
+    ARIA_KEY ek;
+    const int r = aria_set_encrypt_key(userKey, bits, &ek);
+    unsigned int i, rounds = ek.rounds;
+
+    if (r == 0) {
+        key->rounds = rounds;
+        memcpy(&key->rd_key[0], &ek.rd_key[rounds], sizeof(key->rd_key[0]));
+        for (i = 1; i < rounds; i++)
+            a(&key->rd_key[i], &ek.rd_key[rounds - i]);
+        memcpy(&key->rd_key[rounds], &ek.rd_key[0], sizeof(key->rd_key[rounds]));
+    }
+    return r;
+}
+
+#endif
diff --git a/deps/openssl/openssl/crypto/aria/build.info b/deps/openssl/openssl/crypto/aria/build.info
new file mode 100644
index 0000000000..218d0612f7
--- /dev/null
+++ b/deps/openssl/openssl/crypto/aria/build.info
@@ -0,0 +1,4 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        aria.c
+
diff --git a/deps/openssl/openssl/crypto/arm64cpuid.pl b/deps/openssl/openssl/crypto/arm64cpuid.pl
index caa33875c9..06c8add7a0 100755
--- a/deps/openssl/openssl/crypto/arm64cpuid.pl
+++ b/deps/openssl/openssl/crypto/arm64cpuid.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -63,6 +63,7 @@ _armv8_sha256_probe:
 	sha256su0	v0.4s, v0.4s
 	ret
 .size	_armv8_sha256_probe,.-_armv8_sha256_probe
+
 .globl	_armv8_pmull_probe
 .type	_armv8_pmull_probe,%function
 _armv8_pmull_probe:
@@ -70,6 +71,13 @@ _armv8_pmull_probe:
 	ret
 .size	_armv8_pmull_probe,.-_armv8_pmull_probe
 
+.globl	_armv8_sha512_probe
+.type	_armv8_sha512_probe,%function
+_armv8_sha512_probe:
+	.long	0xcec08000	// sha512su0	v0.2d,v0.2d
+	ret
+.size	_armv8_sha512_probe,.-_armv8_sha512_probe
+
 .globl	OPENSSL_cleanse
 .type	OPENSSL_cleanse,%function
 .align	5
@@ -107,6 +115,19 @@ OPENSSL_cleanse:
 CRYPTO_memcmp:
 	eor	w3,w3,w3
 	cbz	x2,.Lno_data	// len==0?
+	cmp	x2,#16
+	b.ne	.Loop_cmp
+	ldp	x8,x9,[x0]
+	ldp	x10,x11,[x1]
+	eor	x8,x8,x10
+	eor	x9,x9,x11
+	orr	x8,x8,x9
+	mov	x0,#1
+	cmp	x8,#0
+	csel	x0,xzr,x0,eq
+	ret
+
+.align	4
 .Loop_cmp:
 	ldrb	w4,[x0],#1
 	ldrb	w5,[x1],#1
diff --git a/deps/openssl/openssl/crypto/arm_arch.h b/deps/openssl/openssl/crypto/arm_arch.h
index 25419e0df1..f11b543df6 100644
--- a/deps/openssl/openssl/crypto/arm_arch.h
+++ b/deps/openssl/openssl/crypto/arm_arch.h
@@ -28,7 +28,7 @@
 #    endif
   /*
    * Why doesn't gcc define __ARM_ARCH__? Instead it defines
-   * bunch of below macros. See all_architectires[] table in
+   * bunch of below macros. See all_architectures[] table in
    * gcc/config/arm/arm.c. On a side note it defines
    * __ARMEL__/__ARMEB__ for little-/big-endian.
    */
@@ -79,5 +79,6 @@ extern unsigned int OPENSSL_armcap_P;
 # define ARMV8_SHA1      (1<<3)
 # define ARMV8_SHA256    (1<<4)
 # define ARMV8_PMULL     (1<<5)
+# define ARMV8_SHA512    (1<<6)
 
 #endif
diff --git a/deps/openssl/openssl/crypto/armcap.c b/deps/openssl/openssl/crypto/armcap.c
index 28e97c8c4a..1b3c2722d1 100644
--- a/deps/openssl/openssl/crypto/armcap.c
+++ b/deps/openssl/openssl/crypto/armcap.c
@@ -13,7 +13,7 @@
 #include <setjmp.h>
 #include <signal.h>
 #include <openssl/crypto.h>
-#include <internal/cryptlib.h>
+#include "internal/cryptlib.h"
 
 #include "arm_arch.h"
 
@@ -24,7 +24,7 @@ void OPENSSL_cpuid_setup(void)
 {
 }
 
-unsigned long OPENSSL_rdtsc(void)
+uint32_t OPENSSL_rdtsc(void)
 {
     return 0;
 }
@@ -46,9 +46,12 @@ void _armv8_aes_probe(void);
 void _armv8_sha1_probe(void);
 void _armv8_sha256_probe(void);
 void _armv8_pmull_probe(void);
-unsigned long _armv7_tick(void);
+# ifdef __aarch64__
+void _armv8_sha512_probe(void);
+# endif
+uint32_t _armv7_tick(void);
 
-unsigned long OPENSSL_rdtsc(void)
+uint32_t OPENSSL_rdtsc(void)
 {
     if (OPENSSL_armcap_P & ARMV7_TICK)
         return _armv7_tick();
@@ -94,11 +97,12 @@ static unsigned long (*getauxval) (unsigned long) = NULL;
 #  define HWCAP_CE_PMULL         (1 << 4)
 #  define HWCAP_CE_SHA1          (1 << 5)
 #  define HWCAP_CE_SHA256        (1 << 6)
+#  define HWCAP_CE_SHA512        (1 << 21)
 # endif
 
 void OPENSSL_cpuid_setup(void)
 {
-    char *e;
+    const char *e;
     struct sigaction ill_oact, ill_act;
     sigset_t oset;
     static int trigger = 0;
@@ -163,6 +167,11 @@ void OPENSSL_cpuid_setup(void)
 
             if (hwcap & HWCAP_CE_SHA256)
                 OPENSSL_armcap_P |= ARMV8_SHA256;
+
+# ifdef __aarch64__
+            if (hwcap & HWCAP_CE_SHA512)
+                OPENSSL_armcap_P |= ARMV8_SHA512;
+# endif
         }
     } else if (sigsetjmp(ill_jmp, 1) == 0) {
         _armv7_neon_probe();
@@ -182,6 +191,12 @@ void OPENSSL_cpuid_setup(void)
             _armv8_sha256_probe();
             OPENSSL_armcap_P |= ARMV8_SHA256;
         }
+# if defined(__aarch64__) && !defined(__APPLE__)
+        if (sigsetjmp(ill_jmp, 1) == 0) {
+            _armv8_sha512_probe();
+            OPENSSL_armcap_P |= ARMV8_SHA512;
+        }
+# endif
     }
     if (sigsetjmp(ill_jmp, 1) == 0) {
         _armv7_tick();
diff --git a/deps/openssl/openssl/crypto/asn1/a_bitstr.c b/deps/openssl/openssl/crypto/asn1/a_bitstr.c
index b2e0fb6882..bffbd160a2 100644
--- a/deps/openssl/openssl/crypto/asn1/a_bitstr.c
+++ b/deps/openssl/openssl/crypto/asn1/a_bitstr.c
@@ -24,7 +24,7 @@ int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
     unsigned char *p, *d;
 
     if (a == NULL)
-        return (0);
+        return 0;
 
     len = a->length;
 
@@ -61,7 +61,7 @@ int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
 
     ret = 1 + len;
     if (pp == NULL)
-        return (ret);
+        return ret;
 
     p = *pp;
 
@@ -73,7 +73,7 @@ int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
         p[-1] &= (0xff << bits);
     }
     *pp = p;
-    return (ret);
+    return ret;
 }
 
 ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
@@ -96,7 +96,7 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
 
     if ((a == NULL) || ((*a) == NULL)) {
         if ((ret = ASN1_BIT_STRING_new()) == NULL)
-            return (NULL);
+            return NULL;
     } else
         ret = (*a);
 
@@ -132,16 +132,16 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
     if (a != NULL)
         (*a) = ret;
     *pp = p;
-    return (ret);
+    return ret;
  err:
     ASN1err(ASN1_F_C2I_ASN1_BIT_STRING, i);
     if ((a == NULL) || (*a != ret))
         ASN1_BIT_STRING_free(ret);
-    return (NULL);
+    return NULL;
 }
 
 /*
- * These next 2 functions from Goetz Babin-Ebell <babinebell@trustcenter.de>
+ * These next 2 functions from Goetz Babin-Ebell.
  */
 int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
 {
@@ -161,7 +161,7 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
 
     if ((a->length < (w + 1)) || (a->data == NULL)) {
         if (!value)
-            return (1);         /* Don't need to set */
+            return 1;         /* Don't need to set */
         c = OPENSSL_clear_realloc(a->data, a->length, w + 1);
         if (c == NULL) {
             ASN1err(ASN1_F_ASN1_BIT_STRING_SET_BIT, ERR_R_MALLOC_FAILURE);
@@ -175,7 +175,7 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
     a->data[w] = ((a->data[w]) & iv) | v;
     while ((a->length > 0) && (a->data[a->length - 1] == 0))
         a->length--;
-    return (1);
+    return 1;
 }
 
 int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n)
@@ -185,7 +185,7 @@ int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n)
     w = n / 8;
     v = 1 << (7 - (n & 0x07));
     if ((a == NULL) || (a->length < (w + 1)) || (a->data == NULL))
-        return (0);
+        return 0;
     return ((a->data[w] & v) != 0);
 }
 
diff --git a/deps/openssl/openssl/crypto/asn1/a_d2i_fp.c b/deps/openssl/openssl/crypto/asn1/a_d2i_fp.c
index e5c1d0ed70..a1a17901b8 100644
--- a/deps/openssl/openssl/crypto/asn1/a_d2i_fp.c
+++ b/deps/openssl/openssl/crypto/asn1/a_d2i_fp.c
@@ -13,8 +13,7 @@
 #include "internal/numbers.h"
 #include <openssl/buffer.h>
 #include <openssl/asn1.h>
-
-static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb);
+#include "internal/asn1_int.h"
 
 #ifndef NO_OLD_ASN1
 # ifndef OPENSSL_NO_STDIO
@@ -26,12 +25,12 @@ void *ASN1_d2i_fp(void *(*xnew) (void), d2i_of_void *d2i, FILE *in, void **x)
 
     if ((b = BIO_new(BIO_s_file())) == NULL) {
         ASN1err(ASN1_F_ASN1_D2I_FP, ERR_R_BUF_LIB);
-        return (NULL);
+        return NULL;
     }
     BIO_set_fp(b, in, BIO_NOCLOSE);
     ret = ASN1_d2i_bio(xnew, d2i, b, x);
     BIO_free(b);
-    return (ret);
+    return ret;
 }
 # endif
 
@@ -50,7 +49,7 @@ void *ASN1_d2i_bio(void *(*xnew) (void), d2i_of_void *d2i, BIO *in, void **x)
     ret = d2i(x, &p, len);
  err:
     BUF_MEM_free(b);
-    return (ret);
+    return ret;
 }
 
 #endif
@@ -70,7 +69,7 @@ void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x)
     ret = ASN1_item_d2i(x, &p, len, it);
  err:
     BUF_MEM_free(b);
-    return (ret);
+    return ret;
 }
 
 #ifndef OPENSSL_NO_STDIO
@@ -81,18 +80,18 @@ void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
 
     if ((b = BIO_new(BIO_s_file())) == NULL) {
         ASN1err(ASN1_F_ASN1_ITEM_D2I_FP, ERR_R_BUF_LIB);
-        return (NULL);
+        return NULL;
     }
     BIO_set_fp(b, in, BIO_NOCLOSE);
     ret = ASN1_item_d2i_bio(it, b, x);
     BIO_free(b);
-    return (ret);
+    return ret;
 }
 #endif
 
 #define HEADER_SIZE   8
 #define ASN1_CHUNK_INITIAL_SIZE (16 * 1024)
-static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
+int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
 {
     BUF_MEM *b;
     unsigned char *p;
diff --git a/deps/openssl/openssl/crypto/asn1/a_digest.c b/deps/openssl/openssl/crypto/asn1/a_digest.c
index c84ecc9b4b..f4cc1f2e0e 100644
--- a/deps/openssl/openssl/crypto/asn1/a_digest.c
+++ b/deps/openssl/openssl/crypto/asn1/a_digest.c
@@ -29,7 +29,7 @@ int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data,
     i = i2d(data, NULL);
     if ((str = OPENSSL_malloc(i)) == NULL) {
         ASN1err(ASN1_F_ASN1_DIGEST, ERR_R_MALLOC_FAILURE);
-        return (0);
+        return 0;
     }
     p = str;
     i2d(data, &p);
@@ -39,7 +39,7 @@ int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data,
         return 0;
     }
     OPENSSL_free(str);
-    return (1);
+    return 1;
 }
 
 #endif
@@ -52,12 +52,12 @@ int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn,
 
     i = ASN1_item_i2d(asn, &str, it);
     if (!str)
-        return (0);
+        return 0;
 
     if (!EVP_Digest(str, i, md, len, type, NULL)) {
         OPENSSL_free(str);
         return 0;
     }
     OPENSSL_free(str);
-    return (1);
+    return 1;
 }
diff --git a/deps/openssl/openssl/crypto/asn1/a_dup.c b/deps/openssl/openssl/crypto/asn1/a_dup.c
index d9a57b2c61..50af6b0006 100644
--- a/deps/openssl/openssl/crypto/asn1/a_dup.c
+++ b/deps/openssl/openssl/crypto/asn1/a_dup.c
@@ -21,20 +21,20 @@ void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x)
     char *ret;
 
     if (x == NULL)
-        return (NULL);
+        return NULL;
 
     i = i2d(x, NULL);
     b = OPENSSL_malloc(i + 10);
     if (b == NULL) {
         ASN1err(ASN1_F_ASN1_DUP, ERR_R_MALLOC_FAILURE);
-        return (NULL);
+        return NULL;
     }
     p = b;
     i = i2d(x, &p);
     p2 = b;
     ret = d2i(NULL, &p2, i);
     OPENSSL_free(b);
-    return (ret);
+    return ret;
 }
 
 #endif
@@ -54,15 +54,15 @@ void *ASN1_item_dup(const ASN1_ITEM *it, void *x)
     void *ret;
 
     if (x == NULL)
-        return (NULL);
+        return NULL;
 
     i = ASN1_item_i2d(x, &b, it);
     if (b == NULL) {
         ASN1err(ASN1_F_ASN1_ITEM_DUP, ERR_R_MALLOC_FAILURE);
-        return (NULL);
+        return NULL;
     }
     p = b;
     ret = ASN1_item_d2i(NULL, &p, i, it);
     OPENSSL_free(b);
-    return (ret);
+    return ret;
 }
diff --git a/deps/openssl/openssl/crypto/asn1/a_gentm.c b/deps/openssl/openssl/crypto/asn1/a_gentm.c
index ff1b695475..d3878d6e57 100644
--- a/deps/openssl/openssl/crypto/asn1/a_gentm.c
+++ b/deps/openssl/openssl/crypto/asn1/a_gentm.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -17,121 +17,13 @@
 #include <openssl/asn1.h>
 #include "asn1_locl.h"
 
+/* This is the primary function used to parse ASN1_GENERALIZEDTIME */
 int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d)
 {
-    static const int min[9] = { 0, 0, 1, 1, 0, 0, 0, 0, 0 };
-    static const int max[9] = { 99, 99, 12, 31, 23, 59, 59, 12, 59 };
-    char *a;
-    int n, i, l, o;
-
+    /* wrapper around asn1_time_to_tm */
     if (d->type != V_ASN1_GENERALIZEDTIME)
-        return (0);
-    l = d->length;
-    a = (char *)d->data;
-    o = 0;
-    /*
-     * GENERALIZEDTIME is similar to UTCTIME except the year is represented
-     * as YYYY. This stuff treats everything as a two digit field so make
-     * first two fields 00 to 99
-     */
-    if (l < 13)
-        goto err;
-    for (i = 0; i < 7; i++) {
-        if ((i == 6) && ((a[o] == 'Z') || (a[o] == '+') || (a[o] == '-'))) {
-            i++;
-            if (tm)
-                tm->tm_sec = 0;
-            break;
-        }
-        if ((a[o] < '0') || (a[o] > '9'))
-            goto err;
-        n = a[o] - '0';
-        if (++o > l)
-            goto err;
-
-        if ((a[o] < '0') || (a[o] > '9'))
-            goto err;
-        n = (n * 10) + a[o] - '0';
-        if (++o > l)
-            goto err;
-
-        if ((n < min[i]) || (n > max[i]))
-            goto err;
-        if (tm) {
-            switch (i) {
-            case 0:
-                tm->tm_year = n * 100 - 1900;
-                break;
-            case 1:
-                tm->tm_year += n;
-                break;
-            case 2:
-                tm->tm_mon = n - 1;
-                break;
-            case 3:
-                tm->tm_mday = n;
-                break;
-            case 4:
-                tm->tm_hour = n;
-                break;
-            case 5:
-                tm->tm_min = n;
-                break;
-            case 6:
-                tm->tm_sec = n;
-                break;
-            }
-        }
-    }
-    /*
-     * Optional fractional seconds: decimal point followed by one or more
-     * digits.
-     */
-    if (a[o] == '.') {
-        if (++o > l)
-            goto err;
-        i = o;
-        while ((a[o] >= '0') && (a[o] <= '9') && (o <= l))
-            o++;
-        /* Must have at least one digit after decimal point */
-        if (i == o)
-            goto err;
-    }
-
-    if (a[o] == 'Z')
-        o++;
-    else if ((a[o] == '+') || (a[o] == '-')) {
-        int offsign = a[o] == '-' ? 1 : -1, offset = 0;
-        o++;
-        if (o + 4 > l)
-            goto err;
-        for (i = 7; i < 9; i++) {
-            if ((a[o] < '0') || (a[o] > '9'))
-                goto err;
-            n = a[o] - '0';
-            o++;
-            if ((a[o] < '0') || (a[o] > '9'))
-                goto err;
-            n = (n * 10) + a[o] - '0';
-            if ((n < min[i]) || (n > max[i]))
-                goto err;
-            if (tm) {
-                if (i == 7)
-                    offset = n * 3600;
-                else if (i == 8)
-                    offset += n * 60;
-            }
-            o++;
-        }
-        if (offset && !OPENSSL_gmtime_adj(tm, 0, offset * offsign))
-            return 0;
-    } else if (a[o]) {
-        /* Missing time zone information. */
-        goto err;
-    }
-    return (o == l);
- err:
-    return (0);
+        return 0;
+    return asn1_time_to_tm(tm, d);
 }
 
 int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *d)
@@ -146,15 +38,15 @@ int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str)
     t.type = V_ASN1_GENERALIZEDTIME;
     t.length = strlen(str);
     t.data = (unsigned char *)str;
-    if (ASN1_GENERALIZEDTIME_check(&t)) {
-        if (s != NULL) {
-            if (!ASN1_STRING_set((ASN1_STRING *)s, str, t.length))
-                return 0;
-            s->type = V_ASN1_GENERALIZEDTIME;
-        }
-        return (1);
-    } else
-        return (0);
+    t.flags = 0;
+
+    if (!ASN1_GENERALIZEDTIME_check(&t))
+        return 0;
+
+    if (s != NULL && !ASN1_STRING_copy(s, &t))
+        return 0;
+
+    return 1;
 }
 
 ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
@@ -167,107 +59,24 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s,
                                                time_t t, int offset_day,
                                                long offset_sec)
 {
-    char *p;
     struct tm *ts;
     struct tm data;
-    size_t len = 20;
-    ASN1_GENERALIZEDTIME *tmps = NULL;
-
-    if (s == NULL)
-        tmps = ASN1_GENERALIZEDTIME_new();
-    else
-        tmps = s;
-    if (tmps == NULL)
-        return NULL;
 
     ts = OPENSSL_gmtime(&t, &data);
     if (ts == NULL)
-        goto err;
+        return NULL;
 
     if (offset_day || offset_sec) {
         if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
-            goto err;
-    }
-
-    p = (char *)tmps->data;
-    if ((p == NULL) || ((size_t)tmps->length < len)) {
-        p = OPENSSL_malloc(len);
-        if (p == NULL) {
-            ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_ADJ, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-        OPENSSL_free(tmps->data);
-        tmps->data = (unsigned char *)p;
+            return NULL;
     }
 
-    BIO_snprintf(p, len, "%04d%02d%02d%02d%02d%02dZ", ts->tm_year + 1900,
-                 ts->tm_mon + 1, ts->tm_mday, ts->tm_hour, ts->tm_min,
-                 ts->tm_sec);
-    tmps->length = strlen(p);
-    tmps->type = V_ASN1_GENERALIZEDTIME;
-#ifdef CHARSET_EBCDIC_not
-    ebcdic2ascii(tmps->data, tmps->data, tmps->length);
-#endif
-    return tmps;
- err:
-    if (s == NULL)
-        ASN1_GENERALIZEDTIME_free(tmps);
-    return NULL;
+    return asn1_time_from_tm(s, ts, V_ASN1_GENERALIZEDTIME);
 }
 
-const char *_asn1_mon[12] = {
-    "Jan", "Feb", "Mar", "Apr", "May", "Jun",
-    "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
-};
-
 int ASN1_GENERALIZEDTIME_print(BIO *bp, const ASN1_GENERALIZEDTIME *tm)
 {
-    char *v;
-    int gmt = 0;
-    int i;
-    int y = 0, M = 0, d = 0, h = 0, m = 0, s = 0;
-    char *f = NULL;
-    int f_len = 0;
-
-    i = tm->length;
-    v = (char *)tm->data;
-
-    if (i < 12)
-        goto err;
-    if (v[i - 1] == 'Z')
-        gmt = 1;
-    for (i = 0; i < 12; i++)
-        if ((v[i] > '9') || (v[i] < '0'))
-            goto err;
-    y = (v[0] - '0') * 1000 + (v[1] - '0') * 100
-        + (v[2] - '0') * 10 + (v[3] - '0');
-    M = (v[4] - '0') * 10 + (v[5] - '0');
-    if ((M > 12) || (M < 1))
-        goto err;
-    d = (v[6] - '0') * 10 + (v[7] - '0');
-    h = (v[8] - '0') * 10 + (v[9] - '0');
-    m = (v[10] - '0') * 10 + (v[11] - '0');
-    if (tm->length >= 14 &&
-        (v[12] >= '0') && (v[12] <= '9') &&
-        (v[13] >= '0') && (v[13] <= '9')) {
-        s = (v[12] - '0') * 10 + (v[13] - '0');
-        /* Check for fractions of seconds. */
-        if (tm->length >= 15 && v[14] == '.') {
-            int l = tm->length;
-            f = &v[14];         /* The decimal point. */
-            f_len = 1;
-            while (14 + f_len < l && f[f_len] >= '0' && f[f_len] <= '9')
-                ++f_len;
-        }
-    }
-
-    if (BIO_printf(bp, "%s %2d %02d:%02d:%02d%.*s %d%s",
-                   _asn1_mon[M - 1], d, h, m, s, f_len, f, y,
-                   (gmt) ? " GMT" : "") <= 0)
-        return (0);
-    else
-        return (1);
- err:
-    BIO_write(bp, "Bad time value", 14);
-    return (0);
+    if (tm->type != V_ASN1_GENERALIZEDTIME)
+        return 0;
+    return ASN1_TIME_print(bp, tm);
 }
diff --git a/deps/openssl/openssl/crypto/asn1/a_i2d_fp.c b/deps/openssl/openssl/crypto/asn1/a_i2d_fp.c
index 3b3f713c20..980c65a25d 100644
--- a/deps/openssl/openssl/crypto/asn1/a_i2d_fp.c
+++ b/deps/openssl/openssl/crypto/asn1/a_i2d_fp.c
@@ -22,12 +22,12 @@ int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x)
 
     if ((b = BIO_new(BIO_s_file())) == NULL) {
         ASN1err(ASN1_F_ASN1_I2D_FP, ERR_R_BUF_LIB);
-        return (0);
+        return 0;
     }
     BIO_set_fp(b, out, BIO_NOCLOSE);
     ret = ASN1_i2d_bio(i2d, b, x);
     BIO_free(b);
-    return (ret);
+    return ret;
 }
 # endif
 
@@ -44,7 +44,7 @@ int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x)
     b = OPENSSL_malloc(n);
     if (b == NULL) {
         ASN1err(ASN1_F_ASN1_I2D_BIO, ERR_R_MALLOC_FAILURE);
-        return (0);
+        return 0;
     }
 
     p = (unsigned char *)b;
@@ -62,7 +62,7 @@ int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x)
         n -= i;
     }
     OPENSSL_free(b);
-    return (ret);
+    return ret;
 }
 
 #endif
@@ -75,12 +75,12 @@ int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x)
 
     if ((b = BIO_new(BIO_s_file())) == NULL) {
         ASN1err(ASN1_F_ASN1_ITEM_I2D_FP, ERR_R_BUF_LIB);
-        return (0);
+        return 0;
     }
     BIO_set_fp(b, out, BIO_NOCLOSE);
     ret = ASN1_item_i2d_bio(it, b, x);
     BIO_free(b);
-    return (ret);
+    return ret;
 }
 #endif
 
@@ -92,7 +92,7 @@ int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x)
     n = ASN1_item_i2d(x, &b, it);
     if (b == NULL) {
         ASN1err(ASN1_F_ASN1_ITEM_I2D_BIO, ERR_R_MALLOC_FAILURE);
-        return (0);
+        return 0;
     }
 
     for (;;) {
@@ -107,5 +107,5 @@ int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x)
         n -= i;
     }
     OPENSSL_free(b);
-    return (ret);
+    return ret;
 }
diff --git a/deps/openssl/openssl/crypto/asn1/a_int.c b/deps/openssl/openssl/crypto/asn1/a_int.c
index 217650a036..70a45cb3cc 100644
--- a/deps/openssl/openssl/crypto/asn1/a_int.c
+++ b/deps/openssl/openssl/crypto/asn1/a_int.c
@@ -396,7 +396,7 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,
 
     if ((a == NULL) || ((*a) == NULL)) {
         if ((ret = ASN1_INTEGER_new()) == NULL)
-            return (NULL);
+            return NULL;
         ret->type = V_ASN1_INTEGER;
     } else
         ret = (*a);
@@ -438,12 +438,12 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,
     if (a != NULL)
         (*a) = ret;
     *pp = p;
-    return (ret);
+    return ret;
  err:
     ASN1err(ASN1_F_D2I_ASN1_UINTEGER, i);
     if ((a == NULL) || (*a != ret))
         ASN1_INTEGER_free(ret);
-    return (NULL);
+    return NULL;
 }
 
 static ASN1_STRING *bn_to_asn1_string(const BIGNUM *bn, ASN1_STRING *ai,
@@ -487,7 +487,7 @@ static ASN1_STRING *bn_to_asn1_string(const BIGNUM *bn, ASN1_STRING *ai,
  err:
     if (ret != ai)
         ASN1_INTEGER_free(ret);
-    return (NULL);
+    return NULL;
 }
 
 static BIGNUM *asn1_string_to_bn(const ASN1_INTEGER *ai, BIGNUM *bn,
diff --git a/deps/openssl/openssl/crypto/asn1/a_mbstr.c b/deps/openssl/openssl/crypto/asn1/a_mbstr.c
index 7a035afbae..949fe6c161 100644
--- a/deps/openssl/openssl/crypto/asn1/a_mbstr.c
+++ b/deps/openssl/openssl/crypto/asn1/a_mbstr.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -8,7 +8,7 @@
  */
 
 #include <stdio.h>
-#include <ctype.h>
+#include "internal/ctype.h"
 #include "internal/cryptlib.h"
 #include <openssl/asn1.h>
 
@@ -22,8 +22,6 @@ static int cpy_asc(unsigned long value, void *arg);
 static int cpy_bmp(unsigned long value, void *arg);
 static int cpy_univ(unsigned long value, void *arg);
 static int cpy_utf8(unsigned long value, void *arg);
-static int is_numeric(unsigned long value);
-static int is_printable(unsigned long value);
 
 /*
  * These functions take a string in UTF8, ASCII or multibyte form and a mask
@@ -271,13 +269,15 @@ static int out_utf8(unsigned long value, void *arg)
 
 static int type_str(unsigned long value, void *arg)
 {
-    unsigned long types;
-    types = *((unsigned long *)arg);
-    if ((types & B_ASN1_NUMERICSTRING) && !is_numeric(value))
+    unsigned long types = *((unsigned long *)arg);
+    const int native = value > INT_MAX ? INT_MAX : ossl_fromascii(value);
+
+    if ((types & B_ASN1_NUMERICSTRING) && !(ossl_isdigit(native)
+                                            || native == ' '))
         types &= ~B_ASN1_NUMERICSTRING;
-    if ((types & B_ASN1_PRINTABLESTRING) && !is_printable(value))
+    if ((types & B_ASN1_PRINTABLESTRING) && !ossl_isasn1print(native))
         types &= ~B_ASN1_PRINTABLESTRING;
-    if ((types & B_ASN1_IA5STRING) && (value > 127))
+    if ((types & B_ASN1_IA5STRING) && !ossl_isascii(native))
         types &= ~B_ASN1_IA5STRING;
     if ((types & B_ASN1_T61STRING) && (value > 0xff))
         types &= ~B_ASN1_T61STRING;
@@ -341,55 +341,3 @@ static int cpy_utf8(unsigned long value, void *arg)
     *p += ret;
     return 1;
 }
-
-/* Return 1 if the character is permitted in a PrintableString */
-static int is_printable(unsigned long value)
-{
-    int ch;
-    if (value > 0x7f)
-        return 0;
-    ch = (int)value;
-    /*
-     * Note: we can't use 'isalnum' because certain accented characters may
-     * count as alphanumeric in some environments.
-     */
-#ifndef CHARSET_EBCDIC
-    if ((ch >= 'a') && (ch <= 'z'))
-        return 1;
-    if ((ch >= 'A') && (ch <= 'Z'))
-        return 1;
-    if ((ch >= '0') && (ch <= '9'))
-        return 1;
-    if ((ch == ' ') || strchr("'()+,-./:=?", ch))
-        return 1;
-#else                           /* CHARSET_EBCDIC */
-    if ((ch >= os_toascii['a']) && (ch <= os_toascii['z']))
-        return 1;
-    if ((ch >= os_toascii['A']) && (ch <= os_toascii['Z']))
-        return 1;
-    if ((ch >= os_toascii['0']) && (ch <= os_toascii['9']))
-        return 1;
-    if ((ch == os_toascii[' ']) || strchr("'()+,-./:=?", os_toebcdic[ch]))
-        return 1;
-#endif                          /* CHARSET_EBCDIC */
-    return 0;
-}
-
-/* Return 1 if the character is a digit or space */
-static int is_numeric(unsigned long value)
-{
-    int ch;
-    if (value > 0x7f)
-        return 0;
-    ch = (int)value;
-#ifndef CHARSET_EBCDIC
-    if (!isdigit(ch) && ch != ' ')
-        return 0;
-#else
-    if (ch > os_toascii['9'])
-        return 0;
-    if (ch < os_toascii['0'] && ch != os_toascii[' '])
-        return 0;
-#endif
-    return 1;
-}
diff --git a/deps/openssl/openssl/crypto/asn1/a_object.c b/deps/openssl/openssl/crypto/asn1/a_object.c
index 7d332ec2f6..5e1424a806 100644
--- a/deps/openssl/openssl/crypto/asn1/a_object.c
+++ b/deps/openssl/openssl/crypto/asn1/a_object.c
@@ -9,6 +9,7 @@
 
 #include <stdio.h>
 #include <limits.h>
+#include "internal/ctype.h"
 #include "internal/cryptlib.h"
 #include <openssl/buffer.h>
 #include <openssl/asn1.h>
@@ -23,7 +24,7 @@ int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp)
     int objsize;
 
     if ((a == NULL) || (a->data == NULL))
-        return (0);
+        return 0;
 
     objsize = ASN1_object_size(0, a->length, V_ASN1_OBJECT);
     if (pp == NULL || objsize == -1)
@@ -59,7 +60,7 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
     BIGNUM *bl = NULL;
 
     if (num == 0)
-        return (0);
+        return 0;
     else if (num == -1)
         num = strlen(buf);
 
@@ -95,7 +96,7 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
             c = *(p++);
             if ((c == ' ') || (c == '.'))
                 break;
-            if ((c < '0') || (c > '9')) {
+            if (!ossl_isdigit(c)) {
                 ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_INVALID_DIGIT);
                 goto err;
             }
@@ -168,12 +169,12 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
     if (tmp != ftmp)
         OPENSSL_free(tmp);
     BN_free(bl);
-    return (len);
+    return len;
  err:
     if (tmp != ftmp)
         OPENSSL_free(tmp);
     BN_free(bl);
-    return (0);
+    return 0;
 }
 
 int i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *a)
@@ -187,12 +188,13 @@ int i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a)
     int i;
 
     if ((a == NULL) || (a->data == NULL))
-        return (BIO_write(bp, "NULL", 4));
+        return BIO_write(bp, "NULL", 4);
     i = i2t_ASN1_OBJECT(buf, sizeof(buf), a);
     if (i > (int)(sizeof(buf) - 1)) {
-        p = OPENSSL_malloc(i + 1);
-        if (p == NULL)
+        if ((p = OPENSSL_malloc(i + 1)) == NULL) {
+            ASN1err(ASN1_F_I2A_ASN1_OBJECT, ERR_R_MALLOC_FAILURE);
             return -1;
+        }
         i2t_ASN1_OBJECT(p, i + 1, a);
     }
     if (i <= 0) {
@@ -203,7 +205,7 @@ int i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a)
     BIO_write(bp, p, i);
     if (p != buf)
         OPENSSL_free(p);
-    return (i);
+    return i;
 }
 
 ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
@@ -231,7 +233,7 @@ ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
     return ret;
  err:
     ASN1err(ASN1_F_D2I_ASN1_OBJECT, i);
-    return (NULL);
+    return NULL;
 }
 
 ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
@@ -291,7 +293,7 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
     if ((a == NULL) || ((*a) == NULL) ||
         !((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC)) {
         if ((ret = ASN1_OBJECT_new()) == NULL)
-            return (NULL);
+            return NULL;
     } else
         ret = (*a);
 
@@ -322,12 +324,12 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
     if (a != NULL)
         (*a) = ret;
     *pp = p;
-    return (ret);
+    return ret;
  err:
     ASN1err(ASN1_F_C2I_ASN1_OBJECT, i);
     if ((a == NULL) || (*a != ret))
         ASN1_OBJECT_free(ret);
-    return (NULL);
+    return NULL;
 }
 
 ASN1_OBJECT *ASN1_OBJECT_new(void)
@@ -337,10 +339,10 @@ ASN1_OBJECT *ASN1_OBJECT_new(void)
     ret = OPENSSL_zalloc(sizeof(*ret));
     if (ret == NULL) {
         ASN1err(ASN1_F_ASN1_OBJECT_NEW, ERR_R_MALLOC_FAILURE);
-        return (NULL);
+        return NULL;
     }
     ret->flags = ASN1_OBJECT_FLAG_DYNAMIC;
-    return (ret);
+    return ret;
 }
 
 void ASN1_OBJECT_free(ASN1_OBJECT *a)
@@ -377,5 +379,5 @@ ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len,
     o.length = len;
     o.flags = ASN1_OBJECT_FLAG_DYNAMIC | ASN1_OBJECT_FLAG_DYNAMIC_STRINGS |
         ASN1_OBJECT_FLAG_DYNAMIC_DATA;
-    return (OBJ_dup(&o));
+    return OBJ_dup(&o);
 }
diff --git a/deps/openssl/openssl/crypto/asn1/a_print.c b/deps/openssl/openssl/crypto/asn1/a_print.c
index 1aafe7c839..8a373d9da9 100644
--- a/deps/openssl/openssl/crypto/asn1/a_print.c
+++ b/deps/openssl/openssl/crypto/asn1/a_print.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -8,7 +8,7 @@
  */
 
 #include <stdio.h>
-#include <ctype.h>
+#include "internal/ctype.h"
 #include "internal/cryptlib.h"
 #include <openssl/asn1.h>
 
@@ -21,34 +21,20 @@ int ASN1_PRINTABLE_type(const unsigned char *s, int len)
     if (len <= 0)
         len = -1;
     if (s == NULL)
-        return (V_ASN1_PRINTABLESTRING);
+        return V_ASN1_PRINTABLESTRING;
 
     while ((*s) && (len-- != 0)) {
         c = *(s++);
-#ifndef CHARSET_EBCDIC
-        if (!(((c >= 'a') && (c <= 'z')) ||
-              ((c >= 'A') && (c <= 'Z')) ||
-              ((c >= '0') && (c <= '9')) ||
-              (c == ' ') || (c == '\'') ||
-              (c == '(') || (c == ')') ||
-              (c == '+') || (c == ',') ||
-              (c == '-') || (c == '.') ||
-              (c == '/') || (c == ':') || (c == '=') || (c == '?')))
+        if (!ossl_isasn1print(c))
             ia5 = 1;
-        if (c & 0x80)
+        if (!ossl_isascii(c))
             t61 = 1;
-#else
-        if (!isalnum(c) && (c != ' ') && strchr("'()+,-./:=?", c) == NULL)
-            ia5 = 1;
-        if (os_toascii[c] & 0x80)
-            t61 = 1;
-#endif
     }
     if (t61)
-        return (V_ASN1_T61STRING);
+        return V_ASN1_T61STRING;
     if (ia5)
-        return (V_ASN1_IA5STRING);
-    return (V_ASN1_PRINTABLESTRING);
+        return V_ASN1_IA5STRING;
+    return V_ASN1_PRINTABLESTRING;
 }
 
 int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s)
@@ -57,9 +43,9 @@ int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s)
     unsigned char *p;
 
     if (s->type != V_ASN1_UNIVERSALSTRING)
-        return (0);
+        return 0;
     if ((s->length % 4) != 0)
-        return (0);
+        return 0;
     p = s->data;
     for (i = 0; i < s->length; i += 4) {
         if ((p[0] != '\0') || (p[1] != '\0') || (p[2] != '\0'))
@@ -68,7 +54,7 @@ int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s)
             p += 4;
     }
     if (i < s->length)
-        return (0);
+        return 0;
     p = s->data;
     for (i = 3; i < s->length; i += 4) {
         *(p++) = s->data[i];
@@ -76,7 +62,7 @@ int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s)
     *(p) = '\0';
     s->length /= 4;
     s->type = ASN1_PRINTABLE_type(s->data, s->length);
-    return (1);
+    return 1;
 }
 
 int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v)
@@ -86,7 +72,7 @@ int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v)
     const char *p;
 
     if (v == NULL)
-        return (0);
+        return 0;
     n = 0;
     p = (const char *)v->data;
     for (i = 0; i < v->length; i++) {
@@ -98,12 +84,12 @@ int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v)
         n++;
         if (n >= 80) {
             if (BIO_write(bp, buf, n) <= 0)
-                return (0);
+                return 0;
             n = 0;
         }
     }
     if (n > 0)
         if (BIO_write(bp, buf, n) <= 0)
-            return (0);
-    return (1);
+            return 0;
+    return 1;
 }
diff --git a/deps/openssl/openssl/crypto/asn1/a_sign.c b/deps/openssl/openssl/crypto/asn1/a_sign.c
index 3b261eba41..130e23eaaa 100644
--- a/deps/openssl/openssl/crypto/asn1/a_sign.c
+++ b/deps/openssl/openssl/crypto/asn1/a_sign.c
@@ -103,7 +103,7 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2,
     EVP_MD_CTX_free(ctx);
     OPENSSL_clear_free((char *)buf_in, (unsigned int)inl);
     OPENSSL_clear_free((char *)buf_out, outll);
-    return (outl);
+    return outl;
 }
 
 #endif
@@ -144,7 +144,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it,
     type = EVP_MD_CTX_md(ctx);
     pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx));
 
-    if (type == NULL || pkey == NULL) {
+    if (pkey == NULL) {
         ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_CONTEXT_NOT_INITIALISED);
         goto err;
     }
@@ -169,10 +169,15 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it,
             ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB);
         if (rv <= 1)
             goto err;
-    } else
+    } else {
         rv = 2;
+    }
 
     if (rv == 2) {
+        if (type == NULL) {
+            ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_CONTEXT_NOT_INITIALISED);
+            goto err;
+        }
         if (!OBJ_find_sigid_by_algs(&signid,
                                     EVP_MD_nid(type),
                                     pkey->ameth->pkey_id)) {
@@ -202,8 +207,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it,
         goto err;
     }
 
-    if (!EVP_DigestSignUpdate(ctx, buf_in, inl)
-        || !EVP_DigestSignFinal(ctx, buf_out, &outl)) {
+    if (!EVP_DigestSign(ctx, buf_out, &outl, buf_in, inl)) {
         outl = 0;
         ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB);
         goto err;
@@ -221,5 +225,5 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it,
  err:
     OPENSSL_clear_free((char *)buf_in, (unsigned int)inl);
     OPENSSL_clear_free((char *)buf_out, outll);
-    return (outl);
+    return outl;
 }
diff --git a/deps/openssl/openssl/crypto/asn1/a_strex.c b/deps/openssl/openssl/crypto/asn1/a_strex.c
index 207190c52b..ea4dd1c5b1 100644
--- a/deps/openssl/openssl/crypto/asn1/a_strex.c
+++ b/deps/openssl/openssl/crypto/asn1/a_strex.c
@@ -280,9 +280,10 @@ static int do_dump(unsigned long lflags, char_io *io_ch, void *arg,
     t.type = str->type;
     t.value.ptr = (char *)str;
     der_len = i2d_ASN1_TYPE(&t, NULL);
-    der_buf = OPENSSL_malloc(der_len);
-    if (der_buf == NULL)
+    if ((der_buf = OPENSSL_malloc(der_len)) == NULL) {
+        ASN1err(ASN1_F_DO_DUMP, ERR_R_MALLOC_FAILURE);
         return -1;
+    }
     p = der_buf;
     i2d_ASN1_TYPE(&t, &p);
     outlen = do_hex_dump(io_ch, arg, der_buf, der_len);
@@ -301,12 +302,22 @@ static int do_dump(unsigned long lflags, char_io *io_ch, void *arg,
 static const signed char tag2nbyte[] = {
     -1, -1, -1, -1, -1,         /* 0-4 */
     -1, -1, -1, -1, -1,         /* 5-9 */
-    -1, -1, 0, -1,              /* 10-13 */
-    -1, -1, -1, -1,             /* 15-17 */
-    1, 1, 1,                    /* 18-20 */
-    -1, 1, 1, 1,                /* 21-24 */
-    -1, 1, -1,                  /* 25-27 */
-    4, -1, 2                    /* 28-30 */
+    -1, -1,                     /* 10-11 */
+     0,                         /* 12 V_ASN1_UTF8STRING */
+    -1, -1, -1, -1, -1,         /* 13-17 */
+     1,                         /* 18 V_ASN1_NUMERICSTRING */
+     1,                         /* 19 V_ASN1_PRINTABLESTRING */
+     1,                         /* 20 V_ASN1_T61STRING */
+    -1,                         /* 21 */
+     1,                         /* 22 V_ASN1_IA5STRING */
+     1,                         /* 23 V_ASN1_UTCTIME */
+     1,                         /* 24 V_ASN1_GENERALIZEDTIME */
+    -1,                         /* 25 */
+     1,                         /* 26 V_ASN1_ISO64STRING */
+    -1,                         /* 27 */
+     4,                         /* 28 V_ASN1_UNIVERSALSTRING */
+    -1,                         /* 29 */
+     2                          /* 30 V_ASN1_BMPSTRING */
 };
 
 /*
diff --git a/deps/openssl/openssl/crypto/asn1/a_strnid.c b/deps/openssl/openssl/crypto/asn1/a_strnid.c
index ecf178e28b..f19a9de647 100644
--- a/deps/openssl/openssl/crypto/asn1/a_strnid.c
+++ b/deps/openssl/openssl/crypto/asn1/a_strnid.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -8,7 +8,6 @@
  */
 
 #include <stdio.h>
-#include <ctype.h>
 #include "internal/cryptlib.h"
 #include <openssl/asn1.h>
 #include <openssl/objects.h>
@@ -50,6 +49,7 @@ int ASN1_STRING_set_default_mask_asc(const char *p)
 {
     unsigned long mask;
     char *end;
+
     if (strncmp(p, "MASK:", 5) == 0) {
         if (!p[5])
             return 0;
@@ -84,19 +84,20 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out,
     ASN1_STRING *str = NULL;
     unsigned long mask;
     int ret;
-    if (!out)
+
+    if (out == NULL)
         out = &str;
     tbl = ASN1_STRING_TABLE_get(nid);
-    if (tbl) {
+    if (tbl != NULL) {
         mask = tbl->mask;
         if (!(tbl->flags & STABLE_NO_MASK))
             mask &= global_mask;
         ret = ASN1_mbstring_ncopy(out, in, inlen, inform, mask,
                                   tbl->minsize, tbl->maxsize);
-    } else
-        ret =
-            ASN1_mbstring_copy(out, in, inlen, inform,
-                               DIRSTRING_TYPE & global_mask);
+    } else {
+        ret = ASN1_mbstring_copy(out, in, inlen, inform,
+                                 DIRSTRING_TYPE & global_mask);
+    }
     if (ret <= 0)
         return NULL;
     return *out;
@@ -106,54 +107,7 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out,
  * Now the tables and helper functions for the string table:
  */
 
-/* size limits: this stuff is taken straight from RFC3280 */
-
-#define ub_name                         32768
-#define ub_common_name                  64
-#define ub_locality_name                128
-#define ub_state_name                   128
-#define ub_organization_name            64
-#define ub_organization_unit_name       64
-#define ub_title                        64
-#define ub_email_address                128
-#define ub_serial_number                64
-
-/* From RFC4524 */
-
-#define ub_rfc822_mailbox               256
-
-/* This table must be kept in NID order */
-
-static const ASN1_STRING_TABLE tbl_standard[] = {
-    {NID_commonName, 1, ub_common_name, DIRSTRING_TYPE, 0},
-    {NID_countryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
-    {NID_localityName, 1, ub_locality_name, DIRSTRING_TYPE, 0},
-    {NID_stateOrProvinceName, 1, ub_state_name, DIRSTRING_TYPE, 0},
-    {NID_organizationName, 1, ub_organization_name, DIRSTRING_TYPE, 0},
-    {NID_organizationalUnitName, 1, ub_organization_unit_name, DIRSTRING_TYPE,
-     0},
-    {NID_pkcs9_emailAddress, 1, ub_email_address, B_ASN1_IA5STRING,
-     STABLE_NO_MASK},
-    {NID_pkcs9_unstructuredName, 1, -1, PKCS9STRING_TYPE, 0},
-    {NID_pkcs9_challengePassword, 1, -1, PKCS9STRING_TYPE, 0},
-    {NID_pkcs9_unstructuredAddress, 1, -1, DIRSTRING_TYPE, 0},
-    {NID_givenName, 1, ub_name, DIRSTRING_TYPE, 0},
-    {NID_surname, 1, ub_name, DIRSTRING_TYPE, 0},
-    {NID_initials, 1, ub_name, DIRSTRING_TYPE, 0},
-    {NID_serialNumber, 1, ub_serial_number, B_ASN1_PRINTABLESTRING,
-     STABLE_NO_MASK},
-    {NID_friendlyName, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},
-    {NID_name, 1, ub_name, DIRSTRING_TYPE, 0},
-    {NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
-    {NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK},
-    {NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},
-    {NID_rfc822Mailbox, 1, ub_rfc822_mailbox, B_ASN1_IA5STRING,
-     STABLE_NO_MASK},
-    {NID_jurisdictionCountryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
-    {NID_INN, 1, 12, B_ASN1_NUMERICSTRING, STABLE_NO_MASK},
-    {NID_OGRN, 1, 13, B_ASN1_NUMERICSTRING, STABLE_NO_MASK},
-    {NID_SNILS, 1, 11, B_ASN1_NUMERICSTRING, STABLE_NO_MASK}
-};
+#include "tbl_standard.h"
 
 static int sk_table_cmp(const ASN1_STRING_TABLE *const *a,
                         const ASN1_STRING_TABLE *const *b)
@@ -174,6 +128,7 @@ ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid)
 {
     int idx;
     ASN1_STRING_TABLE fnd;
+
     fnd.nid = nid;
     if (stable) {
         idx = sk_ASN1_STRING_TABLE_find(stable, &fnd);
@@ -191,6 +146,7 @@ ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid)
 static ASN1_STRING_TABLE *stable_get(int nid)
 {
     ASN1_STRING_TABLE *tmp, *rv;
+
     /* Always need a string table so allocate one if NULL */
     if (stable == NULL) {
         stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp);
@@ -198,16 +154,17 @@ static ASN1_STRING_TABLE *stable_get(int nid)
             return NULL;
     }
     tmp = ASN1_STRING_TABLE_get(nid);
-    if (tmp && tmp->flags & STABLE_FLAGS_MALLOC)
+    if (tmp != NULL && tmp->flags & STABLE_FLAGS_MALLOC)
         return tmp;
-    rv = OPENSSL_zalloc(sizeof(*rv));
-    if (rv == NULL)
+    if ((rv = OPENSSL_zalloc(sizeof(*rv))) == NULL) {
+        ASN1err(ASN1_F_STABLE_GET, ERR_R_MALLOC_FAILURE);
         return NULL;
+    }
     if (!sk_ASN1_STRING_TABLE_push(stable, rv)) {
         OPENSSL_free(rv);
         return NULL;
     }
-    if (tmp) {
+    if (tmp != NULL) {
         rv->nid = tmp->nid;
         rv->minsize = tmp->minsize;
         rv->maxsize = tmp->maxsize;
@@ -227,8 +184,9 @@ int ASN1_STRING_TABLE_add(int nid,
                           unsigned long flags)
 {
     ASN1_STRING_TABLE *tmp;
+
     tmp = stable_get(nid);
-    if (!tmp) {
+    if (tmp == NULL) {
         ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, ERR_R_MALLOC_FAILURE);
         return 0;
     }
@@ -246,8 +204,9 @@ int ASN1_STRING_TABLE_add(int nid,
 void ASN1_STRING_TABLE_cleanup(void)
 {
     STACK_OF(ASN1_STRING_TABLE) *tmp;
+
     tmp = stable;
-    if (!tmp)
+    if (tmp == NULL)
         return;
     stable = NULL;
     sk_ASN1_STRING_TABLE_pop_free(tmp, st_free);
@@ -258,32 +217,3 @@ static void st_free(ASN1_STRING_TABLE *tbl)
     if (tbl->flags & STABLE_FLAGS_MALLOC)
         OPENSSL_free(tbl);
 }
-
-
-#ifdef STRING_TABLE_TEST
-
-main()
-{
-    ASN1_STRING_TABLE *tmp;
-    int i, last_nid = -1;
-
-    for (tmp = tbl_standard, i = 0; i < OSSL_NELEM(tbl_standard); i++, tmp++) {
-        if (tmp->nid < last_nid) {
-            last_nid = 0;
-            break;
-        }
-        last_nid = tmp->nid;
-    }
-
-    if (last_nid != 0) {
-        printf("Table order OK\n");
-        exit(0);
-    }
-
-    for (tmp = tbl_standard, i = 0; i < OSSL_NELEM(tbl_standard); i++, tmp++)
-        printf("Index %d, NID %d, Name=%s\n", i, tmp->nid,
-               OBJ_nid2ln(tmp->nid));
-
-}
-
-#endif
diff --git a/deps/openssl/openssl/crypto/asn1/a_time.c b/deps/openssl/openssl/crypto/asn1/a_time.c
index 46f539cb8d..1babb96360 100644
--- a/deps/openssl/openssl/crypto/asn1/a_time.c
+++ b/deps/openssl/openssl/crypto/asn1/a_time.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -16,6 +16,7 @@
 
 #include <stdio.h>
 #include <time.h>
+#include "internal/ctype.h"
 #include "internal/cryptlib.h"
 #include <openssl/asn1t.h>
 #include "asn1_locl.h"
@@ -24,6 +25,291 @@ IMPLEMENT_ASN1_MSTRING(ASN1_TIME, B_ASN1_TIME)
 
 IMPLEMENT_ASN1_FUNCTIONS(ASN1_TIME)
 
+static int is_utc(const int year)
+{
+    if (50 <= year && year <= 149)
+        return 1;
+    return 0;
+}
+
+static int leap_year(const int year)
+{
+    if (year % 400 == 0 || (year % 100 != 0 && year % 4 == 0))
+        return 1;
+    return 0;
+}
+
+/*
+ * Compute the day of the week and the day of the year from the year, month
+ * and day.  The day of the year is straightforward, the day of the week uses
+ * a form of Zeller's congruence.  For this months start with March and are
+ * numbered 4 through 15.
+ */
+static void determine_days(struct tm *tm)
+{
+    static const int ydays[12] = {
+        0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
+    };
+    int y = tm->tm_year + 1900;
+    int m = tm->tm_mon;
+    int d = tm->tm_mday;
+    int c;
+
+    tm->tm_yday = ydays[m] + d - 1;
+    if (m >= 2) {
+        /* March and onwards can be one day further into the year */
+        tm->tm_yday += leap_year(y);
+        m += 2;
+    } else {
+        /* Treat January and February as part of the previous year */
+        m += 14;
+        y--;
+    }
+    c = y / 100;
+    y %= 100;
+    /* Zeller's congruance */
+    tm->tm_wday = (d + (13 * m) / 5 + y + y / 4 + c / 4 + 5 * c + 6) % 7;
+}
+
+int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d)
+{
+    static const int min[9] = { 0, 0, 1, 1, 0, 0, 0, 0, 0 };
+    static const int max[9] = { 99, 99, 12, 31, 23, 59, 59, 12, 59 };
+    static const int mdays[12] = { 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 };
+    char *a;
+    int n, i, i2, l, o, min_l = 11, strict = 0, end = 6, btz = 5, md;
+    struct tm tmp;
+
+    /*
+     * ASN1_STRING_FLAG_X509_TIME is used to enforce RFC 5280
+     * time string format, in which:
+     *
+     * 1. "seconds" is a 'MUST'
+     * 2. "Zulu" timezone is a 'MUST'
+     * 3. "+|-" is not allowed to indicate a time zone
+     */
+    if (d->type == V_ASN1_UTCTIME) {
+        if (d->flags & ASN1_STRING_FLAG_X509_TIME) {
+            min_l = 13;
+            strict = 1;
+        }
+    } else if (d->type == V_ASN1_GENERALIZEDTIME) {
+        end = 7;
+        btz = 6;
+        if (d->flags & ASN1_STRING_FLAG_X509_TIME) {
+            min_l = 15;
+            strict = 1;
+        } else {
+            min_l = 13;
+        }
+    } else {
+        return 0;
+    }
+
+    l = d->length;
+    a = (char *)d->data;
+    o = 0;
+    memset(&tmp, 0, sizeof(tmp));
+
+    /*
+     * GENERALIZEDTIME is similar to UTCTIME except the year is represented
+     * as YYYY. This stuff treats everything as a two digit field so make
+     * first two fields 00 to 99
+     */
+
+    if (l < min_l)
+        goto err;
+    for (i = 0; i < end; i++) {
+        if (!strict && (i == btz) && ((a[o] == 'Z') || (a[o] == '+') || (a[o] == '-'))) {
+            i++;
+            break;
+        }
+        if (!ossl_isdigit(a[o]))
+            goto err;
+        n = a[o] - '0';
+        /* incomplete 2-digital number */
+        if (++o == l)
+            goto err;
+
+        if (!ossl_isdigit(a[o]))
+            goto err;
+        n = (n * 10) + a[o] - '0';
+        /* no more bytes to read, but we haven't seen time-zone yet */
+        if (++o == l)
+            goto err;
+
+        i2 = (d->type == V_ASN1_UTCTIME) ? i + 1 : i;
+
+        if ((n < min[i2]) || (n > max[i2]))
+            goto err;
+        switch (i2) {
+        case 0:
+            /* UTC will never be here */
+            tmp.tm_year = n * 100 - 1900;
+            break;
+        case 1:
+            if (d->type == V_ASN1_UTCTIME)
+                tmp.tm_year = n < 50 ? n + 100 : n;
+            else
+                tmp.tm_year += n;
+            break;
+        case 2:
+            tmp.tm_mon = n - 1;
+            break;
+        case 3:
+            /* check if tm_mday is valid in tm_mon */
+            if (tmp.tm_mon == 1) {
+                /* it's February */
+                md = mdays[1] + leap_year(tmp.tm_year + 1900);
+            } else {
+                md = mdays[tmp.tm_mon];
+            }
+            if (n > md)
+                goto err;
+            tmp.tm_mday = n;
+            determine_days(&tmp);
+            break;
+        case 4:
+            tmp.tm_hour = n;
+            break;
+        case 5:
+            tmp.tm_min = n;
+            break;
+        case 6:
+            tmp.tm_sec = n;
+            break;
+        }
+    }
+
+    /*
+     * Optional fractional seconds: decimal point followed by one or more
+     * digits.
+     */
+    if (d->type == V_ASN1_GENERALIZEDTIME && a[o] == '.') {
+        if (strict)
+            /* RFC 5280 forbids fractional seconds */
+            goto err;
+        if (++o == l)
+            goto err;
+        i = o;
+        while ((o < l) && ossl_isdigit(a[o]))
+            o++;
+        /* Must have at least one digit after decimal point */
+        if (i == o)
+            goto err;
+        /* no more bytes to read, but we haven't seen time-zone yet */
+        if (o == l)
+            goto err;
+    }
+
+    /*
+     * 'o' will never point to '\0' at this point, the only chance
+     * 'o' can point to '\0' is either the subsequent if or the first
+     * else if is true.
+     */
+    if (a[o] == 'Z') {
+        o++;
+    } else if (!strict && ((a[o] == '+') || (a[o] == '-'))) {
+        int offsign = a[o] == '-' ? 1 : -1;
+        int offset = 0;
+
+        o++;
+        /*
+         * if not equal, no need to do subsequent checks
+         * since the following for-loop will add 'o' by 4
+         * and the final return statement will check if 'l'
+         * and 'o' are equal.
+         */
+        if (o + 4 != l)
+            goto err;
+        for (i = end; i < end + 2; i++) {
+            if (!ossl_isdigit(a[o]))
+                goto err;
+            n = a[o] - '0';
+            o++;
+            if (!ossl_isdigit(a[o]))
+                goto err;
+            n = (n * 10) + a[o] - '0';
+            i2 = (d->type == V_ASN1_UTCTIME) ? i + 1 : i;
+            if ((n < min[i2]) || (n > max[i2]))
+                goto err;
+            /* if tm is NULL, no need to adjust */
+            if (tm != NULL) {
+                if (i == end)
+                    offset = n * 3600;
+                else if (i == end + 1)
+                    offset += n * 60;
+            }
+            o++;
+        }
+        if (offset && !OPENSSL_gmtime_adj(&tmp, 0, offset * offsign))
+            goto err;
+    } else {
+        /* not Z, or not +/- in non-strict mode */
+        goto err;
+    }
+    if (o == l) {
+        /* success, check if tm should be filled */
+        if (tm != NULL)
+            *tm = tmp;
+        return 1;
+    }
+ err:
+    return 0;
+}
+
+ASN1_TIME *asn1_time_from_tm(ASN1_TIME *s, struct tm *ts, int type)
+{
+    char* p;
+    ASN1_TIME *tmps = NULL;
+    const size_t len = 20;
+
+    if (type == V_ASN1_UNDEF) {
+        if (is_utc(ts->tm_year))
+            type = V_ASN1_UTCTIME;
+        else
+            type = V_ASN1_GENERALIZEDTIME;
+    } else if (type == V_ASN1_UTCTIME) {
+        if (!is_utc(ts->tm_year))
+            goto err;
+    } else if (type != V_ASN1_GENERALIZEDTIME) {
+        goto err;
+    }
+
+    if (s == NULL)
+        tmps = ASN1_STRING_new();
+    else
+        tmps = s;
+    if (tmps == NULL)
+        return NULL;
+
+    if (!ASN1_STRING_set(tmps, NULL, len))
+        goto err;
+
+    tmps->type = type;
+    p = (char*)tmps->data;
+
+    if (type == V_ASN1_GENERALIZEDTIME)
+        tmps->length = BIO_snprintf(p, len, "%04d%02d%02d%02d%02d%02dZ",
+                                    ts->tm_year + 1900, ts->tm_mon + 1,
+                                    ts->tm_mday, ts->tm_hour, ts->tm_min,
+                                    ts->tm_sec);
+    else
+        tmps->length = BIO_snprintf(p, len, "%02d%02d%02d%02d%02d%02dZ",
+                                    ts->tm_year % 100, ts->tm_mon + 1,
+                                    ts->tm_mday, ts->tm_hour, ts->tm_min,
+                                    ts->tm_sec);
+
+#ifdef CHARSET_EBCDIC_not
+    ebcdic2ascii(tmps->data, tmps->data, tmps->length);
+#endif
+    return tmps;
+ err:
+    if (tmps != s)
+        ASN1_STRING_free(tmps);
+    return NULL;
+}
+
 ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
 {
     return ASN1_TIME_adj(s, t, 0, 0);
@@ -44,9 +330,7 @@ ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t,
         if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
             return NULL;
     }
-    if ((ts->tm_year >= 50) && (ts->tm_year < 150))
-        return ASN1_UTCTIME_adj(s, t, offset_day, offset_sec);
-    return ASN1_GENERALIZEDTIME_adj(s, t, offset_day, offset_sec);
+    return asn1_time_from_tm(s, ts, V_ASN1_UNDEF);
 }
 
 int ASN1_TIME_check(const ASN1_TIME *t)
@@ -63,108 +347,207 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *t,
                                                    ASN1_GENERALIZEDTIME **out)
 {
     ASN1_GENERALIZEDTIME *ret = NULL;
-    char *str;
-    int newlen;
+    struct tm tm;
 
-    if (!ASN1_TIME_check(t))
+    if (!ASN1_TIME_to_tm(t, &tm))
         return NULL;
 
-    if (out == NULL || *out == NULL) {
-        if ((ret = ASN1_GENERALIZEDTIME_new()) == NULL)
-            goto err;
-    } else
+    if (out != NULL)
         ret = *out;
 
-    /* If already GeneralizedTime just copy across */
-    if (t->type == V_ASN1_GENERALIZEDTIME) {
-        if (!ASN1_STRING_set(ret, t->data, t->length))
-            goto err;
-        goto done;
-    }
-
-    /* grow the string */
-    if (!ASN1_STRING_set(ret, NULL, t->length + 2))
-        goto err;
-    /* ASN1_STRING_set() allocated 'len + 1' bytes. */
-    newlen = t->length + 2 + 1;
-    str = (char *)ret->data;
-    /* Work out the century and prepend */
-    if (t->data[0] >= '5')
-        OPENSSL_strlcpy(str, "19", newlen);
-    else
-        OPENSSL_strlcpy(str, "20", newlen);
-
-    OPENSSL_strlcat(str, (const char *)t->data, newlen);
+    ret = asn1_time_from_tm(ret, &tm, V_ASN1_GENERALIZEDTIME);
 
- done:
-   if (out != NULL && *out == NULL)
-       *out = ret;
-   return ret;
+    if (out != NULL && ret != NULL)
+        *out = ret;
 
- err:
-    if (out == NULL || *out != ret)
-        ASN1_GENERALIZEDTIME_free(ret);
-    return NULL;
+    return ret;
 }
 
-
 int ASN1_TIME_set_string(ASN1_TIME *s, const char *str)
 {
+    /* Try UTC, if that fails, try GENERALIZED */
+    if (ASN1_UTCTIME_set_string(s, str))
+        return 1;
+    return ASN1_GENERALIZEDTIME_set_string(s, str);
+}
+
+int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str)
+{
     ASN1_TIME t;
+    struct tm tm;
+    int rv = 0;
 
     t.length = strlen(str);
     t.data = (unsigned char *)str;
-    t.flags = 0;
+    t.flags = ASN1_STRING_FLAG_X509_TIME;
 
     t.type = V_ASN1_UTCTIME;
 
     if (!ASN1_TIME_check(&t)) {
         t.type = V_ASN1_GENERALIZEDTIME;
         if (!ASN1_TIME_check(&t))
-            return 0;
+            goto out;
     }
 
-    if (s && !ASN1_STRING_copy((ASN1_STRING *)s, (ASN1_STRING *)&t))
-        return 0;
+    /*
+     * Per RFC 5280 (section 4.1.2.5.), the valid input time
+     * strings should be encoded with the following rules:
+     *
+     * 1. UTC: YYMMDDHHMMSSZ, if YY < 50 (20YY) --> UTC: YYMMDDHHMMSSZ
+     * 2. UTC: YYMMDDHHMMSSZ, if YY >= 50 (19YY) --> UTC: YYMMDDHHMMSSZ
+     * 3. G'd: YYYYMMDDHHMMSSZ, if YYYY >= 2050 --> G'd: YYYYMMDDHHMMSSZ
+     * 4. G'd: YYYYMMDDHHMMSSZ, if YYYY < 2050 --> UTC: YYMMDDHHMMSSZ
+     *
+     * Only strings of the 4th rule should be reformatted, but since a
+     * UTC can only present [1950, 2050), so if the given time string
+     * is less than 1950 (e.g. 19230419000000Z), we do nothing...
+     */
 
-    return 1;
+    if (s != NULL && t.type == V_ASN1_GENERALIZEDTIME) {
+        if (!asn1_time_to_tm(&tm, &t))
+            goto out;
+        if (is_utc(tm.tm_year)) {
+            t.length -= 2;
+            /*
+             * it's OK to let original t.data go since that's assigned
+             * to a piece of memory allocated outside of this function.
+             * new t.data would be freed after ASN1_STRING_copy is done.
+             */
+            t.data = OPENSSL_zalloc(t.length + 1);
+            if (t.data == NULL)
+                goto out;
+            memcpy(t.data, str + 2, t.length);
+            t.type = V_ASN1_UTCTIME;
+        }
+    }
+
+    if (s == NULL || ASN1_STRING_copy((ASN1_STRING *)s, (ASN1_STRING *)&t))
+        rv = 1;
+
+    if (t.data != (unsigned char *)str)
+        OPENSSL_free(t.data);
+out:
+    return rv;
 }
 
-static int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *t)
+int ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm)
 {
-    if (t == NULL) {
+    if (s == NULL) {
         time_t now_t;
+
         time(&now_t);
-        if (OPENSSL_gmtime(&now_t, tm))
+        memset(tm, 0, sizeof(*tm));
+        if (OPENSSL_gmtime(&now_t, tm) != NULL)
             return 1;
         return 0;
     }
 
-    if (t->type == V_ASN1_UTCTIME)
-        return asn1_utctime_to_tm(tm, t);
-    else if (t->type == V_ASN1_GENERALIZEDTIME)
-        return asn1_generalizedtime_to_tm(tm, t);
-
-    return 0;
+    return asn1_time_to_tm(tm, s);
 }
 
 int ASN1_TIME_diff(int *pday, int *psec,
                    const ASN1_TIME *from, const ASN1_TIME *to)
 {
     struct tm tm_from, tm_to;
-    if (!asn1_time_to_tm(&tm_from, from))
+
+    if (!ASN1_TIME_to_tm(from, &tm_from))
         return 0;
-    if (!asn1_time_to_tm(&tm_to, to))
+    if (!ASN1_TIME_to_tm(to, &tm_to))
         return 0;
     return OPENSSL_gmtime_diff(pday, psec, &tm_from, &tm_to);
 }
 
+static const char _asn1_mon[12][4] = {
+    "Jan", "Feb", "Mar", "Apr", "May", "Jun",
+    "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
+};
+
 int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm)
 {
-    if (tm->type == V_ASN1_UTCTIME)
-        return ASN1_UTCTIME_print(bp, tm);
-    if (tm->type == V_ASN1_GENERALIZEDTIME)
-        return ASN1_GENERALIZEDTIME_print(bp, tm);
+    char *v;
+    int gmt = 0, l;
+    struct tm stm;
+
+    if (!asn1_time_to_tm(&stm, tm)) {
+        /* asn1_time_to_tm will check the time type */
+        goto err;
+    }
+
+    l = tm->length;
+    v = (char *)tm->data;
+    if (v[l - 1] == 'Z')
+        gmt = 1;
+
+    if (tm->type == V_ASN1_GENERALIZEDTIME) {
+        char *f = NULL;
+        int f_len = 0;
+
+        /*
+         * Try to parse fractional seconds. '14' is the place of
+         * 'fraction point' in a GeneralizedTime string.
+         */
+        if (tm->length > 15 && v[14] == '.') {
+            f = &v[14];
+            f_len = 1;
+            while (14 + f_len < l && ossl_isdigit(f[f_len]))
+                ++f_len;
+        }
+
+        return BIO_printf(bp, "%s %2d %02d:%02d:%02d%.*s %d%s",
+                          _asn1_mon[stm.tm_mon], stm.tm_mday, stm.tm_hour,
+                          stm.tm_min, stm.tm_sec, f_len, f, stm.tm_year + 1900,
+                          (gmt ? " GMT" : "")) > 0;
+    } else {
+        return BIO_printf(bp, "%s %2d %02d:%02d:%02d %d%s",
+                          _asn1_mon[stm.tm_mon], stm.tm_mday, stm.tm_hour,
+                          stm.tm_min, stm.tm_sec, stm.tm_year + 1900,
+                          (gmt ? " GMT" : "")) > 0;
+    }
+ err:
     BIO_write(bp, "Bad time value", 14);
-    return (0);
+    return 0;
+}
+
+int ASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t)
+{
+    struct tm stm, ttm;
+    int day, sec;
+
+    if (!ASN1_TIME_to_tm(s, &stm))
+        return -2;
+
+    if (!OPENSSL_gmtime(&t, &ttm))
+        return -2;
+
+    if (!OPENSSL_gmtime_diff(&day, &sec, &ttm, &stm))
+        return -2;
+
+    if (day > 0 || sec > 0)
+        return 1;
+    if (day < 0 || sec < 0)
+        return -1;
+    return 0;
+}
+
+int ASN1_TIME_normalize(ASN1_TIME *t)
+{
+    struct tm tm;
+
+    if (!ASN1_TIME_to_tm(t, &tm))
+        return 0;
+
+    return asn1_time_from_tm(t, &tm, V_ASN1_UNDEF) != NULL;
+}
+
+int ASN1_TIME_compare(const ASN1_TIME *a, const ASN1_TIME *b)
+{
+    int day, sec;
+
+    if (!ASN1_TIME_diff(&day, &sec, b, a))
+        return -2;
+    if (day > 0 || sec > 0)
+        return 1;
+    if (day < 0 || sec < 0)
+        return -1;
+    return 0;
 }
diff --git a/deps/openssl/openssl/crypto/asn1/a_type.c b/deps/openssl/openssl/crypto/asn1/a_type.c
index df42360e76..0c7aebe307 100644
--- a/deps/openssl/openssl/crypto/asn1/a_type.c
+++ b/deps/openssl/openssl/crypto/asn1/a_type.c
@@ -16,9 +16,9 @@
 int ASN1_TYPE_get(const ASN1_TYPE *a)
 {
     if ((a->value.ptr != NULL) || (a->type == V_ASN1_NULL))
-        return (a->type);
+        return a->type;
     else
-        return (0);
+        return 0;
 }
 
 void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value)
diff --git a/deps/openssl/openssl/crypto/asn1/a_utctm.c b/deps/openssl/openssl/crypto/asn1/a_utctm.c
index 9797aa8a1e..b224991aa3 100644
--- a/deps/openssl/openssl/crypto/asn1/a_utctm.c
+++ b/deps/openssl/openssl/crypto/asn1/a_utctm.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -13,96 +13,13 @@
 #include <openssl/asn1.h>
 #include "asn1_locl.h"
 
+/* This is the primary function used to parse ASN1_UTCTIME */
 int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d)
 {
-    static const int min[8] = { 0, 1, 1, 0, 0, 0, 0, 0 };
-    static const int max[8] = { 99, 12, 31, 23, 59, 59, 12, 59 };
-    char *a;
-    int n, i, l, o;
-
+    /* wrapper around ans1_time_to_tm */
     if (d->type != V_ASN1_UTCTIME)
-        return (0);
-    l = d->length;
-    a = (char *)d->data;
-    o = 0;
-
-    if (l < 11)
-        goto err;
-    for (i = 0; i < 6; i++) {
-        if ((i == 5) && ((a[o] == 'Z') || (a[o] == '+') || (a[o] == '-'))) {
-            i++;
-            if (tm)
-                tm->tm_sec = 0;
-            break;
-        }
-        if ((a[o] < '0') || (a[o] > '9'))
-            goto err;
-        n = a[o] - '0';
-        if (++o > l)
-            goto err;
-
-        if ((a[o] < '0') || (a[o] > '9'))
-            goto err;
-        n = (n * 10) + a[o] - '0';
-        if (++o > l)
-            goto err;
-
-        if ((n < min[i]) || (n > max[i]))
-            goto err;
-        if (tm) {
-            switch (i) {
-            case 0:
-                tm->tm_year = n < 50 ? n + 100 : n;
-                break;
-            case 1:
-                tm->tm_mon = n - 1;
-                break;
-            case 2:
-                tm->tm_mday = n;
-                break;
-            case 3:
-                tm->tm_hour = n;
-                break;
-            case 4:
-                tm->tm_min = n;
-                break;
-            case 5:
-                tm->tm_sec = n;
-                break;
-            }
-        }
-    }
-    if (a[o] == 'Z')
-        o++;
-    else if ((a[o] == '+') || (a[o] == '-')) {
-        int offsign = a[o] == '-' ? 1 : -1, offset = 0;
-        o++;
-        if (o + 4 > l)
-            goto err;
-        for (i = 6; i < 8; i++) {
-            if ((a[o] < '0') || (a[o] > '9'))
-                goto err;
-            n = a[o] - '0';
-            o++;
-            if ((a[o] < '0') || (a[o] > '9'))
-                goto err;
-            n = (n * 10) + a[o] - '0';
-            if ((n < min[i]) || (n > max[i]))
-                goto err;
-            if (tm) {
-                if (i == 6)
-                    offset = n * 3600;
-                else if (i == 7)
-                    offset += n * 60;
-            }
-            o++;
-        }
-        if (offset && !OPENSSL_gmtime_adj(tm, 0, offset * offsign))
-            return 0;
-    }
-    return o == l;
- err:
-    return 0;
+        return 0;
+    return asn1_time_to_tm(tm, d);
 }
 
 int ASN1_UTCTIME_check(const ASN1_UTCTIME *d)
@@ -110,6 +27,7 @@ int ASN1_UTCTIME_check(const ASN1_UTCTIME *d)
     return asn1_utctime_to_tm(NULL, d);
 }
 
+/* Sets the string via simple copy without cleaning it up */
 int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str)
 {
     ASN1_UTCTIME t;
@@ -117,15 +35,15 @@ int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str)
     t.type = V_ASN1_UTCTIME;
     t.length = strlen(str);
     t.data = (unsigned char *)str;
-    if (ASN1_UTCTIME_check(&t)) {
-        if (s != NULL) {
-            if (!ASN1_STRING_set((ASN1_STRING *)s, str, t.length))
-                return 0;
-            s->type = V_ASN1_UTCTIME;
-        }
-        return (1);
-    } else
-        return (0);
+    t.flags = 0;
+
+    if (!ASN1_UTCTIME_check(&t))
+        return 0;
+
+    if (s != NULL && !ASN1_STRING_copy(s, &t))
+        return 0;
+
+    return 1;
 }
 
 ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
@@ -136,55 +54,19 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
 ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
                                int offset_day, long offset_sec)
 {
-    char *p;
     struct tm *ts;
     struct tm data;
-    size_t len = 20;
-    int free_s = 0;
-
-    if (s == NULL) {
-        s = ASN1_UTCTIME_new();
-        if (s == NULL)
-            goto err;
-        free_s = 1;
-    }
 
     ts = OPENSSL_gmtime(&t, &data);
     if (ts == NULL)
-        goto err;
+        return NULL;
 
     if (offset_day || offset_sec) {
         if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
-            goto err;
-    }
-
-    if ((ts->tm_year < 50) || (ts->tm_year >= 150))
-        goto err;
-
-    p = (char *)s->data;
-    if ((p == NULL) || ((size_t)s->length < len)) {
-        p = OPENSSL_malloc(len);
-        if (p == NULL) {
-            ASN1err(ASN1_F_ASN1_UTCTIME_ADJ, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-        OPENSSL_free(s->data);
-        s->data = (unsigned char *)p;
+            return NULL;
     }
 
-    BIO_snprintf(p, len, "%02d%02d%02d%02d%02d%02dZ", ts->tm_year % 100,
-                 ts->tm_mon + 1, ts->tm_mday, ts->tm_hour, ts->tm_min,
-                 ts->tm_sec);
-    s->length = strlen(p);
-    s->type = V_ASN1_UTCTIME;
-#ifdef CHARSET_EBCDIC_not
-    ebcdic2ascii(s->data, s->data, s->length);
-#endif
-    return (s);
- err:
-    if (free_s)
-        ASN1_UTCTIME_free(s);
-    return NULL;
+    return asn1_time_from_tm(s, ts, V_ASN1_UTCTIME);
 }
 
 int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
@@ -195,60 +77,22 @@ int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
     if (!asn1_utctime_to_tm(&stm, s))
         return -2;
 
-    if (!OPENSSL_gmtime(&t, &ttm))
+    if (OPENSSL_gmtime(&t, &ttm) == NULL)
         return -2;
 
     if (!OPENSSL_gmtime_diff(&day, &sec, &ttm, &stm))
         return -2;
 
-    if (day > 0)
-        return 1;
-    if (day < 0)
-        return -1;
-    if (sec > 0)
+    if (day > 0 || sec > 0)
         return 1;
-    if (sec < 0)
+    if (day < 0 || sec < 0)
         return -1;
     return 0;
 }
 
 int ASN1_UTCTIME_print(BIO *bp, const ASN1_UTCTIME *tm)
 {
-    const char *v;
-    int gmt = 0;
-    int i;
-    int y = 0, M = 0, d = 0, h = 0, m = 0, s = 0;
-
-    i = tm->length;
-    v = (const char *)tm->data;
-
-    if (i < 10)
-        goto err;
-    if (v[i - 1] == 'Z')
-        gmt = 1;
-    for (i = 0; i < 10; i++)
-        if ((v[i] > '9') || (v[i] < '0'))
-            goto err;
-    y = (v[0] - '0') * 10 + (v[1] - '0');
-    if (y < 50)
-        y += 100;
-    M = (v[2] - '0') * 10 + (v[3] - '0');
-    if ((M > 12) || (M < 1))
-        goto err;
-    d = (v[4] - '0') * 10 + (v[5] - '0');
-    h = (v[6] - '0') * 10 + (v[7] - '0');
-    m = (v[8] - '0') * 10 + (v[9] - '0');
-    if (tm->length >= 12 &&
-        (v[10] >= '0') && (v[10] <= '9') && (v[11] >= '0') && (v[11] <= '9'))
-        s = (v[10] - '0') * 10 + (v[11] - '0');
-
-    if (BIO_printf(bp, "%s %2d %02d:%02d:%02d %d%s",
-                   _asn1_mon[M - 1], d, h, m, s, y + 1900,
-                   (gmt) ? " GMT" : "") <= 0)
-        return (0);
-    else
-        return (1);
- err:
-    BIO_write(bp, "Bad time value", 14);
-    return (0);
+    if (tm->type != V_ASN1_UTCTIME)
+        return 0;
+    return ASN1_TIME_print(bp, tm);
 }
diff --git a/deps/openssl/openssl/crypto/asn1/a_verify.c b/deps/openssl/openssl/crypto/asn1/a_verify.c
index fb3607cbbd..973d50d24d 100644
--- a/deps/openssl/openssl/crypto/asn1/a_verify.c
+++ b/deps/openssl/openssl/crypto/asn1/a_verify.c
@@ -76,7 +76,7 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
     ret = 1;
  err:
     EVP_MD_CTX_free(ctx);
-    return (ret);
+    return ret;
 }
 
 #endif
@@ -86,7 +86,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
 {
     EVP_MD_CTX *ctx = NULL;
     unsigned char *buf_in = NULL;
-    int ret = -1, inl;
+    int ret = -1, inl = 0;
 
     int mdnid, pknid;
 
@@ -156,24 +156,15 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
         goto err;
     }
 
-    ret = EVP_DigestVerifyUpdate(ctx, buf_in, inl);
-
-    OPENSSL_clear_free(buf_in, (unsigned int)inl);
-
-    if (!ret) {
+    ret = EVP_DigestVerify(ctx, signature->data, (size_t)signature->length,
+                           buf_in, inl);
+    if (ret <= 0) {
         ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB);
         goto err;
     }
-    ret = -1;
-
-    if (EVP_DigestVerifyFinal(ctx, signature->data,
-                              (size_t)signature->length) <= 0) {
-        ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB);
-        ret = 0;
-        goto err;
-    }
     ret = 1;
  err:
+    OPENSSL_clear_free(buf_in, (unsigned int)inl);
     EVP_MD_CTX_free(ctx);
-    return (ret);
+    return ret;
 }
diff --git a/deps/openssl/openssl/crypto/asn1/ameth_lib.c b/deps/openssl/openssl/crypto/asn1/ameth_lib.c
index 9b0a2ccb20..9a1644148a 100644
--- a/deps/openssl/openssl/crypto/asn1/ameth_lib.c
+++ b/deps/openssl/openssl/crypto/asn1/ameth_lib.c
@@ -7,59 +7,20 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
+#include "e_os.h"               /* for strncasecmp */
 #include "internal/cryptlib.h"
+#include <stdio.h>
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
 #include <openssl/engine.h>
 #include "internal/asn1_int.h"
 #include "internal/evp_int.h"
 
-/* Keep this sorted in type order !! */
-static const EVP_PKEY_ASN1_METHOD *standard_methods[] = {
-#ifndef OPENSSL_NO_RSA
-    &rsa_asn1_meths[0],
-    &rsa_asn1_meths[1],
-#endif
-#ifndef OPENSSL_NO_DH
-    &dh_asn1_meth,
-#endif
-#ifndef OPENSSL_NO_DSA
-    &dsa_asn1_meths[0],
-    &dsa_asn1_meths[1],
-    &dsa_asn1_meths[2],
-    &dsa_asn1_meths[3],
-    &dsa_asn1_meths[4],
-#endif
-#ifndef OPENSSL_NO_EC
-    &eckey_asn1_meth,
-#endif
-    &hmac_asn1_meth,
-#ifndef OPENSSL_NO_CMAC
-    &cmac_asn1_meth,
-#endif
-#ifndef OPENSSL_NO_DH
-    &dhx_asn1_meth,
-#endif
-#ifndef OPENSSL_NO_EC
-    &ecx25519_asn1_meth
-#endif
-};
+#include "standard_methods.h"
 
 typedef int sk_cmp_fn_type(const char *const *a, const char *const *b);
 static STACK_OF(EVP_PKEY_ASN1_METHOD) *app_methods = NULL;
 
-#ifdef TEST
-void main()
-{
-    int i;
-    for (i = 0; i < OSSL_NELEM(standard_methods); i++)
-        fprintf(stderr, "Number %d id=%d (%s)\n", i,
-                standard_methods[i]->pkey_id,
-                OBJ_nid2sn(standard_methods[i]->pkey_id));
-}
-#endif
-
 DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_ASN1_METHOD *,
                            const EVP_PKEY_ASN1_METHOD *, ameth);
 
@@ -313,6 +274,10 @@ void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst,
     dst->item_sign = src->item_sign;
     dst->item_verify = src->item_verify;
 
+    dst->siginf_set = src->siginf_set;
+
+    dst->pkey_check = src->pkey_check;
+
 }
 
 void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth)
@@ -421,3 +386,62 @@ void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth,
     ameth->item_sign = item_sign;
     ameth->item_verify = item_verify;
 }
+
+void EVP_PKEY_asn1_set_siginf(EVP_PKEY_ASN1_METHOD *ameth,
+                              int (*siginf_set) (X509_SIG_INFO *siginf,
+                                                 const X509_ALGOR *alg,
+                                                 const ASN1_STRING *sig))
+{
+    ameth->siginf_set = siginf_set;
+}
+
+void EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth,
+                             int (*pkey_check) (const EVP_PKEY *pk))
+{
+    ameth->pkey_check = pkey_check;
+}
+
+void EVP_PKEY_asn1_set_public_check(EVP_PKEY_ASN1_METHOD *ameth,
+                                    int (*pkey_pub_check) (const EVP_PKEY *pk))
+{
+    ameth->pkey_public_check = pkey_pub_check;
+}
+
+void EVP_PKEY_asn1_set_param_check(EVP_PKEY_ASN1_METHOD *ameth,
+                                   int (*pkey_param_check) (const EVP_PKEY *pk))
+{
+    ameth->pkey_param_check = pkey_param_check;
+}
+
+void EVP_PKEY_asn1_set_set_priv_key(EVP_PKEY_ASN1_METHOD *ameth,
+                                    int (*set_priv_key) (EVP_PKEY *pk,
+                                                         const unsigned char
+                                                            *priv,
+                                                         size_t len))
+{
+    ameth->set_priv_key = set_priv_key;
+}
+
+void EVP_PKEY_asn1_set_set_pub_key(EVP_PKEY_ASN1_METHOD *ameth,
+                                   int (*set_pub_key) (EVP_PKEY *pk,
+                                                       const unsigned char *pub,
+                                                       size_t len))
+{
+    ameth->set_pub_key = set_pub_key;
+}
+
+void EVP_PKEY_asn1_set_get_priv_key(EVP_PKEY_ASN1_METHOD *ameth,
+                                    int (*get_priv_key) (const EVP_PKEY *pk,
+                                                         unsigned char *priv,
+                                                         size_t *len))
+{
+    ameth->get_priv_key = get_priv_key;
+}
+
+void EVP_PKEY_asn1_set_get_pub_key(EVP_PKEY_ASN1_METHOD *ameth,
+                                   int (*get_pub_key) (const EVP_PKEY *pk,
+                                                       unsigned char *pub,
+                                                       size_t *len))
+{
+    ameth->get_pub_key = get_pub_key;
+}
diff --git a/deps/openssl/openssl/crypto/asn1/asn1_err.c b/deps/openssl/openssl/crypto/asn1/asn1_err.c
index 5d895d3009..613f9ae713 100644
--- a/deps/openssl/openssl/crypto/asn1/asn1_err.c
+++ b/deps/openssl/openssl/crypto/asn1/asn1_err.c
@@ -8,253 +8,331 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
 #include <openssl/err.h>
-#include <openssl/asn1.h>
+#include <openssl/asn1err.h>
 
-/* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_ASN1,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_ASN1,0,reason)
-
-static ERR_STRING_DATA ASN1_str_functs[] = {
-    {ERR_FUNC(ASN1_F_A2D_ASN1_OBJECT), "a2d_ASN1_OBJECT"},
-    {ERR_FUNC(ASN1_F_A2I_ASN1_INTEGER), "a2i_ASN1_INTEGER"},
-    {ERR_FUNC(ASN1_F_A2I_ASN1_STRING), "a2i_ASN1_STRING"},
-    {ERR_FUNC(ASN1_F_APPEND_EXP), "append_exp"},
-    {ERR_FUNC(ASN1_F_ASN1_BIT_STRING_SET_BIT), "ASN1_BIT_STRING_set_bit"},
-    {ERR_FUNC(ASN1_F_ASN1_CB), "asn1_cb"},
-    {ERR_FUNC(ASN1_F_ASN1_CHECK_TLEN), "asn1_check_tlen"},
-    {ERR_FUNC(ASN1_F_ASN1_COLLECT), "asn1_collect"},
-    {ERR_FUNC(ASN1_F_ASN1_D2I_EX_PRIMITIVE), "asn1_d2i_ex_primitive"},
-    {ERR_FUNC(ASN1_F_ASN1_D2I_FP), "ASN1_d2i_fp"},
-    {ERR_FUNC(ASN1_F_ASN1_D2I_READ_BIO), "asn1_d2i_read_bio"},
-    {ERR_FUNC(ASN1_F_ASN1_DIGEST), "ASN1_digest"},
-    {ERR_FUNC(ASN1_F_ASN1_DO_ADB), "asn1_do_adb"},
-    {ERR_FUNC(ASN1_F_ASN1_DO_LOCK), "asn1_do_lock"},
-    {ERR_FUNC(ASN1_F_ASN1_DUP), "ASN1_dup"},
-    {ERR_FUNC(ASN1_F_ASN1_EX_C2I), "asn1_ex_c2i"},
-    {ERR_FUNC(ASN1_F_ASN1_FIND_END), "asn1_find_end"},
-    {ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_ADJ), "ASN1_GENERALIZEDTIME_adj"},
-    {ERR_FUNC(ASN1_F_ASN1_GENERATE_V3), "ASN1_generate_v3"},
-    {ERR_FUNC(ASN1_F_ASN1_GET_INT64), "asn1_get_int64"},
-    {ERR_FUNC(ASN1_F_ASN1_GET_OBJECT), "ASN1_get_object"},
-    {ERR_FUNC(ASN1_F_ASN1_GET_UINT64), "asn1_get_uint64"},
-    {ERR_FUNC(ASN1_F_ASN1_I2D_BIO), "ASN1_i2d_bio"},
-    {ERR_FUNC(ASN1_F_ASN1_I2D_FP), "ASN1_i2d_fp"},
-    {ERR_FUNC(ASN1_F_ASN1_ITEM_D2I_FP), "ASN1_item_d2i_fp"},
-    {ERR_FUNC(ASN1_F_ASN1_ITEM_DUP), "ASN1_item_dup"},
-    {ERR_FUNC(ASN1_F_ASN1_ITEM_EMBED_D2I), "asn1_item_embed_d2i"},
-    {ERR_FUNC(ASN1_F_ASN1_ITEM_EMBED_NEW), "asn1_item_embed_new"},
-    {ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_BIO), "ASN1_item_i2d_bio"},
-    {ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_FP), "ASN1_item_i2d_fp"},
-    {ERR_FUNC(ASN1_F_ASN1_ITEM_PACK), "ASN1_item_pack"},
-    {ERR_FUNC(ASN1_F_ASN1_ITEM_SIGN), "ASN1_item_sign"},
-    {ERR_FUNC(ASN1_F_ASN1_ITEM_SIGN_CTX), "ASN1_item_sign_ctx"},
-    {ERR_FUNC(ASN1_F_ASN1_ITEM_UNPACK), "ASN1_item_unpack"},
-    {ERR_FUNC(ASN1_F_ASN1_ITEM_VERIFY), "ASN1_item_verify"},
-    {ERR_FUNC(ASN1_F_ASN1_MBSTRING_NCOPY), "ASN1_mbstring_ncopy"},
-    {ERR_FUNC(ASN1_F_ASN1_OBJECT_NEW), "ASN1_OBJECT_new"},
-    {ERR_FUNC(ASN1_F_ASN1_OUTPUT_DATA), "asn1_output_data"},
-    {ERR_FUNC(ASN1_F_ASN1_PCTX_NEW), "ASN1_PCTX_new"},
-    {ERR_FUNC(ASN1_F_ASN1_SCTX_NEW), "ASN1_SCTX_new"},
-    {ERR_FUNC(ASN1_F_ASN1_SIGN), "ASN1_sign"},
-    {ERR_FUNC(ASN1_F_ASN1_STR2TYPE), "asn1_str2type"},
-    {ERR_FUNC(ASN1_F_ASN1_STRING_GET_INT64), "asn1_string_get_int64"},
-    {ERR_FUNC(ASN1_F_ASN1_STRING_GET_UINT64), "asn1_string_get_uint64"},
-    {ERR_FUNC(ASN1_F_ASN1_STRING_SET), "ASN1_STRING_set"},
-    {ERR_FUNC(ASN1_F_ASN1_STRING_TABLE_ADD), "ASN1_STRING_TABLE_add"},
-    {ERR_FUNC(ASN1_F_ASN1_STRING_TO_BN), "asn1_string_to_bn"},
-    {ERR_FUNC(ASN1_F_ASN1_STRING_TYPE_NEW), "ASN1_STRING_type_new"},
-    {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_EX_D2I), "asn1_template_ex_d2i"},
-    {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NEW), "asn1_template_new"},
-    {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I), "asn1_template_noexp_d2i"},
-    {ERR_FUNC(ASN1_F_ASN1_TIME_ADJ), "ASN1_TIME_adj"},
-    {ERR_FUNC(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING),
+static const ERR_STRING_DATA ASN1_str_functs[] = {
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_A2D_ASN1_OBJECT, 0), "a2d_ASN1_OBJECT"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_A2I_ASN1_INTEGER, 0), "a2i_ASN1_INTEGER"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_A2I_ASN1_STRING, 0), "a2i_ASN1_STRING"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_APPEND_EXP, 0), "append_exp"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_BIO_INIT, 0), "asn1_bio_init"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_BIT_STRING_SET_BIT, 0),
+     "ASN1_BIT_STRING_set_bit"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_CB, 0), "asn1_cb"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_CHECK_TLEN, 0), "asn1_check_tlen"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_COLLECT, 0), "asn1_collect"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_D2I_EX_PRIMITIVE, 0),
+     "asn1_d2i_ex_primitive"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_D2I_FP, 0), "ASN1_d2i_fp"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_D2I_READ_BIO, 0), "asn1_d2i_read_bio"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_DIGEST, 0), "ASN1_digest"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_DO_ADB, 0), "asn1_do_adb"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_DO_LOCK, 0), "asn1_do_lock"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_DUP, 0), "ASN1_dup"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ENC_SAVE, 0), "asn1_enc_save"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_EX_C2I, 0), "asn1_ex_c2i"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_FIND_END, 0), "asn1_find_end"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_GENERALIZEDTIME_ADJ, 0),
+     "ASN1_GENERALIZEDTIME_adj"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_GENERATE_V3, 0), "ASN1_generate_v3"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_GET_INT64, 0), "asn1_get_int64"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_GET_OBJECT, 0), "ASN1_get_object"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_GET_UINT64, 0), "asn1_get_uint64"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_I2D_BIO, 0), "ASN1_i2d_bio"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_I2D_FP, 0), "ASN1_i2d_fp"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_D2I_FP, 0), "ASN1_item_d2i_fp"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_DUP, 0), "ASN1_item_dup"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_EMBED_D2I, 0),
+     "asn1_item_embed_d2i"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_EMBED_NEW, 0),
+     "asn1_item_embed_new"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_FLAGS_I2D, 0),
+     "asn1_item_flags_i2d"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_I2D_BIO, 0), "ASN1_item_i2d_bio"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_I2D_FP, 0), "ASN1_item_i2d_fp"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_PACK, 0), "ASN1_item_pack"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_SIGN, 0), "ASN1_item_sign"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_SIGN_CTX, 0),
+     "ASN1_item_sign_ctx"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_UNPACK, 0), "ASN1_item_unpack"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_VERIFY, 0), "ASN1_item_verify"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_MBSTRING_NCOPY, 0),
+     "ASN1_mbstring_ncopy"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_OBJECT_NEW, 0), "ASN1_OBJECT_new"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_OUTPUT_DATA, 0), "asn1_output_data"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_PCTX_NEW, 0), "ASN1_PCTX_new"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_PRIMITIVE_NEW, 0),
+     "asn1_primitive_new"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_SCTX_NEW, 0), "ASN1_SCTX_new"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_SIGN, 0), "ASN1_sign"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_STR2TYPE, 0), "asn1_str2type"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_STRING_GET_INT64, 0),
+     "asn1_string_get_int64"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_STRING_GET_UINT64, 0),
+     "asn1_string_get_uint64"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_STRING_SET, 0), "ASN1_STRING_set"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_STRING_TABLE_ADD, 0),
+     "ASN1_STRING_TABLE_add"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_STRING_TO_BN, 0), "asn1_string_to_bn"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_STRING_TYPE_NEW, 0),
+     "ASN1_STRING_type_new"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TEMPLATE_EX_D2I, 0),
+     "asn1_template_ex_d2i"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TEMPLATE_NEW, 0), "asn1_template_new"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, 0),
+     "asn1_template_noexp_d2i"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TIME_ADJ, 0), "ASN1_TIME_adj"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING, 0),
      "ASN1_TYPE_get_int_octetstring"},
-    {ERR_FUNC(ASN1_F_ASN1_TYPE_GET_OCTETSTRING), "ASN1_TYPE_get_octetstring"},
-    {ERR_FUNC(ASN1_F_ASN1_UTCTIME_ADJ), "ASN1_UTCTIME_adj"},
-    {ERR_FUNC(ASN1_F_ASN1_VERIFY), "ASN1_verify"},
-    {ERR_FUNC(ASN1_F_B64_READ_ASN1), "b64_read_asn1"},
-    {ERR_FUNC(ASN1_F_B64_WRITE_ASN1), "B64_write_ASN1"},
-    {ERR_FUNC(ASN1_F_BIO_NEW_NDEF), "BIO_new_NDEF"},
-    {ERR_FUNC(ASN1_F_BITSTR_CB), "bitstr_cb"},
-    {ERR_FUNC(ASN1_F_BN_TO_ASN1_STRING), "bn_to_asn1_string"},
-    {ERR_FUNC(ASN1_F_C2I_ASN1_BIT_STRING), "c2i_ASN1_BIT_STRING"},
-    {ERR_FUNC(ASN1_F_C2I_ASN1_INTEGER), "c2i_ASN1_INTEGER"},
-    {ERR_FUNC(ASN1_F_C2I_ASN1_OBJECT), "c2i_ASN1_OBJECT"},
-    {ERR_FUNC(ASN1_F_C2I_IBUF), "c2i_ibuf"},
-    {ERR_FUNC(ASN1_F_C2I_UINT64_INT), "c2i_uint64_int"},
-    {ERR_FUNC(ASN1_F_COLLECT_DATA), "collect_data"},
-    {ERR_FUNC(ASN1_F_D2I_ASN1_OBJECT), "d2i_ASN1_OBJECT"},
-    {ERR_FUNC(ASN1_F_D2I_ASN1_UINTEGER), "d2i_ASN1_UINTEGER"},
-    {ERR_FUNC(ASN1_F_D2I_AUTOPRIVATEKEY), "d2i_AutoPrivateKey"},
-    {ERR_FUNC(ASN1_F_D2I_PRIVATEKEY), "d2i_PrivateKey"},
-    {ERR_FUNC(ASN1_F_D2I_PUBLICKEY), "d2i_PublicKey"},
-    {ERR_FUNC(ASN1_F_DO_BUF), "do_buf"},
-    {ERR_FUNC(ASN1_F_DO_TCREATE), "do_tcreate"},
-    {ERR_FUNC(ASN1_F_I2D_ASN1_BIO_STREAM), "i2d_ASN1_bio_stream"},
-    {ERR_FUNC(ASN1_F_I2D_ASN1_OBJECT), "i2d_ASN1_OBJECT"},
-    {ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY), "i2d_DSA_PUBKEY"},
-    {ERR_FUNC(ASN1_F_I2D_EC_PUBKEY), "i2d_EC_PUBKEY"},
-    {ERR_FUNC(ASN1_F_I2D_PRIVATEKEY), "i2d_PrivateKey"},
-    {ERR_FUNC(ASN1_F_I2D_PUBLICKEY), "i2d_PublicKey"},
-    {ERR_FUNC(ASN1_F_I2D_RSA_PUBKEY), "i2d_RSA_PUBKEY"},
-    {ERR_FUNC(ASN1_F_LONG_C2I), "long_c2i"},
-    {ERR_FUNC(ASN1_F_OID_MODULE_INIT), "oid_module_init"},
-    {ERR_FUNC(ASN1_F_PARSE_TAGGING), "parse_tagging"},
-    {ERR_FUNC(ASN1_F_PKCS5_PBE2_SET_IV), "PKCS5_pbe2_set_iv"},
-    {ERR_FUNC(ASN1_F_PKCS5_PBE2_SET_SCRYPT), "PKCS5_pbe2_set_scrypt"},
-    {ERR_FUNC(ASN1_F_PKCS5_PBE_SET), "PKCS5_pbe_set"},
-    {ERR_FUNC(ASN1_F_PKCS5_PBE_SET0_ALGOR), "PKCS5_pbe_set0_algor"},
-    {ERR_FUNC(ASN1_F_PKCS5_PBKDF2_SET), "PKCS5_pbkdf2_set"},
-    {ERR_FUNC(ASN1_F_PKCS5_SCRYPT_SET), "pkcs5_scrypt_set"},
-    {ERR_FUNC(ASN1_F_SMIME_READ_ASN1), "SMIME_read_ASN1"},
-    {ERR_FUNC(ASN1_F_SMIME_TEXT), "SMIME_text"},
-    {ERR_FUNC(ASN1_F_STBL_MODULE_INIT), "stbl_module_init"},
-    {ERR_FUNC(ASN1_F_UINT32_C2I), "uint32_c2i"},
-    {ERR_FUNC(ASN1_F_UINT64_C2I), "uint64_c2i"},
-    {ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED), "X509_CRL_add0_revoked"},
-    {ERR_FUNC(ASN1_F_X509_INFO_NEW), "X509_INFO_new"},
-    {ERR_FUNC(ASN1_F_X509_NAME_ENCODE), "x509_name_encode"},
-    {ERR_FUNC(ASN1_F_X509_NAME_EX_D2I), "x509_name_ex_d2i"},
-    {ERR_FUNC(ASN1_F_X509_NAME_EX_NEW), "x509_name_ex_new"},
-    {ERR_FUNC(ASN1_F_X509_PKEY_NEW), "X509_PKEY_new"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TYPE_GET_OCTETSTRING, 0),
+     "ASN1_TYPE_get_octetstring"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_UTCTIME_ADJ, 0), "ASN1_UTCTIME_adj"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_VERIFY, 0), "ASN1_verify"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_B64_READ_ASN1, 0), "b64_read_asn1"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_B64_WRITE_ASN1, 0), "B64_write_ASN1"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_BIO_NEW_NDEF, 0), "BIO_new_NDEF"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_BITSTR_CB, 0), "bitstr_cb"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_BN_TO_ASN1_STRING, 0), "bn_to_asn1_string"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_C2I_ASN1_BIT_STRING, 0),
+     "c2i_ASN1_BIT_STRING"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_C2I_ASN1_INTEGER, 0), "c2i_ASN1_INTEGER"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_C2I_ASN1_OBJECT, 0), "c2i_ASN1_OBJECT"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_C2I_IBUF, 0), "c2i_ibuf"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_C2I_UINT64_INT, 0), "c2i_uint64_int"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_COLLECT_DATA, 0), "collect_data"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_D2I_ASN1_OBJECT, 0), "d2i_ASN1_OBJECT"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_D2I_ASN1_UINTEGER, 0), "d2i_ASN1_UINTEGER"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_D2I_AUTOPRIVATEKEY, 0),
+     "d2i_AutoPrivateKey"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_D2I_PRIVATEKEY, 0), "d2i_PrivateKey"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_D2I_PUBLICKEY, 0), "d2i_PublicKey"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_DO_BUF, 0), "do_buf"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_DO_CREATE, 0), "do_create"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_DO_DUMP, 0), "do_dump"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_DO_TCREATE, 0), "do_tcreate"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2A_ASN1_OBJECT, 0), "i2a_ASN1_OBJECT"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2D_ASN1_BIO_STREAM, 0),
+     "i2d_ASN1_bio_stream"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2D_ASN1_OBJECT, 0), "i2d_ASN1_OBJECT"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2D_DSA_PUBKEY, 0), "i2d_DSA_PUBKEY"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2D_EC_PUBKEY, 0), "i2d_EC_PUBKEY"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2D_PRIVATEKEY, 0), "i2d_PrivateKey"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2D_PUBLICKEY, 0), "i2d_PublicKey"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2D_RSA_PUBKEY, 0), "i2d_RSA_PUBKEY"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_LONG_C2I, 0), "long_c2i"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_NDEF_PREFIX, 0), "ndef_prefix"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_NDEF_SUFFIX, 0), "ndef_suffix"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_OID_MODULE_INIT, 0), "oid_module_init"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_PARSE_TAGGING, 0), "parse_tagging"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_PKCS5_PBE2_SET_IV, 0), "PKCS5_pbe2_set_iv"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_PKCS5_PBE2_SET_SCRYPT, 0),
+     "PKCS5_pbe2_set_scrypt"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_PKCS5_PBE_SET, 0), "PKCS5_pbe_set"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_PKCS5_PBE_SET0_ALGOR, 0),
+     "PKCS5_pbe_set0_algor"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_PKCS5_PBKDF2_SET, 0), "PKCS5_pbkdf2_set"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_PKCS5_SCRYPT_SET, 0), "pkcs5_scrypt_set"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_SMIME_READ_ASN1, 0), "SMIME_read_ASN1"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_SMIME_TEXT, 0), "SMIME_text"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_STABLE_GET, 0), "stable_get"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_STBL_MODULE_INIT, 0), "stbl_module_init"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_UINT32_C2I, 0), "uint32_c2i"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_UINT32_NEW, 0), "uint32_new"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_UINT64_C2I, 0), "uint64_c2i"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_UINT64_NEW, 0), "uint64_new"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_X509_CRL_ADD0_REVOKED, 0),
+     "X509_CRL_add0_revoked"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_X509_INFO_NEW, 0), "X509_INFO_new"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_X509_NAME_ENCODE, 0), "x509_name_encode"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_X509_NAME_EX_D2I, 0), "x509_name_ex_d2i"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_X509_NAME_EX_NEW, 0), "x509_name_ex_new"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_X509_PKEY_NEW, 0), "X509_PKEY_new"},
     {0, NULL}
 };
 
-static ERR_STRING_DATA ASN1_str_reasons[] = {
-    {ERR_REASON(ASN1_R_ADDING_OBJECT), "adding object"},
-    {ERR_REASON(ASN1_R_ASN1_PARSE_ERROR), "asn1 parse error"},
-    {ERR_REASON(ASN1_R_ASN1_SIG_PARSE_ERROR), "asn1 sig parse error"},
-    {ERR_REASON(ASN1_R_AUX_ERROR), "aux error"},
-    {ERR_REASON(ASN1_R_BAD_OBJECT_HEADER), "bad object header"},
-    {ERR_REASON(ASN1_R_BMPSTRING_IS_WRONG_LENGTH),
-     "bmpstring is wrong length"},
-    {ERR_REASON(ASN1_R_BN_LIB), "bn lib"},
-    {ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH), "boolean is wrong length"},
-    {ERR_REASON(ASN1_R_BUFFER_TOO_SMALL), "buffer too small"},
-    {ERR_REASON(ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),
-     "cipher has no object identifier"},
-    {ERR_REASON(ASN1_R_CONTEXT_NOT_INITIALISED), "context not initialised"},
-    {ERR_REASON(ASN1_R_DATA_IS_WRONG), "data is wrong"},
-    {ERR_REASON(ASN1_R_DECODE_ERROR), "decode error"},
-    {ERR_REASON(ASN1_R_DEPTH_EXCEEDED), "depth exceeded"},
-    {ERR_REASON(ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED),
-     "digest and key type not supported"},
-    {ERR_REASON(ASN1_R_ENCODE_ERROR), "encode error"},
-    {ERR_REASON(ASN1_R_ERROR_GETTING_TIME), "error getting time"},
-    {ERR_REASON(ASN1_R_ERROR_LOADING_SECTION), "error loading section"},
-    {ERR_REASON(ASN1_R_ERROR_SETTING_CIPHER_PARAMS),
-     "error setting cipher params"},
-    {ERR_REASON(ASN1_R_EXPECTING_AN_INTEGER), "expecting an integer"},
-    {ERR_REASON(ASN1_R_EXPECTING_AN_OBJECT), "expecting an object"},
-    {ERR_REASON(ASN1_R_EXPLICIT_LENGTH_MISMATCH), "explicit length mismatch"},
-    {ERR_REASON(ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED),
-     "explicit tag not constructed"},
-    {ERR_REASON(ASN1_R_FIELD_MISSING), "field missing"},
-    {ERR_REASON(ASN1_R_FIRST_NUM_TOO_LARGE), "first num too large"},
-    {ERR_REASON(ASN1_R_HEADER_TOO_LONG), "header too long"},
-    {ERR_REASON(ASN1_R_ILLEGAL_BITSTRING_FORMAT), "illegal bitstring format"},
-    {ERR_REASON(ASN1_R_ILLEGAL_BOOLEAN), "illegal boolean"},
-    {ERR_REASON(ASN1_R_ILLEGAL_CHARACTERS), "illegal characters"},
-    {ERR_REASON(ASN1_R_ILLEGAL_FORMAT), "illegal format"},
-    {ERR_REASON(ASN1_R_ILLEGAL_HEX), "illegal hex"},
-    {ERR_REASON(ASN1_R_ILLEGAL_IMPLICIT_TAG), "illegal implicit tag"},
-    {ERR_REASON(ASN1_R_ILLEGAL_INTEGER), "illegal integer"},
-    {ERR_REASON(ASN1_R_ILLEGAL_NEGATIVE_VALUE), "illegal negative value"},
-    {ERR_REASON(ASN1_R_ILLEGAL_NESTED_TAGGING), "illegal nested tagging"},
-    {ERR_REASON(ASN1_R_ILLEGAL_NULL), "illegal null"},
-    {ERR_REASON(ASN1_R_ILLEGAL_NULL_VALUE), "illegal null value"},
-    {ERR_REASON(ASN1_R_ILLEGAL_OBJECT), "illegal object"},
-    {ERR_REASON(ASN1_R_ILLEGAL_OPTIONAL_ANY), "illegal optional any"},
-    {ERR_REASON(ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE),
-     "illegal options on item template"},
-    {ERR_REASON(ASN1_R_ILLEGAL_PADDING), "illegal padding"},
-    {ERR_REASON(ASN1_R_ILLEGAL_TAGGED_ANY), "illegal tagged any"},
-    {ERR_REASON(ASN1_R_ILLEGAL_TIME_VALUE), "illegal time value"},
-    {ERR_REASON(ASN1_R_ILLEGAL_ZERO_CONTENT), "illegal zero content"},
-    {ERR_REASON(ASN1_R_INTEGER_NOT_ASCII_FORMAT), "integer not ascii format"},
-    {ERR_REASON(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG),
-     "integer too large for long"},
-    {ERR_REASON(ASN1_R_INVALID_BIT_STRING_BITS_LEFT),
-     "invalid bit string bits left"},
-    {ERR_REASON(ASN1_R_INVALID_BMPSTRING_LENGTH), "invalid bmpstring length"},
-    {ERR_REASON(ASN1_R_INVALID_DIGIT), "invalid digit"},
-    {ERR_REASON(ASN1_R_INVALID_MIME_TYPE), "invalid mime type"},
-    {ERR_REASON(ASN1_R_INVALID_MODIFIER), "invalid modifier"},
-    {ERR_REASON(ASN1_R_INVALID_NUMBER), "invalid number"},
-    {ERR_REASON(ASN1_R_INVALID_OBJECT_ENCODING), "invalid object encoding"},
-    {ERR_REASON(ASN1_R_INVALID_SCRYPT_PARAMETERS),
-     "invalid scrypt parameters"},
-    {ERR_REASON(ASN1_R_INVALID_SEPARATOR), "invalid separator"},
-    {ERR_REASON(ASN1_R_INVALID_STRING_TABLE_VALUE),
-     "invalid string table value"},
-    {ERR_REASON(ASN1_R_INVALID_UNIVERSALSTRING_LENGTH),
-     "invalid universalstring length"},
-    {ERR_REASON(ASN1_R_INVALID_UTF8STRING), "invalid utf8string"},
-    {ERR_REASON(ASN1_R_INVALID_VALUE), "invalid value"},
-    {ERR_REASON(ASN1_R_LIST_ERROR), "list error"},
-    {ERR_REASON(ASN1_R_MIME_NO_CONTENT_TYPE), "mime no content type"},
-    {ERR_REASON(ASN1_R_MIME_PARSE_ERROR), "mime parse error"},
-    {ERR_REASON(ASN1_R_MIME_SIG_PARSE_ERROR), "mime sig parse error"},
-    {ERR_REASON(ASN1_R_MISSING_EOC), "missing eoc"},
-    {ERR_REASON(ASN1_R_MISSING_SECOND_NUMBER), "missing second number"},
-    {ERR_REASON(ASN1_R_MISSING_VALUE), "missing value"},
-    {ERR_REASON(ASN1_R_MSTRING_NOT_UNIVERSAL), "mstring not universal"},
-    {ERR_REASON(ASN1_R_MSTRING_WRONG_TAG), "mstring wrong tag"},
-    {ERR_REASON(ASN1_R_NESTED_ASN1_STRING), "nested asn1 string"},
-    {ERR_REASON(ASN1_R_NESTED_TOO_DEEP), "nested too deep"},
-    {ERR_REASON(ASN1_R_NON_HEX_CHARACTERS), "non hex characters"},
-    {ERR_REASON(ASN1_R_NOT_ASCII_FORMAT), "not ascii format"},
-    {ERR_REASON(ASN1_R_NOT_ENOUGH_DATA), "not enough data"},
-    {ERR_REASON(ASN1_R_NO_CONTENT_TYPE), "no content type"},
-    {ERR_REASON(ASN1_R_NO_MATCHING_CHOICE_TYPE), "no matching choice type"},
-    {ERR_REASON(ASN1_R_NO_MULTIPART_BODY_FAILURE),
-     "no multipart body failure"},
-    {ERR_REASON(ASN1_R_NO_MULTIPART_BOUNDARY), "no multipart boundary"},
-    {ERR_REASON(ASN1_R_NO_SIG_CONTENT_TYPE), "no sig content type"},
-    {ERR_REASON(ASN1_R_NULL_IS_WRONG_LENGTH), "null is wrong length"},
-    {ERR_REASON(ASN1_R_OBJECT_NOT_ASCII_FORMAT), "object not ascii format"},
-    {ERR_REASON(ASN1_R_ODD_NUMBER_OF_CHARS), "odd number of chars"},
-    {ERR_REASON(ASN1_R_SECOND_NUMBER_TOO_LARGE), "second number too large"},
-    {ERR_REASON(ASN1_R_SEQUENCE_LENGTH_MISMATCH), "sequence length mismatch"},
-    {ERR_REASON(ASN1_R_SEQUENCE_NOT_CONSTRUCTED), "sequence not constructed"},
-    {ERR_REASON(ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG),
-     "sequence or set needs config"},
-    {ERR_REASON(ASN1_R_SHORT_LINE), "short line"},
-    {ERR_REASON(ASN1_R_SIG_INVALID_MIME_TYPE), "sig invalid mime type"},
-    {ERR_REASON(ASN1_R_STREAMING_NOT_SUPPORTED), "streaming not supported"},
-    {ERR_REASON(ASN1_R_STRING_TOO_LONG), "string too long"},
-    {ERR_REASON(ASN1_R_STRING_TOO_SHORT), "string too short"},
-    {ERR_REASON(ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),
-     "the asn1 object identifier is not known for this md"},
-    {ERR_REASON(ASN1_R_TIME_NOT_ASCII_FORMAT), "time not ascii format"},
-    {ERR_REASON(ASN1_R_TOO_LARGE), "too large"},
-    {ERR_REASON(ASN1_R_TOO_LONG), "too long"},
-    {ERR_REASON(ASN1_R_TOO_SMALL), "too small"},
-    {ERR_REASON(ASN1_R_TYPE_NOT_CONSTRUCTED), "type not constructed"},
-    {ERR_REASON(ASN1_R_TYPE_NOT_PRIMITIVE), "type not primitive"},
-    {ERR_REASON(ASN1_R_UNEXPECTED_EOC), "unexpected eoc"},
-    {ERR_REASON(ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH),
-     "universalstring is wrong length"},
-    {ERR_REASON(ASN1_R_UNKNOWN_FORMAT), "unknown format"},
-    {ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),
-     "unknown message digest algorithm"},
-    {ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE), "unknown object type"},
-    {ERR_REASON(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE), "unknown public key type"},
-    {ERR_REASON(ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM),
-     "unknown signature algorithm"},
-    {ERR_REASON(ASN1_R_UNKNOWN_TAG), "unknown tag"},
-    {ERR_REASON(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE),
-     "unsupported any defined by type"},
-    {ERR_REASON(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE),
-     "unsupported public key type"},
-    {ERR_REASON(ASN1_R_UNSUPPORTED_TYPE), "unsupported type"},
-    {ERR_REASON(ASN1_R_WRONG_INTEGER_TYPE), "wrong integer type"},
-    {ERR_REASON(ASN1_R_WRONG_PUBLIC_KEY_TYPE), "wrong public key type"},
-    {ERR_REASON(ASN1_R_WRONG_TAG), "wrong tag"},
+static const ERR_STRING_DATA ASN1_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ADDING_OBJECT), "adding object"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ASN1_PARSE_ERROR), "asn1 parse error"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ASN1_SIG_PARSE_ERROR),
+    "asn1 sig parse error"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_AUX_ERROR), "aux error"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BAD_OBJECT_HEADER), "bad object header"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BMPSTRING_IS_WRONG_LENGTH),
+    "bmpstring is wrong length"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BN_LIB), "bn lib"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BOOLEAN_IS_WRONG_LENGTH),
+    "boolean is wrong length"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BUFFER_TOO_SMALL), "buffer too small"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),
+    "cipher has no object identifier"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_CONTEXT_NOT_INITIALISED),
+    "context not initialised"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_DATA_IS_WRONG), "data is wrong"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_DECODE_ERROR), "decode error"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_DEPTH_EXCEEDED), "depth exceeded"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED),
+    "digest and key type not supported"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ENCODE_ERROR), "encode error"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ERROR_GETTING_TIME),
+    "error getting time"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ERROR_LOADING_SECTION),
+    "error loading section"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ERROR_SETTING_CIPHER_PARAMS),
+    "error setting cipher params"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_EXPECTING_AN_INTEGER),
+    "expecting an integer"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_EXPECTING_AN_OBJECT),
+    "expecting an object"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_EXPLICIT_LENGTH_MISMATCH),
+    "explicit length mismatch"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED),
+    "explicit tag not constructed"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_FIELD_MISSING), "field missing"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_FIRST_NUM_TOO_LARGE),
+    "first num too large"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_HEADER_TOO_LONG), "header too long"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_BITSTRING_FORMAT),
+    "illegal bitstring format"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_BOOLEAN), "illegal boolean"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_CHARACTERS),
+    "illegal characters"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_FORMAT), "illegal format"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_HEX), "illegal hex"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_IMPLICIT_TAG),
+    "illegal implicit tag"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_INTEGER), "illegal integer"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_NEGATIVE_VALUE),
+    "illegal negative value"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_NESTED_TAGGING),
+    "illegal nested tagging"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_NULL), "illegal null"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_NULL_VALUE),
+    "illegal null value"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_OBJECT), "illegal object"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_OPTIONAL_ANY),
+    "illegal optional any"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE),
+    "illegal options on item template"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_PADDING), "illegal padding"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_TAGGED_ANY),
+    "illegal tagged any"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_TIME_VALUE),
+    "illegal time value"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_ZERO_CONTENT),
+    "illegal zero content"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INTEGER_NOT_ASCII_FORMAT),
+    "integer not ascii format"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG),
+    "integer too large for long"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_BIT_STRING_BITS_LEFT),
+    "invalid bit string bits left"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_BMPSTRING_LENGTH),
+    "invalid bmpstring length"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_DIGIT), "invalid digit"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_MIME_TYPE), "invalid mime type"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_MODIFIER), "invalid modifier"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_NUMBER), "invalid number"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_OBJECT_ENCODING),
+    "invalid object encoding"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_SCRYPT_PARAMETERS),
+    "invalid scrypt parameters"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_SEPARATOR), "invalid separator"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_STRING_TABLE_VALUE),
+    "invalid string table value"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_UNIVERSALSTRING_LENGTH),
+    "invalid universalstring length"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_UTF8STRING),
+    "invalid utf8string"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_VALUE), "invalid value"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_LIST_ERROR), "list error"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MIME_NO_CONTENT_TYPE),
+    "mime no content type"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MIME_PARSE_ERROR), "mime parse error"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MIME_SIG_PARSE_ERROR),
+    "mime sig parse error"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MISSING_EOC), "missing eoc"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MISSING_SECOND_NUMBER),
+    "missing second number"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MISSING_VALUE), "missing value"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MSTRING_NOT_UNIVERSAL),
+    "mstring not universal"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MSTRING_WRONG_TAG), "mstring wrong tag"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NESTED_ASN1_STRING),
+    "nested asn1 string"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NESTED_TOO_DEEP), "nested too deep"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NON_HEX_CHARACTERS),
+    "non hex characters"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NOT_ASCII_FORMAT), "not ascii format"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NOT_ENOUGH_DATA), "not enough data"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NO_CONTENT_TYPE), "no content type"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NO_MATCHING_CHOICE_TYPE),
+    "no matching choice type"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NO_MULTIPART_BODY_FAILURE),
+    "no multipart body failure"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NO_MULTIPART_BOUNDARY),
+    "no multipart boundary"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NO_SIG_CONTENT_TYPE),
+    "no sig content type"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NULL_IS_WRONG_LENGTH),
+    "null is wrong length"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_OBJECT_NOT_ASCII_FORMAT),
+    "object not ascii format"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ODD_NUMBER_OF_CHARS),
+    "odd number of chars"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_SECOND_NUMBER_TOO_LARGE),
+    "second number too large"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_SEQUENCE_LENGTH_MISMATCH),
+    "sequence length mismatch"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_SEQUENCE_NOT_CONSTRUCTED),
+    "sequence not constructed"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG),
+    "sequence or set needs config"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_SHORT_LINE), "short line"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_SIG_INVALID_MIME_TYPE),
+    "sig invalid mime type"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_STREAMING_NOT_SUPPORTED),
+    "streaming not supported"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_STRING_TOO_LONG), "string too long"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_STRING_TOO_SHORT), "string too short"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),
+    "the asn1 object identifier is not known for this md"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_TIME_NOT_ASCII_FORMAT),
+    "time not ascii format"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_TOO_LARGE), "too large"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_TOO_LONG), "too long"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_TOO_SMALL), "too small"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_TYPE_NOT_CONSTRUCTED),
+    "type not constructed"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_TYPE_NOT_PRIMITIVE),
+    "type not primitive"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNEXPECTED_EOC), "unexpected eoc"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH),
+    "universalstring is wrong length"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_FORMAT), "unknown format"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),
+    "unknown message digest algorithm"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_OBJECT_TYPE),
+    "unknown object type"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE),
+    "unknown public key type"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM),
+    "unknown signature algorithm"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_TAG), "unknown tag"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE),
+    "unsupported any defined by type"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNSUPPORTED_CIPHER),
+    "unsupported cipher"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE),
+    "unsupported public key type"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNSUPPORTED_TYPE), "unsupported type"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_WRONG_INTEGER_TYPE),
+    "wrong integer type"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_WRONG_PUBLIC_KEY_TYPE),
+    "wrong public key type"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_WRONG_TAG), "wrong tag"},
     {0, NULL}
 };
 
@@ -263,10 +341,9 @@ static ERR_STRING_DATA ASN1_str_reasons[] = {
 int ERR_load_ASN1_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
-
     if (ERR_func_error_string(ASN1_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, ASN1_str_functs);
-        ERR_load_strings(0, ASN1_str_reasons);
+        ERR_load_strings_const(ASN1_str_functs);
+        ERR_load_strings_const(ASN1_str_reasons);
     }
 #endif
     return 1;
diff --git a/deps/openssl/openssl/crypto/asn1/asn1_item_list.c b/deps/openssl/openssl/crypto/asn1/asn1_item_list.c
new file mode 100644
index 0000000000..9798192f4b
--- /dev/null
+++ b/deps/openssl/openssl/crypto/asn1/asn1_item_list.c
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/cms.h>
+#include <openssl/dh.h>
+#include <openssl/ocsp.h>
+#include <openssl/pkcs7.h>
+#include <openssl/pkcs12.h>
+#include <openssl/rsa.h>
+#include <openssl/x509v3.h>
+
+#include "asn1_item_list.h"
+
+const ASN1_ITEM *ASN1_ITEM_lookup(const char *name)
+{
+    size_t i;
+
+    for (i = 0; i < OSSL_NELEM(asn1_item_list); i++) {
+        const ASN1_ITEM *it = ASN1_ITEM_ptr(asn1_item_list[i]);
+
+        if (strcmp(it->sname, name) == 0)
+            return it;
+    }
+    return NULL;
+}
+
+const ASN1_ITEM *ASN1_ITEM_get(size_t i)
+{
+    if (i >= OSSL_NELEM(asn1_item_list))
+        return NULL;
+    return ASN1_ITEM_ptr(asn1_item_list[i]);
+}
diff --git a/deps/openssl/openssl/crypto/asn1/asn1_item_list.h b/deps/openssl/openssl/crypto/asn1/asn1_item_list.h
new file mode 100644
index 0000000000..db8107ed1b
--- /dev/null
+++ b/deps/openssl/openssl/crypto/asn1/asn1_item_list.h
@@ -0,0 +1,178 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+static ASN1_ITEM_EXP *asn1_item_list[] = {
+
+    ASN1_ITEM_ref(ACCESS_DESCRIPTION),
+#ifndef OPENSSL_NO_RFC3779
+    ASN1_ITEM_ref(ASIdOrRange),
+    ASN1_ITEM_ref(ASIdentifierChoice),
+    ASN1_ITEM_ref(ASIdentifiers),
+#endif
+    ASN1_ITEM_ref(ASN1_ANY),
+    ASN1_ITEM_ref(ASN1_BIT_STRING),
+    ASN1_ITEM_ref(ASN1_BMPSTRING),
+    ASN1_ITEM_ref(ASN1_BOOLEAN),
+    ASN1_ITEM_ref(ASN1_ENUMERATED),
+    ASN1_ITEM_ref(ASN1_FBOOLEAN),
+    ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
+    ASN1_ITEM_ref(ASN1_GENERALSTRING),
+    ASN1_ITEM_ref(ASN1_IA5STRING),
+    ASN1_ITEM_ref(ASN1_INTEGER),
+    ASN1_ITEM_ref(ASN1_NULL),
+    ASN1_ITEM_ref(ASN1_OBJECT),
+    ASN1_ITEM_ref(ASN1_OCTET_STRING_NDEF),
+    ASN1_ITEM_ref(ASN1_OCTET_STRING),
+    ASN1_ITEM_ref(ASN1_PRINTABLESTRING),
+    ASN1_ITEM_ref(ASN1_PRINTABLE),
+    ASN1_ITEM_ref(ASN1_SEQUENCE_ANY),
+    ASN1_ITEM_ref(ASN1_SEQUENCE),
+    ASN1_ITEM_ref(ASN1_SET_ANY),
+    ASN1_ITEM_ref(ASN1_T61STRING),
+    ASN1_ITEM_ref(ASN1_TBOOLEAN),
+    ASN1_ITEM_ref(ASN1_TIME),
+    ASN1_ITEM_ref(ASN1_UNIVERSALSTRING),
+    ASN1_ITEM_ref(ASN1_UTCTIME),
+    ASN1_ITEM_ref(ASN1_UTF8STRING),
+    ASN1_ITEM_ref(ASN1_VISIBLESTRING),
+#ifndef OPENSSL_NO_RFC3779
+    ASN1_ITEM_ref(ASRange),
+#endif
+    ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
+    ASN1_ITEM_ref(AUTHORITY_KEYID),
+    ASN1_ITEM_ref(BASIC_CONSTRAINTS),
+    ASN1_ITEM_ref(BIGNUM),
+    ASN1_ITEM_ref(CBIGNUM),
+    ASN1_ITEM_ref(CERTIFICATEPOLICIES),
+#ifndef OPENSSL_NO_CMS
+    ASN1_ITEM_ref(CMS_ContentInfo),
+    ASN1_ITEM_ref(CMS_ReceiptRequest),
+#endif
+    ASN1_ITEM_ref(CRL_DIST_POINTS),
+#ifndef OPENSSL_NO_DH
+    ASN1_ITEM_ref(DHparams),
+#endif
+    ASN1_ITEM_ref(DIRECTORYSTRING),
+    ASN1_ITEM_ref(DISPLAYTEXT),
+    ASN1_ITEM_ref(DIST_POINT_NAME),
+    ASN1_ITEM_ref(DIST_POINT),
+#ifndef OPENSSL_NO_EC
+    ASN1_ITEM_ref(ECPARAMETERS),
+    ASN1_ITEM_ref(ECPKPARAMETERS),
+#endif
+    ASN1_ITEM_ref(EDIPARTYNAME),
+    ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
+    ASN1_ITEM_ref(GENERAL_NAMES),
+    ASN1_ITEM_ref(GENERAL_NAME),
+    ASN1_ITEM_ref(GENERAL_SUBTREE),
+#ifndef OPENSSL_NO_RFC3779
+    ASN1_ITEM_ref(IPAddressChoice),
+    ASN1_ITEM_ref(IPAddressFamily),
+    ASN1_ITEM_ref(IPAddressOrRange),
+    ASN1_ITEM_ref(IPAddressRange),
+#endif
+    ASN1_ITEM_ref(ISSUING_DIST_POINT),
+#if OPENSSL_API_COMPAT < 0x10200000L
+    ASN1_ITEM_ref(LONG),
+#endif
+    ASN1_ITEM_ref(NAME_CONSTRAINTS),
+    ASN1_ITEM_ref(NETSCAPE_CERT_SEQUENCE),
+    ASN1_ITEM_ref(NETSCAPE_SPKAC),
+    ASN1_ITEM_ref(NETSCAPE_SPKI),
+    ASN1_ITEM_ref(NOTICEREF),
+#ifndef OPENSSL_NO_OCSP
+    ASN1_ITEM_ref(OCSP_BASICRESP),
+    ASN1_ITEM_ref(OCSP_CERTID),
+    ASN1_ITEM_ref(OCSP_CERTSTATUS),
+    ASN1_ITEM_ref(OCSP_CRLID),
+    ASN1_ITEM_ref(OCSP_ONEREQ),
+    ASN1_ITEM_ref(OCSP_REQINFO),
+    ASN1_ITEM_ref(OCSP_REQUEST),
+    ASN1_ITEM_ref(OCSP_RESPBYTES),
+    ASN1_ITEM_ref(OCSP_RESPDATA),
+    ASN1_ITEM_ref(OCSP_RESPID),
+    ASN1_ITEM_ref(OCSP_RESPONSE),
+    ASN1_ITEM_ref(OCSP_REVOKEDINFO),
+    ASN1_ITEM_ref(OCSP_SERVICELOC),
+    ASN1_ITEM_ref(OCSP_SIGNATURE),
+    ASN1_ITEM_ref(OCSP_SINGLERESP),
+#endif
+    ASN1_ITEM_ref(OTHERNAME),
+    ASN1_ITEM_ref(PBE2PARAM),
+    ASN1_ITEM_ref(PBEPARAM),
+    ASN1_ITEM_ref(PBKDF2PARAM),
+    ASN1_ITEM_ref(PKCS12_AUTHSAFES),
+    ASN1_ITEM_ref(PKCS12_BAGS),
+    ASN1_ITEM_ref(PKCS12_MAC_DATA),
+    ASN1_ITEM_ref(PKCS12_SAFEBAGS),
+    ASN1_ITEM_ref(PKCS12_SAFEBAG),
+    ASN1_ITEM_ref(PKCS12),
+    ASN1_ITEM_ref(PKCS7_ATTR_SIGN),
+    ASN1_ITEM_ref(PKCS7_ATTR_VERIFY),
+    ASN1_ITEM_ref(PKCS7_DIGEST),
+    ASN1_ITEM_ref(PKCS7_ENCRYPT),
+    ASN1_ITEM_ref(PKCS7_ENC_CONTENT),
+    ASN1_ITEM_ref(PKCS7_ENVELOPE),
+    ASN1_ITEM_ref(PKCS7_ISSUER_AND_SERIAL),
+    ASN1_ITEM_ref(PKCS7_RECIP_INFO),
+    ASN1_ITEM_ref(PKCS7_SIGNED),
+    ASN1_ITEM_ref(PKCS7_SIGNER_INFO),
+    ASN1_ITEM_ref(PKCS7_SIGN_ENVELOPE),
+    ASN1_ITEM_ref(PKCS7),
+    ASN1_ITEM_ref(PKCS8_PRIV_KEY_INFO),
+    ASN1_ITEM_ref(PKEY_USAGE_PERIOD),
+    ASN1_ITEM_ref(POLICYINFO),
+    ASN1_ITEM_ref(POLICYQUALINFO),
+    ASN1_ITEM_ref(POLICY_CONSTRAINTS),
+    ASN1_ITEM_ref(POLICY_MAPPINGS),
+    ASN1_ITEM_ref(POLICY_MAPPING),
+    ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION),
+    ASN1_ITEM_ref(PROXY_POLICY),
+#ifndef OPENSSL_NO_RSA
+    ASN1_ITEM_ref(RSAPrivateKey),
+    ASN1_ITEM_ref(RSAPublicKey),
+    ASN1_ITEM_ref(RSA_OAEP_PARAMS),
+    ASN1_ITEM_ref(RSA_PSS_PARAMS),
+#endif
+#ifndef OPENSSL_NO_SCRYPT
+    ASN1_ITEM_ref(SCRYPT_PARAMS),
+#endif
+    ASN1_ITEM_ref(SXNETID),
+    ASN1_ITEM_ref(SXNET),
+    ASN1_ITEM_ref(USERNOTICE),
+    ASN1_ITEM_ref(X509_ALGORS),
+    ASN1_ITEM_ref(X509_ALGOR),
+    ASN1_ITEM_ref(X509_ATTRIBUTE),
+    ASN1_ITEM_ref(X509_CERT_AUX),
+    ASN1_ITEM_ref(X509_CINF),
+    ASN1_ITEM_ref(X509_CRL_INFO),
+    ASN1_ITEM_ref(X509_CRL),
+    ASN1_ITEM_ref(X509_EXTENSIONS),
+    ASN1_ITEM_ref(X509_EXTENSION),
+    ASN1_ITEM_ref(X509_NAME_ENTRY),
+    ASN1_ITEM_ref(X509_NAME),
+    ASN1_ITEM_ref(X509_PUBKEY),
+    ASN1_ITEM_ref(X509_REQ_INFO),
+    ASN1_ITEM_ref(X509_REQ),
+    ASN1_ITEM_ref(X509_REVOKED),
+    ASN1_ITEM_ref(X509_SIG),
+    ASN1_ITEM_ref(X509_VAL),
+    ASN1_ITEM_ref(X509),
+#if OPENSSL_API_COMPAT < 0x10200000L
+    ASN1_ITEM_ref(ZLONG),
+#endif
+    ASN1_ITEM_ref(INT32),
+    ASN1_ITEM_ref(UINT32),
+    ASN1_ITEM_ref(ZINT32),
+    ASN1_ITEM_ref(ZUINT32),
+    ASN1_ITEM_ref(INT64),
+    ASN1_ITEM_ref(UINT64),
+    ASN1_ITEM_ref(ZINT64),
+    ASN1_ITEM_ref(ZUINT64),
+};
diff --git a/deps/openssl/openssl/crypto/asn1/asn1_lib.c b/deps/openssl/openssl/crypto/asn1/asn1_lib.c
index 8ca53b4ce4..88c4b53918 100644
--- a/deps/openssl/openssl/crypto/asn1/asn1_lib.c
+++ b/deps/openssl/openssl/crypto/asn1/asn1_lib.c
@@ -23,12 +23,12 @@ static int _asn1_check_infinite_end(const unsigned char **p, long len)
      * If there is 0 or 1 byte left, the length check should pick things up
      */
     if (len <= 0)
-        return (1);
+        return 1;
     else if ((len >= 2) && ((*p)[0] == 0) && ((*p)[1] == 0)) {
         (*p) += 2;
-        return (1);
+        return 1;
     }
-    return (0);
+    return 0;
 }
 
 int ASN1_check_infinite_end(unsigned char **p, long len)
@@ -96,47 +96,54 @@ int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
         ret |= 0x80;
     }
     *pp = p;
-    return (ret | inf);
+    return ret | inf;
  err:
     ASN1err(ASN1_F_ASN1_GET_OBJECT, ASN1_R_HEADER_TOO_LONG);
-    return (0x80);
+    return 0x80;
 }
 
+/*
+ * Decode a length field.
+ * The short form is a single byte defining a length 0 - 127.
+ * The long form is a byte 0 - 127 with the top bit set and this indicates
+ * the number of following octets that contain the length.  These octets
+ * are stored most significant digit first.
+ */
 static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
                            long max)
 {
     const unsigned char *p = *pp;
     unsigned long ret = 0;
-    unsigned long i;
+    int i;
 
     if (max-- < 1)
         return 0;
     if (*p == 0x80) {
         *inf = 1;
-        ret = 0;
         p++;
     } else {
         *inf = 0;
         i = *p & 0x7f;
-        if (*(p++) & 0x80) {
-            if (max < (long)i + 1)
+        if (*p++ & 0x80) {
+            if (max < i + 1)
                 return 0;
             /* Skip leading zeroes */
-            while (i && *p == 0) {
+            while (i > 0 && *p == 0) {
                 p++;
                 i--;
             }
-            if (i > sizeof(long))
+            if (i > (int)sizeof(long))
                 return 0;
-            while (i-- > 0) {
-                ret <<= 8L;
-                ret |= *(p++);
+            while (i > 0) {
+                ret <<= 8;
+                ret |= *p++;
+                i--;
             }
+            if (ret > LONG_MAX)
+                return 0;
         } else
             ret = i;
     }
-    if (ret > LONG_MAX)
-        return 0;
     *pp = p;
     *rl = (long)ret;
     return 1;
@@ -268,7 +275,7 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len)
 
     if (len < 0) {
         if (data == NULL)
-            return (0);
+            return 0;
         else
             len = strlen(data);
     }
@@ -278,7 +285,7 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len)
         if (str->data == NULL) {
             ASN1err(ASN1_F_ASN1_STRING_SET, ERR_R_MALLOC_FAILURE);
             str->data = c;
-            return (0);
+            return 0;
         }
     }
     str->length = len;
@@ -287,7 +294,7 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len)
         /* an allowance for strings :-) */
         str->data[len] = '\0';
     }
-    return (1);
+    return 1;
 }
 
 void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len)
@@ -299,7 +306,7 @@ void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len)
 
 ASN1_STRING *ASN1_STRING_new(void)
 {
-    return (ASN1_STRING_type_new(V_ASN1_OCTET_STRING));
+    return ASN1_STRING_type_new(V_ASN1_OCTET_STRING);
 }
 
 ASN1_STRING *ASN1_STRING_type_new(int type)
@@ -309,10 +316,10 @@ ASN1_STRING *ASN1_STRING_type_new(int type)
     ret = OPENSSL_zalloc(sizeof(*ret));
     if (ret == NULL) {
         ASN1err(ASN1_F_ASN1_STRING_TYPE_NEW, ERR_R_MALLOC_FAILURE);
-        return (NULL);
+        return NULL;
     }
     ret->type = type;
-    return (ret);
+    return ret;
 }
 
 void asn1_string_embed_free(ASN1_STRING *a, int embed)
@@ -349,11 +356,11 @@ int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
     if (i == 0) {
         i = memcmp(a->data, b->data, a->length);
         if (i == 0)
-            return (a->type - b->type);
+            return a->type - b->type;
         else
-            return (i);
+            return i;
     } else
-        return (i);
+        return i;
 }
 
 int ASN1_STRING_length(const ASN1_STRING *x)
diff --git a/deps/openssl/openssl/crypto/asn1/asn1_locl.h b/deps/openssl/openssl/crypto/asn1/asn1_locl.h
index 9a47b1ef36..cec141721b 100644
--- a/deps/openssl/openssl/crypto/asn1/asn1_locl.h
+++ b/deps/openssl/openssl/crypto/asn1/asn1_locl.h
@@ -9,6 +9,7 @@
 
 /* Internal ASN1 structures and functions: not for application use */
 
+int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d);
 int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d);
 int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d);
 
@@ -42,9 +43,6 @@ DEFINE_STACK_OF(MIME_PARAM)
 typedef struct mime_header_st MIME_HEADER;
 DEFINE_STACK_OF(MIME_HEADER)
 
-/* Month values for printing out times */
-extern const char *_asn1_mon[12];
-
 void asn1_string_embed_free(ASN1_STRING *a, int embed);
 
 int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it);
@@ -81,3 +79,5 @@ ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
 /* Internal functions used by x_int64.c */
 int c2i_uint64_int(uint64_t *ret, int *neg, const unsigned char **pp, long len);
 int i2c_uint64_int(unsigned char *p, uint64_t r, int neg);
+
+ASN1_TIME *asn1_time_from_tm(ASN1_TIME *s, struct tm *ts, int type);
diff --git a/deps/openssl/openssl/crypto/asn1/asn1_par.c b/deps/openssl/openssl/crypto/asn1/asn1_par.c
index fabc8d6fef..4b60c615de 100644
--- a/deps/openssl/openssl/crypto/asn1/asn1_par.c
+++ b/deps/openssl/openssl/crypto/asn1/asn1_par.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -50,20 +50,20 @@ static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
 
     if (BIO_printf(bp, fmt, p) <= 0)
         goto err;
-    return (1);
+    return 1;
  err:
-    return (0);
+    return 0;
 }
 
 int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent)
 {
-    return (asn1_parse2(bp, &pp, len, 0, 0, indent, 0));
+    return asn1_parse2(bp, &pp, len, 0, 0, indent, 0);
 }
 
 int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent,
                     int dump)
 {
-    return (asn1_parse2(bp, &pp, len, 0, 0, indent, dump));
+    return asn1_parse2(bp, &pp, len, 0, 0, indent, dump);
 }
 
 static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
@@ -342,7 +342,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
     ASN1_OBJECT_free(o);
     ASN1_OCTET_STRING_free(os);
     *pp = p;
-    return (ret);
+    return ret;
 }
 
 const char *ASN1_tag2str(int tag)
diff --git a/deps/openssl/openssl/crypto/asn1/asn_mime.c b/deps/openssl/openssl/crypto/asn1/asn_mime.c
index da0085f680..dfd5be6347 100644
--- a/deps/openssl/openssl/crypto/asn1/asn_mime.c
+++ b/deps/openssl/openssl/crypto/asn1/asn_mime.c
@@ -8,7 +8,7 @@
  */
 
 #include <stdio.h>
-#include <ctype.h>
+#include "internal/ctype.h"
 #include "internal/cryptlib.h"
 #include <openssl/rand.h>
 #include <openssl/x509.h>
@@ -635,7 +635,7 @@ static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio)
         return NULL;
     while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
         /* If whitespace at line start then continuation line */
-        if (mhdr && isspace((unsigned char)linebuf[0]))
+        if (mhdr && ossl_isspace(linebuf[0]))
             state = MIME_NAME;
         else
             state = MIME_START;
@@ -759,7 +759,7 @@ static char *strip_start(char *name)
             /* Else null string */
             return NULL;
         }
-        if (!isspace((unsigned char)c))
+        if (!ossl_isspace(c))
             return p;
     }
     return NULL;
@@ -780,7 +780,7 @@ static char *strip_end(char *name)
             *p = 0;
             return name;
         }
-        if (isspace((unsigned char)c))
+        if (ossl_isspace(c))
             *p = 0;
         else
             return name;
@@ -792,29 +792,18 @@ static MIME_HEADER *mime_hdr_new(const char *name, const char *value)
 {
     MIME_HEADER *mhdr = NULL;
     char *tmpname = NULL, *tmpval = NULL, *p;
-    int c;
 
     if (name) {
         if ((tmpname = OPENSSL_strdup(name)) == NULL)
             return NULL;
-        for (p = tmpname; *p; p++) {
-            c = (unsigned char)*p;
-            if (isupper(c)) {
-                c = tolower(c);
-                *p = c;
-            }
-        }
+        for (p = tmpname; *p; p++)
+            *p = ossl_tolower(*p);
     }
     if (value) {
         if ((tmpval = OPENSSL_strdup(value)) == NULL)
             goto err;
-        for (p = tmpval; *p; p++) {
-            c = (unsigned char)*p;
-            if (isupper(c)) {
-                c = tolower(c);
-                *p = c;
-            }
-        }
+        for (p = tmpval; *p; p++)
+            *p = ossl_tolower(*p);
     }
     mhdr = OPENSSL_malloc(sizeof(*mhdr));
     if (mhdr == NULL)
@@ -835,19 +824,14 @@ static MIME_HEADER *mime_hdr_new(const char *name, const char *value)
 static int mime_hdr_addparam(MIME_HEADER *mhdr, const char *name, const char *value)
 {
     char *tmpname = NULL, *tmpval = NULL, *p;
-    int c;
     MIME_PARAM *mparam = NULL;
+
     if (name) {
         tmpname = OPENSSL_strdup(name);
         if (!tmpname)
             goto err;
-        for (p = tmpname; *p; p++) {
-            c = (unsigned char)*p;
-            if (isupper(c)) {
-                c = tolower(c);
-                *p = c;
-            }
-        }
+        for (p = tmpname; *p; p++)
+            *p = ossl_tolower(*p);
     }
     if (value) {
         tmpval = OPENSSL_strdup(value);
@@ -876,7 +860,7 @@ static int mime_hdr_cmp(const MIME_HEADER *const *a,
     if (!(*a)->name || !(*b)->name)
         return ! !(*a)->name - ! !(*b)->name;
 
-    return (strcmp((*a)->name, (*b)->name));
+    return strcmp((*a)->name, (*b)->name);
 }
 
 static int mime_param_cmp(const MIME_PARAM *const *a,
@@ -884,7 +868,7 @@ static int mime_param_cmp(const MIME_PARAM *const *a,
 {
     if (!(*a)->param_name || !(*b)->param_name)
         return ! !(*a)->param_name - ! !(*b)->param_name;
-    return (strcmp((*a)->param_name, (*b)->param_name));
+    return strcmp((*a)->param_name, (*b)->param_name);
 }
 
 /* Find a header with a given name (if possible) */
@@ -899,8 +883,6 @@ static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, const char *name)
     htmp.params = NULL;
 
     idx = sk_MIME_HEADER_find(hdrs, &htmp);
-    if (idx < 0)
-        return NULL;
     return sk_MIME_HEADER_value(hdrs, idx);
 }
 
@@ -912,8 +894,6 @@ static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, const char *name)
     param.param_name = (char *)name;
     param.param_value = NULL;
     idx = sk_MIME_PARAM_find(hdr->params, &param);
-    if (idx < 0)
-        return NULL;
     return sk_MIME_PARAM_value(hdr->params, idx);
 }
 
@@ -966,7 +946,7 @@ static int strip_eol(char *linebuf, int *plen, int flags)
     int len = *plen;
     char *p, c;
     int is_eol = 0;
-    p = linebuf + len - 1;
+
     for (p = linebuf + len - 1; len > 0; len--, p--) {
         c = *p;
         if (c == '\n') {
diff --git a/deps/openssl/openssl/crypto/asn1/asn_moid.c b/deps/openssl/openssl/crypto/asn1/asn_moid.c
index 8176b76008..68a01f3117 100644
--- a/deps/openssl/openssl/crypto/asn1/asn_moid.c
+++ b/deps/openssl/openssl/crypto/asn1/asn_moid.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -8,7 +8,7 @@
  */
 
 #include <stdio.h>
-#include <ctype.h>
+#include "internal/ctype.h"
 #include <openssl/crypto.h>
 #include "internal/cryptlib.h"
 #include <openssl/conf.h>
@@ -60,46 +60,41 @@ void ASN1_add_oid_module(void)
 static int do_create(const char *value, const char *name)
 {
     int nid;
-    ASN1_OBJECT *oid;
     const char *ln, *ostr, *p;
-    char *lntmp;
+    char *lntmp = NULL;
+
     p = strrchr(value, ',');
-    if (!p) {
+    if (p == NULL) {
         ln = name;
         ostr = value;
     } else {
-        ln = NULL;
+        ln = value;
         ostr = p + 1;
-        if (!*ostr)
+        if (*ostr == '\0')
             return 0;
-        while (isspace((unsigned char)*ostr))
+        while (ossl_isspace(*ostr))
             ostr++;
-    }
-
-    nid = OBJ_create(ostr, name, ln);
-
-    if (nid == NID_undef)
-        return 0;
-
-    if (p) {
-        ln = value;
-        while (isspace((unsigned char)*ln))
+        while (ossl_isspace(*ln))
             ln++;
         p--;
-        while (isspace((unsigned char)*p)) {
+        while (ossl_isspace(*p)) {
             if (p == ln)
                 return 0;
             p--;
         }
         p++;
-        lntmp = OPENSSL_malloc((p - ln) + 1);
-        if (lntmp == NULL)
+        if ((lntmp = OPENSSL_malloc((p - ln) + 1)) == NULL) {
+            ASN1err(ASN1_F_DO_CREATE, ERR_R_MALLOC_FAILURE);
             return 0;
+        }
         memcpy(lntmp, ln, p - ln);
-        lntmp[p - ln] = 0;
-        oid = OBJ_nid2obj(nid);
-        oid->ln = lntmp;
+        lntmp[p - ln] = '\0';
+        ln = lntmp;
     }
 
-    return 1;
+    nid = OBJ_create(ostr, name, ln);
+
+    OPENSSL_free(lntmp);
+
+    return nid != NID_undef;
 }
diff --git a/deps/openssl/openssl/crypto/asn1/asn_mstbl.c b/deps/openssl/openssl/crypto/asn1/asn_mstbl.c
index 8260939002..ddcbcd07fe 100644
--- a/deps/openssl/openssl/crypto/asn1/asn_mstbl.c
+++ b/deps/openssl/openssl/crypto/asn1/asn_mstbl.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2012-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -8,7 +8,6 @@
  */
 
 #include <stdio.h>
-#include <ctype.h>
 #include <openssl/crypto.h>
 #include "internal/cryptlib.h"
 #include <openssl/conf.h>
diff --git a/deps/openssl/openssl/crypto/asn1/bio_asn1.c b/deps/openssl/openssl/crypto/asn1/bio_asn1.c
index 2a8a41f50a..86ee566323 100644
--- a/deps/openssl/openssl/crypto/asn1/bio_asn1.c
+++ b/deps/openssl/openssl/crypto/asn1/bio_asn1.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -14,8 +14,9 @@
  */
 
 #include <string.h>
-#include <internal/bio.h>
+#include "internal/bio.h"
 #include <openssl/asn1.h>
+#include "internal/cryptlib.h"
 
 /* Must be large enough for biggest tag+length */
 #define DEFAULT_ASN1_BUF_SIZE 20
@@ -78,7 +79,11 @@ static int asn1_bio_setup_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx,
 static const BIO_METHOD methods_asn1 = {
     BIO_TYPE_ASN1,
     "asn1",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
     asn1_bio_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
     asn1_bio_read,
     asn1_bio_puts,
     asn1_bio_gets,
@@ -90,7 +95,7 @@ static const BIO_METHOD methods_asn1 = {
 
 const BIO_METHOD *BIO_f_asn1(void)
 {
-    return (&methods_asn1);
+    return &methods_asn1;
 }
 
 static int asn1_bio_new(BIO *b)
@@ -111,9 +116,10 @@ static int asn1_bio_new(BIO *b)
 
 static int asn1_bio_init(BIO_ASN1_BUF_CTX *ctx, int size)
 {
-    ctx->buf = OPENSSL_malloc(size);
-    if (ctx->buf == NULL)
+    if ((ctx->buf = OPENSSL_malloc(size)) == NULL) {
+        ASN1err(ASN1_F_ASN1_BIO_INIT, ERR_R_MALLOC_FAILURE);
         return 0;
+    }
     ctx->bufsize = size;
     ctx->asn1_class = V_ASN1_UNIVERSAL;
     ctx->asn1_tag = V_ASN1_OCTET_STRING;
@@ -157,7 +163,6 @@ static int asn1_bio_write(BIO *b, const char *in, int inl)
 
     for (;;) {
         switch (ctx->state) {
-
             /* Setup prefix data, call it */
         case ASN1_STATE_START:
             if (!asn1_bio_setup_ex(b, ctx, ctx->prefix,
@@ -178,7 +183,8 @@ static int asn1_bio_write(BIO *b, const char *in, int inl)
 
         case ASN1_STATE_HEADER:
             ctx->buflen = ASN1_object_size(0, inl, ctx->asn1_tag) - inl;
-            OPENSSL_assert(ctx->buflen <= ctx->bufsize);
+            if (!ossl_assert(ctx->buflen <= ctx->bufsize))
+                return 0;
             p = ctx->buf;
             ASN1_put_object(&p, 0, inl, ctx->asn1_tag, ctx->asn1_class);
             ctx->copylen = inl;
@@ -223,7 +229,8 @@ static int asn1_bio_write(BIO *b, const char *in, int inl)
 
             break;
 
-        default:
+        case ASN1_STATE_POST_COPY:
+        case ASN1_STATE_DONE:
             BIO_clear_retry_flags(b);
             return 0;
 
diff --git a/deps/openssl/openssl/crypto/asn1/bio_ndef.c b/deps/openssl/openssl/crypto/asn1/bio_ndef.c
index 0f206b2497..6222c99074 100644
--- a/deps/openssl/openssl/crypto/asn1/bio_ndef.c
+++ b/deps/openssl/openssl/crypto/asn1/bio_ndef.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -113,9 +113,10 @@ static int ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg)
     ndef_aux = *(NDEF_SUPPORT **)parg;
 
     derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it);
-    p = OPENSSL_malloc(derlen);
-    if (p == NULL)
+    if ((p = OPENSSL_malloc(derlen)) == NULL) {
+        ASN1err(ASN1_F_NDEF_PREFIX, ERR_R_MALLOC_FAILURE);
         return 0;
+    }
 
     ndef_aux->derbuf = p;
     *pbuf = p;
@@ -182,9 +183,10 @@ static int ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg)
         return 0;
 
     derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it);
-    p = OPENSSL_malloc(derlen);
-    if (p == NULL)
+    if ((p = OPENSSL_malloc(derlen)) == NULL) {
+        ASN1err(ASN1_F_NDEF_SUFFIX, ERR_R_MALLOC_FAILURE);
         return 0;
+    }
 
     ndef_aux->derbuf = p;
     *pbuf = p;
diff --git a/deps/openssl/openssl/crypto/asn1/build.info b/deps/openssl/openssl/crypto/asn1/build.info
index c1afb71ad0..d3e92c81ac 100644
--- a/deps/openssl/openssl/crypto/asn1/build.info
+++ b/deps/openssl/openssl/crypto/asn1/build.info
@@ -13,4 +13,4 @@ SOURCE[../../libcrypto]=\
         x_pkey.c bio_asn1.c bio_ndef.c asn_mime.c \
         asn1_gen.c asn1_par.c asn1_lib.c asn1_err.c a_strnid.c \
         evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p5_scrypt.c p8_pkey.c \
-        asn_moid.c asn_mstbl.c
+        asn_moid.c asn_mstbl.c asn1_item_list.c
diff --git a/deps/openssl/openssl/crypto/asn1/charmap.h b/deps/openssl/openssl/crypto/asn1/charmap.h
index 2a75925c33..bfccac2cb4 100644
--- a/deps/openssl/openssl/crypto/asn1/charmap.h
+++ b/deps/openssl/openssl/crypto/asn1/charmap.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by crypto/asn1/charmap.pl
  *
- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/deps/openssl/openssl/crypto/asn1/charmap.pl b/deps/openssl/openssl/crypto/asn1/charmap.pl
index 26ca325223..fbab1f3b0a 100644
--- a/deps/openssl/openssl/crypto/asn1/charmap.pl
+++ b/deps/openssl/openssl/crypto/asn1/charmap.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -82,12 +82,14 @@ $arr[ord("?")] |= $PSTRING_CHAR;
 
 # Now generate the C code
 
+# Output year depends on the year of the script.
+my $YEAR = [localtime([stat($0)]->[9])]->[5] + 1900;
 print <<EOF;
 /*
  * WARNING: do not edit!
  * Generated by crypto/asn1/charmap.pl
  *
- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-$YEAR The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/deps/openssl/openssl/crypto/asn1/d2i_pr.c b/deps/openssl/openssl/crypto/asn1/d2i_pr.c
index e311b909db..aa0d6ad6ae 100644
--- a/deps/openssl/openssl/crypto/asn1/d2i_pr.c
+++ b/deps/openssl/openssl/crypto/asn1/d2i_pr.c
@@ -27,7 +27,7 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
     if ((a == NULL) || (*a == NULL)) {
         if ((ret = EVP_PKEY_new()) == NULL) {
             ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_EVP_LIB);
-            return (NULL);
+            return NULL;
         }
     } else {
         ret = *a;
@@ -64,11 +64,11 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
     *pp = p;
     if (a != NULL)
         (*a) = ret;
-    return (ret);
+    return ret;
  err:
     if (a == NULL || *a != ret)
         EVP_PKEY_free(ret);
-    return (NULL);
+    return NULL;
 }
 
 /*
diff --git a/deps/openssl/openssl/crypto/asn1/d2i_pu.c b/deps/openssl/openssl/crypto/asn1/d2i_pu.c
index dfdc1a6c96..9452e08a58 100644
--- a/deps/openssl/openssl/crypto/asn1/d2i_pu.c
+++ b/deps/openssl/openssl/crypto/asn1/d2i_pu.c
@@ -27,7 +27,7 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp,
     if ((a == NULL) || (*a == NULL)) {
         if ((ret = EVP_PKEY_new()) == NULL) {
             ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_EVP_LIB);
-            return (NULL);
+            return NULL;
         }
     } else
         ret = *a;
@@ -66,13 +66,12 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp,
     default:
         ASN1err(ASN1_F_D2I_PUBLICKEY, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
         goto err;
-        /* break; */
     }
     if (a != NULL)
         (*a) = ret;
-    return (ret);
+    return ret;
  err:
     if (a == NULL || *a != ret)
         EVP_PKEY_free(ret);
-    return (NULL);
+    return NULL;
 }
diff --git a/deps/openssl/openssl/crypto/asn1/evp_asn1.c b/deps/openssl/openssl/crypto/asn1/evp_asn1.c
index a458367ebd..895085a520 100644
--- a/deps/openssl/openssl/crypto/asn1/evp_asn1.c
+++ b/deps/openssl/openssl/crypto/asn1/evp_asn1.c
@@ -17,13 +17,13 @@ int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len)
     ASN1_STRING *os;
 
     if ((os = ASN1_OCTET_STRING_new()) == NULL)
-        return (0);
+        return 0;
     if (!ASN1_OCTET_STRING_set(os, data, len)) {
         ASN1_OCTET_STRING_free(os);
         return 0;
     }
     ASN1_TYPE_set(a, V_ASN1_OCTET_STRING, os);
-    return (1);
+    return 1;
 }
 
 /* int max_len:  for returned value    */
@@ -34,7 +34,7 @@ int ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned char *data, int max_l
 
     if ((a->type != V_ASN1_OCTET_STRING) || (a->value.octet_string == NULL)) {
         ASN1err(ASN1_F_ASN1_TYPE_GET_OCTETSTRING, ASN1_R_DATA_IS_WRONG);
-        return (-1);
+        return -1;
     }
     p = ASN1_STRING_get0_data(a->value.octet_string);
     ret = ASN1_STRING_length(a->value.octet_string);
@@ -43,16 +43,16 @@ int ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned char *data, int max_l
     else
         num = max_len;
     memcpy(data, p, num);
-    return (ret);
+    return ret;
 }
 
 typedef struct {
-    long num;
+    int32_t num;
     ASN1_OCTET_STRING *oct;
 } asn1_int_oct;
 
 ASN1_SEQUENCE(asn1_int_oct) = {
-        ASN1_SIMPLE(asn1_int_oct, num, LONG),
+        ASN1_EMBED(asn1_int_oct, num, INT32),
         ASN1_SIMPLE(asn1_int_oct, oct, ASN1_OCTET_STRING)
 } static_ASN1_SEQUENCE_END(asn1_int_oct)
 
diff --git a/deps/openssl/openssl/crypto/asn1/f_int.c b/deps/openssl/openssl/crypto/asn1/f_int.c
index ec556c92dc..6d6bddc651 100644
--- a/deps/openssl/openssl/crypto/asn1/f_int.c
+++ b/deps/openssl/openssl/crypto/asn1/f_int.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -8,7 +8,7 @@
  */
 
 #include <stdio.h>
-#include <ctype.h>
+#include "internal/ctype.h"
 #include "internal/cryptlib.h"
 #include <openssl/buffer.h>
 #include <openssl/asn1.h>
@@ -20,7 +20,7 @@ int i2a_ASN1_INTEGER(BIO *bp, const ASN1_INTEGER *a)
     char buf[2];
 
     if (a == NULL)
-        return (0);
+        return 0;
 
     if (a->type & V_ASN1_NEG) {
         if (BIO_write(bp, "-", 1) != 1)
@@ -46,9 +46,9 @@ int i2a_ASN1_INTEGER(BIO *bp, const ASN1_INTEGER *a)
             n += 2;
         }
     }
-    return (n);
+    return n;
  err:
-    return (-1);
+    return -1;
 }
 
 int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size)
@@ -76,18 +76,7 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size)
         again = (buf[i - 1] == '\\');
 
         for (j = 0; j < i; j++) {
-#ifndef CHARSET_EBCDIC
-            if (!(((buf[j] >= '0') && (buf[j] <= '9')) ||
-                  ((buf[j] >= 'a') && (buf[j] <= 'f')) ||
-                  ((buf[j] >= 'A') && (buf[j] <= 'F'))))
-#else
-            /*
-             * This #ifdef is not strictly necessary, since the characters
-             * A...F a...f 0...9 are contiguous (yes, even in EBCDIC - but
-             * not the whole alphabet). Nevertheless, isxdigit() is faster.
-             */
-            if (!isxdigit(buf[j]))
-#endif
+            if (!ossl_isxdigit(buf[j]))
             {
                 i = j;
                 break;
diff --git a/deps/openssl/openssl/crypto/asn1/f_string.c b/deps/openssl/openssl/crypto/asn1/f_string.c
index b9258bba8b..f893489a67 100644
--- a/deps/openssl/openssl/crypto/asn1/f_string.c
+++ b/deps/openssl/openssl/crypto/asn1/f_string.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -8,7 +8,7 @@
  */
 
 #include <stdio.h>
-#include <ctype.h>
+#include "internal/ctype.h"
 #include "internal/cryptlib.h"
 #include <openssl/buffer.h>
 #include <openssl/asn1.h>
@@ -20,7 +20,7 @@ int i2a_ASN1_STRING(BIO *bp, const ASN1_STRING *a, int type)
     char buf[2];
 
     if (a == NULL)
-        return (0);
+        return 0;
 
     if (a->length == 0) {
         if (BIO_write(bp, "0", 1) != 1)
@@ -40,14 +40,14 @@ int i2a_ASN1_STRING(BIO *bp, const ASN1_STRING *a, int type)
             n += 2;
         }
     }
-    return (n);
+    return n;
  err:
-    return (-1);
+    return -1;
 }
 
 int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size)
 {
-    int i, j, k, m, n, again, bufsize, spec_char;
+    int i, j, k, m, n, again, bufsize;
     unsigned char *s = NULL, *sp;
     unsigned char *bufp;
     int num = 0, slen = 0, first = 1;
@@ -74,19 +74,7 @@ int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size)
         again = (buf[i - 1] == '\\');
 
         for (j = i - 1; j > 0; j--) {
-#ifndef CHARSET_EBCDIC
-            spec_char = (!(((buf[j] >= '0') && (buf[j] <= '9')) ||
-                  ((buf[j] >= 'a') && (buf[j] <= 'f')) ||
-                  ((buf[j] >= 'A') && (buf[j] <= 'F'))));
-#else
-            /*
-             * This #ifdef is not strictly necessary, since the characters
-             * A...F a...f 0...9 are contiguous (yes, even in EBCDIC - but
-             * not the whole alphabet). Nevertheless, isxdigit() is faster.
-             */
-            spec_char = (!isxdigit(buf[j]));
-#endif
-            if (spec_char) {
+            if (!ossl_isxdigit(buf[j])) {
                 i = j;
                 break;
             }
diff --git a/deps/openssl/openssl/crypto/asn1/n_pkey.c b/deps/openssl/openssl/crypto/asn1/n_pkey.c
index 267ce60110..d1fb8a146d 100644
--- a/deps/openssl/openssl/crypto/asn1/n_pkey.c
+++ b/deps/openssl/openssl/crypto/asn1/n_pkey.c
@@ -23,7 +23,7 @@ NON_EMPTY_TRANSLATION_UNIT
 # ifndef OPENSSL_NO_RC4
 
 typedef struct netscape_pkey_st {
-    long version;
+    int32_t version;
     X509_ALGOR *algor;
     ASN1_OCTET_STRING *private_key;
 } NETSCAPE_PKEY;
@@ -48,7 +48,7 @@ DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY,NETSCAPE_ENCRYPTED_P
 IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
 
 ASN1_SEQUENCE(NETSCAPE_PKEY) = {
-        ASN1_SIMPLE(NETSCAPE_PKEY, version, LONG),
+        ASN1_EMBED(NETSCAPE_PKEY, version, INT32),
         ASN1_SIMPLE(NETSCAPE_PKEY, algor, X509_ALGOR),
         ASN1_SIMPLE(NETSCAPE_PKEY, private_key, ASN1_OCTET_STRING)
 } static_ASN1_SEQUENCE_END(NETSCAPE_PKEY)
diff --git a/deps/openssl/openssl/crypto/asn1/p5_pbev2.c b/deps/openssl/openssl/crypto/asn1/p5_pbev2.c
index 14e8700b7a..f91ba08f1e 100644
--- a/deps/openssl/openssl/crypto/asn1/p5_pbev2.c
+++ b/deps/openssl/openssl/crypto/asn1/p5_pbev2.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -78,7 +78,7 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
     /* Dummy cipherinit to just setup the IV, and PRF */
     if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, iv, 0))
         goto err;
-    if (EVP_CIPHER_param_to_asn1(ctx, scheme->parameter) < 0) {
+    if (EVP_CIPHER_param_to_asn1(ctx, scheme->parameter) <= 0) {
         ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
         goto err;
     }
diff --git a/deps/openssl/openssl/crypto/asn1/p5_scrypt.c b/deps/openssl/openssl/crypto/asn1/p5_scrypt.c
index 10a7360233..1491d96ec8 100644
--- a/deps/openssl/openssl/crypto/asn1/p5_scrypt.c
+++ b/deps/openssl/openssl/crypto/asn1/p5_scrypt.c
@@ -18,24 +18,15 @@
 #ifndef OPENSSL_NO_SCRYPT
 /* PKCS#5 scrypt password based encryption structures */
 
-typedef struct {
-    ASN1_OCTET_STRING *salt;
-    ASN1_INTEGER *costParameter;
-    ASN1_INTEGER *blockSize;
-    ASN1_INTEGER *parallelizationParameter;
-    ASN1_INTEGER *keyLength;
-} SCRYPT_PARAMS;
-
 ASN1_SEQUENCE(SCRYPT_PARAMS) = {
         ASN1_SIMPLE(SCRYPT_PARAMS, salt, ASN1_OCTET_STRING),
         ASN1_SIMPLE(SCRYPT_PARAMS, costParameter, ASN1_INTEGER),
         ASN1_SIMPLE(SCRYPT_PARAMS, blockSize, ASN1_INTEGER),
         ASN1_SIMPLE(SCRYPT_PARAMS, parallelizationParameter, ASN1_INTEGER),
         ASN1_OPT(SCRYPT_PARAMS, keyLength, ASN1_INTEGER),
-} static_ASN1_SEQUENCE_END(SCRYPT_PARAMS)
+} ASN1_SEQUENCE_END(SCRYPT_PARAMS)
 
-DECLARE_ASN1_ALLOC_FUNCTIONS(SCRYPT_PARAMS)
-IMPLEMENT_ASN1_ALLOC_FUNCTIONS(SCRYPT_PARAMS)
+IMPLEMENT_ASN1_FUNCTIONS(SCRYPT_PARAMS)
 
 static X509_ALGOR *pkcs5_scrypt_set(const unsigned char *salt, size_t saltlen,
                                     size_t keylen, uint64_t N, uint64_t r,
@@ -102,7 +93,7 @@ X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher,
     /* Dummy cipherinit to just setup the IV */
     if (EVP_CipherInit_ex(ctx, cipher, NULL, NULL, iv, 0) == 0)
         goto err;
-    if (EVP_CIPHER_param_to_asn1(ctx, scheme->parameter) < 0) {
+    if (EVP_CIPHER_param_to_asn1(ctx, scheme->parameter) <= 0) {
         ASN1err(ASN1_F_PKCS5_PBE2_SET_SCRYPT,
                 ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
         goto err;
diff --git a/deps/openssl/openssl/crypto/asn1/standard_methods.h b/deps/openssl/openssl/crypto/asn1/standard_methods.h
new file mode 100644
index 0000000000..e74de55ffe
--- /dev/null
+++ b/deps/openssl/openssl/crypto/asn1/standard_methods.h
@@ -0,0 +1,61 @@
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This table MUST be kept in ascending order of the NID each method
+ * represents (corresponding to the pkey_id field) as OBJ_bsearch
+ * is used to search it.
+ */
+static const EVP_PKEY_ASN1_METHOD *standard_methods[] = {
+#ifndef OPENSSL_NO_RSA
+    &rsa_asn1_meths[0],
+    &rsa_asn1_meths[1],
+#endif
+#ifndef OPENSSL_NO_DH
+    &dh_asn1_meth,
+#endif
+#ifndef OPENSSL_NO_DSA
+    &dsa_asn1_meths[0],
+    &dsa_asn1_meths[1],
+    &dsa_asn1_meths[2],
+    &dsa_asn1_meths[3],
+    &dsa_asn1_meths[4],
+#endif
+#ifndef OPENSSL_NO_EC
+    &eckey_asn1_meth,
+#endif
+    &hmac_asn1_meth,
+#ifndef OPENSSL_NO_CMAC
+    &cmac_asn1_meth,
+#endif
+#ifndef OPENSSL_NO_RSA
+    &rsa_pss_asn1_meth,
+#endif
+#ifndef OPENSSL_NO_DH
+    &dhx_asn1_meth,
+#endif
+#ifndef OPENSSL_NO_EC
+    &ecx25519_asn1_meth,
+    &ecx448_asn1_meth,
+#endif
+#ifndef OPENSSL_NO_POLY1305
+    &poly1305_asn1_meth,
+#endif
+#ifndef OPENSSL_NO_SIPHASH
+    &siphash_asn1_meth,
+#endif
+#ifndef OPENSSL_NO_EC
+    &ed25519_asn1_meth,
+    &ed448_asn1_meth,
+#endif
+#ifndef OPENSSL_NO_SM2
+    &sm2_asn1_meth,
+#endif
+};
+
diff --git a/deps/openssl/openssl/crypto/asn1/tasn_dec.c b/deps/openssl/openssl/crypto/asn1/tasn_dec.c
index af8641e35b..c2a521ed51 100644
--- a/deps/openssl/openssl/crypto/asn1/tasn_dec.c
+++ b/deps/openssl/openssl/crypto/asn1/tasn_dec.c
@@ -17,6 +17,7 @@
 #include "internal/numbers.h"
 #include "asn1_locl.h"
 
+
 /*
  * Constructed types with a recursive definition (such as can be found in PKCS7)
  * could eventually exceed the stack given malicious input with excessive
@@ -554,7 +555,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
         } else if (ret == -1)
             return -1;
         if (!*val)
-            *val = (ASN1_VALUE *)OPENSSL_sk_new_null();
+            *val = (ASN1_VALUE *)sk_ASN1_VALUE_new_null();
         else {
             /*
              * We've got a valid STACK: free up any items present
diff --git a/deps/openssl/openssl/crypto/asn1/tasn_enc.c b/deps/openssl/openssl/crypto/asn1/tasn_enc.c
index 3b723a1845..30be314ff9 100644
--- a/deps/openssl/openssl/crypto/asn1/tasn_enc.c
+++ b/deps/openssl/openssl/crypto/asn1/tasn_enc.c
@@ -57,12 +57,14 @@ static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out,
     if (out && !*out) {
         unsigned char *p, *buf;
         int len;
+
         len = ASN1_item_ex_i2d(&val, NULL, it, -1, flags);
         if (len <= 0)
             return len;
-        buf = OPENSSL_malloc(len);
-        if (buf == NULL)
+        if ((buf = OPENSSL_malloc(len)) == NULL) {
+            ASN1err(ASN1_F_ASN1_ITEM_FLAGS_I2D, ERR_R_MALLOC_FAILURE);
             return -1;
+        }
         p = buf;
         ASN1_item_ex_i2d(&val, &p, it, -1, flags);
         *out = buf;
diff --git a/deps/openssl/openssl/crypto/asn1/tasn_new.c b/deps/openssl/openssl/crypto/asn1/tasn_new.c
index 11c804026a..6b8ea8ddd7 100644
--- a/deps/openssl/openssl/crypto/asn1/tasn_new.c
+++ b/deps/openssl/openssl/crypto/asn1/tasn_new.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -299,9 +299,10 @@ static int asn1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
         return 1;
 
     case V_ASN1_ANY:
-        typ = OPENSSL_malloc(sizeof(*typ));
-        if (typ == NULL)
+        if ((typ = OPENSSL_malloc(sizeof(*typ))) == NULL) {
+            ASN1err(ASN1_F_ASN1_PRIMITIVE_NEW, ERR_R_MALLOC_FAILURE);
             return 0;
+        }
         typ->value.ptr = NULL;
         typ->type = -1;
         *pval = (ASN1_VALUE *)typ;
diff --git a/deps/openssl/openssl/crypto/asn1/tasn_prn.c b/deps/openssl/openssl/crypto/asn1/tasn_prn.c
index 53a9ee8ee9..1fb66f1062 100644
--- a/deps/openssl/openssl/crypto/asn1/tasn_prn.c
+++ b/deps/openssl/openssl/crypto/asn1/tasn_prn.c
@@ -315,7 +315,8 @@ static int asn1_template_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
                                      pctx))
                 return 0;
         }
-        if (!i && BIO_printf(out, "%*s<EMPTY>\n", indent + 2, "") <= 0)
+        if (i == 0 && BIO_printf(out, "%*s<%s>\n", indent + 2, "",
+                                 stack == NULL ? "ABSENT" : "EMPTY") <= 0)
             return 0;
         if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_SEQUENCE) {
             if (BIO_printf(out, "%*s}\n", indent, "") <= 0)
diff --git a/deps/openssl/openssl/crypto/asn1/tasn_utl.c b/deps/openssl/openssl/crypto/asn1/tasn_utl.c
index 832603b1db..7ceecffce7 100644
--- a/deps/openssl/openssl/crypto/asn1/tasn_utl.c
+++ b/deps/openssl/openssl/crypto/asn1/tasn_utl.c
@@ -9,7 +9,8 @@
 
 #include <stddef.h>
 #include <string.h>
-#include <internal/cryptlib.h>
+#include "internal/cryptlib.h"
+#include "internal/refcount.h"
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
 #include <openssl/objects.h>
@@ -57,8 +58,10 @@ int asn1_set_choice_selector(ASN1_VALUE **pval, int value,
 int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it)
 {
     const ASN1_AUX *aux;
-    int *lck, ret;
+    CRYPTO_REF_COUNT *lck;
     CRYPTO_RWLOCK **lock;
+    int ret = -1;
+
     if ((it->itype != ASN1_ITYPE_SEQUENCE)
         && (it->itype != ASN1_ITYPE_NDEF_SEQUENCE))
         return 0;
@@ -67,25 +70,34 @@ int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it)
         return 0;
     lck = offset2ptr(*pval, aux->ref_offset);
     lock = offset2ptr(*pval, aux->ref_lock);
-    if (op == 0) {
-        *lck = 1;
+
+    switch (op) {
+    case 0:
+        *lck = ret = 1;
         *lock = CRYPTO_THREAD_lock_new();
         if (*lock == NULL) {
             ASN1err(ASN1_F_ASN1_DO_LOCK, ERR_R_MALLOC_FAILURE);
             return -1;
         }
-        return 1;
-    }
-    if (!CRYPTO_atomic_add(lck, op, &ret, *lock))
-        return -1;  /* failed */
+        break;
+    case 1:
+        if (!CRYPTO_UP_REF(lck, &ret, *lock))
+            return -1;
+        break;
+    case -1:
+        if (!CRYPTO_DOWN_REF(lck, &ret, *lock))
+            return -1;  /* failed */
 #ifdef REF_PRINT
-    fprintf(stderr, "%p:%4d:%s\n", it, *lck, it->sname);
+        fprintf(stderr, "%p:%4d:%s\n", it, ret, it->sname);
 #endif
-    REF_ASSERT_ISNT(ret < 0);
-    if (ret == 0) {
-        CRYPTO_THREAD_lock_free(*lock);
-        *lock = NULL;
+        REF_ASSERT_ISNT(ret < 0);
+        if (ret == 0) {
+            CRYPTO_THREAD_lock_free(*lock);
+            *lock = NULL;
+        }
+        break;
     }
+
     return ret;
 }
 
@@ -132,9 +144,10 @@ int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen,
         return 1;
 
     OPENSSL_free(enc->enc);
-    enc->enc = OPENSSL_malloc(inlen);
-    if (enc->enc == NULL)
+    if ((enc->enc = OPENSSL_malloc(inlen)) == NULL) {
+        ASN1err(ASN1_F_ASN1_ENC_SAVE, ERR_R_MALLOC_FAILURE);
         return 0;
+    }
     memcpy(enc->enc, in, inlen);
     enc->len = inlen;
     enc->modified = 0;
diff --git a/deps/openssl/openssl/crypto/asn1/tbl_standard.h b/deps/openssl/openssl/crypto/asn1/tbl_standard.h
new file mode 100644
index 0000000000..777a734482
--- /dev/null
+++ b/deps/openssl/openssl/crypto/asn1/tbl_standard.h
@@ -0,0 +1,61 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* size limits: this stuff is taken straight from RFC3280 */
+
+#define ub_name                         32768
+#define ub_common_name                  64
+#define ub_locality_name                128
+#define ub_state_name                   128
+#define ub_organization_name            64
+#define ub_organization_unit_name       64
+#define ub_title                        64
+#define ub_email_address                128
+#define ub_serial_number                64
+
+/* From RFC4524 */
+
+#define ub_rfc822_mailbox               256
+
+/* This table must be kept in NID order */
+
+static const ASN1_STRING_TABLE tbl_standard[] = {
+    {NID_commonName, 1, ub_common_name, DIRSTRING_TYPE, 0},
+    {NID_countryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
+    {NID_localityName, 1, ub_locality_name, DIRSTRING_TYPE, 0},
+    {NID_stateOrProvinceName, 1, ub_state_name, DIRSTRING_TYPE, 0},
+    {NID_organizationName, 1, ub_organization_name, DIRSTRING_TYPE, 0},
+    {NID_organizationalUnitName, 1, ub_organization_unit_name, DIRSTRING_TYPE,
+     0},
+    {NID_pkcs9_emailAddress, 1, ub_email_address, B_ASN1_IA5STRING,
+     STABLE_NO_MASK},
+    {NID_pkcs9_unstructuredName, 1, -1, PKCS9STRING_TYPE, 0},
+    {NID_pkcs9_challengePassword, 1, -1, PKCS9STRING_TYPE, 0},
+    {NID_pkcs9_unstructuredAddress, 1, -1, DIRSTRING_TYPE, 0},
+    {NID_givenName, 1, ub_name, DIRSTRING_TYPE, 0},
+    {NID_surname, 1, ub_name, DIRSTRING_TYPE, 0},
+    {NID_initials, 1, ub_name, DIRSTRING_TYPE, 0},
+    {NID_serialNumber, 1, ub_serial_number, B_ASN1_PRINTABLESTRING,
+     STABLE_NO_MASK},
+    {NID_friendlyName, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},
+    {NID_name, 1, ub_name, DIRSTRING_TYPE, 0},
+    {NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
+    {NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK},
+    {NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},
+    {NID_rfc822Mailbox, 1, ub_rfc822_mailbox, B_ASN1_IA5STRING,
+     STABLE_NO_MASK},
+    {NID_jurisdictionCountryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
+    {NID_INN, 1, 12, B_ASN1_NUMERICSTRING, STABLE_NO_MASK},
+    {NID_OGRN, 1, 13, B_ASN1_NUMERICSTRING, STABLE_NO_MASK},
+    {NID_SNILS, 1, 11, B_ASN1_NUMERICSTRING, STABLE_NO_MASK},
+    {NID_countryCode3c, 3, 3, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
+    {NID_countryCode3n, 3, 3, B_ASN1_NUMERICSTRING, STABLE_NO_MASK},
+    {NID_dnsName, 0, -1, B_ASN1_UTF8STRING, STABLE_NO_MASK}
+};
+
diff --git a/deps/openssl/openssl/crypto/asn1/x_algor.c b/deps/openssl/openssl/crypto/asn1/x_algor.c
index 72378db922..853d45b8bc 100644
--- a/deps/openssl/openssl/crypto/asn1/x_algor.c
+++ b/deps/openssl/openssl/crypto/asn1/x_algor.c
@@ -28,18 +28,19 @@ IMPLEMENT_ASN1_DUP_FUNCTION(X509_ALGOR)
 
 int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval)
 {
-    if (!alg)
+    if (alg == NULL)
         return 0;
+
     if (ptype != V_ASN1_UNDEF) {
         if (alg->parameter == NULL)
             alg->parameter = ASN1_TYPE_new();
         if (alg->parameter == NULL)
             return 0;
     }
-    if (alg) {
-        ASN1_OBJECT_free(alg->algorithm);
-        alg->algorithm = aobj;
-    }
+
+    ASN1_OBJECT_free(alg->algorithm);
+    alg->algorithm = aobj;
+
     if (ptype == 0)
         return 1;
     if (ptype == V_ASN1_UNDEF) {
diff --git a/deps/openssl/openssl/crypto/asn1/x_int64.c b/deps/openssl/openssl/crypto/asn1/x_int64.c
index 4433167a44..0ee552cf0a 100644
--- a/deps/openssl/openssl/crypto/asn1/x_int64.c
+++ b/deps/openssl/openssl/crypto/asn1/x_int64.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -9,8 +9,8 @@
 
 #include <stdio.h>
 #include "internal/cryptlib.h"
-#include "internal/asn1t.h"
 #include "internal/numbers.h"
+#include <openssl/asn1t.h>
 #include <openssl/bn.h>
 #include "asn1_locl.h"
 
@@ -28,9 +28,10 @@
 
 static int uint64_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
-    *pval = (ASN1_VALUE *)OPENSSL_zalloc(sizeof(uint64_t));
-    if (*pval == NULL)
+    if ((*pval = (ASN1_VALUE *)OPENSSL_zalloc(sizeof(uint64_t))) == NULL) {
+        ASN1err(ASN1_F_UINT64_NEW, ERR_R_MALLOC_FAILURE);
         return 0;
+    }
     return 1;
 }
 
@@ -80,6 +81,16 @@ static int uint64_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
         return 0;
 
     cp = (char *)*pval;
+
+    /*
+     * Strictly speaking, zero length is malformed.  However, long_c2i
+     * (x_long.c) encodes 0 as a zero length INTEGER (wrongly, of course),
+     * so for the sake of backward compatibility, we still decode zero
+     * length INTEGERs as the number zero.
+     */
+    if (len == 0)
+        goto long_compat;
+
     if (!c2i_uint64_int(&utmp, &neg, &cont, len))
         return 0;
     if ((it->size & INTxx_FLAG_SIGNED) == 0 && neg) {
@@ -94,6 +105,8 @@ static int uint64_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
     if (neg)
         /* c2i_uint64_int() returns positive values */
         utmp = 0 - utmp;
+
+ long_compat:
     memcpy(cp, &utmp, sizeof(utmp));
     return 1;
 }
@@ -102,17 +115,18 @@ static int uint64_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it,
                         int indent, const ASN1_PCTX *pctx)
 {
     if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED)
-        return BIO_printf(out, "%"BIO_PRI64"d\n", **(int64_t **)pval);
-    return BIO_printf(out, "%"BIO_PRI64"u\n", **(uint64_t **)pval);
+        return BIO_printf(out, "%jd\n", **(int64_t **)pval);
+    return BIO_printf(out, "%ju\n", **(uint64_t **)pval);
 }
 
 /* 32-bit variants */
 
 static int uint32_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
-    *pval = (ASN1_VALUE *)OPENSSL_zalloc(sizeof(uint32_t));
-    if (*pval == NULL)
+    if ((*pval = (ASN1_VALUE *)OPENSSL_zalloc(sizeof(uint32_t))) == NULL) {
+        ASN1err(ASN1_F_UINT32_NEW, ERR_R_MALLOC_FAILURE);
         return 0;
+    }
     return 1;
 }
 
@@ -170,6 +184,16 @@ static int uint32_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
         return 0;
 
     cp = (char *)*pval;
+
+    /*
+     * Strictly speaking, zero length is malformed.  However, long_c2i
+     * (x_long.c) encodes 0 as a zero length INTEGER (wrongly, of course),
+     * so for the sake of backward compatibility, we still decode zero
+     * length INTEGERs as the number zero.
+     */
+    if (len == 0)
+        goto long_compat;
+
     if (!c2i_uint64_int(&utmp, &neg, &cont, len))
         return 0;
     if ((it->size & INTxx_FLAG_SIGNED) == 0 && neg) {
@@ -189,6 +213,8 @@ static int uint32_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
             return 0;
         }
     }
+
+ long_compat:
     utmp2 = (uint32_t)utmp;
     memcpy(cp, &utmp2, sizeof(utmp2));
     return 1;
diff --git a/deps/openssl/openssl/crypto/asn1/x_long.c b/deps/openssl/openssl/crypto/asn1/x_long.c
index 5895345f9f..bf9371ef55 100644
--- a/deps/openssl/openssl/crypto/asn1/x_long.c
+++ b/deps/openssl/openssl/crypto/asn1/x_long.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -11,6 +11,12 @@
 #include "internal/cryptlib.h"
 #include <openssl/asn1t.h>
 
+#if !(OPENSSL_API_COMPAT < 0x10200000L)
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+#define COPY_SIZE(a, b) (sizeof(a) < sizeof(b) ? sizeof(a) : sizeof(b))
+
 /*
  * Custom primitive type for long handling. This converts between an
  * ASN1_INTEGER and a long directly.
@@ -46,13 +52,13 @@ ASN1_ITEM_end(ZLONG)
 
 static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
-    *(long *)pval = it->size;
+    memcpy(pval, &it->size, COPY_SIZE(*pval, it->size));
     return 1;
 }
 
 static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
-    *(long *)pval = it->size;
+    memcpy(pval, &it->size, COPY_SIZE(*pval, it->size));
 }
 
 /*
@@ -86,12 +92,8 @@ static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
     long ltmp;
     unsigned long utmp, sign;
     int clen, pad, i;
-    /* this exists to bypass broken gcc optimization */
-    char *cp = (char *)pval;
-
-    /* use memcpy, because we may not be long aligned */
-    memcpy(&ltmp, cp, sizeof(long));
 
+    memcpy(&ltmp, pval, COPY_SIZE(*pval, ltmp));
     if (ltmp == it->size)
         return -1;
     /*
@@ -133,7 +135,6 @@ static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
     int i;
     long ltmp;
     unsigned long utmp = 0, sign = 0x100;
-    char *cp = (char *)pval;
 
     if (len > 1) {
         /*
@@ -185,12 +186,16 @@ static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
         ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
         return 0;
     }
-    memcpy(cp, &ltmp, sizeof(long));
+    memcpy(pval, &ltmp, COPY_SIZE(*pval, ltmp));
     return 1;
 }
 
 static int long_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it,
                       int indent, const ASN1_PCTX *pctx)
 {
-    return BIO_printf(out, "%ld\n", *(long *)pval);
+    long l;
+
+    memcpy(&l, pval, COPY_SIZE(*pval, l));
+    return BIO_printf(out, "%ld\n", l);
 }
+#endif
diff --git a/deps/openssl/openssl/crypto/asn1/x_spki.c b/deps/openssl/openssl/crypto/asn1/x_spki.c
index c45400b42f..0d72a3f3a9 100644
--- a/deps/openssl/openssl/crypto/asn1/x_spki.c
+++ b/deps/openssl/openssl/crypto/asn1/x_spki.c
@@ -7,11 +7,6 @@
  * https://www.openssl.org/source/license.html
  */
 
- /*
-  * This module was send to me my Pat Richards <patr@x509.com> who wrote it.
-  * It is under my Copyright with his permission
-  */
-
 #include <stdio.h>
 #include "internal/cryptlib.h"
 #include <openssl/x509.h>
diff --git a/deps/openssl/openssl/crypto/async/arch/async_posix.h b/deps/openssl/openssl/crypto/async/arch/async_posix.h
index 939b4ab183..62449fe60e 100644
--- a/deps/openssl/openssl/crypto/async/arch/async_posix.h
+++ b/deps/openssl/openssl/crypto/async/arch/async_posix.h
@@ -27,7 +27,6 @@
 
 #  include <ucontext.h>
 #  include <setjmp.h>
-#  include "e_os.h"
 
 typedef struct async_fibre_st {
     ucontext_t fibre;
diff --git a/deps/openssl/openssl/crypto/async/async.c b/deps/openssl/openssl/crypto/async/async.c
index 0862cca21a..1d83e4576f 100644
--- a/deps/openssl/openssl/crypto/async/async.c
+++ b/deps/openssl/openssl/crypto/async/async.c
@@ -19,7 +19,7 @@
 #include "async_locl.h"
 
 #include <openssl/err.h>
-#include <internal/cryptlib_int.h>
+#include "internal/cryptlib_int.h"
 #include <string.h>
 
 #define ASYNC_JOB_RUNNING   0
@@ -37,7 +37,7 @@ static async_ctx *async_ctx_new(void)
     if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_ASYNC))
         return NULL;
 
-    nctx = OPENSSL_malloc(sizeof(async_ctx));
+    nctx = OPENSSL_malloc(sizeof(*nctx));
     if (nctx == NULL) {
         ASYNCerr(ASYNC_F_ASYNC_CTX_NEW, ERR_R_MALLOC_FAILURE);
         goto err;
@@ -79,7 +79,7 @@ static ASYNC_JOB *async_job_new(void)
 {
     ASYNC_JOB *job = NULL;
 
-    job = OPENSSL_zalloc(sizeof(ASYNC_JOB));
+    job = OPENSSL_zalloc(sizeof(*job));
     if (job == NULL) {
         ASYNCerr(ASYNC_F_ASYNC_JOB_NEW, ERR_R_MALLOC_FAILURE);
         return NULL;
@@ -335,7 +335,7 @@ int ASYNC_init_thread(size_t max_size, size_t init_size)
         return 0;
     }
 
-    pool->jobs = sk_ASYNC_JOB_new_null();
+    pool->jobs = sk_ASYNC_JOB_new_reserve(NULL, init_size);
     if (pool->jobs == NULL) {
         ASYNCerr(ASYNC_F_ASYNC_INIT_THREAD, ERR_R_MALLOC_FAILURE);
         OPENSSL_free(pool);
@@ -357,7 +357,7 @@ int ASYNC_init_thread(size_t max_size, size_t init_size)
             break;
         }
         job->funcargs = NULL;
-        sk_ASYNC_JOB_push(pool->jobs, job);
+        sk_ASYNC_JOB_push(pool->jobs, job); /* Cannot fail due to reserve */
         curr_size++;
     }
     pool->curr_size = curr_size;
diff --git a/deps/openssl/openssl/crypto/async/async_err.c b/deps/openssl/openssl/crypto/async/async_err.c
index ae97e96533..fd5527aae8 100644
--- a/deps/openssl/openssl/crypto/async/async_err.c
+++ b/deps/openssl/openssl/crypto/async/async_err.c
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -8,31 +8,32 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
 #include <openssl/err.h>
-#include <openssl/async.h>
+#include <openssl/asyncerr.h>
 
-/* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_ASYNC,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_ASYNC,0,reason)
-
-static ERR_STRING_DATA ASYNC_str_functs[] = {
-    {ERR_FUNC(ASYNC_F_ASYNC_CTX_NEW), "async_ctx_new"},
-    {ERR_FUNC(ASYNC_F_ASYNC_INIT_THREAD), "ASYNC_init_thread"},
-    {ERR_FUNC(ASYNC_F_ASYNC_JOB_NEW), "async_job_new"},
-    {ERR_FUNC(ASYNC_F_ASYNC_PAUSE_JOB), "ASYNC_pause_job"},
-    {ERR_FUNC(ASYNC_F_ASYNC_START_FUNC), "async_start_func"},
-    {ERR_FUNC(ASYNC_F_ASYNC_START_JOB), "ASYNC_start_job"},
+static const ERR_STRING_DATA ASYNC_str_functs[] = {
+    {ERR_PACK(ERR_LIB_ASYNC, ASYNC_F_ASYNC_CTX_NEW, 0), "async_ctx_new"},
+    {ERR_PACK(ERR_LIB_ASYNC, ASYNC_F_ASYNC_INIT_THREAD, 0),
+     "ASYNC_init_thread"},
+    {ERR_PACK(ERR_LIB_ASYNC, ASYNC_F_ASYNC_JOB_NEW, 0), "async_job_new"},
+    {ERR_PACK(ERR_LIB_ASYNC, ASYNC_F_ASYNC_PAUSE_JOB, 0), "ASYNC_pause_job"},
+    {ERR_PACK(ERR_LIB_ASYNC, ASYNC_F_ASYNC_START_FUNC, 0), "async_start_func"},
+    {ERR_PACK(ERR_LIB_ASYNC, ASYNC_F_ASYNC_START_JOB, 0), "ASYNC_start_job"},
+    {ERR_PACK(ERR_LIB_ASYNC, ASYNC_F_ASYNC_WAIT_CTX_SET_WAIT_FD, 0),
+     "ASYNC_WAIT_CTX_set_wait_fd"},
     {0, NULL}
 };
 
-static ERR_STRING_DATA ASYNC_str_reasons[] = {
-    {ERR_REASON(ASYNC_R_FAILED_TO_SET_POOL), "failed to set pool"},
-    {ERR_REASON(ASYNC_R_FAILED_TO_SWAP_CONTEXT), "failed to swap context"},
-    {ERR_REASON(ASYNC_R_INIT_FAILED), "init failed"},
-    {ERR_REASON(ASYNC_R_INVALID_POOL_SIZE), "invalid pool size"},
+static const ERR_STRING_DATA ASYNC_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_ASYNC, 0, ASYNC_R_FAILED_TO_SET_POOL),
+    "failed to set pool"},
+    {ERR_PACK(ERR_LIB_ASYNC, 0, ASYNC_R_FAILED_TO_SWAP_CONTEXT),
+    "failed to swap context"},
+    {ERR_PACK(ERR_LIB_ASYNC, 0, ASYNC_R_INIT_FAILED), "init failed"},
+    {ERR_PACK(ERR_LIB_ASYNC, 0, ASYNC_R_INVALID_POOL_SIZE),
+    "invalid pool size"},
     {0, NULL}
 };
 
@@ -41,10 +42,9 @@ static ERR_STRING_DATA ASYNC_str_reasons[] = {
 int ERR_load_ASYNC_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
-
     if (ERR_func_error_string(ASYNC_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, ASYNC_str_functs);
-        ERR_load_strings(0, ASYNC_str_reasons);
+        ERR_load_strings_const(ASYNC_str_functs);
+        ERR_load_strings_const(ASYNC_str_reasons);
     }
 #endif
     return 1;
diff --git a/deps/openssl/openssl/crypto/async/async_locl.h b/deps/openssl/openssl/crypto/async/async_locl.h
index f0ac05a3db..d7790293f7 100644
--- a/deps/openssl/openssl/crypto/async/async_locl.h
+++ b/deps/openssl/openssl/crypto/async/async_locl.h
@@ -20,7 +20,7 @@
 # include <windows.h>
 #endif
 
-#include <internal/async.h>
+#include "internal/async.h"
 #include <openssl/crypto.h>
 
 typedef struct async_ctx_st async_ctx;
diff --git a/deps/openssl/openssl/crypto/async/async_wait.c b/deps/openssl/openssl/crypto/async/async_wait.c
index 0a0bf873e1..b23e43e8c8 100644
--- a/deps/openssl/openssl/crypto/async/async_wait.c
+++ b/deps/openssl/openssl/crypto/async/async_wait.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -47,9 +47,10 @@ int ASYNC_WAIT_CTX_set_wait_fd(ASYNC_WAIT_CTX *ctx, const void *key,
 {
     struct fd_lookup_st *fdlookup;
 
-    fdlookup = OPENSSL_zalloc(sizeof(*fdlookup));
-    if (fdlookup == NULL)
+    if ((fdlookup = OPENSSL_zalloc(sizeof(*fdlookup))) == NULL) {
+        ASYNCerr(ASYNC_F_ASYNC_WAIT_CTX_SET_WAIT_FD, ERR_R_MALLOC_FAILURE);
         return 0;
+    }
 
     fdlookup->key = key;
     fdlookup->fd = fd;
@@ -145,6 +146,7 @@ int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key)
     while (curr != NULL) {
         if (curr->del == 1) {
             /* This one has been marked deleted already so do nothing */
+            prev = curr;
             curr = curr->next;
             continue;
         }
diff --git a/deps/openssl/openssl/crypto/bf/asm/bf-586.pl b/deps/openssl/openssl/crypto/bf/asm/bf-586.pl
index ebc24f48a1..4e913aecf4 100644
--- a/deps/openssl/openssl/crypto/bf/asm/bf-586.pl
+++ b/deps/openssl/openssl/crypto/bf/asm/bf-586.pl
@@ -15,7 +15,7 @@ require "cbc.pl";
 $output = pop;
 open STDOUT,">$output";
 
-&asm_init($ARGV[0],"bf-586.pl",$ARGV[$#ARGV] eq "386");
+&asm_init($ARGV[0],$ARGV[$#ARGV] eq "386");
 
 $BF_ROUNDS=16;
 $BF_OFF=($BF_ROUNDS+2)*4;
diff --git a/deps/openssl/openssl/crypto/bf/bf_cbc.c b/deps/openssl/openssl/crypto/bf/bf_cbc.c
deleted file mode 100644
index 6ed62578ac..0000000000
--- a/deps/openssl/openssl/crypto/bf/bf_cbc.c
+++ /dev/null
@@ -1,86 +0,0 @@
-/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include <openssl/blowfish.h>
-#include "bf_locl.h"
-
-void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
-                    const BF_KEY *schedule, unsigned char *ivec, int encrypt)
-{
-    register BF_LONG tin0, tin1;
-    register BF_LONG tout0, tout1, xor0, xor1;
-    register long l = length;
-    BF_LONG tin[2];
-
-    if (encrypt) {
-        n2l(ivec, tout0);
-        n2l(ivec, tout1);
-        ivec -= 8;
-        for (l -= 8; l >= 0; l -= 8) {
-            n2l(in, tin0);
-            n2l(in, tin1);
-            tin0 ^= tout0;
-            tin1 ^= tout1;
-            tin[0] = tin0;
-            tin[1] = tin1;
-            BF_encrypt(tin, schedule);
-            tout0 = tin[0];
-            tout1 = tin[1];
-            l2n(tout0, out);
-            l2n(tout1, out);
-        }
-        if (l != -8) {
-            n2ln(in, tin0, tin1, l + 8);
-            tin0 ^= tout0;
-            tin1 ^= tout1;
-            tin[0] = tin0;
-            tin[1] = tin1;
-            BF_encrypt(tin, schedule);
-            tout0 = tin[0];
-            tout1 = tin[1];
-            l2n(tout0, out);
-            l2n(tout1, out);
-        }
-        l2n(tout0, ivec);
-        l2n(tout1, ivec);
-    } else {
-        n2l(ivec, xor0);
-        n2l(ivec, xor1);
-        ivec -= 8;
-        for (l -= 8; l >= 0; l -= 8) {
-            n2l(in, tin0);
-            n2l(in, tin1);
-            tin[0] = tin0;
-            tin[1] = tin1;
-            BF_decrypt(tin, schedule);
-            tout0 = tin[0] ^ xor0;
-            tout1 = tin[1] ^ xor1;
-            l2n(tout0, out);
-            l2n(tout1, out);
-            xor0 = tin0;
-            xor1 = tin1;
-        }
-        if (l != -8) {
-            n2l(in, tin0);
-            n2l(in, tin1);
-            tin[0] = tin0;
-            tin[1] = tin1;
-            BF_decrypt(tin, schedule);
-            tout0 = tin[0] ^ xor0;
-            tout1 = tin[1] ^ xor1;
-            l2nn(tout0, tout1, out, l + 8);
-            xor0 = tin0;
-            xor1 = tin1;
-        }
-        l2n(xor0, ivec);
-        l2n(xor1, ivec);
-    }
-    tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
-    tin[0] = tin[1] = 0;
-}
diff --git a/deps/openssl/openssl/crypto/bf/bf_ecb.c b/deps/openssl/openssl/crypto/bf/bf_ecb.c
index aa73540f35..dc1becdbe4 100644
--- a/deps/openssl/openssl/crypto/bf/bf_ecb.c
+++ b/deps/openssl/openssl/crypto/bf/bf_ecb.c
@@ -19,7 +19,7 @@
 
 const char *BF_options(void)
 {
-    return ("blowfish(ptr)");
+    return "blowfish(ptr)";
 }
 
 void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
diff --git a/deps/openssl/openssl/crypto/bf/bf_enc.c b/deps/openssl/openssl/crypto/bf/bf_enc.c
index 9f80c56d57..67c0d78aec 100644
--- a/deps/openssl/openssl/crypto/bf/bf_enc.c
+++ b/deps/openssl/openssl/crypto/bf/bf_enc.c
@@ -60,8 +60,6 @@ void BF_encrypt(BF_LONG *data, const BF_KEY *key)
     data[0] = r & 0xffffffffU;
 }
 
-#ifndef BF_DEFAULT_OPTIONS
-
 void BF_decrypt(BF_LONG *data, const BF_KEY *key)
 {
     register BF_LONG l, r;
@@ -175,5 +173,3 @@ void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
     tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
     tin[0] = tin[1] = 0;
 }
-
-#endif
diff --git a/deps/openssl/openssl/crypto/bf/build.info b/deps/openssl/openssl/crypto/bf/build.info
index 37a004ea5b..29adc8ce50 100644
--- a/deps/openssl/openssl/crypto/bf/build.info
+++ b/deps/openssl/openssl/crypto/bf/build.info
@@ -2,5 +2,6 @@ LIBS=../../libcrypto
 SOURCE[../../libcrypto]=bf_skey.c bf_ecb.c bf_cfb64.c bf_ofb64.c \
         {- $target{bf_asm_src} -}
 
-GENERATE[bf-586.s]=asm/bf-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR)
+GENERATE[bf-586.s]=asm/bf-586.pl \
+        $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR)
 DEPEND[bf-586.s]=../perlasm/x86asm.pl ../perlasm/cbc.pl
diff --git a/deps/openssl/openssl/crypto/bio/b_addr.c b/deps/openssl/openssl/crypto/bio/b_addr.c
index 6ed1652c8a..abec7bb8db 100644
--- a/deps/openssl/openssl/crypto/bio/b_addr.c
+++ b/deps/openssl/openssl/crypto/bio/b_addr.c
@@ -7,6 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
+#include <assert.h>
 #include <string.h>
 
 #include "bio_lcl.h"
@@ -15,8 +16,7 @@
 #ifndef OPENSSL_NO_SOCK
 #include <openssl/err.h>
 #include <openssl/buffer.h>
-#include <internal/thread_once.h>
-#include <ctype.h>
+#include "internal/thread_once.h"
 
 CRYPTO_RWLOCK *bio_lookup_lock;
 static CRYPTO_ONCE bio_lookup_init = CRYPTO_ONCE_STATIC_INIT;
@@ -565,11 +565,10 @@ static int addrinfo_wrap(int family, int socktype,
                          unsigned short port,
                          BIO_ADDRINFO **bai)
 {
-    OPENSSL_assert(bai != NULL);
-
-    *bai = OPENSSL_zalloc(sizeof(**bai));
-    if (*bai == NULL)
+    if ((*bai = OPENSSL_zalloc(sizeof(**bai))) == NULL) {
+        BIOerr(BIO_F_ADDRINFO_WRAP, ERR_R_MALLOC_FAILURE);
         return 0;
+    }
 
     (*bai)->bai_family = family;
     (*bai)->bai_socktype = socktype;
@@ -610,8 +609,15 @@ DEFINE_RUN_ONCE_STATIC(do_bio_lookup_init)
     return bio_lookup_lock != NULL;
 }
 
+int BIO_lookup(const char *host, const char *service,
+               enum BIO_lookup_type lookup_type,
+               int family, int socktype, BIO_ADDRINFO **res)
+{
+    return BIO_lookup_ex(host, service, lookup_type, family, socktype, 0, res);
+}
+
 /*-
- * BIO_lookup - look up the node and service you want to connect to.
+ * BIO_lookup_ex - look up the node and service you want to connect to.
  * @node: the node you want to connect to.
  * @service: the service you want to connect to.
  * @lookup_type: declare intent with the result, client or server.
@@ -619,6 +625,10 @@ DEFINE_RUN_ONCE_STATIC(do_bio_lookup_init)
  *  AF_INET, AF_INET6 or AF_UNIX.
  * @socktype: The socket type you want to use.  Can be SOCK_STREAM, SOCK_DGRAM
  *  or 0 for all.
+ * @protocol: The protocol to use, e.g. IPPROTO_TCP or IPPROTO_UDP or 0 for all.
+ *            Note that some platforms may not return IPPROTO_SCTP without
+ *            explicitly requesting it (i.e. IPPROTO_SCTP may not be returned
+ *            with 0 for the protocol)
  * @res: Storage place for the resulting list of returned addresses
  *
  * This will do a lookup of the node and service that you want to connect to.
@@ -628,9 +638,8 @@ DEFINE_RUN_ONCE_STATIC(do_bio_lookup_init)
  *
  * The return value is 1 on success or 0 in case of error.
  */
-int BIO_lookup(const char *host, const char *service,
-               enum BIO_lookup_type lookup_type,
-               int family, int socktype, BIO_ADDRINFO **res)
+int BIO_lookup_ex(const char *host, const char *service, int lookup_type,
+                  int family, int socktype, int protocol, BIO_ADDRINFO **res)
 {
     int ret = 0;                 /* Assume failure */
 
@@ -647,7 +656,7 @@ int BIO_lookup(const char *host, const char *service,
 #endif
         break;
     default:
-        BIOerr(BIO_F_BIO_LOOKUP, BIO_R_UNSUPPORTED_PROTOCOL_FAMILY);
+        BIOerr(BIO_F_BIO_LOOKUP_EX, BIO_R_UNSUPPORTED_PROTOCOL_FAMILY);
         return 0;
     }
 
@@ -656,7 +665,7 @@ int BIO_lookup(const char *host, const char *service,
         if (addrinfo_wrap(family, socktype, host, strlen(host), 0, res))
             return 1;
         else
-            BIOerr(BIO_F_BIO_LOOKUP, ERR_R_MALLOC_FAILURE);
+            BIOerr(BIO_F_BIO_LOOKUP_EX, ERR_R_MALLOC_FAILURE);
         return 0;
     }
 #endif
@@ -673,6 +682,7 @@ int BIO_lookup(const char *host, const char *service,
 
         hints.ai_family = family;
         hints.ai_socktype = socktype;
+        hints.ai_protocol = protocol;
 
         if (lookup_type == BIO_LOOKUP_SERVER)
             hints.ai_flags |= AI_PASSIVE;
@@ -684,14 +694,14 @@ int BIO_lookup(const char *host, const char *service,
 # ifdef EAI_SYSTEM
         case EAI_SYSTEM:
             SYSerr(SYS_F_GETADDRINFO, get_last_socket_error());
-            BIOerr(BIO_F_BIO_LOOKUP, ERR_R_SYS_LIB);
+            BIOerr(BIO_F_BIO_LOOKUP_EX, ERR_R_SYS_LIB);
             break;
 # endif
         case 0:
             ret = 1;             /* Success */
             break;
         default:
-            BIOerr(BIO_F_BIO_LOOKUP, ERR_R_SYS_LIB);
+            BIOerr(BIO_F_BIO_LOOKUP_EX, ERR_R_SYS_LIB);
             ERR_add_error_data(1, gai_strerror(gai_ret));
             break;
         }
@@ -733,7 +743,7 @@ int BIO_lookup(const char *host, const char *service,
 #endif
 
         if (!RUN_ONCE(&bio_lookup_init, do_bio_lookup_init)) {
-            BIOerr(BIO_F_BIO_LOOKUP, ERR_R_MALLOC_FAILURE);
+            BIOerr(BIO_F_BIO_LOOKUP_EX, ERR_R_MALLOC_FAILURE);
             ret = 0;
             goto err;
         }
@@ -750,8 +760,11 @@ int BIO_lookup(const char *host, const char *service,
                 he_fallback_address = INADDR_ANY;
                 break;
             default:
-                OPENSSL_assert(("We forgot to handle a lookup type!" == 0));
-                break;
+                /* We forgot to handle a lookup type! */
+                assert("We forgot to handle a lookup type!" == NULL);
+                BIOerr(BIO_F_BIO_LOOKUP_EX, ERR_R_INTERNAL_ERROR);
+                ret = 0;
+                goto err;
             }
         } else {
             he = gethostbyname(host);
@@ -810,7 +823,7 @@ int BIO_lookup(const char *host, const char *service,
 
             if (endp != service && *endp == '\0'
                     && portnum > 0 && portnum < 65536) {
-                se_fallback.s_port = htons(portnum);
+                se_fallback.s_port = htons((unsigned short)portnum);
                 se_fallback.s_proto = proto;
                 se = &se_fallback;
             } else if (endp == service) {
@@ -825,7 +838,7 @@ int BIO_lookup(const char *host, const char *service,
                     goto err;
                 }
             } else {
-                BIOerr(BIO_F_BIO_LOOKUP, BIO_R_MALFORMED_HOST_OR_SERVICE);
+                BIOerr(BIO_F_BIO_LOOKUP_EX, BIO_R_MALFORMED_HOST_OR_SERVICE);
                 goto err;
             }
         }
@@ -867,7 +880,7 @@ int BIO_lookup(const char *host, const char *service,
              addrinfo_malloc_err:
                 BIO_ADDRINFO_free(*res);
                 *res = NULL;
-                BIOerr(BIO_F_BIO_LOOKUP, ERR_R_MALLOC_FAILURE);
+                BIOerr(BIO_F_BIO_LOOKUP_EX, ERR_R_MALLOC_FAILURE);
                 ret = 0;
                 goto err;
             }
diff --git a/deps/openssl/openssl/crypto/bio/b_dump.c b/deps/openssl/openssl/crypto/bio/b_dump.c
index 424195e16b..0d06414e7d 100644
--- a/deps/openssl/openssl/crypto/bio/b_dump.c
+++ b/deps/openssl/openssl/crypto/bio/b_dump.c
@@ -15,7 +15,9 @@
 #include "bio_lcl.h"
 
 #define DUMP_WIDTH      16
-#define DUMP_WIDTH_LESS_INDENT(i) (DUMP_WIDTH-((i-(i>6?6:i)+3)/4))
+#define DUMP_WIDTH_LESS_INDENT(i) (DUMP_WIDTH - ((i - (i > 6 ? 6 : i) + 3) / 4))
+
+#define SPACE(buf, pos, n)   (sizeof(buf) - (pos) > (n))
 
 int BIO_dump_cb(int (*cb) (const void *data, size_t len, void *u),
                 void *u, const char *s, int len)
@@ -27,60 +29,63 @@ int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u),
                        void *u, const char *s, int len, int indent)
 {
     int ret = 0;
-    char buf[288 + 1], tmp[20], str[128 + 1];
-    int i, j, rows;
+    char buf[288 + 1];
+    int i, j, rows, n;
     unsigned char ch;
     int dump_width;
 
     if (indent < 0)
         indent = 0;
-    if (indent) {
-        if (indent > 128)
-            indent = 128;
-        memset(str, ' ', indent);
-    }
-    str[indent] = '\0';
+    else if (indent > 128)
+        indent = 128;
 
     dump_width = DUMP_WIDTH_LESS_INDENT(indent);
-    rows = (len / dump_width);
+    rows = len / dump_width;
     if ((rows * dump_width) < len)
         rows++;
     for (i = 0; i < rows; i++) {
-        OPENSSL_strlcpy(buf, str, sizeof(buf));
-        BIO_snprintf(tmp, sizeof(tmp), "%04x - ", i * dump_width);
-        OPENSSL_strlcat(buf, tmp, sizeof(buf));
+        n = BIO_snprintf(buf, sizeof(buf), "%*s%04x - ", indent, "",
+                         i * dump_width);
         for (j = 0; j < dump_width; j++) {
-            if (((i * dump_width) + j) >= len) {
-                OPENSSL_strlcat(buf, "   ", sizeof(buf));
-            } else {
-                ch = ((unsigned char)*(s + i * dump_width + j)) & 0xff;
-                BIO_snprintf(tmp, sizeof(tmp), "%02x%c", ch,
-                             j == 7 ? '-' : ' ');
-                OPENSSL_strlcat(buf, tmp, sizeof(buf));
+            if (SPACE(buf, n, 3)) {
+                if (((i * dump_width) + j) >= len) {
+                    strcpy(buf + n, "   ");
+                } else {
+                    ch = ((unsigned char)*(s + i * dump_width + j)) & 0xff;
+                    BIO_snprintf(buf + n, 4, "%02x%c", ch,
+                                 j == 7 ? '-' : ' ');
+                }
+                n += 3;
             }
         }
-        OPENSSL_strlcat(buf, "  ", sizeof(buf));
+        if (SPACE(buf, n, 2)) {
+            strcpy(buf + n, "  ");
+            n += 2;
+        }
         for (j = 0; j < dump_width; j++) {
             if (((i * dump_width) + j) >= len)
                 break;
-            ch = ((unsigned char)*(s + i * dump_width + j)) & 0xff;
+            if (SPACE(buf, n, 1)) {
+                ch = ((unsigned char)*(s + i * dump_width + j)) & 0xff;
 #ifndef CHARSET_EBCDIC
-            BIO_snprintf(tmp, sizeof(tmp), "%c",
-                         ((ch >= ' ') && (ch <= '~')) ? ch : '.');
+                buf[n++] = ((ch >= ' ') && (ch <= '~')) ? ch : '.';
 #else
-            BIO_snprintf(tmp, sizeof(tmp), "%c",
-                         ((ch >= os_toascii[' ']) && (ch <= os_toascii['~']))
-                         ? os_toebcdic[ch]
-                         : '.');
+                buf[n++] = ((ch >= os_toascii[' ']) && (ch <= os_toascii['~']))
+                           ? os_toebcdic[ch]
+                           : '.';
 #endif
-            OPENSSL_strlcat(buf, tmp, sizeof(buf));
+                buf[n] = '\0';
+            }
+        }
+        if (SPACE(buf, n, 1)) {
+            buf[n++] = '\n';
+            buf[n] = '\0';
         }
-        OPENSSL_strlcat(buf, "\n", sizeof(buf));
         /*
          * if this is the last call then update the ddt_dump thing so that we
          * will move the selection point in the debug window
          */
-        ret += cb((void *)buf, strlen(buf), u);
+        ret += cb((void *)buf, n, u);
     }
     return ret;
 }
diff --git a/deps/openssl/openssl/crypto/bio/b_print.c b/deps/openssl/openssl/crypto/bio/b_print.c
index 8f50cb8c14..9e907fcaa7 100644
--- a/deps/openssl/openssl/crypto/bio/b_print.c
+++ b/deps/openssl/openssl/crypto/bio/b_print.c
@@ -9,10 +9,10 @@
 
 #include <stdio.h>
 #include <string.h>
-#include <ctype.h>
-#include <openssl/bio.h>
 #include "internal/cryptlib.h"
+#include "internal/ctype.h"
 #include "internal/numbers.h"
+#include <openssl/bio.h>
 
 /*
  * Copyright Patrick Powell 1995
@@ -69,6 +69,7 @@ static int _dopr(char **sbuffer, char **buffer,
 #define DP_C_LONG       2
 #define DP_C_LDOUBLE    3
 #define DP_C_LLONG      4
+#define DP_C_SIZE       5
 
 /* Floating point formats */
 #define F_FORMAT        0
@@ -110,7 +111,7 @@ _dopr(char **sbuffer,
             if (ch == '%')
                 state = DP_S_FLAGS;
             else
-                if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch))
+                if (!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch))
                     return 0;
             ch = *format++;
             break;
@@ -142,7 +143,7 @@ _dopr(char **sbuffer,
             }
             break;
         case DP_S_MIN:
-            if (isdigit((unsigned char)ch)) {
+            if (ossl_isdigit(ch)) {
                 min = 10 * min + char_to_int(ch);
                 ch = *format++;
             } else if (ch == '*') {
@@ -160,7 +161,7 @@ _dopr(char **sbuffer,
                 state = DP_S_MOD;
             break;
         case DP_S_MAX:
-            if (isdigit((unsigned char)ch)) {
+            if (ossl_isdigit(ch)) {
                 if (max < 0)
                     max = 0;
                 max = 10 * max + char_to_int(ch);
@@ -187,6 +188,7 @@ _dopr(char **sbuffer,
                 ch = *format++;
                 break;
             case 'q':
+            case 'j':
                 cflags = DP_C_LLONG;
                 ch = *format++;
                 break;
@@ -194,6 +196,10 @@ _dopr(char **sbuffer,
                 cflags = DP_C_LDOUBLE;
                 ch = *format++;
                 break;
+            case 'z':
+                cflags = DP_C_SIZE;
+                ch = *format++;
+                break;
             default:
                 break;
             }
@@ -213,6 +219,9 @@ _dopr(char **sbuffer,
                 case DP_C_LLONG:
                     value = va_arg(args, int64_t);
                     break;
+                case DP_C_SIZE:
+                    value = va_arg(args, ossl_ssize_t);
+                    break;
                 default:
                     value = va_arg(args, int);
                     break;
@@ -238,6 +247,9 @@ _dopr(char **sbuffer,
                 case DP_C_LLONG:
                     value = va_arg(args, uint64_t);
                     break;
+                case DP_C_SIZE:
+                    value = va_arg(args, size_t);
+                    break;
                 default:
                     value = va_arg(args, unsigned int);
                     break;
@@ -281,8 +293,8 @@ _dopr(char **sbuffer,
                     return 0;
                 break;
             case 'c':
-                if(!doapr_outch(sbuffer, buffer, &currlen, maxlen,
-                            va_arg(args, int)))
+                if (!doapr_outch(sbuffer, buffer, &currlen, maxlen,
+                                 va_arg(args, int)))
                     return 0;
                 break;
             case 's':
@@ -303,27 +315,15 @@ _dopr(char **sbuffer,
                             value, 16, min, max, flags | DP_F_NUM))
                     return 0;
                 break;
-            case 'n':          /* XXX */
-                if (cflags == DP_C_SHORT) {
-                    short int *num;
-                    num = va_arg(args, short int *);
-                    *num = currlen;
-                } else if (cflags == DP_C_LONG) { /* XXX */
-                    long int *num;
-                    num = va_arg(args, long int *);
-                    *num = (long int)currlen;
-                } else if (cflags == DP_C_LLONG) { /* XXX */
-                    int64_t *num;
-                    num = va_arg(args, int64_t *);
-                    *num = (int64_t)currlen;
-                } else {
+            case 'n':
+                {
                     int *num;
                     num = va_arg(args, int *);
                     *num = currlen;
                 }
                 break;
             case '%':
-                if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch))
+                if (!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch))
                     return 0;
                 break;
             case 'w':
@@ -354,7 +354,7 @@ _dopr(char **sbuffer,
         if (*truncated)
             currlen = *maxlen - 1;
     }
-    if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0'))
+    if (!doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0'))
         return 0;
     *retlen = currlen - 1;
     return 1;
@@ -392,19 +392,19 @@ fmtstr(char **sbuffer,
         padlen = -padlen;
 
     while ((padlen > 0) && (max < 0 || cnt < max)) {
-        if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
             return 0;
         --padlen;
         ++cnt;
     }
     while (strln > 0 && (max < 0 || cnt < max)) {
-        if(!doapr_outch(sbuffer, buffer, currlen, maxlen, *value++))
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, *value++))
             return 0;
         --strln;
         ++cnt;
     }
     while ((padlen < 0) && (max < 0 || cnt < max)) {
-        if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
             return 0;
         ++padlen;
         ++cnt;
@@ -472,19 +472,19 @@ fmtint(char **sbuffer,
 
     /* spaces */
     while (spadlen > 0) {
-        if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
             return 0;
         --spadlen;
     }
 
     /* sign */
     if (signvalue)
-        if(!doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue))
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue))
             return 0;
 
     /* prefix */
     while (*prefix) {
-        if(!doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix))
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix))
             return 0;
         prefix++;
     }
@@ -492,7 +492,7 @@ fmtint(char **sbuffer,
     /* zeros */
     if (zpadlen > 0) {
         while (zpadlen > 0) {
-            if(!doapr_outch(sbuffer, buffer, currlen, maxlen, '0'))
+            if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '0'))
                 return 0;
             --zpadlen;
         }
@@ -758,8 +758,8 @@ fmtfp(char **sbuffer,
             return 0;
 
         while (fplace > 0) {
-            if(!doapr_outch(sbuffer, buffer, currlen, maxlen,
-                            fconvert[--fplace]))
+            if (!doapr_outch(sbuffer, buffer, currlen, maxlen,
+                             fconvert[--fplace]))
                 return 0;
         }
     }
@@ -805,11 +805,13 @@ static int
 doapr_outch(char **sbuffer,
             char **buffer, size_t *currlen, size_t *maxlen, int c)
 {
-    /* If we haven't at least one buffer, someone has doe a big booboo */
-    OPENSSL_assert(*sbuffer != NULL || buffer != NULL);
+    /* If we haven't at least one buffer, someone has done a big booboo */
+    if (!ossl_assert(*sbuffer != NULL || buffer != NULL))
+        return 0;
 
     /* |currlen| must always be <= |*maxlen| */
-    OPENSSL_assert(*currlen <= *maxlen);
+    if (!ossl_assert(*currlen <= *maxlen))
+        return 0;
 
     if (buffer && *currlen == *maxlen) {
         if (*maxlen > INT_MAX - BUFFER_INC)
@@ -817,11 +819,13 @@ doapr_outch(char **sbuffer,
 
         *maxlen += BUFFER_INC;
         if (*buffer == NULL) {
-            *buffer = OPENSSL_malloc(*maxlen);
-            if (*buffer == NULL)
+            if ((*buffer = OPENSSL_malloc(*maxlen)) == NULL) {
+                BIOerr(BIO_F_DOAPR_OUTCH, ERR_R_MALLOC_FAILURE);
                 return 0;
+            }
             if (*currlen > 0) {
-                OPENSSL_assert(*sbuffer != NULL);
+                if (!ossl_assert(*sbuffer != NULL))
+                    return 0;
                 memcpy(*buffer, *sbuffer, *currlen);
             }
             *sbuffer = NULL;
@@ -856,7 +860,7 @@ int BIO_printf(BIO *bio, const char *format, ...)
     ret = BIO_vprintf(bio, format, args);
 
     va_end(args);
-    return (ret);
+    return ret;
 }
 
 int BIO_vprintf(BIO *bio, const char *format, va_list args)
@@ -883,7 +887,7 @@ int BIO_vprintf(BIO *bio, const char *format, va_list args)
     } else {
         ret = BIO_write(bio, hugebuf, (int)retlen);
     }
-    return (ret);
+    return ret;
 }
 
 /*
@@ -902,7 +906,7 @@ int BIO_snprintf(char *buf, size_t n, const char *format, ...)
     ret = BIO_vsnprintf(buf, n, format, args);
 
     va_end(args);
-    return (ret);
+    return ret;
 }
 
 int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
@@ -910,7 +914,7 @@ int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
     size_t retlen;
     int truncated;
 
-    if(!_dopr(&buf, NULL, &n, &retlen, &truncated, format, args))
+    if (!_dopr(&buf, NULL, &n, &retlen, &truncated, format, args))
         return -1;
 
     if (truncated)
diff --git a/deps/openssl/openssl/crypto/bio/b_sock.c b/deps/openssl/openssl/crypto/bio/b_sock.c
index fac1432787..e7a24d02cb 100644
--- a/deps/openssl/openssl/crypto/bio/b_sock.c
+++ b/deps/openssl/openssl/crypto/bio/b_sock.c
@@ -11,10 +11,6 @@
 #include <stdlib.h>
 #include <errno.h>
 #include "bio_lcl.h"
-#if defined(NETWARE_CLIB)
-# include <sys/ioctl.h>
-NETDB_DEFINE_CONTEXT
-#endif
 #ifndef OPENSSL_NO_SOCK
 # define SOCKET_PROTOCOL IPPROTO_TCP
 # ifdef SO_MAXCONN
@@ -43,14 +39,13 @@ int BIO_get_host_ip(const char *str, unsigned char *ip)
         if (BIO_ADDRINFO_family(res) != AF_INET) {
             BIOerr(BIO_F_BIO_GET_HOST_IP,
                    BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET);
-        } else {
-            BIO_ADDR_rawaddress(BIO_ADDRINFO_address(res), NULL, &l);
-            /* Because only AF_INET addresses will reach this far,
-               we can assert that l should be 4 */
-            OPENSSL_assert(l == 4);
-
-            BIO_ADDR_rawaddress(BIO_ADDRINFO_address(res), ip, &l);
-            ret = 1;
+        } else if (BIO_ADDR_rawaddress(BIO_ADDRINFO_address(res), NULL, &l)) {
+            /*
+             * Because only AF_INET addresses will reach this far, we can assert
+             * that l should be 4
+             */
+            if (ossl_assert(l == 4))
+                ret = BIO_ADDR_rawaddress(BIO_ADDRINFO_address(res), ip, &l);
         }
         BIO_ADDRINFO_free(res);
     } else {
@@ -67,7 +62,7 @@ int BIO_get_port(const char *str, unsigned short *port_ptr)
 
     if (str == NULL) {
         BIOerr(BIO_F_BIO_GET_PORT, BIO_R_NO_PORT_DEFINED);
-        return (0);
+        return 0;
     }
 
     if (BIO_sock_init() != 1)
@@ -103,9 +98,9 @@ int BIO_sock_error(int sock)
      */
     i = getsockopt(sock, SOL_SOCKET, SO_ERROR, (void *)&j, &size);
     if (i < 0)
-        return (get_last_socket_error());
+        return get_last_socket_error();
     else
-        return (j);
+        return j;
 }
 
 # if OPENSSL_API_COMPAT < 0x10100000L
@@ -115,11 +110,7 @@ struct hostent *BIO_gethostbyname(const char *name)
      * Caching gethostbyname() results forever is wrong, so we have to let
      * the true gethostbyname() worry about this
      */
-#  if (defined(NETWARE_BSDSOCK) && !defined(__NOVELL_LIBC__))
-    return gethostbyname((char *)name);
-#  else
     return gethostbyname(name);
-#  endif
 }
 # endif
 
@@ -143,7 +134,7 @@ int BIO_sock_init(void)
             err = WSAGetLastError();
             SYSerr(SYS_F_WSASTARTUP, err);
             BIOerr(BIO_F_BIO_SOCK_INIT, BIO_R_WSASTARTUP);
-            return (-1);
+            return -1;
         }
     }
 # endif                         /* OPENSSL_SYS_WINDOWS */
@@ -151,10 +142,10 @@ int BIO_sock_init(void)
     extern int _watt_do_exit;
     _watt_do_exit = 0;          /* don't make sock_init() call exit() */
     if (sock_init())
-        return (-1);
+        return -1;
 # endif
 
-    return (1);
+    return 1;
 }
 
 void bio_sock_cleanup_int(void)
@@ -202,7 +193,7 @@ int BIO_socket_ioctl(int fd, long type, void *arg)
 #  endif                        /* __DJGPP__ */
     if (i < 0)
         SYSerr(SYS_F_IOCTLSOCKET, get_last_socket_error());
-    return (i);
+    return i;
 }
 
 # if OPENSSL_API_COMPAT < 0x10100000L
diff --git a/deps/openssl/openssl/crypto/bio/b_sock2.c b/deps/openssl/openssl/crypto/bio/b_sock2.c
index d8b49d022c..5d82ab22dc 100644
--- a/deps/openssl/openssl/crypto/bio/b_sock2.c
+++ b/deps/openssl/openssl/crypto/bio/b_sock2.c
@@ -76,7 +76,7 @@ int BIO_socket(int domain, int socktype, int protocol, int options)
  */
 int BIO_connect(int sock, const BIO_ADDR *addr, int options)
 {
-    int on = 1;
+    const int on = 1;
 
     if (sock == -1) {
         BIOerr(BIO_F_BIO_CONNECT, BIO_R_INVALID_SOCKET);
@@ -87,7 +87,8 @@ int BIO_connect(int sock, const BIO_ADDR *addr, int options)
         return 0;
 
     if (options & BIO_SOCK_KEEPALIVE) {
-        if (setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) != 0) {
+        if (setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE,
+                       (const void *)&on, sizeof(on)) != 0) {
             SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error());
             BIOerr(BIO_F_BIO_CONNECT, BIO_R_UNABLE_TO_KEEPALIVE);
             return 0;
@@ -95,7 +96,8 @@ int BIO_connect(int sock, const BIO_ADDR *addr, int options)
     }
 
     if (options & BIO_SOCK_NODELAY) {
-        if (setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, &on, sizeof(on)) != 0) {
+        if (setsockopt(sock, IPPROTO_TCP, TCP_NODELAY,
+                       (const void *)&on, sizeof(on)) != 0) {
             SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error());
             BIOerr(BIO_F_BIO_CONNECT, BIO_R_UNABLE_TO_NODELAY);
             return 0;
@@ -114,6 +116,57 @@ int BIO_connect(int sock, const BIO_ADDR *addr, int options)
 }
 
 /*-
+ * BIO_bind - bind socket to address
+ * @sock: the socket to set
+ * @addr: local address to bind to
+ * @options: BIO socket options
+ *
+ * Binds to the address using the given socket and options.
+ *
+ * Options can be a combination of the following:
+ * - BIO_SOCK_REUSEADDR: Try to reuse the address and port combination
+ *   for a recently closed port.
+ *
+ * When restarting the program it could be that the port is still in use.  If
+ * you set to BIO_SOCK_REUSEADDR option it will try to reuse the port anyway.
+ * It's recommended that you use this.
+ */
+int BIO_bind(int sock, const BIO_ADDR *addr, int options)
+{
+# ifndef OPENSSL_SYS_WINDOWS
+    int on = 1;
+# endif
+
+    if (sock == -1) {
+        BIOerr(BIO_F_BIO_BIND, BIO_R_INVALID_SOCKET);
+        return 0;
+    }
+
+# ifndef OPENSSL_SYS_WINDOWS
+    /*
+     * SO_REUSEADDR has different behavior on Windows than on
+     * other operating systems, don't set it there.
+     */
+    if (options & BIO_SOCK_REUSEADDR) {
+        if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR,
+                       (const void *)&on, sizeof(on)) != 0) {
+            SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error());
+            BIOerr(BIO_F_BIO_BIND, BIO_R_UNABLE_TO_REUSEADDR);
+            return 0;
+        }
+    }
+# endif
+
+    if (bind(sock, BIO_ADDR_sockaddr(addr), BIO_ADDR_sockaddr_size(addr)) != 0) {
+        SYSerr(SYS_F_BIND, get_last_socket_error());
+        BIOerr(BIO_F_BIO_BIND, BIO_R_UNABLE_TO_BIND_SOCKET);
+        return 0;
+    }
+
+    return 1;
+}
+
+/*-
  * BIO_listen - Creates a listen socket
  * @sock: the socket to listen with
  * @addr: local address to bind to
@@ -161,7 +214,8 @@ int BIO_listen(int sock, const BIO_ADDR *addr, int options)
         return 0;
     }
 
-    if (getsockopt(sock, SOL_SOCKET, SO_TYPE, &socktype, &socktype_len) != 0
+    if (getsockopt(sock, SOL_SOCKET, SO_TYPE,
+                   (void *)&socktype, &socktype_len) != 0
         || socktype_len != sizeof(socktype)) {
         SYSerr(SYS_F_GETSOCKOPT, get_last_socket_error());
         BIOerr(BIO_F_BIO_LISTEN, BIO_R_GETTING_SOCKTYPE);
@@ -171,22 +225,9 @@ int BIO_listen(int sock, const BIO_ADDR *addr, int options)
     if (!BIO_socket_nbio(sock, (options & BIO_SOCK_NONBLOCK) != 0))
         return 0;
 
-# ifndef OPENSSL_SYS_WINDOWS
-    /*
-     * SO_REUSEADDR has different behavior on Windows than on
-     * other operating systems, don't set it there.
-     */
-    if (options & BIO_SOCK_REUSEADDR) {
-        if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) != 0) {
-            SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error());
-            BIOerr(BIO_F_BIO_LISTEN, BIO_R_UNABLE_TO_REUSEADDR);
-            return 0;
-        }
-    }
-# endif
-
     if (options & BIO_SOCK_KEEPALIVE) {
-        if (setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) != 0) {
+        if (setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE,
+                       (const void *)&on, sizeof(on)) != 0) {
             SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error());
             BIOerr(BIO_F_BIO_LISTEN, BIO_R_UNABLE_TO_KEEPALIVE);
             return 0;
@@ -194,7 +235,8 @@ int BIO_listen(int sock, const BIO_ADDR *addr, int options)
     }
 
     if (options & BIO_SOCK_NODELAY) {
-        if (setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, &on, sizeof(on)) != 0) {
+        if (setsockopt(sock, IPPROTO_TCP, TCP_NODELAY,
+                       (const void *)&on, sizeof(on)) != 0) {
             SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error());
             BIOerr(BIO_F_BIO_LISTEN, BIO_R_UNABLE_TO_NODELAY);
             return 0;
@@ -208,7 +250,8 @@ int BIO_listen(int sock, const BIO_ADDR *addr, int options)
          * Therefore we always have to use setsockopt here.
          */
         on = options & BIO_SOCK_V6_ONLY ? 1 : 0;
-        if (setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on)) != 0) {
+        if (setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY,
+                       (const void *)&on, sizeof(on)) != 0) {
             SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error());
             BIOerr(BIO_F_BIO_LISTEN, BIO_R_LISTEN_V6_ONLY);
             return 0;
@@ -216,11 +259,8 @@ int BIO_listen(int sock, const BIO_ADDR *addr, int options)
     }
 # endif
 
-    if (bind(sock, BIO_ADDR_sockaddr(addr), BIO_ADDR_sockaddr_size(addr)) != 0) {
-        SYSerr(SYS_F_BIND, get_last_socket_error());
-        BIOerr(BIO_F_BIO_LISTEN, BIO_R_UNABLE_TO_BIND_SOCKET);
+    if (!BIO_bind(sock, addr, options))
         return 0;
-    }
 
     if (socktype != SOCK_DGRAM && listen(sock, MAX_LISTEN) == -1) {
         SYSerr(SYS_F_LISTEN, get_last_socket_error());
diff --git a/deps/openssl/openssl/crypto/bio/bf_buff.c b/deps/openssl/openssl/crypto/bio/bf_buff.c
index 8509956159..8e87a629b8 100644
--- a/deps/openssl/openssl/crypto/bio/bf_buff.c
+++ b/deps/openssl/openssl/crypto/bio/bf_buff.c
@@ -25,7 +25,11 @@ static long buffer_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp);
 static const BIO_METHOD methods_buffer = {
     BIO_TYPE_BUFFER,
     "buffer",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
     buffer_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
     buffer_read,
     buffer_puts,
     buffer_gets,
@@ -37,7 +41,7 @@ static const BIO_METHOD methods_buffer = {
 
 const BIO_METHOD *BIO_f_buffer(void)
 {
-    return (&methods_buffer);
+    return &methods_buffer;
 }
 
 static int buffer_new(BIO *bi)
@@ -45,25 +49,25 @@ static int buffer_new(BIO *bi)
     BIO_F_BUFFER_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
 
     if (ctx == NULL)
-        return (0);
+        return 0;
     ctx->ibuf_size = DEFAULT_BUFFER_SIZE;
     ctx->ibuf = OPENSSL_malloc(DEFAULT_BUFFER_SIZE);
     if (ctx->ibuf == NULL) {
         OPENSSL_free(ctx);
-        return (0);
+        return 0;
     }
     ctx->obuf_size = DEFAULT_BUFFER_SIZE;
     ctx->obuf = OPENSSL_malloc(DEFAULT_BUFFER_SIZE);
     if (ctx->obuf == NULL) {
         OPENSSL_free(ctx->ibuf);
         OPENSSL_free(ctx);
-        return (0);
+        return 0;
     }
 
     bi->init = 1;
     bi->ptr = (char *)ctx;
     bi->flags = 0;
-    return (1);
+    return 1;
 }
 
 static int buffer_free(BIO *a)
@@ -71,7 +75,7 @@ static int buffer_free(BIO *a)
     BIO_F_BUFFER_CTX *b;
 
     if (a == NULL)
-        return (0);
+        return 0;
     b = (BIO_F_BUFFER_CTX *)a->ptr;
     OPENSSL_free(b->ibuf);
     OPENSSL_free(b->obuf);
@@ -79,7 +83,7 @@ static int buffer_free(BIO *a)
     a->ptr = NULL;
     a->init = 0;
     a->flags = 0;
-    return (1);
+    return 1;
 }
 
 static int buffer_read(BIO *b, char *out, int outl)
@@ -88,11 +92,11 @@ static int buffer_read(BIO *b, char *out, int outl)
     BIO_F_BUFFER_CTX *ctx;
 
     if (out == NULL)
-        return (0);
+        return 0;
     ctx = (BIO_F_BUFFER_CTX *)b->ptr;
 
     if ((ctx == NULL) || (b->next_bio == NULL))
-        return (0);
+        return 0;
     num = 0;
     BIO_clear_retry_flags(b);
 
@@ -107,7 +111,7 @@ static int buffer_read(BIO *b, char *out, int outl)
         ctx->ibuf_len -= i;
         num += i;
         if (outl == i)
-            return (num);
+            return num;
         outl -= i;
         out += i;
     }
@@ -126,11 +130,11 @@ static int buffer_read(BIO *b, char *out, int outl)
                 if (i < 0)
                     return ((num > 0) ? num : i);
                 if (i == 0)
-                    return (num);
+                    return num;
             }
             num += i;
             if (outl == i)
-                return (num);
+                return num;
             out += i;
             outl -= i;
         }
@@ -144,7 +148,7 @@ static int buffer_read(BIO *b, char *out, int outl)
         if (i < 0)
             return ((num > 0) ? num : i);
         if (i == 0)
-            return (num);
+            return num;
     }
     ctx->ibuf_off = 0;
     ctx->ibuf_len = i;
@@ -159,10 +163,10 @@ static int buffer_write(BIO *b, const char *in, int inl)
     BIO_F_BUFFER_CTX *ctx;
 
     if ((in == NULL) || (inl <= 0))
-        return (0);
+        return 0;
     ctx = (BIO_F_BUFFER_CTX *)b->ptr;
     if ((ctx == NULL) || (b->next_bio == NULL))
-        return (0);
+        return 0;
 
     BIO_clear_retry_flags(b);
  start:
@@ -193,7 +197,7 @@ static int buffer_write(BIO *b, const char *in, int inl)
                 if (i < 0)
                     return ((num > 0) ? num : i);
                 if (i == 0)
-                    return (num);
+                    return num;
             }
             ctx->obuf_off += i;
             ctx->obuf_len -= i;
@@ -215,13 +219,13 @@ static int buffer_write(BIO *b, const char *in, int inl)
             if (i < 0)
                 return ((num > 0) ? num : i);
             if (i == 0)
-                return (num);
+                return num;
         }
         num += i;
         in += i;
         inl -= i;
         if (inl == 0)
-            return (num);
+            return num;
     }
 
     /*
@@ -248,7 +252,12 @@ static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr)
         ctx->obuf_off = 0;
         ctx->obuf_len = 0;
         if (b->next_bio == NULL)
-            return (0);
+            return 0;
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
+    case BIO_CTRL_EOF:
+        if (ctx->ibuf_len > 0)
+            return 0;
         ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
         break;
     case BIO_CTRL_INFO:
@@ -266,7 +275,7 @@ static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr)
         ret = (long)ctx->obuf_len;
         if (ret == 0) {
             if (b->next_bio == NULL)
-                return (0);
+                return 0;
             ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
         }
         break;
@@ -274,7 +283,7 @@ static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr)
         ret = (long)ctx->ibuf_len;
         if (ret == 0) {
             if (b->next_bio == NULL)
-                return (0);
+                return 0;
             ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
         }
         break;
@@ -338,7 +347,7 @@ static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr)
         break;
     case BIO_C_DO_STATE_MACHINE:
         if (b->next_bio == NULL)
-            return (0);
+            return 0;
         BIO_clear_retry_flags(b);
         ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
         BIO_copy_next_retry(b);
@@ -346,7 +355,7 @@ static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr)
 
     case BIO_CTRL_FLUSH:
         if (b->next_bio == NULL)
-            return (0);
+            return 0;
         if (ctx->obuf_len <= 0) {
             ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
             break;
@@ -359,7 +368,7 @@ static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr)
                               &(ctx->obuf[ctx->obuf_off]), ctx->obuf_len);
                 BIO_copy_next_retry(b);
                 if (r <= 0)
-                    return ((long)r);
+                    return (long)r;
                 ctx->obuf_off += r;
                 ctx->obuf_len -= r;
             } else {
@@ -376,16 +385,27 @@ static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr)
             !BIO_set_write_buffer_size(dbio, ctx->obuf_size))
             ret = 0;
         break;
+    case BIO_CTRL_PEEK:
+        /* Ensure there's stuff in the input buffer */
+        {
+            char fake_buf[1];
+            (void)buffer_read(b, fake_buf, 0);
+        }
+        if (num > ctx->ibuf_len)
+            num = ctx->ibuf_len;
+        memcpy(ptr, &(ctx->ibuf[ctx->ibuf_off]), num);
+        ret = num;
+        break;
     default:
         if (b->next_bio == NULL)
-            return (0);
+            return 0;
         ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
         break;
     }
-    return (ret);
+    return ret;
  malloc_error:
     BIOerr(BIO_F_BUFFER_CTRL, ERR_R_MALLOC_FAILURE);
-    return (0);
+    return 0;
 }
 
 static long buffer_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
@@ -393,13 +413,13 @@ static long buffer_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
     long ret = 1;
 
     if (b->next_bio == NULL)
-        return (0);
+        return 0;
     switch (cmd) {
     default:
         ret = BIO_callback_ctrl(b->next_bio, cmd, fp);
         break;
     }
-    return (ret);
+    return ret;
 }
 
 static int buffer_gets(BIO *b, char *buf, int size)
@@ -430,7 +450,7 @@ static int buffer_gets(BIO *b, char *buf, int size)
             ctx->ibuf_off += i;
             if (flag || size == 0) {
                 *buf = '\0';
-                return (num);
+                return num;
             }
         } else {                /* read another chunk */
 
@@ -441,7 +461,7 @@ static int buffer_gets(BIO *b, char *buf, int size)
                 if (i < 0)
                     return ((num > 0) ? num : i);
                 if (i == 0)
-                    return (num);
+                    return num;
             }
             ctx->ibuf_len = i;
             ctx->ibuf_off = 0;
@@ -451,5 +471,5 @@ static int buffer_gets(BIO *b, char *buf, int size)
 
 static int buffer_puts(BIO *b, const char *str)
 {
-    return (buffer_write(b, str, strlen(str)));
+    return buffer_write(b, str, strlen(str));
 }
diff --git a/deps/openssl/openssl/crypto/bio/bf_lbuf.c b/deps/openssl/openssl/crypto/bio/bf_lbuf.c
index a80f899a0e..194c7b8af7 100644
--- a/deps/openssl/openssl/crypto/bio/bf_lbuf.c
+++ b/deps/openssl/openssl/crypto/bio/bf_lbuf.c
@@ -30,7 +30,11 @@ static long linebuffer_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp);
 static const BIO_METHOD methods_linebuffer = {
     BIO_TYPE_LINEBUFFER,
     "linebuffer",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
     linebuffer_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
     linebuffer_read,
     linebuffer_puts,
     linebuffer_gets,
@@ -42,7 +46,7 @@ static const BIO_METHOD methods_linebuffer = {
 
 const BIO_METHOD *BIO_f_linebuffer(void)
 {
-    return (&methods_linebuffer);
+    return &methods_linebuffer;
 }
 
 typedef struct bio_linebuffer_ctx_struct {
@@ -55,13 +59,15 @@ static int linebuffer_new(BIO *bi)
 {
     BIO_LINEBUFFER_CTX *ctx;
 
-    ctx = OPENSSL_malloc(sizeof(*ctx));
-    if (ctx == NULL)
-        return (0);
+    if ((ctx = OPENSSL_malloc(sizeof(*ctx))) == NULL) {
+        BIOerr(BIO_F_LINEBUFFER_NEW, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
     ctx->obuf = OPENSSL_malloc(DEFAULT_LINEBUFFER_SIZE);
     if (ctx->obuf == NULL) {
+        BIOerr(BIO_F_LINEBUFFER_NEW, ERR_R_MALLOC_FAILURE);
         OPENSSL_free(ctx);
-        return (0);
+        return 0;
     }
     ctx->obuf_size = DEFAULT_LINEBUFFER_SIZE;
     ctx->obuf_len = 0;
@@ -69,7 +75,7 @@ static int linebuffer_new(BIO *bi)
     bi->init = 1;
     bi->ptr = (char *)ctx;
     bi->flags = 0;
-    return (1);
+    return 1;
 }
 
 static int linebuffer_free(BIO *a)
@@ -77,14 +83,14 @@ static int linebuffer_free(BIO *a)
     BIO_LINEBUFFER_CTX *b;
 
     if (a == NULL)
-        return (0);
+        return 0;
     b = (BIO_LINEBUFFER_CTX *)a->ptr;
     OPENSSL_free(b->obuf);
     OPENSSL_free(a->ptr);
     a->ptr = NULL;
     a->init = 0;
     a->flags = 0;
-    return (1);
+    return 1;
 }
 
 static int linebuffer_read(BIO *b, char *out, int outl)
@@ -92,13 +98,13 @@ static int linebuffer_read(BIO *b, char *out, int outl)
     int ret = 0;
 
     if (out == NULL)
-        return (0);
+        return 0;
     if (b->next_bio == NULL)
-        return (0);
+        return 0;
     ret = BIO_read(b->next_bio, out, outl);
     BIO_clear_retry_flags(b);
     BIO_copy_next_retry(b);
-    return (ret);
+    return ret;
 }
 
 static int linebuffer_write(BIO *b, const char *in, int inl)
@@ -107,10 +113,10 @@ static int linebuffer_write(BIO *b, const char *in, int inl)
     BIO_LINEBUFFER_CTX *ctx;
 
     if ((in == NULL) || (inl <= 0))
-        return (0);
+        return 0;
     ctx = (BIO_LINEBUFFER_CTX *)b->ptr;
     if ((ctx == NULL) || (b->next_bio == NULL))
-        return (0);
+        return 0;
 
     BIO_clear_retry_flags(b);
 
@@ -157,7 +163,7 @@ static int linebuffer_write(BIO *b, const char *in, int inl)
                 if (i < 0)
                     return ((num > 0) ? num : i);
                 if (i == 0)
-                    return (num);
+                    return num;
             }
             if (i < ctx->obuf_len)
                 memmove(ctx->obuf, ctx->obuf + i, ctx->obuf_len - i);
@@ -175,7 +181,7 @@ static int linebuffer_write(BIO *b, const char *in, int inl)
                 if (i < 0)
                     return ((num > 0) ? num : i);
                 if (i == 0)
-                    return (num);
+                    return num;
             }
             num += i;
             in += i;
@@ -211,7 +217,7 @@ static long linebuffer_ctrl(BIO *b, int cmd, long num, void *ptr)
     case BIO_CTRL_RESET:
         ctx->obuf_len = 0;
         if (b->next_bio == NULL)
-            return (0);
+            return 0;
         ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
         break;
     case BIO_CTRL_INFO:
@@ -221,7 +227,7 @@ static long linebuffer_ctrl(BIO *b, int cmd, long num, void *ptr)
         ret = (long)ctx->obuf_len;
         if (ret == 0) {
             if (b->next_bio == NULL)
-                return (0);
+                return 0;
             ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
         }
         break;
@@ -245,7 +251,7 @@ static long linebuffer_ctrl(BIO *b, int cmd, long num, void *ptr)
         break;
     case BIO_C_DO_STATE_MACHINE:
         if (b->next_bio == NULL)
-            return (0);
+            return 0;
         BIO_clear_retry_flags(b);
         ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
         BIO_copy_next_retry(b);
@@ -253,7 +259,7 @@ static long linebuffer_ctrl(BIO *b, int cmd, long num, void *ptr)
 
     case BIO_CTRL_FLUSH:
         if (b->next_bio == NULL)
-            return (0);
+            return 0;
         if (ctx->obuf_len <= 0) {
             ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
             break;
@@ -265,7 +271,7 @@ static long linebuffer_ctrl(BIO *b, int cmd, long num, void *ptr)
                 r = BIO_write(b->next_bio, ctx->obuf, ctx->obuf_len);
                 BIO_copy_next_retry(b);
                 if (r <= 0)
-                    return ((long)r);
+                    return (long)r;
                 if (r < ctx->obuf_len)
                     memmove(ctx->obuf, ctx->obuf + r, ctx->obuf_len - r);
                 ctx->obuf_len -= r;
@@ -283,14 +289,14 @@ static long linebuffer_ctrl(BIO *b, int cmd, long num, void *ptr)
         break;
     default:
         if (b->next_bio == NULL)
-            return (0);
+            return 0;
         ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
         break;
     }
-    return (ret);
+    return ret;
  malloc_error:
     BIOerr(BIO_F_LINEBUFFER_CTRL, ERR_R_MALLOC_FAILURE);
-    return (0);
+    return 0;
 }
 
 static long linebuffer_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
@@ -298,23 +304,23 @@ static long linebuffer_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
     long ret = 1;
 
     if (b->next_bio == NULL)
-        return (0);
+        return 0;
     switch (cmd) {
     default:
         ret = BIO_callback_ctrl(b->next_bio, cmd, fp);
         break;
     }
-    return (ret);
+    return ret;
 }
 
 static int linebuffer_gets(BIO *b, char *buf, int size)
 {
     if (b->next_bio == NULL)
-        return (0);
-    return (BIO_gets(b->next_bio, buf, size));
+        return 0;
+    return BIO_gets(b->next_bio, buf, size);
 }
 
 static int linebuffer_puts(BIO *b, const char *str)
 {
-    return (linebuffer_write(b, str, strlen(str)));
+    return linebuffer_write(b, str, strlen(str));
 }
diff --git a/deps/openssl/openssl/crypto/bio/bf_nbio.c b/deps/openssl/openssl/crypto/bio/bf_nbio.c
index 3328506dbc..4bc84eeba6 100644
--- a/deps/openssl/openssl/crypto/bio/bf_nbio.c
+++ b/deps/openssl/openssl/crypto/bio/bf_nbio.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -34,7 +34,11 @@ typedef struct nbio_test_st {
 static const BIO_METHOD methods_nbiof = {
     BIO_TYPE_NBIO_TEST,
     "non-blocking IO test filter",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
     nbiof_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
     nbiof_read,
     nbiof_puts,
     nbiof_gets,
@@ -46,31 +50,33 @@ static const BIO_METHOD methods_nbiof = {
 
 const BIO_METHOD *BIO_f_nbio_test(void)
 {
-    return (&methods_nbiof);
+    return &methods_nbiof;
 }
 
 static int nbiof_new(BIO *bi)
 {
     NBIO_TEST *nt;
 
-    if ((nt = OPENSSL_zalloc(sizeof(*nt))) == NULL)
-        return (0);
+    if ((nt = OPENSSL_zalloc(sizeof(*nt))) == NULL) {
+        BIOerr(BIO_F_NBIOF_NEW, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
     nt->lrn = -1;
     nt->lwn = -1;
     bi->ptr = (char *)nt;
     bi->init = 1;
-    return (1);
+    return 1;
 }
 
 static int nbiof_free(BIO *a)
 {
     if (a == NULL)
-        return (0);
+        return 0;
     OPENSSL_free(a->ptr);
     a->ptr = NULL;
     a->init = 0;
     a->flags = 0;
-    return (1);
+    return 1;
 }
 
 static int nbiof_read(BIO *b, char *out, int outl)
@@ -80,12 +86,12 @@ static int nbiof_read(BIO *b, char *out, int outl)
     unsigned char n;
 
     if (out == NULL)
-        return (0);
+        return 0;
     if (b->next_bio == NULL)
-        return (0);
+        return 0;
 
     BIO_clear_retry_flags(b);
-    if (RAND_bytes(&n, 1) <= 0)
+    if (RAND_priv_bytes(&n, 1) <= 0)
         return -1;
     num = (n & 0x07);
 
@@ -100,7 +106,7 @@ static int nbiof_read(BIO *b, char *out, int outl)
         if (ret < 0)
             BIO_copy_next_retry(b);
     }
-    return (ret);
+    return ret;
 }
 
 static int nbiof_write(BIO *b, const char *in, int inl)
@@ -111,9 +117,9 @@ static int nbiof_write(BIO *b, const char *in, int inl)
     unsigned char n;
 
     if ((in == NULL) || (inl <= 0))
-        return (0);
+        return 0;
     if (b->next_bio == NULL)
-        return (0);
+        return 0;
     nt = (NBIO_TEST *)b->ptr;
 
     BIO_clear_retry_flags(b);
@@ -122,7 +128,7 @@ static int nbiof_write(BIO *b, const char *in, int inl)
         num = nt->lwn;
         nt->lwn = 0;
     } else {
-        if (RAND_bytes(&n, 1) <= 0)
+        if (RAND_priv_bytes(&n, 1) <= 0)
             return -1;
         num = (n & 7);
     }
@@ -140,7 +146,7 @@ static int nbiof_write(BIO *b, const char *in, int inl)
             nt->lwn = inl;
         }
     }
-    return (ret);
+    return ret;
 }
 
 static long nbiof_ctrl(BIO *b, int cmd, long num, void *ptr)
@@ -148,7 +154,7 @@ static long nbiof_ctrl(BIO *b, int cmd, long num, void *ptr)
     long ret;
 
     if (b->next_bio == NULL)
-        return (0);
+        return 0;
     switch (cmd) {
     case BIO_C_DO_STATE_MACHINE:
         BIO_clear_retry_flags(b);
@@ -162,7 +168,7 @@ static long nbiof_ctrl(BIO *b, int cmd, long num, void *ptr)
         ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
         break;
     }
-    return (ret);
+    return ret;
 }
 
 static long nbiof_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
@@ -170,25 +176,25 @@ static long nbiof_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
     long ret = 1;
 
     if (b->next_bio == NULL)
-        return (0);
+        return 0;
     switch (cmd) {
     default:
         ret = BIO_callback_ctrl(b->next_bio, cmd, fp);
         break;
     }
-    return (ret);
+    return ret;
 }
 
 static int nbiof_gets(BIO *bp, char *buf, int size)
 {
     if (bp->next_bio == NULL)
-        return (0);
-    return (BIO_gets(bp->next_bio, buf, size));
+        return 0;
+    return BIO_gets(bp->next_bio, buf, size);
 }
 
 static int nbiof_puts(BIO *bp, const char *str)
 {
     if (bp->next_bio == NULL)
-        return (0);
-    return (BIO_puts(bp->next_bio, str));
+        return 0;
+    return BIO_puts(bp->next_bio, str);
 }
diff --git a/deps/openssl/openssl/crypto/bio/bf_null.c b/deps/openssl/openssl/crypto/bio/bf_null.c
index 6b86aa550b..613fb2e058 100644
--- a/deps/openssl/openssl/crypto/bio/bf_null.c
+++ b/deps/openssl/openssl/crypto/bio/bf_null.c
@@ -25,7 +25,11 @@ static long nullf_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp);
 static const BIO_METHOD methods_nullf = {
     BIO_TYPE_NULL_FILTER,
     "NULL filter",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
     nullf_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
     nullf_read,
     nullf_puts,
     nullf_gets,
@@ -37,7 +41,7 @@ static const BIO_METHOD methods_nullf = {
 
 const BIO_METHOD *BIO_f_null(void)
 {
-    return (&methods_nullf);
+    return &methods_nullf;
 }
 
 static int nullf_read(BIO *b, char *out, int outl)
@@ -45,13 +49,13 @@ static int nullf_read(BIO *b, char *out, int outl)
     int ret = 0;
 
     if (out == NULL)
-        return (0);
+        return 0;
     if (b->next_bio == NULL)
-        return (0);
+        return 0;
     ret = BIO_read(b->next_bio, out, outl);
     BIO_clear_retry_flags(b);
     BIO_copy_next_retry(b);
-    return (ret);
+    return ret;
 }
 
 static int nullf_write(BIO *b, const char *in, int inl)
@@ -59,13 +63,13 @@ static int nullf_write(BIO *b, const char *in, int inl)
     int ret = 0;
 
     if ((in == NULL) || (inl <= 0))
-        return (0);
+        return 0;
     if (b->next_bio == NULL)
-        return (0);
+        return 0;
     ret = BIO_write(b->next_bio, in, inl);
     BIO_clear_retry_flags(b);
     BIO_copy_next_retry(b);
-    return (ret);
+    return ret;
 }
 
 static long nullf_ctrl(BIO *b, int cmd, long num, void *ptr)
@@ -73,7 +77,7 @@ static long nullf_ctrl(BIO *b, int cmd, long num, void *ptr)
     long ret;
 
     if (b->next_bio == NULL)
-        return (0);
+        return 0;
     switch (cmd) {
     case BIO_C_DO_STATE_MACHINE:
         BIO_clear_retry_flags(b);
@@ -86,7 +90,7 @@ static long nullf_ctrl(BIO *b, int cmd, long num, void *ptr)
     default:
         ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
     }
-    return (ret);
+    return ret;
 }
 
 static long nullf_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
@@ -94,25 +98,25 @@ static long nullf_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
     long ret = 1;
 
     if (b->next_bio == NULL)
-        return (0);
+        return 0;
     switch (cmd) {
     default:
         ret = BIO_callback_ctrl(b->next_bio, cmd, fp);
         break;
     }
-    return (ret);
+    return ret;
 }
 
 static int nullf_gets(BIO *bp, char *buf, int size)
 {
     if (bp->next_bio == NULL)
-        return (0);
-    return (BIO_gets(bp->next_bio, buf, size));
+        return 0;
+    return BIO_gets(bp->next_bio, buf, size);
 }
 
 static int nullf_puts(BIO *bp, const char *str)
 {
     if (bp->next_bio == NULL)
-        return (0);
-    return (BIO_puts(bp->next_bio, str));
+        return 0;
+    return BIO_puts(bp->next_bio, str);
 }
diff --git a/deps/openssl/openssl/crypto/bio/bio_cb.c b/deps/openssl/openssl/crypto/bio/bio_cb.c
index 412387b6b2..1154c233af 100644
--- a/deps/openssl/openssl/crypto/bio/bio_cb.c
+++ b/deps/openssl/openssl/crypto/bio/bio_cb.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -21,8 +21,7 @@ long BIO_debug_callback(BIO *bio, int cmd, const char *argp,
     char buf[256];
     char *p;
     long r = 1;
-    int len;
-    size_t p_maxlen;
+    int len, left;
 
     if (BIO_CB_RETURN & cmd)
         r = ret;
@@ -33,58 +32,58 @@ long BIO_debug_callback(BIO *bio, int cmd, const char *argp,
     if (len < 0)
         len = 0;
     p = buf + len;
-    p_maxlen = sizeof(buf) - len;
+    left = sizeof(buf) - len;
 
     switch (cmd) {
     case BIO_CB_FREE:
-        BIO_snprintf(p, p_maxlen, "Free - %s\n", bio->method->name);
+        BIO_snprintf(p, left, "Free - %s\n", bio->method->name);
         break;
     case BIO_CB_READ:
         if (bio->method->type & BIO_TYPE_DESCRIPTOR)
-            BIO_snprintf(p, p_maxlen, "read(%d,%lu) - %s fd=%d\n",
+            BIO_snprintf(p, left, "read(%d,%lu) - %s fd=%d\n",
                          bio->num, (unsigned long)argi,
                          bio->method->name, bio->num);
         else
-            BIO_snprintf(p, p_maxlen, "read(%d,%lu) - %s\n",
-                         bio->num, (unsigned long)argi, bio->method->name);
+            BIO_snprintf(p, left, "read(%d,%lu) - %s\n",
+                    bio->num, (unsigned long)argi, bio->method->name);
         break;
     case BIO_CB_WRITE:
         if (bio->method->type & BIO_TYPE_DESCRIPTOR)
-            BIO_snprintf(p, p_maxlen, "write(%d,%lu) - %s fd=%d\n",
+            BIO_snprintf(p, left, "write(%d,%lu) - %s fd=%d\n",
                          bio->num, (unsigned long)argi,
                          bio->method->name, bio->num);
         else
-            BIO_snprintf(p, p_maxlen, "write(%d,%lu) - %s\n",
+            BIO_snprintf(p, left, "write(%d,%lu) - %s\n",
                          bio->num, (unsigned long)argi, bio->method->name);
         break;
     case BIO_CB_PUTS:
-        BIO_snprintf(p, p_maxlen, "puts() - %s\n", bio->method->name);
+        BIO_snprintf(p, left, "puts() - %s\n", bio->method->name);
         break;
     case BIO_CB_GETS:
-        BIO_snprintf(p, p_maxlen, "gets(%lu) - %s\n", (unsigned long)argi,
+        BIO_snprintf(p, left, "gets(%lu) - %s\n", (unsigned long)argi,
                      bio->method->name);
         break;
     case BIO_CB_CTRL:
-        BIO_snprintf(p, p_maxlen, "ctrl(%lu) - %s\n", (unsigned long)argi,
+        BIO_snprintf(p, left, "ctrl(%lu) - %s\n", (unsigned long)argi,
                      bio->method->name);
         break;
     case BIO_CB_RETURN | BIO_CB_READ:
-        BIO_snprintf(p, p_maxlen, "read return %ld\n", ret);
+        BIO_snprintf(p, left, "read return %ld\n", ret);
         break;
     case BIO_CB_RETURN | BIO_CB_WRITE:
-        BIO_snprintf(p, p_maxlen, "write return %ld\n", ret);
+        BIO_snprintf(p, left, "write return %ld\n", ret);
         break;
     case BIO_CB_RETURN | BIO_CB_GETS:
-        BIO_snprintf(p, p_maxlen, "gets return %ld\n", ret);
+        BIO_snprintf(p, left, "gets return %ld\n", ret);
         break;
     case BIO_CB_RETURN | BIO_CB_PUTS:
-        BIO_snprintf(p, p_maxlen, "puts return %ld\n", ret);
+        BIO_snprintf(p, left, "puts return %ld\n", ret);
         break;
     case BIO_CB_RETURN | BIO_CB_CTRL:
-        BIO_snprintf(p, p_maxlen, "ctrl return %ld\n", ret);
+        BIO_snprintf(p, left, "ctrl return %ld\n", ret);
         break;
     default:
-        BIO_snprintf(p, p_maxlen, "bio callback - unknown type (%d)\n", cmd);
+        BIO_snprintf(p, left, "bio callback - unknown type (%d)\n", cmd);
         break;
     }
 
@@ -95,5 +94,5 @@ long BIO_debug_callback(BIO *bio, int cmd, const char *argp,
     else
         fputs(buf, stderr);
 #endif
-    return (r);
+    return r;
 }
diff --git a/deps/openssl/openssl/crypto/bio/bio_err.c b/deps/openssl/openssl/crypto/bio/bio_err.c
index c914dcffdd..7aa9dabb29 100644
--- a/deps/openssl/openssl/crypto/bio/bio_err.c
+++ b/deps/openssl/openssl/crypto/bio/bio_err.c
@@ -8,106 +8,126 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
 #include <openssl/err.h>
-#include <openssl/bio.h>
+#include <openssl/bioerr.h>
 
-/* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_BIO,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_BIO,0,reason)
-
-static ERR_STRING_DATA BIO_str_functs[] = {
-    {ERR_FUNC(BIO_F_ACPT_STATE), "acpt_state"},
-    {ERR_FUNC(BIO_F_ADDR_STRINGS), "addr_strings"},
-    {ERR_FUNC(BIO_F_BIO_ACCEPT), "BIO_accept"},
-    {ERR_FUNC(BIO_F_BIO_ACCEPT_EX), "BIO_accept_ex"},
-    {ERR_FUNC(BIO_F_BIO_ADDR_NEW), "BIO_ADDR_new"},
-    {ERR_FUNC(BIO_F_BIO_CALLBACK_CTRL), "BIO_callback_ctrl"},
-    {ERR_FUNC(BIO_F_BIO_CONNECT), "BIO_connect"},
-    {ERR_FUNC(BIO_F_BIO_CTRL), "BIO_ctrl"},
-    {ERR_FUNC(BIO_F_BIO_GETS), "BIO_gets"},
-    {ERR_FUNC(BIO_F_BIO_GET_HOST_IP), "BIO_get_host_ip"},
-    {ERR_FUNC(BIO_F_BIO_GET_NEW_INDEX), "BIO_get_new_index"},
-    {ERR_FUNC(BIO_F_BIO_GET_PORT), "BIO_get_port"},
-    {ERR_FUNC(BIO_F_BIO_LISTEN), "BIO_listen"},
-    {ERR_FUNC(BIO_F_BIO_LOOKUP), "BIO_lookup"},
-    {ERR_FUNC(BIO_F_BIO_MAKE_PAIR), "bio_make_pair"},
-    {ERR_FUNC(BIO_F_BIO_METH_NEW), "BIO_meth_new"},
-    {ERR_FUNC(BIO_F_BIO_NEW), "BIO_new"},
-    {ERR_FUNC(BIO_F_BIO_NEW_FILE), "BIO_new_file"},
-    {ERR_FUNC(BIO_F_BIO_NEW_MEM_BUF), "BIO_new_mem_buf"},
-    {ERR_FUNC(BIO_F_BIO_NREAD), "BIO_nread"},
-    {ERR_FUNC(BIO_F_BIO_NREAD0), "BIO_nread0"},
-    {ERR_FUNC(BIO_F_BIO_NWRITE), "BIO_nwrite"},
-    {ERR_FUNC(BIO_F_BIO_NWRITE0), "BIO_nwrite0"},
-    {ERR_FUNC(BIO_F_BIO_PARSE_HOSTSERV), "BIO_parse_hostserv"},
-    {ERR_FUNC(BIO_F_BIO_PUTS), "BIO_puts"},
-    {ERR_FUNC(BIO_F_BIO_READ), "BIO_read"},
-    {ERR_FUNC(BIO_F_BIO_SOCKET), "BIO_socket"},
-    {ERR_FUNC(BIO_F_BIO_SOCKET_NBIO), "BIO_socket_nbio"},
-    {ERR_FUNC(BIO_F_BIO_SOCK_INFO), "BIO_sock_info"},
-    {ERR_FUNC(BIO_F_BIO_SOCK_INIT), "BIO_sock_init"},
-    {ERR_FUNC(BIO_F_BIO_WRITE), "BIO_write"},
-    {ERR_FUNC(BIO_F_BUFFER_CTRL), "buffer_ctrl"},
-    {ERR_FUNC(BIO_F_CONN_CTRL), "conn_ctrl"},
-    {ERR_FUNC(BIO_F_CONN_STATE), "conn_state"},
-    {ERR_FUNC(BIO_F_DGRAM_SCTP_READ), "dgram_sctp_read"},
-    {ERR_FUNC(BIO_F_DGRAM_SCTP_WRITE), "dgram_sctp_write"},
-    {ERR_FUNC(BIO_F_FILE_CTRL), "file_ctrl"},
-    {ERR_FUNC(BIO_F_FILE_READ), "file_read"},
-    {ERR_FUNC(BIO_F_LINEBUFFER_CTRL), "linebuffer_ctrl"},
-    {ERR_FUNC(BIO_F_MEM_WRITE), "mem_write"},
-    {ERR_FUNC(BIO_F_SSL_NEW), "SSL_new"},
+static const ERR_STRING_DATA BIO_str_functs[] = {
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_ACPT_STATE, 0), "acpt_state"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_ADDRINFO_WRAP, 0), "addrinfo_wrap"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_ADDR_STRINGS, 0), "addr_strings"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_ACCEPT, 0), "BIO_accept"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_ACCEPT_EX, 0), "BIO_accept_ex"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_ACCEPT_NEW, 0), "BIO_ACCEPT_new"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_ADDR_NEW, 0), "BIO_ADDR_new"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_BIND, 0), "BIO_bind"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_CALLBACK_CTRL, 0), "BIO_callback_ctrl"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_CONNECT, 0), "BIO_connect"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_CONNECT_NEW, 0), "BIO_CONNECT_new"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_CTRL, 0), "BIO_ctrl"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_GETS, 0), "BIO_gets"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_GET_HOST_IP, 0), "BIO_get_host_ip"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_GET_NEW_INDEX, 0), "BIO_get_new_index"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_GET_PORT, 0), "BIO_get_port"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_LISTEN, 0), "BIO_listen"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_LOOKUP, 0), "BIO_lookup"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_LOOKUP_EX, 0), "BIO_lookup_ex"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_MAKE_PAIR, 0), "bio_make_pair"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_METH_NEW, 0), "BIO_meth_new"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_NEW, 0), "BIO_new"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_NEW_DGRAM_SCTP, 0), "BIO_new_dgram_sctp"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_NEW_FILE, 0), "BIO_new_file"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_NEW_MEM_BUF, 0), "BIO_new_mem_buf"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_NREAD, 0), "BIO_nread"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_NREAD0, 0), "BIO_nread0"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_NWRITE, 0), "BIO_nwrite"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_NWRITE0, 0), "BIO_nwrite0"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_PARSE_HOSTSERV, 0), "BIO_parse_hostserv"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_PUTS, 0), "BIO_puts"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_READ, 0), "BIO_read"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_READ_EX, 0), "BIO_read_ex"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_READ_INTERN, 0), "bio_read_intern"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_SOCKET, 0), "BIO_socket"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_SOCKET_NBIO, 0), "BIO_socket_nbio"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_SOCK_INFO, 0), "BIO_sock_info"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_SOCK_INIT, 0), "BIO_sock_init"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_WRITE, 0), "BIO_write"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_WRITE_EX, 0), "BIO_write_ex"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_WRITE_INTERN, 0), "bio_write_intern"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BUFFER_CTRL, 0), "buffer_ctrl"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_CONN_CTRL, 0), "conn_ctrl"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_CONN_STATE, 0), "conn_state"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_DGRAM_SCTP_NEW, 0), "dgram_sctp_new"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_DGRAM_SCTP_READ, 0), "dgram_sctp_read"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_DGRAM_SCTP_WRITE, 0), "dgram_sctp_write"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_DOAPR_OUTCH, 0), "doapr_outch"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_FILE_CTRL, 0), "file_ctrl"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_FILE_READ, 0), "file_read"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_LINEBUFFER_CTRL, 0), "linebuffer_ctrl"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_LINEBUFFER_NEW, 0), "linebuffer_new"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_MEM_WRITE, 0), "mem_write"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_NBIOF_NEW, 0), "nbiof_new"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_SLG_WRITE, 0), "slg_write"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_SSL_NEW, 0), "SSL_new"},
     {0, NULL}
 };
 
-static ERR_STRING_DATA BIO_str_reasons[] = {
-    {ERR_REASON(BIO_R_ACCEPT_ERROR), "accept error"},
-    {ERR_REASON(BIO_R_ADDRINFO_ADDR_IS_NOT_AF_INET),
-     "addrinfo addr is not af inet"},
-    {ERR_REASON(BIO_R_AMBIGUOUS_HOST_OR_SERVICE),
-     "ambiguous host or service"},
-    {ERR_REASON(BIO_R_BAD_FOPEN_MODE), "bad fopen mode"},
-    {ERR_REASON(BIO_R_BROKEN_PIPE), "broken pipe"},
-    {ERR_REASON(BIO_R_CONNECT_ERROR), "connect error"},
-    {ERR_REASON(BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET),
-     "gethostbyname addr is not af inet"},
-    {ERR_REASON(BIO_R_GETSOCKNAME_ERROR), "getsockname error"},
-    {ERR_REASON(BIO_R_GETSOCKNAME_TRUNCATED_ADDRESS),
-     "getsockname truncated address"},
-    {ERR_REASON(BIO_R_GETTING_SOCKTYPE), "getting socktype"},
-    {ERR_REASON(BIO_R_INVALID_ARGUMENT), "invalid argument"},
-    {ERR_REASON(BIO_R_INVALID_SOCKET), "invalid socket"},
-    {ERR_REASON(BIO_R_IN_USE), "in use"},
-    {ERR_REASON(BIO_R_LISTEN_V6_ONLY), "listen v6 only"},
-    {ERR_REASON(BIO_R_LOOKUP_RETURNED_NOTHING), "lookup returned nothing"},
-    {ERR_REASON(BIO_R_MALFORMED_HOST_OR_SERVICE),
-     "malformed host or service"},
-    {ERR_REASON(BIO_R_NBIO_CONNECT_ERROR), "nbio connect error"},
-    {ERR_REASON(BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED),
-     "no accept addr or service specified"},
-    {ERR_REASON(BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED),
-     "no hostname or service specified"},
-    {ERR_REASON(BIO_R_NO_PORT_DEFINED), "no port defined"},
-    {ERR_REASON(BIO_R_NO_SUCH_FILE), "no such file"},
-    {ERR_REASON(BIO_R_NULL_PARAMETER), "null parameter"},
-    {ERR_REASON(BIO_R_UNABLE_TO_BIND_SOCKET), "unable to bind socket"},
-    {ERR_REASON(BIO_R_UNABLE_TO_CREATE_SOCKET), "unable to create socket"},
-    {ERR_REASON(BIO_R_UNABLE_TO_KEEPALIVE), "unable to keepalive"},
-    {ERR_REASON(BIO_R_UNABLE_TO_LISTEN_SOCKET), "unable to listen socket"},
-    {ERR_REASON(BIO_R_UNABLE_TO_NODELAY), "unable to nodelay"},
-    {ERR_REASON(BIO_R_UNABLE_TO_REUSEADDR), "unable to reuseaddr"},
-    {ERR_REASON(BIO_R_UNAVAILABLE_IP_FAMILY), "unavailable ip family"},
-    {ERR_REASON(BIO_R_UNINITIALIZED), "uninitialized"},
-    {ERR_REASON(BIO_R_UNKNOWN_INFO_TYPE), "unknown info type"},
-    {ERR_REASON(BIO_R_UNSUPPORTED_IP_FAMILY), "unsupported ip family"},
-    {ERR_REASON(BIO_R_UNSUPPORTED_METHOD), "unsupported method"},
-    {ERR_REASON(BIO_R_UNSUPPORTED_PROTOCOL_FAMILY),
-     "unsupported protocol family"},
-    {ERR_REASON(BIO_R_WRITE_TO_READ_ONLY_BIO), "write to read only BIO"},
-    {ERR_REASON(BIO_R_WSASTARTUP), "WSAStartup"},
+static const ERR_STRING_DATA BIO_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_ACCEPT_ERROR), "accept error"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_ADDRINFO_ADDR_IS_NOT_AF_INET),
+    "addrinfo addr is not af inet"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_AMBIGUOUS_HOST_OR_SERVICE),
+    "ambiguous host or service"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_BAD_FOPEN_MODE), "bad fopen mode"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_BROKEN_PIPE), "broken pipe"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_CONNECT_ERROR), "connect error"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET),
+    "gethostbyname addr is not af inet"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_GETSOCKNAME_ERROR), "getsockname error"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_GETSOCKNAME_TRUNCATED_ADDRESS),
+    "getsockname truncated address"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_GETTING_SOCKTYPE), "getting socktype"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_INVALID_ARGUMENT), "invalid argument"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_INVALID_SOCKET), "invalid socket"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_IN_USE), "in use"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_LENGTH_TOO_LONG), "length too long"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_LISTEN_V6_ONLY), "listen v6 only"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_LOOKUP_RETURNED_NOTHING),
+    "lookup returned nothing"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_MALFORMED_HOST_OR_SERVICE),
+    "malformed host or service"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_NBIO_CONNECT_ERROR), "nbio connect error"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED),
+    "no accept addr or service specified"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED),
+    "no hostname or service specified"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_NO_PORT_DEFINED), "no port defined"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_NO_SUCH_FILE), "no such file"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_NULL_PARAMETER), "null parameter"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNABLE_TO_BIND_SOCKET),
+    "unable to bind socket"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNABLE_TO_CREATE_SOCKET),
+    "unable to create socket"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNABLE_TO_KEEPALIVE),
+    "unable to keepalive"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNABLE_TO_LISTEN_SOCKET),
+    "unable to listen socket"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNABLE_TO_NODELAY), "unable to nodelay"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNABLE_TO_REUSEADDR),
+    "unable to reuseaddr"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNAVAILABLE_IP_FAMILY),
+    "unavailable ip family"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNINITIALIZED), "uninitialized"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNKNOWN_INFO_TYPE), "unknown info type"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNSUPPORTED_IP_FAMILY),
+    "unsupported ip family"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNSUPPORTED_METHOD), "unsupported method"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNSUPPORTED_PROTOCOL_FAMILY),
+    "unsupported protocol family"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_WRITE_TO_READ_ONLY_BIO),
+    "write to read only BIO"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_WSASTARTUP), "WSAStartup"},
     {0, NULL}
 };
 
@@ -116,10 +136,9 @@ static ERR_STRING_DATA BIO_str_reasons[] = {
 int ERR_load_BIO_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
-
     if (ERR_func_error_string(BIO_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, BIO_str_functs);
-        ERR_load_strings(0, BIO_str_reasons);
+        ERR_load_strings_const(BIO_str_functs);
+        ERR_load_strings_const(BIO_str_reasons);
     }
 #endif
     return 1;
diff --git a/deps/openssl/openssl/crypto/bio/bio_lcl.h b/deps/openssl/openssl/crypto/bio/bio_lcl.h
index 39178cf50a..e2c05a20de 100644
--- a/deps/openssl/openssl/crypto/bio/bio_lcl.h
+++ b/deps/openssl/openssl/crypto/bio/bio_lcl.h
@@ -7,8 +7,9 @@
  * https://www.openssl.org/source/license.html
  */
 
-#define USE_SOCKETS
 #include "e_os.h"
+#include "internal/sockets.h"
+#include "internal/refcount.h"
 
 /* BEGIN BIO_ADDRINFO/BIO_ADDR stuff. */
 
@@ -86,7 +87,7 @@ union bio_addr_st {
 /* END BIO_ADDRINFO/BIO_ADDR stuff. */
 
 #include "internal/cryptlib.h"
-#include <internal/bio.h>
+#include "internal/bio.h"
 
 typedef struct bio_f_buffer_ctx_struct {
     /*-
@@ -114,7 +115,8 @@ typedef struct bio_f_buffer_ctx_struct {
 struct bio_st {
     const BIO_METHOD *method;
     /* bio, mode, argp, argi, argl, ret */
-    long (*callback) (struct bio_st *, int, const char *, int, long, long);
+    BIO_callback_fn callback;
+    BIO_callback_fn_ex callback_ex;
     char *cb_arg;               /* first argument for the callback */
     int init;
     int shutdown;
@@ -124,7 +126,7 @@ struct bio_st {
     void *ptr;
     struct bio_st *next_bio;    /* used by filter BIOs */
     struct bio_st *prev_bio;    /* used by filter BIOs */
-    int references;
+    CRYPTO_REF_COUNT references;
     uint64_t num_read;
     uint64_t num_write;
     CRYPTO_EX_DATA ex_data;
diff --git a/deps/openssl/openssl/crypto/bio/bio_lib.c b/deps/openssl/openssl/crypto/bio/bio_lib.c
index 7b98dc931e..ca375b911a 100644
--- a/deps/openssl/openssl/crypto/bio/bio_lib.c
+++ b/deps/openssl/openssl/crypto/bio/bio_lib.c
@@ -13,13 +13,68 @@
 #include "bio_lcl.h"
 #include "internal/cryptlib.h"
 
+
+/*
+ * Helper macro for the callback to determine whether an operator expects a
+ * len parameter or not
+ */
+#define HAS_LEN_OPER(o)        ((o) == BIO_CB_READ || (o) == BIO_CB_WRITE || \
+                                (o) == BIO_CB_GETS)
+
+/*
+ * Helper function to work out whether to call the new style callback or the old
+ * one, and translate between the two.
+ *
+ * This has a long return type for consistency with the old callback. Similarly
+ * for the "long" used for "inret"
+ */
+static long bio_call_callback(BIO *b, int oper, const char *argp, size_t len,
+                              int argi, long argl, long inret, size_t *processed)
+{
+    long ret;
+    int bareoper;
+
+    if (b->callback_ex != NULL)
+        return b->callback_ex(b, oper, argp, len, argi, argl, inret, processed);
+
+    /* Strip off any BIO_CB_RETURN flag */
+    bareoper = oper & ~BIO_CB_RETURN;
+
+    /*
+     * We have an old style callback, so we will have to do nasty casts and
+     * check for overflows.
+     */
+    if (HAS_LEN_OPER(bareoper)) {
+        /* In this case |len| is set, and should be used instead of |argi| */
+        if (len > INT_MAX)
+            return -1;
+
+        argi = (int)len;
+    }
+
+    if (inret > 0 && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) {
+        if (*processed > INT_MAX)
+            return -1;
+        inret = *processed;
+    }
+
+    ret = b->callback(b, oper, argp, argi, argl, inret);
+
+    if (ret > 0 && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) {
+        *processed = (size_t)ret;
+        ret = 1;
+    }
+
+    return ret;
+}
+
 BIO *BIO_new(const BIO_METHOD *method)
 {
     BIO *bio = OPENSSL_zalloc(sizeof(*bio));
 
     if (bio == NULL) {
         BIOerr(BIO_F_BIO_NEW, ERR_R_MALLOC_FAILURE);
-        return (NULL);
+        return NULL;
     }
 
     bio->method = method;
@@ -54,21 +109,24 @@ err:
 
 int BIO_free(BIO *a)
 {
-    int i;
+    int ret;
 
     if (a == NULL)
         return 0;
 
-    if (CRYPTO_atomic_add(&a->references, -1, &i, a->lock) <= 0)
+    if (CRYPTO_DOWN_REF(&a->references, &ret, a->lock) <= 0)
         return 0;
 
     REF_PRINT_COUNT("BIO", a);
-    if (i > 0)
+    if (ret > 0)
         return 1;
-    REF_ASSERT_ISNT(i < 0);
-    if ((a->callback != NULL) &&
-        ((i = (int)a->callback(a, BIO_CB_FREE, NULL, 0, 0L, 1L)) <= 0))
-        return i;
+    REF_ASSERT_ISNT(ret < 0);
+
+    if (a->callback != NULL || a->callback_ex != NULL) {
+        ret = (int)bio_call_callback(a, BIO_CB_FREE, NULL, 0, 0, 0L, 1L, NULL);
+        if (ret <= 0)
+            return ret;
+    }
 
     if ((a->method != NULL) && (a->method->destroy != NULL))
         a->method->destroy(a);
@@ -121,7 +179,7 @@ int BIO_up_ref(BIO *a)
 {
     int i;
 
-    if (CRYPTO_atomic_add(&a->references, 1, &i, a->lock) <= 0)
+    if (CRYPTO_UP_REF(&a->references, &i, a->lock) <= 0)
         return 0;
 
     REF_PRINT_COUNT("BIO", a);
@@ -144,18 +202,26 @@ void BIO_set_flags(BIO *b, int flags)
     b->flags |= flags;
 }
 
-long (*BIO_get_callback(const BIO *b)) (struct bio_st *, int, const char *,
-                                        int, long, long) {
+BIO_callback_fn BIO_get_callback(const BIO *b)
+{
     return b->callback;
 }
 
-void BIO_set_callback(BIO *b,
-                      long (*cb) (struct bio_st *, int, const char *, int,
-                                  long, long))
+void BIO_set_callback(BIO *b, BIO_callback_fn cb)
 {
     b->callback = cb;
 }
 
+BIO_callback_fn_ex BIO_get_callback_ex(const BIO *b)
+{
+    return b->callback_ex;
+}
+
+void BIO_set_callback_ex(BIO *b, BIO_callback_fn_ex cb)
+{
+    b->callback_ex = cb;
+}
+
 void BIO_set_callback_arg(BIO *b, char *arg)
 {
     b->cb_arg = arg;
@@ -176,124 +242,239 @@ int BIO_method_type(const BIO *b)
     return b->method->type;
 }
 
-int BIO_read(BIO *b, void *out, int outl)
+/*
+ * This is essentially the same as BIO_read_ex() except that it allows
+ * 0 or a negative value to indicate failure (retryable or not) in the return.
+ * This is for compatibility with the old style BIO_read(), where existing code
+ * may make assumptions about the return value that it might get.
+ */
+static int bio_read_intern(BIO *b, void *data, size_t dlen, size_t *readbytes)
 {
-    int i;
-    long (*cb) (BIO *, int, const char *, int, long, long);
+    int ret;
 
     if ((b == NULL) || (b->method == NULL) || (b->method->bread == NULL)) {
-        BIOerr(BIO_F_BIO_READ, BIO_R_UNSUPPORTED_METHOD);
-        return (-2);
+        BIOerr(BIO_F_BIO_READ_INTERN, BIO_R_UNSUPPORTED_METHOD);
+        return -2;
     }
 
-    cb = b->callback;
-    if ((cb != NULL) &&
-        ((i = (int)cb(b, BIO_CB_READ, out, outl, 0L, 1L)) <= 0))
-        return (i);
+    if ((b->callback != NULL || b->callback_ex != NULL) &&
+        ((ret = (int)bio_call_callback(b, BIO_CB_READ, data, dlen, 0, 0L, 1L,
+                                       NULL)) <= 0))
+        return ret;
 
     if (!b->init) {
-        BIOerr(BIO_F_BIO_READ, BIO_R_UNINITIALIZED);
-        return (-2);
+        BIOerr(BIO_F_BIO_READ_INTERN, BIO_R_UNINITIALIZED);
+        return -2;
+    }
+
+    ret = b->method->bread(b, data, dlen, readbytes);
+
+    if (ret > 0)
+        b->num_read += (uint64_t)*readbytes;
+
+    if (b->callback != NULL || b->callback_ex != NULL)
+        ret = (int)bio_call_callback(b, BIO_CB_READ | BIO_CB_RETURN, data,
+                                     dlen, 0, 0L, ret, readbytes);
+
+    /* Shouldn't happen */
+    if (ret > 0 && *readbytes > dlen) {
+        BIOerr(BIO_F_BIO_READ_INTERN, ERR_R_INTERNAL_ERROR);
+        return -1;
     }
 
-    i = b->method->bread(b, out, outl);
+    return ret;
+}
+
+int BIO_read(BIO *b, void *data, int dlen)
+{
+    size_t readbytes;
+    int ret;
+
+    if (dlen < 0)
+        return 0;
 
-    if (i > 0)
-        b->num_read += (uint64_t)i;
+    ret = bio_read_intern(b, data, (size_t)dlen, &readbytes);
 
-    if (cb != NULL)
-        i = (int)cb(b, BIO_CB_READ | BIO_CB_RETURN, out, outl, 0L, (long)i);
-    return (i);
+    if (ret > 0) {
+        /* *readbytes should always be <= dlen */
+        ret = (int)readbytes;
+    }
+
+    return ret;
 }
 
-int BIO_write(BIO *b, const void *in, int inl)
+int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes)
 {
-    int i;
-    long (*cb) (BIO *, int, const char *, int, long, long);
+    int ret;
+
+    ret = bio_read_intern(b, data, dlen, readbytes);
+
+    if (ret > 0)
+        ret = 1;
+    else
+        ret = 0;
+
+    return ret;
+}
+
+static int bio_write_intern(BIO *b, const void *data, size_t dlen,
+                            size_t *written)
+{
+    int ret;
 
     if (b == NULL)
-        return (0);
+        return 0;
 
-    cb = b->callback;
     if ((b->method == NULL) || (b->method->bwrite == NULL)) {
-        BIOerr(BIO_F_BIO_WRITE, BIO_R_UNSUPPORTED_METHOD);
-        return (-2);
+        BIOerr(BIO_F_BIO_WRITE_INTERN, BIO_R_UNSUPPORTED_METHOD);
+        return -2;
     }
 
-    if ((cb != NULL) &&
-        ((i = (int)cb(b, BIO_CB_WRITE, in, inl, 0L, 1L)) <= 0))
-        return (i);
+    if ((b->callback != NULL || b->callback_ex != NULL) &&
+        ((ret = (int)bio_call_callback(b, BIO_CB_WRITE, data, dlen, 0, 0L, 1L,
+                                       NULL)) <= 0))
+        return ret;
 
     if (!b->init) {
-        BIOerr(BIO_F_BIO_WRITE, BIO_R_UNINITIALIZED);
-        return (-2);
+        BIOerr(BIO_F_BIO_WRITE_INTERN, BIO_R_UNINITIALIZED);
+        return -2;
     }
 
-    i = b->method->bwrite(b, in, inl);
+    ret = b->method->bwrite(b, data, dlen, written);
+
+    if (ret > 0)
+        b->num_write += (uint64_t)*written;
 
-    if (i > 0)
-        b->num_write += (uint64_t)i;
+    if (b->callback != NULL || b->callback_ex != NULL)
+        ret = (int)bio_call_callback(b, BIO_CB_WRITE | BIO_CB_RETURN, data,
+                                     dlen, 0, 0L, ret, written);
 
-    if (cb != NULL)
-        i = (int)cb(b, BIO_CB_WRITE | BIO_CB_RETURN, in, inl, 0L, (long)i);
-    return (i);
+    return ret;
 }
 
-int BIO_puts(BIO *b, const char *in)
+int BIO_write(BIO *b, const void *data, int dlen)
 {
-    int i;
-    long (*cb) (BIO *, int, const char *, int, long, long);
+    size_t written;
+    int ret;
+
+    if (dlen < 0)
+        return 0;
+
+    ret = bio_write_intern(b, data, (size_t)dlen, &written);
+
+    if (ret > 0) {
+        /* *written should always be <= dlen */
+        ret = (int)written;
+    }
+
+    return ret;
+}
+
+int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written)
+{
+    int ret;
+
+    ret = bio_write_intern(b, data, dlen, written);
+
+    if (ret > 0)
+        ret = 1;
+    else
+        ret = 0;
+
+    return ret;
+}
+
+int BIO_puts(BIO *b, const char *buf)
+{
+    int ret;
+    size_t written = 0;
 
     if ((b == NULL) || (b->method == NULL) || (b->method->bputs == NULL)) {
         BIOerr(BIO_F_BIO_PUTS, BIO_R_UNSUPPORTED_METHOD);
-        return (-2);
+        return -2;
     }
 
-    cb = b->callback;
-
-    if ((cb != NULL) && ((i = (int)cb(b, BIO_CB_PUTS, in, 0, 0L, 1L)) <= 0))
-        return (i);
+    if (b->callback != NULL || b->callback_ex != NULL) {
+        ret = (int)bio_call_callback(b, BIO_CB_PUTS, buf, 0, 0, 0L, 1L, NULL);
+        if (ret <= 0)
+            return ret;
+    }
 
     if (!b->init) {
         BIOerr(BIO_F_BIO_PUTS, BIO_R_UNINITIALIZED);
-        return (-2);
+        return -2;
+    }
+
+    ret = b->method->bputs(b, buf);
+
+    if (ret > 0) {
+        b->num_write += (uint64_t)ret;
+        written = ret;
+        ret = 1;
     }
 
-    i = b->method->bputs(b, in);
+    if (b->callback != NULL || b->callback_ex != NULL)
+        ret = (int)bio_call_callback(b, BIO_CB_PUTS | BIO_CB_RETURN, buf, 0, 0,
+                                     0L, ret, &written);
 
-    if (i > 0)
-        b->num_write += (uint64_t)i;
+    if (ret > 0) {
+        if (written > INT_MAX) {
+            BIOerr(BIO_F_BIO_PUTS, BIO_R_LENGTH_TOO_LONG);
+            ret = -1;
+        } else {
+            ret = (int)written;
+        }
+    }
 
-    if (cb != NULL)
-        i = (int)cb(b, BIO_CB_PUTS | BIO_CB_RETURN, in, 0, 0L, (long)i);
-    return (i);
+    return ret;
 }
 
-int BIO_gets(BIO *b, char *in, int inl)
+int BIO_gets(BIO *b, char *buf, int size)
 {
-    int i;
-    long (*cb) (BIO *, int, const char *, int, long, long);
+    int ret;
+    size_t readbytes = 0;
 
     if ((b == NULL) || (b->method == NULL) || (b->method->bgets == NULL)) {
         BIOerr(BIO_F_BIO_GETS, BIO_R_UNSUPPORTED_METHOD);
-        return (-2);
+        return -2;
     }
 
-    cb = b->callback;
+    if (size < 0) {
+        BIOerr(BIO_F_BIO_GETS, BIO_R_INVALID_ARGUMENT);
+        return 0;
+    }
 
-    if ((cb != NULL) && ((i = (int)cb(b, BIO_CB_GETS, in, inl, 0L, 1L)) <= 0))
-        return (i);
+    if (b->callback != NULL || b->callback_ex != NULL) {
+        ret = (int)bio_call_callback(b, BIO_CB_GETS, buf, size, 0, 0L, 1, NULL);
+        if (ret <= 0)
+            return ret;
+    }
 
     if (!b->init) {
         BIOerr(BIO_F_BIO_GETS, BIO_R_UNINITIALIZED);
-        return (-2);
+        return -2;
+    }
+
+    ret = b->method->bgets(b, buf, size);
+
+    if (ret > 0) {
+        readbytes = ret;
+        ret = 1;
     }
 
-    i = b->method->bgets(b, in, inl);
+    if (b->callback != NULL || b->callback_ex != NULL)
+        ret = (int)bio_call_callback(b, BIO_CB_GETS | BIO_CB_RETURN, buf, size,
+                                     0, 0L, ret, &readbytes);
+
+    if (ret > 0) {
+        /* Shouldn't happen */
+        if (readbytes > (size_t)size)
+            ret = -1;
+        else
+            ret = (int)readbytes;
+    }
 
-    if (cb != NULL)
-        i = (int)cb(b, BIO_CB_GETS | BIO_CB_RETURN, in, inl, 0L, (long)i);
-    return (i);
+    return ret;
 }
 
 int BIO_indent(BIO *b, int indent, int max)
@@ -313,7 +494,7 @@ long BIO_int_ctrl(BIO *b, int cmd, long larg, int iarg)
     int i;
 
     i = iarg;
-    return (BIO_ctrl(b, cmd, larg, (char *)&i));
+    return BIO_ctrl(b, cmd, larg, (char *)&i);
 }
 
 void *BIO_ptr_ctrl(BIO *b, int cmd, long larg)
@@ -321,61 +502,65 @@ void *BIO_ptr_ctrl(BIO *b, int cmd, long larg)
     void *p = NULL;
 
     if (BIO_ctrl(b, cmd, larg, (char *)&p) <= 0)
-        return (NULL);
+        return NULL;
     else
-        return (p);
+        return p;
 }
 
 long BIO_ctrl(BIO *b, int cmd, long larg, void *parg)
 {
     long ret;
-    long (*cb) (BIO *, int, const char *, int, long, long);
 
     if (b == NULL)
-        return (0);
+        return 0;
 
     if ((b->method == NULL) || (b->method->ctrl == NULL)) {
         BIOerr(BIO_F_BIO_CTRL, BIO_R_UNSUPPORTED_METHOD);
-        return (-2);
+        return -2;
     }
 
-    cb = b->callback;
-
-    if ((cb != NULL) &&
-        ((ret = cb(b, BIO_CB_CTRL, parg, cmd, larg, 1L)) <= 0))
-        return (ret);
+    if (b->callback != NULL || b->callback_ex != NULL) {
+        ret = bio_call_callback(b, BIO_CB_CTRL, parg, 0, cmd, larg, 1L, NULL);
+        if (ret <= 0)
+            return ret;
+    }
 
     ret = b->method->ctrl(b, cmd, larg, parg);
 
-    if (cb != NULL)
-        ret = cb(b, BIO_CB_CTRL | BIO_CB_RETURN, parg, cmd, larg, ret);
-    return (ret);
+    if (b->callback != NULL || b->callback_ex != NULL)
+        ret = bio_call_callback(b, BIO_CB_CTRL | BIO_CB_RETURN, parg, 0, cmd,
+                                larg, ret, NULL);
+
+    return ret;
 }
 
 long BIO_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
 {
     long ret;
-    long (*cb) (BIO *, int, const char *, int, long, long);
 
     if (b == NULL)
-        return (0);
+        return 0;
 
-    if ((b->method == NULL) || (b->method->callback_ctrl == NULL)) {
+    if ((b->method == NULL) || (b->method->callback_ctrl == NULL)
+            || (cmd != BIO_CTRL_SET_CALLBACK)) {
         BIOerr(BIO_F_BIO_CALLBACK_CTRL, BIO_R_UNSUPPORTED_METHOD);
-        return (-2);
+        return -2;
     }
 
-    cb = b->callback;
-
-    if ((cb != NULL) &&
-        ((ret = cb(b, BIO_CB_CTRL, (void *)&fp, cmd, 0, 1L)) <= 0))
-        return (ret);
+    if (b->callback != NULL || b->callback_ex != NULL) {
+        ret = bio_call_callback(b, BIO_CB_CTRL, (void *)&fp, 0, cmd, 0, 1L,
+                                NULL);
+        if (ret <= 0)
+            return ret;
+    }
 
     ret = b->method->callback_ctrl(b, cmd, fp);
 
-    if (cb != NULL)
-        ret = cb(b, BIO_CB_CTRL | BIO_CB_RETURN, (void *)&fp, cmd, 0, ret);
-    return (ret);
+    if (b->callback != NULL || b->callback_ex != NULL)
+        ret = bio_call_callback(b, BIO_CB_CTRL | BIO_CB_RETURN, (void *)&fp, 0,
+                                cmd, 0, ret, NULL);
+
+    return ret;
 }
 
 /*
@@ -399,7 +584,7 @@ BIO *BIO_push(BIO *b, BIO *bio)
     BIO *lb;
 
     if (b == NULL)
-        return (bio);
+        return bio;
     lb = b;
     while (lb->next_bio != NULL)
         lb = lb->next_bio;
@@ -408,7 +593,7 @@ BIO *BIO_push(BIO *b, BIO *bio)
         bio->prev_bio = lb;
     /* called to do internal processing */
     BIO_ctrl(b, BIO_CTRL_PUSH, 0, lb);
-    return (b);
+    return b;
 }
 
 /* Remove the first and return the rest */
@@ -417,7 +602,7 @@ BIO *BIO_pop(BIO *b)
     BIO *ret;
 
     if (b == NULL)
-        return (NULL);
+        return NULL;
     ret = b->next_bio;
 
     BIO_ctrl(b, BIO_CTRL_POP, 0, b);
@@ -429,7 +614,7 @@ BIO *BIO_pop(BIO *b)
 
     b->next_bio = NULL;
     b->prev_bio = NULL;
-    return (ret);
+    return ret;
 }
 
 BIO *BIO_get_retry_BIO(BIO *bio, int *reason)
@@ -447,12 +632,12 @@ BIO *BIO_get_retry_BIO(BIO *bio, int *reason)
     }
     if (reason != NULL)
         *reason = last->retry_reason;
-    return (last);
+    return last;
 }
 
 int BIO_get_retry_reason(BIO *bio)
 {
-    return (bio->retry_reason);
+    return bio->retry_reason;
 }
 
 void BIO_set_retry_reason(BIO *bio, int reason)
@@ -473,13 +658,13 @@ BIO *BIO_find_type(BIO *bio, int type)
 
             if (!mask) {
                 if (mt & type)
-                    return (bio);
+                    return bio;
             } else if (mt == type)
-                return (bio);
+                return bio;
         }
         bio = bio->next_bio;
     } while (bio != NULL);
-    return (NULL);
+    return NULL;
 }
 
 BIO *BIO_next(BIO *b)
@@ -518,6 +703,7 @@ BIO *BIO_dup_chain(BIO *in)
         if ((new_bio = BIO_new(bio->method)) == NULL)
             goto err;
         new_bio->callback = bio->callback;
+        new_bio->callback_ex = bio->callback_ex;
         new_bio->cb_arg = bio->cb_arg;
         new_bio->init = bio->init;
         new_bio->shutdown = bio->shutdown;
@@ -546,11 +732,11 @@ BIO *BIO_dup_chain(BIO *in)
             eoc = new_bio;
         }
     }
-    return (ret);
+    return ret;
  err:
     BIO_free_all(ret);
 
-    return (NULL);
+    return NULL;
 }
 
 void BIO_copy_next_retry(BIO *b)
@@ -561,12 +747,12 @@ void BIO_copy_next_retry(BIO *b)
 
 int BIO_set_ex_data(BIO *bio, int idx, void *data)
 {
-    return (CRYPTO_set_ex_data(&(bio->ex_data), idx, data));
+    return CRYPTO_set_ex_data(&(bio->ex_data), idx, data);
 }
 
 void *BIO_get_ex_data(BIO *bio, int idx)
 {
-    return (CRYPTO_get_ex_data(&(bio->ex_data), idx));
+    return CRYPTO_get_ex_data(&(bio->ex_data), idx);
 }
 
 uint64_t BIO_number_read(BIO *bio)
diff --git a/deps/openssl/openssl/crypto/bio/bio_meth.c b/deps/openssl/openssl/crypto/bio/bio_meth.c
index 63a7cccc82..493ff63a90 100644
--- a/deps/openssl/openssl/crypto/bio/bio_meth.c
+++ b/deps/openssl/openssl/crypto/bio/bio_meth.c
@@ -8,7 +8,7 @@
  */
 
 #include "bio_lcl.h"
-#include <internal/thread_once.h>
+#include "internal/thread_once.h"
 
 CRYPTO_RWLOCK *bio_type_lock = NULL;
 static CRYPTO_ONCE bio_type_init = CRYPTO_ONCE_STATIC_INIT;
@@ -19,16 +19,16 @@ DEFINE_RUN_ONCE_STATIC(do_bio_type_init)
     return bio_type_lock != NULL;
 }
 
-int BIO_get_new_index()
+int BIO_get_new_index(void)
 {
-    static int bio_count = BIO_TYPE_START;
+    static CRYPTO_REF_COUNT bio_count = BIO_TYPE_START;
     int newval;
 
     if (!RUN_ONCE(&bio_type_init, do_bio_type_init)) {
         BIOerr(BIO_F_BIO_GET_NEW_INDEX, ERR_R_MALLOC_FAILURE);
         return -1;
     }
-    if (!CRYPTO_atomic_add(&bio_count, 1, &newval, bio_type_lock))
+    if (!CRYPTO_UP_REF(&bio_count, &newval, bio_type_lock))
         return -1;
     return newval;
 }
@@ -57,24 +57,93 @@ void BIO_meth_free(BIO_METHOD *biom)
 
 int (*BIO_meth_get_write(const BIO_METHOD *biom)) (BIO *, const char *, int)
 {
+    return biom->bwrite_old;
+}
+
+int (*BIO_meth_get_write_ex(const BIO_METHOD *biom)) (BIO *, const char *, size_t,
+                                                size_t *)
+{
     return biom->bwrite;
 }
 
+/* Conversion for old style bwrite to new style */
+int bwrite_conv(BIO *bio, const char *data, size_t datal, size_t *written)
+{
+    int ret;
+
+    if (datal > INT_MAX)
+        datal = INT_MAX;
+
+    ret = bio->method->bwrite_old(bio, data, (int)datal);
+
+    if (ret <= 0) {
+        *written = 0;
+        return ret;
+    }
+
+    *written = (size_t)ret;
+
+    return 1;
+}
+
 int BIO_meth_set_write(BIO_METHOD *biom,
                        int (*bwrite) (BIO *, const char *, int))
 {
+    biom->bwrite_old = bwrite;
+    biom->bwrite = bwrite_conv;
+    return 1;
+}
+
+int BIO_meth_set_write_ex(BIO_METHOD *biom,
+                       int (*bwrite) (BIO *, const char *, size_t, size_t *))
+{
+    biom->bwrite_old = NULL;
     biom->bwrite = bwrite;
     return 1;
 }
 
 int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int)
 {
+    return biom->bread_old;
+}
+
+int (*BIO_meth_get_read_ex(const BIO_METHOD *biom)) (BIO *, char *, size_t, size_t *)
+{
     return biom->bread;
 }
 
+/* Conversion for old style bread to new style */
+int bread_conv(BIO *bio, char *data, size_t datal, size_t *readbytes)
+{
+    int ret;
+
+    if (datal > INT_MAX)
+        datal = INT_MAX;
+
+    ret = bio->method->bread_old(bio, data, (int)datal);
+
+    if (ret <= 0) {
+        *readbytes = 0;
+        return ret;
+    }
+
+    *readbytes = (size_t)ret;
+
+    return 1;
+}
+
 int BIO_meth_set_read(BIO_METHOD *biom,
                       int (*bread) (BIO *, char *, int))
 {
+    biom->bread_old = bread;
+    biom->bread = bread_conv;
+    return 1;
+}
+
+int BIO_meth_set_read_ex(BIO_METHOD *biom,
+                         int (*bread) (BIO *, char *, size_t, size_t *))
+{
+    biom->bread_old = NULL;
     biom->bread = bread;
     return 1;
 }
diff --git a/deps/openssl/openssl/crypto/bio/bss_acpt.c b/deps/openssl/openssl/crypto/bio/bss_acpt.c
index 21d21c16a9..993e5903a0 100644
--- a/deps/openssl/openssl/crypto/bio/bss_acpt.c
+++ b/deps/openssl/openssl/crypto/bio/bss_acpt.c
@@ -54,7 +54,11 @@ static void BIO_ACCEPT_free(BIO_ACCEPT *a);
 static const BIO_METHOD methods_acceptp = {
     BIO_TYPE_ACCEPT,
     "socket accept",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
     acpt_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
     acpt_read,
     acpt_puts,
     NULL,                       /* connect_gets,         */
@@ -66,7 +70,7 @@ static const BIO_METHOD methods_acceptp = {
 
 const BIO_METHOD *BIO_s_accept(void)
 {
-    return (&methods_acceptp);
+    return &methods_acceptp;
 }
 
 static int acpt_new(BIO *bi)
@@ -77,29 +81,30 @@ static int acpt_new(BIO *bi)
     bi->num = (int)INVALID_SOCKET;
     bi->flags = 0;
     if ((ba = BIO_ACCEPT_new()) == NULL)
-        return (0);
+        return 0;
     bi->ptr = (char *)ba;
     ba->state = ACPT_S_BEFORE;
     bi->shutdown = 1;
-    return (1);
+    return 1;
 }
 
 static BIO_ACCEPT *BIO_ACCEPT_new(void)
 {
     BIO_ACCEPT *ret;
 
-    if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL)
-        return (NULL);
+    if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) {
+        BIOerr(BIO_F_BIO_ACCEPT_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
     ret->accept_family = BIO_FAMILY_IPANY;
     ret->accept_sock = (int)INVALID_SOCKET;
-    return (ret);
+    return ret;
 }
 
 static void BIO_ACCEPT_free(BIO_ACCEPT *a)
 {
     if (a == NULL)
         return;
-
     OPENSSL_free(a->param_addr);
     OPENSSL_free(a->param_serv);
     BIO_ADDRINFO_free(a->addr_first);
@@ -129,7 +134,7 @@ static int acpt_free(BIO *a)
     BIO_ACCEPT *data;
 
     if (a == NULL)
-        return (0);
+        return 0;
     data = (BIO_ACCEPT *)a->ptr;
 
     if (a->shutdown) {
@@ -139,7 +144,7 @@ static int acpt_free(BIO *a)
         a->flags = 0;
         a->init = 0;
     }
-    return (1);
+    return 1;
 }
 
 static int acpt_state(BIO *b, BIO_ACCEPT *c)
@@ -360,12 +365,12 @@ static int acpt_read(BIO *b, char *out, int outl)
     while (b->next_bio == NULL) {
         ret = acpt_state(b, data);
         if (ret <= 0)
-            return (ret);
+            return ret;
     }
 
     ret = BIO_read(b->next_bio, out, outl);
     BIO_copy_next_retry(b);
-    return (ret);
+    return ret;
 }
 
 static int acpt_write(BIO *b, const char *in, int inl)
@@ -379,12 +384,12 @@ static int acpt_write(BIO *b, const char *in, int inl)
     while (b->next_bio == NULL) {
         ret = acpt_state(b, data);
         if (ret <= 0)
-            return (ret);
+            return ret;
     }
 
     ret = BIO_write(b->next_bio, in, inl);
     BIO_copy_next_retry(b);
-    return (ret);
+    return ret;
 }
 
 static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr)
@@ -451,7 +456,6 @@ static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr)
             data->accepted_mode &= ~BIO_SOCK_NONBLOCK;
         break;
     case BIO_C_SET_FD:
-        b->init = 1;
         b->num = *((int *)ptr);
         data->accept_sock = b->num;
         data->state = ACPT_S_ACCEPT;
@@ -522,19 +526,13 @@ static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr)
         ret = (long)data->bind_mode;
         break;
     case BIO_CTRL_DUP:
-/*-     dbio=(BIO *)ptr;
-        if (data->param_port) EAY EAY
-                BIO_set_port(dbio,data->param_port);
-        if (data->param_hostname)
-                BIO_set_hostname(dbio,data->param_hostname);
-        BIO_set_nbio(dbio,data->nbio); */
         break;
 
     default:
         ret = 0;
         break;
     }
-    return (ret);
+    return ret;
 }
 
 static int acpt_puts(BIO *bp, const char *str)
@@ -543,7 +541,7 @@ static int acpt_puts(BIO *bp, const char *str)
 
     n = strlen(str);
     ret = acpt_write(bp, str, n);
-    return (ret);
+    return ret;
 }
 
 BIO *BIO_new_accept(const char *str)
@@ -552,11 +550,11 @@ BIO *BIO_new_accept(const char *str)
 
     ret = BIO_new(BIO_s_accept());
     if (ret == NULL)
-        return (NULL);
+        return NULL;
     if (BIO_set_accept_name(ret, str))
-        return (ret);
+        return ret;
     BIO_free(ret);
-    return (NULL);
+    return NULL;
 }
 
 #endif
diff --git a/deps/openssl/openssl/crypto/bio/bss_bio.c b/deps/openssl/openssl/crypto/bio/bss_bio.c
index de34f6bf37..e34382c557 100644
--- a/deps/openssl/openssl/crypto/bio/bss_bio.c
+++ b/deps/openssl/openssl/crypto/bio/bss_bio.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -15,6 +15,7 @@
  * See ssl/ssltest.c for some hints on how this can be used.
  */
 
+#include "e_os.h"
 #include <assert.h>
 #include <limits.h>
 #include <stdlib.h>
@@ -24,8 +25,6 @@
 #include <openssl/err.h>
 #include <openssl/crypto.h>
 
-#include "e_os.h"
-
 static int bio_new(BIO *bio);
 static int bio_free(BIO *bio);
 static int bio_read(BIO *bio, char *buf, int size);
@@ -39,7 +38,11 @@ static void bio_destroy_pair(BIO *bio);
 static const BIO_METHOD methods_biop = {
     BIO_TYPE_BIO,
     "BIO pair",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
     bio_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
     bio_read,
     bio_puts,
     NULL /* no bio_gets */ ,
diff --git a/deps/openssl/openssl/crypto/bio/bss_conn.c b/deps/openssl/openssl/crypto/bio/bss_conn.c
index e343bcddfa..e9673fe783 100644
--- a/deps/openssl/openssl/crypto/bio/bss_conn.c
+++ b/deps/openssl/openssl/crypto/bio/bss_conn.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -58,7 +58,11 @@ void BIO_CONNECT_free(BIO_CONNECT *a);
 static const BIO_METHOD methods_connectp = {
     BIO_TYPE_CONNECT,
     "socket connect",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
     conn_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
     conn_read,
     conn_puts,
     NULL,                       /* conn_gets, */
@@ -212,25 +216,26 @@ static int conn_state(BIO *b, BIO_CONNECT *c)
     if (cb != NULL)
         ret = cb((BIO *)b, c->state, ret);
  end:
-    return (ret);
+    return ret;
 }
 
 BIO_CONNECT *BIO_CONNECT_new(void)
 {
     BIO_CONNECT *ret;
 
-    if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL)
-        return (NULL);
+    if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) {
+        BIOerr(BIO_F_BIO_CONNECT_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
     ret->state = BIO_CONN_S_BEFORE;
     ret->connect_family = BIO_FAMILY_IPANY;
-    return (ret);
+    return ret;
 }
 
 void BIO_CONNECT_free(BIO_CONNECT *a)
 {
     if (a == NULL)
         return;
-
     OPENSSL_free(a->param_hostname);
     OPENSSL_free(a->param_service);
     BIO_ADDRINFO_free(a->addr_first);
@@ -239,7 +244,7 @@ void BIO_CONNECT_free(BIO_CONNECT *a)
 
 const BIO_METHOD *BIO_s_connect(void)
 {
-    return (&methods_connectp);
+    return &methods_connectp;
 }
 
 static int conn_new(BIO *bi)
@@ -248,9 +253,9 @@ static int conn_new(BIO *bi)
     bi->num = (int)INVALID_SOCKET;
     bi->flags = 0;
     if ((bi->ptr = (char *)BIO_CONNECT_new()) == NULL)
-        return (0);
+        return 0;
     else
-        return (1);
+        return 1;
 }
 
 static void conn_close_socket(BIO *bio)
@@ -272,7 +277,7 @@ static int conn_free(BIO *a)
     BIO_CONNECT *data;
 
     if (a == NULL)
-        return (0);
+        return 0;
     data = (BIO_CONNECT *)a->ptr;
 
     if (a->shutdown) {
@@ -282,7 +287,7 @@ static int conn_free(BIO *a)
         a->flags = 0;
         a->init = 0;
     }
-    return (1);
+    return 1;
 }
 
 static int conn_read(BIO *b, char *out, int outl)
@@ -294,7 +299,7 @@ static int conn_read(BIO *b, char *out, int outl)
     if (data->state != BIO_CONN_S_OK) {
         ret = conn_state(b, data);
         if (ret <= 0)
-            return (ret);
+            return ret;
     }
 
     if (out != NULL) {
@@ -306,7 +311,7 @@ static int conn_read(BIO *b, char *out, int outl)
                 BIO_set_retry_read(b);
         }
     }
-    return (ret);
+    return ret;
 }
 
 static int conn_write(BIO *b, const char *in, int inl)
@@ -318,7 +323,7 @@ static int conn_write(BIO *b, const char *in, int inl)
     if (data->state != BIO_CONN_S_OK) {
         ret = conn_state(b, data);
         if (ret <= 0)
-            return (ret);
+            return ret;
     }
 
     clear_socket_error();
@@ -328,7 +333,7 @@ static int conn_write(BIO *b, const char *in, int inl)
         if (BIO_sock_should_retry(ret))
             BIO_set_retry_write(b);
     }
-    return (ret);
+    return ret;
 }
 
 static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
@@ -473,15 +478,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
         }
         break;
     case BIO_CTRL_SET_CALLBACK:
-        {
-# if 0                          /* FIXME: Should this be used? -- Richard
-                                 * Levitte */
-            BIOerr(BIO_F_CONN_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-            ret = -1;
-# else
-            ret = 0;
-# endif
-        }
+        ret = 0; /* use callback ctrl */
         break;
     case BIO_CTRL_GET_CALLBACK:
         {
@@ -495,7 +492,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
         ret = 0;
         break;
     }
-    return (ret);
+    return ret;
 }
 
 static long conn_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
@@ -515,7 +512,7 @@ static long conn_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
         ret = 0;
         break;
     }
-    return (ret);
+    return ret;
 }
 
 static int conn_puts(BIO *bp, const char *str)
@@ -524,7 +521,7 @@ static int conn_puts(BIO *bp, const char *str)
 
     n = strlen(str);
     ret = conn_write(bp, str, n);
-    return (ret);
+    return ret;
 }
 
 BIO *BIO_new_connect(const char *str)
@@ -533,11 +530,11 @@ BIO *BIO_new_connect(const char *str)
 
     ret = BIO_new(BIO_s_connect());
     if (ret == NULL)
-        return (NULL);
+        return NULL;
     if (BIO_set_conn_hostname(ret, str))
-        return (ret);
+        return ret;
     BIO_free(ret);
-    return (NULL);
+    return NULL;
 }
 
 #endif
diff --git a/deps/openssl/openssl/crypto/bio/bss_dgram.c b/deps/openssl/openssl/crypto/bio/bss_dgram.c
index c772d956b8..d5fe5bb5a8 100644
--- a/deps/openssl/openssl/crypto/bio/bss_dgram.c
+++ b/deps/openssl/openssl/crypto/bio/bss_dgram.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -13,13 +13,6 @@
 #include "bio_lcl.h"
 #ifndef OPENSSL_NO_DGRAM
 
-# if !(defined(_WIN32) || defined(OPENSSL_SYS_VMS))
-#  include <sys/time.h>
-# endif
-# if defined(OPENSSL_SYS_VMS)
-#  include <sys/timeb.h>
-# endif
-
 # ifndef OPENSSL_NO_SCTP
 #  include <netinet/sctp.h>
 #  include <fcntl.h>
@@ -73,7 +66,11 @@ static void get_current_time(struct timeval *t);
 static const BIO_METHOD methods_dgramp = {
     BIO_TYPE_DGRAM,
     "datagram socket",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
     dgram_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
     dgram_read,
     dgram_puts,
     NULL,                       /* dgram_gets,         */
@@ -87,7 +84,11 @@ static const BIO_METHOD methods_dgramp = {
 static const BIO_METHOD methods_dgramp_sctp = {
     BIO_TYPE_DGRAM_SCTP,
     "datagram sctp socket",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
     dgram_sctp_write,
+    /* TODO: Convert to new style write function */
+    bread_conv,
     dgram_sctp_read,
     dgram_sctp_puts,
     NULL,                       /* dgram_gets,         */
@@ -135,7 +136,7 @@ typedef struct bio_dgram_sctp_data_st {
 
 const BIO_METHOD *BIO_s_datagram(void)
 {
-    return (&methods_dgramp);
+    return &methods_dgramp;
 }
 
 BIO *BIO_new_dgram(int fd, int close_flag)
@@ -144,9 +145,9 @@ BIO *BIO_new_dgram(int fd, int close_flag)
 
     ret = BIO_new(BIO_s_datagram());
     if (ret == NULL)
-        return (NULL);
+        return NULL;
     BIO_set_fd(ret, fd, close_flag);
-    return (ret);
+    return ret;
 }
 
 static int dgram_new(BIO *bi)
@@ -156,7 +157,7 @@ static int dgram_new(BIO *bi)
     if (data == NULL)
         return 0;
     bi->ptr = data;
-    return (1);
+    return 1;
 }
 
 static int dgram_free(BIO *a)
@@ -164,20 +165,20 @@ static int dgram_free(BIO *a)
     bio_dgram_data *data;
 
     if (a == NULL)
-        return (0);
+        return 0;
     if (!dgram_clear(a))
         return 0;
 
     data = (bio_dgram_data *)a->ptr;
     OPENSSL_free(data);
 
-    return (1);
+    return 1;
 }
 
 static int dgram_clear(BIO *a)
 {
     if (a == NULL)
-        return (0);
+        return 0;
     if (a->shutdown) {
         if (a->init) {
             BIO_closesocket(a->num);
@@ -185,7 +186,7 @@ static int dgram_clear(BIO *a)
         a->init = 0;
         a->flags = 0;
     }
-    return (1);
+    return 1;
 }
 
 static void dgram_adjust_rcv_timeout(BIO *b)
@@ -324,7 +325,7 @@ static int dgram_read(BIO *b, char *out, int outl)
 
         dgram_reset_rcv_timeout(b);
     }
-    return (ret);
+    return ret;
 }
 
 static int dgram_write(BIO *b, const char *in, int inl)
@@ -338,13 +339,8 @@ static int dgram_write(BIO *b, const char *in, int inl)
     else {
         int peerlen = BIO_ADDR_sockaddr_size(&data->peer);
 
-# if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK)
-        ret = sendto(b->num, (char *)in, inl, 0,
-                     BIO_ADDR_sockaddr(&data->peer), peerlen);
-# else
         ret = sendto(b->num, in, inl, 0,
                      BIO_ADDR_sockaddr(&data->peer), peerlen);
-# endif
     }
 
     BIO_clear_retry_flags(b);
@@ -354,7 +350,7 @@ static int dgram_write(BIO *b, const char *in, int inl)
             data->_errno = get_last_socket_error();
         }
     }
-    return (ret);
+    return ret;
 }
 
 static long dgram_get_mtu_overhead(bio_dgram_data *data)
@@ -368,7 +364,7 @@ static long dgram_get_mtu_overhead(bio_dgram_data *data)
          */
         ret = 28;
         break;
-# ifdef AF_INET6
+# if OPENSSL_USE_IPV6
     case AF_INET6:
         {
 #  ifdef IN6_IS_ADDR_V4MAPPED
@@ -798,7 +794,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
         ret = 0;
         break;
     }
-    return (ret);
+    return ret;
 }
 
 static int dgram_puts(BIO *bp, const char *str)
@@ -807,13 +803,13 @@ static int dgram_puts(BIO *bp, const char *str)
 
     n = strlen(str);
     ret = dgram_write(bp, str, n);
-    return (ret);
+    return ret;
 }
 
 # ifndef OPENSSL_NO_SCTP
 const BIO_METHOD *BIO_s_datagram_sctp(void)
 {
-    return (&methods_dgramp_sctp);
+    return &methods_dgramp_sctp;
 }
 
 BIO *BIO_new_dgram_sctp(int fd, int close_flag)
@@ -835,7 +831,7 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag)
 
     bio = BIO_new(BIO_s_datagram_sctp());
     if (bio == NULL)
-        return (NULL);
+        return NULL;
     BIO_set_fd(bio, fd, close_flag);
 
     /* Activate SCTP-AUTH for DATA and FORWARD-TSN chunks */
@@ -845,7 +841,9 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag)
                    sizeof(struct sctp_authchunk));
     if (ret < 0) {
         BIO_vfree(bio);
-        return (NULL);
+        BIOerr(BIO_F_BIO_NEW_DGRAM_SCTP, ERR_R_SYS_LIB);
+        ERR_add_error_data(1, "Ensure SCTP AUTH chunks are enabled in kernel");
+        return NULL;
     }
     auth.sauth_chunk = OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE;
     ret =
@@ -853,26 +851,29 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag)
                    sizeof(struct sctp_authchunk));
     if (ret < 0) {
         BIO_vfree(bio);
-        return (NULL);
+        BIOerr(BIO_F_BIO_NEW_DGRAM_SCTP, ERR_R_SYS_LIB);
+        ERR_add_error_data(1, "Ensure SCTP AUTH chunks are enabled in kernel");
+        return NULL;
     }
 
     /*
      * Test if activation was successful. When using accept(), SCTP-AUTH has
      * to be activated for the listening socket already, otherwise the
-     * connected socket won't use it.
+     * connected socket won't use it. Similarly with connect(): the socket
+     * prior to connection must be activated for SCTP-AUTH
      */
     sockopt_len = (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t));
     authchunks = OPENSSL_zalloc(sockopt_len);
     if (authchunks == NULL) {
         BIO_vfree(bio);
-        return (NULL);
+        return NULL;
     }
     ret = getsockopt(fd, IPPROTO_SCTP, SCTP_LOCAL_AUTH_CHUNKS, authchunks,
                    &sockopt_len);
     if (ret < 0) {
         OPENSSL_free(authchunks);
         BIO_vfree(bio);
-        return (NULL);
+        return NULL;
     }
 
     for (p = (unsigned char *)authchunks->gauth_chunks;
@@ -886,8 +887,14 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag)
 
     OPENSSL_free(authchunks);
 
-    OPENSSL_assert(auth_data);
-    OPENSSL_assert(auth_forward);
+    if (!auth_data || !auth_forward) {
+        BIO_vfree(bio);
+        BIOerr(BIO_F_BIO_NEW_DGRAM_SCTP, ERR_R_SYS_LIB);
+        ERR_add_error_data(1,
+                           "Ensure SCTP AUTH chunks are enabled on the "
+                           "underlying socket");
+        return NULL;
+    }
 
 #  ifdef SCTP_AUTHENTICATION_EVENT
 #   ifdef SCTP_EVENT
@@ -900,14 +907,14 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag)
                    sizeof(struct sctp_event));
     if (ret < 0) {
         BIO_vfree(bio);
-        return (NULL);
+        return NULL;
     }
 #   else
     sockopt_len = (socklen_t) sizeof(struct sctp_event_subscribe);
     ret = getsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event, &sockopt_len);
     if (ret < 0) {
         BIO_vfree(bio);
-        return (NULL);
+        return NULL;
     }
 
     event.sctp_authentication_event = 1;
@@ -917,7 +924,7 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag)
                    sizeof(struct sctp_event_subscribe));
     if (ret < 0) {
         BIO_vfree(bio);
-        return (NULL);
+        return NULL;
     }
 #   endif
 #  endif
@@ -931,10 +938,10 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag)
                    sizeof(optval));
     if (ret < 0) {
         BIO_vfree(bio);
-        return (NULL);
+        return NULL;
     }
 
-    return (bio);
+    return bio;
 }
 
 int BIO_dgram_is_sctp(BIO *bio)
@@ -948,16 +955,17 @@ static int dgram_sctp_new(BIO *bi)
 
     bi->init = 0;
     bi->num = 0;
-    data = OPENSSL_zalloc(sizeof(*data));
-    if (data == NULL)
+    if ((data = OPENSSL_zalloc(sizeof(*data))) == NULL) {
+        BIOerr(BIO_F_DGRAM_SCTP_NEW, ERR_R_MALLOC_FAILURE);
         return 0;
+    }
 #  ifdef SCTP_PR_SCTP_NONE
     data->prinfo.pr_policy = SCTP_PR_SCTP_NONE;
 #  endif
     bi->ptr = data;
 
     bi->flags = 0;
-    return (1);
+    return 1;
 }
 
 static int dgram_sctp_free(BIO *a)
@@ -965,7 +973,7 @@ static int dgram_sctp_free(BIO *a)
     bio_dgram_sctp_data *data;
 
     if (a == NULL)
-        return (0);
+        return 0;
     if (!dgram_clear(a))
         return 0;
 
@@ -973,7 +981,7 @@ static int dgram_sctp_free(BIO *a)
     if (data != NULL)
         OPENSSL_free(data);
 
-    return (1);
+    return 1;
 }
 
 #  ifdef SCTP_AUTHENTICATION_EVENT
@@ -1210,7 +1218,7 @@ static int dgram_sctp_read(BIO *b, char *out, int outl)
             data->peer_auth_tested = 1;
         }
     }
-    return (ret);
+    return ret;
 }
 
 /*
@@ -1326,7 +1334,7 @@ static int dgram_sctp_write(BIO *b, const char *in, int inl)
             data->_errno = get_last_socket_error();
         }
     }
-    return (ret);
+    return ret;
 }
 
 static long dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr)
@@ -1562,7 +1570,7 @@ static long dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr)
         ret = dgram_ctrl(b, cmd, num, ptr);
         break;
     }
-    return (ret);
+    return ret;
 }
 
 int BIO_dgram_sctp_notification_cb(BIO *b,
@@ -1819,7 +1827,7 @@ static int dgram_sctp_puts(BIO *bp, const char *str)
 
     n = strlen(str);
     ret = dgram_sctp_write(bp, str, n);
-    return (ret);
+    return ret;
 }
 # endif
 
@@ -1838,9 +1846,9 @@ static int BIO_dgram_should_retry(int i)
          */
 # endif
 
-        return (BIO_dgram_non_fatal_error(err));
+        return BIO_dgram_non_fatal_error(err);
     }
-    return (0);
+    return 0;
 }
 
 int BIO_dgram_non_fatal_error(int err)
@@ -1884,12 +1892,11 @@ int BIO_dgram_non_fatal_error(int err)
     case EALREADY:
 # endif
 
-        return (1);
-        /* break; */
+        return 1;
     default:
         break;
     }
-    return (0);
+    return 0;
 }
 
 static void get_current_time(struct timeval *t)
@@ -1910,11 +1917,6 @@ static void get_current_time(struct timeval *t)
 #  endif
     t->tv_sec = (long)(now.ul / 10000000);
     t->tv_usec = ((int)(now.ul % 10000000)) / 10;
-# elif defined(OPENSSL_SYS_VMS)
-    struct timeb tb;
-    ftime(&tb);
-    t->tv_sec = (long)tb.time;
-    t->tv_usec = (long)tb.millitm * 1000;
 # else
     gettimeofday(t, NULL);
 # endif
diff --git a/deps/openssl/openssl/crypto/bio/bss_fd.c b/deps/openssl/openssl/crypto/bio/bss_fd.c
index 2bd3517dfd..5bc539c90b 100644
--- a/deps/openssl/openssl/crypto/bio/bss_fd.c
+++ b/deps/openssl/openssl/crypto/bio/bss_fd.c
@@ -60,7 +60,11 @@ int BIO_fd_should_retry(int s);
 static const BIO_METHOD methods_fdp = {
     BIO_TYPE_FD,
     "file descriptor",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
     fd_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
     fd_read,
     fd_puts,
     fd_gets,
@@ -72,7 +76,7 @@ static const BIO_METHOD methods_fdp = {
 
 const BIO_METHOD *BIO_s_fd(void)
 {
-    return (&methods_fdp);
+    return &methods_fdp;
 }
 
 BIO *BIO_new_fd(int fd, int close_flag)
@@ -80,9 +84,9 @@ BIO *BIO_new_fd(int fd, int close_flag)
     BIO *ret;
     ret = BIO_new(BIO_s_fd());
     if (ret == NULL)
-        return (NULL);
+        return NULL;
     BIO_set_fd(ret, fd, close_flag);
-    return (ret);
+    return ret;
 }
 
 static int fd_new(BIO *bi)
@@ -91,13 +95,13 @@ static int fd_new(BIO *bi)
     bi->num = -1;
     bi->ptr = NULL;
     bi->flags = BIO_FLAGS_UPLINK; /* essentially redundant */
-    return (1);
+    return 1;
 }
 
 static int fd_free(BIO *a)
 {
     if (a == NULL)
-        return (0);
+        return 0;
     if (a->shutdown) {
         if (a->init) {
             UP_close(a->num);
@@ -105,7 +109,7 @@ static int fd_free(BIO *a)
         a->init = 0;
         a->flags = BIO_FLAGS_UPLINK;
     }
-    return (1);
+    return 1;
 }
 
 static int fd_read(BIO *b, char *out, int outl)
@@ -121,7 +125,7 @@ static int fd_read(BIO *b, char *out, int outl)
                 BIO_set_retry_read(b);
         }
     }
-    return (ret);
+    return ret;
 }
 
 static int fd_write(BIO *b, const char *in, int inl)
@@ -134,7 +138,7 @@ static int fd_write(BIO *b, const char *in, int inl)
         if (BIO_fd_should_retry(ret))
             BIO_set_retry_write(b);
     }
-    return (ret);
+    return ret;
 }
 
 static long fd_ctrl(BIO *b, int cmd, long num, void *ptr)
@@ -186,7 +190,7 @@ static long fd_ctrl(BIO *b, int cmd, long num, void *ptr)
         ret = 0;
         break;
     }
-    return (ret);
+    return ret;
 }
 
 static int fd_puts(BIO *bp, const char *str)
@@ -195,7 +199,7 @@ static int fd_puts(BIO *bp, const char *str)
 
     n = strlen(str);
     ret = fd_write(bp, str, n);
-    return (ret);
+    return ret;
 }
 
 static int fd_gets(BIO *bp, char *buf, int size)
@@ -204,14 +208,16 @@ static int fd_gets(BIO *bp, char *buf, int size)
     char *ptr = buf;
     char *end = buf + size - 1;
 
-    while ((ptr < end) && (fd_read(bp, ptr, 1) > 0) && (ptr[0] != '\n'))
-        ptr++;
+    while (ptr < end && fd_read(bp, ptr, 1) > 0) {
+        if (*ptr++ == '\n')
+           break;
+    }
 
     ptr[0] = '\0';
 
     if (buf[0] != '\0')
         ret = strlen(buf);
-    return (ret);
+    return ret;
 }
 
 int BIO_fd_should_retry(int i)
@@ -221,9 +227,9 @@ int BIO_fd_should_retry(int i)
     if ((i == 0) || (i == -1)) {
         err = get_last_sys_error();
 
-        return (BIO_fd_non_fatal_error(err));
+        return BIO_fd_non_fatal_error(err);
     }
-    return (0);
+    return 0;
 }
 
 int BIO_fd_non_fatal_error(int err)
@@ -265,11 +271,10 @@ int BIO_fd_non_fatal_error(int err)
 # ifdef EALREADY
     case EALREADY:
 # endif
-        return (1);
-        /* break; */
+        return 1;
     default:
         break;
     }
-    return (0);
+    return 0;
 }
 #endif
diff --git a/deps/openssl/openssl/crypto/bio/bss_file.c b/deps/openssl/openssl/crypto/bio/bss_file.c
index 2edf244835..8de2391267 100644
--- a/deps/openssl/openssl/crypto/bio/bss_file.c
+++ b/deps/openssl/openssl/crypto/bio/bss_file.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -7,12 +7,6 @@
  * https://www.openssl.org/source/license.html
  */
 
-/*-
- * 03-Dec-1997  rdenny@dc3.com  Fix bug preventing use of stdin/stdout
- *              with binary data (e.g. asn1parse -inform DER < xxx) under
- *              Windows
- */
-
 #ifndef HEADER_BSS_FILE_C
 # define HEADER_BSS_FILE_C
 
@@ -51,7 +45,11 @@ static int file_free(BIO *data);
 static const BIO_METHOD methods_filep = {
     BIO_TYPE_FILE,
     "FILE pointer",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
     file_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
     file_read,
     file_puts,
     file_gets,
@@ -81,17 +79,17 @@ BIO *BIO_new_file(const char *filename, const char *mode)
             BIOerr(BIO_F_BIO_NEW_FILE, BIO_R_NO_SUCH_FILE);
         else
             BIOerr(BIO_F_BIO_NEW_FILE, ERR_R_SYS_LIB);
-        return (NULL);
+        return NULL;
     }
     if ((ret = BIO_new(BIO_s_file())) == NULL) {
         fclose(file);
-        return (NULL);
+        return NULL;
     }
 
     BIO_clear_flags(ret, BIO_FLAGS_UPLINK); /* we did fopen -> we disengage
                                              * UPLINK */
     BIO_set_fp(ret, file, fp_flags);
-    return (ret);
+    return ret;
 }
 
 BIO *BIO_new_fp(FILE *stream, int close_flag)
@@ -99,17 +97,17 @@ BIO *BIO_new_fp(FILE *stream, int close_flag)
     BIO *ret;
 
     if ((ret = BIO_new(BIO_s_file())) == NULL)
-        return (NULL);
+        return NULL;
 
     /* redundant flag, left for documentation purposes */
     BIO_set_flags(ret, BIO_FLAGS_UPLINK);
     BIO_set_fp(ret, stream, close_flag);
-    return (ret);
+    return ret;
 }
 
 const BIO_METHOD *BIO_s_file(void)
 {
-    return (&methods_filep);
+    return &methods_filep;
 }
 
 static int file_new(BIO *bi)
@@ -118,13 +116,13 @@ static int file_new(BIO *bi)
     bi->num = 0;
     bi->ptr = NULL;
     bi->flags = BIO_FLAGS_UPLINK; /* default to UPLINK */
-    return (1);
+    return 1;
 }
 
 static int file_free(BIO *a)
 {
     if (a == NULL)
-        return (0);
+        return 0;
     if (a->shutdown) {
         if ((a->init) && (a->ptr != NULL)) {
             if (a->flags & BIO_FLAGS_UPLINK)
@@ -136,7 +134,7 @@ static int file_free(BIO *a)
         }
         a->init = 0;
     }
-    return (1);
+    return 1;
 }
 
 static int file_read(BIO *b, char *out, int outl)
@@ -156,7 +154,7 @@ static int file_read(BIO *b, char *out, int outl)
             ret = -1;
         }
     }
-    return (ret);
+    return ret;
 }
 
 static int file_write(BIO *b, const char *in, int inl)
@@ -172,12 +170,12 @@ static int file_write(BIO *b, const char *in, int inl)
             ret = inl;
         /* ret=fwrite(in,1,(int)inl,(FILE *)b->ptr); */
         /*
-         * according to Tim Hudson <tjh@cryptsoft.com>, the commented out
+         * according to Tim Hudson <tjh@openssl.org>, the commented out
          * version above can cause 'inl' write calls under some stupid stdio
          * implementations (VMS)
          */
     }
-    return (ret);
+    return ret;
 }
 
 static long file_ctrl(BIO *b, int cmd, long num, void *ptr)
@@ -283,9 +281,9 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr)
         }
 #  if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32_CYGWIN)
         if (!(num & BIO_FP_TEXT))
-            strcat(p, "b");
+            OPENSSL_strlcat(p, "b", sizeof(p));
         else
-            strcat(p, "t");
+            OPENSSL_strlcat(p, "t", sizeof(p));
 #  endif
         fp = openssl_fopen(ptr, p);
         if (fp == NULL) {
@@ -335,7 +333,7 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr)
         ret = 0;
         break;
     }
-    return (ret);
+    return ret;
 }
 
 static int file_gets(BIO *bp, char *buf, int size)
@@ -353,7 +351,7 @@ static int file_gets(BIO *bp, char *buf, int size)
     if (buf[0] != '\0')
         ret = strlen(buf);
  err:
-    return (ret);
+    return ret;
 }
 
 static int file_puts(BIO *bp, const char *str)
@@ -362,7 +360,7 @@ static int file_puts(BIO *bp, const char *str)
 
     n = strlen(str);
     ret = file_write(bp, str, n);
-    return (ret);
+    return ret;
 }
 
 #else
@@ -399,7 +397,11 @@ static int file_free(BIO *a)
 static const BIO_METHOD methods_filep = {
     BIO_TYPE_FILE,
     "FILE pointer",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
     file_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
     file_read,
     file_puts,
     file_gets,
@@ -411,7 +413,7 @@ static const BIO_METHOD methods_filep = {
 
 const BIO_METHOD *BIO_s_file(void)
 {
-    return (&methods_filep);
+    return &methods_filep;
 }
 
 BIO *BIO_new_file(const char *filename, const char *mode)
diff --git a/deps/openssl/openssl/crypto/bio/bss_log.c b/deps/openssl/openssl/crypto/bio/bss_log.c
index f090e8214b..e9ab932ec2 100644
--- a/deps/openssl/openssl/crypto/bio/bss_log.c
+++ b/deps/openssl/openssl/crypto/bio/bss_log.c
@@ -39,7 +39,7 @@ void *_malloc32(__size_t);
 #  endif                        /* __INITIAL_POINTER_SIZE == 64 */
 # endif                         /* __INITIAL_POINTER_SIZE && defined
                                  * _ANSI_C_SOURCE */
-#elif defined(OPENSSL_SYS_NETWARE)
+#elif defined(__DJGPP__) && defined(OPENSSL_NO_SOCK)
 # define NO_SYSLOG
 #elif (!defined(MSDOS) || defined(WATT32)) && !defined(OPENSSL_SYS_VXWORKS) && !defined(NO_SYSLOG)
 # include <syslog.h>
@@ -87,10 +87,13 @@ static void xcloselog(BIO *bp);
 static const BIO_METHOD methods_slg = {
     BIO_TYPE_MEM,
     "syslog",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
     slg_write,
+    NULL,                      /* slg_write_old,    */
     NULL,                      /* slg_read,         */
     slg_puts,
-    NULL,                      /* slg_gets,         */
+    NULL,
     slg_ctrl,
     slg_new,
     slg_free,
@@ -99,7 +102,7 @@ static const BIO_METHOD methods_slg = {
 
 const BIO_METHOD *BIO_s_log(void)
 {
-    return (&methods_slg);
+    return &methods_slg;
 }
 
 static int slg_new(BIO *bi)
@@ -108,15 +111,15 @@ static int slg_new(BIO *bi)
     bi->num = 0;
     bi->ptr = NULL;
     xopenlog(bi, "application", LOG_DAEMON);
-    return (1);
+    return 1;
 }
 
 static int slg_free(BIO *a)
 {
     if (a == NULL)
-        return (0);
+        return 0;
     xcloselog(a);
-    return (1);
+    return 1;
 }
 
 static int slg_write(BIO *b, const char *in, int inl)
@@ -194,7 +197,8 @@ static int slg_write(BIO *b, const char *in, int inl)
     };
 
     if ((buf = OPENSSL_malloc(inl + 1)) == NULL) {
-        return (0);
+        BIOerr(BIO_F_SLG_WRITE, ERR_R_MALLOC_FAILURE);
+        return 0;
     }
     memcpy(buf, in, inl);
     buf[inl] = '\0';
@@ -208,7 +212,7 @@ static int slg_write(BIO *b, const char *in, int inl)
     xsyslog(b, priority, pp);
 
     OPENSSL_free(buf);
-    return (ret);
+    return ret;
 }
 
 static long slg_ctrl(BIO *b, int cmd, long num, void *ptr)
@@ -221,7 +225,7 @@ static long slg_ctrl(BIO *b, int cmd, long num, void *ptr)
     default:
         break;
     }
-    return (0);
+    return 0;
 }
 
 static int slg_puts(BIO *bp, const char *str)
@@ -230,7 +234,7 @@ static int slg_puts(BIO *bp, const char *str)
 
     n = strlen(str);
     ret = slg_write(bp, str, n);
-    return (ret);
+    return ret;
 }
 
 # if defined(OPENSSL_SYS_WIN32)
diff --git a/deps/openssl/openssl/crypto/bio/bss_mem.c b/deps/openssl/openssl/crypto/bio/bss_mem.c
index 4c0e4d7412..e0a97c3b43 100644
--- a/deps/openssl/openssl/crypto/bio/bss_mem.c
+++ b/deps/openssl/openssl/crypto/bio/bss_mem.c
@@ -26,7 +26,11 @@ static int mem_buf_sync(BIO *h);
 static const BIO_METHOD mem_method = {
     BIO_TYPE_MEM,
     "memory buffer",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
     mem_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
     mem_read,
     mem_puts,
     mem_gets,
@@ -39,7 +43,11 @@ static const BIO_METHOD mem_method = {
 static const BIO_METHOD secmem_method = {
     BIO_TYPE_MEM,
     "secure memory buffer",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
     mem_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
     mem_read,
     mem_puts,
     mem_gets,
@@ -62,7 +70,7 @@ typedef struct bio_buf_mem_st {
 
 const BIO_METHOD *BIO_s_mem(void)
 {
-    return (&mem_method);
+    return &mem_method;
 }
 
 const BIO_METHOD *BIO_s_secmem(void)
@@ -122,42 +130,38 @@ static int mem_init(BIO *bi, unsigned long flags)
 
 static int mem_new(BIO *bi)
 {
-    return (mem_init(bi, 0L));
+    return mem_init(bi, 0L);
 }
 
 static int secmem_new(BIO *bi)
 {
-    return (mem_init(bi, BUF_MEM_FLAG_SECURE));
+    return mem_init(bi, BUF_MEM_FLAG_SECURE);
 }
 
 static int mem_free(BIO *a)
 {
-    return (mem_buf_free(a, 1));
+    return mem_buf_free(a, 1);
 }
 
 static int mem_buf_free(BIO *a, int free_all)
 {
     if (a == NULL)
-        return (0);
-    if (a->shutdown) {
-        if ((a->init) && (a->ptr != NULL)) {
-            BUF_MEM *b;
-            BIO_BUF_MEM *bb = (BIO_BUF_MEM *)a->ptr;
-
-            if (bb != NULL) {
-                b = bb->buf;
-                if (a->flags & BIO_FLAGS_MEM_RDONLY)
-                    b->data = NULL;
-                BUF_MEM_free(b);
-                if (free_all) {
-                    OPENSSL_free(bb->readp);
-                    OPENSSL_free(bb);
-                }
-            }
-            a->ptr = NULL;
+        return 0;
+
+    if (a->shutdown && a->init && a->ptr != NULL) {
+        BIO_BUF_MEM *bb = (BIO_BUF_MEM *)a->ptr;
+        BUF_MEM *b = bb->buf;
+
+        if (a->flags & BIO_FLAGS_MEM_RDONLY)
+            b->data = NULL;
+        BUF_MEM_free(b);
+        if (free_all) {
+            OPENSSL_free(bb->readp);
+            OPENSSL_free(bb);
         }
+        a->ptr = NULL;
     }
-    return (1);
+    return 1;
 }
 
 /*
@@ -174,7 +178,7 @@ static int mem_buf_sync(BIO *b)
             bbm->readp->data = bbm->buf->data;
         }
     }
-    return (0);
+    return 0;
 }
 
 static int mem_read(BIO *b, char *out, int outl)
@@ -194,7 +198,7 @@ static int mem_read(BIO *b, char *out, int outl)
         if (ret != 0)
             BIO_set_retry_read(b);
     }
-    return (ret);
+    return ret;
 }
 
 static int mem_write(BIO *b, const char *in, int inl)
@@ -222,7 +226,7 @@ static int mem_write(BIO *b, const char *in, int inl)
     *bbm->readp = *bbm->buf;
     ret = inl;
  end:
-    return (ret);
+    return ret;
 }
 
 static long mem_ctrl(BIO *b, int cmd, long num, void *ptr)
@@ -299,7 +303,7 @@ static long mem_ctrl(BIO *b, int cmd, long num, void *ptr)
         ret = 0;
         break;
     }
-    return (ret);
+    return ret;
 }
 
 static int mem_gets(BIO *bp, char *buf, int size)
@@ -335,7 +339,7 @@ static int mem_gets(BIO *bp, char *buf, int size)
     if (i > 0)
         buf[i] = '\0';
     ret = i;
-    return (ret);
+    return ret;
 }
 
 static int mem_puts(BIO *bp, const char *str)
@@ -345,5 +349,5 @@ static int mem_puts(BIO *bp, const char *str)
     n = strlen(str);
     ret = mem_write(bp, str, n);
     /* memory semantics is that it will always work */
-    return (ret);
+    return ret;
 }
diff --git a/deps/openssl/openssl/crypto/bio/bss_null.c b/deps/openssl/openssl/crypto/bio/bss_null.c
index 56f95f9fc2..08f1d2bc98 100644
--- a/deps/openssl/openssl/crypto/bio/bss_null.c
+++ b/deps/openssl/openssl/crypto/bio/bss_null.c
@@ -20,7 +20,11 @@ static long null_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static const BIO_METHOD null_method = {
     BIO_TYPE_NULL,
     "NULL",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
     null_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
     null_read,
     null_puts,
     null_gets,
@@ -32,17 +36,17 @@ static const BIO_METHOD null_method = {
 
 const BIO_METHOD *BIO_s_null(void)
 {
-    return (&null_method);
+    return &null_method;
 }
 
 static int null_read(BIO *b, char *out, int outl)
 {
-    return (0);
+    return 0;
 }
 
 static int null_write(BIO *b, const char *in, int inl)
 {
-    return (inl);
+    return inl;
 }
 
 static long null_ctrl(BIO *b, int cmd, long num, void *ptr)
@@ -67,17 +71,17 @@ static long null_ctrl(BIO *b, int cmd, long num, void *ptr)
         ret = 0;
         break;
     }
-    return (ret);
+    return ret;
 }
 
 static int null_gets(BIO *bp, char *buf, int size)
 {
-    return (0);
+    return 0;
 }
 
 static int null_puts(BIO *bp, const char *str)
 {
     if (str == NULL)
-        return (0);
-    return (strlen(str));
+        return 0;
+    return strlen(str);
 }
diff --git a/deps/openssl/openssl/crypto/bio/bss_sock.c b/deps/openssl/openssl/crypto/bio/bss_sock.c
index 992266dc24..ad38453201 100644
--- a/deps/openssl/openssl/crypto/bio/bss_sock.c
+++ b/deps/openssl/openssl/crypto/bio/bss_sock.c
@@ -9,7 +9,6 @@
 
 #include <stdio.h>
 #include <errno.h>
-#define USE_SOCKETS
 #include "bio_lcl.h"
 #include "internal/cryptlib.h"
 
@@ -38,7 +37,11 @@ int BIO_sock_should_retry(int s);
 static const BIO_METHOD methods_sockp = {
     BIO_TYPE_SOCKET,
     "socket",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
     sock_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
     sock_read,
     sock_puts,
     NULL,                       /* sock_gets,         */
@@ -50,7 +53,7 @@ static const BIO_METHOD methods_sockp = {
 
 const BIO_METHOD *BIO_s_socket(void)
 {
-    return (&methods_sockp);
+    return &methods_sockp;
 }
 
 BIO *BIO_new_socket(int fd, int close_flag)
@@ -59,9 +62,9 @@ BIO *BIO_new_socket(int fd, int close_flag)
 
     ret = BIO_new(BIO_s_socket());
     if (ret == NULL)
-        return (NULL);
+        return NULL;
     BIO_set_fd(ret, fd, close_flag);
-    return (ret);
+    return ret;
 }
 
 static int sock_new(BIO *bi)
@@ -70,13 +73,13 @@ static int sock_new(BIO *bi)
     bi->num = 0;
     bi->ptr = NULL;
     bi->flags = 0;
-    return (1);
+    return 1;
 }
 
 static int sock_free(BIO *a)
 {
     if (a == NULL)
-        return (0);
+        return 0;
     if (a->shutdown) {
         if (a->init) {
             BIO_closesocket(a->num);
@@ -84,7 +87,7 @@ static int sock_free(BIO *a)
         a->init = 0;
         a->flags = 0;
     }
-    return (1);
+    return 1;
 }
 
 static int sock_read(BIO *b, char *out, int outl)
@@ -100,7 +103,7 @@ static int sock_read(BIO *b, char *out, int outl)
                 BIO_set_retry_read(b);
         }
     }
-    return (ret);
+    return ret;
 }
 
 static int sock_write(BIO *b, const char *in, int inl)
@@ -114,7 +117,7 @@ static int sock_write(BIO *b, const char *in, int inl)
         if (BIO_sock_should_retry(ret))
             BIO_set_retry_write(b);
     }
-    return (ret);
+    return ret;
 }
 
 static long sock_ctrl(BIO *b, int cmd, long num, void *ptr)
@@ -152,7 +155,7 @@ static long sock_ctrl(BIO *b, int cmd, long num, void *ptr)
         ret = 0;
         break;
     }
-    return (ret);
+    return ret;
 }
 
 static int sock_puts(BIO *bp, const char *str)
@@ -161,7 +164,7 @@ static int sock_puts(BIO *bp, const char *str)
 
     n = strlen(str);
     ret = sock_write(bp, str, n);
-    return (ret);
+    return ret;
 }
 
 int BIO_sock_should_retry(int i)
@@ -171,9 +174,9 @@ int BIO_sock_should_retry(int i)
     if ((i == 0) || (i == -1)) {
         err = get_last_socket_error();
 
-        return (BIO_sock_non_fatal_error(err));
+        return BIO_sock_non_fatal_error(err);
     }
-    return (0);
+    return 0;
 }
 
 int BIO_sock_non_fatal_error(int err)
@@ -220,12 +223,11 @@ int BIO_sock_non_fatal_error(int err)
 # ifdef EALREADY
     case EALREADY:
 # endif
-        return (1);
-        /* break; */
+        return 1;
     default:
         break;
     }
-    return (0);
+    return 0;
 }
 
 #endif                          /* #ifndef OPENSSL_NO_SOCK */
diff --git a/deps/openssl/openssl/crypto/blake2/blake2_impl.h b/deps/openssl/openssl/crypto/blake2/blake2_impl.h
index 8fe5c95915..80b717e79c 100644
--- a/deps/openssl/openssl/crypto/blake2/blake2_impl.h
+++ b/deps/openssl/openssl/crypto/blake2/blake2_impl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -15,7 +15,6 @@
  */
 
 #include <string.h>
-#include "e_os.h"
 
 static ossl_inline uint32_t load32(const uint8_t *src)
 {
diff --git a/deps/openssl/openssl/crypto/blake2/blake2_locl.h b/deps/openssl/openssl/crypto/blake2/blake2_locl.h
index fb7beb976c..926bae944c 100644
--- a/deps/openssl/openssl/crypto/blake2/blake2_locl.h
+++ b/deps/openssl/openssl/crypto/blake2/blake2_locl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -15,7 +15,6 @@
  */
 
 #include <stddef.h>
-#include "e_os.h"
 
 #define BLAKE2S_BLOCKBYTES    64
 #define BLAKE2S_OUTBYTES      32
diff --git a/deps/openssl/openssl/crypto/blake2/blake2b.c b/deps/openssl/openssl/crypto/blake2/blake2b.c
index e77bd9ac16..829ba5b50a 100644
--- a/deps/openssl/openssl/crypto/blake2/blake2b.c
+++ b/deps/openssl/openssl/crypto/blake2/blake2b.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -17,7 +17,6 @@
 #include <assert.h>
 #include <string.h>
 #include <openssl/crypto.h>
-#include "e_os.h"
 
 #include "blake2_locl.h"
 #include "blake2_impl.h"
diff --git a/deps/openssl/openssl/crypto/blake2/blake2s.c b/deps/openssl/openssl/crypto/blake2/blake2s.c
index 0b3503e4f0..8211374d12 100644
--- a/deps/openssl/openssl/crypto/blake2/blake2s.c
+++ b/deps/openssl/openssl/crypto/blake2/blake2s.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -17,7 +17,6 @@
 #include <assert.h>
 #include <string.h>
 #include <openssl/crypto.h>
-#include "e_os.h"
 
 #include "blake2_locl.h"
 #include "blake2_impl.h"
@@ -219,7 +218,7 @@ int BLAKE2s_Update(BLAKE2S_CTX *c, const void *data, size_t datalen)
             in += fill;
             datalen -= fill;
         }
-        if (datalen > BLAKE2S_BLOCKBYTES)  {
+        if (datalen > BLAKE2S_BLOCKBYTES) {
             size_t stashlen = datalen % BLAKE2S_BLOCKBYTES;
             /*
              * If |datalen| is a multiple of the blocksize, stash
diff --git a/deps/openssl/openssl/crypto/blake2/m_blake2b.c b/deps/openssl/openssl/crypto/blake2/m_blake2b.c
index 82c6f6bd80..c493648c3c 100644
--- a/deps/openssl/openssl/crypto/blake2/m_blake2b.c
+++ b/deps/openssl/openssl/crypto/blake2/m_blake2b.c
@@ -54,6 +54,6 @@ static const EVP_MD blake2b_md = {
 
 const EVP_MD *EVP_blake2b512(void)
 {
-    return (&blake2b_md);
+    return &blake2b_md;
 }
 #endif
diff --git a/deps/openssl/openssl/crypto/blake2/m_blake2s.c b/deps/openssl/openssl/crypto/blake2/m_blake2s.c
index 467e91a87b..83b2811e44 100644
--- a/deps/openssl/openssl/crypto/blake2/m_blake2s.c
+++ b/deps/openssl/openssl/crypto/blake2/m_blake2s.c
@@ -54,6 +54,6 @@ static const EVP_MD blake2s_md = {
 
 const EVP_MD *EVP_blake2s256(void)
 {
-    return (&blake2s_md);
+    return &blake2s_md;
 }
 #endif
diff --git a/deps/openssl/openssl/crypto/bn/README.pod b/deps/openssl/openssl/crypto/bn/README.pod
index 109ab0d914..706a140342 100644
--- a/deps/openssl/openssl/crypto/bn/README.pod
+++ b/deps/openssl/openssl/crypto/bn/README.pod
@@ -6,7 +6,7 @@ bn_mul_words, bn_mul_add_words, bn_sqr_words, bn_div_words,
 bn_add_words, bn_sub_words, bn_mul_comba4, bn_mul_comba8,
 bn_sqr_comba4, bn_sqr_comba8, bn_cmp_words, bn_mul_normal,
 bn_mul_low_normal, bn_mul_recursive, bn_mul_part_recursive,
-bn_mul_low_recursive, bn_mul_high, bn_sqr_normal, bn_sqr_recursive,
+bn_mul_low_recursive, bn_sqr_normal, bn_sqr_recursive,
 bn_expand, bn_wexpand, bn_expand2, bn_fix_top, bn_check_top,
 bn_print, bn_dump, bn_set_max, bn_set_high, bn_set_low - BIGNUM
 library internal functions
@@ -41,8 +41,6 @@ library internal functions
    int n, int tna, int tnb, BN_ULONG *tmp);
  void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b,
    int n2, BN_ULONG *tmp);
- void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l,
-   int n2, BN_ULONG *tmp);
 
  void bn_sqr_normal(BN_ULONG *r, BN_ULONG *a, int n, BN_ULONG *tmp);
  void bn_sqr_recursive(BN_ULONG *r, BN_ULONG *a, int n2, BN_ULONG *tmp);
@@ -178,10 +176,6 @@ bn_mul_low_recursive(B<r>, B<a>, B<b>, B<n2>, B<tmp>) operates on the
 B<n2> word arrays B<r> and B<tmp> and the B<n2>/2 word arrays B<a>
 and B<b>.
 
-bn_mul_high(B<r>, B<a>, B<b>, B<l>, B<n2>, B<tmp>) operates on the
-B<n2> word arrays B<r>, B<a>, B<b> and B<l> (?) and the 3*B<n2> word
-array B<tmp>.
-
 BN_mul() calls bn_mul_normal(), or an optimized implementation if the
 factors have the same size: bn_mul_comba8() is used if they are 8
 words long, bn_mul_recursive() if they are larger than
diff --git a/deps/openssl/openssl/crypto/bn/asm/alpha-mont.pl b/deps/openssl/openssl/crypto/bn/asm/alpha-mont.pl
index 9632133090..c9b962a150 100644
--- a/deps/openssl/openssl/crypto/bn/asm/alpha-mont.pl
+++ b/deps/openssl/openssl/crypto/bn/asm/alpha-mont.pl
@@ -8,7 +8,7 @@
 
 #
 # ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
 # project. The module is, however, dual licensed under OpenSSL and
 # CRYPTOGAMS licenses depending on where you obtain it. For further
 # details see http://www.openssl.org/~appro/cryptogams/.
diff --git a/deps/openssl/openssl/crypto/bn/asm/armv4-gf2m.pl b/deps/openssl/openssl/crypto/bn/asm/armv4-gf2m.pl
index 0bb5433075..7a0cdb2e8a 100644
--- a/deps/openssl/openssl/crypto/bn/asm/armv4-gf2m.pl
+++ b/deps/openssl/openssl/crypto/bn/asm/armv4-gf2m.pl
@@ -36,7 +36,7 @@
 #
 # Câmara, D.; Gouvêa, C. P. L.; López, J. & Dahab, R.: Fast Software
 # Polynomial Multiplication on ARM Processors using the NEON Engine.
-# 
+#
 # http://conradoplg.cryptoland.net/files/2010/12/mocrysen13.pdf
 
 $flavour = shift;
diff --git a/deps/openssl/openssl/crypto/bn/asm/armv4-mont.pl b/deps/openssl/openssl/crypto/bn/asm/armv4-mont.pl
index ddee8b7fa1..6bedc62ba6 100644
--- a/deps/openssl/openssl/crypto/bn/asm/armv4-mont.pl
+++ b/deps/openssl/openssl/crypto/bn/asm/armv4-mont.pl
@@ -23,7 +23,7 @@
 # [depending on key length, less for longer keys] on ARM920T, and
 # +115-80% on Intel IXP425. This is compared to pre-bn_mul_mont code
 # base and compiler generated code with in-lined umull and even umlal
-# instructions. The latter means that this code didn't really have an 
+# instructions. The latter means that this code didn't really have an
 # "advantage" of utilizing some "secret" instruction.
 #
 # The code is interoperable with Thumb ISA and is rather compact, less
diff --git a/deps/openssl/openssl/crypto/bn/asm/bn-586.pl b/deps/openssl/openssl/crypto/bn/asm/bn-586.pl
index 1ca1bbf7d4..58effc8808 100644
--- a/deps/openssl/openssl/crypto/bn/asm/bn-586.pl
+++ b/deps/openssl/openssl/crypto/bn/asm/bn-586.pl
@@ -14,7 +14,7 @@ require "x86asm.pl";
 $output = pop;
 open STDOUT,">$output";
 
-&asm_init($ARGV[0],$0);
+&asm_init($ARGV[0]);
 
 $sse2=0;
 for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
@@ -54,7 +54,7 @@ sub bn_mul_add_words
 		&movd("mm0",&wparam(3));	# mm0 = w
 		&pxor("mm1","mm1");		# mm1 = carry_in
 		&jmp(&label("maw_sse2_entry"));
-		
+
 	&set_label("maw_sse2_unrolled",16);
 		&movd("mm3",&DWP(0,$r,"",0));	# mm3 = r[0]
 		&paddq("mm1","mm3");		# mm1 = carry_in + r[0]
@@ -675,20 +675,20 @@ sub bn_sub_part_words
 	    &adc($c,0);
 	    &mov(&DWP($i*4,$r,"",0),$tmp1); 	# *r
 	}
-	    
+
 	&comment("");
 	&add($b,32);
 	&add($r,32);
 	&sub($num,8);
 	&jnz(&label("pw_neg_loop"));
-	    
+
 	&set_label("pw_neg_finish",0);
 	&mov($tmp2,&wparam(4));	# get dl
 	&mov($num,0);
 	&sub($num,$tmp2);
 	&and($num,7);
 	&jz(&label("pw_end"));
-	    
+
 	for ($i=0; $i<7; $i++)
 	{
 	    &comment("dl<0 Tail Round $i");
@@ -705,9 +705,9 @@ sub bn_sub_part_words
 	}
 
 	&jmp(&label("pw_end"));
-	
+
 	&set_label("pw_pos",0);
-	
+
 	&and($num,0xfffffff8);	# num / 8
 	&jz(&label("pw_pos_finish"));
 
@@ -722,18 +722,18 @@ sub bn_sub_part_words
 	    &mov(&DWP($i*4,$r,"",0),$tmp1);	# *r
 	    &jnc(&label("pw_nc".$i));
 	}
-	    
+
 	&comment("");
 	&add($a,32);
 	&add($r,32);
 	&sub($num,8);
 	&jnz(&label("pw_pos_loop"));
-	    
+
 	&set_label("pw_pos_finish",0);
 	&mov($num,&wparam(4));	# get dl
 	&and($num,7);
 	&jz(&label("pw_end"));
-	    
+
 	for ($i=0; $i<7; $i++)
 	{
 	    &comment("dl>0 Tail Round $i");
@@ -754,17 +754,17 @@ sub bn_sub_part_words
 	    &mov(&DWP($i*4,$r,"",0),$tmp1);	# *r
 	    &set_label("pw_nc".$i,0);
 	}
-	    
+
 	&comment("");
 	&add($a,32);
 	&add($r,32);
 	&sub($num,8);
 	&jnz(&label("pw_nc_loop"));
-	    
+
 	&mov($num,&wparam(4));	# get dl
 	&and($num,7);
 	&jz(&label("pw_nc_end"));
-	    
+
 	for ($i=0; $i<7; $i++)
 	{
 	    &mov($tmp1,&DWP($i*4,$a,"",0));	# *a
diff --git a/deps/openssl/openssl/crypto/bn/asm/c64xplus-gf2m.pl b/deps/openssl/openssl/crypto/bn/asm/c64xplus-gf2m.pl
index c0e5400807..9c46da3af8 100644
--- a/deps/openssl/openssl/crypto/bn/asm/c64xplus-gf2m.pl
+++ b/deps/openssl/openssl/crypto/bn/asm/c64xplus-gf2m.pl
@@ -43,7 +43,7 @@ $code.=<<___;
 	SHRU	$A,16,   $Ahi		; smash $A to two halfwords
 ||	EXTU	$A,16,16,$Alo
 
-	XORMPY	$Alo,$B_2,$Alox2	; 16x8 bits muliplication
+	XORMPY	$Alo,$B_2,$Alox2	; 16x8 bits multiplication
 ||	XORMPY	$Ahi,$B_2,$Ahix2
 ||	EXTU	$B,16,24,$B_1
 	XORMPY	$Alo,$B_0,$Alox0
diff --git a/deps/openssl/openssl/crypto/bn/asm/co-586.pl b/deps/openssl/openssl/crypto/bn/asm/co-586.pl
index 60d0363660..97f5e3a19f 100644
--- a/deps/openssl/openssl/crypto/bn/asm/co-586.pl
+++ b/deps/openssl/openssl/crypto/bn/asm/co-586.pl
@@ -13,7 +13,7 @@ require "x86asm.pl";
 $output = pop;
 open STDOUT,">$output";
 
-&asm_init($ARGV[0],$0);
+&asm_init($ARGV[0]);
 
 &bn_mul_comba("bn_mul_comba8",8);
 &bn_mul_comba("bn_mul_comba4",4);
@@ -47,7 +47,7 @@ sub mul_add_c
 	 &mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 1;	# laod next b
 	 ###
 	&adc($c2,0);
-	 # is pos > 1, it means it is the last loop 
+	 # is pos > 1, it means it is the last loop
 	 &mov(&DWP($i*4,"eax","",0),$c0) if $pos > 0;		# save r[];
 	&mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1;		# laod next a
 	}
@@ -76,7 +76,7 @@ sub sqr_add_c
 	 &mov("edx",&DWP(($nb)*4,$a,"",0)) if ($pos == 1) && ($na != $nb);
 	 ###
 	&adc($c2,0);
-	 # is pos > 1, it means it is the last loop 
+	 # is pos > 1, it means it is the last loop
 	 &mov(&DWP($i*4,$r,"",0),$c0) if $pos > 0;		# save r[];
 	&mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1;		# load next b
 	}
@@ -127,7 +127,7 @@ sub bn_mul_comba
 	$c2="ebp";
 	$a="esi";
 	$b="edi";
-	
+
 	$as=0;
 	$ae=0;
 	$bs=0;
@@ -142,9 +142,9 @@ sub bn_mul_comba
 	 &push("ebx");
 
 	&xor($c0,$c0);
-	 &mov("eax",&DWP(0,$a,"",0));	# load the first word 
+	 &mov("eax",&DWP(0,$a,"",0));	# load the first word
 	&xor($c1,$c1);
-	 &mov("edx",&DWP(0,$b,"",0));	# load the first second 
+	 &mov("edx",&DWP(0,$b,"",0));	# load the first second
 
 	for ($i=0; $i<$tot; $i++)
 		{
@@ -152,7 +152,7 @@ sub bn_mul_comba
 		$bi=$bs;
 		$end=$be+1;
 
-		&comment("################## Calculate word $i"); 
+		&comment("################## Calculate word $i");
 
 		for ($j=$bs; $j<$end; $j++)
 			{
diff --git a/deps/openssl/openssl/crypto/bn/asm/ia64-mont.pl b/deps/openssl/openssl/crypto/bn/asm/ia64-mont.pl
index 0df1fad115..ec486f7779 100644
--- a/deps/openssl/openssl/crypto/bn/asm/ia64-mont.pl
+++ b/deps/openssl/openssl/crypto/bn/asm/ia64-mont.pl
@@ -8,7 +8,7 @@
 
 #
 # ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
 # project. The module is, however, dual licensed under OpenSSL and
 # CRYPTOGAMS licenses depending on where you obtain it. For further
 # details see http://www.openssl.org/~appro/cryptogams/.
@@ -80,7 +80,7 @@ $code=<<___;
 
 // int bn_mul_mont (BN_ULONG *rp,const BN_ULONG *ap,
 //		    const BN_ULONG *bp,const BN_ULONG *np,
-//		    const BN_ULONG *n0p,int num);			
+//		    const BN_ULONG *n0p,int num);
 .align	64
 .global	bn_mul_mont#
 .proc	bn_mul_mont#
@@ -203,7 +203,7 @@ bn_mul_mont_general:
 { .mmi;	.pred.rel	"mutex",p39,p41
 (p39)	add		topbit=r0,r0
 (p41)	add		topbit=r0,r0,1
-	nop.i		0		}	
+	nop.i		0		}
 { .mmi;	st8		[tp_1]=n[0]
 	add		tptr=16,sp
 	add		tp_1=8,sp	};;
diff --git a/deps/openssl/openssl/crypto/bn/asm/ia64.S b/deps/openssl/openssl/crypto/bn/asm/ia64.S
index f2404a3c1e..d235c45e2d 100644
--- a/deps/openssl/openssl/crypto/bn/asm/ia64.S
+++ b/deps/openssl/openssl/crypto/bn/asm/ia64.S
@@ -1,9 +1,9 @@
 .explicit
 .text
 .ident	"ia64.S, Version 2.1"
-.ident	"IA-64 ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"
+.ident	"IA-64 ISA artwork by Andy Polyakov <appro@openssl.org>"
 
-// Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+// Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
 //
 // Licensed under the OpenSSL license (the "License").  You may not use
 // this file except in compliance with the License.  You can obtain a copy
@@ -12,7 +12,7 @@
 
 //
 // ====================================================================
-// Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+// Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
 // project.
 //
 // Rights for redistribution and usage in source and binary forms are
@@ -20,7 +20,7 @@
 // disclaimed.
 // ====================================================================
 //
-// Version 2.x is Itanium2 re-tune. Few words about how Itanum2 is
+// Version 2.x is Itanium2 re-tune. Few words about how Itanium2 is
 // different from Itanium to this module viewpoint. Most notably, is it
 // "wider" than Itanium? Can you experience loop scalability as
 // discussed in commentary sections? Not really:-( Itanium2 has 6
@@ -141,7 +141,7 @@
 //	User Mask I want to excuse the kernel from preserving upper
 //	(f32-f128) FP register bank over process context switch, thus
 //	minimizing bus bandwidth consumption during the switch (i.e.
-//	after PKI opration completes and the program is off doing
+//	after PKI operation completes and the program is off doing
 //	something else like bulk symmetric encryption). Having said
 //	this, I also want to point out that it might be good idea
 //	to compile the whole toolkit (as well as majority of the
@@ -157,12 +157,15 @@
 #else
 #define	ADDP	add
 #endif
+#ifdef __VMS
+.alias abort, "decc$abort"
+#endif
 
 #if 1
 //
 // bn_[add|sub]_words routines.
 //
-// Loops are spinning in 2*(n+5) ticks on Itanuim (provided that the
+// Loops are spinning in 2*(n+5) ticks on Itanium (provided that the
 // data reside in L1 cache, i.e. 2 ticks away). It's possible to
 // compress the epilogue and get down to 2*n+6, but at the cost of
 // scalability (the neat feature of this implementation is that it
@@ -500,7 +503,7 @@ bn_sqr_words:
 // possible to compress the epilogue (I'm getting tired to write this
 // comment over and over) and get down to 2*n+16 at the cost of
 // scalability. The decision will very likely be reconsidered after the
-// benchmark program is profiled. I.e. if perfomance gain on Itanium
+// benchmark program is profiled. I.e. if performance gain on Itanium
 // will appear larger than loss on "wider" IA-64, then the loop should
 // be explicitly split and the epilogue compressed.
 .L_bn_sqr_words_ctop:
@@ -936,7 +939,7 @@ bn_mul_comba8:
 		xma.hu	f118=f39,f127,f117	}
 { .mfi;		xma.lu	f117=f39,f127,f117	};;//
 //-------------------------------------------------//
-// Leaving muliplier's heaven... Quite a ride, huh?
+// Leaving multiplier's heaven... Quite a ride, huh?
 
 { .mii;	getf.sig	r31=f47
 	add		r25=r25,r24
@@ -1428,6 +1431,7 @@ bn_div_words:
 	mov		ar.ec=0		// don't rotate at exit
 	mov		pr.rot=0	}
 { .mii;	mov		L=r33		// save l
+	mov		r25=r0		// needed if abort is called on VMS
 	mov		r36=r0		};;
 
 .L_divw_shift:	// -vv- note signed comparison
@@ -1529,9 +1533,8 @@ bn_div_words:
 // output:	f8 = (int)(a/b)
 // clobbered:	f8,f9,f10,f11,pred
 pred=p15
-// One can argue that this snippet is copyrighted to Intel
-// Corporation, as it's essentially identical to one of those
-// found in "Divide, Square Root and Remainder" section at
+// This snippet is based on text found in the "Divide, Square
+// Root and Remainder" section at
 // http://www.intel.com/software/products/opensource/libraries/num.htm.
 // Yes, I admit that the referred code was used as template,
 // but after I realized that there hardly is any other instruction
diff --git a/deps/openssl/openssl/crypto/bn/asm/mips-mont.pl b/deps/openssl/openssl/crypto/bn/asm/mips-mont.pl
index e141e1a925..fbe5d04f71 100644
--- a/deps/openssl/openssl/crypto/bn/asm/mips-mont.pl
+++ b/deps/openssl/openssl/crypto/bn/asm/mips-mont.pl
@@ -56,14 +56,14 @@
 $flavour = shift || "o32"; # supported flavours are o32,n32,64,nubi32,nubi64
 
 if ($flavour =~ /64|n32/i) {
-	$PTR_ADD="dadd";	# incidentally works even on n32
-	$PTR_SUB="dsub";	# incidentally works even on n32
+	$PTR_ADD="daddu";	# incidentally works even on n32
+	$PTR_SUB="dsubu";	# incidentally works even on n32
 	$REG_S="sd";
 	$REG_L="ld";
 	$SZREG=8;
 } else {
-	$PTR_ADD="add";
-	$PTR_SUB="sub";
+	$PTR_ADD="addu";
+	$PTR_SUB="subu";
 	$REG_S="sw";
 	$REG_L="lw";
 	$SZREG=4;
@@ -121,6 +121,8 @@ $m1=$s11;
 $FRAMESIZE=14;
 
 $code=<<___;
+#include "mips_arch.h"
+
 .text
 
 .set	noat
@@ -183,27 +185,27 @@ $code.=<<___;
 	$PTR_SUB $sp,$num
 	and	$sp,$at
 
-	$MULTU	$aj,$bi
-	$LD	$alo,$BNSZ($ap)
-	$LD	$nlo,$BNSZ($np)
-	mflo	$lo0
-	mfhi	$hi0
-	$MULTU	$lo0,$n0
-	mflo	$m1
-
-	$MULTU	$alo,$bi
-	mflo	$alo
-	mfhi	$ahi
-
-	$MULTU	$nj,$m1
-	mflo	$lo1
-	mfhi	$hi1
-	$MULTU	$nlo,$m1
+	$MULTU	($aj,$bi)
+	$LD	$ahi,$BNSZ($ap)
+	$LD	$nhi,$BNSZ($np)
+	mflo	($lo0,$aj,$bi)
+	mfhi	($hi0,$aj,$bi)
+	$MULTU	($lo0,$n0)
+	mflo	($m1,$lo0,$n0)
+
+	$MULTU	($ahi,$bi)
+	mflo	($alo,$ahi,$bi)
+	mfhi	($ahi,$ahi,$bi)
+
+	$MULTU	($nj,$m1)
+	mflo	($lo1,$nj,$m1)
+	mfhi	($hi1,$nj,$m1)
+	$MULTU	($nhi,$m1)
 	$ADDU	$lo1,$lo0
 	sltu	$at,$lo1,$lo0
 	$ADDU	$hi1,$at
-	mflo	$nlo
-	mfhi	$nhi
+	mflo	($nlo,$nhi,$m1)
+	mfhi	($nhi,$nhi,$m1)
 
 	move	$tp,$sp
 	li	$j,2*$BNSZ
@@ -215,25 +217,25 @@ $code.=<<___;
 	$LD	$aj,($aj)
 	$LD	$nj,($nj)
 
-	$MULTU	$aj,$bi
+	$MULTU	($aj,$bi)
 	$ADDU	$lo0,$alo,$hi0
 	$ADDU	$lo1,$nlo,$hi1
 	sltu	$at,$lo0,$hi0
 	sltu	$t0,$lo1,$hi1
 	$ADDU	$hi0,$ahi,$at
 	$ADDU	$hi1,$nhi,$t0
-	mflo	$alo
-	mfhi	$ahi
+	mflo	($alo,$aj,$bi)
+	mfhi	($ahi,$aj,$bi)
 
 	$ADDU	$lo1,$lo0
 	sltu	$at,$lo1,$lo0
-	$MULTU	$nj,$m1
+	$MULTU	($nj,$m1)
 	$ADDU	$hi1,$at
 	addu	$j,$BNSZ
 	$ST	$lo1,($tp)
 	sltu	$t0,$j,$num
-	mflo	$nlo
-	mfhi	$nhi
+	mflo	($nlo,$nj,$m1)
+	mfhi	($nhi,$nj,$m1)
 
 	bnez	$t0,.L1st
 	$PTR_ADD $tp,$BNSZ
@@ -263,34 +265,34 @@ $code.=<<___;
 	$PTR_ADD $bi,$bp,$i
 	$LD	$bi,($bi)
 	$LD	$aj,($ap)
-	$LD	$alo,$BNSZ($ap)
+	$LD	$ahi,$BNSZ($ap)
 	$LD	$tj,($sp)
 
-	$MULTU	$aj,$bi
+	$MULTU	($aj,$bi)
 	$LD	$nj,($np)
-	$LD	$nlo,$BNSZ($np)
-	mflo	$lo0
-	mfhi	$hi0
+	$LD	$nhi,$BNSZ($np)
+	mflo	($lo0,$aj,$bi)
+	mfhi	($hi0,$aj,$bi)
 	$ADDU	$lo0,$tj
-	$MULTU	$lo0,$n0
+	$MULTU	($lo0,$n0)
 	sltu	$at,$lo0,$tj
 	$ADDU	$hi0,$at
-	mflo	$m1
+	mflo	($m1,$lo0,$n0)
 
-	$MULTU	$alo,$bi
-	mflo	$alo
-	mfhi	$ahi
+	$MULTU	($ahi,$bi)
+	mflo	($alo,$ahi,$bi)
+	mfhi	($ahi,$ahi,$bi)
 
-	$MULTU	$nj,$m1
-	mflo	$lo1
-	mfhi	$hi1
+	$MULTU	($nj,$m1)
+	mflo	($lo1,$nj,$m1)
+	mfhi	($hi1,$nj,$m1)
 
-	$MULTU	$nlo,$m1
+	$MULTU	($nhi,$m1)
 	$ADDU	$lo1,$lo0
 	sltu	$at,$lo1,$lo0
 	$ADDU	$hi1,$at
-	mflo	$nlo
-	mfhi	$nhi
+	mflo	($nlo,$nhi,$m1)
+	mfhi	($nhi,$nhi,$m1)
 
 	move	$tp,$sp
 	li	$j,2*$BNSZ
@@ -303,19 +305,19 @@ $code.=<<___;
 	$LD	$aj,($aj)
 	$LD	$nj,($nj)
 
-	$MULTU	$aj,$bi
+	$MULTU	($aj,$bi)
 	$ADDU	$lo0,$alo,$hi0
 	$ADDU	$lo1,$nlo,$hi1
 	sltu	$at,$lo0,$hi0
 	sltu	$t0,$lo1,$hi1
 	$ADDU	$hi0,$ahi,$at
 	$ADDU	$hi1,$nhi,$t0
-	mflo	$alo
-	mfhi	$ahi
+	mflo	($alo,$aj,$bi)
+	mfhi	($ahi,$aj,$bi)
 
 	$ADDU	$lo0,$tj
 	addu	$j,$BNSZ
-	$MULTU	$nj,$m1
+	$MULTU	($nj,$m1)
 	sltu	$at,$lo0,$tj
 	$ADDU	$lo1,$lo0
 	$ADDU	$hi0,$at
@@ -323,8 +325,8 @@ $code.=<<___;
 	$LD	$tj,2*$BNSZ($tp)
 	$ADDU	$hi1,$t0
 	sltu	$at,$j,$num
-	mflo	$nlo
-	mfhi	$nhi
+	mflo	($nlo,$nj,$m1)
+	mfhi	($nhi,$nj,$m1)
 	$ST	$lo1,($tp)
 	bnez	$at,.Linner
 	$PTR_ADD $tp,$BNSZ
diff --git a/deps/openssl/openssl/crypto/bn/asm/mips.pl b/deps/openssl/openssl/crypto/bn/asm/mips.pl
index 420f01f3a4..da35ec1b30 100644
--- a/deps/openssl/openssl/crypto/bn/asm/mips.pl
+++ b/deps/openssl/openssl/crypto/bn/asm/mips.pl
@@ -8,7 +8,7 @@
 
 #
 # ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
 # project.
 #
 # Rights for redistribution and usage in source and binary forms are
@@ -42,7 +42,7 @@
 # Performance improvement is astonishing! 'apps/openssl speed rsa dsa'
 # goes way over 3 times faster!
 #
-#					<appro@fy.chalmers.se>
+#					<appro@openssl.org>
 
 # October 2010
 #
@@ -109,6 +109,22 @@ $gp=$v1 if ($flavour =~ /nubi/i);
 $minus4=$v1;
 
 $code.=<<___;
+#include "mips_arch.h"
+
+#if defined(_MIPS_ARCH_MIPS64R6)
+# define ddivu(rs,rt)
+# define mfqt(rd,rs,rt)	ddivu	rd,rs,rt
+# define mfrm(rd,rs,rt)	dmodu	rd,rs,rt
+#elif defined(_MIPS_ARCH_MIPS32R6)
+# define divu(rs,rt)
+# define mfqt(rd,rs,rt)	divu	rd,rs,rt
+# define mfrm(rd,rs,rt)	modu	rd,rs,rt
+#else
+# define $DIVU(rs,rt)	$DIVU	$zero,rs,rt
+# define mfqt(rd,rs,rt)	mflo	rd
+# define mfrm(rd,rs,rt)	mfhi	rd
+#endif
+
 .rdata
 .asciiz	"mips3.s, Version 1.2"
 .asciiz	"MIPS II/III/IV ISA artwork by Andy Polyakov <appro\@fy.chalmers.se>"
@@ -151,7 +167,7 @@ $code.=<<___;
 
 .L_bn_mul_add_words_loop:
 	$LD	$t0,0($a1)
-	$MULTU	$t0,$a3
+	$MULTU	($t0,$a3)
 	$LD	$t1,0($a0)
 	$LD	$t2,$BNSZ($a1)
 	$LD	$t3,$BNSZ($a0)
@@ -161,11 +177,11 @@ $code.=<<___;
 	sltu	$v0,$t1,$v0	# All manuals say it "compares 32-bit
 				# values", but it seems to work fine
 				# even on 64-bit registers.
-	mflo	$at
-	mfhi	$t0
+	mflo	($at,$t0,$a3)
+	mfhi	($t0,$t0,$a3)
 	$ADDU	$t1,$at
 	$ADDU	$v0,$t0
-	 $MULTU	$t2,$a3
+	 $MULTU	($t2,$a3)
 	sltu	$at,$t1,$at
 	$ST	$t1,0($a0)
 	$ADDU	$v0,$at
@@ -174,11 +190,11 @@ $code.=<<___;
 	$LD	$ta3,3*$BNSZ($a0)
 	$ADDU	$t3,$v0
 	sltu	$v0,$t3,$v0
-	mflo	$at
-	mfhi	$t2
+	mflo	($at,$t2,$a3)
+	mfhi	($t2,$t2,$a3)
 	$ADDU	$t3,$at
 	$ADDU	$v0,$t2
-	 $MULTU	$ta0,$a3
+	 $MULTU	($ta0,$a3)
 	sltu	$at,$t3,$at
 	$ST	$t3,$BNSZ($a0)
 	$ADDU	$v0,$at
@@ -188,11 +204,11 @@ $code.=<<___;
 	$PTR_ADD $a1,4*$BNSZ
 	$ADDU	$ta1,$v0
 	sltu	$v0,$ta1,$v0
-	mflo	$at
-	mfhi	$ta0
+	mflo	($at,$ta0,$a3)
+	mfhi	($ta0,$ta0,$a3)
 	$ADDU	$ta1,$at
 	$ADDU	$v0,$ta0
-	 $MULTU	$ta2,$a3
+	 $MULTU	($ta2,$a3)
 	sltu	$at,$ta1,$at
 	$ST	$ta1,-2*$BNSZ($a0)
 	$ADDU	$v0,$at
@@ -201,8 +217,8 @@ $code.=<<___;
 	and	$ta0,$a2,$minus4
 	$ADDU	$ta3,$v0
 	sltu	$v0,$ta3,$v0
-	mflo	$at
-	mfhi	$ta2
+	mflo	($at,$ta2,$a3)
+	mfhi	($ta2,$ta2,$a3)
 	$ADDU	$ta3,$at
 	$ADDU	$v0,$ta2
 	sltu	$at,$ta3,$at
@@ -217,13 +233,13 @@ $code.=<<___;
 .L_bn_mul_add_words_tail:
 	.set	reorder
 	$LD	$t0,0($a1)
-	$MULTU	$t0,$a3
+	$MULTU	($t0,$a3)
 	$LD	$t1,0($a0)
 	subu	$a2,1
 	$ADDU	$t1,$v0
 	sltu	$v0,$t1,$v0
-	mflo	$at
-	mfhi	$t0
+	mflo	($at,$t0,$a3)
+	mfhi	($t0,$t0,$a3)
 	$ADDU	$t1,$at
 	$ADDU	$v0,$t0
 	sltu	$at,$t1,$at
@@ -232,13 +248,13 @@ $code.=<<___;
 	beqz	$a2,.L_bn_mul_add_words_return
 
 	$LD	$t0,$BNSZ($a1)
-	$MULTU	$t0,$a3
+	$MULTU	($t0,$a3)
 	$LD	$t1,$BNSZ($a0)
 	subu	$a2,1
 	$ADDU	$t1,$v0
 	sltu	$v0,$t1,$v0
-	mflo	$at
-	mfhi	$t0
+	mflo	($at,$t0,$a3)
+	mfhi	($t0,$t0,$a3)
 	$ADDU	$t1,$at
 	$ADDU	$v0,$t0
 	sltu	$at,$t1,$at
@@ -247,12 +263,12 @@ $code.=<<___;
 	beqz	$a2,.L_bn_mul_add_words_return
 
 	$LD	$t0,2*$BNSZ($a1)
-	$MULTU	$t0,$a3
+	$MULTU	($t0,$a3)
 	$LD	$t1,2*$BNSZ($a0)
 	$ADDU	$t1,$v0
 	sltu	$v0,$t1,$v0
-	mflo	$at
-	mfhi	$t0
+	mflo	($at,$t0,$a3)
+	mfhi	($t0,$t0,$a3)
 	$ADDU	$t1,$at
 	$ADDU	$v0,$t0
 	sltu	$at,$t1,$at
@@ -310,40 +326,40 @@ $code.=<<___;
 
 .L_bn_mul_words_loop:
 	$LD	$t0,0($a1)
-	$MULTU	$t0,$a3
+	$MULTU	($t0,$a3)
 	$LD	$t2,$BNSZ($a1)
 	$LD	$ta0,2*$BNSZ($a1)
 	$LD	$ta2,3*$BNSZ($a1)
-	mflo	$at
-	mfhi	$t0
+	mflo	($at,$t0,$a3)
+	mfhi	($t0,$t0,$a3)
 	$ADDU	$v0,$at
 	sltu	$t1,$v0,$at
-	 $MULTU	$t2,$a3
+	 $MULTU	($t2,$a3)
 	$ST	$v0,0($a0)
 	$ADDU	$v0,$t1,$t0
 
 	subu	$a2,4
 	$PTR_ADD $a0,4*$BNSZ
 	$PTR_ADD $a1,4*$BNSZ
-	mflo	$at
-	mfhi	$t2
+	mflo	($at,$t2,$a3)
+	mfhi	($t2,$t2,$a3)
 	$ADDU	$v0,$at
 	sltu	$t3,$v0,$at
-	 $MULTU	$ta0,$a3
+	 $MULTU	($ta0,$a3)
 	$ST	$v0,-3*$BNSZ($a0)
 	$ADDU	$v0,$t3,$t2
 
-	mflo	$at
-	mfhi	$ta0
+	mflo	($at,$ta0,$a3)
+	mfhi	($ta0,$ta0,$a3)
 	$ADDU	$v0,$at
 	sltu	$ta1,$v0,$at
-	 $MULTU	$ta2,$a3
+	 $MULTU	($ta2,$a3)
 	$ST	$v0,-2*$BNSZ($a0)
 	$ADDU	$v0,$ta1,$ta0
 
 	and	$ta0,$a2,$minus4
-	mflo	$at
-	mfhi	$ta2
+	mflo	($at,$ta2,$a3)
+	mfhi	($ta2,$ta2,$a3)
 	$ADDU	$v0,$at
 	sltu	$ta3,$v0,$at
 	$ST	$v0,-$BNSZ($a0)
@@ -357,10 +373,10 @@ $code.=<<___;
 .L_bn_mul_words_tail:
 	.set	reorder
 	$LD	$t0,0($a1)
-	$MULTU	$t0,$a3
+	$MULTU	($t0,$a3)
 	subu	$a2,1
-	mflo	$at
-	mfhi	$t0
+	mflo	($at,$t0,$a3)
+	mfhi	($t0,$t0,$a3)
 	$ADDU	$v0,$at
 	sltu	$t1,$v0,$at
 	$ST	$v0,0($a0)
@@ -368,10 +384,10 @@ $code.=<<___;
 	beqz	$a2,.L_bn_mul_words_return
 
 	$LD	$t0,$BNSZ($a1)
-	$MULTU	$t0,$a3
+	$MULTU	($t0,$a3)
 	subu	$a2,1
-	mflo	$at
-	mfhi	$t0
+	mflo	($at,$t0,$a3)
+	mfhi	($t0,$t0,$a3)
 	$ADDU	$v0,$at
 	sltu	$t1,$v0,$at
 	$ST	$v0,$BNSZ($a0)
@@ -379,9 +395,9 @@ $code.=<<___;
 	beqz	$a2,.L_bn_mul_words_return
 
 	$LD	$t0,2*$BNSZ($a1)
-	$MULTU	$t0,$a3
-	mflo	$at
-	mfhi	$t0
+	$MULTU	($t0,$a3)
+	mflo	($at,$t0,$a3)
+	mfhi	($t0,$t0,$a3)
 	$ADDU	$v0,$at
 	sltu	$t1,$v0,$at
 	$ST	$v0,2*$BNSZ($a0)
@@ -438,35 +454,35 @@ $code.=<<___;
 
 .L_bn_sqr_words_loop:
 	$LD	$t0,0($a1)
-	$MULTU	$t0,$t0
+	$MULTU	($t0,$t0)
 	$LD	$t2,$BNSZ($a1)
 	$LD	$ta0,2*$BNSZ($a1)
 	$LD	$ta2,3*$BNSZ($a1)
-	mflo	$t1
-	mfhi	$t0
+	mflo	($t1,$t0,$t0)
+	mfhi	($t0,$t0,$t0)
 	$ST	$t1,0($a0)
 	$ST	$t0,$BNSZ($a0)
 
-	$MULTU	$t2,$t2
+	$MULTU	($t2,$t2)
 	subu	$a2,4
 	$PTR_ADD $a0,8*$BNSZ
 	$PTR_ADD $a1,4*$BNSZ
-	mflo	$t3
-	mfhi	$t2
+	mflo	($t3,$t2,$t2)
+	mfhi	($t2,$t2,$t2)
 	$ST	$t3,-6*$BNSZ($a0)
 	$ST	$t2,-5*$BNSZ($a0)
 
-	$MULTU	$ta0,$ta0
-	mflo	$ta1
-	mfhi	$ta0
+	$MULTU	($ta0,$ta0)
+	mflo	($ta1,$ta0,$ta0)
+	mfhi	($ta0,$ta0,$ta0)
 	$ST	$ta1,-4*$BNSZ($a0)
 	$ST	$ta0,-3*$BNSZ($a0)
 
 
-	$MULTU	$ta2,$ta2
+	$MULTU	($ta2,$ta2)
 	and	$ta0,$a2,$minus4
-	mflo	$ta3
-	mfhi	$ta2
+	mflo	($ta3,$ta2,$ta2)
+	mfhi	($ta2,$ta2,$ta2)
 	$ST	$ta3,-2*$BNSZ($a0)
 
 	.set	noreorder
@@ -479,27 +495,27 @@ $code.=<<___;
 .L_bn_sqr_words_tail:
 	.set	reorder
 	$LD	$t0,0($a1)
-	$MULTU	$t0,$t0
+	$MULTU	($t0,$t0)
 	subu	$a2,1
-	mflo	$t1
-	mfhi	$t0
+	mflo	($t1,$t0,$t0)
+	mfhi	($t0,$t0,$t0)
 	$ST	$t1,0($a0)
 	$ST	$t0,$BNSZ($a0)
 	beqz	$a2,.L_bn_sqr_words_return
 
 	$LD	$t0,$BNSZ($a1)
-	$MULTU	$t0,$t0
+	$MULTU	($t0,$t0)
 	subu	$a2,1
-	mflo	$t1
-	mfhi	$t0
+	mflo	($t1,$t0,$t0)
+	mfhi	($t0,$t0,$t0)
 	$ST	$t1,2*$BNSZ($a0)
 	$ST	$t0,3*$BNSZ($a0)
 	beqz	$a2,.L_bn_sqr_words_return
 
 	$LD	$t0,2*$BNSZ($a1)
-	$MULTU	$t0,$t0
-	mflo	$t1
-	mfhi	$t0
+	$MULTU	($t0,$t0)
+	mflo	($t1,$t0,$t0)
+	mfhi	($t0,$t0,$t0)
 	$ST	$t1,4*$BNSZ($a0)
 	$ST	$t0,5*$BNSZ($a0)
 
@@ -587,13 +603,13 @@ $code.=<<___;
 	sltu	$v0,$t2,$ta2
 	$ST	$t2,-2*$BNSZ($a0)
 	$ADDU	$v0,$t8
-	
+
 	$ADDU	$ta3,$t3
 	sltu	$t9,$ta3,$t3
 	$ADDU	$t3,$ta3,$v0
 	sltu	$v0,$t3,$ta3
 	$ST	$t3,-$BNSZ($a0)
-	
+
 	.set	noreorder
 	bgtz	$at,.L_bn_add_words_loop
 	$ADDU	$v0,$t9
@@ -792,7 +808,7 @@ bn_div_3_words:
 				# so that we can save two arguments
 				# and return address in registers
 				# instead of stack:-)
-				
+
 	$LD	$a0,($a3)
 	move	$ta2,$a1
 	bne	$a0,$a2,bn_div_3_words_internal
@@ -823,11 +839,11 @@ $code.=<<___;
 	move	$ta3,$ra
 	bal	bn_div_words_internal
 	move	$ra,$ta3
-	$MULTU	$ta2,$v0
+	$MULTU	($ta2,$v0)
 	$LD	$t2,-2*$BNSZ($a3)
 	move	$ta0,$zero
-	mfhi	$t1
-	mflo	$t0
+	mfhi	($t1,$ta2,$v0)
+	mflo	($t0,$ta2,$v0)
 	sltu	$t8,$t1,$a1
 .L_bn_div_3_words_inner_loop:
 	bnez	$t8,.L_bn_div_3_words_inner_loop_done
@@ -930,15 +946,15 @@ $code.=<<___;
 	$SRL	$HH,$a0,4*$BNSZ	# bits
 	$SRL	$QT,4*$BNSZ	# q=0xffffffff
 	beq	$DH,$HH,.L_bn_div_words_skip_div1
-	$DIVU	$zero,$a0,$DH
-	mflo	$QT
+	$DIVU	($a0,$DH)
+	mfqt	($QT,$a0,$DH)
 .L_bn_div_words_skip_div1:
-	$MULTU	$a2,$QT
+	$MULTU	($a2,$QT)
 	$SLL	$t3,$a0,4*$BNSZ	# bits
 	$SRL	$at,$a1,4*$BNSZ	# bits
 	or	$t3,$at
-	mflo	$t0
-	mfhi	$t1
+	mflo	($t0,$a2,$QT)
+	mfhi	($t1,$a2,$QT)
 .L_bn_div_words_inner_loop1:
 	sltu	$t2,$t3,$t0
 	seq	$t8,$HH,$t1
@@ -963,15 +979,15 @@ $code.=<<___;
 	$SRL	$HH,$a0,4*$BNSZ	# bits
 	$SRL	$QT,4*$BNSZ	# q=0xffffffff
 	beq	$DH,$HH,.L_bn_div_words_skip_div2
-	$DIVU	$zero,$a0,$DH
-	mflo	$QT
+	$DIVU	($a0,$DH)
+	mfqt	($QT,$a0,$DH)
 .L_bn_div_words_skip_div2:
-	$MULTU	$a2,$QT
+	$MULTU	($a2,$QT)
 	$SLL	$t3,$a0,4*$BNSZ	# bits
 	$SRL	$at,$a1,4*$BNSZ	# bits
 	or	$t3,$at
-	mflo	$t0
-	mfhi	$t1
+	mflo	($t0,$a2,$QT)
+	mfhi	($t1,$a2,$QT)
 .L_bn_div_words_inner_loop2:
 	sltu	$t2,$t3,$t0
 	seq	$t8,$HH,$t1
@@ -1070,592 +1086,592 @@ $code.=<<___;
 	$LD	$b_0,0($a2)
 	$LD	$a_1,$BNSZ($a1)
 	$LD	$a_2,2*$BNSZ($a1)
-	$MULTU	$a_0,$b_0		# mul_add_c(a[0],b[0],c1,c2,c3);
+	$MULTU	($a_0,$b_0)		# mul_add_c(a[0],b[0],c1,c2,c3);
 	$LD	$a_3,3*$BNSZ($a1)
 	$LD	$b_1,$BNSZ($a2)
 	$LD	$b_2,2*$BNSZ($a2)
 	$LD	$b_3,3*$BNSZ($a2)
-	mflo	$c_1
-	mfhi	$c_2
+	mflo	($c_1,$a_0,$b_0)
+	mfhi	($c_2,$a_0,$b_0)
 
 	$LD	$a_4,4*$BNSZ($a1)
 	$LD	$a_5,5*$BNSZ($a1)
-	$MULTU	$a_0,$b_1		# mul_add_c(a[0],b[1],c2,c3,c1);
+	$MULTU	($a_0,$b_1)		# mul_add_c(a[0],b[1],c2,c3,c1);
 	$LD	$a_6,6*$BNSZ($a1)
 	$LD	$a_7,7*$BNSZ($a1)
 	$LD	$b_4,4*$BNSZ($a2)
 	$LD	$b_5,5*$BNSZ($a2)
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_0,$b_1)
+	mfhi	($t_2,$a_0,$b_1)
 	$ADDU	$c_2,$t_1
 	sltu	$at,$c_2,$t_1
-	$MULTU	$a_1,$b_0		# mul_add_c(a[1],b[0],c2,c3,c1);
+	$MULTU	($a_1,$b_0)		# mul_add_c(a[1],b[0],c2,c3,c1);
 	$ADDU	$c_3,$t_2,$at
 	$LD	$b_6,6*$BNSZ($a2)
 	$LD	$b_7,7*$BNSZ($a2)
 	$ST	$c_1,0($a0)	# r[0]=c1;
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_1,$b_0)
+	mfhi	($t_2,$a_1,$b_0)
 	$ADDU	$c_2,$t_1
 	sltu	$at,$c_2,$t_1
-	 $MULTU	$a_2,$b_0		# mul_add_c(a[2],b[0],c3,c1,c2);
+	 $MULTU	($a_2,$b_0)		# mul_add_c(a[2],b[0],c3,c1,c2);
 	$ADDU	$t_2,$at
 	$ADDU	$c_3,$t_2
 	sltu	$c_1,$c_3,$t_2
 	$ST	$c_2,$BNSZ($a0)	# r[1]=c2;
 
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_2,$b_0)
+	mfhi	($t_2,$a_2,$b_0)
 	$ADDU	$c_3,$t_1
 	sltu	$at,$c_3,$t_1
-	$MULTU	$a_1,$b_1		# mul_add_c(a[1],b[1],c3,c1,c2);
+	$MULTU	($a_1,$b_1)		# mul_add_c(a[1],b[1],c3,c1,c2);
 	$ADDU	$t_2,$at
 	$ADDU	$c_1,$t_2
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_1,$b_1)
+	mfhi	($t_2,$a_1,$b_1)
 	$ADDU	$c_3,$t_1
 	sltu	$at,$c_3,$t_1
-	$MULTU	$a_0,$b_2		# mul_add_c(a[0],b[2],c3,c1,c2);
+	$MULTU	($a_0,$b_2)		# mul_add_c(a[0],b[2],c3,c1,c2);
 	$ADDU	$t_2,$at
 	$ADDU	$c_1,$t_2
 	sltu	$c_2,$c_1,$t_2
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_0,$b_2)
+	mfhi	($t_2,$a_0,$b_2)
 	$ADDU	$c_3,$t_1
 	sltu	$at,$c_3,$t_1
-	 $MULTU	$a_0,$b_3		# mul_add_c(a[0],b[3],c1,c2,c3);
+	 $MULTU	($a_0,$b_3)		# mul_add_c(a[0],b[3],c1,c2,c3);
 	$ADDU	$t_2,$at
 	$ADDU	$c_1,$t_2
 	sltu	$at,$c_1,$t_2
 	$ADDU	$c_2,$at
 	$ST	$c_3,2*$BNSZ($a0)	# r[2]=c3;
 
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_0,$b_3)
+	mfhi	($t_2,$a_0,$b_3)
 	$ADDU	$c_1,$t_1
 	sltu	$at,$c_1,$t_1
-	$MULTU	$a_1,$b_2		# mul_add_c(a[1],b[2],c1,c2,c3);
+	$MULTU	($a_1,$b_2)		# mul_add_c(a[1],b[2],c1,c2,c3);
 	$ADDU	$t_2,$at
 	$ADDU	$c_2,$t_2
 	sltu	$c_3,$c_2,$t_2
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_1,$b_2)
+	mfhi	($t_2,$a_1,$b_2)
 	$ADDU	$c_1,$t_1
 	sltu	$at,$c_1,$t_1
-	$MULTU	$a_2,$b_1		# mul_add_c(a[2],b[1],c1,c2,c3);
+	$MULTU	($a_2,$b_1)		# mul_add_c(a[2],b[1],c1,c2,c3);
 	$ADDU	$t_2,$at
 	$ADDU	$c_2,$t_2
 	sltu	$at,$c_2,$t_2
 	$ADDU	$c_3,$at
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_2,$b_1)
+	mfhi	($t_2,$a_2,$b_1)
 	$ADDU	$c_1,$t_1
 	sltu	$at,$c_1,$t_1
-	$MULTU	$a_3,$b_0		# mul_add_c(a[3],b[0],c1,c2,c3);
+	$MULTU	($a_3,$b_0)		# mul_add_c(a[3],b[0],c1,c2,c3);
 	$ADDU	$t_2,$at
 	$ADDU	$c_2,$t_2
 	sltu	$at,$c_2,$t_2
 	$ADDU	$c_3,$at
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_3,$b_0)
+	mfhi	($t_2,$a_3,$b_0)
 	$ADDU	$c_1,$t_1
 	sltu	$at,$c_1,$t_1
-	 $MULTU	$a_4,$b_0		# mul_add_c(a[4],b[0],c2,c3,c1);
+	 $MULTU	($a_4,$b_0)		# mul_add_c(a[4],b[0],c2,c3,c1);
 	$ADDU	$t_2,$at
 	$ADDU	$c_2,$t_2
 	sltu	$at,$c_2,$t_2
 	$ADDU	$c_3,$at
 	$ST	$c_1,3*$BNSZ($a0)	# r[3]=c1;
 
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_4,$b_0)
+	mfhi	($t_2,$a_4,$b_0)
 	$ADDU	$c_2,$t_1
 	sltu	$at,$c_2,$t_1
-	$MULTU	$a_3,$b_1		# mul_add_c(a[3],b[1],c2,c3,c1);
+	$MULTU	($a_3,$b_1)		# mul_add_c(a[3],b[1],c2,c3,c1);
 	$ADDU	$t_2,$at
 	$ADDU	$c_3,$t_2
 	sltu	$c_1,$c_3,$t_2
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_3,$b_1)
+	mfhi	($t_2,$a_3,$b_1)
 	$ADDU	$c_2,$t_1
 	sltu	$at,$c_2,$t_1
-	$MULTU	$a_2,$b_2		# mul_add_c(a[2],b[2],c2,c3,c1);
+	$MULTU	($a_2,$b_2)		# mul_add_c(a[2],b[2],c2,c3,c1);
 	$ADDU	$t_2,$at
 	$ADDU	$c_3,$t_2
 	sltu	$at,$c_3,$t_2
 	$ADDU	$c_1,$at
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_2,$b_2)
+	mfhi	($t_2,$a_2,$b_2)
 	$ADDU	$c_2,$t_1
 	sltu	$at,$c_2,$t_1
-	$MULTU	$a_1,$b_3		# mul_add_c(a[1],b[3],c2,c3,c1);
+	$MULTU	($a_1,$b_3)		# mul_add_c(a[1],b[3],c2,c3,c1);
 	$ADDU	$t_2,$at
 	$ADDU	$c_3,$t_2
 	sltu	$at,$c_3,$t_2
 	$ADDU	$c_1,$at
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_1,$b_3)
+	mfhi	($t_2,$a_1,$b_3)
 	$ADDU	$c_2,$t_1
 	sltu	$at,$c_2,$t_1
-	$MULTU	$a_0,$b_4		# mul_add_c(a[0],b[4],c2,c3,c1);
+	$MULTU	($a_0,$b_4)		# mul_add_c(a[0],b[4],c2,c3,c1);
 	$ADDU	$t_2,$at
 	$ADDU	$c_3,$t_2
 	sltu	$at,$c_3,$t_2
 	$ADDU	$c_1,$at
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_0,$b_4)
+	mfhi	($t_2,$a_0,$b_4)
 	$ADDU	$c_2,$t_1
 	sltu	$at,$c_2,$t_1
-	 $MULTU	$a_0,$b_5		# mul_add_c(a[0],b[5],c3,c1,c2);
+	 $MULTU	($a_0,$b_5)		# mul_add_c(a[0],b[5],c3,c1,c2);
 	$ADDU	$t_2,$at
 	$ADDU	$c_3,$t_2
 	sltu	$at,$c_3,$t_2
 	$ADDU	$c_1,$at
 	$ST	$c_2,4*$BNSZ($a0)	# r[4]=c2;
 
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_0,$b_5)
+	mfhi	($t_2,$a_0,$b_5)
 	$ADDU	$c_3,$t_1
 	sltu	$at,$c_3,$t_1
-	$MULTU	$a_1,$b_4		# mul_add_c(a[1],b[4],c3,c1,c2);
+	$MULTU	($a_1,$b_4)		# mul_add_c(a[1],b[4],c3,c1,c2);
 	$ADDU	$t_2,$at
 	$ADDU	$c_1,$t_2
 	sltu	$c_2,$c_1,$t_2
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_1,$b_4)
+	mfhi	($t_2,$a_1,$b_4)
 	$ADDU	$c_3,$t_1
 	sltu	$at,$c_3,$t_1
-	$MULTU	$a_2,$b_3		# mul_add_c(a[2],b[3],c3,c1,c2);
+	$MULTU	($a_2,$b_3)		# mul_add_c(a[2],b[3],c3,c1,c2);
 	$ADDU	$t_2,$at
 	$ADDU	$c_1,$t_2
 	sltu	$at,$c_1,$t_2
 	$ADDU	$c_2,$at
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_2,$b_3)
+	mfhi	($t_2,$a_2,$b_3)
 	$ADDU	$c_3,$t_1
 	sltu	$at,$c_3,$t_1
-	$MULTU	$a_3,$b_2		# mul_add_c(a[3],b[2],c3,c1,c2);
+	$MULTU	($a_3,$b_2)		# mul_add_c(a[3],b[2],c3,c1,c2);
 	$ADDU	$t_2,$at
 	$ADDU	$c_1,$t_2
 	sltu	$at,$c_1,$t_2
 	$ADDU	$c_2,$at
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_3,$b_2)
+	mfhi	($t_2,$a_3,$b_2)
 	$ADDU	$c_3,$t_1
 	sltu	$at,$c_3,$t_1
-	$MULTU	$a_4,$b_1		# mul_add_c(a[4],b[1],c3,c1,c2);
+	$MULTU	($a_4,$b_1)		# mul_add_c(a[4],b[1],c3,c1,c2);
 	$ADDU	$t_2,$at
 	$ADDU	$c_1,$t_2
 	sltu	$at,$c_1,$t_2
 	$ADDU	$c_2,$at
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_4,$b_1)
+	mfhi	($t_2,$a_4,$b_1)
 	$ADDU	$c_3,$t_1
 	sltu	$at,$c_3,$t_1
-	$MULTU	$a_5,$b_0		# mul_add_c(a[5],b[0],c3,c1,c2);
+	$MULTU	($a_5,$b_0)		# mul_add_c(a[5],b[0],c3,c1,c2);
 	$ADDU	$t_2,$at
 	$ADDU	$c_1,$t_2
 	sltu	$at,$c_1,$t_2
 	$ADDU	$c_2,$at
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_5,$b_0)
+	mfhi	($t_2,$a_5,$b_0)
 	$ADDU	$c_3,$t_1
 	sltu	$at,$c_3,$t_1
-	 $MULTU	$a_6,$b_0		# mul_add_c(a[6],b[0],c1,c2,c3);
+	 $MULTU	($a_6,$b_0)		# mul_add_c(a[6],b[0],c1,c2,c3);
 	$ADDU	$t_2,$at
 	$ADDU	$c_1,$t_2
 	sltu	$at,$c_1,$t_2
 	$ADDU	$c_2,$at
 	$ST	$c_3,5*$BNSZ($a0)	# r[5]=c3;
 
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_6,$b_0)
+	mfhi	($t_2,$a_6,$b_0)
 	$ADDU	$c_1,$t_1
 	sltu	$at,$c_1,$t_1
-	$MULTU	$a_5,$b_1		# mul_add_c(a[5],b[1],c1,c2,c3);
+	$MULTU	($a_5,$b_1)		# mul_add_c(a[5],b[1],c1,c2,c3);
 	$ADDU	$t_2,$at
 	$ADDU	$c_2,$t_2
 	sltu	$c_3,$c_2,$t_2
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_5,$b_1)
+	mfhi	($t_2,$a_5,$b_1)
 	$ADDU	$c_1,$t_1
 	sltu	$at,$c_1,$t_1
-	$MULTU	$a_4,$b_2		# mul_add_c(a[4],b[2],c1,c2,c3);
+	$MULTU	($a_4,$b_2)		# mul_add_c(a[4],b[2],c1,c2,c3);
 	$ADDU	$t_2,$at
 	$ADDU	$c_2,$t_2
 	sltu	$at,$c_2,$t_2
 	$ADDU	$c_3,$at
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_4,$b_2)
+	mfhi	($t_2,$a_4,$b_2)
 	$ADDU	$c_1,$t_1
 	sltu	$at,$c_1,$t_1
-	$MULTU	$a_3,$b_3		# mul_add_c(a[3],b[3],c1,c2,c3);
+	$MULTU	($a_3,$b_3)		# mul_add_c(a[3],b[3],c1,c2,c3);
 	$ADDU	$t_2,$at
 	$ADDU	$c_2,$t_2
 	sltu	$at,$c_2,$t_2
 	$ADDU	$c_3,$at
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_3,$b_3)
+	mfhi	($t_2,$a_3,$b_3)
 	$ADDU	$c_1,$t_1
 	sltu	$at,$c_1,$t_1
-	$MULTU	$a_2,$b_4		# mul_add_c(a[2],b[4],c1,c2,c3);
+	$MULTU	($a_2,$b_4)		# mul_add_c(a[2],b[4],c1,c2,c3);
 	$ADDU	$t_2,$at
 	$ADDU	$c_2,$t_2
 	sltu	$at,$c_2,$t_2
 	$ADDU	$c_3,$at
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_2,$b_4)
+	mfhi	($t_2,$a_2,$b_4)
 	$ADDU	$c_1,$t_1
 	sltu	$at,$c_1,$t_1
-	$MULTU	$a_1,$b_5		# mul_add_c(a[1],b[5],c1,c2,c3);
+	$MULTU	($a_1,$b_5)		# mul_add_c(a[1],b[5],c1,c2,c3);
 	$ADDU	$t_2,$at
 	$ADDU	$c_2,$t_2
 	sltu	$at,$c_2,$t_2
 	$ADDU	$c_3,$at
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_1,$b_5)
+	mfhi	($t_2,$a_1,$b_5)
 	$ADDU	$c_1,$t_1
 	sltu	$at,$c_1,$t_1
-	$MULTU	$a_0,$b_6		# mul_add_c(a[0],b[6],c1,c2,c3);
+	$MULTU	($a_0,$b_6)		# mul_add_c(a[0],b[6],c1,c2,c3);
 	$ADDU	$t_2,$at
 	$ADDU	$c_2,$t_2
 	sltu	$at,$c_2,$t_2
 	$ADDU	$c_3,$at
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_0,$b_6)
+	mfhi	($t_2,$a_0,$b_6)
 	$ADDU	$c_1,$t_1
 	sltu	$at,$c_1,$t_1
-	 $MULTU	$a_0,$b_7		# mul_add_c(a[0],b[7],c2,c3,c1);
+	 $MULTU	($a_0,$b_7)		# mul_add_c(a[0],b[7],c2,c3,c1);
 	$ADDU	$t_2,$at
 	$ADDU	$c_2,$t_2
 	sltu	$at,$c_2,$t_2
 	$ADDU	$c_3,$at
 	$ST	$c_1,6*$BNSZ($a0)	# r[6]=c1;
 
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_0,$b_7)
+	mfhi	($t_2,$a_0,$b_7)
 	$ADDU	$c_2,$t_1
 	sltu	$at,$c_2,$t_1
-	$MULTU	$a_1,$b_6		# mul_add_c(a[1],b[6],c2,c3,c1);
+	$MULTU	($a_1,$b_6)		# mul_add_c(a[1],b[6],c2,c3,c1);
 	$ADDU	$t_2,$at
 	$ADDU	$c_3,$t_2
 	sltu	$c_1,$c_3,$t_2
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_1,$b_6)
+	mfhi	($t_2,$a_1,$b_6)
 	$ADDU	$c_2,$t_1
 	sltu	$at,$c_2,$t_1
-	$MULTU	$a_2,$b_5		# mul_add_c(a[2],b[5],c2,c3,c1);
+	$MULTU	($a_2,$b_5)		# mul_add_c(a[2],b[5],c2,c3,c1);
 	$ADDU	$t_2,$at
 	$ADDU	$c_3,$t_2
 	sltu	$at,$c_3,$t_2
 	$ADDU	$c_1,$at
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_2,$b_5)
+	mfhi	($t_2,$a_2,$b_5)
 	$ADDU	$c_2,$t_1
 	sltu	$at,$c_2,$t_1
-	$MULTU	$a_3,$b_4		# mul_add_c(a[3],b[4],c2,c3,c1);
+	$MULTU	($a_3,$b_4)		# mul_add_c(a[3],b[4],c2,c3,c1);
 	$ADDU	$t_2,$at
 	$ADDU	$c_3,$t_2
 	sltu	$at,$c_3,$t_2
 	$ADDU	$c_1,$at
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_3,$b_4)
+	mfhi	($t_2,$a_3,$b_4)
 	$ADDU	$c_2,$t_1
 	sltu	$at,$c_2,$t_1
-	$MULTU	$a_4,$b_3		# mul_add_c(a[4],b[3],c2,c3,c1);
+	$MULTU	($a_4,$b_3)		# mul_add_c(a[4],b[3],c2,c3,c1);
 	$ADDU	$t_2,$at
 	$ADDU	$c_3,$t_2
 	sltu	$at,$c_3,$t_2
 	$ADDU	$c_1,$at
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_4,$b_3)
+	mfhi	($t_2,$a_4,$b_3)
 	$ADDU	$c_2,$t_1
 	sltu	$at,$c_2,$t_1
-	$MULTU	$a_5,$b_2		# mul_add_c(a[5],b[2],c2,c3,c1);
+	$MULTU	($a_5,$b_2)		# mul_add_c(a[5],b[2],c2,c3,c1);
 	$ADDU	$t_2,$at
 	$ADDU	$c_3,$t_2
 	sltu	$at,$c_3,$t_2
 	$ADDU	$c_1,$at
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_5,$b_2)
+	mfhi	($t_2,$a_5,$b_2)
 	$ADDU	$c_2,$t_1
 	sltu	$at,$c_2,$t_1
-	$MULTU	$a_6,$b_1		# mul_add_c(a[6],b[1],c2,c3,c1);
+	$MULTU	($a_6,$b_1)		# mul_add_c(a[6],b[1],c2,c3,c1);
 	$ADDU	$t_2,$at
 	$ADDU	$c_3,$t_2
 	sltu	$at,$c_3,$t_2
 	$ADDU	$c_1,$at
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_6,$b_1)
+	mfhi	($t_2,$a_6,$b_1)
 	$ADDU	$c_2,$t_1
 	sltu	$at,$c_2,$t_1
-	$MULTU	$a_7,$b_0		# mul_add_c(a[7],b[0],c2,c3,c1);
+	$MULTU	($a_7,$b_0)		# mul_add_c(a[7],b[0],c2,c3,c1);
 	$ADDU	$t_2,$at
 	$ADDU	$c_3,$t_2
 	sltu	$at,$c_3,$t_2
 	$ADDU	$c_1,$at
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_7,$b_0)
+	mfhi	($t_2,$a_7,$b_0)
 	$ADDU	$c_2,$t_1
 	sltu	$at,$c_2,$t_1
-	 $MULTU	$a_7,$b_1		# mul_add_c(a[7],b[1],c3,c1,c2);
+	 $MULTU	($a_7,$b_1)		# mul_add_c(a[7],b[1],c3,c1,c2);
 	$ADDU	$t_2,$at
 	$ADDU	$c_3,$t_2
 	sltu	$at,$c_3,$t_2
 	$ADDU	$c_1,$at
 	$ST	$c_2,7*$BNSZ($a0)	# r[7]=c2;
 
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_7,$b_1)
+	mfhi	($t_2,$a_7,$b_1)
 	$ADDU	$c_3,$t_1
 	sltu	$at,$c_3,$t_1
-	$MULTU	$a_6,$b_2		# mul_add_c(a[6],b[2],c3,c1,c2);
+	$MULTU	($a_6,$b_2)		# mul_add_c(a[6],b[2],c3,c1,c2);
 	$ADDU	$t_2,$at
 	$ADDU	$c_1,$t_2
 	sltu	$c_2,$c_1,$t_2
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_6,$b_2)
+	mfhi	($t_2,$a_6,$b_2)
 	$ADDU	$c_3,$t_1
 	sltu	$at,$c_3,$t_1
-	$MULTU	$a_5,$b_3		# mul_add_c(a[5],b[3],c3,c1,c2);
+	$MULTU	($a_5,$b_3)		# mul_add_c(a[5],b[3],c3,c1,c2);
 	$ADDU	$t_2,$at
 	$ADDU	$c_1,$t_2
 	sltu	$at,$c_1,$t_2
 	$ADDU	$c_2,$at
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_5,$b_3)
+	mfhi	($t_2,$a_5,$b_3)
 	$ADDU	$c_3,$t_1
 	sltu	$at,$c_3,$t_1
-	$MULTU	$a_4,$b_4		# mul_add_c(a[4],b[4],c3,c1,c2);
+	$MULTU	($a_4,$b_4)		# mul_add_c(a[4],b[4],c3,c1,c2);
 	$ADDU	$t_2,$at
 	$ADDU	$c_1,$t_2
 	sltu	$at,$c_1,$t_2
 	$ADDU	$c_2,$at
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_4,$b_4)
+	mfhi	($t_2,$a_4,$b_4)
 	$ADDU	$c_3,$t_1
 	sltu	$at,$c_3,$t_1
-	$MULTU	$a_3,$b_5		# mul_add_c(a[3],b[5],c3,c1,c2);
+	$MULTU	($a_3,$b_5)		# mul_add_c(a[3],b[5],c3,c1,c2);
 	$ADDU	$t_2,$at
 	$ADDU	$c_1,$t_2
 	sltu	$at,$c_1,$t_2
 	$ADDU	$c_2,$at
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_3,$b_5)
+	mfhi	($t_2,$a_3,$b_5)
 	$ADDU	$c_3,$t_1
 	sltu	$at,$c_3,$t_1
-	$MULTU	$a_2,$b_6		# mul_add_c(a[2],b[6],c3,c1,c2);
+	$MULTU	($a_2,$b_6)		# mul_add_c(a[2],b[6],c3,c1,c2);
 	$ADDU	$t_2,$at
 	$ADDU	$c_1,$t_2
 	sltu	$at,$c_1,$t_2
 	$ADDU	$c_2,$at
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_2,$b_6)
+	mfhi	($t_2,$a_2,$b_6)
 	$ADDU	$c_3,$t_1
 	sltu	$at,$c_3,$t_1
-	$MULTU	$a_1,$b_7		# mul_add_c(a[1],b[7],c3,c1,c2);
+	$MULTU	($a_1,$b_7)		# mul_add_c(a[1],b[7],c3,c1,c2);
 	$ADDU	$t_2,$at
 	$ADDU	$c_1,$t_2
 	sltu	$at,$c_1,$t_2
 	$ADDU	$c_2,$at
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_1,$b_7)
+	mfhi	($t_2,$a_1,$b_7)
 	$ADDU	$c_3,$t_1
 	sltu	$at,$c_3,$t_1
-	 $MULTU	$a_2,$b_7		# mul_add_c(a[2],b[7],c1,c2,c3);
+	 $MULTU	($a_2,$b_7)		# mul_add_c(a[2],b[7],c1,c2,c3);
 	$ADDU	$t_2,$at
 	$ADDU	$c_1,$t_2
 	sltu	$at,$c_1,$t_2
 	$ADDU	$c_2,$at
 	$ST	$c_3,8*$BNSZ($a0)	# r[8]=c3;
 
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_2,$b_7)
+	mfhi	($t_2,$a_2,$b_7)
 	$ADDU	$c_1,$t_1
 	sltu	$at,$c_1,$t_1
-	$MULTU	$a_3,$b_6		# mul_add_c(a[3],b[6],c1,c2,c3);
+	$MULTU	($a_3,$b_6)		# mul_add_c(a[3],b[6],c1,c2,c3);
 	$ADDU	$t_2,$at
 	$ADDU	$c_2,$t_2
 	sltu	$c_3,$c_2,$t_2
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_3,$b_6)
+	mfhi	($t_2,$a_3,$b_6)
 	$ADDU	$c_1,$t_1
 	sltu	$at,$c_1,$t_1
-	$MULTU	$a_4,$b_5		# mul_add_c(a[4],b[5],c1,c2,c3);
+	$MULTU	($a_4,$b_5)		# mul_add_c(a[4],b[5],c1,c2,c3);
 	$ADDU	$t_2,$at
 	$ADDU	$c_2,$t_2
 	sltu	$at,$c_2,$t_2
 	$ADDU	$c_3,$at
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_4,$b_5)
+	mfhi	($t_2,$a_4,$b_5)
 	$ADDU	$c_1,$t_1
 	sltu	$at,$c_1,$t_1
-	$MULTU	$a_5,$b_4		# mul_add_c(a[5],b[4],c1,c2,c3);
+	$MULTU	($a_5,$b_4)		# mul_add_c(a[5],b[4],c1,c2,c3);
 	$ADDU	$t_2,$at
 	$ADDU	$c_2,$t_2
 	sltu	$at,$c_2,$t_2
 	$ADDU	$c_3,$at
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_5,$b_4)
+	mfhi	($t_2,$a_5,$b_4)
 	$ADDU	$c_1,$t_1
 	sltu	$at,$c_1,$t_1
-	$MULTU	$a_6,$b_3		# mul_add_c(a[6],b[3],c1,c2,c3);
+	$MULTU	($a_6,$b_3)		# mul_add_c(a[6],b[3],c1,c2,c3);
 	$ADDU	$t_2,$at
 	$ADDU	$c_2,$t_2
 	sltu	$at,$c_2,$t_2
 	$ADDU	$c_3,$at
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_6,$b_3)
+	mfhi	($t_2,$a_6,$b_3)
 	$ADDU	$c_1,$t_1
 	sltu	$at,$c_1,$t_1
-	$MULTU	$a_7,$b_2		# mul_add_c(a[7],b[2],c1,c2,c3);
+	$MULTU	($a_7,$b_2)		# mul_add_c(a[7],b[2],c1,c2,c3);
 	$ADDU	$t_2,$at
 	$ADDU	$c_2,$t_2
 	sltu	$at,$c_2,$t_2
 	$ADDU	$c_3,$at
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_7,$b_2)
+	mfhi	($t_2,$a_7,$b_2)
 	$ADDU	$c_1,$t_1
 	sltu	$at,$c_1,$t_1
-	 $MULTU	$a_7,$b_3		# mul_add_c(a[7],b[3],c2,c3,c1);
+	 $MULTU	($a_7,$b_3)		# mul_add_c(a[7],b[3],c2,c3,c1);
 	$ADDU	$t_2,$at
 	$ADDU	$c_2,$t_2
 	sltu	$at,$c_2,$t_2
 	$ADDU	$c_3,$at
 	$ST	$c_1,9*$BNSZ($a0)	# r[9]=c1;
 
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_7,$b_3)
+	mfhi	($t_2,$a_7,$b_3)
 	$ADDU	$c_2,$t_1
 	sltu	$at,$c_2,$t_1
-	$MULTU	$a_6,$b_4		# mul_add_c(a[6],b[4],c2,c3,c1);
+	$MULTU	($a_6,$b_4)		# mul_add_c(a[6],b[4],c2,c3,c1);
 	$ADDU	$t_2,$at
 	$ADDU	$c_3,$t_2
 	sltu	$c_1,$c_3,$t_2
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_6,$b_4)
+	mfhi	($t_2,$a_6,$b_4)
 	$ADDU	$c_2,$t_1
 	sltu	$at,$c_2,$t_1
-	$MULTU	$a_5,$b_5		# mul_add_c(a[5],b[5],c2,c3,c1);
+	$MULTU	($a_5,$b_5)		# mul_add_c(a[5],b[5],c2,c3,c1);
 	$ADDU	$t_2,$at
 	$ADDU	$c_3,$t_2
 	sltu	$at,$c_3,$t_2
 	$ADDU	$c_1,$at
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_5,$b_5)
+	mfhi	($t_2,$a_5,$b_5)
 	$ADDU	$c_2,$t_1
 	sltu	$at,$c_2,$t_1
-	$MULTU	$a_4,$b_6		# mul_add_c(a[4],b[6],c2,c3,c1);
+	$MULTU	($a_4,$b_6)		# mul_add_c(a[4],b[6],c2,c3,c1);
 	$ADDU	$t_2,$at
 	$ADDU	$c_3,$t_2
 	sltu	$at,$c_3,$t_2
 	$ADDU	$c_1,$at
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_4,$b_6)
+	mfhi	($t_2,$a_4,$b_6)
 	$ADDU	$c_2,$t_1
 	sltu	$at,$c_2,$t_1
-	$MULTU	$a_3,$b_7		# mul_add_c(a[3],b[7],c2,c3,c1);
+	$MULTU	($a_3,$b_7)		# mul_add_c(a[3],b[7],c2,c3,c1);
 	$ADDU	$t_2,$at
 	$ADDU	$c_3,$t_2
 	sltu	$at,$c_3,$t_2
 	$ADDU	$c_1,$at
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_3,$b_7)
+	mfhi	($t_2,$a_3,$b_7)
 	$ADDU	$c_2,$t_1
 	sltu	$at,$c_2,$t_1
-	$MULTU	$a_4,$b_7		# mul_add_c(a[4],b[7],c3,c1,c2);
+	$MULTU	($a_4,$b_7)		# mul_add_c(a[4],b[7],c3,c1,c2);
 	$ADDU	$t_2,$at
 	$ADDU	$c_3,$t_2
 	sltu	$at,$c_3,$t_2
 	$ADDU	$c_1,$at
 	$ST	$c_2,10*$BNSZ($a0)	# r[10]=c2;
 
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_4,$b_7)
+	mfhi	($t_2,$a_4,$b_7)
 	$ADDU	$c_3,$t_1
 	sltu	$at,$c_3,$t_1
-	$MULTU	$a_5,$b_6		# mul_add_c(a[5],b[6],c3,c1,c2);
+	$MULTU	($a_5,$b_6)		# mul_add_c(a[5],b[6],c3,c1,c2);
 	$ADDU	$t_2,$at
 	$ADDU	$c_1,$t_2
 	sltu	$c_2,$c_1,$t_2
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_5,$b_6)
+	mfhi	($t_2,$a_5,$b_6)
 	$ADDU	$c_3,$t_1
 	sltu	$at,$c_3,$t_1
-	$MULTU	$a_6,$b_5		# mul_add_c(a[6],b[5],c3,c1,c2);
+	$MULTU	($a_6,$b_5)		# mul_add_c(a[6],b[5],c3,c1,c2);
 	$ADDU	$t_2,$at
 	$ADDU	$c_1,$t_2
 	sltu	$at,$c_1,$t_2
 	$ADDU	$c_2,$at
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_6,$b_5)
+	mfhi	($t_2,$a_6,$b_5)
 	$ADDU	$c_3,$t_1
 	sltu	$at,$c_3,$t_1
-	$MULTU	$a_7,$b_4		# mul_add_c(a[7],b[4],c3,c1,c2);
+	$MULTU	($a_7,$b_4)		# mul_add_c(a[7],b[4],c3,c1,c2);
 	$ADDU	$t_2,$at
 	$ADDU	$c_1,$t_2
 	sltu	$at,$c_1,$t_2
 	$ADDU	$c_2,$at
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_7,$b_4)
+	mfhi	($t_2,$a_7,$b_4)
 	$ADDU	$c_3,$t_1
 	sltu	$at,$c_3,$t_1
-	 $MULTU	$a_7,$b_5		# mul_add_c(a[7],b[5],c1,c2,c3);
+	 $MULTU	($a_7,$b_5)		# mul_add_c(a[7],b[5],c1,c2,c3);
 	$ADDU	$t_2,$at
 	$ADDU	$c_1,$t_2
 	sltu	$at,$c_1,$t_2
 	$ADDU	$c_2,$at
 	$ST	$c_3,11*$BNSZ($a0)	# r[11]=c3;
 
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_7,$b_5)
+	mfhi	($t_2,$a_7,$b_5)
 	$ADDU	$c_1,$t_1
 	sltu	$at,$c_1,$t_1
-	$MULTU	$a_6,$b_6		# mul_add_c(a[6],b[6],c1,c2,c3);
+	$MULTU	($a_6,$b_6)		# mul_add_c(a[6],b[6],c1,c2,c3);
 	$ADDU	$t_2,$at
 	$ADDU	$c_2,$t_2
 	sltu	$c_3,$c_2,$t_2
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_6,$b_6)
+	mfhi	($t_2,$a_6,$b_6)
 	$ADDU	$c_1,$t_1
 	sltu	$at,$c_1,$t_1
-	$MULTU	$a_5,$b_7		# mul_add_c(a[5],b[7],c1,c2,c3);
+	$MULTU	($a_5,$b_7)		# mul_add_c(a[5],b[7],c1,c2,c3);
 	$ADDU	$t_2,$at
 	$ADDU	$c_2,$t_2
 	sltu	$at,$c_2,$t_2
 	$ADDU	$c_3,$at
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_5,$b_7)
+	mfhi	($t_2,$a_5,$b_7)
 	$ADDU	$c_1,$t_1
 	sltu	$at,$c_1,$t_1
-	 $MULTU	$a_6,$b_7		# mul_add_c(a[6],b[7],c2,c3,c1);
+	 $MULTU	($a_6,$b_7)		# mul_add_c(a[6],b[7],c2,c3,c1);
 	$ADDU	$t_2,$at
 	$ADDU	$c_2,$t_2
 	sltu	$at,$c_2,$t_2
 	$ADDU	$c_3,$at
 	$ST	$c_1,12*$BNSZ($a0)	# r[12]=c1;
 
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_6,$b_7)
+	mfhi	($t_2,$a_6,$b_7)
 	$ADDU	$c_2,$t_1
 	sltu	$at,$c_2,$t_1
-	$MULTU	$a_7,$b_6		# mul_add_c(a[7],b[6],c2,c3,c1);
+	$MULTU	($a_7,$b_6)		# mul_add_c(a[7],b[6],c2,c3,c1);
 	$ADDU	$t_2,$at
 	$ADDU	$c_3,$t_2
 	sltu	$c_1,$c_3,$t_2
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_7,$b_6)
+	mfhi	($t_2,$a_7,$b_6)
 	$ADDU	$c_2,$t_1
 	sltu	$at,$c_2,$t_1
-	$MULTU	$a_7,$b_7		# mul_add_c(a[7],b[7],c3,c1,c2);
+	$MULTU	($a_7,$b_7)		# mul_add_c(a[7],b[7],c3,c1,c2);
 	$ADDU	$t_2,$at
 	$ADDU	$c_3,$t_2
 	sltu	$at,$c_3,$t_2
 	$ADDU	$c_1,$at
 	$ST	$c_2,13*$BNSZ($a0)	# r[13]=c2;
 
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_7,$b_7)
+	mfhi	($t_2,$a_7,$b_7)
 	$ADDU	$c_3,$t_1
 	sltu	$at,$c_3,$t_1
 	$ADDU	$t_2,$at
@@ -1716,144 +1732,144 @@ $code.=<<___;
 	$LD	$b_0,0($a2)
 	$LD	$a_1,$BNSZ($a1)
 	$LD	$a_2,2*$BNSZ($a1)
-	$MULTU	$a_0,$b_0		# mul_add_c(a[0],b[0],c1,c2,c3);
+	$MULTU	($a_0,$b_0)		# mul_add_c(a[0],b[0],c1,c2,c3);
 	$LD	$a_3,3*$BNSZ($a1)
 	$LD	$b_1,$BNSZ($a2)
 	$LD	$b_2,2*$BNSZ($a2)
 	$LD	$b_3,3*$BNSZ($a2)
-	mflo	$c_1
-	mfhi	$c_2
+	mflo	($c_1,$a_0,$b_0)
+	mfhi	($c_2,$a_0,$b_0)
 	$ST	$c_1,0($a0)
 
-	$MULTU	$a_0,$b_1		# mul_add_c(a[0],b[1],c2,c3,c1);
-	mflo	$t_1
-	mfhi	$t_2
+	$MULTU	($a_0,$b_1)		# mul_add_c(a[0],b[1],c2,c3,c1);
+	mflo	($t_1,$a_0,$b_1)
+	mfhi	($t_2,$a_0,$b_1)
 	$ADDU	$c_2,$t_1
 	sltu	$at,$c_2,$t_1
-	$MULTU	$a_1,$b_0		# mul_add_c(a[1],b[0],c2,c3,c1);
+	$MULTU	($a_1,$b_0)		# mul_add_c(a[1],b[0],c2,c3,c1);
 	$ADDU	$c_3,$t_2,$at
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_1,$b_0)
+	mfhi	($t_2,$a_1,$b_0)
 	$ADDU	$c_2,$t_1
 	sltu	$at,$c_2,$t_1
-	 $MULTU	$a_2,$b_0		# mul_add_c(a[2],b[0],c3,c1,c2);
+	 $MULTU	($a_2,$b_0)		# mul_add_c(a[2],b[0],c3,c1,c2);
 	$ADDU	$t_2,$at
 	$ADDU	$c_3,$t_2
 	sltu	$c_1,$c_3,$t_2
 	$ST	$c_2,$BNSZ($a0)
 
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_2,$b_0)
+	mfhi	($t_2,$a_2,$b_0)
 	$ADDU	$c_3,$t_1
 	sltu	$at,$c_3,$t_1
-	$MULTU	$a_1,$b_1		# mul_add_c(a[1],b[1],c3,c1,c2);
+	$MULTU	($a_1,$b_1)		# mul_add_c(a[1],b[1],c3,c1,c2);
 	$ADDU	$t_2,$at
 	$ADDU	$c_1,$t_2
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_1,$b_1)
+	mfhi	($t_2,$a_1,$b_1)
 	$ADDU	$c_3,$t_1
 	sltu	$at,$c_3,$t_1
-	$MULTU	$a_0,$b_2		# mul_add_c(a[0],b[2],c3,c1,c2);
+	$MULTU	($a_0,$b_2)		# mul_add_c(a[0],b[2],c3,c1,c2);
 	$ADDU	$t_2,$at
 	$ADDU	$c_1,$t_2
 	sltu	$c_2,$c_1,$t_2
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_0,$b_2)
+	mfhi	($t_2,$a_0,$b_2)
 	$ADDU	$c_3,$t_1
 	sltu	$at,$c_3,$t_1
-	 $MULTU	$a_0,$b_3		# mul_add_c(a[0],b[3],c1,c2,c3);
+	 $MULTU	($a_0,$b_3)		# mul_add_c(a[0],b[3],c1,c2,c3);
 	$ADDU	$t_2,$at
 	$ADDU	$c_1,$t_2
 	sltu	$at,$c_1,$t_2
 	$ADDU	$c_2,$at
 	$ST	$c_3,2*$BNSZ($a0)
 
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_0,$b_3)
+	mfhi	($t_2,$a_0,$b_3)
 	$ADDU	$c_1,$t_1
 	sltu	$at,$c_1,$t_1
-	$MULTU	$a_1,$b_2		# mul_add_c(a[1],b[2],c1,c2,c3);
+	$MULTU	($a_1,$b_2)		# mul_add_c(a[1],b[2],c1,c2,c3);
 	$ADDU	$t_2,$at
 	$ADDU	$c_2,$t_2
 	sltu	$c_3,$c_2,$t_2
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_1,$b_2)
+	mfhi	($t_2,$a_1,$b_2)
 	$ADDU	$c_1,$t_1
 	sltu	$at,$c_1,$t_1
-	$MULTU	$a_2,$b_1		# mul_add_c(a[2],b[1],c1,c2,c3);
+	$MULTU	($a_2,$b_1)		# mul_add_c(a[2],b[1],c1,c2,c3);
 	$ADDU	$t_2,$at
 	$ADDU	$c_2,$t_2
 	sltu	$at,$c_2,$t_2
 	$ADDU	$c_3,$at
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_2,$b_1)
+	mfhi	($t_2,$a_2,$b_1)
 	$ADDU	$c_1,$t_1
 	sltu	$at,$c_1,$t_1
-	$MULTU	$a_3,$b_0		# mul_add_c(a[3],b[0],c1,c2,c3);
+	$MULTU	($a_3,$b_0)		# mul_add_c(a[3],b[0],c1,c2,c3);
 	$ADDU	$t_2,$at
 	$ADDU	$c_2,$t_2
 	sltu	$at,$c_2,$t_2
 	$ADDU	$c_3,$at
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_3,$b_0)
+	mfhi	($t_2,$a_3,$b_0)
 	$ADDU	$c_1,$t_1
 	sltu	$at,$c_1,$t_1
-	 $MULTU	$a_3,$b_1		# mul_add_c(a[3],b[1],c2,c3,c1);
+	 $MULTU	($a_3,$b_1)		# mul_add_c(a[3],b[1],c2,c3,c1);
 	$ADDU	$t_2,$at
 	$ADDU	$c_2,$t_2
 	sltu	$at,$c_2,$t_2
 	$ADDU	$c_3,$at
 	$ST	$c_1,3*$BNSZ($a0)
 
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_3,$b_1)
+	mfhi	($t_2,$a_3,$b_1)
 	$ADDU	$c_2,$t_1
 	sltu	$at,$c_2,$t_1
-	$MULTU	$a_2,$b_2		# mul_add_c(a[2],b[2],c2,c3,c1);
+	$MULTU	($a_2,$b_2)		# mul_add_c(a[2],b[2],c2,c3,c1);
 	$ADDU	$t_2,$at
 	$ADDU	$c_3,$t_2
 	sltu	$c_1,$c_3,$t_2
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_2,$b_2)
+	mfhi	($t_2,$a_2,$b_2)
 	$ADDU	$c_2,$t_1
 	sltu	$at,$c_2,$t_1
-	$MULTU	$a_1,$b_3		# mul_add_c(a[1],b[3],c2,c3,c1);
+	$MULTU	($a_1,$b_3)		# mul_add_c(a[1],b[3],c2,c3,c1);
 	$ADDU	$t_2,$at
 	$ADDU	$c_3,$t_2
 	sltu	$at,$c_3,$t_2
 	$ADDU	$c_1,$at
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_1,$b_3)
+	mfhi	($t_2,$a_1,$b_3)
 	$ADDU	$c_2,$t_1
 	sltu	$at,$c_2,$t_1
-	 $MULTU	$a_2,$b_3		# mul_add_c(a[2],b[3],c3,c1,c2);
+	 $MULTU	($a_2,$b_3)		# mul_add_c(a[2],b[3],c3,c1,c2);
 	$ADDU	$t_2,$at
 	$ADDU	$c_3,$t_2
 	sltu	$at,$c_3,$t_2
 	$ADDU	$c_1,$at
 	$ST	$c_2,4*$BNSZ($a0)
 
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_2,$b_3)
+	mfhi	($t_2,$a_2,$b_3)
 	$ADDU	$c_3,$t_1
 	sltu	$at,$c_3,$t_1
-	$MULTU	$a_3,$b_2		# mul_add_c(a[3],b[2],c3,c1,c2);
+	$MULTU	($a_3,$b_2)		# mul_add_c(a[3],b[2],c3,c1,c2);
 	$ADDU	$t_2,$at
 	$ADDU	$c_1,$t_2
 	sltu	$c_2,$c_1,$t_2
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_3,$b_2)
+	mfhi	($t_2,$a_3,$b_2)
 	$ADDU	$c_3,$t_1
 	sltu	$at,$c_3,$t_1
-	 $MULTU	$a_3,$b_3		# mul_add_c(a[3],b[3],c1,c2,c3);
+	 $MULTU	($a_3,$b_3)		# mul_add_c(a[3],b[3],c1,c2,c3);
 	$ADDU	$t_2,$at
 	$ADDU	$c_1,$t_2
 	sltu	$at,$c_1,$t_2
 	$ADDU	$c_2,$at
 	$ST	$c_3,5*$BNSZ($a0)
 
-	mflo	$t_1
-	mfhi	$t_2
+	mflo	($t_1,$a_3,$b_3)
+	mfhi	($t_2,$a_3,$b_3)
 	$ADDU	$c_1,$t_1
 	sltu	$at,$c_1,$t_1
 	$ADDU	$t_2,$at
@@ -1888,11 +1904,9 @@ my ($hi,$lo,$c0,$c1,$c2,
                 # commented as "forward multiplication" below];
     )=@_;
 $code.=<<___;
-	mflo	$lo
-	mfhi	$hi
 	$ADDU	$c0,$lo
 	sltu	$at,$c0,$lo
-	 $MULTU	$an,$bn			# forward multiplication
+	 $MULTU	($an,$bn)		# forward multiplication
 	$ADDU	$c0,$lo
 	$ADDU	$at,$hi
 	sltu	$lo,$c0,$lo
@@ -1902,15 +1916,17 @@ ___
 $code.=<<___	if (!$warm);
 	sltu	$c2,$c1,$at
 	$ADDU	$c1,$hi
-	sltu	$hi,$c1,$hi
-	$ADDU	$c2,$hi
 ___
 $code.=<<___	if ($warm);
 	sltu	$at,$c1,$at
 	$ADDU	$c1,$hi
 	$ADDU	$c2,$at
+___
+$code.=<<___;
 	sltu	$hi,$c1,$hi
 	$ADDU	$c2,$hi
+	mflo	($lo,$an,$bn)
+	mfhi	($hi,$an,$bn)
 ___
 }
 
@@ -1940,21 +1956,21 @@ $code.=<<___;
 	$LD	$a_2,2*$BNSZ($a1)
 	$LD	$a_3,3*$BNSZ($a1)
 
-	$MULTU	$a_0,$a_0		# mul_add_c(a[0],b[0],c1,c2,c3);
+	$MULTU	($a_0,$a_0)		# mul_add_c(a[0],b[0],c1,c2,c3);
 	$LD	$a_4,4*$BNSZ($a1)
 	$LD	$a_5,5*$BNSZ($a1)
 	$LD	$a_6,6*$BNSZ($a1)
 	$LD	$a_7,7*$BNSZ($a1)
-	mflo	$c_1
-	mfhi	$c_2
+	mflo	($c_1,$a_0,$a_0)
+	mfhi	($c_2,$a_0,$a_0)
 	$ST	$c_1,0($a0)
 
-	$MULTU	$a_0,$a_1		# mul_add_c2(a[0],b[1],c2,c3,c1);
-	mflo	$t_1
-	mfhi	$t_2
+	$MULTU	($a_0,$a_1)		# mul_add_c2(a[0],b[1],c2,c3,c1);
+	mflo	($t_1,$a_0,$a_1)
+	mfhi	($t_2,$a_0,$a_1)
 	slt	$c_1,$t_2,$zero
 	$SLL	$t_2,1
-	 $MULTU	$a_2,$a_0		# mul_add_c2(a[2],b[0],c3,c1,c2);
+	 $MULTU	($a_2,$a_0)		# mul_add_c2(a[2],b[0],c3,c1,c2);
 	slt	$a2,$t_1,$zero
 	$ADDU	$t_2,$a2
 	$SLL	$t_1,1
@@ -1962,20 +1978,22 @@ $code.=<<___;
 	sltu	$at,$c_2,$t_1
 	$ADDU	$c_3,$t_2,$at
 	$ST	$c_2,$BNSZ($a0)
+	mflo	($t_1,$a_2,$a_0)
+	mfhi	($t_2,$a_2,$a_0)
 ___
 	&add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0,
 		$a_1,$a_1);		# mul_add_c(a[1],b[1],c3,c1,c2);
 $code.=<<___;
-	mflo	$t_1
-	mfhi	$t_2
 	$ADDU	$c_3,$t_1
 	sltu	$at,$c_3,$t_1
-	 $MULTU	$a_0,$a_3		# mul_add_c2(a[0],b[3],c1,c2,c3);
+	 $MULTU	($a_0,$a_3)		# mul_add_c2(a[0],b[3],c1,c2,c3);
 	$ADDU	$t_2,$at
 	$ADDU	$c_1,$t_2
 	sltu	$at,$c_1,$t_2
 	$ADDU	$c_2,$at
 	$ST	$c_3,2*$BNSZ($a0)
+	mflo	($t_1,$a_0,$a_3)
+	mfhi	($t_2,$a_0,$a_3)
 ___
 	&add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0,
 		$a_1,$a_2);		# mul_add_c2(a[1],b[2],c1,c2,c3);
@@ -1989,16 +2007,16 @@ ___
 	&add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1,
 		$a_2,$a_2);		# mul_add_c(a[2],b[2],c2,c3,c1);
 $code.=<<___;
-	mflo	$t_1
-	mfhi	$t_2
 	$ADDU	$c_2,$t_1
 	sltu	$at,$c_2,$t_1
-	 $MULTU	$a_0,$a_5		# mul_add_c2(a[0],b[5],c3,c1,c2);
+	 $MULTU	($a_0,$a_5)		# mul_add_c2(a[0],b[5],c3,c1,c2);
 	$ADDU	$t_2,$at
 	$ADDU	$c_3,$t_2
 	sltu	$at,$c_3,$t_2
 	$ADDU	$c_1,$at
 	$ST	$c_2,4*$BNSZ($a0)
+	mflo	($t_1,$a_0,$a_5)
+	mfhi	($t_2,$a_0,$a_5)
 ___
 	&add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0,
 		$a_1,$a_4);		# mul_add_c2(a[1],b[4],c3,c1,c2);
@@ -2016,16 +2034,16 @@ ___
 	&add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1,
 		$a_3,$a_3);		# mul_add_c(a[3],b[3],c1,c2,c3);
 $code.=<<___;
-	mflo	$t_1
-	mfhi	$t_2
 	$ADDU	$c_1,$t_1
 	sltu	$at,$c_1,$t_1
-	 $MULTU	$a_0,$a_7		# mul_add_c2(a[0],b[7],c2,c3,c1);
+	 $MULTU	($a_0,$a_7)		# mul_add_c2(a[0],b[7],c2,c3,c1);
 	$ADDU	$t_2,$at
 	$ADDU	$c_2,$t_2
 	sltu	$at,$c_2,$t_2
 	$ADDU	$c_3,$at
 	$ST	$c_1,6*$BNSZ($a0)
+	mflo	($t_1,$a_0,$a_7)
+	mfhi	($t_2,$a_0,$a_7)
 ___
 	&add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0,
 		$a_1,$a_6);		# mul_add_c2(a[1],b[6],c2,c3,c1);
@@ -2045,16 +2063,16 @@ ___
 	&add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1,
 		$a_4,$a_4);		# mul_add_c(a[4],b[4],c3,c1,c2);
 $code.=<<___;
-	mflo	$t_1
-	mfhi	$t_2
 	$ADDU	$c_3,$t_1
 	sltu	$at,$c_3,$t_1
-	 $MULTU	$a_2,$a_7		# mul_add_c2(a[2],b[7],c1,c2,c3);
+	 $MULTU	($a_2,$a_7)		# mul_add_c2(a[2],b[7],c1,c2,c3);
 	$ADDU	$t_2,$at
 	$ADDU	$c_1,$t_2
 	sltu	$at,$c_1,$t_2
 	$ADDU	$c_2,$at
 	$ST	$c_3,8*$BNSZ($a0)
+	mflo	($t_1,$a_2,$a_7)
+	mfhi	($t_2,$a_2,$a_7)
 ___
 	&add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0,
 		$a_3,$a_6);		# mul_add_c2(a[3],b[6],c1,c2,c3);
@@ -2070,16 +2088,16 @@ ___
 	&add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1,
 		$a_5,$a_5);		# mul_add_c(a[5],b[5],c2,c3,c1);
 $code.=<<___;
-	mflo	$t_1
-	mfhi	$t_2
 	$ADDU	$c_2,$t_1
 	sltu	$at,$c_2,$t_1
-	 $MULTU	$a_4,$a_7		# mul_add_c2(a[4],b[7],c3,c1,c2);
+	 $MULTU	($a_4,$a_7)		# mul_add_c2(a[4],b[7],c3,c1,c2);
 	$ADDU	$t_2,$at
 	$ADDU	$c_3,$t_2
 	sltu	$at,$c_3,$t_2
 	$ADDU	$c_1,$at
 	$ST	$c_2,10*$BNSZ($a0)
+	mflo	($t_1,$a_4,$a_7)
+	mfhi	($t_2,$a_4,$a_7)
 ___
 	&add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0,
 		$a_5,$a_6);		# mul_add_c2(a[5],b[6],c3,c1,c2);
@@ -2091,24 +2109,22 @@ ___
 	&add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0,
 		$a_6,$a_6);		# mul_add_c(a[6],b[6],c1,c2,c3);
 $code.=<<___;
-	mflo	$t_1
-	mfhi	$t_2
 	$ADDU	$c_1,$t_1
 	sltu	$at,$c_1,$t_1
-	 $MULTU	$a_6,$a_7		# mul_add_c2(a[6],b[7],c2,c3,c1);
+	 $MULTU	($a_6,$a_7)		# mul_add_c2(a[6],b[7],c2,c3,c1);
 	$ADDU	$t_2,$at
 	$ADDU	$c_2,$t_2
 	sltu	$at,$c_2,$t_2
 	$ADDU	$c_3,$at
 	$ST	$c_1,12*$BNSZ($a0)
+	mflo	($t_1,$a_6,$a_7)
+	mfhi	($t_2,$a_6,$a_7)
 ___
 	&add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0,
 		$a_7,$a_7);		# mul_add_c(a[7],b[7],c3,c1,c2);
 $code.=<<___;
 	$ST	$c_2,13*$BNSZ($a0)
 
-	mflo	$t_1
-	mfhi	$t_2
 	$ADDU	$c_3,$t_1
 	sltu	$at,$c_3,$t_1
 	$ADDU	$t_2,$at
@@ -2152,19 +2168,19 @@ $code.=<<___;
 	.set	reorder
 	$LD	$a_0,0($a1)
 	$LD	$a_1,$BNSZ($a1)
-	$MULTU	$a_0,$a_0		# mul_add_c(a[0],b[0],c1,c2,c3);
+	$MULTU	($a_0,$a_0)		# mul_add_c(a[0],b[0],c1,c2,c3);
 	$LD	$a_2,2*$BNSZ($a1)
 	$LD	$a_3,3*$BNSZ($a1)
-	mflo	$c_1
-	mfhi	$c_2
+	mflo	($c_1,$a_0,$a_0)
+	mfhi	($c_2,$a_0,$a_0)
 	$ST	$c_1,0($a0)
 
-	$MULTU	$a_0,$a_1		# mul_add_c2(a[0],b[1],c2,c3,c1);
-	mflo	$t_1
-	mfhi	$t_2
+	$MULTU	($a_0,$a_1)		# mul_add_c2(a[0],b[1],c2,c3,c1);
+	mflo	($t_1,$a_0,$a_1)
+	mfhi	($t_2,$a_0,$a_1)
 	slt	$c_1,$t_2,$zero
 	$SLL	$t_2,1
-	 $MULTU	$a_2,$a_0		# mul_add_c2(a[2],b[0],c3,c1,c2);
+	 $MULTU	($a_2,$a_0)		# mul_add_c2(a[2],b[0],c3,c1,c2);
 	slt	$a2,$t_1,$zero
 	$ADDU	$t_2,$a2
 	$SLL	$t_1,1
@@ -2172,20 +2188,22 @@ $code.=<<___;
 	sltu	$at,$c_2,$t_1
 	$ADDU	$c_3,$t_2,$at
 	$ST	$c_2,$BNSZ($a0)
+	mflo	($t_1,$a_2,$a_0)
+	mfhi	($t_2,$a_2,$a_0)
 ___
 	&add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0,
 		$a_1,$a_1);		# mul_add_c(a[1],b[1],c3,c1,c2);
 $code.=<<___;
-	mflo	$t_1
-	mfhi	$t_2
 	$ADDU	$c_3,$t_1
 	sltu	$at,$c_3,$t_1
-	 $MULTU	$a_0,$a_3		# mul_add_c2(a[0],b[3],c1,c2,c3);
+	 $MULTU	($a_0,$a_3)		# mul_add_c2(a[0],b[3],c1,c2,c3);
 	$ADDU	$t_2,$at
 	$ADDU	$c_1,$t_2
 	sltu	$at,$c_1,$t_2
 	$ADDU	$c_2,$at
 	$ST	$c_3,2*$BNSZ($a0)
+	mflo	($t_1,$a_0,$a_3)
+	mfhi	($t_2,$a_0,$a_3)
 ___
 	&add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0,
 		$a_1,$a_2);		# mul_add_c2(a2[1],b[2],c1,c2,c3);
@@ -2197,24 +2215,22 @@ ___
 	&add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0,
 		$a_2,$a_2);		# mul_add_c(a[2],b[2],c2,c3,c1);
 $code.=<<___;
-	mflo	$t_1
-	mfhi	$t_2
 	$ADDU	$c_2,$t_1
 	sltu	$at,$c_2,$t_1
-	 $MULTU	$a_2,$a_3		# mul_add_c2(a[2],b[3],c3,c1,c2);
+	 $MULTU	($a_2,$a_3)		# mul_add_c2(a[2],b[3],c3,c1,c2);
 	$ADDU	$t_2,$at
 	$ADDU	$c_3,$t_2
 	sltu	$at,$c_3,$t_2
 	$ADDU	$c_1,$at
 	$ST	$c_2,4*$BNSZ($a0)
+	mflo	($t_1,$a_2,$a_3)
+	mfhi	($t_2,$a_2,$a_3)
 ___
 	&add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0,
 		$a_3,$a_3);		# mul_add_c(a[3],b[3],c1,c2,c3);
 $code.=<<___;
 	$ST	$c_3,5*$BNSZ($a0)
 
-	mflo	$t_1
-	mfhi	$t_2
 	$ADDU	$c_1,$t_1
 	sltu	$at,$c_1,$t_1
 	$ADDU	$t_2,$at
diff --git a/deps/openssl/openssl/crypto/bn/asm/pa-risc2.s b/deps/openssl/openssl/crypto/bn/asm/pa-risc2.s
deleted file mode 100644
index 413eac7123..0000000000
--- a/deps/openssl/openssl/crypto/bn/asm/pa-risc2.s
+++ /dev/null
@@ -1,1624 +0,0 @@
-; Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
-;
-; Licensed under the OpenSSL license (the "License").  You may not use
-; this file except in compliance with the License.  You can obtain a copy
-; in the file LICENSE in the source distribution or at
-; https://www.openssl.org/source/license.html
-;
-; PA-RISC 2.0 implementation of bn_asm code, based on the
-; 64-bit version of the code.  This code is effectively the
-; same as the 64-bit version except the register model is
-; slightly different given all values must be 32-bit between
-; function calls.  Thus the 64-bit return values are returned
-; in %ret0 and %ret1 vs just %ret0 as is done in 64-bit
-;
-;
-; This code is approximately 2x faster than the C version
-; for RSA/DSA.
-;
-; See http://devresource.hp.com/  for more details on the PA-RISC
-; architecture.  Also see the book "PA-RISC 2.0 Architecture"
-; by Gerry Kane for information on the instruction set architecture.
-;
-; Code written by Chris Ruemmler (with some help from the HP C
-; compiler).
-;
-; The code compiles with HP's assembler
-;
-
-	.level	2.0N
-	.space	$TEXT$
-	.subspa	$CODE$,QUAD=0,ALIGN=8,ACCESS=0x2c,CODE_ONLY
-
-;
-; Global Register definitions used for the routines.
-;
-; Some information about HP's runtime architecture for 32-bits.
-;
-; "Caller save" means the calling function must save the register
-; if it wants the register to be preserved.
-; "Callee save" means if a function uses the register, it must save
-; the value before using it.
-;
-; For the floating point registers 
-;
-;    "caller save" registers: fr4-fr11, fr22-fr31
-;    "callee save" registers: fr12-fr21
-;    "special" registers: fr0-fr3 (status and exception registers)
-;
-; For the integer registers
-;     value zero             :  r0
-;     "caller save" registers: r1,r19-r26
-;     "callee save" registers: r3-r18
-;     return register        :  r2  (rp)
-;     return values          ; r28,r29  (ret0,ret1)
-;     Stack pointer          ; r30  (sp) 
-;     millicode return ptr   ; r31  (also a caller save register)
-
-
-;
-; Arguments to the routines
-;
-r_ptr       .reg %r26
-a_ptr       .reg %r25
-b_ptr       .reg %r24
-num         .reg %r24
-n           .reg %r23
-
-;
-; Note that the "w" argument for bn_mul_add_words and bn_mul_words
-; is passed on the stack at a delta of -56 from the top of stack
-; as the routine is entered.
-;
-
-;
-; Globals used in some routines
-;
-
-top_overflow .reg %r23
-high_mask    .reg %r22    ; value 0xffffffff80000000L
-
-
-;------------------------------------------------------------------------------
-;
-; bn_mul_add_words
-;
-;BN_ULONG bn_mul_add_words(BN_ULONG *r_ptr, BN_ULONG *a_ptr, 
-;								int num, BN_ULONG w)
-;
-; arg0 = r_ptr
-; arg1 = a_ptr
-; arg3 = num
-; -56(sp) =  w
-;
-; Local register definitions
-;
-
-fm1          .reg %fr22
-fm           .reg %fr23
-ht_temp      .reg %fr24
-ht_temp_1    .reg %fr25
-lt_temp      .reg %fr26
-lt_temp_1    .reg %fr27
-fm1_1        .reg %fr28
-fm_1         .reg %fr29
-
-fw_h         .reg %fr7L
-fw_l         .reg %fr7R
-fw           .reg %fr7
-
-fht_0        .reg %fr8L
-flt_0        .reg %fr8R
-t_float_0    .reg %fr8
-
-fht_1        .reg %fr9L
-flt_1        .reg %fr9R
-t_float_1    .reg %fr9
-
-tmp_0        .reg %r31
-tmp_1        .reg %r21
-m_0          .reg %r20 
-m_1          .reg %r19 
-ht_0         .reg %r1  
-ht_1         .reg %r3
-lt_0         .reg %r4
-lt_1         .reg %r5
-m1_0         .reg %r6 
-m1_1         .reg %r7 
-rp_val       .reg %r8
-rp_val_1     .reg %r9
-
-bn_mul_add_words
-	.export	bn_mul_add_words,entry,NO_RELOCATION,LONG_RETURN
-	.proc
-	.callinfo frame=128
-    .entry
-	.align 64
-
-    STD     %r3,0(%sp)          ; save r3  
-    STD     %r4,8(%sp)          ; save r4  
-	NOP                         ; Needed to make the loop 16-byte aligned
-	NOP                         ; needed to make the loop 16-byte aligned
-
-    STD     %r5,16(%sp)         ; save r5  
-	NOP
-    STD     %r6,24(%sp)         ; save r6  
-    STD     %r7,32(%sp)         ; save r7  
-
-    STD     %r8,40(%sp)         ; save r8  
-    STD     %r9,48(%sp)         ; save r9  
-    COPY    %r0,%ret1           ; return 0 by default
-    DEPDI,Z 1,31,1,top_overflow ; top_overflow = 1 << 32    
-
-    CMPIB,>= 0,num,bn_mul_add_words_exit  ; if (num <= 0) then exit
-	LDO     128(%sp),%sp        ; bump stack
-
-	;
-	; The loop is unrolled twice, so if there is only 1 number
-    ; then go straight to the cleanup code.
-	;
-	CMPIB,= 1,num,bn_mul_add_words_single_top
-	FLDD    -184(%sp),fw        ; (-56-128) load up w into fw (fw_h/fw_l)
-
-	;
-	; This loop is unrolled 2 times (64-byte aligned as well)
-	;
-	; PA-RISC 2.0 chips have two fully pipelined multipliers, thus
-    ; two 32-bit mutiplies can be issued per cycle.
-    ; 
-bn_mul_add_words_unroll2
-
-    FLDD    0(a_ptr),t_float_0       ; load up 64-bit value (fr8L) ht(L)/lt(R)
-    FLDD    8(a_ptr),t_float_1       ; load up 64-bit value (fr8L) ht(L)/lt(R)
-    LDD     0(r_ptr),rp_val          ; rp[0]
-    LDD     8(r_ptr),rp_val_1        ; rp[1]
-
-    XMPYU   fht_0,fw_l,fm1           ; m1[0] = fht_0*fw_l
-    XMPYU   fht_1,fw_l,fm1_1         ; m1[1] = fht_1*fw_l
-    FSTD    fm1,-16(%sp)             ; -16(sp) = m1[0]
-    FSTD    fm1_1,-48(%sp)           ; -48(sp) = m1[1]
-
-    XMPYU   flt_0,fw_h,fm            ; m[0] = flt_0*fw_h
-    XMPYU   flt_1,fw_h,fm_1          ; m[1] = flt_1*fw_h
-    FSTD    fm,-8(%sp)               ; -8(sp) = m[0]
-    FSTD    fm_1,-40(%sp)            ; -40(sp) = m[1]
-
-    XMPYU   fht_0,fw_h,ht_temp       ; ht_temp   = fht_0*fw_h
-    XMPYU   fht_1,fw_h,ht_temp_1     ; ht_temp_1 = fht_1*fw_h
-    FSTD    ht_temp,-24(%sp)         ; -24(sp)   = ht_temp
-    FSTD    ht_temp_1,-56(%sp)       ; -56(sp)   = ht_temp_1
-
-    XMPYU   flt_0,fw_l,lt_temp       ; lt_temp = lt*fw_l
-    XMPYU   flt_1,fw_l,lt_temp_1     ; lt_temp = lt*fw_l
-    FSTD    lt_temp,-32(%sp)         ; -32(sp) = lt_temp 
-    FSTD    lt_temp_1,-64(%sp)       ; -64(sp) = lt_temp_1 
-
-    LDD     -8(%sp),m_0              ; m[0] 
-    LDD     -40(%sp),m_1             ; m[1]
-    LDD     -16(%sp),m1_0            ; m1[0]
-    LDD     -48(%sp),m1_1            ; m1[1]
-
-    LDD     -24(%sp),ht_0            ; ht[0]
-    LDD     -56(%sp),ht_1            ; ht[1]
-    ADD,L   m1_0,m_0,tmp_0           ; tmp_0 = m[0] + m1[0]; 
-    ADD,L   m1_1,m_1,tmp_1           ; tmp_1 = m[1] + m1[1]; 
-
-    LDD     -32(%sp),lt_0            
-    LDD     -64(%sp),lt_1            
-    CMPCLR,*>>= tmp_0,m1_0, %r0      ; if (m[0] < m1[0])
-    ADD,L   ht_0,top_overflow,ht_0   ; ht[0] += (1<<32)
-
-    CMPCLR,*>>= tmp_1,m1_1,%r0       ; if (m[1] < m1[1])
-    ADD,L   ht_1,top_overflow,ht_1   ; ht[1] += (1<<32)
-    EXTRD,U tmp_0,31,32,m_0          ; m[0]>>32  
-    DEPD,Z  tmp_0,31,32,m1_0         ; m1[0] = m[0]<<32 
-
-    EXTRD,U tmp_1,31,32,m_1          ; m[1]>>32  
-    DEPD,Z  tmp_1,31,32,m1_1         ; m1[1] = m[1]<<32 
-    ADD,L   ht_0,m_0,ht_0            ; ht[0]+= (m[0]>>32)
-    ADD,L   ht_1,m_1,ht_1            ; ht[1]+= (m[1]>>32)
-
-    ADD     lt_0,m1_0,lt_0           ; lt[0] = lt[0]+m1[0];
-	ADD,DC  ht_0,%r0,ht_0            ; ht[0]++
-    ADD     lt_1,m1_1,lt_1           ; lt[1] = lt[1]+m1[1];
-    ADD,DC  ht_1,%r0,ht_1            ; ht[1]++
-
-    ADD    %ret1,lt_0,lt_0           ; lt[0] = lt[0] + c;
-	ADD,DC  ht_0,%r0,ht_0            ; ht[0]++
-    ADD     lt_0,rp_val,lt_0         ; lt[0] = lt[0]+rp[0]
-    ADD,DC  ht_0,%r0,ht_0            ; ht[0]++
-
-	LDO    -2(num),num               ; num = num - 2;
-    ADD     ht_0,lt_1,lt_1           ; lt[1] = lt[1] + ht_0 (c);
-    ADD,DC  ht_1,%r0,ht_1            ; ht[1]++
-    STD     lt_0,0(r_ptr)            ; rp[0] = lt[0]
-
-    ADD     lt_1,rp_val_1,lt_1       ; lt[1] = lt[1]+rp[1]
-    ADD,DC  ht_1,%r0,%ret1           ; ht[1]++
-    LDO     16(a_ptr),a_ptr          ; a_ptr += 2
-
-    STD     lt_1,8(r_ptr)            ; rp[1] = lt[1]
-	CMPIB,<= 2,num,bn_mul_add_words_unroll2 ; go again if more to do
-    LDO     16(r_ptr),r_ptr          ; r_ptr += 2
-
-    CMPIB,=,N 0,num,bn_mul_add_words_exit ; are we done, or cleanup last one
-
-	;
-	; Top of loop aligned on 64-byte boundary
-	;
-bn_mul_add_words_single_top
-    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
-    LDD     0(r_ptr),rp_val           ; rp[0]
-    LDO     8(a_ptr),a_ptr            ; a_ptr++
-    XMPYU   fht_0,fw_l,fm1            ; m1 = ht*fw_l
-    FSTD    fm1,-16(%sp)              ; -16(sp) = m1
-    XMPYU   flt_0,fw_h,fm             ; m = lt*fw_h
-    FSTD    fm,-8(%sp)                ; -8(sp) = m
-    XMPYU   fht_0,fw_h,ht_temp        ; ht_temp = ht*fw_h
-    FSTD    ht_temp,-24(%sp)          ; -24(sp) = ht
-    XMPYU   flt_0,fw_l,lt_temp        ; lt_temp = lt*fw_l
-    FSTD    lt_temp,-32(%sp)          ; -32(sp) = lt 
-
-    LDD     -8(%sp),m_0               
-    LDD    -16(%sp),m1_0              ; m1 = temp1 
-    ADD,L   m_0,m1_0,tmp_0            ; tmp_0 = m + m1; 
-    LDD     -24(%sp),ht_0             
-    LDD     -32(%sp),lt_0             
-
-    CMPCLR,*>>= tmp_0,m1_0,%r0        ; if (m < m1)
-    ADD,L   ht_0,top_overflow,ht_0    ; ht += (1<<32)
-
-    EXTRD,U tmp_0,31,32,m_0           ; m>>32  
-    DEPD,Z  tmp_0,31,32,m1_0          ; m1 = m<<32 
-
-    ADD,L   ht_0,m_0,ht_0             ; ht+= (m>>32)
-    ADD     lt_0,m1_0,tmp_0           ; tmp_0 = lt+m1;
-    ADD,DC  ht_0,%r0,ht_0             ; ht++
-    ADD     %ret1,tmp_0,lt_0          ; lt = lt + c;
-    ADD,DC  ht_0,%r0,ht_0             ; ht++
-    ADD     lt_0,rp_val,lt_0          ; lt = lt+rp[0]
-    ADD,DC  ht_0,%r0,%ret1            ; ht++
-    STD     lt_0,0(r_ptr)             ; rp[0] = lt
-
-bn_mul_add_words_exit
-    .EXIT
-	
-    EXTRD,U %ret1,31,32,%ret0         ; for 32-bit, return in ret0/ret1
-    LDD     -80(%sp),%r9              ; restore r9  
-    LDD     -88(%sp),%r8              ; restore r8  
-    LDD     -96(%sp),%r7              ; restore r7  
-    LDD     -104(%sp),%r6             ; restore r6  
-    LDD     -112(%sp),%r5             ; restore r5  
-    LDD     -120(%sp),%r4             ; restore r4  
-    BVE     (%rp)
-    LDD,MB  -128(%sp),%r3             ; restore r3
-	.PROCEND	;in=23,24,25,26,29;out=28;
-
-;----------------------------------------------------------------------------
-;
-;BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
-;
-; arg0 = rp
-; arg1 = ap
-; arg3 = num
-; w on stack at -56(sp)
-
-bn_mul_words
-	.proc
-	.callinfo frame=128
-    .entry
-	.EXPORT	bn_mul_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-	.align 64
-
-    STD     %r3,0(%sp)          ; save r3  
-    STD     %r4,8(%sp)          ; save r4  
-	NOP
-    STD     %r5,16(%sp)         ; save r5  
-
-    STD     %r6,24(%sp)         ; save r6  
-    STD     %r7,32(%sp)         ; save r7  
-    COPY    %r0,%ret1           ; return 0 by default
-    DEPDI,Z 1,31,1,top_overflow ; top_overflow = 1 << 32    
-
-    CMPIB,>= 0,num,bn_mul_words_exit
-	LDO     128(%sp),%sp    ; bump stack
-
-	;
-	; See if only 1 word to do, thus just do cleanup
-	;
-	CMPIB,= 1,num,bn_mul_words_single_top
-	FLDD    -184(%sp),fw        ; (-56-128) load up w into fw (fw_h/fw_l)
-
-	;
-	; This loop is unrolled 2 times (64-byte aligned as well)
-	;
-	; PA-RISC 2.0 chips have two fully pipelined multipliers, thus
-    ; two 32-bit mutiplies can be issued per cycle.
-    ; 
-bn_mul_words_unroll2
-
-    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
-    FLDD    8(a_ptr),t_float_1        ; load up 64-bit value (fr8L) ht(L)/lt(R)
-    XMPYU   fht_0,fw_l,fm1            ; m1[0] = fht_0*fw_l
-    XMPYU   fht_1,fw_l,fm1_1          ; m1[1] = ht*fw_l
-
-    FSTD    fm1,-16(%sp)              ; -16(sp) = m1
-    FSTD    fm1_1,-48(%sp)            ; -48(sp) = m1
-    XMPYU   flt_0,fw_h,fm             ; m = lt*fw_h
-    XMPYU   flt_1,fw_h,fm_1           ; m = lt*fw_h
-
-    FSTD    fm,-8(%sp)                ; -8(sp) = m
-    FSTD    fm_1,-40(%sp)             ; -40(sp) = m
-    XMPYU   fht_0,fw_h,ht_temp        ; ht_temp = fht_0*fw_h
-    XMPYU   fht_1,fw_h,ht_temp_1      ; ht_temp = ht*fw_h
-
-    FSTD    ht_temp,-24(%sp)          ; -24(sp) = ht
-    FSTD    ht_temp_1,-56(%sp)        ; -56(sp) = ht
-    XMPYU   flt_0,fw_l,lt_temp        ; lt_temp = lt*fw_l
-    XMPYU   flt_1,fw_l,lt_temp_1      ; lt_temp = lt*fw_l
-
-    FSTD    lt_temp,-32(%sp)          ; -32(sp) = lt 
-    FSTD    lt_temp_1,-64(%sp)        ; -64(sp) = lt 
-    LDD     -8(%sp),m_0               
-    LDD     -40(%sp),m_1              
-
-    LDD    -16(%sp),m1_0              
-    LDD    -48(%sp),m1_1              
-    LDD     -24(%sp),ht_0             
-    LDD     -56(%sp),ht_1             
-
-    ADD,L   m1_0,m_0,tmp_0            ; tmp_0 = m + m1; 
-    ADD,L   m1_1,m_1,tmp_1            ; tmp_1 = m + m1; 
-    LDD     -32(%sp),lt_0             
-    LDD     -64(%sp),lt_1             
-
-    CMPCLR,*>>= tmp_0,m1_0, %r0       ; if (m < m1)
-    ADD,L   ht_0,top_overflow,ht_0    ; ht += (1<<32)
-    CMPCLR,*>>= tmp_1,m1_1,%r0        ; if (m < m1)
-    ADD,L   ht_1,top_overflow,ht_1    ; ht += (1<<32)
-
-    EXTRD,U tmp_0,31,32,m_0           ; m>>32  
-    DEPD,Z  tmp_0,31,32,m1_0          ; m1 = m<<32 
-    EXTRD,U tmp_1,31,32,m_1           ; m>>32  
-    DEPD,Z  tmp_1,31,32,m1_1          ; m1 = m<<32 
-
-    ADD,L   ht_0,m_0,ht_0             ; ht+= (m>>32)
-    ADD,L   ht_1,m_1,ht_1             ; ht+= (m>>32)
-    ADD     lt_0,m1_0,lt_0            ; lt = lt+m1;
-	ADD,DC  ht_0,%r0,ht_0             ; ht++
-
-    ADD     lt_1,m1_1,lt_1            ; lt = lt+m1;
-    ADD,DC  ht_1,%r0,ht_1             ; ht++
-    ADD    %ret1,lt_0,lt_0            ; lt = lt + c (ret1);
-	ADD,DC  ht_0,%r0,ht_0             ; ht++
-
-    ADD     ht_0,lt_1,lt_1            ; lt = lt + c (ht_0)
-    ADD,DC  ht_1,%r0,ht_1             ; ht++
-    STD     lt_0,0(r_ptr)             ; rp[0] = lt
-    STD     lt_1,8(r_ptr)             ; rp[1] = lt
-
-	COPY    ht_1,%ret1                ; carry = ht
-	LDO    -2(num),num                ; num = num - 2;
-    LDO     16(a_ptr),a_ptr           ; ap += 2
-	CMPIB,<= 2,num,bn_mul_words_unroll2
-    LDO     16(r_ptr),r_ptr           ; rp++
-
-    CMPIB,=,N 0,num,bn_mul_words_exit ; are we done?
-
-	;
-	; Top of loop aligned on 64-byte boundary
-	;
-bn_mul_words_single_top
-    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
-
-    XMPYU   fht_0,fw_l,fm1            ; m1 = ht*fw_l
-    FSTD    fm1,-16(%sp)              ; -16(sp) = m1
-    XMPYU   flt_0,fw_h,fm             ; m = lt*fw_h
-    FSTD    fm,-8(%sp)                ; -8(sp) = m
-    XMPYU   fht_0,fw_h,ht_temp        ; ht_temp = ht*fw_h
-    FSTD    ht_temp,-24(%sp)          ; -24(sp) = ht
-    XMPYU   flt_0,fw_l,lt_temp        ; lt_temp = lt*fw_l
-    FSTD    lt_temp,-32(%sp)          ; -32(sp) = lt 
-
-    LDD     -8(%sp),m_0               
-    LDD    -16(%sp),m1_0              
-    ADD,L   m_0,m1_0,tmp_0            ; tmp_0 = m + m1; 
-    LDD     -24(%sp),ht_0             
-    LDD     -32(%sp),lt_0             
-
-    CMPCLR,*>>= tmp_0,m1_0,%r0        ; if (m < m1)
-    ADD,L   ht_0,top_overflow,ht_0    ; ht += (1<<32)
-
-    EXTRD,U tmp_0,31,32,m_0           ; m>>32  
-    DEPD,Z  tmp_0,31,32,m1_0          ; m1 = m<<32 
-
-    ADD,L   ht_0,m_0,ht_0             ; ht+= (m>>32)
-    ADD     lt_0,m1_0,lt_0            ; lt= lt+m1;
-    ADD,DC  ht_0,%r0,ht_0             ; ht++
-
-    ADD     %ret1,lt_0,lt_0           ; lt = lt + c;
-    ADD,DC  ht_0,%r0,ht_0             ; ht++
-
-    COPY    ht_0,%ret1                ; copy carry
-    STD     lt_0,0(r_ptr)             ; rp[0] = lt
-
-bn_mul_words_exit
-    .EXIT
-    EXTRD,U %ret1,31,32,%ret0           ; for 32-bit, return in ret0/ret1
-    LDD     -96(%sp),%r7              ; restore r7  
-    LDD     -104(%sp),%r6             ; restore r6  
-    LDD     -112(%sp),%r5             ; restore r5  
-    LDD     -120(%sp),%r4             ; restore r4  
-    BVE     (%rp)
-    LDD,MB  -128(%sp),%r3             ; restore r3
-	.PROCEND	
-
-;----------------------------------------------------------------------------
-;
-;void bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num)
-;
-; arg0 = rp
-; arg1 = ap
-; arg2 = num
-;
-
-bn_sqr_words
-	.proc
-	.callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
-	.EXPORT	bn_sqr_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-    .entry
-	.align 64
-
-    STD     %r3,0(%sp)          ; save r3  
-    STD     %r4,8(%sp)          ; save r4  
-	NOP
-    STD     %r5,16(%sp)         ; save r5  
-
-    CMPIB,>= 0,num,bn_sqr_words_exit
-	LDO     128(%sp),%sp       ; bump stack
-
-	;
-	; If only 1, the goto straight to cleanup
-	;
-	CMPIB,= 1,num,bn_sqr_words_single_top
-    DEPDI,Z -1,32,33,high_mask   ; Create Mask 0xffffffff80000000L
-
-	;
-	; This loop is unrolled 2 times (64-byte aligned as well)
-	;
-
-bn_sqr_words_unroll2
-    FLDD    0(a_ptr),t_float_0        ; a[0]
-    FLDD    8(a_ptr),t_float_1        ; a[1]
-    XMPYU   fht_0,flt_0,fm            ; m[0]
-    XMPYU   fht_1,flt_1,fm_1          ; m[1]
-
-    FSTD    fm,-24(%sp)               ; store m[0]
-    FSTD    fm_1,-56(%sp)             ; store m[1]
-    XMPYU   flt_0,flt_0,lt_temp       ; lt[0]
-    XMPYU   flt_1,flt_1,lt_temp_1     ; lt[1]
-
-    FSTD    lt_temp,-16(%sp)          ; store lt[0]
-    FSTD    lt_temp_1,-48(%sp)        ; store lt[1]
-    XMPYU   fht_0,fht_0,ht_temp       ; ht[0]
-    XMPYU   fht_1,fht_1,ht_temp_1     ; ht[1]
-
-    FSTD    ht_temp,-8(%sp)           ; store ht[0]
-    FSTD    ht_temp_1,-40(%sp)        ; store ht[1]
-    LDD     -24(%sp),m_0             
-    LDD     -56(%sp),m_1              
-
-    AND     m_0,high_mask,tmp_0       ; m[0] & Mask
-    AND     m_1,high_mask,tmp_1       ; m[1] & Mask
-    DEPD,Z  m_0,30,31,m_0             ; m[0] << 32+1
-    DEPD,Z  m_1,30,31,m_1             ; m[1] << 32+1
-
-    LDD     -16(%sp),lt_0        
-    LDD     -48(%sp),lt_1        
-    EXTRD,U tmp_0,32,33,tmp_0         ; tmp_0 = m[0]&Mask >> 32-1
-    EXTRD,U tmp_1,32,33,tmp_1         ; tmp_1 = m[1]&Mask >> 32-1
-
-    LDD     -8(%sp),ht_0            
-    LDD     -40(%sp),ht_1           
-    ADD,L   ht_0,tmp_0,ht_0           ; ht[0] += tmp_0
-    ADD,L   ht_1,tmp_1,ht_1           ; ht[1] += tmp_1
-
-    ADD     lt_0,m_0,lt_0             ; lt = lt+m
-    ADD,DC  ht_0,%r0,ht_0             ; ht[0]++
-    STD     lt_0,0(r_ptr)             ; rp[0] = lt[0]
-    STD     ht_0,8(r_ptr)             ; rp[1] = ht[1]
-
-    ADD     lt_1,m_1,lt_1             ; lt = lt+m
-    ADD,DC  ht_1,%r0,ht_1             ; ht[1]++
-    STD     lt_1,16(r_ptr)            ; rp[2] = lt[1]
-    STD     ht_1,24(r_ptr)            ; rp[3] = ht[1]
-
-	LDO    -2(num),num                ; num = num - 2;
-    LDO     16(a_ptr),a_ptr           ; ap += 2
-	CMPIB,<= 2,num,bn_sqr_words_unroll2
-    LDO     32(r_ptr),r_ptr           ; rp += 4
-
-    CMPIB,=,N 0,num,bn_sqr_words_exit ; are we done?
-
-	;
-	; Top of loop aligned on 64-byte boundary
-	;
-bn_sqr_words_single_top
-    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
-
-    XMPYU   fht_0,flt_0,fm            ; m
-    FSTD    fm,-24(%sp)               ; store m
-
-    XMPYU   flt_0,flt_0,lt_temp       ; lt
-    FSTD    lt_temp,-16(%sp)          ; store lt
-
-    XMPYU   fht_0,fht_0,ht_temp       ; ht
-    FSTD    ht_temp,-8(%sp)           ; store ht
-
-    LDD     -24(%sp),m_0              ; load m
-    AND     m_0,high_mask,tmp_0       ; m & Mask
-    DEPD,Z  m_0,30,31,m_0             ; m << 32+1
-    LDD     -16(%sp),lt_0             ; lt
-
-    LDD     -8(%sp),ht_0              ; ht
-    EXTRD,U tmp_0,32,33,tmp_0         ; tmp_0 = m&Mask >> 32-1
-    ADD     m_0,lt_0,lt_0             ; lt = lt+m
-    ADD,L   ht_0,tmp_0,ht_0           ; ht += tmp_0
-    ADD,DC  ht_0,%r0,ht_0             ; ht++
-
-    STD     lt_0,0(r_ptr)             ; rp[0] = lt
-    STD     ht_0,8(r_ptr)             ; rp[1] = ht
-
-bn_sqr_words_exit
-    .EXIT
-    LDD     -112(%sp),%r5       ; restore r5  
-    LDD     -120(%sp),%r4       ; restore r4  
-    BVE     (%rp)
-    LDD,MB  -128(%sp),%r3 
-	.PROCEND	;in=23,24,25,26,29;out=28;
-
-
-;----------------------------------------------------------------------------
-;
-;BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
-;
-; arg0 = rp 
-; arg1 = ap
-; arg2 = bp 
-; arg3 = n
-
-t  .reg %r22
-b  .reg %r21
-l  .reg %r20
-
-bn_add_words
-	.proc
-    .entry
-	.callinfo
-	.EXPORT	bn_add_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-	.align 64
-
-    CMPIB,>= 0,n,bn_add_words_exit
-    COPY    %r0,%ret1           ; return 0 by default
-
-	;
-	; If 2 or more numbers do the loop
-	;
-	CMPIB,= 1,n,bn_add_words_single_top
-	NOP
-
-	;
-	; This loop is unrolled 2 times (64-byte aligned as well)
-	;
-bn_add_words_unroll2
-	LDD     0(a_ptr),t
-	LDD     0(b_ptr),b
-	ADD     t,%ret1,t                    ; t = t+c;
-	ADD,DC  %r0,%r0,%ret1                ; set c to carry
-	ADD     t,b,l                        ; l = t + b[0]
-	ADD,DC  %ret1,%r0,%ret1              ; c+= carry
-	STD     l,0(r_ptr)
-
-	LDD     8(a_ptr),t
-	LDD     8(b_ptr),b
-	ADD     t,%ret1,t                     ; t = t+c;
-	ADD,DC  %r0,%r0,%ret1                 ; set c to carry
-	ADD     t,b,l                         ; l = t + b[0]
-	ADD,DC  %ret1,%r0,%ret1               ; c+= carry
-	STD     l,8(r_ptr)
-
-	LDO     -2(n),n
-	LDO     16(a_ptr),a_ptr
-	LDO     16(b_ptr),b_ptr
-
-	CMPIB,<= 2,n,bn_add_words_unroll2
-	LDO     16(r_ptr),r_ptr
-
-    CMPIB,=,N 0,n,bn_add_words_exit ; are we done?
-
-bn_add_words_single_top
-	LDD     0(a_ptr),t
-	LDD     0(b_ptr),b
-
-	ADD     t,%ret1,t                 ; t = t+c;
-	ADD,DC  %r0,%r0,%ret1             ; set c to carry (could use CMPCLR??)
-	ADD     t,b,l                     ; l = t + b[0]
-	ADD,DC  %ret1,%r0,%ret1           ; c+= carry
-	STD     l,0(r_ptr)
-
-bn_add_words_exit
-    .EXIT
-    BVE     (%rp)
-    EXTRD,U %ret1,31,32,%ret0           ; for 32-bit, return in ret0/ret1
-	.PROCEND	;in=23,24,25,26,29;out=28;
-
-;----------------------------------------------------------------------------
-;
-;BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
-;
-; arg0 = rp 
-; arg1 = ap
-; arg2 = bp 
-; arg3 = n
-
-t1       .reg %r22
-t2       .reg %r21
-sub_tmp1 .reg %r20
-sub_tmp2 .reg %r19
-
-
-bn_sub_words
-	.proc
-	.callinfo 
-	.EXPORT	bn_sub_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-    .entry
-	.align 64
-
-    CMPIB,>=  0,n,bn_sub_words_exit
-    COPY    %r0,%ret1           ; return 0 by default
-
-	;
-	; If 2 or more numbers do the loop
-	;
-	CMPIB,= 1,n,bn_sub_words_single_top
-	NOP
-
-	;
-	; This loop is unrolled 2 times (64-byte aligned as well)
-	;
-bn_sub_words_unroll2
-	LDD     0(a_ptr),t1
-	LDD     0(b_ptr),t2
-	SUB     t1,t2,sub_tmp1           ; t3 = t1-t2; 
-	SUB     sub_tmp1,%ret1,sub_tmp1  ; t3 = t3- c; 
-
-	CMPCLR,*>> t1,t2,sub_tmp2        ; clear if t1 > t2
-	LDO      1(%r0),sub_tmp2
-	
-	CMPCLR,*= t1,t2,%r0
-	COPY    sub_tmp2,%ret1
-	STD     sub_tmp1,0(r_ptr)
-
-	LDD     8(a_ptr),t1
-	LDD     8(b_ptr),t2
-	SUB     t1,t2,sub_tmp1            ; t3 = t1-t2; 
-	SUB     sub_tmp1,%ret1,sub_tmp1   ; t3 = t3- c; 
-	CMPCLR,*>> t1,t2,sub_tmp2         ; clear if t1 > t2
-	LDO      1(%r0),sub_tmp2
-	
-	CMPCLR,*= t1,t2,%r0
-	COPY    sub_tmp2,%ret1
-	STD     sub_tmp1,8(r_ptr)
-
-	LDO     -2(n),n
-	LDO     16(a_ptr),a_ptr
-	LDO     16(b_ptr),b_ptr
-
-	CMPIB,<= 2,n,bn_sub_words_unroll2
-	LDO     16(r_ptr),r_ptr
-
-    CMPIB,=,N 0,n,bn_sub_words_exit ; are we done?
-
-bn_sub_words_single_top
-	LDD     0(a_ptr),t1
-	LDD     0(b_ptr),t2
-	SUB     t1,t2,sub_tmp1            ; t3 = t1-t2; 
-	SUB     sub_tmp1,%ret1,sub_tmp1   ; t3 = t3- c; 
-	CMPCLR,*>> t1,t2,sub_tmp2         ; clear if t1 > t2
-	LDO      1(%r0),sub_tmp2
-	
-	CMPCLR,*= t1,t2,%r0
-	COPY    sub_tmp2,%ret1
-
-	STD     sub_tmp1,0(r_ptr)
-
-bn_sub_words_exit
-    .EXIT
-    BVE     (%rp)
-    EXTRD,U %ret1,31,32,%ret0           ; for 32-bit, return in ret0/ret1
-	.PROCEND	;in=23,24,25,26,29;out=28;
-
-;------------------------------------------------------------------------------
-;
-; unsigned long bn_div_words(unsigned long h, unsigned long l, unsigned long d)
-;
-; arg0 = h
-; arg1 = l
-; arg2 = d
-;
-; This is mainly just output from the HP C compiler.  
-;
-;------------------------------------------------------------------------------
-bn_div_words
-	.PROC
-	.EXPORT	bn_div_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,RTNVAL=GR,LONG_RETURN
-	.IMPORT	BN_num_bits_word,CODE
-	;--- not PIC	.IMPORT	__iob,DATA
-	;--- not PIC	.IMPORT	fprintf,CODE
-	.IMPORT	abort,CODE
-	.IMPORT	$$div2U,MILLICODE
-	.CALLINFO CALLER,FRAME=144,ENTRY_GR=%r9,SAVE_RP,ARGS_SAVED,ORDERING_AWARE
-        .ENTRY
-        STW     %r2,-20(%r30)   ;offset 0x8ec
-        STW,MA  %r3,192(%r30)   ;offset 0x8f0
-        STW     %r4,-188(%r30)  ;offset 0x8f4
-        DEPD    %r5,31,32,%r6   ;offset 0x8f8
-        STD     %r6,-184(%r30)  ;offset 0x8fc
-        DEPD    %r7,31,32,%r8   ;offset 0x900
-        STD     %r8,-176(%r30)  ;offset 0x904
-        STW     %r9,-168(%r30)  ;offset 0x908
-        LDD     -248(%r30),%r3  ;offset 0x90c
-        COPY    %r26,%r4        ;offset 0x910
-        COPY    %r24,%r5        ;offset 0x914
-        DEPD    %r25,31,32,%r4  ;offset 0x918
-        CMPB,*<>        %r3,%r0,$0006000C       ;offset 0x91c
-        DEPD    %r23,31,32,%r5  ;offset 0x920
-        MOVIB,TR        -1,%r29,$00060002       ;offset 0x924
-        EXTRD,U %r29,31,32,%r28 ;offset 0x928
-$0006002A
-        LDO     -1(%r29),%r29   ;offset 0x92c
-        SUB     %r23,%r7,%r23   ;offset 0x930
-$00060024
-        SUB     %r4,%r31,%r25   ;offset 0x934
-        AND     %r25,%r19,%r26  ;offset 0x938
-        CMPB,*<>,N      %r0,%r26,$00060046      ;offset 0x93c
-        DEPD,Z  %r25,31,32,%r20 ;offset 0x940
-        OR      %r20,%r24,%r21  ;offset 0x944
-        CMPB,*<<,N      %r21,%r23,$0006002A     ;offset 0x948
-        SUB     %r31,%r2,%r31   ;offset 0x94c
-$00060046
-$0006002E
-        DEPD,Z  %r23,31,32,%r25 ;offset 0x950
-        EXTRD,U %r23,31,32,%r26 ;offset 0x954
-        AND     %r25,%r19,%r24  ;offset 0x958
-        ADD,L   %r31,%r26,%r31  ;offset 0x95c
-        CMPCLR,*>>=     %r5,%r24,%r0    ;offset 0x960
-        LDO     1(%r31),%r31    ;offset 0x964
-$00060032
-        CMPB,*<<=,N     %r31,%r4,$00060036      ;offset 0x968
-        LDO     -1(%r29),%r29   ;offset 0x96c
-        ADD,L   %r4,%r3,%r4     ;offset 0x970
-$00060036
-        ADDIB,=,N       -1,%r8,$D0      ;offset 0x974
-        SUB     %r5,%r24,%r28   ;offset 0x978
-$0006003A
-        SUB     %r4,%r31,%r24   ;offset 0x97c
-        SHRPD   %r24,%r28,32,%r4        ;offset 0x980
-        DEPD,Z  %r29,31,32,%r9  ;offset 0x984
-        DEPD,Z  %r28,31,32,%r5  ;offset 0x988
-$0006001C
-        EXTRD,U %r4,31,32,%r31  ;offset 0x98c
-        CMPB,*<>,N      %r31,%r2,$00060020      ;offset 0x990
-        MOVB,TR %r6,%r29,$D1    ;offset 0x994
-        STD     %r29,-152(%r30) ;offset 0x998
-$0006000C
-        EXTRD,U %r3,31,32,%r25  ;offset 0x99c
-        COPY    %r3,%r26        ;offset 0x9a0
-        EXTRD,U %r3,31,32,%r9   ;offset 0x9a4
-        EXTRD,U %r4,31,32,%r8   ;offset 0x9a8
-        .CALL   ARGW0=GR,ARGW1=GR,RTNVAL=GR     ;in=25,26;out=28;
-        B,L     BN_num_bits_word,%r2    ;offset 0x9ac
-        EXTRD,U %r5,31,32,%r7   ;offset 0x9b0
-        LDI     64,%r20 ;offset 0x9b4
-        DEPD    %r7,31,32,%r5   ;offset 0x9b8
-        DEPD    %r8,31,32,%r4   ;offset 0x9bc
-        DEPD    %r9,31,32,%r3   ;offset 0x9c0
-        CMPB,=  %r28,%r20,$00060012     ;offset 0x9c4
-        COPY    %r28,%r24       ;offset 0x9c8
-        MTSARCM %r24    ;offset 0x9cc
-        DEPDI,Z -1,%sar,1,%r19  ;offset 0x9d0
-        CMPB,*>>,N      %r4,%r19,$D2    ;offset 0x9d4
-$00060012
-        SUBI    64,%r24,%r31    ;offset 0x9d8
-        CMPCLR,*<<      %r4,%r3,%r0     ;offset 0x9dc
-        SUB     %r4,%r3,%r4     ;offset 0x9e0
-$00060016
-        CMPB,=  %r31,%r0,$0006001A      ;offset 0x9e4
-        COPY    %r0,%r9 ;offset 0x9e8
-        MTSARCM %r31    ;offset 0x9ec
-        DEPD,Z  %r3,%sar,64,%r3 ;offset 0x9f0
-        SUBI    64,%r31,%r26    ;offset 0x9f4
-        MTSAR   %r26    ;offset 0x9f8
-        SHRPD   %r4,%r5,%sar,%r4        ;offset 0x9fc
-        MTSARCM %r31    ;offset 0xa00
-        DEPD,Z  %r5,%sar,64,%r5 ;offset 0xa04
-$0006001A
-        DEPDI,Z -1,31,32,%r19   ;offset 0xa08
-        AND     %r3,%r19,%r29   ;offset 0xa0c
-        EXTRD,U %r29,31,32,%r2  ;offset 0xa10
-        DEPDI,Z -1,63,32,%r6    ;offset 0xa14
-        MOVIB,TR        2,%r8,$0006001C ;offset 0xa18
-        EXTRD,U %r3,63,32,%r7   ;offset 0xa1c
-$D2
-        ;--- not PIC	ADDIL   LR'__iob-$global$,%r27,%r1      ;offset 0xa20
-        ;--- not PIC	LDIL    LR'C$7,%r21     ;offset 0xa24
-        ;--- not PIC	LDO     RR'__iob-$global$+32(%r1),%r26  ;offset 0xa28
-        ;--- not PIC	.CALL   ARGW0=GR,ARGW1=GR,ARGW2=GR,RTNVAL=GR    ;in=24,25,26;out=28;
-        ;--- not PIC	B,L     fprintf,%r2     ;offset 0xa2c
-        ;--- not PIC	LDO     RR'C$7(%r21),%r25       ;offset 0xa30
-        .CALL           ;
-        B,L     abort,%r2       ;offset 0xa34
-        NOP             ;offset 0xa38
-        B       $D3     ;offset 0xa3c
-        LDW     -212(%r30),%r2  ;offset 0xa40
-$00060020
-        COPY    %r4,%r26        ;offset 0xa44
-        EXTRD,U %r4,31,32,%r25  ;offset 0xa48
-        COPY    %r2,%r24        ;offset 0xa4c
-        .CALL   ;in=23,24,25,26;out=20,21,22,28,29; (MILLICALL)
-        B,L     $$div2U,%r31    ;offset 0xa50
-        EXTRD,U %r2,31,32,%r23  ;offset 0xa54
-        DEPD    %r28,31,32,%r29 ;offset 0xa58
-$00060022
-        STD     %r29,-152(%r30) ;offset 0xa5c
-$D1
-        AND     %r5,%r19,%r24   ;offset 0xa60
-        EXTRD,U %r24,31,32,%r24 ;offset 0xa64
-        STW     %r2,-160(%r30)  ;offset 0xa68
-        STW     %r7,-128(%r30)  ;offset 0xa6c
-        FLDD    -152(%r30),%fr4 ;offset 0xa70
-        FLDD    -152(%r30),%fr7 ;offset 0xa74
-        FLDW    -160(%r30),%fr8L        ;offset 0xa78
-        FLDW    -128(%r30),%fr5L        ;offset 0xa7c
-        XMPYU   %fr8L,%fr7L,%fr10       ;offset 0xa80
-        FSTD    %fr10,-136(%r30)        ;offset 0xa84
-        XMPYU   %fr8L,%fr7R,%fr22       ;offset 0xa88
-        FSTD    %fr22,-144(%r30)        ;offset 0xa8c
-        XMPYU   %fr5L,%fr4L,%fr11       ;offset 0xa90
-        XMPYU   %fr5L,%fr4R,%fr23       ;offset 0xa94
-        FSTD    %fr11,-112(%r30)        ;offset 0xa98
-        FSTD    %fr23,-120(%r30)        ;offset 0xa9c
-        LDD     -136(%r30),%r28 ;offset 0xaa0
-        DEPD,Z  %r28,31,32,%r31 ;offset 0xaa4
-        LDD     -144(%r30),%r20 ;offset 0xaa8
-        ADD,L   %r20,%r31,%r31  ;offset 0xaac
-        LDD     -112(%r30),%r22 ;offset 0xab0
-        DEPD,Z  %r22,31,32,%r22 ;offset 0xab4
-        LDD     -120(%r30),%r21 ;offset 0xab8
-        B       $00060024       ;offset 0xabc
-        ADD,L   %r21,%r22,%r23  ;offset 0xac0
-$D0
-        OR      %r9,%r29,%r29   ;offset 0xac4
-$00060040
-        EXTRD,U %r29,31,32,%r28 ;offset 0xac8
-$00060002
-$L2
-        LDW     -212(%r30),%r2  ;offset 0xacc
-$D3
-        LDW     -168(%r30),%r9  ;offset 0xad0
-        LDD     -176(%r30),%r8  ;offset 0xad4
-        EXTRD,U %r8,31,32,%r7   ;offset 0xad8
-        LDD     -184(%r30),%r6  ;offset 0xadc
-        EXTRD,U %r6,31,32,%r5   ;offset 0xae0
-        LDW     -188(%r30),%r4  ;offset 0xae4
-        BVE     (%r2)   ;offset 0xae8
-        .EXIT
-        LDW,MB  -192(%r30),%r3  ;offset 0xaec
-	.PROCEND	;in=23,25;out=28,29;fpin=105,107;
-
-
-
-
-;----------------------------------------------------------------------------
-;
-; Registers to hold 64-bit values to manipulate.  The "L" part
-; of the register corresponds to the upper 32-bits, while the "R"
-; part corresponds to the lower 32-bits
-; 
-; Note, that when using b6 and b7, the code must save these before
-; using them because they are callee save registers 
-; 
-;
-; Floating point registers to use to save values that
-; are manipulated.  These don't collide with ftemp1-6 and
-; are all caller save registers
-;
-a0        .reg %fr22
-a0L       .reg %fr22L
-a0R       .reg %fr22R
-
-a1        .reg %fr23
-a1L       .reg %fr23L
-a1R       .reg %fr23R
-
-a2        .reg %fr24
-a2L       .reg %fr24L
-a2R       .reg %fr24R
-
-a3        .reg %fr25
-a3L       .reg %fr25L
-a3R       .reg %fr25R
-
-a4        .reg %fr26
-a4L       .reg %fr26L
-a4R       .reg %fr26R
-
-a5        .reg %fr27
-a5L       .reg %fr27L
-a5R       .reg %fr27R
-
-a6        .reg %fr28
-a6L       .reg %fr28L
-a6R       .reg %fr28R
-
-a7        .reg %fr29
-a7L       .reg %fr29L
-a7R       .reg %fr29R
-
-b0        .reg %fr30
-b0L       .reg %fr30L
-b0R       .reg %fr30R
-
-b1        .reg %fr31
-b1L       .reg %fr31L
-b1R       .reg %fr31R
-
-;
-; Temporary floating point variables, these are all caller save
-; registers
-;
-ftemp1    .reg %fr4
-ftemp2    .reg %fr5
-ftemp3    .reg %fr6
-ftemp4    .reg %fr7
-
-;
-; The B set of registers when used.
-;
-
-b2        .reg %fr8
-b2L       .reg %fr8L
-b2R       .reg %fr8R
-
-b3        .reg %fr9
-b3L       .reg %fr9L
-b3R       .reg %fr9R
-
-b4        .reg %fr10
-b4L       .reg %fr10L
-b4R       .reg %fr10R
-
-b5        .reg %fr11
-b5L       .reg %fr11L
-b5R       .reg %fr11R
-
-b6        .reg %fr12
-b6L       .reg %fr12L
-b6R       .reg %fr12R
-
-b7        .reg %fr13
-b7L       .reg %fr13L
-b7R       .reg %fr13R
-
-c1           .reg %r21   ; only reg
-temp1        .reg %r20   ; only reg
-temp2        .reg %r19   ; only reg
-temp3        .reg %r31   ; only reg
-
-m1           .reg %r28   
-c2           .reg %r23   
-high_one     .reg %r1
-ht           .reg %r6
-lt           .reg %r5
-m            .reg %r4
-c3           .reg %r3
-
-SQR_ADD_C  .macro  A0L,A0R,C1,C2,C3
-    XMPYU   A0L,A0R,ftemp1       ; m
-    FSTD    ftemp1,-24(%sp)      ; store m
-
-    XMPYU   A0R,A0R,ftemp2       ; lt
-    FSTD    ftemp2,-16(%sp)      ; store lt
-
-    XMPYU   A0L,A0L,ftemp3       ; ht
-    FSTD    ftemp3,-8(%sp)       ; store ht
-
-    LDD     -24(%sp),m           ; load m
-    AND     m,high_mask,temp2    ; m & Mask
-    DEPD,Z  m,30,31,temp3        ; m << 32+1
-    LDD     -16(%sp),lt          ; lt
-
-    LDD     -8(%sp),ht           ; ht
-    EXTRD,U temp2,32,33,temp1    ; temp1 = m&Mask >> 32-1
-    ADD     temp3,lt,lt          ; lt = lt+m
-    ADD,L   ht,temp1,ht          ; ht += temp1
-    ADD,DC  ht,%r0,ht            ; ht++
-
-    ADD     C1,lt,C1             ; c1=c1+lt
-    ADD,DC  ht,%r0,ht            ; ht++
-
-    ADD     C2,ht,C2             ; c2=c2+ht
-    ADD,DC  C3,%r0,C3            ; c3++
-.endm
-
-SQR_ADD_C2 .macro  A0L,A0R,A1L,A1R,C1,C2,C3
-    XMPYU   A0L,A1R,ftemp1          ; m1 = bl*ht
-    FSTD    ftemp1,-16(%sp)         ;
-    XMPYU   A0R,A1L,ftemp2          ; m = bh*lt
-    FSTD    ftemp2,-8(%sp)          ;
-    XMPYU   A0R,A1R,ftemp3          ; lt = bl*lt
-    FSTD    ftemp3,-32(%sp)
-    XMPYU   A0L,A1L,ftemp4          ; ht = bh*ht
-    FSTD    ftemp4,-24(%sp)         ;
-
-    LDD     -8(%sp),m               ; r21 = m
-    LDD     -16(%sp),m1             ; r19 = m1
-    ADD,L   m,m1,m                  ; m+m1
-
-    DEPD,Z  m,31,32,temp3           ; (m+m1<<32)
-    LDD     -24(%sp),ht             ; r24 = ht
-
-    CMPCLR,*>>= m,m1,%r0            ; if (m < m1)
-    ADD,L   ht,high_one,ht          ; ht+=high_one
-
-    EXTRD,U m,31,32,temp1           ; m >> 32
-    LDD     -32(%sp),lt             ; lt
-    ADD,L   ht,temp1,ht             ; ht+= m>>32
-    ADD     lt,temp3,lt             ; lt = lt+m1
-    ADD,DC  ht,%r0,ht               ; ht++
-
-    ADD     ht,ht,ht                ; ht=ht+ht;
-    ADD,DC  C3,%r0,C3               ; add in carry (c3++)
-
-    ADD     lt,lt,lt                ; lt=lt+lt;
-    ADD,DC  ht,%r0,ht               ; add in carry (ht++)
-
-    ADD     C1,lt,C1                ; c1=c1+lt
-    ADD,DC,*NUV ht,%r0,ht           ; add in carry (ht++)
-    LDO     1(C3),C3              ; bump c3 if overflow,nullify otherwise
-
-    ADD     C2,ht,C2                ; c2 = c2 + ht
-    ADD,DC  C3,%r0,C3             ; add in carry (c3++)
-.endm
-
-;
-;void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
-; arg0 = r_ptr
-; arg1 = a_ptr
-;
-
-bn_sqr_comba8
-	.PROC
-	.CALLINFO FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
-	.EXPORT	bn_sqr_comba8,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-    .ENTRY
-	.align 64
-
-    STD     %r3,0(%sp)          ; save r3
-    STD     %r4,8(%sp)          ; save r4
-    STD     %r5,16(%sp)         ; save r5
-    STD     %r6,24(%sp)         ; save r6
-
-	;
-	; Zero out carries
-	;
-	COPY     %r0,c1
-	COPY     %r0,c2
-	COPY     %r0,c3
-
-	LDO      128(%sp),%sp       ; bump stack
-    DEPDI,Z -1,32,33,high_mask   ; Create Mask 0xffffffff80000000L
-    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
-
-	;
-	; Load up all of the values we are going to use
-	;
-    FLDD     0(a_ptr),a0       
-    FLDD     8(a_ptr),a1       
-    FLDD    16(a_ptr),a2       
-    FLDD    24(a_ptr),a3       
-    FLDD    32(a_ptr),a4       
-    FLDD    40(a_ptr),a5       
-    FLDD    48(a_ptr),a6       
-    FLDD    56(a_ptr),a7       
-
-	SQR_ADD_C a0L,a0R,c1,c2,c3
-	STD     c1,0(r_ptr)          ; r[0] = c1;
-	COPY    %r0,c1
-
-	SQR_ADD_C2 a1L,a1R,a0L,a0R,c2,c3,c1
-	STD     c2,8(r_ptr)          ; r[1] = c2;
-	COPY    %r0,c2
-
-	SQR_ADD_C a1L,a1R,c3,c1,c2
-	SQR_ADD_C2 a2L,a2R,a0L,a0R,c3,c1,c2
-	STD     c3,16(r_ptr)            ; r[2] = c3;
-	COPY    %r0,c3
-
-	SQR_ADD_C2 a3L,a3R,a0L,a0R,c1,c2,c3
-	SQR_ADD_C2 a2L,a2R,a1L,a1R,c1,c2,c3
-	STD     c1,24(r_ptr)           ; r[3] = c1;
-	COPY    %r0,c1
-
-	SQR_ADD_C a2L,a2R,c2,c3,c1
-	SQR_ADD_C2 a3L,a3R,a1L,a1R,c2,c3,c1
-	SQR_ADD_C2 a4L,a4R,a0L,a0R,c2,c3,c1
-	STD     c2,32(r_ptr)          ; r[4] = c2;
-	COPY    %r0,c2
-
-	SQR_ADD_C2 a5L,a5R,a0L,a0R,c3,c1,c2
-	SQR_ADD_C2 a4L,a4R,a1L,a1R,c3,c1,c2
-	SQR_ADD_C2 a3L,a3R,a2L,a2R,c3,c1,c2
-	STD     c3,40(r_ptr)          ; r[5] = c3;
-	COPY    %r0,c3
-
-	SQR_ADD_C a3L,a3R,c1,c2,c3
-	SQR_ADD_C2 a4L,a4R,a2L,a2R,c1,c2,c3
-	SQR_ADD_C2 a5L,a5R,a1L,a1R,c1,c2,c3
-	SQR_ADD_C2 a6L,a6R,a0L,a0R,c1,c2,c3
-	STD     c1,48(r_ptr)          ; r[6] = c1;
-	COPY    %r0,c1
-
-	SQR_ADD_C2 a7L,a7R,a0L,a0R,c2,c3,c1
-	SQR_ADD_C2 a6L,a6R,a1L,a1R,c2,c3,c1
-	SQR_ADD_C2 a5L,a5R,a2L,a2R,c2,c3,c1
-	SQR_ADD_C2 a4L,a4R,a3L,a3R,c2,c3,c1
-	STD     c2,56(r_ptr)          ; r[7] = c2;
-	COPY    %r0,c2
-
-	SQR_ADD_C a4L,a4R,c3,c1,c2
-	SQR_ADD_C2 a5L,a5R,a3L,a3R,c3,c1,c2
-	SQR_ADD_C2 a6L,a6R,a2L,a2R,c3,c1,c2
-	SQR_ADD_C2 a7L,a7R,a1L,a1R,c3,c1,c2
-	STD     c3,64(r_ptr)          ; r[8] = c3;
-	COPY    %r0,c3
-
-	SQR_ADD_C2 a7L,a7R,a2L,a2R,c1,c2,c3
-	SQR_ADD_C2 a6L,a6R,a3L,a3R,c1,c2,c3
-	SQR_ADD_C2 a5L,a5R,a4L,a4R,c1,c2,c3
-	STD     c1,72(r_ptr)          ; r[9] = c1;
-	COPY    %r0,c1
-
-	SQR_ADD_C a5L,a5R,c2,c3,c1
-	SQR_ADD_C2 a6L,a6R,a4L,a4R,c2,c3,c1
-	SQR_ADD_C2 a7L,a7R,a3L,a3R,c2,c3,c1
-	STD     c2,80(r_ptr)          ; r[10] = c2;
-	COPY    %r0,c2
-
-	SQR_ADD_C2 a7L,a7R,a4L,a4R,c3,c1,c2
-	SQR_ADD_C2 a6L,a6R,a5L,a5R,c3,c1,c2
-	STD     c3,88(r_ptr)          ; r[11] = c3;
-	COPY    %r0,c3
-	
-	SQR_ADD_C a6L,a6R,c1,c2,c3
-	SQR_ADD_C2 a7L,a7R,a5L,a5R,c1,c2,c3
-	STD     c1,96(r_ptr)          ; r[12] = c1;
-	COPY    %r0,c1
-
-	SQR_ADD_C2 a7L,a7R,a6L,a6R,c2,c3,c1
-	STD     c2,104(r_ptr)         ; r[13] = c2;
-	COPY    %r0,c2
-
-	SQR_ADD_C a7L,a7R,c3,c1,c2
-	STD     c3, 112(r_ptr)       ; r[14] = c3
-	STD     c1, 120(r_ptr)       ; r[15] = c1
-
-    .EXIT
-    LDD     -104(%sp),%r6        ; restore r6
-    LDD     -112(%sp),%r5        ; restore r5
-    LDD     -120(%sp),%r4        ; restore r4
-    BVE     (%rp)
-    LDD,MB  -128(%sp),%r3
-
-	.PROCEND	
-
-;-----------------------------------------------------------------------------
-;
-;void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
-; arg0 = r_ptr
-; arg1 = a_ptr
-;
-
-bn_sqr_comba4
-	.proc
-	.callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
-	.EXPORT	bn_sqr_comba4,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-    .entry
-	.align 64
-    STD     %r3,0(%sp)          ; save r3
-    STD     %r4,8(%sp)          ; save r4
-    STD     %r5,16(%sp)         ; save r5
-    STD     %r6,24(%sp)         ; save r6
-
-	;
-	; Zero out carries
-	;
-	COPY     %r0,c1
-	COPY     %r0,c2
-	COPY     %r0,c3
-
-	LDO      128(%sp),%sp       ; bump stack
-    DEPDI,Z -1,32,33,high_mask   ; Create Mask 0xffffffff80000000L
-    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
-
-	;
-	; Load up all of the values we are going to use
-	;
-    FLDD     0(a_ptr),a0       
-    FLDD     8(a_ptr),a1       
-    FLDD    16(a_ptr),a2       
-    FLDD    24(a_ptr),a3       
-    FLDD    32(a_ptr),a4       
-    FLDD    40(a_ptr),a5       
-    FLDD    48(a_ptr),a6       
-    FLDD    56(a_ptr),a7       
-
-	SQR_ADD_C a0L,a0R,c1,c2,c3
-
-	STD     c1,0(r_ptr)          ; r[0] = c1;
-	COPY    %r0,c1
-
-	SQR_ADD_C2 a1L,a1R,a0L,a0R,c2,c3,c1
-
-	STD     c2,8(r_ptr)          ; r[1] = c2;
-	COPY    %r0,c2
-
-	SQR_ADD_C a1L,a1R,c3,c1,c2
-	SQR_ADD_C2 a2L,a2R,a0L,a0R,c3,c1,c2
-
-	STD     c3,16(r_ptr)            ; r[2] = c3;
-	COPY    %r0,c3
-
-	SQR_ADD_C2 a3L,a3R,a0L,a0R,c1,c2,c3
-	SQR_ADD_C2 a2L,a2R,a1L,a1R,c1,c2,c3
-
-	STD     c1,24(r_ptr)           ; r[3] = c1;
-	COPY    %r0,c1
-
-	SQR_ADD_C a2L,a2R,c2,c3,c1
-	SQR_ADD_C2 a3L,a3R,a1L,a1R,c2,c3,c1
-
-	STD     c2,32(r_ptr)           ; r[4] = c2;
-	COPY    %r0,c2
-
-	SQR_ADD_C2 a3L,a3R,a2L,a2R,c3,c1,c2
-	STD     c3,40(r_ptr)           ; r[5] = c3;
-	COPY    %r0,c3
-
-	SQR_ADD_C a3L,a3R,c1,c2,c3
-	STD     c1,48(r_ptr)           ; r[6] = c1;
-	STD     c2,56(r_ptr)           ; r[7] = c2;
-
-    .EXIT
-    LDD     -104(%sp),%r6        ; restore r6
-    LDD     -112(%sp),%r5        ; restore r5
-    LDD     -120(%sp),%r4        ; restore r4
-    BVE     (%rp)
-    LDD,MB  -128(%sp),%r3
-
-	.PROCEND	
-
-
-;---------------------------------------------------------------------------
-
-MUL_ADD_C  .macro  A0L,A0R,B0L,B0R,C1,C2,C3
-    XMPYU   A0L,B0R,ftemp1        ; m1 = bl*ht
-    FSTD    ftemp1,-16(%sp)       ;
-    XMPYU   A0R,B0L,ftemp2        ; m = bh*lt
-    FSTD    ftemp2,-8(%sp)        ;
-    XMPYU   A0R,B0R,ftemp3        ; lt = bl*lt
-    FSTD    ftemp3,-32(%sp)
-    XMPYU   A0L,B0L,ftemp4        ; ht = bh*ht
-    FSTD    ftemp4,-24(%sp)       ;
-
-    LDD     -8(%sp),m             ; r21 = m
-    LDD     -16(%sp),m1           ; r19 = m1
-    ADD,L   m,m1,m                ; m+m1
-
-    DEPD,Z  m,31,32,temp3         ; (m+m1<<32)
-    LDD     -24(%sp),ht           ; r24 = ht
-
-    CMPCLR,*>>= m,m1,%r0          ; if (m < m1)
-    ADD,L   ht,high_one,ht        ; ht+=high_one
-
-    EXTRD,U m,31,32,temp1         ; m >> 32
-    LDD     -32(%sp),lt           ; lt
-    ADD,L   ht,temp1,ht           ; ht+= m>>32
-    ADD     lt,temp3,lt           ; lt = lt+m1
-    ADD,DC  ht,%r0,ht             ; ht++
-
-    ADD     C1,lt,C1              ; c1=c1+lt
-    ADD,DC  ht,%r0,ht             ; bump c3 if overflow,nullify otherwise
-
-    ADD     C2,ht,C2              ; c2 = c2 + ht
-    ADD,DC  C3,%r0,C3             ; add in carry (c3++)
-.endm
-
-
-;
-;void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
-; arg0 = r_ptr
-; arg1 = a_ptr
-; arg2 = b_ptr
-;
-
-bn_mul_comba8
-	.proc
-	.callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
-	.EXPORT	bn_mul_comba8,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-    .entry
-	.align 64
-
-    STD     %r3,0(%sp)          ; save r3
-    STD     %r4,8(%sp)          ; save r4
-    STD     %r5,16(%sp)         ; save r5
-    STD     %r6,24(%sp)         ; save r6
-    FSTD    %fr12,32(%sp)       ; save r6
-    FSTD    %fr13,40(%sp)       ; save r7
-
-	;
-	; Zero out carries
-	;
-	COPY     %r0,c1
-	COPY     %r0,c2
-	COPY     %r0,c3
-
-	LDO      128(%sp),%sp       ; bump stack
-    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
-
-	;
-	; Load up all of the values we are going to use
-	;
-    FLDD      0(a_ptr),a0       
-    FLDD      8(a_ptr),a1       
-    FLDD     16(a_ptr),a2       
-    FLDD     24(a_ptr),a3       
-    FLDD     32(a_ptr),a4       
-    FLDD     40(a_ptr),a5       
-    FLDD     48(a_ptr),a6       
-    FLDD     56(a_ptr),a7       
-
-    FLDD      0(b_ptr),b0       
-    FLDD      8(b_ptr),b1       
-    FLDD     16(b_ptr),b2       
-    FLDD     24(b_ptr),b3       
-    FLDD     32(b_ptr),b4       
-    FLDD     40(b_ptr),b5       
-    FLDD     48(b_ptr),b6       
-    FLDD     56(b_ptr),b7       
-
-	MUL_ADD_C a0L,a0R,b0L,b0R,c1,c2,c3
-	STD       c1,0(r_ptr)
-	COPY      %r0,c1
-
-	MUL_ADD_C a0L,a0R,b1L,b1R,c2,c3,c1
-	MUL_ADD_C a1L,a1R,b0L,b0R,c2,c3,c1
-	STD       c2,8(r_ptr)
-	COPY      %r0,c2
-
-	MUL_ADD_C a2L,a2R,b0L,b0R,c3,c1,c2
-	MUL_ADD_C a1L,a1R,b1L,b1R,c3,c1,c2
-	MUL_ADD_C a0L,a0R,b2L,b2R,c3,c1,c2
-	STD       c3,16(r_ptr)
-	COPY      %r0,c3
-
-	MUL_ADD_C a0L,a0R,b3L,b3R,c1,c2,c3
-	MUL_ADD_C a1L,a1R,b2L,b2R,c1,c2,c3
-	MUL_ADD_C a2L,a2R,b1L,b1R,c1,c2,c3
-	MUL_ADD_C a3L,a3R,b0L,b0R,c1,c2,c3
-	STD       c1,24(r_ptr)
-	COPY      %r0,c1
-
-	MUL_ADD_C a4L,a4R,b0L,b0R,c2,c3,c1
-	MUL_ADD_C a3L,a3R,b1L,b1R,c2,c3,c1
-	MUL_ADD_C a2L,a2R,b2L,b2R,c2,c3,c1
-	MUL_ADD_C a1L,a1R,b3L,b3R,c2,c3,c1
-	MUL_ADD_C a0L,a0R,b4L,b4R,c2,c3,c1
-	STD       c2,32(r_ptr)
-	COPY      %r0,c2
-
-	MUL_ADD_C a0L,a0R,b5L,b5R,c3,c1,c2
-	MUL_ADD_C a1L,a1R,b4L,b4R,c3,c1,c2
-	MUL_ADD_C a2L,a2R,b3L,b3R,c3,c1,c2
-	MUL_ADD_C a3L,a3R,b2L,b2R,c3,c1,c2
-	MUL_ADD_C a4L,a4R,b1L,b1R,c3,c1,c2
-	MUL_ADD_C a5L,a5R,b0L,b0R,c3,c1,c2
-	STD       c3,40(r_ptr)
-	COPY      %r0,c3
-
-	MUL_ADD_C a6L,a6R,b0L,b0R,c1,c2,c3
-	MUL_ADD_C a5L,a5R,b1L,b1R,c1,c2,c3
-	MUL_ADD_C a4L,a4R,b2L,b2R,c1,c2,c3
-	MUL_ADD_C a3L,a3R,b3L,b3R,c1,c2,c3
-	MUL_ADD_C a2L,a2R,b4L,b4R,c1,c2,c3
-	MUL_ADD_C a1L,a1R,b5L,b5R,c1,c2,c3
-	MUL_ADD_C a0L,a0R,b6L,b6R,c1,c2,c3
-	STD       c1,48(r_ptr)
-	COPY      %r0,c1
-	
-	MUL_ADD_C a0L,a0R,b7L,b7R,c2,c3,c1
-	MUL_ADD_C a1L,a1R,b6L,b6R,c2,c3,c1
-	MUL_ADD_C a2L,a2R,b5L,b5R,c2,c3,c1
-	MUL_ADD_C a3L,a3R,b4L,b4R,c2,c3,c1
-	MUL_ADD_C a4L,a4R,b3L,b3R,c2,c3,c1
-	MUL_ADD_C a5L,a5R,b2L,b2R,c2,c3,c1
-	MUL_ADD_C a6L,a6R,b1L,b1R,c2,c3,c1
-	MUL_ADD_C a7L,a7R,b0L,b0R,c2,c3,c1
-	STD       c2,56(r_ptr)
-	COPY      %r0,c2
-
-	MUL_ADD_C a7L,a7R,b1L,b1R,c3,c1,c2
-	MUL_ADD_C a6L,a6R,b2L,b2R,c3,c1,c2
-	MUL_ADD_C a5L,a5R,b3L,b3R,c3,c1,c2
-	MUL_ADD_C a4L,a4R,b4L,b4R,c3,c1,c2
-	MUL_ADD_C a3L,a3R,b5L,b5R,c3,c1,c2
-	MUL_ADD_C a2L,a2R,b6L,b6R,c3,c1,c2
-	MUL_ADD_C a1L,a1R,b7L,b7R,c3,c1,c2
-	STD       c3,64(r_ptr)
-	COPY      %r0,c3
-
-	MUL_ADD_C a2L,a2R,b7L,b7R,c1,c2,c3
-	MUL_ADD_C a3L,a3R,b6L,b6R,c1,c2,c3
-	MUL_ADD_C a4L,a4R,b5L,b5R,c1,c2,c3
-	MUL_ADD_C a5L,a5R,b4L,b4R,c1,c2,c3
-	MUL_ADD_C a6L,a6R,b3L,b3R,c1,c2,c3
-	MUL_ADD_C a7L,a7R,b2L,b2R,c1,c2,c3
-	STD       c1,72(r_ptr)
-	COPY      %r0,c1
-
-	MUL_ADD_C a7L,a7R,b3L,b3R,c2,c3,c1
-	MUL_ADD_C a6L,a6R,b4L,b4R,c2,c3,c1
-	MUL_ADD_C a5L,a5R,b5L,b5R,c2,c3,c1
-	MUL_ADD_C a4L,a4R,b6L,b6R,c2,c3,c1
-	MUL_ADD_C a3L,a3R,b7L,b7R,c2,c3,c1
-	STD       c2,80(r_ptr)
-	COPY      %r0,c2
-
-	MUL_ADD_C a4L,a4R,b7L,b7R,c3,c1,c2
-	MUL_ADD_C a5L,a5R,b6L,b6R,c3,c1,c2
-	MUL_ADD_C a6L,a6R,b5L,b5R,c3,c1,c2
-	MUL_ADD_C a7L,a7R,b4L,b4R,c3,c1,c2
-	STD       c3,88(r_ptr)
-	COPY      %r0,c3
-
-	MUL_ADD_C a7L,a7R,b5L,b5R,c1,c2,c3
-	MUL_ADD_C a6L,a6R,b6L,b6R,c1,c2,c3
-	MUL_ADD_C a5L,a5R,b7L,b7R,c1,c2,c3
-	STD       c1,96(r_ptr)
-	COPY      %r0,c1
-
-	MUL_ADD_C a6L,a6R,b7L,b7R,c2,c3,c1
-	MUL_ADD_C a7L,a7R,b6L,b6R,c2,c3,c1
-	STD       c2,104(r_ptr)
-	COPY      %r0,c2
-
-	MUL_ADD_C a7L,a7R,b7L,b7R,c3,c1,c2
-	STD       c3,112(r_ptr)
-	STD       c1,120(r_ptr)
-
-    .EXIT
-    FLDD    -88(%sp),%fr13 
-    FLDD    -96(%sp),%fr12 
-    LDD     -104(%sp),%r6        ; restore r6
-    LDD     -112(%sp),%r5        ; restore r5
-    LDD     -120(%sp),%r4        ; restore r4
-    BVE     (%rp)
-    LDD,MB  -128(%sp),%r3
-
-	.PROCEND	
-
-;-----------------------------------------------------------------------------
-;
-;void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
-; arg0 = r_ptr
-; arg1 = a_ptr
-; arg2 = b_ptr
-;
-
-bn_mul_comba4
-	.proc
-	.callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
-	.EXPORT	bn_mul_comba4,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-    .entry
-	.align 64
-
-    STD     %r3,0(%sp)          ; save r3
-    STD     %r4,8(%sp)          ; save r4
-    STD     %r5,16(%sp)         ; save r5
-    STD     %r6,24(%sp)         ; save r6
-    FSTD    %fr12,32(%sp)       ; save r6
-    FSTD    %fr13,40(%sp)       ; save r7
-
-	;
-	; Zero out carries
-	;
-	COPY     %r0,c1
-	COPY     %r0,c2
-	COPY     %r0,c3
-
-	LDO      128(%sp),%sp       ; bump stack
-    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
-
-	;
-	; Load up all of the values we are going to use
-	;
-    FLDD      0(a_ptr),a0       
-    FLDD      8(a_ptr),a1       
-    FLDD     16(a_ptr),a2       
-    FLDD     24(a_ptr),a3       
-
-    FLDD      0(b_ptr),b0       
-    FLDD      8(b_ptr),b1       
-    FLDD     16(b_ptr),b2       
-    FLDD     24(b_ptr),b3       
-
-	MUL_ADD_C a0L,a0R,b0L,b0R,c1,c2,c3
-	STD       c1,0(r_ptr)
-	COPY      %r0,c1
-
-	MUL_ADD_C a0L,a0R,b1L,b1R,c2,c3,c1
-	MUL_ADD_C a1L,a1R,b0L,b0R,c2,c3,c1
-	STD       c2,8(r_ptr)
-	COPY      %r0,c2
-
-	MUL_ADD_C a2L,a2R,b0L,b0R,c3,c1,c2
-	MUL_ADD_C a1L,a1R,b1L,b1R,c3,c1,c2
-	MUL_ADD_C a0L,a0R,b2L,b2R,c3,c1,c2
-	STD       c3,16(r_ptr)
-	COPY      %r0,c3
-
-	MUL_ADD_C a0L,a0R,b3L,b3R,c1,c2,c3
-	MUL_ADD_C a1L,a1R,b2L,b2R,c1,c2,c3
-	MUL_ADD_C a2L,a2R,b1L,b1R,c1,c2,c3
-	MUL_ADD_C a3L,a3R,b0L,b0R,c1,c2,c3
-	STD       c1,24(r_ptr)
-	COPY      %r0,c1
-
-	MUL_ADD_C a3L,a3R,b1L,b1R,c2,c3,c1
-	MUL_ADD_C a2L,a2R,b2L,b2R,c2,c3,c1
-	MUL_ADD_C a1L,a1R,b3L,b3R,c2,c3,c1
-	STD       c2,32(r_ptr)
-	COPY      %r0,c2
-
-	MUL_ADD_C a2L,a2R,b3L,b3R,c3,c1,c2
-	MUL_ADD_C a3L,a3R,b2L,b2R,c3,c1,c2
-	STD       c3,40(r_ptr)
-	COPY      %r0,c3
-
-	MUL_ADD_C a3L,a3R,b3L,b3R,c1,c2,c3
-	STD       c1,48(r_ptr)
-	STD       c2,56(r_ptr)
-
-    .EXIT
-    FLDD    -88(%sp),%fr13 
-    FLDD    -96(%sp),%fr12 
-    LDD     -104(%sp),%r6        ; restore r6
-    LDD     -112(%sp),%r5        ; restore r5
-    LDD     -120(%sp),%r4        ; restore r4
-    BVE     (%rp)
-    LDD,MB  -128(%sp),%r3
-
-	.PROCEND	
-
-
-;--- not PIC	.SPACE	$TEXT$
-;--- not PIC	.SUBSPA	$CODE$
-;--- not PIC	.SPACE	$PRIVATE$,SORT=16
-;--- not PIC	.IMPORT	$global$,DATA
-;--- not PIC	.SPACE	$TEXT$
-;--- not PIC	.SUBSPA	$CODE$
-;--- not PIC	.SUBSPA	$LIT$,ACCESS=0x2c
-;--- not PIC	C$7
-;--- not PIC	.ALIGN	8
-;--- not PIC	.STRINGZ	"Division would overflow (%d)\n"
-	.END
diff --git a/deps/openssl/openssl/crypto/bn/asm/pa-risc2W.s b/deps/openssl/openssl/crypto/bn/asm/pa-risc2W.s
deleted file mode 100644
index 97381172e7..0000000000
--- a/deps/openssl/openssl/crypto/bn/asm/pa-risc2W.s
+++ /dev/null
@@ -1,1612 +0,0 @@
-; Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-;
-; Licensed under the OpenSSL license (the "License").  You may not use
-; this file except in compliance with the License.  You can obtain a copy
-; in the file LICENSE in the source distribution or at
-; https://www.openssl.org/source/license.html
-
-;
-; PA-RISC 64-bit implementation of bn_asm code
-;
-; This code is approximately 2x faster than the C version
-; for RSA/DSA.
-;
-; See http://devresource.hp.com/  for more details on the PA-RISC
-; architecture.  Also see the book "PA-RISC 2.0 Architecture"
-; by Gerry Kane for information on the instruction set architecture.
-;
-; Code written by Chris Ruemmler (with some help from the HP C
-; compiler).
-;
-; The code compiles with HP's assembler
-;
-
-	.level	2.0W
-	.space	$TEXT$
-	.subspa	$CODE$,QUAD=0,ALIGN=8,ACCESS=0x2c,CODE_ONLY
-
-;
-; Global Register definitions used for the routines.
-;
-; Some information about HP's runtime architecture for 64-bits.
-;
-; "Caller save" means the calling function must save the register
-; if it wants the register to be preserved.
-; "Callee save" means if a function uses the register, it must save
-; the value before using it.
-;
-; For the floating point registers 
-;
-;    "caller save" registers: fr4-fr11, fr22-fr31
-;    "callee save" registers: fr12-fr21
-;    "special" registers: fr0-fr3 (status and exception registers)
-;
-; For the integer registers
-;     value zero             :  r0
-;     "caller save" registers: r1,r19-r26
-;     "callee save" registers: r3-r18
-;     return register        :  r2  (rp)
-;     return values          ; r28  (ret0,ret1)
-;     Stack pointer          ; r30  (sp) 
-;     global data pointer    ; r27  (dp)
-;     argument pointer       ; r29  (ap)
-;     millicode return ptr   ; r31  (also a caller save register)
-
-
-;
-; Arguments to the routines
-;
-r_ptr       .reg %r26
-a_ptr       .reg %r25
-b_ptr       .reg %r24
-num         .reg %r24
-w           .reg %r23
-n           .reg %r23
-
-
-;
-; Globals used in some routines
-;
-
-top_overflow .reg %r29
-high_mask    .reg %r22    ; value 0xffffffff80000000L
-
-
-;------------------------------------------------------------------------------
-;
-; bn_mul_add_words
-;
-;BN_ULONG bn_mul_add_words(BN_ULONG *r_ptr, BN_ULONG *a_ptr, 
-;								int num, BN_ULONG w)
-;
-; arg0 = r_ptr
-; arg1 = a_ptr
-; arg2 = num
-; arg3 = w
-;
-; Local register definitions
-;
-
-fm1          .reg %fr22
-fm           .reg %fr23
-ht_temp      .reg %fr24
-ht_temp_1    .reg %fr25
-lt_temp      .reg %fr26
-lt_temp_1    .reg %fr27
-fm1_1        .reg %fr28
-fm_1         .reg %fr29
-
-fw_h         .reg %fr7L
-fw_l         .reg %fr7R
-fw           .reg %fr7
-
-fht_0        .reg %fr8L
-flt_0        .reg %fr8R
-t_float_0    .reg %fr8
-
-fht_1        .reg %fr9L
-flt_1        .reg %fr9R
-t_float_1    .reg %fr9
-
-tmp_0        .reg %r31
-tmp_1        .reg %r21
-m_0          .reg %r20 
-m_1          .reg %r19 
-ht_0         .reg %r1  
-ht_1         .reg %r3
-lt_0         .reg %r4
-lt_1         .reg %r5
-m1_0         .reg %r6 
-m1_1         .reg %r7 
-rp_val       .reg %r8
-rp_val_1     .reg %r9
-
-bn_mul_add_words
-	.export	bn_mul_add_words,entry,NO_RELOCATION,LONG_RETURN
-	.proc
-	.callinfo frame=128
-    .entry
-	.align 64
-
-    STD     %r3,0(%sp)          ; save r3  
-    STD     %r4,8(%sp)          ; save r4  
-	NOP                         ; Needed to make the loop 16-byte aligned
-	NOP                         ; Needed to make the loop 16-byte aligned
-
-    STD     %r5,16(%sp)         ; save r5  
-    STD     %r6,24(%sp)         ; save r6  
-    STD     %r7,32(%sp)         ; save r7  
-    STD     %r8,40(%sp)         ; save r8  
-
-    STD     %r9,48(%sp)         ; save r9  
-    COPY    %r0,%ret0           ; return 0 by default
-    DEPDI,Z 1,31,1,top_overflow ; top_overflow = 1 << 32    
-	STD     w,56(%sp)           ; store w on stack
-
-    CMPIB,>= 0,num,bn_mul_add_words_exit  ; if (num <= 0) then exit
-	LDO     128(%sp),%sp       ; bump stack
-
-	;
-	; The loop is unrolled twice, so if there is only 1 number
-    ; then go straight to the cleanup code.
-	;
-	CMPIB,= 1,num,bn_mul_add_words_single_top
-	FLDD    -72(%sp),fw     ; load up w into fp register fw (fw_h/fw_l)
-
-	;
-	; This loop is unrolled 2 times (64-byte aligned as well)
-	;
-	; PA-RISC 2.0 chips have two fully pipelined multipliers, thus
-    ; two 32-bit mutiplies can be issued per cycle.
-    ; 
-bn_mul_add_words_unroll2
-
-    FLDD    0(a_ptr),t_float_0       ; load up 64-bit value (fr8L) ht(L)/lt(R)
-    FLDD    8(a_ptr),t_float_1       ; load up 64-bit value (fr8L) ht(L)/lt(R)
-    LDD     0(r_ptr),rp_val          ; rp[0]
-    LDD     8(r_ptr),rp_val_1        ; rp[1]
-
-    XMPYU   fht_0,fw_l,fm1           ; m1[0] = fht_0*fw_l
-    XMPYU   fht_1,fw_l,fm1_1         ; m1[1] = fht_1*fw_l
-    FSTD    fm1,-16(%sp)             ; -16(sp) = m1[0]
-    FSTD    fm1_1,-48(%sp)           ; -48(sp) = m1[1]
-
-    XMPYU   flt_0,fw_h,fm            ; m[0] = flt_0*fw_h
-    XMPYU   flt_1,fw_h,fm_1          ; m[1] = flt_1*fw_h
-    FSTD    fm,-8(%sp)               ; -8(sp) = m[0]
-    FSTD    fm_1,-40(%sp)            ; -40(sp) = m[1]
-
-    XMPYU   fht_0,fw_h,ht_temp       ; ht_temp   = fht_0*fw_h
-    XMPYU   fht_1,fw_h,ht_temp_1     ; ht_temp_1 = fht_1*fw_h
-    FSTD    ht_temp,-24(%sp)         ; -24(sp)   = ht_temp
-    FSTD    ht_temp_1,-56(%sp)       ; -56(sp)   = ht_temp_1
-
-    XMPYU   flt_0,fw_l,lt_temp       ; lt_temp = lt*fw_l
-    XMPYU   flt_1,fw_l,lt_temp_1     ; lt_temp = lt*fw_l
-    FSTD    lt_temp,-32(%sp)         ; -32(sp) = lt_temp 
-    FSTD    lt_temp_1,-64(%sp)       ; -64(sp) = lt_temp_1 
-
-    LDD     -8(%sp),m_0              ; m[0] 
-    LDD     -40(%sp),m_1             ; m[1]
-    LDD     -16(%sp),m1_0            ; m1[0]
-    LDD     -48(%sp),m1_1            ; m1[1]
-
-    LDD     -24(%sp),ht_0            ; ht[0]
-    LDD     -56(%sp),ht_1            ; ht[1]
-    ADD,L   m1_0,m_0,tmp_0           ; tmp_0 = m[0] + m1[0]; 
-    ADD,L   m1_1,m_1,tmp_1           ; tmp_1 = m[1] + m1[1]; 
-
-    LDD     -32(%sp),lt_0            
-    LDD     -64(%sp),lt_1            
-    CMPCLR,*>>= tmp_0,m1_0, %r0      ; if (m[0] < m1[0])
-    ADD,L   ht_0,top_overflow,ht_0   ; ht[0] += (1<<32)
-
-    CMPCLR,*>>= tmp_1,m1_1,%r0       ; if (m[1] < m1[1])
-    ADD,L   ht_1,top_overflow,ht_1   ; ht[1] += (1<<32)
-    EXTRD,U tmp_0,31,32,m_0          ; m[0]>>32  
-    DEPD,Z  tmp_0,31,32,m1_0         ; m1[0] = m[0]<<32 
-
-    EXTRD,U tmp_1,31,32,m_1          ; m[1]>>32  
-    DEPD,Z  tmp_1,31,32,m1_1         ; m1[1] = m[1]<<32 
-    ADD,L   ht_0,m_0,ht_0            ; ht[0]+= (m[0]>>32)
-    ADD,L   ht_1,m_1,ht_1            ; ht[1]+= (m[1]>>32)
-
-    ADD     lt_0,m1_0,lt_0           ; lt[0] = lt[0]+m1[0];
-	ADD,DC  ht_0,%r0,ht_0            ; ht[0]++
-    ADD     lt_1,m1_1,lt_1           ; lt[1] = lt[1]+m1[1];
-    ADD,DC  ht_1,%r0,ht_1            ; ht[1]++
-
-    ADD    %ret0,lt_0,lt_0           ; lt[0] = lt[0] + c;
-	ADD,DC  ht_0,%r0,ht_0            ; ht[0]++
-    ADD     lt_0,rp_val,lt_0         ; lt[0] = lt[0]+rp[0]
-    ADD,DC  ht_0,%r0,ht_0            ; ht[0]++
-
-	LDO    -2(num),num               ; num = num - 2;
-    ADD     ht_0,lt_1,lt_1           ; lt[1] = lt[1] + ht_0 (c);
-    ADD,DC  ht_1,%r0,ht_1            ; ht[1]++
-    STD     lt_0,0(r_ptr)            ; rp[0] = lt[0]
-
-    ADD     lt_1,rp_val_1,lt_1       ; lt[1] = lt[1]+rp[1]
-    ADD,DC  ht_1,%r0,%ret0           ; ht[1]++
-    LDO     16(a_ptr),a_ptr          ; a_ptr += 2
-
-    STD     lt_1,8(r_ptr)            ; rp[1] = lt[1]
-	CMPIB,<= 2,num,bn_mul_add_words_unroll2 ; go again if more to do
-    LDO     16(r_ptr),r_ptr          ; r_ptr += 2
-
-    CMPIB,=,N 0,num,bn_mul_add_words_exit ; are we done, or cleanup last one
-
-	;
-	; Top of loop aligned on 64-byte boundary
-	;
-bn_mul_add_words_single_top
-    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
-    LDD     0(r_ptr),rp_val           ; rp[0]
-    LDO     8(a_ptr),a_ptr            ; a_ptr++
-    XMPYU   fht_0,fw_l,fm1            ; m1 = ht*fw_l
-    FSTD    fm1,-16(%sp)              ; -16(sp) = m1
-    XMPYU   flt_0,fw_h,fm             ; m = lt*fw_h
-    FSTD    fm,-8(%sp)                ; -8(sp) = m
-    XMPYU   fht_0,fw_h,ht_temp        ; ht_temp = ht*fw_h
-    FSTD    ht_temp,-24(%sp)          ; -24(sp) = ht
-    XMPYU   flt_0,fw_l,lt_temp        ; lt_temp = lt*fw_l
-    FSTD    lt_temp,-32(%sp)          ; -32(sp) = lt 
-
-    LDD     -8(%sp),m_0               
-    LDD    -16(%sp),m1_0              ; m1 = temp1 
-    ADD,L   m_0,m1_0,tmp_0            ; tmp_0 = m + m1; 
-    LDD     -24(%sp),ht_0             
-    LDD     -32(%sp),lt_0             
-
-    CMPCLR,*>>= tmp_0,m1_0,%r0        ; if (m < m1)
-    ADD,L   ht_0,top_overflow,ht_0    ; ht += (1<<32)
-
-    EXTRD,U tmp_0,31,32,m_0           ; m>>32  
-    DEPD,Z  tmp_0,31,32,m1_0          ; m1 = m<<32 
-
-    ADD,L   ht_0,m_0,ht_0             ; ht+= (m>>32)
-    ADD     lt_0,m1_0,tmp_0           ; tmp_0 = lt+m1;
-    ADD,DC  ht_0,%r0,ht_0             ; ht++
-    ADD     %ret0,tmp_0,lt_0          ; lt = lt + c;
-    ADD,DC  ht_0,%r0,ht_0             ; ht++
-    ADD     lt_0,rp_val,lt_0          ; lt = lt+rp[0]
-    ADD,DC  ht_0,%r0,%ret0            ; ht++
-    STD     lt_0,0(r_ptr)             ; rp[0] = lt
-
-bn_mul_add_words_exit
-    .EXIT
-    LDD     -80(%sp),%r9              ; restore r9  
-    LDD     -88(%sp),%r8              ; restore r8  
-    LDD     -96(%sp),%r7              ; restore r7  
-    LDD     -104(%sp),%r6             ; restore r6  
-    LDD     -112(%sp),%r5             ; restore r5  
-    LDD     -120(%sp),%r4             ; restore r4  
-    BVE     (%rp)
-    LDD,MB  -128(%sp),%r3             ; restore r3
-	.PROCEND	;in=23,24,25,26,29;out=28;
-
-;----------------------------------------------------------------------------
-;
-;BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
-;
-; arg0 = rp
-; arg1 = ap
-; arg2 = num
-; arg3 = w
-
-bn_mul_words
-	.proc
-	.callinfo frame=128
-    .entry
-	.EXPORT	bn_mul_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-	.align 64
-
-    STD     %r3,0(%sp)          ; save r3  
-    STD     %r4,8(%sp)          ; save r4  
-    STD     %r5,16(%sp)         ; save r5  
-    STD     %r6,24(%sp)         ; save r6  
-
-    STD     %r7,32(%sp)         ; save r7  
-    COPY    %r0,%ret0           ; return 0 by default
-    DEPDI,Z 1,31,1,top_overflow ; top_overflow = 1 << 32    
-	STD     w,56(%sp)           ; w on stack
-
-    CMPIB,>= 0,num,bn_mul_words_exit
-	LDO     128(%sp),%sp       ; bump stack
-
-	;
-	; See if only 1 word to do, thus just do cleanup
-	;
-	CMPIB,= 1,num,bn_mul_words_single_top
-	FLDD    -72(%sp),fw     ; load up w into fp register fw (fw_h/fw_l)
-
-	;
-	; This loop is unrolled 2 times (64-byte aligned as well)
-	;
-	; PA-RISC 2.0 chips have two fully pipelined multipliers, thus
-    ; two 32-bit mutiplies can be issued per cycle.
-    ; 
-bn_mul_words_unroll2
-
-    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
-    FLDD    8(a_ptr),t_float_1        ; load up 64-bit value (fr8L) ht(L)/lt(R)
-    XMPYU   fht_0,fw_l,fm1            ; m1[0] = fht_0*fw_l
-    XMPYU   fht_1,fw_l,fm1_1          ; m1[1] = ht*fw_l
-
-    FSTD    fm1,-16(%sp)              ; -16(sp) = m1
-    FSTD    fm1_1,-48(%sp)            ; -48(sp) = m1
-    XMPYU   flt_0,fw_h,fm             ; m = lt*fw_h
-    XMPYU   flt_1,fw_h,fm_1           ; m = lt*fw_h
-
-    FSTD    fm,-8(%sp)                ; -8(sp) = m
-    FSTD    fm_1,-40(%sp)             ; -40(sp) = m
-    XMPYU   fht_0,fw_h,ht_temp        ; ht_temp = fht_0*fw_h
-    XMPYU   fht_1,fw_h,ht_temp_1      ; ht_temp = ht*fw_h
-
-    FSTD    ht_temp,-24(%sp)          ; -24(sp) = ht
-    FSTD    ht_temp_1,-56(%sp)        ; -56(sp) = ht
-    XMPYU   flt_0,fw_l,lt_temp        ; lt_temp = lt*fw_l
-    XMPYU   flt_1,fw_l,lt_temp_1      ; lt_temp = lt*fw_l
-
-    FSTD    lt_temp,-32(%sp)          ; -32(sp) = lt 
-    FSTD    lt_temp_1,-64(%sp)        ; -64(sp) = lt 
-    LDD     -8(%sp),m_0               
-    LDD     -40(%sp),m_1              
-
-    LDD    -16(%sp),m1_0              
-    LDD    -48(%sp),m1_1              
-    LDD     -24(%sp),ht_0             
-    LDD     -56(%sp),ht_1             
-
-    ADD,L   m1_0,m_0,tmp_0            ; tmp_0 = m + m1; 
-    ADD,L   m1_1,m_1,tmp_1            ; tmp_1 = m + m1; 
-    LDD     -32(%sp),lt_0             
-    LDD     -64(%sp),lt_1             
-
-    CMPCLR,*>>= tmp_0,m1_0, %r0       ; if (m < m1)
-    ADD,L   ht_0,top_overflow,ht_0    ; ht += (1<<32)
-    CMPCLR,*>>= tmp_1,m1_1,%r0        ; if (m < m1)
-    ADD,L   ht_1,top_overflow,ht_1    ; ht += (1<<32)
-
-    EXTRD,U tmp_0,31,32,m_0           ; m>>32  
-    DEPD,Z  tmp_0,31,32,m1_0          ; m1 = m<<32 
-    EXTRD,U tmp_1,31,32,m_1           ; m>>32  
-    DEPD,Z  tmp_1,31,32,m1_1          ; m1 = m<<32 
-
-    ADD,L   ht_0,m_0,ht_0             ; ht+= (m>>32)
-    ADD,L   ht_1,m_1,ht_1             ; ht+= (m>>32)
-    ADD     lt_0,m1_0,lt_0            ; lt = lt+m1;
-	ADD,DC  ht_0,%r0,ht_0             ; ht++
-
-    ADD     lt_1,m1_1,lt_1            ; lt = lt+m1;
-    ADD,DC  ht_1,%r0,ht_1             ; ht++
-    ADD    %ret0,lt_0,lt_0            ; lt = lt + c (ret0);
-	ADD,DC  ht_0,%r0,ht_0             ; ht++
-
-    ADD     ht_0,lt_1,lt_1            ; lt = lt + c (ht_0)
-    ADD,DC  ht_1,%r0,ht_1             ; ht++
-    STD     lt_0,0(r_ptr)             ; rp[0] = lt
-    STD     lt_1,8(r_ptr)             ; rp[1] = lt
-
-	COPY    ht_1,%ret0                ; carry = ht
-	LDO    -2(num),num                ; num = num - 2;
-    LDO     16(a_ptr),a_ptr           ; ap += 2
-	CMPIB,<= 2,num,bn_mul_words_unroll2
-    LDO     16(r_ptr),r_ptr           ; rp++
-
-    CMPIB,=,N 0,num,bn_mul_words_exit ; are we done?
-
-	;
-	; Top of loop aligned on 64-byte boundary
-	;
-bn_mul_words_single_top
-    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
-
-    XMPYU   fht_0,fw_l,fm1            ; m1 = ht*fw_l
-    FSTD    fm1,-16(%sp)              ; -16(sp) = m1
-    XMPYU   flt_0,fw_h,fm             ; m = lt*fw_h
-    FSTD    fm,-8(%sp)                ; -8(sp) = m
-    XMPYU   fht_0,fw_h,ht_temp        ; ht_temp = ht*fw_h
-    FSTD    ht_temp,-24(%sp)          ; -24(sp) = ht
-    XMPYU   flt_0,fw_l,lt_temp        ; lt_temp = lt*fw_l
-    FSTD    lt_temp,-32(%sp)          ; -32(sp) = lt 
-
-    LDD     -8(%sp),m_0               
-    LDD    -16(%sp),m1_0              
-    ADD,L   m_0,m1_0,tmp_0            ; tmp_0 = m + m1; 
-    LDD     -24(%sp),ht_0             
-    LDD     -32(%sp),lt_0             
-
-    CMPCLR,*>>= tmp_0,m1_0,%r0        ; if (m < m1)
-    ADD,L   ht_0,top_overflow,ht_0    ; ht += (1<<32)
-
-    EXTRD,U tmp_0,31,32,m_0           ; m>>32  
-    DEPD,Z  tmp_0,31,32,m1_0          ; m1 = m<<32 
-
-    ADD,L   ht_0,m_0,ht_0             ; ht+= (m>>32)
-    ADD     lt_0,m1_0,lt_0            ; lt= lt+m1;
-    ADD,DC  ht_0,%r0,ht_0             ; ht++
-
-    ADD     %ret0,lt_0,lt_0           ; lt = lt + c;
-    ADD,DC  ht_0,%r0,ht_0             ; ht++
-
-    COPY    ht_0,%ret0                ; copy carry
-    STD     lt_0,0(r_ptr)             ; rp[0] = lt
-
-bn_mul_words_exit
-    .EXIT
-    LDD     -96(%sp),%r7              ; restore r7  
-    LDD     -104(%sp),%r6             ; restore r6  
-    LDD     -112(%sp),%r5             ; restore r5  
-    LDD     -120(%sp),%r4             ; restore r4  
-    BVE     (%rp)
-    LDD,MB  -128(%sp),%r3             ; restore r3
-	.PROCEND	;in=23,24,25,26,29;out=28;
-
-;----------------------------------------------------------------------------
-;
-;void bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num)
-;
-; arg0 = rp
-; arg1 = ap
-; arg2 = num
-;
-
-bn_sqr_words
-	.proc
-	.callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
-	.EXPORT	bn_sqr_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-    .entry
-	.align 64
-
-    STD     %r3,0(%sp)          ; save r3  
-    STD     %r4,8(%sp)          ; save r4  
-	NOP
-    STD     %r5,16(%sp)         ; save r5  
-
-    CMPIB,>= 0,num,bn_sqr_words_exit
-	LDO     128(%sp),%sp       ; bump stack
-
-	;
-	; If only 1, the goto straight to cleanup
-	;
-	CMPIB,= 1,num,bn_sqr_words_single_top
-    DEPDI,Z -1,32,33,high_mask   ; Create Mask 0xffffffff80000000L
-
-	;
-	; This loop is unrolled 2 times (64-byte aligned as well)
-	;
-
-bn_sqr_words_unroll2
-    FLDD    0(a_ptr),t_float_0        ; a[0]
-    FLDD    8(a_ptr),t_float_1        ; a[1]
-    XMPYU   fht_0,flt_0,fm            ; m[0]
-    XMPYU   fht_1,flt_1,fm_1          ; m[1]
-
-    FSTD    fm,-24(%sp)               ; store m[0]
-    FSTD    fm_1,-56(%sp)             ; store m[1]
-    XMPYU   flt_0,flt_0,lt_temp       ; lt[0]
-    XMPYU   flt_1,flt_1,lt_temp_1     ; lt[1]
-
-    FSTD    lt_temp,-16(%sp)          ; store lt[0]
-    FSTD    lt_temp_1,-48(%sp)        ; store lt[1]
-    XMPYU   fht_0,fht_0,ht_temp       ; ht[0]
-    XMPYU   fht_1,fht_1,ht_temp_1     ; ht[1]
-
-    FSTD    ht_temp,-8(%sp)           ; store ht[0]
-    FSTD    ht_temp_1,-40(%sp)        ; store ht[1]
-    LDD     -24(%sp),m_0             
-    LDD     -56(%sp),m_1              
-
-    AND     m_0,high_mask,tmp_0       ; m[0] & Mask
-    AND     m_1,high_mask,tmp_1       ; m[1] & Mask
-    DEPD,Z  m_0,30,31,m_0             ; m[0] << 32+1
-    DEPD,Z  m_1,30,31,m_1             ; m[1] << 32+1
-
-    LDD     -16(%sp),lt_0        
-    LDD     -48(%sp),lt_1        
-    EXTRD,U tmp_0,32,33,tmp_0         ; tmp_0 = m[0]&Mask >> 32-1
-    EXTRD,U tmp_1,32,33,tmp_1         ; tmp_1 = m[1]&Mask >> 32-1
-
-    LDD     -8(%sp),ht_0            
-    LDD     -40(%sp),ht_1           
-    ADD,L   ht_0,tmp_0,ht_0           ; ht[0] += tmp_0
-    ADD,L   ht_1,tmp_1,ht_1           ; ht[1] += tmp_1
-
-    ADD     lt_0,m_0,lt_0             ; lt = lt+m
-    ADD,DC  ht_0,%r0,ht_0             ; ht[0]++
-    STD     lt_0,0(r_ptr)             ; rp[0] = lt[0]
-    STD     ht_0,8(r_ptr)             ; rp[1] = ht[1]
-
-    ADD     lt_1,m_1,lt_1             ; lt = lt+m
-    ADD,DC  ht_1,%r0,ht_1             ; ht[1]++
-    STD     lt_1,16(r_ptr)            ; rp[2] = lt[1]
-    STD     ht_1,24(r_ptr)            ; rp[3] = ht[1]
-
-	LDO    -2(num),num                ; num = num - 2;
-    LDO     16(a_ptr),a_ptr           ; ap += 2
-	CMPIB,<= 2,num,bn_sqr_words_unroll2
-    LDO     32(r_ptr),r_ptr           ; rp += 4
-
-    CMPIB,=,N 0,num,bn_sqr_words_exit ; are we done?
-
-	;
-	; Top of loop aligned on 64-byte boundary
-	;
-bn_sqr_words_single_top
-    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
-
-    XMPYU   fht_0,flt_0,fm            ; m
-    FSTD    fm,-24(%sp)               ; store m
-
-    XMPYU   flt_0,flt_0,lt_temp       ; lt
-    FSTD    lt_temp,-16(%sp)          ; store lt
-
-    XMPYU   fht_0,fht_0,ht_temp       ; ht
-    FSTD    ht_temp,-8(%sp)           ; store ht
-
-    LDD     -24(%sp),m_0              ; load m
-    AND     m_0,high_mask,tmp_0       ; m & Mask
-    DEPD,Z  m_0,30,31,m_0             ; m << 32+1
-    LDD     -16(%sp),lt_0             ; lt
-
-    LDD     -8(%sp),ht_0              ; ht
-    EXTRD,U tmp_0,32,33,tmp_0         ; tmp_0 = m&Mask >> 32-1
-    ADD     m_0,lt_0,lt_0             ; lt = lt+m
-    ADD,L   ht_0,tmp_0,ht_0           ; ht += tmp_0
-    ADD,DC  ht_0,%r0,ht_0             ; ht++
-
-    STD     lt_0,0(r_ptr)             ; rp[0] = lt
-    STD     ht_0,8(r_ptr)             ; rp[1] = ht
-
-bn_sqr_words_exit
-    .EXIT
-    LDD     -112(%sp),%r5       ; restore r5  
-    LDD     -120(%sp),%r4       ; restore r4  
-    BVE     (%rp)
-    LDD,MB  -128(%sp),%r3 
-	.PROCEND	;in=23,24,25,26,29;out=28;
-
-
-;----------------------------------------------------------------------------
-;
-;BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
-;
-; arg0 = rp 
-; arg1 = ap
-; arg2 = bp 
-; arg3 = n
-
-t  .reg %r22
-b  .reg %r21
-l  .reg %r20
-
-bn_add_words
-	.proc
-    .entry
-	.callinfo
-	.EXPORT	bn_add_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-	.align 64
-
-    CMPIB,>= 0,n,bn_add_words_exit
-    COPY    %r0,%ret0           ; return 0 by default
-
-	;
-	; If 2 or more numbers do the loop
-	;
-	CMPIB,= 1,n,bn_add_words_single_top
-	NOP
-
-	;
-	; This loop is unrolled 2 times (64-byte aligned as well)
-	;
-bn_add_words_unroll2
-	LDD     0(a_ptr),t
-	LDD     0(b_ptr),b
-	ADD     t,%ret0,t                    ; t = t+c;
-	ADD,DC  %r0,%r0,%ret0                ; set c to carry
-	ADD     t,b,l                        ; l = t + b[0]
-	ADD,DC  %ret0,%r0,%ret0              ; c+= carry
-	STD     l,0(r_ptr)
-
-	LDD     8(a_ptr),t
-	LDD     8(b_ptr),b
-	ADD     t,%ret0,t                     ; t = t+c;
-	ADD,DC  %r0,%r0,%ret0                 ; set c to carry
-	ADD     t,b,l                         ; l = t + b[0]
-	ADD,DC  %ret0,%r0,%ret0               ; c+= carry
-	STD     l,8(r_ptr)
-
-	LDO     -2(n),n
-	LDO     16(a_ptr),a_ptr
-	LDO     16(b_ptr),b_ptr
-
-	CMPIB,<= 2,n,bn_add_words_unroll2
-	LDO     16(r_ptr),r_ptr
-
-    CMPIB,=,N 0,n,bn_add_words_exit ; are we done?
-
-bn_add_words_single_top
-	LDD     0(a_ptr),t
-	LDD     0(b_ptr),b
-
-	ADD     t,%ret0,t                 ; t = t+c;
-	ADD,DC  %r0,%r0,%ret0             ; set c to carry (could use CMPCLR??)
-	ADD     t,b,l                     ; l = t + b[0]
-	ADD,DC  %ret0,%r0,%ret0           ; c+= carry
-	STD     l,0(r_ptr)
-
-bn_add_words_exit
-    .EXIT
-    BVE     (%rp)
-	NOP
-	.PROCEND	;in=23,24,25,26,29;out=28;
-
-;----------------------------------------------------------------------------
-;
-;BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
-;
-; arg0 = rp 
-; arg1 = ap
-; arg2 = bp 
-; arg3 = n
-
-t1       .reg %r22
-t2       .reg %r21
-sub_tmp1 .reg %r20
-sub_tmp2 .reg %r19
-
-
-bn_sub_words
-	.proc
-	.callinfo 
-	.EXPORT	bn_sub_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-    .entry
-	.align 64
-
-    CMPIB,>=  0,n,bn_sub_words_exit
-    COPY    %r0,%ret0           ; return 0 by default
-
-	;
-	; If 2 or more numbers do the loop
-	;
-	CMPIB,= 1,n,bn_sub_words_single_top
-	NOP
-
-	;
-	; This loop is unrolled 2 times (64-byte aligned as well)
-	;
-bn_sub_words_unroll2
-	LDD     0(a_ptr),t1
-	LDD     0(b_ptr),t2
-	SUB     t1,t2,sub_tmp1           ; t3 = t1-t2; 
-	SUB     sub_tmp1,%ret0,sub_tmp1  ; t3 = t3- c; 
-
-	CMPCLR,*>> t1,t2,sub_tmp2        ; clear if t1 > t2
-	LDO      1(%r0),sub_tmp2
-	
-	CMPCLR,*= t1,t2,%r0
-	COPY    sub_tmp2,%ret0
-	STD     sub_tmp1,0(r_ptr)
-
-	LDD     8(a_ptr),t1
-	LDD     8(b_ptr),t2
-	SUB     t1,t2,sub_tmp1            ; t3 = t1-t2; 
-	SUB     sub_tmp1,%ret0,sub_tmp1   ; t3 = t3- c; 
-	CMPCLR,*>> t1,t2,sub_tmp2         ; clear if t1 > t2
-	LDO      1(%r0),sub_tmp2
-	
-	CMPCLR,*= t1,t2,%r0
-	COPY    sub_tmp2,%ret0
-	STD     sub_tmp1,8(r_ptr)
-
-	LDO     -2(n),n
-	LDO     16(a_ptr),a_ptr
-	LDO     16(b_ptr),b_ptr
-
-	CMPIB,<= 2,n,bn_sub_words_unroll2
-	LDO     16(r_ptr),r_ptr
-
-    CMPIB,=,N 0,n,bn_sub_words_exit ; are we done?
-
-bn_sub_words_single_top
-	LDD     0(a_ptr),t1
-	LDD     0(b_ptr),t2
-	SUB     t1,t2,sub_tmp1            ; t3 = t1-t2; 
-	SUB     sub_tmp1,%ret0,sub_tmp1   ; t3 = t3- c; 
-	CMPCLR,*>> t1,t2,sub_tmp2         ; clear if t1 > t2
-	LDO      1(%r0),sub_tmp2
-	
-	CMPCLR,*= t1,t2,%r0
-	COPY    sub_tmp2,%ret0
-
-	STD     sub_tmp1,0(r_ptr)
-
-bn_sub_words_exit
-    .EXIT
-    BVE     (%rp)
-	NOP
-	.PROCEND	;in=23,24,25,26,29;out=28;
-
-;------------------------------------------------------------------------------
-;
-; unsigned long bn_div_words(unsigned long h, unsigned long l, unsigned long d)
-;
-; arg0 = h
-; arg1 = l
-; arg2 = d
-;
-; This is mainly just modified assembly from the compiler, thus the
-; lack of variable names.
-;
-;------------------------------------------------------------------------------
-bn_div_words
-	.proc
-	.callinfo CALLER,FRAME=272,ENTRY_GR=%r10,SAVE_RP,ARGS_SAVED,ORDERING_AWARE
-	.EXPORT	bn_div_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-	.IMPORT	BN_num_bits_word,CODE,NO_RELOCATION
-	.IMPORT	__iob,DATA
-	.IMPORT	fprintf,CODE,NO_RELOCATION
-	.IMPORT	abort,CODE,NO_RELOCATION
-	.IMPORT	$$div2U,MILLICODE
-    .entry
-    STD     %r2,-16(%r30)   
-    STD,MA  %r3,352(%r30)   
-    STD     %r4,-344(%r30)  
-    STD     %r5,-336(%r30)  
-    STD     %r6,-328(%r30)  
-    STD     %r7,-320(%r30)  
-    STD     %r8,-312(%r30)  
-    STD     %r9,-304(%r30)  
-    STD     %r10,-296(%r30)
-
-    STD     %r27,-288(%r30)             ; save gp
-
-    COPY    %r24,%r3           ; save d 
-    COPY    %r26,%r4           ; save h (high 64-bits)
-    LDO      -1(%r0),%ret0     ; return -1 by default	
-
-    CMPB,*=  %r0,%arg2,$D3     ; if (d == 0)
-    COPY    %r25,%r5           ; save l (low 64-bits)
-
-    LDO     -48(%r30),%r29     ; create ap 
-    .CALL   ;in=26,29;out=28;
-    B,L     BN_num_bits_word,%r2 
-    COPY    %r3,%r26        
-    LDD     -288(%r30),%r27    ; restore gp 
-    LDI     64,%r21 
-
-    CMPB,=  %r21,%ret0,$00000012   ;if (i == 64) (forward) 
-    COPY    %ret0,%r24             ; i   
-    MTSARCM %r24    
-    DEPDI,Z -1,%sar,1,%r29  
-    CMPB,*<<,N %r29,%r4,bn_div_err_case ; if (h > 1<<i) (forward) 
-
-$00000012
-    SUBI    64,%r24,%r31                       ; i = 64 - i;
-    CMPCLR,*<< %r4,%r3,%r0                     ; if (h >= d)
-    SUB     %r4,%r3,%r4                        ; h -= d
-    CMPB,=  %r31,%r0,$0000001A                 ; if (i)
-    COPY    %r0,%r10                           ; ret = 0
-    MTSARCM %r31                               ; i to shift
-    DEPD,Z  %r3,%sar,64,%r3                    ; d <<= i;
-    SUBI    64,%r31,%r19                       ; 64 - i; redundent
-    MTSAR   %r19                               ; (64 -i) to shift
-    SHRPD   %r4,%r5,%sar,%r4                   ; l>> (64-i)
-    MTSARCM %r31                               ; i to shift
-    DEPD,Z  %r5,%sar,64,%r5                    ; l <<= i;
-
-$0000001A
-    DEPDI,Z -1,31,32,%r19                      
-    EXTRD,U %r3,31,32,%r6                      ; dh=(d&0xfff)>>32
-    EXTRD,U %r3,63,32,%r8                      ; dl = d&0xffffff
-    LDO     2(%r0),%r9
-    STD    %r3,-280(%r30)                      ; "d" to stack
-
-$0000001C
-    DEPDI,Z -1,63,32,%r29                      ; 
-    EXTRD,U %r4,31,32,%r31                     ; h >> 32
-    CMPB,*=,N  %r31,%r6,$D2     	       ; if ((h>>32) != dh)(forward) div
-    COPY    %r4,%r26       
-    EXTRD,U %r4,31,32,%r25 
-    COPY    %r6,%r24      
-    .CALL   ;in=23,24,25,26;out=20,21,22,28,29; (MILLICALL)
-    B,L     $$div2U,%r2     
-    EXTRD,U %r6,31,32,%r23  
-    DEPD    %r28,31,32,%r29 
-$D2
-    STD     %r29,-272(%r30)                   ; q
-    AND     %r5,%r19,%r24                   ; t & 0xffffffff00000000;
-    EXTRD,U %r24,31,32,%r24                 ; ??? 
-    FLDD    -272(%r30),%fr7                 ; q
-    FLDD    -280(%r30),%fr8                 ; d
-    XMPYU   %fr8L,%fr7L,%fr10  
-    FSTD    %fr10,-256(%r30)   
-    XMPYU   %fr8L,%fr7R,%fr22  
-    FSTD    %fr22,-264(%r30)   
-    XMPYU   %fr8R,%fr7L,%fr11 
-    XMPYU   %fr8R,%fr7R,%fr23
-    FSTD    %fr11,-232(%r30)
-    FSTD    %fr23,-240(%r30)
-    LDD     -256(%r30),%r28
-    DEPD,Z  %r28,31,32,%r2 
-    LDD     -264(%r30),%r20
-    ADD,L   %r20,%r2,%r31   
-    LDD     -232(%r30),%r22 
-    DEPD,Z  %r22,31,32,%r22 
-    LDD     -240(%r30),%r21 
-    B       $00000024       ; enter loop  
-    ADD,L   %r21,%r22,%r23 
-
-$0000002A
-    LDO     -1(%r29),%r29   
-    SUB     %r23,%r8,%r23   
-$00000024
-    SUB     %r4,%r31,%r25   
-    AND     %r25,%r19,%r26  
-    CMPB,*<>,N      %r0,%r26,$00000046  ; (forward)
-    DEPD,Z  %r25,31,32,%r20 
-    OR      %r20,%r24,%r21  
-    CMPB,*<<,N  %r21,%r23,$0000002A ;(backward) 
-    SUB     %r31,%r6,%r31   
-;-------------Break path---------------------
-
-$00000046
-    DEPD,Z  %r23,31,32,%r25              ;tl
-    EXTRD,U %r23,31,32,%r26              ;t
-    AND     %r25,%r19,%r24               ;tl = (tl<<32)&0xfffffff0000000L
-    ADD,L   %r31,%r26,%r31               ;th += t; 
-    CMPCLR,*>>=     %r5,%r24,%r0         ;if (l<tl)
-    LDO     1(%r31),%r31                 ; th++;
-    CMPB,*<<=,N     %r31,%r4,$00000036   ;if (n < th) (forward)
-    LDO     -1(%r29),%r29                ;q--; 
-    ADD,L   %r4,%r3,%r4                  ;h += d;
-$00000036
-    ADDIB,=,N       -1,%r9,$D1 ;if (--count == 0) break (forward) 
-    SUB     %r5,%r24,%r28                ; l -= tl;
-    SUB     %r4,%r31,%r24                ; h -= th;
-    SHRPD   %r24,%r28,32,%r4             ; h = ((h<<32)|(l>>32));
-    DEPD,Z  %r29,31,32,%r10              ; ret = q<<32
-    b      $0000001C
-    DEPD,Z  %r28,31,32,%r5               ; l = l << 32 
-
-$D1
-    OR      %r10,%r29,%r28           ; ret |= q
-$D3
-    LDD     -368(%r30),%r2  
-$D0
-    LDD     -296(%r30),%r10 
-    LDD     -304(%r30),%r9  
-    LDD     -312(%r30),%r8  
-    LDD     -320(%r30),%r7  
-    LDD     -328(%r30),%r6  
-    LDD     -336(%r30),%r5  
-    LDD     -344(%r30),%r4  
-    BVE     (%r2)   
-        .EXIT
-    LDD,MB  -352(%r30),%r3 
-
-bn_div_err_case
-    MFIA    %r6     
-    ADDIL   L'bn_div_words-bn_div_err_case,%r6,%r1 
-    LDO     R'bn_div_words-bn_div_err_case(%r1),%r6  
-    ADDIL   LT'__iob,%r27,%r1       
-    LDD     RT'__iob(%r1),%r26      
-    ADDIL   L'C$4-bn_div_words,%r6,%r1    
-    LDO     R'C$4-bn_div_words(%r1),%r25  
-    LDO     64(%r26),%r26   
-    .CALL           ;in=24,25,26,29;out=28;
-    B,L     fprintf,%r2    
-    LDO     -48(%r30),%r29 
-    LDD     -288(%r30),%r27
-    .CALL           ;in=29;
-    B,L     abort,%r2      
-    LDO     -48(%r30),%r29 
-    LDD     -288(%r30),%r27
-    B       $D0         
-    LDD     -368(%r30),%r2  
-	.PROCEND	;in=24,25,26,29;out=28;
-
-;----------------------------------------------------------------------------
-;
-; Registers to hold 64-bit values to manipulate.  The "L" part
-; of the register corresponds to the upper 32-bits, while the "R"
-; part corresponds to the lower 32-bits
-; 
-; Note, that when using b6 and b7, the code must save these before
-; using them because they are callee save registers 
-; 
-;
-; Floating point registers to use to save values that
-; are manipulated.  These don't collide with ftemp1-6 and
-; are all caller save registers
-;
-a0        .reg %fr22
-a0L       .reg %fr22L
-a0R       .reg %fr22R
-
-a1        .reg %fr23
-a1L       .reg %fr23L
-a1R       .reg %fr23R
-
-a2        .reg %fr24
-a2L       .reg %fr24L
-a2R       .reg %fr24R
-
-a3        .reg %fr25
-a3L       .reg %fr25L
-a3R       .reg %fr25R
-
-a4        .reg %fr26
-a4L       .reg %fr26L
-a4R       .reg %fr26R
-
-a5        .reg %fr27
-a5L       .reg %fr27L
-a5R       .reg %fr27R
-
-a6        .reg %fr28
-a6L       .reg %fr28L
-a6R       .reg %fr28R
-
-a7        .reg %fr29
-a7L       .reg %fr29L
-a7R       .reg %fr29R
-
-b0        .reg %fr30
-b0L       .reg %fr30L
-b0R       .reg %fr30R
-
-b1        .reg %fr31
-b1L       .reg %fr31L
-b1R       .reg %fr31R
-
-;
-; Temporary floating point variables, these are all caller save
-; registers
-;
-ftemp1    .reg %fr4
-ftemp2    .reg %fr5
-ftemp3    .reg %fr6
-ftemp4    .reg %fr7
-
-;
-; The B set of registers when used.
-;
-
-b2        .reg %fr8
-b2L       .reg %fr8L
-b2R       .reg %fr8R
-
-b3        .reg %fr9
-b3L       .reg %fr9L
-b3R       .reg %fr9R
-
-b4        .reg %fr10
-b4L       .reg %fr10L
-b4R       .reg %fr10R
-
-b5        .reg %fr11
-b5L       .reg %fr11L
-b5R       .reg %fr11R
-
-b6        .reg %fr12
-b6L       .reg %fr12L
-b6R       .reg %fr12R
-
-b7        .reg %fr13
-b7L       .reg %fr13L
-b7R       .reg %fr13R
-
-c1           .reg %r21   ; only reg
-temp1        .reg %r20   ; only reg
-temp2        .reg %r19   ; only reg
-temp3        .reg %r31   ; only reg
-
-m1           .reg %r28   
-c2           .reg %r23   
-high_one     .reg %r1
-ht           .reg %r6
-lt           .reg %r5
-m            .reg %r4
-c3           .reg %r3
-
-SQR_ADD_C  .macro  A0L,A0R,C1,C2,C3
-    XMPYU   A0L,A0R,ftemp1       ; m
-    FSTD    ftemp1,-24(%sp)      ; store m
-
-    XMPYU   A0R,A0R,ftemp2       ; lt
-    FSTD    ftemp2,-16(%sp)      ; store lt
-
-    XMPYU   A0L,A0L,ftemp3       ; ht
-    FSTD    ftemp3,-8(%sp)       ; store ht
-
-    LDD     -24(%sp),m           ; load m
-    AND     m,high_mask,temp2    ; m & Mask
-    DEPD,Z  m,30,31,temp3        ; m << 32+1
-    LDD     -16(%sp),lt          ; lt
-
-    LDD     -8(%sp),ht           ; ht
-    EXTRD,U temp2,32,33,temp1    ; temp1 = m&Mask >> 32-1
-    ADD     temp3,lt,lt          ; lt = lt+m
-    ADD,L   ht,temp1,ht          ; ht += temp1
-    ADD,DC  ht,%r0,ht            ; ht++
-
-    ADD     C1,lt,C1             ; c1=c1+lt
-    ADD,DC  ht,%r0,ht            ; ht++
-
-    ADD     C2,ht,C2             ; c2=c2+ht
-    ADD,DC  C3,%r0,C3            ; c3++
-.endm
-
-SQR_ADD_C2 .macro  A0L,A0R,A1L,A1R,C1,C2,C3
-    XMPYU   A0L,A1R,ftemp1          ; m1 = bl*ht
-    FSTD    ftemp1,-16(%sp)         ;
-    XMPYU   A0R,A1L,ftemp2          ; m = bh*lt
-    FSTD    ftemp2,-8(%sp)          ;
-    XMPYU   A0R,A1R,ftemp3          ; lt = bl*lt
-    FSTD    ftemp3,-32(%sp)
-    XMPYU   A0L,A1L,ftemp4          ; ht = bh*ht
-    FSTD    ftemp4,-24(%sp)         ;
-
-    LDD     -8(%sp),m               ; r21 = m
-    LDD     -16(%sp),m1             ; r19 = m1
-    ADD,L   m,m1,m                  ; m+m1
-
-    DEPD,Z  m,31,32,temp3           ; (m+m1<<32)
-    LDD     -24(%sp),ht             ; r24 = ht
-
-    CMPCLR,*>>= m,m1,%r0            ; if (m < m1)
-    ADD,L   ht,high_one,ht          ; ht+=high_one
-
-    EXTRD,U m,31,32,temp1           ; m >> 32
-    LDD     -32(%sp),lt             ; lt
-    ADD,L   ht,temp1,ht             ; ht+= m>>32
-    ADD     lt,temp3,lt             ; lt = lt+m1
-    ADD,DC  ht,%r0,ht               ; ht++
-
-    ADD     ht,ht,ht                ; ht=ht+ht;
-    ADD,DC  C3,%r0,C3               ; add in carry (c3++)
-
-    ADD     lt,lt,lt                ; lt=lt+lt;
-    ADD,DC  ht,%r0,ht               ; add in carry (ht++)
-
-    ADD     C1,lt,C1                ; c1=c1+lt
-    ADD,DC,*NUV ht,%r0,ht           ; add in carry (ht++)
-    LDO     1(C3),C3              ; bump c3 if overflow,nullify otherwise
-
-    ADD     C2,ht,C2                ; c2 = c2 + ht
-    ADD,DC  C3,%r0,C3             ; add in carry (c3++)
-.endm
-
-;
-;void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
-; arg0 = r_ptr
-; arg1 = a_ptr
-;
-
-bn_sqr_comba8
-	.PROC
-	.CALLINFO FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
-	.EXPORT	bn_sqr_comba8,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-    .ENTRY
-	.align 64
-
-    STD     %r3,0(%sp)          ; save r3
-    STD     %r4,8(%sp)          ; save r4
-    STD     %r5,16(%sp)         ; save r5
-    STD     %r6,24(%sp)         ; save r6
-
-	;
-	; Zero out carries
-	;
-	COPY     %r0,c1
-	COPY     %r0,c2
-	COPY     %r0,c3
-
-	LDO      128(%sp),%sp       ; bump stack
-    DEPDI,Z -1,32,33,high_mask   ; Create Mask 0xffffffff80000000L
-    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
-
-	;
-	; Load up all of the values we are going to use
-	;
-    FLDD     0(a_ptr),a0       
-    FLDD     8(a_ptr),a1       
-    FLDD    16(a_ptr),a2       
-    FLDD    24(a_ptr),a3       
-    FLDD    32(a_ptr),a4       
-    FLDD    40(a_ptr),a5       
-    FLDD    48(a_ptr),a6       
-    FLDD    56(a_ptr),a7       
-
-	SQR_ADD_C a0L,a0R,c1,c2,c3
-	STD     c1,0(r_ptr)          ; r[0] = c1;
-	COPY    %r0,c1
-
-	SQR_ADD_C2 a1L,a1R,a0L,a0R,c2,c3,c1
-	STD     c2,8(r_ptr)          ; r[1] = c2;
-	COPY    %r0,c2
-
-	SQR_ADD_C a1L,a1R,c3,c1,c2
-	SQR_ADD_C2 a2L,a2R,a0L,a0R,c3,c1,c2
-	STD     c3,16(r_ptr)            ; r[2] = c3;
-	COPY    %r0,c3
-
-	SQR_ADD_C2 a3L,a3R,a0L,a0R,c1,c2,c3
-	SQR_ADD_C2 a2L,a2R,a1L,a1R,c1,c2,c3
-	STD     c1,24(r_ptr)           ; r[3] = c1;
-	COPY    %r0,c1
-
-	SQR_ADD_C a2L,a2R,c2,c3,c1
-	SQR_ADD_C2 a3L,a3R,a1L,a1R,c2,c3,c1
-	SQR_ADD_C2 a4L,a4R,a0L,a0R,c2,c3,c1
-	STD     c2,32(r_ptr)          ; r[4] = c2;
-	COPY    %r0,c2
-
-	SQR_ADD_C2 a5L,a5R,a0L,a0R,c3,c1,c2
-	SQR_ADD_C2 a4L,a4R,a1L,a1R,c3,c1,c2
-	SQR_ADD_C2 a3L,a3R,a2L,a2R,c3,c1,c2
-	STD     c3,40(r_ptr)          ; r[5] = c3;
-	COPY    %r0,c3
-
-	SQR_ADD_C a3L,a3R,c1,c2,c3
-	SQR_ADD_C2 a4L,a4R,a2L,a2R,c1,c2,c3
-	SQR_ADD_C2 a5L,a5R,a1L,a1R,c1,c2,c3
-	SQR_ADD_C2 a6L,a6R,a0L,a0R,c1,c2,c3
-	STD     c1,48(r_ptr)          ; r[6] = c1;
-	COPY    %r0,c1
-
-	SQR_ADD_C2 a7L,a7R,a0L,a0R,c2,c3,c1
-	SQR_ADD_C2 a6L,a6R,a1L,a1R,c2,c3,c1
-	SQR_ADD_C2 a5L,a5R,a2L,a2R,c2,c3,c1
-	SQR_ADD_C2 a4L,a4R,a3L,a3R,c2,c3,c1
-	STD     c2,56(r_ptr)          ; r[7] = c2;
-	COPY    %r0,c2
-
-	SQR_ADD_C a4L,a4R,c3,c1,c2
-	SQR_ADD_C2 a5L,a5R,a3L,a3R,c3,c1,c2
-	SQR_ADD_C2 a6L,a6R,a2L,a2R,c3,c1,c2
-	SQR_ADD_C2 a7L,a7R,a1L,a1R,c3,c1,c2
-	STD     c3,64(r_ptr)          ; r[8] = c3;
-	COPY    %r0,c3
-
-	SQR_ADD_C2 a7L,a7R,a2L,a2R,c1,c2,c3
-	SQR_ADD_C2 a6L,a6R,a3L,a3R,c1,c2,c3
-	SQR_ADD_C2 a5L,a5R,a4L,a4R,c1,c2,c3
-	STD     c1,72(r_ptr)          ; r[9] = c1;
-	COPY    %r0,c1
-
-	SQR_ADD_C a5L,a5R,c2,c3,c1
-	SQR_ADD_C2 a6L,a6R,a4L,a4R,c2,c3,c1
-	SQR_ADD_C2 a7L,a7R,a3L,a3R,c2,c3,c1
-	STD     c2,80(r_ptr)          ; r[10] = c2;
-	COPY    %r0,c2
-
-	SQR_ADD_C2 a7L,a7R,a4L,a4R,c3,c1,c2
-	SQR_ADD_C2 a6L,a6R,a5L,a5R,c3,c1,c2
-	STD     c3,88(r_ptr)          ; r[11] = c3;
-	COPY    %r0,c3
-	
-	SQR_ADD_C a6L,a6R,c1,c2,c3
-	SQR_ADD_C2 a7L,a7R,a5L,a5R,c1,c2,c3
-	STD     c1,96(r_ptr)          ; r[12] = c1;
-	COPY    %r0,c1
-
-	SQR_ADD_C2 a7L,a7R,a6L,a6R,c2,c3,c1
-	STD     c2,104(r_ptr)         ; r[13] = c2;
-	COPY    %r0,c2
-
-	SQR_ADD_C a7L,a7R,c3,c1,c2
-	STD     c3, 112(r_ptr)       ; r[14] = c3
-	STD     c1, 120(r_ptr)       ; r[15] = c1
-
-    .EXIT
-    LDD     -104(%sp),%r6        ; restore r6
-    LDD     -112(%sp),%r5        ; restore r5
-    LDD     -120(%sp),%r4        ; restore r4
-    BVE     (%rp)
-    LDD,MB  -128(%sp),%r3
-
-	.PROCEND	
-
-;-----------------------------------------------------------------------------
-;
-;void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
-; arg0 = r_ptr
-; arg1 = a_ptr
-;
-
-bn_sqr_comba4
-	.proc
-	.callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
-	.EXPORT	bn_sqr_comba4,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-    .entry
-	.align 64
-    STD     %r3,0(%sp)          ; save r3
-    STD     %r4,8(%sp)          ; save r4
-    STD     %r5,16(%sp)         ; save r5
-    STD     %r6,24(%sp)         ; save r6
-
-	;
-	; Zero out carries
-	;
-	COPY     %r0,c1
-	COPY     %r0,c2
-	COPY     %r0,c3
-
-	LDO      128(%sp),%sp       ; bump stack
-    DEPDI,Z -1,32,33,high_mask   ; Create Mask 0xffffffff80000000L
-    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
-
-	;
-	; Load up all of the values we are going to use
-	;
-    FLDD     0(a_ptr),a0       
-    FLDD     8(a_ptr),a1       
-    FLDD    16(a_ptr),a2       
-    FLDD    24(a_ptr),a3       
-    FLDD    32(a_ptr),a4       
-    FLDD    40(a_ptr),a5       
-    FLDD    48(a_ptr),a6       
-    FLDD    56(a_ptr),a7       
-
-	SQR_ADD_C a0L,a0R,c1,c2,c3
-
-	STD     c1,0(r_ptr)          ; r[0] = c1;
-	COPY    %r0,c1
-
-	SQR_ADD_C2 a1L,a1R,a0L,a0R,c2,c3,c1
-
-	STD     c2,8(r_ptr)          ; r[1] = c2;
-	COPY    %r0,c2
-
-	SQR_ADD_C a1L,a1R,c3,c1,c2
-	SQR_ADD_C2 a2L,a2R,a0L,a0R,c3,c1,c2
-
-	STD     c3,16(r_ptr)            ; r[2] = c3;
-	COPY    %r0,c3
-
-	SQR_ADD_C2 a3L,a3R,a0L,a0R,c1,c2,c3
-	SQR_ADD_C2 a2L,a2R,a1L,a1R,c1,c2,c3
-
-	STD     c1,24(r_ptr)           ; r[3] = c1;
-	COPY    %r0,c1
-
-	SQR_ADD_C a2L,a2R,c2,c3,c1
-	SQR_ADD_C2 a3L,a3R,a1L,a1R,c2,c3,c1
-
-	STD     c2,32(r_ptr)           ; r[4] = c2;
-	COPY    %r0,c2
-
-	SQR_ADD_C2 a3L,a3R,a2L,a2R,c3,c1,c2
-	STD     c3,40(r_ptr)           ; r[5] = c3;
-	COPY    %r0,c3
-
-	SQR_ADD_C a3L,a3R,c1,c2,c3
-	STD     c1,48(r_ptr)           ; r[6] = c1;
-	STD     c2,56(r_ptr)           ; r[7] = c2;
-
-    .EXIT
-    LDD     -104(%sp),%r6        ; restore r6
-    LDD     -112(%sp),%r5        ; restore r5
-    LDD     -120(%sp),%r4        ; restore r4
-    BVE     (%rp)
-    LDD,MB  -128(%sp),%r3
-
-	.PROCEND	
-
-
-;---------------------------------------------------------------------------
-
-MUL_ADD_C  .macro  A0L,A0R,B0L,B0R,C1,C2,C3
-    XMPYU   A0L,B0R,ftemp1        ; m1 = bl*ht
-    FSTD    ftemp1,-16(%sp)       ;
-    XMPYU   A0R,B0L,ftemp2        ; m = bh*lt
-    FSTD    ftemp2,-8(%sp)        ;
-    XMPYU   A0R,B0R,ftemp3        ; lt = bl*lt
-    FSTD    ftemp3,-32(%sp)
-    XMPYU   A0L,B0L,ftemp4        ; ht = bh*ht
-    FSTD    ftemp4,-24(%sp)       ;
-
-    LDD     -8(%sp),m             ; r21 = m
-    LDD     -16(%sp),m1           ; r19 = m1
-    ADD,L   m,m1,m                ; m+m1
-
-    DEPD,Z  m,31,32,temp3         ; (m+m1<<32)
-    LDD     -24(%sp),ht           ; r24 = ht
-
-    CMPCLR,*>>= m,m1,%r0          ; if (m < m1)
-    ADD,L   ht,high_one,ht        ; ht+=high_one
-
-    EXTRD,U m,31,32,temp1         ; m >> 32
-    LDD     -32(%sp),lt           ; lt
-    ADD,L   ht,temp1,ht           ; ht+= m>>32
-    ADD     lt,temp3,lt           ; lt = lt+m1
-    ADD,DC  ht,%r0,ht             ; ht++
-
-    ADD     C1,lt,C1              ; c1=c1+lt
-    ADD,DC  ht,%r0,ht             ; bump c3 if overflow,nullify otherwise
-
-    ADD     C2,ht,C2              ; c2 = c2 + ht
-    ADD,DC  C3,%r0,C3             ; add in carry (c3++)
-.endm
-
-
-;
-;void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
-; arg0 = r_ptr
-; arg1 = a_ptr
-; arg2 = b_ptr
-;
-
-bn_mul_comba8
-	.proc
-	.callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
-	.EXPORT	bn_mul_comba8,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-    .entry
-	.align 64
-
-    STD     %r3,0(%sp)          ; save r3
-    STD     %r4,8(%sp)          ; save r4
-    STD     %r5,16(%sp)         ; save r5
-    STD     %r6,24(%sp)         ; save r6
-    FSTD    %fr12,32(%sp)       ; save r6
-    FSTD    %fr13,40(%sp)       ; save r7
-
-	;
-	; Zero out carries
-	;
-	COPY     %r0,c1
-	COPY     %r0,c2
-	COPY     %r0,c3
-
-	LDO      128(%sp),%sp       ; bump stack
-    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
-
-	;
-	; Load up all of the values we are going to use
-	;
-    FLDD      0(a_ptr),a0       
-    FLDD      8(a_ptr),a1       
-    FLDD     16(a_ptr),a2       
-    FLDD     24(a_ptr),a3       
-    FLDD     32(a_ptr),a4       
-    FLDD     40(a_ptr),a5       
-    FLDD     48(a_ptr),a6       
-    FLDD     56(a_ptr),a7       
-
-    FLDD      0(b_ptr),b0       
-    FLDD      8(b_ptr),b1       
-    FLDD     16(b_ptr),b2       
-    FLDD     24(b_ptr),b3       
-    FLDD     32(b_ptr),b4       
-    FLDD     40(b_ptr),b5       
-    FLDD     48(b_ptr),b6       
-    FLDD     56(b_ptr),b7       
-
-	MUL_ADD_C a0L,a0R,b0L,b0R,c1,c2,c3
-	STD       c1,0(r_ptr)
-	COPY      %r0,c1
-
-	MUL_ADD_C a0L,a0R,b1L,b1R,c2,c3,c1
-	MUL_ADD_C a1L,a1R,b0L,b0R,c2,c3,c1
-	STD       c2,8(r_ptr)
-	COPY      %r0,c2
-
-	MUL_ADD_C a2L,a2R,b0L,b0R,c3,c1,c2
-	MUL_ADD_C a1L,a1R,b1L,b1R,c3,c1,c2
-	MUL_ADD_C a0L,a0R,b2L,b2R,c3,c1,c2
-	STD       c3,16(r_ptr)
-	COPY      %r0,c3
-
-	MUL_ADD_C a0L,a0R,b3L,b3R,c1,c2,c3
-	MUL_ADD_C a1L,a1R,b2L,b2R,c1,c2,c3
-	MUL_ADD_C a2L,a2R,b1L,b1R,c1,c2,c3
-	MUL_ADD_C a3L,a3R,b0L,b0R,c1,c2,c3
-	STD       c1,24(r_ptr)
-	COPY      %r0,c1
-
-	MUL_ADD_C a4L,a4R,b0L,b0R,c2,c3,c1
-	MUL_ADD_C a3L,a3R,b1L,b1R,c2,c3,c1
-	MUL_ADD_C a2L,a2R,b2L,b2R,c2,c3,c1
-	MUL_ADD_C a1L,a1R,b3L,b3R,c2,c3,c1
-	MUL_ADD_C a0L,a0R,b4L,b4R,c2,c3,c1
-	STD       c2,32(r_ptr)
-	COPY      %r0,c2
-
-	MUL_ADD_C a0L,a0R,b5L,b5R,c3,c1,c2
-	MUL_ADD_C a1L,a1R,b4L,b4R,c3,c1,c2
-	MUL_ADD_C a2L,a2R,b3L,b3R,c3,c1,c2
-	MUL_ADD_C a3L,a3R,b2L,b2R,c3,c1,c2
-	MUL_ADD_C a4L,a4R,b1L,b1R,c3,c1,c2
-	MUL_ADD_C a5L,a5R,b0L,b0R,c3,c1,c2
-	STD       c3,40(r_ptr)
-	COPY      %r0,c3
-
-	MUL_ADD_C a6L,a6R,b0L,b0R,c1,c2,c3
-	MUL_ADD_C a5L,a5R,b1L,b1R,c1,c2,c3
-	MUL_ADD_C a4L,a4R,b2L,b2R,c1,c2,c3
-	MUL_ADD_C a3L,a3R,b3L,b3R,c1,c2,c3
-	MUL_ADD_C a2L,a2R,b4L,b4R,c1,c2,c3
-	MUL_ADD_C a1L,a1R,b5L,b5R,c1,c2,c3
-	MUL_ADD_C a0L,a0R,b6L,b6R,c1,c2,c3
-	STD       c1,48(r_ptr)
-	COPY      %r0,c1
-	
-	MUL_ADD_C a0L,a0R,b7L,b7R,c2,c3,c1
-	MUL_ADD_C a1L,a1R,b6L,b6R,c2,c3,c1
-	MUL_ADD_C a2L,a2R,b5L,b5R,c2,c3,c1
-	MUL_ADD_C a3L,a3R,b4L,b4R,c2,c3,c1
-	MUL_ADD_C a4L,a4R,b3L,b3R,c2,c3,c1
-	MUL_ADD_C a5L,a5R,b2L,b2R,c2,c3,c1
-	MUL_ADD_C a6L,a6R,b1L,b1R,c2,c3,c1
-	MUL_ADD_C a7L,a7R,b0L,b0R,c2,c3,c1
-	STD       c2,56(r_ptr)
-	COPY      %r0,c2
-
-	MUL_ADD_C a7L,a7R,b1L,b1R,c3,c1,c2
-	MUL_ADD_C a6L,a6R,b2L,b2R,c3,c1,c2
-	MUL_ADD_C a5L,a5R,b3L,b3R,c3,c1,c2
-	MUL_ADD_C a4L,a4R,b4L,b4R,c3,c1,c2
-	MUL_ADD_C a3L,a3R,b5L,b5R,c3,c1,c2
-	MUL_ADD_C a2L,a2R,b6L,b6R,c3,c1,c2
-	MUL_ADD_C a1L,a1R,b7L,b7R,c3,c1,c2
-	STD       c3,64(r_ptr)
-	COPY      %r0,c3
-
-	MUL_ADD_C a2L,a2R,b7L,b7R,c1,c2,c3
-	MUL_ADD_C a3L,a3R,b6L,b6R,c1,c2,c3
-	MUL_ADD_C a4L,a4R,b5L,b5R,c1,c2,c3
-	MUL_ADD_C a5L,a5R,b4L,b4R,c1,c2,c3
-	MUL_ADD_C a6L,a6R,b3L,b3R,c1,c2,c3
-	MUL_ADD_C a7L,a7R,b2L,b2R,c1,c2,c3
-	STD       c1,72(r_ptr)
-	COPY      %r0,c1
-
-	MUL_ADD_C a7L,a7R,b3L,b3R,c2,c3,c1
-	MUL_ADD_C a6L,a6R,b4L,b4R,c2,c3,c1
-	MUL_ADD_C a5L,a5R,b5L,b5R,c2,c3,c1
-	MUL_ADD_C a4L,a4R,b6L,b6R,c2,c3,c1
-	MUL_ADD_C a3L,a3R,b7L,b7R,c2,c3,c1
-	STD       c2,80(r_ptr)
-	COPY      %r0,c2
-
-	MUL_ADD_C a4L,a4R,b7L,b7R,c3,c1,c2
-	MUL_ADD_C a5L,a5R,b6L,b6R,c3,c1,c2
-	MUL_ADD_C a6L,a6R,b5L,b5R,c3,c1,c2
-	MUL_ADD_C a7L,a7R,b4L,b4R,c3,c1,c2
-	STD       c3,88(r_ptr)
-	COPY      %r0,c3
-
-	MUL_ADD_C a7L,a7R,b5L,b5R,c1,c2,c3
-	MUL_ADD_C a6L,a6R,b6L,b6R,c1,c2,c3
-	MUL_ADD_C a5L,a5R,b7L,b7R,c1,c2,c3
-	STD       c1,96(r_ptr)
-	COPY      %r0,c1
-
-	MUL_ADD_C a6L,a6R,b7L,b7R,c2,c3,c1
-	MUL_ADD_C a7L,a7R,b6L,b6R,c2,c3,c1
-	STD       c2,104(r_ptr)
-	COPY      %r0,c2
-
-	MUL_ADD_C a7L,a7R,b7L,b7R,c3,c1,c2
-	STD       c3,112(r_ptr)
-	STD       c1,120(r_ptr)
-
-    .EXIT
-    FLDD    -88(%sp),%fr13 
-    FLDD    -96(%sp),%fr12 
-    LDD     -104(%sp),%r6        ; restore r6
-    LDD     -112(%sp),%r5        ; restore r5
-    LDD     -120(%sp),%r4        ; restore r4
-    BVE     (%rp)
-    LDD,MB  -128(%sp),%r3
-
-	.PROCEND	
-
-;-----------------------------------------------------------------------------
-;
-;void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
-; arg0 = r_ptr
-; arg1 = a_ptr
-; arg2 = b_ptr
-;
-
-bn_mul_comba4
-	.proc
-	.callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
-	.EXPORT	bn_mul_comba4,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-    .entry
-	.align 64
-
-    STD     %r3,0(%sp)          ; save r3
-    STD     %r4,8(%sp)          ; save r4
-    STD     %r5,16(%sp)         ; save r5
-    STD     %r6,24(%sp)         ; save r6
-    FSTD    %fr12,32(%sp)       ; save r6
-    FSTD    %fr13,40(%sp)       ; save r7
-
-	;
-	; Zero out carries
-	;
-	COPY     %r0,c1
-	COPY     %r0,c2
-	COPY     %r0,c3
-
-	LDO      128(%sp),%sp       ; bump stack
-    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
-
-	;
-	; Load up all of the values we are going to use
-	;
-    FLDD      0(a_ptr),a0       
-    FLDD      8(a_ptr),a1       
-    FLDD     16(a_ptr),a2       
-    FLDD     24(a_ptr),a3       
-
-    FLDD      0(b_ptr),b0       
-    FLDD      8(b_ptr),b1       
-    FLDD     16(b_ptr),b2       
-    FLDD     24(b_ptr),b3       
-
-	MUL_ADD_C a0L,a0R,b0L,b0R,c1,c2,c3
-	STD       c1,0(r_ptr)
-	COPY      %r0,c1
-
-	MUL_ADD_C a0L,a0R,b1L,b1R,c2,c3,c1
-	MUL_ADD_C a1L,a1R,b0L,b0R,c2,c3,c1
-	STD       c2,8(r_ptr)
-	COPY      %r0,c2
-
-	MUL_ADD_C a2L,a2R,b0L,b0R,c3,c1,c2
-	MUL_ADD_C a1L,a1R,b1L,b1R,c3,c1,c2
-	MUL_ADD_C a0L,a0R,b2L,b2R,c3,c1,c2
-	STD       c3,16(r_ptr)
-	COPY      %r0,c3
-
-	MUL_ADD_C a0L,a0R,b3L,b3R,c1,c2,c3
-	MUL_ADD_C a1L,a1R,b2L,b2R,c1,c2,c3
-	MUL_ADD_C a2L,a2R,b1L,b1R,c1,c2,c3
-	MUL_ADD_C a3L,a3R,b0L,b0R,c1,c2,c3
-	STD       c1,24(r_ptr)
-	COPY      %r0,c1
-
-	MUL_ADD_C a3L,a3R,b1L,b1R,c2,c3,c1
-	MUL_ADD_C a2L,a2R,b2L,b2R,c2,c3,c1
-	MUL_ADD_C a1L,a1R,b3L,b3R,c2,c3,c1
-	STD       c2,32(r_ptr)
-	COPY      %r0,c2
-
-	MUL_ADD_C a2L,a2R,b3L,b3R,c3,c1,c2
-	MUL_ADD_C a3L,a3R,b2L,b2R,c3,c1,c2
-	STD       c3,40(r_ptr)
-	COPY      %r0,c3
-
-	MUL_ADD_C a3L,a3R,b3L,b3R,c1,c2,c3
-	STD       c1,48(r_ptr)
-	STD       c2,56(r_ptr)
-
-    .EXIT
-    FLDD    -88(%sp),%fr13 
-    FLDD    -96(%sp),%fr12 
-    LDD     -104(%sp),%r6        ; restore r6
-    LDD     -112(%sp),%r5        ; restore r5
-    LDD     -120(%sp),%r4        ; restore r4
-    BVE     (%rp)
-    LDD,MB  -128(%sp),%r3
-
-	.PROCEND	
-
-
-	.SPACE	$TEXT$
-	.SUBSPA	$CODE$
-	.SPACE	$PRIVATE$,SORT=16
-	.IMPORT	$global$,DATA
-	.SPACE	$TEXT$
-	.SUBSPA	$CODE$
-	.SUBSPA	$LIT$,ACCESS=0x2c
-C$4
-	.ALIGN	8
-	.STRINGZ	"Division would overflow (%d)\n"
-	.END
diff --git a/deps/openssl/openssl/crypto/bn/asm/parisc-mont.pl b/deps/openssl/openssl/crypto/bn/asm/parisc-mont.pl
index cd9926a25f..aa9f626ed2 100644
--- a/deps/openssl/openssl/crypto/bn/asm/parisc-mont.pl
+++ b/deps/openssl/openssl/crypto/bn/asm/parisc-mont.pl
@@ -8,7 +8,7 @@
 
 
 # ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
 # project. The module is, however, dual licensed under OpenSSL and
 # CRYPTOGAMS licenses depending on where you obtain it. For further
 # details see http://www.openssl.org/~appro/cryptogams/.
@@ -21,7 +21,7 @@
 # optimal in respect to instruction set capabilities. Fair comparison
 # with vendor compiler is problematic, because OpenSSL doesn't define
 # BN_LLONG [presumably] for historical reasons, which drives compiler
-# toward 4 times 16x16=32-bit multiplicatons [plus complementary
+# toward 4 times 16x16=32-bit multiplications [plus complementary
 # shifts and additions] instead. This means that you should observe
 # several times improvement over code generated by vendor compiler
 # for PA-RISC 1.1, but the "baseline" is far from optimal. The actual
@@ -864,7 +864,7 @@ L\$copy_pa11
 	comiclr,=	0,$hi1,%r0
 	copy		$ti0,$hi0
 	addib,<>	4,$idx,L\$copy_pa11
-	stws,ma		$hi0,4($rp)	
+	stws,ma		$hi0,4($rp)
 
 	nop					; alignment
 L\$done
@@ -984,6 +984,11 @@ sub assemble {
     ref($opcode) eq 'CODE' ? &$opcode($mod,$args) : "\t$mnemonic$mod\t$args";
 }
 
+if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+	=~ /GNU assembler/) {
+    $gnuas = 1;
+}
+
 foreach (split("\n",$code)) {
 	s/\`([^\`]*)\`/eval $1/ge;
 	# flip word order in 64-bit mode...
@@ -991,7 +996,10 @@ foreach (split("\n",$code)) {
 	# assemble 2.0 instructions in 32-bit mode...
 	s/^\s+([a-z]+)([\S]*)\s+([\S]*)/&assemble($1,$2,$3)/e if ($BN_SZ==4);
 
-	s/\bbv\b/bve/gm	if ($SIZE_T==8);
+	s/(\.LEVEL\s+2\.0)W/$1w/	if ($gnuas && $SIZE_T==8);
+	s/\.SPACE\s+\$TEXT\$/.text/	if ($gnuas && $SIZE_T==8);
+	s/\.SUBSPA.*//			if ($gnuas && $SIZE_T==8);
+	s/\bbv\b/bve/			if ($SIZE_T==8);
 
 	print $_,"\n";
 }
diff --git a/deps/openssl/openssl/crypto/bn/asm/ppc-mont.pl b/deps/openssl/openssl/crypto/bn/asm/ppc-mont.pl
index 9d14a12156..ec7e019a43 100644
--- a/deps/openssl/openssl/crypto/bn/asm/ppc-mont.pl
+++ b/deps/openssl/openssl/crypto/bn/asm/ppc-mont.pl
@@ -8,7 +8,7 @@
 
 
 # ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
 # project. The module is, however, dual licensed under OpenSSL and
 # CRYPTOGAMS licenses depending on where you obtain it. For further
 # details see http://www.openssl.org/~appro/cryptogams/.
@@ -26,11 +26,21 @@
 # So far RSA *sign* performance improvement over pre-bn_mul_mont asm
 # for 64-bit application running on PPC970/G5 is:
 #
-# 512-bit	+65%	
+# 512-bit	+65%
 # 1024-bit	+35%
 # 2048-bit	+18%
 # 4096-bit	+4%
 
+# September 2016
+#
+# Add multiplication procedure operating on lengths divisible by 4
+# and squaring procedure operating on lengths divisible by 8. Length
+# is expressed in number of limbs. RSA private key operations are
+# ~35-50% faster (more for longer keys) on contemporary high-end POWER
+# processors in 64-bit builds, [mysteriously enough] more in 32-bit
+# builds. On low-end 32-bit processors performance improvement turned
+# to be marginal...
+
 $flavour = shift;
 
 if ($flavour =~ /32/) {
@@ -49,7 +59,8 @@ if ($flavour =~ /32/) {
 	$UMULL=	"mullw";	# unsigned multiply low
 	$UMULH=	"mulhwu";	# unsigned multiply high
 	$UCMP=	"cmplw";	# unsigned compare
-	$SHRI=	"srwi";		# unsigned shift right by immediate	
+	$SHRI=	"srwi";		# unsigned shift right by immediate
+	$SHLI=	"slwi";		# unsigned shift left by immediate
 	$PUSH=	$ST;
 	$POP=	$LD;
 } elsif ($flavour =~ /64/) {
@@ -69,7 +80,8 @@ if ($flavour =~ /32/) {
 	$UMULL=	"mulld";	# unsigned multiply low
 	$UMULH=	"mulhdu";	# unsigned multiply high
 	$UCMP=	"cmpld";	# unsigned compare
-	$SHRI=	"srdi";		# unsigned shift right by immediate	
+	$SHRI=	"srdi";		# unsigned shift right by immediate
+	$SHLI=	"sldi";		# unsigned shift left by immediate
 	$PUSH=	$ST;
 	$POP=	$LD;
 } else { die "nonsense $flavour"; }
@@ -86,43 +98,44 @@ open STDOUT,"| $^X $xlate $flavour ".shift || die "can't call $xlate: $!";
 
 $sp="r1";
 $toc="r2";
-$rp="r3";	$ovf="r3";
+$rp="r3";
 $ap="r4";
 $bp="r5";
 $np="r6";
 $n0="r7";
 $num="r8";
-$rp="r9";	# $rp is reassigned
-$aj="r10";
-$nj="r11";
-$tj="r12";
+
+{
+my $ovf=$rp;
+my $rp="r9";	# $rp is reassigned
+my $aj="r10";
+my $nj="r11";
+my $tj="r12";
 # non-volatile registers
-$i="r20";
-$j="r21";
-$tp="r22";
-$m0="r23";
-$m1="r24";
-$lo0="r25";
-$hi0="r26";
-$lo1="r27";
-$hi1="r28";
-$alo="r29";
-$ahi="r30";
-$nlo="r31";
+my $i="r20";
+my $j="r21";
+my $tp="r22";
+my $m0="r23";
+my $m1="r24";
+my $lo0="r25";
+my $hi0="r26";
+my $lo1="r27";
+my $hi1="r28";
+my $alo="r29";
+my $ahi="r30";
+my $nlo="r31";
 #
-$nhi="r0";
+my $nhi="r0";
 
 $code=<<___;
 .machine "any"
 .text
 
 .globl	.bn_mul_mont_int
-.align	4
+.align	5
 .bn_mul_mont_int:
-	cmpwi	$num,4
 	mr	$rp,r3		; $rp is reassigned
 	li	r3,0
-	bltlr
 ___
 $code.=<<___ if ($BNSZ==4);
 	cmpwi	$num,32		; longer key performance is not better
@@ -334,7 +347,1641 @@ Lcopy:				; conditional copy
 	.byte	0,12,4,0,0x80,12,6,0
 	.long	0
 .size	.bn_mul_mont_int,.-.bn_mul_mont_int
+___
+}
+if (1) {
+my ($a0,$a1,$a2,$a3,
+    $t0,$t1,$t2,$t3,
+    $m0,$m1,$m2,$m3,
+    $acc0,$acc1,$acc2,$acc3,$acc4,
+    $bi,$mi,$tp,$ap_end,$cnt) = map("r$_",(9..12,14..31));
+my  ($carry,$zero) = ($rp,"r0");
+
+# sp----------->+-------------------------------+
+#		| saved sp			|
+#		+-------------------------------+
+#		.				.
+# +8*size_t	+-------------------------------+
+#		| 4 "n0*t0"			|
+#		.				.
+#		.				.
+# +12*size_t	+-------------------------------+
+#		| size_t tmp[num]		|
+#		.				.
+#		.				.
+#		.				.
+#		+-------------------------------+
+#		| topmost carry			|
+#		.				.
+# -18*size_t	+-------------------------------+
+#		| 18 saved gpr, r14-r31		|
+#		.				.
+#		.				.
+#		+-------------------------------+
+$code.=<<___;
+.globl	.bn_mul4x_mont_int
+.align	5
+.bn_mul4x_mont_int:
+	andi.	r0,$num,7
+	bne	.Lmul4x_do
+	$UCMP	$ap,$bp
+	bne	.Lmul4x_do
+	b	.Lsqr8x_do
+.Lmul4x_do:
+	slwi	$num,$num,`log($SIZE_T)/log(2)`
+	mr	$a0,$sp
+	li	$a1,-32*$SIZE_T
+	sub	$a1,$a1,$num
+	$STUX	$sp,$sp,$a1		# alloca
+
+	$PUSH	r14,-$SIZE_T*18($a0)
+	$PUSH	r15,-$SIZE_T*17($a0)
+	$PUSH	r16,-$SIZE_T*16($a0)
+	$PUSH	r17,-$SIZE_T*15($a0)
+	$PUSH	r18,-$SIZE_T*14($a0)
+	$PUSH	r19,-$SIZE_T*13($a0)
+	$PUSH	r20,-$SIZE_T*12($a0)
+	$PUSH	r21,-$SIZE_T*11($a0)
+	$PUSH	r22,-$SIZE_T*10($a0)
+	$PUSH	r23,-$SIZE_T*9($a0)
+	$PUSH	r24,-$SIZE_T*8($a0)
+	$PUSH	r25,-$SIZE_T*7($a0)
+	$PUSH	r26,-$SIZE_T*6($a0)
+	$PUSH	r27,-$SIZE_T*5($a0)
+	$PUSH	r28,-$SIZE_T*4($a0)
+	$PUSH	r29,-$SIZE_T*3($a0)
+	$PUSH	r30,-$SIZE_T*2($a0)
+	$PUSH	r31,-$SIZE_T*1($a0)
+
+	subi	$ap,$ap,$SIZE_T		# bias by -1
+	subi	$np,$np,$SIZE_T		# bias by -1
+	subi	$rp,$rp,$SIZE_T		# bias by -1
+	$LD	$n0,0($n0)		# *n0
+
+	add	$t0,$bp,$num
+	add	$ap_end,$ap,$num
+	subi	$t0,$t0,$SIZE_T*4	# &b[num-4]
+
+	$LD	$bi,$SIZE_T*0($bp)	# b[0]
+	li	$acc0,0
+	$LD	$a0,$SIZE_T*1($ap)	# a[0..3]
+	li	$acc1,0
+	$LD	$a1,$SIZE_T*2($ap)
+	li	$acc2,0
+	$LD	$a2,$SIZE_T*3($ap)
+	li	$acc3,0
+	$LDU	$a3,$SIZE_T*4($ap)
+	$LD	$m0,$SIZE_T*1($np)	# n[0..3]
+	$LD	$m1,$SIZE_T*2($np)
+	$LD	$m2,$SIZE_T*3($np)
+	$LDU	$m3,$SIZE_T*4($np)
+
+	$PUSH	$rp,$SIZE_T*6($sp)	# offload rp and &b[num-4]
+	$PUSH	$t0,$SIZE_T*7($sp)
+	li	$carry,0
+	addic	$tp,$sp,$SIZE_T*7	# &t[-1], clear carry bit
+	li	$cnt,0
+	li	$zero,0
+	b	.Loop_mul4x_1st_reduction
+
+.align	5
+.Loop_mul4x_1st_reduction:
+	$UMULL	$t0,$a0,$bi		# lo(a[0..3]*b[0])
+	addze	$carry,$carry		# modulo-scheduled
+	$UMULL	$t1,$a1,$bi
+	addi	$cnt,$cnt,$SIZE_T
+	$UMULL	$t2,$a2,$bi
+	andi.	$cnt,$cnt,$SIZE_T*4-1
+	$UMULL	$t3,$a3,$bi
+	addc	$acc0,$acc0,$t0
+	$UMULH	$t0,$a0,$bi		# hi(a[0..3]*b[0])
+	adde	$acc1,$acc1,$t1
+	$UMULH	$t1,$a1,$bi
+	adde	$acc2,$acc2,$t2
+	$UMULL	$mi,$acc0,$n0		# t[0]*n0
+	adde	$acc3,$acc3,$t3
+	$UMULH	$t2,$a2,$bi
+	addze	$acc4,$zero
+	$UMULH	$t3,$a3,$bi
+	$LDX	$bi,$bp,$cnt		# next b[i] (or b[0])
+	addc	$acc1,$acc1,$t0
+	# (*)	mul	$t0,$m0,$mi	# lo(n[0..3]*t[0]*n0)
+	$STU	$mi,$SIZE_T($tp)	# put aside t[0]*n0 for tail processing
+	adde	$acc2,$acc2,$t1
+	$UMULL	$t1,$m1,$mi
+	adde	$acc3,$acc3,$t2
+	$UMULL	$t2,$m2,$mi
+	adde	$acc4,$acc4,$t3		# can't overflow
+	$UMULL	$t3,$m3,$mi
+	# (*)	addc	$acc0,$acc0,$t0
+	# (*)	As for removal of first multiplication and addition
+	#	instructions. The outcome of first addition is
+	#	guaranteed to be zero, which leaves two computationally
+	#	significant outcomes: it either carries or not. Then
+	#	question is when does it carry? Is there alternative
+	#	way to deduce it? If you follow operations, you can
+	#	observe that condition for carry is quite simple:
+	#	$acc0 being non-zero. So that carry can be calculated
+	#	by adding -1 to $acc0. That's what next instruction does.
+	addic	$acc0,$acc0,-1		# (*), discarded
+	$UMULH	$t0,$m0,$mi		# hi(n[0..3]*t[0]*n0)
+	adde	$acc0,$acc1,$t1
+	$UMULH	$t1,$m1,$mi
+	adde	$acc1,$acc2,$t2
+	$UMULH	$t2,$m2,$mi
+	adde	$acc2,$acc3,$t3
+	$UMULH	$t3,$m3,$mi
+	adde	$acc3,$acc4,$carry
+	addze	$carry,$zero
+	addc	$acc0,$acc0,$t0
+	adde	$acc1,$acc1,$t1
+	adde	$acc2,$acc2,$t2
+	adde	$acc3,$acc3,$t3
+	#addze	$carry,$carry
+	bne	.Loop_mul4x_1st_reduction
+
+	$UCMP	$ap_end,$ap
+	beq	.Lmul4x4_post_condition
+
+	$LD	$a0,$SIZE_T*1($ap)	# a[4..7]
+	$LD	$a1,$SIZE_T*2($ap)
+	$LD	$a2,$SIZE_T*3($ap)
+	$LDU	$a3,$SIZE_T*4($ap)
+	$LD	$mi,$SIZE_T*8($sp)	# a[0]*n0
+	$LD	$m0,$SIZE_T*1($np)	# n[4..7]
+	$LD	$m1,$SIZE_T*2($np)
+	$LD	$m2,$SIZE_T*3($np)
+	$LDU	$m3,$SIZE_T*4($np)
+	b	.Loop_mul4x_1st_tail
+
+.align	5
+.Loop_mul4x_1st_tail:
+	$UMULL	$t0,$a0,$bi		# lo(a[4..7]*b[i])
+	addze	$carry,$carry		# modulo-scheduled
+	$UMULL	$t1,$a1,$bi
+	addi	$cnt,$cnt,$SIZE_T
+	$UMULL	$t2,$a2,$bi
+	andi.	$cnt,$cnt,$SIZE_T*4-1
+	$UMULL	$t3,$a3,$bi
+	addc	$acc0,$acc0,$t0
+	$UMULH	$t0,$a0,$bi		# hi(a[4..7]*b[i])
+	adde	$acc1,$acc1,$t1
+	$UMULH	$t1,$a1,$bi
+	adde	$acc2,$acc2,$t2
+	$UMULH	$t2,$a2,$bi
+	adde	$acc3,$acc3,$t3
+	$UMULH	$t3,$a3,$bi
+	addze	$acc4,$zero
+	$LDX	$bi,$bp,$cnt		# next b[i] (or b[0])
+	addc	$acc1,$acc1,$t0
+	$UMULL	$t0,$m0,$mi		# lo(n[4..7]*a[0]*n0)
+	adde	$acc2,$acc2,$t1
+	$UMULL	$t1,$m1,$mi
+	adde	$acc3,$acc3,$t2
+	$UMULL	$t2,$m2,$mi
+	adde	$acc4,$acc4,$t3		# can't overflow
+	$UMULL	$t3,$m3,$mi
+	addc	$acc0,$acc0,$t0
+	$UMULH	$t0,$m0,$mi		# hi(n[4..7]*a[0]*n0)
+	adde	$acc1,$acc1,$t1
+	$UMULH	$t1,$m1,$mi
+	adde	$acc2,$acc2,$t2
+	$UMULH	$t2,$m2,$mi
+	adde	$acc3,$acc3,$t3
+	adde	$acc4,$acc4,$carry
+	$UMULH	$t3,$m3,$mi
+	addze	$carry,$zero
+	addi	$mi,$sp,$SIZE_T*8
+	$LDX	$mi,$mi,$cnt		# next t[0]*n0
+	$STU	$acc0,$SIZE_T($tp)	# word of result
+	addc	$acc0,$acc1,$t0
+	adde	$acc1,$acc2,$t1
+	adde	$acc2,$acc3,$t2
+	adde	$acc3,$acc4,$t3
+	#addze	$carry,$carry
+	bne	.Loop_mul4x_1st_tail
+
+	sub	$t1,$ap_end,$num	# rewinded $ap
+	$UCMP	$ap_end,$ap		# done yet?
+	beq	.Lmul4x_proceed
+
+	$LD	$a0,$SIZE_T*1($ap)
+	$LD	$a1,$SIZE_T*2($ap)
+	$LD	$a2,$SIZE_T*3($ap)
+	$LDU	$a3,$SIZE_T*4($ap)
+	$LD	$m0,$SIZE_T*1($np)
+	$LD	$m1,$SIZE_T*2($np)
+	$LD	$m2,$SIZE_T*3($np)
+	$LDU	$m3,$SIZE_T*4($np)
+	b	.Loop_mul4x_1st_tail
+
+.align	5
+.Lmul4x_proceed:
+	$LDU	$bi,$SIZE_T*4($bp)	# *++b
+	addze	$carry,$carry		# topmost carry
+	$LD	$a0,$SIZE_T*1($t1)
+	$LD	$a1,$SIZE_T*2($t1)
+	$LD	$a2,$SIZE_T*3($t1)
+	$LD	$a3,$SIZE_T*4($t1)
+	addi	$ap,$t1,$SIZE_T*4
+	sub	$np,$np,$num		# rewind np
+
+	$ST	$acc0,$SIZE_T*1($tp)	# result
+	$ST	$acc1,$SIZE_T*2($tp)
+	$ST	$acc2,$SIZE_T*3($tp)
+	$ST	$acc3,$SIZE_T*4($tp)
+	$ST	$carry,$SIZE_T*5($tp)	# save topmost carry
+	$LD	$acc0,$SIZE_T*12($sp)	# t[0..3]
+	$LD	$acc1,$SIZE_T*13($sp)
+	$LD	$acc2,$SIZE_T*14($sp)
+	$LD	$acc3,$SIZE_T*15($sp)
+
+	$LD	$m0,$SIZE_T*1($np)	# n[0..3]
+	$LD	$m1,$SIZE_T*2($np)
+	$LD	$m2,$SIZE_T*3($np)
+	$LDU	$m3,$SIZE_T*4($np)
+	addic	$tp,$sp,$SIZE_T*7	# &t[-1], clear carry bit
+	li	$carry,0
+	b	.Loop_mul4x_reduction
+
+.align	5
+.Loop_mul4x_reduction:
+	$UMULL	$t0,$a0,$bi		# lo(a[0..3]*b[4])
+	addze	$carry,$carry		# modulo-scheduled
+	$UMULL	$t1,$a1,$bi
+	addi	$cnt,$cnt,$SIZE_T
+	$UMULL	$t2,$a2,$bi
+	andi.	$cnt,$cnt,$SIZE_T*4-1
+	$UMULL	$t3,$a3,$bi
+	addc	$acc0,$acc0,$t0
+	$UMULH	$t0,$a0,$bi		# hi(a[0..3]*b[4])
+	adde	$acc1,$acc1,$t1
+	$UMULH	$t1,$a1,$bi
+	adde	$acc2,$acc2,$t2
+	$UMULL	$mi,$acc0,$n0		# t[0]*n0
+	adde	$acc3,$acc3,$t3
+	$UMULH	$t2,$a2,$bi
+	addze	$acc4,$zero
+	$UMULH	$t3,$a3,$bi
+	$LDX	$bi,$bp,$cnt		# next b[i]
+	addc	$acc1,$acc1,$t0
+	# (*)	mul	$t0,$m0,$mi
+	$STU	$mi,$SIZE_T($tp)	# put aside t[0]*n0 for tail processing
+	adde	$acc2,$acc2,$t1
+	$UMULL	$t1,$m1,$mi		# lo(n[0..3]*t[0]*n0
+	adde	$acc3,$acc3,$t2
+	$UMULL	$t2,$m2,$mi
+	adde	$acc4,$acc4,$t3		# can't overflow
+	$UMULL	$t3,$m3,$mi
+	# (*)	addc	$acc0,$acc0,$t0
+	addic	$acc0,$acc0,-1		# (*), discarded
+	$UMULH	$t0,$m0,$mi		# hi(n[0..3]*t[0]*n0
+	adde	$acc0,$acc1,$t1
+	$UMULH	$t1,$m1,$mi
+	adde	$acc1,$acc2,$t2
+	$UMULH	$t2,$m2,$mi
+	adde	$acc2,$acc3,$t3
+	$UMULH	$t3,$m3,$mi
+	adde	$acc3,$acc4,$carry
+	addze	$carry,$zero
+	addc	$acc0,$acc0,$t0
+	adde	$acc1,$acc1,$t1
+	adde	$acc2,$acc2,$t2
+	adde	$acc3,$acc3,$t3
+	#addze	$carry,$carry
+	bne	.Loop_mul4x_reduction
+
+	$LD	$t0,$SIZE_T*5($tp)	# t[4..7]
+	addze	$carry,$carry
+	$LD	$t1,$SIZE_T*6($tp)
+	$LD	$t2,$SIZE_T*7($tp)
+	$LD	$t3,$SIZE_T*8($tp)
+	$LD	$a0,$SIZE_T*1($ap)	# a[4..7]
+	$LD	$a1,$SIZE_T*2($ap)
+	$LD	$a2,$SIZE_T*3($ap)
+	$LDU	$a3,$SIZE_T*4($ap)
+	addc	$acc0,$acc0,$t0
+	adde	$acc1,$acc1,$t1
+	adde	$acc2,$acc2,$t2
+	adde	$acc3,$acc3,$t3
+	#addze	$carry,$carry
+
+	$LD	$mi,$SIZE_T*8($sp)	# t[0]*n0
+	$LD	$m0,$SIZE_T*1($np)	# n[4..7]
+	$LD	$m1,$SIZE_T*2($np)
+	$LD	$m2,$SIZE_T*3($np)
+	$LDU	$m3,$SIZE_T*4($np)
+	b	.Loop_mul4x_tail
+
+.align	5
+.Loop_mul4x_tail:
+	$UMULL	$t0,$a0,$bi		# lo(a[4..7]*b[4])
+	addze	$carry,$carry		# modulo-scheduled
+	$UMULL	$t1,$a1,$bi
+	addi	$cnt,$cnt,$SIZE_T
+	$UMULL	$t2,$a2,$bi
+	andi.	$cnt,$cnt,$SIZE_T*4-1
+	$UMULL	$t3,$a3,$bi
+	addc	$acc0,$acc0,$t0
+	$UMULH	$t0,$a0,$bi		# hi(a[4..7]*b[4])
+	adde	$acc1,$acc1,$t1
+	$UMULH	$t1,$a1,$bi
+	adde	$acc2,$acc2,$t2
+	$UMULH	$t2,$a2,$bi
+	adde	$acc3,$acc3,$t3
+	$UMULH	$t3,$a3,$bi
+	addze	$acc4,$zero
+	$LDX	$bi,$bp,$cnt		# next b[i]
+	addc	$acc1,$acc1,$t0
+	$UMULL	$t0,$m0,$mi		# lo(n[4..7]*t[0]*n0)
+	adde	$acc2,$acc2,$t1
+	$UMULL	$t1,$m1,$mi
+	adde	$acc3,$acc3,$t2
+	$UMULL	$t2,$m2,$mi
+	adde	$acc4,$acc4,$t3		# can't overflow
+	$UMULL	$t3,$m3,$mi
+	addc	$acc0,$acc0,$t0
+	$UMULH	$t0,$m0,$mi		# hi(n[4..7]*t[0]*n0)
+	adde	$acc1,$acc1,$t1
+	$UMULH	$t1,$m1,$mi
+	adde	$acc2,$acc2,$t2
+	$UMULH	$t2,$m2,$mi
+	adde	$acc3,$acc3,$t3
+	$UMULH	$t3,$m3,$mi
+	adde	$acc4,$acc4,$carry
+	addi	$mi,$sp,$SIZE_T*8
+	$LDX	$mi,$mi,$cnt		# next a[0]*n0
+	addze	$carry,$zero
+	$STU	$acc0,$SIZE_T($tp)	# word of result
+	addc	$acc0,$acc1,$t0
+	adde	$acc1,$acc2,$t1
+	adde	$acc2,$acc3,$t2
+	adde	$acc3,$acc4,$t3
+	#addze	$carry,$carry
+	bne	.Loop_mul4x_tail
+
+	$LD	$t0,$SIZE_T*5($tp)	# next t[i] or topmost carry
+	sub	$t1,$np,$num		# rewinded np?
+	addze	$carry,$carry
+	$UCMP	$ap_end,$ap		# done yet?
+	beq	.Loop_mul4x_break
+
+	$LD	$t1,$SIZE_T*6($tp)
+	$LD	$t2,$SIZE_T*7($tp)
+	$LD	$t3,$SIZE_T*8($tp)
+	$LD	$a0,$SIZE_T*1($ap)
+	$LD	$a1,$SIZE_T*2($ap)
+	$LD	$a2,$SIZE_T*3($ap)
+	$LDU	$a3,$SIZE_T*4($ap)
+	addc	$acc0,$acc0,$t0
+	adde	$acc1,$acc1,$t1
+	adde	$acc2,$acc2,$t2
+	adde	$acc3,$acc3,$t3
+	#addze	$carry,$carry
+
+	$LD	$m0,$SIZE_T*1($np)	# n[4..7]
+	$LD	$m1,$SIZE_T*2($np)
+	$LD	$m2,$SIZE_T*3($np)
+	$LDU	$m3,$SIZE_T*4($np)
+	b	.Loop_mul4x_tail
+
+.align	5
+.Loop_mul4x_break:
+	$POP	$t2,$SIZE_T*6($sp)	# pull rp and &b[num-4]
+	$POP	$t3,$SIZE_T*7($sp)
+	addc	$a0,$acc0,$t0		# accumulate topmost carry
+	$LD	$acc0,$SIZE_T*12($sp)	# t[0..3]
+	addze	$a1,$acc1
+	$LD	$acc1,$SIZE_T*13($sp)
+	addze	$a2,$acc2
+	$LD	$acc2,$SIZE_T*14($sp)
+	addze	$a3,$acc3
+	$LD	$acc3,$SIZE_T*15($sp)
+	addze	$carry,$carry		# topmost carry
+	$ST	$a0,$SIZE_T*1($tp)	# result
+	sub	$ap,$ap_end,$num	# rewind ap
+	$ST	$a1,$SIZE_T*2($tp)
+	$ST	$a2,$SIZE_T*3($tp)
+	$ST	$a3,$SIZE_T*4($tp)
+	$ST	$carry,$SIZE_T*5($tp)	# store topmost carry
+
+	$LD	$m0,$SIZE_T*1($t1)	# n[0..3]
+	$LD	$m1,$SIZE_T*2($t1)
+	$LD	$m2,$SIZE_T*3($t1)
+	$LD	$m3,$SIZE_T*4($t1)
+	addi	$np,$t1,$SIZE_T*4
+	$UCMP	$bp,$t3			# done yet?
+	beq	.Lmul4x_post
+
+	$LDU	$bi,$SIZE_T*4($bp)
+	$LD	$a0,$SIZE_T*1($ap)	# a[0..3]
+	$LD	$a1,$SIZE_T*2($ap)
+	$LD	$a2,$SIZE_T*3($ap)
+	$LDU	$a3,$SIZE_T*4($ap)
+	li	$carry,0
+	addic	$tp,$sp,$SIZE_T*7	# &t[-1], clear carry bit
+	b	.Loop_mul4x_reduction
+
+.align	5
+.Lmul4x_post:
+	# Final step. We see if result is larger than modulus, and
+	# if it is, subtract the modulus. But comparison implies
+	# subtraction. So we subtract modulus, see if it borrowed,
+	# and conditionally copy original value.
+	srwi	$cnt,$num,`log($SIZE_T)/log(2)+2`
+	mr	$bp,$t2			# &rp[-1]
+	subi	$cnt,$cnt,1
+	mr	$ap_end,$t2		# &rp[-1] copy
+	subfc	$t0,$m0,$acc0
+	addi	$tp,$sp,$SIZE_T*15
+	subfe	$t1,$m1,$acc1
+
+	mtctr	$cnt
+.Lmul4x_sub:
+	$LD	$m0,$SIZE_T*1($np)
+	$LD	$acc0,$SIZE_T*1($tp)
+	subfe	$t2,$m2,$acc2
+	$LD	$m1,$SIZE_T*2($np)
+	$LD	$acc1,$SIZE_T*2($tp)
+	subfe	$t3,$m3,$acc3
+	$LD	$m2,$SIZE_T*3($np)
+	$LD	$acc2,$SIZE_T*3($tp)
+	$LDU	$m3,$SIZE_T*4($np)
+	$LDU	$acc3,$SIZE_T*4($tp)
+	$ST	$t0,$SIZE_T*1($bp)
+	$ST	$t1,$SIZE_T*2($bp)
+	subfe	$t0,$m0,$acc0
+	$ST	$t2,$SIZE_T*3($bp)
+	$STU	$t3,$SIZE_T*4($bp)
+	subfe	$t1,$m1,$acc1
+	bdnz	.Lmul4x_sub
+
+	 $LD	$a0,$SIZE_T*1($ap_end)
+	$ST	$t0,$SIZE_T*1($bp)
+	 $LD	$t0,$SIZE_T*12($sp)
+	subfe	$t2,$m2,$acc2
+	 $LD	$a1,$SIZE_T*2($ap_end)
+	$ST	$t1,$SIZE_T*2($bp)
+	 $LD	$t1,$SIZE_T*13($sp)
+	subfe	$t3,$m3,$acc3
+	subfe	$carry,$zero,$carry	# did it borrow?
+	 addi	$tp,$sp,$SIZE_T*12
+	 $LD	$a2,$SIZE_T*3($ap_end)
+	$ST	$t2,$SIZE_T*3($bp)
+	 $LD	$t2,$SIZE_T*14($sp)
+	 $LD	$a3,$SIZE_T*4($ap_end)
+	$ST	$t3,$SIZE_T*4($bp)
+	 $LD	$t3,$SIZE_T*15($sp)
+
+	mtctr	$cnt
+.Lmul4x_cond_copy:
+	and	$t0,$t0,$carry
+	andc	$a0,$a0,$carry
+	$ST	$zero,$SIZE_T*0($tp)	# wipe stack clean
+	and	$t1,$t1,$carry
+	andc	$a1,$a1,$carry
+	$ST	$zero,$SIZE_T*1($tp)
+	and	$t2,$t2,$carry
+	andc	$a2,$a2,$carry
+	$ST	$zero,$SIZE_T*2($tp)
+	and	$t3,$t3,$carry
+	andc	$a3,$a3,$carry
+	$ST	$zero,$SIZE_T*3($tp)
+	or	$acc0,$t0,$a0
+	$LD	$a0,$SIZE_T*5($ap_end)
+	$LD	$t0,$SIZE_T*4($tp)
+	or	$acc1,$t1,$a1
+	$LD	$a1,$SIZE_T*6($ap_end)
+	$LD	$t1,$SIZE_T*5($tp)
+	or	$acc2,$t2,$a2
+	$LD	$a2,$SIZE_T*7($ap_end)
+	$LD	$t2,$SIZE_T*6($tp)
+	or	$acc3,$t3,$a3
+	$LD	$a3,$SIZE_T*8($ap_end)
+	$LD	$t3,$SIZE_T*7($tp)
+	addi	$tp,$tp,$SIZE_T*4
+	$ST	$acc0,$SIZE_T*1($ap_end)
+	$ST	$acc1,$SIZE_T*2($ap_end)
+	$ST	$acc2,$SIZE_T*3($ap_end)
+	$STU	$acc3,$SIZE_T*4($ap_end)
+	bdnz	.Lmul4x_cond_copy
+
+	$POP	$bp,0($sp)		# pull saved sp
+	and	$t0,$t0,$carry
+	andc	$a0,$a0,$carry
+	$ST	$zero,$SIZE_T*0($tp)
+	and	$t1,$t1,$carry
+	andc	$a1,$a1,$carry
+	$ST	$zero,$SIZE_T*1($tp)
+	and	$t2,$t2,$carry
+	andc	$a2,$a2,$carry
+	$ST	$zero,$SIZE_T*2($tp)
+	and	$t3,$t3,$carry
+	andc	$a3,$a3,$carry
+	$ST	$zero,$SIZE_T*3($tp)
+	or	$acc0,$t0,$a0
+	or	$acc1,$t1,$a1
+	$ST	$zero,$SIZE_T*4($tp)
+	or	$acc2,$t2,$a2
+	or	$acc3,$t3,$a3
+	$ST	$acc0,$SIZE_T*1($ap_end)
+	$ST	$acc1,$SIZE_T*2($ap_end)
+	$ST	$acc2,$SIZE_T*3($ap_end)
+	$ST	$acc3,$SIZE_T*4($ap_end)
+
+	b	.Lmul4x_done
+
+.align	4
+.Lmul4x4_post_condition:
+	$POP	$ap,$SIZE_T*6($sp)	# pull &rp[-1]
+	$POP	$bp,0($sp)		# pull saved sp
+	addze	$carry,$carry		# modulo-scheduled
+	# $acc0-3,$carry hold result, $m0-3 hold modulus
+	subfc	$a0,$m0,$acc0
+	subfe	$a1,$m1,$acc1
+	subfe	$a2,$m2,$acc2
+	subfe	$a3,$m3,$acc3
+	subfe	$carry,$zero,$carry	# did it borrow?
+
+	and	$m0,$m0,$carry
+	and	$m1,$m1,$carry
+	addc	$a0,$a0,$m0
+	and	$m2,$m2,$carry
+	adde	$a1,$a1,$m1
+	and	$m3,$m3,$carry
+	adde	$a2,$a2,$m2
+	adde	$a3,$a3,$m3
+
+	$ST	$a0,$SIZE_T*1($ap)	# write result
+	$ST	$a1,$SIZE_T*2($ap)
+	$ST	$a2,$SIZE_T*3($ap)
+	$ST	$a3,$SIZE_T*4($ap)
+
+.Lmul4x_done:
+	$ST	$zero,$SIZE_T*8($sp)	# wipe stack clean
+	$ST	$zero,$SIZE_T*9($sp)
+	$ST	$zero,$SIZE_T*10($sp)
+	$ST	$zero,$SIZE_T*11($sp)
+	li	r3,1			# signal "done"
+	$POP	r14,-$SIZE_T*18($bp)
+	$POP	r15,-$SIZE_T*17($bp)
+	$POP	r16,-$SIZE_T*16($bp)
+	$POP	r17,-$SIZE_T*15($bp)
+	$POP	r18,-$SIZE_T*14($bp)
+	$POP	r19,-$SIZE_T*13($bp)
+	$POP	r20,-$SIZE_T*12($bp)
+	$POP	r21,-$SIZE_T*11($bp)
+	$POP	r22,-$SIZE_T*10($bp)
+	$POP	r23,-$SIZE_T*9($bp)
+	$POP	r24,-$SIZE_T*8($bp)
+	$POP	r25,-$SIZE_T*7($bp)
+	$POP	r26,-$SIZE_T*6($bp)
+	$POP	r27,-$SIZE_T*5($bp)
+	$POP	r28,-$SIZE_T*4($bp)
+	$POP	r29,-$SIZE_T*3($bp)
+	$POP	r30,-$SIZE_T*2($bp)
+	$POP	r31,-$SIZE_T*1($bp)
+	mr	$sp,$bp
+	blr
+	.long	0
+	.byte	0,12,4,0x20,0x80,18,6,0
+	.long	0
+.size	.bn_mul4x_mont_int,.-.bn_mul4x_mont_int
+___
+}
+
+if (1) {
+########################################################################
+# Following is PPC adaptation of sqrx8x_mont from x86_64-mont5 module.
+
+my ($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("r$_",(9..12,14..17));
+my ($t0,$t1,$t2,$t3)=map("r$_",(18..21));
+my ($acc0,$acc1,$acc2,$acc3,$acc4,$acc5,$acc6,$acc7)=map("r$_",(22..29));
+my ($cnt,$carry,$zero)=("r30","r31","r0");
+my ($tp,$ap_end,$na0)=($bp,$np,$carry);
+
+# sp----------->+-------------------------------+
+#		| saved sp			|
+#		+-------------------------------+
+#		.				.
+# +12*size_t	+-------------------------------+
+#		| size_t tmp[2*num]		|
+#		.				.
+#		.				.
+#		.				.
+#		+-------------------------------+
+#		.				.
+# -18*size_t	+-------------------------------+
+#		| 18 saved gpr, r14-r31		|
+#		.				.
+#		.				.
+#		+-------------------------------+
+$code.=<<___;
+.align	5
+__bn_sqr8x_mont:
+.Lsqr8x_do:
+	mr	$a0,$sp
+	slwi	$a1,$num,`log($SIZE_T)/log(2)+1`
+	li	$a2,-32*$SIZE_T
+	sub	$a1,$a2,$a1
+	slwi	$num,$num,`log($SIZE_T)/log(2)`
+	$STUX	$sp,$sp,$a1		# alloca
+
+	$PUSH	r14,-$SIZE_T*18($a0)
+	$PUSH	r15,-$SIZE_T*17($a0)
+	$PUSH	r16,-$SIZE_T*16($a0)
+	$PUSH	r17,-$SIZE_T*15($a0)
+	$PUSH	r18,-$SIZE_T*14($a0)
+	$PUSH	r19,-$SIZE_T*13($a0)
+	$PUSH	r20,-$SIZE_T*12($a0)
+	$PUSH	r21,-$SIZE_T*11($a0)
+	$PUSH	r22,-$SIZE_T*10($a0)
+	$PUSH	r23,-$SIZE_T*9($a0)
+	$PUSH	r24,-$SIZE_T*8($a0)
+	$PUSH	r25,-$SIZE_T*7($a0)
+	$PUSH	r26,-$SIZE_T*6($a0)
+	$PUSH	r27,-$SIZE_T*5($a0)
+	$PUSH	r28,-$SIZE_T*4($a0)
+	$PUSH	r29,-$SIZE_T*3($a0)
+	$PUSH	r30,-$SIZE_T*2($a0)
+	$PUSH	r31,-$SIZE_T*1($a0)
 
+	subi	$ap,$ap,$SIZE_T		# bias by -1
+	subi	$t0,$np,$SIZE_T		# bias by -1
+	subi	$rp,$rp,$SIZE_T		# bias by -1
+	$LD	$n0,0($n0)		# *n0
+	li	$zero,0
+
+	add	$ap_end,$ap,$num
+	$LD	$a0,$SIZE_T*1($ap)
+	#li	$acc0,0
+	$LD	$a1,$SIZE_T*2($ap)
+	li	$acc1,0
+	$LD	$a2,$SIZE_T*3($ap)
+	li	$acc2,0
+	$LD	$a3,$SIZE_T*4($ap)
+	li	$acc3,0
+	$LD	$a4,$SIZE_T*5($ap)
+	li	$acc4,0
+	$LD	$a5,$SIZE_T*6($ap)
+	li	$acc5,0
+	$LD	$a6,$SIZE_T*7($ap)
+	li	$acc6,0
+	$LDU	$a7,$SIZE_T*8($ap)
+	li	$acc7,0
+
+	addi	$tp,$sp,$SIZE_T*11	# &tp[-1]
+	subic.	$cnt,$num,$SIZE_T*8
+	b	.Lsqr8x_zero_start
+
+.align	5
+.Lsqr8x_zero:
+	subic.	$cnt,$cnt,$SIZE_T*8
+	$ST	$zero,$SIZE_T*1($tp)
+	$ST	$zero,$SIZE_T*2($tp)
+	$ST	$zero,$SIZE_T*3($tp)
+	$ST	$zero,$SIZE_T*4($tp)
+	$ST	$zero,$SIZE_T*5($tp)
+	$ST	$zero,$SIZE_T*6($tp)
+	$ST	$zero,$SIZE_T*7($tp)
+	$ST	$zero,$SIZE_T*8($tp)
+.Lsqr8x_zero_start:
+	$ST	$zero,$SIZE_T*9($tp)
+	$ST	$zero,$SIZE_T*10($tp)
+	$ST	$zero,$SIZE_T*11($tp)
+	$ST	$zero,$SIZE_T*12($tp)
+	$ST	$zero,$SIZE_T*13($tp)
+	$ST	$zero,$SIZE_T*14($tp)
+	$ST	$zero,$SIZE_T*15($tp)
+	$STU	$zero,$SIZE_T*16($tp)
+	bne	.Lsqr8x_zero
+
+	$PUSH	$rp,$SIZE_T*6($sp)	# offload &rp[-1]
+	$PUSH	$t0,$SIZE_T*7($sp)	# offload &np[-1]
+	$PUSH	$n0,$SIZE_T*8($sp)	# offload n0
+	$PUSH	$tp,$SIZE_T*9($sp)	# &tp[2*num-1]
+	$PUSH	$zero,$SIZE_T*10($sp)	# initial top-most carry
+	addi	$tp,$sp,$SIZE_T*11	# &tp[-1]
+
+	# Multiply everything but a[i]*a[i]
+.align	5
+.Lsqr8x_outer_loop:
+	#						  a[1]a[0]     (i)
+	#					      a[2]a[0]
+	#					  a[3]a[0]
+	#				      a[4]a[0]
+	#				  a[5]a[0]
+	#			      a[6]a[0]
+	#			  a[7]a[0]
+	#					  a[2]a[1]	       (ii)
+	#				      a[3]a[1]
+	#				  a[4]a[1]
+	#			      a[5]a[1]
+	#			  a[6]a[1]
+	#		      a[7]a[1]
+	#				  a[3]a[2]		       (iii)
+	#			      a[4]a[2]
+	#			  a[5]a[2]
+	#		      a[6]a[2]
+	#		  a[7]a[2]
+	#			  a[4]a[3]			       (iv)
+	#		      a[5]a[3]
+	#		  a[6]a[3]
+	#	      a[7]a[3]
+	#		  a[5]a[4]				       (v)
+	#	      a[6]a[4]
+	#	  a[7]a[4]
+	#	  a[6]a[5]					       (vi)
+	#     a[7]a[5]
+	# a[7]a[6]						       (vii)
+
+	$UMULL	$t0,$a1,$a0		# lo(a[1..7]*a[0])		(i)
+	$UMULL	$t1,$a2,$a0
+	$UMULL	$t2,$a3,$a0
+	$UMULL	$t3,$a4,$a0
+	addc	$acc1,$acc1,$t0		# t[1]+lo(a[1]*a[0])
+	$UMULL	$t0,$a5,$a0
+	adde	$acc2,$acc2,$t1
+	$UMULL	$t1,$a6,$a0
+	adde	$acc3,$acc3,$t2
+	$UMULL	$t2,$a7,$a0
+	adde	$acc4,$acc4,$t3
+	$UMULH	$t3,$a1,$a0		# hi(a[1..7]*a[0])
+	adde	$acc5,$acc5,$t0
+	$UMULH	$t0,$a2,$a0
+	adde	$acc6,$acc6,$t1
+	$UMULH	$t1,$a3,$a0
+	adde	$acc7,$acc7,$t2
+	$UMULH	$t2,$a4,$a0
+	$ST	$acc0,$SIZE_T*1($tp)	# t[0]
+	addze	$acc0,$zero		# t[8]
+	$ST	$acc1,$SIZE_T*2($tp)	# t[1]
+	addc	$acc2,$acc2,$t3		# t[2]+lo(a[1]*a[0])
+	$UMULH	$t3,$a5,$a0
+	adde	$acc3,$acc3,$t0
+	$UMULH	$t0,$a6,$a0
+	adde	$acc4,$acc4,$t1
+	$UMULH	$t1,$a7,$a0
+	adde	$acc5,$acc5,$t2
+	 $UMULL	$t2,$a2,$a1		# lo(a[2..7]*a[1])		(ii)
+	adde	$acc6,$acc6,$t3
+	 $UMULL	$t3,$a3,$a1
+	adde	$acc7,$acc7,$t0
+	 $UMULL	$t0,$a4,$a1
+	adde	$acc0,$acc0,$t1
+
+	$UMULL	$t1,$a5,$a1
+	addc	$acc3,$acc3,$t2
+	$UMULL	$t2,$a6,$a1
+	adde	$acc4,$acc4,$t3
+	$UMULL	$t3,$a7,$a1
+	adde	$acc5,$acc5,$t0
+	$UMULH	$t0,$a2,$a1		# hi(a[2..7]*a[1])
+	adde	$acc6,$acc6,$t1
+	$UMULH	$t1,$a3,$a1
+	adde	$acc7,$acc7,$t2
+	$UMULH	$t2,$a4,$a1
+	adde	$acc0,$acc0,$t3
+	$UMULH	$t3,$a5,$a1
+	$ST	$acc2,$SIZE_T*3($tp)	# t[2]
+	addze	$acc1,$zero		# t[9]
+	$ST	$acc3,$SIZE_T*4($tp)	# t[3]
+	addc	$acc4,$acc4,$t0
+	$UMULH	$t0,$a6,$a1
+	adde	$acc5,$acc5,$t1
+	$UMULH	$t1,$a7,$a1
+	adde	$acc6,$acc6,$t2
+	 $UMULL	$t2,$a3,$a2		# lo(a[3..7]*a[2])		(iii)
+	adde	$acc7,$acc7,$t3
+	 $UMULL	$t3,$a4,$a2
+	adde	$acc0,$acc0,$t0
+	 $UMULL	$t0,$a5,$a2
+	adde	$acc1,$acc1,$t1
+
+	$UMULL	$t1,$a6,$a2
+	addc	$acc5,$acc5,$t2
+	$UMULL	$t2,$a7,$a2
+	adde	$acc6,$acc6,$t3
+	$UMULH	$t3,$a3,$a2		# hi(a[3..7]*a[2])
+	adde	$acc7,$acc7,$t0
+	$UMULH	$t0,$a4,$a2
+	adde	$acc0,$acc0,$t1
+	$UMULH	$t1,$a5,$a2
+	adde	$acc1,$acc1,$t2
+	$UMULH	$t2,$a6,$a2
+	$ST	$acc4,$SIZE_T*5($tp)	# t[4]
+	addze	$acc2,$zero		# t[10]
+	$ST	$acc5,$SIZE_T*6($tp)	# t[5]
+	addc	$acc6,$acc6,$t3
+	$UMULH	$t3,$a7,$a2
+	adde	$acc7,$acc7,$t0
+	 $UMULL	$t0,$a4,$a3		# lo(a[4..7]*a[3])		(iv)
+	adde	$acc0,$acc0,$t1
+	 $UMULL	$t1,$a5,$a3
+	adde	$acc1,$acc1,$t2
+	 $UMULL	$t2,$a6,$a3
+	adde	$acc2,$acc2,$t3
+
+	$UMULL	$t3,$a7,$a3
+	addc	$acc7,$acc7,$t0
+	$UMULH	$t0,$a4,$a3		# hi(a[4..7]*a[3])
+	adde	$acc0,$acc0,$t1
+	$UMULH	$t1,$a5,$a3
+	adde	$acc1,$acc1,$t2
+	$UMULH	$t2,$a6,$a3
+	adde	$acc2,$acc2,$t3
+	$UMULH	$t3,$a7,$a3
+	$ST	$acc6,$SIZE_T*7($tp)	# t[6]
+	addze	$acc3,$zero		# t[11]
+	$STU	$acc7,$SIZE_T*8($tp)	# t[7]
+	addc	$acc0,$acc0,$t0
+	 $UMULL	$t0,$a5,$a4		# lo(a[5..7]*a[4])		(v)
+	adde	$acc1,$acc1,$t1
+	 $UMULL	$t1,$a6,$a4
+	adde	$acc2,$acc2,$t2
+	 $UMULL	$t2,$a7,$a4
+	adde	$acc3,$acc3,$t3
+
+	$UMULH	$t3,$a5,$a4		# hi(a[5..7]*a[4])
+	addc	$acc1,$acc1,$t0
+	$UMULH	$t0,$a6,$a4
+	adde	$acc2,$acc2,$t1
+	$UMULH	$t1,$a7,$a4
+	adde	$acc3,$acc3,$t2
+	 $UMULL	$t2,$a6,$a5		# lo(a[6..7]*a[5])		(vi)
+	addze	$acc4,$zero		# t[12]
+	addc	$acc2,$acc2,$t3
+	 $UMULL	$t3,$a7,$a5
+	adde	$acc3,$acc3,$t0
+	 $UMULH	$t0,$a6,$a5		# hi(a[6..7]*a[5])
+	adde	$acc4,$acc4,$t1
+
+	$UMULH	$t1,$a7,$a5
+	addc	$acc3,$acc3,$t2
+	 $UMULL	$t2,$a7,$a6		# lo(a[7]*a[6])			(vii)
+	adde	$acc4,$acc4,$t3
+	 $UMULH	$t3,$a7,$a6		# hi(a[7]*a[6])
+	addze	$acc5,$zero		# t[13]
+	addc	$acc4,$acc4,$t0
+	$UCMP	$ap_end,$ap		# done yet?
+	adde	$acc5,$acc5,$t1
+
+	addc	$acc5,$acc5,$t2
+	sub	$t0,$ap_end,$num	# rewinded ap
+	addze	$acc6,$zero		# t[14]
+	add	$acc6,$acc6,$t3
+
+	beq	.Lsqr8x_outer_break
+
+	mr	$n0,$a0
+	$LD	$a0,$SIZE_T*1($tp)
+	$LD	$a1,$SIZE_T*2($tp)
+	$LD	$a2,$SIZE_T*3($tp)
+	$LD	$a3,$SIZE_T*4($tp)
+	$LD	$a4,$SIZE_T*5($tp)
+	$LD	$a5,$SIZE_T*6($tp)
+	$LD	$a6,$SIZE_T*7($tp)
+	$LD	$a7,$SIZE_T*8($tp)
+	addc	$acc0,$acc0,$a0
+	$LD	$a0,$SIZE_T*1($ap)
+	adde	$acc1,$acc1,$a1
+	$LD	$a1,$SIZE_T*2($ap)
+	adde	$acc2,$acc2,$a2
+	$LD	$a2,$SIZE_T*3($ap)
+	adde	$acc3,$acc3,$a3
+	$LD	$a3,$SIZE_T*4($ap)
+	adde	$acc4,$acc4,$a4
+	$LD	$a4,$SIZE_T*5($ap)
+	adde	$acc5,$acc5,$a5
+	$LD	$a5,$SIZE_T*6($ap)
+	adde	$acc6,$acc6,$a6
+	$LD	$a6,$SIZE_T*7($ap)
+	subi	$rp,$ap,$SIZE_T*7
+	addze	$acc7,$a7
+	$LDU	$a7,$SIZE_T*8($ap)
+	#addze	$carry,$zero		# moved below
+	li	$cnt,0
+	b	.Lsqr8x_mul
+
+	#                                                          a[8]a[0]
+	#                                                      a[9]a[0]
+	#                                                  a[a]a[0]
+	#                                              a[b]a[0]
+	#                                          a[c]a[0]
+	#                                      a[d]a[0]
+	#                                  a[e]a[0]
+	#                              a[f]a[0]
+	#                                                      a[8]a[1]
+	#                          a[f]a[1]........................
+	#                                                  a[8]a[2]
+	#                      a[f]a[2]........................
+	#                                              a[8]a[3]
+	#                  a[f]a[3]........................
+	#                                          a[8]a[4]
+	#              a[f]a[4]........................
+	#                                      a[8]a[5]
+	#          a[f]a[5]........................
+	#                                  a[8]a[6]
+	#      a[f]a[6]........................
+	#                              a[8]a[7]
+	#  a[f]a[7]........................
+.align	5
+.Lsqr8x_mul:
+	$UMULL	$t0,$a0,$n0
+	addze	$carry,$zero		# carry bit, modulo-scheduled
+	$UMULL	$t1,$a1,$n0
+	addi	$cnt,$cnt,$SIZE_T
+	$UMULL	$t2,$a2,$n0
+	andi.	$cnt,$cnt,$SIZE_T*8-1
+	$UMULL	$t3,$a3,$n0
+	addc	$acc0,$acc0,$t0
+	$UMULL	$t0,$a4,$n0
+	adde	$acc1,$acc1,$t1
+	$UMULL	$t1,$a5,$n0
+	adde	$acc2,$acc2,$t2
+	$UMULL	$t2,$a6,$n0
+	adde	$acc3,$acc3,$t3
+	$UMULL	$t3,$a7,$n0
+	adde	$acc4,$acc4,$t0
+	$UMULH	$t0,$a0,$n0
+	adde	$acc5,$acc5,$t1
+	$UMULH	$t1,$a1,$n0
+	adde	$acc6,$acc6,$t2
+	$UMULH	$t2,$a2,$n0
+	adde	$acc7,$acc7,$t3
+	$UMULH	$t3,$a3,$n0
+	addze	$carry,$carry
+	$STU	$acc0,$SIZE_T($tp)
+	addc	$acc0,$acc1,$t0
+	$UMULH	$t0,$a4,$n0
+	adde	$acc1,$acc2,$t1
+	$UMULH	$t1,$a5,$n0
+	adde	$acc2,$acc3,$t2
+	$UMULH	$t2,$a6,$n0
+	adde	$acc3,$acc4,$t3
+	$UMULH	$t3,$a7,$n0
+	$LDX	$n0,$rp,$cnt
+	adde	$acc4,$acc5,$t0
+	adde	$acc5,$acc6,$t1
+	adde	$acc6,$acc7,$t2
+	adde	$acc7,$carry,$t3
+	#addze	$carry,$zero		# moved above
+	bne	.Lsqr8x_mul
+					# note that carry flag is guaranteed
+					# to be zero at this point
+	$UCMP	$ap,$ap_end		# done yet?
+	beq	.Lsqr8x_break
+
+	$LD	$a0,$SIZE_T*1($tp)
+	$LD	$a1,$SIZE_T*2($tp)
+	$LD	$a2,$SIZE_T*3($tp)
+	$LD	$a3,$SIZE_T*4($tp)
+	$LD	$a4,$SIZE_T*5($tp)
+	$LD	$a5,$SIZE_T*6($tp)
+	$LD	$a6,$SIZE_T*7($tp)
+	$LD	$a7,$SIZE_T*8($tp)
+	addc	$acc0,$acc0,$a0
+	$LD	$a0,$SIZE_T*1($ap)
+	adde	$acc1,$acc1,$a1
+	$LD	$a1,$SIZE_T*2($ap)
+	adde	$acc2,$acc2,$a2
+	$LD	$a2,$SIZE_T*3($ap)
+	adde	$acc3,$acc3,$a3
+	$LD	$a3,$SIZE_T*4($ap)
+	adde	$acc4,$acc4,$a4
+	$LD	$a4,$SIZE_T*5($ap)
+	adde	$acc5,$acc5,$a5
+	$LD	$a5,$SIZE_T*6($ap)
+	adde	$acc6,$acc6,$a6
+	$LD	$a6,$SIZE_T*7($ap)
+	adde	$acc7,$acc7,$a7
+	$LDU	$a7,$SIZE_T*8($ap)
+	#addze	$carry,$zero		# moved above
+	b	.Lsqr8x_mul
+
+.align	5
+.Lsqr8x_break:
+	$LD	$a0,$SIZE_T*8($rp)
+	addi	$ap,$rp,$SIZE_T*15
+	$LD	$a1,$SIZE_T*9($rp)
+	sub.	$t0,$ap_end,$ap		# is it last iteration?
+	$LD	$a2,$SIZE_T*10($rp)
+	sub	$t1,$tp,$t0
+	$LD	$a3,$SIZE_T*11($rp)
+	$LD	$a4,$SIZE_T*12($rp)
+	$LD	$a5,$SIZE_T*13($rp)
+	$LD	$a6,$SIZE_T*14($rp)
+	$LD	$a7,$SIZE_T*15($rp)
+	beq	.Lsqr8x_outer_loop
+
+	$ST	$acc0,$SIZE_T*1($tp)
+	$LD	$acc0,$SIZE_T*1($t1)
+	$ST	$acc1,$SIZE_T*2($tp)
+	$LD	$acc1,$SIZE_T*2($t1)
+	$ST	$acc2,$SIZE_T*3($tp)
+	$LD	$acc2,$SIZE_T*3($t1)
+	$ST	$acc3,$SIZE_T*4($tp)
+	$LD	$acc3,$SIZE_T*4($t1)
+	$ST	$acc4,$SIZE_T*5($tp)
+	$LD	$acc4,$SIZE_T*5($t1)
+	$ST	$acc5,$SIZE_T*6($tp)
+	$LD	$acc5,$SIZE_T*6($t1)
+	$ST	$acc6,$SIZE_T*7($tp)
+	$LD	$acc6,$SIZE_T*7($t1)
+	$ST	$acc7,$SIZE_T*8($tp)
+	$LD	$acc7,$SIZE_T*8($t1)
+	mr	$tp,$t1
+	b	.Lsqr8x_outer_loop
+
+.align	5
+.Lsqr8x_outer_break:
+	####################################################################
+	# Now multiply above result by 2 and add a[n-1]*a[n-1]|...|a[0]*a[0]
+	$LD	$a1,$SIZE_T*1($t0)	# recall that $t0 is &a[-1]
+	$LD	$a3,$SIZE_T*2($t0)
+	$LD	$a5,$SIZE_T*3($t0)
+	$LD	$a7,$SIZE_T*4($t0)
+	addi	$ap,$t0,$SIZE_T*4
+					# "tp[x]" comments are for num==8 case
+	$LD	$t1,$SIZE_T*13($sp)	# =tp[1], t[0] is not interesting
+	$LD	$t2,$SIZE_T*14($sp)
+	$LD	$t3,$SIZE_T*15($sp)
+	$LD	$t0,$SIZE_T*16($sp)
+
+	$ST	$acc0,$SIZE_T*1($tp)	# tp[8]=
+	srwi	$cnt,$num,`log($SIZE_T)/log(2)+2`
+	$ST	$acc1,$SIZE_T*2($tp)
+	subi	$cnt,$cnt,1
+	$ST	$acc2,$SIZE_T*3($tp)
+	$ST	$acc3,$SIZE_T*4($tp)
+	$ST	$acc4,$SIZE_T*5($tp)
+	$ST	$acc5,$SIZE_T*6($tp)
+	$ST	$acc6,$SIZE_T*7($tp)
+	#$ST	$acc7,$SIZE_T*8($tp)	# tp[15] is not interesting
+	addi	$tp,$sp,$SIZE_T*11	# &tp[-1]
+	$UMULL	$acc0,$a1,$a1
+	$UMULH	$a1,$a1,$a1
+	add	$acc1,$t1,$t1		# <<1
+	$SHRI	$t1,$t1,$BITS-1
+	$UMULL	$a2,$a3,$a3
+	$UMULH	$a3,$a3,$a3
+	addc	$acc1,$acc1,$a1
+	add	$acc2,$t2,$t2
+	$SHRI	$t2,$t2,$BITS-1
+	add	$acc3,$t3,$t3
+	$SHRI	$t3,$t3,$BITS-1
+	or	$acc2,$acc2,$t1
+
+	mtctr	$cnt
+.Lsqr4x_shift_n_add:
+	$UMULL	$a4,$a5,$a5
+	$UMULH	$a5,$a5,$a5
+	$LD	$t1,$SIZE_T*6($tp)	# =tp[5]
+	$LD	$a1,$SIZE_T*1($ap)
+	adde	$acc2,$acc2,$a2
+	add	$acc4,$t0,$t0
+	$SHRI	$t0,$t0,$BITS-1
+	or	$acc3,$acc3,$t2
+	$LD	$t2,$SIZE_T*7($tp)	# =tp[6]
+	adde	$acc3,$acc3,$a3
+	$LD	$a3,$SIZE_T*2($ap)
+	add	$acc5,$t1,$t1
+	$SHRI	$t1,$t1,$BITS-1
+	or	$acc4,$acc4,$t3
+	$LD	$t3,$SIZE_T*8($tp)	# =tp[7]
+	$UMULL	$a6,$a7,$a7
+	$UMULH	$a7,$a7,$a7
+	adde	$acc4,$acc4,$a4
+	add	$acc6,$t2,$t2
+	$SHRI	$t2,$t2,$BITS-1
+	or	$acc5,$acc5,$t0
+	$LD	$t0,$SIZE_T*9($tp)	# =tp[8]
+	adde	$acc5,$acc5,$a5
+	$LD	$a5,$SIZE_T*3($ap)
+	add	$acc7,$t3,$t3
+	$SHRI	$t3,$t3,$BITS-1
+	or	$acc6,$acc6,$t1
+	$LD	$t1,$SIZE_T*10($tp)	# =tp[9]
+	$UMULL	$a0,$a1,$a1
+	$UMULH	$a1,$a1,$a1
+	adde	$acc6,$acc6,$a6
+	$ST	$acc0,$SIZE_T*1($tp)	# tp[0]=
+	add	$acc0,$t0,$t0
+	$SHRI	$t0,$t0,$BITS-1
+	or	$acc7,$acc7,$t2
+	$LD	$t2,$SIZE_T*11($tp)	# =tp[10]
+	adde	$acc7,$acc7,$a7
+	$LDU	$a7,$SIZE_T*4($ap)
+	$ST	$acc1,$SIZE_T*2($tp)	# tp[1]=
+	add	$acc1,$t1,$t1
+	$SHRI	$t1,$t1,$BITS-1
+	or	$acc0,$acc0,$t3
+	$LD	$t3,$SIZE_T*12($tp)	# =tp[11]
+	$UMULL	$a2,$a3,$a3
+	$UMULH	$a3,$a3,$a3
+	adde	$acc0,$acc0,$a0
+	$ST	$acc2,$SIZE_T*3($tp)	# tp[2]=
+	add	$acc2,$t2,$t2
+	$SHRI	$t2,$t2,$BITS-1
+	or	$acc1,$acc1,$t0
+	$LD	$t0,$SIZE_T*13($tp)	# =tp[12]
+	adde	$acc1,$acc1,$a1
+	$ST	$acc3,$SIZE_T*4($tp)	# tp[3]=
+	$ST	$acc4,$SIZE_T*5($tp)	# tp[4]=
+	$ST	$acc5,$SIZE_T*6($tp)	# tp[5]=
+	$ST	$acc6,$SIZE_T*7($tp)	# tp[6]=
+	$STU	$acc7,$SIZE_T*8($tp)	# tp[7]=
+	add	$acc3,$t3,$t3
+	$SHRI	$t3,$t3,$BITS-1
+	or	$acc2,$acc2,$t1
+	bdnz	.Lsqr4x_shift_n_add
+___
+my ($np,$np_end)=($ap,$ap_end);
+$code.=<<___;
+	 $POP	$np,$SIZE_T*7($sp)	# pull &np[-1] and n0
+	 $POP	$n0,$SIZE_T*8($sp)
+
+	$UMULL	$a4,$a5,$a5
+	$UMULH	$a5,$a5,$a5
+	$ST	$acc0,$SIZE_T*1($tp)	# tp[8]=
+	 $LD	$acc0,$SIZE_T*12($sp)	# =tp[0]
+	$LD	$t1,$SIZE_T*6($tp)	# =tp[13]
+	adde	$acc2,$acc2,$a2
+	add	$acc4,$t0,$t0
+	$SHRI	$t0,$t0,$BITS-1
+	or	$acc3,$acc3,$t2
+	$LD	$t2,$SIZE_T*7($tp)	# =tp[14]
+	adde	$acc3,$acc3,$a3
+	add	$acc5,$t1,$t1
+	$SHRI	$t1,$t1,$BITS-1
+	or	$acc4,$acc4,$t3
+	$UMULL	$a6,$a7,$a7
+	$UMULH	$a7,$a7,$a7
+	adde	$acc4,$acc4,$a4
+	add	$acc6,$t2,$t2
+	$SHRI	$t2,$t2,$BITS-1
+	or	$acc5,$acc5,$t0
+	$ST	$acc1,$SIZE_T*2($tp)	# tp[9]=
+	 $LD	$acc1,$SIZE_T*13($sp)	# =tp[1]
+	adde	$acc5,$acc5,$a5
+	or	$acc6,$acc6,$t1
+	 $LD	$a0,$SIZE_T*1($np)
+	 $LD	$a1,$SIZE_T*2($np)
+	adde	$acc6,$acc6,$a6
+	 $LD	$a2,$SIZE_T*3($np)
+	 $LD	$a3,$SIZE_T*4($np)
+	adde	$acc7,$a7,$t2
+	 $LD	$a4,$SIZE_T*5($np)
+	 $LD	$a5,$SIZE_T*6($np)
+
+	################################################################
+	# Reduce by 8 limbs per iteration
+	$UMULL	$na0,$n0,$acc0		# t[0]*n0
+	li	$cnt,8
+	$LD	$a6,$SIZE_T*7($np)
+	add	$np_end,$np,$num
+	$LDU	$a7,$SIZE_T*8($np)
+	$ST	$acc2,$SIZE_T*3($tp)	# tp[10]=
+	$LD	$acc2,$SIZE_T*14($sp)
+	$ST	$acc3,$SIZE_T*4($tp)	# tp[11]=
+	$LD	$acc3,$SIZE_T*15($sp)
+	$ST	$acc4,$SIZE_T*5($tp)	# tp[12]=
+	$LD	$acc4,$SIZE_T*16($sp)
+	$ST	$acc5,$SIZE_T*6($tp)	# tp[13]=
+	$LD	$acc5,$SIZE_T*17($sp)
+	$ST	$acc6,$SIZE_T*7($tp)	# tp[14]=
+	$LD	$acc6,$SIZE_T*18($sp)
+	$ST	$acc7,$SIZE_T*8($tp)	# tp[15]=
+	$LD	$acc7,$SIZE_T*19($sp)
+	addi	$tp,$sp,$SIZE_T*11	# &tp[-1]
+	mtctr	$cnt
+	b	.Lsqr8x_reduction
+
+.align	5
+.Lsqr8x_reduction:
+	# (*)	$UMULL	$t0,$a0,$na0	# lo(n[0-7])*lo(t[0]*n0)
+	$UMULL	$t1,$a1,$na0
+	$UMULL	$t2,$a2,$na0
+	$STU	$na0,$SIZE_T($tp)	# put aside t[0]*n0 for tail processing
+	$UMULL	$t3,$a3,$na0
+	# (*)	addc	$acc0,$acc0,$t0
+	addic	$acc0,$acc0,-1		# (*)
+	$UMULL	$t0,$a4,$na0
+	adde	$acc0,$acc1,$t1
+	$UMULL	$t1,$a5,$na0
+	adde	$acc1,$acc2,$t2
+	$UMULL	$t2,$a6,$na0
+	adde	$acc2,$acc3,$t3
+	$UMULL	$t3,$a7,$na0
+	adde	$acc3,$acc4,$t0
+	$UMULH	$t0,$a0,$na0		# hi(n[0-7])*lo(t[0]*n0)
+	adde	$acc4,$acc5,$t1
+	$UMULH	$t1,$a1,$na0
+	adde	$acc5,$acc6,$t2
+	$UMULH	$t2,$a2,$na0
+	adde	$acc6,$acc7,$t3
+	$UMULH	$t3,$a3,$na0
+	addze	$acc7,$zero
+	addc	$acc0,$acc0,$t0
+	$UMULH	$t0,$a4,$na0
+	adde	$acc1,$acc1,$t1
+	$UMULH	$t1,$a5,$na0
+	adde	$acc2,$acc2,$t2
+	$UMULH	$t2,$a6,$na0
+	adde	$acc3,$acc3,$t3
+	$UMULH	$t3,$a7,$na0
+	$UMULL	$na0,$n0,$acc0		# next t[0]*n0
+	adde	$acc4,$acc4,$t0
+	adde	$acc5,$acc5,$t1
+	adde	$acc6,$acc6,$t2
+	adde	$acc7,$acc7,$t3
+	bdnz	.Lsqr8x_reduction
+
+	$LD	$t0,$SIZE_T*1($tp)
+	$LD	$t1,$SIZE_T*2($tp)
+	$LD	$t2,$SIZE_T*3($tp)
+	$LD	$t3,$SIZE_T*4($tp)
+	subi	$rp,$tp,$SIZE_T*7
+	$UCMP	$np_end,$np		# done yet?
+	addc	$acc0,$acc0,$t0
+	$LD	$t0,$SIZE_T*5($tp)
+	adde	$acc1,$acc1,$t1
+	$LD	$t1,$SIZE_T*6($tp)
+	adde	$acc2,$acc2,$t2
+	$LD	$t2,$SIZE_T*7($tp)
+	adde	$acc3,$acc3,$t3
+	$LD	$t3,$SIZE_T*8($tp)
+	adde	$acc4,$acc4,$t0
+	adde	$acc5,$acc5,$t1
+	adde	$acc6,$acc6,$t2
+	adde	$acc7,$acc7,$t3
+	#addze	$carry,$zero		# moved below
+	beq	.Lsqr8x8_post_condition
+
+	$LD	$n0,$SIZE_T*0($rp)
+	$LD	$a0,$SIZE_T*1($np)
+	$LD	$a1,$SIZE_T*2($np)
+	$LD	$a2,$SIZE_T*3($np)
+	$LD	$a3,$SIZE_T*4($np)
+	$LD	$a4,$SIZE_T*5($np)
+	$LD	$a5,$SIZE_T*6($np)
+	$LD	$a6,$SIZE_T*7($np)
+	$LDU	$a7,$SIZE_T*8($np)
+	li	$cnt,0
+
+.align	5
+.Lsqr8x_tail:
+	$UMULL	$t0,$a0,$n0
+	addze	$carry,$zero		# carry bit, modulo-scheduled
+	$UMULL	$t1,$a1,$n0
+	addi	$cnt,$cnt,$SIZE_T
+	$UMULL	$t2,$a2,$n0
+	andi.	$cnt,$cnt,$SIZE_T*8-1
+	$UMULL	$t3,$a3,$n0
+	addc	$acc0,$acc0,$t0
+	$UMULL	$t0,$a4,$n0
+	adde	$acc1,$acc1,$t1
+	$UMULL	$t1,$a5,$n0
+	adde	$acc2,$acc2,$t2
+	$UMULL	$t2,$a6,$n0
+	adde	$acc3,$acc3,$t3
+	$UMULL	$t3,$a7,$n0
+	adde	$acc4,$acc4,$t0
+	$UMULH	$t0,$a0,$n0
+	adde	$acc5,$acc5,$t1
+	$UMULH	$t1,$a1,$n0
+	adde	$acc6,$acc6,$t2
+	$UMULH	$t2,$a2,$n0
+	adde	$acc7,$acc7,$t3
+	$UMULH	$t3,$a3,$n0
+	addze	$carry,$carry
+	$STU	$acc0,$SIZE_T($tp)
+	addc	$acc0,$acc1,$t0
+	$UMULH	$t0,$a4,$n0
+	adde	$acc1,$acc2,$t1
+	$UMULH	$t1,$a5,$n0
+	adde	$acc2,$acc3,$t2
+	$UMULH	$t2,$a6,$n0
+	adde	$acc3,$acc4,$t3
+	$UMULH	$t3,$a7,$n0
+	$LDX	$n0,$rp,$cnt
+	adde	$acc4,$acc5,$t0
+	adde	$acc5,$acc6,$t1
+	adde	$acc6,$acc7,$t2
+	adde	$acc7,$carry,$t3
+	#addze	$carry,$zero		# moved above
+	bne	.Lsqr8x_tail
+					# note that carry flag is guaranteed
+					# to be zero at this point
+	$LD	$a0,$SIZE_T*1($tp)
+	$POP	$carry,$SIZE_T*10($sp)	# pull top-most carry in case we break
+	$UCMP	$np_end,$np		# done yet?
+	$LD	$a1,$SIZE_T*2($tp)
+	sub	$t2,$np_end,$num	# rewinded np
+	$LD	$a2,$SIZE_T*3($tp)
+	$LD	$a3,$SIZE_T*4($tp)
+	$LD	$a4,$SIZE_T*5($tp)
+	$LD	$a5,$SIZE_T*6($tp)
+	$LD	$a6,$SIZE_T*7($tp)
+	$LD	$a7,$SIZE_T*8($tp)
+	beq	.Lsqr8x_tail_break
+
+	addc	$acc0,$acc0,$a0
+	$LD	$a0,$SIZE_T*1($np)
+	adde	$acc1,$acc1,$a1
+	$LD	$a1,$SIZE_T*2($np)
+	adde	$acc2,$acc2,$a2
+	$LD	$a2,$SIZE_T*3($np)
+	adde	$acc3,$acc3,$a3
+	$LD	$a3,$SIZE_T*4($np)
+	adde	$acc4,$acc4,$a4
+	$LD	$a4,$SIZE_T*5($np)
+	adde	$acc5,$acc5,$a5
+	$LD	$a5,$SIZE_T*6($np)
+	adde	$acc6,$acc6,$a6
+	$LD	$a6,$SIZE_T*7($np)
+	adde	$acc7,$acc7,$a7
+	$LDU	$a7,$SIZE_T*8($np)
+	#addze	$carry,$zero		# moved above
+	b	.Lsqr8x_tail
+
+.align	5
+.Lsqr8x_tail_break:
+	$POP	$n0,$SIZE_T*8($sp)	# pull n0
+	$POP	$t3,$SIZE_T*9($sp)	# &tp[2*num-1]
+	addi	$cnt,$tp,$SIZE_T*8	# end of current t[num] window
+
+	addic	$carry,$carry,-1	# "move" top-most carry to carry bit
+	adde	$t0,$acc0,$a0
+	$LD	$acc0,$SIZE_T*8($rp)
+	$LD	$a0,$SIZE_T*1($t2)	# recall that $t2 is &n[-1]
+	adde	$t1,$acc1,$a1
+	$LD	$acc1,$SIZE_T*9($rp)
+	$LD	$a1,$SIZE_T*2($t2)
+	adde	$acc2,$acc2,$a2
+	$LD	$a2,$SIZE_T*3($t2)
+	adde	$acc3,$acc3,$a3
+	$LD	$a3,$SIZE_T*4($t2)
+	adde	$acc4,$acc4,$a4
+	$LD	$a4,$SIZE_T*5($t2)
+	adde	$acc5,$acc5,$a5
+	$LD	$a5,$SIZE_T*6($t2)
+	adde	$acc6,$acc6,$a6
+	$LD	$a6,$SIZE_T*7($t2)
+	adde	$acc7,$acc7,$a7
+	$LD	$a7,$SIZE_T*8($t2)
+	addi	$np,$t2,$SIZE_T*8
+	addze	$t2,$zero		# top-most carry
+	$UMULL	$na0,$n0,$acc0
+	$ST	$t0,$SIZE_T*1($tp)
+	$UCMP	$cnt,$t3		# did we hit the bottom?
+	$ST	$t1,$SIZE_T*2($tp)
+	li	$cnt,8
+	$ST	$acc2,$SIZE_T*3($tp)
+	$LD	$acc2,$SIZE_T*10($rp)
+	$ST	$acc3,$SIZE_T*4($tp)
+	$LD	$acc3,$SIZE_T*11($rp)
+	$ST	$acc4,$SIZE_T*5($tp)
+	$LD	$acc4,$SIZE_T*12($rp)
+	$ST	$acc5,$SIZE_T*6($tp)
+	$LD	$acc5,$SIZE_T*13($rp)
+	$ST	$acc6,$SIZE_T*7($tp)
+	$LD	$acc6,$SIZE_T*14($rp)
+	$ST	$acc7,$SIZE_T*8($tp)
+	$LD	$acc7,$SIZE_T*15($rp)
+	$PUSH	$t2,$SIZE_T*10($sp)	# off-load top-most carry
+	addi	$tp,$rp,$SIZE_T*7	# slide the window
+	mtctr	$cnt
+	bne	.Lsqr8x_reduction
+
+	################################################################
+	# Final step. We see if result is larger than modulus, and
+	# if it is, subtract the modulus. But comparison implies
+	# subtraction. So we subtract modulus, see if it borrowed,
+	# and conditionally copy original value.
+	$POP	$rp,$SIZE_T*6($sp)	# pull &rp[-1]
+	srwi	$cnt,$num,`log($SIZE_T)/log(2)+3`
+	mr	$n0,$tp			# put tp aside
+	addi	$tp,$tp,$SIZE_T*8
+	subi	$cnt,$cnt,1
+	subfc	$t0,$a0,$acc0
+	subfe	$t1,$a1,$acc1
+	mr	$carry,$t2
+	mr	$ap_end,$rp		# $rp copy
+
+	mtctr	$cnt
+	b	.Lsqr8x_sub
+
+.align	5
+.Lsqr8x_sub:
+	$LD	$a0,$SIZE_T*1($np)
+	$LD	$acc0,$SIZE_T*1($tp)
+	$LD	$a1,$SIZE_T*2($np)
+	$LD	$acc1,$SIZE_T*2($tp)
+	subfe	$t2,$a2,$acc2
+	$LD	$a2,$SIZE_T*3($np)
+	$LD	$acc2,$SIZE_T*3($tp)
+	subfe	$t3,$a3,$acc3
+	$LD	$a3,$SIZE_T*4($np)
+	$LD	$acc3,$SIZE_T*4($tp)
+	$ST	$t0,$SIZE_T*1($rp)
+	subfe	$t0,$a4,$acc4
+	$LD	$a4,$SIZE_T*5($np)
+	$LD	$acc4,$SIZE_T*5($tp)
+	$ST	$t1,$SIZE_T*2($rp)
+	subfe	$t1,$a5,$acc5
+	$LD	$a5,$SIZE_T*6($np)
+	$LD	$acc5,$SIZE_T*6($tp)
+	$ST	$t2,$SIZE_T*3($rp)
+	subfe	$t2,$a6,$acc6
+	$LD	$a6,$SIZE_T*7($np)
+	$LD	$acc6,$SIZE_T*7($tp)
+	$ST	$t3,$SIZE_T*4($rp)
+	subfe	$t3,$a7,$acc7
+	$LDU	$a7,$SIZE_T*8($np)
+	$LDU	$acc7,$SIZE_T*8($tp)
+	$ST	$t0,$SIZE_T*5($rp)
+	subfe	$t0,$a0,$acc0
+	$ST	$t1,$SIZE_T*6($rp)
+	subfe	$t1,$a1,$acc1
+	$ST	$t2,$SIZE_T*7($rp)
+	$STU	$t3,$SIZE_T*8($rp)
+	bdnz	.Lsqr8x_sub
+
+	srwi	$cnt,$num,`log($SIZE_T)/log(2)+2`
+	 $LD	$a0,$SIZE_T*1($ap_end)	# original $rp
+	 $LD	$acc0,$SIZE_T*1($n0)	# original $tp
+	subi	$cnt,$cnt,1
+	 $LD	$a1,$SIZE_T*2($ap_end)
+	 $LD	$acc1,$SIZE_T*2($n0)
+	subfe	$t2,$a2,$acc2
+	 $LD	$a2,$SIZE_T*3($ap_end)
+	 $LD	$acc2,$SIZE_T*3($n0)
+	subfe	$t3,$a3,$acc3
+	 $LD	$a3,$SIZE_T*4($ap_end)
+	 $LDU	$acc3,$SIZE_T*4($n0)
+	$ST	$t0,$SIZE_T*1($rp)
+	subfe	$t0,$a4,$acc4
+	$ST	$t1,$SIZE_T*2($rp)
+	subfe	$t1,$a5,$acc5
+	$ST	$t2,$SIZE_T*3($rp)
+	subfe	$t2,$a6,$acc6
+	$ST	$t3,$SIZE_T*4($rp)
+	subfe	$t3,$a7,$acc7
+	$ST	$t0,$SIZE_T*5($rp)
+	subfe	$carry,$zero,$carry	# did it borrow?
+	$ST	$t1,$SIZE_T*6($rp)
+	$ST	$t2,$SIZE_T*7($rp)
+	$ST	$t3,$SIZE_T*8($rp)
+
+	addi	$tp,$sp,$SIZE_T*11
+	mtctr	$cnt
+
+.Lsqr4x_cond_copy:
+	andc	$a0,$a0,$carry
+	 $ST	$zero,-$SIZE_T*3($n0)	# wipe stack clean
+	and	$acc0,$acc0,$carry
+	 $ST	$zero,-$SIZE_T*2($n0)
+	andc	$a1,$a1,$carry
+	 $ST	$zero,-$SIZE_T*1($n0)
+	and	$acc1,$acc1,$carry
+	 $ST	$zero,-$SIZE_T*0($n0)
+	andc	$a2,$a2,$carry
+	 $ST	$zero,$SIZE_T*1($tp)
+	and	$acc2,$acc2,$carry
+	 $ST	$zero,$SIZE_T*2($tp)
+	andc	$a3,$a3,$carry
+	 $ST	$zero,$SIZE_T*3($tp)
+	and	$acc3,$acc3,$carry
+	 $STU	$zero,$SIZE_T*4($tp)
+	or	$t0,$a0,$acc0
+	$LD	$a0,$SIZE_T*5($ap_end)
+	$LD	$acc0,$SIZE_T*1($n0)
+	or	$t1,$a1,$acc1
+	$LD	$a1,$SIZE_T*6($ap_end)
+	$LD	$acc1,$SIZE_T*2($n0)
+	or	$t2,$a2,$acc2
+	$LD	$a2,$SIZE_T*7($ap_end)
+	$LD	$acc2,$SIZE_T*3($n0)
+	or	$t3,$a3,$acc3
+	$LD	$a3,$SIZE_T*8($ap_end)
+	$LDU	$acc3,$SIZE_T*4($n0)
+	$ST	$t0,$SIZE_T*1($ap_end)
+	$ST	$t1,$SIZE_T*2($ap_end)
+	$ST	$t2,$SIZE_T*3($ap_end)
+	$STU	$t3,$SIZE_T*4($ap_end)
+	bdnz	.Lsqr4x_cond_copy
+
+	$POP	$ap,0($sp)		# pull saved sp
+	andc	$a0,$a0,$carry
+	and	$acc0,$acc0,$carry
+	andc	$a1,$a1,$carry
+	and	$acc1,$acc1,$carry
+	andc	$a2,$a2,$carry
+	and	$acc2,$acc2,$carry
+	andc	$a3,$a3,$carry
+	and	$acc3,$acc3,$carry
+	or	$t0,$a0,$acc0
+	or	$t1,$a1,$acc1
+	or	$t2,$a2,$acc2
+	or	$t3,$a3,$acc3
+	$ST	$t0,$SIZE_T*1($ap_end)
+	$ST	$t1,$SIZE_T*2($ap_end)
+	$ST	$t2,$SIZE_T*3($ap_end)
+	$ST	$t3,$SIZE_T*4($ap_end)
+
+	b	.Lsqr8x_done
+
+.align	5
+.Lsqr8x8_post_condition:
+	$POP	$rp,$SIZE_T*6($sp)	# pull rp
+	$POP	$ap,0($sp)		# pull saved sp
+	addze	$carry,$zero
+
+	# $acc0-7,$carry hold result, $a0-7 hold modulus
+	subfc	$acc0,$a0,$acc0
+	subfe	$acc1,$a1,$acc1
+	 $ST	$zero,$SIZE_T*12($sp)	# wipe stack clean
+	 $ST	$zero,$SIZE_T*13($sp)
+	subfe	$acc2,$a2,$acc2
+	 $ST	$zero,$SIZE_T*14($sp)
+	 $ST	$zero,$SIZE_T*15($sp)
+	subfe	$acc3,$a3,$acc3
+	 $ST	$zero,$SIZE_T*16($sp)
+	 $ST	$zero,$SIZE_T*17($sp)
+	subfe	$acc4,$a4,$acc4
+	 $ST	$zero,$SIZE_T*18($sp)
+	 $ST	$zero,$SIZE_T*19($sp)
+	subfe	$acc5,$a5,$acc5
+	 $ST	$zero,$SIZE_T*20($sp)
+	 $ST	$zero,$SIZE_T*21($sp)
+	subfe	$acc6,$a6,$acc6
+	 $ST	$zero,$SIZE_T*22($sp)
+	 $ST	$zero,$SIZE_T*23($sp)
+	subfe	$acc7,$a7,$acc7
+	 $ST	$zero,$SIZE_T*24($sp)
+	 $ST	$zero,$SIZE_T*25($sp)
+	subfe	$carry,$zero,$carry	# did it borrow?
+	 $ST	$zero,$SIZE_T*26($sp)
+	 $ST	$zero,$SIZE_T*27($sp)
+
+	and	$a0,$a0,$carry
+	and	$a1,$a1,$carry
+	addc	$acc0,$acc0,$a0		# add modulus back if borrowed
+	and	$a2,$a2,$carry
+	adde	$acc1,$acc1,$a1
+	and	$a3,$a3,$carry
+	adde	$acc2,$acc2,$a2
+	and	$a4,$a4,$carry
+	adde	$acc3,$acc3,$a3
+	and	$a5,$a5,$carry
+	adde	$acc4,$acc4,$a4
+	and	$a6,$a6,$carry
+	adde	$acc5,$acc5,$a5
+	and	$a7,$a7,$carry
+	adde	$acc6,$acc6,$a6
+	adde	$acc7,$acc7,$a7
+	$ST	$acc0,$SIZE_T*1($rp)
+	$ST	$acc1,$SIZE_T*2($rp)
+	$ST	$acc2,$SIZE_T*3($rp)
+	$ST	$acc3,$SIZE_T*4($rp)
+	$ST	$acc4,$SIZE_T*5($rp)
+	$ST	$acc5,$SIZE_T*6($rp)
+	$ST	$acc6,$SIZE_T*7($rp)
+	$ST	$acc7,$SIZE_T*8($rp)
+
+.Lsqr8x_done:
+	$PUSH	$zero,$SIZE_T*8($sp)
+	$PUSH	$zero,$SIZE_T*10($sp)
+
+	$POP	r14,-$SIZE_T*18($ap)
+	li	r3,1			# signal "done"
+	$POP	r15,-$SIZE_T*17($ap)
+	$POP	r16,-$SIZE_T*16($ap)
+	$POP	r17,-$SIZE_T*15($ap)
+	$POP	r18,-$SIZE_T*14($ap)
+	$POP	r19,-$SIZE_T*13($ap)
+	$POP	r20,-$SIZE_T*12($ap)
+	$POP	r21,-$SIZE_T*11($ap)
+	$POP	r22,-$SIZE_T*10($ap)
+	$POP	r23,-$SIZE_T*9($ap)
+	$POP	r24,-$SIZE_T*8($ap)
+	$POP	r25,-$SIZE_T*7($ap)
+	$POP	r26,-$SIZE_T*6($ap)
+	$POP	r27,-$SIZE_T*5($ap)
+	$POP	r28,-$SIZE_T*4($ap)
+	$POP	r29,-$SIZE_T*3($ap)
+	$POP	r30,-$SIZE_T*2($ap)
+	$POP	r31,-$SIZE_T*1($ap)
+	mr	$sp,$ap
+	blr
+	.long	0
+	.byte	0,12,4,0x20,0x80,18,6,0
+	.long	0
+.size	__bn_sqr8x_mont,.-__bn_sqr8x_mont
+___
+}
+$code.=<<___;
 .asciz  "Montgomery Multiplication for PPC, CRYPTOGAMS by <appro\@openssl.org>"
 ___
 
diff --git a/deps/openssl/openssl/crypto/bn/asm/ppc.pl b/deps/openssl/openssl/crypto/bn/asm/ppc.pl
index 4ea534a1c7..e37068192f 100644
--- a/deps/openssl/openssl/crypto/bn/asm/ppc.pl
+++ b/deps/openssl/openssl/crypto/bn/asm/ppc.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -38,9 +38,9 @@
 #rsa 2048 bits   0.3036s   0.0085s      3.3    117.1
 #rsa 4096 bits   2.0040s   0.0299s      0.5     33.4
 #dsa  512 bits   0.0087s   0.0106s    114.3     94.5
-#dsa 1024 bits   0.0256s   0.0313s     39.0     32.0	
+#dsa 1024 bits   0.0256s   0.0313s     39.0     32.0
 #
-#	Same bechmark with this assembler code:
+#	Same benchmark with this assembler code:
 #
 #rsa  512 bits   0.0056s   0.0005s    178.6   2049.2
 #rsa 1024 bits   0.0283s   0.0015s     35.3    674.1
@@ -74,7 +74,7 @@
 #rsa 4096 bits   0.3700s   0.0058s      2.7    171.0
 #dsa  512 bits   0.0016s   0.0020s    610.7    507.1
 #dsa 1024 bits   0.0047s   0.0058s    212.5    173.2
-#	
+#
 #	Again, performance increases by at about 75%
 #
 #       Mac OS X, Apple G5 1.8GHz (Note this is 32 bit code)
@@ -101,10 +101,7 @@
 #dsa 2048 bits   0.0061s   0.0075s    163.5    132.8
 #
 #        Performance increase of ~60%
-#
-#	If you have comments or suggestions to improve code send
-#	me a note at schari@us.ibm.com
-#
+#        Based on submission from Suresh N. Chari of IBM
 
 $flavour = shift;
 
@@ -125,7 +122,7 @@ if ($flavour =~ /32/) {
 	$CNTLZ=	"cntlzw";	# count leading zeros
 	$SHL=	"slw";		# shift left
 	$SHR=	"srw";		# unsigned shift right
-	$SHRI=	"srwi";		# unsigned shift right by immediate	
+	$SHRI=	"srwi";		# unsigned shift right by immediate
 	$SHLI=	"slwi";		# shift left by immediate
 	$CLRU=	"clrlwi";	# clear upper bits
 	$INSR=	"insrwi";	# insert right
@@ -149,10 +146,10 @@ if ($flavour =~ /32/) {
 	$CNTLZ=	"cntlzd";	# count leading zeros
 	$SHL=	"sld";		# shift left
 	$SHR=	"srd";		# unsigned shift right
-	$SHRI=	"srdi";		# unsigned shift right by immediate	
+	$SHRI=	"srdi";		# unsigned shift right by immediate
 	$SHLI=	"sldi";		# shift left by immediate
 	$CLRU=	"clrldi";	# clear upper bits
-	$INSR=	"insrdi";	# insert right 
+	$INSR=	"insrdi";	# insert right
 	$ROTL=	"rotldi";	# rotate left by immediate
 	$TR=	"td";		# conditional trap
 } else { die "nonsense $flavour"; }
@@ -189,7 +186,7 @@ $data=<<EOF;
 #	   below.
 #				12/05/03		Suresh Chari
 #			(with lots of help from)        Andy Polyakov
-##	
+##
 #	1. Initial version	10/20/02		Suresh Chari
 #
 #
@@ -202,7 +199,7 @@ $data=<<EOF;
 #		be done in the build process.
 #
 #	Hand optimized assembly code for the following routines
-#	
+#
 #	bn_sqr_comba4
 #	bn_sqr_comba8
 #	bn_mul_comba4
@@ -225,10 +222,10 @@ $data=<<EOF;
 #--------------------------------------------------------------------------
 #
 #	Defines to be used in the assembly code.
-#	
+#
 #.set r0,0	# we use it as storage for value of 0
 #.set SP,1	# preserved
-#.set RTOC,2	# preserved 
+#.set RTOC,2	# preserved
 #.set r3,3	# 1st argument/return value
 #.set r4,4	# 2nd argument/volatile register
 #.set r5,5	# 3rd argument/volatile register
@@ -246,7 +243,7 @@ $data=<<EOF;
 #	        the first . i.e. for example change ".bn_sqr_comba4"
 #		to "bn_sqr_comba4". This should be automatically done
 #		in the build.
-	
+
 	.globl	.bn_sqr_comba4
 	.globl	.bn_sqr_comba8
 	.globl	.bn_mul_comba4
@@ -257,9 +254,9 @@ $data=<<EOF;
 	.globl	.bn_sqr_words
 	.globl	.bn_mul_words
 	.globl	.bn_mul_add_words
-	
+
 # .text section
-	
+
 	.machine	"any"
 
 #
@@ -278,8 +275,8 @@ $data=<<EOF;
 # r3 contains r
 # r4 contains a
 #
-# Freely use registers r5,r6,r7,r8,r9,r10,r11 as follows:	
-# 
+# Freely use registers r5,r6,r7,r8,r9,r10,r11 as follows:
+#
 # r5,r6 are the two BN_ULONGs being multiplied.
 # r7,r8 are the results of the 32x32 giving 64 bit multiply.
 # r9,r10, r11 are the equivalents of c1,c2, c3.
@@ -288,10 +285,10 @@ $data=<<EOF;
 #
 	xor		r0,r0,r0		# set r0 = 0. Used in the addze
 						# instructions below
-	
+
 						#sqr_add_c(a,0,c1,c2,c3)
-	$LD		r5,`0*$BNSZ`(r4)		
-	$UMULL		r9,r5,r5		
+	$LD		r5,`0*$BNSZ`(r4)
+	$UMULL		r9,r5,r5
 	$UMULH		r10,r5,r5		#in first iteration. No need
 						#to add since c1=c2=c3=0.
 						# Note c3(r11) is NOT set to 0
@@ -299,20 +296,20 @@ $data=<<EOF;
 
 	$ST		r9,`0*$BNSZ`(r3)	# r[0]=c1;
 						# sqr_add_c2(a,1,0,c2,c3,c1);
-	$LD		r6,`1*$BNSZ`(r4)		
+	$LD		r6,`1*$BNSZ`(r4)
 	$UMULL		r7,r5,r6
 	$UMULH		r8,r5,r6
-					
+
 	addc		r7,r7,r7		# compute (r7,r8)=2*(r7,r8)
 	adde		r8,r8,r8
 	addze		r9,r0			# catch carry if any.
-						# r9= r0(=0) and carry 
-	
+						# r9= r0(=0) and carry
+
 	addc		r10,r7,r10		# now add to temp result.
-	addze		r11,r8                  # r8 added to r11 which is 0 
+	addze		r11,r8                  # r8 added to r11 which is 0
 	addze		r9,r9
-	
-	$ST		r10,`1*$BNSZ`(r3)	#r[1]=c2; 
+
+	$ST		r10,`1*$BNSZ`(r3)	#r[1]=c2;
 						#sqr_add_c(a,1,c3,c1,c2)
 	$UMULL		r7,r6,r6
 	$UMULH		r8,r6,r6
@@ -323,23 +320,23 @@ $data=<<EOF;
 	$LD		r6,`2*$BNSZ`(r4)
 	$UMULL		r7,r5,r6
 	$UMULH		r8,r5,r6
-	
+
 	addc		r7,r7,r7
 	adde		r8,r8,r8
 	addze		r10,r10
-	
+
 	addc		r11,r7,r11
 	adde		r9,r8,r9
 	addze		r10,r10
-	$ST		r11,`2*$BNSZ`(r3)	#r[2]=c3 
+	$ST		r11,`2*$BNSZ`(r3)	#r[2]=c3
 						#sqr_add_c2(a,3,0,c1,c2,c3);
-	$LD		r6,`3*$BNSZ`(r4)		
+	$LD		r6,`3*$BNSZ`(r4)
 	$UMULL		r7,r5,r6
 	$UMULH		r8,r5,r6
 	addc		r7,r7,r7
 	adde		r8,r8,r8
 	addze		r11,r0
-	
+
 	addc		r9,r7,r9
 	adde		r10,r8,r10
 	addze		r11,r11
@@ -348,7 +345,7 @@ $data=<<EOF;
 	$LD		r6,`2*$BNSZ`(r4)
 	$UMULL		r7,r5,r6
 	$UMULH		r8,r5,r6
-	
+
 	addc		r7,r7,r7
 	adde		r8,r8,r8
 	addze		r11,r11
@@ -363,31 +360,31 @@ $data=<<EOF;
 	adde		r11,r8,r11
 	addze		r9,r0
 						#sqr_add_c2(a,3,1,c2,c3,c1);
-	$LD		r6,`3*$BNSZ`(r4)		
+	$LD		r6,`3*$BNSZ`(r4)
 	$UMULL		r7,r5,r6
 	$UMULH		r8,r5,r6
 	addc		r7,r7,r7
 	adde		r8,r8,r8
 	addze		r9,r9
-	
+
 	addc		r10,r7,r10
 	adde		r11,r8,r11
 	addze		r9,r9
 	$ST		r10,`4*$BNSZ`(r3)	#r[4]=c2
 						#sqr_add_c2(a,3,2,c3,c1,c2);
-	$LD		r5,`2*$BNSZ`(r4)		
+	$LD		r5,`2*$BNSZ`(r4)
 	$UMULL		r7,r5,r6
 	$UMULH		r8,r5,r6
 	addc		r7,r7,r7
 	adde		r8,r8,r8
 	addze		r10,r0
-	
+
 	addc		r11,r7,r11
 	adde		r9,r8,r9
 	addze		r10,r10
 	$ST		r11,`5*$BNSZ`(r3)	#r[5] = c3
 						#sqr_add_c(a,3,c1,c2,c3);
-	$UMULL		r7,r6,r6		
+	$UMULL		r7,r6,r6
 	$UMULH		r8,r6,r6
 	addc		r9,r7,r9
 	adde		r10,r8,r10
@@ -406,7 +403,7 @@ $data=<<EOF;
 #		for the gcc compiler. This should be automatically
 #		done in the build
 #
-	
+
 .align	4
 .bn_sqr_comba8:
 #
@@ -418,15 +415,15 @@ $data=<<EOF;
 # r3 contains r
 # r4 contains a
 #
-# Freely use registers r5,r6,r7,r8,r9,r10,r11 as follows:	
-# 
+# Freely use registers r5,r6,r7,r8,r9,r10,r11 as follows:
+#
 # r5,r6 are the two BN_ULONGs being multiplied.
 # r7,r8 are the results of the 32x32 giving 64 bit multiply.
 # r9,r10, r11 are the equivalents of c1,c2, c3.
 #
 # Possible optimization of loading all 8 longs of a into registers
 # doesn't provide any speedup
-# 
+#
 
 	xor		r0,r0,r0		#set r0 = 0.Used in addze
 						#instructions below.
@@ -439,18 +436,18 @@ $data=<<EOF;
 						#sqr_add_c2(a,1,0,c2,c3,c1);
 	$LD		r6,`1*$BNSZ`(r4)
 	$UMULL		r7,r5,r6
-	$UMULH		r8,r5,r6	
-	
+	$UMULH		r8,r5,r6
+
 	addc		r10,r7,r10		#add the two register number
 	adde		r11,r8,r0 		# (r8,r7) to the three register
 	addze		r9,r0			# number (r9,r11,r10).NOTE:r0=0
-	
+
 	addc		r10,r7,r10		#add the two register number
 	adde		r11,r8,r11 		# (r8,r7) to the three register
 	addze		r9,r9			# number (r9,r11,r10).
-	
+
 	$ST		r10,`1*$BNSZ`(r3)	# r[1]=c2
-				
+
 						#sqr_add_c(a,1,c3,c1,c2);
 	$UMULL		r7,r6,r6
 	$UMULH		r8,r6,r6
@@ -461,25 +458,25 @@ $data=<<EOF;
 	$LD		r6,`2*$BNSZ`(r4)
 	$UMULL		r7,r5,r6
 	$UMULH		r8,r5,r6
-	
+
 	addc		r11,r7,r11
 	adde		r9,r8,r9
 	addze		r10,r10
-	
+
 	addc		r11,r7,r11
 	adde		r9,r8,r9
 	addze		r10,r10
-	
+
 	$ST		r11,`2*$BNSZ`(r3)	#r[2]=c3
 						#sqr_add_c2(a,3,0,c1,c2,c3);
 	$LD		r6,`3*$BNSZ`(r4)	#r6 = a[3]. r5 is already a[0].
 	$UMULL		r7,r5,r6
 	$UMULH		r8,r5,r6
-	
+
 	addc		r9,r7,r9
 	adde		r10,r8,r10
 	addze		r11,r0
-	
+
 	addc		r9,r7,r9
 	adde		r10,r8,r10
 	addze		r11,r11
@@ -488,20 +485,20 @@ $data=<<EOF;
 	$LD		r6,`2*$BNSZ`(r4)
 	$UMULL		r7,r5,r6
 	$UMULH		r8,r5,r6
-	
+
 	addc		r9,r7,r9
 	adde		r10,r8,r10
 	addze		r11,r11
-	
+
 	addc		r9,r7,r9
 	adde		r10,r8,r10
 	addze		r11,r11
-	
+
 	$ST		r9,`3*$BNSZ`(r3)	#r[3]=c1;
 						#sqr_add_c(a,2,c2,c3,c1);
 	$UMULL		r7,r6,r6
 	$UMULH		r8,r6,r6
-	
+
 	addc		r10,r7,r10
 	adde		r11,r8,r11
 	addze		r9,r0
@@ -509,11 +506,11 @@ $data=<<EOF;
 	$LD		r6,`3*$BNSZ`(r4)
 	$UMULL		r7,r5,r6
 	$UMULH		r8,r5,r6
-	
+
 	addc		r10,r7,r10
 	adde		r11,r8,r11
 	addze		r9,r9
-	
+
 	addc		r10,r7,r10
 	adde		r11,r8,r11
 	addze		r9,r9
@@ -522,11 +519,11 @@ $data=<<EOF;
 	$LD		r6,`4*$BNSZ`(r4)
 	$UMULL		r7,r5,r6
 	$UMULH		r8,r5,r6
-	
+
 	addc		r10,r7,r10
 	adde		r11,r8,r11
 	addze		r9,r9
-	
+
 	addc		r10,r7,r10
 	adde		r11,r8,r11
 	addze		r9,r9
@@ -535,11 +532,11 @@ $data=<<EOF;
 	$LD		r6,`5*$BNSZ`(r4)
 	$UMULL		r7,r5,r6
 	$UMULH		r8,r5,r6
-	
+
 	addc		r11,r7,r11
 	adde		r9,r8,r9
 	addze		r10,r0
-	
+
 	addc		r11,r7,r11
 	adde		r9,r8,r9
 	addze		r10,r10
@@ -548,11 +545,11 @@ $data=<<EOF;
 	$LD		r6,`4*$BNSZ`(r4)
 	$UMULL		r7,r5,r6
 	$UMULH		r8,r5,r6
-	
+
 	addc		r11,r7,r11
 	adde		r9,r8,r9
 	addze		r10,r10
-	
+
 	addc		r11,r7,r11
 	adde		r9,r8,r9
 	addze		r10,r10
@@ -561,11 +558,11 @@ $data=<<EOF;
 	$LD		r6,`3*$BNSZ`(r4)
 	$UMULL		r7,r5,r6
 	$UMULH		r8,r5,r6
-	
+
 	addc		r11,r7,r11
 	adde		r9,r8,r9
 	addze		r10,r10
-	
+
 	addc		r11,r7,r11
 	adde		r9,r8,r9
 	addze		r10,r10
@@ -580,11 +577,11 @@ $data=<<EOF;
 	$LD		r6,`4*$BNSZ`(r4)
 	$UMULL		r7,r5,r6
 	$UMULH		r8,r5,r6
-	
+
 	addc		r9,r7,r9
 	adde		r10,r8,r10
 	addze		r11,r11
-	
+
 	addc		r9,r7,r9
 	adde		r10,r8,r10
 	addze		r11,r11
@@ -593,11 +590,11 @@ $data=<<EOF;
 	$LD		r6,`5*$BNSZ`(r4)
 	$UMULL		r7,r5,r6
 	$UMULH		r8,r5,r6
-	
+
 	addc		r9,r7,r9
 	adde		r10,r8,r10
 	addze		r11,r11
-	
+
 	addc		r9,r7,r9
 	adde		r10,r8,r10
 	addze		r11,r11
@@ -617,7 +614,7 @@ $data=<<EOF;
 	$LD		r6,`7*$BNSZ`(r4)
 	$UMULL		r7,r5,r6
 	$UMULH		r8,r5,r6
-	
+
 	addc		r10,r7,r10
 	adde		r11,r8,r11
 	addze		r9,r0
@@ -629,7 +626,7 @@ $data=<<EOF;
 	$LD		r6,`6*$BNSZ`(r4)
 	$UMULL		r7,r5,r6
 	$UMULH		r8,r5,r6
-	
+
 	addc		r10,r7,r10
 	adde		r11,r8,r11
 	addze		r9,r9
@@ -652,7 +649,7 @@ $data=<<EOF;
 	$LD		r6,`4*$BNSZ`(r4)
 	$UMULL		r7,r5,r6
 	$UMULH		r8,r5,r6
-	
+
 	addc		r10,r7,r10
 	adde		r11,r8,r11
 	addze		r9,r9
@@ -684,7 +681,7 @@ $data=<<EOF;
 	addc		r11,r7,r11
 	adde		r9,r8,r9
 	addze		r10,r10
-	
+
 	addc		r11,r7,r11
 	adde		r9,r8,r9
 	addze		r10,r10
@@ -704,7 +701,7 @@ $data=<<EOF;
 	$LD		r5,`2*$BNSZ`(r4)
 	$UMULL		r7,r5,r6
 	$UMULH		r8,r5,r6
-	
+
 	addc		r9,r7,r9
 	adde		r10,r8,r10
 	addze		r11,r0
@@ -801,7 +798,7 @@ $data=<<EOF;
 	adde		r10,r8,r10
 	addze		r11,r11
 	$ST		r9,`12*$BNSZ`(r3)	#r[12]=c1;
-	
+
 						#sqr_add_c2(a,7,6,c2,c3,c1)
 	$LD		r5,`6*$BNSZ`(r4)
 	$UMULL		r7,r5,r6
@@ -850,21 +847,21 @@ $data=<<EOF;
 #
 	xor	r0,r0,r0		#r0=0. Used in addze below.
 					#mul_add_c(a[0],b[0],c1,c2,c3);
-	$LD	r6,`0*$BNSZ`(r4)		
-	$LD	r7,`0*$BNSZ`(r5)		
-	$UMULL	r10,r6,r7		
-	$UMULH	r11,r6,r7		
+	$LD	r6,`0*$BNSZ`(r4)
+	$LD	r7,`0*$BNSZ`(r5)
+	$UMULL	r10,r6,r7
+	$UMULH	r11,r6,r7
 	$ST	r10,`0*$BNSZ`(r3)	#r[0]=c1
 					#mul_add_c(a[0],b[1],c2,c3,c1);
-	$LD	r7,`1*$BNSZ`(r5)		
+	$LD	r7,`1*$BNSZ`(r5)
 	$UMULL	r8,r6,r7
 	$UMULH	r9,r6,r7
 	addc	r11,r8,r11
 	adde	r12,r9,r0
 	addze	r10,r0
 					#mul_add_c(a[1],b[0],c2,c3,c1);
-	$LD	r6, `1*$BNSZ`(r4)		
-	$LD	r7, `0*$BNSZ`(r5)		
+	$LD	r6, `1*$BNSZ`(r4)
+	$LD	r7, `0*$BNSZ`(r5)
 	$UMULL	r8,r6,r7
 	$UMULH	r9,r6,r7
 	addc	r11,r8,r11
@@ -872,23 +869,23 @@ $data=<<EOF;
 	addze	r10,r10
 	$ST	r11,`1*$BNSZ`(r3)	#r[1]=c2
 					#mul_add_c(a[2],b[0],c3,c1,c2);
-	$LD	r6,`2*$BNSZ`(r4)		
+	$LD	r6,`2*$BNSZ`(r4)
 	$UMULL	r8,r6,r7
 	$UMULH	r9,r6,r7
 	addc	r12,r8,r12
 	adde	r10,r9,r10
 	addze	r11,r0
 					#mul_add_c(a[1],b[1],c3,c1,c2);
-	$LD	r6,`1*$BNSZ`(r4)		
-	$LD	r7,`1*$BNSZ`(r5)		
+	$LD	r6,`1*$BNSZ`(r4)
+	$LD	r7,`1*$BNSZ`(r5)
 	$UMULL	r8,r6,r7
 	$UMULH	r9,r6,r7
 	addc	r12,r8,r12
 	adde	r10,r9,r10
 	addze	r11,r11
 					#mul_add_c(a[0],b[2],c3,c1,c2);
-	$LD	r6,`0*$BNSZ`(r4)		
-	$LD	r7,`2*$BNSZ`(r5)		
+	$LD	r6,`0*$BNSZ`(r4)
+	$LD	r7,`2*$BNSZ`(r5)
 	$UMULL	r8,r6,r7
 	$UMULH	r9,r6,r7
 	addc	r12,r8,r12
@@ -896,7 +893,7 @@ $data=<<EOF;
 	addze	r11,r11
 	$ST	r12,`2*$BNSZ`(r3)	#r[2]=c3
 					#mul_add_c(a[0],b[3],c1,c2,c3);
-	$LD	r7,`3*$BNSZ`(r5)		
+	$LD	r7,`3*$BNSZ`(r5)
 	$UMULL	r8,r6,r7
 	$UMULH	r9,r6,r7
 	addc	r10,r8,r10
@@ -928,7 +925,7 @@ $data=<<EOF;
 	addze	r12,r12
 	$ST	r10,`3*$BNSZ`(r3)	#r[3]=c1
 					#mul_add_c(a[3],b[1],c2,c3,c1);
-	$LD	r7,`1*$BNSZ`(r5)		
+	$LD	r7,`1*$BNSZ`(r5)
 	$UMULL	r8,r6,r7
 	$UMULH	r9,r6,r7
 	addc	r11,r8,r11
@@ -952,7 +949,7 @@ $data=<<EOF;
 	addze	r10,r10
 	$ST	r11,`4*$BNSZ`(r3)	#r[4]=c2
 					#mul_add_c(a[2],b[3],c3,c1,c2);
-	$LD	r6,`2*$BNSZ`(r4)		
+	$LD	r6,`2*$BNSZ`(r4)
 	$UMULL	r8,r6,r7
 	$UMULH	r9,r6,r7
 	addc	r12,r8,r12
@@ -968,7 +965,7 @@ $data=<<EOF;
 	addze	r11,r11
 	$ST	r12,`5*$BNSZ`(r3)	#r[5]=c3
 					#mul_add_c(a[3],b[3],c1,c2,c3);
-	$LD	r7,`3*$BNSZ`(r5)		
+	$LD	r7,`3*$BNSZ`(r5)
 	$UMULL	r8,r6,r7
 	$UMULH	r9,r6,r7
 	addc	r10,r8,r10
@@ -988,7 +985,7 @@ $data=<<EOF;
 #		for the gcc compiler. This should be automatically
 #		done in the build
 #
-	
+
 .align	4
 .bn_mul_comba8:
 #
@@ -1003,7 +1000,7 @@ $data=<<EOF;
 # r10, r11, r12 are the equivalents of c1, c2, and c3.
 #
 	xor	r0,r0,r0		#r0=0. Used in addze below.
-	
+
 					#mul_add_c(a[0],b[0],c1,c2,c3);
 	$LD	r6,`0*$BNSZ`(r4)	#a[0]
 	$LD	r7,`0*$BNSZ`(r5)	#b[0]
@@ -1065,7 +1062,7 @@ $data=<<EOF;
 	addc	r10,r10,r8
 	adde	r11,r11,r9
 	addze	r12,r12
-		
+
 					#mul_add_c(a[2],b[1],c1,c2,c3);
 	$LD	r6,`2*$BNSZ`(r4)
 	$LD	r7,`1*$BNSZ`(r5)
@@ -1131,7 +1128,7 @@ $data=<<EOF;
 	adde	r10,r10,r9
 	addze	r11,r0
 					#mul_add_c(a[1],b[4],c3,c1,c2);
-	$LD	r6,`1*$BNSZ`(r4)		
+	$LD	r6,`1*$BNSZ`(r4)
 	$LD	r7,`4*$BNSZ`(r5)
 	$UMULL	r8,r6,r7
 	$UMULH	r9,r6,r7
@@ -1139,7 +1136,7 @@ $data=<<EOF;
 	adde	r10,r10,r9
 	addze	r11,r11
 					#mul_add_c(a[2],b[3],c3,c1,c2);
-	$LD	r6,`2*$BNSZ`(r4)		
+	$LD	r6,`2*$BNSZ`(r4)
 	$LD	r7,`3*$BNSZ`(r5)
 	$UMULL	r8,r6,r7
 	$UMULH	r9,r6,r7
@@ -1147,7 +1144,7 @@ $data=<<EOF;
 	adde	r10,r10,r9
 	addze	r11,r11
 					#mul_add_c(a[3],b[2],c3,c1,c2);
-	$LD	r6,`3*$BNSZ`(r4)		
+	$LD	r6,`3*$BNSZ`(r4)
 	$LD	r7,`2*$BNSZ`(r5)
 	$UMULL	r8,r6,r7
 	$UMULH	r9,r6,r7
@@ -1155,7 +1152,7 @@ $data=<<EOF;
 	adde	r10,r10,r9
 	addze	r11,r11
 					#mul_add_c(a[4],b[1],c3,c1,c2);
-	$LD	r6,`4*$BNSZ`(r4)		
+	$LD	r6,`4*$BNSZ`(r4)
 	$LD	r7,`1*$BNSZ`(r5)
 	$UMULL	r8,r6,r7
 	$UMULH	r9,r6,r7
@@ -1163,7 +1160,7 @@ $data=<<EOF;
 	adde	r10,r10,r9
 	addze	r11,r11
 					#mul_add_c(a[5],b[0],c3,c1,c2);
-	$LD	r6,`5*$BNSZ`(r4)		
+	$LD	r6,`5*$BNSZ`(r4)
 	$LD	r7,`0*$BNSZ`(r5)
 	$UMULL	r8,r6,r7
 	$UMULH	r9,r6,r7
@@ -1555,7 +1552,7 @@ $data=<<EOF;
 	addi	r3,r3,-$BNSZ
 	addi	r5,r5,-$BNSZ
 	mtctr	r6
-Lppcasm_sub_mainloop:	
+Lppcasm_sub_mainloop:
 	$LDU	r7,$BNSZ(r4)
 	$LDU	r8,$BNSZ(r5)
 	subfe	r6,r8,r7	# r6 = r7+carry bit + onescomplement(r8)
@@ -1563,7 +1560,7 @@ Lppcasm_sub_mainloop:
 				# is r7-r8 -1 as we need.
 	$STU	r6,$BNSZ(r3)
 	bdnz	Lppcasm_sub_mainloop
-Lppcasm_sub_adios:	
+Lppcasm_sub_adios:
 	subfze	r3,r0		# if carry bit is set then r3 = 0 else -1
 	andi.	r3,r3,1         # keep only last bit.
 	blr
@@ -1604,13 +1601,13 @@ Lppcasm_sub_adios:
 	addi	r3,r3,-$BNSZ
 	addi	r5,r5,-$BNSZ
 	mtctr	r6
-Lppcasm_add_mainloop:	
+Lppcasm_add_mainloop:
 	$LDU	r7,$BNSZ(r4)
 	$LDU	r8,$BNSZ(r5)
 	adde	r8,r7,r8
 	$STU	r8,$BNSZ(r3)
 	bdnz	Lppcasm_add_mainloop
-Lppcasm_add_adios:	
+Lppcasm_add_adios:
 	addze	r3,r0			#return carry bit.
 	blr
 	.long	0
@@ -1633,11 +1630,11 @@ Lppcasm_add_adios:
 #	the PPC instruction to count leading zeros instead
 #	of call to num_bits_word. Since this was compiled
 #	only at level -O2 we can possibly squeeze it more?
-#	
+#
 #	r3 = h
 #	r4 = l
 #	r5 = d
-	
+
 	$UCMPI	0,r5,0			# compare r5 and 0
 	bne	Lppcasm_div1		# proceed if d!=0
 	li	r3,-1			# d=0 return -1
@@ -1653,7 +1650,7 @@ Lppcasm_div1:
 Lppcasm_div2:
 	$UCMP	0,r3,r5			#h>=d?
 	blt	Lppcasm_div3		#goto Lppcasm_div3 if not
-	subf	r3,r5,r3		#h-=d ; 
+	subf	r3,r5,r3		#h-=d ;
 Lppcasm_div3:				#r7 = BN_BITS2-i. so r7=i
 	cmpi	0,0,r7,0		# is (i == 0)?
 	beq	Lppcasm_div4
@@ -1668,7 +1665,7 @@ Lppcasm_div4:
 					# as it saves registers.
 	li	r6,2			#r6=2
 	mtctr	r6			#counter will be in count.
-Lppcasm_divouterloop: 
+Lppcasm_divouterloop:
 	$SHRI	r8,r3,`$BITS/2`		#r8 = (h>>BN_BITS4)
 	$SHRI	r11,r4,`$BITS/2`	#r11= (l&BN_MASK2h)>>BN_BITS4
 					# compute here for innerloop.
@@ -1676,7 +1673,7 @@ Lppcasm_divouterloop:
 	bne	Lppcasm_div5		# goto Lppcasm_div5 if not
 
 	li	r8,-1
-	$CLRU	r8,r8,`$BITS/2`		#q = BN_MASK2l 
+	$CLRU	r8,r8,`$BITS/2`		#q = BN_MASK2l
 	b	Lppcasm_div6
 Lppcasm_div5:
 	$UDIV	r8,r3,r9		#q = h/dh
@@ -1684,7 +1681,7 @@ Lppcasm_div6:
 	$UMULL	r12,r9,r8		#th = q*dh
 	$CLRU	r10,r5,`$BITS/2`	#r10=dl
 	$UMULL	r6,r8,r10		#tl = q*dl
-	
+
 Lppcasm_divinnerloop:
 	subf	r10,r12,r3		#t = h -th
 	$SHRI	r7,r10,`$BITS/2`	#r7= (t &BN_MASK2H), sort of...
@@ -1761,7 +1758,7 @@ Lppcasm_div9:
 	addi	r4,r4,-$BNSZ
 	addi	r3,r3,-$BNSZ
 	mtctr	r5
-Lppcasm_sqr_mainloop:	
+Lppcasm_sqr_mainloop:
 					#sqr(r[0],r[1],a[0]);
 	$LDU	r6,$BNSZ(r4)
 	$UMULL	r7,r6,r6
@@ -1769,7 +1766,7 @@ Lppcasm_sqr_mainloop:
 	$STU	r7,$BNSZ(r3)
 	$STU	r8,$BNSZ(r3)
 	bdnz	Lppcasm_sqr_mainloop
-Lppcasm_sqr_adios:	
+Lppcasm_sqr_adios:
 	blr
 	.long	0
 	.byte	0,12,0x14,0,0,0,3,0
@@ -1783,7 +1780,7 @@ Lppcasm_sqr_adios:
 #		done in the build
 #
 
-.align	4	
+.align	4
 .bn_mul_words:
 #
 # BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
@@ -1797,7 +1794,7 @@ Lppcasm_sqr_adios:
 	rlwinm.	r7,r5,30,2,31		# num >> 2
 	beq	Lppcasm_mw_REM
 	mtctr	r7
-Lppcasm_mw_LOOP:	
+Lppcasm_mw_LOOP:
 					#mul(rp[0],ap[0],w,c1);
 	$LD	r8,`0*$BNSZ`(r4)
 	$UMULL	r9,r6,r8
@@ -1809,7 +1806,7 @@ Lppcasm_mw_LOOP:
 					#using adde.
 	$ST	r9,`0*$BNSZ`(r3)
 					#mul(rp[1],ap[1],w,c1);
-	$LD	r8,`1*$BNSZ`(r4)	
+	$LD	r8,`1*$BNSZ`(r4)
 	$UMULL	r11,r6,r8
 	$UMULH  r12,r6,r8
 	adde	r11,r11,r10
@@ -1830,7 +1827,7 @@ Lppcasm_mw_LOOP:
 	addze	r12,r12			#this spin we collect carry into
 					#r12
 	$ST	r11,`3*$BNSZ`(r3)
-	
+
 	addi	r3,r3,`4*$BNSZ`
 	addi	r4,r4,`4*$BNSZ`
 	bdnz	Lppcasm_mw_LOOP
@@ -1846,25 +1843,25 @@ Lppcasm_mw_REM:
 	addze	r10,r10
 	$ST	r9,`0*$BNSZ`(r3)
 	addi	r12,r10,0
-	
+
 	addi	r5,r5,-1
 	cmpli	0,0,r5,0
 	beq	Lppcasm_mw_OVER
 
-	
+
 					#mul(rp[1],ap[1],w,c1);
-	$LD	r8,`1*$BNSZ`(r4)	
+	$LD	r8,`1*$BNSZ`(r4)
 	$UMULL	r9,r6,r8
 	$UMULH  r10,r6,r8
 	addc	r9,r9,r12
 	addze	r10,r10
 	$ST	r9,`1*$BNSZ`(r3)
 	addi	r12,r10,0
-	
+
 	addi	r5,r5,-1
 	cmpli	0,0,r5,0
 	beq	Lppcasm_mw_OVER
-	
+
 					#mul_add(rp[2],ap[2],w,c1);
 	$LD	r8,`2*$BNSZ`(r4)
 	$UMULL	r9,r6,r8
@@ -1873,14 +1870,14 @@ Lppcasm_mw_REM:
 	addze	r10,r10
 	$ST	r9,`2*$BNSZ`(r3)
 	addi	r12,r10,0
-		
-Lppcasm_mw_OVER:	
+
+Lppcasm_mw_OVER:
 	addi	r3,r12,0
 	blr
 	.long	0
 	.byte	0,12,0x14,0,0,0,4,0
 	.long	0
-.size	bn_mul_words,.-bn_mul_words
+.size	.bn_mul_words,.-.bn_mul_words
 
 #
 #	NOTE:	The following label name should be changed to
@@ -1902,11 +1899,11 @@ Lppcasm_mw_OVER:
 # empirical evidence suggests that unrolled version performs best!!
 #
 	xor	r0,r0,r0		#r0 = 0
-	xor	r12,r12,r12  		#r12 = 0 . used for carry		
+	xor	r12,r12,r12  		#r12 = 0 . used for carry
 	rlwinm.	r7,r5,30,2,31		# num >> 2
 	beq	Lppcasm_maw_leftover	# if (num < 4) go LPPCASM_maw_leftover
 	mtctr	r7
-Lppcasm_maw_mainloop:	
+Lppcasm_maw_mainloop:
 					#mul_add(rp[0],ap[0],w,c1);
 	$LD	r8,`0*$BNSZ`(r4)
 	$LD	r11,`0*$BNSZ`(r3)
@@ -1922,9 +1919,9 @@ Lppcasm_maw_mainloop:
 					#by multiply and will be collected
 					#in the next spin
 	$ST	r9,`0*$BNSZ`(r3)
-	
+
 					#mul_add(rp[1],ap[1],w,c1);
-	$LD	r8,`1*$BNSZ`(r4)	
+	$LD	r8,`1*$BNSZ`(r4)
 	$LD	r9,`1*$BNSZ`(r3)
 	$UMULL	r11,r6,r8
 	$UMULH  r12,r6,r8
@@ -1933,7 +1930,7 @@ Lppcasm_maw_mainloop:
 	addc	r11,r11,r9
 	#addze	r12,r12
 	$ST	r11,`1*$BNSZ`(r3)
-	
+
 					#mul_add(rp[2],ap[2],w,c1);
 	$LD	r8,`2*$BNSZ`(r4)
 	$UMULL	r9,r6,r8
@@ -1944,7 +1941,7 @@ Lppcasm_maw_mainloop:
 	addc	r9,r9,r11
 	#addze	r10,r10
 	$ST	r9,`2*$BNSZ`(r3)
-	
+
 					#mul_add(rp[3],ap[3],w,c1);
 	$LD	r8,`3*$BNSZ`(r4)
 	$UMULL	r11,r6,r8
@@ -1958,7 +1955,7 @@ Lppcasm_maw_mainloop:
 	addi	r3,r3,`4*$BNSZ`
 	addi	r4,r4,`4*$BNSZ`
 	bdnz	Lppcasm_maw_mainloop
-	
+
 Lppcasm_maw_leftover:
 	andi.	r5,r5,0x3
 	beq	Lppcasm_maw_adios
@@ -1975,10 +1972,10 @@ Lppcasm_maw_leftover:
 	addc	r9,r9,r12
 	addze	r12,r10
 	$ST	r9,0(r3)
-	
+
 	bdz	Lppcasm_maw_adios
 					#mul_add(rp[1],ap[1],w,c1);
-	$LDU	r8,$BNSZ(r4)	
+	$LDU	r8,$BNSZ(r4)
 	$UMULL	r9,r6,r8
 	$UMULH  r10,r6,r8
 	$LDU	r11,$BNSZ(r3)
@@ -1987,7 +1984,7 @@ Lppcasm_maw_leftover:
 	addc	r9,r9,r12
 	addze	r12,r10
 	$ST	r9,0(r3)
-	
+
 	bdz	Lppcasm_maw_adios
 					#mul_add(rp[2],ap[2],w,c1);
 	$LDU	r8,$BNSZ(r4)
@@ -1999,8 +1996,8 @@ Lppcasm_maw_leftover:
 	addc	r9,r9,r12
 	addze	r12,r10
 	$ST	r9,0(r3)
-		
-Lppcasm_maw_adios:	
+
+Lppcasm_maw_adios:
 	addi	r3,r12,0
 	blr
 	.long	0
diff --git a/deps/openssl/openssl/crypto/bn/asm/ppc64-mont.pl b/deps/openssl/openssl/crypto/bn/asm/ppc64-mont.pl
index 5d9f43aa5d..c41b620bc2 100644
--- a/deps/openssl/openssl/crypto/bn/asm/ppc64-mont.pl
+++ b/deps/openssl/openssl/crypto/bn/asm/ppc64-mont.pl
@@ -35,7 +35,7 @@
 # key lengths. As it's obviously inappropriate as "best all-round"
 # alternative, it has to be complemented with run-time CPU family
 # detection. Oh! It should also be noted that unlike other PowerPC
-# implementation IALU ppc-mont.pl module performs *suboptimaly* on
+# implementation IALU ppc-mont.pl module performs *suboptimally* on
 # >=1024-bit key lengths on Power 6. It should also be noted that
 # *everything* said so far applies to 64-bit builds! As far as 32-bit
 # application executed on 64-bit CPU goes, this module is likely to
@@ -1353,7 +1353,7 @@ $code.=<<___;
 	std	$t3,-16($tp)		; tp[j-1]
 	std	$t5,-8($tp)		; tp[j]
 
-	add	$carry,$carry,$ovf	; comsume upmost overflow
+	add	$carry,$carry,$ovf	; consume upmost overflow
 	add	$t6,$t6,$carry		; can not overflow
 	srdi	$carry,$t6,16
 	add	$t7,$t7,$carry
diff --git a/deps/openssl/openssl/crypto/bn/asm/rsaz-avx2.pl b/deps/openssl/openssl/crypto/bn/asm/rsaz-avx2.pl
index 0466e11a25..f1292cc75c 100755
--- a/deps/openssl/openssl/crypto/bn/asm/rsaz-avx2.pl
+++ b/deps/openssl/openssl/crypto/bn/asm/rsaz-avx2.pl
@@ -1,68 +1,30 @@
 #! /usr/bin/env perl
 # Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright (c) 2012, Intel Corporation. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
 # in the file LICENSE in the source distribution or at
 # https://www.openssl.org/source/license.html
-
-
-##############################################################################
-#                                                                            #
-#  Copyright (c) 2012, Intel Corporation                                     #
-#                                                                            #
-#  All rights reserved.                                                      #
-#                                                                            #
-#  Redistribution and use in source and binary forms, with or without        #
-#  modification, are permitted provided that the following conditions are    #
-#  met:                                                                      #
-#                                                                            #
-#  *  Redistributions of source code must retain the above copyright         #
-#     notice, this list of conditions and the following disclaimer.          #
-#                                                                            #
-#  *  Redistributions in binary form must reproduce the above copyright      #
-#     notice, this list of conditions and the following disclaimer in the    #
-#     documentation and/or other materials provided with the                 #
-#     distribution.                                                          #
-#                                                                            #
-#  *  Neither the name of the Intel Corporation nor the names of its         #
-#     contributors may be used to endorse or promote products derived from   #
-#     this software without specific prior written permission.               #
-#                                                                            #
-#                                                                            #
-#  THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION ""AS IS"" AND ANY          #
-#  EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE         #
-#  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR        #
-#  PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION OR            #
-#  CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,     #
-#  EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,       #
-#  PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR        #
-#  PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF    #
-#  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING      #
-#  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS        #
-#  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.              #
-#                                                                            #
-##############################################################################
-# Developers and authors:                                                    #
-# Shay Gueron (1, 2), and Vlad Krasnov (1)                                   #
-# (1) Intel Corporation, Israel Development Center, Haifa, Israel            #
-# (2) University of Haifa, Israel                                            #
-##############################################################################
-# Reference:                                                                 #
-# [1] S. Gueron, V. Krasnov: "Software Implementation of Modular             #
-#     Exponentiation,  Using Advanced Vector Instructions Architectures",    #
-#     F. Ozbudak and F. Rodriguez-Henriquez (Eds.): WAIFI 2012, LNCS 7369,   #
-#     pp. 119?135, 2012. Springer-Verlag Berlin Heidelberg 2012              #
-# [2] S. Gueron: "Efficient Software Implementations of Modular              #
-#     Exponentiation", Journal of Cryptographic Engineering 2:31-43 (2012).  #
-# [3] S. Gueron, V. Krasnov: "Speeding up Big-numbers Squaring",IEEE         #
-#     Proceedings of 9th International Conference on Information Technology: #
-#     New Generations (ITNG 2012), pp.821-823 (2012)                         #
-# [4] S. Gueron, V. Krasnov: "[PATCH] Efficient and side channel analysis    #
-#     resistant 1024-bit modular exponentiation, for optimizing RSA2048      #
-#     on AVX2 capable x86_64 platforms",                                     #
-#     http://rt.openssl.org/Ticket/Display.html?id=2850&user=guest&pass=guest#
-##############################################################################
+#
+# Originally written by Shay Gueron (1, 2), and Vlad Krasnov (1)
+# (1) Intel Corporation, Israel Development Center, Haifa, Israel
+# (2) University of Haifa, Israel
+#
+# References:
+# [1] S. Gueron, V. Krasnov: "Software Implementation of Modular
+#     Exponentiation,  Using Advanced Vector Instructions Architectures",
+#     F. Ozbudak and F. Rodriguez-Henriquez (Eds.): WAIFI 2012, LNCS 7369,
+#     pp. 119?135, 2012. Springer-Verlag Berlin Heidelberg 2012
+# [2] S. Gueron: "Efficient Software Implementations of Modular
+#     Exponentiation", Journal of Cryptographic Engineering 2:31-43 (2012).
+# [3] S. Gueron, V. Krasnov: "Speeding up Big-numbers Squaring",IEEE
+#     Proceedings of 9th International Conference on Information Technology:
+#     New Generations (ITNG 2012), pp.821-823 (2012)
+# [4] S. Gueron, V. Krasnov: "[PATCH] Efficient and side channel analysis
+#     resistant 1024-bit modular exponentiation, for optimizing RSA2048
+#     on AVX2 capable x86_64 platforms",
+#     http://rt.openssl.org/Ticket/Display.html?id=2850&user=guest&pass=guest
 #
 # +13% improvement over original submission by <appro@openssl.org>
 #
@@ -168,13 +130,21 @@ $code.=<<___;
 .type	rsaz_1024_sqr_avx2,\@function,5
 .align	64
 rsaz_1024_sqr_avx2:		# 702 cycles, 14% faster than rsaz_1024_mul_avx2
+.cfi_startproc
 	lea	(%rsp), %rax
+.cfi_def_cfa_register	%rax
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
 	vzeroupper
 ___
 $code.=<<___ if ($win64);
@@ -193,6 +163,7 @@ $code.=<<___ if ($win64);
 ___
 $code.=<<___;
 	mov	%rax,%rbp
+.cfi_def_cfa_register	%rbp
 	mov	%rdx, $np			# reassigned argument
 	sub	\$$FrameSize, %rsp
 	mov	$np, $tmp
@@ -382,7 +353,7 @@ $code.=<<___;
 	vpaddq		$TEMP1, $ACC1, $ACC1
 	vpmuludq	32*7-128($aap), $B2, $ACC2
 	 vpbroadcastq	32*5-128($tpa), $B2
-	vpaddq		32*11-448($tp1), $ACC2, $ACC2	
+	vpaddq		32*11-448($tp1), $ACC2, $ACC2
 
 	vmovdqu		$ACC6, 32*6-192($tp0)
 	vmovdqu		$ACC7, 32*7-192($tp0)
@@ -441,7 +412,7 @@ $code.=<<___;
 	vmovdqu		$ACC7, 32*16-448($tp1)
 	lea		8($tp1), $tp1
 
-	dec	$i        
+	dec	$i
 	jnz	.LOOP_SQR_1024
 ___
 $ZERO = $ACC9;
@@ -786,7 +757,7 @@ $code.=<<___;
 	vpblendd	\$3, $TEMP4, $TEMP5, $TEMP4
 	vpaddq		$TEMP3, $ACC7, $ACC7
 	vpaddq		$TEMP4, $ACC8, $ACC8
-     
+
 	vpsrlq		\$29, $ACC4, $TEMP1
 	vpand		$AND_MASK, $ACC4, $ACC4
 	vpsrlq		\$29, $ACC5, $TEMP2
@@ -825,8 +796,10 @@ $code.=<<___;
 
 	vzeroall
 	mov	%rbp, %rax
+.cfi_def_cfa_register	%rax
 ___
 $code.=<<___ if ($win64);
+.Lsqr_1024_in_tail:
 	movaps	-0xd8(%rax),%xmm6
 	movaps	-0xc8(%rax),%xmm7
 	movaps	-0xb8(%rax),%xmm8
@@ -840,14 +813,22 @@ $code.=<<___ if ($win64);
 ___
 $code.=<<___;
 	mov	-48(%rax),%r15
+.cfi_restore	%r15
 	mov	-40(%rax),%r14
+.cfi_restore	%r14
 	mov	-32(%rax),%r13
+.cfi_restore	%r13
 	mov	-24(%rax),%r12
+.cfi_restore	%r12
 	mov	-16(%rax),%rbp
+.cfi_restore	%rbp
 	mov	-8(%rax),%rbx
+.cfi_restore	%rbx
 	lea	(%rax),%rsp		# restore %rsp
+.cfi_def_cfa_register	%rsp
 .Lsqr_1024_epilogue:
 	ret
+.cfi_endproc
 .size	rsaz_1024_sqr_avx2,.-rsaz_1024_sqr_avx2
 ___
 }
@@ -900,13 +881,21 @@ $code.=<<___;
 .type	rsaz_1024_mul_avx2,\@function,5
 .align	64
 rsaz_1024_mul_avx2:
+.cfi_startproc
 	lea	(%rsp), %rax
+.cfi_def_cfa_register	%rax
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
 ___
 $code.=<<___ if ($win64);
 	vzeroupper
@@ -925,6 +914,7 @@ $code.=<<___ if ($win64);
 ___
 $code.=<<___;
 	mov	%rax,%rbp
+.cfi_def_cfa_register	%rbp
 	vzeroall
 	mov	%rdx, $bp	# reassigned argument
 	sub	\$64,%rsp
@@ -1450,15 +1440,17 @@ $code.=<<___;
 	vpaddq		$TEMP4, $ACC8, $ACC8
 
 	vmovdqu		$ACC4, 128-128($rp)
-	vmovdqu		$ACC5, 160-128($rp)    
+	vmovdqu		$ACC5, 160-128($rp)
 	vmovdqu		$ACC6, 192-128($rp)
 	vmovdqu		$ACC7, 224-128($rp)
 	vmovdqu		$ACC8, 256-128($rp)
 	vzeroupper
 
 	mov	%rbp, %rax
+.cfi_def_cfa_register	%rax
 ___
 $code.=<<___ if ($win64);
+.Lmul_1024_in_tail:
 	movaps	-0xd8(%rax),%xmm6
 	movaps	-0xc8(%rax),%xmm7
 	movaps	-0xb8(%rax),%xmm8
@@ -1472,14 +1464,22 @@ $code.=<<___ if ($win64);
 ___
 $code.=<<___;
 	mov	-48(%rax),%r15
+.cfi_restore	%r15
 	mov	-40(%rax),%r14
+.cfi_restore	%r14
 	mov	-32(%rax),%r13
+.cfi_restore	%r13
 	mov	-24(%rax),%r12
+.cfi_restore	%r12
 	mov	-16(%rax),%rbp
+.cfi_restore	%rbp
 	mov	-8(%rax),%rbx
+.cfi_restore	%rbx
 	lea	(%rax),%rsp		# restore %rsp
+.cfi_def_cfa_register	%rsp
 .Lmul_1024_epilogue:
 	ret
+.cfi_endproc
 .size	rsaz_1024_mul_avx2,.-rsaz_1024_mul_avx2
 ___
 }
@@ -1598,8 +1598,10 @@ rsaz_1024_scatter5_avx2:
 .type	rsaz_1024_gather5_avx2,\@abi-omnipotent
 .align	32
 rsaz_1024_gather5_avx2:
+.cfi_startproc
 	vzeroupper
 	mov	%rsp,%r11
+.cfi_def_cfa_register	%r11
 ___
 $code.=<<___ if ($win64);
 	lea	-0x88(%rsp),%rax
@@ -1737,11 +1739,13 @@ $code.=<<___ if ($win64);
 	movaps	-0x38(%r11),%xmm13
 	movaps	-0x28(%r11),%xmm14
 	movaps	-0x18(%r11),%xmm15
-.LSEH_end_rsaz_1024_gather5:
 ___
 $code.=<<___;
 	lea	(%r11),%rsp
+.cfi_def_cfa_register	%rsp
 	ret
+.cfi_endproc
+.LSEH_end_rsaz_1024_gather5:
 .size	rsaz_1024_gather5_avx2,.-rsaz_1024_gather5_avx2
 ___
 }
@@ -1814,14 +1818,17 @@ rsaz_se_handler:
 	cmp	%r10,%rbx		# context->Rip<prologue label
 	jb	.Lcommon_seh_tail
 
-	mov	152($context),%rax	# pull context->Rsp
-
 	mov	4(%r11),%r10d		# HandlerData[1]
 	lea	(%rsi,%r10),%r10	# epilogue label
 	cmp	%r10,%rbx		# context->Rip>=epilogue label
 	jae	.Lcommon_seh_tail
 
-	mov	160($context),%rax	# pull context->Rbp
+	mov	160($context),%rbp	# pull context->Rbp
+
+	mov	8(%r11),%r10d		# HandlerData[2]
+	lea	(%rsi,%r10),%r10	# "in tail" label
+	cmp	%r10,%rbx		# context->Rip>="in tail" label
+	cmovc	%rbp,%rax
 
 	mov	-48(%rax),%r15
 	mov	-40(%rax),%r14
@@ -1899,11 +1906,13 @@ rsaz_se_handler:
 .LSEH_info_rsaz_1024_sqr_avx2:
 	.byte	9,0,0,0
 	.rva	rsaz_se_handler
-	.rva	.Lsqr_1024_body,.Lsqr_1024_epilogue
+	.rva	.Lsqr_1024_body,.Lsqr_1024_epilogue,.Lsqr_1024_in_tail
+	.long	0
 .LSEH_info_rsaz_1024_mul_avx2:
 	.byte	9,0,0,0
 	.rva	rsaz_se_handler
-	.rva	.Lmul_1024_body,.Lmul_1024_epilogue
+	.rva	.Lmul_1024_body,.Lmul_1024_epilogue,.Lmul_1024_in_tail
+	.long	0
 .LSEH_info_rsaz_1024_gather5:
 	.byte	0x01,0x36,0x17,0x0b
 	.byte	0x36,0xf8,0x09,0x00	# vmovaps 0x90(rsp),xmm15
diff --git a/deps/openssl/openssl/crypto/bn/asm/rsaz-x86_64.pl b/deps/openssl/openssl/crypto/bn/asm/rsaz-x86_64.pl
index 6f3b664f7a..b1797b649f 100755
--- a/deps/openssl/openssl/crypto/bn/asm/rsaz-x86_64.pl
+++ b/deps/openssl/openssl/crypto/bn/asm/rsaz-x86_64.pl
@@ -1,68 +1,29 @@
 #! /usr/bin/env perl
 # Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright (c) 2012, Intel Corporation. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
 # in the file LICENSE in the source distribution or at
 # https://www.openssl.org/source/license.html
-
-
-##############################################################################
-#                                                                            #
-#  Copyright (c) 2012, Intel Corporation                                     #
-#                                                                            #
-#  All rights reserved.                                                      #
-#                                                                            #
-#  Redistribution and use in source and binary forms, with or without        #
-#  modification, are permitted provided that the following conditions are    #
-#  met:                                                                      #
-#                                                                            #
-#  *  Redistributions of source code must retain the above copyright         #
-#     notice, this list of conditions and the following disclaimer.          #
-#                                                                            #
-#  *  Redistributions in binary form must reproduce the above copyright      #
-#     notice, this list of conditions and the following disclaimer in the    #
-#     documentation and/or other materials provided with the                 #
-#     distribution.                                                          #
-#                                                                            #
-#  *  Neither the name of the Intel Corporation nor the names of its         #
-#     contributors may be used to endorse or promote products derived from   #
-#     this software without specific prior written permission.               #
-#                                                                            #
-#                                                                            #
-#  THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION ""AS IS"" AND ANY          #
-#  EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE         #
-#  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR        #
-#  PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION OR            #
-#  CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,     #
-#  EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,       #
-#  PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR        #
-#  PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF    #
-#  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING      #
-#  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS        #
-#  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.              #
-#                                                                            #
-##############################################################################
-# Developers and authors:                                                    #
-# Shay Gueron (1, 2), and Vlad Krasnov (1)                                   #
-# (1) Intel Architecture Group, Microprocessor and Chipset Development,      #
-#     Israel Development Center, Haifa, Israel                               #
-# (2) University of Haifa                                                    #
-##############################################################################
-# Reference:                                                                 #
-# [1] S. Gueron, "Efficient Software Implementations of Modular              #
-#     Exponentiation", http://eprint.iacr.org/2011/239                       #
-# [2] S. Gueron, V. Krasnov. "Speeding up Big-Numbers Squaring".             #
-#     IEEE Proceedings of 9th International Conference on Information        #
-#     Technology: New Generations (ITNG 2012), 821-823 (2012).               #
-# [3] S. Gueron, Efficient Software Implementations of Modular Exponentiation#
-#     Journal of Cryptographic Engineering 2:31-43 (2012).                   #
-# [4] S. Gueron, V. Krasnov: "[PATCH] Efficient and side channel analysis    #
-#     resistant 512-bit and 1024-bit modular exponentiation for optimizing   #
-#     RSA1024 and RSA2048 on x86_64 platforms",                              #
-#     http://rt.openssl.org/Ticket/Display.html?id=2582&user=guest&pass=guest#
-##############################################################################
-
+#
+# Originally written by Shay Gueron (1, 2), and Vlad Krasnov (1)
+# (1) Intel Corporation, Israel Development Center, Haifa, Israel
+# (2) University of Haifa, Israel
+#
+# References:
+# [1] S. Gueron, "Efficient Software Implementations of Modular
+#     Exponentiation", http://eprint.iacr.org/2011/239
+# [2] S. Gueron, V. Krasnov. "Speeding up Big-Numbers Squaring".
+#     IEEE Proceedings of 9th International Conference on Information
+#     Technology: New Generations (ITNG 2012), 821-823 (2012).
+# [3] S. Gueron, Efficient Software Implementations of Modular Exponentiation
+#     Journal of Cryptographic Engineering 2:31-43 (2012).
+# [4] S. Gueron, V. Krasnov: "[PATCH] Efficient and side channel analysis
+#     resistant 512-bit and 1024-bit modular exponentiation for optimizing
+#     RSA1024 and RSA2048 on x86_64 platforms",
+#     http://rt.openssl.org/Ticket/Display.html?id=2582&user=guest&pass=guest
+#
 # While original submission covers 512- and 1024-bit exponentiation,
 # this module is limited to 512-bit version only (and as such
 # accelerates RSA1024 sign). This is because improvement for longer
@@ -138,14 +99,22 @@ $code.=<<___;
 .type	rsaz_512_sqr,\@function,5
 .align	32
 rsaz_512_sqr:				# 25-29% faster than rsaz_512_mul
+.cfi_startproc
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
 
 	subq	\$128+24, %rsp
+.cfi_adjust_cfa_offset	128+24
 .Lsqr_body:
 	movq	$mod, %rbp		# common argument
 	movq	($inp), %rdx
@@ -282,9 +251,9 @@ $code.=<<___;
 	movq	%r9, 16(%rsp)
 	movq	%r10, 24(%rsp)
 	shrq	\$63, %rbx
-	
+
 #third iteration
-	movq	16($inp), %r9	
+	movq	16($inp), %r9
 	movq	24($inp), %rax
 	mulq	%r9
 	addq	%rax, %r12
@@ -532,7 +501,7 @@ $code.=<<___;
 	movl	$times,128+8(%rsp)
 	movq	$out, %xmm0		# off-load
 	movq	%rbp, %xmm1		# off-load
-#first iteration	
+#first iteration
 	mulx	%rax, %r8, %r9
 
 	mulx	16($inp), %rcx, %r10
@@ -568,7 +537,7 @@ $code.=<<___;
 	mov	%rax, (%rsp)
 	mov	%r8, 8(%rsp)
 
-#second iteration	
+#second iteration
 	mulx	16($inp), %rax, %rbx
 	adox	%rax, %r10
 	adcx	%rbx, %r11
@@ -607,8 +576,8 @@ $code.=<<___;
 
 	mov	%r9, 16(%rsp)
 	.byte	0x4c,0x89,0x94,0x24,0x18,0x00,0x00,0x00		# mov	%r10, 24(%rsp)
-	
-#third iteration	
+
+#third iteration
 	.byte	0xc4,0x62,0xc3,0xf6,0x8e,0x18,0x00,0x00,0x00	# mulx	24($inp), $out, %r9
 	adox	$out, %r12
 	adcx	%r9, %r13
@@ -643,8 +612,8 @@ $code.=<<___;
 
 	mov	%r11, 32(%rsp)
 	.byte	0x4c,0x89,0xa4,0x24,0x28,0x00,0x00,0x00		# mov	%r12, 40(%rsp)
-	
-#fourth iteration	
+
+#fourth iteration
 	.byte	0xc4,0xe2,0xfb,0xf6,0x9e,0x20,0x00,0x00,0x00	# mulx	32($inp), %rax, %rbx
 	adox	%rax, %r14
 	adcx	%rbx, %r15
@@ -676,8 +645,8 @@ $code.=<<___;
 
 	mov	%r13, 48(%rsp)
 	mov	%r14, 56(%rsp)
-	
-#fifth iteration	
+
+#fifth iteration
 	.byte	0xc4,0x62,0xc3,0xf6,0x9e,0x28,0x00,0x00,0x00	# mulx	40($inp), $out, %r11
 	adox	$out, %r8
 	adcx	%r11, %r9
@@ -704,8 +673,8 @@ $code.=<<___;
 
 	mov	%r15, 64(%rsp)
 	mov	%r8, 72(%rsp)
-	
-#sixth iteration	
+
+#sixth iteration
 	.byte	0xc4,0xe2,0xfb,0xf6,0x9e,0x30,0x00,0x00,0x00	# mulx	48($inp), %rax, %rbx
 	adox	%rax, %r10
 	adcx	%rbx, %r11
@@ -800,15 +769,24 @@ ___
 $code.=<<___;
 
 	leaq	128+24+48(%rsp), %rax
+.cfi_def_cfa	%rax,8
 	movq	-48(%rax), %r15
+.cfi_restore	%r15
 	movq	-40(%rax), %r14
+.cfi_restore	%r14
 	movq	-32(%rax), %r13
+.cfi_restore	%r13
 	movq	-24(%rax), %r12
+.cfi_restore	%r12
 	movq	-16(%rax), %rbp
+.cfi_restore	%rbp
 	movq	-8(%rax), %rbx
+.cfi_restore	%rbx
 	leaq	(%rax), %rsp
+.cfi_def_cfa_register	%rsp
 .Lsqr_epilogue:
 	ret
+.cfi_endproc
 .size	rsaz_512_sqr,.-rsaz_512_sqr
 ___
 }
@@ -819,14 +797,22 @@ $code.=<<___;
 .type	rsaz_512_mul,\@function,5
 .align	32
 rsaz_512_mul:
+.cfi_startproc
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
 
 	subq	\$128+24, %rsp
+.cfi_adjust_cfa_offset	128+24
 .Lmul_body:
 	movq	$out, %xmm0		# off-load arguments
 	movq	$mod, %xmm1
@@ -896,15 +882,24 @@ $code.=<<___;
 	call	__rsaz_512_subtract
 
 	leaq	128+24+48(%rsp), %rax
+.cfi_def_cfa	%rax,8
 	movq	-48(%rax), %r15
+.cfi_restore	%r15
 	movq	-40(%rax), %r14
+.cfi_restore	%r14
 	movq	-32(%rax), %r13
+.cfi_restore	%r13
 	movq	-24(%rax), %r12
+.cfi_restore	%r12
 	movq	-16(%rax), %rbp
+.cfi_restore	%rbp
 	movq	-8(%rax), %rbx
+.cfi_restore	%rbx
 	leaq	(%rax), %rsp
+.cfi_def_cfa_register	%rsp
 .Lmul_epilogue:
 	ret
+.cfi_endproc
 .size	rsaz_512_mul,.-rsaz_512_mul
 ___
 }
@@ -915,14 +910,22 @@ $code.=<<___;
 .type	rsaz_512_mul_gather4,\@function,6
 .align	32
 rsaz_512_mul_gather4:
+.cfi_startproc
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
 
 	subq	\$`128+24+($win64?0xb0:0)`, %rsp
+.cfi_adjust_cfa_offset	`128+24+($win64?0xb0:0)`
 ___
 $code.=<<___	if ($win64);
 	movaps	%xmm6,0xa0(%rsp)
@@ -1048,7 +1051,7 @@ $code.=<<___;
 	movq	56($ap), %rax
 	movq	%rdx, %r14
 	adcq	\$0, %r14
-	
+
 	mulq	%rbx
 	addq	%rax, %r14
 	 movq	($ap), %rax
@@ -1150,7 +1153,7 @@ $code.=<<___;
 	 movq	($ap), %rax
 	adcq	\$0, %rdx
 	addq	%r15, %r14
-	movq	%rdx, %r15	
+	movq	%rdx, %r15
 	adcq	\$0, %r15
 
 	leaq	8(%rdi), %rdi
@@ -1212,7 +1215,7 @@ $code.=<<___ if ($addx);
 
 	mulx	48($ap), %rbx, %r14
 	adcx	%rax, %r12
-	
+
 	mulx	56($ap), %rax, %r15
 	adcx	%rbx, %r13
 	adcx	%rax, %r14
@@ -1348,15 +1351,24 @@ $code.=<<___	if ($win64);
 	lea	0xb0(%rax),%rax
 ___
 $code.=<<___;
+.cfi_def_cfa	%rax,8
 	movq	-48(%rax), %r15
+.cfi_restore	%r15
 	movq	-40(%rax), %r14
+.cfi_restore	%r14
 	movq	-32(%rax), %r13
+.cfi_restore	%r13
 	movq	-24(%rax), %r12
+.cfi_restore	%r12
 	movq	-16(%rax), %rbp
+.cfi_restore	%rbp
 	movq	-8(%rax), %rbx
+.cfi_restore	%rbx
 	leaq	(%rax), %rsp
+.cfi_def_cfa_register	%rsp
 .Lmul_gather4_epilogue:
 	ret
+.cfi_endproc
 .size	rsaz_512_mul_gather4,.-rsaz_512_mul_gather4
 ___
 }
@@ -1367,15 +1379,23 @@ $code.=<<___;
 .type	rsaz_512_mul_scatter4,\@function,6
 .align	32
 rsaz_512_mul_scatter4:
+.cfi_startproc
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
 
 	mov	$pwr, $pwr
 	subq	\$128+24, %rsp
+.cfi_adjust_cfa_offset	128+24
 .Lmul_scatter4_body:
 	leaq	($tbl,$pwr,8), $tbl
 	movq	$out, %xmm0		# off-load arguments
@@ -1411,7 +1431,7 @@ $code.=<<___;
 ___
 $code.=<<___ if ($addx);
 	jmp	.Lmul_scatter_tail
-	
+
 .align	32
 .Lmulx_scatter:
 	movq	($out), %rdx		# pass b[0]
@@ -1458,15 +1478,24 @@ $code.=<<___;
 	movq	%r15, 128*7($inp)
 
 	leaq	128+24+48(%rsp), %rax
+.cfi_def_cfa	%rax,8
 	movq	-48(%rax), %r15
+.cfi_restore	%r15
 	movq	-40(%rax), %r14
+.cfi_restore	%r14
 	movq	-32(%rax), %r13
+.cfi_restore	%r13
 	movq	-24(%rax), %r12
+.cfi_restore	%r12
 	movq	-16(%rax), %rbp
+.cfi_restore	%rbp
 	movq	-8(%rax), %rbx
+.cfi_restore	%rbx
 	leaq	(%rax), %rsp
+.cfi_def_cfa_register	%rsp
 .Lmul_scatter4_epilogue:
 	ret
+.cfi_endproc
 .size	rsaz_512_mul_scatter4,.-rsaz_512_mul_scatter4
 ___
 }
@@ -1477,14 +1506,22 @@ $code.=<<___;
 .type	rsaz_512_mul_by_one,\@function,4
 .align	32
 rsaz_512_mul_by_one:
+.cfi_startproc
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
 
 	subq	\$128+24, %rsp
+.cfi_adjust_cfa_offset	128+24
 .Lmul_by_one_body:
 ___
 $code.=<<___ if ($addx);
@@ -1539,15 +1576,24 @@ $code.=<<___;
 	movq	%r15, 56($out)
 
 	leaq	128+24+48(%rsp), %rax
+.cfi_def_cfa	%rax,8
 	movq	-48(%rax), %r15
+.cfi_restore	%r15
 	movq	-40(%rax), %r14
+.cfi_restore	%r14
 	movq	-32(%rax), %r13
+.cfi_restore	%r13
 	movq	-24(%rax), %r12
+.cfi_restore	%r12
 	movq	-16(%rax), %rbp
+.cfi_restore	%rbp
 	movq	-8(%rax), %rbx
+.cfi_restore	%rbx
 	leaq	(%rax), %rsp
+.cfi_def_cfa_register	%rsp
 .Lmul_by_one_epilogue:
 	ret
+.cfi_endproc
 .size	rsaz_512_mul_by_one,.-rsaz_512_mul_by_one
 ___
 }
@@ -1824,7 +1870,7 @@ __rsaz_512_mul:
 	movq	56($ap), %rax
 	movq	%rdx, %r14
 	adcq	\$0, %r14
-	
+
 	mulq	%rbx
 	addq	%rax, %r14
 	 movq	($ap), %rax
@@ -1901,7 +1947,7 @@ __rsaz_512_mul:
 	 movq	($ap), %rax
 	adcq	\$0, %rdx
 	addq	%r15, %r14
-	movq	%rdx, %r15	
+	movq	%rdx, %r15
 	adcq	\$0, %r15
 
 	leaq	8(%rdi), %rdi
diff --git a/deps/openssl/openssl/crypto/bn/asm/s390x-gf2m.pl b/deps/openssl/openssl/crypto/bn/asm/s390x-gf2m.pl
index cbd16f4214..06181bf9b9 100644
--- a/deps/openssl/openssl/crypto/bn/asm/s390x-gf2m.pl
+++ b/deps/openssl/openssl/crypto/bn/asm/s390x-gf2m.pl
@@ -20,7 +20,7 @@
 # in bn_gf2m.c. It's kind of low-hanging mechanical port from C for
 # the time being... gcc 4.3 appeared to generate poor code, therefore
 # the effort. And indeed, the module delivers 55%-90%(*) improvement
-# on haviest ECDSA verify and ECDH benchmarks for 163- and 571-bit
+# on heaviest ECDSA verify and ECDH benchmarks for 163- and 571-bit
 # key lengths on z990, 30%-55%(*) - on z10, and 70%-110%(*) - on z196.
 # This is for 64-bit build. In 32-bit "highgprs" case improvement is
 # even higher, for example on z990 it was measured 80%-150%. ECDSA
@@ -198,7 +198,7 @@ $code.=<<___;
 	xgr	$hi,@r[1]
 	xgr	$lo,@r[0]
 	xgr	$hi,@r[2]
-	xgr	$lo,@r[3]	
+	xgr	$lo,@r[3]
 	xgr	$hi,@r[3]
 	xgr	$lo,$hi
 	stg	$hi,16($rp)
diff --git a/deps/openssl/openssl/crypto/bn/asm/s390x-mont.pl b/deps/openssl/openssl/crypto/bn/asm/s390x-mont.pl
index 66780cdf80..c2fc5adffe 100644
--- a/deps/openssl/openssl/crypto/bn/asm/s390x-mont.pl
+++ b/deps/openssl/openssl/crypto/bn/asm/s390x-mont.pl
@@ -8,7 +8,7 @@
 
 
 # ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
 # project. The module is, however, dual licensed under OpenSSL and
 # CRYPTOGAMS licenses depending on where you obtain it. For further
 # details see http://www.openssl.org/~appro/cryptogams/.
diff --git a/deps/openssl/openssl/crypto/bn/asm/sparct4-mont.pl b/deps/openssl/openssl/crypto/bn/asm/sparct4-mont.pl
index 4f339b2279..fcae9cfc5b 100755
--- a/deps/openssl/openssl/crypto/bn/asm/sparct4-mont.pl
+++ b/deps/openssl/openssl/crypto/bn/asm/sparct4-mont.pl
@@ -8,9 +8,9 @@
 
 
 # ====================================================================
-# Written by David S. Miller <davem@devemloft.net> and Andy Polyakov
-# <appro@openssl.org>. The module is licensed under 2-clause BSD
-# license. November 2012. All rights reserved.
+# Written by David S. Miller and Andy Polyakov
+# The module is licensed under 2-clause BSD license.
+# November 2012. All rights reserved.
 # ====================================================================
 
 ######################################################################
diff --git a/deps/openssl/openssl/crypto/bn/asm/sparcv8.S b/deps/openssl/openssl/crypto/bn/asm/sparcv8.S
index 9c31073b24..75d72eb92c 100644
--- a/deps/openssl/openssl/crypto/bn/asm/sparcv8.S
+++ b/deps/openssl/openssl/crypto/bn/asm/sparcv8.S
@@ -1,5 +1,5 @@
 .ident	"sparcv8.s, Version 1.4"
-.ident	"SPARC v8 ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"
+.ident	"SPARC v8 ISA artwork by Andy Polyakov <appro@openssl.org>"
 
 /*
  * ====================================================================
@@ -13,7 +13,7 @@
  */
 
 /*
- * This is my modest contributon to OpenSSL project (see
+ * This is my modest contribution to OpenSSL project (see
  * http://www.openssl.org/ for more information about it) and is
  * a drop-in SuperSPARC ISA replacement for crypto/bn/bn_asm.c
  * module. For updates see http://fy.chalmers.se/~appro/hpe/.
@@ -159,12 +159,12 @@ bn_mul_add_words:
  */
 bn_mul_words:
 	cmp	%o2,0
-	bg,a	.L_bn_mul_words_proceeed
+	bg,a	.L_bn_mul_words_proceed
 	ld	[%o1],%g2
 	retl
 	clr	%o0
 
-.L_bn_mul_words_proceeed:
+.L_bn_mul_words_proceed:
 	andcc	%o2,-4,%g0
 	bz	.L_bn_mul_words_tail
 	clr	%o5
@@ -251,12 +251,12 @@ bn_mul_words:
  */
 bn_sqr_words:
 	cmp	%o2,0
-	bg,a	.L_bn_sqr_words_proceeed
+	bg,a	.L_bn_sqr_words_proceed
 	ld	[%o1],%g2
 	retl
 	clr	%o0
 
-.L_bn_sqr_words_proceeed:
+.L_bn_sqr_words_proceed:
 	andcc	%o2,-4,%g0
 	bz	.L_bn_sqr_words_tail
 	clr	%o5
diff --git a/deps/openssl/openssl/crypto/bn/asm/sparcv8plus.S b/deps/openssl/openssl/crypto/bn/asm/sparcv8plus.S
index 714a136675..fe4699b2bd 100644
--- a/deps/openssl/openssl/crypto/bn/asm/sparcv8plus.S
+++ b/deps/openssl/openssl/crypto/bn/asm/sparcv8plus.S
@@ -1,5 +1,5 @@
 .ident	"sparcv8plus.s, Version 1.4"
-.ident	"SPARC v9 ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"
+.ident	"SPARC v9 ISA artwork by Andy Polyakov <appro@openssl.org>"
 
 /*
  * ====================================================================
@@ -13,7 +13,7 @@
  */
 
 /*
- * This is my modest contributon to OpenSSL project (see
+ * This is my modest contribution to OpenSSL project (see
  * http://www.openssl.org/ for more information about it) and is
  * a drop-in UltraSPARC ISA replacement for crypto/bn/bn_asm.c
  * module. For updates see http://fy.chalmers.se/~appro/hpe/.
@@ -144,10 +144,6 @@
  *	    }
  */
 
-#ifdef OPENSSL_FIPSCANISTER
-#include <openssl/fipssyms.h>
-#endif
-
 #if defined(__SUNPRO_C) && defined(__sparcv9)
   /* They've said -xarch=v9 at command line */
   .register	%g2,#scratch
@@ -282,7 +278,7 @@ bn_mul_add_words:
  */
 bn_mul_words:
 	sra	%o2,%g0,%o2	! signx %o2
-	brgz,a	%o2,.L_bn_mul_words_proceeed
+	brgz,a	%o2,.L_bn_mul_words_proceed
 	lduw	[%o1],%g2
 	retl
 	clr	%o0
@@ -290,7 +286,7 @@ bn_mul_words:
 	nop
 	nop
 
-.L_bn_mul_words_proceeed:
+.L_bn_mul_words_proceed:
 	srl	%o3,%g0,%o3	! clruw	%o3
 	andcc	%o2,-4,%g0
 	bz,pn	%icc,.L_bn_mul_words_tail
@@ -370,7 +366,7 @@ bn_mul_words:
  */
 bn_sqr_words:
 	sra	%o2,%g0,%o2	! signx %o2
-	brgz,a	%o2,.L_bn_sqr_words_proceeed
+	brgz,a	%o2,.L_bn_sqr_words_proceed
 	lduw	[%o1],%g2
 	retl
 	clr	%o0
@@ -378,7 +374,7 @@ bn_sqr_words:
 	nop
 	nop
 
-.L_bn_sqr_words_proceeed:
+.L_bn_sqr_words_proceed:
 	andcc	%o2,-4,%g0
 	nop
 	bz,pn	%icc,.L_bn_sqr_words_tail
diff --git a/deps/openssl/openssl/crypto/bn/asm/sparcv9-mont.pl b/deps/openssl/openssl/crypto/bn/asm/sparcv9-mont.pl
index 074f9df14b..b41903af98 100644
--- a/deps/openssl/openssl/crypto/bn/asm/sparcv9-mont.pl
+++ b/deps/openssl/openssl/crypto/bn/asm/sparcv9-mont.pl
@@ -8,7 +8,7 @@
 
 
 # ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
 # project. The module is, however, dual licensed under OpenSSL and
 # CRYPTOGAMS licenses depending on where you obtain it. For further
 # details see http://www.openssl.org/~appro/cryptogams/.
@@ -612,7 +612,7 @@ $code.=<<___;
 	add	$tp,8,$tp
 .type	$fname,#function
 .size	$fname,(.-$fname)
-.asciz	"Montgomery Multipltication for SPARCv9, CRYPTOGAMS by <appro\@openssl.org>"
+.asciz	"Montgomery Multiplication for SPARCv9, CRYPTOGAMS by <appro\@openssl.org>"
 .align	32
 ___
 $code =~ s/\`([^\`]*)\`/eval($1)/gem;
diff --git a/deps/openssl/openssl/crypto/bn/asm/sparcv9a-mont.pl b/deps/openssl/openssl/crypto/bn/asm/sparcv9a-mont.pl
index 50b690653f..c8f759df9f 100755
--- a/deps/openssl/openssl/crypto/bn/asm/sparcv9a-mont.pl
+++ b/deps/openssl/openssl/crypto/bn/asm/sparcv9a-mont.pl
@@ -8,7 +8,7 @@
 
 
 # ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
 # project. The module is, however, dual licensed under OpenSSL and
 # CRYPTOGAMS licenses depending on where you obtain it. For further
 # details see http://www.openssl.org/~appro/cryptogams/.
@@ -865,7 +865,7 @@ $fname:
 	restore
 .type   $fname,#function
 .size	$fname,(.-$fname)
-.asciz	"Montgomery Multipltication for UltraSPARC, CRYPTOGAMS by <appro\@openssl.org>"
+.asciz	"Montgomery Multiplication for UltraSPARC, CRYPTOGAMS by <appro\@openssl.org>"
 .align	32
 ___
 
diff --git a/deps/openssl/openssl/crypto/bn/asm/via-mont.pl b/deps/openssl/openssl/crypto/bn/asm/via-mont.pl
index 9d65a146a2..9cf717e841 100644
--- a/deps/openssl/openssl/crypto/bn/asm/via-mont.pl
+++ b/deps/openssl/openssl/crypto/bn/asm/via-mont.pl
@@ -8,7 +8,7 @@
 
 #
 # ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
 # project. The module is, however, dual licensed under OpenSSL and
 # CRYPTOGAMS licenses depending on where you obtain it. For further
 # details see http://www.openssl.org/~appro/cryptogams/.
@@ -76,7 +76,7 @@
 # dsa 1024 bits 0.001346s 0.001595s    742.7    627.0
 # dsa 2048 bits 0.004745s 0.005582s    210.7    179.1
 #
-# Conclusions: 
+# Conclusions:
 # - VIA SDK leaves a *lot* of room for improvement (which this
 #   implementation successfully fills:-);
 # - 'rep montmul' gives up to >3x performance improvement depending on
@@ -91,7 +91,7 @@ require "x86asm.pl";
 $output = pop;
 open STDOUT,">$output";
 
-&asm_init($ARGV[0],"via-mont.pl");
+&asm_init($ARGV[0]);
 
 # int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num);
 $func="bn_mul_mont_padlock";
diff --git a/deps/openssl/openssl/crypto/bn/asm/vis3-mont.pl b/deps/openssl/openssl/crypto/bn/asm/vis3-mont.pl
index ba34b36a81..04833a0c87 100644
--- a/deps/openssl/openssl/crypto/bn/asm/vis3-mont.pl
+++ b/deps/openssl/openssl/crypto/bn/asm/vis3-mont.pl
@@ -16,7 +16,7 @@
 
 # October 2012.
 #
-# SPARCv9 VIS3 Montgomery multiplicaion procedure suitable for T3 and
+# SPARCv9 VIS3 Montgomery multiplication procedure suitable for T3 and
 # onward. There are three new instructions used here: umulxhi,
 # addxc[cc] and initializing store. On T3 RSA private key operations
 # are 1.54/1.87/2.11/2.26 times faster for 512/1024/2048/4096-bit key
diff --git a/deps/openssl/openssl/crypto/bn/asm/x86-gf2m.pl b/deps/openssl/openssl/crypto/bn/asm/x86-gf2m.pl
index f464368733..d03efcc750 100644
--- a/deps/openssl/openssl/crypto/bn/asm/x86-gf2m.pl
+++ b/deps/openssl/openssl/crypto/bn/asm/x86-gf2m.pl
@@ -46,7 +46,7 @@ require "x86asm.pl";
 $output = pop;
 open STDOUT,">$output";
 
-&asm_init($ARGV[0],$0,$x86only = $ARGV[$#ARGV] eq "386");
+&asm_init($ARGV[0],$x86only = $ARGV[$#ARGV] eq "386");
 
 $sse2=0;
 for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
@@ -152,7 +152,7 @@ $R="mm0";
 	 &xor	($a4,$a2);		# a2=a4^a2^a4
 	 &mov	(&DWP(5*4,"esp"),$a1);	# a1^a4
 	 &xor	($a4,$a1);		# a1^a2^a4
-	&sar	(@i[1],31);		# broardcast 30th bit
+	&sar	(@i[1],31);		# broadcast 30th bit
 	&and	($lo,$b);
 	 &mov	(&DWP(6*4,"esp"),$a2);	# a2^a4
 	&and	(@i[1],$b);
diff --git a/deps/openssl/openssl/crypto/bn/asm/x86-mont.pl b/deps/openssl/openssl/crypto/bn/asm/x86-mont.pl
index f1abcc5b4c..7ba2133ac9 100755
--- a/deps/openssl/openssl/crypto/bn/asm/x86-mont.pl
+++ b/deps/openssl/openssl/crypto/bn/asm/x86-mont.pl
@@ -8,7 +8,7 @@
 
 
 # ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
 # project. The module is, however, dual licensed under OpenSSL and
 # CRYPTOGAMS licenses depending on where you obtain it. For further
 # details see http://www.openssl.org/~appro/cryptogams/.
@@ -39,8 +39,8 @@ require "x86asm.pl";
 
 $output = pop;
 open STDOUT,">$output";
- 
-&asm_init($ARGV[0],$0);
+
+&asm_init($ARGV[0]);
 
 $sse2=0;
 for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
@@ -78,7 +78,7 @@ $frame=32;				# size of above frame rounded up to 16n
 	&lea	("ebp",&DWP(-$frame,"esp","edi",4));	# future alloca($frame+4*(num+2))
 	&neg	("edi");
 
-	# minimize cache contention by arraning 2K window between stack
+	# minimize cache contention by arranging 2K window between stack
 	# pointer and ap argument [np is also position sensitive vector,
 	# but it's assumed to be near ap, as it's allocated at ~same
 	# time].
diff --git a/deps/openssl/openssl/crypto/bn/asm/x86_64-gcc.c b/deps/openssl/openssl/crypto/bn/asm/x86_64-gcc.c
index 621be33054..31839ba060 100644
--- a/deps/openssl/openssl/crypto/bn/asm/x86_64-gcc.c
+++ b/deps/openssl/openssl/crypto/bn/asm/x86_64-gcc.c
@@ -14,7 +14,7 @@
 /*-
  * x86_64 BIGNUM accelerator version 0.1, December 2002.
  *
- * Implemented by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+ * Implemented by Andy Polyakov <appro@openssl.org> for the OpenSSL
  * project.
  *
  * Rights for redistribution and usage in source and binary forms are
@@ -114,7 +114,7 @@ BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num,
     BN_ULONG c1 = 0;
 
     if (num <= 0)
-        return (c1);
+        return c1;
 
     while (num & ~3) {
         mul_add(rp[0], ap[0], w, c1);
@@ -136,7 +136,7 @@ BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num,
         return c1;
     }
 
-    return (c1);
+    return c1;
 }
 
 BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
@@ -144,7 +144,7 @@ BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
     BN_ULONG c1 = 0;
 
     if (num <= 0)
-        return (c1);
+        return c1;
 
     while (num & ~3) {
         mul(rp[0], ap[0], w, c1);
@@ -164,7 +164,7 @@ BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
             return c1;
         mul(rp[2], ap[2], w, c1);
     }
-    return (c1);
+    return c1;
 }
 
 void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
@@ -264,7 +264,7 @@ BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
     int c = 0;
 
     if (n <= 0)
-        return ((BN_ULONG)0);
+        return (BN_ULONG)0;
 
     for (;;) {
         t1 = a[0];
@@ -303,7 +303,7 @@ BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
         b += 4;
         r += 4;
     }
-    return (c);
+    return c;
 }
 # endif
 
diff --git a/deps/openssl/openssl/crypto/bn/asm/x86_64-gf2m.pl b/deps/openssl/openssl/crypto/bn/asm/x86_64-gf2m.pl
index d962f62033..0fd6e985d7 100644
--- a/deps/openssl/openssl/crypto/bn/asm/x86_64-gf2m.pl
+++ b/deps/openssl/openssl/crypto/bn/asm/x86_64-gf2m.pl
@@ -54,7 +54,9 @@ $code.=<<___;
 .type	_mul_1x1,\@abi-omnipotent
 .align	16
 _mul_1x1:
+.cfi_startproc
 	sub	\$128+8,%rsp
+.cfi_adjust_cfa_offset	128+8
 	mov	\$-1,$a1
 	lea	($a,$a),$i0
 	shr	\$3,$a1
@@ -66,7 +68,7 @@ _mul_1x1:
 	sar	\$63,$i0		# broadcast 62nd bit
 	lea	(,$a1,4),$a4
 	and	$b,$a
-	sar	\$63,$i1		# boardcast 61st bit
+	sar	\$63,$i1		# broadcast 61st bit
 	mov	$a,$hi			# $a is $lo
 	shl	\$63,$lo
 	and	$b,$i0
@@ -160,8 +162,10 @@ $code.=<<___;
 	xor	$i1,$hi
 
 	add	\$128+8,%rsp
+.cfi_adjust_cfa_offset	-128-8
 	ret
 .Lend_mul_1x1:
+.cfi_endproc
 .size	_mul_1x1,.-_mul_1x1
 ___
 
@@ -174,8 +178,10 @@ $code.=<<___;
 .type	bn_GF2m_mul_2x2,\@abi-omnipotent
 .align	16
 bn_GF2m_mul_2x2:
-	mov	OPENSSL_ia32cap_P(%rip),%rax
-	bt	\$33,%rax
+.cfi_startproc
+	mov	%rsp,%rax
+	mov	OPENSSL_ia32cap_P(%rip),%r10
+	bt	\$33,%r10
 	jnc	.Lvanilla_mul_2x2
 
 	movq		$a1,%xmm0
@@ -210,6 +216,7 @@ $code.=<<___;
 .align	16
 .Lvanilla_mul_2x2:
 	lea	-8*17(%rsp),%rsp
+.cfi_adjust_cfa_offset	8*17
 ___
 $code.=<<___ if ($win64);
 	mov	`8*17+40`(%rsp),$b0
@@ -218,10 +225,15 @@ $code.=<<___ if ($win64);
 ___
 $code.=<<___;
 	mov	%r14,8*10(%rsp)
+.cfi_rel_offset	%r14,8*10
 	mov	%r13,8*11(%rsp)
+.cfi_rel_offset	%r13,8*11
 	mov	%r12,8*12(%rsp)
+.cfi_rel_offset	%r12,8*12
 	mov	%rbp,8*13(%rsp)
+.cfi_rel_offset	%rbp,8*13
 	mov	%rbx,8*14(%rsp)
+.cfi_rel_offset	%rbx,8*14
 .Lbody_mul_2x2:
 	mov	$rp,32(%rsp)		# save the arguments
 	mov	$a1,40(%rsp)
@@ -269,10 +281,15 @@ $code.=<<___;
 	mov	$lo,8(%rbp)
 
 	mov	8*10(%rsp),%r14
+.cfi_restore	%r14
 	mov	8*11(%rsp),%r13
+.cfi_restore	%r13
 	mov	8*12(%rsp),%r12
+.cfi_restore	%r12
 	mov	8*13(%rsp),%rbp
+.cfi_restore	%rbp
 	mov	8*14(%rsp),%rbx
+.cfi_restore	%rbx
 ___
 $code.=<<___ if ($win64);
 	mov	8*15(%rsp),%rdi
@@ -280,8 +297,11 @@ $code.=<<___ if ($win64);
 ___
 $code.=<<___;
 	lea	8*17(%rsp),%rsp
+.cfi_adjust_cfa_offset	-8*17
+.Lepilogue_mul_2x2:
 	ret
 .Lend_mul_2x2:
+.cfi_endproc
 .size	bn_GF2m_mul_2x2,.-bn_GF2m_mul_2x2
 .asciz	"GF(2^m) Multiplication for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
 .align	16
@@ -312,13 +332,19 @@ se_handler:
 	pushfq
 	sub	\$64,%rsp
 
-	mov	152($context),%rax	# pull context->Rsp
+	mov	120($context),%rax	# pull context->Rax
 	mov	248($context),%rbx	# pull context->Rip
 
 	lea	.Lbody_mul_2x2(%rip),%r10
 	cmp	%r10,%rbx		# context->Rip<"prologue" label
 	jb	.Lin_prologue
 
+	mov	152($context),%rax	# pull context->Rsp
+
+	lea	.Lepilogue_mul_2x2(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip>="epilogue" label
+	jae	.Lin_prologue
+
 	mov	8*10(%rax),%r14		# mimic epilogue
 	mov	8*11(%rax),%r13
 	mov	8*12(%rax),%r12
@@ -335,8 +361,9 @@ se_handler:
 	mov	%r13,224($context)	# restore context->R13
 	mov	%r14,232($context)	# restore context->R14
 
-.Lin_prologue:
 	lea	8*17(%rax),%rax
+
+.Lin_prologue:
 	mov	%rax,152($context)	# restore context->Rsp
 
 	mov	40($disp),%rdi		# disp->ContextRecord
diff --git a/deps/openssl/openssl/crypto/bn/asm/x86_64-mont.pl b/deps/openssl/openssl/crypto/bn/asm/x86_64-mont.pl
index 8d2fb2cebb..c051135e30 100755
--- a/deps/openssl/openssl/crypto/bn/asm/x86_64-mont.pl
+++ b/deps/openssl/openssl/crypto/bn/asm/x86_64-mont.pl
@@ -104,8 +104,10 @@ $code=<<___;
 .type	bn_mul_mont,\@function,6
 .align	16
 bn_mul_mont:
+.cfi_startproc
 	mov	${num}d,${num}d
 	mov	%rsp,%rax
+.cfi_def_cfa_register	%rax
 	test	\$3,${num}d
 	jnz	.Lmul_enter
 	cmp	\$8,${num}d
@@ -124,11 +126,17 @@ $code.=<<___;
 .align	16
 .Lmul_enter:
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
 
 	neg	$num
 	mov	%rsp,%r11
@@ -161,6 +169,7 @@ $code.=<<___;
 .Lmul_page_walk_done:
 
 	mov	%rax,8(%rsp,$num,8)	# tp[num+1]=%rsp
+.cfi_cfa_expression	%rsp+8,$num,8,mul,plus,deref,+8
 .Lmul_body:
 	mov	$bp,%r12		# reassign $bp
 ___
@@ -309,7 +318,7 @@ $code.=<<___;
 	mov	%rax,($rp,$i,8)		# rp[i]=tp[i]-np[i]
 	mov	8(%rsp,$i,8),%rax	# tp[i+1]
 	lea	1($i),$i		# i++
-	dec	$j			# doesnn't affect CF!
+	dec	$j			# doesn't affect CF!
 	jnz	.Lsub
 
 	sbb	\$0,%rax		# handle upmost overflow bit
@@ -331,16 +340,25 @@ $code.=<<___;
 	jnz	.Lcopy
 
 	mov	8(%rsp,$num,8),%rsi	# restore %rsp
+.cfi_def_cfa	%rsi,8
 	mov	\$1,%rax
 	mov	-48(%rsi),%r15
+.cfi_restore	%r15
 	mov	-40(%rsi),%r14
+.cfi_restore	%r14
 	mov	-32(%rsi),%r13
+.cfi_restore	%r13
 	mov	-24(%rsi),%r12
+.cfi_restore	%r12
 	mov	-16(%rsi),%rbp
+.cfi_restore	%rbp
 	mov	-8(%rsi),%rbx
+.cfi_restore	%rbx
 	lea	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
 .Lmul_epilogue:
 	ret
+.cfi_endproc
 .size	bn_mul_mont,.-bn_mul_mont
 ___
 {{{
@@ -350,8 +368,10 @@ $code.=<<___;
 .type	bn_mul4x_mont,\@function,6
 .align	16
 bn_mul4x_mont:
+.cfi_startproc
 	mov	${num}d,${num}d
 	mov	%rsp,%rax
+.cfi_def_cfa_register	%rax
 .Lmul4x_enter:
 ___
 $code.=<<___ if ($addx);
@@ -361,11 +381,17 @@ $code.=<<___ if ($addx);
 ___
 $code.=<<___;
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
 
 	neg	$num
 	mov	%rsp,%r11
@@ -389,6 +415,7 @@ $code.=<<___;
 .Lmul4x_page_walk_done:
 
 	mov	%rax,8(%rsp,$num,8)	# tp[num+1]=%rsp
+.cfi_cfa_expression	%rsp+8,$num,8,mul,plus,deref,+8
 .Lmul4x_body:
 	mov	$rp,16(%rsp,$num,8)	# tp[num+2]=$rp
 	mov	%rdx,%r12		# reassign $bp
@@ -721,7 +748,7 @@ $code.=<<___;
 	mov	56($ap,$i,8),@ri[3]
 	sbb	40($np,$i,8),@ri[1]
 	lea	4($i),$i		# i++
-	dec	$j			# doesnn't affect CF!
+	dec	$j			# doesn't affect CF!
 	jnz	.Lsub4x
 
 	mov	@ri[0],0($rp,$i,8)	# rp[i]=tp[i]-np[i]
@@ -766,16 +793,25 @@ ___
 }
 $code.=<<___;
 	mov	8(%rsp,$num,8),%rsi	# restore %rsp
+.cfi_def_cfa	%rsi, 8
 	mov	\$1,%rax
 	mov	-48(%rsi),%r15
+.cfi_restore	%r15
 	mov	-40(%rsi),%r14
+.cfi_restore	%r14
 	mov	-32(%rsi),%r13
+.cfi_restore	%r13
 	mov	-24(%rsi),%r12
+.cfi_restore	%r12
 	mov	-16(%rsi),%rbp
+.cfi_restore	%rbp
 	mov	-8(%rsi),%rbx
+.cfi_restore	%rbx
 	lea	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
 .Lmul4x_epilogue:
 	ret
+.cfi_endproc
 .size	bn_mul4x_mont,.-bn_mul4x_mont
 ___
 }}}
@@ -803,14 +839,22 @@ $code.=<<___;
 .type	bn_sqr8x_mont,\@function,6
 .align	32
 bn_sqr8x_mont:
+.cfi_startproc
 	mov	%rsp,%rax
+.cfi_def_cfa_register	%rax
 .Lsqr8x_enter:
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
 .Lsqr8x_prologue:
 
 	mov	${num}d,%r10d
@@ -866,6 +910,7 @@ bn_sqr8x_mont:
 
 	mov	$n0,  32(%rsp)
 	mov	%rax, 40(%rsp)		# save original %rsp
+.cfi_cfa_expression	%rsp+40,deref,+8
 .Lsqr8x_body:
 
 	movq	$nptr, %xmm2		# save pointer to modulus
@@ -935,6 +980,7 @@ $code.=<<___;
 	pxor	%xmm0,%xmm0
 	pshufd	\$0,%xmm1,%xmm1
 	mov	40(%rsp),%rsi		# restore %rsp
+.cfi_def_cfa	%rsi,8
 	jmp	.Lsqr8x_cond_copy
 
 .align	32
@@ -964,14 +1010,22 @@ $code.=<<___;
 
 	mov	\$1,%rax
 	mov	-48(%rsi),%r15
+.cfi_restore	%r15
 	mov	-40(%rsi),%r14
+.cfi_restore	%r14
 	mov	-32(%rsi),%r13
+.cfi_restore	%r13
 	mov	-24(%rsi),%r12
+.cfi_restore	%r12
 	mov	-16(%rsi),%rbp
+.cfi_restore	%rbp
 	mov	-8(%rsi),%rbx
+.cfi_restore	%rbx
 	lea	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
 .Lsqr8x_epilogue:
 	ret
+.cfi_endproc
 .size	bn_sqr8x_mont,.-bn_sqr8x_mont
 ___
 }}}
@@ -983,14 +1037,22 @@ $code.=<<___;
 .type	bn_mulx4x_mont,\@function,6
 .align	32
 bn_mulx4x_mont:
+.cfi_startproc
 	mov	%rsp,%rax
+.cfi_def_cfa_register	%rax
 .Lmulx4x_enter:
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
 .Lmulx4x_prologue:
 
 	shl	\$3,${num}d		# convert $num to bytes
@@ -1036,6 +1098,7 @@ bn_mulx4x_mont:
 	mov	$n0, 24(%rsp)		# save *n0
 	mov	$rp, 32(%rsp)		# save $rp
 	mov	%rax,40(%rsp)		# save original %rsp
+.cfi_cfa_expression	%rsp+40,deref,+8
 	mov	$num,48(%rsp)		# inner counter
 	jmp	.Lmulx4x_body
 
@@ -1285,6 +1348,7 @@ $code.=<<___;
 	pxor	%xmm0,%xmm0
 	pshufd	\$0,%xmm1,%xmm1
 	mov	40(%rsp),%rsi		# restore %rsp
+.cfi_def_cfa	%rsi,8
 	jmp	.Lmulx4x_cond_copy
 
 .align	32
@@ -1314,14 +1378,22 @@ $code.=<<___;
 
 	mov	\$1,%rax
 	mov	-48(%rsi),%r15
+.cfi_restore	%r15
 	mov	-40(%rsi),%r14
+.cfi_restore	%r14
 	mov	-32(%rsi),%r13
+.cfi_restore	%r13
 	mov	-24(%rsi),%r12
+.cfi_restore	%r12
 	mov	-16(%rsi),%rbp
+.cfi_restore	%rbp
 	mov	-8(%rsi),%rbx
+.cfi_restore	%rbx
 	lea	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
 .Lmulx4x_epilogue:
 	ret
+.cfi_endproc
 .size	bn_mulx4x_mont,.-bn_mulx4x_mont
 ___
 }}}
@@ -1400,12 +1472,12 @@ sqr_handler:
 
 	mov	0(%r11),%r10d		# HandlerData[0]
 	lea	(%rsi,%r10),%r10	# end of prologue label
-	cmp	%r10,%rbx		# context->Rip<.Lsqr_body
+	cmp	%r10,%rbx		# context->Rip<.Lsqr_prologue
 	jb	.Lcommon_seh_tail
 
 	mov	4(%r11),%r10d		# HandlerData[1]
 	lea	(%rsi,%r10),%r10	# body label
-	cmp	%r10,%rbx		# context->Rip>=.Lsqr_epilogue
+	cmp	%r10,%rbx		# context->Rip<.Lsqr_body
 	jb	.Lcommon_pop_regs
 
 	mov	152($context),%rax	# pull context->Rsp
diff --git a/deps/openssl/openssl/crypto/bn/asm/x86_64-mont5.pl b/deps/openssl/openssl/crypto/bn/asm/x86_64-mont5.pl
index 97d8eee700..ad6e8ada3c 100755
--- a/deps/openssl/openssl/crypto/bn/asm/x86_64-mont5.pl
+++ b/deps/openssl/openssl/crypto/bn/asm/x86_64-mont5.pl
@@ -93,8 +93,10 @@ $code=<<___;
 .type	bn_mul_mont_gather5,\@function,6
 .align	64
 bn_mul_mont_gather5:
+.cfi_startproc
 	mov	${num}d,${num}d
 	mov	%rsp,%rax
+.cfi_def_cfa_register	%rax
 	test	\$7,${num}d
 	jnz	.Lmul_enter
 ___
@@ -108,11 +110,17 @@ $code.=<<___;
 .Lmul_enter:
 	movd	`($win64?56:8)`(%rsp),%xmm5	# load 7th argument
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
 
 	neg	$num
 	mov	%rsp,%r11
@@ -145,6 +153,7 @@ $code.=<<___;
 
 	lea	.Linc(%rip),%r10
 	mov	%rax,8(%rsp,$num,8)	# tp[num+1]=%rsp
+.cfi_cfa_expression	%rsp+8,$num,8,mul,plus,deref,+8
 .Lmul_body:
 
 	lea	128($bp),%r12		# reassign $bp (+size optimization)
@@ -410,7 +419,7 @@ $code.=<<___;
 	mov	%rax,($rp,$i,8)		# rp[i]=tp[i]-np[i]
 	mov	8($ap,$i,8),%rax	# tp[i+1]
 	lea	1($i),$i		# i++
-	dec	$j			# doesnn't affect CF!
+	dec	$j			# doesn't affect CF!
 	jnz	.Lsub
 
 	sbb	\$0,%rax		# handle upmost overflow bit
@@ -432,17 +441,26 @@ $code.=<<___;
 	jnz	.Lcopy
 
 	mov	8(%rsp,$num,8),%rsi	# restore %rsp
+.cfi_def_cfa	%rsi,8
 	mov	\$1,%rax
 
 	mov	-48(%rsi),%r15
+.cfi_restore	%r15
 	mov	-40(%rsi),%r14
+.cfi_restore	%r14
 	mov	-32(%rsi),%r13
+.cfi_restore	%r13
 	mov	-24(%rsi),%r12
+.cfi_restore	%r12
 	mov	-16(%rsi),%rbp
+.cfi_restore	%rbp
 	mov	-8(%rsi),%rbx
+.cfi_restore	%rbx
 	lea	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
 .Lmul_epilogue:
 	ret
+.cfi_endproc
 .size	bn_mul_mont_gather5,.-bn_mul_mont_gather5
 ___
 {{{
@@ -452,8 +470,10 @@ $code.=<<___;
 .type	bn_mul4x_mont_gather5,\@function,6
 .align	32
 bn_mul4x_mont_gather5:
+.cfi_startproc
 	.byte	0x67
 	mov	%rsp,%rax
+.cfi_def_cfa_register	%rax
 .Lmul4x_enter:
 ___
 $code.=<<___ if ($addx);
@@ -463,11 +483,17 @@ $code.=<<___ if ($addx);
 ___
 $code.=<<___;
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
 .Lmul4x_prologue:
 
 	.byte	0x67
@@ -523,22 +549,32 @@ $code.=<<___;
 	neg	$num
 
 	mov	%rax,40(%rsp)
+.cfi_cfa_expression	%rsp+40,deref,+8
 .Lmul4x_body:
 
 	call	mul4x_internal
 
 	mov	40(%rsp),%rsi		# restore %rsp
+.cfi_def_cfa	%rsi,8
 	mov	\$1,%rax
 
 	mov	-48(%rsi),%r15
+.cfi_restore	%r15
 	mov	-40(%rsi),%r14
+.cfi_restore	%r14
 	mov	-32(%rsi),%r13
+.cfi_restore	%r13
 	mov	-24(%rsi),%r12
+.cfi_restore	%r12
 	mov	-16(%rsi),%rbp
+.cfi_restore	%rbp
 	mov	-8(%rsi),%rbx
+.cfi_restore	%rbx
 	lea	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
 .Lmul4x_epilogue:
 	ret
+.cfi_endproc
 .size	bn_mul4x_mont_gather5,.-bn_mul4x_mont_gather5
 
 .type	mul4x_internal,\@abi-omnipotent
@@ -1050,7 +1086,7 @@ my $bptr="%rdx";	# const void *table,
 my $nptr="%rcx";	# const BN_ULONG *nptr,
 my $n0  ="%r8";		# const BN_ULONG *n0);
 my $num ="%r9";		# int num, has to be divisible by 8
-			# int pwr 
+			# int pwr
 
 my ($i,$j,$tptr)=("%rbp","%rcx",$rptr);
 my @A0=("%r10","%r11");
@@ -1062,7 +1098,9 @@ $code.=<<___;
 .type	bn_power5,\@function,6
 .align	32
 bn_power5:
+.cfi_startproc
 	mov	%rsp,%rax
+.cfi_def_cfa_register	%rax
 ___
 $code.=<<___ if ($addx);
 	mov	OPENSSL_ia32cap_P+8(%rip),%r11d
@@ -1072,11 +1110,17 @@ $code.=<<___ if ($addx);
 ___
 $code.=<<___;
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
 .Lpower5_prologue:
 
 	shl	\$3,${num}d		# convert $num to bytes
@@ -1127,7 +1171,7 @@ $code.=<<___;
 	ja	.Lpwr_page_walk
 .Lpwr_page_walk_done:
 
-	mov	$num,%r10	
+	mov	$num,%r10
 	neg	$num
 
 	##############################################################
@@ -1141,6 +1185,7 @@ $code.=<<___;
 	#
 	mov	$n0,  32(%rsp)
 	mov	%rax, 40(%rsp)		# save original %rsp
+.cfi_cfa_expression	%rsp+40,deref,+8
 .Lpower5_body:
 	movq	$rptr,%xmm1		# save $rptr, used in sqr8x
 	movq	$nptr,%xmm2		# save $nptr
@@ -1167,16 +1212,25 @@ $code.=<<___;
 	call	mul4x_internal
 
 	mov	40(%rsp),%rsi		# restore %rsp
+.cfi_def_cfa	%rsi,8
 	mov	\$1,%rax
 	mov	-48(%rsi),%r15
+.cfi_restore	%r15
 	mov	-40(%rsi),%r14
+.cfi_restore	%r14
 	mov	-32(%rsi),%r13
+.cfi_restore	%r13
 	mov	-24(%rsi),%r12
+.cfi_restore	%r12
 	mov	-16(%rsi),%rbp
+.cfi_restore	%rbp
 	mov	-8(%rsi),%rbx
+.cfi_restore	%rbx
 	lea	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
 .Lpower5_epilogue:
 	ret
+.cfi_endproc
 .size	bn_power5,.-bn_power5
 
 .globl	bn_sqr8x_internal
@@ -2036,7 +2090,7 @@ __bn_post4x_internal:
 	jnz	.Lsqr4x_sub
 
 	mov	$num,%r10		# prepare for back-to-back call
-	neg	$num			# restore $num	
+	neg	$num			# restore $num
 	ret
 .size	__bn_post4x_internal,.-__bn_post4x_internal
 ___
@@ -2056,14 +2110,22 @@ bn_from_montgomery:
 .type	bn_from_mont8x,\@function,6
 .align	32
 bn_from_mont8x:
+.cfi_startproc
 	.byte	0x67
 	mov	%rsp,%rax
+.cfi_def_cfa_register	%rax
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
 .Lfrom_prologue:
 
 	shl	\$3,${num}d		# convert $num to bytes
@@ -2128,6 +2190,7 @@ bn_from_mont8x:
 	#
 	mov	$n0,  32(%rsp)
 	mov	%rax, 40(%rsp)		# save original %rsp
+.cfi_cfa_expression	%rsp+40,deref,+8
 .Lfrom_body:
 	mov	$num,%r11
 	lea	48(%rsp),%rax
@@ -2171,7 +2234,6 @@ $code.=<<___ if ($addx);
 
 	pxor	%xmm0,%xmm0
 	lea	48(%rsp),%rax
-	mov	40(%rsp),%rsi		# restore %rsp
 	jmp	.Lfrom_mont_zero
 
 .align	32
@@ -2183,11 +2245,12 @@ $code.=<<___;
 
 	pxor	%xmm0,%xmm0
 	lea	48(%rsp),%rax
-	mov	40(%rsp),%rsi		# restore %rsp
 	jmp	.Lfrom_mont_zero
 
 .align	32
 .Lfrom_mont_zero:
+	mov	40(%rsp),%rsi		# restore %rsp
+.cfi_def_cfa	%rsi,8
 	movdqa	%xmm0,16*0(%rax)
 	movdqa	%xmm0,16*1(%rax)
 	movdqa	%xmm0,16*2(%rax)
@@ -2198,14 +2261,22 @@ $code.=<<___;
 
 	mov	\$1,%rax
 	mov	-48(%rsi),%r15
+.cfi_restore	%r15
 	mov	-40(%rsi),%r14
+.cfi_restore	%r14
 	mov	-32(%rsi),%r13
+.cfi_restore	%r13
 	mov	-24(%rsi),%r12
+.cfi_restore	%r12
 	mov	-16(%rsi),%rbp
+.cfi_restore	%rbp
 	mov	-8(%rsi),%rbx
+.cfi_restore	%rbx
 	lea	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
 .Lfrom_epilogue:
 	ret
+.cfi_endproc
 .size	bn_from_mont8x,.-bn_from_mont8x
 ___
 }
@@ -2218,14 +2289,22 @@ $code.=<<___;
 .type	bn_mulx4x_mont_gather5,\@function,6
 .align	32
 bn_mulx4x_mont_gather5:
+.cfi_startproc
 	mov	%rsp,%rax
+.cfi_def_cfa_register	%rax
 .Lmulx4x_enter:
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
 .Lmulx4x_prologue:
 
 	shl	\$3,${num}d		# convert $num to bytes
@@ -2259,7 +2338,7 @@ bn_mulx4x_mont_gather5:
 	mov	\$0,%r10
 	cmovc	%r10,%r11
 	sub	%r11,%rbp
-.Lmulx4xsp_done:	
+.Lmulx4xsp_done:
 	and	\$-64,%rbp		# ensure alignment
 	mov	%rsp,%r11
 	sub	%rbp,%r11
@@ -2291,21 +2370,31 @@ bn_mulx4x_mont_gather5:
 	#
 	mov	$n0, 32(%rsp)		# save *n0
 	mov	%rax,40(%rsp)		# save original %rsp
+.cfi_cfa_expression	%rsp+40,deref,+8
 .Lmulx4x_body:
 	call	mulx4x_internal
 
 	mov	40(%rsp),%rsi		# restore %rsp
+.cfi_def_cfa	%rsi,8
 	mov	\$1,%rax
 
 	mov	-48(%rsi),%r15
+.cfi_restore	%r15
 	mov	-40(%rsi),%r14
+.cfi_restore	%r14
 	mov	-32(%rsi),%r13
+.cfi_restore	%r13
 	mov	-24(%rsi),%r12
+.cfi_restore	%r12
 	mov	-16(%rsi),%rbp
+.cfi_restore	%rbp
 	mov	-8(%rsi),%rbx
+.cfi_restore	%rbx
 	lea	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
 .Lmulx4x_epilogue:
 	ret
+.cfi_endproc
 .size	bn_mulx4x_mont_gather5,.-bn_mulx4x_mont_gather5
 
 .type	mulx4x_internal,\@abi-omnipotent
@@ -2333,7 +2422,7 @@ my $N=$STRIDE/4;		# should match cache line size
 $code.=<<___;
 	movdqa	0(%rax),%xmm0		# 00000001000000010000000000000000
 	movdqa	16(%rax),%xmm1		# 00000002000000020000000200000002
-	lea	88-112(%rsp,%r10),%r10	# place the mask after tp[num+1] (+ICache optimizaton)
+	lea	88-112(%rsp,%r10),%r10	# place the mask after tp[num+1] (+ICache optimization)
 	lea	128($bp),$bptr		# size optimization
 
 	pshufd	\$0,%xmm5,%xmm5		# broadcast index
@@ -2683,14 +2772,22 @@ $code.=<<___;
 .type	bn_powerx5,\@function,6
 .align	32
 bn_powerx5:
+.cfi_startproc
 	mov	%rsp,%rax
+.cfi_def_cfa_register	%rax
 .Lpowerx5_enter:
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
 .Lpowerx5_prologue:
 
 	shl	\$3,${num}d		# convert $num to bytes
@@ -2741,7 +2838,7 @@ bn_powerx5:
 	ja	.Lpwrx_page_walk
 .Lpwrx_page_walk_done:
 
-	mov	$num,%r10	
+	mov	$num,%r10
 	neg	$num
 
 	##############################################################
@@ -2762,6 +2859,7 @@ bn_powerx5:
 	movq	$bptr,%xmm4
 	mov	$n0,  32(%rsp)
 	mov	%rax, 40(%rsp)		# save original %rsp
+.cfi_cfa_expression	%rsp+40,deref,+8
 .Lpowerx5_body:
 
 	call	__bn_sqrx8x_internal
@@ -2784,17 +2882,26 @@ bn_powerx5:
 	call	mulx4x_internal
 
 	mov	40(%rsp),%rsi		# restore %rsp
+.cfi_def_cfa	%rsi,8
 	mov	\$1,%rax
 
 	mov	-48(%rsi),%r15
+.cfi_restore	%r15
 	mov	-40(%rsi),%r14
+.cfi_restore	%r14
 	mov	-32(%rsi),%r13
+.cfi_restore	%r13
 	mov	-24(%rsi),%r12
+.cfi_restore	%r12
 	mov	-16(%rsi),%rbp
+.cfi_restore	%rbp
 	mov	-8(%rsi),%rbx
+.cfi_restore	%rbx
 	lea	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
 .Lpowerx5_epilogue:
 	ret
+.cfi_endproc
 .size	bn_powerx5,.-bn_powerx5
 
 .globl	bn_sqrx8x_internal
@@ -3678,8 +3785,8 @@ mul_handler:
 	jb	.Lcommon_seh_tail
 
 	mov	4(%r11),%r10d		# HandlerData[1]
-	lea	(%rsi,%r10),%r10	# epilogue label
-	cmp	%r10,%rbx		# context->Rip>=epilogue label
+	lea	(%rsi,%r10),%r10	# beginning of body label
+	cmp	%r10,%rbx		# context->Rip<body label
 	jb	.Lcommon_pop_regs
 
 	mov	152($context),%rax	# pull context->Rsp
diff --git a/deps/openssl/openssl/crypto/bn/bn_add.c b/deps/openssl/openssl/crypto/bn/bn_add.c
index 7cdefa77a1..f2736b8f6d 100644
--- a/deps/openssl/openssl/crypto/bn/bn_add.c
+++ b/deps/openssl/openssl/crypto/bn/bn_add.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -10,51 +10,69 @@
 #include "internal/cryptlib.h"
 #include "bn_lcl.h"
 
-/* r can == a or b */
+/* signed add of b to a. */
 int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
 {
-    int a_neg = a->neg, ret;
+    int ret, r_neg, cmp_res;
 
     bn_check_top(a);
     bn_check_top(b);
 
-    /*-
-     *  a +  b      a+b
-     *  a + -b      a-b
-     * -a +  b      b-a
-     * -a + -b      -(a+b)
-     */
-    if (a_neg ^ b->neg) {
-        /* only one is negative */
-        if (a_neg) {
-            const BIGNUM *tmp;
-
-            tmp = a;
-            a = b;
-            b = tmp;
+    if (a->neg == b->neg) {
+        r_neg = a->neg;
+        ret = BN_uadd(r, a, b);
+    } else {
+        cmp_res = BN_ucmp(a, b);
+        if (cmp_res > 0) {
+            r_neg = a->neg;
+            ret = BN_usub(r, a, b);
+        } else if (cmp_res < 0) {
+            r_neg = b->neg;
+            ret = BN_usub(r, b, a);
+        } else {
+            r_neg = 0;
+            BN_zero(r);
+            ret = 1;
         }
+    }
+
+    r->neg = r_neg;
+    bn_check_top(r);
+    return ret;
+}
+
+/* signed sub of b from a. */
+int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+{
+    int ret, r_neg, cmp_res;
 
-        /* we are now a - b */
+    bn_check_top(a);
+    bn_check_top(b);
 
-        if (BN_ucmp(a, b) < 0) {
-            if (!BN_usub(r, b, a))
-                return 0;
-            r->neg = 1;
+    if (a->neg != b->neg) {
+        r_neg = a->neg;
+        ret = BN_uadd(r, a, b);
+    } else {
+        cmp_res = BN_ucmp(a, b);
+        if (cmp_res > 0) {
+            r_neg = a->neg;
+            ret = BN_usub(r, a, b);
+        } else if (cmp_res < 0) {
+            r_neg = !b->neg;
+            ret = BN_usub(r, b, a);
         } else {
-            if (!BN_usub(r, a, b))
-                return 0;
-            r->neg = 0;
+            r_neg = 0;
+            BN_zero(r);
+            ret = 1;
         }
-        return 1;
     }
 
-    ret = BN_uadd(r, a, b);
-    r->neg = a_neg;
+    r->neg = r_neg;
     bn_check_top(r);
     return ret;
 }
 
-/* unsigned add of b to a */
+/* unsigned add of b to a, r can be equal to a or b. */
 int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
 {
     int max, min, dif;
@@ -151,59 +169,3 @@ int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
     return 1;
 }
 
-int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
-{
-    int max;
-    int add = 0, neg = 0;
-
-    bn_check_top(a);
-    bn_check_top(b);
-
-    /*-
-     *  a -  b      a-b
-     *  a - -b      a+b
-     * -a -  b      -(a+b)
-     * -a - -b      b-a
-     */
-    if (a->neg) {
-        if (b->neg) {
-            const BIGNUM *tmp;
-
-            tmp = a;
-            a = b;
-            b = tmp;
-        } else {
-            add = 1;
-            neg = 1;
-        }
-    } else {
-        if (b->neg) {
-            add = 1;
-            neg = 0;
-        }
-    }
-
-    if (add) {
-        if (!BN_uadd(r, a, b))
-            return 0;
-        r->neg = neg;
-        return 1;
-    }
-
-    /* We are actually doing a - b :-) */
-
-    max = (a->top > b->top) ? a->top : b->top;
-    if (bn_wexpand(r, max) == NULL)
-        return 0;
-    if (BN_ucmp(a, b) < 0) {
-        if (!BN_usub(r, b, a))
-            return 0;
-        r->neg = 1;
-    } else {
-        if (!BN_usub(r, a, b))
-            return 0;
-        r->neg = 0;
-    }
-    bn_check_top(r);
-    return 1;
-}
diff --git a/deps/openssl/openssl/crypto/bn/bn_asm.c b/deps/openssl/openssl/crypto/bn/bn_asm.c
index 39c6c2134b..729b2480ac 100644
--- a/deps/openssl/openssl/crypto/bn/bn_asm.c
+++ b/deps/openssl/openssl/crypto/bn/bn_asm.c
@@ -21,7 +21,7 @@ BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num,
 
     assert(num >= 0);
     if (num <= 0)
-        return (c1);
+        return c1;
 
 # ifndef OPENSSL_SMALL_FOOTPRINT
     while (num & ~3) {
@@ -41,7 +41,7 @@ BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num,
         num--;
     }
 
-    return (c1);
+    return c1;
 }
 
 BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
@@ -50,7 +50,7 @@ BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
 
     assert(num >= 0);
     if (num <= 0)
-        return (c1);
+        return c1;
 
 # ifndef OPENSSL_SMALL_FOOTPRINT
     while (num & ~3) {
@@ -69,7 +69,7 @@ BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
         rp++;
         num--;
     }
-    return (c1);
+    return c1;
 }
 
 void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
@@ -108,7 +108,7 @@ BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num,
 
     assert(num >= 0);
     if (num <= 0)
-        return ((BN_ULONG)0);
+        return (BN_ULONG)0;
 
     bl = LBITS(w);
     bh = HBITS(w);
@@ -130,7 +130,7 @@ BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num,
         rp++;
         num--;
     }
-    return (c);
+    return c;
 }
 
 BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
@@ -140,7 +140,7 @@ BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
 
     assert(num >= 0);
     if (num <= 0)
-        return ((BN_ULONG)0);
+        return (BN_ULONG)0;
 
     bl = LBITS(w);
     bh = HBITS(w);
@@ -162,7 +162,7 @@ BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
         rp++;
         num--;
     }
-    return (carry);
+    return carry;
 }
 
 void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
@@ -210,7 +210,7 @@ BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
     int i, count = 2;
 
     if (d == 0)
-        return (BN_MASK2);
+        return BN_MASK2;
 
     i = BN_num_bits_word(d);
     assert((i == BN_BITS2) || (h <= (BN_ULONG)1 << i));
@@ -264,7 +264,7 @@ BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
         l = (l & BN_MASK2l) << BN_BITS4;
     }
     ret |= q;
-    return (ret);
+    return ret;
 }
 #endif                          /* !defined(BN_LLONG) && defined(BN_DIV2W) */
 
@@ -276,7 +276,7 @@ BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
 
     assert(n >= 0);
     if (n <= 0)
-        return ((BN_ULONG)0);
+        return (BN_ULONG)0;
 
 # ifndef OPENSSL_SMALL_FOOTPRINT
     while (n & ~3) {
@@ -307,7 +307,7 @@ BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
         r++;
         n--;
     }
-    return ((BN_ULONG)ll);
+    return (BN_ULONG)ll;
 }
 #else                           /* !BN_LLONG */
 BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
@@ -317,7 +317,7 @@ BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
 
     assert(n >= 0);
     if (n <= 0)
-        return ((BN_ULONG)0);
+        return (BN_ULONG)0;
 
     c = 0;
 # ifndef OPENSSL_SMALL_FOOTPRINT
@@ -364,7 +364,7 @@ BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
         r++;
         n--;
     }
-    return ((BN_ULONG)c);
+    return (BN_ULONG)c;
 }
 #endif                          /* !BN_LLONG */
 
@@ -376,7 +376,7 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
 
     assert(n >= 0);
     if (n <= 0)
-        return ((BN_ULONG)0);
+        return (BN_ULONG)0;
 
 #ifndef OPENSSL_SMALL_FOOTPRINT
     while (n & ~3) {
@@ -417,7 +417,7 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
         r++;
         n--;
     }
-    return (c);
+    return c;
 }
 
 #if defined(BN_MUL_COMBA) && !defined(OPENSSL_SMALL_FOOTPRINT)
diff --git a/deps/openssl/openssl/crypto/bn/bn_blind.c b/deps/openssl/openssl/crypto/bn/bn_blind.c
index 9474e21e4c..450cdfb348 100644
--- a/deps/openssl/openssl/crypto/bn/bn_blind.c
+++ b/deps/openssl/openssl/crypto/bn/bn_blind.c
@@ -82,7 +82,6 @@ void BN_BLINDING_free(BN_BLINDING *r)
 {
     if (r == NULL)
         return;
-
     BN_free(r->A);
     BN_free(r->Ai);
     BN_free(r->e);
@@ -124,7 +123,7 @@ int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx)
  err:
     if (b->counter == BN_BLINDING_COUNTER)
         b->counter = 0;
-    return (ret);
+    return ret;
 }
 
 int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx)
@@ -140,14 +139,14 @@ int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx)
 
     if ((b->A == NULL) || (b->Ai == NULL)) {
         BNerr(BN_F_BN_BLINDING_CONVERT_EX, BN_R_NOT_INITIALIZED);
-        return (0);
+        return 0;
     }
 
     if (b->counter == -1)
         /* Fresh blinding, doesn't need updating. */
         b->counter = 0;
     else if (!BN_BLINDING_update(b, ctx))
-        return (0);
+        return 0;
 
     if (r != NULL && (BN_copy(r, b->Ai) == NULL))
         return 0;
@@ -198,7 +197,7 @@ int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b,
     }
 
     bn_check_top(n);
-    return (ret);
+    return ret;
 }
 
 int BN_BLINDING_is_current_thread(BN_BLINDING *b)
@@ -271,7 +270,7 @@ BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
 
     do {
         int rv;
-        if (!BN_rand_range(ret->A, ret->mod))
+        if (!BN_priv_rand_range(ret->A, ret->mod))
             goto err;
         if (int_bn_mod_inverse(ret->Ai, ret->A, ret->mod, ctx, &rv))
             break;
diff --git a/deps/openssl/openssl/crypto/bn/bn_ctx.c b/deps/openssl/openssl/crypto/bn/bn_ctx.c
index 68c0468743..aa08b31a34 100644
--- a/deps/openssl/openssl/crypto/bn/bn_ctx.c
+++ b/deps/openssl/openssl/crypto/bn/bn_ctx.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -255,9 +255,12 @@ static int BN_STACK_push(BN_STACK *st, unsigned int idx)
         /* Need to expand */
         unsigned int newsize =
             st->size ? (st->size * 3 / 2) : BN_CTX_START_FRAMES;
-        unsigned int *newitems = OPENSSL_malloc(sizeof(*newitems) * newsize);
-        if (newitems == NULL)
+        unsigned int *newitems;
+        
+        if ((newitems = OPENSSL_malloc(sizeof(*newitems) * newsize)) == NULL) {
+            BNerr(BN_F_BN_STACK_PUSH, ERR_R_MALLOC_FAILURE);
             return 0;
+        }
         if (st->depth)
             memcpy(newitems, st->indexes, sizeof(*newitems) * st->depth);
         OPENSSL_free(st->indexes);
@@ -306,9 +309,12 @@ static BIGNUM *BN_POOL_get(BN_POOL *p, int flag)
 
     /* Full; allocate a new pool item and link it in. */
     if (p->used == p->size) {
-        BN_POOL_ITEM *item = OPENSSL_malloc(sizeof(*item));
-        if (item == NULL)
+        BN_POOL_ITEM *item;
+        
+        if ((item = OPENSSL_malloc(sizeof(*item))) == NULL) {
+            BNerr(BN_F_BN_POOL_GET, ERR_R_MALLOC_FAILURE);
             return NULL;
+        }
         for (loop = 0, bn = item->vals; loop++ < BN_CTX_POOL_SIZE; bn++) {
             bn_init(bn);
             if ((flag & BN_FLG_SECURE) != 0)
diff --git a/deps/openssl/openssl/crypto/bn/bn_dh.c b/deps/openssl/openssl/crypto/bn/bn_dh.c
index 17d05597b3..38acdee234 100644
--- a/deps/openssl/openssl/crypto/bn/bn_dh.c
+++ b/deps/openssl/openssl/crypto/bn/bn_dh.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -8,7 +8,7 @@
  */
 
 #include "bn_lcl.h"
-#include "e_os.h"
+#include "internal/nelem.h"
 
 #ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
@@ -104,6 +104,146 @@ static const BN_ULONG dh2048_256_q[] = {
     0x8CF83642A709A097ULL
 };
 
+/* Primes from RFC 7919 */
+static const BN_ULONG ffdhe2048_p[] = {
+    0xFFFFFFFFFFFFFFFFULL, 0x886B423861285C97ULL, 0xC6F34A26C1B2EFFAULL,
+    0xC58EF1837D1683B2ULL, 0x3BB5FCBC2EC22005ULL, 0xC3FE3B1B4C6FAD73ULL,
+    0x8E4F1232EEF28183ULL, 0x9172FE9CE98583FFULL, 0xC03404CD28342F61ULL,
+    0x9E02FCE1CDF7E2ECULL, 0x0B07A7C8EE0A6D70ULL, 0xAE56EDE76372BB19ULL,
+    0x1D4F42A3DE394DF4ULL, 0xB96ADAB760D7F468ULL, 0xD108A94BB2C8E3FBULL,
+    0xBC0AB182B324FB61ULL, 0x30ACCA4F483A797AULL, 0x1DF158A136ADE735ULL,
+    0xE2A689DAF3EFE872ULL, 0x984F0C70E0E68B77ULL, 0xB557135E7F57C935ULL,
+    0x856365553DED1AF3ULL, 0x2433F51F5F066ED0ULL, 0xD3DF1ED5D5FD6561ULL,
+    0xF681B202AEC4617AULL, 0x7D2FE363630C75D8ULL, 0xCC939DCE249B3EF9ULL,
+    0xA9E13641146433FBULL, 0xD8B9C583CE2D3695ULL, 0xAFDC5620273D3CF1ULL,
+    0xADF85458A2BB4A9AULL, 0xFFFFFFFFFFFFFFFFULL
+};
+
+static const BN_ULONG ffdhe3072_p[] = {
+    0xFFFFFFFFFFFFFFFFULL, 0x25E41D2B66C62E37ULL, 0x3C1B20EE3FD59D7CULL,
+    0x0ABCD06BFA53DDEFULL, 0x1DBF9A42D5C4484EULL, 0xABC521979B0DEADAULL,
+    0xE86D2BC522363A0DULL, 0x5CAE82AB9C9DF69EULL, 0x64F2E21E71F54BFFULL,
+    0xF4FD4452E2D74DD3ULL, 0xB4130C93BC437944ULL, 0xAEFE130985139270ULL,
+    0x598CB0FAC186D91CULL, 0x7AD91D2691F7F7EEULL, 0x61B46FC9D6E6C907ULL,
+    0xBC34F4DEF99C0238ULL, 0xDE355B3B6519035BULL, 0x886B4238611FCFDCULL,
+    0xC6F34A26C1B2EFFAULL, 0xC58EF1837D1683B2ULL, 0x3BB5FCBC2EC22005ULL,
+    0xC3FE3B1B4C6FAD73ULL, 0x8E4F1232EEF28183ULL, 0x9172FE9CE98583FFULL,
+    0xC03404CD28342F61ULL, 0x9E02FCE1CDF7E2ECULL, 0x0B07A7C8EE0A6D70ULL,
+    0xAE56EDE76372BB19ULL, 0x1D4F42A3DE394DF4ULL, 0xB96ADAB760D7F468ULL,
+    0xD108A94BB2C8E3FBULL, 0xBC0AB182B324FB61ULL, 0x30ACCA4F483A797AULL,
+    0x1DF158A136ADE735ULL, 0xE2A689DAF3EFE872ULL, 0x984F0C70E0E68B77ULL,
+    0xB557135E7F57C935ULL, 0x856365553DED1AF3ULL, 0x2433F51F5F066ED0ULL,
+    0xD3DF1ED5D5FD6561ULL, 0xF681B202AEC4617AULL, 0x7D2FE363630C75D8ULL,
+    0xCC939DCE249B3EF9ULL, 0xA9E13641146433FBULL, 0xD8B9C583CE2D3695ULL,
+    0xAFDC5620273D3CF1ULL, 0xADF85458A2BB4A9AULL, 0xFFFFFFFFFFFFFFFFULL
+};
+
+static const BN_ULONG ffdhe4096_p[] = {
+    0xFFFFFFFFFFFFFFFFULL, 0xC68A007E5E655F6AULL, 0x4DB5A851F44182E1ULL,
+    0x8EC9B55A7F88A46BULL, 0x0A8291CDCEC97DCFULL, 0x2A4ECEA9F98D0ACCULL,
+    0x1A1DB93D7140003CULL, 0x092999A333CB8B7AULL, 0x6DC778F971AD0038ULL,
+    0xA907600A918130C4ULL, 0xED6A1E012D9E6832ULL, 0x7135C886EFB4318AULL,
+    0x87F55BA57E31CC7AULL, 0x7763CF1D55034004ULL, 0xAC7D5F42D69F6D18ULL,
+    0x7930E9E4E58857B6ULL, 0x6E6F52C3164DF4FBULL, 0x25E41D2B669E1EF1ULL,
+    0x3C1B20EE3FD59D7CULL, 0x0ABCD06BFA53DDEFULL, 0x1DBF9A42D5C4484EULL,
+    0xABC521979B0DEADAULL, 0xE86D2BC522363A0DULL, 0x5CAE82AB9C9DF69EULL,
+    0x64F2E21E71F54BFFULL, 0xF4FD4452E2D74DD3ULL, 0xB4130C93BC437944ULL,
+    0xAEFE130985139270ULL, 0x598CB0FAC186D91CULL, 0x7AD91D2691F7F7EEULL,
+    0x61B46FC9D6E6C907ULL, 0xBC34F4DEF99C0238ULL, 0xDE355B3B6519035BULL,
+    0x886B4238611FCFDCULL, 0xC6F34A26C1B2EFFAULL, 0xC58EF1837D1683B2ULL,
+    0x3BB5FCBC2EC22005ULL, 0xC3FE3B1B4C6FAD73ULL, 0x8E4F1232EEF28183ULL,
+    0x9172FE9CE98583FFULL, 0xC03404CD28342F61ULL, 0x9E02FCE1CDF7E2ECULL,
+    0x0B07A7C8EE0A6D70ULL, 0xAE56EDE76372BB19ULL, 0x1D4F42A3DE394DF4ULL,
+    0xB96ADAB760D7F468ULL, 0xD108A94BB2C8E3FBULL, 0xBC0AB182B324FB61ULL,
+    0x30ACCA4F483A797AULL, 0x1DF158A136ADE735ULL, 0xE2A689DAF3EFE872ULL,
+    0x984F0C70E0E68B77ULL, 0xB557135E7F57C935ULL, 0x856365553DED1AF3ULL,
+    0x2433F51F5F066ED0ULL, 0xD3DF1ED5D5FD6561ULL, 0xF681B202AEC4617AULL,
+    0x7D2FE363630C75D8ULL, 0xCC939DCE249B3EF9ULL, 0xA9E13641146433FBULL,
+    0xD8B9C583CE2D3695ULL, 0xAFDC5620273D3CF1ULL, 0xADF85458A2BB4A9AULL,
+    0xFFFFFFFFFFFFFFFFULL
+};
+
+static const BN_ULONG ffdhe6144_p[] = {
+    0xFFFFFFFFFFFFFFFFULL, 0xA40E329CD0E40E65ULL, 0xA41D570D7938DAD4ULL,
+    0x62A69526D43161C1ULL, 0x3FDD4A8E9ADB1E69ULL, 0x5B3B71F9DC6B80D6ULL,
+    0xEC9D1810C6272B04ULL, 0x8CCF2DD5CACEF403ULL, 0xE49F5235C95B9117ULL,
+    0x505DC82DB854338AULL, 0x62292C311562A846ULL, 0xD72B03746AE77F5EULL,
+    0xF9C9091B462D538CULL, 0x0AE8DB5847A67CBEULL, 0xB3A739C122611682ULL,
+    0xEEAAC0232A281BF6ULL, 0x94C6651E77CAF992ULL, 0x763E4E4B94B2BBC1ULL,
+    0x587E38DA0077D9B4ULL, 0x7FB29F8C183023C3ULL, 0x0ABEC1FFF9E3A26EULL,
+    0xA00EF092350511E3ULL, 0xB855322EDB6340D8ULL, 0xA52471F7A9A96910ULL,
+    0x388147FB4CFDB477ULL, 0x9B1F5C3E4E46041FULL, 0xCDAD0657FCCFEC71ULL,
+    0xB38E8C334C701C3AULL, 0x917BDD64B1C0FD4CULL, 0x3BB454329B7624C8ULL,
+    0x23BA4442CAF53EA6ULL, 0x4E677D2C38532A3AULL, 0x0BFD64B645036C7AULL,
+    0xC68A007E5E0DD902ULL, 0x4DB5A851F44182E1ULL, 0x8EC9B55A7F88A46BULL,
+    0x0A8291CDCEC97DCFULL, 0x2A4ECEA9F98D0ACCULL, 0x1A1DB93D7140003CULL,
+    0x092999A333CB8B7AULL, 0x6DC778F971AD0038ULL, 0xA907600A918130C4ULL,
+    0xED6A1E012D9E6832ULL, 0x7135C886EFB4318AULL, 0x87F55BA57E31CC7AULL,
+    0x7763CF1D55034004ULL, 0xAC7D5F42D69F6D18ULL, 0x7930E9E4E58857B6ULL,
+    0x6E6F52C3164DF4FBULL, 0x25E41D2B669E1EF1ULL, 0x3C1B20EE3FD59D7CULL,
+    0x0ABCD06BFA53DDEFULL, 0x1DBF9A42D5C4484EULL, 0xABC521979B0DEADAULL,
+    0xE86D2BC522363A0DULL, 0x5CAE82AB9C9DF69EULL, 0x64F2E21E71F54BFFULL,
+    0xF4FD4452E2D74DD3ULL, 0xB4130C93BC437944ULL, 0xAEFE130985139270ULL,
+    0x598CB0FAC186D91CULL, 0x7AD91D2691F7F7EEULL, 0x61B46FC9D6E6C907ULL,
+    0xBC34F4DEF99C0238ULL, 0xDE355B3B6519035BULL, 0x886B4238611FCFDCULL,
+    0xC6F34A26C1B2EFFAULL, 0xC58EF1837D1683B2ULL, 0x3BB5FCBC2EC22005ULL,
+    0xC3FE3B1B4C6FAD73ULL, 0x8E4F1232EEF28183ULL, 0x9172FE9CE98583FFULL,
+    0xC03404CD28342F61ULL, 0x9E02FCE1CDF7E2ECULL, 0x0B07A7C8EE0A6D70ULL,
+    0xAE56EDE76372BB19ULL, 0x1D4F42A3DE394DF4ULL, 0xB96ADAB760D7F468ULL,
+    0xD108A94BB2C8E3FBULL, 0xBC0AB182B324FB61ULL, 0x30ACCA4F483A797AULL,
+    0x1DF158A136ADE735ULL, 0xE2A689DAF3EFE872ULL, 0x984F0C70E0E68B77ULL,
+    0xB557135E7F57C935ULL, 0x856365553DED1AF3ULL, 0x2433F51F5F066ED0ULL,
+    0xD3DF1ED5D5FD6561ULL, 0xF681B202AEC4617AULL, 0x7D2FE363630C75D8ULL,
+    0xCC939DCE249B3EF9ULL, 0xA9E13641146433FBULL, 0xD8B9C583CE2D3695ULL,
+    0xAFDC5620273D3CF1ULL, 0xADF85458A2BB4A9AULL, 0xFFFFFFFFFFFFFFFFULL
+};
+
+static const BN_ULONG ffdhe8192_p[] = {
+    0xFFFFFFFFFFFFFFFFULL, 0xD68C8BB7C5C6424CULL, 0x011E2A94838FF88CULL,
+    0x0822E506A9F4614EULL, 0x97D11D49F7A8443DULL, 0xA6BBFDE530677F0DULL,
+    0x2F741EF8C1FE86FEULL, 0xFAFABE1C5D71A87EULL, 0xDED2FBABFBE58A30ULL,
+    0xB6855DFE72B0A66EULL, 0x1EFC8CE0BA8A4FE8ULL, 0x83F81D4A3F2FA457ULL,
+    0xA1FE3075A577E231ULL, 0xD5B8019488D9C0A0ULL, 0x624816CDAD9A95F9ULL,
+    0x99E9E31650C1217BULL, 0x51AA691E0E423CFCULL, 0x1C217E6C3826E52CULL,
+    0x51A8A93109703FEEULL, 0xBB7099876A460E74ULL, 0x541FC68C9C86B022ULL,
+    0x59160CC046FD8251ULL, 0x2846C0BA35C35F5CULL, 0x54504AC78B758282ULL,
+    0x29388839D2AF05E4ULL, 0xCB2C0F1CC01BD702ULL, 0x555B2F747C932665ULL,
+    0x86B63142A3AB8829ULL, 0x0B8CC3BDF64B10EFULL, 0x687FEB69EDD1CC5EULL,
+    0xFDB23FCEC9509D43ULL, 0x1E425A31D951AE64ULL, 0x36AD004CF600C838ULL,
+    0xA40E329CCFF46AAAULL, 0xA41D570D7938DAD4ULL, 0x62A69526D43161C1ULL,
+    0x3FDD4A8E9ADB1E69ULL, 0x5B3B71F9DC6B80D6ULL, 0xEC9D1810C6272B04ULL,
+    0x8CCF2DD5CACEF403ULL, 0xE49F5235C95B9117ULL, 0x505DC82DB854338AULL,
+    0x62292C311562A846ULL, 0xD72B03746AE77F5EULL, 0xF9C9091B462D538CULL,
+    0x0AE8DB5847A67CBEULL, 0xB3A739C122611682ULL, 0xEEAAC0232A281BF6ULL,
+    0x94C6651E77CAF992ULL, 0x763E4E4B94B2BBC1ULL, 0x587E38DA0077D9B4ULL,
+    0x7FB29F8C183023C3ULL, 0x0ABEC1FFF9E3A26EULL, 0xA00EF092350511E3ULL,
+    0xB855322EDB6340D8ULL, 0xA52471F7A9A96910ULL, 0x388147FB4CFDB477ULL,
+    0x9B1F5C3E4E46041FULL, 0xCDAD0657FCCFEC71ULL, 0xB38E8C334C701C3AULL,
+    0x917BDD64B1C0FD4CULL, 0x3BB454329B7624C8ULL, 0x23BA4442CAF53EA6ULL,
+    0x4E677D2C38532A3AULL, 0x0BFD64B645036C7AULL, 0xC68A007E5E0DD902ULL,
+    0x4DB5A851F44182E1ULL, 0x8EC9B55A7F88A46BULL, 0x0A8291CDCEC97DCFULL,
+    0x2A4ECEA9F98D0ACCULL, 0x1A1DB93D7140003CULL, 0x092999A333CB8B7AULL,
+    0x6DC778F971AD0038ULL, 0xA907600A918130C4ULL, 0xED6A1E012D9E6832ULL,
+    0x7135C886EFB4318AULL, 0x87F55BA57E31CC7AULL, 0x7763CF1D55034004ULL,
+    0xAC7D5F42D69F6D18ULL, 0x7930E9E4E58857B6ULL, 0x6E6F52C3164DF4FBULL,
+    0x25E41D2B669E1EF1ULL, 0x3C1B20EE3FD59D7CULL, 0x0ABCD06BFA53DDEFULL,
+    0x1DBF9A42D5C4484EULL, 0xABC521979B0DEADAULL, 0xE86D2BC522363A0DULL,
+    0x5CAE82AB9C9DF69EULL, 0x64F2E21E71F54BFFULL, 0xF4FD4452E2D74DD3ULL,
+    0xB4130C93BC437944ULL, 0xAEFE130985139270ULL, 0x598CB0FAC186D91CULL,
+    0x7AD91D2691F7F7EEULL, 0x61B46FC9D6E6C907ULL, 0xBC34F4DEF99C0238ULL,
+    0xDE355B3B6519035BULL, 0x886B4238611FCFDCULL, 0xC6F34A26C1B2EFFAULL,
+    0xC58EF1837D1683B2ULL, 0x3BB5FCBC2EC22005ULL, 0xC3FE3B1B4C6FAD73ULL,
+    0x8E4F1232EEF28183ULL, 0x9172FE9CE98583FFULL, 0xC03404CD28342F61ULL,
+    0x9E02FCE1CDF7E2ECULL, 0x0B07A7C8EE0A6D70ULL, 0xAE56EDE76372BB19ULL,
+    0x1D4F42A3DE394DF4ULL, 0xB96ADAB760D7F468ULL, 0xD108A94BB2C8E3FBULL,
+    0xBC0AB182B324FB61ULL, 0x30ACCA4F483A797AULL, 0x1DF158A136ADE735ULL,
+    0xE2A689DAF3EFE872ULL, 0x984F0C70E0E68B77ULL, 0xB557135E7F57C935ULL,
+    0x856365553DED1AF3ULL, 0x2433F51F5F066ED0ULL, 0xD3DF1ED5D5FD6561ULL,
+    0xF681B202AEC4617AULL, 0x7D2FE363630C75D8ULL, 0xCC939DCE249B3EF9ULL,
+    0xA9E13641146433FBULL, 0xD8B9C583CE2D3695ULL, 0xAFDC5620273D3CF1ULL,
+    0xADF85458A2BB4A9AULL, 0xFFFFFFFFFFFFFFFFULL
+};
+
 # elif BN_BITS2 == 32
 
 static const BN_ULONG dh1024_160_p[] = {
@@ -194,6 +334,147 @@ static const BN_ULONG dh2048_256_q[] = {
     0xA709A097, 0x8CF83642
 };
 
+/* Primes from RFC 7919 */
+
+static const BN_ULONG ffdhe2048_p[] = {
+    0xFFFFFFFF, 0xFFFFFFFF, 0x61285C97, 0x886B4238, 0xC1B2EFFA, 0xC6F34A26,
+    0x7D1683B2, 0xC58EF183, 0x2EC22005, 0x3BB5FCBC, 0x4C6FAD73, 0xC3FE3B1B,
+    0xEEF28183, 0x8E4F1232, 0xE98583FF, 0x9172FE9C, 0x28342F61, 0xC03404CD,
+    0xCDF7E2EC, 0x9E02FCE1, 0xEE0A6D70, 0x0B07A7C8, 0x6372BB19, 0xAE56EDE7,
+    0xDE394DF4, 0x1D4F42A3, 0x60D7F468, 0xB96ADAB7, 0xB2C8E3FB, 0xD108A94B,
+    0xB324FB61, 0xBC0AB182, 0x483A797A, 0x30ACCA4F, 0x36ADE735, 0x1DF158A1,
+    0xF3EFE872, 0xE2A689DA, 0xE0E68B77, 0x984F0C70, 0x7F57C935, 0xB557135E,
+    0x3DED1AF3, 0x85636555, 0x5F066ED0, 0x2433F51F, 0xD5FD6561, 0xD3DF1ED5,
+    0xAEC4617A, 0xF681B202, 0x630C75D8, 0x7D2FE363, 0x249B3EF9, 0xCC939DCE,
+    0x146433FB, 0xA9E13641, 0xCE2D3695, 0xD8B9C583, 0x273D3CF1, 0xAFDC5620,
+    0xA2BB4A9A, 0xADF85458, 0xFFFFFFFF, 0xFFFFFFFF
+};
+
+static const BN_ULONG ffdhe3072_p[] = {
+    0xFFFFFFFF, 0xFFFFFFFF, 0x66C62E37, 0x25E41D2B, 0x3FD59D7C, 0x3C1B20EE,
+    0xFA53DDEF, 0x0ABCD06B, 0xD5C4484E, 0x1DBF9A42, 0x9B0DEADA, 0xABC52197,
+    0x22363A0D, 0xE86D2BC5, 0x9C9DF69E, 0x5CAE82AB, 0x71F54BFF, 0x64F2E21E,
+    0xE2D74DD3, 0xF4FD4452, 0xBC437944, 0xB4130C93, 0x85139270, 0xAEFE1309,
+    0xC186D91C, 0x598CB0FA, 0x91F7F7EE, 0x7AD91D26, 0xD6E6C907, 0x61B46FC9,
+    0xF99C0238, 0xBC34F4DE, 0x6519035B, 0xDE355B3B, 0x611FCFDC, 0x886B4238,
+    0xC1B2EFFA, 0xC6F34A26, 0x7D1683B2, 0xC58EF183, 0x2EC22005, 0x3BB5FCBC,
+    0x4C6FAD73, 0xC3FE3B1B, 0xEEF28183, 0x8E4F1232, 0xE98583FF, 0x9172FE9C,
+    0x28342F61, 0xC03404CD, 0xCDF7E2EC, 0x9E02FCE1, 0xEE0A6D70, 0x0B07A7C8,
+    0x6372BB19, 0xAE56EDE7, 0xDE394DF4, 0x1D4F42A3, 0x60D7F468, 0xB96ADAB7,
+    0xB2C8E3FB, 0xD108A94B, 0xB324FB61, 0xBC0AB182, 0x483A797A, 0x30ACCA4F,
+    0x36ADE735, 0x1DF158A1, 0xF3EFE872, 0xE2A689DA, 0xE0E68B77, 0x984F0C70,
+    0x7F57C935, 0xB557135E, 0x3DED1AF3, 0x85636555, 0x5F066ED0, 0x2433F51F,
+    0xD5FD6561, 0xD3DF1ED5, 0xAEC4617A, 0xF681B202, 0x630C75D8, 0x7D2FE363,
+    0x249B3EF9, 0xCC939DCE, 0x146433FB, 0xA9E13641, 0xCE2D3695, 0xD8B9C583,
+    0x273D3CF1, 0xAFDC5620, 0xA2BB4A9A, 0xADF85458, 0xFFFFFFFF, 0xFFFFFFFF
+};
+
+static const BN_ULONG ffdhe4096_p[] = {
+    0xFFFFFFFF, 0xFFFFFFFF, 0x5E655F6A, 0xC68A007E, 0xF44182E1, 0x4DB5A851,
+    0x7F88A46B, 0x8EC9B55A, 0xCEC97DCF, 0x0A8291CD, 0xF98D0ACC, 0x2A4ECEA9,
+    0x7140003C, 0x1A1DB93D, 0x33CB8B7A, 0x092999A3, 0x71AD0038, 0x6DC778F9,
+    0x918130C4, 0xA907600A, 0x2D9E6832, 0xED6A1E01, 0xEFB4318A, 0x7135C886,
+    0x7E31CC7A, 0x87F55BA5, 0x55034004, 0x7763CF1D, 0xD69F6D18, 0xAC7D5F42,
+    0xE58857B6, 0x7930E9E4, 0x164DF4FB, 0x6E6F52C3, 0x669E1EF1, 0x25E41D2B,
+    0x3FD59D7C, 0x3C1B20EE, 0xFA53DDEF, 0x0ABCD06B, 0xD5C4484E, 0x1DBF9A42,
+    0x9B0DEADA, 0xABC52197, 0x22363A0D, 0xE86D2BC5, 0x9C9DF69E, 0x5CAE82AB,
+    0x71F54BFF, 0x64F2E21E, 0xE2D74DD3, 0xF4FD4452, 0xBC437944, 0xB4130C93,
+    0x85139270, 0xAEFE1309, 0xC186D91C, 0x598CB0FA, 0x91F7F7EE, 0x7AD91D26,
+    0xD6E6C907, 0x61B46FC9, 0xF99C0238, 0xBC34F4DE, 0x6519035B, 0xDE355B3B,
+    0x611FCFDC, 0x886B4238, 0xC1B2EFFA, 0xC6F34A26, 0x7D1683B2, 0xC58EF183,
+    0x2EC22005, 0x3BB5FCBC, 0x4C6FAD73, 0xC3FE3B1B, 0xEEF28183, 0x8E4F1232,
+    0xE98583FF, 0x9172FE9C, 0x28342F61, 0xC03404CD, 0xCDF7E2EC, 0x9E02FCE1,
+    0xEE0A6D70, 0x0B07A7C8, 0x6372BB19, 0xAE56EDE7, 0xDE394DF4, 0x1D4F42A3,
+    0x60D7F468, 0xB96ADAB7, 0xB2C8E3FB, 0xD108A94B, 0xB324FB61, 0xBC0AB182,
+    0x483A797A, 0x30ACCA4F, 0x36ADE735, 0x1DF158A1, 0xF3EFE872, 0xE2A689DA,
+    0xE0E68B77, 0x984F0C70, 0x7F57C935, 0xB557135E, 0x3DED1AF3, 0x85636555,
+    0x5F066ED0, 0x2433F51F, 0xD5FD6561, 0xD3DF1ED5, 0xAEC4617A, 0xF681B202,
+    0x630C75D8, 0x7D2FE363, 0x249B3EF9, 0xCC939DCE, 0x146433FB, 0xA9E13641,
+    0xCE2D3695, 0xD8B9C583, 0x273D3CF1, 0xAFDC5620, 0xA2BB4A9A, 0xADF85458,
+    0xFFFFFFFF, 0xFFFFFFFF
+};
+
+static const BN_ULONG ffdhe6144_p[] = {
+    0xFFFFFFFF, 0xFFFFFFFF, 0xD0E40E65, 0xA40E329C, 0x7938DAD4, 0xA41D570D,
+    0xD43161C1, 0x62A69526, 0x9ADB1E69, 0x3FDD4A8E, 0xDC6B80D6, 0x5B3B71F9,
+    0xC6272B04, 0xEC9D1810, 0xCACEF403, 0x8CCF2DD5, 0xC95B9117, 0xE49F5235,
+    0xB854338A, 0x505DC82D, 0x1562A846, 0x62292C31, 0x6AE77F5E, 0xD72B0374,
+    0x462D538C, 0xF9C9091B, 0x47A67CBE, 0x0AE8DB58, 0x22611682, 0xB3A739C1,
+    0x2A281BF6, 0xEEAAC023, 0x77CAF992, 0x94C6651E, 0x94B2BBC1, 0x763E4E4B,
+    0x0077D9B4, 0x587E38DA, 0x183023C3, 0x7FB29F8C, 0xF9E3A26E, 0x0ABEC1FF,
+    0x350511E3, 0xA00EF092, 0xDB6340D8, 0xB855322E, 0xA9A96910, 0xA52471F7,
+    0x4CFDB477, 0x388147FB, 0x4E46041F, 0x9B1F5C3E, 0xFCCFEC71, 0xCDAD0657,
+    0x4C701C3A, 0xB38E8C33, 0xB1C0FD4C, 0x917BDD64, 0x9B7624C8, 0x3BB45432,
+    0xCAF53EA6, 0x23BA4442, 0x38532A3A, 0x4E677D2C, 0x45036C7A, 0x0BFD64B6,
+    0x5E0DD902, 0xC68A007E, 0xF44182E1, 0x4DB5A851, 0x7F88A46B, 0x8EC9B55A,
+    0xCEC97DCF, 0x0A8291CD, 0xF98D0ACC, 0x2A4ECEA9, 0x7140003C, 0x1A1DB93D,
+    0x33CB8B7A, 0x092999A3, 0x71AD0038, 0x6DC778F9, 0x918130C4, 0xA907600A,
+    0x2D9E6832, 0xED6A1E01, 0xEFB4318A, 0x7135C886, 0x7E31CC7A, 0x87F55BA5,
+    0x55034004, 0x7763CF1D, 0xD69F6D18, 0xAC7D5F42, 0xE58857B6, 0x7930E9E4,
+    0x164DF4FB, 0x6E6F52C3, 0x669E1EF1, 0x25E41D2B, 0x3FD59D7C, 0x3C1B20EE,
+    0xFA53DDEF, 0x0ABCD06B, 0xD5C4484E, 0x1DBF9A42, 0x9B0DEADA, 0xABC52197,
+    0x22363A0D, 0xE86D2BC5, 0x9C9DF69E, 0x5CAE82AB, 0x71F54BFF, 0x64F2E21E,
+    0xE2D74DD3, 0xF4FD4452, 0xBC437944, 0xB4130C93, 0x85139270, 0xAEFE1309,
+    0xC186D91C, 0x598CB0FA, 0x91F7F7EE, 0x7AD91D26, 0xD6E6C907, 0x61B46FC9,
+    0xF99C0238, 0xBC34F4DE, 0x6519035B, 0xDE355B3B, 0x611FCFDC, 0x886B4238,
+    0xC1B2EFFA, 0xC6F34A26, 0x7D1683B2, 0xC58EF183, 0x2EC22005, 0x3BB5FCBC,
+    0x4C6FAD73, 0xC3FE3B1B, 0xEEF28183, 0x8E4F1232, 0xE98583FF, 0x9172FE9C,
+    0x28342F61, 0xC03404CD, 0xCDF7E2EC, 0x9E02FCE1, 0xEE0A6D70, 0x0B07A7C8,
+    0x6372BB19, 0xAE56EDE7, 0xDE394DF4, 0x1D4F42A3, 0x60D7F468, 0xB96ADAB7,
+    0xB2C8E3FB, 0xD108A94B, 0xB324FB61, 0xBC0AB182, 0x483A797A, 0x30ACCA4F,
+    0x36ADE735, 0x1DF158A1, 0xF3EFE872, 0xE2A689DA, 0xE0E68B77, 0x984F0C70,
+    0x7F57C935, 0xB557135E, 0x3DED1AF3, 0x85636555, 0x5F066ED0, 0x2433F51F,
+    0xD5FD6561, 0xD3DF1ED5, 0xAEC4617A, 0xF681B202, 0x630C75D8, 0x7D2FE363,
+    0x249B3EF9, 0xCC939DCE, 0x146433FB, 0xA9E13641, 0xCE2D3695, 0xD8B9C583,
+    0x273D3CF1, 0xAFDC5620, 0xA2BB4A9A, 0xADF85458, 0xFFFFFFFF, 0xFFFFFFFF
+};
+
+static const BN_ULONG ffdhe8192_p[] = {
+    0xFFFFFFFF, 0xFFFFFFFF, 0xC5C6424C, 0xD68C8BB7, 0x838FF88C, 0x011E2A94,
+    0xA9F4614E, 0x0822E506, 0xF7A8443D, 0x97D11D49, 0x30677F0D, 0xA6BBFDE5,
+    0xC1FE86FE, 0x2F741EF8, 0x5D71A87E, 0xFAFABE1C, 0xFBE58A30, 0xDED2FBAB,
+    0x72B0A66E, 0xB6855DFE, 0xBA8A4FE8, 0x1EFC8CE0, 0x3F2FA457, 0x83F81D4A,
+    0xA577E231, 0xA1FE3075, 0x88D9C0A0, 0xD5B80194, 0xAD9A95F9, 0x624816CD,
+    0x50C1217B, 0x99E9E316, 0x0E423CFC, 0x51AA691E, 0x3826E52C, 0x1C217E6C,
+    0x09703FEE, 0x51A8A931, 0x6A460E74, 0xBB709987, 0x9C86B022, 0x541FC68C,
+    0x46FD8251, 0x59160CC0, 0x35C35F5C, 0x2846C0BA, 0x8B758282, 0x54504AC7,
+    0xD2AF05E4, 0x29388839, 0xC01BD702, 0xCB2C0F1C, 0x7C932665, 0x555B2F74,
+    0xA3AB8829, 0x86B63142, 0xF64B10EF, 0x0B8CC3BD, 0xEDD1CC5E, 0x687FEB69,
+    0xC9509D43, 0xFDB23FCE, 0xD951AE64, 0x1E425A31, 0xF600C838, 0x36AD004C,
+    0xCFF46AAA, 0xA40E329C, 0x7938DAD4, 0xA41D570D, 0xD43161C1, 0x62A69526,
+    0x9ADB1E69, 0x3FDD4A8E, 0xDC6B80D6, 0x5B3B71F9, 0xC6272B04, 0xEC9D1810,
+    0xCACEF403, 0x8CCF2DD5, 0xC95B9117, 0xE49F5235, 0xB854338A, 0x505DC82D,
+    0x1562A846, 0x62292C31, 0x6AE77F5E, 0xD72B0374, 0x462D538C, 0xF9C9091B,
+    0x47A67CBE, 0x0AE8DB58, 0x22611682, 0xB3A739C1, 0x2A281BF6, 0xEEAAC023,
+    0x77CAF992, 0x94C6651E, 0x94B2BBC1, 0x763E4E4B, 0x0077D9B4, 0x587E38DA,
+    0x183023C3, 0x7FB29F8C, 0xF9E3A26E, 0x0ABEC1FF, 0x350511E3, 0xA00EF092,
+    0xDB6340D8, 0xB855322E, 0xA9A96910, 0xA52471F7, 0x4CFDB477, 0x388147FB,
+    0x4E46041F, 0x9B1F5C3E, 0xFCCFEC71, 0xCDAD0657, 0x4C701C3A, 0xB38E8C33,
+    0xB1C0FD4C, 0x917BDD64, 0x9B7624C8, 0x3BB45432, 0xCAF53EA6, 0x23BA4442,
+    0x38532A3A, 0x4E677D2C, 0x45036C7A, 0x0BFD64B6, 0x5E0DD902, 0xC68A007E,
+    0xF44182E1, 0x4DB5A851, 0x7F88A46B, 0x8EC9B55A, 0xCEC97DCF, 0x0A8291CD,
+    0xF98D0ACC, 0x2A4ECEA9, 0x7140003C, 0x1A1DB93D, 0x33CB8B7A, 0x092999A3,
+    0x71AD0038, 0x6DC778F9, 0x918130C4, 0xA907600A, 0x2D9E6832, 0xED6A1E01,
+    0xEFB4318A, 0x7135C886, 0x7E31CC7A, 0x87F55BA5, 0x55034004, 0x7763CF1D,
+    0xD69F6D18, 0xAC7D5F42, 0xE58857B6, 0x7930E9E4, 0x164DF4FB, 0x6E6F52C3,
+    0x669E1EF1, 0x25E41D2B, 0x3FD59D7C, 0x3C1B20EE, 0xFA53DDEF, 0x0ABCD06B,
+    0xD5C4484E, 0x1DBF9A42, 0x9B0DEADA, 0xABC52197, 0x22363A0D, 0xE86D2BC5,
+    0x9C9DF69E, 0x5CAE82AB, 0x71F54BFF, 0x64F2E21E, 0xE2D74DD3, 0xF4FD4452,
+    0xBC437944, 0xB4130C93, 0x85139270, 0xAEFE1309, 0xC186D91C, 0x598CB0FA,
+    0x91F7F7EE, 0x7AD91D26, 0xD6E6C907, 0x61B46FC9, 0xF99C0238, 0xBC34F4DE,
+    0x6519035B, 0xDE355B3B, 0x611FCFDC, 0x886B4238, 0xC1B2EFFA, 0xC6F34A26,
+    0x7D1683B2, 0xC58EF183, 0x2EC22005, 0x3BB5FCBC, 0x4C6FAD73, 0xC3FE3B1B,
+    0xEEF28183, 0x8E4F1232, 0xE98583FF, 0x9172FE9C, 0x28342F61, 0xC03404CD,
+    0xCDF7E2EC, 0x9E02FCE1, 0xEE0A6D70, 0x0B07A7C8, 0x6372BB19, 0xAE56EDE7,
+    0xDE394DF4, 0x1D4F42A3, 0x60D7F468, 0xB96ADAB7, 0xB2C8E3FB, 0xD108A94B,
+    0xB324FB61, 0xBC0AB182, 0x483A797A, 0x30ACCA4F, 0x36ADE735, 0x1DF158A1,
+    0xF3EFE872, 0xE2A689DA, 0xE0E68B77, 0x984F0C70, 0x7F57C935, 0xB557135E,
+    0x3DED1AF3, 0x85636555, 0x5F066ED0, 0x2433F51F, 0xD5FD6561, 0xD3DF1ED5,
+    0xAEC4617A, 0xF681B202, 0x630C75D8, 0x7D2FE363, 0x249B3EF9, 0xCC939DCE,
+    0x146433FB, 0xA9E13641, 0xCE2D3695, 0xD8B9C583, 0x273D3CF1, 0xAFDC5620,
+    0xA2BB4A9A, 0xADF85458, 0xFFFFFFFF, 0xFFFFFFFF
+};
+
 # else
 #  error "unsupported BN_BITS2"
 # endif
@@ -206,6 +487,10 @@ static const BN_ULONG dh2048_256_q[] = {
                         OSSL_NELEM(x),\
                         0, BN_FLG_STATIC_DATA };
 
+static const BN_ULONG value_2 = 2;
+
+const BIGNUM _bignum_const_2 =
+    { (BN_ULONG *)&value_2, 1, 1, 0, BN_FLG_STATIC_DATA };
 
 make_dh_bn(dh1024_160_p)
 make_dh_bn(dh1024_160_g)
@@ -217,4 +502,11 @@ make_dh_bn(dh2048_256_p)
 make_dh_bn(dh2048_256_g)
 make_dh_bn(dh2048_256_q)
 
+make_dh_bn(ffdhe2048_p)
+make_dh_bn(ffdhe3072_p)
+make_dh_bn(ffdhe4096_p)
+make_dh_bn(ffdhe6144_p)
+make_dh_bn(ffdhe8192_p)
+
+
 #endif
diff --git a/deps/openssl/openssl/crypto/bn/bn_div.c b/deps/openssl/openssl/crypto/bn/bn_div.c
index 884ff29917..70add10c7d 100644
--- a/deps/openssl/openssl/crypto/bn/bn_div.c
+++ b/deps/openssl/openssl/crypto/bn/bn_div.c
@@ -24,17 +24,17 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
     bn_check_top(d);
     if (BN_is_zero(d)) {
         BNerr(BN_F_BN_DIV, BN_R_DIV_BY_ZERO);
-        return (0);
+        return 0;
     }
 
     if (BN_ucmp(m, d) < 0) {
         if (rem != NULL) {
             if (BN_copy(rem, m) == NULL)
-                return (0);
+                return 0;
         }
         if (dv != NULL)
             BN_zero(dv);
-        return (1);
+        return 1;
     }
 
     BN_CTX_start(ctx);
@@ -81,7 +81,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
     ret = 1;
  end:
     BN_CTX_end(ctx);
-    return (ret);
+    return ret;
 }
 
 #else
@@ -97,8 +97,6 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
     *   understand why...);
     * - divl doesn't only calculate quotient, but also leaves
     *   remainder in %edx which we can definitely use here:-)
-    *
-    *                                   <appro@fy.chalmers.se>
     */
 #    undef bn_div_words
 #    define bn_div_words(n0,n1,d0)                \
@@ -113,7 +111,6 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
 #   elif defined(__x86_64) && defined(SIXTY_FOUR_BIT_LONG)
    /*
     * Same story here, but it's 128-bit by 64-bit division. Wow!
-    *                                   <appro@fy.chalmers.se>
     */
 #    undef bn_div_words
 #    define bn_div_words(n0,n1,d0)                \
@@ -177,28 +174,25 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
 
     if (BN_is_zero(divisor)) {
         BNerr(BN_F_BN_DIV, BN_R_DIV_BY_ZERO);
-        return (0);
+        return 0;
     }
 
     if (!no_branch && BN_ucmp(num, divisor) < 0) {
         if (rm != NULL) {
             if (BN_copy(rm, num) == NULL)
-                return (0);
+                return 0;
         }
         if (dv != NULL)
             BN_zero(dv);
-        return (1);
+        return 1;
     }
 
     BN_CTX_start(ctx);
+    res = (dv == NULL) ? BN_CTX_get(ctx) : dv;
     tmp = BN_CTX_get(ctx);
     snum = BN_CTX_get(ctx);
     sdiv = BN_CTX_get(ctx);
-    if (dv == NULL)
-        res = BN_CTX_get(ctx);
-    else
-        res = dv;
-    if (sdiv == NULL || res == NULL || tmp == NULL || snum == NULL)
+    if (sdiv == NULL)
         goto err;
 
     /* First we normalise the numbers */
@@ -415,10 +409,10 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
     if (no_branch)
         bn_correct_top(res);
     BN_CTX_end(ctx);
-    return (1);
+    return 1;
  err:
     bn_check_top(rm);
     BN_CTX_end(ctx);
-    return (0);
+    return 0;
 }
 #endif
diff --git a/deps/openssl/openssl/crypto/bn/bn_err.c b/deps/openssl/openssl/crypto/bn/bn_err.c
index 5fe9db9ede..dd87c152cf 100644
--- a/deps/openssl/openssl/crypto/bn/bn_err.c
+++ b/deps/openssl/openssl/crypto/bn/bn_err.c
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -8,87 +8,99 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
 #include <openssl/err.h>
-#include <openssl/bn.h>
+#include <openssl/bnerr.h>
 
-/* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_BN,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_BN,0,reason)
-
-static ERR_STRING_DATA BN_str_functs[] = {
-    {ERR_FUNC(BN_F_BNRAND), "bnrand"},
-    {ERR_FUNC(BN_F_BN_BLINDING_CONVERT_EX), "BN_BLINDING_convert_ex"},
-    {ERR_FUNC(BN_F_BN_BLINDING_CREATE_PARAM), "BN_BLINDING_create_param"},
-    {ERR_FUNC(BN_F_BN_BLINDING_INVERT_EX), "BN_BLINDING_invert_ex"},
-    {ERR_FUNC(BN_F_BN_BLINDING_NEW), "BN_BLINDING_new"},
-    {ERR_FUNC(BN_F_BN_BLINDING_UPDATE), "BN_BLINDING_update"},
-    {ERR_FUNC(BN_F_BN_BN2DEC), "BN_bn2dec"},
-    {ERR_FUNC(BN_F_BN_BN2HEX), "BN_bn2hex"},
-    {ERR_FUNC(BN_F_BN_COMPUTE_WNAF), "bn_compute_wNAF"},
-    {ERR_FUNC(BN_F_BN_CTX_GET), "BN_CTX_get"},
-    {ERR_FUNC(BN_F_BN_CTX_NEW), "BN_CTX_new"},
-    {ERR_FUNC(BN_F_BN_CTX_START), "BN_CTX_start"},
-    {ERR_FUNC(BN_F_BN_DIV), "BN_div"},
-    {ERR_FUNC(BN_F_BN_DIV_RECP), "BN_div_recp"},
-    {ERR_FUNC(BN_F_BN_EXP), "BN_exp"},
-    {ERR_FUNC(BN_F_BN_EXPAND_INTERNAL), "bn_expand_internal"},
-    {ERR_FUNC(BN_F_BN_GENCB_NEW), "BN_GENCB_new"},
-    {ERR_FUNC(BN_F_BN_GENERATE_DSA_NONCE), "BN_generate_dsa_nonce"},
-    {ERR_FUNC(BN_F_BN_GENERATE_PRIME_EX), "BN_generate_prime_ex"},
-    {ERR_FUNC(BN_F_BN_GF2M_MOD), "BN_GF2m_mod"},
-    {ERR_FUNC(BN_F_BN_GF2M_MOD_EXP), "BN_GF2m_mod_exp"},
-    {ERR_FUNC(BN_F_BN_GF2M_MOD_MUL), "BN_GF2m_mod_mul"},
-    {ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD), "BN_GF2m_mod_solve_quad"},
-    {ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR), "BN_GF2m_mod_solve_quad_arr"},
-    {ERR_FUNC(BN_F_BN_GF2M_MOD_SQR), "BN_GF2m_mod_sqr"},
-    {ERR_FUNC(BN_F_BN_GF2M_MOD_SQRT), "BN_GF2m_mod_sqrt"},
-    {ERR_FUNC(BN_F_BN_LSHIFT), "BN_lshift"},
-    {ERR_FUNC(BN_F_BN_MOD_EXP2_MONT), "BN_mod_exp2_mont"},
-    {ERR_FUNC(BN_F_BN_MOD_EXP_MONT), "BN_mod_exp_mont"},
-    {ERR_FUNC(BN_F_BN_MOD_EXP_MONT_CONSTTIME), "BN_mod_exp_mont_consttime"},
-    {ERR_FUNC(BN_F_BN_MOD_EXP_MONT_WORD), "BN_mod_exp_mont_word"},
-    {ERR_FUNC(BN_F_BN_MOD_EXP_RECP), "BN_mod_exp_recp"},
-    {ERR_FUNC(BN_F_BN_MOD_EXP_SIMPLE), "BN_mod_exp_simple"},
-    {ERR_FUNC(BN_F_BN_MOD_INVERSE), "BN_mod_inverse"},
-    {ERR_FUNC(BN_F_BN_MOD_INVERSE_NO_BRANCH), "BN_mod_inverse_no_branch"},
-    {ERR_FUNC(BN_F_BN_MOD_LSHIFT_QUICK), "BN_mod_lshift_quick"},
-    {ERR_FUNC(BN_F_BN_MOD_SQRT), "BN_mod_sqrt"},
-    {ERR_FUNC(BN_F_BN_MPI2BN), "BN_mpi2bn"},
-    {ERR_FUNC(BN_F_BN_NEW), "BN_new"},
-    {ERR_FUNC(BN_F_BN_RAND), "BN_rand"},
-    {ERR_FUNC(BN_F_BN_RAND_RANGE), "BN_rand_range"},
-    {ERR_FUNC(BN_F_BN_RSHIFT), "BN_rshift"},
-    {ERR_FUNC(BN_F_BN_SET_WORDS), "bn_set_words"},
-    {ERR_FUNC(BN_F_BN_USUB), "BN_usub"},
+static const ERR_STRING_DATA BN_str_functs[] = {
+    {ERR_PACK(ERR_LIB_BN, BN_F_BNRAND, 0), "bnrand"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BNRAND_RANGE, 0), "bnrand_range"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_BLINDING_CONVERT_EX, 0),
+     "BN_BLINDING_convert_ex"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_BLINDING_CREATE_PARAM, 0),
+     "BN_BLINDING_create_param"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_BLINDING_INVERT_EX, 0),
+     "BN_BLINDING_invert_ex"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_BLINDING_NEW, 0), "BN_BLINDING_new"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_BLINDING_UPDATE, 0), "BN_BLINDING_update"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_BN2DEC, 0), "BN_bn2dec"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_BN2HEX, 0), "BN_bn2hex"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_COMPUTE_WNAF, 0), "bn_compute_wNAF"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_CTX_GET, 0), "BN_CTX_get"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_CTX_NEW, 0), "BN_CTX_new"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_CTX_START, 0), "BN_CTX_start"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_DIV, 0), "BN_div"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_DIV_RECP, 0), "BN_div_recp"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_EXP, 0), "BN_exp"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_EXPAND_INTERNAL, 0), "bn_expand_internal"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_GENCB_NEW, 0), "BN_GENCB_new"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_GENERATE_DSA_NONCE, 0),
+     "BN_generate_dsa_nonce"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_GENERATE_PRIME_EX, 0),
+     "BN_generate_prime_ex"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_GF2M_MOD, 0), "BN_GF2m_mod"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_GF2M_MOD_EXP, 0), "BN_GF2m_mod_exp"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_GF2M_MOD_MUL, 0), "BN_GF2m_mod_mul"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_GF2M_MOD_SOLVE_QUAD, 0),
+     "BN_GF2m_mod_solve_quad"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR, 0),
+     "BN_GF2m_mod_solve_quad_arr"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_GF2M_MOD_SQR, 0), "BN_GF2m_mod_sqr"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_GF2M_MOD_SQRT, 0), "BN_GF2m_mod_sqrt"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_LSHIFT, 0), "BN_lshift"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_EXP2_MONT, 0), "BN_mod_exp2_mont"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_EXP_MONT, 0), "BN_mod_exp_mont"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_EXP_MONT_CONSTTIME, 0),
+     "BN_mod_exp_mont_consttime"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_EXP_MONT_WORD, 0),
+     "BN_mod_exp_mont_word"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_EXP_RECP, 0), "BN_mod_exp_recp"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_EXP_SIMPLE, 0), "BN_mod_exp_simple"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_INVERSE, 0), "BN_mod_inverse"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_INVERSE_NO_BRANCH, 0),
+     "BN_mod_inverse_no_branch"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_LSHIFT_QUICK, 0), "BN_mod_lshift_quick"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_SQRT, 0), "BN_mod_sqrt"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_MONT_CTX_NEW, 0), "BN_MONT_CTX_new"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_MPI2BN, 0), "BN_mpi2bn"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_NEW, 0), "BN_new"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_POOL_GET, 0), "BN_POOL_get"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_RAND, 0), "BN_rand"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_RAND_RANGE, 0), "BN_rand_range"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_RECP_CTX_NEW, 0), "BN_RECP_CTX_new"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_RSHIFT, 0), "BN_rshift"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_SET_WORDS, 0), "bn_set_words"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_STACK_PUSH, 0), "BN_STACK_push"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_USUB, 0), "BN_usub"},
     {0, NULL}
 };
 
-static ERR_STRING_DATA BN_str_reasons[] = {
-    {ERR_REASON(BN_R_ARG2_LT_ARG3), "arg2 lt arg3"},
-    {ERR_REASON(BN_R_BAD_RECIPROCAL), "bad reciprocal"},
-    {ERR_REASON(BN_R_BIGNUM_TOO_LONG), "bignum too long"},
-    {ERR_REASON(BN_R_BITS_TOO_SMALL), "bits too small"},
-    {ERR_REASON(BN_R_CALLED_WITH_EVEN_MODULUS), "called with even modulus"},
-    {ERR_REASON(BN_R_DIV_BY_ZERO), "div by zero"},
-    {ERR_REASON(BN_R_ENCODING_ERROR), "encoding error"},
-    {ERR_REASON(BN_R_EXPAND_ON_STATIC_BIGNUM_DATA),
-     "expand on static bignum data"},
-    {ERR_REASON(BN_R_INPUT_NOT_REDUCED), "input not reduced"},
-    {ERR_REASON(BN_R_INVALID_LENGTH), "invalid length"},
-    {ERR_REASON(BN_R_INVALID_RANGE), "invalid range"},
-    {ERR_REASON(BN_R_INVALID_SHIFT), "invalid shift"},
-    {ERR_REASON(BN_R_NOT_A_SQUARE), "not a square"},
-    {ERR_REASON(BN_R_NOT_INITIALIZED), "not initialized"},
-    {ERR_REASON(BN_R_NO_INVERSE), "no inverse"},
-    {ERR_REASON(BN_R_NO_SOLUTION), "no solution"},
-    {ERR_REASON(BN_R_PRIVATE_KEY_TOO_LARGE), "private key too large"},
-    {ERR_REASON(BN_R_P_IS_NOT_PRIME), "p is not prime"},
-    {ERR_REASON(BN_R_TOO_MANY_ITERATIONS), "too many iterations"},
-    {ERR_REASON(BN_R_TOO_MANY_TEMPORARY_VARIABLES),
-     "too many temporary variables"},
+static const ERR_STRING_DATA BN_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_ARG2_LT_ARG3), "arg2 lt arg3"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_BAD_RECIPROCAL), "bad reciprocal"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_BIGNUM_TOO_LONG), "bignum too long"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_BITS_TOO_SMALL), "bits too small"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_CALLED_WITH_EVEN_MODULUS),
+    "called with even modulus"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_DIV_BY_ZERO), "div by zero"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_ENCODING_ERROR), "encoding error"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_EXPAND_ON_STATIC_BIGNUM_DATA),
+    "expand on static bignum data"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_INPUT_NOT_REDUCED), "input not reduced"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_INVALID_LENGTH), "invalid length"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_INVALID_RANGE), "invalid range"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_INVALID_SHIFT), "invalid shift"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_NOT_A_SQUARE), "not a square"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_NOT_INITIALIZED), "not initialized"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_NO_INVERSE), "no inverse"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_NO_SOLUTION), "no solution"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_PRIVATE_KEY_TOO_LARGE),
+    "private key too large"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_P_IS_NOT_PRIME), "p is not prime"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_TOO_MANY_ITERATIONS), "too many iterations"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_TOO_MANY_TEMPORARY_VARIABLES),
+    "too many temporary variables"},
     {0, NULL}
 };
 
@@ -97,10 +109,9 @@ static ERR_STRING_DATA BN_str_reasons[] = {
 int ERR_load_BN_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
-
     if (ERR_func_error_string(BN_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, BN_str_functs);
-        ERR_load_strings(0, BN_str_reasons);
+        ERR_load_strings_const(BN_str_functs);
+        ERR_load_strings_const(BN_str_reasons);
     }
 #endif
     return 1;
diff --git a/deps/openssl/openssl/crypto/bn/bn_exp.c b/deps/openssl/openssl/crypto/bn/bn_exp.c
index a6ad475a0b..c026ffcb33 100644
--- a/deps/openssl/openssl/crypto/bn/bn_exp.c
+++ b/deps/openssl/openssl/crypto/bn/bn_exp.c
@@ -51,10 +51,7 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
     }
 
     BN_CTX_start(ctx);
-    if ((r == a) || (r == p))
-        rr = BN_CTX_get(ctx);
-    else
-        rr = r;
+    rr = ((r == a) || (r == p)) ? BN_CTX_get(ctx) : r;
     v = BN_CTX_get(ctx);
     if (rr == NULL || v == NULL)
         goto err;
@@ -86,7 +83,7 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
  err:
     BN_CTX_end(ctx);
     bn_check_top(r);
-    return (ret);
+    return ret;
 }
 
 int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
@@ -134,13 +131,6 @@ int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
 #define RECP_MUL_MOD
 
 #ifdef MONT_MUL_MOD
-    /*
-     * I have finally been able to take out this pre-condition of the top bit
-     * being set.  It was caused by an error in BN_div with negatives.  There
-     * was also another problem when for a^b%m a >= m.  eay 07-May-97
-     */
-    /* if ((m->d[m->top-1]&BN_TBIT) && BN_is_odd(m)) */
-
     if (BN_is_odd(m)) {
 # ifdef MONT_EXP_WORD
         if (a->top == 1 && !a->neg
@@ -165,7 +155,7 @@ int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
 #endif
 
     bn_check_top(r);
-    return (ret);
+    return ret;
 }
 
 int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
@@ -201,7 +191,7 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
     BN_CTX_start(ctx);
     aa = BN_CTX_get(ctx);
     val[0] = BN_CTX_get(ctx);
-    if (!aa || !val[0])
+    if (val[0] == NULL)
         goto err;
 
     BN_RECP_CTX_init(&recp);
@@ -300,7 +290,7 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
     BN_CTX_end(ctx);
     BN_RECP_CTX_free(&recp);
     bn_check_top(r);
-    return (ret);
+    return ret;
 }
 
 int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
@@ -326,7 +316,7 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
 
     if (!BN_is_odd(m)) {
         BNerr(BN_F_BN_MOD_EXP_MONT, BN_R_CALLED_WITH_EVEN_MODULUS);
-        return (0);
+        return 0;
     }
     bits = BN_num_bits(p);
     if (bits == 0) {
@@ -344,7 +334,7 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
     d = BN_CTX_get(ctx);
     r = BN_CTX_get(ctx);
     val[0] = BN_CTX_get(ctx);
-    if (!d || !r || !val[0])
+    if (val[0] == NULL)
         goto err;
 
     /*
@@ -366,11 +356,6 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
         aa = val[0];
     } else
         aa = a;
-    if (BN_is_zero(aa)) {
-        BN_zero(rr);
-        ret = 1;
-        goto err;
-    }
     if (!bn_to_mont_fixed_top(val[0], aa, mont, ctx))
         goto err;               /* 1 */
 
@@ -481,10 +466,9 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
         BN_MONT_CTX_free(mont);
     BN_CTX_end(ctx);
     bn_check_top(rr);
-    return (ret);
+    return ret;
 }
 
-#if defined(SPARC_T4_MONT)
 static BN_ULONG bn_get_bits(const BIGNUM *a, int bitpos)
 {
     BN_ULONG ret = 0;
@@ -503,7 +487,6 @@ static BN_ULONG bn_get_bits(const BIGNUM *a, int bitpos)
 
     return ret & BN_MASK2;
 }
-#endif
 
 /*
  * BN_mod_exp_mont_consttime() stores the precomputed powers in a specific
@@ -610,7 +593,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
                               const BIGNUM *m, BN_CTX *ctx,
                               BN_MONT_CTX *in_mont)
 {
-    int i, bits, ret = 0, window, wvalue;
+    int i, bits, ret = 0, window, wvalue, wmask, window0;
     int top;
     BN_MONT_CTX *mont = NULL;
 
@@ -629,7 +612,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
 
     if (!BN_is_odd(m)) {
         BNerr(BN_F_BN_MOD_EXP_MONT_CONSTTIME, BN_R_CALLED_WITH_EVEN_MODULUS);
-        return (0);
+        return 0;
     }
 
     top = m->top;
@@ -666,31 +649,33 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
     }
 
 #ifdef RSAZ_ENABLED
-    /*
-     * If the size of the operands allow it, perform the optimized
-     * RSAZ exponentiation. For further information see
-     * crypto/bn/rsaz_exp.c and accompanying assembly modules.
-     */
-    if ((16 == a->top) && (16 == p->top) && (BN_num_bits(m) == 1024)
-        && rsaz_avx2_eligible()) {
-        if (NULL == bn_wexpand(rr, 16))
+    if (!a->neg) {
+        /*
+         * If the size of the operands allow it, perform the optimized
+         * RSAZ exponentiation. For further information see
+         * crypto/bn/rsaz_exp.c and accompanying assembly modules.
+         */
+        if ((16 == a->top) && (16 == p->top) && (BN_num_bits(m) == 1024)
+            && rsaz_avx2_eligible()) {
+            if (NULL == bn_wexpand(rr, 16))
+                goto err;
+            RSAZ_1024_mod_exp_avx2(rr->d, a->d, p->d, m->d, mont->RR.d,
+                                   mont->n0[0]);
+            rr->top = 16;
+            rr->neg = 0;
+            bn_correct_top(rr);
+            ret = 1;
             goto err;
-        RSAZ_1024_mod_exp_avx2(rr->d, a->d, p->d, m->d, mont->RR.d,
-                               mont->n0[0]);
-        rr->top = 16;
-        rr->neg = 0;
-        bn_correct_top(rr);
-        ret = 1;
-        goto err;
-    } else if ((8 == a->top) && (8 == p->top) && (BN_num_bits(m) == 512)) {
-        if (NULL == bn_wexpand(rr, 8))
+        } else if ((8 == a->top) && (8 == p->top) && (BN_num_bits(m) == 512)) {
+            if (NULL == bn_wexpand(rr, 8))
+                goto err;
+            RSAZ_512_mod_exp(rr->d, a->d, p->d, m->d, mont->n0[0], mont->RR.d);
+            rr->top = 8;
+            rr->neg = 0;
+            bn_correct_top(rr);
+            ret = 1;
             goto err;
-        RSAZ_512_mod_exp(rr->d, a->d, p->d, m->d, mont->n0[0], mont->RR.d);
-        rr->top = 8;
-        rr->neg = 0;
-        bn_correct_top(rr);
-        ret = 1;
-        goto err;
+        }
     }
 #endif
 
@@ -763,7 +748,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
 
     /* prepare a^1 in Montgomery domain */
     if (a->neg || BN_ucmp(a, m) >= 0) {
-        if (!BN_mod(&am, a, m, ctx))
+        if (!BN_nnmod(&am, a, m, ctx))
             goto err;
         if (!bn_to_mont_fixed_top(&am, &am, mont, ctx))
             goto err;
@@ -861,20 +846,27 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
         top /= 2;
         bn_flip_t4(np, mont->N.d, top);
 
-        bits--;
-        for (wvalue = 0, i = bits % 5; i >= 0; i--, bits--)
-            wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
+        /*
+         * The exponent may not have a whole number of fixed-size windows.
+         * To simplify the main loop, the initial window has between 1 and
+         * full-window-size bits such that what remains is always a whole
+         * number of windows
+         */
+        window0 = (bits - 1) % 5 + 1;
+        wmask = (1 << window0) - 1;
+        bits -= window0;
+        wvalue = bn_get_bits(p, bits) & wmask;
         bn_gather5_t4(tmp.d, top, powerbuf, wvalue);
 
         /*
          * Scan the exponent one window at a time starting from the most
          * significant bits.
          */
-        while (bits >= 0) {
+        while (bits > 0) {
             if (bits < stride)
-                stride = bits + 1;
+                stride = bits;
             bits -= stride;
-            wvalue = bn_get_bits(p, bits + 1);
+            wvalue = bn_get_bits(p, bits);
 
             if ((*pwr5_worker) (tmp.d, np, n0, powerbuf, wvalue, stride))
                 continue;
@@ -982,32 +974,36 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
             bn_scatter5(tmp.d, top, powerbuf, i);
         }
 # endif
-        bits--;
-        for (wvalue = 0, i = bits % 5; i >= 0; i--, bits--)
-            wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
+        /*
+         * The exponent may not have a whole number of fixed-size windows.
+         * To simplify the main loop, the initial window has between 1 and
+         * full-window-size bits such that what remains is always a whole
+         * number of windows
+         */
+        window0 = (bits - 1) % 5 + 1;
+        wmask = (1 << window0) - 1;
+        bits -= window0;
+        wvalue = bn_get_bits(p, bits) & wmask;
         bn_gather5(tmp.d, top, powerbuf, wvalue);
 
         /*
          * Scan the exponent one window at a time starting from the most
          * significant bits.
          */
-        if (top & 7)
-            while (bits >= 0) {
-                for (wvalue = 0, i = 0; i < 5; i++, bits--)
-                    wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
-
+        if (top & 7) {
+            while (bits > 0) {
                 bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
                 bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
                 bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
                 bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
                 bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
                 bn_mul_mont_gather5(tmp.d, tmp.d, powerbuf, np, n0, top,
-                                    wvalue);
+                                    bn_get_bits5(p->d, bits -= 5));
+            }
         } else {
-            while (bits >= 0) {
-                wvalue = bn_get_bits5(p->d, bits - 4);
-                bits -= 5;
-                bn_power5(tmp.d, tmp.d, powerbuf, np, n0, top, wvalue);
+            while (bits > 0) {
+                bn_power5(tmp.d, tmp.d, powerbuf, np, n0, top,
+                          bn_get_bits5(p->d, bits -= 5));
             }
         }
 
@@ -1049,28 +1045,45 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
             }
         }
 
-        bits--;
-        for (wvalue = 0, i = bits % window; i >= 0; i--, bits--)
-            wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
+        /*
+         * The exponent may not have a whole number of fixed-size windows.
+         * To simplify the main loop, the initial window has between 1 and
+         * full-window-size bits such that what remains is always a whole
+         * number of windows
+         */
+        window0 = (bits - 1) % window + 1;
+        wmask = (1 << window0) - 1;
+        bits -= window0;
+        wvalue = bn_get_bits(p, bits) & wmask;
         if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&tmp, top, powerbuf, wvalue,
                                             window))
             goto err;
 
+        wmask = (1 << window) - 1;
         /*
          * Scan the exponent one window at a time starting from the most
          * significant bits.
          */
-        while (bits >= 0) {
-            wvalue = 0;         /* The 'value' of the window */
+        while (bits > 0) {
 
-            /* Scan the window, squaring the result as we go */
-            for (i = 0; i < window; i++, bits--) {
+            /* Square the result window-size times */
+            for (i = 0; i < window; i++)
                 if (!bn_mul_mont_fixed_top(&tmp, &tmp, &tmp, mont, ctx))
                     goto err;
-                wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
-            }
 
             /*
+             * Get a window's worth of bits from the exponent
+             * This avoids calling BN_is_bit_set for each bit, which
+             * is not only slower but also makes each bit vulnerable to
+             * EM (and likely other) side-channel attacks like One&Done
+             * (for details see "One&Done: A Single-Decryption EM-Based
+             *  Attack on OpenSSL's Constant-Time Blinded RSA" by M. Alam,
+             *  H. Khan, M. Dey, N. Sinha, R. Callan, A. Zajic, and
+             *  M. Prvulovic, in USENIX Security'18)
+             */
+            bits -= window;
+            wvalue = bn_get_bits(p, bits) & wmask;
+            /*
              * Fetch the appropriate pre-computed value from the pre-buf
              */
             if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&am, top, powerbuf, wvalue,
@@ -1108,7 +1121,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
         OPENSSL_free(powerbufFree);
     }
     BN_CTX_end(ctx);
-    return (ret);
+    return ret;
 }
 
 int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
@@ -1118,7 +1131,7 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
     int b, bits, ret = 0;
     int r_is_one;
     BN_ULONG w, next_w;
-    BIGNUM *d, *r, *t;
+    BIGNUM *r, *t;
     BIGNUM *swap_tmp;
 #define BN_MOD_MUL_WORD(r, w, m) \
                 (BN_mul_word(r, (w)) && \
@@ -1149,7 +1162,7 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
 
     if (!BN_is_odd(m)) {
         BNerr(BN_F_BN_MOD_EXP_MONT_WORD, BN_R_CALLED_WITH_EVEN_MODULUS);
-        return (0);
+        return 0;
     }
     if (m->top == 1)
         a %= m->d[0];           /* make sure that 'a' is reduced */
@@ -1172,10 +1185,9 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
     }
 
     BN_CTX_start(ctx);
-    d = BN_CTX_get(ctx);
     r = BN_CTX_get(ctx);
     t = BN_CTX_get(ctx);
-    if (d == NULL || r == NULL || t == NULL)
+    if (t == NULL)
         goto err;
 
     if (in_mont != NULL)
@@ -1256,7 +1268,7 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
         BN_MONT_CTX_free(mont);
     BN_CTX_end(ctx);
     bn_check_top(rr);
-    return (ret);
+    return ret;
 }
 
 /* The old fallback, simple version :-) */
@@ -1292,7 +1304,7 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
     BN_CTX_start(ctx);
     d = BN_CTX_get(ctx);
     val[0] = BN_CTX_get(ctx);
-    if (!d || !val[0])
+    if (val[0] == NULL)
         goto err;
 
     if (!BN_nnmod(val[0], a, m, ctx))
@@ -1377,5 +1389,5 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
  err:
     BN_CTX_end(ctx);
     bn_check_top(r);
-    return (ret);
+    return ret;
 }
diff --git a/deps/openssl/openssl/crypto/bn/bn_exp2.c b/deps/openssl/openssl/crypto/bn/bn_exp2.c
index 5141c21f6d..082c9286a0 100644
--- a/deps/openssl/openssl/crypto/bn/bn_exp2.c
+++ b/deps/openssl/openssl/crypto/bn/bn_exp2.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -34,7 +34,7 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
 
     if (!(m->d[0] & 1)) {
         BNerr(BN_F_BN_MOD_EXP2_MONT, BN_R_CALLED_WITH_EVEN_MODULUS);
-        return (0);
+        return 0;
     }
     bits1 = BN_num_bits(p1);
     bits2 = BN_num_bits(p2);
@@ -50,7 +50,7 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
     r = BN_CTX_get(ctx);
     val1[0] = BN_CTX_get(ctx);
     val2[0] = BN_CTX_get(ctx);
-    if (!d || !r || !val1[0] || !val2[0])
+    if (val2[0] == NULL)
         goto err;
 
     if (in_mont != NULL)
@@ -197,5 +197,5 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
         BN_MONT_CTX_free(mont);
     BN_CTX_end(ctx);
     bn_check_top(rr);
-    return (ret);
+    return ret;
 }
diff --git a/deps/openssl/openssl/crypto/bn/bn_gcd.c b/deps/openssl/openssl/crypto/bn/bn_gcd.c
index bed231c8fa..0091ea4e08 100644
--- a/deps/openssl/openssl/crypto/bn/bn_gcd.c
+++ b/deps/openssl/openssl/crypto/bn/bn_gcd.c
@@ -23,7 +23,7 @@ int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx)
     BN_CTX_start(ctx);
     a = BN_CTX_get(ctx);
     b = BN_CTX_get(ctx);
-    if (a == NULL || b == NULL)
+    if (b == NULL)
         goto err;
 
     if (BN_copy(a, in_a) == NULL)
@@ -48,7 +48,7 @@ int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx)
  err:
     BN_CTX_end(ctx);
     bn_check_top(r);
-    return (ret);
+    return ret;
 }
 
 static BIGNUM *euclid(BIGNUM *a, BIGNUM *b)
@@ -111,9 +111,9 @@ static BIGNUM *euclid(BIGNUM *a, BIGNUM *b)
             goto err;
     }
     bn_check_top(a);
-    return (a);
+    return a;
  err:
-    return (NULL);
+    return NULL;
 }
 
 /* solves ax == 1 (mod n) */
@@ -448,7 +448,7 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in,
         BN_free(R);
     BN_CTX_end(ctx);
     bn_check_top(ret);
-    return (ret);
+    return ret;
 }
 
 /*
@@ -619,5 +619,5 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
         BN_free(R);
     BN_CTX_end(ctx);
     bn_check_top(ret);
-    return (ret);
+    return ret;
 }
diff --git a/deps/openssl/openssl/crypto/bn/bn_gf2m.c b/deps/openssl/openssl/crypto/bn/bn_gf2m.c
index d80f3ec940..34d8b69c1e 100644
--- a/deps/openssl/openssl/crypto/bn/bn_gf2m.c
+++ b/deps/openssl/openssl/crypto/bn/bn_gf2m.c
@@ -1,5 +1,6 @@
 /*
  * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -7,17 +8,6 @@
  * https://www.openssl.org/source/license.html
  */
 
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
- * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
- * to the OpenSSL project.
- *
- * The ECC Code is licensed pursuant to the OpenSSL open source
- * license provided below.
- */
-
 #include <assert.h>
 #include <limits.h>
 #include <stdio.h>
@@ -559,7 +549,8 @@ int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
  * Hernandez, J.L., and Menezes, A.  "Software Implementation of Elliptic
  * Curve Cryptography Over Binary Fields".
  */
-int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+static int BN_GF2m_mod_inv_vartime(BIGNUM *r, const BIGNUM *a,
+                                   const BIGNUM *p, BN_CTX *ctx)
 {
     BIGNUM *b, *c = NULL, *u = NULL, *v = NULL, *tmp;
     int ret = 0;
@@ -569,13 +560,11 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
 
     BN_CTX_start(ctx);
 
-    if ((b = BN_CTX_get(ctx)) == NULL)
-        goto err;
-    if ((c = BN_CTX_get(ctx)) == NULL)
-        goto err;
-    if ((u = BN_CTX_get(ctx)) == NULL)
-        goto err;
-    if ((v = BN_CTX_get(ctx)) == NULL)
+    b = BN_CTX_get(ctx);
+    c = BN_CTX_get(ctx);
+    u = BN_CTX_get(ctx);
+    v = BN_CTX_get(ctx);
+    if (v == NULL)
         goto err;
 
     if (!BN_GF2m_mod(u, a, p))
@@ -727,6 +716,46 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
     return ret;
 }
 
+/*-
+ * Wrapper for BN_GF2m_mod_inv_vartime that blinds the input before calling.
+ * This is not constant time.
+ * But it does eliminate first order deduction on the input.
+ */
+int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+{
+    BIGNUM *b = NULL;
+    int ret = 0;
+
+    BN_CTX_start(ctx);
+    if ((b = BN_CTX_get(ctx)) == NULL)
+        goto err;
+
+    /* generate blinding value */
+    do {
+        if (!BN_priv_rand(b, BN_num_bits(p) - 1,
+                          BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY))
+            goto err;
+    } while (BN_is_zero(b));
+
+    /* r := a * b */
+    if (!BN_GF2m_mod_mul(r, a, b, p, ctx))
+        goto err;
+
+    /* r := 1/(a * b) */
+    if (!BN_GF2m_mod_inv_vartime(r, r, p, ctx))
+        goto err;
+
+    /* r := b/(a * b) = 1/a */
+    if (!BN_GF2m_mod_mul(r, r, b, p, ctx))
+        goto err;
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
 /*
  * Invert xx, reduce modulo p, and store the result in r. r could be xx.
  * This function calls down to the BN_GF2m_mod_inv implementation; this
@@ -754,7 +783,6 @@ int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *xx, const int p[],
     return ret;
 }
 
-# ifndef OPENSSL_SUN_GF2M_DIV
 /*
  * Divide y by x, reduce modulo p, and store the result in r. r could be x
  * or y, x could equal y.
@@ -785,94 +813,6 @@ int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x,
     BN_CTX_end(ctx);
     return ret;
 }
-# else
-/*
- * Divide y by x, reduce modulo p, and store the result in r. r could be x
- * or y, x could equal y. Uses algorithm Modular_Division_GF(2^m) from
- * Chang-Shantz, S.  "From Euclid's GCD to Montgomery Multiplication to the
- * Great Divide".
- */
-int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x,
-                    const BIGNUM *p, BN_CTX *ctx)
-{
-    BIGNUM *a, *b, *u, *v;
-    int ret = 0;
-
-    bn_check_top(y);
-    bn_check_top(x);
-    bn_check_top(p);
-
-    BN_CTX_start(ctx);
-
-    a = BN_CTX_get(ctx);
-    b = BN_CTX_get(ctx);
-    u = BN_CTX_get(ctx);
-    v = BN_CTX_get(ctx);
-    if (v == NULL)
-        goto err;
-
-    /* reduce x and y mod p */
-    if (!BN_GF2m_mod(u, y, p))
-        goto err;
-    if (!BN_GF2m_mod(a, x, p))
-        goto err;
-    if (!BN_copy(b, p))
-        goto err;
-
-    while (!BN_is_odd(a)) {
-        if (!BN_rshift1(a, a))
-            goto err;
-        if (BN_is_odd(u))
-            if (!BN_GF2m_add(u, u, p))
-                goto err;
-        if (!BN_rshift1(u, u))
-            goto err;
-    }
-
-    do {
-        if (BN_GF2m_cmp(b, a) > 0) {
-            if (!BN_GF2m_add(b, b, a))
-                goto err;
-            if (!BN_GF2m_add(v, v, u))
-                goto err;
-            do {
-                if (!BN_rshift1(b, b))
-                    goto err;
-                if (BN_is_odd(v))
-                    if (!BN_GF2m_add(v, v, p))
-                        goto err;
-                if (!BN_rshift1(v, v))
-                    goto err;
-            } while (!BN_is_odd(b));
-        } else if (BN_abs_is_word(a, 1))
-            break;
-        else {
-            if (!BN_GF2m_add(a, a, b))
-                goto err;
-            if (!BN_GF2m_add(u, u, v))
-                goto err;
-            do {
-                if (!BN_rshift1(a, a))
-                    goto err;
-                if (BN_is_odd(u))
-                    if (!BN_GF2m_add(u, u, p))
-                        goto err;
-                if (!BN_rshift1(u, u))
-                    goto err;
-            } while (!BN_is_odd(a));
-        }
-    } while (1);
-
-    if (!BN_copy(r, u))
-        goto err;
-    bn_check_top(r);
-    ret = 1;
-
- err:
-    BN_CTX_end(ctx);
-    return ret;
-}
-# endif
 
 /*
  * Divide yy by xx, reduce modulo p, and store the result in r. r could be xx
@@ -918,7 +858,7 @@ int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
     bn_check_top(b);
 
     if (BN_is_zero(b))
-        return (BN_one(r));
+        return BN_one(r);
 
     if (BN_abs_is_word(b, 1))
         return (BN_copy(r, a) != NULL);
@@ -1091,7 +1031,7 @@ int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const int p[],
         if (tmp == NULL)
             goto err;
         do {
-            if (!BN_rand(rho, p[0], BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY))
+            if (!BN_priv_rand(rho, p[0], BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY))
                 goto err;
             if (!BN_GF2m_mod_arr(rho, rho, p))
                 goto err;
diff --git a/deps/openssl/openssl/crypto/bn/bn_intern.c b/deps/openssl/openssl/crypto/bn/bn_intern.c
index 7b25927f9b..46bc97575d 100644
--- a/deps/openssl/openssl/crypto/bn/bn_intern.c
+++ b/deps/openssl/openssl/crypto/bn/bn_intern.c
@@ -143,11 +143,6 @@ int bn_get_top(const BIGNUM *a)
     return a->top;
 }
 
-void bn_set_top(BIGNUM *a, int top)
-{
-    a->top = top;
-}
-
 int bn_get_dmax(const BIGNUM *a)
 {
     return a->dmax;
@@ -202,13 +197,3 @@ int bn_set_words(BIGNUM *a, const BN_ULONG *words, int num_words)
     bn_correct_top(a);
     return 1;
 }
-
-size_t bn_sizeof_BIGNUM(void)
-{
-    return sizeof(BIGNUM);
-}
-
-BIGNUM *bn_array_el(BIGNUM *base, int el)
-{
-    return &base[el];
-}
diff --git a/deps/openssl/openssl/crypto/bn/bn_lcl.h b/deps/openssl/openssl/crypto/bn/bn_lcl.h
index 4d9808f5b8..8a36db2e8b 100644
--- a/deps/openssl/openssl/crypto/bn/bn_lcl.h
+++ b/deps/openssl/openssl/crypto/bn/bn_lcl.h
@@ -23,10 +23,6 @@
 
 # include "internal/bn_int.h"
 
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
 /*
  * These preprocessor symbols control various aspects of the bignum headers
  * and library code. They're not defined by any "normal" configuration, as
@@ -156,11 +152,6 @@ extern "C" {
  */
 #  define BN_FLG_FIXED_TOP 0x10000
 #  ifdef BN_DEBUG_RAND
-/* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */
-#   ifndef RAND_bytes
-int RAND_bytes(unsigned char *buf, int num);
-#    define BN_DEBUG_TRIX
-#   endif
 #   define bn_pollute(a) \
         do { \
             const BIGNUM *_bnum1 = (a); \
@@ -176,9 +167,6 @@ int RAND_bytes(unsigned char *buf, int num);
                        sizeof(*_not_const) * (_bnum1->dmax - _bnum1->top)); \
             } \
         } while(0)
-#   ifdef BN_DEBUG_TRIX
-#    undef RAND_bytes
-#   endif
 #  else
 #   define bn_pollute(a)
 #  endif
@@ -187,9 +175,9 @@ int RAND_bytes(unsigned char *buf, int num);
                 const BIGNUM *_bnum2 = (a); \
                 if (_bnum2 != NULL) { \
                         int _top = _bnum2->top; \
-                        OPENSSL_assert((_top == 0 && !_bnum2->neg) || \
-                               (_top && ((_bnum2->flags & BN_FLG_FIXED_TOP) \
-                                         || _bnum2->d[_top - 1] != 0))); \
+                        (void)ossl_assert((_top == 0 && !_bnum2->neg) || \
+                                  (_top && ((_bnum2->flags & BN_FLG_FIXED_TOP) \
+                                            || _bnum2->d[_top - 1] != 0))); \
                         bn_pollute(_bnum2); \
                 } \
         } while(0)
@@ -200,8 +188,8 @@ int RAND_bytes(unsigned char *buf, int num);
 #  define bn_wcheck_size(bn, words) \
         do { \
                 const BIGNUM *_bnum2 = (bn); \
-                OPENSSL_assert((words) <= (_bnum2)->dmax && \
-                        (words) >= (_bnum2)->top); \
+                assert((words) <= (_bnum2)->dmax && \
+                       (words) >= (_bnum2)->top); \
                 /* avoid unused variable warning with NDEBUG */ \
                 (void)(_bnum2); \
         } while(0)
@@ -370,59 +358,58 @@ struct bn_gencb_st {
 # if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC)
 /*
  * BN_UMULT_HIGH section.
- *
- * No, I'm not trying to overwhelm you when stating that the
- * product of N-bit numbers is 2*N bits wide:-) No, I don't expect
- * you to be impressed when I say that if the compiler doesn't
- * support 2*N integer type, then you have to replace every N*N
- * multiplication with 4 (N/2)*(N/2) accompanied by some shifts
- * and additions which unavoidably results in severe performance
- * penalties. Of course provided that the hardware is capable of
- * producing 2*N result... That's when you normally start
- * considering assembler implementation. However! It should be
- * pointed out that some CPUs (most notably Alpha, PowerPC and
- * upcoming IA-64 family:-) provide *separate* instruction
- * calculating the upper half of the product placing the result
- * into a general purpose register. Now *if* the compiler supports
- * inline assembler, then it's not impossible to implement the
- * "bignum" routines (and have the compiler optimize 'em)
- * exhibiting "native" performance in C. That's what BN_UMULT_HIGH
- * macro is about:-)
- *
- *                                      <appro@fy.chalmers.se>
+ * If the compiler doesn't support 2*N integer type, then you have to
+ * replace every N*N multiplication with 4 (N/2)*(N/2) accompanied by some
+ * shifts and additions which unavoidably results in severe performance
+ * penalties. Of course provided that the hardware is capable of producing
+ * 2*N result... That's when you normally start considering assembler
+ * implementation. However! It should be pointed out that some CPUs (e.g.,
+ * PowerPC, Alpha, and IA-64) provide *separate* instruction calculating
+ * the upper half of the product placing the result into a general
+ * purpose register. Now *if* the compiler supports inline assembler,
+ * then it's not impossible to implement the "bignum" routines (and have
+ * the compiler optimize 'em) exhibiting "native" performance in C. That's
+ * what BN_UMULT_HIGH macro is about:-) Note that more recent compilers do
+ * support 2*64 integer type, which is also used here.
  */
-#  if defined(__alpha) && (defined(SIXTY_FOUR_BIT_LONG) || defined(SIXTY_FOUR_BIT))
+#  if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16 && \
+      (defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG))
+#   define BN_UMULT_HIGH(a,b)          (((__uint128_t)(a)*(b))>>64)
+#   define BN_UMULT_LOHI(low,high,a,b) ({       \
+        __uint128_t ret=(__uint128_t)(a)*(b);   \
+        (high)=ret>>64; (low)=ret;      })
+#  elif defined(__alpha) && (defined(SIXTY_FOUR_BIT_LONG) || defined(SIXTY_FOUR_BIT))
 #   if defined(__DECC)
 #    include <c_asm.h>
 #    define BN_UMULT_HIGH(a,b)   (BN_ULONG)asm("umulh %a0,%a1,%v0",(a),(b))
 #   elif defined(__GNUC__) && __GNUC__>=2
-#    define BN_UMULT_HIGH(a,b)   ({      \
+#    define BN_UMULT_HIGH(a,b)   ({     \
         register BN_ULONG ret;          \
         asm ("umulh     %1,%2,%0"       \
              : "=r"(ret)                \
              : "r"(a), "r"(b));         \
-        ret;                    })
+        ret;                      })
 #   endif                       /* compiler */
-#  elif defined(_ARCH_PPC) && defined(__64BIT__) && defined(SIXTY_FOUR_BIT_LONG)
+#  elif defined(_ARCH_PPC64) && defined(SIXTY_FOUR_BIT_LONG)
 #   if defined(__GNUC__) && __GNUC__>=2
-#    define BN_UMULT_HIGH(a,b)   ({      \
+#    define BN_UMULT_HIGH(a,b)   ({     \
         register BN_ULONG ret;          \
         asm ("mulhdu    %0,%1,%2"       \
              : "=r"(ret)                \
              : "r"(a), "r"(b));         \
-        ret;                    })
+        ret;                      })
 #   endif                       /* compiler */
 #  elif (defined(__x86_64) || defined(__x86_64__)) && \
        (defined(SIXTY_FOUR_BIT_LONG) || defined(SIXTY_FOUR_BIT))
 #   if defined(__GNUC__) && __GNUC__>=2
-#    define BN_UMULT_HIGH(a,b)   ({      \
+#    define BN_UMULT_HIGH(a,b)   ({     \
         register BN_ULONG ret,discard;  \
         asm ("mulq      %3"             \
              : "=a"(discard),"=d"(ret)  \
              : "a"(a), "g"(b)           \
              : "cc");                   \
-        ret;                    })
-#    define BN_UMULT_LOHI(low,high,a,b)  \
+        ret;                      })
+#    define BN_UMULT_LOHI(low,high,a,b) \
         asm ("mulq      %3"             \
                 : "=a"(low),"=d"(high)  \
                 : "a"(a),"g"(b)         \
@@ -439,43 +426,29 @@ unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b,
 #   endif
 #  elif defined(__mips) && (defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG))
 #   if defined(__GNUC__) && __GNUC__>=2
-#    if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16
-      /* "h" constraint is not an option on R6 and was removed in 4.4 */
-#     define BN_UMULT_HIGH(a,b)          (((__uint128_t)(a)*(b))>>64)
-#     define BN_UMULT_LOHI(low,high,a,b) ({     \
-        __uint128_t ret=(__uint128_t)(a)*(b);   \
-        (high)=ret>>64; (low)=ret;       })
-#    else
-#     define BN_UMULT_HIGH(a,b) ({      \
+#    define BN_UMULT_HIGH(a,b) ({       \
         register BN_ULONG ret;          \
         asm ("dmultu    %1,%2"          \
              : "=h"(ret)                \
              : "r"(a), "r"(b) : "l");   \
         ret;                    })
-#     define BN_UMULT_LOHI(low,high,a,b)\
+#    define BN_UMULT_LOHI(low,high,a,b) \
         asm ("dmultu    %2,%3"          \
              : "=l"(low),"=h"(high)     \
              : "r"(a), "r"(b));
-#    endif
 #   endif
 #  elif defined(__aarch64__) && defined(SIXTY_FOUR_BIT_LONG)
 #   if defined(__GNUC__) && __GNUC__>=2
-#    define BN_UMULT_HIGH(a,b)   ({      \
+#    define BN_UMULT_HIGH(a,b)   ({     \
         register BN_ULONG ret;          \
         asm ("umulh     %0,%1,%2"       \
              : "=r"(ret)                \
              : "r"(a), "r"(b));         \
-        ret;                    })
+        ret;                      })
 #   endif
 #  endif                        /* cpu */
 # endif                         /* OPENSSL_NO_ASM */
 
-/*************************************************************
- * Using the long long type
- */
-# define Lw(t)    (((BN_ULONG)(t))&BN_MASK2)
-# define Hw(t)    (((BN_ULONG)((t)>>BN_BITS2))&BN_MASK2)
-
 # ifdef BN_DEBUG_RAND
 #  define bn_clear_top2max(a) \
         { \
@@ -489,6 +462,12 @@ unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b,
 # endif
 
 # ifdef BN_LLONG
+/*******************************************************************
+ * Using the long long type, has to be twice as wide as BN_ULONG...
+ */
+#  define Lw(t)    (((BN_ULONG)(t))&BN_MASK2)
+#  define Hw(t)    (((BN_ULONG)((t)>>BN_BITS2))&BN_MASK2)
+
 #  define mul_add(r,a,w,c) { \
         BN_ULLONG t; \
         t=(BN_ULLONG)w * (a) + (r) + (c); \
@@ -666,10 +645,6 @@ void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t);
 void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n);
 void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
                           BN_ULONG *t);
-void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2,
-                 BN_ULONG *t);
-BN_ULONG bn_add_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
-                           int cl, int dl);
 BN_ULONG bn_sub_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
                            int cl, int dl);
 int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
@@ -681,8 +656,6 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in,
 
 int bn_probable_prime_dh(BIGNUM *rnd, int bits,
                          const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx);
-int bn_probable_prime_dh_retry(BIGNUM *rnd, int bits, BN_CTX *ctx);
-int bn_probable_prime_dh_coprime(BIGNUM *rnd, int bits, BN_CTX *ctx);
 
 static ossl_inline BIGNUM *bn_expand(BIGNUM *a, int bits)
 {
@@ -695,8 +668,4 @@ static ossl_inline BIGNUM *bn_expand(BIGNUM *a, int bits)
     return bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2);
 }
 
-#ifdef  __cplusplus
-}
-#endif
-
 #endif
diff --git a/deps/openssl/openssl/crypto/bn/bn_lib.c b/deps/openssl/openssl/crypto/bn/bn_lib.c
index 3f3c7bbb2f..80f910c807 100644
--- a/deps/openssl/openssl/crypto/bn/bn_lib.c
+++ b/deps/openssl/openssl/crypto/bn/bn_lib.c
@@ -66,15 +66,15 @@ void BN_set_params(int mult, int high, int low, int mont)
 int BN_get_params(int which)
 {
     if (which == 0)
-        return (bn_limit_bits);
+        return bn_limit_bits;
     else if (which == 1)
-        return (bn_limit_bits_high);
+        return bn_limit_bits_high;
     else if (which == 2)
-        return (bn_limit_bits_low);
+        return bn_limit_bits_low;
     else if (which == 3)
-        return (bn_limit_bits_mont);
+        return bn_limit_bits_mont;
     else
-        return (0);
+        return 0;
 }
 #endif
 
@@ -84,7 +84,7 @@ const BIGNUM *BN_value_one(void)
     static const BIGNUM const_one =
         { (BN_ULONG *)&data_one, 1, 1, 0, BN_FLG_STATIC_DATA };
 
-    return (&const_one);
+    return &const_one;
 }
 
 int BN_num_bits_word(BN_ULONG l)
@@ -153,37 +153,26 @@ static void bn_free_d(BIGNUM *a)
 
 void BN_clear_free(BIGNUM *a)
 {
-    int i;
-
     if (a == NULL)
         return;
-    bn_check_top(a);
-    if (a->d != NULL) {
+    if (a->d != NULL && !BN_get_flags(a, BN_FLG_STATIC_DATA)) {
         OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0]));
-        if (!BN_get_flags(a, BN_FLG_STATIC_DATA))
-            bn_free_d(a);
+        bn_free_d(a);
     }
-    i = BN_get_flags(a, BN_FLG_MALLOCED);
-    OPENSSL_cleanse(a, sizeof(*a));
-    if (i)
+    if (BN_get_flags(a, BN_FLG_MALLOCED)) {
+        OPENSSL_cleanse(a, sizeof(*a));
         OPENSSL_free(a);
+    }
 }
 
 void BN_free(BIGNUM *a)
 {
     if (a == NULL)
         return;
-    bn_check_top(a);
     if (!BN_get_flags(a, BN_FLG_STATIC_DATA))
         bn_free_d(a);
     if (a->flags & BN_FLG_MALLOCED)
         OPENSSL_free(a);
-    else {
-#if OPENSSL_API_COMPAT < 0x00908000L
-        a->flags |= BN_FLG_FREE;
-#endif
-        a->d = NULL;
-    }
 }
 
 void bn_init(BIGNUM *a)
@@ -200,11 +189,11 @@ BIGNUM *BN_new(void)
 
     if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) {
         BNerr(BN_F_BN_NEW, ERR_R_MALLOC_FAILURE);
-        return (NULL);
+        return NULL;
     }
     ret->flags = BN_FLG_MALLOCED;
     bn_check_top(ret);
-    return (ret);
+    return ret;
 }
 
  BIGNUM *BN_secure_new(void)
@@ -212,16 +201,14 @@ BIGNUM *BN_new(void)
      BIGNUM *ret = BN_new();
      if (ret != NULL)
          ret->flags |= BN_FLG_SECURE;
-     return (ret);
+     return ret;
  }
 
 /* This is used by bn_expand2() */
 /* The caller MUST check that words > b->dmax before calling this */
 static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
 {
-    BN_ULONG *A, *a = NULL;
-    const BN_ULONG *B;
-    int i;
+    BN_ULONG *a = NULL;
 
     if (words > (INT_MAX / (4 * BN_BITS2))) {
         BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_BIGNUM_TOO_LONG);
@@ -229,62 +216,22 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
     }
     if (BN_get_flags(b, BN_FLG_STATIC_DATA)) {
         BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
-        return (NULL);
+        return NULL;
     }
     if (BN_get_flags(b, BN_FLG_SECURE))
-        a = A = OPENSSL_secure_zalloc(words * sizeof(*a));
+        a = OPENSSL_secure_zalloc(words * sizeof(*a));
     else
-        a = A = OPENSSL_zalloc(words * sizeof(*a));
-    if (A == NULL) {
+        a = OPENSSL_zalloc(words * sizeof(*a));
+    if (a == NULL) {
         BNerr(BN_F_BN_EXPAND_INTERNAL, ERR_R_MALLOC_FAILURE);
-        return (NULL);
+        return NULL;
     }
 
-#if 1
-    B = b->d;
-    /* Check if the previous number needs to be copied */
-    if (B != NULL) {
-        for (i = b->top >> 2; i > 0; i--, A += 4, B += 4) {
-            /*
-             * The fact that the loop is unrolled
-             * 4-wise is a tribute to Intel. It's
-             * the one that doesn't have enough
-             * registers to accommodate more data.
-             * I'd unroll it 8-wise otherwise:-)
-             *
-             *              <appro@fy.chalmers.se>
-             */
-            BN_ULONG a0, a1, a2, a3;
-            a0 = B[0];
-            a1 = B[1];
-            a2 = B[2];
-            a3 = B[3];
-            A[0] = a0;
-            A[1] = a1;
-            A[2] = a2;
-            A[3] = a3;
-        }
-        switch (b->top & 3) {
-        case 3:
-            A[2] = B[2];
-            /* fall thru */
-        case 2:
-            A[1] = B[1];
-            /* fall thru */
-        case 1:
-            A[0] = B[0];
-            /* fall thru */
-        case 0:
-            /* Without the "case 0" some old optimizers got this wrong. */
-            ;
-        }
-    }
-#else
-    memset(A, 0, sizeof(*A) * words);
-    memcpy(A, b->d, sizeof(b->d[0]) * b->top);
-#endif
+    assert(b->top <= words);
+    if (b->top > 0)
+        memcpy(a, b->d, sizeof(*a) * b->top);
 
-    return (a);
+    return a;
 }
 
 /*
@@ -333,53 +280,21 @@ BIGNUM *BN_dup(const BIGNUM *a)
 
 BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
 {
-    int i;
-    BN_ULONG *A;
-    const BN_ULONG *B;
-
     bn_check_top(b);
 
     if (a == b)
-        return (a);
+        return a;
     if (bn_wexpand(a, b->top) == NULL)
-        return (NULL);
-
-#if 1
-    A = a->d;
-    B = b->d;
-    for (i = b->top >> 2; i > 0; i--, A += 4, B += 4) {
-        BN_ULONG a0, a1, a2, a3;
-        a0 = B[0];
-        a1 = B[1];
-        a2 = B[2];
-        a3 = B[3];
-        A[0] = a0;
-        A[1] = a1;
-        A[2] = a2;
-        A[3] = a3;
-    }
-    /* ultrix cc workaround, see comments in bn_expand_internal */
-    switch (b->top & 3) {
-    case 3:
-        A[2] = B[2];
-        /* fall thru */
-    case 2:
-        A[1] = B[1];
-        /* fall thru */
-    case 1:
-        A[0] = B[0];
-        /* fall thru */
-    case 0:;
-    }
-#else
-    memcpy(a->d, b->d, sizeof(b->d[0]) * b->top);
-#endif
+        return NULL;
+
+    if (b->top > 0)
+        memcpy(a->d, b->d, sizeof(b->d[0]) * b->top);
 
     a->neg = b->neg;
     a->top = b->top;
     a->flags |= b->flags & BN_FLG_FIXED_TOP;
     bn_check_top(a);
-    return (a);
+    return a;
 }
 
 #define FLAGS_DATA(flags) ((flags) & (BN_FLG_STATIC_DATA \
@@ -445,13 +360,13 @@ int BN_set_word(BIGNUM *a, BN_ULONG w)
 {
     bn_check_top(a);
     if (bn_expand(a, (int)sizeof(BN_ULONG) * 8) == NULL)
-        return (0);
+        return 0;
     a->neg = 0;
     a->d[0] = w;
     a->top = (w ? 1 : 0);
     a->flags &= ~BN_FLG_FIXED_TOP;
     bn_check_top(a);
-    return (1);
+    return 1;
 }
 
 BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)
@@ -464,7 +379,7 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)
     if (ret == NULL)
         ret = bn = BN_new();
     if (ret == NULL)
-        return (NULL);
+        return NULL;
     bn_check_top(ret);
     /* Skip leading zero's. */
     for ( ; len > 0 && *s == 0; s++, len--)
@@ -472,7 +387,7 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)
     n = len;
     if (n == 0) {
         ret->top = 0;
-        return (ret);
+        return ret;
     }
     i = ((n - 1) / BN_BYTES) + 1;
     m = ((n - 1) % (BN_BYTES));
@@ -496,7 +411,7 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)
      * bit set (-ve number)
      */
     bn_correct_top(ret);
-    return (ret);
+    return ret;
 }
 
 /* ignore negative */
@@ -564,7 +479,7 @@ BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret)
     if (ret == NULL)
         ret = bn = BN_new();
     if (ret == NULL)
-        return (NULL);
+        return NULL;
     bn_check_top(ret);
     s += len;
     /* Skip trailing zeroes. */
@@ -631,7 +546,7 @@ int BN_ucmp(const BIGNUM *a, const BIGNUM *b)
 
     i = a->top - b->top;
     if (i != 0)
-        return (i);
+        return i;
     ap = a->d;
     bp = b->d;
     for (i = a->top - 1; i >= 0; i--) {
@@ -640,7 +555,7 @@ int BN_ucmp(const BIGNUM *a, const BIGNUM *b)
         if (t1 != t2)
             return ((t1 > t2) ? 1 : -1);
     }
-    return (0);
+    return 0;
 }
 
 int BN_cmp(const BIGNUM *a, const BIGNUM *b)
@@ -651,11 +566,11 @@ int BN_cmp(const BIGNUM *a, const BIGNUM *b)
 
     if ((a == NULL) || (b == NULL)) {
         if (a != NULL)
-            return (-1);
+            return -1;
         else if (b != NULL)
-            return (1);
+            return 1;
         else
-            return (0);
+            return 0;
     }
 
     bn_check_top(a);
@@ -663,9 +578,9 @@ int BN_cmp(const BIGNUM *a, const BIGNUM *b)
 
     if (a->neg != b->neg) {
         if (a->neg)
-            return (-1);
+            return -1;
         else
-            return (1);
+            return 1;
     }
     if (a->neg == 0) {
         gt = 1;
@@ -676,18 +591,18 @@ int BN_cmp(const BIGNUM *a, const BIGNUM *b)
     }
 
     if (a->top > b->top)
-        return (gt);
+        return gt;
     if (a->top < b->top)
-        return (lt);
+        return lt;
     for (i = a->top - 1; i >= 0; i--) {
         t1 = a->d[i];
         t2 = b->d[i];
         if (t1 > t2)
-            return (gt);
+            return gt;
         if (t1 < t2)
-            return (lt);
+            return lt;
     }
-    return (0);
+    return 0;
 }
 
 int BN_set_bit(BIGNUM *a, int n)
@@ -701,7 +616,7 @@ int BN_set_bit(BIGNUM *a, int n)
     j = n % BN_BITS2;
     if (a->top <= i) {
         if (bn_wexpand(a, i + 1) == NULL)
-            return (0);
+            return 0;
         for (k = a->top; k < i + 1; k++)
             a->d[k] = 0;
         a->top = i + 1;
@@ -710,7 +625,7 @@ int BN_set_bit(BIGNUM *a, int n)
 
     a->d[i] |= (((BN_ULONG)1) << j);
     bn_check_top(a);
-    return (1);
+    return 1;
 }
 
 int BN_clear_bit(BIGNUM *a, int n)
@@ -724,11 +639,11 @@ int BN_clear_bit(BIGNUM *a, int n)
     i = n / BN_BITS2;
     j = n % BN_BITS2;
     if (a->top <= i)
-        return (0);
+        return 0;
 
     a->d[i] &= (~(((BN_ULONG)1) << j));
     bn_correct_top(a);
-    return (1);
+    return 1;
 }
 
 int BN_is_bit_set(const BIGNUM *a, int n)
@@ -764,7 +679,7 @@ int BN_mask_bits(BIGNUM *a, int n)
         a->d[w] &= ~(BN_MASK2 << b);
     }
     bn_correct_top(a);
-    return (1);
+    return 1;
 }
 
 void BN_set_negative(BIGNUM *a, int b)
@@ -790,7 +705,7 @@ int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n)
         if (aa != bb)
             return ((aa > bb) ? 1 : -1);
     }
-    return (0);
+    return 0;
 }
 
 /*
@@ -1000,7 +915,7 @@ BN_GENCB *BN_GENCB_new(void)
 
     if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) {
         BNerr(BN_F_BN_GENCB_NEW, ERR_R_MALLOC_FAILURE);
-        return (NULL);
+        return NULL;
     }
 
     return ret;
diff --git a/deps/openssl/openssl/crypto/bn/bn_mod.c b/deps/openssl/openssl/crypto/bn/bn_mod.c
index 2e98035bd8..712fc8ac14 100644
--- a/deps/openssl/openssl/crypto/bn/bn_mod.c
+++ b/deps/openssl/openssl/crypto/bn/bn_mod.c
@@ -216,7 +216,7 @@ int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
     ret = 1;
  err:
     BN_CTX_end(ctx);
-    return (ret);
+    return ret;
 }
 
 int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
diff --git a/deps/openssl/openssl/crypto/bn/bn_mont.c b/deps/openssl/openssl/crypto/bn/bn_mont.c
index 41214334b8..393d27c392 100644
--- a/deps/openssl/openssl/crypto/bn/bn_mont.c
+++ b/deps/openssl/openssl/crypto/bn/bn_mont.c
@@ -44,12 +44,12 @@ int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
 #if defined(OPENSSL_BN_ASM_MONT) && defined(MONT_WORD)
     if (num > 1 && a->top == num && b->top == num) {
         if (bn_wexpand(r, num) == NULL)
-            return (0);
+            return 0;
         if (bn_mul_mont(r->d, a->d, b->d, mont->N.d, mont->n0, num)) {
             r->neg = a->neg ^ b->neg;
             r->top = num;
             r->flags |= BN_FLG_FIXED_TOP;
-            return (1);
+            return 1;
         }
     }
 #endif
@@ -81,7 +81,7 @@ int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
     ret = 1;
  err:
     BN_CTX_end(ctx);
-    return (ret);
+    return ret;
 }
 
 #ifdef MONT_WORD
@@ -96,17 +96,18 @@ static int bn_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
     nl = n->top;
     if (nl == 0) {
         ret->top = 0;
-        return (1);
+        return 1;
     }
 
     max = (2 * nl);             /* carry is stored separately */
     if (bn_wexpand(r, max) == NULL)
-        return (0);
+        return 0;
 
     r->neg ^= n->neg;
     np = n->d;
     rp = r->d;
 
+    /* clear the top words of T */
     for (rtop = r->top, i = 0; i < max; i++) {
         v = (BN_ULONG)0 - ((i - rtop) >> (8 * sizeof(rtop) - 1));
         rp[i] &= v;
@@ -130,7 +131,7 @@ static int bn_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
     }
 
     if (bn_wexpand(ret, nl) == NULL)
-        return (0);
+        return 0;
     ret->top = nl;
     ret->flags |= BN_FLG_FIXED_TOP;
     ret->neg = r->neg;
@@ -154,7 +155,7 @@ static int bn_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
         ap[i] = 0;
     }
 
-    return (1);
+    return 1;
 }
 #endif                          /* MONT_WORD */
 
@@ -188,7 +189,7 @@ int bn_from_mont_fixed_top(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
     BN_CTX_start(ctx);
     t1 = BN_CTX_get(ctx);
     t2 = BN_CTX_get(ctx);
-    if (t1 == NULL || t2 == NULL)
+    if (t2 == NULL)
         goto err;
 
     if (!BN_copy(t1, a))
@@ -215,7 +216,7 @@ int bn_from_mont_fixed_top(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
  err:
     BN_CTX_end(ctx);
 #endif                          /* MONT_WORD */
-    return (retn);
+    return retn;
 }
 
 int bn_to_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont,
@@ -228,20 +229,22 @@ BN_MONT_CTX *BN_MONT_CTX_new(void)
 {
     BN_MONT_CTX *ret;
 
-    if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL)
-        return (NULL);
+    if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) {
+        BNerr(BN_F_BN_MONT_CTX_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
 
     BN_MONT_CTX_init(ret);
     ret->flags = BN_FLG_MALLOCED;
-    return (ret);
+    return ret;
 }
 
 void BN_MONT_CTX_init(BN_MONT_CTX *ctx)
 {
     ctx->ri = 0;
-    bn_init(&(ctx->RR));
-    bn_init(&(ctx->N));
-    bn_init(&(ctx->Ni));
+    bn_init(&ctx->RR);
+    bn_init(&ctx->N);
+    bn_init(&ctx->Ni);
     ctx->n0[0] = ctx->n0[1] = 0;
     ctx->flags = 0;
 }
@@ -250,10 +253,9 @@ void BN_MONT_CTX_free(BN_MONT_CTX *mont)
 {
     if (mont == NULL)
         return;
-
-    BN_clear_free(&(mont->RR));
-    BN_clear_free(&(mont->N));
-    BN_clear_free(&(mont->Ni));
+    BN_clear_free(&mont->RR);
+    BN_clear_free(&mont->N);
+    BN_clear_free(&mont->Ni);
     if (mont->flags & BN_FLG_MALLOCED)
         OPENSSL_free(mont);
 }
@@ -409,7 +411,7 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
 BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from)
 {
     if (to == from)
-        return (to);
+        return to;
 
     if (!BN_copy(&(to->RR), &(from->RR)))
         return NULL;
@@ -420,7 +422,7 @@ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from)
     to->ri = from->ri;
     to->n0[0] = from->n0[0];
     to->n0[1] = from->n0[1];
-    return (to);
+    return to;
 }
 
 BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_RWLOCK *lock,
diff --git a/deps/openssl/openssl/crypto/bn/bn_mul.c b/deps/openssl/openssl/crypto/bn/bn_mul.c
index 237d7df106..5eda65cfbb 100644
--- a/deps/openssl/openssl/crypto/bn/bn_mul.c
+++ b/deps/openssl/openssl/crypto/bn/bn_mul.c
@@ -154,170 +154,6 @@ BN_ULONG bn_sub_part_words(BN_ULONG *r,
 }
 #endif
 
-BN_ULONG bn_add_part_words(BN_ULONG *r,
-                           const BN_ULONG *a, const BN_ULONG *b,
-                           int cl, int dl)
-{
-    BN_ULONG c, l, t;
-
-    assert(cl >= 0);
-    c = bn_add_words(r, a, b, cl);
-
-    if (dl == 0)
-        return c;
-
-    r += cl;
-    a += cl;
-    b += cl;
-
-    if (dl < 0) {
-        int save_dl = dl;
-        while (c) {
-            l = (c + b[0]) & BN_MASK2;
-            c = (l < c);
-            r[0] = l;
-            if (++dl >= 0)
-                break;
-
-            l = (c + b[1]) & BN_MASK2;
-            c = (l < c);
-            r[1] = l;
-            if (++dl >= 0)
-                break;
-
-            l = (c + b[2]) & BN_MASK2;
-            c = (l < c);
-            r[2] = l;
-            if (++dl >= 0)
-                break;
-
-            l = (c + b[3]) & BN_MASK2;
-            c = (l < c);
-            r[3] = l;
-            if (++dl >= 0)
-                break;
-
-            save_dl = dl;
-            b += 4;
-            r += 4;
-        }
-        if (dl < 0) {
-            if (save_dl < dl) {
-                switch (dl - save_dl) {
-                case 1:
-                    r[1] = b[1];
-                    if (++dl >= 0)
-                        break;
-                    /* fall thru */
-                case 2:
-                    r[2] = b[2];
-                    if (++dl >= 0)
-                        break;
-                    /* fall thru */
-                case 3:
-                    r[3] = b[3];
-                    if (++dl >= 0)
-                        break;
-                }
-                b += 4;
-                r += 4;
-            }
-        }
-        if (dl < 0) {
-            for (;;) {
-                r[0] = b[0];
-                if (++dl >= 0)
-                    break;
-                r[1] = b[1];
-                if (++dl >= 0)
-                    break;
-                r[2] = b[2];
-                if (++dl >= 0)
-                    break;
-                r[3] = b[3];
-                if (++dl >= 0)
-                    break;
-
-                b += 4;
-                r += 4;
-            }
-        }
-    } else {
-        int save_dl = dl;
-        while (c) {
-            t = (a[0] + c) & BN_MASK2;
-            c = (t < c);
-            r[0] = t;
-            if (--dl <= 0)
-                break;
-
-            t = (a[1] + c) & BN_MASK2;
-            c = (t < c);
-            r[1] = t;
-            if (--dl <= 0)
-                break;
-
-            t = (a[2] + c) & BN_MASK2;
-            c = (t < c);
-            r[2] = t;
-            if (--dl <= 0)
-                break;
-
-            t = (a[3] + c) & BN_MASK2;
-            c = (t < c);
-            r[3] = t;
-            if (--dl <= 0)
-                break;
-
-            save_dl = dl;
-            a += 4;
-            r += 4;
-        }
-        if (dl > 0) {
-            if (save_dl > dl) {
-                switch (save_dl - dl) {
-                case 1:
-                    r[1] = a[1];
-                    if (--dl <= 0)
-                        break;
-                    /* fall thru */
-                case 2:
-                    r[2] = a[2];
-                    if (--dl <= 0)
-                        break;
-                    /* fall thru */
-                case 3:
-                    r[3] = a[3];
-                    if (--dl <= 0)
-                        break;
-                }
-                a += 4;
-                r += 4;
-            }
-        }
-        if (dl > 0) {
-            for (;;) {
-                r[0] = a[0];
-                if (--dl <= 0)
-                    break;
-                r[1] = a[1];
-                if (--dl <= 0)
-                    break;
-                r[2] = a[2];
-                if (--dl <= 0)
-                    break;
-                r[3] = a[3];
-                if (--dl <= 0)
-                    break;
-
-                a += 4;
-                r += 4;
-            }
-        }
-    }
-    return c;
-}
-
 #ifdef BN_RECURSION
 /*
  * Karatsuba recursive multiplication algorithm (cf. Knuth, The Art of
@@ -505,7 +341,6 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
         bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */
         break;
     case -3:
-        /* break; */
     case -2:
         bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */
         bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n); /* + */
@@ -514,14 +349,12 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
     case -1:
     case 0:
     case 1:
-        /* break; */
     case 2:
         bn_sub_part_words(t, a, &(a[n]), tna, n - tna); /* + */
         bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */
         neg = 1;
         break;
     case 3:
-        /* break; */
     case 4:
         bn_sub_part_words(t, a, &(a[n]), tna, n - tna);
         bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n);
@@ -659,176 +492,6 @@ void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
         bn_add_words(&(r[n]), &(r[n]), &(t[n]), n);
     }
 }
-
-/*-
- * a and b must be the same size, which is n2.
- * r needs to be n2 words and t needs to be n2*2
- * l is the low words of the output.
- * t needs to be n2*3
- */
-void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2,
-                 BN_ULONG *t)
-{
-    int i, n;
-    int c1, c2;
-    int neg, oneg, zero;
-    BN_ULONG ll, lc, *lp, *mp;
-
-    n = n2 / 2;
-
-    /* Calculate (al-ah)*(bh-bl) */
-    neg = zero = 0;
-    c1 = bn_cmp_words(&(a[0]), &(a[n]), n);
-    c2 = bn_cmp_words(&(b[n]), &(b[0]), n);
-    switch (c1 * 3 + c2) {
-    case -4:
-        bn_sub_words(&(r[0]), &(a[n]), &(a[0]), n);
-        bn_sub_words(&(r[n]), &(b[0]), &(b[n]), n);
-        break;
-    case -3:
-        zero = 1;
-        break;
-    case -2:
-        bn_sub_words(&(r[0]), &(a[n]), &(a[0]), n);
-        bn_sub_words(&(r[n]), &(b[n]), &(b[0]), n);
-        neg = 1;
-        break;
-    case -1:
-    case 0:
-    case 1:
-        zero = 1;
-        break;
-    case 2:
-        bn_sub_words(&(r[0]), &(a[0]), &(a[n]), n);
-        bn_sub_words(&(r[n]), &(b[0]), &(b[n]), n);
-        neg = 1;
-        break;
-    case 3:
-        zero = 1;
-        break;
-    case 4:
-        bn_sub_words(&(r[0]), &(a[0]), &(a[n]), n);
-        bn_sub_words(&(r[n]), &(b[n]), &(b[0]), n);
-        break;
-    }
-
-    oneg = neg;
-    /* t[10] = (a[0]-a[1])*(b[1]-b[0]) */
-    /* r[10] = (a[1]*b[1]) */
-# ifdef BN_MUL_COMBA
-    if (n == 8) {
-        bn_mul_comba8(&(t[0]), &(r[0]), &(r[n]));
-        bn_mul_comba8(r, &(a[n]), &(b[n]));
-    } else
-# endif
-    {
-        bn_mul_recursive(&(t[0]), &(r[0]), &(r[n]), n, 0, 0, &(t[n2]));
-        bn_mul_recursive(r, &(a[n]), &(b[n]), n, 0, 0, &(t[n2]));
-    }
-
-    /*-
-     * s0 == low(al*bl)
-     * s1 == low(ah*bh)+low((al-ah)*(bh-bl))+low(al*bl)+high(al*bl)
-     * We know s0 and s1 so the only unknown is high(al*bl)
-     * high(al*bl) == s1 - low(ah*bh+s0+(al-ah)*(bh-bl))
-     * high(al*bl) == s1 - (r[0]+l[0]+t[0])
-     */
-    if (l != NULL) {
-        lp = &(t[n2 + n]);
-        bn_add_words(lp, &(r[0]), &(l[0]), n);
-    } else {
-        lp = &(r[0]);
-    }
-
-    if (neg)
-        neg = (int)(bn_sub_words(&(t[n2]), lp, &(t[0]), n));
-    else {
-        bn_add_words(&(t[n2]), lp, &(t[0]), n);
-        neg = 0;
-    }
-
-    if (l != NULL) {
-        bn_sub_words(&(t[n2 + n]), &(l[n]), &(t[n2]), n);
-    } else {
-        lp = &(t[n2 + n]);
-        mp = &(t[n2]);
-        for (i = 0; i < n; i++)
-            lp[i] = ((~mp[i]) + 1) & BN_MASK2;
-    }
-
-    /*-
-     * s[0] = low(al*bl)
-     * t[3] = high(al*bl)
-     * t[10] = (a[0]-a[1])*(b[1]-b[0]) neg is the sign
-     * r[10] = (a[1]*b[1])
-     */
-    /*-
-     * R[10] = al*bl
-     * R[21] = al*bl + ah*bh + (a[0]-a[1])*(b[1]-b[0])
-     * R[32] = ah*bh
-     */
-    /*-
-     * R[1]=t[3]+l[0]+r[0](+-)t[0] (have carry/borrow)
-     * R[2]=r[0]+t[3]+r[1](+-)t[1] (have carry/borrow)
-     * R[3]=r[1]+(carry/borrow)
-     */
-    if (l != NULL) {
-        lp = &(t[n2]);
-        c1 = (int)(bn_add_words(lp, &(t[n2 + n]), &(l[0]), n));
-    } else {
-        lp = &(t[n2 + n]);
-        c1 = 0;
-    }
-    c1 += (int)(bn_add_words(&(t[n2]), lp, &(r[0]), n));
-    if (oneg)
-        c1 -= (int)(bn_sub_words(&(t[n2]), &(t[n2]), &(t[0]), n));
-    else
-        c1 += (int)(bn_add_words(&(t[n2]), &(t[n2]), &(t[0]), n));
-
-    c2 = (int)(bn_add_words(&(r[0]), &(r[0]), &(t[n2 + n]), n));
-    c2 += (int)(bn_add_words(&(r[0]), &(r[0]), &(r[n]), n));
-    if (oneg)
-        c2 -= (int)(bn_sub_words(&(r[0]), &(r[0]), &(t[n]), n));
-    else
-        c2 += (int)(bn_add_words(&(r[0]), &(r[0]), &(t[n]), n));
-
-    if (c1 != 0) {              /* Add starting at r[0], could be +ve or -ve */
-        i = 0;
-        if (c1 > 0) {
-            lc = c1;
-            do {
-                ll = (r[i] + lc) & BN_MASK2;
-                r[i++] = ll;
-                lc = (lc > ll);
-            } while (lc);
-        } else {
-            lc = -c1;
-            do {
-                ll = r[i];
-                r[i++] = (ll - lc) & BN_MASK2;
-                lc = (lc > ll);
-            } while (lc);
-        }
-    }
-    if (c2 != 0) {              /* Add starting at r[1] */
-        i = n;
-        if (c2 > 0) {
-            lc = c2;
-            do {
-                ll = (r[i] + lc) & BN_MASK2;
-                r[i++] = ll;
-                lc = (lc > ll);
-            } while (lc);
-        } else {
-            lc = -c2;
-            do {
-                ll = r[i];
-                r[i++] = (ll - lc) & BN_MASK2;
-                lc = (lc > ll);
-            } while (lc);
-        }
-    }
-}
 #endif                          /* BN_RECURSION */
 
 int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
@@ -863,7 +526,7 @@ int bn_mul_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
 
     if ((al == 0) || (bl == 0)) {
         BN_zero(r);
-        return (1);
+        return 1;
     }
     top = al + bl;
 
@@ -953,7 +616,7 @@ int bn_mul_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
  err:
     bn_check_top(r);
     BN_CTX_end(ctx);
-    return (ret);
+    return ret;
 }
 
 void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb)
diff --git a/deps/openssl/openssl/crypto/bn/bn_nist.c b/deps/openssl/openssl/crypto/bn/bn_nist.c
index 53598f97ef..dcdd321c66 100644
--- a/deps/openssl/openssl/crypto/bn/bn_nist.c
+++ b/deps/openssl/openssl/crypto/bn/bn_nist.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -254,7 +254,7 @@ static void nist_cp_bn_0(BN_ULONG *dst, const BN_ULONG *src, int top, int max)
     int i;
 
 #ifdef BN_DEBUG
-    OPENSSL_assert(top <= max);
+    (void)ossl_assert(top <= max);
 #endif
     for (i = 0; i < top; i++)
         dst[i] = src[i];
diff --git a/deps/openssl/openssl/crypto/bn/bn_prime.c b/deps/openssl/openssl/crypto/bn/bn_prime.c
index 616389cfa6..b91b31b1f3 100644
--- a/deps/openssl/openssl/crypto/bn/bn_prime.c
+++ b/deps/openssl/openssl/crypto/bn/bn_prime.c
@@ -1,7 +1,5 @@
 /*
- * WARNING: do not edit!
- * Generated by crypto/bn/bn_prime.pl
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -29,53 +27,6 @@ static int probable_prime_dh_safe(BIGNUM *rnd, int bits,
                                   const BIGNUM *add, const BIGNUM *rem,
                                   BN_CTX *ctx);
 
-static const int prime_offsets[480] = {
-    13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83,
-    89, 97, 101, 103, 107, 109, 113, 127, 131, 137, 139, 149, 151, 157, 163,
-    167, 169, 173, 179, 181, 191, 193, 197, 199, 211, 221, 223, 227, 229,
-    233, 239, 241, 247, 251, 257, 263, 269, 271, 277, 281, 283, 289, 293,
-    299, 307, 311, 313, 317, 323, 331, 337, 347, 349, 353, 359, 361, 367,
-    373, 377, 379, 383, 389, 391, 397, 401, 403, 409, 419, 421, 431, 433,
-    437, 439, 443, 449, 457, 461, 463, 467, 479, 481, 487, 491, 493, 499,
-    503, 509, 521, 523, 527, 529, 533, 541, 547, 551, 557, 559, 563, 569,
-    571, 577, 587, 589, 593, 599, 601, 607, 611, 613, 617, 619, 629, 631,
-    641, 643, 647, 653, 659, 661, 667, 673, 677, 683, 689, 691, 697, 701,
-    703, 709, 713, 719, 727, 731, 733, 739, 743, 751, 757, 761, 767, 769,
-    773, 779, 787, 793, 797, 799, 809, 811, 817, 821, 823, 827, 829, 839,
-    841, 851, 853, 857, 859, 863, 871, 877, 881, 883, 887, 893, 899, 901,
-    907, 911, 919, 923, 929, 937, 941, 943, 947, 949, 953, 961, 967, 971,
-    977, 983, 989, 991, 997, 1003, 1007, 1009, 1013, 1019, 1021, 1027, 1031,
-    1033, 1037, 1039, 1049, 1051, 1061, 1063, 1069, 1073, 1079, 1081, 1087,
-    1091, 1093, 1097, 1103, 1109, 1117, 1121, 1123, 1129, 1139, 1147, 1151,
-    1153, 1157, 1159, 1163, 1171, 1181, 1187, 1189, 1193, 1201, 1207, 1213,
-    1217, 1219, 1223, 1229, 1231, 1237, 1241, 1247, 1249, 1259, 1261, 1271,
-    1273, 1277, 1279, 1283, 1289, 1291, 1297, 1301, 1303, 1307, 1313, 1319,
-    1321, 1327, 1333, 1339, 1343, 1349, 1357, 1361, 1363, 1367, 1369, 1373,
-    1381, 1387, 1391, 1399, 1403, 1409, 1411, 1417, 1423, 1427, 1429, 1433,
-    1439, 1447, 1451, 1453, 1457, 1459, 1469, 1471, 1481, 1483, 1487, 1489,
-    1493, 1499, 1501, 1511, 1513, 1517, 1523, 1531, 1537, 1541, 1543, 1549,
-    1553, 1559, 1567, 1571, 1577, 1579, 1583, 1591, 1597, 1601, 1607, 1609,
-    1613, 1619, 1621, 1627, 1633, 1637, 1643, 1649, 1651, 1657, 1663, 1667,
-    1669, 1679, 1681, 1691, 1693, 1697, 1699, 1703, 1709, 1711, 1717, 1721,
-    1723, 1733, 1739, 1741, 1747, 1751, 1753, 1759, 1763, 1769, 1777, 1781,
-    1783, 1787, 1789, 1801, 1807, 1811, 1817, 1819, 1823, 1829, 1831, 1843,
-    1847, 1849, 1853, 1861, 1867, 1871, 1873, 1877, 1879, 1889, 1891, 1901,
-    1907, 1909, 1913, 1919, 1921, 1927, 1931, 1933, 1937, 1943, 1949, 1951,
-    1957, 1961, 1963, 1973, 1979, 1987, 1993, 1997, 1999, 2003, 2011, 2017,
-    2021, 2027, 2029, 2033, 2039, 2041, 2047, 2053, 2059, 2063, 2069, 2071,
-    2077, 2081, 2083, 2087, 2089, 2099, 2111, 2113, 2117, 2119, 2129, 2131,
-    2137, 2141, 2143, 2147, 2153, 2159, 2161, 2171, 2173, 2179, 2183, 2197,
-    2201, 2203, 2207, 2209, 2213, 2221, 2227, 2231, 2237, 2239, 2243, 2249,
-    2251, 2257, 2263, 2267, 2269, 2273, 2279, 2281, 2287, 2291, 2293, 2297,
-    2309, 2311
-};
-
-static const int prime_offset_count = 480;
-static const int prime_multiplier = 2310;
-static const int prime_multiplier_bits = 11; /* 2^|prime_multiplier_bits| <=
-                                              * |prime_multiplier| */
-static const int first_prime_index = 5;
-
 int BN_GENCB_call(BN_GENCB *cb, int a, int b)
 {
     /* No callback means continue */
@@ -127,7 +78,7 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
         goto err;
     BN_CTX_start(ctx);
     t = BN_CTX_get(ctx);
-    if (!t)
+    if (t == NULL)
         goto err;
  loop:
     /* make a random number and set the top and bottom bits */
@@ -203,26 +154,28 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
     int i, j, ret = -1;
     int k;
     BN_CTX *ctx = NULL;
-    BIGNUM *A1, *A1_odd, *check; /* taken from ctx */
+    BIGNUM *A1, *A1_odd, *A3, *check; /* taken from ctx */
     BN_MONT_CTX *mont = NULL;
 
-    if (BN_cmp(a, BN_value_one()) <= 0)
+    /* Take care of the really small primes 2 & 3 */
+    if (BN_is_word(a, 2) || BN_is_word(a, 3))
+        return 1;
+
+    /* Check odd and bigger than 1 */
+    if (!BN_is_odd(a) || BN_cmp(a, BN_value_one()) <= 0)
         return 0;
 
     if (checks == BN_prime_checks)
         checks = BN_prime_checks_for_size(BN_num_bits(a));
 
     /* first look for small factors */
-    if (!BN_is_odd(a))
-        /* a is even => a is prime if and only if a == 2 */
-        return BN_is_word(a, 2);
     if (do_trial_division) {
         for (i = 1; i < NUMPRIMES; i++) {
             BN_ULONG mod = BN_mod_word(a, primes[i]);
             if (mod == (BN_ULONG)-1)
                 goto err;
             if (mod == 0)
-                return 0;
+                return BN_is_word(a, primes[i]);
         }
         if (!BN_GENCB_call(cb, 1, -1))
             goto err;
@@ -235,20 +188,18 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
     BN_CTX_start(ctx);
 
     A1 = BN_CTX_get(ctx);
+    A3 = BN_CTX_get(ctx);
     A1_odd = BN_CTX_get(ctx);
     check = BN_CTX_get(ctx);
     if (check == NULL)
         goto err;
 
     /* compute A1 := a - 1 */
-    if (!BN_copy(A1, a))
+    if (!BN_copy(A1, a) || !BN_sub_word(A1, 1))
         goto err;
-    if (!BN_sub_word(A1, 1))
+    /* compute A3 := a - 3 */
+    if (!BN_copy(A3, a) || !BN_sub_word(A3, 3))
         goto err;
-    if (BN_is_zero(A1)) {
-        ret = 0;
-        goto err;
-    }
 
     /* write  A1  as  A1_odd * 2^k */
     k = 1;
@@ -265,11 +216,9 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
         goto err;
 
     for (i = 0; i < checks; i++) {
-        if (!BN_pseudo_rand_range(check, A1))
+        /* 1 < check < a-1 */
+        if (!BN_priv_rand_range(check, A3) || !BN_add_word(check, 2))
             goto err;
-        if (!BN_add_word(check, 1))
-            goto err;
-        /* now 1 <= check < a */
 
         j = witness(check, a, A1, A1_odd, k, ctx, mont);
         if (j == -1)
@@ -290,83 +239,6 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
     }
     BN_MONT_CTX_free(mont);
 
-    return (ret);
-}
-
-int bn_probable_prime_dh_retry(BIGNUM *rnd, int bits, BN_CTX *ctx)
-{
-    int i;
-    int ret = 0;
-
- loop:
-    if (!BN_rand(rnd, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD))
-        goto err;
-
-    /* we now have a random number 'rand' to test. */
-
-    for (i = 1; i < NUMPRIMES; i++) {
-        /* check that rnd is a prime */
-        BN_ULONG mod = BN_mod_word(rnd, (BN_ULONG)primes[i]);
-        if (mod == (BN_ULONG)-1)
-            goto err;
-        if (mod <= 1) {
-            goto loop;
-        }
-    }
-    ret = 1;
-
- err:
-    bn_check_top(rnd);
-    return (ret);
-}
-
-int bn_probable_prime_dh_coprime(BIGNUM *rnd, int bits, BN_CTX *ctx)
-{
-    int i;
-    BIGNUM *offset_index;
-    BIGNUM *offset_count;
-    int ret = 0;
-
-    OPENSSL_assert(bits > prime_multiplier_bits);
-
-    BN_CTX_start(ctx);
-    if ((offset_index = BN_CTX_get(ctx)) == NULL)
-        goto err;
-    if ((offset_count = BN_CTX_get(ctx)) == NULL)
-        goto err;
-
-    if (!BN_add_word(offset_count, prime_offset_count))
-        goto err;
-
- loop:
-    if (!BN_rand(rnd, bits - prime_multiplier_bits,
-                 BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD))
-        goto err;
-    if (BN_is_bit_set(rnd, bits))
-        goto loop;
-    if (!BN_rand_range(offset_index, offset_count))
-        goto err;
-
-    if (!BN_mul_word(rnd, prime_multiplier)
-        || !BN_add_word(rnd, prime_offsets[BN_get_word(offset_index)]))
-        goto err;
-
-    /* we now have a random number 'rand' to test. */
-
-    /* skip coprimes */
-    for (i = first_prime_index; i < NUMPRIMES; i++) {
-        /* check that rnd is a prime */
-        BN_ULONG mod = BN_mod_word(rnd, (BN_ULONG)primes[i]);
-        if (mod == (BN_ULONG)-1)
-            goto err;
-        if (mod <= 1)
-            goto loop;
-    }
-    ret = 1;
-
- err:
-    BN_CTX_end(ctx);
-    bn_check_top(rnd);
     return ret;
 }
 
@@ -405,8 +277,9 @@ static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods)
     char is_single_word = bits <= BN_BITS2;
 
  again:
-    if (!BN_rand(rnd, bits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ODD))
-        return (0);
+    /* TODO: Not all primes are private */
+    if (!BN_priv_rand(rnd, bits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ODD))
+        return 0;
     /* we now have a random number 'rnd' to test. */
     for (i = 1; i < NUMPRIMES; i++) {
         BN_ULONG mod = BN_mod_word(rnd, (BN_ULONG)primes[i]);
@@ -472,11 +345,11 @@ static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods)
         }
     }
     if (!BN_add_word(rnd, delta))
-        return (0);
+        return 0;
     if (BN_num_bits(rnd) != bits)
         goto again;
     bn_check_top(rnd);
-    return (1);
+    return 1;
 }
 
 int bn_probable_prime_dh(BIGNUM *rnd, int bits,
@@ -525,7 +398,7 @@ int bn_probable_prime_dh(BIGNUM *rnd, int bits,
  err:
     BN_CTX_end(ctx);
     bn_check_top(rnd);
-    return (ret);
+    return ret;
 }
 
 static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd,
@@ -592,5 +465,5 @@ static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd,
  err:
     BN_CTX_end(ctx);
     bn_check_top(p);
-    return (ret);
+    return ret;
 }
diff --git a/deps/openssl/openssl/crypto/bn/bn_prime.h b/deps/openssl/openssl/crypto/bn/bn_prime.h
index 41440fa4e1..a64c9630f3 100644
--- a/deps/openssl/openssl/crypto/bn/bn_prime.h
+++ b/deps/openssl/openssl/crypto/bn/bn_prime.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by crypto/bn/bn_prime.pl
  *
- * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -14,261 +14,260 @@ typedef unsigned short prime_t;
 # define NUMPRIMES 2048
 
 static const prime_t primes[2048] = {
-
-       2,    3,    5,    7,   11,   13,   17,   19, 
-      23,   29,   31,   37,   41,   43,   47,   53, 
-      59,   61,   67,   71,   73,   79,   83,   89, 
-      97,  101,  103,  107,  109,  113,  127,  131, 
-     137,  139,  149,  151,  157,  163,  167,  173, 
-     179,  181,  191,  193,  197,  199,  211,  223, 
-     227,  229,  233,  239,  241,  251,  257,  263, 
-     269,  271,  277,  281,  283,  293,  307,  311, 
-     313,  317,  331,  337,  347,  349,  353,  359, 
-     367,  373,  379,  383,  389,  397,  401,  409, 
-     419,  421,  431,  433,  439,  443,  449,  457, 
-     461,  463,  467,  479,  487,  491,  499,  503, 
-     509,  521,  523,  541,  547,  557,  563,  569, 
-     571,  577,  587,  593,  599,  601,  607,  613, 
-     617,  619,  631,  641,  643,  647,  653,  659, 
-     661,  673,  677,  683,  691,  701,  709,  719, 
-     727,  733,  739,  743,  751,  757,  761,  769, 
-     773,  787,  797,  809,  811,  821,  823,  827, 
-     829,  839,  853,  857,  859,  863,  877,  881, 
-     883,  887,  907,  911,  919,  929,  937,  941, 
-     947,  953,  967,  971,  977,  983,  991,  997, 
-    1009, 1013, 1019, 1021, 1031, 1033, 1039, 1049, 
-    1051, 1061, 1063, 1069, 1087, 1091, 1093, 1097, 
-    1103, 1109, 1117, 1123, 1129, 1151, 1153, 1163, 
-    1171, 1181, 1187, 1193, 1201, 1213, 1217, 1223, 
-    1229, 1231, 1237, 1249, 1259, 1277, 1279, 1283, 
-    1289, 1291, 1297, 1301, 1303, 1307, 1319, 1321, 
-    1327, 1361, 1367, 1373, 1381, 1399, 1409, 1423, 
-    1427, 1429, 1433, 1439, 1447, 1451, 1453, 1459, 
-    1471, 1481, 1483, 1487, 1489, 1493, 1499, 1511, 
-    1523, 1531, 1543, 1549, 1553, 1559, 1567, 1571, 
-    1579, 1583, 1597, 1601, 1607, 1609, 1613, 1619, 
-    1621, 1627, 1637, 1657, 1663, 1667, 1669, 1693, 
-    1697, 1699, 1709, 1721, 1723, 1733, 1741, 1747, 
-    1753, 1759, 1777, 1783, 1787, 1789, 1801, 1811, 
-    1823, 1831, 1847, 1861, 1867, 1871, 1873, 1877, 
-    1879, 1889, 1901, 1907, 1913, 1931, 1933, 1949, 
-    1951, 1973, 1979, 1987, 1993, 1997, 1999, 2003, 
-    2011, 2017, 2027, 2029, 2039, 2053, 2063, 2069, 
-    2081, 2083, 2087, 2089, 2099, 2111, 2113, 2129, 
-    2131, 2137, 2141, 2143, 2153, 2161, 2179, 2203, 
-    2207, 2213, 2221, 2237, 2239, 2243, 2251, 2267, 
-    2269, 2273, 2281, 2287, 2293, 2297, 2309, 2311, 
-    2333, 2339, 2341, 2347, 2351, 2357, 2371, 2377, 
-    2381, 2383, 2389, 2393, 2399, 2411, 2417, 2423, 
-    2437, 2441, 2447, 2459, 2467, 2473, 2477, 2503, 
-    2521, 2531, 2539, 2543, 2549, 2551, 2557, 2579, 
-    2591, 2593, 2609, 2617, 2621, 2633, 2647, 2657, 
-    2659, 2663, 2671, 2677, 2683, 2687, 2689, 2693, 
-    2699, 2707, 2711, 2713, 2719, 2729, 2731, 2741, 
-    2749, 2753, 2767, 2777, 2789, 2791, 2797, 2801, 
-    2803, 2819, 2833, 2837, 2843, 2851, 2857, 2861, 
-    2879, 2887, 2897, 2903, 2909, 2917, 2927, 2939, 
-    2953, 2957, 2963, 2969, 2971, 2999, 3001, 3011, 
-    3019, 3023, 3037, 3041, 3049, 3061, 3067, 3079, 
-    3083, 3089, 3109, 3119, 3121, 3137, 3163, 3167, 
-    3169, 3181, 3187, 3191, 3203, 3209, 3217, 3221, 
-    3229, 3251, 3253, 3257, 3259, 3271, 3299, 3301, 
-    3307, 3313, 3319, 3323, 3329, 3331, 3343, 3347, 
-    3359, 3361, 3371, 3373, 3389, 3391, 3407, 3413, 
-    3433, 3449, 3457, 3461, 3463, 3467, 3469, 3491, 
-    3499, 3511, 3517, 3527, 3529, 3533, 3539, 3541, 
-    3547, 3557, 3559, 3571, 3581, 3583, 3593, 3607, 
-    3613, 3617, 3623, 3631, 3637, 3643, 3659, 3671, 
-    3673, 3677, 3691, 3697, 3701, 3709, 3719, 3727, 
-    3733, 3739, 3761, 3767, 3769, 3779, 3793, 3797, 
-    3803, 3821, 3823, 3833, 3847, 3851, 3853, 3863, 
-    3877, 3881, 3889, 3907, 3911, 3917, 3919, 3923, 
-    3929, 3931, 3943, 3947, 3967, 3989, 4001, 4003, 
-    4007, 4013, 4019, 4021, 4027, 4049, 4051, 4057, 
-    4073, 4079, 4091, 4093, 4099, 4111, 4127, 4129, 
-    4133, 4139, 4153, 4157, 4159, 4177, 4201, 4211, 
-    4217, 4219, 4229, 4231, 4241, 4243, 4253, 4259, 
-    4261, 4271, 4273, 4283, 4289, 4297, 4327, 4337, 
-    4339, 4349, 4357, 4363, 4373, 4391, 4397, 4409, 
-    4421, 4423, 4441, 4447, 4451, 4457, 4463, 4481, 
-    4483, 4493, 4507, 4513, 4517, 4519, 4523, 4547, 
-    4549, 4561, 4567, 4583, 4591, 4597, 4603, 4621, 
-    4637, 4639, 4643, 4649, 4651, 4657, 4663, 4673, 
-    4679, 4691, 4703, 4721, 4723, 4729, 4733, 4751, 
-    4759, 4783, 4787, 4789, 4793, 4799, 4801, 4813, 
-    4817, 4831, 4861, 4871, 4877, 4889, 4903, 4909, 
-    4919, 4931, 4933, 4937, 4943, 4951, 4957, 4967, 
-    4969, 4973, 4987, 4993, 4999, 5003, 5009, 5011, 
-    5021, 5023, 5039, 5051, 5059, 5077, 5081, 5087, 
-    5099, 5101, 5107, 5113, 5119, 5147, 5153, 5167, 
-    5171, 5179, 5189, 5197, 5209, 5227, 5231, 5233, 
-    5237, 5261, 5273, 5279, 5281, 5297, 5303, 5309, 
-    5323, 5333, 5347, 5351, 5381, 5387, 5393, 5399, 
-    5407, 5413, 5417, 5419, 5431, 5437, 5441, 5443, 
-    5449, 5471, 5477, 5479, 5483, 5501, 5503, 5507, 
-    5519, 5521, 5527, 5531, 5557, 5563, 5569, 5573, 
-    5581, 5591, 5623, 5639, 5641, 5647, 5651, 5653, 
-    5657, 5659, 5669, 5683, 5689, 5693, 5701, 5711, 
-    5717, 5737, 5741, 5743, 5749, 5779, 5783, 5791, 
-    5801, 5807, 5813, 5821, 5827, 5839, 5843, 5849, 
-    5851, 5857, 5861, 5867, 5869, 5879, 5881, 5897, 
-    5903, 5923, 5927, 5939, 5953, 5981, 5987, 6007, 
-    6011, 6029, 6037, 6043, 6047, 6053, 6067, 6073, 
-    6079, 6089, 6091, 6101, 6113, 6121, 6131, 6133, 
-    6143, 6151, 6163, 6173, 6197, 6199, 6203, 6211, 
-    6217, 6221, 6229, 6247, 6257, 6263, 6269, 6271, 
-    6277, 6287, 6299, 6301, 6311, 6317, 6323, 6329, 
-    6337, 6343, 6353, 6359, 6361, 6367, 6373, 6379, 
-    6389, 6397, 6421, 6427, 6449, 6451, 6469, 6473, 
-    6481, 6491, 6521, 6529, 6547, 6551, 6553, 6563, 
-    6569, 6571, 6577, 6581, 6599, 6607, 6619, 6637, 
-    6653, 6659, 6661, 6673, 6679, 6689, 6691, 6701, 
-    6703, 6709, 6719, 6733, 6737, 6761, 6763, 6779, 
-    6781, 6791, 6793, 6803, 6823, 6827, 6829, 6833, 
-    6841, 6857, 6863, 6869, 6871, 6883, 6899, 6907, 
-    6911, 6917, 6947, 6949, 6959, 6961, 6967, 6971, 
-    6977, 6983, 6991, 6997, 7001, 7013, 7019, 7027, 
-    7039, 7043, 7057, 7069, 7079, 7103, 7109, 7121, 
-    7127, 7129, 7151, 7159, 7177, 7187, 7193, 7207, 
-    7211, 7213, 7219, 7229, 7237, 7243, 7247, 7253, 
-    7283, 7297, 7307, 7309, 7321, 7331, 7333, 7349, 
-    7351, 7369, 7393, 7411, 7417, 7433, 7451, 7457, 
-    7459, 7477, 7481, 7487, 7489, 7499, 7507, 7517, 
-    7523, 7529, 7537, 7541, 7547, 7549, 7559, 7561, 
-    7573, 7577, 7583, 7589, 7591, 7603, 7607, 7621, 
-    7639, 7643, 7649, 7669, 7673, 7681, 7687, 7691, 
-    7699, 7703, 7717, 7723, 7727, 7741, 7753, 7757, 
-    7759, 7789, 7793, 7817, 7823, 7829, 7841, 7853, 
-    7867, 7873, 7877, 7879, 7883, 7901, 7907, 7919, 
-    7927, 7933, 7937, 7949, 7951, 7963, 7993, 8009, 
-    8011, 8017, 8039, 8053, 8059, 8069, 8081, 8087, 
-    8089, 8093, 8101, 8111, 8117, 8123, 8147, 8161, 
-    8167, 8171, 8179, 8191, 8209, 8219, 8221, 8231, 
-    8233, 8237, 8243, 8263, 8269, 8273, 8287, 8291, 
-    8293, 8297, 8311, 8317, 8329, 8353, 8363, 8369, 
-    8377, 8387, 8389, 8419, 8423, 8429, 8431, 8443, 
-    8447, 8461, 8467, 8501, 8513, 8521, 8527, 8537, 
-    8539, 8543, 8563, 8573, 8581, 8597, 8599, 8609, 
-    8623, 8627, 8629, 8641, 8647, 8663, 8669, 8677, 
-    8681, 8689, 8693, 8699, 8707, 8713, 8719, 8731, 
-    8737, 8741, 8747, 8753, 8761, 8779, 8783, 8803, 
-    8807, 8819, 8821, 8831, 8837, 8839, 8849, 8861, 
-    8863, 8867, 8887, 8893, 8923, 8929, 8933, 8941, 
-    8951, 8963, 8969, 8971, 8999, 9001, 9007, 9011, 
-    9013, 9029, 9041, 9043, 9049, 9059, 9067, 9091, 
-    9103, 9109, 9127, 9133, 9137, 9151, 9157, 9161, 
-    9173, 9181, 9187, 9199, 9203, 9209, 9221, 9227, 
-    9239, 9241, 9257, 9277, 9281, 9283, 9293, 9311, 
-    9319, 9323, 9337, 9341, 9343, 9349, 9371, 9377, 
-    9391, 9397, 9403, 9413, 9419, 9421, 9431, 9433, 
-    9437, 9439, 9461, 9463, 9467, 9473, 9479, 9491, 
-    9497, 9511, 9521, 9533, 9539, 9547, 9551, 9587, 
-    9601, 9613, 9619, 9623, 9629, 9631, 9643, 9649, 
-    9661, 9677, 9679, 9689, 9697, 9719, 9721, 9733, 
-    9739, 9743, 9749, 9767, 9769, 9781, 9787, 9791, 
-    9803, 9811, 9817, 9829, 9833, 9839, 9851, 9857, 
-    9859, 9871, 9883, 9887, 9901, 9907, 9923, 9929, 
-    9931, 9941, 9949, 9967, 9973, 10007, 10009, 10037, 
-    10039, 10061, 10067, 10069, 10079, 10091, 10093, 10099, 
-    10103, 10111, 10133, 10139, 10141, 10151, 10159, 10163, 
-    10169, 10177, 10181, 10193, 10211, 10223, 10243, 10247, 
-    10253, 10259, 10267, 10271, 10273, 10289, 10301, 10303, 
-    10313, 10321, 10331, 10333, 10337, 10343, 10357, 10369, 
-    10391, 10399, 10427, 10429, 10433, 10453, 10457, 10459, 
-    10463, 10477, 10487, 10499, 10501, 10513, 10529, 10531, 
-    10559, 10567, 10589, 10597, 10601, 10607, 10613, 10627, 
-    10631, 10639, 10651, 10657, 10663, 10667, 10687, 10691, 
-    10709, 10711, 10723, 10729, 10733, 10739, 10753, 10771, 
-    10781, 10789, 10799, 10831, 10837, 10847, 10853, 10859, 
-    10861, 10867, 10883, 10889, 10891, 10903, 10909, 10937, 
-    10939, 10949, 10957, 10973, 10979, 10987, 10993, 11003, 
-    11027, 11047, 11057, 11059, 11069, 11071, 11083, 11087, 
-    11093, 11113, 11117, 11119, 11131, 11149, 11159, 11161, 
-    11171, 11173, 11177, 11197, 11213, 11239, 11243, 11251, 
-    11257, 11261, 11273, 11279, 11287, 11299, 11311, 11317, 
-    11321, 11329, 11351, 11353, 11369, 11383, 11393, 11399, 
-    11411, 11423, 11437, 11443, 11447, 11467, 11471, 11483, 
-    11489, 11491, 11497, 11503, 11519, 11527, 11549, 11551, 
-    11579, 11587, 11593, 11597, 11617, 11621, 11633, 11657, 
-    11677, 11681, 11689, 11699, 11701, 11717, 11719, 11731, 
-    11743, 11777, 11779, 11783, 11789, 11801, 11807, 11813, 
-    11821, 11827, 11831, 11833, 11839, 11863, 11867, 11887, 
-    11897, 11903, 11909, 11923, 11927, 11933, 11939, 11941, 
-    11953, 11959, 11969, 11971, 11981, 11987, 12007, 12011, 
-    12037, 12041, 12043, 12049, 12071, 12073, 12097, 12101, 
-    12107, 12109, 12113, 12119, 12143, 12149, 12157, 12161, 
-    12163, 12197, 12203, 12211, 12227, 12239, 12241, 12251, 
-    12253, 12263, 12269, 12277, 12281, 12289, 12301, 12323, 
-    12329, 12343, 12347, 12373, 12377, 12379, 12391, 12401, 
-    12409, 12413, 12421, 12433, 12437, 12451, 12457, 12473, 
-    12479, 12487, 12491, 12497, 12503, 12511, 12517, 12527, 
-    12539, 12541, 12547, 12553, 12569, 12577, 12583, 12589, 
-    12601, 12611, 12613, 12619, 12637, 12641, 12647, 12653, 
-    12659, 12671, 12689, 12697, 12703, 12713, 12721, 12739, 
-    12743, 12757, 12763, 12781, 12791, 12799, 12809, 12821, 
-    12823, 12829, 12841, 12853, 12889, 12893, 12899, 12907, 
-    12911, 12917, 12919, 12923, 12941, 12953, 12959, 12967, 
-    12973, 12979, 12983, 13001, 13003, 13007, 13009, 13033, 
-    13037, 13043, 13049, 13063, 13093, 13099, 13103, 13109, 
-    13121, 13127, 13147, 13151, 13159, 13163, 13171, 13177, 
-    13183, 13187, 13217, 13219, 13229, 13241, 13249, 13259, 
-    13267, 13291, 13297, 13309, 13313, 13327, 13331, 13337, 
-    13339, 13367, 13381, 13397, 13399, 13411, 13417, 13421, 
-    13441, 13451, 13457, 13463, 13469, 13477, 13487, 13499, 
-    13513, 13523, 13537, 13553, 13567, 13577, 13591, 13597, 
-    13613, 13619, 13627, 13633, 13649, 13669, 13679, 13681, 
-    13687, 13691, 13693, 13697, 13709, 13711, 13721, 13723, 
-    13729, 13751, 13757, 13759, 13763, 13781, 13789, 13799, 
-    13807, 13829, 13831, 13841, 13859, 13873, 13877, 13879, 
-    13883, 13901, 13903, 13907, 13913, 13921, 13931, 13933, 
-    13963, 13967, 13997, 13999, 14009, 14011, 14029, 14033, 
-    14051, 14057, 14071, 14081, 14083, 14087, 14107, 14143, 
-    14149, 14153, 14159, 14173, 14177, 14197, 14207, 14221, 
-    14243, 14249, 14251, 14281, 14293, 14303, 14321, 14323, 
-    14327, 14341, 14347, 14369, 14387, 14389, 14401, 14407, 
-    14411, 14419, 14423, 14431, 14437, 14447, 14449, 14461, 
-    14479, 14489, 14503, 14519, 14533, 14537, 14543, 14549, 
-    14551, 14557, 14561, 14563, 14591, 14593, 14621, 14627, 
-    14629, 14633, 14639, 14653, 14657, 14669, 14683, 14699, 
-    14713, 14717, 14723, 14731, 14737, 14741, 14747, 14753, 
-    14759, 14767, 14771, 14779, 14783, 14797, 14813, 14821, 
-    14827, 14831, 14843, 14851, 14867, 14869, 14879, 14887, 
-    14891, 14897, 14923, 14929, 14939, 14947, 14951, 14957, 
-    14969, 14983, 15013, 15017, 15031, 15053, 15061, 15073, 
-    15077, 15083, 15091, 15101, 15107, 15121, 15131, 15137, 
-    15139, 15149, 15161, 15173, 15187, 15193, 15199, 15217, 
-    15227, 15233, 15241, 15259, 15263, 15269, 15271, 15277, 
-    15287, 15289, 15299, 15307, 15313, 15319, 15329, 15331, 
-    15349, 15359, 15361, 15373, 15377, 15383, 15391, 15401, 
-    15413, 15427, 15439, 15443, 15451, 15461, 15467, 15473, 
-    15493, 15497, 15511, 15527, 15541, 15551, 15559, 15569, 
-    15581, 15583, 15601, 15607, 15619, 15629, 15641, 15643, 
-    15647, 15649, 15661, 15667, 15671, 15679, 15683, 15727, 
-    15731, 15733, 15737, 15739, 15749, 15761, 15767, 15773, 
-    15787, 15791, 15797, 15803, 15809, 15817, 15823, 15859, 
-    15877, 15881, 15887, 15889, 15901, 15907, 15913, 15919, 
-    15923, 15937, 15959, 15971, 15973, 15991, 16001, 16007, 
-    16033, 16057, 16061, 16063, 16067, 16069, 16073, 16087, 
-    16091, 16097, 16103, 16111, 16127, 16139, 16141, 16183, 
-    16187, 16189, 16193, 16217, 16223, 16229, 16231, 16249, 
-    16253, 16267, 16273, 16301, 16319, 16333, 16339, 16349, 
-    16361, 16363, 16369, 16381, 16411, 16417, 16421, 16427, 
-    16433, 16447, 16451, 16453, 16477, 16481, 16487, 16493, 
-    16519, 16529, 16547, 16553, 16561, 16567, 16573, 16603, 
-    16607, 16619, 16631, 16633, 16649, 16651, 16657, 16661, 
-    16673, 16691, 16693, 16699, 16703, 16729, 16741, 16747, 
-    16759, 16763, 16787, 16811, 16823, 16829, 16831, 16843, 
-    16871, 16879, 16883, 16889, 16901, 16903, 16921, 16927, 
-    16931, 16937, 16943, 16963, 16979, 16981, 16987, 16993, 
-    17011, 17021, 17027, 17029, 17033, 17041, 17047, 17053, 
-    17077, 17093, 17099, 17107, 17117, 17123, 17137, 17159, 
-    17167, 17183, 17189, 17191, 17203, 17207, 17209, 17231, 
-    17239, 17257, 17291, 17293, 17299, 17317, 17321, 17327, 
-    17333, 17341, 17351, 17359, 17377, 17383, 17387, 17389, 
-    17393, 17401, 17417, 17419, 17431, 17443, 17449, 17467, 
-    17471, 17477, 17483, 17489, 17491, 17497, 17509, 17519, 
-    17539, 17551, 17569, 17573, 17579, 17581, 17597, 17599, 
-    17609, 17623, 17627, 17657, 17659, 17669, 17681, 17683, 
-    17707, 17713, 17729, 17737, 17747, 17749, 17761, 17783, 
-    17789, 17791, 17807, 17827, 17837, 17839, 17851, 17863, 
+        2,     3,     5,     7,    11,    13,    17,    19,
+       23,    29,    31,    37,    41,    43,    47,    53,
+       59,    61,    67,    71,    73,    79,    83,    89,
+       97,   101,   103,   107,   109,   113,   127,   131,
+      137,   139,   149,   151,   157,   163,   167,   173,
+      179,   181,   191,   193,   197,   199,   211,   223,
+      227,   229,   233,   239,   241,   251,   257,   263,
+      269,   271,   277,   281,   283,   293,   307,   311,
+      313,   317,   331,   337,   347,   349,   353,   359,
+      367,   373,   379,   383,   389,   397,   401,   409,
+      419,   421,   431,   433,   439,   443,   449,   457,
+      461,   463,   467,   479,   487,   491,   499,   503,
+      509,   521,   523,   541,   547,   557,   563,   569,
+      571,   577,   587,   593,   599,   601,   607,   613,
+      617,   619,   631,   641,   643,   647,   653,   659,
+      661,   673,   677,   683,   691,   701,   709,   719,
+      727,   733,   739,   743,   751,   757,   761,   769,
+      773,   787,   797,   809,   811,   821,   823,   827,
+      829,   839,   853,   857,   859,   863,   877,   881,
+      883,   887,   907,   911,   919,   929,   937,   941,
+      947,   953,   967,   971,   977,   983,   991,   997,
+     1009,  1013,  1019,  1021,  1031,  1033,  1039,  1049,
+     1051,  1061,  1063,  1069,  1087,  1091,  1093,  1097,
+     1103,  1109,  1117,  1123,  1129,  1151,  1153,  1163,
+     1171,  1181,  1187,  1193,  1201,  1213,  1217,  1223,
+     1229,  1231,  1237,  1249,  1259,  1277,  1279,  1283,
+     1289,  1291,  1297,  1301,  1303,  1307,  1319,  1321,
+     1327,  1361,  1367,  1373,  1381,  1399,  1409,  1423,
+     1427,  1429,  1433,  1439,  1447,  1451,  1453,  1459,
+     1471,  1481,  1483,  1487,  1489,  1493,  1499,  1511,
+     1523,  1531,  1543,  1549,  1553,  1559,  1567,  1571,
+     1579,  1583,  1597,  1601,  1607,  1609,  1613,  1619,
+     1621,  1627,  1637,  1657,  1663,  1667,  1669,  1693,
+     1697,  1699,  1709,  1721,  1723,  1733,  1741,  1747,
+     1753,  1759,  1777,  1783,  1787,  1789,  1801,  1811,
+     1823,  1831,  1847,  1861,  1867,  1871,  1873,  1877,
+     1879,  1889,  1901,  1907,  1913,  1931,  1933,  1949,
+     1951,  1973,  1979,  1987,  1993,  1997,  1999,  2003,
+     2011,  2017,  2027,  2029,  2039,  2053,  2063,  2069,
+     2081,  2083,  2087,  2089,  2099,  2111,  2113,  2129,
+     2131,  2137,  2141,  2143,  2153,  2161,  2179,  2203,
+     2207,  2213,  2221,  2237,  2239,  2243,  2251,  2267,
+     2269,  2273,  2281,  2287,  2293,  2297,  2309,  2311,
+     2333,  2339,  2341,  2347,  2351,  2357,  2371,  2377,
+     2381,  2383,  2389,  2393,  2399,  2411,  2417,  2423,
+     2437,  2441,  2447,  2459,  2467,  2473,  2477,  2503,
+     2521,  2531,  2539,  2543,  2549,  2551,  2557,  2579,
+     2591,  2593,  2609,  2617,  2621,  2633,  2647,  2657,
+     2659,  2663,  2671,  2677,  2683,  2687,  2689,  2693,
+     2699,  2707,  2711,  2713,  2719,  2729,  2731,  2741,
+     2749,  2753,  2767,  2777,  2789,  2791,  2797,  2801,
+     2803,  2819,  2833,  2837,  2843,  2851,  2857,  2861,
+     2879,  2887,  2897,  2903,  2909,  2917,  2927,  2939,
+     2953,  2957,  2963,  2969,  2971,  2999,  3001,  3011,
+     3019,  3023,  3037,  3041,  3049,  3061,  3067,  3079,
+     3083,  3089,  3109,  3119,  3121,  3137,  3163,  3167,
+     3169,  3181,  3187,  3191,  3203,  3209,  3217,  3221,
+     3229,  3251,  3253,  3257,  3259,  3271,  3299,  3301,
+     3307,  3313,  3319,  3323,  3329,  3331,  3343,  3347,
+     3359,  3361,  3371,  3373,  3389,  3391,  3407,  3413,
+     3433,  3449,  3457,  3461,  3463,  3467,  3469,  3491,
+     3499,  3511,  3517,  3527,  3529,  3533,  3539,  3541,
+     3547,  3557,  3559,  3571,  3581,  3583,  3593,  3607,
+     3613,  3617,  3623,  3631,  3637,  3643,  3659,  3671,
+     3673,  3677,  3691,  3697,  3701,  3709,  3719,  3727,
+     3733,  3739,  3761,  3767,  3769,  3779,  3793,  3797,
+     3803,  3821,  3823,  3833,  3847,  3851,  3853,  3863,
+     3877,  3881,  3889,  3907,  3911,  3917,  3919,  3923,
+     3929,  3931,  3943,  3947,  3967,  3989,  4001,  4003,
+     4007,  4013,  4019,  4021,  4027,  4049,  4051,  4057,
+     4073,  4079,  4091,  4093,  4099,  4111,  4127,  4129,
+     4133,  4139,  4153,  4157,  4159,  4177,  4201,  4211,
+     4217,  4219,  4229,  4231,  4241,  4243,  4253,  4259,
+     4261,  4271,  4273,  4283,  4289,  4297,  4327,  4337,
+     4339,  4349,  4357,  4363,  4373,  4391,  4397,  4409,
+     4421,  4423,  4441,  4447,  4451,  4457,  4463,  4481,
+     4483,  4493,  4507,  4513,  4517,  4519,  4523,  4547,
+     4549,  4561,  4567,  4583,  4591,  4597,  4603,  4621,
+     4637,  4639,  4643,  4649,  4651,  4657,  4663,  4673,
+     4679,  4691,  4703,  4721,  4723,  4729,  4733,  4751,
+     4759,  4783,  4787,  4789,  4793,  4799,  4801,  4813,
+     4817,  4831,  4861,  4871,  4877,  4889,  4903,  4909,
+     4919,  4931,  4933,  4937,  4943,  4951,  4957,  4967,
+     4969,  4973,  4987,  4993,  4999,  5003,  5009,  5011,
+     5021,  5023,  5039,  5051,  5059,  5077,  5081,  5087,
+     5099,  5101,  5107,  5113,  5119,  5147,  5153,  5167,
+     5171,  5179,  5189,  5197,  5209,  5227,  5231,  5233,
+     5237,  5261,  5273,  5279,  5281,  5297,  5303,  5309,
+     5323,  5333,  5347,  5351,  5381,  5387,  5393,  5399,
+     5407,  5413,  5417,  5419,  5431,  5437,  5441,  5443,
+     5449,  5471,  5477,  5479,  5483,  5501,  5503,  5507,
+     5519,  5521,  5527,  5531,  5557,  5563,  5569,  5573,
+     5581,  5591,  5623,  5639,  5641,  5647,  5651,  5653,
+     5657,  5659,  5669,  5683,  5689,  5693,  5701,  5711,
+     5717,  5737,  5741,  5743,  5749,  5779,  5783,  5791,
+     5801,  5807,  5813,  5821,  5827,  5839,  5843,  5849,
+     5851,  5857,  5861,  5867,  5869,  5879,  5881,  5897,
+     5903,  5923,  5927,  5939,  5953,  5981,  5987,  6007,
+     6011,  6029,  6037,  6043,  6047,  6053,  6067,  6073,
+     6079,  6089,  6091,  6101,  6113,  6121,  6131,  6133,
+     6143,  6151,  6163,  6173,  6197,  6199,  6203,  6211,
+     6217,  6221,  6229,  6247,  6257,  6263,  6269,  6271,
+     6277,  6287,  6299,  6301,  6311,  6317,  6323,  6329,
+     6337,  6343,  6353,  6359,  6361,  6367,  6373,  6379,
+     6389,  6397,  6421,  6427,  6449,  6451,  6469,  6473,
+     6481,  6491,  6521,  6529,  6547,  6551,  6553,  6563,
+     6569,  6571,  6577,  6581,  6599,  6607,  6619,  6637,
+     6653,  6659,  6661,  6673,  6679,  6689,  6691,  6701,
+     6703,  6709,  6719,  6733,  6737,  6761,  6763,  6779,
+     6781,  6791,  6793,  6803,  6823,  6827,  6829,  6833,
+     6841,  6857,  6863,  6869,  6871,  6883,  6899,  6907,
+     6911,  6917,  6947,  6949,  6959,  6961,  6967,  6971,
+     6977,  6983,  6991,  6997,  7001,  7013,  7019,  7027,
+     7039,  7043,  7057,  7069,  7079,  7103,  7109,  7121,
+     7127,  7129,  7151,  7159,  7177,  7187,  7193,  7207,
+     7211,  7213,  7219,  7229,  7237,  7243,  7247,  7253,
+     7283,  7297,  7307,  7309,  7321,  7331,  7333,  7349,
+     7351,  7369,  7393,  7411,  7417,  7433,  7451,  7457,
+     7459,  7477,  7481,  7487,  7489,  7499,  7507,  7517,
+     7523,  7529,  7537,  7541,  7547,  7549,  7559,  7561,
+     7573,  7577,  7583,  7589,  7591,  7603,  7607,  7621,
+     7639,  7643,  7649,  7669,  7673,  7681,  7687,  7691,
+     7699,  7703,  7717,  7723,  7727,  7741,  7753,  7757,
+     7759,  7789,  7793,  7817,  7823,  7829,  7841,  7853,
+     7867,  7873,  7877,  7879,  7883,  7901,  7907,  7919,
+     7927,  7933,  7937,  7949,  7951,  7963,  7993,  8009,
+     8011,  8017,  8039,  8053,  8059,  8069,  8081,  8087,
+     8089,  8093,  8101,  8111,  8117,  8123,  8147,  8161,
+     8167,  8171,  8179,  8191,  8209,  8219,  8221,  8231,
+     8233,  8237,  8243,  8263,  8269,  8273,  8287,  8291,
+     8293,  8297,  8311,  8317,  8329,  8353,  8363,  8369,
+     8377,  8387,  8389,  8419,  8423,  8429,  8431,  8443,
+     8447,  8461,  8467,  8501,  8513,  8521,  8527,  8537,
+     8539,  8543,  8563,  8573,  8581,  8597,  8599,  8609,
+     8623,  8627,  8629,  8641,  8647,  8663,  8669,  8677,
+     8681,  8689,  8693,  8699,  8707,  8713,  8719,  8731,
+     8737,  8741,  8747,  8753,  8761,  8779,  8783,  8803,
+     8807,  8819,  8821,  8831,  8837,  8839,  8849,  8861,
+     8863,  8867,  8887,  8893,  8923,  8929,  8933,  8941,
+     8951,  8963,  8969,  8971,  8999,  9001,  9007,  9011,
+     9013,  9029,  9041,  9043,  9049,  9059,  9067,  9091,
+     9103,  9109,  9127,  9133,  9137,  9151,  9157,  9161,
+     9173,  9181,  9187,  9199,  9203,  9209,  9221,  9227,
+     9239,  9241,  9257,  9277,  9281,  9283,  9293,  9311,
+     9319,  9323,  9337,  9341,  9343,  9349,  9371,  9377,
+     9391,  9397,  9403,  9413,  9419,  9421,  9431,  9433,
+     9437,  9439,  9461,  9463,  9467,  9473,  9479,  9491,
+     9497,  9511,  9521,  9533,  9539,  9547,  9551,  9587,
+     9601,  9613,  9619,  9623,  9629,  9631,  9643,  9649,
+     9661,  9677,  9679,  9689,  9697,  9719,  9721,  9733,
+     9739,  9743,  9749,  9767,  9769,  9781,  9787,  9791,
+     9803,  9811,  9817,  9829,  9833,  9839,  9851,  9857,
+     9859,  9871,  9883,  9887,  9901,  9907,  9923,  9929,
+     9931,  9941,  9949,  9967,  9973, 10007, 10009, 10037,
+    10039, 10061, 10067, 10069, 10079, 10091, 10093, 10099,
+    10103, 10111, 10133, 10139, 10141, 10151, 10159, 10163,
+    10169, 10177, 10181, 10193, 10211, 10223, 10243, 10247,
+    10253, 10259, 10267, 10271, 10273, 10289, 10301, 10303,
+    10313, 10321, 10331, 10333, 10337, 10343, 10357, 10369,
+    10391, 10399, 10427, 10429, 10433, 10453, 10457, 10459,
+    10463, 10477, 10487, 10499, 10501, 10513, 10529, 10531,
+    10559, 10567, 10589, 10597, 10601, 10607, 10613, 10627,
+    10631, 10639, 10651, 10657, 10663, 10667, 10687, 10691,
+    10709, 10711, 10723, 10729, 10733, 10739, 10753, 10771,
+    10781, 10789, 10799, 10831, 10837, 10847, 10853, 10859,
+    10861, 10867, 10883, 10889, 10891, 10903, 10909, 10937,
+    10939, 10949, 10957, 10973, 10979, 10987, 10993, 11003,
+    11027, 11047, 11057, 11059, 11069, 11071, 11083, 11087,
+    11093, 11113, 11117, 11119, 11131, 11149, 11159, 11161,
+    11171, 11173, 11177, 11197, 11213, 11239, 11243, 11251,
+    11257, 11261, 11273, 11279, 11287, 11299, 11311, 11317,
+    11321, 11329, 11351, 11353, 11369, 11383, 11393, 11399,
+    11411, 11423, 11437, 11443, 11447, 11467, 11471, 11483,
+    11489, 11491, 11497, 11503, 11519, 11527, 11549, 11551,
+    11579, 11587, 11593, 11597, 11617, 11621, 11633, 11657,
+    11677, 11681, 11689, 11699, 11701, 11717, 11719, 11731,
+    11743, 11777, 11779, 11783, 11789, 11801, 11807, 11813,
+    11821, 11827, 11831, 11833, 11839, 11863, 11867, 11887,
+    11897, 11903, 11909, 11923, 11927, 11933, 11939, 11941,
+    11953, 11959, 11969, 11971, 11981, 11987, 12007, 12011,
+    12037, 12041, 12043, 12049, 12071, 12073, 12097, 12101,
+    12107, 12109, 12113, 12119, 12143, 12149, 12157, 12161,
+    12163, 12197, 12203, 12211, 12227, 12239, 12241, 12251,
+    12253, 12263, 12269, 12277, 12281, 12289, 12301, 12323,
+    12329, 12343, 12347, 12373, 12377, 12379, 12391, 12401,
+    12409, 12413, 12421, 12433, 12437, 12451, 12457, 12473,
+    12479, 12487, 12491, 12497, 12503, 12511, 12517, 12527,
+    12539, 12541, 12547, 12553, 12569, 12577, 12583, 12589,
+    12601, 12611, 12613, 12619, 12637, 12641, 12647, 12653,
+    12659, 12671, 12689, 12697, 12703, 12713, 12721, 12739,
+    12743, 12757, 12763, 12781, 12791, 12799, 12809, 12821,
+    12823, 12829, 12841, 12853, 12889, 12893, 12899, 12907,
+    12911, 12917, 12919, 12923, 12941, 12953, 12959, 12967,
+    12973, 12979, 12983, 13001, 13003, 13007, 13009, 13033,
+    13037, 13043, 13049, 13063, 13093, 13099, 13103, 13109,
+    13121, 13127, 13147, 13151, 13159, 13163, 13171, 13177,
+    13183, 13187, 13217, 13219, 13229, 13241, 13249, 13259,
+    13267, 13291, 13297, 13309, 13313, 13327, 13331, 13337,
+    13339, 13367, 13381, 13397, 13399, 13411, 13417, 13421,
+    13441, 13451, 13457, 13463, 13469, 13477, 13487, 13499,
+    13513, 13523, 13537, 13553, 13567, 13577, 13591, 13597,
+    13613, 13619, 13627, 13633, 13649, 13669, 13679, 13681,
+    13687, 13691, 13693, 13697, 13709, 13711, 13721, 13723,
+    13729, 13751, 13757, 13759, 13763, 13781, 13789, 13799,
+    13807, 13829, 13831, 13841, 13859, 13873, 13877, 13879,
+    13883, 13901, 13903, 13907, 13913, 13921, 13931, 13933,
+    13963, 13967, 13997, 13999, 14009, 14011, 14029, 14033,
+    14051, 14057, 14071, 14081, 14083, 14087, 14107, 14143,
+    14149, 14153, 14159, 14173, 14177, 14197, 14207, 14221,
+    14243, 14249, 14251, 14281, 14293, 14303, 14321, 14323,
+    14327, 14341, 14347, 14369, 14387, 14389, 14401, 14407,
+    14411, 14419, 14423, 14431, 14437, 14447, 14449, 14461,
+    14479, 14489, 14503, 14519, 14533, 14537, 14543, 14549,
+    14551, 14557, 14561, 14563, 14591, 14593, 14621, 14627,
+    14629, 14633, 14639, 14653, 14657, 14669, 14683, 14699,
+    14713, 14717, 14723, 14731, 14737, 14741, 14747, 14753,
+    14759, 14767, 14771, 14779, 14783, 14797, 14813, 14821,
+    14827, 14831, 14843, 14851, 14867, 14869, 14879, 14887,
+    14891, 14897, 14923, 14929, 14939, 14947, 14951, 14957,
+    14969, 14983, 15013, 15017, 15031, 15053, 15061, 15073,
+    15077, 15083, 15091, 15101, 15107, 15121, 15131, 15137,
+    15139, 15149, 15161, 15173, 15187, 15193, 15199, 15217,
+    15227, 15233, 15241, 15259, 15263, 15269, 15271, 15277,
+    15287, 15289, 15299, 15307, 15313, 15319, 15329, 15331,
+    15349, 15359, 15361, 15373, 15377, 15383, 15391, 15401,
+    15413, 15427, 15439, 15443, 15451, 15461, 15467, 15473,
+    15493, 15497, 15511, 15527, 15541, 15551, 15559, 15569,
+    15581, 15583, 15601, 15607, 15619, 15629, 15641, 15643,
+    15647, 15649, 15661, 15667, 15671, 15679, 15683, 15727,
+    15731, 15733, 15737, 15739, 15749, 15761, 15767, 15773,
+    15787, 15791, 15797, 15803, 15809, 15817, 15823, 15859,
+    15877, 15881, 15887, 15889, 15901, 15907, 15913, 15919,
+    15923, 15937, 15959, 15971, 15973, 15991, 16001, 16007,
+    16033, 16057, 16061, 16063, 16067, 16069, 16073, 16087,
+    16091, 16097, 16103, 16111, 16127, 16139, 16141, 16183,
+    16187, 16189, 16193, 16217, 16223, 16229, 16231, 16249,
+    16253, 16267, 16273, 16301, 16319, 16333, 16339, 16349,
+    16361, 16363, 16369, 16381, 16411, 16417, 16421, 16427,
+    16433, 16447, 16451, 16453, 16477, 16481, 16487, 16493,
+    16519, 16529, 16547, 16553, 16561, 16567, 16573, 16603,
+    16607, 16619, 16631, 16633, 16649, 16651, 16657, 16661,
+    16673, 16691, 16693, 16699, 16703, 16729, 16741, 16747,
+    16759, 16763, 16787, 16811, 16823, 16829, 16831, 16843,
+    16871, 16879, 16883, 16889, 16901, 16903, 16921, 16927,
+    16931, 16937, 16943, 16963, 16979, 16981, 16987, 16993,
+    17011, 17021, 17027, 17029, 17033, 17041, 17047, 17053,
+    17077, 17093, 17099, 17107, 17117, 17123, 17137, 17159,
+    17167, 17183, 17189, 17191, 17203, 17207, 17209, 17231,
+    17239, 17257, 17291, 17293, 17299, 17317, 17321, 17327,
+    17333, 17341, 17351, 17359, 17377, 17383, 17387, 17389,
+    17393, 17401, 17417, 17419, 17431, 17443, 17449, 17467,
+    17471, 17477, 17483, 17489, 17491, 17497, 17509, 17519,
+    17539, 17551, 17569, 17573, 17579, 17581, 17597, 17599,
+    17609, 17623, 17627, 17657, 17659, 17669, 17681, 17683,
+    17707, 17713, 17729, 17737, 17747, 17749, 17761, 17783,
+    17789, 17791, 17807, 17827, 17837, 17839, 17851, 17863,
 };
diff --git a/deps/openssl/openssl/crypto/bn/bn_prime.pl b/deps/openssl/openssl/crypto/bn/bn_prime.pl
index 163d4a9d30..eeca475b93 100644
--- a/deps/openssl/openssl/crypto/bn/bn_prime.pl
+++ b/deps/openssl/openssl/crypto/bn/bn_prime.pl
@@ -1,17 +1,19 @@
 #! /usr/bin/env perl
-# Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
 # in the file LICENSE in the source distribution or at
 # https://www.openssl.org/source/license.html
 
+# Output year depends on the year of the script.
+my $YEAR = [localtime([stat($0)]->[9])]->[5] + 1900;
 print <<"EOF";
 /*
  * WARNING: do not edit!
  * Generated by crypto/bn/bn_prime.pl
  *
- * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1998-$YEAR The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -38,9 +40,9 @@ loop: while ($#primes < $num-1) {
 print "typedef unsigned short prime_t;\n";
 printf "# define NUMPRIMES %d\n\n", $num;
 
-printf "static const prime_t primes[%d] = {\n", $num;
+printf "static const prime_t primes[%d] = {", $num;
 for (my $i = 0; $i <= $#primes; $i++) {
-    printf "\n    " if ($i % 8) == 0;
-    printf "%4d, ", $primes[$i];
+    printf "\n   " if ($i % 8) == 0;
+    printf " %5d,", $primes[$i];
 }
 print "\n};\n";
diff --git a/deps/openssl/openssl/crypto/bn/bn_print.c b/deps/openssl/openssl/crypto/bn/bn_print.c
index 5ffe2fc9ba..1853269d90 100644
--- a/deps/openssl/openssl/crypto/bn/bn_print.c
+++ b/deps/openssl/openssl/crypto/bn/bn_print.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -8,7 +8,7 @@
  */
 
 #include <stdio.h>
-#include <ctype.h>
+#include "internal/ctype.h"
 #include <limits.h>
 #include "internal/cryptlib.h"
 #include <openssl/buffer.h>
@@ -32,27 +32,27 @@ char *BN_bn2hex(const BIGNUM *a)
     }
     p = buf;
     if (a->neg)
-        *(p++) = '-';
+        *p++ = '-';
     for (i = a->top - 1; i >= 0; i--) {
         for (j = BN_BITS2 - 8; j >= 0; j -= 8) {
             /* strip leading zeros */
-            v = ((int)(a->d[i] >> (long)j)) & 0xff;
-            if (z || (v != 0)) {
-                *(p++) = Hex[v >> 4];
-                *(p++) = Hex[v & 0x0f];
+            v = (int)((a->d[i] >> j) & 0xff);
+            if (z || v != 0) {
+                *p++ = Hex[v >> 4];
+                *p++ = Hex[v & 0x0f];
                 z = 1;
             }
         }
     }
     *p = '\0';
  err:
-    return (buf);
+    return buf;
 }
 
 /* Must 'OPENSSL_free' the returned data */
 char *BN_bn2dec(const BIGNUM *a)
 {
-    int i = 0, num, ok = 0;
+    int i = 0, num, ok = 0, n, tbytes;
     char *buf = NULL;
     char *p;
     BIGNUM *t = NULL;
@@ -67,22 +67,22 @@ char *BN_bn2dec(const BIGNUM *a)
      */
     i = BN_num_bits(a) * 3;
     num = (i / 10 + i / 1000 + 1) + 1;
+    tbytes = num + 3;   /* negative and terminator and one spare? */
     bn_data_num = num / BN_DEC_NUM + 1;
     bn_data = OPENSSL_malloc(bn_data_num * sizeof(BN_ULONG));
-    buf = OPENSSL_malloc(num + 3);
-    if ((buf == NULL) || (bn_data == NULL)) {
+    buf = OPENSSL_malloc(tbytes);
+    if (buf == NULL || bn_data == NULL) {
         BNerr(BN_F_BN_BN2DEC, ERR_R_MALLOC_FAILURE);
         goto err;
     }
     if ((t = BN_dup(a)) == NULL)
         goto err;
 
-#define BUF_REMAIN (num+3 - (size_t)(p - buf))
     p = buf;
     lp = bn_data;
     if (BN_is_zero(t)) {
-        *(p++) = '0';
-        *(p++) = '\0';
+        *p++ = '0';
+        *p++ = '\0';
     } else {
         if (BN_is_negative(t))
             *p++ = '-';
@@ -101,14 +101,16 @@ char *BN_bn2dec(const BIGNUM *a)
          * the last one needs truncation. The blocks need to be reversed in
          * order.
          */
-        BIO_snprintf(p, BUF_REMAIN, BN_DEC_FMT1, *lp);
-        while (*p)
-            p++;
+        n = BIO_snprintf(p, tbytes - (size_t)(p - buf), BN_DEC_FMT1, *lp);
+        if (n < 0)
+            goto err;
+        p += n;
         while (lp != bn_data) {
             lp--;
-            BIO_snprintf(p, BUF_REMAIN, BN_DEC_FMT2, *lp);
-            while (*p)
-                p++;
+            n = BIO_snprintf(p, tbytes - (size_t)(p - buf), BN_DEC_FMT2, *lp);
+            if (n < 0)
+                goto err;
+            p += n;
         }
     }
     ok = 1;
@@ -128,28 +130,28 @@ int BN_hex2bn(BIGNUM **bn, const char *a)
     int neg = 0, h, m, i, j, k, c;
     int num;
 
-    if ((a == NULL) || (*a == '\0'))
-        return (0);
+    if (a == NULL || *a == '\0')
+        return 0;
 
     if (*a == '-') {
         neg = 1;
         a++;
     }
 
-    for (i = 0; i <= (INT_MAX/4) && isxdigit((unsigned char)a[i]); i++)
+    for (i = 0; i <= INT_MAX / 4 && ossl_isxdigit(a[i]); i++)
         continue;
 
-    if (i == 0 || i > INT_MAX/4)
+    if (i == 0 || i > INT_MAX / 4)
         goto err;
 
     num = i + neg;
     if (bn == NULL)
-        return (num);
+        return num;
 
     /* a is the start of the hex digits, and it is 'i' long */
     if (*bn == NULL) {
         if ((ret = BN_new()) == NULL)
-            return (0);
+            return 0;
     } else {
         ret = *bn;
         BN_zero(ret);
@@ -163,7 +165,7 @@ int BN_hex2bn(BIGNUM **bn, const char *a)
     m = 0;
     h = 0;
     while (j > 0) {
-        m = ((BN_BYTES * 2) <= j) ? (BN_BYTES * 2) : j;
+        m = (BN_BYTES * 2 <= j) ? BN_BYTES * 2 : j;
         l = 0;
         for (;;) {
             c = a[j - m];
@@ -177,7 +179,7 @@ int BN_hex2bn(BIGNUM **bn, const char *a)
                 break;
             }
         }
-        j -= (BN_BYTES * 2);
+        j -= BN_BYTES * 2;
     }
     ret->top = h;
     bn_correct_top(ret);
@@ -187,11 +189,11 @@ int BN_hex2bn(BIGNUM **bn, const char *a)
     /* Don't set the negative flag if it's zero. */
     if (ret->top != 0)
         ret->neg = neg;
-    return (num);
+    return num;
  err:
     if (*bn == NULL)
         BN_free(ret);
-    return (0);
+    return 0;
 }
 
 int BN_dec2bn(BIGNUM **bn, const char *a)
@@ -201,22 +203,22 @@ int BN_dec2bn(BIGNUM **bn, const char *a)
     int neg = 0, i, j;
     int num;
 
-    if ((a == NULL) || (*a == '\0'))
-        return (0);
+    if (a == NULL || *a == '\0')
+        return 0;
     if (*a == '-') {
         neg = 1;
         a++;
     }
 
-    for (i = 0; i <= (INT_MAX/4) && isdigit((unsigned char)a[i]); i++)
+    for (i = 0; i <= INT_MAX / 4 && ossl_isdigit(a[i]); i++)
         continue;
 
-    if (i == 0 || i > INT_MAX/4)
+    if (i == 0 || i > INT_MAX / 4)
         goto err;
 
     num = i + neg;
     if (bn == NULL)
-        return (num);
+        return num;
 
     /*
      * a is the start of the digits, and it is 'i' long. We chop it into
@@ -224,7 +226,7 @@ int BN_dec2bn(BIGNUM **bn, const char *a)
      */
     if (*bn == NULL) {
         if ((ret = BN_new()) == NULL)
-            return (0);
+            return 0;
     } else {
         ret = *bn;
         BN_zero(ret);
@@ -234,7 +236,7 @@ int BN_dec2bn(BIGNUM **bn, const char *a)
     if (bn_expand(ret, i * 4) == NULL)
         goto err;
 
-    j = BN_DEC_NUM - (i % BN_DEC_NUM);
+    j = BN_DEC_NUM - i % BN_DEC_NUM;
     if (j == BN_DEC_NUM)
         j = 0;
     l = 0;
@@ -257,11 +259,11 @@ int BN_dec2bn(BIGNUM **bn, const char *a)
     /* Don't set the negative flag if it's zero. */
     if (ret->top != 0)
         ret->neg = neg;
-    return (num);
+    return num;
  err:
     if (*bn == NULL)
         BN_free(ret);
-    return (0);
+    return 0;
 }
 
 int BN_asc2bn(BIGNUM **bn, const char *a)
@@ -291,11 +293,11 @@ int BN_print_fp(FILE *fp, const BIGNUM *a)
     int ret;
 
     if ((b = BIO_new(BIO_s_file())) == NULL)
-        return (0);
+        return 0;
     BIO_set_fp(b, fp, BIO_NOCLOSE);
     ret = BN_print(b, a);
     BIO_free(b);
-    return (ret);
+    return ret;
 }
 # endif
 
@@ -304,16 +306,16 @@ int BN_print(BIO *bp, const BIGNUM *a)
     int i, j, v, z = 0;
     int ret = 0;
 
-    if ((a->neg) && (BIO_write(bp, "-", 1) != 1))
+    if ((a->neg) && BIO_write(bp, "-", 1) != 1)
         goto end;
-    if (BN_is_zero(a) && (BIO_write(bp, "0", 1) != 1))
+    if (BN_is_zero(a) && BIO_write(bp, "0", 1) != 1)
         goto end;
     for (i = a->top - 1; i >= 0; i--) {
         for (j = BN_BITS2 - 4; j >= 0; j -= 4) {
             /* strip leading zeros */
-            v = ((int)(a->d[i] >> (long)j)) & 0x0f;
-            if (z || (v != 0)) {
-                if (BIO_write(bp, &(Hex[v]), 1) != 1)
+            v = (int)((a->d[i] >> j) & 0x0f);
+            if (z || v != 0) {
+                if (BIO_write(bp, &Hex[v], 1) != 1)
                     goto end;
                 z = 1;
             }
@@ -321,7 +323,7 @@ int BN_print(BIO *bp, const BIGNUM *a)
     }
     ret = 1;
  end:
-    return (ret);
+    return ret;
 }
 
 char *BN_options(void)
@@ -332,12 +334,12 @@ char *BN_options(void)
     if (!init) {
         init++;
 #ifdef BN_LLONG
-        BIO_snprintf(data, sizeof(data), "bn(%d,%d)",
-                     (int)sizeof(BN_ULLONG) * 8, (int)sizeof(BN_ULONG) * 8);
+        BIO_snprintf(data, sizeof(data), "bn(%zu,%zu)",
+                     sizeof(BN_ULLONG) * 8, sizeof(BN_ULONG) * 8);
 #else
-        BIO_snprintf(data, sizeof(data), "bn(%d,%d)",
-                     (int)sizeof(BN_ULONG) * 8, (int)sizeof(BN_ULONG) * 8);
+        BIO_snprintf(data, sizeof(data), "bn(%zu,%zu)",
+                     sizeof(BN_ULONG) * 8, sizeof(BN_ULONG) * 8);
 #endif
     }
-    return (data);
+    return data;
 }
diff --git a/deps/openssl/openssl/crypto/bn/bn_rand.c b/deps/openssl/openssl/crypto/bn/bn_rand.c
index 9ce4c5f606..c0d1a32292 100644
--- a/deps/openssl/openssl/crypto/bn/bn_rand.c
+++ b/deps/openssl/openssl/crypto/bn/bn_rand.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -14,11 +14,14 @@
 #include <openssl/rand.h>
 #include <openssl/sha.h>
 
-static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
+typedef enum bnrand_flag_e {
+    NORMAL, TESTING, PRIVATE
+} BNRAND_FLAG;
+
+static int bnrand(BNRAND_FLAG flag, BIGNUM *rnd, int bits, int top, int bottom)
 {
     unsigned char *buf = NULL;
-    int ret = 0, bit, bytes, mask;
-    time_t tim;
+    int b, ret = 0, bit, bytes, mask;
 
     if (bits == 0) {
         if (top != BN_RAND_TOP_ANY || bottom != BN_RAND_BOTTOM_ANY)
@@ -40,13 +43,11 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
     }
 
     /* make a random number and set the top and bottom bits */
-    time(&tim);
-    RAND_add(&tim, sizeof(tim), 0.0);
-
-    if (RAND_bytes(buf, bytes) <= 0)
+    b = flag == NORMAL ? RAND_bytes(buf, bytes) : RAND_priv_bytes(buf, bytes);
+    if (b <= 0)
         goto err;
 
-    if (pseudorand == 2) {
+    if (flag == TESTING) {
         /*
          * generate patterns that are more likely to trigger BN library bugs
          */
@@ -86,7 +87,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
  err:
     OPENSSL_clear_free(buf, bytes);
     bn_check_top(rnd);
-    return (ret);
+    return ret;
 
 toosmall:
     BNerr(BN_F_BNRAND, BN_R_BITS_TOO_SMALL);
@@ -95,29 +96,27 @@ toosmall:
 
 int BN_rand(BIGNUM *rnd, int bits, int top, int bottom)
 {
-    return bnrand(0, rnd, bits, top, bottom);
+    return bnrand(NORMAL, rnd, bits, top, bottom);
 }
 
-int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom)
+int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom)
 {
-    return bnrand(1, rnd, bits, top, bottom);
+    return bnrand(TESTING, rnd, bits, top, bottom);
 }
 
-int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom)
+int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom)
 {
-    return bnrand(2, rnd, bits, top, bottom);
+    return bnrand(PRIVATE, rnd, bits, top, bottom);
 }
 
 /* random number r:  0 <= r < range */
-static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range)
+static int bnrand_range(BNRAND_FLAG flag, BIGNUM *r, const BIGNUM *range)
 {
-    int (*bn_rand) (BIGNUM *, int, int, int) =
-        pseudo ? BN_pseudo_rand : BN_rand;
     int n;
     int count = 100;
 
     if (range->neg || BN_is_zero(range)) {
-        BNerr(BN_F_BN_RAND_RANGE, BN_R_INVALID_RANGE);
+        BNerr(BN_F_BNRAND_RANGE, BN_R_INVALID_RANGE);
         return 0;
     }
 
@@ -133,8 +132,9 @@ static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range)
          * than range
          */
         do {
-            if (!bn_rand(r, n + 1, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY))
+            if (!bnrand(flag, r, n + 1, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY))
                 return 0;
+
             /*
              * If r < 3*range, use r := r MOD range (which is either r, r -
              * range, or r - 2*range). Otherwise, iterate once more. Since
@@ -150,7 +150,7 @@ static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range)
             }
 
             if (!--count) {
-                BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS);
+                BNerr(BN_F_BNRAND_RANGE, BN_R_TOO_MANY_ITERATIONS);
                 return 0;
             }
 
@@ -159,11 +159,11 @@ static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range)
     } else {
         do {
             /* range = 11..._2  or  range = 101..._2 */
-            if (!bn_rand(r, n, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY))
+            if (!bnrand(flag, r, n, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY))
                 return 0;
 
             if (!--count) {
-                BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS);
+                BNerr(BN_F_BNRAND_RANGE, BN_R_TOO_MANY_ITERATIONS);
                 return 0;
             }
         }
@@ -176,12 +176,22 @@ static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range)
 
 int BN_rand_range(BIGNUM *r, const BIGNUM *range)
 {
-    return bn_rand_range(0, r, range);
+    return bnrand_range(NORMAL, r, range);
+}
+
+int BN_priv_rand_range(BIGNUM *r, const BIGNUM *range)
+{
+    return bnrand_range(PRIVATE, r, range);
+}
+
+int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom)
+{
+    return BN_rand(rnd, bits, top, bottom);
 }
 
 int BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range)
 {
-    return bn_rand_range(1, r, range);
+    return BN_rand_range(r, range);
 }
 
 /*
@@ -229,7 +239,7 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range,
     memset(private_bytes + todo, 0, sizeof(private_bytes) - todo);
 
     for (done = 0; done < num_k_bytes;) {
-        if (RAND_bytes(random_bytes, sizeof(random_bytes)) != 1)
+        if (RAND_priv_bytes(random_bytes, sizeof(random_bytes)) != 1)
             goto err;
         SHA512_Init(&sha);
         SHA512_Update(&sha, &done, sizeof(done));
diff --git a/deps/openssl/openssl/crypto/bn/bn_recp.c b/deps/openssl/openssl/crypto/bn/bn_recp.c
index 20585b9d4b..9ab767f42f 100644
--- a/deps/openssl/openssl/crypto/bn/bn_recp.c
+++ b/deps/openssl/openssl/crypto/bn/bn_recp.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -21,22 +21,23 @@ BN_RECP_CTX *BN_RECP_CTX_new(void)
 {
     BN_RECP_CTX *ret;
 
-    if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL)
-        return (NULL);
+    if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) {
+        BNerr(BN_F_BN_RECP_CTX_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
 
     bn_init(&(ret->N));
     bn_init(&(ret->Nr));
     ret->flags = BN_FLG_MALLOCED;
-    return (ret);
+    return ret;
 }
 
 void BN_RECP_CTX_free(BN_RECP_CTX *recp)
 {
     if (recp == NULL)
         return;
-
-    BN_free(&(recp->N));
-    BN_free(&(recp->Nr));
+    BN_free(&recp->N);
+    BN_free(&recp->Nr);
     if (recp->flags & BN_FLG_MALLOCED)
         OPENSSL_free(recp);
 }
@@ -48,7 +49,7 @@ int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *d, BN_CTX *ctx)
     BN_zero(&(recp->Nr));
     recp->num_bits = BN_num_bits(d);
     recp->shift = 0;
-    return (1);
+    return 1;
 }
 
 int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
@@ -77,7 +78,7 @@ int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
  err:
     BN_CTX_end(ctx);
     bn_check_top(r);
-    return (ret);
+    return ret;
 }
 
 int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
@@ -87,17 +88,11 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
     BIGNUM *a, *b, *d, *r;
 
     BN_CTX_start(ctx);
+    d = (dv != NULL) ? dv : BN_CTX_get(ctx);
+    r = (rem != NULL) ? rem : BN_CTX_get(ctx);
     a = BN_CTX_get(ctx);
     b = BN_CTX_get(ctx);
-    if (dv != NULL)
-        d = dv;
-    else
-        d = BN_CTX_get(ctx);
-    if (rem != NULL)
-        r = rem;
-    else
-        r = BN_CTX_get(ctx);
-    if (a == NULL || b == NULL || d == NULL || r == NULL)
+    if (b == NULL)
         goto err;
 
     if (BN_ucmp(m, &(recp->N)) < 0) {
@@ -107,7 +102,7 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
             return 0;
         }
         BN_CTX_end(ctx);
-        return (1);
+        return 1;
     }
 
     /*
@@ -167,7 +162,7 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
     BN_CTX_end(ctx);
     bn_check_top(dv);
     bn_check_top(rem);
-    return (ret);
+    return ret;
 }
 
 /*
@@ -195,5 +190,5 @@ int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx)
  err:
     bn_check_top(r);
     BN_CTX_end(ctx);
-    return (ret);
+    return ret;
 }
diff --git a/deps/openssl/openssl/crypto/bn/bn_shift.c b/deps/openssl/openssl/crypto/bn/bn_shift.c
index 6a1eec80af..15d4b321ba 100644
--- a/deps/openssl/openssl/crypto/bn/bn_shift.c
+++ b/deps/openssl/openssl/crypto/bn/bn_shift.c
@@ -21,11 +21,11 @@ int BN_lshift1(BIGNUM *r, const BIGNUM *a)
     if (r != a) {
         r->neg = a->neg;
         if (bn_wexpand(r, a->top + 1) == NULL)
-            return (0);
+            return 0;
         r->top = a->top;
     } else {
         if (bn_wexpand(r, a->top + 1) == NULL)
-            return (0);
+            return 0;
     }
     ap = a->d;
     rp = r->d;
@@ -40,7 +40,7 @@ int BN_lshift1(BIGNUM *r, const BIGNUM *a)
         r->top++;
     }
     bn_check_top(r);
-    return (1);
+    return 1;
 }
 
 int BN_rshift1(BIGNUM *r, const BIGNUM *a)
@@ -53,14 +53,14 @@ int BN_rshift1(BIGNUM *r, const BIGNUM *a)
 
     if (BN_is_zero(a)) {
         BN_zero(r);
-        return (1);
+        return 1;
     }
     i = a->top;
     ap = a->d;
     j = i - (ap[i - 1] == 1);
     if (a != r) {
         if (bn_wexpand(r, j) == NULL)
-            return (0);
+            return 0;
         r->neg = a->neg;
     }
     rp = r->d;
@@ -77,7 +77,7 @@ int BN_rshift1(BIGNUM *r, const BIGNUM *a)
     if (!r->top)
         r->neg = 0; /* don't allow negative zero */
     bn_check_top(r);
-    return (1);
+    return 1;
 }
 
 int BN_lshift(BIGNUM *r, const BIGNUM *a, int n)
@@ -96,7 +96,7 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n)
 
     nw = n / BN_BITS2;
     if (bn_wexpand(r, a->top + nw + 1) == NULL)
-        return (0);
+        return 0;
     r->neg = a->neg;
     lb = n % BN_BITS2;
     rb = BN_BITS2 - lb;
@@ -116,7 +116,7 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n)
     r->top = a->top + nw + 1;
     bn_correct_top(r);
     bn_check_top(r);
-    return (1);
+    return 1;
 }
 
 int BN_rshift(BIGNUM *r, const BIGNUM *a, int n)
@@ -138,12 +138,12 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n)
     lb = BN_BITS2 - rb;
     if (nw >= a->top || a->top == 0) {
         BN_zero(r);
-        return (1);
+        return 1;
     }
     i = (BN_num_bits(a) - n + (BN_BITS2 - 1)) / BN_BITS2;
     if (r != a) {
         if (bn_wexpand(r, i) == NULL)
-            return (0);
+            return 0;
         r->neg = a->neg;
     } else {
         if (n == 0)
@@ -171,5 +171,5 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n)
     if (!r->top)
         r->neg = 0; /* don't allow negative zero */
     bn_check_top(r);
-    return (1);
+    return 1;
 }
diff --git a/deps/openssl/openssl/crypto/bn/bn_sqr.c b/deps/openssl/openssl/crypto/bn/bn_sqr.c
index db72bf28a6..0c0a590f0c 100644
--- a/deps/openssl/openssl/crypto/bn/bn_sqr.c
+++ b/deps/openssl/openssl/crypto/bn/bn_sqr.c
@@ -42,7 +42,7 @@ int bn_sqr_fixed_top(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
     BN_CTX_start(ctx);
     rr = (a != r) ? r : BN_CTX_get(ctx);
     tmp = BN_CTX_get(ctx);
-    if (!rr || !tmp)
+    if (rr == NULL || tmp == NULL)
         goto err;
 
     max = 2 * al;               /* Non-zero (from above) */
@@ -102,7 +102,7 @@ int bn_sqr_fixed_top(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
     bn_check_top(rr);
     bn_check_top(tmp);
     BN_CTX_end(ctx);
-    return (ret);
+    return ret;
 }
 
 /* tmp must have 2*n words */
diff --git a/deps/openssl/openssl/crypto/bn/bn_sqrt.c b/deps/openssl/openssl/crypto/bn/bn_sqrt.c
index 84376c78e5..b97d8ca43b 100644
--- a/deps/openssl/openssl/crypto/bn/bn_sqrt.c
+++ b/deps/openssl/openssl/crypto/bn/bn_sqrt.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -39,7 +39,7 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
         }
 
         BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
-        return (NULL);
+        return NULL;
     }
 
     if (BN_is_zero(a) || BN_is_one(a)) {
@@ -179,7 +179,7 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
             if (!BN_set_word(y, i))
                 goto end;
         } else {
-            if (!BN_pseudo_rand(y, BN_num_bits(p), 0, 0))
+            if (!BN_priv_rand(y, BN_num_bits(p), 0, 0))
                 goto end;
             if (BN_ucmp(y, p) >= 0) {
                 if (!(p->neg ? BN_add : BN_sub) (y, y, p))
diff --git a/deps/openssl/openssl/crypto/bn/bn_srp.c b/deps/openssl/openssl/crypto/bn/bn_srp.c
index 58b1691eee..27b6ebe518 100644
--- a/deps/openssl/openssl/crypto/bn/bn_srp.c
+++ b/deps/openssl/openssl/crypto/bn/bn_srp.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -8,12 +8,12 @@
  */
 
 #include "bn_lcl.h"
-#include "e_os.h"
+#include "internal/nelem.h"
 
 #ifndef OPENSSL_NO_SRP
 
 #include <openssl/srp.h>
-#include <internal/bn_srp.h>
+#include "internal/bn_srp.h"
 
 # if (BN_BYTES == 8)
 #  if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
diff --git a/deps/openssl/openssl/crypto/bn/bn_word.c b/deps/openssl/openssl/crypto/bn/bn_word.c
index 1af13a53fb..262d7668fc 100644
--- a/deps/openssl/openssl/crypto/bn/bn_word.c
+++ b/deps/openssl/openssl/crypto/bn/bn_word.c
@@ -55,7 +55,7 @@ BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w)
                            (BN_ULLONG) w);
 #endif
     }
-    return ((BN_ULONG)ret);
+    return (BN_ULONG)ret;
 }
 
 BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w)
@@ -92,7 +92,7 @@ BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w)
     if (!a->top)
         a->neg = 0; /* don't allow negative zero */
     bn_check_top(a);
-    return (ret);
+    return ret;
 }
 
 int BN_add_word(BIGNUM *a, BN_ULONG w)
@@ -115,7 +115,7 @@ int BN_add_word(BIGNUM *a, BN_ULONG w)
         i = BN_sub_word(a, w);
         if (!BN_is_zero(a))
             a->neg = !(a->neg);
-        return (i);
+        return i;
     }
     for (i = 0; w != 0 && i < a->top; i++) {
         a->d[i] = l = (a->d[i] + w) & BN_MASK2;
@@ -128,7 +128,7 @@ int BN_add_word(BIGNUM *a, BN_ULONG w)
         a->d[i] = w;
     }
     bn_check_top(a);
-    return (1);
+    return 1;
 }
 
 int BN_sub_word(BIGNUM *a, BN_ULONG w)
@@ -153,13 +153,13 @@ int BN_sub_word(BIGNUM *a, BN_ULONG w)
         a->neg = 0;
         i = BN_add_word(a, w);
         a->neg = 1;
-        return (i);
+        return i;
     }
 
     if ((a->top == 1) && (a->d[0] < w)) {
         a->d[0] = w - a->d[0];
         a->neg = 1;
-        return (1);
+        return 1;
     }
     i = 0;
     for (;;) {
@@ -175,7 +175,7 @@ int BN_sub_word(BIGNUM *a, BN_ULONG w)
     if ((a->d[i] == 0) && (i == (a->top - 1)))
         a->top--;
     bn_check_top(a);
-    return (1);
+    return 1;
 }
 
 int BN_mul_word(BIGNUM *a, BN_ULONG w)
@@ -191,11 +191,11 @@ int BN_mul_word(BIGNUM *a, BN_ULONG w)
             ll = bn_mul_words(a->d, a->d, a->top, w);
             if (ll) {
                 if (bn_wexpand(a, a->top + 1) == NULL)
-                    return (0);
+                    return 0;
                 a->d[a->top++] = ll;
             }
         }
     }
     bn_check_top(a);
-    return (1);
+    return 1;
 }
diff --git a/deps/openssl/openssl/crypto/bn/bn_x931p.c b/deps/openssl/openssl/crypto/bn/bn_x931p.c
index d01f12cadc..9eb8384fde 100644
--- a/deps/openssl/openssl/crypto/bn/bn_x931p.c
+++ b/deps/openssl/openssl/crypto/bn/bn_x931p.c
@@ -62,10 +62,10 @@ int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
         return 0;
 
     BN_CTX_start(ctx);
-    if (!p1)
+    if (p1 == NULL)
         p1 = BN_CTX_get(ctx);
 
-    if (!p2)
+    if (p2 == NULL)
         p2 = BN_CTX_get(ctx);
 
     t = BN_CTX_get(ctx);
@@ -173,7 +173,7 @@ int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx)
      * - 1. By setting the top two bits we ensure that the lower bound is
      * exceeded.
      */
-    if (!BN_rand(Xp, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY))
+    if (!BN_priv_rand(Xp, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY))
         goto err;
 
     BN_CTX_start(ctx);
@@ -182,7 +182,7 @@ int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx)
         goto err;
 
     for (i = 0; i < 1000; i++) {
-        if (!BN_rand(Xq, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY))
+        if (!BN_priv_rand(Xq, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY))
             goto err;
 
         /* Check that |Xp - Xq| > 2^(nbits - 100) */
@@ -227,9 +227,9 @@ int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
     if (Xp1 == NULL || Xp2 == NULL)
         goto error;
 
-    if (!BN_rand(Xp1, 101, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY))
+    if (!BN_priv_rand(Xp1, 101, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY))
         goto error;
-    if (!BN_rand(Xp2, 101, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY))
+    if (!BN_priv_rand(Xp2, 101, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY))
         goto error;
     if (!BN_X931_derive_prime_ex(p, p1, p2, Xp, Xp1, Xp2, e, ctx, cb))
         goto error;
diff --git a/deps/openssl/openssl/crypto/bn/build.info b/deps/openssl/openssl/crypto/bn/build.info
index c608ecce82..a463eddabb 100644
--- a/deps/openssl/openssl/crypto/bn/build.info
+++ b/deps/openssl/openssl/crypto/bn/build.info
@@ -11,16 +11,16 @@ INCLUDE[../../libcrypto]=../../crypto/include
 INCLUDE[bn_exp.o]=..
 
 GENERATE[bn-586.s]=asm/bn-586.pl \
-	$(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR)
+	$(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR)
 DEPEND[bn-586.s]=../perlasm/x86asm.pl
 GENERATE[co-586.s]=asm/co-586.pl \
-	$(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR)
+	$(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR)
 DEPEND[co-586.s]=../perlasm/x86asm.pl
 GENERATE[x86-mont.s]=asm/x86-mont.pl \
-	$(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR)
+	$(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR)
 DEPEND[x86-mont.s]=../perlasm/x86asm.pl
 GENERATE[x86-gf2m.s]=asm/x86-gf2m.pl \
-	$(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR)
+	$(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR)
 DEPEND[x86-gf2m.s]=../perlasm/x86asm.pl
 
 GENERATE[sparcv9a-mont.S]=asm/sparcv9a-mont.pl $(PERLASM_SCHEME)
@@ -34,8 +34,10 @@ INCLUDE[sparct4-mont.o]=..
 GENERATE[sparcv9-gf2m.S]=asm/sparcv9-gf2m.pl $(PERLASM_SCHEME)
 INCLUDE[sparcv9-gf2m.o]=..
 
-GENERATE[bn-mips.s]=asm/mips.pl $(PERLASM_SCHEME)
-GENERATE[mips-mont.s]=asm/mips-mont.pl $(PERLASM_SCHEME)
+GENERATE[bn-mips.S]=asm/mips.pl $(PERLASM_SCHEME)
+INCLUDE[bn-mips.o]=..
+GENERATE[mips-mont.S]=asm/mips-mont.pl $(PERLASM_SCHEME)
+INCLUDE[mips-mont.o]=..
 
 GENERATE[s390x-mont.S]=asm/s390x-mont.pl $(PERLASM_SCHEME)
 GENERATE[s390x-gf2m.s]=asm/s390x-gf2m.pl $(PERLASM_SCHEME)
@@ -47,7 +49,7 @@ GENERATE[rsaz-x86_64.s]=asm/rsaz-x86_64.pl $(PERLASM_SCHEME)
 GENERATE[rsaz-avx2.s]=asm/rsaz-avx2.pl $(PERLASM_SCHEME)
 
 GENERATE[bn-ia64.s]=asm/ia64.S
-GENERATE[ia64-mont.s]=asm/ia64-mont.pl $(CFLAGS) $(LIB_CFLAGS)
+GENERATE[ia64-mont.s]=asm/ia64-mont.pl $(LIB_CFLAGS) $(LIB_CPPFLAGS)
 
 GENERATE[parisc-mont.s]=asm/parisc-mont.pl $(PERLASM_SCHEME)
 
@@ -63,22 +65,3 @@ INCLUDE[armv4-mont.o]=..
 GENERATE[armv4-gf2m.S]=asm/armv4-gf2m.pl $(PERLASM_SCHEME)
 INCLUDE[armv4-gf2m.o]=..
 GENERATE[armv8-mont.S]=asm/armv8-mont.pl $(PERLASM_SCHEME)
-
-OVERRIDES=bn-mips3.o pa-risc2W.o pa-risc2.c
-BEGINRAW[Makefile]
-##### BN assembler implementations
-
-{- $builddir -}/bn-mips3.o:	{- $sourcedir -}/asm/mips3.s
-	@if [ "$(CC)" = "gcc" ]; then \
-		ABI=`expr "$(CFLAGS)" : ".*-mabi=\([n3264]*\)"` && \
-		as -$$ABI -O -o $@ {- $sourcedir -}/asm/mips3.s; \
-	else	$(CC) -c $(CFLAGS) $(LIB_CFLAGS) -o $@ {- $sourcedir -}/asm/mips3.s; fi
-
-# GNU assembler fails to compile PA-RISC2 modules, insist on calling
-# vendor assembler...
-{- $builddir -}/pa-risc2W.o: {- $sourcedir -}/asm/pa-risc2W.s
-	CC="$(CC)" $(PERL) $(SRCDIR)/util/fipsas.pl $(SRCDIR) $< /usr/ccs/bin/as -o pa-risc2W.o {- $sourcedir -}/asm/pa-risc2W.s
-{- $builddir -}/pa-risc2.o: {- $sourcedir -}/asm/pa-risc2.s
-	CC="$(CC)" $(PERL) $(SRCDIR)/util/fipsas.pl $(SRCDIR) $< /usr/ccs/bin/as -o pa-risc2.o {- $sourcedir -}/asm/pa-risc2.s
-
-ENDRAW[Makefile]
diff --git a/deps/openssl/openssl/crypto/bn/rsaz_exp.c b/deps/openssl/openssl/crypto/bn/rsaz_exp.c
index 1a70f6cade..22455b8a63 100644
--- a/deps/openssl/openssl/crypto/bn/rsaz_exp.c
+++ b/deps/openssl/openssl/crypto/bn/rsaz_exp.c
@@ -1,54 +1,17 @@
 /*
  * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2012, Intel Corporation. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
  * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Shay Gueron (1, 2), and Vlad Krasnov (1)
+ * (1) Intel Corporation, Israel Development Center, Haifa, Israel
+ * (2) University of Haifa, Israel
  */
 
-/*****************************************************************************
-*                                                                            *
-*  Copyright (c) 2012, Intel Corporation                                     *
-*                                                                            *
-*  All rights reserved.                                                      *
-*                                                                            *
-*  Redistribution and use in source and binary forms, with or without        *
-*  modification, are permitted provided that the following conditions are    *
-*  met:                                                                      *
-*                                                                            *
-*  *  Redistributions of source code must retain the above copyright         *
-*     notice, this list of conditions and the following disclaimer.          *
-*                                                                            *
-*  *  Redistributions in binary form must reproduce the above copyright      *
-*     notice, this list of conditions and the following disclaimer in the    *
-*     documentation and/or other materials provided with the                 *
-*     distribution.                                                          *
-*                                                                            *
-*  *  Neither the name of the Intel Corporation nor the names of its         *
-*     contributors may be used to endorse or promote products derived from   *
-*     this software without specific prior written permission.               *
-*                                                                            *
-*                                                                            *
-*  THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION ""AS IS"" AND ANY          *
-*  EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE         *
-*  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR        *
-*  PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION OR            *
-*  CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,     *
-*  EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,       *
-*  PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR        *
-*  PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF    *
-*  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING      *
-*  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS        *
-*  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.              *
-*                                                                            *
-******************************************************************************
-* Developers and authors:                                                    *
-* Shay Gueron (1, 2), and Vlad Krasnov (1)                                   *
-* (1) Intel Corporation, Israel Development Center, Haifa, Israel            *
-* (2) University of Haifa, Israel                                            *
-*****************************************************************************/
-
 #include <openssl/opensslconf.h>
 #include "rsaz_exp.h"
 
diff --git a/deps/openssl/openssl/crypto/bn/rsaz_exp.h b/deps/openssl/openssl/crypto/bn/rsaz_exp.h
index 9501cc8089..c5864f8aaa 100644
--- a/deps/openssl/openssl/crypto/bn/rsaz_exp.h
+++ b/deps/openssl/openssl/crypto/bn/rsaz_exp.h
@@ -1,54 +1,17 @@
 /*
- * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2012, Intel Corporation. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
  * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Shay Gueron (1, 2), and Vlad Krasnov (1)
+ * (1) Intel Corporation, Israel Development Center, Haifa, Israel
+ * (2) University of Haifa, Israel
  */
 
-/*****************************************************************************
-*                                                                            *
-*  Copyright (c) 2012, Intel Corporation                                     *
-*                                                                            *
-*  All rights reserved.                                                      *
-*                                                                            *
-*  Redistribution and use in source and binary forms, with or without        *
-*  modification, are permitted provided that the following conditions are    *
-*  met:                                                                      *
-*                                                                            *
-*  *  Redistributions of source code must retain the above copyright         *
-*     notice, this list of conditions and the following disclaimer.          *
-*                                                                            *
-*  *  Redistributions in binary form must reproduce the above copyright      *
-*     notice, this list of conditions and the following disclaimer in the    *
-*     documentation and/or other materials provided with the                 *
-*     distribution.                                                          *
-*                                                                            *
-*  *  Neither the name of the Intel Corporation nor the names of its         *
-*     contributors may be used to endorse or promote products derived from   *
-*     this software without specific prior written permission.               *
-*                                                                            *
-*                                                                            *
-*  THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION ""AS IS"" AND ANY          *
-*  EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE         *
-*  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR        *
-*  PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION OR            *
-*  CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,     *
-*  EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,       *
-*  PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR        *
-*  PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF    *
-*  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING      *
-*  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS        *
-*  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.              *
-*                                                                            *
-******************************************************************************
-* Developers and authors:                                                    *
-* Shay Gueron (1, 2), and Vlad Krasnov (1)                                   *
-* (1) Intel Corporation, Israel Development Center, Haifa, Israel            *
-* (2) University of Haifa, Israel                                            *
-*****************************************************************************/
-
 #ifndef RSAZ_EXP_H
 # define RSAZ_EXP_H
 
@@ -65,7 +28,7 @@ void RSAZ_1024_mod_exp_avx2(BN_ULONG result[16],
                             const BN_ULONG exponent[16],
                             const BN_ULONG m_norm[16], const BN_ULONG RR[16],
                             BN_ULONG k0);
-int rsaz_avx2_eligible();
+int rsaz_avx2_eligible(void);
 
 void RSAZ_512_mod_exp(BN_ULONG result[8],
                       const BN_ULONG base_norm[8], const BN_ULONG exponent[8],
diff --git a/deps/openssl/openssl/crypto/buffer/buf_err.c b/deps/openssl/openssl/crypto/buffer/buf_err.c
index a6a2ab88ae..7e6e53226a 100644
--- a/deps/openssl/openssl/crypto/buffer/buf_err.c
+++ b/deps/openssl/openssl/crypto/buffer/buf_err.c
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -8,24 +8,19 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
 #include <openssl/err.h>
-#include <openssl/buffer.h>
+#include <openssl/buffererr.h>
 
-/* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_BUF,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_BUF,0,reason)
-
-static ERR_STRING_DATA BUF_str_functs[] = {
-    {ERR_FUNC(BUF_F_BUF_MEM_GROW), "BUF_MEM_grow"},
-    {ERR_FUNC(BUF_F_BUF_MEM_GROW_CLEAN), "BUF_MEM_grow_clean"},
-    {ERR_FUNC(BUF_F_BUF_MEM_NEW), "BUF_MEM_new"},
+static const ERR_STRING_DATA BUF_str_functs[] = {
+    {ERR_PACK(ERR_LIB_BUF, BUF_F_BUF_MEM_GROW, 0), "BUF_MEM_grow"},
+    {ERR_PACK(ERR_LIB_BUF, BUF_F_BUF_MEM_GROW_CLEAN, 0), "BUF_MEM_grow_clean"},
+    {ERR_PACK(ERR_LIB_BUF, BUF_F_BUF_MEM_NEW, 0), "BUF_MEM_new"},
     {0, NULL}
 };
 
-static ERR_STRING_DATA BUF_str_reasons[] = {
+static const ERR_STRING_DATA BUF_str_reasons[] = {
     {0, NULL}
 };
 
@@ -34,10 +29,9 @@ static ERR_STRING_DATA BUF_str_reasons[] = {
 int ERR_load_BUF_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
-
     if (ERR_func_error_string(BUF_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, BUF_str_functs);
-        ERR_load_strings(0, BUF_str_reasons);
+        ERR_load_strings_const(BUF_str_functs);
+        ERR_load_strings_const(BUF_str_reasons);
     }
 #endif
     return 1;
diff --git a/deps/openssl/openssl/crypto/buffer/buffer.c b/deps/openssl/openssl/crypto/buffer/buffer.c
index f3f8a1b55c..72258abb9e 100644
--- a/deps/openssl/openssl/crypto/buffer/buffer.c
+++ b/deps/openssl/openssl/crypto/buffer/buffer.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -25,7 +25,7 @@ BUF_MEM *BUF_MEM_new_ex(unsigned long flags)
     ret = BUF_MEM_new();
     if (ret != NULL)
         ret->flags = flags;
-    return (ret);
+    return ret;
 }
 
 BUF_MEM *BUF_MEM_new(void)
@@ -35,16 +35,15 @@ BUF_MEM *BUF_MEM_new(void)
     ret = OPENSSL_zalloc(sizeof(*ret));
     if (ret == NULL) {
         BUFerr(BUF_F_BUF_MEM_NEW, ERR_R_MALLOC_FAILURE);
-        return (NULL);
+        return NULL;
     }
-    return (ret);
+    return ret;
 }
 
 void BUF_MEM_free(BUF_MEM *a)
 {
     if (a == NULL)
         return;
-
     if (a->data != NULL) {
         if (a->flags & BUF_MEM_FLAG_SECURE)
             OPENSSL_secure_clear_free(a->data, a->max);
@@ -68,7 +67,7 @@ static char *sec_alloc_realloc(BUF_MEM *str, size_t len)
             str->data = NULL;
         }
     }
-    return (ret);
+    return ret;
 }
 
 size_t BUF_MEM_grow(BUF_MEM *str, size_t len)
@@ -78,13 +77,13 @@ size_t BUF_MEM_grow(BUF_MEM *str, size_t len)
 
     if (str->length >= len) {
         str->length = len;
-        return (len);
+        return len;
     }
     if (str->max >= len) {
         if (str->data != NULL)
             memset(&str->data[str->length], 0, len - str->length);
         str->length = len;
-        return (len);
+        return len;
     }
     /* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */
     if (len > LIMIT_BEFORE_EXPANSION) {
@@ -105,7 +104,7 @@ size_t BUF_MEM_grow(BUF_MEM *str, size_t len)
         memset(&str->data[str->length], 0, len - str->length);
         str->length = len;
     }
-    return (len);
+    return len;
 }
 
 size_t BUF_MEM_grow_clean(BUF_MEM *str, size_t len)
@@ -117,12 +116,12 @@ size_t BUF_MEM_grow_clean(BUF_MEM *str, size_t len)
         if (str->data != NULL)
             memset(&str->data[len], 0, str->length - len);
         str->length = len;
-        return (len);
+        return len;
     }
     if (str->max >= len) {
         memset(&str->data[str->length], 0, len - str->length);
         str->length = len;
-        return (len);
+        return len;
     }
     /* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */
     if (len > LIMIT_BEFORE_EXPANSION) {
@@ -143,7 +142,7 @@ size_t BUF_MEM_grow_clean(BUF_MEM *str, size_t len)
         memset(&str->data[str->length], 0, len - str->length);
         str->length = len;
     }
-    return (len);
+    return len;
 }
 
 void BUF_reverse(unsigned char *out, const unsigned char *in, size_t size)
diff --git a/deps/openssl/openssl/crypto/build.info b/deps/openssl/openssl/crypto/build.info
index 8e15379700..2c619c62e8 100644
--- a/deps/openssl/openssl/crypto/build.info
+++ b/deps/openssl/openssl/crypto/build.info
@@ -1,7 +1,7 @@
 LIBS=../libcrypto
 SOURCE[../libcrypto]=\
         cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c cpt_err.c \
-        ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fopen.c \
+        ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fopen.c ctype.c \
         threads_pthread.c threads_win.c threads_none.c getenv.c \
         o_init.c o_fips.c mem_sec.c init.c {- $target{cpuid_asm_src} -} \
         {- $target{uplink_aux_src} -}
@@ -10,14 +10,15 @@ EXTRA=  ../ms/uplink-x86.pl ../ms/uplink.c ../ms/applink.c \
         ppccpuid.pl pariscid.pl alphacpuid.pl arm64cpuid.pl armv4cpuid.pl
 
 DEPEND[cversion.o]=buildinf.h
-GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(CFLAGS_Q)" "$(PLATFORM)"
+GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)"
 DEPEND[buildinf.h]=../configdata.pm
 
 GENERATE[uplink-x86.s]=../ms/uplink-x86.pl $(PERLASM_SCHEME)
 GENERATE[uplink-x86_64.s]=../ms/uplink-x86_64.pl $(PERLASM_SCHEME)
 GENERATE[uplink-ia64.s]=../ms/uplink-ia64.pl $(PERLASM_SCHEME)
 
-GENERATE[x86cpuid.s]=x86cpuid.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR)
+GENERATE[x86cpuid.s]=x86cpuid.pl \
+        $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR)
 DEPEND[x86cpuid.s]=perlasm/x86asm.pl
 
 GENERATE[x86_64cpuid.s]=x86_64cpuid.pl $(PERLASM_SCHEME)
@@ -30,6 +31,8 @@ GENERATE[arm64cpuid.S]=arm64cpuid.pl $(PERLASM_SCHEME)
 INCLUDE[arm64cpuid.o]=.
 GENERATE[armv4cpuid.S]=armv4cpuid.pl $(PERLASM_SCHEME)
 INCLUDE[armv4cpuid.o]=.
+GENERATE[s390xcpuid.S]=s390xcpuid.pl $(PERLASM_SCHEME)
+INCLUDE[s390xcpuid.o]=.
 
 IF[{- $config{target} =~ /^(?:Cygwin|mingw|VC-)/ -}]
   SHARED_SOURCE[../libcrypto]=dllmain.c
diff --git a/deps/openssl/openssl/crypto/c64xpluscpuid.pl b/deps/openssl/openssl/crypto/c64xpluscpuid.pl
index 9efe1205ff..b7b11d5031 100644
--- a/deps/openssl/openssl/crypto/c64xpluscpuid.pl
+++ b/deps/openssl/openssl/crypto/c64xpluscpuid.pl
@@ -231,7 +231,7 @@ bus_loop1?:
 _OPENSSL_instrument_bus2:
 	.asmfunc
 	MV	A6,B0			; reassign max
-||	MV	B4,A6			; reassing sizeof(output)
+||	MV	B4,A6			; reassign sizeof(output)
 ||	MVK	0x00004030,A3
 	MV	A4,B4			; reassign output
 ||	MVK	0,A4			; return value
diff --git a/deps/openssl/openssl/crypto/camellia/asm/cmll-x86.pl b/deps/openssl/openssl/crypto/camellia/asm/cmll-x86.pl
index 59f9ed9141..55af9b4e3d 100644
--- a/deps/openssl/openssl/crypto/camellia/asm/cmll-x86.pl
+++ b/deps/openssl/openssl/crypto/camellia/asm/cmll-x86.pl
@@ -52,7 +52,7 @@ $OPENSSL=1;
 $output = pop;
 open STDOUT,">$output";
 
-&asm_init($ARGV[0],"cmll-586.pl",$ARGV[$#ARGV] eq "386");
+&asm_init($ARGV[0],$ARGV[$#ARGV] eq "386");
 
 @T=("eax","ebx","ecx","edx");
 $idx="esi";
@@ -792,9 +792,9 @@ if ($OPENSSL) {
  64, 40,211,123,187,201, 67,193, 21,227,173,244,119,199,128,158);
 
 sub S1110 { my $i=shift; $i=@SBOX[$i]; return $i<<24|$i<<16|$i<<8; }
-sub S4404 { my $i=shift; $i=($i<<1|$i>>7)&0xff; $i=@SBOX[$i]; return $i<<24|$i<<16|$i; }	
-sub S0222 { my $i=shift; $i=@SBOX[$i]; $i=($i<<1|$i>>7)&0xff; return $i<<16|$i<<8|$i; }	
-sub S3033 { my $i=shift; $i=@SBOX[$i]; $i=($i>>1|$i<<7)&0xff; return $i<<24|$i<<8|$i; }	
+sub S4404 { my $i=shift; $i=($i<<1|$i>>7)&0xff; $i=@SBOX[$i]; return $i<<24|$i<<16|$i; }
+sub S0222 { my $i=shift; $i=@SBOX[$i]; $i=($i<<1|$i>>7)&0xff; return $i<<16|$i<<8|$i; }
+sub S3033 { my $i=shift; $i=@SBOX[$i]; $i=($i>>1|$i<<7)&0xff; return $i<<24|$i<<8|$i; }
 
 &set_label("Camellia_SIGMA",64);
 &data_word(
diff --git a/deps/openssl/openssl/crypto/camellia/asm/cmll-x86_64.pl b/deps/openssl/openssl/crypto/camellia/asm/cmll-x86_64.pl
index da5ad7b7e0..02c52c3efe 100644
--- a/deps/openssl/openssl/crypto/camellia/asm/cmll-x86_64.pl
+++ b/deps/openssl/openssl/crypto/camellia/asm/cmll-x86_64.pl
@@ -137,11 +137,17 @@ Camellia_EncryptBlock:
 .align	16
 .Lenc_rounds:
 Camellia_EncryptBlock_Rounds:
+.cfi_startproc
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
 .Lenc_prologue:
 
 	#mov	%rsi,$inp		# put away arguments
@@ -173,13 +179,20 @@ Camellia_EncryptBlock_Rounds:
 	mov	@S[3],12($out)
 
 	mov	0(%rsp),%r15
+.cfi_restore	%r15
 	mov	8(%rsp),%r14
+.cfi_restore	%r14
 	mov	16(%rsp),%r13
+.cfi_restore	%r13
 	mov	24(%rsp),%rbp
+.cfi_restore	%rbp
 	mov	32(%rsp),%rbx
+.cfi_restore	%rbx
 	lea	40(%rsp),%rsp
+.cfi_adjust_cfa_offset	-40
 .Lenc_epilogue:
 	ret
+.cfi_endproc
 .size	Camellia_EncryptBlock_Rounds,.-Camellia_EncryptBlock_Rounds
 
 .type	_x86_64_Camellia_encrypt,\@abi-omnipotent
@@ -247,11 +260,17 @@ Camellia_DecryptBlock:
 .align	16
 .Ldec_rounds:
 Camellia_DecryptBlock_Rounds:
+.cfi_startproc
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
 .Ldec_prologue:
 
 	#mov	%rsi,$inp		# put away arguments
@@ -283,13 +302,20 @@ Camellia_DecryptBlock_Rounds:
 	mov	@S[3],12($out)
 
 	mov	0(%rsp),%r15
+.cfi_restore	%r15
 	mov	8(%rsp),%r14
+.cfi_restore	%r14
 	mov	16(%rsp),%r13
+.cfi_restore	%r13
 	mov	24(%rsp),%rbp
+.cfi_restore	%rbp
 	mov	32(%rsp),%rbx
+.cfi_restore	%rbx
 	lea	40(%rsp),%rsp
+.cfi_adjust_cfa_offset	-40
 .Ldec_epilogue:
 	ret
+.cfi_endproc
 .size	Camellia_DecryptBlock_Rounds,.-Camellia_DecryptBlock_Rounds
 
 .type	_x86_64_Camellia_decrypt,\@abi-omnipotent
@@ -409,11 +435,17 @@ $code.=<<___;
 .type	Camellia_Ekeygen,\@function,3
 .align	16
 Camellia_Ekeygen:
+.cfi_startproc
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
 .Lkey_prologue:
 
 	mov	%edi,${keyend}d		# put away arguments, keyBitLength
@@ -573,13 +605,20 @@ $code.=<<___;
 	mov	\$4,%eax
 .Ldone:
 	mov	0(%rsp),%r15
+.cfi_restore	%r15
 	mov	8(%rsp),%r14
+.cfi_restore	%r14
 	mov	16(%rsp),%r13
+.cfi_restore	%r13
 	mov	24(%rsp),%rbp
+.cfi_restore	%rbp
 	mov	32(%rsp),%rbx
+.cfi_restore	%rbx
 	lea	40(%rsp),%rsp
+.cfi_adjust_cfa_offset	-40
 .Lkey_epilogue:
 	ret
+.cfi_endproc
 .size	Camellia_Ekeygen,.-Camellia_Ekeygen
 ___
 }
@@ -637,17 +676,25 @@ $code.=<<___;
 .type	Camellia_cbc_encrypt,\@function,6
 .align	16
 Camellia_cbc_encrypt:
+.cfi_startproc
 	cmp	\$0,%rdx
 	je	.Lcbc_abort
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
 .Lcbc_prologue:
 
 	mov	%rsp,%rbp
+.cfi_def_cfa_register	%rbp
 	sub	\$64,%rsp
 	and	\$-64,%rsp
 
@@ -668,6 +715,7 @@ Camellia_cbc_encrypt:
 
 	mov	%r8,$_ivp
 	mov	%rbp,$_rsp
+.cfi_cfa_expression	$_rsp,deref,+56
 
 .Lcbc_body:
 	lea	.LCamellia_SBOX(%rip),$Tbl
@@ -856,15 +904,24 @@ Camellia_cbc_encrypt:
 .align	16
 .Lcbc_done:
 	mov	$_rsp,%rcx
+.cfi_def_cfa	%rcx,56
 	mov	0(%rcx),%r15
+.cfi_restore	%r15
 	mov	8(%rcx),%r14
+.cfi_restore	%r14
 	mov	16(%rcx),%r13
+.cfi_restore	%r13
 	mov	24(%rcx),%r12
+.cfi_restore	%r12
 	mov	32(%rcx),%rbp
+.cfi_restore	%rbp
 	mov	40(%rcx),%rbx
+.cfi_restore	%rbx
 	lea	48(%rcx),%rsp
+.cfi_def_cfa	%rsp,8
 .Lcbc_abort:
 	ret
+.cfi_endproc
 .size	Camellia_cbc_encrypt,.-Camellia_cbc_encrypt
 
 .asciz	"Camellia for x86_64 by <appro\@openssl.org>"
diff --git a/deps/openssl/openssl/crypto/camellia/asm/cmllt4-sparcv9.pl b/deps/openssl/openssl/crypto/camellia/asm/cmllt4-sparcv9.pl
index ffe4a7d91c..6396679a5a 100644
--- a/deps/openssl/openssl/crypto/camellia/asm/cmllt4-sparcv9.pl
+++ b/deps/openssl/openssl/crypto/camellia/asm/cmllt4-sparcv9.pl
@@ -8,8 +8,8 @@
 
 
 # ====================================================================
-# Written by David S. Miller <davem@devemloft.net> and Andy Polyakov
-# <appro@openssl.org>. The module is licensed under 2-clause BSD
+# Written by David S. Miller and Andy Polyakov.
+# The module is licensed under 2-clause BSD
 # license. October 2012. All rights reserved.
 # ====================================================================
 
@@ -17,7 +17,7 @@
 # Camellia for SPARC T4.
 #
 # As with AES below results [for aligned data] are virtually identical
-# to critical path lenths for 3-cycle instruction latency:
+# to critical path lengths for 3-cycle instruction latency:
 #
 #		128-bit key	192/256-
 # CBC encrypt	4.14/4.21(*)	5.46/5.52
@@ -25,7 +25,7 @@
 #			     misaligned data.
 #
 # As with Intel AES-NI, question is if it's possible to improve
-# performance of parallelizeable modes by interleaving round
+# performance of parallelizable modes by interleaving round
 # instructions. In Camellia every instruction is dependent on
 # previous, which means that there is place for 2 additional ones
 # in between two dependent. Can we expect 3x performance improvement?
diff --git a/deps/openssl/openssl/crypto/camellia/build.info b/deps/openssl/openssl/crypto/camellia/build.info
index fd782724f0..e36a19bd4d 100644
--- a/deps/openssl/openssl/crypto/camellia/build.info
+++ b/deps/openssl/openssl/crypto/camellia/build.info
@@ -3,7 +3,9 @@ SOURCE[../../libcrypto]=\
         cmll_ecb.c cmll_ofb.c cmll_cfb.c cmll_ctr.c \
         {- $target{cmll_asm_src} -}
 
-GENERATE[cmll-x86.s]=asm/cmll-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR)
+GENERATE[cmll-x86.s]=asm/cmll-x86.pl \
+        $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) \
+        $(PROCESSOR)
 DEPEND[cmll-x86.s]=../perlasm/x86asm.pl
 GENERATE[cmll-x86_64.s]=asm/cmll-x86_64.pl $(PERLASM_SCHEME)
 GENERATE[cmllt4-sparcv9.S]=asm/cmllt4-sparcv9.pl $(PERLASM_SCHEME)
diff --git a/deps/openssl/openssl/crypto/camellia/camellia.c b/deps/openssl/openssl/crypto/camellia/camellia.c
index 6641a62205..c200b82304 100644
--- a/deps/openssl/openssl/crypto/camellia/camellia.c
+++ b/deps/openssl/openssl/crypto/camellia/camellia.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -44,51 +44,11 @@
 #include <string.h>
 #include <stdlib.h>
 
-/* 32-bit rotations */
-#if !defined(PEDANTIC) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
-# if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64))
-#  define RightRotate(x, s) _lrotr(x, s)
-#  define LeftRotate(x, s)  _lrotl(x, s)
-#  if _MSC_VER >= 1400
-#   define SWAP(x) _byteswap_ulong(x)
-#  else
-#   define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
-#  endif
-#  define GETU32(p)   SWAP(*((u32 *)(p)))
-#  define PUTU32(p,v) (*((u32 *)(p)) = SWAP((v)))
-# elif defined(__GNUC__) && __GNUC__>=2
-#  if defined(__i386) || defined(__x86_64)
-#   define RightRotate(x,s) ({u32 ret; asm ("rorl %1,%0":"=r"(ret):"I"(s),"0"(x):"cc"); ret; })
-#   define LeftRotate(x,s)  ({u32 ret; asm ("roll %1,%0":"=r"(ret):"I"(s),"0"(x):"cc"); ret; })
-#   if defined(B_ENDIAN)        /* stratus.com does it */
-#    define GETU32(p)   (*(u32 *)(p))
-#    define PUTU32(p,v) (*(u32 *)(p)=(v))
-#   else
-#    define GETU32(p)   ({u32 r=*(const u32 *)(p); asm("bswapl %0":"=r"(r):"0"(r)); r; })
-#    define PUTU32(p,v) ({u32 r=(v); asm("bswapl %0":"=r"(r):"0"(r)); *(u32 *)(p)=r; })
-#   endif
-#  elif defined(_ARCH_PPC) || defined(_ARCH_PPC64) || \
-        defined(__powerpc) || defined(__ppc__) || defined(__powerpc64__)
-#   define LeftRotate(x,s)  ({u32 ret; asm ("rlwinm %0,%1,%2,0,31":"=r"(ret):"r"(x),"I"(s)); ret; })
-#   define RightRotate(x,s) LeftRotate(x,(32-s))
-#  elif defined(__s390x__)
-#   define LeftRotate(x,s)  ({u32 ret; asm ("rll %0,%1,%2":"=r"(ret):"r"(x),"I"(s)); ret; })
-#   define RightRotate(x,s) LeftRotate(x,(32-s))
-#   define GETU32(p)   (*(u32 *)(p))
-#   define PUTU32(p,v) (*(u32 *)(p)=(v))
-#  endif
-# endif
-#endif
-
-#if !defined(RightRotate) && !defined(LeftRotate)
-# define RightRotate(x, s) ( ((x) >> (s)) + ((x) << (32 - s)) )
-# define LeftRotate(x, s)  ( ((x) << (s)) + ((x) >> (32 - s)) )
-#endif
-
-#if !defined(GETU32) && !defined(PUTU32)
-# define GETU32(p)   (((u32)(p)[0] << 24) ^ ((u32)(p)[1] << 16) ^ ((u32)(p)[2] <<  8) ^ ((u32)(p)[3]))
-# define PUTU32(p,v) ((p)[0] = (u8)((v) >> 24), (p)[1] = (u8)((v) >> 16), (p)[2] = (u8)((v) >>  8), (p)[3] = (u8)(v))
-#endif
+#define RightRotate(x, s) ( ((x) >> (s)) + ((x) << (32 - s)) )
+#define LeftRotate(x, s)  ( ((x) << (s)) + ((x) >> (32 - s)) )
+
+#define GETU32(p)   (((u32)(p)[0] << 24) ^ ((u32)(p)[1] << 16) ^ ((u32)(p)[2] <<  8) ^ ((u32)(p)[3]))
+#define PUTU32(p,v) ((p)[0] = (u8)((v) >> 24), (p)[1] = (u8)((v) >> 16), (p)[2] = (u8)((v) >>  8), (p)[3] = (u8)(v))
 
 /* S-box data */
 #define SBOX1_1110 Camellia_SBOX[0]
diff --git a/deps/openssl/openssl/crypto/cast/asm/cast-586.pl b/deps/openssl/openssl/crypto/cast/asm/cast-586.pl
index 6beb9c5f25..d5d38965cf 100644
--- a/deps/openssl/openssl/crypto/cast/asm/cast-586.pl
+++ b/deps/openssl/openssl/crypto/cast/asm/cast-586.pl
@@ -7,7 +7,7 @@
 # https://www.openssl.org/source/license.html
 
 
-# This flag makes the inner loop one cycle longer, but generates 
+# This flag makes the inner loop one cycle longer, but generates
 # code that runs %30 faster on the pentium pro/II, 44% faster
 # of PIII, while only %7 slower on the pentium.
 # By default, this flag is on.
@@ -21,7 +21,7 @@ require "cbc.pl";
 $output=pop;
 open STDOUT,">$output";
 
-&asm_init($ARGV[0],"cast-586.pl",$ARGV[$#ARGV] eq "386");
+&asm_init($ARGV[0],$ARGV[$#ARGV] eq "386");
 
 $CAST_ROUNDS=16;
 $L="edi";
@@ -157,7 +157,7 @@ sub E_CAST {
     if ($ppro) {
 	&xor(	$tmp1,		$tmp1);
 	&mov(	$tmp2,		0xff);
-	
+
 	&movb(	&LB($tmp1),	&HB($tmp4));	# A
 	&and(	$tmp2,		$tmp4);
 
@@ -166,7 +166,7 @@ sub E_CAST {
     } else {
 	&mov(	$tmp2,		$tmp4);		# B
 	&movb(	&LB($tmp1),	&HB($tmp4));	# A	# BAD BAD BAD
-	
+
 	&shr(	$tmp4,		16); 		#
 	&and(	$tmp2,		0xff);
     }
diff --git a/deps/openssl/openssl/crypto/cast/build.info b/deps/openssl/openssl/crypto/cast/build.info
index f6a25c9a56..b0f59f3800 100644
--- a/deps/openssl/openssl/crypto/cast/build.info
+++ b/deps/openssl/openssl/crypto/cast/build.info
@@ -2,5 +2,6 @@ LIBS=../../libcrypto
 SOURCE[../../libcrypto]=\
         c_skey.c c_ecb.c {- $target{cast_asm_src} -} c_cfb64.c c_ofb64.c
 
-GENERATE[cast-586.s]=asm/cast-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR)
+GENERATE[cast-586.s]=asm/cast-586.pl \
+        $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR)
 DEPEND[cast-586.s]=../perlasm/x86asm.pl ../perlasm/cbc.pl
diff --git a/deps/openssl/openssl/crypto/cast/cast_lcl.h b/deps/openssl/openssl/crypto/cast/cast_lcl.h
index e8cf322d43..35e89930a8 100644
--- a/deps/openssl/openssl/crypto/cast/cast_lcl.h
+++ b/deps/openssl/openssl/crypto/cast/cast_lcl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -7,8 +7,6 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "e_os.h"
-
 #ifdef OPENSSL_SYS_WIN32
 # include <stdlib.h>
 #endif
diff --git a/deps/openssl/openssl/crypto/cast/cast_s.h b/deps/openssl/openssl/crypto/cast/cast_s.h
index d9fd6ac416..b27415b967 100644
--- a/deps/openssl/openssl/crypto/cast/cast_s.h
+++ b/deps/openssl/openssl/crypto/cast/cast_s.h
@@ -7,7 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
-OPENSSL_GLOBAL const CAST_LONG CAST_S_table0[256] = {
+const CAST_LONG CAST_S_table0[256] = {
     0x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a,
     0x1e213f2f, 0x9c004dd3, 0x6003e540, 0xcf9fc949,
     0xbfd4af27, 0x88bbbdb5, 0xe2034090, 0x98d09675,
@@ -74,7 +74,7 @@ OPENSSL_GLOBAL const CAST_LONG CAST_S_table0[256] = {
     0x427b169c, 0x5ac9f049, 0xdd8f0f00, 0x5c8165bf,
 };
 
-OPENSSL_GLOBAL const CAST_LONG CAST_S_table1[256] = {
+const CAST_LONG CAST_S_table1[256] = {
     0x1f201094, 0xef0ba75b, 0x69e3cf7e, 0x393f4380,
     0xfe61cf7a, 0xeec5207a, 0x55889c94, 0x72fc0651,
     0xada7ef79, 0x4e1d7235, 0xd55a63ce, 0xde0436ba,
@@ -141,7 +141,7 @@ OPENSSL_GLOBAL const CAST_LONG CAST_S_table1[256] = {
     0x7160a539, 0x73bfbe70, 0x83877605, 0x4523ecf1,
 };
 
-OPENSSL_GLOBAL const CAST_LONG CAST_S_table2[256] = {
+const CAST_LONG CAST_S_table2[256] = {
     0x8defc240, 0x25fa5d9f, 0xeb903dbf, 0xe810c907,
     0x47607fff, 0x369fe44b, 0x8c1fc644, 0xaececa90,
     0xbeb1f9bf, 0xeefbcaea, 0xe8cf1950, 0x51df07ae,
@@ -208,7 +208,7 @@ OPENSSL_GLOBAL const CAST_LONG CAST_S_table2[256] = {
     0xdfef4636, 0xa133c501, 0xe9d3531c, 0xee353783,
 };
 
-OPENSSL_GLOBAL const CAST_LONG CAST_S_table3[256] = {
+const CAST_LONG CAST_S_table3[256] = {
     0x9db30420, 0x1fb6e9de, 0xa7be7bef, 0xd273a298,
     0x4a4f7bdb, 0x64ad8c57, 0x85510443, 0xfa020ed1,
     0x7e287aff, 0xe60fb663, 0x095f35a1, 0x79ebf120,
@@ -275,7 +275,7 @@ OPENSSL_GLOBAL const CAST_LONG CAST_S_table3[256] = {
     0x13ecf0b0, 0xd3ffb372, 0x3f85c5c1, 0x0aef7ed2,
 };
 
-OPENSSL_GLOBAL const CAST_LONG CAST_S_table4[256] = {
+const CAST_LONG CAST_S_table4[256] = {
     0x7ec90c04, 0x2c6e74b9, 0x9b0e66df, 0xa6337911,
     0xb86a7fff, 0x1dd358f5, 0x44dd9d44, 0x1731167f,
     0x08fbf1fa, 0xe7f511cc, 0xd2051b00, 0x735aba00,
@@ -342,7 +342,7 @@ OPENSSL_GLOBAL const CAST_LONG CAST_S_table4[256] = {
     0x5e76ffa8, 0xb1534546, 0x6d47de08, 0xefe9e7d4,
 };
 
-OPENSSL_GLOBAL const CAST_LONG CAST_S_table5[256] = {
+const CAST_LONG CAST_S_table5[256] = {
     0xf6fa8f9d, 0x2cac6ce1, 0x4ca34867, 0xe2337f7c,
     0x95db08e7, 0x016843b4, 0xeced5cbc, 0x325553ac,
     0xbf9f0960, 0xdfa1e2ed, 0x83f0579d, 0x63ed86b9,
@@ -409,7 +409,7 @@ OPENSSL_GLOBAL const CAST_LONG CAST_S_table5[256] = {
     0x48392905, 0xa65b1db8, 0x851c97bd, 0xd675cf2f,
 };
 
-OPENSSL_GLOBAL const CAST_LONG CAST_S_table6[256] = {
+const CAST_LONG CAST_S_table6[256] = {
     0x85e04019, 0x332bf567, 0x662dbfff, 0xcfc65693,
     0x2a8d7f6f, 0xab9bc912, 0xde6008a1, 0x2028da1f,
     0x0227bce7, 0x4d642916, 0x18fac300, 0x50f18b82,
@@ -476,7 +476,7 @@ OPENSSL_GLOBAL const CAST_LONG CAST_S_table6[256] = {
     0xf2a279c7, 0x94e01be8, 0x90716f4b, 0x954b8aa3,
 };
 
-OPENSSL_GLOBAL const CAST_LONG CAST_S_table7[256] = {
+const CAST_LONG CAST_S_table7[256] = {
     0xe216300d, 0xbbddfffc, 0xa7ebdabd, 0x35648095,
     0x7789f8b7, 0xe6c1121b, 0x0e241600, 0x052ce8b5,
     0x11a9cfb0, 0xe5952f11, 0xece7990a, 0x9386d174,
diff --git a/deps/openssl/openssl/crypto/chacha/asm/chacha-armv4.pl b/deps/openssl/openssl/crypto/chacha/asm/chacha-armv4.pl
index b5e21e4938..d3fadcc63d 100755
--- a/deps/openssl/openssl/crypto/chacha/asm/chacha-armv4.pl
+++ b/deps/openssl/openssl/crypto/chacha/asm/chacha-armv4.pl
@@ -15,7 +15,7 @@
 # ====================================================================
 #
 # December 2014
-# 
+#
 # ChaCha20 for ARMv4.
 #
 # Performance in cycles per byte out of large buffer.
@@ -172,8 +172,10 @@ $code.=<<___;
 #include "arm_arch.h"
 
 .text
-#if defined(__thumb2__)
+#if defined(__thumb2__) || defined(__clang__)
 .syntax	unified
+#endif
+#if defined(__thumb2__)
 .thumb
 #else
 .code	32
@@ -720,7 +722,7 @@ ChaCha20_neon:
 	vadd.i32	$d2,$d1,$t0		@ counter+2
 	str		@t[3], [sp,#4*(16+15)]
 	mov		@t[3],#10
-	add		@x[12],@x[12],#3	@ counter+3 
+	add		@x[12],@x[12],#3	@ counter+3
 	b		.Loop_neon
 
 .align	4
diff --git a/deps/openssl/openssl/crypto/chacha/asm/chacha-armv8.pl b/deps/openssl/openssl/crypto/chacha/asm/chacha-armv8.pl
index f7e1074714..4a838bc2b3 100755
--- a/deps/openssl/openssl/crypto/chacha/asm/chacha-armv8.pl
+++ b/deps/openssl/openssl/crypto/chacha/asm/chacha-armv8.pl
@@ -15,7 +15,7 @@
 # ====================================================================
 #
 # June 2015
-# 
+#
 # ChaCha20 for ARMv8.
 #
 # Performance in cycles per byte out of large buffer.
@@ -28,6 +28,7 @@
 # Denver		4.50/+82%       2.63		2.67(*)
 # X-Gene		9.50/+46%       8.82		8.89(*)
 # Mongoose		8.00/+44%	3.64		3.25
+# Kryo			8.17/+50%	4.83		4.65
 #
 # (*)	it's expected that doubling interleave factor doesn't help
 #	all processors, only those with higher NEON latency and
@@ -201,7 +202,7 @@ ChaCha20_ctr32:
 	mov	$ctr,#10
 	subs	$len,$len,#64
 .Loop:
-	sub	$ctr,$ctr,#1	
+	sub	$ctr,$ctr,#1
 ___
 	foreach (&ROUND(0, 4, 8,12)) { eval; }
 	foreach (&ROUND(0, 5,10,15)) { eval; }
diff --git a/deps/openssl/openssl/crypto/chacha/asm/chacha-c64xplus.pl b/deps/openssl/openssl/crypto/chacha/asm/chacha-c64xplus.pl
index bdb380442c..266401eb16 100755
--- a/deps/openssl/openssl/crypto/chacha/asm/chacha-c64xplus.pl
+++ b/deps/openssl/openssl/crypto/chacha/asm/chacha-c64xplus.pl
@@ -22,7 +22,7 @@
 # faster than code generated by TI compiler. Compiler also disables
 # interrupts for some reason, thus making interrupt response time
 # dependent on input length. This module on the other hand is free
-# from such limiation.
+# from such limitation.
 
 $output=pop;
 open STDOUT,">$output";
diff --git a/deps/openssl/openssl/crypto/chacha/asm/chacha-ppc.pl b/deps/openssl/openssl/crypto/chacha/asm/chacha-ppc.pl
index 181decdad9..f4f8610bf3 100755
--- a/deps/openssl/openssl/crypto/chacha/asm/chacha-ppc.pl
+++ b/deps/openssl/openssl/crypto/chacha/asm/chacha-ppc.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -15,18 +15,34 @@
 # ====================================================================
 #
 # October 2015
-# 
+#
 # ChaCha20 for PowerPC/AltiVec.
 #
+# June 2018
+#
+# Add VSX 2.07 code path. Original 3xAltiVec+1xIALU is well-suited for
+# processors that can't issue more than one vector instruction per
+# cycle. But POWER8 (and POWER9) can issue a pair, and vector-only 4x
+# interleave would perform better. Incidentally PowerISA 2.07 (first
+# implemented by POWER8) defined new usable instructions, hence 4xVSX
+# code path...
+#
 # Performance in cycles per byte out of large buffer.
 #
-#			IALU/gcc-4.x    3xAltiVec+1xIALU
+#			IALU/gcc-4.x    3xAltiVec+1xIALU	4xVSX
+#
+# Freescale e300	13.6/+115%	-			-
+# PPC74x0/G4e		6.81/+310%	3.81			-
+# PPC970/G5		9.29/+160%	?			-
+# POWER7		8.62/+61%	3.35			-
+# POWER8		8.70/+51%	2.91			2.09
+# POWER9		8.80/+29%	4.44(*)			2.45(**)
 #
-# Freescale e300	13.6/+115%	-
-# PPC74x0/G4e		6.81/+310%	4.66
-# PPC970/G5		9.29/+160%	4.60
-# POWER7		8.62/+61%	4.27
-# POWER8		8.70/+51%	3.96
+# (*)	this is trade-off result, it's possible to improve it, but
+#	then it would negatively affect all others;
+# (**)	POWER9 seems to be "allergic" to mixing vector and integer
+#	instructions, which is why switch to vector-only code pays
+#	off that much;
 
 $flavour = shift;
 
@@ -391,19 +407,19 @@ Loop_tail:					# byte-by-byte loop
 ___
 
 {{{
-my ($A0,$B0,$C0,$D0,$A1,$B1,$C1,$D1,$A2,$B2,$C2,$D2,$T0,$T1,$T2) =
-    map("v$_",(0..14));
-my (@K)=map("v$_",(15..20));
-my ($FOUR,$sixteen,$twenty4,$twenty,$twelve,$twenty5,$seven) =
-    map("v$_",(21..27));
-my ($inpperm,$outperm,$outmask) = map("v$_",(28..30));
-my @D=("v31",$seven,$T0,$T1,$T2);
+my ($A0,$B0,$C0,$D0,$A1,$B1,$C1,$D1,$A2,$B2,$C2,$D2)
+				= map("v$_",(0..11));
+my @K				= map("v$_",(12..17));
+my ($FOUR,$sixteen,$twenty4)	= map("v$_",(18..19,23));
+my ($inpperm,$outperm,$outmask)	= map("v$_",(24..26));
+my @D				= map("v$_",(27..31));
+my ($twelve,$seven,$T0,$T1) = @D;
 
-my $FRAME=$LOCALS+64+13*16+18*$SIZE_T;	# 13*16 is for v20-v31 offload
+my $FRAME=$LOCALS+64+10*16+18*$SIZE_T;	# 10*16 is for v23-v31 offload
 
 sub VMXROUND {
 my $odd = pop;
-my ($a,$b,$c,$d,$t)=@_;
+my ($a,$b,$c,$d)=@_;
 
 	(
 	"&vadduwm	('$a','$a','$b')",
@@ -411,24 +427,20 @@ my ($a,$b,$c,$d,$t)=@_;
 	"&vperm		('$d','$d','$d','$sixteen')",
 
 	"&vadduwm	('$c','$c','$d')",
-	"&vxor		('$t','$b','$c')",
-	"&vsrw		('$b','$t','$twenty')",
-	"&vslw		('$t','$t','$twelve')",
-	"&vor		('$b','$b','$t')",
+	"&vxor		('$b','$b','$c')",
+	"&vrlw		('$b','$b','$twelve')",
 
 	"&vadduwm	('$a','$a','$b')",
 	"&vxor		('$d','$d','$a')",
 	"&vperm		('$d','$d','$d','$twenty4')",
 
 	"&vadduwm	('$c','$c','$d')",
-	"&vxor		('$t','$b','$c')",
-	"&vsrw		('$b','$t','$twenty5')",
-	"&vslw		('$t','$t','$seven')",
-	"&vor		('$b','$b','$t')",
-
-	"&vsldoi	('$c','$c','$c',8)",
-	"&vsldoi	('$b','$b','$b',$odd?4:12)",
-	"&vsldoi	('$d','$d','$d',$odd?12:4)"
+	"&vxor		('$b','$b','$c')",
+	"&vrlw		('$b','$b','$seven')",
+
+	"&vrldoi	('$c','$c',8)",
+	"&vrldoi	('$b','$b',$odd?4:12)",
+	"&vrldoi	('$d','$d',$odd?12:4)"
 	);
 }
 
@@ -445,28 +457,22 @@ $code.=<<___;
 	li	r10,`15+$LOCALS+64`
 	li	r11,`31+$LOCALS+64`
 	mfspr	r12,256
-	stvx	v20,r10,$sp
-	addi	r10,r10,32
-	stvx	v21,r11,$sp
-	addi	r11,r11,32
-	stvx	v22,r10,$sp
+	stvx	v23,r10,$sp
 	addi	r10,r10,32
-	stvx	v23,r11,$sp
+	stvx	v24,r11,$sp
 	addi	r11,r11,32
-	stvx	v24,r10,$sp
+	stvx	v25,r10,$sp
 	addi	r10,r10,32
-	stvx	v25,r11,$sp
+	stvx	v26,r11,$sp
 	addi	r11,r11,32
-	stvx	v26,r10,$sp
+	stvx	v27,r10,$sp
 	addi	r10,r10,32
-	stvx	v27,r11,$sp
+	stvx	v28,r11,$sp
 	addi	r11,r11,32
-	stvx	v28,r10,$sp
+	stvx	v29,r10,$sp
 	addi	r10,r10,32
-	stvx	v29,r11,$sp
-	addi	r11,r11,32
-	stvx	v30,r10,$sp
-	stvx	v31,r11,$sp
+	stvx	v30,r11,$sp
+	stvx	v31,r10,$sp
 	stw	r12,`$FRAME-$SIZE_T*18-4`($sp)	# save vrsave
 	$PUSH	r14,`$FRAME-$SIZE_T*18`($sp)
 	$PUSH	r15,`$FRAME-$SIZE_T*17`($sp)
@@ -486,9 +492,9 @@ $code.=<<___;
 	$PUSH	r29,`$FRAME-$SIZE_T*3`($sp)
 	$PUSH	r30,`$FRAME-$SIZE_T*2`($sp)
 	$PUSH	r31,`$FRAME-$SIZE_T*1`($sp)
-	li	r12,-1
+	li	r12,-4096+511
 	$PUSH	r0, `$FRAME+$LRSAVE`($sp)
-	mtspr	256,r12				# preserve all AltiVec registers
+	mtspr	256,r12				# preserve 29 AltiVec registers
 
 	bl	Lconsts				# returns pointer Lsigma in r12
 	li	@x[0],16
@@ -525,11 +531,6 @@ $code.=<<___;
 	lwz	@d[3],12($ctr)
 	vadduwm	@K[5],@K[4],@K[5]
 
-	vspltisw $twenty,-12			# synthesize constants 
-	vspltisw $twelve,12
-	vspltisw $twenty5,-7
-	#vspltisw $seven,7			# synthesized in the loop
-
 	vxor	$T0,$T0,$T0			# 0x00..00
 	vspltisw $outmask,-1			# 0xff..ff
 	?lvsr	$inpperm,0,$inp			# prepare for unaligned load
@@ -542,6 +543,7 @@ $code.=<<___;
 	be?vxor	$outperm,$outperm,$T1
 	be?vperm $inpperm,$inpperm,$inpperm,$T0
 
+	li	r0,10				# inner loop counter
 	b	Loop_outer_vmx
 
 .align	4
@@ -559,7 +561,6 @@ Loop_outer_vmx:
 	ori	@x[3],@x[3],0x6574
 	 vmr	$B0,@K[1]
 
-	li	r0,10				# inner loop counter
 	lwz	@x[4],0($key)			# load key to GPR
 	 vmr	$B1,@K[1]
 	lwz	@x[5],4($key)
@@ -585,33 +586,45 @@ Loop_outer_vmx:
 	mr	@t[1],@x[5]
 	mr	@t[2],@x[6]
 	mr	@t[3],@x[7]
+
+	vspltisw $twelve,12			# synthesize constants
 	vspltisw $seven,7
 
 	mtctr	r0
 	nop
 Loop_vmx:
 ___
-	my @thread0=&VMXROUND($A0,$B0,$C0,$D0,$T0,0);
-	my @thread1=&VMXROUND($A1,$B1,$C1,$D1,$T1,0);
-	my @thread2=&VMXROUND($A2,$B2,$C2,$D2,$T2,0);
+	my @thread0=&VMXROUND($A0,$B0,$C0,$D0,0);
+	my @thread1=&VMXROUND($A1,$B1,$C1,$D1,0);
+	my @thread2=&VMXROUND($A2,$B2,$C2,$D2,0);
 	my @thread3=&ROUND(0,4,8,12);
 
 	foreach (@thread0) {
-		eval;			eval(shift(@thread3));
-		eval(shift(@thread1));	eval(shift(@thread3));
-		eval(shift(@thread2));	eval(shift(@thread3));
+		eval;
+		eval(shift(@thread1));
+		eval(shift(@thread2));
+
+		eval(shift(@thread3));
+		eval(shift(@thread3));
+		eval(shift(@thread3));
 	}
+	foreach (@thread3) { eval; }
 
-	@thread0=&VMXROUND($A0,$B0,$C0,$D0,$T0,1);
-	@thread1=&VMXROUND($A1,$B1,$C1,$D1,$T1,1);
-	@thread2=&VMXROUND($A2,$B2,$C2,$D2,$T2,1);
+	@thread0=&VMXROUND($A0,$B0,$C0,$D0,1);
+	@thread1=&VMXROUND($A1,$B1,$C1,$D1,1);
+	@thread2=&VMXROUND($A2,$B2,$C2,$D2,1);
 	@thread3=&ROUND(0,5,10,15);
 
 	foreach (@thread0) {
-		eval;			eval(shift(@thread3));
-		eval(shift(@thread1));	eval(shift(@thread3));
-		eval(shift(@thread2));	eval(shift(@thread3));
+		eval;
+		eval(shift(@thread1));
+		eval(shift(@thread2));
+
+		eval(shift(@thread3));
+		eval(shift(@thread3));
+		eval(shift(@thread3));
 	}
+	foreach (@thread3) { eval; }
 $code.=<<___;
 	bdnz	Loop_vmx
 
@@ -850,28 +863,22 @@ Ldone_vmx:
 	li	r10,`15+$LOCALS+64`
 	li	r11,`31+$LOCALS+64`
 	mtspr	256,r12				# restore vrsave
-	lvx	v20,r10,$sp
+	lvx	v23,r10,$sp
 	addi	r10,r10,32
-	lvx	v21,r11,$sp
+	lvx	v24,r11,$sp
 	addi	r11,r11,32
-	lvx	v22,r10,$sp
+	lvx	v25,r10,$sp
 	addi	r10,r10,32
-	lvx	v23,r11,$sp
+	lvx	v26,r11,$sp
 	addi	r11,r11,32
-	lvx	v24,r10,$sp
+	lvx	v27,r10,$sp
 	addi	r10,r10,32
-	lvx	v25,r11,$sp
+	lvx	v28,r11,$sp
 	addi	r11,r11,32
-	lvx	v26,r10,$sp
-	addi	r10,r10,32
-	lvx	v27,r11,$sp
-	addi	r11,r11,32
-	lvx	v28,r10,$sp
+	lvx	v29,r10,$sp
 	addi	r10,r10,32
-	lvx	v29,r11,$sp
-	addi	r11,r11,32
-	lvx	v30,r10,$sp
-	lvx	v31,r11,$sp
+	lvx	v30,r11,$sp
+	lvx	v31,r10,$sp
 	$POP	r0, `$FRAME+$LRSAVE`($sp)
 	$POP	r14,`$FRAME-$SIZE_T*18`($sp)
 	$POP	r15,`$FRAME-$SIZE_T*17`($sp)
@@ -898,12 +905,395 @@ Ldone_vmx:
 	.byte	0,12,0x04,1,0x80,18,5,0
 	.long	0
 .size	.ChaCha20_ctr32_vmx,.-.ChaCha20_ctr32_vmx
+___
+}}}
+{{{
+my ($xa0,$xa1,$xa2,$xa3, $xb0,$xb1,$xb2,$xb3,
+    $xc0,$xc1,$xc2,$xc3, $xd0,$xd1,$xd2,$xd3) = map("v$_",(0..15));
+my @K = map("v$_",(16..19));
+my $CTR = "v26";
+my ($xt0,$xt1,$xt2,$xt3) = map("v$_",(27..30));
+my ($sixteen,$twelve,$eight,$seven) = ($xt0,$xt1,$xt2,$xt3);
+my $beperm = "v31";
+
+my ($x00,$x10,$x20,$x30) = (0, map("r$_",(8..10)));
 
+my $FRAME=$LOCALS+64+7*16;	# 7*16 is for v26-v31 offload
+
+sub VSX_lane_ROUND {
+my ($a0,$b0,$c0,$d0)=@_;
+my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0));
+my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1));
+my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2));
+my @x=map("\"v$_\"",(0..15));
+
+	(
+	"&vadduwm	(@x[$a0],@x[$a0],@x[$b0])",	# Q1
+	 "&vadduwm	(@x[$a1],@x[$a1],@x[$b1])",	# Q2
+	  "&vadduwm	(@x[$a2],@x[$a2],@x[$b2])",	# Q3
+	   "&vadduwm	(@x[$a3],@x[$a3],@x[$b3])",	# Q4
+	"&vxor		(@x[$d0],@x[$d0],@x[$a0])",
+	 "&vxor		(@x[$d1],@x[$d1],@x[$a1])",
+	  "&vxor	(@x[$d2],@x[$d2],@x[$a2])",
+	   "&vxor	(@x[$d3],@x[$d3],@x[$a3])",
+	"&vrlw		(@x[$d0],@x[$d0],'$sixteen')",
+	 "&vrlw		(@x[$d1],@x[$d1],'$sixteen')",
+	  "&vrlw	(@x[$d2],@x[$d2],'$sixteen')",
+	   "&vrlw	(@x[$d3],@x[$d3],'$sixteen')",
+
+	"&vadduwm	(@x[$c0],@x[$c0],@x[$d0])",
+	 "&vadduwm	(@x[$c1],@x[$c1],@x[$d1])",
+	  "&vadduwm	(@x[$c2],@x[$c2],@x[$d2])",
+	   "&vadduwm	(@x[$c3],@x[$c3],@x[$d3])",
+	"&vxor		(@x[$b0],@x[$b0],@x[$c0])",
+	 "&vxor		(@x[$b1],@x[$b1],@x[$c1])",
+	  "&vxor	(@x[$b2],@x[$b2],@x[$c2])",
+	   "&vxor	(@x[$b3],@x[$b3],@x[$c3])",
+	"&vrlw		(@x[$b0],@x[$b0],'$twelve')",
+	 "&vrlw		(@x[$b1],@x[$b1],'$twelve')",
+	  "&vrlw	(@x[$b2],@x[$b2],'$twelve')",
+	   "&vrlw	(@x[$b3],@x[$b3],'$twelve')",
+
+	"&vadduwm	(@x[$a0],@x[$a0],@x[$b0])",
+	 "&vadduwm	(@x[$a1],@x[$a1],@x[$b1])",
+	  "&vadduwm	(@x[$a2],@x[$a2],@x[$b2])",
+	   "&vadduwm	(@x[$a3],@x[$a3],@x[$b3])",
+	"&vxor		(@x[$d0],@x[$d0],@x[$a0])",
+	 "&vxor		(@x[$d1],@x[$d1],@x[$a1])",
+	  "&vxor	(@x[$d2],@x[$d2],@x[$a2])",
+	   "&vxor	(@x[$d3],@x[$d3],@x[$a3])",
+	"&vrlw		(@x[$d0],@x[$d0],'$eight')",
+	 "&vrlw		(@x[$d1],@x[$d1],'$eight')",
+	  "&vrlw	(@x[$d2],@x[$d2],'$eight')",
+	   "&vrlw	(@x[$d3],@x[$d3],'$eight')",
+
+	"&vadduwm	(@x[$c0],@x[$c0],@x[$d0])",
+	 "&vadduwm	(@x[$c1],@x[$c1],@x[$d1])",
+	  "&vadduwm	(@x[$c2],@x[$c2],@x[$d2])",
+	   "&vadduwm	(@x[$c3],@x[$c3],@x[$d3])",
+	"&vxor		(@x[$b0],@x[$b0],@x[$c0])",
+	 "&vxor		(@x[$b1],@x[$b1],@x[$c1])",
+	  "&vxor	(@x[$b2],@x[$b2],@x[$c2])",
+	   "&vxor	(@x[$b3],@x[$b3],@x[$c3])",
+	"&vrlw		(@x[$b0],@x[$b0],'$seven')",
+	 "&vrlw		(@x[$b1],@x[$b1],'$seven')",
+	  "&vrlw	(@x[$b2],@x[$b2],'$seven')",
+	   "&vrlw	(@x[$b3],@x[$b3],'$seven')"
+	);
+}
+
+$code.=<<___;
+
+.globl	.ChaCha20_ctr32_vsx
+.align	5
+.ChaCha20_ctr32_vsx:
+	$STU	$sp,-$FRAME($sp)
+	mflr	r0
+	li	r10,`15+$LOCALS+64`
+	li	r11,`31+$LOCALS+64`
+	mfspr	r12,256
+	stvx	v26,r10,$sp
+	addi	r10,r10,32
+	stvx	v27,r11,$sp
+	addi	r11,r11,32
+	stvx	v28,r10,$sp
+	addi	r10,r10,32
+	stvx	v29,r11,$sp
+	addi	r11,r11,32
+	stvx	v30,r10,$sp
+	stvx	v31,r11,$sp
+	stw	r12,`$FRAME-4`($sp)		# save vrsave
+	li	r12,-4096+63
+	$PUSH	r0, `$FRAME+$LRSAVE`($sp)
+	mtspr	256,r12				# preserve 29 AltiVec registers
+
+	bl	Lconsts				# returns pointer Lsigma in r12
+	lvx_4w	@K[0],0,r12			# load sigma
+	addi	r12,r12,0x50
+	li	$x10,16
+	li	$x20,32
+	li	$x30,48
+	li	r11,64
+
+	lvx_4w	@K[1],0,$key			# load key
+	lvx_4w	@K[2],$x10,$key
+	lvx_4w	@K[3],0,$ctr			# load counter
+
+	vxor	$xt0,$xt0,$xt0
+	lvx_4w	$xt1,r11,r12
+	vspltw	$CTR,@K[3],0
+	vsldoi	@K[3],@K[3],$xt0,4
+	vsldoi	@K[3],$xt0,@K[3],12		# clear @K[3].word[0]
+	vadduwm	$CTR,$CTR,$xt1
+
+	be?lvsl	$beperm,0,$x10			# 0x00..0f
+	be?vspltisb $xt0,3			# 0x03..03
+	be?vxor	$beperm,$beperm,$xt0		# swap bytes within words
+
+	li	r0,10				# inner loop counter
+	mtctr	r0
+	b	Loop_outer_vsx
+
+.align	5
+Loop_outer_vsx:
+	lvx	$xa0,$x00,r12			# load [smashed] sigma
+	lvx	$xa1,$x10,r12
+	lvx	$xa2,$x20,r12
+	lvx	$xa3,$x30,r12
+
+	vspltw	$xb0,@K[1],0			# smash the key
+	vspltw	$xb1,@K[1],1
+	vspltw	$xb2,@K[1],2
+	vspltw	$xb3,@K[1],3
+
+	vspltw	$xc0,@K[2],0
+	vspltw	$xc1,@K[2],1
+	vspltw	$xc2,@K[2],2
+	vspltw	$xc3,@K[2],3
+
+	vmr	$xd0,$CTR			# smash the counter
+	vspltw	$xd1,@K[3],1
+	vspltw	$xd2,@K[3],2
+	vspltw	$xd3,@K[3],3
+
+	vspltisw $sixteen,-16			# synthesize constants
+	vspltisw $twelve,12
+	vspltisw $eight,8
+	vspltisw $seven,7
+
+Loop_vsx:
+___
+	foreach (&VSX_lane_ROUND(0, 4, 8,12)) { eval; }
+	foreach (&VSX_lane_ROUND(0, 5,10,15)) { eval; }
+$code.=<<___;
+	bdnz	Loop_vsx
+
+	vadduwm	$xd0,$xd0,$CTR
+
+	vmrgew	$xt0,$xa0,$xa1			# transpose data
+	vmrgew	$xt1,$xa2,$xa3
+	vmrgow	$xa0,$xa0,$xa1
+	vmrgow	$xa2,$xa2,$xa3
+	 vmrgew	$xt2,$xb0,$xb1
+	 vmrgew	$xt3,$xb2,$xb3
+	vpermdi	$xa1,$xa0,$xa2,0b00
+	vpermdi	$xa3,$xa0,$xa2,0b11
+	vpermdi	$xa0,$xt0,$xt1,0b00
+	vpermdi	$xa2,$xt0,$xt1,0b11
+
+	vmrgow	$xb0,$xb0,$xb1
+	vmrgow	$xb2,$xb2,$xb3
+	 vmrgew	$xt0,$xc0,$xc1
+	 vmrgew	$xt1,$xc2,$xc3
+	vpermdi	$xb1,$xb0,$xb2,0b00
+	vpermdi	$xb3,$xb0,$xb2,0b11
+	vpermdi	$xb0,$xt2,$xt3,0b00
+	vpermdi	$xb2,$xt2,$xt3,0b11
+
+	vmrgow	$xc0,$xc0,$xc1
+	vmrgow	$xc2,$xc2,$xc3
+	 vmrgew	$xt2,$xd0,$xd1
+	 vmrgew	$xt3,$xd2,$xd3
+	vpermdi	$xc1,$xc0,$xc2,0b00
+	vpermdi	$xc3,$xc0,$xc2,0b11
+	vpermdi	$xc0,$xt0,$xt1,0b00
+	vpermdi	$xc2,$xt0,$xt1,0b11
+
+	vmrgow	$xd0,$xd0,$xd1
+	vmrgow	$xd2,$xd2,$xd3
+	 vspltisw $xt0,4
+	 vadduwm  $CTR,$CTR,$xt0		# next counter value
+	vpermdi	$xd1,$xd0,$xd2,0b00
+	vpermdi	$xd3,$xd0,$xd2,0b11
+	vpermdi	$xd0,$xt2,$xt3,0b00
+	vpermdi	$xd2,$xt2,$xt3,0b11
+
+	vadduwm	$xa0,$xa0,@K[0]
+	vadduwm	$xb0,$xb0,@K[1]
+	vadduwm	$xc0,$xc0,@K[2]
+	vadduwm	$xd0,$xd0,@K[3]
+
+	be?vperm $xa0,$xa0,$xa0,$beperm
+	be?vperm $xb0,$xb0,$xb0,$beperm
+	be?vperm $xc0,$xc0,$xc0,$beperm
+	be?vperm $xd0,$xd0,$xd0,$beperm
+
+	${UCMP}i $len,0x40
+	blt	Ltail_vsx
+
+	lvx_4w	$xt0,$x00,$inp
+	lvx_4w	$xt1,$x10,$inp
+	lvx_4w	$xt2,$x20,$inp
+	lvx_4w	$xt3,$x30,$inp
+
+	vxor	$xt0,$xt0,$xa0
+	vxor	$xt1,$xt1,$xb0
+	vxor	$xt2,$xt2,$xc0
+	vxor	$xt3,$xt3,$xd0
+
+	stvx_4w	$xt0,$x00,$out
+	stvx_4w	$xt1,$x10,$out
+	addi	$inp,$inp,0x40
+	stvx_4w	$xt2,$x20,$out
+	subi	$len,$len,0x40
+	stvx_4w	$xt3,$x30,$out
+	addi	$out,$out,0x40
+	beq	Ldone_vsx
+
+	vadduwm	$xa0,$xa1,@K[0]
+	vadduwm	$xb0,$xb1,@K[1]
+	vadduwm	$xc0,$xc1,@K[2]
+	vadduwm	$xd0,$xd1,@K[3]
+
+	be?vperm $xa0,$xa0,$xa0,$beperm
+	be?vperm $xb0,$xb0,$xb0,$beperm
+	be?vperm $xc0,$xc0,$xc0,$beperm
+	be?vperm $xd0,$xd0,$xd0,$beperm
+
+	${UCMP}i $len,0x40
+	blt	Ltail_vsx
+
+	lvx_4w	$xt0,$x00,$inp
+	lvx_4w	$xt1,$x10,$inp
+	lvx_4w	$xt2,$x20,$inp
+	lvx_4w	$xt3,$x30,$inp
+
+	vxor	$xt0,$xt0,$xa0
+	vxor	$xt1,$xt1,$xb0
+	vxor	$xt2,$xt2,$xc0
+	vxor	$xt3,$xt3,$xd0
+
+	stvx_4w	$xt0,$x00,$out
+	stvx_4w	$xt1,$x10,$out
+	addi	$inp,$inp,0x40
+	stvx_4w	$xt2,$x20,$out
+	subi	$len,$len,0x40
+	stvx_4w	$xt3,$x30,$out
+	addi	$out,$out,0x40
+	beq	Ldone_vsx
+
+	vadduwm	$xa0,$xa2,@K[0]
+	vadduwm	$xb0,$xb2,@K[1]
+	vadduwm	$xc0,$xc2,@K[2]
+	vadduwm	$xd0,$xd2,@K[3]
+
+	be?vperm $xa0,$xa0,$xa0,$beperm
+	be?vperm $xb0,$xb0,$xb0,$beperm
+	be?vperm $xc0,$xc0,$xc0,$beperm
+	be?vperm $xd0,$xd0,$xd0,$beperm
+
+	${UCMP}i $len,0x40
+	blt	Ltail_vsx
+
+	lvx_4w	$xt0,$x00,$inp
+	lvx_4w	$xt1,$x10,$inp
+	lvx_4w	$xt2,$x20,$inp
+	lvx_4w	$xt3,$x30,$inp
+
+	vxor	$xt0,$xt0,$xa0
+	vxor	$xt1,$xt1,$xb0
+	vxor	$xt2,$xt2,$xc0
+	vxor	$xt3,$xt3,$xd0
+
+	stvx_4w	$xt0,$x00,$out
+	stvx_4w	$xt1,$x10,$out
+	addi	$inp,$inp,0x40
+	stvx_4w	$xt2,$x20,$out
+	subi	$len,$len,0x40
+	stvx_4w	$xt3,$x30,$out
+	addi	$out,$out,0x40
+	beq	Ldone_vsx
+
+	vadduwm	$xa0,$xa3,@K[0]
+	vadduwm	$xb0,$xb3,@K[1]
+	vadduwm	$xc0,$xc3,@K[2]
+	vadduwm	$xd0,$xd3,@K[3]
+
+	be?vperm $xa0,$xa0,$xa0,$beperm
+	be?vperm $xb0,$xb0,$xb0,$beperm
+	be?vperm $xc0,$xc0,$xc0,$beperm
+	be?vperm $xd0,$xd0,$xd0,$beperm
+
+	${UCMP}i $len,0x40
+	blt	Ltail_vsx
+
+	lvx_4w	$xt0,$x00,$inp
+	lvx_4w	$xt1,$x10,$inp
+	lvx_4w	$xt2,$x20,$inp
+	lvx_4w	$xt3,$x30,$inp
+
+	vxor	$xt0,$xt0,$xa0
+	vxor	$xt1,$xt1,$xb0
+	vxor	$xt2,$xt2,$xc0
+	vxor	$xt3,$xt3,$xd0
+
+	stvx_4w	$xt0,$x00,$out
+	stvx_4w	$xt1,$x10,$out
+	addi	$inp,$inp,0x40
+	stvx_4w	$xt2,$x20,$out
+	subi	$len,$len,0x40
+	stvx_4w	$xt3,$x30,$out
+	addi	$out,$out,0x40
+	mtctr	r0
+	bne	Loop_outer_vsx
+
+Ldone_vsx:
+	lwz	r12,`$FRAME-4`($sp)		# pull vrsave
+	li	r10,`15+$LOCALS+64`
+	li	r11,`31+$LOCALS+64`
+	$POP	r0, `$FRAME+$LRSAVE`($sp)
+	mtspr	256,r12				# restore vrsave
+	lvx	v26,r10,$sp
+	addi	r10,r10,32
+	lvx	v27,r11,$sp
+	addi	r11,r11,32
+	lvx	v28,r10,$sp
+	addi	r10,r10,32
+	lvx	v29,r11,$sp
+	addi	r11,r11,32
+	lvx	v30,r10,$sp
+	lvx	v31,r11,$sp
+	mtlr	r0
+	addi	$sp,$sp,$FRAME
+	blr
+
+.align	4
+Ltail_vsx:
+	addi	r11,$sp,$LOCALS
+	mtctr	$len
+	stvx_4w	$xa0,$x00,r11			# offload block to stack
+	stvx_4w	$xb0,$x10,r11
+	stvx_4w	$xc0,$x20,r11
+	stvx_4w	$xd0,$x30,r11
+	subi	r12,r11,1			# prepare for *++ptr
+	subi	$inp,$inp,1
+	subi	$out,$out,1
+
+Loop_tail_vsx:
+	lbzu	r6,1(r12)
+	lbzu	r7,1($inp)
+	xor	r6,r6,r7
+	stbu	r6,1($out)
+	bdnz	Loop_tail_vsx
+
+	stvx_4w	$K[0],$x00,r11			# wipe copy of the block
+	stvx_4w	$K[0],$x10,r11
+	stvx_4w	$K[0],$x20,r11
+	stvx_4w	$K[0],$x30,r11
+
+	b	Ldone_vsx
+	.long	0
+	.byte	0,12,0x04,1,0x80,0,5,0
+	.long	0
+.size	.ChaCha20_ctr32_vsx,.-.ChaCha20_ctr32_vsx
+___
+}}}
+$code.=<<___;
 .align	5
 Lconsts:
 	mflr	r0
 	bcl	20,31,\$+4
-	mflr	r12	#vvvvv "distance between . and _vpaes_consts
+	mflr	r12	#vvvvv "distance between . and Lsigma
 	addi	r12,r12,`64-8`
 	mtlr	r0
 	blr
@@ -924,10 +1314,14 @@ $code.=<<___ 	if (!$LITTLE_ENDIAN);	# flipped words
 	.long	0x01020300,0x05060704,0x090a0b08,0x0d0e0f0c
 ___
 $code.=<<___;
+	.long	0x61707865,0x61707865,0x61707865,0x61707865
+	.long	0x3320646e,0x3320646e,0x3320646e,0x3320646e
+	.long	0x79622d32,0x79622d32,0x79622d32,0x79622d32
+	.long	0x6b206574,0x6b206574,0x6b206574,0x6b206574
+	.long	0,1,2,3
 .asciz  "ChaCha20 for PowerPC/AltiVec, CRYPTOGAMS by <appro\@openssl.org>"
 .align	2
 ___
-}}}
 
 foreach (split("\n",$code)) {
 	s/\`([^\`]*)\`/eval $1/ge;
@@ -940,11 +1334,12 @@ foreach (split("\n",$code)) {
 	    s/\?lvsr/lvsl/	or
 	    s/\?lvsl/lvsr/	or
 	    s/\?(vperm\s+v[0-9]+,\s*)(v[0-9]+,\s*)(v[0-9]+,\s*)(v[0-9]+)/$1$3$2$4/ or
-	    s/(vsldoi\s+v[0-9]+,\s*)(v[0-9]+,)\s*(v[0-9]+,\s*)([0-9]+)/$1$3$2 16-$4/;
+	    s/vrldoi(\s+v[0-9]+,\s*)(v[0-9]+,)\s*([0-9]+)/vsldoi$1$2$2 16-$3/;
 	} else {			# little-endian
 	    s/le\?//		or
 	    s/be\?/#be#/	or
-	    s/\?([a-z]+)/$1/;
+	    s/\?([a-z]+)/$1/	or
+	    s/vrldoi(\s+v[0-9]+,\s*)(v[0-9]+,)\s*([0-9]+)/vsldoi$1$2$2 $3/;
 	}
 
 	print $_,"\n";
diff --git a/deps/openssl/openssl/crypto/chacha/asm/chacha-x86.pl b/deps/openssl/openssl/crypto/chacha/asm/chacha-x86.pl
index 932dec67e4..13c217dcf1 100755
--- a/deps/openssl/openssl/crypto/chacha/asm/chacha-x86.pl
+++ b/deps/openssl/openssl/crypto/chacha/asm/chacha-x86.pl
@@ -28,6 +28,7 @@
 # Westmere	9.50/+45%	3.35
 # Sandy Bridge	10.5/+47%	3.20
 # Haswell	8.15/+50%	2.83
+# Skylake	7.53/+22%	2.75
 # Silvermont	17.4/+36%	8.35
 # Goldmont	13.4/+40%	4.36
 # Sledgehammer	10.2/+54%
@@ -42,7 +43,7 @@ require "x86asm.pl";
 $output=pop;
 open STDOUT,">$output";
 
-&asm_init($ARGV[0],"chacha-x86.pl",$ARGV[$#ARGV] eq "386");
+&asm_init($ARGV[0],$ARGV[$#ARGV] eq "386");
 
 $xmm=$ymm=0;
 for (@ARGV) { $xmm=1 if (/-DOPENSSL_IA32_SSE2/); }
diff --git a/deps/openssl/openssl/crypto/chacha/asm/chacha-x86_64.pl b/deps/openssl/openssl/crypto/chacha/asm/chacha-x86_64.pl
index 347dfcb3e5..b54f3b1525 100755
--- a/deps/openssl/openssl/crypto/chacha/asm/chacha-x86_64.pl
+++ b/deps/openssl/openssl/crypto/chacha/asm/chacha-x86_64.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -18,32 +18,45 @@
 #
 # ChaCha20 for x86_64.
 #
+# December 2016
+#
+# Add AVX512F code path.
+#
+# December 2017
+#
+# Add AVX512VL code path.
+#
 # Performance in cycles per byte out of large buffer.
 #
-#		IALU/gcc 4.8(i)	1xSSSE3/SSE2	4xSSSE3	    8xAVX2
+#		IALU/gcc 4.8(i)	1x/2xSSSE3(ii)	4xSSSE3	    NxAVX(v)
 #
-# P4		9.48/+99%	-/22.7(ii)	-
-# Core2		7.83/+55%	7.90/8.08	4.35
-# Westmere	7.19/+50%	5.60/6.70	3.00
-# Sandy Bridge	8.31/+42%	5.45/6.76	2.72
-# Ivy Bridge	6.71/+46%	5.40/6.49	2.41
-# Haswell	5.92/+43%	5.20/6.45	2.42	    1.23
-# Silvermont	12.0/+33%	7.75/7.40	7.03(iii)
-# Goldmont	10.6/+17%	5.10/-		3.28
-# Sledgehammer	7.28/+52%	-/14.2(ii)	-
-# Bulldozer	9.66/+28%	9.85/11.1	3.06(iv)
-# VIA Nano	10.5/+46%	6.72/8.60	6.05
+# P4		9.48/+99%	-		-
+# Core2		7.83/+55%	7.90/5.76	4.35
+# Westmere	7.19/+50%	5.60/4.50	3.00
+# Sandy Bridge	8.31/+42%	5.45/4.00	2.72
+# Ivy Bridge	6.71/+46%	5.40/?		2.41
+# Haswell	5.92/+43%	5.20/3.45	2.42        1.23
+# Skylake[-X]	5.87/+39%	4.70/3.22	2.31        1.19[0.80(vi)]
+# Silvermont	12.0/+33%	7.75/6.90	7.03(iii)
+# Knights L	11.7/-		?		9.60(iii)   0.80
+# Goldmont	10.6/+17%	5.10/3.52	3.28
+# Sledgehammer	7.28/+52%	-		-
+# Bulldozer	9.66/+28%	9.85/5.35(iv)	3.06(iv)
+# Ryzen		5.96/+50%	5.19/3.00	2.40        2.09
+# VIA Nano	10.5/+46%	6.72/6.88	6.05
 #
 # (i)	compared to older gcc 3.x one can observe >2x improvement on
 #	most platforms;
-# (ii)	as it can be seen, SSE2 performance is too low on legacy
-#	processors; NxSSE2 results are naturally better, but not
-#	impressively better than IALU ones, which is why you won't
-#	find SSE2 code below;
+# (ii)	2xSSSE3 is code path optimized specifically for 128 bytes used
+#	by chacha20_poly1305_tls_cipher, results are EVP-free;
 # (iii)	this is not optimal result for Atom because of MSROM
 #	limitations, SSE2 can do better, but gain is considered too
 #	low to justify the [maintenance] effort;
-# (iv)	Bulldozer actually executes 4xXOP code path that delivers 2.20;
+# (iv)	Bulldozer actually executes 4xXOP code path that delivers 2.20
+#	and 4.85 for 128-byte inputs;
+# (v)	8xAVX2, 8xAVX512VL or 16xAVX512F, whichever best applicable;
+# (vi)	even though Skylake-X can execute AVX512F code and deliver 0.57
+#	cpb in single thread, the corresponding capability is suppressed;
 
 $flavour = shift;
 $output  = shift;
@@ -58,12 +71,13 @@ die "can't locate x86_64-xlate.pl";
 
 if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
 		=~ /GNU assembler version ([2-9]\.[0-9]+)/) {
-	$avx = ($1>=2.19) + ($1>=2.22);
+	$avx = ($1>=2.19) + ($1>=2.22) + ($1>=2.25);
 }
 
 if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
-	   `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) {
-	$avx = ($1>=2.09) + ($1>=2.10);
+	   `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)(?:\.([0-9]+))?/) {
+	$avx = ($1>=2.09) + ($1>=2.10) + ($1>=2.12);
+	$avx += 1 if ($1==2.11 && $2>=8);
 }
 
 if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
@@ -103,6 +117,17 @@ $code.=<<___;
 .byte	0x2,0x3,0x0,0x1, 0x6,0x7,0x4,0x5, 0xa,0xb,0x8,0x9, 0xe,0xf,0xc,0xd
 .Lrot24:
 .byte	0x3,0x0,0x1,0x2, 0x7,0x4,0x5,0x6, 0xb,0x8,0x9,0xa, 0xf,0xc,0xd,0xe
+.Ltwoy:
+.long	2,0,0,0, 2,0,0,0
+.align	64
+.Lzeroz:
+.long	0,0,0,0, 1,0,0,0, 2,0,0,0, 3,0,0,0
+.Lfourz:
+.long	4,0,0,0, 4,0,0,0, 4,0,0,0, 4,0,0,0
+.Lincz:
+.long	0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15
+.Lsixteen:
+.long	16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16
 .Lsigma:
 .asciz	"expand 32-byte k"
 .asciz	"ChaCha20 for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
@@ -227,19 +252,36 @@ $code.=<<___;
 .type	ChaCha20_ctr32,\@function,5
 .align	64
 ChaCha20_ctr32:
+.cfi_startproc
 	cmp	\$0,$len
 	je	.Lno_data
 	mov	OPENSSL_ia32cap_P+4(%rip),%r10
+___
+$code.=<<___	if ($avx>2);
+	bt	\$48,%r10		# check for AVX512F
+	jc	.LChaCha20_avx512
+	test	%r10,%r10		# check for AVX512VL
+	js	.LChaCha20_avx512vl
+___
+$code.=<<___;
 	test	\$`1<<(41-32)`,%r10d
 	jnz	.LChaCha20_ssse3
 
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
 	sub	\$64+24,%rsp
+.cfi_adjust_cfa_offset	64+24
+.Lctr32_body:
 
 	#movdqa	.Lsigma(%rip),%xmm0
 	movdqu	($key),%xmm1
@@ -378,15 +420,25 @@ $code.=<<___;
 	jnz	.Loop_tail
 
 .Ldone:
-	add	\$64+24,%rsp
-	pop	%r15
-	pop	%r14
-	pop	%r13
-	pop	%r12
-	pop	%rbp
-	pop	%rbx
+	lea	64+24+48(%rsp),%rsi
+.cfi_def_cfa	%rsi,8
+	mov	-48(%rsi),%r15
+.cfi_restore	%r15
+	mov	-40(%rsi),%r14
+.cfi_restore	%r14
+	mov	-32(%rsi),%r13
+.cfi_restore	%r13
+	mov	-24(%rsi),%r12
+.cfi_restore	%r12
+	mov	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	mov	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	lea	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
 .Lno_data:
 	ret
+.cfi_endproc
 .size	ChaCha20_ctr32,.-ChaCha20_ctr32
 ___
 
@@ -419,13 +471,16 @@ sub SSSE3ROUND {	# critical path is 20 "SIMD ticks" per round
 	&por	($b,$t);
 }
 
-my $xframe = $win64 ? 32+32+8 : 24;
+my $xframe = $win64 ? 32+8 : 8;
 
 $code.=<<___;
 .type	ChaCha20_ssse3,\@function,5
 .align	32
 ChaCha20_ssse3:
+.cfi_startproc
 .LChaCha20_ssse3:
+	mov	%rsp,%r9		# frame pointer
+.cfi_def_cfa_register	%r9
 ___
 $code.=<<___	if ($avx);
 	test	\$`1<<(43-32)`,%r10d
@@ -433,21 +488,16 @@ $code.=<<___	if ($avx);
 ___
 $code.=<<___;
 	cmp	\$128,$len		# we might throw away some data,
+	je	.LChaCha20_128
 	ja	.LChaCha20_4x		# but overall it won't be slower
 
 .Ldo_sse3_after_all:
-	push	%rbx
-	push	%rbp
-	push	%r12
-	push	%r13
-	push	%r14
-	push	%r15
-
 	sub	\$64+$xframe,%rsp
 ___
 $code.=<<___	if ($win64);
-	movaps	%xmm6,64+32(%rsp)
-	movaps	%xmm7,64+48(%rsp)
+	movaps	%xmm6,-0x28(%r9)
+	movaps	%xmm7,-0x18(%r9)
+.Lssse3_body:
 ___
 $code.=<<___;
 	movdqa	.Lsigma(%rip),$a
@@ -461,7 +511,7 @@ $code.=<<___;
 	movdqa	$b,0x10(%rsp)
 	movdqa	$c,0x20(%rsp)
 	movdqa	$d,0x30(%rsp)
-	mov	\$10,%ebp
+	mov	\$10,$counter		# reuse $counter
 	jmp	.Loop_ssse3
 
 .align	32
@@ -471,7 +521,7 @@ $code.=<<___;
 	movdqa	0x10(%rsp),$b
 	movdqa	0x20(%rsp),$c
 	paddd	0x30(%rsp),$d
-	mov	\$10,%ebp
+	mov	\$10,$counter
 	movdqa	$d,0x30(%rsp)
 	jmp	.Loop_ssse3
 
@@ -489,7 +539,7 @@ ___
 	&pshufd	($b,$b,0b10010011);
 	&pshufd	($d,$d,0b00111001);
 
-	&dec	("%ebp");
+	&dec	($counter);
 	&jnz	(".Loop_ssse3");
 
 $code.=<<___;
@@ -528,37 +578,200 @@ $code.=<<___;
 	movdqa	$b,0x10(%rsp)
 	movdqa	$c,0x20(%rsp)
 	movdqa	$d,0x30(%rsp)
-	xor	%rbx,%rbx
+	xor	$counter,$counter
 
 .Loop_tail_ssse3:
-	movzb	($inp,%rbx),%eax
-	movzb	(%rsp,%rbx),%ecx
-	lea	1(%rbx),%rbx
+	movzb	($inp,$counter),%eax
+	movzb	(%rsp,$counter),%ecx
+	lea	1($counter),$counter
 	xor	%ecx,%eax
-	mov	%al,-1($out,%rbx)
+	mov	%al,-1($out,$counter)
 	dec	$len
 	jnz	.Loop_tail_ssse3
 
 .Ldone_ssse3:
 ___
 $code.=<<___	if ($win64);
-	movaps	64+32(%rsp),%xmm6
-	movaps	64+48(%rsp),%xmm7
+	movaps	-0x28(%r9),%xmm6
+	movaps	-0x18(%r9),%xmm7
 ___
 $code.=<<___;
-	add	\$64+$xframe,%rsp
-	pop	%r15
-	pop	%r14
-	pop	%r13
-	pop	%r12
-	pop	%rbp
-	pop	%rbx
+	lea	(%r9),%rsp
+.cfi_def_cfa_register	%rsp
+.Lssse3_epilogue:
 	ret
+.cfi_endproc
 .size	ChaCha20_ssse3,.-ChaCha20_ssse3
 ___
 }
 
 ########################################################################
+# SSSE3 code path that handles 128-byte inputs
+{
+my ($a,$b,$c,$d,$t,$t1,$rot16,$rot24)=map("%xmm$_",(8,9,2..7));
+my ($a1,$b1,$c1,$d1)=map("%xmm$_",(10,11,0,1));
+
+sub SSSE3ROUND_2x {
+	&paddd	($a,$b);
+	&pxor	($d,$a);
+	 &paddd	($a1,$b1);
+	 &pxor	($d1,$a1);
+	&pshufb	($d,$rot16);
+	 &pshufb($d1,$rot16);
+
+	&paddd	($c,$d);
+	 &paddd	($c1,$d1);
+	&pxor	($b,$c);
+	 &pxor	($b1,$c1);
+	&movdqa	($t,$b);
+	&psrld	($b,20);
+	 &movdqa($t1,$b1);
+	&pslld	($t,12);
+	 &psrld	($b1,20);
+	&por	($b,$t);
+	 &pslld	($t1,12);
+	 &por	($b1,$t1);
+
+	&paddd	($a,$b);
+	&pxor	($d,$a);
+	 &paddd	($a1,$b1);
+	 &pxor	($d1,$a1);
+	&pshufb	($d,$rot24);
+	 &pshufb($d1,$rot24);
+
+	&paddd	($c,$d);
+	 &paddd	($c1,$d1);
+	&pxor	($b,$c);
+	 &pxor	($b1,$c1);
+	&movdqa	($t,$b);
+	&psrld	($b,25);
+	 &movdqa($t1,$b1);
+	&pslld	($t,7);
+	 &psrld	($b1,25);
+	&por	($b,$t);
+	 &pslld	($t1,7);
+	 &por	($b1,$t1);
+}
+
+my $xframe = $win64 ? 0x68 : 8;
+
+$code.=<<___;
+.type	ChaCha20_128,\@function,5
+.align	32
+ChaCha20_128:
+.cfi_startproc
+.LChaCha20_128:
+	mov	%rsp,%r9		# frame pointer
+.cfi_def_cfa_register	%r9
+	sub	\$64+$xframe,%rsp
+___
+$code.=<<___	if ($win64);
+	movaps	%xmm6,-0x68(%r9)
+	movaps	%xmm7,-0x58(%r9)
+	movaps	%xmm8,-0x48(%r9)
+	movaps	%xmm9,-0x38(%r9)
+	movaps	%xmm10,-0x28(%r9)
+	movaps	%xmm11,-0x18(%r9)
+.L128_body:
+___
+$code.=<<___;
+	movdqa	.Lsigma(%rip),$a
+	movdqu	($key),$b
+	movdqu	16($key),$c
+	movdqu	($counter),$d
+	movdqa	.Lone(%rip),$d1
+	movdqa	.Lrot16(%rip),$rot16
+	movdqa	.Lrot24(%rip),$rot24
+
+	movdqa	$a,$a1
+	movdqa	$a,0x00(%rsp)
+	movdqa	$b,$b1
+	movdqa	$b,0x10(%rsp)
+	movdqa	$c,$c1
+	movdqa	$c,0x20(%rsp)
+	paddd	$d,$d1
+	movdqa	$d,0x30(%rsp)
+	mov	\$10,$counter		# reuse $counter
+	jmp	.Loop_128
+
+.align	32
+.Loop_128:
+___
+	&SSSE3ROUND_2x();
+	&pshufd	($c,$c,0b01001110);
+	&pshufd	($b,$b,0b00111001);
+	&pshufd	($d,$d,0b10010011);
+	&pshufd	($c1,$c1,0b01001110);
+	&pshufd	($b1,$b1,0b00111001);
+	&pshufd	($d1,$d1,0b10010011);
+
+	&SSSE3ROUND_2x();
+	&pshufd	($c,$c,0b01001110);
+	&pshufd	($b,$b,0b10010011);
+	&pshufd	($d,$d,0b00111001);
+	&pshufd	($c1,$c1,0b01001110);
+	&pshufd	($b1,$b1,0b10010011);
+	&pshufd	($d1,$d1,0b00111001);
+
+	&dec	($counter);
+	&jnz	(".Loop_128");
+
+$code.=<<___;
+	paddd	0x00(%rsp),$a
+	paddd	0x10(%rsp),$b
+	paddd	0x20(%rsp),$c
+	paddd	0x30(%rsp),$d
+	paddd	.Lone(%rip),$d1
+	paddd	0x00(%rsp),$a1
+	paddd	0x10(%rsp),$b1
+	paddd	0x20(%rsp),$c1
+	paddd	0x30(%rsp),$d1
+
+	movdqu	0x00($inp),$t
+	movdqu	0x10($inp),$t1
+	pxor	$t,$a			# xor with input
+	movdqu	0x20($inp),$t
+	pxor	$t1,$b
+	movdqu	0x30($inp),$t1
+	pxor	$t,$c
+	movdqu	0x40($inp),$t
+	pxor	$t1,$d
+	movdqu	0x50($inp),$t1
+	pxor	$t,$a1
+	movdqu	0x60($inp),$t
+	pxor	$t1,$b1
+	movdqu	0x70($inp),$t1
+	pxor	$t,$c1
+	pxor	$t1,$d1
+
+	movdqu	$a,0x00($out)		# write output
+	movdqu	$b,0x10($out)
+	movdqu	$c,0x20($out)
+	movdqu	$d,0x30($out)
+	movdqu	$a1,0x40($out)
+	movdqu	$b1,0x50($out)
+	movdqu	$c1,0x60($out)
+	movdqu	$d1,0x70($out)
+___
+$code.=<<___	if ($win64);
+	movaps	-0x68(%r9),%xmm6
+	movaps	-0x58(%r9),%xmm7
+	movaps	-0x48(%r9),%xmm8
+	movaps	-0x38(%r9),%xmm9
+	movaps	-0x28(%r9),%xmm10
+	movaps	-0x18(%r9),%xmm11
+___
+$code.=<<___;
+	lea	(%r9),%rsp
+.cfi_def_cfa_register	%rsp
+.L128_epilogue:
+	ret
+.cfi_endproc
+.size	ChaCha20_128,.-ChaCha20_128
+___
+}
+
+########################################################################
 # SSSE3 code path that handles longer messages.
 {
 # assign variables to favor Atom front-end
@@ -689,13 +902,16 @@ my @x=map("\"$_\"",@xx);
 	);
 }
 
-my $xframe = $win64 ? 0xa0 : 0;
+my $xframe = $win64 ? 0xa8 : 8;
 
 $code.=<<___;
 .type	ChaCha20_4x,\@function,5
 .align	32
 ChaCha20_4x:
+.cfi_startproc
 .LChaCha20_4x:
+	mov		%rsp,%r9		# frame pointer
+.cfi_def_cfa_register	%r9
 	mov		%r10,%r11
 ___
 $code.=<<___	if ($avx>1);
@@ -712,8 +928,7 @@ $code.=<<___;
 	je		.Ldo_sse3_after_all	# to detect Atom
 
 .Lproceed4x:
-	lea		-0x78(%rsp),%r11
-	sub		\$0x148+$xframe,%rsp
+	sub		\$0x140+$xframe,%rsp
 ___
 	################ stack layout
 	# +0x00		SIMD equivalent of @x[8-12]
@@ -724,16 +939,17 @@ ___
 	# ...
 	# +0x140
 $code.=<<___	if ($win64);
-	movaps		%xmm6,-0x30(%r11)
-	movaps		%xmm7,-0x20(%r11)
-	movaps		%xmm8,-0x10(%r11)
-	movaps		%xmm9,0x00(%r11)
-	movaps		%xmm10,0x10(%r11)
-	movaps		%xmm11,0x20(%r11)
-	movaps		%xmm12,0x30(%r11)
-	movaps		%xmm13,0x40(%r11)
-	movaps		%xmm14,0x50(%r11)
-	movaps		%xmm15,0x60(%r11)
+	movaps		%xmm6,-0xa8(%r9)
+	movaps		%xmm7,-0x98(%r9)
+	movaps		%xmm8,-0x88(%r9)
+	movaps		%xmm9,-0x78(%r9)
+	movaps		%xmm10,-0x68(%r9)
+	movaps		%xmm11,-0x58(%r9)
+	movaps		%xmm12,-0x48(%r9)
+	movaps		%xmm13,-0x38(%r9)
+	movaps		%xmm14,-0x28(%r9)
+	movaps		%xmm15,-0x18(%r9)
+.L4x_body:
 ___
 $code.=<<___;
 	movdqa		.Lsigma(%rip),$xa3	# key[0]
@@ -1122,21 +1338,23 @@ $code.=<<___;
 .Ldone4x:
 ___
 $code.=<<___	if ($win64);
-	lea		0x140+0x30(%rsp),%r11
-	movaps		-0x30(%r11),%xmm6
-	movaps		-0x20(%r11),%xmm7
-	movaps		-0x10(%r11),%xmm8
-	movaps		0x00(%r11),%xmm9
-	movaps		0x10(%r11),%xmm10
-	movaps		0x20(%r11),%xmm11
-	movaps		0x30(%r11),%xmm12
-	movaps		0x40(%r11),%xmm13
-	movaps		0x50(%r11),%xmm14
-	movaps		0x60(%r11),%xmm15
-___
-$code.=<<___;
-	add		\$0x148+$xframe,%rsp
+	movaps		-0xa8(%r9),%xmm6
+	movaps		-0x98(%r9),%xmm7
+	movaps		-0x88(%r9),%xmm8
+	movaps		-0x78(%r9),%xmm9
+	movaps		-0x68(%r9),%xmm10
+	movaps		-0x58(%r9),%xmm11
+	movaps		-0x48(%r9),%xmm12
+	movaps		-0x38(%r9),%xmm13
+	movaps		-0x28(%r9),%xmm14
+	movaps		-0x18(%r9),%xmm15
+___
+$code.=<<___;
+	lea		(%r9),%rsp
+.cfi_def_cfa_register	%rsp
+.L4x_epilogue:
 	ret
+.cfi_endproc
 .size	ChaCha20_4x,.-ChaCha20_4x
 ___
 }
@@ -1217,15 +1435,17 @@ my @x=map("\"$_\"",@xx);
 	);
 }
 
-my $xframe = $win64 ? 0xa0 : 0;
+my $xframe = $win64 ? 0xa8 : 8;
 
 $code.=<<___;
 .type	ChaCha20_4xop,\@function,5
 .align	32
 ChaCha20_4xop:
+.cfi_startproc
 .LChaCha20_4xop:
-	lea		-0x78(%rsp),%r11
-	sub		\$0x148+$xframe,%rsp
+	mov		%rsp,%r9		# frame pointer
+.cfi_def_cfa_register	%r9
+	sub		\$0x140+$xframe,%rsp
 ___
 	################ stack layout
 	# +0x00		SIMD equivalent of @x[8-12]
@@ -1236,16 +1456,17 @@ ___
 	# ...
 	# +0x140
 $code.=<<___	if ($win64);
-	movaps		%xmm6,-0x30(%r11)
-	movaps		%xmm7,-0x20(%r11)
-	movaps		%xmm8,-0x10(%r11)
-	movaps		%xmm9,0x00(%r11)
-	movaps		%xmm10,0x10(%r11)
-	movaps		%xmm11,0x20(%r11)
-	movaps		%xmm12,0x30(%r11)
-	movaps		%xmm13,0x40(%r11)
-	movaps		%xmm14,0x50(%r11)
-	movaps		%xmm15,0x60(%r11)
+	movaps		%xmm6,-0xa8(%r9)
+	movaps		%xmm7,-0x98(%r9)
+	movaps		%xmm8,-0x88(%r9)
+	movaps		%xmm9,-0x78(%r9)
+	movaps		%xmm10,-0x68(%r9)
+	movaps		%xmm11,-0x58(%r9)
+	movaps		%xmm12,-0x48(%r9)
+	movaps		%xmm13,-0x38(%r9)
+	movaps		%xmm14,-0x28(%r9)
+	movaps		%xmm15,-0x18(%r9)
+.L4xop_body:
 ___
 $code.=<<___;
 	vzeroupper
@@ -1573,21 +1794,23 @@ $code.=<<___;
 	vzeroupper
 ___
 $code.=<<___	if ($win64);
-	lea		0x140+0x30(%rsp),%r11
-	movaps		-0x30(%r11),%xmm6
-	movaps		-0x20(%r11),%xmm7
-	movaps		-0x10(%r11),%xmm8
-	movaps		0x00(%r11),%xmm9
-	movaps		0x10(%r11),%xmm10
-	movaps		0x20(%r11),%xmm11
-	movaps		0x30(%r11),%xmm12
-	movaps		0x40(%r11),%xmm13
-	movaps		0x50(%r11),%xmm14
-	movaps		0x60(%r11),%xmm15
-___
-$code.=<<___;
-	add		\$0x148+$xframe,%rsp
+	movaps		-0xa8(%r9),%xmm6
+	movaps		-0x98(%r9),%xmm7
+	movaps		-0x88(%r9),%xmm8
+	movaps		-0x78(%r9),%xmm9
+	movaps		-0x68(%r9),%xmm10
+	movaps		-0x58(%r9),%xmm11
+	movaps		-0x48(%r9),%xmm12
+	movaps		-0x38(%r9),%xmm13
+	movaps		-0x28(%r9),%xmm14
+	movaps		-0x18(%r9),%xmm15
+___
+$code.=<<___;
+	lea		(%r9),%rsp
+.cfi_def_cfa_register	%rsp
+.L4xop_epilogue:
 	ret
+.cfi_endproc
 .size	ChaCha20_4xop,.-ChaCha20_4xop
 ___
 }
@@ -1714,33 +1937,34 @@ my @x=map("\"$_\"",@xx);
 	);
 }
 
-my $xframe = $win64 ? 0xb0 : 8;
+my $xframe = $win64 ? 0xa8 : 8;
 
 $code.=<<___;
 .type	ChaCha20_8x,\@function,5
 .align	32
 ChaCha20_8x:
+.cfi_startproc
 .LChaCha20_8x:
-	mov		%rsp,%r10
+	mov		%rsp,%r9		# frame register
+.cfi_def_cfa_register	%r9
 	sub		\$0x280+$xframe,%rsp
 	and		\$-32,%rsp
 ___
 $code.=<<___	if ($win64);
-	lea		0x290+0x30(%rsp),%r11
-	movaps		%xmm6,-0x30(%r11)
-	movaps		%xmm7,-0x20(%r11)
-	movaps		%xmm8,-0x10(%r11)
-	movaps		%xmm9,0x00(%r11)
-	movaps		%xmm10,0x10(%r11)
-	movaps		%xmm11,0x20(%r11)
-	movaps		%xmm12,0x30(%r11)
-	movaps		%xmm13,0x40(%r11)
-	movaps		%xmm14,0x50(%r11)
-	movaps		%xmm15,0x60(%r11)
+	movaps		%xmm6,-0xa8(%r9)
+	movaps		%xmm7,-0x98(%r9)
+	movaps		%xmm8,-0x88(%r9)
+	movaps		%xmm9,-0x78(%r9)
+	movaps		%xmm10,-0x68(%r9)
+	movaps		%xmm11,-0x58(%r9)
+	movaps		%xmm12,-0x48(%r9)
+	movaps		%xmm13,-0x38(%r9)
+	movaps		%xmm14,-0x28(%r9)
+	movaps		%xmm15,-0x18(%r9)
+.L8x_body:
 ___
 $code.=<<___;
 	vzeroupper
-	mov		%r10,0x280(%rsp)
 
 	################ stack layout
 	# +0x00		SIMD equivalent of @x[8-12]
@@ -1749,7 +1973,7 @@ $code.=<<___;
 	# ...
 	# +0x200	SIMD counters (with nonce smashed by lanes)
 	# ...
-	# +0x280	saved %rsp
+	# +0x280
 
 	vbroadcasti128	.Lsigma(%rip),$xa3	# key[0]
 	vbroadcasti128	($key),$xb3		# key[1]
@@ -2215,29 +2439,1565 @@ $code.=<<___;
 	vzeroall
 ___
 $code.=<<___	if ($win64);
-	lea		0x290+0x30(%rsp),%r11
-	movaps		-0x30(%r11),%xmm6
-	movaps		-0x20(%r11),%xmm7
-	movaps		-0x10(%r11),%xmm8
-	movaps		0x00(%r11),%xmm9
-	movaps		0x10(%r11),%xmm10
-	movaps		0x20(%r11),%xmm11
-	movaps		0x30(%r11),%xmm12
-	movaps		0x40(%r11),%xmm13
-	movaps		0x50(%r11),%xmm14
-	movaps		0x60(%r11),%xmm15
-___
-$code.=<<___;
-	mov		0x280(%rsp),%rsp
+	movaps		-0xa8(%r9),%xmm6
+	movaps		-0x98(%r9),%xmm7
+	movaps		-0x88(%r9),%xmm8
+	movaps		-0x78(%r9),%xmm9
+	movaps		-0x68(%r9),%xmm10
+	movaps		-0x58(%r9),%xmm11
+	movaps		-0x48(%r9),%xmm12
+	movaps		-0x38(%r9),%xmm13
+	movaps		-0x28(%r9),%xmm14
+	movaps		-0x18(%r9),%xmm15
+___
+$code.=<<___;
+	lea		(%r9),%rsp
+.cfi_def_cfa_register	%rsp
+.L8x_epilogue:
 	ret
+.cfi_endproc
 .size	ChaCha20_8x,.-ChaCha20_8x
 ___
 }
 
+########################################################################
+# AVX512 code paths
+if ($avx>2) {
+# This one handles shorter inputs...
+
+my ($a,$b,$c,$d, $a_,$b_,$c_,$d_,$fourz) = map("%zmm$_",(0..3,16..20));
+my ($t0,$t1,$t2,$t3) = map("%xmm$_",(4..7));
+
+sub vpxord()		# size optimization
+{ my $opcode = "vpxor";	# adhere to vpxor when possible
+
+    foreach (@_) {
+	if (/%([zy])mm([0-9]+)/ && ($1 eq "z" || $2>=16)) {
+	    $opcode = "vpxord";
+	    last;
+	}
+    }
+
+    $code .= "\t$opcode\t".join(',',reverse @_)."\n";
+}
+
+sub AVX512ROUND {	# critical path is 14 "SIMD ticks" per round
+	&vpaddd	($a,$a,$b);
+	&vpxord	($d,$d,$a);
+	&vprold	($d,$d,16);
+
+	&vpaddd	($c,$c,$d);
+	&vpxord	($b,$b,$c);
+	&vprold	($b,$b,12);
+
+	&vpaddd	($a,$a,$b);
+	&vpxord	($d,$d,$a);
+	&vprold	($d,$d,8);
+
+	&vpaddd	($c,$c,$d);
+	&vpxord	($b,$b,$c);
+	&vprold	($b,$b,7);
+}
+
+my $xframe = $win64 ? 32+8 : 8;
+
+$code.=<<___;
+.type	ChaCha20_avx512,\@function,5
+.align	32
+ChaCha20_avx512:
+.cfi_startproc
+.LChaCha20_avx512:
+	mov	%rsp,%r9		# frame pointer
+.cfi_def_cfa_register	%r9
+	cmp	\$512,$len
+	ja	.LChaCha20_16x
+
+	sub	\$64+$xframe,%rsp
+___
+$code.=<<___	if ($win64);
+	movaps	%xmm6,-0x28(%r9)
+	movaps	%xmm7,-0x18(%r9)
+.Lavx512_body:
+___
+$code.=<<___;
+	vbroadcasti32x4	.Lsigma(%rip),$a
+	vbroadcasti32x4	($key),$b
+	vbroadcasti32x4	16($key),$c
+	vbroadcasti32x4	($counter),$d
+
+	vmovdqa32	$a,$a_
+	vmovdqa32	$b,$b_
+	vmovdqa32	$c,$c_
+	vpaddd		.Lzeroz(%rip),$d,$d
+	vmovdqa32	.Lfourz(%rip),$fourz
+	mov		\$10,$counter	# reuse $counter
+	vmovdqa32	$d,$d_
+	jmp		.Loop_avx512
+
+.align	16
+.Loop_outer_avx512:
+	vmovdqa32	$a_,$a
+	vmovdqa32	$b_,$b
+	vmovdqa32	$c_,$c
+	vpaddd		$fourz,$d_,$d
+	mov		\$10,$counter
+	vmovdqa32	$d,$d_
+	jmp		.Loop_avx512
+
+.align	32
+.Loop_avx512:
+___
+	&AVX512ROUND();
+	&vpshufd	($c,$c,0b01001110);
+	&vpshufd	($b,$b,0b00111001);
+	&vpshufd	($d,$d,0b10010011);
+
+	&AVX512ROUND();
+	&vpshufd	($c,$c,0b01001110);
+	&vpshufd	($b,$b,0b10010011);
+	&vpshufd	($d,$d,0b00111001);
+
+	&dec		($counter);
+	&jnz		(".Loop_avx512");
+
+$code.=<<___;
+	vpaddd		$a_,$a,$a
+	vpaddd		$b_,$b,$b
+	vpaddd		$c_,$c,$c
+	vpaddd		$d_,$d,$d
+
+	sub		\$64,$len
+	jb		.Ltail64_avx512
+
+	vpxor		0x00($inp),%x#$a,$t0	# xor with input
+	vpxor		0x10($inp),%x#$b,$t1
+	vpxor		0x20($inp),%x#$c,$t2
+	vpxor		0x30($inp),%x#$d,$t3
+	lea		0x40($inp),$inp		# inp+=64
+
+	vmovdqu		$t0,0x00($out)		# write output
+	vmovdqu		$t1,0x10($out)
+	vmovdqu		$t2,0x20($out)
+	vmovdqu		$t3,0x30($out)
+	lea		0x40($out),$out		# out+=64
+
+	jz		.Ldone_avx512
+
+	vextracti32x4	\$1,$a,$t0
+	vextracti32x4	\$1,$b,$t1
+	vextracti32x4	\$1,$c,$t2
+	vextracti32x4	\$1,$d,$t3
+
+	sub		\$64,$len
+	jb		.Ltail_avx512
+
+	vpxor		0x00($inp),$t0,$t0	# xor with input
+	vpxor		0x10($inp),$t1,$t1
+	vpxor		0x20($inp),$t2,$t2
+	vpxor		0x30($inp),$t3,$t3
+	lea		0x40($inp),$inp		# inp+=64
+
+	vmovdqu		$t0,0x00($out)		# write output
+	vmovdqu		$t1,0x10($out)
+	vmovdqu		$t2,0x20($out)
+	vmovdqu		$t3,0x30($out)
+	lea		0x40($out),$out		# out+=64
+
+	jz		.Ldone_avx512
+
+	vextracti32x4	\$2,$a,$t0
+	vextracti32x4	\$2,$b,$t1
+	vextracti32x4	\$2,$c,$t2
+	vextracti32x4	\$2,$d,$t3
+
+	sub		\$64,$len
+	jb		.Ltail_avx512
+
+	vpxor		0x00($inp),$t0,$t0	# xor with input
+	vpxor		0x10($inp),$t1,$t1
+	vpxor		0x20($inp),$t2,$t2
+	vpxor		0x30($inp),$t3,$t3
+	lea		0x40($inp),$inp		# inp+=64
+
+	vmovdqu		$t0,0x00($out)		# write output
+	vmovdqu		$t1,0x10($out)
+	vmovdqu		$t2,0x20($out)
+	vmovdqu		$t3,0x30($out)
+	lea		0x40($out),$out		# out+=64
+
+	jz		.Ldone_avx512
+
+	vextracti32x4	\$3,$a,$t0
+	vextracti32x4	\$3,$b,$t1
+	vextracti32x4	\$3,$c,$t2
+	vextracti32x4	\$3,$d,$t3
+
+	sub		\$64,$len
+	jb		.Ltail_avx512
+
+	vpxor		0x00($inp),$t0,$t0	# xor with input
+	vpxor		0x10($inp),$t1,$t1
+	vpxor		0x20($inp),$t2,$t2
+	vpxor		0x30($inp),$t3,$t3
+	lea		0x40($inp),$inp		# inp+=64
+
+	vmovdqu		$t0,0x00($out)		# write output
+	vmovdqu		$t1,0x10($out)
+	vmovdqu		$t2,0x20($out)
+	vmovdqu		$t3,0x30($out)
+	lea		0x40($out),$out		# out+=64
+
+	jnz		.Loop_outer_avx512
+
+	jmp		.Ldone_avx512
+
+.align	16
+.Ltail64_avx512:
+	vmovdqa		%x#$a,0x00(%rsp)
+	vmovdqa		%x#$b,0x10(%rsp)
+	vmovdqa		%x#$c,0x20(%rsp)
+	vmovdqa		%x#$d,0x30(%rsp)
+	add		\$64,$len
+	jmp		.Loop_tail_avx512
+
+.align	16
+.Ltail_avx512:
+	vmovdqa		$t0,0x00(%rsp)
+	vmovdqa		$t1,0x10(%rsp)
+	vmovdqa		$t2,0x20(%rsp)
+	vmovdqa		$t3,0x30(%rsp)
+	add		\$64,$len
+
+.Loop_tail_avx512:
+	movzb		($inp,$counter),%eax
+	movzb		(%rsp,$counter),%ecx
+	lea		1($counter),$counter
+	xor		%ecx,%eax
+	mov		%al,-1($out,$counter)
+	dec		$len
+	jnz		.Loop_tail_avx512
+
+	vmovdqu32	$a_,0x00(%rsp)
+
+.Ldone_avx512:
+	vzeroall
+___
+$code.=<<___	if ($win64);
+	movaps	-0x28(%r9),%xmm6
+	movaps	-0x18(%r9),%xmm7
+___
+$code.=<<___;
+	lea	(%r9),%rsp
+.cfi_def_cfa_register	%rsp
+.Lavx512_epilogue:
+	ret
+.cfi_endproc
+.size	ChaCha20_avx512,.-ChaCha20_avx512
+___
+
+map(s/%z/%y/, $a,$b,$c,$d, $a_,$b_,$c_,$d_,$fourz);
+
+$code.=<<___;
+.type	ChaCha20_avx512vl,\@function,5
+.align	32
+ChaCha20_avx512vl:
+.cfi_startproc
+.LChaCha20_avx512vl:
+	mov	%rsp,%r9		# frame pointer
+.cfi_def_cfa_register	%r9
+	cmp	\$128,$len
+	ja	.LChaCha20_8xvl
+
+	sub	\$64+$xframe,%rsp
+___
+$code.=<<___	if ($win64);
+	movaps	%xmm6,-0x28(%r9)
+	movaps	%xmm7,-0x18(%r9)
+.Lavx512vl_body:
+___
+$code.=<<___;
+	vbroadcasti128	.Lsigma(%rip),$a
+	vbroadcasti128	($key),$b
+	vbroadcasti128	16($key),$c
+	vbroadcasti128	($counter),$d
+
+	vmovdqa32	$a,$a_
+	vmovdqa32	$b,$b_
+	vmovdqa32	$c,$c_
+	vpaddd		.Lzeroz(%rip),$d,$d
+	vmovdqa32	.Ltwoy(%rip),$fourz
+	mov		\$10,$counter	# reuse $counter
+	vmovdqa32	$d,$d_
+	jmp		.Loop_avx512vl
+
+.align	16
+.Loop_outer_avx512vl:
+	vmovdqa32	$c_,$c
+	vpaddd		$fourz,$d_,$d
+	mov		\$10,$counter
+	vmovdqa32	$d,$d_
+	jmp		.Loop_avx512vl
+
+.align	32
+.Loop_avx512vl:
+___
+	&AVX512ROUND();
+	&vpshufd	($c,$c,0b01001110);
+	&vpshufd	($b,$b,0b00111001);
+	&vpshufd	($d,$d,0b10010011);
+
+	&AVX512ROUND();
+	&vpshufd	($c,$c,0b01001110);
+	&vpshufd	($b,$b,0b10010011);
+	&vpshufd	($d,$d,0b00111001);
+
+	&dec		($counter);
+	&jnz		(".Loop_avx512vl");
+
+$code.=<<___;
+	vpaddd		$a_,$a,$a
+	vpaddd		$b_,$b,$b
+	vpaddd		$c_,$c,$c
+	vpaddd		$d_,$d,$d
+
+	sub		\$64,$len
+	jb		.Ltail64_avx512vl
+
+	vpxor		0x00($inp),%x#$a,$t0	# xor with input
+	vpxor		0x10($inp),%x#$b,$t1
+	vpxor		0x20($inp),%x#$c,$t2
+	vpxor		0x30($inp),%x#$d,$t3
+	lea		0x40($inp),$inp		# inp+=64
+
+	vmovdqu		$t0,0x00($out)		# write output
+	vmovdqu		$t1,0x10($out)
+	vmovdqu		$t2,0x20($out)
+	vmovdqu		$t3,0x30($out)
+	lea		0x40($out),$out		# out+=64
+
+	jz		.Ldone_avx512vl
+
+	vextracti128	\$1,$a,$t0
+	vextracti128	\$1,$b,$t1
+	vextracti128	\$1,$c,$t2
+	vextracti128	\$1,$d,$t3
+
+	sub		\$64,$len
+	jb		.Ltail_avx512vl
+
+	vpxor		0x00($inp),$t0,$t0	# xor with input
+	vpxor		0x10($inp),$t1,$t1
+	vpxor		0x20($inp),$t2,$t2
+	vpxor		0x30($inp),$t3,$t3
+	lea		0x40($inp),$inp		# inp+=64
+
+	vmovdqu		$t0,0x00($out)		# write output
+	vmovdqu		$t1,0x10($out)
+	vmovdqu		$t2,0x20($out)
+	vmovdqu		$t3,0x30($out)
+	lea		0x40($out),$out		# out+=64
+
+	vmovdqa32	$a_,$a
+	vmovdqa32	$b_,$b
+	jnz		.Loop_outer_avx512vl
+
+	jmp		.Ldone_avx512vl
+
+.align	16
+.Ltail64_avx512vl:
+	vmovdqa		%x#$a,0x00(%rsp)
+	vmovdqa		%x#$b,0x10(%rsp)
+	vmovdqa		%x#$c,0x20(%rsp)
+	vmovdqa		%x#$d,0x30(%rsp)
+	add		\$64,$len
+	jmp		.Loop_tail_avx512vl
+
+.align	16
+.Ltail_avx512vl:
+	vmovdqa		$t0,0x00(%rsp)
+	vmovdqa		$t1,0x10(%rsp)
+	vmovdqa		$t2,0x20(%rsp)
+	vmovdqa		$t3,0x30(%rsp)
+	add		\$64,$len
+
+.Loop_tail_avx512vl:
+	movzb		($inp,$counter),%eax
+	movzb		(%rsp,$counter),%ecx
+	lea		1($counter),$counter
+	xor		%ecx,%eax
+	mov		%al,-1($out,$counter)
+	dec		$len
+	jnz		.Loop_tail_avx512vl
+
+	vmovdqu32	$a_,0x00(%rsp)
+	vmovdqu32	$a_,0x20(%rsp)
+
+.Ldone_avx512vl:
+	vzeroall
+___
+$code.=<<___	if ($win64);
+	movaps	-0x28(%r9),%xmm6
+	movaps	-0x18(%r9),%xmm7
+___
+$code.=<<___;
+	lea	(%r9),%rsp
+.cfi_def_cfa_register	%rsp
+.Lavx512vl_epilogue:
+	ret
+.cfi_endproc
+.size	ChaCha20_avx512vl,.-ChaCha20_avx512vl
+___
+}
+if ($avx>2) {
+# This one handles longer inputs...
+
+my ($xa0,$xa1,$xa2,$xa3, $xb0,$xb1,$xb2,$xb3,
+    $xc0,$xc1,$xc2,$xc3, $xd0,$xd1,$xd2,$xd3)=map("%zmm$_",(0..15));
+my  @xx=($xa0,$xa1,$xa2,$xa3, $xb0,$xb1,$xb2,$xb3,
+	 $xc0,$xc1,$xc2,$xc3, $xd0,$xd1,$xd2,$xd3);
+my @key=map("%zmm$_",(16..31));
+my ($xt0,$xt1,$xt2,$xt3)=@key[0..3];
+
+sub AVX512_lane_ROUND {
+my ($a0,$b0,$c0,$d0)=@_;
+my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0));
+my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1));
+my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2));
+my @x=map("\"$_\"",@xx);
+
+	(
+	"&vpaddd	(@x[$a0],@x[$a0],@x[$b0])",	# Q1
+	 "&vpaddd	(@x[$a1],@x[$a1],@x[$b1])",	# Q2
+	  "&vpaddd	(@x[$a2],@x[$a2],@x[$b2])",	# Q3
+	   "&vpaddd	(@x[$a3],@x[$a3],@x[$b3])",	# Q4
+	"&vpxord	(@x[$d0],@x[$d0],@x[$a0])",
+	 "&vpxord	(@x[$d1],@x[$d1],@x[$a1])",
+	  "&vpxord	(@x[$d2],@x[$d2],@x[$a2])",
+	   "&vpxord	(@x[$d3],@x[$d3],@x[$a3])",
+	"&vprold	(@x[$d0],@x[$d0],16)",
+	 "&vprold	(@x[$d1],@x[$d1],16)",
+	  "&vprold	(@x[$d2],@x[$d2],16)",
+	   "&vprold	(@x[$d3],@x[$d3],16)",
+
+	"&vpaddd	(@x[$c0],@x[$c0],@x[$d0])",
+	 "&vpaddd	(@x[$c1],@x[$c1],@x[$d1])",
+	  "&vpaddd	(@x[$c2],@x[$c2],@x[$d2])",
+	   "&vpaddd	(@x[$c3],@x[$c3],@x[$d3])",
+	"&vpxord	(@x[$b0],@x[$b0],@x[$c0])",
+	 "&vpxord	(@x[$b1],@x[$b1],@x[$c1])",
+	  "&vpxord	(@x[$b2],@x[$b2],@x[$c2])",
+	   "&vpxord	(@x[$b3],@x[$b3],@x[$c3])",
+	"&vprold	(@x[$b0],@x[$b0],12)",
+	 "&vprold	(@x[$b1],@x[$b1],12)",
+	  "&vprold	(@x[$b2],@x[$b2],12)",
+	   "&vprold	(@x[$b3],@x[$b3],12)",
+
+	"&vpaddd	(@x[$a0],@x[$a0],@x[$b0])",
+	 "&vpaddd	(@x[$a1],@x[$a1],@x[$b1])",
+	  "&vpaddd	(@x[$a2],@x[$a2],@x[$b2])",
+	   "&vpaddd	(@x[$a3],@x[$a3],@x[$b3])",
+	"&vpxord	(@x[$d0],@x[$d0],@x[$a0])",
+	 "&vpxord	(@x[$d1],@x[$d1],@x[$a1])",
+	  "&vpxord	(@x[$d2],@x[$d2],@x[$a2])",
+	   "&vpxord	(@x[$d3],@x[$d3],@x[$a3])",
+	"&vprold	(@x[$d0],@x[$d0],8)",
+	 "&vprold	(@x[$d1],@x[$d1],8)",
+	  "&vprold	(@x[$d2],@x[$d2],8)",
+	   "&vprold	(@x[$d3],@x[$d3],8)",
+
+	"&vpaddd	(@x[$c0],@x[$c0],@x[$d0])",
+	 "&vpaddd	(@x[$c1],@x[$c1],@x[$d1])",
+	  "&vpaddd	(@x[$c2],@x[$c2],@x[$d2])",
+	   "&vpaddd	(@x[$c3],@x[$c3],@x[$d3])",
+	"&vpxord	(@x[$b0],@x[$b0],@x[$c0])",
+	 "&vpxord	(@x[$b1],@x[$b1],@x[$c1])",
+	  "&vpxord	(@x[$b2],@x[$b2],@x[$c2])",
+	   "&vpxord	(@x[$b3],@x[$b3],@x[$c3])",
+	"&vprold	(@x[$b0],@x[$b0],7)",
+	 "&vprold	(@x[$b1],@x[$b1],7)",
+	  "&vprold	(@x[$b2],@x[$b2],7)",
+	   "&vprold	(@x[$b3],@x[$b3],7)"
+	);
+}
+
+my $xframe = $win64 ? 0xa8 : 8;
+
+$code.=<<___;
+.type	ChaCha20_16x,\@function,5
+.align	32
+ChaCha20_16x:
+.cfi_startproc
+.LChaCha20_16x:
+	mov		%rsp,%r9		# frame register
+.cfi_def_cfa_register	%r9
+	sub		\$64+$xframe,%rsp
+	and		\$-64,%rsp
+___
+$code.=<<___	if ($win64);
+	movaps		%xmm6,-0xa8(%r9)
+	movaps		%xmm7,-0x98(%r9)
+	movaps		%xmm8,-0x88(%r9)
+	movaps		%xmm9,-0x78(%r9)
+	movaps		%xmm10,-0x68(%r9)
+	movaps		%xmm11,-0x58(%r9)
+	movaps		%xmm12,-0x48(%r9)
+	movaps		%xmm13,-0x38(%r9)
+	movaps		%xmm14,-0x28(%r9)
+	movaps		%xmm15,-0x18(%r9)
+.L16x_body:
+___
+$code.=<<___;
+	vzeroupper
+
+	lea		.Lsigma(%rip),%r10
+	vbroadcasti32x4	(%r10),$xa3		# key[0]
+	vbroadcasti32x4	($key),$xb3		# key[1]
+	vbroadcasti32x4	16($key),$xc3		# key[2]
+	vbroadcasti32x4	($counter),$xd3		# key[3]
+
+	vpshufd		\$0x00,$xa3,$xa0	# smash key by lanes...
+	vpshufd		\$0x55,$xa3,$xa1
+	vpshufd		\$0xaa,$xa3,$xa2
+	vpshufd		\$0xff,$xa3,$xa3
+	vmovdqa64	$xa0,@key[0]
+	vmovdqa64	$xa1,@key[1]
+	vmovdqa64	$xa2,@key[2]
+	vmovdqa64	$xa3,@key[3]
+
+	vpshufd		\$0x00,$xb3,$xb0
+	vpshufd		\$0x55,$xb3,$xb1
+	vpshufd		\$0xaa,$xb3,$xb2
+	vpshufd		\$0xff,$xb3,$xb3
+	vmovdqa64	$xb0,@key[4]
+	vmovdqa64	$xb1,@key[5]
+	vmovdqa64	$xb2,@key[6]
+	vmovdqa64	$xb3,@key[7]
+
+	vpshufd		\$0x00,$xc3,$xc0
+	vpshufd		\$0x55,$xc3,$xc1
+	vpshufd		\$0xaa,$xc3,$xc2
+	vpshufd		\$0xff,$xc3,$xc3
+	vmovdqa64	$xc0,@key[8]
+	vmovdqa64	$xc1,@key[9]
+	vmovdqa64	$xc2,@key[10]
+	vmovdqa64	$xc3,@key[11]
+
+	vpshufd		\$0x00,$xd3,$xd0
+	vpshufd		\$0x55,$xd3,$xd1
+	vpshufd		\$0xaa,$xd3,$xd2
+	vpshufd		\$0xff,$xd3,$xd3
+	vpaddd		.Lincz(%rip),$xd0,$xd0	# don't save counters yet
+	vmovdqa64	$xd0,@key[12]
+	vmovdqa64	$xd1,@key[13]
+	vmovdqa64	$xd2,@key[14]
+	vmovdqa64	$xd3,@key[15]
+
+	mov		\$10,%eax
+	jmp		.Loop16x
+
+.align	32
+.Loop_outer16x:
+	vpbroadcastd	0(%r10),$xa0		# reload key
+	vpbroadcastd	4(%r10),$xa1
+	vpbroadcastd	8(%r10),$xa2
+	vpbroadcastd	12(%r10),$xa3
+	vpaddd		.Lsixteen(%rip),@key[12],@key[12]	# next SIMD counters
+	vmovdqa64	@key[4],$xb0
+	vmovdqa64	@key[5],$xb1
+	vmovdqa64	@key[6],$xb2
+	vmovdqa64	@key[7],$xb3
+	vmovdqa64	@key[8],$xc0
+	vmovdqa64	@key[9],$xc1
+	vmovdqa64	@key[10],$xc2
+	vmovdqa64	@key[11],$xc3
+	vmovdqa64	@key[12],$xd0
+	vmovdqa64	@key[13],$xd1
+	vmovdqa64	@key[14],$xd2
+	vmovdqa64	@key[15],$xd3
+
+	vmovdqa64	$xa0,@key[0]
+	vmovdqa64	$xa1,@key[1]
+	vmovdqa64	$xa2,@key[2]
+	vmovdqa64	$xa3,@key[3]
+
+	mov		\$10,%eax
+	jmp		.Loop16x
+
+.align	32
+.Loop16x:
+___
+	foreach (&AVX512_lane_ROUND(0, 4, 8,12)) { eval; }
+	foreach (&AVX512_lane_ROUND(0, 5,10,15)) { eval; }
+$code.=<<___;
+	dec		%eax
+	jnz		.Loop16x
+
+	vpaddd		@key[0],$xa0,$xa0	# accumulate key
+	vpaddd		@key[1],$xa1,$xa1
+	vpaddd		@key[2],$xa2,$xa2
+	vpaddd		@key[3],$xa3,$xa3
+
+	vpunpckldq	$xa1,$xa0,$xt2		# "de-interlace" data
+	vpunpckldq	$xa3,$xa2,$xt3
+	vpunpckhdq	$xa1,$xa0,$xa0
+	vpunpckhdq	$xa3,$xa2,$xa2
+	vpunpcklqdq	$xt3,$xt2,$xa1		# "a0"
+	vpunpckhqdq	$xt3,$xt2,$xt2		# "a1"
+	vpunpcklqdq	$xa2,$xa0,$xa3		# "a2"
+	vpunpckhqdq	$xa2,$xa0,$xa0		# "a3"
+___
+	($xa0,$xa1,$xa2,$xa3,$xt2)=($xa1,$xt2,$xa3,$xa0,$xa2);
+$code.=<<___;
+	vpaddd		@key[4],$xb0,$xb0
+	vpaddd		@key[5],$xb1,$xb1
+	vpaddd		@key[6],$xb2,$xb2
+	vpaddd		@key[7],$xb3,$xb3
+
+	vpunpckldq	$xb1,$xb0,$xt2
+	vpunpckldq	$xb3,$xb2,$xt3
+	vpunpckhdq	$xb1,$xb0,$xb0
+	vpunpckhdq	$xb3,$xb2,$xb2
+	vpunpcklqdq	$xt3,$xt2,$xb1		# "b0"
+	vpunpckhqdq	$xt3,$xt2,$xt2		# "b1"
+	vpunpcklqdq	$xb2,$xb0,$xb3		# "b2"
+	vpunpckhqdq	$xb2,$xb0,$xb0		# "b3"
+___
+	($xb0,$xb1,$xb2,$xb3,$xt2)=($xb1,$xt2,$xb3,$xb0,$xb2);
+$code.=<<___;
+	vshufi32x4	\$0x44,$xb0,$xa0,$xt3	# "de-interlace" further
+	vshufi32x4	\$0xee,$xb0,$xa0,$xb0
+	vshufi32x4	\$0x44,$xb1,$xa1,$xa0
+	vshufi32x4	\$0xee,$xb1,$xa1,$xb1
+	vshufi32x4	\$0x44,$xb2,$xa2,$xa1
+	vshufi32x4	\$0xee,$xb2,$xa2,$xb2
+	vshufi32x4	\$0x44,$xb3,$xa3,$xa2
+	vshufi32x4	\$0xee,$xb3,$xa3,$xb3
+___
+	($xa0,$xa1,$xa2,$xa3,$xt3)=($xt3,$xa0,$xa1,$xa2,$xa3);
+$code.=<<___;
+	vpaddd		@key[8],$xc0,$xc0
+	vpaddd		@key[9],$xc1,$xc1
+	vpaddd		@key[10],$xc2,$xc2
+	vpaddd		@key[11],$xc3,$xc3
+
+	vpunpckldq	$xc1,$xc0,$xt2
+	vpunpckldq	$xc3,$xc2,$xt3
+	vpunpckhdq	$xc1,$xc0,$xc0
+	vpunpckhdq	$xc3,$xc2,$xc2
+	vpunpcklqdq	$xt3,$xt2,$xc1		# "c0"
+	vpunpckhqdq	$xt3,$xt2,$xt2		# "c1"
+	vpunpcklqdq	$xc2,$xc0,$xc3		# "c2"
+	vpunpckhqdq	$xc2,$xc0,$xc0		# "c3"
+___
+	($xc0,$xc1,$xc2,$xc3,$xt2)=($xc1,$xt2,$xc3,$xc0,$xc2);
+$code.=<<___;
+	vpaddd		@key[12],$xd0,$xd0
+	vpaddd		@key[13],$xd1,$xd1
+	vpaddd		@key[14],$xd2,$xd2
+	vpaddd		@key[15],$xd3,$xd3
+
+	vpunpckldq	$xd1,$xd0,$xt2
+	vpunpckldq	$xd3,$xd2,$xt3
+	vpunpckhdq	$xd1,$xd0,$xd0
+	vpunpckhdq	$xd3,$xd2,$xd2
+	vpunpcklqdq	$xt3,$xt2,$xd1		# "d0"
+	vpunpckhqdq	$xt3,$xt2,$xt2		# "d1"
+	vpunpcklqdq	$xd2,$xd0,$xd3		# "d2"
+	vpunpckhqdq	$xd2,$xd0,$xd0		# "d3"
+___
+	($xd0,$xd1,$xd2,$xd3,$xt2)=($xd1,$xt2,$xd3,$xd0,$xd2);
+$code.=<<___;
+	vshufi32x4	\$0x44,$xd0,$xc0,$xt3	# "de-interlace" further
+	vshufi32x4	\$0xee,$xd0,$xc0,$xd0
+	vshufi32x4	\$0x44,$xd1,$xc1,$xc0
+	vshufi32x4	\$0xee,$xd1,$xc1,$xd1
+	vshufi32x4	\$0x44,$xd2,$xc2,$xc1
+	vshufi32x4	\$0xee,$xd2,$xc2,$xd2
+	vshufi32x4	\$0x44,$xd3,$xc3,$xc2
+	vshufi32x4	\$0xee,$xd3,$xc3,$xd3
+___
+	($xc0,$xc1,$xc2,$xc3,$xt3)=($xt3,$xc0,$xc1,$xc2,$xc3);
+$code.=<<___;
+	vshufi32x4	\$0x88,$xc0,$xa0,$xt0	# "de-interlace" further
+	vshufi32x4	\$0xdd,$xc0,$xa0,$xa0
+	 vshufi32x4	\$0x88,$xd0,$xb0,$xc0
+	 vshufi32x4	\$0xdd,$xd0,$xb0,$xd0
+	vshufi32x4	\$0x88,$xc1,$xa1,$xt1
+	vshufi32x4	\$0xdd,$xc1,$xa1,$xa1
+	 vshufi32x4	\$0x88,$xd1,$xb1,$xc1
+	 vshufi32x4	\$0xdd,$xd1,$xb1,$xd1
+	vshufi32x4	\$0x88,$xc2,$xa2,$xt2
+	vshufi32x4	\$0xdd,$xc2,$xa2,$xa2
+	 vshufi32x4	\$0x88,$xd2,$xb2,$xc2
+	 vshufi32x4	\$0xdd,$xd2,$xb2,$xd2
+	vshufi32x4	\$0x88,$xc3,$xa3,$xt3
+	vshufi32x4	\$0xdd,$xc3,$xa3,$xa3
+	 vshufi32x4	\$0x88,$xd3,$xb3,$xc3
+	 vshufi32x4	\$0xdd,$xd3,$xb3,$xd3
+___
+	($xa0,$xa1,$xa2,$xa3,$xb0,$xb1,$xb2,$xb3)=
+	($xt0,$xt1,$xt2,$xt3,$xa0,$xa1,$xa2,$xa3);
+
+	($xa0,$xb0,$xc0,$xd0, $xa1,$xb1,$xc1,$xd1,
+	 $xa2,$xb2,$xc2,$xd2, $xa3,$xb3,$xc3,$xd3) =
+	($xa0,$xa1,$xa2,$xa3, $xb0,$xb1,$xb2,$xb3,
+	 $xc0,$xc1,$xc2,$xc3, $xd0,$xd1,$xd2,$xd3);
+$code.=<<___;
+	cmp		\$64*16,$len
+	jb		.Ltail16x
+
+	vpxord		0x00($inp),$xa0,$xa0	# xor with input
+	vpxord		0x40($inp),$xb0,$xb0
+	vpxord		0x80($inp),$xc0,$xc0
+	vpxord		0xc0($inp),$xd0,$xd0
+	vmovdqu32	$xa0,0x00($out)
+	vmovdqu32	$xb0,0x40($out)
+	vmovdqu32	$xc0,0x80($out)
+	vmovdqu32	$xd0,0xc0($out)
+
+	vpxord		0x100($inp),$xa1,$xa1
+	vpxord		0x140($inp),$xb1,$xb1
+	vpxord		0x180($inp),$xc1,$xc1
+	vpxord		0x1c0($inp),$xd1,$xd1
+	vmovdqu32	$xa1,0x100($out)
+	vmovdqu32	$xb1,0x140($out)
+	vmovdqu32	$xc1,0x180($out)
+	vmovdqu32	$xd1,0x1c0($out)
+
+	vpxord		0x200($inp),$xa2,$xa2
+	vpxord		0x240($inp),$xb2,$xb2
+	vpxord		0x280($inp),$xc2,$xc2
+	vpxord		0x2c0($inp),$xd2,$xd2
+	vmovdqu32	$xa2,0x200($out)
+	vmovdqu32	$xb2,0x240($out)
+	vmovdqu32	$xc2,0x280($out)
+	vmovdqu32	$xd2,0x2c0($out)
+
+	vpxord		0x300($inp),$xa3,$xa3
+	vpxord		0x340($inp),$xb3,$xb3
+	vpxord		0x380($inp),$xc3,$xc3
+	vpxord		0x3c0($inp),$xd3,$xd3
+	lea		0x400($inp),$inp
+	vmovdqu32	$xa3,0x300($out)
+	vmovdqu32	$xb3,0x340($out)
+	vmovdqu32	$xc3,0x380($out)
+	vmovdqu32	$xd3,0x3c0($out)
+	lea		0x400($out),$out
+
+	sub		\$64*16,$len
+	jnz		.Loop_outer16x
+
+	jmp		.Ldone16x
+
+.align	32
+.Ltail16x:
+	xor		%r10,%r10
+	sub		$inp,$out
+	cmp		\$64*1,$len
+	jb		.Less_than_64_16x
+	vpxord		($inp),$xa0,$xa0	# xor with input
+	vmovdqu32	$xa0,($out,$inp)
+	je		.Ldone16x
+	vmovdqa32	$xb0,$xa0
+	lea		64($inp),$inp
+
+	cmp		\$64*2,$len
+	jb		.Less_than_64_16x
+	vpxord		($inp),$xb0,$xb0
+	vmovdqu32	$xb0,($out,$inp)
+	je		.Ldone16x
+	vmovdqa32	$xc0,$xa0
+	lea		64($inp),$inp
+
+	cmp		\$64*3,$len
+	jb		.Less_than_64_16x
+	vpxord		($inp),$xc0,$xc0
+	vmovdqu32	$xc0,($out,$inp)
+	je		.Ldone16x
+	vmovdqa32	$xd0,$xa0
+	lea		64($inp),$inp
+
+	cmp		\$64*4,$len
+	jb		.Less_than_64_16x
+	vpxord		($inp),$xd0,$xd0
+	vmovdqu32	$xd0,($out,$inp)
+	je		.Ldone16x
+	vmovdqa32	$xa1,$xa0
+	lea		64($inp),$inp
+
+	cmp		\$64*5,$len
+	jb		.Less_than_64_16x
+	vpxord		($inp),$xa1,$xa1
+	vmovdqu32	$xa1,($out,$inp)
+	je		.Ldone16x
+	vmovdqa32	$xb1,$xa0
+	lea		64($inp),$inp
+
+	cmp		\$64*6,$len
+	jb		.Less_than_64_16x
+	vpxord		($inp),$xb1,$xb1
+	vmovdqu32	$xb1,($out,$inp)
+	je		.Ldone16x
+	vmovdqa32	$xc1,$xa0
+	lea		64($inp),$inp
+
+	cmp		\$64*7,$len
+	jb		.Less_than_64_16x
+	vpxord		($inp),$xc1,$xc1
+	vmovdqu32	$xc1,($out,$inp)
+	je		.Ldone16x
+	vmovdqa32	$xd1,$xa0
+	lea		64($inp),$inp
+
+	cmp		\$64*8,$len
+	jb		.Less_than_64_16x
+	vpxord		($inp),$xd1,$xd1
+	vmovdqu32	$xd1,($out,$inp)
+	je		.Ldone16x
+	vmovdqa32	$xa2,$xa0
+	lea		64($inp),$inp
+
+	cmp		\$64*9,$len
+	jb		.Less_than_64_16x
+	vpxord		($inp),$xa2,$xa2
+	vmovdqu32	$xa2,($out,$inp)
+	je		.Ldone16x
+	vmovdqa32	$xb2,$xa0
+	lea		64($inp),$inp
+
+	cmp		\$64*10,$len
+	jb		.Less_than_64_16x
+	vpxord		($inp),$xb2,$xb2
+	vmovdqu32	$xb2,($out,$inp)
+	je		.Ldone16x
+	vmovdqa32	$xc2,$xa0
+	lea		64($inp),$inp
+
+	cmp		\$64*11,$len
+	jb		.Less_than_64_16x
+	vpxord		($inp),$xc2,$xc2
+	vmovdqu32	$xc2,($out,$inp)
+	je		.Ldone16x
+	vmovdqa32	$xd2,$xa0
+	lea		64($inp),$inp
+
+	cmp		\$64*12,$len
+	jb		.Less_than_64_16x
+	vpxord		($inp),$xd2,$xd2
+	vmovdqu32	$xd2,($out,$inp)
+	je		.Ldone16x
+	vmovdqa32	$xa3,$xa0
+	lea		64($inp),$inp
+
+	cmp		\$64*13,$len
+	jb		.Less_than_64_16x
+	vpxord		($inp),$xa3,$xa3
+	vmovdqu32	$xa3,($out,$inp)
+	je		.Ldone16x
+	vmovdqa32	$xb3,$xa0
+	lea		64($inp),$inp
+
+	cmp		\$64*14,$len
+	jb		.Less_than_64_16x
+	vpxord		($inp),$xb3,$xb3
+	vmovdqu32	$xb3,($out,$inp)
+	je		.Ldone16x
+	vmovdqa32	$xc3,$xa0
+	lea		64($inp),$inp
+
+	cmp		\$64*15,$len
+	jb		.Less_than_64_16x
+	vpxord		($inp),$xc3,$xc3
+	vmovdqu32	$xc3,($out,$inp)
+	je		.Ldone16x
+	vmovdqa32	$xd3,$xa0
+	lea		64($inp),$inp
+
+.Less_than_64_16x:
+	vmovdqa32	$xa0,0x00(%rsp)
+	lea		($out,$inp),$out
+	and		\$63,$len
+
+.Loop_tail16x:
+	movzb		($inp,%r10),%eax
+	movzb		(%rsp,%r10),%ecx
+	lea		1(%r10),%r10
+	xor		%ecx,%eax
+	mov		%al,-1($out,%r10)
+	dec		$len
+	jnz		.Loop_tail16x
+
+	vpxord		$xa0,$xa0,$xa0
+	vmovdqa32	$xa0,0(%rsp)
+
+.Ldone16x:
+	vzeroall
+___
+$code.=<<___	if ($win64);
+	movaps		-0xa8(%r9),%xmm6
+	movaps		-0x98(%r9),%xmm7
+	movaps		-0x88(%r9),%xmm8
+	movaps		-0x78(%r9),%xmm9
+	movaps		-0x68(%r9),%xmm10
+	movaps		-0x58(%r9),%xmm11
+	movaps		-0x48(%r9),%xmm12
+	movaps		-0x38(%r9),%xmm13
+	movaps		-0x28(%r9),%xmm14
+	movaps		-0x18(%r9),%xmm15
+___
+$code.=<<___;
+	lea		(%r9),%rsp
+.cfi_def_cfa_register	%rsp
+.L16x_epilogue:
+	ret
+.cfi_endproc
+.size	ChaCha20_16x,.-ChaCha20_16x
+___
+
+# switch to %ymm domain
+($xa0,$xa1,$xa2,$xa3, $xb0,$xb1,$xb2,$xb3,
+ $xc0,$xc1,$xc2,$xc3, $xd0,$xd1,$xd2,$xd3)=map("%ymm$_",(0..15));
+@xx=($xa0,$xa1,$xa2,$xa3, $xb0,$xb1,$xb2,$xb3,
+     $xc0,$xc1,$xc2,$xc3, $xd0,$xd1,$xd2,$xd3);
+@key=map("%ymm$_",(16..31));
+($xt0,$xt1,$xt2,$xt3)=@key[0..3];
+
+$code.=<<___;
+.type	ChaCha20_8xvl,\@function,5
+.align	32
+ChaCha20_8xvl:
+.cfi_startproc
+.LChaCha20_8xvl:
+	mov		%rsp,%r9		# frame register
+.cfi_def_cfa_register	%r9
+	sub		\$64+$xframe,%rsp
+	and		\$-64,%rsp
+___
+$code.=<<___	if ($win64);
+	movaps		%xmm6,-0xa8(%r9)
+	movaps		%xmm7,-0x98(%r9)
+	movaps		%xmm8,-0x88(%r9)
+	movaps		%xmm9,-0x78(%r9)
+	movaps		%xmm10,-0x68(%r9)
+	movaps		%xmm11,-0x58(%r9)
+	movaps		%xmm12,-0x48(%r9)
+	movaps		%xmm13,-0x38(%r9)
+	movaps		%xmm14,-0x28(%r9)
+	movaps		%xmm15,-0x18(%r9)
+.L8xvl_body:
+___
+$code.=<<___;
+	vzeroupper
+
+	lea		.Lsigma(%rip),%r10
+	vbroadcasti128	(%r10),$xa3		# key[0]
+	vbroadcasti128	($key),$xb3		# key[1]
+	vbroadcasti128	16($key),$xc3		# key[2]
+	vbroadcasti128	($counter),$xd3		# key[3]
+
+	vpshufd		\$0x00,$xa3,$xa0	# smash key by lanes...
+	vpshufd		\$0x55,$xa3,$xa1
+	vpshufd		\$0xaa,$xa3,$xa2
+	vpshufd		\$0xff,$xa3,$xa3
+	vmovdqa64	$xa0,@key[0]
+	vmovdqa64	$xa1,@key[1]
+	vmovdqa64	$xa2,@key[2]
+	vmovdqa64	$xa3,@key[3]
+
+	vpshufd		\$0x00,$xb3,$xb0
+	vpshufd		\$0x55,$xb3,$xb1
+	vpshufd		\$0xaa,$xb3,$xb2
+	vpshufd		\$0xff,$xb3,$xb3
+	vmovdqa64	$xb0,@key[4]
+	vmovdqa64	$xb1,@key[5]
+	vmovdqa64	$xb2,@key[6]
+	vmovdqa64	$xb3,@key[7]
+
+	vpshufd		\$0x00,$xc3,$xc0
+	vpshufd		\$0x55,$xc3,$xc1
+	vpshufd		\$0xaa,$xc3,$xc2
+	vpshufd		\$0xff,$xc3,$xc3
+	vmovdqa64	$xc0,@key[8]
+	vmovdqa64	$xc1,@key[9]
+	vmovdqa64	$xc2,@key[10]
+	vmovdqa64	$xc3,@key[11]
+
+	vpshufd		\$0x00,$xd3,$xd0
+	vpshufd		\$0x55,$xd3,$xd1
+	vpshufd		\$0xaa,$xd3,$xd2
+	vpshufd		\$0xff,$xd3,$xd3
+	vpaddd		.Lincy(%rip),$xd0,$xd0	# don't save counters yet
+	vmovdqa64	$xd0,@key[12]
+	vmovdqa64	$xd1,@key[13]
+	vmovdqa64	$xd2,@key[14]
+	vmovdqa64	$xd3,@key[15]
+
+	mov		\$10,%eax
+	jmp		.Loop8xvl
+
+.align	32
+.Loop_outer8xvl:
+	#vpbroadcastd	0(%r10),$xa0		# reload key
+	#vpbroadcastd	4(%r10),$xa1
+	vpbroadcastd	8(%r10),$xa2
+	vpbroadcastd	12(%r10),$xa3
+	vpaddd		.Leight(%rip),@key[12],@key[12]	# next SIMD counters
+	vmovdqa64	@key[4],$xb0
+	vmovdqa64	@key[5],$xb1
+	vmovdqa64	@key[6],$xb2
+	vmovdqa64	@key[7],$xb3
+	vmovdqa64	@key[8],$xc0
+	vmovdqa64	@key[9],$xc1
+	vmovdqa64	@key[10],$xc2
+	vmovdqa64	@key[11],$xc3
+	vmovdqa64	@key[12],$xd0
+	vmovdqa64	@key[13],$xd1
+	vmovdqa64	@key[14],$xd2
+	vmovdqa64	@key[15],$xd3
+
+	vmovdqa64	$xa0,@key[0]
+	vmovdqa64	$xa1,@key[1]
+	vmovdqa64	$xa2,@key[2]
+	vmovdqa64	$xa3,@key[3]
+
+	mov		\$10,%eax
+	jmp		.Loop8xvl
+
+.align	32
+.Loop8xvl:
+___
+	foreach (&AVX512_lane_ROUND(0, 4, 8,12)) { eval; }
+	foreach (&AVX512_lane_ROUND(0, 5,10,15)) { eval; }
+$code.=<<___;
+	dec		%eax
+	jnz		.Loop8xvl
+
+	vpaddd		@key[0],$xa0,$xa0	# accumulate key
+	vpaddd		@key[1],$xa1,$xa1
+	vpaddd		@key[2],$xa2,$xa2
+	vpaddd		@key[3],$xa3,$xa3
+
+	vpunpckldq	$xa1,$xa0,$xt2		# "de-interlace" data
+	vpunpckldq	$xa3,$xa2,$xt3
+	vpunpckhdq	$xa1,$xa0,$xa0
+	vpunpckhdq	$xa3,$xa2,$xa2
+	vpunpcklqdq	$xt3,$xt2,$xa1		# "a0"
+	vpunpckhqdq	$xt3,$xt2,$xt2		# "a1"
+	vpunpcklqdq	$xa2,$xa0,$xa3		# "a2"
+	vpunpckhqdq	$xa2,$xa0,$xa0		# "a3"
+___
+	($xa0,$xa1,$xa2,$xa3,$xt2)=($xa1,$xt2,$xa3,$xa0,$xa2);
+$code.=<<___;
+	vpaddd		@key[4],$xb0,$xb0
+	vpaddd		@key[5],$xb1,$xb1
+	vpaddd		@key[6],$xb2,$xb2
+	vpaddd		@key[7],$xb3,$xb3
+
+	vpunpckldq	$xb1,$xb0,$xt2
+	vpunpckldq	$xb3,$xb2,$xt3
+	vpunpckhdq	$xb1,$xb0,$xb0
+	vpunpckhdq	$xb3,$xb2,$xb2
+	vpunpcklqdq	$xt3,$xt2,$xb1		# "b0"
+	vpunpckhqdq	$xt3,$xt2,$xt2		# "b1"
+	vpunpcklqdq	$xb2,$xb0,$xb3		# "b2"
+	vpunpckhqdq	$xb2,$xb0,$xb0		# "b3"
+___
+	($xb0,$xb1,$xb2,$xb3,$xt2)=($xb1,$xt2,$xb3,$xb0,$xb2);
+$code.=<<___;
+	vshufi32x4	\$0,$xb0,$xa0,$xt3	# "de-interlace" further
+	vshufi32x4	\$3,$xb0,$xa0,$xb0
+	vshufi32x4	\$0,$xb1,$xa1,$xa0
+	vshufi32x4	\$3,$xb1,$xa1,$xb1
+	vshufi32x4	\$0,$xb2,$xa2,$xa1
+	vshufi32x4	\$3,$xb2,$xa2,$xb2
+	vshufi32x4	\$0,$xb3,$xa3,$xa2
+	vshufi32x4	\$3,$xb3,$xa3,$xb3
+___
+	($xa0,$xa1,$xa2,$xa3,$xt3)=($xt3,$xa0,$xa1,$xa2,$xa3);
+$code.=<<___;
+	vpaddd		@key[8],$xc0,$xc0
+	vpaddd		@key[9],$xc1,$xc1
+	vpaddd		@key[10],$xc2,$xc2
+	vpaddd		@key[11],$xc3,$xc3
+
+	vpunpckldq	$xc1,$xc0,$xt2
+	vpunpckldq	$xc3,$xc2,$xt3
+	vpunpckhdq	$xc1,$xc0,$xc0
+	vpunpckhdq	$xc3,$xc2,$xc2
+	vpunpcklqdq	$xt3,$xt2,$xc1		# "c0"
+	vpunpckhqdq	$xt3,$xt2,$xt2		# "c1"
+	vpunpcklqdq	$xc2,$xc0,$xc3		# "c2"
+	vpunpckhqdq	$xc2,$xc0,$xc0		# "c3"
+___
+	($xc0,$xc1,$xc2,$xc3,$xt2)=($xc1,$xt2,$xc3,$xc0,$xc2);
+$code.=<<___;
+	vpaddd		@key[12],$xd0,$xd0
+	vpaddd		@key[13],$xd1,$xd1
+	vpaddd		@key[14],$xd2,$xd2
+	vpaddd		@key[15],$xd3,$xd3
+
+	vpunpckldq	$xd1,$xd0,$xt2
+	vpunpckldq	$xd3,$xd2,$xt3
+	vpunpckhdq	$xd1,$xd0,$xd0
+	vpunpckhdq	$xd3,$xd2,$xd2
+	vpunpcklqdq	$xt3,$xt2,$xd1		# "d0"
+	vpunpckhqdq	$xt3,$xt2,$xt2		# "d1"
+	vpunpcklqdq	$xd2,$xd0,$xd3		# "d2"
+	vpunpckhqdq	$xd2,$xd0,$xd0		# "d3"
+___
+	($xd0,$xd1,$xd2,$xd3,$xt2)=($xd1,$xt2,$xd3,$xd0,$xd2);
+$code.=<<___;
+	vperm2i128	\$0x20,$xd0,$xc0,$xt3	# "de-interlace" further
+	vperm2i128	\$0x31,$xd0,$xc0,$xd0
+	vperm2i128	\$0x20,$xd1,$xc1,$xc0
+	vperm2i128	\$0x31,$xd1,$xc1,$xd1
+	vperm2i128	\$0x20,$xd2,$xc2,$xc1
+	vperm2i128	\$0x31,$xd2,$xc2,$xd2
+	vperm2i128	\$0x20,$xd3,$xc3,$xc2
+	vperm2i128	\$0x31,$xd3,$xc3,$xd3
+___
+	($xc0,$xc1,$xc2,$xc3,$xt3)=($xt3,$xc0,$xc1,$xc2,$xc3);
+	($xb0,$xb1,$xb2,$xb3,$xc0,$xc1,$xc2,$xc3)=
+	($xc0,$xc1,$xc2,$xc3,$xb0,$xb1,$xb2,$xb3);
+$code.=<<___;
+	cmp		\$64*8,$len
+	jb		.Ltail8xvl
+
+	mov		\$0x80,%eax		# size optimization
+	vpxord		0x00($inp),$xa0,$xa0	# xor with input
+	vpxor		0x20($inp),$xb0,$xb0
+	vpxor		0x40($inp),$xc0,$xc0
+	vpxor		0x60($inp),$xd0,$xd0
+	lea		($inp,%rax),$inp	# size optimization
+	vmovdqu32	$xa0,0x00($out)
+	vmovdqu		$xb0,0x20($out)
+	vmovdqu		$xc0,0x40($out)
+	vmovdqu		$xd0,0x60($out)
+	lea		($out,%rax),$out	# size optimization
+
+	vpxor		0x00($inp),$xa1,$xa1
+	vpxor		0x20($inp),$xb1,$xb1
+	vpxor		0x40($inp),$xc1,$xc1
+	vpxor		0x60($inp),$xd1,$xd1
+	lea		($inp,%rax),$inp	# size optimization
+	vmovdqu		$xa1,0x00($out)
+	vmovdqu		$xb1,0x20($out)
+	vmovdqu		$xc1,0x40($out)
+	vmovdqu		$xd1,0x60($out)
+	lea		($out,%rax),$out	# size optimization
+
+	vpxord		0x00($inp),$xa2,$xa2
+	vpxor		0x20($inp),$xb2,$xb2
+	vpxor		0x40($inp),$xc2,$xc2
+	vpxor		0x60($inp),$xd2,$xd2
+	lea		($inp,%rax),$inp	# size optimization
+	vmovdqu32	$xa2,0x00($out)
+	vmovdqu		$xb2,0x20($out)
+	vmovdqu		$xc2,0x40($out)
+	vmovdqu		$xd2,0x60($out)
+	lea		($out,%rax),$out	# size optimization
+
+	vpxor		0x00($inp),$xa3,$xa3
+	vpxor		0x20($inp),$xb3,$xb3
+	vpxor		0x40($inp),$xc3,$xc3
+	vpxor		0x60($inp),$xd3,$xd3
+	lea		($inp,%rax),$inp	# size optimization
+	vmovdqu		$xa3,0x00($out)
+	vmovdqu		$xb3,0x20($out)
+	vmovdqu		$xc3,0x40($out)
+	vmovdqu		$xd3,0x60($out)
+	lea		($out,%rax),$out	# size optimization
+
+	vpbroadcastd	0(%r10),%ymm0		# reload key
+	vpbroadcastd	4(%r10),%ymm1
+
+	sub		\$64*8,$len
+	jnz		.Loop_outer8xvl
+
+	jmp		.Ldone8xvl
+
+.align	32
+.Ltail8xvl:
+	vmovdqa64	$xa0,%ymm8		# size optimization
+___
+$xa0 = "%ymm8";
+$code.=<<___;
+	xor		%r10,%r10
+	sub		$inp,$out
+	cmp		\$64*1,$len
+	jb		.Less_than_64_8xvl
+	vpxor		0x00($inp),$xa0,$xa0	# xor with input
+	vpxor		0x20($inp),$xb0,$xb0
+	vmovdqu		$xa0,0x00($out,$inp)
+	vmovdqu		$xb0,0x20($out,$inp)
+	je		.Ldone8xvl
+	vmovdqa		$xc0,$xa0
+	vmovdqa		$xd0,$xb0
+	lea		64($inp),$inp
+
+	cmp		\$64*2,$len
+	jb		.Less_than_64_8xvl
+	vpxor		0x00($inp),$xc0,$xc0
+	vpxor		0x20($inp),$xd0,$xd0
+	vmovdqu		$xc0,0x00($out,$inp)
+	vmovdqu		$xd0,0x20($out,$inp)
+	je		.Ldone8xvl
+	vmovdqa		$xa1,$xa0
+	vmovdqa		$xb1,$xb0
+	lea		64($inp),$inp
+
+	cmp		\$64*3,$len
+	jb		.Less_than_64_8xvl
+	vpxor		0x00($inp),$xa1,$xa1
+	vpxor		0x20($inp),$xb1,$xb1
+	vmovdqu		$xa1,0x00($out,$inp)
+	vmovdqu		$xb1,0x20($out,$inp)
+	je		.Ldone8xvl
+	vmovdqa		$xc1,$xa0
+	vmovdqa		$xd1,$xb0
+	lea		64($inp),$inp
+
+	cmp		\$64*4,$len
+	jb		.Less_than_64_8xvl
+	vpxor		0x00($inp),$xc1,$xc1
+	vpxor		0x20($inp),$xd1,$xd1
+	vmovdqu		$xc1,0x00($out,$inp)
+	vmovdqu		$xd1,0x20($out,$inp)
+	je		.Ldone8xvl
+	vmovdqa32	$xa2,$xa0
+	vmovdqa		$xb2,$xb0
+	lea		64($inp),$inp
+
+	cmp		\$64*5,$len
+	jb		.Less_than_64_8xvl
+	vpxord		0x00($inp),$xa2,$xa2
+	vpxor		0x20($inp),$xb2,$xb2
+	vmovdqu32	$xa2,0x00($out,$inp)
+	vmovdqu		$xb2,0x20($out,$inp)
+	je		.Ldone8xvl
+	vmovdqa		$xc2,$xa0
+	vmovdqa		$xd2,$xb0
+	lea		64($inp),$inp
+
+	cmp		\$64*6,$len
+	jb		.Less_than_64_8xvl
+	vpxor		0x00($inp),$xc2,$xc2
+	vpxor		0x20($inp),$xd2,$xd2
+	vmovdqu		$xc2,0x00($out,$inp)
+	vmovdqu		$xd2,0x20($out,$inp)
+	je		.Ldone8xvl
+	vmovdqa		$xa3,$xa0
+	vmovdqa		$xb3,$xb0
+	lea		64($inp),$inp
+
+	cmp		\$64*7,$len
+	jb		.Less_than_64_8xvl
+	vpxor		0x00($inp),$xa3,$xa3
+	vpxor		0x20($inp),$xb3,$xb3
+	vmovdqu		$xa3,0x00($out,$inp)
+	vmovdqu		$xb3,0x20($out,$inp)
+	je		.Ldone8xvl
+	vmovdqa		$xc3,$xa0
+	vmovdqa		$xd3,$xb0
+	lea		64($inp),$inp
+
+.Less_than_64_8xvl:
+	vmovdqa		$xa0,0x00(%rsp)
+	vmovdqa		$xb0,0x20(%rsp)
+	lea		($out,$inp),$out
+	and		\$63,$len
+
+.Loop_tail8xvl:
+	movzb		($inp,%r10),%eax
+	movzb		(%rsp,%r10),%ecx
+	lea		1(%r10),%r10
+	xor		%ecx,%eax
+	mov		%al,-1($out,%r10)
+	dec		$len
+	jnz		.Loop_tail8xvl
+
+	vpxor		$xa0,$xa0,$xa0
+	vmovdqa		$xa0,0x00(%rsp)
+	vmovdqa		$xa0,0x20(%rsp)
+
+.Ldone8xvl:
+	vzeroall
+___
+$code.=<<___	if ($win64);
+	movaps		-0xa8(%r9),%xmm6
+	movaps		-0x98(%r9),%xmm7
+	movaps		-0x88(%r9),%xmm8
+	movaps		-0x78(%r9),%xmm9
+	movaps		-0x68(%r9),%xmm10
+	movaps		-0x58(%r9),%xmm11
+	movaps		-0x48(%r9),%xmm12
+	movaps		-0x38(%r9),%xmm13
+	movaps		-0x28(%r9),%xmm14
+	movaps		-0x18(%r9),%xmm15
+___
+$code.=<<___;
+	lea		(%r9),%rsp
+.cfi_def_cfa_register	%rsp
+.L8xvl_epilogue:
+	ret
+.cfi_endproc
+.size	ChaCha20_8xvl,.-ChaCha20_8xvl
+___
+}
+
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___;
+.extern	__imp_RtlVirtualUnwind
+.type	se_handler,\@abi-omnipotent
+.align	16
+se_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	lea	.Lctr32_body(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip<.Lprologue
+	jb	.Lcommon_seh_tail
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	lea	.Lno_data(%rip),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=.Lepilogue
+	jae	.Lcommon_seh_tail
+
+	lea	64+24+48(%rax),%rax
+
+	mov	-8(%rax),%rbx
+	mov	-16(%rax),%rbp
+	mov	-24(%rax),%r12
+	mov	-32(%rax),%r13
+	mov	-40(%rax),%r14
+	mov	-48(%rax),%r15
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+	mov	%r12,216($context)	# restore context->R12
+	mov	%r13,224($context)	# restore context->R13
+	mov	%r14,232($context)	# restore context->R14
+	mov	%r15,240($context)	# restore context->R14
+
+.Lcommon_seh_tail:
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rax,152($context)	# restore context->Rsp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+	mov	40($disp),%rdi		# disp->ContextRecord
+	mov	$context,%rsi		# context
+	mov	\$154,%ecx		# sizeof(CONTEXT)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	$disp,%rsi
+	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
+	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
+	mov	0(%rsi),%r8		# arg3, disp->ControlPc
+	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
+	mov	40(%rsi),%r10		# disp->ContextRecord
+	lea	56(%rsi),%r11		# &disp->HandlerData
+	lea	24(%rsi),%r12		# &disp->EstablisherFrame
+	mov	%r10,32(%rsp)		# arg5
+	mov	%r11,40(%rsp)		# arg6
+	mov	%r12,48(%rsp)		# arg7
+	mov	%rcx,56(%rsp)		# arg8, (NULL)
+	call	*__imp_RtlVirtualUnwind(%rip)
+
+	mov	\$1,%eax		# ExceptionContinueSearch
+	add	\$64,%rsp
+	popfq
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+	pop	%rdi
+	pop	%rsi
+	ret
+.size	se_handler,.-se_handler
+
+.type	simd_handler,\@abi-omnipotent
+.align	16
+simd_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# prologue label
+	cmp	%r10,%rbx		# context->Rip<prologue label
+	jb	.Lcommon_seh_tail
+
+	mov	192($context),%rax	# pull context->R9
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	mov	8(%r11),%ecx		# HandlerData[2]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=epilogue label
+	jae	.Lcommon_seh_tail
+
+	neg	%rcx
+	lea	-8(%rax,%rcx),%rsi
+	lea	512($context),%rdi	# &context.Xmm6
+	neg	%ecx
+	shr	\$3,%ecx
+	.long	0xa548f3fc		# cld; rep movsq
+
+	jmp	.Lcommon_seh_tail
+.size	simd_handler,.-simd_handler
+
+.section	.pdata
+.align	4
+	.rva	.LSEH_begin_ChaCha20_ctr32
+	.rva	.LSEH_end_ChaCha20_ctr32
+	.rva	.LSEH_info_ChaCha20_ctr32
+
+	.rva	.LSEH_begin_ChaCha20_ssse3
+	.rva	.LSEH_end_ChaCha20_ssse3
+	.rva	.LSEH_info_ChaCha20_ssse3
+
+	.rva	.LSEH_begin_ChaCha20_128
+	.rva	.LSEH_end_ChaCha20_128
+	.rva	.LSEH_info_ChaCha20_128
+
+	.rva	.LSEH_begin_ChaCha20_4x
+	.rva	.LSEH_end_ChaCha20_4x
+	.rva	.LSEH_info_ChaCha20_4x
+___
+$code.=<<___ if ($avx);
+	.rva	.LSEH_begin_ChaCha20_4xop
+	.rva	.LSEH_end_ChaCha20_4xop
+	.rva	.LSEH_info_ChaCha20_4xop
+___
+$code.=<<___ if ($avx>1);
+	.rva	.LSEH_begin_ChaCha20_8x
+	.rva	.LSEH_end_ChaCha20_8x
+	.rva	.LSEH_info_ChaCha20_8x
+___
+$code.=<<___ if ($avx>2);
+	.rva	.LSEH_begin_ChaCha20_avx512
+	.rva	.LSEH_end_ChaCha20_avx512
+	.rva	.LSEH_info_ChaCha20_avx512
+
+	.rva	.LSEH_begin_ChaCha20_avx512vl
+	.rva	.LSEH_end_ChaCha20_avx512vl
+	.rva	.LSEH_info_ChaCha20_avx512vl
+
+	.rva	.LSEH_begin_ChaCha20_16x
+	.rva	.LSEH_end_ChaCha20_16x
+	.rva	.LSEH_info_ChaCha20_16x
+
+	.rva	.LSEH_begin_ChaCha20_8xvl
+	.rva	.LSEH_end_ChaCha20_8xvl
+	.rva	.LSEH_info_ChaCha20_8xvl
+___
+$code.=<<___;
+.section	.xdata
+.align	8
+.LSEH_info_ChaCha20_ctr32:
+	.byte	9,0,0,0
+	.rva	se_handler
+
+.LSEH_info_ChaCha20_ssse3:
+	.byte	9,0,0,0
+	.rva	simd_handler
+	.rva	.Lssse3_body,.Lssse3_epilogue
+	.long	0x20,0
+
+.LSEH_info_ChaCha20_128:
+	.byte	9,0,0,0
+	.rva	simd_handler
+	.rva	.L128_body,.L128_epilogue
+	.long	0x60,0
+
+.LSEH_info_ChaCha20_4x:
+	.byte	9,0,0,0
+	.rva	simd_handler
+	.rva	.L4x_body,.L4x_epilogue
+	.long	0xa0,0
+___
+$code.=<<___ if ($avx);
+.LSEH_info_ChaCha20_4xop:
+	.byte	9,0,0,0
+	.rva	simd_handler
+	.rva	.L4xop_body,.L4xop_epilogue		# HandlerData[]
+	.long	0xa0,0
+___
+$code.=<<___ if ($avx>1);
+.LSEH_info_ChaCha20_8x:
+	.byte	9,0,0,0
+	.rva	simd_handler
+	.rva	.L8x_body,.L8x_epilogue			# HandlerData[]
+	.long	0xa0,0
+___
+$code.=<<___ if ($avx>2);
+.LSEH_info_ChaCha20_avx512:
+	.byte	9,0,0,0
+	.rva	simd_handler
+	.rva	.Lavx512_body,.Lavx512_epilogue		# HandlerData[]
+	.long	0x20,0
+
+.LSEH_info_ChaCha20_avx512vl:
+	.byte	9,0,0,0
+	.rva	simd_handler
+	.rva	.Lavx512vl_body,.Lavx512vl_epilogue	# HandlerData[]
+	.long	0x20,0
+
+.LSEH_info_ChaCha20_16x:
+	.byte	9,0,0,0
+	.rva	simd_handler
+	.rva	.L16x_body,.L16x_epilogue		# HandlerData[]
+	.long	0xa0,0
+
+.LSEH_info_ChaCha20_8xvl:
+	.byte	9,0,0,0
+	.rva	simd_handler
+	.rva	.L8xvl_body,.L8xvl_epilogue		# HandlerData[]
+	.long	0xa0,0
+___
+}
+
 foreach (split("\n",$code)) {
-	s/\`([^\`]*)\`/eval $1/geo;
+	s/\`([^\`]*)\`/eval $1/ge;
 
-	s/%x#%y/%x/go;
+	s/%x#%[yz]/%x/g;	# "down-shift"
 
 	print $_,"\n";
 }
diff --git a/deps/openssl/openssl/crypto/chacha/build.info b/deps/openssl/openssl/crypto/chacha/build.info
index ed1e01ae30..02f8e518ae 100644
--- a/deps/openssl/openssl/crypto/chacha/build.info
+++ b/deps/openssl/openssl/crypto/chacha/build.info
@@ -1,15 +1,14 @@
 LIBS=../../libcrypto
 SOURCE[../../libcrypto]={- $target{chacha_asm_src} -}
 
-GENERATE[chacha-x86.s]=asm/chacha-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR)
+GENERATE[chacha-x86.s]=asm/chacha-x86.pl \
+        $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR)
 GENERATE[chacha-x86_64.s]=asm/chacha-x86_64.pl $(PERLASM_SCHEME)
 GENERATE[chacha-ppc.s]=asm/chacha-ppc.pl $(PERLASM_SCHEME)
 GENERATE[chacha-armv4.S]=asm/chacha-armv4.pl $(PERLASM_SCHEME)
 INCLUDE[chacha-armv4.o]=..
 GENERATE[chacha-armv8.S]=asm/chacha-armv8.pl $(PERLASM_SCHEME)
 INCLUDE[chacha-armv8.o]=..
-GENERATE[chacha-s390x.S]=asm/chacha-s390x.pl $(PERLASM_SCHEME)
-INCLUDE[chacha-s390x.o]=..
 
 BEGINRAW[Makefile(unix)]
 ##### CHACHA assembler implementations
diff --git a/deps/openssl/openssl/crypto/cmac/cmac.c b/deps/openssl/openssl/crypto/cmac/cmac.c
index 46e3cb7912..6989c32d06 100644
--- a/deps/openssl/openssl/crypto/cmac/cmac.c
+++ b/deps/openssl/openssl/crypto/cmac/cmac.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -12,6 +12,7 @@
 #include <string.h>
 #include "internal/cryptlib.h"
 #include <openssl/cmac.h>
+#include <openssl/err.h>
 
 struct CMAC_CTX_st {
     /* Cipher context to use */
@@ -46,9 +47,10 @@ CMAC_CTX *CMAC_CTX_new(void)
 {
     CMAC_CTX *ctx;
 
-    ctx = OPENSSL_malloc(sizeof(*ctx));
-    if (ctx == NULL)
+    if ((ctx = OPENSSL_malloc(sizeof(*ctx))) == NULL) {
+        CRYPTOerr(CRYPTO_F_CMAC_CTX_NEW, ERR_R_MALLOC_FAILURE);
         return NULL;
+    }
     ctx->cctx = EVP_CIPHER_CTX_new();
     if (ctx->cctx == NULL) {
         OPENSSL_free(ctx);
diff --git a/deps/openssl/openssl/crypto/cms/cms_asn1.c b/deps/openssl/openssl/crypto/cms/cms_asn1.c
index 0a594f41d9..993ea6b219 100644
--- a/deps/openssl/openssl/crypto/cms/cms_asn1.c
+++ b/deps/openssl/openssl/crypto/cms/cms_asn1.c
@@ -56,7 +56,7 @@ static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
 }
 
 ASN1_SEQUENCE_cb(CMS_SignerInfo, cms_si_cb) = {
-        ASN1_SIMPLE(CMS_SignerInfo, version, LONG),
+        ASN1_EMBED(CMS_SignerInfo, version, INT32),
         ASN1_SIMPLE(CMS_SignerInfo, sid, CMS_SignerIdentifier),
         ASN1_SIMPLE(CMS_SignerInfo, digestAlgorithm, X509_ALGOR),
         ASN1_IMP_SET_OF_OPT(CMS_SignerInfo, signedAttrs, X509_ATTRIBUTE, 0),
@@ -76,7 +76,7 @@ ASN1_CHOICE(CMS_RevocationInfoChoice) = {
 } ASN1_CHOICE_END(CMS_RevocationInfoChoice)
 
 ASN1_NDEF_SEQUENCE(CMS_SignedData) = {
-        ASN1_SIMPLE(CMS_SignedData, version, LONG),
+        ASN1_EMBED(CMS_SignedData, version, INT32),
         ASN1_SET_OF(CMS_SignedData, digestAlgorithms, X509_ALGOR),
         ASN1_SIMPLE(CMS_SignedData, encapContentInfo, CMS_EncapsulatedContentInfo),
         ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0),
@@ -96,7 +96,7 @@ ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = {
 } static_ASN1_NDEF_SEQUENCE_END(CMS_EncryptedContentInfo)
 
 ASN1_SEQUENCE(CMS_KeyTransRecipientInfo) = {
-        ASN1_SIMPLE(CMS_KeyTransRecipientInfo, version, LONG),
+        ASN1_EMBED(CMS_KeyTransRecipientInfo, version, INT32),
         ASN1_SIMPLE(CMS_KeyTransRecipientInfo, rid, CMS_SignerIdentifier),
         ASN1_SIMPLE(CMS_KeyTransRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
         ASN1_SIMPLE(CMS_KeyTransRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
@@ -162,7 +162,7 @@ static int cms_kari_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
 }
 
 ASN1_SEQUENCE_cb(CMS_KeyAgreeRecipientInfo, cms_kari_cb) = {
-        ASN1_SIMPLE(CMS_KeyAgreeRecipientInfo, version, LONG),
+        ASN1_EMBED(CMS_KeyAgreeRecipientInfo, version, INT32),
         ASN1_EXP(CMS_KeyAgreeRecipientInfo, originator, CMS_OriginatorIdentifierOrKey, 0),
         ASN1_EXP_OPT(CMS_KeyAgreeRecipientInfo, ukm, ASN1_OCTET_STRING, 1),
         ASN1_SIMPLE(CMS_KeyAgreeRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
@@ -176,14 +176,14 @@ ASN1_SEQUENCE(CMS_KEKIdentifier) = {
 } static_ASN1_SEQUENCE_END(CMS_KEKIdentifier)
 
 ASN1_SEQUENCE(CMS_KEKRecipientInfo) = {
-        ASN1_SIMPLE(CMS_KEKRecipientInfo, version, LONG),
+        ASN1_EMBED(CMS_KEKRecipientInfo, version, INT32),
         ASN1_SIMPLE(CMS_KEKRecipientInfo, kekid, CMS_KEKIdentifier),
         ASN1_SIMPLE(CMS_KEKRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
         ASN1_SIMPLE(CMS_KEKRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
 } ASN1_SEQUENCE_END(CMS_KEKRecipientInfo)
 
 ASN1_SEQUENCE(CMS_PasswordRecipientInfo) = {
-        ASN1_SIMPLE(CMS_PasswordRecipientInfo, version, LONG),
+        ASN1_EMBED(CMS_PasswordRecipientInfo, version, INT32),
         ASN1_IMP_OPT(CMS_PasswordRecipientInfo, keyDerivationAlgorithm, X509_ALGOR, 0),
         ASN1_SIMPLE(CMS_PasswordRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
         ASN1_SIMPLE(CMS_PasswordRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
@@ -225,7 +225,7 @@ ASN1_CHOICE_cb(CMS_RecipientInfo, cms_ri_cb) = {
 } ASN1_CHOICE_END_cb(CMS_RecipientInfo, CMS_RecipientInfo, type)
 
 ASN1_NDEF_SEQUENCE(CMS_EnvelopedData) = {
-        ASN1_SIMPLE(CMS_EnvelopedData, version, LONG),
+        ASN1_EMBED(CMS_EnvelopedData, version, INT32),
         ASN1_IMP_OPT(CMS_EnvelopedData, originatorInfo, CMS_OriginatorInfo, 0),
         ASN1_SET_OF(CMS_EnvelopedData, recipientInfos, CMS_RecipientInfo),
         ASN1_SIMPLE(CMS_EnvelopedData, encryptedContentInfo, CMS_EncryptedContentInfo),
@@ -233,20 +233,20 @@ ASN1_NDEF_SEQUENCE(CMS_EnvelopedData) = {
 } ASN1_NDEF_SEQUENCE_END(CMS_EnvelopedData)
 
 ASN1_NDEF_SEQUENCE(CMS_DigestedData) = {
-        ASN1_SIMPLE(CMS_DigestedData, version, LONG),
+        ASN1_EMBED(CMS_DigestedData, version, INT32),
         ASN1_SIMPLE(CMS_DigestedData, digestAlgorithm, X509_ALGOR),
         ASN1_SIMPLE(CMS_DigestedData, encapContentInfo, CMS_EncapsulatedContentInfo),
         ASN1_SIMPLE(CMS_DigestedData, digest, ASN1_OCTET_STRING)
 } ASN1_NDEF_SEQUENCE_END(CMS_DigestedData)
 
 ASN1_NDEF_SEQUENCE(CMS_EncryptedData) = {
-        ASN1_SIMPLE(CMS_EncryptedData, version, LONG),
+        ASN1_EMBED(CMS_EncryptedData, version, INT32),
         ASN1_SIMPLE(CMS_EncryptedData, encryptedContentInfo, CMS_EncryptedContentInfo),
         ASN1_IMP_SET_OF_OPT(CMS_EncryptedData, unprotectedAttrs, X509_ATTRIBUTE, 1)
 } ASN1_NDEF_SEQUENCE_END(CMS_EncryptedData)
 
 ASN1_NDEF_SEQUENCE(CMS_AuthenticatedData) = {
-        ASN1_SIMPLE(CMS_AuthenticatedData, version, LONG),
+        ASN1_EMBED(CMS_AuthenticatedData, version, INT32),
         ASN1_IMP_OPT(CMS_AuthenticatedData, originatorInfo, CMS_OriginatorInfo, 0),
         ASN1_SET_OF(CMS_AuthenticatedData, recipientInfos, CMS_RecipientInfo),
         ASN1_SIMPLE(CMS_AuthenticatedData, macAlgorithm, X509_ALGOR),
@@ -258,7 +258,7 @@ ASN1_NDEF_SEQUENCE(CMS_AuthenticatedData) = {
 } static_ASN1_NDEF_SEQUENCE_END(CMS_AuthenticatedData)
 
 ASN1_NDEF_SEQUENCE(CMS_CompressedData) = {
-        ASN1_SIMPLE(CMS_CompressedData, version, LONG),
+        ASN1_EMBED(CMS_CompressedData, version, INT32),
         ASN1_SIMPLE(CMS_CompressedData, compressionAlgorithm, X509_ALGOR),
         ASN1_SIMPLE(CMS_CompressedData, encapContentInfo, CMS_EncapsulatedContentInfo),
 } ASN1_NDEF_SEQUENCE_END(CMS_CompressedData)
@@ -338,7 +338,7 @@ ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Verify)
 
 
 ASN1_CHOICE(CMS_ReceiptsFrom) = {
-  ASN1_IMP(CMS_ReceiptsFrom, d.allOrFirstTier, LONG, 0),
+  ASN1_IMP_EMBED(CMS_ReceiptsFrom, d.allOrFirstTier, INT32, 0),
   ASN1_IMP_SEQUENCE_OF(CMS_ReceiptsFrom, d.receiptList, GENERAL_NAMES, 1)
 } static_ASN1_CHOICE_END(CMS_ReceiptsFrom)
 
@@ -349,7 +349,7 @@ ASN1_SEQUENCE(CMS_ReceiptRequest) = {
 } ASN1_SEQUENCE_END(CMS_ReceiptRequest)
 
 ASN1_SEQUENCE(CMS_Receipt) = {
-  ASN1_SIMPLE(CMS_Receipt, version, LONG),
+  ASN1_EMBED(CMS_Receipt, version, INT32),
   ASN1_SIMPLE(CMS_Receipt, contentType, ASN1_OBJECT),
   ASN1_SIMPLE(CMS_Receipt, signedContentIdentifier, ASN1_OCTET_STRING),
   ASN1_SIMPLE(CMS_Receipt, originatorSignatureValue, ASN1_OCTET_STRING)
diff --git a/deps/openssl/openssl/crypto/cms/cms_enc.c b/deps/openssl/openssl/crypto/cms/cms_enc.c
index ed913426bc..a1719830e8 100644
--- a/deps/openssl/openssl/crypto/cms/cms_enc.c
+++ b/deps/openssl/openssl/crypto/cms/cms_enc.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -168,9 +168,10 @@ int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec,
 {
     ec->cipher = cipher;
     if (key) {
-        ec->key = OPENSSL_malloc(keylen);
-        if (ec->key == NULL)
+        if ((ec->key = OPENSSL_malloc(keylen)) == NULL) {
+            CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT, ERR_R_MALLOC_FAILURE);
             return 0;
+        }
         memcpy(ec->key, key, keylen);
     }
     ec->keylen = keylen;
diff --git a/deps/openssl/openssl/crypto/cms/cms_env.c b/deps/openssl/openssl/crypto/cms/cms_env.c
index fe5076ec02..bb95af75e3 100644
--- a/deps/openssl/openssl/crypto/cms/cms_env.c
+++ b/deps/openssl/openssl/crypto/cms/cms_env.c
@@ -750,7 +750,7 @@ int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
 
     default:
         CMSerr(CMS_F_CMS_RECIPIENTINFO_DECRYPT,
-               CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE);
+               CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE);
         return 0;
     }
 }
diff --git a/deps/openssl/openssl/crypto/cms/cms_err.c b/deps/openssl/openssl/crypto/cms/cms_err.c
index c6df1b5afe..4432b471ee 100644
--- a/deps/openssl/openssl/crypto/cms/cms_err.c
+++ b/deps/openssl/openssl/crypto/cms/cms_err.c
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -8,238 +8,275 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
 #include <openssl/err.h>
-#include <openssl/cms.h>
+#include <openssl/cmserr.h>
 
-/* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_CMS,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_CMS,0,reason)
-
-static ERR_STRING_DATA CMS_str_functs[] = {
-    {ERR_FUNC(CMS_F_CHECK_CONTENT), "check_content"},
-    {ERR_FUNC(CMS_F_CMS_ADD0_CERT), "CMS_add0_cert"},
-    {ERR_FUNC(CMS_F_CMS_ADD0_RECIPIENT_KEY), "CMS_add0_recipient_key"},
-    {ERR_FUNC(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD),
+static const ERR_STRING_DATA CMS_str_functs[] = {
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CHECK_CONTENT, 0), "check_content"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ADD0_CERT, 0), "CMS_add0_cert"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ADD0_RECIPIENT_KEY, 0),
+     "CMS_add0_recipient_key"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, 0),
      "CMS_add0_recipient_password"},
-    {ERR_FUNC(CMS_F_CMS_ADD1_RECEIPTREQUEST), "CMS_add1_ReceiptRequest"},
-    {ERR_FUNC(CMS_F_CMS_ADD1_RECIPIENT_CERT), "CMS_add1_recipient_cert"},
-    {ERR_FUNC(CMS_F_CMS_ADD1_SIGNER), "CMS_add1_signer"},
-    {ERR_FUNC(CMS_F_CMS_ADD1_SIGNINGTIME), "cms_add1_signingTime"},
-    {ERR_FUNC(CMS_F_CMS_COMPRESS), "CMS_compress"},
-    {ERR_FUNC(CMS_F_CMS_COMPRESSEDDATA_CREATE), "cms_CompressedData_create"},
-    {ERR_FUNC(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO),
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ADD1_RECEIPTREQUEST, 0),
+     "CMS_add1_ReceiptRequest"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ADD1_RECIPIENT_CERT, 0),
+     "CMS_add1_recipient_cert"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ADD1_SIGNER, 0), "CMS_add1_signer"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ADD1_SIGNINGTIME, 0),
+     "cms_add1_signingTime"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_COMPRESS, 0), "CMS_compress"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_COMPRESSEDDATA_CREATE, 0),
+     "cms_CompressedData_create"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_COMPRESSEDDATA_INIT_BIO, 0),
      "cms_CompressedData_init_bio"},
-    {ERR_FUNC(CMS_F_CMS_COPY_CONTENT), "cms_copy_content"},
-    {ERR_FUNC(CMS_F_CMS_COPY_MESSAGEDIGEST), "cms_copy_messageDigest"},
-    {ERR_FUNC(CMS_F_CMS_DATA), "CMS_data"},
-    {ERR_FUNC(CMS_F_CMS_DATAFINAL), "CMS_dataFinal"},
-    {ERR_FUNC(CMS_F_CMS_DATAINIT), "CMS_dataInit"},
-    {ERR_FUNC(CMS_F_CMS_DECRYPT), "CMS_decrypt"},
-    {ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_KEY), "CMS_decrypt_set1_key"},
-    {ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_PASSWORD), "CMS_decrypt_set1_password"},
-    {ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_PKEY), "CMS_decrypt_set1_pkey"},
-    {ERR_FUNC(CMS_F_CMS_DIGESTALGORITHM_FIND_CTX),
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_COPY_CONTENT, 0), "cms_copy_content"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_COPY_MESSAGEDIGEST, 0),
+     "cms_copy_messageDigest"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DATA, 0), "CMS_data"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DATAFINAL, 0), "CMS_dataFinal"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DATAINIT, 0), "CMS_dataInit"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DECRYPT, 0), "CMS_decrypt"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DECRYPT_SET1_KEY, 0),
+     "CMS_decrypt_set1_key"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DECRYPT_SET1_PASSWORD, 0),
+     "CMS_decrypt_set1_password"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DECRYPT_SET1_PKEY, 0),
+     "CMS_decrypt_set1_pkey"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DIGESTALGORITHM_FIND_CTX, 0),
      "cms_DigestAlgorithm_find_ctx"},
-    {ERR_FUNC(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO),
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DIGESTALGORITHM_INIT_BIO, 0),
      "cms_DigestAlgorithm_init_bio"},
-    {ERR_FUNC(CMS_F_CMS_DIGESTEDDATA_DO_FINAL), "cms_DigestedData_do_final"},
-    {ERR_FUNC(CMS_F_CMS_DIGEST_VERIFY), "CMS_digest_verify"},
-    {ERR_FUNC(CMS_F_CMS_ENCODE_RECEIPT), "cms_encode_Receipt"},
-    {ERR_FUNC(CMS_F_CMS_ENCRYPT), "CMS_encrypt"},
-    {ERR_FUNC(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO),
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DIGESTEDDATA_DO_FINAL, 0),
+     "cms_DigestedData_do_final"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DIGEST_VERIFY, 0), "CMS_digest_verify"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENCODE_RECEIPT, 0), "cms_encode_Receipt"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENCRYPT, 0), "CMS_encrypt"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENCRYPTEDCONTENT_INIT, 0),
+     "cms_EncryptedContent_init"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, 0),
      "cms_EncryptedContent_init_bio"},
-    {ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_DECRYPT), "CMS_EncryptedData_decrypt"},
-    {ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT), "CMS_EncryptedData_encrypt"},
-    {ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY),
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENCRYPTEDDATA_DECRYPT, 0),
+     "CMS_EncryptedData_decrypt"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT, 0),
+     "CMS_EncryptedData_encrypt"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, 0),
      "CMS_EncryptedData_set1_key"},
-    {ERR_FUNC(CMS_F_CMS_ENVELOPEDDATA_CREATE), "CMS_EnvelopedData_create"},
-    {ERR_FUNC(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO),
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENVELOPEDDATA_CREATE, 0),
+     "CMS_EnvelopedData_create"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENVELOPEDDATA_INIT_BIO, 0),
      "cms_EnvelopedData_init_bio"},
-    {ERR_FUNC(CMS_F_CMS_ENVELOPED_DATA_INIT), "cms_enveloped_data_init"},
-    {ERR_FUNC(CMS_F_CMS_ENV_ASN1_CTRL), "cms_env_asn1_ctrl"},
-    {ERR_FUNC(CMS_F_CMS_FINAL), "CMS_final"},
-    {ERR_FUNC(CMS_F_CMS_GET0_CERTIFICATE_CHOICES),
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENVELOPED_DATA_INIT, 0),
+     "cms_enveloped_data_init"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENV_ASN1_CTRL, 0), "cms_env_asn1_ctrl"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_FINAL, 0), "CMS_final"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_GET0_CERTIFICATE_CHOICES, 0),
      "cms_get0_certificate_choices"},
-    {ERR_FUNC(CMS_F_CMS_GET0_CONTENT), "CMS_get0_content"},
-    {ERR_FUNC(CMS_F_CMS_GET0_ECONTENT_TYPE), "cms_get0_econtent_type"},
-    {ERR_FUNC(CMS_F_CMS_GET0_ENVELOPED), "cms_get0_enveloped"},
-    {ERR_FUNC(CMS_F_CMS_GET0_REVOCATION_CHOICES),
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_GET0_CONTENT, 0), "CMS_get0_content"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_GET0_ECONTENT_TYPE, 0),
+     "cms_get0_econtent_type"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_GET0_ENVELOPED, 0), "cms_get0_enveloped"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_GET0_REVOCATION_CHOICES, 0),
      "cms_get0_revocation_choices"},
-    {ERR_FUNC(CMS_F_CMS_GET0_SIGNED), "cms_get0_signed"},
-    {ERR_FUNC(CMS_F_CMS_MSGSIGDIGEST_ADD1), "cms_msgSigDigest_add1"},
-    {ERR_FUNC(CMS_F_CMS_RECEIPTREQUEST_CREATE0),
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_GET0_SIGNED, 0), "cms_get0_signed"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_MSGSIGDIGEST_ADD1, 0),
+     "cms_msgSigDigest_add1"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECEIPTREQUEST_CREATE0, 0),
      "CMS_ReceiptRequest_create0"},
-    {ERR_FUNC(CMS_F_CMS_RECEIPT_VERIFY), "cms_Receipt_verify"},
-    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_DECRYPT), "CMS_RecipientInfo_decrypt"},
-    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_ENCRYPT), "CMS_RecipientInfo_encrypt"},
-    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT),
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECEIPT_VERIFY, 0), "cms_Receipt_verify"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_DECRYPT, 0),
+     "CMS_RecipientInfo_decrypt"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_ENCRYPT, 0),
+     "CMS_RecipientInfo_encrypt"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT, 0),
      "cms_RecipientInfo_kari_encrypt"},
-    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ALG),
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ALG, 0),
      "CMS_RecipientInfo_kari_get0_alg"},
-    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ORIG_ID),
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ORIG_ID, 0),
      "CMS_RecipientInfo_kari_get0_orig_id"},
-    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KARI_GET0_REKS),
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KARI_GET0_REKS, 0),
      "CMS_RecipientInfo_kari_get0_reks"},
-    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KARI_ORIG_ID_CMP),
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KARI_ORIG_ID_CMP, 0),
      "CMS_RecipientInfo_kari_orig_id_cmp"},
-    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT),
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, 0),
      "cms_RecipientInfo_kekri_decrypt"},
-    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT),
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, 0),
      "cms_RecipientInfo_kekri_encrypt"},
-    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID),
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID, 0),
      "CMS_RecipientInfo_kekri_get0_id"},
-    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP),
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP, 0),
      "CMS_RecipientInfo_kekri_id_cmp"},
-    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP),
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP, 0),
      "CMS_RecipientInfo_ktri_cert_cmp"},
-    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT),
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, 0),
      "cms_RecipientInfo_ktri_decrypt"},
-    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT),
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, 0),
      "cms_RecipientInfo_ktri_encrypt"},
-    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS),
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS, 0),
      "CMS_RecipientInfo_ktri_get0_algs"},
-    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID),
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID, 0),
      "CMS_RecipientInfo_ktri_get0_signer_id"},
-    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT),
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, 0),
      "cms_RecipientInfo_pwri_crypt"},
-    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_KEY),
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_SET0_KEY, 0),
      "CMS_RecipientInfo_set0_key"},
-    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD),
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD, 0),
      "CMS_RecipientInfo_set0_password"},
-    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY),
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_SET0_PKEY, 0),
      "CMS_RecipientInfo_set0_pkey"},
-    {ERR_FUNC(CMS_F_CMS_SD_ASN1_CTRL), "cms_sd_asn1_ctrl"},
-    {ERR_FUNC(CMS_F_CMS_SET1_IAS), "cms_set1_ias"},
-    {ERR_FUNC(CMS_F_CMS_SET1_KEYID), "cms_set1_keyid"},
-    {ERR_FUNC(CMS_F_CMS_SET1_SIGNERIDENTIFIER), "cms_set1_SignerIdentifier"},
-    {ERR_FUNC(CMS_F_CMS_SET_DETACHED), "CMS_set_detached"},
-    {ERR_FUNC(CMS_F_CMS_SIGN), "CMS_sign"},
-    {ERR_FUNC(CMS_F_CMS_SIGNED_DATA_INIT), "cms_signed_data_init"},
-    {ERR_FUNC(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN),
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SD_ASN1_CTRL, 0), "cms_sd_asn1_ctrl"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SET1_IAS, 0), "cms_set1_ias"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SET1_KEYID, 0), "cms_set1_keyid"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SET1_SIGNERIDENTIFIER, 0),
+     "cms_set1_SignerIdentifier"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SET_DETACHED, 0), "CMS_set_detached"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGN, 0), "CMS_sign"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGNED_DATA_INIT, 0),
+     "cms_signed_data_init"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, 0),
      "cms_SignerInfo_content_sign"},
-    {ERR_FUNC(CMS_F_CMS_SIGNERINFO_SIGN), "CMS_SignerInfo_sign"},
-    {ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY), "CMS_SignerInfo_verify"},
-    {ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CERT),
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGNERINFO_SIGN, 0),
+     "CMS_SignerInfo_sign"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGNERINFO_VERIFY, 0),
+     "CMS_SignerInfo_verify"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGNERINFO_VERIFY_CERT, 0),
      "cms_signerinfo_verify_cert"},
-    {ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT),
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, 0),
      "CMS_SignerInfo_verify_content"},
-    {ERR_FUNC(CMS_F_CMS_SIGN_RECEIPT), "CMS_sign_receipt"},
-    {ERR_FUNC(CMS_F_CMS_STREAM), "CMS_stream"},
-    {ERR_FUNC(CMS_F_CMS_UNCOMPRESS), "CMS_uncompress"},
-    {ERR_FUNC(CMS_F_CMS_VERIFY), "CMS_verify"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGN_RECEIPT, 0), "CMS_sign_receipt"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_STREAM, 0), "CMS_stream"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_UNCOMPRESS, 0), "CMS_uncompress"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_VERIFY, 0), "CMS_verify"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_KEK_UNWRAP_KEY, 0), "kek_unwrap_key"},
     {0, NULL}
 };
 
-static ERR_STRING_DATA CMS_str_reasons[] = {
-    {ERR_REASON(CMS_R_ADD_SIGNER_ERROR), "add signer error"},
-    {ERR_REASON(CMS_R_CERTIFICATE_ALREADY_PRESENT),
-     "certificate already present"},
-    {ERR_REASON(CMS_R_CERTIFICATE_HAS_NO_KEYID), "certificate has no keyid"},
-    {ERR_REASON(CMS_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"},
-    {ERR_REASON(CMS_R_CIPHER_INITIALISATION_ERROR),
-     "cipher initialisation error"},
-    {ERR_REASON(CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR),
-     "cipher parameter initialisation error"},
-    {ERR_REASON(CMS_R_CMS_DATAFINAL_ERROR), "cms datafinal error"},
-    {ERR_REASON(CMS_R_CMS_LIB), "cms lib"},
-    {ERR_REASON(CMS_R_CONTENTIDENTIFIER_MISMATCH),
-     "contentidentifier mismatch"},
-    {ERR_REASON(CMS_R_CONTENT_NOT_FOUND), "content not found"},
-    {ERR_REASON(CMS_R_CONTENT_TYPE_MISMATCH), "content type mismatch"},
-    {ERR_REASON(CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA),
-     "content type not compressed data"},
-    {ERR_REASON(CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA),
-     "content type not enveloped data"},
-    {ERR_REASON(CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA),
-     "content type not signed data"},
-    {ERR_REASON(CMS_R_CONTENT_VERIFY_ERROR), "content verify error"},
-    {ERR_REASON(CMS_R_CTRL_ERROR), "ctrl error"},
-    {ERR_REASON(CMS_R_CTRL_FAILURE), "ctrl failure"},
-    {ERR_REASON(CMS_R_DECRYPT_ERROR), "decrypt error"},
-    {ERR_REASON(CMS_R_ERROR_GETTING_PUBLIC_KEY), "error getting public key"},
-    {ERR_REASON(CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE),
-     "error reading messagedigest attribute"},
-    {ERR_REASON(CMS_R_ERROR_SETTING_KEY), "error setting key"},
-    {ERR_REASON(CMS_R_ERROR_SETTING_RECIPIENTINFO),
-     "error setting recipientinfo"},
-    {ERR_REASON(CMS_R_INVALID_ENCRYPTED_KEY_LENGTH),
-     "invalid encrypted key length"},
-    {ERR_REASON(CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER),
-     "invalid key encryption parameter"},
-    {ERR_REASON(CMS_R_INVALID_KEY_LENGTH), "invalid key length"},
-    {ERR_REASON(CMS_R_MD_BIO_INIT_ERROR), "md bio init error"},
-    {ERR_REASON(CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH),
-     "messagedigest attribute wrong length"},
-    {ERR_REASON(CMS_R_MESSAGEDIGEST_WRONG_LENGTH),
-     "messagedigest wrong length"},
-    {ERR_REASON(CMS_R_MSGSIGDIGEST_ERROR), "msgsigdigest error"},
-    {ERR_REASON(CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE),
-     "msgsigdigest verification failure"},
-    {ERR_REASON(CMS_R_MSGSIGDIGEST_WRONG_LENGTH),
-     "msgsigdigest wrong length"},
-    {ERR_REASON(CMS_R_NEED_ONE_SIGNER), "need one signer"},
-    {ERR_REASON(CMS_R_NOT_A_SIGNED_RECEIPT), "not a signed receipt"},
-    {ERR_REASON(CMS_R_NOT_ENCRYPTED_DATA), "not encrypted data"},
-    {ERR_REASON(CMS_R_NOT_KEK), "not kek"},
-    {ERR_REASON(CMS_R_NOT_KEY_AGREEMENT), "not key agreement"},
-    {ERR_REASON(CMS_R_NOT_KEY_TRANSPORT), "not key transport"},
-    {ERR_REASON(CMS_R_NOT_PWRI), "not pwri"},
-    {ERR_REASON(CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),
-     "not supported for this key type"},
-    {ERR_REASON(CMS_R_NO_CIPHER), "no cipher"},
-    {ERR_REASON(CMS_R_NO_CONTENT), "no content"},
-    {ERR_REASON(CMS_R_NO_CONTENT_TYPE), "no content type"},
-    {ERR_REASON(CMS_R_NO_DEFAULT_DIGEST), "no default digest"},
-    {ERR_REASON(CMS_R_NO_DIGEST_SET), "no digest set"},
-    {ERR_REASON(CMS_R_NO_KEY), "no key"},
-    {ERR_REASON(CMS_R_NO_KEY_OR_CERT), "no key or cert"},
-    {ERR_REASON(CMS_R_NO_MATCHING_DIGEST), "no matching digest"},
-    {ERR_REASON(CMS_R_NO_MATCHING_RECIPIENT), "no matching recipient"},
-    {ERR_REASON(CMS_R_NO_MATCHING_SIGNATURE), "no matching signature"},
-    {ERR_REASON(CMS_R_NO_MSGSIGDIGEST), "no msgsigdigest"},
-    {ERR_REASON(CMS_R_NO_PASSWORD), "no password"},
-    {ERR_REASON(CMS_R_NO_PRIVATE_KEY), "no private key"},
-    {ERR_REASON(CMS_R_NO_PUBLIC_KEY), "no public key"},
-    {ERR_REASON(CMS_R_NO_RECEIPT_REQUEST), "no receipt request"},
-    {ERR_REASON(CMS_R_NO_SIGNERS), "no signers"},
-    {ERR_REASON(CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),
-     "private key does not match certificate"},
-    {ERR_REASON(CMS_R_RECEIPT_DECODE_ERROR), "receipt decode error"},
-    {ERR_REASON(CMS_R_RECIPIENT_ERROR), "recipient error"},
-    {ERR_REASON(CMS_R_SIGNER_CERTIFICATE_NOT_FOUND),
-     "signer certificate not found"},
-    {ERR_REASON(CMS_R_SIGNFINAL_ERROR), "signfinal error"},
-    {ERR_REASON(CMS_R_SMIME_TEXT_ERROR), "smime text error"},
-    {ERR_REASON(CMS_R_STORE_INIT_ERROR), "store init error"},
-    {ERR_REASON(CMS_R_TYPE_NOT_COMPRESSED_DATA), "type not compressed data"},
-    {ERR_REASON(CMS_R_TYPE_NOT_DATA), "type not data"},
-    {ERR_REASON(CMS_R_TYPE_NOT_DIGESTED_DATA), "type not digested data"},
-    {ERR_REASON(CMS_R_TYPE_NOT_ENCRYPTED_DATA), "type not encrypted data"},
-    {ERR_REASON(CMS_R_TYPE_NOT_ENVELOPED_DATA), "type not enveloped data"},
-    {ERR_REASON(CMS_R_UNABLE_TO_FINALIZE_CONTEXT),
-     "unable to finalize context"},
-    {ERR_REASON(CMS_R_UNKNOWN_CIPHER), "unknown cipher"},
-    {ERR_REASON(CMS_R_UNKNOWN_DIGEST_ALGORIHM), "unknown digest algorihm"},
-    {ERR_REASON(CMS_R_UNKNOWN_ID), "unknown id"},
-    {ERR_REASON(CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM),
-     "unsupported compression algorithm"},
-    {ERR_REASON(CMS_R_UNSUPPORTED_CONTENT_TYPE), "unsupported content type"},
-    {ERR_REASON(CMS_R_UNSUPPORTED_KEK_ALGORITHM),
-     "unsupported kek algorithm"},
-    {ERR_REASON(CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM),
-     "unsupported key encryption algorithm"},
-    {ERR_REASON(CMS_R_UNSUPPORTED_RECIPIENT_TYPE),
-     "unsupported recipient type"},
-    {ERR_REASON(CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE),
-     "unsupported recpientinfo type"},
-    {ERR_REASON(CMS_R_UNSUPPORTED_TYPE), "unsupported type"},
-    {ERR_REASON(CMS_R_UNWRAP_ERROR), "unwrap error"},
-    {ERR_REASON(CMS_R_UNWRAP_FAILURE), "unwrap failure"},
-    {ERR_REASON(CMS_R_VERIFICATION_FAILURE), "verification failure"},
-    {ERR_REASON(CMS_R_WRAP_ERROR), "wrap error"},
+static const ERR_STRING_DATA CMS_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ADD_SIGNER_ERROR), "add signer error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CERTIFICATE_ALREADY_PRESENT),
+    "certificate already present"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CERTIFICATE_HAS_NO_KEYID),
+    "certificate has no keyid"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CERTIFICATE_VERIFY_ERROR),
+    "certificate verify error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CIPHER_INITIALISATION_ERROR),
+    "cipher initialisation error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR),
+    "cipher parameter initialisation error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CMS_DATAFINAL_ERROR),
+    "cms datafinal error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CMS_LIB), "cms lib"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENTIDENTIFIER_MISMATCH),
+    "contentidentifier mismatch"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_NOT_FOUND), "content not found"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_TYPE_MISMATCH),
+    "content type mismatch"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA),
+    "content type not compressed data"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA),
+    "content type not enveloped data"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA),
+    "content type not signed data"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_VERIFY_ERROR),
+    "content verify error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CTRL_ERROR), "ctrl error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CTRL_FAILURE), "ctrl failure"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_DECRYPT_ERROR), "decrypt error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_GETTING_PUBLIC_KEY),
+    "error getting public key"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE),
+    "error reading messagedigest attribute"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_SETTING_KEY), "error setting key"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_SETTING_RECIPIENTINFO),
+    "error setting recipientinfo"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_ENCRYPTED_KEY_LENGTH),
+    "invalid encrypted key length"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER),
+    "invalid key encryption parameter"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_KEY_LENGTH), "invalid key length"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MD_BIO_INIT_ERROR), "md bio init error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH),
+    "messagedigest attribute wrong length"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MESSAGEDIGEST_WRONG_LENGTH),
+    "messagedigest wrong length"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MSGSIGDIGEST_ERROR), "msgsigdigest error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE),
+    "msgsigdigest verification failure"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MSGSIGDIGEST_WRONG_LENGTH),
+    "msgsigdigest wrong length"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NEED_ONE_SIGNER), "need one signer"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_A_SIGNED_RECEIPT),
+    "not a signed receipt"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_ENCRYPTED_DATA), "not encrypted data"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_KEK), "not kek"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_KEY_AGREEMENT), "not key agreement"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_KEY_TRANSPORT), "not key transport"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_PWRI), "not pwri"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),
+    "not supported for this key type"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_CIPHER), "no cipher"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_CONTENT), "no content"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_CONTENT_TYPE), "no content type"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_DEFAULT_DIGEST), "no default digest"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_DIGEST_SET), "no digest set"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_KEY), "no key"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_KEY_OR_CERT), "no key or cert"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_MATCHING_DIGEST), "no matching digest"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_MATCHING_RECIPIENT),
+    "no matching recipient"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_MATCHING_SIGNATURE),
+    "no matching signature"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_MSGSIGDIGEST), "no msgsigdigest"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_PASSWORD), "no password"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_PRIVATE_KEY), "no private key"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_PUBLIC_KEY), "no public key"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_RECEIPT_REQUEST), "no receipt request"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_SIGNERS), "no signers"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),
+    "private key does not match certificate"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_RECEIPT_DECODE_ERROR),
+    "receipt decode error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_RECIPIENT_ERROR), "recipient error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_SIGNER_CERTIFICATE_NOT_FOUND),
+    "signer certificate not found"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_SIGNFINAL_ERROR), "signfinal error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_SMIME_TEXT_ERROR), "smime text error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_STORE_INIT_ERROR), "store init error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_COMPRESSED_DATA),
+    "type not compressed data"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_DATA), "type not data"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_DIGESTED_DATA),
+    "type not digested data"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_ENCRYPTED_DATA),
+    "type not encrypted data"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_ENVELOPED_DATA),
+    "type not enveloped data"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNABLE_TO_FINALIZE_CONTEXT),
+    "unable to finalize context"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNKNOWN_CIPHER), "unknown cipher"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNKNOWN_DIGEST_ALGORITHM),
+    "unknown digest algorithm"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNKNOWN_ID), "unknown id"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM),
+    "unsupported compression algorithm"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_CONTENT_TYPE),
+    "unsupported content type"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_KEK_ALGORITHM),
+    "unsupported kek algorithm"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM),
+    "unsupported key encryption algorithm"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE),
+    "unsupported recipientinfo type"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_RECIPIENT_TYPE),
+    "unsupported recipient type"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_TYPE), "unsupported type"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNWRAP_ERROR), "unwrap error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNWRAP_FAILURE), "unwrap failure"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_VERIFICATION_FAILURE),
+    "verification failure"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_WRAP_ERROR), "wrap error"},
     {0, NULL}
 };
 
@@ -248,10 +285,9 @@ static ERR_STRING_DATA CMS_str_reasons[] = {
 int ERR_load_CMS_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
-
     if (ERR_func_error_string(CMS_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, CMS_str_functs);
-        ERR_load_strings(0, CMS_str_reasons);
+        ERR_load_strings_const(CMS_str_functs);
+        ERR_load_strings_const(CMS_str_reasons);
     }
 #endif
     return 1;
diff --git a/deps/openssl/openssl/crypto/cms/cms_lcl.h b/deps/openssl/openssl/crypto/cms/cms_lcl.h
index d0c0e81363..916fcbfbe1 100644
--- a/deps/openssl/openssl/crypto/cms/cms_lcl.h
+++ b/deps/openssl/openssl/crypto/cms/cms_lcl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -10,10 +10,6 @@
 #ifndef HEADER_CMS_LCL_H
 # define HEADER_CMS_LCL_H
 
-#ifdef __cplusplus
-extern "C" {
-#endif
-
 # include <openssl/x509.h>
 
 /*
@@ -67,7 +63,7 @@ struct CMS_ContentInfo_st {
 DEFINE_STACK_OF(CMS_CertificateChoices)
 
 struct CMS_SignedData_st {
-    long version;
+    int32_t version;
     STACK_OF(X509_ALGOR) *digestAlgorithms;
     CMS_EncapsulatedContentInfo *encapContentInfo;
     STACK_OF(CMS_CertificateChoices) *certificates;
@@ -83,7 +79,7 @@ struct CMS_EncapsulatedContentInfo_st {
 };
 
 struct CMS_SignerInfo_st {
-    long version;
+    int32_t version;
     CMS_SignerIdentifier *sid;
     X509_ALGOR *digestAlgorithm;
     STACK_OF(X509_ATTRIBUTE) *signedAttrs;
@@ -107,7 +103,7 @@ struct CMS_SignerIdentifier_st {
 };
 
 struct CMS_EnvelopedData_st {
-    long version;
+    int32_t version;
     CMS_OriginatorInfo *originatorInfo;
     STACK_OF(CMS_RecipientInfo) *recipientInfos;
     CMS_EncryptedContentInfo *encryptedContentInfo;
@@ -145,7 +141,7 @@ struct CMS_RecipientInfo_st {
 typedef CMS_SignerIdentifier CMS_RecipientIdentifier;
 
 struct CMS_KeyTransRecipientInfo_st {
-    long version;
+    int32_t version;
     CMS_RecipientIdentifier *rid;
     X509_ALGOR *keyEncryptionAlgorithm;
     ASN1_OCTET_STRING *encryptedKey;
@@ -157,7 +153,7 @@ struct CMS_KeyTransRecipientInfo_st {
 };
 
 struct CMS_KeyAgreeRecipientInfo_st {
-    long version;
+    int32_t version;
     CMS_OriginatorIdentifierOrKey *originator;
     ASN1_OCTET_STRING *ukm;
     X509_ALGOR *keyEncryptionAlgorithm;
@@ -204,7 +200,7 @@ struct CMS_RecipientKeyIdentifier_st {
 };
 
 struct CMS_KEKRecipientInfo_st {
-    long version;
+    int32_t version;
     CMS_KEKIdentifier *kekid;
     X509_ALGOR *keyEncryptionAlgorithm;
     ASN1_OCTET_STRING *encryptedKey;
@@ -220,7 +216,7 @@ struct CMS_KEKIdentifier_st {
 };
 
 struct CMS_PasswordRecipientInfo_st {
-    long version;
+    int32_t version;
     X509_ALGOR *keyDerivationAlgorithm;
     X509_ALGOR *keyEncryptionAlgorithm;
     ASN1_OCTET_STRING *encryptedKey;
@@ -235,20 +231,20 @@ struct CMS_OtherRecipientInfo_st {
 };
 
 struct CMS_DigestedData_st {
-    long version;
+    int32_t version;
     X509_ALGOR *digestAlgorithm;
     CMS_EncapsulatedContentInfo *encapContentInfo;
     ASN1_OCTET_STRING *digest;
 };
 
 struct CMS_EncryptedData_st {
-    long version;
+    int32_t version;
     CMS_EncryptedContentInfo *encryptedContentInfo;
     STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs;
 };
 
 struct CMS_AuthenticatedData_st {
-    long version;
+    int32_t version;
     CMS_OriginatorInfo *originatorInfo;
     STACK_OF(CMS_RecipientInfo) *recipientInfos;
     X509_ALGOR *macAlgorithm;
@@ -260,7 +256,7 @@ struct CMS_AuthenticatedData_st {
 };
 
 struct CMS_CompressedData_st {
-    long version;
+    int32_t version;
     X509_ALGOR *compressionAlgorithm;
     STACK_OF(CMS_RecipientInfo) *recipientInfos;
     CMS_EncapsulatedContentInfo *encapContentInfo;
@@ -332,14 +328,14 @@ struct CMS_ReceiptRequest_st {
 struct CMS_ReceiptsFrom_st {
     int type;
     union {
-        long allOrFirstTier;
+        int32_t allOrFirstTier;
         STACK_OF(GENERAL_NAMES) *receiptList;
     } d;
 };
 # endif
 
 struct CMS_Receipt_st {
-    long version;
+    int32_t version;
     ASN1_OBJECT *contentType;
     ASN1_OCTET_STRING *signedContentIdentifier;
     ASN1_OCTET_STRING *originatorSignatureValue;
@@ -438,7 +434,4 @@ DECLARE_ASN1_ITEM(CMS_RevocationInfoChoice)
 DECLARE_ASN1_ITEM(CMS_SignedData)
 DECLARE_ASN1_ITEM(CMS_CompressedData)
 
-#ifdef  __cplusplus
-}
-#endif
 #endif
diff --git a/deps/openssl/openssl/crypto/cms/cms_lib.c b/deps/openssl/openssl/crypto/cms/cms_lib.c
index 7395684b61..c2cac26010 100644
--- a/deps/openssl/openssl/crypto/cms/cms_lib.c
+++ b/deps/openssl/openssl/crypto/cms/cms_lib.c
@@ -292,7 +292,7 @@ BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm)
     digest = EVP_get_digestbyobj(digestoid);
     if (!digest) {
         CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO,
-               CMS_R_UNKNOWN_DIGEST_ALGORIHM);
+               CMS_R_UNKNOWN_DIGEST_ALGORITHM);
         goto err;
     }
     mdbio = BIO_new(BIO_f_md());
diff --git a/deps/openssl/openssl/crypto/cms/cms_pwri.c b/deps/openssl/openssl/crypto/cms/cms_pwri.c
index 0571bb8026..eac9c2fc86 100644
--- a/deps/openssl/openssl/crypto/cms/cms_pwri.c
+++ b/deps/openssl/openssl/crypto/cms/cms_pwri.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -188,9 +188,10 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen,
         /* Invalid size */
         return 0;
     }
-    tmp = OPENSSL_malloc(inlen);
-    if (tmp == NULL)
+    if ((tmp = OPENSSL_malloc(inlen)) == NULL) {
+        CMSerr(CMS_F_KEK_UNWRAP_KEY, ERR_R_MALLOC_FAILURE);
         return 0;
+    }
     /* setup IV by decrypting last two blocks */
     if (!EVP_DecryptUpdate(ctx, tmp + inlen - 2 * blocklen, &outl,
                            in + inlen - 2 * blocklen, blocklen * 2)
@@ -325,7 +326,7 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
     if (!EVP_CipherInit_ex(kekctx, kekcipher, NULL, NULL, NULL, en_de))
         goto err;
     EVP_CIPHER_CTX_set_padding(kekctx, 0);
-    if (EVP_CIPHER_asn1_to_param(kekctx, kekalg->parameter) < 0) {
+    if (EVP_CIPHER_asn1_to_param(kekctx, kekalg->parameter) <= 0) {
         CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
                CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
         goto err;
diff --git a/deps/openssl/openssl/crypto/cms/cms_sd.c b/deps/openssl/openssl/crypto/cms/cms_sd.c
index 4108fe7082..ff2d540b6a 100644
--- a/deps/openssl/openssl/crypto/cms/cms_sd.c
+++ b/deps/openssl/openssl/crypto/cms/cms_sd.c
@@ -635,7 +635,7 @@ int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain)
 int CMS_SignerInfo_sign(CMS_SignerInfo *si)
 {
     EVP_MD_CTX *mctx = si->mctx;
-    EVP_PKEY_CTX *pctx;
+    EVP_PKEY_CTX *pctx = NULL;
     unsigned char *abuf = NULL;
     int alen;
     size_t siglen;
@@ -656,6 +656,7 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si)
         EVP_MD_CTX_reset(mctx);
         if (EVP_DigestSignInit(mctx, &pctx, md, NULL, si->pkey) <= 0)
             goto err;
+        si->pctx = pctx;
     }
 
     if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
diff --git a/deps/openssl/openssl/crypto/comp/c_zlib.c b/deps/openssl/openssl/crypto/comp/c_zlib.c
index 821dc099bb..d688deee5f 100644
--- a/deps/openssl/openssl/crypto/comp/c_zlib.c
+++ b/deps/openssl/openssl/crypto/comp/c_zlib.c
@@ -256,14 +256,13 @@ COMP_METHOD *COMP_zlib(void)
     meth = &zlib_stateful_method;
 #endif
 
-    return (meth);
+    return meth;
 }
 
 void comp_zlib_cleanup_int(void)
 {
 #ifdef ZLIB_SHARED
-    if (zlib_dso != NULL)
-        DSO_free(zlib_dso);
+    DSO_free(zlib_dso);
     zlib_dso = NULL;
 #endif
 }
@@ -297,7 +296,11 @@ static long bio_zlib_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp);
 static const BIO_METHOD bio_meth_zlib = {
     BIO_TYPE_COMP,
     "zlib",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
     bio_zlib_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
     bio_zlib_read,
     NULL,                      /* bio_zlib_puts, */
     NULL,                      /* bio_zlib_gets, */
diff --git a/deps/openssl/openssl/crypto/comp/comp_err.c b/deps/openssl/openssl/crypto/comp/comp_err.c
index 8e2e69568d..2dca315cf1 100644
--- a/deps/openssl/openssl/crypto/comp/comp_err.c
+++ b/deps/openssl/openssl/crypto/comp/comp_err.c
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -8,28 +8,27 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
 #include <openssl/err.h>
-#include <openssl/comp.h>
+#include <openssl/comperr.h>
 
-/* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_COMP,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_COMP,0,reason)
-
-static ERR_STRING_DATA COMP_str_functs[] = {
-    {ERR_FUNC(COMP_F_BIO_ZLIB_FLUSH), "bio_zlib_flush"},
-    {ERR_FUNC(COMP_F_BIO_ZLIB_NEW), "bio_zlib_new"},
-    {ERR_FUNC(COMP_F_BIO_ZLIB_READ), "bio_zlib_read"},
-    {ERR_FUNC(COMP_F_BIO_ZLIB_WRITE), "bio_zlib_write"},
+static const ERR_STRING_DATA COMP_str_functs[] = {
+    {ERR_PACK(ERR_LIB_COMP, COMP_F_BIO_ZLIB_FLUSH, 0), "bio_zlib_flush"},
+    {ERR_PACK(ERR_LIB_COMP, COMP_F_BIO_ZLIB_NEW, 0), "bio_zlib_new"},
+    {ERR_PACK(ERR_LIB_COMP, COMP_F_BIO_ZLIB_READ, 0), "bio_zlib_read"},
+    {ERR_PACK(ERR_LIB_COMP, COMP_F_BIO_ZLIB_WRITE, 0), "bio_zlib_write"},
+    {ERR_PACK(ERR_LIB_COMP, COMP_F_COMP_CTX_NEW, 0), "COMP_CTX_new"},
     {0, NULL}
 };
 
-static ERR_STRING_DATA COMP_str_reasons[] = {
-    {ERR_REASON(COMP_R_ZLIB_DEFLATE_ERROR), "zlib deflate error"},
-    {ERR_REASON(COMP_R_ZLIB_INFLATE_ERROR), "zlib inflate error"},
-    {ERR_REASON(COMP_R_ZLIB_NOT_SUPPORTED), "zlib not supported"},
+static const ERR_STRING_DATA COMP_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_COMP, 0, COMP_R_ZLIB_DEFLATE_ERROR),
+    "zlib deflate error"},
+    {ERR_PACK(ERR_LIB_COMP, 0, COMP_R_ZLIB_INFLATE_ERROR),
+    "zlib inflate error"},
+    {ERR_PACK(ERR_LIB_COMP, 0, COMP_R_ZLIB_NOT_SUPPORTED),
+    "zlib not supported"},
     {0, NULL}
 };
 
@@ -38,10 +37,9 @@ static ERR_STRING_DATA COMP_str_reasons[] = {
 int ERR_load_COMP_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
-
     if (ERR_func_error_string(COMP_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, COMP_str_functs);
-        ERR_load_strings(0, COMP_str_reasons);
+        ERR_load_strings_const(COMP_str_functs);
+        ERR_load_strings_const(COMP_str_reasons);
     }
 #endif
     return 1;
diff --git a/deps/openssl/openssl/crypto/comp/comp_lib.c b/deps/openssl/openssl/crypto/comp/comp_lib.c
index 32afd0dba8..6ae2114496 100644
--- a/deps/openssl/openssl/crypto/comp/comp_lib.c
+++ b/deps/openssl/openssl/crypto/comp/comp_lib.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -12,20 +12,23 @@
 #include <string.h>
 #include <openssl/objects.h>
 #include <openssl/comp.h>
+#include <openssl/err.h>
 #include "comp_lcl.h"
 
 COMP_CTX *COMP_CTX_new(COMP_METHOD *meth)
 {
     COMP_CTX *ret;
 
-    if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL)
-        return (NULL);
+    if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) {
+        COMPerr(COMP_F_COMP_CTX_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
     ret->meth = meth;
     if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
         OPENSSL_free(ret);
         ret = NULL;
     }
-    return (ret);
+    return ret;
 }
 
 const COMP_METHOD *COMP_CTX_get_method(const COMP_CTX *ctx)
@@ -47,7 +50,6 @@ void COMP_CTX_free(COMP_CTX *ctx)
 {
     if (ctx == NULL)
         return;
-
     if (ctx->meth->finish != NULL)
         ctx->meth->finish(ctx);
 
@@ -59,14 +61,14 @@ int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen,
 {
     int ret;
     if (ctx->meth->compress == NULL) {
-        return (-1);
+        return -1;
     }
     ret = ctx->meth->compress(ctx, out, olen, in, ilen);
     if (ret > 0) {
         ctx->compress_in += ilen;
         ctx->compress_out += ret;
     }
-    return (ret);
+    return ret;
 }
 
 int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
@@ -75,14 +77,14 @@ int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
     int ret;
 
     if (ctx->meth->expand == NULL) {
-        return (-1);
+        return -1;
     }
     ret = ctx->meth->expand(ctx, out, olen, in, ilen);
     if (ret > 0) {
         ctx->expand_in += ilen;
         ctx->expand_out += ret;
     }
-    return (ret);
+    return ret;
 }
 
 int COMP_CTX_get_type(const COMP_CTX* comp)
diff --git a/deps/openssl/openssl/crypto/conf/conf_api.c b/deps/openssl/openssl/crypto/conf/conf_api.c
index 36c91b1663..5e57d749ce 100644
--- a/deps/openssl/openssl/crypto/conf/conf_api.c
+++ b/deps/openssl/openssl/crypto/conf/conf_api.c
@@ -25,11 +25,11 @@ CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section)
     CONF_VALUE *v, vv;
 
     if ((conf == NULL) || (section == NULL))
-        return (NULL);
+        return NULL;
     vv.name = NULL;
     vv.section = (char *)section;
     v = lh_CONF_VALUE_retrieve(conf->data, &vv);
-    return (v);
+    return v;
 }
 
 /* Up until OpenSSL 0.9.5a, this was CONF_get_section */
@@ -42,7 +42,7 @@ STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf,
     if (v != NULL)
         return ((STACK_OF(CONF_VALUE) *)v->value);
     else
-        return (NULL);
+        return NULL;
 }
 
 int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value)
@@ -74,27 +74,27 @@ char *_CONF_get_string(const CONF *conf, const char *section,
     char *p;
 
     if (name == NULL)
-        return (NULL);
+        return NULL;
     if (conf != NULL) {
         if (section != NULL) {
             vv.name = (char *)name;
             vv.section = (char *)section;
             v = lh_CONF_VALUE_retrieve(conf->data, &vv);
             if (v != NULL)
-                return (v->value);
+                return v->value;
             if (strcmp(section, "ENV") == 0) {
                 p = ossl_safe_getenv(name);
                 if (p != NULL)
-                    return (p);
+                    return p;
             }
         }
         vv.section = "default";
         vv.name = (char *)name;
         v = lh_CONF_VALUE_retrieve(conf->data, &vv);
         if (v != NULL)
-            return (v->value);
+            return v->value;
         else
-            return (NULL);
+            return NULL;
     } else
         return ossl_safe_getenv(name);
 }
@@ -111,14 +111,14 @@ static int conf_value_cmp(const CONF_VALUE *a, const CONF_VALUE *b)
     if (a->section != b->section) {
         i = strcmp(a->section, b->section);
         if (i)
-            return (i);
+            return i;
     }
 
     if ((a->name != NULL) && (b->name != NULL)) {
         i = strcmp(a->name, b->name);
-        return (i);
+        return i;
     } else if (a->name == b->name)
-        return (0);
+        return 0;
     else
         return ((a->name == NULL) ? -1 : 1);
 }
@@ -205,8 +205,7 @@ CONF_VALUE *_CONF_new_section(CONF *conf, const char *section)
     v->value = (char *)sk;
 
     vv = lh_CONF_VALUE_insert(conf->data, v);
-    OPENSSL_assert(vv == NULL);
-    if (lh_CONF_VALUE_error(conf->data) > 0)
+    if (vv != NULL || lh_CONF_VALUE_error(conf->data) > 0)
         goto err;
     return v;
 
diff --git a/deps/openssl/openssl/crypto/conf/conf_def.c b/deps/openssl/openssl/crypto/conf/conf_def.c
index b443903f46..7f0d70ea69 100644
--- a/deps/openssl/openssl/crypto/conf/conf_def.c
+++ b/deps/openssl/openssl/crypto/conf/conf_def.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -12,13 +12,24 @@
 #include <stdio.h>
 #include <string.h>
 #include "internal/cryptlib.h"
-#include <openssl/stack.h>
+#include "internal/o_dir.h"
 #include <openssl/lhash.h>
 #include <openssl/conf.h>
 #include <openssl/conf_api.h>
 #include "conf_def.h"
 #include <openssl/buffer.h>
 #include <openssl/err.h>
+#ifndef OPENSSL_NO_POSIX_IO
+# include <sys/stat.h>
+# ifdef _WIN32
+#  define stat    _stat
+#  define strcasecmp _stricmp
+# endif
+#endif
+
+#ifndef S_ISDIR
+# define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR)
+#endif
 
 /*
  * The maximum length we can grow a value to after variable expansion. 64k
@@ -26,13 +37,20 @@
  */
 #define MAX_CONF_VALUE_LENGTH       65536
 
+static int is_keytype(const CONF *conf, char c, unsigned short type);
 static char *eat_ws(CONF *conf, char *p);
+static void trim_ws(CONF *conf, char *start);
 static char *eat_alpha_numeric(CONF *conf, char *p);
 static void clear_comments(CONF *conf, char *p);
 static int str_copy(CONF *conf, char *section, char **to, char *from);
 static char *scan_quote(CONF *conf, char *p);
 static char *scan_dquote(CONF *conf, char *p);
 #define scan_esc(conf,p)        (((IS_EOF((conf),(p)[1]))?((p)+1):((p)+2)))
+#ifndef OPENSSL_NO_POSIX_IO
+static BIO *process_include(char *include, OPENSSL_DIR_CTX **dirctx,
+                            char **dirpath);
+static BIO *get_next_file(const char *path, OPENSSL_DIR_CTX **dirctx);
+#endif
 
 static CONF *def_create(CONF_METHOD *meth);
 static int def_init_default(CONF *conf);
@@ -71,12 +89,12 @@ static CONF_METHOD WIN32_method = {
     def_load
 };
 
-CONF_METHOD *NCONF_default()
+CONF_METHOD *NCONF_default(void)
 {
     return &default_method;
 }
 
-CONF_METHOD *NCONF_WIN32()
+CONF_METHOD *NCONF_WIN32(void)
 {
     return &WIN32_method;
 }
@@ -174,6 +192,11 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
     char *section = NULL, *buf;
     char *start, *psection, *pname;
     void *h = (void *)(conf->data);
+    STACK_OF(BIO) *biosk = NULL;
+#ifndef OPENSSL_NO_POSIX_IO
+    char *dirpath = NULL;
+    OPENSSL_DIR_CTX *dirctx = NULL;
+#endif
 
     if ((buff = BUF_MEM_new()) == NULL) {
         CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_BUF_LIB);
@@ -206,11 +229,39 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
         }
         p = &(buff->data[bufnum]);
         *p = '\0';
+ read_retry:
         BIO_gets(in, p, CONFBUFSIZE - 1);
         p[CONFBUFSIZE - 1] = '\0';
         ii = i = strlen(p);
-        if (i == 0 && !again)
-            break;
+        if (i == 0 && !again) {
+            /* the currently processed BIO is at EOF */
+            BIO *parent;
+
+#ifndef OPENSSL_NO_POSIX_IO
+            /* continue processing with the next file from directory */
+            if (dirctx != NULL) {
+                BIO *next;
+
+                if ((next = get_next_file(dirpath, &dirctx)) != NULL) {
+                    BIO_vfree(in);
+                    in = next;
+                    goto read_retry;
+                } else {
+                    OPENSSL_free(dirpath);
+                    dirpath = NULL;
+                }
+            }
+#endif
+            /* no more files in directory, continue with processing parent */
+            if ((parent = sk_BIO_pop(biosk)) == NULL) {
+                /* everything processed get out of the loop */
+                break;
+            } else {
+                BIO_vfree(in);
+                in = parent;
+                goto read_retry;
+            }
+        }
         again = 0;
         while (i > 0) {
             if ((p[i - 1] != '\r') && (p[i - 1] != '\n'))
@@ -286,7 +337,6 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
             continue;
         } else {
             pname = s;
-            psection = NULL;
             end = eat_alpha_numeric(conf, s);
             if ((end[0] == ':') && (end[1] == ':')) {
                 *end = '\0';
@@ -294,36 +344,63 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
                 psection = pname;
                 pname = end;
                 end = eat_alpha_numeric(conf, end);
+            } else {
+                psection = section;
             }
             p = eat_ws(conf, end);
-            if (*p != '=') {
+            if (strncmp(pname, ".include", 8) == 0 && p != pname + 8) {
+                char *include = NULL;
+                BIO *next;
+
+                trim_ws(conf, p);
+                if (!str_copy(conf, psection, &include, p))
+                    goto err;
+                /* get the BIO of the included file */
+#ifndef OPENSSL_NO_POSIX_IO
+                next = process_include(include, &dirctx, &dirpath);
+                if (include != dirpath) {
+                    /* dirpath will contain include in case of a directory */
+                    OPENSSL_free(include);
+                }
+#else
+                next = BIO_new_file(include, "r");
+                OPENSSL_free(include);
+#endif
+                if (next != NULL) {
+                    /* push the currently processing BIO onto stack */
+                    if (biosk == NULL) {
+                        if ((biosk = sk_BIO_new_null()) == NULL) {
+                            CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
+                            goto err;
+                        }
+                    }
+                    if (!sk_BIO_push(biosk, in)) {
+                        CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
+                        goto err;
+                    }
+                    /* continue with reading from the included BIO */
+                    in = next;
+                }
+                continue;
+            } else if (*p != '=') {
                 CONFerr(CONF_F_DEF_LOAD_BIO, CONF_R_MISSING_EQUAL_SIGN);
                 goto err;
             }
             *end = '\0';
             p++;
             start = eat_ws(conf, p);
-            while (!IS_EOF(conf, *p))
-                p++;
-            p--;
-            while ((p != start) && (IS_WS(conf, *p)))
-                p--;
-            p++;
-            *p = '\0';
+            trim_ws(conf, start);
 
             if ((v = OPENSSL_malloc(sizeof(*v))) == NULL) {
                 CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
                 goto err;
             }
-            if (psection == NULL)
-                psection = section;
-            v->name = OPENSSL_malloc(strlen(pname) + 1);
+            v->name = OPENSSL_strdup(pname);
             v->value = NULL;
             if (v->name == NULL) {
                 CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
                 goto err;
             }
-            OPENSSL_strlcpy(v->name, pname, strlen(pname) + 1);
             if (!str_copy(conf, psection, &(v->value), start))
                 goto err;
 
@@ -347,10 +424,31 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
     }
     BUF_MEM_free(buff);
     OPENSSL_free(section);
-    return (1);
+    /*
+     * No need to pop, since we only get here if the stack is empty.
+     * If this causes a BIO leak, THE ISSUE IS SOMEWHERE ELSE!
+     */
+    sk_BIO_free(biosk);
+    return 1;
  err:
     BUF_MEM_free(buff);
     OPENSSL_free(section);
+    /*
+     * Since |in| is the first element of the stack and should NOT be freed
+     * here, we cannot use sk_BIO_pop_free().  Instead, we pop and free one
+     * BIO at a time, making sure that the last one popped isn't.
+     */
+    while (sk_BIO_num(biosk) > 0) {
+        BIO *popped = sk_BIO_pop(biosk);
+        BIO_vfree(in);
+        in = popped;
+    }
+    sk_BIO_free(biosk);
+#ifndef OPENSSL_NO_POSIX_IO
+    OPENSSL_free(dirpath);
+    if (dirctx != NULL)
+        OPENSSL_DIR_end(&dirctx);
+#endif
     if (line != NULL)
         *line = eline;
     BIO_snprintf(btmp, sizeof(btmp), "%ld", eline);
@@ -364,7 +462,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
         OPENSSL_free(v->value);
         OPENSSL_free(v);
     }
-    return (0);
+    return 0;
 }
 
 static void clear_comments(CONF *conf, char *p)
@@ -411,7 +509,7 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from)
     BUF_MEM *buf;
 
     if ((buf = BUF_MEM_new()) == NULL)
-        return (0);
+        return 0;
 
     len = strlen(from) + 1;
     if (!BUF_MEM_grow(buf, len))
@@ -479,7 +577,7 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from)
                 s++;
             cp = section;
             e = np = s;
-            while (IS_ALPHA_NUMERIC(conf, *e))
+            while (IS_ALNUM(conf, *e))
                 e++;
             if ((e[0] == ':') && (e[1] == ':')) {
                 cp = np;
@@ -488,7 +586,7 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from)
                 *rrp = '\0';
                 e += 2;
                 np = e;
-                while (IS_ALPHA_NUMERIC(conf, *e))
+                while (IS_ALNUM(conf, *e))
                     e++;
             }
             r = *e;
@@ -551,17 +649,150 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from)
     OPENSSL_free(*pto);
     *pto = buf->data;
     OPENSSL_free(buf);
-    return (1);
+    return 1;
  err:
     BUF_MEM_free(buf);
-    return (0);
+    return 0;
+}
+
+#ifndef OPENSSL_NO_POSIX_IO
+/*
+ * Check whether included path is a directory.
+ * Returns next BIO to process and in case of a directory
+ * also an opened directory context and the include path.
+ */
+static BIO *process_include(char *include, OPENSSL_DIR_CTX **dirctx,
+                            char **dirpath)
+{
+    struct stat st = { 0 };
+    BIO *next;
+
+    if (stat(include, &st) < 0) {
+        SYSerr(SYS_F_STAT, errno);
+        ERR_add_error_data(1, include);
+        /* missing include file is not fatal error */
+        return NULL;
+    }
+
+    if (S_ISDIR(st.st_mode)) {
+        if (*dirctx != NULL) {
+            CONFerr(CONF_F_PROCESS_INCLUDE,
+                    CONF_R_RECURSIVE_DIRECTORY_INCLUDE);
+            ERR_add_error_data(1, include);
+            return NULL;
+        }
+        /* a directory, load its contents */
+        if ((next = get_next_file(include, dirctx)) != NULL)
+            *dirpath = include;
+        return next;
+    }
+
+    next = BIO_new_file(include, "r");
+    return next;
+}
+
+/*
+ * Get next file from the directory path.
+ * Returns BIO of the next file to read and updates dirctx.
+ */
+static BIO *get_next_file(const char *path, OPENSSL_DIR_CTX **dirctx)
+{
+    const char *filename;
+
+    while ((filename = OPENSSL_DIR_read(dirctx, path)) != NULL) {
+        size_t namelen;
+
+        namelen = strlen(filename);
+
+
+        if ((namelen > 5 && strcasecmp(filename + namelen - 5, ".conf") == 0)
+            || (namelen > 4 && strcasecmp(filename + namelen - 4, ".cnf") == 0)) {
+            size_t newlen;
+            char *newpath;
+            BIO *bio;
+
+            newlen = strlen(path) + namelen + 2;
+            newpath = OPENSSL_zalloc(newlen);
+            if (newpath == NULL) {
+                CONFerr(CONF_F_GET_NEXT_FILE, ERR_R_MALLOC_FAILURE);
+                break;
+            }
+#ifdef OPENSSL_SYS_VMS
+            /*
+             * If the given path isn't clear VMS syntax,
+             * we treat it as on Unix.
+             */
+            {
+                size_t pathlen = strlen(path);
+
+                if (path[pathlen - 1] == ']' || path[pathlen - 1] == '>'
+                    || path[pathlen - 1] == ':') {
+                    /* Clear VMS directory syntax, just copy as is */
+                    OPENSSL_strlcpy(newpath, path, newlen);
+                }
+            }
+#endif
+            if (newpath[0] == '\0') {
+                OPENSSL_strlcpy(newpath, path, newlen);
+                OPENSSL_strlcat(newpath, "/", newlen);
+            }
+            OPENSSL_strlcat(newpath, filename, newlen);
+
+            bio = BIO_new_file(newpath, "r");
+            OPENSSL_free(newpath);
+            /* Errors when opening files are non-fatal. */
+            if (bio != NULL)
+                return bio;
+        }
+    }
+    OPENSSL_DIR_end(dirctx);
+    *dirctx = NULL;
+    return NULL;
+}
+#endif
+
+static int is_keytype(const CONF *conf, char c, unsigned short type)
+{
+    const unsigned short * keytypes = (const unsigned short *) conf->meth_data;
+    unsigned char key = (unsigned char)c;
+
+#ifdef CHARSET_EBCDIC
+# if CHAR_BIT > 8
+    if (key > 255) {
+        /* key is out of range for os_toascii table */
+        return 0;
+    }
+# endif
+    /* convert key from ebcdic to ascii */
+    key = os_toascii[key];
+#endif
+
+    if (key > 127) {
+        /* key is not a seven bit ascii character */
+        return 0;
+    }
+
+    return (keytypes[key] & type) ? 1 : 0;
 }
 
 static char *eat_ws(CONF *conf, char *p)
 {
     while (IS_WS(conf, *p) && (!IS_EOF(conf, *p)))
         p++;
-    return (p);
+    return p;
+}
+
+static void trim_ws(CONF *conf, char *start)
+{
+    char *p = start;
+
+    while (!IS_EOF(conf, *p))
+        p++;
+    p--;
+    while ((p >= start) && IS_WS(conf, *p))
+        p--;
+    p++;
+    *p = '\0';
 }
 
 static char *eat_alpha_numeric(CONF *conf, char *p)
@@ -571,8 +802,8 @@ static char *eat_alpha_numeric(CONF *conf, char *p)
             p = scan_esc(conf, p);
             continue;
         }
-        if (!IS_ALPHA_NUMERIC_PUNCT(conf, *p))
-            return (p);
+        if (!IS_ALNUM_PUNCT(conf, *p))
+            return p;
         p++;
     }
 }
@@ -586,13 +817,13 @@ static char *scan_quote(CONF *conf, char *p)
         if (IS_ESC(conf, *p)) {
             p++;
             if (IS_EOF(conf, *p))
-                return (p);
+                return p;
         }
         p++;
     }
     if (*p == q)
         p++;
-    return (p);
+    return p;
 }
 
 static char *scan_dquote(CONF *conf, char *p)
@@ -612,7 +843,7 @@ static char *scan_dquote(CONF *conf, char *p)
     }
     if (*p == q)
         p++;
-    return (p);
+    return p;
 }
 
 static void dump_value_doall_arg(const CONF_VALUE *a, BIO *out)
diff --git a/deps/openssl/openssl/crypto/conf/conf_def.h b/deps/openssl/openssl/crypto/conf/conf_def.h
index da4767e196..73e88baa8b 100644
--- a/deps/openssl/openssl/crypto/conf/conf_def.h
+++ b/deps/openssl/openssl/crypto/conf/conf_def.h
@@ -2,63 +2,42 @@
  * WARNING: do not edit!
  * Generated by crypto/conf/keysets.pl
  *
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
  * https://www.openssl.org/source/license.html
  */
 
-#define CONF_NUMBER             1
-#define CONF_UPPER              2
-#define CONF_LOWER              4
-#define CONF_UNDER              256
-#define CONF_PUNCTUATION        512
-#define CONF_WS                 16
-#define CONF_ESC                32
-#define CONF_QUOTE              64
-#define CONF_DQUOTE             1024
-#define CONF_COMMENT            128
-#define CONF_FCOMMENT           2048
-#define CONF_EOF                8
-#define CONF_HIGHBIT            4096
-#define CONF_ALPHA              (CONF_UPPER|CONF_LOWER)
-#define CONF_ALPHA_NUMERIC      (CONF_ALPHA|CONF_NUMBER|CONF_UNDER)
-#define CONF_ALPHA_NUMERIC_PUNCT (CONF_ALPHA|CONF_NUMBER|CONF_UNDER| \
-                                        CONF_PUNCTUATION)
+#define CONF_NUMBER       1
+#define CONF_UPPER        2
+#define CONF_LOWER        4
+#define CONF_UNDER        256
+#define CONF_PUNCT        512
+#define CONF_WS           16
+#define CONF_ESC          32
+#define CONF_QUOTE        64
+#define CONF_DQUOTE       1024
+#define CONF_COMMENT      128
+#define CONF_FCOMMENT     2048
+#define CONF_EOF          8
+#define CONF_ALPHA        (CONF_UPPER|CONF_LOWER)
+#define CONF_ALNUM        (CONF_ALPHA|CONF_NUMBER|CONF_UNDER)
+#define CONF_ALNUM_PUNCT  (CONF_ALPHA|CONF_NUMBER|CONF_UNDER|CONF_PUNCT)
 
-#define KEYTYPES(c)             ((const unsigned short *)((c)->meth_data))
-#ifndef CHARSET_EBCDIC
-# define IS_COMMENT(c,a)         (KEYTYPES(c)[(a)&0xff]&CONF_COMMENT)
-# define IS_FCOMMENT(c,a)        (KEYTYPES(c)[(a)&0xff]&CONF_FCOMMENT)
-# define IS_EOF(c,a)             (KEYTYPES(c)[(a)&0xff]&CONF_EOF)
-# define IS_ESC(c,a)             (KEYTYPES(c)[(a)&0xff]&CONF_ESC)
-# define IS_NUMBER(c,a)          (KEYTYPES(c)[(a)&0xff]&CONF_NUMBER)
-# define IS_WS(c,a)              (KEYTYPES(c)[(a)&0xff]&CONF_WS)
-# define IS_ALPHA_NUMERIC(c,a)   (KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC)
-# define IS_ALPHA_NUMERIC_PUNCT(c,a) \
-                                (KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC_PUNCT)
-# define IS_QUOTE(c,a)           (KEYTYPES(c)[(a)&0xff]&CONF_QUOTE)
-# define IS_DQUOTE(c,a)          (KEYTYPES(c)[(a)&0xff]&CONF_DQUOTE)
-# define IS_HIGHBIT(c,a)         (KEYTYPES(c)[(a)&0xff]&CONF_HIGHBIT)
 
-#else                           /* CHARSET_EBCDIC */
+#define IS_COMMENT(conf,c)     is_keytype(conf, c, CONF_COMMENT)
+#define IS_FCOMMENT(conf,c)    is_keytype(conf, c, CONF_FCOMMENT)
+#define IS_EOF(conf,c)         is_keytype(conf, c, CONF_EOF)
+#define IS_ESC(conf,c)         is_keytype(conf, c, CONF_ESC)
+#define IS_NUMBER(conf,c)      is_keytype(conf, c, CONF_NUMBER)
+#define IS_WS(conf,c)          is_keytype(conf, c, CONF_WS)
+#define IS_ALNUM(conf,c)       is_keytype(conf, c, CONF_ALNUM)
+#define IS_ALNUM_PUNCT(conf,c) is_keytype(conf, c, CONF_ALNUM_PUNCT)
+#define IS_QUOTE(conf,c)       is_keytype(conf, c, CONF_QUOTE)
+#define IS_DQUOTE(conf,c)      is_keytype(conf, c, CONF_DQUOTE)
 
-# define IS_COMMENT(c,a)         (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_COMMENT)
-# define IS_FCOMMENT(c,a)        (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_FCOMMENT)
-# define IS_EOF(c,a)             (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_EOF)
-# define IS_ESC(c,a)             (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_ESC)
-# define IS_NUMBER(c,a)          (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_NUMBER)
-# define IS_WS(c,a)              (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_WS)
-# define IS_ALPHA_NUMERIC(c,a)   (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_ALPHA_NUMERIC)
-# define IS_ALPHA_NUMERIC_PUNCT(c,a) \
-                                (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_ALPHA_NUMERIC_PUNCT)
-# define IS_QUOTE(c,a)           (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_QUOTE)
-# define IS_DQUOTE(c,a)          (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_DQUOTE)
-# define IS_HIGHBIT(c,a)         (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_HIGHBIT)
-#endif                          /* CHARSET_EBCDIC */
-
-static const unsigned short CONF_type_default[256] = {
+static const unsigned short CONF_type_default[128] = {
     0x0008, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
     0x0000, 0x0010, 0x0010, 0x0000, 0x0000, 0x0010, 0x0000, 0x0000,
     0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
@@ -75,25 +54,9 @@ static const unsigned short CONF_type_default[256] = {
     0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004,
     0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004,
     0x0004, 0x0004, 0x0004, 0x0000, 0x0200, 0x0000, 0x0200, 0x0000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
 };
 
-static const unsigned short CONF_type_win32[256] = {
+static const unsigned short CONF_type_win32[128] = {
     0x0008, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
     0x0000, 0x0010, 0x0010, 0x0000, 0x0000, 0x0010, 0x0000, 0x0000,
     0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
@@ -110,20 +73,4 @@ static const unsigned short CONF_type_win32[256] = {
     0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004,
     0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004,
     0x0004, 0x0004, 0x0004, 0x0000, 0x0200, 0x0000, 0x0200, 0x0000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
-    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
 };
diff --git a/deps/openssl/openssl/crypto/conf/conf_err.c b/deps/openssl/openssl/crypto/conf/conf_err.c
index 19f480d5b3..f7613584ec 100644
--- a/deps/openssl/openssl/crypto/conf/conf_err.c
+++ b/deps/openssl/openssl/crypto/conf/conf_err.c
@@ -8,68 +8,76 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
 #include <openssl/err.h>
-#include <openssl/conf.h>
+#include <openssl/conferr.h>
 
-/* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_CONF,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_CONF,0,reason)
-
-static ERR_STRING_DATA CONF_str_functs[] = {
-    {ERR_FUNC(CONF_F_CONF_DUMP_FP), "CONF_dump_fp"},
-    {ERR_FUNC(CONF_F_CONF_LOAD), "CONF_load"},
-    {ERR_FUNC(CONF_F_CONF_LOAD_FP), "CONF_load_fp"},
-    {ERR_FUNC(CONF_F_CONF_PARSE_LIST), "CONF_parse_list"},
-    {ERR_FUNC(CONF_F_DEF_LOAD), "def_load"},
-    {ERR_FUNC(CONF_F_DEF_LOAD_BIO), "def_load_bio"},
-    {ERR_FUNC(CONF_F_MODULE_INIT), "module_init"},
-    {ERR_FUNC(CONF_F_MODULE_LOAD_DSO), "module_load_dso"},
-    {ERR_FUNC(CONF_F_MODULE_RUN), "module_run"},
-    {ERR_FUNC(CONF_F_NCONF_DUMP_BIO), "NCONF_dump_bio"},
-    {ERR_FUNC(CONF_F_NCONF_DUMP_FP), "NCONF_dump_fp"},
-    {ERR_FUNC(CONF_F_NCONF_GET_NUMBER_E), "NCONF_get_number_e"},
-    {ERR_FUNC(CONF_F_NCONF_GET_SECTION), "NCONF_get_section"},
-    {ERR_FUNC(CONF_F_NCONF_GET_STRING), "NCONF_get_string"},
-    {ERR_FUNC(CONF_F_NCONF_LOAD), "NCONF_load"},
-    {ERR_FUNC(CONF_F_NCONF_LOAD_BIO), "NCONF_load_bio"},
-    {ERR_FUNC(CONF_F_NCONF_LOAD_FP), "NCONF_load_fp"},
-    {ERR_FUNC(CONF_F_NCONF_NEW), "NCONF_new"},
-    {ERR_FUNC(CONF_F_SSL_MODULE_INIT), "ssl_module_init"},
-    {ERR_FUNC(CONF_F_STR_COPY), "str_copy"},
+static const ERR_STRING_DATA CONF_str_functs[] = {
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_CONF_DUMP_FP, 0), "CONF_dump_fp"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_CONF_LOAD, 0), "CONF_load"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_CONF_LOAD_FP, 0), "CONF_load_fp"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_CONF_PARSE_LIST, 0), "CONF_parse_list"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_DEF_LOAD, 0), "def_load"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_DEF_LOAD_BIO, 0), "def_load_bio"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_GET_NEXT_FILE, 0), "get_next_file"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_MODULE_ADD, 0), "module_add"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_MODULE_INIT, 0), "module_init"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_MODULE_LOAD_DSO, 0), "module_load_dso"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_MODULE_RUN, 0), "module_run"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_NCONF_DUMP_BIO, 0), "NCONF_dump_bio"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_NCONF_DUMP_FP, 0), "NCONF_dump_fp"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_NCONF_GET_NUMBER_E, 0),
+     "NCONF_get_number_e"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_NCONF_GET_SECTION, 0), "NCONF_get_section"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_NCONF_GET_STRING, 0), "NCONF_get_string"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_NCONF_LOAD, 0), "NCONF_load"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_NCONF_LOAD_BIO, 0), "NCONF_load_bio"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_NCONF_LOAD_FP, 0), "NCONF_load_fp"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_NCONF_NEW, 0), "NCONF_new"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_PROCESS_INCLUDE, 0), "process_include"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_SSL_MODULE_INIT, 0), "ssl_module_init"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_STR_COPY, 0), "str_copy"},
     {0, NULL}
 };
 
-static ERR_STRING_DATA CONF_str_reasons[] = {
-    {ERR_REASON(CONF_R_ERROR_LOADING_DSO), "error loading dso"},
-    {ERR_REASON(CONF_R_LIST_CANNOT_BE_NULL), "list cannot be null"},
-    {ERR_REASON(CONF_R_MISSING_CLOSE_SQUARE_BRACKET),
-     "missing close square bracket"},
-    {ERR_REASON(CONF_R_MISSING_EQUAL_SIGN), "missing equal sign"},
-    {ERR_REASON(CONF_R_MISSING_INIT_FUNCTION), "missing init function"},
-    {ERR_REASON(CONF_R_MODULE_INITIALIZATION_ERROR),
-     "module initialization error"},
-    {ERR_REASON(CONF_R_NO_CLOSE_BRACE), "no close brace"},
-    {ERR_REASON(CONF_R_NO_CONF), "no conf"},
-    {ERR_REASON(CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE),
-     "no conf or environment variable"},
-    {ERR_REASON(CONF_R_NO_SECTION), "no section"},
-    {ERR_REASON(CONF_R_NO_SUCH_FILE), "no such file"},
-    {ERR_REASON(CONF_R_NO_VALUE), "no value"},
-    {ERR_REASON(CONF_R_SSL_COMMAND_SECTION_EMPTY),
-     "ssl command section empty"},
-    {ERR_REASON(CONF_R_SSL_COMMAND_SECTION_NOT_FOUND),
-     "ssl command section not found"},
-    {ERR_REASON(CONF_R_SSL_SECTION_EMPTY), "ssl section empty"},
-    {ERR_REASON(CONF_R_SSL_SECTION_NOT_FOUND), "ssl section not found"},
-    {ERR_REASON(CONF_R_UNABLE_TO_CREATE_NEW_SECTION),
-     "unable to create new section"},
-    {ERR_REASON(CONF_R_UNKNOWN_MODULE_NAME), "unknown module name"},
-    {ERR_REASON(CONF_R_VARIABLE_EXPANSION_TOO_LONG),
-     "variable expansion too long"},
-    {ERR_REASON(CONF_R_VARIABLE_HAS_NO_VALUE), "variable has no value"},
+static const ERR_STRING_DATA CONF_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_ERROR_LOADING_DSO), "error loading dso"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_LIST_CANNOT_BE_NULL),
+    "list cannot be null"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_MISSING_CLOSE_SQUARE_BRACKET),
+    "missing close square bracket"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_MISSING_EQUAL_SIGN),
+    "missing equal sign"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_MISSING_INIT_FUNCTION),
+    "missing init function"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_MODULE_INITIALIZATION_ERROR),
+    "module initialization error"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NO_CLOSE_BRACE), "no close brace"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NO_CONF), "no conf"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE),
+    "no conf or environment variable"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NO_SECTION), "no section"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NO_SUCH_FILE), "no such file"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NO_VALUE), "no value"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NUMBER_TOO_LARGE), "number too large"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_RECURSIVE_DIRECTORY_INCLUDE),
+    "recursive directory include"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_SSL_COMMAND_SECTION_EMPTY),
+    "ssl command section empty"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_SSL_COMMAND_SECTION_NOT_FOUND),
+    "ssl command section not found"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_SSL_SECTION_EMPTY), "ssl section empty"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_SSL_SECTION_NOT_FOUND),
+    "ssl section not found"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_UNABLE_TO_CREATE_NEW_SECTION),
+    "unable to create new section"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_UNKNOWN_MODULE_NAME),
+    "unknown module name"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_VARIABLE_EXPANSION_TOO_LONG),
+    "variable expansion too long"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_VARIABLE_HAS_NO_VALUE),
+    "variable has no value"},
     {0, NULL}
 };
 
@@ -78,10 +86,9 @@ static ERR_STRING_DATA CONF_str_reasons[] = {
 int ERR_load_CONF_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
-
     if (ERR_func_error_string(CONF_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, CONF_str_functs);
-        ERR_load_strings(0, CONF_str_reasons);
+        ERR_load_strings_const(CONF_str_functs);
+        ERR_load_strings_const(CONF_str_reasons);
     }
 #endif
     return 1;
diff --git a/deps/openssl/openssl/crypto/conf/conf_lib.c b/deps/openssl/openssl/crypto/conf/conf_lib.c
index 3532114917..07110d8502 100644
--- a/deps/openssl/openssl/crypto/conf/conf_lib.c
+++ b/deps/openssl/openssl/crypto/conf/conf_lib.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -7,15 +7,16 @@
  * https://www.openssl.org/source/license.html
  */
 
+#include "e_os.h"
 #include <stdio.h>
 #include <string.h>
-#include <internal/conf.h>
+#include "internal/conf.h"
+#include "internal/ctype.h"
 #include <openssl/crypto.h>
 #include <openssl/err.h>
 #include <openssl/conf.h>
 #include <openssl/conf_api.h>
 #include <openssl/lhash.h>
-#include "e_os.h"
 
 static CONF_METHOD *default_CONF_method = NULL;
 
@@ -123,6 +124,7 @@ long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group,
     int status;
     long result = 0;
 
+    ERR_set_mark();
     if (conf == NULL) {
         status = NCONF_get_number_e(NULL, group, name, &result);
     } else {
@@ -130,12 +132,8 @@ long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group,
         CONF_set_nconf(&ctmp, conf);
         status = NCONF_get_number_e(&ctmp, group, name, &result);
     }
-
-    if (status == 0) {
-        /* This function does not believe in errors... */
-        ERR_clear_error();
-    }
-    return result;
+    ERR_pop_to_mark();
+    return status == 0 ? 0L : result;
 }
 
 void CONF_free(LHASH_OF(CONF_VALUE) *conf)
@@ -186,7 +184,7 @@ CONF *NCONF_new(CONF_METHOD *meth)
     ret = meth->create(meth);
     if (ret == NULL) {
         CONFerr(CONF_F_NCONF_NEW, ERR_R_MALLOC_FAILURE);
-        return (NULL);
+        return NULL;
     }
 
     return ret;
@@ -277,10 +275,23 @@ char *NCONF_get_string(const CONF *conf, const char *group, const char *name)
     return NULL;
 }
 
+static int default_is_number(const CONF *conf, char c)
+{
+    return ossl_isdigit(c);
+}
+
+static int default_to_int(const CONF *conf, char c)
+{
+    return (int)(c - '0');
+}
+
 int NCONF_get_number_e(const CONF *conf, const char *group, const char *name,
                        long *result)
 {
     char *str;
+    long res;
+    int (*is_number)(const CONF *, char) = &default_is_number;
+    int (*to_int)(const CONF *, char) = &default_to_int;
 
     if (result == NULL) {
         CONFerr(CONF_F_NCONF_GET_NUMBER_E, ERR_R_PASSED_NULL_PARAMETER);
@@ -292,11 +303,23 @@ int NCONF_get_number_e(const CONF *conf, const char *group, const char *name,
     if (str == NULL)
         return 0;
 
-    for (*result = 0; conf->meth->is_number(conf, *str);) {
-        *result = (*result) * 10 + conf->meth->to_int(conf, *str);
-        str++;
+    if (conf != NULL) {
+        if (conf->meth->is_number != NULL)
+            is_number = conf->meth->is_number;
+        if (conf->meth->to_int != NULL)
+            to_int = conf->meth->to_int;
+    }
+    for (res = 0; is_number(conf, *str); str++) {
+        const int d = to_int(conf, *str);
+
+        if (res > (LONG_MAX - d) / 10L) {
+            CONFerr(CONF_F_NCONF_GET_NUMBER_E, CONF_R_NUMBER_TOO_LARGE);
+            return 0;
+        }
+        res = res * 10 + d;
     }
 
+    *result = res;
     return 1;
 }
 
diff --git a/deps/openssl/openssl/crypto/conf/conf_mod.c b/deps/openssl/openssl/crypto/conf/conf_mod.c
index 722fe46061..51f262e774 100644
--- a/deps/openssl/openssl/crypto/conf/conf_mod.c
+++ b/deps/openssl/openssl/crypto/conf/conf_mod.c
@@ -7,10 +7,10 @@
  * https://www.openssl.org/source/license.html
  */
 
+#include "internal/cryptlib.h"
 #include <stdio.h>
 #include <ctype.h>
 #include <openssl/crypto.h>
-#include "internal/cryptlib.h"
 #include "internal/conf.h"
 #include "internal/dso.h"
 #include <openssl/x509.h>
@@ -170,6 +170,7 @@ static int module_run(const CONF *cnf, const char *name, const char *value,
     if (ret <= 0) {
         if (!(flags & CONF_MFLAGS_SILENT)) {
             char rcode[DECIMAL_SIZE(ret) + 1];
+
             CONFerr(CONF_F_MODULE_RUN, CONF_R_MODULE_INITIALIZATION_ERROR);
             BIO_snprintf(rcode, sizeof(rcode), "%-8d", ret);
             ERR_add_error_data(6, "module=", name, ", value=", value,
@@ -231,9 +232,10 @@ static CONF_MODULE *module_add(DSO *dso, const char *name,
         supported_modules = sk_CONF_MODULE_new_null();
     if (supported_modules == NULL)
         return NULL;
-    tmod = OPENSSL_zalloc(sizeof(*tmod));
-    if (tmod == NULL)
+    if ((tmod = OPENSSL_zalloc(sizeof(*tmod))) == NULL) {
+        CONFerr(CONF_F_MODULE_ADD, ERR_R_MALLOC_FAILURE);
         return NULL;
+    }
 
     tmod->dso = dso;
     tmod->name = OPENSSL_strdup(name);
@@ -475,7 +477,7 @@ void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data)
 
 char *CONF_get1_default_config_file(void)
 {
-    char *file;
+    char *file, *sep = "";
     int len;
 
     if ((file = ossl_safe_getenv("OPENSSL_CONF")) != NULL)
@@ -484,6 +486,7 @@ char *CONF_get1_default_config_file(void)
     len = strlen(X509_get_default_cert_area());
 #ifndef OPENSSL_SYS_VMS
     len++;
+    sep = "/";
 #endif
     len += strlen(OPENSSL_CONF);
 
@@ -491,11 +494,8 @@ char *CONF_get1_default_config_file(void)
 
     if (file == NULL)
         return NULL;
-    OPENSSL_strlcpy(file, X509_get_default_cert_area(), len + 1);
-#ifndef OPENSSL_SYS_VMS
-    OPENSSL_strlcat(file, "/", len + 1);
-#endif
-    OPENSSL_strlcat(file, OPENSSL_CONF, len + 1);
+    BIO_snprintf(file, len + 1, "%s%s%s", X509_get_default_cert_area(),
+                 sep, OPENSSL_CONF);
 
     return file;
 }
diff --git a/deps/openssl/openssl/crypto/conf/conf_sap.c b/deps/openssl/openssl/crypto/conf/conf_sap.c
index bed95abea4..3d2e065e5b 100644
--- a/deps/openssl/openssl/crypto/conf/conf_sap.c
+++ b/deps/openssl/openssl/crypto/conf/conf_sap.c
@@ -10,11 +10,15 @@
 #include <stdio.h>
 #include <openssl/crypto.h>
 #include "internal/cryptlib.h"
-#include <internal/conf.h>
+#include "internal/conf.h"
 #include <openssl/x509.h>
 #include <openssl/asn1.h>
 #include <openssl/engine.h>
 
+#ifdef _WIN32
+# define strdup _strdup
+#endif
+
 /*
  * This is the automatic configuration loader: it is called automatically by
  * OpenSSL when any of a number of standard initialisation functions are
diff --git a/deps/openssl/openssl/crypto/conf/conf_ssl.c b/deps/openssl/openssl/crypto/conf/conf_ssl.c
index 015c46c6da..024bdb4808 100644
--- a/deps/openssl/openssl/crypto/conf/conf_ssl.c
+++ b/deps/openssl/openssl/crypto/conf/conf_ssl.c
@@ -76,6 +76,7 @@ static int ssl_module_init(CONF_IMODULE *md, const CONF *cnf)
         goto err;
     }
     cnt = sk_CONF_VALUE_num(cmd_lists);
+    ssl_module_free(md);
     ssl_names = OPENSSL_zalloc(sizeof(*ssl_names) * cnt);
     ssl_names_count = cnt;
     for (i = 0; i < ssl_names_count; i++) {
diff --git a/deps/openssl/openssl/crypto/conf/keysets.pl b/deps/openssl/openssl/crypto/conf/keysets.pl
index 5af08ae20a..cfa230ec3a 100644
--- a/deps/openssl/openssl/crypto/conf/keysets.pl
+++ b/deps/openssl/openssl/crypto/conf/keysets.pl
@@ -1,141 +1,116 @@
 #! /usr/bin/env perl
-# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
 # in the file LICENSE in the source distribution or at
 # https://www.openssl.org/source/license.html
 
-$NUMBER=0x01;
-$UPPER=0x02;
-$LOWER=0x04;
-$UNDER=0x100;
-$PUNCTUATION=0x200;
-$WS=0x10;
-$ESC=0x20;
-$QUOTE=0x40;
-$DQUOTE=0x400;
-$COMMENT=0x80;
-$FCOMMENT=0x800;
-$EOF=0x08;
-$HIGHBIT=0x1000;
-
-foreach (0 .. 255)
-	{
-	$v=0;
-	$c=sprintf("%c",$_);
-	$v|=$NUMBER	if ($c =~ /[0-9]/);
-	$v|=$UPPER	if ($c =~ /[A-Z]/);
-	$v|=$LOWER	if ($c =~ /[a-z]/);
-	$v|=$UNDER	if ($c =~ /_/);
-	$v|=$PUNCTUATION if ($c =~ /[!\.%&\*\+,\/;\?\@\^\~\|-]/);
-	$v|=$WS		if ($c =~ /[ \t\r\n]/);
-	$v|=$ESC	if ($c =~ /\\/);
-	$v|=$QUOTE	if ($c =~ /['`"]/); # for emacs: "`'}/)
-	$v|=$COMMENT	if ($c =~ /\#/);
-	$v|=$EOF	if ($c =~ /\0/);
-	$v|=$HIGHBIT	if ($c =~/[\x80-\xff]/);
-
-	push(@V_def,$v);
-	}
-
-foreach (0 .. 255)
-	{
-	$v=0;
-	$c=sprintf("%c",$_);
-	$v|=$NUMBER	if ($c =~ /[0-9]/);
-	$v|=$UPPER	if ($c =~ /[A-Z]/);
-	$v|=$LOWER	if ($c =~ /[a-z]/);
-	$v|=$UNDER	if ($c =~ /_/);
-	$v|=$PUNCTUATION if ($c =~ /[!\.%&\*\+,\/;\?\@\^\~\|-]/);
-	$v|=$WS		if ($c =~ /[ \t\r\n]/);
-	$v|=$DQUOTE	if ($c =~ /["]/); # for emacs: "}/)
-	$v|=$FCOMMENT	if ($c =~ /;/);
-	$v|=$EOF	if ($c =~ /\0/);
-	$v|=$HIGHBIT	if ($c =~/[\x80-\xff]/);
-
-	push(@V_w32,$v);
-	}
+use strict;
+use warnings;
+
+my $NUMBER      = 0x0001;
+my $UPPER       = 0x0002;
+my $LOWER       = 0x0004;
+my $UNDER       = 0x0100;
+my $PUNCTUATION = 0x0200;
+my $WS          = 0x0010;
+my $ESC         = 0x0020;
+my $QUOTE       = 0x0040;
+my $DQUOTE      = 0x0400;
+my $COMMENT     = 0x0080;
+my $FCOMMENT    = 0x0800;
+my $EOF         = 0x0008;
+my @V_def;
+my @V_w32;
+
+my $v;
+my $c;
+foreach (0 .. 127) {
+    $c = sprintf("%c", $_);
+    $v = 0;
+    $v |= $NUMBER      if $c =~ /[0-9]/;
+    $v |= $UPPER       if $c =~ /[A-Z]/;
+    $v |= $LOWER       if $c =~ /[a-z]/;
+    $v |= $UNDER       if $c =~ /_/;
+    $v |= $PUNCTUATION if $c =~ /[!\.%&\*\+,\/;\?\@\^\~\|-]/;
+    $v |= $WS          if $c =~ /[ \t\r\n]/;
+    $v |= $ESC         if $c =~ /\\/;
+    $v |= $QUOTE       if $c =~ /['`"]/;         # for emacs: "`'
+    $v |= $COMMENT     if $c =~ /\#/;
+    $v |= $EOF         if $c =~ /\0/;
+    push(@V_def, $v);
+
+    $v = 0;
+    $v |= $NUMBER      if $c =~ /[0-9]/;
+    $v |= $UPPER       if $c =~ /[A-Z]/;
+    $v |= $LOWER       if $c =~ /[a-z]/;
+    $v |= $UNDER       if $c =~ /_/;
+    $v |= $PUNCTUATION if $c =~ /[!\.%&\*\+,\/;\?\@\^\~\|-]/;
+    $v |= $WS          if $c =~ /[ \t\r\n]/;
+    $v |= $DQUOTE      if $c =~ /["]/;           # for emacs: "
+    $v |= $FCOMMENT    if $c =~ /;/;
+    $v |= $EOF         if $c =~ /\0/;
+    push(@V_w32, $v);
+}
+
+# Output year depends on the year of the script.
+my $YEAR = [localtime([stat($0)]->[9])]->[5] + 1900;
 
 print <<"EOF";
 /*
  * WARNING: do not edit!
  * Generated by crypto/conf/keysets.pl
  *
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-$YEAR The OpenSSL Project Authors. All Rights Reserved.
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
  * https://www.openssl.org/source/license.html
  */
 
-#define CONF_NUMBER             $NUMBER
-#define CONF_UPPER              $UPPER
-#define CONF_LOWER              $LOWER
-#define CONF_UNDER              $UNDER
-#define CONF_PUNCTUATION        $PUNCTUATION
-#define CONF_WS                 $WS
-#define CONF_ESC                $ESC
-#define CONF_QUOTE              $QUOTE
-#define CONF_DQUOTE             $DQUOTE
-#define CONF_COMMENT            $COMMENT
-#define CONF_FCOMMENT           $FCOMMENT
-#define CONF_EOF                $EOF
-#define CONF_HIGHBIT            $HIGHBIT
-#define CONF_ALPHA              (CONF_UPPER|CONF_LOWER)
-#define CONF_ALPHA_NUMERIC      (CONF_ALPHA|CONF_NUMBER|CONF_UNDER)
-#define CONF_ALPHA_NUMERIC_PUNCT (CONF_ALPHA|CONF_NUMBER|CONF_UNDER| \\
-                                        CONF_PUNCTUATION)
-
-#define KEYTYPES(c)             ((const unsigned short *)((c)->meth_data))
-#ifndef CHARSET_EBCDIC
-# define IS_COMMENT(c,a)         (KEYTYPES(c)[(a)&0xff]&CONF_COMMENT)
-# define IS_FCOMMENT(c,a)        (KEYTYPES(c)[(a)&0xff]&CONF_FCOMMENT)
-# define IS_EOF(c,a)             (KEYTYPES(c)[(a)&0xff]&CONF_EOF)
-# define IS_ESC(c,a)             (KEYTYPES(c)[(a)&0xff]&CONF_ESC)
-# define IS_NUMBER(c,a)          (KEYTYPES(c)[(a)&0xff]&CONF_NUMBER)
-# define IS_WS(c,a)              (KEYTYPES(c)[(a)&0xff]&CONF_WS)
-# define IS_ALPHA_NUMERIC(c,a)   (KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC)
-# define IS_ALPHA_NUMERIC_PUNCT(c,a) \\
-                                (KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC_PUNCT)
-# define IS_QUOTE(c,a)           (KEYTYPES(c)[(a)&0xff]&CONF_QUOTE)
-# define IS_DQUOTE(c,a)          (KEYTYPES(c)[(a)&0xff]&CONF_DQUOTE)
-# define IS_HIGHBIT(c,a)         (KEYTYPES(c)[(a)&0xff]&CONF_HIGHBIT)
-
-#else                           /* CHARSET_EBCDIC */
-
-# define IS_COMMENT(c,a)         (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_COMMENT)
-# define IS_FCOMMENT(c,a)        (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_FCOMMENT)
-# define IS_EOF(c,a)             (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_EOF)
-# define IS_ESC(c,a)             (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_ESC)
-# define IS_NUMBER(c,a)          (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_NUMBER)
-# define IS_WS(c,a)              (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_WS)
-# define IS_ALPHA_NUMERIC(c,a)   (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_ALPHA_NUMERIC)
-# define IS_ALPHA_NUMERIC_PUNCT(c,a) \\
-                                (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_ALPHA_NUMERIC_PUNCT)
-# define IS_QUOTE(c,a)           (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_QUOTE)
-# define IS_DQUOTE(c,a)          (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_DQUOTE)
-# define IS_HIGHBIT(c,a)         (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_HIGHBIT)
-#endif                          /* CHARSET_EBCDIC */
+#define CONF_NUMBER       $NUMBER
+#define CONF_UPPER        $UPPER
+#define CONF_LOWER        $LOWER
+#define CONF_UNDER        $UNDER
+#define CONF_PUNCT        $PUNCTUATION
+#define CONF_WS           $WS
+#define CONF_ESC          $ESC
+#define CONF_QUOTE        $QUOTE
+#define CONF_DQUOTE       $DQUOTE
+#define CONF_COMMENT      $COMMENT
+#define CONF_FCOMMENT     $FCOMMENT
+#define CONF_EOF          $EOF
+#define CONF_ALPHA        (CONF_UPPER|CONF_LOWER)
+#define CONF_ALNUM        (CONF_ALPHA|CONF_NUMBER|CONF_UNDER)
+#define CONF_ALNUM_PUNCT  (CONF_ALPHA|CONF_NUMBER|CONF_UNDER|CONF_PUNCT)
+
+
+#define IS_COMMENT(conf,c)     is_keytype(conf, c, CONF_COMMENT)
+#define IS_FCOMMENT(conf,c)    is_keytype(conf, c, CONF_FCOMMENT)
+#define IS_EOF(conf,c)         is_keytype(conf, c, CONF_EOF)
+#define IS_ESC(conf,c)         is_keytype(conf, c, CONF_ESC)
+#define IS_NUMBER(conf,c)      is_keytype(conf, c, CONF_NUMBER)
+#define IS_WS(conf,c)          is_keytype(conf, c, CONF_WS)
+#define IS_ALNUM(conf,c)       is_keytype(conf, c, CONF_ALNUM)
+#define IS_ALNUM_PUNCT(conf,c) is_keytype(conf, c, CONF_ALNUM_PUNCT)
+#define IS_QUOTE(conf,c)       is_keytype(conf, c, CONF_QUOTE)
+#define IS_DQUOTE(conf,c)      is_keytype(conf, c, CONF_DQUOTE)
 
 EOF
 
-print "static const unsigned short CONF_type_default[256] = {";
-
-for ($i=0; $i<256; $i++)
-	{
-	print "\n   " if ($i % 8) == 0;
-	printf " 0x%04X,",$V_def[$i];
-	}
+my $i;
 
+print "static const unsigned short CONF_type_default[128] = {";
+for ($i = 0; $i < 128; $i++) {
+    print "\n   " if ($i % 8) == 0;
+    printf " 0x%04X,", $V_def[$i];
+}
 print "\n};\n\n";
 
-print "static const unsigned short CONF_type_win32[256] = {";
-
-for ($i=0; $i<256; $i++)
-	{
-	print "\n   " if ($i % 8) == 0;
-	printf " 0x%04X,",$V_w32[$i];
-	}
-
+print "static const unsigned short CONF_type_win32[128] = {";
+for ($i = 0; $i < 128; $i++) {
+    print "\n   " if ($i % 8) == 0;
+    printf " 0x%04X,", $V_w32[$i];
+}
 print "\n};\n";
diff --git a/deps/openssl/openssl/crypto/cpt_err.c b/deps/openssl/openssl/crypto/cpt_err.c
index c28dcf19a7..4147b1cb9e 100644
--- a/deps/openssl/openssl/crypto/cpt_err.c
+++ b/deps/openssl/openssl/crypto/cpt_err.c
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -8,35 +8,58 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
 #include <openssl/err.h>
-#include <openssl/crypto.h>
+#include <openssl/cryptoerr.h>
 
-/* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_CRYPTO,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_CRYPTO,0,reason)
-
-static ERR_STRING_DATA CRYPTO_str_functs[] = {
-    {ERR_FUNC(CRYPTO_F_CRYPTO_DUP_EX_DATA), "CRYPTO_dup_ex_data"},
-    {ERR_FUNC(CRYPTO_F_CRYPTO_FREE_EX_DATA), "CRYPTO_free_ex_data"},
-    {ERR_FUNC(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX), "CRYPTO_get_ex_new_index"},
-    {ERR_FUNC(CRYPTO_F_CRYPTO_MEMDUP), "CRYPTO_memdup"},
-    {ERR_FUNC(CRYPTO_F_CRYPTO_NEW_EX_DATA), "CRYPTO_new_ex_data"},
-    {ERR_FUNC(CRYPTO_F_CRYPTO_SET_EX_DATA), "CRYPTO_set_ex_data"},
-    {ERR_FUNC(CRYPTO_F_FIPS_MODE_SET), "FIPS_mode_set"},
-    {ERR_FUNC(CRYPTO_F_GET_AND_LOCK), "get_and_lock"},
-    {ERR_FUNC(CRYPTO_F_OPENSSL_BUF2HEXSTR), "OPENSSL_buf2hexstr"},
-    {ERR_FUNC(CRYPTO_F_OPENSSL_HEXSTR2BUF), "OPENSSL_hexstr2buf"},
-    {ERR_FUNC(CRYPTO_F_OPENSSL_INIT_CRYPTO), "OPENSSL_init_crypto"},
+static const ERR_STRING_DATA CRYPTO_str_functs[] = {
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CMAC_CTX_NEW, 0), "CMAC_CTX_new"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_DUP_EX_DATA, 0),
+     "CRYPTO_dup_ex_data"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_FREE_EX_DATA, 0),
+     "CRYPTO_free_ex_data"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX, 0),
+     "CRYPTO_get_ex_new_index"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_MEMDUP, 0), "CRYPTO_memdup"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_NEW_EX_DATA, 0),
+     "CRYPTO_new_ex_data"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_OCB128_COPY_CTX, 0),
+     "CRYPTO_ocb128_copy_ctx"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_OCB128_INIT, 0),
+     "CRYPTO_ocb128_init"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_SET_EX_DATA, 0),
+     "CRYPTO_set_ex_data"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_FIPS_MODE_SET, 0), "FIPS_mode_set"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_GET_AND_LOCK, 0), "get_and_lock"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_ATEXIT, 0), "OPENSSL_atexit"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_BUF2HEXSTR, 0),
+     "OPENSSL_buf2hexstr"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_FOPEN, 0), "openssl_fopen"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_HEXSTR2BUF, 0),
+     "OPENSSL_hexstr2buf"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_INIT_CRYPTO, 0),
+     "OPENSSL_init_crypto"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_LH_NEW, 0), "OPENSSL_LH_new"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_SK_DEEP_COPY, 0),
+     "OPENSSL_sk_deep_copy"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_SK_DUP, 0), "OPENSSL_sk_dup"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_PKEY_HMAC_INIT, 0), "pkey_hmac_init"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_PKEY_POLY1305_INIT, 0),
+     "pkey_poly1305_init"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_PKEY_SIPHASH_INIT, 0),
+     "pkey_siphash_init"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_SK_RESERVE, 0), "sk_reserve"},
     {0, NULL}
 };
 
-static ERR_STRING_DATA CRYPTO_str_reasons[] = {
-    {ERR_REASON(CRYPTO_R_FIPS_MODE_NOT_SUPPORTED), "fips mode not supported"},
-    {ERR_REASON(CRYPTO_R_ILLEGAL_HEX_DIGIT), "illegal hex digit"},
-    {ERR_REASON(CRYPTO_R_ODD_NUMBER_OF_DIGITS), "odd number of digits"},
+static const ERR_STRING_DATA CRYPTO_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_FIPS_MODE_NOT_SUPPORTED),
+    "fips mode not supported"},
+    {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_ILLEGAL_HEX_DIGIT),
+    "illegal hex digit"},
+    {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_ODD_NUMBER_OF_DIGITS),
+    "odd number of digits"},
     {0, NULL}
 };
 
@@ -45,10 +68,9 @@ static ERR_STRING_DATA CRYPTO_str_reasons[] = {
 int ERR_load_CRYPTO_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
-
     if (ERR_func_error_string(CRYPTO_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, CRYPTO_str_functs);
-        ERR_load_strings(0, CRYPTO_str_reasons);
+        ERR_load_strings_const(CRYPTO_str_functs);
+        ERR_load_strings_const(CRYPTO_str_reasons);
     }
 #endif
     return 1;
diff --git a/deps/openssl/openssl/crypto/cryptlib.c b/deps/openssl/openssl/crypto/cryptlib.c
index 9e59e03ef6..1cd77c96d2 100644
--- a/deps/openssl/openssl/crypto/cryptlib.c
+++ b/deps/openssl/openssl/crypto/cryptlib.c
@@ -1,5 +1,6 @@
 /*
  * Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -7,12 +8,7 @@
  * https://www.openssl.org/source/license.html
  */
 
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
+#include "e_os.h"
 #include "internal/cryptlib_int.h"
 #include <openssl/safestack.h>
 
@@ -53,14 +49,14 @@ typedef char variant_char;
 #   define ossl_getenv getenv
 #  endif
 
+#  include "internal/ctype.h"
+
 static int todigit(variant_char c)
 {
-    if (c >= '0' && c <= '9')
+    if (ossl_isdigit(c))
         return c - '0';
-    else if (c >= 'A' && c <= 'F')
-        return c - 'A' + 10;
-    else if (c >= 'a' && c <= 'f')
-        return c - 'a' + 10;
+    else if (ossl_isxdigit(c))
+        return ossl_tolower(c) - 'a' + 10;
 
     /* return largest base value to make caller terminate the loop */
     return 16;
@@ -73,7 +69,7 @@ static uint64_t ossl_strtouint64(const variant_char *str)
 
     if (*str == '0') {
         base = 8, str++;
-        if (*str == 'x' || *str == 'X')
+        if (ossl_tolower(*str) == 'x')
             base = 16, str++;
     }
 
@@ -140,11 +136,14 @@ void OPENSSL_cpuid_setup(void)
             vecx = ossl_strtouint64(env + off);
             if (off) {
                 OPENSSL_ia32cap_P[2] &= ~(unsigned int)vecx;
+                OPENSSL_ia32cap_P[3] &= ~(unsigned int)(vecx >> 32);
             } else {
                 OPENSSL_ia32cap_P[2] = (unsigned int)vecx;
+                OPENSSL_ia32cap_P[3] = (unsigned int)(vecx >> 32);
             }
         } else {
             OPENSSL_ia32cap_P[2] = 0;
+            OPENSSL_ia32cap_P[3] = 0;
         }
     } else {
         vec = OPENSSL_ia32_cpuid(OPENSSL_ia32cap_P);
@@ -162,7 +161,6 @@ void OPENSSL_cpuid_setup(void)
 unsigned int OPENSSL_ia32cap_P[4];
 # endif
 #endif
-int OPENSSL_NONPIC_relocated = 0;
 #if !defined(OPENSSL_CPUID_SETUP) && !defined(OPENSSL_CPUID_OBJ)
 void OPENSSL_cpuid_setup(void)
 {
@@ -184,6 +182,14 @@ void OPENSSL_cpuid_setup(void)
 # endif
 
 # if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
+#  ifdef OPENSSL_SYS_WIN_CORE
+
+int OPENSSL_isservice(void)
+{
+    /* OneCore API cannot interact with GUI */
+    return 1;
+}
+#  else
 int OPENSSL_isservice(void)
 {
     HWINSTA h;
@@ -228,7 +234,7 @@ int OPENSSL_isservice(void)
 
     len++, len &= ~1;           /* paranoia */
     name[len / sizeof(WCHAR)] = L'\0'; /* paranoia */
-#  if 1
+#   if 1
     /*
      * This doesn't cover "interactive" services [working with real
      * WinSta0's] nor programs started non-interactively by Task Scheduler
@@ -236,14 +242,15 @@ int OPENSSL_isservice(void)
      */
     if (wcsstr(name, L"Service-0x"))
         return 1;
-#  else
+#   else
     /* This covers all non-interactive programs such as services. */
     if (!wcsstr(name, L"WinSta0"))
         return 1;
-#  endif
+#   endif
     else
         return 0;
 }
+#  endif
 # else
 int OPENSSL_isservice(void)
 {
@@ -256,7 +263,13 @@ void OPENSSL_showfatal(const char *fmta, ...)
     va_list ap;
     TCHAR buf[256];
     const TCHAR *fmt;
-# ifdef STD_ERROR_HANDLE        /* what a dirty trick! */
+    /*
+     * First check if it's a console application, in which case the
+     * error message would be printed to standard error.
+     * Windows CE does not have a concept of a console application,
+     * so we need to guard the check.
+     */
+# ifdef STD_ERROR_HANDLE
     HANDLE h;
 
     if ((h = GetStdHandle(STD_ERROR_HANDLE)) != NULL &&
@@ -334,6 +347,24 @@ void OPENSSL_showfatal(const char *fmta, ...)
     va_end(ap);
 
 # if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
+#  ifdef OPENSSL_SYS_WIN_CORE
+    /* ONECORE is always NONGUI and NT >= 0x0601 */
+
+    /*
+    * TODO: (For non GUI and no std error cases)
+    * Add event logging feature here. 
+    */
+    
+#   if !defined(NDEBUG)
+        /*
+        * We are in a situation where we tried to report a critical
+        * error and this failed for some reason. As a last resort,
+        * in debug builds, send output to the debugger or any other
+        * tool like DebugView which can monitor the output.
+        */
+        OutputDebugString(buf);
+#   endif
+#  else
     /* this -------------v--- guards NT-specific calls */
     if (check_winnt() && OPENSSL_isservice() > 0) {
         HANDLE hEventLog = RegisterEventSource(NULL, _T("OpenSSL"));
@@ -343,7 +374,7 @@ void OPENSSL_showfatal(const char *fmta, ...)
 
             if (!ReportEvent(hEventLog, EVENTLOG_ERROR_TYPE, 0, 0, NULL,
                              1, 0, &pmsg, NULL)) {
-#if defined(DEBUG)
+#   if !defined(NDEBUG)
                 /*
                  * We are in a situation where we tried to report a critical
                  * error and this failed for some reason. As a last resort,
@@ -351,14 +382,18 @@ void OPENSSL_showfatal(const char *fmta, ...)
                  * tool like DebugView which can monitor the output.
                  */
                 OutputDebugString(pmsg);
-#endif
+#   endif
             }
 
             (void)DeregisterEventSource(hEventLog);
         }
-    } else
-# endif
+    } else {
         MessageBox(NULL, buf, _T("OpenSSL: FATAL"), MB_OK | MB_ICONERROR);
+    }
+#  endif
+# else
+    MessageBox(NULL, buf, _T("OpenSSL: FATAL"), MB_OK | MB_ICONERROR);
+# endif     
 }
 #else
 void OPENSSL_showfatal(const char *fmta, ...)
@@ -396,26 +431,16 @@ void OPENSSL_die(const char *message, const char *file, int line)
 }
 
 #if !defined(OPENSSL_CPUID_OBJ)
-/* volatile unsigned char* pointers are there because
- * 1. Accessing a variable declared volatile via a pointer
- *    that lacks a volatile qualifier causes undefined behavior.
- * 2. When the variable itself is not volatile the compiler is
- *    not required to keep all those reads and can convert
- *    this into canonical memcmp() which doesn't read the whole block.
- * Pointers to volatile resolve the first problem fully. The second
- * problem cannot be resolved in any Standard-compliant way but this
- * works the problem around. Compilers typically react to
- * pointers to volatile by preserving the reads and writes through them.
- * The latter is not required by the Standard if the memory pointed to
- * is not volatile.
- * Pointers themselves are volatile in the function signature to work
- * around a subtle bug in gcc 4.6+ which causes writes through
- * pointers to volatile to not be emitted in some rare,
- * never needed in real life, pieces of code.
+/*
+ * The volatile is used to to ensure that the compiler generates code that reads
+ * all values from the array and doesn't try to optimize this away. The standard
+ * doesn't actually require this behavior if the original data pointed to is
+ * not volatile, but compilers do this in practice anyway.
+ *
+ * There are also assembler versions of this function.
  */
-int CRYPTO_memcmp(const volatile void * volatile in_a,
-                  const volatile void * volatile in_b,
-                  size_t len)
+# undef CRYPTO_memcmp
+int CRYPTO_memcmp(const void * in_a, const void * in_b, size_t len)
 {
     size_t i;
     const volatile unsigned char *a = in_a;
@@ -427,4 +452,12 @@ int CRYPTO_memcmp(const volatile void * volatile in_a,
 
     return x;
 }
+
+/*
+ * For systems that don't provide an instruction counter register or equivalent.
+ */
+uint32_t OPENSSL_rdtsc(void)
+{
+    return 0;
+}
 #endif
diff --git a/deps/openssl/openssl/crypto/ct/ct_b64.c b/deps/openssl/openssl/crypto/ct/ct_b64.c
index f0bf3aff29..109ffcdcf2 100644
--- a/deps/openssl/openssl/crypto/ct/ct_b64.c
+++ b/deps/openssl/openssl/crypto/ct/ct_b64.c
@@ -24,7 +24,7 @@
 static int ct_base64_decode(const char *in, unsigned char **out)
 {
     size_t inlen = strlen(in);
-    int outlen;
+    int outlen, i;
     unsigned char *outbuf = NULL;
 
     if (inlen == 0) {
@@ -45,9 +45,12 @@ static int ct_base64_decode(const char *in, unsigned char **out)
         goto err;
     }
 
-    /* Subtract padding bytes from |outlen| */
+    /* Subtract padding bytes from |outlen|.  Any more than 2 is malformed. */
+    i = 0;
     while (in[--inlen] == '=') {
         --outlen;
+        if (++i > 2)
+            goto err;
     }
 
     *out = outbuf;
@@ -132,7 +135,7 @@ SCT *SCT_new_from_base64(unsigned char version, const char *logid_base64,
 int CTLOG_new_from_base64(CTLOG **ct_log, const char *pkey_base64, const char *name)
 {
     unsigned char *pkey_der = NULL;
-    int pkey_der_len = ct_base64_decode(pkey_base64, &pkey_der);
+    int pkey_der_len;
     const unsigned char *p;
     EVP_PKEY *pkey = NULL;
 
@@ -141,7 +144,8 @@ int CTLOG_new_from_base64(CTLOG **ct_log, const char *pkey_base64, const char *n
         return 0;
     }
 
-    if (pkey_der_len <= 0) {
+    pkey_der_len = ct_base64_decode(pkey_base64, &pkey_der);
+    if (pkey_der_len < 0) {
         CTerr(CT_F_CTLOG_NEW_FROM_BASE64, CT_R_LOG_CONF_INVALID_KEY);
         return 0;
     }
diff --git a/deps/openssl/openssl/crypto/ct/ct_err.c b/deps/openssl/openssl/crypto/ct/ct_err.c
index fe0778b278..c0c62fee6c 100644
--- a/deps/openssl/openssl/crypto/ct/ct_err.c
+++ b/deps/openssl/openssl/crypto/ct/ct_err.c
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -8,67 +8,77 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
 #include <openssl/err.h>
-#include <openssl/ct.h>
+#include <openssl/cterr.h>
 
-/* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_CT,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_CT,0,reason)
-
-static ERR_STRING_DATA CT_str_functs[] = {
-    {ERR_FUNC(CT_F_CTLOG_NEW), "CTLOG_new"},
-    {ERR_FUNC(CT_F_CTLOG_NEW_FROM_BASE64), "CTLOG_new_from_base64"},
-    {ERR_FUNC(CT_F_CTLOG_NEW_FROM_CONF), "ctlog_new_from_conf"},
-    {ERR_FUNC(CT_F_CTLOG_STORE_LOAD_CTX_NEW), "ctlog_store_load_ctx_new"},
-    {ERR_FUNC(CT_F_CTLOG_STORE_LOAD_FILE), "CTLOG_STORE_load_file"},
-    {ERR_FUNC(CT_F_CTLOG_STORE_LOAD_LOG), "ctlog_store_load_log"},
-    {ERR_FUNC(CT_F_CTLOG_STORE_NEW), "CTLOG_STORE_new"},
-    {ERR_FUNC(CT_F_CT_BASE64_DECODE), "ct_base64_decode"},
-    {ERR_FUNC(CT_F_CT_POLICY_EVAL_CTX_NEW), "CT_POLICY_EVAL_CTX_new"},
-    {ERR_FUNC(CT_F_CT_V1_LOG_ID_FROM_PKEY), "ct_v1_log_id_from_pkey"},
-    {ERR_FUNC(CT_F_I2O_SCT), "i2o_SCT"},
-    {ERR_FUNC(CT_F_I2O_SCT_LIST), "i2o_SCT_LIST"},
-    {ERR_FUNC(CT_F_I2O_SCT_SIGNATURE), "i2o_SCT_signature"},
-    {ERR_FUNC(CT_F_O2I_SCT), "o2i_SCT"},
-    {ERR_FUNC(CT_F_O2I_SCT_LIST), "o2i_SCT_LIST"},
-    {ERR_FUNC(CT_F_O2I_SCT_SIGNATURE), "o2i_SCT_signature"},
-    {ERR_FUNC(CT_F_SCT_CTX_NEW), "SCT_CTX_new"},
-    {ERR_FUNC(CT_F_SCT_CTX_VERIFY), "SCT_CTX_verify"},
-    {ERR_FUNC(CT_F_SCT_NEW), "SCT_new"},
-    {ERR_FUNC(CT_F_SCT_NEW_FROM_BASE64), "SCT_new_from_base64"},
-    {ERR_FUNC(CT_F_SCT_SET0_LOG_ID), "SCT_set0_log_id"},
-    {ERR_FUNC(CT_F_SCT_SET1_EXTENSIONS), "SCT_set1_extensions"},
-    {ERR_FUNC(CT_F_SCT_SET1_LOG_ID), "SCT_set1_log_id"},
-    {ERR_FUNC(CT_F_SCT_SET1_SIGNATURE), "SCT_set1_signature"},
-    {ERR_FUNC(CT_F_SCT_SET_LOG_ENTRY_TYPE), "SCT_set_log_entry_type"},
-    {ERR_FUNC(CT_F_SCT_SET_SIGNATURE_NID), "SCT_set_signature_nid"},
-    {ERR_FUNC(CT_F_SCT_SET_VERSION), "SCT_set_version"},
+static const ERR_STRING_DATA CT_str_functs[] = {
+    {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_NEW, 0), "CTLOG_new"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_NEW_FROM_BASE64, 0),
+     "CTLOG_new_from_base64"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_NEW_FROM_CONF, 0), "ctlog_new_from_conf"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_STORE_LOAD_CTX_NEW, 0),
+     "ctlog_store_load_ctx_new"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_STORE_LOAD_FILE, 0),
+     "CTLOG_STORE_load_file"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_STORE_LOAD_LOG, 0),
+     "ctlog_store_load_log"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_STORE_NEW, 0), "CTLOG_STORE_new"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_CT_BASE64_DECODE, 0), "ct_base64_decode"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_CT_POLICY_EVAL_CTX_NEW, 0),
+     "CT_POLICY_EVAL_CTX_new"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_CT_V1_LOG_ID_FROM_PKEY, 0),
+     "ct_v1_log_id_from_pkey"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_I2O_SCT, 0), "i2o_SCT"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_I2O_SCT_LIST, 0), "i2o_SCT_LIST"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_I2O_SCT_SIGNATURE, 0), "i2o_SCT_signature"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_O2I_SCT, 0), "o2i_SCT"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_O2I_SCT_LIST, 0), "o2i_SCT_LIST"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_O2I_SCT_SIGNATURE, 0), "o2i_SCT_signature"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_SCT_CTX_NEW, 0), "SCT_CTX_new"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_SCT_CTX_VERIFY, 0), "SCT_CTX_verify"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_SCT_NEW, 0), "SCT_new"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_SCT_NEW_FROM_BASE64, 0), "SCT_new_from_base64"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET0_LOG_ID, 0), "SCT_set0_log_id"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET1_EXTENSIONS, 0), "SCT_set1_extensions"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET1_LOG_ID, 0), "SCT_set1_log_id"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET1_SIGNATURE, 0), "SCT_set1_signature"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET_LOG_ENTRY_TYPE, 0),
+     "SCT_set_log_entry_type"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET_SIGNATURE_NID, 0),
+     "SCT_set_signature_nid"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET_VERSION, 0), "SCT_set_version"},
     {0, NULL}
 };
 
-static ERR_STRING_DATA CT_str_reasons[] = {
-    {ERR_REASON(CT_R_BASE64_DECODE_ERROR), "base64 decode error"},
-    {ERR_REASON(CT_R_INVALID_LOG_ID_LENGTH), "invalid log id length"},
-    {ERR_REASON(CT_R_LOG_CONF_INVALID), "log conf invalid"},
-    {ERR_REASON(CT_R_LOG_CONF_INVALID_KEY), "log conf invalid key"},
-    {ERR_REASON(CT_R_LOG_CONF_MISSING_DESCRIPTION),
-     "log conf missing description"},
-    {ERR_REASON(CT_R_LOG_CONF_MISSING_KEY), "log conf missing key"},
-    {ERR_REASON(CT_R_LOG_KEY_INVALID), "log key invalid"},
-    {ERR_REASON(CT_R_SCT_FUTURE_TIMESTAMP), "sct future timestamp"},
-    {ERR_REASON(CT_R_SCT_INVALID), "sct invalid"},
-    {ERR_REASON(CT_R_SCT_INVALID_SIGNATURE), "sct invalid signature"},
-    {ERR_REASON(CT_R_SCT_LIST_INVALID), "sct list invalid"},
-    {ERR_REASON(CT_R_SCT_LOG_ID_MISMATCH), "sct log id mismatch"},
-    {ERR_REASON(CT_R_SCT_NOT_SET), "sct not set"},
-    {ERR_REASON(CT_R_SCT_UNSUPPORTED_VERSION), "sct unsupported version"},
-    {ERR_REASON(CT_R_UNRECOGNIZED_SIGNATURE_NID),
-     "unrecognized signature nid"},
-    {ERR_REASON(CT_R_UNSUPPORTED_ENTRY_TYPE), "unsupported entry type"},
-    {ERR_REASON(CT_R_UNSUPPORTED_VERSION), "unsupported version"},
+static const ERR_STRING_DATA CT_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_BASE64_DECODE_ERROR), "base64 decode error"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_INVALID_LOG_ID_LENGTH),
+    "invalid log id length"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_CONF_INVALID), "log conf invalid"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_CONF_INVALID_KEY),
+    "log conf invalid key"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_CONF_MISSING_DESCRIPTION),
+    "log conf missing description"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_CONF_MISSING_KEY),
+    "log conf missing key"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_KEY_INVALID), "log key invalid"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_FUTURE_TIMESTAMP),
+    "sct future timestamp"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_INVALID), "sct invalid"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_INVALID_SIGNATURE),
+    "sct invalid signature"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_LIST_INVALID), "sct list invalid"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_LOG_ID_MISMATCH), "sct log id mismatch"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_NOT_SET), "sct not set"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_UNSUPPORTED_VERSION),
+    "sct unsupported version"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_UNRECOGNIZED_SIGNATURE_NID),
+    "unrecognized signature nid"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_UNSUPPORTED_ENTRY_TYPE),
+    "unsupported entry type"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_UNSUPPORTED_VERSION), "unsupported version"},
     {0, NULL}
 };
 
@@ -77,10 +87,9 @@ static ERR_STRING_DATA CT_str_reasons[] = {
 int ERR_load_CT_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
-
     if (ERR_func_error_string(CT_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, CT_str_functs);
-        ERR_load_strings(0, CT_str_reasons);
+        ERR_load_strings_const(CT_str_functs);
+        ERR_load_strings_const(CT_str_reasons);
     }
 #endif
     return 1;
diff --git a/deps/openssl/openssl/crypto/ct/ct_log.c b/deps/openssl/openssl/crypto/ct/ct_log.c
index 973bf4ddbd..c1bca3e141 100644
--- a/deps/openssl/openssl/crypto/ct/ct_log.c
+++ b/deps/openssl/openssl/crypto/ct/ct_log.c
@@ -46,7 +46,7 @@ typedef struct ctlog_store_load_ctx_st {
  * Creates an empty context for loading a CT log store.
  * It should be populated before use.
  */
-static CTLOG_STORE_LOAD_CTX *ctlog_store_load_ctx_new();
+static CTLOG_STORE_LOAD_CTX *ctlog_store_load_ctx_new(void);
 
 /*
  * Deletes a CT log store load context.
@@ -54,7 +54,7 @@ static CTLOG_STORE_LOAD_CTX *ctlog_store_load_ctx_new();
  */
 static void ctlog_store_load_ctx_free(CTLOG_STORE_LOAD_CTX* ctx);
 
-static CTLOG_STORE_LOAD_CTX *ctlog_store_load_ctx_new()
+static CTLOG_STORE_LOAD_CTX *ctlog_store_load_ctx_new(void)
 {
     CTLOG_STORE_LOAD_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
 
diff --git a/deps/openssl/openssl/crypto/ct/ct_sct.c b/deps/openssl/openssl/crypto/ct/ct_sct.c
index cd2cf60967..1dc16857ba 100644
--- a/deps/openssl/openssl/crypto/ct/ct_sct.c
+++ b/deps/openssl/openssl/crypto/ct/ct_sct.c
@@ -70,10 +70,11 @@ int SCT_set_log_entry_type(SCT *sct, ct_log_entry_type_t entry_type)
     case CT_LOG_ENTRY_TYPE_PRECERT:
         sct->entry_type = entry_type;
         return 1;
-    default:
-        CTerr(CT_F_SCT_SET_LOG_ENTRY_TYPE, CT_R_UNSUPPORTED_ENTRY_TYPE);
-        return 0;
+    case CT_LOG_ENTRY_TYPE_NOT_SET:
+        break;
     }
+    CTerr(CT_F_SCT_SET_LOG_ENTRY_TYPE, CT_R_UNSUPPORTED_ENTRY_TYPE);
+    return 0;
 }
 
 int SCT_set0_log_id(SCT *sct, unsigned char *log_id, size_t log_id_len)
@@ -274,9 +275,11 @@ int SCT_set_source(SCT *sct, sct_source_t source)
         return SCT_set_log_entry_type(sct, CT_LOG_ENTRY_TYPE_X509);
     case SCT_SOURCE_X509V3_EXTENSION:
         return SCT_set_log_entry_type(sct, CT_LOG_ENTRY_TYPE_PRECERT);
-    default: /* if we aren't sure, leave the log entry type alone */
-        return 1;
+    case SCT_SOURCE_UNKNOWN:
+        break;
     }
+    /* if we aren't sure, leave the log entry type alone */
+    return 1;
 }
 
 sct_validation_status_t SCT_get_validation_status(const SCT *sct)
diff --git a/deps/openssl/openssl/crypto/ctype.c b/deps/openssl/openssl/crypto/ctype.c
new file mode 100644
index 0000000000..813be25a07
--- /dev/null
+++ b/deps/openssl/openssl/crypto/ctype.c
@@ -0,0 +1,274 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include <stdio.h>
+#include "internal/ctype.h"
+#include "openssl/ebcdic.h"
+
+/*
+ * Define the character classes for each character in the seven bit ASCII
+ * character set.  This is independent of the host's character set, characters
+ * are converted to ASCII before being used as an index in to this table.
+ * Characters outside of the seven bit ASCII range are detected before indexing.
+ */
+static const unsigned short ctype_char_map[128] = {
+   /* 00 nul */ CTYPE_MASK_cntrl,
+   /* 01 soh */ CTYPE_MASK_cntrl,
+   /* 02 stx */ CTYPE_MASK_cntrl,
+   /* 03 etx */ CTYPE_MASK_cntrl,
+   /* 04 eot */ CTYPE_MASK_cntrl,
+   /* 05 enq */ CTYPE_MASK_cntrl,
+   /* 06 ack */ CTYPE_MASK_cntrl,
+   /* 07 \a  */ CTYPE_MASK_cntrl,
+   /* 08 \b  */ CTYPE_MASK_cntrl,
+   /* 09 \t  */ CTYPE_MASK_blank | CTYPE_MASK_cntrl | CTYPE_MASK_space,
+   /* 0A \n  */ CTYPE_MASK_cntrl | CTYPE_MASK_space,
+   /* 0B \v  */ CTYPE_MASK_cntrl | CTYPE_MASK_space,
+   /* 0C \f  */ CTYPE_MASK_cntrl | CTYPE_MASK_space,
+   /* 0D \r  */ CTYPE_MASK_cntrl | CTYPE_MASK_space,
+   /* 0E so  */ CTYPE_MASK_cntrl,
+   /* 0F si  */ CTYPE_MASK_cntrl,
+   /* 10 dle */ CTYPE_MASK_cntrl,
+   /* 11 dc1 */ CTYPE_MASK_cntrl,
+   /* 12 dc2 */ CTYPE_MASK_cntrl,
+   /* 13 dc3 */ CTYPE_MASK_cntrl,
+   /* 14 dc4 */ CTYPE_MASK_cntrl,
+   /* 15 nak */ CTYPE_MASK_cntrl,
+   /* 16 syn */ CTYPE_MASK_cntrl,
+   /* 17 etb */ CTYPE_MASK_cntrl,
+   /* 18 can */ CTYPE_MASK_cntrl,
+   /* 19 em  */ CTYPE_MASK_cntrl,
+   /* 1A sub */ CTYPE_MASK_cntrl,
+   /* 1B esc */ CTYPE_MASK_cntrl,
+   /* 1C fs  */ CTYPE_MASK_cntrl,
+   /* 1D gs  */ CTYPE_MASK_cntrl,
+   /* 1E rs  */ CTYPE_MASK_cntrl,
+   /* 1F us  */ CTYPE_MASK_cntrl,
+   /* 20     */ CTYPE_MASK_blank | CTYPE_MASK_print | CTYPE_MASK_space
+                | CTYPE_MASK_asn1print,
+   /* 21  !  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 22  "  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 23  #  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 24  $  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 25  %  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 26  &  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 27  '  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
+                | CTYPE_MASK_asn1print,
+   /* 28  (  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
+                | CTYPE_MASK_asn1print,
+   /* 29  )  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
+                | CTYPE_MASK_asn1print,
+   /* 2A  *  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 2B  +  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 2C  ,  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
+                | CTYPE_MASK_asn1print,
+   /* 2D  -  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
+                | CTYPE_MASK_asn1print,
+   /* 2E  .  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
+                | CTYPE_MASK_asn1print,
+   /* 2F  /  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 30  0  */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 31  1  */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 32  2  */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 33  3  */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 34  4  */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 35  5  */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 36  6  */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 37  7  */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 38  8  */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 39  9  */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 3A  :  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
+                | CTYPE_MASK_asn1print,
+   /* 3B  ;  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 3C  <  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 3D  =  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 3E  >  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 3F  ?  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
+                | CTYPE_MASK_asn1print,
+   /* 40  @  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 41  A  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 42  B  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 43  C  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 44  D  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 45  E  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 46  F  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 47  G  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 48  H  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 49  I  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 4A  J  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 4B  K  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 4C  L  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 4D  M  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 4E  N  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 4F  O  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 50  P  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 51  Q  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 52  R  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 53  S  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 54  T  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 55  U  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 56  V  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 57  W  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 58  X  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 59  Y  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 5A  Z  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 5B  [  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 5C  \  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 5D  ]  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 5E  ^  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 5F  _  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 60  `  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 61  a  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 62  b  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 63  c  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 64  d  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 65  e  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 66  f  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 67  g  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 68  h  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 69  i  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 6A  j  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 6B  k  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 6C  l  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 6D  m  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 6E  n  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 6F  o  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 70  p  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 71  q  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 72  r  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 73  s  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 74  t  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 75  u  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 76  v  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 77  w  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 78  x  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 79  y  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 7A  z  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 7B  {  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 7C  |  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 7D  }  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 7E  ~  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 7F del */ CTYPE_MASK_cntrl
+};
+
+#ifdef CHARSET_EBCDIC
+int ossl_toascii(int c)
+{
+    if (c < -128 || c > 256 || c == EOF)
+        return c;
+    /*
+     * Adjust negatively signed characters.
+     * This is not required for ASCII because any character that sign extends
+     * is not seven bit and all of the checks are on the seven bit characters.
+     * I.e. any check must fail on sign extension.
+     */
+    if (c < 0)
+        c += 256;
+    return os_toascii[c];
+}
+
+int ossl_fromascii(int c)
+{
+    if (c < -128 || c > 256 || c == EOF)
+        return c;
+    if (c < 0)
+        c += 256;
+    return os_toebcdic[c];
+}
+#endif
+
+int ossl_ctype_check(int c, unsigned int mask)
+{
+    const int max = sizeof(ctype_char_map) / sizeof(*ctype_char_map);
+    const int a = ossl_toascii(c);
+
+    return a >= 0 && a < max && (ctype_char_map[a] & mask) != 0;
+}
+
+#if defined(CHARSET_EBCDIC) && !defined(CHARSET_EBCDIC_TEST)
+static const int case_change = 0x40;
+#else
+static const int case_change = 0x20;
+#endif
+
+int ossl_tolower(int c)
+{
+    return ossl_isupper(c) ? c ^ case_change : c;
+}
+
+int ossl_toupper(int c)
+{
+    return ossl_islower(c) ? c ^ case_change : c;
+}
diff --git a/deps/openssl/openssl/crypto/cversion.c b/deps/openssl/openssl/crypto/cversion.c
index 96d8a5b5e0..534e7eba55 100644
--- a/deps/openssl/openssl/crypto/cversion.c
+++ b/deps/openssl/openssl/crypto/cversion.c
@@ -9,9 +9,7 @@
 
 #include "internal/cryptlib.h"
 
-#ifndef NO_WINDOWS_BRAINDEATH
-# include "buildinf.h"
-#endif
+#include "buildinf.h"
 
 unsigned long OpenSSL_version_num(void)
 {
@@ -20,46 +18,27 @@ unsigned long OpenSSL_version_num(void)
 
 const char *OpenSSL_version(int t)
 {
-    if (t == OPENSSL_VERSION)
+    switch (t) {
+    case OPENSSL_VERSION:
         return OPENSSL_VERSION_TEXT;
-    if (t == OPENSSL_BUILT_ON) {
-#ifdef DATE
-# ifdef OPENSSL_USE_BUILD_DATE
-        return (DATE);
-# else
-        return ("built on: reproducible build, date unspecified");
-# endif
-#else
-        return ("built on: date not available");
-#endif
-    }
-    if (t == OPENSSL_CFLAGS) {
-#ifdef CFLAGS
-        return (CFLAGS);
-#else
-        return ("compiler: information not available");
-#endif
-    }
-    if (t == OPENSSL_PLATFORM) {
-#ifdef PLATFORM
-        return (PLATFORM);
-#else
-        return ("platform: information not available");
-#endif
-    }
-    if (t == OPENSSL_DIR) {
+    case OPENSSL_BUILT_ON:
+        return DATE;
+    case OPENSSL_CFLAGS:
+        return compiler_flags;
+    case OPENSSL_PLATFORM:
+        return PLATFORM;
+    case OPENSSL_DIR:
 #ifdef OPENSSLDIR
         return "OPENSSLDIR: \"" OPENSSLDIR "\"";
 #else
         return "OPENSSLDIR: N/A";
 #endif
-    }
-    if (t == OPENSSL_ENGINES_DIR) {
+    case OPENSSL_ENGINES_DIR:
 #ifdef ENGINESDIR
         return "ENGINESDIR: \"" ENGINESDIR "\"";
 #else
         return "ENGINESDIR: N/A";
 #endif
     }
-    return ("not available");
+    return "not available";
 }
diff --git a/deps/openssl/openssl/crypto/des/asm/crypt586.pl b/deps/openssl/openssl/crypto/des/asm/crypt586.pl
index d5911a1858..a02d180631 100644
--- a/deps/openssl/openssl/crypto/des/asm/crypt586.pl
+++ b/deps/openssl/openssl/crypto/des/asm/crypt586.pl
@@ -7,7 +7,7 @@
 # https://www.openssl.org/source/license.html
 
 # The inner loop instruction sequence and the IP/FP modifications are from
-# Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>
+# Svend Olaf Mikkelsen
 
 $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
 push(@INC,"${dir}","${dir}../../perlasm");
@@ -16,7 +16,7 @@ require "x86asm.pl";
 $output=pop;
 open STDOUT,">$output";
 
-&asm_init($ARGV[0],"crypt586.pl");
+&asm_init($ARGV[0]);
 
 $L="edi";
 $R="esi";
@@ -111,7 +111,7 @@ sub D_ENCRYPT
 	&and(	$u,		"0xfcfcfcfc"	);		# 2
 	&xor(	$tmp1,		$tmp1);				# 1
 	&and(	$t,		"0xcfcfcfcf"	);		# 2
-	&xor(	$tmp2,		$tmp2);	
+	&xor(	$tmp2,		$tmp2);
 	&movb(	&LB($tmp1),	&LB($u)	);
 	&movb(	&LB($tmp2),	&HB($u)	);
 	&rotr(	$t,		4		);
@@ -175,7 +175,7 @@ sub IP_new
 	&R_PERM_OP($l,$tt,$r,14,"0x33333333",$r);
 	&R_PERM_OP($tt,$r,$l,22,"0x03fc03fc",$r);
 	&R_PERM_OP($l,$r,$tt, 9,"0xaaaaaaaa",$r);
-	
+
 	if ($lr != 3)
 		{
 		if (($lr-3) < 0)
diff --git a/deps/openssl/openssl/crypto/des/asm/des-586.pl b/deps/openssl/openssl/crypto/des/asm/des-586.pl
index 3d7c7f1b91..2bcc54ef2f 100644
--- a/deps/openssl/openssl/crypto/des/asm/des-586.pl
+++ b/deps/openssl/openssl/crypto/des/asm/des-586.pl
@@ -7,7 +7,7 @@
 # https://www.openssl.org/source/license.html
 
 # The inner loop instruction sequence and the IP/FP modifications are from
-# Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>
+# Svend Olaf Mikkelsen.
 
 $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
 push(@INC,"${dir}","${dir}../../perlasm");
@@ -15,7 +15,7 @@ require "x86asm.pl";
 require "cbc.pl";
 require "desboth.pl";
 
-# base code is in microsft
+# base code is in Microsoft
 # op dest, source
 # format.
 #
@@ -23,7 +23,7 @@ require "desboth.pl";
 $output=pop;
 open STDOUT,">$output";
 
-&asm_init($ARGV[0],"des-586.pl");
+&asm_init($ARGV[0]);
 
 $L="edi";
 $R="esi";
@@ -85,7 +85,7 @@ sub DES_encrypt_internal()
 
 	&function_end_B("_x86_DES_encrypt");
 	}
-	
+
 sub DES_decrypt_internal()
 	{
 	&function_begin_B("_x86_DES_decrypt");
@@ -122,7 +122,7 @@ sub DES_decrypt_internal()
 
 	&function_end_B("_x86_DES_decrypt");
 	}
-	
+
 sub DES_encrypt
 	{
 	local($name,$do_ip)=@_;
@@ -283,7 +283,7 @@ sub IP_new
 	&R_PERM_OP($l,$tt,$r,14,"0x33333333",$r);
 	&R_PERM_OP($tt,$r,$l,22,"0x03fc03fc",$r);
 	&R_PERM_OP($l,$r,$tt, 9,"0xaaaaaaaa",$r);
-	
+
 	if ($lr != 3)
 		{
 		if (($lr-3) < 0)
diff --git a/deps/openssl/openssl/crypto/des/asm/des_enc.m4 b/deps/openssl/openssl/crypto/des/asm/des_enc.m4
index 2d794d3374..4a0d15620c 100644
--- a/deps/openssl/openssl/crypto/des/asm/des_enc.m4
+++ b/deps/openssl/openssl/crypto/des/asm/des_enc.m4
@@ -1,4 +1,4 @@
-! Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+! Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
 !
 ! Licensed under the OpenSSL license (the "License").  You may not use
 ! this file except in compliance with the License.  You can obtain a copy
@@ -31,10 +31,6 @@
 
 #include <openssl/opensslconf.h>
 
-#ifdef OPENSSL_FIPSCANISTER
-#include <openssl/fipssyms.h>
-#endif
-
 #if defined(__SUNPRO_C) && defined(__sparcv9)
 # define ABI64  /* They've said -xarch=v9 at command line */
 #elif defined(__GNUC__) && defined(__arch64__)
@@ -116,7 +112,7 @@ changequote({,})
 !
 ! Loads key first round from address in parameter 5 to out0, out1.
 !
-! After the the original LibDES initial permutation, the resulting left
+! After the original LibDES initial permutation, the resulting left
 ! is in the variable initially used for right and vice versa. The macro
 ! implements the possibility to keep the halfs in the original registers.
 !
@@ -532,8 +528,8 @@ $4:
 !  parameter 3   1 for optional store to [in0]
 !  parameter 4   1 for load input/output address to local5/7
 !
-!  The final permutation logic switches the halfes, meaning that
-!  left and right ends up the the registers originally used.
+!  The final permutation logic switches the halves, meaning that
+!  left and right ends up the registers originally used.
 
 define(fp_macro, {
 
@@ -735,7 +731,7 @@ define(fp_ip_macro, {
 	sll	$4, 3, local2
 	xor	local4, temp2, $2
 
-	! reload since used as temporar:
+	! reload since used as temporary:
 
 	ld	[out2+280], out4          ! loop counter
 
@@ -757,7 +753,7 @@ define(fp_ip_macro, {
 ! parameter 1  address
 ! parameter 2  destination left
 ! parameter 3  destination right
-! parameter 4  temporar
+! parameter 4  temporary
 ! parameter 5  label
 
 define(load_little_endian, {
@@ -806,7 +802,7 @@ $5a:
 ! parameter 1  address
 ! parameter 2  destination left
 ! parameter 3  destination right
-! parameter 4  temporar
+! parameter 4  temporary
 ! parameter 4  label
 !
 ! adds 8 to address
@@ -931,7 +927,7 @@ $7.jmp.table:
 ! parameter 1  address
 ! parameter 2  source left
 ! parameter 3  source right
-! parameter 4  temporar
+! parameter 4  temporary
 
 define(store_little_endian, {
 
@@ -1521,7 +1517,7 @@ DES_ncbc_encrypt:
 	! parameter 7  1 for mov in1 to in3
 	! parameter 8  1 for mov in3 to in4
 
-	ip_macro(in5, out5, out5, in5, in4, 2, 0, 1) ! include decryprion  ks in4
+	ip_macro(in5, out5, out5, in5, in4, 2, 0, 1) ! include decryption  ks in4
 
 	fp_macro(out5, in5, 0, 1) ! 1 for input and output address to local5/7
 
@@ -1567,7 +1563,7 @@ DES_ncbc_encrypt:
 	.size	 DES_ncbc_encrypt, .DES_ncbc_encrypt.end-DES_ncbc_encrypt
 
 
-! void DES_ede3_cbc_encrypt(input, output, lenght, ks1, ks2, ks3, ivec, enc)
+! void DES_ede3_cbc_encrypt(input, output, length, ks1, ks2, ks3, ivec, enc)
 ! **************************************************************************
 
 
@@ -1815,7 +1811,7 @@ DES_ede3_cbc_encrypt:
 	.byte  240, 240, 240, 240, 244, 244, 244, 244
 	.byte  248, 248, 248, 248, 252, 252, 252, 252
 
-	! 5 numbers for initil/final permutation
+	! 5 numbers for initial/final permutation
 
 	.word   0x0f0f0f0f                ! offset 256
 	.word	0x0000ffff                ! 260
diff --git a/deps/openssl/openssl/crypto/des/asm/desboth.pl b/deps/openssl/openssl/crypto/des/asm/desboth.pl
index 76759fb292..ef7054e275 100644
--- a/deps/openssl/openssl/crypto/des/asm/desboth.pl
+++ b/deps/openssl/openssl/crypto/des/asm/desboth.pl
@@ -34,7 +34,7 @@ sub DES_encrypt3
 	&IP_new($L,$R,"edx",0);
 
 	# put them back
-	
+
 	if ($enc)
 		{
 		&mov(&DWP(4,"ebx","",0),$R);
diff --git a/deps/openssl/openssl/crypto/des/asm/dest4-sparcv9.pl b/deps/openssl/openssl/crypto/des/asm/dest4-sparcv9.pl
index 4a6e29fc53..fe1fdc7025 100644
--- a/deps/openssl/openssl/crypto/des/asm/dest4-sparcv9.pl
+++ b/deps/openssl/openssl/crypto/des/asm/dest4-sparcv9.pl
@@ -8,8 +8,8 @@
 
 
 # ====================================================================
-# Written by David S. Miller <davem@devemloft.net> and Andy Polyakov
-# <appro@openssl.org>. The module is licensed under 2-clause BSD
+# Written by David S. Miller and Andy Polyakov.
+# The module is licensed under 2-clause BSD
 # license. March 2013. All rights reserved.
 # ====================================================================
 
diff --git a/deps/openssl/openssl/crypto/des/build.info b/deps/openssl/openssl/crypto/des/build.info
index c0306cfd6f..05cb154cd4 100644
--- a/deps/openssl/openssl/crypto/des/build.info
+++ b/deps/openssl/openssl/crypto/des/build.info
@@ -5,13 +5,15 @@ SOURCE[../../libcrypto]=\
         ofb64ede.c ofb64enc.c ofb_enc.c \
         str2key.c  pcbc_enc.c qud_cksm.c rand_key.c \
         {- $target{des_asm_src} -} \
-        fcrypt.c xcbc_enc.c rpc_enc.c  cbc_cksm.c
+        fcrypt.c xcbc_enc.c cbc_cksm.c
 
 GENERATE[des_enc-sparc.S]=asm/des_enc.m4
 GENERATE[dest4-sparcv9.S]=asm/dest4-sparcv9.pl $(PERLASM_SCHEME)
 INCLUDE[dest4-sparcv9.o]=..
 
-GENERATE[des-586.s]=asm/des-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS)
+GENERATE[des-586.s]=asm/des-586.pl \
+        $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS)
 DEPEND[des-586.s]=../perlasm/x86asm.pl ../perlasm/cbc.pl
-GENERATE[crypt586.s]=asm/crypt586.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS)
+GENERATE[crypt586.s]=asm/crypt586.pl \
+        $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS)
 DEPEND[crypt586.s]=../perlasm/x86asm.pl ../perlasm/cbc.pl
diff --git a/deps/openssl/openssl/crypto/des/cbc_cksm.c b/deps/openssl/openssl/crypto/des/cbc_cksm.c
index a7bf0689b2..5a1f72f82d 100644
--- a/deps/openssl/openssl/crypto/des/cbc_cksm.c
+++ b/deps/openssl/openssl/crypto/des/cbc_cksm.c
@@ -33,7 +33,6 @@ DES_LONG DES_cbc_cksum(const unsigned char *in, DES_cblock *output,
         tin1 ^= tout1;
         tin[1] = tin1;
         DES_encrypt1((DES_LONG *)tin, schedule, DES_ENCRYPT);
-        /* fix 15/10/91 eay - thanks to keithr@sco.COM */
         tout0 = tin[0];
         tout1 = tin[1];
     }
@@ -50,5 +49,5 @@ DES_LONG DES_cbc_cksum(const unsigned char *in, DES_cblock *output,
         | ((tout1 >> 8L) & 0x0000FF00)
         | ((tout1 << 8L) & 0x00FF0000)
         | ((tout1 << 24L) & 0xFF000000);
-    return (tout1);
+    return tout1;
 }
diff --git a/deps/openssl/openssl/crypto/des/cfb64ede.c b/deps/openssl/openssl/crypto/des/cfb64ede.c
index 5edb979e10..21943f6143 100644
--- a/deps/openssl/openssl/crypto/des/cfb64ede.c
+++ b/deps/openssl/openssl/crypto/des/cfb64ede.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -8,7 +8,6 @@
  */
 
 #include "des_locl.h"
-#include "e_os.h"
 
 /*
  * The input and output encrypted as though 64bit cfb mode is being used.
diff --git a/deps/openssl/openssl/crypto/des/cfb_enc.c b/deps/openssl/openssl/crypto/des/cfb_enc.c
index 6c428ba61f..544392e405 100644
--- a/deps/openssl/openssl/crypto/des/cfb_enc.c
+++ b/deps/openssl/openssl/crypto/des/cfb_enc.c
@@ -37,7 +37,7 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
     unsigned int sh[4];
     unsigned char *ovec = (unsigned char *)sh;
 
-    /* I kind of count that compiler optimizes away this assertioni, */
+    /* I kind of count that compiler optimizes away this assertion, */
     assert(sizeof(sh[0]) == 4); /* as this holds true for all, */
     /* but 16-bit platforms...      */
 
diff --git a/deps/openssl/openssl/crypto/des/des_enc.c b/deps/openssl/openssl/crypto/des/des_enc.c
index 600f6df488..ed134ace8c 100644
--- a/deps/openssl/openssl/crypto/des/des_enc.c
+++ b/deps/openssl/openssl/crypto/des/des_enc.c
@@ -24,8 +24,7 @@ void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc)
      * Things have been modified so that the initial rotate is done outside
      * the loop.  This required the DES_SPtrans values in sp.h to be rotated
      * 1 bit to the right. One perl script later and things have a 5% speed
-     * up on a sparc2. Thanks to Richard Outerbridge
-     * <71755.204@CompuServe.COM> for pointing this out.
+     * up on a sparc2. Thanks to Richard Outerbridge for pointing this out.
      */
     /* clear the top bits on machines with 8byte longs */
     /* shift left by 2 */
@@ -95,8 +94,7 @@ void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc)
      * Things have been modified so that the initial rotate is done outside
      * the loop.  This required the DES_SPtrans values in sp.h to be rotated
      * 1 bit to the right. One perl script later and things have a 5% speed
-     * up on a sparc2. Thanks to Richard Outerbridge
-     * <71755.204@CompuServe.COM> for pointing this out.
+     * up on a sparc2. Thanks to Richard Outerbridge for pointing this out.
      */
     /* clear the top bits on machines with 8byte longs */
     r = ROTATE(r, 29) & 0xffffffffL;
diff --git a/deps/openssl/openssl/crypto/des/des_locl.h b/deps/openssl/openssl/crypto/des/des_locl.h
index 1fe4768835..f401e6f3eb 100644
--- a/deps/openssl/openssl/crypto/des/des_locl.h
+++ b/deps/openssl/openssl/crypto/des/des_locl.h
@@ -26,10 +26,6 @@
 # define ITERATIONS 16
 # define HALF_ITERATIONS 8
 
-/* used in des_read and des_write */
-# define MAXWRITE        (1024*16)
-# define BSIZE           (MAXWRITE+4)
-
 # define c2l(c,l)        (l =((DES_LONG)(*((c)++)))    , \
                          l|=((DES_LONG)(*((c)++)))<< 8L, \
                          l|=((DES_LONG)(*((c)++)))<<16L, \
@@ -67,7 +63,6 @@
  * replacements for htonl and ntohl since I have no idea what to do when
  * faced with machines with 8 byte longs.
  */
-# define HDRSIZE 4
 
 # define n2l(c,l)        (l =((DES_LONG)(*((c)++)))<<24L, \
                          l|=((DES_LONG)(*((c)++)))<<16L, \
@@ -101,7 +96,7 @@
                                 } \
                         }
 
-# if (defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER))
+# if defined(_MSC_VER)
 #  define ROTATE(a,n)     (_lrotr(a,n))
 # elif defined(__ICC)
 #  define ROTATE(a,n)     (_rotr(a,n))
diff --git a/deps/openssl/openssl/crypto/des/ecb_enc.c b/deps/openssl/openssl/crypto/des/ecb_enc.c
index 32df4600f2..5ed079d15f 100644
--- a/deps/openssl/openssl/crypto/des/ecb_enc.c
+++ b/deps/openssl/openssl/crypto/des/ecb_enc.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -15,19 +15,16 @@
 const char *DES_options(void)
 {
     static int init = 1;
-    static char buf[32];
+    static char buf[12];
 
     if (init) {
-        const char *size;
-
         if (sizeof(DES_LONG) != sizeof(long))
-            size = "int";
+            OPENSSL_strlcpy(buf, "des(int)", sizeof(buf));
         else
-            size = "long";
-        BIO_snprintf(buf, sizeof(buf), "des(%s)", size);
+            OPENSSL_strlcpy(buf, "des(long)", sizeof(buf));
         init = 0;
     }
-    return (buf);
+    return buf;
 }
 
 void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output,
diff --git a/deps/openssl/openssl/crypto/des/fcrypt.c b/deps/openssl/openssl/crypto/des/fcrypt.c
index baede4fccf..aaee4bf236 100644
--- a/deps/openssl/openssl/crypto/des/fcrypt.c
+++ b/deps/openssl/openssl/crypto/des/fcrypt.c
@@ -23,7 +23,7 @@
 
 /*
  * Added more values to handle illegal salt values the way normal crypt()
- * implementations do.  The patch was sent by Bjorn Gronvall <bg@sics.se>
+ * implementations do.
  */
 static unsigned const char con_salt[128] = {
     0xD2, 0xD3, 0xD4, 0xD5, 0xD6, 0xD7, 0xD8, 0xD9,
@@ -60,7 +60,7 @@ char *DES_crypt(const char *buf, const char *salt)
     static char buff[14];
 
 #ifndef CHARSET_EBCDIC
-    return (DES_fcrypt(buf, salt, buff));
+    return DES_fcrypt(buf, salt, buff);
 #else
     char e_salt[2 + 1];
     char e_buf[32 + 1];         /* replace 32 by 8 ? */
@@ -145,5 +145,5 @@ char *DES_fcrypt(const char *buf, const char *salt, char *ret)
         ret[i] = cov_2char[c];
     }
     ret[13] = '\0';
-    return (ret);
+    return ret;
 }
diff --git a/deps/openssl/openssl/crypto/des/qud_cksm.c b/deps/openssl/openssl/crypto/des/qud_cksm.c
index 8710ceca95..81e6be8226 100644
--- a/deps/openssl/openssl/crypto/des/qud_cksm.c
+++ b/deps/openssl/openssl/crypto/des/qud_cksm.c
@@ -15,7 +15,6 @@
  */
 #include "des_locl.h"
 
-/* bug fix for dos - 7/6/91 - Larry hughes@logos.ucs.indiana.edu */
 #define Q_B0(a) (((DES_LONG)(a)))
 #define Q_B1(a) (((DES_LONG)(a))<<8)
 #define Q_B2(a) (((DES_LONG)(a))<<16)
@@ -73,5 +72,5 @@ DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[],
             *lp++ = z1;
         }
     }
-    return (z0);
+    return z0;
 }
diff --git a/deps/openssl/openssl/crypto/des/rand_key.c b/deps/openssl/openssl/crypto/des/rand_key.c
index 61e4f9d05d..fe8aefec37 100644
--- a/deps/openssl/openssl/crypto/des/rand_key.c
+++ b/deps/openssl/openssl/crypto/des/rand_key.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -13,9 +13,9 @@
 int DES_random_key(DES_cblock *ret)
 {
     do {
-        if (RAND_bytes((unsigned char *)ret, sizeof(DES_cblock)) != 1)
-            return (0);
+        if (RAND_priv_bytes((unsigned char *)ret, sizeof(DES_cblock)) != 1)
+            return 0;
     } while (DES_is_weak_key(ret));
     DES_set_odd_parity(ret);
-    return (1);
+    return 1;
 }
diff --git a/deps/openssl/openssl/crypto/des/rpc_des.h b/deps/openssl/openssl/crypto/des/rpc_des.h
deleted file mode 100644
index fe59e224de..0000000000
--- a/deps/openssl/openssl/crypto/des/rpc_des.h
+++ /dev/null
@@ -1,76 +0,0 @@
-/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-/*  @(#)des.h   2.2 88/08/10 4.0 RPCSRC; from 2.7 88/02/08 SMI  */
-/*-
- * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
- * unrestricted use provided that this legend is included on all tape
- * media and as a part of the software program in whole or part.  Users
- * may copy or modify Sun RPC without charge, but are not authorized
- * to license or distribute it to anyone else except as part of a product or
- * program developed by the user.
- *
- * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
- * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- *
- * Sun RPC is provided with no support and without any obligation on the
- * part of Sun Microsystems, Inc. to assist in its use, correction,
- * modification or enhancement.
- *
- * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
- * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
- * OR ANY PART THEREOF.
- *
- * In no event will Sun Microsystems, Inc. be liable for any lost revenue
- * or profits or other special, indirect and consequential damages, even if
- * Sun has been advised of the possibility of such damages.
- *
- * Sun Microsystems, Inc.
- * 2550 Garcia Avenue
- * Mountain View, California  94043
- */
-/*
- * Generic DES driver interface
- * Keep this file hardware independent!
- * Copyright (c) 1986 by Sun Microsystems, Inc.
- */
-
-#define DES_MAXLEN      65536   /* maximum # of bytes to encrypt */
-#define DES_QUICKLEN    16      /* maximum # of bytes to encrypt quickly */
-
-enum desdir { ENCRYPT, DECRYPT };
-enum desmode { CBC, ECB };
-
-/*
- * parameters to ioctl call
- */
-struct desparams {
-    unsigned char des_key[8];   /* key (with low bit parity) */
-    enum desdir des_dir;        /* direction */
-    enum desmode des_mode;      /* mode */
-    unsigned char des_ivec[8];  /* input vector */
-    unsigned des_len;           /* number of bytes to crypt */
-    union {
-        unsigned char UDES_data[DES_QUICKLEN];
-        unsigned char *UDES_buf;
-    } UDES;
-#define des_data UDES.UDES_data /* direct data here if quick */
-#define des_buf  UDES.UDES_buf  /* otherwise, pointer to data */
-};
-
-/*
- * Encrypt an arbitrary sized buffer
- */
-#define DESIOCBLOCK     _IOWR('d', 6, struct desparams)
-
-/*
- * Encrypt of small amount of data, quickly
- */
-#define DESIOCQUICK     _IOWR('d', 7, struct desparams)
diff --git a/deps/openssl/openssl/crypto/des/rpc_enc.c b/deps/openssl/openssl/crypto/des/rpc_enc.c
deleted file mode 100644
index bfa85115a2..0000000000
--- a/deps/openssl/openssl/crypto/des/rpc_enc.c
+++ /dev/null
@@ -1,30 +0,0 @@
-/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include "rpc_des.h"
-#include "des_locl.h"
-
-int _des_crypt(char *buf, int len, struct desparams *desp);
-int _des_crypt(char *buf, int len, struct desparams *desp)
-{
-    DES_key_schedule ks;
-    int enc;
-
-    DES_set_key_unchecked(&desp->des_key, &ks);
-    enc = (desp->des_dir == ENCRYPT) ? DES_ENCRYPT : DES_DECRYPT;
-
-    if (desp->des_mode == CBC)
-        DES_ecb_encrypt((const_DES_cblock *)desp->UDES.UDES_buf,
-                        (DES_cblock *)desp->UDES.UDES_buf, &ks, enc);
-    else {
-        DES_ncbc_encrypt(desp->UDES.UDES_buf, desp->UDES.UDES_buf,
-                         len, &ks, &desp->des_ivec, enc);
-    }
-    return (1);
-}
diff --git a/deps/openssl/openssl/crypto/des/set_key.c b/deps/openssl/openssl/crypto/des/set_key.c
index dc88b8d041..adbad72362 100644
--- a/deps/openssl/openssl/crypto/des/set_key.c
+++ b/deps/openssl/openssl/crypto/des/set_key.c
@@ -18,10 +18,9 @@
 #include <openssl/crypto.h>
 #include "des_locl.h"
 
+/* defaults to false */
 OPENSSL_IMPLEMENT_GLOBAL(int, DES_check_key, 0)
-                                                    /*
-                                                     * defaults to false
-                                                     */
+
 static const unsigned char odd_parity[256] = {
     1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14,
     16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31,
@@ -65,9 +64,9 @@ int DES_check_key_parity(const_DES_cblock *key)
 
     for (i = 0; i < DES_KEY_SZ; i++) {
         if ((*key)[i] != odd_parity[(*key)[i]])
-            return (0);
+            return 0;
     }
-    return (1);
+    return 1;
 }
 
 /*-
@@ -77,8 +76,6 @@ int DES_check_key_parity(const_DES_cblock *key)
  * %T Security for Computer Networks
  * %I John Wiley & Sons
  * %D 1984
- * Many thanks to smb@ulysses.att.com (Steven Bellovin) for the reference
- * (and actual cblock values).
  */
 #define NUM_WEAK_KEY    16
 static const DES_cblock weak_keys[NUM_WEAK_KEY] = {
@@ -107,15 +104,9 @@ int DES_is_weak_key(const_DES_cblock *key)
     int i;
 
     for (i = 0; i < NUM_WEAK_KEY; i++)
-        /*
-         * Added == 0 to comparison, I obviously don't run this section very
-         * often :-(, thanks to engineering@MorningStar.Com for the fix eay
-         * 93/06/29 Another problem, I was comparing only the first 4 bytes,
-         * 97/03/18
-         */
         if (memcmp(weak_keys[i], key, sizeof(DES_cblock)) == 0)
-            return (1);
-    return (0);
+            return 1;
+    return 0;
 }
 
 /*-
@@ -302,9 +293,9 @@ int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule)
 int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule)
 {
     if (!DES_check_key_parity(key))
-        return (-1);
+        return -1;
     if (DES_is_weak_key(key))
-        return (-2);
+        return -2;
     DES_set_key_unchecked(key, schedule);
     return 0;
 }
@@ -329,8 +320,8 @@ void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule)
     c2l(in, d);
 
     /*
-     * do PC1 in 47 simple operations :-) Thanks to John Fletcher
-     * (john_fletcher@lccmail.ocf.llnl.gov) for the inspiration. :-)
+     * do PC1 in 47 simple operations. Thanks to John Fletcher
+     * for the inspiration.
      */
     PERM_OP(d, c, t, 4, 0x0f0f0f0fL);
     HPERM_OP(c, t, -2, 0xcccc0000L);
@@ -377,13 +368,5 @@ void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule)
 
 int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule)
 {
-    return (DES_set_key(key, schedule));
+    return DES_set_key(key, schedule);
 }
-
-/*-
-#undef des_fixup_key_parity
-void des_fixup_key_parity(des_cblock *key)
-        {
-        des_set_odd_parity(key);
-        }
-*/
diff --git a/deps/openssl/openssl/crypto/des/spr.h b/deps/openssl/openssl/crypto/des/spr.h
index 42adfbf6ee..2404e092d4 100644
--- a/deps/openssl/openssl/crypto/des/spr.h
+++ b/deps/openssl/openssl/crypto/des/spr.h
@@ -7,7 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
-OPENSSL_GLOBAL const DES_LONG DES_SPtrans[8][64] = {
+const DES_LONG DES_SPtrans[8][64] = {
     {
         /* nibble 0 */
         0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L,
diff --git a/deps/openssl/openssl/crypto/des/str2key.c b/deps/openssl/openssl/crypto/des/str2key.c
index 78998a1cd0..e18d726522 100644
--- a/deps/openssl/openssl/crypto/des/str2key.c
+++ b/deps/openssl/openssl/crypto/des/str2key.c
@@ -17,10 +17,6 @@ void DES_string_to_key(const char *str, DES_cblock *key)
 
     memset(key, 0, 8);
     length = strlen(str);
-#ifdef OLD_STR_TO_KEY
-    for (i = 0; i < length; i++)
-        (*key)[i % 8] ^= (str[i] << 1);
-#else                           /* MIT COMPATIBLE */
     for (i = 0; i < length; i++) {
         register unsigned char j = str[i];
 
@@ -34,7 +30,6 @@ void DES_string_to_key(const char *str, DES_cblock *key)
             (*key)[7 - (i % 8)] ^= j;
         }
     }
-#endif
     DES_set_odd_parity(key);
     DES_set_key_unchecked(key, &ks);
     DES_cbc_cksum((const unsigned char *)str, key, length, &ks, key);
@@ -50,20 +45,6 @@ void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2)
     memset(key1, 0, 8);
     memset(key2, 0, 8);
     length = strlen(str);
-#ifdef OLD_STR_TO_KEY
-    if (length <= 8) {
-        for (i = 0; i < length; i++) {
-            (*key2)[i] = (*key1)[i] = (str[i] << 1);
-        }
-    } else {
-        for (i = 0; i < length; i++) {
-            if ((i / 8) & 1)
-                (*key2)[i % 8] ^= (str[i] << 1);
-            else
-                (*key1)[i % 8] ^= (str[i] << 1);
-        }
-    }
-#else                           /* MIT COMPATIBLE */
     for (i = 0; i < length; i++) {
         register unsigned char j = str[i];
 
@@ -84,7 +65,6 @@ void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2)
     }
     if (length <= 8)
         memcpy(key2, key1, 8);
-#endif
     DES_set_odd_parity(key1);
     DES_set_odd_parity(key2);
     DES_set_key_unchecked(key1, &ks);
diff --git a/deps/openssl/openssl/crypto/dh/build.info b/deps/openssl/openssl/crypto/dh/build.info
index dba93066ae..b19ff6dbac 100644
--- a/deps/openssl/openssl/crypto/dh/build.info
+++ b/deps/openssl/openssl/crypto/dh/build.info
@@ -1,4 +1,5 @@
 LIBS=../../libcrypto
 SOURCE[../../libcrypto]=\
         dh_asn1.c dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c dh_depr.c \
-        dh_ameth.c dh_pmeth.c dh_prn.c dh_rfc5114.c dh_kdf.c dh_meth.c
+        dh_ameth.c dh_pmeth.c dh_prn.c dh_rfc5114.c dh_kdf.c dh_meth.c \
+        dh_rfc7919.c
diff --git a/deps/openssl/openssl/crypto/dh/dh_ameth.c b/deps/openssl/openssl/crypto/dh/dh_ameth.c
index cd77867dee..05a1d4227e 100644
--- a/deps/openssl/openssl/crypto/dh/dh_ameth.c
+++ b/deps/openssl/openssl/crypto/dh/dh_ameth.c
@@ -326,7 +326,7 @@ static int do_dh_print(BIO *bp, const DH *x, int indent, int ptype)
                 goto err;
         }
         if (BIO_write(bp, "\n", 1) <= 0)
-            return (0);
+            return 0;
     }
     if (x->counter && !ASN1_bn_print(bp, "counter:", x->counter, NULL, indent))
         goto err;
@@ -346,7 +346,7 @@ static int do_dh_print(BIO *bp, const DH *x, int indent, int ptype)
 
 static int int_dh_size(const EVP_PKEY *pkey)
 {
-    return (DH_size(pkey->pkey.dh));
+    return DH_size(pkey->pkey.dh);
 }
 
 static int dh_bits(const EVP_PKEY *pkey)
@@ -374,13 +374,19 @@ static int dh_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
 static int int_dh_bn_cpy(BIGNUM **dst, const BIGNUM *src)
 {
     BIGNUM *a;
-    if (src) {
-        a = BN_dup(src);
-        if (!a)
-            return 0;
-    } else
+
+    /*
+     * If source is read only just copy the pointer, so
+     * we don't have to reallocate it.
+     */
+    if (src == NULL)
         a = NULL;
-    BN_free(*dst);
+    else if (BN_get_flags(src, BN_FLG_STATIC_DATA)
+                && !BN_get_flags(src, BN_FLG_MALLOCED))
+        a = (BIGNUM *)src;
+    else if ((a = BN_dup(src)) == NULL)
+        return 0;
+    BN_clear_free(*dst);
     *dst = a;
     return 1;
 }
@@ -503,6 +509,25 @@ static int dh_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
 
 }
 
+static int dh_pkey_public_check(const EVP_PKEY *pkey)
+{
+    DH *dh = pkey->pkey.dh;
+
+    if (dh->pub_key == NULL) {
+        DHerr(DH_F_DH_PKEY_PUBLIC_CHECK, DH_R_MISSING_PUBKEY);
+        return 0;
+    }
+
+    return DH_check_pub_key_ex(dh, dh->pub_key);
+}
+
+static int dh_pkey_param_check(const EVP_PKEY *pkey)
+{
+    DH *dh = pkey->pkey.dh;
+
+    return DH_check_ex(dh);
+}
+
 const EVP_PKEY_ASN1_METHOD dh_asn1_meth = {
     EVP_PKEY_DH,
     EVP_PKEY_DH,
@@ -533,7 +558,13 @@ const EVP_PKEY_ASN1_METHOD dh_asn1_meth = {
     0,
 
     int_dh_free,
-    0
+    0,
+
+    0, 0, 0, 0, 0,
+
+    0,
+    dh_pkey_public_check,
+    dh_pkey_param_check
 };
 
 const EVP_PKEY_ASN1_METHOD dhx_asn1_meth = {
@@ -566,7 +597,13 @@ const EVP_PKEY_ASN1_METHOD dhx_asn1_meth = {
     0,
 
     int_dh_free,
-    dh_pkey_ctrl
+    dh_pkey_ctrl,
+
+    0, 0, 0, 0, 0,
+
+    0,
+    dh_pkey_public_check,
+    dh_pkey_param_check
 };
 
 #ifndef OPENSSL_NO_CMS
diff --git a/deps/openssl/openssl/crypto/dh/dh_asn1.c b/deps/openssl/openssl/crypto/dh/dh_asn1.c
index 7c72fd64e5..1a40633b48 100644
--- a/deps/openssl/openssl/crypto/dh/dh_asn1.c
+++ b/deps/openssl/openssl/crypto/dh/dh_asn1.c
@@ -34,7 +34,7 @@ static int dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
 ASN1_SEQUENCE_cb(DHparams, dh_cb) = {
         ASN1_SIMPLE(DH, p, BIGNUM),
         ASN1_SIMPLE(DH, g, BIGNUM),
-        ASN1_OPT(DH, length, ZLONG),
+        ASN1_OPT_EMBED(DH, length, ZINT32),
 } ASN1_SEQUENCE_END_cb(DH, DHparams)
 
 IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DH, DHparams, DHparams)
diff --git a/deps/openssl/openssl/crypto/dh/dh_check.c b/deps/openssl/openssl/crypto/dh/dh_check.c
index 3b0fa5903e..fc45577101 100644
--- a/deps/openssl/openssl/crypto/dh/dh_check.c
+++ b/deps/openssl/openssl/crypto/dh/dh_check.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -18,6 +18,19 @@
  * p is odd
  * 1 < g < p - 1
  */
+int DH_check_params_ex(const DH *dh)
+{
+    int errflags = 0;
+
+    (void)DH_check_params(dh, &errflags);
+
+    if ((errflags & DH_CHECK_P_NOT_PRIME) != 0)
+        DHerr(DH_F_DH_CHECK_PARAMS_EX, DH_R_CHECK_P_NOT_PRIME);
+    if ((errflags & DH_NOT_SUITABLE_GENERATOR) != 0)
+        DHerr(DH_F_DH_CHECK_PARAMS_EX, DH_R_NOT_SUITABLE_GENERATOR);
+
+    return errflags == 0;
+}
 
 int DH_check_params(const DH *dh, int *ret)
 {
@@ -49,7 +62,7 @@ int DH_check_params(const DH *dh, int *ret)
         BN_CTX_end(ctx);
         BN_CTX_free(ctx);
     }
-    return (ok);
+    return ok;
 }
 
 /*-
@@ -61,6 +74,29 @@ int DH_check_params(const DH *dh, int *ret)
  * for 5, p mod 10 == 3 or 7
  * should hold.
  */
+int DH_check_ex(const DH *dh)
+{
+    int errflags = 0;
+
+    (void)DH_check(dh, &errflags);
+
+    if ((errflags & DH_NOT_SUITABLE_GENERATOR) != 0)
+        DHerr(DH_F_DH_CHECK_EX, DH_R_NOT_SUITABLE_GENERATOR);
+    if ((errflags & DH_CHECK_Q_NOT_PRIME) != 0)
+        DHerr(DH_F_DH_CHECK_EX, DH_R_CHECK_Q_NOT_PRIME);
+    if ((errflags & DH_CHECK_INVALID_Q_VALUE) != 0)
+        DHerr(DH_F_DH_CHECK_EX, DH_R_CHECK_INVALID_Q_VALUE);
+    if ((errflags & DH_CHECK_INVALID_J_VALUE) != 0)
+        DHerr(DH_F_DH_CHECK_EX, DH_R_CHECK_INVALID_J_VALUE);
+    if ((errflags & DH_UNABLE_TO_CHECK_GENERATOR) != 0)
+        DHerr(DH_F_DH_CHECK_EX, DH_R_UNABLE_TO_CHECK_GENERATOR);
+    if ((errflags & DH_CHECK_P_NOT_PRIME) != 0)
+        DHerr(DH_F_DH_CHECK_EX, DH_R_CHECK_P_NOT_PRIME);
+    if ((errflags & DH_CHECK_P_NOT_SAFE_PRIME) != 0)
+        DHerr(DH_F_DH_CHECK_EX, DH_R_CHECK_P_NOT_SAFE_PRIME);
+
+    return errflags == 0;
+}
 
 int DH_check(const DH *dh, int *ret)
 {
@@ -75,8 +111,6 @@ int DH_check(const DH *dh, int *ret)
         goto err;
     BN_CTX_start(ctx);
     t1 = BN_CTX_get(ctx);
-    if (t1 == NULL)
-        goto err;
     t2 = BN_CTX_get(ctx);
     if (t2 == NULL)
         goto err;
@@ -132,7 +166,7 @@ int DH_check(const DH *dh, int *ret)
         r = BN_is_prime_ex(t1, BN_prime_checks, ctx, NULL);
         if (r < 0)
             goto err;
-	if (!r)
+        if (!r)
             *ret |= DH_CHECK_P_NOT_SAFE_PRIME;
     }
     ok = 1;
@@ -141,7 +175,23 @@ int DH_check(const DH *dh, int *ret)
         BN_CTX_end(ctx);
         BN_CTX_free(ctx);
     }
-    return (ok);
+    return ok;
+}
+
+int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key)
+{
+    int errflags = 0;
+
+    (void)DH_check(dh, &errflags);
+
+    if ((errflags & DH_CHECK_PUBKEY_TOO_SMALL) != 0)
+        DHerr(DH_F_DH_CHECK_PUB_KEY_EX, DH_R_CHECK_PUBKEY_TOO_SMALL);
+    if ((errflags & DH_CHECK_PUBKEY_TOO_LARGE) != 0)
+        DHerr(DH_F_DH_CHECK_PUB_KEY_EX, DH_R_CHECK_PUBKEY_TOO_LARGE);
+    if ((errflags & DH_CHECK_PUBKEY_INVALID) != 0)
+        DHerr(DH_F_DH_CHECK_PUB_KEY_EX, DH_R_CHECK_PUBKEY_INVALID);
+
+    return errflags == 0;
 }
 
 int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
@@ -179,5 +229,5 @@ int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
         BN_CTX_end(ctx);
         BN_CTX_free(ctx);
     }
-    return (ok);
+    return ok;
 }
diff --git a/deps/openssl/openssl/crypto/dh/dh_err.c b/deps/openssl/openssl/crypto/dh/dh_err.c
index 4e21f284bd..7285587b4a 100644
--- a/deps/openssl/openssl/crypto/dh/dh_err.c
+++ b/deps/openssl/openssl/crypto/dh/dh_err.c
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -8,53 +8,82 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
 #include <openssl/err.h>
-#include <openssl/dh.h>
+#include <openssl/dherr.h>
 
-/* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_DH,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_DH,0,reason)
-
-static ERR_STRING_DATA DH_str_functs[] = {
-    {ERR_FUNC(DH_F_COMPUTE_KEY), "compute_key"},
-    {ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"},
-    {ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS), "dh_builtin_genparams"},
-    {ERR_FUNC(DH_F_DH_CMS_DECRYPT), "dh_cms_decrypt"},
-    {ERR_FUNC(DH_F_DH_CMS_SET_PEERKEY), "dh_cms_set_peerkey"},
-    {ERR_FUNC(DH_F_DH_CMS_SET_SHARED_INFO), "dh_cms_set_shared_info"},
-    {ERR_FUNC(DH_F_DH_METH_DUP), "DH_meth_dup"},
-    {ERR_FUNC(DH_F_DH_METH_NEW), "DH_meth_new"},
-    {ERR_FUNC(DH_F_DH_METH_SET1_NAME), "DH_meth_set1_name"},
-    {ERR_FUNC(DH_F_DH_NEW_METHOD), "DH_new_method"},
-    {ERR_FUNC(DH_F_DH_PARAM_DECODE), "dh_param_decode"},
-    {ERR_FUNC(DH_F_DH_PRIV_DECODE), "dh_priv_decode"},
-    {ERR_FUNC(DH_F_DH_PRIV_ENCODE), "dh_priv_encode"},
-    {ERR_FUNC(DH_F_DH_PUB_DECODE), "dh_pub_decode"},
-    {ERR_FUNC(DH_F_DH_PUB_ENCODE), "dh_pub_encode"},
-    {ERR_FUNC(DH_F_DO_DH_PRINT), "do_dh_print"},
-    {ERR_FUNC(DH_F_GENERATE_KEY), "generate_key"},
-    {ERR_FUNC(DH_F_PKEY_DH_DERIVE), "pkey_dh_derive"},
-    {ERR_FUNC(DH_F_PKEY_DH_KEYGEN), "pkey_dh_keygen"},
+static const ERR_STRING_DATA DH_str_functs[] = {
+    {ERR_PACK(ERR_LIB_DH, DH_F_COMPUTE_KEY, 0), "compute_key"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DHPARAMS_PRINT_FP, 0), "DHparams_print_fp"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_BUILTIN_GENPARAMS, 0),
+     "dh_builtin_genparams"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_EX, 0), "DH_check_ex"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PARAMS_EX, 0), "DH_check_params_ex"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PUB_KEY_EX, 0), "DH_check_pub_key_ex"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_DECRYPT, 0), "dh_cms_decrypt"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_SET_PEERKEY, 0), "dh_cms_set_peerkey"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_SET_SHARED_INFO, 0),
+     "dh_cms_set_shared_info"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_METH_DUP, 0), "DH_meth_dup"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_METH_NEW, 0), "DH_meth_new"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_METH_SET1_NAME, 0), "DH_meth_set1_name"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_NEW_BY_NID, 0), "DH_new_by_nid"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_NEW_METHOD, 0), "DH_new_method"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_PARAM_DECODE, 0), "dh_param_decode"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_PKEY_PUBLIC_CHECK, 0),
+     "dh_pkey_public_check"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_PRIV_DECODE, 0), "dh_priv_decode"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_PRIV_ENCODE, 0), "dh_priv_encode"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_PUB_DECODE, 0), "dh_pub_decode"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_PUB_ENCODE, 0), "dh_pub_encode"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DO_DH_PRINT, 0), "do_dh_print"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_GENERATE_KEY, 0), "generate_key"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_PKEY_DH_CTRL_STR, 0), "pkey_dh_ctrl_str"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_PKEY_DH_DERIVE, 0), "pkey_dh_derive"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_PKEY_DH_INIT, 0), "pkey_dh_init"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_PKEY_DH_KEYGEN, 0), "pkey_dh_keygen"},
     {0, NULL}
 };
 
-static ERR_STRING_DATA DH_str_reasons[] = {
-    {ERR_REASON(DH_R_BAD_GENERATOR), "bad generator"},
-    {ERR_REASON(DH_R_BN_DECODE_ERROR), "bn decode error"},
-    {ERR_REASON(DH_R_BN_ERROR), "bn error"},
-    {ERR_REASON(DH_R_DECODE_ERROR), "decode error"},
-    {ERR_REASON(DH_R_INVALID_PUBKEY), "invalid public key"},
-    {ERR_REASON(DH_R_KDF_PARAMETER_ERROR), "kdf parameter error"},
-    {ERR_REASON(DH_R_KEYS_NOT_SET), "keys not set"},
-    {ERR_REASON(DH_R_MODULUS_TOO_LARGE), "modulus too large"},
-    {ERR_REASON(DH_R_NO_PARAMETERS_SET), "no parameters set"},
-    {ERR_REASON(DH_R_NO_PRIVATE_VALUE), "no private value"},
-    {ERR_REASON(DH_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"},
-    {ERR_REASON(DH_R_PEER_KEY_ERROR), "peer key error"},
-    {ERR_REASON(DH_R_SHARED_INFO_ERROR), "shared info error"},
+static const ERR_STRING_DATA DH_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_BAD_GENERATOR), "bad generator"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_BN_DECODE_ERROR), "bn decode error"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_BN_ERROR), "bn error"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_INVALID_J_VALUE),
+    "check invalid j value"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_INVALID_Q_VALUE),
+    "check invalid q value"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_PUBKEY_INVALID),
+    "check pubkey invalid"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_PUBKEY_TOO_LARGE),
+    "check pubkey too large"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_PUBKEY_TOO_SMALL),
+    "check pubkey too small"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_P_NOT_PRIME), "check p not prime"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_P_NOT_SAFE_PRIME),
+    "check p not safe prime"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_Q_NOT_PRIME), "check q not prime"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_DECODE_ERROR), "decode error"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_INVALID_PARAMETER_NAME),
+    "invalid parameter name"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_INVALID_PARAMETER_NID),
+    "invalid parameter nid"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_INVALID_PUBKEY), "invalid public key"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_KDF_PARAMETER_ERROR), "kdf parameter error"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_KEYS_NOT_SET), "keys not set"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_MISSING_PUBKEY), "missing pubkey"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_MODULUS_TOO_LARGE), "modulus too large"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_NOT_SUITABLE_GENERATOR),
+    "not suitable generator"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_NO_PARAMETERS_SET), "no parameters set"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_NO_PRIVATE_VALUE), "no private value"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_PARAMETER_ENCODING_ERROR),
+    "parameter encoding error"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_PEER_KEY_ERROR), "peer key error"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_SHARED_INFO_ERROR), "shared info error"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_UNABLE_TO_CHECK_GENERATOR),
+    "unable to check generator"},
     {0, NULL}
 };
 
@@ -63,10 +92,9 @@ static ERR_STRING_DATA DH_str_reasons[] = {
 int ERR_load_DH_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
-
     if (ERR_func_error_string(DH_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, DH_str_functs);
-        ERR_load_strings(0, DH_str_reasons);
+        ERR_load_strings_const(DH_str_functs);
+        ERR_load_strings_const(DH_str_reasons);
     }
 #endif
     return 1;
diff --git a/deps/openssl/openssl/crypto/dh/dh_gen.c b/deps/openssl/openssl/crypto/dh/dh_gen.c
index 27ecb983d1..59137e0f05 100644
--- a/deps/openssl/openssl/crypto/dh/dh_gen.c
+++ b/deps/openssl/openssl/crypto/dh/dh_gen.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -43,7 +43,7 @@ int DH_generate_parameters_ex(DH *ret, int prime_len, int generator,
  * for 3, p mod 12 == 5  <<<<< does not work for safe primes.
  * for 5, p mod 10 == 3 or 7
  *
- * Thanks to Phil Karn <karn@qualcomm.com> for the pointers about the
+ * Thanks to Phil Karn for the pointers about the
  * special generators and for answering some of my questions.
  *
  * I've implemented the second simple method :-).
@@ -68,7 +68,7 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
     BN_CTX_start(ctx);
     t1 = BN_CTX_get(ctx);
     t2 = BN_CTX_get(ctx);
-    if (t1 == NULL || t2 == NULL)
+    if (t2 == NULL)
         goto err;
 
     /* Make sure 'ret' has the necessary elements */
diff --git a/deps/openssl/openssl/crypto/dh/dh_kdf.c b/deps/openssl/openssl/crypto/dh/dh_kdf.c
index 2782eeee6e..e17122bc82 100644
--- a/deps/openssl/openssl/crypto/dh/dh_kdf.c
+++ b/deps/openssl/openssl/crypto/dh/dh_kdf.c
@@ -7,7 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <e_os.h>
+#include "e_os.h"
 
 #ifndef OPENSSL_NO_CMS
 #include <string.h>
diff --git a/deps/openssl/openssl/crypto/dh/dh_key.c b/deps/openssl/openssl/crypto/dh/dh_key.c
index b53a063244..4f85be7e49 100644
--- a/deps/openssl/openssl/crypto/dh/dh_key.c
+++ b/deps/openssl/openssl/crypto/dh/dh_key.c
@@ -116,14 +116,14 @@ static int generate_key(DH *dh)
     if (generate_new_key) {
         if (dh->q) {
             do {
-                if (!BN_rand_range(priv_key, dh->q))
+                if (!BN_priv_rand_range(priv_key, dh->q))
                     goto err;
             }
             while (BN_is_zero(priv_key) || BN_is_one(priv_key));
         } else {
             /* secret exponent length */
             l = dh->length ? dh->length : BN_num_bits(dh->p) - 1;
-            if (!BN_rand(priv_key, l, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY))
+            if (!BN_priv_rand(priv_key, l, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY))
                 goto err;
         }
     }
@@ -155,7 +155,7 @@ static int generate_key(DH *dh)
     if (priv_key != dh->priv_key)
         BN_free(priv_key);
     BN_CTX_free(ctx);
-    return (ok);
+    return ok;
 }
 
 static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
@@ -209,7 +209,7 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
         BN_CTX_end(ctx);
         BN_CTX_free(ctx);
     }
-    return (ret);
+    return ret;
 }
 
 static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
@@ -222,11 +222,11 @@ static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
 static int dh_init(DH *dh)
 {
     dh->flags |= DH_FLAG_CACHE_MONT_P;
-    return (1);
+    return 1;
 }
 
 static int dh_finish(DH *dh)
 {
     BN_MONT_CTX_free(dh->method_mont_p);
-    return (1);
+    return 1;
 }
diff --git a/deps/openssl/openssl/crypto/dh/dh_lib.c b/deps/openssl/openssl/crypto/dh/dh_lib.c
index 2e727df897..962f864dee 100644
--- a/deps/openssl/openssl/crypto/dh/dh_lib.c
+++ b/deps/openssl/openssl/crypto/dh/dh_lib.c
@@ -9,6 +9,7 @@
 
 #include <stdio.h>
 #include "internal/cryptlib.h"
+#include "internal/refcount.h"
 #include <openssl/bn.h>
 #include "dh_locl.h"
 #include <openssl/engine.h>
@@ -99,7 +100,7 @@ void DH_free(DH *r)
     if (r == NULL)
         return;
 
-    CRYPTO_atomic_add(&r->references, -1, &i, r->lock);
+    CRYPTO_DOWN_REF(&r->references, &i, r->lock);
     REF_PRINT_COUNT("DH", r);
     if (i > 0)
         return;
@@ -130,7 +131,7 @@ int DH_up_ref(DH *r)
 {
     int i;
 
-    if (CRYPTO_atomic_add(&r->references, 1, &i, r->lock) <= 0)
+    if (CRYPTO_UP_REF(&r->references, &i, r->lock) <= 0)
         return 0;
 
     REF_PRINT_COUNT("DH", r);
@@ -140,12 +141,12 @@ int DH_up_ref(DH *r)
 
 int DH_set_ex_data(DH *d, int idx, void *arg)
 {
-    return (CRYPTO_set_ex_data(&d->ex_data, idx, arg));
+    return CRYPTO_set_ex_data(&d->ex_data, idx, arg);
 }
 
 void *DH_get_ex_data(DH *d, int idx)
 {
-    return (CRYPTO_get_ex_data(&d->ex_data, idx));
+    return CRYPTO_get_ex_data(&d->ex_data, idx);
 }
 
 int DH_bits(const DH *dh)
@@ -155,7 +156,7 @@ int DH_bits(const DH *dh)
 
 int DH_size(const DH *dh)
 {
-    return (BN_num_bytes(dh->p));
+    return BN_num_bytes(dh->p);
 }
 
 int DH_security_bits(const DH *dh)
@@ -244,6 +245,31 @@ int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
     return 1;
 }
 
+const BIGNUM *DH_get0_p(const DH *dh)
+{
+    return dh->p;
+}
+
+const BIGNUM *DH_get0_q(const DH *dh)
+{
+    return dh->q;
+}
+
+const BIGNUM *DH_get0_g(const DH *dh)
+{
+    return dh->g;
+}
+
+const BIGNUM *DH_get0_priv_key(const DH *dh)
+{
+    return dh->priv_key;
+}
+
+const BIGNUM *DH_get0_pub_key(const DH *dh)
+{
+    return dh->pub_key;
+}
+
 void DH_clear_flags(DH *dh, int flags)
 {
     dh->flags &= ~flags;
diff --git a/deps/openssl/openssl/crypto/dh/dh_locl.h b/deps/openssl/openssl/crypto/dh/dh_locl.h
index 19301c3185..0a8391a6c0 100644
--- a/deps/openssl/openssl/crypto/dh/dh_locl.h
+++ b/deps/openssl/openssl/crypto/dh/dh_locl.h
@@ -8,6 +8,7 @@
  */
 
 #include <openssl/dh.h>
+#include "internal/refcount.h"
 
 struct dh_st {
     /*
@@ -18,7 +19,7 @@ struct dh_st {
     int version;
     BIGNUM *p;
     BIGNUM *g;
-    long length;                /* optional */
+    int32_t length;             /* optional */
     BIGNUM *pub_key;            /* g^x % p */
     BIGNUM *priv_key;           /* x */
     int flags;
@@ -29,7 +30,7 @@ struct dh_st {
     unsigned char *seed;
     int seedlen;
     BIGNUM *counter;
-    int references;
+    CRYPTO_REF_COUNT references;
     CRYPTO_EX_DATA ex_data;
     const DH_METHOD *meth;
     ENGINE *engine;
diff --git a/deps/openssl/openssl/crypto/dh/dh_pmeth.c b/deps/openssl/openssl/crypto/dh/dh_pmeth.c
index c3e03c7a42..cce2d9e26e 100644
--- a/deps/openssl/openssl/crypto/dh/dh_pmeth.c
+++ b/deps/openssl/openssl/crypto/dh/dh_pmeth.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -26,9 +26,11 @@ typedef struct {
     int generator;
     int use_dsa;
     int subprime_len;
+    int pad;
     /* message digest used for parameter generation */
     const EVP_MD *md;
     int rfc5114_param;
+    int param_nid;
     /* Keygen callback info */
     int gentmp[2];
     /* KDF (if any) to use for DH */
@@ -48,9 +50,10 @@ static int pkey_dh_init(EVP_PKEY_CTX *ctx)
 {
     DH_PKEY_CTX *dctx;
 
-    dctx = OPENSSL_zalloc(sizeof(*dctx));
-    if (dctx == NULL)
+    if ((dctx = OPENSSL_zalloc(sizeof(*dctx))) == NULL) {
+        DHerr(DH_F_PKEY_DH_INIT, ERR_R_MALLOC_FAILURE);
         return 0;
+    }
     dctx->prime_len = 1024;
     dctx->subprime_len = -1;
     dctx->generator = 2;
@@ -85,8 +88,10 @@ static int pkey_dh_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
     dctx->subprime_len = sctx->subprime_len;
     dctx->generator = sctx->generator;
     dctx->use_dsa = sctx->use_dsa;
+    dctx->pad = sctx->pad;
     dctx->md = sctx->md;
     dctx->rfc5114_param = sctx->rfc5114_param;
+    dctx->param_nid = sctx->param_nid;
 
     dctx->kdf_type = sctx->kdf_type;
     dctx->kdf_oid = OBJ_dup(sctx->kdf_oid);
@@ -119,6 +124,10 @@ static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
         dctx->subprime_len = p1;
         return 1;
 
+    case EVP_PKEY_CTRL_DH_PAD:
+        dctx->pad = p1;
+        return 1;
+
     case EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR:
         if (dctx->use_dsa)
             return -2;
@@ -137,11 +146,17 @@ static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
         return 1;
 
     case EVP_PKEY_CTRL_DH_RFC5114:
-        if (p1 < 1 || p1 > 3)
+        if (p1 < 1 || p1 > 3 || dctx->param_nid != NID_undef)
             return -2;
         dctx->rfc5114_param = p1;
         return 1;
 
+    case EVP_PKEY_CTRL_DH_NID:
+        if (p1 <= 0 || dctx->rfc5114_param != 0)
+            return -2;
+        dctx->param_nid = p1;
+        return 1;
+
     case EVP_PKEY_CTRL_PEER_KEY:
         /* Default behaviour is OK */
         return 1;
@@ -221,6 +236,17 @@ static int pkey_dh_ctrl_str(EVP_PKEY_CTX *ctx,
         dctx->rfc5114_param = len;
         return 1;
     }
+    if (strcmp(type, "dh_param") == 0) {
+        DH_PKEY_CTX *dctx = ctx->data;
+        int nid = OBJ_sn2nid(value);
+
+        if (nid == NID_undef) {
+            DHerr(DH_F_PKEY_DH_CTRL_STR, DH_R_INVALID_PARAMETER_NAME);
+            return -2;
+        }
+        dctx->param_nid = nid;
+        return 1;
+    }
     if (strcmp(type, "dh_paramgen_generator") == 0) {
         int len;
         len = atoi(value);
@@ -236,6 +262,11 @@ static int pkey_dh_ctrl_str(EVP_PKEY_CTX *ctx,
         typ = atoi(value);
         return EVP_PKEY_CTX_set_dh_paramgen_type(ctx, typ);
     }
+    if (strcmp(type, "dh_pad") == 0) {
+        int pad;
+        pad = atoi(value);
+        return EVP_PKEY_CTX_set_dh_pad(ctx, pad);
+    }
     return -2;
 }
 
@@ -320,6 +351,13 @@ static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
         return 1;
     }
 
+    if (dctx->param_nid != 0) {
+        if ((dh = DH_new_by_nid(dctx->param_nid)) == NULL)
+            return 0;
+        EVP_PKEY_assign(pkey, EVP_PKEY_DH, dh);
+        return 1;
+    }
+
     if (ctx->pkey_gencb) {
         pcb = BN_GENCB_new();
         if (pcb == NULL)
@@ -359,17 +397,22 @@ static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
 
 static int pkey_dh_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
 {
+    DH_PKEY_CTX *dctx = ctx->data;
     DH *dh = NULL;
-    if (ctx->pkey == NULL) {
+
+    if (ctx->pkey == NULL && dctx->param_nid == 0) {
         DHerr(DH_F_PKEY_DH_KEYGEN, DH_R_NO_PARAMETERS_SET);
         return 0;
     }
-    dh = DH_new();
+    if (dctx->param_nid != 0)
+        dh = DH_new_by_nid(dctx->param_nid);
+    else
+        dh = DH_new();
     if (dh == NULL)
         return 0;
     EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, dh);
     /* Note: if error return, pkey is freed by parent routine */
-    if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey))
+    if (ctx->pkey != NULL && !EVP_PKEY_copy_parameters(pkey, ctx->pkey))
         return 0;
     return DH_generate_key(pkey->pkey.dh);
 }
@@ -392,7 +435,10 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
             *keylen = DH_size(dh);
             return 1;
         }
-        ret = DH_compute_key(key, dhpub, dh);
+        if (dctx->pad)
+            ret = DH_compute_key_padded(key, dhpub, dh);
+        else
+            ret = DH_compute_key(key, dhpub, dh);
         if (ret < 0)
             return ret;
         *keylen = ret;
diff --git a/deps/openssl/openssl/crypto/dh/dh_prn.c b/deps/openssl/openssl/crypto/dh/dh_prn.c
index 283fb0f4a3..aab1733db3 100644
--- a/deps/openssl/openssl/crypto/dh/dh_prn.c
+++ b/deps/openssl/openssl/crypto/dh/dh_prn.c
@@ -20,11 +20,11 @@ int DHparams_print_fp(FILE *fp, const DH *x)
 
     if ((b = BIO_new(BIO_s_file())) == NULL) {
         DHerr(DH_F_DHPARAMS_PRINT_FP, ERR_R_BUF_LIB);
-        return (0);
+        return 0;
     }
     BIO_set_fp(b, fp, BIO_NOCLOSE);
     ret = DHparams_print(b, x);
     BIO_free(b);
-    return (ret);
+    return ret;
 }
 #endif
diff --git a/deps/openssl/openssl/crypto/dh/dh_rfc7919.c b/deps/openssl/openssl/crypto/dh/dh_rfc7919.c
new file mode 100644
index 0000000000..a54b468e55
--- /dev/null
+++ b/deps/openssl/openssl/crypto/dh/dh_rfc7919.c
@@ -0,0 +1,74 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "dh_locl.h"
+#include <openssl/bn.h>
+#include <openssl/objects.h>
+#include "internal/bn_dh.h"
+
+static DH *dh_param_init(const BIGNUM *p, int32_t nbits)
+{
+    DH *dh = DH_new();
+    if (dh == NULL)
+        return NULL;
+    dh->p = (BIGNUM *)p;
+    dh->g = (BIGNUM *)&_bignum_const_2;
+    dh->length = nbits;
+    return dh;
+}
+
+DH *DH_new_by_nid(int nid)
+{
+    switch (nid) {
+    case NID_ffdhe2048:
+        return dh_param_init(&_bignum_ffdhe2048_p, 225);
+    case NID_ffdhe3072:
+        return dh_param_init(&_bignum_ffdhe3072_p, 275);
+    case NID_ffdhe4096:
+        return dh_param_init(&_bignum_ffdhe4096_p, 325);
+    case NID_ffdhe6144:
+        return dh_param_init(&_bignum_ffdhe6144_p, 375);
+    case NID_ffdhe8192:
+        return dh_param_init(&_bignum_ffdhe8192_p, 400);
+    default:
+        DHerr(DH_F_DH_NEW_BY_NID, DH_R_INVALID_PARAMETER_NID);
+        return NULL;
+    }
+}
+
+int DH_get_nid(const DH *dh)
+{
+    int nid;
+
+    if (BN_get_word(dh->g) != 2)
+        return NID_undef;
+    if (!BN_cmp(dh->p, &_bignum_ffdhe2048_p))
+        nid = NID_ffdhe2048;
+    else if (!BN_cmp(dh->p, &_bignum_ffdhe3072_p))
+        nid = NID_ffdhe3072;
+    else if (!BN_cmp(dh->p, &_bignum_ffdhe4096_p))
+        nid = NID_ffdhe4096;
+    else if (!BN_cmp(dh->p, &_bignum_ffdhe6144_p))
+        nid = NID_ffdhe6144;
+    else if (!BN_cmp(dh->p, &_bignum_ffdhe8192_p))
+        nid = NID_ffdhe8192;
+    else
+        return NID_undef;
+    if (dh->q != NULL) {
+        BIGNUM *q = BN_dup(dh->p);
+
+        /* Check q = p * 2 + 1 we already know q is odd, so just shift right */
+        if (q == NULL || !BN_rshift1(q, q) || !BN_cmp(dh->q, q))
+            nid = NID_undef;
+        BN_free(q);
+    }
+    return nid;
+}
diff --git a/deps/openssl/openssl/crypto/dllmain.c b/deps/openssl/openssl/crypto/dllmain.c
index 91904aad98..0838c55e48 100644
--- a/deps/openssl/openssl/crypto/dllmain.c
+++ b/deps/openssl/openssl/crypto/dllmain.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -7,6 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
+#include "e_os.h"
 #include "internal/cryptlib_int.h"
 
 #if defined(_WIN32) || defined(__CYGWIN__)
@@ -30,21 +31,6 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
     switch (fdwReason) {
     case DLL_PROCESS_ATTACH:
         OPENSSL_cpuid_setup();
-# if defined(_WIN32_WINNT)
-        {
-            IMAGE_DOS_HEADER *dos_header = (IMAGE_DOS_HEADER *) hinstDLL;
-            IMAGE_NT_HEADERS *nt_headers;
-
-            if (dos_header->e_magic == IMAGE_DOS_SIGNATURE) {
-                nt_headers = (IMAGE_NT_HEADERS *) ((char *)dos_header
-                                                   + dos_header->e_lfanew);
-                if (nt_headers->Signature == IMAGE_NT_SIGNATURE &&
-                    hinstDLL !=
-                    (HINSTANCE) (nt_headers->OptionalHeader.ImageBase))
-                    OPENSSL_NONPIC_relocated = 1;
-            }
-        }
-# endif
         break;
     case DLL_THREAD_ATTACH:
         break;
@@ -54,7 +40,7 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
     case DLL_PROCESS_DETACH:
         break;
     }
-    return (TRUE);
+    return TRUE;
 }
 #endif
 
diff --git a/deps/openssl/openssl/crypto/dsa/dsa_ameth.c b/deps/openssl/openssl/crypto/dsa/dsa_ameth.c
index d4e4066c49..9c5b8aa02e 100644
--- a/deps/openssl/openssl/crypto/dsa/dsa_ameth.c
+++ b/deps/openssl/openssl/crypto/dsa/dsa_ameth.c
@@ -254,7 +254,7 @@ static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
 
 static int int_dsa_size(const EVP_PKEY *pkey)
 {
-    return (DSA_size(pkey->pkey.dsa));
+    return DSA_size(pkey->pkey.dsa);
 }
 
 static int dsa_bits(const EVP_PKEY *pkey)
@@ -369,7 +369,7 @@ static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype)
         goto err;
     ret = 1;
  err:
-    return (ret);
+    return ret;
 }
 
 static int dsa_param_decode(EVP_PKEY *pkey,
diff --git a/deps/openssl/openssl/crypto/dsa/dsa_asn1.c b/deps/openssl/openssl/crypto/dsa/dsa_asn1.c
index 551c107506..6499e87ef3 100644
--- a/deps/openssl/openssl/crypto/dsa/dsa_asn1.c
+++ b/deps/openssl/openssl/crypto/dsa/dsa_asn1.c
@@ -75,7 +75,7 @@ static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
 }
 
 ASN1_SEQUENCE_cb(DSAPrivateKey, dsa_cb) = {
-        ASN1_SIMPLE(DSA, version, LONG),
+        ASN1_EMBED(DSA, version, INT32),
         ASN1_SIMPLE(DSA, p, BIGNUM),
         ASN1_SIMPLE(DSA, q, BIGNUM),
         ASN1_SIMPLE(DSA, g, BIGNUM),
@@ -111,15 +111,15 @@ int DSA_sign(int type, const unsigned char *dgst, int dlen,
              unsigned char *sig, unsigned int *siglen, DSA *dsa)
 {
     DSA_SIG *s;
-    RAND_seed(dgst, dlen);
+
     s = DSA_do_sign(dgst, dlen, dsa);
     if (s == NULL) {
         *siglen = 0;
-        return (0);
+        return 0;
     }
     *siglen = i2d_DSA_SIG(s, &sig);
     DSA_SIG_free(s);
-    return (1);
+    return 1;
 }
 
 /* data has already been hashed (probably with SHA or SHA-1). */
@@ -140,7 +140,7 @@ int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
 
     s = DSA_SIG_new();
     if (s == NULL)
-        return (ret);
+        return ret;
     if (d2i_DSA_SIG(&s, &p, siglen) == NULL)
         goto err;
     /* Ensure signature uses DER and doesn't have trailing garbage */
@@ -151,5 +151,5 @@ int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
  err:
     OPENSSL_clear_free(der, derlen);
     DSA_SIG_free(s);
-    return (ret);
+    return ret;
 }
diff --git a/deps/openssl/openssl/crypto/dsa/dsa_err.c b/deps/openssl/openssl/crypto/dsa/dsa_err.c
index 132008803e..8f97f6f3f9 100644
--- a/deps/openssl/openssl/crypto/dsa/dsa_err.c
+++ b/deps/openssl/openssl/crypto/dsa/dsa_err.c
@@ -8,57 +8,57 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
 #include <openssl/err.h>
-#include <openssl/dsa.h>
+#include <openssl/dsaerr.h>
 
-/* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_DSA,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSA,0,reason)
-
-static ERR_STRING_DATA DSA_str_functs[] = {
-    {ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"},
-    {ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP), "DSAparams_print_fp"},
-    {ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN), "dsa_builtin_paramgen"},
-    {ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN2), "dsa_builtin_paramgen2"},
-    {ERR_FUNC(DSA_F_DSA_DO_SIGN), "DSA_do_sign"},
-    {ERR_FUNC(DSA_F_DSA_DO_VERIFY), "DSA_do_verify"},
-    {ERR_FUNC(DSA_F_DSA_METH_DUP), "DSA_meth_dup"},
-    {ERR_FUNC(DSA_F_DSA_METH_NEW), "DSA_meth_new"},
-    {ERR_FUNC(DSA_F_DSA_METH_SET1_NAME), "DSA_meth_set1_name"},
-    {ERR_FUNC(DSA_F_DSA_NEW_METHOD), "DSA_new_method"},
-    {ERR_FUNC(DSA_F_DSA_PARAM_DECODE), "dsa_param_decode"},
-    {ERR_FUNC(DSA_F_DSA_PRINT_FP), "DSA_print_fp"},
-    {ERR_FUNC(DSA_F_DSA_PRIV_DECODE), "dsa_priv_decode"},
-    {ERR_FUNC(DSA_F_DSA_PRIV_ENCODE), "dsa_priv_encode"},
-    {ERR_FUNC(DSA_F_DSA_PUB_DECODE), "dsa_pub_decode"},
-    {ERR_FUNC(DSA_F_DSA_PUB_ENCODE), "dsa_pub_encode"},
-    {ERR_FUNC(DSA_F_DSA_SIGN), "DSA_sign"},
-    {ERR_FUNC(DSA_F_DSA_SIGN_SETUP), "DSA_sign_setup"},
-    {ERR_FUNC(DSA_F_DSA_SIG_NEW), "DSA_SIG_new"},
-    {ERR_FUNC(DSA_F_OLD_DSA_PRIV_DECODE), "old_dsa_priv_decode"},
-    {ERR_FUNC(DSA_F_PKEY_DSA_CTRL), "pkey_dsa_ctrl"},
-    {ERR_FUNC(DSA_F_PKEY_DSA_CTRL_STR), "pkey_dsa_ctrl_str"},
-    {ERR_FUNC(DSA_F_PKEY_DSA_KEYGEN), "pkey_dsa_keygen"},
+static const ERR_STRING_DATA DSA_str_functs[] = {
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSAPARAMS_PRINT, 0), "DSAparams_print"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSAPARAMS_PRINT_FP, 0), "DSAparams_print_fp"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_BUILTIN_PARAMGEN, 0),
+     "dsa_builtin_paramgen"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_BUILTIN_PARAMGEN2, 0),
+     "dsa_builtin_paramgen2"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_DO_SIGN, 0), "DSA_do_sign"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_DO_VERIFY, 0), "DSA_do_verify"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_METH_DUP, 0), "DSA_meth_dup"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_METH_NEW, 0), "DSA_meth_new"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_METH_SET1_NAME, 0), "DSA_meth_set1_name"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_NEW_METHOD, 0), "DSA_new_method"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_PARAM_DECODE, 0), "dsa_param_decode"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_PRINT_FP, 0), "DSA_print_fp"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_PRIV_DECODE, 0), "dsa_priv_decode"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_PRIV_ENCODE, 0), "dsa_priv_encode"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_PUB_DECODE, 0), "dsa_pub_decode"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_PUB_ENCODE, 0), "dsa_pub_encode"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_SIGN, 0), "DSA_sign"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_SIGN_SETUP, 0), "DSA_sign_setup"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_SIG_NEW, 0), "DSA_SIG_new"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_OLD_DSA_PRIV_DECODE, 0),
+     "old_dsa_priv_decode"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_PKEY_DSA_CTRL, 0), "pkey_dsa_ctrl"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_PKEY_DSA_CTRL_STR, 0), "pkey_dsa_ctrl_str"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_PKEY_DSA_KEYGEN, 0), "pkey_dsa_keygen"},
     {0, NULL}
 };
 
-static ERR_STRING_DATA DSA_str_reasons[] = {
-    {ERR_REASON(DSA_R_BAD_Q_VALUE), "bad q value"},
-    {ERR_REASON(DSA_R_BN_DECODE_ERROR), "bn decode error"},
-    {ERR_REASON(DSA_R_BN_ERROR), "bn error"},
-    {ERR_REASON(DSA_R_DECODE_ERROR), "decode error"},
-    {ERR_REASON(DSA_R_INVALID_DIGEST_TYPE), "invalid digest type"},
-    {ERR_REASON(DSA_R_INVALID_PARAMETERS), "invalid parameters"},
-    {ERR_REASON(DSA_R_MISSING_PARAMETERS), "missing parameters"},
-    {ERR_REASON(DSA_R_MODULUS_TOO_LARGE), "modulus too large"},
-    {ERR_REASON(DSA_R_NO_PARAMETERS_SET), "no parameters set"},
-    {ERR_REASON(DSA_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"},
-    {ERR_REASON(DSA_R_Q_NOT_PRIME), "q not prime"},
-    {ERR_REASON(DSA_R_SEED_LEN_SMALL),
-     "seed_len is less than the length of q"},
+static const ERR_STRING_DATA DSA_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BAD_Q_VALUE), "bad q value"},
+    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BN_DECODE_ERROR), "bn decode error"},
+    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BN_ERROR), "bn error"},
+    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_DECODE_ERROR), "decode error"},
+    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_INVALID_DIGEST_TYPE),
+    "invalid digest type"},
+    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_INVALID_PARAMETERS), "invalid parameters"},
+    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MISSING_PARAMETERS), "missing parameters"},
+    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MODULUS_TOO_LARGE), "modulus too large"},
+    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_NO_PARAMETERS_SET), "no parameters set"},
+    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_PARAMETER_ENCODING_ERROR),
+    "parameter encoding error"},
+    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_Q_NOT_PRIME), "q not prime"},
+    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_SEED_LEN_SMALL),
+    "seed_len is less than the length of q"},
     {0, NULL}
 };
 
@@ -67,10 +67,9 @@ static ERR_STRING_DATA DSA_str_reasons[] = {
 int ERR_load_DSA_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
-
     if (ERR_func_error_string(DSA_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, DSA_str_functs);
-        ERR_load_strings(0, DSA_str_reasons);
+        ERR_load_strings_const(DSA_str_functs);
+        ERR_load_strings_const(DSA_str_reasons);
     }
 #endif
     return 1;
diff --git a/deps/openssl/openssl/crypto/dsa/dsa_gen.c b/deps/openssl/openssl/crypto/dsa/dsa_gen.c
index 46f4f01ee0..383d853b6d 100644
--- a/deps/openssl/openssl/crypto/dsa/dsa_gen.c
+++ b/deps/openssl/openssl/crypto/dsa/dsa_gen.c
@@ -327,6 +327,12 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
     if (mctx == NULL)
         goto err;
 
+    /* make sure L > N, otherwise we'll get trapped in an infinite loop */
+    if (L <= N) {
+        DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_INVALID_PARAMETERS);
+        goto err;
+    }
+
     if (evpmd == NULL) {
         if (N == 160)
             evpmd = EVP_sha1();
diff --git a/deps/openssl/openssl/crypto/dsa/dsa_key.c b/deps/openssl/openssl/crypto/dsa/dsa_key.c
index 31442b1cff..a48af58492 100644
--- a/deps/openssl/openssl/crypto/dsa/dsa_key.c
+++ b/deps/openssl/openssl/crypto/dsa/dsa_key.c
@@ -38,7 +38,7 @@ static int dsa_builtin_keygen(DSA *dsa)
         priv_key = dsa->priv_key;
 
     do
-        if (!BN_rand_range(priv_key, dsa->q))
+        if (!BN_priv_rand_range(priv_key, dsa->q))
             goto err;
     while (BN_is_zero(priv_key)) ;
 
@@ -73,5 +73,5 @@ static int dsa_builtin_keygen(DSA *dsa)
     if (priv_key != dsa->priv_key)
         BN_free(priv_key);
     BN_CTX_free(ctx);
-    return (ok);
+    return ok;
 }
diff --git a/deps/openssl/openssl/crypto/dsa/dsa_lib.c b/deps/openssl/openssl/crypto/dsa/dsa_lib.c
index 08956b9e3d..1048601beb 100644
--- a/deps/openssl/openssl/crypto/dsa/dsa_lib.c
+++ b/deps/openssl/openssl/crypto/dsa/dsa_lib.c
@@ -7,10 +7,9 @@
  * https://www.openssl.org/source/license.html
  */
 
-/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
-
 #include <stdio.h>
 #include "internal/cryptlib.h"
+#include "internal/refcount.h"
 #include <openssl/bn.h>
 #include "dsa_locl.h"
 #include <openssl/asn1.h>
@@ -108,7 +107,7 @@ void DSA_free(DSA *r)
     if (r == NULL)
         return;
 
-    CRYPTO_atomic_add(&r->references, -1, &i, r->lock);
+    CRYPTO_DOWN_REF(&r->references, &i, r->lock);
     REF_PRINT_COUNT("DSA", r);
     if (i > 0)
         return;
@@ -136,7 +135,7 @@ int DSA_up_ref(DSA *r)
 {
     int i;
 
-    if (CRYPTO_atomic_add(&r->references, 1, &i, r->lock) <= 0)
+    if (CRYPTO_UP_REF(&r->references, &i, r->lock) <= 0)
         return 0;
 
     REF_PRINT_COUNT("DSA", r);
@@ -163,17 +162,17 @@ int DSA_size(const DSA *r)
     i = i2d_ASN1_INTEGER(&bs, NULL);
     i += i;                     /* r and s */
     ret = ASN1_object_size(1, i, V_ASN1_SEQUENCE);
-    return (ret);
+    return ret;
 }
 
 int DSA_set_ex_data(DSA *d, int idx, void *arg)
 {
-    return (CRYPTO_set_ex_data(&d->ex_data, idx, arg));
+    return CRYPTO_set_ex_data(&d->ex_data, idx, arg);
 }
 
 void *DSA_get_ex_data(DSA *d, int idx)
 {
-    return (CRYPTO_get_ex_data(&d->ex_data, idx));
+    return CRYPTO_get_ex_data(&d->ex_data, idx);
 }
 
 int DSA_security_bits(const DSA *d)
@@ -308,6 +307,31 @@ int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key)
     return 1;
 }
 
+const BIGNUM *DSA_get0_p(const DSA *d)
+{
+    return d->p;
+}
+
+const BIGNUM *DSA_get0_q(const DSA *d)
+{
+    return d->q;
+}
+
+const BIGNUM *DSA_get0_g(const DSA *d)
+{
+    return d->g;
+}
+
+const BIGNUM *DSA_get0_pub_key(const DSA *d)
+{
+    return d->pub_key;
+}
+
+const BIGNUM *DSA_get0_priv_key(const DSA *d)
+{
+    return d->priv_key;
+}
+
 void DSA_clear_flags(DSA *d, int flags)
 {
     d->flags &= ~flags;
diff --git a/deps/openssl/openssl/crypto/dsa/dsa_locl.h b/deps/openssl/openssl/crypto/dsa/dsa_locl.h
index 9021fce0bf..a81a4b4978 100644
--- a/deps/openssl/openssl/crypto/dsa/dsa_locl.h
+++ b/deps/openssl/openssl/crypto/dsa/dsa_locl.h
@@ -8,6 +8,7 @@
  */
 
 #include <openssl/dsa.h>
+#include "internal/refcount.h"
 
 struct dsa_st {
     /*
@@ -15,7 +16,7 @@ struct dsa_st {
      * instead of of a EVP_PKEY
      */
     int pad;
-    long version;
+    int32_t version;
     BIGNUM *p;
     BIGNUM *q;                  /* == 20 */
     BIGNUM *g;
@@ -24,7 +25,7 @@ struct dsa_st {
     int flags;
     /* Normally used to cache montgomery values */
     BN_MONT_CTX *method_mont_p;
-    int references;
+    CRYPTO_REF_COUNT references;
     CRYPTO_EX_DATA ex_data;
     const DSA_METHOD *meth;
     /* functional reference if 'meth' is ENGINE-provided */
diff --git a/deps/openssl/openssl/crypto/dsa/dsa_meth.c b/deps/openssl/openssl/crypto/dsa/dsa_meth.c
index 04203780c4..ff4fae44a7 100644
--- a/deps/openssl/openssl/crypto/dsa/dsa_meth.c
+++ b/deps/openssl/openssl/crypto/dsa/dsa_meth.c
@@ -132,7 +132,7 @@ int DSA_meth_set_sign_setup(DSA_METHOD *dsam,
 }
 
 int (*DSA_meth_get_verify(const DSA_METHOD *dsam))
-        (const unsigned char *, int , DSA_SIG *, DSA *)
+        (const unsigned char *, int, DSA_SIG *, DSA *)
 {
     return dsam->dsa_do_verify;
 }
diff --git a/deps/openssl/openssl/crypto/dsa/dsa_ossl.c b/deps/openssl/openssl/crypto/dsa/dsa_ossl.c
index 868283ac63..7a0b0874c5 100644
--- a/deps/openssl/openssl/crypto/dsa/dsa_ossl.c
+++ b/deps/openssl/openssl/crypto/dsa/dsa_ossl.c
@@ -7,8 +7,6 @@
  * https://www.openssl.org/source/license.html
  */
 
-/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
-
 #include <stdio.h>
 #include "internal/cryptlib.h"
 #include "internal/bn_int.h"
@@ -119,8 +117,8 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
 
     /* Generate a blinding value */
     do {
-        if (!BN_rand(blind, BN_num_bits(dsa->q) - 1, BN_RAND_TOP_ANY,
-                     BN_RAND_BOTTOM_ANY))
+        if (!BN_priv_rand(blind, BN_num_bits(dsa->q) - 1,
+                          BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY))
             goto err;
     } while (BN_is_zero(blind));
     BN_set_flags(blind, BN_FLG_CONSTTIME);
@@ -220,7 +218,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
             if (!BN_generate_dsa_nonce(k, dsa->q, dsa->priv_key, dgst,
                                        dlen, ctx))
                 goto err;
-        } else if (!BN_rand_range(k, dsa->q))
+        } else if (!BN_priv_rand_range(k, dsa->q))
             goto err;
     } while (BN_is_zero(k));
 
@@ -386,19 +384,19 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
     BN_free(u1);
     BN_free(u2);
     BN_free(t1);
-    return (ret);
+    return ret;
 }
 
 static int dsa_init(DSA *dsa)
 {
     dsa->flags |= DSA_FLAG_CACHE_MONT_P;
-    return (1);
+    return 1;
 }
 
 static int dsa_finish(DSA *dsa)
 {
     BN_MONT_CTX_free(dsa->method_mont_p);
-    return (1);
+    return 1;
 }
 
 /*
diff --git a/deps/openssl/openssl/crypto/dsa/dsa_pmeth.c b/deps/openssl/openssl/crypto/dsa/dsa_pmeth.c
index d606316954..b4ee5a7571 100644
--- a/deps/openssl/openssl/crypto/dsa/dsa_pmeth.c
+++ b/deps/openssl/openssl/crypto/dsa/dsa_pmeth.c
@@ -31,8 +31,8 @@ typedef struct {
 
 static int pkey_dsa_init(EVP_PKEY_CTX *ctx)
 {
-    DSA_PKEY_CTX *dctx;
-    dctx = OPENSSL_malloc(sizeof(*dctx));
+    DSA_PKEY_CTX *dctx = OPENSSL_malloc(sizeof(*dctx));
+
     if (dctx == NULL)
         return 0;
     dctx->nbits = 1024;
@@ -50,6 +50,7 @@ static int pkey_dsa_init(EVP_PKEY_CTX *ctx)
 static int pkey_dsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
 {
     DSA_PKEY_CTX *dctx, *sctx;
+
     if (!pkey_dsa_init(dst))
         return 0;
     sctx = src->data;
@@ -106,6 +107,7 @@ static int pkey_dsa_verify(EVP_PKEY_CTX *ctx,
 static int pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
 {
     DSA_PKEY_CTX *dctx = ctx->data;
+
     switch (type) {
     case EVP_PKEY_CTRL_DSA_PARAMGEN_BITS:
         if (p1 < 256)
@@ -196,6 +198,7 @@ static int pkey_dsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
     DSA_PKEY_CTX *dctx = ctx->data;
     BN_GENCB *pcb;
     int ret;
+
     if (ctx->pkey_gencb) {
         pcb = BN_GENCB_new();
         if (pcb == NULL)
@@ -221,6 +224,7 @@ static int pkey_dsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
 static int pkey_dsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
 {
     DSA *dsa = NULL;
+
     if (ctx->pkey == NULL) {
         DSAerr(DSA_F_PKEY_DSA_KEYGEN, DSA_R_NO_PARAMETERS_SET);
         return 0;
diff --git a/deps/openssl/openssl/crypto/dsa/dsa_prn.c b/deps/openssl/openssl/crypto/dsa/dsa_prn.c
index f3c20ea0ac..a4a1fd5650 100644
--- a/deps/openssl/openssl/crypto/dsa/dsa_prn.c
+++ b/deps/openssl/openssl/crypto/dsa/dsa_prn.c
@@ -20,12 +20,12 @@ int DSA_print_fp(FILE *fp, const DSA *x, int off)
 
     if ((b = BIO_new(BIO_s_file())) == NULL) {
         DSAerr(DSA_F_DSA_PRINT_FP, ERR_R_BUF_LIB);
-        return (0);
+        return 0;
     }
     BIO_set_fp(b, fp, BIO_NOCLOSE);
     ret = DSA_print(b, x, off);
     BIO_free(b);
-    return (ret);
+    return ret;
 }
 
 int DSAparams_print_fp(FILE *fp, const DSA *x)
@@ -35,12 +35,12 @@ int DSAparams_print_fp(FILE *fp, const DSA *x)
 
     if ((b = BIO_new(BIO_s_file())) == NULL) {
         DSAerr(DSA_F_DSAPARAMS_PRINT_FP, ERR_R_BUF_LIB);
-        return (0);
+        return 0;
     }
     BIO_set_fp(b, fp, BIO_NOCLOSE);
     ret = DSAparams_print(b, x);
     BIO_free(b);
-    return (ret);
+    return ret;
 }
 #endif
 
diff --git a/deps/openssl/openssl/crypto/dsa/dsa_sign.c b/deps/openssl/openssl/crypto/dsa/dsa_sign.c
index 2e29d40088..e9466b29f1 100644
--- a/deps/openssl/openssl/crypto/dsa/dsa_sign.c
+++ b/deps/openssl/openssl/crypto/dsa/dsa_sign.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -7,8 +7,6 @@
  * https://www.openssl.org/source/license.html
  */
 
-/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
-
 #include "internal/cryptlib.h"
 #include "dsa_locl.h"
 #include <openssl/bn.h>
@@ -18,7 +16,9 @@ DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
     return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
 }
 
+#if OPENSSL_API_COMPAT < 0x10200000L
 int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
 {
     return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
 }
+#endif
diff --git a/deps/openssl/openssl/crypto/dsa/dsa_vrf.c b/deps/openssl/openssl/crypto/dsa/dsa_vrf.c
index a84d521283..21f98cd94e 100644
--- a/deps/openssl/openssl/crypto/dsa/dsa_vrf.c
+++ b/deps/openssl/openssl/crypto/dsa/dsa_vrf.c
@@ -7,8 +7,6 @@
  * https://www.openssl.org/source/license.html
  */
 
-/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
-
 #include "internal/cryptlib.h"
 #include "dsa_locl.h"
 
diff --git a/deps/openssl/openssl/crypto/dso/dso_dl.c b/deps/openssl/openssl/crypto/dso/dso_dl.c
index d80bf562c7..290d73cf35 100644
--- a/deps/openssl/openssl/crypto/dso/dso_dl.c
+++ b/deps/openssl/openssl/crypto/dso/dso_dl.c
@@ -83,13 +83,13 @@ static int dl_load(DSO *dso)
      * (it also serves as the indicator that we are currently loaded).
      */
     dso->loaded_filename = filename;
-    return (1);
+    return 1;
  err:
     /* Cleanup! */
     OPENSSL_free(filename);
     if (ptr != NULL)
         shl_unload(ptr);
-    return (0);
+    return 0;
 }
 
 static int dl_unload(DSO *dso)
@@ -97,10 +97,10 @@ static int dl_unload(DSO *dso)
     shl_t ptr;
     if (dso == NULL) {
         DSOerr(DSO_F_DL_UNLOAD, ERR_R_PASSED_NULL_PARAMETER);
-        return (0);
+        return 0;
     }
     if (sk_num(dso->meth_data) < 1)
-        return (1);
+        return 1;
     /* Is this statement legal? */
     ptr = (shl_t) sk_pop(dso->meth_data);
     if (ptr == NULL) {
@@ -109,10 +109,10 @@ static int dl_unload(DSO *dso)
          * Should push the value back onto the stack in case of a retry.
          */
         sk_push(dso->meth_data, (char *)ptr);
-        return (0);
+        return 0;
     }
     shl_unload(ptr);
-    return (1);
+    return 1;
 }
 
 static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname)
@@ -122,25 +122,25 @@ static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname)
 
     if ((dso == NULL) || (symname == NULL)) {
         DSOerr(DSO_F_DL_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER);
-        return (NULL);
+        return NULL;
     }
     if (sk_num(dso->meth_data) < 1) {
         DSOerr(DSO_F_DL_BIND_FUNC, DSO_R_STACK_ERROR);
-        return (NULL);
+        return NULL;
     }
     ptr = (shl_t) sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
     if (ptr == NULL) {
         DSOerr(DSO_F_DL_BIND_FUNC, DSO_R_NULL_HANDLE);
-        return (NULL);
+        return NULL;
     }
     if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0) {
         char errbuf[160];
         DSOerr(DSO_F_DL_BIND_FUNC, DSO_R_SYM_FAILURE);
         if (openssl_strerror_r(errno, errbuf, sizeof(errbuf)))
             ERR_add_error_data(4, "symname(", symname, "): ", errbuf);
-        return (NULL);
+        return NULL;
     }
-    return ((DSO_FUNC_TYPE)sym);
+    return (DSO_FUNC_TYPE)sym;
 }
 
 static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2)
@@ -149,7 +149,7 @@ static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2)
 
     if (!filespec1 && !filespec2) {
         DSOerr(DSO_F_DL_MERGER, ERR_R_PASSED_NULL_PARAMETER);
-        return (NULL);
+        return NULL;
     }
     /*
      * If the first file specification is a rooted path, it rules. same goes
@@ -159,7 +159,7 @@ static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2)
         merged = OPENSSL_strdup(filespec1);
         if (merged == NULL) {
             DSOerr(DSO_F_DL_MERGER, ERR_R_MALLOC_FAILURE);
-            return (NULL);
+            return NULL;
         }
     }
     /*
@@ -169,7 +169,7 @@ static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2)
         merged = OPENSSL_strdup(filespec2);
         if (merged == NULL) {
             DSOerr(DSO_F_DL_MERGER, ERR_R_MALLOC_FAILURE);
-            return (NULL);
+            return NULL;
         }
     } else
         /*
@@ -192,13 +192,13 @@ static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2)
         merged = OPENSSL_malloc(len + 2);
         if (merged == NULL) {
             DSOerr(DSO_F_DL_MERGER, ERR_R_MALLOC_FAILURE);
-            return (NULL);
+            return NULL;
         }
         strcpy(merged, filespec2);
         merged[spec2len] = '/';
         strcpy(&merged[spec2len + 1], filespec1);
     }
-    return (merged);
+    return merged;
 }
 
 /*
@@ -225,7 +225,7 @@ static char *dl_name_converter(DSO *dso, const char *filename)
     translated = OPENSSL_malloc(rsize);
     if (translated == NULL) {
         DSOerr(DSO_F_DL_NAME_CONVERTER, DSO_R_NAME_TRANSLATION_FAILED);
-        return (NULL);
+        return NULL;
     }
     if (transform) {
         if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
@@ -234,7 +234,7 @@ static char *dl_name_converter(DSO *dso, const char *filename)
             sprintf(translated, "%s%s", filename, DSO_EXTENSION);
     } else
         sprintf(translated, "%s", filename);
-    return (translated);
+    return translated;
 }
 
 static int dl_pathbyaddr(void *addr, char *path, int sz)
diff --git a/deps/openssl/openssl/crypto/dso/dso_dlfcn.c b/deps/openssl/openssl/crypto/dso/dso_dlfcn.c
index e01425bc75..ad8899c289 100644
--- a/deps/openssl/openssl/crypto/dso/dso_dlfcn.c
+++ b/deps/openssl/openssl/crypto/dso/dso_dlfcn.c
@@ -108,6 +108,10 @@ static int dlfcn_load(DSO *dso)
     if (dso->flags & DSO_FLAG_GLOBAL_SYMBOLS)
         flags |= RTLD_GLOBAL;
 # endif
+# ifdef _AIX
+    if (filename[strlen(filename) - 1] == ')')
+        flags |= RTLD_MEMBER;
+# endif
     ptr = dlopen(filename, flags);
     if (ptr == NULL) {
         DSOerr(DSO_F_DLFCN_LOAD, DSO_R_LOAD_FAILED);
@@ -120,13 +124,13 @@ static int dlfcn_load(DSO *dso)
     }
     /* Success */
     dso->loaded_filename = filename;
-    return (1);
+    return 1;
  err:
     /* Cleanup! */
     OPENSSL_free(filename);
     if (ptr != NULL)
         dlclose(ptr);
-    return (0);
+    return 0;
 }
 
 static int dlfcn_unload(DSO *dso)
@@ -134,10 +138,10 @@ static int dlfcn_unload(DSO *dso)
     void *ptr;
     if (dso == NULL) {
         DSOerr(DSO_F_DLFCN_UNLOAD, ERR_R_PASSED_NULL_PARAMETER);
-        return (0);
+        return 0;
     }
     if (sk_void_num(dso->meth_data) < 1)
-        return (1);
+        return 1;
     ptr = sk_void_pop(dso->meth_data);
     if (ptr == NULL) {
         DSOerr(DSO_F_DLFCN_UNLOAD, DSO_R_NULL_HANDLE);
@@ -145,11 +149,11 @@ static int dlfcn_unload(DSO *dso)
          * Should push the value back onto the stack in case of a retry.
          */
         sk_void_push(dso->meth_data, ptr);
-        return (0);
+        return 0;
     }
     /* For now I'm not aware of any errors associated with dlclose() */
     dlclose(ptr);
-    return (1);
+    return 1;
 }
 
 static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname)
@@ -162,22 +166,22 @@ static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname)
 
     if ((dso == NULL) || (symname == NULL)) {
         DSOerr(DSO_F_DLFCN_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER);
-        return (NULL);
+        return NULL;
     }
     if (sk_void_num(dso->meth_data) < 1) {
         DSOerr(DSO_F_DLFCN_BIND_FUNC, DSO_R_STACK_ERROR);
-        return (NULL);
+        return NULL;
     }
     ptr = sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1);
     if (ptr == NULL) {
         DSOerr(DSO_F_DLFCN_BIND_FUNC, DSO_R_NULL_HANDLE);
-        return (NULL);
+        return NULL;
     }
     u.dlret = dlsym(ptr, symname);
     if (u.dlret == NULL) {
         DSOerr(DSO_F_DLFCN_BIND_FUNC, DSO_R_SYM_FAILURE);
         ERR_add_error_data(4, "symname(", symname, "): ", dlerror());
-        return (NULL);
+        return NULL;
     }
     return u.sym;
 }
@@ -189,7 +193,7 @@ static char *dlfcn_merger(DSO *dso, const char *filespec1,
 
     if (!filespec1 && !filespec2) {
         DSOerr(DSO_F_DLFCN_MERGER, ERR_R_PASSED_NULL_PARAMETER);
-        return (NULL);
+        return NULL;
     }
     /*
      * If the first file specification is a rooted path, it rules. same goes
@@ -199,7 +203,7 @@ static char *dlfcn_merger(DSO *dso, const char *filespec1,
         merged = OPENSSL_strdup(filespec1);
         if (merged == NULL) {
             DSOerr(DSO_F_DLFCN_MERGER, ERR_R_MALLOC_FAILURE);
-            return (NULL);
+            return NULL;
         }
     }
     /*
@@ -209,7 +213,7 @@ static char *dlfcn_merger(DSO *dso, const char *filespec1,
         merged = OPENSSL_strdup(filespec2);
         if (merged == NULL) {
             DSOerr(DSO_F_DLFCN_MERGER, ERR_R_MALLOC_FAILURE);
-            return (NULL);
+            return NULL;
         }
     } else {
         /*
@@ -231,13 +235,13 @@ static char *dlfcn_merger(DSO *dso, const char *filespec1,
         merged = OPENSSL_malloc(len + 2);
         if (merged == NULL) {
             DSOerr(DSO_F_DLFCN_MERGER, ERR_R_MALLOC_FAILURE);
-            return (NULL);
+            return NULL;
         }
         strcpy(merged, filespec2);
         merged[spec2len] = '/';
         strcpy(&merged[spec2len + 1], filespec1);
     }
-    return (merged);
+    return merged;
 }
 
 static char *dlfcn_name_converter(DSO *dso, const char *filename)
@@ -257,7 +261,7 @@ static char *dlfcn_name_converter(DSO *dso, const char *filename)
     translated = OPENSSL_malloc(rsize);
     if (translated == NULL) {
         DSOerr(DSO_F_DLFCN_NAME_CONVERTER, DSO_R_NAME_TRANSLATION_FAILED);
-        return (NULL);
+        return NULL;
     }
     if (transform) {
         if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
@@ -266,7 +270,7 @@ static char *dlfcn_name_converter(DSO *dso, const char *filename)
             sprintf(translated, "%s" DSO_EXTENSION, filename);
     } else
         sprintf(translated, "%s", filename);
-    return (translated);
+    return translated;
 }
 
 # ifdef __sgi
@@ -332,7 +336,7 @@ static int dladdr(void *ptr, Dl_info *dl)
     unsigned int found = 0;
     struct ld_info *ldinfos, *next_ldi, *this_ldi;
 
-    if ((ldinfos = (struct ld_info *)OPENSSL_malloc(DLFCN_LDINFO_SIZE)) == NULL) {
+    if ((ldinfos = OPENSSL_malloc(DLFCN_LDINFO_SIZE)) == NULL) {
         errno = ENOMEM;
         dl->dli_fname = NULL;
         return 0;
@@ -359,18 +363,33 @@ static int dladdr(void *ptr, Dl_info *dl)
             || ((addr >= (uintptr_t)this_ldi->ldinfo_dataorg)
                 && (addr < ((uintptr_t)this_ldi->ldinfo_dataorg +
                             this_ldi->ldinfo_datasize)))) {
+            char *buffer, *member;
+            size_t buffer_sz, member_len;
+
+            buffer_sz = strlen(this_ldi->ldinfo_filename) + 1;
+            member = this_ldi->ldinfo_filename + buffer_sz;
+            if ((member_len = strlen(member)) > 0)
+                buffer_sz += 1 + member_len + 1;
             found = 1;
-            /*
-             * Ignoring the possibility of a member name and just returning
-             * the path name. See docs: sys/ldr.h, loadquery() and
-             * dlopen()/RTLD_MEMBER.
-             */
-            if ((dl->dli_fname =
-                 OPENSSL_strdup(this_ldi->ldinfo_filename)) == NULL)
+            if ((buffer = OPENSSL_malloc(buffer_sz)) != NULL) {
+                OPENSSL_strlcpy(buffer, this_ldi->ldinfo_filename, buffer_sz);
+                if (member_len > 0) {
+                    /*
+                     * Need to respect a possible member name and not just
+                     * returning the path name in this case. See docs:
+                     * sys/ldr.h, loadquery() and dlopen()/RTLD_MEMBER.
+                     */
+                    OPENSSL_strlcat(buffer, "(", buffer_sz);
+                    OPENSSL_strlcat(buffer, member, buffer_sz);
+                    OPENSSL_strlcat(buffer, ")", buffer_sz);
+                }
+                dl->dli_fname = buffer;
+            } else {
                 errno = ENOMEM;
+            }
         } else {
-            next_ldi =
-                (struct ld_info *)((uintptr_t)this_ldi + this_ldi->ldinfo_next);
+            next_ldi = (struct ld_info *)((uintptr_t)this_ldi +
+                                          this_ldi->ldinfo_next);
         }
     } while (this_ldi->ldinfo_next && !found);
     OPENSSL_free((void *)ldinfos);
diff --git a/deps/openssl/openssl/crypto/dso/dso_err.c b/deps/openssl/openssl/crypto/dso/dso_err.c
index 07588d5c39..613072a8d6 100644
--- a/deps/openssl/openssl/crypto/dso/dso_err.c
+++ b/deps/openssl/openssl/crypto/dso/dso_err.c
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -8,73 +8,81 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
 #include <openssl/err.h>
-#include "internal/dso.h"
+#include "internal/dsoerr.h"
 
-/* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_DSO,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSO,0,reason)
-
-static ERR_STRING_DATA DSO_str_functs[] = {
-    {ERR_FUNC(DSO_F_DLFCN_BIND_FUNC), "dlfcn_bind_func"},
-    {ERR_FUNC(DSO_F_DLFCN_LOAD), "dlfcn_load"},
-    {ERR_FUNC(DSO_F_DLFCN_MERGER), "dlfcn_merger"},
-    {ERR_FUNC(DSO_F_DLFCN_NAME_CONVERTER), "dlfcn_name_converter"},
-    {ERR_FUNC(DSO_F_DLFCN_UNLOAD), "dlfcn_unload"},
-    {ERR_FUNC(DSO_F_DL_BIND_FUNC), "dl_bind_func"},
-    {ERR_FUNC(DSO_F_DL_LOAD), "dl_load"},
-    {ERR_FUNC(DSO_F_DL_MERGER), "dl_merger"},
-    {ERR_FUNC(DSO_F_DL_NAME_CONVERTER), "dl_name_converter"},
-    {ERR_FUNC(DSO_F_DL_UNLOAD), "dl_unload"},
-    {ERR_FUNC(DSO_F_DSO_BIND_FUNC), "DSO_bind_func"},
-    {ERR_FUNC(DSO_F_DSO_CONVERT_FILENAME), "DSO_convert_filename"},
-    {ERR_FUNC(DSO_F_DSO_CTRL), "DSO_ctrl"},
-    {ERR_FUNC(DSO_F_DSO_FREE), "DSO_free"},
-    {ERR_FUNC(DSO_F_DSO_GET_FILENAME), "DSO_get_filename"},
-    {ERR_FUNC(DSO_F_DSO_GLOBAL_LOOKUP), "DSO_global_lookup"},
-    {ERR_FUNC(DSO_F_DSO_LOAD), "DSO_load"},
-    {ERR_FUNC(DSO_F_DSO_MERGE), "DSO_merge"},
-    {ERR_FUNC(DSO_F_DSO_NEW_METHOD), "DSO_new_method"},
-    {ERR_FUNC(DSO_F_DSO_PATHBYADDR), "DSO_pathbyaddr"},
-    {ERR_FUNC(DSO_F_DSO_SET_FILENAME), "DSO_set_filename"},
-    {ERR_FUNC(DSO_F_DSO_UP_REF), "DSO_up_ref"},
-    {ERR_FUNC(DSO_F_VMS_BIND_SYM), "vms_bind_sym"},
-    {ERR_FUNC(DSO_F_VMS_LOAD), "vms_load"},
-    {ERR_FUNC(DSO_F_VMS_MERGER), "vms_merger"},
-    {ERR_FUNC(DSO_F_VMS_UNLOAD), "vms_unload"},
-    {ERR_FUNC(DSO_F_WIN32_BIND_FUNC), "win32_bind_func"},
-    {ERR_FUNC(DSO_F_WIN32_GLOBALLOOKUP), "win32_globallookup"},
-    {ERR_FUNC(DSO_F_WIN32_JOINER), "win32_joiner"},
-    {ERR_FUNC(DSO_F_WIN32_LOAD), "win32_load"},
-    {ERR_FUNC(DSO_F_WIN32_MERGER), "win32_merger"},
-    {ERR_FUNC(DSO_F_WIN32_NAME_CONVERTER), "win32_name_converter"},
-    {ERR_FUNC(DSO_F_WIN32_PATHBYADDR), "win32_pathbyaddr"},
-    {ERR_FUNC(DSO_F_WIN32_SPLITTER), "win32_splitter"},
-    {ERR_FUNC(DSO_F_WIN32_UNLOAD), "win32_unload"},
+static const ERR_STRING_DATA DSO_str_functs[] = {
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DLFCN_BIND_FUNC, 0), "dlfcn_bind_func"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DLFCN_LOAD, 0), "dlfcn_load"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DLFCN_MERGER, 0), "dlfcn_merger"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DLFCN_NAME_CONVERTER, 0),
+     "dlfcn_name_converter"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DLFCN_UNLOAD, 0), "dlfcn_unload"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DL_BIND_FUNC, 0), "dl_bind_func"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DL_LOAD, 0), "dl_load"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DL_MERGER, 0), "dl_merger"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DL_NAME_CONVERTER, 0), "dl_name_converter"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DL_UNLOAD, 0), "dl_unload"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_BIND_FUNC, 0), "DSO_bind_func"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_CONVERT_FILENAME, 0),
+     "DSO_convert_filename"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_CTRL, 0), "DSO_ctrl"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_FREE, 0), "DSO_free"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_GET_FILENAME, 0), "DSO_get_filename"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_GLOBAL_LOOKUP, 0), "DSO_global_lookup"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_LOAD, 0), "DSO_load"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_MERGE, 0), "DSO_merge"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_NEW_METHOD, 0), "DSO_new_method"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_PATHBYADDR, 0), "DSO_pathbyaddr"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_SET_FILENAME, 0), "DSO_set_filename"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_UP_REF, 0), "DSO_up_ref"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_VMS_BIND_SYM, 0), "vms_bind_sym"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_VMS_LOAD, 0), "vms_load"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_VMS_MERGER, 0), "vms_merger"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_VMS_UNLOAD, 0), "vms_unload"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_WIN32_BIND_FUNC, 0), "win32_bind_func"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_WIN32_GLOBALLOOKUP, 0), "win32_globallookup"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_WIN32_JOINER, 0), "win32_joiner"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_WIN32_LOAD, 0), "win32_load"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_WIN32_MERGER, 0), "win32_merger"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_WIN32_NAME_CONVERTER, 0),
+     "win32_name_converter"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_WIN32_PATHBYADDR, 0), ""},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_WIN32_SPLITTER, 0), "win32_splitter"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_WIN32_UNLOAD, 0), "win32_unload"},
     {0, NULL}
 };
 
-static ERR_STRING_DATA DSO_str_reasons[] = {
-    {ERR_REASON(DSO_R_CTRL_FAILED), "control command failed"},
-    {ERR_REASON(DSO_R_DSO_ALREADY_LOADED), "dso already loaded"},
-    {ERR_REASON(DSO_R_EMPTY_FILE_STRUCTURE), "empty file structure"},
-    {ERR_REASON(DSO_R_FAILURE), "failure"},
-    {ERR_REASON(DSO_R_FILENAME_TOO_BIG), "filename too big"},
-    {ERR_REASON(DSO_R_FINISH_FAILED), "cleanup method function failed"},
-    {ERR_REASON(DSO_R_INCORRECT_FILE_SYNTAX), "incorrect file syntax"},
-    {ERR_REASON(DSO_R_LOAD_FAILED), "could not load the shared library"},
-    {ERR_REASON(DSO_R_NAME_TRANSLATION_FAILED), "name translation failed"},
-    {ERR_REASON(DSO_R_NO_FILENAME), "no filename"},
-    {ERR_REASON(DSO_R_NULL_HANDLE), "a null shared library handle was used"},
-    {ERR_REASON(DSO_R_SET_FILENAME_FAILED), "set filename failed"},
-    {ERR_REASON(DSO_R_STACK_ERROR), "the meth_data stack is corrupt"},
-    {ERR_REASON(DSO_R_SYM_FAILURE),
-     "could not bind to the requested symbol name"},
-    {ERR_REASON(DSO_R_UNLOAD_FAILED), "could not unload the shared library"},
-    {ERR_REASON(DSO_R_UNSUPPORTED), "functionality not supported"},
+static const ERR_STRING_DATA DSO_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_CTRL_FAILED), "control command failed"},
+    {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_DSO_ALREADY_LOADED), "dso already loaded"},
+    {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_EMPTY_FILE_STRUCTURE),
+    "empty file structure"},
+    {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_FAILURE), "failure"},
+    {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_FILENAME_TOO_BIG), "filename too big"},
+    {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_FINISH_FAILED),
+    "cleanup method function failed"},
+    {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_INCORRECT_FILE_SYNTAX),
+    "incorrect file syntax"},
+    {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_LOAD_FAILED),
+    "could not load the shared library"},
+    {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_NAME_TRANSLATION_FAILED),
+    "name translation failed"},
+    {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_NO_FILENAME), "no filename"},
+    {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_NULL_HANDLE),
+    "a null shared library handle was used"},
+    {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_SET_FILENAME_FAILED),
+    "set filename failed"},
+    {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_STACK_ERROR),
+    "the meth_data stack is corrupt"},
+    {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_SYM_FAILURE),
+    "could not bind to the requested symbol name"},
+    {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_UNLOAD_FAILED),
+    "could not unload the shared library"},
+    {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_UNSUPPORTED),
+    "functionality not supported"},
     {0, NULL}
 };
 
@@ -83,10 +91,9 @@ static ERR_STRING_DATA DSO_str_reasons[] = {
 int ERR_load_DSO_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
-
     if (ERR_func_error_string(DSO_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, DSO_str_functs);
-        ERR_load_strings(0, DSO_str_reasons);
+        ERR_load_strings_const(DSO_str_functs);
+        ERR_load_strings_const(DSO_str_reasons);
     }
 #endif
     return 1;
diff --git a/deps/openssl/openssl/crypto/dso/dso_lib.c b/deps/openssl/openssl/crypto/dso/dso_lib.c
index f58237d64b..2e75021d39 100644
--- a/deps/openssl/openssl/crypto/dso/dso_lib.c
+++ b/deps/openssl/openssl/crypto/dso/dso_lib.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -8,6 +8,7 @@
  */
 
 #include "dso_locl.h"
+#include "internal/refcount.h"
 
 static DSO_METHOD *default_DSO_meth = NULL;
 
@@ -26,14 +27,14 @@ static DSO *DSO_new_method(DSO_METHOD *meth)
     ret = OPENSSL_zalloc(sizeof(*ret));
     if (ret == NULL) {
         DSOerr(DSO_F_DSO_NEW_METHOD, ERR_R_MALLOC_FAILURE);
-        return (NULL);
+        return NULL;
     }
     ret->meth_data = sk_void_new_null();
     if (ret->meth_data == NULL) {
         /* sk_new doesn't generate any errors so we do */
         DSOerr(DSO_F_DSO_NEW_METHOD, ERR_R_MALLOC_FAILURE);
         OPENSSL_free(ret);
-        return (NULL);
+        return NULL;
     }
     ret->meth = default_DSO_meth;
     ret->references = 1;
@@ -63,9 +64,9 @@ int DSO_free(DSO *dso)
     int i;
 
     if (dso == NULL)
-        return (1);
+        return 1;
 
-    if (CRYPTO_atomic_add(&dso->references, -1, &i, dso->lock) <= 0)
+    if (CRYPTO_DOWN_REF(&dso->references, &i, dso->lock) <= 0)
         return 0;
 
     REF_PRINT_COUNT("DSO", dso);
@@ -107,7 +108,7 @@ int DSO_up_ref(DSO *dso)
         return 0;
     }
 
-    if (CRYPTO_atomic_add(&dso->references, 1, &i, dso->lock) <= 0)
+    if (CRYPTO_UP_REF(&dso->references, &i, dso->lock) <= 0)
         return 0;
 
     REF_PRINT_COUNT("DSO", r);
@@ -162,11 +163,11 @@ DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags)
         goto err;
     }
     /* Load succeeded */
-    return (ret);
+    return ret;
  err:
     if (allocated)
         DSO_free(ret);
-    return (NULL);
+    return NULL;
 }
 
 DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname)
@@ -175,18 +176,18 @@ DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname)
 
     if ((dso == NULL) || (symname == NULL)) {
         DSOerr(DSO_F_DSO_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER);
-        return (NULL);
+        return NULL;
     }
     if (dso->meth->dso_bind_func == NULL) {
         DSOerr(DSO_F_DSO_BIND_FUNC, DSO_R_UNSUPPORTED);
-        return (NULL);
+        return NULL;
     }
     if ((ret = dso->meth->dso_bind_func(dso, symname)) == NULL) {
         DSOerr(DSO_F_DSO_BIND_FUNC, DSO_R_SYM_FAILURE);
-        return (NULL);
+        return NULL;
     }
     /* Success */
-    return (ret);
+    return ret;
 }
 
 /*
@@ -202,7 +203,7 @@ long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg)
 {
     if (dso == NULL) {
         DSOerr(DSO_F_DSO_CTRL, ERR_R_PASSED_NULL_PARAMETER);
-        return (-1);
+        return -1;
     }
     /*
      * We should intercept certain generic commands and only pass control to
@@ -213,27 +214,27 @@ long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg)
         return dso->flags;
     case DSO_CTRL_SET_FLAGS:
         dso->flags = (int)larg;
-        return (0);
+        return 0;
     case DSO_CTRL_OR_FLAGS:
         dso->flags |= (int)larg;
-        return (0);
+        return 0;
     default:
         break;
     }
     if ((dso->meth == NULL) || (dso->meth->dso_ctrl == NULL)) {
         DSOerr(DSO_F_DSO_CTRL, DSO_R_UNSUPPORTED);
-        return (-1);
+        return -1;
     }
-    return (dso->meth->dso_ctrl(dso, cmd, larg, parg));
+    return dso->meth->dso_ctrl(dso, cmd, larg, parg);
 }
 
 const char *DSO_get_filename(DSO *dso)
 {
     if (dso == NULL) {
         DSOerr(DSO_F_DSO_GET_FILENAME, ERR_R_PASSED_NULL_PARAMETER);
-        return (NULL);
+        return NULL;
     }
-    return (dso->filename);
+    return dso->filename;
 }
 
 int DSO_set_filename(DSO *dso, const char *filename)
@@ -242,21 +243,21 @@ int DSO_set_filename(DSO *dso, const char *filename)
 
     if ((dso == NULL) || (filename == NULL)) {
         DSOerr(DSO_F_DSO_SET_FILENAME, ERR_R_PASSED_NULL_PARAMETER);
-        return (0);
+        return 0;
     }
     if (dso->loaded_filename) {
         DSOerr(DSO_F_DSO_SET_FILENAME, DSO_R_DSO_ALREADY_LOADED);
-        return (0);
+        return 0;
     }
     /* We'll duplicate filename */
     copied = OPENSSL_strdup(filename);
     if (copied == NULL) {
         DSOerr(DSO_F_DSO_SET_FILENAME, ERR_R_MALLOC_FAILURE);
-        return (0);
+        return 0;
     }
     OPENSSL_free(dso->filename);
     dso->filename = copied;
-    return (1);
+    return 1;
 }
 
 char *DSO_merge(DSO *dso, const char *filespec1, const char *filespec2)
@@ -265,7 +266,7 @@ char *DSO_merge(DSO *dso, const char *filespec1, const char *filespec2)
 
     if (dso == NULL || filespec1 == NULL) {
         DSOerr(DSO_F_DSO_MERGE, ERR_R_PASSED_NULL_PARAMETER);
-        return (NULL);
+        return NULL;
     }
     if ((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) {
         if (dso->merger != NULL)
@@ -273,7 +274,7 @@ char *DSO_merge(DSO *dso, const char *filespec1, const char *filespec2)
         else if (dso->meth->dso_merger != NULL)
             result = dso->meth->dso_merger(dso, filespec1, filespec2);
     }
-    return (result);
+    return result;
 }
 
 char *DSO_convert_filename(DSO *dso, const char *filename)
@@ -282,13 +283,13 @@ char *DSO_convert_filename(DSO *dso, const char *filename)
 
     if (dso == NULL) {
         DSOerr(DSO_F_DSO_CONVERT_FILENAME, ERR_R_PASSED_NULL_PARAMETER);
-        return (NULL);
+        return NULL;
     }
     if (filename == NULL)
         filename = dso->filename;
     if (filename == NULL) {
         DSOerr(DSO_F_DSO_CONVERT_FILENAME, DSO_R_NO_FILENAME);
-        return (NULL);
+        return NULL;
     }
     if ((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) {
         if (dso->name_converter != NULL)
@@ -300,10 +301,10 @@ char *DSO_convert_filename(DSO *dso, const char *filename)
         result = OPENSSL_strdup(filename);
         if (result == NULL) {
             DSOerr(DSO_F_DSO_CONVERT_FILENAME, ERR_R_MALLOC_FAILURE);
-            return (NULL);
+            return NULL;
         }
     }
-    return (result);
+    return result;
 }
 
 int DSO_pathbyaddr(void *addr, char *path, int sz)
diff --git a/deps/openssl/openssl/crypto/dso/dso_locl.h b/deps/openssl/openssl/crypto/dso/dso_locl.h
index fbfad0544a..14a0ccb7c0 100644
--- a/deps/openssl/openssl/crypto/dso/dso_locl.h
+++ b/deps/openssl/openssl/crypto/dso/dso_locl.h
@@ -11,6 +11,7 @@
 #include "internal/cryptlib.h"
 #include "internal/dso.h"
 #include "internal/dso_conf.h"
+#include "internal/refcount.h"
 
 /**********************************************************************/
 /* The low-level handle type used to refer to a loaded shared library */
@@ -24,7 +25,7 @@ struct dso_st {
      * "Handles" and such go in a STACK.
      */
     STACK_OF(void) *meth_data;
-    int references;
+    CRYPTO_REF_COUNT references;
     int flags;
     /*
      * For use by applications etc ... use this for your bits'n'pieces, don't
diff --git a/deps/openssl/openssl/crypto/dso/dso_vms.c b/deps/openssl/openssl/crypto/dso/dso_vms.c
index b9a98ddd11..178e725798 100644
--- a/deps/openssl/openssl/crypto/dso/dso_vms.c
+++ b/deps/openssl/openssl/crypto/dso/dso_vms.c
@@ -207,12 +207,12 @@ static int vms_load(DSO *dso)
 
     /* Success (for now, we lie.  We actually do not know...) */
     dso->loaded_filename = filename;
-    return (1);
+    return 1;
  err:
     /* Cleanup! */
     OPENSSL_free(p);
     OPENSSL_free(filename);
-    return (0);
+    return 0;
 }
 
 /*
@@ -225,18 +225,18 @@ static int vms_unload(DSO *dso)
     DSO_VMS_INTERNAL *p;
     if (dso == NULL) {
         DSOerr(DSO_F_VMS_UNLOAD, ERR_R_PASSED_NULL_PARAMETER);
-        return (0);
+        return 0;
     }
     if (sk_void_num(dso->meth_data) < 1)
-        return (1);
+        return 1;
     p = (DSO_VMS_INTERNAL *)sk_void_pop(dso->meth_data);
     if (p == NULL) {
         DSOerr(DSO_F_VMS_UNLOAD, DSO_R_NULL_HANDLE);
-        return (0);
+        return 0;
     }
     /* Cleanup */
     OPENSSL_free(p);
-    return (1);
+    return 1;
 }
 
 /*
@@ -263,15 +263,13 @@ static int do_find_symbol(DSO_VMS_INTERNAL *ptr,
                                      symname_dsc, sym, 0, flags);
 }
 
+# ifndef LIB$M_FIS_MIXEDCASE
+#  define LIB$M_FIS_MIXEDCASE (1 << 4);
+# endif
 void vms_bind_sym(DSO *dso, const char *symname, void **sym)
 {
     DSO_VMS_INTERNAL *ptr;
-    int status;
-# ifdef LIB$M_FIS_MIXEDCASE
-    int flags = LIB$M_FIS_MIXEDCASE;
-# else
-    int flags = (1 << 4);
-# endif
+    int status = 0;
     struct dsc$descriptor_s symname_dsc;
 
 /* Arrange 32-bit pointer to (copied) string storage, if needed. */
@@ -314,10 +312,10 @@ void vms_bind_sym(DSO *dso, const char *symname, void **sym)
         return;
     }
 
-    if (dso->flags & DSO_FLAG_UPCASE_SYMBOL)
-        flags = 0;
+    status = do_find_symbol(ptr, &symname_dsc, sym, LIB$M_FIS_MIXEDCASE);
 
-    status = do_find_symbol(ptr, &symname_dsc, sym, flags);
+    if (!$VMS_STATUS_SUCCESS(status))
+        status = do_find_symbol(ptr, &symname_dsc, sym, 0);
 
     if (!$VMS_STATUS_SUCCESS(status)) {
         unsigned short length;
@@ -443,7 +441,7 @@ static char *vms_merger(DSO *dso, const char *filespec1,
                                "filespec \"", filespec1, "\", ",
                                "defaults \"", filespec2, "\": ", errstring);
         }
-        return (NULL);
+        return NULL;
     }
 
     merged = OPENSSL_malloc(nam.NAMX_ESL + 1);
@@ -451,7 +449,7 @@ static char *vms_merger(DSO *dso, const char *filespec1,
         goto malloc_err;
     strncpy(merged, nam.NAMX_ESA, nam.NAMX_ESL);
     merged[nam.NAMX_ESL] = '\0';
-    return (merged);
+    return merged;
  malloc_err:
     DSOerr(DSO_F_VMS_MERGER, ERR_R_MALLOC_FAILURE);
 }
@@ -462,7 +460,7 @@ static char *vms_name_converter(DSO *dso, const char *filename)
     char *not_translated = OPENSSL_malloc(len + 1);
     if (not_translated != NULL)
         strcpy(not_translated, filename);
-    return (not_translated);
+    return not_translated;
 }
 
 #endif                          /* OPENSSL_SYS_VMS */
diff --git a/deps/openssl/openssl/crypto/dso/dso_win32.c b/deps/openssl/openssl/crypto/dso/dso_win32.c
index 4a4c34abb6..0bbf5b5189 100644
--- a/deps/openssl/openssl/crypto/dso/dso_win32.c
+++ b/deps/openssl/openssl/crypto/dso/dso_win32.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -7,6 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
+#include "e_os.h"
 #include "dso_locl.h"
 
 #if defined(DSO_WIN32)
@@ -119,14 +120,14 @@ static int win32_load(DSO *dso)
     }
     /* Success */
     dso->loaded_filename = filename;
-    return (1);
+    return 1;
  err:
     /* Cleanup ! */
     OPENSSL_free(filename);
     OPENSSL_free(p);
     if (h != NULL)
         FreeLibrary(h);
-    return (0);
+    return 0;
 }
 
 static int win32_unload(DSO *dso)
@@ -134,14 +135,14 @@ static int win32_unload(DSO *dso)
     HINSTANCE *p;
     if (dso == NULL) {
         DSOerr(DSO_F_WIN32_UNLOAD, ERR_R_PASSED_NULL_PARAMETER);
-        return (0);
+        return 0;
     }
     if (sk_void_num(dso->meth_data) < 1)
-        return (1);
+        return 1;
     p = sk_void_pop(dso->meth_data);
     if (p == NULL) {
         DSOerr(DSO_F_WIN32_UNLOAD, DSO_R_NULL_HANDLE);
-        return (0);
+        return 0;
     }
     if (!FreeLibrary(*p)) {
         DSOerr(DSO_F_WIN32_UNLOAD, DSO_R_UNLOAD_FAILED);
@@ -149,11 +150,11 @@ static int win32_unload(DSO *dso)
          * We should push the value back onto the stack in case of a retry.
          */
         sk_void_push(dso->meth_data, p);
-        return (0);
+        return 0;
     }
     /* Cleanup */
     OPENSSL_free(p);
-    return (1);
+    return 1;
 }
 
 static DSO_FUNC_TYPE win32_bind_func(DSO *dso, const char *symname)
@@ -166,24 +167,24 @@ static DSO_FUNC_TYPE win32_bind_func(DSO *dso, const char *symname)
 
     if ((dso == NULL) || (symname == NULL)) {
         DSOerr(DSO_F_WIN32_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER);
-        return (NULL);
+        return NULL;
     }
     if (sk_void_num(dso->meth_data) < 1) {
         DSOerr(DSO_F_WIN32_BIND_FUNC, DSO_R_STACK_ERROR);
-        return (NULL);
+        return NULL;
     }
     ptr = sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1);
     if (ptr == NULL) {
         DSOerr(DSO_F_WIN32_BIND_FUNC, DSO_R_NULL_HANDLE);
-        return (NULL);
+        return NULL;
     }
     sym.f = GetProcAddress(*ptr, symname);
     if (sym.p == NULL) {
         DSOerr(DSO_F_WIN32_BIND_FUNC, DSO_R_SYM_FAILURE);
         ERR_add_error_data(3, "symname(", symname, ")");
-        return (NULL);
+        return NULL;
     }
-    return ((DSO_FUNC_TYPE)sym.f);
+    return (DSO_FUNC_TYPE)sym.f;
 }
 
 struct file_st {
@@ -209,16 +210,13 @@ static struct file_st *win32_splitter(DSO *dso, const char *filename,
 
     if (!filename) {
         DSOerr(DSO_F_WIN32_SPLITTER, DSO_R_NO_FILENAME);
-        /*
-         * goto err;
-         */
-        return (NULL);
+        return NULL;
     }
 
     result = OPENSSL_zalloc(sizeof(*result));
     if (result == NULL) {
         DSOerr(DSO_F_WIN32_SPLITTER, ERR_R_MALLOC_FAILURE);
-        return (NULL);
+        return NULL;
     }
 
     position = IN_DEVICE;
@@ -237,11 +235,8 @@ static struct file_st *win32_splitter(DSO *dso, const char *filename,
         case ':':
             if (position != IN_DEVICE) {
                 DSOerr(DSO_F_WIN32_SPLITTER, DSO_R_INCORRECT_FILE_SYNTAX);
-                /*
-                 * goto err;
-                 */
                 OPENSSL_free(result);
-                return (NULL);
+                return NULL;
             }
             result->device = start;
             result->devicelen = (int)(filename - start);
@@ -302,7 +297,7 @@ static struct file_st *win32_splitter(DSO *dso, const char *filename,
     if (!result->filelen)
         result->file = NULL;
 
-    return (result);
+    return result;
 }
 
 static char *win32_joiner(DSO *dso, const struct file_st *file_split)
@@ -313,7 +308,7 @@ static char *win32_joiner(DSO *dso, const struct file_st *file_split)
 
     if (!file_split) {
         DSOerr(DSO_F_WIN32_JOINER, ERR_R_PASSED_NULL_PARAMETER);
-        return (NULL);
+        return NULL;
     }
     if (file_split->node) {
         len += 2 + file_split->nodelen; /* 2 for starting \\ */
@@ -334,13 +329,13 @@ static char *win32_joiner(DSO *dso, const struct file_st *file_split)
 
     if (!len) {
         DSOerr(DSO_F_WIN32_JOINER, DSO_R_EMPTY_FILE_STRUCTURE);
-        return (NULL);
+        return NULL;
     }
 
     result = OPENSSL_malloc(len + 1);
     if (result == NULL) {
         DSOerr(DSO_F_WIN32_JOINER, ERR_R_MALLOC_FAILURE);
-        return (NULL);
+        return NULL;
     }
 
     if (file_split->node) {
@@ -388,7 +383,7 @@ static char *win32_joiner(DSO *dso, const struct file_st *file_split)
     strncpy(&result[offset], file_split->file, file_split->filelen);
     offset += file_split->filelen;
     result[offset] = '\0';
-    return (result);
+    return result;
 }
 
 static char *win32_merger(DSO *dso, const char *filespec1,
@@ -400,33 +395,31 @@ static char *win32_merger(DSO *dso, const char *filespec1,
 
     if (!filespec1 && !filespec2) {
         DSOerr(DSO_F_WIN32_MERGER, ERR_R_PASSED_NULL_PARAMETER);
-        return (NULL);
+        return NULL;
     }
     if (!filespec2) {
-        merged = OPENSSL_malloc(strlen(filespec1) + 1);
+        merged = OPENSSL_strdup(filespec1);
         if (merged == NULL) {
             DSOerr(DSO_F_WIN32_MERGER, ERR_R_MALLOC_FAILURE);
-            return (NULL);
+            return NULL;
         }
-        strcpy(merged, filespec1);
     } else if (!filespec1) {
-        merged = OPENSSL_malloc(strlen(filespec2) + 1);
+        merged = OPENSSL_strdup(filespec2);
         if (merged == NULL) {
             DSOerr(DSO_F_WIN32_MERGER, ERR_R_MALLOC_FAILURE);
-            return (NULL);
+            return NULL;
         }
-        strcpy(merged, filespec2);
     } else {
         filespec1_split = win32_splitter(dso, filespec1, 0);
         if (!filespec1_split) {
             DSOerr(DSO_F_WIN32_MERGER, ERR_R_MALLOC_FAILURE);
-            return (NULL);
+            return NULL;
         }
         filespec2_split = win32_splitter(dso, filespec2, 1);
         if (!filespec2_split) {
             DSOerr(DSO_F_WIN32_MERGER, ERR_R_MALLOC_FAILURE);
             OPENSSL_free(filespec1_split);
-            return (NULL);
+            return NULL;
         }
 
         /* Fill in into filespec1_split */
@@ -453,7 +446,7 @@ static char *win32_merger(DSO *dso, const char *filespec1,
     }
     OPENSSL_free(filespec1_split);
     OPENSSL_free(filespec2_split);
-    return (merged);
+    return merged;
 }
 
 static char *win32_name_converter(DSO *dso, const char *filename)
@@ -473,13 +466,13 @@ static char *win32_name_converter(DSO *dso, const char *filename)
         translated = OPENSSL_malloc(len + 1);
     if (translated == NULL) {
         DSOerr(DSO_F_WIN32_NAME_CONVERTER, DSO_R_NAME_TRANSLATION_FAILED);
-        return (NULL);
+        return NULL;
     }
     if (transform)
         sprintf(translated, "%s.dll", filename);
     else
         sprintf(translated, "%s", filename);
-    return (translated);
+    return translated;
 }
 
 static const char *openssl_strnchr(const char *string, int c, size_t len)
diff --git a/deps/openssl/openssl/crypto/ebcdic.c b/deps/openssl/openssl/crypto/ebcdic.c
index 68719538fb..2a8ca61010 100644
--- a/deps/openssl/openssl/crypto/ebcdic.c
+++ b/deps/openssl/openssl/crypto/ebcdic.c
@@ -14,11 +14,6 @@ NON_EMPTY_TRANSLATION_UNIT
 
 # include <openssl/ebcdic.h>
 
-/*-
- *      Initial Port for  Apache-1.3     by <Martin.Kraemer@Mch.SNI.De>
- *      Adapted for       OpenSSL-0.9.4  by <Martin.Kraemer@Mch.SNI.De>
- */
-
 # ifdef CHARSET_EBCDIC_TEST
 /*
  * Here we're looking to test the EBCDIC code on an ASCII system so we don't do
diff --git a/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-armv4.pl b/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-armv4.pl
index 4eb4c68977..83abbdd895 100755
--- a/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-armv4.pl
+++ b/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-armv4.pl
@@ -233,7 +233,7 @@ __ecp_nistz256_add:
 	@ if a+b >= modulus, subtract modulus.
 	@
 	@ But since comparison implies subtraction, we subtract
-	@ modulus and then add it back if subraction borrowed.
+	@ modulus and then add it back if subtraction borrowed.
 
 	subs	$a0,$a0,#-1
 	sbcs	$a1,$a1,#-1
@@ -1222,7 +1222,7 @@ __ecp_nistz256_add_self:
 	@ if a+b >= modulus, subtract modulus.
 	@
 	@ But since comparison implies subtraction, we subtract
-	@ modulus and then add it back if subraction borrowed.
+	@ modulus and then add it back if subtraction borrowed.
 
 	subs	$a0,$a0,#-1
 	sbcs	$a1,$a1,#-1
diff --git a/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-armv8.pl b/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-armv8.pl
index 2a39675bfd..1361cb395f 100644
--- a/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-armv8.pl
+++ b/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-armv8.pl
@@ -22,11 +22,10 @@
 # http://eprint.iacr.org/2013/816.
 #
 #			with/without -DECP_NISTZ256_ASM
-# Apple A7		+120-360%
-# Cortex-A53		+120-400%
-# Cortex-A57		+120-350%
-# X-Gene		+200-330%
-# Denver		+140-400%
+# Apple A7		+190-360%
+# Cortex-A53		+190-400%
+# Cortex-A57		+190-350%
+# Denver		+230-400%
 #
 # Ranges denote minimum and maximum improvement coefficients depending
 # on benchmark. Lower coefficients are for ECDSA sign, server-side
@@ -109,6 +108,10 @@ $code.=<<___;
 .quad	0x0000000000000001,0xffffffff00000000,0xffffffffffffffff,0x00000000fffffffe
 .Lone:
 .quad	1,0,0,0
+.Lord:
+.quad	0xf3b9cac2fc632551,0xbce6faada7179e84,0xffffffffffffffff,0xffffffff00000000
+.LordK:
+.quad	0xccd1c8aaee00bc4f
 .asciz	"ECP_NISTZ256 for ARMv8, CRYPTOGAMS by <appro\@openssl.org>"
 
 // void	ecp_nistz256_to_mont(BN_ULONG x0[4],const BN_ULONG x1[4]);
@@ -660,7 +663,7 @@ __ecp_nistz256_div_by_2:
 	adc	$ap,xzr,xzr		// zap $ap
 	tst	$acc0,#1		// is a even?
 
-	csel	$acc0,$acc0,$t0,eq	// ret = even ? a : a+modulus 
+	csel	$acc0,$acc0,$t0,eq	// ret = even ? a : a+modulus
 	csel	$acc1,$acc1,$t1,eq
 	csel	$acc2,$acc2,$t2,eq
 	csel	$acc3,$acc3,$t3,eq
@@ -1309,6 +1312,302 @@ $code.=<<___;
 	ret
 .size	ecp_nistz256_point_add_affine,.-ecp_nistz256_point_add_affine
 ___
+}
+if (1) {
+my ($ord0,$ord1) = ($poly1,$poly3);
+my ($ord2,$ord3,$ordk,$t4) = map("x$_",(21..24));
+my $acc7 = $bi;
+
+$code.=<<___;
+////////////////////////////////////////////////////////////////////////
+// void ecp_nistz256_ord_mul_mont(uint64_t res[4], uint64_t a[4],
+//                                uint64_t b[4]);
+.globl	ecp_nistz256_ord_mul_mont
+.type	ecp_nistz256_ord_mul_mont,%function
+.align	4
+ecp_nistz256_ord_mul_mont:
+	stp	x29,x30,[sp,#-64]!
+	add	x29,sp,#0
+	stp	x19,x20,[sp,#16]
+	stp	x21,x22,[sp,#32]
+	stp	x23,x24,[sp,#48]
+
+	adr	$ordk,.Lord
+	ldr	$bi,[$bp]		// bp[0]
+	ldp	$a0,$a1,[$ap]
+	ldp	$a2,$a3,[$ap,#16]
+
+	ldp	$ord0,$ord1,[$ordk,#0]
+	ldp	$ord2,$ord3,[$ordk,#16]
+	ldr	$ordk,[$ordk,#32]
+
+	mul	$acc0,$a0,$bi		// a[0]*b[0]
+	umulh	$t0,$a0,$bi
+
+	mul	$acc1,$a1,$bi		// a[1]*b[0]
+	umulh	$t1,$a1,$bi
+
+	mul	$acc2,$a2,$bi		// a[2]*b[0]
+	umulh	$t2,$a2,$bi
+
+	mul	$acc3,$a3,$bi		// a[3]*b[0]
+	umulh	$acc4,$a3,$bi
+
+	mul	$t4,$acc0,$ordk
+
+	adds	$acc1,$acc1,$t0		// accumulate high parts of multiplication
+	adcs	$acc2,$acc2,$t1
+	adcs	$acc3,$acc3,$t2
+	adc	$acc4,$acc4,xzr
+	mov	$acc5,xzr
+___
+for ($i=1;$i<4;$i++) {
+	################################################################
+	#            ffff0000.ffffffff.yyyyyyyy.zzzzzzzz
+	# *                                     abcdefgh
+	# + xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx
+	#
+	# Now observing that ff..ff*x = (2^n-1)*x = 2^n*x-x, we
+	# rewrite above as:
+	#
+	#   xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx
+	# - 0000abcd.efgh0000.abcdefgh.00000000.00000000
+	# + abcdefgh.abcdefgh.yzayzbyz.cyzdyzey.zfyzgyzh
+$code.=<<___;
+	ldr	$bi,[$bp,#8*$i]		// b[i]
+
+	lsl	$t0,$t4,#32
+	subs	$acc2,$acc2,$t4
+	lsr	$t1,$t4,#32
+	sbcs	$acc3,$acc3,$t0
+	sbcs	$acc4,$acc4,$t1
+	sbc	$acc5,$acc5,xzr
+
+	subs	xzr,$acc0,#1
+	umulh	$t1,$ord0,$t4
+	mul	$t2,$ord1,$t4
+	umulh	$t3,$ord1,$t4
+
+	adcs	$t2,$t2,$t1
+	 mul	$t0,$a0,$bi
+	adc	$t3,$t3,xzr
+	 mul	$t1,$a1,$bi
+
+	adds	$acc0,$acc1,$t2
+	 mul	$t2,$a2,$bi
+	adcs	$acc1,$acc2,$t3
+	 mul	$t3,$a3,$bi
+	adcs	$acc2,$acc3,$t4
+	adcs	$acc3,$acc4,$t4
+	adc	$acc4,$acc5,xzr
+
+	adds	$acc0,$acc0,$t0		// accumulate low parts
+	umulh	$t0,$a0,$bi
+	adcs	$acc1,$acc1,$t1
+	umulh	$t1,$a1,$bi
+	adcs	$acc2,$acc2,$t2
+	umulh	$t2,$a2,$bi
+	adcs	$acc3,$acc3,$t3
+	umulh	$t3,$a3,$bi
+	adc	$acc4,$acc4,xzr
+	mul	$t4,$acc0,$ordk
+	adds	$acc1,$acc1,$t0		// accumulate high parts
+	adcs	$acc2,$acc2,$t1
+	adcs	$acc3,$acc3,$t2
+	adcs	$acc4,$acc4,$t3
+	adc	$acc5,xzr,xzr
+___
+}
+$code.=<<___;
+	lsl	$t0,$t4,#32		// last reduction
+	subs	$acc2,$acc2,$t4
+	lsr	$t1,$t4,#32
+	sbcs	$acc3,$acc3,$t0
+	sbcs	$acc4,$acc4,$t1
+	sbc	$acc5,$acc5,xzr
+
+	subs	xzr,$acc0,#1
+	umulh	$t1,$ord0,$t4
+	mul	$t2,$ord1,$t4
+	umulh	$t3,$ord1,$t4
+
+	adcs	$t2,$t2,$t1
+	adc	$t3,$t3,xzr
+
+	adds	$acc0,$acc1,$t2
+	adcs	$acc1,$acc2,$t3
+	adcs	$acc2,$acc3,$t4
+	adcs	$acc3,$acc4,$t4
+	adc	$acc4,$acc5,xzr
+
+	subs	$t0,$acc0,$ord0		// ret -= modulus
+	sbcs	$t1,$acc1,$ord1
+	sbcs	$t2,$acc2,$ord2
+	sbcs	$t3,$acc3,$ord3
+	sbcs	xzr,$acc4,xzr
+
+	csel	$acc0,$acc0,$t0,lo	// ret = borrow ? ret : ret-modulus
+	csel	$acc1,$acc1,$t1,lo
+	csel	$acc2,$acc2,$t2,lo
+	stp	$acc0,$acc1,[$rp]
+	csel	$acc3,$acc3,$t3,lo
+	stp	$acc2,$acc3,[$rp,#16]
+
+	ldp	x19,x20,[sp,#16]
+	ldp	x21,x22,[sp,#32]
+	ldp	x23,x24,[sp,#48]
+	ldr	x29,[sp],#64
+	ret
+.size	ecp_nistz256_ord_mul_mont,.-ecp_nistz256_ord_mul_mont
+
+////////////////////////////////////////////////////////////////////////
+// void ecp_nistz256_ord_sqr_mont(uint64_t res[4], uint64_t a[4],
+//                                int rep);
+.globl	ecp_nistz256_ord_sqr_mont
+.type	ecp_nistz256_ord_sqr_mont,%function
+.align	4
+ecp_nistz256_ord_sqr_mont:
+	stp	x29,x30,[sp,#-64]!
+	add	x29,sp,#0
+	stp	x19,x20,[sp,#16]
+	stp	x21,x22,[sp,#32]
+	stp	x23,x24,[sp,#48]
+
+	adr	$ordk,.Lord
+	ldp	$a0,$a1,[$ap]
+	ldp	$a2,$a3,[$ap,#16]
+
+	ldp	$ord0,$ord1,[$ordk,#0]
+	ldp	$ord2,$ord3,[$ordk,#16]
+	ldr	$ordk,[$ordk,#32]
+	b	.Loop_ord_sqr
+
+.align	4
+.Loop_ord_sqr:
+	sub	$bp,$bp,#1
+	////////////////////////////////////////////////////////////////
+	//  |  |  |  |  |  |a1*a0|  |
+	//  |  |  |  |  |a2*a0|  |  |
+	//  |  |a3*a2|a3*a0|  |  |  |
+	//  |  |  |  |a2*a1|  |  |  |
+	//  |  |  |a3*a1|  |  |  |  |
+	// *|  |  |  |  |  |  |  | 2|
+	// +|a3*a3|a2*a2|a1*a1|a0*a0|
+	//  |--+--+--+--+--+--+--+--|
+	//  |A7|A6|A5|A4|A3|A2|A1|A0|, where Ax is $accx, i.e. follow $accx
+	//
+	//  "can't overflow" below mark carrying into high part of
+	//  multiplication result, which can't overflow, because it
+	//  can never be all ones.
+
+	mul	$acc1,$a1,$a0		// a[1]*a[0]
+	umulh	$t1,$a1,$a0
+	mul	$acc2,$a2,$a0		// a[2]*a[0]
+	umulh	$t2,$a2,$a0
+	mul	$acc3,$a3,$a0		// a[3]*a[0]
+	umulh	$acc4,$a3,$a0
+
+	adds	$acc2,$acc2,$t1		// accumulate high parts of multiplication
+	 mul	$t0,$a2,$a1		// a[2]*a[1]
+	 umulh	$t1,$a2,$a1
+	adcs	$acc3,$acc3,$t2
+	 mul	$t2,$a3,$a1		// a[3]*a[1]
+	 umulh	$t3,$a3,$a1
+	adc	$acc4,$acc4,xzr		// can't overflow
+
+	mul	$acc5,$a3,$a2		// a[3]*a[2]
+	umulh	$acc6,$a3,$a2
+
+	adds	$t1,$t1,$t2		// accumulate high parts of multiplication
+	 mul	$acc0,$a0,$a0		// a[0]*a[0]
+	adc	$t2,$t3,xzr		// can't overflow
+
+	adds	$acc3,$acc3,$t0		// accumulate low parts of multiplication
+	 umulh	$a0,$a0,$a0
+	adcs	$acc4,$acc4,$t1
+	 mul	$t1,$a1,$a1		// a[1]*a[1]
+	adcs	$acc5,$acc5,$t2
+	 umulh	$a1,$a1,$a1
+	adc	$acc6,$acc6,xzr		// can't overflow
+
+	adds	$acc1,$acc1,$acc1	// acc[1-6]*=2
+	 mul	$t2,$a2,$a2		// a[2]*a[2]
+	adcs	$acc2,$acc2,$acc2
+	 umulh	$a2,$a2,$a2
+	adcs	$acc3,$acc3,$acc3
+	 mul	$t3,$a3,$a3		// a[3]*a[3]
+	adcs	$acc4,$acc4,$acc4
+	 umulh	$a3,$a3,$a3
+	adcs	$acc5,$acc5,$acc5
+	adcs	$acc6,$acc6,$acc6
+	adc	$acc7,xzr,xzr
+
+	adds	$acc1,$acc1,$a0		// +a[i]*a[i]
+	 mul	$t4,$acc0,$ordk
+	adcs	$acc2,$acc2,$t1
+	adcs	$acc3,$acc3,$a1
+	adcs	$acc4,$acc4,$t2
+	adcs	$acc5,$acc5,$a2
+	adcs	$acc6,$acc6,$t3
+	adc	$acc7,$acc7,$a3
+___
+for($i=0; $i<4; $i++) {			# reductions
+$code.=<<___;
+	subs	xzr,$acc0,#1
+	umulh	$t1,$ord0,$t4
+	mul	$t2,$ord1,$t4
+	umulh	$t3,$ord1,$t4
+
+	adcs	$t2,$t2,$t1
+	adc	$t3,$t3,xzr
+
+	adds	$acc0,$acc1,$t2
+	adcs	$acc1,$acc2,$t3
+	adcs	$acc2,$acc3,$t4
+	adc	$acc3,xzr,$t4		// can't overflow
+___
+$code.=<<___	if ($i<3);
+	mul	$t3,$acc0,$ordk
+___
+$code.=<<___;
+	lsl	$t0,$t4,#32
+	subs	$acc1,$acc1,$t4
+	lsr	$t1,$t4,#32
+	sbcs	$acc2,$acc2,$t0
+	sbc	$acc3,$acc3,$t1		// can't borrow
+___
+	($t3,$t4) = ($t4,$t3);
+}
+$code.=<<___;
+	adds	$acc0,$acc0,$acc4	// accumulate upper half
+	adcs	$acc1,$acc1,$acc5
+	adcs	$acc2,$acc2,$acc6
+	adcs	$acc3,$acc3,$acc7
+	adc	$acc4,xzr,xzr
+
+	subs	$t0,$acc0,$ord0		// ret -= modulus
+	sbcs	$t1,$acc1,$ord1
+	sbcs	$t2,$acc2,$ord2
+	sbcs	$t3,$acc3,$ord3
+	sbcs	xzr,$acc4,xzr
+
+	csel	$a0,$acc0,$t0,lo	// ret = borrow ? ret : ret-modulus
+	csel	$a1,$acc1,$t1,lo
+	csel	$a2,$acc2,$t2,lo
+	csel	$a3,$acc3,$t3,lo
+
+	cbnz	$bp,.Loop_ord_sqr
+
+	stp	$a0,$a1,[$rp]
+	stp	$a2,$a3,[$rp,#16]
+
+	ldp	x19,x20,[sp,#16]
+	ldp	x21,x22,[sp,#32]
+	ldp	x23,x24,[sp,#48]
+	ldr	x29,[sp],#64
+	ret
+.size	ecp_nistz256_ord_sqr_mont,.-ecp_nistz256_ord_sqr_mont
+___
 }	}
 
 ########################################################################
diff --git a/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-avx2.pl b/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-avx2.pl
index edd7d01281..794e56a082 100755
--- a/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-avx2.pl
+++ b/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-avx2.pl
@@ -1,39 +1,19 @@
 #! /usr/bin/env perl
 # Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright (c) 2014, Intel Corporation. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
 # in the file LICENSE in the source distribution or at
 # https://www.openssl.org/source/license.html
-
-
-##############################################################################
-#                                                                            #
-# Copyright 2014 Intel Corporation                                           #
-#                                                                            #
-# Licensed under the Apache License, Version 2.0 (the "License");            #
-# you may not use this file except in compliance with the License.           #
-# You may obtain a copy of the License at                                    #
-#                                                                            #
-#    http://www.apache.org/licenses/LICENSE-2.0                              #
-#                                                                            #
-# Unless required by applicable law or agreed to in writing, software        #
-# distributed under the License is distributed on an "AS IS" BASIS,          #
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
-# See the License for the specific language governing permissions and        #
-# limitations under the License.                                             #
-#                                                                            #
-##############################################################################
-#                                                                            #
-#  Developers and authors:                                                   #
-#  Shay Gueron (1, 2), and Vlad Krasnov (1)                                  #
-#  (1) Intel Corporation, Israel Development Center                          #
-#  (2) University of Haifa                                                   #
-#  Reference:                                                                #
-#  S.Gueron and V.Krasnov, "Fast Prime Field Elliptic Curve Cryptography with#
-#                           256 Bit Primes"                                  #
-#                                                                            #
-##############################################################################
+#
+# Originally written by Shay Gueron (1, 2), and Vlad Krasnov (1)
+# (1) Intel Corporation, Israel Development Center, Haifa, Israel
+# (2) University of Haifa, Israel
+#
+# Reference:
+# S.Gueron and V.Krasnov, "Fast Prime Field Elliptic Curve Cryptography with
+#                          256 Bit Primes"
 
 $flavour = shift;
 $output  = shift;
@@ -157,7 +137,7 @@ ___
 
 {
 # This function receives a pointer to an array of four affine points
-# (X, Y, <1>) and rearanges the data for AVX2 execution, while
+# (X, Y, <1>) and rearranges the data for AVX2 execution, while
 # converting it to 2^29 radix redundant form
 
 my ($X0,$X1,$X2,$X3, $Y0,$Y1,$Y2,$Y3,
@@ -309,7 +289,7 @@ ___
 {
 ################################################################################
 # This function receives a pointer to an array of four AVX2 formatted points
-# (X, Y, Z) convert the data to normal representation, and rearanges the data
+# (X, Y, Z) convert the data to normal representation, and rearranges the data
 
 my ($D0,$D1,$D2,$D3, $D4,$D5,$D6,$D7, $D8)=map("%ymm$_",(0..8));
 my ($T0,$T1,$T2,$T3, $T4,$T5,$T6)=map("%ymm$_",(9..15));
diff --git a/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-ppc64.pl b/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-ppc64.pl
new file mode 100755
index 0000000000..984c7f2050
--- /dev/null
+++ b/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-ppc64.pl
@@ -0,0 +1,2382 @@
+#! /usr/bin/env perl
+# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# ECP_NISTZ256 module for PPC64.
+#
+# August 2016.
+#
+# Original ECP_NISTZ256 submission targeting x86_64 is detailed in
+# http://eprint.iacr.org/2013/816.
+#
+#			with/without -DECP_NISTZ256_ASM
+# POWER7		+260-530%
+# POWER8		+220-340%
+
+$flavour = shift;
+while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
+die "can't locate ppc-xlate.pl";
+
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
+
+my $sp="r1";
+
+{
+my ($rp,$ap,$bp,$bi,$acc0,$acc1,$acc2,$acc3,$poly1,$poly3,
+    $acc4,$acc5,$a0,$a1,$a2,$a3,$t0,$t1,$t2,$t3) =
+    map("r$_",(3..12,22..31));
+
+my ($acc6,$acc7)=($bp,$bi);	# used in __ecp_nistz256_sqr_mont
+
+$code.=<<___;
+.machine	"any"
+.text
+___
+########################################################################
+# Convert ecp_nistz256_table.c to layout expected by ecp_nistz_gather_w7
+#
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+open TABLE,"<ecp_nistz256_table.c"		or
+open TABLE,"<${dir}../ecp_nistz256_table.c"	or
+die "failed to open ecp_nistz256_table.c:",$!;
+
+use integer;
+
+foreach(<TABLE>) {
+	s/TOBN\(\s*(0x[0-9a-f]+),\s*(0x[0-9a-f]+)\s*\)/push @arr,hex($2),hex($1)/geo;
+}
+close TABLE;
+
+# See ecp_nistz256_table.c for explanation for why it's 64*16*37.
+# 64*16*37-1 is because $#arr returns last valid index or @arr, not
+# amount of elements.
+die "insane number of elements" if ($#arr != 64*16*37-1);
+
+$code.=<<___;
+.type	ecp_nistz256_precomputed,\@object
+.globl	ecp_nistz256_precomputed
+.align	12
+ecp_nistz256_precomputed:
+___
+########################################################################
+# this conversion smashes P256_POINT_AFFINE by individual bytes with
+# 64 byte interval, similar to
+#	1111222233334444
+#	1234123412341234
+for(1..37) {
+	@tbl = splice(@arr,0,64*16);
+	for($i=0;$i<64;$i++) {
+		undef @line;
+		for($j=0;$j<64;$j++) {
+			push @line,(@tbl[$j*16+$i/4]>>(($i%4)*8))&0xff;
+		}
+		$code.=".byte\t";
+		$code.=join(',',map { sprintf "0x%02x",$_} @line);
+		$code.="\n";
+	}
+}
+
+$code.=<<___;
+.size	ecp_nistz256_precomputed,.-ecp_nistz256_precomputed
+.asciz	"ECP_NISTZ256 for PPC64, CRYPTOGAMS by <appro\@openssl.org>"
+
+# void	ecp_nistz256_mul_mont(BN_ULONG x0[4],const BN_ULONG x1[4],
+#					     const BN_ULONG x2[4]);
+.globl	ecp_nistz256_mul_mont
+.align	5
+ecp_nistz256_mul_mont:
+	stdu	$sp,-128($sp)
+	mflr	r0
+	std	r22,48($sp)
+	std	r23,56($sp)
+	std	r24,64($sp)
+	std	r25,72($sp)
+	std	r26,80($sp)
+	std	r27,88($sp)
+	std	r28,96($sp)
+	std	r29,104($sp)
+	std	r30,112($sp)
+	std	r31,120($sp)
+
+	ld	$a0,0($ap)
+	ld	$bi,0($bp)
+	ld	$a1,8($ap)
+	ld	$a2,16($ap)
+	ld	$a3,24($ap)
+
+	li	$poly1,-1
+	srdi	$poly1,$poly1,32	# 0x00000000ffffffff
+	li	$poly3,1
+	orc	$poly3,$poly3,$poly1	# 0xffffffff00000001
+
+	bl	__ecp_nistz256_mul_mont
+
+	mtlr	r0
+	ld	r22,48($sp)
+	ld	r23,56($sp)
+	ld	r24,64($sp)
+	ld	r25,72($sp)
+	ld	r26,80($sp)
+	ld	r27,88($sp)
+	ld	r28,96($sp)
+	ld	r29,104($sp)
+	ld	r30,112($sp)
+	ld	r31,120($sp)
+	addi	$sp,$sp,128
+	blr
+	.long	0
+	.byte	0,12,4,0,0x80,10,3,0
+	.long	0
+.size	ecp_nistz256_mul_mont,.-ecp_nistz256_mul_mont
+
+# void	ecp_nistz256_sqr_mont(BN_ULONG x0[4],const BN_ULONG x1[4]);
+.globl	ecp_nistz256_sqr_mont
+.align	4
+ecp_nistz256_sqr_mont:
+	stdu	$sp,-128($sp)
+	mflr	r0
+	std	r22,48($sp)
+	std	r23,56($sp)
+	std	r24,64($sp)
+	std	r25,72($sp)
+	std	r26,80($sp)
+	std	r27,88($sp)
+	std	r28,96($sp)
+	std	r29,104($sp)
+	std	r30,112($sp)
+	std	r31,120($sp)
+
+	ld	$a0,0($ap)
+	ld	$a1,8($ap)
+	ld	$a2,16($ap)
+	ld	$a3,24($ap)
+
+	li	$poly1,-1
+	srdi	$poly1,$poly1,32	# 0x00000000ffffffff
+	li	$poly3,1
+	orc	$poly3,$poly3,$poly1	# 0xffffffff00000001
+
+	bl	__ecp_nistz256_sqr_mont
+
+	mtlr	r0
+	ld	r22,48($sp)
+	ld	r23,56($sp)
+	ld	r24,64($sp)
+	ld	r25,72($sp)
+	ld	r26,80($sp)
+	ld	r27,88($sp)
+	ld	r28,96($sp)
+	ld	r29,104($sp)
+	ld	r30,112($sp)
+	ld	r31,120($sp)
+	addi	$sp,$sp,128
+	blr
+	.long	0
+	.byte	0,12,4,0,0x80,10,2,0
+	.long	0
+.size	ecp_nistz256_sqr_mont,.-ecp_nistz256_sqr_mont
+
+# void	ecp_nistz256_add(BN_ULONG x0[4],const BN_ULONG x1[4],
+#					const BN_ULONG x2[4]);
+.globl	ecp_nistz256_add
+.align	4
+ecp_nistz256_add:
+	stdu	$sp,-128($sp)
+	mflr	r0
+	std	r28,96($sp)
+	std	r29,104($sp)
+	std	r30,112($sp)
+	std	r31,120($sp)
+
+	ld	$acc0,0($ap)
+	ld	$t0,  0($bp)
+	ld	$acc1,8($ap)
+	ld	$t1,  8($bp)
+	ld	$acc2,16($ap)
+	ld	$t2,  16($bp)
+	ld	$acc3,24($ap)
+	ld	$t3,  24($bp)
+
+	li	$poly1,-1
+	srdi	$poly1,$poly1,32	# 0x00000000ffffffff
+	li	$poly3,1
+	orc	$poly3,$poly3,$poly1	# 0xffffffff00000001
+
+	bl	__ecp_nistz256_add
+
+	mtlr	r0
+	ld	r28,96($sp)
+	ld	r29,104($sp)
+	ld	r30,112($sp)
+	ld	r31,120($sp)
+	addi	$sp,$sp,128
+	blr
+	.long	0
+	.byte	0,12,4,0,0x80,4,3,0
+	.long	0
+.size	ecp_nistz256_add,.-ecp_nistz256_add
+
+# void	ecp_nistz256_div_by_2(BN_ULONG x0[4],const BN_ULONG x1[4]);
+.globl	ecp_nistz256_div_by_2
+.align	4
+ecp_nistz256_div_by_2:
+	stdu	$sp,-128($sp)
+	mflr	r0
+	std	r28,96($sp)
+	std	r29,104($sp)
+	std	r30,112($sp)
+	std	r31,120($sp)
+
+	ld	$acc0,0($ap)
+	ld	$acc1,8($ap)
+	ld	$acc2,16($ap)
+	ld	$acc3,24($ap)
+
+	li	$poly1,-1
+	srdi	$poly1,$poly1,32	# 0x00000000ffffffff
+	li	$poly3,1
+	orc	$poly3,$poly3,$poly1	# 0xffffffff00000001
+
+	bl	__ecp_nistz256_div_by_2
+
+	mtlr	r0
+	ld	r28,96($sp)
+	ld	r29,104($sp)
+	ld	r30,112($sp)
+	ld	r31,120($sp)
+	addi	$sp,$sp,128
+	blr
+	.long	0
+	.byte	0,12,4,0,0x80,4,2,0
+	.long	0
+.size	ecp_nistz256_div_by_2,.-ecp_nistz256_div_by_2
+
+# void	ecp_nistz256_mul_by_2(BN_ULONG x0[4],const BN_ULONG x1[4]);
+.globl	ecp_nistz256_mul_by_2
+.align	4
+ecp_nistz256_mul_by_2:
+	stdu	$sp,-128($sp)
+	mflr	r0
+	std	r28,96($sp)
+	std	r29,104($sp)
+	std	r30,112($sp)
+	std	r31,120($sp)
+
+	ld	$acc0,0($ap)
+	ld	$acc1,8($ap)
+	ld	$acc2,16($ap)
+	ld	$acc3,24($ap)
+
+	mr	$t0,$acc0
+	mr	$t1,$acc1
+	mr	$t2,$acc2
+	mr	$t3,$acc3
+
+	li	$poly1,-1
+	srdi	$poly1,$poly1,32	# 0x00000000ffffffff
+	li	$poly3,1
+	orc	$poly3,$poly3,$poly1	# 0xffffffff00000001
+
+	bl	__ecp_nistz256_add	# ret = a+a	// 2*a
+
+	mtlr	r0
+	ld	r28,96($sp)
+	ld	r29,104($sp)
+	ld	r30,112($sp)
+	ld	r31,120($sp)
+	addi	$sp,$sp,128
+	blr
+	.long	0
+	.byte	0,12,4,0,0x80,4,3,0
+	.long	0
+.size	ecp_nistz256_mul_by_2,.-ecp_nistz256_mul_by_2
+
+# void	ecp_nistz256_mul_by_3(BN_ULONG x0[4],const BN_ULONG x1[4]);
+.globl	ecp_nistz256_mul_by_3
+.align	4
+ecp_nistz256_mul_by_3:
+	stdu	$sp,-128($sp)
+	mflr	r0
+	std	r28,96($sp)
+	std	r29,104($sp)
+	std	r30,112($sp)
+	std	r31,120($sp)
+
+	ld	$acc0,0($ap)
+	ld	$acc1,8($ap)
+	ld	$acc2,16($ap)
+	ld	$acc3,24($ap)
+
+	mr	$t0,$acc0
+	std	$acc0,64($sp)
+	mr	$t1,$acc1
+	std	$acc1,72($sp)
+	mr	$t2,$acc2
+	std	$acc2,80($sp)
+	mr	$t3,$acc3
+	std	$acc3,88($sp)
+
+	li	$poly1,-1
+	srdi	$poly1,$poly1,32	# 0x00000000ffffffff
+	li	$poly3,1
+	orc	$poly3,$poly3,$poly1	# 0xffffffff00000001
+
+	bl	__ecp_nistz256_add	# ret = a+a	// 2*a
+
+	ld	$t0,64($sp)
+	ld	$t1,72($sp)
+	ld	$t2,80($sp)
+	ld	$t3,88($sp)
+
+	bl	__ecp_nistz256_add	# ret += a	// 2*a+a=3*a
+
+	mtlr	r0
+	ld	r28,96($sp)
+	ld	r29,104($sp)
+	ld	r30,112($sp)
+	ld	r31,120($sp)
+	addi	$sp,$sp,128
+	blr
+	.long	0
+	.byte	0,12,4,0,0x80,4,2,0
+	.long	0
+.size	ecp_nistz256_mul_by_3,.-ecp_nistz256_mul_by_3
+
+# void	ecp_nistz256_sub(BN_ULONG x0[4],const BN_ULONG x1[4],
+#				        const BN_ULONG x2[4]);
+.globl	ecp_nistz256_sub
+.align	4
+ecp_nistz256_sub:
+	stdu	$sp,-128($sp)
+	mflr	r0
+	std	r28,96($sp)
+	std	r29,104($sp)
+	std	r30,112($sp)
+	std	r31,120($sp)
+
+	ld	$acc0,0($ap)
+	ld	$acc1,8($ap)
+	ld	$acc2,16($ap)
+	ld	$acc3,24($ap)
+
+	li	$poly1,-1
+	srdi	$poly1,$poly1,32	# 0x00000000ffffffff
+	li	$poly3,1
+	orc	$poly3,$poly3,$poly1	# 0xffffffff00000001
+
+	bl	__ecp_nistz256_sub_from
+
+	mtlr	r0
+	ld	r28,96($sp)
+	ld	r29,104($sp)
+	ld	r30,112($sp)
+	ld	r31,120($sp)
+	addi	$sp,$sp,128
+	blr
+	.long	0
+	.byte	0,12,4,0,0x80,4,3,0
+	.long	0
+.size	ecp_nistz256_sub,.-ecp_nistz256_sub
+
+# void	ecp_nistz256_neg(BN_ULONG x0[4],const BN_ULONG x1[4]);
+.globl	ecp_nistz256_neg
+.align	4
+ecp_nistz256_neg:
+	stdu	$sp,-128($sp)
+	mflr	r0
+	std	r28,96($sp)
+	std	r29,104($sp)
+	std	r30,112($sp)
+	std	r31,120($sp)
+
+	mr	$bp,$ap
+	li	$acc0,0
+	li	$acc1,0
+	li	$acc2,0
+	li	$acc3,0
+
+	li	$poly1,-1
+	srdi	$poly1,$poly1,32	# 0x00000000ffffffff
+	li	$poly3,1
+	orc	$poly3,$poly3,$poly1	# 0xffffffff00000001
+
+	bl	__ecp_nistz256_sub_from
+
+	mtlr	r0
+	ld	r28,96($sp)
+	ld	r29,104($sp)
+	ld	r30,112($sp)
+	ld	r31,120($sp)
+	addi	$sp,$sp,128
+	blr
+	.long	0
+	.byte	0,12,4,0,0x80,4,2,0
+	.long	0
+.size	ecp_nistz256_neg,.-ecp_nistz256_neg
+
+# note that __ecp_nistz256_mul_mont expects a[0-3] input pre-loaded
+# to $a0-$a3 and b[0] - to $bi
+.type	__ecp_nistz256_mul_mont,\@function
+.align	4
+__ecp_nistz256_mul_mont:
+	mulld	$acc0,$a0,$bi		# a[0]*b[0]
+	mulhdu	$t0,$a0,$bi
+
+	mulld	$acc1,$a1,$bi		# a[1]*b[0]
+	mulhdu	$t1,$a1,$bi
+
+	mulld	$acc2,$a2,$bi		# a[2]*b[0]
+	mulhdu	$t2,$a2,$bi
+
+	mulld	$acc3,$a3,$bi		# a[3]*b[0]
+	mulhdu	$t3,$a3,$bi
+	ld	$bi,8($bp)		# b[1]
+
+	addc	$acc1,$acc1,$t0		# accumulate high parts of multiplication
+	 sldi	$t0,$acc0,32
+	adde	$acc2,$acc2,$t1
+	 srdi	$t1,$acc0,32
+	adde	$acc3,$acc3,$t2
+	addze	$acc4,$t3
+	li	$acc5,0
+___
+for($i=1;$i<4;$i++) {
+	################################################################
+	# Reduction iteration is normally performed by accumulating
+	# result of multiplication of modulus by "magic" digit [and
+	# omitting least significant word, which is guaranteed to
+	# be 0], but thanks to special form of modulus and "magic"
+	# digit being equal to least significant word, it can be
+	# performed with additions and subtractions alone. Indeed:
+	#
+	#            ffff0001.00000000.0000ffff.ffffffff
+	# *                                     abcdefgh
+	# + xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx.abcdefgh
+	#
+	# Now observing that ff..ff*x = (2^n-1)*x = 2^n*x-x, we
+	# rewrite above as:
+	#
+	#   xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx.abcdefgh
+	# + abcdefgh.abcdefgh.0000abcd.efgh0000.00000000
+	# - 0000abcd.efgh0000.00000000.00000000.abcdefgh
+	#
+	# or marking redundant operations:
+	#
+	#   xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx.--------
+	# + abcdefgh.abcdefgh.0000abcd.efgh0000.--------
+	# - 0000abcd.efgh0000.--------.--------.--------
+
+$code.=<<___;
+	subfc	$t2,$t0,$acc0		# "*0xffff0001"
+	subfe	$t3,$t1,$acc0
+	addc	$acc0,$acc1,$t0		# +=acc[0]<<96 and omit acc[0]
+	adde	$acc1,$acc2,$t1
+	adde	$acc2,$acc3,$t2		# +=acc[0]*0xffff0001
+	adde	$acc3,$acc4,$t3
+	addze	$acc4,$acc5
+
+	mulld	$t0,$a0,$bi		# lo(a[0]*b[i])
+	mulld	$t1,$a1,$bi		# lo(a[1]*b[i])
+	mulld	$t2,$a2,$bi		# lo(a[2]*b[i])
+	mulld	$t3,$a3,$bi		# lo(a[3]*b[i])
+	addc	$acc0,$acc0,$t0		# accumulate low parts of multiplication
+	 mulhdu	$t0,$a0,$bi		# hi(a[0]*b[i])
+	adde	$acc1,$acc1,$t1
+	 mulhdu	$t1,$a1,$bi		# hi(a[1]*b[i])
+	adde	$acc2,$acc2,$t2
+	 mulhdu	$t2,$a2,$bi		# hi(a[2]*b[i])
+	adde	$acc3,$acc3,$t3
+	 mulhdu	$t3,$a3,$bi		# hi(a[3]*b[i])
+	addze	$acc4,$acc4
+___
+$code.=<<___	if ($i<3);
+	ld	$bi,8*($i+1)($bp)	# b[$i+1]
+___
+$code.=<<___;
+	addc	$acc1,$acc1,$t0		# accumulate high parts of multiplication
+	 sldi	$t0,$acc0,32
+	adde	$acc2,$acc2,$t1
+	 srdi	$t1,$acc0,32
+	adde	$acc3,$acc3,$t2
+	adde	$acc4,$acc4,$t3
+	li	$acc5,0
+	addze	$acc5,$acc5
+___
+}
+$code.=<<___;
+	# last reduction
+	subfc	$t2,$t0,$acc0		# "*0xffff0001"
+	subfe	$t3,$t1,$acc0
+	addc	$acc0,$acc1,$t0		# +=acc[0]<<96 and omit acc[0]
+	adde	$acc1,$acc2,$t1
+	adde	$acc2,$acc3,$t2		# +=acc[0]*0xffff0001
+	adde	$acc3,$acc4,$t3
+	addze	$acc4,$acc5
+
+	li	$t2,0
+	addic	$acc0,$acc0,1		# ret -= modulus
+	subfe	$acc1,$poly1,$acc1
+	subfe	$acc2,$t2,$acc2
+	subfe	$acc3,$poly3,$acc3
+	subfe	$acc4,$t2,$acc4
+
+	addc	$acc0,$acc0,$acc4	# ret += modulus if borrow
+	and	$t1,$poly1,$acc4
+	and	$t3,$poly3,$acc4
+	adde	$acc1,$acc1,$t1
+	addze	$acc2,$acc2
+	adde	$acc3,$acc3,$t3
+
+	std	$acc0,0($rp)
+	std	$acc1,8($rp)
+	std	$acc2,16($rp)
+	std	$acc3,24($rp)
+
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,1,0
+	.long	0
+.size	__ecp_nistz256_mul_mont,.-__ecp_nistz256_mul_mont
+
+# note that __ecp_nistz256_sqr_mont expects a[0-3] input pre-loaded
+# to $a0-$a3
+.type	__ecp_nistz256_sqr_mont,\@function
+.align	4
+__ecp_nistz256_sqr_mont:
+	################################################################
+	#  |  |  |  |  |  |a1*a0|  |
+	#  |  |  |  |  |a2*a0|  |  |
+	#  |  |a3*a2|a3*a0|  |  |  |
+	#  |  |  |  |a2*a1|  |  |  |
+	#  |  |  |a3*a1|  |  |  |  |
+	# *|  |  |  |  |  |  |  | 2|
+	# +|a3*a3|a2*a2|a1*a1|a0*a0|
+	#  |--+--+--+--+--+--+--+--|
+	#  |A7|A6|A5|A4|A3|A2|A1|A0|, where Ax is $accx, i.e. follow $accx
+	#
+	#  "can't overflow" below mark carrying into high part of
+	#  multiplication result, which can't overflow, because it
+	#  can never be all ones.
+
+	mulld	$acc1,$a1,$a0		# a[1]*a[0]
+	mulhdu	$t1,$a1,$a0
+	mulld	$acc2,$a2,$a0		# a[2]*a[0]
+	mulhdu	$t2,$a2,$a0
+	mulld	$acc3,$a3,$a0		# a[3]*a[0]
+	mulhdu	$acc4,$a3,$a0
+
+	addc	$acc2,$acc2,$t1		# accumulate high parts of multiplication
+	 mulld	$t0,$a2,$a1		# a[2]*a[1]
+	 mulhdu	$t1,$a2,$a1
+	adde	$acc3,$acc3,$t2
+	 mulld	$t2,$a3,$a1		# a[3]*a[1]
+	 mulhdu	$t3,$a3,$a1
+	addze	$acc4,$acc4		# can't overflow
+
+	mulld	$acc5,$a3,$a2		# a[3]*a[2]
+	mulhdu	$acc6,$a3,$a2
+
+	addc	$t1,$t1,$t2		# accumulate high parts of multiplication
+	addze	$t2,$t3			# can't overflow
+
+	addc	$acc3,$acc3,$t0		# accumulate low parts of multiplication
+	adde	$acc4,$acc4,$t1
+	adde	$acc5,$acc5,$t2
+	addze	$acc6,$acc6		# can't overflow
+
+	addc	$acc1,$acc1,$acc1	# acc[1-6]*=2
+	adde	$acc2,$acc2,$acc2
+	adde	$acc3,$acc3,$acc3
+	adde	$acc4,$acc4,$acc4
+	adde	$acc5,$acc5,$acc5
+	adde	$acc6,$acc6,$acc6
+	li	$acc7,0
+	addze	$acc7,$acc7
+
+	mulld	$acc0,$a0,$a0		# a[0]*a[0]
+	mulhdu	$a0,$a0,$a0
+	mulld	$t1,$a1,$a1		# a[1]*a[1]
+	mulhdu	$a1,$a1,$a1
+	mulld	$t2,$a2,$a2		# a[2]*a[2]
+	mulhdu	$a2,$a2,$a2
+	mulld	$t3,$a3,$a3		# a[3]*a[3]
+	mulhdu	$a3,$a3,$a3
+	addc	$acc1,$acc1,$a0		# +a[i]*a[i]
+	 sldi	$t0,$acc0,32
+	adde	$acc2,$acc2,$t1
+	 srdi	$t1,$acc0,32
+	adde	$acc3,$acc3,$a1
+	adde	$acc4,$acc4,$t2
+	adde	$acc5,$acc5,$a2
+	adde	$acc6,$acc6,$t3
+	adde	$acc7,$acc7,$a3
+___
+for($i=0;$i<3;$i++) {			# reductions, see commentary in
+					# multiplication for details
+$code.=<<___;
+	subfc	$t2,$t0,$acc0		# "*0xffff0001"
+	subfe	$t3,$t1,$acc0
+	addc	$acc0,$acc1,$t0		# +=acc[0]<<96 and omit acc[0]
+	 sldi	$t0,$acc0,32
+	adde	$acc1,$acc2,$t1
+	 srdi	$t1,$acc0,32
+	adde	$acc2,$acc3,$t2		# +=acc[0]*0xffff0001
+	addze	$acc3,$t3		# can't overflow
+___
+}
+$code.=<<___;
+	subfc	$t2,$t0,$acc0		# "*0xffff0001"
+	subfe	$t3,$t1,$acc0
+	addc	$acc0,$acc1,$t0		# +=acc[0]<<96 and omit acc[0]
+	adde	$acc1,$acc2,$t1
+	adde	$acc2,$acc3,$t2		# +=acc[0]*0xffff0001
+	addze	$acc3,$t3		# can't overflow
+
+	addc	$acc0,$acc0,$acc4	# accumulate upper half
+	adde	$acc1,$acc1,$acc5
+	adde	$acc2,$acc2,$acc6
+	adde	$acc3,$acc3,$acc7
+	li	$t2,0
+	addze	$acc4,$t2
+
+	addic	$acc0,$acc0,1		# ret -= modulus
+	subfe	$acc1,$poly1,$acc1
+	subfe	$acc2,$t2,$acc2
+	subfe	$acc3,$poly3,$acc3
+	subfe	$acc4,$t2,$acc4
+
+	addc	$acc0,$acc0,$acc4	# ret += modulus if borrow
+	and	$t1,$poly1,$acc4
+	and	$t3,$poly3,$acc4
+	adde	$acc1,$acc1,$t1
+	addze	$acc2,$acc2
+	adde	$acc3,$acc3,$t3
+
+	std	$acc0,0($rp)
+	std	$acc1,8($rp)
+	std	$acc2,16($rp)
+	std	$acc3,24($rp)
+
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,1,0
+	.long	0
+.size	__ecp_nistz256_sqr_mont,.-__ecp_nistz256_sqr_mont
+
+# Note that __ecp_nistz256_add expects both input vectors pre-loaded to
+# $a0-$a3 and $t0-$t3. This is done because it's used in multiple
+# contexts, e.g. in multiplication by 2 and 3...
+.type	__ecp_nistz256_add,\@function
+.align	4
+__ecp_nistz256_add:
+	addc	$acc0,$acc0,$t0		# ret = a+b
+	adde	$acc1,$acc1,$t1
+	adde	$acc2,$acc2,$t2
+	li	$t2,0
+	adde	$acc3,$acc3,$t3
+	addze	$t0,$t2
+
+	# if a+b >= modulus, subtract modulus
+	#
+	# But since comparison implies subtraction, we subtract
+	# modulus and then add it back if subtraction borrowed.
+
+	subic	$acc0,$acc0,-1
+	subfe	$acc1,$poly1,$acc1
+	subfe	$acc2,$t2,$acc2
+	subfe	$acc3,$poly3,$acc3
+	subfe	$t0,$t2,$t0
+
+	addc	$acc0,$acc0,$t0
+	and	$t1,$poly1,$t0
+	and	$t3,$poly3,$t0
+	adde	$acc1,$acc1,$t1
+	addze	$acc2,$acc2
+	adde	$acc3,$acc3,$t3
+
+	std	$acc0,0($rp)
+	std	$acc1,8($rp)
+	std	$acc2,16($rp)
+	std	$acc3,24($rp)
+
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,3,0
+	.long	0
+.size	__ecp_nistz256_add,.-__ecp_nistz256_add
+
+.type	__ecp_nistz256_sub_from,\@function
+.align	4
+__ecp_nistz256_sub_from:
+	ld	$t0,0($bp)
+	ld	$t1,8($bp)
+	ld	$t2,16($bp)
+	ld	$t3,24($bp)
+	subfc	$acc0,$t0,$acc0		# ret = a-b
+	subfe	$acc1,$t1,$acc1
+	subfe	$acc2,$t2,$acc2
+	subfe	$acc3,$t3,$acc3
+	subfe	$t0,$t0,$t0		# t0 = borrow ? -1 : 0
+
+	# if a-b borrowed, add modulus
+
+	addc	$acc0,$acc0,$t0		# ret -= modulus & t0
+	and	$t1,$poly1,$t0
+	and	$t3,$poly3,$t0
+	adde	$acc1,$acc1,$t1
+	addze	$acc2,$acc2
+	adde	$acc3,$acc3,$t3
+
+	std	$acc0,0($rp)
+	std	$acc1,8($rp)
+	std	$acc2,16($rp)
+	std	$acc3,24($rp)
+
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,3,0
+	.long	0
+.size	__ecp_nistz256_sub_from,.-__ecp_nistz256_sub_from
+
+.type	__ecp_nistz256_sub_morf,\@function
+.align	4
+__ecp_nistz256_sub_morf:
+	ld	$t0,0($bp)
+	ld	$t1,8($bp)
+	ld	$t2,16($bp)
+	ld	$t3,24($bp)
+	subfc	$acc0,$acc0,$t0 	# ret = b-a
+	subfe	$acc1,$acc1,$t1
+	subfe	$acc2,$acc2,$t2
+	subfe	$acc3,$acc3,$t3
+	subfe	$t0,$t0,$t0		# t0 = borrow ? -1 : 0
+
+	# if b-a borrowed, add modulus
+
+	addc	$acc0,$acc0,$t0		# ret -= modulus & t0
+	and	$t1,$poly1,$t0
+	and	$t3,$poly3,$t0
+	adde	$acc1,$acc1,$t1
+	addze	$acc2,$acc2
+	adde	$acc3,$acc3,$t3
+
+	std	$acc0,0($rp)
+	std	$acc1,8($rp)
+	std	$acc2,16($rp)
+	std	$acc3,24($rp)
+
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,3,0
+	.long	0
+.size	__ecp_nistz256_sub_morf,.-__ecp_nistz256_sub_morf
+
+.type	__ecp_nistz256_div_by_2,\@function
+.align	4
+__ecp_nistz256_div_by_2:
+	andi.	$t0,$acc0,1
+	addic	$acc0,$acc0,-1		# a += modulus
+	 neg	$t0,$t0
+	adde	$acc1,$acc1,$poly1
+	 not	$t0,$t0
+	addze	$acc2,$acc2
+	 li	$t2,0
+	adde	$acc3,$acc3,$poly3
+	 and	$t1,$poly1,$t0
+	addze	$ap,$t2			# ap = carry
+	 and	$t3,$poly3,$t0
+
+	subfc	$acc0,$t0,$acc0		# a -= modulus if a was even
+	subfe	$acc1,$t1,$acc1
+	subfe	$acc2,$t2,$acc2
+	subfe	$acc3,$t3,$acc3
+	subfe	$ap,  $t2,$ap
+
+	srdi	$acc0,$acc0,1
+	sldi	$t0,$acc1,63
+	srdi	$acc1,$acc1,1
+	sldi	$t1,$acc2,63
+	srdi	$acc2,$acc2,1
+	sldi	$t2,$acc3,63
+	srdi	$acc3,$acc3,1
+	sldi	$t3,$ap,63
+	or	$acc0,$acc0,$t0
+	or	$acc1,$acc1,$t1
+	or	$acc2,$acc2,$t2
+	or	$acc3,$acc3,$t3
+
+	std	$acc0,0($rp)
+	std	$acc1,8($rp)
+	std	$acc2,16($rp)
+	std	$acc3,24($rp)
+
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,1,0
+	.long	0
+.size	__ecp_nistz256_div_by_2,.-__ecp_nistz256_div_by_2
+___
+########################################################################
+# following subroutines are "literal" implementation of those found in
+# ecp_nistz256.c
+#
+########################################################################
+# void ecp_nistz256_point_double(P256_POINT *out,const P256_POINT *inp);
+#
+if (1) {
+my $FRAME=64+32*4+12*8;
+my ($S,$M,$Zsqr,$tmp0)=map(64+32*$_,(0..3));
+# above map() describes stack layout with 4 temporary
+# 256-bit vectors on top.
+my ($rp_real,$ap_real) = map("r$_",(20,21));
+
+$code.=<<___;
+.globl	ecp_nistz256_point_double
+.align	5
+ecp_nistz256_point_double:
+	stdu	$sp,-$FRAME($sp)
+	mflr	r0
+	std	r20,$FRAME-8*12($sp)
+	std	r21,$FRAME-8*11($sp)
+	std	r22,$FRAME-8*10($sp)
+	std	r23,$FRAME-8*9($sp)
+	std	r24,$FRAME-8*8($sp)
+	std	r25,$FRAME-8*7($sp)
+	std	r26,$FRAME-8*6($sp)
+	std	r27,$FRAME-8*5($sp)
+	std	r28,$FRAME-8*4($sp)
+	std	r29,$FRAME-8*3($sp)
+	std	r30,$FRAME-8*2($sp)
+	std	r31,$FRAME-8*1($sp)
+
+	li	$poly1,-1
+	srdi	$poly1,$poly1,32	# 0x00000000ffffffff
+	li	$poly3,1
+	orc	$poly3,$poly3,$poly1	# 0xffffffff00000001
+.Ldouble_shortcut:
+	ld	$acc0,32($ap)
+	ld	$acc1,40($ap)
+	ld	$acc2,48($ap)
+	ld	$acc3,56($ap)
+	mr	$t0,$acc0
+	mr	$t1,$acc1
+	mr	$t2,$acc2
+	mr	$t3,$acc3
+	 ld	$a0,64($ap)		# forward load for p256_sqr_mont
+	 ld	$a1,72($ap)
+	 ld	$a2,80($ap)
+	 ld	$a3,88($ap)
+	 mr	$rp_real,$rp
+	 mr	$ap_real,$ap
+	addi	$rp,$sp,$S
+	bl	__ecp_nistz256_add	# p256_mul_by_2(S, in_y);
+
+	addi	$rp,$sp,$Zsqr
+	bl	__ecp_nistz256_sqr_mont	# p256_sqr_mont(Zsqr, in_z);
+
+	ld	$t0,0($ap_real)
+	ld	$t1,8($ap_real)
+	ld	$t2,16($ap_real)
+	ld	$t3,24($ap_real)
+	mr	$a0,$acc0		# put Zsqr aside for p256_sub
+	mr	$a1,$acc1
+	mr	$a2,$acc2
+	mr	$a3,$acc3
+	addi	$rp,$sp,$M
+	bl	__ecp_nistz256_add	# p256_add(M, Zsqr, in_x);
+
+	addi	$bp,$ap_real,0
+	mr	$acc0,$a0		# restore Zsqr
+	mr	$acc1,$a1
+	mr	$acc2,$a2
+	mr	$acc3,$a3
+	 ld	$a0,$S+0($sp)		# forward load for p256_sqr_mont
+	 ld	$a1,$S+8($sp)
+	 ld	$a2,$S+16($sp)
+	 ld	$a3,$S+24($sp)
+	addi	$rp,$sp,$Zsqr
+	bl	__ecp_nistz256_sub_morf	# p256_sub(Zsqr, in_x, Zsqr);
+
+	addi	$rp,$sp,$S
+	bl	__ecp_nistz256_sqr_mont	# p256_sqr_mont(S, S);
+
+	ld	$bi,32($ap_real)
+	ld	$a0,64($ap_real)
+	ld	$a1,72($ap_real)
+	ld	$a2,80($ap_real)
+	ld	$a3,88($ap_real)
+	addi	$bp,$ap_real,32
+	addi	$rp,$sp,$tmp0
+	bl	__ecp_nistz256_mul_mont	# p256_mul_mont(tmp0, in_z, in_y);
+
+	mr	$t0,$acc0
+	mr	$t1,$acc1
+	mr	$t2,$acc2
+	mr	$t3,$acc3
+	 ld	$a0,$S+0($sp)		# forward load for p256_sqr_mont
+	 ld	$a1,$S+8($sp)
+	 ld	$a2,$S+16($sp)
+	 ld	$a3,$S+24($sp)
+	addi	$rp,$rp_real,64
+	bl	__ecp_nistz256_add	# p256_mul_by_2(res_z, tmp0);
+
+	addi	$rp,$sp,$tmp0
+	bl	__ecp_nistz256_sqr_mont	# p256_sqr_mont(tmp0, S);
+
+	 ld	$bi,$Zsqr($sp)		# forward load for p256_mul_mont
+	 ld	$a0,$M+0($sp)
+	 ld	$a1,$M+8($sp)
+	 ld	$a2,$M+16($sp)
+	 ld	$a3,$M+24($sp)
+	addi	$rp,$rp_real,32
+	bl	__ecp_nistz256_div_by_2	# p256_div_by_2(res_y, tmp0);
+
+	addi	$bp,$sp,$Zsqr
+	addi	$rp,$sp,$M
+	bl	__ecp_nistz256_mul_mont	# p256_mul_mont(M, M, Zsqr);
+
+	mr	$t0,$acc0		# duplicate M
+	mr	$t1,$acc1
+	mr	$t2,$acc2
+	mr	$t3,$acc3
+	mr	$a0,$acc0		# put M aside
+	mr	$a1,$acc1
+	mr	$a2,$acc2
+	mr	$a3,$acc3
+	addi	$rp,$sp,$M
+	bl	__ecp_nistz256_add
+	mr	$t0,$a0			# restore M
+	mr	$t1,$a1
+	mr	$t2,$a2
+	mr	$t3,$a3
+	 ld	$bi,0($ap_real)		# forward load for p256_mul_mont
+	 ld	$a0,$S+0($sp)
+	 ld	$a1,$S+8($sp)
+	 ld	$a2,$S+16($sp)
+	 ld	$a3,$S+24($sp)
+	bl	__ecp_nistz256_add	# p256_mul_by_3(M, M);
+
+	addi	$bp,$ap_real,0
+	addi	$rp,$sp,$S
+	bl	__ecp_nistz256_mul_mont	# p256_mul_mont(S, S, in_x);
+
+	mr	$t0,$acc0
+	mr	$t1,$acc1
+	mr	$t2,$acc2
+	mr	$t3,$acc3
+	 ld	$a0,$M+0($sp)		# forward load for p256_sqr_mont
+	 ld	$a1,$M+8($sp)
+	 ld	$a2,$M+16($sp)
+	 ld	$a3,$M+24($sp)
+	addi	$rp,$sp,$tmp0
+	bl	__ecp_nistz256_add	# p256_mul_by_2(tmp0, S);
+
+	addi	$rp,$rp_real,0
+	bl	__ecp_nistz256_sqr_mont	# p256_sqr_mont(res_x, M);
+
+	addi	$bp,$sp,$tmp0
+	bl	__ecp_nistz256_sub_from	# p256_sub(res_x, res_x, tmp0);
+
+	addi	$bp,$sp,$S
+	addi	$rp,$sp,$S
+	bl	__ecp_nistz256_sub_morf	# p256_sub(S, S, res_x);
+
+	ld	$bi,$M($sp)
+	mr	$a0,$acc0		# copy S
+	mr	$a1,$acc1
+	mr	$a2,$acc2
+	mr	$a3,$acc3
+	addi	$bp,$sp,$M
+	bl	__ecp_nistz256_mul_mont	# p256_mul_mont(S, S, M);
+
+	addi	$bp,$rp_real,32
+	addi	$rp,$rp_real,32
+	bl	__ecp_nistz256_sub_from	# p256_sub(res_y, S, res_y);
+
+	mtlr	r0
+	ld	r20,$FRAME-8*12($sp)
+	ld	r21,$FRAME-8*11($sp)
+	ld	r22,$FRAME-8*10($sp)
+	ld	r23,$FRAME-8*9($sp)
+	ld	r24,$FRAME-8*8($sp)
+	ld	r25,$FRAME-8*7($sp)
+	ld	r26,$FRAME-8*6($sp)
+	ld	r27,$FRAME-8*5($sp)
+	ld	r28,$FRAME-8*4($sp)
+	ld	r29,$FRAME-8*3($sp)
+	ld	r30,$FRAME-8*2($sp)
+	ld	r31,$FRAME-8*1($sp)
+	addi	$sp,$sp,$FRAME
+	blr
+	.long	0
+	.byte	0,12,4,0,0x80,12,2,0
+	.long	0
+.size	ecp_nistz256_point_double,.-ecp_nistz256_point_double
+___
+}
+
+########################################################################
+# void ecp_nistz256_point_add(P256_POINT *out,const P256_POINT *in1,
+#			      const P256_POINT *in2);
+if (1) {
+my $FRAME = 64 + 32*12 + 16*8;
+my ($res_x,$res_y,$res_z,
+    $H,$Hsqr,$R,$Rsqr,$Hcub,
+    $U1,$U2,$S1,$S2)=map(64+32*$_,(0..11));
+my ($Z1sqr, $Z2sqr) = ($Hsqr, $Rsqr);
+# above map() describes stack layout with 12 temporary
+# 256-bit vectors on top.
+my ($rp_real,$ap_real,$bp_real,$in1infty,$in2infty,$temp)=map("r$_",(16..21));
+
+$code.=<<___;
+.globl	ecp_nistz256_point_add
+.align	5
+ecp_nistz256_point_add:
+	stdu	$sp,-$FRAME($sp)
+	mflr	r0
+	std	r16,$FRAME-8*16($sp)
+	std	r17,$FRAME-8*15($sp)
+	std	r18,$FRAME-8*14($sp)
+	std	r19,$FRAME-8*13($sp)
+	std	r20,$FRAME-8*12($sp)
+	std	r21,$FRAME-8*11($sp)
+	std	r22,$FRAME-8*10($sp)
+	std	r23,$FRAME-8*9($sp)
+	std	r24,$FRAME-8*8($sp)
+	std	r25,$FRAME-8*7($sp)
+	std	r26,$FRAME-8*6($sp)
+	std	r27,$FRAME-8*5($sp)
+	std	r28,$FRAME-8*4($sp)
+	std	r29,$FRAME-8*3($sp)
+	std	r30,$FRAME-8*2($sp)
+	std	r31,$FRAME-8*1($sp)
+
+	li	$poly1,-1
+	srdi	$poly1,$poly1,32	# 0x00000000ffffffff
+	li	$poly3,1
+	orc	$poly3,$poly3,$poly1	# 0xffffffff00000001
+
+	ld	$a0,64($bp)		# in2_z
+	ld	$a1,72($bp)
+	ld	$a2,80($bp)
+	ld	$a3,88($bp)
+	 mr	$rp_real,$rp
+	 mr	$ap_real,$ap
+	 mr	$bp_real,$bp
+	or	$t0,$a0,$a1
+	or	$t2,$a2,$a3
+	or	$in2infty,$t0,$t2
+	neg	$t0,$in2infty
+	or	$in2infty,$in2infty,$t0
+	sradi	$in2infty,$in2infty,63	# !in2infty
+	addi	$rp,$sp,$Z2sqr
+	bl	__ecp_nistz256_sqr_mont	# p256_sqr_mont(Z2sqr, in2_z);
+
+	ld	$a0,64($ap_real)	# in1_z
+	ld	$a1,72($ap_real)
+	ld	$a2,80($ap_real)
+	ld	$a3,88($ap_real)
+	or	$t0,$a0,$a1
+	or	$t2,$a2,$a3
+	or	$in1infty,$t0,$t2
+	neg	$t0,$in1infty
+	or	$in1infty,$in1infty,$t0
+	sradi	$in1infty,$in1infty,63	# !in1infty
+	addi	$rp,$sp,$Z1sqr
+	bl	__ecp_nistz256_sqr_mont	# p256_sqr_mont(Z1sqr, in1_z);
+
+	ld	$bi,64($bp_real)
+	ld	$a0,$Z2sqr+0($sp)
+	ld	$a1,$Z2sqr+8($sp)
+	ld	$a2,$Z2sqr+16($sp)
+	ld	$a3,$Z2sqr+24($sp)
+	addi	$bp,$bp_real,64
+	addi	$rp,$sp,$S1
+	bl	__ecp_nistz256_mul_mont	# p256_mul_mont(S1, Z2sqr, in2_z);
+
+	ld	$bi,64($ap_real)
+	ld	$a0,$Z1sqr+0($sp)
+	ld	$a1,$Z1sqr+8($sp)
+	ld	$a2,$Z1sqr+16($sp)
+	ld	$a3,$Z1sqr+24($sp)
+	addi	$bp,$ap_real,64
+	addi	$rp,$sp,$S2
+	bl	__ecp_nistz256_mul_mont	# p256_mul_mont(S2, Z1sqr, in1_z);
+
+	ld	$bi,32($ap_real)
+	ld	$a0,$S1+0($sp)
+	ld	$a1,$S1+8($sp)
+	ld	$a2,$S1+16($sp)
+	ld	$a3,$S1+24($sp)
+	addi	$bp,$ap_real,32
+	addi	$rp,$sp,$S1
+	bl	__ecp_nistz256_mul_mont	# p256_mul_mont(S1, S1, in1_y);
+
+	ld	$bi,32($bp_real)
+	ld	$a0,$S2+0($sp)
+	ld	$a1,$S2+8($sp)
+	ld	$a2,$S2+16($sp)
+	ld	$a3,$S2+24($sp)
+	addi	$bp,$bp_real,32
+	addi	$rp,$sp,$S2
+	bl	__ecp_nistz256_mul_mont	# p256_mul_mont(S2, S2, in2_y);
+
+	addi	$bp,$sp,$S1
+	 ld	$bi,$Z2sqr($sp)		# forward load for p256_mul_mont
+	 ld	$a0,0($ap_real)
+	 ld	$a1,8($ap_real)
+	 ld	$a2,16($ap_real)
+	 ld	$a3,24($ap_real)
+	addi	$rp,$sp,$R
+	bl	__ecp_nistz256_sub_from	# p256_sub(R, S2, S1);
+
+	or	$acc0,$acc0,$acc1	# see if result is zero
+	or	$acc2,$acc2,$acc3
+	or	$temp,$acc0,$acc2
+
+	addi	$bp,$sp,$Z2sqr
+	addi	$rp,$sp,$U1
+	bl	__ecp_nistz256_mul_mont	# p256_mul_mont(U1, in1_x, Z2sqr);
+
+	ld	$bi,$Z1sqr($sp)
+	ld	$a0,0($bp_real)
+	ld	$a1,8($bp_real)
+	ld	$a2,16($bp_real)
+	ld	$a3,24($bp_real)
+	addi	$bp,$sp,$Z1sqr
+	addi	$rp,$sp,$U2
+	bl	__ecp_nistz256_mul_mont	# p256_mul_mont(U2, in2_x, Z1sqr);
+
+	addi	$bp,$sp,$U1
+	 ld	$a0,$R+0($sp)		# forward load for p256_sqr_mont
+	 ld	$a1,$R+8($sp)
+	 ld	$a2,$R+16($sp)
+	 ld	$a3,$R+24($sp)
+	addi	$rp,$sp,$H
+	bl	__ecp_nistz256_sub_from	# p256_sub(H, U2, U1);
+
+	or	$acc0,$acc0,$acc1	# see if result is zero
+	or	$acc2,$acc2,$acc3
+	or.	$acc0,$acc0,$acc2
+	bne	.Ladd_proceed		# is_equal(U1,U2)?
+
+	and.	$t0,$in1infty,$in2infty
+	beq	.Ladd_proceed		# (in1infty || in2infty)?
+
+	cmpldi	$temp,0
+	beq	.Ladd_double		# is_equal(S1,S2)?
+
+	xor	$a0,$a0,$a0
+	std	$a0,0($rp_real)
+	std	$a0,8($rp_real)
+	std	$a0,16($rp_real)
+	std	$a0,24($rp_real)
+	std	$a0,32($rp_real)
+	std	$a0,40($rp_real)
+	std	$a0,48($rp_real)
+	std	$a0,56($rp_real)
+	std	$a0,64($rp_real)
+	std	$a0,72($rp_real)
+	std	$a0,80($rp_real)
+	std	$a0,88($rp_real)
+	b	.Ladd_done
+
+.align	4
+.Ladd_double:
+	ld	$bp,0($sp)		# back-link
+	mr	$ap,$ap_real
+	mr	$rp,$rp_real
+	ld	r16,$FRAME-8*16($sp)
+	ld	r17,$FRAME-8*15($sp)
+	ld	r18,$FRAME-8*14($sp)
+	ld	r19,$FRAME-8*13($sp)
+	stdu	$bp,$FRAME-288($sp)	# difference in stack frame sizes
+	b	.Ldouble_shortcut
+
+.align	4
+.Ladd_proceed:
+	addi	$rp,$sp,$Rsqr
+	bl	__ecp_nistz256_sqr_mont	# p256_sqr_mont(Rsqr, R);
+
+	ld	$bi,64($ap_real)
+	ld	$a0,$H+0($sp)
+	ld	$a1,$H+8($sp)
+	ld	$a2,$H+16($sp)
+	ld	$a3,$H+24($sp)
+	addi	$bp,$ap_real,64
+	addi	$rp,$sp,$res_z
+	bl	__ecp_nistz256_mul_mont	# p256_mul_mont(res_z, H, in1_z);
+
+	ld	$a0,$H+0($sp)
+	ld	$a1,$H+8($sp)
+	ld	$a2,$H+16($sp)
+	ld	$a3,$H+24($sp)
+	addi	$rp,$sp,$Hsqr
+	bl	__ecp_nistz256_sqr_mont	# p256_sqr_mont(Hsqr, H);
+
+	ld	$bi,64($bp_real)
+	ld	$a0,$res_z+0($sp)
+	ld	$a1,$res_z+8($sp)
+	ld	$a2,$res_z+16($sp)
+	ld	$a3,$res_z+24($sp)
+	addi	$bp,$bp_real,64
+	addi	$rp,$sp,$res_z
+	bl	__ecp_nistz256_mul_mont	# p256_mul_mont(res_z, res_z, in2_z);
+
+	ld	$bi,$H($sp)
+	ld	$a0,$Hsqr+0($sp)
+	ld	$a1,$Hsqr+8($sp)
+	ld	$a2,$Hsqr+16($sp)
+	ld	$a3,$Hsqr+24($sp)
+	addi	$bp,$sp,$H
+	addi	$rp,$sp,$Hcub
+	bl	__ecp_nistz256_mul_mont	# p256_mul_mont(Hcub, Hsqr, H);
+
+	ld	$bi,$Hsqr($sp)
+	ld	$a0,$U1+0($sp)
+	ld	$a1,$U1+8($sp)
+	ld	$a2,$U1+16($sp)
+	ld	$a3,$U1+24($sp)
+	addi	$bp,$sp,$Hsqr
+	addi	$rp,$sp,$U2
+	bl	__ecp_nistz256_mul_mont	# p256_mul_mont(U2, U1, Hsqr);
+
+	mr	$t0,$acc0
+	mr	$t1,$acc1
+	mr	$t2,$acc2
+	mr	$t3,$acc3
+	addi	$rp,$sp,$Hsqr
+	bl	__ecp_nistz256_add	# p256_mul_by_2(Hsqr, U2);
+
+	addi	$bp,$sp,$Rsqr
+	addi	$rp,$sp,$res_x
+	bl	__ecp_nistz256_sub_morf	# p256_sub(res_x, Rsqr, Hsqr);
+
+	addi	$bp,$sp,$Hcub
+	bl	__ecp_nistz256_sub_from	# p256_sub(res_x, res_x, Hcub);
+
+	addi	$bp,$sp,$U2
+	 ld	$bi,$Hcub($sp)		# forward load for p256_mul_mont
+	 ld	$a0,$S1+0($sp)
+	 ld	$a1,$S1+8($sp)
+	 ld	$a2,$S1+16($sp)
+	 ld	$a3,$S1+24($sp)
+	addi	$rp,$sp,$res_y
+	bl	__ecp_nistz256_sub_morf	# p256_sub(res_y, U2, res_x);
+
+	addi	$bp,$sp,$Hcub
+	addi	$rp,$sp,$S2
+	bl	__ecp_nistz256_mul_mont	# p256_mul_mont(S2, S1, Hcub);
+
+	ld	$bi,$R($sp)
+	ld	$a0,$res_y+0($sp)
+	ld	$a1,$res_y+8($sp)
+	ld	$a2,$res_y+16($sp)
+	ld	$a3,$res_y+24($sp)
+	addi	$bp,$sp,$R
+	addi	$rp,$sp,$res_y
+	bl	__ecp_nistz256_mul_mont	# p256_mul_mont(res_y, res_y, R);
+
+	addi	$bp,$sp,$S2
+	bl	__ecp_nistz256_sub_from	# p256_sub(res_y, res_y, S2);
+
+	ld	$t0,0($bp_real)		# in2
+	ld	$t1,8($bp_real)
+	ld	$t2,16($bp_real)
+	ld	$t3,24($bp_real)
+	ld	$a0,$res_x+0($sp)	# res
+	ld	$a1,$res_x+8($sp)
+	ld	$a2,$res_x+16($sp)
+	ld	$a3,$res_x+24($sp)
+___
+for($i=0;$i<64;$i+=32) {		# conditional moves
+$code.=<<___;
+	ld	$acc0,$i+0($ap_real)	# in1
+	ld	$acc1,$i+8($ap_real)
+	ld	$acc2,$i+16($ap_real)
+	ld	$acc3,$i+24($ap_real)
+	andc	$t0,$t0,$in1infty
+	andc	$t1,$t1,$in1infty
+	andc	$t2,$t2,$in1infty
+	andc	$t3,$t3,$in1infty
+	and	$a0,$a0,$in1infty
+	and	$a1,$a1,$in1infty
+	and	$a2,$a2,$in1infty
+	and	$a3,$a3,$in1infty
+	or	$t0,$t0,$a0
+	or	$t1,$t1,$a1
+	or	$t2,$t2,$a2
+	or	$t3,$t3,$a3
+	andc	$acc0,$acc0,$in2infty
+	andc	$acc1,$acc1,$in2infty
+	andc	$acc2,$acc2,$in2infty
+	andc	$acc3,$acc3,$in2infty
+	and	$t0,$t0,$in2infty
+	and	$t1,$t1,$in2infty
+	and	$t2,$t2,$in2infty
+	and	$t3,$t3,$in2infty
+	or	$acc0,$acc0,$t0
+	or	$acc1,$acc1,$t1
+	or	$acc2,$acc2,$t2
+	or	$acc3,$acc3,$t3
+
+	ld	$t0,$i+32($bp_real)	# in2
+	ld	$t1,$i+40($bp_real)
+	ld	$t2,$i+48($bp_real)
+	ld	$t3,$i+56($bp_real)
+	ld	$a0,$res_x+$i+32($sp)
+	ld	$a1,$res_x+$i+40($sp)
+	ld	$a2,$res_x+$i+48($sp)
+	ld	$a3,$res_x+$i+56($sp)
+	std	$acc0,$i+0($rp_real)
+	std	$acc1,$i+8($rp_real)
+	std	$acc2,$i+16($rp_real)
+	std	$acc3,$i+24($rp_real)
+___
+}
+$code.=<<___;
+	ld	$acc0,$i+0($ap_real)	# in1
+	ld	$acc1,$i+8($ap_real)
+	ld	$acc2,$i+16($ap_real)
+	ld	$acc3,$i+24($ap_real)
+	andc	$t0,$t0,$in1infty
+	andc	$t1,$t1,$in1infty
+	andc	$t2,$t2,$in1infty
+	andc	$t3,$t3,$in1infty
+	and	$a0,$a0,$in1infty
+	and	$a1,$a1,$in1infty
+	and	$a2,$a2,$in1infty
+	and	$a3,$a3,$in1infty
+	or	$t0,$t0,$a0
+	or	$t1,$t1,$a1
+	or	$t2,$t2,$a2
+	or	$t3,$t3,$a3
+	andc	$acc0,$acc0,$in2infty
+	andc	$acc1,$acc1,$in2infty
+	andc	$acc2,$acc2,$in2infty
+	andc	$acc3,$acc3,$in2infty
+	and	$t0,$t0,$in2infty
+	and	$t1,$t1,$in2infty
+	and	$t2,$t2,$in2infty
+	and	$t3,$t3,$in2infty
+	or	$acc0,$acc0,$t0
+	or	$acc1,$acc1,$t1
+	or	$acc2,$acc2,$t2
+	or	$acc3,$acc3,$t3
+	std	$acc0,$i+0($rp_real)
+	std	$acc1,$i+8($rp_real)
+	std	$acc2,$i+16($rp_real)
+	std	$acc3,$i+24($rp_real)
+
+.Ladd_done:
+	mtlr	r0
+	ld	r16,$FRAME-8*16($sp)
+	ld	r17,$FRAME-8*15($sp)
+	ld	r18,$FRAME-8*14($sp)
+	ld	r19,$FRAME-8*13($sp)
+	ld	r20,$FRAME-8*12($sp)
+	ld	r21,$FRAME-8*11($sp)
+	ld	r22,$FRAME-8*10($sp)
+	ld	r23,$FRAME-8*9($sp)
+	ld	r24,$FRAME-8*8($sp)
+	ld	r25,$FRAME-8*7($sp)
+	ld	r26,$FRAME-8*6($sp)
+	ld	r27,$FRAME-8*5($sp)
+	ld	r28,$FRAME-8*4($sp)
+	ld	r29,$FRAME-8*3($sp)
+	ld	r30,$FRAME-8*2($sp)
+	ld	r31,$FRAME-8*1($sp)
+	addi	$sp,$sp,$FRAME
+	blr
+	.long	0
+	.byte	0,12,4,0,0x80,16,3,0
+	.long	0
+.size	ecp_nistz256_point_add,.-ecp_nistz256_point_add
+___
+}
+
+########################################################################
+# void ecp_nistz256_point_add_affine(P256_POINT *out,const P256_POINT *in1,
+#				     const P256_POINT_AFFINE *in2);
+if (1) {
+my $FRAME = 64 + 32*10 + 16*8;
+my ($res_x,$res_y,$res_z,
+    $U2,$S2,$H,$R,$Hsqr,$Hcub,$Rsqr)=map(64+32*$_,(0..9));
+my $Z1sqr = $S2;
+# above map() describes stack layout with 10 temporary
+# 256-bit vectors on top.
+my ($rp_real,$ap_real,$bp_real,$in1infty,$in2infty,$temp)=map("r$_",(16..21));
+
+$code.=<<___;
+.globl	ecp_nistz256_point_add_affine
+.align	5
+ecp_nistz256_point_add_affine:
+	stdu	$sp,-$FRAME($sp)
+	mflr	r0
+	std	r16,$FRAME-8*16($sp)
+	std	r17,$FRAME-8*15($sp)
+	std	r18,$FRAME-8*14($sp)
+	std	r19,$FRAME-8*13($sp)
+	std	r20,$FRAME-8*12($sp)
+	std	r21,$FRAME-8*11($sp)
+	std	r22,$FRAME-8*10($sp)
+	std	r23,$FRAME-8*9($sp)
+	std	r24,$FRAME-8*8($sp)
+	std	r25,$FRAME-8*7($sp)
+	std	r26,$FRAME-8*6($sp)
+	std	r27,$FRAME-8*5($sp)
+	std	r28,$FRAME-8*4($sp)
+	std	r29,$FRAME-8*3($sp)
+	std	r30,$FRAME-8*2($sp)
+	std	r31,$FRAME-8*1($sp)
+
+	li	$poly1,-1
+	srdi	$poly1,$poly1,32	# 0x00000000ffffffff
+	li	$poly3,1
+	orc	$poly3,$poly3,$poly1	# 0xffffffff00000001
+
+	mr	$rp_real,$rp
+	mr	$ap_real,$ap
+	mr	$bp_real,$bp
+
+	ld	$a0,64($ap)		# in1_z
+	ld	$a1,72($ap)
+	ld	$a2,80($ap)
+	ld	$a3,88($ap)
+	or	$t0,$a0,$a1
+	or	$t2,$a2,$a3
+	or	$in1infty,$t0,$t2
+	neg	$t0,$in1infty
+	or	$in1infty,$in1infty,$t0
+	sradi	$in1infty,$in1infty,63	# !in1infty
+
+	ld	$acc0,0($bp)		# in2_x
+	ld	$acc1,8($bp)
+	ld	$acc2,16($bp)
+	ld	$acc3,24($bp)
+	ld	$t0,32($bp)		# in2_y
+	ld	$t1,40($bp)
+	ld	$t2,48($bp)
+	ld	$t3,56($bp)
+	or	$acc0,$acc0,$acc1
+	or	$acc2,$acc2,$acc3
+	or	$acc0,$acc0,$acc2
+	or	$t0,$t0,$t1
+	or	$t2,$t2,$t3
+	or	$t0,$t0,$t2
+	or	$in2infty,$acc0,$t0
+	neg	$t0,$in2infty
+	or	$in2infty,$in2infty,$t0
+	sradi	$in2infty,$in2infty,63	# !in2infty
+
+	addi	$rp,$sp,$Z1sqr
+	bl	__ecp_nistz256_sqr_mont	# p256_sqr_mont(Z1sqr, in1_z);
+
+	mr	$a0,$acc0
+	mr	$a1,$acc1
+	mr	$a2,$acc2
+	mr	$a3,$acc3
+	ld	$bi,0($bp_real)
+	addi	$bp,$bp_real,0
+	addi	$rp,$sp,$U2
+	bl	__ecp_nistz256_mul_mont	# p256_mul_mont(U2, Z1sqr, in2_x);
+
+	addi	$bp,$ap_real,0
+	 ld	$bi,64($ap_real)	# forward load for p256_mul_mont
+	 ld	$a0,$Z1sqr+0($sp)
+	 ld	$a1,$Z1sqr+8($sp)
+	 ld	$a2,$Z1sqr+16($sp)
+	 ld	$a3,$Z1sqr+24($sp)
+	addi	$rp,$sp,$H
+	bl	__ecp_nistz256_sub_from	# p256_sub(H, U2, in1_x);
+
+	addi	$bp,$ap_real,64
+	addi	$rp,$sp,$S2
+	bl	__ecp_nistz256_mul_mont	# p256_mul_mont(S2, Z1sqr, in1_z);
+
+	ld	$bi,64($ap_real)
+	ld	$a0,$H+0($sp)
+	ld	$a1,$H+8($sp)
+	ld	$a2,$H+16($sp)
+	ld	$a3,$H+24($sp)
+	addi	$bp,$ap_real,64
+	addi	$rp,$sp,$res_z
+	bl	__ecp_nistz256_mul_mont	# p256_mul_mont(res_z, H, in1_z);
+
+	ld	$bi,32($bp_real)
+	ld	$a0,$S2+0($sp)
+	ld	$a1,$S2+8($sp)
+	ld	$a2,$S2+16($sp)
+	ld	$a3,$S2+24($sp)
+	addi	$bp,$bp_real,32
+	addi	$rp,$sp,$S2
+	bl	__ecp_nistz256_mul_mont	# p256_mul_mont(S2, S2, in2_y);
+
+	addi	$bp,$ap_real,32
+	 ld	$a0,$H+0($sp)		# forward load for p256_sqr_mont
+	 ld	$a1,$H+8($sp)
+	 ld	$a2,$H+16($sp)
+	 ld	$a3,$H+24($sp)
+	addi	$rp,$sp,$R
+	bl	__ecp_nistz256_sub_from	# p256_sub(R, S2, in1_y);
+
+	addi	$rp,$sp,$Hsqr
+	bl	__ecp_nistz256_sqr_mont	# p256_sqr_mont(Hsqr, H);
+
+	ld	$a0,$R+0($sp)
+	ld	$a1,$R+8($sp)
+	ld	$a2,$R+16($sp)
+	ld	$a3,$R+24($sp)
+	addi	$rp,$sp,$Rsqr
+	bl	__ecp_nistz256_sqr_mont	# p256_sqr_mont(Rsqr, R);
+
+	ld	$bi,$H($sp)
+	ld	$a0,$Hsqr+0($sp)
+	ld	$a1,$Hsqr+8($sp)
+	ld	$a2,$Hsqr+16($sp)
+	ld	$a3,$Hsqr+24($sp)
+	addi	$bp,$sp,$H
+	addi	$rp,$sp,$Hcub
+	bl	__ecp_nistz256_mul_mont	# p256_mul_mont(Hcub, Hsqr, H);
+
+	ld	$bi,0($ap_real)
+	ld	$a0,$Hsqr+0($sp)
+	ld	$a1,$Hsqr+8($sp)
+	ld	$a2,$Hsqr+16($sp)
+	ld	$a3,$Hsqr+24($sp)
+	addi	$bp,$ap_real,0
+	addi	$rp,$sp,$U2
+	bl	__ecp_nistz256_mul_mont	# p256_mul_mont(U2, in1_x, Hsqr);
+
+	mr	$t0,$acc0
+	mr	$t1,$acc1
+	mr	$t2,$acc2
+	mr	$t3,$acc3
+	addi	$rp,$sp,$Hsqr
+	bl	__ecp_nistz256_add	# p256_mul_by_2(Hsqr, U2);
+
+	addi	$bp,$sp,$Rsqr
+	addi	$rp,$sp,$res_x
+	bl	__ecp_nistz256_sub_morf	# p256_sub(res_x, Rsqr, Hsqr);
+
+	addi	$bp,$sp,$Hcub
+	bl	__ecp_nistz256_sub_from	#  p256_sub(res_x, res_x, Hcub);
+
+	addi	$bp,$sp,$U2
+	 ld	$bi,32($ap_real)	# forward load for p256_mul_mont
+	 ld	$a0,$Hcub+0($sp)
+	 ld	$a1,$Hcub+8($sp)
+	 ld	$a2,$Hcub+16($sp)
+	 ld	$a3,$Hcub+24($sp)
+	addi	$rp,$sp,$res_y
+	bl	__ecp_nistz256_sub_morf	# p256_sub(res_y, U2, res_x);
+
+	addi	$bp,$ap_real,32
+	addi	$rp,$sp,$S2
+	bl	__ecp_nistz256_mul_mont	# p256_mul_mont(S2, in1_y, Hcub);
+
+	ld	$bi,$R($sp)
+	ld	$a0,$res_y+0($sp)
+	ld	$a1,$res_y+8($sp)
+	ld	$a2,$res_y+16($sp)
+	ld	$a3,$res_y+24($sp)
+	addi	$bp,$sp,$R
+	addi	$rp,$sp,$res_y
+	bl	__ecp_nistz256_mul_mont	# p256_mul_mont(res_y, res_y, R);
+
+	addi	$bp,$sp,$S2
+	bl	__ecp_nistz256_sub_from	# p256_sub(res_y, res_y, S2);
+
+	ld	$t0,0($bp_real)		# in2
+	ld	$t1,8($bp_real)
+	ld	$t2,16($bp_real)
+	ld	$t3,24($bp_real)
+	ld	$a0,$res_x+0($sp)	# res
+	ld	$a1,$res_x+8($sp)
+	ld	$a2,$res_x+16($sp)
+	ld	$a3,$res_x+24($sp)
+___
+for($i=0;$i<64;$i+=32) {		# conditional moves
+$code.=<<___;
+	ld	$acc0,$i+0($ap_real)	# in1
+	ld	$acc1,$i+8($ap_real)
+	ld	$acc2,$i+16($ap_real)
+	ld	$acc3,$i+24($ap_real)
+	andc	$t0,$t0,$in1infty
+	andc	$t1,$t1,$in1infty
+	andc	$t2,$t2,$in1infty
+	andc	$t3,$t3,$in1infty
+	and	$a0,$a0,$in1infty
+	and	$a1,$a1,$in1infty
+	and	$a2,$a2,$in1infty
+	and	$a3,$a3,$in1infty
+	or	$t0,$t0,$a0
+	or	$t1,$t1,$a1
+	or	$t2,$t2,$a2
+	or	$t3,$t3,$a3
+	andc	$acc0,$acc0,$in2infty
+	andc	$acc1,$acc1,$in2infty
+	andc	$acc2,$acc2,$in2infty
+	andc	$acc3,$acc3,$in2infty
+	and	$t0,$t0,$in2infty
+	and	$t1,$t1,$in2infty
+	and	$t2,$t2,$in2infty
+	and	$t3,$t3,$in2infty
+	or	$acc0,$acc0,$t0
+	or	$acc1,$acc1,$t1
+	or	$acc2,$acc2,$t2
+	or	$acc3,$acc3,$t3
+___
+$code.=<<___	if ($i==0);
+	ld	$t0,32($bp_real)	# in2
+	ld	$t1,40($bp_real)
+	ld	$t2,48($bp_real)
+	ld	$t3,56($bp_real)
+___
+$code.=<<___	if ($i==32);
+	li	$t0,1			# Lone_mont
+	not	$t1,$poly1
+	li	$t2,-1
+	not	$t3,$poly3
+___
+$code.=<<___;
+	ld	$a0,$res_x+$i+32($sp)
+	ld	$a1,$res_x+$i+40($sp)
+	ld	$a2,$res_x+$i+48($sp)
+	ld	$a3,$res_x+$i+56($sp)
+	std	$acc0,$i+0($rp_real)
+	std	$acc1,$i+8($rp_real)
+	std	$acc2,$i+16($rp_real)
+	std	$acc3,$i+24($rp_real)
+___
+}
+$code.=<<___;
+	ld	$acc0,$i+0($ap_real)	# in1
+	ld	$acc1,$i+8($ap_real)
+	ld	$acc2,$i+16($ap_real)
+	ld	$acc3,$i+24($ap_real)
+	andc	$t0,$t0,$in1infty
+	andc	$t1,$t1,$in1infty
+	andc	$t2,$t2,$in1infty
+	andc	$t3,$t3,$in1infty
+	and	$a0,$a0,$in1infty
+	and	$a1,$a1,$in1infty
+	and	$a2,$a2,$in1infty
+	and	$a3,$a3,$in1infty
+	or	$t0,$t0,$a0
+	or	$t1,$t1,$a1
+	or	$t2,$t2,$a2
+	or	$t3,$t3,$a3
+	andc	$acc0,$acc0,$in2infty
+	andc	$acc1,$acc1,$in2infty
+	andc	$acc2,$acc2,$in2infty
+	andc	$acc3,$acc3,$in2infty
+	and	$t0,$t0,$in2infty
+	and	$t1,$t1,$in2infty
+	and	$t2,$t2,$in2infty
+	and	$t3,$t3,$in2infty
+	or	$acc0,$acc0,$t0
+	or	$acc1,$acc1,$t1
+	or	$acc2,$acc2,$t2
+	or	$acc3,$acc3,$t3
+	std	$acc0,$i+0($rp_real)
+	std	$acc1,$i+8($rp_real)
+	std	$acc2,$i+16($rp_real)
+	std	$acc3,$i+24($rp_real)
+
+	mtlr	r0
+	ld	r16,$FRAME-8*16($sp)
+	ld	r17,$FRAME-8*15($sp)
+	ld	r18,$FRAME-8*14($sp)
+	ld	r19,$FRAME-8*13($sp)
+	ld	r20,$FRAME-8*12($sp)
+	ld	r21,$FRAME-8*11($sp)
+	ld	r22,$FRAME-8*10($sp)
+	ld	r23,$FRAME-8*9($sp)
+	ld	r24,$FRAME-8*8($sp)
+	ld	r25,$FRAME-8*7($sp)
+	ld	r26,$FRAME-8*6($sp)
+	ld	r27,$FRAME-8*5($sp)
+	ld	r28,$FRAME-8*4($sp)
+	ld	r29,$FRAME-8*3($sp)
+	ld	r30,$FRAME-8*2($sp)
+	ld	r31,$FRAME-8*1($sp)
+	addi	$sp,$sp,$FRAME
+	blr
+	.long	0
+	.byte	0,12,4,0,0x80,16,3,0
+	.long	0
+.size	ecp_nistz256_point_add_affine,.-ecp_nistz256_point_add_affine
+___
+}
+if (1) {
+my ($ordk,$ord0,$ord1,$t4) = map("r$_",(18..21));
+my ($ord2,$ord3,$zr) = ($poly1,$poly3,"r0");
+
+$code.=<<___;
+########################################################################
+# void ecp_nistz256_ord_mul_mont(uint64_t res[4], uint64_t a[4],
+#                                uint64_t b[4]);
+.globl	ecp_nistz256_ord_mul_mont
+.align	5
+ecp_nistz256_ord_mul_mont:
+	stdu	$sp,-160($sp)
+	std	r18,48($sp)
+	std	r19,56($sp)
+	std	r20,64($sp)
+	std	r21,72($sp)
+	std	r22,80($sp)
+	std	r23,88($sp)
+	std	r24,96($sp)
+	std	r25,104($sp)
+	std	r26,112($sp)
+	std	r27,120($sp)
+	std	r28,128($sp)
+	std	r29,136($sp)
+	std	r30,144($sp)
+	std	r31,152($sp)
+
+	ld	$a0,0($ap)
+	ld	$bi,0($bp)
+	ld	$a1,8($ap)
+	ld	$a2,16($ap)
+	ld	$a3,24($ap)
+
+	lis	$ordk,0xccd1
+	lis	$ord0,0xf3b9
+	lis	$ord1,0xbce6
+	ori	$ordk,$ordk,0xc8aa
+	ori	$ord0,$ord0,0xcac2
+	ori	$ord1,$ord1,0xfaad
+	sldi	$ordk,$ordk,32
+	sldi	$ord0,$ord0,32
+	sldi	$ord1,$ord1,32
+	oris	$ordk,$ordk,0xee00
+	oris	$ord0,$ord0,0xfc63
+	oris	$ord1,$ord1,0xa717
+	ori	$ordk,$ordk,0xbc4f	# 0xccd1c8aaee00bc4f
+	ori	$ord0,$ord0,0x2551	# 0xf3b9cac2fc632551
+	ori	$ord1,$ord1,0x9e84	# 0xbce6faada7179e84
+	li	$ord2,-1		# 0xffffffffffffffff
+	sldi	$ord3,$ord2,32		# 0xffffffff00000000
+	li	$zr,0
+
+	mulld	$acc0,$a0,$bi		# a[0]*b[0]
+	mulhdu	$t0,$a0,$bi
+
+	mulld	$acc1,$a1,$bi		# a[1]*b[0]
+	mulhdu	$t1,$a1,$bi
+
+	mulld	$acc2,$a2,$bi		# a[2]*b[0]
+	mulhdu	$t2,$a2,$bi
+
+	mulld	$acc3,$a3,$bi		# a[3]*b[0]
+	mulhdu	$acc4,$a3,$bi
+
+	mulld	$t4,$acc0,$ordk
+
+	addc	$acc1,$acc1,$t0		# accumulate high parts of multiplication
+	adde	$acc2,$acc2,$t1
+	adde	$acc3,$acc3,$t2
+	addze	$acc4,$acc4
+	li	$acc5,0
+___
+for ($i=1;$i<4;$i++) {
+	################################################################
+	#            ffff0000.ffffffff.yyyyyyyy.zzzzzzzz
+	# *                                     abcdefgh
+	# + xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx
+	#
+	# Now observing that ff..ff*x = (2^n-1)*x = 2^n*x-x, we
+	# rewrite above as:
+	#
+	#   xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx
+	# - 0000abcd.efgh0000.abcdefgh.00000000.00000000
+	# + abcdefgh.abcdefgh.yzayzbyz.cyzdyzey.zfyzgyzh
+$code.=<<___;
+	ld	$bi,8*$i($bp)		# b[i]
+
+	sldi	$t0,$t4,32
+	subfc	$acc2,$t4,$acc2
+	srdi	$t1,$t4,32
+	subfe	$acc3,$t0,$acc3
+	subfe	$acc4,$t1,$acc4
+	subfe	$acc5,$zr,$acc5
+
+	addic	$t0,$acc0,-1		# discarded
+	mulhdu	$t1,$ord0,$t4
+	mulld	$t2,$ord1,$t4
+	mulhdu	$t3,$ord1,$t4
+
+	adde	$t2,$t2,$t1
+	 mulld	$t0,$a0,$bi
+	addze	$t3,$t3
+	 mulld	$t1,$a1,$bi
+
+	addc	$acc0,$acc1,$t2
+	 mulld	$t2,$a2,$bi
+	adde	$acc1,$acc2,$t3
+	 mulld	$t3,$a3,$bi
+	adde	$acc2,$acc3,$t4
+	adde	$acc3,$acc4,$t4
+	addze	$acc4,$acc5
+
+	addc	$acc0,$acc0,$t0		# accumulate low parts
+	mulhdu	$t0,$a0,$bi
+	adde	$acc1,$acc1,$t1
+	mulhdu	$t1,$a1,$bi
+	adde	$acc2,$acc2,$t2
+	mulhdu	$t2,$a2,$bi
+	adde	$acc3,$acc3,$t3
+	mulhdu	$t3,$a3,$bi
+	addze	$acc4,$acc4
+	mulld	$t4,$acc0,$ordk
+	addc	$acc1,$acc1,$t0		# accumulate high parts
+	adde	$acc2,$acc2,$t1
+	adde	$acc3,$acc3,$t2
+	adde	$acc4,$acc4,$t3
+	addze	$acc5,$zr
+___
+}
+$code.=<<___;
+	sldi	$t0,$t4,32		# last reduction
+	subfc	$acc2,$t4,$acc2
+	srdi	$t1,$t4,32
+	subfe	$acc3,$t0,$acc3
+	subfe	$acc4,$t1,$acc4
+	subfe	$acc5,$zr,$acc5
+
+	addic	$t0,$acc0,-1		# discarded
+	mulhdu	$t1,$ord0,$t4
+	mulld	$t2,$ord1,$t4
+	mulhdu	$t3,$ord1,$t4
+
+	adde	$t2,$t2,$t1
+	addze	$t3,$t3
+
+	addc	$acc0,$acc1,$t2
+	adde	$acc1,$acc2,$t3
+	adde	$acc2,$acc3,$t4
+	adde	$acc3,$acc4,$t4
+	addze	$acc4,$acc5
+
+	subfc	$acc0,$ord0,$acc0	# ret -= modulus
+	subfe	$acc1,$ord1,$acc1
+	subfe	$acc2,$ord2,$acc2
+	subfe	$acc3,$ord3,$acc3
+	subfe	$acc4,$zr,$acc4
+
+	and	$t0,$ord0,$acc4
+	and	$t1,$ord1,$acc4
+	addc	$acc0,$acc0,$t0		# ret += modulus if borrow
+	and	$t3,$ord3,$acc4
+	adde	$acc1,$acc1,$t1
+	adde	$acc2,$acc2,$acc4
+	adde	$acc3,$acc3,$t3
+
+	std	$acc0,0($rp)
+	std	$acc1,8($rp)
+	std	$acc2,16($rp)
+	std	$acc3,24($rp)
+
+	ld	r18,48($sp)
+	ld	r19,56($sp)
+	ld	r20,64($sp)
+	ld	r21,72($sp)
+	ld	r22,80($sp)
+	ld	r23,88($sp)
+	ld	r24,96($sp)
+	ld	r25,104($sp)
+	ld	r26,112($sp)
+	ld	r27,120($sp)
+	ld	r28,128($sp)
+	ld	r29,136($sp)
+	ld	r30,144($sp)
+	ld	r31,152($sp)
+	addi	$sp,$sp,160
+	blr
+	.long	0
+	.byte	0,12,4,0,0x80,14,3,0
+	.long	0
+.size	ecp_nistz256_ord_mul_mont,.-ecp_nistz256_ord_mul_mont
+
+################################################################################
+# void ecp_nistz256_ord_sqr_mont(uint64_t res[4], uint64_t a[4],
+#                                int rep);
+.globl	ecp_nistz256_ord_sqr_mont
+.align	5
+ecp_nistz256_ord_sqr_mont:
+	stdu	$sp,-160($sp)
+	std	r18,48($sp)
+	std	r19,56($sp)
+	std	r20,64($sp)
+	std	r21,72($sp)
+	std	r22,80($sp)
+	std	r23,88($sp)
+	std	r24,96($sp)
+	std	r25,104($sp)
+	std	r26,112($sp)
+	std	r27,120($sp)
+	std	r28,128($sp)
+	std	r29,136($sp)
+	std	r30,144($sp)
+	std	r31,152($sp)
+
+	mtctr	$bp
+
+	ld	$a0,0($ap)
+	ld	$a1,8($ap)
+	ld	$a2,16($ap)
+	ld	$a3,24($ap)
+
+	lis	$ordk,0xccd1
+	lis	$ord0,0xf3b9
+	lis	$ord1,0xbce6
+	ori	$ordk,$ordk,0xc8aa
+	ori	$ord0,$ord0,0xcac2
+	ori	$ord1,$ord1,0xfaad
+	sldi	$ordk,$ordk,32
+	sldi	$ord0,$ord0,32
+	sldi	$ord1,$ord1,32
+	oris	$ordk,$ordk,0xee00
+	oris	$ord0,$ord0,0xfc63
+	oris	$ord1,$ord1,0xa717
+	ori	$ordk,$ordk,0xbc4f	# 0xccd1c8aaee00bc4f
+	ori	$ord0,$ord0,0x2551	# 0xf3b9cac2fc632551
+	ori	$ord1,$ord1,0x9e84	# 0xbce6faada7179e84
+	li	$ord2,-1		# 0xffffffffffffffff
+	sldi	$ord3,$ord2,32		# 0xffffffff00000000
+	li	$zr,0
+	b	.Loop_ord_sqr
+
+.align	5
+.Loop_ord_sqr:
+	################################################################
+	#  |  |  |  |  |  |a1*a0|  |
+	#  |  |  |  |  |a2*a0|  |  |
+	#  |  |a3*a2|a3*a0|  |  |  |
+	#  |  |  |  |a2*a1|  |  |  |
+	#  |  |  |a3*a1|  |  |  |  |
+	# *|  |  |  |  |  |  |  | 2|
+	# +|a3*a3|a2*a2|a1*a1|a0*a0|
+	#  |--+--+--+--+--+--+--+--|
+	#  |A7|A6|A5|A4|A3|A2|A1|A0|, where Ax is $accx, i.e. follow $accx
+	#
+	#  "can't overflow" below mark carrying into high part of
+	#  multiplication result, which can't overflow, because it
+	#  can never be all ones.
+
+	mulld	$acc1,$a1,$a0		# a[1]*a[0]
+	mulhdu	$t1,$a1,$a0
+	mulld	$acc2,$a2,$a0		# a[2]*a[0]
+	mulhdu	$t2,$a2,$a0
+	mulld	$acc3,$a3,$a0		# a[3]*a[0]
+	mulhdu	$acc4,$a3,$a0
+
+	addc	$acc2,$acc2,$t1		# accumulate high parts of multiplication
+	 mulld	$t0,$a2,$a1		# a[2]*a[1]
+	 mulhdu	$t1,$a2,$a1
+	adde	$acc3,$acc3,$t2
+	 mulld	$t2,$a3,$a1		# a[3]*a[1]
+	 mulhdu	$t3,$a3,$a1
+	addze	$acc4,$acc4		# can't overflow
+
+	mulld	$acc5,$a3,$a2		# a[3]*a[2]
+	mulhdu	$acc6,$a3,$a2
+
+	addc	$t1,$t1,$t2		# accumulate high parts of multiplication
+	 mulld	$acc0,$a0,$a0		# a[0]*a[0]
+	addze	$t2,$t3			# can't overflow
+
+	addc	$acc3,$acc3,$t0		# accumulate low parts of multiplication
+	 mulhdu	$a0,$a0,$a0
+	adde	$acc4,$acc4,$t1
+	 mulld	$t1,$a1,$a1		# a[1]*a[1]
+	adde	$acc5,$acc5,$t2
+	 mulhdu	$a1,$a1,$a1
+	addze	$acc6,$acc6		# can't overflow
+
+	addc	$acc1,$acc1,$acc1	# acc[1-6]*=2
+	 mulld	$t2,$a2,$a2		# a[2]*a[2]
+	adde	$acc2,$acc2,$acc2
+	 mulhdu	$a2,$a2,$a2
+	adde	$acc3,$acc3,$acc3
+	 mulld	$t3,$a3,$a3		# a[3]*a[3]
+	adde	$acc4,$acc4,$acc4
+	 mulhdu	$a3,$a3,$a3
+	adde	$acc5,$acc5,$acc5
+	adde	$acc6,$acc6,$acc6
+	addze	$acc7,$zr
+
+	addc	$acc1,$acc1,$a0		# +a[i]*a[i]
+	 mulld	$t4,$acc0,$ordk
+	adde	$acc2,$acc2,$t1
+	adde	$acc3,$acc3,$a1
+	adde	$acc4,$acc4,$t2
+	adde	$acc5,$acc5,$a2
+	adde	$acc6,$acc6,$t3
+	adde	$acc7,$acc7,$a3
+___
+for($i=0; $i<4; $i++) {			# reductions
+$code.=<<___;
+	addic	$t0,$acc0,-1		# discarded
+	mulhdu	$t1,$ord0,$t4
+	mulld	$t2,$ord1,$t4
+	mulhdu	$t3,$ord1,$t4
+
+	adde	$t2,$t2,$t1
+	addze	$t3,$t3
+
+	addc	$acc0,$acc1,$t2
+	adde	$acc1,$acc2,$t3
+	adde	$acc2,$acc3,$t4
+	adde	$acc3,$zr,$t4		# can't overflow
+___
+$code.=<<___	if ($i<3);
+	mulld	$t3,$acc0,$ordk
+___
+$code.=<<___;
+	sldi	$t0,$t4,32
+	subfc	$acc1,$t4,$acc1
+	srdi	$t1,$t4,32
+	subfe	$acc2,$t0,$acc2
+	subfe	$acc3,$t1,$acc3		# can't borrow
+___
+	($t3,$t4) = ($t4,$t3);
+}
+$code.=<<___;
+	addc	$acc0,$acc0,$acc4	# accumulate upper half
+	adde	$acc1,$acc1,$acc5
+	adde	$acc2,$acc2,$acc6
+	adde	$acc3,$acc3,$acc7
+	addze	$acc4,$zr
+
+	subfc	$acc0,$ord0,$acc0	# ret -= modulus
+	subfe	$acc1,$ord1,$acc1
+	subfe	$acc2,$ord2,$acc2
+	subfe	$acc3,$ord3,$acc3
+	subfe	$acc4,$zr,$acc4
+
+	and	$t0,$ord0,$acc4
+	and	$t1,$ord1,$acc4
+	addc	$a0,$acc0,$t0		# ret += modulus if borrow
+	and	$t3,$ord3,$acc4
+	adde	$a1,$acc1,$t1
+	adde	$a2,$acc2,$acc4
+	adde	$a3,$acc3,$t3
+
+	bdnz	.Loop_ord_sqr
+
+	std	$a0,0($rp)
+	std	$a1,8($rp)
+	std	$a2,16($rp)
+	std	$a3,24($rp)
+
+	ld	r18,48($sp)
+	ld	r19,56($sp)
+	ld	r20,64($sp)
+	ld	r21,72($sp)
+	ld	r22,80($sp)
+	ld	r23,88($sp)
+	ld	r24,96($sp)
+	ld	r25,104($sp)
+	ld	r26,112($sp)
+	ld	r27,120($sp)
+	ld	r28,128($sp)
+	ld	r29,136($sp)
+	ld	r30,144($sp)
+	ld	r31,152($sp)
+	addi	$sp,$sp,160
+	blr
+	.long	0
+	.byte	0,12,4,0,0x80,14,3,0
+	.long	0
+.size	ecp_nistz256_ord_sqr_mont,.-ecp_nistz256_ord_sqr_mont
+___
+}	}
+
+########################################################################
+# scatter-gather subroutines
+{
+my ($out,$inp,$index,$mask)=map("r$_",(3..7));
+$code.=<<___;
+########################################################################
+# void	ecp_nistz256_scatter_w5(void *out, const P256_POINT *inp,
+#				int index);
+.globl	ecp_nistz256_scatter_w5
+.align	4
+ecp_nistz256_scatter_w5:
+	slwi	$index,$index,2
+	add	$out,$out,$index
+
+	ld	r8, 0($inp)		# X
+	ld	r9, 8($inp)
+	ld	r10,16($inp)
+	ld	r11,24($inp)
+
+	stw	r8, 64*0-4($out)
+	srdi	r8, r8, 32
+	stw	r9, 64*1-4($out)
+	srdi	r9, r9, 32
+	stw	r10,64*2-4($out)
+	srdi	r10,r10,32
+	stw	r11,64*3-4($out)
+	srdi	r11,r11,32
+	stw	r8, 64*4-4($out)
+	stw	r9, 64*5-4($out)
+	stw	r10,64*6-4($out)
+	stw	r11,64*7-4($out)
+	addi	$out,$out,64*8
+
+	ld	r8, 32($inp)		# Y
+	ld	r9, 40($inp)
+	ld	r10,48($inp)
+	ld	r11,56($inp)
+
+	stw	r8, 64*0-4($out)
+	srdi	r8, r8, 32
+	stw	r9, 64*1-4($out)
+	srdi	r9, r9, 32
+	stw	r10,64*2-4($out)
+	srdi	r10,r10,32
+	stw	r11,64*3-4($out)
+	srdi	r11,r11,32
+	stw	r8, 64*4-4($out)
+	stw	r9, 64*5-4($out)
+	stw	r10,64*6-4($out)
+	stw	r11,64*7-4($out)
+	addi	$out,$out,64*8
+
+	ld	r8, 64($inp)		# Z
+	ld	r9, 72($inp)
+	ld	r10,80($inp)
+	ld	r11,88($inp)
+
+	stw	r8, 64*0-4($out)
+	srdi	r8, r8, 32
+	stw	r9, 64*1-4($out)
+	srdi	r9, r9, 32
+	stw	r10,64*2-4($out)
+	srdi	r10,r10,32
+	stw	r11,64*3-4($out)
+	srdi	r11,r11,32
+	stw	r8, 64*4-4($out)
+	stw	r9, 64*5-4($out)
+	stw	r10,64*6-4($out)
+	stw	r11,64*7-4($out)
+
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,3,0
+	.long	0
+.size	ecp_nistz256_scatter_w5,.-ecp_nistz256_scatter_w5
+
+########################################################################
+# void	ecp_nistz256_gather_w5(P256_POINT *out, const void *inp,
+#				int index);
+.globl	ecp_nistz256_gather_w5
+.align	4
+ecp_nistz256_gather_w5:
+	neg	r0,$index
+	sradi	r0,r0,63
+
+	add	$index,$index,r0
+	slwi	$index,$index,2
+	add	$inp,$inp,$index
+
+	lwz	r5, 64*0($inp)
+	lwz	r6, 64*1($inp)
+	lwz	r7, 64*2($inp)
+	lwz	r8, 64*3($inp)
+	lwz	r9, 64*4($inp)
+	lwz	r10,64*5($inp)
+	lwz	r11,64*6($inp)
+	lwz	r12,64*7($inp)
+	addi	$inp,$inp,64*8
+	sldi	r9, r9, 32
+	sldi	r10,r10,32
+	sldi	r11,r11,32
+	sldi	r12,r12,32
+	or	r5,r5,r9
+	or	r6,r6,r10
+	or	r7,r7,r11
+	or	r8,r8,r12
+	and	r5,r5,r0
+	and	r6,r6,r0
+	and	r7,r7,r0
+	and	r8,r8,r0
+	std	r5,0($out)		# X
+	std	r6,8($out)
+	std	r7,16($out)
+	std	r8,24($out)
+
+	lwz	r5, 64*0($inp)
+	lwz	r6, 64*1($inp)
+	lwz	r7, 64*2($inp)
+	lwz	r8, 64*3($inp)
+	lwz	r9, 64*4($inp)
+	lwz	r10,64*5($inp)
+	lwz	r11,64*6($inp)
+	lwz	r12,64*7($inp)
+	addi	$inp,$inp,64*8
+	sldi	r9, r9, 32
+	sldi	r10,r10,32
+	sldi	r11,r11,32
+	sldi	r12,r12,32
+	or	r5,r5,r9
+	or	r6,r6,r10
+	or	r7,r7,r11
+	or	r8,r8,r12
+	and	r5,r5,r0
+	and	r6,r6,r0
+	and	r7,r7,r0
+	and	r8,r8,r0
+	std	r5,32($out)		# Y
+	std	r6,40($out)
+	std	r7,48($out)
+	std	r8,56($out)
+
+	lwz	r5, 64*0($inp)
+	lwz	r6, 64*1($inp)
+	lwz	r7, 64*2($inp)
+	lwz	r8, 64*3($inp)
+	lwz	r9, 64*4($inp)
+	lwz	r10,64*5($inp)
+	lwz	r11,64*6($inp)
+	lwz	r12,64*7($inp)
+	sldi	r9, r9, 32
+	sldi	r10,r10,32
+	sldi	r11,r11,32
+	sldi	r12,r12,32
+	or	r5,r5,r9
+	or	r6,r6,r10
+	or	r7,r7,r11
+	or	r8,r8,r12
+	and	r5,r5,r0
+	and	r6,r6,r0
+	and	r7,r7,r0
+	and	r8,r8,r0
+	std	r5,64($out)		# Z
+	std	r6,72($out)
+	std	r7,80($out)
+	std	r8,88($out)
+
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,3,0
+	.long	0
+.size	ecp_nistz256_gather_w5,.-ecp_nistz256_gather_w5
+
+########################################################################
+# void	ecp_nistz256_scatter_w7(void *out, const P256_POINT_AFFINE *inp,
+#				int index);
+.globl	ecp_nistz256_scatter_w7
+.align	4
+ecp_nistz256_scatter_w7:
+	li	r0,8
+	mtctr	r0
+	add	$out,$out,$index
+	subi	$inp,$inp,8
+
+.Loop_scatter_w7:
+	ldu	r0,8($inp)
+	stb	r0,64*0($out)
+	srdi	r0,r0,8
+	stb	r0,64*1($out)
+	srdi	r0,r0,8
+	stb	r0,64*2($out)
+	srdi	r0,r0,8
+	stb	r0,64*3($out)
+	srdi	r0,r0,8
+	stb	r0,64*4($out)
+	srdi	r0,r0,8
+	stb	r0,64*5($out)
+	srdi	r0,r0,8
+	stb	r0,64*6($out)
+	srdi	r0,r0,8
+	stb	r0,64*7($out)
+	addi	$out,$out,64*8
+	bdnz	.Loop_scatter_w7
+
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,3,0
+	.long	0
+.size	ecp_nistz256_scatter_w7,.-ecp_nistz256_scatter_w7
+
+########################################################################
+# void	ecp_nistz256_gather_w7(P256_POINT_AFFINE *out, const void *inp,
+#				int index);
+.globl	ecp_nistz256_gather_w7
+.align	4
+ecp_nistz256_gather_w7:
+	li	r0,8
+	mtctr	r0
+	neg	r0,$index
+	sradi	r0,r0,63
+
+	add	$index,$index,r0
+	add	$inp,$inp,$index
+	subi	$out,$out,8
+
+.Loop_gather_w7:
+	lbz	r5, 64*0($inp)
+	lbz	r6, 64*1($inp)
+	lbz	r7, 64*2($inp)
+	lbz	r8, 64*3($inp)
+	lbz	r9, 64*4($inp)
+	lbz	r10,64*5($inp)
+	lbz	r11,64*6($inp)
+	lbz	r12,64*7($inp)
+	addi	$inp,$inp,64*8
+
+	sldi	r6, r6, 8
+	sldi	r7, r7, 16
+	sldi	r8, r8, 24
+	sldi	r9, r9, 32
+	sldi	r10,r10,40
+	sldi	r11,r11,48
+	sldi	r12,r12,56
+
+	or	r5,r5,r6
+	or	r7,r7,r8
+	or	r9,r9,r10
+	or	r11,r11,r12
+	or	r5,r5,r7
+	or	r9,r9,r11
+	or	r5,r5,r9
+	and	r5,r5,r0
+	stdu	r5,8($out)
+	bdnz	.Loop_gather_w7
+
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,3,0
+	.long	0
+.size	ecp_nistz256_gather_w7,.-ecp_nistz256_gather_w7
+___
+}
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/ge;
+
+	print $_,"\n";
+}
+close STDOUT;	# enforce flush
diff --git a/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-sparcv9.pl b/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-sparcv9.pl
index 0c1af95b13..0a4def6e2b 100755
--- a/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-sparcv9.pl
+++ b/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-sparcv9.pl
@@ -413,7 +413,7 @@ __ecp_nistz256_add:
 	! if a+b >= modulus, subtract modulus.
 	!
 	! But since comparison implies subtraction, we subtract
-	! modulus and then add it back if subraction borrowed.
+	! modulus and then add it back if subtraction borrowed.
 
 	subcc	@acc[0],-1,@acc[0]
 	subccc	@acc[1],-1,@acc[1]
@@ -1592,7 +1592,7 @@ ___
 ########################################################################
 # Following subroutines are VIS3 counterparts of those above that
 # implement ones found in ecp_nistz256.c. Key difference is that they
-# use 128-bit muliplication and addition with 64-bit carry, and in order
+# use 128-bit multiplication and addition with 64-bit carry, and in order
 # to do that they perform conversion from uin32_t[8] to uint64_t[4] upon
 # entry and vice versa on return.
 #
@@ -1874,7 +1874,7 @@ $code.=<<___	if ($i<3);
 	ldx	[$bp+8*($i+1)],$bi	! bp[$i+1]
 ___
 $code.=<<___;
-	addcc	$acc1,$t0,$acc1		! accumulate high parts of multiplication 
+	addcc	$acc1,$t0,$acc1		! accumulate high parts of multiplication
 	 sllx	$acc0,32,$t0
 	addxccc	$acc2,$t1,$acc2
 	 srlx	$acc0,32,$t1
@@ -1977,7 +1977,7 @@ $code.=<<___;
 	 srlx	$acc0,32,$t1
 	addxccc	$acc3,$t2,$acc2		! +=acc[0]*0xFFFFFFFF00000001
 	 sub	$acc0,$t0,$t2		! acc0*0xFFFFFFFF00000001, low part
-	addxc	%g0,$t3,$acc3		! cant't overflow
+	addxc	%g0,$t3,$acc3		! can't overflow
 ___
 }
 $code.=<<___;
diff --git a/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-x86.pl b/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-x86.pl
index b3bec23228..0c6fc665bf 100755
--- a/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-x86.pl
+++ b/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-x86.pl
@@ -45,7 +45,7 @@ require "x86asm.pl";
 $output=pop;
 open STDOUT,">$output";
 
-&asm_init($ARGV[0],"ecp_nistz256-x86.pl",$ARGV[$#ARGV] eq "386");
+&asm_init($ARGV[0],$ARGV[$#ARGV] eq "386");
 
 $sse2=0;
 for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
@@ -443,7 +443,7 @@ for(1..37) {
 	&mov	(&DWP(20,"esp"),"eax");
 	&mov	(&DWP(24,"esp"),"eax");
 	&mov	(&DWP(28,"esp"),"eax");
-	
+
 	&call	("_ecp_nistz256_sub");
 
 	&stack_pop(8);
diff --git a/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-x86_64.pl b/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-x86_64.pl
index 714e852a18..eba6ffd430 100755
--- a/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-x86_64.pl
+++ b/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-x86_64.pl
@@ -1,60 +1,44 @@
 #! /usr/bin/env perl
-# Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright (c) 2014, Intel Corporation. All Rights Reserved.
+# Copyright (c) 2015 CloudFlare, Inc.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
 # in the file LICENSE in the source distribution or at
 # https://www.openssl.org/source/license.html
-
-
-##############################################################################
-#                                                                            #
-# Copyright 2014 Intel Corporation                                           #
-#                                                                            #
-# Licensed under the Apache License, Version 2.0 (the "License");            #
-# you may not use this file except in compliance with the License.           #
-# You may obtain a copy of the License at                                    #
-#                                                                            #
-#    http://www.apache.org/licenses/LICENSE-2.0                              #
-#                                                                            #
-# Unless required by applicable law or agreed to in writing, software        #
-# distributed under the License is distributed on an "AS IS" BASIS,          #
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
-# See the License for the specific language governing permissions and        #
-# limitations under the License.                                             #
-#                                                                            #
-##############################################################################
-#                                                                            #
-#  Developers and authors:                                                   #
-#  Shay Gueron (1, 2), and Vlad Krasnov (1)                                  #
-#  (1) Intel Corporation, Israel Development Center                          #
-#  (2) University of Haifa                                                   #
-#  Reference:                                                                #
-#  S.Gueron and V.Krasnov, "Fast Prime Field Elliptic Curve Cryptography with#
-#                           256 Bit Primes"                                  #
-#                                                                            #
-##############################################################################
+#
+# Originally written by Shay Gueron (1, 2), and Vlad Krasnov (1, 3)
+# (1) Intel Corporation, Israel Development Center, Haifa, Israel
+# (2) University of Haifa, Israel
+# (3) CloudFlare, Inc.
+#
+# Reference:
+# S.Gueron and V.Krasnov, "Fast Prime Field Elliptic Curve Cryptography with
+#                          256 Bit Primes"
 
 # Further optimization by <appro@openssl.org>:
 #
 #		this/original	with/without -DECP_NISTZ256_ASM(*)
-# Opteron	+12-49%		+110-150%
-# Bulldozer	+14-45%		+175-210%
-# P4		+18-46%		n/a :-(
-# Westmere	+12-34%		+80-87%
-# Sandy Bridge	+9-35%		+110-120%
-# Ivy Bridge	+9-35%		+110-125%
-# Haswell	+8-37%		+140-160%
-# Broadwell	+18-58%		+145-210%
-# Atom		+15-50%		+130-180%
-# VIA Nano	+43-160%	+300-480%
+# Opteron	+15-49%		+150-195%
+# Bulldozer	+18-45%		+175-240%
+# P4		+24-46%		+100-150%
+# Westmere	+18-34%		+87-160%
+# Sandy Bridge	+14-35%		+120-185%
+# Ivy Bridge	+11-35%		+125-180%
+# Haswell	+10-37%		+160-200%
+# Broadwell	+24-58%		+210-270%
+# Atom		+20-50%		+180-240%
+# VIA Nano	+50-160%	+480-480%
 #
 # (*)	"without -DECP_NISTZ256_ASM" refers to build with
 #	"enable-ec_nistp_64_gcc_128";
 #
 # Ranges denote minimum and maximum improvement coefficients depending
-# on benchmark. Lower coefficients are for ECDSA sign, relatively fastest
-# server-side operation. Keep in mind that +100% means 2x improvement.
+# on benchmark. In "this/original" column lower coefficient is for
+# ECDSA sign, while in "with/without" - for ECDH key agreement, and
+# higher - for ECDSA sign, relatively fastest server-side operation.
+# Keep in mind that +100% means 2x improvement.
 
 $flavour = shift;
 $output  = shift;
@@ -115,6 +99,12 @@ $code.=<<___;
 .long 3,3,3,3,3,3,3,3
 .LONE_mont:
 .quad 0x0000000000000001, 0xffffffff00000000, 0xffffffffffffffff, 0x00000000fffffffe
+
+# Constants for computations modulo ord(p256)
+.Lord:
+.quad 0xf3b9cac2fc632551, 0xbce6faada7179e84, 0xffffffffffffffff, 0xffffffff00000000
+.LordK:
+.quad 0xccd1c8aaee00bc4f
 ___
 
 {
@@ -131,8 +121,12 @@ $code.=<<___;
 .type	ecp_nistz256_mul_by_2,\@function,2
 .align	64
 ecp_nistz256_mul_by_2:
+.cfi_startproc
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
+.Lmul_by_2_body:
 
 	mov	8*0($a_ptr), $a0
 	xor	$t4,$t4
@@ -165,9 +159,15 @@ ecp_nistz256_mul_by_2:
 	mov	$a2, 8*2($r_ptr)
 	mov	$a3, 8*3($r_ptr)
 
-	pop	%r13
-	pop	%r12
+	mov	0(%rsp),%r13
+.cfi_restore	%r13
+	mov	8(%rsp),%r12
+.cfi_restore	%r12
+	lea	16(%rsp),%rsp
+.cfi_adjust_cfa_offset	-16
+.Lmul_by_2_epilogue:
 	ret
+.cfi_endproc
 .size	ecp_nistz256_mul_by_2,.-ecp_nistz256_mul_by_2
 
 ################################################################################
@@ -176,8 +176,12 @@ ecp_nistz256_mul_by_2:
 .type	ecp_nistz256_div_by_2,\@function,2
 .align	32
 ecp_nistz256_div_by_2:
+.cfi_startproc
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
+.Ldiv_by_2_body:
 
 	mov	8*0($a_ptr), $a0
 	mov	8*1($a_ptr), $a1
@@ -225,9 +229,15 @@ ecp_nistz256_div_by_2:
 	mov	$a2, 8*2($r_ptr)
 	mov	$a3, 8*3($r_ptr)
 
-	pop	%r13
-	pop	%r12
+	mov	0(%rsp),%r13
+.cfi_restore	%r13
+	mov	8(%rsp),%r12
+.cfi_restore	%r12
+	lea	16(%rsp),%rsp
+.cfi_adjust_cfa_offset	-16
+.Ldiv_by_2_epilogue:
 	ret
+.cfi_endproc
 .size	ecp_nistz256_div_by_2,.-ecp_nistz256_div_by_2
 
 ################################################################################
@@ -236,8 +246,12 @@ ecp_nistz256_div_by_2:
 .type	ecp_nistz256_mul_by_3,\@function,2
 .align	32
 ecp_nistz256_mul_by_3:
+.cfi_startproc
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
+.Lmul_by_3_body:
 
 	mov	8*0($a_ptr), $a0
 	xor	$t4, $t4
@@ -291,9 +305,15 @@ ecp_nistz256_mul_by_3:
 	mov	$a2, 8*2($r_ptr)
 	mov	$a3, 8*3($r_ptr)
 
-	pop %r13
-	pop %r12
+	mov	0(%rsp),%r13
+.cfi_restore	%r13
+	mov	8(%rsp),%r12
+.cfi_restore	%r12
+	lea	16(%rsp),%rsp
+.cfi_adjust_cfa_offset	-16
+.Lmul_by_3_epilogue:
 	ret
+.cfi_endproc
 .size	ecp_nistz256_mul_by_3,.-ecp_nistz256_mul_by_3
 
 ################################################################################
@@ -302,8 +322,12 @@ ecp_nistz256_mul_by_3:
 .type	ecp_nistz256_add,\@function,3
 .align	32
 ecp_nistz256_add:
+.cfi_startproc
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
+.Ladd_body:
 
 	mov	8*0($a_ptr), $a0
 	xor	$t4, $t4
@@ -337,9 +361,15 @@ ecp_nistz256_add:
 	mov	$a2, 8*2($r_ptr)
 	mov	$a3, 8*3($r_ptr)
 
-	pop %r13
-	pop %r12
+	mov	0(%rsp),%r13
+.cfi_restore	%r13
+	mov	8(%rsp),%r12
+.cfi_restore	%r12
+	lea	16(%rsp),%rsp
+.cfi_adjust_cfa_offset	-16
+.Ladd_epilogue:
 	ret
+.cfi_endproc
 .size	ecp_nistz256_add,.-ecp_nistz256_add
 
 ################################################################################
@@ -348,8 +378,12 @@ ecp_nistz256_add:
 .type	ecp_nistz256_sub,\@function,3
 .align	32
 ecp_nistz256_sub:
+.cfi_startproc
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
+.Lsub_body:
 
 	mov	8*0($a_ptr), $a0
 	xor	$t4, $t4
@@ -383,9 +417,15 @@ ecp_nistz256_sub:
 	mov	$a2, 8*2($r_ptr)
 	mov	$a3, 8*3($r_ptr)
 
-	pop %r13
-	pop %r12
+	mov	0(%rsp),%r13
+.cfi_restore	%r13
+	mov	8(%rsp),%r12
+.cfi_restore	%r12
+	lea	16(%rsp),%rsp
+.cfi_adjust_cfa_offset	-16
+.Lsub_epilogue:
 	ret
+.cfi_endproc
 .size	ecp_nistz256_sub,.-ecp_nistz256_sub
 
 ################################################################################
@@ -394,8 +434,12 @@ ecp_nistz256_sub:
 .type	ecp_nistz256_neg,\@function,2
 .align	32
 ecp_nistz256_neg:
+.cfi_startproc
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
+.Lneg_body:
 
 	xor	$a0, $a0
 	xor	$a1, $a1
@@ -429,9 +473,15 @@ ecp_nistz256_neg:
 	mov	$a2, 8*2($r_ptr)
 	mov	$a3, 8*3($r_ptr)
 
-	pop %r13
-	pop %r12
+	mov	0(%rsp),%r13
+.cfi_restore	%r13
+	mov	8(%rsp),%r12
+.cfi_restore	%r12
+	lea	16(%rsp),%rsp
+.cfi_adjust_cfa_offset	-16
+.Lneg_epilogue:
 	ret
+.cfi_endproc
 .size	ecp_nistz256_neg,.-ecp_nistz256_neg
 ___
 }
@@ -443,6 +493,1085 @@ my ($poly1,$poly3)=($acc6,$acc7);
 
 $code.=<<___;
 ################################################################################
+# void ecp_nistz256_ord_mul_mont(
+#   uint64_t res[4],
+#   uint64_t a[4],
+#   uint64_t b[4]);
+
+.globl	ecp_nistz256_ord_mul_mont
+.type	ecp_nistz256_ord_mul_mont,\@function,3
+.align	32
+ecp_nistz256_ord_mul_mont:
+.cfi_startproc
+___
+$code.=<<___	if ($addx);
+	mov	\$0x80100, %ecx
+	and	OPENSSL_ia32cap_P+8(%rip), %ecx
+	cmp	\$0x80100, %ecx
+	je	.Lecp_nistz256_ord_mul_montx
+___
+$code.=<<___;
+	push	%rbp
+.cfi_push	%rbp
+	push	%rbx
+.cfi_push	%rbx
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+.Lord_mul_body:
+
+	mov	8*0($b_org), %rax
+	mov	$b_org, $b_ptr
+	lea	.Lord(%rip), %r14
+	mov	.LordK(%rip), %r15
+
+	################################# * b[0]
+	mov	%rax, $t0
+	mulq	8*0($a_ptr)
+	mov	%rax, $acc0
+	mov	$t0, %rax
+	mov	%rdx, $acc1
+
+	mulq	8*1($a_ptr)
+	add	%rax, $acc1
+	mov	$t0, %rax
+	adc	\$0, %rdx
+	mov	%rdx, $acc2
+
+	mulq	8*2($a_ptr)
+	add	%rax, $acc2
+	mov	$t0, %rax
+	adc	\$0, %rdx
+
+	 mov	$acc0, $acc5
+	 imulq	%r15,$acc0
+
+	mov	%rdx, $acc3
+	mulq	8*3($a_ptr)
+	add	%rax, $acc3
+	 mov	$acc0, %rax
+	adc	\$0, %rdx
+	mov	%rdx, $acc4
+
+	################################# First reduction step
+	mulq	8*0(%r14)
+	mov	$acc0, $t1
+	add	%rax, $acc5		# guaranteed to be zero
+	mov	$acc0, %rax
+	adc	\$0, %rdx
+	mov	%rdx, $t0
+
+	sub	$acc0, $acc2
+	sbb	\$0, $acc0		# can't borrow
+
+	mulq	8*1(%r14)
+	add	$t0, $acc1
+	adc	\$0, %rdx
+	add	%rax, $acc1
+	mov	$t1, %rax
+	adc	%rdx, $acc2
+	mov	$t1, %rdx
+	adc	\$0, $acc0		# can't overflow
+
+	shl	\$32, %rax
+	shr	\$32, %rdx
+	sub	%rax, $acc3
+	 mov	8*1($b_ptr), %rax
+	sbb	%rdx, $t1		# can't borrow
+
+	add	$acc0, $acc3
+	adc	$t1, $acc4
+	adc	\$0, $acc5
+
+	################################# * b[1]
+	mov	%rax, $t0
+	mulq	8*0($a_ptr)
+	add	%rax, $acc1
+	mov	$t0, %rax
+	adc	\$0, %rdx
+	mov	%rdx, $t1
+
+	mulq	8*1($a_ptr)
+	add	$t1, $acc2
+	adc	\$0, %rdx
+	add	%rax, $acc2
+	mov	$t0, %rax
+	adc	\$0, %rdx
+	mov	%rdx, $t1
+
+	mulq	8*2($a_ptr)
+	add	$t1, $acc3
+	adc	\$0, %rdx
+	add	%rax, $acc3
+	mov	$t0, %rax
+	adc	\$0, %rdx
+
+	 mov	$acc1, $t0
+	 imulq	%r15, $acc1
+
+	mov	%rdx, $t1
+	mulq	8*3($a_ptr)
+	add	$t1, $acc4
+	adc	\$0, %rdx
+	xor	$acc0, $acc0
+	add	%rax, $acc4
+	 mov	$acc1, %rax
+	adc	%rdx, $acc5
+	adc	\$0, $acc0
+
+	################################# Second reduction step
+	mulq	8*0(%r14)
+	mov	$acc1, $t1
+	add	%rax, $t0		# guaranteed to be zero
+	mov	$acc1, %rax
+	adc	%rdx, $t0
+
+	sub	$acc1, $acc3
+	sbb	\$0, $acc1		# can't borrow
+
+	mulq	8*1(%r14)
+	add	$t0, $acc2
+	adc	\$0, %rdx
+	add	%rax, $acc2
+	mov	$t1, %rax
+	adc	%rdx, $acc3
+	mov	$t1, %rdx
+	adc	\$0, $acc1		# can't overflow
+
+	shl	\$32, %rax
+	shr	\$32, %rdx
+	sub	%rax, $acc4
+	 mov	8*2($b_ptr), %rax
+	sbb	%rdx, $t1		# can't borrow
+
+	add	$acc1, $acc4
+	adc	$t1, $acc5
+	adc	\$0, $acc0
+
+	################################## * b[2]
+	mov	%rax, $t0
+	mulq	8*0($a_ptr)
+	add	%rax, $acc2
+	mov	$t0, %rax
+	adc	\$0, %rdx
+	mov	%rdx, $t1
+
+	mulq	8*1($a_ptr)
+	add	$t1, $acc3
+	adc	\$0, %rdx
+	add	%rax, $acc3
+	mov	$t0, %rax
+	adc	\$0, %rdx
+	mov	%rdx, $t1
+
+	mulq	8*2($a_ptr)
+	add	$t1, $acc4
+	adc	\$0, %rdx
+	add	%rax, $acc4
+	mov	$t0, %rax
+	adc	\$0, %rdx
+
+	 mov	$acc2, $t0
+	 imulq	%r15, $acc2
+
+	mov	%rdx, $t1
+	mulq	8*3($a_ptr)
+	add	$t1, $acc5
+	adc	\$0, %rdx
+	xor	$acc1, $acc1
+	add	%rax, $acc5
+	 mov	$acc2, %rax
+	adc	%rdx, $acc0
+	adc	\$0, $acc1
+
+	################################# Third reduction step
+	mulq	8*0(%r14)
+	mov	$acc2, $t1
+	add	%rax, $t0		# guaranteed to be zero
+	mov	$acc2, %rax
+	adc	%rdx, $t0
+
+	sub	$acc2, $acc4
+	sbb	\$0, $acc2		# can't borrow
+
+	mulq	8*1(%r14)
+	add	$t0, $acc3
+	adc	\$0, %rdx
+	add	%rax, $acc3
+	mov	$t1, %rax
+	adc	%rdx, $acc4
+	mov	$t1, %rdx
+	adc	\$0, $acc2		# can't overflow
+
+	shl	\$32, %rax
+	shr	\$32, %rdx
+	sub	%rax, $acc5
+	 mov	8*3($b_ptr), %rax
+	sbb	%rdx, $t1		# can't borrow
+
+	add	$acc2, $acc5
+	adc	$t1, $acc0
+	adc	\$0, $acc1
+
+	################################# * b[3]
+	mov	%rax, $t0
+	mulq	8*0($a_ptr)
+	add	%rax, $acc3
+	mov	$t0, %rax
+	adc	\$0, %rdx
+	mov	%rdx, $t1
+
+	mulq	8*1($a_ptr)
+	add	$t1, $acc4
+	adc	\$0, %rdx
+	add	%rax, $acc4
+	mov	$t0, %rax
+	adc	\$0, %rdx
+	mov	%rdx, $t1
+
+	mulq	8*2($a_ptr)
+	add	$t1, $acc5
+	adc	\$0, %rdx
+	add	%rax, $acc5
+	mov	$t0, %rax
+	adc	\$0, %rdx
+
+	 mov	$acc3, $t0
+	 imulq	%r15, $acc3
+
+	mov	%rdx, $t1
+	mulq	8*3($a_ptr)
+	add	$t1, $acc0
+	adc	\$0, %rdx
+	xor	$acc2, $acc2
+	add	%rax, $acc0
+	 mov	$acc3, %rax
+	adc	%rdx, $acc1
+	adc	\$0, $acc2
+
+	################################# Last reduction step
+	mulq	8*0(%r14)
+	mov	$acc3, $t1
+	add	%rax, $t0		# guaranteed to be zero
+	mov	$acc3, %rax
+	adc	%rdx, $t0
+
+	sub	$acc3, $acc5
+	sbb	\$0, $acc3		# can't borrow
+
+	mulq	8*1(%r14)
+	add	$t0, $acc4
+	adc	\$0, %rdx
+	add	%rax, $acc4
+	mov	$t1, %rax
+	adc	%rdx, $acc5
+	mov	$t1, %rdx
+	adc	\$0, $acc3		# can't overflow
+
+	shl	\$32, %rax
+	shr	\$32, %rdx
+	sub	%rax, $acc0
+	sbb	%rdx, $t1		# can't borrow
+
+	add	$acc3, $acc0
+	adc	$t1, $acc1
+	adc	\$0, $acc2
+
+	################################# Subtract ord
+	 mov	$acc4, $a_ptr
+	sub	8*0(%r14), $acc4
+	 mov	$acc5, $acc3
+	sbb	8*1(%r14), $acc5
+	 mov	$acc0, $t0
+	sbb	8*2(%r14), $acc0
+	 mov	$acc1, $t1
+	sbb	8*3(%r14), $acc1
+	sbb	\$0, $acc2
+
+	cmovc	$a_ptr, $acc4
+	cmovc	$acc3, $acc5
+	cmovc	$t0, $acc0
+	cmovc	$t1, $acc1
+
+	mov	$acc4, 8*0($r_ptr)
+	mov	$acc5, 8*1($r_ptr)
+	mov	$acc0, 8*2($r_ptr)
+	mov	$acc1, 8*3($r_ptr)
+
+	mov	0(%rsp),%r15
+.cfi_restore	%r15
+	mov	8(%rsp),%r14
+.cfi_restore	%r14
+	mov	16(%rsp),%r13
+.cfi_restore	%r13
+	mov	24(%rsp),%r12
+.cfi_restore	%r12
+	mov	32(%rsp),%rbx
+.cfi_restore	%rbx
+	mov	40(%rsp),%rbp
+.cfi_restore	%rbp
+	lea	48(%rsp),%rsp
+.cfi_adjust_cfa_offset	-48
+.Lord_mul_epilogue:
+	ret
+.cfi_endproc
+.size	ecp_nistz256_ord_mul_mont,.-ecp_nistz256_ord_mul_mont
+
+################################################################################
+# void ecp_nistz256_ord_sqr_mont(
+#   uint64_t res[4],
+#   uint64_t a[4],
+#   int rep);
+
+.globl	ecp_nistz256_ord_sqr_mont
+.type	ecp_nistz256_ord_sqr_mont,\@function,3
+.align	32
+ecp_nistz256_ord_sqr_mont:
+.cfi_startproc
+___
+$code.=<<___	if ($addx);
+	mov	\$0x80100, %ecx
+	and	OPENSSL_ia32cap_P+8(%rip), %ecx
+	cmp	\$0x80100, %ecx
+	je	.Lecp_nistz256_ord_sqr_montx
+___
+$code.=<<___;
+	push	%rbp
+.cfi_push	%rbp
+	push	%rbx
+.cfi_push	%rbx
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+.Lord_sqr_body:
+
+	mov	8*0($a_ptr), $acc0
+	mov	8*1($a_ptr), %rax
+	mov	8*2($a_ptr), $acc6
+	mov	8*3($a_ptr), $acc7
+	lea	.Lord(%rip), $a_ptr	# pointer to modulus
+	mov	$b_org, $b_ptr
+	jmp	.Loop_ord_sqr
+
+.align	32
+.Loop_ord_sqr:
+	################################# a[1:] * a[0]
+	mov	%rax, $t1		# put aside a[1]
+	mul	$acc0			# a[1] * a[0]
+	mov	%rax, $acc1
+	movq	$t1, %xmm1		# offload a[1]
+	mov	$acc6, %rax
+	mov	%rdx, $acc2
+
+	mul	$acc0			# a[2] * a[0]
+	add	%rax, $acc2
+	mov	$acc7, %rax
+	movq	$acc6, %xmm2		# offload a[2]
+	adc	\$0, %rdx
+	mov	%rdx, $acc3
+
+	mul	$acc0			# a[3] * a[0]
+	add	%rax, $acc3
+	mov	$acc7, %rax
+	movq	$acc7, %xmm3		# offload a[3]
+	adc	\$0, %rdx
+	mov	%rdx, $acc4
+
+	################################# a[3] * a[2]
+	mul	$acc6			# a[3] * a[2]
+	mov	%rax, $acc5
+	mov	$acc6, %rax
+	mov	%rdx, $acc6
+
+	################################# a[2:] * a[1]
+	mul	$t1			# a[2] * a[1]
+	add	%rax, $acc3
+	mov	$acc7, %rax
+	adc	\$0, %rdx
+	mov	%rdx, $acc7
+
+	mul	$t1			# a[3] * a[1]
+	add	%rax, $acc4
+	adc	\$0, %rdx
+
+	add	$acc7, $acc4
+	adc	%rdx, $acc5
+	adc	\$0, $acc6		# can't overflow
+
+	################################# *2
+	xor	$acc7, $acc7
+	mov	$acc0, %rax
+	add	$acc1, $acc1
+	adc	$acc2, $acc2
+	adc	$acc3, $acc3
+	adc	$acc4, $acc4
+	adc	$acc5, $acc5
+	adc	$acc6, $acc6
+	adc	\$0, $acc7
+
+	################################# Missing products
+	mul	%rax			# a[0] * a[0]
+	mov	%rax, $acc0
+	movq	%xmm1, %rax
+	mov	%rdx, $t1
+
+	mul	%rax			# a[1] * a[1]
+	add	$t1, $acc1
+	adc	%rax, $acc2
+	movq	%xmm2, %rax
+	adc	\$0, %rdx
+	mov	%rdx, $t1
+
+	mul	%rax			# a[2] * a[2]
+	add	$t1, $acc3
+	adc	%rax, $acc4
+	movq	%xmm3, %rax
+	adc	\$0, %rdx
+	mov	%rdx, $t1
+
+	 mov	$acc0, $t0
+	 imulq	8*4($a_ptr), $acc0	# *= .LordK
+
+	mul	%rax			# a[3] * a[3]
+	add	$t1, $acc5
+	adc	%rax, $acc6
+	 mov	8*0($a_ptr), %rax	# modulus[0]
+	adc	%rdx, $acc7		# can't overflow
+
+	################################# First reduction step
+	mul	$acc0
+	mov	$acc0, $t1
+	add	%rax, $t0		# guaranteed to be zero
+	mov	8*1($a_ptr), %rax	# modulus[1]
+	adc	%rdx, $t0
+
+	sub	$acc0, $acc2
+	sbb	\$0, $t1		# can't borrow
+
+	mul	$acc0
+	add	$t0, $acc1
+	adc	\$0, %rdx
+	add	%rax, $acc1
+	mov	$acc0, %rax
+	adc	%rdx, $acc2
+	mov	$acc0, %rdx
+	adc	\$0, $t1		# can't overflow
+
+	 mov	$acc1, $t0
+	 imulq	8*4($a_ptr), $acc1	# *= .LordK
+
+	shl	\$32, %rax
+	shr	\$32, %rdx
+	sub	%rax, $acc3
+	 mov	8*0($a_ptr), %rax
+	sbb	%rdx, $acc0		# can't borrow
+
+	add	$t1, $acc3
+	adc	\$0, $acc0		# can't overflow
+
+	################################# Second reduction step
+	mul	$acc1
+	mov	$acc1, $t1
+	add	%rax, $t0		# guaranteed to be zero
+	mov	8*1($a_ptr), %rax
+	adc	%rdx, $t0
+
+	sub	$acc1, $acc3
+	sbb	\$0, $t1		# can't borrow
+
+	mul	$acc1
+	add	$t0, $acc2
+	adc	\$0, %rdx
+	add	%rax, $acc2
+	mov	$acc1, %rax
+	adc	%rdx, $acc3
+	mov	$acc1, %rdx
+	adc	\$0, $t1		# can't overflow
+
+	 mov	$acc2, $t0
+	 imulq	8*4($a_ptr), $acc2	# *= .LordK
+
+	shl	\$32, %rax
+	shr	\$32, %rdx
+	sub	%rax, $acc0
+	 mov	8*0($a_ptr), %rax
+	sbb	%rdx, $acc1		# can't borrow
+
+	add	$t1, $acc0
+	adc	\$0, $acc1		# can't overflow
+
+	################################# Third reduction step
+	mul	$acc2
+	mov	$acc2, $t1
+	add	%rax, $t0		# guaranteed to be zero
+	mov	8*1($a_ptr), %rax
+	adc	%rdx, $t0
+
+	sub	$acc2, $acc0
+	sbb	\$0, $t1		# can't borrow
+
+	mul	$acc2
+	add	$t0, $acc3
+	adc	\$0, %rdx
+	add	%rax, $acc3
+	mov	$acc2, %rax
+	adc	%rdx, $acc0
+	mov	$acc2, %rdx
+	adc	\$0, $t1		# can't overflow
+
+	 mov	$acc3, $t0
+	 imulq	8*4($a_ptr), $acc3	# *= .LordK
+
+	shl	\$32, %rax
+	shr	\$32, %rdx
+	sub	%rax, $acc1
+	 mov	8*0($a_ptr), %rax
+	sbb	%rdx, $acc2		# can't borrow
+
+	add	$t1, $acc1
+	adc	\$0, $acc2		# can't overflow
+
+	################################# Last reduction step
+	mul	$acc3
+	mov	$acc3, $t1
+	add	%rax, $t0		# guaranteed to be zero
+	mov	8*1($a_ptr), %rax
+	adc	%rdx, $t0
+
+	sub	$acc3, $acc1
+	sbb	\$0, $t1		# can't borrow
+
+	mul	$acc3
+	add	$t0, $acc0
+	adc	\$0, %rdx
+	add	%rax, $acc0
+	mov	$acc3, %rax
+	adc	%rdx, $acc1
+	mov	$acc3, %rdx
+	adc	\$0, $t1		# can't overflow
+
+	shl	\$32, %rax
+	shr	\$32, %rdx
+	sub	%rax, $acc2
+	sbb	%rdx, $acc3		# can't borrow
+
+	add	$t1, $acc2
+	adc	\$0, $acc3		# can't overflow
+
+	################################# Add bits [511:256] of the sqr result
+	xor	%rdx, %rdx
+	add	$acc4, $acc0
+	adc	$acc5, $acc1
+	 mov	$acc0, $acc4
+	adc	$acc6, $acc2
+	adc	$acc7, $acc3
+	 mov	$acc1, %rax
+	adc	\$0, %rdx
+
+	################################# Compare to modulus
+	sub	8*0($a_ptr), $acc0
+	 mov	$acc2, $acc6
+	sbb	8*1($a_ptr), $acc1
+	sbb	8*2($a_ptr), $acc2
+	 mov	$acc3, $acc7
+	sbb	8*3($a_ptr), $acc3
+	sbb	\$0, %rdx
+
+	cmovc	$acc4, $acc0
+	cmovnc	$acc1, %rax
+	cmovnc	$acc2, $acc6
+	cmovnc	$acc3, $acc7
+
+	dec	$b_ptr
+	jnz	.Loop_ord_sqr
+
+	mov	$acc0, 8*0($r_ptr)
+	mov	%rax,  8*1($r_ptr)
+	pxor	%xmm1, %xmm1
+	mov	$acc6, 8*2($r_ptr)
+	pxor	%xmm2, %xmm2
+	mov	$acc7, 8*3($r_ptr)
+	pxor	%xmm3, %xmm3
+
+	mov	0(%rsp),%r15
+.cfi_restore	%r15
+	mov	8(%rsp),%r14
+.cfi_restore	%r14
+	mov	16(%rsp),%r13
+.cfi_restore	%r13
+	mov	24(%rsp),%r12
+.cfi_restore	%r12
+	mov	32(%rsp),%rbx
+.cfi_restore	%rbx
+	mov	40(%rsp),%rbp
+.cfi_restore	%rbp
+	lea	48(%rsp),%rsp
+.cfi_adjust_cfa_offset	-48
+.Lord_sqr_epilogue:
+	ret
+.cfi_endproc
+.size	ecp_nistz256_ord_sqr_mont,.-ecp_nistz256_ord_sqr_mont
+___
+
+$code.=<<___	if ($addx);
+################################################################################
+.type	ecp_nistz256_ord_mul_montx,\@function,3
+.align	32
+ecp_nistz256_ord_mul_montx:
+.cfi_startproc
+.Lecp_nistz256_ord_mul_montx:
+	push	%rbp
+.cfi_push	%rbp
+	push	%rbx
+.cfi_push	%rbx
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+.Lord_mulx_body:
+
+	mov	$b_org, $b_ptr
+	mov	8*0($b_org), %rdx
+	mov	8*0($a_ptr), $acc1
+	mov	8*1($a_ptr), $acc2
+	mov	8*2($a_ptr), $acc3
+	mov	8*3($a_ptr), $acc4
+	lea	-128($a_ptr), $a_ptr	# control u-op density
+	lea	.Lord-128(%rip), %r14
+	mov	.LordK(%rip), %r15
+
+	################################# Multiply by b[0]
+	mulx	$acc1, $acc0, $acc1
+	mulx	$acc2, $t0, $acc2
+	mulx	$acc3, $t1, $acc3
+	add	$t0, $acc1
+	mulx	$acc4, $t0, $acc4
+	 mov	$acc0, %rdx
+	 mulx	%r15, %rdx, %rax
+	adc	$t1, $acc2
+	adc	$t0, $acc3
+	adc	\$0, $acc4
+
+	################################# reduction
+	xor	$acc5, $acc5		# $acc5=0, cf=0, of=0
+	mulx	8*0+128(%r14), $t0, $t1
+	adcx	$t0, $acc0		# guaranteed to be zero
+	adox	$t1, $acc1
+
+	mulx	8*1+128(%r14), $t0, $t1
+	adcx	$t0, $acc1
+	adox	$t1, $acc2
+
+	mulx	8*2+128(%r14), $t0, $t1
+	adcx	$t0, $acc2
+	adox	$t1, $acc3
+
+	mulx	8*3+128(%r14), $t0, $t1
+	 mov	8*1($b_ptr), %rdx
+	adcx	$t0, $acc3
+	adox	$t1, $acc4
+	adcx	$acc0, $acc4
+	adox	$acc0, $acc5
+	adc	\$0, $acc5		# cf=0, of=0
+
+	################################# Multiply by b[1]
+	mulx	8*0+128($a_ptr), $t0, $t1
+	adcx	$t0, $acc1
+	adox	$t1, $acc2
+
+	mulx	8*1+128($a_ptr), $t0, $t1
+	adcx	$t0, $acc2
+	adox	$t1, $acc3
+
+	mulx	8*2+128($a_ptr), $t0, $t1
+	adcx	$t0, $acc3
+	adox	$t1, $acc4
+
+	mulx	8*3+128($a_ptr), $t0, $t1
+	 mov	$acc1, %rdx
+	 mulx	%r15, %rdx, %rax
+	adcx	$t0, $acc4
+	adox	$t1, $acc5
+
+	adcx	$acc0, $acc5
+	adox	$acc0, $acc0
+	adc	\$0, $acc0		# cf=0, of=0
+
+	################################# reduction
+	mulx	8*0+128(%r14), $t0, $t1
+	adcx	$t0, $acc1		# guaranteed to be zero
+	adox	$t1, $acc2
+
+	mulx	8*1+128(%r14), $t0, $t1
+	adcx	$t0, $acc2
+	adox	$t1, $acc3
+
+	mulx	8*2+128(%r14), $t0, $t1
+	adcx	$t0, $acc3
+	adox	$t1, $acc4
+
+	mulx	8*3+128(%r14), $t0, $t1
+	 mov	8*2($b_ptr), %rdx
+	adcx	$t0, $acc4
+	adox	$t1, $acc5
+	adcx	$acc1, $acc5
+	adox	$acc1, $acc0
+	adc	\$0, $acc0		# cf=0, of=0
+
+	################################# Multiply by b[2]
+	mulx	8*0+128($a_ptr), $t0, $t1
+	adcx	$t0, $acc2
+	adox	$t1, $acc3
+
+	mulx	8*1+128($a_ptr), $t0, $t1
+	adcx	$t0, $acc3
+	adox	$t1, $acc4
+
+	mulx	8*2+128($a_ptr), $t0, $t1
+	adcx	$t0, $acc4
+	adox	$t1, $acc5
+
+	mulx	8*3+128($a_ptr), $t0, $t1
+	 mov	$acc2, %rdx
+	 mulx	%r15, %rdx, %rax
+	adcx	$t0, $acc5
+	adox	$t1, $acc0
+
+	adcx	$acc1, $acc0
+	adox	$acc1, $acc1
+	adc	\$0, $acc1		# cf=0, of=0
+
+	################################# reduction
+	mulx	8*0+128(%r14), $t0, $t1
+	adcx	$t0, $acc2		# guaranteed to be zero
+	adox	$t1, $acc3
+
+	mulx	8*1+128(%r14), $t0, $t1
+	adcx	$t0, $acc3
+	adox	$t1, $acc4
+
+	mulx	8*2+128(%r14), $t0, $t1
+	adcx	$t0, $acc4
+	adox	$t1, $acc5
+
+	mulx	8*3+128(%r14), $t0, $t1
+	 mov	8*3($b_ptr), %rdx
+	adcx	$t0, $acc5
+	adox	$t1, $acc0
+	adcx	$acc2, $acc0
+	adox	$acc2, $acc1
+	adc	\$0, $acc1		# cf=0, of=0
+
+	################################# Multiply by b[3]
+	mulx	8*0+128($a_ptr), $t0, $t1
+	adcx	$t0, $acc3
+	adox	$t1, $acc4
+
+	mulx	8*1+128($a_ptr), $t0, $t1
+	adcx	$t0, $acc4
+	adox	$t1, $acc5
+
+	mulx	8*2+128($a_ptr), $t0, $t1
+	adcx	$t0, $acc5
+	adox	$t1, $acc0
+
+	mulx	8*3+128($a_ptr), $t0, $t1
+	 mov	$acc3, %rdx
+	 mulx	%r15, %rdx, %rax
+	adcx	$t0, $acc0
+	adox	$t1, $acc1
+
+	adcx	$acc2, $acc1
+	adox	$acc2, $acc2
+	adc	\$0, $acc2		# cf=0, of=0
+
+	################################# reduction
+	mulx	8*0+128(%r14), $t0, $t1
+	adcx	$t0, $acc3		# guranteed to be zero
+	adox	$t1, $acc4
+
+	mulx	8*1+128(%r14), $t0, $t1
+	adcx	$t0, $acc4
+	adox	$t1, $acc5
+
+	mulx	8*2+128(%r14), $t0, $t1
+	adcx	$t0, $acc5
+	adox	$t1, $acc0
+
+	mulx	8*3+128(%r14), $t0, $t1
+	lea	128(%r14),%r14
+	 mov	$acc4, $t2
+	adcx	$t0, $acc0
+	adox	$t1, $acc1
+	 mov	$acc5, $t3
+	adcx	$acc3, $acc1
+	adox	$acc3, $acc2
+	adc	\$0, $acc2
+
+	#################################
+	# Branch-less conditional subtraction of P
+	 mov	$acc0, $t0
+	sub	8*0(%r14), $acc4
+	sbb	8*1(%r14), $acc5
+	sbb	8*2(%r14), $acc0
+	 mov	$acc1, $t1
+	sbb	8*3(%r14), $acc1
+	sbb	\$0, $acc2
+
+	cmovc	$t2, $acc4
+	cmovc	$t3, $acc5
+	cmovc	$t0, $acc0
+	cmovc	$t1, $acc1
+
+	mov	$acc4, 8*0($r_ptr)
+	mov	$acc5, 8*1($r_ptr)
+	mov	$acc0, 8*2($r_ptr)
+	mov	$acc1, 8*3($r_ptr)
+
+	mov	0(%rsp),%r15
+.cfi_restore	%r15
+	mov	8(%rsp),%r14
+.cfi_restore	%r14
+	mov	16(%rsp),%r13
+.cfi_restore	%r13
+	mov	24(%rsp),%r12
+.cfi_restore	%r12
+	mov	32(%rsp),%rbx
+.cfi_restore	%rbx
+	mov	40(%rsp),%rbp
+.cfi_restore	%rbp
+	lea	48(%rsp),%rsp
+.cfi_adjust_cfa_offset	-48
+.Lord_mulx_epilogue:
+	ret
+.cfi_endproc
+.size	ecp_nistz256_ord_mul_montx,.-ecp_nistz256_ord_mul_montx
+
+.type	ecp_nistz256_ord_sqr_montx,\@function,3
+.align	32
+ecp_nistz256_ord_sqr_montx:
+.cfi_startproc
+.Lecp_nistz256_ord_sqr_montx:
+	push	%rbp
+.cfi_push	%rbp
+	push	%rbx
+.cfi_push	%rbx
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+.Lord_sqrx_body:
+
+	mov	$b_org, $b_ptr
+	mov	8*0($a_ptr), %rdx
+	mov	8*1($a_ptr), $acc6
+	mov	8*2($a_ptr), $acc7
+	mov	8*3($a_ptr), $acc0
+	lea	.Lord(%rip), $a_ptr
+	jmp	.Loop_ord_sqrx
+
+.align	32
+.Loop_ord_sqrx:
+	mulx	$acc6, $acc1, $acc2	# a[0]*a[1]
+	mulx	$acc7, $t0, $acc3	# a[0]*a[2]
+	 mov	%rdx, %rax		# offload a[0]
+	 movq	$acc6, %xmm1		# offload a[1]
+	mulx	$acc0, $t1, $acc4	# a[0]*a[3]
+	 mov	$acc6, %rdx
+	add	$t0, $acc2
+	 movq	$acc7, %xmm2		# offload a[2]
+	adc	$t1, $acc3
+	adc	\$0, $acc4
+	xor	$acc5, $acc5		# $acc5=0,cf=0,of=0
+	#################################
+	mulx	$acc7, $t0, $t1		# a[1]*a[2]
+	adcx	$t0, $acc3
+	adox	$t1, $acc4
+
+	mulx	$acc0, $t0, $t1		# a[1]*a[3]
+	 mov	$acc7, %rdx
+	adcx	$t0, $acc4
+	adox	$t1, $acc5
+	adc	\$0, $acc5
+	#################################
+	mulx	$acc0, $t0, $acc6	# a[2]*a[3]
+	mov	%rax, %rdx
+	 movq	$acc0, %xmm3		# offload a[3]
+	xor	$acc7, $acc7		# $acc7=0,cf=0,of=0
+	 adcx	$acc1, $acc1		# acc1:6<<1
+	adox	$t0, $acc5
+	 adcx	$acc2, $acc2
+	adox	$acc7, $acc6		# of=0
+
+	################################# a[i]*a[i]
+	mulx	%rdx, $acc0, $t1
+	movq	%xmm1, %rdx
+	 adcx	$acc3, $acc3
+	adox	$t1, $acc1
+	 adcx	$acc4, $acc4
+	mulx	%rdx, $t0, $t4
+	movq	%xmm2, %rdx
+	 adcx	$acc5, $acc5
+	adox	$t0, $acc2
+	 adcx	$acc6, $acc6
+	mulx	%rdx, $t0, $t1
+	.byte	0x67
+	movq	%xmm3, %rdx
+	adox	$t4, $acc3
+	 adcx	$acc7, $acc7
+	adox	$t0, $acc4
+	adox	$t1, $acc5
+	mulx	%rdx, $t0, $t4
+	adox	$t0, $acc6
+	adox	$t4, $acc7
+
+	################################# reduction
+	mov	$acc0, %rdx
+	mulx	8*4($a_ptr), %rdx, $t0
+
+	xor	%rax, %rax		# cf=0, of=0
+	mulx	8*0($a_ptr), $t0, $t1
+	adcx	$t0, $acc0		# guaranteed to be zero
+	adox	$t1, $acc1
+	mulx	8*1($a_ptr), $t0, $t1
+	adcx	$t0, $acc1
+	adox	$t1, $acc2
+	mulx	8*2($a_ptr), $t0, $t1
+	adcx	$t0, $acc2
+	adox	$t1, $acc3
+	mulx	8*3($a_ptr), $t0, $t1
+	adcx	$t0, $acc3
+	adox	$t1, $acc0		# of=0
+	adcx	%rax, $acc0		# cf=0
+
+	#################################
+	mov	$acc1, %rdx
+	mulx	8*4($a_ptr), %rdx, $t0
+
+	mulx	8*0($a_ptr), $t0, $t1
+	adox	$t0, $acc1		# guaranteed to be zero
+	adcx	$t1, $acc2
+	mulx	8*1($a_ptr), $t0, $t1
+	adox	$t0, $acc2
+	adcx	$t1, $acc3
+	mulx	8*2($a_ptr), $t0, $t1
+	adox	$t0, $acc3
+	adcx	$t1, $acc0
+	mulx	8*3($a_ptr), $t0, $t1
+	adox	$t0, $acc0
+	adcx	$t1, $acc1		# cf=0
+	adox	%rax, $acc1		# of=0
+
+	#################################
+	mov	$acc2, %rdx
+	mulx	8*4($a_ptr), %rdx, $t0
+
+	mulx	8*0($a_ptr), $t0, $t1
+	adcx	$t0, $acc2		# guaranteed to be zero
+	adox	$t1, $acc3
+	mulx	8*1($a_ptr), $t0, $t1
+	adcx	$t0, $acc3
+	adox	$t1, $acc0
+	mulx	8*2($a_ptr), $t0, $t1
+	adcx	$t0, $acc0
+	adox	$t1, $acc1
+	mulx	8*3($a_ptr), $t0, $t1
+	adcx	$t0, $acc1
+	adox	$t1, $acc2		# of=0
+	adcx	%rax, $acc2		# cf=0
+
+	#################################
+	mov	$acc3, %rdx
+	mulx	8*4($a_ptr), %rdx, $t0
+
+	mulx	8*0($a_ptr), $t0, $t1
+	adox	$t0, $acc3		# guaranteed to be zero
+	adcx	$t1, $acc0
+	mulx	8*1($a_ptr), $t0, $t1
+	adox	$t0, $acc0
+	adcx	$t1, $acc1
+	mulx	8*2($a_ptr), $t0, $t1
+	adox	$t0, $acc1
+	adcx	$t1, $acc2
+	mulx	8*3($a_ptr), $t0, $t1
+	adox	$t0, $acc2
+	adcx	$t1, $acc3
+	adox	%rax, $acc3
+
+	################################# accumulate upper half
+	add	$acc0, $acc4		# add	$acc4, $acc0
+	adc	$acc5, $acc1
+	 mov	$acc4, %rdx
+	adc	$acc6, $acc2
+	adc	$acc7, $acc3
+	 mov	$acc1, $acc6
+	adc	\$0, %rax
+
+	################################# compare to modulus
+	sub	8*0($a_ptr), $acc4
+	 mov	$acc2, $acc7
+	sbb	8*1($a_ptr), $acc1
+	sbb	8*2($a_ptr), $acc2
+	 mov	$acc3, $acc0
+	sbb	8*3($a_ptr), $acc3
+	sbb	\$0, %rax
+
+	cmovnc	$acc4, %rdx
+	cmovnc	$acc1, $acc6
+	cmovnc	$acc2, $acc7
+	cmovnc	$acc3, $acc0
+
+	dec	$b_ptr
+	jnz	.Loop_ord_sqrx
+
+	mov	%rdx, 8*0($r_ptr)
+	mov	$acc6, 8*1($r_ptr)
+	pxor	%xmm1, %xmm1
+	mov	$acc7, 8*2($r_ptr)
+	pxor	%xmm2, %xmm2
+	mov	$acc0, 8*3($r_ptr)
+	pxor	%xmm3, %xmm3
+
+	mov	0(%rsp),%r15
+.cfi_restore	%r15
+	mov	8(%rsp),%r14
+.cfi_restore	%r14
+	mov	16(%rsp),%r13
+.cfi_restore	%r13
+	mov	24(%rsp),%r12
+.cfi_restore	%r12
+	mov	32(%rsp),%rbx
+.cfi_restore	%rbx
+	mov	40(%rsp),%rbp
+.cfi_restore	%rbp
+	lea	48(%rsp),%rsp
+.cfi_adjust_cfa_offset	-48
+.Lord_sqrx_epilogue:
+	ret
+.cfi_endproc
+.size	ecp_nistz256_ord_sqr_montx,.-ecp_nistz256_ord_sqr_montx
+___
+
+$code.=<<___;
+################################################################################
 # void ecp_nistz256_to_mont(
 #   uint64_t res[4],
 #   uint64_t in[4]);
@@ -470,6 +1599,7 @@ $code.=<<___;
 .type	ecp_nistz256_mul_mont,\@function,3
 .align	32
 ecp_nistz256_mul_mont:
+.cfi_startproc
 ___
 $code.=<<___	if ($addx);
 	mov	\$0x80100, %ecx
@@ -478,11 +1608,18 @@ ___
 $code.=<<___;
 .Lmul_mont:
 	push	%rbp
+.cfi_push	%rbp
 	push	%rbx
+.cfi_push	%rbx
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
+.Lmul_body:
 ___
 $code.=<<___	if ($addx);
 	cmp	\$0x80100, %ecx
@@ -515,13 +1652,23 @@ $code.=<<___	if ($addx);
 ___
 $code.=<<___;
 .Lmul_mont_done:
-	pop	%r15
-	pop	%r14
-	pop	%r13
-	pop	%r12
-	pop	%rbx
-	pop	%rbp
+	mov	0(%rsp),%r15
+.cfi_restore	%r15
+	mov	8(%rsp),%r14
+.cfi_restore	%r14
+	mov	16(%rsp),%r13
+.cfi_restore	%r13
+	mov	24(%rsp),%r12
+.cfi_restore	%r12
+	mov	32(%rsp),%rbx
+.cfi_restore	%rbx
+	mov	40(%rsp),%rbp
+.cfi_restore	%rbp
+	lea	48(%rsp),%rsp
+.cfi_adjust_cfa_offset	-48
+.Lmul_epilogue:
 	ret
+.cfi_endproc
 .size	ecp_nistz256_mul_mont,.-ecp_nistz256_mul_mont
 
 .type	__ecp_nistz256_mul_montq,\@abi-omnipotent
@@ -611,7 +1758,7 @@ __ecp_nistz256_mul_montq:
 	adc	\$0, $acc0
 
 	########################################################################
-	# Second reduction step	
+	# Second reduction step
 	mov	$acc1, $t1
 	shl	\$32, $acc1
 	mulq	$poly3
@@ -658,7 +1805,7 @@ __ecp_nistz256_mul_montq:
 	adc	\$0, $acc1
 
 	########################################################################
-	# Third reduction step	
+	# Third reduction step
 	mov	$acc2, $t1
 	shl	\$32, $acc2
 	mulq	$poly3
@@ -705,7 +1852,7 @@ __ecp_nistz256_mul_montq:
 	adc	\$0, $acc2
 
 	########################################################################
-	# Final reduction step	
+	# Final reduction step
 	mov	$acc3, $t1
 	shl	\$32, $acc3
 	mulq	$poly3
@@ -718,7 +1865,7 @@ __ecp_nistz256_mul_montq:
 	 mov	$acc5, $t1
 	adc	\$0, $acc2
 
-	########################################################################	
+	########################################################################
 	# Branch-less conditional subtraction of P
 	sub	\$-1, $acc4		# .Lpoly[0]
 	 mov	$acc0, $t2
@@ -751,6 +1898,7 @@ __ecp_nistz256_mul_montq:
 .type	ecp_nistz256_sqr_mont,\@function,2
 .align	32
 ecp_nistz256_sqr_mont:
+.cfi_startproc
 ___
 $code.=<<___	if ($addx);
 	mov	\$0x80100, %ecx
@@ -758,11 +1906,18 @@ $code.=<<___	if ($addx);
 ___
 $code.=<<___;
 	push	%rbp
+.cfi_push	%rbp
 	push	%rbx
+.cfi_push	%rbx
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
+.Lsqr_body:
 ___
 $code.=<<___	if ($addx);
 	cmp	\$0x80100, %ecx
@@ -791,13 +1946,23 @@ $code.=<<___	if ($addx);
 ___
 $code.=<<___;
 .Lsqr_mont_done:
-	pop	%r15
-	pop	%r14
-	pop	%r13
-	pop	%r12
-	pop	%rbx
-	pop	%rbp
+	mov	0(%rsp),%r15
+.cfi_restore	%r15
+	mov	8(%rsp),%r14
+.cfi_restore	%r14
+	mov	16(%rsp),%r13
+.cfi_restore	%r13
+	mov	24(%rsp),%r12
+.cfi_restore	%r12
+	mov	32(%rsp),%rbx
+.cfi_restore	%rbx
+	mov	40(%rsp),%rbp
+.cfi_restore	%rbp
+	lea	48(%rsp),%rsp
+.cfi_adjust_cfa_offset	-48
+.Lsqr_epilogue:
 	ret
+.cfi_endproc
 .size	ecp_nistz256_sqr_mont,.-ecp_nistz256_sqr_mont
 
 .type	__ecp_nistz256_sqr_montq,\@abi-omnipotent
@@ -1278,8 +2443,12 @@ $code.=<<___;
 .type	ecp_nistz256_from_mont,\@function,2
 .align	32
 ecp_nistz256_from_mont:
+.cfi_startproc
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
+.Lfrom_body:
 
 	mov	8*0($in_ptr), %rax
 	mov	.Lpoly+8*3(%rip), $t2
@@ -1360,9 +2529,15 @@ ecp_nistz256_from_mont:
 	mov	$acc2, 8*2($r_ptr)
 	mov	$acc3, 8*3($r_ptr)
 
-	pop	%r13
-	pop	%r12
+	mov	0(%rsp),%r13
+.cfi_restore	%r13
+	mov	8(%rsp),%r12
+.cfi_restore	%r12
+	lea	16(%rsp),%rsp
+.cfi_adjust_cfa_offset	-16
+.Lfrom_epilogue:
 	ret
+.cfi_endproc
 .size	ecp_nistz256_from_mont,.-ecp_nistz256_from_mont
 ___
 }
@@ -1488,10 +2663,10 @@ $code.=<<___	if ($win64);
 	movaps	0x80(%rsp), %xmm14
 	movaps	0x90(%rsp), %xmm15
 	lea	0xa8(%rsp), %rsp
-.LSEH_end_ecp_nistz256_gather_w5:
 ___
 $code.=<<___;
 	ret
+.LSEH_end_ecp_nistz256_gather_w5:
 .size	ecp_nistz256_gather_w5,.-ecp_nistz256_gather_w5
 
 ################################################################################
@@ -1593,10 +2768,10 @@ $code.=<<___	if ($win64);
 	movaps	0x80(%rsp), %xmm14
 	movaps	0x90(%rsp), %xmm15
 	lea	0xa8(%rsp), %rsp
-.LSEH_end_ecp_nistz256_gather_w7:
 ___
 $code.=<<___;
 	ret
+.LSEH_end_ecp_nistz256_gather_w7:
 .size	ecp_nistz256_gather_w7,.-ecp_nistz256_gather_w7
 ___
 }
@@ -1617,18 +2792,19 @@ ecp_nistz256_avx2_gather_w5:
 ___
 $code.=<<___	if ($win64);
 	lea	-0x88(%rsp), %rax
+	mov	%rsp,%r11
 .LSEH_begin_ecp_nistz256_avx2_gather_w5:
-	.byte	0x48,0x8d,0x60,0xe0		#lea	-0x20(%rax), %rsp
-	.byte	0xc5,0xf8,0x29,0x70,0xe0	#vmovaps %xmm6, -0x20(%rax)
-	.byte	0xc5,0xf8,0x29,0x78,0xf0	#vmovaps %xmm7, -0x10(%rax)
-	.byte	0xc5,0x78,0x29,0x40,0x00	#vmovaps %xmm8, 8(%rax)
-	.byte	0xc5,0x78,0x29,0x48,0x10	#vmovaps %xmm9, 0x10(%rax)
-	.byte	0xc5,0x78,0x29,0x50,0x20	#vmovaps %xmm10, 0x20(%rax)
-	.byte	0xc5,0x78,0x29,0x58,0x30	#vmovaps %xmm11, 0x30(%rax)
-	.byte	0xc5,0x78,0x29,0x60,0x40	#vmovaps %xmm12, 0x40(%rax)
-	.byte	0xc5,0x78,0x29,0x68,0x50	#vmovaps %xmm13, 0x50(%rax)
-	.byte	0xc5,0x78,0x29,0x70,0x60	#vmovaps %xmm14, 0x60(%rax)
-	.byte	0xc5,0x78,0x29,0x78,0x70	#vmovaps %xmm15, 0x70(%rax)
+	.byte	0x48,0x8d,0x60,0xe0		# lea	-0x20(%rax), %rsp
+	.byte	0xc5,0xf8,0x29,0x70,0xe0	# vmovaps %xmm6, -0x20(%rax)
+	.byte	0xc5,0xf8,0x29,0x78,0xf0	# vmovaps %xmm7, -0x10(%rax)
+	.byte	0xc5,0x78,0x29,0x40,0x00	# vmovaps %xmm8, 8(%rax)
+	.byte	0xc5,0x78,0x29,0x48,0x10	# vmovaps %xmm9, 0x10(%rax)
+	.byte	0xc5,0x78,0x29,0x50,0x20	# vmovaps %xmm10, 0x20(%rax)
+	.byte	0xc5,0x78,0x29,0x58,0x30	# vmovaps %xmm11, 0x30(%rax)
+	.byte	0xc5,0x78,0x29,0x60,0x40	# vmovaps %xmm12, 0x40(%rax)
+	.byte	0xc5,0x78,0x29,0x68,0x50	# vmovaps %xmm13, 0x50(%rax)
+	.byte	0xc5,0x78,0x29,0x70,0x60	# vmovaps %xmm14, 0x60(%rax)
+	.byte	0xc5,0x78,0x29,0x78,0x70	# vmovaps %xmm15, 0x70(%rax)
 ___
 $code.=<<___;
 	vmovdqa	.LTwo(%rip), $TWO
@@ -1694,11 +2870,11 @@ $code.=<<___	if ($win64);
 	movaps	0x70(%rsp), %xmm13
 	movaps	0x80(%rsp), %xmm14
 	movaps	0x90(%rsp), %xmm15
-	lea	0xa8(%rsp), %rsp
-.LSEH_end_ecp_nistz256_avx2_gather_w5:
+	lea	(%r11), %rsp
 ___
 $code.=<<___;
 	ret
+.LSEH_end_ecp_nistz256_avx2_gather_w5:
 .size	ecp_nistz256_avx2_gather_w5,.-ecp_nistz256_avx2_gather_w5
 ___
 }
@@ -1721,19 +2897,20 @@ ecp_nistz256_avx2_gather_w7:
 	vzeroupper
 ___
 $code.=<<___	if ($win64);
+	mov	%rsp,%r11
 	lea	-0x88(%rsp), %rax
 .LSEH_begin_ecp_nistz256_avx2_gather_w7:
-	.byte	0x48,0x8d,0x60,0xe0		#lea	-0x20(%rax), %rsp
-	.byte	0xc5,0xf8,0x29,0x70,0xe0	#vmovaps %xmm6, -0x20(%rax)
-	.byte	0xc5,0xf8,0x29,0x78,0xf0	#vmovaps %xmm7, -0x10(%rax)
-	.byte	0xc5,0x78,0x29,0x40,0x00	#vmovaps %xmm8, 8(%rax)
-	.byte	0xc5,0x78,0x29,0x48,0x10	#vmovaps %xmm9, 0x10(%rax)
-	.byte	0xc5,0x78,0x29,0x50,0x20	#vmovaps %xmm10, 0x20(%rax)
-	.byte	0xc5,0x78,0x29,0x58,0x30	#vmovaps %xmm11, 0x30(%rax)
-	.byte	0xc5,0x78,0x29,0x60,0x40	#vmovaps %xmm12, 0x40(%rax)
-	.byte	0xc5,0x78,0x29,0x68,0x50	#vmovaps %xmm13, 0x50(%rax)
-	.byte	0xc5,0x78,0x29,0x70,0x60	#vmovaps %xmm14, 0x60(%rax)
-	.byte	0xc5,0x78,0x29,0x78,0x70	#vmovaps %xmm15, 0x70(%rax)
+	.byte	0x48,0x8d,0x60,0xe0		# lea	-0x20(%rax), %rsp
+	.byte	0xc5,0xf8,0x29,0x70,0xe0	# vmovaps %xmm6, -0x20(%rax)
+	.byte	0xc5,0xf8,0x29,0x78,0xf0	# vmovaps %xmm7, -0x10(%rax)
+	.byte	0xc5,0x78,0x29,0x40,0x00	# vmovaps %xmm8, 8(%rax)
+	.byte	0xc5,0x78,0x29,0x48,0x10	# vmovaps %xmm9, 0x10(%rax)
+	.byte	0xc5,0x78,0x29,0x50,0x20	# vmovaps %xmm10, 0x20(%rax)
+	.byte	0xc5,0x78,0x29,0x58,0x30	# vmovaps %xmm11, 0x30(%rax)
+	.byte	0xc5,0x78,0x29,0x60,0x40	# vmovaps %xmm12, 0x40(%rax)
+	.byte	0xc5,0x78,0x29,0x68,0x50	# vmovaps %xmm13, 0x50(%rax)
+	.byte	0xc5,0x78,0x29,0x70,0x60	# vmovaps %xmm14, 0x60(%rax)
+	.byte	0xc5,0x78,0x29,0x78,0x70	# vmovaps %xmm15, 0x70(%rax)
 ___
 $code.=<<___;
 	vmovdqa	.LThree(%rip), $THREE
@@ -1814,11 +2991,11 @@ $code.=<<___	if ($win64);
 	movaps	0x70(%rsp), %xmm13
 	movaps	0x80(%rsp), %xmm14
 	movaps	0x90(%rsp), %xmm15
-	lea	0xa8(%rsp), %rsp
-.LSEH_end_ecp_nistz256_avx2_gather_w7:
+	lea	(%r11), %rsp
 ___
 $code.=<<___;
 	ret
+.LSEH_end_ecp_nistz256_avx2_gather_w7:
 .size	ecp_nistz256_avx2_gather_w7,.-ecp_nistz256_avx2_gather_w7
 ___
 } else {
@@ -2022,6 +3199,7 @@ $code.=<<___;
 .type	ecp_nistz256_point_double,\@function,2
 .align	32
 ecp_nistz256_point_double:
+.cfi_startproc
 ___
 $code.=<<___	if ($addx);
 	mov	\$0x80100, %ecx
@@ -2038,17 +3216,26 @@ $code.=<<___;
 .type	ecp_nistz256_point_doublex,\@function,2
 .align	32
 ecp_nistz256_point_doublex:
+.cfi_startproc
 .Lpoint_doublex:
 ___
     }
 $code.=<<___;
 	push	%rbp
+.cfi_push	%rbp
 	push	%rbx
+.cfi_push	%rbx
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
 	sub	\$32*5+8, %rsp
+.cfi_adjust_cfa_offset	32*5+8
+.Lpoint_double${x}_body:
 
 .Lpoint_double_shortcut$x:
 	movdqu	0x00($a_ptr), %xmm0		# copy	*(P256_POINT *)$a_ptr.x
@@ -2114,7 +3301,7 @@ $code.=<<___;
 	movq	%xmm1, $r_ptr
 	call	__ecp_nistz256_sqr_mont$x	# p256_sqr_mont(res_y, S);
 ___
-{	
+{
 ######## ecp_nistz256_div_by_2(res_y, res_y); ##########################
 # operate in 4-5-6-7 "name space" that matches squaring output
 #
@@ -2203,7 +3390,7 @@ $code.=<<___;
 	lea	$M(%rsp), $b_ptr
 	mov	$acc4, $acc6			# harmonize sub output and mul input
 	xor	%ecx, %ecx
-	mov	$acc4, $S+8*0(%rsp)		# have to save:-(	
+	mov	$acc4, $S+8*0(%rsp)		# have to save:-(
 	mov	$acc5, $acc2
 	mov	$acc5, $S+8*1(%rsp)
 	cmovz	$acc0, $acc3
@@ -2219,14 +3406,25 @@ $code.=<<___;
 	movq	%xmm1, $r_ptr
 	call	__ecp_nistz256_sub_from$x	# p256_sub(res_y, S, res_y);
 
-	add	\$32*5+8, %rsp
-	pop	%r15
-	pop	%r14
-	pop	%r13
-	pop	%r12
-	pop	%rbx
-	pop	%rbp
+	lea	32*5+56(%rsp), %rsi
+.cfi_def_cfa	%rsi,8
+	mov	-48(%rsi),%r15
+.cfi_restore	%r15
+	mov	-40(%rsi),%r14
+.cfi_restore	%r14
+	mov	-32(%rsi),%r13
+.cfi_restore	%r13
+	mov	-24(%rsi),%r12
+.cfi_restore	%r12
+	mov	-16(%rsi),%rbx
+.cfi_restore	%rbx
+	mov	-8(%rsi),%rbp
+.cfi_restore	%rbp
+	lea	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Lpoint_double${x}_epilogue:
 	ret
+.cfi_endproc
 .size	ecp_nistz256_point_double$sfx,.-ecp_nistz256_point_double$sfx
 ___
 }
@@ -2252,6 +3450,7 @@ $code.=<<___;
 .type	ecp_nistz256_point_add,\@function,3
 .align	32
 ecp_nistz256_point_add:
+.cfi_startproc
 ___
 $code.=<<___	if ($addx);
 	mov	\$0x80100, %ecx
@@ -2268,17 +3467,26 @@ $code.=<<___;
 .type	ecp_nistz256_point_addx,\@function,3
 .align	32
 ecp_nistz256_point_addx:
+.cfi_startproc
 .Lpoint_addx:
 ___
     }
 $code.=<<___;
 	push	%rbp
+.cfi_push	%rbp
 	push	%rbx
+.cfi_push	%rbx
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
 	sub	\$32*18+8, %rsp
+.cfi_adjust_cfa_offset	32*18+8
+.Lpoint_add${x}_body:
 
 	movdqu	0x00($a_ptr), %xmm0		# copy	*(P256_POINT *)$a_ptr
 	movdqu	0x10($a_ptr), %xmm1
@@ -2587,14 +3795,25 @@ $code.=<<___;
 	movdqu	%xmm3, 0x30($r_ptr)
 
 .Ladd_done$x:
-	add	\$32*18+8, %rsp
-	pop	%r15
-	pop	%r14
-	pop	%r13
-	pop	%r12
-	pop	%rbx
-	pop	%rbp
+	lea	32*18+56(%rsp), %rsi
+.cfi_def_cfa	%rsi,8
+	mov	-48(%rsi),%r15
+.cfi_restore	%r15
+	mov	-40(%rsi),%r14
+.cfi_restore	%r14
+	mov	-32(%rsi),%r13
+.cfi_restore	%r13
+	mov	-24(%rsi),%r12
+.cfi_restore	%r12
+	mov	-16(%rsi),%rbx
+.cfi_restore	%rbx
+	mov	-8(%rsi),%rbp
+.cfi_restore	%rbp
+	lea	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Lpoint_add${x}_epilogue:
 	ret
+.cfi_endproc
 .size	ecp_nistz256_point_add$sfx,.-ecp_nistz256_point_add$sfx
 ___
 }
@@ -2619,6 +3838,7 @@ $code.=<<___;
 .type	ecp_nistz256_point_add_affine,\@function,3
 .align	32
 ecp_nistz256_point_add_affine:
+.cfi_startproc
 ___
 $code.=<<___	if ($addx);
 	mov	\$0x80100, %ecx
@@ -2635,17 +3855,26 @@ $code.=<<___;
 .type	ecp_nistz256_point_add_affinex,\@function,3
 .align	32
 ecp_nistz256_point_add_affinex:
+.cfi_startproc
 .Lpoint_add_affinex:
 ___
     }
 $code.=<<___;
 	push	%rbp
+.cfi_push	%rbp
 	push	%rbx
+.cfi_push	%rbx
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
 	sub	\$32*15+8, %rsp
+.cfi_adjust_cfa_offset	32*15+8
+.Ladd_affine${x}_body:
 
 	movdqu	0x00($a_ptr), %xmm0	# copy	*(P256_POINT *)$a_ptr
 	mov	$b_org, $b_ptr		# reassign
@@ -2890,14 +4119,25 @@ $code.=<<___;
 	movdqu	%xmm2, 0x20($r_ptr)
 	movdqu	%xmm3, 0x30($r_ptr)
 
-	add	\$32*15+8, %rsp
-	pop	%r15
-	pop	%r14
-	pop	%r13
-	pop	%r12
-	pop	%rbx
-	pop	%rbp
+	lea	32*15+56(%rsp), %rsi
+.cfi_def_cfa	%rsi,8
+	mov	-48(%rsi),%r15
+.cfi_restore	%r15
+	mov	-40(%rsi),%r14
+.cfi_restore	%r14
+	mov	-32(%rsi),%r13
+.cfi_restore	%r13
+	mov	-24(%rsi),%r12
+.cfi_restore	%r12
+	mov	-16(%rsi),%rbx
+.cfi_restore	%rbx
+	mov	-8(%rsi),%rbp
+.cfi_restore	%rbp
+	lea	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Ladd_affine${x}_epilogue:
 	ret
+.cfi_endproc
 .size	ecp_nistz256_point_add_affine$sfx,.-ecp_nistz256_point_add_affine$sfx
 ___
 }
@@ -3048,11 +4288,395 @@ ___
 }
 }}}
 
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___;
+.extern	__imp_RtlVirtualUnwind
+
+.type	short_handler,\@abi-omnipotent
+.align	16
+short_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# end of prologue label
+	cmp	%r10,%rbx		# context->Rip<end of prologue label
+	jb	.Lcommon_seh_tail
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=epilogue label
+	jae	.Lcommon_seh_tail
+
+	lea	16(%rax),%rax
+
+	mov	-8(%rax),%r12
+	mov	-16(%rax),%r13
+	mov	%r12,216($context)	# restore context->R12
+	mov	%r13,224($context)	# restore context->R13
+
+	jmp	.Lcommon_seh_tail
+.size	short_handler,.-short_handler
+
+.type	full_handler,\@abi-omnipotent
+.align	16
+full_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# end of prologue label
+	cmp	%r10,%rbx		# context->Rip<end of prologue label
+	jb	.Lcommon_seh_tail
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=epilogue label
+	jae	.Lcommon_seh_tail
+
+	mov	8(%r11),%r10d		# HandlerData[2]
+	lea	(%rax,%r10),%rax
+
+	mov	-8(%rax),%rbp
+	mov	-16(%rax),%rbx
+	mov	-24(%rax),%r12
+	mov	-32(%rax),%r13
+	mov	-40(%rax),%r14
+	mov	-48(%rax),%r15
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+	mov	%r12,216($context)	# restore context->R12
+	mov	%r13,224($context)	# restore context->R13
+	mov	%r14,232($context)	# restore context->R14
+	mov	%r15,240($context)	# restore context->R15
+
+.Lcommon_seh_tail:
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rax,152($context)	# restore context->Rsp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+	mov	40($disp),%rdi		# disp->ContextRecord
+	mov	$context,%rsi		# context
+	mov	\$154,%ecx		# sizeof(CONTEXT)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	$disp,%rsi
+	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
+	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
+	mov	0(%rsi),%r8		# arg3, disp->ControlPc
+	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
+	mov	40(%rsi),%r10		# disp->ContextRecord
+	lea	56(%rsi),%r11		# &disp->HandlerData
+	lea	24(%rsi),%r12		# &disp->EstablisherFrame
+	mov	%r10,32(%rsp)		# arg5
+	mov	%r11,40(%rsp)		# arg6
+	mov	%r12,48(%rsp)		# arg7
+	mov	%rcx,56(%rsp)		# arg8, (NULL)
+	call	*__imp_RtlVirtualUnwind(%rip)
+
+	mov	\$1,%eax		# ExceptionContinueSearch
+	add	\$64,%rsp
+	popfq
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+	pop	%rdi
+	pop	%rsi
+	ret
+.size	full_handler,.-full_handler
+
+.section	.pdata
+.align	4
+	.rva	.LSEH_begin_ecp_nistz256_mul_by_2
+	.rva	.LSEH_end_ecp_nistz256_mul_by_2
+	.rva	.LSEH_info_ecp_nistz256_mul_by_2
+
+	.rva	.LSEH_begin_ecp_nistz256_div_by_2
+	.rva	.LSEH_end_ecp_nistz256_div_by_2
+	.rva	.LSEH_info_ecp_nistz256_div_by_2
+
+	.rva	.LSEH_begin_ecp_nistz256_mul_by_3
+	.rva	.LSEH_end_ecp_nistz256_mul_by_3
+	.rva	.LSEH_info_ecp_nistz256_mul_by_3
+
+	.rva	.LSEH_begin_ecp_nistz256_add
+	.rva	.LSEH_end_ecp_nistz256_add
+	.rva	.LSEH_info_ecp_nistz256_add
+
+	.rva	.LSEH_begin_ecp_nistz256_sub
+	.rva	.LSEH_end_ecp_nistz256_sub
+	.rva	.LSEH_info_ecp_nistz256_sub
+
+	.rva	.LSEH_begin_ecp_nistz256_neg
+	.rva	.LSEH_end_ecp_nistz256_neg
+	.rva	.LSEH_info_ecp_nistz256_neg
+
+	.rva	.LSEH_begin_ecp_nistz256_ord_mul_mont
+	.rva	.LSEH_end_ecp_nistz256_ord_mul_mont
+	.rva	.LSEH_info_ecp_nistz256_ord_mul_mont
+
+	.rva	.LSEH_begin_ecp_nistz256_ord_sqr_mont
+	.rva	.LSEH_end_ecp_nistz256_ord_sqr_mont
+	.rva	.LSEH_info_ecp_nistz256_ord_sqr_mont
+___
+$code.=<<___	if ($addx);
+	.rva	.LSEH_begin_ecp_nistz256_ord_mul_montx
+	.rva	.LSEH_end_ecp_nistz256_ord_mul_montx
+	.rva	.LSEH_info_ecp_nistz256_ord_mul_montx
+
+	.rva	.LSEH_begin_ecp_nistz256_ord_sqr_montx
+	.rva	.LSEH_end_ecp_nistz256_ord_sqr_montx
+	.rva	.LSEH_info_ecp_nistz256_ord_sqr_montx
+___
+$code.=<<___;
+	.rva	.LSEH_begin_ecp_nistz256_to_mont
+	.rva	.LSEH_end_ecp_nistz256_to_mont
+	.rva	.LSEH_info_ecp_nistz256_to_mont
+
+	.rva	.LSEH_begin_ecp_nistz256_mul_mont
+	.rva	.LSEH_end_ecp_nistz256_mul_mont
+	.rva	.LSEH_info_ecp_nistz256_mul_mont
+
+	.rva	.LSEH_begin_ecp_nistz256_sqr_mont
+	.rva	.LSEH_end_ecp_nistz256_sqr_mont
+	.rva	.LSEH_info_ecp_nistz256_sqr_mont
+
+	.rva	.LSEH_begin_ecp_nistz256_from_mont
+	.rva	.LSEH_end_ecp_nistz256_from_mont
+	.rva	.LSEH_info_ecp_nistz256_from_mont
+
+	.rva	.LSEH_begin_ecp_nistz256_gather_w5
+	.rva	.LSEH_end_ecp_nistz256_gather_w5
+	.rva	.LSEH_info_ecp_nistz256_gather_wX
+
+	.rva	.LSEH_begin_ecp_nistz256_gather_w7
+	.rva	.LSEH_end_ecp_nistz256_gather_w7
+	.rva	.LSEH_info_ecp_nistz256_gather_wX
+___
+$code.=<<___	if ($avx>1);
+	.rva	.LSEH_begin_ecp_nistz256_avx2_gather_w5
+	.rva	.LSEH_end_ecp_nistz256_avx2_gather_w5
+	.rva	.LSEH_info_ecp_nistz256_avx2_gather_wX
+
+	.rva	.LSEH_begin_ecp_nistz256_avx2_gather_w7
+	.rva	.LSEH_end_ecp_nistz256_avx2_gather_w7
+	.rva	.LSEH_info_ecp_nistz256_avx2_gather_wX
+___
+$code.=<<___;
+	.rva	.LSEH_begin_ecp_nistz256_point_double
+	.rva	.LSEH_end_ecp_nistz256_point_double
+	.rva	.LSEH_info_ecp_nistz256_point_double
+
+	.rva	.LSEH_begin_ecp_nistz256_point_add
+	.rva	.LSEH_end_ecp_nistz256_point_add
+	.rva	.LSEH_info_ecp_nistz256_point_add
+
+	.rva	.LSEH_begin_ecp_nistz256_point_add_affine
+	.rva	.LSEH_end_ecp_nistz256_point_add_affine
+	.rva	.LSEH_info_ecp_nistz256_point_add_affine
+___
+$code.=<<___ if ($addx);
+	.rva	.LSEH_begin_ecp_nistz256_point_doublex
+	.rva	.LSEH_end_ecp_nistz256_point_doublex
+	.rva	.LSEH_info_ecp_nistz256_point_doublex
+
+	.rva	.LSEH_begin_ecp_nistz256_point_addx
+	.rva	.LSEH_end_ecp_nistz256_point_addx
+	.rva	.LSEH_info_ecp_nistz256_point_addx
+
+	.rva	.LSEH_begin_ecp_nistz256_point_add_affinex
+	.rva	.LSEH_end_ecp_nistz256_point_add_affinex
+	.rva	.LSEH_info_ecp_nistz256_point_add_affinex
+___
+$code.=<<___;
+
+.section	.xdata
+.align	8
+.LSEH_info_ecp_nistz256_mul_by_2:
+	.byte	9,0,0,0
+	.rva	short_handler
+	.rva	.Lmul_by_2_body,.Lmul_by_2_epilogue	# HandlerData[]
+.LSEH_info_ecp_nistz256_div_by_2:
+	.byte	9,0,0,0
+	.rva	short_handler
+	.rva	.Ldiv_by_2_body,.Ldiv_by_2_epilogue	# HandlerData[]
+.LSEH_info_ecp_nistz256_mul_by_3:
+	.byte	9,0,0,0
+	.rva	short_handler
+	.rva	.Lmul_by_3_body,.Lmul_by_3_epilogue	# HandlerData[]
+.LSEH_info_ecp_nistz256_add:
+	.byte	9,0,0,0
+	.rva	short_handler
+	.rva	.Ladd_body,.Ladd_epilogue		# HandlerData[]
+.LSEH_info_ecp_nistz256_sub:
+	.byte	9,0,0,0
+	.rva	short_handler
+	.rva	.Lsub_body,.Lsub_epilogue		# HandlerData[]
+.LSEH_info_ecp_nistz256_neg:
+	.byte	9,0,0,0
+	.rva	short_handler
+	.rva	.Lneg_body,.Lneg_epilogue		# HandlerData[]
+.LSEH_info_ecp_nistz256_ord_mul_mont:
+	.byte	9,0,0,0
+	.rva	full_handler
+	.rva	.Lord_mul_body,.Lord_mul_epilogue	# HandlerData[]
+	.long	48,0
+.LSEH_info_ecp_nistz256_ord_sqr_mont:
+	.byte	9,0,0,0
+	.rva	full_handler
+	.rva	.Lord_sqr_body,.Lord_sqr_epilogue	# HandlerData[]
+	.long	48,0
+___
+$code.=<<___ if ($addx);
+.LSEH_info_ecp_nistz256_ord_mul_montx:
+	.byte	9,0,0,0
+	.rva	full_handler
+	.rva	.Lord_mulx_body,.Lord_mulx_epilogue	# HandlerData[]
+	.long	48,0
+.LSEH_info_ecp_nistz256_ord_sqr_montx:
+	.byte	9,0,0,0
+	.rva	full_handler
+	.rva	.Lord_sqrx_body,.Lord_sqrx_epilogue	# HandlerData[]
+	.long	48,0
+___
+$code.=<<___;
+.LSEH_info_ecp_nistz256_to_mont:
+	.byte	9,0,0,0
+	.rva	full_handler
+	.rva	.Lmul_body,.Lmul_epilogue		# HandlerData[]
+	.long	48,0
+.LSEH_info_ecp_nistz256_mul_mont:
+	.byte	9,0,0,0
+	.rva	full_handler
+	.rva	.Lmul_body,.Lmul_epilogue		# HandlerData[]
+	.long	48,0
+.LSEH_info_ecp_nistz256_sqr_mont:
+	.byte	9,0,0,0
+	.rva	full_handler
+	.rva	.Lsqr_body,.Lsqr_epilogue		# HandlerData[]
+	.long	48,0
+.LSEH_info_ecp_nistz256_from_mont:
+	.byte	9,0,0,0
+	.rva	short_handler
+	.rva	.Lfrom_body,.Lfrom_epilogue		# HandlerData[]
+.LSEH_info_ecp_nistz256_gather_wX:
+	.byte	0x01,0x33,0x16,0x00
+	.byte	0x33,0xf8,0x09,0x00	#movaps 0x90(rsp),xmm15
+	.byte	0x2e,0xe8,0x08,0x00	#movaps 0x80(rsp),xmm14
+	.byte	0x29,0xd8,0x07,0x00	#movaps 0x70(rsp),xmm13
+	.byte	0x24,0xc8,0x06,0x00	#movaps 0x60(rsp),xmm12
+	.byte	0x1f,0xb8,0x05,0x00	#movaps 0x50(rsp),xmm11
+	.byte	0x1a,0xa8,0x04,0x00	#movaps 0x40(rsp),xmm10
+	.byte	0x15,0x98,0x03,0x00	#movaps 0x30(rsp),xmm9
+	.byte	0x10,0x88,0x02,0x00	#movaps 0x20(rsp),xmm8
+	.byte	0x0c,0x78,0x01,0x00	#movaps 0x10(rsp),xmm7
+	.byte	0x08,0x68,0x00,0x00	#movaps 0x00(rsp),xmm6
+	.byte	0x04,0x01,0x15,0x00	#sub	rsp,0xa8
+	.align	8
+___
+$code.=<<___	if ($avx>1);
+.LSEH_info_ecp_nistz256_avx2_gather_wX:
+	.byte	0x01,0x36,0x17,0x0b
+	.byte	0x36,0xf8,0x09,0x00	# vmovaps 0x90(rsp),xmm15
+	.byte	0x31,0xe8,0x08,0x00	# vmovaps 0x80(rsp),xmm14
+	.byte	0x2c,0xd8,0x07,0x00	# vmovaps 0x70(rsp),xmm13
+	.byte	0x27,0xc8,0x06,0x00	# vmovaps 0x60(rsp),xmm12
+	.byte	0x22,0xb8,0x05,0x00	# vmovaps 0x50(rsp),xmm11
+	.byte	0x1d,0xa8,0x04,0x00	# vmovaps 0x40(rsp),xmm10
+	.byte	0x18,0x98,0x03,0x00	# vmovaps 0x30(rsp),xmm9
+	.byte	0x13,0x88,0x02,0x00	# vmovaps 0x20(rsp),xmm8
+	.byte	0x0e,0x78,0x01,0x00	# vmovaps 0x10(rsp),xmm7
+	.byte	0x09,0x68,0x00,0x00	# vmovaps 0x00(rsp),xmm6
+	.byte	0x04,0x01,0x15,0x00	# sub	  rsp,0xa8
+	.byte	0x00,0xb3,0x00,0x00	# set_frame r11
+	.align	8
+___
+$code.=<<___;
+.LSEH_info_ecp_nistz256_point_double:
+	.byte	9,0,0,0
+	.rva	full_handler
+	.rva	.Lpoint_doubleq_body,.Lpoint_doubleq_epilogue	# HandlerData[]
+	.long	32*5+56,0
+.LSEH_info_ecp_nistz256_point_add:
+	.byte	9,0,0,0
+	.rva	full_handler
+	.rva	.Lpoint_addq_body,.Lpoint_addq_epilogue		# HandlerData[]
+	.long	32*18+56,0
+.LSEH_info_ecp_nistz256_point_add_affine:
+	.byte	9,0,0,0
+	.rva	full_handler
+	.rva	.Ladd_affineq_body,.Ladd_affineq_epilogue	# HandlerData[]
+	.long	32*15+56,0
+___
+$code.=<<___ if ($addx);
+.align	8
+.LSEH_info_ecp_nistz256_point_doublex:
+	.byte	9,0,0,0
+	.rva	full_handler
+	.rva	.Lpoint_doublex_body,.Lpoint_doublex_epilogue	# HandlerData[]
+	.long	32*5+56,0
+.LSEH_info_ecp_nistz256_point_addx:
+	.byte	9,0,0,0
+	.rva	full_handler
+	.rva	.Lpoint_addx_body,.Lpoint_addx_epilogue		# HandlerData[]
+	.long	32*18+56,0
+.LSEH_info_ecp_nistz256_point_add_affinex:
+	.byte	9,0,0,0
+	.rva	full_handler
+	.rva	.Ladd_affinex_body,.Ladd_affinex_epilogue	# HandlerData[]
+	.long	32*15+56,0
+___
+}
+
 ########################################################################
 # Convert ecp_nistz256_table.c to layout expected by ecp_nistz_gather_w7
 #
-open TABLE,"<ecp_nistz256_table.c"		or 
-open TABLE,"<${dir}../ecp_nistz256_table.c"	or 
+open TABLE,"<ecp_nistz256_table.c"		or
+open TABLE,"<${dir}../ecp_nistz256_table.c"	or
 die "failed to open ecp_nistz256_table.c:",$!;
 
 use integer;
diff --git a/deps/openssl/openssl/crypto/ec/asm/x25519-ppc64.pl b/deps/openssl/openssl/crypto/ec/asm/x25519-ppc64.pl
new file mode 100755
index 0000000000..3773cb27cd
--- /dev/null
+++ b/deps/openssl/openssl/crypto/ec/asm/x25519-ppc64.pl
@@ -0,0 +1,824 @@
+#! /usr/bin/env perl
+# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# X25519 lower-level primitives for PPC64.
+#
+# July 2018.
+#
+# Base 2^64 is faster than base 2^51 on pre-POWER8, most notably ~15%
+# faster on PPC970/G5. POWER8 on the other hand seems to trip on own
+# shoelaces when handling longer carry chains. As base 2^51 has just
+# single-carry pairs, it's 25% faster than base 2^64. Since PPC970 is
+# pretty old, base 2^64 implementation is not engaged. Comparison to
+# compiler-generated code is complicated by the fact that not all
+# compilers support 128-bit integers. When compiler doesn't, like xlc,
+# this module delivers more than 2x improvement, and when it does,
+# from 12% to 30% improvement was measured...
+
+$flavour = shift;
+while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
+die "can't locate ppc-xlate.pl";
+
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
+
+my $sp = "r1";
+my ($rp,$ap,$bp) = map("r$_",3..5);
+
+####################################################### base 2^64
+if (0) {
+my ($bi,$a0,$a1,$a2,$a3,$t0,$t1, $t2,$t3,
+    $acc0,$acc1,$acc2,$acc3,$acc4,$acc5,$acc6,$acc7) =
+    map("r$_",(6..12,22..31));
+my $zero = "r0";
+my $FRAME = 16*8;
+
+$code.=<<___;
+.text
+
+.globl	x25519_fe64_mul
+.type	x25519_fe64_mul,\@function
+.align	5
+x25519_fe64_mul:
+	stdu	$sp,-$FRAME($sp)
+	std	r22,`$FRAME-8*10`($sp)
+	std	r23,`$FRAME-8*9`($sp)
+	std	r24,`$FRAME-8*8`($sp)
+	std	r25,`$FRAME-8*7`($sp)
+	std	r26,`$FRAME-8*6`($sp)
+	std	r27,`$FRAME-8*5`($sp)
+	std	r28,`$FRAME-8*4`($sp)
+	std	r29,`$FRAME-8*3`($sp)
+	std	r30,`$FRAME-8*2`($sp)
+	std	r31,`$FRAME-8*1`($sp)
+
+	ld	$bi,0($bp)
+	ld	$a0,0($ap)
+	xor	$zero,$zero,$zero
+	ld	$a1,8($ap)
+	ld	$a2,16($ap)
+	ld	$a3,24($ap)
+
+	mulld	$acc0,$a0,$bi		# a[0]*b[0]
+	mulhdu	$t0,$a0,$bi
+	mulld	$acc1,$a1,$bi		# a[1]*b[0]
+	mulhdu	$t1,$a1,$bi
+	mulld	$acc2,$a2,$bi		# a[2]*b[0]
+	mulhdu	$t2,$a2,$bi
+	mulld	$acc3,$a3,$bi		# a[3]*b[0]
+	mulhdu	$t3,$a3,$bi
+___
+for(my @acc=($acc0,$acc1,$acc2,$acc3,$acc4,$acc5,$acc6,$acc7),
+    my $i=1; $i<4; shift(@acc), $i++) {
+my $acc4 = $i==1? $zero : @acc[4];
+
+$code.=<<___;
+	ld	$bi,`8*$i`($bp)
+	addc	@acc[1],@acc[1],$t0	# accumulate high parts
+	mulld	$t0,$a0,$bi
+	adde	@acc[2],@acc[2],$t1
+	mulld	$t1,$a1,$bi
+	adde	@acc[3],@acc[3],$t2
+	mulld	$t2,$a2,$bi
+	adde	@acc[4],$acc4,$t3
+	mulld	$t3,$a3,$bi
+	addc	@acc[1],@acc[1],$t0	# accumulate low parts
+	mulhdu	$t0,$a0,$bi
+	adde	@acc[2],@acc[2],$t1
+	mulhdu	$t1,$a1,$bi
+	adde	@acc[3],@acc[3],$t2
+	mulhdu	$t2,$a2,$bi
+	adde	@acc[4],@acc[4],$t3
+	mulhdu	$t3,$a3,$bi
+	adde	@acc[5],$zero,$zero
+___
+}
+$code.=<<___;
+	li	$bi,38
+	addc	$acc4,$acc4,$t0
+	mulld	$t0,$acc4,$bi
+	adde	$acc5,$acc5,$t1
+	mulld	$t1,$acc5,$bi
+	adde	$acc6,$acc6,$t2
+	mulld	$t2,$acc6,$bi
+	adde	$acc7,$acc7,$t3
+	mulld	$t3,$acc7,$bi
+
+	addc	$acc0,$acc0,$t0
+	mulhdu	$t0,$acc4,$bi
+	adde	$acc1,$acc1,$t1
+	mulhdu	$t1,$acc5,$bi
+	adde	$acc2,$acc2,$t2
+	mulhdu	$t2,$acc6,$bi
+	adde	$acc3,$acc3,$t3
+	mulhdu	$t3,$acc7,$bi
+	adde	$acc4,$zero,$zero
+
+	addc	$acc1,$acc1,$t0
+	adde	$acc2,$acc2,$t1
+	adde	$acc3,$acc3,$t2
+	adde	$acc4,$acc4,$t3
+
+	mulld	$acc4,$acc4,$bi
+
+	addc	$acc0,$acc0,$acc4
+	addze	$acc1,$acc1
+	addze	$acc2,$acc2
+	addze	$acc3,$acc3
+
+	subfe	$acc4,$acc4,$acc4	# carry -> ~mask
+	std	$acc1,8($rp)
+	andc	$acc4,$bi,$acc4
+	std	$acc2,16($rp)
+	add	$acc0,$acc0,$acc4
+	std	$acc3,24($rp)
+	std	$acc0,0($rp)
+
+	ld	r22,`$FRAME-8*10`($sp)
+	ld	r23,`$FRAME-8*9`($sp)
+	ld	r24,`$FRAME-8*8`($sp)
+	ld	r25,`$FRAME-8*7`($sp)
+	ld	r26,`$FRAME-8*6`($sp)
+	ld	r27,`$FRAME-8*5`($sp)
+	ld	r28,`$FRAME-8*4`($sp)
+	ld	r29,`$FRAME-8*3`($sp)
+	ld	r30,`$FRAME-8*2`($sp)
+	ld	r31,`$FRAME-8*1`($sp)
+	addi	$sp,$sp,$FRAME
+	blr
+	.long	0
+	.byte	0,12,4,0,0x80,10,3,0
+	.long	0
+.size	x25519_fe64_mul,.-x25519_fe64_mul
+
+.globl	x25519_fe64_sqr
+.type	x25519_fe64_sqr,\@function
+.align	5
+x25519_fe64_sqr:
+	stdu	$sp,-$FRAME($sp)
+	std	r22,`$FRAME-8*10`($sp)
+	std	r23,`$FRAME-8*9`($sp)
+	std	r24,`$FRAME-8*8`($sp)
+	std	r25,`$FRAME-8*7`($sp)
+	std	r26,`$FRAME-8*6`($sp)
+	std	r27,`$FRAME-8*5`($sp)
+	std	r28,`$FRAME-8*4`($sp)
+	std	r29,`$FRAME-8*3`($sp)
+	std	r30,`$FRAME-8*2`($sp)
+	std	r31,`$FRAME-8*1`($sp)
+
+	ld	$a0,0($ap)
+	xor	$zero,$zero,$zero
+	ld	$a1,8($ap)
+	ld	$a2,16($ap)
+	ld	$a3,24($ap)
+
+	################################
+	#  |  |  |  |  |  |a1*a0|  |
+	#  |  |  |  |  |a2*a0|  |  |
+	#  |  |a3*a2|a3*a0|  |  |  |
+	#  |  |  |  |a2*a1|  |  |  |
+	#  |  |  |a3*a1|  |  |  |  |
+	# *|  |  |  |  |  |  |  | 2|
+	# +|a3*a3|a2*a2|a1*a1|a0*a0|
+	#  |--+--+--+--+--+--+--+--|
+	#  |A7|A6|A5|A4|A3|A2|A1|A0|, where Ax is $accx, i.e. follow $accx
+	#
+	#  "can't overflow" below mark carrying into high part of
+	#  multiplication result, which can't overflow, because it
+	#  can never be all ones.
+
+	mulld	$acc1,$a1,$a0		# a[1]*a[0]
+	mulhdu	$t1,$a1,$a0
+	mulld	$acc2,$a2,$a0		# a[2]*a[0]
+	mulhdu	$t2,$a2,$a0
+	mulld	$acc3,$a3,$a0		# a[3]*a[0]
+	mulhdu	$acc4,$a3,$a0
+
+	addc	$acc2,$acc2,$t1		# accumulate high parts of multiplication
+	 mulld	$t0,$a2,$a1		# a[2]*a[1]
+	 mulhdu	$t1,$a2,$a1
+	adde	$acc3,$acc3,$t2
+	 mulld	$t2,$a3,$a1		# a[3]*a[1]
+	 mulhdu	$t3,$a3,$a1
+	addze	$acc4,$acc4		# can't overflow
+
+	mulld	$acc5,$a3,$a2		# a[3]*a[2]
+	mulhdu	$acc6,$a3,$a2
+
+	addc	$t1,$t1,$t2		# accumulate high parts of multiplication
+	 mulld	$acc0,$a0,$a0		# a[0]*a[0]
+	addze	$t2,$t3			# can't overflow
+
+	addc	$acc3,$acc3,$t0		# accumulate low parts of multiplication
+	 mulhdu	$a0,$a0,$a0
+	adde	$acc4,$acc4,$t1
+	 mulld	$t1,$a1,$a1		# a[1]*a[1]
+	adde	$acc5,$acc5,$t2
+	 mulhdu	$a1,$a1,$a1
+	addze	$acc6,$acc6		# can't overflow
+
+	addc	$acc1,$acc1,$acc1	# acc[1-6]*=2
+	 mulld	$t2,$a2,$a2		# a[2]*a[2]
+	adde	$acc2,$acc2,$acc2
+	 mulhdu	$a2,$a2,$a2
+	adde	$acc3,$acc3,$acc3
+	 mulld	$t3,$a3,$a3		# a[3]*a[3]
+	adde	$acc4,$acc4,$acc4
+	 mulhdu	$a3,$a3,$a3
+	adde	$acc5,$acc5,$acc5
+	adde	$acc6,$acc6,$acc6
+	addze	$acc7,$zero
+
+	addc	$acc1,$acc1,$a0		# +a[i]*a[i]
+	 li	$bi,38
+	adde	$acc2,$acc2,$t1
+	adde	$acc3,$acc3,$a1
+	adde	$acc4,$acc4,$t2
+	adde	$acc5,$acc5,$a2
+	adde	$acc6,$acc6,$t3
+	adde	$acc7,$acc7,$a3
+
+	mulld	$t0,$acc4,$bi
+	mulld	$t1,$acc5,$bi
+	mulld	$t2,$acc6,$bi
+	mulld	$t3,$acc7,$bi
+
+	addc	$acc0,$acc0,$t0
+	mulhdu	$t0,$acc4,$bi
+	adde	$acc1,$acc1,$t1
+	mulhdu	$t1,$acc5,$bi
+	adde	$acc2,$acc2,$t2
+	mulhdu	$t2,$acc6,$bi
+	adde	$acc3,$acc3,$t3
+	mulhdu	$t3,$acc7,$bi
+	addze	$acc4,$zero
+
+	addc	$acc1,$acc1,$t0
+	adde	$acc2,$acc2,$t1
+	adde	$acc3,$acc3,$t2
+	adde	$acc4,$acc4,$t3
+
+	mulld	$acc4,$acc4,$bi
+
+	addc	$acc0,$acc0,$acc4
+	addze	$acc1,$acc1
+	addze	$acc2,$acc2
+	addze	$acc3,$acc3
+
+	subfe	$acc4,$acc4,$acc4	# carry -> ~mask
+	std	$acc1,8($rp)
+	andc	$acc4,$bi,$acc4
+	std	$acc2,16($rp)
+	add	$acc0,$acc0,$acc4
+	std	$acc3,24($rp)
+	std	$acc0,0($rp)
+
+	ld	r22,`$FRAME-8*10`($sp)
+	ld	r23,`$FRAME-8*9`($sp)
+	ld	r24,`$FRAME-8*8`($sp)
+	ld	r25,`$FRAME-8*7`($sp)
+	ld	r26,`$FRAME-8*6`($sp)
+	ld	r27,`$FRAME-8*5`($sp)
+	ld	r28,`$FRAME-8*4`($sp)
+	ld	r29,`$FRAME-8*3`($sp)
+	ld	r30,`$FRAME-8*2`($sp)
+	ld	r31,`$FRAME-8*1`($sp)
+	addi	$sp,$sp,$FRAME
+	blr
+	.long	0
+	.byte	0,12,4,0,0x80,10,2,0
+	.long	0
+.size	x25519_fe64_sqr,.-x25519_fe64_sqr
+
+.globl	x25519_fe64_mul121666
+.type	x25519_fe64_mul121666,\@function
+.align	5
+x25519_fe64_mul121666:
+	lis	$bi,`65536>>16`
+	ori	$bi,$bi,`121666-65536`
+
+	ld	$t0,0($ap)
+	ld	$t1,8($ap)
+	ld	$bp,16($ap)
+	ld	$ap,24($ap)
+
+	mulld	$a0,$t0,$bi
+	mulhdu	$t0,$t0,$bi
+	mulld	$a1,$t1,$bi
+	mulhdu	$t1,$t1,$bi
+	mulld	$a2,$bp,$bi
+	mulhdu	$bp,$bp,$bi
+	mulld	$a3,$ap,$bi
+	mulhdu	$ap,$ap,$bi
+
+	addc	$a1,$a1,$t0
+	adde	$a2,$a2,$t1
+	adde	$a3,$a3,$bp
+	addze	$ap,    $ap
+
+	mulli	$ap,$ap,38
+
+	addc	$a0,$a0,$ap
+	addze	$a1,$a1
+	addze	$a2,$a2
+	addze	$a3,$a3
+
+	subfe	$t1,$t1,$t1		# carry -> ~mask
+	std	$a1,8($rp)
+	andc	$t0,$t0,$t1
+	std	$a2,16($rp)
+	add	$a0,$a0,$t0
+	std	$a3,24($rp)
+	std	$a0,0($rp)
+
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,2,0
+	.long	0
+.size	x25519_fe64_mul121666,.-x25519_fe64_mul121666
+
+.globl	x25519_fe64_add
+.type	x25519_fe64_add,\@function
+.align	5
+x25519_fe64_add:
+	ld	$a0,0($ap)
+	ld	$t0,0($bp)
+	ld	$a1,8($ap)
+	ld	$t1,8($bp)
+	ld	$a2,16($ap)
+	ld	$bi,16($bp)
+	ld	$a3,24($ap)
+	ld	$bp,24($bp)
+
+	addc	$a0,$a0,$t0
+	adde	$a1,$a1,$t1
+	adde	$a2,$a2,$bi
+	adde	$a3,$a3,$bp
+
+	li	$t0,38
+	subfe	$t1,$t1,$t1		# carry -> ~mask
+	andc	$t1,$t0,$t1
+
+	addc	$a0,$a0,$t1
+	addze	$a1,$a1
+	addze	$a2,$a2
+	addze	$a3,$a3
+
+	subfe	$t1,$t1,$t1		# carry -> ~mask
+	std	$a1,8($rp)
+	andc	$t0,$t0,$t1
+	std	$a2,16($rp)
+	add	$a0,$a0,$t0
+	std	$a3,24($rp)
+	std	$a0,0($rp)
+
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,3,0
+	.long	0
+.size	x25519_fe64_add,.-x25519_fe64_add
+
+.globl	x25519_fe64_sub
+.type	x25519_fe64_sub,\@function
+.align	5
+x25519_fe64_sub:
+	ld	$a0,0($ap)
+	ld	$t0,0($bp)
+	ld	$a1,8($ap)
+	ld	$t1,8($bp)
+	ld	$a2,16($ap)
+	ld	$bi,16($bp)
+	ld	$a3,24($ap)
+	ld	$bp,24($bp)
+
+	subfc	$a0,$t0,$a0
+	subfe	$a1,$t1,$a1
+	subfe	$a2,$bi,$a2
+	subfe	$a3,$bp,$a3
+
+	li	$t0,38
+	subfe	$t1,$t1,$t1		# borrow -> mask
+	xor	$zero,$zero,$zero
+	and	$t1,$t0,$t1
+
+	subfc	$a0,$t1,$a0
+	subfe	$a1,$zero,$a1
+	subfe	$a2,$zero,$a2
+	subfe	$a3,$zero,$a3
+
+	subfe	$t1,$t1,$t1		# borrow -> mask
+	std	$a1,8($rp)
+	and	$t0,$t0,$t1
+	std	$a2,16($rp)
+	subf	$a0,$t0,$a0
+	std	$a3,24($rp)
+	std	$a0,0($rp)
+
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,3,0
+	.long	0
+.size	x25519_fe64_sub,.-x25519_fe64_sub
+
+.globl	x25519_fe64_tobytes
+.type	x25519_fe64_tobytes,\@function
+.align	5
+x25519_fe64_tobytes:
+	ld	$a3,24($ap)
+	ld	$a0,0($ap)
+	ld	$a1,8($ap)
+	ld	$a2,16($ap)
+
+	sradi	$t0,$a3,63		# most significant bit -> mask
+	li	$t1,19
+	and	$t0,$t0,$t1
+	sldi	$a3,$a3,1
+	add	$t0,$t0,$t1		# compare to modulus in the same go
+	srdi	$a3,$a3,1		# most signifcant bit cleared
+
+	addc	$a0,$a0,$t0
+	addze	$a1,$a1
+	addze	$a2,$a2
+	addze	$a3,$a3
+
+	xor	$zero,$zero,$zero
+	sradi	$t0,$a3,63		# most significant bit -> mask
+	sldi	$a3,$a3,1
+	andc	$t0,$t1,$t0
+	srdi	$a3,$a3,1		# most signifcant bit cleared
+
+	subi	$rp,$rp,1
+	subfc	$a0,$t0,$a0
+	subfe	$a1,$zero,$a1
+	subfe	$a2,$zero,$a2
+	subfe	$a3,$zero,$a3
+
+___
+for (my @a=($a0,$a1,$a2,$a3), my $i=0; $i<4; shift(@a), $i++) {
+$code.=<<___;
+	srdi	$t0,@a[0],8
+	stbu	@a[0],1($rp)
+	srdi	@a[0],@a[0],16
+	stbu	$t0,1($rp)
+	srdi	$t0,@a[0],8
+	stbu	@a[0],1($rp)
+	srdi	@a[0],@a[0],16
+	stbu	$t0,1($rp)
+	srdi	$t0,@a[0],8
+	stbu	@a[0],1($rp)
+	srdi	@a[0],@a[0],16
+	stbu	$t0,1($rp)
+	srdi	$t0,@a[0],8
+	stbu	@a[0],1($rp)
+	stbu	$t0,1($rp)
+___
+}
+$code.=<<___;
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,2,0
+	.long	0
+.size	x25519_fe64_tobytes,.-x25519_fe64_tobytes
+___
+}
+####################################################### base 2^51
+{
+my ($bi,$a0,$a1,$a2,$a3,$a4,$t0, $t1,
+    $h0lo,$h0hi,$h1lo,$h1hi,$h2lo,$h2hi,$h3lo,$h3hi,$h4lo,$h4hi) =
+    map("r$_",(6..12,21..31));
+my $mask = "r0";
+my $FRAME = 18*8;
+
+$code.=<<___;
+.text
+
+.globl	x25519_fe51_mul
+.type	x25519_fe51_mul,\@function
+.align	5
+x25519_fe51_mul:
+	stdu	$sp,-$FRAME($sp)
+	std	r21,`$FRAME-8*11`($sp)
+	std	r22,`$FRAME-8*10`($sp)
+	std	r23,`$FRAME-8*9`($sp)
+	std	r24,`$FRAME-8*8`($sp)
+	std	r25,`$FRAME-8*7`($sp)
+	std	r26,`$FRAME-8*6`($sp)
+	std	r27,`$FRAME-8*5`($sp)
+	std	r28,`$FRAME-8*4`($sp)
+	std	r29,`$FRAME-8*3`($sp)
+	std	r30,`$FRAME-8*2`($sp)
+	std	r31,`$FRAME-8*1`($sp)
+
+	ld	$bi,0($bp)
+	ld	$a0,0($ap)
+	ld	$a1,8($ap)
+	ld	$a2,16($ap)
+	ld	$a3,24($ap)
+	ld	$a4,32($ap)
+
+	mulld	$h0lo,$a0,$bi		# a[0]*b[0]
+	mulhdu	$h0hi,$a0,$bi
+
+	mulld	$h1lo,$a1,$bi		# a[1]*b[0]
+	mulhdu	$h1hi,$a1,$bi
+
+	 mulld	$h4lo,$a4,$bi		# a[4]*b[0]
+	 mulhdu	$h4hi,$a4,$bi
+	 ld	$ap,8($bp)
+	 mulli	$a4,$a4,19
+
+	mulld	$h2lo,$a2,$bi		# a[2]*b[0]
+	mulhdu	$h2hi,$a2,$bi
+
+	mulld	$h3lo,$a3,$bi		# a[3]*b[0]
+	mulhdu	$h3hi,$a3,$bi
+___
+for(my @a=($a0,$a1,$a2,$a3,$a4),
+    my $i=1; $i<4; $i++) {
+	($ap,$bi) = ($bi,$ap);
+$code.=<<___;
+	mulld	$t0,@a[4],$bi
+	mulhdu	$t1,@a[4],$bi
+	addc	$h0lo,$h0lo,$t0
+	adde	$h0hi,$h0hi,$t1
+
+	mulld	$t0,@a[0],$bi
+	mulhdu	$t1,@a[0],$bi
+	addc	$h1lo,$h1lo,$t0
+	adde	$h1hi,$h1hi,$t1
+
+	 mulld	$t0,@a[3],$bi
+	 mulhdu	$t1,@a[3],$bi
+	 ld	$ap,`8*($i+1)`($bp)
+	 mulli	@a[3],@a[3],19
+	 addc	$h4lo,$h4lo,$t0
+	 adde	$h4hi,$h4hi,$t1
+
+	mulld	$t0,@a[1],$bi
+	mulhdu	$t1,@a[1],$bi
+	addc	$h2lo,$h2lo,$t0
+	adde	$h2hi,$h2hi,$t1
+
+	mulld	$t0,@a[2],$bi
+	mulhdu	$t1,@a[2],$bi
+	addc	$h3lo,$h3lo,$t0
+	adde	$h3hi,$h3hi,$t1
+___
+	unshift(@a,pop(@a));
+}
+	($ap,$bi) = ($bi,$ap);
+$code.=<<___;
+	mulld	$t0,$a1,$bi
+	mulhdu	$t1,$a1,$bi
+	addc	$h0lo,$h0lo,$t0
+	adde	$h0hi,$h0hi,$t1
+
+	mulld	$t0,$a2,$bi
+	mulhdu	$t1,$a2,$bi
+	addc	$h1lo,$h1lo,$t0
+	adde	$h1hi,$h1hi,$t1
+
+	mulld	$t0,$a3,$bi
+	mulhdu	$t1,$a3,$bi
+	addc	$h2lo,$h2lo,$t0
+	adde	$h2hi,$h2hi,$t1
+
+	mulld	$t0,$a4,$bi
+	mulhdu	$t1,$a4,$bi
+	addc	$h3lo,$h3lo,$t0
+	adde	$h3hi,$h3hi,$t1
+
+	mulld	$t0,$a0,$bi
+	mulhdu	$t1,$a0,$bi
+	addc	$h4lo,$h4lo,$t0
+	adde	$h4hi,$h4hi,$t1
+
+.Lfe51_reduce:
+	li	$mask,-1
+	srdi	$mask,$mask,13		# 0x7ffffffffffff
+
+	srdi	$t0,$h2lo,51
+	and	$a2,$h2lo,$mask
+	insrdi	$t0,$h2hi,51,0		# h2>>51
+	 srdi	$t1,$h0lo,51
+	 and	$a0,$h0lo,$mask
+	 insrdi	$t1,$h0hi,51,0		# h0>>51
+	addc	$h3lo,$h3lo,$t0
+	addze	$h3hi,$h3hi
+	 addc	$h1lo,$h1lo,$t1
+	 addze	$h1hi,$h1hi
+
+	srdi	$t0,$h3lo,51
+	and	$a3,$h3lo,$mask
+	insrdi	$t0,$h3hi,51,0		# h3>>51
+	 srdi	$t1,$h1lo,51
+	 and	$a1,$h1lo,$mask
+	 insrdi	$t1,$h1hi,51,0		# h1>>51
+	addc	$h4lo,$h4lo,$t0
+	addze	$h4hi,$h4hi
+	 add	$a2,$a2,$t1
+
+	srdi	$t0,$h4lo,51
+	and	$a4,$h4lo,$mask
+	insrdi	$t0,$h4hi,51,0
+	mulli	$t0,$t0,19		# (h4 >> 51) * 19
+
+	add	$a0,$a0,$t0
+
+	srdi	$t1,$a2,51
+	and	$a2,$a2,$mask
+	add	$a3,$a3,$t1
+
+	srdi	$t0,$a0,51
+	and	$a0,$a0,$mask
+	add	$a1,$a1,$t0
+
+	std	$a2,16($rp)
+	std	$a3,24($rp)
+	std	$a4,32($rp)
+	std	$a0,0($rp)
+	std	$a1,8($rp)
+
+	ld	r21,`$FRAME-8*11`($sp)
+	ld	r22,`$FRAME-8*10`($sp)
+	ld	r23,`$FRAME-8*9`($sp)
+	ld	r24,`$FRAME-8*8`($sp)
+	ld	r25,`$FRAME-8*7`($sp)
+	ld	r26,`$FRAME-8*6`($sp)
+	ld	r27,`$FRAME-8*5`($sp)
+	ld	r28,`$FRAME-8*4`($sp)
+	ld	r29,`$FRAME-8*3`($sp)
+	ld	r30,`$FRAME-8*2`($sp)
+	ld	r31,`$FRAME-8*1`($sp)
+	addi	$sp,$sp,$FRAME
+	blr
+	.long	0
+	.byte	0,12,4,0,0x80,11,3,0
+	.long	0
+.size	x25519_fe51_mul,.-x25519_fe51_mul
+___
+{
+my ($a0,$a1,$a2,$a3,$a4,$t0,$t1) = ($a0,$a1,$a2,$a3,$a4,$t0,$t1);
+$code.=<<___;
+.globl	x25519_fe51_sqr
+.type	x25519_fe51_sqr,\@function
+.align	5
+x25519_fe51_sqr:
+	stdu	$sp,-$FRAME($sp)
+	std	r21,`$FRAME-8*11`($sp)
+	std	r22,`$FRAME-8*10`($sp)
+	std	r23,`$FRAME-8*9`($sp)
+	std	r24,`$FRAME-8*8`($sp)
+	std	r25,`$FRAME-8*7`($sp)
+	std	r26,`$FRAME-8*6`($sp)
+	std	r27,`$FRAME-8*5`($sp)
+	std	r28,`$FRAME-8*4`($sp)
+	std	r29,`$FRAME-8*3`($sp)
+	std	r30,`$FRAME-8*2`($sp)
+	std	r31,`$FRAME-8*1`($sp)
+
+	ld	$a0,0($ap)
+	ld	$a1,8($ap)
+	ld	$a2,16($ap)
+	ld	$a3,24($ap)
+	ld	$a4,32($ap)
+
+	add	$bi,$a0,$a0		# a[0]*2
+	mulli	$t1,$a4,19		# a[4]*19
+
+	mulld	$h0lo,$a0,$a0
+	mulhdu	$h0hi,$a0,$a0
+	mulld	$h1lo,$a1,$bi
+	mulhdu	$h1hi,$a1,$bi
+	mulld	$h2lo,$a2,$bi
+	mulhdu	$h2hi,$a2,$bi
+	mulld	$h3lo,$a3,$bi
+	mulhdu	$h3hi,$a3,$bi
+	mulld	$h4lo,$a4,$bi
+	mulhdu	$h4hi,$a4,$bi
+	add	$bi,$a1,$a1		# a[1]*2
+___
+	($a4,$t1) = ($t1,$a4);
+$code.=<<___;
+	mulld	$t0,$t1,$a4
+	mulhdu	$t1,$t1,$a4
+	addc	$h3lo,$h3lo,$t0
+	adde	$h3hi,$h3hi,$t1
+
+	mulli	$bp,$a3,19		# a[3]*19
+
+	mulld	$t0,$a1,$a1
+	mulhdu	$t1,$a1,$a1
+	addc	$h2lo,$h2lo,$t0
+	adde	$h2hi,$h2hi,$t1
+	mulld	$t0,$a2,$bi
+	mulhdu	$t1,$a2,$bi
+	addc	$h3lo,$h3lo,$t0
+	adde	$h3hi,$h3hi,$t1
+	mulld	$t0,$a3,$bi
+	mulhdu	$t1,$a3,$bi
+	addc	$h4lo,$h4lo,$t0
+	adde	$h4hi,$h4hi,$t1
+	mulld	$t0,$a4,$bi
+	mulhdu	$t1,$a4,$bi
+	add	$bi,$a3,$a3		# a[3]*2
+	addc	$h0lo,$h0lo,$t0
+	adde	$h0hi,$h0hi,$t1
+___
+	($a3,$t1) = ($bp,$a3);
+$code.=<<___;
+	mulld	$t0,$t1,$a3
+	mulhdu	$t1,$t1,$a3
+	addc	$h1lo,$h1lo,$t0
+	adde	$h1hi,$h1hi,$t1
+	mulld	$t0,$bi,$a4
+	mulhdu	$t1,$bi,$a4
+	add	$bi,$a2,$a2		# a[2]*2
+	addc	$h2lo,$h2lo,$t0
+	adde	$h2hi,$h2hi,$t1
+
+	mulld	$t0,$a2,$a2
+	mulhdu	$t1,$a2,$a2
+	addc	$h4lo,$h4lo,$t0
+	adde	$h4hi,$h4hi,$t1
+	mulld	$t0,$a3,$bi
+	mulhdu	$t1,$a3,$bi
+	addc	$h0lo,$h0lo,$t0
+	adde	$h0hi,$h0hi,$t1
+	mulld	$t0,$a4,$bi
+	mulhdu	$t1,$a4,$bi
+	addc	$h1lo,$h1lo,$t0
+	adde	$h1hi,$h1hi,$t1
+
+	b	.Lfe51_reduce
+	.long	0
+	.byte	0,12,4,0,0x80,11,2,0
+	.long	0
+.size	x25519_fe51_sqr,.-x25519_fe51_sqr
+___
+}
+$code.=<<___;
+.globl	x25519_fe51_mul121666
+.type	x25519_fe51_mul121666,\@function
+.align	5
+x25519_fe51_mul121666:
+	stdu	$sp,-$FRAME($sp)
+	std	r21,`$FRAME-8*11`($sp)
+	std	r22,`$FRAME-8*10`($sp)
+	std	r23,`$FRAME-8*9`($sp)
+	std	r24,`$FRAME-8*8`($sp)
+	std	r25,`$FRAME-8*7`($sp)
+	std	r26,`$FRAME-8*6`($sp)
+	std	r27,`$FRAME-8*5`($sp)
+	std	r28,`$FRAME-8*4`($sp)
+	std	r29,`$FRAME-8*3`($sp)
+	std	r30,`$FRAME-8*2`($sp)
+	std	r31,`$FRAME-8*1`($sp)
+
+	lis	$bi,`65536>>16`
+	ori	$bi,$bi,`121666-65536`
+	ld	$a0,0($ap)
+	ld	$a1,8($ap)
+	ld	$a2,16($ap)
+	ld	$a3,24($ap)
+	ld	$a4,32($ap)
+
+	mulld	$h0lo,$a0,$bi		# a[0]*121666
+	mulhdu	$h0hi,$a0,$bi
+	mulld	$h1lo,$a1,$bi		# a[1]*121666
+	mulhdu	$h1hi,$a1,$bi
+	mulld	$h2lo,$a2,$bi		# a[2]*121666
+	mulhdu	$h2hi,$a2,$bi
+	mulld	$h3lo,$a3,$bi		# a[3]*121666
+	mulhdu	$h3hi,$a3,$bi
+	mulld	$h4lo,$a4,$bi		# a[4]*121666
+	mulhdu	$h4hi,$a4,$bi
+
+	b	.Lfe51_reduce
+	.long	0
+	.byte	0,12,4,0,0x80,11,2,0
+	.long	0
+.size	x25519_fe51_mul121666,.-x25519_fe51_mul121666
+___
+}
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+print $code;
+close STDOUT;
diff --git a/deps/openssl/openssl/crypto/ec/asm/x25519-x86_64.pl b/deps/openssl/openssl/crypto/ec/asm/x25519-x86_64.pl
new file mode 100755
index 0000000000..18dc6af9fa
--- /dev/null
+++ b/deps/openssl/openssl/crypto/ec/asm/x25519-x86_64.pl
@@ -0,0 +1,1117 @@
+#!/usr/bin/env perl
+# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# X25519 lower-level primitives for x86_64.
+#
+# February 2018.
+#
+# This module implements radix 2^51 multiplication and squaring, and
+# radix 2^64 multiplication, squaring, addition, subtraction and final
+# reduction. Latter radix is used on ADCX/ADOX-capable processors such
+# as Broadwell. On related note one should mention that there are
+# vector implementations that provide significantly better performance
+# on some processors(*), but they are large and overly complex. Which
+# in combination with them being effectively processor-specific makes
+# the undertaking hard to justify. The goal for this implementation
+# is rather versatility and simplicity [and ultimately formal
+# verification].
+#
+# (*)	For example sandy2x should provide ~30% improvement on Sandy
+#	Bridge, but only nominal ~5% on Haswell [and big loss on
+#	Broadwell and successors].
+#
+######################################################################
+# Improvement coefficients:
+#
+#			amd64-51(*)	gcc-5.x(**)
+#
+# P4			+22%		+40%
+# Sandy Bridge		-3%		+11%
+# Haswell		-1%		+13%
+# Broadwell(***)	+30%		+35%
+# Skylake(***)		+33%		+47%
+# Silvermont		+20%		+26%
+# Goldmont		+40%		+50%
+# Bulldozer		+20%		+9%
+# Ryzen(***)		+43%		+40%
+# VIA			+170%		+120%
+#
+# (*)	amd64-51 is popular assembly implementation with 2^51 radix,
+#	only multiplication and squaring subroutines were linked
+#	for comparison, but not complete ladder step; gain on most
+#	processors is because this module refrains from shld, and
+#	minor regression on others is because this does result in
+#	higher instruction count;
+# (**)	compiler is free to inline functions, in assembly one would
+#	need to implement ladder step to do that, and it will improve
+#	performance by several percent;
+# (***)	ADCX/ADOX result for 2^64 radix, there is no corresponding
+#	C implementation, so that comparison is always against
+#	2^51 radix;
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT=*OUT;
+
+if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+		=~ /GNU assembler version ([2-9]\.[0-9]+)/) {
+	$addx = ($1>=2.23);
+}
+
+if (!$addx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
+	    `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) {
+	$addx = ($1>=2.10);
+}
+
+if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
+	    `ml64 2>&1` =~ /Version ([0-9]+)\./) {
+	$addx = ($1>=12);
+}
+
+if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) {
+	my $ver = $2 + $3/100.0;	# 3.1->3.01, 3.10->3.10
+	$addx = ($ver>=3.03);
+}
+
+$code.=<<___;
+.text
+
+.globl	x25519_fe51_mul
+.type	x25519_fe51_mul,\@function,3
+.align	32
+x25519_fe51_mul:
+.cfi_startproc
+	push	%rbp
+.cfi_push	%rbp
+	push	%rbx
+.cfi_push	%rbx
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+	lea	-8*5(%rsp),%rsp
+.cfi_adjust_cfa_offset	40
+.Lfe51_mul_body:
+
+	mov	8*0(%rsi),%rax		# f[0]
+	mov	8*0(%rdx),%r11		# load g[0-4]
+	mov	8*1(%rdx),%r12
+	mov	8*2(%rdx),%r13
+	mov	8*3(%rdx),%rbp
+	mov	8*4(%rdx),%r14
+
+	mov	%rdi,8*4(%rsp)		# offload 1st argument
+	mov	%rax,%rdi
+	mulq	%r11			# f[0]*g[0]
+	mov	%r11,8*0(%rsp)		# offload g[0]
+	mov	%rax,%rbx		# %rbx:%rcx = h0
+	mov	%rdi,%rax
+	mov	%rdx,%rcx
+	mulq	%r12			# f[0]*g[1]
+	mov	%r12,8*1(%rsp)		# offload g[1]
+	mov	%rax,%r8		# %r8:%r9 = h1
+	mov	%rdi,%rax
+	lea	(%r14,%r14,8),%r15
+	mov	%rdx,%r9
+	mulq	%r13			# f[0]*g[2]
+	mov	%r13,8*2(%rsp)		# offload g[2]
+	mov	%rax,%r10		# %r10:%r11 = h2
+	mov	%rdi,%rax
+	lea	(%r14,%r15,2),%rdi	# g[4]*19
+	mov	%rdx,%r11
+	mulq	%rbp			# f[0]*g[3]
+	mov	%rax,%r12		# %r12:%r13 = h3
+	mov	8*0(%rsi),%rax		# f[0]
+	mov	%rdx,%r13
+	mulq	%r14			# f[0]*g[4]
+	mov	%rax,%r14		# %r14:%r15 = h4
+	mov	8*1(%rsi),%rax		# f[1]
+	mov	%rdx,%r15
+
+	mulq	%rdi			# f[1]*g[4]*19
+	add	%rax,%rbx
+	mov	8*2(%rsi),%rax		# f[2]
+	adc	%rdx,%rcx
+	mulq	%rdi			# f[2]*g[4]*19
+	add	%rax,%r8
+	mov	8*3(%rsi),%rax		# f[3]
+	adc	%rdx,%r9
+	mulq	%rdi			# f[3]*g[4]*19
+	add	%rax,%r10
+	mov	8*4(%rsi),%rax		# f[4]
+	adc	%rdx,%r11
+	mulq	%rdi			# f[4]*g[4]*19
+	imulq	\$19,%rbp,%rdi		# g[3]*19
+	add	%rax,%r12
+	mov	8*1(%rsi),%rax		# f[1]
+	adc	%rdx,%r13
+	mulq	%rbp			# f[1]*g[3]
+	mov	8*2(%rsp),%rbp		# g[2]
+	add	%rax,%r14
+	mov	8*2(%rsi),%rax		# f[2]
+	adc	%rdx,%r15
+
+	mulq	%rdi			# f[2]*g[3]*19
+	add	%rax,%rbx
+	mov	8*3(%rsi),%rax		# f[3]
+	adc	%rdx,%rcx
+	mulq	%rdi			# f[3]*g[3]*19
+	add	%rax,%r8
+	mov	8*4(%rsi),%rax		# f[4]
+	adc	%rdx,%r9
+	mulq	%rdi			# f[4]*g[3]*19
+	imulq	\$19,%rbp,%rdi		# g[2]*19
+	add	%rax,%r10
+	mov	8*1(%rsi),%rax		# f[1]
+	adc	%rdx,%r11
+	mulq	%rbp			# f[1]*g[2]
+	add	%rax,%r12
+	mov	8*2(%rsi),%rax		# f[2]
+	adc	%rdx,%r13
+	mulq	%rbp			# f[2]*g[2]
+	mov	8*1(%rsp),%rbp		# g[1]
+	add	%rax,%r14
+	mov	8*3(%rsi),%rax		# f[3]
+	adc	%rdx,%r15
+
+	mulq	%rdi			# f[3]*g[2]*19
+	add	%rax,%rbx
+	mov	8*4(%rsi),%rax		# f[3]
+	adc	%rdx,%rcx
+	mulq	%rdi			# f[4]*g[2]*19
+	add	%rax,%r8
+	mov	8*1(%rsi),%rax		# f[1]
+	adc	%rdx,%r9
+	mulq	%rbp			# f[1]*g[1]
+	imulq	\$19,%rbp,%rdi
+	add	%rax,%r10
+	mov	8*2(%rsi),%rax		# f[2]
+	adc	%rdx,%r11
+	mulq	%rbp			# f[2]*g[1]
+	add	%rax,%r12
+	mov	8*3(%rsi),%rax		# f[3]
+	adc	%rdx,%r13
+	mulq	%rbp			# f[3]*g[1]
+	mov	8*0(%rsp),%rbp		# g[0]
+	add	%rax,%r14
+	mov	8*4(%rsi),%rax		# f[4]
+	adc	%rdx,%r15
+
+	mulq	%rdi			# f[4]*g[1]*19
+	add	%rax,%rbx
+	mov	8*1(%rsi),%rax		# f[1]
+	adc	%rdx,%rcx
+	mul	%rbp			# f[1]*g[0]
+	add	%rax,%r8
+	mov	8*2(%rsi),%rax		# f[2]
+	adc	%rdx,%r9
+	mul	%rbp			# f[2]*g[0]
+	add	%rax,%r10
+	mov	8*3(%rsi),%rax		# f[3]
+	adc	%rdx,%r11
+	mul	%rbp			# f[3]*g[0]
+	add	%rax,%r12
+	mov	8*4(%rsi),%rax		# f[4]
+	adc	%rdx,%r13
+	mulq	%rbp			# f[4]*g[0]
+	add	%rax,%r14
+	adc	%rdx,%r15
+
+	mov	8*4(%rsp),%rdi		# restore 1st argument
+	jmp	.Lreduce51
+.Lfe51_mul_epilogue:
+.cfi_endproc
+.size	x25519_fe51_mul,.-x25519_fe51_mul
+
+.globl	x25519_fe51_sqr
+.type	x25519_fe51_sqr,\@function,2
+.align	32
+x25519_fe51_sqr:
+.cfi_startproc
+	push	%rbp
+.cfi_push	%rbp
+	push	%rbx
+.cfi_push	%rbx
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+	lea	-8*5(%rsp),%rsp
+.cfi_adjust_cfa_offset	40
+.Lfe51_sqr_body:
+
+	mov	8*0(%rsi),%rax		# g[0]
+	mov	8*2(%rsi),%r15		# g[2]
+	mov	8*4(%rsi),%rbp		# g[4]
+
+	mov	%rdi,8*4(%rsp)		# offload 1st argument
+	lea	(%rax,%rax),%r14
+	mulq	%rax			# g[0]*g[0]
+	mov	%rax,%rbx
+	mov	8*1(%rsi),%rax		# g[1]
+	mov	%rdx,%rcx
+	mulq	%r14			# 2*g[0]*g[1]
+	mov	%rax,%r8
+	mov	%r15,%rax
+	mov	%r15,8*0(%rsp)		# offload g[2]
+	mov	%rdx,%r9
+	mulq	%r14			# 2*g[0]*g[2]
+	mov	%rax,%r10
+	mov	8*3(%rsi),%rax
+	mov	%rdx,%r11
+	imulq	\$19,%rbp,%rdi		# g[4]*19
+	mulq	%r14			# 2*g[0]*g[3]
+	mov	%rax,%r12
+	mov	%rbp,%rax
+	mov	%rdx,%r13
+	mulq	%r14			# 2*g[0]*g[4]
+	mov	%rax,%r14
+	mov	%rbp,%rax
+	mov	%rdx,%r15
+
+	mulq	%rdi			# g[4]*g[4]*19
+	add	%rax,%r12
+	mov	8*1(%rsi),%rax		# g[1]
+	adc	%rdx,%r13
+
+	mov	8*3(%rsi),%rsi		# g[3]
+	lea	(%rax,%rax),%rbp
+	mulq	%rax			# g[1]*g[1]
+	add	%rax,%r10
+	mov	8*0(%rsp),%rax		# g[2]
+	adc	%rdx,%r11
+	mulq	%rbp			# 2*g[1]*g[2]
+	add	%rax,%r12
+	mov	%rbp,%rax
+	adc	%rdx,%r13
+	mulq	%rsi			# 2*g[1]*g[3]
+	add	%rax,%r14
+	mov	%rbp,%rax
+	adc	%rdx,%r15
+	imulq	\$19,%rsi,%rbp		# g[3]*19
+	mulq	%rdi			# 2*g[1]*g[4]*19
+	add	%rax,%rbx
+	lea	(%rsi,%rsi),%rax
+	adc	%rdx,%rcx
+
+	mulq	%rdi			# 2*g[3]*g[4]*19
+	add	%rax,%r10
+	mov	%rsi,%rax
+	adc	%rdx,%r11
+	mulq	%rbp			# g[3]*g[3]*19
+	add	%rax,%r8
+	mov	8*0(%rsp),%rax		# g[2]
+	adc	%rdx,%r9
+
+	lea	(%rax,%rax),%rsi
+	mulq	%rax			# g[2]*g[2]
+	add	%rax,%r14
+	mov	%rbp,%rax
+	adc	%rdx,%r15
+	mulq	%rsi			# 2*g[2]*g[3]*19
+	add	%rax,%rbx
+	mov	%rsi,%rax
+	adc	%rdx,%rcx
+	mulq	%rdi			# 2*g[2]*g[4]*19
+	add	%rax,%r8
+	adc	%rdx,%r9
+
+	mov	8*4(%rsp),%rdi		# restore 1st argument
+	jmp	.Lreduce51
+
+.align	32
+.Lreduce51:
+	mov	\$0x7ffffffffffff,%rbp
+
+	mov	%r10,%rdx
+	shr	\$51,%r10
+	shl	\$13,%r11
+	and	%rbp,%rdx		# %rdx = g2 = h2 & mask
+	or	%r10,%r11		# h2>>51
+	add	%r11,%r12
+	adc	\$0,%r13		# h3 += h2>>51
+
+	mov	%rbx,%rax
+	shr	\$51,%rbx
+	shl	\$13,%rcx
+	and	%rbp,%rax		# %rax = g0 = h0 & mask
+	or	%rbx,%rcx		# h0>>51
+	add	%rcx,%r8		# h1 += h0>>51
+	adc	\$0,%r9
+
+	mov	%r12,%rbx
+	shr	\$51,%r12
+	shl	\$13,%r13
+	and	%rbp,%rbx		# %rbx = g3 = h3 & mask
+	or	%r12,%r13		# h3>>51
+	add	%r13,%r14		# h4 += h3>>51
+	adc	\$0,%r15
+
+	mov	%r8,%rcx
+	shr	\$51,%r8
+	shl	\$13,%r9
+	and	%rbp,%rcx		# %rcx = g1 = h1 & mask
+	or	%r8,%r9
+	add	%r9,%rdx		# g2 += h1>>51
+
+	mov	%r14,%r10
+	shr	\$51,%r14
+	shl	\$13,%r15
+	and	%rbp,%r10		# %r10 = g4 = h0 & mask
+	or	%r14,%r15		# h0>>51
+
+	lea	(%r15,%r15,8),%r14
+	lea	(%r15,%r14,2),%r15
+	add	%r15,%rax		# g0 += (h0>>51)*19
+
+	mov	%rdx,%r8
+	and	%rbp,%rdx		# g2 &= mask
+	shr	\$51,%r8
+	add	%r8,%rbx		# g3 += g2>>51
+
+	mov	%rax,%r9
+	and	%rbp,%rax		# g0 &= mask
+	shr	\$51,%r9
+	add	%r9,%rcx		# g1 += g0>>51
+
+	mov	%rax,8*0(%rdi)		# save the result
+	mov	%rcx,8*1(%rdi)
+	mov	%rdx,8*2(%rdi)
+	mov	%rbx,8*3(%rdi)
+	mov	%r10,8*4(%rdi)
+
+	mov	8*5(%rsp),%r15
+.cfi_restore	%r15
+	mov	8*6(%rsp),%r14
+.cfi_restore	%r14
+	mov	8*7(%rsp),%r13
+.cfi_restore	%r13
+	mov	8*8(%rsp),%r12
+.cfi_restore	%r12
+	mov	8*9(%rsp),%rbx
+.cfi_restore	%rbx
+	mov	8*10(%rsp),%rbp
+.cfi_restore	%rbp
+	lea	8*11(%rsp),%rsp
+.cfi_adjust_cfa_offset	88
+.Lfe51_sqr_epilogue:
+	ret
+.cfi_endproc
+.size	x25519_fe51_sqr,.-x25519_fe51_sqr
+
+.globl	x25519_fe51_mul121666
+.type	x25519_fe51_mul121666,\@function,2
+.align	32
+x25519_fe51_mul121666:
+.cfi_startproc
+	push	%rbp
+.cfi_push	%rbp
+	push	%rbx
+.cfi_push	%rbx
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+	lea	-8*5(%rsp),%rsp
+.cfi_adjust_cfa_offset	40
+.Lfe51_mul121666_body:
+	mov	\$121666,%eax
+
+	mulq	8*0(%rsi)
+	mov	%rax,%rbx		# %rbx:%rcx = h0
+	mov	\$121666,%eax
+	mov	%rdx,%rcx
+	mulq	8*1(%rsi)
+	mov	%rax,%r8		# %r8:%r9 = h1
+	mov	\$121666,%eax
+	mov	%rdx,%r9
+	mulq	8*2(%rsi)
+	mov	%rax,%r10		# %r10:%r11 = h2
+	mov	\$121666,%eax
+	mov	%rdx,%r11
+	mulq	8*3(%rsi)
+	mov	%rax,%r12		# %r12:%r13 = h3
+	mov	\$121666,%eax		# f[0]
+	mov	%rdx,%r13
+	mulq	8*4(%rsi)
+	mov	%rax,%r14		# %r14:%r15 = h4
+	mov	%rdx,%r15
+
+	jmp	.Lreduce51
+.Lfe51_mul121666_epilogue:
+.cfi_endproc
+.size	x25519_fe51_mul121666,.-x25519_fe51_mul121666
+___
+########################################################################
+# Base 2^64 subroutines modulo 2*(2^255-19)
+#
+if ($addx) {
+my ($acc0,$acc1,$acc2,$acc3,$acc4,$acc5,$acc6,$acc7) = map("%r$_",(8..15));
+
+$code.=<<___;
+.extern	OPENSSL_ia32cap_P
+.globl	x25519_fe64_eligible
+.type	x25519_fe64_eligible,\@abi-omnipotent
+.align	32
+x25519_fe64_eligible:
+	mov	OPENSSL_ia32cap_P+8(%rip),%ecx
+	xor	%eax,%eax
+	and	\$0x80100,%ecx
+	cmp	\$0x80100,%ecx
+	cmove	%ecx,%eax
+	ret
+.size	x25519_fe64_eligible,.-x25519_fe64_eligible
+
+.globl	x25519_fe64_mul
+.type	x25519_fe64_mul,\@function,3
+.align	32
+x25519_fe64_mul:
+.cfi_startproc
+	push	%rbp
+.cfi_push	%rbp
+	push	%rbx
+.cfi_push	%rbx
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+	push	%rdi			# offload dst
+.cfi_push	%rdi
+	lea	-8*2(%rsp),%rsp
+.cfi_adjust_cfa_offset	16
+.Lfe64_mul_body:
+
+	mov	%rdx,%rax
+	mov	8*0(%rdx),%rbp		# b[0]
+	mov	8*0(%rsi),%rdx		# a[0]
+	mov	8*1(%rax),%rcx		# b[1]
+	mov	8*2(%rax),$acc6		# b[2]
+	mov	8*3(%rax),$acc7		# b[3]
+
+	mulx	%rbp,$acc0,%rax		# a[0]*b[0]
+	xor	%edi,%edi		# cf=0,of=0
+	mulx	%rcx,$acc1,%rbx		# a[0]*b[1]
+	adcx	%rax,$acc1
+	mulx	$acc6,$acc2,%rax	# a[0]*b[2]
+	adcx	%rbx,$acc2
+	mulx	$acc7,$acc3,$acc4	# a[0]*b[3]
+	 mov	8*1(%rsi),%rdx		# a[1]
+	adcx	%rax,$acc3
+	mov	$acc6,(%rsp)		# offload b[2]
+	adcx	%rdi,$acc4		# cf=0
+
+	mulx	%rbp,%rax,%rbx		# a[1]*b[0]
+	adox	%rax,$acc1
+	adcx	%rbx,$acc2
+	mulx	%rcx,%rax,%rbx		# a[1]*b[1]
+	adox	%rax,$acc2
+	adcx	%rbx,$acc3
+	mulx	$acc6,%rax,%rbx		# a[1]*b[2]
+	adox	%rax,$acc3
+	adcx	%rbx,$acc4
+	mulx	$acc7,%rax,$acc5	# a[1]*b[3]
+	 mov	8*2(%rsi),%rdx		# a[2]
+	adox	%rax,$acc4
+	adcx	%rdi,$acc5		# cf=0
+	adox	%rdi,$acc5		# of=0
+
+	mulx	%rbp,%rax,%rbx		# a[2]*b[0]
+	adcx	%rax,$acc2
+	adox	%rbx,$acc3
+	mulx	%rcx,%rax,%rbx		# a[2]*b[1]
+	adcx	%rax,$acc3
+	adox	%rbx,$acc4
+	mulx	$acc6,%rax,%rbx		# a[2]*b[2]
+	adcx	%rax,$acc4
+	adox	%rbx,$acc5
+	mulx	$acc7,%rax,$acc6	# a[2]*b[3]
+	 mov	8*3(%rsi),%rdx		# a[3]
+	adcx	%rax,$acc5
+	adox	%rdi,$acc6		# of=0
+	adcx	%rdi,$acc6		# cf=0
+
+	mulx	%rbp,%rax,%rbx		# a[3]*b[0]
+	adox	%rax,$acc3
+	adcx	%rbx,$acc4
+	mulx	%rcx,%rax,%rbx		# a[3]*b[1]
+	adox	%rax,$acc4
+	adcx	%rbx,$acc5
+	mulx	(%rsp),%rax,%rbx	# a[3]*b[2]
+	adox	%rax,$acc5
+	adcx	%rbx,$acc6
+	mulx	$acc7,%rax,$acc7	# a[3]*b[3]
+	 mov	\$38,%edx
+	adox	%rax,$acc6
+	adcx	%rdi,$acc7		# cf=0
+	adox	%rdi,$acc7		# of=0
+
+	jmp	.Lreduce64
+.Lfe64_mul_epilogue:
+.cfi_endproc
+.size	x25519_fe64_mul,.-x25519_fe64_mul
+
+.globl	x25519_fe64_sqr
+.type	x25519_fe64_sqr,\@function,2
+.align	32
+x25519_fe64_sqr:
+.cfi_startproc
+	push	%rbp
+.cfi_push	%rbp
+	push	%rbx
+.cfi_push	%rbx
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+	push	%rdi			# offload dst
+.cfi_push	%rdi
+	lea	-8*2(%rsp),%rsp
+.cfi_adjust_cfa_offset	16
+.Lfe64_sqr_body:
+
+	mov	8*0(%rsi),%rdx		# a[0]
+	mov	8*1(%rsi),%rcx		# a[1]
+	mov	8*2(%rsi),%rbp		# a[2]
+	mov	8*3(%rsi),%rsi		# a[3]
+
+	################################################################
+	mulx	%rdx,$acc0,$acc7	# a[0]*a[0]
+	mulx	%rcx,$acc1,%rax		# a[0]*a[1]
+	xor	%edi,%edi		# cf=0,of=0
+	mulx	%rbp,$acc2,%rbx		# a[0]*a[2]
+	adcx	%rax,$acc2
+	mulx	%rsi,$acc3,$acc4	# a[0]*a[3]
+	 mov	%rcx,%rdx		# a[1]
+	adcx	%rbx,$acc3
+	adcx	%rdi,$acc4		# cf=0
+
+	################################################################
+	mulx	%rbp,%rax,%rbx		# a[1]*a[2]
+	adox	%rax,$acc3
+	adcx	%rbx,$acc4
+	mulx	%rsi,%rax,$acc5		# a[1]*a[3]
+	 mov	%rbp,%rdx		# a[2]
+	adox	%rax,$acc4
+	adcx	%rdi,$acc5
+
+	################################################################
+	mulx	%rsi,%rax,$acc6		# a[2]*a[3]
+	 mov	%rcx,%rdx		# a[1]
+	adox	%rax,$acc5
+	adcx	%rdi,$acc6		# cf=0
+	adox	%rdi,$acc6		# of=0
+
+	 adcx	$acc1,$acc1		# acc1:6<<1
+	adox	$acc7,$acc1
+	 adcx	$acc2,$acc2
+	mulx	%rdx,%rax,%rbx		# a[1]*a[1]
+	 mov	%rbp,%rdx		# a[2]
+	 adcx	$acc3,$acc3
+	adox	%rax,$acc2
+	 adcx	$acc4,$acc4
+	adox	%rbx,$acc3
+	mulx	%rdx,%rax,%rbx		# a[2]*a[2]
+	 mov	%rsi,%rdx		# a[3]
+	 adcx	$acc5,$acc5
+	adox	%rax,$acc4
+	 adcx	$acc6,$acc6
+	adox	%rbx,$acc5
+	mulx	%rdx,%rax,$acc7		# a[3]*a[3]
+	 mov	\$38,%edx
+	adox	%rax,$acc6
+	adcx	%rdi,$acc7		# cf=0
+	adox	%rdi,$acc7		# of=0
+	jmp	.Lreduce64
+
+.align	32
+.Lreduce64:
+	mulx	$acc4,%rax,%rbx
+	adcx	%rax,$acc0
+	adox	%rbx,$acc1
+	mulx	$acc5,%rax,%rbx
+	adcx	%rax,$acc1
+	adox	%rbx,$acc2
+	mulx	$acc6,%rax,%rbx
+	adcx	%rax,$acc2
+	adox	%rbx,$acc3
+	mulx	$acc7,%rax,$acc4
+	adcx	%rax,$acc3
+	adox	%rdi,$acc4
+	adcx	%rdi,$acc4
+
+	mov	8*2(%rsp),%rdi		# restore dst
+	imulq	%rdx,$acc4
+
+	add	$acc4,$acc0
+	adc	\$0,$acc1
+	adc	\$0,$acc2
+	adc	\$0,$acc3
+
+	sbb	%rax,%rax		# cf -> mask
+	and	\$38,%rax
+
+	add	%rax,$acc0
+	mov	$acc1,8*1(%rdi)
+	mov	$acc2,8*2(%rdi)
+	mov	$acc3,8*3(%rdi)
+	mov	$acc0,8*0(%rdi)
+
+	mov	8*3(%rsp),%r15
+.cfi_restore	%r15
+	mov	8*4(%rsp),%r14
+.cfi_restore	%r14
+	mov	8*5(%rsp),%r13
+.cfi_restore	%r13
+	mov	8*6(%rsp),%r12
+.cfi_restore	%r12
+	mov	8*7(%rsp),%rbx
+.cfi_restore	%rbx
+	mov	8*8(%rsp),%rbp
+.cfi_restore	%rbp
+	lea	8*9(%rsp),%rsp
+.cfi_adjust_cfa_offset	88
+.Lfe64_sqr_epilogue:
+	ret
+.cfi_endproc
+.size	x25519_fe64_sqr,.-x25519_fe64_sqr
+
+.globl	x25519_fe64_mul121666
+.type	x25519_fe64_mul121666,\@function,2
+.align	32
+x25519_fe64_mul121666:
+.Lfe64_mul121666_body:
+	mov	\$121666,%edx
+	mulx	8*0(%rsi),$acc0,%rcx
+	mulx	8*1(%rsi),$acc1,%rax
+	add	%rcx,$acc1
+	mulx	8*2(%rsi),$acc2,%rcx
+	adc	%rax,$acc2
+	mulx	8*3(%rsi),$acc3,%rax
+	adc	%rcx,$acc3
+	adc	\$0,%rax
+
+	imulq	\$38,%rax,%rax
+
+	add	%rax,$acc0
+	adc	\$0,$acc1
+	adc	\$0,$acc2
+	adc	\$0,$acc3
+
+	sbb	%rax,%rax		# cf -> mask
+	and	\$38,%rax
+
+	add	%rax,$acc0
+	mov	$acc1,8*1(%rdi)
+	mov	$acc2,8*2(%rdi)
+	mov	$acc3,8*3(%rdi)
+	mov	$acc0,8*0(%rdi)
+
+.Lfe64_mul121666_epilogue:
+	ret
+.size	x25519_fe64_mul121666,.-x25519_fe64_mul121666
+
+.globl	x25519_fe64_add
+.type	x25519_fe64_add,\@function,3
+.align	32
+x25519_fe64_add:
+.Lfe64_add_body:
+	mov	8*0(%rsi),$acc0
+	mov	8*1(%rsi),$acc1
+	mov	8*2(%rsi),$acc2
+	mov	8*3(%rsi),$acc3
+
+	add	8*0(%rdx),$acc0
+	adc	8*1(%rdx),$acc1
+	adc	8*2(%rdx),$acc2
+	adc	8*3(%rdx),$acc3
+
+	sbb	%rax,%rax		# cf -> mask
+	and	\$38,%rax
+
+	add	%rax,$acc0
+	adc	\$0,$acc1
+	adc	\$0,$acc2
+	mov	$acc1,8*1(%rdi)
+	adc	\$0,$acc3
+	mov	$acc2,8*2(%rdi)
+	sbb	%rax,%rax		# cf -> mask
+	mov	$acc3,8*3(%rdi)
+	and	\$38,%rax
+
+	add	%rax,$acc0
+	mov	$acc0,8*0(%rdi)
+
+.Lfe64_add_epilogue:
+	ret
+.size	x25519_fe64_add,.-x25519_fe64_add
+
+.globl	x25519_fe64_sub
+.type	x25519_fe64_sub,\@function,3
+.align	32
+x25519_fe64_sub:
+.Lfe64_sub_body:
+	mov	8*0(%rsi),$acc0
+	mov	8*1(%rsi),$acc1
+	mov	8*2(%rsi),$acc2
+	mov	8*3(%rsi),$acc3
+
+	sub	8*0(%rdx),$acc0
+	sbb	8*1(%rdx),$acc1
+	sbb	8*2(%rdx),$acc2
+	sbb	8*3(%rdx),$acc3
+
+	sbb	%rax,%rax		# cf -> mask
+	and	\$38,%rax
+
+	sub	%rax,$acc0
+	sbb	\$0,$acc1
+	sbb	\$0,$acc2
+	mov	$acc1,8*1(%rdi)
+	sbb	\$0,$acc3
+	mov	$acc2,8*2(%rdi)
+	sbb	%rax,%rax		# cf -> mask
+	mov	$acc3,8*3(%rdi)
+	and	\$38,%rax
+
+	sub	%rax,$acc0
+	mov	$acc0,8*0(%rdi)
+
+.Lfe64_sub_epilogue:
+	ret
+.size	x25519_fe64_sub,.-x25519_fe64_sub
+
+.globl	x25519_fe64_tobytes
+.type	x25519_fe64_tobytes,\@function,2
+.align	32
+x25519_fe64_tobytes:
+.Lfe64_to_body:
+	mov	8*0(%rsi),$acc0
+	mov	8*1(%rsi),$acc1
+	mov	8*2(%rsi),$acc2
+	mov	8*3(%rsi),$acc3
+
+	################################# reduction modulo 2^255-19
+	lea	($acc3,$acc3),%rax
+	sar	\$63,$acc3		# most significant bit -> mask
+	shr	\$1,%rax		# most significant bit cleared
+	and	\$19,$acc3
+	add	\$19,$acc3		# compare to modulus in the same go
+
+	add	$acc3,$acc0
+	adc	\$0,$acc1
+	adc	\$0,$acc2
+	adc	\$0,%rax
+
+	lea	(%rax,%rax),$acc3
+	sar	\$63,%rax		# most significant bit -> mask
+	shr	\$1,$acc3		# most significant bit cleared
+	not	%rax
+	and	\$19,%rax
+
+	sub	%rax,$acc0
+	sbb	\$0,$acc1
+	sbb	\$0,$acc2
+	sbb	\$0,$acc3
+
+	mov	$acc0,8*0(%rdi)
+	mov	$acc1,8*1(%rdi)
+	mov	$acc2,8*2(%rdi)
+	mov	$acc3,8*3(%rdi)
+
+.Lfe64_to_epilogue:
+	ret
+.size	x25519_fe64_tobytes,.-x25519_fe64_tobytes
+___
+} else {
+$code.=<<___;
+.globl	x25519_fe64_eligible
+.type	x25519_fe64_eligible,\@abi-omnipotent
+.align	32
+x25519_fe64_eligible:
+	xor	%eax,%eax
+	ret
+.size	x25519_fe64_eligible,.-x25519_fe64_eligible
+
+.globl	x25519_fe64_mul
+.type	x25519_fe64_mul,\@abi-omnipotent
+.globl	x25519_fe64_sqr
+.globl	x25519_fe64_mul121666
+.globl	x25519_fe64_add
+.globl	x25519_fe64_sub
+.globl	x25519_fe64_tobytes
+x25519_fe64_mul:
+x25519_fe64_sqr:
+x25519_fe64_mul121666:
+x25519_fe64_add:
+x25519_fe64_sub:
+x25519_fe64_tobytes:
+	.byte	0x0f,0x0b	# ud2
+	ret
+.size	x25519_fe64_mul,.-x25519_fe64_mul
+___
+}
+$code.=<<___;
+.asciz	"X25519 primitives for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___;
+.extern	__imp_RtlVirtualUnwind
+
+.type	short_handler,\@abi-omnipotent
+.align	16
+short_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# end of prologue label
+	cmp	%r10,%rbx		# context->Rip<end of prologue label
+	jb	.Lcommon_seh_tail
+
+	mov	152($context),%rax	# pull context->Rsp
+	jmp	.Lcommon_seh_tail
+.size	short_handler,.-short_handler
+
+.type	full_handler,\@abi-omnipotent
+.align	16
+full_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# end of prologue label
+	cmp	%r10,%rbx		# context->Rip<end of prologue label
+	jb	.Lcommon_seh_tail
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=epilogue label
+	jae	.Lcommon_seh_tail
+
+	mov	8(%r11),%r10d		# HandlerData[2]
+	lea	(%rax,%r10),%rax
+
+	mov	-8(%rax),%rbp
+	mov	-16(%rax),%rbx
+	mov	-24(%rax),%r12
+	mov	-32(%rax),%r13
+	mov	-40(%rax),%r14
+	mov	-48(%rax),%r15
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+	mov	%r12,216($context)	# restore context->R12
+	mov	%r13,224($context)	# restore context->R13
+	mov	%r14,232($context)	# restore context->R14
+	mov	%r15,240($context)	# restore context->R15
+
+.Lcommon_seh_tail:
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rax,152($context)	# restore context->Rsp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+	mov	40($disp),%rdi		# disp->ContextRecord
+	mov	$context,%rsi		# context
+	mov	\$154,%ecx		# sizeof(CONTEXT)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	$disp,%rsi
+	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
+	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
+	mov	0(%rsi),%r8		# arg3, disp->ControlPc
+	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
+	mov	40(%rsi),%r10		# disp->ContextRecord
+	lea	56(%rsi),%r11		# &disp->HandlerData
+	lea	24(%rsi),%r12		# &disp->EstablisherFrame
+	mov	%r10,32(%rsp)		# arg5
+	mov	%r11,40(%rsp)		# arg6
+	mov	%r12,48(%rsp)		# arg7
+	mov	%rcx,56(%rsp)		# arg8, (NULL)
+	call	*__imp_RtlVirtualUnwind(%rip)
+
+	mov	\$1,%eax		# ExceptionContinueSearch
+	add	\$64,%rsp
+	popfq
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+	pop	%rdi
+	pop	%rsi
+	ret
+.size	full_handler,.-full_handler
+
+.section	.pdata
+.align	4
+	.rva	.LSEH_begin_x25519_fe51_mul
+	.rva	.LSEH_end_x25519_fe51_mul
+	.rva	.LSEH_info_x25519_fe51_mul
+
+	.rva	.LSEH_begin_x25519_fe51_sqr
+	.rva	.LSEH_end_x25519_fe51_sqr
+	.rva	.LSEH_info_x25519_fe51_sqr
+
+	.rva	.LSEH_begin_x25519_fe51_mul121666
+	.rva	.LSEH_end_x25519_fe51_mul121666
+	.rva	.LSEH_info_x25519_fe51_mul121666
+___
+$code.=<<___	if ($addx);
+	.rva	.LSEH_begin_x25519_fe64_mul
+	.rva	.LSEH_end_x25519_fe64_mul
+	.rva	.LSEH_info_x25519_fe64_mul
+
+	.rva	.LSEH_begin_x25519_fe64_sqr
+	.rva	.LSEH_end_x25519_fe64_sqr
+	.rva	.LSEH_info_x25519_fe64_sqr
+
+	.rva	.LSEH_begin_x25519_fe64_mul121666
+	.rva	.LSEH_end_x25519_fe64_mul121666
+	.rva	.LSEH_info_x25519_fe64_mul121666
+
+	.rva	.LSEH_begin_x25519_fe64_add
+	.rva	.LSEH_end_x25519_fe64_add
+	.rva	.LSEH_info_x25519_fe64_add
+
+	.rva	.LSEH_begin_x25519_fe64_sub
+	.rva	.LSEH_end_x25519_fe64_sub
+	.rva	.LSEH_info_x25519_fe64_sub
+
+	.rva	.LSEH_begin_x25519_fe64_tobytes
+	.rva	.LSEH_end_x25519_fe64_tobytes
+	.rva	.LSEH_info_x25519_fe64_tobytes
+___
+$code.=<<___;
+.section	.xdata
+.align	8
+.LSEH_info_x25519_fe51_mul:
+	.byte	9,0,0,0
+	.rva	full_handler
+	.rva	.Lfe51_mul_body,.Lfe51_mul_epilogue	# HandlerData[]
+	.long	88,0
+.LSEH_info_x25519_fe51_sqr:
+	.byte	9,0,0,0
+	.rva	full_handler
+	.rva	.Lfe51_sqr_body,.Lfe51_sqr_epilogue	# HandlerData[]
+	.long	88,0
+.LSEH_info_x25519_fe51_mul121666:
+	.byte	9,0,0,0
+	.rva	full_handler
+	.rva	.Lfe51_mul121666_body,.Lfe51_mul121666_epilogue	# HandlerData[]
+	.long	88,0
+___
+$code.=<<___	if ($addx);
+.LSEH_info_x25519_fe64_mul:
+	.byte	9,0,0,0
+	.rva	full_handler
+	.rva	.Lfe64_mul_body,.Lfe64_mul_epilogue	# HandlerData[]
+	.long	72,0
+.LSEH_info_x25519_fe64_sqr:
+	.byte	9,0,0,0
+	.rva	full_handler
+	.rva	.Lfe64_sqr_body,.Lfe64_sqr_epilogue	# HandlerData[]
+	.long	72,0
+.LSEH_info_x25519_fe64_mul121666:
+	.byte	9,0,0,0
+	.rva	short_handler
+	.rva	.Lfe64_mul121666_body,.Lfe64_mul121666_epilogue	# HandlerData[]
+.LSEH_info_x25519_fe64_add:
+	.byte	9,0,0,0
+	.rva	short_handler
+	.rva	.Lfe64_add_body,.Lfe64_add_epilogue	# HandlerData[]
+.LSEH_info_x25519_fe64_sub:
+	.byte	9,0,0,0
+	.rva	short_handler
+	.rva	.Lfe64_sub_body,.Lfe64_sub_epilogue	# HandlerData[]
+.LSEH_info_x25519_fe64_tobytes:
+	.byte	9,0,0,0
+	.rva	short_handler
+	.rva	.Lfe64_to_body,.Lfe64_to_epilogue	# HandlerData[]
+___
+}
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+print $code;
+close STDOUT;
diff --git a/deps/openssl/openssl/crypto/ec/build.info b/deps/openssl/openssl/crypto/ec/build.info
index 970c2922cc..a1e673e347 100644
--- a/deps/openssl/openssl/crypto/ec/build.info
+++ b/deps/openssl/openssl/crypto/ec/build.info
@@ -2,13 +2,16 @@ LIBS=../../libcrypto
 SOURCE[../../libcrypto]=\
         ec_lib.c ecp_smpl.c ecp_mont.c ecp_nist.c ec_cvt.c ec_mult.c \
         ec_err.c ec_curve.c ec_check.c ec_print.c ec_asn1.c ec_key.c \
-        ec2_smpl.c ec2_mult.c ec_ameth.c ec_pmeth.c eck_prn.c \
+        ec2_smpl.c ec_ameth.c ec_pmeth.c eck_prn.c \
         ecp_nistp224.c ecp_nistp256.c ecp_nistp521.c ecp_nistputil.c \
         ecp_oct.c ec2_oct.c ec_oct.c ec_kmeth.c ecdh_ossl.c ecdh_kdf.c \
         ecdsa_ossl.c ecdsa_sign.c ecdsa_vrf.c curve25519.c ecx_meth.c \
+        curve448/arch_32/f_impl.c curve448/f_generic.c curve448/scalar.c \
+        curve448/curve448_tables.c curve448/eddsa.c curve448/curve448.c \
         {- $target{ec_asm_src} -}
 
-GENERATE[ecp_nistz256-x86.s]=asm/ecp_nistz256-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR)
+GENERATE[ecp_nistz256-x86.s]=asm/ecp_nistz256-x86.pl \
+        $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR)
 
 GENERATE[ecp_nistz256-x86_64.s]=asm/ecp_nistz256-x86_64.pl $(PERLASM_SCHEME)
 
@@ -21,8 +24,19 @@ GENERATE[ecp_nistz256-armv4.S]=asm/ecp_nistz256-armv4.pl $(PERLASM_SCHEME)
 INCLUDE[ecp_nistz256-armv4.o]=..
 GENERATE[ecp_nistz256-armv8.S]=asm/ecp_nistz256-armv8.pl $(PERLASM_SCHEME)
 INCLUDE[ecp_nistz256-armv8.o]=..
+GENERATE[ecp_nistz256-ppc64.s]=asm/ecp_nistz256-ppc64.pl $(PERLASM_SCHEME)
+
+GENERATE[x25519-x86_64.s]=asm/x25519-x86_64.pl $(PERLASM_SCHEME)
+GENERATE[x25519-ppc64.s]=asm/x25519-ppc64.pl $(PERLASM_SCHEME)
 
 BEGINRAW[Makefile]
 {- $builddir -}/ecp_nistz256-%.S:	{- $sourcedir -}/asm/ecp_nistz256-%.pl
 	CC="$(CC)" $(PERL) $< $(PERLASM_SCHEME) $@
 ENDRAW[Makefile]
+
+INCLUDE[curve448/arch_32/f_impl.o]=curve448/arch_32 curve448
+INCLUDE[curve448/f_generic.o]=curve448/arch_32 curve448
+INCLUDE[curve448/scalar.o]=curve448/arch_32 curve448
+INCLUDE[curve448/curve448_tables.o]=curve448/arch_32 curve448
+INCLUDE[curve448/eddsa.o]=curve448/arch_32 curve448
+INCLUDE[curve448/curve448.o]=curve448/arch_32 curve448
diff --git a/deps/openssl/openssl/crypto/ec/curve25519.c b/deps/openssl/openssl/crypto/ec/curve25519.c
index c8aa9aa6d5..abe9b9cbf6 100644
--- a/deps/openssl/openssl/crypto/ec/curve25519.c
+++ b/deps/openssl/openssl/crypto/ec/curve25519.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -7,14 +7,750 @@
  * https://www.openssl.org/source/license.html
  */
 
-/* This code is mostly taken from the ref10 version of Ed25519 in SUPERCOP
- * 20141124 (http://bench.cr.yp.to/supercop.html).
- *
- * The field functions are shared by Ed25519 and X25519 where possible. */
-
 #include <string.h>
 #include "ec_lcl.h"
+#include <openssl/sha.h>
+
+#if defined(X25519_ASM) && (defined(__x86_64) || defined(__x86_64__) || \
+                            defined(_M_AMD64) || defined(_M_X64))
+
+# define BASE_2_64_IMPLEMENTED
+
+typedef uint64_t fe64[4];
+
+int x25519_fe64_eligible(void);
+
+/*
+ * Following subroutines perform corresponding operations modulo
+ * 2^256-38, i.e. double the curve modulus. However, inputs and
+ * outputs are permitted to be partially reduced, i.e. to remain
+ * in [0..2^256) range. It's all tied up in final fe64_tobytes
+ * that performs full reduction modulo 2^255-19.
+ *
+ * There are no reference C implementations for these.
+ */
+void x25519_fe64_mul(fe64 h, const fe64 f, const fe64 g);
+void x25519_fe64_sqr(fe64 h, const fe64 f);
+void x25519_fe64_mul121666(fe64 h, fe64 f);
+void x25519_fe64_add(fe64 h, const fe64 f, const fe64 g);
+void x25519_fe64_sub(fe64 h, const fe64 f, const fe64 g);
+void x25519_fe64_tobytes(uint8_t *s, const fe64 f);
+# define fe64_mul x25519_fe64_mul
+# define fe64_sqr x25519_fe64_sqr
+# define fe64_mul121666 x25519_fe64_mul121666
+# define fe64_add x25519_fe64_add
+# define fe64_sub x25519_fe64_sub
+# define fe64_tobytes x25519_fe64_tobytes
+
+static uint64_t load_8(const uint8_t *in)
+{
+    uint64_t result;
+
+    result = in[0];
+    result |= ((uint64_t)in[1]) << 8;
+    result |= ((uint64_t)in[2]) << 16;
+    result |= ((uint64_t)in[3]) << 24;
+    result |= ((uint64_t)in[4]) << 32;
+    result |= ((uint64_t)in[5]) << 40;
+    result |= ((uint64_t)in[6]) << 48;
+    result |= ((uint64_t)in[7]) << 56;
+
+    return result;
+}
+
+static void fe64_frombytes(fe64 h, const uint8_t *s)
+{
+    h[0] = load_8(s);
+    h[1] = load_8(s + 8);
+    h[2] = load_8(s + 16);
+    h[3] = load_8(s + 24) & 0x7fffffffffffffff;
+}
+
+static void fe64_0(fe64 h)
+{
+    h[0] = 0;
+    h[1] = 0;
+    h[2] = 0;
+    h[3] = 0;
+}
+
+static void fe64_1(fe64 h)
+{
+    h[0] = 1;
+    h[1] = 0;
+    h[2] = 0;
+    h[3] = 0;
+}
+
+static void fe64_copy(fe64 h, const fe64 f)
+{
+    h[0] = f[0];
+    h[1] = f[1];
+    h[2] = f[2];
+    h[3] = f[3];
+}
+
+static void fe64_cswap(fe64 f, fe64 g, unsigned int b)
+{
+    int i;
+    uint64_t mask = 0 - (uint64_t)b;
+
+    for (i = 0; i < 4; i++) {
+        uint64_t x = f[i] ^ g[i];
+        x &= mask;
+        f[i] ^= x;
+        g[i] ^= x;
+    }
+}
+
+static void fe64_invert(fe64 out, const fe64 z)
+{
+    fe64 t0;
+    fe64 t1;
+    fe64 t2;
+    fe64 t3;
+    int i;
 
+    /*
+     * Compute z ** -1 = z ** (2 ** 255 - 19 - 2) with the exponent as
+     * 2 ** 255 - 21 = (2 ** 5) * (2 ** 250 - 1) + 11.
+     */
+
+    /* t0 = z ** 2 */
+    fe64_sqr(t0, z);
+
+    /* t1 = t0 ** (2 ** 2) = z ** 8 */
+    fe64_sqr(t1, t0);
+    fe64_sqr(t1, t1);
+
+    /* t1 = z * t1 = z ** 9 */
+    fe64_mul(t1, z, t1);
+    /* t0 = t0 * t1 = z ** 11 -- stash t0 away for the end. */
+    fe64_mul(t0, t0, t1);
+
+    /* t2 = t0 ** 2 = z ** 22 */
+    fe64_sqr(t2, t0);
+
+    /* t1 = t1 * t2 = z ** (2 ** 5 - 1) */
+    fe64_mul(t1, t1, t2);
+
+    /* t2 = t1 ** (2 ** 5) = z ** ((2 ** 5) * (2 ** 5 - 1)) */
+    fe64_sqr(t2, t1);
+    for (i = 1; i < 5; ++i)
+        fe64_sqr(t2, t2);
+
+    /* t1 = t1 * t2 = z ** ((2 ** 5 + 1) * (2 ** 5 - 1)) = z ** (2 ** 10 - 1) */
+    fe64_mul(t1, t2, t1);
+
+    /* Continuing similarly... */
+
+    /* t2 = z ** (2 ** 20 - 1) */
+    fe64_sqr(t2, t1);
+    for (i = 1; i < 10; ++i)
+        fe64_sqr(t2, t2);
+
+    fe64_mul(t2, t2, t1);
+
+    /* t2 = z ** (2 ** 40 - 1) */
+    fe64_sqr(t3, t2);
+    for (i = 1; i < 20; ++i)
+        fe64_sqr(t3, t3);
+
+    fe64_mul(t2, t3, t2);
+
+    /* t2 = z ** (2 ** 10) * (2 ** 40 - 1) */
+    for (i = 0; i < 10; ++i)
+        fe64_sqr(t2, t2);
+
+    /* t1 = z ** (2 ** 50 - 1) */
+    fe64_mul(t1, t2, t1);
+
+    /* t2 = z ** (2 ** 100 - 1) */
+    fe64_sqr(t2, t1);
+    for (i = 1; i < 50; ++i)
+        fe64_sqr(t2, t2);
+
+    fe64_mul(t2, t2, t1);
+
+    /* t2 = z ** (2 ** 200 - 1) */
+    fe64_sqr(t3, t2);
+    for (i = 1; i < 100; ++i)
+        fe64_sqr(t3, t3);
+
+    fe64_mul(t2, t3, t2);
+
+    /* t2 = z ** ((2 ** 50) * (2 ** 200 - 1) */
+    for (i = 0; i < 50; ++i)
+        fe64_sqr(t2, t2);
+
+    /* t1 = z ** (2 ** 250 - 1) */
+    fe64_mul(t1, t2, t1);
+
+    /* t1 = z ** ((2 ** 5) * (2 ** 250 - 1)) */
+    for (i = 0; i < 5; ++i)
+        fe64_sqr(t1, t1);
+
+    /* Recall t0 = z ** 11; out = z ** (2 ** 255 - 21) */
+    fe64_mul(out, t1, t0);
+}
+
+/*
+ * Duplicate of original x25519_scalar_mult_generic, but using
+ * fe64_* subroutines.
+ */
+static void x25519_scalar_mulx(uint8_t out[32], const uint8_t scalar[32],
+                               const uint8_t point[32])
+{
+    fe64 x1, x2, z2, x3, z3, tmp0, tmp1;
+    uint8_t e[32];
+    unsigned swap = 0;
+    int pos;
+
+    memcpy(e, scalar, 32);
+    e[0]  &= 0xf8;
+    e[31] &= 0x7f;
+    e[31] |= 0x40;
+    fe64_frombytes(x1, point);
+    fe64_1(x2);
+    fe64_0(z2);
+    fe64_copy(x3, x1);
+    fe64_1(z3);
+
+    for (pos = 254; pos >= 0; --pos) {
+        unsigned int b = 1 & (e[pos / 8] >> (pos & 7));
+
+        swap ^= b;
+        fe64_cswap(x2, x3, swap);
+        fe64_cswap(z2, z3, swap);
+        swap = b;
+        fe64_sub(tmp0, x3, z3);
+        fe64_sub(tmp1, x2, z2);
+        fe64_add(x2, x2, z2);
+        fe64_add(z2, x3, z3);
+        fe64_mul(z3, x2, tmp0);
+        fe64_mul(z2, z2, tmp1);
+        fe64_sqr(tmp0, tmp1);
+        fe64_sqr(tmp1, x2);
+        fe64_add(x3, z3, z2);
+        fe64_sub(z2, z3, z2);
+        fe64_mul(x2, tmp1, tmp0);
+        fe64_sub(tmp1, tmp1, tmp0);
+        fe64_sqr(z2, z2);
+        fe64_mul121666(z3, tmp1);
+        fe64_sqr(x3, x3);
+        fe64_add(tmp0, tmp0, z3);
+        fe64_mul(z3, x1, z2);
+        fe64_mul(z2, tmp1, tmp0);
+    }
+
+    fe64_invert(z2, z2);
+    fe64_mul(x2, x2, z2);
+    fe64_tobytes(out, x2);
+
+    OPENSSL_cleanse(e, sizeof(e));
+}
+#endif
+
+#if defined(X25519_ASM) \
+    || ( (defined(__SIZEOF_INT128__) && __SIZEOF_INT128__ == 16) \
+         && !defined(__sparc__) \
+         && !(defined(__ANDROID__) && !defined(__clang__)) )
+/*
+ * Base 2^51 implementation. It's virtually no different from reference
+ * base 2^25.5 implementation in respect to lax boundary conditions for
+ * intermediate values and even individual limbs. So that whatever you
+ * know about the reference, applies even here...
+ */
+# define BASE_2_51_IMPLEMENTED
+
+typedef uint64_t fe51[5];
+
+static const uint64_t MASK51 = 0x7ffffffffffff;
+
+static uint64_t load_7(const uint8_t *in)
+{
+    uint64_t result;
+
+    result = in[0];
+    result |= ((uint64_t)in[1]) << 8;
+    result |= ((uint64_t)in[2]) << 16;
+    result |= ((uint64_t)in[3]) << 24;
+    result |= ((uint64_t)in[4]) << 32;
+    result |= ((uint64_t)in[5]) << 40;
+    result |= ((uint64_t)in[6]) << 48;
+
+    return result;
+}
+
+static uint64_t load_6(const uint8_t *in)
+{
+    uint64_t result;
+
+    result = in[0];
+    result |= ((uint64_t)in[1]) << 8;
+    result |= ((uint64_t)in[2]) << 16;
+    result |= ((uint64_t)in[3]) << 24;
+    result |= ((uint64_t)in[4]) << 32;
+    result |= ((uint64_t)in[5]) << 40;
+
+    return result;
+}
+
+static void fe51_frombytes(fe51 h, const uint8_t *s)
+{
+    uint64_t h0 = load_7(s);                                /* 56 bits */
+    uint64_t h1 = load_6(s + 7) << 5;                       /* 53 bits */
+    uint64_t h2 = load_7(s + 13) << 2;                      /* 58 bits */
+    uint64_t h3 = load_6(s + 20) << 7;                      /* 55 bits */
+    uint64_t h4 = (load_6(s + 26) & 0x7fffffffffff) << 4;   /* 51 bits */
+
+    h1 |= h0 >> 51; h0 &= MASK51;
+    h2 |= h1 >> 51; h1 &= MASK51;
+    h3 |= h2 >> 51; h2 &= MASK51;
+    h4 |= h3 >> 51; h3 &= MASK51;
+
+    h[0] = h0;
+    h[1] = h1;
+    h[2] = h2;
+    h[3] = h3;
+    h[4] = h4;
+}
+
+static void fe51_tobytes(uint8_t *s, const fe51 h)
+{
+    uint64_t h0 = h[0];
+    uint64_t h1 = h[1];
+    uint64_t h2 = h[2];
+    uint64_t h3 = h[3];
+    uint64_t h4 = h[4];
+    uint64_t q;
+
+    /* compare to modulus */
+    q = (h0 + 19) >> 51;
+    q = (h1 + q) >> 51;
+    q = (h2 + q) >> 51;
+    q = (h3 + q) >> 51;
+    q = (h4 + q) >> 51;
+
+    /* full reduce */
+    h0 += 19 * q;
+    h1 += h0 >> 51; h0 &= MASK51;
+    h2 += h1 >> 51; h1 &= MASK51;
+    h3 += h2 >> 51; h2 &= MASK51;
+    h4 += h3 >> 51; h3 &= MASK51;
+                    h4 &= MASK51;
+
+    /* smash */
+    s[0] = (uint8_t)(h0 >> 0);
+    s[1] = (uint8_t)(h0 >> 8);
+    s[2] = (uint8_t)(h0 >> 16);
+    s[3] = (uint8_t)(h0 >> 24);
+    s[4] = (uint8_t)(h0 >> 32);
+    s[5] = (uint8_t)(h0 >> 40);
+    s[6] = (uint8_t)((h0 >> 48) | ((uint32_t)h1 << 3));
+    s[7] = (uint8_t)(h1 >> 5);
+    s[8] = (uint8_t)(h1 >> 13);
+    s[9] = (uint8_t)(h1 >> 21);
+    s[10] = (uint8_t)(h1 >> 29);
+    s[11] = (uint8_t)(h1 >> 37);
+    s[12] = (uint8_t)((h1 >> 45) | ((uint32_t)h2 << 6));
+    s[13] = (uint8_t)(h2 >> 2);
+    s[14] = (uint8_t)(h2 >> 10);
+    s[15] = (uint8_t)(h2 >> 18);
+    s[16] = (uint8_t)(h2 >> 26);
+    s[17] = (uint8_t)(h2 >> 34);
+    s[18] = (uint8_t)(h2 >> 42);
+    s[19] = (uint8_t)((h2 >> 50) | ((uint32_t)h3 << 1));
+    s[20] = (uint8_t)(h3 >> 7);
+    s[21] = (uint8_t)(h3 >> 15);
+    s[22] = (uint8_t)(h3 >> 23);
+    s[23] = (uint8_t)(h3 >> 31);
+    s[24] = (uint8_t)(h3 >> 39);
+    s[25] = (uint8_t)((h3 >> 47) | ((uint32_t)h4 << 4));
+    s[26] = (uint8_t)(h4 >> 4);
+    s[27] = (uint8_t)(h4 >> 12);
+    s[28] = (uint8_t)(h4 >> 20);
+    s[29] = (uint8_t)(h4 >> 28);
+    s[30] = (uint8_t)(h4 >> 36);
+    s[31] = (uint8_t)(h4 >> 44);
+}
+
+# if defined(X25519_ASM)
+void x25519_fe51_mul(fe51 h, const fe51 f, const fe51 g);
+void x25519_fe51_sqr(fe51 h, const fe51 f);
+void x25519_fe51_mul121666(fe51 h, fe51 f);
+#  define fe51_mul x25519_fe51_mul
+#  define fe51_sq  x25519_fe51_sqr
+#  define fe51_mul121666 x25519_fe51_mul121666
+# else
+
+typedef __uint128_t u128;
+
+static void fe51_mul(fe51 h, const fe51 f, const fe51 g)
+{
+    u128 h0, h1, h2, h3, h4;
+    uint64_t f_i, g0, g1, g2, g3, g4;
+
+    f_i = f[0];
+    h0 = (u128)f_i * (g0 = g[0]);
+    h1 = (u128)f_i * (g1 = g[1]);
+    h2 = (u128)f_i * (g2 = g[2]);
+    h3 = (u128)f_i * (g3 = g[3]);
+    h4 = (u128)f_i * (g4 = g[4]);
+
+    f_i = f[1];
+    h0 += (u128)f_i * (g4 *= 19);
+    h1 += (u128)f_i * g0;
+    h2 += (u128)f_i * g1;
+    h3 += (u128)f_i * g2;
+    h4 += (u128)f_i * g3;
+
+    f_i = f[2];
+    h0 += (u128)f_i * (g3 *= 19);
+    h1 += (u128)f_i * g4;
+    h2 += (u128)f_i * g0;
+    h3 += (u128)f_i * g1;
+    h4 += (u128)f_i * g2;
+
+    f_i = f[3];
+    h0 += (u128)f_i * (g2 *= 19);
+    h1 += (u128)f_i * g3;
+    h2 += (u128)f_i * g4;
+    h3 += (u128)f_i * g0;
+    h4 += (u128)f_i * g1;
+
+    f_i = f[4];
+    h0 += (u128)f_i * (g1 *= 19);
+    h1 += (u128)f_i * g2;
+    h2 += (u128)f_i * g3;
+    h3 += (u128)f_i * g4;
+    h4 += (u128)f_i * g0;
+
+    /* partial [lazy] reduction */
+    h3 += (uint64_t)(h2 >> 51); g2 = (uint64_t)h2 & MASK51;
+    h1 += (uint64_t)(h0 >> 51); g0 = (uint64_t)h0 & MASK51;
+
+    h4 += (uint64_t)(h3 >> 51); g3 = (uint64_t)h3 & MASK51;
+    g2 += (uint64_t)(h1 >> 51); g1 = (uint64_t)h1 & MASK51;
+
+    g0 += (uint64_t)(h4 >> 51) * 19; g4 = (uint64_t)h4 & MASK51;
+    g3 += g2 >> 51; g2 &= MASK51;
+    g1 += g0 >> 51; g0 &= MASK51;
+
+    h[0] = g0;
+    h[1] = g1;
+    h[2] = g2;
+    h[3] = g3;
+    h[4] = g4;
+}
+
+static void fe51_sq(fe51 h, const fe51 f)
+{
+#  if defined(OPENSSL_SMALL_FOOTPRINT)
+    fe51_mul(h, f, f);
+#  else
+    /* dedicated squaring gives 16-25% overall improvement */
+    uint64_t g0 = f[0];
+    uint64_t g1 = f[1];
+    uint64_t g2 = f[2];
+    uint64_t g3 = f[3];
+    uint64_t g4 = f[4];
+    u128 h0, h1, h2, h3, h4;
+
+    h0 = (u128)g0 * g0;     g0 *= 2;
+    h1 = (u128)g0 * g1;
+    h2 = (u128)g0 * g2;
+    h3 = (u128)g0 * g3;
+    h4 = (u128)g0 * g4;
+
+    g0 = g4;                /* borrow g0 */
+    h3 += (u128)g0 * (g4 *= 19);
+
+    h2 += (u128)g1 * g1;    g1 *= 2;
+    h3 += (u128)g1 * g2;
+    h4 += (u128)g1 * g3;
+    h0 += (u128)g1 * g4;
+
+    g0 = g3;                /* borrow g0 */
+    h1 += (u128)g0 * (g3 *= 19);
+    h2 += (u128)(g0 * 2) * g4;
+
+    h4 += (u128)g2 * g2;    g2 *= 2;
+    h0 += (u128)g2 * g3;
+    h1 += (u128)g2 * g4;
+
+    /* partial [lazy] reduction */
+    h3 += (uint64_t)(h2 >> 51); g2 = (uint64_t)h2 & MASK51;
+    h1 += (uint64_t)(h0 >> 51); g0 = (uint64_t)h0 & MASK51;
+
+    h4 += (uint64_t)(h3 >> 51); g3 = (uint64_t)h3 & MASK51;
+    g2 += (uint64_t)(h1 >> 51); g1 = (uint64_t)h1 & MASK51;
+
+    g0 += (uint64_t)(h4 >> 51) * 19; g4 = (uint64_t)h4 & MASK51;
+    g3 += g2 >> 51; g2 &= MASK51;
+    g1 += g0 >> 51; g0 &= MASK51;
+
+    h[0] = g0;
+    h[1] = g1;
+    h[2] = g2;
+    h[3] = g3;
+    h[4] = g4;
+#  endif
+}
+
+static void fe51_mul121666(fe51 h, fe51 f)
+{
+    u128 h0 = f[0] * (u128)121666;
+    u128 h1 = f[1] * (u128)121666;
+    u128 h2 = f[2] * (u128)121666;
+    u128 h3 = f[3] * (u128)121666;
+    u128 h4 = f[4] * (u128)121666;
+    uint64_t g0, g1, g2, g3, g4;
+
+    h3 += (uint64_t)(h2 >> 51); g2 = (uint64_t)h2 & MASK51;
+    h1 += (uint64_t)(h0 >> 51); g0 = (uint64_t)h0 & MASK51;
+
+    h4 += (uint64_t)(h3 >> 51); g3 = (uint64_t)h3 & MASK51;
+    g2 += (uint64_t)(h1 >> 51); g1 = (uint64_t)h1 & MASK51;
+
+    g0 += (uint64_t)(h4 >> 51) * 19; g4 = (uint64_t)h4 & MASK51;
+    g3 += g2 >> 51; g2 &= MASK51;
+    g1 += g0 >> 51; g0 &= MASK51;
+
+    h[0] = g0;
+    h[1] = g1;
+    h[2] = g2;
+    h[3] = g3;
+    h[4] = g4;
+}
+# endif
+
+static void fe51_add(fe51 h, const fe51 f, const fe51 g)
+{
+    h[0] = f[0] + g[0];
+    h[1] = f[1] + g[1];
+    h[2] = f[2] + g[2];
+    h[3] = f[3] + g[3];
+    h[4] = f[4] + g[4];
+}
+
+static void fe51_sub(fe51 h, const fe51 f, const fe51 g)
+{
+    /*
+     * Add 2*modulus to ensure that result remains positive
+     * even if subtrahend is partially reduced.
+     */
+    h[0] = (f[0] + 0xfffffffffffda) - g[0];
+    h[1] = (f[1] + 0xffffffffffffe) - g[1];
+    h[2] = (f[2] + 0xffffffffffffe) - g[2];
+    h[3] = (f[3] + 0xffffffffffffe) - g[3];
+    h[4] = (f[4] + 0xffffffffffffe) - g[4];
+}
+
+static void fe51_0(fe51 h)
+{
+    h[0] = 0;
+    h[1] = 0;
+    h[2] = 0;
+    h[3] = 0;
+    h[4] = 0;
+}
+
+static void fe51_1(fe51 h)
+{
+    h[0] = 1;
+    h[1] = 0;
+    h[2] = 0;
+    h[3] = 0;
+    h[4] = 0;
+}
+
+static void fe51_copy(fe51 h, const fe51 f)
+{
+    h[0] = f[0];
+    h[1] = f[1];
+    h[2] = f[2];
+    h[3] = f[3];
+    h[4] = f[4];
+}
+
+static void fe51_cswap(fe51 f, fe51 g, unsigned int b)
+{
+    int i;
+    uint64_t mask = 0 - (uint64_t)b;
+
+    for (i = 0; i < 5; i++) {
+        int64_t x = f[i] ^ g[i];
+        x &= mask;
+        f[i] ^= x;
+        g[i] ^= x;
+    }
+}
+
+static void fe51_invert(fe51 out, const fe51 z)
+{
+    fe51 t0;
+    fe51 t1;
+    fe51 t2;
+    fe51 t3;
+    int i;
+
+    /*
+     * Compute z ** -1 = z ** (2 ** 255 - 19 - 2) with the exponent as
+     * 2 ** 255 - 21 = (2 ** 5) * (2 ** 250 - 1) + 11.
+     */
+
+    /* t0 = z ** 2 */
+    fe51_sq(t0, z);
+
+    /* t1 = t0 ** (2 ** 2) = z ** 8 */
+    fe51_sq(t1, t0);
+    fe51_sq(t1, t1);
+
+    /* t1 = z * t1 = z ** 9 */
+    fe51_mul(t1, z, t1);
+    /* t0 = t0 * t1 = z ** 11 -- stash t0 away for the end. */
+    fe51_mul(t0, t0, t1);
+
+    /* t2 = t0 ** 2 = z ** 22 */
+    fe51_sq(t2, t0);
+
+    /* t1 = t1 * t2 = z ** (2 ** 5 - 1) */
+    fe51_mul(t1, t1, t2);
+
+    /* t2 = t1 ** (2 ** 5) = z ** ((2 ** 5) * (2 ** 5 - 1)) */
+    fe51_sq(t2, t1);
+    for (i = 1; i < 5; ++i)
+        fe51_sq(t2, t2);
+
+    /* t1 = t1 * t2 = z ** ((2 ** 5 + 1) * (2 ** 5 - 1)) = z ** (2 ** 10 - 1) */
+    fe51_mul(t1, t2, t1);
+
+    /* Continuing similarly... */
+
+    /* t2 = z ** (2 ** 20 - 1) */
+    fe51_sq(t2, t1);
+    for (i = 1; i < 10; ++i)
+        fe51_sq(t2, t2);
+
+    fe51_mul(t2, t2, t1);
+
+    /* t2 = z ** (2 ** 40 - 1) */
+    fe51_sq(t3, t2);
+    for (i = 1; i < 20; ++i)
+        fe51_sq(t3, t3);
+
+    fe51_mul(t2, t3, t2);
+
+    /* t2 = z ** (2 ** 10) * (2 ** 40 - 1) */
+    for (i = 0; i < 10; ++i)
+        fe51_sq(t2, t2);
+
+    /* t1 = z ** (2 ** 50 - 1) */
+    fe51_mul(t1, t2, t1);
+
+    /* t2 = z ** (2 ** 100 - 1) */
+    fe51_sq(t2, t1);
+    for (i = 1; i < 50; ++i)
+        fe51_sq(t2, t2);
+
+    fe51_mul(t2, t2, t1);
+
+    /* t2 = z ** (2 ** 200 - 1) */
+    fe51_sq(t3, t2);
+    for (i = 1; i < 100; ++i)
+        fe51_sq(t3, t3);
+
+    fe51_mul(t2, t3, t2);
+
+    /* t2 = z ** ((2 ** 50) * (2 ** 200 - 1) */
+    for (i = 0; i < 50; ++i)
+        fe51_sq(t2, t2);
+
+    /* t1 = z ** (2 ** 250 - 1) */
+    fe51_mul(t1, t2, t1);
+
+    /* t1 = z ** ((2 ** 5) * (2 ** 250 - 1)) */
+    for (i = 0; i < 5; ++i)
+        fe51_sq(t1, t1);
+
+    /* Recall t0 = z ** 11; out = z ** (2 ** 255 - 21) */
+    fe51_mul(out, t1, t0);
+}
+
+/*
+ * Duplicate of original x25519_scalar_mult_generic, but using
+ * fe51_* subroutines.
+ */
+static void x25519_scalar_mult(uint8_t out[32], const uint8_t scalar[32],
+                               const uint8_t point[32])
+{
+    fe51 x1, x2, z2, x3, z3, tmp0, tmp1;
+    uint8_t e[32];
+    unsigned swap = 0;
+    int pos;
+
+# ifdef BASE_2_64_IMPLEMENTED
+    if (x25519_fe64_eligible()) {
+        x25519_scalar_mulx(out, scalar, point);
+        return;
+    }
+# endif
+
+    memcpy(e, scalar, 32);
+    e[0]  &= 0xf8;
+    e[31] &= 0x7f;
+    e[31] |= 0x40;
+    fe51_frombytes(x1, point);
+    fe51_1(x2);
+    fe51_0(z2);
+    fe51_copy(x3, x1);
+    fe51_1(z3);
+
+    for (pos = 254; pos >= 0; --pos) {
+        unsigned int b = 1 & (e[pos / 8] >> (pos & 7));
+
+        swap ^= b;
+        fe51_cswap(x2, x3, swap);
+        fe51_cswap(z2, z3, swap);
+        swap = b;
+        fe51_sub(tmp0, x3, z3);
+        fe51_sub(tmp1, x2, z2);
+        fe51_add(x2, x2, z2);
+        fe51_add(z2, x3, z3);
+        fe51_mul(z3, tmp0, x2);
+        fe51_mul(z2, z2, tmp1);
+        fe51_sq(tmp0, tmp1);
+        fe51_sq(tmp1, x2);
+        fe51_add(x3, z3, z2);
+        fe51_sub(z2, z3, z2);
+        fe51_mul(x2, tmp1, tmp0);
+        fe51_sub(tmp1, tmp1, tmp0);
+        fe51_sq(z2, z2);
+        fe51_mul121666(z3, tmp1);
+        fe51_sq(x3, x3);
+        fe51_add(tmp0, tmp0, z3);
+        fe51_mul(z3, x1, z2);
+        fe51_mul(z2, tmp1, tmp0);
+    }
+
+    fe51_invert(z2, z2);
+    fe51_mul(x2, x2, z2);
+    fe51_tobytes(out, x2);
+
+    OPENSSL_cleanse(e, sizeof(e));
+}
+#endif
+
+/*
+ * Reference base 2^25.5 implementation.
+ */
+/*
+ * This code is mostly taken from the ref10 version of Ed25519 in SUPERCOP
+ * 20141124 (http://bench.cr.yp.to/supercop.html).
+ *
+ * The field functions are shared by Ed25519 and X25519 where possible.
+ */
 
 /* fe means field element. Here the field is \Z/(2^255-19). An element t,
  * entries t[0]...t[9], represents the integer t[0]+2^26 t[1]+2^51 t[2]+2^77
@@ -79,16 +815,16 @@ static void fe_frombytes(fe h, const uint8_t *s) {
   carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits;
   carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits;
 
-  h[0] = h0;
-  h[1] = h1;
-  h[2] = h2;
-  h[3] = h3;
-  h[4] = h4;
-  h[5] = h5;
-  h[6] = h6;
-  h[7] = h7;
-  h[8] = h8;
-  h[9] = h9;
+  h[0] = (int32_t)h0;
+  h[1] = (int32_t)h1;
+  h[2] = (int32_t)h2;
+  h[3] = (int32_t)h3;
+  h[4] = (int32_t)h4;
+  h[5] = (int32_t)h5;
+  h[6] = (int32_t)h6;
+  h[7] = (int32_t)h7;
+  h[8] = (int32_t)h8;
+  h[9] = (int32_t)h9;
 }
 
 /* Preconditions:
@@ -159,38 +895,38 @@ static void fe_tobytes(uint8_t *s, const fe h) {
    * evidently 2^255 h10-2^255 q = 0.
    * Goal: Output h0+...+2^230 h9.  */
 
-  s[0] = h0 >> 0;
-  s[1] = h0 >> 8;
-  s[2] = h0 >> 16;
-  s[3] = (h0 >> 24) | ((uint32_t)(h1) << 2);
-  s[4] = h1 >> 6;
-  s[5] = h1 >> 14;
-  s[6] = (h1 >> 22) | ((uint32_t)(h2) << 3);
-  s[7] = h2 >> 5;
-  s[8] = h2 >> 13;
-  s[9] = (h2 >> 21) | ((uint32_t)(h3) << 5);
-  s[10] = h3 >> 3;
-  s[11] = h3 >> 11;
-  s[12] = (h3 >> 19) | ((uint32_t)(h4) << 6);
-  s[13] = h4 >> 2;
-  s[14] = h4 >> 10;
-  s[15] = h4 >> 18;
-  s[16] = h5 >> 0;
-  s[17] = h5 >> 8;
-  s[18] = h5 >> 16;
-  s[19] = (h5 >> 24) | ((uint32_t)(h6) << 1);
-  s[20] = h6 >> 7;
-  s[21] = h6 >> 15;
-  s[22] = (h6 >> 23) | ((uint32_t)(h7) << 3);
-  s[23] = h7 >> 5;
-  s[24] = h7 >> 13;
-  s[25] = (h7 >> 21) | ((uint32_t)(h8) << 4);
-  s[26] = h8 >> 4;
-  s[27] = h8 >> 12;
-  s[28] = (h8 >> 20) | ((uint32_t)(h9) << 6);
-  s[29] = h9 >> 2;
-  s[30] = h9 >> 10;
-  s[31] = h9 >> 18;
+  s[0] = (uint8_t)(h0 >> 0);
+  s[1] = (uint8_t)(h0 >> 8);
+  s[2] = (uint8_t)(h0 >> 16);
+  s[3] = (uint8_t)((h0 >> 24) | ((uint32_t)(h1) << 2));
+  s[4] = (uint8_t)(h1 >> 6);
+  s[5] = (uint8_t)(h1 >> 14);
+  s[6] = (uint8_t)((h1 >> 22) | ((uint32_t)(h2) << 3));
+  s[7] = (uint8_t)(h2 >> 5);
+  s[8] = (uint8_t)(h2 >> 13);
+  s[9] = (uint8_t)((h2 >> 21) | ((uint32_t)(h3) << 5));
+  s[10] = (uint8_t)(h3 >> 3);
+  s[11] = (uint8_t)(h3 >> 11);
+  s[12] = (uint8_t)((h3 >> 19) | ((uint32_t)(h4) << 6));
+  s[13] = (uint8_t)(h4 >> 2);
+  s[14] = (uint8_t)(h4 >> 10);
+  s[15] = (uint8_t)(h4 >> 18);
+  s[16] = (uint8_t)(h5 >> 0);
+  s[17] = (uint8_t)(h5 >> 8);
+  s[18] = (uint8_t)(h5 >> 16);
+  s[19] = (uint8_t)((h5 >> 24) | ((uint32_t)(h6) << 1));
+  s[20] = (uint8_t)(h6 >> 7);
+  s[21] = (uint8_t)(h6 >> 15);
+  s[22] = (uint8_t)((h6 >> 23) | ((uint32_t)(h7) << 3));
+  s[23] = (uint8_t)(h7 >> 5);
+  s[24] = (uint8_t)(h7 >> 13);
+  s[25] = (uint8_t)((h7 >> 21) | ((uint32_t)(h8) << 4));
+  s[26] = (uint8_t)(h8 >> 4);
+  s[27] = (uint8_t)(h8 >> 12);
+  s[28] = (uint8_t)((h8 >> 20) | ((uint32_t)(h9) << 6));
+  s[29] = (uint8_t)(h9 >> 2);
+  s[30] = (uint8_t)(h9 >> 10);
+  s[31] = (uint8_t)(h9 >> 18);
 }
 
 /* h = f */
@@ -470,16 +1206,16 @@ static void fe_mul(fe h, const fe f, const fe g) {
   /* |h0| <= 2^25; from now on fits into int32 unchanged */
   /* |h1| <= 1.01*2^24 */
 
-  h[0] = h0;
-  h[1] = h1;
-  h[2] = h2;
-  h[3] = h3;
-  h[4] = h4;
-  h[5] = h5;
-  h[6] = h6;
-  h[7] = h7;
-  h[8] = h8;
-  h[9] = h9;
+  h[0] = (int32_t)h0;
+  h[1] = (int32_t)h1;
+  h[2] = (int32_t)h2;
+  h[3] = (int32_t)h3;
+  h[4] = (int32_t)h4;
+  h[5] = (int32_t)h5;
+  h[6] = (int32_t)h6;
+  h[7] = (int32_t)h7;
+  h[8] = (int32_t)h8;
+  h[9] = (int32_t)h9;
 }
 
 /* h = f * f
@@ -611,16 +1347,16 @@ static void fe_sq(fe h, const fe f) {
 
   carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits;
 
-  h[0] = h0;
-  h[1] = h1;
-  h[2] = h2;
-  h[3] = h3;
-  h[4] = h4;
-  h[5] = h5;
-  h[6] = h6;
-  h[7] = h7;
-  h[8] = h8;
-  h[9] = h9;
+  h[0] = (int32_t)h0;
+  h[1] = (int32_t)h1;
+  h[2] = (int32_t)h2;
+  h[3] = (int32_t)h3;
+  h[4] = (int32_t)h4;
+  h[5] = (int32_t)h5;
+  h[6] = (int32_t)h6;
+  h[7] = (int32_t)h7;
+  h[8] = (int32_t)h8;
+  h[9] = (int32_t)h9;
 }
 
 static void fe_invert(fe out, const fe z) {
@@ -746,6 +1482,30 @@ static void fe_cmov(fe f, const fe g, unsigned b) {
   }
 }
 
+/* return 0 if f == 0
+ * return 1 if f != 0
+ *
+ * Preconditions:
+ *    |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. */
+static int fe_isnonzero(const fe f) {
+  uint8_t s[32];
+  static const uint8_t zero[32] = {0};
+  fe_tobytes(s, f);
+
+  return CRYPTO_memcmp(s, zero, sizeof(zero)) != 0;
+}
+
+/* return 1 if f is in {1,3,5,...,q-2}
+ * return 0 if f is in {0,2,4,...,q-1}
+ *
+ * Preconditions:
+ *    |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. */
+static int fe_isnegative(const fe f) {
+  uint8_t s[32];
+  fe_tobytes(s, f);
+  return s[0] & 1;
+}
+
 /* h = 2 * f * f
  * Can overlap h with f.
  *
@@ -886,16 +1646,73 @@ static void fe_sq2(fe h, const fe f) {
 
   carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits;
 
-  h[0] = h0;
-  h[1] = h1;
-  h[2] = h2;
-  h[3] = h3;
-  h[4] = h4;
-  h[5] = h5;
-  h[6] = h6;
-  h[7] = h7;
-  h[8] = h8;
-  h[9] = h9;
+  h[0] = (int32_t)h0;
+  h[1] = (int32_t)h1;
+  h[2] = (int32_t)h2;
+  h[3] = (int32_t)h3;
+  h[4] = (int32_t)h4;
+  h[5] = (int32_t)h5;
+  h[6] = (int32_t)h6;
+  h[7] = (int32_t)h7;
+  h[8] = (int32_t)h8;
+  h[9] = (int32_t)h9;
+}
+
+static void fe_pow22523(fe out, const fe z) {
+  fe t0;
+  fe t1;
+  fe t2;
+  int i;
+
+  fe_sq(t0, z);
+  fe_sq(t1, t0);
+  for (i = 1; i < 2; ++i) {
+    fe_sq(t1, t1);
+  }
+  fe_mul(t1, z, t1);
+  fe_mul(t0, t0, t1);
+  fe_sq(t0, t0);
+  fe_mul(t0, t1, t0);
+  fe_sq(t1, t0);
+  for (i = 1; i < 5; ++i) {
+    fe_sq(t1, t1);
+  }
+  fe_mul(t0, t1, t0);
+  fe_sq(t1, t0);
+  for (i = 1; i < 10; ++i) {
+    fe_sq(t1, t1);
+  }
+  fe_mul(t1, t1, t0);
+  fe_sq(t2, t1);
+  for (i = 1; i < 20; ++i) {
+    fe_sq(t2, t2);
+  }
+  fe_mul(t1, t2, t1);
+  fe_sq(t1, t1);
+  for (i = 1; i < 10; ++i) {
+    fe_sq(t1, t1);
+  }
+  fe_mul(t0, t1, t0);
+  fe_sq(t1, t0);
+  for (i = 1; i < 50; ++i) {
+    fe_sq(t1, t1);
+  }
+  fe_mul(t1, t1, t0);
+  fe_sq(t2, t1);
+  for (i = 1; i < 100; ++i) {
+    fe_sq(t2, t2);
+  }
+  fe_mul(t1, t2, t1);
+  fe_sq(t1, t1);
+  for (i = 1; i < 50; ++i) {
+    fe_sq(t1, t1);
+  }
+  fe_mul(t0, t1, t0);
+  fe_sq(t0, t0);
+  for (i = 1; i < 2; ++i) {
+    fe_sq(t0, t0);
+  }
+  fe_mul(out, t0, z);
 }
 
 /* ge means group element.
@@ -943,6 +1760,85 @@ typedef struct {
   fe T2d;
 } ge_cached;
 
+static void ge_tobytes(uint8_t *s, const ge_p2 *h) {
+  fe recip;
+  fe x;
+  fe y;
+
+  fe_invert(recip, h->Z);
+  fe_mul(x, h->X, recip);
+  fe_mul(y, h->Y, recip);
+  fe_tobytes(s, y);
+  s[31] ^= fe_isnegative(x) << 7;
+}
+
+static void ge_p3_tobytes(uint8_t *s, const ge_p3 *h) {
+  fe recip;
+  fe x;
+  fe y;
+
+  fe_invert(recip, h->Z);
+  fe_mul(x, h->X, recip);
+  fe_mul(y, h->Y, recip);
+  fe_tobytes(s, y);
+  s[31] ^= fe_isnegative(x) << 7;
+}
+
+static const fe d = {-10913610, 13857413, -15372611, 6949391,   114729,
+                     -8787816,  -6275908, -3247719,  -18696448, -12055116};
+
+static const fe sqrtm1 = {-32595792, -7943725,  9377950,  3500415, 12389472,
+                          -272473,   -25146209, -2005654, 326686,  11406482};
+
+static int ge_frombytes_vartime(ge_p3 *h, const uint8_t *s) {
+  fe u;
+  fe v;
+  fe v3;
+  fe vxx;
+  fe check;
+
+  fe_frombytes(h->Y, s);
+  fe_1(h->Z);
+  fe_sq(u, h->Y);
+  fe_mul(v, u, d);
+  fe_sub(u, u, h->Z); /* u = y^2-1 */
+  fe_add(v, v, h->Z); /* v = dy^2+1 */
+
+  fe_sq(v3, v);
+  fe_mul(v3, v3, v); /* v3 = v^3 */
+  fe_sq(h->X, v3);
+  fe_mul(h->X, h->X, v);
+  fe_mul(h->X, h->X, u); /* x = uv^7 */
+
+  fe_pow22523(h->X, h->X); /* x = (uv^7)^((q-5)/8) */
+  fe_mul(h->X, h->X, v3);
+  fe_mul(h->X, h->X, u); /* x = uv^3(uv^7)^((q-5)/8) */
+
+  fe_sq(vxx, h->X);
+  fe_mul(vxx, vxx, v);
+  fe_sub(check, vxx, u); /* vx^2-u */
+  if (fe_isnonzero(check)) {
+    fe_add(check, vxx, u); /* vx^2+u */
+    if (fe_isnonzero(check)) {
+      return -1;
+    }
+    fe_mul(h->X, h->X, sqrtm1);
+  }
+
+  if (fe_isnegative(h->X) != (s[31] >> 7)) {
+    fe_neg(h->X, h->X);
+  }
+
+  fe_mul(h->T, h->X, h->Y);
+  return 0;
+}
+
+static void ge_p2_0(ge_p2 *h) {
+  fe_0(h->X);
+  fe_1(h->Y);
+  fe_1(h->Z);
+}
+
 static void ge_p3_0(ge_p3 *h) {
   fe_0(h->X);
   fe_1(h->Y);
@@ -963,6 +1859,17 @@ static void ge_p3_to_p2(ge_p2 *r, const ge_p3 *p) {
   fe_copy(r->Z, p->Z);
 }
 
+static const fe d2 = {-21827239, -5839606,  -30745221, 13898782, 229458,
+                      15978800,  -12551817, -6495438,  29715968, 9444199};
+
+/* r = p */
+static void ge_p3_to_cached(ge_cached *r, const ge_p3 *p) {
+  fe_add(r->YplusX, p->Y, p->X);
+  fe_sub(r->YminusX, p->Y, p->X);
+  fe_copy(r->Z, p->Z);
+  fe_mul(r->T2d, p->T, d2);
+}
+
 /* r = p */
 static void ge_p1p1_to_p2(ge_p2 *r, const ge_p1p1 *p) {
   fe_mul(r->X, p->X, p->T);
@@ -1016,6 +1923,56 @@ static void ge_madd(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q) {
   fe_sub(r->T, t0, r->T);
 }
 
+/* r = p - q */
+static void ge_msub(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q) {
+  fe t0;
+
+  fe_add(r->X, p->Y, p->X);
+  fe_sub(r->Y, p->Y, p->X);
+  fe_mul(r->Z, r->X, q->yminusx);
+  fe_mul(r->Y, r->Y, q->yplusx);
+  fe_mul(r->T, q->xy2d, p->T);
+  fe_add(t0, p->Z, p->Z);
+  fe_sub(r->X, r->Z, r->Y);
+  fe_add(r->Y, r->Z, r->Y);
+  fe_sub(r->Z, t0, r->T);
+  fe_add(r->T, t0, r->T);
+}
+
+/* r = p + q */
+static void ge_add(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q) {
+  fe t0;
+
+  fe_add(r->X, p->Y, p->X);
+  fe_sub(r->Y, p->Y, p->X);
+  fe_mul(r->Z, r->X, q->YplusX);
+  fe_mul(r->Y, r->Y, q->YminusX);
+  fe_mul(r->T, q->T2d, p->T);
+  fe_mul(r->X, p->Z, q->Z);
+  fe_add(t0, r->X, r->X);
+  fe_sub(r->X, r->Z, r->Y);
+  fe_add(r->Y, r->Z, r->Y);
+  fe_add(r->Z, t0, r->T);
+  fe_sub(r->T, t0, r->T);
+}
+
+/* r = p - q */
+static void ge_sub(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q) {
+  fe t0;
+
+  fe_add(r->X, p->Y, p->X);
+  fe_sub(r->Y, p->Y, p->X);
+  fe_mul(r->Z, r->X, q->YminusX);
+  fe_mul(r->Y, r->Y, q->YplusX);
+  fe_mul(r->T, q->T2d, p->T);
+  fe_mul(r->X, p->Z, q->Z);
+  fe_add(t0, r->X, r->X);
+  fe_sub(r->X, r->Z, r->Y);
+  fe_add(r->Y, r->Z, r->Y);
+  fe_sub(r->Z, t0, r->T);
+  fe_add(r->T, t0, r->T);
+}
+
 static uint8_t equal(signed char b, signed char c) {
   uint8_t ub = b;
   uint8_t uc = c;
@@ -3230,6 +4187,7 @@ static void ge_scalarmult_base(ge_p3 *h, const uint8_t *a) {
   OPENSSL_cleanse(e, sizeof(e));
 }
 
+#if !defined(BASE_2_51_IMPLEMENTED)
 /* Replace (f,g) with (g,f) if b == 1;
  * replace (f,g) with (f,g) if b == 0.
  *
@@ -3297,16 +4255,16 @@ static void fe_mul121666(fe h, fe f) {
   carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits;
   carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits;
 
-  h[0] = h0;
-  h[1] = h1;
-  h[2] = h2;
-  h[3] = h3;
-  h[4] = h4;
-  h[5] = h5;
-  h[6] = h6;
-  h[7] = h7;
-  h[8] = h8;
-  h[9] = h9;
+  h[0] = (int32_t)h0;
+  h[1] = (int32_t)h1;
+  h[2] = (int32_t)h2;
+  h[3] = (int32_t)h3;
+  h[4] = (int32_t)h4;
+  h[5] = (int32_t)h5;
+  h[6] = (int32_t)h6;
+  h[7] = (int32_t)h7;
+  h[8] = (int32_t)h8;
+  h[9] = (int32_t)h9;
 }
 
 static void x25519_scalar_mult_generic(uint8_t out[32],
@@ -3352,8 +4310,6 @@ static void x25519_scalar_mult_generic(uint8_t out[32],
     fe_mul(z3, x1, z2);
     fe_mul(z2, tmp1, tmp0);
   }
-  fe_cswap(x2, x3, swap);
-  fe_cswap(z2, z3, swap);
 
   fe_invert(z2, z2);
   fe_mul(x2, x2, z2);
@@ -3366,6 +4322,1107 @@ static void x25519_scalar_mult(uint8_t out[32], const uint8_t scalar[32],
                                const uint8_t point[32]) {
   x25519_scalar_mult_generic(out, scalar, point);
 }
+#endif
+
+static void slide(signed char *r, const uint8_t *a) {
+  int i;
+  int b;
+  int k;
+
+  for (i = 0; i < 256; ++i) {
+    r[i] = 1 & (a[i >> 3] >> (i & 7));
+  }
+
+  for (i = 0; i < 256; ++i) {
+    if (r[i]) {
+      for (b = 1; b <= 6 && i + b < 256; ++b) {
+        if (r[i + b]) {
+          if (r[i] + (r[i + b] << b) <= 15) {
+            r[i] += r[i + b] << b;
+            r[i + b] = 0;
+          } else if (r[i] - (r[i + b] << b) >= -15) {
+            r[i] -= r[i + b] << b;
+            for (k = i + b; k < 256; ++k) {
+              if (!r[k]) {
+                r[k] = 1;
+                break;
+              }
+              r[k] = 0;
+            }
+          } else {
+            break;
+          }
+        }
+      }
+    }
+  }
+}
+
+static const ge_precomp Bi[8] = {
+    {
+        {25967493, -14356035, 29566456, 3660896, -12694345, 4014787, 27544626,
+         -11754271, -6079156, 2047605},
+        {-12545711, 934262, -2722910, 3049990, -727428, 9406986, 12720692,
+         5043384, 19500929, -15469378},
+        {-8738181, 4489570, 9688441, -14785194, 10184609, -12363380, 29287919,
+         11864899, -24514362, -4438546},
+    },
+    {
+        {15636291, -9688557, 24204773, -7912398, 616977, -16685262, 27787600,
+         -14772189, 28944400, -1550024},
+        {16568933, 4717097, -11556148, -1102322, 15682896, -11807043, 16354577,
+         -11775962, 7689662, 11199574},
+        {30464156, -5976125, -11779434, -15670865, 23220365, 15915852, 7512774,
+         10017326, -17749093, -9920357},
+    },
+    {
+        {10861363, 11473154, 27284546, 1981175, -30064349, 12577861, 32867885,
+         14515107, -15438304, 10819380},
+        {4708026, 6336745, 20377586, 9066809, -11272109, 6594696, -25653668,
+         12483688, -12668491, 5581306},
+        {19563160, 16186464, -29386857, 4097519, 10237984, -4348115, 28542350,
+         13850243, -23678021, -15815942},
+    },
+    {
+        {5153746, 9909285, 1723747, -2777874, 30523605, 5516873, 19480852,
+         5230134, -23952439, -15175766},
+        {-30269007, -3463509, 7665486, 10083793, 28475525, 1649722, 20654025,
+         16520125, 30598449, 7715701},
+        {28881845, 14381568, 9657904, 3680757, -20181635, 7843316, -31400660,
+         1370708, 29794553, -1409300},
+    },
+    {
+        {-22518993, -6692182, 14201702, -8745502, -23510406, 8844726, 18474211,
+         -1361450, -13062696, 13821877},
+        {-6455177, -7839871, 3374702, -4740862, -27098617, -10571707, 31655028,
+         -7212327, 18853322, -14220951},
+        {4566830, -12963868, -28974889, -12240689, -7602672, -2830569, -8514358,
+         -10431137, 2207753, -3209784},
+    },
+    {
+        {-25154831, -4185821, 29681144, 7868801, -6854661, -9423865, -12437364,
+         -663000, -31111463, -16132436},
+        {25576264, -2703214, 7349804, -11814844, 16472782, 9300885, 3844789,
+         15725684, 171356, 6466918},
+        {23103977, 13316479, 9739013, -16149481, 817875, -15038942, 8965339,
+         -14088058, -30714912, 16193877},
+    },
+    {
+        {-33521811, 3180713, -2394130, 14003687, -16903474, -16270840, 17238398,
+         4729455, -18074513, 9256800},
+        {-25182317, -4174131, 32336398, 5036987, -21236817, 11360617, 22616405,
+         9761698, -19827198, 630305},
+        {-13720693, 2639453, -24237460, -7406481, 9494427, -5774029, -6554551,
+         -15960994, -2449256, -14291300},
+    },
+    {
+        {-3151181, -5046075, 9282714, 6866145, -31907062, -863023, -18940575,
+         15033784, 25105118, -7894876},
+        {-24326370, 15950226, -31801215, -14592823, -11662737, -5090925,
+         1573892, -2625887, 2198790, -15804619},
+        {-3099351, 10324967, -2241613, 7453183, -5446979, -2735503, -13812022,
+         -16236442, -32461234, -12290683},
+    },
+};
+
+/* r = a * A + b * B
+ * where a = a[0]+256*a[1]+...+256^31 a[31].
+ * and b = b[0]+256*b[1]+...+256^31 b[31].
+ * B is the Ed25519 base point (x,4/5) with x positive. */
+static void ge_double_scalarmult_vartime(ge_p2 *r, const uint8_t *a,
+                                         const ge_p3 *A, const uint8_t *b) {
+  signed char aslide[256];
+  signed char bslide[256];
+  ge_cached Ai[8]; /* A,3A,5A,7A,9A,11A,13A,15A */
+  ge_p1p1 t;
+  ge_p3 u;
+  ge_p3 A2;
+  int i;
+
+  slide(aslide, a);
+  slide(bslide, b);
+
+  ge_p3_to_cached(&Ai[0], A);
+  ge_p3_dbl(&t, A);
+  ge_p1p1_to_p3(&A2, &t);
+  ge_add(&t, &A2, &Ai[0]);
+  ge_p1p1_to_p3(&u, &t);
+  ge_p3_to_cached(&Ai[1], &u);
+  ge_add(&t, &A2, &Ai[1]);
+  ge_p1p1_to_p3(&u, &t);
+  ge_p3_to_cached(&Ai[2], &u);
+  ge_add(&t, &A2, &Ai[2]);
+  ge_p1p1_to_p3(&u, &t);
+  ge_p3_to_cached(&Ai[3], &u);
+  ge_add(&t, &A2, &Ai[3]);
+  ge_p1p1_to_p3(&u, &t);
+  ge_p3_to_cached(&Ai[4], &u);
+  ge_add(&t, &A2, &Ai[4]);
+  ge_p1p1_to_p3(&u, &t);
+  ge_p3_to_cached(&Ai[5], &u);
+  ge_add(&t, &A2, &Ai[5]);
+  ge_p1p1_to_p3(&u, &t);
+  ge_p3_to_cached(&Ai[6], &u);
+  ge_add(&t, &A2, &Ai[6]);
+  ge_p1p1_to_p3(&u, &t);
+  ge_p3_to_cached(&Ai[7], &u);
+
+  ge_p2_0(r);
+
+  for (i = 255; i >= 0; --i) {
+    if (aslide[i] || bslide[i]) {
+      break;
+    }
+  }
+
+  for (; i >= 0; --i) {
+    ge_p2_dbl(&t, r);
+
+    if (aslide[i] > 0) {
+      ge_p1p1_to_p3(&u, &t);
+      ge_add(&t, &u, &Ai[aslide[i] / 2]);
+    } else if (aslide[i] < 0) {
+      ge_p1p1_to_p3(&u, &t);
+      ge_sub(&t, &u, &Ai[(-aslide[i]) / 2]);
+    }
+
+    if (bslide[i] > 0) {
+      ge_p1p1_to_p3(&u, &t);
+      ge_madd(&t, &u, &Bi[bslide[i] / 2]);
+    } else if (bslide[i] < 0) {
+      ge_p1p1_to_p3(&u, &t);
+      ge_msub(&t, &u, &Bi[(-bslide[i]) / 2]);
+    }
+
+    ge_p1p1_to_p2(r, &t);
+  }
+}
+
+/* The set of scalars is \Z/l
+ * where l = 2^252 + 27742317777372353535851937790883648493. */
+
+/* Input:
+ *   s[0]+256*s[1]+...+256^63*s[63] = s
+ *
+ * Output:
+ *   s[0]+256*s[1]+...+256^31*s[31] = s mod l
+ *   where l = 2^252 + 27742317777372353535851937790883648493.
+ *   Overwrites s in place. */
+static void x25519_sc_reduce(uint8_t *s) {
+  int64_t s0 = 2097151 & load_3(s);
+  int64_t s1 = 2097151 & (load_4(s + 2) >> 5);
+  int64_t s2 = 2097151 & (load_3(s + 5) >> 2);
+  int64_t s3 = 2097151 & (load_4(s + 7) >> 7);
+  int64_t s4 = 2097151 & (load_4(s + 10) >> 4);
+  int64_t s5 = 2097151 & (load_3(s + 13) >> 1);
+  int64_t s6 = 2097151 & (load_4(s + 15) >> 6);
+  int64_t s7 = 2097151 & (load_3(s + 18) >> 3);
+  int64_t s8 = 2097151 & load_3(s + 21);
+  int64_t s9 = 2097151 & (load_4(s + 23) >> 5);
+  int64_t s10 = 2097151 & (load_3(s + 26) >> 2);
+  int64_t s11 = 2097151 & (load_4(s + 28) >> 7);
+  int64_t s12 = 2097151 & (load_4(s + 31) >> 4);
+  int64_t s13 = 2097151 & (load_3(s + 34) >> 1);
+  int64_t s14 = 2097151 & (load_4(s + 36) >> 6);
+  int64_t s15 = 2097151 & (load_3(s + 39) >> 3);
+  int64_t s16 = 2097151 & load_3(s + 42);
+  int64_t s17 = 2097151 & (load_4(s + 44) >> 5);
+  int64_t s18 = 2097151 & (load_3(s + 47) >> 2);
+  int64_t s19 = 2097151 & (load_4(s + 49) >> 7);
+  int64_t s20 = 2097151 & (load_4(s + 52) >> 4);
+  int64_t s21 = 2097151 & (load_3(s + 55) >> 1);
+  int64_t s22 = 2097151 & (load_4(s + 57) >> 6);
+  int64_t s23 = (load_4(s + 60) >> 3);
+  int64_t carry0;
+  int64_t carry1;
+  int64_t carry2;
+  int64_t carry3;
+  int64_t carry4;
+  int64_t carry5;
+  int64_t carry6;
+  int64_t carry7;
+  int64_t carry8;
+  int64_t carry9;
+  int64_t carry10;
+  int64_t carry11;
+  int64_t carry12;
+  int64_t carry13;
+  int64_t carry14;
+  int64_t carry15;
+  int64_t carry16;
+
+  s11 += s23 * 666643;
+  s12 += s23 * 470296;
+  s13 += s23 * 654183;
+  s14 -= s23 * 997805;
+  s15 += s23 * 136657;
+  s16 -= s23 * 683901;
+  s23 = 0;
+
+  s10 += s22 * 666643;
+  s11 += s22 * 470296;
+  s12 += s22 * 654183;
+  s13 -= s22 * 997805;
+  s14 += s22 * 136657;
+  s15 -= s22 * 683901;
+  s22 = 0;
+
+  s9 += s21 * 666643;
+  s10 += s21 * 470296;
+  s11 += s21 * 654183;
+  s12 -= s21 * 997805;
+  s13 += s21 * 136657;
+  s14 -= s21 * 683901;
+  s21 = 0;
+
+  s8 += s20 * 666643;
+  s9 += s20 * 470296;
+  s10 += s20 * 654183;
+  s11 -= s20 * 997805;
+  s12 += s20 * 136657;
+  s13 -= s20 * 683901;
+  s20 = 0;
+
+  s7 += s19 * 666643;
+  s8 += s19 * 470296;
+  s9 += s19 * 654183;
+  s10 -= s19 * 997805;
+  s11 += s19 * 136657;
+  s12 -= s19 * 683901;
+  s19 = 0;
+
+  s6 += s18 * 666643;
+  s7 += s18 * 470296;
+  s8 += s18 * 654183;
+  s9 -= s18 * 997805;
+  s10 += s18 * 136657;
+  s11 -= s18 * 683901;
+  s18 = 0;
+
+  carry6 = (s6 + (1 << 20)) >> 21;
+  s7 += carry6;
+  s6 -= carry6 * (1 << 21);
+  carry8 = (s8 + (1 << 20)) >> 21;
+  s9 += carry8;
+  s8 -= carry8 * (1 << 21);
+  carry10 = (s10 + (1 << 20)) >> 21;
+  s11 += carry10;
+  s10 -= carry10 * (1 << 21);
+  carry12 = (s12 + (1 << 20)) >> 21;
+  s13 += carry12;
+  s12 -= carry12 * (1 << 21);
+  carry14 = (s14 + (1 << 20)) >> 21;
+  s15 += carry14;
+  s14 -= carry14 * (1 << 21);
+  carry16 = (s16 + (1 << 20)) >> 21;
+  s17 += carry16;
+  s16 -= carry16 * (1 << 21);
+
+  carry7 = (s7 + (1 << 20)) >> 21;
+  s8 += carry7;
+  s7 -= carry7 * (1 << 21);
+  carry9 = (s9 + (1 << 20)) >> 21;
+  s10 += carry9;
+  s9 -= carry9 * (1 << 21);
+  carry11 = (s11 + (1 << 20)) >> 21;
+  s12 += carry11;
+  s11 -= carry11 * (1 << 21);
+  carry13 = (s13 + (1 << 20)) >> 21;
+  s14 += carry13;
+  s13 -= carry13 * (1 << 21);
+  carry15 = (s15 + (1 << 20)) >> 21;
+  s16 += carry15;
+  s15 -= carry15 * (1 << 21);
+
+  s5 += s17 * 666643;
+  s6 += s17 * 470296;
+  s7 += s17 * 654183;
+  s8 -= s17 * 997805;
+  s9 += s17 * 136657;
+  s10 -= s17 * 683901;
+  s17 = 0;
+
+  s4 += s16 * 666643;
+  s5 += s16 * 470296;
+  s6 += s16 * 654183;
+  s7 -= s16 * 997805;
+  s8 += s16 * 136657;
+  s9 -= s16 * 683901;
+  s16 = 0;
+
+  s3 += s15 * 666643;
+  s4 += s15 * 470296;
+  s5 += s15 * 654183;
+  s6 -= s15 * 997805;
+  s7 += s15 * 136657;
+  s8 -= s15 * 683901;
+  s15 = 0;
+
+  s2 += s14 * 666643;
+  s3 += s14 * 470296;
+  s4 += s14 * 654183;
+  s5 -= s14 * 997805;
+  s6 += s14 * 136657;
+  s7 -= s14 * 683901;
+  s14 = 0;
+
+  s1 += s13 * 666643;
+  s2 += s13 * 470296;
+  s3 += s13 * 654183;
+  s4 -= s13 * 997805;
+  s5 += s13 * 136657;
+  s6 -= s13 * 683901;
+  s13 = 0;
+
+  s0 += s12 * 666643;
+  s1 += s12 * 470296;
+  s2 += s12 * 654183;
+  s3 -= s12 * 997805;
+  s4 += s12 * 136657;
+  s5 -= s12 * 683901;
+  s12 = 0;
+
+  carry0 = (s0 + (1 << 20)) >> 21;
+  s1 += carry0;
+  s0 -= carry0 * (1 << 21);
+  carry2 = (s2 + (1 << 20)) >> 21;
+  s3 += carry2;
+  s2 -= carry2 * (1 << 21);
+  carry4 = (s4 + (1 << 20)) >> 21;
+  s5 += carry4;
+  s4 -= carry4 * (1 << 21);
+  carry6 = (s6 + (1 << 20)) >> 21;
+  s7 += carry6;
+  s6 -= carry6 * (1 << 21);
+  carry8 = (s8 + (1 << 20)) >> 21;
+  s9 += carry8;
+  s8 -= carry8 * (1 << 21);
+  carry10 = (s10 + (1 << 20)) >> 21;
+  s11 += carry10;
+  s10 -= carry10 * (1 << 21);
+
+  carry1 = (s1 + (1 << 20)) >> 21;
+  s2 += carry1;
+  s1 -= carry1 * (1 << 21);
+  carry3 = (s3 + (1 << 20)) >> 21;
+  s4 += carry3;
+  s3 -= carry3 * (1 << 21);
+  carry5 = (s5 + (1 << 20)) >> 21;
+  s6 += carry5;
+  s5 -= carry5 * (1 << 21);
+  carry7 = (s7 + (1 << 20)) >> 21;
+  s8 += carry7;
+  s7 -= carry7 * (1 << 21);
+  carry9 = (s9 + (1 << 20)) >> 21;
+  s10 += carry9;
+  s9 -= carry9 * (1 << 21);
+  carry11 = (s11 + (1 << 20)) >> 21;
+  s12 += carry11;
+  s11 -= carry11 * (1 << 21);
+
+  s0 += s12 * 666643;
+  s1 += s12 * 470296;
+  s2 += s12 * 654183;
+  s3 -= s12 * 997805;
+  s4 += s12 * 136657;
+  s5 -= s12 * 683901;
+  s12 = 0;
+
+  carry0 = s0 >> 21;
+  s1 += carry0;
+  s0 -= carry0 * (1 << 21);
+  carry1 = s1 >> 21;
+  s2 += carry1;
+  s1 -= carry1 * (1 << 21);
+  carry2 = s2 >> 21;
+  s3 += carry2;
+  s2 -= carry2 * (1 << 21);
+  carry3 = s3 >> 21;
+  s4 += carry3;
+  s3 -= carry3 * (1 << 21);
+  carry4 = s4 >> 21;
+  s5 += carry4;
+  s4 -= carry4 * (1 << 21);
+  carry5 = s5 >> 21;
+  s6 += carry5;
+  s5 -= carry5 * (1 << 21);
+  carry6 = s6 >> 21;
+  s7 += carry6;
+  s6 -= carry6 * (1 << 21);
+  carry7 = s7 >> 21;
+  s8 += carry7;
+  s7 -= carry7 * (1 << 21);
+  carry8 = s8 >> 21;
+  s9 += carry8;
+  s8 -= carry8 * (1 << 21);
+  carry9 = s9 >> 21;
+  s10 += carry9;
+  s9 -= carry9 * (1 << 21);
+  carry10 = s10 >> 21;
+  s11 += carry10;
+  s10 -= carry10 * (1 << 21);
+  carry11 = s11 >> 21;
+  s12 += carry11;
+  s11 -= carry11 * (1 << 21);
+
+  s0 += s12 * 666643;
+  s1 += s12 * 470296;
+  s2 += s12 * 654183;
+  s3 -= s12 * 997805;
+  s4 += s12 * 136657;
+  s5 -= s12 * 683901;
+  s12 = 0;
+
+  carry0 = s0 >> 21;
+  s1 += carry0;
+  s0 -= carry0 * (1 << 21);
+  carry1 = s1 >> 21;
+  s2 += carry1;
+  s1 -= carry1 * (1 << 21);
+  carry2 = s2 >> 21;
+  s3 += carry2;
+  s2 -= carry2 * (1 << 21);
+  carry3 = s3 >> 21;
+  s4 += carry3;
+  s3 -= carry3 * (1 << 21);
+  carry4 = s4 >> 21;
+  s5 += carry4;
+  s4 -= carry4 * (1 << 21);
+  carry5 = s5 >> 21;
+  s6 += carry5;
+  s5 -= carry5 * (1 << 21);
+  carry6 = s6 >> 21;
+  s7 += carry6;
+  s6 -= carry6 * (1 << 21);
+  carry7 = s7 >> 21;
+  s8 += carry7;
+  s7 -= carry7 * (1 << 21);
+  carry8 = s8 >> 21;
+  s9 += carry8;
+  s8 -= carry8 * (1 << 21);
+  carry9 = s9 >> 21;
+  s10 += carry9;
+  s9 -= carry9 * (1 << 21);
+  carry10 = s10 >> 21;
+  s11 += carry10;
+  s10 -= carry10 * (1 << 21);
+
+  s[0] = (uint8_t)(s0 >> 0);
+  s[1] = (uint8_t)(s0 >> 8);
+  s[2] = (uint8_t)((s0 >> 16) | (s1 << 5));
+  s[3] = (uint8_t)(s1 >> 3);
+  s[4] = (uint8_t)(s1 >> 11);
+  s[5] = (uint8_t)((s1 >> 19) | (s2 << 2));
+  s[6] = (uint8_t)(s2 >> 6);
+  s[7] = (uint8_t)((s2 >> 14) | (s3 << 7));
+  s[8] = (uint8_t)(s3 >> 1);
+  s[9] = (uint8_t)(s3 >> 9);
+  s[10] = (uint8_t)((s3 >> 17) | (s4 << 4));
+  s[11] = (uint8_t)(s4 >> 4);
+  s[12] = (uint8_t)(s4 >> 12);
+  s[13] = (uint8_t)((s4 >> 20) | (s5 << 1));
+  s[14] = (uint8_t)(s5 >> 7);
+  s[15] = (uint8_t)((s5 >> 15) | (s6 << 6));
+  s[16] = (uint8_t)(s6 >> 2);
+  s[17] = (uint8_t)(s6 >> 10);
+  s[18] = (uint8_t)((s6 >> 18) | (s7 << 3));
+  s[19] = (uint8_t)(s7 >> 5);
+  s[20] = (uint8_t)(s7 >> 13);
+  s[21] = (uint8_t)(s8 >> 0);
+  s[22] = (uint8_t)(s8 >> 8);
+  s[23] = (uint8_t)((s8 >> 16) | (s9 << 5));
+  s[24] = (uint8_t)(s9 >> 3);
+  s[25] = (uint8_t)(s9 >> 11);
+  s[26] = (uint8_t)((s9 >> 19) | (s10 << 2));
+  s[27] = (uint8_t)(s10 >> 6);
+  s[28] = (uint8_t)((s10 >> 14) | (s11 << 7));
+  s[29] = (uint8_t)(s11 >> 1);
+  s[30] = (uint8_t)(s11 >> 9);
+  s[31] = (uint8_t)(s11 >> 17);
+}
+
+/* Input:
+ *   a[0]+256*a[1]+...+256^31*a[31] = a
+ *   b[0]+256*b[1]+...+256^31*b[31] = b
+ *   c[0]+256*c[1]+...+256^31*c[31] = c
+ *
+ * Output:
+ *   s[0]+256*s[1]+...+256^31*s[31] = (ab+c) mod l
+ *   where l = 2^252 + 27742317777372353535851937790883648493. */
+static void sc_muladd(uint8_t *s, const uint8_t *a, const uint8_t *b,
+                      const uint8_t *c) {
+  int64_t a0 = 2097151 & load_3(a);
+  int64_t a1 = 2097151 & (load_4(a + 2) >> 5);
+  int64_t a2 = 2097151 & (load_3(a + 5) >> 2);
+  int64_t a3 = 2097151 & (load_4(a + 7) >> 7);
+  int64_t a4 = 2097151 & (load_4(a + 10) >> 4);
+  int64_t a5 = 2097151 & (load_3(a + 13) >> 1);
+  int64_t a6 = 2097151 & (load_4(a + 15) >> 6);
+  int64_t a7 = 2097151 & (load_3(a + 18) >> 3);
+  int64_t a8 = 2097151 & load_3(a + 21);
+  int64_t a9 = 2097151 & (load_4(a + 23) >> 5);
+  int64_t a10 = 2097151 & (load_3(a + 26) >> 2);
+  int64_t a11 = (load_4(a + 28) >> 7);
+  int64_t b0 = 2097151 & load_3(b);
+  int64_t b1 = 2097151 & (load_4(b + 2) >> 5);
+  int64_t b2 = 2097151 & (load_3(b + 5) >> 2);
+  int64_t b3 = 2097151 & (load_4(b + 7) >> 7);
+  int64_t b4 = 2097151 & (load_4(b + 10) >> 4);
+  int64_t b5 = 2097151 & (load_3(b + 13) >> 1);
+  int64_t b6 = 2097151 & (load_4(b + 15) >> 6);
+  int64_t b7 = 2097151 & (load_3(b + 18) >> 3);
+  int64_t b8 = 2097151 & load_3(b + 21);
+  int64_t b9 = 2097151 & (load_4(b + 23) >> 5);
+  int64_t b10 = 2097151 & (load_3(b + 26) >> 2);
+  int64_t b11 = (load_4(b + 28) >> 7);
+  int64_t c0 = 2097151 & load_3(c);
+  int64_t c1 = 2097151 & (load_4(c + 2) >> 5);
+  int64_t c2 = 2097151 & (load_3(c + 5) >> 2);
+  int64_t c3 = 2097151 & (load_4(c + 7) >> 7);
+  int64_t c4 = 2097151 & (load_4(c + 10) >> 4);
+  int64_t c5 = 2097151 & (load_3(c + 13) >> 1);
+  int64_t c6 = 2097151 & (load_4(c + 15) >> 6);
+  int64_t c7 = 2097151 & (load_3(c + 18) >> 3);
+  int64_t c8 = 2097151 & load_3(c + 21);
+  int64_t c9 = 2097151 & (load_4(c + 23) >> 5);
+  int64_t c10 = 2097151 & (load_3(c + 26) >> 2);
+  int64_t c11 = (load_4(c + 28) >> 7);
+  int64_t s0;
+  int64_t s1;
+  int64_t s2;
+  int64_t s3;
+  int64_t s4;
+  int64_t s5;
+  int64_t s6;
+  int64_t s7;
+  int64_t s8;
+  int64_t s9;
+  int64_t s10;
+  int64_t s11;
+  int64_t s12;
+  int64_t s13;
+  int64_t s14;
+  int64_t s15;
+  int64_t s16;
+  int64_t s17;
+  int64_t s18;
+  int64_t s19;
+  int64_t s20;
+  int64_t s21;
+  int64_t s22;
+  int64_t s23;
+  int64_t carry0;
+  int64_t carry1;
+  int64_t carry2;
+  int64_t carry3;
+  int64_t carry4;
+  int64_t carry5;
+  int64_t carry6;
+  int64_t carry7;
+  int64_t carry8;
+  int64_t carry9;
+  int64_t carry10;
+  int64_t carry11;
+  int64_t carry12;
+  int64_t carry13;
+  int64_t carry14;
+  int64_t carry15;
+  int64_t carry16;
+  int64_t carry17;
+  int64_t carry18;
+  int64_t carry19;
+  int64_t carry20;
+  int64_t carry21;
+  int64_t carry22;
+
+  s0 = c0 + a0 * b0;
+  s1 = c1 + a0 * b1 + a1 * b0;
+  s2 = c2 + a0 * b2 + a1 * b1 + a2 * b0;
+  s3 = c3 + a0 * b3 + a1 * b2 + a2 * b1 + a3 * b0;
+  s4 = c4 + a0 * b4 + a1 * b3 + a2 * b2 + a3 * b1 + a4 * b0;
+  s5 = c5 + a0 * b5 + a1 * b4 + a2 * b3 + a3 * b2 + a4 * b1 + a5 * b0;
+  s6 = c6 + a0 * b6 + a1 * b5 + a2 * b4 + a3 * b3 + a4 * b2 + a5 * b1 + a6 * b0;
+  s7 = c7 + a0 * b7 + a1 * b6 + a2 * b5 + a3 * b4 + a4 * b3 + a5 * b2 +
+       a6 * b1 + a7 * b0;
+  s8 = c8 + a0 * b8 + a1 * b7 + a2 * b6 + a3 * b5 + a4 * b4 + a5 * b3 +
+       a6 * b2 + a7 * b1 + a8 * b0;
+  s9 = c9 + a0 * b9 + a1 * b8 + a2 * b7 + a3 * b6 + a4 * b5 + a5 * b4 +
+       a6 * b3 + a7 * b2 + a8 * b1 + a9 * b0;
+  s10 = c10 + a0 * b10 + a1 * b9 + a2 * b8 + a3 * b7 + a4 * b6 + a5 * b5 +
+        a6 * b4 + a7 * b3 + a8 * b2 + a9 * b1 + a10 * b0;
+  s11 = c11 + a0 * b11 + a1 * b10 + a2 * b9 + a3 * b8 + a4 * b7 + a5 * b6 +
+        a6 * b5 + a7 * b4 + a8 * b3 + a9 * b2 + a10 * b1 + a11 * b0;
+  s12 = a1 * b11 + a2 * b10 + a3 * b9 + a4 * b8 + a5 * b7 + a6 * b6 + a7 * b5 +
+        a8 * b4 + a9 * b3 + a10 * b2 + a11 * b1;
+  s13 = a2 * b11 + a3 * b10 + a4 * b9 + a5 * b8 + a6 * b7 + a7 * b6 + a8 * b5 +
+        a9 * b4 + a10 * b3 + a11 * b2;
+  s14 = a3 * b11 + a4 * b10 + a5 * b9 + a6 * b8 + a7 * b7 + a8 * b6 + a9 * b5 +
+        a10 * b4 + a11 * b3;
+  s15 = a4 * b11 + a5 * b10 + a6 * b9 + a7 * b8 + a8 * b7 + a9 * b6 + a10 * b5 +
+        a11 * b4;
+  s16 = a5 * b11 + a6 * b10 + a7 * b9 + a8 * b8 + a9 * b7 + a10 * b6 + a11 * b5;
+  s17 = a6 * b11 + a7 * b10 + a8 * b9 + a9 * b8 + a10 * b7 + a11 * b6;
+  s18 = a7 * b11 + a8 * b10 + a9 * b9 + a10 * b8 + a11 * b7;
+  s19 = a8 * b11 + a9 * b10 + a10 * b9 + a11 * b8;
+  s20 = a9 * b11 + a10 * b10 + a11 * b9;
+  s21 = a10 * b11 + a11 * b10;
+  s22 = a11 * b11;
+  s23 = 0;
+
+  carry0 = (s0 + (1 << 20)) >> 21;
+  s1 += carry0;
+  s0 -= carry0 * (1 << 21);
+  carry2 = (s2 + (1 << 20)) >> 21;
+  s3 += carry2;
+  s2 -= carry2 * (1 << 21);
+  carry4 = (s4 + (1 << 20)) >> 21;
+  s5 += carry4;
+  s4 -= carry4 * (1 << 21);
+  carry6 = (s6 + (1 << 20)) >> 21;
+  s7 += carry6;
+  s6 -= carry6 * (1 << 21);
+  carry8 = (s8 + (1 << 20)) >> 21;
+  s9 += carry8;
+  s8 -= carry8 * (1 << 21);
+  carry10 = (s10 + (1 << 20)) >> 21;
+  s11 += carry10;
+  s10 -= carry10 * (1 << 21);
+  carry12 = (s12 + (1 << 20)) >> 21;
+  s13 += carry12;
+  s12 -= carry12 * (1 << 21);
+  carry14 = (s14 + (1 << 20)) >> 21;
+  s15 += carry14;
+  s14 -= carry14 * (1 << 21);
+  carry16 = (s16 + (1 << 20)) >> 21;
+  s17 += carry16;
+  s16 -= carry16 * (1 << 21);
+  carry18 = (s18 + (1 << 20)) >> 21;
+  s19 += carry18;
+  s18 -= carry18 * (1 << 21);
+  carry20 = (s20 + (1 << 20)) >> 21;
+  s21 += carry20;
+  s20 -= carry20 * (1 << 21);
+  carry22 = (s22 + (1 << 20)) >> 21;
+  s23 += carry22;
+  s22 -= carry22 * (1 << 21);
+
+  carry1 = (s1 + (1 << 20)) >> 21;
+  s2 += carry1;
+  s1 -= carry1 * (1 << 21);
+  carry3 = (s3 + (1 << 20)) >> 21;
+  s4 += carry3;
+  s3 -= carry3 * (1 << 21);
+  carry5 = (s5 + (1 << 20)) >> 21;
+  s6 += carry5;
+  s5 -= carry5 * (1 << 21);
+  carry7 = (s7 + (1 << 20)) >> 21;
+  s8 += carry7;
+  s7 -= carry7 * (1 << 21);
+  carry9 = (s9 + (1 << 20)) >> 21;
+  s10 += carry9;
+  s9 -= carry9 * (1 << 21);
+  carry11 = (s11 + (1 << 20)) >> 21;
+  s12 += carry11;
+  s11 -= carry11 * (1 << 21);
+  carry13 = (s13 + (1 << 20)) >> 21;
+  s14 += carry13;
+  s13 -= carry13 * (1 << 21);
+  carry15 = (s15 + (1 << 20)) >> 21;
+  s16 += carry15;
+  s15 -= carry15 * (1 << 21);
+  carry17 = (s17 + (1 << 20)) >> 21;
+  s18 += carry17;
+  s17 -= carry17 * (1 << 21);
+  carry19 = (s19 + (1 << 20)) >> 21;
+  s20 += carry19;
+  s19 -= carry19 * (1 << 21);
+  carry21 = (s21 + (1 << 20)) >> 21;
+  s22 += carry21;
+  s21 -= carry21 * (1 << 21);
+
+  s11 += s23 * 666643;
+  s12 += s23 * 470296;
+  s13 += s23 * 654183;
+  s14 -= s23 * 997805;
+  s15 += s23 * 136657;
+  s16 -= s23 * 683901;
+  s23 = 0;
+
+  s10 += s22 * 666643;
+  s11 += s22 * 470296;
+  s12 += s22 * 654183;
+  s13 -= s22 * 997805;
+  s14 += s22 * 136657;
+  s15 -= s22 * 683901;
+  s22 = 0;
+
+  s9 += s21 * 666643;
+  s10 += s21 * 470296;
+  s11 += s21 * 654183;
+  s12 -= s21 * 997805;
+  s13 += s21 * 136657;
+  s14 -= s21 * 683901;
+  s21 = 0;
+
+  s8 += s20 * 666643;
+  s9 += s20 * 470296;
+  s10 += s20 * 654183;
+  s11 -= s20 * 997805;
+  s12 += s20 * 136657;
+  s13 -= s20 * 683901;
+  s20 = 0;
+
+  s7 += s19 * 666643;
+  s8 += s19 * 470296;
+  s9 += s19 * 654183;
+  s10 -= s19 * 997805;
+  s11 += s19 * 136657;
+  s12 -= s19 * 683901;
+  s19 = 0;
+
+  s6 += s18 * 666643;
+  s7 += s18 * 470296;
+  s8 += s18 * 654183;
+  s9 -= s18 * 997805;
+  s10 += s18 * 136657;
+  s11 -= s18 * 683901;
+  s18 = 0;
+
+  carry6 = (s6 + (1 << 20)) >> 21;
+  s7 += carry6;
+  s6 -= carry6 * (1 << 21);
+  carry8 = (s8 + (1 << 20)) >> 21;
+  s9 += carry8;
+  s8 -= carry8 * (1 << 21);
+  carry10 = (s10 + (1 << 20)) >> 21;
+  s11 += carry10;
+  s10 -= carry10 * (1 << 21);
+  carry12 = (s12 + (1 << 20)) >> 21;
+  s13 += carry12;
+  s12 -= carry12 * (1 << 21);
+  carry14 = (s14 + (1 << 20)) >> 21;
+  s15 += carry14;
+  s14 -= carry14 * (1 << 21);
+  carry16 = (s16 + (1 << 20)) >> 21;
+  s17 += carry16;
+  s16 -= carry16 * (1 << 21);
+
+  carry7 = (s7 + (1 << 20)) >> 21;
+  s8 += carry7;
+  s7 -= carry7 * (1 << 21);
+  carry9 = (s9 + (1 << 20)) >> 21;
+  s10 += carry9;
+  s9 -= carry9 * (1 << 21);
+  carry11 = (s11 + (1 << 20)) >> 21;
+  s12 += carry11;
+  s11 -= carry11 * (1 << 21);
+  carry13 = (s13 + (1 << 20)) >> 21;
+  s14 += carry13;
+  s13 -= carry13 * (1 << 21);
+  carry15 = (s15 + (1 << 20)) >> 21;
+  s16 += carry15;
+  s15 -= carry15 * (1 << 21);
+
+  s5 += s17 * 666643;
+  s6 += s17 * 470296;
+  s7 += s17 * 654183;
+  s8 -= s17 * 997805;
+  s9 += s17 * 136657;
+  s10 -= s17 * 683901;
+  s17 = 0;
+
+  s4 += s16 * 666643;
+  s5 += s16 * 470296;
+  s6 += s16 * 654183;
+  s7 -= s16 * 997805;
+  s8 += s16 * 136657;
+  s9 -= s16 * 683901;
+  s16 = 0;
+
+  s3 += s15 * 666643;
+  s4 += s15 * 470296;
+  s5 += s15 * 654183;
+  s6 -= s15 * 997805;
+  s7 += s15 * 136657;
+  s8 -= s15 * 683901;
+  s15 = 0;
+
+  s2 += s14 * 666643;
+  s3 += s14 * 470296;
+  s4 += s14 * 654183;
+  s5 -= s14 * 997805;
+  s6 += s14 * 136657;
+  s7 -= s14 * 683901;
+  s14 = 0;
+
+  s1 += s13 * 666643;
+  s2 += s13 * 470296;
+  s3 += s13 * 654183;
+  s4 -= s13 * 997805;
+  s5 += s13 * 136657;
+  s6 -= s13 * 683901;
+  s13 = 0;
+
+  s0 += s12 * 666643;
+  s1 += s12 * 470296;
+  s2 += s12 * 654183;
+  s3 -= s12 * 997805;
+  s4 += s12 * 136657;
+  s5 -= s12 * 683901;
+  s12 = 0;
+
+  carry0 = (s0 + (1 << 20)) >> 21;
+  s1 += carry0;
+  s0 -= carry0 * (1 << 21);
+  carry2 = (s2 + (1 << 20)) >> 21;
+  s3 += carry2;
+  s2 -= carry2 * (1 << 21);
+  carry4 = (s4 + (1 << 20)) >> 21;
+  s5 += carry4;
+  s4 -= carry4 * (1 << 21);
+  carry6 = (s6 + (1 << 20)) >> 21;
+  s7 += carry6;
+  s6 -= carry6 * (1 << 21);
+  carry8 = (s8 + (1 << 20)) >> 21;
+  s9 += carry8;
+  s8 -= carry8 * (1 << 21);
+  carry10 = (s10 + (1 << 20)) >> 21;
+  s11 += carry10;
+  s10 -= carry10 * (1 << 21);
+
+  carry1 = (s1 + (1 << 20)) >> 21;
+  s2 += carry1;
+  s1 -= carry1 * (1 << 21);
+  carry3 = (s3 + (1 << 20)) >> 21;
+  s4 += carry3;
+  s3 -= carry3 * (1 << 21);
+  carry5 = (s5 + (1 << 20)) >> 21;
+  s6 += carry5;
+  s5 -= carry5 * (1 << 21);
+  carry7 = (s7 + (1 << 20)) >> 21;
+  s8 += carry7;
+  s7 -= carry7 * (1 << 21);
+  carry9 = (s9 + (1 << 20)) >> 21;
+  s10 += carry9;
+  s9 -= carry9 * (1 << 21);
+  carry11 = (s11 + (1 << 20)) >> 21;
+  s12 += carry11;
+  s11 -= carry11 * (1 << 21);
+
+  s0 += s12 * 666643;
+  s1 += s12 * 470296;
+  s2 += s12 * 654183;
+  s3 -= s12 * 997805;
+  s4 += s12 * 136657;
+  s5 -= s12 * 683901;
+  s12 = 0;
+
+  carry0 = s0 >> 21;
+  s1 += carry0;
+  s0 -= carry0 * (1 << 21);
+  carry1 = s1 >> 21;
+  s2 += carry1;
+  s1 -= carry1 * (1 << 21);
+  carry2 = s2 >> 21;
+  s3 += carry2;
+  s2 -= carry2 * (1 << 21);
+  carry3 = s3 >> 21;
+  s4 += carry3;
+  s3 -= carry3 * (1 << 21);
+  carry4 = s4 >> 21;
+  s5 += carry4;
+  s4 -= carry4 * (1 << 21);
+  carry5 = s5 >> 21;
+  s6 += carry5;
+  s5 -= carry5 * (1 << 21);
+  carry6 = s6 >> 21;
+  s7 += carry6;
+  s6 -= carry6 * (1 << 21);
+  carry7 = s7 >> 21;
+  s8 += carry7;
+  s7 -= carry7 * (1 << 21);
+  carry8 = s8 >> 21;
+  s9 += carry8;
+  s8 -= carry8 * (1 << 21);
+  carry9 = s9 >> 21;
+  s10 += carry9;
+  s9 -= carry9 * (1 << 21);
+  carry10 = s10 >> 21;
+  s11 += carry10;
+  s10 -= carry10 * (1 << 21);
+  carry11 = s11 >> 21;
+  s12 += carry11;
+  s11 -= carry11 * (1 << 21);
+
+  s0 += s12 * 666643;
+  s1 += s12 * 470296;
+  s2 += s12 * 654183;
+  s3 -= s12 * 997805;
+  s4 += s12 * 136657;
+  s5 -= s12 * 683901;
+  s12 = 0;
+
+  carry0 = s0 >> 21;
+  s1 += carry0;
+  s0 -= carry0 * (1 << 21);
+  carry1 = s1 >> 21;
+  s2 += carry1;
+  s1 -= carry1 * (1 << 21);
+  carry2 = s2 >> 21;
+  s3 += carry2;
+  s2 -= carry2 * (1 << 21);
+  carry3 = s3 >> 21;
+  s4 += carry3;
+  s3 -= carry3 * (1 << 21);
+  carry4 = s4 >> 21;
+  s5 += carry4;
+  s4 -= carry4 * (1 << 21);
+  carry5 = s5 >> 21;
+  s6 += carry5;
+  s5 -= carry5 * (1 << 21);
+  carry6 = s6 >> 21;
+  s7 += carry6;
+  s6 -= carry6 * (1 << 21);
+  carry7 = s7 >> 21;
+  s8 += carry7;
+  s7 -= carry7 * (1 << 21);
+  carry8 = s8 >> 21;
+  s9 += carry8;
+  s8 -= carry8 * (1 << 21);
+  carry9 = s9 >> 21;
+  s10 += carry9;
+  s9 -= carry9 * (1 << 21);
+  carry10 = s10 >> 21;
+  s11 += carry10;
+  s10 -= carry10 * (1 << 21);
+
+  s[0] = (uint8_t)(s0 >> 0);
+  s[1] = (uint8_t)(s0 >> 8);
+  s[2] = (uint8_t)((s0 >> 16) | (s1 << 5));
+  s[3] = (uint8_t)(s1 >> 3);
+  s[4] = (uint8_t)(s1 >> 11);
+  s[5] = (uint8_t)((s1 >> 19) | (s2 << 2));
+  s[6] = (uint8_t)(s2 >> 6);
+  s[7] = (uint8_t)((s2 >> 14) | (s3 << 7));
+  s[8] = (uint8_t)(s3 >> 1);
+  s[9] = (uint8_t)(s3 >> 9);
+  s[10] = (uint8_t)((s3 >> 17) | (s4 << 4));
+  s[11] = (uint8_t)(s4 >> 4);
+  s[12] = (uint8_t)(s4 >> 12);
+  s[13] = (uint8_t)((s4 >> 20) | (s5 << 1));
+  s[14] = (uint8_t)(s5 >> 7);
+  s[15] = (uint8_t)((s5 >> 15) | (s6 << 6));
+  s[16] = (uint8_t)(s6 >> 2);
+  s[17] = (uint8_t)(s6 >> 10);
+  s[18] = (uint8_t)((s6 >> 18) | (s7 << 3));
+  s[19] = (uint8_t)(s7 >> 5);
+  s[20] = (uint8_t)(s7 >> 13);
+  s[21] = (uint8_t)(s8 >> 0);
+  s[22] = (uint8_t)(s8 >> 8);
+  s[23] = (uint8_t)((s8 >> 16) | (s9 << 5));
+  s[24] = (uint8_t)(s9 >> 3);
+  s[25] = (uint8_t)(s9 >> 11);
+  s[26] = (uint8_t)((s9 >> 19) | (s10 << 2));
+  s[27] = (uint8_t)(s10 >> 6);
+  s[28] = (uint8_t)((s10 >> 14) | (s11 << 7));
+  s[29] = (uint8_t)(s11 >> 1);
+  s[30] = (uint8_t)(s11 >> 9);
+  s[31] = (uint8_t)(s11 >> 17);
+}
+
+int ED25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len,
+                 const uint8_t public_key[32], const uint8_t private_key[32]) {
+  uint8_t az[SHA512_DIGEST_LENGTH];
+  uint8_t nonce[SHA512_DIGEST_LENGTH];
+  ge_p3 R;
+  uint8_t hram[SHA512_DIGEST_LENGTH];
+  SHA512_CTX hash_ctx;
+
+  SHA512_Init(&hash_ctx);
+  SHA512_Update(&hash_ctx, private_key, 32);
+  SHA512_Final(az, &hash_ctx);
+
+  az[0] &= 248;
+  az[31] &= 63;
+  az[31] |= 64;
+
+  SHA512_Init(&hash_ctx);
+  SHA512_Update(&hash_ctx, az + 32, 32);
+  SHA512_Update(&hash_ctx, message, message_len);
+  SHA512_Final(nonce, &hash_ctx);
+
+  x25519_sc_reduce(nonce);
+  ge_scalarmult_base(&R, nonce);
+  ge_p3_tobytes(out_sig, &R);
+
+  SHA512_Init(&hash_ctx);
+  SHA512_Update(&hash_ctx, out_sig, 32);
+  SHA512_Update(&hash_ctx, public_key, 32);
+  SHA512_Update(&hash_ctx, message, message_len);
+  SHA512_Final(hram, &hash_ctx);
+
+  x25519_sc_reduce(hram);
+  sc_muladd(out_sig + 32, hram, az, nonce);
+
+  OPENSSL_cleanse(&hash_ctx, sizeof(hash_ctx));
+  OPENSSL_cleanse(nonce, sizeof(nonce));
+  OPENSSL_cleanse(az, sizeof(az));
+
+  return 1;
+}
+
+int ED25519_verify(const uint8_t *message, size_t message_len,
+                   const uint8_t signature[64], const uint8_t public_key[32]) {
+  ge_p3 A;
+  uint8_t rcopy[32];
+  uint8_t scopy[32];
+  SHA512_CTX hash_ctx;
+  ge_p2 R;
+  uint8_t rcheck[32];
+  uint8_t h[SHA512_DIGEST_LENGTH];
+
+  if ((signature[63] & 224) != 0 ||
+      ge_frombytes_vartime(&A, public_key) != 0) {
+    return 0;
+  }
+
+  fe_neg(A.X, A.X);
+  fe_neg(A.T, A.T);
+
+  memcpy(rcopy, signature, 32);
+  memcpy(scopy, signature + 32, 32);
+
+  SHA512_Init(&hash_ctx);
+  SHA512_Update(&hash_ctx, signature, 32);
+  SHA512_Update(&hash_ctx, public_key, 32);
+  SHA512_Update(&hash_ctx, message, message_len);
+  SHA512_Final(h, &hash_ctx);
+
+  x25519_sc_reduce(h);
+
+  ge_double_scalarmult_vartime(&R, h, &A, scopy);
+
+  ge_tobytes(rcheck, &R);
+
+  return CRYPTO_memcmp(rcheck, rcopy, sizeof(rcheck)) == 0;
+}
+
+void ED25519_public_from_private(uint8_t out_public_key[32],
+                                 const uint8_t private_key[32]) {
+  uint8_t az[SHA512_DIGEST_LENGTH];
+  ge_p3 A;
+
+  SHA512(private_key, 32, az);
+
+  az[0] &= 248;
+  az[31] &= 63;
+  az[31] |= 64;
+
+  ge_scalarmult_base(&A, az);
+  ge_p3_tobytes(out_public_key, &A);
+
+  OPENSSL_cleanse(az, sizeof(az));
+}
 
 int X25519(uint8_t out_shared_key[32], const uint8_t private_key[32],
            const uint8_t peer_public_value[32]) {
diff --git a/deps/openssl/openssl/crypto/ec/curve448/arch_32/arch_intrinsics.h b/deps/openssl/openssl/crypto/ec/curve448/arch_32/arch_intrinsics.h
new file mode 100644
index 0000000000..48081c7717
--- /dev/null
+++ b/deps/openssl/openssl/crypto/ec/curve448/arch_32/arch_intrinsics.h
@@ -0,0 +1,27 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016 Cryptography Research, Inc.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Mike Hamburg
+ */
+
+#ifndef HEADER_ARCH_32_ARCH_INTRINSICS_H
+# define HEADER_ARCH_32_ARCH_INTRINSICS_H
+
+#include "internal/constant_time_locl.h"
+
+# define ARCH_WORD_BITS 32
+
+#define word_is_zero(a)     constant_time_is_zero_32(a)
+
+static ossl_inline uint64_t widemul(uint32_t a, uint32_t b)
+{
+    return ((uint64_t)a) * b;
+}
+
+#endif                          /* HEADER_ARCH_32_ARCH_INTRINSICS_H */
diff --git a/deps/openssl/openssl/crypto/ec/curve448/arch_32/f_impl.c b/deps/openssl/openssl/crypto/ec/curve448/arch_32/f_impl.c
new file mode 100644
index 0000000000..8a89d276ed
--- /dev/null
+++ b/deps/openssl/openssl/crypto/ec/curve448/arch_32/f_impl.c
@@ -0,0 +1,95 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2014 Cryptography Research, Inc.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Mike Hamburg
+ */
+
+#include "field.h"
+
+void gf_mul(gf_s * RESTRICT cs, const gf as, const gf bs)
+{
+    const uint32_t *a = as->limb, *b = bs->limb;
+    uint32_t *c = cs->limb;
+    uint64_t accum0 = 0, accum1 = 0, accum2 = 0;
+    uint32_t mask = (1 << 28) - 1;
+    uint32_t aa[8], bb[8];
+    int i, j;
+
+    for (i = 0; i < 8; i++) {
+        aa[i] = a[i] + a[i + 8];
+        bb[i] = b[i] + b[i + 8];
+    }
+
+    for (j = 0; j < 8; j++) {
+        accum2 = 0;
+        for (i = 0; i < j + 1; i++) {
+            accum2 += widemul(a[j - i], b[i]);
+            accum1 += widemul(aa[j - i], bb[i]);
+            accum0 += widemul(a[8 + j - i], b[8 + i]);
+        }
+        accum1 -= accum2;
+        accum0 += accum2;
+        accum2 = 0;
+        for (i = j + 1; i < 8; i++) {
+            accum0 -= widemul(a[8 + j - i], b[i]);
+            accum2 += widemul(aa[8 + j - i], bb[i]);
+            accum1 += widemul(a[16 + j - i], b[8 + i]);
+        }
+        accum1 += accum2;
+        accum0 += accum2;
+        c[j] = ((uint32_t)(accum0)) & mask;
+        c[j + 8] = ((uint32_t)(accum1)) & mask;
+        accum0 >>= 28;
+        accum1 >>= 28;
+    }
+
+    accum0 += accum1;
+    accum0 += c[8];
+    accum1 += c[0];
+    c[8] = ((uint32_t)(accum0)) & mask;
+    c[0] = ((uint32_t)(accum1)) & mask;
+
+    accum0 >>= 28;
+    accum1 >>= 28;
+    c[9] += ((uint32_t)(accum0));
+    c[1] += ((uint32_t)(accum1));
+}
+
+void gf_mulw_unsigned(gf_s * RESTRICT cs, const gf as, uint32_t b)
+{
+    const uint32_t *a = as->limb;
+    uint32_t *c = cs->limb;
+    uint64_t accum0 = 0, accum8 = 0;
+    uint32_t mask = (1 << 28) - 1;
+    int i;
+
+    assert(b <= mask);
+
+    for (i = 0; i < 8; i++) {
+        accum0 += widemul(b, a[i]);
+        accum8 += widemul(b, a[i + 8]);
+        c[i] = accum0 & mask;
+        accum0 >>= 28;
+        c[i + 8] = accum8 & mask;
+        accum8 >>= 28;
+    }
+
+    accum0 += accum8 + c[8];
+    c[8] = ((uint32_t)accum0) & mask;
+    c[9] += (uint32_t)(accum0 >> 28);
+
+    accum8 += c[0];
+    c[0] = ((uint32_t)accum8) & mask;
+    c[1] += (uint32_t)(accum8 >> 28);
+}
+
+void gf_sqr(gf_s * RESTRICT cs, const gf as)
+{
+    gf_mul(cs, as, as);         /* Performs better with a dedicated square */
+}
diff --git a/deps/openssl/openssl/crypto/ec/curve448/arch_32/f_impl.h b/deps/openssl/openssl/crypto/ec/curve448/arch_32/f_impl.h
new file mode 100644
index 0000000000..bbde84a038
--- /dev/null
+++ b/deps/openssl/openssl/crypto/ec/curve448/arch_32/f_impl.h
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2014-2016 Cryptography Research, Inc.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Mike Hamburg
+ */
+
+#ifndef HEADER_ARCH_32_F_IMPL_H
+# define HEADER_ARCH_32_F_IMPL_H
+
+# define GF_HEADROOM 2
+# define LIMB(x) ((x) & ((1 << 28) - 1)), ((x) >> 28)
+# define FIELD_LITERAL(a, b, c, d, e, f, g, h) \
+    {{LIMB(a), LIMB(b), LIMB(c), LIMB(d), LIMB(e), LIMB(f), LIMB(g), LIMB(h)}}
+
+# define LIMB_PLACE_VALUE(i) 28
+
+void gf_add_RAW(gf out, const gf a, const gf b)
+{
+    unsigned int i;
+
+    for (i = 0; i < NLIMBS; i++)
+        out->limb[i] = a->limb[i] + b->limb[i];
+}
+
+void gf_sub_RAW(gf out, const gf a, const gf b)
+{
+    unsigned int i;
+
+    for (i = 0; i < NLIMBS; i++)
+        out->limb[i] = a->limb[i] - b->limb[i];
+}
+
+void gf_bias(gf a, int amt)
+{
+    unsigned int i;
+    uint32_t co1 = ((1 << 28) - 1) * amt, co2 = co1 - amt;
+
+    for (i = 0; i < NLIMBS; i++)
+        a->limb[i] += (i == NLIMBS / 2) ? co2 : co1;
+}
+
+void gf_weak_reduce(gf a)
+{
+    uint32_t mask = (1 << 28) - 1;
+    uint32_t tmp = a->limb[NLIMBS - 1] >> 28;
+    unsigned int i;
+
+    a->limb[NLIMBS / 2] += tmp;
+    for (i = NLIMBS - 1; i > 0; i--)
+        a->limb[i] = (a->limb[i] & mask) + (a->limb[i - 1] >> 28);
+    a->limb[0] = (a->limb[0] & mask) + tmp;
+}
+
+#endif                  /* HEADER_ARCH_32_F_IMPL_H */
diff --git a/deps/openssl/openssl/crypto/ec/curve448/curve448.c b/deps/openssl/openssl/crypto/ec/curve448/curve448.c
new file mode 100644
index 0000000000..7dc68c8853
--- /dev/null
+++ b/deps/openssl/openssl/crypto/ec/curve448/curve448.c
@@ -0,0 +1,727 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2016 Cryptography Research, Inc.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Mike Hamburg
+ */
+#include <openssl/crypto.h>
+#include "word.h"
+#include "field.h"
+
+#include "point_448.h"
+#include "ed448.h"
+#include "curve448_lcl.h"
+
+#define COFACTOR 4
+
+#define C448_WNAF_FIXED_TABLE_BITS 5
+#define C448_WNAF_VAR_TABLE_BITS 3
+
+#define EDWARDS_D       (-39081)
+
+static const curve448_scalar_t precomputed_scalarmul_adjustment = {
+    {
+        {
+            SC_LIMB(0xc873d6d54a7bb0cf), SC_LIMB(0xe933d8d723a70aad),
+            SC_LIMB(0xbb124b65129c96fd), SC_LIMB(0x00000008335dc163)
+        }
+    }
+};
+
+#define TWISTED_D (EDWARDS_D - 1)
+
+#define WBITS C448_WORD_BITS   /* NB this may be different from ARCH_WORD_BITS */
+
+/* Inverse. */
+static void gf_invert(gf y, const gf x, int assert_nonzero)
+{
+    mask_t ret;
+    gf t1, t2;
+
+    gf_sqr(t1, x);              /* o^2 */
+    ret = gf_isr(t2, t1);       /* +-1/sqrt(o^2) = +-1/o */
+    (void)ret;
+    if (assert_nonzero)
+        assert(ret);
+    gf_sqr(t1, t2);
+    gf_mul(t2, t1, x);          /* not direct to y in case of alias. */
+    gf_copy(y, t2);
+}
+
+/** identity = (0,1) */
+const curve448_point_t curve448_point_identity =
+    { {{{{0}}}, {{{1}}}, {{{1}}}, {{{0}}}} };
+
+static void point_double_internal(curve448_point_t p, const curve448_point_t q,
+                                  int before_double)
+{
+    gf a, b, c, d;
+
+    gf_sqr(c, q->x);
+    gf_sqr(a, q->y);
+    gf_add_nr(d, c, a);         /* 2+e */
+    gf_add_nr(p->t, q->y, q->x); /* 2+e */
+    gf_sqr(b, p->t);
+    gf_subx_nr(b, b, d, 3);     /* 4+e */
+    gf_sub_nr(p->t, a, c);      /* 3+e */
+    gf_sqr(p->x, q->z);
+    gf_add_nr(p->z, p->x, p->x); /* 2+e */
+    gf_subx_nr(a, p->z, p->t, 4); /* 6+e */
+    if (GF_HEADROOM == 5)
+        gf_weak_reduce(a);      /* or 1+e */
+    gf_mul(p->x, a, b);
+    gf_mul(p->z, p->t, a);
+    gf_mul(p->y, p->t, d);
+    if (!before_double)
+        gf_mul(p->t, b, d);
+}
+
+void curve448_point_double(curve448_point_t p, const curve448_point_t q)
+{
+    point_double_internal(p, q, 0);
+}
+
+/* Operations on [p]niels */
+static ossl_inline void cond_neg_niels(niels_t n, mask_t neg)
+{
+    gf_cond_swap(n->a, n->b, neg);
+    gf_cond_neg(n->c, neg);
+}
+
+static void pt_to_pniels(pniels_t b, const curve448_point_t a)
+{
+    gf_sub(b->n->a, a->y, a->x);
+    gf_add(b->n->b, a->x, a->y);
+    gf_mulw(b->n->c, a->t, 2 * TWISTED_D);
+    gf_add(b->z, a->z, a->z);
+}
+
+static void pniels_to_pt(curve448_point_t e, const pniels_t d)
+{
+    gf eu;
+
+    gf_add(eu, d->n->b, d->n->a);
+    gf_sub(e->y, d->n->b, d->n->a);
+    gf_mul(e->t, e->y, eu);
+    gf_mul(e->x, d->z, e->y);
+    gf_mul(e->y, d->z, eu);
+    gf_sqr(e->z, d->z);
+}
+
+static void niels_to_pt(curve448_point_t e, const niels_t n)
+{
+    gf_add(e->y, n->b, n->a);
+    gf_sub(e->x, n->b, n->a);
+    gf_mul(e->t, e->y, e->x);
+    gf_copy(e->z, ONE);
+}
+
+static void add_niels_to_pt(curve448_point_t d, const niels_t e,
+                            int before_double)
+{
+    gf a, b, c;
+
+    gf_sub_nr(b, d->y, d->x);   /* 3+e */
+    gf_mul(a, e->a, b);
+    gf_add_nr(b, d->x, d->y);   /* 2+e */
+    gf_mul(d->y, e->b, b);
+    gf_mul(d->x, e->c, d->t);
+    gf_add_nr(c, a, d->y);      /* 2+e */
+    gf_sub_nr(b, d->y, a);      /* 3+e */
+    gf_sub_nr(d->y, d->z, d->x); /* 3+e */
+    gf_add_nr(a, d->x, d->z);   /* 2+e */
+    gf_mul(d->z, a, d->y);
+    gf_mul(d->x, d->y, b);
+    gf_mul(d->y, a, c);
+    if (!before_double)
+        gf_mul(d->t, b, c);
+}
+
+static void sub_niels_from_pt(curve448_point_t d, const niels_t e,
+                              int before_double)
+{
+    gf a, b, c;
+
+    gf_sub_nr(b, d->y, d->x);   /* 3+e */
+    gf_mul(a, e->b, b);
+    gf_add_nr(b, d->x, d->y);   /* 2+e */
+    gf_mul(d->y, e->a, b);
+    gf_mul(d->x, e->c, d->t);
+    gf_add_nr(c, a, d->y);      /* 2+e */
+    gf_sub_nr(b, d->y, a);      /* 3+e */
+    gf_add_nr(d->y, d->z, d->x); /* 2+e */
+    gf_sub_nr(a, d->z, d->x);   /* 3+e */
+    gf_mul(d->z, a, d->y);
+    gf_mul(d->x, d->y, b);
+    gf_mul(d->y, a, c);
+    if (!before_double)
+        gf_mul(d->t, b, c);
+}
+
+static void add_pniels_to_pt(curve448_point_t p, const pniels_t pn,
+                             int before_double)
+{
+    gf L0;
+
+    gf_mul(L0, p->z, pn->z);
+    gf_copy(p->z, L0);
+    add_niels_to_pt(p, pn->n, before_double);
+}
+
+static void sub_pniels_from_pt(curve448_point_t p, const pniels_t pn,
+                               int before_double)
+{
+    gf L0;
+
+    gf_mul(L0, p->z, pn->z);
+    gf_copy(p->z, L0);
+    sub_niels_from_pt(p, pn->n, before_double);
+}
+
+c448_bool_t curve448_point_eq(const curve448_point_t p,
+                              const curve448_point_t q)
+{
+    mask_t succ;
+    gf a, b;
+
+    /* equality mod 2-torsion compares x/y */
+    gf_mul(a, p->y, q->x);
+    gf_mul(b, q->y, p->x);
+    succ = gf_eq(a, b);
+
+    return mask_to_bool(succ);
+}
+
+c448_bool_t curve448_point_valid(const curve448_point_t p)
+{
+    mask_t out;
+    gf a, b, c;
+
+    gf_mul(a, p->x, p->y);
+    gf_mul(b, p->z, p->t);
+    out = gf_eq(a, b);
+    gf_sqr(a, p->x);
+    gf_sqr(b, p->y);
+    gf_sub(a, b, a);
+    gf_sqr(b, p->t);
+    gf_mulw(c, b, TWISTED_D);
+    gf_sqr(b, p->z);
+    gf_add(b, b, c);
+    out &= gf_eq(a, b);
+    out &= ~gf_eq(p->z, ZERO);
+    return mask_to_bool(out);
+}
+
+static ossl_inline void constant_time_lookup_niels(niels_s * RESTRICT ni,
+                                                   const niels_t * table,
+                                                   int nelts, int idx)
+{
+    constant_time_lookup(ni, table, sizeof(niels_s), nelts, idx);
+}
+
+void curve448_precomputed_scalarmul(curve448_point_t out,
+                                    const curve448_precomputed_s * table,
+                                    const curve448_scalar_t scalar)
+{
+    unsigned int i, j, k;
+    const unsigned int n = COMBS_N, t = COMBS_T, s = COMBS_S;
+    niels_t ni;
+    curve448_scalar_t scalar1x;
+
+    curve448_scalar_add(scalar1x, scalar, precomputed_scalarmul_adjustment);
+    curve448_scalar_halve(scalar1x, scalar1x);
+
+    for (i = s; i > 0; i--) {
+        if (i != s)
+            point_double_internal(out, out, 0);
+
+        for (j = 0; j < n; j++) {
+            int tab = 0;
+            mask_t invert;
+
+            for (k = 0; k < t; k++) {
+                unsigned int bit = (i - 1) + s * (k + j * t);
+
+                if (bit < C448_SCALAR_BITS)
+                    tab |=
+                        (scalar1x->limb[bit / WBITS] >> (bit % WBITS) & 1) << k;
+            }
+
+            invert = (tab >> (t - 1)) - 1;
+            tab ^= invert;
+            tab &= (1 << (t - 1)) - 1;
+
+            constant_time_lookup_niels(ni, &table->table[j << (t - 1)],
+                                       1 << (t - 1), tab);
+
+            cond_neg_niels(ni, invert);
+            if ((i != s) || j != 0)
+                add_niels_to_pt(out, ni, j == n - 1 && i != 1);
+            else
+                niels_to_pt(out, ni);
+        }
+    }
+
+    OPENSSL_cleanse(ni, sizeof(ni));
+    OPENSSL_cleanse(scalar1x, sizeof(scalar1x));
+}
+
+void curve448_point_mul_by_ratio_and_encode_like_eddsa(
+                                    uint8_t enc[EDDSA_448_PUBLIC_BYTES],
+                                    const curve448_point_t p)
+{
+    gf x, y, z, t;
+    curve448_point_t q;
+
+    /* The point is now on the twisted curve.  Move it to untwisted. */
+    curve448_point_copy(q, p);
+
+    {
+        /* 4-isogeny: 2xy/(y^+x^2), (y^2-x^2)/(2z^2-y^2+x^2) */
+        gf u;
+
+        gf_sqr(x, q->x);
+        gf_sqr(t, q->y);
+        gf_add(u, x, t);
+        gf_add(z, q->y, q->x);
+        gf_sqr(y, z);
+        gf_sub(y, y, u);
+        gf_sub(z, t, x);
+        gf_sqr(x, q->z);
+        gf_add(t, x, x);
+        gf_sub(t, t, z);
+        gf_mul(x, t, y);
+        gf_mul(y, z, u);
+        gf_mul(z, u, t);
+        OPENSSL_cleanse(u, sizeof(u));
+    }
+
+    /* Affinize */
+    gf_invert(z, z, 1);
+    gf_mul(t, x, z);
+    gf_mul(x, y, z);
+
+    /* Encode */
+    enc[EDDSA_448_PRIVATE_BYTES - 1] = 0;
+    gf_serialize(enc, x, 1);
+    enc[EDDSA_448_PRIVATE_BYTES - 1] |= 0x80 & gf_lobit(t);
+
+    OPENSSL_cleanse(x, sizeof(x));
+    OPENSSL_cleanse(y, sizeof(y));
+    OPENSSL_cleanse(z, sizeof(z));
+    OPENSSL_cleanse(t, sizeof(t));
+    curve448_point_destroy(q);
+}
+
+c448_error_t curve448_point_decode_like_eddsa_and_mul_by_ratio(
+                                curve448_point_t p,
+                                const uint8_t enc[EDDSA_448_PUBLIC_BYTES])
+{
+    uint8_t enc2[EDDSA_448_PUBLIC_BYTES];
+    mask_t low;
+    mask_t succ;
+
+    memcpy(enc2, enc, sizeof(enc2));
+
+    low = ~word_is_zero(enc2[EDDSA_448_PRIVATE_BYTES - 1] & 0x80);
+    enc2[EDDSA_448_PRIVATE_BYTES - 1] &= ~0x80;
+
+    succ = gf_deserialize(p->y, enc2, 1, 0);
+    succ &= word_is_zero(enc2[EDDSA_448_PRIVATE_BYTES - 1]);
+
+    gf_sqr(p->x, p->y);
+    gf_sub(p->z, ONE, p->x);    /* num = 1-y^2 */
+    gf_mulw(p->t, p->x, EDWARDS_D); /* dy^2 */
+    gf_sub(p->t, ONE, p->t);    /* denom = 1-dy^2 or 1-d + dy^2 */
+
+    gf_mul(p->x, p->z, p->t);
+    succ &= gf_isr(p->t, p->x); /* 1/sqrt(num * denom) */
+
+    gf_mul(p->x, p->t, p->z);   /* sqrt(num / denom) */
+    gf_cond_neg(p->x, gf_lobit(p->x) ^ low);
+    gf_copy(p->z, ONE);
+
+    {
+        gf a, b, c, d;
+
+        /* 4-isogeny 2xy/(y^2-ax^2), (y^2+ax^2)/(2-y^2-ax^2) */
+        gf_sqr(c, p->x);
+        gf_sqr(a, p->y);
+        gf_add(d, c, a);
+        gf_add(p->t, p->y, p->x);
+        gf_sqr(b, p->t);
+        gf_sub(b, b, d);
+        gf_sub(p->t, a, c);
+        gf_sqr(p->x, p->z);
+        gf_add(p->z, p->x, p->x);
+        gf_sub(a, p->z, d);
+        gf_mul(p->x, a, b);
+        gf_mul(p->z, p->t, a);
+        gf_mul(p->y, p->t, d);
+        gf_mul(p->t, b, d);
+        OPENSSL_cleanse(a, sizeof(a));
+        OPENSSL_cleanse(b, sizeof(b));
+        OPENSSL_cleanse(c, sizeof(c));
+        OPENSSL_cleanse(d, sizeof(d));
+    }
+
+    OPENSSL_cleanse(enc2, sizeof(enc2));
+    assert(curve448_point_valid(p) || ~succ);
+
+    return c448_succeed_if(mask_to_bool(succ));
+}
+
+c448_error_t x448_int(uint8_t out[X_PUBLIC_BYTES],
+                      const uint8_t base[X_PUBLIC_BYTES],
+                      const uint8_t scalar[X_PRIVATE_BYTES])
+{
+    gf x1, x2, z2, x3, z3, t1, t2;
+    int t;
+    mask_t swap = 0;
+    mask_t nz;
+
+    (void)gf_deserialize(x1, base, 1, 0);
+    gf_copy(x2, ONE);
+    gf_copy(z2, ZERO);
+    gf_copy(x3, x1);
+    gf_copy(z3, ONE);
+
+    for (t = X_PRIVATE_BITS - 1; t >= 0; t--) {
+        uint8_t sb = scalar[t / 8];
+        mask_t k_t;
+
+        /* Scalar conditioning */
+        if (t / 8 == 0)
+            sb &= -(uint8_t)COFACTOR;
+        else if (t == X_PRIVATE_BITS - 1)
+            sb = -1;
+
+        k_t = (sb >> (t % 8)) & 1;
+        k_t = 0 - k_t;             /* set to all 0s or all 1s */
+
+        swap ^= k_t;
+        gf_cond_swap(x2, x3, swap);
+        gf_cond_swap(z2, z3, swap);
+        swap = k_t;
+
+        /*
+         * The "_nr" below skips coefficient reduction. In the following
+         * comments, "2+e" is saying that the coefficients are at most 2+epsilon
+         * times the reduction limit.
+         */
+        gf_add_nr(t1, x2, z2);  /* A = x2 + z2 */ /* 2+e */
+        gf_sub_nr(t2, x2, z2);  /* B = x2 - z2 */ /* 3+e */
+        gf_sub_nr(z2, x3, z3);  /* D = x3 - z3 */ /* 3+e */
+        gf_mul(x2, t1, z2);     /* DA */
+        gf_add_nr(z2, z3, x3);  /* C = x3 + z3 */ /* 2+e */
+        gf_mul(x3, t2, z2);     /* CB */
+        gf_sub_nr(z3, x2, x3);  /* DA-CB */ /* 3+e */
+        gf_sqr(z2, z3);         /* (DA-CB)^2 */
+        gf_mul(z3, x1, z2);     /* z3 = x1(DA-CB)^2 */
+        gf_add_nr(z2, x2, x3);  /* (DA+CB) */ /* 2+e */
+        gf_sqr(x3, z2);         /* x3 = (DA+CB)^2 */
+
+        gf_sqr(z2, t1);         /* AA = A^2 */
+        gf_sqr(t1, t2);         /* BB = B^2 */
+        gf_mul(x2, z2, t1);     /* x2 = AA*BB */
+        gf_sub_nr(t2, z2, t1);  /* E = AA-BB */ /* 3+e */
+
+        gf_mulw(t1, t2, -EDWARDS_D); /* E*-d = a24*E */
+        gf_add_nr(t1, t1, z2);  /* AA + a24*E */ /* 2+e */
+        gf_mul(z2, t2, t1);     /* z2 = E(AA+a24*E) */
+    }
+
+    /* Finish */
+    gf_cond_swap(x2, x3, swap);
+    gf_cond_swap(z2, z3, swap);
+    gf_invert(z2, z2, 0);
+    gf_mul(x1, x2, z2);
+    gf_serialize(out, x1, 1);
+    nz = ~gf_eq(x1, ZERO);
+
+    OPENSSL_cleanse(x1, sizeof(x1));
+    OPENSSL_cleanse(x2, sizeof(x2));
+    OPENSSL_cleanse(z2, sizeof(z2));
+    OPENSSL_cleanse(x3, sizeof(x3));
+    OPENSSL_cleanse(z3, sizeof(z3));
+    OPENSSL_cleanse(t1, sizeof(t1));
+    OPENSSL_cleanse(t2, sizeof(t2));
+
+    return c448_succeed_if(mask_to_bool(nz));
+}
+
+void curve448_point_mul_by_ratio_and_encode_like_x448(uint8_t
+                                                      out[X_PUBLIC_BYTES],
+                                                      const curve448_point_t p)
+{
+    curve448_point_t q;
+
+    curve448_point_copy(q, p);
+    gf_invert(q->t, q->x, 0);   /* 1/x */
+    gf_mul(q->z, q->t, q->y);   /* y/x */
+    gf_sqr(q->y, q->z);         /* (y/x)^2 */
+    gf_serialize(out, q->y, 1);
+    curve448_point_destroy(q);
+}
+
+void x448_derive_public_key(uint8_t out[X_PUBLIC_BYTES],
+                            const uint8_t scalar[X_PRIVATE_BYTES])
+{
+    /* Scalar conditioning */
+    uint8_t scalar2[X_PRIVATE_BYTES];
+    curve448_scalar_t the_scalar;
+    curve448_point_t p;
+    unsigned int i;
+
+    memcpy(scalar2, scalar, sizeof(scalar2));
+    scalar2[0] &= -(uint8_t)COFACTOR;
+
+    scalar2[X_PRIVATE_BYTES - 1] &= ~((0u - 1u) << ((X_PRIVATE_BITS + 7) % 8));
+    scalar2[X_PRIVATE_BYTES - 1] |= 1 << ((X_PRIVATE_BITS + 7) % 8);
+
+    curve448_scalar_decode_long(the_scalar, scalar2, sizeof(scalar2));
+
+    /* Compensate for the encoding ratio */
+    for (i = 1; i < X448_ENCODE_RATIO; i <<= 1)
+        curve448_scalar_halve(the_scalar, the_scalar);
+
+    curve448_precomputed_scalarmul(p, curve448_precomputed_base, the_scalar);
+    curve448_point_mul_by_ratio_and_encode_like_x448(out, p);
+    curve448_point_destroy(p);
+}
+
+/* Control for variable-time scalar multiply algorithms. */
+struct smvt_control {
+    int power, addend;
+};
+
+#if defined(__GNUC__) && (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 3))
+# define NUMTRAILINGZEROS	__builtin_ctz
+#else
+# define NUMTRAILINGZEROS	numtrailingzeros
+static uint32_t numtrailingzeros(uint32_t i)
+{
+    uint32_t tmp;
+    uint32_t num = 31;
+
+    if (i == 0)
+        return 32;
+
+    tmp = i << 16;
+    if (tmp != 0) {
+        i = tmp;
+        num -= 16;
+    }
+    tmp = i << 8;
+    if (tmp != 0) {
+        i = tmp;
+        num -= 8;
+    }
+    tmp = i << 4;
+    if (tmp != 0) {
+        i = tmp;
+        num -= 4;
+    }
+    tmp = i << 2;
+    if (tmp != 0) {
+        i = tmp;
+        num -= 2;
+    }
+    tmp = i << 1;
+    if (tmp != 0)
+        num--;
+
+    return num;
+}
+#endif
+
+static int recode_wnaf(struct smvt_control *control,
+                       /* [nbits/(table_bits + 1) + 3] */
+                       const curve448_scalar_t scalar,
+                       unsigned int table_bits)
+{
+    unsigned int table_size = C448_SCALAR_BITS / (table_bits + 1) + 3;
+    int position = table_size - 1; /* at the end */
+    uint64_t current = scalar->limb[0] & 0xFFFF;
+    uint32_t mask = (1 << (table_bits + 1)) - 1;
+    unsigned int w;
+    const unsigned int B_OVER_16 = sizeof(scalar->limb[0]) / 2;
+    unsigned int n, i;
+
+    /* place the end marker */
+    control[position].power = -1;
+    control[position].addend = 0;
+    position--;
+
+    /*
+     * PERF: Could negate scalar if it's large.  But then would need more cases
+     * in the actual code that uses it, all for an expected reduction of like
+     * 1/5 op. Probably not worth it.
+     */
+
+    for (w = 1; w < (C448_SCALAR_BITS - 1) / 16 + 3; w++) {
+        if (w < (C448_SCALAR_BITS - 1) / 16 + 1) {
+            /* Refill the 16 high bits of current */
+            current += (uint32_t)((scalar->limb[w / B_OVER_16]
+                       >> (16 * (w % B_OVER_16))) << 16);
+        }
+
+        while (current & 0xFFFF) {
+            uint32_t pos = NUMTRAILINGZEROS((uint32_t)current);
+            uint32_t odd = (uint32_t)current >> pos;
+            int32_t delta = odd & mask;
+
+            assert(position >= 0);
+            if (odd & (1 << (table_bits + 1)))
+                delta -= (1 << (table_bits + 1));
+            current -= delta * (1 << pos);
+            control[position].power = pos + 16 * (w - 1);
+            control[position].addend = delta;
+            position--;
+        }
+        current >>= 16;
+    }
+    assert(current == 0);
+
+    position++;
+    n = table_size - position;
+    for (i = 0; i < n; i++)
+        control[i] = control[i + position];
+
+    return n - 1;
+}
+
+static void prepare_wnaf_table(pniels_t * output,
+                               const curve448_point_t working,
+                               unsigned int tbits)
+{
+    curve448_point_t tmp;
+    int i;
+    pniels_t twop;
+
+    pt_to_pniels(output[0], working);
+
+    if (tbits == 0)
+        return;
+
+    curve448_point_double(tmp, working);
+    pt_to_pniels(twop, tmp);
+
+    add_pniels_to_pt(tmp, output[0], 0);
+    pt_to_pniels(output[1], tmp);
+
+    for (i = 2; i < 1 << tbits; i++) {
+        add_pniels_to_pt(tmp, twop, 0);
+        pt_to_pniels(output[i], tmp);
+    }
+
+    curve448_point_destroy(tmp);
+    OPENSSL_cleanse(twop, sizeof(twop));
+}
+
+void curve448_base_double_scalarmul_non_secret(curve448_point_t combo,
+                                               const curve448_scalar_t scalar1,
+                                               const curve448_point_t base2,
+                                               const curve448_scalar_t scalar2)
+{
+    const int table_bits_var = C448_WNAF_VAR_TABLE_BITS;
+    const int table_bits_pre = C448_WNAF_FIXED_TABLE_BITS;
+    struct smvt_control control_var[C448_SCALAR_BITS /
+                                    (C448_WNAF_VAR_TABLE_BITS + 1) + 3];
+    struct smvt_control control_pre[C448_SCALAR_BITS /
+                                    (C448_WNAF_FIXED_TABLE_BITS + 1) + 3];
+    int ncb_pre = recode_wnaf(control_pre, scalar1, table_bits_pre);
+    int ncb_var = recode_wnaf(control_var, scalar2, table_bits_var);
+    pniels_t precmp_var[1 << C448_WNAF_VAR_TABLE_BITS];
+    int contp = 0, contv = 0, i;
+
+    prepare_wnaf_table(precmp_var, base2, table_bits_var);
+    i = control_var[0].power;
+
+    if (i < 0) {
+        curve448_point_copy(combo, curve448_point_identity);
+        return;
+    }
+    if (i > control_pre[0].power) {
+        pniels_to_pt(combo, precmp_var[control_var[0].addend >> 1]);
+        contv++;
+    } else if (i == control_pre[0].power && i >= 0) {
+        pniels_to_pt(combo, precmp_var[control_var[0].addend >> 1]);
+        add_niels_to_pt(combo, curve448_wnaf_base[control_pre[0].addend >> 1],
+                        i);
+        contv++;
+        contp++;
+    } else {
+        i = control_pre[0].power;
+        niels_to_pt(combo, curve448_wnaf_base[control_pre[0].addend >> 1]);
+        contp++;
+    }
+
+    for (i--; i >= 0; i--) {
+        int cv = (i == control_var[contv].power);
+        int cp = (i == control_pre[contp].power);
+
+        point_double_internal(combo, combo, i && !(cv || cp));
+
+        if (cv) {
+            assert(control_var[contv].addend);
+
+            if (control_var[contv].addend > 0)
+                add_pniels_to_pt(combo,
+                                 precmp_var[control_var[contv].addend >> 1],
+                                 i && !cp);
+            else
+                sub_pniels_from_pt(combo,
+                                   precmp_var[(-control_var[contv].addend)
+                                              >> 1], i && !cp);
+            contv++;
+        }
+
+        if (cp) {
+            assert(control_pre[contp].addend);
+
+            if (control_pre[contp].addend > 0)
+                add_niels_to_pt(combo,
+                                curve448_wnaf_base[control_pre[contp].addend
+                                                   >> 1], i);
+            else
+                sub_niels_from_pt(combo,
+                                  curve448_wnaf_base[(-control_pre
+                                                      [contp].addend) >> 1], i);
+            contp++;
+        }
+    }
+
+    /* This function is non-secret, but whatever this is cheap. */
+    OPENSSL_cleanse(control_var, sizeof(control_var));
+    OPENSSL_cleanse(control_pre, sizeof(control_pre));
+    OPENSSL_cleanse(precmp_var, sizeof(precmp_var));
+
+    assert(contv == ncb_var);
+    (void)ncb_var;
+    assert(contp == ncb_pre);
+    (void)ncb_pre;
+}
+
+void curve448_point_destroy(curve448_point_t point)
+{
+    OPENSSL_cleanse(point, sizeof(curve448_point_t));
+}
+
+int X448(uint8_t out_shared_key[56], const uint8_t private_key[56],
+         const uint8_t peer_public_value[56])
+{
+    return x448_int(out_shared_key, peer_public_value, private_key)
+           == C448_SUCCESS;
+}
+
+void X448_public_from_private(uint8_t out_public_value[56],
+                              const uint8_t private_key[56])
+{
+    x448_derive_public_key(out_public_value, private_key);
+}
diff --git a/deps/openssl/openssl/crypto/ec/curve448/curve448_lcl.h b/deps/openssl/openssl/crypto/ec/curve448/curve448_lcl.h
new file mode 100644
index 0000000000..2bc3bd84c8
--- /dev/null
+++ b/deps/openssl/openssl/crypto/ec/curve448/curve448_lcl.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+#ifndef HEADER_CURVE448_LCL_H
+# define HEADER_CURVE448_LCL_H
+# include "curve448utils.h"
+
+int X448(uint8_t out_shared_key[56], const uint8_t private_key[56],
+         const uint8_t peer_public_value[56]);
+
+void X448_public_from_private(uint8_t out_public_value[56],
+                              const uint8_t private_key[56]);
+
+int ED448_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len,
+               const uint8_t public_key[57], const uint8_t private_key[57],
+               const uint8_t *context, size_t context_len);
+
+int ED448_verify(const uint8_t *message, size_t message_len,
+                 const uint8_t signature[114], const uint8_t public_key[57],
+                 const uint8_t *context, size_t context_len);
+
+int ED448ph_sign(uint8_t *out_sig, const uint8_t hash[64],
+                 const uint8_t public_key[57], const uint8_t private_key[57],
+                 const uint8_t *context, size_t context_len);
+
+int ED448ph_verify(const uint8_t hash[64], const uint8_t signature[114],
+                   const uint8_t public_key[57], const uint8_t *context,
+                   size_t context_len);
+
+int ED448_public_from_private(uint8_t out_public_key[57],
+                              const uint8_t private_key[57]);
+
+#endif              /* HEADER_CURVE448_LCL_H */
diff --git a/deps/openssl/openssl/crypto/ec/curve448/curve448_tables.c b/deps/openssl/openssl/crypto/ec/curve448/curve448_tables.c
new file mode 100644
index 0000000000..a1185b1eee
--- /dev/null
+++ b/deps/openssl/openssl/crypto/ec/curve448/curve448_tables.c
@@ -0,0 +1,475 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2016 Cryptography Research, Inc.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Mike Hamburg
+ */
+#include "field.h"
+
+#include "point_448.h"
+
+static const curve448_precomputed_s curve448_precomputed_base_table = {
+    {
+        {{
+            {FIELD_LITERAL(0x00cc3b062366f4cc,0x003d6e34e314aa3c,0x00d51c0a7521774d,0x0094e060eec6ab8b,0x00d21291b4d80082,0x00befed12b55ef1e,0x00c3dd2df5c94518,0x00e0a7b112b8d4e6)},
+            {FIELD_LITERAL(0x0019eb5608d8723a,0x00d1bab52fb3aedb,0x00270a7311ebc90c,0x0037c12b91be7f13,0x005be16cd8b5c704,0x003e181acda888e1,0x00bc1f00fc3fc6d0,0x00d3839bfa319e20)},
+            {FIELD_LITERAL(0x003caeb88611909f,0x00ea8b378c4df3d4,0x00b3295b95a5a19a,0x00a65f97514bdfb5,0x00b39efba743cab1,0x0016ba98b862fd2d,0x0001508812ee71d7,0x000a75740eea114a)},
+        }}, {{
+            {FIELD_LITERAL(0x00ebcf0eb649f823,0x00166d332e98ea03,0x0059ddf64f5cd5f6,0x0047763123d9471b,0x00a64065c53ef62f,0x00978e44c480153d,0x000b5b2a0265f194,0x0046a24b9f32965a)},
+            {FIELD_LITERAL(0x00b9eef787034df0,0x0020bc24de3390cd,0x000022160bae99bb,0x00ae66e886e97946,0x0048d4bbe02cbb8b,0x0072ba97b34e38d4,0x00eae7ec8f03e85a,0x005ba92ecf808b2c)},
+            {FIELD_LITERAL(0x00c9cfbbe74258fd,0x00843a979ea9eaa7,0x000cbb4371cfbe90,0x0059bac8f7f0a628,0x004b3dff882ff530,0x0011869df4d90733,0x00595aa71f4abfc2,0x0070e2d38990c2e6)},
+        }}, {{
+            {FIELD_LITERAL(0x00de2010c0a01733,0x00c739a612e24297,0x00a7212643141d7c,0x00f88444f6b67c11,0x00484b7b16ec28f2,0x009c1b8856af9c68,0x00ff4669591fe9d6,0x0054974be08a32c8)},
+            {FIELD_LITERAL(0x0010de3fd682ceed,0x008c07642d83ca4e,0x0013bb064e00a1cc,0x009411ae27870e11,0x00ea8e5b4d531223,0x0032fe7d2aaece2e,0x00d989e243e7bb41,0x000fe79a508e9b8b)},
+            {FIELD_LITERAL(0x005e0426b9bfc5b1,0x0041a5b1d29ee4fa,0x0015b0def7774391,0x00bc164f1f51af01,0x00d543b0942797b9,0x003c129b6398099c,0x002b114c6e5adf18,0x00b4e630e4018a7b)},
+        }}, {{
+            {FIELD_LITERAL(0x00d490afc95f8420,0x00b096bf50c1d9b9,0x00799fd707679866,0x007c74d9334afbea,0x00efaa8be80ff4ed,0x0075c4943bb81694,0x00c21c2fca161f36,0x00e77035d492bfee)},
+            {FIELD_LITERAL(0x006658a190dd6661,0x00e0e9bab38609a6,0x0028895c802237ed,0x006a0229c494f587,0x002dcde96c9916b7,0x00d158822de16218,0x00173b917a06856f,0x00ca78a79ae07326)},
+            {FIELD_LITERAL(0x00e35bfc79caced4,0x0087238a3e1fe3bb,0x00bcbf0ff4ceff5b,0x00a19c1c94099b91,0x0071e102b49db976,0x0059e3d004eada1e,0x008da78afa58a47e,0x00579c8ebf269187)},
+        }}, {{
+            {FIELD_LITERAL(0x00a16c2905eee75f,0x009d4bcaea2c7e1d,0x00d3bd79bfad19df,0x0050da745193342c,0x006abdb8f6b29ab1,0x00a24fe0a4fef7ef,0x0063730da1057dfb,0x00a08c312c8eb108)},
+            {FIELD_LITERAL(0x00b583be005375be,0x00a40c8f8a4e3df4,0x003fac4a8f5bdbf7,0x00d4481d872cd718,0x004dc8749cdbaefe,0x00cce740d5e5c975,0x000b1c1f4241fd21,0x00a76de1b4e1cd07)},
+            {FIELD_LITERAL(0x007a076500d30b62,0x000a6e117b7f090f,0x00c8712ae7eebd9a,0x000fbd6c1d5f6ff7,0x003a7977246ebf11,0x00166ed969c6600e,0x00aa42e469c98bec,0x00dc58f307cf0666)},
+        }}, {{
+            {FIELD_LITERAL(0x004b491f65a9a28b,0x006a10309e8a55b7,0x00b67210185187ef,0x00cf6497b12d9b8f,0x0085778c56e2b1ba,0x0015b4c07a814d85,0x00686479e62da561,0x008de5d88f114916)},
+            {FIELD_LITERAL(0x00e37c88d6bba7b1,0x003e4577e1b8d433,0x0050d8ea5f510ec0,0x0042fc9f2da9ef59,0x003bd074c1141420,0x00561b8b7b68774e,0x00232e5e5d1013a3,0x006b7f2cb3d7e73f)},
+            {FIELD_LITERAL(0x004bdd0f0b41e6a0,0x001773057c405d24,0x006029f99915bd97,0x006a5ba70a17fe2f,0x0046111977df7e08,0x004d8124c89fb6b7,0x00580983b2bb2724,0x00207bf330d6f3fe)},
+        }}, {{
+            {FIELD_LITERAL(0x007efdc93972a48b,0x002f5e50e78d5fee,0x0080dc11d61c7fe5,0x0065aa598707245b,0x009abba2300641be,0x000c68787656543a,0x00ffe0fef2dc0a17,0x00007ffbd6cb4f3a)},
+            {FIELD_LITERAL(0x0036012f2b836efc,0x00458c126d6b5fbc,0x00a34436d719ad1e,0x0097be6167117dea,0x0009c219c879cff3,0x0065564493e60755,0x00993ac94a8cdec0,0x002d4885a4d0dbaf)},
+            {FIELD_LITERAL(0x00598b60b4c068ba,0x00c547a0be7f1afd,0x009582164acf12af,0x00af4acac4fbbe40,0x005f6ca7c539121a,0x003b6e752ebf9d66,0x00f08a30d5cac5d4,0x00e399bb5f97c5a9)},
+        }}, {{
+            {FIELD_LITERAL(0x007445a0409c0a66,0x00a65c369f3829c0,0x0031d248a4f74826,0x006817f34defbe8e,0x00649741d95ebf2e,0x00d46466ab16b397,0x00fdc35703bee414,0x00343b43334525f8)},
+            {FIELD_LITERAL(0x001796bea93f6401,0x00090c5a42e85269,0x00672412ba1252ed,0x001201d47b6de7de,0x006877bccfe66497,0x00b554fd97a4c161,0x009753f42dbac3cf,0x00e983e3e378270a)},
+            {FIELD_LITERAL(0x00ac3eff18849872,0x00f0eea3bff05690,0x00a6d72c21dd505d,0x001b832642424169,0x00a6813017b540e5,0x00a744bd71b385cd,0x0022a7d089130a7b,0x004edeec9a133486)},
+        }}, {{
+            {FIELD_LITERAL(0x00b2d6729196e8a9,0x0088a9bb2031cef4,0x00579e7787dc1567,0x0030f49feb059190,0x00a0b1d69c7f7d8f,0x0040bdcc6d9d806f,0x00d76c4037edd095,0x00bbf24376415dd7)},
+            {FIELD_LITERAL(0x00240465ff5a7197,0x00bb97e76caf27d0,0x004b4edbf8116d39,0x001d8586f708cbaa,0x000f8ee8ff8e4a50,0x00dde5a1945dd622,0x00e6fc1c0957e07c,0x0041c9cdabfd88a0)},
+            {FIELD_LITERAL(0x005344b0bf5b548c,0x002957d0b705cc99,0x00f586a70390553d,0x0075b3229f583cc3,0x00a1aa78227490e4,0x001bf09cf7957717,0x00cf6bf344325f52,0x0065bd1c23ca3ecf)},
+        }}, {{
+            {FIELD_LITERAL(0x009bff3b3239363c,0x00e17368796ef7c0,0x00528b0fe0971f3a,0x0008014fc8d4a095,0x00d09f2e8a521ec4,0x006713ab5dde5987,0x0003015758e0dbb1,0x00215999f1ba212d)},
+            {FIELD_LITERAL(0x002c88e93527da0e,0x0077c78f3456aad5,0x0071087a0a389d1c,0x00934dac1fb96dbd,0x008470e801162697,0x005bc2196cd4ad49,0x00e535601d5087c3,0x00769888700f497f)},
+            {FIELD_LITERAL(0x00da7a4b557298ad,0x0019d2589ea5df76,0x00ef3e38be0c6497,0x00a9644e1312609a,0x004592f61b2558da,0x0082c1df510d7e46,0x0042809a535c0023,0x00215bcb5afd7757)},
+        }}, {{
+            {FIELD_LITERAL(0x002b9df55a1a4213,0x00dcfc3b464a26be,0x00c4f9e07a8144d5,0x00c8e0617a92b602,0x008e3c93accafae0,0x00bf1bcb95b2ca60,0x004ce2426a613bf3,0x00266cac58e40921)},
+            {FIELD_LITERAL(0x008456d5db76e8f0,0x0032ca9cab2ce163,0x0059f2b8bf91abcf,0x0063c2a021712788,0x00f86155af22f72d,0x00db98b2a6c005a0,0x00ac6e416a693ac4,0x007a93572af53226)},
+            {FIELD_LITERAL(0x0087767520f0de22,0x0091f64012279fb5,0x001050f1f0644999,0x004f097a2477ad3c,0x006b37913a9947bd,0x001a3d78645af241,0x0057832bbb3008a7,0x002c1d902b80dc20)},
+        }}, {{
+            {FIELD_LITERAL(0x001a6002bf178877,0x009bce168aa5af50,0x005fc318ff04a7f5,0x0052818f55c36461,0x008768f5d4b24afb,0x0037ffbae7b69c85,0x0018195a4b61edc0,0x001e12ea088434b2)},
+            {FIELD_LITERAL(0x0047d3f804e7ab07,0x00a809ab5f905260,0x00b3ffc7cdaf306d,0x00746e8ec2d6e509,0x00d0dade8887a645,0x00acceeebde0dd37,0x009bc2579054686b,0x0023804f97f1c2bf)},
+            {FIELD_LITERAL(0x0043e2e2e50b80d7,0x00143aafe4427e0f,0x005594aaecab855b,0x008b12ccaaecbc01,0x002deeb091082bc3,0x009cca4be2ae7514,0x00142b96e696d047,0x00ad2a2b1c05256a)},
+        }}, {{
+            {FIELD_LITERAL(0x003914f2f144b78b,0x007a95dd8bee6f68,0x00c7f4384d61c8e6,0x004e51eb60f1bdb2,0x00f64be7aa4621d8,0x006797bfec2f0ac0,0x007d17aab3c75900,0x001893e73cac8bc5)},
+            {FIELD_LITERAL(0x00140360b768665b,0x00b68aca4967f977,0x0001089b66195ae4,0x00fe71122185e725,0x000bca2618d49637,0x00a54f0557d7e98a,0x00cdcd2f91d6f417,0x00ab8c13741fd793)},
+            {FIELD_LITERAL(0x00725ee6b1e549e0,0x007124a0769777fa,0x000b68fdad07ae42,0x0085b909cd4952df,0x0092d2e3c81606f4,0x009f22f6cac099a0,0x00f59da57f2799a8,0x00f06c090122f777)},
+        }}, {{
+            {FIELD_LITERAL(0x00ce0bed0a3532bc,0x001a5048a22df16b,0x00e31db4cbad8bf1,0x00e89292120cf00e,0x007d1dd1a9b00034,0x00e2a9041ff8f680,0x006a4c837ae596e7,0x00713af1068070b3)},
+            {FIELD_LITERAL(0x00c4fe64ce66d04b,0x00b095d52e09b3d7,0x00758bbecb1a3a8e,0x00f35cce8d0650c0,0x002b878aa5984473,0x0062e0a3b7544ddc,0x00b25b290ed116fe,0x007b0f6abe0bebf2)},
+            {FIELD_LITERAL(0x0081d4e3addae0a8,0x003410c836c7ffcc,0x00c8129ad89e4314,0x000e3d5a23922dcd,0x00d91e46f29c31f3,0x006c728cde8c5947,0x002bc655ba2566c0,0x002ca94721533108)},
+        }}, {{
+            {FIELD_LITERAL(0x0051e4b3f764d8a9,0x0019792d46e904a0,0x00853bc13dbc8227,0x000840208179f12d,0x0068243474879235,0x0013856fbfe374d0,0x00bda12fe8676424,0x00bbb43635926eb2)},
+            {FIELD_LITERAL(0x0012cdc880a93982,0x003c495b21cd1b58,0x00b7e5c93f22a26e,0x0044aa82dfb99458,0x009ba092cdffe9c0,0x00a14b3ab2083b73,0x000271c2f70e1c4b,0x00eea9cac0f66eb8)},
+            {FIELD_LITERAL(0x001a1847c4ac5480,0x00b1b412935bb03a,0x00f74285983bf2b2,0x00624138b5b5d0f1,0x008820c0b03d38bf,0x00b94e50a18c1572,0x0060f6934841798f,0x00c52f5d66d6ebe2)},
+        }}, {{
+            {FIELD_LITERAL(0x00da23d59f9bcea6,0x00e0f27007a06a4b,0x00128b5b43a6758c,0x000cf50190fa8b56,0x00fc877aba2b2d72,0x00623bef52edf53f,0x00e6af6b819669e2,0x00e314dc34fcaa4f)},
+            {FIELD_LITERAL(0x0066e5eddd164d1e,0x00418a7c6fe28238,0x0002e2f37e962c25,0x00f01f56b5975306,0x0048842fa503875c,0x0057b0e968078143,0x00ff683024f3d134,0x0082ae28fcad12e4)},
+            {FIELD_LITERAL(0x0011ddfd21260e42,0x00d05b0319a76892,0x00183ea4368e9b8f,0x00b0815662affc96,0x00b466a5e7ce7c88,0x00db93b07506e6ee,0x0033885f82f62401,0x0086f9090ec9b419)},
+        }}, {{
+            {FIELD_LITERAL(0x00d95d1c5fcb435a,0x0016d1ed6b5086f9,0x00792aa0b7e54d71,0x0067b65715f1925d,0x00a219755ec6176b,0x00bc3f026b12c28f,0x00700c897ffeb93e,0x0089b83f6ec50b46)},
+            {FIELD_LITERAL(0x003c97e6384da36e,0x00423d53eac81a09,0x00b70d68f3cdce35,0x00ee7959b354b92c,0x00f4e9718819c8ca,0x009349f12acbffe9,0x005aee7b62cb7da6,0x00d97764154ffc86)},
+            {FIELD_LITERAL(0x00526324babb46dc,0x002ee99b38d7bf9e,0x007ea51794706ef4,0x00abeb04da6e3c39,0x006b457c1d281060,0x00fe243e9a66c793,0x00378de0fb6c6ee4,0x003e4194b9c3cb93)},
+        }}, {{
+            {FIELD_LITERAL(0x00fed3cd80ca2292,0x0015b043a73ca613,0x000a9fd7bf9be227,0x003b5e03de2db983,0x005af72d46904ef7,0x00c0f1b5c49faa99,0x00dc86fc3bd305e1,0x00c92f08c1cb1797)},
+            {FIELD_LITERAL(0x0079680ce111ed3b,0x001a1ed82806122c,0x000c2e7466d15df3,0x002c407f6f7150fd,0x00c5e7c96b1b0ce3,0x009aa44626863ff9,0x00887b8b5b80be42,0x00b6023cec964825)},
+            {FIELD_LITERAL(0x00e4a8e1048970c8,0x0062887b7830a302,0x00bcf1c8cd81402b,0x0056dbb81a68f5be,0x0014eced83f12452,0x00139e1a510150df,0x00bb81140a82d1a3,0x000febcc1aaf1aa7)},
+        }}, {{
+            {FIELD_LITERAL(0x00a7527958238159,0x0013ec9537a84cd6,0x001d7fee7d562525,0x00b9eefa6191d5e5,0x00dbc97db70bcb8a,0x00481affc7a4d395,0x006f73d3e70c31bb,0x00183f324ed96a61)},
+            {FIELD_LITERAL(0x0039dd7ce7fc6860,0x00d64f6425653da1,0x003e037c7f57d0af,0x0063477a06e2bcf2,0x001727dbb7ac67e6,0x0049589f5efafe2e,0x00fc0fef2e813d54,0x008baa5d087fb50d)},
+            {FIELD_LITERAL(0x0024fb59d9b457c7,0x00a7d4e060223e4c,0x00c118d1b555fd80,0x0082e216c732f22a,0x00cd2a2993089504,0x003638e836a3e13d,0x000d855ee89b4729,0x008ec5b7d4810c91)},
+        }}, {{
+            {FIELD_LITERAL(0x001bf51f7d65cdfd,0x00d14cdafa16a97d,0x002c38e60fcd10e7,0x00a27446e393efbd,0x000b5d8946a71fdd,0x0063df2cde128f2f,0x006c8679569b1888,0x0059ffc4925d732d)},
+            {FIELD_LITERAL(0x00ece96f95f2b66f,0x00ece7952813a27b,0x0026fc36592e489e,0x007157d1a2de0f66,0x00759dc111d86ddf,0x0012881e5780bb0f,0x00c8ccc83ad29496,0x0012b9bd1929eb71)},
+            {FIELD_LITERAL(0x000fa15a20da5df0,0x00349ddb1a46cd31,0x002c512ad1d8e726,0x00047611f669318d,0x009e68fba591e17e,0x004320dffa803906,0x00a640874951a3d3,0x00b6353478baa24f)},
+        }}, {{
+            {FIELD_LITERAL(0x009696510000d333,0x00ec2f788bc04826,0x000e4d02b1f67ba5,0x00659aa8dace08b6,0x00d7a38a3a3ae533,0x008856defa8c746b,0x004d7a4402d3da1a,0x00ea82e06229260f)},
+            {FIELD_LITERAL(0x006a15bb20f75c0c,0x0079a144027a5d0c,0x00d19116ce0b4d70,0x0059b83bcb0b268e,0x005f58f63f16c127,0x0079958318ee2c37,0x00defbb063d07f82,0x00f1f0b931d2d446)},
+            {FIELD_LITERAL(0x00cb5e4c3c35d422,0x008df885ca43577f,0x00fa50b16ca3e471,0x005a0e58e17488c8,0x00b2ceccd6d34d19,0x00f01d5d235e36e9,0x00db2e7e4be6ca44,0x00260ab77f35fccd)},
+        }}, {{
+            {FIELD_LITERAL(0x006f6fd9baac61d5,0x002a7710a020a895,0x009de0db7fc03d4d,0x00cdedcb1875f40b,0x00050caf9b6b1e22,0x005e3a6654456ab0,0x00775fdf8c4423d4,0x0028701ea5738b5d)},
+            {FIELD_LITERAL(0x009ffd90abfeae96,0x00cba3c2b624a516,0x005ef08bcee46c91,0x00e6fde30afb6185,0x00f0b4db4f818ce4,0x006c54f45d2127f5,0x00040125035854c7,0x00372658a3287e13)},
+            {FIELD_LITERAL(0x00d7070fb1beb2ab,0x0078fc845a93896b,0x006894a4b2f224a6,0x005bdd8192b9dbde,0x00b38839874b3a9e,0x00f93618b04b7a57,0x003e3ec75fd2c67e,0x00bf5e6bfc29494a)},
+        }}, {{
+            {FIELD_LITERAL(0x00f19224ebba2aa5,0x0074f89d358e694d,0x00eea486597135ad,0x0081579a4555c7e1,0x0010b9b872930a9d,0x00f002e87a30ecc0,0x009b9d66b6de56e2,0x00a3c4f45e8004eb)},
+            {FIELD_LITERAL(0x0045e8dda9400888,0x002ff12e5fc05db7,0x00a7098d54afe69c,0x00cdbe846a500585,0x00879c1593ca1882,0x003f7a7fea76c8b0,0x002cd73dd0c8e0a1,0x00645d6ce96f51fe)},
+            {FIELD_LITERAL(0x002b7e83e123d6d6,0x00398346f7419c80,0x0042922e55940163,0x005e7fc5601886a3,0x00e88f2cee1d3103,0x00e7fab135f2e377,0x00b059984dbf0ded,0x0009ce080faa5bb8)},
+        }}, {{
+            {FIELD_LITERAL(0x0085e78af7758979,0x00275a4ee1631a3a,0x00d26bc0ed78b683,0x004f8355ea21064f,0x00d618e1a32696e5,0x008d8d7b150e5680,0x00a74cd854b278d2,0x001dd62702203ea0)},
+            {FIELD_LITERAL(0x00f89335c2a59286,0x00a0f5c905d55141,0x00b41fb836ee9382,0x00e235d51730ca43,0x00a5cb37b5c0a69a,0x009b966ffe136c45,0x00cb2ea10bf80ed1,0x00fb2b370b40dc35)},
+            {FIELD_LITERAL(0x00d687d16d4ee8ba,0x0071520bdd069dff,0x00de85c60d32355d,0x0087d2e3565102f4,0x00cde391b8dfc9aa,0x00e18d69efdfefe5,0x004a9d0591954e91,0x00fa36dd8b50eee5)},
+        }}, {{
+            {FIELD_LITERAL(0x002e788749a865f7,0x006e4dc3116861ea,0x009f1428c37276e6,0x00e7d2e0fc1e1226,0x003aeebc6b6c45f6,0x0071a8073bf500c9,0x004b22ad986b530c,0x00f439e63c0d79d4)},
+            {FIELD_LITERAL(0x006bc3d53011f470,0x00032d6e692b83e8,0x00059722f497cd0b,0x0009b4e6f0c497cc,0x0058a804b7cce6c0,0x002b71d3302bbd5d,0x00e2f82a36765fce,0x008dded99524c703)},
+            {FIELD_LITERAL(0x004d058953747d64,0x00701940fe79aa6f,0x00a620ac71c760bf,0x009532b611158b75,0x00547ed7f466f300,0x003cb5ab53a8401a,0x00c7763168ce3120,0x007e48e33e4b9ab2)},
+        }}, {{
+            {FIELD_LITERAL(0x001b2fc57bf3c738,0x006a3f918993fb80,0x0026f7a14fdec288,0x0075a2cdccef08db,0x00d3ecbc9eecdbf1,0x0048c40f06e5bf7f,0x00d63e423009896b,0x000598bc99c056a8)},
+            {FIELD_LITERAL(0x002f194eaafa46dc,0x008e38f57fe87613,0x00dc8e5ae25f4ab2,0x000a17809575e6bd,0x00d3ec7923ba366a,0x003a7e72e0ad75e3,0x0010024b88436e0a,0x00ed3c5444b64051)},
+            {FIELD_LITERAL(0x00831fc1340af342,0x00c9645669466d35,0x007692b4cc5a080f,0x009fd4a47ac9259f,0x001eeddf7d45928b,0x003c0446fc45f28b,0x002c0713aa3e2507,0x0095706935f0f41e)},
+        }}, {{
+            {FIELD_LITERAL(0x00766ae4190ec6d8,0x0065768cabc71380,0x00b902598416cdc2,0x00380021ad38df52,0x008f0b89d6551134,0x004254d4cc62c5a5,0x000d79f4484b9b94,0x00b516732ae3c50e)},
+            {FIELD_LITERAL(0x001fb73475c45509,0x00d2b2e5ea43345a,0x00cb3c3842077bd1,0x0029f90ad820946e,0x007c11b2380778aa,0x009e54ece62c1704,0x004bc60c41ca01c3,0x004525679a5a0b03)},
+            {FIELD_LITERAL(0x00c64fbddbed87b3,0x0040601d11731faa,0x009c22475b6f9d67,0x0024b79dae875f15,0x00616fed3f02c3b0,0x0000cf39f6af2d3b,0x00c46bac0aa9a688,0x00ab23e2800da204)},
+        }}, {{
+            {FIELD_LITERAL(0x000b3a37617632b0,0x00597199fe1cfb6c,0x0042a7ccdfeafdd6,0x004cc9f15ebcea17,0x00f436e596a6b4a4,0x00168861142df0d8,0x000753edfec26af5,0x000c495d7e388116)},
+            {FIELD_LITERAL(0x0017085f4a346148,0x00c7cf7a37f62272,0x001776e129bc5c30,0x009955134c9eef2a,0x001ba5bdf1df07be,0x00ec39497103a55c,0x006578354fda6cfb,0x005f02719d4f15ee)},
+            {FIELD_LITERAL(0x0052b9d9b5d9655d,0x00d4ec7ba1b461c3,0x00f95df4974f280b,0x003d8e5ca11aeb51,0x00d4981eb5a70b26,0x000af9a4f6659f29,0x004598c846faeb43,0x0049d9a183a47670)},
+        }}, {{
+            {FIELD_LITERAL(0x000a72d23dcb3f1f,0x00a3737f84011727,0x00f870c0fbbf4a47,0x00a7aadd04b5c9ca,0x000c7715c67bd072,0x00015a136afcd74e,0x0080d5caea499634,0x0026b448ec7514b7)},
+            {FIELD_LITERAL(0x00b60167d9e7d065,0x00e60ba0d07381e8,0x003a4f17b725c2d4,0x006c19fe176b64fa,0x003b57b31af86ccb,0x0021047c286180fd,0x00bdc8fb00c6dbb6,0x00fe4a9f4bab4f3f)},
+            {FIELD_LITERAL(0x0088ffc3a16111f7,0x009155e4245d0bc8,0x00851d68220572d5,0x00557ace1e514d29,0x0031d7c339d91022,0x00101d0ae2eaceea,0x00246ab3f837b66a,0x00d5216d381ff530)},
+        }}, {{
+            {FIELD_LITERAL(0x0057e7ea35f36dae,0x00f47d7ad15de22e,0x00d757ea4b105115,0x008311457d579d7e,0x00b49b75b1edd4eb,0x0081c7ff742fd63a,0x00ddda3187433df6,0x00475727d55f9c66)},
+            {FIELD_LITERAL(0x00a6295218dc136a,0x00563b3af0e9c012,0x00d3753b0145db1b,0x004550389c043dc1,0x00ea94ae27401bdf,0x002b0b949f2b7956,0x00c63f780ad8e23c,0x00e591c47d6bab15)},
+            {FIELD_LITERAL(0x00416c582b058eb6,0x004107da5b2cc695,0x00b3cd2556aeec64,0x00c0b418267e57a1,0x001799293579bd2e,0x0046ed44590e4d07,0x001d7459b3630a1e,0x00c6afba8b6696aa)},
+        }}, {{
+            {FIELD_LITERAL(0x008d6009b26da3f8,0x00898e88ca06b1ca,0x00edb22b2ed7fe62,0x00fbc93516aabe80,0x008b4b470c42ce0d,0x00e0032ba7d0dcbb,0x00d76da3a956ecc8,0x007f20fe74e3852a)},
+            {FIELD_LITERAL(0x002419222c607674,0x00a7f23af89188b3,0x00ad127284e73d1c,0x008bba582fae1c51,0x00fc6aa7ca9ecab1,0x003df5319eb6c2ba,0x002a05af8a8b199a,0x004bf8354558407c)},
+            {FIELD_LITERAL(0x00ce7d4a30f0fcbf,0x00d02c272629f03d,0x0048c001f7400bc2,0x002c21368011958d,0x0098a550391e96b5,0x002d80b66390f379,0x001fa878760cc785,0x001adfce54b613d5)},
+        }}, {{
+            {FIELD_LITERAL(0x001ed4dc71fa2523,0x005d0bff19bf9b5c,0x00c3801cee065a64,0x001ed0b504323fbf,0x0003ab9fdcbbc593,0x00df82070178b8d2,0x00a2bcaa9c251f85,0x00c628a3674bd02e)},
+            {FIELD_LITERAL(0x006b7a0674f9f8de,0x00a742414e5c7cff,0x0041cbf3c6e13221,0x00e3a64fd207af24,0x0087c05f15fbe8d1,0x004c50936d9e8a33,0x001306ec21042b6d,0x00a4f4137d1141c2)},
+            {FIELD_LITERAL(0x0009e6fb921568b0,0x00b3c60120219118,0x002a6c3460dd503a,0x009db1ef11654b54,0x0063e4bf0be79601,0x00670d34bb2592b9,0x00dcee2f6c4130ce,0x00b2682e88e77f54)},
+        }}, {{
+            {FIELD_LITERAL(0x000d5b4b3da135ab,0x00838f3e5064d81d,0x00d44eb50f6d94ed,0x0008931ab502ac6d,0x00debe01ca3d3586,0x0025c206775f0641,0x005ad4b6ae912763,0x007e2c318ad8f247)},
+            {FIELD_LITERAL(0x00ddbe0750dd1add,0x004b3c7b885844b8,0x00363e7ecf12f1ae,0x0062e953e6438f9d,0x0023cc73b076afe9,0x00b09fa083b4da32,0x00c7c3d2456c541d,0x005b591ec6b694d4)},
+            {FIELD_LITERAL(0x0028656e19d62fcf,0x0052a4af03df148d,0x00122765ddd14e42,0x00f2252904f67157,0x004741965b636f3a,0x006441d296132cb9,0x005e2106f956a5b7,0x00247029592d335c)},
+        }}, {{
+            {FIELD_LITERAL(0x003fe038eb92f894,0x000e6da1b72e8e32,0x003a1411bfcbe0fa,0x00b55d473164a9e4,0x00b9a775ac2df48d,0x0002ddf350659e21,0x00a279a69eb19cb3,0x00f844eab25cba44)},
+            {FIELD_LITERAL(0x00c41d1f9c1f1ac1,0x007b2df4e9f19146,0x00b469355fd5ba7a,0x00b5e1965afc852a,0x00388d5f1e2d8217,0x0022079e4c09ae93,0x0014268acd4ef518,0x00c1dd8d9640464c)},
+            {FIELD_LITERAL(0x0038526adeed0c55,0x00dd68c607e3fe85,0x00f746ddd48a5d57,0x0042f2952b963b7c,0x001cbbd6876d5ec2,0x005e341470bca5c2,0x00871d41e085f413,0x00e53ab098f45732)},
+        }}, {{
+            {FIELD_LITERAL(0x004d51124797c831,0x008f5ae3750347ad,0x0070ced94c1a0c8e,0x00f6db2043898e64,0x000d00c9a5750cd0,0x000741ec59bad712,0x003c9d11aab37b7f,0x00a67ba169807714)},
+            {FIELD_LITERAL(0x00adb2c1566e8b8f,0x0096c68a35771a9a,0x00869933356f334a,0x00ba9c93459f5962,0x009ec73fb6e8ca4b,0x003c3802c27202e1,0x0031f5b733e0c008,0x00f9058c19611fa9)},
+            {FIELD_LITERAL(0x00238f01814a3421,0x00c325a44b6cce28,0x002136f97aeb0e73,0x000cac8268a4afe2,0x0022fd218da471b3,0x009dcd8dfff8def9,0x00cb9f8181d999bb,0x00143ae56edea349)},
+        }}, {{
+            {FIELD_LITERAL(0x0000623bf87622c5,0x00a1966fdd069496,0x00c315b7b812f9fc,0x00bdf5efcd128b97,0x001d464f532e3e16,0x003cd94f081bfd7e,0x00ed9dae12ce4009,0x002756f5736eee70)},
+            {FIELD_LITERAL(0x00a5187e6ee7341b,0x00e6d52e82d83b6e,0x00df3c41323094a7,0x00b3324f444e9de9,0x00689eb21a35bfe5,0x00f16363becd548d,0x00e187cc98e7f60f,0x00127d9062f0ccab)},
+            {FIELD_LITERAL(0x004ad71b31c29e40,0x00a5fcace12fae29,0x004425b5597280ed,0x00e7ef5d716c3346,0x0010b53ada410ac8,0x0092310226060c9b,0x0091c26128729c7e,0x0088b42900f8ec3b)},
+        }}, {{
+            {FIELD_LITERAL(0x00f1e26e9762d4a8,0x00d9d74082183414,0x00ffec9bd57a0282,0x000919e128fd497a,0x00ab7ae7d00fe5f8,0x0054dc442851ff68,0x00c9ebeb3b861687,0x00507f7cab8b698f)},
+            {FIELD_LITERAL(0x00c13c5aae3ae341,0x009c6c9ed98373e7,0x00098f26864577a8,0x0015b886e9488b45,0x0037692c42aadba5,0x00b83170b8e7791c,0x001670952ece1b44,0x00fd932a39276da2)},
+            {FIELD_LITERAL(0x0081a3259bef3398,0x005480fff416107b,0x00ce4f607d21be98,0x003ffc084b41df9b,0x0043d0bb100502d1,0x00ec35f575ba3261,0x00ca18f677300ef3,0x00e8bb0a827d8548)},
+        }}, {{
+            {FIELD_LITERAL(0x00df76b3328ada72,0x002e20621604a7c2,0x00f910638a105b09,0x00ef4724d96ef2cd,0x00377d83d6b8a2f7,0x00b4f48805ade324,0x001cd5da8b152018,0x0045af671a20ca7f)},
+            {FIELD_LITERAL(0x009ae3b93a56c404,0x004a410b7a456699,0x00023a619355e6b2,0x009cdc7297387257,0x0055b94d4ae70d04,0x002cbd607f65b005,0x003208b489697166,0x00ea2aa058867370)},
+            {FIELD_LITERAL(0x00f29d2598ee3f32,0x00b4ac5385d82adc,0x007633eaf04df19b,0x00aa2d3d77ceab01,0x004a2302fcbb778a,0x00927f225d5afa34,0x004a8e9d5047f237,0x008224ae9dbce530)},
+        }}, {{
+            {FIELD_LITERAL(0x001cf640859b02f8,0x00758d1d5d5ce427,0x00763c784ef4604c,0x005fa81aee205270,0x00ac537bfdfc44cb,0x004b919bd342d670,0x00238508d9bf4b7a,0x00154888795644f3)},
+            {FIELD_LITERAL(0x00c845923c084294,0x00072419a201bc25,0x0045f408b5f8e669,0x00e9d6a186b74dfe,0x00e19108c68fa075,0x0017b91d874177b7,0x002f0ca2c7912c5a,0x009400aa385a90a2)},
+            {FIELD_LITERAL(0x0071110b01482184,0x00cfed0044f2bef8,0x0034f2901cf4662e,0x003b4ae2a67f9834,0x00cca9b96fe94810,0x00522507ae77abd0,0x00bac7422721e73e,0x0066622b0f3a62b0)},
+        }}, {{
+            {FIELD_LITERAL(0x00f8ac5cf4705b6a,0x00867d82dcb457e3,0x007e13ab2ccc2ce9,0x009ee9a018d3930e,0x008370f8ecb42df8,0x002d9f019add263e,0x003302385b92d196,0x00a15654536e2c0c)},
+            {FIELD_LITERAL(0x0026ef1614e160af,0x00c023f9edfc9c76,0x00cff090da5f57ba,0x0076db7a66643ae9,0x0019462f8c646999,0x008fec00b3854b22,0x00d55041692a0a1c,0x0065db894215ca00)},
+            {FIELD_LITERAL(0x00a925036e0a451c,0x002a0390c36b6cc1,0x00f27020d90894f4,0x008d90d52cbd3d7f,0x00e1d0137392f3b8,0x00f017c158b51a8f,0x00cac313d3ed7dbc,0x00b99a81e3eb42d3)},
+        }}, {{
+            {FIELD_LITERAL(0x00b54850275fe626,0x0053a3fd1ec71140,0x00e3d2d7dbe096fa,0x00e4ac7b595cce4c,0x0077bad449c0a494,0x00b7c98814afd5b3,0x0057226f58486cf9,0x00b1557154f0cc57)},
+            {FIELD_LITERAL(0x008cc9cd236315c0,0x0031d9c5b39fda54,0x00a5713ef37e1171,0x00293d5ae2886325,0x00c4aba3e05015e1,0x0003f35ef78e4fc6,0x0039d6bd3ac1527b,0x0019d7c3afb77106)},
+            {FIELD_LITERAL(0x007b162931a985af,0x00ad40a2e0daa713,0x006df27c4009f118,0x00503e9f4e2e8bec,0x00751a77c82c182d,0x000298937769245b,0x00ffb1e8fabf9ee5,0x0008334706e09abe)},
+        }}, {{
+            {FIELD_LITERAL(0x00dbca4e98a7dcd9,0x00ee29cfc78bde99,0x00e4a3b6995f52e9,0x0045d70189ae8096,0x00fd2a8a3b9b0d1b,0x00af1793b107d8e1,0x00dbf92cbe4afa20,0x00da60f798e3681d)},
+            {FIELD_LITERAL(0x004246bfcecc627a,0x004ba431246c03a4,0x00bd1d101872d497,0x003b73d3f185ee16,0x001feb2e2678c0e3,0x00ff13c5a89dec76,0x00ed06042e771d8f,0x00a4fd2a897a83dd)},
+            {FIELD_LITERAL(0x009a4a3be50d6597,0x00de3165fc5a1096,0x004f3f56e345b0c7,0x00f7bf721d5ab8bc,0x004313e47b098c50,0x00e4c7d5c0e1adbb,0x002e3e3db365051e,0x00a480c2cd6a96fb)},
+        }}, {{
+            {FIELD_LITERAL(0x00417fa30a7119ed,0x00af257758419751,0x00d358a487b463d4,0x0089703cc720b00d,0x00ce56314ff7f271,0x0064db171ade62c1,0x00640b36d4a22fed,0x00424eb88696d23f)},
+            {FIELD_LITERAL(0x004ede34af2813f3,0x00d4a8e11c9e8216,0x004796d5041de8a5,0x00c4c6b4d21cc987,0x00e8a433ee07fa1e,0x0055720b5abcc5a1,0x008873ea9c74b080,0x005b3fec1ab65d48)},
+            {FIELD_LITERAL(0x0047e5277db70ec5,0x000a096c66db7d6b,0x00b4164cc1730159,0x004a9f783fe720fe,0x00a8177b94449dbc,0x0095a24ff49a599f,0x0069c1c578250cbc,0x00452019213debf4)},
+        }}, {{
+            {FIELD_LITERAL(0x0021ce99e09ebda3,0x00fcbd9f91875ad0,0x009bbf6b7b7a0b5f,0x00388886a69b1940,0x00926a56d0f81f12,0x00e12903c3358d46,0x005dfce4e8e1ce9d,0x0044cfa94e2f7e23)},
+            {FIELD_LITERAL(0x001bd59c09e982ea,0x00f72daeb937b289,0x0018b76dca908e0e,0x00edb498512384ad,0x00ce0243b6cc9538,0x00f96ff690cb4e70,0x007c77bf9f673c8d,0x005bf704c088a528)},
+            {FIELD_LITERAL(0x0093d4628dcb33be,0x0095263d51d42582,0x0049b3222458fe06,0x00e7fce73b653a7f,0x003ca2ebce60b369,0x00c5de239a32bea4,0x0063b8b3d71fb6bf,0x0039aeeb78a1a839)},
+        }}, {{
+            {FIELD_LITERAL(0x007dc52da400336c,0x001fded1e15b9457,0x00902e00f5568e3a,0x00219bef40456d2d,0x005684161fb3dbc9,0x004a4e9be49a76ea,0x006e685ae88b78ff,0x0021c42f13042d3c)},
+            {FIELD_LITERAL(0x00fb22bb5fd3ce50,0x0017b48aada7ae54,0x00fd5c44ad19a536,0x000ccc4e4e55e45c,0x00fd637d45b4c3f5,0x0038914e023c37cf,0x00ac1881d6a8d898,0x00611ed8d3d943a8)},
+            {FIELD_LITERAL(0x0056e2259d113d2b,0x00594819b284ec16,0x00c7bf794bb36696,0x00721ee75097cdc6,0x00f71be9047a2892,0x00df6ba142564edf,0x0069580b7a184e8d,0x00f056e38fca0fee)},
+        }}, {{
+            {FIELD_LITERAL(0x009df98566a18c6d,0x00cf3a200968f219,0x0044ba60da6d9086,0x00dbc9c0e344da03,0x000f9401c4466855,0x00d46a57c5b0a8d1,0x00875a635d7ac7c6,0x00ef4a933b7e0ae6)},
+            {FIELD_LITERAL(0x005e8694077a1535,0x008bef75f71c8f1d,0x000a7c1316423511,0x00906e1d70604320,0x003fc46c1a2ffbd6,0x00d1d5022e68f360,0x002515fba37bbf46,0x00ca16234e023b44)},
+            {FIELD_LITERAL(0x00787c99561f4690,0x00a857a8c1561f27,0x00a10df9223c09fe,0x00b98a9562e3b154,0x004330b8744c3ed2,0x00e06812807ec5c4,0x00e4cf6a7db9f1e3,0x00d95b089f132a34)},
+        }}, {{
+            {FIELD_LITERAL(0x002922b39ca33eec,0x0090d12a5f3ab194,0x00ab60c02fb5f8ed,0x00188d292abba1cf,0x00e10edec9698f6e,0x0069a4d9934133c8,0x0024aac40e6d3d06,0x001702c2177661b0)},
+            {FIELD_LITERAL(0x00139078397030bd,0x000e3c447e859a00,0x0064a5b334c82393,0x00b8aabeb7358093,0x00020778bb9ae73b,0x0032ee94c7892a18,0x008215253cb41bda,0x005e2797593517ae)},
+            {FIELD_LITERAL(0x0083765a5f855d4a,0x0051b6d1351b8ee2,0x00116de548b0f7bb,0x0087bd88703affa0,0x0095b2cc34d7fdd2,0x0084cd81b53f0bc8,0x008562fc995350ed,0x00a39abb193651e3)},
+        }}, {{
+            {FIELD_LITERAL(0x0019e23f0474b114,0x00eb94c2ad3b437e,0x006ddb34683b75ac,0x00391f9209b564c6,0x00083b3bb3bff7aa,0x00eedcd0f6dceefc,0x00b50817f794fe01,0x0036474deaaa75c9)},
+            {FIELD_LITERAL(0x0091868594265aa2,0x00797accae98ca6d,0x0008d8c5f0f8a184,0x00d1f4f1c2b2fe6e,0x0036783dfb48a006,0x008c165120503527,0x0025fd780058ce9b,0x0068beb007be7d27)},
+            {FIELD_LITERAL(0x00d0ff88aa7c90c2,0x00b2c60dacf53394,0x0094a7284d9666d6,0x00bed9022ce7a19d,0x00c51553f0cd7682,0x00c3fb870b124992,0x008d0bc539956c9b,0x00fc8cf258bb8885)},
+        }}, {{
+            {FIELD_LITERAL(0x003667bf998406f8,0x0000115c43a12975,0x001e662f3b20e8fd,0x0019ffa534cb24eb,0x00016be0dc8efb45,0x00ff76a8b26243f5,0x00ae20d241a541e3,0x0069bd6af13cd430)},
+            {FIELD_LITERAL(0x0045fdc16487cda3,0x00b2d8e844cf2ed7,0x00612c50e88c1607,0x00a08aabc66c1672,0x006031fdcbb24d97,0x001b639525744b93,0x004409d62639ab17,0x00a1853d0347ab1d)},
+            {FIELD_LITERAL(0x0075a1a56ebf5c21,0x00a3e72be9ac53ed,0x00efcde1629170c2,0x0004225fe91ef535,0x0088049fc73dfda7,0x004abc74857e1288,0x0024e2434657317c,0x00d98cb3d3e5543c)},
+        }}, {{
+            {FIELD_LITERAL(0x00b4b53eab6bdb19,0x009b22d8b43711d0,0x00d948b9d961785d,0x00cb167b6f279ead,0x00191de3a678e1c9,0x00d9dd9511095c2e,0x00f284324cd43067,0x00ed74fa535151dd)},
+            {FIELD_LITERAL(0x007e32c049b5c477,0x009d2bfdbd9bcfd8,0x00636e93045938c6,0x007fde4af7687298,0x0046a5184fafa5d3,0x0079b1e7f13a359b,0x00875adf1fb927d6,0x00333e21c61bcad2)},
+            {FIELD_LITERAL(0x00048014f73d8b8d,0x0075684aa0966388,0x0092be7df06dc47c,0x0097cebcd0f5568a,0x005a7004d9c4c6a9,0x00b0ecbb659924c7,0x00d90332dd492a7c,0x0057fc14df11493d)},
+        }}, {{
+            {FIELD_LITERAL(0x0008ed8ea0ad95be,0x0041d324b9709645,0x00e25412257a19b4,0x0058df9f3423d8d2,0x00a9ab20def71304,0x009ae0dbf8ac4a81,0x00c9565977e4392a,0x003c9269444baf55)},
+            {FIELD_LITERAL(0x007df6cbb926830b,0x00d336058ae37865,0x007af47dac696423,0x0048d3011ec64ac8,0x006b87666e40049f,0x0036a2e0e51303d7,0x00ba319bd79dbc55,0x003e2737ecc94f53)},
+            {FIELD_LITERAL(0x00d296ff726272d9,0x00f6d097928fcf57,0x00e0e616a55d7013,0x00deaf454ed9eac7,0x0073a56bedef4d92,0x006ccfdf6fc92e19,0x009d1ee1371a7218,0x00ee3c2ee4462d80)},
+        }}, {{
+            {FIELD_LITERAL(0x00437bce9bccdf9d,0x00e0c8e2f85dc0a3,0x00c91a7073995a19,0x00856ec9fe294559,0x009e4b33394b156e,0x00e245b0dc497e5c,0x006a54e687eeaeff,0x00f1cd1cd00fdb7c)},
+            {FIELD_LITERAL(0x008132ae5c5d8cd1,0x00121d68324a1d9f,0x00d6be9dafcb8c76,0x00684d9070edf745,0x00519fbc96d7448e,0x00388182fdc1f27e,0x000235baed41f158,0x00bf6cf6f1a1796a)},
+            {FIELD_LITERAL(0x002adc4b4d148219,0x003084ada0d3a90a,0x0046de8aab0f2e4e,0x00452d342a67b5fd,0x00d4b50f01d4de21,0x00db6d9fc0cefb79,0x008c184c86a462cd,0x00e17c83764d42da)},
+        }}, {{
+            {FIELD_LITERAL(0x007b2743b9a1e01a,0x007847ffd42688c4,0x006c7844d610a316,0x00f0cb8b250aa4b0,0x00a19060143b3ae6,0x0014eb10b77cfd80,0x000170905729dd06,0x00063b5b9cd72477)},
+            {FIELD_LITERAL(0x00ce382dc7993d92,0x00021153e938b4c8,0x00096f7567f48f51,0x0058f81ddfe4b0d5,0x00cc379a56b355c7,0x002c760770d3e819,0x00ee22d1d26e5a40,0x00de6d93d5b082d7)},
+            {FIELD_LITERAL(0x000a91a42c52e056,0x00185f6b77fce7ea,0x000803c51962f6b5,0x0022528582ba563d,0x0043f8040e9856d6,0x0085a29ec81fb860,0x005f9a611549f5ff,0x00c1f974ecbd4b06)},
+        }}, {{
+            {FIELD_LITERAL(0x005b64c6fd65ec97,0x00c1fdd7f877bc7f,0x000d9cc6c89f841c,0x005c97b7f1aff9ad,0x0075e3c61475d47e,0x001ecb1ba8153011,0x00fe7f1c8d71d40d,0x003fa9757a229832)},
+            {FIELD_LITERAL(0x00ffc5c89d2b0cba,0x00d363d42e3e6fc3,0x0019a1a0118e2e8a,0x00f7baeff48882e1,0x001bd5af28c6b514,0x0055476ca2253cb2,0x00d8eb1977e2ddf3,0x00b173b1adb228a1)},
+            {FIELD_LITERAL(0x00f2cb99dd0ad707,0x00e1e08b6859ddd8,0x000008f2d0650bcc,0x00d7ed392f8615c3,0x00976750a94da27f,0x003e83bb0ecb69ba,0x00df8e8d15c14ac6,0x00f9f7174295d9c2)},
+        }}, {{
+            {FIELD_LITERAL(0x00f11cc8e0e70bcb,0x00e5dc689974e7dd,0x0014e409f9ee5870,0x00826e6689acbd63,0x008a6f4e3d895d88,0x00b26a8da41fd4ad,0x000fb7723f83efd7,0x009c749db0a5f6c3)},
+            {FIELD_LITERAL(0x002389319450f9ba,0x003677f31aa1250a,0x0092c3db642f38cb,0x00f8b64c0dfc9773,0x00cd49fe3505b795,0x0068105a4090a510,0x00df0ba2072a8bb6,0x00eb396143afd8be)},
+            {FIELD_LITERAL(0x00a0d4ecfb24cdff,0x00ddaf8008ba6479,0x00f0b3e36d4b0f44,0x003734bd3af1f146,0x00b87e2efc75527e,0x00d230df55ddab50,0x002613257ae56c1d,0x00bc0946d135934d)},
+        }}, {{
+            {FIELD_LITERAL(0x00468711bd994651,0x0033108fa67561bf,0x0089d760192a54b4,0x00adc433de9f1871,0x000467d05f36e050,0x007847e0f0579f7f,0x00a2314ad320052d,0x00b3a93649f0b243)},
+            {FIELD_LITERAL(0x0067f8f0c4fe26c9,0x0079c4a3cc8f67b9,0x0082b1e62f23550d,0x00f2d409caefd7f5,0x0080e67dcdb26e81,0x0087ae993ea1f98a,0x00aa108becf61d03,0x001acf11efb608a3)},
+            {FIELD_LITERAL(0x008225febbab50d9,0x00f3b605e4dd2083,0x00a32b28189e23d2,0x00d507e5e5eb4c97,0x005a1a84e302821f,0x0006f54c1c5f08c7,0x00a347c8cb2843f0,0x0009f73e9544bfa5)},
+        }}, {{
+            {FIELD_LITERAL(0x006c59c9ae744185,0x009fc32f1b4282cd,0x004d6348ca59b1ac,0x00105376881be067,0x00af4096013147dc,0x004abfb5a5cb3124,0x000d2a7f8626c354,0x009c6ed568e07431)},
+            {FIELD_LITERAL(0x00e828333c297f8b,0x009ef3cf8c3f7e1f,0x00ab45f8fff31cb9,0x00c8b4178cb0b013,0x00d0c50dd3260a3f,0x0097126ac257f5bc,0x0042376cc90c705a,0x001d96fdb4a1071e)},
+            {FIELD_LITERAL(0x00542d44d89ee1a8,0x00306642e0442d98,0x0090853872b87338,0x002362cbf22dc044,0x002c222adff663b8,0x0067c924495fcb79,0x000e621d983c977c,0x00df77a9eccb66fb)},
+        }}, {{
+            {FIELD_LITERAL(0x002809e4bbf1814a,0x00b9e854f9fafb32,0x00d35e67c10f7a67,0x008f1bcb76e748cf,0x004224d9515687d2,0x005ba0b774e620c4,0x00b5e57db5d54119,0x00e15babe5683282)},
+            {FIELD_LITERAL(0x00832d02369b482c,0x00cba52ff0d93450,0x003fa9c908d554db,0x008d1e357b54122f,0x00abd91c2dc950c6,0x007eff1df4c0ec69,0x003f6aeb13fb2d31,0x00002d6179fc5b2c)},
+            {FIELD_LITERAL(0x0046c9eda81c9c89,0x00b60cb71c8f62fc,0x0022f5a683baa558,0x00f87319fccdf997,0x009ca09b51ce6a22,0x005b12baf4af7d77,0x008a46524a1e33e2,0x00035a77e988be0d)},
+        }}, {{
+            {FIELD_LITERAL(0x00a7efe46a7dbe2f,0x002f66fd55014fe7,0x006a428afa1ff026,0x0056caaa9604ab72,0x0033f3bcd7fac8ae,0x00ccb1aa01c86764,0x00158d1edf13bf40,0x009848ee76fcf3b4)},
+            {FIELD_LITERAL(0x00a9e7730a819691,0x00d9cc73c4992b70,0x00e299bde067de5a,0x008c314eb705192a,0x00e7226f17e8a3cc,0x0029dfd956e65a47,0x0053a8e839073b12,0x006f942b2ab1597e)},
+            {FIELD_LITERAL(0x001c3d780ecd5e39,0x0094f247fbdcc5fe,0x00d5c786fd527764,0x00b6f4da74f0db2a,0x0080f1f8badcd5fc,0x00f36a373ad2e23b,0x00f804f9f4343bf2,0x00d1af40ec623982)},
+        }}, {{
+            {FIELD_LITERAL(0x0082aeace5f1b144,0x00f68b3108cf4dd3,0x00634af01dde3020,0x000beab5df5c2355,0x00e8b790d1b49b0b,0x00e48d15854e36f4,0x0040ab2d95f3db9f,0x002711c4ed9e899a)},
+            {FIELD_LITERAL(0x0039343746531ebe,0x00c8509d835d429d,0x00e79eceff6b0018,0x004abfd31e8efce5,0x007bbfaaa1e20210,0x00e3be89c193e179,0x001c420f4c31d585,0x00f414a315bef5ae)},
+            {FIELD_LITERAL(0x007c296a24990df8,0x00d5d07525a75588,0x00dd8e113e94b7e7,0x007bbc58febe0cc8,0x0029f51af9bfcad3,0x007e9311ec7ab6f3,0x009a884de1676343,0x0050d5f2dce84be9)},
+        }}, {{
+            {FIELD_LITERAL(0x005fa020cca2450a,0x00491c29db6416d8,0x0037cefe3f9f9a85,0x003d405230647066,0x0049e835f0fdbe89,0x00feb78ac1a0815c,0x00828e4b32dc9724,0x00db84f2dc8d6fd4)},
+            {FIELD_LITERAL(0x0098cddc8b39549a,0x006da37e3b05d22c,0x00ce633cfd4eb3cb,0x00fda288ef526acd,0x0025338878c5d30a,0x00f34438c4e5a1b4,0x00584efea7c310f1,0x0041a551f1b660ad)},
+            {FIELD_LITERAL(0x00d7f7a8fbd6437a,0x0062872413bf3753,0x00ad4bbcb43c584b,0x007fe49be601d7e3,0x0077c659789babf4,0x00eb45fcb06a741b,0x005ce244913f9708,0x0088426401736326)},
+        }}, {{
+            {FIELD_LITERAL(0x007bf562ca768d7c,0x006c1f3a174e387c,0x00f024b447fee939,0x007e7af75f01143f,0x003adb70b4eed89d,0x00e43544021ad79a,0x0091f7f7042011f6,0x0093c1a1ee3a0ddc)},
+            {FIELD_LITERAL(0x00a0b68ec1eb72d2,0x002c03235c0d45a0,0x00553627323fe8c5,0x006186e94b17af94,0x00a9906196e29f14,0x0025b3aee6567733,0x007e0dd840080517,0x0018eb5801a4ba93)},
+            {FIELD_LITERAL(0x00d7fe7017bf6a40,0x006e3f0624be0c42,0x00ffbba205358245,0x00f9fc2cf8194239,0x008d93b37bf15b4e,0x006ddf2e38be8e95,0x002b6e79bf5fcff9,0x00ab355da425e2de)},
+        }}, {{
+            {FIELD_LITERAL(0x00938f97e20be973,0x0099141a36aaf306,0x0057b0ca29e545a1,0x0085db571f9fbc13,0x008b333c554b4693,0x0043ab6ef3e241cb,0x0054fb20aa1e5c70,0x00be0ff852760adf)},
+            {FIELD_LITERAL(0x003973d8938971d6,0x002aca26fa80c1f5,0x00108af1faa6b513,0x00daae275d7924e6,0x0053634ced721308,0x00d2355fe0bbd443,0x00357612b2d22095,0x00f9bb9dd4136cf3)},
+            {FIELD_LITERAL(0x002bff12cf5e03a5,0x001bdb1fa8a19cf8,0x00c91c6793f84d39,0x00f869f1b2eba9af,0x0059bc547dc3236b,0x00d91611d6d38689,0x00e062daaa2c0214,0x00ed3c047cc2bc82)},
+        }}, {{
+            {FIELD_LITERAL(0x000050d70c32b31a,0x001939d576d437b3,0x00d709e598bf9fe6,0x00a885b34bd2ee9e,0x00dd4b5c08ab1a50,0x0091bebd50b55639,0x00cf79ff64acdbc6,0x006067a39d826336)},
+            {FIELD_LITERAL(0x0062dd0fb31be374,0x00fcc96b84c8e727,0x003f64f1375e6ae3,0x0057d9b6dd1af004,0x00d6a167b1103c7b,0x00dd28f3180fb537,0x004ff27ad7167128,0x008934c33461f2ac)},
+            {FIELD_LITERAL(0x0065b472b7900043,0x00ba7efd2ff1064b,0x000b67d6c4c3020f,0x0012d28469f4e46d,0x0031c32939703ec7,0x00b49f0bce133066,0x00f7e10416181d47,0x005c90f51867eecc)},
+        }}, {{
+            {FIELD_LITERAL(0x0051207abd179101,0x00fc2a5c20d9c5da,0x00fb9d5f2701b6df,0x002dd040fdea82b8,0x00f163b0738442ff,0x00d9736bd68855b8,0x00e0d8e93005e61c,0x00df5a40b3988570)},
+            {FIELD_LITERAL(0x0006918f5dfce6dc,0x00d4bf1c793c57fb,0x0069a3f649435364,0x00e89a50e5b0cd6e,0x00b9f6a237e973af,0x006d4ed8b104e41d,0x00498946a3924cd2,0x00c136ec5ac9d4f7)},
+            {FIELD_LITERAL(0x0011a9c290ac5336,0x002b9a2d4a6a6533,0x009a8a68c445d937,0x00361b27b07e5e5c,0x003c043b1755b974,0x00b7eb66cf1155ee,0x0077af5909eefff2,0x0098f609877cc806)},
+        }}, {{
+            {FIELD_LITERAL(0x00ab13af436bf8f4,0x000bcf0a0dac8574,0x00d50c864f705045,0x00c40e611debc842,0x0085010489bd5caa,0x007c5050acec026f,0x00f67d943c8da6d1,0x00de1da0278074c6)},
+            {FIELD_LITERAL(0x00b373076597455f,0x00e83f1af53ac0f5,0x0041f63c01dc6840,0x0097dea19b0c6f4b,0x007f9d63b4c1572c,0x00e692d492d0f5f0,0x00cbcb392e83b4ad,0x0069c0f39ed9b1a8)},
+            {FIELD_LITERAL(0x00861030012707c9,0x009fbbdc7fd4aafb,0x008f591d6b554822,0x00df08a41ea18ade,0x009d7d83e642abea,0x0098c71bda3b78ff,0x0022c89e7021f005,0x0044d29a3fe1e3c4)},
+        }}, {{
+            {FIELD_LITERAL(0x00e748cd7b5c52f2,0x00ea9df883f89cc3,0x0018970df156b6c7,0x00c5a46c2a33a847,0x00cbde395e32aa09,0x0072474ebb423140,0x00fb00053086a23d,0x001dafcfe22d4e1f)},
+            {FIELD_LITERAL(0x00c903ee6d825540,0x00add6c4cf98473e,0x007636efed4227f1,0x00905124ae55e772,0x00e6b38fab12ed53,0x0045e132b863fe55,0x003974662edb366a,0x00b1787052be8208)},
+            {FIELD_LITERAL(0x00a614b00d775c7c,0x00d7c78941cc7754,0x00422dd68b5dabc4,0x00a6110f0167d28b,0x00685a309c252886,0x00b439ffd5143660,0x003656e29ee7396f,0x00c7c9b9ed5ad854)},
+        }}, {{
+            {FIELD_LITERAL(0x0040f7e7c5b37bf2,0x0064e4dc81181bba,0x00a8767ae2a366b6,0x001496b4f90546f2,0x002a28493f860441,0x0021f59513049a3a,0x00852d369a8b7ee3,0x00dd2e7d8b7d30a9)},
+            {FIELD_LITERAL(0x00006e34a35d9fbc,0x00eee4e48b2f019a,0x006b344743003a5f,0x00541d514f04a7e3,0x00e81f9ee7647455,0x005e2b916c438f81,0x00116f8137b7eff0,0x009bd3decc7039d1)},
+            {FIELD_LITERAL(0x0005d226f434110d,0x00af8288b8ef21d5,0x004a7a52ef181c8c,0x00be0b781b4b06de,0x00e6e3627ded07e1,0x00e43aa342272b8b,0x00e86ab424577d84,0x00fb292c566e35bb)},
+        }}, {{
+            {FIELD_LITERAL(0x00334f5303ea1222,0x00dfb3dbeb0a5d3e,0x002940d9592335c1,0x00706a7a63e8938a,0x005a533558bc4caf,0x00558e33192022a9,0x00970d9faf74c133,0x002979fcb63493ca)},
+            {FIELD_LITERAL(0x00e38abece3c82ab,0x005a51f18a2c7a86,0x009dafa2e86d592e,0x00495a62eb688678,0x00b79df74c0eb212,0x0023e8cc78b75982,0x005998cb91075e13,0x00735aa9ba61bc76)},
+            {FIELD_LITERAL(0x00d9f7a82ddbe628,0x00a1fc782889ae0f,0x0071ffda12d14b66,0x0037cf4eca7fb3d5,0x00c80bc242c58808,0x0075bf8c2d08c863,0x008d41f31afc52a7,0x00197962ecf38741)},
+        }}, {{
+            {FIELD_LITERAL(0x006e9f475cccf2ee,0x00454b9cd506430c,0x00224a4fb79ee479,0x0062e3347ef0b5e2,0x0034fd2a3512232a,0x00b8b3cb0f457046,0x00eb20165daa38ec,0x00128eebc2d9c0f7)},
+            {FIELD_LITERAL(0x00bfc5fa1e4ea21f,0x00c21d7b6bb892e6,0x00cf043f3acf0291,0x00c13f2f849b3c90,0x00d1a97ebef10891,0x0061e130a445e7fe,0x0019513fdedbf22b,0x001d60c813bff841)},
+            {FIELD_LITERAL(0x0019561c7fcf0213,0x00e3dca6843ebd77,0x0068ea95b9ca920e,0x009bdfb70f253595,0x00c68f59186aa02a,0x005aee1cca1c3039,0x00ab79a8a937a1ce,0x00b9a0e549959e6f)},
+        }}, {{
+            {FIELD_LITERAL(0x00c79e0b6d97dfbd,0x00917c71fd2bc6e8,0x00db7529ccfb63d8,0x00be5be957f17866,0x00a9e11fdc2cdac1,0x007b91a8e1f44443,0x00a3065e4057d80f,0x004825f5b8d5f6d4)},
+            {FIELD_LITERAL(0x003e4964fa8a8fc8,0x00f6a1cdbcf41689,0x00943cb18fe7fda7,0x00606dafbf34440a,0x005d37a86399c789,0x00e79a2a69417403,0x00fe34f7e68b8866,0x0011f448ed2df10e)},
+            {FIELD_LITERAL(0x00f1f57efcc1fcc4,0x00513679117de154,0x002e5b5b7c86d8c3,0x009f6486561f9cfb,0x00169e74b0170cf7,0x00900205af4af696,0x006acfddb77853f3,0x00df184c90f31068)},
+        }}, {{
+            {FIELD_LITERAL(0x00b37396c3320791,0x00fc7b67175c5783,0x00c36d2cd73ecc38,0x0080ebcc0b328fc5,0x0043a5b22b35d35d,0x00466c9f1713c9da,0x0026ad346dcaa8da,0x007c684e701183a6)},
+            {FIELD_LITERAL(0x00fd579ffb691713,0x00b76af4f81c412d,0x00f239de96110f82,0x00e965fb437f0306,0x00ca7e9436900921,0x00e487f1325fa24a,0x00633907de476380,0x00721c62ac5b8ea0)},
+            {FIELD_LITERAL(0x00c0d54e542eb4f9,0x004ed657171c8dcf,0x00b743a4f7c2a39b,0x00fd9f93ed6cc567,0x00307fae3113e58b,0x0058aa577c93c319,0x00d254556f35b346,0x00491aada2203f0d)},
+        }}, {{
+            {FIELD_LITERAL(0x00dff3103786ff34,0x000144553b1f20c3,0x0095613baeb930e4,0x00098058275ea5d4,0x007cd1402b046756,0x0074d74e4d58aee3,0x005f93fc343ff69b,0x00873df17296b3b0)},
+            {FIELD_LITERAL(0x00c4a1fb48635413,0x00b5dd54423ad59f,0x009ff5d53fd24a88,0x003c98d267fc06a7,0x002db7cb20013641,0x00bd1d6716e191f2,0x006dbc8b29094241,0x0044bbf233dafa2c)},
+            {FIELD_LITERAL(0x0055838d41f531e6,0x00bf6a2dd03c81b2,0x005827a061c4839e,0x0000de2cbb36aac3,0x002efa29d9717478,0x00f9e928cc8a77ba,0x00c134b458def9ef,0x00958a182223fc48)},
+        }}, {{
+            {FIELD_LITERAL(0x000a9ee23c06881f,0x002c727d3d871945,0x00f47d971512d24a,0x00671e816f9ef31a,0x00883af2cfaad673,0x00601f98583d6c9a,0x00b435f5adc79655,0x00ad87b71c04bff2)},
+            {FIELD_LITERAL(0x007860d99db787cf,0x00fda8983018f4a8,0x008c8866bac4743c,0x00ef471f84c82a3f,0x00abea5976d3b8e7,0x00714882896cd015,0x00b49fae584ddac5,0x008e33a1a0b69c81)},
+            {FIELD_LITERAL(0x007b6ee2c9e8a9ec,0x002455dbbd89d622,0x006490cf4eaab038,0x00d925f6c3081561,0x00153b3047de7382,0x003b421f8bdceb6f,0x00761a4a5049da78,0x00980348c5202433)},
+        }}, {{
+            {FIELD_LITERAL(0x007f8a43da97dd5c,0x00058539c800fc7b,0x0040f3cf5a28414a,0x00d68dd0d95283d6,0x004adce9da90146e,0x00befa41c7d4f908,0x007603bc2e3c3060,0x00bdf360ab3545db)},
+            {FIELD_LITERAL(0x00eebfd4e2312cc3,0x00474b2564e4fc8c,0x003303ef14b1da9b,0x003c93e0e66beb1d,0x0013619b0566925a,0x008817c24d901bf3,0x00b62bd8898d218b,0x0075a7716f1e88a2)},
+            {FIELD_LITERAL(0x0009218da1e6890f,0x0026907f5fd02575,0x004dabed5f19d605,0x003abf181870249d,0x00b52fd048cc92c4,0x00b6dd51e415a5c5,0x00d9eb82bd2b4014,0x002c865a43b46b43)},
+        }}, {{
+            {FIELD_LITERAL(0x0070047189452f4c,0x00f7ad12e1ce78d5,0x00af1ba51ec44a8b,0x005f39f63e667cd6,0x00058eac4648425e,0x00d7fdab42bea03b,0x0028576a5688de15,0x00af973209e77c10)},
+            {FIELD_LITERAL(0x00c338b915d8fef0,0x00a893292045c39a,0x0028ab4f2eba6887,0x0060743cb519fd61,0x0006213964093ac0,0x007c0b7a43f6266d,0x008e3557c4fa5bda,0x002da976de7b8d9d)},
+            {FIELD_LITERAL(0x0048729f8a8b6dcd,0x00fe23b85cc4d323,0x00e7384d16e4db0e,0x004a423970678942,0x00ec0b763345d4ba,0x00c477b9f99ed721,0x00c29dad3777b230,0x001c517b466f7df6)},
+        }}, {{
+            {FIELD_LITERAL(0x006366c380f7b574,0x001c7d1f09ff0438,0x003e20a7301f5b22,0x00d3efb1916d28f6,0x0049f4f81060ce83,0x00c69d91ea43ced1,0x002b6f3e5cd269ed,0x005b0fb22ce9ec65)},
+            {FIELD_LITERAL(0x00aa2261022d883f,0x00ebcca4548010ac,0x002528512e28a437,0x0070ca7676b66082,0x0084bda170f7c6d3,0x00581b4747c9b8bb,0x005c96a01061c7e2,0x00fb7c4a362b5273)},
+            {FIELD_LITERAL(0x00c30020eb512d02,0x0060f288283a4d26,0x00b7ed13becde260,0x0075ebb74220f6e9,0x00701079fcfe8a1f,0x001c28fcdff58938,0x002e4544b8f4df6b,0x0060c5bc4f1a7d73)},
+        }}, {{
+            {FIELD_LITERAL(0x00ae307cf069f701,0x005859f222dd618b,0x00212d6c46ec0b0d,0x00a0fe4642afb62d,0x00420d8e4a0a8903,0x00a80ff639bdf7b0,0x0019bee1490b5d8e,0x007439e4b9c27a86)},
+            {FIELD_LITERAL(0x00a94700032a093f,0x0076e96c225216e7,0x00a63a4316e45f91,0x007d8bbb4645d3b2,0x00340a6ff22793eb,0x006f935d4572aeb7,0x00b1fb69f00afa28,0x009e8f3423161ed3)},
+            {FIELD_LITERAL(0x009ef49c6b5ced17,0x00a555e6269e9f0a,0x007e6f1d79ec73b5,0x009ac78695a32ac4,0x0001d77fbbcd5682,0x008cea1fee0aaeed,0x00f42bea82a53462,0x002e46ab96cafcc9)},
+        }}, {{
+            {FIELD_LITERAL(0x0051cfcc5885377a,0x00dce566cb1803ca,0x00430c7643f2c7d4,0x00dce1a1337bdcc0,0x0010d5bd7283c128,0x003b1b547f9b46fe,0x000f245e37e770ab,0x007b72511f022b37)},
+            {FIELD_LITERAL(0x0060db815bc4786c,0x006fab25beedc434,0x00c610d06084797c,0x000c48f08537bec0,0x0031aba51c5b93da,0x007968fa6e01f347,0x0030070da52840c6,0x00c043c225a4837f)},
+            {FIELD_LITERAL(0x001bcfd00649ee93,0x006dceb47e2a0fd5,0x00f2cebda0cf8fd0,0x00b6b9d9d1fbdec3,0x00815262e6490611,0x00ef7f5ce3176760,0x00e49cd0c998d58b,0x005fc6cc269ba57c)},
+        }}, {{
+            {FIELD_LITERAL(0x008940211aa0d633,0x00addae28136571d,0x00d68fdbba20d673,0x003bc6129bc9e21a,0x000346cf184ebe9a,0x0068774d741ebc7f,0x0019d5e9e6966557,0x0003cbd7f981b651)},
+            {FIELD_LITERAL(0x004a2902926f8d3f,0x00ad79b42637ab75,0x0088f60b90f2d4e8,0x0030f54ef0e398c4,0x00021dc9bf99681e,0x007ebf66fde74ee3,0x004ade654386e9a4,0x00e7485066be4c27)},
+            {FIELD_LITERAL(0x00445f1263983be0,0x004cf371dda45e6a,0x00744a89d5a310e7,0x001f20ce4f904833,0x00e746edebe66e29,0x000912ab1f6c153d,0x00f61d77d9b2444c,0x0001499cd6647610)},
+        }}
+    }
+};
+const struct curve448_precomputed_s *curve448_precomputed_base
+    = &curve448_precomputed_base_table;
+
+static const niels_t curve448_wnaf_base_table[32] = {
+    {{
+        {FIELD_LITERAL(0x00303cda6feea532,0x00860f1d5a3850e4,0x00226b9fa4728ccd,0x00e822938a0a0c0c,0x00263a61c9ea9216,0x001204029321b828,0x006a468360983c65,0x0002846f0a782143)},
+        {FIELD_LITERAL(0x00303cda6feea532,0x00860f1d5a3850e4,0x00226b9fa4728ccd,0x006822938a0a0c0c,0x00263a61c9ea9215,0x001204029321b828,0x006a468360983c65,0x0082846f0a782143)},
+        {FIELD_LITERAL(0x00ef8e22b275198d,0x00b0eb141a0b0e8b,0x001f6789da3cb38c,0x006d2ff8ed39073e,0x00610bdb69a167f3,0x00571f306c9689b4,0x00f557e6f84b2df8,0x002affd38b2c86db)},
+    }}, {{
+        {FIELD_LITERAL(0x00cea0fc8d2e88b5,0x00821612d69f1862,0x0074c283b3e67522,0x005a195ba05a876d,0x000cddfe557feea4,0x008046c795bcc5e5,0x00540969f4d6e119,0x00d27f96d6b143d5)},
+        {FIELD_LITERAL(0x000c3b1019d474e8,0x00e19533e4952284,0x00cc9810ba7c920a,0x00f103d2785945ac,0x00bfa5696cc69b34,0x00a8d3d51e9ca839,0x005623cb459586b9,0x00eae7ce1cd52e9e)},
+        {FIELD_LITERAL(0x0005a178751dd7d8,0x002cc3844c69c42f,0x00acbfe5efe10539,0x009c20f43431a65a,0x008435d96374a7b3,0x009ee57566877bd3,0x0044691725ed4757,0x001e87bb2fe2c6b2)},
+    }}, {{
+        {FIELD_LITERAL(0x000cedc4debf7a04,0x002ffa45000470ac,0x002e9f9678201915,0x0017da1208c4fe72,0x007d558cc7d656cb,0x0037a827287cf289,0x00142472d3441819,0x009c21f166cf8dd1)},
+        {FIELD_LITERAL(0x003ef83af164b2f2,0x000949a5a0525d0d,0x00f4498186cac051,0x00e77ac09ef126d2,0x0073ae0b2c9296e9,0x001c163f6922e3ed,0x0062946159321bea,0x00cfb79b22990b39)},
+        {FIELD_LITERAL(0x00b001431ca9e654,0x002d7e5eabcc9a3a,0x0052e8114c2f6747,0x0079ac4f94487f92,0x00bffd919b5d749c,0x00261f92ad15e620,0x00718397b7a97895,0x00c1443e6ebbc0c4)},
+    }}, {{
+        {FIELD_LITERAL(0x00eacd90c1e0a049,0x008977935b149fbe,0x0004cb9ba11c93dc,0x009fbd5b3470844d,0x004bc18c9bfc22cf,0x0057679a991839f3,0x00ef15b76fb4092e,0x0074a5173a225041)},
+        {FIELD_LITERAL(0x003f5f9d7ec4777b,0x00ab2e733c919c94,0x001bb6c035245ae5,0x00a325a49a883630,0x0033e9a9ea3cea2f,0x00e442a1eaa0e844,0x00b2116d5b0e71b8,0x00c16abed6d64047)},
+        {FIELD_LITERAL(0x00c560b5ed051165,0x001945adc5d65094,0x00e221865710f910,0x00cc12bc9e9b8ceb,0x004faa9518914e35,0x0017476d89d42f6d,0x00b8f637c8fa1c8b,0x0088c7d2790864b8)},
+    }}, {{
+        {FIELD_LITERAL(0x00ef7eafc1c69be6,0x0085d3855778fbea,0x002c8d5b450cb6f5,0x004e77de5e1e7fec,0x0047c057893abded,0x001b430b85d51e16,0x00965c7b45640c3c,0x00487b2bb1162b97)},
+        {FIELD_LITERAL(0x0099c73a311beec2,0x00a3eff38d8912ad,0x002efa9d1d7e8972,0x00f717ae1e14d126,0x002833f795850c8b,0x0066c12ad71486bd,0x00ae9889da4820eb,0x00d6044309555c08)},
+        {FIELD_LITERAL(0x004b1c5283d15e41,0x00669d8ea308ff75,0x0004390233f762a1,0x00e1d67b83cb6cec,0x003eebaa964c78b1,0x006b0aff965eb664,0x00b313d4470bdc37,0x008814ffcb3cb9d8)},
+    }}, {{
+        {FIELD_LITERAL(0x009724b8ce68db70,0x007678b5ed006f3d,0x00bdf4b89c0abd73,0x00299748e04c7c6d,0x00ddd86492c3c977,0x00c5a7febfa30a99,0x00ed84715b4b02bb,0x00319568adf70486)},
+        {FIELD_LITERAL(0x0070ff2d864de5bb,0x005a37eeb637ee95,0x0033741c258de160,0x00e6ca5cb1988f46,0x001ceabd92a24661,0x0030957bd500fe40,0x001c3362afe912c5,0x005187889f678bd2)},
+        {FIELD_LITERAL(0x0086835fc62bbdc7,0x009c3516ca4910a1,0x00956c71f8d00783,0x0095c78fcf63235f,0x00fc7ff6ba05c222,0x00cdd8b3f8d74a52,0x00ac5ae16de8256e,0x00e9d4be8ed48624)},
+    }}, {{
+        {FIELD_LITERAL(0x00c0ce11405df2d8,0x004e3f37b293d7b6,0x002410172e1ac6db,0x00b8dbff4bf8143d,0x003a7b409d56eb66,0x003e0f6a0dfef9af,0x0081c4e4d3645be1,0x00ce76076b127623)},
+        {FIELD_LITERAL(0x00f6ee0f98974239,0x0042d89af07d3a4f,0x00846b7fe84346b5,0x006a21fc6a8d39a1,0x00ac8bc2541ff2d9,0x006d4e2a77732732,0x009a39b694cc3f2f,0x0085c0aa2a404c8f)},
+        {FIELD_LITERAL(0x00b261101a218548,0x00c1cae96424277b,0x00869da0a77dd268,0x00bc0b09f8ec83ea,0x00d61027f8e82ba9,0x00aa4c85999dce67,0x00eac3132b9f3fe1,0x00fb9b0cf1c695d2)},
+    }}, {{
+        {FIELD_LITERAL(0x0043079295512f0d,0x0046a009861758e0,0x003ee2842a807378,0x0034cc9d1298e4fa,0x009744eb4d31b3ee,0x00afacec96650cd0,0x00ac891b313761ae,0x00e864d6d26e708a)},
+        {FIELD_LITERAL(0x00a84d7c8a23b491,0x0088e19aa868b27f,0x0005986d43e78ce9,0x00f28012f0606d28,0x0017ded7e10249b3,0x005ed4084b23af9b,0x00b9b0a940564472,0x00ad9056cceeb1f4)},
+        {FIELD_LITERAL(0x00db91b357fe755e,0x00a1aa544b15359c,0x00af4931a0195574,0x007686124fe11aef,0x00d1ead3c7b9ef7e,0x00aaf5fc580f8c15,0x00e727be147ee1ec,0x003c61c1e1577b86)},
+    }}, {{
+        {FIELD_LITERAL(0x009d3fca983220cf,0x00cd11acbc853dc4,0x0017590409d27f1d,0x00d2176698082802,0x00fa01251b2838c8,0x00dd297a0d9b51c6,0x00d76c92c045820a,0x00534bc7c46c9033)},
+        {FIELD_LITERAL(0x0080ed9bc9b07338,0x00fceac7745d2652,0x008a9d55f5f2cc69,0x0096ce72df301ac5,0x00f53232e7974d87,0x0071728c7ae73947,0x0090507602570778,0x00cb81cfd883b1b2)},
+        {FIELD_LITERAL(0x005011aadea373da,0x003a8578ec896034,0x00f20a6535fa6d71,0x005152d31e5a87cf,0x002bac1c8e68ca31,0x00b0e323db4c1381,0x00f1d596b7d5ae25,0x00eae458097cb4e0)},
+    }}, {{
+        {FIELD_LITERAL(0x00920ac80f9b0d21,0x00f80f7f73401246,0x0086d37849b557d6,0x0002bd4b317b752e,0x00b26463993a42bb,0x002070422a73b129,0x00341acaa0380cb3,0x00541914dd66a1b2)},
+        {FIELD_LITERAL(0x00c1513cd66abe8c,0x000139e01118944d,0x0064abbcb8080bbb,0x00b3b08202473142,0x00c629ef25da2403,0x00f0aec3310d9b7f,0x0050b2227472d8cd,0x00f6c8a922d41fb4)},
+        {FIELD_LITERAL(0x001075ccf26b7b1f,0x00bb6bb213170433,0x00e9491ad262da79,0x009ef4f48d2d384c,0x008992770766f09d,0x001584396b6b1101,0x00af3f8676c9feef,0x0024603c40269118)},
+    }}, {{
+        {FIELD_LITERAL(0x009dd7b31319527c,0x001e7ac948d873a9,0x00fa54b46ef9673a,0x0066efb8d5b02fe6,0x00754b1d3928aeae,0x0004262ac72a6f6b,0x0079b7d49a6eb026,0x003126a753540102)},
+        {FIELD_LITERAL(0x009666e24f693947,0x00f714311269d45f,0x0010ffac1d0c851c,0x0066e80c37363497,0x00f1f4ad010c60b0,0x0015c87408470ff7,0x00651d5e9c7766a4,0x008138819d7116de)},
+        {FIELD_LITERAL(0x003934b11c57253b,0x00ef308edf21f46e,0x00e54e99c7a16198,0x0080d57135764e63,0x00751c27b946bc24,0x00dd389ce4e9e129,0x00a1a2bfd1cd84dc,0x002fae73e5149b32)},
+    }}, {{
+        {FIELD_LITERAL(0x00911657dffb4cdd,0x00c100b7cc553d06,0x00449d075ec467cc,0x007062100bc64e70,0x0043cf86f7bd21e7,0x00f401dc4b797dea,0x005224afb2f62e65,0x00d1ede3fb5a42be)},
+        {FIELD_LITERAL(0x00f2ba36a41aa144,0x00a0c22d946ee18f,0x008aae8ef9a14f99,0x00eef4d79b19bb36,0x008e75ce3d27b1fc,0x00a65daa03b29a27,0x00d9cc83684eb145,0x009e1ed80cc2ed74)},
+        {FIELD_LITERAL(0x00bed953d1997988,0x00b93ed175a24128,0x00871c5963fb6365,0x00ca2df20014a787,0x00f5d9c1d0b34322,0x00f6f5942818db0a,0x004cc091f49c9906,0x00e8a188a60bff9f)},
+    }}, {{
+        {FIELD_LITERAL(0x0032c7762032fae8,0x00e4087232e0bc21,0x00f767344b6e8d85,0x00bbf369b76c2aa2,0x008a1f46c6e1570c,0x001368cd9780369f,0x007359a39d079430,0x0003646512921434)},
+        {FIELD_LITERAL(0x007c4b47ca7c73e7,0x005396221039734b,0x008b64ddf0e45d7e,0x00bfad5af285e6c2,0x008ec711c5b1a1a8,0x00cf663301237f98,0x00917ee3f1655126,0x004152f337efedd8)},
+        {FIELD_LITERAL(0x0007c7edc9305daa,0x000a6664f273701c,0x00f6e78795e200b1,0x005d05b9ecd2473e,0x0014f5f17c865786,0x00c7fd2d166fa995,0x004939a2d8eb80e0,0x002244ba0942c199)},
+    }}, {{
+        {FIELD_LITERAL(0x00321e767f0262cf,0x002e57d776caf68e,0x00bf2c94814f0437,0x00c339196acd622f,0x001db4cce71e2770,0x001ded5ddba6eee2,0x0078608ab1554c8d,0x00067fe0ab76365b)},
+        {FIELD_LITERAL(0x00f09758e11e3985,0x00169efdbd64fad3,0x00e8889b7d6dacd6,0x0035cdd58ea88209,0x00bcda47586d7f49,0x003cdddcb2879088,0x0016da70187e954b,0x009556ea2e92aacd)},
+        {FIELD_LITERAL(0x008cab16bd1ff897,0x00b389972cdf753f,0x00ea8ed1e46dfdc0,0x004fe7ef94c589f4,0x002b8ae9b805ecf3,0x0025c08d892874a5,0x0023938e98d44c4c,0x00f759134cabf69c)},
+    }}, {{
+        {FIELD_LITERAL(0x006c2a84678e4b3b,0x007a194aacd1868f,0x00ed0225af424761,0x00da0a6f293c64b8,0x001062ac5c6a7a18,0x0030f5775a8aeef4,0x0002acaad76b7af0,0x00410b8fd63a579f)},
+        {FIELD_LITERAL(0x001ec59db3d9590e,0x001e9e3f1c3f182d,0x0045a9c3ec2cab14,0x0008198572aeb673,0x00773b74068bd167,0x0012535eaa395434,0x0044dba9e3bbb74a,0x002fba4d3c74bd0e)},
+        {FIELD_LITERAL(0x0042bf08fe66922c,0x003318b8fbb49e8c,0x00d75946004aa14c,0x00f601586b42bf1c,0x00c74cf1d912fe66,0x00abcb36974b30ad,0x007eb78720c9d2b8,0x009f54ab7bd4df85)},
+    }}, {{
+        {FIELD_LITERAL(0x00db9fc948f73826,0x00fa8b3746ed8ee9,0x00132cb65aafbeb2,0x00c36ff3fe7925b8,0x00837daed353d2fe,0x00ec661be0667cf4,0x005beb8ed2e90204,0x00d77dd69e564967)},
+        {FIELD_LITERAL(0x0042e6268b861751,0x0008dd0469500c16,0x00b51b57c338a3fd,0x00cc4497d85cff6b,0x002f13d6b57c34a4,0x0083652eaf301105,0x00cc344294cc93a8,0x0060f4d02810e270)},
+        {FIELD_LITERAL(0x00a8954363cd518b,0x00ad171124bccb7b,0x0065f46a4adaae00,0x001b1a5b2a96e500,0x0043fe24f8233285,0x0066996d8ae1f2c3,0x00c530f3264169f9,0x00c0f92d07cf6a57)},
+    }}, {{
+        {FIELD_LITERAL(0x0036a55c6815d943,0x008c8d1def993db3,0x002e0e1e8ff7318f,0x00d883a4b92db00a,0x002f5e781ae33906,0x001a72adb235c06d,0x00f2e59e736e9caa,0x001a4b58e3031914)},
+        {FIELD_LITERAL(0x00d73bfae5e00844,0x00bf459766fb5f52,0x0061b4f5a5313cde,0x004392d4c3b95514,0x000d3551b1077523,0x0000998840ee5d71,0x006de6e340448b7b,0x00251aa504875d6e)},
+        {FIELD_LITERAL(0x003bf343427ac342,0x00adc0a78642b8c5,0x0003b893175a8314,0x0061a34ade5703bc,0x00ea3ea8bb71d632,0x00be0df9a1f198c2,0x0046dd8e7c1635fb,0x00f1523fdd25d5e5)},
+    }}, {{
+        {FIELD_LITERAL(0x00633f63fc9dd406,0x00e713ff80e04a43,0x0060c6e970f2d621,0x00a57cd7f0df1891,0x00f2406a550650bb,0x00b064290efdc684,0x001eab0144d17916,0x00cd15f863c293ab)},
+        {FIELD_LITERAL(0x0029cec55273f70d,0x007044ee275c6340,0x0040f637a93015e2,0x00338bb78db5aae9,0x001491b2a6132147,0x00a125d6cfe6bde3,0x005f7ac561ba8669,0x001d5eaea3fbaacf)},
+        {FIELD_LITERAL(0x00054e9635e3be31,0x000e43f31e2872be,0x00d05b1c9e339841,0x006fac50bd81fd98,0x00cdc7852eaebb09,0x004ff519b061991b,0x009099e8107d4c85,0x00273e24c36a4a61)},
+    }}, {{
+        {FIELD_LITERAL(0x00070b4441ef2c46,0x00efa5b02801a109,0x00bf0b8c3ee64adf,0x008a67e0b3452e98,0x001916b1f2fa7a74,0x00d781a78ff6cdc3,0x008682ce57e5c919,0x00cc1109dd210da3)},
+        {FIELD_LITERAL(0x00cae8aaff388663,0x005e983a35dda1c7,0x007ab1030d8e37f4,0x00e48940f5d032fe,0x006a36f9ef30b331,0x009be6f03958c757,0x0086231ceba91400,0x008bd0f7b823e7aa)},
+        {FIELD_LITERAL(0x00cf881ebef5a45a,0x004ebea78e7c6f2c,0x0090da9209cf26a0,0x00de2b2e4c775b84,0x0071d6031c3c15ae,0x00d9e927ef177d70,0x00894ee8c23896fd,0x00e3b3b401e41aad)},
+    }}, {{
+        {FIELD_LITERAL(0x00204fef26864170,0x00819269c5dee0f8,0x00bfb4713ec97966,0x0026339a6f34df78,0x001f26e64c761dc2,0x00effe3af313cb60,0x00e17b70138f601b,0x00f16e1ccd9ede5e)},
+        {FIELD_LITERAL(0x005d9a8353fdb2db,0x0055cc2048c698f0,0x00f6c4ac89657218,0x00525034d73faeb2,0x00435776fbda3c7d,0x0070ea5312323cbc,0x007a105d44d069fb,0x006dbc8d6dc786aa)},
+        {FIELD_LITERAL(0x0017cff19cd394ec,0x00fef7b810922587,0x00e6483970dff548,0x00ddf36ad6874264,0x00e61778523fcce2,0x0093a66c0c93b24a,0x00fd367114db7f86,0x007652d7ddce26dd)},
+    }}, {{
+        {FIELD_LITERAL(0x00d92ced7ba12843,0x00aea9c7771e86e7,0x0046639693354f7b,0x00a628dbb6a80c47,0x003a0b0507372953,0x00421113ab45c0d9,0x00e545f08362ab7a,0x0028ce087b4d6d96)},
+        {FIELD_LITERAL(0x00a67ee7cf9f99eb,0x005713b275f2ff68,0x00f1d536a841513d,0x00823b59b024712e,0x009c46b9d0d38cec,0x00cdb1595aa2d7d4,0x008375b3423d9af8,0x000ab0b516d978f7)},
+        {FIELD_LITERAL(0x00428dcb3c510b0f,0x00585607ea24bb4e,0x003736bf1603687a,0x00c47e568c4fe3c7,0x003cd00282848605,0x0043a487c3b91939,0x004ffc04e1095a06,0x00a4c989a3d4b918)},
+    }}, {{
+        {FIELD_LITERAL(0x00a8778d0e429f7a,0x004c02b059105a68,0x0016653b609da3ff,0x00d5107bd1a12d27,0x00b4708f9a771cab,0x00bb63b662033f69,0x0072f322240e7215,0x0019445b59c69222)},
+        {FIELD_LITERAL(0x00cf4f6069a658e6,0x0053ca52859436a6,0x0064b994d7e3e117,0x00cb469b9a07f534,0x00cfb68f399e9d47,0x00f0dcb8dac1c6e7,0x00f2ab67f538b3a5,0x0055544f178ab975)},
+        {FIELD_LITERAL(0x0099b7a2685d538c,0x00e2f1897b7c0018,0x003adac8ce48dae3,0x00089276d5c50c0c,0x00172fca07ad6717,0x00cb1a72f54069e5,0x004ee42f133545b3,0x00785f8651362f16)},
+    }}, {{
+        {FIELD_LITERAL(0x0049cbac38509e11,0x0015234505d42cdf,0x00794fb0b5840f1c,0x00496437344045a5,0x0031b6d944e4f9b0,0x00b207318ac1f5d8,0x0000c840da7f5c5d,0x00526f373a5c8814)},
+        {FIELD_LITERAL(0x002c7b7742d1dfd9,0x002cabeb18623c01,0x00055f5e3e044446,0x006c20f3b4ef54ba,0x00c600141ec6b35f,0x00354f437f1a32a3,0x00bac4624a3520f9,0x00c483f734a90691)},
+        {FIELD_LITERAL(0x0053a737d422918d,0x00f7fca1d8758625,0x00c360336dadb04c,0x00f38e3d9158a1b8,0x0069ce3b418e84c6,0x005d1697eca16ead,0x00f8bd6a35ece13d,0x007885dfc2b5afea)},
+    }}, {{
+        {FIELD_LITERAL(0x00c3617ae260776c,0x00b20dc3e96922d7,0x00a1a7802246706a,0x00ca6505a5240244,0x002246b62d919782,0x001439102d7aa9b3,0x00e8af1139e6422c,0x00c888d1b52f2b05)},
+        {FIELD_LITERAL(0x005b67690ffd41d9,0x005294f28df516f9,0x00a879272412fcb9,0x00098b629a6d1c8d,0x00fabd3c8050865a,0x00cd7e5b0a3879c5,0x00153238210f3423,0x00357cac101e9f42)},
+        {FIELD_LITERAL(0x008917b454444fb7,0x00f59247c97e441b,0x00a6200a6815152d,0x0009a4228601d254,0x001c0360559bd374,0x007563362039cb36,0x00bd75b48d74e32b,0x0017f515ac3499e8)},
+    }}, {{
+        {FIELD_LITERAL(0x001532a7ffe41c5a,0x00eb1edce358d6bf,0x00ddbacc7b678a7b,0x008a7b70f3c841a3,0x00f1923bf27d3f4c,0x000b2713ed8f7873,0x00aaf67e29047902,0x0044994a70b3976d)},
+        {FIELD_LITERAL(0x00d54e802082d42c,0x00a55aa0dce7cc6c,0x006477b96073f146,0x0082efe4ceb43594,0x00a922bcba026845,0x0077f19d1ab75182,0x00c2bb2737846e59,0x0004d7eec791dd33)},
+        {FIELD_LITERAL(0x0044588d1a81d680,0x00b0a9097208e4f8,0x00212605350dc57e,0x0028717cd2871123,0x00fb083c100fd979,0x0045a056ce063fdf,0x00a5d604b4dd6a41,0x001dabc08ba4e236)},
+    }}, {{
+        {FIELD_LITERAL(0x00c4887198d7a7fa,0x00244f98fb45784a,0x0045911e15a15d01,0x001d323d374c0966,0x00967c3915196562,0x0039373abd2f3c67,0x000d2c5614312423,0x0041cf2215442ce3)},
+        {FIELD_LITERAL(0x008ede889ada7f06,0x001611e91de2e135,0x00fdb9a458a471b9,0x00563484e03710d1,0x0031cc81925e3070,0x0062c97b3af80005,0x00fa733eea28edeb,0x00e82457e1ebbc88)},
+        {FIELD_LITERAL(0x006a0df5fe9b6f59,0x00a0d4ff46040d92,0x004a7cedb6f93250,0x00d1df8855b8c357,0x00e73a46086fd058,0x0048fb0add6dfe59,0x001e03a28f1b4e3d,0x00a871c993308d76)},
+    }}, {{
+        {FIELD_LITERAL(0x0030dbb2d1766ec8,0x00586c0ad138555e,0x00d1a34f9e91c77c,0x0063408ad0e89014,0x00d61231b05f6f5b,0x0009abf569f5fd8a,0x00aec67a110f1c43,0x0031d1a790938dd7)},
+        {FIELD_LITERAL(0x006cded841e2a862,0x00198d60af0ab6fb,0x0018f09db809e750,0x004e6ac676016263,0x00eafcd1620969cb,0x002c9784ca34917d,0x0054f00079796de7,0x00d9fab5c5972204)},
+        {FIELD_LITERAL(0x004bd0fee2438a83,0x00b571e62b0f83bd,0x0059287d7ce74800,0x00fb3631b645c3f0,0x00a018e977f78494,0x0091e27065c27b12,0x007696c1817165e0,0x008c40be7c45ba3a)},
+    }}, {{
+        {FIELD_LITERAL(0x00a0f326327cb684,0x001c7d0f672680ff,0x008c1c81ffb112d1,0x00f8f801674eddc8,0x00e926d5d48c2a9d,0x005bd6d954c6fe9a,0x004c6b24b4e33703,0x00d05eb5c09105cc)},
+        {FIELD_LITERAL(0x00d61731caacf2cf,0x002df0c7609e01c5,0x00306172208b1e2b,0x00b413fe4fb2b686,0x00826d360902a221,0x003f8d056e67e7f7,0x0065025b0175e989,0x00369add117865eb)},
+        {FIELD_LITERAL(0x00aaf895aec2fa11,0x000f892bc313eb52,0x005b1c794dad050b,0x003f8ec4864cec14,0x00af81058d0b90e5,0x00ebe43e183997bb,0x00a9d610f9f3e615,0x007acd8eec2e88d3)},
+    }}, {{
+        {FIELD_LITERAL(0x0049b2fab13812a3,0x00846db32cd60431,0x000177fa578c8d6c,0x00047d0e2ad4bc51,0x00b158ba38d1e588,0x006a45daad79e3f3,0x000997b93cab887b,0x00c47ea42fa23dc3)},
+        {FIELD_LITERAL(0x0012b6fef7aeb1ca,0x009412768194b6a7,0x00ff0d351f23ab93,0x007e8a14c1aff71b,0x006c1c0170c512bc,0x0016243ea02ab2e5,0x007bb6865b303f3e,0x0015ce6b29b159f4)},
+        {FIELD_LITERAL(0x009961cd02e68108,0x00e2035d3a1d0836,0x005d51f69b5e1a1d,0x004bccb4ea36edcd,0x0069be6a7aeef268,0x0063f4dd9de8d5a7,0x006283783092ca35,0x0075a31af2c35409)},
+    }}, {{
+        {FIELD_LITERAL(0x00c412365162e8cf,0x00012283fb34388a,0x003e6543babf39e2,0x00eead6b3a804978,0x0099c0314e8b326f,0x00e98e0a8d477a4f,0x00d2eb96b127a687,0x00ed8d7df87571bb)},
+        {FIELD_LITERAL(0x00777463e308cacf,0x00c8acb93950132d,0x00ebddbf4ca48b2c,0x0026ad7ca0795a0a,0x00f99a3d9a715064,0x000d60bcf9d4dfcc,0x005e65a73a437a06,0x0019d536a8db56c8)},
+        {FIELD_LITERAL(0x00192d7dd558d135,0x0027cd6a8323ffa7,0x00239f1a412dc1e7,0x0046b4b3be74fc5c,0x0020c47a2bef5bce,0x00aa17e48f43862b,0x00f7e26c96342e5f,0x0008011c530f39a9)},
+    }}, {{
+        {FIELD_LITERAL(0x00aad4ac569bf0f1,0x00a67adc90b27740,0x0048551369a5751a,0x0031252584a3306a,0x0084e15df770e6fc,0x00d7bba1c74b5805,0x00a80ef223af1012,0x0089c85ceb843a34)},
+        {FIELD_LITERAL(0x00c4545be4a54004,0x0099e11f60357e6c,0x001f3936d19515a6,0x007793df84341a6e,0x0051061886717ffa,0x00e9b0a660b28f85,0x0044ea685892de0d,0x000257d2a1fda9d9)},
+        {FIELD_LITERAL(0x007e8b01b24ac8a8,0x006cf3b0b5ca1337,0x00f1607d3e36a570,0x0039b7fab82991a1,0x00231777065840c5,0x00998e5afdd346f9,0x00b7dc3e64acc85f,0x00baacc748013ad6)},
+    }}, {{
+        {FIELD_LITERAL(0x008ea6a4177580bf,0x005fa1953e3f0378,0x005fe409ac74d614,0x00452327f477e047,0x00a4018507fb6073,0x007b6e71951caac8,0x0012b42ab8a6ce91,0x0080eca677294ab7)},
+        {FIELD_LITERAL(0x00a53edc023ba69b,0x00c6afa83ddde2e8,0x00c3f638b307b14e,0x004a357a64414062,0x00e4d94d8b582dc9,0x001739caf71695b7,0x0012431b2ae28de1,0x003b6bc98682907c)},
+        {FIELD_LITERAL(0x008a9a93be1f99d6,0x0079fa627cc699c8,0x00b0cfb134ba84c8,0x001c4b778249419a,0x00df4ab3d9c44f40,0x009f596e6c1a9e3c,0x001979c0df237316,0x00501e953a919b87)},
+    }}
+};
+const niels_t *curve448_wnaf_base = curve448_wnaf_base_table;
diff --git a/deps/openssl/openssl/crypto/ec/curve448/curve448utils.h b/deps/openssl/openssl/crypto/ec/curve448/curve448utils.h
new file mode 100644
index 0000000000..9bf837993c
--- /dev/null
+++ b/deps/openssl/openssl/crypto/ec/curve448/curve448utils.h
@@ -0,0 +1,78 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015 Cryptography Research, Inc.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Mike Hamburg
+ */
+
+#ifndef HEADER_CURVE448UTILS_H
+# define HEADER_CURVE448UTILS_H
+
+# include <openssl/e_os2.h>
+
+/*
+ * Internal word types. Somewhat tricky.  This could be decided separately per
+ * platform.  However, the structs do need to be all the same size and
+ * alignment on a given platform to support dynamic linking, since even if you
+ * header was built with eg arch_neon, you might end up linking a library built
+ * with arch_arm32.
+ */
+# ifndef C448_WORD_BITS
+#  if (defined(__SIZEOF_INT128__) && (__SIZEOF_INT128__ == 16)) \
+      && !defined(__sparc__)
+#   define C448_WORD_BITS 64      /* The number of bits in a word */
+#  else
+#   define C448_WORD_BITS 32      /* The number of bits in a word */
+#  endif
+# endif
+
+# if C448_WORD_BITS == 64
+/* Word size for internal computations */
+typedef uint64_t c448_word_t;
+/* Signed word size for internal computations */
+typedef int64_t c448_sword_t;
+/* "Boolean" type, will be set to all-zero or all-one (i.e. -1u) */
+typedef uint64_t c448_bool_t;
+/* Double-word size for internal computations */
+typedef __uint128_t c448_dword_t;
+/* Signed double-word size for internal computations */
+typedef __int128_t c448_dsword_t;
+# elif C448_WORD_BITS == 32
+/* Word size for internal computations */
+typedef uint32_t c448_word_t;
+/* Signed word size for internal computations */
+typedef int32_t c448_sword_t;
+/* "Boolean" type, will be set to all-zero or all-one (i.e. -1u) */
+typedef uint32_t c448_bool_t;
+/* Double-word size for internal computations */
+typedef uint64_t c448_dword_t;
+/* Signed double-word size for internal computations */
+typedef int64_t c448_dsword_t;
+# else
+#  error "Only supporting C448_WORD_BITS = 32 or 64 for now"
+# endif
+
+/* C448_TRUE = -1 so that C448_TRUE & x = x */
+# define C448_TRUE      (0 - (c448_bool_t)1)
+
+/* C448_FALSE = 0 so that C448_FALSE & x = 0 */
+# define C448_FALSE     0
+
+/* Another boolean type used to indicate success or failure. */
+typedef enum {
+    C448_SUCCESS = -1, /**< The operation succeeded. */
+    C448_FAILURE = 0   /**< The operation failed. */
+} c448_error_t;
+
+/* Return success if x is true */
+static ossl_inline c448_error_t c448_succeed_if(c448_bool_t x)
+{
+    return (c448_error_t) x;
+}
+
+#endif                          /* __C448_COMMON_H__ */
diff --git a/deps/openssl/openssl/crypto/ec/curve448/ed448.h b/deps/openssl/openssl/crypto/ec/curve448/ed448.h
new file mode 100644
index 0000000000..5fe939e8e1
--- /dev/null
+++ b/deps/openssl/openssl/crypto/ec/curve448/ed448.h
@@ -0,0 +1,195 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2016 Cryptography Research, Inc.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Mike Hamburg
+ */
+
+#ifndef HEADER_ED448_H
+# define HEADER_ED448_H
+
+# include "point_448.h"
+
+/* Number of bytes in an EdDSA public key. */
+# define EDDSA_448_PUBLIC_BYTES 57
+
+/* Number of bytes in an EdDSA private key. */
+# define EDDSA_448_PRIVATE_BYTES EDDSA_448_PUBLIC_BYTES
+
+/* Number of bytes in an EdDSA private key. */
+# define EDDSA_448_SIGNATURE_BYTES (EDDSA_448_PUBLIC_BYTES + \
+                                    EDDSA_448_PRIVATE_BYTES)
+
+/* EdDSA encoding ratio. */
+# define C448_EDDSA_ENCODE_RATIO 4
+
+/* EdDSA decoding ratio. */
+# define C448_EDDSA_DECODE_RATIO (4 / 4)
+
+/*
+ * EdDSA key generation.  This function uses a different (non-Decaf) encoding.
+ *
+ * pubkey (out): The public key.
+ * privkey (in): The private key.
+ */
+c448_error_t c448_ed448_derive_public_key(
+                        uint8_t pubkey [EDDSA_448_PUBLIC_BYTES],
+                        const uint8_t privkey [EDDSA_448_PRIVATE_BYTES]);
+
+/*
+ * EdDSA signing.
+ *
+ * signature (out): The signature.
+ * privkey (in): The private key.
+ * pubkey (in):  The public key.
+ * message (in):  The message to sign.
+ * message_len (in):  The length of the message.
+ * prehashed (in):  Nonzero if the message is actually the hash of something
+ *                  you want to sign.
+ * context (in):  A "context" for this signature of up to 255 bytes.
+ * context_len (in):  Length of the context.
+ *
+ * For Ed25519, it is unsafe to use the same key for both prehashed and
+ * non-prehashed messages, at least without some very careful protocol-level
+ * disambiguation.  For Ed448 it is safe.
+ */
+c448_error_t c448_ed448_sign(
+                        uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
+                        const uint8_t privkey[EDDSA_448_PRIVATE_BYTES],
+                        const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
+                        const uint8_t *message, size_t message_len,
+                        uint8_t prehashed, const uint8_t *context,
+                        size_t context_len);
+
+/*
+ * EdDSA signing with prehash.
+ *
+ * signature (out): The signature.
+ * privkey (in): The private key.
+ * pubkey (in): The public key.
+ * hash (in): The hash of the message.  This object will not be modified by the
+ *            call.
+ * context (in): A "context" for this signature of up to 255 bytes.  Must be the
+ *               same as what was used for the prehash.
+ * context_len (in): Length of the context.
+ *
+ * For Ed25519, it is unsafe to use the same key for both prehashed and
+ * non-prehashed messages, at least without some very careful protocol-level
+ * disambiguation.  For Ed448 it is safe.
+ */
+c448_error_t c448_ed448_sign_prehash(
+                        uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
+                        const uint8_t privkey[EDDSA_448_PRIVATE_BYTES],
+                        const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
+                        const uint8_t hash[64],
+                        const uint8_t *context,
+                        size_t context_len);
+
+/*
+ * EdDSA signature verification.
+ *
+ * Uses the standard (i.e. less-strict) verification formula.
+ *
+ * signature (in): The signature.
+ * pubkey (in): The public key.
+ * message (in): The message to verify.
+ * message_len (in): The length of the message.
+ * prehashed (in): Nonzero if the message is actually the hash of something you
+ *                 want to verify.
+ * context (in): A "context" for this signature of up to 255 bytes.
+ * context_len (in): Length of the context.
+ *
+ * For Ed25519, it is unsafe to use the same key for both prehashed and
+ * non-prehashed messages, at least without some very careful protocol-level
+ * disambiguation.  For Ed448 it is safe.
+ */
+c448_error_t c448_ed448_verify(const uint8_t
+                                 signature[EDDSA_448_SIGNATURE_BYTES],
+                                 const uint8_t
+                                 pubkey[EDDSA_448_PUBLIC_BYTES],
+                                 const uint8_t *message, size_t message_len,
+                                 uint8_t prehashed, const uint8_t *context,
+                                 uint8_t context_len);
+
+/*
+ * EdDSA signature verification.
+ *
+ * Uses the standard (i.e. less-strict) verification formula.
+ *
+ * signature (in): The signature.
+ * pubkey (in): The public key.
+ * hash (in): The hash of the message.  This object will not be modified by the
+ *            call.
+ * context (in): A "context" for this signature of up to 255 bytes.  Must be the
+ *               same as what was used for the prehash.
+ * context_len (in): Length of the context.
+ *
+ * For Ed25519, it is unsafe to use the same key for both prehashed and
+ * non-prehashed messages, at least without some very careful protocol-level
+ * disambiguation.  For Ed448 it is safe.
+ */
+c448_error_t c448_ed448_verify_prehash(
+                    const uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
+                    const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
+                    const uint8_t hash[64],
+                    const uint8_t *context,
+                    uint8_t context_len);
+
+/*
+ * EdDSA point encoding.  Used internally, exposed externally.
+ * Multiplies by C448_EDDSA_ENCODE_RATIO first.
+ *
+ * The multiplication is required because the EdDSA encoding represents
+ * the cofactor information, but the Decaf encoding ignores it (which
+ * is the whole point).  So if you decode from EdDSA and re-encode to
+ * EdDSA, the cofactor info must get cleared, because the intermediate
+ * representation doesn't track it.
+ *
+ * The way we handle this is to multiply by C448_EDDSA_DECODE_RATIO when
+ * decoding, and by C448_EDDSA_ENCODE_RATIO when encoding.  The product of
+ * these ratios is always exactly the cofactor 4, so the cofactor ends up
+ * cleared one way or another.  But exactly how that shakes out depends on the
+ * base points specified in RFC 8032.
+ *
+ * The upshot is that if you pass the Decaf/Ristretto base point to
+ * this function, you will get C448_EDDSA_ENCODE_RATIO times the
+ * EdDSA base point.
+ *
+ * enc (out): The encoded point.
+ * p (in): The point.
+ */
+void curve448_point_mul_by_ratio_and_encode_like_eddsa(
+                                    uint8_t enc [EDDSA_448_PUBLIC_BYTES],
+                                    const curve448_point_t p);
+
+/*
+ * EdDSA point decoding.  Multiplies by C448_EDDSA_DECODE_RATIO, and
+ * ignores cofactor information.
+ *
+ * See notes on curve448_point_mul_by_ratio_and_encode_like_eddsa
+ *
+ * enc (out): The encoded point.
+ * p (in): The point.
+ */
+c448_error_t curve448_point_decode_like_eddsa_and_mul_by_ratio(
+                            curve448_point_t p,
+                            const uint8_t enc[EDDSA_448_PUBLIC_BYTES]);
+
+/*
+ * EdDSA to ECDH private key conversion
+ * Using the appropriate hash function, hash the EdDSA private key
+ * and keep only the lower bytes to get the ECDH private key
+ *
+ * x (out): The ECDH private key as in RFC7748
+ * ed (in): The EdDSA private key
+ */
+c448_error_t c448_ed448_convert_private_key_to_x448(
+                            uint8_t x[X448_PRIVATE_BYTES],
+                            const uint8_t ed[EDDSA_448_PRIVATE_BYTES]);
+
+#endif                          /* HEADER_ED448_H */
diff --git a/deps/openssl/openssl/crypto/ec/curve448/eddsa.c b/deps/openssl/openssl/crypto/ec/curve448/eddsa.c
new file mode 100644
index 0000000000..909413a535
--- /dev/null
+++ b/deps/openssl/openssl/crypto/ec/curve448/eddsa.c
@@ -0,0 +1,346 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2016 Cryptography Research, Inc.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Mike Hamburg
+ */
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/evp.h>
+#include "curve448_lcl.h"
+#include "word.h"
+#include "ed448.h"
+#include "internal/numbers.h"
+
+#define COFACTOR 4
+
+static c448_error_t oneshot_hash(uint8_t *out, size_t outlen,
+                                 const uint8_t *in, size_t inlen)
+{
+    EVP_MD_CTX *hashctx = EVP_MD_CTX_new();
+
+    if (hashctx == NULL)
+        return C448_FAILURE;
+
+    if (!EVP_DigestInit_ex(hashctx, EVP_shake256(), NULL)
+            || !EVP_DigestUpdate(hashctx, in, inlen)
+            || !EVP_DigestFinalXOF(hashctx, out, outlen)) {
+        EVP_MD_CTX_free(hashctx);
+        return C448_FAILURE;
+    }
+
+    EVP_MD_CTX_free(hashctx);
+    return C448_SUCCESS;
+}
+
+static void clamp(uint8_t secret_scalar_ser[EDDSA_448_PRIVATE_BYTES])
+{
+    secret_scalar_ser[0] &= -COFACTOR;
+    secret_scalar_ser[EDDSA_448_PRIVATE_BYTES - 1] = 0;
+    secret_scalar_ser[EDDSA_448_PRIVATE_BYTES - 2] |= 0x80;
+}
+
+static c448_error_t hash_init_with_dom(EVP_MD_CTX *hashctx, uint8_t prehashed,
+                                       uint8_t for_prehash,
+                                       const uint8_t *context,
+                                       size_t context_len)
+{
+    const char *dom_s = "SigEd448";
+    uint8_t dom[2];
+
+    if (context_len > UINT8_MAX)
+        return C448_FAILURE;
+
+    dom[0] = (uint8_t)(2 - (prehashed == 0 ? 1 : 0)
+                       - (for_prehash == 0 ? 1 : 0));
+    dom[1] = (uint8_t)context_len;
+
+    if (!EVP_DigestInit_ex(hashctx, EVP_shake256(), NULL)
+            || !EVP_DigestUpdate(hashctx, dom_s, strlen(dom_s))
+            || !EVP_DigestUpdate(hashctx, dom, sizeof(dom))
+            || !EVP_DigestUpdate(hashctx, context, context_len))
+        return C448_FAILURE;
+
+    return C448_SUCCESS;
+}
+
+/* In this file because it uses the hash */
+c448_error_t c448_ed448_convert_private_key_to_x448(
+                            uint8_t x[X448_PRIVATE_BYTES],
+                            const uint8_t ed [EDDSA_448_PRIVATE_BYTES])
+{
+    /* pass the private key through oneshot_hash function */
+    /* and keep the first X448_PRIVATE_BYTES bytes */
+    return oneshot_hash(x, X448_PRIVATE_BYTES, ed,
+                        EDDSA_448_PRIVATE_BYTES);
+}
+
+c448_error_t c448_ed448_derive_public_key(
+                        uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
+                        const uint8_t privkey[EDDSA_448_PRIVATE_BYTES])
+{
+    /* only this much used for keygen */
+    uint8_t secret_scalar_ser[EDDSA_448_PRIVATE_BYTES];
+    curve448_scalar_t secret_scalar;
+    unsigned int c;
+    curve448_point_t p;
+
+    if (!oneshot_hash(secret_scalar_ser, sizeof(secret_scalar_ser), privkey,
+                      EDDSA_448_PRIVATE_BYTES))
+        return C448_FAILURE;
+
+    clamp(secret_scalar_ser);
+
+    curve448_scalar_decode_long(secret_scalar, secret_scalar_ser,
+                                sizeof(secret_scalar_ser));
+
+    /*
+     * Since we are going to mul_by_cofactor during encoding, divide by it
+     * here. However, the EdDSA base point is not the same as the decaf base
+     * point if the sigma isogeny is in use: the EdDSA base point is on
+     * Etwist_d/(1-d) and the decaf base point is on Etwist_d, and when
+     * converted it effectively picks up a factor of 2 from the isogenies.  So
+     * we might start at 2 instead of 1.
+     */
+    for (c = 1; c < C448_EDDSA_ENCODE_RATIO; c <<= 1)
+        curve448_scalar_halve(secret_scalar, secret_scalar);
+
+    curve448_precomputed_scalarmul(p, curve448_precomputed_base, secret_scalar);
+
+    curve448_point_mul_by_ratio_and_encode_like_eddsa(pubkey, p);
+
+    /* Cleanup */
+    curve448_scalar_destroy(secret_scalar);
+    curve448_point_destroy(p);
+    OPENSSL_cleanse(secret_scalar_ser, sizeof(secret_scalar_ser));
+
+    return C448_SUCCESS;
+}
+
+c448_error_t c448_ed448_sign(
+                        uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
+                        const uint8_t privkey[EDDSA_448_PRIVATE_BYTES],
+                        const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
+                        const uint8_t *message, size_t message_len,
+                        uint8_t prehashed, const uint8_t *context,
+                        size_t context_len)
+{
+    curve448_scalar_t secret_scalar;
+    EVP_MD_CTX *hashctx = EVP_MD_CTX_new();
+    c448_error_t ret = C448_FAILURE;
+    curve448_scalar_t nonce_scalar;
+    uint8_t nonce_point[EDDSA_448_PUBLIC_BYTES] = { 0 };
+    unsigned int c;
+    curve448_scalar_t challenge_scalar;
+
+    if (hashctx == NULL)
+        return C448_FAILURE;
+
+    {
+        /*
+         * Schedule the secret key, First EDDSA_448_PRIVATE_BYTES is serialised
+         * secret scalar,next EDDSA_448_PRIVATE_BYTES bytes is the seed.
+         */
+        uint8_t expanded[EDDSA_448_PRIVATE_BYTES * 2];
+
+        if (!oneshot_hash(expanded, sizeof(expanded), privkey,
+                          EDDSA_448_PRIVATE_BYTES))
+            goto err;
+        clamp(expanded);
+        curve448_scalar_decode_long(secret_scalar, expanded,
+                                    EDDSA_448_PRIVATE_BYTES);
+
+        /* Hash to create the nonce */
+        if (!hash_init_with_dom(hashctx, prehashed, 0, context, context_len)
+                || !EVP_DigestUpdate(hashctx,
+                                     expanded + EDDSA_448_PRIVATE_BYTES,
+                                     EDDSA_448_PRIVATE_BYTES)
+                || !EVP_DigestUpdate(hashctx, message, message_len)) {
+            OPENSSL_cleanse(expanded, sizeof(expanded));
+            goto err;
+        }
+        OPENSSL_cleanse(expanded, sizeof(expanded));
+    }
+
+    /* Decode the nonce */
+    {
+        uint8_t nonce[2 * EDDSA_448_PRIVATE_BYTES];
+
+        if (!EVP_DigestFinalXOF(hashctx, nonce, sizeof(nonce)))
+            goto err;
+        curve448_scalar_decode_long(nonce_scalar, nonce, sizeof(nonce));
+        OPENSSL_cleanse(nonce, sizeof(nonce));
+    }
+
+    {
+        /* Scalarmul to create the nonce-point */
+        curve448_scalar_t nonce_scalar_2;
+        curve448_point_t p;
+
+        curve448_scalar_halve(nonce_scalar_2, nonce_scalar);
+        for (c = 2; c < C448_EDDSA_ENCODE_RATIO; c <<= 1)
+            curve448_scalar_halve(nonce_scalar_2, nonce_scalar_2);
+
+        curve448_precomputed_scalarmul(p, curve448_precomputed_base,
+                                       nonce_scalar_2);
+        curve448_point_mul_by_ratio_and_encode_like_eddsa(nonce_point, p);
+        curve448_point_destroy(p);
+        curve448_scalar_destroy(nonce_scalar_2);
+    }
+
+    {
+        uint8_t challenge[2 * EDDSA_448_PRIVATE_BYTES];
+
+        /* Compute the challenge */
+        if (!hash_init_with_dom(hashctx, prehashed, 0, context, context_len)
+                || !EVP_DigestUpdate(hashctx, nonce_point, sizeof(nonce_point))
+                || !EVP_DigestUpdate(hashctx, pubkey, EDDSA_448_PUBLIC_BYTES)
+                || !EVP_DigestUpdate(hashctx, message, message_len)
+                || !EVP_DigestFinalXOF(hashctx, challenge, sizeof(challenge)))
+            goto err;
+
+        curve448_scalar_decode_long(challenge_scalar, challenge,
+                                    sizeof(challenge));
+        OPENSSL_cleanse(challenge, sizeof(challenge));
+    }
+
+    curve448_scalar_mul(challenge_scalar, challenge_scalar, secret_scalar);
+    curve448_scalar_add(challenge_scalar, challenge_scalar, nonce_scalar);
+
+    OPENSSL_cleanse(signature, EDDSA_448_SIGNATURE_BYTES);
+    memcpy(signature, nonce_point, sizeof(nonce_point));
+    curve448_scalar_encode(&signature[EDDSA_448_PUBLIC_BYTES],
+                           challenge_scalar);
+
+    curve448_scalar_destroy(secret_scalar);
+    curve448_scalar_destroy(nonce_scalar);
+    curve448_scalar_destroy(challenge_scalar);
+
+    ret = C448_SUCCESS;
+ err:
+    EVP_MD_CTX_free(hashctx);
+    return ret;
+}
+
+c448_error_t c448_ed448_sign_prehash(
+                        uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
+                        const uint8_t privkey[EDDSA_448_PRIVATE_BYTES],
+                        const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
+                        const uint8_t hash[64], const uint8_t *context,
+                        size_t context_len)
+{
+    return c448_ed448_sign(signature, privkey, pubkey, hash, 64, 1, context,
+                           context_len);
+}
+
+c448_error_t c448_ed448_verify(
+                    const uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
+                    const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
+                    const uint8_t *message, size_t message_len,
+                    uint8_t prehashed, const uint8_t *context,
+                    uint8_t context_len)
+{
+    curve448_point_t pk_point, r_point;
+    c448_error_t error =
+        curve448_point_decode_like_eddsa_and_mul_by_ratio(pk_point, pubkey);
+    curve448_scalar_t challenge_scalar;
+    curve448_scalar_t response_scalar;
+
+    if (C448_SUCCESS != error)
+        return error;
+
+    error =
+        curve448_point_decode_like_eddsa_and_mul_by_ratio(r_point, signature);
+    if (C448_SUCCESS != error)
+        return error;
+
+    {
+        /* Compute the challenge */
+        EVP_MD_CTX *hashctx = EVP_MD_CTX_new();
+        uint8_t challenge[2 * EDDSA_448_PRIVATE_BYTES];
+
+        if (hashctx == NULL
+                || !hash_init_with_dom(hashctx, prehashed, 0, context,
+                                       context_len)
+                || !EVP_DigestUpdate(hashctx, signature, EDDSA_448_PUBLIC_BYTES)
+                || !EVP_DigestUpdate(hashctx, pubkey, EDDSA_448_PUBLIC_BYTES)
+                || !EVP_DigestUpdate(hashctx, message, message_len)
+                || !EVP_DigestFinalXOF(hashctx, challenge, sizeof(challenge))) {
+            EVP_MD_CTX_free(hashctx);
+            return C448_FAILURE;
+        }
+
+        EVP_MD_CTX_free(hashctx);
+        curve448_scalar_decode_long(challenge_scalar, challenge,
+                                    sizeof(challenge));
+        OPENSSL_cleanse(challenge, sizeof(challenge));
+    }
+    curve448_scalar_sub(challenge_scalar, curve448_scalar_zero,
+                        challenge_scalar);
+
+    curve448_scalar_decode_long(response_scalar,
+                                &signature[EDDSA_448_PUBLIC_BYTES],
+                                EDDSA_448_PRIVATE_BYTES);
+
+    /* pk_point = -c(x(P)) + (cx + k)G = kG */
+    curve448_base_double_scalarmul_non_secret(pk_point,
+                                              response_scalar,
+                                              pk_point, challenge_scalar);
+    return c448_succeed_if(curve448_point_eq(pk_point, r_point));
+}
+
+c448_error_t c448_ed448_verify_prehash(
+                    const uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
+                    const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
+                    const uint8_t hash[64], const uint8_t *context,
+                    uint8_t context_len)
+{
+    return c448_ed448_verify(signature, pubkey, hash, 64, 1, context,
+                             context_len);
+}
+
+int ED448_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len,
+               const uint8_t public_key[57], const uint8_t private_key[57],
+               const uint8_t *context, size_t context_len)
+{
+    return c448_ed448_sign(out_sig, private_key, public_key, message,
+                           message_len, 0, context, context_len)
+        == C448_SUCCESS;
+}
+
+int ED448_verify(const uint8_t *message, size_t message_len,
+                 const uint8_t signature[114], const uint8_t public_key[57],
+                 const uint8_t *context, size_t context_len)
+{
+    return c448_ed448_verify(signature, public_key, message, message_len, 0,
+                             context, (uint8_t)context_len) == C448_SUCCESS;
+}
+
+int ED448ph_sign(uint8_t *out_sig, const uint8_t hash[64],
+                 const uint8_t public_key[57], const uint8_t private_key[57],
+                 const uint8_t *context, size_t context_len)
+{
+    return c448_ed448_sign_prehash(out_sig, private_key, public_key, hash,
+                                   context, context_len) == C448_SUCCESS;
+
+}
+
+int ED448ph_verify(const uint8_t hash[64], const uint8_t signature[114],
+                   const uint8_t public_key[57], const uint8_t *context,
+                   size_t context_len)
+{
+    return c448_ed448_verify_prehash(signature, public_key, hash, context,
+                                     (uint8_t)context_len) == C448_SUCCESS;
+}
+
+int ED448_public_from_private(uint8_t out_public_key[57],
+                              const uint8_t private_key[57])
+{
+    return c448_ed448_derive_public_key(out_public_key, private_key)
+        == C448_SUCCESS;
+}
diff --git a/deps/openssl/openssl/crypto/ec/curve448/f_generic.c b/deps/openssl/openssl/crypto/ec/curve448/f_generic.c
new file mode 100644
index 0000000000..ed8f36d868
--- /dev/null
+++ b/deps/openssl/openssl/crypto/ec/curve448/f_generic.c
@@ -0,0 +1,204 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2016 Cryptography Research, Inc.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Mike Hamburg
+ */
+#include "field.h"
+
+static const gf MODULUS = {
+    FIELD_LITERAL(0xffffffffffffff, 0xffffffffffffff, 0xffffffffffffff,
+                  0xffffffffffffff, 0xfffffffffffffe, 0xffffffffffffff,
+                  0xffffffffffffff, 0xffffffffffffff)
+};
+
+/* Serialize to wire format. */
+void gf_serialize(uint8_t serial[SER_BYTES], const gf x, int with_hibit)
+{
+    unsigned int j = 0, fill = 0;
+    dword_t buffer = 0;
+    int i;
+    gf red;
+
+    gf_copy(red, x);
+    gf_strong_reduce(red);
+    if (!with_hibit)
+        assert(gf_hibit(red) == 0);
+
+    for (i = 0; i < (with_hibit ? X_SER_BYTES : SER_BYTES); i++) {
+        if (fill < 8 && j < NLIMBS) {
+            buffer |= ((dword_t) red->limb[LIMBPERM(j)]) << fill;
+            fill += LIMB_PLACE_VALUE(LIMBPERM(j));
+            j++;
+        }
+        serial[i] = (uint8_t)buffer;
+        fill -= 8;
+        buffer >>= 8;
+    }
+}
+
+/* Return high bit of x = low bit of 2x mod p */
+mask_t gf_hibit(const gf x)
+{
+    gf y;
+
+    gf_add(y, x, x);
+    gf_strong_reduce(y);
+    return 0 - (y->limb[0] & 1);
+}
+
+/* Return high bit of x = low bit of 2x mod p */
+mask_t gf_lobit(const gf x)
+{
+    gf y;
+
+    gf_copy(y, x);
+    gf_strong_reduce(y);
+    return 0 - (y->limb[0] & 1);
+}
+
+/* Deserialize from wire format; return -1 on success and 0 on failure. */
+mask_t gf_deserialize(gf x, const uint8_t serial[SER_BYTES], int with_hibit,
+                      uint8_t hi_nmask)
+{
+    unsigned int j = 0, fill = 0;
+    dword_t buffer = 0;
+    dsword_t scarry = 0;
+    const unsigned nbytes = with_hibit ? X_SER_BYTES : SER_BYTES;
+    unsigned int i;
+    mask_t succ;
+
+    for (i = 0; i < NLIMBS; i++) {
+        while (fill < LIMB_PLACE_VALUE(LIMBPERM(i)) && j < nbytes) {
+            uint8_t sj;
+
+            sj = serial[j];
+            if (j == nbytes - 1)
+                sj &= ~hi_nmask;
+            buffer |= ((dword_t) sj) << fill;
+            fill += 8;
+            j++;
+        }
+        x->limb[LIMBPERM(i)] = (word_t)
+            ((i < NLIMBS - 1) ? buffer & LIMB_MASK(LIMBPERM(i)) : buffer);
+        fill -= LIMB_PLACE_VALUE(LIMBPERM(i));
+        buffer >>= LIMB_PLACE_VALUE(LIMBPERM(i));
+        scarry =
+            (scarry + x->limb[LIMBPERM(i)] -
+             MODULUS->limb[LIMBPERM(i)]) >> (8 * sizeof(word_t));
+    }
+    succ = with_hibit ? 0 - (mask_t) 1 : ~gf_hibit(x);
+    return succ & word_is_zero((word_t)buffer) & ~word_is_zero((word_t)scarry);
+}
+
+/* Reduce to canonical form. */
+void gf_strong_reduce(gf a)
+{
+    dsword_t scarry;
+    word_t scarry_0;
+    dword_t carry = 0;
+    unsigned int i;
+
+    /* first, clear high */
+    gf_weak_reduce(a);          /* Determined to have negligible perf impact. */
+
+    /* now the total is less than 2p */
+
+    /* compute total_value - p.  No need to reduce mod p. */
+    scarry = 0;
+    for (i = 0; i < NLIMBS; i++) {
+        scarry = scarry + a->limb[LIMBPERM(i)] - MODULUS->limb[LIMBPERM(i)];
+        a->limb[LIMBPERM(i)] = scarry & LIMB_MASK(LIMBPERM(i));
+        scarry >>= LIMB_PLACE_VALUE(LIMBPERM(i));
+    }
+
+    /*
+     * uncommon case: it was >= p, so now scarry = 0 and this = x common case:
+     * it was < p, so now scarry = -1 and this = x - p + 2^255 so let's add
+     * back in p.  will carry back off the top for 2^255.
+     */
+    assert(scarry == 0 || scarry == -1);
+
+    scarry_0 = (word_t)scarry;
+
+    /* add it back */
+    for (i = 0; i < NLIMBS; i++) {
+        carry =
+            carry + a->limb[LIMBPERM(i)] +
+            (scarry_0 & MODULUS->limb[LIMBPERM(i)]);
+        a->limb[LIMBPERM(i)] = carry & LIMB_MASK(LIMBPERM(i));
+        carry >>= LIMB_PLACE_VALUE(LIMBPERM(i));
+    }
+
+    assert(carry < 2 && ((word_t)carry + scarry_0) == 0);
+}
+
+/* Subtract two gf elements d=a-b */
+void gf_sub(gf d, const gf a, const gf b)
+{
+    gf_sub_RAW(d, a, b);
+    gf_bias(d, 2);
+    gf_weak_reduce(d);
+}
+
+/* Add two field elements d = a+b */
+void gf_add(gf d, const gf a, const gf b)
+{
+    gf_add_RAW(d, a, b);
+    gf_weak_reduce(d);
+}
+
+/* Compare a==b */
+mask_t gf_eq(const gf a, const gf b)
+{
+    gf c;
+    mask_t ret = 0;
+    unsigned int i;
+
+    gf_sub(c, a, b);
+    gf_strong_reduce(c);
+
+    for (i = 0; i < NLIMBS; i++)
+        ret |= c->limb[LIMBPERM(i)];
+
+    return word_is_zero(ret);
+}
+
+mask_t gf_isr(gf a, const gf x)
+{
+    gf L0, L1, L2;
+
+    gf_sqr(L1, x);
+    gf_mul(L2, x, L1);
+    gf_sqr(L1, L2);
+    gf_mul(L2, x, L1);
+    gf_sqrn(L1, L2, 3);
+    gf_mul(L0, L2, L1);
+    gf_sqrn(L1, L0, 3);
+    gf_mul(L0, L2, L1);
+    gf_sqrn(L2, L0, 9);
+    gf_mul(L1, L0, L2);
+    gf_sqr(L0, L1);
+    gf_mul(L2, x, L0);
+    gf_sqrn(L0, L2, 18);
+    gf_mul(L2, L1, L0);
+    gf_sqrn(L0, L2, 37);
+    gf_mul(L1, L2, L0);
+    gf_sqrn(L0, L1, 37);
+    gf_mul(L1, L2, L0);
+    gf_sqrn(L0, L1, 111);
+    gf_mul(L2, L1, L0);
+    gf_sqr(L0, L2);
+    gf_mul(L1, x, L0);
+    gf_sqrn(L0, L1, 223);
+    gf_mul(L1, L2, L0);
+    gf_sqr(L2, L1);
+    gf_mul(L0, L2, x);
+    gf_copy(a, L1);
+    return gf_eq(L0, ONE);
+}
diff --git a/deps/openssl/openssl/crypto/ec/curve448/field.h b/deps/openssl/openssl/crypto/ec/curve448/field.h
new file mode 100644
index 0000000000..d96d4c023d
--- /dev/null
+++ b/deps/openssl/openssl/crypto/ec/curve448/field.h
@@ -0,0 +1,168 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2014 Cryptography Research, Inc.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Mike Hamburg
+ */
+
+#ifndef HEADER_FIELD_H
+# define HEADER_FIELD_H
+
+# include "internal/constant_time_locl.h"
+# include <string.h>
+# include <assert.h>
+# include "word.h"
+
+# define NLIMBS (64/sizeof(word_t))
+# define X_SER_BYTES 56
+# define SER_BYTES 56
+
+# if defined(__GNUC__) || defined(__clang__)
+#  define INLINE_UNUSED __inline__ __attribute__((__unused__,__always_inline__))
+#  define RESTRICT __restrict__
+#  define ALIGNED __attribute__((__aligned__(16)))
+# else
+#  define INLINE_UNUSED ossl_inline
+#  define RESTRICT
+#  define ALIGNED
+# endif
+
+typedef struct gf_s {
+    word_t limb[NLIMBS];
+} ALIGNED gf_s, gf[1];
+
+/* RFC 7748 support */
+# define X_PUBLIC_BYTES  X_SER_BYTES
+# define X_PRIVATE_BYTES X_PUBLIC_BYTES
+# define X_PRIVATE_BITS  448
+
+static INLINE_UNUSED void gf_copy(gf out, const gf a)
+{
+    *out = *a;
+}
+
+static INLINE_UNUSED void gf_add_RAW(gf out, const gf a, const gf b);
+static INLINE_UNUSED void gf_sub_RAW(gf out, const gf a, const gf b);
+static INLINE_UNUSED void gf_bias(gf inout, int amount);
+static INLINE_UNUSED void gf_weak_reduce(gf inout);
+
+void gf_strong_reduce(gf inout);
+void gf_add(gf out, const gf a, const gf b);
+void gf_sub(gf out, const gf a, const gf b);
+void gf_mul(gf_s * RESTRICT out, const gf a, const gf b);
+void gf_mulw_unsigned(gf_s * RESTRICT out, const gf a, uint32_t b);
+void gf_sqr(gf_s * RESTRICT out, const gf a);
+mask_t gf_isr(gf a, const gf x); /** a^2 x = 1, QNR, or 0 if x=0.  Return true if successful */
+mask_t gf_eq(const gf x, const gf y);
+mask_t gf_lobit(const gf x);
+mask_t gf_hibit(const gf x);
+
+void gf_serialize(uint8_t *serial, const gf x, int with_highbit);
+mask_t gf_deserialize(gf x, const uint8_t serial[SER_BYTES], int with_hibit,
+                      uint8_t hi_nmask);
+
+# include "f_impl.h"            /* Bring in the inline implementations */
+
+# define LIMBPERM(i) (i)
+# define LIMB_MASK(i) (((1)<<LIMB_PLACE_VALUE(i))-1)
+
+static const gf ZERO = {{{0}}}, ONE = {{{1}}};
+
+/* Square x, n times. */
+static ossl_inline void gf_sqrn(gf_s * RESTRICT y, const gf x, int n)
+{
+    gf tmp;
+
+    assert(n > 0);
+    if (n & 1) {
+        gf_sqr(y, x);
+        n--;
+    } else {
+        gf_sqr(tmp, x);
+        gf_sqr(y, tmp);
+        n -= 2;
+    }
+    for (; n; n -= 2) {
+        gf_sqr(tmp, y);
+        gf_sqr(y, tmp);
+    }
+}
+
+# define gf_add_nr gf_add_RAW
+
+/* Subtract mod p.  Bias by 2 and don't reduce  */
+static ossl_inline void gf_sub_nr(gf c, const gf a, const gf b)
+{
+    gf_sub_RAW(c, a, b);
+    gf_bias(c, 2);
+    if (GF_HEADROOM < 3)
+        gf_weak_reduce(c);
+}
+
+/* Subtract mod p. Bias by amt but don't reduce.  */
+static ossl_inline void gf_subx_nr(gf c, const gf a, const gf b, int amt)
+{
+    gf_sub_RAW(c, a, b);
+    gf_bias(c, amt);
+    if (GF_HEADROOM < amt + 1)
+        gf_weak_reduce(c);
+}
+
+/* Mul by signed int.  Not constant-time WRT the sign of that int. */
+static ossl_inline void gf_mulw(gf c, const gf a, int32_t w)
+{
+    if (w > 0) {
+        gf_mulw_unsigned(c, a, w);
+    } else {
+        gf_mulw_unsigned(c, a, -w);
+        gf_sub(c, ZERO, c);
+    }
+}
+
+/* Constant time, x = is_z ? z : y */
+static ossl_inline void gf_cond_sel(gf x, const gf y, const gf z, mask_t is_z)
+{
+    size_t i;
+
+    for (i = 0; i < NLIMBS; i++) {
+#if ARCH_WORD_BITS == 32
+        x[0].limb[i] = constant_time_select_32(is_z, z[0].limb[i],
+                                               y[0].limb[i]);
+#else
+        /* Must be 64 bit */
+        x[0].limb[i] = constant_time_select_64(is_z, z[0].limb[i],
+                                               y[0].limb[i]);
+#endif
+    }
+}
+
+/* Constant time, if (neg) x=-x; */
+static ossl_inline void gf_cond_neg(gf x, mask_t neg)
+{
+    gf y;
+
+    gf_sub(y, ZERO, x);
+    gf_cond_sel(x, x, y, neg);
+}
+
+/* Constant time, if (swap) (x,y) = (y,x); */
+static ossl_inline void gf_cond_swap(gf x, gf_s * RESTRICT y, mask_t swap)
+{
+    size_t i;
+
+    for (i = 0; i < NLIMBS; i++) {
+#if ARCH_WORD_BITS == 32
+        constant_time_cond_swap_32(swap, &(x[0].limb[i]), &(y->limb[i]));
+#else
+        /* Must be 64 bit */
+        constant_time_cond_swap_64(swap, &(x[0].limb[i]), &(y->limb[i]));
+#endif
+    }
+}
+
+#endif                          /* HEADER_FIELD_H */
diff --git a/deps/openssl/openssl/crypto/ec/curve448/point_448.h b/deps/openssl/openssl/crypto/ec/curve448/point_448.h
new file mode 100644
index 0000000000..0ef3b8714e
--- /dev/null
+++ b/deps/openssl/openssl/crypto/ec/curve448/point_448.h
@@ -0,0 +1,301 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2016 Cryptography Research, Inc.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Mike Hamburg
+ */
+
+#ifndef HEADER_POINT_448_H
+# define HEADER_POINT_448_H
+
+# include "curve448utils.h"
+# include "field.h"
+
+/* Comb config: number of combs, n, t, s. */
+#define COMBS_N 5
+#define COMBS_T 5
+#define COMBS_S 18
+
+/* Projective Niels coordinates */
+typedef struct {
+    gf a, b, c;
+} niels_s, niels_t[1];
+typedef struct {
+    niels_t n;
+    gf z;
+} pniels_t[1];
+
+/* Precomputed base */
+struct curve448_precomputed_s {
+    niels_t table[COMBS_N << (COMBS_T - 1)];
+};
+
+# define C448_SCALAR_LIMBS ((446-1)/C448_WORD_BITS+1)
+
+/* The number of bits in a scalar */
+# define C448_SCALAR_BITS 446
+
+/* Number of bytes in a serialized scalar. */
+# define C448_SCALAR_BYTES 56
+
+/* X448 encoding ratio. */
+# define X448_ENCODE_RATIO 2
+
+/* Number of bytes in an x448 public key */
+# define X448_PUBLIC_BYTES 56
+
+/* Number of bytes in an x448 private key */
+# define X448_PRIVATE_BYTES 56
+
+/* Twisted Edwards extended homogeneous coordinates */
+typedef struct curve448_point_s {
+    gf x, y, z, t;
+} curve448_point_t[1];
+
+/* Precomputed table based on a point.  Can be trivial implementation. */
+struct curve448_precomputed_s;
+
+/* Precomputed table based on a point.  Can be trivial implementation. */
+typedef struct curve448_precomputed_s curve448_precomputed_s;
+
+/* Scalar is stored packed, because we don't need the speed. */
+typedef struct curve448_scalar_s {
+    c448_word_t limb[C448_SCALAR_LIMBS];
+} curve448_scalar_t[1];
+
+/* A scalar equal to 1. */
+extern const curve448_scalar_t curve448_scalar_one;
+
+/* A scalar equal to 0. */
+extern const curve448_scalar_t curve448_scalar_zero;
+
+/* The identity point on the curve. */
+extern const curve448_point_t curve448_point_identity;
+
+/* Precomputed table for the base point on the curve. */
+extern const struct curve448_precomputed_s *curve448_precomputed_base;
+extern const niels_t *curve448_wnaf_base;
+
+/*
+ * Read a scalar from wire format or from bytes.
+ *
+ * ser (in): Serialized form of a scalar.
+ * out (out): Deserialized form.
+ *
+ * Returns:
+ * C448_SUCCESS: The scalar was correctly encoded.
+ * C448_FAILURE: The scalar was greater than the modulus, and has been reduced
+ * modulo that modulus.
+ */
+c448_error_t curve448_scalar_decode(curve448_scalar_t out,
+                                    const unsigned char ser[C448_SCALAR_BYTES]);
+
+/*
+ * Read a scalar from wire format or from bytes.  Reduces mod scalar prime.
+ *
+ * ser (in): Serialized form of a scalar.
+ * ser_len (in): Length of serialized form.
+ * out (out): Deserialized form.
+ */
+void curve448_scalar_decode_long(curve448_scalar_t out,
+                                 const unsigned char *ser, size_t ser_len);
+
+/*
+ * Serialize a scalar to wire format.
+ *
+ * ser (out): Serialized form of a scalar.
+ * s (in): Deserialized scalar.
+ */
+void curve448_scalar_encode(unsigned char ser[C448_SCALAR_BYTES],
+                            const curve448_scalar_t s);
+
+/*
+ * Add two scalars. |a|, |b| and |out| may alias each other.
+ * 
+ * a (in): One scalar.
+ * b (in): Another scalar.
+ * out (out): a+b.
+ */
+void curve448_scalar_add(curve448_scalar_t out,
+                         const curve448_scalar_t a, const curve448_scalar_t b);
+
+/*
+ * Subtract two scalars.  |a|, |b| and |out| may alias each other.
+ * a (in): One scalar.
+ * b (in): Another scalar.
+ * out (out): a-b.
+ */
+void curve448_scalar_sub(curve448_scalar_t out,
+                         const curve448_scalar_t a, const curve448_scalar_t b);
+
+/*
+ * Multiply two scalars. |a|, |b| and |out| may alias each other.
+ * 
+ * a (in): One scalar.
+ * b (in): Another scalar.
+ * out (out): a*b.
+ */
+void curve448_scalar_mul(curve448_scalar_t out,
+                         const curve448_scalar_t a, const curve448_scalar_t b);
+
+/*
+* Halve a scalar.  |a| and |out| may alias each other.
+* 
+* a (in): A scalar.
+* out (out): a/2.
+*/
+void curve448_scalar_halve(curve448_scalar_t out, const curve448_scalar_t a);
+
+/*
+ * Copy a scalar.  The scalars may alias each other, in which case this
+ * function does nothing.
+ * 
+ * a (in): A scalar.
+ * out (out): Will become a copy of a.
+ */
+static ossl_inline void curve448_scalar_copy(curve448_scalar_t out,
+                                             const curve448_scalar_t a)
+{
+    *out = *a;
+}
+
+/*
+ * Copy a point.  The input and output may alias, in which case this function
+ * does nothing.
+ *
+ * a (out): A copy of the point.
+ * b (in): Any point.
+ */
+static ossl_inline void curve448_point_copy(curve448_point_t a,
+                                            const curve448_point_t b)
+{
+    *a = *b;
+}
+
+/*
+ * Test whether two points are equal.  If yes, return C448_TRUE, else return
+ * C448_FALSE.
+ *
+ * a (in): A point.
+ * b (in): Another point.
+ * 
+ * Returns:
+ * C448_TRUE: The points are equal.
+ * C448_FALSE: The points are not equal.
+ */
+__owur c448_bool_t curve448_point_eq(const curve448_point_t a,
+                                     const curve448_point_t b);
+
+/*
+ * Double a point. Equivalent to curve448_point_add(two_a,a,a), but potentially
+ * faster.
+ *
+ * two_a (out): The sum a+a.
+ * a (in): A point.
+ */
+void curve448_point_double(curve448_point_t two_a, const curve448_point_t a);
+
+/*
+ * RFC 7748 Diffie-Hellman scalarmul.  This function uses a different
+ * (non-Decaf) encoding.
+ *
+ * out (out): The scaled point base*scalar
+ * base (in): The point to be scaled.
+ * scalar (in): The scalar to multiply by.
+ *
+ * Returns:
+ * C448_SUCCESS: The scalarmul succeeded.
+ * C448_FAILURE: The scalarmul didn't succeed, because the base point is in a
+ * small subgroup.
+ */
+__owur c448_error_t x448_int(uint8_t out[X448_PUBLIC_BYTES],
+                             const uint8_t base[X448_PUBLIC_BYTES],
+                             const uint8_t scalar[X448_PRIVATE_BYTES]);
+
+/*
+ * Multiply a point by X448_ENCODE_RATIO, then encode it like RFC 7748.
+ *
+ * This function is mainly used internally, but is exported in case
+ * it will be useful.
+ *
+ * The ratio is necessary because the internal representation doesn't
+ * track the cofactor information, so on output we must clear the cofactor.
+ * This would multiply by the cofactor, but in fact internally points are always
+ * even, so it multiplies by half the cofactor instead.
+ *
+ * As it happens, this aligns with the base point definitions; that is,
+ * if you pass the Decaf/Ristretto base point to this function, the result
+ * will be X448_ENCODE_RATIO times the X448
+ * base point.
+ *
+ * out (out): The scaled and encoded point.
+ * p (in): The point to be scaled and encoded.
+ */
+void curve448_point_mul_by_ratio_and_encode_like_x448(
+                                        uint8_t out[X448_PUBLIC_BYTES],
+                                        const curve448_point_t p);
+
+/*
+ * RFC 7748 Diffie-Hellman base point scalarmul.  This function uses a different
+ * (non-Decaf) encoding.
+ * 
+ * out (out): The scaled point base*scalar
+ * scalar (in): The scalar to multiply by.
+ */
+void x448_derive_public_key(uint8_t out[X448_PUBLIC_BYTES],
+                            const uint8_t scalar[X448_PRIVATE_BYTES]);
+
+/*
+ * Multiply a precomputed base point by a scalar: out = scalar*base.
+ *
+ * scaled (out): The scaled point base*scalar
+ * base (in): The point to be scaled.
+ * scalar (in): The scalar to multiply by.
+ */
+void curve448_precomputed_scalarmul(curve448_point_t scaled,
+                                    const curve448_precomputed_s * base,
+                                    const curve448_scalar_t scalar);
+
+/*
+ * Multiply two base points by two scalars:
+ * combo = scalar1*curve448_point_base + scalar2*base2.
+ *
+ * Otherwise equivalent to curve448_point_double_scalarmul, but may be
+ * faster at the expense of being variable time.
+ *
+ * combo (out): The linear combination scalar1*base + scalar2*base2.
+ * scalar1 (in): A first scalar to multiply by.
+ * base2 (in): A second point to be scaled.
+ * scalar2 (in) A second scalar to multiply by.
+ *
+ * Warning: This function takes variable time, and may leak the scalars used. 
+ * It is designed for signature verification.
+ */
+void curve448_base_double_scalarmul_non_secret(curve448_point_t combo,
+                                               const curve448_scalar_t scalar1,
+                                               const curve448_point_t base2,
+                                               const curve448_scalar_t scalar2);
+
+/*
+ * Test that a point is valid, for debugging purposes.
+ *
+ * to_test (in): The point to test.
+ *
+ * Returns:
+ * C448_TRUE The point is valid.
+ * C448_FALSE The point is invalid.
+ */
+__owur c448_bool_t curve448_point_valid(const curve448_point_t to_test);
+
+/* Overwrite scalar with zeros. */
+void curve448_scalar_destroy(curve448_scalar_t scalar);
+
+/* Overwrite point with zeros. */
+void curve448_point_destroy(curve448_point_t point);
+
+#endif                          /* HEADER_POINT_448_H */
diff --git a/deps/openssl/openssl/crypto/ec/curve448/scalar.c b/deps/openssl/openssl/crypto/ec/curve448/scalar.c
new file mode 100644
index 0000000000..b5702c0255
--- /dev/null
+++ b/deps/openssl/openssl/crypto/ec/curve448/scalar.c
@@ -0,0 +1,235 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2016 Cryptography Research, Inc.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Mike Hamburg
+ */
+#include <openssl/crypto.h>
+
+#include "word.h"
+#include "point_448.h"
+
+static const c448_word_t MONTGOMERY_FACTOR = (c448_word_t) 0x3bd440fae918bc5;
+static const curve448_scalar_t sc_p = {
+    {
+        {
+            SC_LIMB(0x2378c292ab5844f3), SC_LIMB(0x216cc2728dc58f55),
+            SC_LIMB(0xc44edb49aed63690), SC_LIMB(0xffffffff7cca23e9),
+            SC_LIMB(0xffffffffffffffff), SC_LIMB(0xffffffffffffffff),
+            SC_LIMB(0x3fffffffffffffff)
+        }
+    }
+}, sc_r2 = {
+    {
+        {
+
+            SC_LIMB(0xe3539257049b9b60), SC_LIMB(0x7af32c4bc1b195d9),
+            SC_LIMB(0x0d66de2388ea1859), SC_LIMB(0xae17cf725ee4d838),
+            SC_LIMB(0x1a9cc14ba3c47c44), SC_LIMB(0x2052bcb7e4d070af),
+            SC_LIMB(0x3402a939f823b729)
+        }
+    }
+};
+
+#define WBITS C448_WORD_BITS   /* NB this may be different from ARCH_WORD_BITS */
+
+const curve448_scalar_t curve448_scalar_one = {{{1}}};
+const curve448_scalar_t curve448_scalar_zero = {{{0}}};
+
+/*
+ * {extra,accum} - sub +? p
+ * Must have extra <= 1
+ */
+static void sc_subx(curve448_scalar_t out,
+                    const c448_word_t accum[C448_SCALAR_LIMBS],
+                    const curve448_scalar_t sub,
+                    const curve448_scalar_t p, c448_word_t extra)
+{
+    c448_dsword_t chain = 0;
+    unsigned int i;
+    c448_word_t borrow;
+
+    for (i = 0; i < C448_SCALAR_LIMBS; i++) {
+        chain = (chain + accum[i]) - sub->limb[i];
+        out->limb[i] = (c448_word_t)chain;
+        chain >>= WBITS;
+    }
+    borrow = (c448_word_t)chain + extra;     /* = 0 or -1 */
+
+    chain = 0;
+    for (i = 0; i < C448_SCALAR_LIMBS; i++) {
+        chain = (chain + out->limb[i]) + (p->limb[i] & borrow);
+        out->limb[i] = (c448_word_t)chain;
+        chain >>= WBITS;
+    }
+}
+
+static void sc_montmul(curve448_scalar_t out, const curve448_scalar_t a,
+                       const curve448_scalar_t b)
+{
+    unsigned int i, j;
+    c448_word_t accum[C448_SCALAR_LIMBS + 1] = { 0 };
+    c448_word_t hi_carry = 0;
+
+    for (i = 0; i < C448_SCALAR_LIMBS; i++) {
+        c448_word_t mand = a->limb[i];
+        const c448_word_t *mier = b->limb;
+
+        c448_dword_t chain = 0;
+        for (j = 0; j < C448_SCALAR_LIMBS; j++) {
+            chain += ((c448_dword_t) mand) * mier[j] + accum[j];
+            accum[j] = (c448_word_t)chain;
+            chain >>= WBITS;
+        }
+        accum[j] = (c448_word_t)chain;
+
+        mand = accum[0] * MONTGOMERY_FACTOR;
+        chain = 0;
+        mier = sc_p->limb;
+        for (j = 0; j < C448_SCALAR_LIMBS; j++) {
+            chain += (c448_dword_t) mand *mier[j] + accum[j];
+            if (j)
+                accum[j - 1] = (c448_word_t)chain;
+            chain >>= WBITS;
+        }
+        chain += accum[j];
+        chain += hi_carry;
+        accum[j - 1] = (c448_word_t)chain;
+        hi_carry = chain >> WBITS;
+    }
+
+    sc_subx(out, accum, sc_p, sc_p, hi_carry);
+}
+
+void curve448_scalar_mul(curve448_scalar_t out, const curve448_scalar_t a,
+                         const curve448_scalar_t b)
+{
+    sc_montmul(out, a, b);
+    sc_montmul(out, out, sc_r2);
+}
+
+void curve448_scalar_sub(curve448_scalar_t out, const curve448_scalar_t a,
+                         const curve448_scalar_t b)
+{
+    sc_subx(out, a->limb, b, sc_p, 0);
+}
+
+void curve448_scalar_add(curve448_scalar_t out, const curve448_scalar_t a,
+                         const curve448_scalar_t b)
+{
+    c448_dword_t chain = 0;
+    unsigned int i;
+
+    for (i = 0; i < C448_SCALAR_LIMBS; i++) {
+        chain = (chain + a->limb[i]) + b->limb[i];
+        out->limb[i] = (c448_word_t)chain;
+        chain >>= WBITS;
+    }
+    sc_subx(out, out->limb, sc_p, sc_p, (c448_word_t)chain);
+}
+
+static ossl_inline void scalar_decode_short(curve448_scalar_t s,
+                                            const unsigned char *ser,
+                                            size_t nbytes)
+{
+    size_t i, j, k = 0;
+
+    for (i = 0; i < C448_SCALAR_LIMBS; i++) {
+        c448_word_t out = 0;
+
+        for (j = 0; j < sizeof(c448_word_t) && k < nbytes; j++, k++)
+            out |= ((c448_word_t) ser[k]) << (8 * j);
+        s->limb[i] = out;
+    }
+}
+
+c448_error_t curve448_scalar_decode(
+                                curve448_scalar_t s,
+                                const unsigned char ser[C448_SCALAR_BYTES])
+{
+    unsigned int i;
+    c448_dsword_t accum = 0;
+
+    scalar_decode_short(s, ser, C448_SCALAR_BYTES);
+    for (i = 0; i < C448_SCALAR_LIMBS; i++)
+        accum = (accum + s->limb[i] - sc_p->limb[i]) >> WBITS;
+    /* Here accum == 0 or -1 */
+
+    curve448_scalar_mul(s, s, curve448_scalar_one); /* ham-handed reduce */
+
+    return c448_succeed_if(~word_is_zero((uint32_t)accum));
+}
+
+void curve448_scalar_destroy(curve448_scalar_t scalar)
+{
+    OPENSSL_cleanse(scalar, sizeof(curve448_scalar_t));
+}
+
+void curve448_scalar_decode_long(curve448_scalar_t s,
+                                 const unsigned char *ser, size_t ser_len)
+{
+    size_t i;
+    curve448_scalar_t t1, t2;
+
+    if (ser_len == 0) {
+        curve448_scalar_copy(s, curve448_scalar_zero);
+        return;
+    }
+
+    i = ser_len - (ser_len % C448_SCALAR_BYTES);
+    if (i == ser_len)
+        i -= C448_SCALAR_BYTES;
+
+    scalar_decode_short(t1, &ser[i], ser_len - i);
+
+    if (ser_len == sizeof(curve448_scalar_t)) {
+        assert(i == 0);
+        /* ham-handed reduce */
+        curve448_scalar_mul(s, t1, curve448_scalar_one);
+        curve448_scalar_destroy(t1);
+        return;
+    }
+
+    while (i) {
+        i -= C448_SCALAR_BYTES;
+        sc_montmul(t1, t1, sc_r2);
+        (void)curve448_scalar_decode(t2, ser + i);
+        curve448_scalar_add(t1, t1, t2);
+    }
+
+    curve448_scalar_copy(s, t1);
+    curve448_scalar_destroy(t1);
+    curve448_scalar_destroy(t2);
+}
+
+void curve448_scalar_encode(unsigned char ser[C448_SCALAR_BYTES],
+                            const curve448_scalar_t s)
+{
+    unsigned int i, j, k = 0;
+
+    for (i = 0; i < C448_SCALAR_LIMBS; i++) {
+        for (j = 0; j < sizeof(c448_word_t); j++, k++)
+            ser[k] = s->limb[i] >> (8 * j);
+    }
+}
+
+void curve448_scalar_halve(curve448_scalar_t out, const curve448_scalar_t a)
+{
+    c448_word_t mask = 0 - (a->limb[0] & 1);
+    c448_dword_t chain = 0;
+    unsigned int i;
+
+    for (i = 0; i < C448_SCALAR_LIMBS; i++) {
+        chain = (chain + a->limb[i]) + (sc_p->limb[i] & mask);
+        out->limb[i] = (c448_word_t)chain;
+        chain >>= C448_WORD_BITS;
+    }
+    for (i = 0; i < C448_SCALAR_LIMBS - 1; i++)
+        out->limb[i] = out->limb[i] >> 1 | out->limb[i + 1] << (WBITS - 1);
+    out->limb[i] = out->limb[i] >> 1 | (c448_word_t)(chain << (WBITS - 1));
+}
diff --git a/deps/openssl/openssl/crypto/ec/curve448/word.h b/deps/openssl/openssl/crypto/ec/curve448/word.h
new file mode 100644
index 0000000000..a48b9e053a
--- /dev/null
+++ b/deps/openssl/openssl/crypto/ec/curve448/word.h
@@ -0,0 +1,81 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2014 Cryptography Research, Inc.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Mike Hamburg
+ */
+
+#ifndef HEADER_WORD_H
+# define HEADER_WORD_H
+
+# include <string.h>
+# include <assert.h>
+# include <stdlib.h>
+# include <openssl/e_os2.h>
+# include "arch_intrinsics.h"
+# include "curve448utils.h"
+
+# if (ARCH_WORD_BITS == 64)
+typedef uint64_t word_t, mask_t;
+typedef __uint128_t dword_t;
+typedef int32_t hsword_t;
+typedef int64_t sword_t;
+typedef __int128_t dsword_t;
+# elif (ARCH_WORD_BITS == 32)
+typedef uint32_t word_t, mask_t;
+typedef uint64_t dword_t;
+typedef int16_t hsword_t;
+typedef int32_t sword_t;
+typedef int64_t dsword_t;
+# else
+#  error "For now, we only support 32- and 64-bit architectures."
+# endif
+
+/*
+ * Scalar limbs are keyed off of the API word size instead of the arch word
+ * size.
+ */
+# if C448_WORD_BITS == 64
+#  define SC_LIMB(x) (x)
+# elif C448_WORD_BITS == 32
+#  define SC_LIMB(x) ((uint32_t)(x)),((x) >> 32)
+# else
+#  error "For now we only support 32- and 64-bit architectures."
+# endif
+
+/*
+ * The plan on booleans: The external interface uses c448_bool_t, but this
+ * might be a different size than our particular arch's word_t (and thus
+ * mask_t).  Also, the caller isn't guaranteed to pass it as nonzero.  So
+ * bool_to_mask converts word sizes and checks nonzero. On the flip side,
+ * mask_t is always -1 or 0, but it might be a different size than
+ * c448_bool_t. On the third hand, we have success vs boolean types, but
+ * that's handled in common.h: it converts between c448_bool_t and
+ * c448_error_t.
+ */
+static ossl_inline c448_bool_t mask_to_bool(mask_t m)
+{
+    return (c448_sword_t)(sword_t)m;
+}
+
+static ossl_inline mask_t bool_to_mask(c448_bool_t m)
+{
+    /* On most arches this will be optimized to a simple cast. */
+    mask_t ret = 0;
+    unsigned int i;
+    unsigned int limit = sizeof(c448_bool_t) / sizeof(mask_t);
+
+    if (limit < 1)
+        limit = 1;
+    for (i = 0; i < limit; i++)
+        ret |= ~word_is_zero(m >> (i * 8 * sizeof(word_t)));
+
+    return ret;
+}
+
+#endif                          /* HEADER_WORD_H */
diff --git a/deps/openssl/openssl/crypto/ec/ec2_mult.c b/deps/openssl/openssl/crypto/ec/ec2_mult.c
deleted file mode 100644
index e4a1ec5737..0000000000
--- a/deps/openssl/openssl/crypto/ec/ec2_mult.c
+++ /dev/null
@@ -1,418 +0,0 @@
-/*
- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
- * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
- * to the OpenSSL project.
- *
- * The ECC Code is licensed pursuant to the OpenSSL open source
- * license provided below.
- *
- * The software is originally written by Sheueling Chang Shantz and
- * Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
-
-#include <openssl/err.h>
-
-#include "internal/bn_int.h"
-#include "ec_lcl.h"
-
-#ifndef OPENSSL_NO_EC2M
-
-/*-
- * Compute the x-coordinate x/z for the point 2*(x/z) in Montgomery projective
- * coordinates.
- * Uses algorithm Mdouble in appendix of
- *     Lopez, J. and Dahab, R.  "Fast multiplication on elliptic curves over
- *     GF(2^m) without precomputation" (CHES '99, LNCS 1717).
- * modified to not require precomputation of c=b^{2^{m-1}}.
- */
-static int gf2m_Mdouble(const EC_GROUP *group, BIGNUM *x, BIGNUM *z,
-                        BN_CTX *ctx)
-{
-    BIGNUM *t1;
-    int ret = 0;
-
-    /* Since Mdouble is static we can guarantee that ctx != NULL. */
-    BN_CTX_start(ctx);
-    t1 = BN_CTX_get(ctx);
-    if (t1 == NULL)
-        goto err;
-
-    if (!group->meth->field_sqr(group, x, x, ctx))
-        goto err;
-    if (!group->meth->field_sqr(group, t1, z, ctx))
-        goto err;
-    if (!group->meth->field_mul(group, z, x, t1, ctx))
-        goto err;
-    if (!group->meth->field_sqr(group, x, x, ctx))
-        goto err;
-    if (!group->meth->field_sqr(group, t1, t1, ctx))
-        goto err;
-    if (!group->meth->field_mul(group, t1, group->b, t1, ctx))
-        goto err;
-    if (!BN_GF2m_add(x, x, t1))
-        goto err;
-
-    ret = 1;
-
- err:
-    BN_CTX_end(ctx);
-    return ret;
-}
-
-/*-
- * Compute the x-coordinate x1/z1 for the point (x1/z1)+(x2/x2) in Montgomery
- * projective coordinates.
- * Uses algorithm Madd in appendix of
- *     Lopez, J. and Dahab, R.  "Fast multiplication on elliptic curves over
- *     GF(2^m) without precomputation" (CHES '99, LNCS 1717).
- */
-static int gf2m_Madd(const EC_GROUP *group, const BIGNUM *x, BIGNUM *x1,
-                     BIGNUM *z1, const BIGNUM *x2, const BIGNUM *z2,
-                     BN_CTX *ctx)
-{
-    BIGNUM *t1, *t2;
-    int ret = 0;
-
-    /* Since Madd is static we can guarantee that ctx != NULL. */
-    BN_CTX_start(ctx);
-    t1 = BN_CTX_get(ctx);
-    t2 = BN_CTX_get(ctx);
-    if (t2 == NULL)
-        goto err;
-
-    if (!BN_copy(t1, x))
-        goto err;
-    if (!group->meth->field_mul(group, x1, x1, z2, ctx))
-        goto err;
-    if (!group->meth->field_mul(group, z1, z1, x2, ctx))
-        goto err;
-    if (!group->meth->field_mul(group, t2, x1, z1, ctx))
-        goto err;
-    if (!BN_GF2m_add(z1, z1, x1))
-        goto err;
-    if (!group->meth->field_sqr(group, z1, z1, ctx))
-        goto err;
-    if (!group->meth->field_mul(group, x1, z1, t1, ctx))
-        goto err;
-    if (!BN_GF2m_add(x1, x1, t2))
-        goto err;
-
-    ret = 1;
-
- err:
-    BN_CTX_end(ctx);
-    return ret;
-}
-
-/*-
- * Compute the x, y affine coordinates from the point (x1, z1) (x2, z2)
- * using Montgomery point multiplication algorithm Mxy() in appendix of
- *     Lopez, J. and Dahab, R.  "Fast multiplication on elliptic curves over
- *     GF(2^m) without precomputation" (CHES '99, LNCS 1717).
- * Returns:
- *     0 on error
- *     1 if return value should be the point at infinity
- *     2 otherwise
- */
-static int gf2m_Mxy(const EC_GROUP *group, const BIGNUM *x, const BIGNUM *y,
-                    BIGNUM *x1, BIGNUM *z1, BIGNUM *x2, BIGNUM *z2,
-                    BN_CTX *ctx)
-{
-    BIGNUM *t3, *t4, *t5;
-    int ret = 0;
-
-    if (BN_is_zero(z1)) {
-        BN_zero(x2);
-        BN_zero(z2);
-        return 1;
-    }
-
-    if (BN_is_zero(z2)) {
-        if (!BN_copy(x2, x))
-            return 0;
-        if (!BN_GF2m_add(z2, x, y))
-            return 0;
-        return 2;
-    }
-
-    /* Since Mxy is static we can guarantee that ctx != NULL. */
-    BN_CTX_start(ctx);
-    t3 = BN_CTX_get(ctx);
-    t4 = BN_CTX_get(ctx);
-    t5 = BN_CTX_get(ctx);
-    if (t5 == NULL)
-        goto err;
-
-    if (!BN_one(t5))
-        goto err;
-
-    if (!group->meth->field_mul(group, t3, z1, z2, ctx))
-        goto err;
-
-    if (!group->meth->field_mul(group, z1, z1, x, ctx))
-        goto err;
-    if (!BN_GF2m_add(z1, z1, x1))
-        goto err;
-    if (!group->meth->field_mul(group, z2, z2, x, ctx))
-        goto err;
-    if (!group->meth->field_mul(group, x1, z2, x1, ctx))
-        goto err;
-    if (!BN_GF2m_add(z2, z2, x2))
-        goto err;
-
-    if (!group->meth->field_mul(group, z2, z2, z1, ctx))
-        goto err;
-    if (!group->meth->field_sqr(group, t4, x, ctx))
-        goto err;
-    if (!BN_GF2m_add(t4, t4, y))
-        goto err;
-    if (!group->meth->field_mul(group, t4, t4, t3, ctx))
-        goto err;
-    if (!BN_GF2m_add(t4, t4, z2))
-        goto err;
-
-    if (!group->meth->field_mul(group, t3, t3, x, ctx))
-        goto err;
-    if (!group->meth->field_div(group, t3, t5, t3, ctx))
-        goto err;
-    if (!group->meth->field_mul(group, t4, t3, t4, ctx))
-        goto err;
-    if (!group->meth->field_mul(group, x2, x1, t3, ctx))
-        goto err;
-    if (!BN_GF2m_add(z2, x2, x))
-        goto err;
-
-    if (!group->meth->field_mul(group, z2, z2, t4, ctx))
-        goto err;
-    if (!BN_GF2m_add(z2, z2, y))
-        goto err;
-
-    ret = 2;
-
- err:
-    BN_CTX_end(ctx);
-    return ret;
-}
-
-/*-
- * Computes scalar*point and stores the result in r.
- * point can not equal r.
- * Uses a modified algorithm 2P of
- *     Lopez, J. and Dahab, R.  "Fast multiplication on elliptic curves over
- *     GF(2^m) without precomputation" (CHES '99, LNCS 1717).
- *
- * To protect against side-channel attack the function uses constant time swap,
- * avoiding conditional branches.
- */
-static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group,
-                                             EC_POINT *r,
-                                             const BIGNUM *scalar,
-                                             const EC_POINT *point,
-                                             BN_CTX *ctx)
-{
-    BIGNUM *x1, *x2, *z1, *z2;
-    int ret = 0, i, group_top;
-    BN_ULONG mask, word;
-
-    if (r == point) {
-        ECerr(EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY, EC_R_INVALID_ARGUMENT);
-        return 0;
-    }
-
-    /* if result should be point at infinity */
-    if ((scalar == NULL) || BN_is_zero(scalar) || (point == NULL) ||
-        EC_POINT_is_at_infinity(group, point)) {
-        return EC_POINT_set_to_infinity(group, r);
-    }
-
-    /* only support affine coordinates */
-    if (!point->Z_is_one)
-        return 0;
-
-    /*
-     * Since point_multiply is static we can guarantee that ctx != NULL.
-     */
-    BN_CTX_start(ctx);
-    x1 = BN_CTX_get(ctx);
-    z1 = BN_CTX_get(ctx);
-    if (z1 == NULL)
-        goto err;
-
-    x2 = r->X;
-    z2 = r->Y;
-
-    group_top = bn_get_top(group->field);
-    if (bn_wexpand(x1, group_top) == NULL
-        || bn_wexpand(z1, group_top) == NULL
-        || bn_wexpand(x2, group_top) == NULL
-        || bn_wexpand(z2, group_top) == NULL)
-        goto err;
-
-    if (!BN_GF2m_mod_arr(x1, point->X, group->poly))
-        goto err;               /* x1 = x */
-    if (!BN_one(z1))
-        goto err;               /* z1 = 1 */
-    if (!group->meth->field_sqr(group, z2, x1, ctx))
-        goto err;               /* z2 = x1^2 = x^2 */
-    if (!group->meth->field_sqr(group, x2, z2, ctx))
-        goto err;
-    if (!BN_GF2m_add(x2, x2, group->b))
-        goto err;               /* x2 = x^4 + b */
-
-    /* find top most bit and go one past it */
-    i = bn_get_top(scalar) - 1;
-    mask = BN_TBIT;
-    word = bn_get_words(scalar)[i];
-    while (!(word & mask))
-        mask >>= 1;
-    mask >>= 1;
-    /* if top most bit was at word break, go to next word */
-    if (!mask) {
-        i--;
-        mask = BN_TBIT;
-    }
-
-    for (; i >= 0; i--) {
-        word = bn_get_words(scalar)[i];
-        while (mask) {
-            BN_consttime_swap(word & mask, x1, x2, group_top);
-            BN_consttime_swap(word & mask, z1, z2, group_top);
-            if (!gf2m_Madd(group, point->X, x2, z2, x1, z1, ctx))
-                goto err;
-            if (!gf2m_Mdouble(group, x1, z1, ctx))
-                goto err;
-            BN_consttime_swap(word & mask, x1, x2, group_top);
-            BN_consttime_swap(word & mask, z1, z2, group_top);
-            mask >>= 1;
-        }
-        mask = BN_TBIT;
-    }
-
-    /* convert out of "projective" coordinates */
-    i = gf2m_Mxy(group, point->X, point->Y, x1, z1, x2, z2, ctx);
-    if (i == 0)
-        goto err;
-    else if (i == 1) {
-        if (!EC_POINT_set_to_infinity(group, r))
-            goto err;
-    } else {
-        if (!BN_one(r->Z))
-            goto err;
-        r->Z_is_one = 1;
-    }
-
-    /* GF(2^m) field elements should always have BIGNUM::neg = 0 */
-    BN_set_negative(r->X, 0);
-    BN_set_negative(r->Y, 0);
-
-    ret = 1;
-
- err:
-    BN_CTX_end(ctx);
-    return ret;
-}
-
-/*-
- * Computes the sum
- *     scalar*group->generator + scalars[0]*points[0] + ... + scalars[num-1]*points[num-1]
- * gracefully ignoring NULL scalar values.
- */
-int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r,
-                       const BIGNUM *scalar, size_t num,
-                       const EC_POINT *points[], const BIGNUM *scalars[],
-                       BN_CTX *ctx)
-{
-    BN_CTX *new_ctx = NULL;
-    int ret = 0;
-    size_t i;
-    EC_POINT *p = NULL;
-    EC_POINT *acc = NULL;
-
-    if (ctx == NULL) {
-        ctx = new_ctx = BN_CTX_new();
-        if (ctx == NULL)
-            return 0;
-    }
-
-    /*
-     * This implementation is more efficient than the wNAF implementation for
-     * 2 or fewer points.  Use the ec_wNAF_mul implementation for 3 or more
-     * points, or if we can perform a fast multiplication based on
-     * precomputation.
-     */
-    if ((scalar && (num > 1)) || (num > 2)
-        || (num == 0 && EC_GROUP_have_precompute_mult(group))) {
-        ret = ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx);
-        goto err;
-    }
-
-    if ((p = EC_POINT_new(group)) == NULL)
-        goto err;
-    if ((acc = EC_POINT_new(group)) == NULL)
-        goto err;
-
-    if (!EC_POINT_set_to_infinity(group, acc))
-        goto err;
-
-    if (scalar) {
-        if (!ec_GF2m_montgomery_point_multiply
-            (group, p, scalar, group->generator, ctx))
-            goto err;
-        if (BN_is_negative(scalar))
-            if (!group->meth->invert(group, p, ctx))
-                goto err;
-        if (!group->meth->add(group, acc, acc, p, ctx))
-            goto err;
-    }
-
-    for (i = 0; i < num; i++) {
-        if (!ec_GF2m_montgomery_point_multiply
-            (group, p, scalars[i], points[i], ctx))
-            goto err;
-        if (BN_is_negative(scalars[i]))
-            if (!group->meth->invert(group, p, ctx))
-                goto err;
-        if (!group->meth->add(group, acc, acc, p, ctx))
-            goto err;
-    }
-
-    if (!EC_POINT_copy(r, acc))
-        goto err;
-
-    ret = 1;
-
- err:
-    EC_POINT_free(p);
-    EC_POINT_free(acc);
-    BN_CTX_free(new_ctx);
-    return ret;
-}
-
-/*
- * Precomputation for point multiplication: fall back to wNAF methods because
- * ec_GF2m_simple_mul() uses ec_wNAF_mul() if appropriate
- */
-
-int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
-{
-    return ec_wNAF_precompute_mult(group, ctx);
-}
-
-int ec_GF2m_have_precompute_mult(const EC_GROUP *group)
-{
-    return ec_wNAF_have_precompute_mult(group);
-}
-
-#endif
diff --git a/deps/openssl/openssl/crypto/ec/ec2_oct.c b/deps/openssl/openssl/crypto/ec/ec2_oct.c
index ea88ce860a..0867f994ea 100644
--- a/deps/openssl/openssl/crypto/ec/ec2_oct.c
+++ b/deps/openssl/openssl/crypto/ec/ec2_oct.c
@@ -1,5 +1,6 @@
 /*
- * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -7,21 +8,6 @@
  * https://www.openssl.org/source/license.html
  */
 
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
- * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
- * to the OpenSSL project.
- *
- * The ECC Code is licensed pursuant to the OpenSSL open source
- * license provided below.
- *
- * The software is originally written by Sheueling Chang Shantz and
- * Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
-
 #include <openssl/err.h>
 
 #include "ec_lcl.h"
@@ -108,7 +94,7 @@ int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group,
         }
     }
 
-    if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx))
+    if (!EC_POINT_set_affine_coordinates(group, point, x, y, ctx))
         goto err;
 
     ret = 1;
@@ -180,7 +166,7 @@ size_t ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point,
         if (yxi == NULL)
             goto err;
 
-        if (!EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx))
+        if (!EC_POINT_get_affine_coordinates(group, point, x, y, ctx))
             goto err;
 
         buf[0] = form;
@@ -315,8 +301,7 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
     }
 
     if (form == POINT_CONVERSION_COMPRESSED) {
-        if (!EC_POINT_set_compressed_coordinates_GF2m
-            (group, point, x, y_bit, ctx))
+        if (!EC_POINT_set_compressed_coordinates(group, point, x, y_bit, ctx))
             goto err;
     } else {
         if (!BN_bin2bn(buf + 1 + field_len, field_len, y))
@@ -335,10 +320,10 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
         }
 
         /*
-         * EC_POINT_set_affine_coordinates_GF2m is responsible for checking that
+         * EC_POINT_set_affine_coordinates is responsible for checking that
          * the point is on the curve.
          */
-        if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx))
+        if (!EC_POINT_set_affine_coordinates(group, point, x, y, ctx))
             goto err;
     }
 
diff --git a/deps/openssl/openssl/crypto/ec/ec2_smpl.c b/deps/openssl/openssl/crypto/ec/ec2_smpl.c
index cdacce61ac..87f7ce5691 100644
--- a/deps/openssl/openssl/crypto/ec/ec2_smpl.c
+++ b/deps/openssl/openssl/crypto/ec/ec2_smpl.c
@@ -1,5 +1,6 @@
 /*
  * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -7,21 +8,6 @@
  * https://www.openssl.org/source/license.html
  */
 
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
- * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
- * to the OpenSSL project.
- *
- * The ECC Code is licensed pursuant to the OpenSSL open source
- * license provided below.
- *
- * The software is originally written by Sheueling Chang Shantz and
- * Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
-
 #include <openssl/err.h>
 
 #include "internal/bn_int.h"
@@ -29,67 +15,6 @@
 
 #ifndef OPENSSL_NO_EC2M
 
-const EC_METHOD *EC_GF2m_simple_method(void)
-{
-    static const EC_METHOD ret = {
-        EC_FLAGS_DEFAULT_OCT,
-        NID_X9_62_characteristic_two_field,
-        ec_GF2m_simple_group_init,
-        ec_GF2m_simple_group_finish,
-        ec_GF2m_simple_group_clear_finish,
-        ec_GF2m_simple_group_copy,
-        ec_GF2m_simple_group_set_curve,
-        ec_GF2m_simple_group_get_curve,
-        ec_GF2m_simple_group_get_degree,
-        ec_group_simple_order_bits,
-        ec_GF2m_simple_group_check_discriminant,
-        ec_GF2m_simple_point_init,
-        ec_GF2m_simple_point_finish,
-        ec_GF2m_simple_point_clear_finish,
-        ec_GF2m_simple_point_copy,
-        ec_GF2m_simple_point_set_to_infinity,
-        0 /* set_Jprojective_coordinates_GFp */ ,
-        0 /* get_Jprojective_coordinates_GFp */ ,
-        ec_GF2m_simple_point_set_affine_coordinates,
-        ec_GF2m_simple_point_get_affine_coordinates,
-        0, 0, 0,
-        ec_GF2m_simple_add,
-        ec_GF2m_simple_dbl,
-        ec_GF2m_simple_invert,
-        ec_GF2m_simple_is_at_infinity,
-        ec_GF2m_simple_is_on_curve,
-        ec_GF2m_simple_cmp,
-        ec_GF2m_simple_make_affine,
-        ec_GF2m_simple_points_make_affine,
-
-        /*
-         * the following three method functions are defined in ec2_mult.c
-         */
-        ec_GF2m_simple_mul,
-        ec_GF2m_precompute_mult,
-        ec_GF2m_have_precompute_mult,
-
-        ec_GF2m_simple_field_mul,
-        ec_GF2m_simple_field_sqr,
-        ec_GF2m_simple_field_div,
-        0 /* field_encode */ ,
-        0 /* field_decode */ ,
-        0,                      /* field_set_to_one */
-        ec_key_simple_priv2oct,
-        ec_key_simple_oct2priv,
-        0, /* set private */
-        ec_key_simple_generate_key,
-        ec_key_simple_check_key,
-        ec_key_simple_generate_public_key,
-        0, /* keycopy */
-        0, /* keyfinish */
-        ecdh_simple_compute_key,
-        0  /* blind_coordinates */
-    };
-
-    return &ret;
-}
-
 /*
  * Initialize a GF(2^m)-based EC_GROUP structure. Note that all other members
  * are handled by EC_GROUP_new.
@@ -465,7 +390,7 @@ int ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
         if (!BN_copy(y0, a->Y))
             goto err;
     } else {
-        if (!EC_POINT_get_affine_coordinates_GF2m(group, a, x0, y0, ctx))
+        if (!EC_POINT_get_affine_coordinates(group, a, x0, y0, ctx))
             goto err;
     }
     if (b->Z_is_one) {
@@ -474,7 +399,7 @@ int ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
         if (!BN_copy(y1, b->Y))
             goto err;
     } else {
-        if (!EC_POINT_get_affine_coordinates_GF2m(group, b, x1, y1, ctx))
+        if (!EC_POINT_get_affine_coordinates(group, b, x1, y1, ctx))
             goto err;
     }
 
@@ -522,7 +447,7 @@ int ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
     if (!BN_GF2m_add(y2, y2, y1))
         goto err;
 
-    if (!EC_POINT_set_affine_coordinates_GF2m(group, r, x2, y2, ctx))
+    if (!EC_POINT_set_affine_coordinates(group, r, x2, y2, ctx))
         goto err;
 
     ret = 1;
@@ -619,9 +544,9 @@ int ec_GF2m_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
     if (!BN_GF2m_add(lh, lh, y2))
         goto err;
     ret = BN_is_zero(lh);
+
  err:
-    if (ctx)
-        BN_CTX_end(ctx);
+    BN_CTX_end(ctx);
     BN_CTX_free(new_ctx);
     return ret;
 }
@@ -665,15 +590,14 @@ int ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a,
     if (bY == NULL)
         goto err;
 
-    if (!EC_POINT_get_affine_coordinates_GF2m(group, a, aX, aY, ctx))
+    if (!EC_POINT_get_affine_coordinates(group, a, aX, aY, ctx))
         goto err;
-    if (!EC_POINT_get_affine_coordinates_GF2m(group, b, bX, bY, ctx))
+    if (!EC_POINT_get_affine_coordinates(group, b, bX, bY, ctx))
         goto err;
     ret = ((BN_cmp(aX, bX) == 0) && BN_cmp(aY, bY) == 0) ? 0 : 1;
 
  err:
-    if (ctx)
-        BN_CTX_end(ctx);
+    BN_CTX_end(ctx);
     BN_CTX_free(new_ctx);
     return ret;
 }
@@ -701,7 +625,7 @@ int ec_GF2m_simple_make_affine(const EC_GROUP *group, EC_POINT *point,
     if (y == NULL)
         goto err;
 
-    if (!EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx))
+    if (!EC_POINT_get_affine_coordinates(group, point, x, y, ctx))
         goto err;
     if (!BN_copy(point->X, x))
         goto err;
@@ -714,8 +638,7 @@ int ec_GF2m_simple_make_affine(const EC_GROUP *group, EC_POINT *point,
     ret = 1;
 
  err:
-    if (ctx)
-        BN_CTX_end(ctx);
+    BN_CTX_end(ctx);
     BN_CTX_free(new_ctx);
     return ret;
 }
@@ -757,4 +680,275 @@ int ec_GF2m_simple_field_div(const EC_GROUP *group, BIGNUM *r,
     return BN_GF2m_mod_div(r, a, b, group->field, ctx);
 }
 
+/*-
+ * Lopez-Dahab ladder, pre step.
+ * See e.g. "Guide to ECC" Alg 3.40.
+ * Modified to blind s and r independently.
+ * s:= p, r := 2p
+ */
+static
+int ec_GF2m_simple_ladder_pre(const EC_GROUP *group,
+                              EC_POINT *r, EC_POINT *s,
+                              EC_POINT *p, BN_CTX *ctx)
+{
+    /* if p is not affine, something is wrong */
+    if (p->Z_is_one == 0)
+        return 0;
+
+    /* s blinding: make sure lambda (s->Z here) is not zero */
+    do {
+        if (!BN_priv_rand(s->Z, BN_num_bits(group->field) - 1,
+                          BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) {
+            ECerr(EC_F_EC_GF2M_SIMPLE_LADDER_PRE, ERR_R_BN_LIB);
+            return 0;
+        }
+    } while (BN_is_zero(s->Z));
+
+    /* if field_encode defined convert between representations */
+    if ((group->meth->field_encode != NULL
+         && !group->meth->field_encode(group, s->Z, s->Z, ctx))
+        || !group->meth->field_mul(group, s->X, p->X, s->Z, ctx))
+        return 0;
+
+    /* r blinding: make sure lambda (r->Y here for storage) is not zero */
+    do {
+        if (!BN_priv_rand(r->Y, BN_num_bits(group->field) - 1,
+                          BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) {
+            ECerr(EC_F_EC_GF2M_SIMPLE_LADDER_PRE, ERR_R_BN_LIB);
+            return 0;
+        }
+    } while (BN_is_zero(r->Y));
+
+    if ((group->meth->field_encode != NULL
+         && !group->meth->field_encode(group, r->Y, r->Y, ctx))
+        || !group->meth->field_sqr(group, r->Z, p->X, ctx)
+        || !group->meth->field_sqr(group, r->X, r->Z, ctx)
+        || !BN_GF2m_add(r->X, r->X, group->b)
+        || !group->meth->field_mul(group, r->Z, r->Z, r->Y, ctx)
+        || !group->meth->field_mul(group, r->X, r->X, r->Y, ctx))
+        return 0;
+
+    s->Z_is_one = 0;
+    r->Z_is_one = 0;
+
+    return 1;
+}
+
+/*-
+ * Ladder step: differential addition-and-doubling, mixed Lopez-Dahab coords.
+ * http://www.hyperelliptic.org/EFD/g12o/auto-code/shortw/xz/ladder/mladd-2003-s.op3
+ * s := r + s, r := 2r
+ */
+static
+int ec_GF2m_simple_ladder_step(const EC_GROUP *group,
+                               EC_POINT *r, EC_POINT *s,
+                               EC_POINT *p, BN_CTX *ctx)
+{
+    if (!group->meth->field_mul(group, r->Y, r->Z, s->X, ctx)
+        || !group->meth->field_mul(group, s->X, r->X, s->Z, ctx)
+        || !group->meth->field_sqr(group, s->Y, r->Z, ctx)
+        || !group->meth->field_sqr(group, r->Z, r->X, ctx)
+        || !BN_GF2m_add(s->Z, r->Y, s->X)
+        || !group->meth->field_sqr(group, s->Z, s->Z, ctx)
+        || !group->meth->field_mul(group, s->X, r->Y, s->X, ctx)
+        || !group->meth->field_mul(group, r->Y, s->Z, p->X, ctx)
+        || !BN_GF2m_add(s->X, s->X, r->Y)
+        || !group->meth->field_sqr(group, r->Y, r->Z, ctx)
+        || !group->meth->field_mul(group, r->Z, r->Z, s->Y, ctx)
+        || !group->meth->field_sqr(group, s->Y, s->Y, ctx)
+        || !group->meth->field_mul(group, s->Y, s->Y, group->b, ctx)
+        || !BN_GF2m_add(r->X, r->Y, s->Y))
+        return 0;
+
+    return 1;
+}
+
+/*-
+ * Recover affine (x,y) result from Lopez-Dahab r and s, affine p.
+ * See e.g. "Fast Multiplication on Elliptic Curves over GF(2**m)
+ * without Precomputation" (Lopez and Dahab, CHES 1999),
+ * Appendix Alg Mxy.
+ */
+static
+int ec_GF2m_simple_ladder_post(const EC_GROUP *group,
+                               EC_POINT *r, EC_POINT *s,
+                               EC_POINT *p, BN_CTX *ctx)
+{
+    int ret = 0;
+    BIGNUM *t0, *t1, *t2 = NULL;
+
+    if (BN_is_zero(r->Z))
+        return EC_POINT_set_to_infinity(group, r);
+
+    if (BN_is_zero(s->Z)) {
+        if (!EC_POINT_copy(r, p)
+            || !EC_POINT_invert(group, r, ctx)) {
+            ECerr(EC_F_EC_GF2M_SIMPLE_LADDER_POST, ERR_R_EC_LIB);
+            return 0;
+        }
+        return 1;
+    }
+
+    BN_CTX_start(ctx);
+    t0 = BN_CTX_get(ctx);
+    t1 = BN_CTX_get(ctx);
+    t2 = BN_CTX_get(ctx);
+    if (t2 == NULL) {
+        ECerr(EC_F_EC_GF2M_SIMPLE_LADDER_POST, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (!group->meth->field_mul(group, t0, r->Z, s->Z, ctx)
+        || !group->meth->field_mul(group, t1, p->X, r->Z, ctx)
+        || !BN_GF2m_add(t1, r->X, t1)
+        || !group->meth->field_mul(group, t2, p->X, s->Z, ctx)
+        || !group->meth->field_mul(group, r->Z, r->X, t2, ctx)
+        || !BN_GF2m_add(t2, t2, s->X)
+        || !group->meth->field_mul(group, t1, t1, t2, ctx)
+        || !group->meth->field_sqr(group, t2, p->X, ctx)
+        || !BN_GF2m_add(t2, p->Y, t2)
+        || !group->meth->field_mul(group, t2, t2, t0, ctx)
+        || !BN_GF2m_add(t1, t2, t1)
+        || !group->meth->field_mul(group, t2, p->X, t0, ctx)
+        || !BN_GF2m_mod_inv(t2, t2, group->field, ctx)
+        || !group->meth->field_mul(group, t1, t1, t2, ctx)
+        || !group->meth->field_mul(group, r->X, r->Z, t2, ctx)
+        || !BN_GF2m_add(t2, p->X, r->X)
+        || !group->meth->field_mul(group, t2, t2, t1, ctx)
+        || !BN_GF2m_add(r->Y, p->Y, t2)
+        || !BN_one(r->Z))
+        goto err;
+
+    r->Z_is_one = 1;
+
+    /* GF(2^m) field elements should always have BIGNUM::neg = 0 */
+    BN_set_negative(r->X, 0);
+    BN_set_negative(r->Y, 0);
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+static
+int ec_GF2m_simple_points_mul(const EC_GROUP *group, EC_POINT *r,
+                              const BIGNUM *scalar, size_t num,
+                              const EC_POINT *points[],
+                              const BIGNUM *scalars[],
+                              BN_CTX *ctx)
+{
+    int ret = 0;
+    EC_POINT *t = NULL;
+
+    /*-
+     * We limit use of the ladder only to the following cases:
+     * - r := scalar * G
+     *   Fixed point mul: scalar != NULL && num == 0;
+     * - r := scalars[0] * points[0]
+     *   Variable point mul: scalar == NULL && num == 1;
+     * - r := scalar * G + scalars[0] * points[0]
+     *   used, e.g., in ECDSA verification: scalar != NULL && num == 1
+     *
+     * In any other case (num > 1) we use the default wNAF implementation.
+     *
+     * We also let the default implementation handle degenerate cases like group
+     * order or cofactor set to 0.
+     */
+    if (num > 1 || BN_is_zero(group->order) || BN_is_zero(group->cofactor))
+        return ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx);
+
+    if (scalar != NULL && num == 0)
+        /* Fixed point multiplication */
+        return ec_scalar_mul_ladder(group, r, scalar, NULL, ctx);
+
+    if (scalar == NULL && num == 1)
+        /* Variable point multiplication */
+        return ec_scalar_mul_ladder(group, r, scalars[0], points[0], ctx);
+
+    /*-
+     * Double point multiplication:
+     *  r := scalar * G + scalars[0] * points[0]
+     */
+
+    if ((t = EC_POINT_new(group)) == NULL) {
+        ECerr(EC_F_EC_GF2M_SIMPLE_POINTS_MUL, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    if (!ec_scalar_mul_ladder(group, t, scalar, NULL, ctx)
+        || !ec_scalar_mul_ladder(group, r, scalars[0], points[0], ctx)
+        || !EC_POINT_add(group, r, t, r, ctx))
+        goto err;
+
+    ret = 1;
+
+ err:
+    EC_POINT_free(t);
+    return ret;
+}
+
+const EC_METHOD *EC_GF2m_simple_method(void)
+{
+    static const EC_METHOD ret = {
+        EC_FLAGS_DEFAULT_OCT,
+        NID_X9_62_characteristic_two_field,
+        ec_GF2m_simple_group_init,
+        ec_GF2m_simple_group_finish,
+        ec_GF2m_simple_group_clear_finish,
+        ec_GF2m_simple_group_copy,
+        ec_GF2m_simple_group_set_curve,
+        ec_GF2m_simple_group_get_curve,
+        ec_GF2m_simple_group_get_degree,
+        ec_group_simple_order_bits,
+        ec_GF2m_simple_group_check_discriminant,
+        ec_GF2m_simple_point_init,
+        ec_GF2m_simple_point_finish,
+        ec_GF2m_simple_point_clear_finish,
+        ec_GF2m_simple_point_copy,
+        ec_GF2m_simple_point_set_to_infinity,
+        0, /* set_Jprojective_coordinates_GFp */
+        0, /* get_Jprojective_coordinates_GFp */
+        ec_GF2m_simple_point_set_affine_coordinates,
+        ec_GF2m_simple_point_get_affine_coordinates,
+        0, /* point_set_compressed_coordinates */
+        0, /* point2oct */
+        0, /* oct2point */
+        ec_GF2m_simple_add,
+        ec_GF2m_simple_dbl,
+        ec_GF2m_simple_invert,
+        ec_GF2m_simple_is_at_infinity,
+        ec_GF2m_simple_is_on_curve,
+        ec_GF2m_simple_cmp,
+        ec_GF2m_simple_make_affine,
+        ec_GF2m_simple_points_make_affine,
+        ec_GF2m_simple_points_mul,
+        0, /* precompute_mult */
+        0, /* have_precompute_mult */
+        ec_GF2m_simple_field_mul,
+        ec_GF2m_simple_field_sqr,
+        ec_GF2m_simple_field_div,
+        0, /* field_encode */
+        0, /* field_decode */
+        0, /* field_set_to_one */
+        ec_key_simple_priv2oct,
+        ec_key_simple_oct2priv,
+        0, /* set private */
+        ec_key_simple_generate_key,
+        ec_key_simple_check_key,
+        ec_key_simple_generate_public_key,
+        0, /* keycopy */
+        0, /* keyfinish */
+        ecdh_simple_compute_key,
+        0, /* field_inverse_mod_ord */
+        0, /* blind_coordinates */
+        ec_GF2m_simple_ladder_pre,
+        ec_GF2m_simple_ladder_step,
+        ec_GF2m_simple_ladder_post
+    };
+
+    return &ret;
+}
+
 #endif
diff --git a/deps/openssl/openssl/crypto/ec/ec_ameth.c b/deps/openssl/openssl/crypto/ec/ec_ameth.c
index f8f1e2c842..a3164b5b2e 100644
--- a/deps/openssl/openssl/crypto/ec/ec_ameth.c
+++ b/deps/openssl/openssl/crypto/ec/ec_ameth.c
@@ -521,6 +521,48 @@ static int ec_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
 
 }
 
+static int ec_pkey_check(const EVP_PKEY *pkey)
+{
+    EC_KEY *eckey = pkey->pkey.ec;
+
+    /* stay consistent to what EVP_PKEY_check demands */
+    if (eckey->priv_key == NULL) {
+        ECerr(EC_F_EC_PKEY_CHECK, EC_R_MISSING_PRIVATE_KEY);
+        return 0;
+    }
+
+    return EC_KEY_check_key(eckey);
+}
+
+static int ec_pkey_public_check(const EVP_PKEY *pkey)
+{
+    EC_KEY *eckey = pkey->pkey.ec;
+
+    /*
+     * Note: it unnecessary to check eckey->pub_key here since
+     * it will be checked in EC_KEY_check_key(). In fact, the
+     * EC_KEY_check_key() mainly checks the public key, and checks
+     * the private key optionally (only if there is one). So if
+     * someone passes a whole EC key (public + private), this
+     * will also work...
+     */
+
+    return EC_KEY_check_key(eckey);
+}
+
+static int ec_pkey_param_check(const EVP_PKEY *pkey)
+{
+    EC_KEY *eckey = pkey->pkey.ec;
+
+    /* stay consistent to what EVP_PKEY_check demands */
+    if (eckey->group == NULL) {
+        ECerr(EC_F_EC_PKEY_PARAM_CHECK, EC_R_MISSING_PARAMETERS);
+        return 0;
+    }
+
+    return EC_GROUP_check(eckey->group, NULL);
+}
+
 const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = {
     EVP_PKEY_EC,
     EVP_PKEY_EC,
@@ -552,9 +594,23 @@ const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = {
     int_ec_free,
     ec_pkey_ctrl,
     old_ec_priv_decode,
-    old_ec_priv_encode
+    old_ec_priv_encode,
+
+    0, 0, 0,
+
+    ec_pkey_check,
+    ec_pkey_public_check,
+    ec_pkey_param_check
 };
 
+#if !defined(OPENSSL_NO_SM2)
+const EVP_PKEY_ASN1_METHOD sm2_asn1_meth = {
+   EVP_PKEY_SM2,
+   EVP_PKEY_EC,
+   ASN1_PKEY_ALIAS
+};
+#endif
+
 int EC_KEY_print(BIO *bp, const EC_KEY *x, int off)
 {
     int private = EC_KEY_get0_private_key(x) != NULL;
@@ -643,7 +699,7 @@ static int ecdh_cms_set_kdf_param(EVP_PKEY_CTX *pctx, int eckdf_nid)
     if (EVP_PKEY_CTX_set_ecdh_cofactor_mode(pctx, cofactor) <= 0)
         return 0;
 
-    if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, EVP_PKEY_ECDH_KDF_X9_62) <= 0)
+    if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, EVP_PKEY_ECDH_KDF_X9_63) <= 0)
         return 0;
 
     kdf_md = EVP_get_digestbynid(kdfmd_nid);
@@ -808,7 +864,7 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri)
         ecdh_nid = NID_dh_cofactor_kdf;
 
     if (kdf_type == EVP_PKEY_ECDH_KDF_NONE) {
-        kdf_type = EVP_PKEY_ECDH_KDF_X9_62;
+        kdf_type = EVP_PKEY_ECDH_KDF_X9_63;
         if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, kdf_type) <= 0)
             goto err;
     } else
diff --git a/deps/openssl/openssl/crypto/ec/ec_asn1.c b/deps/openssl/openssl/crypto/ec/ec_asn1.c
index 271178f82e..13c56a621d 100644
--- a/deps/openssl/openssl/crypto/ec/ec_asn1.c
+++ b/deps/openssl/openssl/crypto/ec/ec_asn1.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -12,6 +12,7 @@
 #include <openssl/err.h>
 #include <openssl/asn1t.h>
 #include <openssl/objects.h>
+#include "internal/nelem.h"
 
 int EC_GROUP_get_basis_type(const EC_GROUP *group)
 {
@@ -87,13 +88,13 @@ int EC_GROUP_get_pentanomial_basis(const EC_GROUP *group, unsigned int *k1,
 
 /* some structures needed for the asn1 encoding */
 typedef struct x9_62_pentanomial_st {
-    long k1;
-    long k2;
-    long k3;
+    int32_t k1;
+    int32_t k2;
+    int32_t k3;
 } X9_62_PENTANOMIAL;
 
 typedef struct x9_62_characteristic_two_st {
-    long m;
+    int32_t m;
     ASN1_OBJECT *type;
     union {
         char *ptr;
@@ -128,7 +129,7 @@ typedef struct x9_62_curve_st {
 } X9_62_CURVE;
 
 struct ec_parameters_st {
-    long version;
+    int32_t version;
     X9_62_FIELDID *fieldID;
     X9_62_CURVE *curve;
     ASN1_OCTET_STRING *base;
@@ -147,7 +148,7 @@ struct ecpk_parameters_st {
 
 /* SEC1 ECPrivateKey */
 typedef struct ec_privatekey_st {
-    long version;
+    int32_t version;
     ASN1_OCTET_STRING *privateKey;
     ECPKPARAMETERS *parameters;
     ASN1_BIT_STRING *publicKey;
@@ -155,9 +156,9 @@ typedef struct ec_privatekey_st {
 
 /* the OpenSSL ASN.1 definitions */
 ASN1_SEQUENCE(X9_62_PENTANOMIAL) = {
-        ASN1_SIMPLE(X9_62_PENTANOMIAL, k1, LONG),
-        ASN1_SIMPLE(X9_62_PENTANOMIAL, k2, LONG),
-        ASN1_SIMPLE(X9_62_PENTANOMIAL, k3, LONG)
+        ASN1_EMBED(X9_62_PENTANOMIAL, k1, INT32),
+        ASN1_EMBED(X9_62_PENTANOMIAL, k2, INT32),
+        ASN1_EMBED(X9_62_PENTANOMIAL, k3, INT32)
 } static_ASN1_SEQUENCE_END(X9_62_PENTANOMIAL)
 
 DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL)
@@ -172,7 +173,7 @@ ASN1_ADB(X9_62_CHARACTERISTIC_TWO) = {
 } ASN1_ADB_END(X9_62_CHARACTERISTIC_TWO, 0, type, 0, &char_two_def_tt, NULL);
 
 ASN1_SEQUENCE(X9_62_CHARACTERISTIC_TWO) = {
-        ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, m, LONG),
+        ASN1_EMBED(X9_62_CHARACTERISTIC_TWO, m, INT32),
         ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, type, ASN1_OBJECT),
         ASN1_ADB_OBJECT(X9_62_CHARACTERISTIC_TWO)
 } static_ASN1_SEQUENCE_END(X9_62_CHARACTERISTIC_TWO)
@@ -199,7 +200,7 @@ ASN1_SEQUENCE(X9_62_CURVE) = {
 } static_ASN1_SEQUENCE_END(X9_62_CURVE)
 
 ASN1_SEQUENCE(ECPARAMETERS) = {
-        ASN1_SIMPLE(ECPARAMETERS, version, LONG),
+        ASN1_EMBED(ECPARAMETERS, version, INT32),
         ASN1_SIMPLE(ECPARAMETERS, fieldID, X9_62_FIELDID),
         ASN1_SIMPLE(ECPARAMETERS, curve, X9_62_CURVE),
         ASN1_SIMPLE(ECPARAMETERS, base, ASN1_OCTET_STRING),
@@ -221,7 +222,7 @@ DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECPKPARAMETERS, ECPKPARAMETERS)
 IMPLEMENT_ASN1_FUNCTIONS_const(ECPKPARAMETERS)
 
 ASN1_SEQUENCE(EC_PRIVATEKEY) = {
-        ASN1_SIMPLE(EC_PRIVATEKEY, version, LONG),
+        ASN1_EMBED(EC_PRIVATEKEY, version, INT32),
         ASN1_SIMPLE(EC_PRIVATEKEY, privateKey, ASN1_OCTET_STRING),
         ASN1_EXP_OPT(EC_PRIVATEKEY, parameters, ECPKPARAMETERS, 0),
         ASN1_EXP_OPT(EC_PRIVATEKEY, publicKey, ASN1_BIT_STRING, 1)
@@ -265,7 +266,7 @@ static int ec_asn1_group2fieldid(const EC_GROUP *group, X9_62_FIELDID *field)
             goto err;
         }
         /* the parameters are specified by the prime number p */
-        if (!EC_GROUP_get_curve_GFp(group, tmp, NULL, NULL, NULL)) {
+        if (!EC_GROUP_get_curve(group, tmp, NULL, NULL, NULL)) {
             ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB);
             goto err;
         }
@@ -359,17 +360,15 @@ static int ec_asn1_group2fieldid(const EC_GROUP *group, X9_62_FIELDID *field)
 
  err:
     BN_free(tmp);
-    return (ok);
+    return ok;
 }
 
 static int ec_asn1_group2curve(const EC_GROUP *group, X9_62_CURVE *curve)
 {
-    int ok = 0, nid;
+    int ok = 0;
     BIGNUM *tmp_1 = NULL, *tmp_2 = NULL;
-    unsigned char *buffer_1 = NULL, *buffer_2 = NULL,
-        *a_buf = NULL, *b_buf = NULL;
-    size_t len_1, len_2;
-    unsigned char char_zero = 0;
+    unsigned char *a_buf = NULL, *b_buf = NULL;
+    size_t len;
 
     if (!group || !curve || !curve->a || !curve->b)
         return 0;
@@ -379,62 +378,32 @@ static int ec_asn1_group2curve(const EC_GROUP *group, X9_62_CURVE *curve)
         goto err;
     }
 
-    nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group));
-
     /* get a and b */
-    if (nid == NID_X9_62_prime_field) {
-        if (!EC_GROUP_get_curve_GFp(group, NULL, tmp_1, tmp_2, NULL)) {
-            ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB);
-            goto err;
-        }
-    }
-#ifndef OPENSSL_NO_EC2M
-    else {                      /* nid == NID_X9_62_characteristic_two_field */
-
-        if (!EC_GROUP_get_curve_GF2m(group, NULL, tmp_1, tmp_2, NULL)) {
-            ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB);
-            goto err;
-        }
+    if (!EC_GROUP_get_curve(group, NULL, tmp_1, tmp_2, NULL)) {
+        ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB);
+        goto err;
     }
-#endif
-    len_1 = (size_t)BN_num_bytes(tmp_1);
-    len_2 = (size_t)BN_num_bytes(tmp_2);
 
-    if (len_1 == 0) {
-        /* len_1 == 0 => a == 0 */
-        a_buf = &char_zero;
-        len_1 = 1;
-    } else {
-        if ((buffer_1 = OPENSSL_malloc(len_1)) == NULL) {
-            ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-        if ((len_1 = BN_bn2bin(tmp_1, buffer_1)) == 0) {
-            ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB);
-            goto err;
-        }
-        a_buf = buffer_1;
+    /*
+     * Per SEC 1, the curve coefficients must be padded up to size. See C.2's
+     * definition of Curve, C.1's definition of FieldElement, and 2.3.5's
+     * definition of how to encode the field elements.
+     */
+    len = ((size_t)EC_GROUP_get_degree(group) + 7) / 8;
+    if ((a_buf = OPENSSL_malloc(len)) == NULL
+        || (b_buf = OPENSSL_malloc(len)) == NULL) {
+        ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE);
+        goto err;
     }
-
-    if (len_2 == 0) {
-        /* len_2 == 0 => b == 0 */
-        b_buf = &char_zero;
-        len_2 = 1;
-    } else {
-        if ((buffer_2 = OPENSSL_malloc(len_2)) == NULL) {
-            ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-        if ((len_2 = BN_bn2bin(tmp_2, buffer_2)) == 0) {
-            ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB);
-            goto err;
-        }
-        b_buf = buffer_2;
+    if (BN_bn2binpad(tmp_1, a_buf, len) < 0
+        || BN_bn2binpad(tmp_2, b_buf, len) < 0) {
+        ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB);
+        goto err;
     }
 
     /* set a and b */
-    if (!ASN1_OCTET_STRING_set(curve->a, a_buf, len_1) ||
-        !ASN1_OCTET_STRING_set(curve->b, b_buf, len_2)) {
+    if (!ASN1_OCTET_STRING_set(curve->a, a_buf, len)
+        || !ASN1_OCTET_STRING_set(curve->b, b_buf, len)) {
         ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB);
         goto err;
     }
@@ -461,11 +430,11 @@ static int ec_asn1_group2curve(const EC_GROUP *group, X9_62_CURVE *curve)
     ok = 1;
 
  err:
-    OPENSSL_free(buffer_1);
-    OPENSSL_free(buffer_2);
+    OPENSSL_free(a_buf);
+    OPENSSL_free(b_buf);
     BN_free(tmp_1);
     BN_free(tmp_2);
-    return (ok);
+    return ok;
 }
 
 ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group,
@@ -571,7 +540,7 @@ ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group,
 
     if (EC_GROUP_get_asn1_flag(group)) {
         /*
-         * use the asn1 OID to describe the the elliptic curve parameters
+         * use the asn1 OID to describe the elliptic curve parameters
          */
         tmp = EC_GROUP_get_curve_name(group);
         if (tmp) {
@@ -610,7 +579,12 @@ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params)
         goto err;
     }
 
-    /* now extract the curve parameters a and b */
+    /*
+     * Now extract the curve parameters a and b. Note that, although SEC 1
+     * specifies the length of their encodings, historical versions of OpenSSL
+     * encoded them incorrectly, so we must accept any length for backwards
+     * compatibility.
+     */
     if (!params->curve || !params->curve->a ||
         !params->curve->a->data || !params->curve->b ||
         !params->curve->b->data) {
@@ -827,7 +801,7 @@ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params)
     BN_free(a);
     BN_free(b);
     EC_POINT_free(point);
-    return (ret);
+    return ret;
 }
 
 EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params)
@@ -855,7 +829,7 @@ EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params)
             ECerr(EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS, ERR_R_EC_LIB);
             return NULL;
         }
-        EC_GROUP_set_asn1_flag(ret, 0x0);
+        EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_EXPLICIT_CURVE);
     } else if (params->type == 2) { /* implicitlyCA */
         return NULL;
     } else {
@@ -893,7 +867,7 @@ EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len)
 
     ECPKPARAMETERS_free(params);
     *in = p;
-    return (group);
+    return group;
 }
 
 int i2d_ECPKParameters(const EC_GROUP *a, unsigned char **out)
@@ -910,7 +884,7 @@ int i2d_ECPKParameters(const EC_GROUP *a, unsigned char **out)
         return 0;
     }
     ECPKPARAMETERS_free(tmp);
-    return (ret);
+    return ret;
 }
 
 /* some EC_KEY functions */
@@ -985,7 +959,7 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
         *a = ret;
     EC_PRIVATEKEY_free(priv_key);
     *in = p;
-    return (ret);
+    return ret;
 
  err:
     if (a == NULL || *a != ret)
@@ -1197,6 +1171,16 @@ void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
         *ps = sig->s;
 }
 
+const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig)
+{
+    return sig->r;
+}
+
+const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig)
+{
+    return sig->s;
+}
+
 int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s)
 {
     if (r == NULL || s == NULL)
@@ -1233,5 +1217,5 @@ int ECDSA_size(const EC_KEY *r)
     i = i2d_ASN1_INTEGER(&bs, NULL);
     i += i;                     /* r and s */
     ret = ASN1_object_size(1, i, V_ASN1_SEQUENCE);
-    return (ret);
+    return ret;
 }
diff --git a/deps/openssl/openssl/crypto/ec/ec_curve.c b/deps/openssl/openssl/crypto/ec/ec_curve.c
index b022528be2..bb1ce196d0 100644
--- a/deps/openssl/openssl/crypto/ec/ec_curve.c
+++ b/deps/openssl/openssl/crypto/ec/ec_curve.c
@@ -1,5 +1,6 @@
 /*
  * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -7,26 +8,12 @@
  * https://www.openssl.org/source/license.html
  */
 
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * The elliptic curve binary polynomial software is originally written by
- * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
-
 #include <string.h>
 #include "ec_lcl.h"
 #include <openssl/err.h>
 #include <openssl/obj_mac.h>
 #include <openssl/opensslconf.h>
-#include "e_os.h"
+#include "internal/nelem.h"
 
 typedef struct {
     int field_type,             /* either NID_X9_62_prime_field or
@@ -2217,7 +2204,7 @@ static const struct {
 #endif
 
 /*
- * These curves were added by Annie Yousar <a.yousar@informatik.hu-berlin.de>
+ * These curves were added by Annie Yousar.
  * For the definition of RFC 5639 curves see
  * http://www.ietf.org/rfc/rfc5639.txt These curves are generated verifiable
  * at random, nevertheless the seed is omitted as parameter because the
@@ -2764,6 +2751,45 @@ static const struct {
     }
 };
 
+#ifndef OPENSSL_NO_SM2
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 32 * 6];
+} _EC_sm2p256v1 = {
+    {
+       NID_X9_62_prime_field, 0, 32, 1
+    },
+    {
+        /* no seed */
+
+        /* p */
+        0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
+        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+        /* a */
+        0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
+        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc,
+        /* b */
+        0x28, 0xe9, 0xfa, 0x9e, 0x9d, 0x9f, 0x5e, 0x34, 0x4d, 0x5a, 0x9e, 0x4b,
+        0xcf, 0x65, 0x09, 0xa7, 0xf3, 0x97, 0x89, 0xf5, 0x15, 0xab, 0x8f, 0x92,
+        0xdd, 0xbc, 0xbd, 0x41, 0x4d, 0x94, 0x0e, 0x93,
+        /* x */
+        0x32, 0xc4, 0xae, 0x2c, 0x1f, 0x19, 0x81, 0x19, 0x5f, 0x99, 0x04, 0x46,
+        0x6a, 0x39, 0xc9, 0x94, 0x8f, 0xe3, 0x0b, 0xbf, 0xf2, 0x66, 0x0b, 0xe1,
+        0x71, 0x5a, 0x45, 0x89, 0x33, 0x4c, 0x74, 0xc7,
+        /* y */
+        0xbc, 0x37, 0x36, 0xa2, 0xf4, 0xf6, 0x77, 0x9c, 0x59, 0xbd, 0xce, 0xe3,
+        0x6b, 0x69, 0x21, 0x53, 0xd0, 0xa9, 0x87, 0x7c, 0xc6, 0x2a, 0x47, 0x40,
+        0x02, 0xdf, 0x32, 0xe5, 0x21, 0x39, 0xf0, 0xa0,
+        /* order */
+        0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+        0xff, 0xff, 0xff, 0xff, 0x72, 0x03, 0xdf, 0x6b, 0x21, 0xc6, 0x05, 0x2b,
+        0x53, 0xbb, 0xf4, 0x09, 0x39, 0xd5, 0x41, 0x23,
+    }
+};
+#endif /* OPENSSL_NO_SM2 */
+
 typedef struct _ec_list_element_st {
     int nid;
     const EC_CURVE_DATA *data;
@@ -2973,6 +2999,10 @@ static const ec_list_element curve_list[] = {
      "RFC 5639 curve over a 512 bit prime field"},
     {NID_brainpoolP512t1, &_EC_brainpoolP512t1.h, 0,
      "RFC 5639 curve over a 512 bit prime field"},
+#ifndef OPENSSL_NO_SM2
+    {NID_sm2, &_EC_sm2p256v1.h, 0,
+     "SM2 curve over a 256 bit prime field"},
+#endif
 };
 
 #define curve_list_length OSSL_NELEM(curve_list)
@@ -3048,7 +3078,7 @@ static EC_GROUP *ec_group_new_from_data(const ec_list_element curve)
         ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
         goto err;
     }
-    if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) {
+    if (!EC_POINT_set_affine_coordinates(group, P, x, y, ctx)) {
         ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
         goto err;
     }
diff --git a/deps/openssl/openssl/crypto/ec/ec_cvt.c b/deps/openssl/openssl/crypto/ec/ec_cvt.c
index bfff6d65f7..0ec346c125 100644
--- a/deps/openssl/openssl/crypto/ec/ec_cvt.c
+++ b/deps/openssl/openssl/crypto/ec/ec_cvt.c
@@ -1,5 +1,6 @@
 /*
- * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -7,20 +8,6 @@
  * https://www.openssl.org/source/license.html
  */
 
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * The elliptic curve binary polynomial software is originally written by
- * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
-
 #include <openssl/err.h>
 #include "ec_lcl.h"
 
@@ -64,7 +51,7 @@ EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a,
     if (ret == NULL)
         return NULL;
 
-    if (!EC_GROUP_set_curve_GFp(ret, p, a, b, ctx)) {
+    if (!EC_GROUP_set_curve(ret, p, a, b, ctx)) {
         EC_GROUP_clear_free(ret);
         return NULL;
     }
@@ -85,7 +72,7 @@ EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a,
     if (ret == NULL)
         return NULL;
 
-    if (!EC_GROUP_set_curve_GF2m(ret, p, a, b, ctx)) {
+    if (!EC_GROUP_set_curve(ret, p, a, b, ctx)) {
         EC_GROUP_clear_free(ret);
         return NULL;
     }
diff --git a/deps/openssl/openssl/crypto/ec/ec_err.c b/deps/openssl/openssl/crypto/ec/ec_err.c
index 717c92e984..8f4911abec 100644
--- a/deps/openssl/openssl/crypto/ec/ec_err.c
+++ b/deps/openssl/openssl/crypto/ec/ec_err.c
@@ -8,272 +8,368 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
 #include <openssl/err.h>
-#include <openssl/ec.h>
+#include <openssl/ecerr.h>
 
-/* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_EC,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_EC,0,reason)
-
-static ERR_STRING_DATA EC_str_functs[] = {
-    {ERR_FUNC(EC_F_BN_TO_FELEM), "BN_to_felem"},
-    {ERR_FUNC(EC_F_D2I_ECPARAMETERS), "d2i_ECParameters"},
-    {ERR_FUNC(EC_F_D2I_ECPKPARAMETERS), "d2i_ECPKParameters"},
-    {ERR_FUNC(EC_F_D2I_ECPRIVATEKEY), "d2i_ECPrivateKey"},
-    {ERR_FUNC(EC_F_DO_EC_KEY_PRINT), "do_EC_KEY_print"},
-    {ERR_FUNC(EC_F_ECDH_CMS_DECRYPT), "ecdh_cms_decrypt"},
-    {ERR_FUNC(EC_F_ECDH_CMS_SET_SHARED_INFO), "ecdh_cms_set_shared_info"},
-    {ERR_FUNC(EC_F_ECDH_COMPUTE_KEY), "ECDH_compute_key"},
-    {ERR_FUNC(EC_F_ECDH_SIMPLE_COMPUTE_KEY), "ecdh_simple_compute_key"},
-    {ERR_FUNC(EC_F_ECDSA_DO_SIGN_EX), "ECDSA_do_sign_ex"},
-    {ERR_FUNC(EC_F_ECDSA_DO_VERIFY), "ECDSA_do_verify"},
-    {ERR_FUNC(EC_F_ECDSA_SIGN_EX), "ECDSA_sign_ex"},
-    {ERR_FUNC(EC_F_ECDSA_SIGN_SETUP), "ECDSA_sign_setup"},
-    {ERR_FUNC(EC_F_ECDSA_SIG_NEW), "ECDSA_SIG_new"},
-    {ERR_FUNC(EC_F_ECDSA_VERIFY), "ECDSA_verify"},
-    {ERR_FUNC(EC_F_ECKEY_PARAM2TYPE), "eckey_param2type"},
-    {ERR_FUNC(EC_F_ECKEY_PARAM_DECODE), "eckey_param_decode"},
-    {ERR_FUNC(EC_F_ECKEY_PRIV_DECODE), "eckey_priv_decode"},
-    {ERR_FUNC(EC_F_ECKEY_PRIV_ENCODE), "eckey_priv_encode"},
-    {ERR_FUNC(EC_F_ECKEY_PUB_DECODE), "eckey_pub_decode"},
-    {ERR_FUNC(EC_F_ECKEY_PUB_ENCODE), "eckey_pub_encode"},
-    {ERR_FUNC(EC_F_ECKEY_TYPE2PARAM), "eckey_type2param"},
-    {ERR_FUNC(EC_F_ECPARAMETERS_PRINT), "ECParameters_print"},
-    {ERR_FUNC(EC_F_ECPARAMETERS_PRINT_FP), "ECParameters_print_fp"},
-    {ERR_FUNC(EC_F_ECPKPARAMETERS_PRINT), "ECPKParameters_print"},
-    {ERR_FUNC(EC_F_ECPKPARAMETERS_PRINT_FP), "ECPKParameters_print_fp"},
-    {ERR_FUNC(EC_F_ECP_NISTZ256_GET_AFFINE), "ecp_nistz256_get_affine"},
-    {ERR_FUNC(EC_F_ECP_NISTZ256_MULT_PRECOMPUTE),
+static const ERR_STRING_DATA EC_str_functs[] = {
+    {ERR_PACK(ERR_LIB_EC, EC_F_BN_TO_FELEM, 0), "BN_to_felem"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_D2I_ECPARAMETERS, 0), "d2i_ECParameters"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_D2I_ECPKPARAMETERS, 0), "d2i_ECPKParameters"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_D2I_ECPRIVATEKEY, 0), "d2i_ECPrivateKey"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_DO_EC_KEY_PRINT, 0), "do_EC_KEY_print"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECDH_CMS_DECRYPT, 0), "ecdh_cms_decrypt"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECDH_CMS_SET_SHARED_INFO, 0),
+     "ecdh_cms_set_shared_info"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECDH_COMPUTE_KEY, 0), "ECDH_compute_key"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECDH_SIMPLE_COMPUTE_KEY, 0),
+     "ecdh_simple_compute_key"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_DO_SIGN_EX, 0), "ECDSA_do_sign_ex"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_DO_VERIFY, 0), "ECDSA_do_verify"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_SIGN_EX, 0), "ECDSA_sign_ex"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_SIGN_SETUP, 0), "ECDSA_sign_setup"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_SIG_NEW, 0), "ECDSA_SIG_new"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_VERIFY, 0), "ECDSA_verify"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECD_ITEM_VERIFY, 0), "ecd_item_verify"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECKEY_PARAM2TYPE, 0), "eckey_param2type"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECKEY_PARAM_DECODE, 0), "eckey_param_decode"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECKEY_PRIV_DECODE, 0), "eckey_priv_decode"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECKEY_PRIV_ENCODE, 0), "eckey_priv_encode"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECKEY_PUB_DECODE, 0), "eckey_pub_decode"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECKEY_PUB_ENCODE, 0), "eckey_pub_encode"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECKEY_TYPE2PARAM, 0), "eckey_type2param"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECPARAMETERS_PRINT, 0), "ECParameters_print"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECPARAMETERS_PRINT_FP, 0),
+     "ECParameters_print_fp"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECPKPARAMETERS_PRINT, 0),
+     "ECPKParameters_print"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECPKPARAMETERS_PRINT_FP, 0),
+     "ECPKParameters_print_fp"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECP_NISTZ256_GET_AFFINE, 0),
+     "ecp_nistz256_get_affine"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECP_NISTZ256_INV_MOD_ORD, 0),
+     "ecp_nistz256_inv_mod_ord"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECP_NISTZ256_MULT_PRECOMPUTE, 0),
      "ecp_nistz256_mult_precompute"},
-    {ERR_FUNC(EC_F_ECP_NISTZ256_POINTS_MUL), "ecp_nistz256_points_mul"},
-    {ERR_FUNC(EC_F_ECP_NISTZ256_PRE_COMP_NEW), "ecp_nistz256_pre_comp_new"},
-    {ERR_FUNC(EC_F_ECP_NISTZ256_WINDOWED_MUL), "ecp_nistz256_windowed_mul"},
-    {ERR_FUNC(EC_F_ECX_KEY_OP), "ecx_key_op"},
-    {ERR_FUNC(EC_F_ECX_PRIV_ENCODE), "ecx_priv_encode"},
-    {ERR_FUNC(EC_F_ECX_PUB_ENCODE), "ecx_pub_encode"},
-    {ERR_FUNC(EC_F_EC_ASN1_GROUP2CURVE), "ec_asn1_group2curve"},
-    {ERR_FUNC(EC_F_EC_ASN1_GROUP2FIELDID), "ec_asn1_group2fieldid"},
-    {ERR_FUNC(EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY),
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECP_NISTZ256_POINTS_MUL, 0),
+     "ecp_nistz256_points_mul"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECP_NISTZ256_PRE_COMP_NEW, 0),
+     "ecp_nistz256_pre_comp_new"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECP_NISTZ256_WINDOWED_MUL, 0),
+     "ecp_nistz256_windowed_mul"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECX_KEY_OP, 0), "ecx_key_op"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECX_PRIV_ENCODE, 0), "ecx_priv_encode"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECX_PUB_ENCODE, 0), "ecx_pub_encode"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_ASN1_GROUP2CURVE, 0), "ec_asn1_group2curve"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_ASN1_GROUP2FIELDID, 0),
+     "ec_asn1_group2fieldid"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY, 0),
      "ec_GF2m_montgomery_point_multiply"},
-    {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT, 0),
      "ec_GF2m_simple_group_check_discriminant"},
-    {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE, 0),
      "ec_GF2m_simple_group_set_curve"},
-    {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_OCT2POINT), "ec_GF2m_simple_oct2point"},
-    {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT2OCT), "ec_GF2m_simple_point2oct"},
-    {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_LADDER_POST, 0),
+     "ec_GF2m_simple_ladder_post"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_LADDER_PRE, 0),
+     "ec_GF2m_simple_ladder_pre"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_OCT2POINT, 0),
+     "ec_GF2m_simple_oct2point"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_POINT2OCT, 0),
+     "ec_GF2m_simple_point2oct"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_POINTS_MUL, 0),
+     "ec_GF2m_simple_points_mul"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES, 0),
      "ec_GF2m_simple_point_get_affine_coordinates"},
-    {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES, 0),
      "ec_GF2m_simple_point_set_affine_coordinates"},
-    {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES, 0),
      "ec_GF2m_simple_set_compressed_coordinates"},
-    {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_DECODE), "ec_GFp_mont_field_decode"},
-    {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_ENCODE), "ec_GFp_mont_field_encode"},
-    {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_MUL), "ec_GFp_mont_field_mul"},
-    {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_MONT_FIELD_DECODE, 0),
+     "ec_GFp_mont_field_decode"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_MONT_FIELD_ENCODE, 0),
+     "ec_GFp_mont_field_encode"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_MONT_FIELD_MUL, 0),
+     "ec_GFp_mont_field_mul"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE, 0),
      "ec_GFp_mont_field_set_to_one"},
-    {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_SQR), "ec_GFp_mont_field_sqr"},
-    {ERR_FUNC(EC_F_EC_GFP_MONT_GROUP_SET_CURVE),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_MONT_FIELD_SQR, 0),
+     "ec_GFp_mont_field_sqr"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_MONT_GROUP_SET_CURVE, 0),
      "ec_GFp_mont_group_set_curve"},
-    {ERR_FUNC(EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE, 0),
      "ec_GFp_nistp224_group_set_curve"},
-    {ERR_FUNC(EC_F_EC_GFP_NISTP224_POINTS_MUL), "ec_GFp_nistp224_points_mul"},
-    {ERR_FUNC(EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP224_POINTS_MUL, 0),
+     "ec_GFp_nistp224_points_mul"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES, 0),
      "ec_GFp_nistp224_point_get_affine_coordinates"},
-    {ERR_FUNC(EC_F_EC_GFP_NISTP256_GROUP_SET_CURVE),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP256_GROUP_SET_CURVE, 0),
      "ec_GFp_nistp256_group_set_curve"},
-    {ERR_FUNC(EC_F_EC_GFP_NISTP256_POINTS_MUL), "ec_GFp_nistp256_points_mul"},
-    {ERR_FUNC(EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP256_POINTS_MUL, 0),
+     "ec_GFp_nistp256_points_mul"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES, 0),
      "ec_GFp_nistp256_point_get_affine_coordinates"},
-    {ERR_FUNC(EC_F_EC_GFP_NISTP521_GROUP_SET_CURVE),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP521_GROUP_SET_CURVE, 0),
      "ec_GFp_nistp521_group_set_curve"},
-    {ERR_FUNC(EC_F_EC_GFP_NISTP521_POINTS_MUL), "ec_GFp_nistp521_points_mul"},
-    {ERR_FUNC(EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP521_POINTS_MUL, 0),
+     "ec_GFp_nistp521_points_mul"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES, 0),
      "ec_GFp_nistp521_point_get_affine_coordinates"},
-    {ERR_FUNC(EC_F_EC_GFP_NIST_FIELD_MUL), "ec_GFp_nist_field_mul"},
-    {ERR_FUNC(EC_F_EC_GFP_NIST_FIELD_SQR), "ec_GFp_nist_field_sqr"},
-    {ERR_FUNC(EC_F_EC_GFP_NIST_GROUP_SET_CURVE),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NIST_FIELD_MUL, 0),
+     "ec_GFp_nist_field_mul"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NIST_FIELD_SQR, 0),
+     "ec_GFp_nist_field_sqr"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NIST_GROUP_SET_CURVE, 0),
      "ec_GFp_nist_group_set_curve"},
-    {ERR_FUNC(EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES, 0),
      "ec_GFp_simple_blind_coordinates"},
-    {ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT, 0),
      "ec_GFp_simple_group_check_discriminant"},
-    {ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, 0),
      "ec_GFp_simple_group_set_curve"},
-    {ERR_FUNC(EC_F_EC_GFP_SIMPLE_MAKE_AFFINE), "ec_GFp_simple_make_affine"},
-    {ERR_FUNC(EC_F_EC_GFP_SIMPLE_OCT2POINT), "ec_GFp_simple_oct2point"},
-    {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT2OCT), "ec_GFp_simple_point2oct"},
-    {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_MAKE_AFFINE, 0),
+     "ec_GFp_simple_make_affine"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_OCT2POINT, 0),
+     "ec_GFp_simple_oct2point"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_POINT2OCT, 0),
+     "ec_GFp_simple_point2oct"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, 0),
      "ec_GFp_simple_points_make_affine"},
-    {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES, 0),
      "ec_GFp_simple_point_get_affine_coordinates"},
-    {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES, 0),
      "ec_GFp_simple_point_set_affine_coordinates"},
-    {ERR_FUNC(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, 0),
      "ec_GFp_simple_set_compressed_coordinates"},
-    {ERR_FUNC(EC_F_EC_GROUP_CHECK), "EC_GROUP_check"},
-    {ERR_FUNC(EC_F_EC_GROUP_CHECK_DISCRIMINANT),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_CHECK, 0), "EC_GROUP_check"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_CHECK_DISCRIMINANT, 0),
      "EC_GROUP_check_discriminant"},
-    {ERR_FUNC(EC_F_EC_GROUP_COPY), "EC_GROUP_copy"},
-    {ERR_FUNC(EC_F_EC_GROUP_GET_CURVE_GF2M), "EC_GROUP_get_curve_GF2m"},
-    {ERR_FUNC(EC_F_EC_GROUP_GET_CURVE_GFP), "EC_GROUP_get_curve_GFp"},
-    {ERR_FUNC(EC_F_EC_GROUP_GET_DEGREE), "EC_GROUP_get_degree"},
-    {ERR_FUNC(EC_F_EC_GROUP_GET_ECPARAMETERS), "EC_GROUP_get_ecparameters"},
-    {ERR_FUNC(EC_F_EC_GROUP_GET_ECPKPARAMETERS),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_COPY, 0), "EC_GROUP_copy"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_CURVE, 0), "EC_GROUP_get_curve"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_CURVE_GF2M, 0),
+     "EC_GROUP_get_curve_GF2m"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_CURVE_GFP, 0),
+     "EC_GROUP_get_curve_GFp"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_DEGREE, 0), "EC_GROUP_get_degree"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_ECPARAMETERS, 0),
+     "EC_GROUP_get_ecparameters"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_ECPKPARAMETERS, 0),
      "EC_GROUP_get_ecpkparameters"},
-    {ERR_FUNC(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS, 0),
      "EC_GROUP_get_pentanomial_basis"},
-    {ERR_FUNC(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_TRINOMIAL_BASIS, 0),
      "EC_GROUP_get_trinomial_basis"},
-    {ERR_FUNC(EC_F_EC_GROUP_NEW), "EC_GROUP_new"},
-    {ERR_FUNC(EC_F_EC_GROUP_NEW_BY_CURVE_NAME), "EC_GROUP_new_by_curve_name"},
-    {ERR_FUNC(EC_F_EC_GROUP_NEW_FROM_DATA), "ec_group_new_from_data"},
-    {ERR_FUNC(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_NEW, 0), "EC_GROUP_new"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_NEW_BY_CURVE_NAME, 0),
+     "EC_GROUP_new_by_curve_name"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_NEW_FROM_DATA, 0),
+     "ec_group_new_from_data"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, 0),
      "EC_GROUP_new_from_ecparameters"},
-    {ERR_FUNC(EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS, 0),
      "EC_GROUP_new_from_ecpkparameters"},
-    {ERR_FUNC(EC_F_EC_GROUP_SET_CURVE_GF2M), "EC_GROUP_set_curve_GF2m"},
-    {ERR_FUNC(EC_F_EC_GROUP_SET_CURVE_GFP), "EC_GROUP_set_curve_GFp"},
-    {ERR_FUNC(EC_F_EC_GROUP_SET_GENERATOR), "EC_GROUP_set_generator"},
-    {ERR_FUNC(EC_F_EC_KEY_CHECK_KEY), "EC_KEY_check_key"},
-    {ERR_FUNC(EC_F_EC_KEY_COPY), "EC_KEY_copy"},
-    {ERR_FUNC(EC_F_EC_KEY_GENERATE_KEY), "EC_KEY_generate_key"},
-    {ERR_FUNC(EC_F_EC_KEY_NEW), "EC_KEY_new"},
-    {ERR_FUNC(EC_F_EC_KEY_NEW_METHOD), "EC_KEY_new_method"},
-    {ERR_FUNC(EC_F_EC_KEY_OCT2PRIV), "EC_KEY_oct2priv"},
-    {ERR_FUNC(EC_F_EC_KEY_PRINT), "EC_KEY_print"},
-    {ERR_FUNC(EC_F_EC_KEY_PRINT_FP), "EC_KEY_print_fp"},
-    {ERR_FUNC(EC_F_EC_KEY_PRIV2OCT), "EC_KEY_priv2oct"},
-    {ERR_FUNC(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_SET_CURVE, 0), "EC_GROUP_set_curve"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_SET_CURVE_GF2M, 0),
+     "EC_GROUP_set_curve_GF2m"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_SET_CURVE_GFP, 0),
+     "EC_GROUP_set_curve_GFp"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_SET_GENERATOR, 0),
+     "EC_GROUP_set_generator"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_SET_SEED, 0), "EC_GROUP_set_seed"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_CHECK_KEY, 0), "EC_KEY_check_key"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_COPY, 0), "EC_KEY_copy"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_GENERATE_KEY, 0), "EC_KEY_generate_key"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_NEW, 0), "EC_KEY_new"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_NEW_METHOD, 0), "EC_KEY_new_method"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_OCT2PRIV, 0), "EC_KEY_oct2priv"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_PRINT, 0), "EC_KEY_print"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_PRINT_FP, 0), "EC_KEY_print_fp"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_PRIV2BUF, 0), "EC_KEY_priv2buf"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_PRIV2OCT, 0), "EC_KEY_priv2oct"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES, 0),
      "EC_KEY_set_public_key_affine_coordinates"},
-    {ERR_FUNC(EC_F_EC_KEY_SIMPLE_CHECK_KEY), "ec_key_simple_check_key"},
-    {ERR_FUNC(EC_F_EC_KEY_SIMPLE_OCT2PRIV), "ec_key_simple_oct2priv"},
-    {ERR_FUNC(EC_F_EC_KEY_SIMPLE_PRIV2OCT), "ec_key_simple_priv2oct"},
-    {ERR_FUNC(EC_F_EC_POINTS_MAKE_AFFINE), "EC_POINTs_make_affine"},
-    {ERR_FUNC(EC_F_EC_POINT_ADD), "EC_POINT_add"},
-    {ERR_FUNC(EC_F_EC_POINT_CMP), "EC_POINT_cmp"},
-    {ERR_FUNC(EC_F_EC_POINT_COPY), "EC_POINT_copy"},
-    {ERR_FUNC(EC_F_EC_POINT_DBL), "EC_POINT_dbl"},
-    {ERR_FUNC(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_SIMPLE_CHECK_KEY, 0),
+     "ec_key_simple_check_key"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_SIMPLE_OCT2PRIV, 0),
+     "ec_key_simple_oct2priv"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_SIMPLE_PRIV2OCT, 0),
+     "ec_key_simple_priv2oct"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_PKEY_CHECK, 0), "ec_pkey_check"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_PKEY_PARAM_CHECK, 0), "ec_pkey_param_check"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINTS_MAKE_AFFINE, 0),
+     "EC_POINTs_make_affine"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINTS_MUL, 0), "EC_POINTs_mul"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_ADD, 0), "EC_POINT_add"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_BN2POINT, 0), "EC_POINT_bn2point"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_CMP, 0), "EC_POINT_cmp"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_COPY, 0), "EC_POINT_copy"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_DBL, 0), "EC_POINT_dbl"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_GET_AFFINE_COORDINATES, 0),
+     "EC_POINT_get_affine_coordinates"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M, 0),
      "EC_POINT_get_affine_coordinates_GF2m"},
-    {ERR_FUNC(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, 0),
      "EC_POINT_get_affine_coordinates_GFp"},
-    {ERR_FUNC(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP, 0),
      "EC_POINT_get_Jprojective_coordinates_GFp"},
-    {ERR_FUNC(EC_F_EC_POINT_INVERT), "EC_POINT_invert"},
-    {ERR_FUNC(EC_F_EC_POINT_IS_AT_INFINITY), "EC_POINT_is_at_infinity"},
-    {ERR_FUNC(EC_F_EC_POINT_IS_ON_CURVE), "EC_POINT_is_on_curve"},
-    {ERR_FUNC(EC_F_EC_POINT_MAKE_AFFINE), "EC_POINT_make_affine"},
-    {ERR_FUNC(EC_F_EC_POINT_NEW), "EC_POINT_new"},
-    {ERR_FUNC(EC_F_EC_POINT_OCT2POINT), "EC_POINT_oct2point"},
-    {ERR_FUNC(EC_F_EC_POINT_POINT2OCT), "EC_POINT_point2oct"},
-    {ERR_FUNC(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_INVERT, 0), "EC_POINT_invert"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_IS_AT_INFINITY, 0),
+     "EC_POINT_is_at_infinity"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_IS_ON_CURVE, 0),
+     "EC_POINT_is_on_curve"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_MAKE_AFFINE, 0),
+     "EC_POINT_make_affine"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_NEW, 0), "EC_POINT_new"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_OCT2POINT, 0), "EC_POINT_oct2point"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_POINT2BUF, 0), "EC_POINT_point2buf"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_POINT2OCT, 0), "EC_POINT_point2oct"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_AFFINE_COORDINATES, 0),
+     "EC_POINT_set_affine_coordinates"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M, 0),
      "EC_POINT_set_affine_coordinates_GF2m"},
-    {ERR_FUNC(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, 0),
      "EC_POINT_set_affine_coordinates_GFp"},
-    {ERR_FUNC(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_COMPRESSED_COORDINATES, 0),
+     "EC_POINT_set_compressed_coordinates"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M, 0),
      "EC_POINT_set_compressed_coordinates_GF2m"},
-    {ERR_FUNC(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, 0),
      "EC_POINT_set_compressed_coordinates_GFp"},
-    {ERR_FUNC(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP),
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP, 0),
      "EC_POINT_set_Jprojective_coordinates_GFp"},
-    {ERR_FUNC(EC_F_EC_POINT_SET_TO_INFINITY), "EC_POINT_set_to_infinity"},
-    {ERR_FUNC(EC_F_EC_PRE_COMP_NEW), "ec_pre_comp_new"},
-    {ERR_FUNC(EC_F_EC_WNAF_MUL), "ec_wNAF_mul"},
-    {ERR_FUNC(EC_F_EC_WNAF_PRECOMPUTE_MULT), "ec_wNAF_precompute_mult"},
-    {ERR_FUNC(EC_F_I2D_ECPARAMETERS), "i2d_ECParameters"},
-    {ERR_FUNC(EC_F_I2D_ECPKPARAMETERS), "i2d_ECPKParameters"},
-    {ERR_FUNC(EC_F_I2D_ECPRIVATEKEY), "i2d_ECPrivateKey"},
-    {ERR_FUNC(EC_F_I2O_ECPUBLICKEY), "i2o_ECPublicKey"},
-    {ERR_FUNC(EC_F_NISTP224_PRE_COMP_NEW), "nistp224_pre_comp_new"},
-    {ERR_FUNC(EC_F_NISTP256_PRE_COMP_NEW), "nistp256_pre_comp_new"},
-    {ERR_FUNC(EC_F_NISTP521_PRE_COMP_NEW), "nistp521_pre_comp_new"},
-    {ERR_FUNC(EC_F_O2I_ECPUBLICKEY), "o2i_ECPublicKey"},
-    {ERR_FUNC(EC_F_OLD_EC_PRIV_DECODE), "old_ec_priv_decode"},
-    {ERR_FUNC(EC_F_OSSL_ECDH_COMPUTE_KEY), "ossl_ecdh_compute_key"},
-    {ERR_FUNC(EC_F_OSSL_ECDSA_SIGN_SIG), "ossl_ecdsa_sign_sig"},
-    {ERR_FUNC(EC_F_OSSL_ECDSA_VERIFY_SIG), "ossl_ecdsa_verify_sig"},
-    {ERR_FUNC(EC_F_PKEY_ECX_DERIVE), "pkey_ecx_derive"},
-    {ERR_FUNC(EC_F_PKEY_EC_CTRL), "pkey_ec_ctrl"},
-    {ERR_FUNC(EC_F_PKEY_EC_CTRL_STR), "pkey_ec_ctrl_str"},
-    {ERR_FUNC(EC_F_PKEY_EC_DERIVE), "pkey_ec_derive"},
-    {ERR_FUNC(EC_F_PKEY_EC_KEYGEN), "pkey_ec_keygen"},
-    {ERR_FUNC(EC_F_PKEY_EC_PARAMGEN), "pkey_ec_paramgen"},
-    {ERR_FUNC(EC_F_PKEY_EC_SIGN), "pkey_ec_sign"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_TO_INFINITY, 0),
+     "EC_POINT_set_to_infinity"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_PRE_COMP_NEW, 0), "ec_pre_comp_new"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_SCALAR_MUL_LADDER, 0),
+     "ec_scalar_mul_ladder"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_WNAF_MUL, 0), "ec_wNAF_mul"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_WNAF_PRECOMPUTE_MULT, 0),
+     "ec_wNAF_precompute_mult"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_I2D_ECPARAMETERS, 0), "i2d_ECParameters"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_I2D_ECPKPARAMETERS, 0), "i2d_ECPKParameters"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_I2D_ECPRIVATEKEY, 0), "i2d_ECPrivateKey"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_I2O_ECPUBLICKEY, 0), "i2o_ECPublicKey"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_NISTP224_PRE_COMP_NEW, 0),
+     "nistp224_pre_comp_new"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_NISTP256_PRE_COMP_NEW, 0),
+     "nistp256_pre_comp_new"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_NISTP521_PRE_COMP_NEW, 0),
+     "nistp521_pre_comp_new"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_O2I_ECPUBLICKEY, 0), "o2i_ECPublicKey"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_OLD_EC_PRIV_DECODE, 0), "old_ec_priv_decode"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_OSSL_ECDH_COMPUTE_KEY, 0),
+     "ossl_ecdh_compute_key"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_OSSL_ECDSA_SIGN_SIG, 0), "ossl_ecdsa_sign_sig"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_OSSL_ECDSA_VERIFY_SIG, 0),
+     "ossl_ecdsa_verify_sig"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_ECD_CTRL, 0), "pkey_ecd_ctrl"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_ECD_DIGESTSIGN, 0), "pkey_ecd_digestsign"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_ECD_DIGESTSIGN25519, 0),
+     "pkey_ecd_digestsign25519"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_ECD_DIGESTSIGN448, 0),
+     "pkey_ecd_digestsign448"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_ECX_DERIVE, 0), "pkey_ecx_derive"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_CTRL, 0), "pkey_ec_ctrl"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_CTRL_STR, 0), "pkey_ec_ctrl_str"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_DERIVE, 0), "pkey_ec_derive"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_INIT, 0), "pkey_ec_init"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_KDF_DERIVE, 0), "pkey_ec_kdf_derive"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_KEYGEN, 0), "pkey_ec_keygen"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_PARAMGEN, 0), "pkey_ec_paramgen"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_SIGN, 0), "pkey_ec_sign"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_VALIDATE_ECX_DERIVE, 0), "validate_ecx_derive"},
     {0, NULL}
 };
 
-static ERR_STRING_DATA EC_str_reasons[] = {
-    {ERR_REASON(EC_R_ASN1_ERROR), "asn1 error"},
-    {ERR_REASON(EC_R_BAD_SIGNATURE), "bad signature"},
-    {ERR_REASON(EC_R_BIGNUM_OUT_OF_RANGE), "bignum out of range"},
-    {ERR_REASON(EC_R_BUFFER_TOO_SMALL), "buffer too small"},
-    {ERR_REASON(EC_R_COORDINATES_OUT_OF_RANGE), "coordinates out of range"},
-    {ERR_REASON(EC_R_CURVE_DOES_NOT_SUPPORT_ECDH),
-     "curve does not support ecdh"},
-    {ERR_REASON(EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING),
-     "curve does not support signing"},
-    {ERR_REASON(EC_R_D2I_ECPKPARAMETERS_FAILURE),
-     "d2i ecpkparameters failure"},
-    {ERR_REASON(EC_R_DECODE_ERROR), "decode error"},
-    {ERR_REASON(EC_R_DISCRIMINANT_IS_ZERO), "discriminant is zero"},
-    {ERR_REASON(EC_R_EC_GROUP_NEW_BY_NAME_FAILURE),
-     "ec group new by name failure"},
-    {ERR_REASON(EC_R_FIELD_TOO_LARGE), "field too large"},
-    {ERR_REASON(EC_R_GF2M_NOT_SUPPORTED), "gf2m not supported"},
-    {ERR_REASON(EC_R_GROUP2PKPARAMETERS_FAILURE),
-     "group2pkparameters failure"},
-    {ERR_REASON(EC_R_I2D_ECPKPARAMETERS_FAILURE),
-     "i2d ecpkparameters failure"},
-    {ERR_REASON(EC_R_INCOMPATIBLE_OBJECTS), "incompatible objects"},
-    {ERR_REASON(EC_R_INVALID_ARGUMENT), "invalid argument"},
-    {ERR_REASON(EC_R_INVALID_COMPRESSED_POINT), "invalid compressed point"},
-    {ERR_REASON(EC_R_INVALID_COMPRESSION_BIT), "invalid compression bit"},
-    {ERR_REASON(EC_R_INVALID_CURVE), "invalid curve"},
-    {ERR_REASON(EC_R_INVALID_DIGEST), "invalid digest"},
-    {ERR_REASON(EC_R_INVALID_DIGEST_TYPE), "invalid digest type"},
-    {ERR_REASON(EC_R_INVALID_ENCODING), "invalid encoding"},
-    {ERR_REASON(EC_R_INVALID_FIELD), "invalid field"},
-    {ERR_REASON(EC_R_INVALID_FORM), "invalid form"},
-    {ERR_REASON(EC_R_INVALID_GROUP_ORDER), "invalid group order"},
-    {ERR_REASON(EC_R_INVALID_KEY), "invalid key"},
-    {ERR_REASON(EC_R_INVALID_OUTPUT_LENGTH), "invalid output length"},
-    {ERR_REASON(EC_R_INVALID_PEER_KEY), "invalid peer key"},
-    {ERR_REASON(EC_R_INVALID_PENTANOMIAL_BASIS), "invalid pentanomial basis"},
-    {ERR_REASON(EC_R_INVALID_PRIVATE_KEY), "invalid private key"},
-    {ERR_REASON(EC_R_INVALID_TRINOMIAL_BASIS), "invalid trinomial basis"},
-    {ERR_REASON(EC_R_KDF_PARAMETER_ERROR), "kdf parameter error"},
-    {ERR_REASON(EC_R_KEYS_NOT_SET), "keys not set"},
-    {ERR_REASON(EC_R_MISSING_PARAMETERS), "missing parameters"},
-    {ERR_REASON(EC_R_MISSING_PRIVATE_KEY), "missing private key"},
-    {ERR_REASON(EC_R_NEED_NEW_SETUP_VALUES), "need new setup values"},
-    {ERR_REASON(EC_R_NOT_A_NIST_PRIME), "not a NIST prime"},
-    {ERR_REASON(EC_R_NOT_IMPLEMENTED), "not implemented"},
-    {ERR_REASON(EC_R_NOT_INITIALIZED), "not initialized"},
-    {ERR_REASON(EC_R_NO_PARAMETERS_SET), "no parameters set"},
-    {ERR_REASON(EC_R_NO_PRIVATE_VALUE), "no private value"},
-    {ERR_REASON(EC_R_OPERATION_NOT_SUPPORTED), "operation not supported"},
-    {ERR_REASON(EC_R_PASSED_NULL_PARAMETER), "passed null parameter"},
-    {ERR_REASON(EC_R_PEER_KEY_ERROR), "peer key error"},
-    {ERR_REASON(EC_R_PKPARAMETERS2GROUP_FAILURE),
-     "pkparameters2group failure"},
-    {ERR_REASON(EC_R_POINT_ARITHMETIC_FAILURE), "point arithmetic failure"},
-    {ERR_REASON(EC_R_POINT_AT_INFINITY), "point at infinity"},
-    {ERR_REASON(EC_R_POINT_IS_NOT_ON_CURVE), "point is not on curve"},
-    {ERR_REASON(EC_R_RANDOM_NUMBER_GENERATION_FAILED),
-     "random number generation failed"},
-    {ERR_REASON(EC_R_SHARED_INFO_ERROR), "shared info error"},
-    {ERR_REASON(EC_R_SLOT_FULL), "slot full"},
-    {ERR_REASON(EC_R_UNDEFINED_GENERATOR), "undefined generator"},
-    {ERR_REASON(EC_R_UNDEFINED_ORDER), "undefined order"},
-    {ERR_REASON(EC_R_UNKNOWN_GROUP), "unknown group"},
-    {ERR_REASON(EC_R_UNKNOWN_ORDER), "unknown order"},
-    {ERR_REASON(EC_R_UNSUPPORTED_FIELD), "unsupported field"},
-    {ERR_REASON(EC_R_WRONG_CURVE_PARAMETERS), "wrong curve parameters"},
-    {ERR_REASON(EC_R_WRONG_ORDER), "wrong order"},
+static const ERR_STRING_DATA EC_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_ASN1_ERROR), "asn1 error"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_BAD_SIGNATURE), "bad signature"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_BIGNUM_OUT_OF_RANGE), "bignum out of range"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_BUFFER_TOO_SMALL), "buffer too small"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_COORDINATES_OUT_OF_RANGE),
+    "coordinates out of range"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_CURVE_DOES_NOT_SUPPORT_ECDH),
+    "curve does not support ecdh"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING),
+    "curve does not support signing"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_D2I_ECPKPARAMETERS_FAILURE),
+    "d2i ecpkparameters failure"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_DECODE_ERROR), "decode error"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_DISCRIMINANT_IS_ZERO),
+    "discriminant is zero"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_EC_GROUP_NEW_BY_NAME_FAILURE),
+    "ec group new by name failure"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_FIELD_TOO_LARGE), "field too large"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_GF2M_NOT_SUPPORTED), "gf2m not supported"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_GROUP2PKPARAMETERS_FAILURE),
+    "group2pkparameters failure"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_I2D_ECPKPARAMETERS_FAILURE),
+    "i2d ecpkparameters failure"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INCOMPATIBLE_OBJECTS),
+    "incompatible objects"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_ARGUMENT), "invalid argument"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_COMPRESSED_POINT),
+    "invalid compressed point"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_COMPRESSION_BIT),
+    "invalid compression bit"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_CURVE), "invalid curve"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_DIGEST), "invalid digest"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_DIGEST_TYPE), "invalid digest type"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_ENCODING), "invalid encoding"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_FIELD), "invalid field"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_FORM), "invalid form"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_GROUP_ORDER), "invalid group order"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_KEY), "invalid key"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_OUTPUT_LENGTH),
+    "invalid output length"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_PEER_KEY), "invalid peer key"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_PENTANOMIAL_BASIS),
+    "invalid pentanomial basis"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_PRIVATE_KEY), "invalid private key"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_TRINOMIAL_BASIS),
+    "invalid trinomial basis"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_KDF_PARAMETER_ERROR), "kdf parameter error"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_KEYS_NOT_SET), "keys not set"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_LADDER_POST_FAILURE), "ladder post failure"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_LADDER_PRE_FAILURE), "ladder pre failure"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_LADDER_STEP_FAILURE), "ladder step failure"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_MISSING_PARAMETERS), "missing parameters"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_MISSING_PRIVATE_KEY), "missing private key"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_NEED_NEW_SETUP_VALUES),
+    "need new setup values"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_NOT_A_NIST_PRIME), "not a NIST prime"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_NOT_IMPLEMENTED), "not implemented"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_NOT_INITIALIZED), "not initialized"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_NO_PARAMETERS_SET), "no parameters set"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_NO_PRIVATE_VALUE), "no private value"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_OPERATION_NOT_SUPPORTED),
+    "operation not supported"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_PASSED_NULL_PARAMETER),
+    "passed null parameter"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_PEER_KEY_ERROR), "peer key error"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_PKPARAMETERS2GROUP_FAILURE),
+    "pkparameters2group failure"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_POINT_ARITHMETIC_FAILURE),
+    "point arithmetic failure"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_POINT_AT_INFINITY), "point at infinity"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_POINT_COORDINATES_BLIND_FAILURE),
+    "point coordinates blind failure"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_POINT_IS_NOT_ON_CURVE),
+    "point is not on curve"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_RANDOM_NUMBER_GENERATION_FAILED),
+    "random number generation failed"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_SHARED_INFO_ERROR), "shared info error"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_SLOT_FULL), "slot full"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_UNDEFINED_GENERATOR), "undefined generator"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_UNDEFINED_ORDER), "undefined order"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_UNKNOWN_COFACTOR), "unknown cofactor"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_UNKNOWN_GROUP), "unknown group"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_UNKNOWN_ORDER), "unknown order"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_UNSUPPORTED_FIELD), "unsupported field"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_WRONG_CURVE_PARAMETERS),
+    "wrong curve parameters"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_WRONG_ORDER), "wrong order"},
     {0, NULL}
 };
 
@@ -282,10 +378,9 @@ static ERR_STRING_DATA EC_str_reasons[] = {
 int ERR_load_EC_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
-
     if (ERR_func_error_string(EC_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, EC_str_functs);
-        ERR_load_strings(0, EC_str_reasons);
+        ERR_load_strings_const(EC_str_functs);
+        ERR_load_strings_const(EC_str_reasons);
     }
 #endif
     return 1;
diff --git a/deps/openssl/openssl/crypto/ec/ec_key.c b/deps/openssl/openssl/crypto/ec/ec_key.c
index 462156f204..9349abf030 100644
--- a/deps/openssl/openssl/crypto/ec/ec_key.c
+++ b/deps/openssl/openssl/crypto/ec/ec_key.c
@@ -1,5 +1,6 @@
 /*
  * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -7,15 +8,10 @@
  * https://www.openssl.org/source/license.html
  */
 
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Portions originally developed by SUN MICROSYSTEMS, INC., and
- * contributed to the OpenSSL project.
- */
-
-#include <internal/cryptlib.h>
+#include "internal/cryptlib.h"
 #include <string.h>
 #include "ec_lcl.h"
+#include "internal/refcount.h"
 #include <openssl/err.h>
 #include <openssl/engine.h>
 
@@ -49,7 +45,7 @@ void EC_KEY_free(EC_KEY *r)
     if (r == NULL)
         return;
 
-    CRYPTO_atomic_add(&r->references, -1, &i, r->lock);
+    CRYPTO_DOWN_REF(&r->references, &i, r->lock);
     REF_PRINT_COUNT("EC_KEY", r);
     if (i > 0)
         return;
@@ -169,7 +165,7 @@ int EC_KEY_up_ref(EC_KEY *r)
 {
     int i;
 
-    if (CRYPTO_atomic_add(&r->references, 1, &i, r->lock) <= 0)
+    if (CRYPTO_UP_REF(&r->references, &i, r->lock) <= 0)
         return 0;
 
     REF_PRINT_COUNT("EC_KEY", r);
@@ -177,6 +173,11 @@ int EC_KEY_up_ref(EC_KEY *r)
     return ((i > 1) ? 1 : 0);
 }
 
+ENGINE *EC_KEY_get0_engine(const EC_KEY *eckey)
+{
+    return eckey->engine;
+}
+
 int EC_KEY_generate_key(EC_KEY *eckey)
 {
     if (eckey == NULL || eckey->group == NULL) {
@@ -191,7 +192,6 @@ int EC_KEY_generate_key(EC_KEY *eckey)
 
 int ossl_ec_key_gen(EC_KEY *eckey)
 {
-    OPENSSL_assert(eckey->group->meth->keygen != NULL);
     return eckey->group->meth->keygen(eckey);
 }
 
@@ -218,7 +218,7 @@ int ec_key_simple_generate_key(EC_KEY *eckey)
         goto err;
 
     do
-        if (!BN_rand_range(priv_key, order))
+        if (!BN_priv_rand_range(priv_key, order))
             goto err;
     while (BN_is_zero(priv_key)) ;
 
@@ -341,9 +341,6 @@ int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x,
     BIGNUM *tx, *ty;
     EC_POINT *point = NULL;
     int ok = 0;
-#ifndef OPENSSL_NO_EC2M
-    int tmp_nid, is_char_two = 0;
-#endif
 
     if (key == NULL || key->group == NULL || x == NULL || y == NULL) {
         ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES,
@@ -365,29 +362,11 @@ int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x,
     if (ty == NULL)
         goto err;
 
-#ifndef OPENSSL_NO_EC2M
-    tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(key->group));
-
-    if (tmp_nid == NID_X9_62_characteristic_two_field)
-        is_char_two = 1;
+    if (!EC_POINT_set_affine_coordinates(key->group, point, x, y, ctx))
+        goto err;
+    if (!EC_POINT_get_affine_coordinates(key->group, point, tx, ty, ctx))
+        goto err;
 
-    if (is_char_two) {
-        if (!EC_POINT_set_affine_coordinates_GF2m(key->group, point,
-                                                  x, y, ctx))
-            goto err;
-        if (!EC_POINT_get_affine_coordinates_GF2m(key->group, point,
-                                                  tx, ty, ctx))
-            goto err;
-    } else
-#endif
-    {
-        if (!EC_POINT_set_affine_coordinates_GFp(key->group, point,
-                                                 x, y, ctx))
-            goto err;
-        if (!EC_POINT_get_affine_coordinates_GFp(key->group, point,
-                                                 tx, ty, ctx))
-            goto err;
-    }
     /*
      * Check if retrieved coordinates match originals and are less than field
      * order: if not values are out of range.
@@ -613,12 +592,14 @@ size_t EC_KEY_priv2buf(const EC_KEY *eckey, unsigned char **pbuf)
 {
     size_t len;
     unsigned char *buf;
+
     len = EC_KEY_priv2oct(eckey, NULL, 0);
     if (len == 0)
         return 0;
-    buf = OPENSSL_malloc(len);
-    if (buf == NULL)
+    if ((buf = OPENSSL_malloc(len)) == NULL) {
+        ECerr(EC_F_EC_KEY_PRIV2BUF, ERR_R_MALLOC_FAILURE);
         return 0;
+    }
     len = EC_KEY_priv2oct(eckey, buf, len);
     if (len == 0) {
         OPENSSL_free(buf);
diff --git a/deps/openssl/openssl/crypto/ec/ec_lcl.h b/deps/openssl/openssl/crypto/ec/ec_lcl.h
index ca1776efdb..e055ddab1c 100644
--- a/deps/openssl/openssl/crypto/ec/ec_lcl.h
+++ b/deps/openssl/openssl/crypto/ec/ec_lcl.h
@@ -1,5 +1,6 @@
 /*
  * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -7,27 +8,14 @@
  * https://www.openssl.org/source/license.html
  */
 
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * The elliptic curve binary polynomial software is originally written by
- * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
-
 #include <stdlib.h>
 
 #include <openssl/obj_mac.h>
 #include <openssl/ec.h>
 #include <openssl/bn.h>
-
-#include "e_os.h"
+#include "internal/refcount.h"
+#include "internal/ec_int.h"
+#include "curve448/curve448_lcl.h"
 
 #if defined(__SUNPRO_C)
 # if __SUNPRO_C >= 0x520
@@ -62,8 +50,7 @@ struct ec_method_st {
     void (*group_finish) (EC_GROUP *);
     void (*group_clear_finish) (EC_GROUP *);
     int (*group_copy) (EC_GROUP *, const EC_GROUP *);
-    /* used by EC_GROUP_set_curve_GFp, EC_GROUP_get_curve_GFp, */
-    /* EC_GROUP_set_curve_GF2m, and EC_GROUP_get_curve_GF2m: */
+    /* used by EC_GROUP_set_curve, EC_GROUP_get_curve: */
     int (*group_set_curve) (EC_GROUP *, const BIGNUM *p, const BIGNUM *a,
                             const BIGNUM *b, BN_CTX *);
     int (*group_get_curve) (const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b,
@@ -85,9 +72,9 @@ struct ec_method_st {
      * used by EC_POINT_set_to_infinity,
      * EC_POINT_set_Jprojective_coordinates_GFp,
      * EC_POINT_get_Jprojective_coordinates_GFp,
-     * EC_POINT_set_affine_coordinates_GFp,     ..._GF2m,
-     * EC_POINT_get_affine_coordinates_GFp,     ..._GF2m,
-     * EC_POINT_set_compressed_coordinates_GFp, ..._GF2m:
+     * EC_POINT_set_affine_coordinates,
+     * EC_POINT_get_affine_coordinates,
+     * EC_POINT_set_compressed_coordinates:
      */
     int (*point_set_to_infinity) (const EC_GROUP *, EC_POINT *);
     int (*point_set_Jprojective_coordinates_GFp) (const EC_GROUP *,
@@ -133,6 +120,23 @@ struct ec_method_st {
      * EC_POINT_have_precompute_mult (default implementations are used if the
      * 'mul' pointer is 0):
      */
+    /*-
+     * mul() calculates the value
+     *
+     *   r := generator * scalar
+     *        + points[0] * scalars[0]
+     *        + ...
+     *        + points[num-1] * scalars[num-1].
+     *
+     * For a fixed point multiplication (scalar != NULL, num == 0)
+     * or a variable point multiplication (scalar == NULL, num == 1),
+     * mul() must use a constant time algorithm: in both cases callers
+     * should provide an input scalar (either scalar or scalars[0])
+     * in the range [0, ec_group_order); for robustness, implementers
+     * should handle the case when the scalar has not been reduced, but
+     * may treat it as an unusual input, without any constant-timeness
+     * guarantee.
+     */
     int (*mul) (const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
                 size_t num, const EC_POINT *points[], const BIGNUM *scalars[],
                 BN_CTX *);
@@ -169,7 +173,19 @@ struct ec_method_st {
     /* custom ECDH operation */
     int (*ecdh_compute_key)(unsigned char **pout, size_t *poutlen,
                             const EC_POINT *pub_key, const EC_KEY *ecdh);
+    /* Inverse modulo order */
+    int (*field_inverse_mod_ord)(const EC_GROUP *, BIGNUM *r,
+                                 const BIGNUM *x, BN_CTX *);
     int (*blind_coordinates)(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx);
+    int (*ladder_pre)(const EC_GROUP *group,
+                      EC_POINT *r, EC_POINT *s,
+                      EC_POINT *p, BN_CTX *ctx);
+    int (*ladder_step)(const EC_GROUP *group,
+                       EC_POINT *r, EC_POINT *s,
+                       EC_POINT *p, BN_CTX *ctx);
+    int (*ladder_post)(const EC_GROUP *group,
+                       EC_POINT *r, EC_POINT *s,
+                       EC_POINT *p, BN_CTX *ctx);
 };
 
 /*
@@ -262,7 +278,7 @@ struct ec_key_st {
     BIGNUM *priv_key;
     unsigned int enc_flag;
     point_conversion_form_t conv_form;
-    int references;
+    CRYPTO_REF_COUNT references;
     int flags;
     CRYPTO_EX_DATA ex_data;
     CRYPTO_RWLOCK *lock;
@@ -284,7 +300,6 @@ struct ec_point_st {
                                  * special case */
 };
 
-
 static ossl_inline int ec_point_is_compat(const EC_POINT *point,
                                           const EC_GROUP *group)
 {
@@ -297,7 +312,6 @@ static ossl_inline int ec_point_is_compat(const EC_POINT *point,
     return 1;
 }
 
-
 NISTP224_PRE_COMP *EC_nistp224_pre_comp_dup(NISTP224_PRE_COMP *);
 NISTP256_PRE_COMP *EC_nistp256_pre_comp_dup(NISTP256_PRE_COMP *);
 NISTP521_PRE_COMP *EC_nistp521_pre_comp_dup(NISTP521_PRE_COMP *);
@@ -378,6 +392,15 @@ int ec_GFp_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
                             BN_CTX *);
 int ec_GFp_simple_blind_coordinates(const EC_GROUP *group, EC_POINT *p,
                                     BN_CTX *ctx);
+int ec_GFp_simple_ladder_pre(const EC_GROUP *group,
+                             EC_POINT *r, EC_POINT *s,
+                             EC_POINT *p, BN_CTX *ctx);
+int ec_GFp_simple_ladder_step(const EC_GROUP *group,
+                              EC_POINT *r, EC_POINT *s,
+                              EC_POINT *p, BN_CTX *ctx);
+int ec_GFp_simple_ladder_post(const EC_GROUP *group,
+                              EC_POINT *r, EC_POINT *s,
+                              EC_POINT *p, BN_CTX *ctx);
 
 /* method functions in ecp_mont.c */
 int ec_GFp_mont_group_init(EC_GROUP *);
@@ -455,14 +478,6 @@ int ec_GF2m_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
 int ec_GF2m_simple_field_div(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
                              const BIGNUM *b, BN_CTX *);
 
-/* method functions in ec2_mult.c */
-int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r,
-                       const BIGNUM *scalar, size_t num,
-                       const EC_POINT *points[], const BIGNUM *scalars[],
-                       BN_CTX *);
-int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
-int ec_GF2m_have_precompute_mult(const EC_GROUP *group);
-
 #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
 /* method functions in ecp_nistp224.c */
 int ec_GFp_nistp224_group_init(EC_GROUP *group);
@@ -553,7 +568,6 @@ void ec_GFp_nistp_points_make_affine_internal(size_t num, void *point_array,
 void ec_GFp_nistp_recode_scalar_bits(unsigned char *sign,
                                      unsigned char *digit, unsigned char in);
 #endif
-int ec_precompute_mont_data(EC_GROUP *);
 int ec_group_simple_order_bits(const EC_GROUP *group);
 
 #ifdef ECP_NISTZ256_ASM
@@ -626,9 +640,88 @@ int ossl_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len,
 int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len,
                           const ECDSA_SIG *sig, EC_KEY *eckey);
 
+int ED25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len,
+                 const uint8_t public_key[32], const uint8_t private_key[32]);
+int ED25519_verify(const uint8_t *message, size_t message_len,
+                   const uint8_t signature[64], const uint8_t public_key[32]);
+void ED25519_public_from_private(uint8_t out_public_key[32],
+                                 const uint8_t private_key[32]);
+
 int X25519(uint8_t out_shared_key[32], const uint8_t private_key[32],
            const uint8_t peer_public_value[32]);
 void X25519_public_from_private(uint8_t out_public_value[32],
                                 const uint8_t private_key[32]);
 
+/*-
+ * This functions computes a single point multiplication over the EC group,
+ * using, at a high level, a Montgomery ladder with conditional swaps, with
+ * various timing attack defenses.
+ *
+ * It performs either a fixed point multiplication
+ *          (scalar * generator)
+ * when point is NULL, or a variable point multiplication
+ *          (scalar * point)
+ * when point is not NULL.
+ *
+ * `scalar` cannot be NULL and should be in the range [0,n) otherwise all
+ * constant time bets are off (where n is the cardinality of the EC group).
+ *
+ * This function expects `group->order` and `group->cardinality` to be well
+ * defined and non-zero: it fails with an error code otherwise.
+ *
+ * NB: This says nothing about the constant-timeness of the ladder step
+ * implementation (i.e., the default implementation is based on EC_POINT_add and
+ * EC_POINT_dbl, which of course are not constant time themselves) or the
+ * underlying multiprecision arithmetic.
+ *
+ * The product is stored in `r`.
+ *
+ * This is an internal function: callers are in charge of ensuring that the
+ * input parameters `group`, `r`, `scalar` and `ctx` are not NULL.
+ *
+ * Returns 1 on success, 0 otherwise.
+ */
+int ec_scalar_mul_ladder(const EC_GROUP *group, EC_POINT *r,
+                         const BIGNUM *scalar, const EC_POINT *point,
+                         BN_CTX *ctx);
+
 int ec_point_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx);
+
+static ossl_inline int ec_point_ladder_pre(const EC_GROUP *group,
+                                           EC_POINT *r, EC_POINT *s,
+                                           EC_POINT *p, BN_CTX *ctx)
+{
+    if (group->meth->ladder_pre != NULL)
+        return group->meth->ladder_pre(group, r, s, p, ctx);
+
+    if (!EC_POINT_copy(s, p)
+        || !EC_POINT_dbl(group, r, s, ctx))
+        return 0;
+
+    return 1;
+}
+
+static ossl_inline int ec_point_ladder_step(const EC_GROUP *group,
+                                            EC_POINT *r, EC_POINT *s,
+                                            EC_POINT *p, BN_CTX *ctx)
+{
+    if (group->meth->ladder_step != NULL)
+        return group->meth->ladder_step(group, r, s, p, ctx);
+
+    if (!EC_POINT_add(group, s, r, s, ctx)
+        || !EC_POINT_dbl(group, r, r, ctx))
+        return 0;
+
+    return 1;
+
+}
+
+static ossl_inline int ec_point_ladder_post(const EC_GROUP *group,
+                                            EC_POINT *r, EC_POINT *s,
+                                            EC_POINT *p, BN_CTX *ctx)
+{
+    if (group->meth->ladder_post != NULL)
+        return group->meth->ladder_post(group, r, s, p, ctx);
+
+    return 1;
+}
diff --git a/deps/openssl/openssl/crypto/ec/ec_lib.c b/deps/openssl/openssl/crypto/ec/ec_lib.c
index a7be03b627..b89e3979d9 100644
--- a/deps/openssl/openssl/crypto/ec/ec_lib.c
+++ b/deps/openssl/openssl/crypto/ec/ec_lib.c
@@ -1,5 +1,6 @@
 /*
  * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -7,12 +8,6 @@
  * https://www.openssl.org/source/license.html
  */
 
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Binary polynomial ECC support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
 #include <string.h>
 
 #include <openssl/err.h>
@@ -66,13 +61,13 @@ EC_GROUP *EC_GROUP_new(const EC_METHOD *meth)
 void EC_pre_comp_free(EC_GROUP *group)
 {
     switch (group->pre_comp_type) {
-    default:
+    case PCT_none:
         break;
-#ifdef ECP_NISTZ256_REFERENCE_IMPLEMENTATION
     case PCT_nistz256:
+#ifdef ECP_NISTZ256_ASM
         EC_nistz256_pre_comp_free(group->pre_comp.nistz256);
-        break;
 #endif
+        break;
 #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
     case PCT_nistp224:
         EC_nistp224_pre_comp_free(group->pre_comp.nistp224);
@@ -83,6 +78,11 @@ void EC_pre_comp_free(EC_GROUP *group)
     case PCT_nistp521:
         EC_nistp521_pre_comp_free(group->pre_comp.nistp521);
         break;
+#else
+    case PCT_nistp224:
+    case PCT_nistp256:
+    case PCT_nistp521:
+        break;
 #endif
     case PCT_ec:
         EC_ec_pre_comp_free(group->pre_comp.ec);
@@ -145,14 +145,14 @@ int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src)
     /* Copy precomputed */
     dest->pre_comp_type = src->pre_comp_type;
     switch (src->pre_comp_type) {
-    default:
+    case PCT_none:
         dest->pre_comp.ec = NULL;
         break;
-#ifdef ECP_NISTZ256_REFERENCE_IMPLEMENTATION
     case PCT_nistz256:
+#ifdef ECP_NISTZ256_ASM
         dest->pre_comp.nistz256 = EC_nistz256_pre_comp_dup(src->pre_comp.nistz256);
-        break;
 #endif
+        break;
 #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
     case PCT_nistp224:
         dest->pre_comp.nistp224 = EC_nistp224_pre_comp_dup(src->pre_comp.nistp224);
@@ -163,6 +163,11 @@ int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src)
     case PCT_nistp521:
         dest->pre_comp.nistp521 = EC_nistp521_pre_comp_dup(src->pre_comp.nistp521);
         break;
+#else
+    case PCT_nistp224:
+    case PCT_nistp256:
+    case PCT_nistp521:
+        break;
 #endif
     case PCT_ec:
         dest->pre_comp.ec = EC_ec_pre_comp_dup(src->pre_comp.ec);
@@ -209,9 +214,10 @@ int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src)
 
     if (src->seed) {
         OPENSSL_free(dest->seed);
-        dest->seed = OPENSSL_malloc(src->seed_len);
-        if (dest->seed == NULL)
+        if ((dest->seed = OPENSSL_malloc(src->seed_len)) == NULL) {
+            ECerr(EC_F_EC_GROUP_COPY, ERR_R_MALLOC_FAILURE);
             return 0;
+        }
         if (!memcpy(dest->seed, src->seed, src->seed_len))
             return 0;
         dest->seed_len = src->seed_len;
@@ -233,7 +239,7 @@ EC_GROUP *EC_GROUP_dup(const EC_GROUP *a)
         return NULL;
 
     if ((t = EC_GROUP_new(a->meth)) == NULL)
-        return (NULL);
+        return NULL;
     if (!EC_GROUP_copy(t, a))
         goto err;
 
@@ -257,6 +263,8 @@ int EC_METHOD_get_field_type(const EC_METHOD *meth)
     return meth->field_type;
 }
 
+static int ec_precompute_mont_data(EC_GROUP *);
+
 int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator,
                            const BIGNUM *order, const BIGNUM *cofactor)
 {
@@ -326,7 +334,6 @@ const BIGNUM *EC_GROUP_get0_order(const EC_GROUP *group)
 
 int EC_GROUP_order_bits(const EC_GROUP *group)
 {
-    OPENSSL_assert(group->meth->group_order_bits != NULL);
     return group->meth->group_order_bits(group);
 }
 
@@ -388,8 +395,10 @@ size_t EC_GROUP_set_seed(EC_GROUP *group, const unsigned char *p, size_t len)
     if (!len || !p)
         return 1;
 
-    if ((group->seed = OPENSSL_malloc(len)) == NULL)
+    if ((group->seed = OPENSSL_malloc(len)) == NULL) {
+        ECerr(EC_F_EC_GROUP_SET_SEED, ERR_R_MALLOC_FAILURE);
         return 0;
+    }
     memcpy(group->seed, p, len);
     group->seed_len = len;
 
@@ -406,48 +415,52 @@ size_t EC_GROUP_get_seed_len(const EC_GROUP *group)
     return group->seed_len;
 }
 
-int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
-                           const BIGNUM *b, BN_CTX *ctx)
+int EC_GROUP_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
+                       const BIGNUM *b, BN_CTX *ctx)
 {
     if (group->meth->group_set_curve == 0) {
-        ECerr(EC_F_EC_GROUP_SET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        ECerr(EC_F_EC_GROUP_SET_CURVE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
         return 0;
     }
     return group->meth->group_set_curve(group, p, a, b, ctx);
 }
 
-int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a,
-                           BIGNUM *b, BN_CTX *ctx)
+int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b,
+                       BN_CTX *ctx)
 {
-    if (group->meth->group_get_curve == 0) {
-        ECerr(EC_F_EC_GROUP_GET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+    if (group->meth->group_get_curve == NULL) {
+        ECerr(EC_F_EC_GROUP_GET_CURVE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
         return 0;
     }
     return group->meth->group_get_curve(group, p, a, b, ctx);
 }
 
-#ifndef OPENSSL_NO_EC2M
+#if OPENSSL_API_COMPAT < 0x10200000L
+int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
+                           const BIGNUM *b, BN_CTX *ctx)
+{
+    return EC_GROUP_set_curve(group, p, a, b, ctx);
+}
+
+int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a,
+                           BIGNUM *b, BN_CTX *ctx)
+{
+    return EC_GROUP_get_curve(group, p, a, b, ctx);
+}
+
+# ifndef OPENSSL_NO_EC2M
 int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
                             const BIGNUM *b, BN_CTX *ctx)
 {
-    if (group->meth->group_set_curve == 0) {
-        ECerr(EC_F_EC_GROUP_SET_CURVE_GF2M,
-              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-        return 0;
-    }
-    return group->meth->group_set_curve(group, p, a, b, ctx);
+    return EC_GROUP_set_curve(group, p, a, b, ctx);
 }
 
 int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a,
                             BIGNUM *b, BN_CTX *ctx)
 {
-    if (group->meth->group_get_curve == 0) {
-        ECerr(EC_F_EC_GROUP_GET_CURVE_GF2M,
-              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-        return 0;
-    }
-    return group->meth->group_get_curve(group, p, a, b, ctx);
+    return EC_GROUP_get_curve(group, p, a, b, ctx);
 }
+# endif
 #endif
 
 int EC_GROUP_get_degree(const EC_GROUP *group)
@@ -552,7 +565,7 @@ EC_POINT *EC_POINT_new(const EC_GROUP *group)
         ECerr(EC_F_EC_POINT_NEW, ERR_R_PASSED_NULL_PARAMETER);
         return NULL;
     }
-    if (group->meth->point_init == 0) {
+    if (group->meth->point_init == NULL) {
         ECerr(EC_F_EC_POINT_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
         return NULL;
     }
@@ -624,7 +637,7 @@ EC_POINT *EC_POINT_dup(const EC_POINT *a, const EC_GROUP *group)
 
     t = EC_POINT_new(group);
     if (t == NULL)
-        return (NULL);
+        return NULL;
     r = EC_POINT_copy(t, a);
     if (!r) {
         EC_POINT_free(t);
@@ -690,102 +703,83 @@ int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group,
                                                               y, z, ctx);
 }
 
-int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group,
-                                        EC_POINT *point, const BIGNUM *x,
-                                        const BIGNUM *y, BN_CTX *ctx)
+int EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *point,
+                                    const BIGNUM *x, const BIGNUM *y,
+                                    BN_CTX *ctx)
 {
-    if (group->meth->point_set_affine_coordinates == 0) {
-        ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP,
+    if (group->meth->point_set_affine_coordinates == NULL) {
+        ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES,
               ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
         return 0;
     }
     if (!ec_point_is_compat(point, group)) {
-        ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP,
-              EC_R_INCOMPATIBLE_OBJECTS);
+        ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES, EC_R_INCOMPATIBLE_OBJECTS);
         return 0;
     }
     if (!group->meth->point_set_affine_coordinates(group, point, x, y, ctx))
         return 0;
 
     if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
-        ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP,
-              EC_R_POINT_IS_NOT_ON_CURVE);
+        ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES, EC_R_POINT_IS_NOT_ON_CURVE);
         return 0;
     }
     return 1;
 }
 
-#ifndef OPENSSL_NO_EC2M
+#if OPENSSL_API_COMPAT < 0x10200000L
+int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group,
+                                        EC_POINT *point, const BIGNUM *x,
+                                        const BIGNUM *y, BN_CTX *ctx)
+{
+    return EC_POINT_set_affine_coordinates(group, point, x, y, ctx);
+}
+
+# ifndef OPENSSL_NO_EC2M
 int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group,
                                          EC_POINT *point, const BIGNUM *x,
                                          const BIGNUM *y, BN_CTX *ctx)
 {
-    if (group->meth->point_set_affine_coordinates == 0) {
-        ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M,
-              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-        return 0;
-    }
-    if (!ec_point_is_compat(point, group)) {
-        ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M,
-              EC_R_INCOMPATIBLE_OBJECTS);
-        return 0;
-    }
-    if (!group->meth->point_set_affine_coordinates(group, point, x, y, ctx))
-        return 0;
-
-    if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
-        ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M,
-              EC_R_POINT_IS_NOT_ON_CURVE);
-        return 0;
-    }
-    return 1;
+    return EC_POINT_set_affine_coordinates(group, point, x, y, ctx);
 }
+# endif
 #endif
 
-int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
-                                        const EC_POINT *point, BIGNUM *x,
-                                        BIGNUM *y, BN_CTX *ctx)
+int EC_POINT_get_affine_coordinates(const EC_GROUP *group,
+                                    const EC_POINT *point, BIGNUM *x, BIGNUM *y,
+                                    BN_CTX *ctx)
 {
-    if (group->meth->point_get_affine_coordinates == 0) {
-        ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP,
+    if (group->meth->point_get_affine_coordinates == NULL) {
+        ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES,
               ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
         return 0;
     }
     if (!ec_point_is_compat(point, group)) {
-        ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP,
-              EC_R_INCOMPATIBLE_OBJECTS);
+        ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES, EC_R_INCOMPATIBLE_OBJECTS);
         return 0;
     }
     if (EC_POINT_is_at_infinity(group, point)) {
-        ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP,
-              EC_R_POINT_AT_INFINITY);
+        ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES, EC_R_POINT_AT_INFINITY);
         return 0;
     }
     return group->meth->point_get_affine_coordinates(group, point, x, y, ctx);
 }
 
-#ifndef OPENSSL_NO_EC2M
+#if OPENSSL_API_COMPAT < 0x10200000L
+int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
+                                        const EC_POINT *point, BIGNUM *x,
+                                        BIGNUM *y, BN_CTX *ctx)
+{
+    return EC_POINT_get_affine_coordinates(group, point, x, y, ctx);
+}
+
+# ifndef OPENSSL_NO_EC2M
 int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group,
                                          const EC_POINT *point, BIGNUM *x,
                                          BIGNUM *y, BN_CTX *ctx)
 {
-    if (group->meth->point_get_affine_coordinates == 0) {
-        ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M,
-              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-        return 0;
-    }
-    if (!ec_point_is_compat(point, group)) {
-        ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M,
-              EC_R_INCOMPATIBLE_OBJECTS);
-        return 0;
-    }
-    if (EC_POINT_is_at_infinity(group, point)) {
-        ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M,
-              EC_R_POINT_AT_INFINITY);
-        return 0;
-    }
-    return group->meth->point_get_affine_coordinates(group, point, x, y, ctx);
+    return EC_POINT_get_affine_coordinates(group, point, x, y, ctx);
 }
+# endif
 #endif
 
 int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
@@ -920,11 +914,38 @@ int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
                   size_t num, const EC_POINT *points[],
                   const BIGNUM *scalars[], BN_CTX *ctx)
 {
-    if (group->meth->mul == 0)
+    int ret = 0;
+    size_t i = 0;
+    BN_CTX *new_ctx = NULL;
+
+    if ((scalar == NULL) && (num == 0)) {
+        return EC_POINT_set_to_infinity(group, r);
+    }
+
+    if (!ec_point_is_compat(r, group)) {
+        ECerr(EC_F_EC_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    for (i = 0; i < num; i++) {
+        if (!ec_point_is_compat(points[i], group)) {
+            ECerr(EC_F_EC_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS);
+            return 0;
+        }
+    }
+
+    if (ctx == NULL && (ctx = new_ctx = BN_CTX_secure_new()) == NULL) {
+        ECerr(EC_F_EC_POINTS_MUL, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    if (group->meth->mul != NULL)
+        ret = group->meth->mul(group, r, scalar, num, points, scalars, ctx);
+    else
         /* use default */
-        return ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx);
+        ret = ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx);
 
-    return group->meth->mul(group, r, scalar, num, points, scalars, ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
 }
 
 int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar,
@@ -972,7 +993,7 @@ int EC_GROUP_have_precompute_mult(const EC_GROUP *group)
  * ec_precompute_mont_data sets |group->mont_data| from |group->order| and
  * returns one on success. On error it returns zero.
  */
-int ec_precompute_mont_data(EC_GROUP *group)
+static int ec_precompute_mont_data(EC_GROUP *group)
 {
     BN_CTX *ctx = BN_CTX_new();
     int ret = 0;
@@ -1018,6 +1039,69 @@ int ec_group_simple_order_bits(const EC_GROUP *group)
     return BN_num_bits(group->order);
 }
 
+static int ec_field_inverse_mod_ord(const EC_GROUP *group, BIGNUM *r,
+                                    const BIGNUM *x, BN_CTX *ctx)
+{
+    BIGNUM *e = NULL;
+    BN_CTX *new_ctx = NULL;
+    int ret = 0;
+
+    if (group->mont_data == NULL)
+        return 0;
+
+    if (ctx == NULL && (ctx = new_ctx = BN_CTX_secure_new()) == NULL)
+        return 0;
+
+    BN_CTX_start(ctx);
+    if ((e = BN_CTX_get(ctx)) == NULL)
+        goto err;
+
+    /*-
+     * We want inverse in constant time, therefore we utilize the fact
+     * order must be prime and use Fermats Little Theorem instead.
+     */
+    if (!BN_set_word(e, 2))
+        goto err;
+    if (!BN_sub(e, group->order, e))
+        goto err;
+    /*-
+     * Exponent e is public.
+     * No need for scatter-gather or BN_FLG_CONSTTIME.
+     */
+    if (!BN_mod_exp_mont(r, x, e, group->order, ctx, group->mont_data))
+        goto err;
+
+    ret = 1;
+
+ err:
+    if (ctx != NULL)
+        BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+/*-
+ * Default behavior, if group->meth->field_inverse_mod_ord is NULL:
+ * - When group->order is even, this function returns an error.
+ * - When group->order is otherwise composite, the correctness
+ *   of the output is not guaranteed.
+ * - When x is outside the range [1, group->order), the correctness
+ *   of the output is not guaranteed.
+ * - Otherwise, this function returns the multiplicative inverse in the
+ *   range [1, group->order).
+ *
+ * EC_METHODs must implement their own field_inverse_mod_ord for
+ * other functionality.
+ */
+int ec_group_do_inverse_ord(const EC_GROUP *group, BIGNUM *res,
+                            const BIGNUM *x, BN_CTX *ctx)
+{
+    if (group->meth->field_inverse_mod_ord != NULL)
+        return group->meth->field_inverse_mod_ord(group, res, x, ctx);
+    else
+        return ec_field_inverse_mod_ord(group, res, x, ctx);
+}
+
 /*-
  * Coordinate blinding for EC_POINT.
  *
diff --git a/deps/openssl/openssl/crypto/ec/ec_mult.c b/deps/openssl/openssl/crypto/ec/ec_mult.c
index 8350082eb4..0e0a5e1394 100644
--- a/deps/openssl/openssl/crypto/ec/ec_mult.c
+++ b/deps/openssl/openssl/crypto/ec/ec_mult.c
@@ -1,5 +1,6 @@
 /*
  * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -7,18 +8,13 @@
  * https://www.openssl.org/source/license.html
  */
 
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Portions of this software developed by SUN MICROSYSTEMS, INC.,
- * and contributed to the OpenSSL project.
- */
-
 #include <string.h>
 #include <openssl/err.h>
 
 #include "internal/cryptlib.h"
 #include "internal/bn_int.h"
 #include "ec_lcl.h"
+#include "internal/refcount.h"
 
 /*
  * This file implements the wNAF-based interleaving multi-exponentiation method
@@ -42,7 +38,7 @@ struct ec_pre_comp_st {
                                  * generator: 'num' pointers to EC_POINT
                                  * objects followed by a NULL */
     size_t num;                 /* numblocks * 2^(w-1) */
-    int references;
+    CRYPTO_REF_COUNT references;
     CRYPTO_RWLOCK *lock;
 };
 
@@ -77,7 +73,7 @@ EC_PRE_COMP *EC_ec_pre_comp_dup(EC_PRE_COMP *pre)
 {
     int i;
     if (pre != NULL)
-        CRYPTO_atomic_add(&pre->references, 1, &i, pre->lock);
+        CRYPTO_UP_REF(&pre->references, &i, pre->lock);
     return pre;
 }
 
@@ -88,7 +84,7 @@ void EC_ec_pre_comp_free(EC_PRE_COMP *pre)
     if (pre == NULL)
         return;
 
-    CRYPTO_atomic_add(&pre->references, -1, &i, pre->lock);
+    CRYPTO_DOWN_REF(&pre->references, &i, pre->lock);
     REF_PRINT_COUNT("EC_ec", pre);
     if (i > 0)
         return;
@@ -112,62 +108,95 @@ void EC_ec_pre_comp_free(EC_PRE_COMP *pre)
 } while(0)
 
 /*-
- * This functions computes (in constant time) a point multiplication over the
- * EC group.
+ * This functions computes a single point multiplication over the EC group,
+ * using, at a high level, a Montgomery ladder with conditional swaps, with
+ * various timing attack defenses.
  *
- * At a high level, it is Montgomery ladder with conditional swaps.
- *
- * It performs either a fixed scalar point multiplication
+ * It performs either a fixed point multiplication
  *          (scalar * generator)
- * when point is NULL, or a generic scalar point multiplication
+ * when point is NULL, or a variable point multiplication
  *          (scalar * point)
  * when point is not NULL.
  *
- * scalar should be in the range [0,n) otherwise all constant time bets are off.
+ * `scalar` cannot be NULL and should be in the range [0,n) otherwise all
+ * constant time bets are off (where n is the cardinality of the EC group).
+ *
+ * This function expects `group->order` and `group->cardinality` to be well
+ * defined and non-zero: it fails with an error code otherwise.
  *
- * NB: This says nothing about EC_POINT_add and EC_POINT_dbl,
- * which of course are not constant time themselves.
+ * NB: This says nothing about the constant-timeness of the ladder step
+ * implementation (i.e., the default implementation is based on EC_POINT_add and
+ * EC_POINT_dbl, which of course are not constant time themselves) or the
+ * underlying multiprecision arithmetic.
  *
- * The product is stored in r.
+ * The product is stored in `r`.
+ *
+ * This is an internal function: callers are in charge of ensuring that the
+ * input parameters `group`, `r`, `scalar` and `ctx` are not NULL.
  *
  * Returns 1 on success, 0 otherwise.
  */
-static int ec_mul_consttime(const EC_GROUP *group, EC_POINT *r,
-                            const BIGNUM *scalar, const EC_POINT *point,
-                            BN_CTX *ctx)
+int ec_scalar_mul_ladder(const EC_GROUP *group, EC_POINT *r,
+                         const BIGNUM *scalar, const EC_POINT *point,
+                         BN_CTX *ctx)
 {
     int i, cardinality_bits, group_top, kbit, pbit, Z_is_one;
+    EC_POINT *p = NULL;
     EC_POINT *s = NULL;
     BIGNUM *k = NULL;
     BIGNUM *lambda = NULL;
     BIGNUM *cardinality = NULL;
-    BN_CTX *new_ctx = NULL;
     int ret = 0;
 
-    if (ctx == NULL && (ctx = new_ctx = BN_CTX_secure_new()) == NULL)
+    /* early exit if the input point is the point at infinity */
+    if (point != NULL && EC_POINT_is_at_infinity(group, point))
+        return EC_POINT_set_to_infinity(group, r);
+
+    if (BN_is_zero(group->order)) {
+        ECerr(EC_F_EC_SCALAR_MUL_LADDER, EC_R_UNKNOWN_ORDER);
         return 0;
+    }
+    if (BN_is_zero(group->cofactor)) {
+        ECerr(EC_F_EC_SCALAR_MUL_LADDER, EC_R_UNKNOWN_COFACTOR);
+        return 0;
+    }
 
     BN_CTX_start(ctx);
 
-    s = EC_POINT_new(group);
-    if (s == NULL)
+    if (((p = EC_POINT_new(group)) == NULL)
+        || ((s = EC_POINT_new(group)) == NULL)) {
+        ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_MALLOC_FAILURE);
         goto err;
+    }
 
     if (point == NULL) {
-        if (!EC_POINT_copy(s, group->generator))
+        if (!EC_POINT_copy(p, group->generator)) {
+            ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_EC_LIB);
             goto err;
+        }
     } else {
-        if (!EC_POINT_copy(s, point))
+        if (!EC_POINT_copy(p, point)) {
+            ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_EC_LIB);
             goto err;
+        }
     }
 
+    EC_POINT_BN_set_flags(p, BN_FLG_CONSTTIME);
+    EC_POINT_BN_set_flags(r, BN_FLG_CONSTTIME);
     EC_POINT_BN_set_flags(s, BN_FLG_CONSTTIME);
 
     cardinality = BN_CTX_get(ctx);
     lambda = BN_CTX_get(ctx);
     k = BN_CTX_get(ctx);
-    if (k == NULL || !BN_mul(cardinality, group->order, group->cofactor, ctx))
+    if (k == NULL) {
+        ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_MALLOC_FAILURE);
         goto err;
+    }
+
+    if (!BN_mul(cardinality, group->order, group->cofactor, ctx)) {
+        ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB);
+        goto err;
+    }
 
     /*
      * Group cardinalities are often on a word boundary.
@@ -178,11 +207,15 @@ static int ec_mul_consttime(const EC_GROUP *group, EC_POINT *r,
     cardinality_bits = BN_num_bits(cardinality);
     group_top = bn_get_top(cardinality);
     if ((bn_wexpand(k, group_top + 2) == NULL)
-        || (bn_wexpand(lambda, group_top + 2) == NULL))
+        || (bn_wexpand(lambda, group_top + 2) == NULL)) {
+        ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB);
         goto err;
+    }
 
-    if (!BN_copy(k, scalar))
+    if (!BN_copy(k, scalar)) {
+        ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB);
         goto err;
+    }
 
     BN_set_flags(k, BN_FLG_CONSTTIME);
 
@@ -191,15 +224,21 @@ static int ec_mul_consttime(const EC_GROUP *group, EC_POINT *r,
          * this is an unusual input, and we don't guarantee
          * constant-timeness
          */
-        if (!BN_nnmod(k, k, cardinality, ctx))
+        if (!BN_nnmod(k, k, cardinality, ctx)) {
+            ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB);
             goto err;
+        }
     }
 
-    if (!BN_add(lambda, k, cardinality))
+    if (!BN_add(lambda, k, cardinality)) {
+        ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB);
         goto err;
+    }
     BN_set_flags(lambda, BN_FLG_CONSTTIME);
-    if (!BN_add(k, lambda, cardinality))
+    if (!BN_add(k, lambda, cardinality)) {
+        ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB);
         goto err;
+    }
     /*
      * lambda := scalar + cardinality
      * k := scalar + 2*cardinality
@@ -213,8 +252,13 @@ static int ec_mul_consttime(const EC_GROUP *group, EC_POINT *r,
         || (bn_wexpand(s->Z, group_top) == NULL)
         || (bn_wexpand(r->X, group_top) == NULL)
         || (bn_wexpand(r->Y, group_top) == NULL)
-        || (bn_wexpand(r->Z, group_top) == NULL))
+        || (bn_wexpand(r->Z, group_top) == NULL)
+        || (bn_wexpand(p->X, group_top) == NULL)
+        || (bn_wexpand(p->Y, group_top) == NULL)
+        || (bn_wexpand(p->Z, group_top) == NULL)) {
+        ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB);
         goto err;
+    }
 
     /*-
      * Apply coordinate blinding for EC_POINT.
@@ -224,19 +268,19 @@ static int ec_mul_consttime(const EC_GROUP *group, EC_POINT *r,
      * success or if coordinate blinding is not implemented for this
      * group.
      */
-    if (!ec_point_blind_coordinates(group, s, ctx))
+    if (!ec_point_blind_coordinates(group, p, ctx)) {
+        ECerr(EC_F_EC_SCALAR_MUL_LADDER, EC_R_POINT_COORDINATES_BLIND_FAILURE);
         goto err;
+    }
 
-    /* top bit is a 1, in a fixed pos */
-    if (!EC_POINT_copy(r, s))
-        goto err;
-
-    EC_POINT_BN_set_flags(r, BN_FLG_CONSTTIME);
-
-    if (!EC_POINT_dbl(group, s, s, ctx))
+    /* Initialize the Montgomery ladder */
+    if (!ec_point_ladder_pre(group, r, s, p, ctx)) {
+        ECerr(EC_F_EC_SCALAR_MUL_LADDER, EC_R_LADDER_PRE_FAILURE);
         goto err;
+    }
 
-    pbit = 0;
+    /* top bit is a 1, in a fixed pos */
+    pbit = 1;
 
 #define EC_POINT_CSWAP(c, a, b, w, t) do {         \
         BN_consttime_swap(c, (a)->X, (b)->X, w);   \
@@ -308,10 +352,12 @@ static int ec_mul_consttime(const EC_GROUP *group, EC_POINT *r,
     for (i = cardinality_bits - 1; i >= 0; i--) {
         kbit = BN_is_bit_set(k, i) ^ pbit;
         EC_POINT_CSWAP(kbit, r, s, group_top, Z_is_one);
-        if (!EC_POINT_add(group, s, r, s, ctx))
-            goto err;
-        if (!EC_POINT_dbl(group, r, r, ctx))
+
+        /* Perform a single step of the Montgomery ladder */
+        if (!ec_point_ladder_step(group, r, s, p, ctx)) {
+            ECerr(EC_F_EC_SCALAR_MUL_LADDER, EC_R_LADDER_STEP_FAILURE);
             goto err;
+        }
         /*
          * pbit logic merges this cswap with that of the
          * next iteration
@@ -322,12 +368,18 @@ static int ec_mul_consttime(const EC_GROUP *group, EC_POINT *r,
     EC_POINT_CSWAP(pbit, r, s, group_top, Z_is_one);
 #undef EC_POINT_CSWAP
 
+    /* Finalize ladder (and recover full point coordinates) */
+    if (!ec_point_ladder_post(group, r, s, p, ctx)) {
+        ECerr(EC_F_EC_SCALAR_MUL_LADDER, EC_R_LADDER_POST_FAILURE);
+        goto err;
+    }
+
     ret = 1;
 
  err:
+    EC_POINT_free(p);
     EC_POINT_free(s);
     BN_CTX_end(ctx);
-    BN_CTX_free(new_ctx);
 
     return ret;
 }
@@ -359,7 +411,6 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
                 size_t num, const EC_POINT *points[], const BIGNUM *scalars[],
                 BN_CTX *ctx)
 {
-    BN_CTX *new_ctx = NULL;
     const EC_POINT *generator = NULL;
     EC_POINT *tmp = NULL;
     size_t totalnum;
@@ -384,56 +435,35 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
                                  * precomputation is not available */
     int ret = 0;
 
-    if (!ec_point_is_compat(r, group)) {
-        ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS);
-        return 0;
-    }
-
-    if ((scalar == NULL) && (num == 0)) {
-        return EC_POINT_set_to_infinity(group, r);
-    }
-
     if (!BN_is_zero(group->order) && !BN_is_zero(group->cofactor)) {
         /*-
-         * Handle the common cases where the scalar is secret, enforcing a constant
-         * time scalar multiplication algorithm.
+         * Handle the common cases where the scalar is secret, enforcing a
+         * scalar multiplication implementation based on a Montgomery ladder,
+         * with various timing attack defenses.
          */
         if ((scalar != NULL) && (num == 0)) {
             /*-
              * In this case we want to compute scalar * GeneratorPoint: this
-             * codepath is reached most prominently by (ephemeral) key generation
-             * of EC cryptosystems (i.e. ECDSA keygen and sign setup, ECDH
-             * keygen/first half), where the scalar is always secret. This is why
-             * we ignore if BN_FLG_CONSTTIME is actually set and we always call the
-             * constant time version.
+             * codepath is reached most prominently by (ephemeral) key
+             * generation of EC cryptosystems (i.e. ECDSA keygen and sign setup,
+             * ECDH keygen/first half), where the scalar is always secret. This
+             * is why we ignore if BN_FLG_CONSTTIME is actually set and we
+             * always call the ladder version.
              */
-            return ec_mul_consttime(group, r, scalar, NULL, ctx);
+            return ec_scalar_mul_ladder(group, r, scalar, NULL, ctx);
         }
         if ((scalar == NULL) && (num == 1)) {
             /*-
-             * In this case we want to compute scalar * GenericPoint: this codepath
-             * is reached most prominently by the second half of ECDH, where the
-             * secret scalar is multiplied by the peer's public point. To protect
-             * the secret scalar, we ignore if BN_FLG_CONSTTIME is actually set and
-             * we always call the constant time version.
+             * In this case we want to compute scalar * VariablePoint: this
+             * codepath is reached most prominently by the second half of ECDH,
+             * where the secret scalar is multiplied by the peer's public point.
+             * To protect the secret scalar, we ignore if BN_FLG_CONSTTIME is
+             * actually set and we always call the ladder version.
              */
-            return ec_mul_consttime(group, r, scalars[0], points[0], ctx);
-        }
-    }
-
-    for (i = 0; i < num; i++) {
-        if (!ec_point_is_compat(points[i], group)) {
-            ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS);
-            return 0;
+            return ec_scalar_mul_ladder(group, r, scalars[0], points[0], ctx);
         }
     }
 
-    if (ctx == NULL) {
-        ctx = new_ctx = BN_CTX_new();
-        if (ctx == NULL)
-            goto err;
-    }
-
     if (scalar != NULL) {
         generator = EC_GROUP_get0_generator(group);
         if (generator == NULL) {
@@ -740,7 +770,6 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
     ret = 1;
 
  err:
-    BN_CTX_free(new_ctx);
     EC_POINT_free(tmp);
     OPENSSL_free(wsize);
     OPENSSL_free(wNAF_len);
diff --git a/deps/openssl/openssl/crypto/ec/ec_oct.c b/deps/openssl/openssl/crypto/ec/ec_oct.c
index e185df6edf..522f79e673 100644
--- a/deps/openssl/openssl/crypto/ec/ec_oct.c
+++ b/deps/openssl/openssl/crypto/ec/ec_oct.c
@@ -1,5 +1,6 @@
 /*
  * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -7,12 +8,6 @@
  * https://www.openssl.org/source/license.html
  */
 
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Binary polynomial ECC support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
 #include <string.h>
 
 #include <openssl/err.h>
@@ -20,18 +15,17 @@
 
 #include "ec_lcl.h"
 
-int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group,
-                                            EC_POINT *point, const BIGNUM *x,
-                                            int y_bit, BN_CTX *ctx)
+int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point,
+                                        const BIGNUM *x, int y_bit, BN_CTX *ctx)
 {
-    if (group->meth->point_set_compressed_coordinates == 0
+    if (group->meth->point_set_compressed_coordinates == NULL
         && !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) {
-        ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP,
+        ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES,
               ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
         return 0;
     }
     if (!ec_point_is_compat(point, group)) {
-        ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP,
+        ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES,
               EC_R_INCOMPATIBLE_OBJECTS);
         return 0;
     }
@@ -42,7 +36,7 @@ int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group,
         else
 #ifdef OPENSSL_NO_EC2M
         {
-            ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP,
+            ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES,
                   EC_R_GF2M_NOT_SUPPORTED);
             return 0;
         }
@@ -55,33 +49,22 @@ int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group,
                                                          y_bit, ctx);
 }
 
-#ifndef OPENSSL_NO_EC2M
+#if OPENSSL_API_COMPAT < 0x10200000L
+int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group,
+                                            EC_POINT *point, const BIGNUM *x,
+                                            int y_bit, BN_CTX *ctx)
+{
+    return EC_POINT_set_compressed_coordinates(group, point, x, y_bit, ctx);
+}
+
+# ifndef OPENSSL_NO_EC2M
 int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group,
                                              EC_POINT *point, const BIGNUM *x,
                                              int y_bit, BN_CTX *ctx)
 {
-    if (group->meth->point_set_compressed_coordinates == 0
-        && !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) {
-        ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M,
-              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-        return 0;
-    }
-    if (!ec_point_is_compat(point, group)) {
-        ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M,
-              EC_R_INCOMPATIBLE_OBJECTS);
-        return 0;
-    }
-    if (group->meth->flags & EC_FLAGS_DEFAULT_OCT) {
-        if (group->meth->field_type == NID_X9_62_prime_field)
-            return ec_GFp_simple_set_compressed_coordinates(group, point, x,
-                                                            y_bit, ctx);
-        else
-            return ec_GF2m_simple_set_compressed_coordinates(group, point, x,
-                                                             y_bit, ctx);
-    }
-    return group->meth->point_set_compressed_coordinates(group, point, x,
-                                                         y_bit, ctx);
+    return EC_POINT_set_compressed_coordinates(group, point, x, y_bit, ctx);
 }
+# endif
 #endif
 
 size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *point,
@@ -149,12 +132,14 @@ size_t EC_POINT_point2buf(const EC_GROUP *group, const EC_POINT *point,
 {
     size_t len;
     unsigned char *buf;
+
     len = EC_POINT_point2oct(group, point, form, NULL, 0, NULL);
     if (len == 0)
         return 0;
-    buf = OPENSSL_malloc(len);
-    if (buf == NULL)
+    if ((buf = OPENSSL_malloc(len)) == NULL) {
+        ECerr(EC_F_EC_POINT_POINT2BUF, ERR_R_MALLOC_FAILURE);
         return 0;
+    }
     len = EC_POINT_point2oct(group, point, form, buf, len, ctx);
     if (len == 0) {
         OPENSSL_free(buf);
diff --git a/deps/openssl/openssl/crypto/ec/ec_pmeth.c b/deps/openssl/openssl/crypto/ec/ec_pmeth.c
index 68ff2bbccf..f4ad0749ef 100644
--- a/deps/openssl/openssl/crypto/ec/ec_pmeth.c
+++ b/deps/openssl/openssl/crypto/ec/ec_pmeth.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -42,9 +42,10 @@ static int pkey_ec_init(EVP_PKEY_CTX *ctx)
 {
     EC_PKEY_CTX *dctx;
 
-    dctx = OPENSSL_zalloc(sizeof(*dctx));
-    if (dctx == NULL)
+    if ((dctx = OPENSSL_zalloc(sizeof(*dctx))) == NULL) {
+        ECerr(EC_F_PKEY_EC_INIT, ERR_R_MALLOC_FAILURE);
         return 0;
+    }
 
     dctx->cofactor_mode = -1;
     dctx->kdf_type = EVP_PKEY_ECDH_KDF_NONE;
@@ -87,11 +88,12 @@ static int pkey_ec_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
 static void pkey_ec_cleanup(EVP_PKEY_CTX *ctx)
 {
     EC_PKEY_CTX *dctx = ctx->data;
-    if (dctx) {
+    if (dctx != NULL) {
         EC_GROUP_free(dctx->gen_group);
         EC_KEY_free(dctx->co_key);
         OPENSSL_free(dctx->kdf_ukm);
         OPENSSL_free(dctx);
+        ctx->data = NULL;
     }
 }
 
@@ -102,19 +104,23 @@ static int pkey_ec_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
     unsigned int sltmp;
     EC_PKEY_CTX *dctx = ctx->data;
     EC_KEY *ec = ctx->pkey->pkey.ec;
+    const int sig_sz = ECDSA_size(ec);
+
+    /* ensure cast to size_t is safe */
+    if (!ossl_assert(sig_sz > 0))
+        return 0;
 
-    if (!sig) {
-        *siglen = ECDSA_size(ec);
+    if (sig == NULL) {
+        *siglen = (size_t)sig_sz;
         return 1;
-    } else if (*siglen < (size_t)ECDSA_size(ec)) {
+    }
+
+    if (*siglen < (size_t)sig_sz) {
         ECerr(EC_F_PKEY_EC_SIGN, EC_R_BUFFER_TOO_SMALL);
         return 0;
     }
 
-    if (dctx->md)
-        type = EVP_MD_type(dctx->md);
-    else
-        type = NID_sha1;
+    type = (dctx->md != NULL) ? EVP_MD_type(dctx->md) : NID_sha1;
 
     ret = ECDSA_sign(type, tbs, tbslen, sig, &sltmp, ec);
 
@@ -143,8 +149,7 @@ static int pkey_ec_verify(EVP_PKEY_CTX *ctx,
 }
 
 #ifndef OPENSSL_NO_EC
-static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
-                          size_t *keylen)
+static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
 {
     int ret;
     size_t outlen;
@@ -197,13 +202,14 @@ static int pkey_ec_kdf_derive(EVP_PKEY_CTX *ctx,
         return 0;
     if (!pkey_ec_derive(ctx, NULL, &ktmplen))
         return 0;
-    ktmp = OPENSSL_malloc(ktmplen);
-    if (ktmp == NULL)
+    if ((ktmp = OPENSSL_malloc(ktmplen)) == NULL) {
+        ECerr(EC_F_PKEY_EC_KDF_DERIVE, ERR_R_MALLOC_FAILURE);
         return 0;
+    }
     if (!pkey_ec_derive(ctx, ktmp, &ktmplen))
         goto err;
     /* Do KDF stuff */
-    if (!ECDH_KDF_X9_62(key, *keylen, ktmp, ktmplen,
+    if (!ecdh_KDF_X9_63(key, *keylen, ktmp, ktmplen,
                         dctx->kdf_ukm, dctx->kdf_ukmlen, dctx->kdf_md))
         goto err;
     rv = 1;
@@ -244,8 +250,7 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
                 return dctx->cofactor_mode;
             else {
                 EC_KEY *ec_key = ctx->pkey->pkey.ec;
-                return EC_KEY_get_flags(ec_key) & EC_FLAG_COFACTOR_ECDH ? 1 :
-                    0;
+                return EC_KEY_get_flags(ec_key) & EC_FLAG_COFACTOR_ECDH ? 1 : 0;
             }
         } else if (p1 < -1 || p1 > 1)
             return -2;
@@ -276,7 +281,7 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
     case EVP_PKEY_CTRL_EC_KDF_TYPE:
         if (p1 == -2)
             return dctx->kdf_type;
-        if (p1 != EVP_PKEY_ECDH_KDF_NONE && p1 != EVP_PKEY_ECDH_KDF_X9_62)
+        if (p1 != EVP_PKEY_ECDH_KDF_NONE && p1 != EVP_PKEY_ECDH_KDF_X9_63)
             return -2;
         dctx->kdf_type = p1;
         return 1;
@@ -386,7 +391,8 @@ static int pkey_ec_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
 {
     EC_KEY *ec = NULL;
     EC_PKEY_CTX *dctx = ctx->data;
-    int ret = 0;
+    int ret;
+
     if (dctx->gen_group == NULL) {
         ECerr(EC_F_PKEY_EC_PARAMGEN, EC_R_NO_PARAMETERS_SET);
         return 0;
@@ -394,10 +400,8 @@ static int pkey_ec_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
     ec = EC_KEY_new();
     if (ec == NULL)
         return 0;
-    ret = EC_KEY_set_group(ec, dctx->gen_group);
-    if (ret)
-        EVP_PKEY_assign_EC_KEY(pkey, ec);
-    else
+    if (!(ret = EC_KEY_set_group(ec, dctx->gen_group))
+        || !ossl_assert(ret = EVP_PKEY_assign_EC_KEY(pkey, ec)))
         EC_KEY_free(ec);
     return ret;
 }
@@ -406,23 +410,26 @@ static int pkey_ec_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
 {
     EC_KEY *ec = NULL;
     EC_PKEY_CTX *dctx = ctx->data;
+    int ret;
+
     if (ctx->pkey == NULL && dctx->gen_group == NULL) {
         ECerr(EC_F_PKEY_EC_KEYGEN, EC_R_NO_PARAMETERS_SET);
         return 0;
     }
     ec = EC_KEY_new();
-    if (!ec)
+    if (ec == NULL)
+        return 0;
+    if (!ossl_assert(EVP_PKEY_assign_EC_KEY(pkey, ec))) {
+        EC_KEY_free(ec);
         return 0;
-    EVP_PKEY_assign_EC_KEY(pkey, ec);
-    if (ctx->pkey) {
-        /* Note: if error return, pkey is freed by parent routine */
-        if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey))
-            return 0;
-    } else {
-        if (!EC_KEY_set_group(ec, dctx->gen_group))
-            return 0;
     }
-    return EC_KEY_generate_key(pkey->pkey.ec);
+    /* Note: if error is returned, we count on caller to free pkey->pkey.ec */
+    if (ctx->pkey != NULL)
+        ret = EVP_PKEY_copy_parameters(pkey, ctx->pkey);
+    else
+        ret = EC_KEY_set_group(ec, dctx->gen_group);
+
+    return ret ? EC_KEY_generate_key(ec) : 0;
 }
 
 const EVP_PKEY_METHOD ec_pkey_meth = {
@@ -448,9 +455,11 @@ const EVP_PKEY_METHOD ec_pkey_meth = {
 
     0, 0, 0, 0,
 
-    0, 0,
+    0,
+    0,
 
-    0, 0,
+    0,
+    0,
 
     0,
 #ifndef OPENSSL_NO_EC
diff --git a/deps/openssl/openssl/crypto/ec/ec_print.c b/deps/openssl/openssl/crypto/ec/ec_print.c
index 1afa2ce875..027a51928a 100644
--- a/deps/openssl/openssl/crypto/ec/ec_print.c
+++ b/deps/openssl/openssl/crypto/ec/ec_print.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -8,6 +8,7 @@
  */
 
 #include <openssl/crypto.h>
+#include <openssl/err.h>
 #include "ec_lcl.h"
 
 BIGNUM *EC_POINT_point2bn(const EC_GROUP *group,
@@ -39,9 +40,10 @@ EC_POINT *EC_POINT_bn2point(const EC_GROUP *group,
 
     if ((buf_len = BN_num_bytes(bn)) == 0)
         return NULL;
-    buf = OPENSSL_malloc(buf_len);
-    if (buf == NULL)
+    if ((buf = OPENSSL_malloc(buf_len)) == NULL) {
+        ECerr(EC_F_EC_POINT_BN2POINT, ERR_R_MALLOC_FAILURE);
         return NULL;
+    }
 
     if (!BN_bn2bin(bn, buf)) {
         OPENSSL_free(buf);
diff --git a/deps/openssl/openssl/crypto/ec/ecdh_kdf.c b/deps/openssl/openssl/crypto/ec/ecdh_kdf.c
index d47486eb34..d686f9d897 100644
--- a/deps/openssl/openssl/crypto/ec/ecdh_kdf.c
+++ b/deps/openssl/openssl/crypto/ec/ecdh_kdf.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -10,12 +10,13 @@
 #include <string.h>
 #include <openssl/ec.h>
 #include <openssl/evp.h>
+#include "ec_lcl.h"
 
-/* Key derivation function from X9.62/SECG */
+/* Key derivation function from X9.63/SECG */
 /* Way more than we will ever need */
 #define ECDH_KDF_MAX    (1 << 30)
 
-int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
+int ecdh_KDF_X9_63(unsigned char *out, size_t outlen,
                    const unsigned char *Z, size_t Zlen,
                    const unsigned char *sinfo, size_t sinfolen,
                    const EVP_MD *md)
@@ -66,3 +67,15 @@ int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
     EVP_MD_CTX_free(mctx);
     return rv;
 }
+
+/*-
+ * The old name for ecdh_KDF_X9_63
+ * Retained for ABI compatibility
+ */
+int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
+                   const unsigned char *Z, size_t Zlen,
+                   const unsigned char *sinfo, size_t sinfolen,
+                   const EVP_MD *md)
+{
+    return ecdh_KDF_X9_63(out, outlen, Z, Zlen, sinfo, sinfolen, md);
+}
diff --git a/deps/openssl/openssl/crypto/ec/ecdh_ossl.c b/deps/openssl/openssl/crypto/ec/ecdh_ossl.c
index a865145974..bd93793a18 100644
--- a/deps/openssl/openssl/crypto/ec/ecdh_ossl.c
+++ b/deps/openssl/openssl/crypto/ec/ecdh_ossl.c
@@ -1,5 +1,6 @@
 /*
- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -7,21 +8,6 @@
  * https://www.openssl.org/source/license.html
  */
 
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
- * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
- * to the OpenSSL project.
- *
- * The ECC Code is licensed pursuant to the OpenSSL open source
- * license provided below.
- *
- * The ECDH software is originally written by Douglas Stebila of
- * Sun Microsystems Laboratories.
- *
- */
-
 #include <string.h>
 #include <limits.h>
 
@@ -54,7 +40,7 @@ int ecdh_simple_compute_key(unsigned char **pout, size_t *poutlen,
 {
     BN_CTX *ctx;
     EC_POINT *tmp = NULL;
-    BIGNUM *x = NULL, *y = NULL;
+    BIGNUM *x = NULL;
     const BIGNUM *priv_key;
     const EC_GROUP *group;
     int ret = 0;
@@ -65,8 +51,7 @@ int ecdh_simple_compute_key(unsigned char **pout, size_t *poutlen,
         goto err;
     BN_CTX_start(ctx);
     x = BN_CTX_get(ctx);
-    y = BN_CTX_get(ctx);
-    if (y == NULL) {
+    if (x == NULL) {
         ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
         goto err;
     }
@@ -98,21 +83,10 @@ int ecdh_simple_compute_key(unsigned char **pout, size_t *poutlen,
         goto err;
     }
 
-    if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
-        NID_X9_62_prime_field) {
-        if (!EC_POINT_get_affine_coordinates_GFp(group, tmp, x, y, ctx)) {
-            ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, EC_R_POINT_ARITHMETIC_FAILURE);
-            goto err;
-        }
-    }
-#ifndef OPENSSL_NO_EC2M
-    else {
-        if (!EC_POINT_get_affine_coordinates_GF2m(group, tmp, x, y, ctx)) {
-            ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, EC_R_POINT_ARITHMETIC_FAILURE);
-            goto err;
-        }
+    if (!EC_POINT_get_affine_coordinates(group, tmp, x, NULL, ctx)) {
+        ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, EC_R_POINT_ARITHMETIC_FAILURE);
+        goto err;
     }
-#endif
 
     buflen = (EC_GROUP_get_degree(group) + 7) / 8;
     len = BN_num_bytes(x);
diff --git a/deps/openssl/openssl/crypto/ec/ecdsa_ossl.c b/deps/openssl/openssl/crypto/ec/ecdsa_ossl.c
index 9e4a68d9ca..e35c7600d8 100644
--- a/deps/openssl/openssl/crypto/ec/ecdsa_ossl.c
+++ b/deps/openssl/openssl/crypto/ec/ecdsa_ossl.c
@@ -19,7 +19,7 @@ int ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen,
                     const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey)
 {
     ECDSA_SIG *s;
-    RAND_seed(dgst, dlen);
+
     s = ECDSA_do_sign_ex(dgst, dlen, kinv, r, eckey);
     if (s == NULL) {
         *siglen = 0;
@@ -91,7 +91,7 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in,
                     goto err;
                 }
             } else {
-                if (!BN_rand_range(k, order)) {
+                if (!BN_priv_rand_range(k, order)) {
                     ECerr(EC_F_ECDSA_SIGN_SETUP,
                           EC_R_RANDOM_NUMBER_GENERATION_FAILED);
                     goto err;
@@ -99,45 +99,17 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in,
             }
         } while (BN_is_zero(k));
 
-        /*
-         * We do not want timing information to leak the length of k, so we
-         * compute G*k using an equivalent scalar of fixed bit-length.
-         *
-         * We unconditionally perform both of these additions to prevent a
-         * small timing information leakage.  We then choose the sum that is
-         * one bit longer than the order.  This guarantees the code
-         * path used in the constant time implementations elsewhere.
-         *
-         * TODO: revisit the BN_copy aiming for a memory access agnostic
-         * conditional copy.
-         */
-        if (!BN_add(r, k, order)
-            || !BN_add(X, r, order)
-            || !BN_copy(k, BN_num_bits(r) > order_bits ? r : X))
-            goto err;
-
         /* compute r the x-coordinate of generator * k */
         if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) {
             ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
             goto err;
         }
-        if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
-            NID_X9_62_prime_field) {
-            if (!EC_POINT_get_affine_coordinates_GFp(group, tmp_point, X,
-                                                     NULL, ctx)) {
-                ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
-                goto err;
-            }
-        }
-#ifndef OPENSSL_NO_EC2M
-        else {                  /* NID_X9_62_characteristic_two_field */
-            if (!EC_POINT_get_affine_coordinates_GF2m(group, tmp_point, X,
-                                                      NULL, ctx)) {
-                ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
-                goto err;
-            }
+
+        if (!EC_POINT_get_affine_coordinates(group, tmp_point, X, NULL, ctx)) {
+            ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
+            goto err;
         }
-#endif
+
         if (!BN_nnmod(r, X, order, ctx)) {
             ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
             goto err;
@@ -145,30 +117,9 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in,
     } while (BN_is_zero(r));
 
     /* compute the inverse of k */
-    if (EC_GROUP_get_mont_data(group) != NULL) {
-        /*
-         * We want inverse in constant time, therefore we utilize the fact
-         * order must be prime and use Fermats Little Theorem instead.
-         */
-        if (!BN_set_word(X, 2)) {
-            ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
-            goto err;
-        }
-        if (!BN_mod_sub(X, order, X, order, ctx)) {
-            ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
-            goto err;
-        }
-        BN_set_flags(X, BN_FLG_CONSTTIME);
-        if (!BN_mod_exp_mont_consttime
-            (k, k, X, order, ctx, EC_GROUP_get_mont_data(group))) {
-            ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
-            goto err;
-        }
-    } else {
-        if (!BN_mod_inverse(k, k, order, ctx)) {
-            ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
-            goto err;
-        }
+    if (!ec_group_do_inverse_ord(group, k, k, ctx)) {
+        ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
+        goto err;
     }
 
     /* clear old values if necessary */
@@ -187,7 +138,7 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in,
         BN_CTX_free(ctx);
     EC_POINT_free(tmp_point);
     BN_clear_free(X);
-    return (ret);
+    return ret;
 }
 
 int ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
@@ -299,7 +250,7 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
 
         if (BN_is_zero(s)) {
             /*
-             * if kinv and r have been supplied by the caller don't to
+             * if kinv and r have been supplied by the caller, don't
              * generate new kinv and r values
              */
             if (in_kinv != NULL && in_r != NULL) {
@@ -341,7 +292,7 @@ int ossl_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len,
 
     s = ECDSA_SIG_new();
     if (s == NULL)
-        return (ret);
+        return ret;
     if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL)
         goto err;
     /* Ensure signature uses DER and doesn't have trailing garbage */
@@ -352,7 +303,7 @@ int ossl_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len,
  err:
     OPENSSL_clear_free(der, derlen);
     ECDSA_SIG_free(s);
-    return (ret);
+    return ret;
 }
 
 int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len,
@@ -407,7 +358,7 @@ int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len,
         goto err;
     }
     /* calculate tmp1 = inv(S) mod order */
-    if (!BN_mod_inverse(u2, sig->s, order, ctx)) {
+    if (!ec_group_do_inverse_ord(group, u2, sig->s, ctx)) {
         ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
         goto err;
     }
@@ -446,22 +397,12 @@ int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len,
         ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_EC_LIB);
         goto err;
     }
-    if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
-        NID_X9_62_prime_field) {
-        if (!EC_POINT_get_affine_coordinates_GFp(group, point, X, NULL, ctx)) {
-            ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_EC_LIB);
-            goto err;
-        }
-    }
-#ifndef OPENSSL_NO_EC2M
-    else {                      /* NID_X9_62_characteristic_two_field */
 
-        if (!EC_POINT_get_affine_coordinates_GF2m(group, point, X, NULL, ctx)) {
-            ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_EC_LIB);
-            goto err;
-        }
+    if (!EC_POINT_get_affine_coordinates(group, point, X, NULL, ctx)) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_EC_LIB);
+        goto err;
     }
-#endif
+
     if (!BN_nnmod(u1, X, order, ctx)) {
         ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
         goto err;
diff --git a/deps/openssl/openssl/crypto/ec/eck_prn.c b/deps/openssl/openssl/crypto/ec/eck_prn.c
index 3e826cb138..b538fadcb1 100644
--- a/deps/openssl/openssl/crypto/ec/eck_prn.c
+++ b/deps/openssl/openssl/crypto/ec/eck_prn.c
@@ -1,5 +1,6 @@
 /*
- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -7,12 +8,6 @@
  * https://www.openssl.org/source/license.html
  */
 
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Portions originally developed by SUN MICROSYSTEMS, INC., and
- * contributed to the OpenSSL project.
- */
-
 #include <stdio.h>
 #include "internal/cryptlib.h"
 #include <openssl/evp.h>
@@ -27,12 +22,12 @@ int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off)
 
     if ((b = BIO_new(BIO_s_file())) == NULL) {
         ECerr(EC_F_ECPKPARAMETERS_PRINT_FP, ERR_R_BUF_LIB);
-        return (0);
+        return 0;
     }
     BIO_set_fp(b, fp, BIO_NOCLOSE);
     ret = ECPKParameters_print(b, x, off);
     BIO_free(b);
-    return (ret);
+    return ret;
 }
 
 int EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off)
@@ -42,12 +37,12 @@ int EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off)
 
     if ((b = BIO_new(BIO_s_file())) == NULL) {
         ECerr(EC_F_EC_KEY_PRINT_FP, ERR_R_BIO_LIB);
-        return (0);
+        return 0;
     }
     BIO_set_fp(b, fp, BIO_NOCLOSE);
     ret = EC_KEY_print(b, x, off);
     BIO_free(b);
-    return (ret);
+    return ret;
 }
 
 int ECParameters_print_fp(FILE *fp, const EC_KEY *x)
@@ -57,12 +52,12 @@ int ECParameters_print_fp(FILE *fp, const EC_KEY *x)
 
     if ((b = BIO_new(BIO_s_file())) == NULL) {
         ECerr(EC_F_ECPARAMETERS_PRINT_FP, ERR_R_BIO_LIB);
-        return (0);
+        return 0;
     }
     BIO_set_fp(b, fp, BIO_NOCLOSE);
     ret = ECParameters_print(b, x);
     BIO_free(b);
-    return (ret);
+    return ret;
 }
 #endif
 
@@ -130,19 +125,10 @@ int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off)
             reason = ERR_R_MALLOC_FAILURE;
             goto err;
         }
-#ifndef OPENSSL_NO_EC2M
-        if (is_char_two) {
-            if (!EC_GROUP_get_curve_GF2m(x, p, a, b, ctx)) {
-                reason = ERR_R_EC_LIB;
-                goto err;
-            }
-        } else                  /* prime field */
-#endif
-        {
-            if (!EC_GROUP_get_curve_GFp(x, p, a, b, ctx)) {
-                reason = ERR_R_EC_LIB;
-                goto err;
-            }
+
+        if (!EC_GROUP_get_curve(x, p, a, b, ctx)) {
+            reason = ERR_R_EC_LIB;
+            goto err;
         }
 
         if ((point = EC_GROUP_get0_generator(x)) == NULL) {
@@ -231,7 +217,7 @@ int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off)
     BN_free(b);
     BN_free(gen);
     BN_CTX_free(ctx);
-    return (ret);
+    return ret;
 }
 
 static int print_bin(BIO *fp, const char *name, const unsigned char *buf,
diff --git a/deps/openssl/openssl/crypto/ec/ecp_mont.c b/deps/openssl/openssl/crypto/ec/ecp_mont.c
index d837d4d465..36682e5cfb 100644
--- a/deps/openssl/openssl/crypto/ec/ecp_mont.c
+++ b/deps/openssl/openssl/crypto/ec/ecp_mont.c
@@ -1,5 +1,6 @@
 /*
  * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -7,12 +8,6 @@
  * https://www.openssl.org/source/license.html
  */
 
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Portions of this software developed by SUN MICROSYSTEMS, INC.,
- * and contributed to the OpenSSL project.
- */
-
 #include <openssl/err.h>
 
 #include "ec_lcl.h"
@@ -67,7 +62,11 @@ const EC_METHOD *EC_GFp_mont_method(void)
         0, /* keycopy */
         0, /* keyfinish */
         ecdh_simple_compute_key,
-        ec_GFp_simple_blind_coordinates
+        0, /* field_inverse_mod_ord */
+        ec_GFp_simple_blind_coordinates,
+        ec_GFp_simple_ladder_pre,
+        ec_GFp_simple_ladder_step,
+        ec_GFp_simple_ladder_post
     };
 
     return &ret;
diff --git a/deps/openssl/openssl/crypto/ec/ecp_nist.c b/deps/openssl/openssl/crypto/ec/ecp_nist.c
index 143f21f3f9..f53de1a163 100644
--- a/deps/openssl/openssl/crypto/ec/ecp_nist.c
+++ b/deps/openssl/openssl/crypto/ec/ecp_nist.c
@@ -1,5 +1,6 @@
 /*
  * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -7,12 +8,6 @@
  * https://www.openssl.org/source/license.html
  */
 
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Portions of this software developed by SUN MICROSYSTEMS, INC.,
- * and contributed to the OpenSSL project.
- */
-
 #include <limits.h>
 
 #include <openssl/err.h>
@@ -69,7 +64,11 @@ const EC_METHOD *EC_GFp_nist_method(void)
         0, /* keycopy */
         0, /* keyfinish */
         ecdh_simple_compute_key,
-        ec_GFp_simple_blind_coordinates
+        0, /* field_inverse_mod_ord */
+        ec_GFp_simple_blind_coordinates,
+        ec_GFp_simple_ladder_pre,
+        ec_GFp_simple_ladder_step,
+        ec_GFp_simple_ladder_post
     };
 
     return &ret;
diff --git a/deps/openssl/openssl/crypto/ec/ecp_nistp224.c b/deps/openssl/openssl/crypto/ec/ecp_nistp224.c
index 52056ff591..555bf307dd 100644
--- a/deps/openssl/openssl/crypto/ec/ecp_nistp224.c
+++ b/deps/openssl/openssl/crypto/ec/ecp_nistp224.c
@@ -40,12 +40,12 @@ NON_EMPTY_TRANSLATION_UNIT
 # include <openssl/err.h>
 # include "ec_lcl.h"
 
-# if defined(__GNUC__) && (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 1))
+# if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16
   /* even with gcc, the typedef won't work for 32-bit platforms */
 typedef __uint128_t uint128_t;  /* nonstandard; implemented by gcc on 64-bit
                                  * platforms */
 # else
-#  error "Need GCC 3.1 or later to define type uint128_t"
+#  error "Your compiler doesn't appear to support 128-bit integer types"
 # endif
 
 typedef uint8_t u8;
@@ -78,7 +78,7 @@ typedef limb felem[4];
 typedef widelimb widefelem[7];
 
 /*
- * Field element represented as a byte arrary. 28*8 = 224 bits is also the
+ * Field element represented as a byte array. 28*8 = 224 bits is also the
  * group order size for the elliptic curve, and we also use this type for
  * scalars for point multiplication.
  */
@@ -235,7 +235,7 @@ static const felem gmul[2][16][3] = {
 /* Precomputation for the group generator. */
 struct nistp224_pre_comp_st {
     felem g_pre_comp[2][16][3];
-    int references;
+    CRYPTO_REF_COUNT references;
     CRYPTO_RWLOCK *lock;
 };
 
@@ -291,7 +291,11 @@ const EC_METHOD *EC_GFp_nistp224_method(void)
         0, /* keycopy */
         0, /* keyfinish */
         ecdh_simple_compute_key,
-        0  /* blind_coordinates */
+        0, /* field_inverse_mod_ord */
+        0, /* blind_coordinates */
+        0, /* ladder_pre */
+        0, /* ladder_step */
+        0  /* ladder_post */
     };
 
     return &ret;
@@ -396,22 +400,6 @@ static void felem_sum(felem out, const felem in)
     out[3] += in[3];
 }
 
-/* Get negative value: out = -in */
-/* Assumes in[i] < 2^57 */
-static void felem_neg(felem out, const felem in)
-{
-    static const limb two58p2 = (((limb) 1) << 58) + (((limb) 1) << 2);
-    static const limb two58m2 = (((limb) 1) << 58) - (((limb) 1) << 2);
-    static const limb two58m42m2 = (((limb) 1) << 58) -
-        (((limb) 1) << 42) - (((limb) 1) << 2);
-
-    /* Set to 0 mod 2^224-2^96+1 to ensure out > in */
-    out[0] = two58p2 - in[0];
-    out[1] = two58m42m2 - in[1];
-    out[2] = two58m2 - in[2];
-    out[3] = two58m2 - in[3];
-}
-
 /* Subtract field elements: out -= in */
 /* Assumes in[i] < 2^57 */
 static void felem_diff(felem out, const felem in)
@@ -681,6 +669,18 @@ static void felem_contract(felem out, const felem in)
 }
 
 /*
+ * Get negative value: out = -in
+ * Requires in[i] < 2^63,
+ * ensures out[0] < 2^56, out[1] < 2^56, out[2] < 2^56, out[3] <= 2^56 + 2^16
+ */
+static void felem_neg(felem out, const felem in)
+{
+    widefelem tmp = {0};
+    felem_diff_128_64(tmp, in);
+    felem_reduce(out, tmp);
+}
+
+/*
  * Zero-check: returns 1 if input is 0, and 0 otherwise. We know that field
  * elements are reduced to in < 2^225, so we only need to check three cases:
  * 0, 2^224 - 2^96 + 1, and 2^225 - 2^97 + 2
@@ -818,7 +818,7 @@ static void copy_conditional(felem out, const felem in, limb icopy)
  * Double an elliptic curve point:
  * (X', Y', Z') = 2 * (X, Y, Z), where
  * X' = (3 * (X - Z^2) * (X + Z^2))^2 - 8 * X * Y^2
- * Y' = 3 * (X - Z^2) * (X + Z^2) * (4 * X * Y^2 - X') - 8 * Y^2
+ * Y' = 3 * (X - Z^2) * (X + Z^2) * (4 * X * Y^2 - X') - 8 * Y^4
  * Z' = (Y + Z)^2 - Y^2 - Z^2 = 2 * Y * Z
  * Outputs can equal corresponding inputs, i.e., x_out == x_in is allowed,
  * while x_out == y_in is not (maybe this works, but it's not tested).
@@ -1215,7 +1215,7 @@ static void batch_mul(felem x_out, felem y_out, felem z_out,
  * FUNCTIONS TO MANAGE PRECOMPUTATION
  */
 
-static NISTP224_PRE_COMP *nistp224_pre_comp_new()
+static NISTP224_PRE_COMP *nistp224_pre_comp_new(void)
 {
     NISTP224_PRE_COMP *ret = OPENSSL_zalloc(sizeof(*ret));
 
@@ -1239,7 +1239,7 @@ NISTP224_PRE_COMP *EC_nistp224_pre_comp_dup(NISTP224_PRE_COMP *p)
 {
     int i;
     if (p != NULL)
-        CRYPTO_atomic_add(&p->references, 1, &i, p->lock);
+        CRYPTO_UP_REF(&p->references, &i, p->lock);
     return p;
 }
 
@@ -1250,7 +1250,7 @@ void EC_nistp224_pre_comp_free(NISTP224_PRE_COMP *p)
     if (p == NULL)
         return;
 
-    CRYPTO_atomic_add(&p->references, -1, &i, p->lock);
+    CRYPTO_DOWN_REF(&p->references, &i, p->lock);
     REF_PRINT_COUNT("EC_nistp224", x);
     if (i > 0)
         return;
@@ -1285,9 +1285,10 @@ int ec_GFp_nistp224_group_set_curve(EC_GROUP *group, const BIGNUM *p,
         if ((ctx = new_ctx = BN_CTX_new()) == NULL)
             return 0;
     BN_CTX_start(ctx);
-    if (((curve_p = BN_CTX_get(ctx)) == NULL) ||
-        ((curve_a = BN_CTX_get(ctx)) == NULL) ||
-        ((curve_b = BN_CTX_get(ctx)) == NULL))
+    curve_p = BN_CTX_get(ctx);
+    curve_a = BN_CTX_get(ctx);
+    curve_b = BN_CTX_get(ctx);
+    if (curve_b == NULL)
         goto err;
     BN_bin2bn(nistp224_curve_params[0], sizeof(felem_bytearray), curve_p);
     BN_bin2bn(nistp224_curve_params[1], sizeof(felem_bytearray), curve_a);
@@ -1395,7 +1396,6 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r,
     int j;
     unsigned i;
     int mixed = 0;
-    BN_CTX *new_ctx = NULL;
     BIGNUM *x, *y, *z, *tmp_scalar;
     felem_bytearray g_secret;
     felem_bytearray *secrets = NULL;
@@ -1412,14 +1412,12 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r,
     const EC_POINT *p = NULL;
     const BIGNUM *p_scalar = NULL;
 
-    if (ctx == NULL)
-        if ((ctx = new_ctx = BN_CTX_new()) == NULL)
-            return 0;
     BN_CTX_start(ctx);
-    if (((x = BN_CTX_get(ctx)) == NULL) ||
-        ((y = BN_CTX_get(ctx)) == NULL) ||
-        ((z = BN_CTX_get(ctx)) == NULL) ||
-        ((tmp_scalar = BN_CTX_get(ctx)) == NULL))
+    x = BN_CTX_get(ctx);
+    y = BN_CTX_get(ctx);
+    z = BN_CTX_get(ctx);
+    tmp_scalar = BN_CTX_get(ctx);
+    if (tmp_scalar == NULL)
         goto err;
 
     if (scalar != NULL) {
@@ -1576,7 +1574,6 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r,
  err:
     BN_CTX_end(ctx);
     EC_POINT_free(generator);
-    BN_CTX_free(new_ctx);
     OPENSSL_free(secrets);
     OPENSSL_free(pre_comp);
     OPENSSL_free(tmp_felems);
@@ -1599,7 +1596,9 @@ int ec_GFp_nistp224_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
         if ((ctx = new_ctx = BN_CTX_new()) == NULL)
             return 0;
     BN_CTX_start(ctx);
-    if (((x = BN_CTX_get(ctx)) == NULL) || ((y = BN_CTX_get(ctx)) == NULL))
+    x = BN_CTX_get(ctx);
+    y = BN_CTX_get(ctx);
+    if (y == NULL)
         goto err;
     /* get the generator */
     if (group->generator == NULL)
@@ -1609,7 +1608,7 @@ int ec_GFp_nistp224_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
         goto err;
     BN_bin2bn(nistp224_curve_params[3], sizeof(felem_bytearray), x);
     BN_bin2bn(nistp224_curve_params[4], sizeof(felem_bytearray), y);
-    if (!EC_POINT_set_affine_coordinates_GFp(group, generator, x, y, ctx))
+    if (!EC_POINT_set_affine_coordinates(group, generator, x, y, ctx))
         goto err;
     if ((pre = nistp224_pre_comp_new()) == NULL)
         goto err;
diff --git a/deps/openssl/openssl/crypto/ec/ecp_nistp256.c b/deps/openssl/openssl/crypto/ec/ecp_nistp256.c
index ffd2a7d93a..c87a5e548d 100644
--- a/deps/openssl/openssl/crypto/ec/ecp_nistp256.c
+++ b/deps/openssl/openssl/crypto/ec/ecp_nistp256.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -41,13 +41,13 @@ NON_EMPTY_TRANSLATION_UNIT
 # include <openssl/err.h>
 # include "ec_lcl.h"
 
-# if defined(__GNUC__) && (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 1))
+# if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16
   /* even with gcc, the typedef won't work for 32-bit platforms */
 typedef __uint128_t uint128_t;  /* nonstandard; implemented by gcc on 64-bit
                                  * platforms */
 typedef __int128_t int128_t;
 # else
-#  error "Need GCC 3.1 or later to define type uint128_t"
+#  error "Your compiler doesn't appear to support 128-bit integer types"
 # endif
 
 typedef uint8_t u8;
@@ -1766,7 +1766,7 @@ static void batch_mul(felem x_out, felem y_out, felem z_out,
 /* Precomputation for the group generator. */
 struct nistp256_pre_comp_st {
     smallfelem g_pre_comp[2][16][3];
-    int references;
+    CRYPTO_REF_COUNT references;
     CRYPTO_RWLOCK *lock;
 };
 
@@ -1821,7 +1821,12 @@ const EC_METHOD *EC_GFp_nistp256_method(void)
         ec_key_simple_generate_public_key,
         0, /* keycopy */
         0, /* keyfinish */
-        ecdh_simple_compute_key
+        ecdh_simple_compute_key,
+        0, /* field_inverse_mod_ord */
+        0, /* blind_coordinates */
+        0, /* ladder_pre */
+        0, /* ladder_step */
+        0  /* ladder_post */
     };
 
     return &ret;
@@ -1832,7 +1837,7 @@ const EC_METHOD *EC_GFp_nistp256_method(void)
  * FUNCTIONS TO MANAGE PRECOMPUTATION
  */
 
-static NISTP256_PRE_COMP *nistp256_pre_comp_new()
+static NISTP256_PRE_COMP *nistp256_pre_comp_new(void)
 {
     NISTP256_PRE_COMP *ret = OPENSSL_zalloc(sizeof(*ret));
 
@@ -1856,7 +1861,7 @@ NISTP256_PRE_COMP *EC_nistp256_pre_comp_dup(NISTP256_PRE_COMP *p)
 {
     int i;
     if (p != NULL)
-        CRYPTO_atomic_add(&p->references, 1, &i, p->lock);
+        CRYPTO_UP_REF(&p->references, &i, p->lock);
     return p;
 }
 
@@ -1867,7 +1872,7 @@ void EC_nistp256_pre_comp_free(NISTP256_PRE_COMP *pre)
     if (pre == NULL)
         return;
 
-    CRYPTO_atomic_add(&pre->references, -1, &i, pre->lock);
+    CRYPTO_DOWN_REF(&pre->references, &i, pre->lock);
     REF_PRINT_COUNT("EC_nistp256", x);
     if (i > 0)
         return;
@@ -1902,9 +1907,10 @@ int ec_GFp_nistp256_group_set_curve(EC_GROUP *group, const BIGNUM *p,
         if ((ctx = new_ctx = BN_CTX_new()) == NULL)
             return 0;
     BN_CTX_start(ctx);
-    if (((curve_p = BN_CTX_get(ctx)) == NULL) ||
-        ((curve_a = BN_CTX_get(ctx)) == NULL) ||
-        ((curve_b = BN_CTX_get(ctx)) == NULL))
+    curve_p = BN_CTX_get(ctx);
+    curve_a = BN_CTX_get(ctx);
+    curve_b = BN_CTX_get(ctx);
+    if (curve_b == NULL)
         goto err;
     BN_bin2bn(nistp256_curve_params[0], sizeof(felem_bytearray), curve_p);
     BN_bin2bn(nistp256_curve_params[1], sizeof(felem_bytearray), curve_a);
@@ -2012,7 +2018,6 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r,
     int ret = 0;
     int j;
     int mixed = 0;
-    BN_CTX *new_ctx = NULL;
     BIGNUM *x, *y, *z, *tmp_scalar;
     felem_bytearray g_secret;
     felem_bytearray *secrets = NULL;
@@ -2030,14 +2035,12 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r,
     const EC_POINT *p = NULL;
     const BIGNUM *p_scalar = NULL;
 
-    if (ctx == NULL)
-        if ((ctx = new_ctx = BN_CTX_new()) == NULL)
-            return 0;
     BN_CTX_start(ctx);
-    if (((x = BN_CTX_get(ctx)) == NULL) ||
-        ((y = BN_CTX_get(ctx)) == NULL) ||
-        ((z = BN_CTX_get(ctx)) == NULL) ||
-        ((tmp_scalar = BN_CTX_get(ctx)) == NULL))
+    x = BN_CTX_get(ctx);
+    y = BN_CTX_get(ctx);
+    z = BN_CTX_get(ctx);
+    tmp_scalar = BN_CTX_get(ctx);
+    if (tmp_scalar == NULL)
         goto err;
 
     if (scalar != NULL) {
@@ -2200,7 +2203,6 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r,
  err:
     BN_CTX_end(ctx);
     EC_POINT_free(generator);
-    BN_CTX_free(new_ctx);
     OPENSSL_free(secrets);
     OPENSSL_free(pre_comp);
     OPENSSL_free(tmp_smallfelems);
@@ -2224,7 +2226,9 @@ int ec_GFp_nistp256_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
         if ((ctx = new_ctx = BN_CTX_new()) == NULL)
             return 0;
     BN_CTX_start(ctx);
-    if (((x = BN_CTX_get(ctx)) == NULL) || ((y = BN_CTX_get(ctx)) == NULL))
+    x = BN_CTX_get(ctx);
+    y = BN_CTX_get(ctx);
+    if (y == NULL)
         goto err;
     /* get the generator */
     if (group->generator == NULL)
@@ -2234,7 +2238,7 @@ int ec_GFp_nistp256_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
         goto err;
     BN_bin2bn(nistp256_curve_params[3], sizeof(felem_bytearray), x);
     BN_bin2bn(nistp256_curve_params[4], sizeof(felem_bytearray), y);
-    if (!EC_POINT_set_affine_coordinates_GFp(group, generator, x, y, ctx))
+    if (!EC_POINT_set_affine_coordinates(group, generator, x, y, ctx))
         goto err;
     if ((pre = nistp256_pre_comp_new()) == NULL)
         goto err;
diff --git a/deps/openssl/openssl/crypto/ec/ecp_nistp521.c b/deps/openssl/openssl/crypto/ec/ecp_nistp521.c
index 0a82abca1b..14f2feeb69 100644
--- a/deps/openssl/openssl/crypto/ec/ecp_nistp521.c
+++ b/deps/openssl/openssl/crypto/ec/ecp_nistp521.c
@@ -40,12 +40,12 @@ NON_EMPTY_TRANSLATION_UNIT
 # include <openssl/err.h>
 # include "ec_lcl.h"
 
-# if defined(__GNUC__) && (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 1))
+# if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16
   /* even with gcc, the typedef won't work for 32-bit platforms */
 typedef __uint128_t uint128_t;  /* nonstandard; implemented by gcc on 64-bit
                                  * platforms */
 # else
-#  error "Need GCC 3.1 or later to define type uint128_t"
+#  error "Your compiler doesn't appear to support 128-bit integer types"
 # endif
 
 typedef uint8_t u8;
@@ -1156,9 +1156,9 @@ static void copy_conditional(felem out, const felem in, limb mask)
  * adapted for mixed addition (z2 = 1, or z2 = 0 for the point at infinity).
  *
  * This function includes a branch for checking whether the two input points
- * are equal (while not equal to the point at infinity). This case never
- * happens during single point multiplication, so there is no timing leak for
- * ECDH or ECDSA signing. */
+ * are equal (while not equal to the point at infinity). See comment below
+ * on constant-time.
+ */
 static void point_add(felem x3, felem y3, felem z3,
                       const felem x1, const felem y1, const felem z1,
                       const int mixed, const felem x2, const felem y2,
@@ -1252,6 +1252,22 @@ static void point_add(felem x3, felem y3, felem z3,
     /* ftmp5[i] < 2^61 */
 
     if (x_equal && y_equal && !z1_is_zero && !z2_is_zero) {
+        /*
+         * This is obviously not constant-time but it will almost-never happen
+         * for ECDH / ECDSA. The case where it can happen is during scalar-mult
+         * where the intermediate value gets very close to the group order.
+         * Since |ec_GFp_nistp_recode_scalar_bits| produces signed digits for
+         * the scalar, it's possible for the intermediate value to be a small
+         * negative multiple of the base point, and for the final signed digit
+         * to be the same value. We believe that this only occurs for the scalar
+         * 1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
+         * ffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb
+         * 71e913863f7, in that case the penultimate intermediate is -9G and
+         * the final digit is also -9G. Since this only happens for a single
+         * scalar, the timing leak is irrelevent. (Any attacker who wanted to
+         * check whether a secret scalar was that exact value, can already do
+         * so.)
+         */
         point_double(x3, y3, z3, x1, y1, z1);
         return;
     }
@@ -1587,7 +1603,7 @@ static void batch_mul(felem x_out, felem y_out, felem z_out,
 /* Precomputation for the group generator. */
 struct nistp521_pre_comp_st {
     felem g_pre_comp[16][3];
-    int references;
+    CRYPTO_REF_COUNT references;
     CRYPTO_RWLOCK *lock;
 };
 
@@ -1643,7 +1659,11 @@ const EC_METHOD *EC_GFp_nistp521_method(void)
         0, /* keycopy */
         0, /* keyfinish */
         ecdh_simple_compute_key,
-        0  /* blind_coordinates */
+        0, /* field_inverse_mod_ord */
+        0, /* blind_coordinates */
+        0, /* ladder_pre */
+        0, /* ladder_step */
+        0  /* ladder_post */
     };
 
     return &ret;
@@ -1654,7 +1674,7 @@ const EC_METHOD *EC_GFp_nistp521_method(void)
  * FUNCTIONS TO MANAGE PRECOMPUTATION
  */
 
-static NISTP521_PRE_COMP *nistp521_pre_comp_new()
+static NISTP521_PRE_COMP *nistp521_pre_comp_new(void)
 {
     NISTP521_PRE_COMP *ret = OPENSSL_zalloc(sizeof(*ret));
 
@@ -1678,7 +1698,7 @@ NISTP521_PRE_COMP *EC_nistp521_pre_comp_dup(NISTP521_PRE_COMP *p)
 {
     int i;
     if (p != NULL)
-        CRYPTO_atomic_add(&p->references, 1, &i, p->lock);
+        CRYPTO_UP_REF(&p->references, &i, p->lock);
     return p;
 }
 
@@ -1689,7 +1709,7 @@ void EC_nistp521_pre_comp_free(NISTP521_PRE_COMP *p)
     if (p == NULL)
         return;
 
-    CRYPTO_atomic_add(&p->references, -1, &i, p->lock);
+    CRYPTO_DOWN_REF(&p->references, &i, p->lock);
     REF_PRINT_COUNT("EC_nistp521", x);
     if (i > 0)
         return;
@@ -1724,9 +1744,10 @@ int ec_GFp_nistp521_group_set_curve(EC_GROUP *group, const BIGNUM *p,
         if ((ctx = new_ctx = BN_CTX_new()) == NULL)
             return 0;
     BN_CTX_start(ctx);
-    if (((curve_p = BN_CTX_get(ctx)) == NULL) ||
-        ((curve_a = BN_CTX_get(ctx)) == NULL) ||
-        ((curve_b = BN_CTX_get(ctx)) == NULL))
+    curve_p = BN_CTX_get(ctx);
+    curve_a = BN_CTX_get(ctx);
+    curve_b = BN_CTX_get(ctx);
+    if (curve_b == NULL)
         goto err;
     BN_bin2bn(nistp521_curve_params[0], sizeof(felem_bytearray), curve_p);
     BN_bin2bn(nistp521_curve_params[1], sizeof(felem_bytearray), curve_a);
@@ -1834,7 +1855,6 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r,
     int ret = 0;
     int j;
     int mixed = 0;
-    BN_CTX *new_ctx = NULL;
     BIGNUM *x, *y, *z, *tmp_scalar;
     felem_bytearray g_secret;
     felem_bytearray *secrets = NULL;
@@ -1851,14 +1871,12 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r,
     const EC_POINT *p = NULL;
     const BIGNUM *p_scalar = NULL;
 
-    if (ctx == NULL)
-        if ((ctx = new_ctx = BN_CTX_new()) == NULL)
-            return 0;
     BN_CTX_start(ctx);
-    if (((x = BN_CTX_get(ctx)) == NULL) ||
-        ((y = BN_CTX_get(ctx)) == NULL) ||
-        ((z = BN_CTX_get(ctx)) == NULL) ||
-        ((tmp_scalar = BN_CTX_get(ctx)) == NULL))
+    x = BN_CTX_get(ctx);
+    y = BN_CTX_get(ctx);
+    z = BN_CTX_get(ctx);
+    tmp_scalar = BN_CTX_get(ctx);
+    if (tmp_scalar == NULL)
         goto err;
 
     if (scalar != NULL) {
@@ -2019,7 +2037,6 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r,
  err:
     BN_CTX_end(ctx);
     EC_POINT_free(generator);
-    BN_CTX_free(new_ctx);
     OPENSSL_free(secrets);
     OPENSSL_free(pre_comp);
     OPENSSL_free(tmp_felems);
@@ -2042,7 +2059,9 @@ int ec_GFp_nistp521_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
         if ((ctx = new_ctx = BN_CTX_new()) == NULL)
             return 0;
     BN_CTX_start(ctx);
-    if (((x = BN_CTX_get(ctx)) == NULL) || ((y = BN_CTX_get(ctx)) == NULL))
+    x = BN_CTX_get(ctx);
+    y = BN_CTX_get(ctx);
+    if (y == NULL)
         goto err;
     /* get the generator */
     if (group->generator == NULL)
@@ -2052,7 +2071,7 @@ int ec_GFp_nistp521_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
         goto err;
     BN_bin2bn(nistp521_curve_params[3], sizeof(felem_bytearray), x);
     BN_bin2bn(nistp521_curve_params[4], sizeof(felem_bytearray), y);
-    if (!EC_POINT_set_affine_coordinates_GFp(group, generator, x, y, ctx))
+    if (!EC_POINT_set_affine_coordinates(group, generator, x, y, ctx))
         goto err;
     if ((pre = nistp521_pre_comp_new()) == NULL)
         goto err;
diff --git a/deps/openssl/openssl/crypto/ec/ecp_nistz256.c b/deps/openssl/openssl/crypto/ec/ecp_nistz256.c
index 7eafce649b..b0564bdbd0 100644
--- a/deps/openssl/openssl/crypto/ec/ecp_nistz256.c
+++ b/deps/openssl/openssl/crypto/ec/ecp_nistz256.c
@@ -1,45 +1,29 @@
 /*
  * Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2014, Intel Corporation. All Rights Reserved.
+ * Copyright (c) 2015, CloudFlare, Inc.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
  * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Shay Gueron (1, 2), and Vlad Krasnov (1, 3)
+ * (1) Intel Corporation, Israel Development Center, Haifa, Israel
+ * (2) University of Haifa, Israel
+ * (3) CloudFlare, Inc.
+ *
+ * Reference:
+ * S.Gueron and V.Krasnov, "Fast Prime Field Elliptic Curve Cryptography with
+ *                          256 Bit Primes"
  */
 
-/******************************************************************************
- *                                                                            *
- * Copyright 2014 Intel Corporation                                           *
- *                                                                            *
- * Licensed under the Apache License, Version 2.0 (the "License");            *
- * you may not use this file except in compliance with the License.           *
- * You may obtain a copy of the License at                                    *
- *                                                                            *
- *    http://www.apache.org/licenses/LICENSE-2.0                              *
- *                                                                            *
- * Unless required by applicable law or agreed to in writing, software        *
- * distributed under the License is distributed on an "AS IS" BASIS,          *
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   *
- * See the License for the specific language governing permissions and        *
- * limitations under the License.                                             *
- *                                                                            *
- ******************************************************************************
- *                                                                            *
- * Developers and authors:                                                    *
- * Shay Gueron (1, 2), and Vlad Krasnov (1)                                   *
- * (1) Intel Corporation, Israel Development Center                           *
- * (2) University of Haifa                                                    *
- * Reference:                                                                 *
- * S.Gueron and V.Krasnov, "Fast Prime Field Elliptic Curve Cryptography with *
- *                          256 Bit Primes"                                   *
- *                                                                            *
- ******************************************************************************/
-
 #include <string.h>
 
 #include "internal/cryptlib.h"
 #include "internal/bn_int.h"
 #include "ec_lcl.h"
+#include "internal/refcount.h"
 
 #if BN_BITS2 != 64
 # define TOBN(hi,lo)    lo,hi
@@ -84,7 +68,7 @@ struct nistz256_pre_comp_st {
      */
     PRECOMP256_ROW *precomp;
     void *precomp_storage;
-    int references;
+    CRYPTO_REF_COUNT references;
     CRYPTO_RWLOCK *lock;
 };
 
@@ -254,6 +238,16 @@ static BN_ULONG is_one(const BIGNUM *z)
     return res;
 }
 
+/*
+ * For reference, this macro is used only when new ecp_nistz256 assembly
+ * module is being developed.  For example, configure with
+ * -DECP_NISTZ256_REFERENCE_IMPLEMENTATION and implement only functions
+ * performing simplest arithmetic operations on 256-bit vectors. Then
+ * work on implementation of higher-level functions performing point
+ * operations. Then remove ECP_NISTZ256_REFERENCE_IMPLEMENTATION
+ * and never define it again. (The correct macro denoting presence of
+ * ecp_nistz256 module is ECP_NISTZ256_ASM.)
+ */
 #ifndef ECP_NISTZ256_REFERENCE_IMPLEMENTATION
 void ecp_nistz256_point_double(P256_POINT *r, const P256_POINT *a);
 void ecp_nistz256_point_add(P256_POINT *r,
@@ -916,7 +910,7 @@ __owur static int ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx)
  */
 #if defined(ECP_NISTZ256_AVX2)
 # if !(defined(__x86_64) || defined(__x86_64__) || \
-       defined(_M_AMD64) || defined(_MX64)) || \
+       defined(_M_AMD64) || defined(_M_X64)) || \
      !(defined(__GNUC__) || defined(_MSC_VER)) /* this is for ALIGN32 */
 #  undef ECP_NISTZ256_AVX2
 # else
@@ -1129,12 +1123,10 @@ __owur static int ecp_nistz256_points_mul(const EC_GROUP *group,
                                           const BIGNUM *scalars[], BN_CTX *ctx)
 {
     int i = 0, ret = 0, no_precomp_for_generator = 0, p_is_infinity = 0;
-    size_t j;
     unsigned char p_str[33] = { 0 };
     const PRECOMP256_ROW *preComputedTable = NULL;
     const NISTZ256_PRE_COMP *pre_comp = NULL;
     const EC_POINT *generator = NULL;
-    BN_CTX *new_ctx = NULL;
     const BIGNUM **new_scalars = NULL;
     const EC_POINT **new_points = NULL;
     unsigned int idx = 0;
@@ -1152,27 +1144,6 @@ __owur static int ecp_nistz256_points_mul(const EC_GROUP *group,
         return 0;
     }
 
-    if (!ec_point_is_compat(r, group)) {
-        ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS);
-        return 0;
-    }
-
-    if ((scalar == NULL) && (num == 0))
-        return EC_POINT_set_to_infinity(group, r);
-
-    for (j = 0; j < num; j++) {
-        if (!ec_point_is_compat(points[j], group)) {
-            ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS);
-            return 0;
-        }
-    }
-
-    if (ctx == NULL) {
-        ctx = new_ctx = BN_CTX_new();
-        if (ctx == NULL)
-            goto err;
-    }
-
     BN_CTX_start(ctx);
 
     if (scalar) {
@@ -1368,9 +1339,7 @@ __owur static int ecp_nistz256_points_mul(const EC_GROUP *group,
     ret = 1;
 
 err:
-    if (ctx)
-        BN_CTX_end(ctx);
-    BN_CTX_free(new_ctx);
+    BN_CTX_end(ctx);
     OPENSSL_free(new_points);
     OPENSSL_free(new_scalars);
     return ret;
@@ -1451,7 +1420,7 @@ NISTZ256_PRE_COMP *EC_nistz256_pre_comp_dup(NISTZ256_PRE_COMP *p)
 {
     int i;
     if (p != NULL)
-        CRYPTO_atomic_add(&p->references, 1, &i, p->lock);
+        CRYPTO_UP_REF(&p->references, &i, p->lock);
     return p;
 }
 
@@ -1462,7 +1431,7 @@ void EC_nistz256_pre_comp_free(NISTZ256_PRE_COMP *pre)
     if (pre == NULL)
         return;
 
-    CRYPTO_atomic_add(&pre->references, -1, &i, pre->lock);
+    CRYPTO_DOWN_REF(&pre->references, &i, pre->lock);
     REF_PRINT_COUNT("EC_nistz256", x);
     if (i > 0)
         return;
@@ -1487,6 +1456,189 @@ static int ecp_nistz256_window_have_precompute_mult(const EC_GROUP *group)
     return HAVEPRECOMP(group, nistz256);
 }
 
+#if defined(__x86_64) || defined(__x86_64__) || \
+    defined(_M_AMD64) || defined(_M_X64) || \
+    defined(__powerpc64__) || defined(_ARCH_PP64) || \
+    defined(__aarch64__)
+/*
+ * Montgomery mul modulo Order(P): res = a*b*2^-256 mod Order(P)
+ */
+void ecp_nistz256_ord_mul_mont(BN_ULONG res[P256_LIMBS],
+                               const BN_ULONG a[P256_LIMBS],
+                               const BN_ULONG b[P256_LIMBS]);
+void ecp_nistz256_ord_sqr_mont(BN_ULONG res[P256_LIMBS],
+                               const BN_ULONG a[P256_LIMBS],
+                               int rep);
+
+static int ecp_nistz256_inv_mod_ord(const EC_GROUP *group, BIGNUM *r,
+                                    const BIGNUM *x, BN_CTX *ctx)
+{
+    /* RR = 2^512 mod ord(p256) */
+    static const BN_ULONG RR[P256_LIMBS]  = {
+        TOBN(0x83244c95,0xbe79eea2), TOBN(0x4699799c,0x49bd6fa6),
+        TOBN(0x2845b239,0x2b6bec59), TOBN(0x66e12d94,0xf3d95620)
+    };
+    /* The constant 1 (unlike ONE that is one in Montgomery representation) */
+    static const BN_ULONG one[P256_LIMBS] = {
+        TOBN(0,1), TOBN(0,0), TOBN(0,0), TOBN(0,0)
+    };
+    /*
+     * We don't use entry 0 in the table, so we omit it and address
+     * with -1 offset.
+     */
+    BN_ULONG table[15][P256_LIMBS];
+    BN_ULONG out[P256_LIMBS], t[P256_LIMBS];
+    int i, ret = 0;
+    enum {
+        i_1 = 0, i_10,     i_11,     i_101, i_111, i_1010, i_1111,
+        i_10101, i_101010, i_101111, i_x6,  i_x8,  i_x16,  i_x32
+    };
+
+    /*
+     * Catch allocation failure early.
+     */
+    if (bn_wexpand(r, P256_LIMBS) == NULL) {
+        ECerr(EC_F_ECP_NISTZ256_INV_MOD_ORD, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    if ((BN_num_bits(x) > 256) || BN_is_negative(x)) {
+        BIGNUM *tmp;
+
+        if ((tmp = BN_CTX_get(ctx)) == NULL
+            || !BN_nnmod(tmp, x, group->order, ctx)) {
+            ECerr(EC_F_ECP_NISTZ256_INV_MOD_ORD, ERR_R_BN_LIB);
+            goto err;
+        }
+        x = tmp;
+    }
+
+    if (!ecp_nistz256_bignum_to_field_elem(t, x)) {
+        ECerr(EC_F_ECP_NISTZ256_INV_MOD_ORD, EC_R_COORDINATES_OUT_OF_RANGE);
+        goto err;
+    }
+
+    ecp_nistz256_ord_mul_mont(table[0], t, RR);
+#if 0
+    /*
+     * Original sparse-then-fixed-window algorithm, retained for reference.
+     */
+    for (i = 2; i < 16; i += 2) {
+        ecp_nistz256_ord_sqr_mont(table[i-1], table[i/2-1], 1);
+        ecp_nistz256_ord_mul_mont(table[i], table[i-1], table[0]);
+    }
+
+    /*
+     * The top 128bit of the exponent are highly redudndant, so we
+     * perform an optimized flow
+     */
+    ecp_nistz256_ord_sqr_mont(t, table[15-1], 4);   /* f0 */
+    ecp_nistz256_ord_mul_mont(t, t, table[15-1]);   /* ff */
+
+    ecp_nistz256_ord_sqr_mont(out, t, 8);           /* ff00 */
+    ecp_nistz256_ord_mul_mont(out, out, t);         /* ffff */
+
+    ecp_nistz256_ord_sqr_mont(t, out, 16);          /* ffff0000 */
+    ecp_nistz256_ord_mul_mont(t, t, out);           /* ffffffff */
+
+    ecp_nistz256_ord_sqr_mont(out, t, 64);          /* ffffffff0000000000000000 */
+    ecp_nistz256_ord_mul_mont(out, out, t);         /* ffffffff00000000ffffffff */
+
+    ecp_nistz256_ord_sqr_mont(out, out, 32);        /* ffffffff00000000ffffffff00000000 */
+    ecp_nistz256_ord_mul_mont(out, out, t);         /* ffffffff00000000ffffffffffffffff */
+
+    /*
+     * The bottom 128 bit of the exponent are processed with fixed 4-bit window
+     */
+    for(i = 0; i < 32; i++) {
+        /* expLo - the low 128 bits of the exponent we use (ord(p256) - 2),
+         * split into nibbles */
+        static const unsigned char expLo[32]  = {
+            0xb,0xc,0xe,0x6,0xf,0xa,0xa,0xd,0xa,0x7,0x1,0x7,0x9,0xe,0x8,0x4,
+            0xf,0x3,0xb,0x9,0xc,0xa,0xc,0x2,0xf,0xc,0x6,0x3,0x2,0x5,0x4,0xf
+        };
+
+        ecp_nistz256_ord_sqr_mont(out, out, 4);
+        /* The exponent is public, no need in constant-time access */
+        ecp_nistz256_ord_mul_mont(out, out, table[expLo[i]-1]);
+    }
+#else
+    /*
+     * https://briansmith.org/ecc-inversion-addition-chains-01#p256_scalar_inversion
+     *
+     * Even though this code path spares 12 squarings, 4.5%, and 13
+     * multiplications, 25%, on grand scale sign operation is not that
+     * much faster, not more that 2%...
+     */
+
+    /* pre-calculate powers */
+    ecp_nistz256_ord_sqr_mont(table[i_10], table[i_1], 1);
+
+    ecp_nistz256_ord_mul_mont(table[i_11], table[i_1], table[i_10]);
+
+    ecp_nistz256_ord_mul_mont(table[i_101], table[i_11], table[i_10]);
+
+    ecp_nistz256_ord_mul_mont(table[i_111], table[i_101], table[i_10]);
+
+    ecp_nistz256_ord_sqr_mont(table[i_1010], table[i_101], 1);
+
+    ecp_nistz256_ord_mul_mont(table[i_1111], table[i_1010], table[i_101]);
+
+    ecp_nistz256_ord_sqr_mont(table[i_10101], table[i_1010], 1);
+    ecp_nistz256_ord_mul_mont(table[i_10101], table[i_10101], table[i_1]);
+
+    ecp_nistz256_ord_sqr_mont(table[i_101010], table[i_10101], 1);
+
+    ecp_nistz256_ord_mul_mont(table[i_101111], table[i_101010], table[i_101]);
+
+    ecp_nistz256_ord_mul_mont(table[i_x6], table[i_101010], table[i_10101]);
+
+    ecp_nistz256_ord_sqr_mont(table[i_x8], table[i_x6], 2);
+    ecp_nistz256_ord_mul_mont(table[i_x8], table[i_x8], table[i_11]);
+
+    ecp_nistz256_ord_sqr_mont(table[i_x16], table[i_x8], 8);
+    ecp_nistz256_ord_mul_mont(table[i_x16], table[i_x16], table[i_x8]);
+
+    ecp_nistz256_ord_sqr_mont(table[i_x32], table[i_x16], 16);
+    ecp_nistz256_ord_mul_mont(table[i_x32], table[i_x32], table[i_x16]);
+
+    /* calculations */
+    ecp_nistz256_ord_sqr_mont(out, table[i_x32], 64);
+    ecp_nistz256_ord_mul_mont(out, out, table[i_x32]);
+
+    for (i = 0; i < 27; i++) {
+        static const struct { unsigned char p, i; } chain[27] = {
+            { 32, i_x32 }, { 6,  i_101111 }, { 5,  i_111    },
+            { 4,  i_11  }, { 5,  i_1111   }, { 5,  i_10101  },
+            { 4,  i_101 }, { 3,  i_101    }, { 3,  i_101    },
+            { 5,  i_111 }, { 9,  i_101111 }, { 6,  i_1111   },
+            { 2,  i_1   }, { 5,  i_1      }, { 6,  i_1111   },
+            { 5,  i_111 }, { 4,  i_111    }, { 5,  i_111    },
+            { 5,  i_101 }, { 3,  i_11     }, { 10, i_101111 },
+            { 2,  i_11  }, { 5,  i_11     }, { 5,  i_11     },
+            { 3,  i_1   }, { 7,  i_10101  }, { 6,  i_1111   }
+        };
+
+        ecp_nistz256_ord_sqr_mont(out, out, chain[i].p);
+        ecp_nistz256_ord_mul_mont(out, out, table[chain[i].i]);
+    }
+#endif
+    ecp_nistz256_ord_mul_mont(out, out, one);
+
+    /*
+     * Can't fail, but check return code to be consistent anyway.
+     */
+    if (!bn_set_words(r, out, P256_LIMBS))
+        goto err;
+
+    ret = 1;
+err:
+    return ret;
+}
+#else
+# define ecp_nistz256_inv_mod_ord NULL
+#endif
+
 const EC_METHOD *EC_GFp_nistz256_method(void)
 {
     static const EC_METHOD ret = {
@@ -1537,7 +1689,11 @@ const EC_METHOD *EC_GFp_nistz256_method(void)
         0, /* keycopy */
         0, /* keyfinish */
         ecdh_simple_compute_key,
-        0                                           /* blind_coordinates */
+        ecp_nistz256_inv_mod_ord,                   /* can be #define-d NULL */
+        0,                                          /* blind_coordinates */
+        0,                                          /* ladder_pre */
+        0,                                          /* ladder_step */
+        0                                           /* ladder_post */
     };
 
     return &ret;
diff --git a/deps/openssl/openssl/crypto/ec/ecp_oct.c b/deps/openssl/openssl/crypto/ec/ecp_oct.c
index 4d142a4ab9..7ade1b3d21 100644
--- a/deps/openssl/openssl/crypto/ec/ecp_oct.c
+++ b/deps/openssl/openssl/crypto/ec/ecp_oct.c
@@ -1,5 +1,6 @@
 /*
- * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -7,12 +8,6 @@
  * https://www.openssl.org/source/license.html
  */
 
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Portions of this software developed by SUN MICROSYSTEMS, INC.,
- * and contributed to the OpenSSL project.
- */
-
 #include <openssl/err.h>
 #include <openssl/symhacks.h>
 
@@ -130,7 +125,7 @@ int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group,
                       EC_R_INVALID_COMPRESSION_BIT);
             else
                 /*
-                 * BN_mod_sqrt() should have cought this error (not a square)
+                 * BN_mod_sqrt() should have caught this error (not a square)
                  */
                 ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES,
                       EC_R_INVALID_COMPRESSED_POINT);
@@ -145,7 +140,7 @@ int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group,
         goto err;
     }
 
-    if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx))
+    if (!EC_POINT_set_affine_coordinates(group, point, x, y, ctx))
         goto err;
 
     ret = 1;
@@ -211,7 +206,7 @@ size_t ec_GFp_simple_point2oct(const EC_GROUP *group, const EC_POINT *point,
         if (y == NULL)
             goto err;
 
-        if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx))
+        if (!EC_POINT_get_affine_coordinates(group, point, x, y, ctx))
             goto err;
 
         if ((form == POINT_CONVERSION_COMPRESSED
@@ -338,8 +333,7 @@ int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
     }
 
     if (form == POINT_CONVERSION_COMPRESSED) {
-        if (!EC_POINT_set_compressed_coordinates_GFp
-            (group, point, x, y_bit, ctx))
+        if (!EC_POINT_set_compressed_coordinates(group, point, x, y_bit, ctx))
             goto err;
     } else {
         if (!BN_bin2bn(buf + 1 + field_len, field_len, y))
@@ -356,10 +350,10 @@ int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
         }
 
         /*
-         * EC_POINT_set_affine_coordinates_GFp is responsible for checking that
+         * EC_POINT_set_affine_coordinates is responsible for checking that
          * the point is on the curve.
          */
-        if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx))
+        if (!EC_POINT_set_affine_coordinates(group, point, x, y, ctx))
             goto err;
     }
 
diff --git a/deps/openssl/openssl/crypto/ec/ecp_smpl.c b/deps/openssl/openssl/crypto/ec/ecp_smpl.c
index adfb194576..d0c5557ff4 100644
--- a/deps/openssl/openssl/crypto/ec/ecp_smpl.c
+++ b/deps/openssl/openssl/crypto/ec/ecp_smpl.c
@@ -1,5 +1,6 @@
 /*
  * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -7,12 +8,6 @@
  * https://www.openssl.org/source/license.html
  */
 
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Portions of this software developed by SUN MICROSYSTEMS, INC.,
- * and contributed to the OpenSSL project.
- */
-
 #include <openssl/err.h>
 #include <openssl/symhacks.h>
 
@@ -68,7 +63,11 @@ const EC_METHOD *EC_GFp_simple_method(void)
         0, /* keycopy */
         0, /* keyfinish */
         ecdh_simple_compute_key,
-        ec_GFp_simple_blind_coordinates
+        0, /* field_inverse_mod_ord */
+        ec_GFp_simple_blind_coordinates,
+        ec_GFp_simple_ladder_pre,
+        ec_GFp_simple_ladder_step,
+        ec_GFp_simple_ladder_post
     };
 
     return &ret;
@@ -1182,9 +1181,9 @@ int ec_GFp_simple_make_affine(const EC_GROUP *group, EC_POINT *point,
     if (y == NULL)
         goto err;
 
-    if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx))
+    if (!EC_POINT_get_affine_coordinates(group, point, x, y, ctx))
         goto err;
-    if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx))
+    if (!EC_POINT_set_affine_coordinates(group, point, x, y, ctx))
         goto err;
     if (!point->Z_is_one) {
         ECerr(EC_F_EC_GFP_SIMPLE_MAKE_AFFINE, ERR_R_INTERNAL_ERROR);
@@ -1220,7 +1219,7 @@ int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num,
     BN_CTX_start(ctx);
     tmp = BN_CTX_get(ctx);
     tmp_Z = BN_CTX_get(ctx);
-    if (tmp == NULL || tmp_Z == NULL)
+    if (tmp_Z == NULL)
         goto err;
 
     prod_Z = OPENSSL_malloc(num * sizeof(prod_Z[0]));
@@ -1394,7 +1393,7 @@ int ec_GFp_simple_blind_coordinates(const EC_GROUP *group, EC_POINT *p,
 
     /* make sure lambda is not zero */
     do {
-        if (!BN_rand_range(lambda, group->field)) {
+        if (!BN_priv_rand_range(lambda, group->field)) {
             ECerr(EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES, ERR_R_BN_LIB);
             goto err;
         }
@@ -1419,6 +1418,227 @@ int ec_GFp_simple_blind_coordinates(const EC_GROUP *group, EC_POINT *p,
     ret = 1;
 
  err:
-     BN_CTX_end(ctx);
-     return ret;
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+/*-
+ * Set s := p, r := 2p.
+ *
+ * For doubling we use Formula 3 from Izu-Takagi "A fast parallel elliptic curve
+ * multiplication resistant against side channel attacks" appendix, as described
+ * at
+ * https://hyperelliptic.org/EFD/g1p/auto-shortw-xz.html#doubling-dbl-2002-it-2
+ *
+ * The input point p will be in randomized Jacobian projective coords:
+ *      x = X/Z**2, y=Y/Z**3
+ *
+ * The output points p, s, and r are converted to standard (homogeneous)
+ * projective coords:
+ *      x = X/Z, y=Y/Z
+ */
+int ec_GFp_simple_ladder_pre(const EC_GROUP *group,
+                             EC_POINT *r, EC_POINT *s,
+                             EC_POINT *p, BN_CTX *ctx)
+{
+    BIGNUM *t1, *t2, *t3, *t4, *t5, *t6 = NULL;
+
+    t1 = r->Z;
+    t2 = r->Y;
+    t3 = s->X;
+    t4 = r->X;
+    t5 = s->Y;
+    t6 = s->Z;
+
+    /* convert p: (X,Y,Z) -> (XZ,Y,Z**3) */
+    if (!group->meth->field_mul(group, p->X, p->X, p->Z, ctx)
+        || !group->meth->field_sqr(group, t1, p->Z, ctx)
+        || !group->meth->field_mul(group, p->Z, p->Z, t1, ctx)
+        /* r := 2p */
+        || !group->meth->field_sqr(group, t2, p->X, ctx)
+        || !group->meth->field_sqr(group, t3, p->Z, ctx)
+        || !group->meth->field_mul(group, t4, t3, group->a, ctx)
+        || !BN_mod_sub_quick(t5, t2, t4, group->field)
+        || !BN_mod_add_quick(t2, t2, t4, group->field)
+        || !group->meth->field_sqr(group, t5, t5, ctx)
+        || !group->meth->field_mul(group, t6, t3, group->b, ctx)
+        || !group->meth->field_mul(group, t1, p->X, p->Z, ctx)
+        || !group->meth->field_mul(group, t4, t1, t6, ctx)
+        || !BN_mod_lshift_quick(t4, t4, 3, group->field)
+        /* r->X coord output */
+        || !BN_mod_sub_quick(r->X, t5, t4, group->field)
+        || !group->meth->field_mul(group, t1, t1, t2, ctx)
+        || !group->meth->field_mul(group, t2, t3, t6, ctx)
+        || !BN_mod_add_quick(t1, t1, t2, group->field)
+        /* r->Z coord output */
+        || !BN_mod_lshift_quick(r->Z, t1, 2, group->field)
+        || !EC_POINT_copy(s, p))
+        return 0;
+
+    r->Z_is_one = 0;
+    s->Z_is_one = 0;
+    p->Z_is_one = 0;
+
+    return 1;
+}
+
+/*-
+ * Differential addition-and-doubling using  Eq. (9) and (10) from Izu-Takagi
+ * "A fast parallel elliptic curve multiplication resistant against side channel
+ * attacks", as described at
+ * https://hyperelliptic.org/EFD/g1p/auto-shortw-xz.html#ladder-ladd-2002-it-4
+ */
+int ec_GFp_simple_ladder_step(const EC_GROUP *group,
+                              EC_POINT *r, EC_POINT *s,
+                              EC_POINT *p, BN_CTX *ctx)
+{
+    int ret = 0;
+    BIGNUM *t0, *t1, *t2, *t3, *t4, *t5, *t6, *t7 = NULL;
+
+    BN_CTX_start(ctx);
+    t0 = BN_CTX_get(ctx);
+    t1 = BN_CTX_get(ctx);
+    t2 = BN_CTX_get(ctx);
+    t3 = BN_CTX_get(ctx);
+    t4 = BN_CTX_get(ctx);
+    t5 = BN_CTX_get(ctx);
+    t6 = BN_CTX_get(ctx);
+    t7 = BN_CTX_get(ctx);
+
+    if (t7 == NULL
+        || !group->meth->field_mul(group, t0, r->X, s->X, ctx)
+        || !group->meth->field_mul(group, t1, r->Z, s->Z, ctx)
+        || !group->meth->field_mul(group, t2, r->X, s->Z, ctx)
+        || !group->meth->field_mul(group, t3, r->Z, s->X, ctx)
+        || !group->meth->field_mul(group, t4, group->a, t1, ctx)
+        || !BN_mod_add_quick(t0, t0, t4, group->field)
+        || !BN_mod_add_quick(t4, t3, t2, group->field)
+        || !group->meth->field_mul(group, t0, t4, t0, ctx)
+        || !group->meth->field_sqr(group, t1, t1, ctx)
+        || !BN_mod_lshift_quick(t7, group->b, 2, group->field)
+        || !group->meth->field_mul(group, t1, t7, t1, ctx)
+        || !BN_mod_lshift1_quick(t0, t0, group->field)
+        || !BN_mod_add_quick(t0, t1, t0, group->field)
+        || !BN_mod_sub_quick(t1, t2, t3, group->field)
+        || !group->meth->field_sqr(group, t1, t1, ctx)
+        || !group->meth->field_mul(group, t3, t1, p->X, ctx)
+        || !group->meth->field_mul(group, t0, p->Z, t0, ctx)
+        /* s->X coord output */
+        || !BN_mod_sub_quick(s->X, t0, t3, group->field)
+        /* s->Z coord output */
+        || !group->meth->field_mul(group, s->Z, p->Z, t1, ctx)
+        || !group->meth->field_sqr(group, t3, r->X, ctx)
+        || !group->meth->field_sqr(group, t2, r->Z, ctx)
+        || !group->meth->field_mul(group, t4, t2, group->a, ctx)
+        || !BN_mod_add_quick(t5, r->X, r->Z, group->field)
+        || !group->meth->field_sqr(group, t5, t5, ctx)
+        || !BN_mod_sub_quick(t5, t5, t3, group->field)
+        || !BN_mod_sub_quick(t5, t5, t2, group->field)
+        || !BN_mod_sub_quick(t6, t3, t4, group->field)
+        || !group->meth->field_sqr(group, t6, t6, ctx)
+        || !group->meth->field_mul(group, t0, t2, t5, ctx)
+        || !group->meth->field_mul(group, t0, t7, t0, ctx)
+        /* r->X coord output */
+        || !BN_mod_sub_quick(r->X, t6, t0, group->field)
+        || !BN_mod_add_quick(t6, t3, t4, group->field)
+        || !group->meth->field_sqr(group, t3, t2, ctx)
+        || !group->meth->field_mul(group, t7, t3, t7, ctx)
+        || !group->meth->field_mul(group, t5, t5, t6, ctx)
+        || !BN_mod_lshift1_quick(t5, t5, group->field)
+        /* r->Z coord output */
+        || !BN_mod_add_quick(r->Z, t7, t5, group->field))
+        goto err;
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+/*-
+ * Recovers the y-coordinate of r using Eq. (8) from Brier-Joye, "Weierstrass
+ * Elliptic Curves and Side-Channel Attacks", modified to work in projective
+ * coordinates and return r in Jacobian projective coordinates.
+ *
+ * X4 = two*Y1*X2*Z3*Z2*Z1;
+ * Y4 = two*b*Z3*SQR(Z2*Z1) + Z3*(a*Z2*Z1+X1*X2)*(X1*Z2+X2*Z1) - X3*SQR(X1*Z2-X2*Z1);
+ * Z4 = two*Y1*Z3*SQR(Z2)*Z1;
+ *
+ * Z4 != 0 because:
+ *  - Z1==0 implies p is at infinity, which would have caused an early exit in
+ *    the caller;
+ *  - Z2==0 implies r is at infinity (handled by the BN_is_zero(r->Z) branch);
+ *  - Z3==0 implies s is at infinity (handled by the BN_is_zero(s->Z) branch);
+ *  - Y1==0 implies p has order 2, so either r or s are infinity and handled by
+ *    one of the BN_is_zero(...) branches.
+ */
+int ec_GFp_simple_ladder_post(const EC_GROUP *group,
+                              EC_POINT *r, EC_POINT *s,
+                              EC_POINT *p, BN_CTX *ctx)
+{
+    int ret = 0;
+    BIGNUM *t0, *t1, *t2, *t3, *t4, *t5, *t6 = NULL;
+
+    if (BN_is_zero(r->Z))
+        return EC_POINT_set_to_infinity(group, r);
+
+    if (BN_is_zero(s->Z)) {
+        /* (X,Y,Z) -> (XZ,YZ**2,Z) */
+        if (!group->meth->field_mul(group, r->X, p->X, p->Z, ctx)
+            || !group->meth->field_sqr(group, r->Z, p->Z, ctx)
+            || !group->meth->field_mul(group, r->Y, p->Y, r->Z, ctx)
+            || !BN_copy(r->Z, p->Z)
+            || !EC_POINT_invert(group, r, ctx))
+            return 0;
+        return 1;
+    }
+
+    BN_CTX_start(ctx);
+    t0 = BN_CTX_get(ctx);
+    t1 = BN_CTX_get(ctx);
+    t2 = BN_CTX_get(ctx);
+    t3 = BN_CTX_get(ctx);
+    t4 = BN_CTX_get(ctx);
+    t5 = BN_CTX_get(ctx);
+    t6 = BN_CTX_get(ctx);
+
+    if (t6 == NULL
+        || !BN_mod_lshift1_quick(t0, p->Y, group->field)
+        || !group->meth->field_mul(group, t1, r->X, p->Z, ctx)
+        || !group->meth->field_mul(group, t2, r->Z, s->Z, ctx)
+        || !group->meth->field_mul(group, t2, t1, t2, ctx)
+        || !group->meth->field_mul(group, t3, t2, t0, ctx)
+        || !group->meth->field_mul(group, t2, r->Z, p->Z, ctx)
+        || !group->meth->field_sqr(group, t4, t2, ctx)
+        || !BN_mod_lshift1_quick(t5, group->b, group->field)
+        || !group->meth->field_mul(group, t4, t4, t5, ctx)
+        || !group->meth->field_mul(group, t6, t2, group->a, ctx)
+        || !group->meth->field_mul(group, t5, r->X, p->X, ctx)
+        || !BN_mod_add_quick(t5, t6, t5, group->field)
+        || !group->meth->field_mul(group, t6, r->Z, p->X, ctx)
+        || !BN_mod_add_quick(t2, t6, t1, group->field)
+        || !group->meth->field_mul(group, t5, t5, t2, ctx)
+        || !BN_mod_sub_quick(t6, t6, t1, group->field)
+        || !group->meth->field_sqr(group, t6, t6, ctx)
+        || !group->meth->field_mul(group, t6, t6, s->X, ctx)
+        || !BN_mod_add_quick(t4, t5, t4, group->field)
+        || !group->meth->field_mul(group, t4, t4, s->Z, ctx)
+        || !BN_mod_sub_quick(t4, t4, t6, group->field)
+        || !group->meth->field_sqr(group, t5, r->Z, ctx)
+        || !group->meth->field_mul(group, r->Z, p->Z, s->Z, ctx)
+        || !group->meth->field_mul(group, r->Z, t5, r->Z, ctx)
+        || !group->meth->field_mul(group, r->Z, r->Z, t0, ctx)
+        /* t3 := X, t4 := Y */
+        /* (X,Y,Z) -> (XZ,YZ**2,Z) */
+        || !group->meth->field_mul(group, r->X, t3, r->Z, ctx)
+        || !group->meth->field_sqr(group, t3, r->Z, ctx)
+        || !group->meth->field_mul(group, r->Y, t4, t3, ctx))
+        goto err;
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    return ret;
 }
diff --git a/deps/openssl/openssl/crypto/ec/ecx_meth.c b/deps/openssl/openssl/crypto/ec/ecx_meth.c
index 018a9419f0..b76bfdb6dc 100644
--- a/deps/openssl/openssl/crypto/ec/ecx_meth.c
+++ b/deps/openssl/openssl/crypto/ec/ecx_meth.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -16,28 +16,39 @@
 #include "internal/evp_int.h"
 #include "ec_lcl.h"
 
-#define X25519_KEYLEN        32
 #define X25519_BITS          253
 #define X25519_SECURITY_BITS 128
 
-typedef struct {
-    unsigned char pubkey[X25519_KEYLEN];
-    unsigned char *privkey;
-} X25519_KEY;
+#define ED25519_SIGSIZE      64
+
+#define X448_BITS            448
+#define ED448_BITS           456
+#define X448_SECURITY_BITS   224
+
+#define ED448_SIGSIZE        114
+
+#define ISX448(id)      ((id) == EVP_PKEY_X448)
+#define IS25519(id)     ((id) == EVP_PKEY_X25519 || (id) == EVP_PKEY_ED25519)
+#define KEYLENID(id)    (IS25519(id) ? X25519_KEYLEN \
+                                     : ((id) == EVP_PKEY_X448 ? X448_KEYLEN \
+                                                              : ED448_KEYLEN))
+#define KEYLEN(p)       KEYLENID((p)->ameth->pkey_id)
+
 
 typedef enum {
-    X25519_PUBLIC,
-    X25519_PRIVATE,
-    X25519_KEYGEN
+    KEY_OP_PUBLIC,
+    KEY_OP_PRIVATE,
+    KEY_OP_KEYGEN
 } ecx_key_op_t;
 
 /* Setup EVP_PKEY using public, private or generation */
-static int ecx_key_op(EVP_PKEY *pkey, const X509_ALGOR *palg,
+static int ecx_key_op(EVP_PKEY *pkey, int id, const X509_ALGOR *palg,
                       const unsigned char *p, int plen, ecx_key_op_t op)
 {
-    X25519_KEY *xkey;
+    ECX_KEY *key = NULL;
+    unsigned char *privkey, *pubkey;
 
-    if (op != X25519_KEYGEN) {
+    if (op != KEY_OP_KEYGEN) {
         if (palg != NULL) {
             int ptype;
 
@@ -49,64 +60,85 @@ static int ecx_key_op(EVP_PKEY *pkey, const X509_ALGOR *palg,
             }
         }
 
-        if (p == NULL || plen != X25519_KEYLEN) {
+        if (p == NULL || plen != KEYLENID(id)) {
             ECerr(EC_F_ECX_KEY_OP, EC_R_INVALID_ENCODING);
             return 0;
         }
     }
 
-    xkey = OPENSSL_zalloc(sizeof(*xkey));
-    if (xkey == NULL) {
+    key = OPENSSL_zalloc(sizeof(*key));
+    if (key == NULL) {
         ECerr(EC_F_ECX_KEY_OP, ERR_R_MALLOC_FAILURE);
         return 0;
     }
+    pubkey = key->pubkey;
 
-    if (op == X25519_PUBLIC) {
-        memcpy(xkey->pubkey, p, plen);
+    if (op == KEY_OP_PUBLIC) {
+        memcpy(pubkey, p, plen);
     } else {
-        xkey->privkey = OPENSSL_secure_malloc(X25519_KEYLEN);
-        if (xkey->privkey == NULL) {
+        privkey = key->privkey = OPENSSL_secure_malloc(KEYLENID(id));
+        if (privkey == NULL) {
             ECerr(EC_F_ECX_KEY_OP, ERR_R_MALLOC_FAILURE);
-            OPENSSL_free(xkey);
-            return 0;
+            goto err;
         }
-        if (op == X25519_KEYGEN) {
-            if (RAND_bytes(xkey->privkey, X25519_KEYLEN) <= 0) {
-                OPENSSL_secure_free(xkey->privkey);
-                OPENSSL_free(xkey);
-                return 0;
+        if (op == KEY_OP_KEYGEN) {
+            if (RAND_priv_bytes(privkey, KEYLENID(id)) <= 0) {
+                OPENSSL_secure_free(privkey);
+                key->privkey = NULL;
+                goto err;
+            }
+            if (id == EVP_PKEY_X25519) {
+                privkey[0] &= 248;
+                privkey[X25519_KEYLEN - 1] &= 127;
+                privkey[X25519_KEYLEN - 1] |= 64;
+            } else if (id == EVP_PKEY_X448) {
+                privkey[0] &= 252;
+                privkey[X448_KEYLEN - 1] |= 128;
             }
-            xkey->privkey[0] &= 248;
-            xkey->privkey[31] &= 127;
-            xkey->privkey[31] |= 64;
         } else {
-            memcpy(xkey->privkey, p, X25519_KEYLEN);
+            memcpy(privkey, p, KEYLENID(id));
+        }
+        switch (id) {
+        case EVP_PKEY_X25519:
+            X25519_public_from_private(pubkey, privkey);
+            break;
+        case EVP_PKEY_ED25519:
+            ED25519_public_from_private(pubkey, privkey);
+            break;
+        case EVP_PKEY_X448:
+            X448_public_from_private(pubkey, privkey);
+            break;
+        case EVP_PKEY_ED448:
+            ED448_public_from_private(pubkey, privkey);
+            break;
         }
-        X25519_public_from_private(xkey->pubkey, xkey->privkey);
     }
 
-    EVP_PKEY_assign(pkey, NID_X25519, xkey);
+    EVP_PKEY_assign(pkey, id, key);
     return 1;
+ err:
+    OPENSSL_free(key);
+    return 0;
 }
 
 static int ecx_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
 {
-    const X25519_KEY *xkey = pkey->pkey.ptr;
+    const ECX_KEY *ecxkey = pkey->pkey.ecx;
     unsigned char *penc;
 
-    if (xkey == NULL) {
+    if (ecxkey == NULL) {
         ECerr(EC_F_ECX_PUB_ENCODE, EC_R_INVALID_KEY);
         return 0;
     }
 
-    penc = OPENSSL_memdup(xkey->pubkey, X25519_KEYLEN);
+    penc = OPENSSL_memdup(ecxkey->pubkey, KEYLEN(pkey));
     if (penc == NULL) {
         ECerr(EC_F_ECX_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
         return 0;
     }
 
-    if (!X509_PUBKEY_set0_param(pk, OBJ_nid2obj(NID_X25519), V_ASN1_UNDEF,
-                                NULL, penc, X25519_KEYLEN)) {
+    if (!X509_PUBKEY_set0_param(pk, OBJ_nid2obj(pkey->ameth->pkey_id),
+                                V_ASN1_UNDEF, NULL, penc, KEYLEN(pkey))) {
         OPENSSL_free(penc);
         ECerr(EC_F_ECX_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
         return 0;
@@ -122,17 +154,19 @@ static int ecx_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
 
     if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
         return 0;
-    return ecx_key_op(pkey, palg, p, pklen, X25519_PUBLIC);
+    return ecx_key_op(pkey, pkey->ameth->pkey_id, palg, p, pklen,
+                      KEY_OP_PUBLIC);
 }
 
 static int ecx_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
 {
-    const X25519_KEY *akey = a->pkey.ptr;
-    const X25519_KEY *bkey = b->pkey.ptr;
+    const ECX_KEY *akey = a->pkey.ecx;
+    const ECX_KEY *bkey = b->pkey.ecx;
 
     if (akey == NULL || bkey == NULL)
         return -2;
-    return !CRYPTO_memcmp(akey->pubkey, bkey->pubkey, X25519_KEYLEN);
+
+    return CRYPTO_memcmp(akey->pubkey, bkey->pubkey, KEYLEN(a)) == 0;
 }
 
 static int ecx_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8)
@@ -155,25 +189,25 @@ static int ecx_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8)
         plen = ASN1_STRING_length(oct);
     }
 
-    rv = ecx_key_op(pkey, palg, p, plen, X25519_PRIVATE);
+    rv = ecx_key_op(pkey, pkey->ameth->pkey_id, palg, p, plen, KEY_OP_PRIVATE);
     ASN1_OCTET_STRING_free(oct);
     return rv;
 }
 
 static int ecx_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
 {
-    const X25519_KEY *xkey = pkey->pkey.ptr;
+    const ECX_KEY *ecxkey = pkey->pkey.ecx;
     ASN1_OCTET_STRING oct;
     unsigned char *penc = NULL;
     int penclen;
 
-    if (xkey == NULL || xkey->privkey == NULL) {
+    if (ecxkey == NULL || ecxkey->privkey == NULL) {
         ECerr(EC_F_ECX_PRIV_ENCODE, EC_R_INVALID_PRIVATE_KEY);
         return 0;
     }
 
-    oct.data = xkey->privkey;
-    oct.length = X25519_KEYLEN;
+    oct.data = ecxkey->privkey;
+    oct.length = KEYLEN(pkey);
     oct.flags = 0;
 
     penclen = i2d_ASN1_OCTET_STRING(&oct, &penc);
@@ -182,7 +216,7 @@ static int ecx_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
         return 0;
     }
 
-    if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_X25519), 0,
+    if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(pkey->ameth->pkey_id), 0,
                          V_ASN1_UNDEF, NULL, penc, penclen)) {
         OPENSSL_clear_free(penc, penclen);
         ECerr(EC_F_ECX_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
@@ -194,26 +228,34 @@ static int ecx_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
 
 static int ecx_size(const EVP_PKEY *pkey)
 {
-    return X25519_KEYLEN;
+    return KEYLEN(pkey);
 }
 
 static int ecx_bits(const EVP_PKEY *pkey)
 {
-    return X25519_BITS;
+    if (IS25519(pkey->ameth->pkey_id)) {
+        return X25519_BITS;
+    } else if(ISX448(pkey->ameth->pkey_id)) {
+        return X448_BITS;
+    } else {
+        return ED448_BITS;
+    }
 }
 
 static int ecx_security_bits(const EVP_PKEY *pkey)
 {
-    return X25519_SECURITY_BITS;
+    if (IS25519(pkey->ameth->pkey_id)) {
+        return X25519_SECURITY_BITS;
+    } else {
+        return X448_SECURITY_BITS;
+    }
 }
 
 static void ecx_free(EVP_PKEY *pkey)
 {
-    X25519_KEY *xkey = pkey->pkey.ptr;
-
-    if (xkey)
-        OPENSSL_secure_clear_free(xkey->privkey, X25519_KEYLEN);
-    OPENSSL_free(xkey);
+    if (pkey->pkey.ecx != NULL)
+        OPENSSL_secure_clear_free(pkey->pkey.ecx->privkey, KEYLEN(pkey));
+    OPENSSL_free(pkey->pkey.ecx);
 }
 
 /* "parameters" are always equal */
@@ -225,32 +267,36 @@ static int ecx_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
 static int ecx_key_print(BIO *bp, const EVP_PKEY *pkey, int indent,
                          ASN1_PCTX *ctx, ecx_key_op_t op)
 {
-    const X25519_KEY *xkey = pkey->pkey.ptr;
+    const ECX_KEY *ecxkey = pkey->pkey.ecx;
+    const char *nm = OBJ_nid2ln(pkey->ameth->pkey_id);
 
-    if (op == X25519_PRIVATE) {
-        if (xkey == NULL || xkey->privkey == NULL) {
+    if (op == KEY_OP_PRIVATE) {
+        if (ecxkey == NULL || ecxkey->privkey == NULL) {
             if (BIO_printf(bp, "%*s<INVALID PRIVATE KEY>\n", indent, "") <= 0)
                 return 0;
             return 1;
         }
-        if (BIO_printf(bp, "%*sX25519 Private-Key:\n", indent, "") <= 0)
+        if (BIO_printf(bp, "%*s%s Private-Key:\n", indent, "", nm) <= 0)
             return 0;
         if (BIO_printf(bp, "%*spriv:\n", indent, "") <= 0)
             return 0;
-        if (ASN1_buf_print(bp, xkey->privkey, X25519_KEYLEN, indent + 4) == 0)
+        if (ASN1_buf_print(bp, ecxkey->privkey, KEYLEN(pkey),
+                           indent + 4) == 0)
             return 0;
     } else {
-        if (xkey == NULL) {
+        if (ecxkey == NULL) {
             if (BIO_printf(bp, "%*s<INVALID PUBLIC KEY>\n", indent, "") <= 0)
                 return 0;
             return 1;
         }
-        if (BIO_printf(bp, "%*sX25519 Public-Key:\n", indent, "") <= 0)
+        if (BIO_printf(bp, "%*s%s Public-Key:\n", indent, "", nm) <= 0)
             return 0;
     }
     if (BIO_printf(bp, "%*spub:\n", indent, "") <= 0)
         return 0;
-    if (ASN1_buf_print(bp, xkey->pubkey, X25519_KEYLEN, indent + 4) == 0)
+
+    if (ASN1_buf_print(bp, ecxkey->pubkey, KEYLEN(pkey),
+                       indent + 4) == 0)
         return 0;
     return 1;
 }
@@ -258,13 +304,13 @@ static int ecx_key_print(BIO *bp, const EVP_PKEY *pkey, int indent,
 static int ecx_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent,
                           ASN1_PCTX *ctx)
 {
-    return ecx_key_print(bp, pkey, indent, ctx, X25519_PRIVATE);
+    return ecx_key_print(bp, pkey, indent, ctx, KEY_OP_PRIVATE);
 }
 
 static int ecx_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent,
                          ASN1_PCTX *ctx)
 {
-    return ecx_key_print(bp, pkey, indent, ctx, X25519_PUBLIC);
+    return ecx_key_print(bp, pkey, indent, ctx, KEY_OP_PUBLIC);
 }
 
 static int ecx_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
@@ -272,20 +318,31 @@ static int ecx_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
     switch (op) {
 
     case ASN1_PKEY_CTRL_SET1_TLS_ENCPT:
-        return ecx_key_op(pkey, NULL, arg2, arg1, X25519_PUBLIC);
+        return ecx_key_op(pkey, pkey->ameth->pkey_id, NULL, arg2, arg1,
+                          KEY_OP_PUBLIC);
 
     case ASN1_PKEY_CTRL_GET1_TLS_ENCPT:
-        if (pkey->pkey.ptr != NULL) {
-            const X25519_KEY *xkey = pkey->pkey.ptr;
+        if (pkey->pkey.ecx != NULL) {
             unsigned char **ppt = arg2;
-            *ppt = OPENSSL_memdup(xkey->pubkey, X25519_KEYLEN);
+
+            *ppt = OPENSSL_memdup(pkey->pkey.ecx->pubkey, KEYLEN(pkey));
             if (*ppt != NULL)
-                return X25519_KEYLEN;
+                return KEYLEN(pkey);
         }
         return 0;
 
+    default:
+        return -2;
+
+    }
+}
+
+static int ecd_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
+{
+    switch (op) {
     case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
-        *(int *)arg2 = NID_sha256;
+        /* We currently only support Pure EdDSA which takes no digest */
+        *(int *)arg2 = NID_undef;
         return 2;
 
     default:
@@ -294,9 +351,63 @@ static int ecx_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
     }
 }
 
+static int ecx_set_priv_key(EVP_PKEY *pkey, const unsigned char *priv,
+                            size_t len)
+{
+    return ecx_key_op(pkey, pkey->ameth->pkey_id, NULL, priv, len,
+                       KEY_OP_PRIVATE);
+}
+
+static int ecx_set_pub_key(EVP_PKEY *pkey, const unsigned char *pub, size_t len)
+{
+    return ecx_key_op(pkey, pkey->ameth->pkey_id, NULL, pub, len,
+                      KEY_OP_PUBLIC);
+}
+
+static int ecx_get_priv_key(const EVP_PKEY *pkey, unsigned char *priv,
+                            size_t *len)
+{
+    const ECX_KEY *key = pkey->pkey.ecx;
+
+    if (priv == NULL) {
+        *len = KEYLENID(pkey->ameth->pkey_id);
+        return 1;
+    }
+
+    if (key == NULL
+            || key->privkey == NULL
+            || *len < (size_t)KEYLENID(pkey->ameth->pkey_id))
+        return 0;
+
+    *len = KEYLENID(pkey->ameth->pkey_id);
+    memcpy(priv, key->privkey, *len);
+
+    return 1;
+}
+
+static int ecx_get_pub_key(const EVP_PKEY *pkey, unsigned char *pub,
+                           size_t *len)
+{
+    const ECX_KEY *key = pkey->pkey.ecx;
+
+    if (pub == NULL) {
+        *len = KEYLENID(pkey->ameth->pkey_id);
+        return 1;
+    }
+
+    if (key == NULL
+            || *len < (size_t)KEYLENID(pkey->ameth->pkey_id))
+        return 0;
+
+    *len = KEYLENID(pkey->ameth->pkey_id);
+    memcpy(pub, key->pubkey, *len);
+
+    return 1;
+}
+
 const EVP_PKEY_ASN1_METHOD ecx25519_asn1_meth = {
-    NID_X25519,
-    NID_X25519,
+    EVP_PKEY_X25519,
+    EVP_PKEY_X25519,
     0,
     "X25519",
     "OpenSSL X25519 algorithm",
@@ -321,36 +432,277 @@ const EVP_PKEY_ASN1_METHOD ecx25519_asn1_meth = {
     ecx_free,
     ecx_ctrl,
     NULL,
-    NULL
+    NULL,
+
+    NULL,
+    NULL,
+    NULL,
+
+    NULL,
+    NULL,
+    NULL,
+
+    ecx_set_priv_key,
+    ecx_set_pub_key,
+    ecx_get_priv_key,
+    ecx_get_pub_key,
+};
+
+const EVP_PKEY_ASN1_METHOD ecx448_asn1_meth = {
+    EVP_PKEY_X448,
+    EVP_PKEY_X448,
+    0,
+    "X448",
+    "OpenSSL X448 algorithm",
+
+    ecx_pub_decode,
+    ecx_pub_encode,
+    ecx_pub_cmp,
+    ecx_pub_print,
+
+    ecx_priv_decode,
+    ecx_priv_encode,
+    ecx_priv_print,
+
+    ecx_size,
+    ecx_bits,
+    ecx_security_bits,
+
+    0, 0, 0, 0,
+    ecx_cmp_parameters,
+    0, 0,
+
+    ecx_free,
+    ecx_ctrl,
+    NULL,
+    NULL,
+
+    NULL,
+    NULL,
+    NULL,
+
+    NULL,
+    NULL,
+    NULL,
+
+    ecx_set_priv_key,
+    ecx_set_pub_key,
+    ecx_get_priv_key,
+    ecx_get_pub_key,
+};
+
+static int ecd_size25519(const EVP_PKEY *pkey)
+{
+    return ED25519_SIGSIZE;
+}
+
+static int ecd_size448(const EVP_PKEY *pkey)
+{
+    return ED448_SIGSIZE;
+}
+
+static int ecd_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
+                           X509_ALGOR *sigalg, ASN1_BIT_STRING *str,
+                           EVP_PKEY *pkey)
+{
+    const ASN1_OBJECT *obj;
+    int ptype;
+    int nid;
+
+    /* Sanity check: make sure it is ED25519/ED448 with absent parameters */
+    X509_ALGOR_get0(&obj, &ptype, NULL, sigalg);
+    nid = OBJ_obj2nid(obj);
+    if ((nid != NID_ED25519 && nid != NID_ED448) || ptype != V_ASN1_UNDEF) {
+        ECerr(EC_F_ECD_ITEM_VERIFY, EC_R_INVALID_ENCODING);
+        return 0;
+    }
+
+    if (!EVP_DigestVerifyInit(ctx, NULL, NULL, NULL, pkey))
+        return 0;
+
+    return 2;
+}
+
+static int ecd_item_sign25519(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
+                              X509_ALGOR *alg1, X509_ALGOR *alg2,
+                              ASN1_BIT_STRING *str)
+{
+    /* Set algorithms identifiers */
+    X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_ED25519), V_ASN1_UNDEF, NULL);
+    if (alg2)
+        X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_ED25519), V_ASN1_UNDEF, NULL);
+    /* Algorithm idetifiers set: carry on as normal */
+    return 3;
+}
+
+static int ecd_sig_info_set25519(X509_SIG_INFO *siginf, const X509_ALGOR *alg,
+                                 const ASN1_STRING *sig)
+{
+    X509_SIG_INFO_set(siginf, NID_undef, NID_ED25519, X25519_SECURITY_BITS,
+                      X509_SIG_INFO_TLS);
+    return 1;
+}
+
+static int ecd_item_sign448(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
+                            X509_ALGOR *alg1, X509_ALGOR *alg2,
+                            ASN1_BIT_STRING *str)
+{
+    /* Set algorithm identifier */
+    X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_ED448), V_ASN1_UNDEF, NULL);
+    if (alg2 != NULL)
+        X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_ED448), V_ASN1_UNDEF, NULL);
+    /* Algorithm identifier set: carry on as normal */
+    return 3;
+}
+
+static int ecd_sig_info_set448(X509_SIG_INFO *siginf, const X509_ALGOR *alg,
+                               const ASN1_STRING *sig)
+{
+    X509_SIG_INFO_set(siginf, NID_undef, NID_ED448, X448_SECURITY_BITS,
+                      X509_SIG_INFO_TLS);
+    return 1;
+}
+
+
+const EVP_PKEY_ASN1_METHOD ed25519_asn1_meth = {
+    EVP_PKEY_ED25519,
+    EVP_PKEY_ED25519,
+    0,
+    "ED25519",
+    "OpenSSL ED25519 algorithm",
+
+    ecx_pub_decode,
+    ecx_pub_encode,
+    ecx_pub_cmp,
+    ecx_pub_print,
+
+    ecx_priv_decode,
+    ecx_priv_encode,
+    ecx_priv_print,
+
+    ecd_size25519,
+    ecx_bits,
+    ecx_security_bits,
+
+    0, 0, 0, 0,
+    ecx_cmp_parameters,
+    0, 0,
+
+    ecx_free,
+    ecd_ctrl,
+    NULL,
+    NULL,
+    ecd_item_verify,
+    ecd_item_sign25519,
+    ecd_sig_info_set25519,
+
+    NULL,
+    NULL,
+    NULL,
+
+    ecx_set_priv_key,
+    ecx_set_pub_key,
+    ecx_get_priv_key,
+    ecx_get_pub_key,
+};
+
+const EVP_PKEY_ASN1_METHOD ed448_asn1_meth = {
+    EVP_PKEY_ED448,
+    EVP_PKEY_ED448,
+    0,
+    "ED448",
+    "OpenSSL ED448 algorithm",
+
+    ecx_pub_decode,
+    ecx_pub_encode,
+    ecx_pub_cmp,
+    ecx_pub_print,
+
+    ecx_priv_decode,
+    ecx_priv_encode,
+    ecx_priv_print,
+
+    ecd_size448,
+    ecx_bits,
+    ecx_security_bits,
+
+    0, 0, 0, 0,
+    ecx_cmp_parameters,
+    0, 0,
+
+    ecx_free,
+    ecd_ctrl,
+    NULL,
+    NULL,
+    ecd_item_verify,
+    ecd_item_sign448,
+    ecd_sig_info_set448,
+
+    NULL,
+    NULL,
+    NULL,
+
+    ecx_set_priv_key,
+    ecx_set_pub_key,
+    ecx_get_priv_key,
+    ecx_get_pub_key,
 };
 
 static int pkey_ecx_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
 {
-    return ecx_key_op(pkey, NULL, NULL, 0, X25519_KEYGEN);
+    return ecx_key_op(pkey, ctx->pmeth->pkey_id, NULL, NULL, 0, KEY_OP_KEYGEN);
 }
 
-static int pkey_ecx_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
-                           size_t *keylen)
+static int validate_ecx_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
+                                          size_t *keylen,
+                                          const unsigned char **privkey,
+                                          const unsigned char **pubkey)
 {
-    const X25519_KEY *pkey, *peerkey;
+    const ECX_KEY *ecxkey, *peerkey;
 
     if (ctx->pkey == NULL || ctx->peerkey == NULL) {
-        ECerr(EC_F_PKEY_ECX_DERIVE, EC_R_KEYS_NOT_SET);
+        ECerr(EC_F_VALIDATE_ECX_DERIVE, EC_R_KEYS_NOT_SET);
         return 0;
     }
-    pkey = ctx->pkey->pkey.ptr;
-    peerkey = ctx->peerkey->pkey.ptr;
-    if (pkey == NULL || pkey->privkey == NULL) {
-        ECerr(EC_F_PKEY_ECX_DERIVE, EC_R_INVALID_PRIVATE_KEY);
+    ecxkey = ctx->pkey->pkey.ecx;
+    peerkey = ctx->peerkey->pkey.ecx;
+    if (ecxkey == NULL || ecxkey->privkey == NULL) {
+        ECerr(EC_F_VALIDATE_ECX_DERIVE, EC_R_INVALID_PRIVATE_KEY);
         return 0;
     }
     if (peerkey == NULL) {
-        ECerr(EC_F_PKEY_ECX_DERIVE, EC_R_INVALID_PEER_KEY);
+        ECerr(EC_F_VALIDATE_ECX_DERIVE, EC_R_INVALID_PEER_KEY);
         return 0;
     }
+    *privkey = ecxkey->privkey;
+    *pubkey = peerkey->pubkey;
+
+    return 1;
+}
+
+static int pkey_ecx_derive25519(EVP_PKEY_CTX *ctx, unsigned char *key,
+                                size_t *keylen)
+{
+    const unsigned char *privkey, *pubkey;
+
+    if (!validate_ecx_derive(ctx, key, keylen, &privkey, &pubkey)
+            || (key != NULL
+                && X25519(key, privkey, pubkey) == 0))
+        return 0;
     *keylen = X25519_KEYLEN;
-    if (key != NULL && X25519(key, pkey->privkey, peerkey->pubkey) == 0)
+    return 1;
+}
+
+static int pkey_ecx_derive448(EVP_PKEY_CTX *ctx, unsigned char *key,
+                              size_t *keylen)
+{
+    const unsigned char *privkey, *pubkey;
+
+    if (!validate_ecx_derive(ctx, key, keylen, &privkey, &pubkey)
+            || (key != NULL
+                && X448(key, privkey, pubkey) == 0))
         return 0;
+    *keylen = X448_KEYLEN;
     return 1;
 }
 
@@ -363,11 +715,126 @@ static int pkey_ecx_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
 }
 
 const EVP_PKEY_METHOD ecx25519_pkey_meth = {
-    NID_X25519,
+    EVP_PKEY_X25519,
+    0, 0, 0, 0, 0, 0, 0,
+    pkey_ecx_keygen,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    pkey_ecx_derive25519,
+    pkey_ecx_ctrl,
+    0
+};
+
+const EVP_PKEY_METHOD ecx448_pkey_meth = {
+    EVP_PKEY_X448,
     0, 0, 0, 0, 0, 0, 0,
     pkey_ecx_keygen,
     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-    pkey_ecx_derive,
+    pkey_ecx_derive448,
     pkey_ecx_ctrl,
     0
 };
+
+static int pkey_ecd_digestsign25519(EVP_MD_CTX *ctx, unsigned char *sig,
+                                    size_t *siglen, const unsigned char *tbs,
+                                    size_t tbslen)
+{
+    const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx;
+
+    if (sig == NULL) {
+        *siglen = ED25519_SIGSIZE;
+        return 1;
+    }
+    if (*siglen < ED25519_SIGSIZE) {
+        ECerr(EC_F_PKEY_ECD_DIGESTSIGN25519, EC_R_BUFFER_TOO_SMALL);
+        return 0;
+    }
+
+    if (ED25519_sign(sig, tbs, tbslen, edkey->pubkey, edkey->privkey) == 0)
+        return 0;
+    *siglen = ED25519_SIGSIZE;
+    return 1;
+}
+
+static int pkey_ecd_digestsign448(EVP_MD_CTX *ctx, unsigned char *sig,
+                                  size_t *siglen, const unsigned char *tbs,
+                                  size_t tbslen)
+{
+    const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx;
+
+    if (sig == NULL) {
+        *siglen = ED448_SIGSIZE;
+        return 1;
+    }
+    if (*siglen < ED448_SIGSIZE) {
+        ECerr(EC_F_PKEY_ECD_DIGESTSIGN448, EC_R_BUFFER_TOO_SMALL);
+        return 0;
+    }
+
+    if (ED448_sign(sig, tbs, tbslen, edkey->pubkey, edkey->privkey, NULL,
+                   0) == 0)
+        return 0;
+    *siglen = ED448_SIGSIZE;
+    return 1;
+}
+
+static int pkey_ecd_digestverify25519(EVP_MD_CTX *ctx, const unsigned char *sig,
+                                      size_t siglen, const unsigned char *tbs,
+                                      size_t tbslen)
+{
+    const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx;
+
+    if (siglen != ED25519_SIGSIZE)
+        return 0;
+
+    return ED25519_verify(tbs, tbslen, sig, edkey->pubkey);
+}
+
+static int pkey_ecd_digestverify448(EVP_MD_CTX *ctx, const unsigned char *sig,
+                                    size_t siglen, const unsigned char *tbs,
+                                    size_t tbslen)
+{
+    const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx;
+
+    if (siglen != ED448_SIGSIZE)
+        return 0;
+
+    return ED448_verify(tbs, tbslen, sig, edkey->pubkey, NULL, 0);
+}
+
+static int pkey_ecd_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+    switch (type) {
+    case EVP_PKEY_CTRL_MD:
+        /* Only NULL allowed as digest */
+        if (p2 == NULL || (const EVP_MD *)p2 == EVP_md_null())
+            return 1;
+        ECerr(EC_F_PKEY_ECD_CTRL, EC_R_INVALID_DIGEST_TYPE);
+        return 0;
+
+    case EVP_PKEY_CTRL_DIGESTINIT:
+        return 1;
+    }
+    return -2;
+}
+
+const EVP_PKEY_METHOD ed25519_pkey_meth = {
+    EVP_PKEY_ED25519, EVP_PKEY_FLAG_SIGCTX_CUSTOM,
+    0, 0, 0, 0, 0, 0,
+    pkey_ecx_keygen,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    pkey_ecd_ctrl,
+    0,
+    pkey_ecd_digestsign25519,
+    pkey_ecd_digestverify25519
+};
+
+const EVP_PKEY_METHOD ed448_pkey_meth = {
+    EVP_PKEY_ED448, EVP_PKEY_FLAG_SIGCTX_CUSTOM,
+    0, 0, 0, 0, 0, 0,
+    pkey_ecx_keygen,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    pkey_ecd_ctrl,
+    0,
+    pkey_ecd_digestsign448,
+    pkey_ecd_digestverify448
+};
diff --git a/deps/openssl/openssl/crypto/engine/README b/deps/openssl/openssl/crypto/engine/README
index 41baa184c3..0050b9e509 100644
--- a/deps/openssl/openssl/crypto/engine/README
+++ b/deps/openssl/openssl/crypto/engine/README
@@ -161,7 +161,7 @@ actually qualitatively different depending on 'nid' (the "des_cbc" EVP_CIPHER is
 not an interoperable implementation of "aes_256_cbc"), RSA_METHODs are
 necessarily interoperable and don't have different flavours, only different
 implementations. In other words, the ENGINE_TABLE for RSA will either be empty,
-or will have a single ENGING_PILE hashed to by the 'nid' 1 and that pile
+or will have a single ENGINE_PILE hashed to by the 'nid' 1 and that pile
 represents ENGINEs that implement the single "type" of RSA there is.
 
 Cleanup - the registration and unregistration may pose questions about how
@@ -188,7 +188,7 @@ state will be unchanged. Thus, no cleanup is required unless registration takes
 place. ENGINE_cleanup() will simply iterate across a list of registered cleanup
 callbacks calling each in turn, and will then internally delete its own storage
 (a STACK). When a cleanup callback is next registered (eg. if the cleanup() is
-part of a gracefull restart and the application wants to cleanup all state then
+part of a graceful restart and the application wants to cleanup all state then
 start again), the internal STACK storage will be freshly allocated. This is much
 the same as the situation in the ENGINE_TABLE instantiations ... NULL is the
 initialised state, so only modification operations (not queries) will cause that
@@ -204,8 +204,8 @@ exists) - the idea of providing an ENGINE_cpy() function probably wasn't a good
 one and now certainly doesn't make sense in any generalised way. Some of the
 RSA, DSA, DH, and RAND functions that were fiddled during the original ENGINE
 changes have now, as a consequence, been reverted back. This is because the
-hooking of ENGINE is now automatic (and passive, it can interally use a NULL
+hooking of ENGINE is now automatic (and passive, it can internally use a NULL
 ENGINE pointer to simply ignore ENGINE from then on).
 
-Hell, that should be enough for now ... comments welcome: geoff@openssl.org
+Hell, that should be enough for now ... comments welcome.
 
diff --git a/deps/openssl/openssl/crypto/engine/build.info b/deps/openssl/openssl/crypto/engine/build.info
index 161dad4d02..e00802a3fd 100644
--- a/deps/openssl/openssl/crypto/engine/build.info
+++ b/deps/openssl/openssl/crypto/engine/build.info
@@ -4,5 +4,8 @@ SOURCE[../../libcrypto]=\
         eng_table.c eng_pkey.c eng_fat.c eng_all.c \
         tb_rsa.c tb_dsa.c tb_dh.c tb_rand.c \
         tb_cipher.c tb_digest.c tb_pkmeth.c tb_asnmth.c tb_eckey.c \
-        eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c \
+        eng_openssl.c eng_cnf.c eng_dyn.c \
         eng_rdrand.c
+IF[{- !$disabled{devcryptoeng} -}]
+  SOURCE[../../libcrypto]=eng_devcrypto.c
+ENDIF
diff --git a/deps/openssl/openssl/crypto/engine/eng_all.c b/deps/openssl/openssl/crypto/engine/eng_all.c
index ebe0277370..af306ccffc 100644
--- a/deps/openssl/openssl/crypto/engine/eng_all.c
+++ b/deps/openssl/openssl/crypto/engine/eng_all.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -18,14 +18,8 @@ void ENGINE_load_builtin_engines(void)
     OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL);
 }
 
-#if (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)) && !defined(OPENSSL_NO_DEPRECATED)
+#if (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__DragonFly__)) && OPENSSL_API_COMPAT < 0x10100000L
 void ENGINE_setup_bsd_cryptodev(void)
 {
-    static int bsd_cryptodev_default_loaded = 0;
-    if (!bsd_cryptodev_default_loaded) {
-        OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_CRYPTODEV, NULL);
-        ENGINE_register_all_complete();
-    }
-    bsd_cryptodev_default_loaded = 1;
 }
 #endif
diff --git a/deps/openssl/openssl/crypto/engine/eng_cryptodev.c b/deps/openssl/openssl/crypto/engine/eng_cryptodev.c
deleted file mode 100644
index 5572735008..0000000000
--- a/deps/openssl/openssl/crypto/engine/eng_cryptodev.c
+++ /dev/null
@@ -1,1757 +0,0 @@
-/*
- * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-/*
- * Copyright (c) 2002 Bob Beck <beck@openbsd.org>
- * Copyright (c) 2002 Theo de Raadt
- * Copyright (c) 2002 Markus Friedl
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY
- * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#include <openssl/objects.h>
-#include <internal/engine.h>
-#include <openssl/evp.h>
-#include <openssl/bn.h>
-#include <openssl/crypto.h>
-
-#if (defined(__unix__) || defined(unix)) && !defined(USG) && \
-        (defined(OpenBSD) || defined(__FreeBSD__))
-# include <sys/param.h>
-# if (defined(OpenBSD) && (OpenBSD >= 200112)) || \
-     (defined(__FreeBSD_version) && \
-      ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || \
-       __FreeBSD_version >= 500041))
-#  define HAVE_CRYPTODEV
-# endif
-# if defined(OpenBSD) && (OpenBSD >= 200110)
-#  define HAVE_SYSLOG_R
-# endif
-#endif
-
-#include <sys/types.h>
-#ifdef HAVE_CRYPTODEV
-# include <crypto/cryptodev.h>
-# include <sys/ioctl.h>
-# include <errno.h>
-# include <stdio.h>
-# include <unistd.h>
-# include <fcntl.h>
-# include <stdarg.h>
-# include <syslog.h>
-# include <errno.h>
-# include <string.h>
-#endif
-#include <openssl/dh.h>
-#include <openssl/dsa.h>
-#include <openssl/err.h>
-#include <openssl/rsa.h>
-
-#ifndef HAVE_CRYPTODEV
-
-void engine_load_cryptodev_int(void)
-{
-    /* This is a NOP on platforms without /dev/crypto */
-    return;
-}
-
-#else
-
-struct dev_crypto_state {
-    struct session_op d_sess;
-    int d_fd;
-# ifdef USE_CRYPTODEV_DIGESTS
-    char dummy_mac_key[HASH_MAX_LEN];
-    unsigned char digest_res[HASH_MAX_LEN];
-    char *mac_data;
-    int mac_len;
-# endif
-};
-
-static u_int32_t cryptodev_asymfeat = 0;
-
-static RSA_METHOD *cryptodev_rsa;
-#ifndef OPENSSL_NO_DSA
-static DSA_METHOD *cryptodev_dsa = NULL;
-#endif
-#ifndef OPENSSL_NO_DH
-static DH_METHOD *cryptodev_dh;
-#endif
-
-static int get_asym_dev_crypto(void);
-static int open_dev_crypto(void);
-static int get_dev_crypto(void);
-static int get_cryptodev_ciphers(const int **cnids);
-# ifdef USE_CRYPTODEV_DIGESTS
-static int get_cryptodev_digests(const int **cnids);
-# endif
-static int cryptodev_usable_ciphers(const int **nids);
-static int cryptodev_usable_digests(const int **nids);
-static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                            const unsigned char *in, size_t inl);
-static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-                              const unsigned char *iv, int enc);
-static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx);
-static int cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
-                                    const int **nids, int nid);
-static int cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
-                                    const int **nids, int nid);
-static int bn2crparam(const BIGNUM *a, struct crparam *crp);
-static int crparam2bn(struct crparam *crp, BIGNUM *a);
-static void zapparams(struct crypt_kop *kop);
-static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r,
-                          int slen, BIGNUM *s);
-
-static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a,
-                                const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
-                                BN_MONT_CTX *m_ctx);
-static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
-                                       BN_CTX *ctx);
-static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
-                                 BN_CTX *ctx);
-#ifndef OPENSSL_NO_DSA
-static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, const BIGNUM *a,
-                                    const BIGNUM *p, const BIGNUM *m,
-                                    BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, const BIGNUM *g,
-                                     const BIGNUM *u1, const BIGNUM *pub_key,
-                                     const BIGNUM *u2, const BIGNUM *p,
-                                     BN_CTX *ctx, BN_MONT_CTX *mont);
-static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
-                                      DSA *dsa);
-static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len,
-                                DSA_SIG *sig, DSA *dsa);
-#endif
-#ifndef OPENSSL_NO_DH
-static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
-                                const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
-                                BN_MONT_CTX *m_ctx);
-static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key,
-                                    DH *dh);
-#endif
-static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
-                          void (*f) (void));
-void engine_load_cryptodev_int(void);
-
-static const ENGINE_CMD_DEFN cryptodev_defns[] = {
-    {0, NULL, NULL, 0}
-};
-
-static struct {
-    int id;
-    int nid;
-    int ivmax;
-    int keylen;
-} ciphers[] = {
-    {
-        CRYPTO_ARC4, NID_rc4, 0, 16,
-    },
-    {
-        CRYPTO_DES_CBC, NID_des_cbc, 8, 8,
-    },
-    {
-        CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24,
-    },
-    {
-        CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16,
-    },
-    {
-        CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24,
-    },
-    {
-        CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32,
-    },
-# ifdef CRYPTO_AES_CTR
-    {
-        CRYPTO_AES_CTR, NID_aes_128_ctr, 14, 16,
-    },
-    {
-        CRYPTO_AES_CTR, NID_aes_192_ctr, 14, 24,
-    },
-    {
-        CRYPTO_AES_CTR, NID_aes_256_ctr, 14, 32,
-    },
-# endif
-    {
-        CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16,
-    },
-    {
-        CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16,
-    },
-    {
-        CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0,
-    },
-    {
-        0, NID_undef, 0, 0,
-    },
-};
-
-# ifdef USE_CRYPTODEV_DIGESTS
-static struct {
-    int id;
-    int nid;
-    int keylen;
-} digests[] = {
-    {
-        CRYPTO_MD5_HMAC, NID_hmacWithMD5, 16
-    },
-    {
-        CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20
-    },
-    {
-        CRYPTO_RIPEMD160_HMAC, NID_ripemd160, 16
-        /* ? */
-    },
-    {
-        CRYPTO_MD5_KPDK, NID_undef, 0
-    },
-    {
-        CRYPTO_SHA1_KPDK, NID_undef, 0
-    },
-    {
-        CRYPTO_MD5, NID_md5, 16
-    },
-    {
-        CRYPTO_SHA1, NID_sha1, 20
-    },
-    {
-        0, NID_undef, 0
-    },
-};
-# endif
-
-/*
- * Return a fd if /dev/crypto seems usable, 0 otherwise.
- */
-static int open_dev_crypto(void)
-{
-    static int fd = -1;
-
-    if (fd == -1) {
-        if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1)
-            return (-1);
-        /* close on exec */
-        if (fcntl(fd, F_SETFD, 1) == -1) {
-            close(fd);
-            fd = -1;
-            return (-1);
-        }
-    }
-    return (fd);
-}
-
-static int get_dev_crypto(void)
-{
-    int fd, retfd;
-
-    if ((fd = open_dev_crypto()) == -1)
-        return (-1);
-# ifndef CRIOGET_NOT_NEEDED
-    if (ioctl(fd, CRIOGET, &retfd) == -1)
-        return (-1);
-
-    /* close on exec */
-    if (fcntl(retfd, F_SETFD, 1) == -1) {
-        close(retfd);
-        return (-1);
-    }
-# else
-    retfd = fd;
-# endif
-    return (retfd);
-}
-
-static void put_dev_crypto(int fd)
-{
-# ifndef CRIOGET_NOT_NEEDED
-    close(fd);
-# endif
-}
-
-/* Caching version for asym operations */
-static int get_asym_dev_crypto(void)
-{
-    static int fd = -1;
-
-    if (fd == -1)
-        fd = get_dev_crypto();
-    return fd;
-}
-
-/*
- * Find out what ciphers /dev/crypto will let us have a session for.
- * XXX note, that some of these openssl doesn't deal with yet!
- * returning them here is harmless, as long as we return NULL
- * when asked for a handler in the cryptodev_engine_ciphers routine
- */
-static int get_cryptodev_ciphers(const int **cnids)
-{
-    static int nids[CRYPTO_ALGORITHM_MAX];
-    struct session_op sess;
-    int fd, i, count = 0;
-
-    if ((fd = get_dev_crypto()) < 0) {
-        *cnids = NULL;
-        return (0);
-    }
-    memset(&sess, 0, sizeof(sess));
-    sess.key = (caddr_t) "123456789abcdefghijklmno";
-
-    for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
-        if (ciphers[i].nid == NID_undef)
-            continue;
-        sess.cipher = ciphers[i].id;
-        sess.keylen = ciphers[i].keylen;
-        sess.mac = 0;
-        if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
-            ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
-            nids[count++] = ciphers[i].nid;
-    }
-    put_dev_crypto(fd);
-
-    if (count > 0)
-        *cnids = nids;
-    else
-        *cnids = NULL;
-    return (count);
-}
-
-# ifdef USE_CRYPTODEV_DIGESTS
-/*
- * Find out what digests /dev/crypto will let us have a session for.
- * XXX note, that some of these openssl doesn't deal with yet!
- * returning them here is harmless, as long as we return NULL
- * when asked for a handler in the cryptodev_engine_digests routine
- */
-static int get_cryptodev_digests(const int **cnids)
-{
-    static int nids[CRYPTO_ALGORITHM_MAX];
-    struct session_op sess;
-    int fd, i, count = 0;
-
-    if ((fd = get_dev_crypto()) < 0) {
-        *cnids = NULL;
-        return (0);
-    }
-    memset(&sess, 0, sizeof(sess));
-    sess.mackey = (caddr_t) "123456789abcdefghijklmno";
-    for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
-        if (digests[i].nid == NID_undef)
-            continue;
-        sess.mac = digests[i].id;
-        sess.mackeylen = digests[i].keylen;
-        sess.cipher = 0;
-        if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
-            ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
-            nids[count++] = digests[i].nid;
-    }
-    put_dev_crypto(fd);
-
-    if (count > 0)
-        *cnids = nids;
-    else
-        *cnids = NULL;
-    return (count);
-}
-# endif                         /* 0 */
-
-/*
- * Find the useable ciphers|digests from dev/crypto - this is the first
- * thing called by the engine init crud which determines what it
- * can use for ciphers from this engine. We want to return
- * only what we can do, anything else is handled by software.
- *
- * If we can't initialize the device to do anything useful for
- * any reason, we want to return a NULL array, and 0 length,
- * which forces everything to be done is software. By putting
- * the initialization of the device in here, we ensure we can
- * use this engine as the default, and if for whatever reason
- * /dev/crypto won't do what we want it will just be done in
- * software
- *
- * This can (should) be greatly expanded to perhaps take into
- * account speed of the device, and what we want to do.
- * (although the disabling of particular alg's could be controlled
- * by the device driver with sysctl's.) - this is where we
- * want most of the decisions made about what we actually want
- * to use from /dev/crypto.
- */
-static int cryptodev_usable_ciphers(const int **nids)
-{
-    return (get_cryptodev_ciphers(nids));
-}
-
-static int cryptodev_usable_digests(const int **nids)
-{
-# ifdef USE_CRYPTODEV_DIGESTS
-    return (get_cryptodev_digests(nids));
-# else
-    /*
-     * XXXX just disable all digests for now, because it sucks.
-     * we need a better way to decide this - i.e. I may not
-     * want digests on slow cards like hifn on fast machines,
-     * but might want them on slow or loaded machines, etc.
-     * will also want them when using crypto cards that don't
-     * suck moose gonads - would be nice to be able to decide something
-     * as reasonable default without having hackery that's card dependent.
-     * of course, the default should probably be just do everything,
-     * with perhaps a sysctl to turn algorithms off (or have them off
-     * by default) on cards that generally suck like the hifn.
-     */
-    *nids = NULL;
-    return (0);
-# endif
-}
-
-static int
-cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                 const unsigned char *in, size_t inl)
-{
-    struct crypt_op cryp;
-    struct dev_crypto_state *state = EVP_CIPHER_CTX_get_cipher_data(ctx);
-    struct session_op *sess = &state->d_sess;
-    const void *iiv;
-    unsigned char save_iv[EVP_MAX_IV_LENGTH];
-
-    if (state->d_fd < 0)
-        return (0);
-    if (!inl)
-        return (1);
-    if ((inl % EVP_CIPHER_CTX_block_size(ctx)) != 0)
-        return (0);
-
-    memset(&cryp, 0, sizeof(cryp));
-
-    cryp.ses = sess->ses;
-    cryp.flags = 0;
-    cryp.len = inl;
-    cryp.src = (caddr_t) in;
-    cryp.dst = (caddr_t) out;
-    cryp.mac = 0;
-
-    cryp.op = EVP_CIPHER_CTX_encrypting(ctx) ? COP_ENCRYPT : COP_DECRYPT;
-
-    if (EVP_CIPHER_CTX_iv_length(ctx) > 0) {
-        cryp.iv = (caddr_t) EVP_CIPHER_CTX_iv(ctx);
-        if (!EVP_CIPHER_CTX_encrypting(ctx)) {
-            iiv = in + inl - EVP_CIPHER_CTX_iv_length(ctx);
-            memcpy(save_iv, iiv, EVP_CIPHER_CTX_iv_length(ctx));
-        }
-    } else
-        cryp.iv = NULL;
-
-    if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) {
-        /*
-         * XXX need better error handling this can fail for a number of
-         * different reasons.
-         */
-        return (0);
-    }
-
-    if (EVP_CIPHER_CTX_iv_length(ctx) > 0) {
-        if (EVP_CIPHER_CTX_encrypting(ctx))
-            iiv = out + inl - EVP_CIPHER_CTX_iv_length(ctx);
-        else
-            iiv = save_iv;
-        memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iiv,
-               EVP_CIPHER_CTX_iv_length(ctx));
-    }
-    return (1);
-}
-
-static int
-cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-                   const unsigned char *iv, int enc)
-{
-    struct dev_crypto_state *state = EVP_CIPHER_CTX_get_cipher_data(ctx);
-    struct session_op *sess = &state->d_sess;
-    int cipher = -1, i;
-
-    for (i = 0; ciphers[i].id; i++)
-        if (EVP_CIPHER_CTX_nid(ctx) == ciphers[i].nid &&
-            EVP_CIPHER_CTX_iv_length(ctx) <= ciphers[i].ivmax &&
-            EVP_CIPHER_CTX_key_length(ctx) == ciphers[i].keylen) {
-            cipher = ciphers[i].id;
-            break;
-        }
-
-    if (!ciphers[i].id) {
-        state->d_fd = -1;
-        return (0);
-    }
-
-    memset(sess, 0, sizeof(*sess));
-
-    if ((state->d_fd = get_dev_crypto()) < 0)
-        return (0);
-
-    sess->key = (caddr_t) key;
-    sess->keylen = EVP_CIPHER_CTX_key_length(ctx);
-    sess->cipher = cipher;
-
-    if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
-        put_dev_crypto(state->d_fd);
-        state->d_fd = -1;
-        return (0);
-    }
-    return (1);
-}
-
-/*
- * free anything we allocated earlier when initing a
- * session, and close the session.
- */
-static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
-{
-    int ret = 0;
-    struct dev_crypto_state *state = EVP_CIPHER_CTX_get_cipher_data(ctx);
-    struct session_op *sess = &state->d_sess;
-
-    if (state->d_fd < 0)
-        return (0);
-
-    /*
-     * XXX if this ioctl fails, something's wrong. the invoker may have called
-     * us with a bogus ctx, or we could have a device that for whatever
-     * reason just doesn't want to play ball - it's not clear what's right
-     * here - should this be an error? should it just increase a counter,
-     * hmm. For right now, we return 0 - I don't believe that to be "right".
-     * we could call the gorpy openssl lib error handlers that print messages
-     * to users of the library. hmm..
-     */
-
-    if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) == -1) {
-        ret = 0;
-    } else {
-        ret = 1;
-    }
-    put_dev_crypto(state->d_fd);
-    state->d_fd = -1;
-
-    return (ret);
-}
-
-/*
- * libcrypto EVP stuff - this is how we get wired to EVP so the engine
- * gets called when libcrypto requests a cipher NID.
- */
-
-/* RC4 */
-static EVP_CIPHER *rc4_cipher = NULL;
-static const EVP_CIPHER *cryptodev_rc4(void)
-{
-    if (rc4_cipher == NULL) {
-        EVP_CIPHER *cipher;
-
-        if ((cipher = EVP_CIPHER_meth_new(NID_rc4, 1, 16)) == NULL
-            || !EVP_CIPHER_meth_set_iv_length(cipher, 0)
-            || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_VARIABLE_LENGTH)
-            || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
-            || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
-            || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
-            || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(struct dev_crypto_state))) {
-            EVP_CIPHER_meth_free(cipher);
-            cipher = NULL;
-        }
-        rc4_cipher = cipher;
-    }
-    return rc4_cipher;
-}
-
-/* DES CBC EVP */
-static EVP_CIPHER *des_cbc_cipher = NULL;
-static const EVP_CIPHER *cryptodev_des_cbc(void)
-{
-    if (des_cbc_cipher == NULL) {
-        EVP_CIPHER *cipher;
-
-        if ((cipher = EVP_CIPHER_meth_new(NID_des_cbc, 8, 8)) == NULL
-            || !EVP_CIPHER_meth_set_iv_length(cipher, 8)
-            || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CBC_MODE)
-            || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
-            || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
-            || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
-            || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(struct dev_crypto_state))
-            || !EVP_CIPHER_meth_set_set_asn1_params(cipher, EVP_CIPHER_set_asn1_iv)
-            || !EVP_CIPHER_meth_set_get_asn1_params(cipher, EVP_CIPHER_get_asn1_iv)) {
-            EVP_CIPHER_meth_free(cipher);
-            cipher = NULL;
-        }
-        des_cbc_cipher = cipher;
-    }
-    return des_cbc_cipher;
-}
-
-/* 3DES CBC EVP */
-static EVP_CIPHER *des3_cbc_cipher = NULL;
-static const EVP_CIPHER *cryptodev_3des_cbc(void)
-{
-    if (des3_cbc_cipher == NULL) {
-        EVP_CIPHER *cipher;
-
-        if ((cipher = EVP_CIPHER_meth_new(NID_des_ede3_cbc, 8, 24)) == NULL
-            || !EVP_CIPHER_meth_set_iv_length(cipher, 8)
-            || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CBC_MODE)
-            || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
-            || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
-            || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
-            || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(struct dev_crypto_state))
-            || !EVP_CIPHER_meth_set_set_asn1_params(cipher, EVP_CIPHER_set_asn1_iv)
-            || !EVP_CIPHER_meth_set_get_asn1_params(cipher, EVP_CIPHER_get_asn1_iv)) {
-            EVP_CIPHER_meth_free(cipher);
-            cipher = NULL;
-        }
-        des3_cbc_cipher = cipher;
-    }
-    return des3_cbc_cipher;
-}
-
-static EVP_CIPHER *bf_cbc_cipher = NULL;
-static const EVP_CIPHER *cryptodev_bf_cbc(void)
-{
-    if (bf_cbc_cipher == NULL) {
-        EVP_CIPHER *cipher;
-
-        if ((cipher = EVP_CIPHER_meth_new(NID_bf_cbc, 8, 16)) == NULL
-            || !EVP_CIPHER_meth_set_iv_length(cipher, 8)
-            || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CBC_MODE)
-            || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
-            || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
-            || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
-            || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(struct dev_crypto_state))
-            || !EVP_CIPHER_meth_set_set_asn1_params(cipher, EVP_CIPHER_set_asn1_iv)
-            || !EVP_CIPHER_meth_set_get_asn1_params(cipher, EVP_CIPHER_get_asn1_iv)) {
-            EVP_CIPHER_meth_free(cipher);
-            cipher = NULL;
-        }
-        bf_cbc_cipher = cipher;
-    }
-    return bf_cbc_cipher;
-}
-
-static EVP_CIPHER *cast_cbc_cipher = NULL;
-static const EVP_CIPHER *cryptodev_cast_cbc(void)
-{
-    if (cast_cbc_cipher == NULL) {
-        EVP_CIPHER *cipher;
-
-        if ((cipher = EVP_CIPHER_meth_new(NID_cast5_cbc, 8, 16)) == NULL
-            || !EVP_CIPHER_meth_set_iv_length(cipher, 8)
-            || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CBC_MODE)
-            || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
-            || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
-            || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
-            || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(struct dev_crypto_state))
-            || !EVP_CIPHER_meth_set_set_asn1_params(cipher, EVP_CIPHER_set_asn1_iv)
-            || !EVP_CIPHER_meth_set_get_asn1_params(cipher, EVP_CIPHER_get_asn1_iv)) {
-            EVP_CIPHER_meth_free(cipher);
-            cipher = NULL;
-        }
-        cast_cbc_cipher = cipher;
-    }
-    return cast_cbc_cipher;
-}
-
-static EVP_CIPHER *aes_cbc_cipher = NULL;
-static const EVP_CIPHER *cryptodev_aes_cbc(void)
-{
-    if (aes_cbc_cipher == NULL) {
-        EVP_CIPHER *cipher;
-
-        if ((cipher = EVP_CIPHER_meth_new(NID_aes_128_cbc, 16, 16)) == NULL
-            || !EVP_CIPHER_meth_set_iv_length(cipher, 16)
-            || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CBC_MODE)
-            || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
-            || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
-            || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
-            || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(struct dev_crypto_state))
-            || !EVP_CIPHER_meth_set_set_asn1_params(cipher, EVP_CIPHER_set_asn1_iv)
-            || !EVP_CIPHER_meth_set_get_asn1_params(cipher, EVP_CIPHER_get_asn1_iv)) {
-            EVP_CIPHER_meth_free(cipher);
-            cipher = NULL;
-        }
-        aes_cbc_cipher = cipher;
-    }
-    return aes_cbc_cipher;
-}
-
-static EVP_CIPHER *aes_192_cbc_cipher = NULL;
-static const EVP_CIPHER *cryptodev_aes_192_cbc(void)
-{
-    if (aes_192_cbc_cipher == NULL) {
-        EVP_CIPHER *cipher;
-
-        if ((cipher = EVP_CIPHER_meth_new(NID_aes_192_cbc, 16, 24)) == NULL
-            || !EVP_CIPHER_meth_set_iv_length(cipher, 16)
-            || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CBC_MODE)
-            || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
-            || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
-            || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
-            || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(struct dev_crypto_state))
-            || !EVP_CIPHER_meth_set_set_asn1_params(cipher, EVP_CIPHER_set_asn1_iv)
-            || !EVP_CIPHER_meth_set_get_asn1_params(cipher, EVP_CIPHER_get_asn1_iv)) {
-            EVP_CIPHER_meth_free(cipher);
-            cipher = NULL;
-        }
-        aes_192_cbc_cipher = cipher;
-    }
-    return aes_192_cbc_cipher;
-}
-
-static EVP_CIPHER *aes_256_cbc_cipher = NULL;
-static const EVP_CIPHER *cryptodev_aes_256_cbc(void)
-{
-    if (aes_256_cbc_cipher == NULL) {
-        EVP_CIPHER *cipher;
-
-        if ((cipher = EVP_CIPHER_meth_new(NID_aes_256_cbc, 16, 32)) == NULL
-            || !EVP_CIPHER_meth_set_iv_length(cipher, 16)
-            || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CBC_MODE)
-            || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
-            || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
-            || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
-            || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(struct dev_crypto_state))
-            || !EVP_CIPHER_meth_set_set_asn1_params(cipher, EVP_CIPHER_set_asn1_iv)
-            || !EVP_CIPHER_meth_set_get_asn1_params(cipher, EVP_CIPHER_get_asn1_iv)) {
-            EVP_CIPHER_meth_free(cipher);
-            cipher = NULL;
-        }
-        aes_256_cbc_cipher = cipher;
-    }
-    return aes_256_cbc_cipher;
-}
-
-# ifdef CRYPTO_AES_CTR
-static EVP_CIPHER *aes_ctr_cipher = NULL;
-static const EVP_CIPHER *cryptodev_aes_ctr(void)
-{
-    if (aes_ctr_cipher == NULL) {
-        EVP_CIPHER *cipher;
-
-        if ((cipher = EVP_CIPHER_meth_new(NID_aes_128_ctr, 16, 16)) == NULL
-            || !EVP_CIPHER_meth_set_iv_length(cipher, 14)
-            || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CTR_MODE)
-            || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
-            || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
-            || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
-            || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(struct dev_crypto_state))
-            || !EVP_CIPHER_meth_set_set_asn1_params(cipher, EVP_CIPHER_set_asn1_iv)
-            || !EVP_CIPHER_meth_set_get_asn1_params(cipher, EVP_CIPHER_get_asn1_iv)) {
-            EVP_CIPHER_meth_free(cipher);
-            cipher = NULL;
-        }
-        aes_ctr_cipher = cipher;
-    }
-    return aes_ctr_cipher;
-}
-
-static EVP_CIPHER *aes_192_ctr_cipher = NULL;
-static const EVP_CIPHER *cryptodev_aes_192_ctr(void)
-{
-    if (aes_192_ctr_cipher == NULL) {
-        EVP_CIPHER *cipher;
-
-        if ((cipher = EVP_CIPHER_meth_new(NID_aes_192_ctr, 16, 24)) == NULL
-            || !EVP_CIPHER_meth_set_iv_length(cipher, 14)
-            || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CTR_MODE)
-            || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
-            || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
-            || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
-            || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(struct dev_crypto_state))
-            || !EVP_CIPHER_meth_set_set_asn1_params(cipher, EVP_CIPHER_set_asn1_iv)
-            || !EVP_CIPHER_meth_set_get_asn1_params(cipher, EVP_CIPHER_get_asn1_iv)) {
-            EVP_CIPHER_meth_free(cipher);
-            cipher = NULL;
-        }
-        aes_192_ctr_cipher = cipher;
-    }
-    return aes_192_ctr_cipher;
-}
-
-static EVP_CIPHER *aes_256_ctr_cipher = NULL;
-static const EVP_CIPHER *cryptodev_aes_256_ctr(void)
-{
-    if (aes_256_ctr_cipher == NULL) {
-        EVP_CIPHER *cipher;
-
-        if ((cipher = EVP_CIPHER_meth_new(NID_aes_256_ctr, 16, 32)) == NULL
-            || !EVP_CIPHER_meth_set_iv_length(cipher, 14)
-            || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CTR_MODE)
-            || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
-            || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
-            || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
-            || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(struct dev_crypto_state))
-            || !EVP_CIPHER_meth_set_set_asn1_params(cipher, EVP_CIPHER_set_asn1_iv)
-            || !EVP_CIPHER_meth_set_get_asn1_params(cipher, EVP_CIPHER_get_asn1_iv)) {
-            EVP_CIPHER_meth_free(cipher);
-            cipher = NULL;
-        }
-        aes_256_ctr_cipher = cipher;
-    }
-    return aes_256_ctr_cipher;
-}
-# endif
-/*
- * Registered by the ENGINE when used to find out how to deal with
- * a particular NID in the ENGINE. this says what we'll do at the
- * top level - note, that list is restricted by what we answer with
- */
-static int
-cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
-                         const int **nids, int nid)
-{
-    if (!cipher)
-        return (cryptodev_usable_ciphers(nids));
-
-    switch (nid) {
-    case NID_rc4:
-        *cipher = cryptodev_rc4();
-        break;
-    case NID_des_ede3_cbc:
-        *cipher = cryptodev_3des_cbc();
-        break;
-    case NID_des_cbc:
-        *cipher = cryptodev_des_cbc();
-        break;
-    case NID_bf_cbc:
-        *cipher = cryptodev_bf_cbc();
-        break;
-    case NID_cast5_cbc:
-        *cipher = cryptodev_cast_cbc();
-        break;
-    case NID_aes_128_cbc:
-        *cipher = cryptodev_aes_cbc();
-        break;
-    case NID_aes_192_cbc:
-        *cipher = cryptodev_aes_192_cbc();
-        break;
-    case NID_aes_256_cbc:
-        *cipher = cryptodev_aes_256_cbc();
-        break;
-# ifdef CRYPTO_AES_CTR
-    case NID_aes_128_ctr:
-        *cipher = cryptodev_aes_ctr();
-        break;
-    case NID_aes_192_ctr:
-        *cipher = cryptodev_aes_192_ctr();
-        break;
-    case NID_aes_256_ctr:
-        *cipher = cryptodev_aes_256_ctr();
-        break;
-# endif
-    default:
-        *cipher = NULL;
-        break;
-    }
-    return (*cipher != NULL);
-}
-
-# ifdef USE_CRYPTODEV_DIGESTS
-
-/* convert digest type to cryptodev */
-static int digest_nid_to_cryptodev(int nid)
-{
-    int i;
-
-    for (i = 0; digests[i].id; i++)
-        if (digests[i].nid == nid)
-            return (digests[i].id);
-    return (0);
-}
-
-static int digest_key_length(int nid)
-{
-    int i;
-
-    for (i = 0; digests[i].id; i++)
-        if (digests[i].nid == nid)
-            return digests[i].keylen;
-    return (0);
-}
-
-static int cryptodev_digest_init(EVP_MD_CTX *ctx)
-{
-    struct dev_crypto_state *state = EVP_MD_CTX_md_data(ctx);
-    struct session_op *sess = &state->d_sess;
-    int digest;
-
-    if ((digest = digest_nid_to_cryptodev(EVP_MD_CTX_type(ctx))) == NID_undef) {
-        printf("cryptodev_digest_init: Can't get digest \n");
-        return (0);
-    }
-
-    memset(state, 0, sizeof(*state));
-
-    if ((state->d_fd = get_dev_crypto()) < 0) {
-        printf("cryptodev_digest_init: Can't get Dev \n");
-        return (0);
-    }
-
-    sess->mackey = state->dummy_mac_key;
-    sess->mackeylen = digest_key_length(EVP_MD_CTX_type(ctx));
-    sess->mac = digest;
-
-    if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
-        put_dev_crypto(state->d_fd);
-        state->d_fd = -1;
-        printf("cryptodev_digest_init: Open session failed\n");
-        return (0);
-    }
-
-    return (1);
-}
-
-static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
-                                   size_t count)
-{
-    struct crypt_op cryp;
-    struct dev_crypto_state *state = EVP_MD_CTX_md_data(ctx);
-    struct session_op *sess = &state->d_sess;
-    char *new_mac_data;
-
-    if (!data || state->d_fd < 0) {
-        printf("cryptodev_digest_update: illegal inputs \n");
-        return (0);
-    }
-
-    if (!count) {
-        return (0);
-    }
-
-    if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_ONESHOT)) {
-        /* if application doesn't support one buffer */
-        new_mac_data =
-            OPENSSL_realloc(state->mac_data, state->mac_len + count);
-
-        if (!new_mac_data) {
-            printf("cryptodev_digest_update: realloc failed\n");
-            return (0);
-        }
-        state->mac_data = new_mac_data;
-
-        memcpy(state->mac_data + state->mac_len, data, count);
-        state->mac_len += count;
-
-        return (1);
-    }
-
-    memset(&cryp, 0, sizeof(cryp));
-
-    cryp.ses = sess->ses;
-    cryp.flags = 0;
-    cryp.len = count;
-    cryp.src = (caddr_t) data;
-    cryp.dst = NULL;
-    cryp.mac = (caddr_t) state->digest_res;
-    if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
-        printf("cryptodev_digest_update: digest failed\n");
-        return (0);
-    }
-    return (1);
-}
-
-static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
-{
-    struct crypt_op cryp;
-    struct dev_crypto_state *state = EVP_MD_CTX_md_data(ctx);
-    struct session_op *sess = &state->d_sess;
-
-    int ret = 1;
-
-    if (!md || state->d_fd < 0) {
-        printf("cryptodev_digest_final: illegal input\n");
-        return (0);
-    }
-
-    if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_ONESHOT)) {
-        /* if application doesn't support one buffer */
-        memset(&cryp, 0, sizeof(cryp));
-        cryp.ses = sess->ses;
-        cryp.flags = 0;
-        cryp.len = state->mac_len;
-        cryp.src = state->mac_data;
-        cryp.dst = NULL;
-        cryp.mac = (caddr_t) md;
-        if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
-            printf("cryptodev_digest_final: digest failed\n");
-            return (0);
-        }
-
-        return 1;
-    }
-
-    memcpy(md, state->digest_res, EVP_MD_CTX_size(ctx));
-
-    return (ret);
-}
-
-static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
-{
-    int ret = 1;
-    struct dev_crypto_state *state = EVP_MD_CTX_md_data(ctx);
-    struct session_op *sess = &state->d_sess;
-
-    if (state == NULL)
-        return 0;
-
-    if (state->d_fd < 0) {
-        printf("cryptodev_digest_cleanup: illegal input\n");
-        return (0);
-    }
-
-    OPENSSL_free(state->mac_data);
-    state->mac_data = NULL;
-    state->mac_len = 0;
-
-    if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
-        printf("cryptodev_digest_cleanup: failed to close session\n");
-        ret = 0;
-    } else {
-        ret = 1;
-    }
-    put_dev_crypto(state->d_fd);
-    state->d_fd = -1;
-
-    return (ret);
-}
-
-static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
-{
-    struct dev_crypto_state *fstate = EVP_MD_CTX_md_data(from);
-    struct dev_crypto_state *dstate = EVP_MD_CTX_md_data(to);
-    struct session_op *sess;
-    int digest;
-
-    if (dstate == NULL || fstate == NULL)
-        return 1;
-
-    memcpy(dstate, fstate, sizeof(struct dev_crypto_state));
-
-    sess = &dstate->d_sess;
-
-    digest = digest_nid_to_cryptodev(EVP_MD_CTX_type(to));
-
-    sess->mackey = dstate->dummy_mac_key;
-    sess->mackeylen = digest_key_length(EVP_MD_CTX_type(to));
-    sess->mac = digest;
-
-    dstate->d_fd = get_dev_crypto();
-
-    if (ioctl(dstate->d_fd, CIOCGSESSION, sess) < 0) {
-        put_dev_crypto(dstate->d_fd);
-        dstate->d_fd = -1;
-        printf("cryptodev_digest_copy: Open session failed\n");
-        return (0);
-    }
-
-    if (fstate->mac_len != 0) {
-        if (fstate->mac_data != NULL) {
-            dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
-            if (dstate->mac_data == NULL) {
-                printf("cryptodev_digest_copy: mac_data allocation failed\n");
-                return (0);
-            }
-            memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len);
-            dstate->mac_len = fstate->mac_len;
-        }
-    }
-
-    return 1;
-}
-
-static EVP_MD *sha1_md = NULL;
-static const EVP_MD *cryptodev_sha1(void)
-{
-    if (sha1_md == NULL) {
-        EVP_MD *md;
-
-        if ((md = EVP_MD_meth_new(NID_sha1, NID_undef)) == NULL
-            || !EVP_MD_meth_set_result_size(md, SHA_DIGEST_LENGTH)
-            || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_ONESHOT)
-            || !EVP_MD_meth_set_input_blocksize(md, SHA_CBLOCK)
-            || !EVP_MD_meth_set_app_datasize(md,
-                                             sizeof(struct dev_crypto_state))
-            || !EVP_MD_meth_set_init(md, cryptodev_digest_init)
-            || !EVP_MD_meth_set_update(md, cryptodev_digest_update)
-            || !EVP_MD_meth_set_final(md, cryptodev_digest_final)
-            || !EVP_MD_meth_set_copy(md, cryptodev_digest_copy)
-            || !EVP_MD_meth_set_cleanup(md, cryptodev_digest_cleanup)) {
-            EVP_MD_meth_free(md);
-            md = NULL;
-        }
-        sha1_md = md;
-    }
-    return sha1_md;
-}
-
-static EVP_MD *md5_md = NULL;
-static const EVP_MD *cryptodev_md5(void)
-{
-    if (md5_md == NULL) {
-        EVP_MD *md;
-
-        if ((md = EVP_MD_meth_new(NID_md5, NID_undef)) == NULL
-            || !EVP_MD_meth_set_result_size(md, 16 /* MD5_DIGEST_LENGTH */)
-            || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_ONESHOT)
-            || !EVP_MD_meth_set_input_blocksize(md, 64 /* MD5_CBLOCK */)
-            || !EVP_MD_meth_set_app_datasize(md,
-                                             sizeof(struct dev_crypto_state))
-            || !EVP_MD_meth_set_init(md, cryptodev_digest_init)
-            || !EVP_MD_meth_set_update(md, cryptodev_digest_update)
-            || !EVP_MD_meth_set_final(md, cryptodev_digest_final)
-            || !EVP_MD_meth_set_copy(md, cryptodev_digest_copy)
-            || !EVP_MD_meth_set_cleanup(md, cryptodev_digest_cleanup)) {
-            EVP_MD_meth_free(md);
-            md = NULL;
-        }
-        md5_md = md;
-    }
-    return md5_md;
-}
-
-# endif                         /* USE_CRYPTODEV_DIGESTS */
-
-static int
-cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
-                         const int **nids, int nid)
-{
-    if (!digest)
-        return (cryptodev_usable_digests(nids));
-
-    switch (nid) {
-# ifdef USE_CRYPTODEV_DIGESTS
-    case NID_md5:
-        *digest = cryptodev_md5();
-        break;
-    case NID_sha1:
-        *digest = cryptodev_sha1();
-        break;
-    default:
-# endif                         /* USE_CRYPTODEV_DIGESTS */
-        *digest = NULL;
-        break;
-    }
-    return (*digest != NULL);
-}
-
-static int cryptodev_engine_destroy(ENGINE *e)
-{
-    EVP_CIPHER_meth_free(rc4_cipher);
-    rc4_cipher = NULL;
-    EVP_CIPHER_meth_free(des_cbc_cipher);
-    des_cbc_cipher = NULL;
-    EVP_CIPHER_meth_free(des3_cbc_cipher);
-    des3_cbc_cipher = NULL;
-    EVP_CIPHER_meth_free(bf_cbc_cipher);
-    bf_cbc_cipher = NULL;
-    EVP_CIPHER_meth_free(cast_cbc_cipher);
-    cast_cbc_cipher = NULL;
-    EVP_CIPHER_meth_free(aes_cbc_cipher);
-    aes_cbc_cipher = NULL;
-    EVP_CIPHER_meth_free(aes_192_cbc_cipher);
-    aes_192_cbc_cipher = NULL;
-    EVP_CIPHER_meth_free(aes_256_cbc_cipher);
-    aes_256_cbc_cipher = NULL;
-# ifdef CRYPTO_AES_CTR
-    EVP_CIPHER_meth_free(aes_ctr_cipher);
-    aes_ctr_cipher = NULL;
-    EVP_CIPHER_meth_free(aes_192_ctr_cipher);
-    aes_192_ctr_cipher = NULL;
-    EVP_CIPHER_meth_free(aes_256_ctr_cipher);
-    aes_256_ctr_cipher = NULL;
-# endif
-# ifdef USE_CRYPTODEV_DIGESTS
-    EVP_MD_meth_free(sha1_md);
-    sha1_md = NULL;
-    EVP_MD_meth_free(md5_md);
-    md5_md = NULL;
-# endif
-    RSA_meth_free(cryptodev_rsa);
-    cryptodev_rsa = NULL;
-#ifndef OPENSSL_NO_DSA
-    DSA_meth_free(cryptodev_dsa);
-    cryptodev_dsa = NULL;
-#endif
-#ifndef OPENSSL_NO_DH
-    DH_meth_free(cryptodev_dh);
-    cryptodev_dh = NULL;
-#endif
-    return 1;
-}
-
-/*
- * Convert a BIGNUM to the representation that /dev/crypto needs.
- * Upon completion of use, the caller is responsible for freeing
- * crp->crp_p.
- */
-static int bn2crparam(const BIGNUM *a, struct crparam *crp)
-{
-    ssize_t bytes, bits;
-    u_char *b;
-
-    crp->crp_p = NULL;
-    crp->crp_nbits = 0;
-
-    bits = BN_num_bits(a);
-    bytes = BN_num_bytes(a);
-
-    b = OPENSSL_zalloc(bytes);
-    if (b == NULL)
-        return (1);
-
-    crp->crp_p = (caddr_t) b;
-    crp->crp_nbits = bits;
-
-    BN_bn2bin(a, b);
-    return (0);
-}
-
-/* Convert a /dev/crypto parameter to a BIGNUM */
-static int crparam2bn(struct crparam *crp, BIGNUM *a)
-{
-    u_int8_t *pd;
-    int i, bytes;
-
-    bytes = (crp->crp_nbits + 7) / 8;
-
-    if (bytes == 0)
-        return (-1);
-
-    if ((pd = OPENSSL_malloc(bytes)) == NULL)
-        return (-1);
-
-    for (i = 0; i < bytes; i++)
-        pd[i] = crp->crp_p[bytes - i - 1];
-
-    BN_bin2bn(pd, bytes, a);
-    free(pd);
-
-    return (0);
-}
-
-static void zapparams(struct crypt_kop *kop)
-{
-    int i;
-
-    for (i = 0; i < kop->crk_iparams + kop->crk_oparams; i++) {
-        OPENSSL_free(kop->crk_param[i].crp_p);
-        kop->crk_param[i].crp_p = NULL;
-        kop->crk_param[i].crp_nbits = 0;
-    }
-}
-
-static int
-cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
-               BIGNUM *s)
-{
-    int fd, ret = -1;
-
-    if ((fd = get_asym_dev_crypto()) < 0)
-        return ret;
-
-    if (r) {
-        kop->crk_param[kop->crk_iparams].crp_p = OPENSSL_zalloc(rlen);
-        if (kop->crk_param[kop->crk_iparams].crp_p == NULL)
-            return ret;
-        kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
-        kop->crk_oparams++;
-    }
-    if (s) {
-        kop->crk_param[kop->crk_iparams + 1].crp_p =
-            OPENSSL_zalloc(slen);
-        /* No need to free the kop->crk_iparams parameter if it was allocated,
-         * callers of this routine have to free allocated parameters through
-         * zapparams both in case of success and failure
-         */
-        if (kop->crk_param[kop->crk_iparams+1].crp_p == NULL)
-            return ret;
-        kop->crk_param[kop->crk_iparams + 1].crp_nbits = slen * 8;
-        kop->crk_oparams++;
-    }
-
-    if (ioctl(fd, CIOCKEY, kop) == 0) {
-        if (r)
-            crparam2bn(&kop->crk_param[kop->crk_iparams], r);
-        if (s)
-            crparam2bn(&kop->crk_param[kop->crk_iparams + 1], s);
-        ret = 0;
-    }
-
-    return ret;
-}
-
-static int
-cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                     const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
-{
-    struct crypt_kop kop;
-    int ret = 1;
-
-    /*
-     * Currently, we know we can do mod exp iff we can do any asymmetric
-     * operations at all.
-     */
-    if (cryptodev_asymfeat == 0) {
-        ret = BN_mod_exp(r, a, p, m, ctx);
-        return (ret);
-    }
-
-    memset(&kop, 0, sizeof(kop));
-    kop.crk_op = CRK_MOD_EXP;
-
-    /* inputs: a^p % m */
-    if (bn2crparam(a, &kop.crk_param[0]))
-        goto err;
-    if (bn2crparam(p, &kop.crk_param[1]))
-        goto err;
-    if (bn2crparam(m, &kop.crk_param[2]))
-        goto err;
-    kop.crk_iparams = 3;
-
-    if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL)) {
-        const RSA_METHOD *meth = RSA_PKCS1_OpenSSL();
-        printf("OCF asym process failed, Running in software\n");
-        ret = RSA_meth_get_bn_mod_exp(meth)(r, a, p, m, ctx, in_mont);
-
-    } else if (ECANCELED == kop.crk_status) {
-        const RSA_METHOD *meth = RSA_PKCS1_OpenSSL();
-        printf("OCF hardware operation cancelled. Running in Software\n");
-        ret = RSA_meth_get_bn_mod_exp(meth)(r, a, p, m, ctx, in_mont);
-    }
-    /* else cryptodev operation worked ok ==> ret = 1 */
-
- err:
-    zapparams(&kop);
-    return (ret);
-}
-
-static int
-cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
-                            BN_CTX *ctx)
-{
-    int r;
-    const BIGNUM *n = NULL;
-    const BIGNUM *d = NULL;
-
-    ctx = BN_CTX_new();
-    RSA_get0_key(rsa, &n, NULL, &d);
-    r = cryptodev_bn_mod_exp(r0, I, d, n, ctx, NULL);
-    BN_CTX_free(ctx);
-    return (r);
-}
-
-static int
-cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
-{
-    struct crypt_kop kop;
-    int ret = 1;
-    const BIGNUM *p = NULL;
-    const BIGNUM *q = NULL;
-    const BIGNUM *dmp1 = NULL;
-    const BIGNUM *dmq1 = NULL;
-    const BIGNUM *iqmp = NULL;
-    const BIGNUM *n = NULL;
-
-    RSA_get0_factors(rsa, &p, &q);
-    RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
-    RSA_get0_key(rsa, &n, NULL, NULL);
-
-    if (!p || !q || !dmp1 || !dmq1 || !iqmp) {
-        /* XXX 0 means failure?? */
-        return (0);
-    }
-
-    memset(&kop, 0, sizeof(kop));
-    kop.crk_op = CRK_MOD_EXP_CRT;
-    /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
-    if (bn2crparam(p, &kop.crk_param[0]))
-        goto err;
-    if (bn2crparam(q, &kop.crk_param[1]))
-        goto err;
-    if (bn2crparam(I, &kop.crk_param[2]))
-        goto err;
-    if (bn2crparam(dmp1, &kop.crk_param[3]))
-        goto err;
-    if (bn2crparam(dmq1, &kop.crk_param[4]))
-        goto err;
-    if (bn2crparam(iqmp, &kop.crk_param[5]))
-        goto err;
-    kop.crk_iparams = 6;
-
-    if (cryptodev_asym(&kop, BN_num_bytes(n), r0, 0, NULL)) {
-        const RSA_METHOD *meth = RSA_PKCS1_OpenSSL();
-        printf("OCF asym process failed, running in Software\n");
-        ret = RSA_meth_get_mod_exp(meth)(r0, I, rsa, ctx);
-
-    } else if (ECANCELED == kop.crk_status) {
-        const RSA_METHOD *meth = RSA_PKCS1_OpenSSL();
-        printf("OCF hardware operation cancelled. Running in Software\n");
-        ret = RSA_meth_get_mod_exp(meth)(r0, I, rsa, ctx);
-    }
-    /* else cryptodev operation worked ok ==> ret = 1 */
-
- err:
-    zapparams(&kop);
-    return (ret);
-}
-
-#ifndef OPENSSL_NO_DSA
-static int
-cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                         const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
-{
-    return cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx);
-}
-
-static int
-cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, const BIGNUM *g,
-                          const BIGNUM *u1, const BIGNUM *pub_key,
-                          const BIGNUM *u2, const BIGNUM *p, BN_CTX *ctx,
-                          BN_MONT_CTX *mont)
-{
-    const BIGNUM *dsag, *dsap, *dsapub_key;
-    BIGNUM *t2;
-    int ret = 0;
-    const DSA_METHOD *meth;
-    int (*bn_mod_exp)(DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *,
-                      BN_CTX *, BN_MONT_CTX *);
-
-    t2 = BN_new();
-    if (t2 == NULL)
-        goto err;
-
-    /* v = ( g^u1 * y^u2 mod p ) mod q */
-    /* let t1 = g ^ u1 mod p */
-    ret = 0;
-
-    DSA_get0_pqg(dsa, &dsap, NULL, &dsag);
-    DSA_get0_key(dsa, &dsapub_key, NULL);
-
-    meth = DSA_get_method(dsa);
-    if (meth == NULL)
-        goto err;
-    bn_mod_exp = DSA_meth_get_bn_mod_exp(meth);
-    if (bn_mod_exp == NULL)
-        goto err;
-
-    if (!bn_mod_exp(dsa, t1, dsag, u1, dsap, ctx, mont))
-        goto err;
-
-    /* let t2 = y ^ u2 mod p */
-    if (!bn_mod_exp(dsa, t2, dsapub_key, u2, dsap, ctx, mont))
-        goto err;
-    /* let t1 = t1 * t2 mod p */
-    if (!BN_mod_mul(t1, t1, t2, dsap, ctx))
-        goto err;
-
-    ret = 1;
- err:
-    BN_free(t2);
-    return (ret);
-}
-
-static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
-                                      DSA *dsa)
-{
-    struct crypt_kop kop;
-    BIGNUM *r, *s;
-    const BIGNUM *dsap = NULL, *dsaq = NULL, *dsag = NULL;
-    const BIGNUM *priv_key = NULL;
-    DSA_SIG *dsasig, *dsaret = NULL;
-
-    dsasig = DSA_SIG_new();
-    if (dsasig == NULL)
-        goto err;
-
-    memset(&kop, 0, sizeof(kop));
-    kop.crk_op = CRK_DSA_SIGN;
-
-    /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
-    kop.crk_param[0].crp_p = (caddr_t) dgst;
-    kop.crk_param[0].crp_nbits = dlen * 8;
-    DSA_get0_pqg(dsa, &dsap, &dsaq, &dsag);
-    DSA_get0_key(dsa, NULL, &priv_key);
-    if (bn2crparam(dsap, &kop.crk_param[1]))
-        goto err;
-    if (bn2crparam(dsaq, &kop.crk_param[2]))
-        goto err;
-    if (bn2crparam(dsag, &kop.crk_param[3]))
-        goto err;
-    if (bn2crparam(priv_key, &kop.crk_param[4]))
-        goto err;
-    kop.crk_iparams = 5;
-
-    r = BN_new();
-    if (r == NULL)
-        goto err;
-    s = BN_new();
-    if (s == NULL)
-        goto err;
-    if (cryptodev_asym(&kop, BN_num_bytes(dsaq), r,
-                       BN_num_bytes(dsaq), s) == 0) {
-        DSA_SIG_set0(dsasig, r, s);
-        dsaret = dsasig;
-    } else {
-        dsaret = DSA_meth_get_sign(DSA_OpenSSL())(dgst, dlen, dsa);
-    }
- err:
-    if (dsaret != dsasig)
-        DSA_SIG_free(dsasig);
-    kop.crk_param[0].crp_p = NULL;
-    zapparams(&kop);
-    return dsaret;
-}
-
-static int
-cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
-                     DSA_SIG *sig, DSA *dsa)
-{
-    struct crypt_kop kop;
-    int dsaret = 1;
-    const BIGNUM *pr, *ps, *p = NULL, *q = NULL, *g = NULL, *pub_key = NULL;
-
-    memset(&kop, 0, sizeof(kop));
-    kop.crk_op = CRK_DSA_VERIFY;
-
-    /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
-    kop.crk_param[0].crp_p = (caddr_t) dgst;
-    kop.crk_param[0].crp_nbits = dlen * 8;
-    DSA_get0_pqg(dsa, &p, &q, &g);
-    if (bn2crparam(p, &kop.crk_param[1]))
-        goto err;
-    if (bn2crparam(q, &kop.crk_param[2]))
-        goto err;
-    if (bn2crparam(g, &kop.crk_param[3]))
-        goto err;
-    DSA_get0_key(dsa, &pub_key, NULL);
-    if (bn2crparam(pub_key, &kop.crk_param[4]))
-        goto err;
-    DSA_SIG_get0(sig, &pr, &ps);
-    if (bn2crparam(pr, &kop.crk_param[5]))
-        goto err;
-    if (bn2crparam(ps, &kop.crk_param[6]))
-        goto err;
-    kop.crk_iparams = 7;
-
-    if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
-        /*
-         * OCF success value is 0, if not zero, change dsaret to fail
-         */
-        if (0 != kop.crk_status)
-            dsaret = 0;
-    } else {
-        dsaret = DSA_meth_get_verify(DSA_OpenSSL())(dgst, dlen, sig, dsa);
-    }
- err:
-    kop.crk_param[0].crp_p = NULL;
-    zapparams(&kop);
-    return (dsaret);
-}
-#endif
-
-#ifndef OPENSSL_NO_DH
-static int
-cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
-                     const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
-                     BN_MONT_CTX *m_ctx)
-{
-    return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
-}
-
-static int
-cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
-{
-    struct crypt_kop kop;
-    int dhret = 1;
-    int fd, keylen;
-    const BIGNUM *p = NULL;
-    const BIGNUM *priv_key = NULL;
-
-    if ((fd = get_asym_dev_crypto()) < 0) {
-        const DH_METHOD *meth = DH_OpenSSL();
-
-        return DH_meth_get_compute_key(meth)(key, pub_key, dh);
-    }
-
-    DH_get0_pqg(dh, &p, NULL, NULL);
-    DH_get0_key(dh, NULL, &priv_key);
-
-    keylen = BN_num_bits(p);
-
-    memset(&kop, 0, sizeof(kop));
-    kop.crk_op = CRK_DH_COMPUTE_KEY;
-
-    /* inputs: dh->priv_key pub_key dh->p key */
-    if (bn2crparam(priv_key, &kop.crk_param[0]))
-        goto err;
-    if (bn2crparam(pub_key, &kop.crk_param[1]))
-        goto err;
-    if (bn2crparam(p, &kop.crk_param[2]))
-        goto err;
-    kop.crk_iparams = 3;
-
-    kop.crk_param[3].crp_p = (caddr_t) key;
-    kop.crk_param[3].crp_nbits = keylen * 8;
-    kop.crk_oparams = 1;
-
-    if (ioctl(fd, CIOCKEY, &kop) == -1) {
-        const DH_METHOD *meth = DH_OpenSSL();
-
-        dhret = DH_meth_get_compute_key(meth)(key, pub_key, dh);
-    }
- err:
-    kop.crk_param[3].crp_p = NULL;
-    zapparams(&kop);
-    return (dhret);
-}
-
-#endif /* ndef OPENSSL_NO_DH */
-
-/*
- * ctrl right now is just a wrapper that doesn't do much
- * but I expect we'll want some options soon.
- */
-static int
-cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
-{
-# ifdef HAVE_SYSLOG_R
-    struct syslog_data sd = SYSLOG_DATA_INIT;
-# endif
-
-    switch (cmd) {
-    default:
-# ifdef HAVE_SYSLOG_R
-        syslog_r(LOG_ERR, &sd, "cryptodev_ctrl: unknown command %d", cmd);
-# else
-        syslog(LOG_ERR, "cryptodev_ctrl: unknown command %d", cmd);
-# endif
-        break;
-    }
-    return (1);
-}
-
-void engine_load_cryptodev_int(void)
-{
-    ENGINE *engine = ENGINE_new();
-    int fd;
-
-    if (engine == NULL)
-        return;
-    if ((fd = get_dev_crypto()) < 0) {
-        ENGINE_free(engine);
-        return;
-    }
-
-    /*
-     * find out what asymmetric crypto algorithms we support
-     */
-    if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
-        put_dev_crypto(fd);
-        ENGINE_free(engine);
-        return;
-    }
-    put_dev_crypto(fd);
-
-    if (!ENGINE_set_id(engine, "cryptodev") ||
-        !ENGINE_set_name(engine, "BSD cryptodev engine") ||
-        !ENGINE_set_destroy_function(engine, cryptodev_engine_destroy) ||
-        !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
-        !ENGINE_set_digests(engine, cryptodev_engine_digests) ||
-        !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) ||
-        !ENGINE_set_cmd_defns(engine, cryptodev_defns)) {
-        ENGINE_free(engine);
-        return;
-    }
-
-    cryptodev_rsa = RSA_meth_dup(RSA_PKCS1_OpenSSL());
-    if (cryptodev_rsa != NULL) {
-        RSA_meth_set1_name(cryptodev_rsa, "cryptodev RSA method");
-        RSA_meth_set_flags(cryptodev_rsa, 0);
-        if (ENGINE_set_RSA(engine, cryptodev_rsa)) {
-            if (cryptodev_asymfeat & CRF_MOD_EXP) {
-                RSA_meth_set_bn_mod_exp(cryptodev_rsa, cryptodev_bn_mod_exp);
-                if (cryptodev_asymfeat & CRF_MOD_EXP_CRT)
-                    RSA_meth_set_mod_exp(cryptodev_rsa, cryptodev_rsa_mod_exp);
-                else
-                    RSA_meth_set_mod_exp(cryptodev_rsa,
-                                         cryptodev_rsa_nocrt_mod_exp);
-            }
-        }
-    } else {
-        ENGINE_free(engine);
-        return;
-    }
-
-#ifndef OPENSSL_NO_DSA
-    cryptodev_dsa = DSA_meth_dup(DSA_OpenSSL());
-    if (cryptodev_dsa != NULL) {
-        DSA_meth_set1_name(cryptodev_dsa, "cryptodev DSA method");
-        DSA_meth_set_flags(cryptodev_dsa, 0);
-        if (ENGINE_set_DSA(engine, cryptodev_dsa)) {
-            if (cryptodev_asymfeat & CRF_DSA_SIGN)
-                DSA_meth_set_sign(cryptodev_dsa, cryptodev_dsa_do_sign);
-            if (cryptodev_asymfeat & CRF_MOD_EXP) {
-                DSA_meth_set_bn_mod_exp(cryptodev_dsa,
-                                        cryptodev_dsa_bn_mod_exp);
-                DSA_meth_set_mod_exp(cryptodev_dsa, cryptodev_dsa_dsa_mod_exp);
-            }
-            if (cryptodev_asymfeat & CRF_DSA_VERIFY)
-                DSA_meth_set_verify(cryptodev_dsa, cryptodev_dsa_verify);
-        }
-    } else {
-        ENGINE_free(engine);
-        return;
-    }
-#endif
-
-#ifndef OPENSSL_NO_DH
-    cryptodev_dh = DH_meth_dup(DH_OpenSSL());
-    if (cryptodev_dh != NULL) {
-        DH_meth_set1_name(cryptodev_dh, "cryptodev DH method");
-        DH_meth_set_flags(cryptodev_dh, 0);
-        if (ENGINE_set_DH(engine, cryptodev_dh)) {
-            if (cryptodev_asymfeat & CRF_MOD_EXP) {
-                DH_meth_set_bn_mod_exp(cryptodev_dh, cryptodev_mod_exp_dh);
-                if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY)
-                    DH_meth_set_compute_key(cryptodev_dh,
-                                            cryptodev_dh_compute_key);
-            }
-        }
-    } else {
-        ENGINE_free(engine);
-        return;
-    }
-#endif
-
-    ENGINE_add(engine);
-    ENGINE_free(engine);
-    ERR_clear_error();
-}
-
-#endif                          /* HAVE_CRYPTODEV */
diff --git a/deps/openssl/openssl/crypto/engine/eng_ctrl.c b/deps/openssl/openssl/crypto/engine/eng_ctrl.c
index 7925f4fadf..3bc4aab16f 100644
--- a/deps/openssl/openssl/crypto/engine/eng_ctrl.c
+++ b/deps/openssl/openssl/crypto/engine/eng_ctrl.c
@@ -63,6 +63,8 @@ static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p,
 {
     int idx;
     char *s = (char *)p;
+    const ENGINE_CMD_DEFN *cdp;
+
     /* Take care of the easy one first (eg. it requires no searches) */
     if (cmd == ENGINE_CTRL_GET_FIRST_CMD_TYPE) {
         if ((e->cmd_defns == NULL) || int_ctrl_cmd_is_null(e->cmd_defns))
@@ -91,39 +93,29 @@ static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p,
      * For the rest of the commands, the 'long' argument must specify a valid
      * command number - so we need to conduct a search.
      */
-    if ((e->cmd_defns == NULL) || ((idx = int_ctrl_cmd_by_num(e->cmd_defns,
-                                                              (unsigned int)
-                                                              i)) < 0)) {
+    if ((e->cmd_defns == NULL)
+        || ((idx = int_ctrl_cmd_by_num(e->cmd_defns, (unsigned int)i)) < 0)) {
         ENGINEerr(ENGINE_F_INT_CTRL_HELPER, ENGINE_R_INVALID_CMD_NUMBER);
         return -1;
     }
     /* Now the logic splits depending on command type */
+    cdp = &e->cmd_defns[idx];
     switch (cmd) {
     case ENGINE_CTRL_GET_NEXT_CMD_TYPE:
-        idx++;
-        if (int_ctrl_cmd_is_null(e->cmd_defns + idx))
-            /* end-of-list */
-            return 0;
-        else
-            return e->cmd_defns[idx].cmd_num;
+        cdp++;
+        return int_ctrl_cmd_is_null(cdp) ? 0 : cdp->cmd_num;
     case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
-        return strlen(e->cmd_defns[idx].cmd_name);
+        return strlen(cdp->cmd_name);
     case ENGINE_CTRL_GET_NAME_FROM_CMD:
-        return BIO_snprintf(s, strlen(e->cmd_defns[idx].cmd_name) + 1,
-                            "%s", e->cmd_defns[idx].cmd_name);
+        return strlen(strcpy(s, cdp->cmd_name));
     case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
-        if (e->cmd_defns[idx].cmd_desc)
-            return strlen(e->cmd_defns[idx].cmd_desc);
-        return strlen(int_no_description);
+        return strlen(cdp->cmd_desc == NULL ? int_no_description
+                                            : cdp->cmd_desc);
     case ENGINE_CTRL_GET_DESC_FROM_CMD:
-        if (e->cmd_defns[idx].cmd_desc)
-            return BIO_snprintf(s,
-                                strlen(e->cmd_defns[idx].cmd_desc) + 1,
-                                "%s", e->cmd_defns[idx].cmd_desc);
-        return BIO_snprintf(s, strlen(int_no_description) + 1, "%s",
-                            int_no_description);
+        return strlen(strcpy(s, cdp->cmd_desc == NULL ? int_no_description
+                                                      : cdp->cmd_desc));
     case ENGINE_CTRL_GET_CMD_FLAGS:
-        return e->cmd_defns[idx].cmd_flags;
+        return cdp->cmd_flags;
     }
     /* Shouldn't really be here ... */
     ENGINEerr(ENGINE_F_INT_CTRL_HELPER, ENGINE_R_INTERNAL_LIST_ERROR);
diff --git a/deps/openssl/openssl/crypto/engine/eng_devcrypto.c b/deps/openssl/openssl/crypto/engine/eng_devcrypto.c
new file mode 100644
index 0000000000..4a0ba09a38
--- /dev/null
+++ b/deps/openssl/openssl/crypto/engine/eng_devcrypto.c
@@ -0,0 +1,688 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <sys/ioctl.h>
+#include <unistd.h>
+#include <assert.h>
+
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <openssl/engine.h>
+#include <openssl/objects.h>
+#include <crypto/cryptodev.h>
+
+#include "internal/engine.h"
+
+#ifdef CRYPTO_ALGORITHM_MIN
+# define CHECK_BSD_STYLE_MACROS
+#endif
+
+/*
+ * ONE global file descriptor for all sessions.  This allows operations
+ * such as digest session data copying (see digest_copy()), but is also
+ * saner...  why re-open /dev/crypto for every session?
+ */
+static int cfd;
+
+/******************************************************************************
+ *
+ * Ciphers
+ *
+ * Because they all do the same basic operation, we have only one set of
+ * method functions for them all to share, and a mapping table between
+ * NIDs and cryptodev IDs, with all the necessary size data.
+ *
+ *****/
+
+struct cipher_ctx {
+    struct session_op sess;
+
+    /* to pass from init to do_cipher */
+    const unsigned char *iv;
+    int op;                      /* COP_ENCRYPT or COP_DECRYPT */
+};
+
+static const struct cipher_data_st {
+    int nid;
+    int blocksize;
+    int keylen;
+    int ivlen;
+    int flags;
+    int devcryptoid;
+} cipher_data[] = {
+#ifndef OPENSSL_NO_DES
+    { NID_des_cbc, 8, 8, 8, EVP_CIPH_CBC_MODE, CRYPTO_DES_CBC },
+    { NID_des_ede3_cbc, 8, 24, 8, EVP_CIPH_CBC_MODE, CRYPTO_3DES_CBC },
+#endif
+#ifndef OPENSSL_NO_BF
+    { NID_bf_cbc, 8, 16, 8, EVP_CIPH_CBC_MODE, CRYPTO_BLF_CBC },
+#endif
+#ifndef OPENSSL_NO_CAST
+    { NID_cast5_cbc, 8, 16, 8, EVP_CIPH_CBC_MODE, CRYPTO_CAST_CBC },
+#endif
+    { NID_aes_128_cbc, 16, 128 / 8, 16, EVP_CIPH_CBC_MODE, CRYPTO_AES_CBC },
+    { NID_aes_192_cbc, 16, 192 / 8, 16, EVP_CIPH_CBC_MODE, CRYPTO_AES_CBC },
+    { NID_aes_256_cbc, 16, 256 / 8, 16, EVP_CIPH_CBC_MODE, CRYPTO_AES_CBC },
+#ifndef OPENSSL_NO_RC4
+    { NID_rc4, 1, 16, 0, EVP_CIPH_STREAM_CIPHER, CRYPTO_ARC4 },
+#endif
+#if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_AES_CTR)
+    { NID_aes_128_ctr, 16, 128 / 8, 16, EVP_CIPH_CTR_MODE, CRYPTO_AES_CTR },
+    { NID_aes_192_ctr, 16, 192 / 8, 16, EVP_CIPH_CTR_MODE, CRYPTO_AES_CTR },
+    { NID_aes_256_ctr, 16, 256 / 8, 16, EVP_CIPH_CTR_MODE, CRYPTO_AES_CTR },
+#endif
+#if 0                            /* Not yet supported */
+    { NID_aes_128_xts, 16, 128 / 8 * 2, 16, EVP_CIPH_XTS_MODE, CRYPTO_AES_XTS },
+    { NID_aes_256_xts, 16, 256 / 8 * 2, 16, EVP_CIPH_XTS_MODE, CRYPTO_AES_XTS },
+#endif
+#if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_AES_ECB)
+    { NID_aes_128_ecb, 16, 128 / 8, 16, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB },
+    { NID_aes_192_ecb, 16, 192 / 8, 16, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB },
+    { NID_aes_256_ecb, 16, 256 / 8, 16, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB },
+#endif
+#if 0                            /* Not yet supported */
+    { NID_aes_128_gcm, 16, 128 / 8, 16, EVP_CIPH_GCM_MODE, CRYPTO_AES_GCM },
+    { NID_aes_192_gcm, 16, 192 / 8, 16, EVP_CIPH_GCM_MODE, CRYPTO_AES_GCM },
+    { NID_aes_256_gcm, 16, 256 / 8, 16, EVP_CIPH_GCM_MODE, CRYPTO_AES_GCM },
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+    { NID_camellia_128_cbc, 16, 128 / 8, 16, EVP_CIPH_CBC_MODE,
+      CRYPTO_CAMELLIA_CBC },
+    { NID_camellia_192_cbc, 16, 192 / 8, 16, EVP_CIPH_CBC_MODE,
+      CRYPTO_CAMELLIA_CBC },
+    { NID_camellia_256_cbc, 16, 256 / 8, 16, EVP_CIPH_CBC_MODE,
+      CRYPTO_CAMELLIA_CBC },
+#endif
+};
+
+static size_t get_cipher_data_index(int nid)
+{
+    size_t i;
+
+    for (i = 0; i < OSSL_NELEM(cipher_data); i++)
+        if (nid == cipher_data[i].nid)
+            return i;
+
+    /*
+     * Code further down must make sure that only NIDs in the table above
+     * are used.  If any other NID reaches this function, there's a grave
+     * coding error further down.
+     */
+    assert("Code that never should be reached" == NULL);
+    return -1;
+}
+
+static const struct cipher_data_st *get_cipher_data(int nid)
+{
+    return &cipher_data[get_cipher_data_index(nid)];
+}
+
+/*
+ * Following are the three necessary functions to map OpenSSL functionality
+ * with cryptodev.
+ */
+
+static int cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                       const unsigned char *iv, int enc)
+{
+    struct cipher_ctx *cipher_ctx =
+        (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
+    const struct cipher_data_st *cipher_d =
+        get_cipher_data(EVP_CIPHER_CTX_nid(ctx));
+
+    memset(&cipher_ctx->sess, 0, sizeof(cipher_ctx->sess));
+    cipher_ctx->sess.cipher = cipher_d->devcryptoid;
+    cipher_ctx->sess.keylen = cipher_d->keylen;
+    cipher_ctx->sess.key = (void *)key;
+    cipher_ctx->op = enc ? COP_ENCRYPT : COP_DECRYPT;
+    if (ioctl(cfd, CIOCGSESSION, &cipher_ctx->sess) < 0) {
+        SYSerr(SYS_F_IOCTL, errno);
+        return 0;
+    }
+
+    return 1;
+}
+
+static int cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                            const unsigned char *in, size_t inl)
+{
+    struct cipher_ctx *cipher_ctx =
+        (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
+    struct crypt_op cryp;
+#if !defined(COP_FLAG_WRITE_IV)
+    unsigned char saved_iv[EVP_MAX_IV_LENGTH];
+#endif
+
+    memset(&cryp, 0, sizeof(cryp));
+    cryp.ses = cipher_ctx->sess.ses;
+    cryp.len = inl;
+    cryp.src = (void *)in;
+    cryp.dst = (void *)out;
+    cryp.iv = (void *)EVP_CIPHER_CTX_iv_noconst(ctx);
+    cryp.op = cipher_ctx->op;
+#if !defined(COP_FLAG_WRITE_IV)
+    cryp.flags = 0;
+
+    if (EVP_CIPHER_CTX_iv_length(ctx) > 0) {
+        assert(inl >= EVP_CIPHER_CTX_iv_length(ctx));
+        if (!EVP_CIPHER_CTX_encrypting(ctx)) {
+            unsigned char *ivptr = in + inl - EVP_CIPHER_CTX_iv_length(ctx);
+
+            memcpy(saved_iv, ivptr, EVP_CIPHER_CTX_iv_length(ctx));
+        }
+    }
+#else
+    cryp.flags = COP_FLAG_WRITE_IV;
+#endif
+
+    if (ioctl(cfd, CIOCCRYPT, &cryp) < 0) {
+        SYSerr(SYS_F_IOCTL, errno);
+        return 0;
+    }
+
+#if !defined(COP_FLAG_WRITE_IV)
+    if (EVP_CIPHER_CTX_iv_length(ctx) > 0) {
+        unsigned char *ivptr = saved_iv;
+
+        assert(inl >= EVP_CIPHER_CTX_iv_length(ctx));
+        if (!EVP_CIPHER_CTX_encrypting(ctx))
+            ivptr = out + inl - EVP_CIPHER_CTX_iv_length(ctx);
+
+        memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), ivptr,
+               EVP_CIPHER_CTX_iv_length(ctx));
+    }
+#endif
+
+    return 1;
+}
+
+static int cipher_cleanup(EVP_CIPHER_CTX *ctx)
+{
+    struct cipher_ctx *cipher_ctx =
+        (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
+
+    if (ioctl(cfd, CIOCFSESSION, &cipher_ctx->sess.ses) < 0) {
+        SYSerr(SYS_F_IOCTL, errno);
+        return 0;
+    }
+
+    return 1;
+}
+
+/*
+ * Keep a table of known nids and associated methods.
+ * Note that known_cipher_nids[] isn't necessarily indexed the same way as
+ * cipher_data[] above, which known_cipher_methods[] is.
+ */
+static int known_cipher_nids[OSSL_NELEM(cipher_data)];
+static int known_cipher_nids_amount = -1; /* -1 indicates not yet initialised */
+static EVP_CIPHER *known_cipher_methods[OSSL_NELEM(cipher_data)] = { NULL, };
+
+static void prepare_cipher_methods(void)
+{
+    size_t i;
+    struct session_op sess;
+
+    memset(&sess, 0, sizeof(sess));
+    sess.key = (void *)"01234567890123456789012345678901234567890123456789";
+
+    for (i = 0, known_cipher_nids_amount = 0;
+         i < OSSL_NELEM(cipher_data); i++) {
+
+        /*
+         * Check that the algo is really availably by trying to open and close
+         * a session.
+         */
+        sess.cipher = cipher_data[i].devcryptoid;
+        sess.keylen = cipher_data[i].keylen;
+        if (ioctl(cfd, CIOCGSESSION, &sess) < 0
+            || ioctl(cfd, CIOCFSESSION, &sess.ses) < 0)
+            continue;
+
+        if ((known_cipher_methods[i] =
+                 EVP_CIPHER_meth_new(cipher_data[i].nid,
+                                     cipher_data[i].blocksize,
+                                     cipher_data[i].keylen)) == NULL
+            || !EVP_CIPHER_meth_set_iv_length(known_cipher_methods[i],
+                                              cipher_data[i].ivlen)
+            || !EVP_CIPHER_meth_set_flags(known_cipher_methods[i],
+                                          cipher_data[i].flags
+                                          | EVP_CIPH_FLAG_DEFAULT_ASN1)
+            || !EVP_CIPHER_meth_set_init(known_cipher_methods[i], cipher_init)
+            || !EVP_CIPHER_meth_set_do_cipher(known_cipher_methods[i],
+                                              cipher_do_cipher)
+            || !EVP_CIPHER_meth_set_cleanup(known_cipher_methods[i],
+                                            cipher_cleanup)
+            || !EVP_CIPHER_meth_set_impl_ctx_size(known_cipher_methods[i],
+                                                  sizeof(struct cipher_ctx))) {
+            EVP_CIPHER_meth_free(known_cipher_methods[i]);
+            known_cipher_methods[i] = NULL;
+        } else {
+            known_cipher_nids[known_cipher_nids_amount++] =
+                cipher_data[i].nid;
+        }
+    }
+}
+
+static const EVP_CIPHER *get_cipher_method(int nid)
+{
+    size_t i = get_cipher_data_index(nid);
+
+    if (i == (size_t)-1)
+        return NULL;
+    return known_cipher_methods[i];
+}
+
+static int get_cipher_nids(const int **nids)
+{
+    *nids = known_cipher_nids;
+    return known_cipher_nids_amount;
+}
+
+static void destroy_cipher_method(int nid)
+{
+    size_t i = get_cipher_data_index(nid);
+
+    EVP_CIPHER_meth_free(known_cipher_methods[i]);
+    known_cipher_methods[i] = NULL;
+}
+
+static void destroy_all_cipher_methods(void)
+{
+    size_t i;
+
+    for (i = 0; i < OSSL_NELEM(cipher_data); i++)
+        destroy_cipher_method(cipher_data[i].nid);
+}
+
+static int devcrypto_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+                             const int **nids, int nid)
+{
+    if (cipher == NULL)
+        return get_cipher_nids(nids);
+
+    *cipher = get_cipher_method(nid);
+
+    return *cipher != NULL;
+}
+
+/*
+ * We only support digests if the cryptodev implementation supports multiple
+ * data updates and session copying.  Otherwise, we would be forced to maintain
+ * a cache, which is perilous if there's a lot of data coming in (if someone
+ * wants to checksum an OpenSSL tarball, for example).
+ */
+#if defined(CIOCCPHASH) && defined(COP_FLAG_UPDATE) && defined(COP_FLAG_FINAL)
+#define IMPLEMENT_DIGEST
+
+/******************************************************************************
+ *
+ * Digests
+ *
+ * Because they all do the same basic operation, we have only one set of
+ * method functions for them all to share, and a mapping table between
+ * NIDs and cryptodev IDs, with all the necessary size data.
+ *
+ *****/
+
+struct digest_ctx {
+    struct session_op sess;
+    int init;
+};
+
+static const struct digest_data_st {
+    int nid;
+    int digestlen;
+    int devcryptoid;
+} digest_data[] = {
+#ifndef OPENSSL_NO_MD5
+    { NID_md5, 16, CRYPTO_MD5 },
+#endif
+    { NID_sha1, 20, CRYPTO_SHA1 },
+#ifndef OPENSSL_NO_RMD160
+# if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_RIPEMD160)
+    { NID_ripemd160, 20, CRYPTO_RIPEMD160 },
+# endif
+#endif
+#if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_SHA2_224)
+    { NID_sha224, 224 / 8, CRYPTO_SHA2_224 },
+#endif
+#if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_SHA2_256)
+    { NID_sha256, 256 / 8, CRYPTO_SHA2_256 },
+#endif
+#if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_SHA2_384)
+    { NID_sha384, 384 / 8, CRYPTO_SHA2_384 },
+#endif
+#if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_SHA2_512)
+    { NID_sha512, 512 / 8, CRYPTO_SHA2_512 },
+#endif
+};
+
+static size_t get_digest_data_index(int nid)
+{
+    size_t i;
+
+    for (i = 0; i < OSSL_NELEM(digest_data); i++)
+        if (nid == digest_data[i].nid)
+            return i;
+
+    /*
+     * Code further down must make sure that only NIDs in the table above
+     * are used.  If any other NID reaches this function, there's a grave
+     * coding error further down.
+     */
+    assert("Code that never should be reached" == NULL);
+    return -1;
+}
+
+static const struct digest_data_st *get_digest_data(int nid)
+{
+    return &digest_data[get_digest_data_index(nid)];
+}
+
+/*
+ * Following are the four necessary functions to map OpenSSL functionality
+ * with cryptodev.
+ */
+
+static int digest_init(EVP_MD_CTX *ctx)
+{
+    struct digest_ctx *digest_ctx =
+        (struct digest_ctx *)EVP_MD_CTX_md_data(ctx);
+    const struct digest_data_st *digest_d =
+        get_digest_data(EVP_MD_CTX_type(ctx));
+
+    digest_ctx->init = 1;
+
+    memset(&digest_ctx->sess, 0, sizeof(digest_ctx->sess));
+    digest_ctx->sess.mac = digest_d->devcryptoid;
+    if (ioctl(cfd, CIOCGSESSION, &digest_ctx->sess) < 0) {
+        SYSerr(SYS_F_IOCTL, errno);
+        return 0;
+    }
+
+    return 1;
+}
+
+static int digest_op(struct digest_ctx *ctx, const void *src, size_t srclen,
+                     void *res, unsigned int flags)
+{
+    struct crypt_op cryp;
+
+    memset(&cryp, 0, sizeof(cryp));
+    cryp.ses = ctx->sess.ses;
+    cryp.len = srclen;
+    cryp.src = (void *)src;
+    cryp.dst = NULL;
+    cryp.mac = res;
+    cryp.flags = flags;
+    return ioctl(cfd, CIOCCRYPT, &cryp);
+}
+
+static int digest_update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    struct digest_ctx *digest_ctx =
+        (struct digest_ctx *)EVP_MD_CTX_md_data(ctx);
+
+    if (count == 0)
+        return 1;
+
+    if (digest_op(digest_ctx, data, count, NULL, COP_FLAG_UPDATE) < 0) {
+        SYSerr(SYS_F_IOCTL, errno);
+        return 0;
+    }
+
+    return 1;
+}
+
+static int digest_final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    struct digest_ctx *digest_ctx =
+        (struct digest_ctx *)EVP_MD_CTX_md_data(ctx);
+
+    if (digest_op(digest_ctx, NULL, 0, md, COP_FLAG_FINAL) < 0) {
+        SYSerr(SYS_F_IOCTL, errno);
+        return 0;
+    }
+    if (ioctl(cfd, CIOCFSESSION, &digest_ctx->sess.ses) < 0) {
+        SYSerr(SYS_F_IOCTL, errno);
+        return 0;
+    }
+
+    return 1;
+}
+
+static int digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
+{
+    struct digest_ctx *digest_from =
+        (struct digest_ctx *)EVP_MD_CTX_md_data(from);
+    struct digest_ctx *digest_to =
+        (struct digest_ctx *)EVP_MD_CTX_md_data(to);
+    struct cphash_op cphash;
+
+    if (digest_from == NULL)
+        return 1;
+
+    if (digest_from->init != 1) {
+        SYSerr(SYS_F_IOCTL, EINVAL);
+        return 0;
+    }
+
+    if (!digest_init(to)) {
+        SYSerr(SYS_F_IOCTL, errno);
+        return 0;
+    }
+
+    cphash.src_ses = digest_from->sess.ses;
+    cphash.dst_ses = digest_to->sess.ses;
+    if (ioctl(cfd, CIOCCPHASH, &cphash) < 0) {
+        SYSerr(SYS_F_IOCTL, errno);
+        return 0;
+    }
+    return 1;
+}
+
+static int digest_cleanup(EVP_MD_CTX *ctx)
+{
+    return 1;
+}
+
+/*
+ * Keep a table of known nids and associated methods.
+ * Note that known_digest_nids[] isn't necessarily indexed the same way as
+ * digest_data[] above, which known_digest_methods[] is.
+ */
+static int known_digest_nids[OSSL_NELEM(digest_data)];
+static int known_digest_nids_amount = -1; /* -1 indicates not yet initialised */
+static EVP_MD *known_digest_methods[OSSL_NELEM(digest_data)] = { NULL, };
+
+static void prepare_digest_methods(void)
+{
+    size_t i;
+    struct session_op sess;
+
+    memset(&sess, 0, sizeof(sess));
+
+    for (i = 0, known_digest_nids_amount = 0; i < OSSL_NELEM(digest_data);
+         i++) {
+
+        /*
+         * Check that the algo is really availably by trying to open and close
+         * a session.
+         */
+        sess.mac = digest_data[i].devcryptoid;
+        if (ioctl(cfd, CIOCGSESSION, &sess) < 0
+            || ioctl(cfd, CIOCFSESSION, &sess.ses) < 0)
+            continue;
+
+        if ((known_digest_methods[i] = EVP_MD_meth_new(digest_data[i].nid,
+                                                       NID_undef)) == NULL
+            || !EVP_MD_meth_set_result_size(known_digest_methods[i],
+                                            digest_data[i].digestlen)
+            || !EVP_MD_meth_set_init(known_digest_methods[i], digest_init)
+            || !EVP_MD_meth_set_update(known_digest_methods[i], digest_update)
+            || !EVP_MD_meth_set_final(known_digest_methods[i], digest_final)
+            || !EVP_MD_meth_set_copy(known_digest_methods[i], digest_copy)
+            || !EVP_MD_meth_set_cleanup(known_digest_methods[i], digest_cleanup)
+            || !EVP_MD_meth_set_app_datasize(known_digest_methods[i],
+                                             sizeof(struct digest_ctx))) {
+            EVP_MD_meth_free(known_digest_methods[i]);
+            known_digest_methods[i] = NULL;
+        } else {
+            known_digest_nids[known_digest_nids_amount++] = digest_data[i].nid;
+        }
+    }
+}
+
+static const EVP_MD *get_digest_method(int nid)
+{
+    size_t i = get_digest_data_index(nid);
+
+    if (i == (size_t)-1)
+        return NULL;
+    return known_digest_methods[i];
+}
+
+static int get_digest_nids(const int **nids)
+{
+    *nids = known_digest_nids;
+    return known_digest_nids_amount;
+}
+
+static void destroy_digest_method(int nid)
+{
+    size_t i = get_digest_data_index(nid);
+
+    EVP_MD_meth_free(known_digest_methods[i]);
+    known_digest_methods[i] = NULL;
+}
+
+static void destroy_all_digest_methods(void)
+{
+    size_t i;
+
+    for (i = 0; i < OSSL_NELEM(digest_data); i++)
+        destroy_digest_method(digest_data[i].nid);
+}
+
+static int devcrypto_digests(ENGINE *e, const EVP_MD **digest,
+                             const int **nids, int nid)
+{
+    if (digest == NULL)
+        return get_digest_nids(nids);
+
+    *digest = get_digest_method(nid);
+
+    return *digest != NULL;
+}
+
+#endif
+
+/******************************************************************************
+ *
+ * LOAD / UNLOAD
+ *
+ *****/
+
+static int devcrypto_unload(ENGINE *e)
+{
+    destroy_all_cipher_methods();
+#ifdef IMPLEMENT_DIGEST
+    destroy_all_digest_methods();
+#endif
+
+    close(cfd);
+
+    return 1;
+}
+/*
+ * This engine is always built into libcrypto, so it doesn't offer any
+ * ability to be dynamically loadable.
+ */
+void engine_load_devcrypto_int()
+{
+    ENGINE *e = NULL;
+
+    if ((cfd = open("/dev/crypto", O_RDWR, 0)) < 0) {
+        fprintf(stderr, "Could not open /dev/crypto: %s\n", strerror(errno));
+        return;
+    }
+
+    prepare_cipher_methods();
+#ifdef IMPLEMENT_DIGEST
+    prepare_digest_methods();
+#endif
+
+    if ((e = ENGINE_new()) == NULL
+        || !ENGINE_set_destroy_function(e, devcrypto_unload)) {
+        ENGINE_free(e);
+        /*
+         * We know that devcrypto_unload() won't be called when one of the
+         * above two calls have failed, so we close cfd explicitly here to
+         * avoid leaking resources.
+         */
+        close(cfd);
+        return;
+    }
+
+    if (!ENGINE_set_id(e, "devcrypto")
+        || !ENGINE_set_name(e, "/dev/crypto engine")
+
+/*
+ * Asymmetric ciphers aren't well supported with /dev/crypto.  Among the BSD
+ * implementations, it seems to only exist in FreeBSD, and regarding the
+ * parameters in its crypt_kop, the manual crypto(4) has this to say:
+ *
+ *    The semantics of these arguments are currently undocumented.
+ *
+ * Reading through the FreeBSD source code doesn't give much more than
+ * their CRK_MOD_EXP implementation for ubsec.
+ *
+ * It doesn't look much better with cryptodev-linux.  They have the crypt_kop
+ * structure as well as the command (CRK_*) in cryptodev.h, but no support
+ * seems to be implemented at all for the moment.
+ *
+ * At the time of writing, it seems impossible to write proper support for
+ * FreeBSD's asym features without some very deep knowledge and access to
+ * specific kernel modules.
+ *
+ * /Richard Levitte, 2017-05-11
+ */
+#if 0
+# ifndef OPENSSL_NO_RSA
+        || !ENGINE_set_RSA(e, devcrypto_rsa)
+# endif
+# ifndef OPENSSL_NO_DSA
+        || !ENGINE_set_DSA(e, devcrypto_dsa)
+# endif
+# ifndef OPENSSL_NO_DH
+        || !ENGINE_set_DH(e, devcrypto_dh)
+# endif
+# ifndef OPENSSL_NO_EC
+        || !ENGINE_set_EC(e, devcrypto_ec)
+# endif
+#endif
+        || !ENGINE_set_ciphers(e, devcrypto_ciphers)
+#ifdef IMPLEMENT_DIGEST
+        || !ENGINE_set_digests(e, devcrypto_digests)
+#endif
+        ) {
+        ENGINE_free(e);
+        return;
+    }
+
+    ENGINE_add(e);
+    ENGINE_free(e);          /* Loose our local reference */
+    ERR_clear_error();
+}
diff --git a/deps/openssl/openssl/crypto/engine/eng_err.c b/deps/openssl/openssl/crypto/engine/eng_err.c
index 5e9d16f3cd..bd1aefa185 100644
--- a/deps/openssl/openssl/crypto/engine/eng_err.c
+++ b/deps/openssl/openssl/crypto/engine/eng_err.c
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -8,103 +8,135 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
 #include <openssl/err.h>
-#include <openssl/engine.h>
+#include <openssl/engineerr.h>
 
-/* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_ENGINE,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_ENGINE,0,reason)
-
-static ERR_STRING_DATA ENGINE_str_functs[] = {
-    {ERR_FUNC(ENGINE_F_DYNAMIC_CTRL), "dynamic_ctrl"},
-    {ERR_FUNC(ENGINE_F_DYNAMIC_GET_DATA_CTX), "dynamic_get_data_ctx"},
-    {ERR_FUNC(ENGINE_F_DYNAMIC_LOAD), "dynamic_load"},
-    {ERR_FUNC(ENGINE_F_DYNAMIC_SET_DATA_CTX), "dynamic_set_data_ctx"},
-    {ERR_FUNC(ENGINE_F_ENGINE_ADD), "ENGINE_add"},
-    {ERR_FUNC(ENGINE_F_ENGINE_BY_ID), "ENGINE_by_id"},
-    {ERR_FUNC(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE), "ENGINE_cmd_is_executable"},
-    {ERR_FUNC(ENGINE_F_ENGINE_CTRL), "ENGINE_ctrl"},
-    {ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD), "ENGINE_ctrl_cmd"},
-    {ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD_STRING), "ENGINE_ctrl_cmd_string"},
-    {ERR_FUNC(ENGINE_F_ENGINE_FINISH), "ENGINE_finish"},
-    {ERR_FUNC(ENGINE_F_ENGINE_GET_CIPHER), "ENGINE_get_cipher"},
-    {ERR_FUNC(ENGINE_F_ENGINE_GET_DIGEST), "ENGINE_get_digest"},
-    {ERR_FUNC(ENGINE_F_ENGINE_GET_FIRST), "ENGINE_get_first"},
-    {ERR_FUNC(ENGINE_F_ENGINE_GET_LAST), "ENGINE_get_last"},
-    {ERR_FUNC(ENGINE_F_ENGINE_GET_NEXT), "ENGINE_get_next"},
-    {ERR_FUNC(ENGINE_F_ENGINE_GET_PKEY_ASN1_METH),
+static const ERR_STRING_DATA ENGINE_str_functs[] = {
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_DIGEST_UPDATE, 0), "digest_update"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_DYNAMIC_CTRL, 0), "dynamic_ctrl"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_DYNAMIC_GET_DATA_CTX, 0),
+     "dynamic_get_data_ctx"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_DYNAMIC_LOAD, 0), "dynamic_load"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_DYNAMIC_SET_DATA_CTX, 0),
+     "dynamic_set_data_ctx"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_ADD, 0), "ENGINE_add"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_BY_ID, 0), "ENGINE_by_id"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_CMD_IS_EXECUTABLE, 0),
+     "ENGINE_cmd_is_executable"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_CTRL, 0), "ENGINE_ctrl"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_CTRL_CMD, 0), "ENGINE_ctrl_cmd"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_CTRL_CMD_STRING, 0),
+     "ENGINE_ctrl_cmd_string"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_FINISH, 0), "ENGINE_finish"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_GET_CIPHER, 0),
+     "ENGINE_get_cipher"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_GET_DIGEST, 0),
+     "ENGINE_get_digest"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_GET_FIRST, 0),
+     "ENGINE_get_first"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_GET_LAST, 0), "ENGINE_get_last"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_GET_NEXT, 0), "ENGINE_get_next"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_GET_PKEY_ASN1_METH, 0),
      "ENGINE_get_pkey_asn1_meth"},
-    {ERR_FUNC(ENGINE_F_ENGINE_GET_PKEY_METH), "ENGINE_get_pkey_meth"},
-    {ERR_FUNC(ENGINE_F_ENGINE_GET_PREV), "ENGINE_get_prev"},
-    {ERR_FUNC(ENGINE_F_ENGINE_INIT), "ENGINE_init"},
-    {ERR_FUNC(ENGINE_F_ENGINE_LIST_ADD), "engine_list_add"},
-    {ERR_FUNC(ENGINE_F_ENGINE_LIST_REMOVE), "engine_list_remove"},
-    {ERR_FUNC(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY), "ENGINE_load_private_key"},
-    {ERR_FUNC(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY), "ENGINE_load_public_key"},
-    {ERR_FUNC(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT),
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_GET_PKEY_METH, 0),
+     "ENGINE_get_pkey_meth"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_GET_PREV, 0), "ENGINE_get_prev"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_INIT, 0), "ENGINE_init"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_LIST_ADD, 0), "engine_list_add"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_LIST_REMOVE, 0),
+     "engine_list_remove"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_LOAD_PRIVATE_KEY, 0),
+     "ENGINE_load_private_key"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, 0),
+     "ENGINE_load_public_key"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT, 0),
      "ENGINE_load_ssl_client_cert"},
-    {ERR_FUNC(ENGINE_F_ENGINE_NEW), "ENGINE_new"},
-    {ERR_FUNC(ENGINE_F_ENGINE_PKEY_ASN1_FIND_STR),
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_NEW, 0), "ENGINE_new"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_PKEY_ASN1_FIND_STR, 0),
      "ENGINE_pkey_asn1_find_str"},
-    {ERR_FUNC(ENGINE_F_ENGINE_REMOVE), "ENGINE_remove"},
-    {ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_STRING),
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_REMOVE, 0), "ENGINE_remove"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_SET_DEFAULT_STRING, 0),
      "ENGINE_set_default_string"},
-    {ERR_FUNC(ENGINE_F_ENGINE_SET_ID), "ENGINE_set_id"},
-    {ERR_FUNC(ENGINE_F_ENGINE_SET_NAME), "ENGINE_set_name"},
-    {ERR_FUNC(ENGINE_F_ENGINE_TABLE_REGISTER), "engine_table_register"},
-    {ERR_FUNC(ENGINE_F_ENGINE_UNLOCKED_FINISH), "engine_unlocked_finish"},
-    {ERR_FUNC(ENGINE_F_ENGINE_UP_REF), "ENGINE_up_ref"},
-    {ERR_FUNC(ENGINE_F_INT_CTRL_HELPER), "int_ctrl_helper"},
-    {ERR_FUNC(ENGINE_F_INT_ENGINE_CONFIGURE), "int_engine_configure"},
-    {ERR_FUNC(ENGINE_F_INT_ENGINE_MODULE_INIT), "int_engine_module_init"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_SET_ID, 0), "ENGINE_set_id"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_SET_NAME, 0), "ENGINE_set_name"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_TABLE_REGISTER, 0),
+     "engine_table_register"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_UNLOCKED_FINISH, 0),
+     "engine_unlocked_finish"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_UP_REF, 0), "ENGINE_up_ref"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_INT_CLEANUP_ITEM, 0),
+     "int_cleanup_item"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_INT_CTRL_HELPER, 0), "int_ctrl_helper"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_INT_ENGINE_CONFIGURE, 0),
+     "int_engine_configure"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_INT_ENGINE_MODULE_INIT, 0),
+     "int_engine_module_init"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_OSSL_HMAC_INIT, 0), "ossl_hmac_init"},
     {0, NULL}
 };
 
-static ERR_STRING_DATA ENGINE_str_reasons[] = {
-    {ERR_REASON(ENGINE_R_ALREADY_LOADED), "already loaded"},
-    {ERR_REASON(ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER),
-     "argument is not a number"},
-    {ERR_REASON(ENGINE_R_CMD_NOT_EXECUTABLE), "cmd not executable"},
-    {ERR_REASON(ENGINE_R_COMMAND_TAKES_INPUT), "command takes input"},
-    {ERR_REASON(ENGINE_R_COMMAND_TAKES_NO_INPUT), "command takes no input"},
-    {ERR_REASON(ENGINE_R_CONFLICTING_ENGINE_ID), "conflicting engine id"},
-    {ERR_REASON(ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED),
-     "ctrl command not implemented"},
-    {ERR_REASON(ENGINE_R_DSO_FAILURE), "DSO failure"},
-    {ERR_REASON(ENGINE_R_DSO_NOT_FOUND), "dso not found"},
-    {ERR_REASON(ENGINE_R_ENGINES_SECTION_ERROR), "engines section error"},
-    {ERR_REASON(ENGINE_R_ENGINE_CONFIGURATION_ERROR),
-     "engine configuration error"},
-    {ERR_REASON(ENGINE_R_ENGINE_IS_NOT_IN_LIST), "engine is not in the list"},
-    {ERR_REASON(ENGINE_R_ENGINE_SECTION_ERROR), "engine section error"},
-    {ERR_REASON(ENGINE_R_FAILED_LOADING_PRIVATE_KEY),
-     "failed loading private key"},
-    {ERR_REASON(ENGINE_R_FAILED_LOADING_PUBLIC_KEY),
-     "failed loading public key"},
-    {ERR_REASON(ENGINE_R_FINISH_FAILED), "finish failed"},
-    {ERR_REASON(ENGINE_R_ID_OR_NAME_MISSING), "'id' or 'name' missing"},
-    {ERR_REASON(ENGINE_R_INIT_FAILED), "init failed"},
-    {ERR_REASON(ENGINE_R_INTERNAL_LIST_ERROR), "internal list error"},
-    {ERR_REASON(ENGINE_R_INVALID_ARGUMENT), "invalid argument"},
-    {ERR_REASON(ENGINE_R_INVALID_CMD_NAME), "invalid cmd name"},
-    {ERR_REASON(ENGINE_R_INVALID_CMD_NUMBER), "invalid cmd number"},
-    {ERR_REASON(ENGINE_R_INVALID_INIT_VALUE), "invalid init value"},
-    {ERR_REASON(ENGINE_R_INVALID_STRING), "invalid string"},
-    {ERR_REASON(ENGINE_R_NOT_INITIALISED), "not initialised"},
-    {ERR_REASON(ENGINE_R_NOT_LOADED), "not loaded"},
-    {ERR_REASON(ENGINE_R_NO_CONTROL_FUNCTION), "no control function"},
-    {ERR_REASON(ENGINE_R_NO_INDEX), "no index"},
-    {ERR_REASON(ENGINE_R_NO_LOAD_FUNCTION), "no load function"},
-    {ERR_REASON(ENGINE_R_NO_REFERENCE), "no reference"},
-    {ERR_REASON(ENGINE_R_NO_SUCH_ENGINE), "no such engine"},
-    {ERR_REASON(ENGINE_R_UNIMPLEMENTED_CIPHER), "unimplemented cipher"},
-    {ERR_REASON(ENGINE_R_UNIMPLEMENTED_DIGEST), "unimplemented digest"},
-    {ERR_REASON(ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD),
-     "unimplemented public key method"},
-    {ERR_REASON(ENGINE_R_VERSION_INCOMPATIBILITY), "version incompatibility"},
+static const ERR_STRING_DATA ENGINE_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ALREADY_LOADED), "already loaded"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER),
+    "argument is not a number"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_CMD_NOT_EXECUTABLE),
+    "cmd not executable"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_COMMAND_TAKES_INPUT),
+    "command takes input"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_COMMAND_TAKES_NO_INPUT),
+    "command takes no input"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_CONFLICTING_ENGINE_ID),
+    "conflicting engine id"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED),
+    "ctrl command not implemented"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_DSO_FAILURE), "DSO failure"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_DSO_NOT_FOUND), "dso not found"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ENGINES_SECTION_ERROR),
+    "engines section error"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ENGINE_CONFIGURATION_ERROR),
+    "engine configuration error"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ENGINE_IS_NOT_IN_LIST),
+    "engine is not in the list"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ENGINE_SECTION_ERROR),
+    "engine section error"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_FAILED_LOADING_PRIVATE_KEY),
+    "failed loading private key"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_FAILED_LOADING_PUBLIC_KEY),
+    "failed loading public key"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_FINISH_FAILED), "finish failed"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ID_OR_NAME_MISSING),
+    "'id' or 'name' missing"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INIT_FAILED), "init failed"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INTERNAL_LIST_ERROR),
+    "internal list error"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INVALID_ARGUMENT),
+    "invalid argument"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INVALID_CMD_NAME),
+    "invalid cmd name"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INVALID_CMD_NUMBER),
+    "invalid cmd number"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INVALID_INIT_VALUE),
+    "invalid init value"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INVALID_STRING), "invalid string"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NOT_INITIALISED), "not initialised"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NOT_LOADED), "not loaded"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NO_CONTROL_FUNCTION),
+    "no control function"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NO_INDEX), "no index"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NO_LOAD_FUNCTION),
+    "no load function"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NO_REFERENCE), "no reference"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NO_SUCH_ENGINE), "no such engine"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_UNIMPLEMENTED_CIPHER),
+    "unimplemented cipher"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_UNIMPLEMENTED_DIGEST),
+    "unimplemented digest"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD),
+    "unimplemented public key method"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_VERSION_INCOMPATIBILITY),
+    "version incompatibility"},
     {0, NULL}
 };
 
@@ -113,10 +145,9 @@ static ERR_STRING_DATA ENGINE_str_reasons[] = {
 int ERR_load_ENGINE_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
-
     if (ERR_func_error_string(ENGINE_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, ENGINE_str_functs);
-        ERR_load_strings(0, ENGINE_str_reasons);
+        ERR_load_strings_const(ENGINE_str_functs);
+        ERR_load_strings_const(ENGINE_str_reasons);
     }
 #endif
     return 1;
diff --git a/deps/openssl/openssl/crypto/engine/eng_fat.c b/deps/openssl/openssl/crypto/engine/eng_fat.c
index 5cb8187429..591fddc8e4 100644
--- a/deps/openssl/openssl/crypto/engine/eng_fat.c
+++ b/deps/openssl/openssl/crypto/engine/eng_fat.c
@@ -1,5 +1,6 @@
 /*
  * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -7,12 +8,6 @@
  * https://www.openssl.org/source/license.html
  */
 
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
 #include "eng_int.h"
 #include <openssl/conf.h>
 
diff --git a/deps/openssl/openssl/crypto/engine/eng_init.c b/deps/openssl/openssl/crypto/engine/eng_init.c
index 8be7c6fc86..7c235fc472 100644
--- a/deps/openssl/openssl/crypto/engine/eng_init.c
+++ b/deps/openssl/openssl/crypto/engine/eng_init.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -7,6 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
+#include "e_os.h"
 #include "eng_int.h"
 
 /*
diff --git a/deps/openssl/openssl/crypto/engine/eng_int.h b/deps/openssl/openssl/crypto/engine/eng_int.h
index c604faddd7..b95483341e 100644
--- a/deps/openssl/openssl/crypto/engine/eng_int.h
+++ b/deps/openssl/openssl/crypto/engine/eng_int.h
@@ -1,5 +1,6 @@
 /*
- * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -7,22 +8,13 @@
  * https://www.openssl.org/source/license.html
  */
 
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
 #ifndef HEADER_ENGINE_INT_H
 # define HEADER_ENGINE_INT_H
 
 # include "internal/cryptlib.h"
-# include <internal/engine.h>
-# include <internal/thread_once.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
+# include "internal/engine.h"
+# include "internal/thread_once.h"
+# include "internal/refcount.h"
 
 extern CRYPTO_RWLOCK *global_engine_lock;
 
@@ -103,7 +95,7 @@ void engine_table_doall(ENGINE_TABLE *table, engine_table_doall_cb *cb,
  */
 int engine_unlocked_init(ENGINE *e);
 int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers);
-int engine_free_util(ENGINE *e, int locked);
+int engine_free_util(ENGINE *e, int not_locked);
 
 /*
  * This function will reset all "set"able values in an ENGINE to NULL. This
@@ -156,7 +148,7 @@ struct engine_st {
     const ENGINE_CMD_DEFN *cmd_defns;
     int flags;
     /* reference count on the structure itself */
-    int struct_ref;
+    CRYPTO_REF_COUNT struct_ref;
     /*
      * reference count on usability of the engine type. NB: This controls the
      * loading and initialisation of any functionality required by this
@@ -176,8 +168,4 @@ typedef struct st_engine_pile ENGINE_PILE;
 
 DEFINE_LHASH_OF(ENGINE_PILE);
 
-#ifdef  __cplusplus
-}
-#endif
-
 #endif                          /* HEADER_ENGINE_INT_H */
diff --git a/deps/openssl/openssl/crypto/engine/eng_lib.c b/deps/openssl/openssl/crypto/engine/eng_lib.c
index ef8e995503..3ef3aae28a 100644
--- a/deps/openssl/openssl/crypto/engine/eng_lib.c
+++ b/deps/openssl/openssl/crypto/engine/eng_lib.c
@@ -7,8 +7,10 @@
  * https://www.openssl.org/source/license.html
  */
 
+#include "e_os.h"
 #include "eng_int.h"
 #include <openssl/rand.h>
+#include "internal/refcount.h"
 
 CRYPTO_RWLOCK *global_engine_lock;
 
@@ -67,17 +69,17 @@ void engine_set_all_null(ENGINE *e)
     e->flags = 0;
 }
 
-int engine_free_util(ENGINE *e, int locked)
+int engine_free_util(ENGINE *e, int not_locked)
 {
     int i;
 
     if (e == NULL)
         return 1;
-    if (locked)
-        CRYPTO_atomic_add(&e->struct_ref, -1, &i, global_engine_lock);
+    if (not_locked)
+        CRYPTO_DOWN_REF(&e->struct_ref, &i, global_engine_lock);
     else
         i = --e->struct_ref;
-    engine_ref_debug(e, 0, -1)
+    engine_ref_debug(e, 0, -1);
     if (i > 0)
         return 1;
     REF_ASSERT_ISNT(i < 0);
@@ -121,9 +123,12 @@ static int int_cleanup_check(int create)
 
 static ENGINE_CLEANUP_ITEM *int_cleanup_item(ENGINE_CLEANUP_CB *cb)
 {
-    ENGINE_CLEANUP_ITEM *item = OPENSSL_malloc(sizeof(*item));
-    if (item == NULL)
+    ENGINE_CLEANUP_ITEM *item;
+    
+    if ((item = OPENSSL_malloc(sizeof(*item))) == NULL) {
+        ENGINEerr(ENGINE_F_INT_CLEANUP_ITEM, ERR_R_MALLOC_FAILURE);
         return NULL;
+    }
     item->cb = cb;
     return item;
 }
@@ -131,6 +136,7 @@ static ENGINE_CLEANUP_ITEM *int_cleanup_item(ENGINE_CLEANUP_CB *cb)
 void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb)
 {
     ENGINE_CLEANUP_ITEM *item;
+
     if (!int_cleanup_check(1))
         return;
     item = int_cleanup_item(cb);
@@ -171,12 +177,12 @@ void engine_cleanup_int(void)
 
 int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg)
 {
-    return (CRYPTO_set_ex_data(&e->ex_data, idx, arg));
+    return CRYPTO_set_ex_data(&e->ex_data, idx, arg);
 }
 
 void *ENGINE_get_ex_data(const ENGINE *e, int idx)
 {
-    return (CRYPTO_get_ex_data(&e->ex_data, idx));
+    return CRYPTO_get_ex_data(&e->ex_data, idx);
 }
 
 /*
diff --git a/deps/openssl/openssl/crypto/engine/eng_list.c b/deps/openssl/openssl/crypto/engine/eng_list.c
index f8d74c1d33..45c339c541 100644
--- a/deps/openssl/openssl/crypto/engine/eng_list.c
+++ b/deps/openssl/openssl/crypto/engine/eng_list.c
@@ -1,5 +1,6 @@
 /*
  * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -7,19 +8,13 @@
  * https://www.openssl.org/source/license.html
  */
 
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
 #include "eng_int.h"
 
 /*
  * The linked-list of pointers to engine types. engine_list_head incorporates
  * an implicit structural reference but engine_list_tail does not - the
- * latter is a computational niceity and only points to something that is
- * already pointed to by its predecessor in the list (or engine_list_head
+ * latter is a computational optimization and only points to something that
+ * is already pointed to by its predecessor in the list (or engine_list_head
  * itself). In the same way, the use of the "prev" pointer in each ENGINE is
  * to save excessive list iteration, it doesn't correspond to an extra
  * structural reference. Hence, engine_list_head, and each non-null "next"
@@ -349,6 +344,6 @@ int ENGINE_up_ref(ENGINE *e)
         ENGINEerr(ENGINE_F_ENGINE_UP_REF, ERR_R_PASSED_NULL_PARAMETER);
         return 0;
     }
-    CRYPTO_atomic_add(&e->struct_ref, 1, &i, global_engine_lock);
+    CRYPTO_UP_REF(&e->struct_ref, &i, global_engine_lock);
     return 1;
 }
diff --git a/deps/openssl/openssl/crypto/engine/eng_openssl.c b/deps/openssl/openssl/crypto/engine/eng_openssl.c
index 9208f7eafc..f7ad7a5f46 100644
--- a/deps/openssl/openssl/crypto/engine/eng_openssl.c
+++ b/deps/openssl/openssl/crypto/engine/eng_openssl.c
@@ -1,5 +1,6 @@
 /*
- * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -7,16 +8,10 @@
  * https://www.openssl.org/source/license.html
  */
 
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
 #include <stdio.h>
 #include <openssl/crypto.h>
 #include "internal/cryptlib.h"
-#include <internal/engine.h>
+#include "internal/engine.h"
 #include <openssl/pem.h>
 #include <openssl/evp.h>
 #include <openssl/rand.h>
@@ -436,9 +431,10 @@ static int ossl_hmac_init(EVP_PKEY_CTX *ctx)
 {
     OSSL_HMAC_PKEY_CTX *hctx;
 
-    hctx = OPENSSL_zalloc(sizeof(*hctx));
-    if (hctx == NULL)
+    if ((hctx = OPENSSL_zalloc(sizeof(*hctx))) == NULL) {
+        ENGINEerr(ENGINE_F_OSSL_HMAC_INIT, ERR_R_MALLOC_FAILURE);
         return 0;
+    }
     hctx->ktmp.type = V_ASN1_OCTET_STRING;
     hctx->ctx = HMAC_CTX_new();
     if (hctx->ctx == NULL) {
diff --git a/deps/openssl/openssl/crypto/engine/eng_rdrand.c b/deps/openssl/openssl/crypto/engine/eng_rdrand.c
index b3defcbe4f..261e5debbf 100644
--- a/deps/openssl/openssl/crypto/engine/eng_rdrand.c
+++ b/deps/openssl/openssl/crypto/engine/eng_rdrand.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -11,7 +11,7 @@
 
 #include <stdio.h>
 #include <string.h>
-#include <internal/engine.h>
+#include "internal/engine.h"
 #include <openssl/rand.h>
 #include <openssl/err.h>
 #include <openssl/crypto.h>
@@ -20,28 +20,15 @@
      defined(__x86_64) || defined(__x86_64__) || \
      defined(_M_AMD64) || defined (_M_X64)) && defined(OPENSSL_CPUID_OBJ)
 
-size_t OPENSSL_ia32_rdrand(void);
+size_t OPENSSL_ia32_rdrand_bytes(unsigned char *buf, size_t len);
 
 static int get_random_bytes(unsigned char *buf, int num)
 {
-    size_t rnd;
-
-    while (num >= (int)sizeof(size_t)) {
-        if ((rnd = OPENSSL_ia32_rdrand()) == 0)
-            return 0;
-
-        *((size_t *)buf) = rnd;
-        buf += sizeof(size_t);
-        num -= sizeof(size_t);
-    }
-    if (num) {
-        if ((rnd = OPENSSL_ia32_rdrand()) == 0)
-            return 0;
-
-        memcpy(buf, &rnd, num);
+    if (num < 0) {
+        return 0;
     }
 
-    return 1;
+    return (size_t)num == OPENSSL_ia32_rdrand_bytes(buf, (size_t)num);
 }
 
 static int random_status(void)
diff --git a/deps/openssl/openssl/crypto/engine/tb_asnmth.c b/deps/openssl/openssl/crypto/engine/tb_asnmth.c
index 5c7b161703..4bcc76136a 100644
--- a/deps/openssl/openssl/crypto/engine/tb_asnmth.c
+++ b/deps/openssl/openssl/crypto/engine/tb_asnmth.c
@@ -7,6 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
+#include "e_os.h"
 #include "eng_int.h"
 #include <openssl/evp.h>
 #include "internal/asn1_int.h"
diff --git a/deps/openssl/openssl/crypto/engine/tb_cipher.c b/deps/openssl/openssl/crypto/engine/tb_cipher.c
index ac49141115..faa967c475 100644
--- a/deps/openssl/openssl/crypto/engine/tb_cipher.c
+++ b/deps/openssl/openssl/crypto/engine/tb_cipher.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -34,7 +34,7 @@ int ENGINE_register_ciphers(ENGINE *e)
     return 1;
 }
 
-void ENGINE_register_all_ciphers()
+void ENGINE_register_all_ciphers(void)
 {
     ENGINE *e;
 
diff --git a/deps/openssl/openssl/crypto/engine/tb_dh.c b/deps/openssl/openssl/crypto/engine/tb_dh.c
index c6440df207..785119f65a 100644
--- a/deps/openssl/openssl/crypto/engine/tb_dh.c
+++ b/deps/openssl/openssl/crypto/engine/tb_dh.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -31,7 +31,7 @@ int ENGINE_register_DH(ENGINE *e)
     return 1;
 }
 
-void ENGINE_register_all_DH()
+void ENGINE_register_all_DH(void)
 {
     ENGINE *e;
 
diff --git a/deps/openssl/openssl/crypto/engine/tb_digest.c b/deps/openssl/openssl/crypto/engine/tb_digest.c
index 194b9c7e89..d644b1b0a8 100644
--- a/deps/openssl/openssl/crypto/engine/tb_digest.c
+++ b/deps/openssl/openssl/crypto/engine/tb_digest.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -34,7 +34,7 @@ int ENGINE_register_digests(ENGINE *e)
     return 1;
 }
 
-void ENGINE_register_all_digests()
+void ENGINE_register_all_digests(void)
 {
     ENGINE *e;
 
diff --git a/deps/openssl/openssl/crypto/engine/tb_dsa.c b/deps/openssl/openssl/crypto/engine/tb_dsa.c
index fdb80cd79f..65b6ea8d3a 100644
--- a/deps/openssl/openssl/crypto/engine/tb_dsa.c
+++ b/deps/openssl/openssl/crypto/engine/tb_dsa.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -31,7 +31,7 @@ int ENGINE_register_DSA(ENGINE *e)
     return 1;
 }
 
-void ENGINE_register_all_DSA()
+void ENGINE_register_all_DSA(void)
 {
     ENGINE *e;
 
diff --git a/deps/openssl/openssl/crypto/engine/tb_eckey.c b/deps/openssl/openssl/crypto/engine/tb_eckey.c
index 75750b29fc..1e50736854 100644
--- a/deps/openssl/openssl/crypto/engine/tb_eckey.c
+++ b/deps/openssl/openssl/crypto/engine/tb_eckey.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -31,7 +31,7 @@ int ENGINE_register_EC(ENGINE *e)
     return 1;
 }
 
-void ENGINE_register_all_EC()
+void ENGINE_register_all_EC(void)
 {
     ENGINE *e;
 
diff --git a/deps/openssl/openssl/crypto/engine/tb_pkmeth.c b/deps/openssl/openssl/crypto/engine/tb_pkmeth.c
index 2e82d8551e..03cd1e69dd 100644
--- a/deps/openssl/openssl/crypto/engine/tb_pkmeth.c
+++ b/deps/openssl/openssl/crypto/engine/tb_pkmeth.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -35,7 +35,7 @@ int ENGINE_register_pkey_meths(ENGINE *e)
     return 1;
 }
 
-void ENGINE_register_all_pkey_meths()
+void ENGINE_register_all_pkey_meths(void)
 {
     ENGINE *e;
 
diff --git a/deps/openssl/openssl/crypto/engine/tb_rand.c b/deps/openssl/openssl/crypto/engine/tb_rand.c
index 225e7c81dc..98a98073cd 100644
--- a/deps/openssl/openssl/crypto/engine/tb_rand.c
+++ b/deps/openssl/openssl/crypto/engine/tb_rand.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -31,7 +31,7 @@ int ENGINE_register_RAND(ENGINE *e)
     return 1;
 }
 
-void ENGINE_register_all_RAND()
+void ENGINE_register_all_RAND(void)
 {
     ENGINE *e;
 
diff --git a/deps/openssl/openssl/crypto/engine/tb_rsa.c b/deps/openssl/openssl/crypto/engine/tb_rsa.c
index e2cc680a9c..d8d2e34f84 100644
--- a/deps/openssl/openssl/crypto/engine/tb_rsa.c
+++ b/deps/openssl/openssl/crypto/engine/tb_rsa.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -31,7 +31,7 @@ int ENGINE_register_RSA(ENGINE *e)
     return 1;
 }
 
-void ENGINE_register_all_RSA()
+void ENGINE_register_all_RSA(void)
 {
     ENGINE *e;
 
diff --git a/deps/openssl/openssl/crypto/err/err.c b/deps/openssl/openssl/crypto/err/err.c
index 08c27a3e83..03cbd738e1 100644
--- a/deps/openssl/openssl/crypto/err/err.c
+++ b/deps/openssl/openssl/crypto/err/err.c
@@ -10,17 +10,17 @@
 #include <stdio.h>
 #include <stdarg.h>
 #include <string.h>
-#include <internal/cryptlib_int.h>
-#include <internal/err.h>
-#include <internal/err_int.h>
-#include <openssl/lhash.h>
+#include "internal/cryptlib_int.h"
+#include "internal/err.h"
+#include "internal/err_int.h"
+#include <openssl/err.h>
 #include <openssl/crypto.h>
 #include <openssl/buffer.h>
 #include <openssl/bio.h>
 #include <openssl/opensslconf.h>
-#include <internal/thread_once.h>
+#include "internal/thread_once.h"
 
-static void err_load_strings(int lib, ERR_STRING_DATA *str);
+static int err_load_strings(const ERR_STRING_DATA *str);
 
 static void ERR_STATE_free(ERR_STATE *s);
 #ifndef OPENSSL_NO_ERR
@@ -59,6 +59,8 @@ static ERR_STRING_DATA ERR_str_libraries[] = {
     {ERR_PACK(ERR_LIB_CT, 0, 0), "CT routines"},
     {ERR_PACK(ERR_LIB_ASYNC, 0, 0), "ASYNC routines"},
     {ERR_PACK(ERR_LIB_KDF, 0, 0), "KDF routines"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, 0), "STORE routines"},
+    {ERR_PACK(ERR_LIB_SM2, 0, 0), "SM2 routines"},
     {0, NULL},
 };
 
@@ -83,6 +85,12 @@ static ERR_STRING_DATA ERR_str_functs[] = {
     {ERR_PACK(0, SYS_F_GETSOCKNAME, 0), "getsockname"},
     {ERR_PACK(0, SYS_F_GETHOSTBYNAME, 0), "gethostbyname"},
     {ERR_PACK(0, SYS_F_FFLUSH, 0), "fflush"},
+    {ERR_PACK(0, SYS_F_OPEN, 0), "open"},
+    {ERR_PACK(0, SYS_F_CLOSE, 0), "close"},
+    {ERR_PACK(0, SYS_F_IOCTL, 0), "ioctl"},
+    {ERR_PACK(0, SYS_F_STAT, 0), "stat"},
+    {ERR_PACK(0, SYS_F_FCNTL, 0), "fcntl"},
+    {ERR_PACK(0, SYS_F_FSTAT, 0), "fstat"},
     {0, NULL},
 };
 
@@ -103,6 +111,8 @@ static ERR_STRING_DATA ERR_str_reasons[] = {
     {ERR_R_PKCS7_LIB, "PKCS7 lib"},
     {ERR_R_X509V3_LIB, "X509V3 lib"},
     {ERR_R_ENGINE_LIB, "ENGINE lib"},
+    {ERR_R_UI_LIB, "UI lib"},
+    {ERR_R_OSSL_STORE_LIB, "STORE lib"},
     {ERR_R_ECDSA_LIB, "ECDSA lib"},
 
     {ERR_R_NESTED_ASN1_ERROR, "nested asn1 error"},
@@ -116,6 +126,7 @@ static ERR_STRING_DATA ERR_str_reasons[] = {
     {ERR_R_INTERNAL_ERROR, "internal error"},
     {ERR_R_DISABLED, "called a function that was disabled at compile-time"},
     {ERR_R_INIT_FAIL, "init fail"},
+    {ERR_R_OPERATION_FAIL, "operation fail"},
 
     {0, NULL},
 };
@@ -153,7 +164,9 @@ static unsigned long err_string_data_hash(const ERR_STRING_DATA *a)
 static int err_string_data_cmp(const ERR_STRING_DATA *a,
                                const ERR_STRING_DATA *b)
 {
-    return (int)(a->error - b->error);
+    if (a->error == b->error)
+        return 0;
+    return a->error > b->error ? 1 : -1;
 }
 
 static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *d)
@@ -161,8 +174,7 @@ static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *d)
     ERR_STRING_DATA *p = NULL;
 
     CRYPTO_THREAD_read_lock(err_string_lock);
-    if (int_error_hash != NULL)
-        p = lh_ERR_STRING_DATA_retrieve(int_error_hash, d);
+    p = lh_ERR_STRING_DATA_retrieve(int_error_hash, d);
     CRYPTO_THREAD_unlock(err_string_lock);
 
     return p;
@@ -199,7 +211,7 @@ static void build_SYS_str_reasons(void)
     for (i = 1; i <= NUM_SYS_STR_REASONS; i++) {
         ERR_STRING_DATA *str = &SYS_str_reasons[i - 1];
 
-        str->error = (unsigned long)i;
+        str->error = ERR_PACK(ERR_LIB_SYS, 0, i);
         if (str->string == NULL) {
             char (*dest)[LEN_SYS_STR_REASON] = &(strerror_tab[i - 1]);
             if (openssl_strerror_r(i, *dest, sizeof(*dest)))
@@ -217,27 +229,27 @@ static void build_SYS_str_reasons(void)
     init = 0;
 
     CRYPTO_THREAD_unlock(err_string_lock);
+    err_load_strings(SYS_str_reasons);
 }
 #endif
 
-#define err_clear_data(p,i) \
+#define err_clear_data(p, i) \
         do { \
-        if ((p)->err_data_flags[i] & ERR_TXT_MALLOCED) \
-                {  \
+            if ((p)->err_data_flags[i] & ERR_TXT_MALLOCED) {\
                 OPENSSL_free((p)->err_data[i]); \
-                (p)->err_data[i]=NULL; \
-                } \
-        (p)->err_data_flags[i]=0; \
-        } while(0)
+                (p)->err_data[i] = NULL; \
+            } \
+            (p)->err_data_flags[i] = 0; \
+        } while (0)
 
-#define err_clear(p,i) \
+#define err_clear(p, i) \
         do { \
-        (p)->err_flags[i]=0; \
-        (p)->err_buffer[i]=0; \
-        err_clear_data(p,i); \
-        (p)->err_file[i]=NULL; \
-        (p)->err_line[i]= -1; \
-        } while(0)
+            err_clear_data(p, i); \
+            (p)->err_flags[i] = 0; \
+            (p)->err_buffer[i] = 0; \
+            (p)->err_file[i] = NULL; \
+            (p)->err_line[i] = -1; \
+        } while (0)
 
 static void ERR_STATE_free(ERR_STATE *s)
 {
@@ -245,7 +257,6 @@ static void ERR_STATE_free(ERR_STATE *s)
 
     if (s == NULL)
         return;
-
     for (i = 0; i < ERR_NUM_ERRORS; i++) {
         err_clear_data(s, i);
     }
@@ -257,7 +268,16 @@ DEFINE_RUN_ONCE_STATIC(do_err_strings_init)
     if (!OPENSSL_init_crypto(0, NULL))
         return 0;
     err_string_lock = CRYPTO_THREAD_lock_new();
-    return err_string_lock != NULL;
+    if (err_string_lock == NULL)
+        return 0;
+    int_error_hash = lh_ERR_STRING_DATA_new(err_string_data_hash,
+                                            err_string_data_cmp);
+    if (int_error_hash == NULL) {
+        CRYPTO_THREAD_lock_free(err_string_lock);
+        err_string_lock = NULL;
+        return 0;
+    }
+    return 1;
 }
 
 void err_cleanup(void)
@@ -266,6 +286,32 @@ void err_cleanup(void)
         CRYPTO_THREAD_cleanup_local(&err_thread_local);
     CRYPTO_THREAD_lock_free(err_string_lock);
     err_string_lock = NULL;
+    lh_ERR_STRING_DATA_free(int_error_hash);
+    int_error_hash = NULL;
+}
+
+/*
+ * Legacy; pack in the library.
+ */
+static void err_patch(int lib, ERR_STRING_DATA *str)
+{
+    unsigned long plib = ERR_PACK(lib, 0, 0);
+
+    for (; str->error != 0; str++)
+        str->error |= plib;
+}
+
+/*
+ * Hash in |str| error strings. Assumes the URN_ONCE was done.
+ */
+static int err_load_strings(const ERR_STRING_DATA *str)
+{
+    CRYPTO_THREAD_write_lock(err_string_lock);
+    for (; str->error; str++)
+        (void)lh_ERR_STRING_DATA_insert(int_error_hash,
+                                       (ERR_STRING_DATA *)str);
+    CRYPTO_THREAD_unlock(err_string_lock);
+    return 1;
 }
 
 int ERR_load_ERR_strings(void)
@@ -274,36 +320,30 @@ int ERR_load_ERR_strings(void)
     if (!RUN_ONCE(&err_string_init, do_err_strings_init))
         return 0;
 
-    err_load_strings(0, ERR_str_libraries);
-    err_load_strings(0, ERR_str_reasons);
-    err_load_strings(ERR_LIB_SYS, ERR_str_functs);
+    err_load_strings(ERR_str_libraries);
+    err_load_strings(ERR_str_reasons);
+    err_patch(ERR_LIB_SYS, ERR_str_functs);
+    err_load_strings(ERR_str_functs);
     build_SYS_str_reasons();
-    err_load_strings(ERR_LIB_SYS, SYS_str_reasons);
 #endif
     return 1;
 }
 
-static void err_load_strings(int lib, ERR_STRING_DATA *str)
+int ERR_load_strings(int lib, ERR_STRING_DATA *str)
 {
-    CRYPTO_THREAD_write_lock(err_string_lock);
-    if (int_error_hash == NULL)
-        int_error_hash = lh_ERR_STRING_DATA_new(err_string_data_hash,
-                                                err_string_data_cmp);
-    if (int_error_hash != NULL) {
-        for (; str->error; str++) {
-            if (lib)
-                str->error |= ERR_PACK(lib, 0, 0);
-            (void)lh_ERR_STRING_DATA_insert(int_error_hash, str);
-        }
-    }
-    CRYPTO_THREAD_unlock(err_string_lock);
+    if (ERR_load_ERR_strings() == 0)
+        return 0;
+
+    err_patch(lib, str);
+    err_load_strings(str);
+    return 1;
 }
 
-int ERR_load_strings(int lib, ERR_STRING_DATA *str)
+int ERR_load_strings_const(const ERR_STRING_DATA *str)
 {
     if (ERR_load_ERR_strings() == 0)
         return 0;
-    err_load_strings(lib, str);
+    err_load_strings(str);
     return 1;
 }
 
@@ -313,13 +353,12 @@ int ERR_unload_strings(int lib, ERR_STRING_DATA *str)
         return 0;
 
     CRYPTO_THREAD_write_lock(err_string_lock);
-    if (int_error_hash != NULL) {
-        for (; str->error; str++) {
-            if (lib)
-                str->error |= ERR_PACK(lib, 0, 0);
-            (void)lh_ERR_STRING_DATA_delete(int_error_hash, str);
-        }
-    }
+    /*
+     * We don't need to ERR_PACK the lib, since that was done (to
+     * the table) when it was loaded.
+     */
+    for (; str->error; str++)
+        (void)lh_ERR_STRING_DATA_delete(int_error_hash, str);
     CRYPTO_THREAD_unlock(err_string_lock);
 
     return 1;
@@ -329,11 +368,6 @@ void err_free_strings_int(void)
 {
     if (!RUN_ONCE(&err_string_init, do_err_strings_init))
         return;
-
-    CRYPTO_THREAD_write_lock(err_string_lock);
-    lh_ERR_STRING_DATA_free(int_error_hash);
-    int_error_hash = NULL;
-    CRYPTO_THREAD_unlock(err_string_lock);
 }
 
 /********************************************************/
@@ -392,50 +426,50 @@ void ERR_clear_error(void)
 
 unsigned long ERR_get_error(void)
 {
-    return (get_error_values(1, 0, NULL, NULL, NULL, NULL));
+    return get_error_values(1, 0, NULL, NULL, NULL, NULL);
 }
 
 unsigned long ERR_get_error_line(const char **file, int *line)
 {
-    return (get_error_values(1, 0, file, line, NULL, NULL));
+    return get_error_values(1, 0, file, line, NULL, NULL);
 }
 
 unsigned long ERR_get_error_line_data(const char **file, int *line,
                                       const char **data, int *flags)
 {
-    return (get_error_values(1, 0, file, line, data, flags));
+    return get_error_values(1, 0, file, line, data, flags);
 }
 
 unsigned long ERR_peek_error(void)
 {
-    return (get_error_values(0, 0, NULL, NULL, NULL, NULL));
+    return get_error_values(0, 0, NULL, NULL, NULL, NULL);
 }
 
 unsigned long ERR_peek_error_line(const char **file, int *line)
 {
-    return (get_error_values(0, 0, file, line, NULL, NULL));
+    return get_error_values(0, 0, file, line, NULL, NULL);
 }
 
 unsigned long ERR_peek_error_line_data(const char **file, int *line,
                                        const char **data, int *flags)
 {
-    return (get_error_values(0, 0, file, line, data, flags));
+    return get_error_values(0, 0, file, line, data, flags);
 }
 
 unsigned long ERR_peek_last_error(void)
 {
-    return (get_error_values(0, 1, NULL, NULL, NULL, NULL));
+    return get_error_values(0, 1, NULL, NULL, NULL, NULL);
 }
 
 unsigned long ERR_peek_last_error_line(const char **file, int *line)
 {
-    return (get_error_values(0, 1, file, line, NULL, NULL));
+    return get_error_values(0, 1, file, line, NULL, NULL);
 }
 
 unsigned long ERR_peek_last_error_line_data(const char **file, int *line,
                                             const char **data, int *flags)
 {
-    return (get_error_values(0, 1, file, line, data, flags));
+    return get_error_values(0, 1, file, line, data, flags);
 }
 
 static unsigned long get_error_values(int inc, int top, const char **file,
@@ -476,15 +510,13 @@ static unsigned long get_error_values(int inc, int top, const char **file,
         es->err_buffer[i] = 0;
     }
 
-    if ((file != NULL) && (line != NULL)) {
+    if (file != NULL && line != NULL) {
         if (es->err_file[i] == NULL) {
             *file = "NA";
-            if (line != NULL)
-                *line = 0;
+            *line = 0;
         } else {
             *file = es->err_file[i];
-            if (line != NULL)
-                *line = es->err_line[i];
+            *line = es->err_line[i];
         }
     }
 
@@ -516,45 +548,30 @@ void ERR_error_string_n(unsigned long e, char *buf, size_t len)
         return;
 
     l = ERR_GET_LIB(e);
-    f = ERR_GET_FUNC(e);
-    r = ERR_GET_REASON(e);
-
     ls = ERR_lib_error_string(e);
-    fs = ERR_func_error_string(e);
-    rs = ERR_reason_error_string(e);
-
-    if (ls == NULL)
+    if (ls == NULL) {
         BIO_snprintf(lsbuf, sizeof(lsbuf), "lib(%lu)", l);
-    if (fs == NULL)
+        ls = lsbuf;
+    }
+
+    fs = ERR_func_error_string(e);
+    f = ERR_GET_FUNC(e);
+    if (fs == NULL) {
         BIO_snprintf(fsbuf, sizeof(fsbuf), "func(%lu)", f);
-    if (rs == NULL)
+        fs = fsbuf;
+    }
+
+    rs = ERR_reason_error_string(e);
+    r = ERR_GET_REASON(e);
+    if (rs == NULL) {
         BIO_snprintf(rsbuf, sizeof(rsbuf), "reason(%lu)", r);
+        rs = rsbuf;
+    }
 
-    BIO_snprintf(buf, len, "error:%08lX:%s:%s:%s", e, ls ? ls : lsbuf,
-                 fs ? fs : fsbuf, rs ? rs : rsbuf);
+    BIO_snprintf(buf, len, "error:%08lX:%s:%s:%s", e, ls, fs, rs);
     if (strlen(buf) == len - 1) {
-        /*
-         * output may be truncated; make sure we always have 5
-         * colon-separated fields, i.e. 4 colons ...
-         */
-#define NUM_COLONS 4
-        if (len > NUM_COLONS) { /* ... if possible */
-            int i;
-            char *s = buf;
-
-            for (i = 0; i < NUM_COLONS; i++) {
-                char *colon = strchr(s, ':');
-                if (colon == NULL || colon > &buf[len - 1] - NUM_COLONS + i) {
-                    /*
-                     * set colon no. i at last possible position (buf[len-1]
-                     * is the terminating 0)
-                     */
-                    colon = &buf[len - 1] - NUM_COLONS + i;
-                    *colon = ':';
-                }
-                s = colon + 1;
-            }
-        }
+        /* Didn't fit; use a minimal format. */
+        BIO_snprintf(buf, len, "err:%lx:%lx:%lx:%lx", e, l, f, r);
     }
 }
 
@@ -568,8 +585,7 @@ char *ERR_error_string(unsigned long e, char *ret)
 
     if (ret == NULL)
         ret = buf;
-    ERR_error_string_n(e, ret, 256);
-
+    ERR_error_string_n(e, ret, (int)sizeof(buf));
     return ret;
 }
 
@@ -761,28 +777,28 @@ void ERR_add_error_vdata(int num, va_list args)
     char *str, *p, *a;
 
     s = 80;
-    str = OPENSSL_malloc(s + 1);
-    if (str == NULL)
+    if ((str = OPENSSL_malloc(s + 1)) == NULL) {
+        /* ERRerr(ERR_F_ERR_ADD_ERROR_VDATA, ERR_R_MALLOC_FAILURE); */
         return;
+    }
     str[0] = '\0';
 
     n = 0;
     for (i = 0; i < num; i++) {
         a = va_arg(args, char *);
-        /* ignore NULLs, thanks to Bob Beck <beck@obtuse.com> */
-        if (a != NULL) {
-            n += strlen(a);
-            if (n > s) {
-                s = n + 20;
-                p = OPENSSL_realloc(str, s + 1);
-                if (p == NULL) {
-                    OPENSSL_free(str);
-                    return;
-                }
-                str = p;
+        if (a == NULL)
+            a = "<NULL>";
+        n += strlen(a);
+        if (n > s) {
+            s = n + 20;
+            p = OPENSSL_realloc(str, s + 1);
+            if (p == NULL) {
+                OPENSSL_free(str);
+                return;
             }
-            OPENSSL_strlcat(str, a, (size_t)s + 1);
+            str = p;
         }
+        OPENSSL_strlcat(str, a, (size_t)s + 1);
     }
     ERR_set_error_data(str, ERR_TXT_MALLOCED | ERR_TXT_STRING);
 }
@@ -812,9 +828,7 @@ int ERR_pop_to_mark(void)
     while (es->bottom != es->top
            && (es->err_flags[es->top] & ERR_FLAG_MARK) == 0) {
         err_clear(es, es->top);
-        es->top -= 1;
-        if (es->top == -1)
-            es->top = ERR_NUM_ERRORS - 1;
+        es->top = es->top > 0 ? es->top - 1 : ERR_NUM_ERRORS - 1;
     }
 
     if (es->bottom == es->top)
@@ -822,3 +836,24 @@ int ERR_pop_to_mark(void)
     es->err_flags[es->top] &= ~ERR_FLAG_MARK;
     return 1;
 }
+
+int ERR_clear_last_mark(void)
+{
+    ERR_STATE *es;
+    int top;
+
+    es = ERR_get_state();
+    if (es == NULL)
+        return 0;
+
+    top = es->top;
+    while (es->bottom != top
+           && (es->err_flags[top] & ERR_FLAG_MARK) == 0) {
+        top = top > 0 ? top - 1 : ERR_NUM_ERRORS - 1;
+    }
+
+    if (es->bottom == top)
+        return 0;
+    es->err_flags[top] &= ~ERR_FLAG_MARK;
+    return 1;
+}
diff --git a/deps/openssl/openssl/crypto/err/err_all.c b/deps/openssl/openssl/crypto/err/err_all.c
index 3b1304f8e0..d9ec04b606 100644
--- a/deps/openssl/openssl/crypto/err/err_all.c
+++ b/deps/openssl/openssl/crypto/err/err_all.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -9,43 +9,39 @@
 
 #include <stdio.h>
 #include "internal/err_int.h"
-#include <openssl/asn1.h>
-#include <openssl/bn.h>
-#include <openssl/ec.h>
-#include <openssl/buffer.h>
-#include <openssl/bio.h>
-#include <openssl/comp.h>
-#include <openssl/rsa.h>
-#include <openssl/dh.h>
-#include <openssl/dsa.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/pem2.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/conf.h>
-#include <openssl/pkcs12.h>
-#include <openssl/rand.h>
+#include <openssl/asn1err.h>
+#include <openssl/bnerr.h>
+#include <openssl/ecerr.h>
+#include <openssl/buffererr.h>
+#include <openssl/bioerr.h>
+#include <openssl/comperr.h>
+#include <openssl/rsaerr.h>
+#include <openssl/dherr.h>
+#include <openssl/dsaerr.h>
+#include <openssl/evperr.h>
+#include <openssl/objectserr.h>
+#include <openssl/pemerr.h>
+#include <openssl/pkcs7err.h>
+#include <openssl/x509err.h>
+#include <openssl/x509v3err.h>
+#include <openssl/conferr.h>
+#include <openssl/pkcs12err.h>
+#include <openssl/randerr.h>
 #include "internal/dso.h"
-#include <openssl/engine.h>
-#include <openssl/ui.h>
-#include <openssl/ocsp.h>
+#include <openssl/engineerr.h>
+#include <openssl/uierr.h>
+#include <openssl/ocsperr.h>
 #include <openssl/err.h>
-#ifdef OPENSSL_FIPS
-# include <openssl/fips.h>
-#endif
-#include <openssl/ts.h>
-#include <openssl/cms.h>
-#include <openssl/ct.h>
-#include <openssl/async.h>
-#include <openssl/kdf.h>
+#include <openssl/tserr.h>
+#include <openssl/cmserr.h>
+#include <openssl/cterr.h>
+#include <openssl/asyncerr.h>
+#include <openssl/kdferr.h>
+#include <openssl/storeerr.h>
 
 int err_load_crypto_strings_int(void)
 {
     if (
-#ifdef OPENSSL_FIPS
-        FIPS_set_error_callbacks(ERR_put_error, ERR_add_error_vdata) == 0 ||
-#endif
 #ifndef OPENSSL_NO_ERR
         ERR_load_ERR_strings() == 0 ||    /* include error strings for SYSerr */
         ERR_load_BN_strings() == 0 ||
@@ -88,12 +84,7 @@ int err_load_crypto_strings_int(void)
 # ifndef OPENSSL_NO_OCSP
         ERR_load_OCSP_strings() == 0 ||
 # endif
-#ifndef OPENSSL_NO_UI
         ERR_load_UI_strings() == 0 ||
-#endif
-# ifdef OPENSSL_FIPS
-        ERR_load_FIPS_strings() == 0 ||
-# endif
 # ifndef OPENSSL_NO_CMS
         ERR_load_CMS_strings() == 0 ||
 # endif
@@ -102,7 +93,8 @@ int err_load_crypto_strings_int(void)
 # endif
         ERR_load_ASYNC_strings() == 0 ||
 #endif
-        ERR_load_KDF_strings() == 0)
+        ERR_load_KDF_strings() == 0 ||
+        ERR_load_OSSL_STORE_strings() == 0)
         return 0;
 
     return 1;
diff --git a/deps/openssl/openssl/crypto/err/err_prn.c b/deps/openssl/openssl/crypto/err/err_prn.c
index 6ae12515f4..c82e62947e 100644
--- a/deps/openssl/openssl/crypto/err/err_prn.c
+++ b/deps/openssl/openssl/crypto/err/err_prn.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -9,7 +9,6 @@
 
 #include <stdio.h>
 #include "internal/cryptlib.h"
-#include <openssl/lhash.h>
 #include <openssl/crypto.h>
 #include <openssl/buffer.h>
 #include <openssl/err.h>
diff --git a/deps/openssl/openssl/crypto/err/openssl.ec b/deps/openssl/openssl/crypto/err/openssl.ec
index 15d151f3af..3e092eae0a 100644
--- a/deps/openssl/openssl/crypto/err/openssl.ec
+++ b/deps/openssl/openssl/crypto/err/openssl.ec
@@ -1,99 +1,78 @@
-# crypto/err/openssl.ec
-
 # configuration file for util/mkerr.pl
 
-# files that may have to be rewritten by util/mkerr.pl
-L ERR		NONE				NONE
-L BN		include/openssl/bn.h		crypto/bn/bn_err.c
-L RSA		include/openssl/rsa.h		crypto/rsa/rsa_err.c
-L DH		include/openssl/dh.h		crypto/dh/dh_err.c
-L EVP		include/openssl/evp.h		crypto/evp/evp_err.c
-L BUF		include/openssl/buffer.h	crypto/buffer/buf_err.c
-L OBJ		include/openssl/objects.h	crypto/objects/obj_err.c
-L PEM		include/openssl/pem.h		crypto/pem/pem_err.c
-L DSA		include/openssl/dsa.h		crypto/dsa/dsa_err.c
-L X509		include/openssl/x509.h		crypto/x509/x509_err.c
-L ASN1		include/openssl/asn1.h		crypto/asn1/asn1_err.c
-L CONF		include/openssl/conf.h		crypto/conf/conf_err.c
-L CRYPTO	include/openssl/crypto.h	crypto/cpt_err.c
-L EC		include/openssl/ec.h		crypto/ec/ec_err.c
-L SSL		include/openssl/ssl.h		ssl/ssl_err.c
-L BIO		include/openssl/bio.h		crypto/bio/bio_err.c
-L PKCS7		include/openssl/pkcs7.h		crypto/pkcs7/pkcs7err.c
-L X509V3	include/openssl/x509v3.h	crypto/x509v3/v3err.c
-L PKCS12	include/openssl/pkcs12.h	crypto/pkcs12/pk12err.c
-L RAND		include/openssl/rand.h		crypto/rand/rand_err.c
-L DSO		include/internal/dso.h		crypto/dso/dso_err.c
-L ENGINE	include/openssl/engine.h	crypto/engine/eng_err.c
-L OCSP		include/openssl/ocsp.h		crypto/ocsp/ocsp_err.c
-L UI		include/openssl/ui.h		crypto/ui/ui_err.c
-L COMP		include/openssl/comp.h		crypto/comp/comp_err.c
-L TS		include/openssl/ts.h		crypto/ts/ts_err.c
-#L HMAC		include/openssl/hmac.h		crypto/hmac/hmac_err.c
-L CMS		include/openssl/cms.h		crypto/cms/cms_err.c
-#L FIPS		include/openssl/fips.h		crypto/fips_err.h
-L CT		include/openssl/ct.h		crypto/ct/ct_err.c
-L ASYNC		include/openssl/async.h		crypto/async/async_err.c
-L KDF		include/openssl/kdf.h		crypto/kdf/kdf_err.c
+# The INPUT HEADER is scanned for declarations
+# LIBNAME       INPUT HEADER                    ERROR-TABLE FILE
+L ERR           NONE                            NONE
+L BN            include/openssl/bn.h            crypto/bn/bn_err.c
+L RSA           include/openssl/rsa.h           crypto/rsa/rsa_err.c
+L DH            include/openssl/dh.h            crypto/dh/dh_err.c
+L EVP           include/openssl/evp.h           crypto/evp/evp_err.c
+L BUF           include/openssl/buffer.h        crypto/buffer/buf_err.c
+L OBJ           include/openssl/objects.h       crypto/objects/obj_err.c
+L PEM           include/openssl/pem.h           crypto/pem/pem_err.c
+L DSA           include/openssl/dsa.h           crypto/dsa/dsa_err.c
+L X509          include/openssl/x509.h          crypto/x509/x509_err.c
+L ASN1          include/openssl/asn1.h          crypto/asn1/asn1_err.c
+L CONF          include/openssl/conf.h          crypto/conf/conf_err.c
+L CRYPTO        include/openssl/crypto.h        crypto/cpt_err.c
+L EC            include/openssl/ec.h            crypto/ec/ec_err.c
+L SSL           include/openssl/ssl.h           ssl/ssl_err.c
+L BIO           include/openssl/bio.h           crypto/bio/bio_err.c
+L PKCS7         include/openssl/pkcs7.h         crypto/pkcs7/pkcs7err.c
+L X509V3        include/openssl/x509v3.h        crypto/x509v3/v3err.c
+L PKCS12        include/openssl/pkcs12.h        crypto/pkcs12/pk12err.c
+L RAND          include/openssl/rand.h          crypto/rand/rand_err.c
+L DSO           include/internal/dso.h          crypto/dso/dso_err.c
+L ENGINE        include/openssl/engine.h        crypto/engine/eng_err.c
+L OCSP          include/openssl/ocsp.h          crypto/ocsp/ocsp_err.c
+L UI            include/openssl/ui.h            crypto/ui/ui_err.c
+L COMP          include/openssl/comp.h          crypto/comp/comp_err.c
+L TS            include/openssl/ts.h            crypto/ts/ts_err.c
+L CMS           include/openssl/cms.h           crypto/cms/cms_err.c
+L CT            include/openssl/ct.h            crypto/ct/ct_err.c
+L ASYNC         include/openssl/async.h         crypto/async/async_err.c
+L KDF           include/openssl/kdf.h           crypto/kdf/kdf_err.c
+L SM2           crypto/include/internal/sm2.h   crypto/sm2/sm2_err.c
+L OSSL_STORE    include/openssl/store.h         crypto/store/store_err.c
 
 # additional header files to be scanned for function names
-L NONE		include/openssl/x509_vfy.h	NONE
-L NONE		crypto/ec/ec_lcl.h		NONE
-L NONE		crypto/cms/cms_lcl.h		NONE
-L NONE		crypto/ct/ct_locl.h		NONE
-#L NONE		fips/rand/fips_rand.h		NONE
-L NONE		ssl/ssl_locl.h			NONE
-
-F RSAREF_F_RSA_BN2BIN
-F RSAREF_F_RSA_PRIVATE_DECRYPT
-F RSAREF_F_RSA_PRIVATE_ENCRYPT
-F RSAREF_F_RSA_PUBLIC_DECRYPT
-F RSAREF_F_RSA_PUBLIC_ENCRYPT
-
-R SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE         1010
-R SSL_R_SSLV3_ALERT_BAD_RECORD_MAC             1020
-R SSL_R_TLSV1_ALERT_DECRYPTION_FAILED          1021
-R SSL_R_TLSV1_ALERT_RECORD_OVERFLOW            1022
-R SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE      1030
-R SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE          1040
-R SSL_R_SSLV3_ALERT_NO_CERTIFICATE             1041
-R SSL_R_SSLV3_ALERT_BAD_CERTIFICATE            1042
-R SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE    1043
-R SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED        1044
-R SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED        1045
-R SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN        1046
-R SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER          1047
-R SSL_R_TLSV1_ALERT_UNKNOWN_CA                 1048
-R SSL_R_TLSV1_ALERT_ACCESS_DENIED              1049
-R SSL_R_TLSV1_ALERT_DECODE_ERROR               1050
-R SSL_R_TLSV1_ALERT_DECRYPT_ERROR              1051
-R SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION         1060
-R SSL_R_TLSV1_ALERT_PROTOCOL_VERSION           1070
-R SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY      1071
-R SSL_R_TLSV1_ALERT_INTERNAL_ERROR             1080
-R SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK     1086
-R SSL_R_TLSV1_ALERT_USER_CANCELLED             1090
-R SSL_R_TLSV1_ALERT_NO_RENEGOTIATION           1100
-R SSL_R_TLSV1_UNSUPPORTED_EXTENSION            1110
-R SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE         1111
-R SSL_R_TLSV1_UNRECOGNIZED_NAME                1112
-R SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE  1113
-R SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE       1114
-R TLS1_AD_UNKNOWN_PSK_IDENTITY                 1115
-R TLS1_AD_NO_APPLICATION_PROTOCOL              1120
-
-R RSAREF_R_CONTENT_ENCODING			0x0400
-R RSAREF_R_DATA					0x0401
-R RSAREF_R_DIGEST_ALGORITHM			0x0402
-R RSAREF_R_ENCODING				0x0403
-R RSAREF_R_KEY					0x0404
-R RSAREF_R_KEY_ENCODING				0x0405
-R RSAREF_R_LEN					0x0406
-R RSAREF_R_MODULUS_LEN				0x0407
-R RSAREF_R_NEED_RANDOM				0x0408
-R RSAREF_R_PRIVATE_KEY				0x0409
-R RSAREF_R_PUBLIC_KEY				0x040a
-R RSAREF_R_SIGNATURE				0x040b
-R RSAREF_R_SIGNATURE_ENCODING			0x040c
-R RSAREF_R_ENCRYPTION_ALGORITHM			0x040d
+L NONE          include/openssl/x509_vfy.h      NONE
+L NONE          crypto/ec/ec_lcl.h              NONE
+L NONE          crypto/cms/cms_lcl.h            NONE
+L NONE          crypto/ct/ct_locl.h             NONE
+L NONE          ssl/ssl_locl.h                  NONE
 
+# SSL/TLS alerts
+R SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE          1010
+R SSL_R_SSLV3_ALERT_BAD_RECORD_MAC              1020
+R SSL_R_TLSV1_ALERT_DECRYPTION_FAILED           1021
+R SSL_R_TLSV1_ALERT_RECORD_OVERFLOW             1022
+R SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE       1030
+R SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE           1040
+R SSL_R_SSLV3_ALERT_NO_CERTIFICATE              1041
+R SSL_R_SSLV3_ALERT_BAD_CERTIFICATE             1042
+R SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE     1043
+R SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED         1044
+R SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED         1045
+R SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN         1046
+R SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER           1047
+R SSL_R_TLSV1_ALERT_UNKNOWN_CA                  1048
+R SSL_R_TLSV1_ALERT_ACCESS_DENIED               1049
+R SSL_R_TLSV1_ALERT_DECODE_ERROR                1050
+R SSL_R_TLSV1_ALERT_DECRYPT_ERROR               1051
+R SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION          1060
+R SSL_R_TLSV1_ALERT_PROTOCOL_VERSION            1070
+R SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY       1071
+R SSL_R_TLSV1_ALERT_INTERNAL_ERROR              1080
+R SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK      1086
+R SSL_R_TLSV1_ALERT_USER_CANCELLED              1090
+R SSL_R_TLSV1_ALERT_NO_RENEGOTIATION            1100
+R SSL_R_TLSV13_ALERT_MISSING_EXTENSION          1109
+R SSL_R_TLSV1_UNSUPPORTED_EXTENSION             1110
+R SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE          1111
+R SSL_R_TLSV1_UNRECOGNIZED_NAME                 1112
+R SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE   1113
+R SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE        1114
+R TLS1_AD_UNKNOWN_PSK_IDENTITY                  1115
+R SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED       1116
+R TLS1_AD_NO_APPLICATION_PROTOCOL               1120
diff --git a/deps/openssl/openssl/crypto/err/openssl.txt b/deps/openssl/openssl/crypto/err/openssl.txt
new file mode 100644
index 0000000000..5003d8735a
--- /dev/null
+++ b/deps/openssl/openssl/crypto/err/openssl.txt
@@ -0,0 +1,3026 @@
+# Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+# Function codes
+ASN1_F_A2D_ASN1_OBJECT:100:a2d_ASN1_OBJECT
+ASN1_F_A2I_ASN1_INTEGER:102:a2i_ASN1_INTEGER
+ASN1_F_A2I_ASN1_STRING:103:a2i_ASN1_STRING
+ASN1_F_APPEND_EXP:176:append_exp
+ASN1_F_ASN1_BIO_INIT:113:asn1_bio_init
+ASN1_F_ASN1_BIT_STRING_SET_BIT:183:ASN1_BIT_STRING_set_bit
+ASN1_F_ASN1_CB:177:asn1_cb
+ASN1_F_ASN1_CHECK_TLEN:104:asn1_check_tlen
+ASN1_F_ASN1_COLLECT:106:asn1_collect
+ASN1_F_ASN1_D2I_EX_PRIMITIVE:108:asn1_d2i_ex_primitive
+ASN1_F_ASN1_D2I_FP:109:ASN1_d2i_fp
+ASN1_F_ASN1_D2I_READ_BIO:107:asn1_d2i_read_bio
+ASN1_F_ASN1_DIGEST:184:ASN1_digest
+ASN1_F_ASN1_DO_ADB:110:asn1_do_adb
+ASN1_F_ASN1_DO_LOCK:233:asn1_do_lock
+ASN1_F_ASN1_DUP:111:ASN1_dup
+ASN1_F_ASN1_ENC_SAVE:115:asn1_enc_save
+ASN1_F_ASN1_EX_C2I:204:asn1_ex_c2i
+ASN1_F_ASN1_FIND_END:190:asn1_find_end
+ASN1_F_ASN1_GENERALIZEDTIME_ADJ:216:ASN1_GENERALIZEDTIME_adj
+ASN1_F_ASN1_GENERATE_V3:178:ASN1_generate_v3
+ASN1_F_ASN1_GET_INT64:224:asn1_get_int64
+ASN1_F_ASN1_GET_OBJECT:114:ASN1_get_object
+ASN1_F_ASN1_GET_UINT64:225:asn1_get_uint64
+ASN1_F_ASN1_I2D_BIO:116:ASN1_i2d_bio
+ASN1_F_ASN1_I2D_FP:117:ASN1_i2d_fp
+ASN1_F_ASN1_ITEM_D2I_FP:206:ASN1_item_d2i_fp
+ASN1_F_ASN1_ITEM_DUP:191:ASN1_item_dup
+ASN1_F_ASN1_ITEM_EMBED_D2I:120:asn1_item_embed_d2i
+ASN1_F_ASN1_ITEM_EMBED_NEW:121:asn1_item_embed_new
+ASN1_F_ASN1_ITEM_FLAGS_I2D:118:asn1_item_flags_i2d
+ASN1_F_ASN1_ITEM_I2D_BIO:192:ASN1_item_i2d_bio
+ASN1_F_ASN1_ITEM_I2D_FP:193:ASN1_item_i2d_fp
+ASN1_F_ASN1_ITEM_PACK:198:ASN1_item_pack
+ASN1_F_ASN1_ITEM_SIGN:195:ASN1_item_sign
+ASN1_F_ASN1_ITEM_SIGN_CTX:220:ASN1_item_sign_ctx
+ASN1_F_ASN1_ITEM_UNPACK:199:ASN1_item_unpack
+ASN1_F_ASN1_ITEM_VERIFY:197:ASN1_item_verify
+ASN1_F_ASN1_MBSTRING_NCOPY:122:ASN1_mbstring_ncopy
+ASN1_F_ASN1_OBJECT_NEW:123:ASN1_OBJECT_new
+ASN1_F_ASN1_OUTPUT_DATA:214:asn1_output_data
+ASN1_F_ASN1_PCTX_NEW:205:ASN1_PCTX_new
+ASN1_F_ASN1_PRIMITIVE_NEW:119:asn1_primitive_new
+ASN1_F_ASN1_SCTX_NEW:221:ASN1_SCTX_new
+ASN1_F_ASN1_SIGN:128:ASN1_sign
+ASN1_F_ASN1_STR2TYPE:179:asn1_str2type
+ASN1_F_ASN1_STRING_GET_INT64:227:asn1_string_get_int64
+ASN1_F_ASN1_STRING_GET_UINT64:230:asn1_string_get_uint64
+ASN1_F_ASN1_STRING_SET:186:ASN1_STRING_set
+ASN1_F_ASN1_STRING_TABLE_ADD:129:ASN1_STRING_TABLE_add
+ASN1_F_ASN1_STRING_TO_BN:228:asn1_string_to_bn
+ASN1_F_ASN1_STRING_TYPE_NEW:130:ASN1_STRING_type_new
+ASN1_F_ASN1_TEMPLATE_EX_D2I:132:asn1_template_ex_d2i
+ASN1_F_ASN1_TEMPLATE_NEW:133:asn1_template_new
+ASN1_F_ASN1_TEMPLATE_NOEXP_D2I:131:asn1_template_noexp_d2i
+ASN1_F_ASN1_TIME_ADJ:217:ASN1_TIME_adj
+ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING:134:ASN1_TYPE_get_int_octetstring
+ASN1_F_ASN1_TYPE_GET_OCTETSTRING:135:ASN1_TYPE_get_octetstring
+ASN1_F_ASN1_UTCTIME_ADJ:218:ASN1_UTCTIME_adj
+ASN1_F_ASN1_VERIFY:137:ASN1_verify
+ASN1_F_B64_READ_ASN1:209:b64_read_asn1
+ASN1_F_B64_WRITE_ASN1:210:B64_write_ASN1
+ASN1_F_BIO_NEW_NDEF:208:BIO_new_NDEF
+ASN1_F_BITSTR_CB:180:bitstr_cb
+ASN1_F_BN_TO_ASN1_STRING:229:bn_to_asn1_string
+ASN1_F_C2I_ASN1_BIT_STRING:189:c2i_ASN1_BIT_STRING
+ASN1_F_C2I_ASN1_INTEGER:194:c2i_ASN1_INTEGER
+ASN1_F_C2I_ASN1_OBJECT:196:c2i_ASN1_OBJECT
+ASN1_F_C2I_IBUF:226:c2i_ibuf
+ASN1_F_C2I_UINT64_INT:101:c2i_uint64_int
+ASN1_F_COLLECT_DATA:140:collect_data
+ASN1_F_D2I_ASN1_OBJECT:147:d2i_ASN1_OBJECT
+ASN1_F_D2I_ASN1_UINTEGER:150:d2i_ASN1_UINTEGER
+ASN1_F_D2I_AUTOPRIVATEKEY:207:d2i_AutoPrivateKey
+ASN1_F_D2I_PRIVATEKEY:154:d2i_PrivateKey
+ASN1_F_D2I_PUBLICKEY:155:d2i_PublicKey
+ASN1_F_DO_BUF:142:do_buf
+ASN1_F_DO_CREATE:124:do_create
+ASN1_F_DO_DUMP:125:do_dump
+ASN1_F_DO_TCREATE:222:do_tcreate
+ASN1_F_I2A_ASN1_OBJECT:126:i2a_ASN1_OBJECT
+ASN1_F_I2D_ASN1_BIO_STREAM:211:i2d_ASN1_bio_stream
+ASN1_F_I2D_ASN1_OBJECT:143:i2d_ASN1_OBJECT
+ASN1_F_I2D_DSA_PUBKEY:161:i2d_DSA_PUBKEY
+ASN1_F_I2D_EC_PUBKEY:181:i2d_EC_PUBKEY
+ASN1_F_I2D_PRIVATEKEY:163:i2d_PrivateKey
+ASN1_F_I2D_PUBLICKEY:164:i2d_PublicKey
+ASN1_F_I2D_RSA_PUBKEY:165:i2d_RSA_PUBKEY
+ASN1_F_LONG_C2I:166:long_c2i
+ASN1_F_NDEF_PREFIX:127:ndef_prefix
+ASN1_F_NDEF_SUFFIX:136:ndef_suffix
+ASN1_F_OID_MODULE_INIT:174:oid_module_init
+ASN1_F_PARSE_TAGGING:182:parse_tagging
+ASN1_F_PKCS5_PBE2_SET_IV:167:PKCS5_pbe2_set_iv
+ASN1_F_PKCS5_PBE2_SET_SCRYPT:231:PKCS5_pbe2_set_scrypt
+ASN1_F_PKCS5_PBE_SET:202:PKCS5_pbe_set
+ASN1_F_PKCS5_PBE_SET0_ALGOR:215:PKCS5_pbe_set0_algor
+ASN1_F_PKCS5_PBKDF2_SET:219:PKCS5_pbkdf2_set
+ASN1_F_PKCS5_SCRYPT_SET:232:pkcs5_scrypt_set
+ASN1_F_SMIME_READ_ASN1:212:SMIME_read_ASN1
+ASN1_F_SMIME_TEXT:213:SMIME_text
+ASN1_F_STABLE_GET:138:stable_get
+ASN1_F_STBL_MODULE_INIT:223:stbl_module_init
+ASN1_F_UINT32_C2I:105:uint32_c2i
+ASN1_F_UINT32_NEW:139:uint32_new
+ASN1_F_UINT64_C2I:112:uint64_c2i
+ASN1_F_UINT64_NEW:141:uint64_new
+ASN1_F_X509_CRL_ADD0_REVOKED:169:X509_CRL_add0_revoked
+ASN1_F_X509_INFO_NEW:170:X509_INFO_new
+ASN1_F_X509_NAME_ENCODE:203:x509_name_encode
+ASN1_F_X509_NAME_EX_D2I:158:x509_name_ex_d2i
+ASN1_F_X509_NAME_EX_NEW:171:x509_name_ex_new
+ASN1_F_X509_PKEY_NEW:173:X509_PKEY_new
+ASYNC_F_ASYNC_CTX_NEW:100:async_ctx_new
+ASYNC_F_ASYNC_INIT_THREAD:101:ASYNC_init_thread
+ASYNC_F_ASYNC_JOB_NEW:102:async_job_new
+ASYNC_F_ASYNC_PAUSE_JOB:103:ASYNC_pause_job
+ASYNC_F_ASYNC_START_FUNC:104:async_start_func
+ASYNC_F_ASYNC_START_JOB:105:ASYNC_start_job
+ASYNC_F_ASYNC_WAIT_CTX_SET_WAIT_FD:106:ASYNC_WAIT_CTX_set_wait_fd
+BIO_F_ACPT_STATE:100:acpt_state
+BIO_F_ADDRINFO_WRAP:148:addrinfo_wrap
+BIO_F_ADDR_STRINGS:134:addr_strings
+BIO_F_BIO_ACCEPT:101:BIO_accept
+BIO_F_BIO_ACCEPT_EX:137:BIO_accept_ex
+BIO_F_BIO_ACCEPT_NEW:152:BIO_ACCEPT_new
+BIO_F_BIO_ADDR_NEW:144:BIO_ADDR_new
+BIO_F_BIO_BIND:147:BIO_bind
+BIO_F_BIO_CALLBACK_CTRL:131:BIO_callback_ctrl
+BIO_F_BIO_CONNECT:138:BIO_connect
+BIO_F_BIO_CONNECT_NEW:153:BIO_CONNECT_new
+BIO_F_BIO_CTRL:103:BIO_ctrl
+BIO_F_BIO_GETS:104:BIO_gets
+BIO_F_BIO_GET_HOST_IP:106:BIO_get_host_ip
+BIO_F_BIO_GET_NEW_INDEX:102:BIO_get_new_index
+BIO_F_BIO_GET_PORT:107:BIO_get_port
+BIO_F_BIO_LISTEN:139:BIO_listen
+BIO_F_BIO_LOOKUP:135:BIO_lookup
+BIO_F_BIO_LOOKUP_EX:143:BIO_lookup_ex
+BIO_F_BIO_MAKE_PAIR:121:bio_make_pair
+BIO_F_BIO_METH_NEW:146:BIO_meth_new
+BIO_F_BIO_NEW:108:BIO_new
+BIO_F_BIO_NEW_DGRAM_SCTP:145:BIO_new_dgram_sctp
+BIO_F_BIO_NEW_FILE:109:BIO_new_file
+BIO_F_BIO_NEW_MEM_BUF:126:BIO_new_mem_buf
+BIO_F_BIO_NREAD:123:BIO_nread
+BIO_F_BIO_NREAD0:124:BIO_nread0
+BIO_F_BIO_NWRITE:125:BIO_nwrite
+BIO_F_BIO_NWRITE0:122:BIO_nwrite0
+BIO_F_BIO_PARSE_HOSTSERV:136:BIO_parse_hostserv
+BIO_F_BIO_PUTS:110:BIO_puts
+BIO_F_BIO_READ:111:BIO_read
+BIO_F_BIO_READ_EX:105:BIO_read_ex
+BIO_F_BIO_READ_INTERN:120:bio_read_intern
+BIO_F_BIO_SOCKET:140:BIO_socket
+BIO_F_BIO_SOCKET_NBIO:142:BIO_socket_nbio
+BIO_F_BIO_SOCK_INFO:141:BIO_sock_info
+BIO_F_BIO_SOCK_INIT:112:BIO_sock_init
+BIO_F_BIO_WRITE:113:BIO_write
+BIO_F_BIO_WRITE_EX:119:BIO_write_ex
+BIO_F_BIO_WRITE_INTERN:128:bio_write_intern
+BIO_F_BUFFER_CTRL:114:buffer_ctrl
+BIO_F_CONN_CTRL:127:conn_ctrl
+BIO_F_CONN_STATE:115:conn_state
+BIO_F_DGRAM_SCTP_NEW:149:dgram_sctp_new
+BIO_F_DGRAM_SCTP_READ:132:dgram_sctp_read
+BIO_F_DGRAM_SCTP_WRITE:133:dgram_sctp_write
+BIO_F_DOAPR_OUTCH:150:doapr_outch
+BIO_F_FILE_CTRL:116:file_ctrl
+BIO_F_FILE_READ:130:file_read
+BIO_F_LINEBUFFER_CTRL:129:linebuffer_ctrl
+BIO_F_LINEBUFFER_NEW:151:linebuffer_new
+BIO_F_MEM_WRITE:117:mem_write
+BIO_F_NBIOF_NEW:154:nbiof_new
+BIO_F_SLG_WRITE:155:slg_write
+BIO_F_SSL_NEW:118:SSL_new
+BN_F_BNRAND:127:bnrand
+BN_F_BNRAND_RANGE:138:bnrand_range
+BN_F_BN_BLINDING_CONVERT_EX:100:BN_BLINDING_convert_ex
+BN_F_BN_BLINDING_CREATE_PARAM:128:BN_BLINDING_create_param
+BN_F_BN_BLINDING_INVERT_EX:101:BN_BLINDING_invert_ex
+BN_F_BN_BLINDING_NEW:102:BN_BLINDING_new
+BN_F_BN_BLINDING_UPDATE:103:BN_BLINDING_update
+BN_F_BN_BN2DEC:104:BN_bn2dec
+BN_F_BN_BN2HEX:105:BN_bn2hex
+BN_F_BN_COMPUTE_WNAF:142:bn_compute_wNAF
+BN_F_BN_CTX_GET:116:BN_CTX_get
+BN_F_BN_CTX_NEW:106:BN_CTX_new
+BN_F_BN_CTX_START:129:BN_CTX_start
+BN_F_BN_DIV:107:BN_div
+BN_F_BN_DIV_RECP:130:BN_div_recp
+BN_F_BN_EXP:123:BN_exp
+BN_F_BN_EXPAND_INTERNAL:120:bn_expand_internal
+BN_F_BN_GENCB_NEW:143:BN_GENCB_new
+BN_F_BN_GENERATE_DSA_NONCE:140:BN_generate_dsa_nonce
+BN_F_BN_GENERATE_PRIME_EX:141:BN_generate_prime_ex
+BN_F_BN_GF2M_MOD:131:BN_GF2m_mod
+BN_F_BN_GF2M_MOD_EXP:132:BN_GF2m_mod_exp
+BN_F_BN_GF2M_MOD_MUL:133:BN_GF2m_mod_mul
+BN_F_BN_GF2M_MOD_SOLVE_QUAD:134:BN_GF2m_mod_solve_quad
+BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR:135:BN_GF2m_mod_solve_quad_arr
+BN_F_BN_GF2M_MOD_SQR:136:BN_GF2m_mod_sqr
+BN_F_BN_GF2M_MOD_SQRT:137:BN_GF2m_mod_sqrt
+BN_F_BN_LSHIFT:145:BN_lshift
+BN_F_BN_MOD_EXP2_MONT:118:BN_mod_exp2_mont
+BN_F_BN_MOD_EXP_MONT:109:BN_mod_exp_mont
+BN_F_BN_MOD_EXP_MONT_CONSTTIME:124:BN_mod_exp_mont_consttime
+BN_F_BN_MOD_EXP_MONT_WORD:117:BN_mod_exp_mont_word
+BN_F_BN_MOD_EXP_RECP:125:BN_mod_exp_recp
+BN_F_BN_MOD_EXP_SIMPLE:126:BN_mod_exp_simple
+BN_F_BN_MOD_INVERSE:110:BN_mod_inverse
+BN_F_BN_MOD_INVERSE_NO_BRANCH:139:BN_mod_inverse_no_branch
+BN_F_BN_MOD_LSHIFT_QUICK:119:BN_mod_lshift_quick
+BN_F_BN_MOD_SQRT:121:BN_mod_sqrt
+BN_F_BN_MONT_CTX_NEW:149:BN_MONT_CTX_new
+BN_F_BN_MPI2BN:112:BN_mpi2bn
+BN_F_BN_NEW:113:BN_new
+BN_F_BN_POOL_GET:147:BN_POOL_get
+BN_F_BN_RAND:114:BN_rand
+BN_F_BN_RAND_RANGE:122:BN_rand_range
+BN_F_BN_RECP_CTX_NEW:150:BN_RECP_CTX_new
+BN_F_BN_RSHIFT:146:BN_rshift
+BN_F_BN_SET_WORDS:144:bn_set_words
+BN_F_BN_STACK_PUSH:148:BN_STACK_push
+BN_F_BN_USUB:115:BN_usub
+BUF_F_BUF_MEM_GROW:100:BUF_MEM_grow
+BUF_F_BUF_MEM_GROW_CLEAN:105:BUF_MEM_grow_clean
+BUF_F_BUF_MEM_NEW:101:BUF_MEM_new
+CMS_F_CHECK_CONTENT:99:check_content
+CMS_F_CMS_ADD0_CERT:164:CMS_add0_cert
+CMS_F_CMS_ADD0_RECIPIENT_KEY:100:CMS_add0_recipient_key
+CMS_F_CMS_ADD0_RECIPIENT_PASSWORD:165:CMS_add0_recipient_password
+CMS_F_CMS_ADD1_RECEIPTREQUEST:158:CMS_add1_ReceiptRequest
+CMS_F_CMS_ADD1_RECIPIENT_CERT:101:CMS_add1_recipient_cert
+CMS_F_CMS_ADD1_SIGNER:102:CMS_add1_signer
+CMS_F_CMS_ADD1_SIGNINGTIME:103:cms_add1_signingTime
+CMS_F_CMS_COMPRESS:104:CMS_compress
+CMS_F_CMS_COMPRESSEDDATA_CREATE:105:cms_CompressedData_create
+CMS_F_CMS_COMPRESSEDDATA_INIT_BIO:106:cms_CompressedData_init_bio
+CMS_F_CMS_COPY_CONTENT:107:cms_copy_content
+CMS_F_CMS_COPY_MESSAGEDIGEST:108:cms_copy_messageDigest
+CMS_F_CMS_DATA:109:CMS_data
+CMS_F_CMS_DATAFINAL:110:CMS_dataFinal
+CMS_F_CMS_DATAINIT:111:CMS_dataInit
+CMS_F_CMS_DECRYPT:112:CMS_decrypt
+CMS_F_CMS_DECRYPT_SET1_KEY:113:CMS_decrypt_set1_key
+CMS_F_CMS_DECRYPT_SET1_PASSWORD:166:CMS_decrypt_set1_password
+CMS_F_CMS_DECRYPT_SET1_PKEY:114:CMS_decrypt_set1_pkey
+CMS_F_CMS_DIGESTALGORITHM_FIND_CTX:115:cms_DigestAlgorithm_find_ctx
+CMS_F_CMS_DIGESTALGORITHM_INIT_BIO:116:cms_DigestAlgorithm_init_bio
+CMS_F_CMS_DIGESTEDDATA_DO_FINAL:117:cms_DigestedData_do_final
+CMS_F_CMS_DIGEST_VERIFY:118:CMS_digest_verify
+CMS_F_CMS_ENCODE_RECEIPT:161:cms_encode_Receipt
+CMS_F_CMS_ENCRYPT:119:CMS_encrypt
+CMS_F_CMS_ENCRYPTEDCONTENT_INIT:179:cms_EncryptedContent_init
+CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO:120:cms_EncryptedContent_init_bio
+CMS_F_CMS_ENCRYPTEDDATA_DECRYPT:121:CMS_EncryptedData_decrypt
+CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT:122:CMS_EncryptedData_encrypt
+CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY:123:CMS_EncryptedData_set1_key
+CMS_F_CMS_ENVELOPEDDATA_CREATE:124:CMS_EnvelopedData_create
+CMS_F_CMS_ENVELOPEDDATA_INIT_BIO:125:cms_EnvelopedData_init_bio
+CMS_F_CMS_ENVELOPED_DATA_INIT:126:cms_enveloped_data_init
+CMS_F_CMS_ENV_ASN1_CTRL:171:cms_env_asn1_ctrl
+CMS_F_CMS_FINAL:127:CMS_final
+CMS_F_CMS_GET0_CERTIFICATE_CHOICES:128:cms_get0_certificate_choices
+CMS_F_CMS_GET0_CONTENT:129:CMS_get0_content
+CMS_F_CMS_GET0_ECONTENT_TYPE:130:cms_get0_econtent_type
+CMS_F_CMS_GET0_ENVELOPED:131:cms_get0_enveloped
+CMS_F_CMS_GET0_REVOCATION_CHOICES:132:cms_get0_revocation_choices
+CMS_F_CMS_GET0_SIGNED:133:cms_get0_signed
+CMS_F_CMS_MSGSIGDIGEST_ADD1:162:cms_msgSigDigest_add1
+CMS_F_CMS_RECEIPTREQUEST_CREATE0:159:CMS_ReceiptRequest_create0
+CMS_F_CMS_RECEIPT_VERIFY:160:cms_Receipt_verify
+CMS_F_CMS_RECIPIENTINFO_DECRYPT:134:CMS_RecipientInfo_decrypt
+CMS_F_CMS_RECIPIENTINFO_ENCRYPT:169:CMS_RecipientInfo_encrypt
+CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT:178:cms_RecipientInfo_kari_encrypt
+CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ALG:175:CMS_RecipientInfo_kari_get0_alg
+CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ORIG_ID:173:\
+	CMS_RecipientInfo_kari_get0_orig_id
+CMS_F_CMS_RECIPIENTINFO_KARI_GET0_REKS:172:CMS_RecipientInfo_kari_get0_reks
+CMS_F_CMS_RECIPIENTINFO_KARI_ORIG_ID_CMP:174:CMS_RecipientInfo_kari_orig_id_cmp
+CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT:135:cms_RecipientInfo_kekri_decrypt
+CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT:136:cms_RecipientInfo_kekri_encrypt
+CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID:137:CMS_RecipientInfo_kekri_get0_id
+CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP:138:CMS_RecipientInfo_kekri_id_cmp
+CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP:139:CMS_RecipientInfo_ktri_cert_cmp
+CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT:140:cms_RecipientInfo_ktri_decrypt
+CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT:141:cms_RecipientInfo_ktri_encrypt
+CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS:142:CMS_RecipientInfo_ktri_get0_algs
+CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID:143:\
+	CMS_RecipientInfo_ktri_get0_signer_id
+CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT:167:cms_RecipientInfo_pwri_crypt
+CMS_F_CMS_RECIPIENTINFO_SET0_KEY:144:CMS_RecipientInfo_set0_key
+CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD:168:CMS_RecipientInfo_set0_password
+CMS_F_CMS_RECIPIENTINFO_SET0_PKEY:145:CMS_RecipientInfo_set0_pkey
+CMS_F_CMS_SD_ASN1_CTRL:170:cms_sd_asn1_ctrl
+CMS_F_CMS_SET1_IAS:176:cms_set1_ias
+CMS_F_CMS_SET1_KEYID:177:cms_set1_keyid
+CMS_F_CMS_SET1_SIGNERIDENTIFIER:146:cms_set1_SignerIdentifier
+CMS_F_CMS_SET_DETACHED:147:CMS_set_detached
+CMS_F_CMS_SIGN:148:CMS_sign
+CMS_F_CMS_SIGNED_DATA_INIT:149:cms_signed_data_init
+CMS_F_CMS_SIGNERINFO_CONTENT_SIGN:150:cms_SignerInfo_content_sign
+CMS_F_CMS_SIGNERINFO_SIGN:151:CMS_SignerInfo_sign
+CMS_F_CMS_SIGNERINFO_VERIFY:152:CMS_SignerInfo_verify
+CMS_F_CMS_SIGNERINFO_VERIFY_CERT:153:cms_signerinfo_verify_cert
+CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT:154:CMS_SignerInfo_verify_content
+CMS_F_CMS_SIGN_RECEIPT:163:CMS_sign_receipt
+CMS_F_CMS_STREAM:155:CMS_stream
+CMS_F_CMS_UNCOMPRESS:156:CMS_uncompress
+CMS_F_CMS_VERIFY:157:CMS_verify
+CMS_F_KEK_UNWRAP_KEY:180:kek_unwrap_key
+COMP_F_BIO_ZLIB_FLUSH:99:bio_zlib_flush
+COMP_F_BIO_ZLIB_NEW:100:bio_zlib_new
+COMP_F_BIO_ZLIB_READ:101:bio_zlib_read
+COMP_F_BIO_ZLIB_WRITE:102:bio_zlib_write
+COMP_F_COMP_CTX_NEW:103:COMP_CTX_new
+CONF_F_CONF_DUMP_FP:104:CONF_dump_fp
+CONF_F_CONF_LOAD:100:CONF_load
+CONF_F_CONF_LOAD_FP:103:CONF_load_fp
+CONF_F_CONF_PARSE_LIST:119:CONF_parse_list
+CONF_F_DEF_LOAD:120:def_load
+CONF_F_DEF_LOAD_BIO:121:def_load_bio
+CONF_F_GET_NEXT_FILE:107:get_next_file
+CONF_F_MODULE_ADD:122:module_add
+CONF_F_MODULE_INIT:115:module_init
+CONF_F_MODULE_LOAD_DSO:117:module_load_dso
+CONF_F_MODULE_RUN:118:module_run
+CONF_F_NCONF_DUMP_BIO:105:NCONF_dump_bio
+CONF_F_NCONF_DUMP_FP:106:NCONF_dump_fp
+CONF_F_NCONF_GET_NUMBER_E:112:NCONF_get_number_e
+CONF_F_NCONF_GET_SECTION:108:NCONF_get_section
+CONF_F_NCONF_GET_STRING:109:NCONF_get_string
+CONF_F_NCONF_LOAD:113:NCONF_load
+CONF_F_NCONF_LOAD_BIO:110:NCONF_load_bio
+CONF_F_NCONF_LOAD_FP:114:NCONF_load_fp
+CONF_F_NCONF_NEW:111:NCONF_new
+CONF_F_PROCESS_INCLUDE:116:process_include
+CONF_F_SSL_MODULE_INIT:123:ssl_module_init
+CONF_F_STR_COPY:101:str_copy
+CRYPTO_F_CMAC_CTX_NEW:120:CMAC_CTX_new
+CRYPTO_F_CRYPTO_DUP_EX_DATA:110:CRYPTO_dup_ex_data
+CRYPTO_F_CRYPTO_FREE_EX_DATA:111:CRYPTO_free_ex_data
+CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX:100:CRYPTO_get_ex_new_index
+CRYPTO_F_CRYPTO_MEMDUP:115:CRYPTO_memdup
+CRYPTO_F_CRYPTO_NEW_EX_DATA:112:CRYPTO_new_ex_data
+CRYPTO_F_CRYPTO_OCB128_COPY_CTX:121:CRYPTO_ocb128_copy_ctx
+CRYPTO_F_CRYPTO_OCB128_INIT:122:CRYPTO_ocb128_init
+CRYPTO_F_CRYPTO_SET_EX_DATA:102:CRYPTO_set_ex_data
+CRYPTO_F_FIPS_MODE_SET:109:FIPS_mode_set
+CRYPTO_F_GET_AND_LOCK:113:get_and_lock
+CRYPTO_F_OPENSSL_ATEXIT:114:OPENSSL_atexit
+CRYPTO_F_OPENSSL_BUF2HEXSTR:117:OPENSSL_buf2hexstr
+CRYPTO_F_OPENSSL_FOPEN:119:openssl_fopen
+CRYPTO_F_OPENSSL_HEXSTR2BUF:118:OPENSSL_hexstr2buf
+CRYPTO_F_OPENSSL_INIT_CRYPTO:116:OPENSSL_init_crypto
+CRYPTO_F_OPENSSL_LH_NEW:126:OPENSSL_LH_new
+CRYPTO_F_OPENSSL_SK_DEEP_COPY:127:OPENSSL_sk_deep_copy
+CRYPTO_F_OPENSSL_SK_DUP:128:OPENSSL_sk_dup
+CRYPTO_F_PKEY_HMAC_INIT:123:pkey_hmac_init
+CRYPTO_F_PKEY_POLY1305_INIT:124:pkey_poly1305_init
+CRYPTO_F_PKEY_SIPHASH_INIT:125:pkey_siphash_init
+CRYPTO_F_SK_RESERVE:129:sk_reserve
+CT_F_CTLOG_NEW:117:CTLOG_new
+CT_F_CTLOG_NEW_FROM_BASE64:118:CTLOG_new_from_base64
+CT_F_CTLOG_NEW_FROM_CONF:119:ctlog_new_from_conf
+CT_F_CTLOG_STORE_LOAD_CTX_NEW:122:ctlog_store_load_ctx_new
+CT_F_CTLOG_STORE_LOAD_FILE:123:CTLOG_STORE_load_file
+CT_F_CTLOG_STORE_LOAD_LOG:130:ctlog_store_load_log
+CT_F_CTLOG_STORE_NEW:131:CTLOG_STORE_new
+CT_F_CT_BASE64_DECODE:124:ct_base64_decode
+CT_F_CT_POLICY_EVAL_CTX_NEW:133:CT_POLICY_EVAL_CTX_new
+CT_F_CT_V1_LOG_ID_FROM_PKEY:125:ct_v1_log_id_from_pkey
+CT_F_I2O_SCT:107:i2o_SCT
+CT_F_I2O_SCT_LIST:108:i2o_SCT_LIST
+CT_F_I2O_SCT_SIGNATURE:109:i2o_SCT_signature
+CT_F_O2I_SCT:110:o2i_SCT
+CT_F_O2I_SCT_LIST:111:o2i_SCT_LIST
+CT_F_O2I_SCT_SIGNATURE:112:o2i_SCT_signature
+CT_F_SCT_CTX_NEW:126:SCT_CTX_new
+CT_F_SCT_CTX_VERIFY:128:SCT_CTX_verify
+CT_F_SCT_NEW:100:SCT_new
+CT_F_SCT_NEW_FROM_BASE64:127:SCT_new_from_base64
+CT_F_SCT_SET0_LOG_ID:101:SCT_set0_log_id
+CT_F_SCT_SET1_EXTENSIONS:114:SCT_set1_extensions
+CT_F_SCT_SET1_LOG_ID:115:SCT_set1_log_id
+CT_F_SCT_SET1_SIGNATURE:116:SCT_set1_signature
+CT_F_SCT_SET_LOG_ENTRY_TYPE:102:SCT_set_log_entry_type
+CT_F_SCT_SET_SIGNATURE_NID:103:SCT_set_signature_nid
+CT_F_SCT_SET_VERSION:104:SCT_set_version
+DH_F_COMPUTE_KEY:102:compute_key
+DH_F_DHPARAMS_PRINT_FP:101:DHparams_print_fp
+DH_F_DH_BUILTIN_GENPARAMS:106:dh_builtin_genparams
+DH_F_DH_CHECK_EX:121:DH_check_ex
+DH_F_DH_CHECK_PARAMS_EX:122:DH_check_params_ex
+DH_F_DH_CHECK_PUB_KEY_EX:123:DH_check_pub_key_ex
+DH_F_DH_CMS_DECRYPT:114:dh_cms_decrypt
+DH_F_DH_CMS_SET_PEERKEY:115:dh_cms_set_peerkey
+DH_F_DH_CMS_SET_SHARED_INFO:116:dh_cms_set_shared_info
+DH_F_DH_METH_DUP:117:DH_meth_dup
+DH_F_DH_METH_NEW:118:DH_meth_new
+DH_F_DH_METH_SET1_NAME:119:DH_meth_set1_name
+DH_F_DH_NEW_BY_NID:104:DH_new_by_nid
+DH_F_DH_NEW_METHOD:105:DH_new_method
+DH_F_DH_PARAM_DECODE:107:dh_param_decode
+DH_F_DH_PKEY_PUBLIC_CHECK:124:dh_pkey_public_check
+DH_F_DH_PRIV_DECODE:110:dh_priv_decode
+DH_F_DH_PRIV_ENCODE:111:dh_priv_encode
+DH_F_DH_PUB_DECODE:108:dh_pub_decode
+DH_F_DH_PUB_ENCODE:109:dh_pub_encode
+DH_F_DO_DH_PRINT:100:do_dh_print
+DH_F_GENERATE_KEY:103:generate_key
+DH_F_PKEY_DH_CTRL_STR:120:pkey_dh_ctrl_str
+DH_F_PKEY_DH_DERIVE:112:pkey_dh_derive
+DH_F_PKEY_DH_INIT:125:pkey_dh_init
+DH_F_PKEY_DH_KEYGEN:113:pkey_dh_keygen
+DSA_F_DSAPARAMS_PRINT:100:DSAparams_print
+DSA_F_DSAPARAMS_PRINT_FP:101:DSAparams_print_fp
+DSA_F_DSA_BUILTIN_PARAMGEN:125:dsa_builtin_paramgen
+DSA_F_DSA_BUILTIN_PARAMGEN2:126:dsa_builtin_paramgen2
+DSA_F_DSA_DO_SIGN:112:DSA_do_sign
+DSA_F_DSA_DO_VERIFY:113:DSA_do_verify
+DSA_F_DSA_METH_DUP:127:DSA_meth_dup
+DSA_F_DSA_METH_NEW:128:DSA_meth_new
+DSA_F_DSA_METH_SET1_NAME:129:DSA_meth_set1_name
+DSA_F_DSA_NEW_METHOD:103:DSA_new_method
+DSA_F_DSA_PARAM_DECODE:119:dsa_param_decode
+DSA_F_DSA_PRINT_FP:105:DSA_print_fp
+DSA_F_DSA_PRIV_DECODE:115:dsa_priv_decode
+DSA_F_DSA_PRIV_ENCODE:116:dsa_priv_encode
+DSA_F_DSA_PUB_DECODE:117:dsa_pub_decode
+DSA_F_DSA_PUB_ENCODE:118:dsa_pub_encode
+DSA_F_DSA_SIGN:106:DSA_sign
+DSA_F_DSA_SIGN_SETUP:107:DSA_sign_setup
+DSA_F_DSA_SIG_NEW:102:DSA_SIG_new
+DSA_F_OLD_DSA_PRIV_DECODE:122:old_dsa_priv_decode
+DSA_F_PKEY_DSA_CTRL:120:pkey_dsa_ctrl
+DSA_F_PKEY_DSA_CTRL_STR:104:pkey_dsa_ctrl_str
+DSA_F_PKEY_DSA_KEYGEN:121:pkey_dsa_keygen
+DSO_F_DLFCN_BIND_FUNC:100:dlfcn_bind_func
+DSO_F_DLFCN_LOAD:102:dlfcn_load
+DSO_F_DLFCN_MERGER:130:dlfcn_merger
+DSO_F_DLFCN_NAME_CONVERTER:123:dlfcn_name_converter
+DSO_F_DLFCN_UNLOAD:103:dlfcn_unload
+DSO_F_DL_BIND_FUNC:104:dl_bind_func
+DSO_F_DL_LOAD:106:dl_load
+DSO_F_DL_MERGER:131:dl_merger
+DSO_F_DL_NAME_CONVERTER:124:dl_name_converter
+DSO_F_DL_UNLOAD:107:dl_unload
+DSO_F_DSO_BIND_FUNC:108:DSO_bind_func
+DSO_F_DSO_CONVERT_FILENAME:126:DSO_convert_filename
+DSO_F_DSO_CTRL:110:DSO_ctrl
+DSO_F_DSO_FREE:111:DSO_free
+DSO_F_DSO_GET_FILENAME:127:DSO_get_filename
+DSO_F_DSO_GLOBAL_LOOKUP:139:DSO_global_lookup
+DSO_F_DSO_LOAD:112:DSO_load
+DSO_F_DSO_MERGE:132:DSO_merge
+DSO_F_DSO_NEW_METHOD:113:DSO_new_method
+DSO_F_DSO_PATHBYADDR:105:DSO_pathbyaddr
+DSO_F_DSO_SET_FILENAME:129:DSO_set_filename
+DSO_F_DSO_UP_REF:114:DSO_up_ref
+DSO_F_VMS_BIND_SYM:115:vms_bind_sym
+DSO_F_VMS_LOAD:116:vms_load
+DSO_F_VMS_MERGER:133:vms_merger
+DSO_F_VMS_UNLOAD:117:vms_unload
+DSO_F_WIN32_BIND_FUNC:101:win32_bind_func
+DSO_F_WIN32_GLOBALLOOKUP:142:win32_globallookup
+DSO_F_WIN32_JOINER:135:win32_joiner
+DSO_F_WIN32_LOAD:120:win32_load
+DSO_F_WIN32_MERGER:134:win32_merger
+DSO_F_WIN32_NAME_CONVERTER:125:win32_name_converter
+DSO_F_WIN32_PATHBYADDR:109:*
+DSO_F_WIN32_SPLITTER:136:win32_splitter
+DSO_F_WIN32_UNLOAD:121:win32_unload
+EC_F_BN_TO_FELEM:224:BN_to_felem
+EC_F_D2I_ECPARAMETERS:144:d2i_ECParameters
+EC_F_D2I_ECPKPARAMETERS:145:d2i_ECPKParameters
+EC_F_D2I_ECPRIVATEKEY:146:d2i_ECPrivateKey
+EC_F_DO_EC_KEY_PRINT:221:do_EC_KEY_print
+EC_F_ECDH_CMS_DECRYPT:238:ecdh_cms_decrypt
+EC_F_ECDH_CMS_SET_SHARED_INFO:239:ecdh_cms_set_shared_info
+EC_F_ECDH_COMPUTE_KEY:246:ECDH_compute_key
+EC_F_ECDH_SIMPLE_COMPUTE_KEY:257:ecdh_simple_compute_key
+EC_F_ECDSA_DO_SIGN_EX:251:ECDSA_do_sign_ex
+EC_F_ECDSA_DO_VERIFY:252:ECDSA_do_verify
+EC_F_ECDSA_SIGN_EX:254:ECDSA_sign_ex
+EC_F_ECDSA_SIGN_SETUP:248:ECDSA_sign_setup
+EC_F_ECDSA_SIG_NEW:265:ECDSA_SIG_new
+EC_F_ECDSA_VERIFY:253:ECDSA_verify
+EC_F_ECD_ITEM_VERIFY:270:ecd_item_verify
+EC_F_ECKEY_PARAM2TYPE:223:eckey_param2type
+EC_F_ECKEY_PARAM_DECODE:212:eckey_param_decode
+EC_F_ECKEY_PRIV_DECODE:213:eckey_priv_decode
+EC_F_ECKEY_PRIV_ENCODE:214:eckey_priv_encode
+EC_F_ECKEY_PUB_DECODE:215:eckey_pub_decode
+EC_F_ECKEY_PUB_ENCODE:216:eckey_pub_encode
+EC_F_ECKEY_TYPE2PARAM:220:eckey_type2param
+EC_F_ECPARAMETERS_PRINT:147:ECParameters_print
+EC_F_ECPARAMETERS_PRINT_FP:148:ECParameters_print_fp
+EC_F_ECPKPARAMETERS_PRINT:149:ECPKParameters_print
+EC_F_ECPKPARAMETERS_PRINT_FP:150:ECPKParameters_print_fp
+EC_F_ECP_NISTZ256_GET_AFFINE:240:ecp_nistz256_get_affine
+EC_F_ECP_NISTZ256_INV_MOD_ORD:275:ecp_nistz256_inv_mod_ord
+EC_F_ECP_NISTZ256_MULT_PRECOMPUTE:243:ecp_nistz256_mult_precompute
+EC_F_ECP_NISTZ256_POINTS_MUL:241:ecp_nistz256_points_mul
+EC_F_ECP_NISTZ256_PRE_COMP_NEW:244:ecp_nistz256_pre_comp_new
+EC_F_ECP_NISTZ256_WINDOWED_MUL:242:ecp_nistz256_windowed_mul
+EC_F_ECX_KEY_OP:266:ecx_key_op
+EC_F_ECX_PRIV_ENCODE:267:ecx_priv_encode
+EC_F_ECX_PUB_ENCODE:268:ecx_pub_encode
+EC_F_EC_ASN1_GROUP2CURVE:153:ec_asn1_group2curve
+EC_F_EC_ASN1_GROUP2FIELDID:154:ec_asn1_group2fieldid
+EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY:208:ec_GF2m_montgomery_point_multiply
+EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT:159:\
+	ec_GF2m_simple_group_check_discriminant
+EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE:195:ec_GF2m_simple_group_set_curve
+EC_F_EC_GF2M_SIMPLE_LADDER_POST:285:ec_GF2m_simple_ladder_post
+EC_F_EC_GF2M_SIMPLE_LADDER_PRE:288:ec_GF2m_simple_ladder_pre
+EC_F_EC_GF2M_SIMPLE_OCT2POINT:160:ec_GF2m_simple_oct2point
+EC_F_EC_GF2M_SIMPLE_POINT2OCT:161:ec_GF2m_simple_point2oct
+EC_F_EC_GF2M_SIMPLE_POINTS_MUL:289:ec_GF2m_simple_points_mul
+EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES:162:\
+	ec_GF2m_simple_point_get_affine_coordinates
+EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES:163:\
+	ec_GF2m_simple_point_set_affine_coordinates
+EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES:164:\
+	ec_GF2m_simple_set_compressed_coordinates
+EC_F_EC_GFP_MONT_FIELD_DECODE:133:ec_GFp_mont_field_decode
+EC_F_EC_GFP_MONT_FIELD_ENCODE:134:ec_GFp_mont_field_encode
+EC_F_EC_GFP_MONT_FIELD_MUL:131:ec_GFp_mont_field_mul
+EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE:209:ec_GFp_mont_field_set_to_one
+EC_F_EC_GFP_MONT_FIELD_SQR:132:ec_GFp_mont_field_sqr
+EC_F_EC_GFP_MONT_GROUP_SET_CURVE:189:ec_GFp_mont_group_set_curve
+EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE:225:ec_GFp_nistp224_group_set_curve
+EC_F_EC_GFP_NISTP224_POINTS_MUL:228:ec_GFp_nistp224_points_mul
+EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES:226:\
+	ec_GFp_nistp224_point_get_affine_coordinates
+EC_F_EC_GFP_NISTP256_GROUP_SET_CURVE:230:ec_GFp_nistp256_group_set_curve
+EC_F_EC_GFP_NISTP256_POINTS_MUL:231:ec_GFp_nistp256_points_mul
+EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES:232:\
+	ec_GFp_nistp256_point_get_affine_coordinates
+EC_F_EC_GFP_NISTP521_GROUP_SET_CURVE:233:ec_GFp_nistp521_group_set_curve
+EC_F_EC_GFP_NISTP521_POINTS_MUL:234:ec_GFp_nistp521_points_mul
+EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES:235:\
+	ec_GFp_nistp521_point_get_affine_coordinates
+EC_F_EC_GFP_NIST_FIELD_MUL:200:ec_GFp_nist_field_mul
+EC_F_EC_GFP_NIST_FIELD_SQR:201:ec_GFp_nist_field_sqr
+EC_F_EC_GFP_NIST_GROUP_SET_CURVE:202:ec_GFp_nist_group_set_curve
+EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES:287:ec_GFp_simple_blind_coordinates
+EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT:165:\
+	ec_GFp_simple_group_check_discriminant
+EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE:166:ec_GFp_simple_group_set_curve
+EC_F_EC_GFP_SIMPLE_MAKE_AFFINE:102:ec_GFp_simple_make_affine
+EC_F_EC_GFP_SIMPLE_OCT2POINT:103:ec_GFp_simple_oct2point
+EC_F_EC_GFP_SIMPLE_POINT2OCT:104:ec_GFp_simple_point2oct
+EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE:137:ec_GFp_simple_points_make_affine
+EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES:167:\
+	ec_GFp_simple_point_get_affine_coordinates
+EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES:168:\
+	ec_GFp_simple_point_set_affine_coordinates
+EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES:169:\
+	ec_GFp_simple_set_compressed_coordinates
+EC_F_EC_GROUP_CHECK:170:EC_GROUP_check
+EC_F_EC_GROUP_CHECK_DISCRIMINANT:171:EC_GROUP_check_discriminant
+EC_F_EC_GROUP_COPY:106:EC_GROUP_copy
+EC_F_EC_GROUP_GET_CURVE:291:EC_GROUP_get_curve
+EC_F_EC_GROUP_GET_CURVE_GF2M:172:EC_GROUP_get_curve_GF2m
+EC_F_EC_GROUP_GET_CURVE_GFP:130:EC_GROUP_get_curve_GFp
+EC_F_EC_GROUP_GET_DEGREE:173:EC_GROUP_get_degree
+EC_F_EC_GROUP_GET_ECPARAMETERS:261:EC_GROUP_get_ecparameters
+EC_F_EC_GROUP_GET_ECPKPARAMETERS:262:EC_GROUP_get_ecpkparameters
+EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS:193:EC_GROUP_get_pentanomial_basis
+EC_F_EC_GROUP_GET_TRINOMIAL_BASIS:194:EC_GROUP_get_trinomial_basis
+EC_F_EC_GROUP_NEW:108:EC_GROUP_new
+EC_F_EC_GROUP_NEW_BY_CURVE_NAME:174:EC_GROUP_new_by_curve_name
+EC_F_EC_GROUP_NEW_FROM_DATA:175:ec_group_new_from_data
+EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS:263:EC_GROUP_new_from_ecparameters
+EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS:264:EC_GROUP_new_from_ecpkparameters
+EC_F_EC_GROUP_SET_CURVE:292:EC_GROUP_set_curve
+EC_F_EC_GROUP_SET_CURVE_GF2M:176:EC_GROUP_set_curve_GF2m
+EC_F_EC_GROUP_SET_CURVE_GFP:109:EC_GROUP_set_curve_GFp
+EC_F_EC_GROUP_SET_GENERATOR:111:EC_GROUP_set_generator
+EC_F_EC_GROUP_SET_SEED:286:EC_GROUP_set_seed
+EC_F_EC_KEY_CHECK_KEY:177:EC_KEY_check_key
+EC_F_EC_KEY_COPY:178:EC_KEY_copy
+EC_F_EC_KEY_GENERATE_KEY:179:EC_KEY_generate_key
+EC_F_EC_KEY_NEW:182:EC_KEY_new
+EC_F_EC_KEY_NEW_METHOD:245:EC_KEY_new_method
+EC_F_EC_KEY_OCT2PRIV:255:EC_KEY_oct2priv
+EC_F_EC_KEY_PRINT:180:EC_KEY_print
+EC_F_EC_KEY_PRINT_FP:181:EC_KEY_print_fp
+EC_F_EC_KEY_PRIV2BUF:279:EC_KEY_priv2buf
+EC_F_EC_KEY_PRIV2OCT:256:EC_KEY_priv2oct
+EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES:229:\
+	EC_KEY_set_public_key_affine_coordinates
+EC_F_EC_KEY_SIMPLE_CHECK_KEY:258:ec_key_simple_check_key
+EC_F_EC_KEY_SIMPLE_OCT2PRIV:259:ec_key_simple_oct2priv
+EC_F_EC_KEY_SIMPLE_PRIV2OCT:260:ec_key_simple_priv2oct
+EC_F_EC_PKEY_CHECK:273:ec_pkey_check
+EC_F_EC_PKEY_PARAM_CHECK:274:ec_pkey_param_check
+EC_F_EC_POINTS_MAKE_AFFINE:136:EC_POINTs_make_affine
+EC_F_EC_POINTS_MUL:290:EC_POINTs_mul
+EC_F_EC_POINT_ADD:112:EC_POINT_add
+EC_F_EC_POINT_BN2POINT:280:EC_POINT_bn2point
+EC_F_EC_POINT_CMP:113:EC_POINT_cmp
+EC_F_EC_POINT_COPY:114:EC_POINT_copy
+EC_F_EC_POINT_DBL:115:EC_POINT_dbl
+EC_F_EC_POINT_GET_AFFINE_COORDINATES:293:EC_POINT_get_affine_coordinates
+EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M:183:\
+	EC_POINT_get_affine_coordinates_GF2m
+EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP:116:EC_POINT_get_affine_coordinates_GFp
+EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP:117:\
+	EC_POINT_get_Jprojective_coordinates_GFp
+EC_F_EC_POINT_INVERT:210:EC_POINT_invert
+EC_F_EC_POINT_IS_AT_INFINITY:118:EC_POINT_is_at_infinity
+EC_F_EC_POINT_IS_ON_CURVE:119:EC_POINT_is_on_curve
+EC_F_EC_POINT_MAKE_AFFINE:120:EC_POINT_make_affine
+EC_F_EC_POINT_NEW:121:EC_POINT_new
+EC_F_EC_POINT_OCT2POINT:122:EC_POINT_oct2point
+EC_F_EC_POINT_POINT2BUF:281:EC_POINT_point2buf
+EC_F_EC_POINT_POINT2OCT:123:EC_POINT_point2oct
+EC_F_EC_POINT_SET_AFFINE_COORDINATES:294:EC_POINT_set_affine_coordinates
+EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M:185:\
+	EC_POINT_set_affine_coordinates_GF2m
+EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP:124:EC_POINT_set_affine_coordinates_GFp
+EC_F_EC_POINT_SET_COMPRESSED_COORDINATES:295:EC_POINT_set_compressed_coordinates
+EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M:186:\
+	EC_POINT_set_compressed_coordinates_GF2m
+EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP:125:\
+	EC_POINT_set_compressed_coordinates_GFp
+EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP:126:\
+	EC_POINT_set_Jprojective_coordinates_GFp
+EC_F_EC_POINT_SET_TO_INFINITY:127:EC_POINT_set_to_infinity
+EC_F_EC_PRE_COMP_NEW:196:ec_pre_comp_new
+EC_F_EC_SCALAR_MUL_LADDER:284:ec_scalar_mul_ladder
+EC_F_EC_WNAF_MUL:187:ec_wNAF_mul
+EC_F_EC_WNAF_PRECOMPUTE_MULT:188:ec_wNAF_precompute_mult
+EC_F_I2D_ECPARAMETERS:190:i2d_ECParameters
+EC_F_I2D_ECPKPARAMETERS:191:i2d_ECPKParameters
+EC_F_I2D_ECPRIVATEKEY:192:i2d_ECPrivateKey
+EC_F_I2O_ECPUBLICKEY:151:i2o_ECPublicKey
+EC_F_NISTP224_PRE_COMP_NEW:227:nistp224_pre_comp_new
+EC_F_NISTP256_PRE_COMP_NEW:236:nistp256_pre_comp_new
+EC_F_NISTP521_PRE_COMP_NEW:237:nistp521_pre_comp_new
+EC_F_O2I_ECPUBLICKEY:152:o2i_ECPublicKey
+EC_F_OLD_EC_PRIV_DECODE:222:old_ec_priv_decode
+EC_F_OSSL_ECDH_COMPUTE_KEY:247:ossl_ecdh_compute_key
+EC_F_OSSL_ECDSA_SIGN_SIG:249:ossl_ecdsa_sign_sig
+EC_F_OSSL_ECDSA_VERIFY_SIG:250:ossl_ecdsa_verify_sig
+EC_F_PKEY_ECD_CTRL:271:pkey_ecd_ctrl
+EC_F_PKEY_ECD_DIGESTSIGN:272:pkey_ecd_digestsign
+EC_F_PKEY_ECD_DIGESTSIGN25519:276:pkey_ecd_digestsign25519
+EC_F_PKEY_ECD_DIGESTSIGN448:277:pkey_ecd_digestsign448
+EC_F_PKEY_ECX_DERIVE:269:pkey_ecx_derive
+EC_F_PKEY_EC_CTRL:197:pkey_ec_ctrl
+EC_F_PKEY_EC_CTRL_STR:198:pkey_ec_ctrl_str
+EC_F_PKEY_EC_DERIVE:217:pkey_ec_derive
+EC_F_PKEY_EC_INIT:282:pkey_ec_init
+EC_F_PKEY_EC_KDF_DERIVE:283:pkey_ec_kdf_derive
+EC_F_PKEY_EC_KEYGEN:199:pkey_ec_keygen
+EC_F_PKEY_EC_PARAMGEN:219:pkey_ec_paramgen
+EC_F_PKEY_EC_SIGN:218:pkey_ec_sign
+EC_F_VALIDATE_ECX_DERIVE:278:validate_ecx_derive
+ENGINE_F_DIGEST_UPDATE:198:digest_update
+ENGINE_F_DYNAMIC_CTRL:180:dynamic_ctrl
+ENGINE_F_DYNAMIC_GET_DATA_CTX:181:dynamic_get_data_ctx
+ENGINE_F_DYNAMIC_LOAD:182:dynamic_load
+ENGINE_F_DYNAMIC_SET_DATA_CTX:183:dynamic_set_data_ctx
+ENGINE_F_ENGINE_ADD:105:ENGINE_add
+ENGINE_F_ENGINE_BY_ID:106:ENGINE_by_id
+ENGINE_F_ENGINE_CMD_IS_EXECUTABLE:170:ENGINE_cmd_is_executable
+ENGINE_F_ENGINE_CTRL:142:ENGINE_ctrl
+ENGINE_F_ENGINE_CTRL_CMD:178:ENGINE_ctrl_cmd
+ENGINE_F_ENGINE_CTRL_CMD_STRING:171:ENGINE_ctrl_cmd_string
+ENGINE_F_ENGINE_FINISH:107:ENGINE_finish
+ENGINE_F_ENGINE_GET_CIPHER:185:ENGINE_get_cipher
+ENGINE_F_ENGINE_GET_DIGEST:186:ENGINE_get_digest
+ENGINE_F_ENGINE_GET_FIRST:195:ENGINE_get_first
+ENGINE_F_ENGINE_GET_LAST:196:ENGINE_get_last
+ENGINE_F_ENGINE_GET_NEXT:115:ENGINE_get_next
+ENGINE_F_ENGINE_GET_PKEY_ASN1_METH:193:ENGINE_get_pkey_asn1_meth
+ENGINE_F_ENGINE_GET_PKEY_METH:192:ENGINE_get_pkey_meth
+ENGINE_F_ENGINE_GET_PREV:116:ENGINE_get_prev
+ENGINE_F_ENGINE_INIT:119:ENGINE_init
+ENGINE_F_ENGINE_LIST_ADD:120:engine_list_add
+ENGINE_F_ENGINE_LIST_REMOVE:121:engine_list_remove
+ENGINE_F_ENGINE_LOAD_PRIVATE_KEY:150:ENGINE_load_private_key
+ENGINE_F_ENGINE_LOAD_PUBLIC_KEY:151:ENGINE_load_public_key
+ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT:194:ENGINE_load_ssl_client_cert
+ENGINE_F_ENGINE_NEW:122:ENGINE_new
+ENGINE_F_ENGINE_PKEY_ASN1_FIND_STR:197:ENGINE_pkey_asn1_find_str
+ENGINE_F_ENGINE_REMOVE:123:ENGINE_remove
+ENGINE_F_ENGINE_SET_DEFAULT_STRING:189:ENGINE_set_default_string
+ENGINE_F_ENGINE_SET_ID:129:ENGINE_set_id
+ENGINE_F_ENGINE_SET_NAME:130:ENGINE_set_name
+ENGINE_F_ENGINE_TABLE_REGISTER:184:engine_table_register
+ENGINE_F_ENGINE_UNLOCKED_FINISH:191:engine_unlocked_finish
+ENGINE_F_ENGINE_UP_REF:190:ENGINE_up_ref
+ENGINE_F_INT_CLEANUP_ITEM:199:int_cleanup_item
+ENGINE_F_INT_CTRL_HELPER:172:int_ctrl_helper
+ENGINE_F_INT_ENGINE_CONFIGURE:188:int_engine_configure
+ENGINE_F_INT_ENGINE_MODULE_INIT:187:int_engine_module_init
+ENGINE_F_OSSL_HMAC_INIT:200:ossl_hmac_init
+EVP_F_AESNI_INIT_KEY:165:aesni_init_key
+EVP_F_AES_GCM_CTRL:196:aes_gcm_ctrl
+EVP_F_AES_INIT_KEY:133:aes_init_key
+EVP_F_AES_OCB_CIPHER:169:aes_ocb_cipher
+EVP_F_AES_T4_INIT_KEY:178:aes_t4_init_key
+EVP_F_AES_WRAP_CIPHER:170:aes_wrap_cipher
+EVP_F_ALG_MODULE_INIT:177:alg_module_init
+EVP_F_ARIA_CCM_INIT_KEY:175:aria_ccm_init_key
+EVP_F_ARIA_GCM_CTRL:197:aria_gcm_ctrl
+EVP_F_ARIA_GCM_INIT_KEY:176:aria_gcm_init_key
+EVP_F_ARIA_INIT_KEY:185:aria_init_key
+EVP_F_B64_NEW:198:b64_new
+EVP_F_CAMELLIA_INIT_KEY:159:camellia_init_key
+EVP_F_CHACHA20_POLY1305_CTRL:182:chacha20_poly1305_ctrl
+EVP_F_CMLL_T4_INIT_KEY:179:cmll_t4_init_key
+EVP_F_DES_EDE3_WRAP_CIPHER:171:des_ede3_wrap_cipher
+EVP_F_DO_SIGVER_INIT:161:do_sigver_init
+EVP_F_ENC_NEW:199:enc_new
+EVP_F_EVP_CIPHERINIT_EX:123:EVP_CipherInit_ex
+EVP_F_EVP_CIPHER_ASN1_TO_PARAM:204:EVP_CIPHER_asn1_to_param
+EVP_F_EVP_CIPHER_CTX_COPY:163:EVP_CIPHER_CTX_copy
+EVP_F_EVP_CIPHER_CTX_CTRL:124:EVP_CIPHER_CTX_ctrl
+EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH:122:EVP_CIPHER_CTX_set_key_length
+EVP_F_EVP_CIPHER_PARAM_TO_ASN1:205:EVP_CIPHER_param_to_asn1
+EVP_F_EVP_DECRYPTFINAL_EX:101:EVP_DecryptFinal_ex
+EVP_F_EVP_DECRYPTUPDATE:166:EVP_DecryptUpdate
+EVP_F_EVP_DIGESTFINALXOF:174:EVP_DigestFinalXOF
+EVP_F_EVP_DIGESTINIT_EX:128:EVP_DigestInit_ex
+EVP_F_EVP_ENCRYPTFINAL_EX:127:EVP_EncryptFinal_ex
+EVP_F_EVP_ENCRYPTUPDATE:167:EVP_EncryptUpdate
+EVP_F_EVP_MD_CTX_COPY_EX:110:EVP_MD_CTX_copy_ex
+EVP_F_EVP_MD_SIZE:162:EVP_MD_size
+EVP_F_EVP_OPENINIT:102:EVP_OpenInit
+EVP_F_EVP_PBE_ALG_ADD:115:EVP_PBE_alg_add
+EVP_F_EVP_PBE_ALG_ADD_TYPE:160:EVP_PBE_alg_add_type
+EVP_F_EVP_PBE_CIPHERINIT:116:EVP_PBE_CipherInit
+EVP_F_EVP_PBE_SCRYPT:181:EVP_PBE_scrypt
+EVP_F_EVP_PKCS82PKEY:111:EVP_PKCS82PKEY
+EVP_F_EVP_PKEY2PKCS8:113:EVP_PKEY2PKCS8
+EVP_F_EVP_PKEY_ASN1_ADD0:188:EVP_PKEY_asn1_add0
+EVP_F_EVP_PKEY_CHECK:186:EVP_PKEY_check
+EVP_F_EVP_PKEY_COPY_PARAMETERS:103:EVP_PKEY_copy_parameters
+EVP_F_EVP_PKEY_CTX_CTRL:137:EVP_PKEY_CTX_ctrl
+EVP_F_EVP_PKEY_CTX_CTRL_STR:150:EVP_PKEY_CTX_ctrl_str
+EVP_F_EVP_PKEY_CTX_DUP:156:EVP_PKEY_CTX_dup
+EVP_F_EVP_PKEY_CTX_MD:168:EVP_PKEY_CTX_md
+EVP_F_EVP_PKEY_DECRYPT:104:EVP_PKEY_decrypt
+EVP_F_EVP_PKEY_DECRYPT_INIT:138:EVP_PKEY_decrypt_init
+EVP_F_EVP_PKEY_DECRYPT_OLD:151:EVP_PKEY_decrypt_old
+EVP_F_EVP_PKEY_DERIVE:153:EVP_PKEY_derive
+EVP_F_EVP_PKEY_DERIVE_INIT:154:EVP_PKEY_derive_init
+EVP_F_EVP_PKEY_DERIVE_SET_PEER:155:EVP_PKEY_derive_set_peer
+EVP_F_EVP_PKEY_ENCRYPT:105:EVP_PKEY_encrypt
+EVP_F_EVP_PKEY_ENCRYPT_INIT:139:EVP_PKEY_encrypt_init
+EVP_F_EVP_PKEY_ENCRYPT_OLD:152:EVP_PKEY_encrypt_old
+EVP_F_EVP_PKEY_GET0_DH:119:EVP_PKEY_get0_DH
+EVP_F_EVP_PKEY_GET0_DSA:120:EVP_PKEY_get0_DSA
+EVP_F_EVP_PKEY_GET0_EC_KEY:131:EVP_PKEY_get0_EC_KEY
+EVP_F_EVP_PKEY_GET0_HMAC:183:EVP_PKEY_get0_hmac
+EVP_F_EVP_PKEY_GET0_POLY1305:184:EVP_PKEY_get0_poly1305
+EVP_F_EVP_PKEY_GET0_RSA:121:EVP_PKEY_get0_RSA
+EVP_F_EVP_PKEY_GET0_SIPHASH:172:EVP_PKEY_get0_siphash
+EVP_F_EVP_PKEY_GET_RAW_PRIVATE_KEY:202:EVP_PKEY_get_raw_private_key
+EVP_F_EVP_PKEY_GET_RAW_PUBLIC_KEY:203:EVP_PKEY_get_raw_public_key
+EVP_F_EVP_PKEY_KEYGEN:146:EVP_PKEY_keygen
+EVP_F_EVP_PKEY_KEYGEN_INIT:147:EVP_PKEY_keygen_init
+EVP_F_EVP_PKEY_METH_ADD0:194:EVP_PKEY_meth_add0
+EVP_F_EVP_PKEY_METH_NEW:195:EVP_PKEY_meth_new
+EVP_F_EVP_PKEY_NEW:106:EVP_PKEY_new
+EVP_F_EVP_PKEY_NEW_CMAC_KEY:193:EVP_PKEY_new_CMAC_key
+EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY:191:EVP_PKEY_new_raw_private_key
+EVP_F_EVP_PKEY_NEW_RAW_PUBLIC_KEY:192:EVP_PKEY_new_raw_public_key
+EVP_F_EVP_PKEY_PARAMGEN:148:EVP_PKEY_paramgen
+EVP_F_EVP_PKEY_PARAMGEN_INIT:149:EVP_PKEY_paramgen_init
+EVP_F_EVP_PKEY_PARAM_CHECK:189:EVP_PKEY_param_check
+EVP_F_EVP_PKEY_PUBLIC_CHECK:190:EVP_PKEY_public_check
+EVP_F_EVP_PKEY_SET1_ENGINE:187:EVP_PKEY_set1_engine
+EVP_F_EVP_PKEY_SET_ALIAS_TYPE:206:EVP_PKEY_set_alias_type
+EVP_F_EVP_PKEY_SIGN:140:EVP_PKEY_sign
+EVP_F_EVP_PKEY_SIGN_INIT:141:EVP_PKEY_sign_init
+EVP_F_EVP_PKEY_VERIFY:142:EVP_PKEY_verify
+EVP_F_EVP_PKEY_VERIFY_INIT:143:EVP_PKEY_verify_init
+EVP_F_EVP_PKEY_VERIFY_RECOVER:144:EVP_PKEY_verify_recover
+EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT:145:EVP_PKEY_verify_recover_init
+EVP_F_EVP_SIGNFINAL:107:EVP_SignFinal
+EVP_F_EVP_VERIFYFINAL:108:EVP_VerifyFinal
+EVP_F_INT_CTX_NEW:157:int_ctx_new
+EVP_F_OK_NEW:200:ok_new
+EVP_F_PKCS5_PBE_KEYIVGEN:117:PKCS5_PBE_keyivgen
+EVP_F_PKCS5_V2_PBE_KEYIVGEN:118:PKCS5_v2_PBE_keyivgen
+EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN:164:PKCS5_v2_PBKDF2_keyivgen
+EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN:180:PKCS5_v2_scrypt_keyivgen
+EVP_F_PKEY_SET_TYPE:158:pkey_set_type
+EVP_F_RC2_MAGIC_TO_METH:109:rc2_magic_to_meth
+EVP_F_RC5_CTRL:125:rc5_ctrl
+EVP_F_S390X_AES_GCM_CTRL:201:s390x_aes_gcm_ctrl
+EVP_F_UPDATE:173:update
+KDF_F_PKEY_HKDF_CTRL_STR:103:pkey_hkdf_ctrl_str
+KDF_F_PKEY_HKDF_DERIVE:102:pkey_hkdf_derive
+KDF_F_PKEY_HKDF_INIT:108:pkey_hkdf_init
+KDF_F_PKEY_SCRYPT_CTRL_STR:104:pkey_scrypt_ctrl_str
+KDF_F_PKEY_SCRYPT_CTRL_UINT64:105:pkey_scrypt_ctrl_uint64
+KDF_F_PKEY_SCRYPT_DERIVE:109:pkey_scrypt_derive
+KDF_F_PKEY_SCRYPT_INIT:106:pkey_scrypt_init
+KDF_F_PKEY_SCRYPT_SET_MEMBUF:107:pkey_scrypt_set_membuf
+KDF_F_PKEY_TLS1_PRF_CTRL_STR:100:pkey_tls1_prf_ctrl_str
+KDF_F_PKEY_TLS1_PRF_DERIVE:101:pkey_tls1_prf_derive
+KDF_F_PKEY_TLS1_PRF_INIT:110:pkey_tls1_prf_init
+KDF_F_TLS1_PRF_ALG:111:tls1_prf_alg
+OBJ_F_OBJ_ADD_OBJECT:105:OBJ_add_object
+OBJ_F_OBJ_ADD_SIGID:107:OBJ_add_sigid
+OBJ_F_OBJ_CREATE:100:OBJ_create
+OBJ_F_OBJ_DUP:101:OBJ_dup
+OBJ_F_OBJ_NAME_NEW_INDEX:106:OBJ_NAME_new_index
+OBJ_F_OBJ_NID2LN:102:OBJ_nid2ln
+OBJ_F_OBJ_NID2OBJ:103:OBJ_nid2obj
+OBJ_F_OBJ_NID2SN:104:OBJ_nid2sn
+OBJ_F_OBJ_TXT2OBJ:108:OBJ_txt2obj
+OCSP_F_D2I_OCSP_NONCE:102:d2i_ocsp_nonce
+OCSP_F_OCSP_BASIC_ADD1_STATUS:103:OCSP_basic_add1_status
+OCSP_F_OCSP_BASIC_SIGN:104:OCSP_basic_sign
+OCSP_F_OCSP_BASIC_SIGN_CTX:119:OCSP_basic_sign_ctx
+OCSP_F_OCSP_BASIC_VERIFY:105:OCSP_basic_verify
+OCSP_F_OCSP_CERT_ID_NEW:101:OCSP_cert_id_new
+OCSP_F_OCSP_CHECK_DELEGATED:106:ocsp_check_delegated
+OCSP_F_OCSP_CHECK_IDS:107:ocsp_check_ids
+OCSP_F_OCSP_CHECK_ISSUER:108:ocsp_check_issuer
+OCSP_F_OCSP_CHECK_VALIDITY:115:OCSP_check_validity
+OCSP_F_OCSP_MATCH_ISSUERID:109:ocsp_match_issuerid
+OCSP_F_OCSP_PARSE_URL:114:OCSP_parse_url
+OCSP_F_OCSP_REQUEST_SIGN:110:OCSP_request_sign
+OCSP_F_OCSP_REQUEST_VERIFY:116:OCSP_request_verify
+OCSP_F_OCSP_RESPONSE_GET1_BASIC:111:OCSP_response_get1_basic
+OCSP_F_PARSE_HTTP_LINE1:118:parse_http_line1
+OSSL_STORE_F_FILE_CTRL:129:file_ctrl
+OSSL_STORE_F_FILE_FIND:138:file_find
+OSSL_STORE_F_FILE_GET_PASS:118:file_get_pass
+OSSL_STORE_F_FILE_LOAD:119:file_load
+OSSL_STORE_F_FILE_LOAD_TRY_DECODE:124:file_load_try_decode
+OSSL_STORE_F_FILE_NAME_TO_URI:126:file_name_to_uri
+OSSL_STORE_F_FILE_OPEN:120:file_open
+OSSL_STORE_F_OSSL_STORE_ATTACH_PEM_BIO:127:ossl_store_attach_pem_bio
+OSSL_STORE_F_OSSL_STORE_EXPECT:130:OSSL_STORE_expect
+OSSL_STORE_F_OSSL_STORE_FILE_ATTACH_PEM_BIO_INT:128:\
+	ossl_store_file_attach_pem_bio_int
+OSSL_STORE_F_OSSL_STORE_FIND:131:OSSL_STORE_find
+OSSL_STORE_F_OSSL_STORE_GET0_LOADER_INT:100:ossl_store_get0_loader_int
+OSSL_STORE_F_OSSL_STORE_INFO_GET1_CERT:101:OSSL_STORE_INFO_get1_CERT
+OSSL_STORE_F_OSSL_STORE_INFO_GET1_CRL:102:OSSL_STORE_INFO_get1_CRL
+OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME:103:OSSL_STORE_INFO_get1_NAME
+OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION:135:\
+	OSSL_STORE_INFO_get1_NAME_description
+OSSL_STORE_F_OSSL_STORE_INFO_GET1_PARAMS:104:OSSL_STORE_INFO_get1_PARAMS
+OSSL_STORE_F_OSSL_STORE_INFO_GET1_PKEY:105:OSSL_STORE_INFO_get1_PKEY
+OSSL_STORE_F_OSSL_STORE_INFO_NEW_CERT:106:OSSL_STORE_INFO_new_CERT
+OSSL_STORE_F_OSSL_STORE_INFO_NEW_CRL:107:OSSL_STORE_INFO_new_CRL
+OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED:123:ossl_store_info_new_EMBEDDED
+OSSL_STORE_F_OSSL_STORE_INFO_NEW_NAME:109:OSSL_STORE_INFO_new_NAME
+OSSL_STORE_F_OSSL_STORE_INFO_NEW_PARAMS:110:OSSL_STORE_INFO_new_PARAMS
+OSSL_STORE_F_OSSL_STORE_INFO_NEW_PKEY:111:OSSL_STORE_INFO_new_PKEY
+OSSL_STORE_F_OSSL_STORE_INFO_SET0_NAME_DESCRIPTION:134:\
+	OSSL_STORE_INFO_set0_NAME_description
+OSSL_STORE_F_OSSL_STORE_INIT_ONCE:112:ossl_store_init_once
+OSSL_STORE_F_OSSL_STORE_LOADER_NEW:113:OSSL_STORE_LOADER_new
+OSSL_STORE_F_OSSL_STORE_OPEN:114:OSSL_STORE_open
+OSSL_STORE_F_OSSL_STORE_OPEN_INT:115:*
+OSSL_STORE_F_OSSL_STORE_REGISTER_LOADER_INT:117:ossl_store_register_loader_int
+OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ALIAS:132:OSSL_STORE_SEARCH_by_alias
+OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ISSUER_SERIAL:133:\
+	OSSL_STORE_SEARCH_by_issuer_serial
+OSSL_STORE_F_OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT:136:\
+	OSSL_STORE_SEARCH_by_key_fingerprint
+OSSL_STORE_F_OSSL_STORE_SEARCH_BY_NAME:137:OSSL_STORE_SEARCH_by_name
+OSSL_STORE_F_OSSL_STORE_UNREGISTER_LOADER_INT:116:\
+	ossl_store_unregister_loader_int
+OSSL_STORE_F_TRY_DECODE_PARAMS:121:try_decode_params
+OSSL_STORE_F_TRY_DECODE_PKCS12:122:try_decode_PKCS12
+OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED:125:try_decode_PKCS8Encrypted
+PEM_F_B2I_DSS:127:b2i_dss
+PEM_F_B2I_PVK_BIO:128:b2i_PVK_bio
+PEM_F_B2I_RSA:129:b2i_rsa
+PEM_F_CHECK_BITLEN_DSA:130:check_bitlen_dsa
+PEM_F_CHECK_BITLEN_RSA:131:check_bitlen_rsa
+PEM_F_D2I_PKCS8PRIVATEKEY_BIO:120:d2i_PKCS8PrivateKey_bio
+PEM_F_D2I_PKCS8PRIVATEKEY_FP:121:d2i_PKCS8PrivateKey_fp
+PEM_F_DO_B2I:132:do_b2i
+PEM_F_DO_B2I_BIO:133:do_b2i_bio
+PEM_F_DO_BLOB_HEADER:134:do_blob_header
+PEM_F_DO_I2B:146:do_i2b
+PEM_F_DO_PK8PKEY:126:do_pk8pkey
+PEM_F_DO_PK8PKEY_FP:125:do_pk8pkey_fp
+PEM_F_DO_PVK_BODY:135:do_PVK_body
+PEM_F_DO_PVK_HEADER:136:do_PVK_header
+PEM_F_GET_HEADER_AND_DATA:143:get_header_and_data
+PEM_F_GET_NAME:144:get_name
+PEM_F_I2B_PVK:137:i2b_PVK
+PEM_F_I2B_PVK_BIO:138:i2b_PVK_bio
+PEM_F_LOAD_IV:101:load_iv
+PEM_F_PEM_ASN1_READ:102:PEM_ASN1_read
+PEM_F_PEM_ASN1_READ_BIO:103:PEM_ASN1_read_bio
+PEM_F_PEM_ASN1_WRITE:104:PEM_ASN1_write
+PEM_F_PEM_ASN1_WRITE_BIO:105:PEM_ASN1_write_bio
+PEM_F_PEM_DEF_CALLBACK:100:PEM_def_callback
+PEM_F_PEM_DO_HEADER:106:PEM_do_header
+PEM_F_PEM_GET_EVP_CIPHER_INFO:107:PEM_get_EVP_CIPHER_INFO
+PEM_F_PEM_READ:108:PEM_read
+PEM_F_PEM_READ_BIO:109:PEM_read_bio
+PEM_F_PEM_READ_BIO_DHPARAMS:141:PEM_read_bio_DHparams
+PEM_F_PEM_READ_BIO_EX:145:PEM_read_bio_ex
+PEM_F_PEM_READ_BIO_PARAMETERS:140:PEM_read_bio_Parameters
+PEM_F_PEM_READ_BIO_PRIVATEKEY:123:PEM_read_bio_PrivateKey
+PEM_F_PEM_READ_DHPARAMS:142:PEM_read_DHparams
+PEM_F_PEM_READ_PRIVATEKEY:124:PEM_read_PrivateKey
+PEM_F_PEM_SIGNFINAL:112:PEM_SignFinal
+PEM_F_PEM_WRITE:113:PEM_write
+PEM_F_PEM_WRITE_BIO:114:PEM_write_bio
+PEM_F_PEM_WRITE_PRIVATEKEY:139:PEM_write_PrivateKey
+PEM_F_PEM_X509_INFO_READ:115:PEM_X509_INFO_read
+PEM_F_PEM_X509_INFO_READ_BIO:116:PEM_X509_INFO_read_bio
+PEM_F_PEM_X509_INFO_WRITE_BIO:117:PEM_X509_INFO_write_bio
+PKCS12_F_OPENSSL_ASC2UNI:121:OPENSSL_asc2uni
+PKCS12_F_OPENSSL_UNI2ASC:124:OPENSSL_uni2asc
+PKCS12_F_OPENSSL_UNI2UTF8:127:OPENSSL_uni2utf8
+PKCS12_F_OPENSSL_UTF82UNI:129:OPENSSL_utf82uni
+PKCS12_F_PKCS12_CREATE:105:PKCS12_create
+PKCS12_F_PKCS12_GEN_MAC:107:PKCS12_gen_mac
+PKCS12_F_PKCS12_INIT:109:PKCS12_init
+PKCS12_F_PKCS12_ITEM_DECRYPT_D2I:106:PKCS12_item_decrypt_d2i
+PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT:108:PKCS12_item_i2d_encrypt
+PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG:117:PKCS12_item_pack_safebag
+PKCS12_F_PKCS12_KEY_GEN_ASC:110:PKCS12_key_gen_asc
+PKCS12_F_PKCS12_KEY_GEN_UNI:111:PKCS12_key_gen_uni
+PKCS12_F_PKCS12_KEY_GEN_UTF8:116:PKCS12_key_gen_utf8
+PKCS12_F_PKCS12_NEWPASS:128:PKCS12_newpass
+PKCS12_F_PKCS12_PACK_P7DATA:114:PKCS12_pack_p7data
+PKCS12_F_PKCS12_PACK_P7ENCDATA:115:PKCS12_pack_p7encdata
+PKCS12_F_PKCS12_PARSE:118:PKCS12_parse
+PKCS12_F_PKCS12_PBE_CRYPT:119:PKCS12_pbe_crypt
+PKCS12_F_PKCS12_PBE_KEYIVGEN:120:PKCS12_PBE_keyivgen
+PKCS12_F_PKCS12_SAFEBAG_CREATE0_P8INF:112:PKCS12_SAFEBAG_create0_p8inf
+PKCS12_F_PKCS12_SAFEBAG_CREATE0_PKCS8:113:PKCS12_SAFEBAG_create0_pkcs8
+PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT:133:\
+	PKCS12_SAFEBAG_create_pkcs8_encrypt
+PKCS12_F_PKCS12_SETUP_MAC:122:PKCS12_setup_mac
+PKCS12_F_PKCS12_SET_MAC:123:PKCS12_set_mac
+PKCS12_F_PKCS12_UNPACK_AUTHSAFES:130:PKCS12_unpack_authsafes
+PKCS12_F_PKCS12_UNPACK_P7DATA:131:PKCS12_unpack_p7data
+PKCS12_F_PKCS12_VERIFY_MAC:126:PKCS12_verify_mac
+PKCS12_F_PKCS8_ENCRYPT:125:PKCS8_encrypt
+PKCS12_F_PKCS8_SET0_PBE:132:PKCS8_set0_pbe
+PKCS7_F_DO_PKCS7_SIGNED_ATTRIB:136:do_pkcs7_signed_attrib
+PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME:135:PKCS7_add0_attrib_signing_time
+PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP:118:PKCS7_add_attrib_smimecap
+PKCS7_F_PKCS7_ADD_CERTIFICATE:100:PKCS7_add_certificate
+PKCS7_F_PKCS7_ADD_CRL:101:PKCS7_add_crl
+PKCS7_F_PKCS7_ADD_RECIPIENT_INFO:102:PKCS7_add_recipient_info
+PKCS7_F_PKCS7_ADD_SIGNATURE:131:PKCS7_add_signature
+PKCS7_F_PKCS7_ADD_SIGNER:103:PKCS7_add_signer
+PKCS7_F_PKCS7_BIO_ADD_DIGEST:125:PKCS7_bio_add_digest
+PKCS7_F_PKCS7_COPY_EXISTING_DIGEST:138:pkcs7_copy_existing_digest
+PKCS7_F_PKCS7_CTRL:104:PKCS7_ctrl
+PKCS7_F_PKCS7_DATADECODE:112:PKCS7_dataDecode
+PKCS7_F_PKCS7_DATAFINAL:128:PKCS7_dataFinal
+PKCS7_F_PKCS7_DATAINIT:105:PKCS7_dataInit
+PKCS7_F_PKCS7_DATAVERIFY:107:PKCS7_dataVerify
+PKCS7_F_PKCS7_DECRYPT:114:PKCS7_decrypt
+PKCS7_F_PKCS7_DECRYPT_RINFO:133:pkcs7_decrypt_rinfo
+PKCS7_F_PKCS7_ENCODE_RINFO:132:pkcs7_encode_rinfo
+PKCS7_F_PKCS7_ENCRYPT:115:PKCS7_encrypt
+PKCS7_F_PKCS7_FINAL:134:PKCS7_final
+PKCS7_F_PKCS7_FIND_DIGEST:127:PKCS7_find_digest
+PKCS7_F_PKCS7_GET0_SIGNERS:124:PKCS7_get0_signers
+PKCS7_F_PKCS7_RECIP_INFO_SET:130:PKCS7_RECIP_INFO_set
+PKCS7_F_PKCS7_SET_CIPHER:108:PKCS7_set_cipher
+PKCS7_F_PKCS7_SET_CONTENT:109:PKCS7_set_content
+PKCS7_F_PKCS7_SET_DIGEST:126:PKCS7_set_digest
+PKCS7_F_PKCS7_SET_TYPE:110:PKCS7_set_type
+PKCS7_F_PKCS7_SIGN:116:PKCS7_sign
+PKCS7_F_PKCS7_SIGNATUREVERIFY:113:PKCS7_signatureVerify
+PKCS7_F_PKCS7_SIGNER_INFO_SET:129:PKCS7_SIGNER_INFO_set
+PKCS7_F_PKCS7_SIGNER_INFO_SIGN:139:PKCS7_SIGNER_INFO_sign
+PKCS7_F_PKCS7_SIGN_ADD_SIGNER:137:PKCS7_sign_add_signer
+PKCS7_F_PKCS7_SIMPLE_SMIMECAP:119:PKCS7_simple_smimecap
+PKCS7_F_PKCS7_VERIFY:117:PKCS7_verify
+RAND_F_DRBG_BYTES:101:drbg_bytes
+RAND_F_DRBG_GET_ENTROPY:105:drbg_get_entropy
+RAND_F_DRBG_SETUP:117:drbg_setup
+RAND_F_GET_ENTROPY:106:get_entropy
+RAND_F_RAND_BYTES:100:RAND_bytes
+RAND_F_RAND_DRBG_ENABLE_LOCKING:119:rand_drbg_enable_locking
+RAND_F_RAND_DRBG_GENERATE:107:RAND_DRBG_generate
+RAND_F_RAND_DRBG_GET_ENTROPY:120:rand_drbg_get_entropy
+RAND_F_RAND_DRBG_GET_NONCE:123:rand_drbg_get_nonce
+RAND_F_RAND_DRBG_INSTANTIATE:108:RAND_DRBG_instantiate
+RAND_F_RAND_DRBG_NEW:109:RAND_DRBG_new
+RAND_F_RAND_DRBG_RESEED:110:RAND_DRBG_reseed
+RAND_F_RAND_DRBG_RESTART:102:rand_drbg_restart
+RAND_F_RAND_DRBG_SET:104:RAND_DRBG_set
+RAND_F_RAND_DRBG_SET_DEFAULTS:121:RAND_DRBG_set_defaults
+RAND_F_RAND_DRBG_UNINSTANTIATE:118:RAND_DRBG_uninstantiate
+RAND_F_RAND_LOAD_FILE:111:RAND_load_file
+RAND_F_RAND_POOL_ACQUIRE_ENTROPY:122:rand_pool_acquire_entropy
+RAND_F_RAND_POOL_ADD:103:rand_pool_add
+RAND_F_RAND_POOL_ADD_BEGIN:113:rand_pool_add_begin
+RAND_F_RAND_POOL_ADD_END:114:rand_pool_add_end
+RAND_F_RAND_POOL_ATTACH:124:rand_pool_attach
+RAND_F_RAND_POOL_BYTES_NEEDED:115:rand_pool_bytes_needed
+RAND_F_RAND_POOL_NEW:116:rand_pool_new
+RAND_F_RAND_WRITE_FILE:112:RAND_write_file
+RSA_F_CHECK_PADDING_MD:140:check_padding_md
+RSA_F_ENCODE_PKCS1:146:encode_pkcs1
+RSA_F_INT_RSA_VERIFY:145:int_rsa_verify
+RSA_F_OLD_RSA_PRIV_DECODE:147:old_rsa_priv_decode
+RSA_F_PKEY_PSS_INIT:165:pkey_pss_init
+RSA_F_PKEY_RSA_CTRL:143:pkey_rsa_ctrl
+RSA_F_PKEY_RSA_CTRL_STR:144:pkey_rsa_ctrl_str
+RSA_F_PKEY_RSA_SIGN:142:pkey_rsa_sign
+RSA_F_PKEY_RSA_VERIFY:149:pkey_rsa_verify
+RSA_F_PKEY_RSA_VERIFYRECOVER:141:pkey_rsa_verifyrecover
+RSA_F_RSA_ALGOR_TO_MD:156:rsa_algor_to_md
+RSA_F_RSA_BUILTIN_KEYGEN:129:rsa_builtin_keygen
+RSA_F_RSA_CHECK_KEY:123:RSA_check_key
+RSA_F_RSA_CHECK_KEY_EX:160:RSA_check_key_ex
+RSA_F_RSA_CMS_DECRYPT:159:rsa_cms_decrypt
+RSA_F_RSA_CMS_VERIFY:158:rsa_cms_verify
+RSA_F_RSA_ITEM_VERIFY:148:rsa_item_verify
+RSA_F_RSA_METH_DUP:161:RSA_meth_dup
+RSA_F_RSA_METH_NEW:162:RSA_meth_new
+RSA_F_RSA_METH_SET1_NAME:163:RSA_meth_set1_name
+RSA_F_RSA_MGF1_TO_MD:157:*
+RSA_F_RSA_MULTIP_INFO_NEW:166:rsa_multip_info_new
+RSA_F_RSA_NEW_METHOD:106:RSA_new_method
+RSA_F_RSA_NULL:124:*
+RSA_F_RSA_NULL_PRIVATE_DECRYPT:132:*
+RSA_F_RSA_NULL_PRIVATE_ENCRYPT:133:*
+RSA_F_RSA_NULL_PUBLIC_DECRYPT:134:*
+RSA_F_RSA_NULL_PUBLIC_ENCRYPT:135:*
+RSA_F_RSA_OSSL_PRIVATE_DECRYPT:101:rsa_ossl_private_decrypt
+RSA_F_RSA_OSSL_PRIVATE_ENCRYPT:102:rsa_ossl_private_encrypt
+RSA_F_RSA_OSSL_PUBLIC_DECRYPT:103:rsa_ossl_public_decrypt
+RSA_F_RSA_OSSL_PUBLIC_ENCRYPT:104:rsa_ossl_public_encrypt
+RSA_F_RSA_PADDING_ADD_NONE:107:RSA_padding_add_none
+RSA_F_RSA_PADDING_ADD_PKCS1_OAEP:121:RSA_padding_add_PKCS1_OAEP
+RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1:154:RSA_padding_add_PKCS1_OAEP_mgf1
+RSA_F_RSA_PADDING_ADD_PKCS1_PSS:125:RSA_padding_add_PKCS1_PSS
+RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1:152:RSA_padding_add_PKCS1_PSS_mgf1
+RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1:108:RSA_padding_add_PKCS1_type_1
+RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2:109:RSA_padding_add_PKCS1_type_2
+RSA_F_RSA_PADDING_ADD_SSLV23:110:RSA_padding_add_SSLv23
+RSA_F_RSA_PADDING_ADD_X931:127:RSA_padding_add_X931
+RSA_F_RSA_PADDING_CHECK_NONE:111:RSA_padding_check_none
+RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP:122:RSA_padding_check_PKCS1_OAEP
+RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1:153:RSA_padding_check_PKCS1_OAEP_mgf1
+RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1:112:RSA_padding_check_PKCS1_type_1
+RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2:113:RSA_padding_check_PKCS1_type_2
+RSA_F_RSA_PADDING_CHECK_SSLV23:114:RSA_padding_check_SSLv23
+RSA_F_RSA_PADDING_CHECK_X931:128:RSA_padding_check_X931
+RSA_F_RSA_PARAM_DECODE:164:rsa_param_decode
+RSA_F_RSA_PRINT:115:RSA_print
+RSA_F_RSA_PRINT_FP:116:RSA_print_fp
+RSA_F_RSA_PRIV_DECODE:150:rsa_priv_decode
+RSA_F_RSA_PRIV_ENCODE:138:rsa_priv_encode
+RSA_F_RSA_PSS_GET_PARAM:151:rsa_pss_get_param
+RSA_F_RSA_PSS_TO_CTX:155:rsa_pss_to_ctx
+RSA_F_RSA_PUB_DECODE:139:rsa_pub_decode
+RSA_F_RSA_SETUP_BLINDING:136:RSA_setup_blinding
+RSA_F_RSA_SIGN:117:RSA_sign
+RSA_F_RSA_SIGN_ASN1_OCTET_STRING:118:RSA_sign_ASN1_OCTET_STRING
+RSA_F_RSA_VERIFY:119:RSA_verify
+RSA_F_RSA_VERIFY_ASN1_OCTET_STRING:120:RSA_verify_ASN1_OCTET_STRING
+RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1:126:RSA_verify_PKCS1_PSS_mgf1
+RSA_F_SETUP_TBUF:167:setup_tbuf
+SM2_F_PKEY_SM2_COPY:115:pkey_sm2_copy
+SM2_F_PKEY_SM2_CTRL:109:pkey_sm2_ctrl
+SM2_F_PKEY_SM2_CTRL_STR:110:pkey_sm2_ctrl_str
+SM2_F_PKEY_SM2_DIGEST_CUSTOM:114:pkey_sm2_digest_custom
+SM2_F_PKEY_SM2_INIT:111:pkey_sm2_init
+SM2_F_PKEY_SM2_SIGN:112:pkey_sm2_sign
+SM2_F_SM2_COMPUTE_MSG_HASH:100:sm2_compute_msg_hash
+SM2_F_SM2_COMPUTE_USERID_DIGEST:101:sm2_compute_userid_digest
+SM2_F_SM2_COMPUTE_Z_DIGEST:113:sm2_compute_z_digest
+SM2_F_SM2_DECRYPT:102:sm2_decrypt
+SM2_F_SM2_ENCRYPT:103:sm2_encrypt
+SM2_F_SM2_PLAINTEXT_SIZE:104:sm2_plaintext_size
+SM2_F_SM2_SIGN:105:sm2_sign
+SM2_F_SM2_SIG_GEN:106:sm2_sig_gen
+SM2_F_SM2_SIG_VERIFY:107:sm2_sig_verify
+SM2_F_SM2_VERIFY:108:sm2_verify
+SSL_F_ADD_CLIENT_KEY_SHARE_EXT:438:*
+SSL_F_ADD_KEY_SHARE:512:add_key_share
+SSL_F_BYTES_TO_CIPHER_LIST:519:bytes_to_cipher_list
+SSL_F_CHECK_SUITEB_CIPHER_LIST:331:check_suiteb_cipher_list
+SSL_F_CIPHERSUITE_CB:622:ciphersuite_cb
+SSL_F_CONSTRUCT_CA_NAMES:552:construct_ca_names
+SSL_F_CONSTRUCT_KEY_EXCHANGE_TBS:553:construct_key_exchange_tbs
+SSL_F_CONSTRUCT_STATEFUL_TICKET:636:construct_stateful_ticket
+SSL_F_CONSTRUCT_STATELESS_TICKET:637:construct_stateless_ticket
+SSL_F_CREATE_SYNTHETIC_MESSAGE_HASH:539:create_synthetic_message_hash
+SSL_F_CREATE_TICKET_PREQUEL:638:create_ticket_prequel
+SSL_F_CT_MOVE_SCTS:345:ct_move_scts
+SSL_F_CT_STRICT:349:ct_strict
+SSL_F_CUSTOM_EXT_ADD:554:custom_ext_add
+SSL_F_CUSTOM_EXT_PARSE:555:custom_ext_parse
+SSL_F_D2I_SSL_SESSION:103:d2i_SSL_SESSION
+SSL_F_DANE_CTX_ENABLE:347:dane_ctx_enable
+SSL_F_DANE_MTYPE_SET:393:dane_mtype_set
+SSL_F_DANE_TLSA_ADD:394:dane_tlsa_add
+SSL_F_DERIVE_SECRET_KEY_AND_IV:514:derive_secret_key_and_iv
+SSL_F_DO_DTLS1_WRITE:245:do_dtls1_write
+SSL_F_DO_SSL3_WRITE:104:do_ssl3_write
+SSL_F_DTLS1_BUFFER_RECORD:247:dtls1_buffer_record
+SSL_F_DTLS1_CHECK_TIMEOUT_NUM:318:dtls1_check_timeout_num
+SSL_F_DTLS1_HEARTBEAT:305:*
+SSL_F_DTLS1_HM_FRAGMENT_NEW:623:dtls1_hm_fragment_new
+SSL_F_DTLS1_PREPROCESS_FRAGMENT:288:dtls1_preprocess_fragment
+SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS:424:dtls1_process_buffered_records
+SSL_F_DTLS1_PROCESS_RECORD:257:dtls1_process_record
+SSL_F_DTLS1_READ_BYTES:258:dtls1_read_bytes
+SSL_F_DTLS1_READ_FAILED:339:dtls1_read_failed
+SSL_F_DTLS1_RETRANSMIT_MESSAGE:390:dtls1_retransmit_message
+SSL_F_DTLS1_WRITE_APP_DATA_BYTES:268:dtls1_write_app_data_bytes
+SSL_F_DTLS1_WRITE_BYTES:545:dtls1_write_bytes
+SSL_F_DTLSV1_LISTEN:350:DTLSv1_listen
+SSL_F_DTLS_CONSTRUCT_CHANGE_CIPHER_SPEC:371:dtls_construct_change_cipher_spec
+SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST:385:\
+	dtls_construct_hello_verify_request
+SSL_F_DTLS_GET_REASSEMBLED_MESSAGE:370:dtls_get_reassembled_message
+SSL_F_DTLS_PROCESS_HELLO_VERIFY:386:dtls_process_hello_verify
+SSL_F_DTLS_RECORD_LAYER_NEW:635:DTLS_RECORD_LAYER_new
+SSL_F_DTLS_WAIT_FOR_DRY:592:dtls_wait_for_dry
+SSL_F_EARLY_DATA_COUNT_OK:532:early_data_count_ok
+SSL_F_FINAL_EARLY_DATA:556:final_early_data
+SSL_F_FINAL_EC_PT_FORMATS:485:final_ec_pt_formats
+SSL_F_FINAL_EMS:486:final_ems
+SSL_F_FINAL_KEY_SHARE:503:final_key_share
+SSL_F_FINAL_MAXFRAGMENTLEN:557:final_maxfragmentlen
+SSL_F_FINAL_RENEGOTIATE:483:final_renegotiate
+SSL_F_FINAL_SERVER_NAME:558:final_server_name
+SSL_F_FINAL_SIG_ALGS:497:final_sig_algs
+SSL_F_GET_CERT_VERIFY_TBS_DATA:588:get_cert_verify_tbs_data
+SSL_F_NSS_KEYLOG_INT:500:nss_keylog_int
+SSL_F_OPENSSL_INIT_SSL:342:OPENSSL_init_ssl
+SSL_F_OSSL_STATEM_CLIENT13_READ_TRANSITION:436:*
+SSL_F_OSSL_STATEM_CLIENT13_WRITE_TRANSITION:598:\
+	ossl_statem_client13_write_transition
+SSL_F_OSSL_STATEM_CLIENT_CONSTRUCT_MESSAGE:430:*
+SSL_F_OSSL_STATEM_CLIENT_POST_PROCESS_MESSAGE:593:\
+	ossl_statem_client_post_process_message
+SSL_F_OSSL_STATEM_CLIENT_PROCESS_MESSAGE:594:ossl_statem_client_process_message
+SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION:417:ossl_statem_client_read_transition
+SSL_F_OSSL_STATEM_CLIENT_WRITE_TRANSITION:599:\
+	ossl_statem_client_write_transition
+SSL_F_OSSL_STATEM_SERVER13_READ_TRANSITION:437:*
+SSL_F_OSSL_STATEM_SERVER13_WRITE_TRANSITION:600:\
+	ossl_statem_server13_write_transition
+SSL_F_OSSL_STATEM_SERVER_CONSTRUCT_MESSAGE:431:*
+SSL_F_OSSL_STATEM_SERVER_POST_PROCESS_MESSAGE:601:\
+	ossl_statem_server_post_process_message
+SSL_F_OSSL_STATEM_SERVER_POST_WORK:602:ossl_statem_server_post_work
+SSL_F_OSSL_STATEM_SERVER_PROCESS_MESSAGE:603:ossl_statem_server_process_message
+SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION:418:ossl_statem_server_read_transition
+SSL_F_OSSL_STATEM_SERVER_WRITE_TRANSITION:604:\
+	ossl_statem_server_write_transition
+SSL_F_PARSE_CA_NAMES:541:parse_ca_names
+SSL_F_PITEM_NEW:624:pitem_new
+SSL_F_PQUEUE_NEW:625:pqueue_new
+SSL_F_PROCESS_KEY_SHARE_EXT:439:*
+SSL_F_READ_STATE_MACHINE:352:read_state_machine
+SSL_F_SET_CLIENT_CIPHERSUITE:540:set_client_ciphersuite
+SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET:595:srp_generate_client_master_secret
+SSL_F_SRP_GENERATE_SERVER_MASTER_SECRET:589:srp_generate_server_master_secret
+SSL_F_SRP_VERIFY_SERVER_PARAM:596:srp_verify_server_param
+SSL_F_SSL3_CHANGE_CIPHER_STATE:129:ssl3_change_cipher_state
+SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM:130:ssl3_check_cert_and_algorithm
+SSL_F_SSL3_CTRL:213:ssl3_ctrl
+SSL_F_SSL3_CTX_CTRL:133:ssl3_ctx_ctrl
+SSL_F_SSL3_DIGEST_CACHED_RECORDS:293:ssl3_digest_cached_records
+SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC:292:ssl3_do_change_cipher_spec
+SSL_F_SSL3_ENC:608:ssl3_enc
+SSL_F_SSL3_FINAL_FINISH_MAC:285:ssl3_final_finish_mac
+SSL_F_SSL3_FINISH_MAC:587:ssl3_finish_mac
+SSL_F_SSL3_GENERATE_KEY_BLOCK:238:ssl3_generate_key_block
+SSL_F_SSL3_GENERATE_MASTER_SECRET:388:ssl3_generate_master_secret
+SSL_F_SSL3_GET_RECORD:143:ssl3_get_record
+SSL_F_SSL3_INIT_FINISHED_MAC:397:ssl3_init_finished_mac
+SSL_F_SSL3_OUTPUT_CERT_CHAIN:147:ssl3_output_cert_chain
+SSL_F_SSL3_READ_BYTES:148:ssl3_read_bytes
+SSL_F_SSL3_READ_N:149:ssl3_read_n
+SSL_F_SSL3_SETUP_KEY_BLOCK:157:ssl3_setup_key_block
+SSL_F_SSL3_SETUP_READ_BUFFER:156:ssl3_setup_read_buffer
+SSL_F_SSL3_SETUP_WRITE_BUFFER:291:ssl3_setup_write_buffer
+SSL_F_SSL3_WRITE_BYTES:158:ssl3_write_bytes
+SSL_F_SSL3_WRITE_PENDING:159:ssl3_write_pending
+SSL_F_SSL_ADD_CERT_CHAIN:316:ssl_add_cert_chain
+SSL_F_SSL_ADD_CERT_TO_BUF:319:*
+SSL_F_SSL_ADD_CERT_TO_WPACKET:493:ssl_add_cert_to_wpacket
+SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT:298:*
+SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT:277:*
+SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT:307:*
+SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK:215:SSL_add_dir_cert_subjects_to_stack
+SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK:216:\
+	SSL_add_file_cert_subjects_to_stack
+SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT:299:*
+SSL_F_SSL_ADD_SERVERHELLO_TLSEXT:278:*
+SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT:308:*
+SSL_F_SSL_BAD_METHOD:160:ssl_bad_method
+SSL_F_SSL_BUILD_CERT_CHAIN:332:ssl_build_cert_chain
+SSL_F_SSL_BYTES_TO_CIPHER_LIST:161:SSL_bytes_to_cipher_list
+SSL_F_SSL_CACHE_CIPHERLIST:520:ssl_cache_cipherlist
+SSL_F_SSL_CERT_ADD0_CHAIN_CERT:346:ssl_cert_add0_chain_cert
+SSL_F_SSL_CERT_DUP:221:ssl_cert_dup
+SSL_F_SSL_CERT_NEW:162:ssl_cert_new
+SSL_F_SSL_CERT_SET0_CHAIN:340:ssl_cert_set0_chain
+SSL_F_SSL_CHECK_PRIVATE_KEY:163:SSL_check_private_key
+SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT:280:*
+SSL_F_SSL_CHECK_SRP_EXT_CLIENTHELLO:606:ssl_check_srp_ext_ClientHello
+SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG:279:ssl_check_srvr_ecc_cert_and_alg
+SSL_F_SSL_CHOOSE_CLIENT_VERSION:607:ssl_choose_client_version
+SSL_F_SSL_CIPHER_DESCRIPTION:626:SSL_CIPHER_description
+SSL_F_SSL_CIPHER_LIST_TO_BYTES:425:ssl_cipher_list_to_bytes
+SSL_F_SSL_CIPHER_PROCESS_RULESTR:230:ssl_cipher_process_rulestr
+SSL_F_SSL_CIPHER_STRENGTH_SORT:231:ssl_cipher_strength_sort
+SSL_F_SSL_CLEAR:164:SSL_clear
+SSL_F_SSL_CLIENT_HELLO_GET1_EXTENSIONS_PRESENT:627:\
+	SSL_client_hello_get1_extensions_present
+SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD:165:SSL_COMP_add_compression_method
+SSL_F_SSL_CONF_CMD:334:SSL_CONF_cmd
+SSL_F_SSL_CREATE_CIPHER_LIST:166:ssl_create_cipher_list
+SSL_F_SSL_CTRL:232:SSL_ctrl
+SSL_F_SSL_CTX_CHECK_PRIVATE_KEY:168:SSL_CTX_check_private_key
+SSL_F_SSL_CTX_ENABLE_CT:398:SSL_CTX_enable_ct
+SSL_F_SSL_CTX_MAKE_PROFILES:309:ssl_ctx_make_profiles
+SSL_F_SSL_CTX_NEW:169:SSL_CTX_new
+SSL_F_SSL_CTX_SET_ALPN_PROTOS:343:SSL_CTX_set_alpn_protos
+SSL_F_SSL_CTX_SET_CIPHER_LIST:269:SSL_CTX_set_cipher_list
+SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE:290:SSL_CTX_set_client_cert_engine
+SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK:396:SSL_CTX_set_ct_validation_callback
+SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT:219:SSL_CTX_set_session_id_context
+SSL_F_SSL_CTX_SET_SSL_VERSION:170:SSL_CTX_set_ssl_version
+SSL_F_SSL_CTX_SET_TLSEXT_MAX_FRAGMENT_LENGTH:551:\
+	SSL_CTX_set_tlsext_max_fragment_length
+SSL_F_SSL_CTX_USE_CERTIFICATE:171:SSL_CTX_use_certificate
+SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1:172:SSL_CTX_use_certificate_ASN1
+SSL_F_SSL_CTX_USE_CERTIFICATE_FILE:173:SSL_CTX_use_certificate_file
+SSL_F_SSL_CTX_USE_PRIVATEKEY:174:SSL_CTX_use_PrivateKey
+SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1:175:SSL_CTX_use_PrivateKey_ASN1
+SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE:176:SSL_CTX_use_PrivateKey_file
+SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT:272:SSL_CTX_use_psk_identity_hint
+SSL_F_SSL_CTX_USE_RSAPRIVATEKEY:177:SSL_CTX_use_RSAPrivateKey
+SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1:178:SSL_CTX_use_RSAPrivateKey_ASN1
+SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE:179:SSL_CTX_use_RSAPrivateKey_file
+SSL_F_SSL_CTX_USE_SERVERINFO:336:SSL_CTX_use_serverinfo
+SSL_F_SSL_CTX_USE_SERVERINFO_EX:543:SSL_CTX_use_serverinfo_ex
+SSL_F_SSL_CTX_USE_SERVERINFO_FILE:337:SSL_CTX_use_serverinfo_file
+SSL_F_SSL_DANE_DUP:403:ssl_dane_dup
+SSL_F_SSL_DANE_ENABLE:395:SSL_dane_enable
+SSL_F_SSL_DERIVE:590:ssl_derive
+SSL_F_SSL_DO_CONFIG:391:ssl_do_config
+SSL_F_SSL_DO_HANDSHAKE:180:SSL_do_handshake
+SSL_F_SSL_DUP_CA_LIST:408:SSL_dup_CA_list
+SSL_F_SSL_ENABLE_CT:402:SSL_enable_ct
+SSL_F_SSL_GENERATE_PKEY_GROUP:559:ssl_generate_pkey_group
+SSL_F_SSL_GENERATE_SESSION_ID:547:ssl_generate_session_id
+SSL_F_SSL_GET_NEW_SESSION:181:ssl_get_new_session
+SSL_F_SSL_GET_PREV_SESSION:217:ssl_get_prev_session
+SSL_F_SSL_GET_SERVER_CERT_INDEX:322:*
+SSL_F_SSL_GET_SIGN_PKEY:183:*
+SSL_F_SSL_HANDSHAKE_HASH:560:ssl_handshake_hash
+SSL_F_SSL_INIT_WBIO_BUFFER:184:ssl_init_wbio_buffer
+SSL_F_SSL_KEY_UPDATE:515:SSL_key_update
+SSL_F_SSL_LOAD_CLIENT_CA_FILE:185:SSL_load_client_CA_file
+SSL_F_SSL_LOG_MASTER_SECRET:498:*
+SSL_F_SSL_LOG_RSA_CLIENT_KEY_EXCHANGE:499:ssl_log_rsa_client_key_exchange
+SSL_F_SSL_MODULE_INIT:392:ssl_module_init
+SSL_F_SSL_NEW:186:SSL_new
+SSL_F_SSL_NEXT_PROTO_VALIDATE:565:ssl_next_proto_validate
+SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT:300:*
+SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT:302:*
+SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT:310:*
+SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT:301:*
+SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT:303:*
+SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT:311:*
+SSL_F_SSL_PEEK:270:SSL_peek
+SSL_F_SSL_PEEK_EX:432:SSL_peek_ex
+SSL_F_SSL_PEEK_INTERNAL:522:ssl_peek_internal
+SSL_F_SSL_READ:223:SSL_read
+SSL_F_SSL_READ_EARLY_DATA:529:SSL_read_early_data
+SSL_F_SSL_READ_EX:434:SSL_read_ex
+SSL_F_SSL_READ_INTERNAL:523:ssl_read_internal
+SSL_F_SSL_RENEGOTIATE:516:SSL_renegotiate
+SSL_F_SSL_RENEGOTIATE_ABBREVIATED:546:SSL_renegotiate_abbreviated
+SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT:320:*
+SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT:321:*
+SSL_F_SSL_SESSION_DUP:348:ssl_session_dup
+SSL_F_SSL_SESSION_NEW:189:SSL_SESSION_new
+SSL_F_SSL_SESSION_PRINT_FP:190:SSL_SESSION_print_fp
+SSL_F_SSL_SESSION_SET1_ID:423:SSL_SESSION_set1_id
+SSL_F_SSL_SESSION_SET1_ID_CONTEXT:312:SSL_SESSION_set1_id_context
+SSL_F_SSL_SET_ALPN_PROTOS:344:SSL_set_alpn_protos
+SSL_F_SSL_SET_CERT:191:ssl_set_cert
+SSL_F_SSL_SET_CERT_AND_KEY:621:ssl_set_cert_and_key
+SSL_F_SSL_SET_CIPHER_LIST:271:SSL_set_cipher_list
+SSL_F_SSL_SET_CT_VALIDATION_CALLBACK:399:SSL_set_ct_validation_callback
+SSL_F_SSL_SET_FD:192:SSL_set_fd
+SSL_F_SSL_SET_PKEY:193:ssl_set_pkey
+SSL_F_SSL_SET_RFD:194:SSL_set_rfd
+SSL_F_SSL_SET_SESSION:195:SSL_set_session
+SSL_F_SSL_SET_SESSION_ID_CONTEXT:218:SSL_set_session_id_context
+SSL_F_SSL_SET_SESSION_TICKET_EXT:294:SSL_set_session_ticket_ext
+SSL_F_SSL_SET_TLSEXT_MAX_FRAGMENT_LENGTH:550:SSL_set_tlsext_max_fragment_length
+SSL_F_SSL_SET_WFD:196:SSL_set_wfd
+SSL_F_SSL_SHUTDOWN:224:SSL_shutdown
+SSL_F_SSL_SRP_CTX_INIT:313:SSL_SRP_CTX_init
+SSL_F_SSL_START_ASYNC_JOB:389:ssl_start_async_job
+SSL_F_SSL_UNDEFINED_FUNCTION:197:ssl_undefined_function
+SSL_F_SSL_UNDEFINED_VOID_FUNCTION:244:ssl_undefined_void_function
+SSL_F_SSL_USE_CERTIFICATE:198:SSL_use_certificate
+SSL_F_SSL_USE_CERTIFICATE_ASN1:199:SSL_use_certificate_ASN1
+SSL_F_SSL_USE_CERTIFICATE_FILE:200:SSL_use_certificate_file
+SSL_F_SSL_USE_PRIVATEKEY:201:SSL_use_PrivateKey
+SSL_F_SSL_USE_PRIVATEKEY_ASN1:202:SSL_use_PrivateKey_ASN1
+SSL_F_SSL_USE_PRIVATEKEY_FILE:203:SSL_use_PrivateKey_file
+SSL_F_SSL_USE_PSK_IDENTITY_HINT:273:SSL_use_psk_identity_hint
+SSL_F_SSL_USE_RSAPRIVATEKEY:204:SSL_use_RSAPrivateKey
+SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1:205:SSL_use_RSAPrivateKey_ASN1
+SSL_F_SSL_USE_RSAPRIVATEKEY_FILE:206:SSL_use_RSAPrivateKey_file
+SSL_F_SSL_VALIDATE_CT:400:ssl_validate_ct
+SSL_F_SSL_VERIFY_CERT_CHAIN:207:ssl_verify_cert_chain
+SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE:616:SSL_verify_client_post_handshake
+SSL_F_SSL_WRITE:208:SSL_write
+SSL_F_SSL_WRITE_EARLY_DATA:526:SSL_write_early_data
+SSL_F_SSL_WRITE_EARLY_FINISH:527:*
+SSL_F_SSL_WRITE_EX:433:SSL_write_ex
+SSL_F_SSL_WRITE_INTERNAL:524:ssl_write_internal
+SSL_F_STATE_MACHINE:353:state_machine
+SSL_F_TLS12_CHECK_PEER_SIGALG:333:tls12_check_peer_sigalg
+SSL_F_TLS12_COPY_SIGALGS:533:tls12_copy_sigalgs
+SSL_F_TLS13_CHANGE_CIPHER_STATE:440:tls13_change_cipher_state
+SSL_F_TLS13_ENC:609:tls13_enc
+SSL_F_TLS13_FINAL_FINISH_MAC:605:tls13_final_finish_mac
+SSL_F_TLS13_GENERATE_SECRET:591:tls13_generate_secret
+SSL_F_TLS13_HKDF_EXPAND:561:tls13_hkdf_expand
+SSL_F_TLS13_RESTORE_HANDSHAKE_DIGEST_FOR_PHA:617:\
+	tls13_restore_handshake_digest_for_pha
+SSL_F_TLS13_SAVE_HANDSHAKE_DIGEST_FOR_PHA:618:\
+	tls13_save_handshake_digest_for_pha
+SSL_F_TLS13_SETUP_KEY_BLOCK:441:tls13_setup_key_block
+SSL_F_TLS1_CHANGE_CIPHER_STATE:209:tls1_change_cipher_state
+SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS:341:*
+SSL_F_TLS1_ENC:401:tls1_enc
+SSL_F_TLS1_EXPORT_KEYING_MATERIAL:314:tls1_export_keying_material
+SSL_F_TLS1_GET_CURVELIST:338:tls1_get_curvelist
+SSL_F_TLS1_PRF:284:tls1_PRF
+SSL_F_TLS1_SAVE_U16:628:tls1_save_u16
+SSL_F_TLS1_SETUP_KEY_BLOCK:211:tls1_setup_key_block
+SSL_F_TLS1_SET_GROUPS:629:tls1_set_groups
+SSL_F_TLS1_SET_RAW_SIGALGS:630:tls1_set_raw_sigalgs
+SSL_F_TLS1_SET_SERVER_SIGALGS:335:tls1_set_server_sigalgs
+SSL_F_TLS1_SET_SHARED_SIGALGS:631:tls1_set_shared_sigalgs
+SSL_F_TLS1_SET_SIGALGS:632:tls1_set_sigalgs
+SSL_F_TLS_CHOOSE_SIGALG:513:tls_choose_sigalg
+SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK:354:tls_client_key_exchange_post_work
+SSL_F_TLS_COLLECT_EXTENSIONS:435:tls_collect_extensions
+SSL_F_TLS_CONSTRUCT_CERTIFICATE_AUTHORITIES:542:\
+	tls_construct_certificate_authorities
+SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST:372:tls_construct_certificate_request
+SSL_F_TLS_CONSTRUCT_CERT_STATUS:429:*
+SSL_F_TLS_CONSTRUCT_CERT_STATUS_BODY:494:tls_construct_cert_status_body
+SSL_F_TLS_CONSTRUCT_CERT_VERIFY:496:tls_construct_cert_verify
+SSL_F_TLS_CONSTRUCT_CHANGE_CIPHER_SPEC:427:tls_construct_change_cipher_spec
+SSL_F_TLS_CONSTRUCT_CKE_DHE:404:tls_construct_cke_dhe
+SSL_F_TLS_CONSTRUCT_CKE_ECDHE:405:tls_construct_cke_ecdhe
+SSL_F_TLS_CONSTRUCT_CKE_GOST:406:tls_construct_cke_gost
+SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE:407:tls_construct_cke_psk_preamble
+SSL_F_TLS_CONSTRUCT_CKE_RSA:409:tls_construct_cke_rsa
+SSL_F_TLS_CONSTRUCT_CKE_SRP:410:tls_construct_cke_srp
+SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE:484:tls_construct_client_certificate
+SSL_F_TLS_CONSTRUCT_CLIENT_HELLO:487:tls_construct_client_hello
+SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE:488:tls_construct_client_key_exchange
+SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY:489:*
+SSL_F_TLS_CONSTRUCT_CTOS_ALPN:466:tls_construct_ctos_alpn
+SSL_F_TLS_CONSTRUCT_CTOS_CERTIFICATE:355:*
+SSL_F_TLS_CONSTRUCT_CTOS_COOKIE:535:tls_construct_ctos_cookie
+SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA:530:tls_construct_ctos_early_data
+SSL_F_TLS_CONSTRUCT_CTOS_EC_PT_FORMATS:467:tls_construct_ctos_ec_pt_formats
+SSL_F_TLS_CONSTRUCT_CTOS_EMS:468:tls_construct_ctos_ems
+SSL_F_TLS_CONSTRUCT_CTOS_ETM:469:tls_construct_ctos_etm
+SSL_F_TLS_CONSTRUCT_CTOS_HELLO:356:*
+SSL_F_TLS_CONSTRUCT_CTOS_KEY_EXCHANGE:357:*
+SSL_F_TLS_CONSTRUCT_CTOS_KEY_SHARE:470:tls_construct_ctos_key_share
+SSL_F_TLS_CONSTRUCT_CTOS_MAXFRAGMENTLEN:549:tls_construct_ctos_maxfragmentlen
+SSL_F_TLS_CONSTRUCT_CTOS_NPN:471:tls_construct_ctos_npn
+SSL_F_TLS_CONSTRUCT_CTOS_PADDING:472:tls_construct_ctos_padding
+SSL_F_TLS_CONSTRUCT_CTOS_POST_HANDSHAKE_AUTH:619:\
+	tls_construct_ctos_post_handshake_auth
+SSL_F_TLS_CONSTRUCT_CTOS_PSK:501:tls_construct_ctos_psk
+SSL_F_TLS_CONSTRUCT_CTOS_PSK_KEX_MODES:509:tls_construct_ctos_psk_kex_modes
+SSL_F_TLS_CONSTRUCT_CTOS_RENEGOTIATE:473:tls_construct_ctos_renegotiate
+SSL_F_TLS_CONSTRUCT_CTOS_SCT:474:tls_construct_ctos_sct
+SSL_F_TLS_CONSTRUCT_CTOS_SERVER_NAME:475:tls_construct_ctos_server_name
+SSL_F_TLS_CONSTRUCT_CTOS_SESSION_TICKET:476:tls_construct_ctos_session_ticket
+SSL_F_TLS_CONSTRUCT_CTOS_SIG_ALGS:477:tls_construct_ctos_sig_algs
+SSL_F_TLS_CONSTRUCT_CTOS_SRP:478:tls_construct_ctos_srp
+SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST:479:tls_construct_ctos_status_request
+SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS:480:\
+	tls_construct_ctos_supported_groups
+SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS:481:\
+	tls_construct_ctos_supported_versions
+SSL_F_TLS_CONSTRUCT_CTOS_USE_SRTP:482:tls_construct_ctos_use_srtp
+SSL_F_TLS_CONSTRUCT_CTOS_VERIFY:358:*
+SSL_F_TLS_CONSTRUCT_ENCRYPTED_EXTENSIONS:443:tls_construct_encrypted_extensions
+SSL_F_TLS_CONSTRUCT_END_OF_EARLY_DATA:536:tls_construct_end_of_early_data
+SSL_F_TLS_CONSTRUCT_EXTENSIONS:447:tls_construct_extensions
+SSL_F_TLS_CONSTRUCT_FINISHED:359:tls_construct_finished
+SSL_F_TLS_CONSTRUCT_HELLO_REQUEST:373:*
+SSL_F_TLS_CONSTRUCT_HELLO_RETRY_REQUEST:510:tls_construct_hello_retry_request
+SSL_F_TLS_CONSTRUCT_KEY_UPDATE:517:tls_construct_key_update
+SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET:428:tls_construct_new_session_ticket
+SSL_F_TLS_CONSTRUCT_NEXT_PROTO:426:tls_construct_next_proto
+SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE:490:tls_construct_server_certificate
+SSL_F_TLS_CONSTRUCT_SERVER_HELLO:491:tls_construct_server_hello
+SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE:492:tls_construct_server_key_exchange
+SSL_F_TLS_CONSTRUCT_STOC_ALPN:451:tls_construct_stoc_alpn
+SSL_F_TLS_CONSTRUCT_STOC_CERTIFICATE:374:*
+SSL_F_TLS_CONSTRUCT_STOC_COOKIE:613:tls_construct_stoc_cookie
+SSL_F_TLS_CONSTRUCT_STOC_CRYPTOPRO_BUG:452:tls_construct_stoc_cryptopro_bug
+SSL_F_TLS_CONSTRUCT_STOC_DONE:375:*
+SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA:531:tls_construct_stoc_early_data
+SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA_INFO:525:*
+SSL_F_TLS_CONSTRUCT_STOC_EC_PT_FORMATS:453:tls_construct_stoc_ec_pt_formats
+SSL_F_TLS_CONSTRUCT_STOC_EMS:454:tls_construct_stoc_ems
+SSL_F_TLS_CONSTRUCT_STOC_ETM:455:tls_construct_stoc_etm
+SSL_F_TLS_CONSTRUCT_STOC_HELLO:376:*
+SSL_F_TLS_CONSTRUCT_STOC_KEY_EXCHANGE:377:*
+SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE:456:tls_construct_stoc_key_share
+SSL_F_TLS_CONSTRUCT_STOC_MAXFRAGMENTLEN:548:tls_construct_stoc_maxfragmentlen
+SSL_F_TLS_CONSTRUCT_STOC_NEXT_PROTO_NEG:457:tls_construct_stoc_next_proto_neg
+SSL_F_TLS_CONSTRUCT_STOC_PSK:504:tls_construct_stoc_psk
+SSL_F_TLS_CONSTRUCT_STOC_RENEGOTIATE:458:tls_construct_stoc_renegotiate
+SSL_F_TLS_CONSTRUCT_STOC_SERVER_NAME:459:tls_construct_stoc_server_name
+SSL_F_TLS_CONSTRUCT_STOC_SESSION_TICKET:460:tls_construct_stoc_session_ticket
+SSL_F_TLS_CONSTRUCT_STOC_STATUS_REQUEST:461:tls_construct_stoc_status_request
+SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_GROUPS:544:\
+	tls_construct_stoc_supported_groups
+SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_VERSIONS:611:\
+	tls_construct_stoc_supported_versions
+SSL_F_TLS_CONSTRUCT_STOC_USE_SRTP:462:tls_construct_stoc_use_srtp
+SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO:521:\
+	tls_early_post_process_client_hello
+SSL_F_TLS_FINISH_HANDSHAKE:597:tls_finish_handshake
+SSL_F_TLS_GET_MESSAGE_BODY:351:tls_get_message_body
+SSL_F_TLS_GET_MESSAGE_HEADER:387:tls_get_message_header
+SSL_F_TLS_HANDLE_ALPN:562:tls_handle_alpn
+SSL_F_TLS_HANDLE_STATUS_REQUEST:563:tls_handle_status_request
+SSL_F_TLS_PARSE_CERTIFICATE_AUTHORITIES:566:tls_parse_certificate_authorities
+SSL_F_TLS_PARSE_CLIENTHELLO_TLSEXT:449:*
+SSL_F_TLS_PARSE_CTOS_ALPN:567:tls_parse_ctos_alpn
+SSL_F_TLS_PARSE_CTOS_COOKIE:614:tls_parse_ctos_cookie
+SSL_F_TLS_PARSE_CTOS_EARLY_DATA:568:tls_parse_ctos_early_data
+SSL_F_TLS_PARSE_CTOS_EC_PT_FORMATS:569:tls_parse_ctos_ec_pt_formats
+SSL_F_TLS_PARSE_CTOS_EMS:570:tls_parse_ctos_ems
+SSL_F_TLS_PARSE_CTOS_KEY_SHARE:463:tls_parse_ctos_key_share
+SSL_F_TLS_PARSE_CTOS_MAXFRAGMENTLEN:571:tls_parse_ctos_maxfragmentlen
+SSL_F_TLS_PARSE_CTOS_POST_HANDSHAKE_AUTH:620:tls_parse_ctos_post_handshake_auth
+SSL_F_TLS_PARSE_CTOS_PSK:505:tls_parse_ctos_psk
+SSL_F_TLS_PARSE_CTOS_PSK_KEX_MODES:572:tls_parse_ctos_psk_kex_modes
+SSL_F_TLS_PARSE_CTOS_RENEGOTIATE:464:tls_parse_ctos_renegotiate
+SSL_F_TLS_PARSE_CTOS_SERVER_NAME:573:tls_parse_ctos_server_name
+SSL_F_TLS_PARSE_CTOS_SESSION_TICKET:574:tls_parse_ctos_session_ticket
+SSL_F_TLS_PARSE_CTOS_SIG_ALGS:575:tls_parse_ctos_sig_algs
+SSL_F_TLS_PARSE_CTOS_SIG_ALGS_CERT:615:tls_parse_ctos_sig_algs_cert
+SSL_F_TLS_PARSE_CTOS_SRP:576:tls_parse_ctos_srp
+SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST:577:tls_parse_ctos_status_request
+SSL_F_TLS_PARSE_CTOS_SUPPORTED_GROUPS:578:tls_parse_ctos_supported_groups
+SSL_F_TLS_PARSE_CTOS_USE_SRTP:465:tls_parse_ctos_use_srtp
+SSL_F_TLS_PARSE_STOC_ALPN:579:tls_parse_stoc_alpn
+SSL_F_TLS_PARSE_STOC_COOKIE:534:tls_parse_stoc_cookie
+SSL_F_TLS_PARSE_STOC_EARLY_DATA:538:tls_parse_stoc_early_data
+SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO:528:*
+SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS:580:tls_parse_stoc_ec_pt_formats
+SSL_F_TLS_PARSE_STOC_KEY_SHARE:445:tls_parse_stoc_key_share
+SSL_F_TLS_PARSE_STOC_MAXFRAGMENTLEN:581:tls_parse_stoc_maxfragmentlen
+SSL_F_TLS_PARSE_STOC_NPN:582:tls_parse_stoc_npn
+SSL_F_TLS_PARSE_STOC_PSK:502:tls_parse_stoc_psk
+SSL_F_TLS_PARSE_STOC_RENEGOTIATE:448:tls_parse_stoc_renegotiate
+SSL_F_TLS_PARSE_STOC_SCT:564:tls_parse_stoc_sct
+SSL_F_TLS_PARSE_STOC_SERVER_NAME:583:tls_parse_stoc_server_name
+SSL_F_TLS_PARSE_STOC_SESSION_TICKET:584:tls_parse_stoc_session_ticket
+SSL_F_TLS_PARSE_STOC_STATUS_REQUEST:585:tls_parse_stoc_status_request
+SSL_F_TLS_PARSE_STOC_SUPPORTED_VERSIONS:612:tls_parse_stoc_supported_versions
+SSL_F_TLS_PARSE_STOC_USE_SRTP:446:tls_parse_stoc_use_srtp
+SSL_F_TLS_POST_PROCESS_CLIENT_HELLO:378:tls_post_process_client_hello
+SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE:384:\
+	tls_post_process_client_key_exchange
+SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE:360:tls_prepare_client_certificate
+SSL_F_TLS_PROCESS_AS_HELLO_RETRY_REQUEST:610:tls_process_as_hello_retry_request
+SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST:361:tls_process_certificate_request
+SSL_F_TLS_PROCESS_CERT_STATUS:362:*
+SSL_F_TLS_PROCESS_CERT_STATUS_BODY:495:tls_process_cert_status_body
+SSL_F_TLS_PROCESS_CERT_VERIFY:379:tls_process_cert_verify
+SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC:363:tls_process_change_cipher_spec
+SSL_F_TLS_PROCESS_CKE_DHE:411:tls_process_cke_dhe
+SSL_F_TLS_PROCESS_CKE_ECDHE:412:tls_process_cke_ecdhe
+SSL_F_TLS_PROCESS_CKE_GOST:413:tls_process_cke_gost
+SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE:414:tls_process_cke_psk_preamble
+SSL_F_TLS_PROCESS_CKE_RSA:415:tls_process_cke_rsa
+SSL_F_TLS_PROCESS_CKE_SRP:416:tls_process_cke_srp
+SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE:380:tls_process_client_certificate
+SSL_F_TLS_PROCESS_CLIENT_HELLO:381:tls_process_client_hello
+SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE:382:tls_process_client_key_exchange
+SSL_F_TLS_PROCESS_ENCRYPTED_EXTENSIONS:444:tls_process_encrypted_extensions
+SSL_F_TLS_PROCESS_END_OF_EARLY_DATA:537:tls_process_end_of_early_data
+SSL_F_TLS_PROCESS_FINISHED:364:tls_process_finished
+SSL_F_TLS_PROCESS_HELLO_REQ:507:tls_process_hello_req
+SSL_F_TLS_PROCESS_HELLO_RETRY_REQUEST:511:tls_process_hello_retry_request
+SSL_F_TLS_PROCESS_INITIAL_SERVER_FLIGHT:442:tls_process_initial_server_flight
+SSL_F_TLS_PROCESS_KEY_EXCHANGE:365:tls_process_key_exchange
+SSL_F_TLS_PROCESS_KEY_UPDATE:518:tls_process_key_update
+SSL_F_TLS_PROCESS_NEW_SESSION_TICKET:366:tls_process_new_session_ticket
+SSL_F_TLS_PROCESS_NEXT_PROTO:383:tls_process_next_proto
+SSL_F_TLS_PROCESS_SERVER_CERTIFICATE:367:tls_process_server_certificate
+SSL_F_TLS_PROCESS_SERVER_DONE:368:tls_process_server_done
+SSL_F_TLS_PROCESS_SERVER_HELLO:369:tls_process_server_hello
+SSL_F_TLS_PROCESS_SKE_DHE:419:tls_process_ske_dhe
+SSL_F_TLS_PROCESS_SKE_ECDHE:420:tls_process_ske_ecdhe
+SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE:421:tls_process_ske_psk_preamble
+SSL_F_TLS_PROCESS_SKE_SRP:422:tls_process_ske_srp
+SSL_F_TLS_PSK_DO_BINDER:506:tls_psk_do_binder
+SSL_F_TLS_SCAN_CLIENTHELLO_TLSEXT:450:*
+SSL_F_TLS_SETUP_HANDSHAKE:508:tls_setup_handshake
+SSL_F_USE_CERTIFICATE_CHAIN_FILE:220:use_certificate_chain_file
+SSL_F_WPACKET_INTERN_INIT_LEN:633:wpacket_intern_init_len
+SSL_F_WPACKET_START_SUB_PACKET_LEN__:634:WPACKET_start_sub_packet_len__
+SSL_F_WRITE_STATE_MACHINE:586:write_state_machine
+TS_F_DEF_SERIAL_CB:110:def_serial_cb
+TS_F_DEF_TIME_CB:111:def_time_cb
+TS_F_ESS_ADD_SIGNING_CERT:112:ess_add_signing_cert
+TS_F_ESS_ADD_SIGNING_CERT_V2:147:ess_add_signing_cert_v2
+TS_F_ESS_CERT_ID_NEW_INIT:113:ess_CERT_ID_new_init
+TS_F_ESS_CERT_ID_V2_NEW_INIT:156:ess_cert_id_v2_new_init
+TS_F_ESS_SIGNING_CERT_NEW_INIT:114:ess_SIGNING_CERT_new_init
+TS_F_ESS_SIGNING_CERT_V2_NEW_INIT:157:ess_signing_cert_v2_new_init
+TS_F_INT_TS_RESP_VERIFY_TOKEN:149:int_ts_RESP_verify_token
+TS_F_PKCS7_TO_TS_TST_INFO:148:PKCS7_to_TS_TST_INFO
+TS_F_TS_ACCURACY_SET_MICROS:115:TS_ACCURACY_set_micros
+TS_F_TS_ACCURACY_SET_MILLIS:116:TS_ACCURACY_set_millis
+TS_F_TS_ACCURACY_SET_SECONDS:117:TS_ACCURACY_set_seconds
+TS_F_TS_CHECK_IMPRINTS:100:ts_check_imprints
+TS_F_TS_CHECK_NONCES:101:ts_check_nonces
+TS_F_TS_CHECK_POLICY:102:ts_check_policy
+TS_F_TS_CHECK_SIGNING_CERTS:103:ts_check_signing_certs
+TS_F_TS_CHECK_STATUS_INFO:104:ts_check_status_info
+TS_F_TS_COMPUTE_IMPRINT:145:ts_compute_imprint
+TS_F_TS_CONF_INVALID:151:ts_CONF_invalid
+TS_F_TS_CONF_LOAD_CERT:153:TS_CONF_load_cert
+TS_F_TS_CONF_LOAD_CERTS:154:TS_CONF_load_certs
+TS_F_TS_CONF_LOAD_KEY:155:TS_CONF_load_key
+TS_F_TS_CONF_LOOKUP_FAIL:152:ts_CONF_lookup_fail
+TS_F_TS_CONF_SET_DEFAULT_ENGINE:146:TS_CONF_set_default_engine
+TS_F_TS_GET_STATUS_TEXT:105:ts_get_status_text
+TS_F_TS_MSG_IMPRINT_SET_ALGO:118:TS_MSG_IMPRINT_set_algo
+TS_F_TS_REQ_SET_MSG_IMPRINT:119:TS_REQ_set_msg_imprint
+TS_F_TS_REQ_SET_NONCE:120:TS_REQ_set_nonce
+TS_F_TS_REQ_SET_POLICY_ID:121:TS_REQ_set_policy_id
+TS_F_TS_RESP_CREATE_RESPONSE:122:TS_RESP_create_response
+TS_F_TS_RESP_CREATE_TST_INFO:123:ts_RESP_create_tst_info
+TS_F_TS_RESP_CTX_ADD_FAILURE_INFO:124:TS_RESP_CTX_add_failure_info
+TS_F_TS_RESP_CTX_ADD_MD:125:TS_RESP_CTX_add_md
+TS_F_TS_RESP_CTX_ADD_POLICY:126:TS_RESP_CTX_add_policy
+TS_F_TS_RESP_CTX_NEW:127:TS_RESP_CTX_new
+TS_F_TS_RESP_CTX_SET_ACCURACY:128:TS_RESP_CTX_set_accuracy
+TS_F_TS_RESP_CTX_SET_CERTS:129:TS_RESP_CTX_set_certs
+TS_F_TS_RESP_CTX_SET_DEF_POLICY:130:TS_RESP_CTX_set_def_policy
+TS_F_TS_RESP_CTX_SET_SIGNER_CERT:131:TS_RESP_CTX_set_signer_cert
+TS_F_TS_RESP_CTX_SET_STATUS_INFO:132:TS_RESP_CTX_set_status_info
+TS_F_TS_RESP_GET_POLICY:133:ts_RESP_get_policy
+TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION:134:TS_RESP_set_genTime_with_precision
+TS_F_TS_RESP_SET_STATUS_INFO:135:TS_RESP_set_status_info
+TS_F_TS_RESP_SET_TST_INFO:150:TS_RESP_set_tst_info
+TS_F_TS_RESP_SIGN:136:ts_RESP_sign
+TS_F_TS_RESP_VERIFY_SIGNATURE:106:TS_RESP_verify_signature
+TS_F_TS_TST_INFO_SET_ACCURACY:137:TS_TST_INFO_set_accuracy
+TS_F_TS_TST_INFO_SET_MSG_IMPRINT:138:TS_TST_INFO_set_msg_imprint
+TS_F_TS_TST_INFO_SET_NONCE:139:TS_TST_INFO_set_nonce
+TS_F_TS_TST_INFO_SET_POLICY_ID:140:TS_TST_INFO_set_policy_id
+TS_F_TS_TST_INFO_SET_SERIAL:141:TS_TST_INFO_set_serial
+TS_F_TS_TST_INFO_SET_TIME:142:TS_TST_INFO_set_time
+TS_F_TS_TST_INFO_SET_TSA:143:TS_TST_INFO_set_tsa
+TS_F_TS_VERIFY:108:*
+TS_F_TS_VERIFY_CERT:109:ts_verify_cert
+TS_F_TS_VERIFY_CTX_NEW:144:TS_VERIFY_CTX_new
+UI_F_CLOSE_CONSOLE:115:close_console
+UI_F_ECHO_CONSOLE:116:echo_console
+UI_F_GENERAL_ALLOCATE_BOOLEAN:108:general_allocate_boolean
+UI_F_GENERAL_ALLOCATE_PROMPT:109:general_allocate_prompt
+UI_F_NOECHO_CONSOLE:117:noecho_console
+UI_F_OPEN_CONSOLE:114:open_console
+UI_F_UI_CONSTRUCT_PROMPT:121:UI_construct_prompt
+UI_F_UI_CREATE_METHOD:112:UI_create_method
+UI_F_UI_CTRL:111:UI_ctrl
+UI_F_UI_DUP_ERROR_STRING:101:UI_dup_error_string
+UI_F_UI_DUP_INFO_STRING:102:UI_dup_info_string
+UI_F_UI_DUP_INPUT_BOOLEAN:110:UI_dup_input_boolean
+UI_F_UI_DUP_INPUT_STRING:103:UI_dup_input_string
+UI_F_UI_DUP_USER_DATA:118:UI_dup_user_data
+UI_F_UI_DUP_VERIFY_STRING:106:UI_dup_verify_string
+UI_F_UI_GET0_RESULT:107:UI_get0_result
+UI_F_UI_GET_RESULT_LENGTH:119:UI_get_result_length
+UI_F_UI_NEW_METHOD:104:UI_new_method
+UI_F_UI_PROCESS:113:UI_process
+UI_F_UI_SET_RESULT:105:UI_set_result
+UI_F_UI_SET_RESULT_EX:120:UI_set_result_ex
+X509V3_F_A2I_GENERAL_NAME:164:a2i_GENERAL_NAME
+X509V3_F_ADDR_VALIDATE_PATH_INTERNAL:166:addr_validate_path_internal
+X509V3_F_ASIDENTIFIERCHOICE_CANONIZE:161:ASIdentifierChoice_canonize
+X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL:162:ASIdentifierChoice_is_canonical
+X509V3_F_BIGNUM_TO_STRING:167:bignum_to_string
+X509V3_F_COPY_EMAIL:122:copy_email
+X509V3_F_COPY_ISSUER:123:copy_issuer
+X509V3_F_DO_DIRNAME:144:do_dirname
+X509V3_F_DO_EXT_I2D:135:do_ext_i2d
+X509V3_F_DO_EXT_NCONF:151:do_ext_nconf
+X509V3_F_GNAMES_FROM_SECTNAME:156:gnames_from_sectname
+X509V3_F_I2S_ASN1_ENUMERATED:121:i2s_ASN1_ENUMERATED
+X509V3_F_I2S_ASN1_IA5STRING:149:i2s_ASN1_IA5STRING
+X509V3_F_I2S_ASN1_INTEGER:120:i2s_ASN1_INTEGER
+X509V3_F_I2V_AUTHORITY_INFO_ACCESS:138:i2v_AUTHORITY_INFO_ACCESS
+X509V3_F_LEVEL_ADD_NODE:168:level_add_node
+X509V3_F_NOTICE_SECTION:132:notice_section
+X509V3_F_NREF_NOS:133:nref_nos
+X509V3_F_POLICY_CACHE_CREATE:169:policy_cache_create
+X509V3_F_POLICY_CACHE_NEW:170:policy_cache_new
+X509V3_F_POLICY_DATA_NEW:171:policy_data_new
+X509V3_F_POLICY_SECTION:131:policy_section
+X509V3_F_PROCESS_PCI_VALUE:150:process_pci_value
+X509V3_F_R2I_CERTPOL:130:r2i_certpol
+X509V3_F_R2I_PCI:155:r2i_pci
+X509V3_F_S2I_ASN1_IA5STRING:100:s2i_ASN1_IA5STRING
+X509V3_F_S2I_ASN1_INTEGER:108:s2i_ASN1_INTEGER
+X509V3_F_S2I_ASN1_OCTET_STRING:112:s2i_ASN1_OCTET_STRING
+X509V3_F_S2I_SKEY_ID:115:s2i_skey_id
+X509V3_F_SET_DIST_POINT_NAME:158:set_dist_point_name
+X509V3_F_SXNET_ADD_ID_ASC:125:SXNET_add_id_asc
+X509V3_F_SXNET_ADD_ID_INTEGER:126:SXNET_add_id_INTEGER
+X509V3_F_SXNET_ADD_ID_ULONG:127:SXNET_add_id_ulong
+X509V3_F_SXNET_GET_ID_ASC:128:SXNET_get_id_asc
+X509V3_F_SXNET_GET_ID_ULONG:129:SXNET_get_id_ulong
+X509V3_F_TREE_INIT:172:tree_init
+X509V3_F_V2I_ASIDENTIFIERS:163:v2i_ASIdentifiers
+X509V3_F_V2I_ASN1_BIT_STRING:101:v2i_ASN1_BIT_STRING
+X509V3_F_V2I_AUTHORITY_INFO_ACCESS:139:v2i_AUTHORITY_INFO_ACCESS
+X509V3_F_V2I_AUTHORITY_KEYID:119:v2i_AUTHORITY_KEYID
+X509V3_F_V2I_BASIC_CONSTRAINTS:102:v2i_BASIC_CONSTRAINTS
+X509V3_F_V2I_CRLD:134:v2i_crld
+X509V3_F_V2I_EXTENDED_KEY_USAGE:103:v2i_EXTENDED_KEY_USAGE
+X509V3_F_V2I_GENERAL_NAMES:118:v2i_GENERAL_NAMES
+X509V3_F_V2I_GENERAL_NAME_EX:117:v2i_GENERAL_NAME_ex
+X509V3_F_V2I_IDP:157:v2i_idp
+X509V3_F_V2I_IPADDRBLOCKS:159:v2i_IPAddrBlocks
+X509V3_F_V2I_ISSUER_ALT:153:v2i_issuer_alt
+X509V3_F_V2I_NAME_CONSTRAINTS:147:v2i_NAME_CONSTRAINTS
+X509V3_F_V2I_POLICY_CONSTRAINTS:146:v2i_POLICY_CONSTRAINTS
+X509V3_F_V2I_POLICY_MAPPINGS:145:v2i_POLICY_MAPPINGS
+X509V3_F_V2I_SUBJECT_ALT:154:v2i_subject_alt
+X509V3_F_V2I_TLS_FEATURE:165:v2i_TLS_FEATURE
+X509V3_F_V3_GENERIC_EXTENSION:116:v3_generic_extension
+X509V3_F_X509V3_ADD1_I2D:140:X509V3_add1_i2d
+X509V3_F_X509V3_ADD_VALUE:105:X509V3_add_value
+X509V3_F_X509V3_EXT_ADD:104:X509V3_EXT_add
+X509V3_F_X509V3_EXT_ADD_ALIAS:106:X509V3_EXT_add_alias
+X509V3_F_X509V3_EXT_I2D:136:X509V3_EXT_i2d
+X509V3_F_X509V3_EXT_NCONF:152:X509V3_EXT_nconf
+X509V3_F_X509V3_GET_SECTION:142:X509V3_get_section
+X509V3_F_X509V3_GET_STRING:143:X509V3_get_string
+X509V3_F_X509V3_GET_VALUE_BOOL:110:X509V3_get_value_bool
+X509V3_F_X509V3_PARSE_LIST:109:X509V3_parse_list
+X509V3_F_X509_PURPOSE_ADD:137:X509_PURPOSE_add
+X509V3_F_X509_PURPOSE_SET:141:X509_PURPOSE_set
+X509_F_ADD_CERT_DIR:100:add_cert_dir
+X509_F_BUILD_CHAIN:106:build_chain
+X509_F_BY_FILE_CTRL:101:by_file_ctrl
+X509_F_CHECK_NAME_CONSTRAINTS:149:check_name_constraints
+X509_F_CHECK_POLICY:145:check_policy
+X509_F_DANE_I2D:107:dane_i2d
+X509_F_DIR_CTRL:102:dir_ctrl
+X509_F_GET_CERT_BY_SUBJECT:103:get_cert_by_subject
+X509_F_I2D_X509_AUX:151:i2d_X509_AUX
+X509_F_LOOKUP_CERTS_SK:152:lookup_certs_sk
+X509_F_NETSCAPE_SPKI_B64_DECODE:129:NETSCAPE_SPKI_b64_decode
+X509_F_NETSCAPE_SPKI_B64_ENCODE:130:NETSCAPE_SPKI_b64_encode
+X509_F_NEW_DIR:153:new_dir
+X509_F_X509AT_ADD1_ATTR:135:X509at_add1_attr
+X509_F_X509V3_ADD_EXT:104:X509v3_add_ext
+X509_F_X509_ATTRIBUTE_CREATE_BY_NID:136:X509_ATTRIBUTE_create_by_NID
+X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ:137:X509_ATTRIBUTE_create_by_OBJ
+X509_F_X509_ATTRIBUTE_CREATE_BY_TXT:140:X509_ATTRIBUTE_create_by_txt
+X509_F_X509_ATTRIBUTE_GET0_DATA:139:X509_ATTRIBUTE_get0_data
+X509_F_X509_ATTRIBUTE_SET1_DATA:138:X509_ATTRIBUTE_set1_data
+X509_F_X509_CHECK_PRIVATE_KEY:128:X509_check_private_key
+X509_F_X509_CRL_DIFF:105:X509_CRL_diff
+X509_F_X509_CRL_METHOD_NEW:154:X509_CRL_METHOD_new
+X509_F_X509_CRL_PRINT_FP:147:X509_CRL_print_fp
+X509_F_X509_EXTENSION_CREATE_BY_NID:108:X509_EXTENSION_create_by_NID
+X509_F_X509_EXTENSION_CREATE_BY_OBJ:109:X509_EXTENSION_create_by_OBJ
+X509_F_X509_GET_PUBKEY_PARAMETERS:110:X509_get_pubkey_parameters
+X509_F_X509_LOAD_CERT_CRL_FILE:132:X509_load_cert_crl_file
+X509_F_X509_LOAD_CERT_FILE:111:X509_load_cert_file
+X509_F_X509_LOAD_CRL_FILE:112:X509_load_crl_file
+X509_F_X509_LOOKUP_METH_NEW:160:X509_LOOKUP_meth_new
+X509_F_X509_LOOKUP_NEW:155:X509_LOOKUP_new
+X509_F_X509_NAME_ADD_ENTRY:113:X509_NAME_add_entry
+X509_F_X509_NAME_CANON:156:x509_name_canon
+X509_F_X509_NAME_ENTRY_CREATE_BY_NID:114:X509_NAME_ENTRY_create_by_NID
+X509_F_X509_NAME_ENTRY_CREATE_BY_TXT:131:X509_NAME_ENTRY_create_by_txt
+X509_F_X509_NAME_ENTRY_SET_OBJECT:115:X509_NAME_ENTRY_set_object
+X509_F_X509_NAME_ONELINE:116:X509_NAME_oneline
+X509_F_X509_NAME_PRINT:117:X509_NAME_print
+X509_F_X509_OBJECT_NEW:150:X509_OBJECT_new
+X509_F_X509_PRINT_EX_FP:118:X509_print_ex_fp
+X509_F_X509_PUBKEY_DECODE:148:x509_pubkey_decode
+X509_F_X509_PUBKEY_GET0:119:X509_PUBKEY_get0
+X509_F_X509_PUBKEY_SET:120:X509_PUBKEY_set
+X509_F_X509_REQ_CHECK_PRIVATE_KEY:144:X509_REQ_check_private_key
+X509_F_X509_REQ_PRINT_EX:121:X509_REQ_print_ex
+X509_F_X509_REQ_PRINT_FP:122:X509_REQ_print_fp
+X509_F_X509_REQ_TO_X509:123:X509_REQ_to_X509
+X509_F_X509_STORE_ADD_CERT:124:X509_STORE_add_cert
+X509_F_X509_STORE_ADD_CRL:125:X509_STORE_add_crl
+X509_F_X509_STORE_ADD_LOOKUP:157:X509_STORE_add_lookup
+X509_F_X509_STORE_CTX_GET1_ISSUER:146:X509_STORE_CTX_get1_issuer
+X509_F_X509_STORE_CTX_INIT:143:X509_STORE_CTX_init
+X509_F_X509_STORE_CTX_NEW:142:X509_STORE_CTX_new
+X509_F_X509_STORE_CTX_PURPOSE_INHERIT:134:X509_STORE_CTX_purpose_inherit
+X509_F_X509_STORE_NEW:158:X509_STORE_new
+X509_F_X509_TO_X509_REQ:126:X509_to_X509_REQ
+X509_F_X509_TRUST_ADD:133:X509_TRUST_add
+X509_F_X509_TRUST_SET:141:X509_TRUST_set
+X509_F_X509_VERIFY_CERT:127:X509_verify_cert
+X509_F_X509_VERIFY_PARAM_NEW:159:X509_VERIFY_PARAM_new
+
+#Reason codes
+ASN1_R_ADDING_OBJECT:171:adding object
+ASN1_R_ASN1_PARSE_ERROR:203:asn1 parse error
+ASN1_R_ASN1_SIG_PARSE_ERROR:204:asn1 sig parse error
+ASN1_R_AUX_ERROR:100:aux error
+ASN1_R_BAD_OBJECT_HEADER:102:bad object header
+ASN1_R_BMPSTRING_IS_WRONG_LENGTH:214:bmpstring is wrong length
+ASN1_R_BN_LIB:105:bn lib
+ASN1_R_BOOLEAN_IS_WRONG_LENGTH:106:boolean is wrong length
+ASN1_R_BUFFER_TOO_SMALL:107:buffer too small
+ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER:108:cipher has no object identifier
+ASN1_R_CONTEXT_NOT_INITIALISED:217:context not initialised
+ASN1_R_DATA_IS_WRONG:109:data is wrong
+ASN1_R_DECODE_ERROR:110:decode error
+ASN1_R_DEPTH_EXCEEDED:174:depth exceeded
+ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED:198:digest and key type not supported
+ASN1_R_ENCODE_ERROR:112:encode error
+ASN1_R_ERROR_GETTING_TIME:173:error getting time
+ASN1_R_ERROR_LOADING_SECTION:172:error loading section
+ASN1_R_ERROR_SETTING_CIPHER_PARAMS:114:error setting cipher params
+ASN1_R_EXPECTING_AN_INTEGER:115:expecting an integer
+ASN1_R_EXPECTING_AN_OBJECT:116:expecting an object
+ASN1_R_EXPLICIT_LENGTH_MISMATCH:119:explicit length mismatch
+ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED:120:explicit tag not constructed
+ASN1_R_FIELD_MISSING:121:field missing
+ASN1_R_FIRST_NUM_TOO_LARGE:122:first num too large
+ASN1_R_HEADER_TOO_LONG:123:header too long
+ASN1_R_ILLEGAL_BITSTRING_FORMAT:175:illegal bitstring format
+ASN1_R_ILLEGAL_BOOLEAN:176:illegal boolean
+ASN1_R_ILLEGAL_CHARACTERS:124:illegal characters
+ASN1_R_ILLEGAL_FORMAT:177:illegal format
+ASN1_R_ILLEGAL_HEX:178:illegal hex
+ASN1_R_ILLEGAL_IMPLICIT_TAG:179:illegal implicit tag
+ASN1_R_ILLEGAL_INTEGER:180:illegal integer
+ASN1_R_ILLEGAL_NEGATIVE_VALUE:226:illegal negative value
+ASN1_R_ILLEGAL_NESTED_TAGGING:181:illegal nested tagging
+ASN1_R_ILLEGAL_NULL:125:illegal null
+ASN1_R_ILLEGAL_NULL_VALUE:182:illegal null value
+ASN1_R_ILLEGAL_OBJECT:183:illegal object
+ASN1_R_ILLEGAL_OPTIONAL_ANY:126:illegal optional any
+ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE:170:illegal options on item template
+ASN1_R_ILLEGAL_PADDING:221:illegal padding
+ASN1_R_ILLEGAL_TAGGED_ANY:127:illegal tagged any
+ASN1_R_ILLEGAL_TIME_VALUE:184:illegal time value
+ASN1_R_ILLEGAL_ZERO_CONTENT:222:illegal zero content
+ASN1_R_INTEGER_NOT_ASCII_FORMAT:185:integer not ascii format
+ASN1_R_INTEGER_TOO_LARGE_FOR_LONG:128:integer too large for long
+ASN1_R_INVALID_BIT_STRING_BITS_LEFT:220:invalid bit string bits left
+ASN1_R_INVALID_BMPSTRING_LENGTH:129:invalid bmpstring length
+ASN1_R_INVALID_DIGIT:130:invalid digit
+ASN1_R_INVALID_MIME_TYPE:205:invalid mime type
+ASN1_R_INVALID_MODIFIER:186:invalid modifier
+ASN1_R_INVALID_NUMBER:187:invalid number
+ASN1_R_INVALID_OBJECT_ENCODING:216:invalid object encoding
+ASN1_R_INVALID_SCRYPT_PARAMETERS:227:invalid scrypt parameters
+ASN1_R_INVALID_SEPARATOR:131:invalid separator
+ASN1_R_INVALID_STRING_TABLE_VALUE:218:invalid string table value
+ASN1_R_INVALID_UNIVERSALSTRING_LENGTH:133:invalid universalstring length
+ASN1_R_INVALID_UTF8STRING:134:invalid utf8string
+ASN1_R_INVALID_VALUE:219:invalid value
+ASN1_R_LIST_ERROR:188:list error
+ASN1_R_MIME_NO_CONTENT_TYPE:206:mime no content type
+ASN1_R_MIME_PARSE_ERROR:207:mime parse error
+ASN1_R_MIME_SIG_PARSE_ERROR:208:mime sig parse error
+ASN1_R_MISSING_EOC:137:missing eoc
+ASN1_R_MISSING_SECOND_NUMBER:138:missing second number
+ASN1_R_MISSING_VALUE:189:missing value
+ASN1_R_MSTRING_NOT_UNIVERSAL:139:mstring not universal
+ASN1_R_MSTRING_WRONG_TAG:140:mstring wrong tag
+ASN1_R_NESTED_ASN1_STRING:197:nested asn1 string
+ASN1_R_NESTED_TOO_DEEP:201:nested too deep
+ASN1_R_NON_HEX_CHARACTERS:141:non hex characters
+ASN1_R_NOT_ASCII_FORMAT:190:not ascii format
+ASN1_R_NOT_ENOUGH_DATA:142:not enough data
+ASN1_R_NO_CONTENT_TYPE:209:no content type
+ASN1_R_NO_MATCHING_CHOICE_TYPE:143:no matching choice type
+ASN1_R_NO_MULTIPART_BODY_FAILURE:210:no multipart body failure
+ASN1_R_NO_MULTIPART_BOUNDARY:211:no multipart boundary
+ASN1_R_NO_SIG_CONTENT_TYPE:212:no sig content type
+ASN1_R_NULL_IS_WRONG_LENGTH:144:null is wrong length
+ASN1_R_OBJECT_NOT_ASCII_FORMAT:191:object not ascii format
+ASN1_R_ODD_NUMBER_OF_CHARS:145:odd number of chars
+ASN1_R_SECOND_NUMBER_TOO_LARGE:147:second number too large
+ASN1_R_SEQUENCE_LENGTH_MISMATCH:148:sequence length mismatch
+ASN1_R_SEQUENCE_NOT_CONSTRUCTED:149:sequence not constructed
+ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG:192:sequence or set needs config
+ASN1_R_SHORT_LINE:150:short line
+ASN1_R_SIG_INVALID_MIME_TYPE:213:sig invalid mime type
+ASN1_R_STREAMING_NOT_SUPPORTED:202:streaming not supported
+ASN1_R_STRING_TOO_LONG:151:string too long
+ASN1_R_STRING_TOO_SHORT:152:string too short
+ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD:154:\
+	the asn1 object identifier is not known for this md
+ASN1_R_TIME_NOT_ASCII_FORMAT:193:time not ascii format
+ASN1_R_TOO_LARGE:223:too large
+ASN1_R_TOO_LONG:155:too long
+ASN1_R_TOO_SMALL:224:too small
+ASN1_R_TYPE_NOT_CONSTRUCTED:156:type not constructed
+ASN1_R_TYPE_NOT_PRIMITIVE:195:type not primitive
+ASN1_R_UNEXPECTED_EOC:159:unexpected eoc
+ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH:215:universalstring is wrong length
+ASN1_R_UNKNOWN_FORMAT:160:unknown format
+ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM:161:unknown message digest algorithm
+ASN1_R_UNKNOWN_OBJECT_TYPE:162:unknown object type
+ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE:163:unknown public key type
+ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM:199:unknown signature algorithm
+ASN1_R_UNKNOWN_TAG:194:unknown tag
+ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE:164:unsupported any defined by type
+ASN1_R_UNSUPPORTED_CIPHER:228:unsupported cipher
+ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE:167:unsupported public key type
+ASN1_R_UNSUPPORTED_TYPE:196:unsupported type
+ASN1_R_WRONG_INTEGER_TYPE:225:wrong integer type
+ASN1_R_WRONG_PUBLIC_KEY_TYPE:200:wrong public key type
+ASN1_R_WRONG_TAG:168:wrong tag
+ASYNC_R_FAILED_TO_SET_POOL:101:failed to set pool
+ASYNC_R_FAILED_TO_SWAP_CONTEXT:102:failed to swap context
+ASYNC_R_INIT_FAILED:105:init failed
+ASYNC_R_INVALID_POOL_SIZE:103:invalid pool size
+BIO_R_ACCEPT_ERROR:100:accept error
+BIO_R_ADDRINFO_ADDR_IS_NOT_AF_INET:141:addrinfo addr is not af inet
+BIO_R_AMBIGUOUS_HOST_OR_SERVICE:129:ambiguous host or service
+BIO_R_BAD_FOPEN_MODE:101:bad fopen mode
+BIO_R_BROKEN_PIPE:124:broken pipe
+BIO_R_CONNECT_ERROR:103:connect error
+BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET:107:gethostbyname addr is not af inet
+BIO_R_GETSOCKNAME_ERROR:132:getsockname error
+BIO_R_GETSOCKNAME_TRUNCATED_ADDRESS:133:getsockname truncated address
+BIO_R_GETTING_SOCKTYPE:134:getting socktype
+BIO_R_INVALID_ARGUMENT:125:invalid argument
+BIO_R_INVALID_SOCKET:135:invalid socket
+BIO_R_IN_USE:123:in use
+BIO_R_LENGTH_TOO_LONG:102:length too long
+BIO_R_LISTEN_V6_ONLY:136:listen v6 only
+BIO_R_LOOKUP_RETURNED_NOTHING:142:lookup returned nothing
+BIO_R_MALFORMED_HOST_OR_SERVICE:130:malformed host or service
+BIO_R_NBIO_CONNECT_ERROR:110:nbio connect error
+BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED:143:\
+	no accept addr or service specified
+BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED:144:no hostname or service specified
+BIO_R_NO_PORT_DEFINED:113:no port defined
+BIO_R_NO_SUCH_FILE:128:no such file
+BIO_R_NULL_PARAMETER:115:null parameter
+BIO_R_UNABLE_TO_BIND_SOCKET:117:unable to bind socket
+BIO_R_UNABLE_TO_CREATE_SOCKET:118:unable to create socket
+BIO_R_UNABLE_TO_KEEPALIVE:137:unable to keepalive
+BIO_R_UNABLE_TO_LISTEN_SOCKET:119:unable to listen socket
+BIO_R_UNABLE_TO_NODELAY:138:unable to nodelay
+BIO_R_UNABLE_TO_REUSEADDR:139:unable to reuseaddr
+BIO_R_UNAVAILABLE_IP_FAMILY:145:unavailable ip family
+BIO_R_UNINITIALIZED:120:uninitialized
+BIO_R_UNKNOWN_INFO_TYPE:140:unknown info type
+BIO_R_UNSUPPORTED_IP_FAMILY:146:unsupported ip family
+BIO_R_UNSUPPORTED_METHOD:121:unsupported method
+BIO_R_UNSUPPORTED_PROTOCOL_FAMILY:131:unsupported protocol family
+BIO_R_WRITE_TO_READ_ONLY_BIO:126:write to read only BIO
+BIO_R_WSASTARTUP:122:WSAStartup
+BN_R_ARG2_LT_ARG3:100:arg2 lt arg3
+BN_R_BAD_RECIPROCAL:101:bad reciprocal
+BN_R_BIGNUM_TOO_LONG:114:bignum too long
+BN_R_BITS_TOO_SMALL:118:bits too small
+BN_R_CALLED_WITH_EVEN_MODULUS:102:called with even modulus
+BN_R_DIV_BY_ZERO:103:div by zero
+BN_R_ENCODING_ERROR:104:encoding error
+BN_R_EXPAND_ON_STATIC_BIGNUM_DATA:105:expand on static bignum data
+BN_R_INPUT_NOT_REDUCED:110:input not reduced
+BN_R_INVALID_LENGTH:106:invalid length
+BN_R_INVALID_RANGE:115:invalid range
+BN_R_INVALID_SHIFT:119:invalid shift
+BN_R_NOT_A_SQUARE:111:not a square
+BN_R_NOT_INITIALIZED:107:not initialized
+BN_R_NO_INVERSE:108:no inverse
+BN_R_NO_SOLUTION:116:no solution
+BN_R_PRIVATE_KEY_TOO_LARGE:117:private key too large
+BN_R_P_IS_NOT_PRIME:112:p is not prime
+BN_R_TOO_MANY_ITERATIONS:113:too many iterations
+BN_R_TOO_MANY_TEMPORARY_VARIABLES:109:too many temporary variables
+CMS_R_ADD_SIGNER_ERROR:99:add signer error
+CMS_R_CERTIFICATE_ALREADY_PRESENT:175:certificate already present
+CMS_R_CERTIFICATE_HAS_NO_KEYID:160:certificate has no keyid
+CMS_R_CERTIFICATE_VERIFY_ERROR:100:certificate verify error
+CMS_R_CIPHER_INITIALISATION_ERROR:101:cipher initialisation error
+CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR:102:\
+	cipher parameter initialisation error
+CMS_R_CMS_DATAFINAL_ERROR:103:cms datafinal error
+CMS_R_CMS_LIB:104:cms lib
+CMS_R_CONTENTIDENTIFIER_MISMATCH:170:contentidentifier mismatch
+CMS_R_CONTENT_NOT_FOUND:105:content not found
+CMS_R_CONTENT_TYPE_MISMATCH:171:content type mismatch
+CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA:106:content type not compressed data
+CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA:107:content type not enveloped data
+CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA:108:content type not signed data
+CMS_R_CONTENT_VERIFY_ERROR:109:content verify error
+CMS_R_CTRL_ERROR:110:ctrl error
+CMS_R_CTRL_FAILURE:111:ctrl failure
+CMS_R_DECRYPT_ERROR:112:decrypt error
+CMS_R_ERROR_GETTING_PUBLIC_KEY:113:error getting public key
+CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE:114:\
+	error reading messagedigest attribute
+CMS_R_ERROR_SETTING_KEY:115:error setting key
+CMS_R_ERROR_SETTING_RECIPIENTINFO:116:error setting recipientinfo
+CMS_R_INVALID_ENCRYPTED_KEY_LENGTH:117:invalid encrypted key length
+CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER:176:invalid key encryption parameter
+CMS_R_INVALID_KEY_LENGTH:118:invalid key length
+CMS_R_MD_BIO_INIT_ERROR:119:md bio init error
+CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH:120:\
+	messagedigest attribute wrong length
+CMS_R_MESSAGEDIGEST_WRONG_LENGTH:121:messagedigest wrong length
+CMS_R_MSGSIGDIGEST_ERROR:172:msgsigdigest error
+CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE:162:msgsigdigest verification failure
+CMS_R_MSGSIGDIGEST_WRONG_LENGTH:163:msgsigdigest wrong length
+CMS_R_NEED_ONE_SIGNER:164:need one signer
+CMS_R_NOT_A_SIGNED_RECEIPT:165:not a signed receipt
+CMS_R_NOT_ENCRYPTED_DATA:122:not encrypted data
+CMS_R_NOT_KEK:123:not kek
+CMS_R_NOT_KEY_AGREEMENT:181:not key agreement
+CMS_R_NOT_KEY_TRANSPORT:124:not key transport
+CMS_R_NOT_PWRI:177:not pwri
+CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE:125:not supported for this key type
+CMS_R_NO_CIPHER:126:no cipher
+CMS_R_NO_CONTENT:127:no content
+CMS_R_NO_CONTENT_TYPE:173:no content type
+CMS_R_NO_DEFAULT_DIGEST:128:no default digest
+CMS_R_NO_DIGEST_SET:129:no digest set
+CMS_R_NO_KEY:130:no key
+CMS_R_NO_KEY_OR_CERT:174:no key or cert
+CMS_R_NO_MATCHING_DIGEST:131:no matching digest
+CMS_R_NO_MATCHING_RECIPIENT:132:no matching recipient
+CMS_R_NO_MATCHING_SIGNATURE:166:no matching signature
+CMS_R_NO_MSGSIGDIGEST:167:no msgsigdigest
+CMS_R_NO_PASSWORD:178:no password
+CMS_R_NO_PRIVATE_KEY:133:no private key
+CMS_R_NO_PUBLIC_KEY:134:no public key
+CMS_R_NO_RECEIPT_REQUEST:168:no receipt request
+CMS_R_NO_SIGNERS:135:no signers
+CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE:136:\
+	private key does not match certificate
+CMS_R_RECEIPT_DECODE_ERROR:169:receipt decode error
+CMS_R_RECIPIENT_ERROR:137:recipient error
+CMS_R_SIGNER_CERTIFICATE_NOT_FOUND:138:signer certificate not found
+CMS_R_SIGNFINAL_ERROR:139:signfinal error
+CMS_R_SMIME_TEXT_ERROR:140:smime text error
+CMS_R_STORE_INIT_ERROR:141:store init error
+CMS_R_TYPE_NOT_COMPRESSED_DATA:142:type not compressed data
+CMS_R_TYPE_NOT_DATA:143:type not data
+CMS_R_TYPE_NOT_DIGESTED_DATA:144:type not digested data
+CMS_R_TYPE_NOT_ENCRYPTED_DATA:145:type not encrypted data
+CMS_R_TYPE_NOT_ENVELOPED_DATA:146:type not enveloped data
+CMS_R_UNABLE_TO_FINALIZE_CONTEXT:147:unable to finalize context
+CMS_R_UNKNOWN_CIPHER:148:unknown cipher
+CMS_R_UNKNOWN_DIGEST_ALGORITHM:149:unknown digest algorithm
+CMS_R_UNKNOWN_ID:150:unknown id
+CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM:151:unsupported compression algorithm
+CMS_R_UNSUPPORTED_CONTENT_TYPE:152:unsupported content type
+CMS_R_UNSUPPORTED_KEK_ALGORITHM:153:unsupported kek algorithm
+CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM:179:\
+	unsupported key encryption algorithm
+CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE:155:unsupported recipientinfo type
+CMS_R_UNSUPPORTED_RECIPIENT_TYPE:154:unsupported recipient type
+CMS_R_UNSUPPORTED_TYPE:156:unsupported type
+CMS_R_UNWRAP_ERROR:157:unwrap error
+CMS_R_UNWRAP_FAILURE:180:unwrap failure
+CMS_R_VERIFICATION_FAILURE:158:verification failure
+CMS_R_WRAP_ERROR:159:wrap error
+COMP_R_ZLIB_DEFLATE_ERROR:99:zlib deflate error
+COMP_R_ZLIB_INFLATE_ERROR:100:zlib inflate error
+COMP_R_ZLIB_NOT_SUPPORTED:101:zlib not supported
+CONF_R_ERROR_LOADING_DSO:110:error loading dso
+CONF_R_LIST_CANNOT_BE_NULL:115:list cannot be null
+CONF_R_MISSING_CLOSE_SQUARE_BRACKET:100:missing close square bracket
+CONF_R_MISSING_EQUAL_SIGN:101:missing equal sign
+CONF_R_MISSING_INIT_FUNCTION:112:missing init function
+CONF_R_MODULE_INITIALIZATION_ERROR:109:module initialization error
+CONF_R_NO_CLOSE_BRACE:102:no close brace
+CONF_R_NO_CONF:105:no conf
+CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE:106:no conf or environment variable
+CONF_R_NO_SECTION:107:no section
+CONF_R_NO_SUCH_FILE:114:no such file
+CONF_R_NO_VALUE:108:no value
+CONF_R_NUMBER_TOO_LARGE:121:number too large
+CONF_R_RECURSIVE_DIRECTORY_INCLUDE:111:recursive directory include
+CONF_R_SSL_COMMAND_SECTION_EMPTY:117:ssl command section empty
+CONF_R_SSL_COMMAND_SECTION_NOT_FOUND:118:ssl command section not found
+CONF_R_SSL_SECTION_EMPTY:119:ssl section empty
+CONF_R_SSL_SECTION_NOT_FOUND:120:ssl section not found
+CONF_R_UNABLE_TO_CREATE_NEW_SECTION:103:unable to create new section
+CONF_R_UNKNOWN_MODULE_NAME:113:unknown module name
+CONF_R_VARIABLE_EXPANSION_TOO_LONG:116:variable expansion too long
+CONF_R_VARIABLE_HAS_NO_VALUE:104:variable has no value
+CRYPTO_R_FIPS_MODE_NOT_SUPPORTED:101:fips mode not supported
+CRYPTO_R_ILLEGAL_HEX_DIGIT:102:illegal hex digit
+CRYPTO_R_ODD_NUMBER_OF_DIGITS:103:odd number of digits
+CT_R_BASE64_DECODE_ERROR:108:base64 decode error
+CT_R_INVALID_LOG_ID_LENGTH:100:invalid log id length
+CT_R_LOG_CONF_INVALID:109:log conf invalid
+CT_R_LOG_CONF_INVALID_KEY:110:log conf invalid key
+CT_R_LOG_CONF_MISSING_DESCRIPTION:111:log conf missing description
+CT_R_LOG_CONF_MISSING_KEY:112:log conf missing key
+CT_R_LOG_KEY_INVALID:113:log key invalid
+CT_R_SCT_FUTURE_TIMESTAMP:116:sct future timestamp
+CT_R_SCT_INVALID:104:sct invalid
+CT_R_SCT_INVALID_SIGNATURE:107:sct invalid signature
+CT_R_SCT_LIST_INVALID:105:sct list invalid
+CT_R_SCT_LOG_ID_MISMATCH:114:sct log id mismatch
+CT_R_SCT_NOT_SET:106:sct not set
+CT_R_SCT_UNSUPPORTED_VERSION:115:sct unsupported version
+CT_R_UNRECOGNIZED_SIGNATURE_NID:101:unrecognized signature nid
+CT_R_UNSUPPORTED_ENTRY_TYPE:102:unsupported entry type
+CT_R_UNSUPPORTED_VERSION:103:unsupported version
+DH_R_BAD_GENERATOR:101:bad generator
+DH_R_BN_DECODE_ERROR:109:bn decode error
+DH_R_BN_ERROR:106:bn error
+DH_R_CHECK_INVALID_J_VALUE:115:check invalid j value
+DH_R_CHECK_INVALID_Q_VALUE:116:check invalid q value
+DH_R_CHECK_PUBKEY_INVALID:122:check pubkey invalid
+DH_R_CHECK_PUBKEY_TOO_LARGE:123:check pubkey too large
+DH_R_CHECK_PUBKEY_TOO_SMALL:124:check pubkey too small
+DH_R_CHECK_P_NOT_PRIME:117:check p not prime
+DH_R_CHECK_P_NOT_SAFE_PRIME:118:check p not safe prime
+DH_R_CHECK_Q_NOT_PRIME:119:check q not prime
+DH_R_DECODE_ERROR:104:decode error
+DH_R_INVALID_PARAMETER_NAME:110:invalid parameter name
+DH_R_INVALID_PARAMETER_NID:114:invalid parameter nid
+DH_R_INVALID_PUBKEY:102:invalid public key
+DH_R_KDF_PARAMETER_ERROR:112:kdf parameter error
+DH_R_KEYS_NOT_SET:108:keys not set
+DH_R_MISSING_PUBKEY:125:missing pubkey
+DH_R_MODULUS_TOO_LARGE:103:modulus too large
+DH_R_NOT_SUITABLE_GENERATOR:120:not suitable generator
+DH_R_NO_PARAMETERS_SET:107:no parameters set
+DH_R_NO_PRIVATE_VALUE:100:no private value
+DH_R_PARAMETER_ENCODING_ERROR:105:parameter encoding error
+DH_R_PEER_KEY_ERROR:111:peer key error
+DH_R_SHARED_INFO_ERROR:113:shared info error
+DH_R_UNABLE_TO_CHECK_GENERATOR:121:unable to check generator
+DSA_R_BAD_Q_VALUE:102:bad q value
+DSA_R_BN_DECODE_ERROR:108:bn decode error
+DSA_R_BN_ERROR:109:bn error
+DSA_R_DECODE_ERROR:104:decode error
+DSA_R_INVALID_DIGEST_TYPE:106:invalid digest type
+DSA_R_INVALID_PARAMETERS:112:invalid parameters
+DSA_R_MISSING_PARAMETERS:101:missing parameters
+DSA_R_MODULUS_TOO_LARGE:103:modulus too large
+DSA_R_NO_PARAMETERS_SET:107:no parameters set
+DSA_R_PARAMETER_ENCODING_ERROR:105:parameter encoding error
+DSA_R_Q_NOT_PRIME:113:q not prime
+DSA_R_SEED_LEN_SMALL:110:seed_len is less than the length of q
+DSO_R_CTRL_FAILED:100:control command failed
+DSO_R_DSO_ALREADY_LOADED:110:dso already loaded
+DSO_R_EMPTY_FILE_STRUCTURE:113:empty file structure
+DSO_R_FAILURE:114:failure
+DSO_R_FILENAME_TOO_BIG:101:filename too big
+DSO_R_FINISH_FAILED:102:cleanup method function failed
+DSO_R_INCORRECT_FILE_SYNTAX:115:incorrect file syntax
+DSO_R_LOAD_FAILED:103:could not load the shared library
+DSO_R_NAME_TRANSLATION_FAILED:109:name translation failed
+DSO_R_NO_FILENAME:111:no filename
+DSO_R_NULL_HANDLE:104:a null shared library handle was used
+DSO_R_SET_FILENAME_FAILED:112:set filename failed
+DSO_R_STACK_ERROR:105:the meth_data stack is corrupt
+DSO_R_SYM_FAILURE:106:could not bind to the requested symbol name
+DSO_R_UNLOAD_FAILED:107:could not unload the shared library
+DSO_R_UNSUPPORTED:108:functionality not supported
+EC_R_ASN1_ERROR:115:asn1 error
+EC_R_BAD_SIGNATURE:156:bad signature
+EC_R_BIGNUM_OUT_OF_RANGE:144:bignum out of range
+EC_R_BUFFER_TOO_SMALL:100:buffer too small
+EC_R_COORDINATES_OUT_OF_RANGE:146:coordinates out of range
+EC_R_CURVE_DOES_NOT_SUPPORT_ECDH:160:curve does not support ecdh
+EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING:159:curve does not support signing
+EC_R_D2I_ECPKPARAMETERS_FAILURE:117:d2i ecpkparameters failure
+EC_R_DECODE_ERROR:142:decode error
+EC_R_DISCRIMINANT_IS_ZERO:118:discriminant is zero
+EC_R_EC_GROUP_NEW_BY_NAME_FAILURE:119:ec group new by name failure
+EC_R_FIELD_TOO_LARGE:143:field too large
+EC_R_GF2M_NOT_SUPPORTED:147:gf2m not supported
+EC_R_GROUP2PKPARAMETERS_FAILURE:120:group2pkparameters failure
+EC_R_I2D_ECPKPARAMETERS_FAILURE:121:i2d ecpkparameters failure
+EC_R_INCOMPATIBLE_OBJECTS:101:incompatible objects
+EC_R_INVALID_ARGUMENT:112:invalid argument
+EC_R_INVALID_COMPRESSED_POINT:110:invalid compressed point
+EC_R_INVALID_COMPRESSION_BIT:109:invalid compression bit
+EC_R_INVALID_CURVE:141:invalid curve
+EC_R_INVALID_DIGEST:151:invalid digest
+EC_R_INVALID_DIGEST_TYPE:138:invalid digest type
+EC_R_INVALID_ENCODING:102:invalid encoding
+EC_R_INVALID_FIELD:103:invalid field
+EC_R_INVALID_FORM:104:invalid form
+EC_R_INVALID_GROUP_ORDER:122:invalid group order
+EC_R_INVALID_KEY:116:invalid key
+EC_R_INVALID_OUTPUT_LENGTH:161:invalid output length
+EC_R_INVALID_PEER_KEY:133:invalid peer key
+EC_R_INVALID_PENTANOMIAL_BASIS:132:invalid pentanomial basis
+EC_R_INVALID_PRIVATE_KEY:123:invalid private key
+EC_R_INVALID_TRINOMIAL_BASIS:137:invalid trinomial basis
+EC_R_KDF_PARAMETER_ERROR:148:kdf parameter error
+EC_R_KEYS_NOT_SET:140:keys not set
+EC_R_LADDER_POST_FAILURE:136:ladder post failure
+EC_R_LADDER_PRE_FAILURE:153:ladder pre failure
+EC_R_LADDER_STEP_FAILURE:162:ladder step failure
+EC_R_MISSING_PARAMETERS:124:missing parameters
+EC_R_MISSING_PRIVATE_KEY:125:missing private key
+EC_R_NEED_NEW_SETUP_VALUES:157:need new setup values
+EC_R_NOT_A_NIST_PRIME:135:not a NIST prime
+EC_R_NOT_IMPLEMENTED:126:not implemented
+EC_R_NOT_INITIALIZED:111:not initialized
+EC_R_NO_PARAMETERS_SET:139:no parameters set
+EC_R_NO_PRIVATE_VALUE:154:no private value
+EC_R_OPERATION_NOT_SUPPORTED:152:operation not supported
+EC_R_PASSED_NULL_PARAMETER:134:passed null parameter
+EC_R_PEER_KEY_ERROR:149:peer key error
+EC_R_PKPARAMETERS2GROUP_FAILURE:127:pkparameters2group failure
+EC_R_POINT_ARITHMETIC_FAILURE:155:point arithmetic failure
+EC_R_POINT_AT_INFINITY:106:point at infinity
+EC_R_POINT_COORDINATES_BLIND_FAILURE:163:point coordinates blind failure
+EC_R_POINT_IS_NOT_ON_CURVE:107:point is not on curve
+EC_R_RANDOM_NUMBER_GENERATION_FAILED:158:random number generation failed
+EC_R_SHARED_INFO_ERROR:150:shared info error
+EC_R_SLOT_FULL:108:slot full
+EC_R_UNDEFINED_GENERATOR:113:undefined generator
+EC_R_UNDEFINED_ORDER:128:undefined order
+EC_R_UNKNOWN_COFACTOR:164:unknown cofactor
+EC_R_UNKNOWN_GROUP:129:unknown group
+EC_R_UNKNOWN_ORDER:114:unknown order
+EC_R_UNSUPPORTED_FIELD:131:unsupported field
+EC_R_WRONG_CURVE_PARAMETERS:145:wrong curve parameters
+EC_R_WRONG_ORDER:130:wrong order
+ENGINE_R_ALREADY_LOADED:100:already loaded
+ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER:133:argument is not a number
+ENGINE_R_CMD_NOT_EXECUTABLE:134:cmd not executable
+ENGINE_R_COMMAND_TAKES_INPUT:135:command takes input
+ENGINE_R_COMMAND_TAKES_NO_INPUT:136:command takes no input
+ENGINE_R_CONFLICTING_ENGINE_ID:103:conflicting engine id
+ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED:119:ctrl command not implemented
+ENGINE_R_DSO_FAILURE:104:DSO failure
+ENGINE_R_DSO_NOT_FOUND:132:dso not found
+ENGINE_R_ENGINES_SECTION_ERROR:148:engines section error
+ENGINE_R_ENGINE_CONFIGURATION_ERROR:102:engine configuration error
+ENGINE_R_ENGINE_IS_NOT_IN_LIST:105:engine is not in the list
+ENGINE_R_ENGINE_SECTION_ERROR:149:engine section error
+ENGINE_R_FAILED_LOADING_PRIVATE_KEY:128:failed loading private key
+ENGINE_R_FAILED_LOADING_PUBLIC_KEY:129:failed loading public key
+ENGINE_R_FINISH_FAILED:106:finish failed
+ENGINE_R_ID_OR_NAME_MISSING:108:'id' or 'name' missing
+ENGINE_R_INIT_FAILED:109:init failed
+ENGINE_R_INTERNAL_LIST_ERROR:110:internal list error
+ENGINE_R_INVALID_ARGUMENT:143:invalid argument
+ENGINE_R_INVALID_CMD_NAME:137:invalid cmd name
+ENGINE_R_INVALID_CMD_NUMBER:138:invalid cmd number
+ENGINE_R_INVALID_INIT_VALUE:151:invalid init value
+ENGINE_R_INVALID_STRING:150:invalid string
+ENGINE_R_NOT_INITIALISED:117:not initialised
+ENGINE_R_NOT_LOADED:112:not loaded
+ENGINE_R_NO_CONTROL_FUNCTION:120:no control function
+ENGINE_R_NO_INDEX:144:no index
+ENGINE_R_NO_LOAD_FUNCTION:125:no load function
+ENGINE_R_NO_REFERENCE:130:no reference
+ENGINE_R_NO_SUCH_ENGINE:116:no such engine
+ENGINE_R_UNIMPLEMENTED_CIPHER:146:unimplemented cipher
+ENGINE_R_UNIMPLEMENTED_DIGEST:147:unimplemented digest
+ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD:101:unimplemented public key method
+ENGINE_R_VERSION_INCOMPATIBILITY:145:version incompatibility
+EVP_R_AES_KEY_SETUP_FAILED:143:aes key setup failed
+EVP_R_ARIA_KEY_SETUP_FAILED:176:aria key setup failed
+EVP_R_BAD_DECRYPT:100:bad decrypt
+EVP_R_BUFFER_TOO_SMALL:155:buffer too small
+EVP_R_CAMELLIA_KEY_SETUP_FAILED:157:camellia key setup failed
+EVP_R_CIPHER_PARAMETER_ERROR:122:cipher parameter error
+EVP_R_COMMAND_NOT_SUPPORTED:147:command not supported
+EVP_R_COPY_ERROR:173:copy error
+EVP_R_CTRL_NOT_IMPLEMENTED:132:ctrl not implemented
+EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED:133:ctrl operation not implemented
+EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH:138:data not multiple of block length
+EVP_R_DECODE_ERROR:114:decode error
+EVP_R_DIFFERENT_KEY_TYPES:101:different key types
+EVP_R_DIFFERENT_PARAMETERS:153:different parameters
+EVP_R_ERROR_LOADING_SECTION:165:error loading section
+EVP_R_ERROR_SETTING_FIPS_MODE:166:error setting fips mode
+EVP_R_EXPECTING_AN_HMAC_KEY:174:expecting an hmac key
+EVP_R_EXPECTING_AN_RSA_KEY:127:expecting an rsa key
+EVP_R_EXPECTING_A_DH_KEY:128:expecting a dh key
+EVP_R_EXPECTING_A_DSA_KEY:129:expecting a dsa key
+EVP_R_EXPECTING_A_EC_KEY:142:expecting a ec key
+EVP_R_EXPECTING_A_POLY1305_KEY:164:expecting a poly1305 key
+EVP_R_EXPECTING_A_SIPHASH_KEY:175:expecting a siphash key
+EVP_R_FIPS_MODE_NOT_SUPPORTED:167:fips mode not supported
+EVP_R_GET_RAW_KEY_FAILED:182:get raw key failed
+EVP_R_ILLEGAL_SCRYPT_PARAMETERS:171:illegal scrypt parameters
+EVP_R_INITIALIZATION_ERROR:134:initialization error
+EVP_R_INPUT_NOT_INITIALIZED:111:input not initialized
+EVP_R_INVALID_DIGEST:152:invalid digest
+EVP_R_INVALID_FIPS_MODE:168:invalid fips mode
+EVP_R_INVALID_KEY:163:invalid key
+EVP_R_INVALID_KEY_LENGTH:130:invalid key length
+EVP_R_INVALID_OPERATION:148:invalid operation
+EVP_R_KEYGEN_FAILURE:120:keygen failure
+EVP_R_KEY_SETUP_FAILED:180:key setup failed
+EVP_R_MEMORY_LIMIT_EXCEEDED:172:memory limit exceeded
+EVP_R_MESSAGE_DIGEST_IS_NULL:159:message digest is null
+EVP_R_METHOD_NOT_SUPPORTED:144:method not supported
+EVP_R_MISSING_PARAMETERS:103:missing parameters
+EVP_R_NOT_XOF_OR_INVALID_LENGTH:178:not XOF or invalid length
+EVP_R_NO_CIPHER_SET:131:no cipher set
+EVP_R_NO_DEFAULT_DIGEST:158:no default digest
+EVP_R_NO_DIGEST_SET:139:no digest set
+EVP_R_NO_KEY_SET:154:no key set
+EVP_R_NO_OPERATION_SET:149:no operation set
+EVP_R_ONLY_ONESHOT_SUPPORTED:177:only oneshot supported
+EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:150:\
+	operation not supported for this keytype
+EVP_R_OPERATON_NOT_INITIALIZED:151:operaton not initialized
+EVP_R_PARTIALLY_OVERLAPPING:162:partially overlapping buffers
+EVP_R_PBKDF2_ERROR:181:pbkdf2 error
+EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED:179:\
+	pkey application asn1 method already registered
+EVP_R_PRIVATE_KEY_DECODE_ERROR:145:private key decode error
+EVP_R_PRIVATE_KEY_ENCODE_ERROR:146:private key encode error
+EVP_R_PUBLIC_KEY_NOT_RSA:106:public key not rsa
+EVP_R_UNKNOWN_CIPHER:160:unknown cipher
+EVP_R_UNKNOWN_DIGEST:161:unknown digest
+EVP_R_UNKNOWN_OPTION:169:unknown option
+EVP_R_UNKNOWN_PBE_ALGORITHM:121:unknown pbe algorithm
+EVP_R_UNSUPPORTED_ALGORITHM:156:unsupported algorithm
+EVP_R_UNSUPPORTED_CIPHER:107:unsupported cipher
+EVP_R_UNSUPPORTED_KEYLENGTH:123:unsupported keylength
+EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION:124:\
+	unsupported key derivation function
+EVP_R_UNSUPPORTED_KEY_SIZE:108:unsupported key size
+EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS:135:unsupported number of rounds
+EVP_R_UNSUPPORTED_PRF:125:unsupported prf
+EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM:118:unsupported private key algorithm
+EVP_R_UNSUPPORTED_SALT_TYPE:126:unsupported salt type
+EVP_R_WRAP_MODE_NOT_ALLOWED:170:wrap mode not allowed
+EVP_R_WRONG_FINAL_BLOCK_LENGTH:109:wrong final block length
+KDF_R_INVALID_DIGEST:100:invalid digest
+KDF_R_MISSING_ITERATION_COUNT:109:missing iteration count
+KDF_R_MISSING_KEY:104:missing key
+KDF_R_MISSING_MESSAGE_DIGEST:105:missing message digest
+KDF_R_MISSING_PARAMETER:101:missing parameter
+KDF_R_MISSING_PASS:110:missing pass
+KDF_R_MISSING_SALT:111:missing salt
+KDF_R_MISSING_SECRET:107:missing secret
+KDF_R_MISSING_SEED:106:missing seed
+KDF_R_UNKNOWN_PARAMETER_TYPE:103:unknown parameter type
+KDF_R_VALUE_ERROR:108:value error
+KDF_R_VALUE_MISSING:102:value missing
+OBJ_R_OID_EXISTS:102:oid exists
+OBJ_R_UNKNOWN_NID:101:unknown nid
+OCSP_R_CERTIFICATE_VERIFY_ERROR:101:certificate verify error
+OCSP_R_DIGEST_ERR:102:digest err
+OCSP_R_ERROR_IN_NEXTUPDATE_FIELD:122:error in nextupdate field
+OCSP_R_ERROR_IN_THISUPDATE_FIELD:123:error in thisupdate field
+OCSP_R_ERROR_PARSING_URL:121:error parsing url
+OCSP_R_MISSING_OCSPSIGNING_USAGE:103:missing ocspsigning usage
+OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE:124:nextupdate before thisupdate
+OCSP_R_NOT_BASIC_RESPONSE:104:not basic response
+OCSP_R_NO_CERTIFICATES_IN_CHAIN:105:no certificates in chain
+OCSP_R_NO_RESPONSE_DATA:108:no response data
+OCSP_R_NO_REVOKED_TIME:109:no revoked time
+OCSP_R_NO_SIGNER_KEY:130:no signer key
+OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE:110:\
+	private key does not match certificate
+OCSP_R_REQUEST_NOT_SIGNED:128:request not signed
+OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA:111:\
+	response contains no revocation data
+OCSP_R_ROOT_CA_NOT_TRUSTED:112:root ca not trusted
+OCSP_R_SERVER_RESPONSE_ERROR:114:server response error
+OCSP_R_SERVER_RESPONSE_PARSE_ERROR:115:server response parse error
+OCSP_R_SIGNATURE_FAILURE:117:signature failure
+OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND:118:signer certificate not found
+OCSP_R_STATUS_EXPIRED:125:status expired
+OCSP_R_STATUS_NOT_YET_VALID:126:status not yet valid
+OCSP_R_STATUS_TOO_OLD:127:status too old
+OCSP_R_UNKNOWN_MESSAGE_DIGEST:119:unknown message digest
+OCSP_R_UNKNOWN_NID:120:unknown nid
+OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE:129:unsupported requestorname type
+OSSL_STORE_R_AMBIGUOUS_CONTENT_TYPE:107:ambiguous content type
+OSSL_STORE_R_BAD_PASSWORD_READ:115:bad password read
+OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC:113:error verifying pkcs12 mac
+OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST:121:\
+	fingerprint size does not match digest
+OSSL_STORE_R_INVALID_SCHEME:106:invalid scheme
+OSSL_STORE_R_IS_NOT_A:112:is not a
+OSSL_STORE_R_LOADER_INCOMPLETE:116:loader incomplete
+OSSL_STORE_R_LOADING_STARTED:117:loading started
+OSSL_STORE_R_NOT_A_CERTIFICATE:100:not a certificate
+OSSL_STORE_R_NOT_A_CRL:101:not a crl
+OSSL_STORE_R_NOT_A_KEY:102:not a key
+OSSL_STORE_R_NOT_A_NAME:103:not a name
+OSSL_STORE_R_NOT_PARAMETERS:104:not parameters
+OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR:114:passphrase callback error
+OSSL_STORE_R_PATH_MUST_BE_ABSOLUTE:108:path must be absolute
+OSSL_STORE_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES:119:\
+	search only supported for directories
+OSSL_STORE_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED:109:\
+	ui process interrupted or cancelled
+OSSL_STORE_R_UNREGISTERED_SCHEME:105:unregistered scheme
+OSSL_STORE_R_UNSUPPORTED_CONTENT_TYPE:110:unsupported content type
+OSSL_STORE_R_UNSUPPORTED_OPERATION:118:unsupported operation
+OSSL_STORE_R_UNSUPPORTED_SEARCH_TYPE:120:unsupported search type
+OSSL_STORE_R_URI_AUTHORITY_UNSUPPORTED:111:uri authority unsupported
+PEM_R_BAD_BASE64_DECODE:100:bad base64 decode
+PEM_R_BAD_DECRYPT:101:bad decrypt
+PEM_R_BAD_END_LINE:102:bad end line
+PEM_R_BAD_IV_CHARS:103:bad iv chars
+PEM_R_BAD_MAGIC_NUMBER:116:bad magic number
+PEM_R_BAD_PASSWORD_READ:104:bad password read
+PEM_R_BAD_VERSION_NUMBER:117:bad version number
+PEM_R_BIO_WRITE_FAILURE:118:bio write failure
+PEM_R_CIPHER_IS_NULL:127:cipher is null
+PEM_R_ERROR_CONVERTING_PRIVATE_KEY:115:error converting private key
+PEM_R_EXPECTING_PRIVATE_KEY_BLOB:119:expecting private key blob
+PEM_R_EXPECTING_PUBLIC_KEY_BLOB:120:expecting public key blob
+PEM_R_HEADER_TOO_LONG:128:header too long
+PEM_R_INCONSISTENT_HEADER:121:inconsistent header
+PEM_R_KEYBLOB_HEADER_PARSE_ERROR:122:keyblob header parse error
+PEM_R_KEYBLOB_TOO_SHORT:123:keyblob too short
+PEM_R_MISSING_DEK_IV:129:missing dek iv
+PEM_R_NOT_DEK_INFO:105:not dek info
+PEM_R_NOT_ENCRYPTED:106:not encrypted
+PEM_R_NOT_PROC_TYPE:107:not proc type
+PEM_R_NO_START_LINE:108:no start line
+PEM_R_PROBLEMS_GETTING_PASSWORD:109:problems getting password
+PEM_R_PVK_DATA_TOO_SHORT:124:pvk data too short
+PEM_R_PVK_TOO_SHORT:125:pvk too short
+PEM_R_READ_KEY:111:read key
+PEM_R_SHORT_HEADER:112:short header
+PEM_R_UNEXPECTED_DEK_IV:130:unexpected dek iv
+PEM_R_UNSUPPORTED_CIPHER:113:unsupported cipher
+PEM_R_UNSUPPORTED_ENCRYPTION:114:unsupported encryption
+PEM_R_UNSUPPORTED_KEY_COMPONENTS:126:unsupported key components
+PKCS12_R_CANT_PACK_STRUCTURE:100:cant pack structure
+PKCS12_R_CONTENT_TYPE_NOT_DATA:121:content type not data
+PKCS12_R_DECODE_ERROR:101:decode error
+PKCS12_R_ENCODE_ERROR:102:encode error
+PKCS12_R_ENCRYPT_ERROR:103:encrypt error
+PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE:120:error setting encrypted data type
+PKCS12_R_INVALID_NULL_ARGUMENT:104:invalid null argument
+PKCS12_R_INVALID_NULL_PKCS12_POINTER:105:invalid null pkcs12 pointer
+PKCS12_R_IV_GEN_ERROR:106:iv gen error
+PKCS12_R_KEY_GEN_ERROR:107:key gen error
+PKCS12_R_MAC_ABSENT:108:mac absent
+PKCS12_R_MAC_GENERATION_ERROR:109:mac generation error
+PKCS12_R_MAC_SETUP_ERROR:110:mac setup error
+PKCS12_R_MAC_STRING_SET_ERROR:111:mac string set error
+PKCS12_R_MAC_VERIFY_FAILURE:113:mac verify failure
+PKCS12_R_PARSE_ERROR:114:parse error
+PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR:115:pkcs12 algor cipherinit error
+PKCS12_R_PKCS12_CIPHERFINAL_ERROR:116:pkcs12 cipherfinal error
+PKCS12_R_PKCS12_PBE_CRYPT_ERROR:117:pkcs12 pbe crypt error
+PKCS12_R_UNKNOWN_DIGEST_ALGORITHM:118:unknown digest algorithm
+PKCS12_R_UNSUPPORTED_PKCS12_MODE:119:unsupported pkcs12 mode
+PKCS7_R_CERTIFICATE_VERIFY_ERROR:117:certificate verify error
+PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER:144:cipher has no object identifier
+PKCS7_R_CIPHER_NOT_INITIALIZED:116:cipher not initialized
+PKCS7_R_CONTENT_AND_DATA_PRESENT:118:content and data present
+PKCS7_R_CTRL_ERROR:152:ctrl error
+PKCS7_R_DECRYPT_ERROR:119:decrypt error
+PKCS7_R_DIGEST_FAILURE:101:digest failure
+PKCS7_R_ENCRYPTION_CTRL_FAILURE:149:encryption ctrl failure
+PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE:150:\
+	encryption not supported for this key type
+PKCS7_R_ERROR_ADDING_RECIPIENT:120:error adding recipient
+PKCS7_R_ERROR_SETTING_CIPHER:121:error setting cipher
+PKCS7_R_INVALID_NULL_POINTER:143:invalid null pointer
+PKCS7_R_INVALID_SIGNED_DATA_TYPE:155:invalid signed data type
+PKCS7_R_NO_CONTENT:122:no content
+PKCS7_R_NO_DEFAULT_DIGEST:151:no default digest
+PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND:154:no matching digest type found
+PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE:115:no recipient matches certificate
+PKCS7_R_NO_SIGNATURES_ON_DATA:123:no signatures on data
+PKCS7_R_NO_SIGNERS:142:no signers
+PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE:104:\
+	operation not supported on this type
+PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR:124:pkcs7 add signature error
+PKCS7_R_PKCS7_ADD_SIGNER_ERROR:153:pkcs7 add signer error
+PKCS7_R_PKCS7_DATASIGN:145:pkcs7 datasign
+PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE:127:\
+	private key does not match certificate
+PKCS7_R_SIGNATURE_FAILURE:105:signature failure
+PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND:128:signer certificate not found
+PKCS7_R_SIGNING_CTRL_FAILURE:147:signing ctrl failure
+PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE:148:\
+	signing not supported for this key type
+PKCS7_R_SMIME_TEXT_ERROR:129:smime text error
+PKCS7_R_UNABLE_TO_FIND_CERTIFICATE:106:unable to find certificate
+PKCS7_R_UNABLE_TO_FIND_MEM_BIO:107:unable to find mem bio
+PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST:108:unable to find message digest
+PKCS7_R_UNKNOWN_DIGEST_TYPE:109:unknown digest type
+PKCS7_R_UNKNOWN_OPERATION:110:unknown operation
+PKCS7_R_UNSUPPORTED_CIPHER_TYPE:111:unsupported cipher type
+PKCS7_R_UNSUPPORTED_CONTENT_TYPE:112:unsupported content type
+PKCS7_R_WRONG_CONTENT_TYPE:113:wrong content type
+PKCS7_R_WRONG_PKCS7_TYPE:114:wrong pkcs7 type
+RAND_R_ADDITIONAL_INPUT_TOO_LONG:102:additional input too long
+RAND_R_ALREADY_INSTANTIATED:103:already instantiated
+RAND_R_ARGUMENT_OUT_OF_RANGE:105:argument out of range
+RAND_R_CANNOT_OPEN_FILE:121:Cannot open file
+RAND_R_DRBG_ALREADY_INITIALIZED:129:drbg already initialized
+RAND_R_DRBG_NOT_INITIALISED:104:drbg not initialised
+RAND_R_ENTROPY_INPUT_TOO_LONG:106:entropy input too long
+RAND_R_ENTROPY_OUT_OF_RANGE:124:entropy out of range
+RAND_R_ERROR_ENTROPY_POOL_WAS_IGNORED:127:error entropy pool was ignored
+RAND_R_ERROR_INITIALISING_DRBG:107:error initialising drbg
+RAND_R_ERROR_INSTANTIATING_DRBG:108:error instantiating drbg
+RAND_R_ERROR_RETRIEVING_ADDITIONAL_INPUT:109:error retrieving additional input
+RAND_R_ERROR_RETRIEVING_ENTROPY:110:error retrieving entropy
+RAND_R_ERROR_RETRIEVING_NONCE:111:error retrieving nonce
+RAND_R_FAILED_TO_CREATE_LOCK:126:failed to create lock
+RAND_R_FUNC_NOT_IMPLEMENTED:101:Function not implemented
+RAND_R_FWRITE_ERROR:123:Error writing file
+RAND_R_GENERATE_ERROR:112:generate error
+RAND_R_INTERNAL_ERROR:113:internal error
+RAND_R_IN_ERROR_STATE:114:in error state
+RAND_R_NOT_A_REGULAR_FILE:122:Not a regular file
+RAND_R_NOT_INSTANTIATED:115:not instantiated
+RAND_R_NO_DRBG_IMPLEMENTATION_SELECTED:128:no drbg implementation selected
+RAND_R_PARENT_LOCKING_NOT_ENABLED:130:parent locking not enabled
+RAND_R_PARENT_STRENGTH_TOO_WEAK:131:parent strength too weak
+RAND_R_PERSONALISATION_STRING_TOO_LONG:116:personalisation string too long
+RAND_R_PREDICTION_RESISTANCE_NOT_SUPPORTED:133:\
+	prediction resistance not supported
+RAND_R_PRNG_NOT_SEEDED:100:PRNG not seeded
+RAND_R_RANDOM_POOL_OVERFLOW:125:random pool overflow
+RAND_R_RANDOM_POOL_UNDERFLOW:134:random pool underflow
+RAND_R_REQUEST_TOO_LARGE_FOR_DRBG:117:request too large for drbg
+RAND_R_RESEED_ERROR:118:reseed error
+RAND_R_SELFTEST_FAILURE:119:selftest failure
+RAND_R_TOO_LITTLE_NONCE_REQUESTED:135:too little nonce requested
+RAND_R_TOO_MUCH_NONCE_REQUESTED:136:too much nonce requested
+RAND_R_UNSUPPORTED_DRBG_FLAGS:132:unsupported drbg flags
+RAND_R_UNSUPPORTED_DRBG_TYPE:120:unsupported drbg type
+RSA_R_ALGORITHM_MISMATCH:100:algorithm mismatch
+RSA_R_BAD_E_VALUE:101:bad e value
+RSA_R_BAD_FIXED_HEADER_DECRYPT:102:bad fixed header decrypt
+RSA_R_BAD_PAD_BYTE_COUNT:103:bad pad byte count
+RSA_R_BAD_SIGNATURE:104:bad signature
+RSA_R_BLOCK_TYPE_IS_NOT_01:106:block type is not 01
+RSA_R_BLOCK_TYPE_IS_NOT_02:107:block type is not 02
+RSA_R_DATA_GREATER_THAN_MOD_LEN:108:data greater than mod len
+RSA_R_DATA_TOO_LARGE:109:data too large
+RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE:110:data too large for key size
+RSA_R_DATA_TOO_LARGE_FOR_MODULUS:132:data too large for modulus
+RSA_R_DATA_TOO_SMALL:111:data too small
+RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE:122:data too small for key size
+RSA_R_DIGEST_DOES_NOT_MATCH:158:digest does not match
+RSA_R_DIGEST_NOT_ALLOWED:145:digest not allowed
+RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY:112:digest too big for rsa key
+RSA_R_DMP1_NOT_CONGRUENT_TO_D:124:dmp1 not congruent to d
+RSA_R_DMQ1_NOT_CONGRUENT_TO_D:125:dmq1 not congruent to d
+RSA_R_D_E_NOT_CONGRUENT_TO_1:123:d e not congruent to 1
+RSA_R_FIRST_OCTET_INVALID:133:first octet invalid
+RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE:144:\
+	illegal or unsupported padding mode
+RSA_R_INVALID_DIGEST:157:invalid digest
+RSA_R_INVALID_DIGEST_LENGTH:143:invalid digest length
+RSA_R_INVALID_HEADER:137:invalid header
+RSA_R_INVALID_LABEL:160:invalid label
+RSA_R_INVALID_MESSAGE_LENGTH:131:invalid message length
+RSA_R_INVALID_MGF1_MD:156:invalid mgf1 md
+RSA_R_INVALID_MULTI_PRIME_KEY:167:invalid multi prime key
+RSA_R_INVALID_OAEP_PARAMETERS:161:invalid oaep parameters
+RSA_R_INVALID_PADDING:138:invalid padding
+RSA_R_INVALID_PADDING_MODE:141:invalid padding mode
+RSA_R_INVALID_PSS_PARAMETERS:149:invalid pss parameters
+RSA_R_INVALID_PSS_SALTLEN:146:invalid pss saltlen
+RSA_R_INVALID_SALT_LENGTH:150:invalid salt length
+RSA_R_INVALID_TRAILER:139:invalid trailer
+RSA_R_INVALID_X931_DIGEST:142:invalid x931 digest
+RSA_R_IQMP_NOT_INVERSE_OF_Q:126:iqmp not inverse of q
+RSA_R_KEY_PRIME_NUM_INVALID:165:key prime num invalid
+RSA_R_KEY_SIZE_TOO_SMALL:120:key size too small
+RSA_R_LAST_OCTET_INVALID:134:last octet invalid
+RSA_R_MGF1_DIGEST_NOT_ALLOWED:152:mgf1 digest not allowed
+RSA_R_MODULUS_TOO_LARGE:105:modulus too large
+RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R:168:mp coefficient not inverse of r
+RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D:169:mp exponent not congruent to d
+RSA_R_MP_R_NOT_PRIME:170:mp r not prime
+RSA_R_NO_PUBLIC_EXPONENT:140:no public exponent
+RSA_R_NULL_BEFORE_BLOCK_MISSING:113:null before block missing
+RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES:172:n does not equal product of primes
+RSA_R_N_DOES_NOT_EQUAL_P_Q:127:n does not equal p q
+RSA_R_OAEP_DECODING_ERROR:121:oaep decoding error
+RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:148:\
+	operation not supported for this keytype
+RSA_R_PADDING_CHECK_FAILED:114:padding check failed
+RSA_R_PKCS_DECODING_ERROR:159:pkcs decoding error
+RSA_R_PSS_SALTLEN_TOO_SMALL:164:pss saltlen too small
+RSA_R_P_NOT_PRIME:128:p not prime
+RSA_R_Q_NOT_PRIME:129:q not prime
+RSA_R_RSA_OPERATIONS_NOT_SUPPORTED:130:rsa operations not supported
+RSA_R_SLEN_CHECK_FAILED:136:salt length check failed
+RSA_R_SLEN_RECOVERY_FAILED:135:salt length recovery failed
+RSA_R_SSLV3_ROLLBACK_ATTACK:115:sslv3 rollback attack
+RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD:116:\
+	the asn1 object identifier is not known for this md
+RSA_R_UNKNOWN_ALGORITHM_TYPE:117:unknown algorithm type
+RSA_R_UNKNOWN_DIGEST:166:unknown digest
+RSA_R_UNKNOWN_MASK_DIGEST:151:unknown mask digest
+RSA_R_UNKNOWN_PADDING_TYPE:118:unknown padding type
+RSA_R_UNSUPPORTED_ENCRYPTION_TYPE:162:unsupported encryption type
+RSA_R_UNSUPPORTED_LABEL_SOURCE:163:unsupported label source
+RSA_R_UNSUPPORTED_MASK_ALGORITHM:153:unsupported mask algorithm
+RSA_R_UNSUPPORTED_MASK_PARAMETER:154:unsupported mask parameter
+RSA_R_UNSUPPORTED_SIGNATURE_TYPE:155:unsupported signature type
+RSA_R_VALUE_MISSING:147:value missing
+RSA_R_WRONG_SIGNATURE_LENGTH:119:wrong signature length
+SM2_R_ASN1_ERROR:100:asn1 error
+SM2_R_BAD_SIGNATURE:101:bad signature
+SM2_R_BUFFER_TOO_SMALL:107:buffer too small
+SM2_R_DIST_ID_TOO_LARGE:110:dist id too large
+SM2_R_ID_NOT_SET:112:id not set
+SM2_R_ID_TOO_LARGE:111:id too large
+SM2_R_INVALID_CURVE:108:invalid curve
+SM2_R_INVALID_DIGEST:102:invalid digest
+SM2_R_INVALID_DIGEST_TYPE:103:invalid digest type
+SM2_R_INVALID_ENCODING:104:invalid encoding
+SM2_R_INVALID_FIELD:105:invalid field
+SM2_R_NO_PARAMETERS_SET:109:no parameters set
+SM2_R_USER_ID_TOO_LARGE:106:user id too large
+SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY:291:\
+	application data after close notify
+SSL_R_APP_DATA_IN_HANDSHAKE:100:app data in handshake
+SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT:272:\
+	attempt to reuse session in different context
+SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE:143:\
+	at least TLS 1.0 needed in FIPS mode
+SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE:158:\
+	at least (D)TLS 1.2 needed in Suite B mode
+SSL_R_BAD_CHANGE_CIPHER_SPEC:103:bad change cipher spec
+SSL_R_BAD_CIPHER:186:bad cipher
+SSL_R_BAD_DATA:390:bad data
+SSL_R_BAD_DATA_RETURNED_BY_CALLBACK:106:bad data returned by callback
+SSL_R_BAD_DECOMPRESSION:107:bad decompression
+SSL_R_BAD_DH_VALUE:102:bad dh value
+SSL_R_BAD_DIGEST_LENGTH:111:bad digest length
+SSL_R_BAD_EARLY_DATA:233:bad early data
+SSL_R_BAD_ECC_CERT:304:bad ecc cert
+SSL_R_BAD_ECPOINT:306:bad ecpoint
+SSL_R_BAD_EXTENSION:110:bad extension
+SSL_R_BAD_HANDSHAKE_LENGTH:332:bad handshake length
+SSL_R_BAD_HANDSHAKE_STATE:236:bad handshake state
+SSL_R_BAD_HELLO_REQUEST:105:bad hello request
+SSL_R_BAD_HRR_VERSION:263:bad hrr version
+SSL_R_BAD_KEY_SHARE:108:bad key share
+SSL_R_BAD_KEY_UPDATE:122:bad key update
+SSL_R_BAD_LEGACY_VERSION:292:bad legacy version
+SSL_R_BAD_LENGTH:271:bad length
+SSL_R_BAD_PACKET:240:bad packet
+SSL_R_BAD_PACKET_LENGTH:115:bad packet length
+SSL_R_BAD_PROTOCOL_VERSION_NUMBER:116:bad protocol version number
+SSL_R_BAD_PSK:219:bad psk
+SSL_R_BAD_PSK_IDENTITY:114:bad psk identity
+SSL_R_BAD_RECORD_TYPE:443:bad record type
+SSL_R_BAD_RSA_ENCRYPT:119:bad rsa encrypt
+SSL_R_BAD_SIGNATURE:123:bad signature
+SSL_R_BAD_SRP_A_LENGTH:347:bad srp a length
+SSL_R_BAD_SRP_PARAMETERS:371:bad srp parameters
+SSL_R_BAD_SRTP_MKI_VALUE:352:bad srtp mki value
+SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST:353:bad srtp protection profile list
+SSL_R_BAD_SSL_FILETYPE:124:bad ssl filetype
+SSL_R_BAD_VALUE:384:bad value
+SSL_R_BAD_WRITE_RETRY:127:bad write retry
+SSL_R_BINDER_DOES_NOT_VERIFY:253:binder does not verify
+SSL_R_BIO_NOT_SET:128:bio not set
+SSL_R_BLOCK_CIPHER_PAD_IS_WRONG:129:block cipher pad is wrong
+SSL_R_BN_LIB:130:bn lib
+SSL_R_CALLBACK_FAILED:234:callback failed
+SSL_R_CANNOT_CHANGE_CIPHER:109:cannot change cipher
+SSL_R_CA_DN_LENGTH_MISMATCH:131:ca dn length mismatch
+SSL_R_CA_KEY_TOO_SMALL:397:ca key too small
+SSL_R_CA_MD_TOO_WEAK:398:ca md too weak
+SSL_R_CCS_RECEIVED_EARLY:133:ccs received early
+SSL_R_CERTIFICATE_VERIFY_FAILED:134:certificate verify failed
+SSL_R_CERT_CB_ERROR:377:cert cb error
+SSL_R_CERT_LENGTH_MISMATCH:135:cert length mismatch
+SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED:218:ciphersuite digest has changed
+SSL_R_CIPHER_CODE_WRONG_LENGTH:137:cipher code wrong length
+SSL_R_CIPHER_OR_HASH_UNAVAILABLE:138:cipher or hash unavailable
+SSL_R_CLIENTHELLO_TLSEXT:226:clienthello tlsext
+SSL_R_COMPRESSED_LENGTH_TOO_LONG:140:compressed length too long
+SSL_R_COMPRESSION_DISABLED:343:compression disabled
+SSL_R_COMPRESSION_FAILURE:141:compression failure
+SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE:307:\
+	compression id not within private range
+SSL_R_COMPRESSION_LIBRARY_ERROR:142:compression library error
+SSL_R_CONNECTION_TYPE_NOT_SET:144:connection type not set
+SSL_R_CONTEXT_NOT_DANE_ENABLED:167:context not dane enabled
+SSL_R_COOKIE_GEN_CALLBACK_FAILURE:400:cookie gen callback failure
+SSL_R_COOKIE_MISMATCH:308:cookie mismatch
+SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED:206:\
+	custom ext handler already installed
+SSL_R_DANE_ALREADY_ENABLED:172:dane already enabled
+SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL:173:dane cannot override mtype full
+SSL_R_DANE_NOT_ENABLED:175:dane not enabled
+SSL_R_DANE_TLSA_BAD_CERTIFICATE:180:dane tlsa bad certificate
+SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE:184:dane tlsa bad certificate usage
+SSL_R_DANE_TLSA_BAD_DATA_LENGTH:189:dane tlsa bad data length
+SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH:192:dane tlsa bad digest length
+SSL_R_DANE_TLSA_BAD_MATCHING_TYPE:200:dane tlsa bad matching type
+SSL_R_DANE_TLSA_BAD_PUBLIC_KEY:201:dane tlsa bad public key
+SSL_R_DANE_TLSA_BAD_SELECTOR:202:dane tlsa bad selector
+SSL_R_DANE_TLSA_NULL_DATA:203:dane tlsa null data
+SSL_R_DATA_BETWEEN_CCS_AND_FINISHED:145:data between ccs and finished
+SSL_R_DATA_LENGTH_TOO_LONG:146:data length too long
+SSL_R_DECRYPTION_FAILED:147:decryption failed
+SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC:281:\
+	decryption failed or bad record mac
+SSL_R_DH_KEY_TOO_SMALL:394:dh key too small
+SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG:148:dh public value length is wrong
+SSL_R_DIGEST_CHECK_FAILED:149:digest check failed
+SSL_R_DTLS_MESSAGE_TOO_BIG:334:dtls message too big
+SSL_R_DUPLICATE_COMPRESSION_ID:309:duplicate compression id
+SSL_R_ECC_CERT_NOT_FOR_SIGNING:318:ecc cert not for signing
+SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE:374:ecdh required for suiteb mode
+SSL_R_EE_KEY_TOO_SMALL:399:ee key too small
+SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST:354:empty srtp protection profile list
+SSL_R_ENCRYPTED_LENGTH_TOO_LONG:150:encrypted length too long
+SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST:151:error in received cipher list
+SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN:204:error setting tlsa base domain
+SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE:194:exceeds max fragment size
+SSL_R_EXCESSIVE_MESSAGE_SIZE:152:excessive message size
+SSL_R_EXTENSION_NOT_RECEIVED:279:extension not received
+SSL_R_EXTRA_DATA_IN_MESSAGE:153:extra data in message
+SSL_R_EXT_LENGTH_MISMATCH:163:ext length mismatch
+SSL_R_FAILED_TO_INIT_ASYNC:405:failed to init async
+SSL_R_FRAGMENTED_CLIENT_HELLO:401:fragmented client hello
+SSL_R_GOT_A_FIN_BEFORE_A_CCS:154:got a fin before a ccs
+SSL_R_HTTPS_PROXY_REQUEST:155:https proxy request
+SSL_R_HTTP_REQUEST:156:http request
+SSL_R_ILLEGAL_POINT_COMPRESSION:162:illegal point compression
+SSL_R_ILLEGAL_SUITEB_DIGEST:380:illegal Suite B digest
+SSL_R_INAPPROPRIATE_FALLBACK:373:inappropriate fallback
+SSL_R_INCONSISTENT_COMPRESSION:340:inconsistent compression
+SSL_R_INCONSISTENT_EARLY_DATA_ALPN:222:inconsistent early data alpn
+SSL_R_INCONSISTENT_EARLY_DATA_SNI:231:inconsistent early data sni
+SSL_R_INCONSISTENT_EXTMS:104:inconsistent extms
+SSL_R_INSUFFICIENT_SECURITY:241:insufficient security
+SSL_R_INVALID_ALERT:205:invalid alert
+SSL_R_INVALID_CCS_MESSAGE:260:invalid ccs message
+SSL_R_INVALID_CERTIFICATE_OR_ALG:238:invalid certificate or alg
+SSL_R_INVALID_COMMAND:280:invalid command
+SSL_R_INVALID_COMPRESSION_ALGORITHM:341:invalid compression algorithm
+SSL_R_INVALID_CONFIG:283:invalid config
+SSL_R_INVALID_CONFIGURATION_NAME:113:invalid configuration name
+SSL_R_INVALID_CONTEXT:282:invalid context
+SSL_R_INVALID_CT_VALIDATION_TYPE:212:invalid ct validation type
+SSL_R_INVALID_KEY_UPDATE_TYPE:120:invalid key update type
+SSL_R_INVALID_MAX_EARLY_DATA:174:invalid max early data
+SSL_R_INVALID_NULL_CMD_NAME:385:invalid null cmd name
+SSL_R_INVALID_SEQUENCE_NUMBER:402:invalid sequence number
+SSL_R_INVALID_SERVERINFO_DATA:388:invalid serverinfo data
+SSL_R_INVALID_SESSION_ID:999:invalid session id
+SSL_R_INVALID_SRP_USERNAME:357:invalid srp username
+SSL_R_INVALID_STATUS_RESPONSE:328:invalid status response
+SSL_R_INVALID_TICKET_KEYS_LENGTH:325:invalid ticket keys length
+SSL_R_LENGTH_MISMATCH:159:length mismatch
+SSL_R_LENGTH_TOO_LONG:404:length too long
+SSL_R_LENGTH_TOO_SHORT:160:length too short
+SSL_R_LIBRARY_BUG:274:library bug
+SSL_R_LIBRARY_HAS_NO_CIPHERS:161:library has no ciphers
+SSL_R_MISSING_DSA_SIGNING_CERT:165:missing dsa signing cert
+SSL_R_MISSING_ECDSA_SIGNING_CERT:381:missing ecdsa signing cert
+SSL_R_MISSING_FATAL:256:missing fatal
+SSL_R_MISSING_PARAMETERS:290:missing parameters
+SSL_R_MISSING_RSA_CERTIFICATE:168:missing rsa certificate
+SSL_R_MISSING_RSA_ENCRYPTING_CERT:169:missing rsa encrypting cert
+SSL_R_MISSING_RSA_SIGNING_CERT:170:missing rsa signing cert
+SSL_R_MISSING_SIGALGS_EXTENSION:112:missing sigalgs extension
+SSL_R_MISSING_SIGNING_CERT:221:missing signing cert
+SSL_R_MISSING_SRP_PARAM:358:can't find SRP server param
+SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION:209:missing supported groups extension
+SSL_R_MISSING_TMP_DH_KEY:171:missing tmp dh key
+SSL_R_MISSING_TMP_ECDH_KEY:311:missing tmp ecdh key
+SSL_R_NOT_ON_RECORD_BOUNDARY:182:not on record boundary
+SSL_R_NOT_REPLACING_CERTIFICATE:289:not replacing certificate
+SSL_R_NOT_SERVER:284:not server
+SSL_R_NO_APPLICATION_PROTOCOL:235:no application protocol
+SSL_R_NO_CERTIFICATES_RETURNED:176:no certificates returned
+SSL_R_NO_CERTIFICATE_ASSIGNED:177:no certificate assigned
+SSL_R_NO_CERTIFICATE_SET:179:no certificate set
+SSL_R_NO_CHANGE_FOLLOWING_HRR:214:no change following hrr
+SSL_R_NO_CIPHERS_AVAILABLE:181:no ciphers available
+SSL_R_NO_CIPHERS_SPECIFIED:183:no ciphers specified
+SSL_R_NO_CIPHER_MATCH:185:no cipher match
+SSL_R_NO_CLIENT_CERT_METHOD:331:no client cert method
+SSL_R_NO_COMPRESSION_SPECIFIED:187:no compression specified
+SSL_R_NO_COOKIE_CALLBACK_SET:287:no cookie callback set
+SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER:330:\
+	Peer haven't sent GOST certificate, required for selected ciphersuite
+SSL_R_NO_METHOD_SPECIFIED:188:no method specified
+SSL_R_NO_PEM_EXTENSIONS:389:no pem extensions
+SSL_R_NO_PRIVATE_KEY_ASSIGNED:190:no private key assigned
+SSL_R_NO_PROTOCOLS_AVAILABLE:191:no protocols available
+SSL_R_NO_RENEGOTIATION:339:no renegotiation
+SSL_R_NO_REQUIRED_DIGEST:324:no required digest
+SSL_R_NO_SHARED_CIPHER:193:no shared cipher
+SSL_R_NO_SHARED_GROUPS:410:no shared groups
+SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS:376:no shared signature algorithms
+SSL_R_NO_SRTP_PROFILES:359:no srtp profiles
+SSL_R_NO_SUITABLE_KEY_SHARE:101:no suitable key share
+SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM:118:no suitable signature algorithm
+SSL_R_NO_VALID_SCTS:216:no valid scts
+SSL_R_NO_VERIFY_COOKIE_CALLBACK:403:no verify cookie callback
+SSL_R_NULL_SSL_CTX:195:null ssl ctx
+SSL_R_NULL_SSL_METHOD_PASSED:196:null ssl method passed
+SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED:197:old session cipher not returned
+SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED:344:\
+	old session compression algorithm not returned
+SSL_R_OVERFLOW_ERROR:237:overflow error
+SSL_R_PACKET_LENGTH_TOO_LONG:198:packet length too long
+SSL_R_PARSE_TLSEXT:227:parse tlsext
+SSL_R_PATH_TOO_LONG:270:path too long
+SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE:199:peer did not return a certificate
+SSL_R_PEM_NAME_BAD_PREFIX:391:pem name bad prefix
+SSL_R_PEM_NAME_TOO_SHORT:392:pem name too short
+SSL_R_PIPELINE_FAILURE:406:pipeline failure
+SSL_R_POST_HANDSHAKE_AUTH_ENCODING_ERR:278:post handshake auth encoding err
+SSL_R_PRIVATE_KEY_MISMATCH:288:private key mismatch
+SSL_R_PROTOCOL_IS_SHUTDOWN:207:protocol is shutdown
+SSL_R_PSK_IDENTITY_NOT_FOUND:223:psk identity not found
+SSL_R_PSK_NO_CLIENT_CB:224:psk no client cb
+SSL_R_PSK_NO_SERVER_CB:225:psk no server cb
+SSL_R_READ_BIO_NOT_SET:211:read bio not set
+SSL_R_READ_TIMEOUT_EXPIRED:312:read timeout expired
+SSL_R_RECORD_LENGTH_MISMATCH:213:record length mismatch
+SSL_R_RECORD_TOO_SMALL:298:record too small
+SSL_R_RENEGOTIATE_EXT_TOO_LONG:335:renegotiate ext too long
+SSL_R_RENEGOTIATION_ENCODING_ERR:336:renegotiation encoding err
+SSL_R_RENEGOTIATION_MISMATCH:337:renegotiation mismatch
+SSL_R_REQUEST_PENDING:285:request pending
+SSL_R_REQUEST_SENT:286:request sent
+SSL_R_REQUIRED_CIPHER_MISSING:215:required cipher missing
+SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING:342:\
+	required compression algorithm missing
+SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING:345:scsv received when renegotiating
+SSL_R_SCT_VERIFICATION_FAILED:208:sct verification failed
+SSL_R_SERVERHELLO_TLSEXT:275:serverhello tlsext
+SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED:277:session id context uninitialized
+SSL_R_SHUTDOWN_WHILE_IN_INIT:407:shutdown while in init
+SSL_R_SIGNATURE_ALGORITHMS_ERROR:360:signature algorithms error
+SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE:220:\
+	signature for non signing certificate
+SSL_R_SRP_A_CALC:361:error with the srp params
+SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES:362:srtp could not allocate profiles
+SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG:363:\
+	srtp protection profile list too long
+SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE:364:srtp unknown protection profile
+SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH:232:\
+	ssl3 ext invalid max fragment length
+SSL_R_SSL3_EXT_INVALID_SERVERNAME:319:ssl3 ext invalid servername
+SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE:320:ssl3 ext invalid servername type
+SSL_R_SSL3_SESSION_ID_TOO_LONG:300:ssl3 session id too long
+SSL_R_SSL_COMMAND_SECTION_EMPTY:117:ssl command section empty
+SSL_R_SSL_COMMAND_SECTION_NOT_FOUND:125:ssl command section not found
+SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION:228:ssl ctx has no default ssl version
+SSL_R_SSL_HANDSHAKE_FAILURE:229:ssl handshake failure
+SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS:230:ssl library has no ciphers
+SSL_R_SSL_NEGATIVE_LENGTH:372:ssl negative length
+SSL_R_SSL_SECTION_EMPTY:126:ssl section empty
+SSL_R_SSL_SECTION_NOT_FOUND:136:ssl section not found
+SSL_R_SSL_SESSION_ID_CALLBACK_FAILED:301:ssl session id callback failed
+SSL_R_SSL_SESSION_ID_CONFLICT:302:ssl session id conflict
+SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG:273:ssl session id context too long
+SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH:303:ssl session id has bad length
+SSL_R_SSL_SESSION_ID_TOO_LONG:408:ssl session id too long
+SSL_R_SSL_SESSION_VERSION_MISMATCH:210:ssl session version mismatch
+SSL_R_STILL_IN_INIT:121:still in init
+SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT:365:peer does not accept heartbeats
+SSL_R_TLS_HEARTBEAT_PENDING:366:heartbeat request already pending
+SSL_R_TLS_ILLEGAL_EXPORTER_LABEL:367:tls illegal exporter label
+SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST:157:tls invalid ecpointformat list
+SSL_R_TOO_MANY_KEY_UPDATES:132:too many key updates
+SSL_R_TOO_MANY_WARN_ALERTS:409:too many warn alerts
+SSL_R_TOO_MUCH_EARLY_DATA:164:too much early data
+SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS:314:unable to find ecdh parameters
+SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS:239:\
+	unable to find public key parameters
+SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES:242:unable to load ssl3 md5 routines
+SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES:243:unable to load ssl3 sha1 routines
+SSL_R_UNEXPECTED_CCS_MESSAGE:262:unexpected ccs message
+SSL_R_UNEXPECTED_END_OF_EARLY_DATA:178:unexpected end of early data
+SSL_R_UNEXPECTED_MESSAGE:244:unexpected message
+SSL_R_UNEXPECTED_RECORD:245:unexpected record
+SSL_R_UNINITIALIZED:276:uninitialized
+SSL_R_UNKNOWN_ALERT_TYPE:246:unknown alert type
+SSL_R_UNKNOWN_CERTIFICATE_TYPE:247:unknown certificate type
+SSL_R_UNKNOWN_CIPHER_RETURNED:248:unknown cipher returned
+SSL_R_UNKNOWN_CIPHER_TYPE:249:unknown cipher type
+SSL_R_UNKNOWN_CMD_NAME:386:unknown cmd name
+SSL_R_UNKNOWN_COMMAND:139:unknown command
+SSL_R_UNKNOWN_DIGEST:368:unknown digest
+SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE:250:unknown key exchange type
+SSL_R_UNKNOWN_PKEY_TYPE:251:unknown pkey type
+SSL_R_UNKNOWN_PROTOCOL:252:unknown protocol
+SSL_R_UNKNOWN_SSL_VERSION:254:unknown ssl version
+SSL_R_UNKNOWN_STATE:255:unknown state
+SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED:338:\
+	unsafe legacy renegotiation disabled
+SSL_R_UNSOLICITED_EXTENSION:217:unsolicited extension
+SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM:257:unsupported compression algorithm
+SSL_R_UNSUPPORTED_ELLIPTIC_CURVE:315:unsupported elliptic curve
+SSL_R_UNSUPPORTED_PROTOCOL:258:unsupported protocol
+SSL_R_UNSUPPORTED_SSL_VERSION:259:unsupported ssl version
+SSL_R_UNSUPPORTED_STATUS_TYPE:329:unsupported status type
+SSL_R_USE_SRTP_NOT_NEGOTIATED:369:use srtp not negotiated
+SSL_R_VERSION_TOO_HIGH:166:version too high
+SSL_R_VERSION_TOO_LOW:396:version too low
+SSL_R_WRONG_CERTIFICATE_TYPE:383:wrong certificate type
+SSL_R_WRONG_CIPHER_RETURNED:261:wrong cipher returned
+SSL_R_WRONG_CURVE:378:wrong curve
+SSL_R_WRONG_SIGNATURE_LENGTH:264:wrong signature length
+SSL_R_WRONG_SIGNATURE_SIZE:265:wrong signature size
+SSL_R_WRONG_SIGNATURE_TYPE:370:wrong signature type
+SSL_R_WRONG_SSL_VERSION:266:wrong ssl version
+SSL_R_WRONG_VERSION_NUMBER:267:wrong version number
+SSL_R_X509_LIB:268:x509 lib
+SSL_R_X509_VERIFICATION_SETUP_PROBLEMS:269:x509 verification setup problems
+TS_R_BAD_PKCS7_TYPE:132:bad pkcs7 type
+TS_R_BAD_TYPE:133:bad type
+TS_R_CANNOT_LOAD_CERT:137:cannot load certificate
+TS_R_CANNOT_LOAD_KEY:138:cannot load private key
+TS_R_CERTIFICATE_VERIFY_ERROR:100:certificate verify error
+TS_R_COULD_NOT_SET_ENGINE:127:could not set engine
+TS_R_COULD_NOT_SET_TIME:115:could not set time
+TS_R_DETACHED_CONTENT:134:detached content
+TS_R_ESS_ADD_SIGNING_CERT_ERROR:116:ess add signing cert error
+TS_R_ESS_ADD_SIGNING_CERT_V2_ERROR:139:ess add signing cert v2 error
+TS_R_ESS_SIGNING_CERTIFICATE_ERROR:101:ess signing certificate error
+TS_R_INVALID_NULL_POINTER:102:invalid null pointer
+TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE:117:invalid signer certificate purpose
+TS_R_MESSAGE_IMPRINT_MISMATCH:103:message imprint mismatch
+TS_R_NONCE_MISMATCH:104:nonce mismatch
+TS_R_NONCE_NOT_RETURNED:105:nonce not returned
+TS_R_NO_CONTENT:106:no content
+TS_R_NO_TIME_STAMP_TOKEN:107:no time stamp token
+TS_R_PKCS7_ADD_SIGNATURE_ERROR:118:pkcs7 add signature error
+TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR:119:pkcs7 add signed attr error
+TS_R_PKCS7_TO_TS_TST_INFO_FAILED:129:pkcs7 to ts tst info failed
+TS_R_POLICY_MISMATCH:108:policy mismatch
+TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE:120:\
+	private key does not match certificate
+TS_R_RESPONSE_SETUP_ERROR:121:response setup error
+TS_R_SIGNATURE_FAILURE:109:signature failure
+TS_R_THERE_MUST_BE_ONE_SIGNER:110:there must be one signer
+TS_R_TIME_SYSCALL_ERROR:122:time syscall error
+TS_R_TOKEN_NOT_PRESENT:130:token not present
+TS_R_TOKEN_PRESENT:131:token present
+TS_R_TSA_NAME_MISMATCH:111:tsa name mismatch
+TS_R_TSA_UNTRUSTED:112:tsa untrusted
+TS_R_TST_INFO_SETUP_ERROR:123:tst info setup error
+TS_R_TS_DATASIGN:124:ts datasign
+TS_R_UNACCEPTABLE_POLICY:125:unacceptable policy
+TS_R_UNSUPPORTED_MD_ALGORITHM:126:unsupported md algorithm
+TS_R_UNSUPPORTED_VERSION:113:unsupported version
+TS_R_VAR_BAD_VALUE:135:var bad value
+TS_R_VAR_LOOKUP_FAILURE:136:cannot find config variable
+TS_R_WRONG_CONTENT_TYPE:114:wrong content type
+UI_R_COMMON_OK_AND_CANCEL_CHARACTERS:104:common ok and cancel characters
+UI_R_INDEX_TOO_LARGE:102:index too large
+UI_R_INDEX_TOO_SMALL:103:index too small
+UI_R_NO_RESULT_BUFFER:105:no result buffer
+UI_R_PROCESSING_ERROR:107:processing error
+UI_R_RESULT_TOO_LARGE:100:result too large
+UI_R_RESULT_TOO_SMALL:101:result too small
+UI_R_SYSASSIGN_ERROR:109:sys$assign error
+UI_R_SYSDASSGN_ERROR:110:sys$dassgn error
+UI_R_SYSQIOW_ERROR:111:sys$qiow error
+UI_R_UNKNOWN_CONTROL_COMMAND:106:unknown control command
+UI_R_UNKNOWN_TTYGET_ERRNO_VALUE:108:unknown ttyget errno value
+UI_R_USER_DATA_DUPLICATION_UNSUPPORTED:112:user data duplication unsupported
+X509V3_R_BAD_IP_ADDRESS:118:bad ip address
+X509V3_R_BAD_OBJECT:119:bad object
+X509V3_R_BN_DEC2BN_ERROR:100:bn dec2bn error
+X509V3_R_BN_TO_ASN1_INTEGER_ERROR:101:bn to asn1 integer error
+X509V3_R_DIRNAME_ERROR:149:dirname error
+X509V3_R_DISTPOINT_ALREADY_SET:160:distpoint already set
+X509V3_R_DUPLICATE_ZONE_ID:133:duplicate zone id
+X509V3_R_ERROR_CONVERTING_ZONE:131:error converting zone
+X509V3_R_ERROR_CREATING_EXTENSION:144:error creating extension
+X509V3_R_ERROR_IN_EXTENSION:128:error in extension
+X509V3_R_EXPECTED_A_SECTION_NAME:137:expected a section name
+X509V3_R_EXTENSION_EXISTS:145:extension exists
+X509V3_R_EXTENSION_NAME_ERROR:115:extension name error
+X509V3_R_EXTENSION_NOT_FOUND:102:extension not found
+X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED:103:extension setting not supported
+X509V3_R_EXTENSION_VALUE_ERROR:116:extension value error
+X509V3_R_ILLEGAL_EMPTY_EXTENSION:151:illegal empty extension
+X509V3_R_INCORRECT_POLICY_SYNTAX_TAG:152:incorrect policy syntax tag
+X509V3_R_INVALID_ASNUMBER:162:invalid asnumber
+X509V3_R_INVALID_ASRANGE:163:invalid asrange
+X509V3_R_INVALID_BOOLEAN_STRING:104:invalid boolean string
+X509V3_R_INVALID_EXTENSION_STRING:105:invalid extension string
+X509V3_R_INVALID_INHERITANCE:165:invalid inheritance
+X509V3_R_INVALID_IPADDRESS:166:invalid ipaddress
+X509V3_R_INVALID_MULTIPLE_RDNS:161:invalid multiple rdns
+X509V3_R_INVALID_NAME:106:invalid name
+X509V3_R_INVALID_NULL_ARGUMENT:107:invalid null argument
+X509V3_R_INVALID_NULL_NAME:108:invalid null name
+X509V3_R_INVALID_NULL_VALUE:109:invalid null value
+X509V3_R_INVALID_NUMBER:140:invalid number
+X509V3_R_INVALID_NUMBERS:141:invalid numbers
+X509V3_R_INVALID_OBJECT_IDENTIFIER:110:invalid object identifier
+X509V3_R_INVALID_OPTION:138:invalid option
+X509V3_R_INVALID_POLICY_IDENTIFIER:134:invalid policy identifier
+X509V3_R_INVALID_PROXY_POLICY_SETTING:153:invalid proxy policy setting
+X509V3_R_INVALID_PURPOSE:146:invalid purpose
+X509V3_R_INVALID_SAFI:164:invalid safi
+X509V3_R_INVALID_SECTION:135:invalid section
+X509V3_R_INVALID_SYNTAX:143:invalid syntax
+X509V3_R_ISSUER_DECODE_ERROR:126:issuer decode error
+X509V3_R_MISSING_VALUE:124:missing value
+X509V3_R_NEED_ORGANIZATION_AND_NUMBERS:142:need organization and numbers
+X509V3_R_NO_CONFIG_DATABASE:136:no config database
+X509V3_R_NO_ISSUER_CERTIFICATE:121:no issuer certificate
+X509V3_R_NO_ISSUER_DETAILS:127:no issuer details
+X509V3_R_NO_POLICY_IDENTIFIER:139:no policy identifier
+X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED:154:\
+	no proxy cert policy language defined
+X509V3_R_NO_PUBLIC_KEY:114:no public key
+X509V3_R_NO_SUBJECT_DETAILS:125:no subject details
+X509V3_R_OPERATION_NOT_DEFINED:148:operation not defined
+X509V3_R_OTHERNAME_ERROR:147:othername error
+X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED:155:policy language already defined
+X509V3_R_POLICY_PATH_LENGTH:156:policy path length
+X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED:157:\
+	policy path length already defined
+X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY:159:\
+	policy when proxy language requires no policy
+X509V3_R_SECTION_NOT_FOUND:150:section not found
+X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS:122:unable to get issuer details
+X509V3_R_UNABLE_TO_GET_ISSUER_KEYID:123:unable to get issuer keyid
+X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT:111:unknown bit string argument
+X509V3_R_UNKNOWN_EXTENSION:129:unknown extension
+X509V3_R_UNKNOWN_EXTENSION_NAME:130:unknown extension name
+X509V3_R_UNKNOWN_OPTION:120:unknown option
+X509V3_R_UNSUPPORTED_OPTION:117:unsupported option
+X509V3_R_UNSUPPORTED_TYPE:167:unsupported type
+X509V3_R_USER_TOO_LONG:132:user too long
+X509_R_AKID_MISMATCH:110:akid mismatch
+X509_R_BAD_SELECTOR:133:bad selector
+X509_R_BAD_X509_FILETYPE:100:bad x509 filetype
+X509_R_BASE64_DECODE_ERROR:118:base64 decode error
+X509_R_CANT_CHECK_DH_KEY:114:cant check dh key
+X509_R_CERT_ALREADY_IN_HASH_TABLE:101:cert already in hash table
+X509_R_CRL_ALREADY_DELTA:127:crl already delta
+X509_R_CRL_VERIFY_FAILURE:131:crl verify failure
+X509_R_IDP_MISMATCH:128:idp mismatch
+X509_R_INVALID_DIRECTORY:113:invalid directory
+X509_R_INVALID_FIELD_NAME:119:invalid field name
+X509_R_INVALID_TRUST:123:invalid trust
+X509_R_ISSUER_MISMATCH:129:issuer mismatch
+X509_R_KEY_TYPE_MISMATCH:115:key type mismatch
+X509_R_KEY_VALUES_MISMATCH:116:key values mismatch
+X509_R_LOADING_CERT_DIR:103:loading cert dir
+X509_R_LOADING_DEFAULTS:104:loading defaults
+X509_R_METHOD_NOT_SUPPORTED:124:method not supported
+X509_R_NAME_TOO_LONG:134:name too long
+X509_R_NEWER_CRL_NOT_NEWER:132:newer crl not newer
+X509_R_NO_CERTIFICATE_FOUND:135:no certificate found
+X509_R_NO_CERTIFICATE_OR_CRL_FOUND:136:no certificate or crl found
+X509_R_NO_CERT_SET_FOR_US_TO_VERIFY:105:no cert set for us to verify
+X509_R_NO_CRL_FOUND:137:no crl found
+X509_R_NO_CRL_NUMBER:130:no crl number
+X509_R_PUBLIC_KEY_DECODE_ERROR:125:public key decode error
+X509_R_PUBLIC_KEY_ENCODE_ERROR:126:public key encode error
+X509_R_SHOULD_RETRY:106:should retry
+X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN:107:unable to find parameters in chain
+X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY:108:unable to get certs public key
+X509_R_UNKNOWN_KEY_TYPE:117:unknown key type
+X509_R_UNKNOWN_NID:109:unknown nid
+X509_R_UNKNOWN_PURPOSE_ID:121:unknown purpose id
+X509_R_UNKNOWN_TRUST_ID:120:unknown trust id
+X509_R_UNSUPPORTED_ALGORITHM:111:unsupported algorithm
+X509_R_WRONG_LOOKUP_TYPE:112:wrong lookup type
+X509_R_WRONG_TYPE:122:wrong type
diff --git a/deps/openssl/openssl/crypto/evp/bio_b64.c b/deps/openssl/openssl/crypto/evp/bio_b64.c
index a86e8db0bf..9f891f7626 100644
--- a/deps/openssl/openssl/crypto/evp/bio_b64.c
+++ b/deps/openssl/openssl/crypto/evp/bio_b64.c
@@ -17,9 +17,6 @@
 static int b64_write(BIO *h, const char *buf, int num);
 static int b64_read(BIO *h, char *buf, int size);
 static int b64_puts(BIO *h, const char *str);
-/*
- * static int b64_gets(BIO *h, char *str, int size);
- */
 static long b64_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int b64_new(BIO *h);
 static int b64_free(BIO *data);
@@ -49,7 +46,11 @@ typedef struct b64_struct {
 static const BIO_METHOD methods_b64 = {
     BIO_TYPE_BASE64,
     "base64 encoding",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
     b64_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
     b64_read,
     b64_puts,
     NULL,                       /* b64_gets, */
@@ -69,9 +70,10 @@ static int b64_new(BIO *bi)
 {
     BIO_B64_CTX *ctx;
 
-    ctx = OPENSSL_zalloc(sizeof(*ctx));
-    if (ctx == NULL)
+    if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
+        EVPerr(EVP_F_B64_NEW, ERR_R_MALLOC_FAILURE);
         return 0;
+    }
 
     ctx->cont = 1;
     ctx->start = 1;
@@ -113,7 +115,7 @@ static int b64_read(BIO *b, char *out, int outl)
     BIO *next;
 
     if (out == NULL)
-        return (0);
+        return 0;
     ctx = (BIO_B64_CTX *)BIO_get_data(b);
 
     next = BIO_next(b);
@@ -354,7 +356,7 @@ static int b64_write(BIO *b, const char *in, int inl)
         i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n);
         if (i <= 0) {
             BIO_copy_next_retry(b);
-            return (i);
+            return i;
         }
         OPENSSL_assert(i <= n);
         ctx->buf_off += i;
@@ -367,7 +369,7 @@ static int b64_write(BIO *b, const char *in, int inl)
     ctx->buf_len = 0;
 
     if ((in == NULL) || (inl <= 0))
-        return (0);
+        return 0;
 
     while (inl > 0) {
         n = (inl > B64_BLOCK_SIZE) ? B64_BLOCK_SIZE : inl;
@@ -440,7 +442,7 @@ static int b64_write(BIO *b, const char *in, int inl)
         ctx->buf_len = 0;
         ctx->buf_off = 0;
     }
-    return (ret);
+    return ret;
 }
 
 static long b64_ctrl(BIO *b, int cmd, long num, void *ptr)
@@ -542,7 +544,7 @@ static long b64_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
         ret = BIO_callback_ctrl(next, cmd, fp);
         break;
     }
-    return (ret);
+    return ret;
 }
 
 static int b64_puts(BIO *b, const char *str)
diff --git a/deps/openssl/openssl/crypto/evp/bio_enc.c b/deps/openssl/openssl/crypto/evp/bio_enc.c
index e62d1dfda8..6639061eae 100644
--- a/deps/openssl/openssl/crypto/evp/bio_enc.c
+++ b/deps/openssl/openssl/crypto/evp/bio_enc.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -16,12 +16,6 @@
 
 static int enc_write(BIO *h, const char *buf, int num);
 static int enc_read(BIO *h, char *buf, int size);
-/*
- * static int enc_puts(BIO *h, const char *str);
- */
-/*
- * static int enc_gets(BIO *h, char *str, int size);
- */
 static long enc_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int enc_new(BIO *h);
 static int enc_free(BIO *data);
@@ -48,7 +42,11 @@ typedef struct enc_struct {
 static const BIO_METHOD methods_enc = {
     BIO_TYPE_CIPHER,
     "cipher",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
     enc_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
     enc_read,
     NULL,                       /* enc_puts, */
     NULL,                       /* enc_gets, */
@@ -60,16 +58,17 @@ static const BIO_METHOD methods_enc = {
 
 const BIO_METHOD *BIO_f_cipher(void)
 {
-    return (&methods_enc);
+    return &methods_enc;
 }
 
 static int enc_new(BIO *bi)
 {
     BIO_ENC_CTX *ctx;
 
-    ctx = OPENSSL_zalloc(sizeof(*ctx));
-    if (ctx == NULL)
+    if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
+        EVPerr(EVP_F_ENC_NEW, ERR_R_MALLOC_FAILURE);
         return 0;
+    }
 
     ctx->cipher = EVP_CIPHER_CTX_new();
     if (ctx->cipher == NULL) {
@@ -111,7 +110,7 @@ static int enc_read(BIO *b, char *out, int outl)
     BIO *next;
 
     if (out == NULL)
-        return (0);
+        return 0;
     ctx = BIO_get_data(b);
 
     next = BIO_next(b);
@@ -251,7 +250,7 @@ static int enc_write(BIO *b, const char *in, int inl)
         i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n);
         if (i <= 0) {
             BIO_copy_next_retry(b);
-            return (i);
+            return i;
         }
         ctx->buf_off += i;
         n -= i;
@@ -259,7 +258,7 @@ static int enc_write(BIO *b, const char *in, int inl)
     /* at this point all pending data has been written */
 
     if ((in == NULL) || (inl <= 0))
-        return (0);
+        return 0;
 
     ctx->buf_off = 0;
     while (inl > 0) {
@@ -289,7 +288,7 @@ static int enc_write(BIO *b, const char *in, int inl)
         ctx->buf_off = 0;
     }
     BIO_copy_next_retry(b);
-    return (ret);
+    return ret;
 }
 
 static long enc_ctrl(BIO *b, int cmd, long num, void *ptr)
@@ -384,7 +383,7 @@ static long enc_ctrl(BIO *b, int cmd, long num, void *ptr)
         ret = BIO_ctrl(next, cmd, num, ptr);
         break;
     }
-    return (ret);
+    return ret;
 }
 
 static long enc_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
@@ -393,35 +392,15 @@ static long enc_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
     BIO *next = BIO_next(b);
 
     if (next == NULL)
-        return (0);
+        return 0;
     switch (cmd) {
     default:
         ret = BIO_callback_ctrl(next, cmd, fp);
         break;
     }
-    return (ret);
+    return ret;
 }
 
-/*-
-void BIO_set_cipher_ctx(b,c)
-BIO *b;
-EVP_CIPHER_ctx *c;
-        {
-        if (b == NULL) return;
-
-        if ((b->callback != NULL) &&
-                (b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,0L) <= 0))
-                return;
-
-        b->init=1;
-        ctx=(BIO_ENC_CTX *)b->ptr;
-        memcpy(ctx->cipher,c,sizeof(EVP_CIPHER_CTX));
-
-        if (b->callback != NULL)
-                b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L);
-        }
-*/
-
 int BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k,
                    const unsigned char *i, int e)
 {
diff --git a/deps/openssl/openssl/crypto/evp/bio_md.c b/deps/openssl/openssl/crypto/evp/bio_md.c
index 2f0f2831df..288dee01b2 100644
--- a/deps/openssl/openssl/crypto/evp/bio_md.c
+++ b/deps/openssl/openssl/crypto/evp/bio_md.c
@@ -22,9 +22,6 @@
 
 static int md_write(BIO *h, char const *buf, int num);
 static int md_read(BIO *h, char *buf, int size);
-/*
- * static int md_puts(BIO *h, const char *str);
- */
 static int md_gets(BIO *h, char *str, int size);
 static long md_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int md_new(BIO *h);
@@ -34,7 +31,11 @@ static long md_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp);
 static const BIO_METHOD methods_md = {
     BIO_TYPE_MD,
     "message digest",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
     md_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
     md_read,
     NULL,                       /* md_puts, */
     md_gets,
@@ -46,7 +47,7 @@ static const BIO_METHOD methods_md = {
 
 const BIO_METHOD *BIO_f_md(void)
 {
-    return (&methods_md);
+    return &methods_md;
 }
 
 static int md_new(BIO *bi)
@@ -55,7 +56,7 @@ static int md_new(BIO *bi)
 
     ctx = EVP_MD_CTX_new();
     if (ctx == NULL)
-        return (0);
+        return 0;
 
     BIO_set_init(bi, 1);
     BIO_set_data(bi, ctx);
@@ -66,7 +67,7 @@ static int md_new(BIO *bi)
 static int md_free(BIO *a)
 {
     if (a == NULL)
-        return (0);
+        return 0;
     EVP_MD_CTX_free(BIO_get_data(a));
     BIO_set_data(a, NULL);
     BIO_set_init(a, 0);
@@ -81,25 +82,25 @@ static int md_read(BIO *b, char *out, int outl)
     BIO *next;
 
     if (out == NULL)
-        return (0);
+        return 0;
 
     ctx = BIO_get_data(b);
     next = BIO_next(b);
 
     if ((ctx == NULL) || (next == NULL))
-        return (0);
+        return 0;
 
     ret = BIO_read(next, out, outl);
     if (BIO_get_init(b)) {
         if (ret > 0) {
             if (EVP_DigestUpdate(ctx, (unsigned char *)out,
                                  (unsigned int)ret) <= 0)
-                return (-1);
+                return -1;
         }
     }
     BIO_clear_retry_flags(b);
     BIO_copy_next_retry(b);
-    return (ret);
+    return ret;
 }
 
 static int md_write(BIO *b, const char *in, int inl)
@@ -194,7 +195,7 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr)
         ret = BIO_ctrl(next, cmd, num, ptr);
         break;
     }
-    return (ret);
+    return ret;
 }
 
 static long md_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
@@ -212,7 +213,7 @@ static long md_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
         ret = BIO_callback_ctrl(next, cmd, fp);
         break;
     }
-    return (ret);
+    return ret;
 }
 
 static int md_gets(BIO *bp, char *buf, int size)
@@ -228,5 +229,5 @@ static int md_gets(BIO *bp, char *buf, int size)
     if (EVP_DigestFinal_ex(ctx, (unsigned char *)buf, &ret) <= 0)
         return -1;
 
-    return ((int)ret);
+    return (int)ret;
 }
diff --git a/deps/openssl/openssl/crypto/evp/bio_ok.c b/deps/openssl/openssl/crypto/evp/bio_ok.c
index b156e62efd..a0462219be 100644
--- a/deps/openssl/openssl/crypto/evp/bio_ok.c
+++ b/deps/openssl/openssl/crypto/evp/bio_ok.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -8,7 +8,7 @@
  */
 
 /*-
-        From: Arne Ansper <arne@cyber.ee>
+        From: Arne Ansper
 
         Why BIO_f_reliable?
 
@@ -110,7 +110,11 @@ typedef struct ok_struct {
 static const BIO_METHOD methods_ok = {
     BIO_TYPE_CIPHER,
     "reliable",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
     ok_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
     ok_read,
     NULL,                       /* ok_puts, */
     NULL,                       /* ok_gets, */
@@ -122,16 +126,17 @@ static const BIO_METHOD methods_ok = {
 
 const BIO_METHOD *BIO_f_reliable(void)
 {
-    return (&methods_ok);
+    return &methods_ok;
 }
 
 static int ok_new(BIO *bi)
 {
     BIO_OK_CTX *ctx;
 
-    ctx = OPENSSL_zalloc(sizeof(*ctx));
-    if (ctx == NULL)
+    if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
+        EVPerr(EVP_F_OK_NEW, ERR_R_MALLOC_FAILURE);
         return 0;
+    }
 
     ctx->cont = 1;
     ctx->sigio = 1;
@@ -263,7 +268,7 @@ static int ok_write(BIO *b, const char *in, int inl)
     ret = inl;
 
     if ((ctx == NULL) || (next == NULL) || (BIO_get_init(b) == 0))
-        return (0);
+        return 0;
 
     if (ctx->sigio && !sig_out(b))
         return 0;
@@ -277,7 +282,7 @@ static int ok_write(BIO *b, const char *in, int inl)
                 BIO_copy_next_retry(b);
                 if (!BIO_should_retry(b))
                     ctx->cont = 0;
-                return (i);
+                return i;
             }
             ctx->buf_off += i;
             n -= i;
@@ -291,7 +296,7 @@ static int ok_write(BIO *b, const char *in, int inl)
         }
 
         if ((in == NULL) || (inl <= 0))
-            return (0);
+            return 0;
 
         n = (inl + ctx->buf_len > OK_BLOCK_SIZE + OK_BLOCK_BLOCK) ?
             (int)(OK_BLOCK_SIZE + OK_BLOCK_BLOCK - ctx->buf_len) : inl;
@@ -311,7 +316,7 @@ static int ok_write(BIO *b, const char *in, int inl)
 
     BIO_clear_retry_flags(b);
     BIO_copy_next_retry(b);
-    return (ret);
+    return ret;
 }
 
 static long ok_ctrl(BIO *b, int cmd, long num, void *ptr)
diff --git a/deps/openssl/openssl/crypto/evp/build.info b/deps/openssl/openssl/crypto/evp/build.info
index bf633dc713..cc33ac3c49 100644
--- a/deps/openssl/openssl/crypto/evp/build.info
+++ b/deps/openssl/openssl/crypto/evp/build.info
@@ -2,14 +2,14 @@ LIBS=../../libcrypto
 SOURCE[../../libcrypto]=\
         encode.c digest.c evp_enc.c evp_key.c evp_cnf.c \
         e_des.c e_bf.c e_idea.c e_des3.c e_camellia.c\
-        e_rc4.c e_aes.c names.c e_seed.c \
+        e_rc4.c e_aes.c names.c e_seed.c e_aria.c e_sm4.c \
         e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c \
         m_null.c m_md2.c m_md4.c m_md5.c m_sha1.c m_wp.c \
-        m_md5_sha1.c m_mdc2.c m_ripemd.c \
+        m_md5_sha1.c m_mdc2.c m_ripemd.c m_sha3.c \
         p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \
         bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
         c_allc.c c_alld.c evp_lib.c bio_ok.c \
-        evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c scrypt.c \
+        evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c pbe_scrypt.c \
         e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c \
         e_aes_cbc_hmac_sha1.c e_aes_cbc_hmac_sha256.c e_rc4_hmac_md5.c \
         e_chacha20_poly1305.c cmeth_lib.c
@@ -17,6 +17,9 @@ SOURCE[../../libcrypto]=\
 INCLUDE[e_aes.o]=.. ../modes
 INCLUDE[e_aes_cbc_hmac_sha1.o]=../modes
 INCLUDE[e_aes_cbc_hmac_sha256.o]=../modes
+INCLUDE[e_aria.o]=.. ../modes
 INCLUDE[e_camellia.o]=.. ../modes
+INCLUDE[e_sm4.o]=.. ../modes
 INCLUDE[e_des.o]=..
 INCLUDE[e_des3.o]=..
+INCLUDE[m_sha3.o]=..
diff --git a/deps/openssl/openssl/crypto/evp/c_allc.c b/deps/openssl/openssl/crypto/evp/c_allc.c
index 6ed31edbcb..086b3c4d51 100644
--- a/deps/openssl/openssl/crypto/evp/c_allc.c
+++ b/deps/openssl/openssl/crypto/evp/c_allc.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -10,7 +10,7 @@
 #include <stdio.h>
 #include "internal/cryptlib.h"
 #include <openssl/evp.h>
-#include <internal/evp_int.h>
+#include "internal/evp_int.h"
 #include <openssl/pkcs12.h>
 #include <openssl/objects.h>
 
@@ -79,6 +79,16 @@ void openssl_add_all_ciphers_int(void)
     EVP_add_cipher_alias(SN_seed_cbc, "seed");
 #endif
 
+#ifndef OPENSSL_NO_SM4
+    EVP_add_cipher(EVP_sm4_ecb());
+    EVP_add_cipher(EVP_sm4_cbc());
+    EVP_add_cipher(EVP_sm4_cfb());
+    EVP_add_cipher(EVP_sm4_ofb());
+    EVP_add_cipher(EVP_sm4_ctr());
+    EVP_add_cipher_alias(SN_sm4_cbc, "SM4");
+    EVP_add_cipher_alias(SN_sm4_cbc, "sm4");
+#endif
+
 #ifndef OPENSSL_NO_RC2
     EVP_add_cipher(EVP_rc2_ecb());
     EVP_add_cipher(EVP_rc2_cfb());
@@ -181,6 +191,42 @@ void openssl_add_all_ciphers_int(void)
     EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256());
     EVP_add_cipher(EVP_aes_256_cbc_hmac_sha256());
 
+#ifndef OPENSSL_NO_ARIA
+    EVP_add_cipher(EVP_aria_128_ecb());
+    EVP_add_cipher(EVP_aria_128_cbc());
+    EVP_add_cipher(EVP_aria_128_cfb());
+    EVP_add_cipher(EVP_aria_128_cfb1());
+    EVP_add_cipher(EVP_aria_128_cfb8());
+    EVP_add_cipher(EVP_aria_128_ctr());
+    EVP_add_cipher(EVP_aria_128_ofb());
+    EVP_add_cipher(EVP_aria_128_gcm());
+    EVP_add_cipher(EVP_aria_128_ccm());
+    EVP_add_cipher_alias(SN_aria_128_cbc, "ARIA128");
+    EVP_add_cipher_alias(SN_aria_128_cbc, "aria128");
+    EVP_add_cipher(EVP_aria_192_ecb());
+    EVP_add_cipher(EVP_aria_192_cbc());
+    EVP_add_cipher(EVP_aria_192_cfb());
+    EVP_add_cipher(EVP_aria_192_cfb1());
+    EVP_add_cipher(EVP_aria_192_cfb8());
+    EVP_add_cipher(EVP_aria_192_ctr());
+    EVP_add_cipher(EVP_aria_192_ofb());
+    EVP_add_cipher(EVP_aria_192_gcm());
+    EVP_add_cipher(EVP_aria_192_ccm());
+    EVP_add_cipher_alias(SN_aria_192_cbc, "ARIA192");
+    EVP_add_cipher_alias(SN_aria_192_cbc, "aria192");
+    EVP_add_cipher(EVP_aria_256_ecb());
+    EVP_add_cipher(EVP_aria_256_cbc());
+    EVP_add_cipher(EVP_aria_256_cfb());
+    EVP_add_cipher(EVP_aria_256_cfb1());
+    EVP_add_cipher(EVP_aria_256_cfb8());
+    EVP_add_cipher(EVP_aria_256_ctr());
+    EVP_add_cipher(EVP_aria_256_ofb());
+    EVP_add_cipher(EVP_aria_256_gcm());
+    EVP_add_cipher(EVP_aria_256_ccm());
+    EVP_add_cipher_alias(SN_aria_256_cbc, "ARIA256");
+    EVP_add_cipher_alias(SN_aria_256_cbc, "aria256");
+#endif
+
 #ifndef OPENSSL_NO_CAMELLIA
     EVP_add_cipher(EVP_camellia_128_ecb());
     EVP_add_cipher(EVP_camellia_128_cbc());
diff --git a/deps/openssl/openssl/crypto/evp/c_alld.c b/deps/openssl/openssl/crypto/evp/c_alld.c
index ec79734e67..1267531a7d 100644
--- a/deps/openssl/openssl/crypto/evp/c_alld.c
+++ b/deps/openssl/openssl/crypto/evp/c_alld.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -10,7 +10,7 @@
 #include <stdio.h>
 #include "internal/cryptlib.h"
 #include <openssl/evp.h>
-#include <internal/evp_int.h>
+#include "internal/evp_int.h"
 #include <openssl/pkcs12.h>
 #include <openssl/objects.h>
 
@@ -39,11 +39,22 @@ void openssl_add_all_digests_int(void)
     EVP_add_digest(EVP_sha256());
     EVP_add_digest(EVP_sha384());
     EVP_add_digest(EVP_sha512());
+    EVP_add_digest(EVP_sha512_224());
+    EVP_add_digest(EVP_sha512_256());
 #ifndef OPENSSL_NO_WHIRLPOOL
     EVP_add_digest(EVP_whirlpool());
 #endif
+#ifndef OPENSSL_NO_SM3
+    EVP_add_digest(EVP_sm3());
+#endif
 #ifndef OPENSSL_NO_BLAKE2
     EVP_add_digest(EVP_blake2b512());
     EVP_add_digest(EVP_blake2s256());
 #endif
+    EVP_add_digest(EVP_sha3_224());
+    EVP_add_digest(EVP_sha3_256());
+    EVP_add_digest(EVP_sha3_384());
+    EVP_add_digest(EVP_sha3_512());
+    EVP_add_digest(EVP_shake128());
+    EVP_add_digest(EVP_shake256());
 }
diff --git a/deps/openssl/openssl/crypto/evp/digest.c b/deps/openssl/openssl/crypto/evp/digest.c
index 65eff7c8c1..f78dab7678 100644
--- a/deps/openssl/openssl/crypto/evp/digest.c
+++ b/deps/openssl/openssl/crypto/evp/digest.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -32,7 +32,12 @@ int EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
         && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) {
         OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size);
     }
-    EVP_PKEY_CTX_free(ctx->pctx);
+    /*
+     * pctx should be freed by the user of EVP_MD_CTX
+     * if EVP_MD_CTX_FLAG_KEEP_PKEY_CTX is set
+     */
+    if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX))
+        EVP_PKEY_CTX_free(ctx->pctx);
 #ifndef OPENSSL_NO_ENGINE
     ENGINE_finish(ctx->engine);
 #endif
@@ -174,6 +179,27 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
     return ret;
 }
 
+int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, size_t size)
+{
+    int ret = 0;
+
+    if (ctx->digest->flags & EVP_MD_FLAG_XOF
+        && size <= INT_MAX
+        && ctx->digest->md_ctrl(ctx, EVP_MD_CTRL_XOF_LEN, (int)size, NULL)) {
+        ret = ctx->digest->final(ctx, md);
+
+        if (ctx->digest->cleanup != NULL) {
+            ctx->digest->cleanup(ctx);
+            EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
+        }
+        OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size);
+    } else {
+        EVPerr(EVP_F_EVP_DIGESTFINALXOF, EVP_R_NOT_XOF_OR_INVALID_LENGTH);
+    }
+
+    return ret;
+}
+
 int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
 {
     EVP_MD_CTX_reset(out);
@@ -203,6 +229,9 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
     EVP_MD_CTX_reset(out);
     memcpy(out, in, sizeof(*out));
 
+    /* copied EVP_MD_CTX should free the copied EVP_PKEY_CTX */
+    EVP_MD_CTX_clear_flags(out, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX);
+
     /* Null these variables, since they are getting fixed up
      * properly below.  Anything else may cause a memleak and/or
      * double free if any of the memory allocations below fail
diff --git a/deps/openssl/openssl/crypto/evp/e_aes.c b/deps/openssl/openssl/crypto/evp/e_aes.c
index 3f36d7072d..39eb4f379a 100644
--- a/deps/openssl/openssl/crypto/evp/e_aes.c
+++ b/deps/openssl/openssl/crypto/evp/e_aes.c
@@ -136,14 +136,30 @@ void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out,
                        const unsigned char ivec[AES_BLOCK_SIZE]);
 #endif
 #ifdef AES_XTS_ASM
-void AES_xts_encrypt(const char *inp, char *out, size_t len,
+void AES_xts_encrypt(const unsigned char *inp, unsigned char *out, size_t len,
                      const AES_KEY *key1, const AES_KEY *key2,
                      const unsigned char iv[16]);
-void AES_xts_decrypt(const char *inp, char *out, size_t len,
+void AES_xts_decrypt(const unsigned char *inp, unsigned char *out, size_t len,
                      const AES_KEY *key1, const AES_KEY *key2,
                      const unsigned char iv[16]);
 #endif
 
+/* increment counter (64-bit int) by 1 */
+static void ctr64_inc(unsigned char *counter)
+{
+    int n = 8;
+    unsigned char c;
+
+    do {
+        --n;
+        c = counter[n];
+        ++c;
+        counter[n] = c;
+        if (c)
+            return;
+    } while (n);
+}
+
 #if defined(OPENSSL_CPUID_OBJ) && (defined(__powerpc__) || defined(__ppc__) || defined(_ARCH_PPC))
 # include "ppc_arch.h"
 # ifdef VPAES_ASM
@@ -950,6 +966,1521 @@ static const EVP_CIPHER aes_##keylen##_##mode = { \
 const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
 { return SPARC_AES_CAPABLE?&aes_t4_##keylen##_##mode:&aes_##keylen##_##mode; }
 
+#elif defined(OPENSSL_CPUID_OBJ) && defined(__s390__)
+/*
+ * IBM S390X support
+ */
+# include "s390x_arch.h"
+
+typedef struct {
+    union {
+        double align;
+        /*-
+         * KM-AES parameter block - begin
+         * (see z/Architecture Principles of Operation >= SA22-7832-06)
+         */
+        struct {
+            unsigned char k[32];
+        } param;
+        /* KM-AES parameter block - end */
+    } km;
+    unsigned int fc;
+} S390X_AES_ECB_CTX;
+
+typedef struct {
+    union {
+        double align;
+        /*-
+         * KMO-AES parameter block - begin
+         * (see z/Architecture Principles of Operation >= SA22-7832-08)
+         */
+        struct {
+            unsigned char cv[16];
+            unsigned char k[32];
+        } param;
+        /* KMO-AES parameter block - end */
+    } kmo;
+    unsigned int fc;
+
+    int res;
+} S390X_AES_OFB_CTX;
+
+typedef struct {
+    union {
+        double align;
+        /*-
+         * KMF-AES parameter block - begin
+         * (see z/Architecture Principles of Operation >= SA22-7832-08)
+         */
+        struct {
+            unsigned char cv[16];
+            unsigned char k[32];
+        } param;
+        /* KMF-AES parameter block - end */
+    } kmf;
+    unsigned int fc;
+
+    int res;
+} S390X_AES_CFB_CTX;
+
+typedef struct {
+    union {
+        double align;
+        /*-
+         * KMA-GCM-AES parameter block - begin
+         * (see z/Architecture Principles of Operation >= SA22-7832-11)
+         */
+        struct {
+            unsigned char reserved[12];
+            union {
+                unsigned int w;
+                unsigned char b[4];
+            } cv;
+            union {
+                unsigned long long g[2];
+                unsigned char b[16];
+            } t;
+            unsigned char h[16];
+            unsigned long long taadl;
+            unsigned long long tpcl;
+            union {
+                unsigned long long g[2];
+                unsigned int w[4];
+            } j0;
+            unsigned char k[32];
+        } param;
+        /* KMA-GCM-AES parameter block - end */
+    } kma;
+    unsigned int fc;
+    int key_set;
+
+    unsigned char *iv;
+    int ivlen;
+    int iv_set;
+    int iv_gen;
+
+    int taglen;
+
+    unsigned char ares[16];
+    unsigned char mres[16];
+    unsigned char kres[16];
+    int areslen;
+    int mreslen;
+    int kreslen;
+
+    int tls_aad_len;
+} S390X_AES_GCM_CTX;
+
+typedef struct {
+    union {
+        double align;
+        /*-
+         * Padding is chosen so that ccm.kmac_param.k overlaps with key.k and
+         * ccm.fc with key.k.rounds. Remember that on s390x, an AES_KEY's
+         * rounds field is used to store the function code and that the key
+         * schedule is not stored (if aes hardware support is detected).
+         */
+        struct {
+            unsigned char pad[16];
+            AES_KEY k;
+        } key;
+
+        struct {
+            /*-
+             * KMAC-AES parameter block - begin
+             * (see z/Architecture Principles of Operation >= SA22-7832-08)
+             */
+            struct {
+                union {
+                    unsigned long long g[2];
+                    unsigned char b[16];
+                } icv;
+                unsigned char k[32];
+            } kmac_param;
+            /* KMAC-AES paramater block - end */
+
+            union {
+                unsigned long long g[2];
+                unsigned char b[16];
+            } nonce;
+            union {
+                unsigned long long g[2];
+                unsigned char b[16];
+            } buf;
+
+            unsigned long long blocks;
+            int l;
+            int m;
+            int tls_aad_len;
+            int iv_set;
+            int tag_set;
+            int len_set;
+            int key_set;
+
+            unsigned char pad[140];
+            unsigned int fc;
+        } ccm;
+    } aes;
+} S390X_AES_CCM_CTX;
+
+/* Convert key size to function code: [16,24,32] -> [18,19,20]. */
+# define S390X_AES_FC(keylen)  (S390X_AES_128 + ((((keylen) << 3) - 128) >> 6))
+
+/* Most modes of operation need km for partial block processing. */
+# define S390X_aes_128_CAPABLE (OPENSSL_s390xcap_P.km[0] &	\
+                                S390X_CAPBIT(S390X_AES_128))
+# define S390X_aes_192_CAPABLE (OPENSSL_s390xcap_P.km[0] &	\
+                                S390X_CAPBIT(S390X_AES_192))
+# define S390X_aes_256_CAPABLE (OPENSSL_s390xcap_P.km[0] &	\
+                                S390X_CAPBIT(S390X_AES_256))
+
+# define s390x_aes_init_key aes_init_key
+static int s390x_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                              const unsigned char *iv, int enc);
+
+# define S390X_aes_128_cbc_CAPABLE	1	/* checked by callee */
+# define S390X_aes_192_cbc_CAPABLE	1
+# define S390X_aes_256_cbc_CAPABLE	1
+# define S390X_AES_CBC_CTX		EVP_AES_KEY
+
+# define s390x_aes_cbc_init_key aes_init_key
+
+# define s390x_aes_cbc_cipher aes_cbc_cipher
+static int s390x_aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t len);
+
+# define S390X_aes_128_ecb_CAPABLE	S390X_aes_128_CAPABLE
+# define S390X_aes_192_ecb_CAPABLE	S390X_aes_192_CAPABLE
+# define S390X_aes_256_ecb_CAPABLE	S390X_aes_256_CAPABLE
+
+static int s390x_aes_ecb_init_key(EVP_CIPHER_CTX *ctx,
+                                  const unsigned char *key,
+                                  const unsigned char *iv, int enc)
+{
+    S390X_AES_ECB_CTX *cctx = EVP_C_DATA(S390X_AES_ECB_CTX, ctx);
+    const int keylen = EVP_CIPHER_CTX_key_length(ctx);
+
+    cctx->fc = S390X_AES_FC(keylen);
+    if (!enc)
+        cctx->fc |= S390X_DECRYPT;
+
+    memcpy(cctx->km.param.k, key, keylen);
+    return 1;
+}
+
+static int s390x_aes_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t len)
+{
+    S390X_AES_ECB_CTX *cctx = EVP_C_DATA(S390X_AES_ECB_CTX, ctx);
+
+    s390x_km(in, len, out, cctx->fc, &cctx->km.param);
+    return 1;
+}
+
+# define S390X_aes_128_ofb_CAPABLE (S390X_aes_128_CAPABLE &&		\
+                                    (OPENSSL_s390xcap_P.kmo[0] &	\
+                                     S390X_CAPBIT(S390X_AES_128)))
+# define S390X_aes_192_ofb_CAPABLE (S390X_aes_192_CAPABLE &&		\
+                                    (OPENSSL_s390xcap_P.kmo[0] &	\
+                                     S390X_CAPBIT(S390X_AES_192)))
+# define S390X_aes_256_ofb_CAPABLE (S390X_aes_256_CAPABLE &&		\
+                                    (OPENSSL_s390xcap_P.kmo[0] &	\
+                                     S390X_CAPBIT(S390X_AES_256)))
+
+static int s390x_aes_ofb_init_key(EVP_CIPHER_CTX *ctx,
+                                  const unsigned char *key,
+                                  const unsigned char *ivec, int enc)
+{
+    S390X_AES_OFB_CTX *cctx = EVP_C_DATA(S390X_AES_OFB_CTX, ctx);
+    const unsigned char *iv = EVP_CIPHER_CTX_original_iv(ctx);
+    const int keylen = EVP_CIPHER_CTX_key_length(ctx);
+    const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);
+
+    memcpy(cctx->kmo.param.cv, iv, ivlen);
+    memcpy(cctx->kmo.param.k, key, keylen);
+    cctx->fc = S390X_AES_FC(keylen);
+    cctx->res = 0;
+    return 1;
+}
+
+static int s390x_aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t len)
+{
+    S390X_AES_OFB_CTX *cctx = EVP_C_DATA(S390X_AES_OFB_CTX, ctx);
+    int n = cctx->res;
+    int rem;
+
+    while (n && len) {
+        *out = *in ^ cctx->kmo.param.cv[n];
+        n = (n + 1) & 0xf;
+        --len;
+        ++in;
+        ++out;
+    }
+
+    rem = len & 0xf;
+
+    len &= ~(size_t)0xf;
+    if (len) {
+        s390x_kmo(in, len, out, cctx->fc, &cctx->kmo.param);
+
+        out += len;
+        in += len;
+    }
+
+    if (rem) {
+        s390x_km(cctx->kmo.param.cv, 16, cctx->kmo.param.cv, cctx->fc,
+                 cctx->kmo.param.k);
+
+        while (rem--) {
+            out[n] = in[n] ^ cctx->kmo.param.cv[n];
+            ++n;
+        }
+    }
+
+    cctx->res = n;
+    return 1;
+}
+
+# define S390X_aes_128_cfb_CAPABLE (S390X_aes_128_CAPABLE &&		\
+                                    (OPENSSL_s390xcap_P.kmf[0] &	\
+                                     S390X_CAPBIT(S390X_AES_128)))
+# define S390X_aes_192_cfb_CAPABLE (S390X_aes_192_CAPABLE &&		\
+                                    (OPENSSL_s390xcap_P.kmf[0] &	\
+                                     S390X_CAPBIT(S390X_AES_192)))
+# define S390X_aes_256_cfb_CAPABLE (S390X_aes_256_CAPABLE &&		\
+                                    (OPENSSL_s390xcap_P.kmf[0] &	\
+                                     S390X_CAPBIT(S390X_AES_256)))
+
+static int s390x_aes_cfb_init_key(EVP_CIPHER_CTX *ctx,
+                                  const unsigned char *key,
+                                  const unsigned char *ivec, int enc)
+{
+    S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);
+    const unsigned char *iv = EVP_CIPHER_CTX_original_iv(ctx);
+    const int keylen = EVP_CIPHER_CTX_key_length(ctx);
+    const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);
+
+    cctx->fc = S390X_AES_FC(keylen);
+    cctx->fc |= 16 << 24;   /* 16 bytes cipher feedback */
+    if (!enc)
+        cctx->fc |= S390X_DECRYPT;
+
+    cctx->res = 0;
+    memcpy(cctx->kmf.param.cv, iv, ivlen);
+    memcpy(cctx->kmf.param.k, key, keylen);
+    return 1;
+}
+
+static int s390x_aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t len)
+{
+    S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);
+    const int keylen = EVP_CIPHER_CTX_key_length(ctx);
+    const int enc = EVP_CIPHER_CTX_encrypting(ctx);
+    int n = cctx->res;
+    int rem;
+    unsigned char tmp;
+
+    while (n && len) {
+        tmp = *in;
+        *out = cctx->kmf.param.cv[n] ^ tmp;
+        cctx->kmf.param.cv[n] = enc ? *out : tmp;
+        n = (n + 1) & 0xf;
+        --len;
+        ++in;
+        ++out;
+    }
+
+    rem = len & 0xf;
+
+    len &= ~(size_t)0xf;
+    if (len) {
+        s390x_kmf(in, len, out, cctx->fc, &cctx->kmf.param);
+
+        out += len;
+        in += len;
+    }
+
+    if (rem) {
+        s390x_km(cctx->kmf.param.cv, 16, cctx->kmf.param.cv,
+                 S390X_AES_FC(keylen), cctx->kmf.param.k);
+
+        while (rem--) {
+            tmp = in[n];
+            out[n] = cctx->kmf.param.cv[n] ^ tmp;
+            cctx->kmf.param.cv[n] = enc ? out[n] : tmp;
+            ++n;
+        }
+    }
+
+    cctx->res = n;
+    return 1;
+}
+
+# define S390X_aes_128_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] &	\
+                                     S390X_CAPBIT(S390X_AES_128))
+# define S390X_aes_192_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] &	\
+                                     S390X_CAPBIT(S390X_AES_192))
+# define S390X_aes_256_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] &	\
+                                     S390X_CAPBIT(S390X_AES_256))
+
+static int s390x_aes_cfb8_init_key(EVP_CIPHER_CTX *ctx,
+                                   const unsigned char *key,
+                                   const unsigned char *ivec, int enc)
+{
+    S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);
+    const unsigned char *iv = EVP_CIPHER_CTX_original_iv(ctx);
+    const int keylen = EVP_CIPHER_CTX_key_length(ctx);
+    const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);
+
+    cctx->fc = S390X_AES_FC(keylen);
+    cctx->fc |= 1 << 24;   /* 1 byte cipher feedback */
+    if (!enc)
+        cctx->fc |= S390X_DECRYPT;
+
+    memcpy(cctx->kmf.param.cv, iv, ivlen);
+    memcpy(cctx->kmf.param.k, key, keylen);
+    return 1;
+}
+
+static int s390x_aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                 const unsigned char *in, size_t len)
+{
+    S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);
+
+    s390x_kmf(in, len, out, cctx->fc, &cctx->kmf.param);
+    return 1;
+}
+
+# define S390X_aes_128_cfb1_CAPABLE	0
+# define S390X_aes_192_cfb1_CAPABLE	0
+# define S390X_aes_256_cfb1_CAPABLE	0
+
+# define s390x_aes_cfb1_init_key aes_init_key
+
+# define s390x_aes_cfb1_cipher aes_cfb1_cipher
+static int s390x_aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                 const unsigned char *in, size_t len);
+
+# define S390X_aes_128_ctr_CAPABLE	1	/* checked by callee */
+# define S390X_aes_192_ctr_CAPABLE	1
+# define S390X_aes_256_ctr_CAPABLE	1
+# define S390X_AES_CTR_CTX		EVP_AES_KEY
+
+# define s390x_aes_ctr_init_key aes_init_key
+
+# define s390x_aes_ctr_cipher aes_ctr_cipher
+static int s390x_aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t len);
+
+# define S390X_aes_128_gcm_CAPABLE (S390X_aes_128_CAPABLE &&		\
+                                    (OPENSSL_s390xcap_P.kma[0] &	\
+                                     S390X_CAPBIT(S390X_AES_128)))
+# define S390X_aes_192_gcm_CAPABLE (S390X_aes_192_CAPABLE &&		\
+                                    (OPENSSL_s390xcap_P.kma[0] &	\
+                                     S390X_CAPBIT(S390X_AES_192)))
+# define S390X_aes_256_gcm_CAPABLE (S390X_aes_256_CAPABLE &&		\
+                                    (OPENSSL_s390xcap_P.kma[0] &	\
+                                     S390X_CAPBIT(S390X_AES_256)))
+
+/* iv + padding length for iv lenghts != 12 */
+# define S390X_gcm_ivpadlen(i)	((((i) + 15) >> 4 << 4) + 16)
+
+/*-
+ * Process additional authenticated data. Returns 0 on success. Code is
+ * big-endian.
+ */
+static int s390x_aes_gcm_aad(S390X_AES_GCM_CTX *ctx, const unsigned char *aad,
+                             size_t len)
+{
+    unsigned long long alen;
+    int n, rem;
+
+    if (ctx->kma.param.tpcl)
+        return -2;
+
+    alen = ctx->kma.param.taadl + len;
+    if (alen > (U64(1) << 61) || (sizeof(len) == 8 && alen < len))
+        return -1;
+    ctx->kma.param.taadl = alen;
+
+    n = ctx->areslen;
+    if (n) {
+        while (n && len) {
+            ctx->ares[n] = *aad;
+            n = (n + 1) & 0xf;
+            ++aad;
+            --len;
+        }
+        /* ctx->ares contains a complete block if offset has wrapped around */
+        if (!n) {
+            s390x_kma(ctx->ares, 16, NULL, 0, NULL, ctx->fc, &ctx->kma.param);
+            ctx->fc |= S390X_KMA_HS;
+        }
+        ctx->areslen = n;
+    }
+
+    rem = len & 0xf;
+
+    len &= ~(size_t)0xf;
+    if (len) {
+        s390x_kma(aad, len, NULL, 0, NULL, ctx->fc, &ctx->kma.param);
+        aad += len;
+        ctx->fc |= S390X_KMA_HS;
+    }
+
+    if (rem) {
+        ctx->areslen = rem;
+
+        do {
+            --rem;
+            ctx->ares[rem] = aad[rem];
+        } while (rem);
+    }
+    return 0;
+}
+
+/*-
+ * En/de-crypt plain/cipher-text and authenticate ciphertext. Returns 0 for
+ * success. Code is big-endian.
+ */
+static int s390x_aes_gcm(S390X_AES_GCM_CTX *ctx, const unsigned char *in,
+                         unsigned char *out, size_t len)
+{
+    const unsigned char *inptr;
+    unsigned long long mlen;
+    union {
+        unsigned int w[4];
+        unsigned char b[16];
+    } buf;
+    size_t inlen;
+    int n, rem, i;
+
+    mlen = ctx->kma.param.tpcl + len;
+    if (mlen > ((U64(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len))
+        return -1;
+    ctx->kma.param.tpcl = mlen;
+
+    n = ctx->mreslen;
+    if (n) {
+        inptr = in;
+        inlen = len;
+        while (n && inlen) {
+            ctx->mres[n] = *inptr;
+            n = (n + 1) & 0xf;
+            ++inptr;
+            --inlen;
+        }
+        /* ctx->mres contains a complete block if offset has wrapped around */
+        if (!n) {
+            s390x_kma(ctx->ares, ctx->areslen, ctx->mres, 16, buf.b,
+                      ctx->fc | S390X_KMA_LAAD, &ctx->kma.param);
+            ctx->fc |= S390X_KMA_HS;
+            ctx->areslen = 0;
+
+            /* previous call already encrypted/decrypted its remainder,
+             * see comment below */
+            n = ctx->mreslen;
+            while (n) {
+                *out = buf.b[n];
+                n = (n + 1) & 0xf;
+                ++out;
+                ++in;
+                --len;
+            }
+            ctx->mreslen = 0;
+        }
+    }
+
+    rem = len & 0xf;
+
+    len &= ~(size_t)0xf;
+    if (len) {
+        s390x_kma(ctx->ares, ctx->areslen, in, len, out,
+                  ctx->fc | S390X_KMA_LAAD, &ctx->kma.param);
+        in += len;
+        out += len;
+        ctx->fc |= S390X_KMA_HS;
+        ctx->areslen = 0;
+    }
+
+    /*-
+     * If there is a remainder, it has to be saved such that it can be
+     * processed by kma later. However, we also have to do the for-now
+     * unauthenticated encryption/decryption part here and now...
+     */
+    if (rem) {
+        if (!ctx->mreslen) {
+            buf.w[0] = ctx->kma.param.j0.w[0];
+            buf.w[1] = ctx->kma.param.j0.w[1];
+            buf.w[2] = ctx->kma.param.j0.w[2];
+            buf.w[3] = ctx->kma.param.cv.w + 1;
+            s390x_km(buf.b, 16, ctx->kres, ctx->fc & 0x1f, &ctx->kma.param.k);
+        }
+
+        n = ctx->mreslen;
+        for (i = 0; i < rem; i++) {
+            ctx->mres[n + i] = in[i];
+            out[i] = in[i] ^ ctx->kres[n + i];
+        }
+
+        ctx->mreslen += rem;
+    }
+    return 0;
+}
+
+/*-
+ * Initialize context structure. Code is big-endian.
+ */
+static void s390x_aes_gcm_setiv(S390X_AES_GCM_CTX *ctx,
+                                const unsigned char *iv)
+{
+    ctx->kma.param.t.g[0] = 0;
+    ctx->kma.param.t.g[1] = 0;
+    ctx->kma.param.tpcl = 0;
+    ctx->kma.param.taadl = 0;
+    ctx->mreslen = 0;
+    ctx->areslen = 0;
+    ctx->kreslen = 0;
+
+    if (ctx->ivlen == 12) {
+        memcpy(&ctx->kma.param.j0, iv, ctx->ivlen);
+        ctx->kma.param.j0.w[3] = 1;
+        ctx->kma.param.cv.w = 1;
+    } else {
+        /* ctx->iv has the right size and is already padded. */
+        memcpy(ctx->iv, iv, ctx->ivlen);
+        s390x_kma(ctx->iv, S390X_gcm_ivpadlen(ctx->ivlen), NULL, 0, NULL,
+                  ctx->fc, &ctx->kma.param);
+        ctx->fc |= S390X_KMA_HS;
+
+        ctx->kma.param.j0.g[0] = ctx->kma.param.t.g[0];
+        ctx->kma.param.j0.g[1] = ctx->kma.param.t.g[1];
+        ctx->kma.param.cv.w = ctx->kma.param.j0.w[3];
+        ctx->kma.param.t.g[0] = 0;
+        ctx->kma.param.t.g[1] = 0;
+    }
+}
+
+/*-
+ * Performs various operations on the context structure depending on control
+ * type. Returns 1 for success, 0 for failure and -1 for unknown control type.
+ * Code is big-endian.
+ */
+static int s390x_aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+{
+    S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, c);
+    S390X_AES_GCM_CTX *gctx_out;
+    EVP_CIPHER_CTX *out;
+    unsigned char *buf, *iv;
+    int ivlen, enc, len;
+
+    switch (type) {
+    case EVP_CTRL_INIT:
+        ivlen = EVP_CIPHER_CTX_iv_length(c);
+        iv = EVP_CIPHER_CTX_iv_noconst(c);
+        gctx->key_set = 0;
+        gctx->iv_set = 0;
+        gctx->ivlen = ivlen;
+        gctx->iv = iv;
+        gctx->taglen = -1;
+        gctx->iv_gen = 0;
+        gctx->tls_aad_len = -1;
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_IVLEN:
+        if (arg <= 0)
+            return 0;
+
+        if (arg != 12) {
+            iv = EVP_CIPHER_CTX_iv_noconst(c);
+            len = S390X_gcm_ivpadlen(arg);
+
+            /* Allocate memory for iv if needed. */
+            if (gctx->ivlen == 12 || len > S390X_gcm_ivpadlen(gctx->ivlen)) {
+                if (gctx->iv != iv)
+                    OPENSSL_free(gctx->iv);
+
+                if ((gctx->iv = OPENSSL_malloc(len)) == NULL) {
+                    EVPerr(EVP_F_S390X_AES_GCM_CTRL, ERR_R_MALLOC_FAILURE);
+                    return 0;
+                }
+            }
+            /* Add padding. */
+            memset(gctx->iv + arg, 0, len - arg - 8);
+            *((unsigned long long *)(gctx->iv + len - 8)) = arg << 3;
+        }
+        gctx->ivlen = arg;
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_TAG:
+        buf = EVP_CIPHER_CTX_buf_noconst(c);
+        enc = EVP_CIPHER_CTX_encrypting(c);
+        if (arg <= 0 || arg > 16 || enc)
+            return 0;
+
+        memcpy(buf, ptr, arg);
+        gctx->taglen = arg;
+        return 1;
+
+    case EVP_CTRL_AEAD_GET_TAG:
+        enc = EVP_CIPHER_CTX_encrypting(c);
+        if (arg <= 0 || arg > 16 || !enc || gctx->taglen < 0)
+            return 0;
+
+        memcpy(ptr, gctx->kma.param.t.b, arg);
+        return 1;
+
+    case EVP_CTRL_GCM_SET_IV_FIXED:
+        /* Special case: -1 length restores whole iv */
+        if (arg == -1) {
+            memcpy(gctx->iv, ptr, gctx->ivlen);
+            gctx->iv_gen = 1;
+            return 1;
+        }
+        /*
+         * Fixed field must be at least 4 bytes and invocation field at least
+         * 8.
+         */
+        if ((arg < 4) || (gctx->ivlen - arg) < 8)
+            return 0;
+
+        if (arg)
+            memcpy(gctx->iv, ptr, arg);
+
+        enc = EVP_CIPHER_CTX_encrypting(c);
+        if (enc && RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0)
+            return 0;
+
+        gctx->iv_gen = 1;
+        return 1;
+
+    case EVP_CTRL_GCM_IV_GEN:
+        if (gctx->iv_gen == 0 || gctx->key_set == 0)
+            return 0;
+
+        s390x_aes_gcm_setiv(gctx, gctx->iv);
+
+        if (arg <= 0 || arg > gctx->ivlen)
+            arg = gctx->ivlen;
+
+        memcpy(ptr, gctx->iv + gctx->ivlen - arg, arg);
+        /*
+         * Invocation field will be at least 8 bytes in size and so no need
+         * to check wrap around or increment more than last 8 bytes.
+         */
+        ctr64_inc(gctx->iv + gctx->ivlen - 8);
+        gctx->iv_set = 1;
+        return 1;
+
+    case EVP_CTRL_GCM_SET_IV_INV:
+        enc = EVP_CIPHER_CTX_encrypting(c);
+        if (gctx->iv_gen == 0 || gctx->key_set == 0 || enc)
+            return 0;
+
+        memcpy(gctx->iv + gctx->ivlen - arg, ptr, arg);
+        s390x_aes_gcm_setiv(gctx, gctx->iv);
+        gctx->iv_set = 1;
+        return 1;
+
+    case EVP_CTRL_AEAD_TLS1_AAD:
+        /* Save the aad for later use. */
+        if (arg != EVP_AEAD_TLS1_AAD_LEN)
+            return 0;
+
+        buf = EVP_CIPHER_CTX_buf_noconst(c);
+        memcpy(buf, ptr, arg);
+        gctx->tls_aad_len = arg;
+
+        len = buf[arg - 2] << 8 | buf[arg - 1];
+        /* Correct length for explicit iv. */
+        if (len < EVP_GCM_TLS_EXPLICIT_IV_LEN)
+            return 0;
+        len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
+
+        /* If decrypting correct for tag too. */
+        enc = EVP_CIPHER_CTX_encrypting(c);
+        if (!enc) {
+            if (len < EVP_GCM_TLS_TAG_LEN)
+                return 0;
+            len -= EVP_GCM_TLS_TAG_LEN;
+        }
+        buf[arg - 2] = len >> 8;
+        buf[arg - 1] = len & 0xff;
+        /* Extra padding: tag appended to record. */
+        return EVP_GCM_TLS_TAG_LEN;
+
+    case EVP_CTRL_COPY:
+        out = ptr;
+        gctx_out = EVP_C_DATA(S390X_AES_GCM_CTX, out);
+        iv = EVP_CIPHER_CTX_iv_noconst(c);
+
+        if (gctx->iv == iv) {
+            gctx_out->iv = EVP_CIPHER_CTX_iv_noconst(out);
+        } else {
+            len = S390X_gcm_ivpadlen(gctx->ivlen);
+
+            if ((gctx_out->iv = OPENSSL_malloc(len)) == NULL) {
+                EVPerr(EVP_F_S390X_AES_GCM_CTRL, ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+
+            memcpy(gctx_out->iv, gctx->iv, len);
+        }
+        return 1;
+
+    default:
+        return -1;
+    }
+}
+
+/*-
+ * Set key and/or iv. Returns 1 on success. Otherwise 0 is returned.
+ */
+static int s390x_aes_gcm_init_key(EVP_CIPHER_CTX *ctx,
+                                  const unsigned char *key,
+                                  const unsigned char *iv, int enc)
+{
+    S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, ctx);
+    int keylen;
+
+    if (iv == NULL && key == NULL)
+        return 1;
+
+    if (key != NULL) {
+        keylen = EVP_CIPHER_CTX_key_length(ctx);
+        memcpy(&gctx->kma.param.k, key, keylen);
+
+        gctx->fc = S390X_AES_FC(keylen);
+        if (!enc)
+            gctx->fc |= S390X_DECRYPT;
+
+        if (iv == NULL && gctx->iv_set)
+            iv = gctx->iv;
+
+        if (iv != NULL) {
+            s390x_aes_gcm_setiv(gctx, iv);
+            gctx->iv_set = 1;
+        }
+        gctx->key_set = 1;
+    } else {
+        if (gctx->key_set)
+            s390x_aes_gcm_setiv(gctx, iv);
+        else
+            memcpy(gctx->iv, iv, gctx->ivlen);
+
+        gctx->iv_set = 1;
+        gctx->iv_gen = 0;
+    }
+    return 1;
+}
+
+/*-
+ * En/de-crypt and authenticate TLS packet. Returns the number of bytes written
+ * if successful. Otherwise -1 is returned. Code is big-endian.
+ */
+static int s390x_aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                    const unsigned char *in, size_t len)
+{
+    S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, ctx);
+    const unsigned char *buf = EVP_CIPHER_CTX_buf_noconst(ctx);
+    const int enc = EVP_CIPHER_CTX_encrypting(ctx);
+    int rv = -1;
+
+    if (out != in || len < (EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN))
+        return -1;
+
+    if (EVP_CIPHER_CTX_ctrl(ctx, enc ? EVP_CTRL_GCM_IV_GEN
+                                     : EVP_CTRL_GCM_SET_IV_INV,
+                            EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0)
+        goto err;
+
+    in += EVP_GCM_TLS_EXPLICIT_IV_LEN;
+    out += EVP_GCM_TLS_EXPLICIT_IV_LEN;
+    len -= EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
+
+    gctx->kma.param.taadl = gctx->tls_aad_len << 3;
+    gctx->kma.param.tpcl = len << 3;
+    s390x_kma(buf, gctx->tls_aad_len, in, len, out,
+              gctx->fc | S390X_KMA_LAAD | S390X_KMA_LPC, &gctx->kma.param);
+
+    if (enc) {
+        memcpy(out + len, gctx->kma.param.t.b, EVP_GCM_TLS_TAG_LEN);
+        rv = len + EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
+    } else {
+        if (CRYPTO_memcmp(gctx->kma.param.t.b, in + len,
+                          EVP_GCM_TLS_TAG_LEN)) {
+            OPENSSL_cleanse(out, len);
+            goto err;
+        }
+        rv = len;
+    }
+err:
+    gctx->iv_set = 0;
+    gctx->tls_aad_len = -1;
+    return rv;
+}
+
+/*-
+ * Called from EVP layer to initialize context, process additional
+ * authenticated data, en/de-crypt plain/cipher-text and authenticate
+ * ciphertext or process a TLS packet, depending on context. Returns bytes
+ * written on success. Otherwise -1 is returned. Code is big-endian.
+ */
+static int s390x_aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t len)
+{
+    S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, ctx);
+    unsigned char *buf, tmp[16];
+    int enc;
+
+    if (!gctx->key_set)
+        return -1;
+
+    if (gctx->tls_aad_len >= 0)
+        return s390x_aes_gcm_tls_cipher(ctx, out, in, len);
+
+    if (!gctx->iv_set)
+        return -1;
+
+    if (in != NULL) {
+        if (out == NULL) {
+            if (s390x_aes_gcm_aad(gctx, in, len))
+                return -1;
+        } else {
+            if (s390x_aes_gcm(gctx, in, out, len))
+                return -1;
+        }
+        return len;
+    } else {
+        gctx->kma.param.taadl <<= 3;
+        gctx->kma.param.tpcl <<= 3;
+        s390x_kma(gctx->ares, gctx->areslen, gctx->mres, gctx->mreslen, tmp,
+                  gctx->fc | S390X_KMA_LAAD | S390X_KMA_LPC, &gctx->kma.param);
+        /* recall that we already did en-/decrypt gctx->mres
+         * and returned it to caller... */
+        OPENSSL_cleanse(tmp, gctx->mreslen);
+        gctx->iv_set = 0;
+
+        enc = EVP_CIPHER_CTX_encrypting(ctx);
+        if (enc) {
+            gctx->taglen = 16;
+        } else {
+            if (gctx->taglen < 0)
+                return -1;
+
+            buf = EVP_CIPHER_CTX_buf_noconst(ctx);
+            if (CRYPTO_memcmp(buf, gctx->kma.param.t.b, gctx->taglen))
+                return -1;
+        }
+        return 0;
+    }
+}
+
+static int s390x_aes_gcm_cleanup(EVP_CIPHER_CTX *c)
+{
+    S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, c);
+    const unsigned char *iv;
+
+    if (gctx == NULL)
+        return 0;
+
+    iv = EVP_CIPHER_CTX_iv(c);
+    if (iv != gctx->iv)
+        OPENSSL_free(gctx->iv);
+
+    OPENSSL_cleanse(gctx, sizeof(*gctx));
+    return 1;
+}
+
+# define S390X_AES_XTS_CTX		EVP_AES_XTS_CTX
+# define S390X_aes_128_xts_CAPABLE	1	/* checked by callee */
+# define S390X_aes_256_xts_CAPABLE	1
+
+# define s390x_aes_xts_init_key aes_xts_init_key
+static int s390x_aes_xts_init_key(EVP_CIPHER_CTX *ctx,
+                                  const unsigned char *key,
+                                  const unsigned char *iv, int enc);
+# define s390x_aes_xts_cipher aes_xts_cipher
+static int s390x_aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t len);
+# define s390x_aes_xts_ctrl aes_xts_ctrl
+static int s390x_aes_xts_ctrl(EVP_CIPHER_CTX *, int type, int arg, void *ptr);
+# define s390x_aes_xts_cleanup aes_xts_cleanup
+
+# define S390X_aes_128_ccm_CAPABLE (S390X_aes_128_CAPABLE &&		\
+                                    (OPENSSL_s390xcap_P.kmac[0] &	\
+                                     S390X_CAPBIT(S390X_AES_128)))
+# define S390X_aes_192_ccm_CAPABLE (S390X_aes_192_CAPABLE &&		\
+                                    (OPENSSL_s390xcap_P.kmac[0] &	\
+                                     S390X_CAPBIT(S390X_AES_192)))
+# define S390X_aes_256_ccm_CAPABLE (S390X_aes_256_CAPABLE &&		\
+                                    (OPENSSL_s390xcap_P.kmac[0] &	\
+                                     S390X_CAPBIT(S390X_AES_256)))
+
+# define S390X_CCM_AAD_FLAG	0x40
+
+/*-
+ * Set nonce and length fields. Code is big-endian.
+ */
+static inline void s390x_aes_ccm_setiv(S390X_AES_CCM_CTX *ctx,
+                                          const unsigned char *nonce,
+                                          size_t mlen)
+{
+    ctx->aes.ccm.nonce.b[0] &= ~S390X_CCM_AAD_FLAG;
+    ctx->aes.ccm.nonce.g[1] = mlen;
+    memcpy(ctx->aes.ccm.nonce.b + 1, nonce, 15 - ctx->aes.ccm.l);
+}
+
+/*-
+ * Process additional authenticated data. Code is big-endian.
+ */
+static void s390x_aes_ccm_aad(S390X_AES_CCM_CTX *ctx, const unsigned char *aad,
+                              size_t alen)
+{
+    unsigned char *ptr;
+    int i, rem;
+
+    if (!alen)
+        return;
+
+    ctx->aes.ccm.nonce.b[0] |= S390X_CCM_AAD_FLAG;
+
+    /* Suppress 'type-punned pointer dereference' warning. */
+    ptr = ctx->aes.ccm.buf.b;
+
+    if (alen < ((1 << 16) - (1 << 8))) {
+        *(uint16_t *)ptr = alen;
+        i = 2;
+    } else if (sizeof(alen) == 8
+               && alen >= (size_t)1 << (32 % (sizeof(alen) * 8))) {
+        *(uint16_t *)ptr = 0xffff;
+        *(uint64_t *)(ptr + 2) = alen;
+        i = 10;
+    } else {
+        *(uint16_t *)ptr = 0xfffe;
+        *(uint32_t *)(ptr + 2) = alen;
+        i = 6;
+    }
+
+    while (i < 16 && alen) {
+        ctx->aes.ccm.buf.b[i] = *aad;
+        ++aad;
+        --alen;
+        ++i;
+    }
+    while (i < 16) {
+        ctx->aes.ccm.buf.b[i] = 0;
+        ++i;
+    }
+
+    ctx->aes.ccm.kmac_param.icv.g[0] = 0;
+    ctx->aes.ccm.kmac_param.icv.g[1] = 0;
+    s390x_kmac(ctx->aes.ccm.nonce.b, 32, ctx->aes.ccm.fc,
+               &ctx->aes.ccm.kmac_param);
+    ctx->aes.ccm.blocks += 2;
+
+    rem = alen & 0xf;
+    alen &= ~(size_t)0xf;
+    if (alen) {
+        s390x_kmac(aad, alen, ctx->aes.ccm.fc, &ctx->aes.ccm.kmac_param);
+        ctx->aes.ccm.blocks += alen >> 4;
+        aad += alen;
+    }
+    if (rem) {
+        for (i = 0; i < rem; i++)
+            ctx->aes.ccm.kmac_param.icv.b[i] ^= aad[i];
+
+        s390x_km(ctx->aes.ccm.kmac_param.icv.b, 16,
+                 ctx->aes.ccm.kmac_param.icv.b, ctx->aes.ccm.fc,
+                 ctx->aes.ccm.kmac_param.k);
+        ctx->aes.ccm.blocks++;
+    }
+}
+
+/*-
+ * En/de-crypt plain/cipher-text. Compute tag from plaintext. Returns 0 for
+ * success.
+ */
+static int s390x_aes_ccm(S390X_AES_CCM_CTX *ctx, const unsigned char *in,
+                         unsigned char *out, size_t len, int enc)
+{
+    size_t n, rem;
+    unsigned int i, l, num;
+    unsigned char flags;
+
+    flags = ctx->aes.ccm.nonce.b[0];
+    if (!(flags & S390X_CCM_AAD_FLAG)) {
+        s390x_km(ctx->aes.ccm.nonce.b, 16, ctx->aes.ccm.kmac_param.icv.b,
+                 ctx->aes.ccm.fc, ctx->aes.ccm.kmac_param.k);
+        ctx->aes.ccm.blocks++;
+    }
+    l = flags & 0x7;
+    ctx->aes.ccm.nonce.b[0] = l;
+
+    /*-
+     * Reconstruct length from encoded length field
+     * and initialize it with counter value.
+     */
+    n = 0;
+    for (i = 15 - l; i < 15; i++) {
+        n |= ctx->aes.ccm.nonce.b[i];
+        ctx->aes.ccm.nonce.b[i] = 0;
+        n <<= 8;
+    }
+    n |= ctx->aes.ccm.nonce.b[15];
+    ctx->aes.ccm.nonce.b[15] = 1;
+
+    if (n != len)
+        return -1;		/* length mismatch */
+
+    if (enc) {
+        /* Two operations per block plus one for tag encryption */
+        ctx->aes.ccm.blocks += (((len + 15) >> 4) << 1) + 1;
+        if (ctx->aes.ccm.blocks > (1ULL << 61))
+            return -2;		/* too much data */
+    }
+
+    num = 0;
+    rem = len & 0xf;
+    len &= ~(size_t)0xf;
+
+    if (enc) {
+        /* mac-then-encrypt */
+        if (len)
+            s390x_kmac(in, len, ctx->aes.ccm.fc, &ctx->aes.ccm.kmac_param);
+        if (rem) {
+            for (i = 0; i < rem; i++)
+                ctx->aes.ccm.kmac_param.icv.b[i] ^= in[len + i];
+
+            s390x_km(ctx->aes.ccm.kmac_param.icv.b, 16,
+                     ctx->aes.ccm.kmac_param.icv.b, ctx->aes.ccm.fc,
+                     ctx->aes.ccm.kmac_param.k);
+        }
+
+        CRYPTO_ctr128_encrypt_ctr32(in, out, len + rem, &ctx->aes.key.k,
+                                    ctx->aes.ccm.nonce.b, ctx->aes.ccm.buf.b,
+                                    &num, (ctr128_f)AES_ctr32_encrypt);
+    } else {
+        /* decrypt-then-mac */
+        CRYPTO_ctr128_encrypt_ctr32(in, out, len + rem, &ctx->aes.key.k,
+                                    ctx->aes.ccm.nonce.b, ctx->aes.ccm.buf.b,
+                                    &num, (ctr128_f)AES_ctr32_encrypt);
+
+        if (len)
+            s390x_kmac(out, len, ctx->aes.ccm.fc, &ctx->aes.ccm.kmac_param);
+        if (rem) {
+            for (i = 0; i < rem; i++)
+                ctx->aes.ccm.kmac_param.icv.b[i] ^= out[len + i];
+
+            s390x_km(ctx->aes.ccm.kmac_param.icv.b, 16,
+                     ctx->aes.ccm.kmac_param.icv.b, ctx->aes.ccm.fc,
+                     ctx->aes.ccm.kmac_param.k);
+        }
+    }
+    /* encrypt tag */
+    for (i = 15 - l; i < 16; i++)
+        ctx->aes.ccm.nonce.b[i] = 0;
+
+    s390x_km(ctx->aes.ccm.nonce.b, 16, ctx->aes.ccm.buf.b, ctx->aes.ccm.fc,
+             ctx->aes.ccm.kmac_param.k);
+    ctx->aes.ccm.kmac_param.icv.g[0] ^= ctx->aes.ccm.buf.g[0];
+    ctx->aes.ccm.kmac_param.icv.g[1] ^= ctx->aes.ccm.buf.g[1];
+
+    ctx->aes.ccm.nonce.b[0] = flags;	/* restore flags field */
+    return 0;
+}
+
+/*-
+ * En/de-crypt and authenticate TLS packet. Returns the number of bytes written
+ * if successful. Otherwise -1 is returned.
+ */
+static int s390x_aes_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                    const unsigned char *in, size_t len)
+{
+    S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx);
+    unsigned char *ivec = EVP_CIPHER_CTX_iv_noconst(ctx);
+    unsigned char *buf = EVP_CIPHER_CTX_buf_noconst(ctx);
+    const int enc = EVP_CIPHER_CTX_encrypting(ctx);
+
+    if (out != in
+            || len < (EVP_CCM_TLS_EXPLICIT_IV_LEN + (size_t)cctx->aes.ccm.m))
+        return -1;
+
+    if (enc) {
+        /* Set explicit iv (sequence number). */
+        memcpy(out, buf, EVP_CCM_TLS_EXPLICIT_IV_LEN);
+    }
+
+    len -= EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->aes.ccm.m;
+    /*-
+     * Get explicit iv (sequence number). We already have fixed iv
+     * (server/client_write_iv) here.
+     */
+    memcpy(ivec + EVP_CCM_TLS_FIXED_IV_LEN, in, EVP_CCM_TLS_EXPLICIT_IV_LEN);
+    s390x_aes_ccm_setiv(cctx, ivec, len);
+
+    /* Process aad (sequence number|type|version|length) */
+    s390x_aes_ccm_aad(cctx, buf, cctx->aes.ccm.tls_aad_len);
+
+    in += EVP_CCM_TLS_EXPLICIT_IV_LEN;
+    out += EVP_CCM_TLS_EXPLICIT_IV_LEN;
+
+    if (enc) {
+        if (s390x_aes_ccm(cctx, in, out, len, enc))
+            return -1;
+
+        memcpy(out + len, cctx->aes.ccm.kmac_param.icv.b, cctx->aes.ccm.m);
+        return len + EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->aes.ccm.m;
+    } else {
+        if (!s390x_aes_ccm(cctx, in, out, len, enc)) {
+            if (!CRYPTO_memcmp(cctx->aes.ccm.kmac_param.icv.b, in + len,
+                               cctx->aes.ccm.m))
+                return len;
+        }
+
+        OPENSSL_cleanse(out, len);
+        return -1;
+    }
+}
+
+/*-
+ * Set key and flag field and/or iv. Returns 1 if successful. Otherwise 0 is
+ * returned.
+ */
+static int s390x_aes_ccm_init_key(EVP_CIPHER_CTX *ctx,
+                                  const unsigned char *key,
+                                  const unsigned char *iv, int enc)
+{
+    S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx);
+    unsigned char *ivec;
+    int keylen;
+
+    if (iv == NULL && key == NULL)
+        return 1;
+
+    if (key != NULL) {
+        keylen = EVP_CIPHER_CTX_key_length(ctx);
+        cctx->aes.ccm.fc = S390X_AES_FC(keylen);
+        memcpy(cctx->aes.ccm.kmac_param.k, key, keylen);
+
+        /* Store encoded m and l. */
+        cctx->aes.ccm.nonce.b[0] = ((cctx->aes.ccm.l - 1) & 0x7)
+                                 | (((cctx->aes.ccm.m - 2) >> 1) & 0x7) << 3;
+        memset(cctx->aes.ccm.nonce.b + 1, 0,
+               sizeof(cctx->aes.ccm.nonce.b));
+        cctx->aes.ccm.blocks = 0;
+
+        cctx->aes.ccm.key_set = 1;
+    }
+
+    if (iv != NULL) {
+        ivec = EVP_CIPHER_CTX_iv_noconst(ctx);
+        memcpy(ivec, iv, 15 - cctx->aes.ccm.l);
+
+        cctx->aes.ccm.iv_set = 1;
+    }
+
+    return 1;
+}
+
+/*-
+ * Called from EVP layer to initialize context, process additional
+ * authenticated data, en/de-crypt plain/cipher-text and authenticate
+ * plaintext or process a TLS packet, depending on context. Returns bytes
+ * written on success. Otherwise -1 is returned.
+ */
+static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t len)
+{
+    S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx);
+    const int enc = EVP_CIPHER_CTX_encrypting(ctx);
+    int rv;
+    unsigned char *buf, *ivec;
+
+    if (!cctx->aes.ccm.key_set)
+        return -1;
+
+    if (cctx->aes.ccm.tls_aad_len >= 0)
+        return s390x_aes_ccm_tls_cipher(ctx, out, in, len);
+
+    /*-
+     * Final(): Does not return any data. Recall that ccm is mac-then-encrypt
+     * so integrity must be checked already at Update() i.e., before
+     * potentially corrupted data is output.
+     */
+    if (in == NULL && out != NULL)
+        return 0;
+
+    if (!cctx->aes.ccm.iv_set)
+        return -1;
+
+    if (!enc && !cctx->aes.ccm.tag_set)
+        return -1;
+
+    if (out == NULL) {
+        /* Update(): Pass message length. */
+        if (in == NULL) {
+            ivec = EVP_CIPHER_CTX_iv_noconst(ctx);
+            s390x_aes_ccm_setiv(cctx, ivec, len);
+
+            cctx->aes.ccm.len_set = 1;
+            return len;
+        }
+
+        /* Update(): Process aad. */
+        if (!cctx->aes.ccm.len_set && len)
+            return -1;
+
+        s390x_aes_ccm_aad(cctx, in, len);
+        return len;
+    }
+
+    /* Update(): Process message. */
+
+    if (!cctx->aes.ccm.len_set) {
+        /*-
+         * In case message length was not previously set explicitly via
+         * Update(), set it now.
+         */
+        ivec = EVP_CIPHER_CTX_iv_noconst(ctx);
+        s390x_aes_ccm_setiv(cctx, ivec, len);
+
+        cctx->aes.ccm.len_set = 1;
+    }
+
+    if (enc) {
+        if (s390x_aes_ccm(cctx, in, out, len, enc))
+            return -1;
+
+        cctx->aes.ccm.tag_set = 1;
+        return len;
+    } else {
+        rv = -1;
+
+        if (!s390x_aes_ccm(cctx, in, out, len, enc)) {
+            buf = EVP_CIPHER_CTX_buf_noconst(ctx);
+            if (!CRYPTO_memcmp(cctx->aes.ccm.kmac_param.icv.b, buf,
+                               cctx->aes.ccm.m))
+                rv = len;
+        }
+
+        if (rv == -1)
+            OPENSSL_cleanse(out, len);
+
+        cctx->aes.ccm.iv_set = 0;
+        cctx->aes.ccm.tag_set = 0;
+        cctx->aes.ccm.len_set = 0;
+        return rv;
+    }
+}
+
+/*-
+ * Performs various operations on the context structure depending on control
+ * type. Returns 1 for success, 0 for failure and -1 for unknown control type.
+ * Code is big-endian.
+ */
+static int s390x_aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+{
+    S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, c);
+    unsigned char *buf, *iv;
+    int enc, len;
+
+    switch (type) {
+    case EVP_CTRL_INIT:
+        cctx->aes.ccm.key_set = 0;
+        cctx->aes.ccm.iv_set = 0;
+        cctx->aes.ccm.l = 8;
+        cctx->aes.ccm.m = 12;
+        cctx->aes.ccm.tag_set = 0;
+        cctx->aes.ccm.len_set = 0;
+        cctx->aes.ccm.tls_aad_len = -1;
+        return 1;
+
+    case EVP_CTRL_AEAD_TLS1_AAD:
+        if (arg != EVP_AEAD_TLS1_AAD_LEN)
+            return 0;
+
+        /* Save the aad for later use. */
+        buf = EVP_CIPHER_CTX_buf_noconst(c);
+        memcpy(buf, ptr, arg);
+        cctx->aes.ccm.tls_aad_len = arg;
+
+        len = buf[arg - 2] << 8 | buf[arg - 1];
+        if (len < EVP_CCM_TLS_EXPLICIT_IV_LEN)
+            return 0;
+
+        /* Correct length for explicit iv. */
+        len -= EVP_CCM_TLS_EXPLICIT_IV_LEN;
+
+        enc = EVP_CIPHER_CTX_encrypting(c);
+        if (!enc) {
+            if (len < cctx->aes.ccm.m)
+                return 0;
+
+            /* Correct length for tag. */
+            len -= cctx->aes.ccm.m;
+        }
+
+        buf[arg - 2] = len >> 8;
+        buf[arg - 1] = len & 0xff;
+
+        /* Extra padding: tag appended to record. */
+        return cctx->aes.ccm.m;
+
+    case EVP_CTRL_CCM_SET_IV_FIXED:
+        if (arg != EVP_CCM_TLS_FIXED_IV_LEN)
+            return 0;
+
+        /* Copy to first part of the iv. */
+        iv = EVP_CIPHER_CTX_iv_noconst(c);
+        memcpy(iv, ptr, arg);
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_IVLEN:
+        arg = 15 - arg;
+        /* fall-through */
+
+    case EVP_CTRL_CCM_SET_L:
+        if (arg < 2 || arg > 8)
+            return 0;
+
+        cctx->aes.ccm.l = arg;
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_TAG:
+        if ((arg & 1) || arg < 4 || arg > 16)
+            return 0;
+
+        enc = EVP_CIPHER_CTX_encrypting(c);
+        if (enc && ptr)
+            return 0;
+
+        if (ptr) {
+            cctx->aes.ccm.tag_set = 1;
+            buf = EVP_CIPHER_CTX_buf_noconst(c);
+            memcpy(buf, ptr, arg);
+        }
+
+        cctx->aes.ccm.m = arg;
+        return 1;
+
+    case EVP_CTRL_AEAD_GET_TAG:
+        enc = EVP_CIPHER_CTX_encrypting(c);
+        if (!enc || !cctx->aes.ccm.tag_set)
+            return 0;
+
+        if(arg < cctx->aes.ccm.m)
+            return 0;
+
+        memcpy(ptr, cctx->aes.ccm.kmac_param.icv.b, cctx->aes.ccm.m);
+        cctx->aes.ccm.tag_set = 0;
+        cctx->aes.ccm.iv_set = 0;
+        cctx->aes.ccm.len_set = 0;
+        return 1;
+
+    case EVP_CTRL_COPY:
+        return 1;
+
+    default:
+        return -1;
+    }
+}
+
+# define s390x_aes_ccm_cleanup aes_ccm_cleanup
+
+# ifndef OPENSSL_NO_OCB
+#  define S390X_AES_OCB_CTX		EVP_AES_OCB_CTX
+#  define S390X_aes_128_ocb_CAPABLE	0
+#  define S390X_aes_192_ocb_CAPABLE	0
+#  define S390X_aes_256_ocb_CAPABLE	0
+
+#  define s390x_aes_ocb_init_key aes_ocb_init_key
+static int s390x_aes_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                                  const unsigned char *iv, int enc);
+#  define s390x_aes_ocb_cipher aes_ocb_cipher
+static int s390x_aes_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t len);
+#  define s390x_aes_ocb_cleanup aes_ocb_cleanup
+static int s390x_aes_ocb_cleanup(EVP_CIPHER_CTX *);
+#  define s390x_aes_ocb_ctrl aes_ocb_ctrl
+static int s390x_aes_ocb_ctrl(EVP_CIPHER_CTX *, int type, int arg, void *ptr);
+# endif
+
+# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,	\
+                              MODE,flags)				\
+static const EVP_CIPHER s390x_aes_##keylen##_##mode = {			\
+    nid##_##keylen##_##nmode,blocksize,					\
+    keylen / 8,								\
+    ivlen,								\
+    flags | EVP_CIPH_##MODE##_MODE,					\
+    s390x_aes_##mode##_init_key,					\
+    s390x_aes_##mode##_cipher,						\
+    NULL,								\
+    sizeof(S390X_AES_##MODE##_CTX),					\
+    NULL,								\
+    NULL,								\
+    NULL,								\
+    NULL								\
+};									\
+static const EVP_CIPHER aes_##keylen##_##mode = {			\
+    nid##_##keylen##_##nmode,						\
+    blocksize,								\
+    keylen / 8,								\
+    ivlen,								\
+    flags | EVP_CIPH_##MODE##_MODE,					\
+    aes_init_key,							\
+    aes_##mode##_cipher,						\
+    NULL,								\
+    sizeof(EVP_AES_KEY),						\
+    NULL,								\
+    NULL,								\
+    NULL,								\
+    NULL								\
+};									\
+const EVP_CIPHER *EVP_aes_##keylen##_##mode(void)			\
+{									\
+    return S390X_aes_##keylen##_##mode##_CAPABLE ?			\
+           &s390x_aes_##keylen##_##mode : &aes_##keylen##_##mode;	\
+}
+
+# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags)\
+static const EVP_CIPHER s390x_aes_##keylen##_##mode = {			\
+    nid##_##keylen##_##mode,						\
+    blocksize,								\
+    (EVP_CIPH_##MODE##_MODE == EVP_CIPH_XTS_MODE ? 2 : 1) * keylen / 8,	\
+    ivlen,								\
+    flags | EVP_CIPH_##MODE##_MODE,					\
+    s390x_aes_##mode##_init_key,					\
+    s390x_aes_##mode##_cipher,						\
+    s390x_aes_##mode##_cleanup,						\
+    sizeof(S390X_AES_##MODE##_CTX),					\
+    NULL,								\
+    NULL,								\
+    s390x_aes_##mode##_ctrl,						\
+    NULL								\
+};									\
+static const EVP_CIPHER aes_##keylen##_##mode = {			\
+    nid##_##keylen##_##mode,blocksize,					\
+    (EVP_CIPH_##MODE##_MODE == EVP_CIPH_XTS_MODE ? 2 : 1) * keylen / 8,	\
+    ivlen,								\
+    flags | EVP_CIPH_##MODE##_MODE,					\
+    aes_##mode##_init_key,						\
+    aes_##mode##_cipher,						\
+    aes_##mode##_cleanup,						\
+    sizeof(EVP_AES_##MODE##_CTX),					\
+    NULL,								\
+    NULL,								\
+    aes_##mode##_ctrl,							\
+    NULL								\
+};									\
+const EVP_CIPHER *EVP_aes_##keylen##_##mode(void)			\
+{									\
+    return S390X_aes_##keylen##_##mode##_CAPABLE ?			\
+           &s390x_aes_##keylen##_##mode : &aes_##keylen##_##mode;	\
+}
+
 #else
 
 # define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
@@ -1278,22 +2809,6 @@ static int aes_gcm_cleanup(EVP_CIPHER_CTX *c)
     return 1;
 }
 
-/* increment counter (64-bit int) by 1 */
-static void ctr64_inc(unsigned char *counter)
-{
-    int n = 8;
-    unsigned char c;
-
-    do {
-        --n;
-        c = counter[n];
-        ++c;
-        counter[n] = c;
-        if (c)
-            return;
-    } while (n);
-}
-
 static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
 {
     EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,c);
@@ -1301,8 +2816,8 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
     case EVP_CTRL_INIT:
         gctx->key_set = 0;
         gctx->iv_set = 0;
-        gctx->ivlen = EVP_CIPHER_CTX_iv_length(c);
-        gctx->iv = EVP_CIPHER_CTX_iv_noconst(c);
+        gctx->ivlen = c->cipher->iv_len;
+        gctx->iv = c->iv;
         gctx->taglen = -1;
         gctx->iv_gen = 0;
         gctx->tls_aad_len = -1;
@@ -1313,27 +2828,28 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
             return 0;
         /* Allocate memory for IV if needed */
         if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen)) {
-            if (gctx->iv != EVP_CIPHER_CTX_iv_noconst(c))
+            if (gctx->iv != c->iv)
                 OPENSSL_free(gctx->iv);
-            gctx->iv = OPENSSL_malloc(arg);
-            if (gctx->iv == NULL)
+            if ((gctx->iv = OPENSSL_malloc(arg)) == NULL) {
+                EVPerr(EVP_F_AES_GCM_CTRL, ERR_R_MALLOC_FAILURE);
                 return 0;
+            }
         }
         gctx->ivlen = arg;
         return 1;
 
     case EVP_CTRL_AEAD_SET_TAG:
-        if (arg <= 0 || arg > 16 || EVP_CIPHER_CTX_encrypting(c))
+        if (arg <= 0 || arg > 16 || c->encrypt)
             return 0;
-        memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg);
+        memcpy(c->buf, ptr, arg);
         gctx->taglen = arg;
         return 1;
 
     case EVP_CTRL_AEAD_GET_TAG:
-        if (arg <= 0 || arg > 16 || !EVP_CIPHER_CTX_encrypting(c)
+        if (arg <= 0 || arg > 16 || !c->encrypt
             || gctx->taglen < 0)
             return 0;
-        memcpy(ptr, EVP_CIPHER_CTX_buf_noconst(c), arg);
+        memcpy(ptr, c->buf, arg);
         return 1;
 
     case EVP_CTRL_GCM_SET_IV_FIXED:
@@ -1351,8 +2867,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
             return 0;
         if (arg)
             memcpy(gctx->iv, ptr, arg);
-        if (EVP_CIPHER_CTX_encrypting(c)
-            && RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0)
+        if (c->encrypt && RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0)
             return 0;
         gctx->iv_gen = 1;
         return 1;
@@ -1373,8 +2888,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
         return 1;
 
     case EVP_CTRL_GCM_SET_IV_INV:
-        if (gctx->iv_gen == 0 || gctx->key_set == 0
-            || EVP_CIPHER_CTX_encrypting(c))
+        if (gctx->iv_gen == 0 || gctx->key_set == 0 || c->encrypt)
             return 0;
         memcpy(gctx->iv + gctx->ivlen - arg, ptr, arg);
         CRYPTO_gcm128_setiv(&gctx->gcm, gctx->iv, gctx->ivlen);
@@ -1385,24 +2899,22 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
         /* Save the AAD for later use */
         if (arg != EVP_AEAD_TLS1_AAD_LEN)
             return 0;
-        memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg);
+        memcpy(c->buf, ptr, arg);
         gctx->tls_aad_len = arg;
         {
-            unsigned int len =
-                EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] << 8
-                | EVP_CIPHER_CTX_buf_noconst(c)[arg - 1];
+            unsigned int len = c->buf[arg - 2] << 8 | c->buf[arg - 1];
             /* Correct length for explicit IV */
             if (len < EVP_GCM_TLS_EXPLICIT_IV_LEN)
                 return 0;
             len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
             /* If decrypting correct for tag too */
-            if (!EVP_CIPHER_CTX_encrypting(c)) {
+            if (!c->encrypt) {
                 if (len < EVP_GCM_TLS_TAG_LEN)
                     return 0;
                 len -= EVP_GCM_TLS_TAG_LEN;
             }
-            EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] = len >> 8;
-            EVP_CIPHER_CTX_buf_noconst(c)[arg - 1] = len & 0xff;
+            c->buf[arg - 2] = len >> 8;
+            c->buf[arg - 1] = len & 0xff;
         }
         /* Extra padding: tag appended to record */
         return EVP_GCM_TLS_TAG_LEN;
@@ -1416,12 +2928,13 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
                     return 0;
                 gctx_out->gcm.key = &gctx_out->ks;
             }
-            if (gctx->iv == EVP_CIPHER_CTX_iv_noconst(c))
-                gctx_out->iv = EVP_CIPHER_CTX_iv_noconst(out);
+            if (gctx->iv == c->iv)
+                gctx_out->iv = out->iv;
             else {
-                gctx_out->iv = OPENSSL_malloc(gctx->ivlen);
-                if (gctx_out->iv == NULL)
+                if ((gctx_out->iv = OPENSSL_malloc(gctx->ivlen)) == NULL) {
+                    EVPerr(EVP_F_AES_GCM_CTRL, ERR_R_MALLOC_FAILURE);
                     return 0;
+                }
                 memcpy(gctx_out->iv, gctx->iv, gctx->ivlen);
             }
             return 1;
@@ -1443,8 +2956,7 @@ static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
         do {
 #ifdef HWAES_CAPABLE
             if (HWAES_CAPABLE) {
-                HWAES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
-                                      &gctx->ks.ks);
+                HWAES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);
                 CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
                                    (block128_f) HWAES_encrypt);
 # ifdef HWAES_ctr32_encrypt_blocks
@@ -1457,8 +2969,7 @@ static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 #endif
 #ifdef BSAES_CAPABLE
             if (BSAES_CAPABLE) {
-                AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
-                                    &gctx->ks.ks);
+                AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);
                 CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
                                    (block128_f) AES_encrypt);
                 gctx->ctr = (ctr128_f) bsaes_ctr32_encrypt_blocks;
@@ -1467,8 +2978,7 @@ static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 #endif
 #ifdef VPAES_CAPABLE
             if (VPAES_CAPABLE) {
-                vpaes_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
-                                      &gctx->ks.ks);
+                vpaes_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);
                 CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
                                    (block128_f) vpaes_encrypt);
                 gctx->ctr = NULL;
@@ -1477,8 +2987,7 @@ static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 #endif
                 (void)0;        /* terminate potentially open 'else' */
 
-            AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
-                                &gctx->ks.ks);
+            AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);
             CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
                                (block128_f) AES_encrypt);
 #ifdef AES_CTR_ASM
@@ -1530,19 +3039,18 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
      * Set IV from start of buffer or generate IV and write to start of
      * buffer.
      */
-    if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CIPHER_CTX_encrypting(ctx) ?
-                            EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV,
+    if (EVP_CIPHER_CTX_ctrl(ctx, ctx->encrypt ? EVP_CTRL_GCM_IV_GEN
+                                              : EVP_CTRL_GCM_SET_IV_INV,
                             EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0)
         goto err;
     /* Use saved AAD */
-    if (CRYPTO_gcm128_aad(&gctx->gcm, EVP_CIPHER_CTX_buf_noconst(ctx),
-                          gctx->tls_aad_len))
+    if (CRYPTO_gcm128_aad(&gctx->gcm, ctx->buf, gctx->tls_aad_len))
         goto err;
     /* Fix buffer and length to point to payload */
     in += EVP_GCM_TLS_EXPLICIT_IV_LEN;
     out += EVP_GCM_TLS_EXPLICIT_IV_LEN;
     len -= EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
-    if (EVP_CIPHER_CTX_encrypting(ctx)) {
+    if (ctx->encrypt) {
         /* Encrypt payload */
         if (gctx->ctr) {
             size_t bulk = 0;
@@ -1621,11 +3129,9 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                 goto err;
         }
         /* Retrieve tag */
-        CRYPTO_gcm128_tag(&gctx->gcm, EVP_CIPHER_CTX_buf_noconst(ctx),
-                          EVP_GCM_TLS_TAG_LEN);
+        CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, EVP_GCM_TLS_TAG_LEN);
         /* If tag mismatch wipe buffer */
-        if (CRYPTO_memcmp(EVP_CIPHER_CTX_buf_noconst(ctx), in + len,
-                          EVP_GCM_TLS_TAG_LEN)) {
+        if (CRYPTO_memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN)) {
             OPENSSL_cleanse(out, len);
             goto err;
         }
@@ -1655,7 +3161,7 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
         if (out == NULL) {
             if (CRYPTO_gcm128_aad(&gctx->gcm, in, len))
                 return -1;
-        } else if (EVP_CIPHER_CTX_encrypting(ctx)) {
+        } else if (ctx->encrypt) {
             if (gctx->ctr) {
                 size_t bulk = 0;
 #if defined(AES_GCM_ASM)
@@ -1746,17 +3252,15 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
         }
         return len;
     } else {
-        if (!EVP_CIPHER_CTX_encrypting(ctx)) {
+        if (!ctx->encrypt) {
             if (gctx->taglen < 0)
                 return -1;
-            if (CRYPTO_gcm128_finish(&gctx->gcm,
-                                     EVP_CIPHER_CTX_buf_noconst(ctx),
-                                     gctx->taglen) != 0)
+            if (CRYPTO_gcm128_finish(&gctx->gcm, ctx->buf, gctx->taglen) != 0)
                 return -1;
             gctx->iv_set = 0;
             return 0;
         }
-        CRYPTO_gcm128_tag(&gctx->gcm, EVP_CIPHER_CTX_buf_noconst(ctx), 16);
+        CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, 16);
         gctx->taglen = 16;
         /* Don't reuse the IV */
         gctx->iv_set = 0;
@@ -2132,6 +3636,10 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     if (cctx->tls_aad_len >= 0)
         return aes_ccm_tls_cipher(ctx, out, in, len);
 
+    /* EVP_*Final() doesn't return any data */
+    if (in == NULL && out != NULL)
+        return 0;
+
     if (!cctx->iv_set)
         return -1;
 
@@ -2151,9 +3659,6 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
         CRYPTO_ccm128_aad(ccm, in, len);
         return len;
     }
-    /* EVP_*Final() doesn't return any data */
-    if (!in)
-        return 0;
     /* If not set length yet do it */
     if (!cctx->len_set) {
         if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx),
diff --git a/deps/openssl/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c b/deps/openssl/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c
index f30f722e40..09d24dc3d0 100644
--- a/deps/openssl/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c
+++ b/deps/openssl/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c
@@ -570,7 +570,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
             }
 # endif
 
-# if 1
+# if 1      /* see original reference version in #else */
             len -= SHA_DIGEST_LENGTH; /* amend mac */
             if (len >= (256 + SHA_CBLOCK)) {
                 j = (len - (256 + SHA_CBLOCK)) & (0 - SHA_CBLOCK);
@@ -664,7 +664,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
             }
 #  endif
             len += SHA_DIGEST_LENGTH;
-# else
+# else      /* pre-lucky-13 reference version of above */
             SHA1_Update(&key->md, out, inp_len);
             res = key->md.num;
             SHA1_Final(pmac->c, &key->md);
@@ -691,7 +691,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
             /* verify HMAC */
             out += inp_len;
             len -= inp_len;
-# if 1
+# if 1      /* see original reference version in #else */
             {
                 unsigned char *p = out + len - 1 - maxpad - SHA_DIGEST_LENGTH;
                 size_t off = out - p;
@@ -713,7 +713,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                 res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1));
                 ret &= (int)~res;
             }
-# else
+# else      /* pre-lucky-13 reference version of above */
             for (res = 0, i = 0; i < SHA_DIGEST_LENGTH; i++)
                 res |= out[i] ^ pmac->c[i];
             res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1));
diff --git a/deps/openssl/openssl/crypto/evp/e_aes_cbc_hmac_sha256.c b/deps/openssl/openssl/crypto/evp/e_aes_cbc_hmac_sha256.c
index 13973f110d..caac0c9d3d 100644
--- a/deps/openssl/openssl/crypto/evp/e_aes_cbc_hmac_sha256.c
+++ b/deps/openssl/openssl/crypto/evp/e_aes_cbc_hmac_sha256.c
@@ -559,7 +559,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
             key->md = key->head;
             SHA256_Update(&key->md, key->aux.tls_aad, plen);
 
-# if 1
+# if 1      /* see original reference version in #else */
             len -= SHA256_DIGEST_LENGTH; /* amend mac */
             if (len >= (256 + SHA256_CBLOCK)) {
                 j = (len - (256 + SHA256_CBLOCK)) & (0 - SHA256_CBLOCK);
@@ -687,7 +687,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
                 for (; inp_blocks < pad_blocks; inp_blocks++)
                     sha1_block_data_order(&key->md, data, 1);
             }
-# endif
+# endif      /* pre-lucky-13 reference version of above */
             key->md = key->tail;
             SHA256_Update(&key->md, pmac->c, SHA256_DIGEST_LENGTH);
             SHA256_Final(pmac->c, &key->md);
@@ -695,7 +695,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
             /* verify HMAC */
             out += inp_len;
             len -= inp_len;
-# if 1
+# if 1      /* see original reference version in #else */
             {
                 unsigned char *p =
                     out + len - 1 - maxpad - SHA256_DIGEST_LENGTH;
@@ -718,7 +718,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
                 res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1));
                 ret &= (int)~res;
             }
-# else
+# else      /* pre-lucky-13 reference version of above */
             for (res = 0, i = 0; i < SHA256_DIGEST_LENGTH; i++)
                 res |= out[i] ^ pmac->c[i];
             res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1));
diff --git a/deps/openssl/openssl/crypto/evp/e_aria.c b/deps/openssl/openssl/crypto/evp/e_aria.c
new file mode 100644
index 0000000000..81c8a7eaf1
--- /dev/null
+++ b/deps/openssl/openssl/crypto/evp/e_aria.c
@@ -0,0 +1,756 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2017, Oracle and/or its affiliates.  All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#ifndef OPENSSL_NO_ARIA
+# include <openssl/evp.h>
+# include <openssl/modes.h>
+# include <openssl/rand.h>
+# include <openssl/rand_drbg.h>
+# include "internal/aria.h"
+# include "internal/evp_int.h"
+# include "modes_lcl.h"
+# include "evp_locl.h"
+
+/* ARIA subkey Structure */
+typedef struct {
+    ARIA_KEY ks;
+} EVP_ARIA_KEY;
+
+/* ARIA GCM context */
+typedef struct {
+    union {
+        double align;
+        ARIA_KEY ks;
+    } ks;                       /* ARIA subkey to use */
+    int key_set;                /* Set if key initialised */
+    int iv_set;                 /* Set if an iv is set */
+    GCM128_CONTEXT gcm;
+    unsigned char *iv;          /* Temporary IV store */
+    int ivlen;                  /* IV length */
+    int taglen;
+    int iv_gen;                 /* It is OK to generate IVs */
+    int tls_aad_len;            /* TLS AAD length */
+} EVP_ARIA_GCM_CTX;
+
+/* ARIA CCM context */
+typedef struct {
+    union {
+        double align;
+        ARIA_KEY ks;
+    } ks;                       /* ARIA key schedule to use */
+    int key_set;                /* Set if key initialised */
+    int iv_set;                 /* Set if an iv is set */
+    int tag_set;                /* Set if tag is valid */
+    int len_set;                /* Set if message length set */
+    int L, M;                   /* L and M parameters from RFC3610 */
+    int tls_aad_len;            /* TLS AAD length */
+    CCM128_CONTEXT ccm;
+    ccm128_f str;
+} EVP_ARIA_CCM_CTX;
+
+/* The subkey for ARIA is generated. */
+static int aria_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                            const unsigned char *iv, int enc)
+{
+    int ret;
+    int mode = EVP_CIPHER_CTX_mode(ctx);
+
+    if (enc || (mode != EVP_CIPH_ECB_MODE && mode != EVP_CIPH_CBC_MODE))
+        ret = aria_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                        EVP_CIPHER_CTX_get_cipher_data(ctx));
+    else
+        ret = aria_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                        EVP_CIPHER_CTX_get_cipher_data(ctx));
+    if (ret < 0) {
+        EVPerr(EVP_F_ARIA_INIT_KEY,EVP_R_ARIA_KEY_SETUP_FAILED);
+        return 0;
+    }
+    return 1;
+}
+
+static void aria_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t len, const ARIA_KEY *key,
+                             unsigned char *ivec, const int enc)
+{
+
+    if (enc)
+        CRYPTO_cbc128_encrypt(in, out, len, key, ivec,
+                              (block128_f) aria_encrypt);
+    else
+        CRYPTO_cbc128_decrypt(in, out, len, key, ivec,
+                              (block128_f) aria_encrypt);
+}
+
+static void aria_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+                                size_t length, const ARIA_KEY *key,
+                                unsigned char *ivec, int *num, const int enc)
+{
+
+    CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc,
+                          (block128_f) aria_encrypt);
+}
+
+static void aria_cfb1_encrypt(const unsigned char *in, unsigned char *out,
+                              size_t length, const ARIA_KEY *key,
+                              unsigned char *ivec, int *num, const int enc)
+{
+    CRYPTO_cfb128_1_encrypt(in, out, length, key, ivec, num, enc,
+                            (block128_f) aria_encrypt);
+}
+
+static void aria_cfb8_encrypt(const unsigned char *in, unsigned char *out,
+                              size_t length, const ARIA_KEY *key,
+                              unsigned char *ivec, int *num, const int enc)
+{
+    CRYPTO_cfb128_8_encrypt(in, out, length, key, ivec, num, enc,
+                            (block128_f) aria_encrypt);
+}
+
+static void aria_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                             const ARIA_KEY *key, const int enc)
+{
+    aria_encrypt(in, out, key);
+}
+
+static void aria_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t length, const ARIA_KEY *key,
+                             unsigned char *ivec, int *num)
+{
+    CRYPTO_ofb128_encrypt(in, out, length, key, ivec, num,
+                         (block128_f) aria_encrypt);
+}
+
+IMPLEMENT_BLOCK_CIPHER(aria_128, ks, aria, EVP_ARIA_KEY,
+                        NID_aria_128, 16, 16, 16, 128,
+                        0, aria_init_key, NULL,
+                        EVP_CIPHER_set_asn1_iv,
+                        EVP_CIPHER_get_asn1_iv,
+                        NULL)
+IMPLEMENT_BLOCK_CIPHER(aria_192, ks, aria, EVP_ARIA_KEY,
+                        NID_aria_192, 16, 24, 16, 128,
+                        0, aria_init_key, NULL,
+                        EVP_CIPHER_set_asn1_iv,
+                        EVP_CIPHER_get_asn1_iv,
+                        NULL)
+IMPLEMENT_BLOCK_CIPHER(aria_256, ks, aria, EVP_ARIA_KEY,
+                        NID_aria_256, 16, 32, 16, 128,
+                        0, aria_init_key, NULL,
+                        EVP_CIPHER_set_asn1_iv,
+                        EVP_CIPHER_get_asn1_iv,
+                        NULL)
+
+# define IMPLEMENT_ARIA_CFBR(ksize,cbits) \
+                IMPLEMENT_CFBR(aria,aria,EVP_ARIA_KEY,ks,ksize,cbits,16,0)
+IMPLEMENT_ARIA_CFBR(128,1)
+IMPLEMENT_ARIA_CFBR(192,1)
+IMPLEMENT_ARIA_CFBR(256,1)
+IMPLEMENT_ARIA_CFBR(128,8)
+IMPLEMENT_ARIA_CFBR(192,8)
+IMPLEMENT_ARIA_CFBR(256,8)
+
+# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
+static const EVP_CIPHER aria_##keylen##_##mode = { \
+        nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
+        flags|EVP_CIPH_##MODE##_MODE,   \
+        aria_init_key,                  \
+        aria_##mode##_cipher,           \
+        NULL,                           \
+        sizeof(EVP_ARIA_KEY),           \
+        NULL,NULL,NULL,NULL };          \
+const EVP_CIPHER *EVP_aria_##keylen##_##mode(void) \
+{ return &aria_##keylen##_##mode; }
+
+static int aria_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                               const unsigned char *in, size_t len)
+{
+    unsigned int num = EVP_CIPHER_CTX_num(ctx);
+    EVP_ARIA_KEY *dat = EVP_C_DATA(EVP_ARIA_KEY,ctx);
+
+    CRYPTO_ctr128_encrypt(in, out, len, &dat->ks,
+                          EVP_CIPHER_CTX_iv_noconst(ctx),
+                          EVP_CIPHER_CTX_buf_noconst(ctx), &num,
+                          (block128_f) aria_encrypt);
+    EVP_CIPHER_CTX_set_num(ctx, num);
+    return 1;
+}
+
+BLOCK_CIPHER_generic(NID_aria, 128, 1, 16, ctr, ctr, CTR, 0)
+BLOCK_CIPHER_generic(NID_aria, 192, 1, 16, ctr, ctr, CTR, 0)
+BLOCK_CIPHER_generic(NID_aria, 256, 1, 16, ctr, ctr, CTR, 0)
+
+/* Authenticated cipher modes (GCM/CCM) */
+
+/* increment counter (64-bit int) by 1 */
+static void ctr64_inc(unsigned char *counter)
+{
+    int n = 8;
+    unsigned char c;
+
+    do {
+        --n;
+        c = counter[n];
+        ++c;
+        counter[n] = c;
+        if (c)
+            return;
+    } while (n);
+}
+
+static int aria_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                                 const unsigned char *iv, int enc)
+{
+    int ret;
+    EVP_ARIA_GCM_CTX *gctx = EVP_C_DATA(EVP_ARIA_GCM_CTX,ctx);
+
+    if (!iv && !key)
+        return 1;
+    if (key) {
+        ret = aria_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                   &gctx->ks.ks);
+        CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
+                           (block128_f) aria_encrypt);
+        if (ret < 0) {
+            EVPerr(EVP_F_ARIA_GCM_INIT_KEY,EVP_R_ARIA_KEY_SETUP_FAILED);
+            return 0;
+        }
+
+        /*
+         * If we have an iv can set it directly, otherwise use saved IV.
+         */
+        if (iv == NULL && gctx->iv_set)
+            iv = gctx->iv;
+        if (iv) {
+            CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
+            gctx->iv_set = 1;
+        }
+        gctx->key_set = 1;
+    } else {
+        /* If key set use IV, otherwise copy */
+        if (gctx->key_set)
+            CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
+        else
+            memcpy(gctx->iv, iv, gctx->ivlen);
+        gctx->iv_set = 1;
+        gctx->iv_gen = 0;
+    }
+    return 1;
+}
+
+static int aria_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+{
+    EVP_ARIA_GCM_CTX *gctx = EVP_C_DATA(EVP_ARIA_GCM_CTX,c);
+
+    switch (type) {
+    case EVP_CTRL_INIT:
+        gctx->key_set = 0;
+        gctx->iv_set = 0;
+        gctx->ivlen = EVP_CIPHER_CTX_iv_length(c);
+        gctx->iv = EVP_CIPHER_CTX_iv_noconst(c);
+        gctx->taglen = -1;
+        gctx->iv_gen = 0;
+        gctx->tls_aad_len = -1;
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_IVLEN:
+        if (arg <= 0)
+            return 0;
+        /* Allocate memory for IV if needed */
+        if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen)) {
+            if (gctx->iv != EVP_CIPHER_CTX_iv_noconst(c))
+                OPENSSL_free(gctx->iv);
+            if ((gctx->iv = OPENSSL_malloc(arg)) == NULL) {
+                EVPerr(EVP_F_ARIA_GCM_CTRL, ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+        }
+        gctx->ivlen = arg;
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_TAG:
+        if (arg <= 0 || arg > 16 || EVP_CIPHER_CTX_encrypting(c))
+            return 0;
+        memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg);
+        gctx->taglen = arg;
+        return 1;
+
+    case EVP_CTRL_AEAD_GET_TAG:
+        if (arg <= 0 || arg > 16 || !EVP_CIPHER_CTX_encrypting(c)
+            || gctx->taglen < 0)
+            return 0;
+        memcpy(ptr, EVP_CIPHER_CTX_buf_noconst(c), arg);
+        return 1;
+
+    case EVP_CTRL_GCM_SET_IV_FIXED:
+        /* Special case: -1 length restores whole IV */
+        if (arg == -1) {
+            memcpy(gctx->iv, ptr, gctx->ivlen);
+            gctx->iv_gen = 1;
+            return 1;
+        }
+        /*
+         * Fixed field must be at least 4 bytes and invocation field at least
+         * 8.
+         */
+        if ((arg < 4) || (gctx->ivlen - arg) < 8)
+            return 0;
+        if (arg)
+            memcpy(gctx->iv, ptr, arg);
+        if (EVP_CIPHER_CTX_encrypting(c)
+            && RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0)
+            return 0;
+        gctx->iv_gen = 1;
+        return 1;
+
+    case EVP_CTRL_GCM_IV_GEN:
+        if (gctx->iv_gen == 0 || gctx->key_set == 0)
+            return 0;
+        CRYPTO_gcm128_setiv(&gctx->gcm, gctx->iv, gctx->ivlen);
+        if (arg <= 0 || arg > gctx->ivlen)
+            arg = gctx->ivlen;
+        memcpy(ptr, gctx->iv + gctx->ivlen - arg, arg);
+        /*
+         * Invocation field will be at least 8 bytes in size and so no need
+         * to check wrap around or increment more than last 8 bytes.
+         */
+        ctr64_inc(gctx->iv + gctx->ivlen - 8);
+        gctx->iv_set = 1;
+        return 1;
+
+    case EVP_CTRL_GCM_SET_IV_INV:
+        if (gctx->iv_gen == 0 || gctx->key_set == 0
+            || EVP_CIPHER_CTX_encrypting(c))
+            return 0;
+        memcpy(gctx->iv + gctx->ivlen - arg, ptr, arg);
+        CRYPTO_gcm128_setiv(&gctx->gcm, gctx->iv, gctx->ivlen);
+        gctx->iv_set = 1;
+        return 1;
+
+    case EVP_CTRL_AEAD_TLS1_AAD:
+        /* Save the AAD for later use */
+        if (arg != EVP_AEAD_TLS1_AAD_LEN)
+            return 0;
+        memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg);
+        gctx->tls_aad_len = arg;
+        {
+            unsigned int len =
+                EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] << 8
+                | EVP_CIPHER_CTX_buf_noconst(c)[arg - 1];
+            /* Correct length for explicit IV */
+            if (len < EVP_GCM_TLS_EXPLICIT_IV_LEN)
+                return 0;
+            len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
+            /* If decrypting correct for tag too */
+            if (!EVP_CIPHER_CTX_encrypting(c)) {
+                if (len < EVP_GCM_TLS_TAG_LEN)
+                    return 0;
+                len -= EVP_GCM_TLS_TAG_LEN;
+            }
+            EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] = len >> 8;
+            EVP_CIPHER_CTX_buf_noconst(c)[arg - 1] = len & 0xff;
+        }
+        /* Extra padding: tag appended to record */
+        return EVP_GCM_TLS_TAG_LEN;
+
+    case EVP_CTRL_COPY:
+        {
+            EVP_CIPHER_CTX *out = ptr;
+            EVP_ARIA_GCM_CTX *gctx_out = EVP_C_DATA(EVP_ARIA_GCM_CTX,out);
+            if (gctx->gcm.key) {
+                if (gctx->gcm.key != &gctx->ks)
+                    return 0;
+                gctx_out->gcm.key = &gctx_out->ks;
+            }
+            if (gctx->iv == EVP_CIPHER_CTX_iv_noconst(c))
+                gctx_out->iv = EVP_CIPHER_CTX_iv_noconst(out);
+            else {
+                if ((gctx_out->iv = OPENSSL_malloc(gctx->ivlen)) == NULL) {
+                    EVPerr(EVP_F_ARIA_GCM_CTRL, ERR_R_MALLOC_FAILURE);
+                    return 0;
+                }
+                memcpy(gctx_out->iv, gctx->iv, gctx->ivlen);
+            }
+            return 1;
+        }
+
+    default:
+        return -1;
+
+    }
+}
+
+static int aria_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                              const unsigned char *in, size_t len)
+{
+    EVP_ARIA_GCM_CTX *gctx = EVP_C_DATA(EVP_ARIA_GCM_CTX,ctx);
+    int rv = -1;
+
+    /* Encrypt/decrypt must be performed in place */
+    if (out != in
+        || len < (EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN))
+        return -1;
+    /*
+     * Set IV from start of buffer or generate IV and write to start of
+     * buffer.
+     */
+    if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CIPHER_CTX_encrypting(ctx) ?
+                            EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV,
+                            EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0)
+        goto err;
+    /* Use saved AAD */
+    if (CRYPTO_gcm128_aad(&gctx->gcm, EVP_CIPHER_CTX_buf_noconst(ctx),
+                          gctx->tls_aad_len))
+        goto err;
+    /* Fix buffer and length to point to payload */
+    in += EVP_GCM_TLS_EXPLICIT_IV_LEN;
+    out += EVP_GCM_TLS_EXPLICIT_IV_LEN;
+    len -= EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
+    if (EVP_CIPHER_CTX_encrypting(ctx)) {
+        /* Encrypt payload */
+        if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, len))
+            goto err;
+        out += len;
+        /* Finally write tag */
+        CRYPTO_gcm128_tag(&gctx->gcm, out, EVP_GCM_TLS_TAG_LEN);
+        rv = len + EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
+    } else {
+        /* Decrypt */
+        if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, len))
+            goto err;
+        /* Retrieve tag */
+        CRYPTO_gcm128_tag(&gctx->gcm, EVP_CIPHER_CTX_buf_noconst(ctx),
+                          EVP_GCM_TLS_TAG_LEN);
+        /* If tag mismatch wipe buffer */
+        if (CRYPTO_memcmp(EVP_CIPHER_CTX_buf_noconst(ctx), in + len,
+                          EVP_GCM_TLS_TAG_LEN)) {
+            OPENSSL_cleanse(out, len);
+            goto err;
+        }
+        rv = len;
+    }
+
+ err:
+    gctx->iv_set = 0;
+    gctx->tls_aad_len = -1;
+    return rv;
+}
+
+static int aria_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, size_t len)
+{
+    EVP_ARIA_GCM_CTX *gctx = EVP_C_DATA(EVP_ARIA_GCM_CTX,ctx);
+
+    /* If not set up, return error */
+    if (!gctx->key_set)
+        return -1;
+
+    if (gctx->tls_aad_len >= 0)
+        return aria_gcm_tls_cipher(ctx, out, in, len);
+
+    if (!gctx->iv_set)
+        return -1;
+    if (in) {
+        if (out == NULL) {
+            if (CRYPTO_gcm128_aad(&gctx->gcm, in, len))
+                return -1;
+        } else if (EVP_CIPHER_CTX_encrypting(ctx)) {
+            if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, len))
+                return -1;
+        } else {
+            if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, len))
+                return -1;
+        }
+        return len;
+    }
+    if (!EVP_CIPHER_CTX_encrypting(ctx)) {
+        if (gctx->taglen < 0)
+            return -1;
+        if (CRYPTO_gcm128_finish(&gctx->gcm,
+                                 EVP_CIPHER_CTX_buf_noconst(ctx),
+                                 gctx->taglen) != 0)
+            return -1;
+        gctx->iv_set = 0;
+        return 0;
+    }
+    CRYPTO_gcm128_tag(&gctx->gcm, EVP_CIPHER_CTX_buf_noconst(ctx), 16);
+    gctx->taglen = 16;
+    /* Don't reuse the IV */
+    gctx->iv_set = 0;
+    return 0;
+}
+
+static int aria_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                            const unsigned char *iv, int enc)
+{
+    int ret;
+    EVP_ARIA_CCM_CTX *cctx = EVP_C_DATA(EVP_ARIA_CCM_CTX,ctx);
+
+    if (!iv && !key)
+        return 1;
+
+    if (key) {
+        ret = aria_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                   &cctx->ks.ks);
+        CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
+                           &cctx->ks, (block128_f) aria_encrypt);
+        if (ret < 0) {
+            EVPerr(EVP_F_ARIA_CCM_INIT_KEY,EVP_R_ARIA_KEY_SETUP_FAILED);
+            return 0;
+        }
+        cctx->str = NULL;
+        cctx->key_set = 1;
+    }
+    if (iv) {
+        memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 15 - cctx->L);
+        cctx->iv_set = 1;
+    }
+    return 1;
+}
+
+static int aria_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+{
+    EVP_ARIA_CCM_CTX *cctx = EVP_C_DATA(EVP_ARIA_CCM_CTX,c);
+
+    switch (type) {
+    case EVP_CTRL_INIT:
+        cctx->key_set = 0;
+        cctx->iv_set = 0;
+        cctx->L = 8;
+        cctx->M = 12;
+        cctx->tag_set = 0;
+        cctx->len_set = 0;
+        cctx->tls_aad_len = -1;
+        return 1;
+
+    case EVP_CTRL_AEAD_TLS1_AAD:
+        /* Save the AAD for later use */
+        if (arg != EVP_AEAD_TLS1_AAD_LEN)
+            return 0;
+        memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg);
+        cctx->tls_aad_len = arg;
+        {
+            uint16_t len =
+                EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] << 8
+                | EVP_CIPHER_CTX_buf_noconst(c)[arg - 1];
+            /* Correct length for explicit IV */
+            if (len < EVP_CCM_TLS_EXPLICIT_IV_LEN)
+                return 0;
+            len -= EVP_CCM_TLS_EXPLICIT_IV_LEN;
+            /* If decrypting correct for tag too */
+            if (!EVP_CIPHER_CTX_encrypting(c)) {
+                if (len < cctx->M)
+                    return 0;
+                len -= cctx->M;
+            }
+            EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] = len >> 8;
+            EVP_CIPHER_CTX_buf_noconst(c)[arg - 1] = len & 0xff;
+        }
+        /* Extra padding: tag appended to record */
+        return cctx->M;
+
+    case EVP_CTRL_CCM_SET_IV_FIXED:
+        /* Sanity check length */
+        if (arg != EVP_CCM_TLS_FIXED_IV_LEN)
+            return 0;
+        /* Just copy to first part of IV */
+        memcpy(EVP_CIPHER_CTX_iv_noconst(c), ptr, arg);
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_IVLEN:
+        arg = 15 - arg;
+        /* fall thru */
+    case EVP_CTRL_CCM_SET_L:
+        if (arg < 2 || arg > 8)
+            return 0;
+        cctx->L = arg;
+        return 1;
+    case EVP_CTRL_AEAD_SET_TAG:
+        if ((arg & 1) || arg < 4 || arg > 16)
+            return 0;
+        if (EVP_CIPHER_CTX_encrypting(c) && ptr)
+            return 0;
+        if (ptr) {
+            cctx->tag_set = 1;
+            memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg);
+        }
+        cctx->M = arg;
+        return 1;
+
+    case EVP_CTRL_AEAD_GET_TAG:
+        if (!EVP_CIPHER_CTX_encrypting(c) || !cctx->tag_set)
+            return 0;
+        if (!CRYPTO_ccm128_tag(&cctx->ccm, ptr, (size_t)arg))
+            return 0;
+        cctx->tag_set = 0;
+        cctx->iv_set = 0;
+        cctx->len_set = 0;
+        return 1;
+
+    case EVP_CTRL_COPY:
+        {
+            EVP_CIPHER_CTX *out = ptr;
+            EVP_ARIA_CCM_CTX *cctx_out = EVP_C_DATA(EVP_ARIA_CCM_CTX,out);
+            if (cctx->ccm.key) {
+                if (cctx->ccm.key != &cctx->ks)
+                    return 0;
+                cctx_out->ccm.key = &cctx_out->ks;
+            }
+            return 1;
+        }
+
+    default:
+        return -1;
+    }
+}
+
+static int aria_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                              const unsigned char *in, size_t len)
+{
+    EVP_ARIA_CCM_CTX *cctx = EVP_C_DATA(EVP_ARIA_CCM_CTX,ctx);
+    CCM128_CONTEXT *ccm = &cctx->ccm;
+
+    /* Encrypt/decrypt must be performed in place */
+    if (out != in || len < (EVP_CCM_TLS_EXPLICIT_IV_LEN + (size_t)cctx->M))
+        return -1;
+    /* If encrypting set explicit IV from sequence number (start of AAD) */
+    if (EVP_CIPHER_CTX_encrypting(ctx))
+        memcpy(out, EVP_CIPHER_CTX_buf_noconst(ctx),
+               EVP_CCM_TLS_EXPLICIT_IV_LEN);
+    /* Get rest of IV from explicit IV */
+    memcpy(EVP_CIPHER_CTX_iv_noconst(ctx) + EVP_CCM_TLS_FIXED_IV_LEN, in,
+           EVP_CCM_TLS_EXPLICIT_IV_LEN);
+    /* Correct length value */
+    len -= EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M;
+    if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx), 15 - cctx->L,
+                            len))
+            return -1;
+    /* Use saved AAD */
+    CRYPTO_ccm128_aad(ccm, EVP_CIPHER_CTX_buf_noconst(ctx), cctx->tls_aad_len);
+    /* Fix buffer to point to payload */
+    in += EVP_CCM_TLS_EXPLICIT_IV_LEN;
+    out += EVP_CCM_TLS_EXPLICIT_IV_LEN;
+    if (EVP_CIPHER_CTX_encrypting(ctx)) {
+        if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len, cctx->str)
+                      : CRYPTO_ccm128_encrypt(ccm, in, out, len))
+            return -1;
+        if (!CRYPTO_ccm128_tag(ccm, out + len, cctx->M))
+            return -1;
+        return len + EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M;
+    } else {
+        if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len, cctx->str)
+                      : !CRYPTO_ccm128_decrypt(ccm, in, out, len)) {
+            unsigned char tag[16];
+            if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) {
+                if (!CRYPTO_memcmp(tag, in + len, cctx->M))
+                    return len;
+            }
+        }
+        OPENSSL_cleanse(out, len);
+        return -1;
+    }
+}
+
+static int aria_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, size_t len)
+{
+    EVP_ARIA_CCM_CTX *cctx = EVP_C_DATA(EVP_ARIA_CCM_CTX,ctx);
+    CCM128_CONTEXT *ccm = &cctx->ccm;
+
+    /* If not set up, return error */
+    if (!cctx->key_set)
+        return -1;
+
+    if (cctx->tls_aad_len >= 0)
+        return aria_ccm_tls_cipher(ctx, out, in, len);
+
+    /* EVP_*Final() doesn't return any data */
+    if (in == NULL && out != NULL)
+        return 0;
+
+    if (!cctx->iv_set)
+        return -1;
+
+    if (!EVP_CIPHER_CTX_encrypting(ctx) && !cctx->tag_set)
+        return -1;
+    if (!out) {
+        if (!in) {
+            if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx),
+                                    15 - cctx->L, len))
+                return -1;
+            cctx->len_set = 1;
+            return len;
+        }
+        /* If have AAD need message length */
+        if (!cctx->len_set && len)
+            return -1;
+        CRYPTO_ccm128_aad(ccm, in, len);
+        return len;
+    }
+    /* If not set length yet do it */
+    if (!cctx->len_set) {
+        if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx),
+                                15 - cctx->L, len))
+            return -1;
+        cctx->len_set = 1;
+    }
+    if (EVP_CIPHER_CTX_encrypting(ctx)) {
+        if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len, cctx->str)
+                      : CRYPTO_ccm128_encrypt(ccm, in, out, len))
+            return -1;
+        cctx->tag_set = 1;
+        return len;
+    } else {
+        int rv = -1;
+        if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len,
+                                                     cctx->str) :
+            !CRYPTO_ccm128_decrypt(ccm, in, out, len)) {
+            unsigned char tag[16];
+            if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) {
+                if (!CRYPTO_memcmp(tag, EVP_CIPHER_CTX_buf_noconst(ctx),
+                                   cctx->M))
+                    rv = len;
+            }
+        }
+        if (rv == -1)
+            OPENSSL_cleanse(out, len);
+        cctx->iv_set = 0;
+        cctx->tag_set = 0;
+        cctx->len_set = 0;
+        return rv;
+    }
+}
+
+#define ARIA_AUTH_FLAGS  (EVP_CIPH_FLAG_DEFAULT_ASN1 \
+                          | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \
+                          | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \
+                          | EVP_CIPH_CUSTOM_COPY | EVP_CIPH_FLAG_AEAD_CIPHER)
+
+#define BLOCK_CIPHER_aead(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
+static const EVP_CIPHER aria_##keylen##_##mode = { \
+        nid##_##keylen##_##nmode,                  \
+        blocksize, keylen/8, ivlen,                \
+        ARIA_AUTH_FLAGS|EVP_CIPH_##MODE##_MODE,    \
+        aria_##mode##_init_key,                    \
+        aria_##mode##_cipher,                      \
+        NULL,                                      \
+        sizeof(EVP_ARIA_##MODE##_CTX),             \
+        NULL,NULL,aria_##mode##_ctrl,NULL };       \
+const EVP_CIPHER *EVP_aria_##keylen##_##mode(void) \
+{ return (EVP_CIPHER*)&aria_##keylen##_##mode; }
+
+BLOCK_CIPHER_aead(NID_aria, 128, 1, 12, gcm, gcm, GCM, 0)
+BLOCK_CIPHER_aead(NID_aria, 192, 1, 12, gcm, gcm, GCM, 0)
+BLOCK_CIPHER_aead(NID_aria, 256, 1, 12, gcm, gcm, GCM, 0)
+
+BLOCK_CIPHER_aead(NID_aria, 128, 1, 12, ccm, ccm, CCM, 0)
+BLOCK_CIPHER_aead(NID_aria, 192, 1, 12, ccm, ccm, CCM, 0)
+BLOCK_CIPHER_aead(NID_aria, 256, 1, 12, ccm, ccm, CCM, 0)
+
+#endif
diff --git a/deps/openssl/openssl/crypto/evp/e_chacha20_poly1305.c b/deps/openssl/openssl/crypto/evp/e_chacha20_poly1305.c
index 7fd4f8dfe7..c1917bb86a 100644
--- a/deps/openssl/openssl/crypto/evp/e_chacha20_poly1305.c
+++ b/deps/openssl/openssl/crypto/evp/e_chacha20_poly1305.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -140,7 +140,7 @@ static const EVP_CIPHER chacha20 = {
 
 const EVP_CIPHER *EVP_chacha20(void)
 {
-    return (&chacha20);
+    return &chacha20;
 }
 
 # ifndef OPENSSL_NO_POLY1305
@@ -150,6 +150,7 @@ typedef struct {
     EVP_CHACHA_KEY key;
     unsigned int nonce[12/4];
     unsigned char tag[POLY1305_BLOCK_SIZE];
+    unsigned char tls_aad[POLY1305_BLOCK_SIZE];
     struct { uint64_t aad, text; } len;
     int aad, mac_inited, tag_len, nonce_len;
     size_t tls_payload_length;
@@ -179,7 +180,8 @@ static int chacha20_poly1305_init_key(EVP_CIPHER_CTX *ctx,
 
         /* pad on the left */
         if (actx->nonce_len <= CHACHA_CTR_SIZE)
-            memcpy(temp + CHACHA_CTR_SIZE - actx->nonce_len, iv, actx->nonce_len);
+            memcpy(temp + CHACHA_CTR_SIZE - actx->nonce_len, iv,
+                   actx->nonce_len);
 
         chacha_init_key(ctx, inkey, temp, enc);
 
@@ -193,23 +195,196 @@ static int chacha20_poly1305_init_key(EVP_CIPHER_CTX *ctx,
     return 1;
 }
 
+#  if !defined(OPENSSL_SMALL_FOOTPRINT)
+
+#   if defined(POLY1305_ASM) && (defined(__x86_64) || defined(__x86_64__) || \
+                                 defined(_M_AMD64) || defined(_M_X64))
+#    define XOR128_HELPERS
+void *xor128_encrypt_n_pad(void *out, const void *inp, void *otp, size_t len);
+void *xor128_decrypt_n_pad(void *out, const void *inp, void *otp, size_t len);
+static const unsigned char zero[4 * CHACHA_BLK_SIZE] = { 0 };
+#   else
+static const unsigned char zero[2 * CHACHA_BLK_SIZE] = { 0 };
+#   endif
+
+static int chacha20_poly1305_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                        const unsigned char *in, size_t len)
+{
+    EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx);
+    size_t tail, tohash_len, buf_len, plen = actx->tls_payload_length;
+    unsigned char *buf, *tohash, *ctr, storage[sizeof(zero) + 32];
+
+    if (len != plen + POLY1305_BLOCK_SIZE)
+        return -1;
+
+    buf = storage + ((0 - (size_t)storage) & 15);   /* align */
+    ctr = buf + CHACHA_BLK_SIZE;
+    tohash = buf + CHACHA_BLK_SIZE - POLY1305_BLOCK_SIZE;
+
+#   ifdef XOR128_HELPERS
+    if (plen <= 3 * CHACHA_BLK_SIZE) {
+        actx->key.counter[0] = 0;
+        buf_len = (plen + 2 * CHACHA_BLK_SIZE - 1) & (0 - CHACHA_BLK_SIZE);
+        ChaCha20_ctr32(buf, zero, buf_len, actx->key.key.d,
+                       actx->key.counter);
+        Poly1305_Init(POLY1305_ctx(actx), buf);
+        actx->key.partial_len = 0;
+        memcpy(tohash, actx->tls_aad, POLY1305_BLOCK_SIZE);
+        tohash_len = POLY1305_BLOCK_SIZE;
+        actx->len.aad = EVP_AEAD_TLS1_AAD_LEN;
+        actx->len.text = plen;
+
+        if (plen) {
+            if (ctx->encrypt)
+                ctr = xor128_encrypt_n_pad(out, in, ctr, plen);
+            else
+                ctr = xor128_decrypt_n_pad(out, in, ctr, plen);
+
+            in += plen;
+            out += plen;
+            tohash_len = (size_t)(ctr - tohash);
+        }
+    }
+#   else
+    if (plen <= CHACHA_BLK_SIZE) {
+        size_t i;
+
+        actx->key.counter[0] = 0;
+        ChaCha20_ctr32(buf, zero, (buf_len = 2 * CHACHA_BLK_SIZE),
+                       actx->key.key.d, actx->key.counter);
+        Poly1305_Init(POLY1305_ctx(actx), buf);
+        actx->key.partial_len = 0;
+        memcpy(tohash, actx->tls_aad, POLY1305_BLOCK_SIZE);
+        tohash_len = POLY1305_BLOCK_SIZE;
+        actx->len.aad = EVP_AEAD_TLS1_AAD_LEN;
+        actx->len.text = plen;
+
+        if (ctx->encrypt) {
+            for (i = 0; i < plen; i++) {
+                out[i] = ctr[i] ^= in[i];
+            }
+        } else {
+            for (i = 0; i < plen; i++) {
+                unsigned char c = in[i];
+                out[i] = ctr[i] ^ c;
+                ctr[i] = c;
+            }
+        }
+
+        in += i;
+        out += i;
+
+        tail = (0 - i) & (POLY1305_BLOCK_SIZE - 1);
+        memset(ctr + i, 0, tail);
+        ctr += i + tail;
+        tohash_len += i + tail;
+    }
+#   endif
+    else {
+        actx->key.counter[0] = 0;
+        ChaCha20_ctr32(buf, zero, (buf_len = CHACHA_BLK_SIZE),
+                       actx->key.key.d, actx->key.counter);
+        Poly1305_Init(POLY1305_ctx(actx), buf);
+        actx->key.counter[0] = 1;
+        actx->key.partial_len = 0;
+        Poly1305_Update(POLY1305_ctx(actx), actx->tls_aad, POLY1305_BLOCK_SIZE);
+        tohash = ctr;
+        tohash_len = 0;
+        actx->len.aad = EVP_AEAD_TLS1_AAD_LEN;
+        actx->len.text = plen;
+
+        if (ctx->encrypt) {
+            ChaCha20_ctr32(out, in, plen, actx->key.key.d, actx->key.counter);
+            Poly1305_Update(POLY1305_ctx(actx), out, plen);
+        } else {
+            Poly1305_Update(POLY1305_ctx(actx), in, plen);
+            ChaCha20_ctr32(out, in, plen, actx->key.key.d, actx->key.counter);
+        }
+
+        in += plen;
+        out += plen;
+        tail = (0 - plen) & (POLY1305_BLOCK_SIZE - 1);
+        Poly1305_Update(POLY1305_ctx(actx), zero, tail);
+    }
+
+    {
+        const union {
+            long one;
+            char little;
+        } is_endian = { 1 };
+
+        if (is_endian.little) {
+            memcpy(ctr, (unsigned char *)&actx->len, POLY1305_BLOCK_SIZE);
+        } else {
+            ctr[0]  = (unsigned char)(actx->len.aad);
+            ctr[1]  = (unsigned char)(actx->len.aad>>8);
+            ctr[2]  = (unsigned char)(actx->len.aad>>16);
+            ctr[3]  = (unsigned char)(actx->len.aad>>24);
+            ctr[4]  = (unsigned char)(actx->len.aad>>32);
+            ctr[5]  = (unsigned char)(actx->len.aad>>40);
+            ctr[6]  = (unsigned char)(actx->len.aad>>48);
+            ctr[7]  = (unsigned char)(actx->len.aad>>56);
+
+            ctr[8]  = (unsigned char)(actx->len.text);
+            ctr[9]  = (unsigned char)(actx->len.text>>8);
+            ctr[10] = (unsigned char)(actx->len.text>>16);
+            ctr[11] = (unsigned char)(actx->len.text>>24);
+            ctr[12] = (unsigned char)(actx->len.text>>32);
+            ctr[13] = (unsigned char)(actx->len.text>>40);
+            ctr[14] = (unsigned char)(actx->len.text>>48);
+            ctr[15] = (unsigned char)(actx->len.text>>56);
+        }
+        tohash_len += POLY1305_BLOCK_SIZE;
+    }
+
+    Poly1305_Update(POLY1305_ctx(actx), tohash, tohash_len);
+    OPENSSL_cleanse(buf, buf_len);
+    Poly1305_Final(POLY1305_ctx(actx), ctx->encrypt ? actx->tag
+                                                    : tohash);
+
+    actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH;
+
+    if (ctx->encrypt) {
+        memcpy(out, actx->tag, POLY1305_BLOCK_SIZE);
+    } else {
+        if (CRYPTO_memcmp(tohash, in, POLY1305_BLOCK_SIZE)) {
+            memset(out - (len - POLY1305_BLOCK_SIZE), 0,
+                   len - POLY1305_BLOCK_SIZE);
+            return -1;
+        }
+    }
+
+    return len;
+}
+#  else
+static const unsigned char zero[CHACHA_BLK_SIZE] = { 0 };
+#  endif
+
 static int chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                     const unsigned char *in, size_t len)
 {
     EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx);
     size_t rem, plen = actx->tls_payload_length;
-    static const unsigned char zero[POLY1305_BLOCK_SIZE] = { 0 };
 
     if (!actx->mac_inited) {
+#  if !defined(OPENSSL_SMALL_FOOTPRINT)
+        if (plen != NO_TLS_PAYLOAD_LENGTH && out != NULL)
+            return chacha20_poly1305_tls_cipher(ctx, out, in, len);
+#  endif
         actx->key.counter[0] = 0;
-        memset(actx->key.buf, 0, sizeof(actx->key.buf));
-        ChaCha20_ctr32(actx->key.buf, actx->key.buf, CHACHA_BLK_SIZE,
+        ChaCha20_ctr32(actx->key.buf, zero, CHACHA_BLK_SIZE,
                        actx->key.key.d, actx->key.counter);
         Poly1305_Init(POLY1305_ctx(actx), actx->key.buf);
         actx->key.counter[0] = 1;
         actx->key.partial_len = 0;
         actx->len.aad = actx->len.text = 0;
         actx->mac_inited = 1;
+        if (plen != NO_TLS_PAYLOAD_LENGTH) {
+            Poly1305_Update(POLY1305_ctx(actx), actx->tls_aad,
+                            EVP_AEAD_TLS1_AAD_LEN);
+            actx->len.aad = EVP_AEAD_TLS1_AAD_LEN;
+            actx->aad = 1;
+        }
     }
 
     if (in) {                                   /* aad or text */
@@ -341,6 +516,7 @@ static int chacha20_poly1305_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
         actx->tag_len = 0;
         actx->nonce_len = 12;
         actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH;
+        memset(actx->tls_aad, 0, POLY1305_BLOCK_SIZE);
         return 1;
 
     case EVP_CTRL_COPY:
@@ -393,18 +569,18 @@ static int chacha20_poly1305_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
             return 0;
         {
             unsigned int len;
-            unsigned char *aad = ptr, temp[POLY1305_BLOCK_SIZE];
+            unsigned char *aad = ptr;
 
+            memcpy(actx->tls_aad, ptr, EVP_AEAD_TLS1_AAD_LEN);
             len = aad[EVP_AEAD_TLS1_AAD_LEN - 2] << 8 |
                   aad[EVP_AEAD_TLS1_AAD_LEN - 1];
+            aad = actx->tls_aad;
             if (!ctx->encrypt) {
                 if (len < POLY1305_BLOCK_SIZE)
                     return 0;
                 len -= POLY1305_BLOCK_SIZE;     /* discount attached tag */
-                memcpy(temp, aad, EVP_AEAD_TLS1_AAD_LEN - 2);
-                aad = temp;
-                temp[EVP_AEAD_TLS1_AAD_LEN - 2] = (unsigned char)(len >> 8);
-                temp[EVP_AEAD_TLS1_AAD_LEN - 1] = (unsigned char)len;
+                aad[EVP_AEAD_TLS1_AAD_LEN - 2] = (unsigned char)(len >> 8);
+                aad[EVP_AEAD_TLS1_AAD_LEN - 1] = (unsigned char)len;
             }
             actx->tls_payload_length = len;
 
@@ -415,7 +591,7 @@ static int chacha20_poly1305_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
             actx->key.counter[2] = actx->nonce[1] ^ CHACHA_U8TOU32(aad);
             actx->key.counter[3] = actx->nonce[2] ^ CHACHA_U8TOU32(aad+4);
             actx->mac_inited = 0;
-            chacha20_poly1305_cipher(ctx, NULL, aad, EVP_AEAD_TLS1_AAD_LEN);
+
             return POLY1305_BLOCK_SIZE;         /* tag length */
         }
 
diff --git a/deps/openssl/openssl/crypto/evp/e_des.c b/deps/openssl/openssl/crypto/evp/e_des.c
index 9b2facfecf..c13fb3e25a 100644
--- a/deps/openssl/openssl/crypto/evp/e_des.c
+++ b/deps/openssl/openssl/crypto/evp/e_des.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -229,7 +229,7 @@ static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
 
     switch (type) {
     case EVP_CTRL_RAND_KEY:
-        if (RAND_bytes(ptr, 8) <= 0)
+        if (RAND_priv_bytes(ptr, 8) <= 0)
             return 0;
         DES_set_odd_parity((DES_cblock *)ptr);
         return 1;
diff --git a/deps/openssl/openssl/crypto/evp/e_des3.c b/deps/openssl/openssl/crypto/evp/e_des3.c
index da77936c96..6b492ce470 100644
--- a/deps/openssl/openssl/crypto/evp/e_des3.c
+++ b/deps/openssl/openssl/crypto/evp/e_des3.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -283,7 +283,7 @@ static int des3_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
 
     switch (type) {
     case EVP_CTRL_RAND_KEY:
-        if (RAND_bytes(ptr, EVP_CIPHER_CTX_key_length(ctx)) <= 0)
+        if (RAND_priv_bytes(ptr, EVP_CIPHER_CTX_key_length(ctx)) <= 0)
             return 0;
         DES_set_odd_parity(deskey);
         if (EVP_CIPHER_CTX_key_length(ctx) >= 16)
diff --git a/deps/openssl/openssl/crypto/evp/e_null.c b/deps/openssl/openssl/crypto/evp/e_null.c
index 0dfc48abf5..18a8468216 100644
--- a/deps/openssl/openssl/crypto/evp/e_null.c
+++ b/deps/openssl/openssl/crypto/evp/e_null.c
@@ -32,7 +32,7 @@ static const EVP_CIPHER n_cipher = {
 
 const EVP_CIPHER *EVP_enc_null(void)
 {
-    return (&n_cipher);
+    return &n_cipher;
 }
 
 static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
diff --git a/deps/openssl/openssl/crypto/evp/e_rc2.c b/deps/openssl/openssl/crypto/evp/e_rc2.c
index ed10bb3324..aa0d140186 100644
--- a/deps/openssl/openssl/crypto/evp/e_rc2.c
+++ b/deps/openssl/openssl/crypto/evp/e_rc2.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -72,12 +72,12 @@ static const EVP_CIPHER r2_40_cbc_cipher = {
 
 const EVP_CIPHER *EVP_rc2_64_cbc(void)
 {
-    return (&r2_64_cbc_cipher);
+    return &r2_64_cbc_cipher;
 }
 
 const EVP_CIPHER *EVP_rc2_40_cbc(void)
 {
-    return (&r2_40_cbc_cipher);
+    return &r2_40_cbc_cipher;
 }
 
 static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
@@ -92,15 +92,16 @@ static int rc2_meth_to_magic(EVP_CIPHER_CTX *e)
 {
     int i;
 
-    EVP_CIPHER_CTX_ctrl(e, EVP_CTRL_GET_RC2_KEY_BITS, 0, &i);
+    if (EVP_CIPHER_CTX_ctrl(e, EVP_CTRL_GET_RC2_KEY_BITS, 0, &i) <= 0)
+        return 0;
     if (i == 128)
-        return (RC2_128_MAGIC);
+        return RC2_128_MAGIC;
     else if (i == 64)
-        return (RC2_64_MAGIC);
+        return RC2_64_MAGIC;
     else if (i == 40)
-        return (RC2_40_MAGIC);
+        return RC2_40_MAGIC;
     else
-        return (0);
+        return 0;
 }
 
 static int rc2_magic_to_meth(int i)
@@ -113,7 +114,7 @@ static int rc2_magic_to_meth(int i)
         return 40;
     else {
         EVPerr(EVP_F_RC2_MAGIC_TO_METH, EVP_R_UNSUPPORTED_KEY_SIZE);
-        return (0);
+        return 0;
     }
 }
 
@@ -136,8 +137,9 @@ static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
             return -1;
         if (i > 0 && !EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1))
             return -1;
-        EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL);
-        if (EVP_CIPHER_CTX_set_key_length(c, key_bits / 8) <= 0)
+        if (EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, key_bits,
+                                NULL) <= 0
+                || EVP_CIPHER_CTX_set_key_length(c, key_bits / 8) <= 0)
             return -1;
     }
     return i;
@@ -155,7 +157,7 @@ static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
                                           (unsigned char *)EVP_CIPHER_CTX_original_iv(c),
                                           j);
     }
-    return (i);
+    return i;
 }
 
 static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
diff --git a/deps/openssl/openssl/crypto/evp/e_rc4.c b/deps/openssl/openssl/crypto/evp/e_rc4.c
index ea95deab8f..d16abdd0d2 100644
--- a/deps/openssl/openssl/crypto/evp/e_rc4.c
+++ b/deps/openssl/openssl/crypto/evp/e_rc4.c
@@ -58,12 +58,12 @@ static const EVP_CIPHER r4_40_cipher = {
 
 const EVP_CIPHER *EVP_rc4(void)
 {
-    return (&r4_cipher);
+    return &r4_cipher;
 }
 
 const EVP_CIPHER *EVP_rc4_40(void)
 {
-    return (&r4_40_cipher);
+    return &r4_40_cipher;
 }
 
 static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
diff --git a/deps/openssl/openssl/crypto/evp/e_rc4_hmac_md5.c b/deps/openssl/openssl/crypto/evp/e_rc4_hmac_md5.c
index 8ab18c1413..b1e8ccd6dd 100644
--- a/deps/openssl/openssl/crypto/evp/e_rc4_hmac_md5.c
+++ b/deps/openssl/openssl/crypto/evp/e_rc4_hmac_md5.c
@@ -257,6 +257,6 @@ static EVP_CIPHER r4_hmac_md5_cipher = {
 
 const EVP_CIPHER *EVP_rc4_hmac_md5(void)
 {
-    return (&r4_hmac_md5_cipher);
+    return &r4_hmac_md5_cipher;
 }
 #endif
diff --git a/deps/openssl/openssl/crypto/evp/e_rc5.c b/deps/openssl/openssl/crypto/evp/e_rc5.c
index f69ba5b2f5..a2f26d8c5f 100644
--- a/deps/openssl/openssl/crypto/evp/e_rc5.c
+++ b/deps/openssl/openssl/crypto/evp/e_rc5.c
@@ -13,7 +13,7 @@
 #ifndef OPENSSL_NO_RC5
 
 # include <openssl/evp.h>
-# include <internal/evp_int.h>
+# include "internal/evp_int.h"
 # include <openssl/objects.h>
 # include "evp_locl.h"
 # include <openssl/rc5.h>
diff --git a/deps/openssl/openssl/crypto/evp/e_sm4.c b/deps/openssl/openssl/crypto/evp/e_sm4.c
new file mode 100644
index 0000000000..79deb65636
--- /dev/null
+++ b/deps/openssl/openssl/crypto/evp/e_sm4.c
@@ -0,0 +1,100 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 Ribose Inc. All Rights Reserved.
+ * Ported from Ribose contributions from Botan.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#ifndef OPENSSL_NO_SM4
+# include <openssl/evp.h>
+# include <openssl/modes.h>
+# include "internal/sm4.h"
+# include "internal/evp_int.h"
+
+typedef struct {
+    SM4_KEY ks;
+} EVP_SM4_KEY;
+
+static int sm4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                        const unsigned char *iv, int enc)
+{
+    SM4_set_key(key, EVP_CIPHER_CTX_get_cipher_data(ctx));
+    return 1;
+}
+
+static void sm4_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                            size_t len, const SM4_KEY *key,
+                            unsigned char *ivec, const int enc)
+{
+    if (enc)
+        CRYPTO_cbc128_encrypt(in, out, len, key, ivec,
+                              (block128_f)SM4_encrypt);
+    else
+        CRYPTO_cbc128_decrypt(in, out, len, key, ivec,
+                              (block128_f)SM4_decrypt);
+}
+
+static void sm4_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+                               size_t length, const SM4_KEY *key,
+                               unsigned char *ivec, int *num, const int enc)
+{
+    CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc,
+                          (block128_f)SM4_encrypt);
+}
+
+static void sm4_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                            const SM4_KEY *key, const int enc)
+{
+    if (enc)
+        SM4_encrypt(in, out, key);
+    else
+        SM4_decrypt(in, out, key);
+}
+
+static void sm4_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+                               size_t length, const SM4_KEY *key,
+                               unsigned char *ivec, int *num)
+{
+    CRYPTO_ofb128_encrypt(in, out, length, key, ivec, num,
+                          (block128_f)SM4_encrypt);
+}
+
+IMPLEMENT_BLOCK_CIPHER(sm4, ks, sm4, EVP_SM4_KEY, NID_sm4,
+                       16, 16, 16, 128, EVP_CIPH_FLAG_DEFAULT_ASN1,
+                       sm4_init_key, 0, 0, 0, 0)
+
+static int sm4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, size_t len)
+{
+    unsigned int num = EVP_CIPHER_CTX_num(ctx);
+    EVP_SM4_KEY *dat = EVP_C_DATA(EVP_SM4_KEY, ctx);
+
+    CRYPTO_ctr128_encrypt(in, out, len, &dat->ks,
+                          EVP_CIPHER_CTX_iv_noconst(ctx),
+                          EVP_CIPHER_CTX_buf_noconst(ctx), &num,
+                          (block128_f)SM4_encrypt);
+    EVP_CIPHER_CTX_set_num(ctx, num);
+    return 1;
+}
+
+static const EVP_CIPHER sm4_ctr_mode = {
+    NID_sm4_ctr, 1, 16, 16,
+    EVP_CIPH_CTR_MODE,
+    sm4_init_key,
+    sm4_ctr_cipher,
+    NULL,
+    sizeof(EVP_SM4_KEY),
+    NULL, NULL, NULL, NULL
+};
+
+const EVP_CIPHER *EVP_sm4_ctr(void)
+{
+    return &sm4_ctr_mode;
+}
+
+#endif
diff --git a/deps/openssl/openssl/crypto/evp/e_xcbc_d.c b/deps/openssl/openssl/crypto/evp/e_xcbc_d.c
index effaf5cc61..57ce813da8 100644
--- a/deps/openssl/openssl/crypto/evp/e_xcbc_d.c
+++ b/deps/openssl/openssl/crypto/evp/e_xcbc_d.c
@@ -46,7 +46,7 @@ static const EVP_CIPHER d_xcbc_cipher = {
 
 const EVP_CIPHER *EVP_desx_cbc(void)
 {
-    return (&d_xcbc_cipher);
+    return &d_xcbc_cipher;
 }
 
 static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
diff --git a/deps/openssl/openssl/crypto/evp/encode.c b/deps/openssl/openssl/crypto/evp/encode.c
index abb1044378..da32d4fd19 100644
--- a/deps/openssl/openssl/crypto/evp/encode.c
+++ b/deps/openssl/openssl/crypto/evp/encode.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -12,10 +12,17 @@
 #include "internal/cryptlib.h"
 #include <openssl/evp.h>
 #include "evp_locl.h"
+#include "internal/evp_int.h"
+
+static unsigned char conv_ascii2bin(unsigned char a,
+                                    const unsigned char *table);
+static int evp_encodeblock_int(EVP_ENCODE_CTX *ctx, unsigned char *t,
+                               const unsigned char *f, int dlen);
+static int evp_decodeblock_int(EVP_ENCODE_CTX *ctx, unsigned char *t,
+                               const unsigned char *f, int n);
 
-static unsigned char conv_ascii2bin(unsigned char a);
 #ifndef CHARSET_EBCDIC
-# define conv_bin2ascii(a)       (data_bin2ascii[(a)&0x3f])
+# define conv_bin2ascii(a, table)       ((table)[(a)&0x3f])
 #else
 /*
  * We assume that PEM encoded files are EBCDIC files (i.e., printable text
@@ -23,7 +30,7 @@ static unsigned char conv_ascii2bin(unsigned char a);
  * (text) format again. (No need for conversion in the conv_bin2ascii macro,
  * as the underlying textstring data_bin2ascii[] is already EBCDIC)
  */
-# define conv_bin2ascii(a)       (data_bin2ascii[(a)&0x3f])
+# define conv_bin2ascii(a, table)       ((table)[(a)&0x3f])
 #endif
 
 /*-
@@ -38,8 +45,13 @@ static unsigned char conv_ascii2bin(unsigned char a);
 #define CHUNKS_PER_LINE (64/4)
 #define CHAR_PER_LINE   (64+1)
 
-static const unsigned char data_bin2ascii[65] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ\
-abcdefghijklmnopqrstuvwxyz0123456789+/";
+static const unsigned char data_bin2ascii[65] =
+    "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+
+/* SRP uses a different base64 alphabet */
+static const unsigned char srpdata_bin2ascii[65] =
+    "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz./";
+
 
 /*-
  * 0xF0 is a EOLN
@@ -76,20 +88,39 @@ static const unsigned char data_ascii2bin[128] = {
     0x31, 0x32, 0x33, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
 };
 
+static const unsigned char srpdata_ascii2bin[128] = {
+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xFF, 0xE0, 0xF0, 0xFF, 0xFF, 0xF1, 0xFF, 0xFF,
+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xE0, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xF2, 0x3E, 0x3F,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x08, 0x09, 0xFF, 0xFF, 0xFF, 0x00, 0xFF, 0xFF,
+    0xFF, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10,
+    0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
+    0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20,
+    0x21, 0x22, 0x23, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xFF, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A,
+    0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32,
+    0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A,
+    0x3B, 0x3C, 0x3D, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+};
+
 #ifndef CHARSET_EBCDIC
-static unsigned char conv_ascii2bin(unsigned char a)
+static unsigned char conv_ascii2bin(unsigned char a, const unsigned char *table)
 {
     if (a & 0x80)
         return B64_ERROR;
-    return data_ascii2bin[a];
+    return table[a];
 }
 #else
-static unsigned char conv_ascii2bin(unsigned char a)
+static unsigned char conv_ascii2bin(unsigned char a, const unsigned char *table)
 {
     a = os_toascii[a];
     if (a & 0x80)
         return B64_ERROR;
-    return data_ascii2bin[a];
+    return table[a];
 }
 #endif
 
@@ -115,11 +146,17 @@ int EVP_ENCODE_CTX_num(EVP_ENCODE_CTX *ctx)
     return ctx->num;
 }
 
+void evp_encode_ctx_set_flags(EVP_ENCODE_CTX *ctx, unsigned int flags)
+{
+    ctx->flags = flags;
+}
+
 void EVP_EncodeInit(EVP_ENCODE_CTX *ctx)
 {
     ctx->length = 48;
     ctx->num = 0;
     ctx->line_num = 0;
+    ctx->flags = 0;
 }
 
 int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
@@ -142,21 +179,27 @@ int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
         memcpy(&(ctx->enc_data[ctx->num]), in, i);
         in += i;
         inl -= i;
-        j = EVP_EncodeBlock(out, ctx->enc_data, ctx->length);
+        j = evp_encodeblock_int(ctx, out, ctx->enc_data, ctx->length);
         ctx->num = 0;
         out += j;
-        *(out++) = '\n';
+        total = j;
+        if ((ctx->flags & EVP_ENCODE_CTX_NO_NEWLINES) == 0) {
+            *(out++) = '\n';
+            total++;
+        }
         *out = '\0';
-        total = j + 1;
     }
     while (inl >= ctx->length && total <= INT_MAX) {
-        j = EVP_EncodeBlock(out, in, ctx->length);
+        j = evp_encodeblock_int(ctx, out, in, ctx->length);
         in += ctx->length;
         inl -= ctx->length;
         out += j;
-        *(out++) = '\n';
+        total += j;
+        if ((ctx->flags & EVP_ENCODE_CTX_NO_NEWLINES) == 0) {
+            *(out++) = '\n';
+            total++;
+        }
         *out = '\0';
-        total += j + 1;
     }
     if (total > INT_MAX) {
         /* Too much output data! */
@@ -176,35 +219,43 @@ void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl)
     unsigned int ret = 0;
 
     if (ctx->num != 0) {
-        ret = EVP_EncodeBlock(out, ctx->enc_data, ctx->num);
-        out[ret++] = '\n';
+        ret = evp_encodeblock_int(ctx, out, ctx->enc_data, ctx->num);
+        if ((ctx->flags & EVP_ENCODE_CTX_NO_NEWLINES) == 0)
+            out[ret++] = '\n';
         out[ret] = '\0';
         ctx->num = 0;
     }
     *outl = ret;
 }
 
-int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int dlen)
+static int evp_encodeblock_int(EVP_ENCODE_CTX *ctx, unsigned char *t,
+                               const unsigned char *f, int dlen)
 {
     int i, ret = 0;
     unsigned long l;
+    const unsigned char *table;
+
+    if (ctx != NULL && (ctx->flags & EVP_ENCODE_CTX_USE_SRP_ALPHABET) != 0)
+        table = srpdata_bin2ascii;
+    else
+        table = data_bin2ascii;
 
     for (i = dlen; i > 0; i -= 3) {
         if (i >= 3) {
             l = (((unsigned long)f[0]) << 16L) |
                 (((unsigned long)f[1]) << 8L) | f[2];
-            *(t++) = conv_bin2ascii(l >> 18L);
-            *(t++) = conv_bin2ascii(l >> 12L);
-            *(t++) = conv_bin2ascii(l >> 6L);
-            *(t++) = conv_bin2ascii(l);
+            *(t++) = conv_bin2ascii(l >> 18L, table);
+            *(t++) = conv_bin2ascii(l >> 12L, table);
+            *(t++) = conv_bin2ascii(l >> 6L, table);
+            *(t++) = conv_bin2ascii(l, table);
         } else {
             l = ((unsigned long)f[0]) << 16L;
             if (i == 2)
                 l |= ((unsigned long)f[1] << 8L);
 
-            *(t++) = conv_bin2ascii(l >> 18L);
-            *(t++) = conv_bin2ascii(l >> 12L);
-            *(t++) = (i == 1) ? '=' : conv_bin2ascii(l >> 6L);
+            *(t++) = conv_bin2ascii(l >> 18L, table);
+            *(t++) = conv_bin2ascii(l >> 12L, table);
+            *(t++) = (i == 1) ? '=' : conv_bin2ascii(l >> 6L, table);
             *(t++) = '=';
         }
         ret += 4;
@@ -212,16 +263,21 @@ int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int dlen)
     }
 
     *t = '\0';
-    return (ret);
+    return ret;
+}
+
+int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int dlen)
+{
+    return evp_encodeblock_int(NULL, t, f, dlen);
 }
 
 void EVP_DecodeInit(EVP_ENCODE_CTX *ctx)
 {
-    /* Only ctx->num is used during decoding. */
+    /* Only ctx->num and ctx->flags are used during decoding. */
     ctx->num = 0;
     ctx->length = 0;
     ctx->line_num = 0;
-    ctx->expect_nl = 0;
+    ctx->flags = 0;
 }
 
 /*-
@@ -249,6 +305,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
 {
     int seof = 0, eof = 0, rv = -1, ret = 0, i, v, tmp, n, decoded_len;
     unsigned char *d;
+    const unsigned char *table;
 
     n = ctx->num;
     d = ctx->enc_data;
@@ -265,9 +322,14 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
         goto end;
     }
 
+    if ((ctx->flags & EVP_ENCODE_CTX_USE_SRP_ALPHABET) != 0)
+        table = srpdata_ascii2bin;
+    else
+        table = data_ascii2bin;
+
     for (i = 0; i < inl; i++) {
         tmp = *(in++);
-        v = conv_ascii2bin(tmp);
+        v = conv_ascii2bin(tmp, table);
         if (v == B64_ERROR) {
             rv = -1;
             goto end;
@@ -307,7 +369,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
         }
 
         if (n == 64) {
-            decoded_len = EVP_DecodeBlock(out, d, n);
+            decoded_len = evp_decodeblock_int(ctx, out, d, n);
             n = 0;
             if (decoded_len < 0 || eof > decoded_len) {
                 rv = -1;
@@ -326,7 +388,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
 tail:
     if (n > 0) {
         if ((n & 3) == 0) {
-            decoded_len = EVP_DecodeBlock(out, d, n);
+            decoded_len = evp_decodeblock_int(ctx, out, d, n);
             n = 0;
             if (decoded_len < 0 || eof > decoded_len) {
                 rv = -1;
@@ -345,16 +407,23 @@ end:
     /* Legacy behaviour. This should probably rather be zeroed on error. */
     *outl = ret;
     ctx->num = n;
-    return (rv);
+    return rv;
 }
 
-int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n)
+static int evp_decodeblock_int(EVP_ENCODE_CTX *ctx, unsigned char *t,
+                               const unsigned char *f, int n)
 {
     int i, ret = 0, a, b, c, d;
     unsigned long l;
+    const unsigned char *table;
+
+    if (ctx != NULL && (ctx->flags & EVP_ENCODE_CTX_USE_SRP_ALPHABET) != 0)
+        table = srpdata_ascii2bin;
+    else
+        table = data_ascii2bin;
 
     /* trim white space from the start of the line. */
-    while ((conv_ascii2bin(*f) == B64_WS) && (n > 0)) {
+    while ((conv_ascii2bin(*f, table) == B64_WS) && (n > 0)) {
         f++;
         n--;
     }
@@ -363,19 +432,19 @@ int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n)
      * strip off stuff at the end of the line ascii2bin values B64_WS,
      * B64_EOLN, B64_EOLN and B64_EOF
      */
-    while ((n > 3) && (B64_NOT_BASE64(conv_ascii2bin(f[n - 1]))))
+    while ((n > 3) && (B64_NOT_BASE64(conv_ascii2bin(f[n - 1], table))))
         n--;
 
     if (n % 4 != 0)
-        return (-1);
+        return -1;
 
     for (i = 0; i < n; i += 4) {
-        a = conv_ascii2bin(*(f++));
-        b = conv_ascii2bin(*(f++));
-        c = conv_ascii2bin(*(f++));
-        d = conv_ascii2bin(*(f++));
+        a = conv_ascii2bin(*(f++), table);
+        b = conv_ascii2bin(*(f++), table);
+        c = conv_ascii2bin(*(f++), table);
+        d = conv_ascii2bin(*(f++), table);
         if ((a & 0x80) || (b & 0x80) || (c & 0x80) || (d & 0x80))
-            return (-1);
+            return -1;
         l = ((((unsigned long)a) << 18L) |
              (((unsigned long)b) << 12L) |
              (((unsigned long)c) << 6L) | (((unsigned long)d)));
@@ -384,7 +453,12 @@ int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n)
         *(t++) = (unsigned char)(l) & 0xff;
         ret += 3;
     }
-    return (ret);
+    return ret;
+}
+
+int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n)
+{
+    return evp_decodeblock_int(NULL, t, f, n);
 }
 
 int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl)
@@ -393,12 +467,12 @@ int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl)
 
     *outl = 0;
     if (ctx->num != 0) {
-        i = EVP_DecodeBlock(out, ctx->enc_data, ctx->num);
+        i = evp_decodeblock_int(ctx, out, ctx->enc_data, ctx->num);
         if (i < 0)
-            return (-1);
+            return -1;
         ctx->num = 0;
         *outl = i;
-        return (1);
+        return 1;
     } else
-        return (1);
+        return 1;
 }
diff --git a/deps/openssl/openssl/crypto/evp/evp_cnf.c b/deps/openssl/openssl/crypto/evp/evp_cnf.c
index 71d13b8df0..8df2c06e1f 100644
--- a/deps/openssl/openssl/crypto/evp/evp_cnf.c
+++ b/deps/openssl/openssl/crypto/evp/evp_cnf.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2012-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -8,7 +8,6 @@
  */
 
 #include <stdio.h>
-#include <ctype.h>
 #include <openssl/crypto.h>
 #include "internal/cryptlib.h"
 #include <openssl/conf.h>
@@ -38,16 +37,8 @@ static int alg_module_init(CONF_IMODULE *md, const CONF *cnf)
                 return 0;
             }
             if (m > 0) {
-#ifdef OPENSSL_FIPS
-                if (!FIPS_mode() && !FIPS_mode_set(1)) {
-                    EVPerr(EVP_F_ALG_MODULE_INIT,
-                           EVP_R_ERROR_SETTING_FIPS_MODE);
-                    return 0;
-                }
-#else
                 EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_FIPS_MODE_NOT_SUPPORTED);
                 return 0;
-#endif
             }
         } else {
             EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_UNKNOWN_OPTION);
diff --git a/deps/openssl/openssl/crypto/evp/evp_enc.c b/deps/openssl/openssl/crypto/evp/evp_enc.c
index e5807edd65..38633410cd 100644
--- a/deps/openssl/openssl/crypto/evp/evp_enc.c
+++ b/deps/openssl/openssl/crypto/evp/evp_enc.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -13,6 +13,7 @@
 #include <openssl/evp.h>
 #include <openssl/err.h>
 #include <openssl/rand.h>
+#include <openssl/rand_drbg.h>
 #include <openssl/engine.h>
 #include "internal/evp_int.h"
 #include "evp_locl.h"
@@ -523,7 +524,7 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
     if (b > 1) {
         if (ctx->buf_len || !ctx->final_used) {
             EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_WRONG_FINAL_BLOCK_LENGTH);
-            return (0);
+            return 0;
         }
         OPENSSL_assert(b <= sizeof(ctx->final));
 
@@ -534,12 +535,12 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
         n = ctx->final[b - 1];
         if (n == 0 || n > (int)b) {
             EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);
-            return (0);
+            return 0;
         }
         for (i = 0; i < n; i++) {
             if (ctx->final[--b] != n) {
                 EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);
-                return (0);
+                return 0;
             }
         }
         n = ctx->cipher->block_size - n;
@@ -548,7 +549,7 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
         *outl = n;
     } else
         *outl = 0;
-    return (1);
+    return 1;
 }
 
 int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)
@@ -577,6 +578,7 @@ int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)
 int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
 {
     int ret;
+
     if (!ctx->cipher) {
         EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET);
         return 0;
@@ -600,7 +602,7 @@ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
 {
     if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)
         return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key);
-    if (RAND_bytes(key, ctx->key_len) <= 0)
+    if (RAND_priv_bytes(key, ctx->key_len) <= 0)
         return 0;
     return 1;
 }
diff --git a/deps/openssl/openssl/crypto/evp/evp_err.c b/deps/openssl/openssl/crypto/evp/evp_err.c
index 3543d44cb4..3e14a7b509 100644
--- a/deps/openssl/openssl/crypto/evp/evp_err.c
+++ b/deps/openssl/openssl/crypto/evp/evp_err.c
@@ -8,169 +8,262 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
 #include <openssl/err.h>
-#include <openssl/evp.h>
+#include <openssl/evperr.h>
 
-/* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_EVP,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_EVP,0,reason)
-
-static ERR_STRING_DATA EVP_str_functs[] = {
-    {ERR_FUNC(EVP_F_AESNI_INIT_KEY), "aesni_init_key"},
-    {ERR_FUNC(EVP_F_AES_INIT_KEY), "aes_init_key"},
-    {ERR_FUNC(EVP_F_AES_OCB_CIPHER), "aes_ocb_cipher"},
-    {ERR_FUNC(EVP_F_AES_T4_INIT_KEY), "aes_t4_init_key"},
-    {ERR_FUNC(EVP_F_AES_WRAP_CIPHER), "aes_wrap_cipher"},
-    {ERR_FUNC(EVP_F_ALG_MODULE_INIT), "alg_module_init"},
-    {ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "camellia_init_key"},
-    {ERR_FUNC(EVP_F_CHACHA20_POLY1305_CTRL), "chacha20_poly1305_ctrl"},
-    {ERR_FUNC(EVP_F_CMLL_T4_INIT_KEY), "cmll_t4_init_key"},
-    {ERR_FUNC(EVP_F_DES_EDE3_WRAP_CIPHER), "des_ede3_wrap_cipher"},
-    {ERR_FUNC(EVP_F_DO_SIGVER_INIT), "do_sigver_init"},
-    {ERR_FUNC(EVP_F_EVP_CIPHERINIT_EX), "EVP_CipherInit_ex"},
-    {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_COPY), "EVP_CIPHER_CTX_copy"},
-    {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_CTRL), "EVP_CIPHER_CTX_ctrl"},
-    {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH),
+static const ERR_STRING_DATA EVP_str_functs[] = {
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_AESNI_INIT_KEY, 0), "aesni_init_key"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_GCM_CTRL, 0), "aes_gcm_ctrl"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_INIT_KEY, 0), "aes_init_key"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_OCB_CIPHER, 0), "aes_ocb_cipher"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_T4_INIT_KEY, 0), "aes_t4_init_key"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_WRAP_CIPHER, 0), "aes_wrap_cipher"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_ALG_MODULE_INIT, 0), "alg_module_init"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_ARIA_CCM_INIT_KEY, 0), "aria_ccm_init_key"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_ARIA_GCM_CTRL, 0), "aria_gcm_ctrl"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_ARIA_GCM_INIT_KEY, 0), "aria_gcm_init_key"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_ARIA_INIT_KEY, 0), "aria_init_key"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_B64_NEW, 0), "b64_new"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_CAMELLIA_INIT_KEY, 0), "camellia_init_key"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_CHACHA20_POLY1305_CTRL, 0),
+     "chacha20_poly1305_ctrl"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_CMLL_T4_INIT_KEY, 0), "cmll_t4_init_key"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_DES_EDE3_WRAP_CIPHER, 0),
+     "des_ede3_wrap_cipher"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_DO_SIGVER_INIT, 0), "do_sigver_init"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_ENC_NEW, 0), "enc_new"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHERINIT_EX, 0), "EVP_CipherInit_ex"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHER_ASN1_TO_PARAM, 0),
+     "EVP_CIPHER_asn1_to_param"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHER_CTX_COPY, 0),
+     "EVP_CIPHER_CTX_copy"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHER_CTX_CTRL, 0),
+     "EVP_CIPHER_CTX_ctrl"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH, 0),
      "EVP_CIPHER_CTX_set_key_length"},
-    {ERR_FUNC(EVP_F_EVP_DECRYPTFINAL_EX), "EVP_DecryptFinal_ex"},
-    {ERR_FUNC(EVP_F_EVP_DECRYPTUPDATE), "EVP_DecryptUpdate"},
-    {ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"},
-    {ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX), "EVP_EncryptFinal_ex"},
-    {ERR_FUNC(EVP_F_EVP_ENCRYPTUPDATE), "EVP_EncryptUpdate"},
-    {ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX), "EVP_MD_CTX_copy_ex"},
-    {ERR_FUNC(EVP_F_EVP_MD_SIZE), "EVP_MD_size"},
-    {ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"},
-    {ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD), "EVP_PBE_alg_add"},
-    {ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD_TYPE), "EVP_PBE_alg_add_type"},
-    {ERR_FUNC(EVP_F_EVP_PBE_CIPHERINIT), "EVP_PBE_CipherInit"},
-    {ERR_FUNC(EVP_F_EVP_PBE_SCRYPT), "EVP_PBE_scrypt"},
-    {ERR_FUNC(EVP_F_EVP_PKCS82PKEY), "EVP_PKCS82PKEY"},
-    {ERR_FUNC(EVP_F_EVP_PKEY2PKCS8), "EVP_PKEY2PKCS8"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_ASN1_ADD0), "EVP_PKEY_asn1_add0"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_COPY_PARAMETERS), "EVP_PKEY_copy_parameters"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_CTX_CTRL), "EVP_PKEY_CTX_ctrl"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_CTX_CTRL_STR), "EVP_PKEY_CTX_ctrl_str"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_CTX_DUP), "EVP_PKEY_CTX_dup"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT), "EVP_PKEY_decrypt"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT_INIT), "EVP_PKEY_decrypt_init"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT_OLD), "EVP_PKEY_decrypt_old"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_DERIVE), "EVP_PKEY_derive"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_DERIVE_INIT), "EVP_PKEY_derive_init"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_DERIVE_SET_PEER), "EVP_PKEY_derive_set_peer"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT), "EVP_PKEY_encrypt"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT_INIT), "EVP_PKEY_encrypt_init"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT_OLD), "EVP_PKEY_encrypt_old"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_GET0_DH), "EVP_PKEY_get0_DH"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_GET0_DSA), "EVP_PKEY_get0_DSA"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_GET0_EC_KEY), "EVP_PKEY_get0_EC_KEY"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_GET0_HMAC), "EVP_PKEY_get0_hmac"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_GET0_RSA), "EVP_PKEY_get0_RSA"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_KEYGEN), "EVP_PKEY_keygen"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_KEYGEN_INIT), "EVP_PKEY_keygen_init"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_METH_ADD0), "EVP_PKEY_meth_add0"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_METH_NEW), "EVP_PKEY_meth_new"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_NEW), "EVP_PKEY_new"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_PARAMGEN), "EVP_PKEY_paramgen"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_PARAMGEN_INIT), "EVP_PKEY_paramgen_init"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_SET1_ENGINE), "EVP_PKEY_set1_engine"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_SIGN), "EVP_PKEY_sign"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_SIGN_INIT), "EVP_PKEY_sign_init"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_VERIFY), "EVP_PKEY_verify"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_VERIFY_INIT), "EVP_PKEY_verify_init"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_VERIFY_RECOVER), "EVP_PKEY_verify_recover"},
-    {ERR_FUNC(EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT),
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHER_PARAM_TO_ASN1, 0),
+     "EVP_CIPHER_param_to_asn1"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DECRYPTFINAL_EX, 0),
+     "EVP_DecryptFinal_ex"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DECRYPTUPDATE, 0), "EVP_DecryptUpdate"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DIGESTFINALXOF, 0), "EVP_DigestFinalXOF"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DIGESTINIT_EX, 0), "EVP_DigestInit_ex"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_ENCRYPTFINAL_EX, 0),
+     "EVP_EncryptFinal_ex"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_ENCRYPTUPDATE, 0), "EVP_EncryptUpdate"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MD_CTX_COPY_EX, 0), "EVP_MD_CTX_copy_ex"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MD_SIZE, 0), "EVP_MD_size"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_OPENINIT, 0), "EVP_OpenInit"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PBE_ALG_ADD, 0), "EVP_PBE_alg_add"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PBE_ALG_ADD_TYPE, 0),
+     "EVP_PBE_alg_add_type"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PBE_CIPHERINIT, 0), "EVP_PBE_CipherInit"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PBE_SCRYPT, 0), "EVP_PBE_scrypt"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKCS82PKEY, 0), "EVP_PKCS82PKEY"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY2PKCS8, 0), "EVP_PKEY2PKCS8"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_ASN1_ADD0, 0), "EVP_PKEY_asn1_add0"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_CHECK, 0), "EVP_PKEY_check"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_COPY_PARAMETERS, 0),
+     "EVP_PKEY_copy_parameters"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_CTX_CTRL, 0), "EVP_PKEY_CTX_ctrl"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_CTX_CTRL_STR, 0),
+     "EVP_PKEY_CTX_ctrl_str"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_CTX_DUP, 0), "EVP_PKEY_CTX_dup"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_CTX_MD, 0), "EVP_PKEY_CTX_md"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_DECRYPT, 0), "EVP_PKEY_decrypt"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_DECRYPT_INIT, 0),
+     "EVP_PKEY_decrypt_init"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_DECRYPT_OLD, 0),
+     "EVP_PKEY_decrypt_old"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_DERIVE, 0), "EVP_PKEY_derive"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_DERIVE_INIT, 0),
+     "EVP_PKEY_derive_init"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_DERIVE_SET_PEER, 0),
+     "EVP_PKEY_derive_set_peer"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_ENCRYPT, 0), "EVP_PKEY_encrypt"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_ENCRYPT_INIT, 0),
+     "EVP_PKEY_encrypt_init"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_ENCRYPT_OLD, 0),
+     "EVP_PKEY_encrypt_old"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_GET0_DH, 0), "EVP_PKEY_get0_DH"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_GET0_DSA, 0), "EVP_PKEY_get0_DSA"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_GET0_EC_KEY, 0),
+     "EVP_PKEY_get0_EC_KEY"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_GET0_HMAC, 0), "EVP_PKEY_get0_hmac"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_GET0_POLY1305, 0),
+     "EVP_PKEY_get0_poly1305"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_GET0_RSA, 0), "EVP_PKEY_get0_RSA"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_GET0_SIPHASH, 0),
+     "EVP_PKEY_get0_siphash"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_GET_RAW_PRIVATE_KEY, 0),
+     "EVP_PKEY_get_raw_private_key"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_GET_RAW_PUBLIC_KEY, 0),
+     "EVP_PKEY_get_raw_public_key"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_KEYGEN, 0), "EVP_PKEY_keygen"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_KEYGEN_INIT, 0),
+     "EVP_PKEY_keygen_init"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_METH_ADD0, 0), "EVP_PKEY_meth_add0"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_METH_NEW, 0), "EVP_PKEY_meth_new"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_NEW, 0), "EVP_PKEY_new"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_NEW_CMAC_KEY, 0),
+     "EVP_PKEY_new_CMAC_key"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY, 0),
+     "EVP_PKEY_new_raw_private_key"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_NEW_RAW_PUBLIC_KEY, 0),
+     "EVP_PKEY_new_raw_public_key"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_PARAMGEN, 0), "EVP_PKEY_paramgen"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_PARAMGEN_INIT, 0),
+     "EVP_PKEY_paramgen_init"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_PARAM_CHECK, 0),
+     "EVP_PKEY_param_check"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_PUBLIC_CHECK, 0),
+     "EVP_PKEY_public_check"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_SET1_ENGINE, 0),
+     "EVP_PKEY_set1_engine"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_SET_ALIAS_TYPE, 0),
+     "EVP_PKEY_set_alias_type"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_SIGN, 0), "EVP_PKEY_sign"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_SIGN_INIT, 0), "EVP_PKEY_sign_init"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_VERIFY, 0), "EVP_PKEY_verify"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_VERIFY_INIT, 0),
+     "EVP_PKEY_verify_init"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_VERIFY_RECOVER, 0),
+     "EVP_PKEY_verify_recover"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT, 0),
      "EVP_PKEY_verify_recover_init"},
-    {ERR_FUNC(EVP_F_EVP_SIGNFINAL), "EVP_SignFinal"},
-    {ERR_FUNC(EVP_F_EVP_VERIFYFINAL), "EVP_VerifyFinal"},
-    {ERR_FUNC(EVP_F_INT_CTX_NEW), "int_ctx_new"},
-    {ERR_FUNC(EVP_F_PKCS5_PBE_KEYIVGEN), "PKCS5_PBE_keyivgen"},
-    {ERR_FUNC(EVP_F_PKCS5_V2_PBE_KEYIVGEN), "PKCS5_v2_PBE_keyivgen"},
-    {ERR_FUNC(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN), "PKCS5_v2_PBKDF2_keyivgen"},
-    {ERR_FUNC(EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN), "PKCS5_v2_scrypt_keyivgen"},
-    {ERR_FUNC(EVP_F_PKEY_SET_TYPE), "pkey_set_type"},
-    {ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH), "rc2_magic_to_meth"},
-    {ERR_FUNC(EVP_F_RC5_CTRL), "rc5_ctrl"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_SIGNFINAL, 0), "EVP_SignFinal"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_VERIFYFINAL, 0), "EVP_VerifyFinal"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_INT_CTX_NEW, 0), "int_ctx_new"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_OK_NEW, 0), "ok_new"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_PKCS5_PBE_KEYIVGEN, 0), "PKCS5_PBE_keyivgen"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_PKCS5_V2_PBE_KEYIVGEN, 0),
+     "PKCS5_v2_PBE_keyivgen"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, 0),
+     "PKCS5_v2_PBKDF2_keyivgen"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN, 0),
+     "PKCS5_v2_scrypt_keyivgen"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_PKEY_SET_TYPE, 0), "pkey_set_type"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_RC2_MAGIC_TO_METH, 0), "rc2_magic_to_meth"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_RC5_CTRL, 0), "rc5_ctrl"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_S390X_AES_GCM_CTRL, 0), "s390x_aes_gcm_ctrl"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_UPDATE, 0), "update"},
     {0, NULL}
 };
 
-static ERR_STRING_DATA EVP_str_reasons[] = {
-    {ERR_REASON(EVP_R_AES_KEY_SETUP_FAILED), "aes key setup failed"},
-    {ERR_REASON(EVP_R_BAD_DECRYPT), "bad decrypt"},
-    {ERR_REASON(EVP_R_BUFFER_TOO_SMALL), "buffer too small"},
-    {ERR_REASON(EVP_R_CAMELLIA_KEY_SETUP_FAILED),
-     "camellia key setup failed"},
-    {ERR_REASON(EVP_R_CIPHER_PARAMETER_ERROR), "cipher parameter error"},
-    {ERR_REASON(EVP_R_COMMAND_NOT_SUPPORTED), "command not supported"},
-    {ERR_REASON(EVP_R_COPY_ERROR), "copy error"},
-    {ERR_REASON(EVP_R_CTRL_NOT_IMPLEMENTED), "ctrl not implemented"},
-    {ERR_REASON(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED),
-     "ctrl operation not implemented"},
-    {ERR_REASON(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH),
-     "data not multiple of block length"},
-    {ERR_REASON(EVP_R_DECODE_ERROR), "decode error"},
-    {ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES), "different key types"},
-    {ERR_REASON(EVP_R_DIFFERENT_PARAMETERS), "different parameters"},
-    {ERR_REASON(EVP_R_ERROR_LOADING_SECTION), "error loading section"},
-    {ERR_REASON(EVP_R_ERROR_SETTING_FIPS_MODE), "error setting fips mode"},
-    {ERR_REASON(EVP_R_EXPECTING_AN_HMAC_KEY), "expecting an hmac key"},
-    {ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY), "expecting an rsa key"},
-    {ERR_REASON(EVP_R_EXPECTING_A_DH_KEY), "expecting a dh key"},
-    {ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY), "expecting a dsa key"},
-    {ERR_REASON(EVP_R_EXPECTING_A_EC_KEY), "expecting a ec key"},
-    {ERR_REASON(EVP_R_FIPS_MODE_NOT_SUPPORTED), "fips mode not supported"},
-    {ERR_REASON(EVP_R_ILLEGAL_SCRYPT_PARAMETERS),
-     "illegal scrypt parameters"},
-    {ERR_REASON(EVP_R_INITIALIZATION_ERROR), "initialization error"},
-    {ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED), "input not initialized"},
-    {ERR_REASON(EVP_R_INVALID_DIGEST), "invalid digest"},
-    {ERR_REASON(EVP_R_INVALID_FIPS_MODE), "invalid fips mode"},
-    {ERR_REASON(EVP_R_INVALID_KEY), "invalid key"},
-    {ERR_REASON(EVP_R_INVALID_KEY_LENGTH), "invalid key length"},
-    {ERR_REASON(EVP_R_INVALID_OPERATION), "invalid operation"},
-    {ERR_REASON(EVP_R_KEYGEN_FAILURE), "keygen failure"},
-    {ERR_REASON(EVP_R_MEMORY_LIMIT_EXCEEDED), "memory limit exceeded"},
-    {ERR_REASON(EVP_R_MESSAGE_DIGEST_IS_NULL), "message digest is null"},
-    {ERR_REASON(EVP_R_METHOD_NOT_SUPPORTED), "method not supported"},
-    {ERR_REASON(EVP_R_MISSING_PARAMETERS), "missing parameters"},
-    {ERR_REASON(EVP_R_NO_CIPHER_SET), "no cipher set"},
-    {ERR_REASON(EVP_R_NO_DEFAULT_DIGEST), "no default digest"},
-    {ERR_REASON(EVP_R_NO_DIGEST_SET), "no digest set"},
-    {ERR_REASON(EVP_R_NO_KEY_SET), "no key set"},
-    {ERR_REASON(EVP_R_NO_OPERATION_SET), "no operation set"},
-    {ERR_REASON(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),
-     "operation not supported for this keytype"},
-    {ERR_REASON(EVP_R_OPERATON_NOT_INITIALIZED), "operaton not initialized"},
-    {ERR_REASON(EVP_R_PARTIALLY_OVERLAPPING),
-     "partially overlapping buffers"},
-    {ERR_REASON(EVP_R_PBKDF2_ERROR), "pbkdf2 error"},
-    {ERR_REASON(EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED),
-     "pkey application asn1 method already registered"},
-    {ERR_REASON(EVP_R_PKEY_ASN1_METHOD_ALREADY_REGISTERED),
-     "pkey asn1 method already registered"},
-    {ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR), "private key decode error"},
-    {ERR_REASON(EVP_R_PRIVATE_KEY_ENCODE_ERROR), "private key encode error"},
-    {ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"},
-    {ERR_REASON(EVP_R_UNKNOWN_CIPHER), "unknown cipher"},
-    {ERR_REASON(EVP_R_UNKNOWN_DIGEST), "unknown digest"},
-    {ERR_REASON(EVP_R_UNKNOWN_OPTION), "unknown option"},
-    {ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM), "unknown pbe algorithm"},
-    {ERR_REASON(EVP_R_UNSUPPORTED_ALGORITHM), "unsupported algorithm"},
-    {ERR_REASON(EVP_R_UNSUPPORTED_CIPHER), "unsupported cipher"},
-    {ERR_REASON(EVP_R_UNSUPPORTED_KEYLENGTH), "unsupported keylength"},
-    {ERR_REASON(EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION),
-     "unsupported key derivation function"},
-    {ERR_REASON(EVP_R_UNSUPPORTED_KEY_SIZE), "unsupported key size"},
-    {ERR_REASON(EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS),
-     "unsupported number of rounds"},
-    {ERR_REASON(EVP_R_UNSUPPORTED_PRF), "unsupported prf"},
-    {ERR_REASON(EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM),
-     "unsupported private key algorithm"},
-    {ERR_REASON(EVP_R_UNSUPPORTED_SALT_TYPE), "unsupported salt type"},
-    {ERR_REASON(EVP_R_WRAP_MODE_NOT_ALLOWED), "wrap mode not allowed"},
-    {ERR_REASON(EVP_R_WRONG_FINAL_BLOCK_LENGTH), "wrong final block length"},
+static const ERR_STRING_DATA EVP_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_AES_KEY_SETUP_FAILED),
+    "aes key setup failed"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ARIA_KEY_SETUP_FAILED),
+    "aria key setup failed"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_BAD_DECRYPT), "bad decrypt"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_BUFFER_TOO_SMALL), "buffer too small"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CAMELLIA_KEY_SETUP_FAILED),
+    "camellia key setup failed"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CIPHER_PARAMETER_ERROR),
+    "cipher parameter error"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_COMMAND_NOT_SUPPORTED),
+    "command not supported"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_COPY_ERROR), "copy error"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CTRL_NOT_IMPLEMENTED),
+    "ctrl not implemented"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED),
+    "ctrl operation not implemented"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH),
+    "data not multiple of block length"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DECODE_ERROR), "decode error"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DIFFERENT_KEY_TYPES),
+    "different key types"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DIFFERENT_PARAMETERS),
+    "different parameters"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ERROR_LOADING_SECTION),
+    "error loading section"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ERROR_SETTING_FIPS_MODE),
+    "error setting fips mode"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_AN_HMAC_KEY),
+    "expecting an hmac key"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_AN_RSA_KEY),
+    "expecting an rsa key"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_A_DH_KEY), "expecting a dh key"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_A_DSA_KEY),
+    "expecting a dsa key"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_A_EC_KEY), "expecting a ec key"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_A_POLY1305_KEY),
+    "expecting a poly1305 key"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_A_SIPHASH_KEY),
+    "expecting a siphash key"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_FIPS_MODE_NOT_SUPPORTED),
+    "fips mode not supported"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_GET_RAW_KEY_FAILED), "get raw key failed"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ILLEGAL_SCRYPT_PARAMETERS),
+    "illegal scrypt parameters"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INITIALIZATION_ERROR),
+    "initialization error"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INPUT_NOT_INITIALIZED),
+    "input not initialized"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_DIGEST), "invalid digest"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_FIPS_MODE), "invalid fips mode"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_KEY), "invalid key"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_KEY_LENGTH), "invalid key length"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_OPERATION), "invalid operation"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_KEYGEN_FAILURE), "keygen failure"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_KEY_SETUP_FAILED), "key setup failed"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_MEMORY_LIMIT_EXCEEDED),
+    "memory limit exceeded"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_MESSAGE_DIGEST_IS_NULL),
+    "message digest is null"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_METHOD_NOT_SUPPORTED),
+    "method not supported"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_MISSING_PARAMETERS), "missing parameters"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NOT_XOF_OR_INVALID_LENGTH),
+    "not XOF or invalid length"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_CIPHER_SET), "no cipher set"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_DEFAULT_DIGEST), "no default digest"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_DIGEST_SET), "no digest set"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_KEY_SET), "no key set"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_OPERATION_SET), "no operation set"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ONLY_ONESHOT_SUPPORTED),
+    "only oneshot supported"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),
+    "operation not supported for this keytype"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATON_NOT_INITIALIZED),
+    "operaton not initialized"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARTIALLY_OVERLAPPING),
+    "partially overlapping buffers"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PBKDF2_ERROR), "pbkdf2 error"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED),
+    "pkey application asn1 method already registered"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PRIVATE_KEY_DECODE_ERROR),
+    "private key decode error"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PRIVATE_KEY_ENCODE_ERROR),
+    "private key encode error"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_CIPHER), "unknown cipher"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_DIGEST), "unknown digest"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_OPTION), "unknown option"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_PBE_ALGORITHM),
+    "unknown pbe algorithm"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_ALGORITHM),
+    "unsupported algorithm"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_CIPHER), "unsupported cipher"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_KEYLENGTH),
+    "unsupported keylength"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION),
+    "unsupported key derivation function"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_KEY_SIZE),
+    "unsupported key size"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS),
+    "unsupported number of rounds"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_PRF), "unsupported prf"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM),
+    "unsupported private key algorithm"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_SALT_TYPE),
+    "unsupported salt type"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_WRAP_MODE_NOT_ALLOWED),
+    "wrap mode not allowed"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_WRONG_FINAL_BLOCK_LENGTH),
+    "wrong final block length"},
     {0, NULL}
 };
 
@@ -179,10 +272,9 @@ static ERR_STRING_DATA EVP_str_reasons[] = {
 int ERR_load_EVP_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
-
     if (ERR_func_error_string(EVP_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, EVP_str_functs);
-        ERR_load_strings(0, EVP_str_reasons);
+        ERR_load_strings_const(EVP_str_functs);
+        ERR_load_strings_const(EVP_str_reasons);
     }
 #endif
     return 1;
diff --git a/deps/openssl/openssl/crypto/evp/evp_key.c b/deps/openssl/openssl/crypto/evp/evp_key.c
index 52011307ad..e5ac107c38 100644
--- a/deps/openssl/openssl/crypto/evp/evp_key.c
+++ b/deps/openssl/openssl/crypto/evp/evp_key.c
@@ -14,7 +14,6 @@
 #include <openssl/evp.h>
 #include <openssl/ui.h>
 
-#ifndef OPENSSL_NO_UI
 /* should be init to zeros. */
 static char prompt_string[80];
 
@@ -31,9 +30,9 @@ void EVP_set_pw_prompt(const char *prompt)
 char *EVP_get_pw_prompt(void)
 {
     if (prompt_string[0] == '\0')
-        return (NULL);
+        return NULL;
     else
-        return (prompt_string);
+        return prompt_string;
 }
 
 /*
@@ -71,7 +70,6 @@ int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt,
     UI_free(ui);
     return ret;
 }
-#endif /* OPENSSL_NO_UI */
 
 int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
                    const unsigned char *salt, const unsigned char *data,
@@ -89,7 +87,7 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
     OPENSSL_assert(niv <= EVP_MAX_IV_LENGTH);
 
     if (data == NULL)
-        return (nkey);
+        return nkey;
 
     c = EVP_MD_CTX_new();
     if (c == NULL)
diff --git a/deps/openssl/openssl/crypto/evp/evp_lib.c b/deps/openssl/openssl/crypto/evp/evp_lib.c
index 0c76db5a99..1b3c9840c6 100644
--- a/deps/openssl/openssl/crypto/evp/evp_lib.c
+++ b/deps/openssl/openssl/crypto/evp/evp_lib.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -32,7 +32,7 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
         case EVP_CIPH_CCM_MODE:
         case EVP_CIPH_XTS_MODE:
         case EVP_CIPH_OCB_MODE:
-            ret = -1;
+            ret = -2;
             break;
 
         default:
@@ -40,7 +40,13 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
         }
     } else
         ret = -1;
-    return (ret);
+    if (ret <= 0)
+        EVPerr(EVP_F_EVP_CIPHER_PARAM_TO_ASN1, ret == -2 ?
+               ASN1_R_UNSUPPORTED_CIPHER :
+               EVP_R_CIPHER_PARAMETER_ERROR);
+    if (ret < -1)
+        ret = -1;
+    return ret;
 }
 
 int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
@@ -60,7 +66,7 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
         case EVP_CIPH_CCM_MODE:
         case EVP_CIPH_XTS_MODE:
         case EVP_CIPH_OCB_MODE:
-            ret = -1;
+            ret = -2;
             break;
 
         default:
@@ -69,7 +75,13 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
         }
     } else
         ret = -1;
-    return (ret);
+    if (ret <= 0)
+        EVPerr(EVP_F_EVP_CIPHER_ASN1_TO_PARAM, ret == -2 ?
+               EVP_R_UNSUPPORTED_CIPHER :
+               EVP_R_CIPHER_PARAMETER_ERROR);
+    if (ret < -1)
+        ret = -1;
+    return ret;
 }
 
 int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
@@ -82,11 +94,11 @@ int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
         OPENSSL_assert(l <= sizeof(c->iv));
         i = ASN1_TYPE_get_octetstring(type, c->oiv, l);
         if (i != (int)l)
-            return (-1);
+            return -1;
         else if (i > 0)
             memcpy(c->iv, c->oiv, l);
     }
-    return (i);
+    return i;
 }
 
 int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
@@ -99,7 +111,7 @@ int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
         OPENSSL_assert(j <= sizeof(c->iv));
         i = ASN1_TYPE_set_octetstring(type, c->oiv, j);
     }
-    return (i);
+    return i;
 }
 
 /* Convert the various cipher NIDs and dummies to a proper OID NID */
@@ -448,6 +460,25 @@ EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx)
     return ctx->pctx;
 }
 
+void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx)
+{
+    /*
+     * it's reasonable to set NULL pctx (a.k.a clear the ctx->pctx), so
+     * we have to deal with the cleanup job here.
+     */
+    if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX))
+        EVP_PKEY_CTX_free(ctx->pctx);
+
+    ctx->pctx = pctx;
+
+    if (pctx != NULL) {
+        /* make sure pctx is not freed when destroying EVP_MD_CTX */
+        EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX);
+    } else {
+        EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX);
+    }
+}
+
 void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx)
 {
     return ctx->md_data;
diff --git a/deps/openssl/openssl/crypto/evp/evp_locl.h b/deps/openssl/openssl/crypto/evp/evp_locl.h
index 209577b7c2..f1589d6828 100644
--- a/deps/openssl/openssl/crypto/evp/evp_locl.h
+++ b/deps/openssl/openssl/crypto/evp/evp_locl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -59,7 +59,7 @@ struct evp_Encode_Ctx_st {
     unsigned char enc_data[80];
     /* number read on current line */
     int line_num;
-    int expect_nl;
+    unsigned int flags;
 };
 
 typedef struct evp_pbe_st EVP_PBE_CTL;
diff --git a/deps/openssl/openssl/crypto/evp/evp_pbe.c b/deps/openssl/openssl/crypto/evp/evp_pbe.c
index eb7344c253..5a88817b4a 100644
--- a/deps/openssl/openssl/crypto/evp/evp_pbe.c
+++ b/deps/openssl/openssl/crypto/evp/evp_pbe.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -61,6 +61,8 @@ static const EVP_PBE_CTL builtin_pbe[] = {
      NID_des_cbc, NID_sha1, PKCS5_PBE_keyivgen},
 
     {EVP_PBE_TYPE_PRF, NID_hmacWithSHA1, -1, NID_sha1, 0},
+    {EVP_PBE_TYPE_PRF, NID_hmac_md5, -1, NID_md5, 0},
+    {EVP_PBE_TYPE_PRF, NID_hmac_sha1, -1, NID_sha1, 0},
     {EVP_PBE_TYPE_PRF, NID_hmacWithMD5, -1, NID_md5, 0},
     {EVP_PBE_TYPE_PRF, NID_hmacWithSHA224, -1, NID_sha224, 0},
     {EVP_PBE_TYPE_PRF, NID_hmacWithSHA256, -1, NID_sha256, 0},
@@ -71,6 +73,8 @@ static const EVP_PBE_CTL builtin_pbe[] = {
      NID_id_GostR3411_2012_256, 0},
     {EVP_PBE_TYPE_PRF, NID_id_tc26_hmac_gost_3411_2012_512, -1,
      NID_id_GostR3411_2012_512, 0},
+    {EVP_PBE_TYPE_PRF, NID_hmacWithSHA512_224, -1, NID_sha512_224, 0},
+    {EVP_PBE_TYPE_PRF, NID_hmacWithSHA512_256, -1, NID_sha512_256, 0},
     {EVP_PBE_TYPE_KDF, NID_id_pbkdf2, -1, -1, PKCS5_v2_PBKDF2_keyivgen},
 #ifndef OPENSSL_NO_SCRYPT
     {EVP_PBE_TYPE_KDF, NID_id_scrypt, -1, -1, PKCS5_v2_scrypt_keyivgen}
@@ -213,10 +217,9 @@ int EVP_PBE_find(int type, int pbe_nid,
     pbelu.pbe_type = type;
     pbelu.pbe_nid = pbe_nid;
 
-    if (pbe_algs) {
+    if (pbe_algs != NULL) {
         i = sk_EVP_PBE_CTL_find(pbe_algs, &pbelu);
-        if (i != -1)
-            pbetmp = sk_EVP_PBE_CTL_value(pbe_algs, i);
+        pbetmp = sk_EVP_PBE_CTL_value(pbe_algs, i);
     }
     if (pbetmp == NULL) {
         pbetmp = OBJ_bsearch_pbe2(&pbelu, builtin_pbe, OSSL_NELEM(builtin_pbe));
diff --git a/deps/openssl/openssl/crypto/evp/evp_pkey.c b/deps/openssl/openssl/crypto/evp/evp_pkey.c
index 81bffa6d91..e61a8761a9 100644
--- a/deps/openssl/openssl/crypto/evp/evp_pkey.c
+++ b/deps/openssl/openssl/crypto/evp/evp_pkey.c
@@ -80,7 +80,6 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey)
         EVPerr(EVP_F_EVP_PKEY2PKCS8, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
         goto error;
     }
-    RAND_add(p8->pkey->data, p8->pkey->length, 0.0);
     return p8;
  error:
     PKCS8_PRIV_KEY_INFO_free(p8);
diff --git a/deps/openssl/openssl/crypto/evp/m_md4.c b/deps/openssl/openssl/crypto/evp/m_md4.c
index f3decaaf0f..0efc586dba 100644
--- a/deps/openssl/openssl/crypto/evp/m_md4.c
+++ b/deps/openssl/openssl/crypto/evp/m_md4.c
@@ -50,6 +50,6 @@ static const EVP_MD md4_md = {
 
 const EVP_MD *EVP_md4(void)
 {
-    return (&md4_md);
+    return &md4_md;
 }
 #endif
diff --git a/deps/openssl/openssl/crypto/evp/m_md5.c b/deps/openssl/openssl/crypto/evp/m_md5.c
index f4dc0c43f4..3d96ae93b6 100644
--- a/deps/openssl/openssl/crypto/evp/m_md5.c
+++ b/deps/openssl/openssl/crypto/evp/m_md5.c
@@ -50,6 +50,6 @@ static const EVP_MD md5_md = {
 
 const EVP_MD *EVP_md5(void)
 {
-    return (&md5_md);
+    return &md5_md;
 }
 #endif
diff --git a/deps/openssl/openssl/crypto/evp/m_mdc2.c b/deps/openssl/openssl/crypto/evp/m_mdc2.c
index b7f0fd8c19..1051a9070f 100644
--- a/deps/openssl/openssl/crypto/evp/m_mdc2.c
+++ b/deps/openssl/openssl/crypto/evp/m_mdc2.c
@@ -50,6 +50,6 @@ static const EVP_MD mdc2_md = {
 
 const EVP_MD *EVP_mdc2(void)
 {
-    return (&mdc2_md);
+    return &mdc2_md;
 }
 #endif
diff --git a/deps/openssl/openssl/crypto/evp/m_null.c b/deps/openssl/openssl/crypto/evp/m_null.c
index 6c4daf56b1..5dce1d510e 100644
--- a/deps/openssl/openssl/crypto/evp/m_null.c
+++ b/deps/openssl/openssl/crypto/evp/m_null.c
@@ -45,5 +45,5 @@ static const EVP_MD null_md = {
 
 const EVP_MD *EVP_md_null(void)
 {
-    return (&null_md);
+    return &null_md;
 }
diff --git a/deps/openssl/openssl/crypto/evp/m_ripemd.c b/deps/openssl/openssl/crypto/evp/m_ripemd.c
index 07b46bd518..7ab320843c 100644
--- a/deps/openssl/openssl/crypto/evp/m_ripemd.c
+++ b/deps/openssl/openssl/crypto/evp/m_ripemd.c
@@ -50,6 +50,6 @@ static const EVP_MD ripemd160_md = {
 
 const EVP_MD *EVP_ripemd160(void)
 {
-    return (&ripemd160_md);
+    return &ripemd160_md;
 }
 #endif
diff --git a/deps/openssl/openssl/crypto/evp/m_sha1.c b/deps/openssl/openssl/crypto/evp/m_sha1.c
index e68f32a044..ac52417855 100644
--- a/deps/openssl/openssl/crypto/evp/m_sha1.c
+++ b/deps/openssl/openssl/crypto/evp/m_sha1.c
@@ -15,6 +15,7 @@
 #include <openssl/sha.h>
 #include <openssl/rsa.h>
 #include "internal/evp_int.h"
+#include "internal/sha.h"
 
 static int init(EVP_MD_CTX *ctx)
 {
@@ -107,7 +108,7 @@ static const EVP_MD sha1_md = {
 
 const EVP_MD *EVP_sha1(void)
 {
-    return (&sha1_md);
+    return &sha1_md;
 }
 
 static int init224(EVP_MD_CTX *ctx)
@@ -156,7 +157,7 @@ static const EVP_MD sha224_md = {
 
 const EVP_MD *EVP_sha224(void)
 {
-    return (&sha224_md);
+    return &sha224_md;
 }
 
 static const EVP_MD sha256_md = {
@@ -175,7 +176,17 @@ static const EVP_MD sha256_md = {
 
 const EVP_MD *EVP_sha256(void)
 {
-    return (&sha256_md);
+    return &sha256_md;
+}
+
+static int init512_224(EVP_MD_CTX *ctx)
+{
+    return sha512_224_init(EVP_MD_CTX_md_data(ctx));
+}
+
+static int init512_256(EVP_MD_CTX *ctx)
+{
+    return sha512_256_init(EVP_MD_CTX_md_data(ctx));
 }
 
 static int init384(EVP_MD_CTX *ctx)
@@ -209,6 +220,44 @@ static int final512(EVP_MD_CTX *ctx, unsigned char *md)
     return SHA512_Final(md, EVP_MD_CTX_md_data(ctx));
 }
 
+static const EVP_MD sha512_224_md = {
+    NID_sha512_224,
+    NID_sha512_224WithRSAEncryption,
+    SHA224_DIGEST_LENGTH,
+    EVP_MD_FLAG_DIGALGID_ABSENT,
+    init512_224,
+    update512,
+    final512,
+    NULL,
+    NULL,
+    SHA512_CBLOCK,
+    sizeof(EVP_MD *) + sizeof(SHA512_CTX),
+};
+
+const EVP_MD *EVP_sha512_224(void)
+{
+    return &sha512_224_md;
+}
+
+static const EVP_MD sha512_256_md = {
+    NID_sha512_256,
+    NID_sha512_256WithRSAEncryption,
+    SHA256_DIGEST_LENGTH,
+    EVP_MD_FLAG_DIGALGID_ABSENT,
+    init512_256,
+    update512,
+    final512,
+    NULL,
+    NULL,
+    SHA512_CBLOCK,
+    sizeof(EVP_MD *) + sizeof(SHA512_CTX),
+};
+
+const EVP_MD *EVP_sha512_256(void)
+{
+    return &sha512_256_md;
+}
+
 static const EVP_MD sha384_md = {
     NID_sha384,
     NID_sha384WithRSAEncryption,
@@ -225,7 +274,7 @@ static const EVP_MD sha384_md = {
 
 const EVP_MD *EVP_sha384(void)
 {
-    return (&sha384_md);
+    return &sha384_md;
 }
 
 static const EVP_MD sha512_md = {
@@ -244,5 +293,5 @@ static const EVP_MD sha512_md = {
 
 const EVP_MD *EVP_sha512(void)
 {
-    return (&sha512_md);
+    return &sha512_md;
 }
diff --git a/deps/openssl/openssl/crypto/evp/m_sha3.c b/deps/openssl/openssl/crypto/evp/m_sha3.c
new file mode 100644
index 0000000000..31379c0f6b
--- /dev/null
+++ b/deps/openssl/openssl/crypto/evp/m_sha3.c
@@ -0,0 +1,406 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include "internal/evp_int.h"
+#include "evp_locl.h"
+
+size_t SHA3_absorb(uint64_t A[5][5], const unsigned char *inp, size_t len,
+                   size_t r);
+void SHA3_squeeze(uint64_t A[5][5], unsigned char *out, size_t len, size_t r);
+
+#define KECCAK1600_WIDTH 1600
+
+typedef struct {
+    uint64_t A[5][5];
+    size_t block_size;          /* cached ctx->digest->block_size */
+    size_t md_size;             /* output length, variable in XOF */
+    size_t num;                 /* used bytes in below buffer */
+    unsigned char buf[KECCAK1600_WIDTH / 8 - 32];
+    unsigned char pad;
+} KECCAK1600_CTX;
+
+static int init(EVP_MD_CTX *evp_ctx, unsigned char pad)
+{
+    KECCAK1600_CTX *ctx = evp_ctx->md_data;
+    size_t bsz = evp_ctx->digest->block_size;
+
+    if (bsz <= sizeof(ctx->buf)) {
+        memset(ctx->A, 0, sizeof(ctx->A));
+
+        ctx->num = 0;
+        ctx->block_size = bsz;
+        ctx->md_size = evp_ctx->digest->md_size;
+        ctx->pad = pad;
+
+        return 1;
+    }
+
+    return 0;
+}
+
+static int sha3_init(EVP_MD_CTX *evp_ctx)
+{
+    return init(evp_ctx, '\x06');
+}
+
+static int shake_init(EVP_MD_CTX *evp_ctx)
+{
+    return init(evp_ctx, '\x1f');
+}
+
+static int sha3_update(EVP_MD_CTX *evp_ctx, const void *_inp, size_t len)
+{
+    KECCAK1600_CTX *ctx = evp_ctx->md_data;
+    const unsigned char *inp = _inp;
+    size_t bsz = ctx->block_size;
+    size_t num, rem;
+
+    if (len == 0)
+        return 1;
+
+    if ((num = ctx->num) != 0) {      /* process intermediate buffer? */
+        rem = bsz - num;
+
+        if (len < rem) {
+            memcpy(ctx->buf + num, inp, len);
+            ctx->num += len;
+            return 1;
+        }
+        /*
+         * We have enough data to fill or overflow the intermediate
+         * buffer. So we append |rem| bytes and process the block,
+         * leaving the rest for later processing...
+         */
+        memcpy(ctx->buf + num, inp, rem);
+        inp += rem, len -= rem;
+        (void)SHA3_absorb(ctx->A, ctx->buf, bsz, bsz);
+        ctx->num = 0;
+        /* ctx->buf is processed, ctx->num is guaranteed to be zero */
+    }
+
+    if (len >= bsz)
+        rem = SHA3_absorb(ctx->A, inp, len, bsz);
+    else
+        rem = len;
+
+    if (rem) {
+        memcpy(ctx->buf, inp + len - rem, rem);
+        ctx->num = rem;
+    }
+
+    return 1;
+}
+
+static int sha3_final(EVP_MD_CTX *evp_ctx, unsigned char *md)
+{
+    KECCAK1600_CTX *ctx = evp_ctx->md_data;
+    size_t bsz = ctx->block_size;
+    size_t num = ctx->num;
+
+    /*
+     * Pad the data with 10*1. Note that |num| can be |bsz - 1|
+     * in which case both byte operations below are performed on
+     * same byte...
+     */
+    memset(ctx->buf + num, 0, bsz - num);
+    ctx->buf[num] = ctx->pad;
+    ctx->buf[bsz - 1] |= 0x80;
+
+    (void)SHA3_absorb(ctx->A, ctx->buf, bsz, bsz);
+
+    SHA3_squeeze(ctx->A, md, ctx->md_size, bsz);
+
+    return 1;
+}
+
+static int shake_ctrl(EVP_MD_CTX *evp_ctx, int cmd, int p1, void *p2)
+{
+    KECCAK1600_CTX *ctx = evp_ctx->md_data;
+
+    switch (cmd) {
+    case EVP_MD_CTRL_XOF_LEN:
+        ctx->md_size = p1;
+        return 1;
+    default:
+        return 0;
+    }
+}
+
+#if defined(OPENSSL_CPUID_OBJ) && defined(__s390__) && defined(KECCAK1600_ASM)
+/*
+ * IBM S390X support
+ */
+# include "s390x_arch.h"
+
+# define S390X_SHA3_FC(ctx)     ((ctx)->pad)
+
+# define S390X_sha3_224_CAPABLE ((OPENSSL_s390xcap_P.kimd[0] &      \
+                                  S390X_CAPBIT(S390X_SHA3_224)) &&  \
+                                 (OPENSSL_s390xcap_P.klmd[0] &      \
+                                  S390X_CAPBIT(S390X_SHA3_224)))
+# define S390X_sha3_256_CAPABLE ((OPENSSL_s390xcap_P.kimd[0] &      \
+                                  S390X_CAPBIT(S390X_SHA3_256)) &&  \
+                                 (OPENSSL_s390xcap_P.klmd[0] &      \
+                                  S390X_CAPBIT(S390X_SHA3_256)))
+# define S390X_sha3_384_CAPABLE ((OPENSSL_s390xcap_P.kimd[0] &      \
+                                  S390X_CAPBIT(S390X_SHA3_384)) &&  \
+                                 (OPENSSL_s390xcap_P.klmd[0] &      \
+                                  S390X_CAPBIT(S390X_SHA3_384)))
+# define S390X_sha3_512_CAPABLE ((OPENSSL_s390xcap_P.kimd[0] &      \
+                                  S390X_CAPBIT(S390X_SHA3_512)) &&  \
+                                 (OPENSSL_s390xcap_P.klmd[0] &      \
+                                  S390X_CAPBIT(S390X_SHA3_512)))
+# define S390X_shake128_CAPABLE ((OPENSSL_s390xcap_P.kimd[0] &      \
+                                  S390X_CAPBIT(S390X_SHAKE_128)) && \
+                                 (OPENSSL_s390xcap_P.klmd[0] &      \
+                                  S390X_CAPBIT(S390X_SHAKE_128)))
+# define S390X_shake256_CAPABLE ((OPENSSL_s390xcap_P.kimd[0] &      \
+                                  S390X_CAPBIT(S390X_SHAKE_256)) && \
+                                 (OPENSSL_s390xcap_P.klmd[0] &      \
+                                  S390X_CAPBIT(S390X_SHAKE_256)))
+
+/* Convert md-size to block-size. */
+# define S390X_KECCAK1600_BSZ(n) ((KECCAK1600_WIDTH - ((n) << 1)) >> 3)
+
+static int s390x_sha3_init(EVP_MD_CTX *evp_ctx)
+{
+    KECCAK1600_CTX *ctx = evp_ctx->md_data;
+    const size_t bsz = evp_ctx->digest->block_size;
+
+    /*-
+     * KECCAK1600_CTX structure's pad field is used to store the KIMD/KLMD
+     * function code.
+     */
+    switch (bsz) {
+    case S390X_KECCAK1600_BSZ(224):
+        ctx->pad = S390X_SHA3_224;
+        break;
+    case S390X_KECCAK1600_BSZ(256):
+        ctx->pad = S390X_SHA3_256;
+        break;
+    case S390X_KECCAK1600_BSZ(384):
+        ctx->pad = S390X_SHA3_384;
+        break;
+    case S390X_KECCAK1600_BSZ(512):
+        ctx->pad = S390X_SHA3_512;
+        break;
+    default:
+        return 0;
+    }
+
+    memset(ctx->A, 0, sizeof(ctx->A));
+    ctx->num = 0;
+    ctx->block_size = bsz;
+    ctx->md_size = evp_ctx->digest->md_size;
+    return 1;
+}
+
+static int s390x_shake_init(EVP_MD_CTX *evp_ctx)
+{
+    KECCAK1600_CTX *ctx = evp_ctx->md_data;
+    const size_t bsz = evp_ctx->digest->block_size;
+
+    /*-
+     * KECCAK1600_CTX structure's pad field is used to store the KIMD/KLMD
+     * function code.
+     */
+    switch (bsz) {
+    case S390X_KECCAK1600_BSZ(128):
+        ctx->pad = S390X_SHAKE_128;
+        break;
+    case S390X_KECCAK1600_BSZ(256):
+        ctx->pad = S390X_SHAKE_256;
+        break;
+    default:
+        return 0;
+    }
+
+    memset(ctx->A, 0, sizeof(ctx->A));
+    ctx->num = 0;
+    ctx->block_size = bsz;
+    ctx->md_size = evp_ctx->digest->md_size;
+    return 1;
+}
+
+static int s390x_sha3_update(EVP_MD_CTX *evp_ctx, const void *_inp, size_t len)
+{
+    KECCAK1600_CTX *ctx = evp_ctx->md_data;
+    const unsigned char *inp = _inp;
+    const size_t bsz = ctx->block_size;
+    size_t num, rem;
+
+    if (len == 0)
+        return 1;
+
+    if ((num = ctx->num) != 0) {
+        rem = bsz - num;
+
+        if (len < rem) {
+            memcpy(ctx->buf + num, inp, len);
+            ctx->num += len;
+            return 1;
+        }
+        memcpy(ctx->buf + num, inp, rem);
+        inp += rem;
+        len -= rem;
+        s390x_kimd(ctx->buf, bsz, ctx->pad, ctx->A);
+        ctx->num = 0;
+    }
+    rem = len % bsz;
+
+    s390x_kimd(inp, len - rem, ctx->pad, ctx->A);
+
+    if (rem) {
+        memcpy(ctx->buf, inp + len - rem, rem);
+        ctx->num = rem;
+    }
+    return 1;
+}
+
+static int s390x_sha3_final(EVP_MD_CTX *evp_ctx, unsigned char *md)
+{
+    KECCAK1600_CTX *ctx = evp_ctx->md_data;
+
+    s390x_klmd(ctx->buf, ctx->num, NULL, 0, ctx->pad, ctx->A);
+    memcpy(md, ctx->A, ctx->md_size);
+    return 1;
+}
+
+static int s390x_shake_final(EVP_MD_CTX *evp_ctx, unsigned char *md)
+{
+    KECCAK1600_CTX *ctx = evp_ctx->md_data;
+
+    s390x_klmd(ctx->buf, ctx->num, md, ctx->md_size, ctx->pad, ctx->A);
+    return 1;
+}
+
+# define EVP_MD_SHA3(bitlen)                         \
+const EVP_MD *EVP_sha3_##bitlen(void)                \
+{                                                    \
+    static const EVP_MD s390x_sha3_##bitlen##_md = { \
+        NID_sha3_##bitlen,                           \
+        NID_RSA_SHA3_##bitlen,                       \
+        bitlen / 8,                                  \
+        EVP_MD_FLAG_DIGALGID_ABSENT,                 \
+        s390x_sha3_init,                             \
+        s390x_sha3_update,                           \
+        s390x_sha3_final,                            \
+        NULL,                                        \
+        NULL,                                        \
+        (KECCAK1600_WIDTH - bitlen * 2) / 8,         \
+        sizeof(KECCAK1600_CTX),                      \
+    };                                               \
+    static const EVP_MD sha3_##bitlen##_md = {       \
+        NID_sha3_##bitlen,                           \
+        NID_RSA_SHA3_##bitlen,                       \
+        bitlen / 8,                                  \
+        EVP_MD_FLAG_DIGALGID_ABSENT,                 \
+        sha3_init,                                   \
+        sha3_update,                                 \
+        sha3_final,                                  \
+        NULL,                                        \
+        NULL,                                        \
+        (KECCAK1600_WIDTH - bitlen * 2) / 8,         \
+        sizeof(KECCAK1600_CTX),                      \
+    };                                               \
+    return S390X_sha3_##bitlen##_CAPABLE ?           \
+           &s390x_sha3_##bitlen##_md :               \
+           &sha3_##bitlen##_md;                      \
+}
+
+# define EVP_MD_SHAKE(bitlen)                        \
+const EVP_MD *EVP_shake##bitlen(void)                \
+{                                                    \
+    static const EVP_MD s390x_shake##bitlen##_md = { \
+        NID_shake##bitlen,                           \
+        0,                                           \
+        bitlen / 8,                                  \
+        EVP_MD_FLAG_XOF,                             \
+        s390x_shake_init,                            \
+        s390x_sha3_update,                           \
+        s390x_shake_final,                           \
+        NULL,                                        \
+        NULL,                                        \
+        (KECCAK1600_WIDTH - bitlen * 2) / 8,         \
+        sizeof(KECCAK1600_CTX),                      \
+        shake_ctrl                                   \
+    };                                               \
+    static const EVP_MD shake##bitlen##_md = {       \
+        NID_shake##bitlen,                           \
+        0,                                           \
+        bitlen / 8,                                  \
+        EVP_MD_FLAG_XOF,                             \
+        shake_init,                                  \
+        sha3_update,                                 \
+        sha3_final,                                  \
+        NULL,                                        \
+        NULL,                                        \
+        (KECCAK1600_WIDTH - bitlen * 2) / 8,         \
+        sizeof(KECCAK1600_CTX),                      \
+        shake_ctrl                                   \
+    };                                               \
+    return S390X_shake##bitlen##_CAPABLE ?           \
+           &s390x_shake##bitlen##_md :               \
+           &shake##bitlen##_md;                      \
+}
+
+#else
+
+# define EVP_MD_SHA3(bitlen)                    \
+const EVP_MD *EVP_sha3_##bitlen(void)           \
+{                                               \
+    static const EVP_MD sha3_##bitlen##_md = {  \
+        NID_sha3_##bitlen,                      \
+        NID_RSA_SHA3_##bitlen,                  \
+        bitlen / 8,                             \
+        EVP_MD_FLAG_DIGALGID_ABSENT,            \
+        sha3_init,                              \
+        sha3_update,                            \
+        sha3_final,                             \
+        NULL,                                   \
+        NULL,                                   \
+        (KECCAK1600_WIDTH - bitlen * 2) / 8,    \
+        sizeof(KECCAK1600_CTX),                 \
+    };                                          \
+    return &sha3_##bitlen##_md;                 \
+}
+
+# define EVP_MD_SHAKE(bitlen)                   \
+const EVP_MD *EVP_shake##bitlen(void)           \
+{                                               \
+    static const EVP_MD shake##bitlen##_md = {  \
+        NID_shake##bitlen,                      \
+        0,                                      \
+        bitlen / 8,                             \
+        EVP_MD_FLAG_XOF,                        \
+        shake_init,                             \
+        sha3_update,                            \
+        sha3_final,                             \
+        NULL,                                   \
+        NULL,                                   \
+        (KECCAK1600_WIDTH - bitlen * 2) / 8,    \
+        sizeof(KECCAK1600_CTX),                 \
+        shake_ctrl                              \
+    };                                          \
+    return &shake##bitlen##_md;                 \
+}
+#endif
+
+EVP_MD_SHA3(224)
+EVP_MD_SHA3(256)
+EVP_MD_SHA3(384)
+EVP_MD_SHA3(512)
+
+EVP_MD_SHAKE(128)
+EVP_MD_SHAKE(256)
diff --git a/deps/openssl/openssl/crypto/evp/m_sigver.c b/deps/openssl/openssl/crypto/evp/m_sigver.c
index 582e563d50..94e37f02b2 100644
--- a/deps/openssl/openssl/crypto/evp/m_sigver.c
+++ b/deps/openssl/openssl/crypto/evp/m_sigver.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -15,6 +15,12 @@
 #include "internal/evp_int.h"
 #include "evp_locl.h"
 
+static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen)
+{
+    EVPerr(EVP_F_UPDATE, EVP_R_ONLY_ONESHOT_SUPPORTED);
+    return 0;
+}
+
 static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                           const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey,
                           int ver)
@@ -43,15 +49,23 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
             if (ctx->pctx->pmeth->verifyctx_init(ctx->pctx, ctx) <= 0)
                 return 0;
             ctx->pctx->operation = EVP_PKEY_OP_VERIFYCTX;
-        } else if (EVP_PKEY_verify_init(ctx->pctx) <= 0)
+        } else if (ctx->pctx->pmeth->digestverify != 0) {
+            ctx->pctx->operation = EVP_PKEY_OP_VERIFY;
+            ctx->update = update;
+        } else if (EVP_PKEY_verify_init(ctx->pctx) <= 0) {
             return 0;
+        }
     } else {
         if (ctx->pctx->pmeth->signctx_init) {
             if (ctx->pctx->pmeth->signctx_init(ctx->pctx, ctx) <= 0)
                 return 0;
             ctx->pctx->operation = EVP_PKEY_OP_SIGNCTX;
-        } else if (EVP_PKEY_sign_init(ctx->pctx) <= 0)
+        } else if (ctx->pctx->pmeth->digestsign != 0) {
+            ctx->pctx->operation = EVP_PKEY_OP_SIGN;
+            ctx->update = update;
+        } else if (EVP_PKEY_sign_init(ctx->pctx) <= 0) {
             return 0;
+        }
     }
     if (EVP_PKEY_CTX_set_signature_md(ctx->pctx, type) <= 0)
         return 0;
@@ -61,6 +75,13 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
         return 1;
     if (!EVP_DigestInit_ex(ctx, type, e))
         return 0;
+    /*
+     * This indicates the current algorithm requires
+     * special treatment before hashing the tbs-message.
+     */
+    if (ctx->pctx->pmeth->digest_custom != NULL)
+        return ctx->pctx->pmeth->digest_custom(ctx->pctx, ctx);
+
     return 1;
 }
 
@@ -139,6 +160,16 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
     return 1;
 }
 
+int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen,
+                   const unsigned char *tbs, size_t tbslen)
+{
+    if (ctx->pctx->pmeth->digestsign != NULL)
+        return ctx->pctx->pmeth->digestsign(ctx, sigret, siglen, tbs, tbslen);
+    if (sigret != NULL && EVP_DigestSignUpdate(ctx, tbs, tbslen) <= 0)
+        return 0;
+    return EVP_DigestSignFinal(ctx, sigret, siglen);
+}
+
 int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
                           size_t siglen)
 {
@@ -152,9 +183,9 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
     else
         vctx = 0;
     if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) {
-        if (vctx) {
+        if (vctx)
             r = ctx->pctx->pmeth->verifyctx(ctx->pctx, sig, siglen, ctx);
-        } else
+        else
             r = EVP_DigestFinal_ex(ctx, md, &mdlen);
     } else {
         EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new();
@@ -164,10 +195,10 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
             EVP_MD_CTX_free(tmp_ctx);
             return -1;
         }
-        if (vctx) {
+        if (vctx)
             r = tmp_ctx->pctx->pmeth->verifyctx(tmp_ctx->pctx,
                                                 sig, siglen, tmp_ctx);
-        } else
+        else
             r = EVP_DigestFinal_ex(tmp_ctx, md, &mdlen);
         EVP_MD_CTX_free(tmp_ctx);
     }
@@ -175,3 +206,13 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
         return r;
     return EVP_PKEY_verify(ctx->pctx, sig, siglen, md, mdlen);
 }
+
+int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
+                     size_t siglen, const unsigned char *tbs, size_t tbslen)
+{
+    if (ctx->pctx->pmeth->digestverify != NULL)
+        return ctx->pctx->pmeth->digestverify(ctx, sigret, siglen, tbs, tbslen);
+    if (EVP_DigestVerifyUpdate(ctx, tbs, tbslen) <= 0)
+        return -1;
+    return EVP_DigestVerifyFinal(ctx, sigret, siglen);
+}
diff --git a/deps/openssl/openssl/crypto/evp/m_wp.c b/deps/openssl/openssl/crypto/evp/m_wp.c
index 94fac226b6..27e2b3c5ca 100644
--- a/deps/openssl/openssl/crypto/evp/m_wp.c
+++ b/deps/openssl/openssl/crypto/evp/m_wp.c
@@ -49,6 +49,6 @@ static const EVP_MD whirlpool_md = {
 
 const EVP_MD *EVP_whirlpool(void)
 {
-    return (&whirlpool_md);
+    return &whirlpool_md;
 }
 #endif
diff --git a/deps/openssl/openssl/crypto/evp/names.c b/deps/openssl/openssl/crypto/evp/names.c
index a92be1fedf..077c2a6c4b 100644
--- a/deps/openssl/openssl/crypto/evp/names.c
+++ b/deps/openssl/openssl/crypto/evp/names.c
@@ -10,7 +10,7 @@
 #include <stdio.h>
 #include "internal/cryptlib.h"
 #include <openssl/evp.h>
-#include <internal/objects.h>
+#include "internal/objects.h"
 #include <openssl/x509.h>
 #include "internal/evp_int.h"
 
@@ -24,10 +24,10 @@ int EVP_add_cipher(const EVP_CIPHER *c)
     r = OBJ_NAME_add(OBJ_nid2sn(c->nid), OBJ_NAME_TYPE_CIPHER_METH,
                      (const char *)c);
     if (r == 0)
-        return (0);
+        return 0;
     r = OBJ_NAME_add(OBJ_nid2ln(c->nid), OBJ_NAME_TYPE_CIPHER_METH,
                      (const char *)c);
-    return (r);
+    return r;
 }
 
 int EVP_add_digest(const EVP_MD *md)
@@ -38,21 +38,21 @@ int EVP_add_digest(const EVP_MD *md)
     name = OBJ_nid2sn(md->type);
     r = OBJ_NAME_add(name, OBJ_NAME_TYPE_MD_METH, (const char *)md);
     if (r == 0)
-        return (0);
+        return 0;
     r = OBJ_NAME_add(OBJ_nid2ln(md->type), OBJ_NAME_TYPE_MD_METH,
                      (const char *)md);
     if (r == 0)
-        return (0);
+        return 0;
 
     if (md->pkey_type && md->type != md->pkey_type) {
         r = OBJ_NAME_add(OBJ_nid2sn(md->pkey_type),
                          OBJ_NAME_TYPE_MD_METH | OBJ_NAME_ALIAS, name);
         if (r == 0)
-            return (0);
+            return 0;
         r = OBJ_NAME_add(OBJ_nid2ln(md->pkey_type),
                          OBJ_NAME_TYPE_MD_METH | OBJ_NAME_ALIAS, name);
     }
-    return (r);
+    return r;
 }
 
 const EVP_CIPHER *EVP_get_cipherbyname(const char *name)
@@ -63,7 +63,7 @@ const EVP_CIPHER *EVP_get_cipherbyname(const char *name)
         return NULL;
 
     cp = (const EVP_CIPHER *)OBJ_NAME_get(name, OBJ_NAME_TYPE_CIPHER_METH);
-    return (cp);
+    return cp;
 }
 
 const EVP_MD *EVP_get_digestbyname(const char *name)
@@ -74,7 +74,7 @@ const EVP_MD *EVP_get_digestbyname(const char *name)
         return NULL;
 
     cp = (const EVP_MD *)OBJ_NAME_get(name, OBJ_NAME_TYPE_MD_METH);
-    return (cp);
+    return cp;
 }
 
 void evp_cleanup_int(void)
@@ -90,6 +90,8 @@ void evp_cleanup_int(void)
 
     EVP_PBE_cleanup();
     OBJ_sigid_free();
+
+    evp_app_cleanup_int();
 }
 
 struct doall_cipher {
diff --git a/deps/openssl/openssl/crypto/evp/p5_crpt2.c b/deps/openssl/openssl/crypto/evp/p5_crpt2.c
index 6d5f289b51..e819eb9b47 100644
--- a/deps/openssl/openssl/crypto/evp/p5_crpt2.c
+++ b/deps/openssl/openssl/crypto/evp/p5_crpt2.c
@@ -25,8 +25,7 @@ static void h__dump(const unsigned char *p, int len);
 /*
  * This is an implementation of PKCS#5 v2.0 password based encryption key
  * derivation function PBKDF2. SHA1 version verified against test vectors
- * posted by Peter Gutmann <pgut001@cs.auckland.ac.nz> to the PKCS-TNG
- * <pkcs-tng@rsa.com> mailing list.
+ * posted by Peter Gutmann to the PKCS-TNG mailing list.
  */
 
 int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
@@ -88,7 +87,6 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
             HMAC_CTX_free(hctx_tpl);
             return 0;
         }
-        HMAC_CTX_reset(hctx);
         memcpy(p, digtmp, cplen);
         for (j = 1; j < iter; j++) {
             if (!HMAC_CTX_copy(hctx, hctx_tpl)) {
@@ -102,7 +100,6 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
                 HMAC_CTX_free(hctx_tpl);
                 return 0;
             }
-            HMAC_CTX_reset(hctx);
             for (k = 0; k < cplen; k++)
                 p[k] ^= digtmp[k];
         }
@@ -132,18 +129,6 @@ int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
                              keylen, out);
 }
 
-# ifdef DO_TEST
-main()
-{
-    unsigned char out[4];
-    unsigned char salt[] = { 0x12, 0x34, 0x56, 0x78 };
-    PKCS5_PBKDF2_HMAC_SHA1("password", -1, salt, 4, 5, 4, out);
-    fprintf(stderr, "Out %02X %02X %02X %02X\n",
-            out[0], out[1], out[2], out[3]);
-}
-
-# endif
-
 /*
  * Now the key derivation function itself. This is a bit evil because it has
  * to check the ASN1 parameters are valid: and there are quite a few of
diff --git a/deps/openssl/openssl/crypto/evp/p_dec.c b/deps/openssl/openssl/crypto/evp/p_dec.c
index 6bec4062c8..a150a26e09 100644
--- a/deps/openssl/openssl/crypto/evp/p_dec.c
+++ b/deps/openssl/openssl/crypto/evp/p_dec.c
@@ -32,5 +32,5 @@ int EVP_PKEY_decrypt_old(unsigned char *key, const unsigned char *ek, int ekl,
                             RSA_PKCS1_PADDING);
  err:
 #endif
-    return (ret);
+    return ret;
 }
diff --git a/deps/openssl/openssl/crypto/evp/p_enc.c b/deps/openssl/openssl/crypto/evp/p_enc.c
index 3277fbb006..04d67cb50f 100644
--- a/deps/openssl/openssl/crypto/evp/p_enc.c
+++ b/deps/openssl/openssl/crypto/evp/p_enc.c
@@ -31,5 +31,5 @@ int EVP_PKEY_encrypt_old(unsigned char *ek, const unsigned char *key,
                            RSA_PKCS1_PADDING);
  err:
 #endif
-    return (ret);
+    return ret;
 }
diff --git a/deps/openssl/openssl/crypto/evp/p_lib.c b/deps/openssl/openssl/crypto/evp/p_lib.c
index d7372aa129..9429be97e3 100644
--- a/deps/openssl/openssl/crypto/evp/p_lib.c
+++ b/deps/openssl/openssl/crypto/evp/p_lib.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -9,6 +9,7 @@
 
 #include <stdio.h>
 #include "internal/cryptlib.h"
+#include "internal/refcount.h"
 #include <openssl/bn.h>
 #include <openssl/err.h>
 #include <openssl/objects.h>
@@ -17,6 +18,7 @@
 #include <openssl/rsa.h>
 #include <openssl/dsa.h>
 #include <openssl/dh.h>
+#include <openssl/cmac.h>
 #include <openssl/engine.h>
 
 #include "internal/asn1_int.h"
@@ -55,7 +57,7 @@ int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode)
 
         if (mode >= 0)
             pkey->save_parameters = mode;
-        return (ret);
+        return ret;
     }
 #endif
 #ifndef OPENSSL_NO_EC
@@ -64,10 +66,10 @@ int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode)
 
         if (mode >= 0)
             pkey->save_parameters = mode;
-        return (ret);
+        return ret;
     }
 #endif
-    return (0);
+    return 0;
 }
 
 int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
@@ -160,7 +162,7 @@ int EVP_PKEY_up_ref(EVP_PKEY *pkey)
 {
     int i;
 
-    if (CRYPTO_atomic_add(&pkey->references, 1, &i, pkey->lock) <= 0)
+    if (CRYPTO_UP_REF(&pkey->references, &i, pkey->lock) <= 0)
         return 0;
 
     REF_PRINT_COUNT("EVP_PKEY", pkey);
@@ -173,10 +175,12 @@ int EVP_PKEY_up_ref(EVP_PKEY *pkey)
  * is NULL just return 1 or 0 if the algorithm exists.
  */
 
-static int pkey_set_type(EVP_PKEY *pkey, int type, const char *str, int len)
+static int pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str,
+                         int len)
 {
     const EVP_PKEY_ASN1_METHOD *ameth;
-    ENGINE *e = NULL;
+    ENGINE **eptr = (e == NULL) ? &e :  NULL;
+
     if (pkey) {
         if (pkey->pkey.ptr)
             EVP_PKEY_free_it(pkey);
@@ -195,11 +199,11 @@ static int pkey_set_type(EVP_PKEY *pkey, int type, const char *str, int len)
 #endif
     }
     if (str)
-        ameth = EVP_PKEY_asn1_find_str(&e, str, len);
+        ameth = EVP_PKEY_asn1_find_str(eptr, str, len);
     else
-        ameth = EVP_PKEY_asn1_find(&e, type);
+        ameth = EVP_PKEY_asn1_find(eptr, type);
 #ifndef OPENSSL_NO_ENGINE
-    if (pkey == NULL)
+    if (pkey == NULL && eptr != NULL)
         ENGINE_finish(e);
 #endif
     if (ameth == NULL) {
@@ -216,15 +220,162 @@ static int pkey_set_type(EVP_PKEY *pkey, int type, const char *str, int len)
     return 1;
 }
 
+EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *e,
+                                       const unsigned char *priv,
+                                       size_t len)
+{
+    EVP_PKEY *ret = EVP_PKEY_new();
+
+    if (ret == NULL
+            || !pkey_set_type(ret, e, type, NULL, -1)) {
+        /* EVPerr already called */
+        goto err;
+    }
+
+    if (ret->ameth->set_priv_key == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        goto err;
+    }
+
+    if (!ret->ameth->set_priv_key(ret, priv, len)) {
+        EVPerr(EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY, EVP_R_KEY_SETUP_FAILED);
+        goto err;
+    }
+
+    return ret;
+
+ err:
+    EVP_PKEY_free(ret);
+    return NULL;
+}
+
+EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *e,
+                                      const unsigned char *pub,
+                                      size_t len)
+{
+    EVP_PKEY *ret = EVP_PKEY_new();
+
+    if (ret == NULL
+            || !pkey_set_type(ret, e, type, NULL, -1)) {
+        /* EVPerr already called */
+        goto err;
+    }
+
+    if (ret->ameth->set_pub_key == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_NEW_RAW_PUBLIC_KEY,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        goto err;
+    }
+
+    if (!ret->ameth->set_pub_key(ret, pub, len)) {
+        EVPerr(EVP_F_EVP_PKEY_NEW_RAW_PUBLIC_KEY, EVP_R_KEY_SETUP_FAILED);
+        goto err;
+    }
+
+    return ret;
+
+ err:
+    EVP_PKEY_free(ret);
+    return NULL;
+}
+
+int EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey, unsigned char *priv,
+                                 size_t *len)
+{
+     if (pkey->ameth->get_priv_key == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_GET_RAW_PRIVATE_KEY,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return 0;
+    }
+
+    if (!pkey->ameth->get_priv_key(pkey, priv, len)) {
+        EVPerr(EVP_F_EVP_PKEY_GET_RAW_PRIVATE_KEY, EVP_R_GET_RAW_KEY_FAILED);
+        return 0;
+    }
+
+    return 1;
+}
+
+int EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, unsigned char *pub,
+                                size_t *len)
+{
+     if (pkey->ameth->get_pub_key == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_GET_RAW_PUBLIC_KEY,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return 0;
+    }
+
+    if (!pkey->ameth->get_pub_key(pkey, pub, len)) {
+        EVPerr(EVP_F_EVP_PKEY_GET_RAW_PUBLIC_KEY, EVP_R_GET_RAW_KEY_FAILED);
+        return 0;
+    }
+
+    return 1;
+}
+
+EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv,
+                                size_t len, const EVP_CIPHER *cipher)
+{
+#ifndef OPENSSL_NO_CMAC
+    EVP_PKEY *ret = EVP_PKEY_new();
+    CMAC_CTX *cmctx = CMAC_CTX_new();
+
+    if (ret == NULL
+            || cmctx == NULL
+            || !pkey_set_type(ret, e, EVP_PKEY_CMAC, NULL, -1)) {
+        /* EVPerr already called */
+        goto err;
+    }
+
+    if (!CMAC_Init(cmctx, priv, len, cipher, e)) {
+        EVPerr(EVP_F_EVP_PKEY_NEW_CMAC_KEY, EVP_R_KEY_SETUP_FAILED);
+        goto err;
+    }
+
+    ret->pkey.ptr = cmctx;
+    return ret;
+
+ err:
+    EVP_PKEY_free(ret);
+    CMAC_CTX_free(cmctx);
+    return NULL;
+#else
+    EVPerr(EVP_F_EVP_PKEY_NEW_CMAC_KEY,
+           EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+    return NULL;
+#endif
+}
+
 int EVP_PKEY_set_type(EVP_PKEY *pkey, int type)
 {
-    return pkey_set_type(pkey, type, NULL, -1);
+    return pkey_set_type(pkey, NULL, type, NULL, -1);
 }
 
 int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len)
 {
-    return pkey_set_type(pkey, EVP_PKEY_NONE, str, len);
+    return pkey_set_type(pkey, NULL, EVP_PKEY_NONE, str, len);
+}
+
+int EVP_PKEY_set_alias_type(EVP_PKEY *pkey, int type)
+{
+    if (pkey->type == type) {
+        return 1; /* it already is that type */
+    }
+
+    /*
+     * The application is requesting to alias this to a different pkey type,
+     * but not one that resolves to the base type.
+     */
+    if (EVP_PKEY_type(type) != EVP_PKEY_base_id(pkey)) {
+        EVPerr(EVP_F_EVP_PKEY_SET_ALIAS_TYPE, EVP_R_UNSUPPORTED_ALGORITHM);
+        return 0;
+    }
+
+    pkey->type = type;
+    return 1;
 }
+
 #ifndef OPENSSL_NO_ENGINE
 int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *e)
 {
@@ -269,6 +420,35 @@ const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len)
     return os->data;
 }
 
+#ifndef OPENSSL_NO_POLY1305
+const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len)
+{
+    ASN1_OCTET_STRING *os = NULL;
+    if (pkey->type != EVP_PKEY_POLY1305) {
+        EVPerr(EVP_F_EVP_PKEY_GET0_POLY1305, EVP_R_EXPECTING_A_POLY1305_KEY);
+        return NULL;
+    }
+    os = EVP_PKEY_get0(pkey);
+    *len = os->length;
+    return os->data;
+}
+#endif
+
+#ifndef OPENSSL_NO_SIPHASH
+const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len)
+{
+    ASN1_OCTET_STRING *os = NULL;
+
+    if (pkey->type != EVP_PKEY_SIPHASH) {
+        EVPerr(EVP_F_EVP_PKEY_GET0_SIPHASH, EVP_R_EXPECTING_A_SIPHASH_KEY);
+        return NULL;
+    }
+    os = EVP_PKEY_get0(pkey);
+    *len = os->length;
+    return os->data;
+}
+#endif
+
 #ifndef OPENSSL_NO_RSA
 int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key)
 {
@@ -412,7 +592,7 @@ void EVP_PKEY_free(EVP_PKEY *x)
     if (x == NULL)
         return;
 
-    CRYPTO_atomic_add(&x->references, -1, &i, x->lock);
+    CRYPTO_DOWN_REF(&x->references, &i, x->lock);
     REF_PRINT_COUNT("EVP_PKEY", x);
     if (i > 0)
         return;
diff --git a/deps/openssl/openssl/crypto/evp/p_open.c b/deps/openssl/openssl/crypto/evp/p_open.c
index b65bc74ed1..f2976f8a99 100644
--- a/deps/openssl/openssl/crypto/evp/p_open.c
+++ b/deps/openssl/openssl/crypto/evp/p_open.c
@@ -58,7 +58,7 @@ int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
     ret = 1;
  err:
     OPENSSL_clear_free(key, size);
-    return (ret);
+    return ret;
 }
 
 int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
@@ -68,6 +68,6 @@ int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
     i = EVP_DecryptFinal_ex(ctx, out, outl);
     if (i)
         i = EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, NULL);
-    return (i);
+    return i;
 }
 #endif
diff --git a/deps/openssl/openssl/crypto/evp/p_seal.c b/deps/openssl/openssl/crypto/evp/p_seal.c
index 6f026e7c4f..e851d7ab8b 100644
--- a/deps/openssl/openssl/crypto/evp/p_seal.c
+++ b/deps/openssl/openssl/crypto/evp/p_seal.c
@@ -55,18 +55,6 @@ err:
     return rv;
 }
 
-/*- MACRO
-void EVP_SealUpdate(ctx,out,outl,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-int *outl;
-unsigned char *in;
-int inl;
-        {
-        EVP_EncryptUpdate(ctx,out,outl,in,inl);
-        }
-*/
-
 int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 {
     int i;
diff --git a/deps/openssl/openssl/crypto/evp/scrypt.c b/deps/openssl/openssl/crypto/evp/pbe_scrypt.c
index 3543df5403..57da82f3fe 100644
--- a/deps/openssl/openssl/crypto/evp/scrypt.c
+++ b/deps/openssl/openssl/crypto/evp/pbe_scrypt.c
@@ -12,7 +12,7 @@
 #include <string.h>
 #include <openssl/evp.h>
 #include <openssl/err.h>
-#include <internal/numbers.h>
+#include "internal/numbers.h"
 
 #ifndef OPENSSL_NO_SCRYPT
 
@@ -164,7 +164,6 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen,
     unsigned char *B;
     uint32_t *X, *V, *T;
     uint64_t i, Blen, Vlen;
-    size_t allocsize;
 
     /* Sanity check parameters */
     /* initial check, r,p must be non zero, N >= 2 and a power of 2 */
@@ -196,10 +195,17 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen,
      * p * r < SCRYPT_PR_MAX
      */
     Blen = p * 128 * r;
+    /*
+     * Yet we pass it as integer to PKCS5_PBKDF2_HMAC... [This would
+     * have to be revised when/if PKCS5_PBKDF2_HMAC accepts size_t.]
+     */
+    if (Blen > INT_MAX) {
+        EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED);
+        return 0;
+    }
 
     /*
-     * Check 32 * r * (N + 2) * sizeof(uint32_t) fits in
-     * uint64_t and also size_t (their sizes are unrelated).
+     * Check 32 * r * (N + 2) * sizeof(uint32_t) fits in uint64_t
      * This is combined size V, X and T (section 4)
      */
     i = UINT64_MAX / (32 * sizeof(uint32_t));
@@ -214,16 +220,15 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen,
         EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED);
         return 0;
     }
-    /* check total allocated size fits in size_t */
-    if (Blen > SIZE_MAX - Vlen)
-        return 0;
-
-    allocsize = (size_t)(Blen + Vlen);
 
     if (maxmem == 0)
         maxmem = SCRYPT_MAX_MEM;
 
-    if (allocsize > maxmem) {
+    /* Check that the maximum memory doesn't exceed a size_t limits */
+    if (maxmem > SIZE_MAX)
+        maxmem = SIZE_MAX;
+
+    if (Blen + Vlen > maxmem) {
         EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED);
         return 0;
     }
@@ -232,7 +237,7 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen,
     if (key == NULL)
         return 1;
 
-    B = OPENSSL_malloc(allocsize);
+    B = OPENSSL_malloc((size_t)(Blen + Vlen));
     if (B == NULL) {
         EVPerr(EVP_F_EVP_PBE_SCRYPT, ERR_R_MALLOC_FAILURE);
         return 0;
@@ -241,13 +246,13 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen,
     T = X + 32 * r;
     V = T + 32 * r;
     if (PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, 1, EVP_sha256(),
-                          Blen, B) == 0)
+                          (int)Blen, B) == 0)
         goto err;
 
     for (i = 0; i < p; i++)
         scryptROMix(B + 128 * r * i, r, N, X, T, V);
 
-    if (PKCS5_PBKDF2_HMAC(pass, passlen, B, Blen, 1, EVP_sha256(),
+    if (PKCS5_PBKDF2_HMAC(pass, passlen, B, (int)Blen, 1, EVP_sha256(),
                           keylen, key) == 0)
         goto err;
     rv = 1;
@@ -255,7 +260,7 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen,
     if (rv == 0)
         EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_PBKDF2_ERROR);
 
-    OPENSSL_clear_free(B, allocsize);
+    OPENSSL_clear_free(B, (size_t)(Blen + Vlen));
     return rv;
 }
 #endif
diff --git a/deps/openssl/openssl/crypto/evp/pmeth_fn.c b/deps/openssl/openssl/crypto/evp/pmeth_fn.c
index eb638019ce..de1c07e171 100644
--- a/deps/openssl/openssl/crypto/evp/pmeth_fn.c
+++ b/deps/openssl/openssl/crypto/evp/pmeth_fn.c
@@ -255,7 +255,7 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer)
     }
 
     /*
-     * ran@cryptocom.ru: For clarity.  The error is if parameters in peer are
+     * For clarity.  The error is if parameters in peer are
      * present (!missing) but don't match.  EVP_PKEY_cmp_parameters may return
      * 1 (match), 0 (don't match) and -2 (comparison is not defined).  -1
      * (different key types) is impossible here because it is checked earlier.
diff --git a/deps/openssl/openssl/crypto/evp/pmeth_gn.c b/deps/openssl/openssl/crypto/evp/pmeth_gn.c
index 6adc3a9c19..e14965f333 100644
--- a/deps/openssl/openssl/crypto/evp/pmeth_gn.c
+++ b/deps/openssl/openssl/crypto/evp/pmeth_gn.c
@@ -13,6 +13,7 @@
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include "internal/bn_int.h"
+#include "internal/asn1_int.h"
 #include "internal/evp_int.h"
 
 int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx)
@@ -167,3 +168,72 @@ EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e,
     EVP_PKEY_CTX_free(mac_ctx);
     return mac_key;
 }
+
+int EVP_PKEY_check(EVP_PKEY_CTX *ctx)
+{
+    EVP_PKEY *pkey = ctx->pkey;
+
+    if (pkey == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_CHECK, EVP_R_NO_KEY_SET);
+        return 0;
+    }
+
+    /* call customized check function first */
+    if (ctx->pmeth->check != NULL)
+        return ctx->pmeth->check(pkey);
+
+    /* use default check function in ameth */
+    if (pkey->ameth == NULL || pkey->ameth->pkey_check == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_CHECK,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+
+    return pkey->ameth->pkey_check(pkey);
+}
+
+int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx)
+{
+    EVP_PKEY *pkey = ctx->pkey;
+
+    if (pkey == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_PUBLIC_CHECK, EVP_R_NO_KEY_SET);
+        return 0;
+    }
+
+    /* call customized public key check function first */
+    if (ctx->pmeth->public_check != NULL)
+        return ctx->pmeth->public_check(pkey);
+
+    /* use default public key check function in ameth */
+    if (pkey->ameth == NULL || pkey->ameth->pkey_public_check == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_PUBLIC_CHECK,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+
+    return pkey->ameth->pkey_public_check(pkey);
+}
+
+int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx)
+{
+    EVP_PKEY *pkey = ctx->pkey;
+
+    if (pkey == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_PARAM_CHECK, EVP_R_NO_KEY_SET);
+        return 0;
+    }
+
+    /* call customized param check function first */
+    if (ctx->pmeth->param_check != NULL)
+        return ctx->pmeth->param_check(pkey);
+
+    /* use default param check function in ameth */
+    if (pkey->ameth == NULL || pkey->ameth->pkey_param_check == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_PARAM_CHECK,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+
+    return pkey->ameth->pkey_param_check(pkey);
+}
diff --git a/deps/openssl/openssl/crypto/evp/pmeth_lib.c b/deps/openssl/openssl/crypto/evp/pmeth_lib.c
index f623db3483..7fbf895e07 100644
--- a/deps/openssl/openssl/crypto/evp/pmeth_lib.c
+++ b/deps/openssl/openssl/crypto/evp/pmeth_lib.c
@@ -21,6 +21,7 @@ typedef int sk_cmp_fn_type(const char *const *a, const char *const *b);
 
 static STACK_OF(EVP_PKEY_METHOD) *app_pkey_methods = NULL;
 
+/* This array needs to be in order of NIDs */
 static const EVP_PKEY_METHOD *standard_methods[] = {
 #ifndef OPENSSL_NO_RSA
     &rsa_pkey_meth,
@@ -38,14 +39,34 @@ static const EVP_PKEY_METHOD *standard_methods[] = {
 #ifndef OPENSSL_NO_CMAC
     &cmac_pkey_meth,
 #endif
+#ifndef OPENSSL_NO_RSA
+    &rsa_pss_pkey_meth,
+#endif
 #ifndef OPENSSL_NO_DH
     &dhx_pkey_meth,
 #endif
+#ifndef OPENSSL_NO_SCRYPT
+    &scrypt_pkey_meth,
+#endif
     &tls1_prf_pkey_meth,
 #ifndef OPENSSL_NO_EC
     &ecx25519_pkey_meth,
+    &ecx448_pkey_meth,
+#endif
+    &hkdf_pkey_meth,
+#ifndef OPENSSL_NO_POLY1305
+    &poly1305_pkey_meth,
+#endif
+#ifndef OPENSSL_NO_SIPHASH
+    &siphash_pkey_meth,
+#endif
+#ifndef OPENSSL_NO_EC
+    &ed25519_pkey_meth,
+    &ed448_pkey_meth,
+#endif
+#ifndef OPENSSL_NO_SM2
+    &sm2_pkey_meth,
 #endif
-    &hkdf_pkey_meth
 };
 
 DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *,
@@ -83,10 +104,11 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id)
 {
     EVP_PKEY_CTX *ret;
     const EVP_PKEY_METHOD *pmeth;
+
     if (id == -1) {
-        if (!pkey || !pkey->ameth)
-            return NULL;
-        id = pkey->ameth->pkey_id;
+        if (pkey == NULL)
+            return 0;
+        id = pkey->type;
     }
 #ifndef OPENSSL_NO_ENGINE
     if (e == NULL && pkey != NULL)
@@ -105,7 +127,6 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id)
      * If an ENGINE handled this method look it up. Otherwise use internal
      * tables.
      */
-
     if (e)
         pmeth = ENGINE_get_pkey_meth(e, id);
     else
@@ -132,7 +153,7 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id)
     ret->pmeth = pmeth;
     ret->operation = EVP_PKEY_OP_UNDEFINED;
     ret->pkey = pkey;
-    if (pkey)
+    if (pkey != NULL)
         EVP_PKEY_up_ref(pkey);
 
     if (pmeth->init) {
@@ -209,6 +230,8 @@ void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src)
 
     dst->ctrl = src->ctrl;
     dst->ctrl_str = src->ctrl_str;
+
+    dst->check = src->check;
 }
 
 void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth)
@@ -277,7 +300,7 @@ int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth)
 {
     if (app_pkey_methods == NULL) {
         app_pkey_methods = sk_EVP_PKEY_METHOD_new(pmeth_cmp);
-        if (app_pkey_methods == NULL) {
+        if (app_pkey_methods == NULL){
             EVPerr(EVP_F_EVP_PKEY_METH_ADD0, ERR_R_MALLOC_FAILURE);
             return 0;
         }
@@ -290,6 +313,42 @@ int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth)
     return 1;
 }
 
+void evp_app_cleanup_int(void)
+{
+    if (app_pkey_methods != NULL)
+        sk_EVP_PKEY_METHOD_pop_free(app_pkey_methods, EVP_PKEY_meth_free);
+}
+
+int EVP_PKEY_meth_remove(const EVP_PKEY_METHOD *pmeth)
+{
+    const EVP_PKEY_METHOD *ret;
+
+    ret = sk_EVP_PKEY_METHOD_delete_ptr(app_pkey_methods, pmeth);
+
+    return ret == NULL ? 0 : 1;
+}
+
+size_t EVP_PKEY_meth_get_count(void)
+{
+    size_t rv = OSSL_NELEM(standard_methods);
+
+    if (app_pkey_methods)
+        rv += sk_EVP_PKEY_METHOD_num(app_pkey_methods);
+    return rv;
+}
+
+const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx)
+{
+    if (idx < OSSL_NELEM(standard_methods))
+        return standard_methods[idx];
+    if (app_pkey_methods == NULL)
+        return NULL;
+    idx -= OSSL_NELEM(standard_methods);
+    if (idx >= (size_t)sk_EVP_PKEY_METHOD_num(app_pkey_methods))
+        return NULL;
+    return sk_EVP_PKEY_METHOD_value(app_pkey_methods, idx);
+}
+
 void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx)
 {
     if (ctx == NULL)
@@ -308,6 +367,7 @@ int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,
                       int cmd, int p1, void *p2)
 {
     int ret;
+
     if (!ctx || !ctx->pmeth || !ctx->pmeth->ctrl) {
         EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_COMMAND_NOT_SUPPORTED);
         return -2;
@@ -315,6 +375,10 @@ int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,
     if ((keytype != -1) && (ctx->pmeth->pkey_id != keytype))
         return -1;
 
+    /* Skip the operation checks since this is called in a very early stage */
+    if (ctx->pmeth->digest_custom != NULL)
+        goto doit;
+
     if (ctx->operation == EVP_PKEY_OP_UNDEFINED) {
         EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_NO_OPERATION_SET);
         return -1;
@@ -325,13 +389,19 @@ int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,
         return -1;
     }
 
+ doit:
     ret = ctx->pmeth->ctrl(ctx, cmd, p1, p2);
 
     if (ret == -2)
         EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_COMMAND_NOT_SUPPORTED);
 
     return ret;
+}
 
+int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX *ctx, int keytype, int optype,
+                             int cmd, uint64_t value)
+{
+    return EVP_PKEY_CTX_ctrl(ctx, keytype, optype, cmd, 0, &value);
 }
 
 int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx,
@@ -341,14 +411,9 @@ int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx,
         EVPerr(EVP_F_EVP_PKEY_CTX_CTRL_STR, EVP_R_COMMAND_NOT_SUPPORTED);
         return -2;
     }
-    if (strcmp(name, "digest") == 0) {
-        const EVP_MD *md;
-        if (value == NULL || (md = EVP_get_digestbyname(value)) == NULL) {
-            EVPerr(EVP_F_EVP_PKEY_CTX_CTRL_STR, EVP_R_INVALID_DIGEST);
-            return 0;
-        }
-        return EVP_PKEY_CTX_set_signature_md(ctx, md);
-    }
+    if (strcmp(name, "digest") == 0)
+        return EVP_PKEY_CTX_md(ctx, EVP_PKEY_OP_TYPE_SIG, EVP_PKEY_CTRL_MD,
+                               value);
     return ctx->pmeth->ctrl_str(ctx, name, value);
 }
 
@@ -379,6 +444,18 @@ int EVP_PKEY_CTX_hex2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *hex)
     return rv;
 }
 
+/* Pass a message digest to a ctrl */
+int EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md)
+{
+    const EVP_MD *m;
+
+    if (md == NULL || (m = EVP_get_digestbyname(md)) == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_CTX_MD, EVP_R_INVALID_DIGEST);
+        return 0;
+    }
+    return EVP_PKEY_CTX_ctrl(ctx, -1, optype, cmd, 0, (void *)m);
+}
+
 int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx)
 {
     return ctx->operation;
@@ -565,6 +642,31 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
     pmeth->ctrl_str = ctrl_str;
 }
 
+void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth,
+                             int (*check) (EVP_PKEY *pkey))
+{
+    pmeth->check = check;
+}
+
+void EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD *pmeth,
+                                    int (*check) (EVP_PKEY *pkey))
+{
+    pmeth->public_check = check;
+}
+
+void EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD *pmeth,
+                                   int (*check) (EVP_PKEY *pkey))
+{
+    pmeth->param_check = check;
+}
+
+void EVP_PKEY_meth_set_digest_custom(EVP_PKEY_METHOD *pmeth,
+                                     int (*digest_custom) (EVP_PKEY_CTX *ctx,
+                                                           EVP_MD_CTX *mctx))
+{
+    pmeth->digest_custom = digest_custom;
+}
+
 void EVP_PKEY_meth_get_init(const EVP_PKEY_METHOD *pmeth,
                             int (**pinit) (EVP_PKEY_CTX *ctx))
 {
@@ -731,3 +833,32 @@ void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth,
     if (pctrl_str)
         *pctrl_str = pmeth->ctrl_str;
 }
+
+void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD *pmeth,
+                             int (**pcheck) (EVP_PKEY *pkey))
+{
+    if (pcheck != NULL)
+        *pcheck = pmeth->check;
+}
+
+void EVP_PKEY_meth_get_public_check(const EVP_PKEY_METHOD *pmeth,
+                                    int (**pcheck) (EVP_PKEY *pkey))
+{
+    if (pcheck != NULL)
+        *pcheck = pmeth->public_check;
+}
+
+void EVP_PKEY_meth_get_param_check(const EVP_PKEY_METHOD *pmeth,
+                                   int (**pcheck) (EVP_PKEY *pkey))
+{
+    if (pcheck != NULL)
+        *pcheck = pmeth->param_check;
+}
+
+void EVP_PKEY_meth_get_digest_custom(EVP_PKEY_METHOD *pmeth,
+                                     int (**pdigest_custom) (EVP_PKEY_CTX *ctx,
+                                                             EVP_MD_CTX *mctx))
+{
+    if (pdigest_custom != NULL)
+        *pdigest_custom = pmeth->digest_custom;
+}
diff --git a/deps/openssl/openssl/crypto/ex_data.c b/deps/openssl/openssl/crypto/ex_data.c
index 6e3072f2a9..08dc7c4073 100644
--- a/deps/openssl/openssl/crypto/ex_data.c
+++ b/deps/openssl/openssl/crypto/ex_data.c
@@ -9,7 +9,6 @@
 
 #include "internal/cryptlib_int.h"
 #include "internal/thread_once.h"
-#include <openssl/lhash.h>
 
 /*
  * Each structure type (sometimes called a class), that supports
diff --git a/deps/openssl/openssl/crypto/hmac/hm_ameth.c b/deps/openssl/openssl/crypto/hmac/hm_ameth.c
index 78ae0ea63a..fa204e9068 100644
--- a/deps/openssl/openssl/crypto/hmac/hm_ameth.c
+++ b/deps/openssl/openssl/crypto/hmac/hm_ameth.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -11,8 +11,7 @@
 #include "internal/cryptlib.h"
 #include <openssl/evp.h>
 #include "internal/asn1_int.h"
-
-#define HMAC_TEST_PRIVATE_KEY_FORMAT
+#include "internal/evp_int.h"
 
 /*
  * HMAC "ASN1" method. This is just here to indicate the maximum HMAC output
@@ -51,52 +50,46 @@ static int hmac_pkey_public_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
     return ASN1_OCTET_STRING_cmp(EVP_PKEY_get0(a), EVP_PKEY_get0(b));
 }
 
-#ifdef HMAC_TEST_PRIVATE_KEY_FORMAT
-/*
- * A bogus private key format for test purposes. This is simply the HMAC key
- * with "HMAC PRIVATE KEY" in the headers. When enabled the genpkey utility
- * can be used to "generate" HMAC keys.
- */
-
-static int old_hmac_decode(EVP_PKEY *pkey,
-                           const unsigned char **pder, int derlen)
+static int hmac_set_priv_key(EVP_PKEY *pkey, const unsigned char *priv,
+                             size_t len)
 {
     ASN1_OCTET_STRING *os;
+
+    if (pkey->pkey.ptr != NULL)
+        return 0;
+
     os = ASN1_OCTET_STRING_new();
-    if (os == NULL || !ASN1_OCTET_STRING_set(os, *pder, derlen))
-        goto err;
-    if (!EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, os))
-        goto err;
-    return 1;
+    if (os == NULL)
+        return 0;
+
+
+    if (!ASN1_OCTET_STRING_set(os, priv, len)) {
+        ASN1_OCTET_STRING_free(os);
+        return 0;
+    }
 
- err:
-    ASN1_OCTET_STRING_free(os);
-    return 0;
+    pkey->pkey.ptr = os;
+    return 1;
 }
 
-static int old_hmac_encode(const EVP_PKEY *pkey, unsigned char **pder)
+static int hmac_get_priv_key(const EVP_PKEY *pkey, unsigned char *priv,
+                             size_t *len)
 {
-    int inc;
-    ASN1_OCTET_STRING *os = EVP_PKEY_get0(pkey);
-    if (pder) {
-        if (!*pder) {
-            *pder = OPENSSL_malloc(os->length);
-            if (*pder == NULL)
-                return -1;
-            inc = 0;
-        } else
-            inc = 1;
-
-        memcpy(*pder, os->data, os->length);
-
-        if (inc)
-            *pder += os->length;
+    ASN1_OCTET_STRING *os = (ASN1_OCTET_STRING *)pkey->pkey.ptr;
+
+    if (priv == NULL) {
+        *len = ASN1_STRING_length(os);
+        return 1;
     }
 
-    return os->length;
-}
+    if (os == NULL || *len < (size_t)ASN1_STRING_length(os))
+        return 0;
 
-#endif
+    *len = ASN1_STRING_length(os);
+    memcpy(priv, ASN1_STRING_get0_data(os), *len);
+
+    return 1;
+}
 
 const EVP_PKEY_ASN1_METHOD hmac_asn1_meth = {
     EVP_PKEY_HMAC,
@@ -116,10 +109,19 @@ const EVP_PKEY_ASN1_METHOD hmac_asn1_meth = {
 
     hmac_key_free,
     hmac_pkey_ctrl,
-#ifdef HMAC_TEST_PRIVATE_KEY_FORMAT
-    old_hmac_decode,
-    old_hmac_encode
-#else
-    0, 0
-#endif
+    NULL,
+    NULL,
+
+    NULL,
+    NULL,
+    NULL,
+
+    NULL,
+    NULL,
+    NULL,
+
+    hmac_set_priv_key,
+    NULL,
+    hmac_get_priv_key,
+    NULL,
 };
diff --git a/deps/openssl/openssl/crypto/hmac/hm_pmeth.c b/deps/openssl/openssl/crypto/hmac/hm_pmeth.c
index 5b98477f9c..55dd27d63b 100644
--- a/deps/openssl/openssl/crypto/hmac/hm_pmeth.c
+++ b/deps/openssl/openssl/crypto/hmac/hm_pmeth.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -13,6 +13,7 @@
 #include <openssl/x509v3.h>
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
+#include <openssl/err.h>
 #include "internal/evp_int.h"
 
 /* HMAC pkey context structure */
@@ -27,9 +28,10 @@ static int pkey_hmac_init(EVP_PKEY_CTX *ctx)
 {
     HMAC_PKEY_CTX *hctx;
 
-    hctx = OPENSSL_zalloc(sizeof(*hctx));
-    if (hctx == NULL)
+    if ((hctx = OPENSSL_zalloc(sizeof(*hctx))) == NULL) {
+        CRYPTOerr(CRYPTO_F_PKEY_HMAC_INIT, ERR_R_MALLOC_FAILURE);
         return 0;
+    }
     hctx->ktmp.type = V_ASN1_OCTET_STRING;
     hctx->ctx = HMAC_CTX_new();
     if (hctx->ctx == NULL) {
diff --git a/deps/openssl/openssl/crypto/hmac/hmac.c b/deps/openssl/openssl/crypto/hmac/hmac.c
index 3374105cbb..e4031b44a5 100644
--- a/deps/openssl/openssl/crypto/hmac/hmac.c
+++ b/deps/openssl/openssl/crypto/hmac/hmac.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -18,8 +18,9 @@
 int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
                  const EVP_MD *md, ENGINE *impl)
 {
+    int rv = 0;
     int i, j, reset = 0;
-    unsigned char pad[HMAC_MAX_MD_CBLOCK];
+    unsigned char pad[HMAC_MAX_MD_CBLOCK_SIZE];
 
     /* If we are changing MD then we must have a key */
     if (md != NULL && md != ctx->md && (key == NULL || len < 0))
@@ -37,46 +38,45 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
     if (key != NULL) {
         reset = 1;
         j = EVP_MD_block_size(md);
-        OPENSSL_assert(j <= (int)sizeof(ctx->key));
+        if (!ossl_assert(j <= (int)sizeof(ctx->key)))
+            return 0;
         if (j < len) {
-            if (!EVP_DigestInit_ex(ctx->md_ctx, md, impl))
-                goto err;
-            if (!EVP_DigestUpdate(ctx->md_ctx, key, len))
-                goto err;
-            if (!EVP_DigestFinal_ex(ctx->md_ctx, ctx->key,
-                                    &ctx->key_length))
-                goto err;
+            if (!EVP_DigestInit_ex(ctx->md_ctx, md, impl)
+                    || !EVP_DigestUpdate(ctx->md_ctx, key, len)
+                    || !EVP_DigestFinal_ex(ctx->md_ctx, ctx->key,
+                                           &ctx->key_length))
+                return 0;
         } else {
             if (len < 0 || len > (int)sizeof(ctx->key))
                 return 0;
             memcpy(ctx->key, key, len);
             ctx->key_length = len;
         }
-        if (ctx->key_length != HMAC_MAX_MD_CBLOCK)
+        if (ctx->key_length != HMAC_MAX_MD_CBLOCK_SIZE)
             memset(&ctx->key[ctx->key_length], 0,
-                   HMAC_MAX_MD_CBLOCK - ctx->key_length);
+                   HMAC_MAX_MD_CBLOCK_SIZE - ctx->key_length);
     }
 
     if (reset) {
-        for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++)
+        for (i = 0; i < HMAC_MAX_MD_CBLOCK_SIZE; i++)
             pad[i] = 0x36 ^ ctx->key[i];
-        if (!EVP_DigestInit_ex(ctx->i_ctx, md, impl))
-            goto err;
-        if (!EVP_DigestUpdate(ctx->i_ctx, pad, EVP_MD_block_size(md)))
+        if (!EVP_DigestInit_ex(ctx->i_ctx, md, impl)
+                || !EVP_DigestUpdate(ctx->i_ctx, pad, EVP_MD_block_size(md)))
             goto err;
 
-        for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++)
+        for (i = 0; i < HMAC_MAX_MD_CBLOCK_SIZE; i++)
             pad[i] = 0x5c ^ ctx->key[i];
-        if (!EVP_DigestInit_ex(ctx->o_ctx, md, impl))
-            goto err;
-        if (!EVP_DigestUpdate(ctx->o_ctx, pad, EVP_MD_block_size(md)))
+        if (!EVP_DigestInit_ex(ctx->o_ctx, md, impl)
+                || !EVP_DigestUpdate(ctx->o_ctx, pad, EVP_MD_block_size(md)))
             goto err;
     }
     if (!EVP_MD_CTX_copy_ex(ctx->md_ctx, ctx->i_ctx))
         goto err;
-    return 1;
+    rv = 1;
  err:
-    return 0;
+    if (reset)
+        OPENSSL_cleanse(pad, sizeof(pad));
+    return rv;
 }
 
 #if OPENSSL_API_COMPAT < 0x10100000L
@@ -118,7 +118,9 @@ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
 
 size_t HMAC_size(const HMAC_CTX *ctx)
 {
-    return EVP_MD_size((ctx)->md);
+    int size = EVP_MD_size((ctx)->md);
+
+    return (size < 0) ? 0 : size;
 }
 
 HMAC_CTX *HMAC_CTX_new(void)
@@ -155,31 +157,36 @@ void HMAC_CTX_free(HMAC_CTX *ctx)
     }
 }
 
-int HMAC_CTX_reset(HMAC_CTX *ctx)
+static int hmac_ctx_alloc_mds(HMAC_CTX *ctx)
 {
-    hmac_ctx_cleanup(ctx);
     if (ctx->i_ctx == NULL)
         ctx->i_ctx = EVP_MD_CTX_new();
     if (ctx->i_ctx == NULL)
-        goto err;
+        return 0;
     if (ctx->o_ctx == NULL)
         ctx->o_ctx = EVP_MD_CTX_new();
     if (ctx->o_ctx == NULL)
-        goto err;
+        return 0;
     if (ctx->md_ctx == NULL)
         ctx->md_ctx = EVP_MD_CTX_new();
     if (ctx->md_ctx == NULL)
-        goto err;
-    ctx->md = NULL;
+        return 0;
     return 1;
- err:
+}
+
+int HMAC_CTX_reset(HMAC_CTX *ctx)
+{
     hmac_ctx_cleanup(ctx);
-    return 0;
+    if (!hmac_ctx_alloc_mds(ctx)) {
+        hmac_ctx_cleanup(ctx);
+        return 0;
+    }
+    return 1;
 }
 
 int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx)
 {
-    if (!HMAC_CTX_reset(dctx))
+    if (!hmac_ctx_alloc_mds(dctx))
         goto err;
     if (!EVP_MD_CTX_copy_ex(dctx->i_ctx, sctx->i_ctx))
         goto err;
@@ -187,7 +194,7 @@ int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx)
         goto err;
     if (!EVP_MD_CTX_copy_ex(dctx->md_ctx, sctx->md_ctx))
         goto err;
-    memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK);
+    memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK_SIZE);
     dctx->key_length = sctx->key_length;
     dctx->md = sctx->md;
     return 1;
diff --git a/deps/openssl/openssl/crypto/hmac/hmac_lcl.h b/deps/openssl/openssl/crypto/hmac/hmac_lcl.h
index 4c156dc126..8fd8345694 100644
--- a/deps/openssl/openssl/crypto/hmac/hmac_lcl.h
+++ b/deps/openssl/openssl/crypto/hmac/hmac_lcl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -10,12 +10,8 @@
 #ifndef HEADER_HMAC_LCL_H
 # define HEADER_HMAC_LCL_H
 
-#ifdef  __cplusplus
-extern "C" {
-#endif
-#if 0                            /* emacs indentation fix */
-}
-#endif
+/* The current largest case is for SHA3-224 */
+#define HMAC_MAX_MD_CBLOCK_SIZE     144
 
 struct hmac_ctx_st {
     const EVP_MD *md;
@@ -23,11 +19,7 @@ struct hmac_ctx_st {
     EVP_MD_CTX *i_ctx;
     EVP_MD_CTX *o_ctx;
     unsigned int key_length;
-    unsigned char key[HMAC_MAX_MD_CBLOCK];
+    unsigned char key[HMAC_MAX_MD_CBLOCK_SIZE];
 };
 
-#ifdef __cplusplus
-} /* extern "C" */
-#endif
-
 #endif
diff --git a/deps/openssl/openssl/crypto/idea/i_ecb.c b/deps/openssl/openssl/crypto/idea/i_ecb.c
index 2208287e32..058d0c14c0 100644
--- a/deps/openssl/openssl/crypto/idea/i_ecb.c
+++ b/deps/openssl/openssl/crypto/idea/i_ecb.c
@@ -13,7 +13,7 @@
 
 const char *IDEA_options(void)
 {
-    return ("idea(int)");
+    return "idea(int)";
 }
 
 void IDEA_ecb_encrypt(const unsigned char *in, unsigned char *out,
diff --git a/deps/openssl/openssl/crypto/idea/i_skey.c b/deps/openssl/openssl/crypto/idea/i_skey.c
index 02853246dc..9d9145580f 100644
--- a/deps/openssl/openssl/crypto/idea/i_skey.c
+++ b/deps/openssl/openssl/crypto/idea/i_skey.c
@@ -108,5 +108,5 @@ static IDEA_INT inverse(unsigned int xin)
             }
         } while (r != 0);
     }
-    return ((IDEA_INT) b2);
+    return (IDEA_INT)b2;
 }
diff --git a/deps/openssl/openssl/crypto/idea/idea_lcl.h b/deps/openssl/openssl/crypto/idea/idea_lcl.h
index 825d00066d..50f81dfd8d 100644
--- a/deps/openssl/openssl/crypto/idea/idea_lcl.h
+++ b/deps/openssl/openssl/crypto/idea/idea_lcl.h
@@ -7,11 +7,6 @@
  * https://www.openssl.org/source/license.html
  */
 
-/*
- * The new form of this macro (check if the a*b == 0) was suggested by Colin
- * Plumb <colin@nyx10.cs.du.edu>
- */
-/* Removal of the inner if from from Wei Dai 24/4/96 */
 #define idea_mul(r,a,b,ul) \
 ul=(unsigned long)a*b; \
 if (ul != 0) \
@@ -22,16 +17,6 @@ if (ul != 0) \
 else \
         r=(-(int)a-b+1);        /* assuming a or b is 0 and in range */
 
-/*
- * 7/12/95 - Many thanks to Rhys Weatherley <rweather@us.oracle.com> for
- * pointing out that I was assuming little endian byte order for all
- * quantities what idea actually used bigendian.  No where in the spec does
- * it mention this, it is all in terms of 16 bit numbers and even the example
- * does not use byte streams for the input example :-(. If you byte swap each
- * pair of input, keys and iv, the functions would produce the output as the
- * old version :-(.
- */
-
 /* NOTE - c is not incremented as per n2l */
 #define n2ln(c,l1,l2,n) { \
                         c+=n; \
diff --git a/deps/openssl/openssl/crypto/include/internal/__DECC_INCLUDE_EPILOGUE.H b/deps/openssl/openssl/crypto/include/internal/__DECC_INCLUDE_EPILOGUE.H
index 5f63860808..c350018ad1 100644
--- a/deps/openssl/openssl/crypto/include/internal/__DECC_INCLUDE_EPILOGUE.H
+++ b/deps/openssl/openssl/crypto/include/internal/__DECC_INCLUDE_EPILOGUE.H
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/deps/openssl/openssl/crypto/include/internal/__DECC_INCLUDE_PROLOGUE.H b/deps/openssl/openssl/crypto/include/internal/__DECC_INCLUDE_PROLOGUE.H
index 78b2a87d88..9a9c777f93 100644
--- a/deps/openssl/openssl/crypto/include/internal/__DECC_INCLUDE_PROLOGUE.H
+++ b/deps/openssl/openssl/crypto/include/internal/__DECC_INCLUDE_PROLOGUE.H
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/deps/openssl/openssl/crypto/include/internal/aria.h b/deps/openssl/openssl/crypto/include/internal/aria.h
new file mode 100644
index 0000000000..355abe5398
--- /dev/null
+++ b/deps/openssl/openssl/crypto/include/internal/aria.h
@@ -0,0 +1,50 @@
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2017, Oracle and/or its affiliates.  All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+ /* Copyright (c) 2017 National Security Research Institute.  All rights reserved. */
+
+#ifndef HEADER_ARIA_H
+# define HEADER_ARIA_H
+
+# include <openssl/opensslconf.h>
+
+# ifdef OPENSSL_NO_ARIA
+#  error ARIA is disabled.
+# endif
+
+# define ARIA_ENCRYPT     1
+# define ARIA_DECRYPT     0
+
+# define ARIA_BLOCK_SIZE    16  /* Size of each encryption/decryption block */
+# define ARIA_MAX_KEYS      17  /* Number of keys needed in the worst case  */
+
+typedef union {
+    unsigned char c[ARIA_BLOCK_SIZE];
+    unsigned int u[ARIA_BLOCK_SIZE / sizeof(unsigned int)];
+} ARIA_u128;
+
+typedef unsigned char ARIA_c128[ARIA_BLOCK_SIZE];
+
+struct aria_key_st {
+    ARIA_u128 rd_key[ARIA_MAX_KEYS];
+    unsigned int rounds;
+};
+typedef struct aria_key_st ARIA_KEY;
+
+
+int aria_set_encrypt_key(const unsigned char *userKey, const int bits,
+                         ARIA_KEY *key);
+int aria_set_decrypt_key(const unsigned char *userKey, const int bits,
+                         ARIA_KEY *key);
+
+void aria_encrypt(const unsigned char *in, unsigned char *out,
+                  const ARIA_KEY *key);
+
+#endif
diff --git a/deps/openssl/openssl/crypto/include/internal/asn1_int.h b/deps/openssl/openssl/crypto/include/internal/asn1_int.h
index ba9c062702..9c9b4d8974 100644
--- a/deps/openssl/openssl/crypto/include/internal/asn1_int.h
+++ b/deps/openssl/openssl/crypto/include/internal/asn1_int.h
@@ -52,6 +52,17 @@ struct evp_pkey_asn1_method_st {
     int (*item_sign) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
                       X509_ALGOR *alg1, X509_ALGOR *alg2,
                       ASN1_BIT_STRING *sig);
+    int (*siginf_set) (X509_SIG_INFO *siginf, const X509_ALGOR *alg,
+                       const ASN1_STRING *sig);
+    /* Check */
+    int (*pkey_check) (const EVP_PKEY *pk);
+    int (*pkey_public_check) (const EVP_PKEY *pk);
+    int (*pkey_param_check) (const EVP_PKEY *pk);
+    /* Get/set raw private/public key data */
+    int (*set_priv_key) (EVP_PKEY *pk, const unsigned char *priv, size_t len);
+    int (*set_pub_key) (EVP_PKEY *pk, const unsigned char *pub, size_t len);
+    int (*get_priv_key) (const EVP_PKEY *pk, unsigned char *priv, size_t *len);
+    int (*get_pub_key) (const EVP_PKEY *pk, unsigned char *pub, size_t *len);
 } /* EVP_PKEY_ASN1_METHOD */ ;
 
 DEFINE_STACK_OF_CONST(EVP_PKEY_ASN1_METHOD)
@@ -62,8 +73,16 @@ extern const EVP_PKEY_ASN1_METHOD dhx_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[5];
 extern const EVP_PKEY_ASN1_METHOD eckey_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD ecx25519_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD ecx448_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD ed25519_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD ed448_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD sm2_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD poly1305_asn1_meth;
+
 extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[2];
+extern const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD siphash_asn1_meth;
 
 /*
  * These are used internally in the ASN1_OBJECT to keep track of whether the
@@ -90,3 +109,5 @@ struct asn1_pctx_st {
     unsigned long oid_flags;
     unsigned long str_flags;
 } /* ASN1_PCTX */ ;
+
+int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb);
diff --git a/deps/openssl/openssl/crypto/include/internal/bn_conf.h b/deps/openssl/openssl/crypto/include/internal/bn_conf.h
deleted file mode 100644
index 79400c6472..0000000000
--- a/deps/openssl/openssl/crypto/include/internal/bn_conf.h
+++ /dev/null
@@ -1 +0,0 @@
-#include "../../../config/bn_conf.h"
diff --git a/deps/openssl/openssl/crypto/include/internal/bn_dh.h b/deps/openssl/openssl/crypto/include/internal/bn_dh.h
index f49f039835..70ebca2875 100644
--- a/deps/openssl/openssl/crypto/include/internal/bn_dh.h
+++ b/deps/openssl/openssl/crypto/include/internal/bn_dh.h
@@ -15,3 +15,10 @@
 declare_dh_bn(1024_160)
 declare_dh_bn(2048_224)
 declare_dh_bn(2048_256)
+
+extern const BIGNUM _bignum_ffdhe2048_p;
+extern const BIGNUM _bignum_ffdhe3072_p;
+extern const BIGNUM _bignum_ffdhe4096_p;
+extern const BIGNUM _bignum_ffdhe6144_p;
+extern const BIGNUM _bignum_ffdhe8192_p;
+extern const BIGNUM _bignum_const_2;
diff --git a/deps/openssl/openssl/crypto/include/internal/bn_int.h b/deps/openssl/openssl/crypto/include/internal/bn_int.h
index 2be7fdd0d3..cffe5cfc16 100644
--- a/deps/openssl/openssl/crypto/include/internal/bn_int.h
+++ b/deps/openssl/openssl/crypto/include/internal/bn_int.h
@@ -13,10 +13,6 @@
 # include <openssl/bn.h>
 # include <limits.h>
 
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
 BIGNUM *bn_wexpand(BIGNUM *a, int words);
 BIGNUM *bn_expand2(BIGNUM *a, int words);
 
@@ -34,8 +30,6 @@ signed char *bn_compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len);
 
 int bn_get_top(const BIGNUM *a);
 
-void bn_set_top(BIGNUM *a, int top);
-
 int bn_get_dmax(const BIGNUM *a);
 
 /* Set all words to zero */
@@ -66,14 +60,6 @@ void bn_set_static_words(BIGNUM *a, const BN_ULONG *words, int size);
  */
 int bn_set_words(BIGNUM *a, const BN_ULONG *words, int num_words);
 
-size_t bn_sizeof_BIGNUM(void);
-
-/*
- * Return element el from an array of BIGNUMs starting at base (required
- * because callers do not know the size of BIGNUM at compilation time)
- */
-BIGNUM *bn_array_el(BIGNUM *base, int el);
-
 /*
  * Some BIGNUM functions assume most significant limb to be non-zero, which
  * is customarily arranged by bn_correct_top. Output from below functions
@@ -94,8 +80,4 @@ int bn_mod_sub_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
 int bn_mul_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
 int bn_sqr_fixed_top(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx);
 
-#ifdef  __cplusplus
-}
-#endif
-
 #endif
diff --git a/deps/openssl/openssl/crypto/include/internal/chacha.h b/deps/openssl/openssl/crypto/include/internal/chacha.h
index 7d4366ea25..67243f2228 100644
--- a/deps/openssl/openssl/crypto/include/internal/chacha.h
+++ b/deps/openssl/openssl/crypto/include/internal/chacha.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -12,10 +12,6 @@
 
 #include <stddef.h>
 
-#ifdef __cplusplus
-extern "C" {
-#endif
-
 /*
  * ChaCha20_ctr32 encrypts |len| bytes from |inp| with the given key and
  * nonce and writes the result to |out|, which may be equal to |inp|.
@@ -43,7 +39,4 @@ void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp,
 #define CHACHA_CTR_SIZE		16
 #define CHACHA_BLK_SIZE		64
 
-#ifdef __cplusplus
-}
-#endif
 #endif
diff --git a/deps/openssl/openssl/crypto/include/internal/cryptlib.h b/deps/openssl/openssl/crypto/include/internal/cryptlib.h
deleted file mode 100644
index d42a134bdf..0000000000
--- a/deps/openssl/openssl/crypto/include/internal/cryptlib.h
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#ifndef HEADER_CRYPTLIB_H
-# define HEADER_CRYPTLIB_H
-
-# include <stdlib.h>
-# include <string.h>
-
-# include "e_os.h"
-
-# ifdef OPENSSL_USE_APPLINK
-#  undef BIO_FLAGS_UPLINK
-#  define BIO_FLAGS_UPLINK 0x8000
-#  include "ms/uplink.h"
-# endif
-
-# include <openssl/crypto.h>
-# include <openssl/buffer.h>
-# include <openssl/bio.h>
-# include <openssl/err.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-typedef struct ex_callback_st EX_CALLBACK;
-
-DEFINE_STACK_OF(EX_CALLBACK)
-
-typedef struct app_mem_info_st APP_INFO;
-
-typedef struct mem_st MEM;
-DEFINE_LHASH_OF(MEM);
-
-# ifndef OPENSSL_SYS_VMS
-#  define X509_CERT_AREA          OPENSSLDIR
-#  define X509_CERT_DIR           OPENSSLDIR "/certs"
-#  define X509_CERT_FILE          OPENSSLDIR "/cert.pem"
-#  define X509_PRIVATE_DIR        OPENSSLDIR "/private"
-#  define CTLOG_FILE              OPENSSLDIR "/ct_log_list.cnf"
-# else
-#  define X509_CERT_AREA          "OSSL$DATAROOT:[000000]"
-#  define X509_CERT_DIR           "OSSL$DATAROOT:[CERTS]"
-#  define X509_CERT_FILE          "OSSL$DATAROOT:[000000]cert.pem"
-#  define X509_PRIVATE_DIR        "OSSL$DATAROOT:[PRIVATE]"
-#  define CTLOG_FILE              "OSSL$DATAROOT:[000000]ct_log_list.cnf"
-# endif
-
-# define X509_CERT_DIR_EVP        "SSL_CERT_DIR"
-# define X509_CERT_FILE_EVP       "SSL_CERT_FILE"
-# define CTLOG_FILE_EVP           "CTLOG_FILE"
-
-/* size of string representations */
-# define DECIMAL_SIZE(type)      ((sizeof(type)*8+2)/3+1)
-# define HEX_SIZE(type)          (sizeof(type)*2)
-
-void OPENSSL_cpuid_setup(void);
-extern unsigned int OPENSSL_ia32cap_P[];
-void OPENSSL_showfatal(const char *fmta, ...);
-extern int OPENSSL_NONPIC_relocated;
-void crypto_cleanup_all_ex_data_int(void);
-
-char *ossl_safe_getenv(const char *name);
-
-int openssl_strerror_r(int errnum, char *buf, size_t buflen);
-# if !defined(OPENSSL_NO_STDIO)
-FILE *openssl_fopen(const char *filename, const char *mode);
-# else
-void *openssl_fopen(const char *filename, const char *mode);
-# endif
-
-unsigned long OPENSSL_rdtsc(void);
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/deps/openssl/openssl/crypto/include/internal/cryptlib_int.h b/deps/openssl/openssl/crypto/include/internal/cryptlib_int.h
index ceeb63ddd0..38b5dac9a3 100644
--- a/deps/openssl/openssl/crypto/include/internal/cryptlib_int.h
+++ b/deps/openssl/openssl/crypto/include/internal/cryptlib_int.h
@@ -7,13 +7,14 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <internal/cryptlib.h>
+#include "internal/cryptlib.h"
 
 /* This file is not scanned by mkdef.pl, whereas cryptlib.h is */
 
 struct thread_local_inits_st {
     int async;
     int err_state;
+    int rand;
 };
 
 int ossl_init_thread_start(uint64_t opts);
@@ -29,4 +30,6 @@ int ossl_init_thread_start(uint64_t opts);
 /* OPENSSL_INIT_THREAD flags */
 # define OPENSSL_INIT_THREAD_ASYNC           0x01
 # define OPENSSL_INIT_THREAD_ERR_STATE       0x02
+# define OPENSSL_INIT_THREAD_RAND            0x04
 
+void ossl_malloc_setup_failures(void);
diff --git a/deps/openssl/openssl/crypto/include/internal/ctype.h b/deps/openssl/openssl/crypto/include/internal/ctype.h
new file mode 100644
index 0000000000..a35b12bfbf
--- /dev/null
+++ b/deps/openssl/openssl/crypto/include/internal/ctype.h
@@ -0,0 +1,80 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This version of ctype.h provides a standardised and platform
+ * independent implementation that supports seven bit ASCII characters.
+ * The specific intent is to not pass extended ASCII characters (> 127)
+ * even if the host operating system would.
+ *
+ * There is EBCDIC support included for machines which use this.  However,
+ * there are a number of concerns about how well EBCDIC is supported
+ * throughout the rest of the source code.  Refer to issue #4154 for
+ * details.
+ */
+#ifndef INTERNAL_CTYPE_H
+# define INTERNAL_CTYPE_H
+
+# define CTYPE_MASK_lower       0x1
+# define CTYPE_MASK_upper       0x2
+# define CTYPE_MASK_digit       0x4
+# define CTYPE_MASK_space       0x8
+# define CTYPE_MASK_xdigit      0x10
+# define CTYPE_MASK_blank       0x20
+# define CTYPE_MASK_cntrl       0x40
+# define CTYPE_MASK_graph       0x80
+# define CTYPE_MASK_print       0x100
+# define CTYPE_MASK_punct       0x200
+# define CTYPE_MASK_base64      0x400
+# define CTYPE_MASK_asn1print   0x800
+
+# define CTYPE_MASK_alpha   (CTYPE_MASK_lower | CTYPE_MASK_upper)
+# define CTYPE_MASK_alnum   (CTYPE_MASK_alpha | CTYPE_MASK_digit)
+
+/*
+ * The ascii mask assumes that any other classification implies that
+ * the character is ASCII and that there are no ASCII characters
+ * that aren't in any of the classifications.
+ *
+ * This assumption holds at the moment, but it might not in the future.
+ */
+# define CTYPE_MASK_ascii   (~0)
+
+# ifdef CHARSET_EBCDIC
+int ossl_toascii(int c);
+int ossl_fromascii(int c);
+# else
+#  define ossl_toascii(c)       (c)
+#  define ossl_fromascii(c)     (c)
+# endif
+int ossl_ctype_check(int c, unsigned int mask);
+int ossl_tolower(int c);
+int ossl_toupper(int c);
+
+# define ossl_isalnum(c)        (ossl_ctype_check((c), CTYPE_MASK_alnum))
+# define ossl_isalpha(c)        (ossl_ctype_check((c), CTYPE_MASK_alpha))
+# ifdef CHARSET_EBCDIC
+# define ossl_isascii(c)        (ossl_ctype_check((c), CTYPE_MASK_ascii))
+# else
+# define ossl_isascii(c)        (((c) & ~127) == 0)
+# endif
+# define ossl_isblank(c)        (ossl_ctype_check((c), CTYPE_MASK_blank))
+# define ossl_iscntrl(c)        (ossl_ctype_check((c), CTYPE_MASK_cntrl))
+# define ossl_isdigit(c)        (ossl_ctype_check((c), CTYPE_MASK_digit))
+# define ossl_isgraph(c)        (ossl_ctype_check((c), CTYPE_MASK_graph))
+# define ossl_islower(c)        (ossl_ctype_check((c), CTYPE_MASK_lower))
+# define ossl_isprint(c)        (ossl_ctype_check((c), CTYPE_MASK_print))
+# define ossl_ispunct(c)        (ossl_ctype_check((c), CTYPE_MASK_punct))
+# define ossl_isspace(c)        (ossl_ctype_check((c), CTYPE_MASK_space))
+# define ossl_isupper(c)        (ossl_ctype_check((c), CTYPE_MASK_upper))
+# define ossl_isxdigit(c)       (ossl_ctype_check((c), CTYPE_MASK_xdigit))
+# define ossl_isbase64(c)       (ossl_ctype_check((c), CTYPE_MASK_base64))
+# define ossl_isasn1print(c)    (ossl_ctype_check((c), CTYPE_MASK_asn1print))
+
+#endif
diff --git a/deps/openssl/openssl/crypto/include/internal/dso_conf.h b/deps/openssl/openssl/crypto/include/internal/dso_conf.h
deleted file mode 100644
index e7f2afa987..0000000000
--- a/deps/openssl/openssl/crypto/include/internal/dso_conf.h
+++ /dev/null
@@ -1 +0,0 @@
-#include "../../../config/dso_conf.h"
diff --git a/deps/openssl/openssl/crypto/include/internal/dso_conf.h.in b/deps/openssl/openssl/crypto/include/internal/dso_conf.h.in
index daa5e247a3..d6e9d1b1ba 100644
--- a/deps/openssl/openssl/crypto/include/internal/dso_conf.h.in
+++ b/deps/openssl/openssl/crypto/include/internal/dso_conf.h.in
@@ -1,6 +1,6 @@
 {- join("\n",map { "/* $_ */" } @autowarntext) -}
 /*
- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -10,6 +10,21 @@
 
 #ifndef HEADER_DSO_CONF_H
 # define HEADER_DSO_CONF_H
-
+{- output_off() if $disabled{dso} -}
+{-  # The DSO code currently always implements all functions so that no
+    # applications will have to worry about that from a compilation point
+    # of view. However, the "method"s may return zero unless that platform
+    # has support compiled in for them. Currently each method is enabled
+    # by a define "DSO_<name>" ... we translate the "dso_scheme" config
+    # string entry into using the following logic;
+    my $scheme = uc $target{dso_scheme};
+    my @macros = ( "DSO_$scheme" );
+    if ($scheme eq 'DLFCN') {
+        @macros = ( "DSO_DLFCN", "HAVE_DLFCN_H" );
+    } elsif ($scheme eq "DLFCN_NO_H") {
+        @macros = ( "DSO_DLFCN" );
+    }
+    join("\n", map { "# define $_" } @macros); -}
 # define DSO_EXTENSION "{- $target{dso_extension} -}"
+{- output_on() if $disabled{dso} -}
 #endif
diff --git a/deps/openssl/openssl/crypto/include/internal/ec_int.h b/deps/openssl/openssl/crypto/include/internal/ec_int.h
new file mode 100644
index 0000000000..182c39cc80
--- /dev/null
+++ b/deps/openssl/openssl/crypto/include/internal/ec_int.h
@@ -0,0 +1,53 @@
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Internal EC functions for other submodules: not for application use */
+
+#ifndef HEADER_OSSL_EC_INTERNAL_H
+# define HEADER_OSSL_EC_INTERNAL_H
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_EC
+
+#  include <openssl/ec.h>
+
+/*-
+ * Computes the multiplicative inverse of x in the range
+ * [1,EC_GROUP::order), where EC_GROUP::order is the cardinality of the
+ * subgroup generated by the generator G:
+ *
+ *         res := x^(-1) (mod EC_GROUP::order).
+ *
+ * This function expects the following two conditions to hold:
+ *  - the EC_GROUP order is prime, and
+ *  - x is included in the range [1, EC_GROUP::order).
+ *
+ * This function returns 1 on success, 0 on error.
+ *
+ * If the EC_GROUP order is even, this function explicitly returns 0 as
+ * an error.
+ * In case any of the two conditions stated above is not satisfied,
+ * the correctness of its output is not guaranteed, even if the return
+ * value could still be 1 (as primality testing and a conditional modular
+ * reduction round on the input can be omitted by the underlying
+ * implementations for better SCA properties on regular input values).
+ */
+__owur int ec_group_do_inverse_ord(const EC_GROUP *group, BIGNUM *res,
+                                   const BIGNUM *x, BN_CTX *ctx);
+
+/*-
+ * ECDH Key Derivation Function as defined in ANSI X9.63
+ */
+int ecdh_KDF_X9_63(unsigned char *out, size_t outlen,
+                   const unsigned char *Z, size_t Zlen,
+                   const unsigned char *sinfo, size_t sinfolen,
+                   const EVP_MD *md);
+
+# endif /* OPENSSL_NO_EC */
+#endif
diff --git a/deps/openssl/openssl/crypto/include/internal/engine.h b/deps/openssl/openssl/crypto/include/internal/engine.h
index 977cf06d43..f80ae3ec30 100644
--- a/deps/openssl/openssl/crypto/include/internal/engine.h
+++ b/deps/openssl/openssl/crypto/include/internal/engine.h
@@ -10,7 +10,7 @@
 #include <openssl/engine.h>
 
 void engine_load_openssl_int(void);
-void engine_load_cryptodev_int(void);
+void engine_load_devcrypto_int(void);
 void engine_load_rdrand_int(void);
 void engine_load_dynamic_int(void);
 void engine_load_padlock_int(void);
diff --git a/deps/openssl/openssl/crypto/include/internal/evp_int.h b/deps/openssl/openssl/crypto/include/internal/evp_int.h
index f34699bfa8..d86aed36f0 100644
--- a/deps/openssl/openssl/crypto/include/internal/evp_int.h
+++ b/deps/openssl/openssl/crypto/include/internal/evp_int.h
@@ -7,6 +7,15 @@
  * https://www.openssl.org/source/license.html
  */
 
+#include <openssl/evp.h>
+#include "internal/refcount.h"
+
+/*
+ * Don't free up md_ctx->pctx in EVP_MD_CTX_reset, use the reserved flag
+ * values in evp.h
+ */
+#define EVP_MD_CTX_FLAG_KEEP_PKEY_CTX   0x0400
+
 struct evp_pkey_ctx_st {
     /* Method associated with this operation */
     const EVP_PKEY_METHOD *pmeth;
@@ -68,6 +77,16 @@ struct evp_pkey_method_st {
     int (*derive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
     int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
     int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value);
+    int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
+                       const unsigned char *tbs, size_t tbslen);
+    int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig,
+                         size_t siglen, const unsigned char *tbs,
+                         size_t tbslen);
+    int (*check) (EVP_PKEY *pkey);
+    int (*public_check) (EVP_PKEY *pkey);
+    int (*param_check) (EVP_PKEY *pkey);
+
+    int (*digest_custom) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
 } /* EVP_PKEY_METHOD */ ;
 
 DEFINE_STACK_OF_CONST(EVP_PKEY_METHOD)
@@ -79,11 +98,19 @@ extern const EVP_PKEY_METHOD dh_pkey_meth;
 extern const EVP_PKEY_METHOD dhx_pkey_meth;
 extern const EVP_PKEY_METHOD dsa_pkey_meth;
 extern const EVP_PKEY_METHOD ec_pkey_meth;
+extern const EVP_PKEY_METHOD sm2_pkey_meth;
 extern const EVP_PKEY_METHOD ecx25519_pkey_meth;
+extern const EVP_PKEY_METHOD ecx448_pkey_meth;
+extern const EVP_PKEY_METHOD ed25519_pkey_meth;
+extern const EVP_PKEY_METHOD ed448_pkey_meth;
 extern const EVP_PKEY_METHOD hmac_pkey_meth;
 extern const EVP_PKEY_METHOD rsa_pkey_meth;
+extern const EVP_PKEY_METHOD rsa_pss_pkey_meth;
+extern const EVP_PKEY_METHOD scrypt_pkey_meth;
 extern const EVP_PKEY_METHOD tls1_prf_pkey_meth;
 extern const EVP_PKEY_METHOD hkdf_pkey_meth;
+extern const EVP_PKEY_METHOD poly1305_pkey_meth;
+extern const EVP_PKEY_METHOD siphash_pkey_meth;
 
 struct evp_md_st {
     int type;
@@ -346,6 +373,21 @@ const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; }
                              cipher##_init_key, NULL, NULL, NULL, NULL)
 
 
+# ifndef OPENSSL_NO_EC
+
+#define X25519_KEYLEN        32
+#define X448_KEYLEN          56
+#define ED448_KEYLEN         57
+
+#define MAX_KEYLEN  ED448_KEYLEN
+
+typedef struct {
+    unsigned char pubkey[MAX_KEYLEN];
+    unsigned char *privkey;
+} ECX_KEY;
+
+#endif
+
 /*
  * Type needs to be a bit field Sub-type needs to be for variations on the
  * method, as in, can it do arbitrary encryption....
@@ -353,7 +395,7 @@ const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; }
 struct evp_pkey_st {
     int type;
     int save_type;
-    int references;
+    CRYPTO_REF_COUNT references;
     const EVP_PKEY_ASN1_METHOD *ameth;
     ENGINE *engine;
     ENGINE *pmeth_engine; /* If not NULL public key ENGINE to use */
@@ -370,6 +412,7 @@ struct evp_pkey_st {
 # endif
 # ifndef OPENSSL_NO_EC
         struct ec_key_st *ec;   /* ECC */
+        ECX_KEY *ecx;           /* X25519, X448, Ed25519, Ed448 */
 # endif
     } pkey;
     int save_parameters;
@@ -381,10 +424,19 @@ struct evp_pkey_st {
 void openssl_add_all_ciphers_int(void);
 void openssl_add_all_digests_int(void);
 void evp_cleanup_int(void);
+void evp_app_cleanup_int(void);
 
-/* Pulling defines out of C soure files */
+/* Pulling defines out of C source files */
 
 #define EVP_RC4_KEY_SIZE 16
 #ifndef TLS1_1_VERSION
 # define TLS1_1_VERSION   0x0302
 #endif
+
+void evp_encode_ctx_set_flags(EVP_ENCODE_CTX *ctx, unsigned int flags);
+
+/* EVP_ENCODE_CTX flags */
+/* Don't generate new lines when encoding */
+#define EVP_ENCODE_CTX_NO_NEWLINES          1
+/* Use the SRP base64 alphabet instead of the standard one */
+#define EVP_ENCODE_CTX_USE_SRP_ALPHABET     2
diff --git a/deps/openssl/openssl/crypto/include/internal/md32_common.h b/deps/openssl/openssl/crypto/include/internal/md32_common.h
index 6e4ce14e99..1124e9c24b 100644
--- a/deps/openssl/openssl/crypto/include/internal/md32_common.h
+++ b/deps/openssl/openssl/crypto/include/internal/md32_common.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -22,7 +22,7 @@
  * HASH_CBLOCK
  *      size of a unit chunk HASH_BLOCK operates on.
  * HASH_LONG
- *      has to be at lest 32 bit wide.
+ *      has to be at least 32 bit wide.
  * HASH_CTX
  *      context structure that at least contains following
  *      members:
@@ -48,7 +48,7 @@
  *      name of "block" function capable of treating *unaligned* input
  *      message in original (data) byte order, implemented externally.
  * HASH_MAKE_STRING
- *      macro convering context variables to an ASCII hash string.
+ *      macro converting context variables to an ASCII hash string.
  *
  * MD5 example:
  *
@@ -61,8 +61,6 @@
  *      #define HASH_TRANSFORM          MD5_Transform
  *      #define HASH_FINAL              MD5_Final
  *      #define HASH_BLOCK_DATA_ORDER   md5_block_data_order
- *
- *                                      <appro@fy.chalmers.se>
  */
 
 #include <openssl/crypto.h>
@@ -95,155 +93,36 @@
 # error "HASH_BLOCK_DATA_ORDER must be defined!"
 #endif
 
-/*
- * Engage compiler specific rotate intrinsic function if available.
- */
-#undef ROTATE
-#ifndef PEDANTIC
-# if defined(_MSC_VER)
-#  define ROTATE(a,n)   _lrotl(a,n)
-# elif defined(__ICC)
-#  define ROTATE(a,n)   _rotl(a,n)
-# elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
-  /*
-   * Some GNU C inline assembler templates. Note that these are
-   * rotates by *constant* number of bits! But that's exactly
-   * what we need here...
-   *                                    <appro@fy.chalmers.se>
-   */
-#  if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
-#   define ROTATE(a,n)  ({ register unsigned int ret;   \
-                                asm (                   \
-                                "roll %1,%0"            \
-                                : "=r"(ret)             \
-                                : "I"(n), "0"((unsigned int)(a))        \
-                                : "cc");                \
-                           ret;                         \
-                        })
-#  elif defined(_ARCH_PPC) || defined(_ARCH_PPC64) || \
-        defined(__powerpc) || defined(__ppc__) || defined(__powerpc64__)
-#   define ROTATE(a,n)  ({ register unsigned int ret;   \
-                                asm (                   \
-                                "rlwinm %0,%1,%2,0,31"  \
-                                : "=r"(ret)             \
-                                : "r"(a), "I"(n));      \
-                           ret;                         \
-                        })
-#  elif defined(__s390x__)
-#   define ROTATE(a,n) ({ register unsigned int ret;    \
-                                asm ("rll %0,%1,%2"     \
-                                : "=r"(ret)             \
-                                : "r"(a), "I"(n));      \
-                          ret;                          \
-                        })
-#  endif
-# endif
-#endif                          /* PEDANTIC */
-
-#ifndef ROTATE
-# define ROTATE(a,n)     (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
-#endif
+#define ROTATE(a,n)     (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
 
 #if defined(DATA_ORDER_IS_BIG_ENDIAN)
 
-# ifndef PEDANTIC
-#  if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
-#   if ((defined(__i386) || defined(__i386__)) && !defined(I386_ONLY)) || \
-      (defined(__x86_64) || defined(__x86_64__))
-#    if !defined(B_ENDIAN)
-    /*
-     * This gives ~30-40% performance improvement in SHA-256 compiled
-     * with gcc [on P4]. Well, first macro to be frank. We can pull
-     * this trick on x86* platforms only, because these CPUs can fetch
-     * unaligned data without raising an exception.
-     */
-#     define HOST_c2l(c,l)        ({ unsigned int r=*((const unsigned int *)(c)); \
-                                   asm ("bswapl %0":"=r"(r):"0"(r));    \
-                                   (c)+=4; (l)=r;                       })
-#     define HOST_l2c(l,c)        ({ unsigned int r=(l);                  \
-                                   asm ("bswapl %0":"=r"(r):"0"(r));    \
-                                   *((unsigned int *)(c))=r; (c)+=4; r; })
-#    endif
-#   elif defined(__aarch64__)
-#    if defined(__BYTE_ORDER__)
-#     if defined(__ORDER_LITTLE_ENDIAN__) && __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__
-#      define HOST_c2l(c,l)      ({ unsigned int r;              \
-                                   asm ("rev    %w0,%w1"        \
-                                        :"=r"(r)                \
-                                        :"r"(*((const unsigned int *)(c))));\
-                                   (c)+=4; (l)=r;               })
-#      define HOST_l2c(l,c)      ({ unsigned int r;              \
-                                   asm ("rev    %w0,%w1"        \
-                                        :"=r"(r)                \
-                                        :"r"((unsigned int)(l)));\
-                                   *((unsigned int *)(c))=r; (c)+=4; r; })
-#     elif defined(__ORDER_BIG_ENDIAN__) && __BYTE_ORDER__==__ORDER_BIG_ENDIAN__
-#      define HOST_c2l(c,l)      ((l)=*((const unsigned int *)(c)), (c)+=4, (l))
-#      define HOST_l2c(l,c)      (*((unsigned int *)(c))=(l), (c)+=4, (l))
-#     endif
-#    endif
-#   endif
-#  endif
-#  if defined(__s390__) || defined(__s390x__)
-#   define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, (l))
-#   define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l))
-#  endif
-# endif
-
-# ifndef HOST_c2l
-#  define HOST_c2l(c,l)   (l =(((unsigned long)(*((c)++)))<<24),          \
+# define HOST_c2l(c,l)  (l =(((unsigned long)(*((c)++)))<<24),          \
                          l|=(((unsigned long)(*((c)++)))<<16),          \
                          l|=(((unsigned long)(*((c)++)))<< 8),          \
                          l|=(((unsigned long)(*((c)++)))    )           )
-# endif
-# ifndef HOST_l2c
-#  define HOST_l2c(l,c)   (*((c)++)=(unsigned char)(((l)>>24)&0xff),      \
+# define HOST_l2c(l,c)  (*((c)++)=(unsigned char)(((l)>>24)&0xff),      \
                          *((c)++)=(unsigned char)(((l)>>16)&0xff),      \
                          *((c)++)=(unsigned char)(((l)>> 8)&0xff),      \
                          *((c)++)=(unsigned char)(((l)    )&0xff),      \
                          l)
-# endif
 
 #elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
 
-# ifndef PEDANTIC
-#  if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
-#   if defined(__s390x__)
-#    define HOST_c2l(c,l)        ({ asm ("lrv    %0,%1"                  \
-                                   :"=d"(l) :"m"(*(const unsigned int *)(c)));\
-                                   (c)+=4; (l);                         })
-#    define HOST_l2c(l,c)        ({ asm ("strv   %1,%0"                  \
-                                   :"=m"(*(unsigned int *)(c)) :"d"(l));\
-                                   (c)+=4; (l);                         })
-#   endif
-#  endif
-#  if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
-#   ifndef B_ENDIAN
-    /* See comment in DATA_ORDER_IS_BIG_ENDIAN section. */
-#    define HOST_c2l(c,l)        ((l)=*((const unsigned int *)(c)), (c)+=4, l)
-#    define HOST_l2c(l,c)        (*((unsigned int *)(c))=(l), (c)+=4, l)
-#   endif
-#  endif
-# endif
-
-# ifndef HOST_c2l
-#  define HOST_c2l(c,l)   (l =(((unsigned long)(*((c)++)))    ),          \
+# define HOST_c2l(c,l)  (l =(((unsigned long)(*((c)++)))    ),          \
                          l|=(((unsigned long)(*((c)++)))<< 8),          \
                          l|=(((unsigned long)(*((c)++)))<<16),          \
                          l|=(((unsigned long)(*((c)++)))<<24)           )
-# endif
-# ifndef HOST_l2c
-#  define HOST_l2c(l,c)   (*((c)++)=(unsigned char)(((l)    )&0xff),      \
+# define HOST_l2c(l,c)  (*((c)++)=(unsigned char)(((l)    )&0xff),      \
                          *((c)++)=(unsigned char)(((l)>> 8)&0xff),      \
                          *((c)++)=(unsigned char)(((l)>>16)&0xff),      \
                          *((c)++)=(unsigned char)(((l)>>24)&0xff),      \
                          l)
-# endif
 
 #endif
 
 /*
- * Time for some action:-)
+ * Time for some action :-)
  */
 
 int HASH_UPDATE(HASH_CTX *c, const void *data_, size_t len)
@@ -257,10 +136,6 @@ int HASH_UPDATE(HASH_CTX *c, const void *data_, size_t len)
         return 1;
 
     l = (c->Nl + (((HASH_LONG) len) << 3)) & 0xffffffffUL;
-    /*
-     * 95-05-24 eay Fixed a bug with the overflow handling, thanks to Wei Dai
-     * <weidai@eskimo.com> for pointing it out.
-     */
     if (l < c->Nl)              /* overflow */
         c->Nh++;
     c->Nh += (HASH_LONG) (len >> 29); /* might cause compiler warning on
@@ -368,7 +243,6 @@ int HASH_FINAL(unsigned char *md, HASH_CTX *c)
  * improvement under SPARC Solaris7/64 and 5% under AlphaLinux.
  * Well, to be honest it should say that this *prevents*
  * performance degradation.
- *                              <appro@fy.chalmers.se>
  */
 # else
 /*
@@ -376,7 +250,6 @@ int HASH_FINAL(unsigned char *md, HASH_CTX *c)
  * generate better code if MD32_REG_T is defined int. The above
  * pre-processor condition reflects the circumstances under which
  * the conclusion was made and is subject to further extension.
- *                              <appro@fy.chalmers.se>
  */
 #  define MD32_REG_T int
 # endif
diff --git a/deps/openssl/openssl/crypto/include/internal/poly1305.h b/deps/openssl/openssl/crypto/include/internal/poly1305.h
index 1bc8716fca..5fef239d0f 100644
--- a/deps/openssl/openssl/crypto/include/internal/poly1305.h
+++ b/deps/openssl/openssl/crypto/include/internal/poly1305.h
@@ -9,7 +9,9 @@
 
 #include <stddef.h>
 
-#define POLY1305_BLOCK_SIZE 16
+#define POLY1305_BLOCK_SIZE  16
+#define POLY1305_DIGEST_SIZE 16
+#define POLY1305_KEY_SIZE    32
 
 typedef struct poly1305_context POLY1305;
 
diff --git a/deps/openssl/openssl/crypto/include/internal/rand.h b/deps/openssl/openssl/crypto/include/internal/rand.h
deleted file mode 100644
index 30887c4a7c..0000000000
--- a/deps/openssl/openssl/crypto/include/internal/rand.h
+++ /dev/null
@@ -1,20 +0,0 @@
-/*
- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-/*
- * Licensed under the OpenSSL licenses, (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- * https://www.openssl.org/source/license.html
- * or in the file LICENSE in the source distribution.
- */
-
-#include <openssl/rand.h>
-
-void rand_cleanup_int(void);
diff --git a/deps/openssl/openssl/crypto/include/internal/rand_int.h b/deps/openssl/openssl/crypto/include/internal/rand_int.h
new file mode 100644
index 0000000000..888cab1b8f
--- /dev/null
+++ b/deps/openssl/openssl/crypto/include/internal/rand_int.h
@@ -0,0 +1,134 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Licensed under the OpenSSL licenses, (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * https://www.openssl.org/source/license.html
+ * or in the file LICENSE in the source distribution.
+ */
+
+#ifndef HEADER_RAND_INT_H
+# define HEADER_RAND_INT_H
+
+# include <openssl/rand.h>
+
+/* forward declaration */
+typedef struct rand_pool_st RAND_POOL;
+
+void rand_cleanup_int(void);
+void rand_drbg_cleanup_int(void);
+void drbg_delete_thread_state(void);
+void rand_fork(void);
+
+/* Hardware-based seeding functions. */
+size_t rand_acquire_entropy_from_tsc(RAND_POOL *pool);
+size_t rand_acquire_entropy_from_cpu(RAND_POOL *pool);
+
+/* DRBG entropy callbacks. */
+size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
+                             unsigned char **pout,
+                             int entropy, size_t min_len, size_t max_len,
+                             int prediction_resistance);
+void rand_drbg_cleanup_entropy(RAND_DRBG *drbg,
+                               unsigned char *out, size_t outlen);
+size_t rand_drbg_get_nonce(RAND_DRBG *drbg,
+                           unsigned char **pout,
+                           int entropy, size_t min_len, size_t max_len);
+void rand_drbg_cleanup_nonce(RAND_DRBG *drbg,
+                             unsigned char *out, size_t outlen);
+
+size_t rand_drbg_get_additional_data(RAND_POOL *pool, unsigned char **pout);
+
+void rand_drbg_cleanup_additional_data(RAND_POOL *pool, unsigned char *out);
+
+/*
+ * RAND_POOL functions
+ */
+RAND_POOL *rand_pool_new(int entropy_requested, size_t min_len, size_t max_len);
+RAND_POOL *rand_pool_attach(const unsigned char *buffer, size_t len,
+                            size_t entropy);
+void rand_pool_free(RAND_POOL *pool);
+
+const unsigned char *rand_pool_buffer(RAND_POOL *pool);
+unsigned char *rand_pool_detach(RAND_POOL *pool);
+void rand_pool_reattach(RAND_POOL *pool, unsigned char *buffer);
+
+size_t rand_pool_entropy(RAND_POOL *pool);
+size_t rand_pool_length(RAND_POOL *pool);
+
+size_t rand_pool_entropy_available(RAND_POOL *pool);
+size_t rand_pool_entropy_needed(RAND_POOL *pool);
+/* |entropy_factor| expresses how many bits of data contain 1 bit of entropy */
+size_t rand_pool_bytes_needed(RAND_POOL *pool, unsigned int entropy_factor);
+size_t rand_pool_bytes_remaining(RAND_POOL *pool);
+
+int rand_pool_add(RAND_POOL *pool,
+                  const unsigned char *buffer, size_t len, size_t entropy);
+unsigned char *rand_pool_add_begin(RAND_POOL *pool, size_t len);
+int rand_pool_add_end(RAND_POOL *pool, size_t len, size_t entropy);
+
+
+/*
+ * Add random bytes to the pool to acquire requested amount of entropy
+ *
+ * This function is platform specific and tries to acquire the requested
+ * amount of entropy by polling platform specific entropy sources.
+ *
+ * If the function succeeds in acquiring at least |entropy_requested| bits
+ * of entropy, the total entropy count is returned. If it fails, it returns
+ * an entropy count of 0.
+ */
+size_t rand_pool_acquire_entropy(RAND_POOL *pool);
+
+/*
+ * Add some application specific nonce data
+ *
+ * This function is platform specific and adds some application specific
+ * data to the nonce used for instantiating the drbg.
+ *
+ * This data currently consists of the process and thread id, and a high
+ * resolution timestamp. The data does not include an atomic counter,
+ * because that is added by the calling function rand_drbg_get_nonce().
+ *
+ * Returns 1 on success and 0 on failure.
+ */
+int rand_pool_add_nonce_data(RAND_POOL *pool);
+
+
+/*
+ * Add some platform specific additional data
+ *
+ * This function is platform specific and adds some random noise to the
+ * additional data used for generating random bytes and for reseeding
+ * the drbg.
+ *
+ * Returns 1 on success and 0 on failure.
+ */
+int rand_pool_add_additional_data(RAND_POOL *pool);
+
+/*
+ * Initialise the random pool reseeding sources.
+ *
+ * Returns 1 on success and 0 on failure.
+ */
+int rand_pool_init(void);
+
+/*
+ * Finalise the random pool reseeding sources.
+ */
+void rand_pool_cleanup(void);
+
+/*
+ * Control the random pool use of open file descriptors.
+ */
+void rand_pool_keep_random_devices_open(int keep);
+
+#endif
diff --git a/deps/openssl/openssl/crypto/include/internal/sha.h b/deps/openssl/openssl/crypto/include/internal/sha.h
new file mode 100644
index 0000000000..458a75e89d
--- /dev/null
+++ b/deps/openssl/openssl/crypto/include/internal/sha.h
@@ -0,0 +1,19 @@
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2018, Oracle and/or its affiliates.  All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_INTERNAL_SHA_H
+# define HEADER_INTERNAL_SHA_H
+
+# include <openssl/opensslconf.h>
+
+int sha512_224_init(SHA512_CTX *);
+int sha512_256_init(SHA512_CTX *);
+
+#endif
diff --git a/deps/openssl/openssl/crypto/include/internal/siphash.h b/deps/openssl/openssl/crypto/include/internal/siphash.h
new file mode 100644
index 0000000000..9573680f0f
--- /dev/null
+++ b/deps/openssl/openssl/crypto/include/internal/siphash.h
@@ -0,0 +1,25 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stddef.h>
+
+#define SIPHASH_BLOCK_SIZE        8
+#define SIPHASH_KEY_SIZE         16
+#define SIPHASH_MIN_DIGEST_SIZE   8
+#define SIPHASH_MAX_DIGEST_SIZE  16
+
+typedef struct siphash_st SIPHASH;
+
+size_t SipHash_ctx_size(void);
+size_t SipHash_hash_size(SIPHASH *ctx);
+int SipHash_set_hash_size(SIPHASH *ctx, size_t hash_size);
+int SipHash_Init(SIPHASH *ctx, const unsigned char *k,
+                 int crounds, int drounds);
+void SipHash_Update(SIPHASH *ctx, const unsigned char *in, size_t inlen);
+int SipHash_Final(SIPHASH *ctx, unsigned char *out, size_t outlen);
diff --git a/deps/openssl/openssl/crypto/include/internal/sm2.h b/deps/openssl/openssl/crypto/include/internal/sm2.h
new file mode 100644
index 0000000000..5c5cd4b4f5
--- /dev/null
+++ b/deps/openssl/openssl/crypto/include/internal/sm2.h
@@ -0,0 +1,78 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 Ribose Inc. All Rights Reserved.
+ * Ported from Ribose contributions from Botan.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_SM2_H
+# define HEADER_SM2_H
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_SM2
+
+#  include <openssl/ec.h>
+
+/* The default user id as specified in GM/T 0009-2012 */
+#  define SM2_DEFAULT_USERID "1234567812345678"
+
+int sm2_compute_z_digest(uint8_t *out,
+                         const EVP_MD *digest,
+                         const uint8_t *id,
+                         const size_t id_len,
+                         const EC_KEY *key);
+
+/*
+ * SM2 signature operation. Computes Z and then signs H(Z || msg) using SM2
+ */
+ECDSA_SIG *sm2_do_sign(const EC_KEY *key,
+                       const EVP_MD *digest,
+                       const uint8_t *id,
+                       const size_t id_len,
+                       const uint8_t *msg, size_t msg_len);
+
+int sm2_do_verify(const EC_KEY *key,
+                  const EVP_MD *digest,
+                  const ECDSA_SIG *signature,
+                  const uint8_t *id,
+                  const size_t id_len,
+                  const uint8_t *msg, size_t msg_len);
+
+/*
+ * SM2 signature generation.
+ */
+int sm2_sign(const unsigned char *dgst, int dgstlen,
+             unsigned char *sig, unsigned int *siglen, EC_KEY *eckey);
+
+/*
+ * SM2 signature verification.
+ */
+int sm2_verify(const unsigned char *dgst, int dgstlen,
+               const unsigned char *sig, int siglen, EC_KEY *eckey);
+
+/*
+ * SM2 encryption
+ */
+int sm2_ciphertext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len,
+                        size_t *ct_size);
+
+int sm2_plaintext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len,
+                       size_t *pt_size);
+
+int sm2_encrypt(const EC_KEY *key,
+                const EVP_MD *digest,
+                const uint8_t *msg,
+                size_t msg_len,
+                uint8_t *ciphertext_buf, size_t *ciphertext_len);
+
+int sm2_decrypt(const EC_KEY *key,
+                const EVP_MD *digest,
+                const uint8_t *ciphertext,
+                size_t ciphertext_len, uint8_t *ptext_buf, size_t *ptext_len);
+
+# endif /* OPENSSL_NO_SM2 */
+#endif
diff --git a/deps/openssl/openssl/crypto/include/internal/sm2err.h b/deps/openssl/openssl/crypto/include/internal/sm2err.h
new file mode 100644
index 0000000000..a4db1b73d7
--- /dev/null
+++ b/deps/openssl/openssl/crypto/include/internal/sm2err.h
@@ -0,0 +1,61 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_SM2ERR_H
+# define HEADER_SM2ERR_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_SM2
+
+#  ifdef  __cplusplus
+extern "C"
+#  endif
+int ERR_load_SM2_strings(void);
+
+/*
+ * SM2 function codes.
+ */
+#  define SM2_F_PKEY_SM2_COPY                              115
+#  define SM2_F_PKEY_SM2_CTRL                              109
+#  define SM2_F_PKEY_SM2_CTRL_STR                          110
+#  define SM2_F_PKEY_SM2_DIGEST_CUSTOM                     114
+#  define SM2_F_PKEY_SM2_INIT                              111
+#  define SM2_F_PKEY_SM2_SIGN                              112
+#  define SM2_F_SM2_COMPUTE_MSG_HASH                       100
+#  define SM2_F_SM2_COMPUTE_USERID_DIGEST                  101
+#  define SM2_F_SM2_COMPUTE_Z_DIGEST                       113
+#  define SM2_F_SM2_DECRYPT                                102
+#  define SM2_F_SM2_ENCRYPT                                103
+#  define SM2_F_SM2_PLAINTEXT_SIZE                         104
+#  define SM2_F_SM2_SIGN                                   105
+#  define SM2_F_SM2_SIG_GEN                                106
+#  define SM2_F_SM2_SIG_VERIFY                             107
+#  define SM2_F_SM2_VERIFY                                 108
+
+/*
+ * SM2 reason codes.
+ */
+#  define SM2_R_ASN1_ERROR                                 100
+#  define SM2_R_BAD_SIGNATURE                              101
+#  define SM2_R_BUFFER_TOO_SMALL                           107
+#  define SM2_R_DIST_ID_TOO_LARGE                          110
+#  define SM2_R_ID_NOT_SET                                 112
+#  define SM2_R_ID_TOO_LARGE                               111
+#  define SM2_R_INVALID_CURVE                              108
+#  define SM2_R_INVALID_DIGEST                             102
+#  define SM2_R_INVALID_DIGEST_TYPE                        103
+#  define SM2_R_INVALID_ENCODING                           104
+#  define SM2_R_INVALID_FIELD                              105
+#  define SM2_R_NO_PARAMETERS_SET                          109
+#  define SM2_R_USER_ID_TOO_LARGE                          106
+
+# endif
+#endif
diff --git a/deps/openssl/openssl/crypto/include/internal/sm3.h b/deps/openssl/openssl/crypto/include/internal/sm3.h
new file mode 100644
index 0000000000..27eb471c28
--- /dev/null
+++ b/deps/openssl/openssl/crypto/include/internal/sm3.h
@@ -0,0 +1,39 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 Ribose Inc. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_SM3_H
+# define HEADER_SM3_H
+
+# include <openssl/opensslconf.h>
+
+# ifdef OPENSSL_NO_SM3
+#  error SM3 is disabled.
+# endif
+
+# define SM3_DIGEST_LENGTH 32
+# define SM3_WORD unsigned int
+
+# define SM3_CBLOCK      64
+# define SM3_LBLOCK      (SM3_CBLOCK/4)
+
+typedef struct SM3state_st {
+   SM3_WORD A, B, C, D, E, F, G, H;
+   SM3_WORD Nl, Nh;
+   SM3_WORD data[SM3_LBLOCK];
+   unsigned int num;
+} SM3_CTX;
+
+int sm3_init(SM3_CTX *c);
+int sm3_update(SM3_CTX *c, const void *data, size_t len);
+int sm3_final(unsigned char *md, SM3_CTX *c);
+
+void sm3_block_data_order(SM3_CTX *c, const void *p, size_t num);
+
+#endif
diff --git a/deps/openssl/openssl/crypto/include/internal/sm4.h b/deps/openssl/openssl/crypto/include/internal/sm4.h
new file mode 100644
index 0000000000..f1f157ef53
--- /dev/null
+++ b/deps/openssl/openssl/crypto/include/internal/sm4.h
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 Ribose Inc. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_SM4_H
+# define HEADER_SM4_H
+
+# include <openssl/opensslconf.h>
+# include <openssl/e_os2.h>
+
+# ifdef OPENSSL_NO_SM4
+#  error SM4 is disabled.
+# endif
+
+# define SM4_ENCRYPT     1
+# define SM4_DECRYPT     0
+
+# define SM4_BLOCK_SIZE    16
+# define SM4_KEY_SCHEDULE  32
+
+typedef struct SM4_KEY_st {
+    uint32_t rk[SM4_KEY_SCHEDULE];
+} SM4_KEY;
+
+int SM4_set_key(const uint8_t *key, SM4_KEY *ks);
+
+void SM4_encrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks);
+
+void SM4_decrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks);
+
+#endif
diff --git a/deps/openssl/openssl/crypto/pkcs7/pk7_dgst.c b/deps/openssl/openssl/crypto/include/internal/store.h
index 965fb37eab..f5013dc367 100644
--- a/deps/openssl/openssl/crypto/pkcs7/pk7_dgst.c
+++ b/deps/openssl/openssl/crypto/include/internal/store.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -7,9 +7,4 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
-#include "internal/cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/pkcs7.h>
+void ossl_store_cleanup_int(void);
diff --git a/deps/openssl/openssl/crypto/include/internal/store_int.h b/deps/openssl/openssl/crypto/include/internal/store_int.h
new file mode 100644
index 0000000000..6f31e019ea
--- /dev/null
+++ b/deps/openssl/openssl/crypto/include/internal/store_int.h
@@ -0,0 +1,26 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_STORE_INT_H
+# define HEADER_STORE_INT_H
+
+# include <openssl/bio.h>
+# include <openssl/store.h>
+# include <openssl/ui.h>
+
+/*
+ * Two functions to read PEM data off an already opened BIO.  To be used
+ * instead of OSSLSTORE_open() and OSSLSTORE_close().  Everything is done
+ * as usual with OSSLSTORE_load() and OSSLSTORE_eof().
+ */
+OSSL_STORE_CTX *ossl_store_attach_pem_bio(BIO *bp, const UI_METHOD *ui_method,
+                                          void *ui_data);
+int ossl_store_detach_pem_bio(OSSL_STORE_CTX *ctx);
+
+#endif
diff --git a/deps/openssl/openssl/crypto/include/internal/x509_int.h b/deps/openssl/openssl/crypto/include/internal/x509_int.h
index eb43997704..b53c2b03c3 100644
--- a/deps/openssl/openssl/crypto/include/internal/x509_int.h
+++ b/deps/openssl/openssl/crypto/include/internal/x509_int.h
@@ -7,6 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
+#include "internal/refcount.h"
+
 /* Internal X509 structures and functions: not for application use */
 
 /* Note: unless otherwise stated a field pointer is mandatory and should
@@ -35,6 +37,19 @@ struct X509_name_st {
     int canon_enclen;
 } /* X509_NAME */ ;
 
+/* Signature info structure */
+
+struct x509_sig_info_st {
+    /* NID of message digest */
+    int mdnid;
+    /* NID of public key algorithm */
+    int pknid;
+    /* Security bits */
+    int secbits;
+    /* Various flags */
+    uint32_t flags;
+};
+
 /* PKCS#10 certificate request */
 
 struct X509_req_info_st {
@@ -54,7 +69,7 @@ struct X509_req_st {
     X509_REQ_INFO req_info;     /* signed certificate request data */
     X509_ALGOR sig_alg;         /* signature algorithm */
     ASN1_BIT_STRING *signature; /* signature */
-    int references;
+    CRYPTO_REF_COUNT references;
     CRYPTO_RWLOCK *lock;
 };
 
@@ -73,7 +88,7 @@ struct X509_crl_st {
     X509_CRL_INFO crl;          /* signed CRL data */
     X509_ALGOR sig_alg;         /* CRL signature algorithm */
     ASN1_BIT_STRING signature;  /* CRL signature */
-    int references;
+    CRYPTO_REF_COUNT references;
     int flags;
     /*
      * Cached copies of decoded extension values, since extensions
@@ -144,7 +159,8 @@ struct x509_st {
     X509_CINF cert_info;
     X509_ALGOR sig_alg;
     ASN1_BIT_STRING signature;
-    int references;
+    X509_SIG_INFO siginf;
+    CRYPTO_REF_COUNT references;
     CRYPTO_EX_DATA ex_data;
     /* These contain copies of various extension values */
     long ex_pathlen;
@@ -266,3 +282,5 @@ struct x509_object_st {
 
 int a2i_ipadd(unsigned char *ipout, const char *ipasc);
 int x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm);
+
+void x509_init_sig_info(X509 *x);
diff --git a/deps/openssl/openssl/crypto/init.c b/deps/openssl/openssl/crypto/init.c
index 2ad946c5bf..209d1a483d 100644
--- a/deps/openssl/openssl/crypto/init.c
+++ b/deps/openssl/openssl/crypto/init.c
@@ -7,23 +7,26 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <internal/cryptlib_int.h>
+#include "e_os.h"
+#include "internal/cryptlib_int.h"
 #include <openssl/err.h>
-#include <internal/rand.h>
-#include <internal/bio.h>
+#include "internal/rand_int.h"
+#include "internal/bio.h"
 #include <openssl/evp.h>
-#include <internal/evp_int.h>
-#include <internal/conf.h>
-#include <internal/async.h>
-#include <internal/engine.h>
-#include <internal/comp.h>
-#include <internal/err.h>
-#include <internal/err_int.h>
-#include <internal/objects.h>
+#include "internal/evp_int.h"
+#include "internal/conf.h"
+#include "internal/async.h"
+#include "internal/engine.h"
+#include "internal/comp.h"
+#include "internal/err.h"
+#include "internal/err_int.h"
+#include "internal/objects.h"
 #include <stdlib.h>
 #include <assert.h>
-#include <internal/thread_once.h>
-#include <internal/dso.h>
+#include "internal/thread_once.h"
+#include "internal/dso_conf.h"
+#include "internal/dso.h"
+#include "internal/store.h"
 
 static int stopped = 0;
 
@@ -90,6 +93,9 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_base)
 #ifdef OPENSSL_INIT_DEBUG
     fprintf(stderr, "OPENSSL_INIT: ossl_init_base: Setting up stop handlers\n");
 #endif
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    ossl_malloc_setup_failures();
+#endif
     if (!CRYPTO_THREAD_init_local(&key, ossl_init_thread_destructor))
         return 0;
     if ((init_lock = CRYPTO_THREAD_lock_new()) == NULL)
@@ -191,7 +197,7 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_strings)
 # endif
     ret = err_load_crypto_strings_int();
     load_crypto_strings_inited = 1;
-#endif    
+#endif
     return ret;
 }
 
@@ -284,16 +290,15 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_engine_openssl)
     engine_load_openssl_int();
     return 1;
 }
-# if !defined(OPENSSL_NO_HW) && \
-    (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV))
-static CRYPTO_ONCE engine_cryptodev = CRYPTO_ONCE_STATIC_INIT;
-DEFINE_RUN_ONCE_STATIC(ossl_init_engine_cryptodev)
+# ifndef OPENSSL_NO_DEVCRYPTOENG
+static CRYPTO_ONCE engine_devcrypto = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(ossl_init_engine_devcrypto)
 {
 #  ifdef OPENSSL_INIT_DEBUG
-    fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_cryptodev: "
-                    "engine_load_cryptodev_int()\n");
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_devcrypto: "
+                    "engine_load_devcrypto_int()\n");
 #  endif
-    engine_load_cryptodev_int();
+    engine_load_devcrypto_int();
     return 1;
 }
 # endif
@@ -394,6 +399,14 @@ static void ossl_init_thread_stop(struct thread_local_inits_st *locals)
         err_delete_thread_state();
     }
 
+    if (locals->rand) {
+#ifdef OPENSSL_INIT_DEBUG
+        fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_stop: "
+                        "drbg_delete_thread_state()\n");
+#endif
+        drbg_delete_thread_state();
+    }
+
     OPENSSL_free(locals);
 }
 
@@ -431,6 +444,14 @@ int ossl_init_thread_start(uint64_t opts)
         locals->err_state = 1;
     }
 
+    if (opts & OPENSSL_INIT_THREAD_RAND) {
+#ifdef OPENSSL_INIT_DEBUG
+        fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_start: "
+                        "marking thread for rand\n");
+#endif
+        locals->rand = 1;
+    }
+
     return 1;
 }
 
@@ -464,6 +485,7 @@ void OPENSSL_cleanup(void)
     stop_handlers = NULL;
 
     CRYPTO_THREAD_lock_free(init_lock);
+    init_lock = NULL;
 
     /*
      * We assume we are single-threaded for this function, i.e. no race
@@ -534,16 +556,20 @@ void OPENSSL_cleanup(void)
      * obj_cleanup_int() must be called last
      */
     rand_cleanup_int();
+    rand_drbg_cleanup_int();
     conf_modules_free_int();
 #ifndef OPENSSL_NO_ENGINE
     engine_cleanup_int();
 #endif
+    ossl_store_cleanup_int();
     crypto_cleanup_all_ex_data_int();
     bio_cleanup();
     evp_cleanup_int();
     obj_cleanup_int();
     err_cleanup();
 
+    CRYPTO_secure_malloc_done();
+
     base_inited = 0;
 }
 
@@ -593,6 +619,10 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
             && !RUN_ONCE(&add_all_digests, ossl_init_add_all_digests))
         return 0;
 
+    if ((opts & OPENSSL_INIT_ATFORK)
+            && !openssl_init_fork_handlers())
+        return 0;
+
     if ((opts & OPENSSL_INIT_NO_LOAD_CONFIG)
             && !RUN_ONCE(&config, ossl_init_no_config))
         return 0;
@@ -615,10 +645,9 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
     if ((opts & OPENSSL_INIT_ENGINE_OPENSSL)
             && !RUN_ONCE(&engine_openssl, ossl_init_engine_openssl))
         return 0;
-# if !defined(OPENSSL_NO_HW) && \
-    (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV))
+# if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_DEVCRYPTOENG)
     if ((opts & OPENSSL_INIT_ENGINE_CRYPTODEV)
-            && !RUN_ONCE(&engine_cryptodev, ossl_init_engine_cryptodev))
+            && !RUN_ONCE(&engine_devcrypto, ossl_init_engine_devcrypto))
         return 0;
 # endif
 # ifndef OPENSSL_NO_RDRAND
@@ -715,9 +744,10 @@ int OPENSSL_atexit(void (*handler)(void))
     }
 #endif
 
-    newhand = OPENSSL_malloc(sizeof(*newhand));
-    if (newhand == NULL)
+    if ((newhand = OPENSSL_malloc(sizeof(*newhand))) == NULL) {
+        CRYPTOerr(CRYPTO_F_OPENSSL_ATEXIT, ERR_R_MALLOC_FAILURE);
         return 0;
+    }
 
     newhand->handler = handler;
     newhand->next = stop_handlers;
@@ -725,3 +755,29 @@ int OPENSSL_atexit(void (*handler)(void))
 
     return 1;
 }
+
+#ifdef OPENSSL_SYS_UNIX
+/*
+ * The following three functions are for OpenSSL developers.  This is
+ * where we set/reset state across fork (called via pthread_atfork when
+ * it exists, or manually by the application when it doesn't).
+ *
+ * WARNING!  If you put code in either OPENSSL_fork_parent or
+ * OPENSSL_fork_child, you MUST MAKE SURE that they are async-signal-
+ * safe.  See this link, for example:
+ *      http://man7.org/linux/man-pages/man7/signal-safety.7.html
+ */
+
+void OPENSSL_fork_prepare(void)
+{
+}
+
+void OPENSSL_fork_parent(void)
+{
+}
+
+void OPENSSL_fork_child(void)
+{
+    rand_fork();
+}
+#endif
diff --git a/deps/openssl/openssl/crypto/kdf/build.info b/deps/openssl/openssl/crypto/kdf/build.info
index cbe2080ed7..c166399d0c 100644
--- a/deps/openssl/openssl/crypto/kdf/build.info
+++ b/deps/openssl/openssl/crypto/kdf/build.info
@@ -1,3 +1,3 @@
 LIBS=../../libcrypto
 SOURCE[../../libcrypto]=\
-        tls1_prf.c kdf_err.c hkdf.c
+        tls1_prf.c kdf_err.c hkdf.c scrypt.c
diff --git a/deps/openssl/openssl/crypto/kdf/hkdf.c b/deps/openssl/openssl/crypto/kdf/hkdf.c
index 0fb55e9c65..ae46fad609 100644
--- a/deps/openssl/openssl/crypto/kdf/hkdf.c
+++ b/deps/openssl/openssl/crypto/kdf/hkdf.c
@@ -34,6 +34,7 @@ static unsigned char *HKDF_Expand(const EVP_MD *evp_md,
                                   unsigned char *okm, size_t okm_len);
 
 typedef struct {
+    int mode;
     const EVP_MD *md;
     unsigned char *salt;
     size_t salt_len;
@@ -47,9 +48,10 @@ static int pkey_hkdf_init(EVP_PKEY_CTX *ctx)
 {
     HKDF_PKEY_CTX *kctx;
 
-    kctx = OPENSSL_zalloc(sizeof(*kctx));
-    if (kctx == NULL)
+    if ((kctx = OPENSSL_zalloc(sizeof(*kctx))) == NULL) {
+        KDFerr(KDF_F_PKEY_HKDF_INIT, ERR_R_MALLOC_FAILURE);
         return 0;
+    }
 
     ctx->data = kctx;
 
@@ -77,6 +79,10 @@ static int pkey_hkdf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
         kctx->md = p2;
         return 1;
 
+    case EVP_PKEY_CTRL_HKDF_MODE:
+        kctx->mode = p1;
+        return 1;
+
     case EVP_PKEY_CTRL_HKDF_SALT:
         if (p1 == 0 || p2 == NULL)
             return 1;
@@ -128,8 +134,24 @@ static int pkey_hkdf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
 static int pkey_hkdf_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
                               const char *value)
 {
+    if (strcmp(type, "mode") == 0) {
+        int mode;
+
+        if (strcmp(value, "EXTRACT_AND_EXPAND") == 0)
+            mode = EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND;
+        else if (strcmp(value, "EXTRACT_ONLY") == 0)
+            mode = EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY;
+        else if (strcmp(value, "EXPAND_ONLY") == 0)
+            mode = EVP_PKEY_HKDEF_MODE_EXPAND_ONLY;
+        else
+            return 0;
+
+        return EVP_PKEY_CTX_hkdf_mode(ctx, mode);
+    }
+
     if (strcmp(type, "md") == 0)
-        return EVP_PKEY_CTX_set_hkdf_md(ctx, EVP_get_digestbyname(value));
+        return EVP_PKEY_CTX_md(ctx, EVP_PKEY_OP_DERIVE,
+                               EVP_PKEY_CTRL_HKDF_MD, value);
 
     if (strcmp(type, "salt") == 0)
         return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_HKDF_SALT, value);
@@ -149,24 +171,57 @@ static int pkey_hkdf_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
     if (strcmp(type, "hexinfo") == 0)
         return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_HKDF_INFO, value);
 
+    KDFerr(KDF_F_PKEY_HKDF_CTRL_STR, KDF_R_UNKNOWN_PARAMETER_TYPE);
     return -2;
 }
 
+static int pkey_hkdf_derive_init(EVP_PKEY_CTX *ctx)
+{
+    HKDF_PKEY_CTX *kctx = ctx->data;
+
+    OPENSSL_clear_free(kctx->key, kctx->key_len);
+    OPENSSL_clear_free(kctx->salt, kctx->salt_len);
+    OPENSSL_cleanse(kctx->info, kctx->info_len);
+    memset(kctx, 0, sizeof(*kctx));
+
+    return 1;
+}
+
 static int pkey_hkdf_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
                             size_t *keylen)
 {
     HKDF_PKEY_CTX *kctx = ctx->data;
 
-    if (kctx->md == NULL || kctx->key == NULL)
+    if (kctx->md == NULL) {
+        KDFerr(KDF_F_PKEY_HKDF_DERIVE, KDF_R_MISSING_MESSAGE_DIGEST);
         return 0;
-
-    if (HKDF(kctx->md, kctx->salt, kctx->salt_len, kctx->key, kctx->key_len,
-             kctx->info, kctx->info_len, key, *keylen) == NULL)
-    {
+    }
+    if (kctx->key == NULL) {
+        KDFerr(KDF_F_PKEY_HKDF_DERIVE, KDF_R_MISSING_KEY);
         return 0;
     }
 
-    return 1;
+    switch (kctx->mode) {
+    case EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND:
+        return HKDF(kctx->md, kctx->salt, kctx->salt_len, kctx->key,
+                    kctx->key_len, kctx->info, kctx->info_len, key,
+                    *keylen) != NULL;
+
+    case EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY:
+        if (key == NULL) {
+            *keylen = EVP_MD_size(kctx->md);
+            return 1;
+        }
+        return HKDF_Extract(kctx->md, kctx->salt, kctx->salt_len, kctx->key,
+                            kctx->key_len, key, keylen) != NULL;
+
+    case EVP_PKEY_HKDEF_MODE_EXPAND_ONLY:
+        return HKDF_Expand(kctx->md, kctx->key, kctx->key_len, kctx->info,
+                           kctx->info_len, key, *keylen) != NULL;
+
+    default:
+        return 0;
+    }
 }
 
 const EVP_PKEY_METHOD hkdf_pkey_meth = {
@@ -193,7 +248,7 @@ const EVP_PKEY_METHOD hkdf_pkey_meth = {
 
     0, 0,
 
-    0,
+    pkey_hkdf_derive_init,
     pkey_hkdf_derive,
     pkey_hkdf_ctrl,
     pkey_hkdf_ctrl_str
@@ -206,12 +261,16 @@ static unsigned char *HKDF(const EVP_MD *evp_md,
                            unsigned char *okm, size_t okm_len)
 {
     unsigned char prk[EVP_MAX_MD_SIZE];
+    unsigned char *ret;
     size_t prk_len;
 
     if (!HKDF_Extract(evp_md, salt, salt_len, key, key_len, prk, &prk_len))
         return NULL;
 
-    return HKDF_Expand(evp_md, prk, prk_len, info, info_len, okm, okm_len);
+    ret = HKDF_Expand(evp_md, prk, prk_len, info, info_len, okm, okm_len);
+    OPENSSL_cleanse(prk, sizeof(prk));
+
+    return ret;
 }
 
 static unsigned char *HKDF_Extract(const EVP_MD *evp_md,
@@ -246,7 +305,7 @@ static unsigned char *HKDF_Expand(const EVP_MD *evp_md,
     if (okm_len % dig_len)
         n++;
 
-    if (n > 255)
+    if (n > 255 || okm == NULL)
         return NULL;
 
     if ((hmac = HMAC_CTX_new()) == NULL)
diff --git a/deps/openssl/openssl/crypto/kdf/kdf_err.c b/deps/openssl/openssl/crypto/kdf/kdf_err.c
index d7d71b35e4..1627c0a394 100644
--- a/deps/openssl/openssl/crypto/kdf/kdf_err.c
+++ b/deps/openssl/openssl/crypto/kdf/kdf_err.c
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -8,26 +8,48 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
 #include <openssl/err.h>
-#include <openssl/kdf.h>
+#include <openssl/kdferr.h>
 
-/* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_KDF,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_KDF,0,reason)
-
-static ERR_STRING_DATA KDF_str_functs[] = {
-    {ERR_FUNC(KDF_F_PKEY_TLS1_PRF_CTRL_STR), "pkey_tls1_prf_ctrl_str"},
-    {ERR_FUNC(KDF_F_PKEY_TLS1_PRF_DERIVE), "pkey_tls1_prf_derive"},
+static const ERR_STRING_DATA KDF_str_functs[] = {
+    {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_HKDF_CTRL_STR, 0), "pkey_hkdf_ctrl_str"},
+    {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_HKDF_DERIVE, 0), "pkey_hkdf_derive"},
+    {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_HKDF_INIT, 0), "pkey_hkdf_init"},
+    {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_SCRYPT_CTRL_STR, 0),
+     "pkey_scrypt_ctrl_str"},
+    {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_SCRYPT_CTRL_UINT64, 0),
+     "pkey_scrypt_ctrl_uint64"},
+    {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_SCRYPT_DERIVE, 0), "pkey_scrypt_derive"},
+    {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_SCRYPT_INIT, 0), "pkey_scrypt_init"},
+    {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_SCRYPT_SET_MEMBUF, 0),
+     "pkey_scrypt_set_membuf"},
+    {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_TLS1_PRF_CTRL_STR, 0),
+     "pkey_tls1_prf_ctrl_str"},
+    {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_TLS1_PRF_DERIVE, 0),
+     "pkey_tls1_prf_derive"},
+    {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_TLS1_PRF_INIT, 0), "pkey_tls1_prf_init"},
+    {ERR_PACK(ERR_LIB_KDF, KDF_F_TLS1_PRF_ALG, 0), "tls1_prf_alg"},
     {0, NULL}
 };
 
-static ERR_STRING_DATA KDF_str_reasons[] = {
-    {ERR_REASON(KDF_R_INVALID_DIGEST), "invalid digest"},
-    {ERR_REASON(KDF_R_MISSING_PARAMETER), "missing parameter"},
-    {ERR_REASON(KDF_R_VALUE_MISSING), "value missing"},
+static const ERR_STRING_DATA KDF_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_INVALID_DIGEST), "invalid digest"},
+    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_ITERATION_COUNT),
+    "missing iteration count"},
+    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_KEY), "missing key"},
+    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_MESSAGE_DIGEST),
+    "missing message digest"},
+    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_PARAMETER), "missing parameter"},
+    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_PASS), "missing pass"},
+    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_SALT), "missing salt"},
+    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_SECRET), "missing secret"},
+    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_SEED), "missing seed"},
+    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_UNKNOWN_PARAMETER_TYPE),
+    "unknown parameter type"},
+    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_VALUE_ERROR), "value error"},
+    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_VALUE_MISSING), "value missing"},
     {0, NULL}
 };
 
@@ -36,10 +58,9 @@ static ERR_STRING_DATA KDF_str_reasons[] = {
 int ERR_load_KDF_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
-
     if (ERR_func_error_string(KDF_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, KDF_str_functs);
-        ERR_load_strings(0, KDF_str_reasons);
+        ERR_load_strings_const(KDF_str_functs);
+        ERR_load_strings_const(KDF_str_reasons);
     }
 #endif
     return 1;
diff --git a/deps/openssl/openssl/crypto/kdf/scrypt.c b/deps/openssl/openssl/crypto/kdf/scrypt.c
new file mode 100644
index 0000000000..61fd390e95
--- /dev/null
+++ b/deps/openssl/openssl/crypto/kdf/scrypt.c
@@ -0,0 +1,266 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/hmac.h>
+#include <openssl/kdf.h>
+#include <openssl/evp.h>
+#include "internal/cryptlib.h"
+#include "internal/evp_int.h"
+
+#ifndef OPENSSL_NO_SCRYPT
+
+static int atou64(const char *nptr, uint64_t *result);
+
+typedef struct {
+    unsigned char *pass;
+    size_t pass_len;
+    unsigned char *salt;
+    size_t salt_len;
+    uint64_t N, r, p;
+    uint64_t maxmem_bytes;
+} SCRYPT_PKEY_CTX;
+
+/* Custom uint64_t parser since we do not have strtoull */
+static int atou64(const char *nptr, uint64_t *result)
+{
+    uint64_t value = 0;
+
+    while (*nptr) {
+        unsigned int digit;
+        uint64_t new_value;
+
+        if ((*nptr < '0') || (*nptr > '9')) {
+            return 0;
+        }
+        digit = (unsigned int)(*nptr - '0');
+        new_value = (value * 10) + digit;
+        if ((new_value < digit) || ((new_value - digit) / 10 != value)) {
+            /* Overflow */
+            return 0;
+        }
+        value = new_value;
+        nptr++;
+    }
+    *result = value;
+    return 1;
+}
+
+static int pkey_scrypt_init(EVP_PKEY_CTX *ctx)
+{
+    SCRYPT_PKEY_CTX *kctx;
+
+    kctx = OPENSSL_zalloc(sizeof(*kctx));
+    if (kctx == NULL) {
+        KDFerr(KDF_F_PKEY_SCRYPT_INIT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    /* Default values are the most conservative recommendation given in the
+     * original paper of C. Percival. Derivation uses roughly 1 GiB of memory
+     * for this parameter choice (approx. 128 * r * (N + p) bytes).
+     */
+    kctx->N = 1 << 20;
+    kctx->r = 8;
+    kctx->p = 1;
+    kctx->maxmem_bytes = 1025 * 1024 * 1024;
+
+    ctx->data = kctx;
+
+    return 1;
+}
+
+static void pkey_scrypt_cleanup(EVP_PKEY_CTX *ctx)
+{
+    SCRYPT_PKEY_CTX *kctx = ctx->data;
+
+    OPENSSL_clear_free(kctx->salt, kctx->salt_len);
+    OPENSSL_clear_free(kctx->pass, kctx->pass_len);
+    OPENSSL_free(kctx);
+}
+
+static int pkey_scrypt_set_membuf(unsigned char **buffer, size_t *buflen,
+                                  const unsigned char *new_buffer,
+                                  const int new_buflen)
+{
+    if (new_buffer == NULL)
+        return 1;
+
+    if (new_buflen < 0)
+        return 0;
+
+    if (*buffer != NULL)
+        OPENSSL_clear_free(*buffer, *buflen);
+
+    if (new_buflen > 0) {
+        *buffer = OPENSSL_memdup(new_buffer, new_buflen);
+    } else {
+        *buffer = OPENSSL_malloc(1);
+    }
+    if (*buffer == NULL) {
+        KDFerr(KDF_F_PKEY_SCRYPT_SET_MEMBUF, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    *buflen = new_buflen;
+    return 1;
+}
+
+static int is_power_of_two(uint64_t value)
+{
+    return (value != 0) && ((value & (value - 1)) == 0);
+}
+
+static int pkey_scrypt_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+    SCRYPT_PKEY_CTX *kctx = ctx->data;
+    uint64_t u64_value;
+
+    switch (type) {
+    case EVP_PKEY_CTRL_PASS:
+        return pkey_scrypt_set_membuf(&kctx->pass, &kctx->pass_len, p2, p1);
+
+    case EVP_PKEY_CTRL_SCRYPT_SALT:
+        return pkey_scrypt_set_membuf(&kctx->salt, &kctx->salt_len, p2, p1);
+
+    case EVP_PKEY_CTRL_SCRYPT_N:
+        u64_value = *((uint64_t *)p2);
+        if ((u64_value <= 1) || !is_power_of_two(u64_value))
+            return 0;
+        kctx->N = u64_value;
+        return 1;
+
+    case EVP_PKEY_CTRL_SCRYPT_R:
+        u64_value = *((uint64_t *)p2);
+        if (u64_value < 1)
+            return 0;
+        kctx->r = u64_value;
+        return 1;
+
+    case EVP_PKEY_CTRL_SCRYPT_P:
+        u64_value = *((uint64_t *)p2);
+        if (u64_value < 1)
+            return 0;
+        kctx->p = u64_value;
+        return 1;
+
+    case EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES:
+        u64_value = *((uint64_t *)p2);
+        if (u64_value < 1)
+            return 0;
+        kctx->maxmem_bytes = u64_value;
+        return 1;
+
+    default:
+        return -2;
+
+    }
+}
+
+static int pkey_scrypt_ctrl_uint64(EVP_PKEY_CTX *ctx, int type,
+                                   const char *value)
+{
+    uint64_t int_value;
+
+    if (!atou64(value, &int_value)) {
+        KDFerr(KDF_F_PKEY_SCRYPT_CTRL_UINT64, KDF_R_VALUE_ERROR);
+        return 0;
+    }
+    return pkey_scrypt_ctrl(ctx, type, 0, &int_value);
+}
+
+static int pkey_scrypt_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
+                                const char *value)
+{
+    if (value == NULL) {
+        KDFerr(KDF_F_PKEY_SCRYPT_CTRL_STR, KDF_R_VALUE_MISSING);
+        return 0;
+    }
+
+    if (strcmp(type, "pass") == 0)
+        return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_PASS, value);
+
+    if (strcmp(type, "hexpass") == 0)
+        return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_PASS, value);
+
+    if (strcmp(type, "salt") == 0)
+        return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_SCRYPT_SALT, value);
+
+    if (strcmp(type, "hexsalt") == 0)
+        return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_SCRYPT_SALT, value);
+
+    if (strcmp(type, "N") == 0)
+        return pkey_scrypt_ctrl_uint64(ctx, EVP_PKEY_CTRL_SCRYPT_N, value);
+
+    if (strcmp(type, "r") == 0)
+        return pkey_scrypt_ctrl_uint64(ctx, EVP_PKEY_CTRL_SCRYPT_R, value);
+
+    if (strcmp(type, "p") == 0)
+        return pkey_scrypt_ctrl_uint64(ctx, EVP_PKEY_CTRL_SCRYPT_P, value);
+
+    if (strcmp(type, "maxmem_bytes") == 0)
+        return pkey_scrypt_ctrl_uint64(ctx, EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES,
+                                       value);
+
+    KDFerr(KDF_F_PKEY_SCRYPT_CTRL_STR, KDF_R_UNKNOWN_PARAMETER_TYPE);
+    return -2;
+}
+
+static int pkey_scrypt_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
+                              size_t *keylen)
+{
+    SCRYPT_PKEY_CTX *kctx = ctx->data;
+
+    if (kctx->pass == NULL) {
+        KDFerr(KDF_F_PKEY_SCRYPT_DERIVE, KDF_R_MISSING_PASS);
+        return 0;
+    }
+
+    if (kctx->salt == NULL) {
+        KDFerr(KDF_F_PKEY_SCRYPT_DERIVE, KDF_R_MISSING_SALT);
+        return 0;
+    }
+
+    return EVP_PBE_scrypt((char *)kctx->pass, kctx->pass_len, kctx->salt,
+                          kctx->salt_len, kctx->N, kctx->r, kctx->p,
+                          kctx->maxmem_bytes, key, *keylen);
+}
+
+const EVP_PKEY_METHOD scrypt_pkey_meth = {
+    EVP_PKEY_SCRYPT,
+    0,
+    pkey_scrypt_init,
+    0,
+    pkey_scrypt_cleanup,
+
+    0, 0,
+    0, 0,
+
+    0,
+    0,
+
+    0,
+    0,
+
+    0, 0,
+
+    0, 0, 0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    0,
+    pkey_scrypt_derive,
+    pkey_scrypt_ctrl,
+    pkey_scrypt_ctrl_str
+};
+
+#endif
diff --git a/deps/openssl/openssl/crypto/kdf/tls1_prf.c b/deps/openssl/openssl/crypto/kdf/tls1_prf.c
index fa13732bbf..49f7ecced9 100644
--- a/deps/openssl/openssl/crypto/kdf/tls1_prf.c
+++ b/deps/openssl/openssl/crypto/kdf/tls1_prf.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -37,9 +37,10 @@ static int pkey_tls1_prf_init(EVP_PKEY_CTX *ctx)
 {
     TLS1_PRF_PKEY_CTX *kctx;
 
-    kctx = OPENSSL_zalloc(sizeof(*kctx));
-    if (kctx == NULL)
+    if ((kctx = OPENSSL_zalloc(sizeof(*kctx))) == NULL) {
+        KDFerr(KDF_F_PKEY_TLS1_PRF_INIT, ERR_R_MALLOC_FAILURE);
         return 0;
+    }
     ctx->data = kctx;
 
     return 1;
@@ -115,6 +116,8 @@ static int pkey_tls1_prf_ctrl_str(EVP_PKEY_CTX *ctx,
         return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_TLS_SEED, value);
     if (strcmp(type, "hexseed") == 0)
         return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_TLS_SEED, value);
+
+    KDFerr(KDF_F_PKEY_TLS1_PRF_CTRL_STR, KDF_R_UNKNOWN_PARAMETER_TYPE);
     return -2;
 }
 
@@ -122,8 +125,16 @@ static int pkey_tls1_prf_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
                                 size_t *keylen)
 {
     TLS1_PRF_PKEY_CTX *kctx = ctx->data;
-    if (kctx->md == NULL || kctx->sec == NULL || kctx->seedlen == 0) {
-        KDFerr(KDF_F_PKEY_TLS1_PRF_DERIVE, KDF_R_MISSING_PARAMETER);
+    if (kctx->md == NULL) {
+        KDFerr(KDF_F_PKEY_TLS1_PRF_DERIVE, KDF_R_MISSING_MESSAGE_DIGEST);
+        return 0;
+    }
+    if (kctx->sec == NULL) {
+        KDFerr(KDF_F_PKEY_TLS1_PRF_DERIVE, KDF_R_MISSING_SECRET);
+        return 0;
+    }
+    if (kctx->seedlen == 0) {
+        KDFerr(KDF_F_PKEY_TLS1_PRF_DERIVE, KDF_R_MISSING_SEED);
         return 0;
     }
     return tls1_prf_alg(kctx->md, kctx->sec, kctx->seclen,
@@ -174,7 +185,8 @@ static int tls1_prf_P_hash(const EVP_MD *md,
     int ret = 0;
 
     chunk = EVP_MD_size(md);
-    OPENSSL_assert(chunk >= 0);
+    if (!ossl_assert(chunk > 0))
+        goto err;
 
     ctx = EVP_MD_CTX_new();
     ctx_tmp = EVP_MD_CTX_new();
@@ -182,7 +194,7 @@ static int tls1_prf_P_hash(const EVP_MD *md,
     if (ctx == NULL || ctx_tmp == NULL || ctx_init == NULL)
         goto err;
     EVP_MD_CTX_set_flags(ctx_init, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-    mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, sec, sec_len);
+    mac_key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, sec, sec_len);
     if (mac_key == NULL)
         goto err;
     if (!EVP_DigestSignInit(ctx_init, NULL, md, NULL, mac_key))
@@ -245,9 +257,10 @@ static int tls1_prf_alg(const EVP_MD *md,
                          seed, seed_len, out, olen))
             return 0;
 
-        tmp = OPENSSL_malloc(olen);
-        if (tmp == NULL)
+        if ((tmp = OPENSSL_malloc(olen)) == NULL) {
+            KDFerr(KDF_F_TLS1_PRF_ALG, ERR_R_MALLOC_FAILURE);
             return 0;
+        }
         if (!tls1_prf_P_hash(EVP_sha1(), sec + slen/2, slen/2 + (slen & 1),
                          seed, seed_len, tmp, olen)) {
             OPENSSL_clear_free(tmp, olen);
diff --git a/deps/openssl/openssl/crypto/lhash/lh_stats.c b/deps/openssl/openssl/crypto/lhash/lh_stats.c
index 5586afa0d8..65b91e1ef4 100644
--- a/deps/openssl/openssl/crypto/lhash/lh_stats.c
+++ b/deps/openssl/openssl/crypto/lhash/lh_stats.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -61,35 +61,22 @@ void OPENSSL_LH_node_usage_stats(const OPENSSL_LHASH *lh, FILE *fp)
 
 void OPENSSL_LH_stats_bio(const OPENSSL_LHASH *lh, BIO *out)
 {
-    OPENSSL_LHASH *lh_mut = (OPENSSL_LHASH *) lh;
-    int ret;
-
     BIO_printf(out, "num_items             = %lu\n", lh->num_items);
-    BIO_printf(out, "num_nodes             = %u\n", lh->num_nodes);
-    BIO_printf(out, "num_alloc_nodes       = %u\n", lh->num_alloc_nodes);
+    BIO_printf(out, "num_nodes             = %u\n",  lh->num_nodes);
+    BIO_printf(out, "num_alloc_nodes       = %u\n",  lh->num_alloc_nodes);
     BIO_printf(out, "num_expands           = %lu\n", lh->num_expands);
     BIO_printf(out, "num_expand_reallocs   = %lu\n", lh->num_expand_reallocs);
     BIO_printf(out, "num_contracts         = %lu\n", lh->num_contracts);
-    BIO_printf(out, "num_contract_reallocs = %lu\n",
-               lh->num_contract_reallocs);
-    CRYPTO_atomic_add(&lh_mut->num_hash_calls, 0, &ret,
-                      lh->retrieve_stats_lock);
-    BIO_printf(out, "num_hash_calls        = %d\n", ret);
-    CRYPTO_atomic_add(&lh_mut->num_comp_calls, 0, &ret,
-                      lh->retrieve_stats_lock);
-    BIO_printf(out, "num_comp_calls        = %d\n", ret);
+    BIO_printf(out, "num_contract_reallocs = %lu\n", lh->num_contract_reallocs);
+    BIO_printf(out, "num_hash_calls        = %lu\n", lh->num_hash_calls);
+    BIO_printf(out, "num_comp_calls        = %lu\n", lh->num_comp_calls);
     BIO_printf(out, "num_insert            = %lu\n", lh->num_insert);
     BIO_printf(out, "num_replace           = %lu\n", lh->num_replace);
     BIO_printf(out, "num_delete            = %lu\n", lh->num_delete);
     BIO_printf(out, "num_no_delete         = %lu\n", lh->num_no_delete);
-    CRYPTO_atomic_add(&lh_mut->num_retrieve, 0, &ret, lh->retrieve_stats_lock);
-    BIO_printf(out, "num_retrieve          = %d\n", ret);
-    CRYPTO_atomic_add(&lh_mut->num_retrieve_miss, 0, &ret,
-                      lh->retrieve_stats_lock);
-    BIO_printf(out, "num_retrieve_miss     = %d\n", ret);
-    CRYPTO_atomic_add(&lh_mut->num_hash_comps, 0, &ret,
-                      lh->retrieve_stats_lock);
-    BIO_printf(out, "num_hash_comps        = %d\n", ret);
+    BIO_printf(out, "num_retrieve          = %lu\n", lh->num_retrieve);
+    BIO_printf(out, "num_retrieve_miss     = %lu\n", lh->num_retrieve_miss);
+    BIO_printf(out, "num_hash_comps        = %lu\n", lh->num_hash_comps);
 }
 
 void OPENSSL_LH_node_stats_bio(const OPENSSL_LHASH *lh, BIO *out)
diff --git a/deps/openssl/openssl/crypto/lhash/lhash.c b/deps/openssl/openssl/crypto/lhash/lhash.c
index ea83bf900f..8d9f933df3 100644
--- a/deps/openssl/openssl/crypto/lhash/lhash.c
+++ b/deps/openssl/openssl/crypto/lhash/lhash.c
@@ -12,13 +12,14 @@
 #include <stdlib.h>
 #include <openssl/crypto.h>
 #include <openssl/lhash.h>
-#include <ctype.h>
+#include <openssl/err.h>
+#include "internal/ctype.h"
 #include "internal/lhash.h"
 #include "lhash_lcl.h"
 
 /*
  * A hashing implementation that appears to be based on the linear hashing
- * algorithm:
+ * alogrithm:
  * https://en.wikipedia.org/wiki/Linear_hashing
  *
  * Litwin, Witold (1980), "Linear hashing: A new tool for file and table
@@ -47,12 +48,16 @@ OPENSSL_LHASH *OPENSSL_LH_new(OPENSSL_LH_HASHFUNC h, OPENSSL_LH_COMPFUNC c)
 {
     OPENSSL_LHASH *ret;
 
-    if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL)
+    if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) {
+        /*
+         * Do not set the error code, because the ERR code uses LHASH
+         * and we want to avoid possible endless error loop.
+         * CRYPTOerr(CRYPTO_F_OPENSSL_LH_NEW, ERR_R_MALLOC_FAILURE);
+         */
         return NULL;
+    }
     if ((ret->b = OPENSSL_zalloc(sizeof(*ret->b) * MIN_NODES)) == NULL)
         goto err;
-    if ((ret->retrieve_stats_lock = CRYPTO_THREAD_lock_new()) == NULL) 
-        goto err;
     ret->comp = ((c == NULL) ? (OPENSSL_LH_COMPFUNC)strcmp : c);
     ret->hash = ((h == NULL) ? (OPENSSL_LH_HASHFUNC)OPENSSL_LH_strhash : h);
     ret->num_nodes = MIN_NODES / 2;
@@ -60,7 +65,7 @@ OPENSSL_LHASH *OPENSSL_LH_new(OPENSSL_LH_HASHFUNC h, OPENSSL_LH_COMPFUNC c)
     ret->pmax = MIN_NODES / 2;
     ret->up_load = UP_LOAD;
     ret->down_load = DOWN_LOAD;
-    return (ret);
+    return ret;
 
 err:
     OPENSSL_free(ret->b);
@@ -84,7 +89,6 @@ void OPENSSL_LH_free(OPENSSL_LHASH *lh)
             n = nn;
         }
     }
-    CRYPTO_THREAD_lock_free(lh->retrieve_stats_lock);
     OPENSSL_free(lh->b);
     OPENSSL_free(lh);
 }
@@ -104,7 +108,7 @@ void *OPENSSL_LH_insert(OPENSSL_LHASH *lh, void *data)
     if (*rn == NULL) {
         if ((nn = OPENSSL_malloc(sizeof(*nn))) == NULL) {
             lh->error++;
-            return (NULL);
+            return NULL;
         }
         nn->data = data;
         nn->next = NULL;
@@ -114,12 +118,11 @@ void *OPENSSL_LH_insert(OPENSSL_LHASH *lh, void *data)
         lh->num_insert++;
         lh->num_items++;
     } else {                    /* replace same key */
-
         ret = (*rn)->data;
         (*rn)->data = data;
         lh->num_replace++;
     }
-    return (ret);
+    return ret;
 }
 
 void *OPENSSL_LH_delete(OPENSSL_LHASH *lh, const void *data)
@@ -133,7 +136,7 @@ void *OPENSSL_LH_delete(OPENSSL_LHASH *lh, const void *data)
 
     if (*rn == NULL) {
         lh->num_no_delete++;
-        return (NULL);
+        return NULL;
     } else {
         nn = *rn;
         *rn = nn->next;
@@ -147,7 +150,7 @@ void *OPENSSL_LH_delete(OPENSSL_LHASH *lh, const void *data)
         (lh->down_load >= (lh->num_items * LH_LOAD_MULT / lh->num_nodes)))
         contract(lh);
 
-    return (ret);
+    return ret;
 }
 
 void *OPENSSL_LH_retrieve(OPENSSL_LHASH *lh, const void *data)
@@ -155,18 +158,19 @@ void *OPENSSL_LH_retrieve(OPENSSL_LHASH *lh, const void *data)
     unsigned long hash;
     OPENSSL_LH_NODE **rn;
     void *ret;
-    int scratch;
 
-    lh->error = 0;
+    tsan_store((TSAN_QUALIFIER int *)&lh->error, 0);
+
     rn = getrn(lh, data, &hash);
 
     if (*rn == NULL) {
-        CRYPTO_atomic_add(&lh->num_retrieve_miss, 1, &scratch, lh->retrieve_stats_lock);
+        tsan_counter(&lh->num_retrieve_miss);
         return NULL;
     } else {
         ret = (*rn)->data;
-        CRYPTO_atomic_add(&lh->num_retrieve, 1, &scratch, lh->retrieve_stats_lock);
+        tsan_counter(&lh->num_retrieve);
     }
+
     return ret;
 }
 
@@ -294,10 +298,9 @@ static OPENSSL_LH_NODE **getrn(OPENSSL_LHASH *lh,
     OPENSSL_LH_NODE **ret, *n1;
     unsigned long hash, nn;
     OPENSSL_LH_COMPFUNC cf;
-    int scratch;
 
     hash = (*(lh->hash)) (data);
-    CRYPTO_atomic_add(&lh->num_hash_calls, 1, &scratch, lh->retrieve_stats_lock);
+    tsan_counter(&lh->num_hash_calls);
     *rhash = hash;
 
     nn = hash % lh->pmax;
@@ -307,17 +310,17 @@ static OPENSSL_LH_NODE **getrn(OPENSSL_LHASH *lh,
     cf = lh->comp;
     ret = &(lh->b[(int)nn]);
     for (n1 = *ret; n1 != NULL; n1 = n1->next) {
-        CRYPTO_atomic_add(&lh->num_hash_comps, 1, &scratch, lh->retrieve_stats_lock);
+        tsan_counter(&lh->num_hash_comps);
         if (n1->hash != hash) {
             ret = &(n1->next);
             continue;
         }
-        CRYPTO_atomic_add(&lh->num_comp_calls, 1, &scratch, lh->retrieve_stats_lock);
+        tsan_counter(&lh->num_comp_calls);
         if (cf(n1->data, data) == 0)
             break;
         ret = &(n1->next);
     }
-    return (ret);
+    return ret;
 }
 
 /*
@@ -333,12 +336,7 @@ unsigned long OPENSSL_LH_strhash(const char *c)
     int r;
 
     if ((c == NULL) || (*c == '\0'))
-        return (ret);
-/*-
-    unsigned char b[16];
-    MD5(c,strlen(c),b);
-    return(b[0]|(b[1]<<8)|(b[2]<<16)|(b[3]<<24));
-*/
+        return ret;
 
     n = 0x100;
     while (*c) {
@@ -350,7 +348,7 @@ unsigned long OPENSSL_LH_strhash(const char *c)
         ret ^= v * v;
         c++;
     }
-    return ((ret >> 16) ^ ret);
+    return (ret >> 16) ^ ret;
 }
 
 unsigned long openssl_lh_strcasehash(const char *c)
@@ -364,7 +362,7 @@ unsigned long openssl_lh_strcasehash(const char *c)
         return ret;
 
     for (n = 0x100; *c != '\0'; n += 0x100) {
-        v = n | tolower(*c);
+        v = n | ossl_tolower(*c);
         r = (int)((v >> 2) ^ v) & 0x0f;
         ret = (ret << r) | (ret >> (32 - r));
         ret &= 0xFFFFFFFFL;
diff --git a/deps/openssl/openssl/crypto/lhash/lhash_lcl.h b/deps/openssl/openssl/crypto/lhash/lhash_lcl.h
index 01d463fb36..678224acd5 100644
--- a/deps/openssl/openssl/crypto/lhash/lhash_lcl.h
+++ b/deps/openssl/openssl/crypto/lhash/lhash_lcl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -8,6 +8,8 @@
  */
 #include <openssl/crypto.h>
 
+#include "internal/tsan_assist.h"
+
 struct lhash_node_st {
     void *data;
     struct lhash_node_st *next;
@@ -18,13 +20,6 @@ struct lhash_st {
     OPENSSL_LH_NODE **b;
     OPENSSL_LH_COMPFUNC comp;
     OPENSSL_LH_HASHFUNC hash;
-    /*
-     * some stats are updated on lookup, which callers aren't expecting to have
-     * to take an exclusive lock around. This lock protects them on platforms
-     * without atomics, and their types are int rather than unsigned long below 
-     * so they can be adjusted with CRYPTO_atomic_add.
-     */
-    CRYPTO_RWLOCK *retrieve_stats_lock;
     unsigned int num_nodes;
     unsigned int num_alloc_nodes;
     unsigned int p;
@@ -36,14 +31,14 @@ struct lhash_st {
     unsigned long num_expand_reallocs;
     unsigned long num_contracts;
     unsigned long num_contract_reallocs;
-    int num_hash_calls;
-    int num_comp_calls;
+    TSAN_QUALIFIER unsigned long num_hash_calls;
+    TSAN_QUALIFIER unsigned long num_comp_calls;
     unsigned long num_insert;
     unsigned long num_replace;
     unsigned long num_delete;
     unsigned long num_no_delete;
-    int num_retrieve;
-    int num_retrieve_miss;
-    int num_hash_comps;
+    TSAN_QUALIFIER unsigned long num_retrieve;
+    TSAN_QUALIFIER unsigned long num_retrieve_miss;
+    TSAN_QUALIFIER unsigned long num_hash_comps;
     int error;
 };
diff --git a/deps/openssl/openssl/crypto/lhash/num.pl b/deps/openssl/openssl/crypto/lhash/num.pl
deleted file mode 100644
index 8a8c42c8a0..0000000000
--- a/deps/openssl/openssl/crypto/lhash/num.pl
+++ /dev/null
@@ -1,23 +0,0 @@
-#! /usr/bin/env perl
-# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the OpenSSL license (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-#node     10 ->   4
-
-while (<>)
-	{
-	next unless /^node/;
-	s|\R$||;                # Better chomp
-	@a=split;
-	$num{$a[3]}++;
-	}
-
-@a=sort {$a <=> $b } keys %num;
-foreach (0 .. $a[$#a])
-	{
-	printf "%4d:%4d\n",$_,$num{$_};
-	}
diff --git a/deps/openssl/openssl/crypto/md2/md2_dgst.c b/deps/openssl/openssl/crypto/md2/md2_dgst.c
index ff062fd472..faa9393f2e 100644
--- a/deps/openssl/openssl/crypto/md2/md2_dgst.c
+++ b/deps/openssl/openssl/crypto/md2/md2_dgst.c
@@ -63,9 +63,9 @@ static const MD2_INT S[256] = {
 const char *MD2_options(void)
 {
     if (sizeof(MD2_INT) == 1)
-        return ("md2(char)");
+        return "md2(char)";
     else
-        return ("md2(int)");
+        return "md2(int)";
 }
 
 int MD2_Init(MD2_CTX *c)
diff --git a/deps/openssl/openssl/crypto/md2/md2_one.c b/deps/openssl/openssl/crypto/md2/md2_one.c
index 460f96e475..5502b21696 100644
--- a/deps/openssl/openssl/crypto/md2/md2_one.c
+++ b/deps/openssl/openssl/crypto/md2/md2_one.c
@@ -43,5 +43,5 @@ unsigned char *MD2(const unsigned char *d, size_t n, unsigned char *md)
 #endif
     MD2_Final(md, &c);
     OPENSSL_cleanse(&c, sizeof(c)); /* Security consideration */
-    return (md);
+    return md;
 }
diff --git a/deps/openssl/openssl/crypto/md4/md4_locl.h b/deps/openssl/openssl/crypto/md4/md4_locl.h
index 6aec556266..a6c4003fdb 100644
--- a/deps/openssl/openssl/crypto/md4/md4_locl.h
+++ b/deps/openssl/openssl/crypto/md4/md4_locl.h
@@ -39,9 +39,9 @@ void md4_block_data_order(MD4_CTX *c, const void *p, size_t num);
 */
 
 /*
- * As pointed out by Wei Dai <weidai@eskimo.com>, the above can be simplified
- * to the code below.  Wei attributes these optimizations to Peter Gutmann's
- * SHS code, and he attributes it to Rich Schroeppel.
+ * As pointed out by Wei Dai, the above can be simplified to the code
+ * below.  Wei attributes these optimizations to Peter Gutmann's SHS code,
+ * and he attributes it to Rich Schroeppel.
  */
 #define F(b,c,d)        ((((c) ^ (d)) & (b)) ^ (d))
 #define G(b,c,d)        (((b) & (c)) | ((b) & (d)) | ((c) & (d)))
diff --git a/deps/openssl/openssl/crypto/md4/md4_one.c b/deps/openssl/openssl/crypto/md4/md4_one.c
index 9f0989fad6..9e52303c2f 100644
--- a/deps/openssl/openssl/crypto/md4/md4_one.c
+++ b/deps/openssl/openssl/crypto/md4/md4_one.c
@@ -43,5 +43,5 @@ unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md)
 #endif
     MD4_Final(md, &c);
     OPENSSL_cleanse(&c, sizeof(c)); /* security consideration */
-    return (md);
+    return md;
 }
diff --git a/deps/openssl/openssl/crypto/md5/asm/md5-586.pl b/deps/openssl/openssl/crypto/md5/asm/md5-586.pl
index 24f68af546..15e14864d1 100644
--- a/deps/openssl/openssl/crypto/md5/asm/md5-586.pl
+++ b/deps/openssl/openssl/crypto/md5/asm/md5-586.pl
@@ -21,7 +21,7 @@ require "x86asm.pl";
 $output=pop;
 open STDOUT,">$output";
 
-&asm_init($ARGV[0],$0);
+&asm_init($ARGV[0]);
 
 $A="eax";
 $B="ebx";
@@ -57,7 +57,7 @@ sub R0
 	local($pos,$a,$b,$c,$d,$K,$ki,$s,$t)=@_;
 
 	&mov($tmp1,$C)  if $pos < 0;
-	&mov($tmp2,&DWP($xo[$ki]*4,$K,"",0)) if $pos < 0; # very first one 
+	&mov($tmp2,&DWP($xo[$ki]*4,$K,"",0)) if $pos < 0; # very first one
 
 	# body proper
 
diff --git a/deps/openssl/openssl/crypto/md5/asm/md5-ia64.S b/deps/openssl/openssl/crypto/md5/asm/md5-ia64.S
deleted file mode 100644
index c20467b47b..0000000000
--- a/deps/openssl/openssl/crypto/md5/asm/md5-ia64.S
+++ /dev/null
@@ -1,1002 +0,0 @@
-/*
- *
- * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-/* Copyright (c) 2005 Hewlett-Packard Development Company, L.P.
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-"Software"), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.  */
-
-//	Common registers are assigned as follows:
-//
-//	COMMON
-//
-//	t0		Const Tbl Ptr	TPtr
-//	t1		Round Constant	TRound
-//	t4		Block residual	LenResid
-//	t5		Residual Data	DTmp
-//
-//	{in,out}0	Block 0 Cycle	RotateM0
-//	{in,out}1	Block Value 12	M12
-//	{in,out}2	Block Value 8	M8
-//	{in,out}3	Block Value 4	M4
-//	{in,out}4	Block Value 0	M0
-//	{in,out}5	Block 1 Cycle	RotateM1
-//	{in,out}6	Block Value 13	M13
-//	{in,out}7	Block Value 9	M9
-//	{in,out}8	Block Value 5	M5
-//	{in,out}9	Block Value 1	M1
-//	{in,out}10	Block 2 Cycle	RotateM2
-//	{in,out}11	Block Value 14	M14
-//	{in,out}12	Block Value 10	M10
-//	{in,out}13	Block Value 6	M6
-//	{in,out}14	Block Value 2	M2
-//	{in,out}15	Block 3 Cycle	RotateM3
-//	{in,out}16	Block Value 15	M15
-//	{in,out}17	Block Value 11	M11
-//	{in,out}18	Block Value 7	M7
-//	{in,out}19	Block Value 3	M3
-//	{in,out}20	Scratch			Z
-//	{in,out}21	Scratch			Y
-//	{in,out}22	Scratch			X
-//	{in,out}23	Scratch			W
-//	{in,out}24	Digest A		A
-//	{in,out}25	Digest B		B
-//	{in,out}26	Digest C		C
-//	{in,out}27	Digest D		D
-//	{in,out}28	Active Data Ptr	DPtr
-//	in28		Dummy Value		-
-//	out28		Dummy Value		-
-//	bt0			Coroutine Link	QUICK_RTN
-//
-///	These predicates are used for computing the padding block(s) and
-///	are shared between the driver and digest co-routines
-//
-//	pt0			Extra Pad Block	pExtra
-//	pt1			Load next word	pLoad
-//	pt2			Skip next word	pSkip
-//	pt3			Search for Pad	pNoPad
-//	pt4			Pad Word 0		pPad0
-//	pt5			Pad Word 1		pPad1
-//	pt6			Pad Word 2		pPad2
-//	pt7			Pad Word 3		pPad3
-
-#define	DTmp		r19
-#define	LenResid	r18
-#define	QUICK_RTN	b6
-#define	TPtr		r14
-#define	TRound		r15
-#define	pExtra		p6
-#define	pLoad		p7
-#define	pNoPad		p9
-#define	pPad0		p10
-#define	pPad1		p11
-#define	pPad2		p12
-#define	pPad3		p13
-#define	pSkip		p8
-
-#define	A_		out24
-#define	B_		out25
-#define	C_		out26
-#define	D_		out27
-#define	DPtr_		out28
-#define	M0_		out4
-#define	M1_		out9
-#define	M10_		out12
-#define	M11_		out17
-#define	M12_		out1
-#define	M13_		out6
-#define	M14_		out11
-#define	M15_		out16
-#define	M2_		out14
-#define	M3_		out19
-#define	M4_		out3
-#define	M5_		out8
-#define	M6_		out13
-#define	M7_		out18
-#define	M8_		out2
-#define	M9_		out7
-#define	RotateM0_	out0
-#define	RotateM1_	out5
-#define	RotateM2_	out10
-#define	RotateM3_	out15
-#define	W_		out23
-#define	X_		out22
-#define	Y_		out21
-#define	Z_		out20
-
-#define	A		in24
-#define	B		in25
-#define	C		in26
-#define	D		in27
-#define	DPtr		in28
-#define	M0		in4
-#define	M1		in9
-#define	M10		in12
-#define	M11		in17
-#define	M12		in1
-#define	M13		in6
-#define	M14		in11
-#define	M15		in16
-#define	M2		in14
-#define	M3		in19
-#define	M4		in3
-#define	M5		in8
-#define	M6		in13
-#define	M7		in18
-#define	M8		in2
-#define	M9		in7
-#define	RotateM0	in0
-#define	RotateM1	in5
-#define	RotateM2	in10
-#define	RotateM3	in15
-#define	W		in23
-#define	X		in22
-#define	Y		in21
-#define	Z		in20
-
-/* register stack configuration for md5_block_asm_data_order(): */
-#define	MD5_NINP	3
-#define	MD5_NLOC	0
-#define MD5_NOUT	29
-#define MD5_NROT	0
-
-/* register stack configuration for helpers: */
-#define	_NINPUTS	MD5_NOUT
-#define	_NLOCALS	0
-#define _NOUTPUT	0
-#define	_NROTATE	24	/* this must be <= _NINPUTS */
-
-#if defined(_HPUX_SOURCE) && !defined(_LP64)
-#define	ADDP	addp4
-#else
-#define	ADDP	add
-#endif
-
-#if defined(_HPUX_SOURCE) || defined(B_ENDIAN)
-#define HOST_IS_BIG_ENDIAN
-#endif
-
-//	Macros for getting the left and right portions of little-endian words
-
-#define	GETLW(dst, src, align)	dep.z dst = src, 32 - 8 * align, 8 * align
-#define	GETRW(dst, src, align)	extr.u dst = src, 8 * align, 32 - 8 * align
-
-//	MD5 driver
-//
-//		Reads an input block, then calls the digest block
-//		subroutine and adds the results to the accumulated
-//		digest.  It allocates 32 outs which the subroutine
-//		uses as it's inputs and rotating
-//		registers. Initializes the round constant pointer and
-//		takes care of saving/restoring ar.lc
-//
-///	INPUT
-//
-//	in0		Context Ptr		CtxPtr0
-//	in1		Input Data Ptr		DPtrIn
-//	in2		Integral Blocks		BlockCount
-//	rp		Return Address		-
-//
-///	CODE
-//
-//	v2		Input Align		InAlign
-//	t0		Shared w/digest		-
-//	t1		Shared w/digest		-
-//	t2		Shared w/digest		-
-//	t3		Shared w/digest		-
-//	t4		Shared w/digest		-
-//	t5		Shared w/digest		-
-//	t6		PFS Save		PFSSave
-//	t7		ar.lc Save		LCSave
-//	t8		Saved PR		PRSave
-//	t9		2nd CtxPtr		CtxPtr1
-//	t10		Table Base		CTable
-//	t11		Table[0]		CTable0
-//	t13		Accumulator A		AccumA
-//	t14		Accumulator B		AccumB
-//	t15		Accumulator C		AccumC
-//	t16		Accumulator D		AccumD
-//	pt0		Shared w/digest		-
-//	pt1		Shared w/digest		-
-//	pt2		Shared w/digest		-
-//	pt3		Shared w/digest		-
-//	pt4		Shared w/digest		-
-//	pt5		Shared w/digest		-
-//	pt6		Shared w/digest		-
-//	pt7		Shared w/digest		-
-//	pt8		Not Aligned		pOff
-//	pt8		Blocks Left		pAgain
-
-#define	AccumA		r27
-#define	AccumB		r28
-#define	AccumC		r29
-#define	AccumD		r30
-#define	CTable		r24
-#define	CTable0		r25
-#define	CtxPtr0		in0
-#define	CtxPtr1		r23
-#define	DPtrIn		in1
-#define	BlockCount	in2
-#define	InAlign		r10
-#define	LCSave		r21
-#define	PFSSave		r20
-#define	PRSave		r22
-#define	pAgain		p63
-#define	pOff		p63
-
-	.text
-
-/* md5_block_asm_data_order(MD5_CTX *c, const void *data, size_t num)
-
-     where:
-      c: a pointer to a structure of this type:
-
-	   typedef struct MD5state_st
-	     {
-	       MD5_LONG A,B,C,D;
-	       MD5_LONG Nl,Nh;
-	       MD5_LONG data[MD5_LBLOCK];
-	       unsigned int num;
-	     }
-	   MD5_CTX;
-
-      data: a pointer to the input data (may be misaligned)
-      num:  the number of 16-byte blocks to hash (i.e., the length
-            of DATA is 16*NUM.
-
-   */
-
-	.type	md5_block_asm_data_order, @function
-	.global	md5_block_asm_data_order
-	.align	32
-	.proc	md5_block_asm_data_order
-md5_block_asm_data_order:
-.md5_block:
-	.prologue
-{	.mmi
-	.save	ar.pfs, PFSSave
-	alloc	PFSSave = ar.pfs, MD5_NINP, MD5_NLOC, MD5_NOUT, MD5_NROT
-	ADDP	CtxPtr1 = 8, CtxPtr0
-	mov	CTable = ip
-}
-{	.mmi
-	ADDP	DPtrIn = 0, DPtrIn
-	ADDP	CtxPtr0 = 0, CtxPtr0
-	.save	ar.lc, LCSave
-	mov	LCSave = ar.lc
-}
-;;
-{	.mmi
-	add	CTable = .md5_tbl_data_order#-.md5_block#, CTable
-	and	InAlign = 0x3, DPtrIn
-}
-
-{	.mmi
-	ld4	AccumA = [CtxPtr0], 4
-	ld4	AccumC = [CtxPtr1], 4
-	.save pr, PRSave
-	mov	PRSave = pr
-	.body
-}
-;;
-{	.mmi
-	ld4	AccumB = [CtxPtr0]
-	ld4	AccumD = [CtxPtr1]
-	dep	DPtr_ = 0, DPtrIn, 0, 2
-} ;;
-#ifdef HOST_IS_BIG_ENDIAN
-	rum	psr.be;;	// switch to little-endian
-#endif
-{	.mmb
-	ld4	CTable0 = [CTable], 4
-	cmp.ne	pOff, p0 = 0, InAlign
-(pOff)	br.cond.spnt.many .md5_unaligned
-} ;;
-
-//	The FF load/compute loop rotates values three times, so that
-//	loading into M12 here produces the M0 value, M13 -> M1, etc.
-
-.md5_block_loop0:
-{	.mmi
-	ld4	M12_ = [DPtr_], 4
-	mov	TPtr = CTable
-	mov	TRound = CTable0
-} ;;
-{	.mmi
-	ld4	M13_ = [DPtr_], 4
-	mov	A_ = AccumA
-	mov	B_ = AccumB
-} ;;
-{	.mmi
-	ld4	M14_ = [DPtr_], 4
-	mov	C_ = AccumC
-	mov	D_ = AccumD
-} ;;
-{	.mmb
-	ld4	M15_ = [DPtr_], 4
-	add	BlockCount = -1, BlockCount
-	br.call.sptk.many QUICK_RTN = md5_digest_block0
-} ;;
-
-//	Now, we add the new digest values and do some clean-up
-//	before checking if there's another full block to process
-
-{	.mmi
-	add	AccumA = AccumA, A_
-	add	AccumB = AccumB, B_
-	cmp.ne	pAgain, p0 = 0, BlockCount
-}
-{	.mib
-	add	AccumC = AccumC, C_
-	add	AccumD = AccumD, D_
-(pAgain) br.cond.dptk.many .md5_block_loop0
-} ;;
-
-.md5_exit:
-#ifdef HOST_IS_BIG_ENDIAN
-	sum	psr.be;;	// switch back to big-endian mode
-#endif
-{	.mmi
-	st4	[CtxPtr0] = AccumB, -4
-	st4	[CtxPtr1] = AccumD, -4
-	mov	pr = PRSave, 0x1ffff ;;
-}
-{	.mmi
-	st4	[CtxPtr0] = AccumA
-	st4	[CtxPtr1] = AccumC
-	mov	ar.lc = LCSave
-} ;;
-{	.mib
-	mov	ar.pfs = PFSSave
-	br.ret.sptk.few	rp
-} ;;
-
-#define	MD5UNALIGNED(offset)						\
-.md5_process##offset:							\
-{	.mib ;								\
-	nop	0x0	;						\
-	GETRW(DTmp, DTmp, offset) ;					\
-} ;;									\
-.md5_block_loop##offset:						\
-{	.mmi ;								\
-	ld4	Y_ = [DPtr_], 4 ;					\
-	mov	TPtr = CTable ;						\
-	mov	TRound = CTable0 ;					\
-} ;;									\
-{	.mmi ;								\
-	ld4	M13_ = [DPtr_], 4 ;					\
-	mov	A_ = AccumA ;						\
-	mov	B_ = AccumB ;						\
-} ;;									\
-{	.mii ;								\
-	ld4	M14_ = [DPtr_], 4 ;					\
-	GETLW(W_, Y_, offset) ;						\
-	mov	C_ = AccumC ;						\
-}									\
-{	.mmi ;								\
-	mov	D_ = AccumD ;;						\
-	or	M12_ = W_, DTmp ;					\
-	GETRW(DTmp, Y_, offset) ;					\
-}									\
-{	.mib ;								\
-	ld4	M15_ = [DPtr_], 4 ;					\
-	add	BlockCount = -1, BlockCount ;				\
-	br.call.sptk.many QUICK_RTN = md5_digest_block##offset;		\
-} ;;									\
-{	.mmi ;								\
-	add	AccumA = AccumA, A_ ;					\
-	add	AccumB = AccumB, B_ ;					\
-	cmp.ne	pAgain, p0 = 0, BlockCount ;				\
-}									\
-{	.mib ;								\
-	add	AccumC = AccumC, C_ ;					\
-	add	AccumD = AccumD, D_ ;					\
-(pAgain) br.cond.dptk.many .md5_block_loop##offset ;			\
-} ;;									\
-{	.mib ;								\
-	nop	0x0 ;							\
-	nop	0x0 ;							\
-	br.cond.sptk.many .md5_exit ;					\
-} ;;
-
-	.align	32
-.md5_unaligned:
-//
-//	Because variable shifts are expensive, we special case each of
-//	the four alignements. In practice, this won't hurt too much
-//	since only one working set of code will be loaded.
-//
-{	.mib
-	ld4	DTmp = [DPtr_], 4
-	cmp.eq	pOff, p0 = 1, InAlign
-(pOff)	br.cond.dpnt.many .md5_process1
-} ;;
-{	.mib
-	cmp.eq	pOff, p0 = 2, InAlign
-	nop	0x0
-(pOff)	br.cond.dpnt.many .md5_process2
-} ;;
-	MD5UNALIGNED(3)
-	MD5UNALIGNED(1)
-	MD5UNALIGNED(2)
-
-	.endp md5_block_asm_data_order
-
-
-// MD5 Perform the F function and load
-//
-// Passed the first 4 words (M0 - M3) and initial (A, B, C, D) values,
-// computes the FF() round of functions, then branches to the common
-// digest code to finish up with GG(), HH, and II().
-//
-// INPUT
-//
-// rp Return Address -
-//
-// CODE
-//
-// v0 PFS bit bucket PFS
-// v1 Loop Trip Count LTrip
-// pt0 Load next word pMore
-
-/* For F round: */
-#define LTrip	r9
-#define PFS	r8
-#define pMore	p6
-
-/* For GHI rounds: */
-#define T	r9
-#define U	r10
-#define V	r11
-
-#define COMPUTE(a, b, s, M, R)			\
-{						\
-	.mii ;					\
-	ld4 TRound = [TPtr], 4 ;		\
-	dep.z Y = Z, 32, 32 ;;			\
-	shrp Z = Z, Y, 64 - s ;			\
-} ;;						\
-{						\
-	.mmi ;					\
-	add a = Z, b ;				\
-	mov R = M ;				\
-	nop 0x0 ;				\
-} ;;
-
-#define LOOP(a, b, s, M, R, label)		\
-{	.mii ;					\
-	ld4 TRound = [TPtr], 4 ;		\
-	dep.z Y = Z, 32, 32 ;;			\
-	shrp Z = Z, Y, 64 - s ;			\
-} ;;						\
-{	.mib ;					\
-	add a = Z, b ;				\
-	mov R = M ;				\
-	br.ctop.sptk.many label ;		\
-} ;;
-
-// G(B, C, D) = (B & D) | (C & ~D)
-
-#define G(a, b, c, d, M)			\
-{	.mmi ;					\
-	add Z = M, TRound ;			\
-	and Y = b, d ;				\
-	andcm X = c, d ;			\
-} ;;						\
-{	.mii ;					\
-	add Z = Z, a ;				\
-	or Y = Y, X ;;				\
-	add Z = Z, Y ;				\
-} ;;
-
-// H(B, C, D) = B ^ C ^ D
-
-#define H(a, b, c, d, M)			\
-{	.mmi ;					\
-	add Z = M, TRound ;			\
-	xor Y = b, c ;				\
-	nop 0x0 ;				\
-} ;;						\
-{	.mii ;					\
-	add Z = Z, a ;				\
-	xor Y = Y, d ;;				\
-	add Z = Z, Y ;				\
-} ;;
-
-// I(B, C, D) = C ^ (B | ~D)
-//
-// However, since we have an andcm operator, we use the fact that
-//
-// Y ^ Z == ~Y ^ ~Z
-//
-// to rewrite the expression as
-//
-// I(B, C, D) = ~C ^ (~B & D)
-
-#define I(a, b, c, d, M)			\
-{	.mmi ;					\
-	add Z = M, TRound ;			\
-	andcm Y = d, b ;			\
-	andcm X = -1, c ;			\
-} ;;						\
-{	.mii ;					\
-	add Z = Z, a ;				\
-	xor Y = Y, X ;;				\
-	add Z = Z, Y ;				\
-} ;;
-
-#define GG4(label)				\
-	G(A, B, C, D, M0)			\
-	COMPUTE(A, B, 5, M0, RotateM0)		\
-	G(D, A, B, C, M1)			\
-	COMPUTE(D, A, 9, M1, RotateM1)		\
-	G(C, D, A, B, M2)			\
-	COMPUTE(C, D, 14, M2, RotateM2)		\
-	G(B, C, D, A, M3)			\
-	LOOP(B, C, 20, M3, RotateM3, label)
-
-#define HH4(label)				\
-	H(A, B, C, D, M0)			\
-	COMPUTE(A, B, 4, M0, RotateM0)		\
-	H(D, A, B, C, M1)			\
-	COMPUTE(D, A, 11, M1, RotateM1)		\
-	H(C, D, A, B, M2)			\
-	COMPUTE(C, D, 16, M2, RotateM2)		\
-	H(B, C, D, A, M3)			\
-	LOOP(B, C, 23, M3, RotateM3, label)
-
-#define II4(label)				\
-	I(A, B, C, D, M0)			\
-	COMPUTE(A, B, 6, M0, RotateM0)		\
-	I(D, A, B, C, M1)			\
-	COMPUTE(D, A, 10, M1, RotateM1)		\
-	I(C, D, A, B, M2)			\
-	COMPUTE(C, D, 15, M2, RotateM2)		\
-	I(B, C, D, A, M3)			\
-	LOOP(B, C, 21, M3, RotateM3, label)
-
-#define FFLOAD(a, b, c, d, M, N, s)		\
-{	.mii ;					\
-(pMore) ld4 N = [DPtr], 4 ;			\
-	add Z = M, TRound ;			\
-	and Y = c, b ;				\
-}						\
-{	.mmi ;					\
-	andcm X = d, b ;;			\
-	add Z = Z, a ;				\
-	or Y = Y, X ;				\
-} ;;						\
-{	.mii ;					\
-	ld4 TRound = [TPtr], 4 ;		\
-	add Z = Z, Y ;;				\
-	dep.z Y = Z, 32, 32 ;			\
-} ;;						\
-{	.mii ;					\
-	nop 0x0 ;				\
-	shrp Z = Z, Y, 64 - s ;;		\
-	add a = Z, b ;				\
-} ;;
-
-#define FFLOOP(a, b, c, d, M, N, s, dest)	\
-{	.mii ;					\
-(pMore)	ld4 N = [DPtr], 4 ;			\
-	add Z = M, TRound ;			\
-	and Y = c, b ;				\
-}						\
-{	.mmi ;					\
-	andcm X = d, b ;;			\
-	add Z = Z, a ;				\
-	or Y = Y, X ;				\
-} ;;						\
-{	.mii ;					\
-	ld4 TRound = [TPtr], 4 ;		\
-	add Z = Z, Y ;;				\
-	dep.z Y = Z, 32, 32 ;			\
-} ;;						\
-{	.mii ;					\
-	nop 0x0 ;				\
-	shrp Z = Z, Y, 64 - s ;;		\
-	add a = Z, b ;				\
-}						\
-{	.mib ;					\
-	cmp.ne pMore, p0 = 0, LTrip ;		\
-	add LTrip = -1, LTrip ;			\
-	br.ctop.dptk.many dest ;		\
-} ;;
-
-	.type md5_digest_block0, @function
-	.align 32
-
-	.proc md5_digest_block0
-	.prologue
-md5_digest_block0:
-	.altrp QUICK_RTN
-	.body
-{	.mmi
-	alloc PFS = ar.pfs, _NINPUTS, _NLOCALS, _NOUTPUT, _NROTATE
-	mov LTrip = 2
-	mov ar.lc = 3
-} ;;
-{	.mii
-	cmp.eq pMore, p0 = r0, r0
-	mov ar.ec = 0
-	nop 0x0
-} ;;
-
-.md5_FF_round0:
-	FFLOAD(A, B, C, D, M12, RotateM0, 7)
-	FFLOAD(D, A, B, C, M13, RotateM1, 12)
-	FFLOAD(C, D, A, B, M14, RotateM2, 17)
-	FFLOOP(B, C, D, A, M15, RotateM3, 22, .md5_FF_round0)
-	//
-	// !!! Fall through to md5_digest_GHI
-	//
-	.endp md5_digest_block0
-
-	.type md5_digest_GHI, @function
-	.align 32
-
-	.proc md5_digest_GHI
-	.prologue
-	.regstk _NINPUTS, _NLOCALS, _NOUTPUT, _NROTATE
-md5_digest_GHI:
-	.altrp QUICK_RTN
-	.body
-//
-// The following sequence shuffles the block counstants round for the
-// next round:
-//
-// 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
-// 1 6 11 0 5 10 14 4 9 14 3 8 13 2 7 12
-//
-{	.mmi
-	mov Z = M0
-	mov Y = M15
-	mov ar.lc = 3
-}
-{	.mmi
-	mov X = M2
-	mov W = M9
-	mov V = M4
-} ;;
-
-{	.mmi
-	mov M0 = M1
-	mov M15 = M12
-	mov ar.ec = 1
-}
-{	.mmi
-	mov M2 = M11
-	mov M9 = M14
-	mov M4 = M5
-} ;;
-
-{	.mmi
-	mov M1 = M6
-	mov M12 = M13
-	mov U = M3
-}
-{	.mmi
-	mov M11 = M8
-	mov M14 = M7
-	mov M5 = M10
-} ;;
-
-{	.mmi
-	mov M6 = Y
-	mov M13 = X
-	mov M3 = Z
-}
-{	.mmi
-	mov M8 = W
-	mov M7 = V
-	mov M10 = U
-} ;;
-
-.md5_GG_round:
-	GG4(.md5_GG_round)
-
-// The following sequence shuffles the block constants round for the
-// next round:
-//
-// 1 6 11 0 5 10 14 4 9 14 3 8 13 2 7 12
-// 5 8 11 14 1 4 7 10 13 0 3 6 9 12 15 2
-
-{	.mmi
-	mov Z = M0
-	mov Y = M1
-	mov ar.lc = 3
-}
-{	.mmi
-	mov X = M3
-	mov W = M5
-	mov V = M6
-} ;;
-
-{	.mmi
-	mov M0 = M4
-	mov M1 = M11
-	mov ar.ec = 1
-}
-{	.mmi
-	mov M3 = M9
-	mov U = M8
-	mov T = M13
-} ;;
-
-{	.mmi
-	mov M4 = Z
-	mov M11 = Y
-	mov M5 = M7
-}
-{	.mmi
-	mov M6 = M14
-	mov M8 = M12
-	mov M13 = M15
-} ;;
-
-{	.mmi
-	mov M7 = W
-	mov M14 = V
-	nop 0x0
-}
-{	.mmi
-	mov M9 = X
-	mov M12 = U
-	mov M15 = T
-} ;;
-
-.md5_HH_round:
-	HH4(.md5_HH_round)
-
-// The following sequence shuffles the block constants round for the
-// next round:
-//
-// 5 8 11 14 1 4 7 10 13 0 3 6 9 12 15 2
-// 0 7 14 5 12 3 10 1 8 15 6 13 4 11 2 9
-
-{	.mmi
-	mov Z = M0
-	mov Y = M15
-	mov ar.lc = 3
-}
-{	.mmi
-	mov X = M10
-	mov W = M1
-	mov V = M4
-} ;;
-
-{	.mmi
-	mov M0 = M9
-	mov M15 = M12
-	mov ar.ec = 1
-}
-{	.mmi
-	mov M10 = M11
-	mov M1 = M6
-	mov M4 = M13
-} ;;
-
-{	.mmi
-	mov M9 = M14
-	mov M12 = M5
-	mov U = M3
-}
-{	.mmi
-	mov M11 = M8
-	mov M6 = M7
-	mov M13 = M2
-} ;;
-
-{	.mmi
-	mov M14 = Y
-	mov M5 = X
-	mov M3 = Z
-}
-{	.mmi
-	mov M8 = W
-	mov M7 = V
-	mov M2 = U
-} ;;
-
-.md5_II_round:
-	II4(.md5_II_round)
-
-{	.mib
-	nop 0x0
-	nop 0x0
-	br.ret.sptk.many QUICK_RTN
-} ;;
-
-	.endp md5_digest_GHI
-
-#define FFLOADU(a, b, c, d, M, P, N, s, offset)	\
-{	.mii ;					\
-(pMore) ld4 N = [DPtr], 4 ;			\
-	add Z = M, TRound ;			\
-	and Y = c, b ;				\
-}						\
-{	.mmi ;					\
-	andcm X = d, b ;;			\
-	add Z = Z, a ;				\
-	or Y = Y, X ;				\
-} ;;						\
-{	.mii ;					\
-	ld4 TRound = [TPtr], 4 ;		\
-	GETLW(W, P, offset) ;			\
-	add Z = Z, Y ;				\
-} ;;						\
-{	.mii ;					\
-	or W = W, DTmp ;			\
-	dep.z Y = Z, 32, 32 ;;			\
-	shrp Z = Z, Y, 64 - s ;			\
-} ;;						\
-{	.mii ;					\
-	add a = Z, b ;				\
-	GETRW(DTmp, P, offset) ;		\
-	mov P = W ;				\
-} ;;
-
-#define FFLOOPU(a, b, c, d, M, P, N, s, offset)		\
-{	.mii ;						\
-(pMore) ld4 N = [DPtr], 4 ;				\
-	add Z = M, TRound ;				\
-	and Y = c, b ;					\
-}							\
-{	.mmi ;						\
-	andcm X = d, b ;;				\
-	add Z = Z, a ;					\
-	or Y = Y, X ;					\
-} ;;							\
-{	.mii ;						\
-	ld4 TRound = [TPtr], 4 ;			\
-(pMore) GETLW(W, P, offset) 	;			\
-	add Z = Z, Y ;					\
-} ;;							\
-{	.mii ;						\
-(pMore) or W = W, DTmp ;				\
-	dep.z Y = Z, 32, 32 ;;				\
-	shrp Z = Z, Y, 64 - s ;				\
-} ;;							\
-{	.mii ;						\
-	add a = Z, b ;					\
-(pMore) GETRW(DTmp, P, offset) 	;			\
-(pMore) mov P = W ;					\
-}							\
-{	.mib ;						\
-	cmp.ne pMore, p0 = 0, LTrip ;			\
-	add LTrip = -1, LTrip ;				\
-	br.ctop.sptk.many .md5_FF_round##offset ;	\
-} ;;
-
-#define MD5FBLOCK(offset)						\
-	.type md5_digest_block##offset, @function ;			\
-									\
-	.align 32 ;							\
-	.proc md5_digest_block##offset ;				\
-	.prologue ;							\
-	.altrp QUICK_RTN ;						\
-	.body ;								\
-md5_digest_block##offset:						\
-{	.mmi ;								\
-	alloc PFS = ar.pfs, _NINPUTS, _NLOCALS, _NOUTPUT, _NROTATE ;	\
-	mov LTrip = 2 ;							\
-	mov ar.lc = 3 ;							\
-} ;;									\
-{	.mii ;								\
-	cmp.eq pMore, p0 = r0, r0 ;					\
-	mov ar.ec = 0 ;							\
-	nop 0x0 ;							\
-} ;;									\
-									\
-	.pred.rel "mutex", pLoad, pSkip ;				\
-.md5_FF_round##offset:							\
-	FFLOADU(A, B, C, D, M12, M13, RotateM0, 7, offset)		\
-	FFLOADU(D, A, B, C, M13, M14, RotateM1, 12, offset)		\
-	FFLOADU(C, D, A, B, M14, M15, RotateM2, 17, offset)		\
-	FFLOOPU(B, C, D, A, M15, RotateM0, RotateM3, 22, offset)	\
-									\
-{	.mib ;								\
-	nop 0x0 ;							\
-	nop 0x0 ;							\
-	br.cond.sptk.many md5_digest_GHI ;				\
-} ;;									\
-	.endp md5_digest_block##offset
-
-MD5FBLOCK(1)
-MD5FBLOCK(2)
-MD5FBLOCK(3)
-
-	.align 64
-	.type md5_constants, @object
-md5_constants:
-.md5_tbl_data_order:			// To ensure little-endian data
-					// order, code as bytes.
-	data1 0x78, 0xa4, 0x6a, 0xd7	//     0
-	data1 0x56, 0xb7, 0xc7, 0xe8	//     1
-	data1 0xdb, 0x70, 0x20, 0x24	//     2
-	data1 0xee, 0xce, 0xbd, 0xc1	//     3
-	data1 0xaf, 0x0f, 0x7c, 0xf5	//     4
-	data1 0x2a, 0xc6, 0x87, 0x47	//     5
-	data1 0x13, 0x46, 0x30, 0xa8	//     6
-	data1 0x01, 0x95, 0x46, 0xfd	//     7
-	data1 0xd8, 0x98, 0x80, 0x69	//     8
-	data1 0xaf, 0xf7, 0x44, 0x8b	//     9
-	data1 0xb1, 0x5b, 0xff, 0xff	//    10
-	data1 0xbe, 0xd7, 0x5c, 0x89	//    11
-	data1 0x22, 0x11, 0x90, 0x6b	//    12
-	data1 0x93, 0x71, 0x98, 0xfd	//    13
-	data1 0x8e, 0x43, 0x79, 0xa6	//    14
-	data1 0x21, 0x08, 0xb4, 0x49	//    15
-	data1 0x62, 0x25, 0x1e, 0xf6	//    16
-	data1 0x40, 0xb3, 0x40, 0xc0	//    17
-	data1 0x51, 0x5a, 0x5e, 0x26	//    18
-	data1 0xaa, 0xc7, 0xb6, 0xe9	//    19
-	data1 0x5d, 0x10, 0x2f, 0xd6	//    20
-	data1 0x53, 0x14, 0x44, 0x02	//    21
-	data1 0x81, 0xe6, 0xa1, 0xd8	//    22
-	data1 0xc8, 0xfb, 0xd3, 0xe7	//    23
-	data1 0xe6, 0xcd, 0xe1, 0x21	//    24
-	data1 0xd6, 0x07, 0x37, 0xc3	//    25
-	data1 0x87, 0x0d, 0xd5, 0xf4	//    26
-	data1 0xed, 0x14, 0x5a, 0x45	//    27
-	data1 0x05, 0xe9, 0xe3, 0xa9	//    28
-	data1 0xf8, 0xa3, 0xef, 0xfc	//    29
-	data1 0xd9, 0x02, 0x6f, 0x67	//    30
-	data1 0x8a, 0x4c, 0x2a, 0x8d	//    31
-	data1 0x42, 0x39, 0xfa, 0xff	//    32
-	data1 0x81, 0xf6, 0x71, 0x87	//    33
-	data1 0x22, 0x61, 0x9d, 0x6d	//    34
-	data1 0x0c, 0x38, 0xe5, 0xfd	//    35
-	data1 0x44, 0xea, 0xbe, 0xa4	//    36
-	data1 0xa9, 0xcf, 0xde, 0x4b	//    37
-	data1 0x60, 0x4b, 0xbb, 0xf6	//    38
-	data1 0x70, 0xbc, 0xbf, 0xbe	//    39
-	data1 0xc6, 0x7e, 0x9b, 0x28	//    40
-	data1 0xfa, 0x27, 0xa1, 0xea	//    41
-	data1 0x85, 0x30, 0xef, 0xd4	//    42
-	data1 0x05, 0x1d, 0x88, 0x04	//    43
-	data1 0x39, 0xd0, 0xd4, 0xd9	//    44
-	data1 0xe5, 0x99, 0xdb, 0xe6	//    45
-	data1 0xf8, 0x7c, 0xa2, 0x1f	//    46
-	data1 0x65, 0x56, 0xac, 0xc4	//    47
-	data1 0x44, 0x22, 0x29, 0xf4	//    48
-	data1 0x97, 0xff, 0x2a, 0x43	//    49
-	data1 0xa7, 0x23, 0x94, 0xab	//    50
-	data1 0x39, 0xa0, 0x93, 0xfc	//    51
-	data1 0xc3, 0x59, 0x5b, 0x65	//    52
-	data1 0x92, 0xcc, 0x0c, 0x8f	//    53
-	data1 0x7d, 0xf4, 0xef, 0xff	//    54
-	data1 0xd1, 0x5d, 0x84, 0x85	//    55
-	data1 0x4f, 0x7e, 0xa8, 0x6f	//    56
-	data1 0xe0, 0xe6, 0x2c, 0xfe	//    57
-	data1 0x14, 0x43, 0x01, 0xa3	//    58
-	data1 0xa1, 0x11, 0x08, 0x4e	//    59
-	data1 0x82, 0x7e, 0x53, 0xf7	//    60
-	data1 0x35, 0xf2, 0x3a, 0xbd	//    61
-	data1 0xbb, 0xd2, 0xd7, 0x2a	//    62
-	data1 0x91, 0xd3, 0x86, 0xeb	//    63
-.size	md5_constants#,64*4
diff --git a/deps/openssl/openssl/crypto/md5/asm/md5-sparcv9.pl b/deps/openssl/openssl/crypto/md5/asm/md5-sparcv9.pl
index 09e6d7139a..6a62c62531 100644
--- a/deps/openssl/openssl/crypto/md5/asm/md5-sparcv9.pl
+++ b/deps/openssl/openssl/crypto/md5/asm/md5-sparcv9.pl
@@ -13,7 +13,7 @@
 # CRYPTOGAMS licenses depending on where you obtain it. For further
 # details see http://www.openssl.org/~appro/cryptogams/.
 #
-# Hardware SPARC T4 support by David S. Miller <davem@davemloft.net>.
+# Hardware SPARC T4 support by David S. Miller.
 # ====================================================================
 
 # MD5 for SPARCv9, 6.9 cycles per byte on UltraSPARC, >40% faster than
@@ -242,7 +242,7 @@ md5_block_asm_data_order:
 	ldd	[%o1 + 0x20], %f16
 	ldd	[%o1 + 0x28], %f18
 	ldd	[%o1 + 0x30], %f20
-	subcc	%o2, 1, %o2		! done yet? 
+	subcc	%o2, 1, %o2		! done yet?
 	ldd	[%o1 + 0x38], %f22
 	add	%o1, 0x40, %o1
 	prefetch [%o1 + 63], 20
diff --git a/deps/openssl/openssl/crypto/md5/asm/md5-x86_64.pl b/deps/openssl/openssl/crypto/md5/asm/md5-x86_64.pl
index 3f656dc0b2..386d8048ec 100755
--- a/deps/openssl/openssl/crypto/md5/asm/md5-x86_64.pl
+++ b/deps/openssl/openssl/crypto/md5/asm/md5-x86_64.pl
@@ -140,11 +140,17 @@ $code .= <<EOF;
 .globl md5_block_asm_data_order
 .type md5_block_asm_data_order,\@function,3
 md5_block_asm_data_order:
+.cfi_startproc
 	push	%rbp
+.cfi_push	%rbp
 	push	%rbx
+.cfi_push	%rbx
 	push	%r12
+.cfi_push	%r12
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
 .Lprologue:
 
 	# rdi = arg #1 (ctx, MD5_CTX pointer)
@@ -261,13 +267,20 @@ $code .= <<EOF;
 	mov	%edx,		3*4(%rbp)	# ctx->D = D
 
 	mov	(%rsp),%r15
+.cfi_restore	%r15
 	mov	8(%rsp),%r14
+.cfi_restore	%r14
 	mov	16(%rsp),%r12
+.cfi_restore	%r12
 	mov	24(%rsp),%rbx
+.cfi_restore	%rbx
 	mov	32(%rsp),%rbp
+.cfi_restore	%rbp
 	add	\$40,%rsp
+.cfi_adjust_cfa_offset	-40
 .Lepilogue:
 	ret
+.cfi_endproc
 .size md5_block_asm_data_order,.-md5_block_asm_data_order
 EOF
 
diff --git a/deps/openssl/openssl/crypto/md5/build.info b/deps/openssl/openssl/crypto/md5/build.info
index 38323a3fc2..e641fecd0d 100644
--- a/deps/openssl/openssl/crypto/md5/build.info
+++ b/deps/openssl/openssl/crypto/md5/build.info
@@ -2,21 +2,10 @@ LIBS=../../libcrypto
 SOURCE[../../libcrypto]=\
         md5_dgst.c md5_one.c {- $target{md5_asm_src} -}
 
-GENERATE[md5-586.s]=asm/md5-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS)
+GENERATE[md5-586.s]=asm/md5-586.pl \
+        $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS)
 
 GENERATE[md5-x86_64.s]=asm/md5-x86_64.pl $(PERLASM_SCHEME)
 
 GENERATE[md5-sparcv9.S]=asm/md5-sparcv9.pl $(PERLASM_SCHEME)
 INCLUDE[md5-sparcv9.o]=..
-
-BEGINRAW[makefile(windows)]
-{- $builddir -}\md5-ia64.asm: {- $sourcedir -}\asm\md5-ia64.S
-	$(CC) $(CFLAGS) -EP {- $sourcedir -}\asm\md5-ia64.S > $@.i && move /Y $@.i $@
-ENDRAW[makefile(windows)]
-
-BEGINRAW[Makefile]
-{- $builddir -}/md5-ia64.s: {- $sourcedir -}/asm/md5-ia64.S
-	$(CC) $(CFLAGS) -E {- $sourcedir -}/asm/md5-ia64.S | \
-	$(PERL) -ne 's/;\s+/;\n/g; print;' > $@
-
-ENDRAW[Makefile]
diff --git a/deps/openssl/openssl/crypto/md5/md5_locl.h b/deps/openssl/openssl/crypto/md5/md5_locl.h
index 9c7aade840..4eb7e50ef4 100644
--- a/deps/openssl/openssl/crypto/md5/md5_locl.h
+++ b/deps/openssl/openssl/crypto/md5/md5_locl.h
@@ -50,8 +50,8 @@ void md5_block_data_order(MD5_CTX *c, const void *p, size_t num);
 */
 
 /*
- * As pointed out by Wei Dai <weidai@eskimo.com>, the above can be simplified
- * to the code below.  Wei attributes these optimizations to Peter Gutmann's
+ * As pointed out by Wei Dai, the above can be simplified to the code
+ * below.  Wei attributes these optimizations to Peter Gutmann's
  * SHS code, and he attributes it to Rich Schroeppel.
  */
 #define F(b,c,d)        ((((c) ^ (d)) & (b)) ^ (d))
diff --git a/deps/openssl/openssl/crypto/md5/md5_one.c b/deps/openssl/openssl/crypto/md5/md5_one.c
index becd87e4d6..c3bf2f88f0 100644
--- a/deps/openssl/openssl/crypto/md5/md5_one.c
+++ b/deps/openssl/openssl/crypto/md5/md5_one.c
@@ -43,5 +43,5 @@ unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md)
 #endif
     MD5_Final(md, &c);
     OPENSSL_cleanse(&c, sizeof(c)); /* security consideration */
-    return (md);
+    return md;
 }
diff --git a/deps/openssl/openssl/crypto/mdc2/mdc2_one.c b/deps/openssl/openssl/crypto/mdc2/mdc2_one.c
index 472a5ec2e0..58e1e0fdf6 100644
--- a/deps/openssl/openssl/crypto/mdc2/mdc2_one.c
+++ b/deps/openssl/openssl/crypto/mdc2/mdc2_one.c
@@ -23,5 +23,5 @@ unsigned char *MDC2(const unsigned char *d, size_t n, unsigned char *md)
     MDC2_Update(&c, d, n);
     MDC2_Final(md, &c);
     OPENSSL_cleanse(&c, sizeof(c)); /* security consideration */
-    return (md);
+    return md;
 }
diff --git a/deps/openssl/openssl/crypto/mdc2/mdc2dgst.c b/deps/openssl/openssl/crypto/mdc2/mdc2dgst.c
index 37d99f48a5..14233b9aba 100644
--- a/deps/openssl/openssl/crypto/mdc2/mdc2dgst.c
+++ b/deps/openssl/openssl/crypto/mdc2/mdc2dgst.c
@@ -124,24 +124,3 @@ int MDC2_Final(unsigned char *md, MDC2_CTX *c)
     memcpy(&(md[MDC2_BLOCK]), (char *)c->hh, MDC2_BLOCK);
     return 1;
 }
-
-#undef TEST
-
-#ifdef TEST
-main()
-{
-    unsigned char md[MDC2_DIGEST_LENGTH];
-    int i;
-    MDC2_CTX c;
-    static char *text = "Now is the time for all ";
-
-    MDC2_Init(&c);
-    MDC2_Update(&c, text, strlen(text));
-    MDC2_Final(&(md[0]), &c);
-
-    for (i = 0; i < MDC2_DIGEST_LENGTH; i++)
-        printf("%02X", md[i]);
-    printf("\n");
-}
-
-#endif
diff --git a/deps/openssl/openssl/crypto/mem.c b/deps/openssl/openssl/crypto/mem.c
index 72b04c8214..780053ffef 100644
--- a/deps/openssl/openssl/crypto/mem.c
+++ b/deps/openssl/openssl/crypto/mem.c
@@ -7,11 +7,16 @@
  * https://www.openssl.org/source/license.html
  */
 
+#include "e_os.h"
+#include "internal/cryptlib.h"
+#include "internal/cryptlib_int.h"
 #include <stdio.h>
 #include <stdlib.h>
 #include <limits.h>
 #include <openssl/crypto.h>
-#include "internal/cryptlib.h"
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+# include <execinfo.h>
+#endif
 
 /*
  * the following pointers may be changed as long as 'allow_customize' is set
@@ -26,9 +31,30 @@ static void (*free_impl)(void *, const char *, int)
     = CRYPTO_free;
 
 #ifndef OPENSSL_NO_CRYPTO_MDEBUG
+# include "internal/tsan_assist.h"
+
+static TSAN_QUALIFIER int malloc_count;
+static TSAN_QUALIFIER int realloc_count;
+static TSAN_QUALIFIER int free_count;
+
+# define INCREMENT(x) tsan_counter(&(x))
+
+static char *md_failstring;
+static long md_count;
+static int md_fail_percent = 0;
+static int md_tracefd = -1;
 static int call_malloc_debug = 1;
+
+static void parseit(void);
+static int shouldfail(void);
+
+# define FAILTEST() if (shouldfail()) return NULL
+
 #else
 static int call_malloc_debug = 0;
+
+# define INCREMENT(x) /* empty */
+# define FAILTEST() /* empty */
 #endif
 
 int CRYPTO_set_mem_functions(
@@ -68,16 +94,113 @@ void CRYPTO_get_mem_functions(
         *f = free_impl;
 }
 
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+void CRYPTO_get_alloc_counts(int *mcount, int *rcount, int *fcount)
+{
+    if (mcount != NULL)
+        *mcount = tsan_load(&malloc_count);
+    if (rcount != NULL)
+        *rcount = tsan_load(&realloc_count);
+    if (fcount != NULL)
+        *fcount = tsan_load(&free_count);
+}
+
+/*
+ * Parse a "malloc failure spec" string.  This likes like a set of fields
+ * separated by semicolons.  Each field has a count and an optional failure
+ * percentage.  For example:
+ *          100@0;100@25;0@0
+ *    or    100;100@25;0
+ * This means 100 mallocs succeed, then next 100 fail 25% of the time, and
+ * all remaining (count is zero) succeed.
+ */
+static void parseit(void)
+{
+    char *semi = strchr(md_failstring, ';');
+    char *atsign;
+
+    if (semi != NULL)
+        *semi++ = '\0';
+
+    /* Get the count (atol will stop at the @ if there), and percentage */
+    md_count = atol(md_failstring);
+    atsign = strchr(md_failstring, '@');
+    md_fail_percent = atsign == NULL ? 0 : atoi(atsign + 1);
+
+    if (semi != NULL)
+        md_failstring = semi;
+}
+
+/*
+ * Windows doesn't have random(), but it has rand()
+ * Some rand() implementations aren't good, but we're not
+ * dealing with secure randomness here.
+ */
+# ifdef _WIN32
+#  define random() rand()
+# endif
+/*
+ * See if the current malloc should fail.
+ */
+static int shouldfail(void)
+{
+    int roll = (int)(random() % 100);
+    int shoulditfail = roll < md_fail_percent;
+# ifndef _WIN32
+/* suppressed on Windows as POSIX-like file descriptors are non-inheritable */
+    int len;
+    char buff[80];
+
+    if (md_tracefd > 0) {
+        BIO_snprintf(buff, sizeof(buff),
+                     "%c C%ld %%%d R%d\n",
+                     shoulditfail ? '-' : '+', md_count, md_fail_percent, roll);
+        len = strlen(buff);
+        if (write(md_tracefd, buff, len) != len)
+            perror("shouldfail write failed");
+#  ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+        if (shoulditfail) {
+            void *addrs[30];
+            int num = backtrace(addrs, OSSL_NELEM(addrs));
+
+            backtrace_symbols_fd(addrs, num, md_tracefd);
+        }
+#  endif
+    }
+# endif
+
+    if (md_count) {
+        /* If we used up this one, go to the next. */
+        if (--md_count == 0)
+            parseit();
+    }
+
+    return shoulditfail;
+}
+
+void ossl_malloc_setup_failures(void)
+{
+    const char *cp = getenv("OPENSSL_MALLOC_FAILURES");
+
+    if (cp != NULL && (md_failstring = strdup(cp)) != NULL)
+        parseit();
+    if ((cp = getenv("OPENSSL_MALLOC_FD")) != NULL)
+        md_tracefd = atoi(cp);
+}
+#endif
+
 void *CRYPTO_malloc(size_t num, const char *file, int line)
 {
     void *ret = NULL;
 
+    INCREMENT(malloc_count);
     if (malloc_impl != NULL && malloc_impl != CRYPTO_malloc)
         return malloc_impl(num, file, line);
 
     if (num == 0)
         return NULL;
 
+    FAILTEST();
     if (allow_customize) {
         /*
          * Disallow customization after the first allocation. We only set this
@@ -95,7 +218,7 @@ void *CRYPTO_malloc(size_t num, const char *file, int line)
         ret = malloc(num);
     }
 #else
-    osslargused(file); osslargused(line);
+    (void)(file); (void)(line);
     ret = malloc(num);
 #endif
 
@@ -106,6 +229,7 @@ void *CRYPTO_zalloc(size_t num, const char *file, int line)
 {
     void *ret = CRYPTO_malloc(num, file, line);
 
+    FAILTEST();
     if (ret != NULL)
         memset(ret, 0, num);
     return ret;
@@ -113,9 +237,11 @@ void *CRYPTO_zalloc(size_t num, const char *file, int line)
 
 void *CRYPTO_realloc(void *str, size_t num, const char *file, int line)
 {
+    INCREMENT(realloc_count);
     if (realloc_impl != NULL && realloc_impl != &CRYPTO_realloc)
         return realloc_impl(str, num, file, line);
 
+    FAILTEST();
     if (str == NULL)
         return CRYPTO_malloc(num, file, line);
 
@@ -133,7 +259,7 @@ void *CRYPTO_realloc(void *str, size_t num, const char *file, int line)
         return ret;
     }
 #else
-    osslargused(file); osslargused(line);
+    (void)(file); (void)(line);
 #endif
     return realloc(str, num);
 
@@ -168,6 +294,7 @@ void *CRYPTO_clear_realloc(void *str, size_t old_len, size_t num,
 
 void CRYPTO_free(void *str, const char *file, int line)
 {
+    INCREMENT(free_count);
     if (free_impl != NULL && free_impl != &CRYPTO_free) {
         free_impl(str, file, line);
         return;
diff --git a/deps/openssl/openssl/crypto/mem_dbg.c b/deps/openssl/openssl/crypto/mem_dbg.c
index c884078e77..0489e97adb 100644
--- a/deps/openssl/openssl/crypto/mem_dbg.c
+++ b/deps/openssl/openssl/crypto/mem_dbg.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -56,8 +56,8 @@ struct app_mem_info_st {
 };
 
 static CRYPTO_ONCE memdbg_init = CRYPTO_ONCE_STATIC_INIT;
-static CRYPTO_RWLOCK *malloc_lock = NULL;
-static CRYPTO_RWLOCK *long_malloc_lock = NULL;
+CRYPTO_RWLOCK *memdbg_lock;
+static CRYPTO_RWLOCK *long_memdbg_lock;
 static CRYPTO_THREAD_LOCAL appinfokey;
 
 /* memory-block description */
@@ -76,28 +76,31 @@ struct mem_st {
 #endif
 };
 
-static LHASH_OF(MEM) *mh = NULL; /* hash-table of memory requests (address as
-                                  * key); access requires MALLOC2 lock */
+/*
+ * hash-table of memory requests (address as * key); access requires
+ * long_memdbg_lock lock
+ */
+static LHASH_OF(MEM) *mh = NULL;
 
 /* num_disable > 0 iff mh_mode == CRYPTO_MEM_CHECK_ON (w/o ..._ENABLE) */
 static unsigned int num_disable = 0;
 
 /*
- * Valid iff num_disable > 0.  long_malloc_lock is locked exactly in this
+ * Valid iff num_disable > 0.  long_memdbg_lock is locked exactly in this
  * case (by the thread named in disabling_thread).
  */
 static CRYPTO_THREAD_ID disabling_threadid;
 
 DEFINE_RUN_ONCE_STATIC(do_memdbg_init)
 {
-    malloc_lock = CRYPTO_THREAD_lock_new();
-    long_malloc_lock = CRYPTO_THREAD_lock_new();
-    if (malloc_lock == NULL || long_malloc_lock == NULL
+    memdbg_lock = CRYPTO_THREAD_lock_new();
+    long_memdbg_lock = CRYPTO_THREAD_lock_new();
+    if (memdbg_lock == NULL || long_memdbg_lock == NULL
         || !CRYPTO_THREAD_init_local(&appinfokey, NULL)) {
-        CRYPTO_THREAD_lock_free(malloc_lock);
-        malloc_lock = NULL;
-        CRYPTO_THREAD_lock_free(long_malloc_lock);
-        long_malloc_lock = NULL;
+        CRYPTO_THREAD_lock_free(memdbg_lock);
+        memdbg_lock = NULL;
+        CRYPTO_THREAD_lock_free(long_memdbg_lock);
+        long_memdbg_lock = NULL;
         return 0;
     }
     return 1;
@@ -105,7 +108,7 @@ DEFINE_RUN_ONCE_STATIC(do_memdbg_init)
 
 static void app_info_free(APP_INFO *inf)
 {
-    if (!inf)
+    if (inf == NULL)
         return;
     if (--(inf->references) <= 0) {
         app_info_free(inf->next);
@@ -124,7 +127,7 @@ int CRYPTO_mem_ctrl(int mode)
     if (!RUN_ONCE(&memdbg_init, do_memdbg_init))
         return -1;
 
-    CRYPTO_THREAD_write_lock(malloc_lock);
+    CRYPTO_THREAD_write_lock(memdbg_lock);
     switch (mode) {
     default:
         break;
@@ -143,26 +146,26 @@ int CRYPTO_mem_ctrl(int mode)
     case CRYPTO_MEM_CHECK_DISABLE:
         if (mh_mode & CRYPTO_MEM_CHECK_ON) {
             CRYPTO_THREAD_ID cur = CRYPTO_THREAD_get_current_id();
-            /* see if we don't have long_malloc_lock already */
+            /* see if we don't have long_memdbg_lock already */
             if (!num_disable
                 || !CRYPTO_THREAD_compare_id(disabling_threadid, cur)) {
                 /*
-                 * Long-time lock long_malloc_lock must not be claimed
-                 * while we're holding malloc_lock, or we'll deadlock
-                 * if somebody else holds long_malloc_lock (and cannot
+                 * Long-time lock long_memdbg_lock must not be claimed
+                 * while we're holding memdbg_lock, or we'll deadlock
+                 * if somebody else holds long_memdbg_lock (and cannot
                  * release it because we block entry to this function). Give
                  * them a chance, first, and then claim the locks in
                  * appropriate order (long-time lock first).
                  */
-                CRYPTO_THREAD_unlock(malloc_lock);
+                CRYPTO_THREAD_unlock(memdbg_lock);
                 /*
-                 * Note that after we have waited for long_malloc_lock and
-                 * malloc_lock, we'll still be in the right "case" and
+                 * Note that after we have waited for long_memdbg_lock and
+                 * memdbg_lock, we'll still be in the right "case" and
                  * "if" branch because MemCheck_start and MemCheck_stop may
                  * never be used while there are multiple OpenSSL threads.
                  */
-                CRYPTO_THREAD_write_lock(long_malloc_lock);
-                CRYPTO_THREAD_write_lock(malloc_lock);
+                CRYPTO_THREAD_write_lock(long_memdbg_lock);
+                CRYPTO_THREAD_write_lock(memdbg_lock);
                 mh_mode &= ~CRYPTO_MEM_CHECK_ENABLE;
                 disabling_threadid = cur;
             }
@@ -176,14 +179,14 @@ int CRYPTO_mem_ctrl(int mode)
                 num_disable--;
                 if (num_disable == 0) {
                     mh_mode |= CRYPTO_MEM_CHECK_ENABLE;
-                    CRYPTO_THREAD_unlock(long_malloc_lock);
+                    CRYPTO_THREAD_unlock(long_memdbg_lock);
                 }
             }
         }
         break;
     }
-    CRYPTO_THREAD_unlock(malloc_lock);
-    return (ret);
+    CRYPTO_THREAD_unlock(memdbg_lock);
+    return ret;
 #endif
 }
 
@@ -199,14 +202,14 @@ static int mem_check_on(void)
             return 0;
 
         cur = CRYPTO_THREAD_get_current_id();
-        CRYPTO_THREAD_read_lock(malloc_lock);
+        CRYPTO_THREAD_read_lock(memdbg_lock);
 
         ret = (mh_mode & CRYPTO_MEM_CHECK_ENABLE)
             || !CRYPTO_THREAD_compare_id(disabling_threadid, cur);
 
-        CRYPTO_THREAD_unlock(malloc_lock);
+        CRYPTO_THREAD_unlock(memdbg_lock);
     }
-    return (ret);
+    return ret;
 }
 
 static int mem_cmp(const MEM *a, const MEM *b)
@@ -231,7 +234,7 @@ static unsigned long mem_hash(const MEM *a)
     ret = (size_t)a->addr;
 
     ret = ret * 17851 + (ret >> 14) * 7 + (ret >> 4) * 251;
-    return (ret);
+    return ret;
 }
 
 /* returns 1 if there was an info to pop, 0 if the stack was empty. */
@@ -292,7 +295,7 @@ int CRYPTO_mem_debug_push(const char *info, const char *file, int line)
         CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
     }
 
-    return (ret);
+    return ret;
 }
 
 int CRYPTO_mem_debug_pop(void)
@@ -304,7 +307,7 @@ int CRYPTO_mem_debug_pop(void)
         ret = pop_info();
         CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
     }
-    return (ret);
+    return ret;
 }
 
 static unsigned long break_order_num = 0;
@@ -443,7 +446,8 @@ void CRYPTO_mem_debug_realloc(void *addr1, void *addr2, size_t num,
 }
 
 typedef struct mem_leak_st {
-    BIO *bio;
+    int (*print_cb) (const char *str, size_t len, void *u);
+    void *print_cb_arg;
     int chunks;
     long bytes;
 } MEM_LEAK;
@@ -452,8 +456,9 @@ static void print_leak(const MEM *m, MEM_LEAK *l)
 {
     char buf[1024];
     char *bufp = buf;
+    size_t len = sizeof(buf), ami_cnt;
     APP_INFO *amip;
-    int ami_cnt;
+    int n;
     struct tm *lcl = NULL;
     /*
      * Convert between CRYPTO_THREAD_ID (which could be anything at all) and
@@ -466,27 +471,38 @@ static void print_leak(const MEM *m, MEM_LEAK *l)
     } tid;
     CRYPTO_THREAD_ID ti;
 
-#define BUF_REMAIN (sizeof(buf) - (size_t)(bufp - buf))
-
     lcl = localtime(&m->time);
-    BIO_snprintf(bufp, BUF_REMAIN, "[%02d:%02d:%02d] ",
-                 lcl->tm_hour, lcl->tm_min, lcl->tm_sec);
-    bufp += strlen(bufp);
+    n = BIO_snprintf(bufp, len, "[%02d:%02d:%02d] ",
+                     lcl->tm_hour, lcl->tm_min, lcl->tm_sec);
+    if (n <= 0) {
+        bufp[0] = '\0';
+        return;
+    }
+    bufp += n;
+    len -= n;
 
-    BIO_snprintf(bufp, BUF_REMAIN, "%5lu file=%s, line=%d, ",
-                 m->order, m->file, m->line);
-    bufp += strlen(bufp);
+    n = BIO_snprintf(bufp, len, "%5lu file=%s, line=%d, ",
+                     m->order, m->file, m->line);
+    if (n <= 0)
+        return;
+    bufp += n;
+    len -= n;
 
     tid.ltid = 0;
     tid.tid = m->threadid;
-    BIO_snprintf(bufp, BUF_REMAIN, "thread=%lu, ", tid.ltid);
-    bufp += strlen(bufp);
+    n = BIO_snprintf(bufp, len, "thread=%lu, ", tid.ltid);
+    if (n <= 0)
+        return;
+    bufp += n;
+    len -= n;
 
-    BIO_snprintf(bufp, BUF_REMAIN, "number=%d, address=%p\n",
-                 m->num, m->addr);
-    bufp += strlen(bufp);
+    n = BIO_snprintf(bufp, len, "number=%d, address=%p\n", m->num, m->addr);
+    if (n <= 0)
+        return;
+    bufp += n;
+    len -= n;
 
-    BIO_puts(l->bio, buf);
+    l->print_cb(buf, (size_t)(bufp - buf), l->print_cb_arg);
 
     l->chunks++;
     l->bytes += m->num;
@@ -502,25 +518,34 @@ static void print_leak(const MEM *m, MEM_LEAK *l)
             int info_len;
 
             ami_cnt++;
+            if (ami_cnt >= sizeof(buf) - 1)
+                break;
             memset(buf, '>', ami_cnt);
+            buf[ami_cnt] = '\0';
             tid.ltid = 0;
             tid.tid = amip->threadid;
-            BIO_snprintf(buf + ami_cnt, sizeof(buf) - ami_cnt,
-                         " thread=%lu, file=%s, line=%d, info=\"",
-                         tid.ltid, amip->file,
-                         amip->line);
-            buf_len = strlen(buf);
+            n = BIO_snprintf(buf + ami_cnt, sizeof(buf) - ami_cnt,
+                             " thread=%lu, file=%s, line=%d, info=\"",
+                             tid.ltid, amip->file, amip->line);
+            if (n <= 0)
+                break;
+            buf_len = ami_cnt + n;
             info_len = strlen(amip->info);
             if (128 - buf_len - 3 < info_len) {
                 memcpy(buf + buf_len, amip->info, 128 - buf_len - 3);
                 buf_len = 128 - 3;
             } else {
-                OPENSSL_strlcpy(buf + buf_len, amip->info, sizeof(buf) - buf_len);
-                buf_len = strlen(buf);
+                n = BIO_snprintf(buf + buf_len, sizeof(buf) - buf_len, "%s",
+                                 amip->info);
+                if (n < 0)
+                    break;
+                buf_len += n;
             }
-            BIO_snprintf(buf + buf_len, sizeof(buf) - buf_len, "\"\n");
+            n = BIO_snprintf(buf + buf_len, sizeof(buf) - buf_len, "\"\n");
+            if (n <= 0)
+                break;
 
-            BIO_puts(l->bio, buf);
+            l->print_cb(buf, buf_len + n, l->print_cb_arg);
 
             amip = amip->next;
         }
@@ -541,16 +566,11 @@ static void print_leak(const MEM *m, MEM_LEAK *l)
 
 IMPLEMENT_LHASH_DOALL_ARG_CONST(MEM, MEM_LEAK);
 
-int CRYPTO_mem_leaks(BIO *b)
+int CRYPTO_mem_leaks_cb(int (*cb) (const char *str, size_t len, void *u),
+                        void *u)
 {
     MEM_LEAK ml;
 
-    /*
-     * OPENSSL_cleanup() will free the ex_data locks so we can't have any
-     * ex_data hanging around
-     */
-    bio_free_ex_data(b);
-
     /* Ensure all resources are released */
     OPENSSL_cleanup();
 
@@ -559,14 +579,19 @@ int CRYPTO_mem_leaks(BIO *b)
 
     CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
 
-    ml.bio = b;
+    ml.print_cb = cb;
+    ml.print_cb_arg = u;
     ml.bytes = 0;
     ml.chunks = 0;
     if (mh != NULL)
         lh_MEM_doall_MEM_LEAK(mh, print_leak, &ml);
 
     if (ml.chunks != 0) {
-        BIO_printf(b, "%ld bytes leaked in %d chunks\n", ml.bytes, ml.chunks);
+        char buf[256];
+
+        BIO_snprintf(buf, sizeof(buf), "%ld bytes leaked in %d chunks\n",
+                     ml.bytes, ml.chunks);
+        cb(buf, strlen(buf), u);
     } else {
         /*
          * Make sure that, if we found no leaks, memory-leak debugging itself
@@ -576,7 +601,7 @@ int CRYPTO_mem_leaks(BIO *b)
          */
         int old_mh_mode;
 
-        CRYPTO_THREAD_write_lock(malloc_lock);
+        CRYPTO_THREAD_write_lock(memdbg_lock);
 
         /*
          * avoid deadlock when lh_free() uses CRYPTO_mem_debug_free(), which uses
@@ -589,20 +614,36 @@ int CRYPTO_mem_leaks(BIO *b)
         mh = NULL;
 
         mh_mode = old_mh_mode;
-        CRYPTO_THREAD_unlock(malloc_lock);
+        CRYPTO_THREAD_unlock(memdbg_lock);
     }
     CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF);
 
     /* Clean up locks etc */
     CRYPTO_THREAD_cleanup_local(&appinfokey);
-    CRYPTO_THREAD_lock_free(malloc_lock);
-    CRYPTO_THREAD_lock_free(long_malloc_lock);
-    malloc_lock = NULL;
-    long_malloc_lock = NULL;
+    CRYPTO_THREAD_lock_free(memdbg_lock);
+    CRYPTO_THREAD_lock_free(long_memdbg_lock);
+    memdbg_lock = NULL;
+    long_memdbg_lock = NULL;
 
     return ml.chunks == 0 ? 1 : 0;
 }
 
+static int print_bio(const char *str, size_t len, void *b)
+{
+    return BIO_write((BIO *)b, str, len);
+}
+
+int CRYPTO_mem_leaks(BIO *b)
+{
+    /*
+     * OPENSSL_cleanup() will free the ex_data locks so we can't have any
+     * ex_data hanging around
+     */
+    bio_free_ex_data(b);
+
+    return CRYPTO_mem_leaks_cb(print_bio, b);
+}
+
 # ifndef OPENSSL_NO_STDIO
 int CRYPTO_mem_leaks_fp(FILE *fp)
 {
@@ -620,7 +661,7 @@ int CRYPTO_mem_leaks_fp(FILE *fp)
     if (b == NULL)
         return -1;
     BIO_set_fp(b, fp, BIO_NOCLOSE);
-    ret = CRYPTO_mem_leaks(b);
+    ret = CRYPTO_mem_leaks_cb(print_bio, b);
     BIO_free(b);
     return ret;
 }
diff --git a/deps/openssl/openssl/crypto/mem_sec.c b/deps/openssl/openssl/crypto/mem_sec.c
index 1ccf68cc93..9e0f6702f4 100644
--- a/deps/openssl/openssl/crypto/mem_sec.c
+++ b/deps/openssl/openssl/crypto/mem_sec.c
@@ -1,5 +1,6 @@
 /*
  * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2004-2014, Akamai Technologies. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -8,33 +9,31 @@
  */
 
 /*
- * Copyright 2004-2014, Akamai Technologies. All Rights Reserved.
- * This file is distributed under the terms of the OpenSSL license.
- */
-
-/*
  * This file is in two halves. The first half implements the public API
  * to be used by external consumers, and to be used by OpenSSL to store
  * data in a "secure arena." The second half implements the secure arena.
  * For details on that implementation, see below (look for uppercase
  * "SECURE HEAP IMPLEMENTATION").
  */
+#include "e_os.h"
 #include <openssl/crypto.h>
-#include <e_os.h>
 
 #include <string.h>
 
-/* e_os.h includes unistd.h, which defines _POSIX_VERSION */
-#if !defined(OPENSSL_NO_SECURE_MEMORY) && defined(OPENSSL_SYS_UNIX) \
-    && ( (defined(_POSIX_VERSION) && _POSIX_VERSION >= 200112L) \
-         || defined(__sun) || defined(__hpux) || defined(__sgi) \
-         || defined(__osf__) )
-# define IMPLEMENTED
+/* e_os.h defines OPENSSL_SECURE_MEMORY if secure memory can be implemented */
+#ifdef OPENSSL_SECURE_MEMORY
 # include <stdlib.h>
 # include <assert.h>
 # include <unistd.h>
 # include <sys/types.h>
 # include <sys/mman.h>
+# if defined(OPENSSL_SYS_LINUX)
+#  include <sys/syscall.h>
+#  if defined(SYS_mlock2)
+#   include <linux/mman.h>
+#   include <errno.h>
+#  endif
+# endif
 # include <sys/param.h>
 # include <sys/stat.h>
 # include <fcntl.h>
@@ -48,7 +47,7 @@
 # define MAP_ANON MAP_ANONYMOUS
 #endif
 
-#ifdef IMPLEMENTED
+#ifdef OPENSSL_SECURE_MEMORY
 static size_t secure_mem_used;
 
 static int secure_mem_initialized;
@@ -59,8 +58,8 @@ static CRYPTO_RWLOCK *sec_malloc_lock = NULL;
  * These are the functions that must be implemented by a secure heap (sh).
  */
 static int sh_init(size_t size, int minsize);
-static char *sh_malloc(size_t size);
-static void sh_free(char *ptr);
+static void *sh_malloc(size_t size);
+static void sh_free(void *ptr);
 static void sh_done(void);
 static size_t sh_actual_size(char *ptr);
 static int sh_allocated(const char *ptr);
@@ -68,7 +67,7 @@ static int sh_allocated(const char *ptr);
 
 int CRYPTO_secure_malloc_init(size_t size, int minsize)
 {
-#ifdef IMPLEMENTED
+#ifdef OPENSSL_SECURE_MEMORY
     int ret = 0;
 
     if (!secure_mem_initialized) {
@@ -86,12 +85,12 @@ int CRYPTO_secure_malloc_init(size_t size, int minsize)
     return ret;
 #else
     return 0;
-#endif /* IMPLEMENTED */
+#endif /* OPENSSL_SECURE_MEMORY */
 }
 
-int CRYPTO_secure_malloc_done()
+int CRYPTO_secure_malloc_done(void)
 {
-#ifdef IMPLEMENTED
+#ifdef OPENSSL_SECURE_MEMORY
     if (secure_mem_used == 0) {
         sh_done();
         secure_mem_initialized = 0;
@@ -99,22 +98,22 @@ int CRYPTO_secure_malloc_done()
         sec_malloc_lock = NULL;
         return 1;
     }
-#endif /* IMPLEMENTED */
+#endif /* OPENSSL_SECURE_MEMORY */
     return 0;
 }
 
-int CRYPTO_secure_malloc_initialized()
+int CRYPTO_secure_malloc_initialized(void)
 {
-#ifdef IMPLEMENTED
+#ifdef OPENSSL_SECURE_MEMORY
     return secure_mem_initialized;
 #else
     return 0;
-#endif /* IMPLEMENTED */
+#endif /* OPENSSL_SECURE_MEMORY */
 }
 
 void *CRYPTO_secure_malloc(size_t num, const char *file, int line)
 {
-#ifdef IMPLEMENTED
+#ifdef OPENSSL_SECURE_MEMORY
     void *ret;
     size_t actual_size;
 
@@ -129,12 +128,12 @@ void *CRYPTO_secure_malloc(size_t num, const char *file, int line)
     return ret;
 #else
     return CRYPTO_malloc(num, file, line);
-#endif /* IMPLEMENTED */
+#endif /* OPENSSL_SECURE_MEMORY */
 }
 
 void *CRYPTO_secure_zalloc(size_t num, const char *file, int line)
 {
-#ifdef IMPLEMENTED
+#ifdef OPENSSL_SECURE_MEMORY
     if (secure_mem_initialized)
         /* CRYPTO_secure_malloc() zeroes allocations when it is implemented */
         return CRYPTO_secure_malloc(num, file, line);
@@ -144,7 +143,7 @@ void *CRYPTO_secure_zalloc(size_t num, const char *file, int line)
 
 void CRYPTO_secure_free(void *ptr, const char *file, int line)
 {
-#ifdef IMPLEMENTED
+#ifdef OPENSSL_SECURE_MEMORY
     size_t actual_size;
 
     if (ptr == NULL)
@@ -161,13 +160,13 @@ void CRYPTO_secure_free(void *ptr, const char *file, int line)
     CRYPTO_THREAD_unlock(sec_malloc_lock);
 #else
     CRYPTO_free(ptr, file, line);
-#endif /* IMPLEMENTED */
+#endif /* OPENSSL_SECURE_MEMORY */
 }
 
 void CRYPTO_secure_clear_free(void *ptr, size_t num,
                               const char *file, int line)
 {
-#ifdef IMPLEMENTED
+#ifdef OPENSSL_SECURE_MEMORY
     size_t actual_size;
 
     if (ptr == NULL)
@@ -188,12 +187,12 @@ void CRYPTO_secure_clear_free(void *ptr, size_t num,
         return;
     OPENSSL_cleanse(ptr, num);
     CRYPTO_free(ptr, file, line);
-#endif /* IMPLEMENTED */
+#endif /* OPENSSL_SECURE_MEMORY */
 }
 
 int CRYPTO_secure_allocated(const void *ptr)
 {
-#ifdef IMPLEMENTED
+#ifdef OPENSSL_SECURE_MEMORY
     int ret;
 
     if (!secure_mem_initialized)
@@ -204,21 +203,21 @@ int CRYPTO_secure_allocated(const void *ptr)
     return ret;
 #else
     return 0;
-#endif /* IMPLEMENTED */
+#endif /* OPENSSL_SECURE_MEMORY */
 }
 
-size_t CRYPTO_secure_used()
+size_t CRYPTO_secure_used(void)
 {
-#ifdef IMPLEMENTED
+#ifdef OPENSSL_SECURE_MEMORY
     return secure_mem_used;
 #else
     return 0;
-#endif /* IMPLEMENTED */
+#endif /* OPENSSL_SECURE_MEMORY */
 }
 
 size_t CRYPTO_secure_actual_size(void *ptr)
 {
-#ifdef IMPLEMENTED
+#ifdef OPENSSL_SECURE_MEMORY
     size_t actual_size;
 
     CRYPTO_THREAD_write_lock(sec_malloc_lock);
@@ -236,7 +235,7 @@ size_t CRYPTO_secure_actual_size(void *ptr)
 /*
  * SECURE HEAP IMPLEMENTATION
  */
-#ifdef IMPLEMENTED
+#ifdef OPENSSL_SECURE_MEMORY
 
 
 /*
@@ -473,8 +472,19 @@ static int sh_init(size_t size, int minsize)
     if (mprotect(sh.map_result + aligned, pgsize, PROT_NONE) < 0)
         ret = 2;
 
+#if defined(OPENSSL_SYS_LINUX) && defined(MLOCK_ONFAULT) && defined(SYS_mlock2)
+    if (syscall(SYS_mlock2, sh.arena, sh.arena_size, MLOCK_ONFAULT) < 0) {
+        if (errno == ENOSYS) {
+            if (mlock(sh.arena, sh.arena_size) < 0)
+                ret = 2;
+        } else {
+            ret = 2;
+        }
+    }
+#else
     if (mlock(sh.arena, sh.arena_size) < 0)
         ret = 2;
+#endif
 #ifdef MADV_DONTDUMP
     if (madvise(sh.arena, sh.arena_size, MADV_DONTDUMP) < 0)
         ret = 2;
@@ -487,7 +497,7 @@ static int sh_init(size_t size, int minsize)
     return 0;
 }
 
-static void sh_done()
+static void sh_done(void)
 {
     OPENSSL_free(sh.freelist);
     OPENSSL_free(sh.bittable);
@@ -516,7 +526,7 @@ static char *sh_find_my_buddy(char *ptr, int list)
     return chunk;
 }
 
-static char *sh_malloc(size_t size)
+static void *sh_malloc(size_t size)
 {
     ossl_ssize_t list, slist;
     size_t i;
@@ -581,10 +591,10 @@ static char *sh_malloc(size_t size)
     return chunk;
 }
 
-static void sh_free(char *ptr)
+static void sh_free(void *ptr)
 {
     size_t list;
-    char *buddy;
+    void *buddy;
 
     if (ptr == NULL)
         return;
@@ -633,4 +643,4 @@ static size_t sh_actual_size(char *ptr)
     OPENSSL_assert(sh_testbit(ptr, list, sh.bittable));
     return sh.arena_size / (ONE << list);
 }
-#endif /* IMPLEMENTED */
+#endif /* OPENSSL_SECURE_MEMORY */
diff --git a/deps/openssl/openssl/crypto/mips_arch.h b/deps/openssl/openssl/crypto/mips_arch.h
new file mode 100644
index 0000000000..75043e79d3
--- /dev/null
+++ b/deps/openssl/openssl/crypto/mips_arch.h
@@ -0,0 +1,40 @@
+/*
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef __MIPS_ARCH_H__
+# define __MIPS_ARCH_H__
+
+# if (defined(__mips_smartmips) || defined(_MIPS_ARCH_MIPS32R3) || \
+      defined(_MIPS_ARCH_MIPS32R5) || defined(_MIPS_ARCH_MIPS32R6))
+      && !defined(_MIPS_ARCH_MIPS32R2)
+#  define _MIPS_ARCH_MIPS32R2
+# endif
+
+# if (defined(_MIPS_ARCH_MIPS64R3) || defined(_MIPS_ARCH_MIPS64R5) || \
+      defined(_MIPS_ARCH_MIPS64R6)) \
+      && !defined(_MIPS_ARCH_MIPS64R2)
+#  define _MIPS_ARCH_MIPS64R2
+# endif
+
+# if defined(_MIPS_ARCH_MIPS64R6)
+#  define dmultu(rs,rt)
+#  define mflo(rd,rs,rt)	dmulu	rd,rs,rt
+#  define mfhi(rd,rs,rt)	dmuhu	rd,rs,rt
+# elif defined(_MIPS_ARCH_MIPS32R6)
+#  define multu(rs,rt)
+#  define mflo(rd,rs,rt)	mulu	rd,rs,rt
+#  define mfhi(rd,rs,rt)	muhu	rd,rs,rt
+# else
+#  define dmultu(rs,rt)		dmultu	rs,rt
+#  define multu(rs,rt)		multu	rs,rt
+#  define mflo(rd,rs,rt)	mflo	rd
+#  define mfhi(rd,rs,rt)	mfhi	rd
+# endif
+
+#endif
diff --git a/deps/openssl/openssl/crypto/modes/asm/aesni-gcm-x86_64.pl b/deps/openssl/openssl/crypto/modes/asm/aesni-gcm-x86_64.pl
index 5ad62b3979..b42016101e 100644
--- a/deps/openssl/openssl/crypto/modes/asm/aesni-gcm-x86_64.pl
+++ b/deps/openssl/openssl/crypto/modes/asm/aesni-gcm-x86_64.pl
@@ -35,6 +35,8 @@
 # Applications using the EVP interface will observe a few percent
 # worse performance.]
 #
+# Knights Landing processes 1 byte in 1.25 cycles (measured with EVP).
+#
 # [1] http://rt.openssl.org/Ticket/Display.html?id=2900&user=guest&pass=guest
 # [2] http://www.intel.com/content/dam/www/public/us/en/documents/software-support/enabling-high-performance-gcm.pdf
 
@@ -116,23 +118,6 @@ _aesni_ctr32_ghash_6x:
 	  vpxor		$rndkey,$inout3,$inout3
 	  vmovups	0x10-0x80($key),$T2	# borrow $T2 for $rndkey
 	vpclmulqdq	\$0x01,$Hkey,$Z3,$Z2
-
-	# At this point, the current block of 96 (0x60) bytes has already been
-	# loaded into registers. Concurrently with processing it, we want to
-	# load the next 96 bytes of input for the next round. Obviously, we can
-	# only do this if there are at least 96 more bytes of input beyond the
-	# input we're currently processing, or else we'd read past the end of
-	# the input buffer. Here, we set |%r12| to 96 if there are at least 96
-	# bytes of input beyond the 96 bytes we're already processing, and we
-	# set |%r12| to 0 otherwise. In the case where we set |%r12| to 96,
-	# we'll read in the next block so that it is in registers for the next
-	# loop iteration. In the case where we set |%r12| to 0, we'll re-read
-	# the current block and then ignore what we re-read.
-	#
-	# At this point, |$in0| points to the current (already read into
-	# registers) block, and |$end0| points to 2*96 bytes before the end of
-	# the input. Thus, |$in0| > |$end0| means that we do not have the next
-	# 96-byte block to read in, and |$in0| <= |$end0| means we do.
 	xor		%r12,%r12
 	cmp		$in0,$end0
 
@@ -424,20 +409,25 @@ $code.=<<___;
 .type	aesni_gcm_decrypt,\@function,6
 .align	32
 aesni_gcm_decrypt:
+.cfi_startproc
 	xor	$ret,$ret
-
-	# We call |_aesni_ctr32_ghash_6x|, which requires at least 96 (0x60)
-	# bytes of input.
 	cmp	\$0x60,$len			# minimal accepted length
 	jb	.Lgcm_dec_abort
 
 	lea	(%rsp),%rax			# save stack pointer
+.cfi_def_cfa_register	%rax
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
 ___
 $code.=<<___ if ($win64);
 	lea	-0xa8(%rsp),%rsp
@@ -482,15 +472,7 @@ $code.=<<___;
 	vmovdqu		0x50($inp),$Z3		# I[5]
 	lea		($inp),$in0
 	vmovdqu		0x40($inp),$Z0
-
-	# |_aesni_ctr32_ghash_6x| requires |$end0| to point to 2*96 (0xc0)
-	# bytes before the end of the input. Note, in particular, that this is
-	# correct even if |$len| is not an even multiple of 96 or 16. XXX: This
-	# seems to require that |$inp| + |$len| >= 2*96 (0xc0); i.e. |$inp| must
-	# not be near the very beginning of the address space when |$len| < 2*96
-	# (0xc0).
 	lea		-0xc0($inp,$len),$end0
-
 	vmovdqu		0x30($inp),$Z1
 	shr		\$4,$len
 	xor		$ret,$ret
@@ -537,15 +519,23 @@ $code.=<<___ if ($win64);
 ___
 $code.=<<___;
 	mov	-48(%rax),%r15
+.cfi_restore	%r15
 	mov	-40(%rax),%r14
+.cfi_restore	%r14
 	mov	-32(%rax),%r13
+.cfi_restore	%r13
 	mov	-24(%rax),%r12
+.cfi_restore	%r12
 	mov	-16(%rax),%rbp
+.cfi_restore	%rbp
 	mov	-8(%rax),%rbx
+.cfi_restore	%rbx
 	lea	(%rax),%rsp		# restore %rsp
+.cfi_def_cfa_register	%rsp
 .Lgcm_dec_abort:
 	mov	$ret,%rax		# return value
 	ret
+.cfi_endproc
 .size	aesni_gcm_decrypt,.-aesni_gcm_decrypt
 ___
 
@@ -645,21 +635,25 @@ _aesni_ctr32_6x:
 .type	aesni_gcm_encrypt,\@function,6
 .align	32
 aesni_gcm_encrypt:
+.cfi_startproc
 	xor	$ret,$ret
-
-	# We call |_aesni_ctr32_6x| twice, each call consuming 96 bytes of
-	# input. Then we call |_aesni_ctr32_ghash_6x|, which requires at
-	# least 96 more bytes of input.
 	cmp	\$0x60*3,$len			# minimal accepted length
 	jb	.Lgcm_enc_abort
 
 	lea	(%rsp),%rax			# save stack pointer
+.cfi_def_cfa_register	%rax
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
 ___
 $code.=<<___ if ($win64);
 	lea	-0xa8(%rsp),%rsp
@@ -699,16 +693,7 @@ $code.=<<___;
 .Lenc_no_key_aliasing:
 
 	lea		($out),$in0
-
-	# |_aesni_ctr32_ghash_6x| requires |$end0| to point to 2*96 (0xc0)
-	# bytes before the end of the input. Note, in particular, that this is
-	# correct even if |$len| is not an even multiple of 96 or 16. Unlike in
-	# the decryption case, there's no caveat that |$out| must not be near
-	# the very beginning of the address space, because we know that
-	# |$len| >= 3*96 from the check above, and so we know
-	# |$out| + |$len| >= 2*96 (0xc0).
 	lea		-0xc0($out,$len),$end0
-
 	shr		\$4,$len
 
 	call		_aesni_ctr32_6x
@@ -931,15 +916,23 @@ $code.=<<___ if ($win64);
 ___
 $code.=<<___;
 	mov	-48(%rax),%r15
+.cfi_restore	%r15
 	mov	-40(%rax),%r14
+.cfi_restore	%r14
 	mov	-32(%rax),%r13
+.cfi_restore	%r13
 	mov	-24(%rax),%r12
+.cfi_restore	%r12
 	mov	-16(%rax),%rbp
+.cfi_restore	%rbp
 	mov	-8(%rax),%rbx
+.cfi_restore	%rbx
 	lea	(%rax),%rsp		# restore %rsp
+.cfi_def_cfa_register	%rsp
 .Lgcm_enc_abort:
 	mov	$ret,%rax		# return value
 	ret
+.cfi_endproc
 .size	aesni_gcm_encrypt,.-aesni_gcm_encrypt
 ___
 
diff --git a/deps/openssl/openssl/crypto/modes/asm/ghash-armv4.pl b/deps/openssl/openssl/crypto/modes/asm/ghash-armv4.pl
index 1cf14a6c9f..dcc23f7d7d 100644
--- a/deps/openssl/openssl/crypto/modes/asm/ghash-armv4.pl
+++ b/deps/openssl/openssl/crypto/modes/asm/ghash-armv4.pl
@@ -54,7 +54,7 @@
 #
 # Câmara, D.; Gouvêa, C. P. L.; López, J. & Dahab, R.: Fast Software
 # Polynomial Multiplication on ARM Processors using the NEON Engine.
-# 
+#
 # http://conradoplg.cryptoland.net/files/2010/12/mocrysen13.pdf
 
 # ====================================================================
@@ -525,7 +525,7 @@ $code.=<<___;
 #ifdef __ARMEL__
 	vrev64.8	$Xl,$Xl
 #endif
-	sub		$Xi,#16	
+	sub		$Xi,#16
 	vst1.64		$Xl#hi,[$Xi]!		@ write out Xi
 	vst1.64		$Xl#lo,[$Xi]
 
diff --git a/deps/openssl/openssl/crypto/modes/asm/ghash-ia64.pl b/deps/openssl/openssl/crypto/modes/asm/ghash-ia64.pl
index 81e75f71a8..eb9ded91e5 100755
--- a/deps/openssl/openssl/crypto/modes/asm/ghash-ia64.pl
+++ b/deps/openssl/openssl/crypto/modes/asm/ghash-ia64.pl
@@ -156,7 +156,7 @@ $code.=<<___;
 ___
 
 ######################################################################
-# "528B" (well, "512B" actualy) streamed GHASH
+# "528B" (well, "512B" actually) streamed GHASH
 #
 $Xip="in0";
 $Htbl="in1";
diff --git a/deps/openssl/openssl/crypto/modes/asm/ghash-parisc.pl b/deps/openssl/openssl/crypto/modes/asm/ghash-parisc.pl
index 1d6254543b..a614c99c22 100644
--- a/deps/openssl/openssl/crypto/modes/asm/ghash-parisc.pl
+++ b/deps/openssl/openssl/crypto/modes/asm/ghash-parisc.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -705,7 +705,7 @@ my $depd = sub {
   my ($mod,$args) = @_;
   my $orig = "depd$mod\t$args";
 
-    # I only have ",z" completer, it's impicitly encoded...
+    # I only have ",z" completer, it's implicitly encoded...
     if ($args =~ /%r([0-9]+),([0-9]+),([0-9]+),%r([0-9]+)/)	# format 16
     {	my $opcode=(0x3c<<26)|($4<<21)|($1<<16);
     	my $cpos=63-$2;
@@ -724,6 +724,11 @@ sub assemble {
     ref($opcode) eq 'CODE' ? &$opcode($mod,$args) : "\t$mnemonic$mod\t$args";
 }
 
+if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+	=~ /GNU assembler/) {
+    $gnuas = 1;
+}
+
 foreach (split("\n",$code)) {
 	s/\`([^\`]*)\`/eval $1/ge;
 	if ($SIZE_T==4) {
@@ -731,7 +736,12 @@ foreach (split("\n",$code)) {
 		s/cmpb,\*/comb,/;
 		s/,\*/,/;
 	}
-	s/\bbv\b/bve/	if ($SIZE_T==8);
+
+	s/(\.LEVEL\s+2\.0)W/$1w/	if ($gnuas && $SIZE_T==8);
+	s/\.SPACE\s+\$TEXT\$/.text/	if ($gnuas && $SIZE_T==8);
+	s/\.SUBSPA.*//			if ($gnuas && $SIZE_T==8);
+	s/\bbv\b/bve/			if ($SIZE_T==8);
+
 	print $_,"\n";
 }
 
diff --git a/deps/openssl/openssl/crypto/modes/asm/ghash-s390x.pl b/deps/openssl/openssl/crypto/modes/asm/ghash-s390x.pl
index 6e628d8823..17dc375053 100644
--- a/deps/openssl/openssl/crypto/modes/asm/ghash-s390x.pl
+++ b/deps/openssl/openssl/crypto/modes/asm/ghash-s390x.pl
@@ -80,6 +80,8 @@ $rem_4bit="%r14";
 $sp="%r15";
 
 $code.=<<___;
+#include "s390x_arch.h"
+
 .text
 
 .globl	gcm_gmult_4bit
@@ -89,12 +91,13 @@ ___
 $code.=<<___ if(!$softonly && 0);	# hardware is slow for single block...
 	larl	%r1,OPENSSL_s390xcap_P
 	lghi	%r0,0
-	lg	%r1,24(%r1)	# load second word of kimd capabilities vector
+	lg	%r1,S390X_KIMD+8(%r1)	# load second word of kimd capabilities
+					#  vector
 	tmhh	%r1,0x4000	# check for function 65
 	jz	.Lsoft_gmult
 	stg	%r0,16($sp)	# arrange 16 bytes of zero input
 	stg	%r0,24($sp)
-	lghi	%r0,65		# function 65
+	lghi	%r0,S390X_GHASH	# function 65
 	la	%r1,0($Xi)	# H lies right after Xi in gcm128_context
 	la	$inp,16($sp)
 	lghi	$len,16
@@ -123,10 +126,11 @@ gcm_ghash_4bit:
 ___
 $code.=<<___ if(!$softonly);
 	larl	%r1,OPENSSL_s390xcap_P
-	lg	%r0,24(%r1)	# load second word of kimd capabilities vector
+	lg	%r0,S390X_KIMD+8(%r1)	# load second word of kimd capabilities
+					#  vector
 	tmhh	%r0,0x4000	# check for function 65
 	jz	.Lsoft_ghash
-	lghi	%r0,65		# function 65
+	lghi	%r0,S390X_GHASH	# function 65
 	la	%r1,0($Xi)	# H lies right after Xi in gcm128_context
 	.long	0xb93e0004	# kimd %r0,$inp
 	brc	1,.-4		# pay attention to "partial completion"
@@ -149,7 +153,7 @@ $code.=<<___;
 	lg	$Zhi,0+1($Xi)
 	lghi	$tmp,0
 .Louter:
-	xg	$Zhi,0($inp)		# Xi ^= inp 
+	xg	$Zhi,0($inp)		# Xi ^= inp
 	xg	$Zlo,8($inp)
 	xgr	$Zhi,$tmp
 	stg	$Zlo,8+1($Xi)
diff --git a/deps/openssl/openssl/crypto/modes/asm/ghash-x86.pl b/deps/openssl/openssl/crypto/modes/asm/ghash-x86.pl
index cd8458256e..bcbe6e399d 100644
--- a/deps/openssl/openssl/crypto/modes/asm/ghash-x86.pl
+++ b/deps/openssl/openssl/crypto/modes/asm/ghash-x86.pl
@@ -103,14 +103,13 @@
 #
 # Does it make sense to increase Naggr? To start with it's virtually
 # impossible in 32-bit mode, because of limited register bank
-# capacity. Otherwise improvement has to be weighed agiainst slower
+# capacity. Otherwise improvement has to be weighed against slower
 # setup, as well as code size and complexity increase. As even
 # optimistic estimate doesn't promise 30% performance improvement,
 # there are currently no plans to increase Naggr.
 #
-# Special thanks to David Woodhouse <dwmw2@infradead.org> for
-# providing access to a Westmere-based system on behalf of Intel
-# Open Source Technology Centre.
+# Special thanks to David Woodhouse for providing access to a
+# Westmere-based system on behalf of Intel Open Source Technology Centre.
 
 # January 2010
 #
@@ -139,7 +138,7 @@ require "x86asm.pl";
 $output=pop;
 open STDOUT,">$output";
 
-&asm_init($ARGV[0],"ghash-x86.pl",$x86only = $ARGV[$#ARGV] eq "386");
+&asm_init($ARGV[0],$x86only = $ARGV[$#ARGV] eq "386");
 
 $sse2=0;
 for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
@@ -811,7 +810,7 @@ sub mmx_loop() {
     &bswap	($dat);
     &pshufw	($Zhi,$Zhi,0b00011011);		# 76543210
     &bswap	("ebx");
-    
+
     &cmp	("ecx",&DWP(528+16+8,"esp"));	# are we done?
     &jne	(&label("outer"));
   }
@@ -915,7 +914,7 @@ my ($Xhi,$Xi) = @_;
 	&psllq		($Xi,57);		#
 	&movdqa		($T1,$Xi);		#
 	&pslldq		($Xi,8);
-	&psrldq		($T1,8);		#	
+	&psrldq		($T1,8);		#
 	&pxor		($Xi,$T2);
 	&pxor		($Xhi,$T1);		#
 
@@ -1085,7 +1084,7 @@ my ($Xhi,$Xi) = @_;
 	  &psllq	($Xi,57);		#
 	  &movdqa	($T1,$Xi);		#
 	  &pslldq	($Xi,8);
-	  &psrldq	($T1,8);		#	
+	  &psrldq	($T1,8);		#
 	  &pxor		($Xi,$T2);
 	  &pxor		($Xhi,$T1);		#
 	&pshufd		($T1,$Xhn,0b01001110);
diff --git a/deps/openssl/openssl/crypto/modes/asm/ghash-x86_64.pl b/deps/openssl/openssl/crypto/modes/asm/ghash-x86_64.pl
index 387e3f854e..afc30c3e72 100644
--- a/deps/openssl/openssl/crypto/modes/asm/ghash-x86_64.pl
+++ b/deps/openssl/openssl/crypto/modes/asm/ghash-x86_64.pl
@@ -44,9 +44,8 @@
 # See ghash-x86.pl for background information and details about coding
 # techniques.
 #
-# Special thanks to David Woodhouse <dwmw2@infradead.org> for
-# providing access to a Westmere-based system on behalf of Intel
-# Open Source Technology Centre.
+# Special thanks to David Woodhouse for providing access to a
+# Westmere-based system on behalf of Intel Open Source Technology Centre.
 
 # December 2012
 #
@@ -74,6 +73,7 @@
 # Skylake	0.44(+110%)(if system doesn't support AVX)
 # Bulldozer	1.49(+27%)
 # Silvermont	2.88(+13%)
+# Knights L	2.12(-)    (if system doesn't support AVX)
 # Goldmont	1.08(+24%)
 
 # March 2013
@@ -86,6 +86,8 @@
 # it performs in 0.41 cycles per byte on Haswell processor, in
 # 0.29 on Broadwell, and in 0.36 on Skylake.
 #
+# Knights Landing achieves 1.09 cpb.
+#
 # [1] http://rt.openssl.org/Ticket/Display.html?id=2900&user=guest&pass=guest
 
 $flavour = shift;
@@ -236,9 +238,21 @@ $code=<<___;
 .type	gcm_gmult_4bit,\@function,2
 .align	16
 gcm_gmult_4bit:
+.cfi_startproc
 	push	%rbx
-	push	%rbp		# %rbp and %r12 are pushed exclusively in
+.cfi_push	%rbx
+	push	%rbp		# %rbp and others are pushed exclusively in
+.cfi_push	%rbp
 	push	%r12		# order to reuse Win64 exception handler...
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+	sub	\$280,%rsp
+.cfi_adjust_cfa_offset	280
 .Lgmult_prologue:
 
 	movzb	15($Xi),$Zlo
@@ -249,10 +263,15 @@ $code.=<<___;
 	mov	$Zlo,8($Xi)
 	mov	$Zhi,($Xi)
 
-	mov	16(%rsp),%rbx
-	lea	24(%rsp),%rsp
+	lea	280+48(%rsp),%rsi
+.cfi_def_cfa	%rsi,8
+	mov	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	lea	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
 .Lgmult_epilogue:
 	ret
+.cfi_endproc
 .size	gcm_gmult_4bit,.-gcm_gmult_4bit
 ___
 
@@ -266,13 +285,21 @@ $code.=<<___;
 .type	gcm_ghash_4bit,\@function,4
 .align	16
 gcm_ghash_4bit:
+.cfi_startproc
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
 	sub	\$280,%rsp
+.cfi_adjust_cfa_offset	280
 .Lghash_prologue:
 	mov	$inp,%r14		# reassign couple of args
 	mov	$len,%r15
@@ -400,16 +427,25 @@ $code.=<<___;
 	mov	$Zlo,8($Xi)
 	mov	$Zhi,($Xi)
 
-	lea	280(%rsp),%rsi
-	mov	0(%rsi),%r15
-	mov	8(%rsi),%r14
-	mov	16(%rsi),%r13
-	mov	24(%rsi),%r12
-	mov	32(%rsi),%rbp
-	mov	40(%rsi),%rbx
-	lea	48(%rsi),%rsp
+	lea	280+48(%rsp),%rsi
+.cfi_def_cfa	%rsi,8
+	mov	-48(%rsi),%r15
+.cfi_restore	%r15
+	mov	-40(%rsi),%r14
+.cfi_restore	%r14
+	mov	-32(%rsi),%r13
+.cfi_restore	%r13
+	mov	-24(%rsi),%r12
+.cfi_restore	%r12
+	mov	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	mov	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	lea	0(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
 .Lghash_epilogue:
 	ret
+.cfi_endproc
 .size	gcm_ghash_4bit,.-gcm_ghash_4bit
 ___
 
@@ -469,7 +505,7 @@ $code.=<<___;
 	psllq		\$57,$Xi		#
 	movdqa		$Xi,$T1			#
 	pslldq		\$8,$Xi
-	psrldq		\$8,$T1			#	
+	psrldq		\$8,$T1			#
 	pxor		$T2,$Xi
 	pxor		$T1,$Xhi		#
 
@@ -583,7 +619,7 @@ ___
 	&clmul64x64_T2	($Xhi,$Xi,$Hkey,$T2);
 $code.=<<___ if (0 || (&reduction_alg9($Xhi,$Xi)&&0));
 	# experimental alternative. special thing about is that there
-	# no dependency between the two multiplications... 
+	# no dependency between the two multiplications...
 	mov		\$`0xE1<<1`,%eax
 	mov		\$0xA040608020C0E000,%r10	# ((7..0)·0xE0)&0xff
 	mov		\$0x07,%r11d
@@ -758,7 +794,7 @@ $code.=<<___;
 	movdqa		$T2,$T1			#
 	pslldq		\$8,$T2
 	 pclmulqdq	\$0x00,$Hkey2,$Xln
-	psrldq		\$8,$T1			#	
+	psrldq		\$8,$T1			#
 	pxor		$T2,$Xi
 	pxor		$T1,$Xhi		#
 	movdqu		0($inp),$T1
@@ -894,7 +930,7 @@ $code.=<<___;
 	  psllq		\$57,$Xi		#
 	  movdqa	$Xi,$T1			#
 	  pslldq	\$8,$Xi
-	  psrldq	\$8,$T1			#	
+	  psrldq	\$8,$T1			#
 	  pxor		$T2,$Xi
 	pshufd		\$0b01001110,$Xhn,$Xmn
 	  pxor		$T1,$Xhi		#
@@ -1648,14 +1684,20 @@ se_handler:
 	cmp	%r10,%rbx		# context->Rip>=epilogue label
 	jae	.Lin_prologue
 
-	lea	24(%rax),%rax		# adjust "rsp"
+	lea	48+280(%rax),%rax	# adjust "rsp"
 
 	mov	-8(%rax),%rbx
 	mov	-16(%rax),%rbp
 	mov	-24(%rax),%r12
+	mov	-32(%rax),%r13
+	mov	-40(%rax),%r14
+	mov	-48(%rax),%r15
 	mov	%rbx,144($context)	# restore context->Rbx
 	mov	%rbp,160($context)	# restore context->Rbp
 	mov	%r12,216($context)	# restore context->R12
+	mov	%r13,224($context)	# restore context->R13
+	mov	%r14,232($context)	# restore context->R14
+	mov	%r15,240($context)	# restore context->R15
 
 .Lin_prologue:
 	mov	8(%rax),%rdi
diff --git a/deps/openssl/openssl/crypto/modes/asm/ghashp8-ppc.pl b/deps/openssl/openssl/crypto/modes/asm/ghashp8-ppc.pl
index f0598cb28c..6a2ac71295 100755
--- a/deps/openssl/openssl/crypto/modes/asm/ghashp8-ppc.pl
+++ b/deps/openssl/openssl/crypto/modes/asm/ghashp8-ppc.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -23,13 +23,14 @@
 # Relative comparison is therefore more informative. This initial
 # version is ~2.1x slower than hardware-assisted AES-128-CTR, ~12x
 # faster than "4-bit" integer-only compiler-generated 64-bit code.
-# "Initial version" means that there is room for futher improvement.
+# "Initial version" means that there is room for further improvement.
 
 # May 2016
 #
 # 2x aggregated reduction improves performance by 50% (resulting
 # performance on POWER8 is 1 cycle per processed byte), and 4x
 # aggregated reduction - by 170% or 2.7x (resulting in 0.55 cpb).
+# POWER9 delivers 0.51 cpb.
 
 $flavour=shift;
 $output =shift;
diff --git a/deps/openssl/openssl/crypto/modes/asm/ghashv8-armx.pl b/deps/openssl/openssl/crypto/modes/asm/ghashv8-armx.pl
index e13c709019..47e8820080 100644
--- a/deps/openssl/openssl/crypto/modes/asm/ghashv8-armx.pl
+++ b/deps/openssl/openssl/crypto/modes/asm/ghashv8-armx.pl
@@ -19,23 +19,29 @@
 # June 2014
 #
 # Initial version was developed in tight cooperation with Ard
-# Biesheuvel <ard.biesheuvel@linaro.org> from bits-n-pieces from
-# other assembly modules. Just like aesv8-armx.pl this module
-# supports both AArch32 and AArch64 execution modes.
+# Biesheuvel of Linaro from bits-n-pieces from other assembly modules.
+# Just like aesv8-armx.pl this module supports both AArch32 and
+# AArch64 execution modes.
 #
 # July 2014
 #
 # Implement 2x aggregated reduction [see ghash-x86.pl for background
 # information].
 #
+# November 2017
+#
+# AArch64 register bank to "accommodate" 4x aggregated reduction and
+# improve performance by 20-70% depending on processor.
+#
 # Current performance in cycles per processed byte:
 #
-#		PMULL[2]	32-bit NEON(*)
-# Apple A7	0.92		5.62
-# Cortex-A53	1.01		8.39
-# Cortex-A57	1.17		7.61
-# Denver	0.71		6.02
-# Mongoose	1.10		8.06
+#		64-bit PMULL	32-bit PMULL	32-bit NEON(*)
+# Apple A7	0.58		0.92		5.62
+# Cortex-A53	0.85		1.01		8.39
+# Cortex-A57	0.73		1.17		7.61
+# Denver	0.51		0.65		6.02
+# Mongoose	0.65		1.10		8.06
+# Kryo		0.76		1.16		8.00
 #
 # (*)	presented for reference/comparison purposes;
 
@@ -131,8 +137,56 @@ gcm_init_v8:
 	vext.8		$t1,$H2,$H2,#8		@ Karatsuba pre-processing
 	veor		$t1,$t1,$H2
 	vext.8		$Hhl,$t0,$t1,#8		@ pack Karatsuba pre-processed
-	vst1.64		{$Hhl-$H2},[x0]		@ store Htable[1..2]
+	vst1.64		{$Hhl-$H2},[x0],#32	@ store Htable[1..2]
+___
+if ($flavour =~ /64/) {
+my ($t3,$Yl,$Ym,$Yh) = map("q$_",(4..7));
 
+$code.=<<___;
+	@ calculate H^3 and H^4
+	vpmull.p64	$Xl,$H, $H2
+	 vpmull.p64	$Yl,$H2,$H2
+	vpmull2.p64	$Xh,$H, $H2
+	 vpmull2.p64	$Yh,$H2,$H2
+	vpmull.p64	$Xm,$t0,$t1
+	 vpmull.p64	$Ym,$t1,$t1
+
+	vext.8		$t0,$Xl,$Xh,#8		@ Karatsuba post-processing
+	 vext.8		$t1,$Yl,$Yh,#8
+	veor		$t2,$Xl,$Xh
+	veor		$Xm,$Xm,$t0
+	 veor		$t3,$Yl,$Yh
+	 veor		$Ym,$Ym,$t1
+	veor		$Xm,$Xm,$t2
+	vpmull.p64	$t2,$Xl,$xC2		@ 1st phase
+	 veor		$Ym,$Ym,$t3
+	 vpmull.p64	$t3,$Yl,$xC2
+
+	vmov		$Xh#lo,$Xm#hi		@ Xh|Xm - 256-bit result
+	 vmov		$Yh#lo,$Ym#hi
+	vmov		$Xm#hi,$Xl#lo		@ Xm is rotated Xl
+	 vmov		$Ym#hi,$Yl#lo
+	veor		$Xl,$Xm,$t2
+	 veor		$Yl,$Ym,$t3
+
+	vext.8		$t2,$Xl,$Xl,#8		@ 2nd phase
+	 vext.8		$t3,$Yl,$Yl,#8
+	vpmull.p64	$Xl,$Xl,$xC2
+	 vpmull.p64	$Yl,$Yl,$xC2
+	veor		$t2,$t2,$Xh
+	 veor		$t3,$t3,$Yh
+	veor		$H, $Xl,$t2		@ H^3
+	 veor		$H2,$Yl,$t3		@ H^4
+
+	vext.8		$t0,$H, $H,#8		@ Karatsuba pre-processing
+	 vext.8		$t1,$H2,$H2,#8
+	veor		$t0,$t0,$H
+	 veor		$t1,$t1,$H2
+	vext.8		$Hhl,$t0,$t1,#8		@ pack Karatsuba pre-processed
+	vst1.64		{$H-$H2},[x0]		@ store Htable[3..5]
+___
+}
+$code.=<<___;
 	ret
 .size	gcm_init_v8,.-gcm_init_v8
 ___
@@ -201,6 +255,10 @@ $code.=<<___;
 .align	4
 gcm_ghash_v8:
 ___
+$code.=<<___	if ($flavour =~ /64/);
+	cmp		$len,#64
+	b.hs		.Lgcm_ghash_v8_4x
+___
 $code.=<<___		if ($flavour !~ /64/);
 	vstmdb		sp!,{d8-d15}		@ 32-bit ABI says so
 ___
@@ -210,13 +268,13 @@ $code.=<<___;
 						@ loaded value would have
 						@ to be rotated in order to
 						@ make it appear as in
-						@ alorithm specification
+						@ algorithm specification
 	subs		$len,$len,#32		@ see if $len is 32 or larger
 	mov		$inc,#16		@ $inc is used as post-
 						@ increment for input pointer;
 						@ as loop is modulo-scheduled
 						@ $inc is zeroed just in time
-						@ to preclude oversteping
+						@ to preclude overstepping
 						@ inp[len], which means that
 						@ last block[s] are actually
 						@ loaded twice, but last
@@ -348,7 +406,297 @@ $code.=<<___;
 	ret
 .size	gcm_ghash_v8,.-gcm_ghash_v8
 ___
+
+if ($flavour =~ /64/) {				# 4x subroutine
+my ($I0,$j1,$j2,$j3,
+    $I1,$I2,$I3,$H3,$H34,$H4,$Yl,$Ym,$Yh) = map("q$_",(4..7,15..23));
+
+$code.=<<___;
+.type	gcm_ghash_v8_4x,%function
+.align	4
+gcm_ghash_v8_4x:
+.Lgcm_ghash_v8_4x:
+	vld1.64		{$Xl},[$Xi]		@ load [rotated] Xi
+	vld1.64		{$H-$H2},[$Htbl],#48	@ load twisted H, ..., H^2
+	vmov.i8		$xC2,#0xe1
+	vld1.64		{$H3-$H4},[$Htbl]	@ load twisted H^3, ..., H^4
+	vshl.u64	$xC2,$xC2,#57		@ compose 0xc2.0 constant
+
+	vld1.64		{$I0-$j3},[$inp],#64
+#ifndef __ARMEB__
+	vrev64.8	$Xl,$Xl
+	vrev64.8	$j1,$j1
+	vrev64.8	$j2,$j2
+	vrev64.8	$j3,$j3
+	vrev64.8	$I0,$I0
+#endif
+	vext.8		$I3,$j3,$j3,#8
+	vext.8		$I2,$j2,$j2,#8
+	vext.8		$I1,$j1,$j1,#8
+
+	vpmull.p64	$Yl,$H,$I3		@ H·Ii+3
+	veor		$j3,$j3,$I3
+	vpmull2.p64	$Yh,$H,$I3
+	vpmull.p64	$Ym,$Hhl,$j3
+
+	vpmull.p64	$t0,$H2,$I2		@ H^2·Ii+2
+	veor		$j2,$j2,$I2
+	vpmull2.p64	$I2,$H2,$I2
+	vpmull2.p64	$j2,$Hhl,$j2
+
+	veor		$Yl,$Yl,$t0
+	veor		$Yh,$Yh,$I2
+	veor		$Ym,$Ym,$j2
+
+	vpmull.p64	$j3,$H3,$I1		@ H^3·Ii+1
+	veor		$j1,$j1,$I1
+	vpmull2.p64	$I1,$H3,$I1
+	vpmull.p64	$j1,$H34,$j1
+
+	veor		$Yl,$Yl,$j3
+	veor		$Yh,$Yh,$I1
+	veor		$Ym,$Ym,$j1
+
+	subs		$len,$len,#128
+	b.lo		.Ltail4x
+
+	b		.Loop4x
+
+.align	4
+.Loop4x:
+	veor		$t0,$I0,$Xl
+	 vld1.64	{$I0-$j3},[$inp],#64
+	vext.8		$IN,$t0,$t0,#8
+#ifndef __ARMEB__
+	 vrev64.8	$j1,$j1
+	 vrev64.8	$j2,$j2
+	 vrev64.8	$j3,$j3
+	 vrev64.8	$I0,$I0
+#endif
+
+	vpmull.p64	$Xl,$H4,$IN		@ H^4·(Xi+Ii)
+	veor		$t0,$t0,$IN
+	vpmull2.p64	$Xh,$H4,$IN
+	 vext.8		$I3,$j3,$j3,#8
+	vpmull2.p64	$Xm,$H34,$t0
+
+	veor		$Xl,$Xl,$Yl
+	veor		$Xh,$Xh,$Yh
+	 vext.8		$I2,$j2,$j2,#8
+	veor		$Xm,$Xm,$Ym
+	 vext.8		$I1,$j1,$j1,#8
+
+	vext.8		$t1,$Xl,$Xh,#8		@ Karatsuba post-processing
+	veor		$t2,$Xl,$Xh
+	 vpmull.p64	$Yl,$H,$I3		@ H·Ii+3
+	 veor		$j3,$j3,$I3
+	veor		$Xm,$Xm,$t1
+	 vpmull2.p64	$Yh,$H,$I3
+	veor		$Xm,$Xm,$t2
+	 vpmull.p64	$Ym,$Hhl,$j3
+
+	vpmull.p64	$t2,$Xl,$xC2		@ 1st phase of reduction
+	vmov		$Xh#lo,$Xm#hi		@ Xh|Xm - 256-bit result
+	vmov		$Xm#hi,$Xl#lo		@ Xm is rotated Xl
+	 vpmull.p64	$t0,$H2,$I2		@ H^2·Ii+2
+	 veor		$j2,$j2,$I2
+	 vpmull2.p64	$I2,$H2,$I2
+	veor		$Xl,$Xm,$t2
+	 vpmull2.p64	$j2,$Hhl,$j2
+
+	 veor		$Yl,$Yl,$t0
+	 veor		$Yh,$Yh,$I2
+	 veor		$Ym,$Ym,$j2
+
+	vext.8		$t2,$Xl,$Xl,#8		@ 2nd phase of reduction
+	vpmull.p64	$Xl,$Xl,$xC2
+	 vpmull.p64	$j3,$H3,$I1		@ H^3·Ii+1
+	 veor		$j1,$j1,$I1
+	veor		$t2,$t2,$Xh
+	 vpmull2.p64	$I1,$H3,$I1
+	 vpmull.p64	$j1,$H34,$j1
+
+	veor		$Xl,$Xl,$t2
+	 veor		$Yl,$Yl,$j3
+	 veor		$Yh,$Yh,$I1
+	vext.8		$Xl,$Xl,$Xl,#8
+	 veor		$Ym,$Ym,$j1
+
+	subs		$len,$len,#64
+	b.hs		.Loop4x
+
+.Ltail4x:
+	veor		$t0,$I0,$Xl
+	vext.8		$IN,$t0,$t0,#8
+
+	vpmull.p64	$Xl,$H4,$IN		@ H^4·(Xi+Ii)
+	veor		$t0,$t0,$IN
+	vpmull2.p64	$Xh,$H4,$IN
+	vpmull2.p64	$Xm,$H34,$t0
+
+	veor		$Xl,$Xl,$Yl
+	veor		$Xh,$Xh,$Yh
+	veor		$Xm,$Xm,$Ym
+
+	adds		$len,$len,#64
+	b.eq		.Ldone4x
+
+	cmp		$len,#32
+	b.lo		.Lone
+	b.eq		.Ltwo
+.Lthree:
+	vext.8		$t1,$Xl,$Xh,#8		@ Karatsuba post-processing
+	veor		$t2,$Xl,$Xh
+	veor		$Xm,$Xm,$t1
+	 vld1.64	{$I0-$j2},[$inp]
+	veor		$Xm,$Xm,$t2
+#ifndef	__ARMEB__
+	 vrev64.8	$j1,$j1
+	 vrev64.8	$j2,$j2
+	 vrev64.8	$I0,$I0
+#endif
+
+	vpmull.p64	$t2,$Xl,$xC2		@ 1st phase of reduction
+	vmov		$Xh#lo,$Xm#hi		@ Xh|Xm - 256-bit result
+	vmov		$Xm#hi,$Xl#lo		@ Xm is rotated Xl
+	 vext.8		$I2,$j2,$j2,#8
+	 vext.8		$I1,$j1,$j1,#8
+	veor		$Xl,$Xm,$t2
+
+	 vpmull.p64	$Yl,$H,$I2		@ H·Ii+2
+	 veor		$j2,$j2,$I2
+
+	vext.8		$t2,$Xl,$Xl,#8		@ 2nd phase of reduction
+	vpmull.p64	$Xl,$Xl,$xC2
+	veor		$t2,$t2,$Xh
+	 vpmull2.p64	$Yh,$H,$I2
+	 vpmull.p64	$Ym,$Hhl,$j2
+	veor		$Xl,$Xl,$t2
+	 vpmull.p64	$j3,$H2,$I1		@ H^2·Ii+1
+	 veor		$j1,$j1,$I1
+	vext.8		$Xl,$Xl,$Xl,#8
+
+	 vpmull2.p64	$I1,$H2,$I1
+	veor		$t0,$I0,$Xl
+	 vpmull2.p64	$j1,$Hhl,$j1
+	vext.8		$IN,$t0,$t0,#8
+
+	 veor		$Yl,$Yl,$j3
+	 veor		$Yh,$Yh,$I1
+	 veor		$Ym,$Ym,$j1
+
+	vpmull.p64	$Xl,$H3,$IN		@ H^3·(Xi+Ii)
+	veor		$t0,$t0,$IN
+	vpmull2.p64	$Xh,$H3,$IN
+	vpmull.p64	$Xm,$H34,$t0
+
+	veor		$Xl,$Xl,$Yl
+	veor		$Xh,$Xh,$Yh
+	veor		$Xm,$Xm,$Ym
+	b		.Ldone4x
+
+.align	4
+.Ltwo:
+	vext.8		$t1,$Xl,$Xh,#8		@ Karatsuba post-processing
+	veor		$t2,$Xl,$Xh
+	veor		$Xm,$Xm,$t1
+	 vld1.64	{$I0-$j1},[$inp]
+	veor		$Xm,$Xm,$t2
+#ifndef	__ARMEB__
+	 vrev64.8	$j1,$j1
+	 vrev64.8	$I0,$I0
+#endif
+
+	vpmull.p64	$t2,$Xl,$xC2		@ 1st phase of reduction
+	vmov		$Xh#lo,$Xm#hi		@ Xh|Xm - 256-bit result
+	vmov		$Xm#hi,$Xl#lo		@ Xm is rotated Xl
+	 vext.8		$I1,$j1,$j1,#8
+	veor		$Xl,$Xm,$t2
+
+	vext.8		$t2,$Xl,$Xl,#8		@ 2nd phase of reduction
+	vpmull.p64	$Xl,$Xl,$xC2
+	veor		$t2,$t2,$Xh
+	veor		$Xl,$Xl,$t2
+	vext.8		$Xl,$Xl,$Xl,#8
+
+	 vpmull.p64	$Yl,$H,$I1		@ H·Ii+1
+	 veor		$j1,$j1,$I1
+
+	veor		$t0,$I0,$Xl
+	vext.8		$IN,$t0,$t0,#8
+
+	 vpmull2.p64	$Yh,$H,$I1
+	 vpmull.p64	$Ym,$Hhl,$j1
+
+	vpmull.p64	$Xl,$H2,$IN		@ H^2·(Xi+Ii)
+	veor		$t0,$t0,$IN
+	vpmull2.p64	$Xh,$H2,$IN
+	vpmull2.p64	$Xm,$Hhl,$t0
+
+	veor		$Xl,$Xl,$Yl
+	veor		$Xh,$Xh,$Yh
+	veor		$Xm,$Xm,$Ym
+	b		.Ldone4x
+
+.align	4
+.Lone:
+	vext.8		$t1,$Xl,$Xh,#8		@ Karatsuba post-processing
+	veor		$t2,$Xl,$Xh
+	veor		$Xm,$Xm,$t1
+	 vld1.64	{$I0},[$inp]
+	veor		$Xm,$Xm,$t2
+#ifndef	__ARMEB__
+	 vrev64.8	$I0,$I0
+#endif
+
+	vpmull.p64	$t2,$Xl,$xC2		@ 1st phase of reduction
+	vmov		$Xh#lo,$Xm#hi		@ Xh|Xm - 256-bit result
+	vmov		$Xm#hi,$Xl#lo		@ Xm is rotated Xl
+	veor		$Xl,$Xm,$t2
+
+	vext.8		$t2,$Xl,$Xl,#8		@ 2nd phase of reduction
+	vpmull.p64	$Xl,$Xl,$xC2
+	veor		$t2,$t2,$Xh
+	veor		$Xl,$Xl,$t2
+	vext.8		$Xl,$Xl,$Xl,#8
+
+	veor		$t0,$I0,$Xl
+	vext.8		$IN,$t0,$t0,#8
+
+	vpmull.p64	$Xl,$H,$IN
+	veor		$t0,$t0,$IN
+	vpmull2.p64	$Xh,$H,$IN
+	vpmull.p64	$Xm,$Hhl,$t0
+
+.Ldone4x:
+	vext.8		$t1,$Xl,$Xh,#8		@ Karatsuba post-processing
+	veor		$t2,$Xl,$Xh
+	veor		$Xm,$Xm,$t1
+	veor		$Xm,$Xm,$t2
+
+	vpmull.p64	$t2,$Xl,$xC2		@ 1st phase of reduction
+	vmov		$Xh#lo,$Xm#hi		@ Xh|Xm - 256-bit result
+	vmov		$Xm#hi,$Xl#lo		@ Xm is rotated Xl
+	veor		$Xl,$Xm,$t2
+
+	vext.8		$t2,$Xl,$Xl,#8		@ 2nd phase of reduction
+	vpmull.p64	$Xl,$Xl,$xC2
+	veor		$t2,$t2,$Xh
+	veor		$Xl,$Xl,$t2
+	vext.8		$Xl,$Xl,$Xl,#8
+
+#ifndef __ARMEB__
+	vrev64.8	$Xl,$Xl
+#endif
+	vst1.64		{$Xl},[$Xi]		@ write out Xi
+
+	ret
+.size	gcm_ghash_v8_4x,.-gcm_ghash_v8_4x
+___
+
 }
+}
+
 $code.=<<___;
 .asciz  "GHASH for ARMv8, CRYPTOGAMS by <appro\@openssl.org>"
 .align  2
@@ -360,7 +708,8 @@ if ($flavour =~ /64/) {			######## 64-bit code
 	my $arg=shift;
 
 	$arg =~ m/q([0-9]+)#(lo|hi),\s*q([0-9]+)#(lo|hi)/o &&
-	sprintf	"ins	v%d.d[%d],v%d.d[%d]",$1,($2 eq "lo")?0:1,$3,($4 eq "lo")?0:1;
+	sprintf	"ins	v%d.d[%d],v%d.d[%d]",$1<8?$1:$1+8,($2 eq "lo")?0:1,
+					     $3<8?$3:$3+8,($4 eq "lo")?0:1;
     }
     foreach(split("\n",$code)) {
 	s/cclr\s+([wx])([^,]+),\s*([a-z]+)/csel	$1$2,$1zr,$1$2,$3/o	or
@@ -375,7 +724,7 @@ if ($flavour =~ /64/) {			######## 64-bit code
 	s/\bq([0-9]+)\b/"v".($1<8?$1:$1+8).".16b"/geo;	# old->new registers
 	s/@\s/\/\//o;				# old->new style commentary
 
-	# fix up remainig legacy suffixes
+	# fix up remaining legacy suffixes
 	s/\.[ui]?8(\s)/$1/o;
 	s/\.[uis]?32//o and s/\.16b/\.4s/go;
 	m/\.p64/o and s/\.16b/\.1q/o;		# 1st pmull argument
@@ -415,7 +764,7 @@ if ($flavour =~ /64/) {			######## 64-bit code
 	s/\bv([0-9])\.[12468]+[bsd]\b/q$1/go;	# new->old registers
 	s/\/\/\s?/@ /o;				# new->old style commentary
 
-	# fix up remainig new-style suffixes
+	# fix up remaining new-style suffixes
 	s/\],#[0-9]+/]!/o;
 
 	s/cclr\s+([^,]+),\s*([a-z]+)/mov$2	$1,#0/o			or
diff --git a/deps/openssl/openssl/crypto/modes/build.info b/deps/openssl/openssl/crypto/modes/build.info
index b794c5041a..821340eb90 100644
--- a/deps/openssl/openssl/crypto/modes/build.info
+++ b/deps/openssl/openssl/crypto/modes/build.info
@@ -6,8 +6,9 @@ SOURCE[../../libcrypto]=\
 
 INCLUDE[gcm128.o]=..
 
-GENERATE[ghash-ia64.s]=asm/ghash-ia64.pl $(CFLAGS) $(LIB_CFLAGS)
-GENERATE[ghash-x86.s]=asm/ghash-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR)
+GENERATE[ghash-ia64.s]=asm/ghash-ia64.pl $(LIB_CFLAGS) $(LIB_CPPFLAGS)
+GENERATE[ghash-x86.s]=asm/ghash-x86.pl \
+        $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR)
 GENERATE[ghash-x86_64.s]=asm/ghash-x86_64.pl $(PERLASM_SCHEME)
 GENERATE[aesni-gcm-x86_64.s]=asm/aesni-gcm-x86_64.pl $(PERLASM_SCHEME)
 GENERATE[ghash-sparcv9.S]=asm/ghash-sparcv9.pl $(PERLASM_SCHEME)
diff --git a/deps/openssl/openssl/crypto/modes/cts128.c b/deps/openssl/openssl/crypto/modes/cts128.c
index 77ec994b4f..93826a1e2f 100644
--- a/deps/openssl/openssl/crypto/modes/cts128.c
+++ b/deps/openssl/openssl/crypto/modes/cts128.c
@@ -328,196 +328,3 @@ size_t CRYPTO_nistcts128_decrypt(const unsigned char *in, unsigned char *out,
 #endif
     return 16 + len + residue;
 }
-
-#if defined(SELFTEST)
-# include <stdio.h>
-# include <openssl/aes.h>
-
-/* test vectors from RFC 3962 */
-static const unsigned char test_key[16] = "chicken teriyaki";
-static const unsigned char test_input[64] =
-    "I would like the" " General Gau's C"
-    "hicken, please, " "and wonton soup.";
-static const unsigned char test_iv[16] =
-    { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
-
-static const unsigned char vector_17[17] = {
-    0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4,
-    0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f,
-    0x97
-};
-
-static const unsigned char vector_31[31] = {
-    0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1,
-    0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22,
-    0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
-    0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5
-};
-
-static const unsigned char vector_32[32] = {
-    0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
-    0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
-    0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
-    0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84
-};
-
-static const unsigned char vector_47[47] = {
-    0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
-    0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
-    0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c,
-    0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e,
-    0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
-    0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5
-};
-
-static const unsigned char vector_48[48] = {
-    0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
-    0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
-    0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
-    0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8,
-    0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
-    0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8
-};
-
-static const unsigned char vector_64[64] = {
-    0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
-    0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
-    0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
-    0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
-    0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5,
-    0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40,
-    0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
-    0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8
-};
-
-static AES_KEY encks, decks;
-
-void test_vector(const unsigned char *vector, size_t len)
-{
-    unsigned char iv[sizeof(test_iv)];
-    unsigned char cleartext[64], ciphertext[64];
-    size_t tail;
-
-    printf("vector_%d\n", len);
-    fflush(stdout);
-
-    if ((tail = len % 16) == 0)
-        tail = 16;
-    tail += 16;
-
-    /* test block-based encryption */
-    memcpy(iv, test_iv, sizeof(test_iv));
-    CRYPTO_cts128_encrypt_block(test_input, ciphertext, len, &encks, iv,
-                                (block128_f) AES_encrypt);
-    if (memcmp(ciphertext, vector, len))
-        fprintf(stderr, "output_%d mismatch\n", len), exit(1);
-    if (memcmp(iv, vector + len - tail, sizeof(iv)))
-        fprintf(stderr, "iv_%d mismatch\n", len), exit(1);
-
-    /* test block-based decryption */
-    memcpy(iv, test_iv, sizeof(test_iv));
-    CRYPTO_cts128_decrypt_block(ciphertext, cleartext, len, &decks, iv,
-                                (block128_f) AES_decrypt);
-    if (memcmp(cleartext, test_input, len))
-        fprintf(stderr, "input_%d mismatch\n", len), exit(2);
-    if (memcmp(iv, vector + len - tail, sizeof(iv)))
-        fprintf(stderr, "iv_%d mismatch\n", len), exit(2);
-
-    /* test streamed encryption */
-    memcpy(iv, test_iv, sizeof(test_iv));
-    CRYPTO_cts128_encrypt(test_input, ciphertext, len, &encks, iv,
-                          (cbc128_f) AES_cbc_encrypt);
-    if (memcmp(ciphertext, vector, len))
-        fprintf(stderr, "output_%d mismatch\n", len), exit(3);
-    if (memcmp(iv, vector + len - tail, sizeof(iv)))
-        fprintf(stderr, "iv_%d mismatch\n", len), exit(3);
-
-    /* test streamed decryption */
-    memcpy(iv, test_iv, sizeof(test_iv));
-    CRYPTO_cts128_decrypt(ciphertext, cleartext, len, &decks, iv,
-                          (cbc128_f) AES_cbc_encrypt);
-    if (memcmp(cleartext, test_input, len))
-        fprintf(stderr, "input_%d mismatch\n", len), exit(4);
-    if (memcmp(iv, vector + len - tail, sizeof(iv)))
-        fprintf(stderr, "iv_%d mismatch\n", len), exit(4);
-}
-
-void test_nistvector(const unsigned char *vector, size_t len)
-{
-    unsigned char iv[sizeof(test_iv)];
-    unsigned char cleartext[64], ciphertext[64], nistvector[64];
-    size_t tail;
-
-    printf("nistvector_%d\n", len);
-    fflush(stdout);
-
-    if ((tail = len % 16) == 0)
-        tail = 16;
-
-    len -= 16 + tail;
-    memcpy(nistvector, vector, len);
-    /* flip two last blocks */
-    memcpy(nistvector + len, vector + len + 16, tail);
-    memcpy(nistvector + len + tail, vector + len, 16);
-    len += 16 + tail;
-    tail = 16;
-
-    /* test block-based encryption */
-    memcpy(iv, test_iv, sizeof(test_iv));
-    CRYPTO_nistcts128_encrypt_block(test_input, ciphertext, len, &encks, iv,
-                                    (block128_f) AES_encrypt);
-    if (memcmp(ciphertext, nistvector, len))
-        fprintf(stderr, "output_%d mismatch\n", len), exit(1);
-    if (memcmp(iv, nistvector + len - tail, sizeof(iv)))
-        fprintf(stderr, "iv_%d mismatch\n", len), exit(1);
-
-    /* test block-based decryption */
-    memcpy(iv, test_iv, sizeof(test_iv));
-    CRYPTO_nistcts128_decrypt_block(ciphertext, cleartext, len, &decks, iv,
-                                    (block128_f) AES_decrypt);
-    if (memcmp(cleartext, test_input, len))
-        fprintf(stderr, "input_%d mismatch\n", len), exit(2);
-    if (memcmp(iv, nistvector + len - tail, sizeof(iv)))
-        fprintf(stderr, "iv_%d mismatch\n", len), exit(2);
-
-    /* test streamed encryption */
-    memcpy(iv, test_iv, sizeof(test_iv));
-    CRYPTO_nistcts128_encrypt(test_input, ciphertext, len, &encks, iv,
-                              (cbc128_f) AES_cbc_encrypt);
-    if (memcmp(ciphertext, nistvector, len))
-        fprintf(stderr, "output_%d mismatch\n", len), exit(3);
-    if (memcmp(iv, nistvector + len - tail, sizeof(iv)))
-        fprintf(stderr, "iv_%d mismatch\n", len), exit(3);
-
-    /* test streamed decryption */
-    memcpy(iv, test_iv, sizeof(test_iv));
-    CRYPTO_nistcts128_decrypt(ciphertext, cleartext, len, &decks, iv,
-                              (cbc128_f) AES_cbc_encrypt);
-    if (memcmp(cleartext, test_input, len))
-        fprintf(stderr, "input_%d mismatch\n", len), exit(4);
-    if (memcmp(iv, nistvector + len - tail, sizeof(iv)))
-        fprintf(stderr, "iv_%d mismatch\n", len), exit(4);
-}
-
-int main()
-{
-    AES_set_encrypt_key(test_key, 128, &encks);
-    AES_set_decrypt_key(test_key, 128, &decks);
-
-    test_vector(vector_17, sizeof(vector_17));
-    test_vector(vector_31, sizeof(vector_31));
-    test_vector(vector_32, sizeof(vector_32));
-    test_vector(vector_47, sizeof(vector_47));
-    test_vector(vector_48, sizeof(vector_48));
-    test_vector(vector_64, sizeof(vector_64));
-
-    test_nistvector(vector_17, sizeof(vector_17));
-    test_nistvector(vector_31, sizeof(vector_31));
-    test_nistvector(vector_32, sizeof(vector_32));
-    test_nistvector(vector_47, sizeof(vector_47));
-    test_nistvector(vector_48, sizeof(vector_48));
-    test_nistvector(vector_64, sizeof(vector_64));
-
-    return 0;
-}
-#endif
diff --git a/deps/openssl/openssl/crypto/modes/gcm128.c b/deps/openssl/openssl/crypto/modes/gcm128.c
index a2b05c4d6c..15f76e3e86 100644
--- a/deps/openssl/openssl/crypto/modes/gcm128.c
+++ b/deps/openssl/openssl/crypto/modes/gcm128.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -209,7 +209,7 @@ static void gcm_gmult_8bit(u64 Xi[2], const u128 Htable[256])
     }
 }
 
-# define GCM_MUL(ctx,Xi)   gcm_gmult_8bit(ctx->Xi.u,ctx->Htable)
+# define GCM_MUL(ctx)      gcm_gmult_8bit(ctx->Xi.u,ctx->Htable)
 
 #elif   TABLE_BITS==4
 
@@ -550,7 +550,7 @@ void gcm_ghash_4bit(u64 Xi[2], const u128 Htable[16], const u8 *inp,
                     size_t len);
 # endif
 
-# define GCM_MUL(ctx,Xi)   gcm_gmult_4bit(ctx->Xi.u,ctx->Htable)
+# define GCM_MUL(ctx)      gcm_gmult_4bit(ctx->Xi.u,ctx->Htable)
 # if defined(GHASH_ASM) || !defined(OPENSSL_SMALL_FOOTPRINT)
 #  define GHASH(ctx,in,len) gcm_ghash_4bit((ctx)->Xi.u,(ctx)->Htable,in,len)
 /*
@@ -624,7 +624,7 @@ static void gcm_gmult_1bit(u64 Xi[2], const u64 H[2])
     }
 }
 
-# define GCM_MUL(ctx,Xi)   gcm_gmult_1bit(ctx->Xi.u,ctx->H.u)
+# define GCM_MUL(ctx)      gcm_gmult_1bit(ctx->Xi.u,ctx->H.u)
 
 #endif
 
@@ -703,7 +703,7 @@ void gcm_ghash_p8(u64 Xi[2], const u128 Htable[16], const u8 *inp,
 
 #ifdef GCM_FUNCREF_4BIT
 # undef  GCM_MUL
-# define GCM_MUL(ctx,Xi)        (*gcm_gmult_p)(ctx->Xi.u,ctx->Htable)
+# define GCM_MUL(ctx)           (*gcm_gmult_p)(ctx->Xi.u,ctx->Htable)
 # ifdef GHASH
 #  undef  GHASH
 #  define GHASH(ctx,in,len)     (*gcm_ghash_p)(ctx->Xi.u,ctx->Htable,in,len)
@@ -836,10 +836,6 @@ void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const unsigned char *iv,
     void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult;
 #endif
 
-    ctx->Yi.u[0] = 0;
-    ctx->Yi.u[1] = 0;
-    ctx->Xi.u[0] = 0;
-    ctx->Xi.u[1] = 0;
     ctx->len.u[0] = 0;          /* AAD length */
     ctx->len.u[1] = 0;          /* message length */
     ctx->ares = 0;
@@ -847,53 +843,68 @@ void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const unsigned char *iv,
 
     if (len == 12) {
         memcpy(ctx->Yi.c, iv, 12);
+        ctx->Yi.c[12] = 0;
+        ctx->Yi.c[13] = 0;
+        ctx->Yi.c[14] = 0;
         ctx->Yi.c[15] = 1;
         ctr = 1;
     } else {
         size_t i;
         u64 len0 = len;
 
+        /* Borrow ctx->Xi to calculate initial Yi */
+        ctx->Xi.u[0] = 0;
+        ctx->Xi.u[1] = 0;
+
         while (len >= 16) {
             for (i = 0; i < 16; ++i)
-                ctx->Yi.c[i] ^= iv[i];
-            GCM_MUL(ctx, Yi);
+                ctx->Xi.c[i] ^= iv[i];
+            GCM_MUL(ctx);
             iv += 16;
             len -= 16;
         }
         if (len) {
             for (i = 0; i < len; ++i)
-                ctx->Yi.c[i] ^= iv[i];
-            GCM_MUL(ctx, Yi);
+                ctx->Xi.c[i] ^= iv[i];
+            GCM_MUL(ctx);
         }
         len0 <<= 3;
         if (is_endian.little) {
 #ifdef BSWAP8
-            ctx->Yi.u[1] ^= BSWAP8(len0);
+            ctx->Xi.u[1] ^= BSWAP8(len0);
 #else
-            ctx->Yi.c[8] ^= (u8)(len0 >> 56);
-            ctx->Yi.c[9] ^= (u8)(len0 >> 48);
-            ctx->Yi.c[10] ^= (u8)(len0 >> 40);
-            ctx->Yi.c[11] ^= (u8)(len0 >> 32);
-            ctx->Yi.c[12] ^= (u8)(len0 >> 24);
-            ctx->Yi.c[13] ^= (u8)(len0 >> 16);
-            ctx->Yi.c[14] ^= (u8)(len0 >> 8);
-            ctx->Yi.c[15] ^= (u8)(len0);
+            ctx->Xi.c[8] ^= (u8)(len0 >> 56);
+            ctx->Xi.c[9] ^= (u8)(len0 >> 48);
+            ctx->Xi.c[10] ^= (u8)(len0 >> 40);
+            ctx->Xi.c[11] ^= (u8)(len0 >> 32);
+            ctx->Xi.c[12] ^= (u8)(len0 >> 24);
+            ctx->Xi.c[13] ^= (u8)(len0 >> 16);
+            ctx->Xi.c[14] ^= (u8)(len0 >> 8);
+            ctx->Xi.c[15] ^= (u8)(len0);
 #endif
-        } else
-            ctx->Yi.u[1] ^= len0;
+        } else {
+            ctx->Xi.u[1] ^= len0;
+        }
 
-        GCM_MUL(ctx, Yi);
+        GCM_MUL(ctx);
 
         if (is_endian.little)
 #ifdef BSWAP4
-            ctr = BSWAP4(ctx->Yi.d[3]);
+            ctr = BSWAP4(ctx->Xi.d[3]);
 #else
-            ctr = GETU32(ctx->Yi.c + 12);
+            ctr = GETU32(ctx->Xi.c + 12);
 #endif
         else
-            ctr = ctx->Yi.d[3];
+            ctr = ctx->Xi.d[3];
+
+        /* Copy borrowed Xi to Yi */
+        ctx->Yi.u[0] = ctx->Xi.u[0];
+        ctx->Yi.u[1] = ctx->Xi.u[1];
     }
 
+    ctx->Xi.u[0] = 0;
+    ctx->Xi.u[1] = 0;
+
     (*ctx->block) (ctx->Yi.c, ctx->EK0.c, ctx->key);
     ++ctr;
     if (is_endian.little)
@@ -936,7 +947,7 @@ int CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx, const unsigned char *aad,
             n = (n + 1) % 16;
         }
         if (n == 0)
-            GCM_MUL(ctx, Xi);
+            GCM_MUL(ctx);
         else {
             ctx->ares = n;
             return 0;
@@ -952,7 +963,7 @@ int CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx, const unsigned char *aad,
     while (len >= 16) {
         for (i = 0; i < 16; ++i)
             ctx->Xi.c[i] ^= aad[i];
-        GCM_MUL(ctx, Xi);
+        GCM_MUL(ctx);
         aad += 16;
         len -= 16;
     }
@@ -975,7 +986,7 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
         long one;
         char little;
     } is_endian = { 1 };
-    unsigned int n, ctr;
+    unsigned int n, ctr, mres;
     size_t i;
     u64 mlen = ctx->len.u[1];
     block128_f block = ctx->block;
@@ -993,9 +1004,23 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
         return -1;
     ctx->len.u[1] = mlen;
 
+    mres = ctx->mres;
+
     if (ctx->ares) {
         /* First call to encrypt finalizes GHASH(AAD) */
-        GCM_MUL(ctx, Xi);
+#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT)
+        if (len == 0) {
+            GCM_MUL(ctx);
+            ctx->ares = 0;
+            return 0;
+        }
+        memcpy(ctx->Xn, ctx->Xi.c, sizeof(ctx->Xi));
+        ctx->Xi.u[0] = 0;
+        ctx->Xi.u[1] = 0;
+        mres = sizeof(ctx->Xi);
+#else
+        GCM_MUL(ctx);
+#endif
         ctx->ares = 0;
     }
 
@@ -1008,28 +1033,48 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
     else
         ctr = ctx->Yi.d[3];
 
-    n = ctx->mres;
+    n = mres % 16;
 #if !defined(OPENSSL_SMALL_FOOTPRINT)
     if (16 % sizeof(size_t) == 0) { /* always true actually */
         do {
             if (n) {
+# if defined(GHASH)
+                while (n && len) {
+                    ctx->Xn[mres++] = *(out++) = *(in++) ^ ctx->EKi.c[n];
+                    --len;
+                    n = (n + 1) % 16;
+                }
+                if (n == 0) {
+                    GHASH(ctx, ctx->Xn, mres);
+                    mres = 0;
+                } else {
+                    ctx->mres = mres;
+                    return 0;
+                }
+# else
                 while (n && len) {
                     ctx->Xi.c[n] ^= *(out++) = *(in++) ^ ctx->EKi.c[n];
                     --len;
                     n = (n + 1) % 16;
                 }
-                if (n == 0)
-                    GCM_MUL(ctx, Xi);
-                else {
+                if (n == 0) {
+                    GCM_MUL(ctx);
+                    mres = 0;
+                } else {
                     ctx->mres = n;
                     return 0;
                 }
+# endif
             }
 # if defined(STRICT_ALIGNMENT)
             if (((size_t)in | (size_t)out) % sizeof(size_t) != 0)
                 break;
 # endif
 # if defined(GHASH)
+            if (len >= 16 && mres) {
+                GHASH(ctx, ctx->Xn, mres);
+                mres = 0;
+            }
 #  if defined(GHASH_CHUNK)
             while (len >= GHASH_CHUNK) {
                 size_t j = GHASH_CHUNK;
@@ -1100,7 +1145,7 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
                     ctx->Yi.d[3] = ctr;
                 for (i = 0; i < 16 / sizeof(size_t); ++i)
                     ctx->Xi.t[i] ^= out_t[i] = in_t[i] ^ ctx->EKi.t[i];
-                GCM_MUL(ctx, Xi);
+                GCM_MUL(ctx);
                 out += 16;
                 in += 16;
                 len -= 16;
@@ -1117,13 +1162,21 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
 # endif
                 else
                     ctx->Yi.d[3] = ctr;
+# if defined(GHASH)
+                while (len--) {
+                    ctx->Xn[mres++] = out[n] = in[n] ^ ctx->EKi.c[n];
+                    ++n;
+                }
+# else
                 while (len--) {
                     ctx->Xi.c[n] ^= out[n] = in[n] ^ ctx->EKi.c[n];
                     ++n;
                 }
+                mres = n;
+# endif
             }
 
-            ctx->mres = n;
+            ctx->mres = mres;
             return 0;
         } while (0);
     }
@@ -1141,13 +1194,22 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
             else
                 ctx->Yi.d[3] = ctr;
         }
-        ctx->Xi.c[n] ^= out[i] = in[i] ^ ctx->EKi.c[n];
+#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT)
+        ctx->Xn[mres++] = out[i] = in[i] ^ ctx->EKi.c[n];
         n = (n + 1) % 16;
+        if (mres == sizeof(ctx->Xn)) {
+            GHASH(ctx,ctx->Xn,sizeof(ctx->Xn));
+            mres = 0;
+        }
+#else
+        ctx->Xi.c[n] ^= out[i] = in[i] ^ ctx->EKi.c[n];
+        mres = n = (n + 1) % 16;
         if (n == 0)
-            GCM_MUL(ctx, Xi);
+            GCM_MUL(ctx);
+#endif
     }
 
-    ctx->mres = n;
+    ctx->mres = mres;
     return 0;
 }
 
@@ -1159,7 +1221,7 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
         long one;
         char little;
     } is_endian = { 1 };
-    unsigned int n, ctr;
+    unsigned int n, ctr, mres;
     size_t i;
     u64 mlen = ctx->len.u[1];
     block128_f block = ctx->block;
@@ -1177,9 +1239,23 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
         return -1;
     ctx->len.u[1] = mlen;
 
+    mres = ctx->mres;
+
     if (ctx->ares) {
         /* First call to decrypt finalizes GHASH(AAD) */
-        GCM_MUL(ctx, Xi);
+#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT)
+        if (len == 0) {
+            GCM_MUL(ctx);
+            ctx->ares = 0;
+            return 0;
+        }
+        memcpy(ctx->Xn, ctx->Xi.c, sizeof(ctx->Xi));
+        ctx->Xi.u[0] = 0;
+        ctx->Xi.u[1] = 0;
+        mres = sizeof(ctx->Xi);
+#else
+        GCM_MUL(ctx);
+#endif
         ctx->ares = 0;
     }
 
@@ -1192,11 +1268,25 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
     else
         ctr = ctx->Yi.d[3];
 
-    n = ctx->mres;
+    n = mres % 16;
 #if !defined(OPENSSL_SMALL_FOOTPRINT)
     if (16 % sizeof(size_t) == 0) { /* always true actually */
         do {
             if (n) {
+# if defined(GHASH)
+                while (n && len) {
+                    *(out++) = (ctx->Xn[mres++] = *(in++)) ^ ctx->EKi.c[n];
+                    --len;
+                    n = (n + 1) % 16;
+                }
+                if (n == 0) {
+                    GHASH(ctx, ctx->Xn, mres);
+                    mres = 0;
+                } else {
+                    ctx->mres = mres;
+                    return 0;
+                }
+# else
                 while (n && len) {
                     u8 c = *(in++);
                     *(out++) = c ^ ctx->EKi.c[n];
@@ -1204,18 +1294,24 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
                     --len;
                     n = (n + 1) % 16;
                 }
-                if (n == 0)
-                    GCM_MUL(ctx, Xi);
-                else {
+                if (n == 0) {
+                    GCM_MUL(ctx);
+                    mres = 0;
+                } else {
                     ctx->mres = n;
                     return 0;
                 }
+# endif
             }
 # if defined(STRICT_ALIGNMENT)
             if (((size_t)in | (size_t)out) % sizeof(size_t) != 0)
                 break;
 # endif
 # if defined(GHASH)
+            if (len >= 16 && mres) {
+                GHASH(ctx, ctx->Xn, mres);
+                mres = 0;
+            }
 #  if defined(GHASH_CHUNK)
             while (len >= GHASH_CHUNK) {
                 size_t j = GHASH_CHUNK;
@@ -1287,7 +1383,7 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
                     out[i] = c ^ ctx->EKi.t[i];
                     ctx->Xi.t[i] ^= c;
                 }
-                GCM_MUL(ctx, Xi);
+                GCM_MUL(ctx);
                 out += 16;
                 in += 16;
                 len -= 16;
@@ -1304,15 +1400,23 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
 # endif
                 else
                     ctx->Yi.d[3] = ctr;
+# if defined(GHASH)
+                while (len--) {
+                    out[n] = (ctx->Xn[mres++] = in[n]) ^ ctx->EKi.c[n];
+                    ++n;
+                }
+# else
                 while (len--) {
                     u8 c = in[n];
                     ctx->Xi.c[n] ^= c;
                     out[n] = c ^ ctx->EKi.c[n];
                     ++n;
                 }
+                mres = n;
+# endif
             }
 
-            ctx->mres = n;
+            ctx->mres = mres;
             return 0;
         } while (0);
     }
@@ -1331,15 +1435,24 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
             else
                 ctx->Yi.d[3] = ctr;
         }
+#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT)
+        out[i] = (ctx->Xn[mres++] = c = in[i]) ^ ctx->EKi.c[n];
+        n = (n + 1) % 16;
+        if (mres == sizeof(ctx->Xn)) {
+            GHASH(ctx,ctx->Xn,sizeof(ctx->Xn));
+            mres = 0;
+        }
+#else
         c = in[i];
         out[i] = c ^ ctx->EKi.c[n];
         ctx->Xi.c[n] ^= c;
-        n = (n + 1) % 16;
+        mres = n = (n + 1) % 16;
         if (n == 0)
-            GCM_MUL(ctx, Xi);
+            GCM_MUL(ctx);
+#endif
     }
 
-    ctx->mres = n;
+    ctx->mres = mres;
     return 0;
 }
 
@@ -1354,7 +1467,7 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
         long one;
         char little;
     } is_endian = { 1 };
-    unsigned int n, ctr;
+    unsigned int n, ctr, mres;
     size_t i;
     u64 mlen = ctx->len.u[1];
     void *key = ctx->key;
@@ -1371,9 +1484,23 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
         return -1;
     ctx->len.u[1] = mlen;
 
+    mres = ctx->mres;
+
     if (ctx->ares) {
         /* First call to encrypt finalizes GHASH(AAD) */
-        GCM_MUL(ctx, Xi);
+#if defined(GHASH)
+        if (len == 0) {
+            GCM_MUL(ctx);
+            ctx->ares = 0;
+            return 0;
+        }
+        memcpy(ctx->Xn, ctx->Xi.c, sizeof(ctx->Xi));
+        ctx->Xi.u[0] = 0;
+        ctx->Xi.u[1] = 0;
+        mres = sizeof(ctx->Xi);
+#else
+        GCM_MUL(ctx);
+#endif
         ctx->ares = 0;
     }
 
@@ -1386,30 +1513,51 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
     else
         ctr = ctx->Yi.d[3];
 
-    n = ctx->mres;
+    n = mres % 16;
     if (n) {
+# if defined(GHASH)
+        while (n && len) {
+            ctx->Xn[mres++] = *(out++) = *(in++) ^ ctx->EKi.c[n];
+            --len;
+            n = (n + 1) % 16;
+        }
+        if (n == 0) {
+            GHASH(ctx, ctx->Xn, mres);
+            mres = 0;
+        } else {
+            ctx->mres = mres;
+            return 0;
+        }
+# else
         while (n && len) {
             ctx->Xi.c[n] ^= *(out++) = *(in++) ^ ctx->EKi.c[n];
             --len;
             n = (n + 1) % 16;
         }
-        if (n == 0)
-            GCM_MUL(ctx, Xi);
-        else {
+        if (n == 0) {
+            GCM_MUL(ctx);
+            mres = 0;
+        } else {
             ctx->mres = n;
             return 0;
         }
+# endif
     }
-# if defined(GHASH) && defined(GHASH_CHUNK)
+# if defined(GHASH)
+        if (len >= 16 && mres) {
+            GHASH(ctx, ctx->Xn, mres);
+            mres = 0;
+        }
+#  if defined(GHASH_CHUNK)
     while (len >= GHASH_CHUNK) {
         (*stream) (in, out, GHASH_CHUNK / 16, key, ctx->Yi.c);
         ctr += GHASH_CHUNK / 16;
         if (is_endian.little)
-#  ifdef BSWAP4
+#   ifdef BSWAP4
             ctx->Yi.d[3] = BSWAP4(ctr);
-#  else
+#   else
             PUTU32(ctx->Yi.c + 12, ctr);
-#  endif
+#   endif
         else
             ctx->Yi.d[3] = ctr;
         GHASH(ctx, out, GHASH_CHUNK);
@@ -1417,6 +1565,7 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
         in += GHASH_CHUNK;
         len -= GHASH_CHUNK;
     }
+#  endif
 # endif
     if ((i = (len & (size_t)-16))) {
         size_t j = i / 16;
@@ -1440,7 +1589,7 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
         while (j--) {
             for (i = 0; i < 16; ++i)
                 ctx->Xi.c[i] ^= out[i];
-            GCM_MUL(ctx, Xi);
+            GCM_MUL(ctx);
             out += 16;
         }
 # endif
@@ -1457,12 +1606,16 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
         else
             ctx->Yi.d[3] = ctr;
         while (len--) {
-            ctx->Xi.c[n] ^= out[n] = in[n] ^ ctx->EKi.c[n];
+# if defined(GHASH)
+            ctx->Xn[mres++] = out[n] = in[n] ^ ctx->EKi.c[n];
+# else
+            ctx->Xi.c[mres++] ^= out[n] = in[n] ^ ctx->EKi.c[n];
+# endif
             ++n;
         }
     }
 
-    ctx->mres = n;
+    ctx->mres = mres;
     return 0;
 #endif
 }
@@ -1478,7 +1631,7 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
         long one;
         char little;
     } is_endian = { 1 };
-    unsigned int n, ctr;
+    unsigned int n, ctr, mres;
     size_t i;
     u64 mlen = ctx->len.u[1];
     void *key = ctx->key;
@@ -1495,9 +1648,23 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
         return -1;
     ctx->len.u[1] = mlen;
 
+    mres = ctx->mres;
+
     if (ctx->ares) {
         /* First call to decrypt finalizes GHASH(AAD) */
-        GCM_MUL(ctx, Xi);
+# if defined(GHASH)
+        if (len == 0) {
+            GCM_MUL(ctx);
+            ctx->ares = 0;
+            return 0;
+        }
+        memcpy(ctx->Xn, ctx->Xi.c, sizeof(ctx->Xi));
+        ctx->Xi.u[0] = 0;
+        ctx->Xi.u[1] = 0;
+        mres = sizeof(ctx->Xi);
+# else
+        GCM_MUL(ctx);
+# endif
         ctx->ares = 0;
     }
 
@@ -1510,8 +1677,22 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
     else
         ctr = ctx->Yi.d[3];
 
-    n = ctx->mres;
+    n = mres % 16;
     if (n) {
+# if defined(GHASH)
+        while (n && len) {
+            *(out++) = (ctx->Xn[mres++] = *(in++)) ^ ctx->EKi.c[n];
+            --len;
+            n = (n + 1) % 16;
+        }
+        if (n == 0) {
+            GHASH(ctx, ctx->Xn, mres);
+            mres = 0;
+        } else {
+            ctx->mres = mres;
+            return 0;
+        }
+# else
         while (n && len) {
             u8 c = *(in++);
             *(out++) = c ^ ctx->EKi.c[n];
@@ -1519,30 +1700,38 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
             --len;
             n = (n + 1) % 16;
         }
-        if (n == 0)
-            GCM_MUL(ctx, Xi);
-        else {
+        if (n == 0) {
+            GCM_MUL(ctx);
+            mres = 0;
+        } else {
             ctx->mres = n;
             return 0;
         }
+# endif
     }
-# if defined(GHASH) && defined(GHASH_CHUNK)
+# if defined(GHASH)
+    if (len >= 16 && mres) {
+        GHASH(ctx, ctx->Xn, mres);
+        mres = 0;
+    }
+#  if defined(GHASH_CHUNK)
     while (len >= GHASH_CHUNK) {
         GHASH(ctx, in, GHASH_CHUNK);
         (*stream) (in, out, GHASH_CHUNK / 16, key, ctx->Yi.c);
         ctr += GHASH_CHUNK / 16;
         if (is_endian.little)
-#  ifdef BSWAP4
+#   ifdef BSWAP4
             ctx->Yi.d[3] = BSWAP4(ctr);
-#  else
+#   else
             PUTU32(ctx->Yi.c + 12, ctr);
-#  endif
+#   endif
         else
             ctx->Yi.d[3] = ctr;
         out += GHASH_CHUNK;
         in += GHASH_CHUNK;
         len -= GHASH_CHUNK;
     }
+#  endif
 # endif
     if ((i = (len & (size_t)-16))) {
         size_t j = i / 16;
@@ -1554,7 +1743,7 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
             size_t k;
             for (k = 0; k < 16; ++k)
                 ctx->Xi.c[k] ^= in[k];
-            GCM_MUL(ctx, Xi);
+            GCM_MUL(ctx);
             in += 16;
         }
         j = i / 16;
@@ -1586,14 +1775,18 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
         else
             ctx->Yi.d[3] = ctr;
         while (len--) {
+# if defined(GHASH)
+            out[n] = (ctx->Xn[mres++] = in[n]) ^ ctx->EKi.c[n];
+# else
             u8 c = in[n];
-            ctx->Xi.c[n] ^= c;
+            ctx->Xi.c[mres++] ^= c;
             out[n] = c ^ ctx->EKi.c[n];
+# endif
             ++n;
         }
     }
 
-    ctx->mres = n;
+    ctx->mres = mres;
     return 0;
 #endif
 }
@@ -1609,10 +1802,32 @@ int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag,
     u64 clen = ctx->len.u[1] << 3;
 #ifdef GCM_FUNCREF_4BIT
     void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult;
+# if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT)
+    void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16],
+                         const u8 *inp, size_t len) = ctx->ghash;
+# endif
 #endif
 
+#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT)
+    u128 bitlen;
+    unsigned int mres = ctx->mres;
+
+    if (mres) {
+        unsigned blocks = (mres + 15) & -16;
+
+        memset(ctx->Xn + mres, 0, blocks - mres);
+        mres = blocks;
+        if (mres == sizeof(ctx->Xn)) {
+            GHASH(ctx, ctx->Xn, mres);
+            mres = 0;
+        }
+    } else if (ctx->ares) {
+        GCM_MUL(ctx);
+    }
+#else
     if (ctx->mres || ctx->ares)
-        GCM_MUL(ctx, Xi);
+        GCM_MUL(ctx);
+#endif
 
     if (is_endian.little) {
 #ifdef BSWAP8
@@ -1629,9 +1844,17 @@ int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag,
 #endif
     }
 
+#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT)
+    bitlen.hi = alen;
+    bitlen.lo = clen;
+    memcpy(ctx->Xn + mres, &bitlen, sizeof(bitlen));
+    mres += sizeof(bitlen);
+    GHASH(ctx, ctx->Xn, mres);
+#else
     ctx->Xi.u[0] ^= alen;
     ctx->Xi.u[1] ^= clen;
-    GCM_MUL(ctx, Xi);
+    GCM_MUL(ctx);
+#endif
 
     ctx->Xi.u[0] ^= ctx->EK0.u[0];
     ctx->Xi.u[1] ^= ctx->EK0.u[1];
@@ -1663,639 +1886,3 @@ void CRYPTO_gcm128_release(GCM128_CONTEXT *ctx)
 {
     OPENSSL_clear_free(ctx, sizeof(*ctx));
 }
-
-#if defined(SELFTEST)
-# include <stdio.h>
-# include <openssl/aes.h>
-
-/* Test Case 1 */
-static const u8 K1[16], *P1 = NULL, *A1 = NULL, IV1[12], *C1 = NULL;
-static const u8 T1[] = {
-    0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61,
-    0x36, 0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a
-};
-
-/* Test Case 2 */
-# define K2 K1
-# define A2 A1
-# define IV2 IV1
-static const u8 P2[16];
-static const u8 C2[] = {
-    0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92,
-    0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78
-};
-
-static const u8 T2[] = {
-    0xab, 0x6e, 0x47, 0xd4, 0x2c, 0xec, 0x13, 0xbd,
-    0xf5, 0x3a, 0x67, 0xb2, 0x12, 0x57, 0xbd, 0xdf
-};
-
-/* Test Case 3 */
-# define A3 A2
-static const u8 K3[] = {
-    0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
-    0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
-};
-
-static const u8 P3[] = {
-    0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
-    0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
-    0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
-    0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
-    0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
-    0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
-    0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
-    0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55
-};
-
-static const u8 IV3[] = {
-    0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
-    0xde, 0xca, 0xf8, 0x88
-};
-
-static const u8 C3[] = {
-    0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
-    0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
-    0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
-    0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
-    0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
-    0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
-    0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
-    0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85
-};
-
-static const u8 T3[] = {
-    0x4d, 0x5c, 0x2a, 0xf3, 0x27, 0xcd, 0x64, 0xa6,
-    0x2c, 0xf3, 0x5a, 0xbd, 0x2b, 0xa6, 0xfa, 0xb4
-};
-
-/* Test Case 4 */
-# define K4 K3
-# define IV4 IV3
-static const u8 P4[] = {
-    0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
-    0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
-    0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
-    0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
-    0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
-    0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
-    0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
-    0xba, 0x63, 0x7b, 0x39
-};
-
-static const u8 A4[] = {
-    0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
-    0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
-    0xab, 0xad, 0xda, 0xd2
-};
-
-static const u8 C4[] = {
-    0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
-    0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
-    0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
-    0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
-    0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
-    0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
-    0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
-    0x3d, 0x58, 0xe0, 0x91
-};
-
-static const u8 T4[] = {
-    0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb,
-    0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47
-};
-
-/* Test Case 5 */
-# define K5 K4
-# define P5 P4
-# define A5 A4
-static const u8 IV5[] = {
-    0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
-};
-
-static const u8 C5[] = {
-    0x61, 0x35, 0x3b, 0x4c, 0x28, 0x06, 0x93, 0x4a,
-    0x77, 0x7f, 0xf5, 0x1f, 0xa2, 0x2a, 0x47, 0x55,
-    0x69, 0x9b, 0x2a, 0x71, 0x4f, 0xcd, 0xc6, 0xf8,
-    0x37, 0x66, 0xe5, 0xf9, 0x7b, 0x6c, 0x74, 0x23,
-    0x73, 0x80, 0x69, 0x00, 0xe4, 0x9f, 0x24, 0xb2,
-    0x2b, 0x09, 0x75, 0x44, 0xd4, 0x89, 0x6b, 0x42,
-    0x49, 0x89, 0xb5, 0xe1, 0xeb, 0xac, 0x0f, 0x07,
-    0xc2, 0x3f, 0x45, 0x98
-};
-
-static const u8 T5[] = {
-    0x36, 0x12, 0xd2, 0xe7, 0x9e, 0x3b, 0x07, 0x85,
-    0x56, 0x1b, 0xe1, 0x4a, 0xac, 0xa2, 0xfc, 0xcb
-};
-
-/* Test Case 6 */
-# define K6 K5
-# define P6 P5
-# define A6 A5
-static const u8 IV6[] = {
-    0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
-    0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
-    0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
-    0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
-    0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
-    0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
-    0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
-    0xa6, 0x37, 0xb3, 0x9b
-};
-
-static const u8 C6[] = {
-    0x8c, 0xe2, 0x49, 0x98, 0x62, 0x56, 0x15, 0xb6,
-    0x03, 0xa0, 0x33, 0xac, 0xa1, 0x3f, 0xb8, 0x94,
-    0xbe, 0x91, 0x12, 0xa5, 0xc3, 0xa2, 0x11, 0xa8,
-    0xba, 0x26, 0x2a, 0x3c, 0xca, 0x7e, 0x2c, 0xa7,
-    0x01, 0xe4, 0xa9, 0xa4, 0xfb, 0xa4, 0x3c, 0x90,
-    0xcc, 0xdc, 0xb2, 0x81, 0xd4, 0x8c, 0x7c, 0x6f,
-    0xd6, 0x28, 0x75, 0xd2, 0xac, 0xa4, 0x17, 0x03,
-    0x4c, 0x34, 0xae, 0xe5
-};
-
-static const u8 T6[] = {
-    0x61, 0x9c, 0xc5, 0xae, 0xff, 0xfe, 0x0b, 0xfa,
-    0x46, 0x2a, 0xf4, 0x3c, 0x16, 0x99, 0xd0, 0x50
-};
-
-/* Test Case 7 */
-static const u8 K7[24], *P7 = NULL, *A7 = NULL, IV7[12], *C7 = NULL;
-static const u8 T7[] = {
-    0xcd, 0x33, 0xb2, 0x8a, 0xc7, 0x73, 0xf7, 0x4b,
-    0xa0, 0x0e, 0xd1, 0xf3, 0x12, 0x57, 0x24, 0x35
-};
-
-/* Test Case 8 */
-# define K8 K7
-# define IV8 IV7
-# define A8 A7
-static const u8 P8[16];
-static const u8 C8[] = {
-    0x98, 0xe7, 0x24, 0x7c, 0x07, 0xf0, 0xfe, 0x41,
-    0x1c, 0x26, 0x7e, 0x43, 0x84, 0xb0, 0xf6, 0x00
-};
-
-static const u8 T8[] = {
-    0x2f, 0xf5, 0x8d, 0x80, 0x03, 0x39, 0x27, 0xab,
-    0x8e, 0xf4, 0xd4, 0x58, 0x75, 0x14, 0xf0, 0xfb
-};
-
-/* Test Case 9 */
-# define A9 A8
-static const u8 K9[] = {
-    0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
-    0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
-    0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c
-};
-
-static const u8 P9[] = {
-    0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
-    0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
-    0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
-    0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
-    0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
-    0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
-    0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
-    0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55
-};
-
-static const u8 IV9[] = {
-    0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
-    0xde, 0xca, 0xf8, 0x88
-};
-
-static const u8 C9[] = {
-    0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
-    0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57,
-    0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84,
-    0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c,
-    0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
-    0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
-    0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
-    0xcc, 0xda, 0x27, 0x10, 0xac, 0xad, 0xe2, 0x56
-};
-
-static const u8 T9[] = {
-    0x99, 0x24, 0xa7, 0xc8, 0x58, 0x73, 0x36, 0xbf,
-    0xb1, 0x18, 0x02, 0x4d, 0xb8, 0x67, 0x4a, 0x14
-};
-
-/* Test Case 10 */
-# define K10 K9
-# define IV10 IV9
-static const u8 P10[] = {
-    0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
-    0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
-    0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
-    0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
-    0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
-    0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
-    0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
-    0xba, 0x63, 0x7b, 0x39
-};
-
-static const u8 A10[] = {
-    0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
-    0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
-    0xab, 0xad, 0xda, 0xd2
-};
-
-static const u8 C10[] = {
-    0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
-    0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57,
-    0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84,
-    0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c,
-    0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
-    0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
-    0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
-    0xcc, 0xda, 0x27, 0x10
-};
-
-static const u8 T10[] = {
-    0x25, 0x19, 0x49, 0x8e, 0x80, 0xf1, 0x47, 0x8f,
-    0x37, 0xba, 0x55, 0xbd, 0x6d, 0x27, 0x61, 0x8c
-};
-
-/* Test Case 11 */
-# define K11 K10
-# define P11 P10
-# define A11 A10
-static const u8 IV11[] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad };
-
-static const u8 C11[] = {
-    0x0f, 0x10, 0xf5, 0x99, 0xae, 0x14, 0xa1, 0x54,
-    0xed, 0x24, 0xb3, 0x6e, 0x25, 0x32, 0x4d, 0xb8,
-    0xc5, 0x66, 0x63, 0x2e, 0xf2, 0xbb, 0xb3, 0x4f,
-    0x83, 0x47, 0x28, 0x0f, 0xc4, 0x50, 0x70, 0x57,
-    0xfd, 0xdc, 0x29, 0xdf, 0x9a, 0x47, 0x1f, 0x75,
-    0xc6, 0x65, 0x41, 0xd4, 0xd4, 0xda, 0xd1, 0xc9,
-    0xe9, 0x3a, 0x19, 0xa5, 0x8e, 0x8b, 0x47, 0x3f,
-    0xa0, 0xf0, 0x62, 0xf7
-};
-
-static const u8 T11[] = {
-    0x65, 0xdc, 0xc5, 0x7f, 0xcf, 0x62, 0x3a, 0x24,
-    0x09, 0x4f, 0xcc, 0xa4, 0x0d, 0x35, 0x33, 0xf8
-};
-
-/* Test Case 12 */
-# define K12 K11
-# define P12 P11
-# define A12 A11
-static const u8 IV12[] = {
-    0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
-    0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
-    0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
-    0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
-    0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
-    0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
-    0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
-    0xa6, 0x37, 0xb3, 0x9b
-};
-
-static const u8 C12[] = {
-    0xd2, 0x7e, 0x88, 0x68, 0x1c, 0xe3, 0x24, 0x3c,
-    0x48, 0x30, 0x16, 0x5a, 0x8f, 0xdc, 0xf9, 0xff,
-    0x1d, 0xe9, 0xa1, 0xd8, 0xe6, 0xb4, 0x47, 0xef,
-    0x6e, 0xf7, 0xb7, 0x98, 0x28, 0x66, 0x6e, 0x45,
-    0x81, 0xe7, 0x90, 0x12, 0xaf, 0x34, 0xdd, 0xd9,
-    0xe2, 0xf0, 0x37, 0x58, 0x9b, 0x29, 0x2d, 0xb3,
-    0xe6, 0x7c, 0x03, 0x67, 0x45, 0xfa, 0x22, 0xe7,
-    0xe9, 0xb7, 0x37, 0x3b
-};
-
-static const u8 T12[] = {
-    0xdc, 0xf5, 0x66, 0xff, 0x29, 0x1c, 0x25, 0xbb,
-    0xb8, 0x56, 0x8f, 0xc3, 0xd3, 0x76, 0xa6, 0xd9
-};
-
-/* Test Case 13 */
-static const u8 K13[32], *P13 = NULL, *A13 = NULL, IV13[12], *C13 = NULL;
-static const u8 T13[] = {
-    0x53, 0x0f, 0x8a, 0xfb, 0xc7, 0x45, 0x36, 0xb9,
-    0xa9, 0x63, 0xb4, 0xf1, 0xc4, 0xcb, 0x73, 0x8b
-};
-
-/* Test Case 14 */
-# define K14 K13
-# define A14 A13
-static const u8 P14[16], IV14[12];
-static const u8 C14[] = {
-    0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e,
-    0x07, 0x4e, 0xc5, 0xd3, 0xba, 0xf3, 0x9d, 0x18
-};
-
-static const u8 T14[] = {
-    0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0,
-    0x26, 0x5b, 0x98, 0xb5, 0xd4, 0x8a, 0xb9, 0x19
-};
-
-/* Test Case 15 */
-# define A15 A14
-static const u8 K15[] = {
-    0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
-    0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
-    0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
-    0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
-};
-
-static const u8 P15[] = {
-    0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
-    0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
-    0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
-    0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
-    0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
-    0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
-    0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
-    0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55
-};
-
-static const u8 IV15[] = {
-    0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
-    0xde, 0xca, 0xf8, 0x88
-};
-
-static const u8 C15[] = {
-    0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
-    0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
-    0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
-    0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
-    0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
-    0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
-    0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
-    0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad
-};
-
-static const u8 T15[] = {
-    0xb0, 0x94, 0xda, 0xc5, 0xd9, 0x34, 0x71, 0xbd,
-    0xec, 0x1a, 0x50, 0x22, 0x70, 0xe3, 0xcc, 0x6c
-};
-
-/* Test Case 16 */
-# define K16 K15
-# define IV16 IV15
-static const u8 P16[] = {
-    0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
-    0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
-    0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
-    0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
-    0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
-    0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
-    0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
-    0xba, 0x63, 0x7b, 0x39
-};
-
-static const u8 A16[] = {
-    0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
-    0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
-    0xab, 0xad, 0xda, 0xd2
-};
-
-static const u8 C16[] = {
-    0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
-    0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
-    0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
-    0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
-    0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
-    0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
-    0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
-    0xbc, 0xc9, 0xf6, 0x62
-};
-
-static const u8 T16[] = {
-    0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68,
-    0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b
-};
-
-/* Test Case 17 */
-# define K17 K16
-# define P17 P16
-# define A17 A16
-static const u8 IV17[] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad };
-
-static const u8 C17[] = {
-    0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32,
-    0xae, 0x47, 0xc1, 0x3b, 0xf1, 0x98, 0x44, 0xcb,
-    0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
-    0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0,
-    0xfe, 0xb5, 0x82, 0xd3, 0x39, 0x34, 0xa4, 0xf0,
-    0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
-    0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99,
-    0xf4, 0x7c, 0x9b, 0x1f
-};
-
-static const u8 T17[] = {
-    0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4,
-    0x5e, 0x45, 0x49, 0x13, 0xfe, 0x2e, 0xa8, 0xf2
-};
-
-/* Test Case 18 */
-# define K18 K17
-# define P18 P17
-# define A18 A17
-static const u8 IV18[] = {
-    0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
-    0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
-    0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
-    0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
-    0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
-    0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
-    0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
-    0xa6, 0x37, 0xb3, 0x9b
-};
-
-static const u8 C18[] = {
-    0x5a, 0x8d, 0xef, 0x2f, 0x0c, 0x9e, 0x53, 0xf1,
-    0xf7, 0x5d, 0x78, 0x53, 0x65, 0x9e, 0x2a, 0x20,
-    0xee, 0xb2, 0xb2, 0x2a, 0xaf, 0xde, 0x64, 0x19,
-    0xa0, 0x58, 0xab, 0x4f, 0x6f, 0x74, 0x6b, 0xf4,
-    0x0f, 0xc0, 0xc3, 0xb7, 0x80, 0xf2, 0x44, 0x45,
-    0x2d, 0xa3, 0xeb, 0xf1, 0xc5, 0xd8, 0x2c, 0xde,
-    0xa2, 0x41, 0x89, 0x97, 0x20, 0x0e, 0xf8, 0x2e,
-    0x44, 0xae, 0x7e, 0x3f
-};
-
-static const u8 T18[] = {
-    0xa4, 0x4a, 0x82, 0x66, 0xee, 0x1c, 0x8e, 0xb0,
-    0xc8, 0xb5, 0xd4, 0xcf, 0x5a, 0xe9, 0xf1, 0x9a
-};
-
-/* Test Case 19 */
-# define K19 K1
-# define P19 P1
-# define IV19 IV1
-# define C19 C1
-static const u8 A19[] = {
-    0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
-    0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
-    0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
-    0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
-    0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
-    0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
-    0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
-    0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55,
-    0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
-    0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
-    0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
-    0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
-    0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
-    0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
-    0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
-    0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad
-};
-
-static const u8 T19[] = {
-    0x5f, 0xea, 0x79, 0x3a, 0x2d, 0x6f, 0x97, 0x4d,
-    0x37, 0xe6, 0x8e, 0x0c, 0xb8, 0xff, 0x94, 0x92
-};
-
-/* Test Case 20 */
-# define K20 K1
-# define A20 A1
-/* this results in 0xff in counter LSB */
-static const u8 IV20[64] = { 0xff, 0xff, 0xff, 0xff };
-
-static const u8 P20[288];
-static const u8 C20[] = {
-    0x56, 0xb3, 0x37, 0x3c, 0xa9, 0xef, 0x6e, 0x4a,
-    0x2b, 0x64, 0xfe, 0x1e, 0x9a, 0x17, 0xb6, 0x14,
-    0x25, 0xf1, 0x0d, 0x47, 0xa7, 0x5a, 0x5f, 0xce,
-    0x13, 0xef, 0xc6, 0xbc, 0x78, 0x4a, 0xf2, 0x4f,
-    0x41, 0x41, 0xbd, 0xd4, 0x8c, 0xf7, 0xc7, 0x70,
-    0x88, 0x7a, 0xfd, 0x57, 0x3c, 0xca, 0x54, 0x18,
-    0xa9, 0xae, 0xff, 0xcd, 0x7c, 0x5c, 0xed, 0xdf,
-    0xc6, 0xa7, 0x83, 0x97, 0xb9, 0xa8, 0x5b, 0x49,
-    0x9d, 0xa5, 0x58, 0x25, 0x72, 0x67, 0xca, 0xab,
-    0x2a, 0xd0, 0xb2, 0x3c, 0xa4, 0x76, 0xa5, 0x3c,
-    0xb1, 0x7f, 0xb4, 0x1c, 0x4b, 0x8b, 0x47, 0x5c,
-    0xb4, 0xf3, 0xf7, 0x16, 0x50, 0x94, 0xc2, 0x29,
-    0xc9, 0xe8, 0xc4, 0xdc, 0x0a, 0x2a, 0x5f, 0xf1,
-    0x90, 0x3e, 0x50, 0x15, 0x11, 0x22, 0x13, 0x76,
-    0xa1, 0xcd, 0xb8, 0x36, 0x4c, 0x50, 0x61, 0xa2,
-    0x0c, 0xae, 0x74, 0xbc, 0x4a, 0xcd, 0x76, 0xce,
-    0xb0, 0xab, 0xc9, 0xfd, 0x32, 0x17, 0xef, 0x9f,
-    0x8c, 0x90, 0xbe, 0x40, 0x2d, 0xdf, 0x6d, 0x86,
-    0x97, 0xf4, 0xf8, 0x80, 0xdf, 0xf1, 0x5b, 0xfb,
-    0x7a, 0x6b, 0x28, 0x24, 0x1e, 0xc8, 0xfe, 0x18,
-    0x3c, 0x2d, 0x59, 0xe3, 0xf9, 0xdf, 0xff, 0x65,
-    0x3c, 0x71, 0x26, 0xf0, 0xac, 0xb9, 0xe6, 0x42,
-    0x11, 0xf4, 0x2b, 0xae, 0x12, 0xaf, 0x46, 0x2b,
-    0x10, 0x70, 0xbe, 0xf1, 0xab, 0x5e, 0x36, 0x06,
-    0x87, 0x2c, 0xa1, 0x0d, 0xee, 0x15, 0xb3, 0x24,
-    0x9b, 0x1a, 0x1b, 0x95, 0x8f, 0x23, 0x13, 0x4c,
-    0x4b, 0xcc, 0xb7, 0xd0, 0x32, 0x00, 0xbc, 0xe4,
-    0x20, 0xa2, 0xf8, 0xeb, 0x66, 0xdc, 0xf3, 0x64,
-    0x4d, 0x14, 0x23, 0xc1, 0xb5, 0x69, 0x90, 0x03,
-    0xc1, 0x3e, 0xce, 0xf4, 0xbf, 0x38, 0xa3, 0xb6,
-    0x0e, 0xed, 0xc3, 0x40, 0x33, 0xba, 0xc1, 0x90,
-    0x27, 0x83, 0xdc, 0x6d, 0x89, 0xe2, 0xe7, 0x74,
-    0x18, 0x8a, 0x43, 0x9c, 0x7e, 0xbc, 0xc0, 0x67,
-    0x2d, 0xbd, 0xa4, 0xdd, 0xcf, 0xb2, 0x79, 0x46,
-    0x13, 0xb0, 0xbe, 0x41, 0x31, 0x5e, 0xf7, 0x78,
-    0x70, 0x8a, 0x70, 0xee, 0x7d, 0x75, 0x16, 0x5c
-};
-
-static const u8 T20[] = {
-    0x8b, 0x30, 0x7f, 0x6b, 0x33, 0x28, 0x6d, 0x0a,
-    0xb0, 0x26, 0xa9, 0xed, 0x3f, 0xe1, 0xe8, 0x5f
-};
-
-# define TEST_CASE(n)    do {                                    \
-        u8 out[sizeof(P##n)];                                   \
-        AES_set_encrypt_key(K##n,sizeof(K##n)*8,&key);          \
-        CRYPTO_gcm128_init(&ctx,&key,(block128_f)AES_encrypt);  \
-        CRYPTO_gcm128_setiv(&ctx,IV##n,sizeof(IV##n));          \
-        memset(out,0,sizeof(out));                              \
-        if (A##n) CRYPTO_gcm128_aad(&ctx,A##n,sizeof(A##n));    \
-        if (P##n) CRYPTO_gcm128_encrypt(&ctx,P##n,out,sizeof(out));     \
-        if (CRYPTO_gcm128_finish(&ctx,T##n,16) ||               \
-            (C##n && memcmp(out,C##n,sizeof(out))))             \
-                ret++, printf ("encrypt test#%d failed.\n",n);  \
-        CRYPTO_gcm128_setiv(&ctx,IV##n,sizeof(IV##n));          \
-        memset(out,0,sizeof(out));                              \
-        if (A##n) CRYPTO_gcm128_aad(&ctx,A##n,sizeof(A##n));    \
-        if (C##n) CRYPTO_gcm128_decrypt(&ctx,C##n,out,sizeof(out));     \
-        if (CRYPTO_gcm128_finish(&ctx,T##n,16) ||               \
-            (P##n && memcmp(out,P##n,sizeof(out))))             \
-                ret++, printf ("decrypt test#%d failed.\n",n);  \
-        } while(0)
-
-int main()
-{
-    GCM128_CONTEXT ctx;
-    AES_KEY key;
-    int ret = 0;
-
-    TEST_CASE(1);
-    TEST_CASE(2);
-    TEST_CASE(3);
-    TEST_CASE(4);
-    TEST_CASE(5);
-    TEST_CASE(6);
-    TEST_CASE(7);
-    TEST_CASE(8);
-    TEST_CASE(9);
-    TEST_CASE(10);
-    TEST_CASE(11);
-    TEST_CASE(12);
-    TEST_CASE(13);
-    TEST_CASE(14);
-    TEST_CASE(15);
-    TEST_CASE(16);
-    TEST_CASE(17);
-    TEST_CASE(18);
-    TEST_CASE(19);
-    TEST_CASE(20);
-
-# ifdef OPENSSL_CPUID_OBJ
-    {
-        size_t start, stop, gcm_t, ctr_t, OPENSSL_rdtsc();
-        union {
-            u64 u;
-            u8 c[1024];
-        } buf;
-        int i;
-
-        AES_set_encrypt_key(K1, sizeof(K1) * 8, &key);
-        CRYPTO_gcm128_init(&ctx, &key, (block128_f) AES_encrypt);
-        CRYPTO_gcm128_setiv(&ctx, IV1, sizeof(IV1));
-
-        CRYPTO_gcm128_encrypt(&ctx, buf.c, buf.c, sizeof(buf));
-        start = OPENSSL_rdtsc();
-        CRYPTO_gcm128_encrypt(&ctx, buf.c, buf.c, sizeof(buf));
-        gcm_t = OPENSSL_rdtsc() - start;
-
-        CRYPTO_ctr128_encrypt(buf.c, buf.c, sizeof(buf),
-                              &key, ctx.Yi.c, ctx.EKi.c, &ctx.mres,
-                              (block128_f) AES_encrypt);
-        start = OPENSSL_rdtsc();
-        CRYPTO_ctr128_encrypt(buf.c, buf.c, sizeof(buf),
-                              &key, ctx.Yi.c, ctx.EKi.c, &ctx.mres,
-                              (block128_f) AES_encrypt);
-        ctr_t = OPENSSL_rdtsc() - start;
-
-        printf("%.2f-%.2f=%.2f\n",
-               gcm_t / (double)sizeof(buf),
-               ctr_t / (double)sizeof(buf),
-               (gcm_t - ctr_t) / (double)sizeof(buf));
-#  ifdef GHASH
-        {
-            void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16],
-                                 const u8 *inp, size_t len) = ctx.ghash;
-
-            GHASH((&ctx), buf.c, sizeof(buf));
-            start = OPENSSL_rdtsc();
-            for (i = 0; i < 100; ++i)
-                GHASH((&ctx), buf.c, sizeof(buf));
-            gcm_t = OPENSSL_rdtsc() - start;
-            printf("%.2f\n", gcm_t / (double)sizeof(buf) / (double)i);
-        }
-#  endif
-    }
-# endif
-
-    return ret;
-}
-#endif
diff --git a/deps/openssl/openssl/crypto/modes/modes_lcl.h b/deps/openssl/openssl/crypto/modes/modes_lcl.h
index 4fc32e190f..f2ae01d11a 100644
--- a/deps/openssl/openssl/crypto/modes/modes_lcl.h
+++ b/deps/openssl/openssl/crypto/modes/modes_lcl.h
@@ -73,6 +73,7 @@ typedef unsigned char u8;
 #  endif
 # elif defined(_MSC_VER)
 #  if _MSC_VER>=1300
+#   include <stdlib.h>
 #   pragma intrinsic(_byteswap_uint64,_byteswap_ulong)
 #   define BSWAP8(x)    _byteswap_uint64((u64)(x))
 #   define BSWAP4(x)    _byteswap_ulong((u32)(x))
@@ -127,6 +128,9 @@ struct gcm128_context {
     unsigned int mres, ares;
     block128_f block;
     void *key;
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+    unsigned char Xn[48];
+#endif
 };
 
 struct xts128_context {
diff --git a/deps/openssl/openssl/crypto/modes/ocb128.c b/deps/openssl/openssl/crypto/modes/ocb128.c
index fc92b246bd..713b9aaf19 100644
--- a/deps/openssl/openssl/crypto/modes/ocb128.c
+++ b/deps/openssl/openssl/crypto/modes/ocb128.c
@@ -9,6 +9,7 @@
 
 #include <string.h>
 #include <openssl/crypto.h>
+#include <openssl/err.h>
 #include "modes_lcl.h"
 
 #ifndef OPENSSL_NO_OCB
@@ -41,22 +42,13 @@ static u32 ocb_ntz(u64 n)
 static void ocb_block_lshift(const unsigned char *in, size_t shift,
                              unsigned char *out)
 {
-    unsigned char shift_mask;
     int i;
-    unsigned char mask[15];
+    unsigned char carry = 0, carry_next;
 
-    shift_mask = 0xff;
-    shift_mask <<= (8 - shift);
     for (i = 15; i >= 0; i--) {
-        if (i > 0) {
-            mask[i - 1] = in[i] & shift_mask;
-            mask[i - 1] >>= 8 - shift;
-        }
-        out[i] = in[i] << shift;
-
-        if (i != 15) {
-            out[i] ^= mask[i];
-        }
+        carry_next = in[i] >> (8 - shift);
+        out[i] = (in[i] << shift) | carry;
+        carry = carry_next;
     }
 }
 
@@ -73,7 +65,7 @@ static void ocb_double(OCB_BLOCK *in, OCB_BLOCK *out)
      */
     mask = in->c[0] & 0x80;
     mask >>= 7;
-    mask *= 135;
+    mask = (0 - mask) & 0x87;
 
     ocb_block_lshift(in->c, 1, out->c);
 
@@ -118,8 +110,7 @@ static OCB_BLOCK *ocb_lookup_l(OCB128_CONTEXT *ctx, size_t idx)
          * the index.
          */
         ctx->max_l_index += (idx - ctx->max_l_index + 4) & ~3;
-        tmp_ptr =
-            OPENSSL_realloc(ctx->l, ctx->max_l_index * sizeof(OCB_BLOCK));
+        tmp_ptr = OPENSSL_realloc(ctx->l, ctx->max_l_index * sizeof(OCB_BLOCK));
         if (tmp_ptr == NULL) /* prevent ctx->l from being clobbered */
             return NULL;
         ctx->l = tmp_ptr;
@@ -164,9 +155,10 @@ int CRYPTO_ocb128_init(OCB128_CONTEXT *ctx, void *keyenc, void *keydec,
     memset(ctx, 0, sizeof(*ctx));
     ctx->l_index = 0;
     ctx->max_l_index = 5;
-    ctx->l = OPENSSL_malloc(ctx->max_l_index * 16);
-    if (ctx->l == NULL)
+    if ((ctx->l = OPENSSL_malloc(ctx->max_l_index * 16)) == NULL) {
+        CRYPTOerr(CRYPTO_F_CRYPTO_OCB128_INIT, ERR_R_MALLOC_FAILURE);
         return 0;
+    }
 
     /*
      * We set both the encryption and decryption key schedules - decryption
@@ -210,9 +202,10 @@ int CRYPTO_ocb128_copy_ctx(OCB128_CONTEXT *dest, OCB128_CONTEXT *src,
     if (keydec)
         dest->keydec = keydec;
     if (src->l) {
-        dest->l = OPENSSL_malloc(src->max_l_index * 16);
-        if (dest->l == NULL)
+        if ((dest->l = OPENSSL_malloc(src->max_l_index * 16)) == NULL) {
+            CRYPTOerr(CRYPTO_F_CRYPTO_OCB128_COPY_CTX, ERR_R_MALLOC_FAILURE);
             return 0;
+        }
         memcpy(dest->l, src->l, (src->l_index + 1) * 16);
     }
     return 1;
diff --git a/deps/openssl/openssl/crypto/modes/wrap128.c b/deps/openssl/openssl/crypto/modes/wrap128.c
index 46809a0e74..d7e56cc260 100644
--- a/deps/openssl/openssl/crypto/modes/wrap128.c
+++ b/deps/openssl/openssl/crypto/modes/wrap128.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -237,7 +237,7 @@ size_t CRYPTO_128_wrap_pad(void *key, const unsigned char *icv,
  *
  *  @param[in]  key    Key value.
  *  @param[in]  icv    (Non-standard) IV, 4 bytes. NULL = use default_aiv.
- *  @param[out] out    Plaintext. Minimal buffer length = inlen bytes.
+ *  @param[out] out    Plaintext. Minimal buffer length = (inlen - 8) bytes.
  *                     Input and output buffers can overlap if block function
  *                     supports that.
  *  @param[in]  in     Ciphertext as n 64-bit blocks.
@@ -267,7 +267,6 @@ size_t CRYPTO_128_unwrap_pad(void *key, const unsigned char *icv,
     if ((inlen & 0x7) != 0 || inlen < 16 || inlen >= CRYPTO128_WRAP_MAX)
         return 0;
 
-    memmove(out, in, inlen);
     if (inlen == 16) {
         /*
          * Section 4.2 - special case in step 1: When n=1, the ciphertext
@@ -275,14 +274,17 @@ size_t CRYPTO_128_unwrap_pad(void *key, const unsigned char *icv,
          * single AES block using AES in ECB mode: AIV | P[1] = DEC(K, C[0] |
          * C[1])
          */
-        block(out, out, key);
-        memcpy(aiv, out, 8);
+        unsigned char buff[16];
+
+        block(in, buff, key);
+        memcpy(aiv, buff, 8);
         /* Remove AIV */
-        memmove(out, out + 8, 8);
+        memcpy(out, buff + 8, 8);
         padded_len = 8;
+        OPENSSL_cleanse(buff, inlen);
     } else {
         padded_len = inlen - 8;
-        ret = crypto_128_unwrap_raw(key, aiv, out, out, inlen, block);
+        ret = crypto_128_unwrap_raw(key, aiv, out, in, inlen, block);
         if (padded_len != ret) {
             OPENSSL_cleanse(out, inlen);
             return 0;
diff --git a/deps/openssl/openssl/crypto/o_dir.c b/deps/openssl/openssl/crypto/o_dir.c
index 7019383dd0..fca9c75e05 100644
--- a/deps/openssl/openssl/crypto/o_dir.c
+++ b/deps/openssl/openssl/crypto/o_dir.c
@@ -7,8 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
+#include "e_os.h"
 #include <errno.h>
-#include <e_os.h>
 
 /*
  * The routines really come from the Levitte Programming, so to make life
diff --git a/deps/openssl/openssl/crypto/o_fips.c b/deps/openssl/openssl/crypto/o_fips.c
index bf6db65fed..050ea9c216 100644
--- a/deps/openssl/openssl/crypto/o_fips.c
+++ b/deps/openssl/openssl/crypto/o_fips.c
@@ -8,27 +8,17 @@
  */
 
 #include "internal/cryptlib.h"
-#ifdef OPENSSL_FIPS
-# include <openssl/fips.h>
-#endif
 
 int FIPS_mode(void)
 {
-#ifdef OPENSSL_FIPS
-    return FIPS_module_mode();
-#else
+    /* This version of the library does not support FIPS mode. */
     return 0;
-#endif
 }
 
 int FIPS_mode_set(int r)
 {
-#ifdef OPENSSL_FIPS
-    return FIPS_module_mode_set(r);
-#else
     if (r == 0)
         return 1;
     CRYPTOerr(CRYPTO_F_FIPS_MODE_SET, CRYPTO_R_FIPS_MODE_NOT_SUPPORTED);
     return 0;
-#endif
 }
diff --git a/deps/openssl/openssl/crypto/o_fopen.c b/deps/openssl/openssl/crypto/o_fopen.c
index bfd5af1151..7d51ad7254 100644
--- a/deps/openssl/openssl/crypto/o_fopen.c
+++ b/deps/openssl/openssl/crypto/o_fopen.c
@@ -25,11 +25,15 @@
 #  endif
 # endif
 
+#include "e_os.h"
 #include "internal/cryptlib.h"
 
 #if !defined(OPENSSL_NO_STDIO)
 
 # include <stdio.h>
+# ifdef __DJGPP__
+#  include <unistd.h>
+# endif
 
 FILE *openssl_fopen(const char *filename, const char *mode)
 {
@@ -79,13 +83,14 @@ FILE *openssl_fopen(const char *filename, const char *mode)
     {
         char *newname = NULL;
 
-        if (!HAS_LFN_SUPPORT(filename)) {
+        if (pathconf(filename, _PC_NAME_MAX) <= 12) {  /* 8.3 file system? */
             char *iterator;
             char lastchar;
 
-            newname = OPENSSL_malloc(strlen(filename) + 1);
-            if (newname == NULL)
+            if ((newname = OPENSSL_malloc(strlen(filename) + 1)) == NULL) {
+                CRYPTOerr(CRYPTO_F_OPENSSL_FOPEN, ERR_R_MALLOC_FAILURE);
                 return NULL;
+            }
 
             for (iterator = newname, lastchar = '\0';
                 *filename; filename++, iterator++) {
diff --git a/deps/openssl/openssl/crypto/o_init.c b/deps/openssl/openssl/crypto/o_init.c
index 2e0c126095..ed6b1303d8 100644
--- a/deps/openssl/openssl/crypto/o_init.c
+++ b/deps/openssl/openssl/crypto/o_init.c
@@ -7,28 +7,15 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <e_os.h>
+#include "e_os.h"
 #include <openssl/err.h>
-#ifdef OPENSSL_FIPS
-# include <openssl/fips.h>
-# include <openssl/rand.h>
-#endif
 
 /*
- * Perform any essential OpenSSL initialization operations. Currently only
- * sets FIPS callbacks
+ * Perform any essential OpenSSL initialization operations. Currently does
+ * nothing.
  */
 
 void OPENSSL_init(void)
 {
-    static int done = 0;
-    if (done)
-        return;
-    done = 1;
-#ifdef OPENSSL_FIPS
-    FIPS_set_locking_callbacks(CRYPTO_lock, CRYPTO_add_lock);
-    FIPS_set_error_callbacks(ERR_put_error, ERR_add_error_vdata);
-    FIPS_set_malloc_callbacks(CRYPTO_malloc, CRYPTO_free);
-    RAND_init_fips();
-#endif
+    return;
 }
diff --git a/deps/openssl/openssl/crypto/o_str.c b/deps/openssl/openssl/crypto/o_str.c
index 528655aa8c..a8357691ad 100644
--- a/deps/openssl/openssl/crypto/o_str.c
+++ b/deps/openssl/openssl/crypto/o_str.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2003-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -7,9 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <ctype.h>
+#include "e_os.h"
 #include <limits.h>
-#include <e_os.h>
 #include <openssl/crypto.h>
 #include "internal/cryptlib.h"
 #include "internal/o_str.h"
@@ -28,14 +27,12 @@ int OPENSSL_memcmp(const void *v1, const void *v2, size_t n)
 char *CRYPTO_strdup(const char *str, const char* file, int line)
 {
     char *ret;
-    size_t size;
 
     if (str == NULL)
         return NULL;
-    size = strlen(str) + 1;
-    ret = CRYPTO_malloc(size, file, line);
+    ret = CRYPTO_malloc(strlen(str) + 1, file, line);
     if (ret != NULL)
-        memcpy(ret, str, size);
+        strcpy(ret, str);
     return ret;
 }
 
diff --git a/deps/openssl/openssl/crypto/objects/README b/deps/openssl/openssl/crypto/objects/README
index cb1d216ce8..700f9c5e54 100644
--- a/deps/openssl/openssl/crypto/objects/README
+++ b/deps/openssl/openssl/crypto/objects/README
@@ -16,7 +16,7 @@ The basic syntax for adding an object is as follows:
 		create the C macros SN_base, LN_base, NID_base and OBJ_base.
 
 		Note that if the base name contains spaces, dashes or periods,
-		those will be converte to underscore.
+		those will be converted to underscore.
 
 Then there are some extra commands:
 
diff --git a/deps/openssl/openssl/crypto/objects/o_names.c b/deps/openssl/openssl/crypto/objects/o_names.c
index 7fb0136c58..c4355370cb 100644
--- a/deps/openssl/openssl/crypto/objects/o_names.c
+++ b/deps/openssl/openssl/crypto/objects/o_names.c
@@ -44,7 +44,7 @@ static int obj_strcasecmp(const char *a, const char *b)
  */
 static LHASH_OF(OBJ_NAME) *names_lh = NULL;
 static int names_type_num = OBJ_NAME_TYPE_NUM;
-static CRYPTO_RWLOCK *lock = NULL;
+static CRYPTO_RWLOCK *obj_lock = NULL;
 
 struct name_funcs_st {
     unsigned long (*hash_func) (const char *name);
@@ -68,9 +68,9 @@ DEFINE_RUN_ONCE_STATIC(o_names_init)
 {
     CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
     names_lh = lh_OBJ_NAME_new(obj_name_hash, obj_name_cmp);
-    lock = CRYPTO_THREAD_lock_new();
+    obj_lock = CRYPTO_THREAD_lock_new();
     CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
-    return names_lh != NULL && lock != NULL;
+    return names_lh != NULL && obj_lock != NULL;
 }
 
 int OBJ_NAME_init(void)
@@ -88,7 +88,7 @@ int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *),
     if (!OBJ_NAME_init())
         return 0;
 
-    CRYPTO_THREAD_write_lock(lock);
+    CRYPTO_THREAD_write_lock(obj_lock);
 
     if (name_funcs_stack == NULL) {
         CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
@@ -133,7 +133,7 @@ int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *),
         name_funcs->free_func = free_func;
 
 out:
-    CRYPTO_THREAD_unlock(lock);
+    CRYPTO_THREAD_unlock(obj_lock);
     return ret;
 }
 
@@ -179,7 +179,7 @@ const char *OBJ_NAME_get(const char *name, int type)
         return NULL;
     if (!OBJ_NAME_init())
         return NULL;
-    CRYPTO_THREAD_read_lock(lock);
+    CRYPTO_THREAD_read_lock(obj_lock);
 
     alias = type & OBJ_NAME_ALIAS;
     type &= ~OBJ_NAME_ALIAS;
@@ -201,7 +201,7 @@ const char *OBJ_NAME_get(const char *name, int type)
         }
     }
 
-    CRYPTO_THREAD_unlock(lock);    
+    CRYPTO_THREAD_unlock(obj_lock);
     return value;
 }
 
@@ -211,7 +211,7 @@ int OBJ_NAME_add(const char *name, int type, const char *data)
     int alias, ok = 0;
 
     if (!OBJ_NAME_init())
-        return 0;    
+        return 0;
 
     alias = type & OBJ_NAME_ALIAS;
     type &= ~OBJ_NAME_ALIAS;
@@ -227,7 +227,7 @@ int OBJ_NAME_add(const char *name, int type, const char *data)
     onp->type = type;
     onp->data = data;
 
-    CRYPTO_THREAD_write_lock(lock);
+    CRYPTO_THREAD_write_lock(obj_lock);
 
     ret = lh_OBJ_NAME_insert(names_lh, onp);
     if (ret != NULL) {
@@ -254,7 +254,7 @@ int OBJ_NAME_add(const char *name, int type, const char *data)
     ok = 1;
 
 unlock:
-    CRYPTO_THREAD_unlock(lock);
+    CRYPTO_THREAD_unlock(obj_lock);
     return ok;
 }
 
@@ -266,7 +266,7 @@ int OBJ_NAME_remove(const char *name, int type)
     if (!OBJ_NAME_init())
         return 0;
 
-    CRYPTO_THREAD_write_lock(lock);
+    CRYPTO_THREAD_write_lock(obj_lock);
 
     type &= ~OBJ_NAME_ALIAS;
     on.name = name;
@@ -288,7 +288,7 @@ int OBJ_NAME_remove(const char *name, int type)
         ok = 1;
     }
 
-    CRYPTO_THREAD_unlock(lock);
+    CRYPTO_THREAD_unlock(obj_lock);
     return ok;
 }
 
@@ -397,10 +397,10 @@ void OBJ_NAME_cleanup(int type)
     if (type < 0) {
         lh_OBJ_NAME_free(names_lh);
         sk_NAME_FUNCS_pop_free(name_funcs_stack, name_funcs_free);
-        CRYPTO_THREAD_lock_free(lock);
+        CRYPTO_THREAD_lock_free(obj_lock);
         names_lh = NULL;
         name_funcs_stack = NULL;
-        lock = NULL;
+        obj_lock = NULL;
     } else
         lh_OBJ_NAME_set_down_load(names_lh, down_load);
 }
diff --git a/deps/openssl/openssl/crypto/objects/obj_dat.c b/deps/openssl/openssl/crypto/objects/obj_dat.c
index 21a1f05bef..ef2d1e0dda 100644
--- a/deps/openssl/openssl/crypto/objects/obj_dat.c
+++ b/deps/openssl/openssl/crypto/objects/obj_dat.c
@@ -8,7 +8,7 @@
  */
 
 #include <stdio.h>
-#include <ctype.h>
+#include "internal/ctype.h"
 #include <limits.h>
 #include "internal/cryptlib.h"
 #include <openssl/lhash.h>
@@ -40,14 +40,14 @@ static LHASH_OF(ADDED_OBJ) *added = NULL;
 
 static int sn_cmp(const ASN1_OBJECT *const *a, const unsigned int *b)
 {
-    return (strcmp((*a)->sn, nid_objs[*b].sn));
+    return strcmp((*a)->sn, nid_objs[*b].sn);
 }
 
 IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, sn);
 
 static int ln_cmp(const ASN1_OBJECT *const *a, const unsigned int *b)
 {
-    return (strcmp((*a)->ln, nid_objs[*b].ln));
+    return strcmp((*a)->ln, nid_objs[*b].ln);
 }
 
 IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, ln);
@@ -82,7 +82,7 @@ static unsigned long added_obj_hash(const ADDED_OBJ *ca)
     }
     ret &= 0x3fffffffL;
     ret |= ((unsigned long)ca->type) << 30L;
-    return (ret);
+    return ret;
 }
 
 static int added_obj_cmp(const ADDED_OBJ *ca, const ADDED_OBJ *cb)
@@ -92,31 +92,31 @@ static int added_obj_cmp(const ADDED_OBJ *ca, const ADDED_OBJ *cb)
 
     i = ca->type - cb->type;
     if (i)
-        return (i);
+        return i;
     a = ca->obj;
     b = cb->obj;
     switch (ca->type) {
     case ADDED_DATA:
         i = (a->length - b->length);
         if (i)
-            return (i);
-        return (memcmp(a->data, b->data, (size_t)a->length));
+            return i;
+        return memcmp(a->data, b->data, (size_t)a->length);
     case ADDED_SNAME:
         if (a->sn == NULL)
-            return (-1);
+            return -1;
         else if (b->sn == NULL)
-            return (1);
+            return 1;
         else
-            return (strcmp(a->sn, b->sn));
+            return strcmp(a->sn, b->sn);
     case ADDED_LNAME:
         if (a->ln == NULL)
-            return (-1);
+            return -1;
         else if (b->ln == NULL)
-            return (1);
+            return 1;
         else
-            return (strcmp(a->ln, b->ln));
+            return strcmp(a->ln, b->ln);
     case ADDED_NID:
-        return (a->nid - b->nid);
+        return a->nid - b->nid;
     default:
         /* abort(); */
         return 0;
@@ -126,9 +126,9 @@ static int added_obj_cmp(const ADDED_OBJ *ca, const ADDED_OBJ *cb)
 static int init_added(void)
 {
     if (added != NULL)
-        return (1);
+        return 1;
     added = lh_ADDED_OBJ_new(added_obj_hash, added_obj_cmp);
-    return (added != NULL);
+    return added != NULL;
 }
 
 static void cleanup1_doall(ADDED_OBJ *a)
@@ -168,7 +168,7 @@ int OBJ_new_nid(int num)
 
     i = new_nid;
     new_nid += num;
-    return (i);
+    return i;
 }
 
 int OBJ_add_object(const ASN1_OBJECT *obj)
@@ -179,7 +179,7 @@ int OBJ_add_object(const ASN1_OBJECT *obj)
 
     if (added == NULL)
         if (!init_added())
-            return (0);
+            return 0;
     if ((o = OBJ_dup(obj)) == NULL)
         goto err;
     if ((ao[ADDED_NID] = OPENSSL_malloc(sizeof(*ao[0]))) == NULL)
@@ -207,7 +207,7 @@ int OBJ_add_object(const ASN1_OBJECT *obj)
         ~(ASN1_OBJECT_FLAG_DYNAMIC | ASN1_OBJECT_FLAG_DYNAMIC_STRINGS |
           ASN1_OBJECT_FLAG_DYNAMIC_DATA);
 
-    return (o->nid);
+    return o->nid;
  err2:
     OBJerr(OBJ_F_OBJ_ADD_OBJECT, ERR_R_MALLOC_FAILURE);
  err:
@@ -225,21 +225,21 @@ ASN1_OBJECT *OBJ_nid2obj(int n)
     if ((n >= 0) && (n < NUM_NID)) {
         if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) {
             OBJerr(OBJ_F_OBJ_NID2OBJ, OBJ_R_UNKNOWN_NID);
-            return (NULL);
+            return NULL;
         }
-        return ((ASN1_OBJECT *)&(nid_objs[n]));
+        return (ASN1_OBJECT *)&(nid_objs[n]);
     } else if (added == NULL)
-        return (NULL);
+        return NULL;
     else {
         ad.type = ADDED_NID;
         ad.obj = &ob;
         ob.nid = n;
         adp = lh_ADDED_OBJ_retrieve(added, &ad);
         if (adp != NULL)
-            return (adp->obj);
+            return adp->obj;
         else {
             OBJerr(OBJ_F_OBJ_NID2OBJ, OBJ_R_UNKNOWN_NID);
-            return (NULL);
+            return NULL;
         }
     }
 }
@@ -252,21 +252,21 @@ const char *OBJ_nid2sn(int n)
     if ((n >= 0) && (n < NUM_NID)) {
         if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) {
             OBJerr(OBJ_F_OBJ_NID2SN, OBJ_R_UNKNOWN_NID);
-            return (NULL);
+            return NULL;
         }
-        return (nid_objs[n].sn);
+        return nid_objs[n].sn;
     } else if (added == NULL)
-        return (NULL);
+        return NULL;
     else {
         ad.type = ADDED_NID;
         ad.obj = &ob;
         ob.nid = n;
         adp = lh_ADDED_OBJ_retrieve(added, &ad);
         if (adp != NULL)
-            return (adp->obj->sn);
+            return adp->obj->sn;
         else {
             OBJerr(OBJ_F_OBJ_NID2SN, OBJ_R_UNKNOWN_NID);
-            return (NULL);
+            return NULL;
         }
     }
 }
@@ -279,21 +279,21 @@ const char *OBJ_nid2ln(int n)
     if ((n >= 0) && (n < NUM_NID)) {
         if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) {
             OBJerr(OBJ_F_OBJ_NID2LN, OBJ_R_UNKNOWN_NID);
-            return (NULL);
+            return NULL;
         }
-        return (nid_objs[n].ln);
+        return nid_objs[n].ln;
     } else if (added == NULL)
-        return (NULL);
+        return NULL;
     else {
         ad.type = ADDED_NID;
         ad.obj = &ob;
         ob.nid = n;
         adp = lh_ADDED_OBJ_retrieve(added, &ad);
         if (adp != NULL)
-            return (adp->obj->ln);
+            return adp->obj->ln;
         else {
             OBJerr(OBJ_F_OBJ_NID2LN, OBJ_R_UNKNOWN_NID);
-            return (NULL);
+            return NULL;
         }
     }
 }
@@ -306,10 +306,10 @@ static int obj_cmp(const ASN1_OBJECT *const *ap, const unsigned int *bp)
 
     j = (a->length - b->length);
     if (j)
-        return (j);
+        return j;
     if (a->length == 0)
         return 0;
-    return (memcmp(a->data, b->data, a->length));
+    return memcmp(a->data, b->data, a->length);
 }
 
 IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, obj);
@@ -320,9 +320,9 @@ int OBJ_obj2nid(const ASN1_OBJECT *a)
     ADDED_OBJ ad, *adp;
 
     if (a == NULL)
-        return (NID_undef);
+        return NID_undef;
     if (a->nid != 0)
-        return (a->nid);
+        return a->nid;
 
     if (a->length == 0)
         return NID_undef;
@@ -332,12 +332,12 @@ int OBJ_obj2nid(const ASN1_OBJECT *a)
         ad.obj = (ASN1_OBJECT *)a; /* XXX: ugly but harmless */
         adp = lh_ADDED_OBJ_retrieve(added, &ad);
         if (adp != NULL)
-            return (adp->obj->nid);
+            return adp->obj->nid;
     }
     op = OBJ_bsearch_obj(&a, obj_objs, NUM_OBJ);
     if (op == NULL)
-        return (NID_undef);
-    return (nid_objs[*op].nid);
+        return NID_undef;
+    return nid_objs[*op].nid;
 }
 
 /*
@@ -350,7 +350,7 @@ int OBJ_obj2nid(const ASN1_OBJECT *a)
 ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name)
 {
     int nid = NID_undef;
-    ASN1_OBJECT *op = NULL;
+    ASN1_OBJECT *op;
     unsigned char *buf;
     unsigned char *p;
     const unsigned char *cp;
@@ -376,8 +376,10 @@ ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name)
     if (j < 0)
         return NULL;
 
-    if ((buf = OPENSSL_malloc(j)) == NULL)
+    if ((buf = OPENSSL_malloc(j)) == NULL) {
+        OBJerr(OBJ_F_OBJ_TXT2OBJ, ERR_R_MALLOC_FAILURE);
         return NULL;
+    }
 
     p = buf;
     /* Write out tag+length */
@@ -404,7 +406,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
         buf[0] = '\0';
 
     if ((a == NULL) || (a->data == NULL))
-        return (0);
+        return 0;
 
     if (!no_name && (nid = OBJ_obj2nid(a)) != NID_undef) {
         const char *s;
@@ -548,12 +550,12 @@ int OBJ_ln2nid(const char *s)
         ad.obj = &o;
         adp = lh_ADDED_OBJ_retrieve(added, &ad);
         if (adp != NULL)
-            return (adp->obj->nid);
+            return adp->obj->nid;
     }
     op = OBJ_bsearch_ln(&oo, ln_objs, NUM_LN);
     if (op == NULL)
-        return (NID_undef);
-    return (nid_objs[*op].nid);
+        return NID_undef;
+    return nid_objs[*op].nid;
 }
 
 int OBJ_sn2nid(const char *s)
@@ -569,12 +571,12 @@ int OBJ_sn2nid(const char *s)
         ad.obj = &o;
         adp = lh_ADDED_OBJ_retrieve(added, &ad);
         if (adp != NULL)
-            return (adp->obj->nid);
+            return adp->obj->nid;
     }
     op = OBJ_bsearch_sn(&oo, sn_objs, NUM_SN);
     if (op == NULL)
-        return (NID_undef);
-    return (nid_objs[*op].nid);
+        return NID_undef;
+    return nid_objs[*op].nid;
 }
 
 const void *OBJ_bsearch_(const void *key, const void *base, int num, int size,
@@ -593,7 +595,7 @@ const void *OBJ_bsearch_ex_(const void *key, const void *base_, int num,
     const char *p = NULL;
 
     if (num == 0)
-        return (NULL);
+        return NULL;
     l = 0;
     h = num;
     while (l < h) {
@@ -629,7 +631,7 @@ const void *OBJ_bsearch_ex_(const void *key, const void *base_, int num,
             i--;
         p = &(base[i * size]);
     }
-    return (p);
+    return p;
 }
 
 /*
@@ -646,26 +648,26 @@ int OBJ_create_objects(BIO *in)
         s = o = NULL;
         i = BIO_gets(in, buf, 512);
         if (i <= 0)
-            return (num);
+            return num;
         buf[i - 1] = '\0';
-        if (!isalnum((unsigned char)buf[0]))
-            return (num);
+        if (!ossl_isalnum(buf[0]))
+            return num;
         o = s = buf;
-        while (isdigit((unsigned char)*s) || (*s == '.'))
+        while (ossl_isdigit(*s) || *s == '.')
             s++;
         if (*s != '\0') {
             *(s++) = '\0';
-            while (isspace((unsigned char)*s))
+            while (ossl_isspace(*s))
                 s++;
             if (*s == '\0') {
                 s = NULL;
             } else {
                 l = s;
-                while ((*l != '\0') && !isspace((unsigned char)*l))
+                while (*l != '\0' && !ossl_isspace(*l))
                     l++;
                 if (*l != '\0') {
                     *(l++) = '\0';
-                    while (isspace((unsigned char)*l))
+                    while (ossl_isspace(*l))
                         l++;
                     if (*l == '\0') {
                         l = NULL;
@@ -680,10 +682,9 @@ int OBJ_create_objects(BIO *in)
         if (*o == '\0')
             return num;
         if (!OBJ_create(o, s, l))
-            return (num);
+            return num;
         num++;
     }
-    /* return(num); */
 }
 
 int OBJ_create(const char *oid, const char *sn, const char *ln)
diff --git a/deps/openssl/openssl/crypto/objects/obj_dat.h b/deps/openssl/openssl/crypto/objects/obj_dat.h
index e1fc64f7c9..e931f7f516 100644
--- a/deps/openssl/openssl/crypto/objects/obj_dat.h
+++ b/deps/openssl/openssl/crypto/objects/obj_dat.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by crypto/objects/obj_dat.pl
  *
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
@@ -10,7 +10,7 @@
  */
 
 /* Serialized OID's */
-static const unsigned char so[6765] = {
+static const unsigned char so[7762] = {
     0x2A,0x86,0x48,0x86,0xF7,0x0D,                 /* [    0] OBJ_rsadsi */
     0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,            /* [    6] OBJ_pkcs */
     0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02,       /* [   13] OBJ_md2 */
@@ -861,109 +861,224 @@ static const unsigned char so[6765] = {
     0x55,0x1D,0x25,0x00,                           /* [ 5946] OBJ_anyExtendedKeyUsage */
     0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x08,  /* [ 5950] OBJ_mgf1 */
     0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0A,  /* [ 5959] OBJ_rsassaPss */
-    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x07,  /* [ 5968] OBJ_rsaesOaep */
-    0x2A,0x86,0x48,0xCE,0x3E,0x02,0x01,            /* [ 5977] OBJ_dhpublicnumber */
-    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x01,  /* [ 5984] OBJ_brainpoolP160r1 */
-    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x02,  /* [ 5993] OBJ_brainpoolP160t1 */
-    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x03,  /* [ 6002] OBJ_brainpoolP192r1 */
-    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x04,  /* [ 6011] OBJ_brainpoolP192t1 */
-    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x05,  /* [ 6020] OBJ_brainpoolP224r1 */
-    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x06,  /* [ 6029] OBJ_brainpoolP224t1 */
-    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x07,  /* [ 6038] OBJ_brainpoolP256r1 */
-    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x08,  /* [ 6047] OBJ_brainpoolP256t1 */
-    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x09,  /* [ 6056] OBJ_brainpoolP320r1 */
-    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0A,  /* [ 6065] OBJ_brainpoolP320t1 */
-    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0B,  /* [ 6074] OBJ_brainpoolP384r1 */
-    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0C,  /* [ 6083] OBJ_brainpoolP384t1 */
-    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0D,  /* [ 6092] OBJ_brainpoolP512r1 */
-    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0E,  /* [ 6101] OBJ_brainpoolP512t1 */
-    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x09,  /* [ 6110] OBJ_pSpecified */
-    0x2B,0x81,0x05,0x10,0x86,0x48,0x3F,0x00,0x02,  /* [ 6119] OBJ_dhSinglePass_stdDH_sha1kdf_scheme */
-    0x2B,0x81,0x04,0x01,0x0B,0x00,                 /* [ 6128] OBJ_dhSinglePass_stdDH_sha224kdf_scheme */
-    0x2B,0x81,0x04,0x01,0x0B,0x01,                 /* [ 6134] OBJ_dhSinglePass_stdDH_sha256kdf_scheme */
-    0x2B,0x81,0x04,0x01,0x0B,0x02,                 /* [ 6140] OBJ_dhSinglePass_stdDH_sha384kdf_scheme */
-    0x2B,0x81,0x04,0x01,0x0B,0x03,                 /* [ 6146] OBJ_dhSinglePass_stdDH_sha512kdf_scheme */
-    0x2B,0x81,0x05,0x10,0x86,0x48,0x3F,0x00,0x03,  /* [ 6152] OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme */
-    0x2B,0x81,0x04,0x01,0x0E,0x00,                 /* [ 6161] OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme */
-    0x2B,0x81,0x04,0x01,0x0E,0x01,                 /* [ 6167] OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme */
-    0x2B,0x81,0x04,0x01,0x0E,0x02,                 /* [ 6173] OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme */
-    0x2B,0x81,0x04,0x01,0x0E,0x03,                 /* [ 6179] OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme */
-    0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x02,  /* [ 6185] OBJ_ct_precert_scts */
-    0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x03,  /* [ 6195] OBJ_ct_precert_poison */
-    0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x04,  /* [ 6205] OBJ_ct_precert_signer */
-    0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x05,  /* [ 6215] OBJ_ct_cert_scts */
-    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x01,  /* [ 6225] OBJ_jurisdictionLocalityName */
-    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x02,  /* [ 6236] OBJ_jurisdictionStateOrProvinceName */
-    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x03,  /* [ 6247] OBJ_jurisdictionCountryName */
-    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x06,       /* [ 6258] OBJ_camellia_128_gcm */
-    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x07,       /* [ 6266] OBJ_camellia_128_ccm */
-    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x09,       /* [ 6274] OBJ_camellia_128_ctr */
-    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x0A,       /* [ 6282] OBJ_camellia_128_cmac */
-    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1A,       /* [ 6290] OBJ_camellia_192_gcm */
-    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1B,       /* [ 6298] OBJ_camellia_192_ccm */
-    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1D,       /* [ 6306] OBJ_camellia_192_ctr */
-    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1E,       /* [ 6314] OBJ_camellia_192_cmac */
-    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2E,       /* [ 6322] OBJ_camellia_256_gcm */
-    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2F,       /* [ 6330] OBJ_camellia_256_ccm */
-    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x31,       /* [ 6338] OBJ_camellia_256_ctr */
-    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x32,       /* [ 6346] OBJ_camellia_256_cmac */
-    0x2B,0x06,0x01,0x04,0x01,0xDA,0x47,0x04,0x0B,  /* [ 6354] OBJ_id_scrypt */
-    0x2A,0x85,0x03,0x07,0x01,                      /* [ 6363] OBJ_id_tc26 */
-    0x2A,0x85,0x03,0x07,0x01,0x01,                 /* [ 6368] OBJ_id_tc26_algorithms */
-    0x2A,0x85,0x03,0x07,0x01,0x01,0x01,            /* [ 6374] OBJ_id_tc26_sign */
-    0x2A,0x85,0x03,0x07,0x01,0x01,0x01,0x01,       /* [ 6381] OBJ_id_GostR3410_2012_256 */
-    0x2A,0x85,0x03,0x07,0x01,0x01,0x01,0x02,       /* [ 6389] OBJ_id_GostR3410_2012_512 */
-    0x2A,0x85,0x03,0x07,0x01,0x01,0x02,            /* [ 6397] OBJ_id_tc26_digest */
-    0x2A,0x85,0x03,0x07,0x01,0x01,0x02,0x02,       /* [ 6404] OBJ_id_GostR3411_2012_256 */
-    0x2A,0x85,0x03,0x07,0x01,0x01,0x02,0x03,       /* [ 6412] OBJ_id_GostR3411_2012_512 */
-    0x2A,0x85,0x03,0x07,0x01,0x01,0x03,            /* [ 6420] OBJ_id_tc26_signwithdigest */
-    0x2A,0x85,0x03,0x07,0x01,0x01,0x03,0x02,       /* [ 6427] OBJ_id_tc26_signwithdigest_gost3410_2012_256 */
-    0x2A,0x85,0x03,0x07,0x01,0x01,0x03,0x03,       /* [ 6435] OBJ_id_tc26_signwithdigest_gost3410_2012_512 */
-    0x2A,0x85,0x03,0x07,0x01,0x01,0x04,            /* [ 6443] OBJ_id_tc26_mac */
-    0x2A,0x85,0x03,0x07,0x01,0x01,0x04,0x01,       /* [ 6450] OBJ_id_tc26_hmac_gost_3411_2012_256 */
-    0x2A,0x85,0x03,0x07,0x01,0x01,0x04,0x02,       /* [ 6458] OBJ_id_tc26_hmac_gost_3411_2012_512 */
-    0x2A,0x85,0x03,0x07,0x01,0x01,0x05,            /* [ 6466] OBJ_id_tc26_cipher */
-    0x2A,0x85,0x03,0x07,0x01,0x01,0x06,            /* [ 6473] OBJ_id_tc26_agreement */
-    0x2A,0x85,0x03,0x07,0x01,0x01,0x06,0x01,       /* [ 6480] OBJ_id_tc26_agreement_gost_3410_2012_256 */
-    0x2A,0x85,0x03,0x07,0x01,0x01,0x06,0x02,       /* [ 6488] OBJ_id_tc26_agreement_gost_3410_2012_512 */
-    0x2A,0x85,0x03,0x07,0x01,0x02,                 /* [ 6496] OBJ_id_tc26_constants */
-    0x2A,0x85,0x03,0x07,0x01,0x02,0x01,            /* [ 6502] OBJ_id_tc26_sign_constants */
-    0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,       /* [ 6509] OBJ_id_tc26_gost_3410_2012_512_constants */
-    0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x00,  /* [ 6517] OBJ_id_tc26_gost_3410_2012_512_paramSetTest */
-    0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x01,  /* [ 6526] OBJ_id_tc26_gost_3410_2012_512_paramSetA */
-    0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x02,  /* [ 6535] OBJ_id_tc26_gost_3410_2012_512_paramSetB */
-    0x2A,0x85,0x03,0x07,0x01,0x02,0x02,            /* [ 6544] OBJ_id_tc26_digest_constants */
-    0x2A,0x85,0x03,0x07,0x01,0x02,0x05,            /* [ 6551] OBJ_id_tc26_cipher_constants */
-    0x2A,0x85,0x03,0x07,0x01,0x02,0x05,0x01,       /* [ 6558] OBJ_id_tc26_gost_28147_constants */
-    0x2A,0x85,0x03,0x07,0x01,0x02,0x05,0x01,0x01,  /* [ 6566] OBJ_id_tc26_gost_28147_param_Z */
-    0x2A,0x85,0x03,0x03,0x81,0x03,0x01,0x01,       /* [ 6575] OBJ_INN */
-    0x2A,0x85,0x03,0x64,0x01,                      /* [ 6583] OBJ_OGRN */
-    0x2A,0x85,0x03,0x64,0x03,                      /* [ 6588] OBJ_SNILS */
-    0x2A,0x85,0x03,0x64,0x6F,                      /* [ 6593] OBJ_subjectSignTool */
-    0x2A,0x85,0x03,0x64,0x70,                      /* [ 6598] OBJ_issuerSignTool */
-    0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x18,       /* [ 6603] OBJ_tlsfeature */
-    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x11,       /* [ 6611] OBJ_ipsec_IKE */
-    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x12,       /* [ 6619] OBJ_capwapAC */
-    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x13,       /* [ 6627] OBJ_capwapWTP */
-    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x15,       /* [ 6635] OBJ_sshClient */
-    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x16,       /* [ 6643] OBJ_sshServer */
-    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x17,       /* [ 6651] OBJ_sendRouter */
-    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x18,       /* [ 6659] OBJ_sendProxiedRouter */
-    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x19,       /* [ 6667] OBJ_sendOwner */
-    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x1A,       /* [ 6675] OBJ_sendProxiedOwner */
-    0x2B,0x06,0x01,0x05,0x02,0x03,                 /* [ 6683] OBJ_id_pkinit */
-    0x2B,0x06,0x01,0x05,0x02,0x03,0x04,            /* [ 6689] OBJ_pkInitClientAuth */
-    0x2B,0x06,0x01,0x05,0x02,0x03,0x05,            /* [ 6696] OBJ_pkInitKDC */
-    0x2B,0x65,0x6E,                                /* [ 6703] OBJ_X25519 */
-    0x2B,0x65,0x6F,                                /* [ 6706] OBJ_X448 */
-    0x2B,0x06,0x01,0x04,0x01,0x8D,0x3A,0x0C,0x02,0x01,0x10,  /* [ 6709] OBJ_blake2b512 */
-    0x2B,0x06,0x01,0x04,0x01,0x8D,0x3A,0x0C,0x02,0x02,0x08,  /* [ 6720] OBJ_blake2s256 */
-    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x13,  /* [ 6731] OBJ_id_smime_ct_contentCollection */
-    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x17,  /* [ 6742] OBJ_id_smime_ct_authEnvelopedData */
-    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x1C,  /* [ 6753] OBJ_id_ct_xml */
+    0x2B,0x6F,0x02,0x8C,0x53,0x00,0x01,0x01,       /* [ 5968] OBJ_aes_128_xts */
+    0x2B,0x6F,0x02,0x8C,0x53,0x00,0x01,0x02,       /* [ 5976] OBJ_aes_256_xts */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x07,  /* [ 5984] OBJ_rsaesOaep */
+    0x2A,0x86,0x48,0xCE,0x3E,0x02,0x01,            /* [ 5993] OBJ_dhpublicnumber */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x01,  /* [ 6000] OBJ_brainpoolP160r1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x02,  /* [ 6009] OBJ_brainpoolP160t1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x03,  /* [ 6018] OBJ_brainpoolP192r1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x04,  /* [ 6027] OBJ_brainpoolP192t1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x05,  /* [ 6036] OBJ_brainpoolP224r1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x06,  /* [ 6045] OBJ_brainpoolP224t1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x07,  /* [ 6054] OBJ_brainpoolP256r1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x08,  /* [ 6063] OBJ_brainpoolP256t1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x09,  /* [ 6072] OBJ_brainpoolP320r1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0A,  /* [ 6081] OBJ_brainpoolP320t1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0B,  /* [ 6090] OBJ_brainpoolP384r1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0C,  /* [ 6099] OBJ_brainpoolP384t1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0D,  /* [ 6108] OBJ_brainpoolP512r1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0E,  /* [ 6117] OBJ_brainpoolP512t1 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x09,  /* [ 6126] OBJ_pSpecified */
+    0x2B,0x81,0x05,0x10,0x86,0x48,0x3F,0x00,0x02,  /* [ 6135] OBJ_dhSinglePass_stdDH_sha1kdf_scheme */
+    0x2B,0x81,0x04,0x01,0x0B,0x00,                 /* [ 6144] OBJ_dhSinglePass_stdDH_sha224kdf_scheme */
+    0x2B,0x81,0x04,0x01,0x0B,0x01,                 /* [ 6150] OBJ_dhSinglePass_stdDH_sha256kdf_scheme */
+    0x2B,0x81,0x04,0x01,0x0B,0x02,                 /* [ 6156] OBJ_dhSinglePass_stdDH_sha384kdf_scheme */
+    0x2B,0x81,0x04,0x01,0x0B,0x03,                 /* [ 6162] OBJ_dhSinglePass_stdDH_sha512kdf_scheme */
+    0x2B,0x81,0x05,0x10,0x86,0x48,0x3F,0x00,0x03,  /* [ 6168] OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme */
+    0x2B,0x81,0x04,0x01,0x0E,0x00,                 /* [ 6177] OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme */
+    0x2B,0x81,0x04,0x01,0x0E,0x01,                 /* [ 6183] OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme */
+    0x2B,0x81,0x04,0x01,0x0E,0x02,                 /* [ 6189] OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme */
+    0x2B,0x81,0x04,0x01,0x0E,0x03,                 /* [ 6195] OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme */
+    0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x02,  /* [ 6201] OBJ_ct_precert_scts */
+    0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x03,  /* [ 6211] OBJ_ct_precert_poison */
+    0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x04,  /* [ 6221] OBJ_ct_precert_signer */
+    0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x05,  /* [ 6231] OBJ_ct_cert_scts */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x01,  /* [ 6241] OBJ_jurisdictionLocalityName */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x02,  /* [ 6252] OBJ_jurisdictionStateOrProvinceName */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x03,  /* [ 6263] OBJ_jurisdictionCountryName */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x06,       /* [ 6274] OBJ_camellia_128_gcm */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x07,       /* [ 6282] OBJ_camellia_128_ccm */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x09,       /* [ 6290] OBJ_camellia_128_ctr */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x0A,       /* [ 6298] OBJ_camellia_128_cmac */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1A,       /* [ 6306] OBJ_camellia_192_gcm */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1B,       /* [ 6314] OBJ_camellia_192_ccm */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1D,       /* [ 6322] OBJ_camellia_192_ctr */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1E,       /* [ 6330] OBJ_camellia_192_cmac */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2E,       /* [ 6338] OBJ_camellia_256_gcm */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2F,       /* [ 6346] OBJ_camellia_256_ccm */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x31,       /* [ 6354] OBJ_camellia_256_ctr */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x32,       /* [ 6362] OBJ_camellia_256_cmac */
+    0x2B,0x06,0x01,0x04,0x01,0xDA,0x47,0x04,0x0B,  /* [ 6370] OBJ_id_scrypt */
+    0x2A,0x85,0x03,0x07,0x01,                      /* [ 6379] OBJ_id_tc26 */
+    0x2A,0x85,0x03,0x07,0x01,0x01,                 /* [ 6384] OBJ_id_tc26_algorithms */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x01,            /* [ 6390] OBJ_id_tc26_sign */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x01,0x01,       /* [ 6397] OBJ_id_GostR3410_2012_256 */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x01,0x02,       /* [ 6405] OBJ_id_GostR3410_2012_512 */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x02,            /* [ 6413] OBJ_id_tc26_digest */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x02,0x02,       /* [ 6420] OBJ_id_GostR3411_2012_256 */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x02,0x03,       /* [ 6428] OBJ_id_GostR3411_2012_512 */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x03,            /* [ 6436] OBJ_id_tc26_signwithdigest */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x03,0x02,       /* [ 6443] OBJ_id_tc26_signwithdigest_gost3410_2012_256 */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x03,0x03,       /* [ 6451] OBJ_id_tc26_signwithdigest_gost3410_2012_512 */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x04,            /* [ 6459] OBJ_id_tc26_mac */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x04,0x01,       /* [ 6466] OBJ_id_tc26_hmac_gost_3411_2012_256 */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x04,0x02,       /* [ 6474] OBJ_id_tc26_hmac_gost_3411_2012_512 */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x05,            /* [ 6482] OBJ_id_tc26_cipher */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x06,            /* [ 6489] OBJ_id_tc26_agreement */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x06,0x01,       /* [ 6496] OBJ_id_tc26_agreement_gost_3410_2012_256 */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x06,0x02,       /* [ 6504] OBJ_id_tc26_agreement_gost_3410_2012_512 */
+    0x2A,0x85,0x03,0x07,0x01,0x02,                 /* [ 6512] OBJ_id_tc26_constants */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x01,            /* [ 6518] OBJ_id_tc26_sign_constants */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,       /* [ 6525] OBJ_id_tc26_gost_3410_2012_512_constants */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x00,  /* [ 6533] OBJ_id_tc26_gost_3410_2012_512_paramSetTest */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x01,  /* [ 6542] OBJ_id_tc26_gost_3410_2012_512_paramSetA */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x02,  /* [ 6551] OBJ_id_tc26_gost_3410_2012_512_paramSetB */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x02,            /* [ 6560] OBJ_id_tc26_digest_constants */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x05,            /* [ 6567] OBJ_id_tc26_cipher_constants */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x05,0x01,       /* [ 6574] OBJ_id_tc26_gost_28147_constants */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x05,0x01,0x01,  /* [ 6582] OBJ_id_tc26_gost_28147_param_Z */
+    0x2A,0x85,0x03,0x03,0x81,0x03,0x01,0x01,       /* [ 6591] OBJ_INN */
+    0x2A,0x85,0x03,0x64,0x01,                      /* [ 6599] OBJ_OGRN */
+    0x2A,0x85,0x03,0x64,0x03,                      /* [ 6604] OBJ_SNILS */
+    0x2A,0x85,0x03,0x64,0x6F,                      /* [ 6609] OBJ_subjectSignTool */
+    0x2A,0x85,0x03,0x64,0x70,                      /* [ 6614] OBJ_issuerSignTool */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x18,       /* [ 6619] OBJ_tlsfeature */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x11,       /* [ 6627] OBJ_ipsec_IKE */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x12,       /* [ 6635] OBJ_capwapAC */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x13,       /* [ 6643] OBJ_capwapWTP */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x15,       /* [ 6651] OBJ_sshClient */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x16,       /* [ 6659] OBJ_sshServer */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x17,       /* [ 6667] OBJ_sendRouter */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x18,       /* [ 6675] OBJ_sendProxiedRouter */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x19,       /* [ 6683] OBJ_sendOwner */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x1A,       /* [ 6691] OBJ_sendProxiedOwner */
+    0x2B,0x06,0x01,0x05,0x02,0x03,                 /* [ 6699] OBJ_id_pkinit */
+    0x2B,0x06,0x01,0x05,0x02,0x03,0x04,            /* [ 6705] OBJ_pkInitClientAuth */
+    0x2B,0x06,0x01,0x05,0x02,0x03,0x05,            /* [ 6712] OBJ_pkInitKDC */
+    0x2B,0x65,0x6E,                                /* [ 6719] OBJ_X25519 */
+    0x2B,0x65,0x6F,                                /* [ 6722] OBJ_X448 */
+    0x2B,0x06,0x01,0x04,0x01,0x8D,0x3A,0x0C,0x02,0x01,0x10,  /* [ 6725] OBJ_blake2b512 */
+    0x2B,0x06,0x01,0x04,0x01,0x8D,0x3A,0x0C,0x02,0x02,0x08,  /* [ 6736] OBJ_blake2s256 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x13,  /* [ 6747] OBJ_id_smime_ct_contentCollection */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x17,  /* [ 6758] OBJ_id_smime_ct_authEnvelopedData */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x1C,  /* [ 6769] OBJ_id_ct_xml */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x01,  /* [ 6780] OBJ_aria_128_ecb */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x02,  /* [ 6789] OBJ_aria_128_cbc */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x03,  /* [ 6798] OBJ_aria_128_cfb128 */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x04,  /* [ 6807] OBJ_aria_128_ofb128 */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x05,  /* [ 6816] OBJ_aria_128_ctr */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x06,  /* [ 6825] OBJ_aria_192_ecb */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x07,  /* [ 6834] OBJ_aria_192_cbc */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x08,  /* [ 6843] OBJ_aria_192_cfb128 */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x09,  /* [ 6852] OBJ_aria_192_ofb128 */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x0A,  /* [ 6861] OBJ_aria_192_ctr */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x0B,  /* [ 6870] OBJ_aria_256_ecb */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x0C,  /* [ 6879] OBJ_aria_256_cbc */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x0D,  /* [ 6888] OBJ_aria_256_cfb128 */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x0E,  /* [ 6897] OBJ_aria_256_ofb128 */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x0F,  /* [ 6906] OBJ_aria_256_ctr */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x2F,  /* [ 6915] OBJ_id_smime_aa_signingCertificateV2 */
+    0x2B,0x65,0x70,                                /* [ 6926] OBJ_ED25519 */
+    0x2B,0x65,0x71,                                /* [ 6929] OBJ_ED448 */
+    0x55,0x04,0x61,                                /* [ 6932] OBJ_organizationIdentifier */
+    0x55,0x04,0x62,                                /* [ 6935] OBJ_countryCode3c */
+    0x55,0x04,0x63,                                /* [ 6938] OBJ_countryCode3n */
+    0x55,0x04,0x64,                                /* [ 6941] OBJ_dnsName */
+    0x2B,0x24,0x08,0x03,0x03,                      /* [ 6944] OBJ_x509ExtAdmission */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x05,  /* [ 6949] OBJ_sha512_224 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x06,  /* [ 6958] OBJ_sha512_256 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x07,  /* [ 6967] OBJ_sha3_224 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x08,  /* [ 6976] OBJ_sha3_256 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x09,  /* [ 6985] OBJ_sha3_384 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x0A,  /* [ 6994] OBJ_sha3_512 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x0B,  /* [ 7003] OBJ_shake128 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x0C,  /* [ 7012] OBJ_shake256 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x0D,  /* [ 7021] OBJ_hmac_sha3_224 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x0E,  /* [ 7030] OBJ_hmac_sha3_256 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x0F,  /* [ 7039] OBJ_hmac_sha3_384 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x10,  /* [ 7048] OBJ_hmac_sha3_512 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x03,  /* [ 7057] OBJ_dsa_with_SHA384 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x04,  /* [ 7066] OBJ_dsa_with_SHA512 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x05,  /* [ 7075] OBJ_dsa_with_SHA3_224 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x06,  /* [ 7084] OBJ_dsa_with_SHA3_256 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x07,  /* [ 7093] OBJ_dsa_with_SHA3_384 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x08,  /* [ 7102] OBJ_dsa_with_SHA3_512 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x09,  /* [ 7111] OBJ_ecdsa_with_SHA3_224 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x0A,  /* [ 7120] OBJ_ecdsa_with_SHA3_256 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x0B,  /* [ 7129] OBJ_ecdsa_with_SHA3_384 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x0C,  /* [ 7138] OBJ_ecdsa_with_SHA3_512 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x0D,  /* [ 7147] OBJ_RSA_SHA3_224 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x0E,  /* [ 7156] OBJ_RSA_SHA3_256 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x0F,  /* [ 7165] OBJ_RSA_SHA3_384 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x10,  /* [ 7174] OBJ_RSA_SHA3_512 */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x25,  /* [ 7183] OBJ_aria_128_ccm */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x26,  /* [ 7192] OBJ_aria_192_ccm */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x27,  /* [ 7201] OBJ_aria_256_ccm */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x22,  /* [ 7210] OBJ_aria_128_gcm */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x23,  /* [ 7219] OBJ_aria_192_gcm */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x24,  /* [ 7228] OBJ_aria_256_gcm */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x1B,       /* [ 7237] OBJ_cmcCA */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x1C,       /* [ 7245] OBJ_cmcRA */
+    0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x01,       /* [ 7253] OBJ_sm4_ecb */
+    0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x02,       /* [ 7261] OBJ_sm4_cbc */
+    0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x03,       /* [ 7269] OBJ_sm4_ofb128 */
+    0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x05,       /* [ 7277] OBJ_sm4_cfb1 */
+    0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x04,       /* [ 7285] OBJ_sm4_cfb128 */
+    0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x06,       /* [ 7293] OBJ_sm4_cfb8 */
+    0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x07,       /* [ 7301] OBJ_sm4_ctr */
+    0x2A,0x81,0x1C,                                /* [ 7309] OBJ_ISO_CN */
+    0x2A,0x81,0x1C,0xCF,0x55,                      /* [ 7312] OBJ_oscca */
+    0x2A,0x81,0x1C,0xCF,0x55,0x01,                 /* [ 7317] OBJ_sm_scheme */
+    0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x11,       /* [ 7323] OBJ_sm3 */
+    0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x78,       /* [ 7331] OBJ_sm3WithRSAEncryption */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0F,  /* [ 7339] OBJ_sha512_224WithRSAEncryption */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x10,  /* [ 7348] OBJ_sha512_256WithRSAEncryption */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,       /* [ 7357] OBJ_id_tc26_gost_3410_2012_256_constants */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,0x01,  /* [ 7365] OBJ_id_tc26_gost_3410_2012_256_paramSetA */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x03,  /* [ 7374] OBJ_id_tc26_gost_3410_2012_512_paramSetC */
+    0x2A,0x86,0x24,                                /* [ 7383] OBJ_ISO_UA */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,            /* [ 7386] OBJ_ua_pki */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x01,0x01,  /* [ 7393] OBJ_dstu28147 */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x01,0x01,0x02,  /* [ 7403] OBJ_dstu28147_ofb */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x01,0x01,0x03,  /* [ 7414] OBJ_dstu28147_cfb */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x01,0x01,0x05,  /* [ 7425] OBJ_dstu28147_wrap */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x01,0x02,  /* [ 7436] OBJ_hmacWithDstu34311 */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x02,0x01,  /* [ 7446] OBJ_dstu34311 */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,  /* [ 7456] OBJ_dstu4145le */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x01,0x01,  /* [ 7467] OBJ_dstu4145be */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x00,  /* [ 7480] OBJ_uacurve0 */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x01,  /* [ 7493] OBJ_uacurve1 */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x02,  /* [ 7506] OBJ_uacurve2 */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x03,  /* [ 7519] OBJ_uacurve3 */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x04,  /* [ 7532] OBJ_uacurve4 */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x05,  /* [ 7545] OBJ_uacurve5 */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x06,  /* [ 7558] OBJ_uacurve6 */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x07,  /* [ 7571] OBJ_uacurve7 */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x08,  /* [ 7584] OBJ_uacurve8 */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x09,  /* [ 7597] OBJ_uacurve9 */
+    0x2B,0x6F,                                     /* [ 7610] OBJ_ieee */
+    0x2B,0x6F,0x02,0x8C,0x53,                      /* [ 7612] OBJ_ieee_siswg */
+    0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D,       /* [ 7617] OBJ_sm2 */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x01,       /* [ 7625] OBJ_id_tc26_cipher_gostr3412_2015_magma */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x01,0x01,  /* [ 7633] OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x01,0x02,  /* [ 7642] OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x02,       /* [ 7651] OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x02,0x01,  /* [ 7659] OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x02,0x02,  /* [ 7668] OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x07,            /* [ 7677] OBJ_id_tc26_wrap */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x07,0x01,       /* [ 7684] OBJ_id_tc26_wrap_gostr3412_2015_magma */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x07,0x01,0x01,  /* [ 7692] OBJ_id_tc26_wrap_gostr3412_2015_magma_kexp15 */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x07,0x02,       /* [ 7701] OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x07,0x01,0x01,  /* [ 7709] OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,0x02,  /* [ 7718] OBJ_id_tc26_gost_3410_2012_256_paramSetB */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,0x03,  /* [ 7727] OBJ_id_tc26_gost_3410_2012_256_paramSetC */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,0x04,  /* [ 7736] OBJ_id_tc26_gost_3410_2012_256_paramSetD */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0C,       /* [ 7745] OBJ_hmacWithSHA512_224 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0D,       /* [ 7753] OBJ_hmacWithSHA512_256 */
 };
 
-#define NUM_NID 1061
+#define NUM_NID 1195
 static const ASN1_OBJECT nid_objs[NUM_NID] = {
     {"UNDEF", "undefined", NID_undef},
     {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]},
@@ -1878,102 +1993,102 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = {
     {"anyExtendedKeyUsage", "Any Extended Key Usage", NID_anyExtendedKeyUsage, 4, &so[5946]},
     {"MGF1", "mgf1", NID_mgf1, 9, &so[5950]},
     {"RSASSA-PSS", "rsassaPss", NID_rsassaPss, 9, &so[5959]},
-    {"AES-128-XTS", "aes-128-xts", NID_aes_128_xts},
-    {"AES-256-XTS", "aes-256-xts", NID_aes_256_xts},
+    {"AES-128-XTS", "aes-128-xts", NID_aes_128_xts, 8, &so[5968]},
+    {"AES-256-XTS", "aes-256-xts", NID_aes_256_xts, 8, &so[5976]},
     {"RC4-HMAC-MD5", "rc4-hmac-md5", NID_rc4_hmac_md5},
     {"AES-128-CBC-HMAC-SHA1", "aes-128-cbc-hmac-sha1", NID_aes_128_cbc_hmac_sha1},
     {"AES-192-CBC-HMAC-SHA1", "aes-192-cbc-hmac-sha1", NID_aes_192_cbc_hmac_sha1},
     {"AES-256-CBC-HMAC-SHA1", "aes-256-cbc-hmac-sha1", NID_aes_256_cbc_hmac_sha1},
-    {"RSAES-OAEP", "rsaesOaep", NID_rsaesOaep, 9, &so[5968]},
-    {"dhpublicnumber", "X9.42 DH", NID_dhpublicnumber, 7, &so[5977]},
-    {"brainpoolP160r1", "brainpoolP160r1", NID_brainpoolP160r1, 9, &so[5984]},
-    {"brainpoolP160t1", "brainpoolP160t1", NID_brainpoolP160t1, 9, &so[5993]},
-    {"brainpoolP192r1", "brainpoolP192r1", NID_brainpoolP192r1, 9, &so[6002]},
-    {"brainpoolP192t1", "brainpoolP192t1", NID_brainpoolP192t1, 9, &so[6011]},
-    {"brainpoolP224r1", "brainpoolP224r1", NID_brainpoolP224r1, 9, &so[6020]},
-    {"brainpoolP224t1", "brainpoolP224t1", NID_brainpoolP224t1, 9, &so[6029]},
-    {"brainpoolP256r1", "brainpoolP256r1", NID_brainpoolP256r1, 9, &so[6038]},
-    {"brainpoolP256t1", "brainpoolP256t1", NID_brainpoolP256t1, 9, &so[6047]},
-    {"brainpoolP320r1", "brainpoolP320r1", NID_brainpoolP320r1, 9, &so[6056]},
-    {"brainpoolP320t1", "brainpoolP320t1", NID_brainpoolP320t1, 9, &so[6065]},
-    {"brainpoolP384r1", "brainpoolP384r1", NID_brainpoolP384r1, 9, &so[6074]},
-    {"brainpoolP384t1", "brainpoolP384t1", NID_brainpoolP384t1, 9, &so[6083]},
-    {"brainpoolP512r1", "brainpoolP512r1", NID_brainpoolP512r1, 9, &so[6092]},
-    {"brainpoolP512t1", "brainpoolP512t1", NID_brainpoolP512t1, 9, &so[6101]},
-    {"PSPECIFIED", "pSpecified", NID_pSpecified, 9, &so[6110]},
-    {"dhSinglePass-stdDH-sha1kdf-scheme", "dhSinglePass-stdDH-sha1kdf-scheme", NID_dhSinglePass_stdDH_sha1kdf_scheme, 9, &so[6119]},
-    {"dhSinglePass-stdDH-sha224kdf-scheme", "dhSinglePass-stdDH-sha224kdf-scheme", NID_dhSinglePass_stdDH_sha224kdf_scheme, 6, &so[6128]},
-    {"dhSinglePass-stdDH-sha256kdf-scheme", "dhSinglePass-stdDH-sha256kdf-scheme", NID_dhSinglePass_stdDH_sha256kdf_scheme, 6, &so[6134]},
-    {"dhSinglePass-stdDH-sha384kdf-scheme", "dhSinglePass-stdDH-sha384kdf-scheme", NID_dhSinglePass_stdDH_sha384kdf_scheme, 6, &so[6140]},
-    {"dhSinglePass-stdDH-sha512kdf-scheme", "dhSinglePass-stdDH-sha512kdf-scheme", NID_dhSinglePass_stdDH_sha512kdf_scheme, 6, &so[6146]},
-    {"dhSinglePass-cofactorDH-sha1kdf-scheme", "dhSinglePass-cofactorDH-sha1kdf-scheme", NID_dhSinglePass_cofactorDH_sha1kdf_scheme, 9, &so[6152]},
-    {"dhSinglePass-cofactorDH-sha224kdf-scheme", "dhSinglePass-cofactorDH-sha224kdf-scheme", NID_dhSinglePass_cofactorDH_sha224kdf_scheme, 6, &so[6161]},
-    {"dhSinglePass-cofactorDH-sha256kdf-scheme", "dhSinglePass-cofactorDH-sha256kdf-scheme", NID_dhSinglePass_cofactorDH_sha256kdf_scheme, 6, &so[6167]},
-    {"dhSinglePass-cofactorDH-sha384kdf-scheme", "dhSinglePass-cofactorDH-sha384kdf-scheme", NID_dhSinglePass_cofactorDH_sha384kdf_scheme, 6, &so[6173]},
-    {"dhSinglePass-cofactorDH-sha512kdf-scheme", "dhSinglePass-cofactorDH-sha512kdf-scheme", NID_dhSinglePass_cofactorDH_sha512kdf_scheme, 6, &so[6179]},
+    {"RSAES-OAEP", "rsaesOaep", NID_rsaesOaep, 9, &so[5984]},
+    {"dhpublicnumber", "X9.42 DH", NID_dhpublicnumber, 7, &so[5993]},
+    {"brainpoolP160r1", "brainpoolP160r1", NID_brainpoolP160r1, 9, &so[6000]},
+    {"brainpoolP160t1", "brainpoolP160t1", NID_brainpoolP160t1, 9, &so[6009]},
+    {"brainpoolP192r1", "brainpoolP192r1", NID_brainpoolP192r1, 9, &so[6018]},
+    {"brainpoolP192t1", "brainpoolP192t1", NID_brainpoolP192t1, 9, &so[6027]},
+    {"brainpoolP224r1", "brainpoolP224r1", NID_brainpoolP224r1, 9, &so[6036]},
+    {"brainpoolP224t1", "brainpoolP224t1", NID_brainpoolP224t1, 9, &so[6045]},
+    {"brainpoolP256r1", "brainpoolP256r1", NID_brainpoolP256r1, 9, &so[6054]},
+    {"brainpoolP256t1", "brainpoolP256t1", NID_brainpoolP256t1, 9, &so[6063]},
+    {"brainpoolP320r1", "brainpoolP320r1", NID_brainpoolP320r1, 9, &so[6072]},
+    {"brainpoolP320t1", "brainpoolP320t1", NID_brainpoolP320t1, 9, &so[6081]},
+    {"brainpoolP384r1", "brainpoolP384r1", NID_brainpoolP384r1, 9, &so[6090]},
+    {"brainpoolP384t1", "brainpoolP384t1", NID_brainpoolP384t1, 9, &so[6099]},
+    {"brainpoolP512r1", "brainpoolP512r1", NID_brainpoolP512r1, 9, &so[6108]},
+    {"brainpoolP512t1", "brainpoolP512t1", NID_brainpoolP512t1, 9, &so[6117]},
+    {"PSPECIFIED", "pSpecified", NID_pSpecified, 9, &so[6126]},
+    {"dhSinglePass-stdDH-sha1kdf-scheme", "dhSinglePass-stdDH-sha1kdf-scheme", NID_dhSinglePass_stdDH_sha1kdf_scheme, 9, &so[6135]},
+    {"dhSinglePass-stdDH-sha224kdf-scheme", "dhSinglePass-stdDH-sha224kdf-scheme", NID_dhSinglePass_stdDH_sha224kdf_scheme, 6, &so[6144]},
+    {"dhSinglePass-stdDH-sha256kdf-scheme", "dhSinglePass-stdDH-sha256kdf-scheme", NID_dhSinglePass_stdDH_sha256kdf_scheme, 6, &so[6150]},
+    {"dhSinglePass-stdDH-sha384kdf-scheme", "dhSinglePass-stdDH-sha384kdf-scheme", NID_dhSinglePass_stdDH_sha384kdf_scheme, 6, &so[6156]},
+    {"dhSinglePass-stdDH-sha512kdf-scheme", "dhSinglePass-stdDH-sha512kdf-scheme", NID_dhSinglePass_stdDH_sha512kdf_scheme, 6, &so[6162]},
+    {"dhSinglePass-cofactorDH-sha1kdf-scheme", "dhSinglePass-cofactorDH-sha1kdf-scheme", NID_dhSinglePass_cofactorDH_sha1kdf_scheme, 9, &so[6168]},
+    {"dhSinglePass-cofactorDH-sha224kdf-scheme", "dhSinglePass-cofactorDH-sha224kdf-scheme", NID_dhSinglePass_cofactorDH_sha224kdf_scheme, 6, &so[6177]},
+    {"dhSinglePass-cofactorDH-sha256kdf-scheme", "dhSinglePass-cofactorDH-sha256kdf-scheme", NID_dhSinglePass_cofactorDH_sha256kdf_scheme, 6, &so[6183]},
+    {"dhSinglePass-cofactorDH-sha384kdf-scheme", "dhSinglePass-cofactorDH-sha384kdf-scheme", NID_dhSinglePass_cofactorDH_sha384kdf_scheme, 6, &so[6189]},
+    {"dhSinglePass-cofactorDH-sha512kdf-scheme", "dhSinglePass-cofactorDH-sha512kdf-scheme", NID_dhSinglePass_cofactorDH_sha512kdf_scheme, 6, &so[6195]},
     {"dh-std-kdf", "dh-std-kdf", NID_dh_std_kdf},
     {"dh-cofactor-kdf", "dh-cofactor-kdf", NID_dh_cofactor_kdf},
     {"AES-128-CBC-HMAC-SHA256", "aes-128-cbc-hmac-sha256", NID_aes_128_cbc_hmac_sha256},
     {"AES-192-CBC-HMAC-SHA256", "aes-192-cbc-hmac-sha256", NID_aes_192_cbc_hmac_sha256},
     {"AES-256-CBC-HMAC-SHA256", "aes-256-cbc-hmac-sha256", NID_aes_256_cbc_hmac_sha256},
-    {"ct_precert_scts", "CT Precertificate SCTs", NID_ct_precert_scts, 10, &so[6185]},
-    {"ct_precert_poison", "CT Precertificate Poison", NID_ct_precert_poison, 10, &so[6195]},
-    {"ct_precert_signer", "CT Precertificate Signer", NID_ct_precert_signer, 10, &so[6205]},
-    {"ct_cert_scts", "CT Certificate SCTs", NID_ct_cert_scts, 10, &so[6215]},
-    {"jurisdictionL", "jurisdictionLocalityName", NID_jurisdictionLocalityName, 11, &so[6225]},
-    {"jurisdictionST", "jurisdictionStateOrProvinceName", NID_jurisdictionStateOrProvinceName, 11, &so[6236]},
-    {"jurisdictionC", "jurisdictionCountryName", NID_jurisdictionCountryName, 11, &so[6247]},
+    {"ct_precert_scts", "CT Precertificate SCTs", NID_ct_precert_scts, 10, &so[6201]},
+    {"ct_precert_poison", "CT Precertificate Poison", NID_ct_precert_poison, 10, &so[6211]},
+    {"ct_precert_signer", "CT Precertificate Signer", NID_ct_precert_signer, 10, &so[6221]},
+    {"ct_cert_scts", "CT Certificate SCTs", NID_ct_cert_scts, 10, &so[6231]},
+    {"jurisdictionL", "jurisdictionLocalityName", NID_jurisdictionLocalityName, 11, &so[6241]},
+    {"jurisdictionST", "jurisdictionStateOrProvinceName", NID_jurisdictionStateOrProvinceName, 11, &so[6252]},
+    {"jurisdictionC", "jurisdictionCountryName", NID_jurisdictionCountryName, 11, &so[6263]},
     {"AES-128-OCB", "aes-128-ocb", NID_aes_128_ocb},
     {"AES-192-OCB", "aes-192-ocb", NID_aes_192_ocb},
     {"AES-256-OCB", "aes-256-ocb", NID_aes_256_ocb},
-    {"CAMELLIA-128-GCM", "camellia-128-gcm", NID_camellia_128_gcm, 8, &so[6258]},
-    {"CAMELLIA-128-CCM", "camellia-128-ccm", NID_camellia_128_ccm, 8, &so[6266]},
-    {"CAMELLIA-128-CTR", "camellia-128-ctr", NID_camellia_128_ctr, 8, &so[6274]},
-    {"CAMELLIA-128-CMAC", "camellia-128-cmac", NID_camellia_128_cmac, 8, &so[6282]},
-    {"CAMELLIA-192-GCM", "camellia-192-gcm", NID_camellia_192_gcm, 8, &so[6290]},
-    {"CAMELLIA-192-CCM", "camellia-192-ccm", NID_camellia_192_ccm, 8, &so[6298]},
-    {"CAMELLIA-192-CTR", "camellia-192-ctr", NID_camellia_192_ctr, 8, &so[6306]},
-    {"CAMELLIA-192-CMAC", "camellia-192-cmac", NID_camellia_192_cmac, 8, &so[6314]},
-    {"CAMELLIA-256-GCM", "camellia-256-gcm", NID_camellia_256_gcm, 8, &so[6322]},
-    {"CAMELLIA-256-CCM", "camellia-256-ccm", NID_camellia_256_ccm, 8, &so[6330]},
-    {"CAMELLIA-256-CTR", "camellia-256-ctr", NID_camellia_256_ctr, 8, &so[6338]},
-    {"CAMELLIA-256-CMAC", "camellia-256-cmac", NID_camellia_256_cmac, 8, &so[6346]},
-    {"id-scrypt", "id-scrypt", NID_id_scrypt, 9, &so[6354]},
-    {"id-tc26", "id-tc26", NID_id_tc26, 5, &so[6363]},
+    {"CAMELLIA-128-GCM", "camellia-128-gcm", NID_camellia_128_gcm, 8, &so[6274]},
+    {"CAMELLIA-128-CCM", "camellia-128-ccm", NID_camellia_128_ccm, 8, &so[6282]},
+    {"CAMELLIA-128-CTR", "camellia-128-ctr", NID_camellia_128_ctr, 8, &so[6290]},
+    {"CAMELLIA-128-CMAC", "camellia-128-cmac", NID_camellia_128_cmac, 8, &so[6298]},
+    {"CAMELLIA-192-GCM", "camellia-192-gcm", NID_camellia_192_gcm, 8, &so[6306]},
+    {"CAMELLIA-192-CCM", "camellia-192-ccm", NID_camellia_192_ccm, 8, &so[6314]},
+    {"CAMELLIA-192-CTR", "camellia-192-ctr", NID_camellia_192_ctr, 8, &so[6322]},
+    {"CAMELLIA-192-CMAC", "camellia-192-cmac", NID_camellia_192_cmac, 8, &so[6330]},
+    {"CAMELLIA-256-GCM", "camellia-256-gcm", NID_camellia_256_gcm, 8, &so[6338]},
+    {"CAMELLIA-256-CCM", "camellia-256-ccm", NID_camellia_256_ccm, 8, &so[6346]},
+    {"CAMELLIA-256-CTR", "camellia-256-ctr", NID_camellia_256_ctr, 8, &so[6354]},
+    {"CAMELLIA-256-CMAC", "camellia-256-cmac", NID_camellia_256_cmac, 8, &so[6362]},
+    {"id-scrypt", "scrypt", NID_id_scrypt, 9, &so[6370]},
+    {"id-tc26", "id-tc26", NID_id_tc26, 5, &so[6379]},
     {"gost89-cnt-12", "gost89-cnt-12", NID_gost89_cnt_12},
     {"gost-mac-12", "gost-mac-12", NID_gost_mac_12},
-    {"id-tc26-algorithms", "id-tc26-algorithms", NID_id_tc26_algorithms, 6, &so[6368]},
-    {"id-tc26-sign", "id-tc26-sign", NID_id_tc26_sign, 7, &so[6374]},
-    {"gost2012_256", "GOST R 34.10-2012 with 256 bit modulus", NID_id_GostR3410_2012_256, 8, &so[6381]},
-    {"gost2012_512", "GOST R 34.10-2012 with 512 bit modulus", NID_id_GostR3410_2012_512, 8, &so[6389]},
-    {"id-tc26-digest", "id-tc26-digest", NID_id_tc26_digest, 7, &so[6397]},
-    {"md_gost12_256", "GOST R 34.11-2012 with 256 bit hash", NID_id_GostR3411_2012_256, 8, &so[6404]},
-    {"md_gost12_512", "GOST R 34.11-2012 with 512 bit hash", NID_id_GostR3411_2012_512, 8, &so[6412]},
-    {"id-tc26-signwithdigest", "id-tc26-signwithdigest", NID_id_tc26_signwithdigest, 7, &so[6420]},
-    {"id-tc26-signwithdigest-gost3410-2012-256", "GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)", NID_id_tc26_signwithdigest_gost3410_2012_256, 8, &so[6427]},
-    {"id-tc26-signwithdigest-gost3410-2012-512", "GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)", NID_id_tc26_signwithdigest_gost3410_2012_512, 8, &so[6435]},
-    {"id-tc26-mac", "id-tc26-mac", NID_id_tc26_mac, 7, &so[6443]},
-    {"id-tc26-hmac-gost-3411-2012-256", "HMAC GOST 34.11-2012 256 bit", NID_id_tc26_hmac_gost_3411_2012_256, 8, &so[6450]},
-    {"id-tc26-hmac-gost-3411-2012-512", "HMAC GOST 34.11-2012 512 bit", NID_id_tc26_hmac_gost_3411_2012_512, 8, &so[6458]},
-    {"id-tc26-cipher", "id-tc26-cipher", NID_id_tc26_cipher, 7, &so[6466]},
-    {"id-tc26-agreement", "id-tc26-agreement", NID_id_tc26_agreement, 7, &so[6473]},
-    {"id-tc26-agreement-gost-3410-2012-256", "id-tc26-agreement-gost-3410-2012-256", NID_id_tc26_agreement_gost_3410_2012_256, 8, &so[6480]},
-    {"id-tc26-agreement-gost-3410-2012-512", "id-tc26-agreement-gost-3410-2012-512", NID_id_tc26_agreement_gost_3410_2012_512, 8, &so[6488]},
-    {"id-tc26-constants", "id-tc26-constants", NID_id_tc26_constants, 6, &so[6496]},
-    {"id-tc26-sign-constants", "id-tc26-sign-constants", NID_id_tc26_sign_constants, 7, &so[6502]},
-    {"id-tc26-gost-3410-2012-512-constants", "id-tc26-gost-3410-2012-512-constants", NID_id_tc26_gost_3410_2012_512_constants, 8, &so[6509]},
-    {"id-tc26-gost-3410-2012-512-paramSetTest", "GOST R 34.10-2012 (512 bit) testing parameter set", NID_id_tc26_gost_3410_2012_512_paramSetTest, 9, &so[6517]},
-    {"id-tc26-gost-3410-2012-512-paramSetA", "GOST R 34.10-2012 (512 bit) ParamSet A", NID_id_tc26_gost_3410_2012_512_paramSetA, 9, &so[6526]},
-    {"id-tc26-gost-3410-2012-512-paramSetB", "GOST R 34.10-2012 (512 bit) ParamSet B", NID_id_tc26_gost_3410_2012_512_paramSetB, 9, &so[6535]},
-    {"id-tc26-digest-constants", "id-tc26-digest-constants", NID_id_tc26_digest_constants, 7, &so[6544]},
-    {"id-tc26-cipher-constants", "id-tc26-cipher-constants", NID_id_tc26_cipher_constants, 7, &so[6551]},
-    {"id-tc26-gost-28147-constants", "id-tc26-gost-28147-constants", NID_id_tc26_gost_28147_constants, 8, &so[6558]},
-    {"id-tc26-gost-28147-param-Z", "GOST 28147-89 TC26 parameter set", NID_id_tc26_gost_28147_param_Z, 9, &so[6566]},
-    {"INN", "INN", NID_INN, 8, &so[6575]},
-    {"OGRN", "OGRN", NID_OGRN, 5, &so[6583]},
-    {"SNILS", "SNILS", NID_SNILS, 5, &so[6588]},
-    {"subjectSignTool", "Signing Tool of Subject", NID_subjectSignTool, 5, &so[6593]},
-    {"issuerSignTool", "Signing Tool of Issuer", NID_issuerSignTool, 5, &so[6598]},
+    {"id-tc26-algorithms", "id-tc26-algorithms", NID_id_tc26_algorithms, 6, &so[6384]},
+    {"id-tc26-sign", "id-tc26-sign", NID_id_tc26_sign, 7, &so[6390]},
+    {"gost2012_256", "GOST R 34.10-2012 with 256 bit modulus", NID_id_GostR3410_2012_256, 8, &so[6397]},
+    {"gost2012_512", "GOST R 34.10-2012 with 512 bit modulus", NID_id_GostR3410_2012_512, 8, &so[6405]},
+    {"id-tc26-digest", "id-tc26-digest", NID_id_tc26_digest, 7, &so[6413]},
+    {"md_gost12_256", "GOST R 34.11-2012 with 256 bit hash", NID_id_GostR3411_2012_256, 8, &so[6420]},
+    {"md_gost12_512", "GOST R 34.11-2012 with 512 bit hash", NID_id_GostR3411_2012_512, 8, &so[6428]},
+    {"id-tc26-signwithdigest", "id-tc26-signwithdigest", NID_id_tc26_signwithdigest, 7, &so[6436]},
+    {"id-tc26-signwithdigest-gost3410-2012-256", "GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)", NID_id_tc26_signwithdigest_gost3410_2012_256, 8, &so[6443]},
+    {"id-tc26-signwithdigest-gost3410-2012-512", "GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)", NID_id_tc26_signwithdigest_gost3410_2012_512, 8, &so[6451]},
+    {"id-tc26-mac", "id-tc26-mac", NID_id_tc26_mac, 7, &so[6459]},
+    {"id-tc26-hmac-gost-3411-2012-256", "HMAC GOST 34.11-2012 256 bit", NID_id_tc26_hmac_gost_3411_2012_256, 8, &so[6466]},
+    {"id-tc26-hmac-gost-3411-2012-512", "HMAC GOST 34.11-2012 512 bit", NID_id_tc26_hmac_gost_3411_2012_512, 8, &so[6474]},
+    {"id-tc26-cipher", "id-tc26-cipher", NID_id_tc26_cipher, 7, &so[6482]},
+    {"id-tc26-agreement", "id-tc26-agreement", NID_id_tc26_agreement, 7, &so[6489]},
+    {"id-tc26-agreement-gost-3410-2012-256", "id-tc26-agreement-gost-3410-2012-256", NID_id_tc26_agreement_gost_3410_2012_256, 8, &so[6496]},
+    {"id-tc26-agreement-gost-3410-2012-512", "id-tc26-agreement-gost-3410-2012-512", NID_id_tc26_agreement_gost_3410_2012_512, 8, &so[6504]},
+    {"id-tc26-constants", "id-tc26-constants", NID_id_tc26_constants, 6, &so[6512]},
+    {"id-tc26-sign-constants", "id-tc26-sign-constants", NID_id_tc26_sign_constants, 7, &so[6518]},
+    {"id-tc26-gost-3410-2012-512-constants", "id-tc26-gost-3410-2012-512-constants", NID_id_tc26_gost_3410_2012_512_constants, 8, &so[6525]},
+    {"id-tc26-gost-3410-2012-512-paramSetTest", "GOST R 34.10-2012 (512 bit) testing parameter set", NID_id_tc26_gost_3410_2012_512_paramSetTest, 9, &so[6533]},
+    {"id-tc26-gost-3410-2012-512-paramSetA", "GOST R 34.10-2012 (512 bit) ParamSet A", NID_id_tc26_gost_3410_2012_512_paramSetA, 9, &so[6542]},
+    {"id-tc26-gost-3410-2012-512-paramSetB", "GOST R 34.10-2012 (512 bit) ParamSet B", NID_id_tc26_gost_3410_2012_512_paramSetB, 9, &so[6551]},
+    {"id-tc26-digest-constants", "id-tc26-digest-constants", NID_id_tc26_digest_constants, 7, &so[6560]},
+    {"id-tc26-cipher-constants", "id-tc26-cipher-constants", NID_id_tc26_cipher_constants, 7, &so[6567]},
+    {"id-tc26-gost-28147-constants", "id-tc26-gost-28147-constants", NID_id_tc26_gost_28147_constants, 8, &so[6574]},
+    {"id-tc26-gost-28147-param-Z", "GOST 28147-89 TC26 parameter set", NID_id_tc26_gost_28147_param_Z, 9, &so[6582]},
+    {"INN", "INN", NID_INN, 8, &so[6591]},
+    {"OGRN", "OGRN", NID_OGRN, 5, &so[6599]},
+    {"SNILS", "SNILS", NID_SNILS, 5, &so[6604]},
+    {"subjectSignTool", "Signing Tool of Subject", NID_subjectSignTool, 5, &so[6609]},
+    {"issuerSignTool", "Signing Tool of Issuer", NID_issuerSignTool, 5, &so[6614]},
     {"gost89-cbc", "gost89-cbc", NID_gost89_cbc},
     {"gost89-ecb", "gost89-ecb", NID_gost89_ecb},
     {"gost89-ctr", "gost89-ctr", NID_gost89_ctr},
@@ -1985,22 +2100,22 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = {
     {"grasshopper-mac", "grasshopper-mac", NID_grasshopper_mac},
     {"ChaCha20-Poly1305", "chacha20-poly1305", NID_chacha20_poly1305},
     {"ChaCha20", "chacha20", NID_chacha20},
-    {"tlsfeature", "TLS Feature", NID_tlsfeature, 8, &so[6603]},
+    {"tlsfeature", "TLS Feature", NID_tlsfeature, 8, &so[6619]},
     {"TLS1-PRF", "tls1-prf", NID_tls1_prf},
-    {"ipsecIKE", "ipsec Internet Key Exchange", NID_ipsec_IKE, 8, &so[6611]},
-    {"capwapAC", "Ctrl/provision WAP Access", NID_capwapAC, 8, &so[6619]},
-    {"capwapWTP", "Ctrl/Provision WAP Termination", NID_capwapWTP, 8, &so[6627]},
-    {"secureShellClient", "SSH Client", NID_sshClient, 8, &so[6635]},
-    {"secureShellServer", "SSH Server", NID_sshServer, 8, &so[6643]},
-    {"sendRouter", "Send Router", NID_sendRouter, 8, &so[6651]},
-    {"sendProxiedRouter", "Send Proxied Router", NID_sendProxiedRouter, 8, &so[6659]},
-    {"sendOwner", "Send Owner", NID_sendOwner, 8, &so[6667]},
-    {"sendProxiedOwner", "Send Proxied Owner", NID_sendProxiedOwner, 8, &so[6675]},
-    {"id-pkinit", "id-pkinit", NID_id_pkinit, 6, &so[6683]},
-    {"pkInitClientAuth", "PKINIT Client Auth", NID_pkInitClientAuth, 7, &so[6689]},
-    {"pkInitKDC", "Signing KDC Response", NID_pkInitKDC, 7, &so[6696]},
-    {"X25519", "X25519", NID_X25519, 3, &so[6703]},
-    {"X448", "X448", NID_X448, 3, &so[6706]},
+    {"ipsecIKE", "ipsec Internet Key Exchange", NID_ipsec_IKE, 8, &so[6627]},
+    {"capwapAC", "Ctrl/provision WAP Access", NID_capwapAC, 8, &so[6635]},
+    {"capwapWTP", "Ctrl/Provision WAP Termination", NID_capwapWTP, 8, &so[6643]},
+    {"secureShellClient", "SSH Client", NID_sshClient, 8, &so[6651]},
+    {"secureShellServer", "SSH Server", NID_sshServer, 8, &so[6659]},
+    {"sendRouter", "Send Router", NID_sendRouter, 8, &so[6667]},
+    {"sendProxiedRouter", "Send Proxied Router", NID_sendProxiedRouter, 8, &so[6675]},
+    {"sendOwner", "Send Owner", NID_sendOwner, 8, &so[6683]},
+    {"sendProxiedOwner", "Send Proxied Owner", NID_sendProxiedOwner, 8, &so[6691]},
+    {"id-pkinit", "id-pkinit", NID_id_pkinit, 6, &so[6699]},
+    {"pkInitClientAuth", "PKINIT Client Auth", NID_pkInitClientAuth, 7, &so[6705]},
+    {"pkInitKDC", "Signing KDC Response", NID_pkInitKDC, 7, &so[6712]},
+    {"X25519", "X25519", NID_X25519, 3, &so[6719]},
+    {"X448", "X448", NID_X448, 3, &so[6722]},
     {"HKDF", "hkdf", NID_hkdf},
     {"KxRSA", "kx-rsa", NID_kx_rsa},
     {"KxECDHE", "kx-ecdhe", NID_kx_ecdhe},
@@ -2021,14 +2136,148 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = {
     {"AuthNULL", "auth-null", NID_auth_null},
     { NULL, NULL, NID_undef },
     { NULL, NULL, NID_undef },
-    {"BLAKE2b512", "blake2b512", NID_blake2b512, 11, &so[6709]},
-    {"BLAKE2s256", "blake2s256", NID_blake2s256, 11, &so[6720]},
-    {"id-smime-ct-contentCollection", "id-smime-ct-contentCollection", NID_id_smime_ct_contentCollection, 11, &so[6731]},
-    {"id-smime-ct-authEnvelopedData", "id-smime-ct-authEnvelopedData", NID_id_smime_ct_authEnvelopedData, 11, &so[6742]},
-    {"id-ct-xml", "id-ct-xml", NID_id_ct_xml, 11, &so[6753]},
+    {"BLAKE2b512", "blake2b512", NID_blake2b512, 11, &so[6725]},
+    {"BLAKE2s256", "blake2s256", NID_blake2s256, 11, &so[6736]},
+    {"id-smime-ct-contentCollection", "id-smime-ct-contentCollection", NID_id_smime_ct_contentCollection, 11, &so[6747]},
+    {"id-smime-ct-authEnvelopedData", "id-smime-ct-authEnvelopedData", NID_id_smime_ct_authEnvelopedData, 11, &so[6758]},
+    {"id-ct-xml", "id-ct-xml", NID_id_ct_xml, 11, &so[6769]},
+    {"Poly1305", "poly1305", NID_poly1305},
+    {"SipHash", "siphash", NID_siphash},
+    {"KxANY", "kx-any", NID_kx_any},
+    {"AuthANY", "auth-any", NID_auth_any},
+    {"ARIA-128-ECB", "aria-128-ecb", NID_aria_128_ecb, 9, &so[6780]},
+    {"ARIA-128-CBC", "aria-128-cbc", NID_aria_128_cbc, 9, &so[6789]},
+    {"ARIA-128-CFB", "aria-128-cfb", NID_aria_128_cfb128, 9, &so[6798]},
+    {"ARIA-128-OFB", "aria-128-ofb", NID_aria_128_ofb128, 9, &so[6807]},
+    {"ARIA-128-CTR", "aria-128-ctr", NID_aria_128_ctr, 9, &so[6816]},
+    {"ARIA-192-ECB", "aria-192-ecb", NID_aria_192_ecb, 9, &so[6825]},
+    {"ARIA-192-CBC", "aria-192-cbc", NID_aria_192_cbc, 9, &so[6834]},
+    {"ARIA-192-CFB", "aria-192-cfb", NID_aria_192_cfb128, 9, &so[6843]},
+    {"ARIA-192-OFB", "aria-192-ofb", NID_aria_192_ofb128, 9, &so[6852]},
+    {"ARIA-192-CTR", "aria-192-ctr", NID_aria_192_ctr, 9, &so[6861]},
+    {"ARIA-256-ECB", "aria-256-ecb", NID_aria_256_ecb, 9, &so[6870]},
+    {"ARIA-256-CBC", "aria-256-cbc", NID_aria_256_cbc, 9, &so[6879]},
+    {"ARIA-256-CFB", "aria-256-cfb", NID_aria_256_cfb128, 9, &so[6888]},
+    {"ARIA-256-OFB", "aria-256-ofb", NID_aria_256_ofb128, 9, &so[6897]},
+    {"ARIA-256-CTR", "aria-256-ctr", NID_aria_256_ctr, 9, &so[6906]},
+    {"ARIA-128-CFB1", "aria-128-cfb1", NID_aria_128_cfb1},
+    {"ARIA-192-CFB1", "aria-192-cfb1", NID_aria_192_cfb1},
+    {"ARIA-256-CFB1", "aria-256-cfb1", NID_aria_256_cfb1},
+    {"ARIA-128-CFB8", "aria-128-cfb8", NID_aria_128_cfb8},
+    {"ARIA-192-CFB8", "aria-192-cfb8", NID_aria_192_cfb8},
+    {"ARIA-256-CFB8", "aria-256-cfb8", NID_aria_256_cfb8},
+    {"id-smime-aa-signingCertificateV2", "id-smime-aa-signingCertificateV2", NID_id_smime_aa_signingCertificateV2, 11, &so[6915]},
+    {"ED25519", "ED25519", NID_ED25519, 3, &so[6926]},
+    {"ED448", "ED448", NID_ED448, 3, &so[6929]},
+    {"organizationIdentifier", "organizationIdentifier", NID_organizationIdentifier, 3, &so[6932]},
+    {"c3", "countryCode3c", NID_countryCode3c, 3, &so[6935]},
+    {"n3", "countryCode3n", NID_countryCode3n, 3, &so[6938]},
+    {"dnsName", "dnsName", NID_dnsName, 3, &so[6941]},
+    {"x509ExtAdmission", "Professional Information or basis for Admission", NID_x509ExtAdmission, 5, &so[6944]},
+    {"SHA512-224", "sha512-224", NID_sha512_224, 9, &so[6949]},
+    {"SHA512-256", "sha512-256", NID_sha512_256, 9, &so[6958]},
+    {"SHA3-224", "sha3-224", NID_sha3_224, 9, &so[6967]},
+    {"SHA3-256", "sha3-256", NID_sha3_256, 9, &so[6976]},
+    {"SHA3-384", "sha3-384", NID_sha3_384, 9, &so[6985]},
+    {"SHA3-512", "sha3-512", NID_sha3_512, 9, &so[6994]},
+    {"SHAKE128", "shake128", NID_shake128, 9, &so[7003]},
+    {"SHAKE256", "shake256", NID_shake256, 9, &so[7012]},
+    {"id-hmacWithSHA3-224", "hmac-sha3-224", NID_hmac_sha3_224, 9, &so[7021]},
+    {"id-hmacWithSHA3-256", "hmac-sha3-256", NID_hmac_sha3_256, 9, &so[7030]},
+    {"id-hmacWithSHA3-384", "hmac-sha3-384", NID_hmac_sha3_384, 9, &so[7039]},
+    {"id-hmacWithSHA3-512", "hmac-sha3-512", NID_hmac_sha3_512, 9, &so[7048]},
+    {"id-dsa-with-sha384", "dsa_with_SHA384", NID_dsa_with_SHA384, 9, &so[7057]},
+    {"id-dsa-with-sha512", "dsa_with_SHA512", NID_dsa_with_SHA512, 9, &so[7066]},
+    {"id-dsa-with-sha3-224", "dsa_with_SHA3-224", NID_dsa_with_SHA3_224, 9, &so[7075]},
+    {"id-dsa-with-sha3-256", "dsa_with_SHA3-256", NID_dsa_with_SHA3_256, 9, &so[7084]},
+    {"id-dsa-with-sha3-384", "dsa_with_SHA3-384", NID_dsa_with_SHA3_384, 9, &so[7093]},
+    {"id-dsa-with-sha3-512", "dsa_with_SHA3-512", NID_dsa_with_SHA3_512, 9, &so[7102]},
+    {"id-ecdsa-with-sha3-224", "ecdsa_with_SHA3-224", NID_ecdsa_with_SHA3_224, 9, &so[7111]},
+    {"id-ecdsa-with-sha3-256", "ecdsa_with_SHA3-256", NID_ecdsa_with_SHA3_256, 9, &so[7120]},
+    {"id-ecdsa-with-sha3-384", "ecdsa_with_SHA3-384", NID_ecdsa_with_SHA3_384, 9, &so[7129]},
+    {"id-ecdsa-with-sha3-512", "ecdsa_with_SHA3-512", NID_ecdsa_with_SHA3_512, 9, &so[7138]},
+    {"id-rsassa-pkcs1-v1_5-with-sha3-224", "RSA-SHA3-224", NID_RSA_SHA3_224, 9, &so[7147]},
+    {"id-rsassa-pkcs1-v1_5-with-sha3-256", "RSA-SHA3-256", NID_RSA_SHA3_256, 9, &so[7156]},
+    {"id-rsassa-pkcs1-v1_5-with-sha3-384", "RSA-SHA3-384", NID_RSA_SHA3_384, 9, &so[7165]},
+    {"id-rsassa-pkcs1-v1_5-with-sha3-512", "RSA-SHA3-512", NID_RSA_SHA3_512, 9, &so[7174]},
+    {"ARIA-128-CCM", "aria-128-ccm", NID_aria_128_ccm, 9, &so[7183]},
+    {"ARIA-192-CCM", "aria-192-ccm", NID_aria_192_ccm, 9, &so[7192]},
+    {"ARIA-256-CCM", "aria-256-ccm", NID_aria_256_ccm, 9, &so[7201]},
+    {"ARIA-128-GCM", "aria-128-gcm", NID_aria_128_gcm, 9, &so[7210]},
+    {"ARIA-192-GCM", "aria-192-gcm", NID_aria_192_gcm, 9, &so[7219]},
+    {"ARIA-256-GCM", "aria-256-gcm", NID_aria_256_gcm, 9, &so[7228]},
+    {"ffdhe2048", "ffdhe2048", NID_ffdhe2048},
+    {"ffdhe3072", "ffdhe3072", NID_ffdhe3072},
+    {"ffdhe4096", "ffdhe4096", NID_ffdhe4096},
+    {"ffdhe6144", "ffdhe6144", NID_ffdhe6144},
+    {"ffdhe8192", "ffdhe8192", NID_ffdhe8192},
+    {"cmcCA", "CMC Certificate Authority", NID_cmcCA, 8, &so[7237]},
+    {"cmcRA", "CMC Registration Authority", NID_cmcRA, 8, &so[7245]},
+    {"SM4-ECB", "sm4-ecb", NID_sm4_ecb, 8, &so[7253]},
+    {"SM4-CBC", "sm4-cbc", NID_sm4_cbc, 8, &so[7261]},
+    {"SM4-OFB", "sm4-ofb", NID_sm4_ofb128, 8, &so[7269]},
+    {"SM4-CFB1", "sm4-cfb1", NID_sm4_cfb1, 8, &so[7277]},
+    {"SM4-CFB", "sm4-cfb", NID_sm4_cfb128, 8, &so[7285]},
+    {"SM4-CFB8", "sm4-cfb8", NID_sm4_cfb8, 8, &so[7293]},
+    {"SM4-CTR", "sm4-ctr", NID_sm4_ctr, 8, &so[7301]},
+    {"ISO-CN", "ISO CN Member Body", NID_ISO_CN, 3, &so[7309]},
+    {"oscca", "oscca", NID_oscca, 5, &so[7312]},
+    {"sm-scheme", "sm-scheme", NID_sm_scheme, 6, &so[7317]},
+    {"SM3", "sm3", NID_sm3, 8, &so[7323]},
+    {"RSA-SM3", "sm3WithRSAEncryption", NID_sm3WithRSAEncryption, 8, &so[7331]},
+    {"RSA-SHA512/224", "sha512-224WithRSAEncryption", NID_sha512_224WithRSAEncryption, 9, &so[7339]},
+    {"RSA-SHA512/256", "sha512-256WithRSAEncryption", NID_sha512_256WithRSAEncryption, 9, &so[7348]},
+    {"id-tc26-gost-3410-2012-256-constants", "id-tc26-gost-3410-2012-256-constants", NID_id_tc26_gost_3410_2012_256_constants, 8, &so[7357]},
+    {"id-tc26-gost-3410-2012-256-paramSetA", "GOST R 34.10-2012 (256 bit) ParamSet A", NID_id_tc26_gost_3410_2012_256_paramSetA, 9, &so[7365]},
+    {"id-tc26-gost-3410-2012-512-paramSetC", "GOST R 34.10-2012 (512 bit) ParamSet C", NID_id_tc26_gost_3410_2012_512_paramSetC, 9, &so[7374]},
+    {"ISO-UA", "ISO-UA", NID_ISO_UA, 3, &so[7383]},
+    {"ua-pki", "ua-pki", NID_ua_pki, 7, &so[7386]},
+    {"dstu28147", "DSTU Gost 28147-2009", NID_dstu28147, 10, &so[7393]},
+    {"dstu28147-ofb", "DSTU Gost 28147-2009 OFB mode", NID_dstu28147_ofb, 11, &so[7403]},
+    {"dstu28147-cfb", "DSTU Gost 28147-2009 CFB mode", NID_dstu28147_cfb, 11, &so[7414]},
+    {"dstu28147-wrap", "DSTU Gost 28147-2009 key wrap", NID_dstu28147_wrap, 11, &so[7425]},
+    {"hmacWithDstu34311", "HMAC DSTU Gost 34311-95", NID_hmacWithDstu34311, 10, &so[7436]},
+    {"dstu34311", "DSTU Gost 34311-95", NID_dstu34311, 10, &so[7446]},
+    {"dstu4145le", "DSTU 4145-2002 little endian", NID_dstu4145le, 11, &so[7456]},
+    {"dstu4145be", "DSTU 4145-2002 big endian", NID_dstu4145be, 13, &so[7467]},
+    {"uacurve0", "DSTU curve 0", NID_uacurve0, 13, &so[7480]},
+    {"uacurve1", "DSTU curve 1", NID_uacurve1, 13, &so[7493]},
+    {"uacurve2", "DSTU curve 2", NID_uacurve2, 13, &so[7506]},
+    {"uacurve3", "DSTU curve 3", NID_uacurve3, 13, &so[7519]},
+    {"uacurve4", "DSTU curve 4", NID_uacurve4, 13, &so[7532]},
+    {"uacurve5", "DSTU curve 5", NID_uacurve5, 13, &so[7545]},
+    {"uacurve6", "DSTU curve 6", NID_uacurve6, 13, &so[7558]},
+    {"uacurve7", "DSTU curve 7", NID_uacurve7, 13, &so[7571]},
+    {"uacurve8", "DSTU curve 8", NID_uacurve8, 13, &so[7584]},
+    {"uacurve9", "DSTU curve 9", NID_uacurve9, 13, &so[7597]},
+    {"ieee", "ieee", NID_ieee, 2, &so[7610]},
+    {"ieee-siswg", "IEEE Security in Storage Working Group", NID_ieee_siswg, 5, &so[7612]},
+    {"SM2", "sm2", NID_sm2, 8, &so[7617]},
+    {"id-tc26-cipher-gostr3412-2015-magma", "id-tc26-cipher-gostr3412-2015-magma", NID_id_tc26_cipher_gostr3412_2015_magma, 8, &so[7625]},
+    {"id-tc26-cipher-gostr3412-2015-magma-ctracpkm", "id-tc26-cipher-gostr3412-2015-magma-ctracpkm", NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm, 9, &so[7633]},
+    {"id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac", "id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac", NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac, 9, &so[7642]},
+    {"id-tc26-cipher-gostr3412-2015-kuznyechik", "id-tc26-cipher-gostr3412-2015-kuznyechik", NID_id_tc26_cipher_gostr3412_2015_kuznyechik, 8, &so[7651]},
+    {"id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm", "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm", NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm, 9, &so[7659]},
+    {"id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac", "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac", NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac, 9, &so[7668]},
+    {"id-tc26-wrap", "id-tc26-wrap", NID_id_tc26_wrap, 7, &so[7677]},
+    {"id-tc26-wrap-gostr3412-2015-magma", "id-tc26-wrap-gostr3412-2015-magma", NID_id_tc26_wrap_gostr3412_2015_magma, 8, &so[7684]},
+    {"id-tc26-wrap-gostr3412-2015-magma-kexp15", "id-tc26-wrap-gostr3412-2015-magma-kexp15", NID_id_tc26_wrap_gostr3412_2015_magma_kexp15, 9, &so[7692]},
+    {"id-tc26-wrap-gostr3412-2015-kuznyechik", "id-tc26-wrap-gostr3412-2015-kuznyechik", NID_id_tc26_wrap_gostr3412_2015_kuznyechik, 8, &so[7701]},
+    {"id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15", "id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15", NID_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15, 9, &so[7709]},
+    {"id-tc26-gost-3410-2012-256-paramSetB", "GOST R 34.10-2012 (256 bit) ParamSet B", NID_id_tc26_gost_3410_2012_256_paramSetB, 9, &so[7718]},
+    {"id-tc26-gost-3410-2012-256-paramSetC", "GOST R 34.10-2012 (256 bit) ParamSet C", NID_id_tc26_gost_3410_2012_256_paramSetC, 9, &so[7727]},
+    {"id-tc26-gost-3410-2012-256-paramSetD", "GOST R 34.10-2012 (256 bit) ParamSet D", NID_id_tc26_gost_3410_2012_256_paramSetD, 9, &so[7736]},
+    {"magma-ecb", "magma-ecb", NID_magma_ecb},
+    {"magma-ctr", "magma-ctr", NID_magma_ctr},
+    {"magma-ofb", "magma-ofb", NID_magma_ofb},
+    {"magma-cbc", "magma-cbc", NID_magma_cbc},
+    {"magma-cfb", "magma-cfb", NID_magma_cfb},
+    {"magma-mac", "magma-mac", NID_magma_mac},
+    {"hmacWithSHA512-224", "hmacWithSHA512-224", NID_hmacWithSHA512_224, 8, &so[7745]},
+    {"hmacWithSHA512-256", "hmacWithSHA512-256", NID_hmacWithSHA512_256, 8, &so[7753]},
 };
 
-#define NUM_SN 1052
+#define NUM_SN 1186
 static const unsigned int sn_objs[NUM_SN] = {
      364,    /* "AD_DVCS" */
      419,    /* "AES-128-CBC" */
@@ -2063,6 +2312,34 @@ static const unsigned int sn_objs[NUM_SN] = {
      960,    /* "AES-256-OCB" */
      428,    /* "AES-256-OFB" */
      914,    /* "AES-256-XTS" */
+    1066,    /* "ARIA-128-CBC" */
+    1120,    /* "ARIA-128-CCM" */
+    1067,    /* "ARIA-128-CFB" */
+    1080,    /* "ARIA-128-CFB1" */
+    1083,    /* "ARIA-128-CFB8" */
+    1069,    /* "ARIA-128-CTR" */
+    1065,    /* "ARIA-128-ECB" */
+    1123,    /* "ARIA-128-GCM" */
+    1068,    /* "ARIA-128-OFB" */
+    1071,    /* "ARIA-192-CBC" */
+    1121,    /* "ARIA-192-CCM" */
+    1072,    /* "ARIA-192-CFB" */
+    1081,    /* "ARIA-192-CFB1" */
+    1084,    /* "ARIA-192-CFB8" */
+    1074,    /* "ARIA-192-CTR" */
+    1070,    /* "ARIA-192-ECB" */
+    1124,    /* "ARIA-192-GCM" */
+    1073,    /* "ARIA-192-OFB" */
+    1076,    /* "ARIA-256-CBC" */
+    1122,    /* "ARIA-256-CCM" */
+    1077,    /* "ARIA-256-CFB" */
+    1082,    /* "ARIA-256-CFB1" */
+    1085,    /* "ARIA-256-CFB8" */
+    1079,    /* "ARIA-256-CTR" */
+    1075,    /* "ARIA-256-ECB" */
+    1125,    /* "ARIA-256-GCM" */
+    1078,    /* "ARIA-256-OFB" */
+    1064,    /* "AuthANY" */
     1049,    /* "AuthDSS" */
     1047,    /* "AuthECDSA" */
     1050,    /* "AuthGOST01" */
@@ -2145,6 +2422,8 @@ static const unsigned int sn_objs[NUM_SN] = {
       70,    /* "DSA-SHA1-old" */
       67,    /* "DSA-old" */
      297,    /* "DVCS" */
+    1087,    /* "ED25519" */
+    1088,    /* "ED448" */
       99,    /* "GN" */
     1036,    /* "HKDF" */
      855,    /* "HMAC" */
@@ -2157,10 +2436,13 @@ static const unsigned int sn_objs[NUM_SN] = {
       46,    /* "IDEA-OFB" */
     1004,    /* "INN" */
      181,    /* "ISO" */
+    1140,    /* "ISO-CN" */
+    1150,    /* "ISO-UA" */
      183,    /* "ISO-US" */
      645,    /* "ITU-T" */
      646,    /* "JOINT-ISO-ITU-T" */
      773,    /* "KISA" */
+    1063,    /* "KxANY" */
     1039,    /* "KxDHE" */
     1041,    /* "KxDHE-PSK" */
     1038,    /* "KxECDHE" */
@@ -2208,6 +2490,7 @@ static const unsigned int sn_objs[NUM_SN] = {
      162,    /* "PBMAC1" */
      127,    /* "PKIX" */
      935,    /* "PSPECIFIED" */
+    1061,    /* "Poly1305" */
       98,    /* "RC2-40-CBC" */
      166,    /* "RC2-64-CBC" */
       37,    /* "RC2-CBC" */
@@ -2236,6 +2519,9 @@ static const unsigned int sn_objs[NUM_SN] = {
      668,    /* "RSA-SHA256" */
      669,    /* "RSA-SHA384" */
      670,    /* "RSA-SHA512" */
+    1145,    /* "RSA-SHA512/224" */
+    1146,    /* "RSA-SHA512/256" */
+    1144,    /* "RSA-SM3" */
      919,    /* "RSAES-OAEP" */
      912,    /* "RSASSA-PSS" */
      777,    /* "SEED-CBC" */
@@ -2246,14 +2532,32 @@ static const unsigned int sn_objs[NUM_SN] = {
       64,    /* "SHA1" */
      675,    /* "SHA224" */
      672,    /* "SHA256" */
+    1096,    /* "SHA3-224" */
+    1097,    /* "SHA3-256" */
+    1098,    /* "SHA3-384" */
+    1099,    /* "SHA3-512" */
      673,    /* "SHA384" */
      674,    /* "SHA512" */
+    1094,    /* "SHA512-224" */
+    1095,    /* "SHA512-256" */
+    1100,    /* "SHAKE128" */
+    1101,    /* "SHAKE256" */
+    1172,    /* "SM2" */
+    1143,    /* "SM3" */
+    1134,    /* "SM4-CBC" */
+    1137,    /* "SM4-CFB" */
+    1136,    /* "SM4-CFB1" */
+    1138,    /* "SM4-CFB8" */
+    1139,    /* "SM4-CTR" */
+    1133,    /* "SM4-ECB" */
+    1135,    /* "SM4-OFB" */
      188,    /* "SMIME" */
      167,    /* "SMIME-CAPS" */
      100,    /* "SN" */
     1006,    /* "SNILS" */
       16,    /* "ST" */
      143,    /* "SXNetID" */
+    1062,    /* "SipHash" */
     1021,    /* "TLS1-PRF" */
      458,    /* "UID" */
        0,    /* "UNDEF" */
@@ -2323,6 +2627,7 @@ static const unsigned int sn_objs[NUM_SN] = {
      696,    /* "c2tnb239v3" */
      701,    /* "c2tnb359v1" */
      703,    /* "c2tnb431r1" */
+    1090,    /* "c3" */
      881,    /* "cACertificate" */
      483,    /* "cNAMERecord" */
      179,    /* "caIssuers" */
@@ -2339,6 +2644,8 @@ static const unsigned int sn_objs[NUM_SN] = {
      407,    /* "characteristic-two-field" */
      395,    /* "clearance" */
      130,    /* "clientAuth" */
+    1131,    /* "cmcCA" */
+    1132,    /* "cmcRA" */
      131,    /* "codeSigning" */
       50,    /* "contentType" */
       53,    /* "countersignature" */
@@ -2379,6 +2686,7 @@ static const unsigned int sn_objs[NUM_SN] = {
      887,    /* "distinguishedName" */
      892,    /* "dmdName" */
      174,    /* "dnQualifier" */
+    1092,    /* "dnsName" */
      447,    /* "document" */
      471,    /* "documentAuthor" */
      468,    /* "documentIdentifier" */
@@ -2391,6 +2699,13 @@ static const unsigned int sn_objs[NUM_SN] = {
      452,    /* "domainRelatedObject" */
      802,    /* "dsa_with_SHA224" */
      803,    /* "dsa_with_SHA256" */
+    1152,    /* "dstu28147" */
+    1154,    /* "dstu28147-cfb" */
+    1153,    /* "dstu28147-ofb" */
+    1155,    /* "dstu28147-wrap" */
+    1157,    /* "dstu34311" */
+    1159,    /* "dstu4145be" */
+    1158,    /* "dstu4145le" */
      791,    /* "ecdsa-with-Recommended" */
      416,    /* "ecdsa-with-SHA1" */
      793,    /* "ecdsa-with-SHA224" */
@@ -2409,6 +2724,11 @@ static const unsigned int sn_objs[NUM_SN] = {
      372,    /* "extendedStatus" */
      867,    /* "facsimileTelephoneNumber" */
      462,    /* "favouriteDrink" */
+    1126,    /* "ffdhe2048" */
+    1127,    /* "ffdhe3072" */
+    1128,    /* "ffdhe4096" */
+    1129,    /* "ffdhe6144" */
+    1130,    /* "ffdhe8192" */
      857,    /* "freshestCRL" */
      453,    /* "friendlyCountry" */
      490,    /* "friendlyCountryName" */
@@ -2434,12 +2754,15 @@ static const unsigned int sn_objs[NUM_SN] = {
     1012,    /* "grasshopper-ecb" */
     1017,    /* "grasshopper-mac" */
     1014,    /* "grasshopper-ofb" */
+    1156,    /* "hmacWithDstu34311" */
      797,    /* "hmacWithMD5" */
      163,    /* "hmacWithSHA1" */
      798,    /* "hmacWithSHA224" */
      799,    /* "hmacWithSHA256" */
      800,    /* "hmacWithSHA384" */
      801,    /* "hmacWithSHA512" */
+    1193,    /* "hmacWithSHA512-224" */
+    1194,    /* "hmacWithSHA512-256" */
      432,    /* "holdInstructionCallIssuer" */
      430,    /* "holdInstructionCode" */
      431,    /* "holdInstructionNone" */
@@ -2548,9 +2871,23 @@ static const unsigned int sn_objs[NUM_SN] = {
      331,    /* "id-cmc-transactionId" */
      787,    /* "id-ct-asciiTextWithCRLF" */
     1060,    /* "id-ct-xml" */
+    1108,    /* "id-dsa-with-sha3-224" */
+    1109,    /* "id-dsa-with-sha3-256" */
+    1110,    /* "id-dsa-with-sha3-384" */
+    1111,    /* "id-dsa-with-sha3-512" */
+    1106,    /* "id-dsa-with-sha384" */
+    1107,    /* "id-dsa-with-sha512" */
      408,    /* "id-ecPublicKey" */
+    1112,    /* "id-ecdsa-with-sha3-224" */
+    1113,    /* "id-ecdsa-with-sha3-256" */
+    1114,    /* "id-ecdsa-with-sha3-384" */
+    1115,    /* "id-ecdsa-with-sha3-512" */
      508,    /* "id-hex-multipart-message" */
      507,    /* "id-hex-partial-message" */
+    1102,    /* "id-hmacWithSHA3-224" */
+    1103,    /* "id-hmacWithSHA3-256" */
+    1104,    /* "id-hmacWithSHA3-384" */
+    1105,    /* "id-hmacWithSHA3-512" */
      260,    /* "id-it" */
      302,    /* "id-it-caKeyUpdateInfo" */
      298,    /* "id-it-caProtEncCert" */
@@ -2617,6 +2954,10 @@ static const unsigned int sn_objs[NUM_SN] = {
      314,    /* "id-regInfo" */
      322,    /* "id-regInfo-certReq" */
      321,    /* "id-regInfo-utf8Pairs" */
+    1116,    /* "id-rsassa-pkcs1-v1_5-with-sha3-224" */
+    1117,    /* "id-rsassa-pkcs1-v1_5-with-sha3-256" */
+    1118,    /* "id-rsassa-pkcs1-v1_5-with-sha3-384" */
+    1119,    /* "id-rsassa-pkcs1-v1_5-with-sha3-512" */
      973,    /* "id-scrypt" */
      512,    /* "id-set" */
      191,    /* "id-smime-aa" */
@@ -2647,6 +2988,7 @@ static const unsigned int sn_objs[NUM_SN] = {
      213,    /* "id-smime-aa-securityLabel" */
      239,    /* "id-smime-aa-signatureType" */
      223,    /* "id-smime-aa-signingCertificate" */
+    1086,    /* "id-smime-aa-signingCertificateV2" */
      224,    /* "id-smime-aa-smimeEncryptCerts" */
      225,    /* "id-smime-aa-timeStampToken" */
      192,    /* "id-smime-alg" */
@@ -2697,14 +3039,26 @@ static const unsigned int sn_objs[NUM_SN] = {
      977,    /* "id-tc26-algorithms" */
      990,    /* "id-tc26-cipher" */
     1001,    /* "id-tc26-cipher-constants" */
+    1176,    /* "id-tc26-cipher-gostr3412-2015-kuznyechik" */
+    1177,    /* "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm" */
+    1178,    /* "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac" */
+    1173,    /* "id-tc26-cipher-gostr3412-2015-magma" */
+    1174,    /* "id-tc26-cipher-gostr3412-2015-magma-ctracpkm" */
+    1175,    /* "id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac" */
      994,    /* "id-tc26-constants" */
      981,    /* "id-tc26-digest" */
     1000,    /* "id-tc26-digest-constants" */
     1002,    /* "id-tc26-gost-28147-constants" */
     1003,    /* "id-tc26-gost-28147-param-Z" */
+    1147,    /* "id-tc26-gost-3410-2012-256-constants" */
+    1148,    /* "id-tc26-gost-3410-2012-256-paramSetA" */
+    1184,    /* "id-tc26-gost-3410-2012-256-paramSetB" */
+    1185,    /* "id-tc26-gost-3410-2012-256-paramSetC" */
+    1186,    /* "id-tc26-gost-3410-2012-256-paramSetD" */
      996,    /* "id-tc26-gost-3410-2012-512-constants" */
      998,    /* "id-tc26-gost-3410-2012-512-paramSetA" */
      999,    /* "id-tc26-gost-3410-2012-512-paramSetB" */
+    1149,    /* "id-tc26-gost-3410-2012-512-paramSetC" */
      997,    /* "id-tc26-gost-3410-2012-512-paramSetTest" */
      988,    /* "id-tc26-hmac-gost-3411-2012-256" */
      989,    /* "id-tc26-hmac-gost-3411-2012-512" */
@@ -2714,7 +3068,14 @@ static const unsigned int sn_objs[NUM_SN] = {
      984,    /* "id-tc26-signwithdigest" */
      985,    /* "id-tc26-signwithdigest-gost3410-2012-256" */
      986,    /* "id-tc26-signwithdigest-gost3410-2012-512" */
+    1179,    /* "id-tc26-wrap" */
+    1182,    /* "id-tc26-wrap-gostr3412-2015-kuznyechik" */
+    1183,    /* "id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15" */
+    1180,    /* "id-tc26-wrap-gostr3412-2015-magma" */
+    1181,    /* "id-tc26-wrap-gostr3412-2015-magma-kexp15" */
      676,    /* "identified-organization" */
+    1170,    /* "ieee" */
+    1171,    /* "ieee-siswg" */
      461,    /* "info" */
      748,    /* "inhibitAnyPolicy" */
      101,    /* "initials" */
@@ -2738,6 +3099,12 @@ static const unsigned int sn_objs[NUM_SN] = {
      476,    /* "lastModifiedTime" */
      157,    /* "localKeyID" */
      480,    /* "mXRecord" */
+    1190,    /* "magma-cbc" */
+    1191,    /* "magma-cfb" */
+    1188,    /* "magma-ctr" */
+    1187,    /* "magma-ecb" */
+    1192,    /* "magma-mac" */
+    1189,    /* "magma-ofb" */
      460,    /* "mail" */
      493,    /* "mailPreferenceOption" */
      467,    /* "manager" */
@@ -2760,6 +3127,7 @@ static const unsigned int sn_objs[NUM_SN] = {
      137,    /* "msSGC" */
      648,    /* "msSmartcardLogin" */
      649,    /* "msUPN" */
+    1091,    /* "n3" */
      481,    /* "nSRecord" */
      173,    /* "name" */
      666,    /* "nameConstraints" */
@@ -2778,7 +3146,9 @@ static const unsigned int sn_objs[NUM_SN] = {
      139,    /* "nsSGC" */
       77,    /* "nsSslServerName" */
      681,    /* "onBasis" */
+    1089,    /* "organizationIdentifier" */
      491,    /* "organizationalStatus" */
+    1141,    /* "oscca" */
      475,    /* "otherMailbox" */
      876,    /* "owner" */
      489,    /* "pagerTelephoneNumber" */
@@ -3033,6 +3403,7 @@ static const unsigned int sn_objs[NUM_SN] = {
       52,    /* "signingTime" */
      454,    /* "simpleSecurityObject" */
      496,    /* "singleLevelQuality" */
+    1142,    /* "sm-scheme" */
      387,    /* "snmpv2" */
      660,    /* "street" */
       85,    /* "subjectAltName" */
@@ -3055,6 +3426,17 @@ static const unsigned int sn_objs[NUM_SN] = {
     1020,    /* "tlsfeature" */
      682,    /* "tpBasis" */
      375,    /* "trustRoot" */
+    1151,    /* "ua-pki" */
+    1160,    /* "uacurve0" */
+    1161,    /* "uacurve1" */
+    1162,    /* "uacurve2" */
+    1163,    /* "uacurve3" */
+    1164,    /* "uacurve4" */
+    1165,    /* "uacurve5" */
+    1166,    /* "uacurve6" */
+    1167,    /* "uacurve7" */
+    1168,    /* "uacurve8" */
+    1169,    /* "uacurve9" */
      436,    /* "ucl" */
      102,    /* "uid" */
      888,    /* "uniqueMember" */
@@ -3082,9 +3464,10 @@ static const unsigned int sn_objs[NUM_SN] = {
      503,    /* "x500UniqueIdentifier" */
      158,    /* "x509Certificate" */
      160,    /* "x509Crl" */
+    1093,    /* "x509ExtAdmission" */
 };
 
-#define NUM_LN 1052
+#define NUM_LN 1186
 static const unsigned int ln_objs[NUM_LN] = {
      363,    /* "AD Time Stamping" */
      405,    /* "ANSI X9.62" */
@@ -3096,6 +3479,8 @@ static const unsigned int ln_objs[NUM_LN] = {
      285,    /* "Biometric Info" */
      179,    /* "CA Issuers" */
      785,    /* "CA Repository" */
+    1131,    /* "CMC Certificate Authority" */
+    1132,    /* "CMC Registration Authority" */
      954,    /* "CT Certificate SCTs" */
      952,    /* "CT Precertificate Poison" */
      951,    /* "CT Precertificate SCTs" */
@@ -3103,10 +3488,29 @@ static const unsigned int ln_objs[NUM_LN] = {
      131,    /* "Code Signing" */
     1024,    /* "Ctrl/Provision WAP Termination" */
     1023,    /* "Ctrl/provision WAP Access" */
+    1159,    /* "DSTU 4145-2002 big endian" */
+    1158,    /* "DSTU 4145-2002 little endian" */
+    1152,    /* "DSTU Gost 28147-2009" */
+    1154,    /* "DSTU Gost 28147-2009 CFB mode" */
+    1153,    /* "DSTU Gost 28147-2009 OFB mode" */
+    1155,    /* "DSTU Gost 28147-2009 key wrap" */
+    1157,    /* "DSTU Gost 34311-95" */
+    1160,    /* "DSTU curve 0" */
+    1161,    /* "DSTU curve 1" */
+    1162,    /* "DSTU curve 2" */
+    1163,    /* "DSTU curve 3" */
+    1164,    /* "DSTU curve 4" */
+    1165,    /* "DSTU curve 5" */
+    1166,    /* "DSTU curve 6" */
+    1167,    /* "DSTU curve 7" */
+    1168,    /* "DSTU curve 8" */
+    1169,    /* "DSTU curve 9" */
      783,    /* "Diffie-Hellman based MAC" */
      382,    /* "Directory" */
      392,    /* "Domain" */
      132,    /* "E-mail Protection" */
+    1087,    /* "ED25519" */
+    1088,    /* "ED448" */
      389,    /* "Enterprises" */
      384,    /* "Experimental" */
      372,    /* "Extended OCSP Status" */
@@ -3119,8 +3523,13 @@ static const unsigned int ln_objs[NUM_LN] = {
      850,    /* "GOST 34.10-94 Cryptocom" */
      811,    /* "GOST R 34.10-2001" */
      817,    /* "GOST R 34.10-2001 DH" */
+    1148,    /* "GOST R 34.10-2012 (256 bit) ParamSet A" */
+    1184,    /* "GOST R 34.10-2012 (256 bit) ParamSet B" */
+    1185,    /* "GOST R 34.10-2012 (256 bit) ParamSet C" */
+    1186,    /* "GOST R 34.10-2012 (256 bit) ParamSet D" */
      998,    /* "GOST R 34.10-2012 (512 bit) ParamSet A" */
      999,    /* "GOST R 34.10-2012 (512 bit) ParamSet B" */
+    1149,    /* "GOST R 34.10-2012 (512 bit) ParamSet C" */
      997,    /* "GOST R 34.10-2012 (512 bit) testing parameter set" */
      979,    /* "GOST R 34.10-2012 with 256 bit modulus" */
      980,    /* "GOST R 34.10-2012 with 512 bit modulus" */
@@ -3137,6 +3546,7 @@ static const unsigned int ln_objs[NUM_LN] = {
      808,    /* "GOST R 34.11-94 with GOST R 34.10-94" */
      852,    /* "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom" */
      854,    /* "GOST R 3410-2001 Parameter Set Cryptocom" */
+    1156,    /* "HMAC DSTU Gost 34311-95" */
      988,    /* "HMAC GOST 34.11-2012 256 bit" */
      989,    /* "HMAC GOST 34.11-2012 512 bit" */
      810,    /* "HMAC GOST 34.11-94" */
@@ -3145,12 +3555,15 @@ static const unsigned int ln_objs[NUM_LN] = {
      431,    /* "Hold Instruction None" */
      433,    /* "Hold Instruction Reject" */
      634,    /* "ICC or token signature" */
+    1171,    /* "IEEE Security in Storage Working Group" */
     1004,    /* "INN" */
      294,    /* "IPSec End System" */
      295,    /* "IPSec Tunnel" */
      296,    /* "IPSec User" */
+    1140,    /* "ISO CN Member Body" */
      182,    /* "ISO Member Body" */
      183,    /* "ISO US Member Body" */
+    1150,    /* "ISO-UA" */
      667,    /* "Independent" */
      665,    /* "Inherit all" */
      647,    /* "International Organizations" */
@@ -3200,9 +3613,14 @@ static const unsigned int ln_objs[NUM_LN] = {
      164,    /* "Policy Qualifier CPS" */
      165,    /* "Policy Qualifier User Notice" */
      385,    /* "Private" */
+    1093,    /* "Professional Information or basis for Admission" */
      663,    /* "Proxy Certificate Information" */
        1,    /* "RSA Data Security, Inc." */
        2,    /* "RSA Data Security, Inc. PKCS" */
+    1116,    /* "RSA-SHA3-224" */
+    1117,    /* "RSA-SHA3-256" */
+    1118,    /* "RSA-SHA3-384" */
+    1119,    /* "RSA-SHA3-512" */
      188,    /* "S/MIME" */
      167,    /* "S/MIME Capabilities" */
     1006,    /* "SNILS" */
@@ -3303,9 +3721,37 @@ static const unsigned int ln_objs[NUM_LN] = {
      428,    /* "aes-256-ofb" */
      914,    /* "aes-256-xts" */
      376,    /* "algorithm" */
+    1066,    /* "aria-128-cbc" */
+    1120,    /* "aria-128-ccm" */
+    1067,    /* "aria-128-cfb" */
+    1080,    /* "aria-128-cfb1" */
+    1083,    /* "aria-128-cfb8" */
+    1069,    /* "aria-128-ctr" */
+    1065,    /* "aria-128-ecb" */
+    1123,    /* "aria-128-gcm" */
+    1068,    /* "aria-128-ofb" */
+    1071,    /* "aria-192-cbc" */
+    1121,    /* "aria-192-ccm" */
+    1072,    /* "aria-192-cfb" */
+    1081,    /* "aria-192-cfb1" */
+    1084,    /* "aria-192-cfb8" */
+    1074,    /* "aria-192-ctr" */
+    1070,    /* "aria-192-ecb" */
+    1124,    /* "aria-192-gcm" */
+    1073,    /* "aria-192-ofb" */
+    1076,    /* "aria-256-cbc" */
+    1122,    /* "aria-256-ccm" */
+    1077,    /* "aria-256-cfb" */
+    1082,    /* "aria-256-cfb1" */
+    1085,    /* "aria-256-cfb8" */
+    1079,    /* "aria-256-ctr" */
+    1075,    /* "aria-256-ecb" */
+    1125,    /* "aria-256-gcm" */
+    1078,    /* "aria-256-ofb" */
      484,    /* "associatedDomain" */
      485,    /* "associatedName" */
      501,    /* "audio" */
+    1064,    /* "auth-any" */
     1049,    /* "auth-dss" */
     1047,    /* "auth-ecdsa" */
     1050,    /* "auth-gost01" */
@@ -3409,6 +3855,8 @@ static const unsigned int ln_objs[NUM_LN] = {
      513,    /* "content types" */
       50,    /* "contentType" */
       53,    /* "countersignature" */
+    1090,    /* "countryCode3c" */
+    1091,    /* "countryCode3n" */
       14,    /* "countryName" */
      153,    /* "crlBag" */
      884,    /* "crossCertificatePair" */
@@ -3458,6 +3906,7 @@ static const unsigned int ln_objs[NUM_LN] = {
      887,    /* "distinguishedName" */
      892,    /* "dmdName" */
      174,    /* "dnQualifier" */
+    1092,    /* "dnsName" */
      447,    /* "document" */
      471,    /* "documentAuthor" */
      468,    /* "documentIdentifier" */
@@ -3476,6 +3925,12 @@ static const unsigned int ln_objs[NUM_LN] = {
       70,    /* "dsaWithSHA1-old" */
      802,    /* "dsa_with_SHA224" */
      803,    /* "dsa_with_SHA256" */
+    1108,    /* "dsa_with_SHA3-224" */
+    1109,    /* "dsa_with_SHA3-256" */
+    1110,    /* "dsa_with_SHA3-384" */
+    1111,    /* "dsa_with_SHA3-512" */
+    1106,    /* "dsa_with_SHA384" */
+    1107,    /* "dsa_with_SHA512" */
      297,    /* "dvcs" */
      791,    /* "ecdsa-with-Recommended" */
      416,    /* "ecdsa-with-SHA1" */
@@ -3484,12 +3939,21 @@ static const unsigned int ln_objs[NUM_LN] = {
      795,    /* "ecdsa-with-SHA384" */
      796,    /* "ecdsa-with-SHA512" */
      792,    /* "ecdsa-with-Specified" */
+    1112,    /* "ecdsa_with_SHA3-224" */
+    1113,    /* "ecdsa_with_SHA3-256" */
+    1114,    /* "ecdsa_with_SHA3-384" */
+    1115,    /* "ecdsa_with_SHA3-512" */
       48,    /* "emailAddress" */
      632,    /* "encrypted track 2" */
      885,    /* "enhancedSearchGuide" */
       56,    /* "extendedCertificateAttributes" */
      867,    /* "facsimileTelephoneNumber" */
      462,    /* "favouriteDrink" */
+    1126,    /* "ffdhe2048" */
+    1127,    /* "ffdhe3072" */
+    1128,    /* "ffdhe4096" */
+    1129,    /* "ffdhe6144" */
+    1130,    /* "ffdhe8192" */
      453,    /* "friendlyCountry" */
      490,    /* "friendlyCountryName" */
      156,    /* "friendlyName" */
@@ -3513,12 +3977,18 @@ static const unsigned int ln_objs[NUM_LN] = {
      855,    /* "hmac" */
      780,    /* "hmac-md5" */
      781,    /* "hmac-sha1" */
+    1102,    /* "hmac-sha3-224" */
+    1103,    /* "hmac-sha3-256" */
+    1104,    /* "hmac-sha3-384" */
+    1105,    /* "hmac-sha3-512" */
      797,    /* "hmacWithMD5" */
      163,    /* "hmacWithSHA1" */
      798,    /* "hmacWithSHA224" */
      799,    /* "hmacWithSHA256" */
      800,    /* "hmacWithSHA384" */
      801,    /* "hmacWithSHA512" */
+    1193,    /* "hmacWithSHA512-224" */
+    1194,    /* "hmacWithSHA512-256" */
      486,    /* "homePostalAddress" */
      473,    /* "homeTelephoneNumber" */
      466,    /* "host" */
@@ -3670,7 +4140,6 @@ static const unsigned int ln_objs[NUM_LN] = {
      314,    /* "id-regInfo" */
      322,    /* "id-regInfo-certReq" */
      321,    /* "id-regInfo-utf8Pairs" */
-     973,    /* "id-scrypt" */
      191,    /* "id-smime-aa" */
      215,    /* "id-smime-aa-contentHint" */
      218,    /* "id-smime-aa-contentIdentifier" */
@@ -3699,6 +4168,7 @@ static const unsigned int ln_objs[NUM_LN] = {
      213,    /* "id-smime-aa-securityLabel" */
      239,    /* "id-smime-aa-signatureType" */
      223,    /* "id-smime-aa-signingCertificate" */
+    1086,    /* "id-smime-aa-signingCertificateV2" */
      224,    /* "id-smime-aa-smimeEncryptCerts" */
      225,    /* "id-smime-aa-timeStampToken" */
      192,    /* "id-smime-alg" */
@@ -3749,20 +4219,33 @@ static const unsigned int ln_objs[NUM_LN] = {
      977,    /* "id-tc26-algorithms" */
      990,    /* "id-tc26-cipher" */
     1001,    /* "id-tc26-cipher-constants" */
+    1176,    /* "id-tc26-cipher-gostr3412-2015-kuznyechik" */
+    1177,    /* "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm" */
+    1178,    /* "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac" */
+    1173,    /* "id-tc26-cipher-gostr3412-2015-magma" */
+    1174,    /* "id-tc26-cipher-gostr3412-2015-magma-ctracpkm" */
+    1175,    /* "id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac" */
      994,    /* "id-tc26-constants" */
      981,    /* "id-tc26-digest" */
     1000,    /* "id-tc26-digest-constants" */
     1002,    /* "id-tc26-gost-28147-constants" */
+    1147,    /* "id-tc26-gost-3410-2012-256-constants" */
      996,    /* "id-tc26-gost-3410-2012-512-constants" */
      987,    /* "id-tc26-mac" */
      978,    /* "id-tc26-sign" */
      995,    /* "id-tc26-sign-constants" */
      984,    /* "id-tc26-signwithdigest" */
+    1179,    /* "id-tc26-wrap" */
+    1182,    /* "id-tc26-wrap-gostr3412-2015-kuznyechik" */
+    1183,    /* "id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15" */
+    1180,    /* "id-tc26-wrap-gostr3412-2015-magma" */
+    1181,    /* "id-tc26-wrap-gostr3412-2015-magma-kexp15" */
       34,    /* "idea-cbc" */
       35,    /* "idea-cfb" */
       36,    /* "idea-ecb" */
       46,    /* "idea-ofb" */
      676,    /* "identified-organization" */
+    1170,    /* "ieee" */
      461,    /* "info" */
      101,    /* "initials" */
      869,    /* "internationaliSDNNumber" */
@@ -3779,6 +4262,7 @@ static const unsigned int ln_objs[NUM_LN] = {
      956,    /* "jurisdictionStateOrProvinceName" */
      150,    /* "keyBag" */
      773,    /* "kisa" */
+    1063,    /* "kx-any" */
     1039,    /* "kx-dhe" */
     1041,    /* "kx-dhe-psk" */
     1038,    /* "kx-ecdhe" */
@@ -3793,6 +4277,12 @@ static const unsigned int ln_objs[NUM_LN] = {
      157,    /* "localKeyID" */
       15,    /* "localityName" */
      480,    /* "mXRecord" */
+    1190,    /* "magma-cbc" */
+    1191,    /* "magma-cfb" */
+    1188,    /* "magma-ctr" */
+    1187,    /* "magma-ecb" */
+    1192,    /* "magma-mac" */
+    1189,    /* "magma-ofb" */
      493,    /* "mailPreferenceOption" */
      467,    /* "manager" */
        3,    /* "md2" */
@@ -3817,9 +4307,11 @@ static const unsigned int ln_objs[NUM_LN] = {
      173,    /* "name" */
      681,    /* "onBasis" */
      379,    /* "org" */
+    1089,    /* "organizationIdentifier" */
       17,    /* "organizationName" */
      491,    /* "organizationalStatus" */
       18,    /* "organizationalUnitName" */
+    1141,    /* "oscca" */
      475,    /* "otherMailbox" */
      876,    /* "owner" */
      935,    /* "pSpecified" */
@@ -3866,6 +4358,7 @@ static const unsigned int ln_objs[NUM_LN] = {
       22,    /* "pkcs7-signedData" */
      151,    /* "pkcs8ShroudedKeyBag" */
       47,    /* "pkcs9" */
+    1061,    /* "poly1305" */
      862,    /* "postOfficeBox" */
      861,    /* "postalAddress" */
      661,    /* "postalCode" */
@@ -3918,6 +4411,7 @@ static const unsigned int ln_objs[NUM_LN] = {
      291,    /* "sbgp-autonomousSysNum" */
      290,    /* "sbgp-ipAddrBlock" */
      292,    /* "sbgp-routerIdentifier" */
+     973,    /* "scrypt" */
      159,    /* "sdsiCertificate" */
      859,    /* "searchGuide" */
      704,    /* "secp112r1" */
@@ -4085,14 +4579,36 @@ static const unsigned int ln_objs[NUM_LN] = {
      671,    /* "sha224WithRSAEncryption" */
      672,    /* "sha256" */
      668,    /* "sha256WithRSAEncryption" */
+    1096,    /* "sha3-224" */
+    1097,    /* "sha3-256" */
+    1098,    /* "sha3-384" */
+    1099,    /* "sha3-512" */
      673,    /* "sha384" */
      669,    /* "sha384WithRSAEncryption" */
      674,    /* "sha512" */
+    1094,    /* "sha512-224" */
+    1145,    /* "sha512-224WithRSAEncryption" */
+    1095,    /* "sha512-256" */
+    1146,    /* "sha512-256WithRSAEncryption" */
      670,    /* "sha512WithRSAEncryption" */
       42,    /* "shaWithRSAEncryption" */
+    1100,    /* "shake128" */
+    1101,    /* "shake256" */
       52,    /* "signingTime" */
      454,    /* "simpleSecurityObject" */
      496,    /* "singleLevelQuality" */
+    1062,    /* "siphash" */
+    1142,    /* "sm-scheme" */
+    1172,    /* "sm2" */
+    1143,    /* "sm3" */
+    1144,    /* "sm3WithRSAEncryption" */
+    1134,    /* "sm4-cbc" */
+    1137,    /* "sm4-cfb" */
+    1136,    /* "sm4-cfb1" */
+    1138,    /* "sm4-cfb8" */
+    1139,    /* "sm4-ctr" */
+    1133,    /* "sm4-ecb" */
+    1135,    /* "sm4-ofb" */
       16,    /* "stateOrProvinceName" */
      660,    /* "streetAddress" */
      498,    /* "subtreeMaximumQuality" */
@@ -4108,6 +4624,7 @@ static const unsigned int ln_objs[NUM_LN] = {
      106,    /* "title" */
     1021,    /* "tls1-prf" */
      682,    /* "tpBasis" */
+    1151,    /* "ua-pki" */
      436,    /* "ucl" */
        0,    /* "undefined" */
      102,    /* "uniqueIdentifier" */
@@ -4140,7 +4657,7 @@ static const unsigned int ln_objs[NUM_LN] = {
      125,    /* "zlib compression" */
 };
 
-#define NUM_OBJ 956
+#define NUM_OBJ 1071
 static const unsigned int obj_objs[NUM_OBJ] = {
        0,    /* OBJ_undef                        0 */
      181,    /* OBJ_iso                          1 */
@@ -4155,16 +4672,21 @@ static const unsigned int obj_objs[NUM_OBJ] = {
       11,    /* OBJ_X500                         2 5 */
      647,    /* OBJ_international_organizations  2 23 */
      380,    /* OBJ_dod                          1 3 6 */
+    1170,    /* OBJ_ieee                         1 3 111 */
       12,    /* OBJ_X509                         2 5 4 */
      378,    /* OBJ_X500algorithms               2 5 8 */
       81,    /* OBJ_id_ce                        2 5 29 */
      512,    /* OBJ_id_set                       2 23 42 */
      678,    /* OBJ_wap                          2 23 43 */
      435,    /* OBJ_pss                          0 9 2342 */
+    1140,    /* OBJ_ISO_CN                       1 2 156 */
+    1150,    /* OBJ_ISO_UA                       1 2 804 */
      183,    /* OBJ_ISO_US                       1 2 840 */
      381,    /* OBJ_iana                         1 3 6 1 */
     1034,    /* OBJ_X25519                       1 3 101 110 */
     1035,    /* OBJ_X448                         1 3 101 111 */
+    1087,    /* OBJ_ED25519                      1 3 101 112 */
+    1088,    /* OBJ_ED448                        1 3 101 113 */
      677,    /* OBJ_certicom_arc                 1 3 132 */
      394,    /* OBJ_selected_attribute_types     2 5 1 5 */
       13,    /* OBJ_commonName                   2 5 4 3 */
@@ -4221,6 +4743,10 @@ static const unsigned int obj_objs[NUM_OBJ] = {
      892,    /* OBJ_dmdName                      2 5 4 54 */
      510,    /* OBJ_pseudonym                    2 5 4 65 */
      400,    /* OBJ_role                         2 5 4 72 */
+    1089,    /* OBJ_organizationIdentifier       2 5 4 97 */
+    1090,    /* OBJ_countryCode3c                2 5 4 98 */
+    1091,    /* OBJ_countryCode3n                2 5 4 99 */
+    1092,    /* OBJ_dnsName                      2 5 4 100 */
      769,    /* OBJ_subject_directory_attributes 2 5 29 9 */
       82,    /* OBJ_subject_key_identifier       2 5 29 14 */
       83,    /* OBJ_key_usage                    2 5 29 15 */
@@ -4378,6 +4904,7 @@ static const unsigned int obj_objs[NUM_OBJ] = {
      637,    /* OBJ_set_brand_Diners             2 23 42 8 30 */
      638,    /* OBJ_set_brand_AmericanExpress    2 23 42 8 34 */
      639,    /* OBJ_set_brand_JCB                2 23 42 8 35 */
+    1141,    /* OBJ_oscca                        1 2 156 10197 */
      805,    /* OBJ_cryptopro                    1 2 643 2 2 */
      806,    /* OBJ_cryptocom                    1 2 643 2 9 */
      974,    /* OBJ_id_tc26                      1 2 643 7 1 */
@@ -4404,7 +4931,9 @@ static const unsigned int obj_objs[NUM_OBJ] = {
       70,    /* OBJ_dsaWithSHA1_2                1 3 14 3 2 27 */
      115,    /* OBJ_sha1WithRSA                  1 3 14 3 2 29 */
      117,    /* OBJ_ripemd160                    1 3 36 3 2 1 */
+    1093,    /* OBJ_x509ExtAdmission             1 3 36 8 3 3 */
      143,    /* OBJ_sxnet                        1 3 101 1 4 1 */
+    1171,    /* OBJ_ieee_siswg                   1 3 111 2 1619 */
      721,    /* OBJ_sect163k1                    1 3 132 0 1 */
      722,    /* OBJ_sect163r1                    1 3 132 0 2 */
      728,    /* OBJ_sect239k1                    1 3 132 0 3 */
@@ -4456,6 +4985,7 @@ static const unsigned int obj_objs[NUM_OBJ] = {
      744,    /* OBJ_wap_wsg_idm_ecid_wtls11      2 23 43 1 4 11 */
      745,    /* OBJ_wap_wsg_idm_ecid_wtls12      2 23 43 1 4 12 */
      804,    /* OBJ_whirlpool                    1 0 10118 3 0 55 */
+    1142,    /* OBJ_sm_scheme                    1 2 156 10197 1 */
      773,    /* OBJ_kisa                         1 2 410 200004 */
      807,    /* OBJ_id_GostR3411_94_with_GostR3410_2001 1 2 643 2 2 3 */
      808,    /* OBJ_id_GostR3411_94_with_GostR3410_94 1 2 643 2 2 4 */
@@ -4527,9 +5057,11 @@ static const unsigned int obj_objs[NUM_OBJ] = {
      987,    /* OBJ_id_tc26_mac                  1 2 643 7 1 1 4 */
      990,    /* OBJ_id_tc26_cipher               1 2 643 7 1 1 5 */
      991,    /* OBJ_id_tc26_agreement            1 2 643 7 1 1 6 */
+    1179,    /* OBJ_id_tc26_wrap                 1 2 643 7 1 1 7 */
      995,    /* OBJ_id_tc26_sign_constants       1 2 643 7 1 2 1 */
     1000,    /* OBJ_id_tc26_digest_constants     1 2 643 7 1 2 2 */
     1001,    /* OBJ_id_tc26_cipher_constants     1 2 643 7 1 2 5 */
+    1151,    /* OBJ_ua_pki                       1 2 804 2 1 1 1 */
        2,    /* OBJ_pkcs                         1 2 840 113549 1 */
      431,    /* OBJ_hold_instruction_none        1 2 840 10040 2 1 */
      432,    /* OBJ_hold_instruction_call_issuer 1 2 840 10040 2 2 */
@@ -4585,6 +5117,16 @@ static const unsigned int obj_objs[NUM_OBJ] = {
      971,    /* OBJ_camellia_256_ctr             0 3 4401 5 3 1 9 49 */
      972,    /* OBJ_camellia_256_cmac            0 3 4401 5 3 1 9 50 */
      437,    /* OBJ_pilot                        0 9 2342 19200300 100 */
+    1133,    /* OBJ_sm4_ecb                      1 2 156 10197 1 104 1 */
+    1134,    /* OBJ_sm4_cbc                      1 2 156 10197 1 104 2 */
+    1135,    /* OBJ_sm4_ofb128                   1 2 156 10197 1 104 3 */
+    1137,    /* OBJ_sm4_cfb128                   1 2 156 10197 1 104 4 */
+    1136,    /* OBJ_sm4_cfb1                     1 2 156 10197 1 104 5 */
+    1138,    /* OBJ_sm4_cfb8                     1 2 156 10197 1 104 6 */
+    1139,    /* OBJ_sm4_ctr                      1 2 156 10197 1 104 7 */
+    1172,    /* OBJ_sm2                          1 2 156 10197 1 301 */
+    1143,    /* OBJ_sm3                          1 2 156 10197 1 401 */
+    1144,    /* OBJ_sm3WithRSAEncryption         1 2 156 10197 1 504 */
      776,    /* OBJ_seed_ecb                     1 2 410 200004 1 3 */
      777,    /* OBJ_seed_cbc                     1 2 410 200004 1 4 */
      779,    /* OBJ_seed_cfb128                  1 2 410 200004 1 5 */
@@ -4604,8 +5146,13 @@ static const unsigned int obj_objs[NUM_OBJ] = {
      986,    /* OBJ_id_tc26_signwithdigest_gost3410_2012_512 1 2 643 7 1 1 3 3 */
      988,    /* OBJ_id_tc26_hmac_gost_3411_2012_256 1 2 643 7 1 1 4 1 */
      989,    /* OBJ_id_tc26_hmac_gost_3411_2012_512 1 2 643 7 1 1 4 2 */
+    1173,    /* OBJ_id_tc26_cipher_gostr3412_2015_magma 1 2 643 7 1 1 5 1 */
+    1176,    /* OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik 1 2 643 7 1 1 5 2 */
      992,    /* OBJ_id_tc26_agreement_gost_3410_2012_256 1 2 643 7 1 1 6 1 */
      993,    /* OBJ_id_tc26_agreement_gost_3410_2012_512 1 2 643 7 1 1 6 2 */
+    1180,    /* OBJ_id_tc26_wrap_gostr3412_2015_magma 1 2 643 7 1 1 7 1 */
+    1182,    /* OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik 1 2 643 7 1 1 7 2 */
+    1147,    /* OBJ_id_tc26_gost_3410_2012_256_constants 1 2 643 7 1 2 1 1 */
      996,    /* OBJ_id_tc26_gost_3410_2012_512_constants 1 2 643 7 1 2 1 2 */
     1002,    /* OBJ_id_tc26_gost_28147_constants 1 2 643 7 1 2 5 1 */
      186,    /* OBJ_pkcs1                        1 2 840 113549 1 1 */
@@ -4622,6 +5169,8 @@ static const unsigned int obj_objs[NUM_OBJ] = {
      799,    /* OBJ_hmacWithSHA256               1 2 840 113549 2 9 */
      800,    /* OBJ_hmacWithSHA384               1 2 840 113549 2 10 */
      801,    /* OBJ_hmacWithSHA512               1 2 840 113549 2 11 */
+    1193,    /* OBJ_hmacWithSHA512_224           1 2 840 113549 2 12 */
+    1194,    /* OBJ_hmacWithSHA512_256           1 2 840 113549 2 13 */
       37,    /* OBJ_rc2_cbc                      1 2 840 113549 3 2 */
        5,    /* OBJ_rc4                          1 2 840 113549 3 4 */
       44,    /* OBJ_des_ede3_cbc                 1 2 840 113549 3 7 */
@@ -4710,6 +5259,8 @@ static const unsigned int obj_objs[NUM_OBJ] = {
     1028,    /* OBJ_sendProxiedRouter            1 3 6 1 5 5 7 3 24 */
     1029,    /* OBJ_sendOwner                    1 3 6 1 5 5 7 3 25 */
     1030,    /* OBJ_sendProxiedOwner             1 3 6 1 5 5 7 3 26 */
+    1131,    /* OBJ_cmcCA                        1 3 6 1 5 5 7 3 27 */
+    1132,    /* OBJ_cmcRA                        1 3 6 1 5 5 7 3 28 */
      298,    /* OBJ_id_it_caProtEncCert          1 3 6 1 5 5 7 4 1 */
      299,    /* OBJ_id_it_signKeyPairTypes       1 3 6 1 5 5 7 4 2 */
      300,    /* OBJ_id_it_encKeyPairTypes        1 3 6 1 5 5 7 4 3 */
@@ -4779,15 +5330,49 @@ static const unsigned int obj_objs[NUM_OBJ] = {
      785,    /* OBJ_caRepository                 1 3 6 1 5 5 7 48 5 */
      780,    /* OBJ_hmac_md5                     1 3 6 1 5 5 8 1 1 */
      781,    /* OBJ_hmac_sha1                    1 3 6 1 5 5 8 1 2 */
+     913,    /* OBJ_aes_128_xts                  1 3 111 2 1619 0 1 1 */
+     914,    /* OBJ_aes_256_xts                  1 3 111 2 1619 0 1 2 */
       58,    /* OBJ_netscape_cert_extension      2 16 840 1 113730 1 */
       59,    /* OBJ_netscape_data_type           2 16 840 1 113730 2 */
      438,    /* OBJ_pilotAttributeType           0 9 2342 19200300 100 1 */
      439,    /* OBJ_pilotAttributeSyntax         0 9 2342 19200300 100 3 */
      440,    /* OBJ_pilotObjectClass             0 9 2342 19200300 100 4 */
      441,    /* OBJ_pilotGroups                  0 9 2342 19200300 100 10 */
+    1065,    /* OBJ_aria_128_ecb                 1 2 410 200046 1 1 1 */
+    1066,    /* OBJ_aria_128_cbc                 1 2 410 200046 1 1 2 */
+    1067,    /* OBJ_aria_128_cfb128              1 2 410 200046 1 1 3 */
+    1068,    /* OBJ_aria_128_ofb128              1 2 410 200046 1 1 4 */
+    1069,    /* OBJ_aria_128_ctr                 1 2 410 200046 1 1 5 */
+    1070,    /* OBJ_aria_192_ecb                 1 2 410 200046 1 1 6 */
+    1071,    /* OBJ_aria_192_cbc                 1 2 410 200046 1 1 7 */
+    1072,    /* OBJ_aria_192_cfb128              1 2 410 200046 1 1 8 */
+    1073,    /* OBJ_aria_192_ofb128              1 2 410 200046 1 1 9 */
+    1074,    /* OBJ_aria_192_ctr                 1 2 410 200046 1 1 10 */
+    1075,    /* OBJ_aria_256_ecb                 1 2 410 200046 1 1 11 */
+    1076,    /* OBJ_aria_256_cbc                 1 2 410 200046 1 1 12 */
+    1077,    /* OBJ_aria_256_cfb128              1 2 410 200046 1 1 13 */
+    1078,    /* OBJ_aria_256_ofb128              1 2 410 200046 1 1 14 */
+    1079,    /* OBJ_aria_256_ctr                 1 2 410 200046 1 1 15 */
+    1123,    /* OBJ_aria_128_gcm                 1 2 410 200046 1 1 34 */
+    1124,    /* OBJ_aria_192_gcm                 1 2 410 200046 1 1 35 */
+    1125,    /* OBJ_aria_256_gcm                 1 2 410 200046 1 1 36 */
+    1120,    /* OBJ_aria_128_ccm                 1 2 410 200046 1 1 37 */
+    1121,    /* OBJ_aria_192_ccm                 1 2 410 200046 1 1 38 */
+    1122,    /* OBJ_aria_256_ccm                 1 2 410 200046 1 1 39 */
+    1174,    /* OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm 1 2 643 7 1 1 5 1 1 */
+    1175,    /* OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac 1 2 643 7 1 1 5 1 2 */
+    1177,    /* OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm 1 2 643 7 1 1 5 2 1 */
+    1178,    /* OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac 1 2 643 7 1 1 5 2 2 */
+    1181,    /* OBJ_id_tc26_wrap_gostr3412_2015_magma_kexp15 1 2 643 7 1 1 7 1 1 */
+    1183,    /* OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 1 2 643 7 1 1 7 1 1 */
+    1148,    /* OBJ_id_tc26_gost_3410_2012_256_paramSetA 1 2 643 7 1 2 1 1 1 */
+    1184,    /* OBJ_id_tc26_gost_3410_2012_256_paramSetB 1 2 643 7 1 2 1 1 2 */
+    1185,    /* OBJ_id_tc26_gost_3410_2012_256_paramSetC 1 2 643 7 1 2 1 1 3 */
+    1186,    /* OBJ_id_tc26_gost_3410_2012_256_paramSetD 1 2 643 7 1 2 1 1 4 */
      997,    /* OBJ_id_tc26_gost_3410_2012_512_paramSetTest 1 2 643 7 1 2 1 2 0 */
      998,    /* OBJ_id_tc26_gost_3410_2012_512_paramSetA 1 2 643 7 1 2 1 2 1 */
      999,    /* OBJ_id_tc26_gost_3410_2012_512_paramSetB 1 2 643 7 1 2 1 2 2 */
+    1149,    /* OBJ_id_tc26_gost_3410_2012_512_paramSetC 1 2 643 7 1 2 1 2 3 */
     1003,    /* OBJ_id_tc26_gost_28147_param_Z   1 2 643 7 1 2 5 1 1 */
      108,    /* OBJ_cast5_cbc                    1 2 840 113533 7 66 10 */
      112,    /* OBJ_pbeWithMD5AndCast5_CBC       1 2 840 113533 7 66 12 */
@@ -4807,6 +5392,8 @@ static const unsigned int obj_objs[NUM_OBJ] = {
      669,    /* OBJ_sha384WithRSAEncryption      1 2 840 113549 1 1 12 */
      670,    /* OBJ_sha512WithRSAEncryption      1 2 840 113549 1 1 13 */
      671,    /* OBJ_sha224WithRSAEncryption      1 2 840 113549 1 1 14 */
+    1145,    /* OBJ_sha512_224WithRSAEncryption  1 2 840 113549 1 1 15 */
+    1146,    /* OBJ_sha512_256WithRSAEncryption  1 2 840 113549 1 1 16 */
       28,    /* OBJ_dhKeyAgreement               1 2 840 113549 1 3 1 */
        9,    /* OBJ_pbeWithMD2AndDES_CBC         1 2 840 113549 1 5 1 */
       10,    /* OBJ_pbeWithMD5AndDES_CBC         1 2 840 113549 1 5 3 */
@@ -4908,8 +5495,34 @@ static const unsigned int obj_objs[NUM_OBJ] = {
      673,    /* OBJ_sha384                       2 16 840 1 101 3 4 2 2 */
      674,    /* OBJ_sha512                       2 16 840 1 101 3 4 2 3 */
      675,    /* OBJ_sha224                       2 16 840 1 101 3 4 2 4 */
+    1094,    /* OBJ_sha512_224                   2 16 840 1 101 3 4 2 5 */
+    1095,    /* OBJ_sha512_256                   2 16 840 1 101 3 4 2 6 */
+    1096,    /* OBJ_sha3_224                     2 16 840 1 101 3 4 2 7 */
+    1097,    /* OBJ_sha3_256                     2 16 840 1 101 3 4 2 8 */
+    1098,    /* OBJ_sha3_384                     2 16 840 1 101 3 4 2 9 */
+    1099,    /* OBJ_sha3_512                     2 16 840 1 101 3 4 2 10 */
+    1100,    /* OBJ_shake128                     2 16 840 1 101 3 4 2 11 */
+    1101,    /* OBJ_shake256                     2 16 840 1 101 3 4 2 12 */
+    1102,    /* OBJ_hmac_sha3_224                2 16 840 1 101 3 4 2 13 */
+    1103,    /* OBJ_hmac_sha3_256                2 16 840 1 101 3 4 2 14 */
+    1104,    /* OBJ_hmac_sha3_384                2 16 840 1 101 3 4 2 15 */
+    1105,    /* OBJ_hmac_sha3_512                2 16 840 1 101 3 4 2 16 */
      802,    /* OBJ_dsa_with_SHA224              2 16 840 1 101 3 4 3 1 */
      803,    /* OBJ_dsa_with_SHA256              2 16 840 1 101 3 4 3 2 */
+    1106,    /* OBJ_dsa_with_SHA384              2 16 840 1 101 3 4 3 3 */
+    1107,    /* OBJ_dsa_with_SHA512              2 16 840 1 101 3 4 3 4 */
+    1108,    /* OBJ_dsa_with_SHA3_224            2 16 840 1 101 3 4 3 5 */
+    1109,    /* OBJ_dsa_with_SHA3_256            2 16 840 1 101 3 4 3 6 */
+    1110,    /* OBJ_dsa_with_SHA3_384            2 16 840 1 101 3 4 3 7 */
+    1111,    /* OBJ_dsa_with_SHA3_512            2 16 840 1 101 3 4 3 8 */
+    1112,    /* OBJ_ecdsa_with_SHA3_224          2 16 840 1 101 3 4 3 9 */
+    1113,    /* OBJ_ecdsa_with_SHA3_256          2 16 840 1 101 3 4 3 10 */
+    1114,    /* OBJ_ecdsa_with_SHA3_384          2 16 840 1 101 3 4 3 11 */
+    1115,    /* OBJ_ecdsa_with_SHA3_512          2 16 840 1 101 3 4 3 12 */
+    1116,    /* OBJ_RSA_SHA3_224                 2 16 840 1 101 3 4 3 13 */
+    1117,    /* OBJ_RSA_SHA3_256                 2 16 840 1 101 3 4 3 14 */
+    1118,    /* OBJ_RSA_SHA3_384                 2 16 840 1 101 3 4 3 15 */
+    1119,    /* OBJ_RSA_SHA3_512                 2 16 840 1 101 3 4 3 16 */
       71,    /* OBJ_netscape_cert_type           2 16 840 1 113730 1 1 */
       72,    /* OBJ_netscape_base_url            2 16 840 1 113730 1 2 */
       73,    /* OBJ_netscape_revocation_url      2 16 840 1 113730 1 3 */
@@ -4984,6 +5597,9 @@ static const unsigned int obj_objs[NUM_OBJ] = {
      455,    /* OBJ_pilotOrganization            0 9 2342 19200300 100 4 20 */
      456,    /* OBJ_pilotDSA                     0 9 2342 19200300 100 4 21 */
      457,    /* OBJ_qualityLabelledData          0 9 2342 19200300 100 4 22 */
+    1152,    /* OBJ_dstu28147                    1 2 804 2 1 1 1 1 1 1 */
+    1156,    /* OBJ_hmacWithDstu34311            1 2 804 2 1 1 1 1 1 2 */
+    1157,    /* OBJ_dstu34311                    1 2 804 2 1 1 1 1 2 1 */
      189,    /* OBJ_id_smime_mod                 1 2 840 113549 1 9 16 0 */
      190,    /* OBJ_id_smime_ct                  1 2 840 113549 1 9 16 1 */
      191,    /* OBJ_id_smime_aa                  1 2 840 113549 1 9 16 2 */
@@ -5018,6 +5634,10 @@ static const unsigned int obj_objs[NUM_OBJ] = {
      907,    /* OBJ_id_camellia128_wrap          1 2 392 200011 61 1 1 3 2 */
      908,    /* OBJ_id_camellia192_wrap          1 2 392 200011 61 1 1 3 3 */
      909,    /* OBJ_id_camellia256_wrap          1 2 392 200011 61 1 1 3 4 */
+    1153,    /* OBJ_dstu28147_ofb                1 2 804 2 1 1 1 1 1 1 2 */
+    1154,    /* OBJ_dstu28147_cfb                1 2 804 2 1 1 1 1 1 1 3 */
+    1155,    /* OBJ_dstu28147_wrap               1 2 804 2 1 1 1 1 1 1 5 */
+    1158,    /* OBJ_dstu4145le                   1 2 804 2 1 1 1 1 3 1 1 */
      196,    /* OBJ_id_smime_mod_cms             1 2 840 113549 1 9 16 0 1 */
      197,    /* OBJ_id_smime_mod_ess             1 2 840 113549 1 9 16 0 2 */
      198,    /* OBJ_id_smime_mod_oid             1 2 840 113549 1 9 16 0 3 */
@@ -5068,6 +5688,7 @@ static const unsigned int obj_objs[NUM_OBJ] = {
      238,    /* OBJ_id_smime_aa_ets_archiveTimeStamp 1 2 840 113549 1 9 16 2 27 */
      239,    /* OBJ_id_smime_aa_signatureType    1 2 840 113549 1 9 16 2 28 */
      240,    /* OBJ_id_smime_aa_dvcs_dvc         1 2 840 113549 1 9 16 2 29 */
+    1086,    /* OBJ_id_smime_aa_signingCertificateV2 1 2 840 113549 1 9 16 2 47 */
      241,    /* OBJ_id_smime_alg_ESDHwith3DES    1 2 840 113549 1 9 16 3 1 */
      242,    /* OBJ_id_smime_alg_ESDHwithRC2     1 2 840 113549 1 9 16 3 2 */
      243,    /* OBJ_id_smime_alg_3DESwrap        1 2 840 113549 1 9 16 3 3 */
@@ -5098,4 +5719,15 @@ static const unsigned int obj_objs[NUM_OBJ] = {
      957,    /* OBJ_jurisdictionCountryName      1 3 6 1 4 1 311 60 2 1 3 */
     1056,    /* OBJ_blake2b512                   1 3 6 1 4 1 1722 12 2 1 16 */
     1057,    /* OBJ_blake2s256                   1 3 6 1 4 1 1722 12 2 2 8 */
+    1159,    /* OBJ_dstu4145be                   1 2 804 2 1 1 1 1 3 1 1 1 1 */
+    1160,    /* OBJ_uacurve0                     1 2 804 2 1 1 1 1 3 1 1 2 0 */
+    1161,    /* OBJ_uacurve1                     1 2 804 2 1 1 1 1 3 1 1 2 1 */
+    1162,    /* OBJ_uacurve2                     1 2 804 2 1 1 1 1 3 1 1 2 2 */
+    1163,    /* OBJ_uacurve3                     1 2 804 2 1 1 1 1 3 1 1 2 3 */
+    1164,    /* OBJ_uacurve4                     1 2 804 2 1 1 1 1 3 1 1 2 4 */
+    1165,    /* OBJ_uacurve5                     1 2 804 2 1 1 1 1 3 1 1 2 5 */
+    1166,    /* OBJ_uacurve6                     1 2 804 2 1 1 1 1 3 1 1 2 6 */
+    1167,    /* OBJ_uacurve7                     1 2 804 2 1 1 1 1 3 1 1 2 7 */
+    1168,    /* OBJ_uacurve8                     1 2 804 2 1 1 1 1 3 1 1 2 8 */
+    1169,    /* OBJ_uacurve9                     1 2 804 2 1 1 1 1 3 1 1 2 9 */
 };
diff --git a/deps/openssl/openssl/crypto/objects/obj_dat.pl b/deps/openssl/openssl/crypto/objects/obj_dat.pl
index 1cb3d1c9af..e80900d09d 100644
--- a/deps/openssl/openssl/crypto/objects/obj_dat.pl
+++ b/deps/openssl/openssl/crypto/objects/obj_dat.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -36,6 +36,10 @@ sub der_it
     return $ret;
 }
 
+# Output year depends on the year of the script and the input file.
+my $YEAR = [localtime([stat($0)]->[9])]->[5] + 1900;
+my $iYEAR = [localtime([stat($ARGV[0])]->[9])]->[5] + 1900;
+$YEAR = $iYEAR if $iYEAR > $YEAR;
 
 # Read input, parse all #define's into OID name and value.
 # Populate %ln and %sn with long and short names (%dupln and %dupsn)
@@ -148,13 +152,12 @@ for (my $i = 0; $i < $n; $i++) {
 }
 
 # Finally ready to generate the output.
-open(OUT, ">$ARGV[1]") || die "Can't open output file $ARGV[1], $!";
-print OUT <<'EOF';
+print <<"EOF";
 /*
  * WARNING: do not edit!
  * Generated by crypto/objects/obj_dat.pl
  *
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-$YEAR The OpenSSL Project Authors. All Rights Reserved.
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
@@ -163,44 +166,44 @@ print OUT <<'EOF';
 
 EOF
 
-print OUT "/* Serialized OID's */\n";
-printf OUT "static const unsigned char so[%d] = {\n", $lvalues + 1;
-print OUT @lvalues;
-print OUT "};\n\n";
+print "/* Serialized OID's */\n";
+printf "static const unsigned char so[%d] = {\n", $lvalues + 1;
+print @lvalues;
+print "};\n\n";
 
-printf OUT "#define NUM_NID %d\n", $n;
-printf OUT "static const ASN1_OBJECT nid_objs[NUM_NID] = {\n";
-print OUT @out;
-print  OUT "};\n\n";
+printf "#define NUM_NID %d\n", $n;
+printf "static const ASN1_OBJECT nid_objs[NUM_NID] = {\n";
+print @out;
+print  "};\n\n";
 
 {
     no warnings "uninitialized";
     @a = grep(defined $sn{$nid{$_}}, 0 .. $n);
 }
-printf OUT "#define NUM_SN %d\n", $#a + 1;
-printf OUT "static const unsigned int sn_objs[NUM_SN] = {\n";
+printf "#define NUM_SN %d\n", $#a + 1;
+printf "static const unsigned int sn_objs[NUM_SN] = {\n";
 foreach (sort { $sn{$nid{$a}} cmp $sn{$nid{$b}} } @a) {
-    printf OUT "    %4d,    /* \"$sn{$nid{$_}}\" */\n", $_;
+    printf "    %4d,    /* \"$sn{$nid{$_}}\" */\n", $_;
 }
-print  OUT "};\n\n";
+print  "};\n\n";
 
 {
     no warnings "uninitialized";
     @a = grep(defined $ln{$nid{$_}}, 0 .. $n);
 }
-printf OUT "#define NUM_LN %d\n", $#a + 1;
-printf OUT "static const unsigned int ln_objs[NUM_LN] = {\n";
+printf "#define NUM_LN %d\n", $#a + 1;
+printf "static const unsigned int ln_objs[NUM_LN] = {\n";
 foreach (sort { $ln{$nid{$a}} cmp $ln{$nid{$b}} } @a) {
-    printf OUT "    %4d,    /* \"$ln{$nid{$_}}\" */\n", $_;
+    printf "    %4d,    /* \"$ln{$nid{$_}}\" */\n", $_;
 }
-print  OUT "};\n\n";
+print  "};\n\n";
 
 {
     no warnings "uninitialized";
     @a = grep(defined $obj{$nid{$_}}, 0 .. $n);
 }
-printf OUT "#define NUM_OBJ %d\n", $#a + 1;
-printf OUT "static const unsigned int obj_objs[NUM_OBJ] = {\n";
+printf "#define NUM_OBJ %d\n", $#a + 1;
+printf "static const unsigned int obj_objs[NUM_OBJ] = {\n";
 
 # Compare DER; prefer shorter; if some length, use the "smaller" encoding.
 sub obj_cmp
@@ -220,8 +223,6 @@ foreach (sort obj_cmp @a) {
     my $v = $objd{$m};
     $v =~ s/L//g;
     $v =~ s/,/ /g;
-    printf OUT "    %4d,    /* %-32s %s */\n", $_, $m, $v;
+    printf "    %4d,    /* %-32s %s */\n", $_, $m, $v;
 }
-print  OUT "};\n";
-
-close OUT;
+print  "};\n";
diff --git a/deps/openssl/openssl/crypto/objects/obj_err.c b/deps/openssl/openssl/crypto/objects/obj_err.c
index 4677b67367..be4f11ca20 100644
--- a/deps/openssl/openssl/crypto/objects/obj_err.c
+++ b/deps/openssl/openssl/crypto/objects/obj_err.c
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -8,30 +8,27 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
 #include <openssl/err.h>
-#include <openssl/objects.h>
+#include <openssl/objectserr.h>
 
-/* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_OBJ,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_OBJ,0,reason)
-
-static ERR_STRING_DATA OBJ_str_functs[] = {
-    {ERR_FUNC(OBJ_F_OBJ_ADD_OBJECT), "OBJ_add_object"},
-    {ERR_FUNC(OBJ_F_OBJ_CREATE), "OBJ_create"},
-    {ERR_FUNC(OBJ_F_OBJ_DUP), "OBJ_dup"},
-    {ERR_FUNC(OBJ_F_OBJ_NAME_NEW_INDEX), "OBJ_NAME_new_index"},
-    {ERR_FUNC(OBJ_F_OBJ_NID2LN), "OBJ_nid2ln"},
-    {ERR_FUNC(OBJ_F_OBJ_NID2OBJ), "OBJ_nid2obj"},
-    {ERR_FUNC(OBJ_F_OBJ_NID2SN), "OBJ_nid2sn"},
+static const ERR_STRING_DATA OBJ_str_functs[] = {
+    {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_ADD_OBJECT, 0), "OBJ_add_object"},
+    {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_ADD_SIGID, 0), "OBJ_add_sigid"},
+    {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_CREATE, 0), "OBJ_create"},
+    {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_DUP, 0), "OBJ_dup"},
+    {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_NAME_NEW_INDEX, 0), "OBJ_NAME_new_index"},
+    {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_NID2LN, 0), "OBJ_nid2ln"},
+    {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_NID2OBJ, 0), "OBJ_nid2obj"},
+    {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_NID2SN, 0), "OBJ_nid2sn"},
+    {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_TXT2OBJ, 0), "OBJ_txt2obj"},
     {0, NULL}
 };
 
-static ERR_STRING_DATA OBJ_str_reasons[] = {
-    {ERR_REASON(OBJ_R_OID_EXISTS), "oid exists"},
-    {ERR_REASON(OBJ_R_UNKNOWN_NID), "unknown nid"},
+static const ERR_STRING_DATA OBJ_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_OBJ, 0, OBJ_R_OID_EXISTS), "oid exists"},
+    {ERR_PACK(ERR_LIB_OBJ, 0, OBJ_R_UNKNOWN_NID), "unknown nid"},
     {0, NULL}
 };
 
@@ -40,10 +37,9 @@ static ERR_STRING_DATA OBJ_str_reasons[] = {
 int ERR_load_OBJ_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
-
     if (ERR_func_error_string(OBJ_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, OBJ_str_functs);
-        ERR_load_strings(0, OBJ_str_reasons);
+        ERR_load_strings_const(OBJ_str_functs);
+        ERR_load_strings_const(OBJ_str_reasons);
     }
 #endif
     return 1;
diff --git a/deps/openssl/openssl/crypto/objects/obj_lib.c b/deps/openssl/openssl/crypto/objects/obj_lib.c
index 33075e6451..acbdeec2c9 100644
--- a/deps/openssl/openssl/crypto/objects/obj_lib.c
+++ b/deps/openssl/openssl/crypto/objects/obj_lib.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -9,7 +9,6 @@
 
 #include <stdio.h>
 #include "internal/cryptlib.h"
-#include <openssl/lhash.h>
 #include <openssl/objects.h>
 #include <openssl/buffer.h>
 #include "internal/asn1_int.h"
@@ -22,12 +21,12 @@ ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o)
         return NULL;
     /* If object isn't dynamic it's an internal OID which is never freed */
     if (!(o->flags & ASN1_OBJECT_FLAG_DYNAMIC))
-        return ((ASN1_OBJECT *)o);
+        return (ASN1_OBJECT *)o;
 
     r = ASN1_OBJECT_new();
     if (r == NULL) {
         OBJerr(OBJ_F_OBJ_DUP, ERR_R_ASN1_LIB);
-        return (NULL);
+        return NULL;
     }
 
     /* Set dynamic flags so everything gets freed up on error */
@@ -61,6 +60,6 @@ int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b)
 
     ret = (a->length - b->length);
     if (ret)
-        return (ret);
-    return (memcmp(a->data, b->data, a->length));
+        return ret;
+    return memcmp(a->data, b->data, a->length);
 }
diff --git a/deps/openssl/openssl/crypto/objects/obj_mac.num b/deps/openssl/openssl/crypto/objects/obj_mac.num
index a5995a513b..1b6a9c61a1 100644
--- a/deps/openssl/openssl/crypto/objects/obj_mac.num
+++ b/deps/openssl/openssl/crypto/objects/obj_mac.num
@@ -1058,3 +1058,137 @@ blake2s256		1057
 id_smime_ct_contentCollection		1058
 id_smime_ct_authEnvelopedData		1059
 id_ct_xml		1060
+poly1305		1061
+siphash		1062
+kx_any		1063
+auth_any		1064
+aria_128_ecb		1065
+aria_128_cbc		1066
+aria_128_cfb128		1067
+aria_128_ofb128		1068
+aria_128_ctr		1069
+aria_192_ecb		1070
+aria_192_cbc		1071
+aria_192_cfb128		1072
+aria_192_ofb128		1073
+aria_192_ctr		1074
+aria_256_ecb		1075
+aria_256_cbc		1076
+aria_256_cfb128		1077
+aria_256_ofb128		1078
+aria_256_ctr		1079
+aria_128_cfb1		1080
+aria_192_cfb1		1081
+aria_256_cfb1		1082
+aria_128_cfb8		1083
+aria_192_cfb8		1084
+aria_256_cfb8		1085
+id_smime_aa_signingCertificateV2		1086
+ED25519		1087
+ED448		1088
+organizationIdentifier		1089
+countryCode3c		1090
+countryCode3n		1091
+dnsName		1092
+x509ExtAdmission		1093
+sha512_224		1094
+sha512_256		1095
+sha3_224		1096
+sha3_256		1097
+sha3_384		1098
+sha3_512		1099
+shake128		1100
+shake256		1101
+hmac_sha3_224		1102
+hmac_sha3_256		1103
+hmac_sha3_384		1104
+hmac_sha3_512		1105
+dsa_with_SHA384		1106
+dsa_with_SHA512		1107
+dsa_with_SHA3_224		1108
+dsa_with_SHA3_256		1109
+dsa_with_SHA3_384		1110
+dsa_with_SHA3_512		1111
+ecdsa_with_SHA3_224		1112
+ecdsa_with_SHA3_256		1113
+ecdsa_with_SHA3_384		1114
+ecdsa_with_SHA3_512		1115
+RSA_SHA3_224		1116
+RSA_SHA3_256		1117
+RSA_SHA3_384		1118
+RSA_SHA3_512		1119
+aria_128_ccm		1120
+aria_192_ccm		1121
+aria_256_ccm		1122
+aria_128_gcm		1123
+aria_192_gcm		1124
+aria_256_gcm		1125
+ffdhe2048		1126
+ffdhe3072		1127
+ffdhe4096		1128
+ffdhe6144		1129
+ffdhe8192		1130
+cmcCA		1131
+cmcRA		1132
+sm4_ecb		1133
+sm4_cbc		1134
+sm4_ofb128		1135
+sm4_cfb1		1136
+sm4_cfb128		1137
+sm4_cfb8		1138
+sm4_ctr		1139
+ISO_CN		1140
+oscca		1141
+sm_scheme		1142
+sm3		1143
+sm3WithRSAEncryption		1144
+sha512_224WithRSAEncryption		1145
+sha512_256WithRSAEncryption		1146
+id_tc26_gost_3410_2012_256_constants		1147
+id_tc26_gost_3410_2012_256_paramSetA		1148
+id_tc26_gost_3410_2012_512_paramSetC		1149
+ISO_UA		1150
+ua_pki		1151
+dstu28147		1152
+dstu28147_ofb		1153
+dstu28147_cfb		1154
+dstu28147_wrap		1155
+hmacWithDstu34311		1156
+dstu34311		1157
+dstu4145le		1158
+dstu4145be		1159
+uacurve0		1160
+uacurve1		1161
+uacurve2		1162
+uacurve3		1163
+uacurve4		1164
+uacurve5		1165
+uacurve6		1166
+uacurve7		1167
+uacurve8		1168
+uacurve9		1169
+ieee		1170
+ieee_siswg		1171
+sm2		1172
+id_tc26_cipher_gostr3412_2015_magma		1173
+id_tc26_cipher_gostr3412_2015_magma_ctracpkm		1174
+id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac		1175
+id_tc26_cipher_gostr3412_2015_kuznyechik		1176
+id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm		1177
+id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac		1178
+id_tc26_wrap		1179
+id_tc26_wrap_gostr3412_2015_magma		1180
+id_tc26_wrap_gostr3412_2015_magma_kexp15		1181
+id_tc26_wrap_gostr3412_2015_kuznyechik		1182
+id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15		1183
+id_tc26_gost_3410_2012_256_paramSetB		1184
+id_tc26_gost_3410_2012_256_paramSetC		1185
+id_tc26_gost_3410_2012_256_paramSetD		1186
+magma_ecb		1187
+magma_ctr		1188
+magma_ofb		1189
+magma_cbc		1190
+magma_cfb		1191
+magma_mac		1192
+hmacWithSHA512_224		1193
+hmacWithSHA512_256		1194
diff --git a/deps/openssl/openssl/crypto/objects/obj_xref.c b/deps/openssl/openssl/crypto/objects/obj_xref.c
index 627f5bca2f..faf59eb20c 100644
--- a/deps/openssl/openssl/crypto/objects/obj_xref.c
+++ b/deps/openssl/openssl/crypto/objects/obj_xref.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -9,7 +9,8 @@
 
 #include <openssl/objects.h>
 #include "obj_xref.h"
-#include "e_os.h"
+#include "internal/nelem.h"
+#include <openssl/err.h>
 
 static STACK_OF(nid_triple) *sig_app, *sigx_app;
 
@@ -45,10 +46,9 @@ int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid)
     const nid_triple *rv = NULL;
     tmp.sign_id = signid;
 
-    if (sig_app) {
+    if (sig_app != NULL) {
         int idx = sk_nid_triple_find(sig_app, &tmp);
-        if (idx >= 0)
-            rv = sk_nid_triple_value(sig_app, idx);
+        rv = sk_nid_triple_value(sig_app, idx);
     }
 #ifndef OBJ_XREF_TEST2
     if (rv == NULL) {
@@ -103,9 +103,10 @@ int OBJ_add_sigid(int signid, int dig_id, int pkey_id)
         sigx_app = sk_nid_triple_new(sigx_cmp);
     if (sigx_app == NULL)
         return 0;
-    ntr = OPENSSL_malloc(sizeof(*ntr));
-    if (ntr == NULL)
+    if ((ntr = OPENSSL_malloc(sizeof(*ntr))) == NULL) {
+        OBJerr(OBJ_F_OBJ_ADD_SIGID, ERR_R_MALLOC_FAILURE);
         return 0;
+    }
     ntr->sign_id = signid;
     ntr->hash_id = dig_id;
     ntr->pkey_id = pkey_id;
@@ -136,30 +137,3 @@ void OBJ_sigid_free(void)
     sk_nid_triple_free(sigx_app);
     sigx_app = NULL;
 }
-
-#ifdef OBJ_XREF_TEST
-
-main()
-{
-    int n1, n2, n3;
-
-    int i, rv;
-# ifdef OBJ_XREF_TEST2
-    for (i = 0; i < OSSL_NELEM(sigoid_srt); i++) {
-        OBJ_add_sigid(sigoid_srt[i][0], sigoid_srt[i][1], sigoid_srt[i][2]);
-    }
-# endif
-
-    for (i = 0; i < OSSL_NELEM(sigoid_srt); i++) {
-        n1 = sigoid_srt[i][0];
-        rv = OBJ_find_sigid_algs(n1, &n2, &n3);
-        printf("Forward: %d, %s %s %s\n", rv,
-               OBJ_nid2ln(n1), OBJ_nid2ln(n2), OBJ_nid2ln(n3));
-        n1 = 0;
-        rv = OBJ_find_sigid_by_algs(&n1, n2, n3);
-        printf("Reverse: %d, %s %s %s\n", rv,
-               OBJ_nid2ln(n1), OBJ_nid2ln(n2), OBJ_nid2ln(n3));
-    }
-}
-
-#endif
diff --git a/deps/openssl/openssl/crypto/objects/obj_xref.h b/deps/openssl/openssl/crypto/objects/obj_xref.h
index d09aa71f4e..9606e57d61 100644
--- a/deps/openssl/openssl/crypto/objects/obj_xref.h
+++ b/deps/openssl/openssl/crypto/objects/obj_xref.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by objxref.pl
  *
- * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -73,6 +73,12 @@ static const nid_triple sigoid_srt[] = {
      NID_id_GostR3410_2012_256},
     {NID_id_tc26_signwithdigest_gost3410_2012_512, NID_id_GostR3411_2012_512,
      NID_id_GostR3410_2012_512},
+    {NID_ED25519, NID_undef, NID_ED25519},
+    {NID_ED448, NID_undef, NID_ED448},
+    {NID_RSA_SHA3_224, NID_sha3_224, NID_rsaEncryption},
+    {NID_RSA_SHA3_256, NID_sha3_256, NID_rsaEncryption},
+    {NID_RSA_SHA3_384, NID_sha3_384, NID_rsaEncryption},
+    {NID_RSA_SHA3_512, NID_sha3_512, NID_rsaEncryption},
 };
 
 static const nid_triple *const sigoid_srt_xref[] = {
@@ -115,4 +121,8 @@ static const nid_triple *const sigoid_srt_xref[] = {
     &sigoid_srt[28],
     &sigoid_srt[40],
     &sigoid_srt[41],
+    &sigoid_srt[44],
+    &sigoid_srt[45],
+    &sigoid_srt[46],
+    &sigoid_srt[47],
 };
diff --git a/deps/openssl/openssl/crypto/objects/obj_xref.txt b/deps/openssl/openssl/crypto/objects/obj_xref.txt
index 981103b36d..ca3e74461d 100644
--- a/deps/openssl/openssl/crypto/objects/obj_xref.txt
+++ b/deps/openssl/openssl/crypto/objects/obj_xref.txt
@@ -13,10 +13,16 @@ sha512WithRSAEncryption	sha512	rsaEncryption
 sha224WithRSAEncryption	sha224	rsaEncryption
 mdc2WithRSA		mdc2	rsaEncryption
 ripemd160WithRSA	ripemd160 rsaEncryption
+RSA_SHA3_224		sha3_224 rsaEncryption
+RSA_SHA3_256		sha3_256 rsaEncryption
+RSA_SHA3_384		sha3_384 rsaEncryption
+RSA_SHA3_512		sha3_512 rsaEncryption
 # For PSS the digest algorithm can vary and depends on the included
 # AlgorithmIdentifier. The digest "undef" indicates the public key
 # method should handle this explicitly.
 rsassaPss		undef	rsaEncryption
+ED25519		    undef	ED25519
+ED448		    undef	ED448
 
 # Alternative deprecated OIDs. By using the older "rsa" OID this
 # type will be recognized by not normally used.
diff --git a/deps/openssl/openssl/crypto/objects/objects.pl b/deps/openssl/openssl/crypto/objects/objects.pl
index 3b40277a23..8f9b67f959 100644
--- a/deps/openssl/openssl/crypto/objects/objects.pl
+++ b/deps/openssl/openssl/crypto/objects/objects.pl
@@ -1,11 +1,23 @@
 #! /usr/bin/env perl
-# Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
 # in the file LICENSE in the source distribution or at
 # https://www.openssl.org/source/license.html
 
+use Getopt::Std;
+
+our($opt_n);
+getopts('n');
+
+# Output year depends on the year of the script and the input file.
+my $YEAR = [localtime([stat($0)]->[9])]->[5] + 1900;
+my $iYEAR = [localtime([stat($ARGV[0])]->[9])]->[5] + 1900;
+$YEAR = $iYEAR if $iYEAR > $YEAR;
+$iYEAR = [localtime([stat($ARGV[1])]->[9])]->[5] + 1900;
+$YEAR = $iYEAR if $iYEAR > $YEAR;
+
 open (NUMIN,"$ARGV[1]") || die "Can't open number file $ARGV[1]";
 $max_nid=0;
 $o=0;
@@ -116,20 +128,20 @@ print STDERR "Added OID $Cname\n";
 	}
 close IN;
 
-open (NUMOUT,">$ARGV[1]") || die "Can't open output file $ARGV[1]";
-foreach (sort { $a <=> $b } keys %nidn)
-	{
-	print NUMOUT $nidn{$_},"\t\t",$_,"\n";
-	}
-close NUMOUT;
+if ( $opt_n ) {
+    foreach (sort { $a <=> $b } keys %nidn)
+            {
+            print $nidn{$_},"\t\t",$_,"\n";
+            }
+    exit;
+}
 
-open (OUT,">$ARGV[2]") || die "Can't open output file $ARGV[2]";
-print OUT <<'EOF';
+print <<"EOF";
 /*
  * WARNING: do not edit!
  * Generated by crypto/objects/objects.pl
  *
- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-$YEAR The OpenSSL Project Authors. All Rights Reserved.
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
@@ -154,15 +166,13 @@ sub expand
 foreach (sort { $a <=> $b } keys %ordern)
 	{
 	$Cname=$ordern{$_};
-	print OUT "\n";
-	print OUT expand("#define SN_$Cname\t\t\"$sn{$Cname}\"\n") if $sn{$Cname} ne "";
-	print OUT expand("#define LN_$Cname\t\t\"$ln{$Cname}\"\n") if $ln{$Cname} ne "";
-	print OUT expand("#define NID_$Cname\t\t$nid{$Cname}\n") if $nid{$Cname} ne "";
-	print OUT expand("#define OBJ_$Cname\t\t$obj{$Cname}\n") if $obj{$Cname} ne "";
+	print "\n";
+	print expand("#define SN_$Cname\t\t\"$sn{$Cname}\"\n") if $sn{$Cname} ne "";
+	print expand("#define LN_$Cname\t\t\"$ln{$Cname}\"\n") if $ln{$Cname} ne "";
+	print expand("#define NID_$Cname\t\t$nid{$Cname}\n") if $nid{$Cname} ne "";
+	print expand("#define OBJ_$Cname\t\t$obj{$Cname}\n") if $obj{$Cname} ne "";
 	}
 
-close OUT;
-
 sub process_oid
 	{
 	local($oid)=@_;
diff --git a/deps/openssl/openssl/crypto/objects/objects.txt b/deps/openssl/openssl/crypto/objects/objects.txt
index fc0781d1c9..6dbc41ce37 100644
--- a/deps/openssl/openssl/crypto/objects/objects.txt
+++ b/deps/openssl/openssl/crypto/objects/objects.txt
@@ -15,8 +15,14 @@ iso 3			: identified-organization
 identified-organization 6 1 5 5 8 1 1	: HMAC-MD5	: hmac-md5
 identified-organization 6 1 5 5 8 1 2	: HMAC-SHA1	: hmac-sha1
 
+# "1.3.36.8.3.3"
+identified-organization 36 8 3 3	: x509ExtAdmission	: Professional Information or basis for Admission
+
 identified-organization 132	: certicom-arc
 
+identified-organization 111     : ieee
+ieee 2 1619                     : ieee-siswg    : IEEE Security in Storage Working Group
+
 joint-iso-itu-t 23	: international-organizations	: International Organizations
 
 international-organizations 43	: wap
@@ -30,6 +36,10 @@ member-body 840		: ISO-US		: ISO US Member Body
 ISO-US 10040		: X9-57			: X9.57
 X9-57 4			: X9cm			: X9.57 CM ?
 
+member-body 156         : ISO-CN        : ISO CN Member Body
+ISO-CN 10197            : oscca
+oscca 1                 : sm-scheme
+
 !Cname dsa
 X9cm 1			: DSA			: dsaEncryption
 X9cm 3			: DSA-SHA1		: dsaWithSHA1
@@ -175,6 +185,8 @@ pkcs1 11		: RSA-SHA256		: sha256WithRSAEncryption
 pkcs1 12		: RSA-SHA384		: sha384WithRSAEncryption
 pkcs1 13		: RSA-SHA512		: sha512WithRSAEncryption
 pkcs1 14		: RSA-SHA224		: sha224WithRSAEncryption
+pkcs1 15		: RSA-SHA512/224	: sha512-224WithRSAEncryption
+pkcs1 16		: RSA-SHA512/256	: sha512-256WithRSAEncryption
 
 pkcs 3			: pkcs3
 pkcs3 1			:			: dhKeyAgreement
@@ -294,6 +306,7 @@ id-smime-aa 26		: id-smime-aa-ets-certCRLTimestamp
 id-smime-aa 27		: id-smime-aa-ets-archiveTimeStamp
 id-smime-aa 28		: id-smime-aa-signatureType
 id-smime-aa 29		: id-smime-aa-dvcs-dvc
+id-smime-aa 47		: id-smime-aa-signingCertificateV2
 
 # S/MIME Algorithm Identifiers
 # obsolete
@@ -367,12 +380,21 @@ rsadsi 2 5		: MD5			: md5
 rsadsi 2 6		:			: hmacWithMD5
 rsadsi 2 7		:			: hmacWithSHA1
 
+sm-scheme 301           : SM2                   : sm2
+
+sm-scheme 401           : SM3                   : sm3
+sm-scheme 504           : RSA-SM3		: sm3WithRSAEncryption
+
 # From RFC4231
 rsadsi 2 8		:			: hmacWithSHA224
 rsadsi 2 9		:			: hmacWithSHA256
 rsadsi 2 10		:			: hmacWithSHA384
 rsadsi 2 11		:			: hmacWithSHA512
 
+# From RFC8018
+rsadsi 2 12             :                       : hmacWithSHA512-224
+rsadsi 2 13             :                       : hmacWithSHA512-256
+
 rsadsi 3 2		: RC2-CBC		: rc2-cbc
 			: RC2-ECB		: rc2-ecb
 !Cname rc2-cfb64
@@ -512,6 +534,8 @@ id-kp 23                : sendRouter            : Send Router
 id-kp 24                : sendProxiedRouter     : Send Proxied Router
 id-kp 25                : sendOwner             : Send Owner
 id-kp 26                : sendProxiedOwner      : Send Proxied Owner
+id-kp 27                : cmcCA                 : CMC Certificate Authority
+id-kp 28                : cmcRA                 : CMC Registration Authority
 
 # CMP information types
 id-it 1			: id-it-caProtEncCert
@@ -575,7 +599,7 @@ id-cmc 19		: id-cmc-responseInfo
 id-cmc 21		: id-cmc-queryPending
 id-cmc 22		: id-cmc-popLinkRandom
 id-cmc 23		: id-cmc-popLinkWitness
-id-cmc 24		: id-cmc-confirmCertAcceptance 
+id-cmc 24		: id-cmc-confirmCertAcceptance
 
 # other names
 id-on 1			: id-on-personalData
@@ -737,6 +761,11 @@ X509 53			: 			: deltaRevocationList
 X509 54			: dmdName		:
 X509 65			:			: pseudonym
 X509 72			: role			: role
+X509 97                 :			: organizationIdentifier
+X509 98			: c3			: countryCode3c
+X509 99			: n3			: countryCode3n
+X509 100		:			: dnsName
+
 
 X500 8			: X500algorithms	: directory services - algorithms
 X500algorithms 1 1	: RSA			: rsa
@@ -841,7 +870,7 @@ internet 6		: snmpv2		: SNMPv2
 # Documents refer to "internet 7" as "mail". This however leads to ambiguities
 # with RFC2798, Section 9.1.3, where "mail" is defined as the short name for
 # rfc822Mailbox. The short name is therefore here left out for a reason.
-# Subclasses of "mail", e.g. "MIME MHS" don't consitute a problem, as
+# Subclasses of "mail", e.g. "MIME MHS" don't constitute a problem, as
 # references are realized via long name "Mail" (with capital M).
 internet 7		:			: Mail
 
@@ -900,6 +929,9 @@ aes 46			: id-aes256-GCM		: aes-256-gcm
 aes 47			: id-aes256-CCM		: aes-256-ccm
 aes 48			: id-aes256-wrap-pad
 
+ieee-siswg 0 1 1        : AES-128-XTS		: aes-128-xts
+ieee-siswg 0 1 2        : AES-256-XTS		: aes-256-xts
+
 # There are no OIDs for these modes...
 
 			: AES-128-CFB1		: aes-128-cfb1
@@ -914,24 +946,57 @@ aes 48			: id-aes256-wrap-pad
 			: AES-128-OCB		: aes-128-ocb
 			: AES-192-OCB		: aes-192-ocb
 			: AES-256-OCB		: aes-256-ocb
-			: AES-128-XTS		: aes-128-xts
-			: AES-256-XTS		: aes-256-xts
 			: DES-CFB1		: des-cfb1
 			: DES-CFB8		: des-cfb8
 			: DES-EDE3-CFB1		: des-ede3-cfb1
 			: DES-EDE3-CFB8		: des-ede3-cfb8
 
-# OIDs for SHA224, SHA256, SHA385 and SHA512, according to x9.84.
+# OIDs for SHA224, SHA256, SHA385 and SHA512, according to x9.84 and
+# http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/algorithms.html
+# "Middle" names are specified to be id-sha256, id-sha384, etc., but
+# we adhere to unprefixed capitals for backward compatibility...
 !Alias nist_hashalgs nistAlgorithms 2
 nist_hashalgs 1		: SHA256		: sha256
 nist_hashalgs 2		: SHA384		: sha384
 nist_hashalgs 3		: SHA512		: sha512
 nist_hashalgs 4		: SHA224		: sha224
+nist_hashalgs 5		: SHA512-224		: sha512-224
+nist_hashalgs 6		: SHA512-256		: sha512-256
+nist_hashalgs 7		: SHA3-224		: sha3-224
+nist_hashalgs 8		: SHA3-256		: sha3-256
+nist_hashalgs 9		: SHA3-384		: sha3-384
+nist_hashalgs 10	: SHA3-512		: sha3-512
+nist_hashalgs 11	: SHAKE128		: shake128
+nist_hashalgs 12	: SHAKE256		: shake256
+nist_hashalgs 13	: id-hmacWithSHA3-224	: hmac-sha3-224
+nist_hashalgs 14	: id-hmacWithSHA3-256	: hmac-sha3-256
+nist_hashalgs 15	: id-hmacWithSHA3-384	: hmac-sha3-384
+nist_hashalgs 16	: id-hmacWithSHA3-512	: hmac-sha3-512
+# Below two are incomplete OIDs, to be uncommented when we figure out
+# how to handle them...
+# nist_hashalgs 17	: id-shake128-len	: shake128-len
+# nist_hashalgs 18	: id-shake256-len	: shake256-len
 
 # OIDs for dsa-with-sha224 and dsa-with-sha256
 !Alias dsa_with_sha2 nistAlgorithms 3
 dsa_with_sha2 1		: dsa_with_SHA224
 dsa_with_sha2 2		: dsa_with_SHA256
+# Above two belong below, but kept as they are for backward compatibility
+!Alias sigAlgs nistAlgorithms 3
+sigAlgs 3	: id-dsa-with-sha384	: dsa_with_SHA384
+sigAlgs 4	: id-dsa-with-sha512	: dsa_with_SHA512
+sigAlgs 5	: id-dsa-with-sha3-224	: dsa_with_SHA3-224
+sigAlgs 6	: id-dsa-with-sha3-256	: dsa_with_SHA3-256
+sigAlgs 7	: id-dsa-with-sha3-384	: dsa_with_SHA3-384
+sigAlgs 8	: id-dsa-with-sha3-512	: dsa_with_SHA3-512
+sigAlgs 9	: id-ecdsa-with-sha3-224	: ecdsa_with_SHA3-224
+sigAlgs 10	: id-ecdsa-with-sha3-256	: ecdsa_with_SHA3-256
+sigAlgs 11	: id-ecdsa-with-sha3-384	: ecdsa_with_SHA3-384
+sigAlgs 12	: id-ecdsa-with-sha3-512	: ecdsa_with_SHA3-512
+sigAlgs 13	: id-rsassa-pkcs1-v1_5-with-sha3-224	: RSA-SHA3-224
+sigAlgs 14	: id-rsassa-pkcs1-v1_5-with-sha3-256	: RSA-SHA3-256
+sigAlgs 15	: id-rsassa-pkcs1-v1_5-with-sha3-384	: RSA-SHA3-384
+sigAlgs 16	: id-rsassa-pkcs1-v1_5-with-sha3-512	: RSA-SHA3-512
 
 # Hold instruction CRL entry extension
 !Cname hold-instruction-code
@@ -1278,18 +1343,36 @@ id-tc26-mac 1		: id-tc26-hmac-gost-3411-2012-256 : HMAC GOST 34.11-2012 256 bit
 id-tc26-mac 2		: id-tc26-hmac-gost-3411-2012-512 : HMAC GOST 34.11-2012 512 bit
 
 id-tc26-algorithms 5	: id-tc26-cipher
+id-tc26-cipher 1	:  id-tc26-cipher-gostr3412-2015-magma
+id-tc26-cipher-gostr3412-2015-magma 1	: id-tc26-cipher-gostr3412-2015-magma-ctracpkm
+id-tc26-cipher-gostr3412-2015-magma 2	: id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac
+id-tc26-cipher 2	:  id-tc26-cipher-gostr3412-2015-kuznyechik
+id-tc26-cipher-gostr3412-2015-kuznyechik 1	: id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm
+id-tc26-cipher-gostr3412-2015-kuznyechik 2	: id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac
 
 id-tc26-algorithms 6	: id-tc26-agreement
 id-tc26-agreement 1	: id-tc26-agreement-gost-3410-2012-256
 id-tc26-agreement 2	: id-tc26-agreement-gost-3410-2012-512
 
+id-tc26-algorithms 7	:	id-tc26-wrap
+id-tc26-wrap 1	: id-tc26-wrap-gostr3412-2015-magma
+id-tc26-wrap-gostr3412-2015-magma 1	: id-tc26-wrap-gostr3412-2015-magma-kexp15
+id-tc26-wrap 2	: id-tc26-wrap-gostr3412-2015-kuznyechik
+id-tc26-wrap-gostr3412-2015-magma 1	: id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15
+
 id-tc26 2 		: id-tc26-constants
 
 id-tc26-constants 1	: id-tc26-sign-constants
+id-tc26-sign-constants 1: id-tc26-gost-3410-2012-256-constants
+id-tc26-gost-3410-2012-256-constants 1	: id-tc26-gost-3410-2012-256-paramSetA: GOST R 34.10-2012 (256 bit) ParamSet A
+id-tc26-gost-3410-2012-256-constants 2	: id-tc26-gost-3410-2012-256-paramSetB: GOST R 34.10-2012 (256 bit) ParamSet B
+id-tc26-gost-3410-2012-256-constants 3	: id-tc26-gost-3410-2012-256-paramSetC: GOST R 34.10-2012 (256 bit) ParamSet C
+id-tc26-gost-3410-2012-256-constants 4	: id-tc26-gost-3410-2012-256-paramSetD: GOST R 34.10-2012 (256 bit) ParamSet D
 id-tc26-sign-constants 2: id-tc26-gost-3410-2012-512-constants
 id-tc26-gost-3410-2012-512-constants 0	: id-tc26-gost-3410-2012-512-paramSetTest: GOST R 34.10-2012 (512 bit) testing parameter set
 id-tc26-gost-3410-2012-512-constants 1	: id-tc26-gost-3410-2012-512-paramSetA: GOST R 34.10-2012 (512 bit) ParamSet A
 id-tc26-gost-3410-2012-512-constants 2	: id-tc26-gost-3410-2012-512-paramSetB: GOST R 34.10-2012 (512 bit) ParamSet B
+id-tc26-gost-3410-2012-512-constants 3	: id-tc26-gost-3410-2012-512-paramSetC: GOST R 34.10-2012 (512 bit) ParamSet C
 
 id-tc26-constants 2     : id-tc26-digest-constants
 id-tc26-constants 5     : id-tc26-cipher-constants
@@ -1310,6 +1393,14 @@ member-body 643 100 112	: issuerSignTool	: Signing Tool of Issuer
 			: grasshopper-cfb
 			: grasshopper-mac
 
+#GOST R34.13-2015 Magma
+			: magma-ecb
+			: magma-ctr
+			: magma-ofb
+			: magma-cbc
+			: magma-cfb
+			: magma-mac
+
 # Definitions for Camellia cipher - CBC MODE
 
 1 2 392 200011 61 1 1 1 2 : CAMELLIA-128-CBC		: camellia-128-cbc
@@ -1322,7 +1413,7 @@ member-body 643 100 112	: issuerSignTool	: Signing Tool of Issuer
 # Definitions for Camellia cipher - ECB, CFB, OFB MODE
 
 !Alias ntt-ds 0 3 4401 5
-!Alias camellia ntt-ds 3 1 9 
+!Alias camellia ntt-ds 3 1 9
 
 camellia 1		: CAMELLIA-128-ECB		: camellia-128-ecb
 !Cname camellia-128-ofb128
@@ -1363,6 +1454,48 @@ camellia 50		: CAMELLIA-256-CMAC		: camellia-256-cmac
 			: CAMELLIA-192-CFB8		: camellia-192-cfb8
 			: CAMELLIA-256-CFB8		: camellia-256-cfb8
 
+# Definitions for ARIA cipher
+
+!Alias aria 1 2 410 200046 1 1
+aria 1                  : ARIA-128-ECB                  : aria-128-ecb
+aria 2                  : ARIA-128-CBC                  : aria-128-cbc
+!Cname aria-128-cfb128
+aria 3                  : ARIA-128-CFB                  : aria-128-cfb
+!Cname aria-128-ofb128
+aria 4                  : ARIA-128-OFB                  : aria-128-ofb
+aria 5			: ARIA-128-CTR                  : aria-128-ctr
+
+aria 6                  : ARIA-192-ECB                  : aria-192-ecb
+aria 7                  : ARIA-192-CBC                  : aria-192-cbc
+!Cname aria-192-cfb128
+aria 8                  : ARIA-192-CFB                  : aria-192-cfb
+!Cname aria-192-ofb128
+aria 9                  : ARIA-192-OFB                  : aria-192-ofb
+aria 10                 : ARIA-192-CTR                  : aria-192-ctr
+
+aria 11                 : ARIA-256-ECB                  : aria-256-ecb
+aria 12                 : ARIA-256-CBC                  : aria-256-cbc
+!Cname aria-256-cfb128
+aria 13                 : ARIA-256-CFB                  : aria-256-cfb
+!Cname aria-256-ofb128
+aria 14                 : ARIA-256-OFB                  : aria-256-ofb
+aria 15                 : ARIA-256-CTR                  : aria-256-ctr
+
+# There are no OIDs for these ARIA modes...
+                        : ARIA-128-CFB1                 : aria-128-cfb1
+                        : ARIA-192-CFB1                 : aria-192-cfb1
+                        : ARIA-256-CFB1                 : aria-256-cfb1
+                        : ARIA-128-CFB8                 : aria-128-cfb8
+                        : ARIA-192-CFB8                 : aria-192-cfb8
+                        : ARIA-256-CFB8                 : aria-256-cfb8
+
+aria 37                 : ARIA-128-CCM                  : aria-128-ccm
+aria 38                 : ARIA-192-CCM                  : aria-192-ccm
+aria 39                 : ARIA-256-CCM                  : aria-256-ccm
+aria 34                 : ARIA-128-GCM                  : aria-128-gcm
+aria 35                 : ARIA-192-GCM                  : aria-192-gcm
+aria 36                 : ARIA-256-GCM                  : aria-256-gcm
+
 # Definitions for SEED cipher - ECB, CBC, OFB mode
 
 member-body 410 200004  : KISA          : kisa
@@ -1373,6 +1506,19 @@ kisa 1 5                : SEED-CFB      : seed-cfb
 !Cname seed-ofb128
 kisa 1 6                : SEED-OFB      : seed-ofb
 
+
+# Definitions for SM4 cipher
+
+sm-scheme 104 1         : SM4-ECB             : sm4-ecb
+sm-scheme 104 2         : SM4-CBC             : sm4-cbc
+!Cname sm4-ofb128
+sm-scheme 104 3         : SM4-OFB             : sm4-ofb
+!Cname sm4-cfb128
+sm-scheme 104 4         : SM4-CFB             : sm4-cfb
+sm-scheme 104 5         : SM4-CFB1            : sm4-cfb1
+sm-scheme 104 6         : SM4-CFB8            : sm4-cfb8
+sm-scheme 104 7         : SM4-CTR             : sm4-ctr
+
 # There is no OID that just denotes "HMAC" oddly enough...
 
 			: HMAC				: hmac
@@ -1394,7 +1540,7 @@ ISO-US 10046 2 1	: dhpublicnumber		: X9.42 DH
 
 # RFC 5639 curve OIDs (see http://www.ietf.org/rfc/rfc5639.txt)
 # versionOne OBJECT IDENTIFIER ::= {
-# iso(1) identifified-organization(3) teletrust(36) algorithm(3)
+# iso(1) identified-organization(3) teletrust(36) algorithm(3)
 # signature-algorithm(3) ecSign(2) ecStdCurvesAndGeneration(8)
 # ellipticCurve(1) 1 }
 1 3 36 3 3 2 8 1 1 1 : brainpoolP160r1
@@ -1410,7 +1556,7 @@ ISO-US 10046 2 1	: dhpublicnumber		: X9.42 DH
 1 3 36 3 3 2 8 1 1 11 : brainpoolP384r1
 1 3 36 3 3 2 8 1 1 12 : brainpoolP384t1
 1 3 36 3 3 2 8 1 1 13 : brainpoolP512r1
-1 3 36 3 3 2 8 1 1 14 : brainpoolP512t1            
+1 3 36 3 3 2 8 1 1 14 : brainpoolP512t1
 
 # ECDH schemes from RFC5753
 !Alias x9-63-scheme 1 3 133 16 840 63 0
@@ -1445,7 +1591,8 @@ secg-scheme 14 3 : dhSinglePass-cofactorDH-sha512kdf-scheme
 1 3 6 1 4 1 311 60 2 1 3	: jurisdictionC		: jurisdictionCountryName
 
 # SCRYPT algorithm
-1 3 6 1 4 1 11591 4 11		: id-scrypt
+!Cname id-scrypt
+1 3 6 1 4 1 11591 4 11		: id-scrypt         : scrypt
 
 # NID for TLS1 PRF
                             : TLS1-PRF          : tls1-prf
@@ -1458,9 +1605,12 @@ secg-scheme 14 3 : dhSinglePass-cofactorDH-sha512kdf-scheme
 id-pkinit 4                     : pkInitClientAuth      : PKINIT Client Auth
 id-pkinit 5                     : pkInitKDC             : Signing KDC Response
 
-# New curves from draft-ietf-curdle-pkix-00
+# From RFC8410
 1 3 101 110 : X25519
 1 3 101 111 : X448
+1 3 101 112 : ED25519
+1 3 101 113 : ED448
+
 
 # NIDs for cipher key exchange
                             : KxRSA        : kx-rsa
@@ -1472,6 +1622,7 @@ id-pkinit 5                     : pkInitKDC             : Signing KDC Response
                             : KxPSK        : kx-psk
                             : KxSRP        : kx-srp
                             : KxGOST       : kx-gost
+                            : KxANY        : kx-any
 
 # NIDs for cipher authentication
                             : AuthRSA      : auth-rsa
@@ -1482,4 +1633,45 @@ id-pkinit 5                     : pkInitKDC             : Signing KDC Response
                             : AuthGOST12   : auth-gost12
                             : AuthSRP      : auth-srp
                             : AuthNULL     : auth-null
-
+                            : AuthANY      : auth-any
+# NID for Poly1305
+                            : Poly1305     : poly1305
+# NID for SipHash
+                            : SipHash      : siphash
+
+# NIDs for RFC7919 DH parameters
+                            : ffdhe2048
+                            : ffdhe3072
+                            : ffdhe4096
+                            : ffdhe6144
+                            : ffdhe8192
+
+# OIDs for DSTU-4145/DSTU-7564 (http://zakon2.rada.gov.ua/laws/show/z0423-17)
+
+# DSTU OIDs
+member-body 804   : ISO-UA
+ISO-UA 2 1 1 1    : ua-pki
+ua-pki 1 1 1      : dstu28147         : DSTU Gost 28147-2009
+dstu28147 2       : dstu28147-ofb     : DSTU Gost 28147-2009 OFB mode
+dstu28147 3       : dstu28147-cfb     : DSTU Gost 28147-2009 CFB mode
+dstu28147 5       : dstu28147-wrap    : DSTU Gost 28147-2009 key wrap
+
+ua-pki 1 1 2      : hmacWithDstu34311 : HMAC DSTU Gost 34311-95
+ua-pki 1 2 1      : dstu34311         : DSTU Gost 34311-95
+
+ua-pki 1 3 1 1    : dstu4145le        : DSTU 4145-2002 little endian
+dstu4145le 1 1    : dstu4145be        : DSTU 4145-2002 big endian
+
+# 1.2.804. 2.1.1.1 1.3.1.1  .2.6
+#     UA    ua-pki  4145 le
+# DSTU named curves
+dstu4145le 2 0 : uacurve0 : DSTU curve 0
+dstu4145le 2 1 : uacurve1 : DSTU curve 1
+dstu4145le 2 2 : uacurve2 : DSTU curve 2
+dstu4145le 2 3 : uacurve3 : DSTU curve 3
+dstu4145le 2 4 : uacurve4 : DSTU curve 4
+dstu4145le 2 5 : uacurve5 : DSTU curve 5
+dstu4145le 2 6 : uacurve6 : DSTU curve 6
+dstu4145le 2 7 : uacurve7 : DSTU curve 7
+dstu4145le 2 8 : uacurve8 : DSTU curve 8
+dstu4145le 2 9 : uacurve9 : DSTU curve 9
diff --git a/deps/openssl/openssl/crypto/objects/objxref.pl b/deps/openssl/openssl/crypto/objects/objxref.pl
index 53f9bd604c..0ec63f067e 100644
--- a/deps/openssl/openssl/crypto/objects/objxref.pl
+++ b/deps/openssl/openssl/crypto/objects/objxref.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -14,6 +14,13 @@ my %oid_tbl;
 
 my ($mac_file, $xref_file) = @ARGV;
 
+# Output year depends on the year of the script and the input file.
+my $YEAR = [localtime([stat($0)]->[9])]->[5] + 1900;
+my $iYEAR = [localtime([stat($mac_file)]->[9])]->[5] + 1900;
+$YEAR = $iYEAR if $iYEAR > $YEAR;
+$iYEAR = [localtime([stat($xref_file)]->[9])]->[5] + 1900;
+$YEAR = $iYEAR if $iYEAR > $YEAR;
+
 open(IN, $mac_file) || die "Can't open $mac_file, $!\n";
 
 # Read in OID nid values for a lookup table.
@@ -71,7 +78,7 @@ print <<EOF;
  * WARNING: do not edit!
  * Generated by $pname
  *
- * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1998-$YEAR The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/deps/openssl/openssl/crypto/ocsp/ocsp_cl.c b/deps/openssl/openssl/crypto/ocsp/ocsp_cl.c
index b638694e2d..739ac01807 100644
--- a/deps/openssl/openssl/crypto/ocsp/ocsp_cl.c
+++ b/deps/openssl/openssl/crypto/ocsp/ocsp_cl.c
@@ -10,6 +10,7 @@
 #include <stdio.h>
 #include <time.h>
 #include "internal/cryptlib.h"
+#include <openssl/asn1.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
@@ -209,9 +210,9 @@ const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs)
 int OCSP_resp_get0_id(const OCSP_BASICRESP *bs,
                       const ASN1_OCTET_STRING **pid,
                       const X509_NAME **pname)
-
 {
     const OCSP_RESPID *rid = &bs->tbsResponseData.responderId;
+
     if (rid->type == V_OCSP_RESPID_NAME) {
         *pname = rid->value.byName;
         *pid = NULL;
@@ -224,6 +225,26 @@ int OCSP_resp_get0_id(const OCSP_BASICRESP *bs,
     return 1;
 }
 
+int OCSP_resp_get1_id(const OCSP_BASICRESP *bs,
+                      ASN1_OCTET_STRING **pid,
+                      X509_NAME **pname)
+{
+    const OCSP_RESPID *rid = &bs->tbsResponseData.responderId;
+
+    if (rid->type == V_OCSP_RESPID_NAME) {
+        *pname = X509_NAME_dup(rid->value.byName);
+        *pid = NULL;
+    } else if (rid->type == V_OCSP_RESPID_KEY) {
+        *pid = ASN1_OCTET_STRING_dup(rid->value.byKey);
+        *pname = NULL;
+    } else {
+        return 0;
+    }
+    if (*pname == NULL && *pid == NULL)
+        return 0;
+    return 1;
+}
+
 /* Look single response matching a given certificate ID */
 
 int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last)
diff --git a/deps/openssl/openssl/crypto/ocsp/ocsp_err.c b/deps/openssl/openssl/crypto/ocsp/ocsp_err.c
index a2d96e9c9f..660e193665 100644
--- a/deps/openssl/openssl/crypto/ocsp/ocsp_err.c
+++ b/deps/openssl/openssl/crypto/ocsp/ocsp_err.c
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -8,71 +8,82 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
 #include <openssl/err.h>
-#include <openssl/ocsp.h>
+#include <openssl/ocsperr.h>
 
-/* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_OCSP,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_OCSP,0,reason)
-
-static ERR_STRING_DATA OCSP_str_functs[] = {
-    {ERR_FUNC(OCSP_F_D2I_OCSP_NONCE), "d2i_ocsp_nonce"},
-    {ERR_FUNC(OCSP_F_OCSP_BASIC_ADD1_STATUS), "OCSP_basic_add1_status"},
-    {ERR_FUNC(OCSP_F_OCSP_BASIC_SIGN), "OCSP_basic_sign"},
-    {ERR_FUNC(OCSP_F_OCSP_BASIC_VERIFY), "OCSP_basic_verify"},
-    {ERR_FUNC(OCSP_F_OCSP_CERT_ID_NEW), "OCSP_cert_id_new"},
-    {ERR_FUNC(OCSP_F_OCSP_CHECK_DELEGATED), "ocsp_check_delegated"},
-    {ERR_FUNC(OCSP_F_OCSP_CHECK_IDS), "ocsp_check_ids"},
-    {ERR_FUNC(OCSP_F_OCSP_CHECK_ISSUER), "ocsp_check_issuer"},
-    {ERR_FUNC(OCSP_F_OCSP_CHECK_VALIDITY), "OCSP_check_validity"},
-    {ERR_FUNC(OCSP_F_OCSP_MATCH_ISSUERID), "ocsp_match_issuerid"},
-    {ERR_FUNC(OCSP_F_OCSP_PARSE_URL), "OCSP_parse_url"},
-    {ERR_FUNC(OCSP_F_OCSP_REQUEST_SIGN), "OCSP_request_sign"},
-    {ERR_FUNC(OCSP_F_OCSP_REQUEST_VERIFY), "OCSP_request_verify"},
-    {ERR_FUNC(OCSP_F_OCSP_RESPONSE_GET1_BASIC), "OCSP_response_get1_basic"},
-    {ERR_FUNC(OCSP_F_PARSE_HTTP_LINE1), "parse_http_line1"},
+static const ERR_STRING_DATA OCSP_str_functs[] = {
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_D2I_OCSP_NONCE, 0), "d2i_ocsp_nonce"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_BASIC_ADD1_STATUS, 0),
+     "OCSP_basic_add1_status"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_BASIC_SIGN, 0), "OCSP_basic_sign"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_BASIC_SIGN_CTX, 0),
+     "OCSP_basic_sign_ctx"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_BASIC_VERIFY, 0), "OCSP_basic_verify"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_CERT_ID_NEW, 0), "OCSP_cert_id_new"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_CHECK_DELEGATED, 0),
+     "ocsp_check_delegated"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_CHECK_IDS, 0), "ocsp_check_ids"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_CHECK_ISSUER, 0), "ocsp_check_issuer"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_CHECK_VALIDITY, 0),
+     "OCSP_check_validity"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_MATCH_ISSUERID, 0),
+     "ocsp_match_issuerid"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_PARSE_URL, 0), "OCSP_parse_url"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_REQUEST_SIGN, 0), "OCSP_request_sign"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_REQUEST_VERIFY, 0),
+     "OCSP_request_verify"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_RESPONSE_GET1_BASIC, 0),
+     "OCSP_response_get1_basic"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_PARSE_HTTP_LINE1, 0), "parse_http_line1"},
     {0, NULL}
 };
 
-static ERR_STRING_DATA OCSP_str_reasons[] = {
-    {ERR_REASON(OCSP_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"},
-    {ERR_REASON(OCSP_R_DIGEST_ERR), "digest err"},
-    {ERR_REASON(OCSP_R_ERROR_IN_NEXTUPDATE_FIELD),
-     "error in nextupdate field"},
-    {ERR_REASON(OCSP_R_ERROR_IN_THISUPDATE_FIELD),
-     "error in thisupdate field"},
-    {ERR_REASON(OCSP_R_ERROR_PARSING_URL), "error parsing url"},
-    {ERR_REASON(OCSP_R_MISSING_OCSPSIGNING_USAGE),
-     "missing ocspsigning usage"},
-    {ERR_REASON(OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE),
-     "nextupdate before thisupdate"},
-    {ERR_REASON(OCSP_R_NOT_BASIC_RESPONSE), "not basic response"},
-    {ERR_REASON(OCSP_R_NO_CERTIFICATES_IN_CHAIN), "no certificates in chain"},
-    {ERR_REASON(OCSP_R_NO_RESPONSE_DATA), "no response data"},
-    {ERR_REASON(OCSP_R_NO_REVOKED_TIME), "no revoked time"},
-    {ERR_REASON(OCSP_R_NO_SIGNER_KEY), "no signer key"},
-    {ERR_REASON(OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),
-     "private key does not match certificate"},
-    {ERR_REASON(OCSP_R_REQUEST_NOT_SIGNED), "request not signed"},
-    {ERR_REASON(OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA),
-     "response contains no revocation data"},
-    {ERR_REASON(OCSP_R_ROOT_CA_NOT_TRUSTED), "root ca not trusted"},
-    {ERR_REASON(OCSP_R_SERVER_RESPONSE_ERROR), "server response error"},
-    {ERR_REASON(OCSP_R_SERVER_RESPONSE_PARSE_ERROR),
-     "server response parse error"},
-    {ERR_REASON(OCSP_R_SIGNATURE_FAILURE), "signature failure"},
-    {ERR_REASON(OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND),
-     "signer certificate not found"},
-    {ERR_REASON(OCSP_R_STATUS_EXPIRED), "status expired"},
-    {ERR_REASON(OCSP_R_STATUS_NOT_YET_VALID), "status not yet valid"},
-    {ERR_REASON(OCSP_R_STATUS_TOO_OLD), "status too old"},
-    {ERR_REASON(OCSP_R_UNKNOWN_MESSAGE_DIGEST), "unknown message digest"},
-    {ERR_REASON(OCSP_R_UNKNOWN_NID), "unknown nid"},
-    {ERR_REASON(OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE),
-     "unsupported requestorname type"},
+static const ERR_STRING_DATA OCSP_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_CERTIFICATE_VERIFY_ERROR),
+    "certificate verify error"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_DIGEST_ERR), "digest err"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_ERROR_IN_NEXTUPDATE_FIELD),
+    "error in nextupdate field"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_ERROR_IN_THISUPDATE_FIELD),
+    "error in thisupdate field"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_ERROR_PARSING_URL), "error parsing url"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_MISSING_OCSPSIGNING_USAGE),
+    "missing ocspsigning usage"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE),
+    "nextupdate before thisupdate"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_NOT_BASIC_RESPONSE),
+    "not basic response"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_NO_CERTIFICATES_IN_CHAIN),
+    "no certificates in chain"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_NO_RESPONSE_DATA), "no response data"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_NO_REVOKED_TIME), "no revoked time"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_NO_SIGNER_KEY), "no signer key"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),
+    "private key does not match certificate"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_REQUEST_NOT_SIGNED),
+    "request not signed"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA),
+    "response contains no revocation data"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_ROOT_CA_NOT_TRUSTED),
+    "root ca not trusted"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_SERVER_RESPONSE_ERROR),
+    "server response error"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_SERVER_RESPONSE_PARSE_ERROR),
+    "server response parse error"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_SIGNATURE_FAILURE), "signature failure"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND),
+    "signer certificate not found"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_STATUS_EXPIRED), "status expired"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_STATUS_NOT_YET_VALID),
+    "status not yet valid"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_STATUS_TOO_OLD), "status too old"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_UNKNOWN_MESSAGE_DIGEST),
+    "unknown message digest"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_UNKNOWN_NID), "unknown nid"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE),
+    "unsupported requestorname type"},
     {0, NULL}
 };
 
@@ -81,10 +92,9 @@ static ERR_STRING_DATA OCSP_str_reasons[] = {
 int ERR_load_OCSP_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
-
     if (ERR_func_error_string(OCSP_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, OCSP_str_functs);
-        ERR_load_strings(0, OCSP_str_reasons);
+        ERR_load_strings_const(OCSP_str_functs);
+        ERR_load_strings_const(OCSP_str_reasons);
     }
 #endif
     return 1;
diff --git a/deps/openssl/openssl/crypto/ocsp/ocsp_ext.c b/deps/openssl/openssl/crypto/ocsp/ocsp_ext.c
index b829b2e4e3..27ee212459 100644
--- a/deps/openssl/openssl/crypto/ocsp/ocsp_ext.c
+++ b/deps/openssl/openssl/crypto/ocsp/ocsp_ext.c
@@ -22,7 +22,7 @@
 
 int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x)
 {
-    return (X509v3_get_ext_count(x->tbsRequest.requestExtensions));
+    return X509v3_get_ext_count(x->tbsRequest.requestExtensions);
 }
 
 int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos)
@@ -46,12 +46,12 @@ int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos)
 
 X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc)
 {
-    return (X509v3_get_ext(x->tbsRequest.requestExtensions, loc));
+    return X509v3_get_ext(x->tbsRequest.requestExtensions, loc);
 }
 
 X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc)
 {
-    return (X509v3_delete_ext(x->tbsRequest.requestExtensions, loc));
+    return X509v3_delete_ext(x->tbsRequest.requestExtensions, loc);
 }
 
 void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, int *idx)
@@ -76,18 +76,18 @@ int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc)
 
 int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x)
 {
-    return (X509v3_get_ext_count(x->singleRequestExtensions));
+    return X509v3_get_ext_count(x->singleRequestExtensions);
 }
 
 int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos)
 {
-    return (X509v3_get_ext_by_NID(x->singleRequestExtensions, nid, lastpos));
+    return X509v3_get_ext_by_NID(x->singleRequestExtensions, nid, lastpos);
 }
 
 int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, const ASN1_OBJECT *obj,
                                int lastpos)
 {
-    return (X509v3_get_ext_by_OBJ(x->singleRequestExtensions, obj, lastpos));
+    return X509v3_get_ext_by_OBJ(x->singleRequestExtensions, obj, lastpos);
 }
 
 int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos)
@@ -98,12 +98,12 @@ int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos)
 
 X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc)
 {
-    return (X509v3_get_ext(x->singleRequestExtensions, loc));
+    return X509v3_get_ext(x->singleRequestExtensions, loc);
 }
 
 X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc)
 {
-    return (X509v3_delete_ext(x->singleRequestExtensions, loc));
+    return X509v3_delete_ext(x->singleRequestExtensions, loc);
 }
 
 void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx)
@@ -127,7 +127,7 @@ int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc)
 
 int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x)
 {
-    return (X509v3_get_ext_count(x->tbsResponseData.responseExtensions));
+    return X509v3_get_ext_count(x->tbsResponseData.responseExtensions);
 }
 
 int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos)
@@ -152,12 +152,12 @@ int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit,
 
 X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc)
 {
-    return (X509v3_get_ext(x->tbsResponseData.responseExtensions, loc));
+    return X509v3_get_ext(x->tbsResponseData.responseExtensions, loc);
 }
 
 X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc)
 {
-    return (X509v3_delete_ext(x->tbsResponseData.responseExtensions, loc));
+    return X509v3_delete_ext(x->tbsResponseData.responseExtensions, loc);
 }
 
 void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit,
@@ -184,34 +184,34 @@ int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc)
 
 int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x)
 {
-    return (X509v3_get_ext_count(x->singleExtensions));
+    return X509v3_get_ext_count(x->singleExtensions);
 }
 
 int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos)
 {
-    return (X509v3_get_ext_by_NID(x->singleExtensions, nid, lastpos));
+    return X509v3_get_ext_by_NID(x->singleExtensions, nid, lastpos);
 }
 
 int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, const ASN1_OBJECT *obj,
                                    int lastpos)
 {
-    return (X509v3_get_ext_by_OBJ(x->singleExtensions, obj, lastpos));
+    return X509v3_get_ext_by_OBJ(x->singleExtensions, obj, lastpos);
 }
 
 int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit,
                                         int lastpos)
 {
-    return (X509v3_get_ext_by_critical(x->singleExtensions, crit, lastpos));
+    return X509v3_get_ext_by_critical(x->singleExtensions, crit, lastpos);
 }
 
 X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc)
 {
-    return (X509v3_get_ext(x->singleExtensions, loc));
+    return X509v3_get_ext(x->singleExtensions, loc);
 }
 
 X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc)
 {
-    return (X509v3_delete_ext(x->singleExtensions, loc));
+    return X509v3_delete_ext(x->singleExtensions, loc);
 }
 
 void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit,
diff --git a/deps/openssl/openssl/crypto/ocsp/ocsp_ht.c b/deps/openssl/openssl/crypto/ocsp/ocsp_ht.c
index d8796ca6bf..42c3686431 100644
--- a/deps/openssl/openssl/crypto/ocsp/ocsp_ht.c
+++ b/deps/openssl/openssl/crypto/ocsp/ocsp_ht.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -7,11 +7,11 @@
  * https://www.openssl.org/source/license.html
  */
 
+#include "e_os.h"
 #include <stdio.h>
 #include <stdlib.h>
-#include <ctype.h>
+#include "internal/ctype.h"
 #include <string.h>
-#include "e_os.h"
 #include <openssl/asn1.h>
 #include <openssl/ocsp.h>
 #include <openssl/err.h>
@@ -209,7 +209,7 @@ static int parse_http_line1(char *line)
     char *p, *q, *r;
     /* Skip to first white space (passed protocol info) */
 
-    for (p = line; *p && !isspace((unsigned char)*p); p++)
+    for (p = line; *p && !ossl_isspace(*p); p++)
         continue;
     if (!*p) {
         OCSPerr(OCSP_F_PARSE_HTTP_LINE1, OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
@@ -217,7 +217,7 @@ static int parse_http_line1(char *line)
     }
 
     /* Skip past white space to start of response code */
-    while (*p && isspace((unsigned char)*p))
+    while (*p && ossl_isspace(*p))
         p++;
 
     if (!*p) {
@@ -226,7 +226,7 @@ static int parse_http_line1(char *line)
     }
 
     /* Find end of response code: first whitespace after start of code */
-    for (q = p; *q && !isspace((unsigned char)*q); q++)
+    for (q = p; *q && !ossl_isspace(*q); q++)
         continue;
 
     if (!*q) {
@@ -244,7 +244,7 @@ static int parse_http_line1(char *line)
         return 0;
 
     /* Skip over any leading white space in message */
-    while (*q && isspace((unsigned char)*q))
+    while (*q && ossl_isspace(*q))
         q++;
 
     if (*q) {
@@ -253,7 +253,7 @@ static int parse_http_line1(char *line)
          */
 
         /* We know q has a non white space character so this is OK */
-        for (r = q + strlen(q) - 1; isspace((unsigned char)*r); r--)
+        for (r = q + strlen(q) - 1; ossl_isspace(*r); r--)
             *r = 0;
     }
     if (retcode != 200) {
diff --git a/deps/openssl/openssl/crypto/ocsp/ocsp_lcl.h b/deps/openssl/openssl/crypto/ocsp/ocsp_lcl.h
index d1cf1583f4..36646fdfc9 100644
--- a/deps/openssl/openssl/crypto/ocsp/ocsp_lcl.h
+++ b/deps/openssl/openssl/crypto/ocsp/ocsp_lcl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -224,6 +224,10 @@ struct ocsp_service_locator_st {
         ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),&(o)->signatureAlgorithm,\
                 NULL,(o)->signature,&(o)->tbsResponseData,pkey,md)
 
+#  define OCSP_BASICRESP_sign_ctx(o,ctx,d) \
+        ASN1_item_sign_ctx(ASN1_ITEM_rptr(OCSP_RESPDATA),&(o)->signatureAlgorithm,\
+                NULL,(o)->signature,&(o)->tbsResponseData,ctx)
+
 #  define OCSP_REQUEST_verify(a,r) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO),\
         &(a)->optionalSignature->signatureAlgorithm,\
         (a)->optionalSignature->signature,&(a)->tbsRequest,r)
diff --git a/deps/openssl/openssl/crypto/ocsp/ocsp_srv.c b/deps/openssl/openssl/crypto/ocsp/ocsp_srv.c
index 46a4bf7852..6bd6f7b6d8 100644
--- a/deps/openssl/openssl/crypto/ocsp/ocsp_srv.c
+++ b/deps/openssl/openssl/crypto/ocsp/ocsp_srv.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -168,15 +168,28 @@ int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert)
     return 1;
 }
 
-int OCSP_basic_sign(OCSP_BASICRESP *brsp,
-                    X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,
+/*
+ * Sign an OCSP response using the parameters contained in the digest context,
+ * set the responderID to the subject name in the signer's certificate, and
+ * include one or more optional certificates in the response.
+ */
+
+int OCSP_basic_sign_ctx(OCSP_BASICRESP *brsp,
+                    X509 *signer, EVP_MD_CTX *ctx,
                     STACK_OF(X509) *certs, unsigned long flags)
 {
     int i;
     OCSP_RESPID *rid;
+    EVP_PKEY *pkey;
 
-    if (!X509_check_private_key(signer, key)) {
-        OCSPerr(OCSP_F_OCSP_BASIC_SIGN,
+    if (ctx == NULL || EVP_MD_CTX_pkey_ctx(ctx) == NULL) {
+        OCSPerr(OCSP_F_OCSP_BASIC_SIGN_CTX, OCSP_R_NO_SIGNER_KEY);
+        goto err;
+    }
+
+    pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx));
+    if (pkey == NULL || !X509_check_private_key(signer, pkey)) {
+        OCSPerr(OCSP_F_OCSP_BASIC_SIGN_CTX,
                 OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
         goto err;
     }
@@ -208,7 +221,7 @@ int OCSP_basic_sign(OCSP_BASICRESP *brsp,
      * -- Richard Levitte
      */
 
-    if (!OCSP_BASICRESP_sign(brsp, key, dgst, 0))
+    if (!OCSP_BASICRESP_sign_ctx(brsp, ctx, 0))
         goto err;
 
     return 1;
@@ -216,6 +229,26 @@ int OCSP_basic_sign(OCSP_BASICRESP *brsp,
     return 0;
 }
 
+int OCSP_basic_sign(OCSP_BASICRESP *brsp,
+                    X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,
+                    STACK_OF(X509) *certs, unsigned long flags)
+{
+    EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+    EVP_PKEY_CTX *pkctx = NULL;
+    int i;
+
+    if (ctx == NULL)
+        return 0;
+
+    if (!EVP_DigestSignInit(ctx, &pkctx, dgst, NULL, key)) {
+        EVP_MD_CTX_free(ctx);
+        return 0;
+    }
+    i = OCSP_basic_sign_ctx(brsp, signer, ctx, certs, flags);
+    EVP_MD_CTX_free(ctx);
+    return i;
+}
+
 int OCSP_RESPID_set_by_name(OCSP_RESPID *respid, X509 *cert)
 {
     if (!X509_NAME_set(&respid->value.byName, X509_get_subject_name(cert)))
@@ -265,7 +298,7 @@ int OCSP_RESPID_match(OCSP_RESPID *respid, X509 *cert)
         return (ASN1_STRING_length(respid->value.byKey) == SHA_DIGEST_LENGTH)
             && (memcmp(ASN1_STRING_get0_data(respid->value.byKey), md,
                        SHA_DIGEST_LENGTH) == 0);
-    } else if(respid->type == V_OCSP_RESPID_NAME) {
+    } else if (respid->type == V_OCSP_RESPID_NAME) {
         if (respid->value.byName == NULL)
             return 0;
 
diff --git a/deps/openssl/openssl/crypto/pariscid.pl b/deps/openssl/openssl/crypto/pariscid.pl
index 3d4a5f8aef..5a231c49f0 100644
--- a/deps/openssl/openssl/crypto/pariscid.pl
+++ b/deps/openssl/openssl/crypto/pariscid.pl
@@ -255,9 +255,22 @@ L\$done2
 	.PROCEND
 ___
 }
-$code =~ s/cmpib,\*/comib,/gm	if ($SIZE_T==4);
-$code =~ s/,\*/,/gm		if ($SIZE_T==4);
-$code =~ s/\bbv\b/bve/gm	if ($SIZE_T==8);
-print $code;
+
+if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+	=~ /GNU assembler/) {
+    $gnuas = 1;
+}
+
+foreach(split("\n",$code)) {
+
+	s/(\.LEVEL\s+2\.0)W/$1w/	if ($gnuas && $SIZE_T==8);
+	s/\.SPACE\s+\$TEXT\$/.text/	if ($gnuas && $SIZE_T==8);
+	s/\.SUBSPA.*//			if ($gnuas && $SIZE_T==8);
+	s/cmpib,\*/comib,/		if ($SIZE_T==4);
+	s/,\*/,/			if ($SIZE_T==4);
+	s/\bbv\b/bve/			if ($SIZE_T==8);
+
+	print $_,"\n";
+}
 close STDOUT;
 
diff --git a/deps/openssl/openssl/crypto/pem/pem_err.c b/deps/openssl/openssl/crypto/pem/pem_err.c
index f36d89324b..f642030aa5 100644
--- a/deps/openssl/openssl/crypto/pem/pem_err.c
+++ b/deps/openssl/openssl/crypto/pem/pem_err.c
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -8,95 +8,107 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
 #include <openssl/err.h>
-#include <openssl/pem.h>
+#include <openssl/pemerr.h>
 
-/* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_PEM,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_PEM,0,reason)
-
-static ERR_STRING_DATA PEM_str_functs[] = {
-    {ERR_FUNC(PEM_F_B2I_DSS), "b2i_dss"},
-    {ERR_FUNC(PEM_F_B2I_PVK_BIO), "b2i_PVK_bio"},
-    {ERR_FUNC(PEM_F_B2I_RSA), "b2i_rsa"},
-    {ERR_FUNC(PEM_F_CHECK_BITLEN_DSA), "check_bitlen_dsa"},
-    {ERR_FUNC(PEM_F_CHECK_BITLEN_RSA), "check_bitlen_rsa"},
-    {ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_BIO), "d2i_PKCS8PrivateKey_bio"},
-    {ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_FP), "d2i_PKCS8PrivateKey_fp"},
-    {ERR_FUNC(PEM_F_DO_B2I), "do_b2i"},
-    {ERR_FUNC(PEM_F_DO_B2I_BIO), "do_b2i_bio"},
-    {ERR_FUNC(PEM_F_DO_BLOB_HEADER), "do_blob_header"},
-    {ERR_FUNC(PEM_F_DO_PK8PKEY), "do_pk8pkey"},
-    {ERR_FUNC(PEM_F_DO_PK8PKEY_FP), "do_pk8pkey_fp"},
-    {ERR_FUNC(PEM_F_DO_PVK_BODY), "do_PVK_body"},
-    {ERR_FUNC(PEM_F_DO_PVK_HEADER), "do_PVK_header"},
-    {ERR_FUNC(PEM_F_I2B_PVK), "i2b_PVK"},
-    {ERR_FUNC(PEM_F_I2B_PVK_BIO), "i2b_PVK_bio"},
-    {ERR_FUNC(PEM_F_LOAD_IV), "load_iv"},
-    {ERR_FUNC(PEM_F_PEM_ASN1_READ), "PEM_ASN1_read"},
-    {ERR_FUNC(PEM_F_PEM_ASN1_READ_BIO), "PEM_ASN1_read_bio"},
-    {ERR_FUNC(PEM_F_PEM_ASN1_WRITE), "PEM_ASN1_write"},
-    {ERR_FUNC(PEM_F_PEM_ASN1_WRITE_BIO), "PEM_ASN1_write_bio"},
-    {ERR_FUNC(PEM_F_PEM_DEF_CALLBACK), "PEM_def_callback"},
-    {ERR_FUNC(PEM_F_PEM_DO_HEADER), "PEM_do_header"},
-    {ERR_FUNC(PEM_F_PEM_GET_EVP_CIPHER_INFO), "PEM_get_EVP_CIPHER_INFO"},
-    {ERR_FUNC(PEM_F_PEM_READ), "PEM_read"},
-    {ERR_FUNC(PEM_F_PEM_READ_BIO), "PEM_read_bio"},
-    {ERR_FUNC(PEM_F_PEM_READ_BIO_DHPARAMS), "PEM_read_bio_DHparams"},
-    {ERR_FUNC(PEM_F_PEM_READ_BIO_PARAMETERS), "PEM_read_bio_Parameters"},
-    {ERR_FUNC(PEM_F_PEM_READ_BIO_PRIVATEKEY), "PEM_read_bio_PrivateKey"},
-    {ERR_FUNC(PEM_F_PEM_READ_DHPARAMS), "PEM_read_DHparams"},
-    {ERR_FUNC(PEM_F_PEM_READ_PRIVATEKEY), "PEM_read_PrivateKey"},
-    {ERR_FUNC(PEM_F_PEM_SIGNFINAL), "PEM_SignFinal"},
-    {ERR_FUNC(PEM_F_PEM_WRITE), "PEM_write"},
-    {ERR_FUNC(PEM_F_PEM_WRITE_BIO), "PEM_write_bio"},
-    {ERR_FUNC(PEM_F_PEM_WRITE_PRIVATEKEY), "PEM_write_PrivateKey"},
-    {ERR_FUNC(PEM_F_PEM_X509_INFO_READ), "PEM_X509_INFO_read"},
-    {ERR_FUNC(PEM_F_PEM_X509_INFO_READ_BIO), "PEM_X509_INFO_read_bio"},
-    {ERR_FUNC(PEM_F_PEM_X509_INFO_WRITE_BIO), "PEM_X509_INFO_write_bio"},
+static const ERR_STRING_DATA PEM_str_functs[] = {
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_B2I_DSS, 0), "b2i_dss"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_B2I_PVK_BIO, 0), "b2i_PVK_bio"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_B2I_RSA, 0), "b2i_rsa"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_CHECK_BITLEN_DSA, 0), "check_bitlen_dsa"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_CHECK_BITLEN_RSA, 0), "check_bitlen_rsa"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_D2I_PKCS8PRIVATEKEY_BIO, 0),
+     "d2i_PKCS8PrivateKey_bio"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_D2I_PKCS8PRIVATEKEY_FP, 0),
+     "d2i_PKCS8PrivateKey_fp"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_DO_B2I, 0), "do_b2i"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_DO_B2I_BIO, 0), "do_b2i_bio"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_DO_BLOB_HEADER, 0), "do_blob_header"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_DO_I2B, 0), "do_i2b"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_DO_PK8PKEY, 0), "do_pk8pkey"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_DO_PK8PKEY_FP, 0), "do_pk8pkey_fp"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_DO_PVK_BODY, 0), "do_PVK_body"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_DO_PVK_HEADER, 0), "do_PVK_header"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_GET_HEADER_AND_DATA, 0),
+     "get_header_and_data"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_GET_NAME, 0), "get_name"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_I2B_PVK, 0), "i2b_PVK"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_I2B_PVK_BIO, 0), "i2b_PVK_bio"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_LOAD_IV, 0), "load_iv"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_ASN1_READ, 0), "PEM_ASN1_read"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_ASN1_READ_BIO, 0), "PEM_ASN1_read_bio"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_ASN1_WRITE, 0), "PEM_ASN1_write"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_ASN1_WRITE_BIO, 0), "PEM_ASN1_write_bio"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_DEF_CALLBACK, 0), "PEM_def_callback"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_DO_HEADER, 0), "PEM_do_header"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_GET_EVP_CIPHER_INFO, 0),
+     "PEM_get_EVP_CIPHER_INFO"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ, 0), "PEM_read"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ_BIO, 0), "PEM_read_bio"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ_BIO_DHPARAMS, 0),
+     "PEM_read_bio_DHparams"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ_BIO_EX, 0), "PEM_read_bio_ex"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ_BIO_PARAMETERS, 0),
+     "PEM_read_bio_Parameters"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ_BIO_PRIVATEKEY, 0),
+     "PEM_read_bio_PrivateKey"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ_DHPARAMS, 0), "PEM_read_DHparams"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ_PRIVATEKEY, 0),
+     "PEM_read_PrivateKey"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_SIGNFINAL, 0), "PEM_SignFinal"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_WRITE, 0), "PEM_write"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_WRITE_BIO, 0), "PEM_write_bio"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_WRITE_PRIVATEKEY, 0),
+     "PEM_write_PrivateKey"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_X509_INFO_READ, 0), "PEM_X509_INFO_read"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_X509_INFO_READ_BIO, 0),
+     "PEM_X509_INFO_read_bio"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_X509_INFO_WRITE_BIO, 0),
+     "PEM_X509_INFO_write_bio"},
     {0, NULL}
 };
 
-static ERR_STRING_DATA PEM_str_reasons[] = {
-    {ERR_REASON(PEM_R_BAD_BASE64_DECODE), "bad base64 decode"},
-    {ERR_REASON(PEM_R_BAD_DECRYPT), "bad decrypt"},
-    {ERR_REASON(PEM_R_BAD_END_LINE), "bad end line"},
-    {ERR_REASON(PEM_R_BAD_IV_CHARS), "bad iv chars"},
-    {ERR_REASON(PEM_R_BAD_MAGIC_NUMBER), "bad magic number"},
-    {ERR_REASON(PEM_R_BAD_PASSWORD_READ), "bad password read"},
-    {ERR_REASON(PEM_R_BAD_VERSION_NUMBER), "bad version number"},
-    {ERR_REASON(PEM_R_BIO_WRITE_FAILURE), "bio write failure"},
-    {ERR_REASON(PEM_R_CIPHER_IS_NULL), "cipher is null"},
-    {ERR_REASON(PEM_R_ERROR_CONVERTING_PRIVATE_KEY),
-     "error converting private key"},
-    {ERR_REASON(PEM_R_EXPECTING_PRIVATE_KEY_BLOB),
-     "expecting private key blob"},
-    {ERR_REASON(PEM_R_EXPECTING_PUBLIC_KEY_BLOB),
-     "expecting public key blob"},
-    {ERR_REASON(PEM_R_HEADER_TOO_LONG), "header too long"},
-    {ERR_REASON(PEM_R_INCONSISTENT_HEADER), "inconsistent header"},
-    {ERR_REASON(PEM_R_KEYBLOB_HEADER_PARSE_ERROR),
-     "keyblob header parse error"},
-    {ERR_REASON(PEM_R_KEYBLOB_TOO_SHORT), "keyblob too short"},
-    {ERR_REASON(PEM_R_MISSING_DEK_IV), "missing dek iv"},
-    {ERR_REASON(PEM_R_NOT_DEK_INFO), "not dek info"},
-    {ERR_REASON(PEM_R_NOT_ENCRYPTED), "not encrypted"},
-    {ERR_REASON(PEM_R_NOT_PROC_TYPE), "not proc type"},
-    {ERR_REASON(PEM_R_NO_START_LINE), "no start line"},
-    {ERR_REASON(PEM_R_PROBLEMS_GETTING_PASSWORD),
-     "problems getting password"},
-    {ERR_REASON(PEM_R_PVK_DATA_TOO_SHORT), "pvk data too short"},
-    {ERR_REASON(PEM_R_PVK_TOO_SHORT), "pvk too short"},
-    {ERR_REASON(PEM_R_READ_KEY), "read key"},
-    {ERR_REASON(PEM_R_SHORT_HEADER), "short header"},
-    {ERR_REASON(PEM_R_UNEXPECTED_DEK_IV), "unexpected dek iv"},
-    {ERR_REASON(PEM_R_UNSUPPORTED_CIPHER), "unsupported cipher"},
-    {ERR_REASON(PEM_R_UNSUPPORTED_ENCRYPTION), "unsupported encryption"},
-    {ERR_REASON(PEM_R_UNSUPPORTED_KEY_COMPONENTS),
-     "unsupported key components"},
+static const ERR_STRING_DATA PEM_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_BASE64_DECODE), "bad base64 decode"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_DECRYPT), "bad decrypt"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_END_LINE), "bad end line"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_IV_CHARS), "bad iv chars"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_MAGIC_NUMBER), "bad magic number"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_PASSWORD_READ), "bad password read"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_VERSION_NUMBER), "bad version number"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BIO_WRITE_FAILURE), "bio write failure"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_CIPHER_IS_NULL), "cipher is null"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_ERROR_CONVERTING_PRIVATE_KEY),
+    "error converting private key"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_EXPECTING_PRIVATE_KEY_BLOB),
+    "expecting private key blob"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_EXPECTING_PUBLIC_KEY_BLOB),
+    "expecting public key blob"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_HEADER_TOO_LONG), "header too long"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_INCONSISTENT_HEADER),
+    "inconsistent header"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_KEYBLOB_HEADER_PARSE_ERROR),
+    "keyblob header parse error"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_KEYBLOB_TOO_SHORT), "keyblob too short"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_MISSING_DEK_IV), "missing dek iv"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_NOT_DEK_INFO), "not dek info"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_NOT_ENCRYPTED), "not encrypted"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_NOT_PROC_TYPE), "not proc type"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_NO_START_LINE), "no start line"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_PROBLEMS_GETTING_PASSWORD),
+    "problems getting password"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_PVK_DATA_TOO_SHORT), "pvk data too short"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_PVK_TOO_SHORT), "pvk too short"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_READ_KEY), "read key"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_SHORT_HEADER), "short header"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_UNEXPECTED_DEK_IV), "unexpected dek iv"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_UNSUPPORTED_CIPHER), "unsupported cipher"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_UNSUPPORTED_ENCRYPTION),
+    "unsupported encryption"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_UNSUPPORTED_KEY_COMPONENTS),
+    "unsupported key components"},
     {0, NULL}
 };
 
@@ -105,10 +117,9 @@ static ERR_STRING_DATA PEM_str_reasons[] = {
 int ERR_load_PEM_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
-
     if (ERR_func_error_string(PEM_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, PEM_str_functs);
-        ERR_load_strings(0, PEM_str_reasons);
+        ERR_load_strings_const(PEM_str_functs);
+        ERR_load_strings_const(PEM_str_reasons);
     }
 #endif
     return 1;
diff --git a/deps/openssl/openssl/crypto/pem/pem_info.c b/deps/openssl/openssl/crypto/pem/pem_info.c
index 78d4476a2a..a45fe83001 100644
--- a/deps/openssl/openssl/crypto/pem/pem_info.c
+++ b/deps/openssl/openssl/crypto/pem/pem_info.c
@@ -26,12 +26,12 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
 
     if ((b = BIO_new(BIO_s_file())) == NULL) {
         PEMerr(PEM_F_PEM_X509_INFO_READ, ERR_R_BUF_LIB);
-        return (0);
+        return 0;
     }
     BIO_set_fp(b, fp, BIO_NOCLOSE);
     ret = PEM_X509_INFO_read_bio(b, sk, cb, u);
     BIO_free(b);
-    return (ret);
+    return ret;
 }
 #endif
 
@@ -240,7 +240,7 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk,
     OPENSSL_free(name);
     OPENSSL_free(header);
     OPENSSL_free(data);
-    return (ret);
+    return ret;
 }
 
 /* A TJH addition */
@@ -256,7 +256,13 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
 
     if (enc != NULL) {
         objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
-        if (objstr == NULL) {
+        if (objstr == NULL
+                   /*
+                    * Check "Proc-Type: 4,Encrypted\nDEK-Info: objstr,hex-iv\n"
+                    * fits into buf
+                    */
+                || (strlen(objstr) + 23 + 2 * EVP_CIPHER_iv_length(enc) + 13)
+                   > sizeof(buf)) {
             PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO, PEM_R_UNSUPPORTED_CIPHER);
             goto err;
         }
@@ -291,10 +297,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
                 goto err;
             }
 
-            /* create the right magic header stuff */
-            OPENSSL_assert(strlen(objstr) + 23
-                           + 2 * EVP_CIPHER_iv_length(enc) + 13 <=
-                           sizeof(buf));
+            /* Create the right magic header stuff */ 
             buf[0] = '\0';
             PEM_proc_type(buf, PEM_TYPE_ENCRYPTED);
             PEM_dek_info(buf, objstr, EVP_CIPHER_iv_length(enc),
@@ -330,5 +333,5 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
 
  err:
     OPENSSL_cleanse(buf, PEM_BUFSIZE);
-    return (ret);
+    return ret;
 }
diff --git a/deps/openssl/openssl/crypto/pem/pem_lib.c b/deps/openssl/openssl/crypto/pem/pem_lib.c
index 6f06c5291f..4bb86463fa 100644
--- a/deps/openssl/openssl/crypto/pem/pem_lib.c
+++ b/deps/openssl/openssl/crypto/pem/pem_lib.c
@@ -8,7 +8,7 @@
  */
 
 #include <stdio.h>
-#include <ctype.h>
+#include "internal/ctype.h"
 #include <string.h>
 #include "internal/cryptlib.h"
 #include <openssl/buffer.h>
@@ -30,11 +30,8 @@ int pem_check_suffix(const char *pem_str, const char *suffix);
 
 int PEM_def_callback(char *buf, int num, int rwflag, void *userdata)
 {
-    int i;
-#ifndef OPENSSL_NO_UI
-    int min_len;
+    int i, min_len;
     const char *prompt;
-#endif
 
     /* We assume that the user passes a default password as userdata */
     if (userdata) {
@@ -44,10 +41,6 @@ int PEM_def_callback(char *buf, int num, int rwflag, void *userdata)
         return i;
     }
 
-#ifdef OPENSSL_NO_UI
-    PEMerr(PEM_F_PEM_DEF_CALLBACK, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-    return -1;
-#else
     prompt = EVP_get_pw_prompt();
     if (prompt == NULL)
         prompt = "Enter PEM pass phrase:";
@@ -68,12 +61,12 @@ int PEM_def_callback(char *buf, int num, int rwflag, void *userdata)
         return -1;
     }
     return strlen(buf);
-#endif
 }
 
 void PEM_proc_type(char *buf, int type)
 {
     const char *str;
+    char *p = buf + strlen(buf);
 
     if (type == PEM_TYPE_ENCRYPTED)
         str = "ENCRYPTED";
@@ -84,29 +77,29 @@ void PEM_proc_type(char *buf, int type)
     else
         str = "BAD-TYPE";
 
-    OPENSSL_strlcat(buf, "Proc-Type: 4,", PEM_BUFSIZE);
-    OPENSSL_strlcat(buf, str, PEM_BUFSIZE);
-    OPENSSL_strlcat(buf, "\n", PEM_BUFSIZE);
+    BIO_snprintf(p, PEM_BUFSIZE - (size_t)(p - buf), "Proc-Type: 4,%s\n", str);
 }
 
 void PEM_dek_info(char *buf, const char *type, int len, char *str)
 {
-    static const unsigned char map[17] = "0123456789ABCDEF";
     long i;
-    int j;
-
-    OPENSSL_strlcat(buf, "DEK-Info: ", PEM_BUFSIZE);
-    OPENSSL_strlcat(buf, type, PEM_BUFSIZE);
-    OPENSSL_strlcat(buf, ",", PEM_BUFSIZE);
-    j = strlen(buf);
-    if (j + (len * 2) + 1 > PEM_BUFSIZE)
-        return;
-    for (i = 0; i < len; i++) {
-        buf[j + i * 2] = map[(str[i] >> 4) & 0x0f];
-        buf[j + i * 2 + 1] = map[(str[i]) & 0x0f];
-    }
-    buf[j + i * 2] = '\n';
-    buf[j + i * 2 + 1] = '\0';
+    char *p = buf + strlen(buf);
+    int j = PEM_BUFSIZE - (size_t)(p - buf), n;
+
+    n = BIO_snprintf(p, j, "DEK-Info: %s,", type);
+    if (n > 0) {
+        j -= n;
+        p += n;
+        for (i = 0; i < len; i++) {
+            n = BIO_snprintf(p, j, "%02X", 0xff & str[i]);
+            if (n <= 0)
+                return;
+            j -= n;
+            p += n;
+        }
+        if (j > 1)
+            strcpy(p, "\n");
+    }
 }
 
 #ifndef OPENSSL_NO_STDIO
@@ -118,12 +111,12 @@ void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x,
 
     if ((b = BIO_new(BIO_s_file())) == NULL) {
         PEMerr(PEM_F_PEM_ASN1_READ, ERR_R_BUF_LIB);
-        return (0);
+        return 0;
     }
     BIO_set_fp(b, fp, BIO_NOCLOSE);
     ret = PEM_ASN1_read_bio(d2i, name, b, x, cb, u);
     BIO_free(b);
-    return (ret);
+    return ret;
 }
 #endif
 
@@ -222,28 +215,41 @@ static int check_pem(const char *nm, const char *name)
     return 0;
 }
 
-int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm,
-                       const char *name, BIO *bp, pem_password_cb *cb,
-                       void *u)
+static void pem_free(void *p, unsigned int flags, size_t num)
+{
+    if (flags & PEM_FLAG_SECURE)
+        OPENSSL_secure_clear_free(p, num);
+    else
+        OPENSSL_free(p);
+}
+
+static void *pem_malloc(int num, unsigned int flags)
+{
+    return (flags & PEM_FLAG_SECURE) ? OPENSSL_secure_malloc(num)
+                                     : OPENSSL_malloc(num);
+}
+
+static int pem_bytes_read_bio_flags(unsigned char **pdata, long *plen,
+                                    char **pnm, const char *name, BIO *bp,
+                                    pem_password_cb *cb, void *u,
+                                    unsigned int flags)
 {
     EVP_CIPHER_INFO cipher;
     char *nm = NULL, *header = NULL;
     unsigned char *data = NULL;
-    long len;
+    long len = 0;
     int ret = 0;
 
-    for (;;) {
-        if (!PEM_read_bio(bp, &nm, &header, &data, &len)) {
+    do {
+        pem_free(nm, flags, 0);
+        pem_free(header, flags, 0);
+        pem_free(data, flags, len);
+        if (!PEM_read_bio_ex(bp, &nm, &header, &data, &len, flags)) {
             if (ERR_GET_REASON(ERR_peek_error()) == PEM_R_NO_START_LINE)
                 ERR_add_error_data(2, "Expecting: ", name);
             return 0;
         }
-        if (check_pem(nm, name))
-            break;
-        OPENSSL_free(nm);
-        OPENSSL_free(header);
-        OPENSSL_free(data);
-    }
+    } while (!check_pem(nm, name));
     if (!PEM_get_EVP_CIPHER_INFO(header, &cipher))
         goto err;
     if (!PEM_do_header(&cipher, data, &len, cb, u))
@@ -252,20 +258,34 @@ int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm,
     *pdata = data;
     *plen = len;
 
-    if (pnm)
+    if (pnm != NULL)
         *pnm = nm;
 
     ret = 1;
 
  err:
-    if (!ret || !pnm)
-        OPENSSL_free(nm);
-    OPENSSL_free(header);
+    if (!ret || pnm == NULL)
+        pem_free(nm, flags, 0);
+    pem_free(header, flags, 0);
     if (!ret)
-        OPENSSL_free(data);
+        pem_free(data, flags, len);
     return ret;
 }
 
+int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm,
+                       const char *name, BIO *bp, pem_password_cb *cb,
+                       void *u) {
+    return pem_bytes_read_bio_flags(pdata, plen, pnm, name, bp, cb, u,
+                                    PEM_FLAG_EAY_COMPATIBLE);
+}
+
+int PEM_bytes_read_bio_secmem(unsigned char **pdata, long *plen, char **pnm,
+                              const char *name, BIO *bp, pem_password_cb *cb,
+                              void *u) {
+    return pem_bytes_read_bio_flags(pdata, plen, pnm, name, bp, cb, u,
+                                    PEM_FLAG_SECURE | PEM_FLAG_EAY_COMPATIBLE);
+}
+
 #ifndef OPENSSL_NO_STDIO
 int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
                    void *x, const EVP_CIPHER *enc, unsigned char *kstr,
@@ -276,12 +296,12 @@ int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
 
     if ((b = BIO_new(BIO_s_file())) == NULL) {
         PEMerr(PEM_F_PEM_ASN1_WRITE, ERR_R_BUF_LIB);
-        return (0);
+        return 0;
     }
     BIO_set_fp(b, fp, BIO_NOCLOSE);
     ret = PEM_ASN1_write_bio(i2d, name, b, x, enc, kstr, klen, callback, u);
     BIO_free(b);
-    return (ret);
+    return ret;
 }
 #endif
 
@@ -299,7 +319,14 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
 
     if (enc != NULL) {
         objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
-        if (objstr == NULL || EVP_CIPHER_iv_length(enc) == 0) {
+        if (objstr == NULL || EVP_CIPHER_iv_length(enc) == 0
+                || EVP_CIPHER_iv_length(enc) > (int)sizeof(iv)
+                   /*
+                    * Check "Proc-Type: 4,Encrypted\nDEK-Info: objstr,hex-iv\n"
+                    * fits into buf
+                    */
+                || (strlen(objstr) + 23 + 2 * EVP_CIPHER_iv_length(enc) + 13)
+                   > sizeof(buf)) {
             PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, PEM_R_UNSUPPORTED_CIPHER);
             goto err;
         }
@@ -336,8 +363,6 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
 #endif
             kstr = (unsigned char *)buf;
         }
-        RAND_add(data, i, 0);   /* put in the RSA key. */
-        OPENSSL_assert(EVP_CIPHER_iv_length(enc) <= (int)sizeof(iv));
         if (RAND_bytes(iv, EVP_CIPHER_iv_length(enc)) <= 0) /* Generate a salt */
             goto err;
         /*
@@ -350,9 +375,6 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
         if (kstr == (unsigned char *)buf)
             OPENSSL_cleanse(buf, PEM_BUFSIZE);
 
-        OPENSSL_assert(strlen(objstr) + 23 + 2 * EVP_CIPHER_iv_length(enc) + 13
-                       <= sizeof(buf));
-
         buf[0] = '\0';
         PEM_proc_type(buf, PEM_TYPE_ENCRYPTED);
         PEM_dek_info(buf, objstr, EVP_CIPHER_iv_length(enc), (char *)iv);
@@ -380,7 +402,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
     EVP_CIPHER_CTX_free(ctx);
     OPENSSL_cleanse(buf, PEM_BUFSIZE);
     OPENSSL_clear_free(data, (unsigned int)dsize);
-    return (ret);
+    return ret;
 }
 
 int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
@@ -549,14 +571,14 @@ static int load_iv(char **fromp, unsigned char *to, int num)
         v = OPENSSL_hexchar2int(*from);
         if (v < 0) {
             PEMerr(PEM_F_LOAD_IV, PEM_R_BAD_IV_CHARS);
-            return (0);
+            return 0;
         }
         from++;
         to[i / 2] |= v << (long)((!(i & 1)) * 4);
     }
 
     *fromp = from;
-    return (1);
+    return 1;
 }
 
 #ifndef OPENSSL_NO_STDIO
@@ -568,12 +590,12 @@ int PEM_write(FILE *fp, const char *name, const char *header,
 
     if ((b = BIO_new(BIO_s_file())) == NULL) {
         PEMerr(PEM_F_PEM_WRITE, ERR_R_BUF_LIB);
-        return (0);
+        return 0;
     }
     BIO_set_fp(b, fp, BIO_NOCLOSE);
     ret = PEM_write_bio(b, name, header, data, len);
     BIO_free(b);
-    return (ret);
+    return ret;
 }
 #endif
 
@@ -584,6 +606,7 @@ int PEM_write_bio(BIO *bp, const char *name, const char *header,
     unsigned char *buf = NULL;
     EVP_ENCODE_CTX *ctx = EVP_ENCODE_CTX_new();
     int reason = ERR_R_BUF_LIB;
+    int retval = 0;
 
     if (ctx == NULL) {
         reason = ERR_R_MALLOC_FAILURE;
@@ -628,14 +651,14 @@ int PEM_write_bio(BIO *bp, const char *name, const char *header,
         (BIO_write(bp, name, nlen) != nlen) ||
         (BIO_write(bp, "-----\n", 6) != 6))
         goto err;
-    OPENSSL_clear_free(buf, PEM_BUFSIZE * 8);
-    EVP_ENCODE_CTX_free(ctx);
-    return (i + outl);
+    retval = i + outl;
+
  err:
-    OPENSSL_clear_free(buf, PEM_BUFSIZE * 8);
+    if (retval == 0)
+        PEMerr(PEM_F_PEM_WRITE_BIO, reason);
     EVP_ENCODE_CTX_free(ctx);
-    PEMerr(PEM_F_PEM_WRITE_BIO, reason);
-    return (0);
+    OPENSSL_clear_free(buf, PEM_BUFSIZE * 8);
+    return retval;
 }
 
 #ifndef OPENSSL_NO_STDIO
@@ -647,186 +670,299 @@ int PEM_read(FILE *fp, char **name, char **header, unsigned char **data,
 
     if ((b = BIO_new(BIO_s_file())) == NULL) {
         PEMerr(PEM_F_PEM_READ, ERR_R_BUF_LIB);
-        return (0);
+        return 0;
     }
     BIO_set_fp(b, fp, BIO_NOCLOSE);
     ret = PEM_read_bio(b, name, header, data, len);
     BIO_free(b);
-    return (ret);
+    return ret;
 }
 #endif
 
-int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,
-                 long *len)
+/* Some helpers for PEM_read_bio_ex(). */
+static int sanitize_line(char *linebuf, int len, unsigned int flags)
 {
-    EVP_ENCODE_CTX *ctx = EVP_ENCODE_CTX_new();
-    int end = 0, i, k, bl = 0, hl = 0, nohead = 0;
-    char buf[256];
-    BUF_MEM *nameB;
-    BUF_MEM *headerB;
-    BUF_MEM *dataB, *tmpB;
+    int i;
 
-    if (ctx == NULL) {
-        PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
-        return (0);
+    if (flags & PEM_FLAG_EAY_COMPATIBLE) {
+        /* Strip trailing whitespace */
+        while ((len >= 0) && (linebuf[len] <= ' '))
+            len--;
+        /* Go back to whitespace before applying uniform line ending. */
+        len++;
+    } else if (flags & PEM_FLAG_ONLY_B64) {
+        for (i = 0; i < len; ++i) {
+            if (!ossl_isbase64(linebuf[i]) || linebuf[i] == '\n'
+                || linebuf[i] == '\r')
+                break;
+        }
+        len = i;
+    } else {
+        /* EVP_DecodeBlock strips leading and trailing whitespace, so just strip
+         * control characters in-place and let everything through. */
+        for (i = 0; i < len; ++i) {
+            if (linebuf[i] == '\n' || linebuf[i] == '\r')
+                break;
+            if (ossl_iscntrl(linebuf[i]))
+                linebuf[i] = ' ';
+        }
+        len = i;
     }
+    /* The caller allocated LINESIZE+1, so this is safe. */
+    linebuf[len++] = '\n';
+    linebuf[len] = '\0';
+    return len;
+}
 
-    nameB = BUF_MEM_new();
-    headerB = BUF_MEM_new();
-    dataB = BUF_MEM_new();
-    if ((nameB == NULL) || (headerB == NULL) || (dataB == NULL)) {
-        goto err;
+#define LINESIZE 255
+/* Note trailing spaces for begin and end. */
+static const char beginstr[] = "-----BEGIN ";
+static const char endstr[] = "-----END ";
+static const char tailstr[] = "-----\n";
+#define BEGINLEN ((int)(sizeof(beginstr) - 1))
+#define ENDLEN ((int)(sizeof(endstr) - 1))
+#define TAILLEN ((int)(sizeof(tailstr) - 1))
+static int get_name(BIO *bp, char **name, unsigned int flags)
+{
+    char *linebuf;
+    int ret = 0;
+    int len;
+
+    /*
+     * Need to hold trailing NUL (accounted for by BIO_gets() and the newline
+     * that will be added by sanitize_line() (the extra '1').
+     */
+    linebuf = pem_malloc(LINESIZE + 1, flags);
+    if (linebuf == NULL) {
+        PEMerr(PEM_F_GET_NAME, ERR_R_MALLOC_FAILURE);
+        return 0;
     }
 
-    buf[254] = '\0';
-    for (;;) {
-        i = BIO_gets(bp, buf, 254);
+    do {
+        len = BIO_gets(bp, linebuf, LINESIZE);
 
-        if (i <= 0) {
-            PEMerr(PEM_F_PEM_READ_BIO, PEM_R_NO_START_LINE);
+        if (len <= 0) {
+            PEMerr(PEM_F_GET_NAME, PEM_R_NO_START_LINE);
             goto err;
         }
 
-        while ((i >= 0) && (buf[i] <= ' '))
-            i--;
-        buf[++i] = '\n';
-        buf[++i] = '\0';
+        /* Strip trailing garbage and standardize ending. */
+        len = sanitize_line(linebuf, len, flags & ~PEM_FLAG_ONLY_B64);
+
+        /* Allow leading empty or non-matching lines. */
+    } while (strncmp(linebuf, beginstr, BEGINLEN) != 0
+             || len < TAILLEN
+             || strncmp(linebuf + len - TAILLEN, tailstr, TAILLEN) != 0);
+    linebuf[len - TAILLEN] = '\0';
+    len = len - BEGINLEN - TAILLEN + 1;
+    *name = pem_malloc(len, flags);
+    if (*name == NULL) {
+        PEMerr(PEM_F_GET_NAME, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    memcpy(*name, linebuf + BEGINLEN, len);
+    ret = 1;
+
+err:
+    pem_free(linebuf, flags, LINESIZE + 1);
+    return ret;
+}
+
+/* Keep track of how much of a header we've seen. */
+enum header_status {
+    MAYBE_HEADER,
+    IN_HEADER,
+    POST_HEADER
+};
+
+/**
+ * Extract the optional PEM header, with details on the type of content and
+ * any encryption used on the contents, and the bulk of the data from the bio.
+ * The end of the header is marked by a blank line; if the end-of-input marker
+ * is reached prior to a blank line, there is no header.
+ *
+ * The header and data arguments are BIO** since we may have to swap them
+ * if there is no header, for efficiency.
+ *
+ * We need the name of the PEM-encoded type to verify the end string.
+ */
+static int get_header_and_data(BIO *bp, BIO **header, BIO **data, char *name,
+                               unsigned int flags)
+{
+    BIO *tmp = *header;
+    char *linebuf, *p;
+    int len, line, ret = 0, end = 0;
+    /* 0 if not seen (yet), 1 if reading header, 2 if finished header */
+    enum header_status got_header = MAYBE_HEADER;
+    unsigned int flags_mask;
+    size_t namelen;
+
+    /* Need to hold trailing NUL (accounted for by BIO_gets() and the newline
+     * that will be added by sanitize_line() (the extra '1'). */
+    linebuf = pem_malloc(LINESIZE + 1, flags);
+    if (linebuf == NULL) {
+        PEMerr(PEM_F_GET_HEADER_AND_DATA, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
 
-        if (strncmp(buf, "-----BEGIN ", 11) == 0) {
-            i = strlen(&(buf[11]));
+    for (line = 0; ; line++) {
+        flags_mask = ~0u;
+        len = BIO_gets(bp, linebuf, LINESIZE);
+        if (len <= 0) {
+            PEMerr(PEM_F_GET_HEADER_AND_DATA, PEM_R_SHORT_HEADER);
+            goto err;
+        }
 
-            if (strncmp(&(buf[11 + i - 6]), "-----\n", 6) != 0)
-                continue;
-            if (!BUF_MEM_grow(nameB, i + 9)) {
-                PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
+        if (got_header == MAYBE_HEADER) {
+            if (memchr(linebuf, ':', len) != NULL)
+                got_header = IN_HEADER;
+        }
+        if (!strncmp(linebuf, endstr, ENDLEN) || got_header == IN_HEADER)
+            flags_mask &= ~PEM_FLAG_ONLY_B64;
+        len = sanitize_line(linebuf, len, flags & flags_mask);
+
+        /* Check for end of header. */
+        if (linebuf[0] == '\n') {
+            if (got_header == POST_HEADER) {
+                /* Another blank line is an error. */
+                PEMerr(PEM_F_GET_HEADER_AND_DATA, PEM_R_BAD_END_LINE);
                 goto err;
             }
-            memcpy(nameB->data, &(buf[11]), i - 6);
-            nameB->data[i - 6] = '\0';
-            break;
+            got_header = POST_HEADER;
+            tmp = *data;
+            continue;
         }
-    }
-    hl = 0;
-    if (!BUF_MEM_grow(headerB, 256)) {
-        PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-    headerB->data[0] = '\0';
-    for (;;) {
-        i = BIO_gets(bp, buf, 254);
-        if (i <= 0)
-            break;
 
-        while ((i >= 0) && (buf[i] <= ' '))
-            i--;
-        buf[++i] = '\n';
-        buf[++i] = '\0';
-
-        if (buf[0] == '\n')
+        /* Check for end of stream (which means there is no header). */
+        if (strncmp(linebuf, endstr, ENDLEN) == 0) {
+            p = linebuf + ENDLEN;
+            namelen = strlen(name);
+            if (strncmp(p, name, namelen) != 0 ||
+                strncmp(p + namelen, tailstr, TAILLEN) != 0) {
+                PEMerr(PEM_F_GET_HEADER_AND_DATA, PEM_R_BAD_END_LINE);
+                goto err;
+            }
+            if (got_header == MAYBE_HEADER) {
+                *header = *data;
+                *data = tmp;
+            }
             break;
-        if (!BUF_MEM_grow(headerB, hl + i + 9)) {
-            PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
+        } else if (end) {
+            /* Malformed input; short line not at end of data. */
+            PEMerr(PEM_F_GET_HEADER_AND_DATA, PEM_R_BAD_END_LINE);
             goto err;
         }
-        if (strncmp(buf, "-----END ", 9) == 0) {
-            nohead = 1;
-            break;
+        /*
+         * Else, a line of text -- could be header or data; we don't
+         * know yet.  Just pass it through.
+         */
+        if (BIO_puts(tmp, linebuf) < 0)
+            goto err;
+        /*
+         * Only encrypted files need the line length check applied.
+         */
+        if (got_header == POST_HEADER) {
+            /* 65 includes the trailing newline */
+            if (len > 65)
+                goto err;
+            if (len < 65)
+                end = 1;
         }
-        memcpy(&(headerB->data[hl]), buf, i);
-        headerB->data[hl + i] = '\0';
-        hl += i;
     }
 
-    bl = 0;
-    if (!BUF_MEM_grow(dataB, 1024)) {
-        PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-    dataB->data[0] = '\0';
-    if (!nohead) {
-        for (;;) {
-            i = BIO_gets(bp, buf, 254);
-            if (i <= 0)
-                break;
-
-            while ((i >= 0) && (buf[i] <= ' '))
-                i--;
-            buf[++i] = '\n';
-            buf[++i] = '\0';
+    ret = 1;
+err:
+    pem_free(linebuf, flags, LINESIZE + 1);
+    return ret;
+}
 
-            if (i != 65)
-                end = 1;
-            if (strncmp(buf, "-----END ", 9) == 0)
-                break;
-            if (i > 65)
-                break;
-            if (!BUF_MEM_grow_clean(dataB, i + bl + 9)) {
-                PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
-                goto err;
-            }
-            memcpy(&(dataB->data[bl]), buf, i);
-            dataB->data[bl + i] = '\0';
-            bl += i;
-            if (end) {
-                buf[0] = '\0';
-                i = BIO_gets(bp, buf, 254);
-                if (i <= 0)
-                    break;
-
-                while ((i >= 0) && (buf[i] <= ' '))
-                    i--;
-                buf[++i] = '\n';
-                buf[++i] = '\0';
+/**
+ * Read in PEM-formatted data from the given BIO.
+ *
+ * By nature of the PEM format, all content must be printable ASCII (except
+ * for line endings).  Other characters are malformed input and will be rejected.
+ */
+int PEM_read_bio_ex(BIO *bp, char **name_out, char **header,
+                    unsigned char **data, long *len_out, unsigned int flags)
+{
+    EVP_ENCODE_CTX *ctx = EVP_ENCODE_CTX_new();
+    const BIO_METHOD *bmeth;
+    BIO *headerB = NULL, *dataB = NULL;
+    char *name = NULL;
+    int len, taillen, headerlen, ret = 0;
+    BUF_MEM * buf_mem;
 
-                break;
-            }
-        }
-    } else {
-        tmpB = headerB;
-        headerB = dataB;
-        dataB = tmpB;
-        bl = hl;
-    }
-    i = strlen(nameB->data);
-    if ((strncmp(buf, "-----END ", 9) != 0) ||
-        (strncmp(nameB->data, &(buf[9]), i) != 0) ||
-        (strncmp(&(buf[9 + i]), "-----\n", 6) != 0)) {
-        PEMerr(PEM_F_PEM_READ_BIO, PEM_R_BAD_END_LINE);
-        goto err;
+    if (ctx == NULL) {
+        PEMerr(PEM_F_PEM_READ_BIO_EX, ERR_R_MALLOC_FAILURE);
+        return 0;
     }
 
-    EVP_DecodeInit(ctx);
-    i = EVP_DecodeUpdate(ctx,
-                         (unsigned char *)dataB->data, &bl,
-                         (unsigned char *)dataB->data, bl);
-    if (i < 0) {
-        PEMerr(PEM_F_PEM_READ_BIO, PEM_R_BAD_BASE64_DECODE);
-        goto err;
+    *len_out = 0;
+    *name_out = *header = NULL;
+    *data = NULL;
+    if ((flags & PEM_FLAG_EAY_COMPATIBLE) && (flags & PEM_FLAG_ONLY_B64)) {
+        /* These two are mutually incompatible; bail out. */
+        PEMerr(PEM_F_PEM_READ_BIO_EX, ERR_R_PASSED_INVALID_ARGUMENT);
+        goto end;
     }
-    i = EVP_DecodeFinal(ctx, (unsigned char *)&(dataB->data[bl]), &k);
-    if (i < 0) {
-        PEMerr(PEM_F_PEM_READ_BIO, PEM_R_BAD_BASE64_DECODE);
-        goto err;
+    bmeth = (flags & PEM_FLAG_SECURE) ? BIO_s_secmem() : BIO_s_mem();
+
+    headerB = BIO_new(bmeth);
+    dataB = BIO_new(bmeth);
+    if (headerB == NULL || dataB == NULL) {
+        PEMerr(PEM_F_PEM_READ_BIO_EX, ERR_R_MALLOC_FAILURE);
+        goto end;
     }
-    bl += k;
 
-    if (bl == 0)
-        goto err;
-    *name = nameB->data;
-    *header = headerB->data;
-    *data = (unsigned char *)dataB->data;
-    *len = bl;
-    OPENSSL_free(nameB);
-    OPENSSL_free(headerB);
-    OPENSSL_free(dataB);
-    EVP_ENCODE_CTX_free(ctx);
-    return (1);
- err:
-    BUF_MEM_free(nameB);
-    BUF_MEM_free(headerB);
-    BUF_MEM_free(dataB);
+    if (!get_name(bp, &name, flags))
+        goto end;
+    if (!get_header_and_data(bp, &headerB, &dataB, name, flags))
+        goto end;
+
+    EVP_DecodeInit(ctx);
+    BIO_get_mem_ptr(dataB, &buf_mem);
+    len = buf_mem->length;
+    if (EVP_DecodeUpdate(ctx, (unsigned char*)buf_mem->data, &len,
+                         (unsigned char*)buf_mem->data, len) < 0
+            || EVP_DecodeFinal(ctx, (unsigned char*)&(buf_mem->data[len]),
+                               &taillen) < 0) {
+        PEMerr(PEM_F_PEM_READ_BIO_EX, PEM_R_BAD_BASE64_DECODE);
+        goto end;
+    }
+    len += taillen;
+    buf_mem->length = len;
+
+    /* There was no data in the PEM file; avoid malloc(0). */
+    if (len == 0)
+        goto end;
+    headerlen = BIO_get_mem_data(headerB, NULL);
+    *header = pem_malloc(headerlen + 1, flags);
+    *data = pem_malloc(len, flags);
+    if (*header == NULL || *data == NULL) {
+        pem_free(*header, flags, 0);
+        pem_free(*data, flags, 0);
+        goto end;
+    }
+    BIO_read(headerB, *header, headerlen);
+    (*header)[headerlen] = '\0';
+    BIO_read(dataB, *data, len);
+    *len_out = len;
+    *name_out = name;
+    name = NULL;
+    ret = 1;
+
+end:
     EVP_ENCODE_CTX_free(ctx);
-    return (0);
+    pem_free(name, flags, 0);
+    BIO_free(headerB);
+    BIO_free(dataB);
+    return ret;
+}
+
+int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,
+                 long *len)
+{
+    return PEM_read_bio_ex(bp, name, header, data, len, PEM_FLAG_EAY_COMPATIBLE);
 }
 
 /*
diff --git a/deps/openssl/openssl/crypto/pem/pem_oth.c b/deps/openssl/openssl/crypto/pem/pem_oth.c
index cc7a8dbec4..566205331f 100644
--- a/deps/openssl/openssl/crypto/pem/pem_oth.c
+++ b/deps/openssl/openssl/crypto/pem/pem_oth.c
@@ -32,5 +32,5 @@ void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x,
     if (ret == NULL)
         PEMerr(PEM_F_PEM_ASN1_READ_BIO, ERR_R_ASN1_LIB);
     OPENSSL_free(data);
-    return (ret);
+    return ret;
 }
diff --git a/deps/openssl/openssl/crypto/pem/pem_pk8.c b/deps/openssl/openssl/crypto/pem/pem_pk8.c
index a8363b39b9..ab6c4c6bde 100644
--- a/deps/openssl/openssl/crypto/pem/pem_pk8.c
+++ b/deps/openssl/openssl/crypto/pem/pem_pk8.c
@@ -183,7 +183,7 @@ static int do_pk8pkey_fp(FILE *fp, EVP_PKEY *x, int isder, int nid,
 
     if ((bp = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) {
         PEMerr(PEM_F_DO_PK8PKEY_FP, ERR_R_BUF_LIB);
-        return (0);
+        return 0;
     }
     ret = do_pk8pkey(bp, x, isder, nid, enc, kstr, klen, cb, u);
     BIO_free(bp);
diff --git a/deps/openssl/openssl/crypto/pem/pem_pkey.c b/deps/openssl/openssl/crypto/pem/pem_pkey.c
index 7dadc1391c..aa032d2b1c 100644
--- a/deps/openssl/openssl/crypto/pem/pem_pkey.c
+++ b/deps/openssl/openssl/crypto/pem/pem_pkey.c
@@ -32,7 +32,8 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
     int slen;
     EVP_PKEY *ret = NULL;
 
-    if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_EVP_PKEY, bp, cb, u))
+    if (!PEM_bytes_read_bio_secmem(&data, &len, &nm, PEM_STRING_EVP_PKEY, bp,
+                                   cb, u))
         return NULL;
     p = data;
 
@@ -86,9 +87,9 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
     if (ret == NULL)
         PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, ERR_R_ASN1_LIB);
  err:
-    OPENSSL_free(nm);
-    OPENSSL_clear_free(data, len);
-    return (ret);
+    OPENSSL_secure_free(nm);
+    OPENSSL_secure_clear_free(data, len);
+    return ret;
 }
 
 int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
@@ -147,7 +148,7 @@ EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x)
         PEMerr(PEM_F_PEM_READ_BIO_PARAMETERS, ERR_R_ASN1_LIB);
     OPENSSL_free(nm);
     OPENSSL_free(data);
-    return (ret);
+    return ret;
 }
 
 int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x)
@@ -170,12 +171,12 @@ EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb,
 
     if ((b = BIO_new(BIO_s_file())) == NULL) {
         PEMerr(PEM_F_PEM_READ_PRIVATEKEY, ERR_R_BUF_LIB);
-        return (0);
+        return 0;
     }
     BIO_set_fp(b, fp, BIO_NOCLOSE);
     ret = PEM_read_bio_PrivateKey(b, x, cb, u);
     BIO_free(b);
-    return (ret);
+    return ret;
 }
 
 int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
@@ -232,12 +233,12 @@ DH *PEM_read_DHparams(FILE *fp, DH **x, pem_password_cb *cb, void *u)
 
     if ((b = BIO_new(BIO_s_file())) == NULL) {
         PEMerr(PEM_F_PEM_READ_DHPARAMS, ERR_R_BUF_LIB);
-        return (0);
+        return 0;
     }
     BIO_set_fp(b, fp, BIO_NOCLOSE);
     ret = PEM_read_bio_DHparams(b, x, cb, u);
     BIO_free(b);
-    return (ret);
+    return ret;
 }
 # endif
 
diff --git a/deps/openssl/openssl/crypto/pem/pem_sign.c b/deps/openssl/openssl/crypto/pem/pem_sign.c
index 12ad97450a..9662eb14db 100644
--- a/deps/openssl/openssl/crypto/pem/pem_sign.c
+++ b/deps/openssl/openssl/crypto/pem/pem_sign.c
@@ -46,5 +46,5 @@ int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
  err:
     /* ctx has been zeroed by EVP_SignFinal() */
     OPENSSL_free(m);
-    return (ret);
+    return ret;
 }
diff --git a/deps/openssl/openssl/crypto/pem/pvkfmt.c b/deps/openssl/openssl/crypto/pem/pvkfmt.c
index 96a82eb520..e39c243814 100644
--- a/deps/openssl/openssl/crypto/pem/pvkfmt.c
+++ b/deps/openssl/openssl/crypto/pem/pvkfmt.c
@@ -444,9 +444,10 @@ static int do_i2b(unsigned char **out, EVP_PKEY *pk, int ispub)
     if (*out)
         p = *out;
     else {
-        p = OPENSSL_malloc(outlen);
-        if (p == NULL)
+        if ((p = OPENSSL_malloc(outlen)) == NULL) {
+            PEMerr(PEM_F_DO_I2B, ERR_R_MALLOC_FAILURE);
             return -1;
+        }
         *out = p;
         noinc = 1;
     }
diff --git a/deps/openssl/openssl/crypto/perlasm/README b/deps/openssl/openssl/crypto/perlasm/README
index e90bd8e014..3177c37165 100644
--- a/deps/openssl/openssl/crypto/perlasm/README
+++ b/deps/openssl/openssl/crypto/perlasm/README
@@ -9,7 +9,7 @@ require "x86asm.pl";
 
 The first thing we do is setup the file and type of assembler
 
-&asm_init($ARGV[0],$0);
+&asm_init($ARGV[0]);
 
 The first argument is the 'type'.  Currently
 'cpp', 'sol', 'a.out', 'elf' or 'win32'.
@@ -62,7 +62,7 @@ So a very simple version of this function could be coded as
 	push(@INC,"perlasm","../../perlasm");
 	require "x86asm.pl";
 	
-	&asm_init($ARGV[0],"cacl.pl");
+	&asm_init($ARGV[0]);
 
 	&external_label("other");
 
diff --git a/deps/openssl/openssl/crypto/perlasm/cbc.pl b/deps/openssl/openssl/crypto/perlasm/cbc.pl
index ad79b2407b..01bafe457d 100644
--- a/deps/openssl/openssl/crypto/perlasm/cbc.pl
+++ b/deps/openssl/openssl/crypto/perlasm/cbc.pl
@@ -15,7 +15,7 @@
 # des_cblock (*ivec);
 # int enc;
 #
-# calls 
+# calls
 # des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
 #
 
@@ -36,7 +36,7 @@ sub cbc
 	# name is the function name
 	# enc_func and dec_func and the functions to call for encrypt/decrypt
 	# swap is true if byte order needs to be reversed
-	# iv_off is parameter number for the iv 
+	# iv_off is parameter number for the iv
 	# enc_off is parameter number for the encrypt/decrypt flag
 	# p1,p2,p3 are the offsets for parameters to be passed to the
 	# underlying calls.
@@ -114,7 +114,7 @@ sub cbc
 	#############################################################
 
 	&set_label("encrypt_loop");
-	# encrypt start 
+	# encrypt start
 	# "eax" and "ebx" hold iv (or the last cipher text)
 
 	&mov("ecx",	&DWP(0,$in,"",0));	# load first 4 bytes
@@ -208,7 +208,7 @@ sub cbc
 	#############################################################
 	#############################################################
 	&set_label("decrypt",1);
-	# decrypt start 
+	# decrypt start
 	&and($count,0xfffffff8);
 	# The next 2 instructions are only for if the jz is taken
 	&mov("eax",	&DWP($data_off+8,"esp","",0));	# get iv[0]
@@ -350,7 +350,7 @@ sub cbc
 	&align(64);
 
 	&function_end_B($name);
-	
+
 	}
 
 1;
diff --git a/deps/openssl/openssl/crypto/perlasm/ppc-xlate.pl b/deps/openssl/openssl/crypto/perlasm/ppc-xlate.pl
index 2d46e24482..d220c6245b 100755
--- a/deps/openssl/openssl/crypto/perlasm/ppc-xlate.pl
+++ b/deps/openssl/openssl/crypto/perlasm/ppc-xlate.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -11,40 +11,65 @@ my $output = shift;
 open STDOUT,">$output" || die "can't open $output: $!";
 
 my %GLOBALS;
+my %TYPES;
 my $dotinlocallabels=($flavour=~/linux/)?1:0;
 
 ################################################################
 # directives which need special treatment on different platforms
 ################################################################
+my $type = sub {
+    my ($dir,$name,$type) = @_;
+
+    $TYPES{$name} = $type;
+    if ($flavour =~ /linux/) {
+	$name =~ s|^\.||;
+	".type	$name,$type";
+    } else {
+	"";
+    }
+};
 my $globl = sub {
     my $junk = shift;
     my $name = shift;
     my $global = \$GLOBALS{$name};
+    my $type = \$TYPES{$name};
     my $ret;
 
-    $name =~ s|^[\.\_]||;
- 
+    $name =~ s|^\.||;
+
     SWITCH: for ($flavour) {
-	/aix/		&& do { $name = ".$name";
+	/aix/		&& do { if (!$$type) {
+				    $$type = "\@function";
+				}
+				if ($$type =~ /function/) {
+				    $name = ".$name";
+				}
 				last;
 			      };
 	/osx/		&& do { $name = "_$name";
 				last;
 			      };
 	/linux.*(32|64le)/
-			&& do {	$ret .= ".globl	$name\n";
-				$ret .= ".type	$name,\@function";
+			&& do {	$ret .= ".globl	$name";
+				if (!$$type) {
+				    $ret .= "\n.type	$name,\@function";
+				    $$type = "\@function";
+				}
 				last;
 			      };
-	/linux.*64/	&& do {	$ret .= ".globl	$name\n";
-				$ret .= ".type	$name,\@function\n";
-				$ret .= ".section	\".opd\",\"aw\"\n";
-				$ret .= ".align	3\n";
-				$ret .= "$name:\n";
-				$ret .= ".quad	.$name,.TOC.\@tocbase,0\n";
-				$ret .= ".previous\n";
-
-				$name = ".$name";
+	/linux.*64/	&& do {	$ret .= ".globl	$name";
+				if (!$$type) {
+				    $ret .= "\n.type	$name,\@function";
+				    $$type = "\@function";
+				}
+				if ($$type =~ /function/) {
+				    $ret .= "\n.section	\".opd\",\"aw\"";
+				    $ret .= "\n.align	3";
+				    $ret .= "\n$name:";
+				    $ret .= "\n.quad	.$name,.TOC.\@tocbase,0";
+				    $ret .= "\n.previous";
+				    $name = ".$name";
+				}
 				last;
 			      };
     }
@@ -70,9 +95,13 @@ my $machine = sub {
 my $size = sub {
     if ($flavour =~ /linux/)
     {	shift;
-	my $name = shift; $name =~ s|^[\.\_]||;
-	my $ret  = ".size	$name,.-".($flavour=~/64$/?".":"").$name;
-	$ret .= "\n.size	.$name,.-.$name" if ($flavour=~/64$/);
+	my $name = shift;
+	my $real = $GLOBALS{$name} ? \$GLOBALS{$name} : \$name;
+	my $ret  = ".size	$$real,.-$$real";
+	$name =~ s|^\.||;
+	if ($$real ne $name) {
+	    $ret .= "\n.size	$name,.-$$real";
+	}
 	$ret;
     }
     else
@@ -187,12 +216,23 @@ my $lvdx_u	= sub {	vsxmem_op(@_, 588); };	# lxsdx
 my $stvdx_u	= sub {	vsxmem_op(@_, 716); };	# stxsdx
 my $lvx_4w	= sub { vsxmem_op(@_, 780); };	# lxvw4x
 my $stvx_4w	= sub { vsxmem_op(@_, 908); };	# stxvw4x
+my $lvx_splt	= sub { vsxmem_op(@_, 332); };	# lxvdsx
+# VSX instruction[s] masqueraded as made-up AltiVec/VMX
+my $vpermdi	= sub {				# xxpermdi
+    my ($f, $vrt, $vra, $vrb, $dm) = @_;
+    $dm = oct($dm) if ($dm =~ /^0/);
+    "	.long	".sprintf "0x%X",(60<<26)|($vrt<<21)|($vra<<16)|($vrb<<11)|($dm<<8)|(10<<3)|7;
+};
 
 # PowerISA 2.07 stuff
 sub vcrypto_op {
     my ($f, $vrt, $vra, $vrb, $op) = @_;
     "	.long	".sprintf "0x%X",(4<<26)|($vrt<<21)|($vra<<16)|($vrb<<11)|$op;
 }
+sub vfour {
+    my ($f, $vrt, $vra, $vrb, $vrc, $op) = @_;
+    "	.long	".sprintf "0x%X",(4<<26)|($vrt<<21)|($vra<<16)|($vrb<<11)|($vrc<<6)|$op;
+};
 my $vcipher	= sub { vcrypto_op(@_, 1288); };
 my $vcipherlast	= sub { vcrypto_op(@_, 1289); };
 my $vncipher	= sub { vcrypto_op(@_, 1352); };
@@ -204,27 +244,61 @@ my $vpmsumb	= sub { vcrypto_op(@_, 1032); };
 my $vpmsumd	= sub { vcrypto_op(@_, 1224); };
 my $vpmsubh	= sub { vcrypto_op(@_, 1096); };
 my $vpmsumw	= sub { vcrypto_op(@_, 1160); };
+# These are not really crypto, but vcrypto_op template works
 my $vaddudm	= sub { vcrypto_op(@_, 192);  };
+my $vadduqm	= sub { vcrypto_op(@_, 256);  };
+my $vmuleuw	= sub { vcrypto_op(@_, 648);  };
+my $vmulouw	= sub { vcrypto_op(@_, 136);  };
+my $vrld	= sub { vcrypto_op(@_, 196);  };
+my $vsld	= sub { vcrypto_op(@_, 1476); };
+my $vsrd	= sub { vcrypto_op(@_, 1732); };
+my $vsubudm	= sub { vcrypto_op(@_, 1216); };
+my $vaddcuq	= sub { vcrypto_op(@_, 320);  };
+my $vaddeuqm	= sub { vfour(@_,60); };
+my $vaddecuq	= sub { vfour(@_,61); };
+my $vmrgew	= sub { vfour(@_,0,1932); };
+my $vmrgow	= sub { vfour(@_,0,1676); };
 
 my $mtsle	= sub {
     my ($f, $arg) = @_;
     "	.long	".sprintf "0x%X",(31<<26)|($arg<<21)|(147*2);
 };
 
-# PowerISA 3.0 stuff
-my $maddhdu = sub {
-    my ($f, $rt, $ra, $rb, $rc) = @_;
-    "	.long	".sprintf "0x%X",(4<<26)|($rt<<21)|($ra<<16)|($rb<<11)|($rc<<6)|49;
+# VSX instructions masqueraded as AltiVec/VMX
+my $mtvrd	= sub {
+    my ($f, $vrt, $ra) = @_;
+    "	.long	".sprintf "0x%X",(31<<26)|($vrt<<21)|($ra<<16)|(179<<1)|1;
 };
-my $maddld = sub {
-    my ($f, $rt, $ra, $rb, $rc) = @_;
-    "	.long	".sprintf "0x%X",(4<<26)|($rt<<21)|($ra<<16)|($rb<<11)|($rc<<6)|51;
+my $mtvrwz	= sub {
+    my ($f, $vrt, $ra) = @_;
+    "	.long	".sprintf "0x%X",(31<<26)|($vrt<<21)|($ra<<16)|(243<<1)|1;
 };
 
+# PowerISA 3.0 stuff
+my $maddhdu	= sub { vfour(@_,49); };
+my $maddld	= sub { vfour(@_,51); };
 my $darn = sub {
     my ($f, $rt, $l) = @_;
     "	.long	".sprintf "0x%X",(31<<26)|($rt<<21)|($l<<16)|(755<<1);
 };
+my $iseleq = sub {
+    my ($f, $rt, $ra, $rb) = @_;
+    "	.long	".sprintf "0x%X",(31<<26)|($rt<<21)|($ra<<16)|($rb<<11)|(2<<6)|30;
+};
+# VSX instruction[s] masqueraded as made-up AltiVec/VMX
+my $vspltib	= sub {				# xxspltib
+    my ($f, $vrt, $imm8) = @_;
+    $imm8 = oct($imm8) if ($imm8 =~ /^0/);
+    $imm8 &= 0xff;
+    "	.long	".sprintf "0x%X",(60<<26)|($vrt<<21)|($imm8<<11)|(360<<1)|1;
+};
+
+# PowerISA 3.0B stuff
+my $addex = sub {
+    my ($f, $rt, $ra, $rb, $cy) = @_;	# only cy==0 is specified in 3.0B
+    "	.long	".sprintf "0x%X",(31<<26)|($rt<<21)|($ra<<16)|($rb<<11)|($cy<<9)|(170<<1);
+};
+my $vmsumudm	= sub { vfour(@_,35); };
 
 while($line=<>) {
 
@@ -234,7 +308,7 @@ while($line=<>) {
     $line =~ s|\s+$||;		# ... and at the end
 
     {
-	$line =~ s|\b\.L(\w+)|L$1|g;	# common denominator for Locallabel
+	$line =~ s|\.L(\w+)|L$1|g;	# common denominator for Locallabel
 	$line =~ s|\bL(\w+)|\.L$1|g	if ($dotinlocallabels);
     }
 
@@ -242,8 +316,13 @@ while($line=<>) {
 	$line =~ s|(^[\.\w]+)\:\s*||;
 	my $label = $1;
 	if ($label) {
-	    printf "%s:",($GLOBALS{$label} or $label);
-	    printf "\n.localentry\t$GLOBALS{$label},0"	if ($GLOBALS{$label} && $flavour =~ /linux.*64le/);
+	    my $xlated = ($GLOBALS{$label} or $label);
+	    print "$xlated:";
+	    if ($flavour =~ /linux.*64le/) {
+		if ($TYPES{$label} =~ /function/) {
+		    printf "\n.localentry	%s,0\n",$xlated;
+		}
+	    }
 	}
     }
 
@@ -254,7 +333,7 @@ while($line=<>) {
 	my $f = $3;
 	my $opcode = eval("\$$mnemonic");
 	$line =~ s/\b(c?[rf]|v|vs)([0-9]+)\b/$2/g if ($c ne "." and $flavour !~ /osx/);
-	if (ref($opcode) eq 'CODE') { $line = &$opcode($f,split(',',$line)); }
+	if (ref($opcode) eq 'CODE') { $line = &$opcode($f,split(/,\s*/,$line)); }
 	elsif ($mnemonic)           { $line = $c.$mnemonic.$f."\t".$line; }
     }
 
diff --git a/deps/openssl/openssl/crypto/perlasm/sparcv9_modes.pl b/deps/openssl/openssl/crypto/perlasm/sparcv9_modes.pl
index bfdada8540..b9922e0318 100644
--- a/deps/openssl/openssl/crypto/perlasm/sparcv9_modes.pl
+++ b/deps/openssl/openssl/crypto/perlasm/sparcv9_modes.pl
@@ -117,7 +117,7 @@ $::code.=<<___;
 
 	brnz,pn		$ooff, 2f
 	sub		$len, 1, $len
-		
+
 	std		%f0, [$out + 0]
 	std		%f2, [$out + 8]
 	brnz,pt		$len, .L${bits}_cbc_enc_loop
@@ -224,7 +224,7 @@ $::code.=<<___;
 	call		_${alg}${bits}_encrypt_1x
 	add		$inp, 16, $inp
 	sub		$len, 1, $len
-		
+
 	stda		%f0, [$out]0xe2		! ASI_BLK_INIT, T4-specific
 	add		$out, 8, $out
 	stda		%f2, [$out]0xe2		! ASI_BLK_INIT, T4-specific
@@ -339,7 +339,7 @@ $::code.=<<___;
 
 	brnz,pn		$ooff, 2f
 	sub		$len, 1, $len
-		
+
 	std		%f0, [$out + 0]
 	std		%f2, [$out + 8]
 	brnz,pt		$len, .L${bits}_cbc_dec_loop2x
@@ -445,7 +445,7 @@ $::code.=<<___;
 
 	brnz,pn		$ooff, 2f
 	sub		$len, 2, $len
-		
+
 	std		%f0, [$out + 0]
 	std		%f2, [$out + 8]
 	std		%f4, [$out + 16]
@@ -702,7 +702,7 @@ $::code.=<<___;
 
 	brnz,pn		$ooff, 2f
 	sub		$len, 1, $len
-		
+
 	std		%f0, [$out + 0]
 	std		%f2, [$out + 8]
 	brnz,pt		$len, .L${bits}_ctr32_loop2x
@@ -791,7 +791,7 @@ $::code.=<<___;
 
 	brnz,pn		$ooff, 2f
 	sub		$len, 2, $len
-		
+
 	std		%f0, [$out + 0]
 	std		%f2, [$out + 8]
 	std		%f4, [$out + 16]
@@ -1024,7 +1024,7 @@ $code.=<<___;
 
 	brnz,pn		$ooff, 2f
 	sub		$len, 1, $len
-		
+
 	std		%f0, [$out + 0]
 	std		%f2, [$out + 8]
 	brnz,pt		$len, .L${bits}_xts_${dir}loop2x
@@ -1135,7 +1135,7 @@ $code.=<<___;
 
 	brnz,pn		$ooff, 2f
 	sub		$len, 2, $len
-		
+
 	std		%f0, [$out + 0]
 	std		%f2, [$out + 8]
 	std		%f4, [$out + 16]
diff --git a/deps/openssl/openssl/crypto/perlasm/x86_64-xlate.pl b/deps/openssl/openssl/crypto/perlasm/x86_64-xlate.pl
index 6eaefcfd93..f8380f2e9c 100755
--- a/deps/openssl/openssl/crypto/perlasm/x86_64-xlate.pl
+++ b/deps/openssl/openssl/crypto/perlasm/x86_64-xlate.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -51,12 +51,7 @@
 # 7. Stick to explicit ip-relative addressing. If you have to use
 #    GOTPCREL addressing, stick to mov symbol@GOTPCREL(%rip),%r??.
 #    Both are recognized and translated to proper Win64 addressing
-#    modes. To support legacy code a synthetic directive, .picmeup,
-#    is implemented. It puts address of the *next* instruction into
-#    target register, e.g.:
-#
-#		.picmeup	%rax
-#		lea		.Label-.(%rax),%rax
+#    modes.
 #
 # 8. In order to provide for structured exception handling unified
 #    Win64 prologue copies %rsp value to %rax. For further details
@@ -100,7 +95,7 @@ elsif (!$gas)
     {	$nasm = $1 + $2*0.01; $PTR="";  }
     elsif (`ml64 2>&1` =~ m/Version ([0-9]+)\.([0-9]+)(\.([0-9]+))?/)
     {	$masm = $1 + $2*2**-16 + $4*2**-32;   }
-    die "no assembler found on %PATH" if (!($nasm || $masm));
+    die "no assembler found on %PATH%" if (!($nasm || $masm));
     $win64=1;
     $elf=0;
     $decor="\$L\$";
@@ -130,7 +125,7 @@ my %globals;
 		$self->{sz} = "";
 	    } elsif ($self->{op} =~ /^p/ && $' !~ /^(ush|op|insrw)/) { # SSEn
 		$self->{sz} = "";
-	    } elsif ($self->{op} =~ /^v/) { # VEX
+	    } elsif ($self->{op} =~ /^[vk]/) { # VEX or k* such as kmov
 		$self->{sz} = "";
 	    } elsif ($self->{op} =~ /mov[dq]/ && $$line =~ /%xmm/) {
 		$self->{sz} = "";
@@ -151,7 +146,7 @@ my %globals;
 	if ($gas) {
 	    if ($self->{op} eq "movz") {	# movz is pain...
 		sprintf "%s%s%s",$self->{op},$self->{sz},shift;
-	    } elsif ($self->{op} =~ /^set/) { 
+	    } elsif ($self->{op} =~ /^set/) {
 		"$self->{op}";
 	    } elsif ($self->{op} eq "ret") {
 		my $epilogue = "";
@@ -178,7 +173,7 @@ my %globals;
 		$self->{op} .= $self->{sz};
 	    } elsif ($self->{op} eq "call" && $current_segment eq ".CRT\$XCU") {
 		$self->{op} = "\tDQ";
-	    } 
+	    }
 	    $self->{op};
 	}
     }
@@ -224,18 +219,26 @@ my %globals;
     }
 }
 { package ea;		# pick up effective addresses: expr(%reg,%reg,scale)
+
+    my %szmap = (	b=>"BYTE$PTR",    w=>"WORD$PTR",
+			l=>"DWORD$PTR",   d=>"DWORD$PTR",
+			q=>"QWORD$PTR",   o=>"OWORD$PTR",
+			x=>"XMMWORD$PTR", y=>"YMMWORD$PTR",
+			z=>"ZMMWORD$PTR" ) if (!$gas);
+
     sub re {
 	my	($class, $line, $opcode) = @_;
 	my	$self = {};
 	my	$ret;
 
 	# optional * ----vvv--- appears in indirect jmp/call
-	if ($$line =~ /^(\*?)([^\(,]*)\(([%\w,]+)\)/) {
+	if ($$line =~ /^(\*?)([^\(,]*)\(([%\w,]+)\)((?:{[^}]+})*)/) {
 	    bless $self, $class;
 	    $self->{asterisk} = $1;
 	    $self->{label} = $2;
 	    ($self->{base},$self->{index},$self->{scale})=split(/,/,$3);
 	    $self->{scale} = 1 if (!defined($self->{scale}));
+	    $self->{opmask} = $4;
 	    $ret = $self;
 	    $$line = substr($$line,@+[0]); $$line =~ s/^\s+//;
 
@@ -276,6 +279,8 @@ my %globals;
 	    $self->{label} =~ s/\b([0-9]+)\b/$1>>0/eg;
 	}
 
+	# if base register is %rbp or %r13, see if it's possible to
+	# flip base and index registers [for better performance]
 	if (!$self->{label} && $self->{index} && $self->{scale}==1 &&
 	    $self->{base} =~ /(rbp|r13)/) {
 		$self->{base} = $self->{index}; $self->{index} = $1;
@@ -285,19 +290,16 @@ my %globals;
 	    $self->{label} =~ s/^___imp_/__imp__/   if ($flavour eq "mingw64");
 
 	    if (defined($self->{index})) {
-		sprintf "%s%s(%s,%%%s,%d)",$self->{asterisk},
-					$self->{label},
+		sprintf "%s%s(%s,%%%s,%d)%s",
+					$self->{asterisk},$self->{label},
 					$self->{base}?"%$self->{base}":"",
-					$self->{index},$self->{scale};
+					$self->{index},$self->{scale},
+					$self->{opmask};
 	    } else {
-		sprintf "%s%s(%%%s)",	$self->{asterisk},$self->{label},$self->{base};
+		sprintf "%s%s(%%%s)%s",	$self->{asterisk},$self->{label},
+					$self->{base},$self->{opmask};
 	    }
 	} else {
-	    my %szmap = (	b=>"BYTE$PTR",  w=>"WORD$PTR",
-			l=>"DWORD$PTR", d=>"DWORD$PTR",
-	    		q=>"QWORD$PTR", o=>"OWORD$PTR",
-			x=>"XMMWORD$PTR", y=>"YMMWORD$PTR", z=>"ZMMWORD$PTR" );
-
 	    $self->{label} =~ s/\./\$/g;
 	    $self->{label} =~ s/(?<![\w\$\.])0x([0-9a-f]+)/0$1h/ig;
 	    $self->{label} = "($self->{label})" if ($self->{label} =~ /[\*\+\-\/]/);
@@ -309,17 +311,20 @@ my %globals;
 	    ($mnemonic =~ /^vpbroadcast([qdwb])$/)	&& ($sz=$1)  ||
 	    ($mnemonic =~ /^v(?!perm)[a-z]+[fi]128$/)	&& ($sz="x");
 
+	    $self->{opmask}  =~ s/%(k[0-7])/$1/;
+
 	    if (defined($self->{index})) {
-		sprintf "%s[%s%s*%d%s]",$szmap{$sz},
+		sprintf "%s[%s%s*%d%s]%s",$szmap{$sz},
 					$self->{label}?"$self->{label}+":"",
 					$self->{index},$self->{scale},
-					$self->{base}?"+$self->{base}":"";
+					$self->{base}?"+$self->{base}":"",
+					$self->{opmask};
 	    } elsif ($self->{base} eq "rip") {
 		sprintf "%s[%s]",$szmap{$sz},$self->{label};
 	    } else {
-		sprintf "%s[%s%s]",$szmap{$sz},
+		sprintf "%s[%s%s]%s",	$szmap{$sz},
 					$self->{label}?"$self->{label}+":"",
-					$self->{base};
+					$self->{base},$self->{opmask};
 	    }
 	}
     }
@@ -331,10 +336,11 @@ my %globals;
 	my	$ret;
 
 	# optional * ----vvv--- appears in indirect jmp/call
-	if ($$line =~ /^(\*?)%(\w+)/) {
+	if ($$line =~ /^(\*?)%(\w+)((?:{[^}]+})*)/) {
 	    bless $self,$class;
 	    $self->{asterisk} = $1;
 	    $self->{value} = $2;
+	    $self->{opmask} = $3;
 	    $opcode->size($self->size());
 	    $ret = $self;
 	    $$line = substr($$line,@+[0]); $$line =~ s/^\s+//;
@@ -358,8 +364,11 @@ my %globals;
     }
     sub out {
     	my $self = shift;
-	if ($gas)	{ sprintf "%s%%%s",$self->{asterisk},$self->{value}; }
-	else		{ $self->{value}; }
+	if ($gas)	{ sprintf "%s%%%s%s",	$self->{asterisk},
+						$self->{value},
+						$self->{opmask}; }
+	else		{ $self->{opmask} =~ s/%(k[0-7])/$1/;
+			  $self->{value}.$self->{opmask}; }
     }
 }
 { package label;	# pick up labels, which end with :
@@ -383,9 +392,8 @@ my %globals;
 
 	if ($gas) {
 	    my $func = ($globals{$self->{value}} or $self->{value}) . ":";
-	    if ($win64	&&
-			$current_function->{name} eq $self->{value} &&
-			$current_function->{abi} eq "svr4") {
+	    if ($win64	&& $current_function->{name} eq $self->{value}
+			&& $current_function->{abi} eq "svr4") {
 		$func .= "\n";
 		$func .= "	movq	%rdi,8(%rsp)\n";
 		$func .= "	movq	%rsi,16(%rsp)\n";
@@ -458,21 +466,251 @@ my %globals;
 	}
     }
 }
+{ package cfi_directive;
+    # CFI directives annotate instructions that are significant for
+    # stack unwinding procedure compliant with DWARF specification,
+    # see http://dwarfstd.org/. Besides naturally expected for this
+    # script platform-specific filtering function, this module adds
+    # three auxiliary synthetic directives not recognized by [GNU]
+    # assembler:
+    #
+    # - .cfi_push to annotate push instructions in prologue, which
+    #   translates to .cfi_adjust_cfa_offset (if needed) and
+    #   .cfi_offset;
+    # - .cfi_pop to annotate pop instructions in epilogue, which
+    #   translates to .cfi_adjust_cfa_offset (if needed) and
+    #   .cfi_restore;
+    # - [and most notably] .cfi_cfa_expression which encodes
+    #   DW_CFA_def_cfa_expression and passes it to .cfi_escape as
+    #   byte vector;
+    #
+    # CFA expressions were introduced in DWARF specification version
+    # 3 and describe how to deduce CFA, Canonical Frame Address. This
+    # becomes handy if your stack frame is variable and you can't
+    # spare register for [previous] frame pointer. Suggested directive
+    # syntax is made-up mix of DWARF operator suffixes [subset of]
+    # and references to registers with optional bias. Following example
+    # describes offloaded *original* stack pointer at specific offset
+    # from *current* stack pointer:
+    #
+    #   .cfi_cfa_expression     %rsp+40,deref,+8
+    #
+    # Final +8 has everything to do with the fact that CFA is defined
+    # as reference to top of caller's stack, and on x86_64 call to
+    # subroutine pushes 8-byte return address. In other words original
+    # stack pointer upon entry to a subroutine is 8 bytes off from CFA.
+
+    # Below constants are taken from "DWARF Expressions" section of the
+    # DWARF specification, section is numbered 7.7 in versions 3 and 4.
+    my %DW_OP_simple = (	# no-arg operators, mapped directly
+	deref	=> 0x06,	dup	=> 0x12,
+	drop	=> 0x13,	over	=> 0x14,
+	pick	=> 0x15,	swap	=> 0x16,
+	rot	=> 0x17,	xderef	=> 0x18,
+
+	abs	=> 0x19,	and	=> 0x1a,
+	div	=> 0x1b,	minus	=> 0x1c,
+	mod	=> 0x1d,	mul	=> 0x1e,
+	neg	=> 0x1f,	not	=> 0x20,
+	or	=> 0x21,	plus	=> 0x22,
+	shl	=> 0x24,	shr	=> 0x25,
+	shra	=> 0x26,	xor	=> 0x27,
+	);
+
+    my %DW_OP_complex = (	# used in specific subroutines
+	constu		=> 0x10,	# uleb128
+	consts		=> 0x11,	# sleb128
+	plus_uconst	=> 0x23,	# uleb128
+	lit0 		=> 0x30,	# add 0-31 to opcode
+	reg0		=> 0x50,	# add 0-31 to opcode
+	breg0		=> 0x70,	# add 0-31 to opcole, sleb128
+	regx		=> 0x90,	# uleb28
+	fbreg		=> 0x91,	# sleb128
+	bregx		=> 0x92,	# uleb128, sleb128
+	piece		=> 0x93,	# uleb128
+	);
+
+    # Following constants are defined in x86_64 ABI supplement, for
+    # example available at https://www.uclibc.org/docs/psABI-x86_64.pdf,
+    # see section 3.7 "Stack Unwind Algorithm".
+    my %DW_reg_idx = (
+	"%rax"=>0,  "%rdx"=>1,  "%rcx"=>2,  "%rbx"=>3,
+	"%rsi"=>4,  "%rdi"=>5,  "%rbp"=>6,  "%rsp"=>7,
+	"%r8" =>8,  "%r9" =>9,  "%r10"=>10, "%r11"=>11,
+	"%r12"=>12, "%r13"=>13, "%r14"=>14, "%r15"=>15
+	);
+
+    my ($cfa_reg, $cfa_rsp);
+
+    # [us]leb128 format is variable-length integer representation base
+    # 2^128, with most significant bit of each byte being 0 denoting
+    # *last* most significant digit. See "Variable Length Data" in the
+    # DWARF specification, numbered 7.6 at least in versions 3 and 4.
+    sub sleb128 {
+	use integer;	# get right shift extend sign
+
+	my $val = shift;
+	my $sign = ($val < 0) ? -1 : 0;
+	my @ret = ();
+
+	while(1) {
+	    push @ret, $val&0x7f;
+
+	    # see if remaining bits are same and equal to most
+	    # significant bit of the current digit, if so, it's
+	    # last digit...
+	    last if (($val>>6) == $sign);
+
+	    @ret[-1] |= 0x80;
+	    $val >>= 7;
+	}
+
+	return @ret;
+    }
+    sub uleb128 {
+	my $val = shift;
+	my @ret = ();
+
+	while(1) {
+	    push @ret, $val&0x7f;
+
+	    # see if it's last significant digit...
+	    last if (($val >>= 7) == 0);
+
+	    @ret[-1] |= 0x80;
+	}
+
+	return @ret;
+    }
+    sub const {
+	my $val = shift;
+
+	if ($val >= 0 && $val < 32) {
+            return ($DW_OP_complex{lit0}+$val);
+	}
+	return ($DW_OP_complex{consts}, sleb128($val));
+    }
+    sub reg {
+	my $val = shift;
+
+	return if ($val !~ m/^(%r\w+)(?:([\+\-])((?:0x)?[0-9a-f]+))?/);
+
+	my $reg = $DW_reg_idx{$1};
+	my $off = eval ("0 $2 $3");
+
+	return (($DW_OP_complex{breg0} + $reg), sleb128($off));
+	# Yes, we use DW_OP_bregX+0 to push register value and not
+	# DW_OP_regX, because latter would require even DW_OP_piece,
+	# which would be a waste under the circumstances. If you have
+	# to use DWP_OP_reg, use "regx:N"...
+    }
+    sub cfa_expression {
+	my $line = shift;
+	my @ret;
+
+	foreach my $token (split(/,\s*/,$line)) {
+	    if ($token =~ /^%r/) {
+		push @ret,reg($token);
+	    } elsif ($token =~ /((?:0x)?[0-9a-f]+)\((%r\w+)\)/) {
+		push @ret,reg("$2+$1");
+	    } elsif ($token =~ /(\w+):(\-?(?:0x)?[0-9a-f]+)(U?)/i) {
+		my $i = 1*eval($2);
+		push @ret,$DW_OP_complex{$1}, ($3 ? uleb128($i) : sleb128($i));
+	    } elsif (my $i = 1*eval($token) or $token eq "0") {
+		if ($token =~ /^\+/) {
+		    push @ret,$DW_OP_complex{plus_uconst},uleb128($i);
+		} else {
+		    push @ret,const($i);
+		}
+	    } else {
+		push @ret,$DW_OP_simple{$token};
+	    }
+	}
+
+	# Finally we return DW_CFA_def_cfa_expression, 15, followed by
+	# length of the expression and of course the expression itself.
+	return (15,scalar(@ret),@ret);
+    }
+    sub re {
+	my	($class, $line) = @_;
+	my	$self = {};
+	my	$ret;
+
+	if ($$line =~ s/^\s*\.cfi_(\w+)\s*//) {
+	    bless $self,$class;
+	    $ret = $self;
+	    undef $self->{value};
+	    my $dir = $1;
+
+	    SWITCH: for ($dir) {
+	    # What is $cfa_rsp? Effectively it's difference between %rsp
+	    # value and current CFA, Canonical Frame Address, which is
+	    # why it starts with -8. Recall that CFA is top of caller's
+	    # stack...
+	    /startproc/	&& do {	($cfa_reg, $cfa_rsp) = ("%rsp", -8); last; };
+	    /endproc/	&& do {	($cfa_reg, $cfa_rsp) = ("%rsp",  0); last; };
+	    /def_cfa_register/
+			&& do {	$cfa_reg = $$line; last; };
+	    /def_cfa_offset/
+			&& do {	$cfa_rsp = -1*eval($$line) if ($cfa_reg eq "%rsp");
+				last;
+			      };
+	    /adjust_cfa_offset/
+			&& do {	$cfa_rsp -= 1*eval($$line) if ($cfa_reg eq "%rsp");
+				last;
+			      };
+	    /def_cfa/	&& do {	if ($$line =~ /(%r\w+)\s*,\s*(.+)/) {
+				    $cfa_reg = $1;
+				    $cfa_rsp = -1*eval($2) if ($cfa_reg eq "%rsp");
+				}
+				last;
+			      };
+	    /push/	&& do {	$dir = undef;
+				$cfa_rsp -= 8;
+				if ($cfa_reg eq "%rsp") {
+				    $self->{value} = ".cfi_adjust_cfa_offset\t8\n";
+				}
+				$self->{value} .= ".cfi_offset\t$$line,$cfa_rsp";
+				last;
+			      };
+	    /pop/	&& do {	$dir = undef;
+				$cfa_rsp += 8;
+				if ($cfa_reg eq "%rsp") {
+				    $self->{value} = ".cfi_adjust_cfa_offset\t-8\n";
+				}
+				$self->{value} .= ".cfi_restore\t$$line";
+				last;
+			      };
+	    /cfa_expression/
+			&& do {	$dir = undef;
+				$self->{value} = ".cfi_escape\t" .
+					join(",", map(sprintf("0x%02x", $_),
+						      cfa_expression($$line)));
+				last;
+			      };
+	    }
+
+	    $self->{value} = ".cfi_$dir\t$$line" if ($dir);
+
+	    $$line = "";
+	}
+
+	return $ret;
+    }
+    sub out {
+	my $self = shift;
+	return ($elf ? $self->{value} : undef);
+    }
+}
 { package directive;	# pick up directives, which start with .
     sub re {
 	my	($class, $line) = @_;
 	my	$self = {};
 	my	$ret;
 	my	$dir;
-	my	%opcode =	# lea 2f-1f(%rip),%dst; 1: nop; 2:
-		(	"%rax"=>0x01058d48,	"%rcx"=>0x010d8d48,
-			"%rdx"=>0x01158d48,	"%rbx"=>0x011d8d48,
-			"%rsp"=>0x01258d48,	"%rbp"=>0x012d8d48,
-			"%rsi"=>0x01358d48,	"%rdi"=>0x013d8d48,
-			"%r8" =>0x01058d4c,	"%r9" =>0x010d8d4c,
-			"%r10"=>0x01158d4c,	"%r11"=>0x011d8d4c,
-			"%r12"=>0x01258d4c,	"%r13"=>0x012d8d4c,
-			"%r14"=>0x01358d4c,	"%r15"=>0x013d8d4c	);
+
+	# chain-call to cfi_directive
+	$ret = cfi_directive->re($line) and return $ret;
 
 	if ($$line =~ /^\s*(\.\w+)/) {
 	    bless $self,$class;
@@ -482,12 +720,6 @@ my %globals;
 	    $$line = substr($$line,@+[0]); $$line =~ s/^\s+//;
 
 	    SWITCH: for ($dir) {
-		/\.picmeup/ && do { if ($$line =~ /(%r[\w]+)/i) {
-			    		$dir="\t.long";
-					$$line=sprintf "0x%x,0x90000000",$opcode{$1};
-				    }
-				    last;
-				  };
 		/\.global|\.globl|\.extern/
 			    && do { $globals{$$line} = $prefix . $$line;
 				    $$line = $globals{$$line} if ($prefix);
@@ -645,9 +877,9 @@ my %globals;
 							$var=~s/^(0b[0-1]+)/oct($1)/eig;
 							$var=~s/^0x([0-9a-f]+)/0$1h/ig if ($masm);
 							if ($sz eq "D" && ($current_segment=~/.[px]data/ || $dir eq ".rva"))
-							{ $var=~s/([_a-z\$\@][_a-z0-9\$\@]*)/$nasm?"$1 wrt ..imagebase":"imagerel $1"/egi; }
+							{ $var=~s/^([_a-z\$\@][_a-z0-9\$\@]*)/$nasm?"$1 wrt ..imagebase":"imagerel $1"/egi; }
 							$var;
-						    };  
+						    };
 
 				    $sz =~ tr/bvlrq/BWDDQ/;
 				    $self->{value} = "\tD$sz\t";
@@ -657,7 +889,7 @@ my %globals;
 				  };
 		/\.byte/    && do { my @str=split(/,\s*/,$$line);
 				    map(s/(0b[0-1]+)/oct($1)/eig,@str);
-				    map(s/0x([0-9a-f]+)/0$1h/ig,@str) if ($masm);	
+				    map(s/0x([0-9a-f]+)/0$1h/ig,@str) if ($masm);
 				    while ($#str>15) {
 					$self->{value}.="DB\t"
 						.join(",",@str[0..15])."\n";
@@ -692,15 +924,6 @@ my %globals;
     }
 }
 
-sub rex {
- my $opcode=shift;
- my ($dst,$src,$rex)=@_;
-
-   $rex|=0x04 if($dst>=8);
-   $rex|=0x01 if($src>=8);
-   push @$opcode,($rex|0x40) if ($rex);
-}
-
 # Upon initial x86_64 introduction SSE>2 extensions were not introduced
 # yet. In order not to be bothered by tracing exact assembler versions,
 # but at the same time to provide a bare security minimum of AES-NI, we
@@ -711,6 +934,15 @@ sub rex {
 my %regrm = (	"%eax"=>0, "%ecx"=>1, "%edx"=>2, "%ebx"=>3,
 		"%esp"=>4, "%ebp"=>5, "%esi"=>6, "%edi"=>7	);
 
+sub rex {
+ my $opcode=shift;
+ my ($dst,$src,$rex)=@_;
+
+   $rex|=0x04 if($dst>=8);
+   $rex|=0x01 if($src>=8);
+   push @$opcode,($rex|0x40) if ($rex);
+}
+
 my $movq = sub {	# elderly gas can't handle inter-register movq
   my $arg = shift;
   my @opcode=(0x66);
@@ -834,6 +1066,10 @@ my $rdseed = sub {
     }
 };
 
+# Not all AVX-capable assemblers recognize AMD XOP extension. Since we
+# are using only two instructions hand-code them in order to be excused
+# from chasing assembler versions...
+
 sub rxb {
  my $opcode=shift;
  my ($dst,$src1,$src2,$rxb)=@_;
@@ -873,10 +1109,15 @@ my $vprotq = sub {
     }
 };
 
+# Intel Control-flow Enforcement Technology extension. All functions and
+# indirect branch targets will have to start with this instruction...
+
 my $endbranch = sub {
     (0xf3,0x0f,0x1e,0xfa);
 };
 
+########################################################################
+
 if ($nasm) {
     print <<___;
 default	rel
@@ -904,7 +1145,7 @@ while(defined(my $line=<>)) {
 	printf "%s",$directive->out();
     } elsif (my $opcode=opcode->re(\$line)) {
 	my $asm = eval("\$".$opcode->mnemonic());
-	
+
 	if ((ref($asm) eq 'CODE') && scalar(my @bytes=&$asm($line))) {
 	    print $gas?".byte\t":"DB\t",join(',',@bytes),"\n";
 	    next;
@@ -982,7 +1223,7 @@ close STDOUT;
 # %r13		-		-
 # %r14		-		-
 # %r15		-		-
-# 
+#
 # (*)	volatile register
 # (-)	preserved by callee
 # (#)	Nth argument, volatile
@@ -1063,6 +1304,7 @@ close STDOUT;
 #	movq	-16(%rcx),%rbx
 #	movq	-8(%rcx),%r15
 #	movq	%rcx,%rsp	# restore original rsp
+# magic_epilogue:
 #	ret
 # .size function,.-function
 #
@@ -1075,11 +1317,16 @@ close STDOUT;
 # EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
 #		CONTEXT *context,DISPATCHER_CONTEXT *disp)
 # {	ULONG64 *rsp = (ULONG64 *)context->Rax;
-#	if (context->Rip >= magic_point)
-#	{   rsp = ((ULONG64 **)context->Rsp)[0];
-#	    context->Rbp = rsp[-3];
-#	    context->Rbx = rsp[-2];
-#	    context->R15 = rsp[-1];
+#	ULONG64  rip = context->Rip;
+#
+#	if (rip >= magic_point)
+#	{   rsp = (ULONG64 *)context->Rsp;
+#	    if (rip < magic_epilogue)
+#	    {	rsp = (ULONG64 *)rsp[0];
+#		context->Rbp = rsp[-3];
+#		context->Rbx = rsp[-2];
+#		context->R15 = rsp[-1];
+#	    }
 #	}
 #	context->Rsp = (ULONG64)rsp;
 #	context->Rdi = rsp[1];
@@ -1171,16 +1418,15 @@ close STDOUT;
 # instruction and reflecting it in finer grade unwind logic in handler.
 # After all, isn't it why it's called *language-specific* handler...
 #
-# Attentive reader can notice that exceptions would be mishandled in
-# auto-generated "gear" epilogue. Well, exception effectively can't
-# occur there, because if memory area used by it was subject to
-# segmentation violation, then it would be raised upon call to the
-# function (and as already mentioned be accounted to caller, which is
-# not a problem). If you're still not comfortable, then define tail
-# "magic point" just prior ret instruction and have handler treat it...
+# SE handlers are also involved in unwinding stack when executable is
+# profiled or debugged. Profiling implies additional limitations that
+# are too subtle to discuss here. For now it's sufficient to say that
+# in order to simplify handlers one should either a) offload original
+# %rsp to stack (like discussed above); or b) if you have a register to
+# spare for frame pointer, choose volatile one.
 #
 # (*)	Note that we're talking about run-time, not debug-time. Lack of
 #	unwind information makes debugging hard on both Windows and
-#	Unix. "Unlike" referes to the fact that on Unix signal handler
+#	Unix. "Unlike" refers to the fact that on Unix signal handler
 #	will always be invoked, core dumped and appropriate exit code
 #	returned to parent (for user notification).
diff --git a/deps/openssl/openssl/crypto/perlasm/x86asm.pl b/deps/openssl/openssl/crypto/perlasm/x86asm.pl
index 1ff46c92cc..29dc1a2cfb 100644
--- a/deps/openssl/openssl/crypto/perlasm/x86asm.pl
+++ b/deps/openssl/openssl/crypto/perlasm/x86asm.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -8,7 +8,7 @@
 
 
 # require 'x86asm.pl';
-# &asm_init(<flavor>,"des-586.pl"[,$i386only]);
+# &asm_init(<flavor>[,$i386only]);
 # &function_begin("foo");
 # ...
 # &function_end("foo");
@@ -259,12 +259,11 @@ sub ::asm_finish
 }
 
 sub ::asm_init
-{ my ($type,$fn,$cpu)=@_;
+{ my ($type,$cpu)=@_;
 
-    $filename=$fn;
     $i386=$cpu;
 
-    $elf=$cpp=$coff=$aout=$macosx=$win32=$netware=$mwerks=$android=0;
+    $elf=$cpp=$coff=$aout=$macosx=$win32=$mwerks=$android=0;
     if    (($type eq "elf"))
     {	$elf=1;			require "x86gas.pl";	}
     elsif (($type eq "elf-1"))
@@ -275,10 +274,6 @@ sub ::asm_init
     {	$coff=1;		require "x86gas.pl";	}
     elsif (($type eq "win32n"))
     {	$win32=1;		require "x86nasm.pl";	}
-    elsif (($type eq "nw-nasm"))
-    {	$netware=1;		require "x86nasm.pl";	}
-    #elsif (($type eq "nw-mwasm"))
-    #{	$netware=1; $mwerks=1;	require "x86nasm.pl";	}
     elsif (($type eq "win32"))
     {	$win32=1;		require "x86masm.pl";	}
     elsif (($type eq "macosx"))
@@ -292,7 +287,6 @@ Pick one target type from
 	a.out	- DJGPP, elder OpenBSD, etc.
 	coff	- GAS/COFF such as Win32 targets
 	win32n	- Windows 95/Windows NT NASM format
-	nw-nasm - NetWare NASM format
 	macosx	- Mac OS X
 EOF
 	exit(1);
@@ -301,8 +295,7 @@ EOF
     $pic=0;
     for (@ARGV) { $pic=1 if (/\-[fK]PIC/i); }
 
-    $filename =~ s/\.pl$//;
-    &file($filename);
+    &file();
 }
 
 sub ::hidden {}
diff --git a/deps/openssl/openssl/crypto/perlasm/x86gas.pl b/deps/openssl/openssl/crypto/perlasm/x86gas.pl
index 2c8fce0779..5c7ea3880e 100644
--- a/deps/openssl/openssl/crypto/perlasm/x86gas.pl
+++ b/deps/openssl/openssl/crypto/perlasm/x86gas.pl
@@ -104,7 +104,7 @@ sub ::BC	{ @_;		}
 sub ::DWC	{ @_;		}
 
 sub ::file
-{   push(@out,".file\t\"$_[0].s\"\n.text\n");	}
+{   push(@out,".text\n");	}
 
 sub ::function_begin_B
 { my $func=shift;
diff --git a/deps/openssl/openssl/crypto/perlasm/x86masm.pl b/deps/openssl/openssl/crypto/perlasm/x86masm.pl
index d352f47055..dffee76211 100644
--- a/deps/openssl/openssl/crypto/perlasm/x86masm.pl
+++ b/deps/openssl/openssl/crypto/perlasm/x86masm.pl
@@ -85,7 +85,6 @@ sub ::DWC	{ "@_"; }
 
 sub ::file
 { my $tmp=<<___;
-TITLE	$_[0].asm
 IF \@Version LT 800
 ECHO MASM version 8.00 or later is strongly recommended.
 ENDIF
diff --git a/deps/openssl/openssl/crypto/perlasm/x86nasm.pl b/deps/openssl/openssl/crypto/perlasm/x86nasm.pl
index 4b664a870b..4e64dad92d 100644
--- a/deps/openssl/openssl/crypto/perlasm/x86nasm.pl
+++ b/deps/openssl/openssl/crypto/perlasm/x86nasm.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -12,7 +12,7 @@ package x86nasm;
 *out=\@::out;
 
 $::lbdecor="L\$";		# local label decoration
-$nmdecor=$::netware?"":"_";	# external name decoration
+$nmdecor="_";			# external name decoration
 $drdecor=$::mwerks?".":"";	# directive decoration
 
 $initseg="";
@@ -132,7 +132,7 @@ ___
 	grep {s/(^extern\s+${nmdecor}OPENSSL_ia32cap_P)/\;$1/} @out;
 	push (@out,$comm)
     }
-    push (@out,$initseg) if ($initseg);		
+    push (@out,$initseg) if ($initseg);
 }
 
 sub ::comment {   foreach (@_) { push(@out,"\t; $_\n"); }   }
diff --git a/deps/openssl/openssl/crypto/pkcs12/p12_key.c b/deps/openssl/openssl/crypto/pkcs12/p12_key.c
index 9c13a451e0..ab31a61295 100644
--- a/deps/openssl/openssl/crypto/pkcs12/p12_key.c
+++ b/deps/openssl/openssl/crypto/pkcs12/p12_key.c
@@ -78,10 +78,9 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
                        unsigned char *out, const EVP_MD *md_type)
 {
     unsigned char *B = NULL, *D = NULL, *I = NULL, *p = NULL, *Ai = NULL;
-    int Slen, Plen, Ilen, Ijlen;
+    int Slen, Plen, Ilen;
     int i, j, u, v;
     int ret = 0;
-    BIGNUM *Ij = NULL, *Bpl1 = NULL; /* These hold Ij and B + 1 */
     EVP_MD_CTX *ctx = NULL;
 #ifdef  OPENSSL_DEBUG_KEYGEN
     unsigned char *tmpout = out;
@@ -114,10 +113,7 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
         Plen = 0;
     Ilen = Slen + Plen;
     I = OPENSSL_malloc(Ilen);
-    Ij = BN_new();
-    Bpl1 = BN_new();
-    if (D == NULL || Ai == NULL || B == NULL || I == NULL || Ij == NULL
-            || Bpl1 == NULL)
+    if (D == NULL || Ai == NULL || B == NULL || I == NULL)
         goto err;
     for (i = 0; i < v; i++)
         D[i] = id;
@@ -151,33 +147,17 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
         out += u;
         for (j = 0; j < v; j++)
             B[j] = Ai[j % u];
-        /* Work out B + 1 first then can use B as tmp space */
-        if (!BN_bin2bn(B, v, Bpl1))
-            goto err;
-        if (!BN_add_word(Bpl1, 1))
-            goto err;
         for (j = 0; j < Ilen; j += v) {
-            if (!BN_bin2bn(I + j, v, Ij))
-                goto err;
-            if (!BN_add(Ij, Ij, Bpl1))
-                goto err;
-            if (!BN_bn2bin(Ij, B))
-                goto err;
-            Ijlen = BN_num_bytes(Ij);
-            /* If more than 2^(v*8) - 1 cut off MSB */
-            if (Ijlen > v) {
-                if (!BN_bn2bin(Ij, B))
-                    goto err;
-                memcpy(I + j, B + 1, v);
-#ifndef PKCS12_BROKEN_KEYGEN
-                /* If less than v bytes pad with zeroes */
-            } else if (Ijlen < v) {
-                memset(I + j, 0, v - Ijlen);
-                if (!BN_bn2bin(Ij, I + j + v - Ijlen))
-                    goto err;
-#endif
-            } else if (!BN_bn2bin(Ij, I + j))
-                goto err;
+            int k;
+            unsigned char *Ij = I + j;
+            uint16_t c = 1;
+
+            /* Work out Ij = Ij + B + 1 */
+            for (k = v - 1; k >= 0; k--) {
+                c += Ij[k] + B[k];
+                Ij[k] = (unsigned char)c;
+                c >>= 8;
+            }
         }
     }
 
@@ -189,8 +169,6 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
     OPENSSL_free(B);
     OPENSSL_free(D);
     OPENSSL_free(I);
-    BN_free(Ij);
-    BN_free(Bpl1);
     EVP_MD_CTX_free(ctx);
     return ret;
 }
diff --git a/deps/openssl/openssl/crypto/pkcs12/p12_sbag.c b/deps/openssl/openssl/crypto/pkcs12/p12_sbag.c
index 4a3d259930..a09c5b9313 100644
--- a/deps/openssl/openssl/crypto/pkcs12/p12_sbag.c
+++ b/deps/openssl/openssl/crypto/pkcs12/p12_sbag.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -146,25 +146,17 @@ PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid,
     X509_SIG *p8;
 
     pbe_ciph = EVP_get_cipherbynid(pbe_nid);
-
     if (pbe_ciph)
         pbe_nid = -1;
 
     p8 = PKCS8_encrypt(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen, iter,
                        p8inf);
-
-    if (p8 == NULL) {
-        PKCS12err(PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE);
+    if (p8 == NULL)
         return NULL;
-    }
 
     bag = PKCS12_SAFEBAG_create0_pkcs8(p8);
-
-    if (bag == NULL) {
-        PKCS12err(PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE);
+    if (bag == NULL)
         X509_SIG_free(p8);
-        return NULL;
-    }
 
     return bag;
 }
diff --git a/deps/openssl/openssl/crypto/pkcs12/p12_utl.c b/deps/openssl/openssl/crypto/pkcs12/p12_utl.c
index 07014786f6..43b9e3a594 100644
--- a/deps/openssl/openssl/crypto/pkcs12/p12_utl.c
+++ b/deps/openssl/openssl/crypto/pkcs12/p12_utl.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -22,8 +22,10 @@ unsigned char *OPENSSL_asc2uni(const char *asc, int asclen,
     if (asclen == -1)
         asclen = strlen(asc);
     ulen = asclen * 2 + 2;
-    if ((unitmp = OPENSSL_malloc(ulen)) == NULL)
+    if ((unitmp = OPENSSL_malloc(ulen)) == NULL) {
+        PKCS12err(PKCS12_F_OPENSSL_ASC2UNI, ERR_R_MALLOC_FAILURE);
         return NULL;
+    }
     for (i = 0; i < ulen - 2; i += 2) {
         unitmp[i] = 0;
         unitmp[i + 1] = asc[i >> 1];
@@ -50,8 +52,10 @@ char *OPENSSL_uni2asc(const unsigned char *uni, int unilen)
     if (!unilen || uni[unilen - 1])
         asclen++;
     uni++;
-    if ((asctmp = OPENSSL_malloc(asclen)) == NULL)
+    if ((asctmp = OPENSSL_malloc(asclen)) == NULL) {
+        PKCS12err(PKCS12_F_OPENSSL_UNI2ASC, ERR_R_MALLOC_FAILURE);
         return NULL;
+    }
     for (i = 0; i < unilen; i += 2)
         asctmp[i >> 1] = uni[i];
     asctmp[asclen - 1] = 0;
@@ -97,10 +101,10 @@ unsigned char *OPENSSL_utf82uni(const char *asc, int asclen,
          * decoding failure...
          */
         if (j < 0)
-	    return OPENSSL_asc2uni(asc, asclen, uni, unilen);
+            return OPENSSL_asc2uni(asc, asclen, uni, unilen);
 
         if (utf32chr > 0x10FFFF)        /* UTF-16 cap */
-	    return NULL;
+            return NULL;
 
         if (utf32chr >= 0x10000)        /* pair of UTF-16 characters */
             ulen += 2*2;
@@ -110,9 +114,10 @@ unsigned char *OPENSSL_utf82uni(const char *asc, int asclen,
 
     ulen += 2;  /* for trailing UTF16 zero */
 
-    if ((ret = OPENSSL_malloc(ulen)) == NULL)
+    if ((ret = OPENSSL_malloc(ulen)) == NULL) {
+        PKCS12err(PKCS12_F_OPENSSL_UTF82UNI, ERR_R_MALLOC_FAILURE);
         return NULL;
-
+    }
     /* re-run the loop writing down UTF-16 characters in big-endian order */
     for (unitmp = ret, i = 0; i < asclen; i += j) {
         j = UTF8_getc((const unsigned char *)asc+i, asclen-i, &utf32chr);
@@ -194,8 +199,10 @@ char *OPENSSL_uni2utf8(const unsigned char *uni, int unilen)
     if (!unilen || (uni[unilen-2]||uni[unilen - 1]))
         asclen++;
 
-    if ((asctmp = OPENSSL_malloc(asclen)) == NULL)
+    if ((asctmp = OPENSSL_malloc(asclen)) == NULL) {
+        PKCS12err(PKCS12_F_OPENSSL_UNI2UTF8, ERR_R_MALLOC_FAILURE);
         return NULL;
+    }
 
     /* re-run the loop emitting UTF-8 string */
     for (asclen = 0, i = 0; i < unilen; ) {
diff --git a/deps/openssl/openssl/crypto/pkcs12/pk12err.c b/deps/openssl/openssl/crypto/pkcs12/pk12err.c
index f705084a2a..38ce5197ee 100644
--- a/deps/openssl/openssl/crypto/pkcs12/pk12err.c
+++ b/deps/openssl/openssl/crypto/pkcs12/pk12err.c
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -8,75 +8,98 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
 #include <openssl/err.h>
-#include <openssl/pkcs12.h>
+#include <openssl/pkcs12err.h>
 
-/* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS12,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS12,0,reason)
-
-static ERR_STRING_DATA PKCS12_str_functs[] = {
-    {ERR_FUNC(PKCS12_F_PKCS12_CREATE), "PKCS12_create"},
-    {ERR_FUNC(PKCS12_F_PKCS12_GEN_MAC), "PKCS12_gen_mac"},
-    {ERR_FUNC(PKCS12_F_PKCS12_INIT), "PKCS12_init"},
-    {ERR_FUNC(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I), "PKCS12_item_decrypt_d2i"},
-    {ERR_FUNC(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT), "PKCS12_item_i2d_encrypt"},
-    {ERR_FUNC(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG), "PKCS12_item_pack_safebag"},
-    {ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_ASC), "PKCS12_key_gen_asc"},
-    {ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_UNI), "PKCS12_key_gen_uni"},
-    {ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_UTF8), "PKCS12_key_gen_utf8"},
-    {ERR_FUNC(PKCS12_F_PKCS12_NEWPASS), "PKCS12_newpass"},
-    {ERR_FUNC(PKCS12_F_PKCS12_PACK_P7DATA), "PKCS12_pack_p7data"},
-    {ERR_FUNC(PKCS12_F_PKCS12_PACK_P7ENCDATA), "PKCS12_pack_p7encdata"},
-    {ERR_FUNC(PKCS12_F_PKCS12_PARSE), "PKCS12_parse"},
-    {ERR_FUNC(PKCS12_F_PKCS12_PBE_CRYPT), "PKCS12_pbe_crypt"},
-    {ERR_FUNC(PKCS12_F_PKCS12_PBE_KEYIVGEN), "PKCS12_PBE_keyivgen"},
-    {ERR_FUNC(PKCS12_F_PKCS12_SAFEBAG_CREATE0_P8INF),
+static const ERR_STRING_DATA PKCS12_str_functs[] = {
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_OPENSSL_ASC2UNI, 0), "OPENSSL_asc2uni"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_OPENSSL_UNI2ASC, 0), "OPENSSL_uni2asc"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_OPENSSL_UNI2UTF8, 0),
+     "OPENSSL_uni2utf8"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_OPENSSL_UTF82UNI, 0),
+     "OPENSSL_utf82uni"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_CREATE, 0), "PKCS12_create"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_GEN_MAC, 0), "PKCS12_gen_mac"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_INIT, 0), "PKCS12_init"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_ITEM_DECRYPT_D2I, 0),
+     "PKCS12_item_decrypt_d2i"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, 0),
+     "PKCS12_item_i2d_encrypt"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, 0),
+     "PKCS12_item_pack_safebag"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_KEY_GEN_ASC, 0),
+     "PKCS12_key_gen_asc"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_KEY_GEN_UNI, 0),
+     "PKCS12_key_gen_uni"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_KEY_GEN_UTF8, 0),
+     "PKCS12_key_gen_utf8"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_NEWPASS, 0), "PKCS12_newpass"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_PACK_P7DATA, 0),
+     "PKCS12_pack_p7data"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_PACK_P7ENCDATA, 0),
+     "PKCS12_pack_p7encdata"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_PARSE, 0), "PKCS12_parse"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_PBE_CRYPT, 0),
+     "PKCS12_pbe_crypt"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_PBE_KEYIVGEN, 0),
+     "PKCS12_PBE_keyivgen"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_SAFEBAG_CREATE0_P8INF, 0),
      "PKCS12_SAFEBAG_create0_p8inf"},
-    {ERR_FUNC(PKCS12_F_PKCS12_SAFEBAG_CREATE0_PKCS8),
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_SAFEBAG_CREATE0_PKCS8, 0),
      "PKCS12_SAFEBAG_create0_pkcs8"},
-    {ERR_FUNC(PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT),
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT, 0),
      "PKCS12_SAFEBAG_create_pkcs8_encrypt"},
-    {ERR_FUNC(PKCS12_F_PKCS12_SETUP_MAC), "PKCS12_setup_mac"},
-    {ERR_FUNC(PKCS12_F_PKCS12_SET_MAC), "PKCS12_set_mac"},
-    {ERR_FUNC(PKCS12_F_PKCS12_UNPACK_AUTHSAFES), "PKCS12_unpack_authsafes"},
-    {ERR_FUNC(PKCS12_F_PKCS12_UNPACK_P7DATA), "PKCS12_unpack_p7data"},
-    {ERR_FUNC(PKCS12_F_PKCS12_VERIFY_MAC), "PKCS12_verify_mac"},
-    {ERR_FUNC(PKCS12_F_PKCS8_ENCRYPT), "PKCS8_encrypt"},
-    {ERR_FUNC(PKCS12_F_PKCS8_SET0_PBE), "PKCS8_set0_pbe"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_SETUP_MAC, 0),
+     "PKCS12_setup_mac"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_SET_MAC, 0), "PKCS12_set_mac"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_UNPACK_AUTHSAFES, 0),
+     "PKCS12_unpack_authsafes"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_UNPACK_P7DATA, 0),
+     "PKCS12_unpack_p7data"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_VERIFY_MAC, 0),
+     "PKCS12_verify_mac"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS8_ENCRYPT, 0), "PKCS8_encrypt"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS8_SET0_PBE, 0), "PKCS8_set0_pbe"},
     {0, NULL}
 };
 
-static ERR_STRING_DATA PKCS12_str_reasons[] = {
-    {ERR_REASON(PKCS12_R_CANT_PACK_STRUCTURE), "cant pack structure"},
-    {ERR_REASON(PKCS12_R_CONTENT_TYPE_NOT_DATA), "content type not data"},
-    {ERR_REASON(PKCS12_R_DECODE_ERROR), "decode error"},
-    {ERR_REASON(PKCS12_R_ENCODE_ERROR), "encode error"},
-    {ERR_REASON(PKCS12_R_ENCRYPT_ERROR), "encrypt error"},
-    {ERR_REASON(PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE),
-     "error setting encrypted data type"},
-    {ERR_REASON(PKCS12_R_INVALID_NULL_ARGUMENT), "invalid null argument"},
-    {ERR_REASON(PKCS12_R_INVALID_NULL_PKCS12_POINTER),
-     "invalid null pkcs12 pointer"},
-    {ERR_REASON(PKCS12_R_IV_GEN_ERROR), "iv gen error"},
-    {ERR_REASON(PKCS12_R_KEY_GEN_ERROR), "key gen error"},
-    {ERR_REASON(PKCS12_R_MAC_ABSENT), "mac absent"},
-    {ERR_REASON(PKCS12_R_MAC_GENERATION_ERROR), "mac generation error"},
-    {ERR_REASON(PKCS12_R_MAC_SETUP_ERROR), "mac setup error"},
-    {ERR_REASON(PKCS12_R_MAC_STRING_SET_ERROR), "mac string set error"},
-    {ERR_REASON(PKCS12_R_MAC_VERIFY_FAILURE), "mac verify failure"},
-    {ERR_REASON(PKCS12_R_PARSE_ERROR), "parse error"},
-    {ERR_REASON(PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR),
-     "pkcs12 algor cipherinit error"},
-    {ERR_REASON(PKCS12_R_PKCS12_CIPHERFINAL_ERROR),
-     "pkcs12 cipherfinal error"},
-    {ERR_REASON(PKCS12_R_PKCS12_PBE_CRYPT_ERROR), "pkcs12 pbe crypt error"},
-    {ERR_REASON(PKCS12_R_UNKNOWN_DIGEST_ALGORITHM),
-     "unknown digest algorithm"},
-    {ERR_REASON(PKCS12_R_UNSUPPORTED_PKCS12_MODE), "unsupported pkcs12 mode"},
+static const ERR_STRING_DATA PKCS12_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_CANT_PACK_STRUCTURE),
+    "cant pack structure"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_CONTENT_TYPE_NOT_DATA),
+    "content type not data"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_DECODE_ERROR), "decode error"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_ENCODE_ERROR), "encode error"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_ENCRYPT_ERROR), "encrypt error"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE),
+    "error setting encrypted data type"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_INVALID_NULL_ARGUMENT),
+    "invalid null argument"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_INVALID_NULL_PKCS12_POINTER),
+    "invalid null pkcs12 pointer"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_IV_GEN_ERROR), "iv gen error"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_KEY_GEN_ERROR), "key gen error"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_MAC_ABSENT), "mac absent"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_MAC_GENERATION_ERROR),
+    "mac generation error"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_MAC_SETUP_ERROR), "mac setup error"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_MAC_STRING_SET_ERROR),
+    "mac string set error"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_MAC_VERIFY_FAILURE),
+    "mac verify failure"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_PARSE_ERROR), "parse error"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR),
+    "pkcs12 algor cipherinit error"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_PKCS12_CIPHERFINAL_ERROR),
+    "pkcs12 cipherfinal error"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_PKCS12_PBE_CRYPT_ERROR),
+    "pkcs12 pbe crypt error"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM),
+    "unknown digest algorithm"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_UNSUPPORTED_PKCS12_MODE),
+    "unsupported pkcs12 mode"},
     {0, NULL}
 };
 
@@ -85,10 +108,9 @@ static ERR_STRING_DATA PKCS12_str_reasons[] = {
 int ERR_load_PKCS12_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
-
     if (ERR_func_error_string(PKCS12_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, PKCS12_str_functs);
-        ERR_load_strings(0, PKCS12_str_reasons);
+        ERR_load_strings_const(PKCS12_str_functs);
+        ERR_load_strings_const(PKCS12_str_reasons);
     }
 #endif
     return 1;
diff --git a/deps/openssl/openssl/crypto/pkcs7/pk7_doit.c b/deps/openssl/openssl/crypto/pkcs7/pk7_doit.c
index e6e80f08d3..ee08e602a1 100644
--- a/deps/openssl/openssl/crypto/pkcs7/pk7_doit.c
+++ b/deps/openssl/openssl/crypto/pkcs7/pk7_doit.c
@@ -809,13 +809,13 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
     ret = 1;
  err:
     EVP_MD_CTX_free(ctx_tmp);
-    return (ret);
+    return ret;
 }
 
 int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
 {
     EVP_MD_CTX *mctx;
-    EVP_PKEY_CTX *pctx;
+    EVP_PKEY_CTX *pctx = NULL;
     unsigned char *abuf = NULL;
     int alen;
     size_t siglen;
@@ -1041,7 +1041,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
     ret = 1;
  err:
     EVP_MD_CTX_free(mdc_tmp);
-    return (ret);
+    return ret;
 }
 
 PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx)
@@ -1059,19 +1059,19 @@ PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx)
     if (rsk == NULL)
         return NULL;
     if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx)
-        return (NULL);
+        return NULL;
     ri = sk_PKCS7_RECIP_INFO_value(rsk, idx);
-    return (ri->issuer_and_serial);
+    return ri->issuer_and_serial;
 }
 
 ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid)
 {
-    return (get_attribute(si->auth_attr, nid));
+    return get_attribute(si->auth_attr, nid);
 }
 
 ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid)
 {
-    return (get_attribute(si->unauth_attr, nid));
+    return get_attribute(si->unauth_attr, nid);
 }
 
 static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid)
@@ -1105,9 +1105,9 @@ int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
                                    X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value
                                                       (sk, i))))
             == NULL)
-            return (0);
+            return 0;
     }
-    return (1);
+    return 1;
 }
 
 int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,
@@ -1124,21 +1124,21 @@ int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,
                                    X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value
                                                       (sk, i))))
             == NULL)
-            return (0);
+            return 0;
     }
-    return (1);
+    return 1;
 }
 
 int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
                                void *value)
 {
-    return (add_attribute(&(p7si->auth_attr), nid, atrtype, value));
+    return add_attribute(&(p7si->auth_attr), nid, atrtype, value);
 }
 
 int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
                         void *value)
 {
-    return (add_attribute(&(p7si->unauth_attr), nid, atrtype, value));
+    return add_attribute(&(p7si->unauth_attr), nid, atrtype, value);
 }
 
 static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
@@ -1176,5 +1176,5 @@ static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
         goto new_attrib;
     }
  end:
-    return (1);
+    return 1;
 }
diff --git a/deps/openssl/openssl/crypto/pkcs7/pk7_enc.c b/deps/openssl/openssl/crypto/pkcs7/pk7_enc.c
deleted file mode 100644
index 3c59f9c8c5..0000000000
--- a/deps/openssl/openssl/crypto/pkcs7/pk7_enc.c
+++ /dev/null
@@ -1,25 +0,0 @@
-/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include <stdio.h>
-#include "internal/cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/pkcs7.h>
-
-PKCS7_in_bio(PKCS7 *p7, BIO *in);
-PKCS7_out_bio(PKCS7 *p7, BIO *out);
-
-PKCS7_add_signer(PKCS7 *p7, X509 *cert, EVP_PKEY *key);
-PKCS7_cipher(PKCS7 *p7, EVP_CIPHER *cipher);
-
-PKCS7_Init(PKCS7 *p7);
-PKCS7_Update(PKCS7 *p7);
-PKCS7_Finish(PKCS7 *p7);
diff --git a/deps/openssl/openssl/crypto/pkcs7/pk7_lib.c b/deps/openssl/openssl/crypto/pkcs7/pk7_lib.c
index 371b9c99ff..16b76431d1 100644
--- a/deps/openssl/openssl/crypto/pkcs7/pk7_lib.c
+++ b/deps/openssl/openssl/crypto/pkcs7/pk7_lib.c
@@ -57,7 +57,7 @@ long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg)
         PKCS7err(PKCS7_F_PKCS7_CTRL, PKCS7_R_UNKNOWN_OPERATION);
         ret = 0;
     }
-    return (ret);
+    return ret;
 }
 
 int PKCS7_content_new(PKCS7 *p7, int type)
@@ -71,10 +71,10 @@ int PKCS7_content_new(PKCS7 *p7, int type)
     if (!PKCS7_set_content(p7, ret))
         goto err;
 
-    return (1);
+    return 1;
  err:
     PKCS7_free(ret);
-    return (0);
+    return 0;
 }
 
 int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data)
@@ -99,9 +99,9 @@ int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data)
         PKCS7err(PKCS7_F_PKCS7_SET_CONTENT, PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
         goto err;
     }
-    return (1);
+    return 1;
  err:
-    return (0);
+    return 0;
 }
 
 int PKCS7_set_type(PKCS7 *p7, int type)
@@ -170,9 +170,9 @@ int PKCS7_set_type(PKCS7 *p7, int type)
         PKCS7err(PKCS7_F_PKCS7_SET_TYPE, PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
         goto err;
     }
-    return (1);
+    return 1;
  err:
-    return (0);
+    return 0;
 }
 
 int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other)
@@ -201,7 +201,7 @@ int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi)
         break;
     default:
         PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER, PKCS7_R_WRONG_CONTENT_TYPE);
-        return (0);
+        return 0;
     }
 
     nid = OBJ_obj2nid(psi->digest_alg->algorithm);
@@ -220,7 +220,7 @@ int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi)
             || (alg->parameter = ASN1_TYPE_new()) == NULL) {
             X509_ALGOR_free(alg);
             PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER, ERR_R_MALLOC_FAILURE);
-            return (0);
+            return 0;
         }
         alg->algorithm = OBJ_nid2obj(nid);
         alg->parameter->type = V_ASN1_NULL;
@@ -232,7 +232,7 @@ int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi)
 
     if (!sk_PKCS7_SIGNER_INFO_push(signer_sk, psi))
         return 0;
-    return (1);
+    return 1;
 }
 
 int PKCS7_add_certificate(PKCS7 *p7, X509 *x509)
@@ -250,7 +250,7 @@ int PKCS7_add_certificate(PKCS7 *p7, X509 *x509)
         break;
     default:
         PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE, PKCS7_R_WRONG_CONTENT_TYPE);
-        return (0);
+        return 0;
     }
 
     if (*sk == NULL)
@@ -264,7 +264,7 @@ int PKCS7_add_certificate(PKCS7 *p7, X509 *x509)
         X509_free(x509);
         return 0;
     }
-    return (1);
+    return 1;
 }
 
 int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl)
@@ -282,7 +282,7 @@ int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl)
         break;
     default:
         PKCS7err(PKCS7_F_PKCS7_ADD_CRL, PKCS7_R_WRONG_CONTENT_TYPE);
-        return (0);
+        return 0;
     }
 
     if (*sk == NULL)
@@ -297,7 +297,7 @@ int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl)
         X509_CRL_free(crl);
         return 0;
     }
-    return (1);
+    return 1;
 }
 
 int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
@@ -368,10 +368,10 @@ PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey,
         goto err;
     if (!PKCS7_add_signer(p7, si))
         goto err;
-    return (si);
+    return si;
  err:
     PKCS7_SIGNER_INFO_free(si);
-    return (NULL);
+    return NULL;
 }
 
 int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md)
@@ -395,11 +395,11 @@ STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
     if (p7 == NULL || p7->d.ptr == NULL)
         return NULL;
     if (PKCS7_type_is_signed(p7)) {
-        return (p7->d.sign->signer_info);
+        return p7->d.sign->signer_info;
     } else if (PKCS7_type_is_signedAndEnveloped(p7)) {
-        return (p7->d.signed_and_enveloped->signer_info);
+        return p7->d.signed_and_enveloped->signer_info;
     } else
-        return (NULL);
+        return NULL;
 }
 
 void PKCS7_SIGNER_INFO_get0_algs(PKCS7_SIGNER_INFO *si, EVP_PKEY **pk,
@@ -451,12 +451,12 @@ int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri)
     default:
         PKCS7err(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,
                  PKCS7_R_WRONG_CONTENT_TYPE);
-        return (0);
+        return 0;
     }
 
     if (!sk_PKCS7_RECIP_INFO_push(sk, ri))
         return 0;
-    return (1);
+    return 1;
 }
 
 int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)
@@ -511,7 +511,7 @@ X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si)
                                                si->
                                                issuer_and_serial->serial));
     else
-        return (NULL);
+        return NULL;
 }
 
 int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher)
@@ -529,7 +529,7 @@ int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher)
         break;
     default:
         PKCS7err(PKCS7_F_PKCS7_SET_CIPHER, PKCS7_R_WRONG_CONTENT_TYPE);
-        return (0);
+        return 0;
     }
 
     /* Check cipher OID exists and has data in it */
@@ -537,7 +537,7 @@ int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher)
     if (i == NID_undef) {
         PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,
                  PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
-        return (0);
+        return 0;
     }
 
     ec->cipher = cipher;
diff --git a/deps/openssl/openssl/crypto/pkcs7/pk7_mime.c b/deps/openssl/openssl/crypto/pkcs7/pk7_mime.c
index 97474cf519..19e6868148 100644
--- a/deps/openssl/openssl/crypto/pkcs7/pk7_mime.c
+++ b/deps/openssl/openssl/crypto/pkcs7/pk7_mime.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -8,7 +8,6 @@
  */
 
 #include <stdio.h>
-#include <ctype.h>
 #include "internal/cryptlib.h"
 #include <openssl/x509.h>
 #include <openssl/asn1.h>
diff --git a/deps/openssl/openssl/crypto/pkcs7/pkcs7err.c b/deps/openssl/openssl/crypto/pkcs7/pkcs7err.c
index d5baa9b832..07490c1a58 100644
--- a/deps/openssl/openssl/crypto/pkcs7/pkcs7err.c
+++ b/deps/openssl/openssl/crypto/pkcs7/pkcs7err.c
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -8,111 +8,137 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
 #include <openssl/err.h>
-#include <openssl/pkcs7.h>
+#include <openssl/pkcs7err.h>
 
-/* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS7,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS7,0,reason)
-
-static ERR_STRING_DATA PKCS7_str_functs[] = {
-    {ERR_FUNC(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB), "do_pkcs7_signed_attrib"},
-    {ERR_FUNC(PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME),
+static const ERR_STRING_DATA PKCS7_str_functs[] = {
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, 0),
+     "do_pkcs7_signed_attrib"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME, 0),
      "PKCS7_add0_attrib_signing_time"},
-    {ERR_FUNC(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP),
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP, 0),
      "PKCS7_add_attrib_smimecap"},
-    {ERR_FUNC(PKCS7_F_PKCS7_ADD_CERTIFICATE), "PKCS7_add_certificate"},
-    {ERR_FUNC(PKCS7_F_PKCS7_ADD_CRL), "PKCS7_add_crl"},
-    {ERR_FUNC(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO), "PKCS7_add_recipient_info"},
-    {ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNATURE), "PKCS7_add_signature"},
-    {ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNER), "PKCS7_add_signer"},
-    {ERR_FUNC(PKCS7_F_PKCS7_BIO_ADD_DIGEST), "PKCS7_bio_add_digest"},
-    {ERR_FUNC(PKCS7_F_PKCS7_COPY_EXISTING_DIGEST),
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_ADD_CERTIFICATE, 0),
+     "PKCS7_add_certificate"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_ADD_CRL, 0), "PKCS7_add_crl"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_ADD_RECIPIENT_INFO, 0),
+     "PKCS7_add_recipient_info"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_ADD_SIGNATURE, 0),
+     "PKCS7_add_signature"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_ADD_SIGNER, 0), "PKCS7_add_signer"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_BIO_ADD_DIGEST, 0),
+     "PKCS7_bio_add_digest"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_COPY_EXISTING_DIGEST, 0),
      "pkcs7_copy_existing_digest"},
-    {ERR_FUNC(PKCS7_F_PKCS7_CTRL), "PKCS7_ctrl"},
-    {ERR_FUNC(PKCS7_F_PKCS7_DATADECODE), "PKCS7_dataDecode"},
-    {ERR_FUNC(PKCS7_F_PKCS7_DATAFINAL), "PKCS7_dataFinal"},
-    {ERR_FUNC(PKCS7_F_PKCS7_DATAINIT), "PKCS7_dataInit"},
-    {ERR_FUNC(PKCS7_F_PKCS7_DATAVERIFY), "PKCS7_dataVerify"},
-    {ERR_FUNC(PKCS7_F_PKCS7_DECRYPT), "PKCS7_decrypt"},
-    {ERR_FUNC(PKCS7_F_PKCS7_DECRYPT_RINFO), "pkcs7_decrypt_rinfo"},
-    {ERR_FUNC(PKCS7_F_PKCS7_ENCODE_RINFO), "pkcs7_encode_rinfo"},
-    {ERR_FUNC(PKCS7_F_PKCS7_ENCRYPT), "PKCS7_encrypt"},
-    {ERR_FUNC(PKCS7_F_PKCS7_FINAL), "PKCS7_final"},
-    {ERR_FUNC(PKCS7_F_PKCS7_FIND_DIGEST), "PKCS7_find_digest"},
-    {ERR_FUNC(PKCS7_F_PKCS7_GET0_SIGNERS), "PKCS7_get0_signers"},
-    {ERR_FUNC(PKCS7_F_PKCS7_RECIP_INFO_SET), "PKCS7_RECIP_INFO_set"},
-    {ERR_FUNC(PKCS7_F_PKCS7_SET_CIPHER), "PKCS7_set_cipher"},
-    {ERR_FUNC(PKCS7_F_PKCS7_SET_CONTENT), "PKCS7_set_content"},
-    {ERR_FUNC(PKCS7_F_PKCS7_SET_DIGEST), "PKCS7_set_digest"},
-    {ERR_FUNC(PKCS7_F_PKCS7_SET_TYPE), "PKCS7_set_type"},
-    {ERR_FUNC(PKCS7_F_PKCS7_SIGN), "PKCS7_sign"},
-    {ERR_FUNC(PKCS7_F_PKCS7_SIGNATUREVERIFY), "PKCS7_signatureVerify"},
-    {ERR_FUNC(PKCS7_F_PKCS7_SIGNER_INFO_SET), "PKCS7_SIGNER_INFO_set"},
-    {ERR_FUNC(PKCS7_F_PKCS7_SIGNER_INFO_SIGN), "PKCS7_SIGNER_INFO_sign"},
-    {ERR_FUNC(PKCS7_F_PKCS7_SIGN_ADD_SIGNER), "PKCS7_sign_add_signer"},
-    {ERR_FUNC(PKCS7_F_PKCS7_SIMPLE_SMIMECAP), "PKCS7_simple_smimecap"},
-    {ERR_FUNC(PKCS7_F_PKCS7_VERIFY), "PKCS7_verify"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_CTRL, 0), "PKCS7_ctrl"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_DATADECODE, 0), "PKCS7_dataDecode"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_DATAFINAL, 0), "PKCS7_dataFinal"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_DATAINIT, 0), "PKCS7_dataInit"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_DATAVERIFY, 0), "PKCS7_dataVerify"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_DECRYPT, 0), "PKCS7_decrypt"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_DECRYPT_RINFO, 0),
+     "pkcs7_decrypt_rinfo"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_ENCODE_RINFO, 0),
+     "pkcs7_encode_rinfo"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_ENCRYPT, 0), "PKCS7_encrypt"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_FINAL, 0), "PKCS7_final"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_FIND_DIGEST, 0),
+     "PKCS7_find_digest"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_GET0_SIGNERS, 0),
+     "PKCS7_get0_signers"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_RECIP_INFO_SET, 0),
+     "PKCS7_RECIP_INFO_set"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SET_CIPHER, 0), "PKCS7_set_cipher"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SET_CONTENT, 0),
+     "PKCS7_set_content"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SET_DIGEST, 0), "PKCS7_set_digest"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SET_TYPE, 0), "PKCS7_set_type"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SIGN, 0), "PKCS7_sign"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SIGNATUREVERIFY, 0),
+     "PKCS7_signatureVerify"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SIGNER_INFO_SET, 0),
+     "PKCS7_SIGNER_INFO_set"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SIGNER_INFO_SIGN, 0),
+     "PKCS7_SIGNER_INFO_sign"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SIGN_ADD_SIGNER, 0),
+     "PKCS7_sign_add_signer"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SIMPLE_SMIMECAP, 0),
+     "PKCS7_simple_smimecap"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_VERIFY, 0), "PKCS7_verify"},
     {0, NULL}
 };
 
-static ERR_STRING_DATA PKCS7_str_reasons[] = {
-    {ERR_REASON(PKCS7_R_CERTIFICATE_VERIFY_ERROR),
-     "certificate verify error"},
-    {ERR_REASON(PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),
-     "cipher has no object identifier"},
-    {ERR_REASON(PKCS7_R_CIPHER_NOT_INITIALIZED), "cipher not initialized"},
-    {ERR_REASON(PKCS7_R_CONTENT_AND_DATA_PRESENT),
-     "content and data present"},
-    {ERR_REASON(PKCS7_R_CTRL_ERROR), "ctrl error"},
-    {ERR_REASON(PKCS7_R_DECRYPT_ERROR), "decrypt error"},
-    {ERR_REASON(PKCS7_R_DIGEST_FAILURE), "digest failure"},
-    {ERR_REASON(PKCS7_R_ENCRYPTION_CTRL_FAILURE), "encryption ctrl failure"},
-    {ERR_REASON(PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),
-     "encryption not supported for this key type"},
-    {ERR_REASON(PKCS7_R_ERROR_ADDING_RECIPIENT), "error adding recipient"},
-    {ERR_REASON(PKCS7_R_ERROR_SETTING_CIPHER), "error setting cipher"},
-    {ERR_REASON(PKCS7_R_INVALID_NULL_POINTER), "invalid null pointer"},
-    {ERR_REASON(PKCS7_R_INVALID_SIGNED_DATA_TYPE),
-     "invalid signed data type"},
-    {ERR_REASON(PKCS7_R_NO_CONTENT), "no content"},
-    {ERR_REASON(PKCS7_R_NO_DEFAULT_DIGEST), "no default digest"},
-    {ERR_REASON(PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND),
-     "no matching digest type found"},
-    {ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE),
-     "no recipient matches certificate"},
-    {ERR_REASON(PKCS7_R_NO_SIGNATURES_ON_DATA), "no signatures on data"},
-    {ERR_REASON(PKCS7_R_NO_SIGNERS), "no signers"},
-    {ERR_REASON(PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE),
-     "operation not supported on this type"},
-    {ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR),
-     "pkcs7 add signature error"},
-    {ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNER_ERROR), "pkcs7 add signer error"},
-    {ERR_REASON(PKCS7_R_PKCS7_DATASIGN), "pkcs7 datasign"},
-    {ERR_REASON(PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),
-     "private key does not match certificate"},
-    {ERR_REASON(PKCS7_R_SIGNATURE_FAILURE), "signature failure"},
-    {ERR_REASON(PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND),
-     "signer certificate not found"},
-    {ERR_REASON(PKCS7_R_SIGNING_CTRL_FAILURE), "signing ctrl failure"},
-    {ERR_REASON(PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),
-     "signing not supported for this key type"},
-    {ERR_REASON(PKCS7_R_SMIME_TEXT_ERROR), "smime text error"},
-    {ERR_REASON(PKCS7_R_UNABLE_TO_FIND_CERTIFICATE),
-     "unable to find certificate"},
-    {ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MEM_BIO), "unable to find mem bio"},
-    {ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST),
-     "unable to find message digest"},
-    {ERR_REASON(PKCS7_R_UNKNOWN_DIGEST_TYPE), "unknown digest type"},
-    {ERR_REASON(PKCS7_R_UNKNOWN_OPERATION), "unknown operation"},
-    {ERR_REASON(PKCS7_R_UNSUPPORTED_CIPHER_TYPE), "unsupported cipher type"},
-    {ERR_REASON(PKCS7_R_UNSUPPORTED_CONTENT_TYPE),
-     "unsupported content type"},
-    {ERR_REASON(PKCS7_R_WRONG_CONTENT_TYPE), "wrong content type"},
-    {ERR_REASON(PKCS7_R_WRONG_PKCS7_TYPE), "wrong pkcs7 type"},
+static const ERR_STRING_DATA PKCS7_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_CERTIFICATE_VERIFY_ERROR),
+    "certificate verify error"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),
+    "cipher has no object identifier"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_CIPHER_NOT_INITIALIZED),
+    "cipher not initialized"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_CONTENT_AND_DATA_PRESENT),
+    "content and data present"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_CTRL_ERROR), "ctrl error"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_DECRYPT_ERROR), "decrypt error"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_DIGEST_FAILURE), "digest failure"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_ENCRYPTION_CTRL_FAILURE),
+    "encryption ctrl failure"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),
+    "encryption not supported for this key type"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_ERROR_ADDING_RECIPIENT),
+    "error adding recipient"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_ERROR_SETTING_CIPHER),
+    "error setting cipher"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_INVALID_NULL_POINTER),
+    "invalid null pointer"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_INVALID_SIGNED_DATA_TYPE),
+    "invalid signed data type"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_NO_CONTENT), "no content"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_NO_DEFAULT_DIGEST),
+    "no default digest"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND),
+    "no matching digest type found"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE),
+    "no recipient matches certificate"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_NO_SIGNATURES_ON_DATA),
+    "no signatures on data"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_NO_SIGNERS), "no signers"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE),
+    "operation not supported on this type"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR),
+    "pkcs7 add signature error"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_PKCS7_ADD_SIGNER_ERROR),
+    "pkcs7 add signer error"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_PKCS7_DATASIGN), "pkcs7 datasign"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),
+    "private key does not match certificate"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_SIGNATURE_FAILURE),
+    "signature failure"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND),
+    "signer certificate not found"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_SIGNING_CTRL_FAILURE),
+    "signing ctrl failure"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),
+    "signing not supported for this key type"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_SMIME_TEXT_ERROR), "smime text error"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_UNABLE_TO_FIND_CERTIFICATE),
+    "unable to find certificate"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_UNABLE_TO_FIND_MEM_BIO),
+    "unable to find mem bio"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST),
+    "unable to find message digest"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_UNKNOWN_DIGEST_TYPE),
+    "unknown digest type"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_UNKNOWN_OPERATION),
+    "unknown operation"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_UNSUPPORTED_CIPHER_TYPE),
+    "unsupported cipher type"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_UNSUPPORTED_CONTENT_TYPE),
+    "unsupported content type"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_WRONG_CONTENT_TYPE),
+    "wrong content type"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_WRONG_PKCS7_TYPE), "wrong pkcs7 type"},
     {0, NULL}
 };
 
@@ -121,10 +147,9 @@ static ERR_STRING_DATA PKCS7_str_reasons[] = {
 int ERR_load_PKCS7_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
-
     if (ERR_func_error_string(PKCS7_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, PKCS7_str_functs);
-        ERR_load_strings(0, PKCS7_str_reasons);
+        ERR_load_strings_const(PKCS7_str_functs);
+        ERR_load_strings_const(PKCS7_str_reasons);
     }
 #endif
     return 1;
diff --git a/deps/openssl/openssl/crypto/poly1305/asm/poly1305-armv8.pl b/deps/openssl/openssl/crypto/poly1305/asm/poly1305-armv8.pl
index 0fc8667ac7..ac06457b65 100755
--- a/deps/openssl/openssl/crypto/poly1305/asm/poly1305-armv8.pl
+++ b/deps/openssl/openssl/crypto/poly1305/asm/poly1305-armv8.pl
@@ -28,6 +28,7 @@
 # Denver	1.64/+50%	1.18(*)
 # X-Gene	2.13/+68%	2.27
 # Mongoose	1.77/+75%	1.12
+# Kryo		2.70/+55%	1.13
 #
 # (*)	estimate based on resources availability is less than 1.0,
 #	i.e. measured result is worse than expected, presumably binary
diff --git a/deps/openssl/openssl/crypto/poly1305/asm/poly1305-mips.pl b/deps/openssl/openssl/crypto/poly1305/asm/poly1305-mips.pl
index d2b3e90d93..28b6772ee5 100755
--- a/deps/openssl/openssl/crypto/poly1305/asm/poly1305-mips.pl
+++ b/deps/openssl/openssl/crypto/poly1305/asm/poly1305-mips.pl
@@ -67,6 +67,8 @@ $SAVED_REGS_MASK = ($flavour =~ /nubi/i) ? "0x0003f000" : "0x00030000";
 ($in0,$in1,$tmp0,$tmp1,$tmp2,$tmp3,$tmp4) = ($a4,$a5,$a6,$a7,$at,$t0,$t1);
 
 $code.=<<___;
+#include "mips_arch.h"
+
 #ifdef MIPSEB
 # define MSB 0
 # define LSB 7
@@ -92,10 +94,15 @@ poly1305_init:
 
 	beqz	$inp,.Lno_key
 
+#if defined(_MIPS_ARCH_MIPS64R6)
+	ld	$in0,0($inp)
+	ld	$in1,8($inp)
+#else
 	ldl	$in0,0+MSB($inp)
 	ldl	$in1,8+MSB($inp)
 	ldr	$in0,0+LSB($inp)
 	ldr	$in1,8+LSB($inp)
+#endif
 #ifdef	MIPSEB
 # if defined(_MIPS_ARCH_MIPS64R2)
 	dsbh	$in0,$in0		# byte swap
@@ -182,7 +189,7 @@ poly1305_blocks_internal:
 	.frame	$sp,6*8,$ra
 	.mask	$SAVED_REGS_MASK,-8
 	.set	noreorder
-	dsub	$sp,6*8
+	dsubu	$sp,6*8
 	sd	$s5,40($sp)
 	sd	$s4,32($sp)
 ___
@@ -204,11 +211,16 @@ $code.=<<___;
 	ld	$s1,40($ctx)
 
 .Loop:
+#if defined(_MIPS_ARCH_MIPS64R6)
+	ld	$in0,0($inp)		# load input
+	ld	$in1,8($inp)
+#else
 	ldl	$in0,0+MSB($inp)	# load input
 	ldl	$in1,8+MSB($inp)
 	ldr	$in0,0+LSB($inp)
-	daddiu	$len,-1
 	ldr	$in1,8+LSB($inp)
+#endif
+	daddiu	$len,-1
 	daddiu	$inp,16
 #ifdef	MIPSEB
 # if defined(_MIPS_ARCH_MIPS64R2)
@@ -258,42 +270,42 @@ $code.=<<___;
 	sltu	$tmp1,$h1,$in1
 	daddu	$h1,$tmp0
 
-	dmultu	$r0,$h0			# h0*r0
+	dmultu	($r0,$h0)		# h0*r0
 	 daddu	$h2,$padbit
 	 sltu	$tmp0,$h1,$tmp0
-	mflo	$d0
-	mfhi	$d1
+	mflo	($d0,$r0,$h0)
+	mfhi	($d1,$r0,$h0)
 
-	dmultu	$s1,$h1			# h1*5*r1
+	dmultu	($s1,$h1)		# h1*5*r1
 	 daddu	$tmp0,$tmp1
 	 daddu	$h2,$tmp0
-	mflo	$tmp0
-	mfhi	$tmp1
+	mflo	($tmp0,$s1,$h1)
+	mfhi	($tmp1,$s1,$h1)
 
-	dmultu	$r1,$h0			# h0*r1
+	dmultu	($r1,$h0)		# h0*r1
 	 daddu	$d0,$tmp0
 	 daddu	$d1,$tmp1
-	mflo	$tmp2
-	mfhi	$d2
+	mflo	($tmp2,$r1,$h0)
+	mfhi	($d2,$r1,$h0)
 	 sltu	$tmp0,$d0,$tmp0
 	 daddu	$d1,$tmp0
 
-	dmultu	$r0,$h1			# h1*r0
+	dmultu	($r0,$h1)		# h1*r0
 	 daddu	$d1,$tmp2
 	 sltu	$tmp2,$d1,$tmp2
-	mflo	$tmp0
-	mfhi	$tmp1
+	mflo	($tmp0,$r0,$h1)
+	mfhi	($tmp1,$r0,$h1)
 	 daddu	$d2,$tmp2
 
-	dmultu	$s1,$h2			# h2*5*r1
+	dmultu	($s1,$h2)		# h2*5*r1
 	 daddu	$d1,$tmp0
 	 daddu	$d2,$tmp1
-	mflo	$tmp2
+	mflo	($tmp2,$s1,$h2)
 
-	dmultu	$r0,$h2			# h2*r0
+	dmultu	($r0,$h2)		# h2*r0
 	 sltu	$tmp0,$d1,$tmp0
 	 daddu	$d2,$tmp0
-	mflo	$tmp3
+	mflo	($tmp3,$r0,$h2)
 
 	daddu	$d1,$tmp2
 	daddu	$d2,$tmp3
@@ -329,7 +341,7 @@ $code.=<<___ if ($flavour =~ /nubi/i);	# optimize non-nubi epilogue
 ___
 $code.=<<___;
 	jr	$ra
-	dadd	$sp,6*8
+	daddu	$sp,6*8
 .end	poly1305_blocks_internal
 ___
 }
diff --git a/deps/openssl/openssl/crypto/poly1305/asm/poly1305-ppc.pl b/deps/openssl/openssl/crypto/poly1305/asm/poly1305-ppc.pl
index ab65910282..0c6d015d58 100755
--- a/deps/openssl/openssl/crypto/poly1305/asm/poly1305-ppc.pl
+++ b/deps/openssl/openssl/crypto/poly1305/asm/poly1305-ppc.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -28,6 +28,7 @@
 # PPC970		7.00/+114%	3.51/+205%
 # POWER7		3.75/+260%	1.93/+100%
 # POWER8		-		2.03/+200%
+# POWER9		-		2.00/+150%
 #
 # Do we need floating-point implementation for PPC? Results presented
 # in poly1305_ieee754.c are tricky to compare to, because they are for
diff --git a/deps/openssl/openssl/crypto/poly1305/asm/poly1305-ppcfp.pl b/deps/openssl/openssl/crypto/poly1305/asm/poly1305-ppcfp.pl
index 49f70a8c03..09f8185848 100755
--- a/deps/openssl/openssl/crypto/poly1305/asm/poly1305-ppcfp.pl
+++ b/deps/openssl/openssl/crypto/poly1305/asm/poly1305-ppcfp.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
diff --git a/deps/openssl/openssl/crypto/poly1305/asm/poly1305-x86.pl b/deps/openssl/openssl/crypto/poly1305/asm/poly1305-x86.pl
index 93179e37d5..1e09ddcc10 100755
--- a/deps/openssl/openssl/crypto/poly1305/asm/poly1305-x86.pl
+++ b/deps/openssl/openssl/crypto/poly1305/asm/poly1305-x86.pl
@@ -29,6 +29,7 @@
 # Westmere	4.58/+100%	1.43
 # Sandy Bridge	3.90/+100%	1.36
 # Haswell	3.88/+70%	1.18		0.72
+# Skylake	3.10/+60%	1.14		0.62
 # Silvermont	11.0/+40%	4.80
 # Goldmont	4.10/+200%	2.10
 # VIA Nano	6.71/+90%	2.47
@@ -49,7 +50,7 @@ require "x86asm.pl";
 $output=pop;
 open STDOUT,">$output";
 
-&asm_init($ARGV[0],"poly1305-x86.pl",$ARGV[$#ARGV] eq "386");
+&asm_init($ARGV[0],$ARGV[$#ARGV] eq "386");
 
 $sse2=$avx=0;
 for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
@@ -729,7 +730,7 @@ my $extra = shift;
 
 	&movdqa		($T0,$T1);			# -> base 2^26 ...
 	&pand		($T1,$MASK);
-	&paddd		($D0,$T1);			# ... and accumuate
+	&paddd		($D0,$T1);			# ... and accumulate
 
 	&movdqa		($T1,$T0);
 	&psrlq		($T0,26);
diff --git a/deps/openssl/openssl/crypto/poly1305/asm/poly1305-x86_64.pl b/deps/openssl/openssl/crypto/poly1305/asm/poly1305-x86_64.pl
index 4c22ded580..342ad7f18a 100755
--- a/deps/openssl/openssl/crypto/poly1305/asm/poly1305-x86_64.pl
+++ b/deps/openssl/openssl/crypto/poly1305/asm/poly1305-x86_64.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -18,21 +18,39 @@
 #
 # March 2015
 #
+# Initial release.
+#
+# December 2016
+#
+# Add AVX512F+VL+BW code path.
+#
+# November 2017
+#
+# Convert AVX512F+VL+BW code path to pure AVX512F, so that it can be
+# executed even on Knights Landing. Trigger for modification was
+# observation that AVX512 code paths can negatively affect overall
+# Skylake-X system performance. Since we are likely to suppress
+# AVX512F capability flag [at least on Skylake-X], conversion serves
+# as kind of "investment protection". Note that next *lake processor,
+# Cannolake, has AVX512IFMA code path to execute...
+#
 # Numbers are cycles per processed byte with poly1305_blocks alone,
 # measured with rdtsc at fixed clock frequency.
 #
-#		IALU/gcc-4.8(*)	AVX(**)		AVX2
+#		IALU/gcc-4.8(*)	AVX(**)		AVX2	AVX-512
 # P4		4.46/+120%	-
 # Core 2	2.41/+90%	-
 # Westmere	1.88/+120%	-
 # Sandy Bridge	1.39/+140%	1.10
 # Haswell	1.14/+175%	1.11		0.65
-# Skylake	1.13/+120%	0.96		0.51
+# Skylake[-X]	1.13/+120%	0.96		0.51	[0.35]
 # Silvermont	2.83/+95%	-
+# Knights L	3.60/?		1.65		1.10	0.41(***)
 # Goldmont	1.70/+180%	-
 # VIA Nano	1.82/+150%	-
 # Sledgehammer	1.38/+160%	-
 # Bulldozer	2.30/+130%	0.97
+# Ryzen		1.15/+200%	1.08		1.18
 #
 # (*)	improvement coefficients relative to clang are more modest and
 #	are ~50% on most processors, in both cases we are comparing to
@@ -42,6 +60,8 @@
 #	Core processors, 50-30%, less newer processor is, but slower on
 #	contemporary ones, for example almost 2x slower on Atom, and as
 #	former are naturally disappearing, SSE2 is deemed unnecessary;
+# (***)	strangely enough performance seems to vary from core to core,
+#	listed result is best case;
 
 $flavour = shift;
 $output  = shift;
@@ -56,12 +76,13 @@ die "can't locate x86_64-xlate.pl";
 
 if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
 		=~ /GNU assembler version ([2-9]\.[0-9]+)/) {
-	$avx = ($1>=2.19) + ($1>=2.22);
+	$avx = ($1>=2.19) + ($1>=2.22) + ($1>=2.25) + ($1>=2.26);
 }
 
 if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
-	   `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) {
-	$avx = ($1>=2.09) + ($1>=2.10);
+	   `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)(?:\.([0-9]+))?/) {
+	$avx = ($1>=2.09) + ($1>=2.10) + 2 * ($1>=2.12);
+	$avx += 2 if ($1==2.11 && $2>=8);
 }
 
 if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
@@ -171,6 +192,13 @@ $code.=<<___	if ($avx>1);
 	bt	\$`5+32`,%r9		# AVX2?
 	cmovc	%rax,%r10
 ___
+$code.=<<___	if ($avx>3);
+	mov	\$`(1<<31|1<<21|1<<16)`,%rax
+	shr	\$32,%r9
+	and	%rax,%r9
+	cmp	%rax,%r9
+	je	.Linit_base2_44
+___
 $code.=<<___;
 	mov	\$0x0ffffffc0fffffff,%rax
 	mov	\$0x0ffffffc0ffffffc,%rcx
@@ -196,16 +224,23 @@ $code.=<<___;
 .type	poly1305_blocks,\@function,4
 .align	32
 poly1305_blocks:
+.cfi_startproc
 .Lblocks:
 	shr	\$4,$len
 	jz	.Lno_data		# too short
 
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
 .Lblocks_body:
 
 	mov	$len,%r15		# reassign $len
@@ -241,15 +276,23 @@ $code.=<<___;
 	mov	$h2,16($ctx)
 
 	mov	0(%rsp),%r15
+.cfi_restore	%r15
 	mov	8(%rsp),%r14
+.cfi_restore	%r14
 	mov	16(%rsp),%r13
+.cfi_restore	%r13
 	mov	24(%rsp),%r12
+.cfi_restore	%r12
 	mov	32(%rsp),%rbp
+.cfi_restore	%rbp
 	mov	40(%rsp),%rbx
+.cfi_restore	%rbx
 	lea	48(%rsp),%rsp
+.cfi_adjust_cfa_offset	-48
 .Lno_data:
 .Lblocks_epilogue:
 	ret
+.cfi_endproc
 .size	poly1305_blocks,.-poly1305_blocks
 
 .type	poly1305_emit,\@function,3
@@ -265,7 +308,7 @@ poly1305_emit:
 	mov	%r9,%rcx
 	adc	\$0,%r9
 	adc	\$0,%r10
-	shr	\$2,%r10	# did 130-bit value overfow?
+	shr	\$2,%r10	# did 130-bit value overflow?
 	cmovnz	%r8,%rax
 	cmovnz	%r9,%rcx
 
@@ -470,6 +513,7 @@ __poly1305_init_avx:
 .type	poly1305_blocks_avx,\@function,4
 .align	32
 poly1305_blocks_avx:
+.cfi_startproc
 	mov	20($ctx),%r8d		# is_base2_26
 	cmp	\$128,$len
 	jae	.Lblocks_avx
@@ -489,11 +533,17 @@ poly1305_blocks_avx:
 	jz	.Leven_avx
 
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
 .Lblocks_avx_body:
 
 	mov	$len,%r15		# reassign $len
@@ -596,24 +646,39 @@ poly1305_blocks_avx:
 .align	16
 .Ldone_avx:
 	mov	0(%rsp),%r15
+.cfi_restore	%r15
 	mov	8(%rsp),%r14
+.cfi_restore	%r14
 	mov	16(%rsp),%r13
+.cfi_restore	%r13
 	mov	24(%rsp),%r12
+.cfi_restore	%r12
 	mov	32(%rsp),%rbp
+.cfi_restore	%rbp
 	mov	40(%rsp),%rbx
+.cfi_restore	%rbx
 	lea	48(%rsp),%rsp
+.cfi_adjust_cfa_offset	-48
 .Lno_data_avx:
 .Lblocks_avx_epilogue:
 	ret
+.cfi_endproc
 
 .align	32
 .Lbase2_64_avx:
+.cfi_startproc
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
 .Lbase2_64_avx_body:
 
 	mov	$len,%r15		# reassign $len
@@ -673,18 +738,27 @@ poly1305_blocks_avx:
 	mov	%r15,$len
 
 	mov	0(%rsp),%r15
+.cfi_restore	%r15
 	mov	8(%rsp),%r14
+.cfi_restore	%r14
 	mov	16(%rsp),%r13
+.cfi_restore	%r13
 	mov	24(%rsp),%r12
+.cfi_restore	%r12
 	mov	32(%rsp),%rbp
+.cfi_restore	%rbp
 	mov	40(%rsp),%rbx
+.cfi_restore	%rbx
 	lea	48(%rsp),%rax
 	lea	48(%rsp),%rsp
+.cfi_adjust_cfa_offset	-48
 .Lbase2_64_avx_epilogue:
 	jmp	.Ldo_avx
+.cfi_endproc
 
 .align	32
 .Leven_avx:
+.cfi_startproc
 	vmovd		4*0($ctx),$H0		# load hash value
 	vmovd		4*1($ctx),$H1
 	vmovd		4*2($ctx),$H2
@@ -695,6 +769,7 @@ poly1305_blocks_avx:
 ___
 $code.=<<___	if (!$win64);
 	lea		-0x58(%rsp),%r11
+.cfi_def_cfa		%r11,0x60
 	sub		\$0x178,%rsp
 ___
 $code.=<<___	if ($win64);
@@ -1287,10 +1362,12 @@ $code.=<<___	if ($win64);
 ___
 $code.=<<___	if (!$win64);
 	lea		0x58(%r11),%rsp
+.cfi_def_cfa		%rsp,8
 ___
 $code.=<<___;
 	vzeroupper
 	ret
+.cfi_endproc
 .size	poly1305_blocks_avx,.-poly1305_blocks_avx
 
 .type	poly1305_emit_avx,\@function,3
@@ -1336,7 +1413,7 @@ poly1305_emit_avx:
 	mov	%r9,%rcx
 	adc	\$0,%r9
 	adc	\$0,%r10
-	shr	\$2,%r10	# did 130-bit value overfow?
+	shr	\$2,%r10	# did 130-bit value overflow?
 	cmovnz	%r8,%rax
 	cmovnz	%r9,%rcx
 
@@ -1358,6 +1435,7 @@ $code.=<<___;
 .type	poly1305_blocks_avx2,\@function,4
 .align	32
 poly1305_blocks_avx2:
+.cfi_startproc
 	mov	20($ctx),%r8d		# is_base2_26
 	cmp	\$128,$len
 	jae	.Lblocks_avx2
@@ -1377,11 +1455,17 @@ poly1305_blocks_avx2:
 	jz	.Leven_avx2
 
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
 .Lblocks_avx2_body:
 
 	mov	$len,%r15		# reassign $len
@@ -1490,24 +1574,39 @@ poly1305_blocks_avx2:
 .align	16
 .Ldone_avx2:
 	mov	0(%rsp),%r15
+.cfi_restore	%r15
 	mov	8(%rsp),%r14
+.cfi_restore	%r14
 	mov	16(%rsp),%r13
+.cfi_restore	%r13
 	mov	24(%rsp),%r12
+.cfi_restore	%r12
 	mov	32(%rsp),%rbp
+.cfi_restore	%rbp
 	mov	40(%rsp),%rbx
+.cfi_restore	%rbx
 	lea	48(%rsp),%rsp
+.cfi_adjust_cfa_offset	-48
 .Lno_data_avx2:
 .Lblocks_avx2_epilogue:
 	ret
+.cfi_endproc
 
 .align	32
 .Lbase2_64_avx2:
+.cfi_startproc
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
 .Lbase2_64_avx2_body:
 
 	mov	$len,%r15		# reassign $len
@@ -1569,21 +1668,33 @@ poly1305_blocks_avx2:
 	call	__poly1305_init_avx
 
 .Lproceed_avx2:
-	mov	%r15,$len
+	mov	%r15,$len			# restore $len
+	mov	OPENSSL_ia32cap_P+8(%rip),%r10d
+	mov	\$`(1<<31|1<<30|1<<16)`,%r11d
 
 	mov	0(%rsp),%r15
+.cfi_restore	%r15
 	mov	8(%rsp),%r14
+.cfi_restore	%r14
 	mov	16(%rsp),%r13
+.cfi_restore	%r13
 	mov	24(%rsp),%r12
+.cfi_restore	%r12
 	mov	32(%rsp),%rbp
+.cfi_restore	%rbp
 	mov	40(%rsp),%rbx
+.cfi_restore	%rbx
 	lea	48(%rsp),%rax
 	lea	48(%rsp),%rsp
+.cfi_adjust_cfa_offset	-48
 .Lbase2_64_avx2_epilogue:
 	jmp	.Ldo_avx2
+.cfi_endproc
 
 .align	32
 .Leven_avx2:
+.cfi_startproc
+	mov		OPENSSL_ia32cap_P+8(%rip),%r10d
 	vmovd		4*0($ctx),%x#$H0	# load hash value base 2^26
 	vmovd		4*1($ctx),%x#$H1
 	vmovd		4*2($ctx),%x#$H2
@@ -1592,8 +1703,17 @@ poly1305_blocks_avx2:
 
 .Ldo_avx2:
 ___
+$code.=<<___		if ($avx>2);
+	cmp		\$512,$len
+	jb		.Lskip_avx512
+	and		%r11d,%r10d
+	test		\$`1<<16`,%r10d		# check for AVX512F
+	jnz		.Lblocks_avx512
+.Lskip_avx512:
+___
 $code.=<<___	if (!$win64);
 	lea		-8(%rsp),%r11
+.cfi_def_cfa		%r11,16
 	sub		\$0x128,%rsp
 ___
 $code.=<<___	if ($win64);
@@ -1612,8 +1732,9 @@ $code.=<<___	if ($win64);
 .Ldo_avx2_body:
 ___
 $code.=<<___;
-	lea		48+64($ctx),$ctx	# size optimization
 	lea		.Lconst(%rip),%rcx
+	lea		48+64($ctx),$ctx	# size optimization
+	vmovdqa		96(%rcx),$T0		# .Lpermd_avx2
 
 	# expand and copy pre-calculated table to stack
 	vmovdqu		`16*0-64`($ctx),%x#$T2
@@ -1623,36 +1744,28 @@ $code.=<<___;
 	vmovdqu		`16*3-64`($ctx),%x#$D0
 	vmovdqu		`16*4-64`($ctx),%x#$D1
 	vmovdqu		`16*5-64`($ctx),%x#$D2
+	lea		0x90(%rsp),%rax		# size optimization
 	vmovdqu		`16*6-64`($ctx),%x#$D3
-	vpermq		\$0x15,$T2,$T2		# 00003412 -> 12343434
+	vpermd		$T2,$T0,$T2		# 00003412 -> 14243444
 	vmovdqu		`16*7-64`($ctx),%x#$D4
-	vpermq		\$0x15,$T3,$T3
-	vpshufd		\$0xc8,$T2,$T2		# 12343434 -> 14243444
+	vpermd		$T3,$T0,$T3
 	vmovdqu		`16*8-64`($ctx),%x#$MASK
-	vpermq		\$0x15,$T4,$T4
-	vpshufd		\$0xc8,$T3,$T3
+	vpermd		$T4,$T0,$T4
 	vmovdqa		$T2,0x00(%rsp)
-	vpermq		\$0x15,$D0,$D0
-	vpshufd		\$0xc8,$T4,$T4
-	vmovdqa		$T3,0x20(%rsp)
-	vpermq		\$0x15,$D1,$D1
-	vpshufd		\$0xc8,$D0,$D0
-	vmovdqa		$T4,0x40(%rsp)
-	vpermq		\$0x15,$D2,$D2
-	vpshufd		\$0xc8,$D1,$D1
-	vmovdqa		$D0,0x60(%rsp)
-	vpermq		\$0x15,$D3,$D3
-	vpshufd		\$0xc8,$D2,$D2
-	vmovdqa		$D1,0x80(%rsp)
-	vpermq		\$0x15,$D4,$D4
-	vpshufd		\$0xc8,$D3,$D3
-	vmovdqa		$D2,0xa0(%rsp)
-	vpermq		\$0x15,$MASK,$MASK
-	vpshufd		\$0xc8,$D4,$D4
-	vmovdqa		$D3,0xc0(%rsp)
-	vpshufd		\$0xc8,$MASK,$MASK
-	vmovdqa		$D4,0xe0(%rsp)
-	vmovdqa		$MASK,0x100(%rsp)
+	vpermd		$D0,$T0,$D0
+	vmovdqa		$T3,0x20-0x90(%rax)
+	vpermd		$D1,$T0,$D1
+	vmovdqa		$T4,0x40-0x90(%rax)
+	vpermd		$D2,$T0,$D2
+	vmovdqa		$D0,0x60-0x90(%rax)
+	vpermd		$D3,$T0,$D3
+	vmovdqa		$D1,0x80-0x90(%rax)
+	vpermd		$D4,$T0,$D4
+	vmovdqa		$D2,0xa0-0x90(%rax)
+	vpermd		$MASK,$T0,$MASK
+	vmovdqa		$D3,0xc0-0x90(%rax)
+	vmovdqa		$D4,0xe0-0x90(%rax)
+	vmovdqa		$MASK,0x100-0x90(%rax)
 	vmovdqa		64(%rcx),$MASK		# .Lmask26
 
 	################################################################
@@ -1679,7 +1792,6 @@ $code.=<<___;
 	vpand		$MASK,$T3,$T3		# 3
 	vpor		32(%rcx),$T4,$T4	# padbit, yes, always
 
-	lea		0x90(%rsp),%rax		# size optimization
 	vpaddq		$H2,$T2,$H2		# accumulate input
 	sub		\$64,$len
 	jz		.Ltail_avx2
@@ -1688,11 +1800,11 @@ $code.=<<___;
 .align	32
 .Loop_avx2:
 	################################################################
-	# ((inp[0]*r^4+r[4])*r^4+r[8])*r^4
-	# ((inp[1]*r^4+r[5])*r^4+r[9])*r^3
-	# ((inp[2]*r^4+r[6])*r^4+r[10])*r^2
-	# ((inp[3]*r^4+r[7])*r^4+r[11])*r^1
-	#   \________/\________/
+	# ((inp[0]*r^4+inp[4])*r^4+inp[ 8])*r^4
+	# ((inp[1]*r^4+inp[5])*r^4+inp[ 9])*r^3
+	# ((inp[2]*r^4+inp[6])*r^4+inp[10])*r^2
+	# ((inp[3]*r^4+inp[7])*r^4+inp[11])*r^1
+	#   \________/\__________/
 	################################################################
 	#vpaddq		$H2,$T2,$H2		# accumulate input
 	vpaddq		$H0,$T0,$H0
@@ -1990,13 +2102,1657 @@ $code.=<<___	if ($win64);
 ___
 $code.=<<___	if (!$win64);
 	lea		8(%r11),%rsp
+.cfi_def_cfa		%rsp,8
 ___
 $code.=<<___;
 	vzeroupper
 	ret
+.cfi_endproc
 .size	poly1305_blocks_avx2,.-poly1305_blocks_avx2
 ___
+#######################################################################
+if ($avx>2) {
+# On entry we have input length divisible by 64. But since inner loop
+# processes 128 bytes per iteration, cases when length is not divisible
+# by 128 are handled by passing tail 64 bytes to .Ltail_avx2. For this
+# reason stack layout is kept identical to poly1305_blocks_avx2. If not
+# for this tail, we wouldn't have to even allocate stack frame...
+
+my ($R0,$R1,$R2,$R3,$R4, $S1,$S2,$S3,$S4) = map("%zmm$_",(16..24));
+my ($M0,$M1,$M2,$M3,$M4) = map("%zmm$_",(25..29));
+my $PADBIT="%zmm30";
+
+map(s/%y/%z/,($T4,$T0,$T1,$T2,$T3));		# switch to %zmm domain
+map(s/%y/%z/,($D0,$D1,$D2,$D3,$D4));
+map(s/%y/%z/,($H0,$H1,$H2,$H3,$H4));
+map(s/%y/%z/,($MASK));
+
+$code.=<<___;
+.type	poly1305_blocks_avx512,\@function,4
+.align	32
+poly1305_blocks_avx512:
+.cfi_startproc
+.Lblocks_avx512:
+	mov		\$15,%eax
+	kmovw		%eax,%k2
+___
+$code.=<<___	if (!$win64);
+	lea		-8(%rsp),%r11
+.cfi_def_cfa		%r11,16
+	sub		\$0x128,%rsp
+___
+$code.=<<___	if ($win64);
+	lea		-0xf8(%rsp),%r11
+	sub		\$0x1c8,%rsp
+	vmovdqa		%xmm6,0x50(%r11)
+	vmovdqa		%xmm7,0x60(%r11)
+	vmovdqa		%xmm8,0x70(%r11)
+	vmovdqa		%xmm9,0x80(%r11)
+	vmovdqa		%xmm10,0x90(%r11)
+	vmovdqa		%xmm11,0xa0(%r11)
+	vmovdqa		%xmm12,0xb0(%r11)
+	vmovdqa		%xmm13,0xc0(%r11)
+	vmovdqa		%xmm14,0xd0(%r11)
+	vmovdqa		%xmm15,0xe0(%r11)
+.Ldo_avx512_body:
+___
+$code.=<<___;
+	lea		.Lconst(%rip),%rcx
+	lea		48+64($ctx),$ctx	# size optimization
+	vmovdqa		96(%rcx),%y#$T2		# .Lpermd_avx2
+
+	# expand pre-calculated table
+	vmovdqu		`16*0-64`($ctx),%x#$D0	# will become expanded ${R0}
+	and		\$-512,%rsp
+	vmovdqu		`16*1-64`($ctx),%x#$D1	# will become ... ${R1}
+	mov		\$0x20,%rax
+	vmovdqu		`16*2-64`($ctx),%x#$T0	# ... ${S1}
+	vmovdqu		`16*3-64`($ctx),%x#$D2	# ... ${R2}
+	vmovdqu		`16*4-64`($ctx),%x#$T1	# ... ${S2}
+	vmovdqu		`16*5-64`($ctx),%x#$D3	# ... ${R3}
+	vmovdqu		`16*6-64`($ctx),%x#$T3	# ... ${S3}
+	vmovdqu		`16*7-64`($ctx),%x#$D4	# ... ${R4}
+	vmovdqu		`16*8-64`($ctx),%x#$T4	# ... ${S4}
+	vpermd		$D0,$T2,$R0		# 00003412 -> 14243444
+	vpbroadcastq	64(%rcx),$MASK		# .Lmask26
+	vpermd		$D1,$T2,$R1
+	vpermd		$T0,$T2,$S1
+	vpermd		$D2,$T2,$R2
+	vmovdqa64	$R0,0x00(%rsp){%k2}	# save in case $len%128 != 0
+	 vpsrlq		\$32,$R0,$T0		# 14243444 -> 01020304
+	vpermd		$T1,$T2,$S2
+	vmovdqu64	$R1,0x00(%rsp,%rax){%k2}
+	 vpsrlq		\$32,$R1,$T1
+	vpermd		$D3,$T2,$R3
+	vmovdqa64	$S1,0x40(%rsp){%k2}
+	vpermd		$T3,$T2,$S3
+	vpermd		$D4,$T2,$R4
+	vmovdqu64	$R2,0x40(%rsp,%rax){%k2}
+	vpermd		$T4,$T2,$S4
+	vmovdqa64	$S2,0x80(%rsp){%k2}
+	vmovdqu64	$R3,0x80(%rsp,%rax){%k2}
+	vmovdqa64	$S3,0xc0(%rsp){%k2}
+	vmovdqu64	$R4,0xc0(%rsp,%rax){%k2}
+	vmovdqa64	$S4,0x100(%rsp){%k2}
+
+	################################################################
+	# calculate 5th through 8th powers of the key
+	#
+	# d0 = r0'*r0 + r1'*5*r4 + r2'*5*r3 + r3'*5*r2 + r4'*5*r1
+	# d1 = r0'*r1 + r1'*r0   + r2'*5*r4 + r3'*5*r3 + r4'*5*r2
+	# d2 = r0'*r2 + r1'*r1   + r2'*r0   + r3'*5*r4 + r4'*5*r3
+	# d3 = r0'*r3 + r1'*r2   + r2'*r1   + r3'*r0   + r4'*5*r4
+	# d4 = r0'*r4 + r1'*r3   + r2'*r2   + r3'*r1   + r4'*r0
+
+	vpmuludq	$T0,$R0,$D0		# d0 = r0'*r0
+	vpmuludq	$T0,$R1,$D1		# d1 = r0'*r1
+	vpmuludq	$T0,$R2,$D2		# d2 = r0'*r2
+	vpmuludq	$T0,$R3,$D3		# d3 = r0'*r3
+	vpmuludq	$T0,$R4,$D4		# d4 = r0'*r4
+	 vpsrlq		\$32,$R2,$T2
+
+	vpmuludq	$T1,$S4,$M0
+	vpmuludq	$T1,$R0,$M1
+	vpmuludq	$T1,$R1,$M2
+	vpmuludq	$T1,$R2,$M3
+	vpmuludq	$T1,$R3,$M4
+	 vpsrlq		\$32,$R3,$T3
+	vpaddq		$M0,$D0,$D0		# d0 += r1'*5*r4
+	vpaddq		$M1,$D1,$D1		# d1 += r1'*r0
+	vpaddq		$M2,$D2,$D2		# d2 += r1'*r1
+	vpaddq		$M3,$D3,$D3		# d3 += r1'*r2
+	vpaddq		$M4,$D4,$D4		# d4 += r1'*r3
+
+	vpmuludq	$T2,$S3,$M0
+	vpmuludq	$T2,$S4,$M1
+	vpmuludq	$T2,$R1,$M3
+	vpmuludq	$T2,$R2,$M4
+	vpmuludq	$T2,$R0,$M2
+	 vpsrlq		\$32,$R4,$T4
+	vpaddq		$M0,$D0,$D0		# d0 += r2'*5*r3
+	vpaddq		$M1,$D1,$D1		# d1 += r2'*5*r4
+	vpaddq		$M3,$D3,$D3		# d3 += r2'*r1
+	vpaddq		$M4,$D4,$D4		# d4 += r2'*r2
+	vpaddq		$M2,$D2,$D2		# d2 += r2'*r0
+
+	vpmuludq	$T3,$S2,$M0
+	vpmuludq	$T3,$R0,$M3
+	vpmuludq	$T3,$R1,$M4
+	vpmuludq	$T3,$S3,$M1
+	vpmuludq	$T3,$S4,$M2
+	vpaddq		$M0,$D0,$D0		# d0 += r3'*5*r2
+	vpaddq		$M3,$D3,$D3		# d3 += r3'*r0
+	vpaddq		$M4,$D4,$D4		# d4 += r3'*r1
+	vpaddq		$M1,$D1,$D1		# d1 += r3'*5*r3
+	vpaddq		$M2,$D2,$D2		# d2 += r3'*5*r4
+
+	vpmuludq	$T4,$S4,$M3
+	vpmuludq	$T4,$R0,$M4
+	vpmuludq	$T4,$S1,$M0
+	vpmuludq	$T4,$S2,$M1
+	vpmuludq	$T4,$S3,$M2
+	vpaddq		$M3,$D3,$D3		# d3 += r2'*5*r4
+	vpaddq		$M4,$D4,$D4		# d4 += r2'*r0
+	vpaddq		$M0,$D0,$D0		# d0 += r2'*5*r1
+	vpaddq		$M1,$D1,$D1		# d1 += r2'*5*r2
+	vpaddq		$M2,$D2,$D2		# d2 += r2'*5*r3
+
+	################################################################
+	# load input
+	vmovdqu64	16*0($inp),%z#$T3
+	vmovdqu64	16*4($inp),%z#$T4
+	lea		16*8($inp),$inp
+
+	################################################################
+	# lazy reduction
+
+	vpsrlq		\$26,$D3,$M3
+	vpandq		$MASK,$D3,$D3
+	vpaddq		$M3,$D4,$D4		# d3 -> d4
+
+	vpsrlq		\$26,$D0,$M0
+	vpandq		$MASK,$D0,$D0
+	vpaddq		$M0,$D1,$D1		# d0 -> d1
+
+	vpsrlq		\$26,$D4,$M4
+	vpandq		$MASK,$D4,$D4
+
+	vpsrlq		\$26,$D1,$M1
+	vpandq		$MASK,$D1,$D1
+	vpaddq		$M1,$D2,$D2		# d1 -> d2
+
+	vpaddq		$M4,$D0,$D0
+	vpsllq		\$2,$M4,$M4
+	vpaddq		$M4,$D0,$D0		# d4 -> d0
+
+	vpsrlq		\$26,$D2,$M2
+	vpandq		$MASK,$D2,$D2
+	vpaddq		$M2,$D3,$D3		# d2 -> d3
+
+	vpsrlq		\$26,$D0,$M0
+	vpandq		$MASK,$D0,$D0
+	vpaddq		$M0,$D1,$D1		# d0 -> d1
+
+	vpsrlq		\$26,$D3,$M3
+	vpandq		$MASK,$D3,$D3
+	vpaddq		$M3,$D4,$D4		# d3 -> d4
+
+	################################################################
+	# at this point we have 14243444 in $R0-$S4 and 05060708 in
+	# $D0-$D4, ...
+
+	vpunpcklqdq	$T4,$T3,$T0	# transpose input
+	vpunpckhqdq	$T4,$T3,$T4
+
+	# ... since input 64-bit lanes are ordered as 73625140, we could
+	# "vperm" it to 76543210 (here and in each loop iteration), *or*
+	# we could just flow along, hence the goal for $R0-$S4 is
+	# 1858286838784888 ...
+
+	vmovdqa32	128(%rcx),$M0		# .Lpermd_avx512:
+	mov		\$0x7777,%eax
+	kmovw		%eax,%k1
+
+	vpermd		$R0,$M0,$R0		# 14243444 -> 1---2---3---4---
+	vpermd		$R1,$M0,$R1
+	vpermd		$R2,$M0,$R2
+	vpermd		$R3,$M0,$R3
+	vpermd		$R4,$M0,$R4
+
+	vpermd		$D0,$M0,${R0}{%k1}	# 05060708 -> 1858286838784888
+	vpermd		$D1,$M0,${R1}{%k1}
+	vpermd		$D2,$M0,${R2}{%k1}
+	vpermd		$D3,$M0,${R3}{%k1}
+	vpermd		$D4,$M0,${R4}{%k1}
+
+	vpslld		\$2,$R1,$S1		# *5
+	vpslld		\$2,$R2,$S2
+	vpslld		\$2,$R3,$S3
+	vpslld		\$2,$R4,$S4
+	vpaddd		$R1,$S1,$S1
+	vpaddd		$R2,$S2,$S2
+	vpaddd		$R3,$S3,$S3
+	vpaddd		$R4,$S4,$S4
+
+	vpbroadcastq	32(%rcx),$PADBIT	# .L129
+
+	vpsrlq		\$52,$T0,$T2		# splat input
+	vpsllq		\$12,$T4,$T3
+	vporq		$T3,$T2,$T2
+	vpsrlq		\$26,$T0,$T1
+	vpsrlq		\$14,$T4,$T3
+	vpsrlq		\$40,$T4,$T4		# 4
+	vpandq		$MASK,$T2,$T2		# 2
+	vpandq		$MASK,$T0,$T0		# 0
+	#vpandq		$MASK,$T1,$T1		# 1
+	#vpandq		$MASK,$T3,$T3		# 3
+	#vporq		$PADBIT,$T4,$T4		# padbit, yes, always
+
+	vpaddq		$H2,$T2,$H2		# accumulate input
+	sub		\$192,$len
+	jbe		.Ltail_avx512
+	jmp		.Loop_avx512
+
+.align	32
+.Loop_avx512:
+	################################################################
+	# ((inp[0]*r^8+inp[ 8])*r^8+inp[16])*r^8
+	# ((inp[1]*r^8+inp[ 9])*r^8+inp[17])*r^7
+	# ((inp[2]*r^8+inp[10])*r^8+inp[18])*r^6
+	# ((inp[3]*r^8+inp[11])*r^8+inp[19])*r^5
+	# ((inp[4]*r^8+inp[12])*r^8+inp[20])*r^4
+	# ((inp[5]*r^8+inp[13])*r^8+inp[21])*r^3
+	# ((inp[6]*r^8+inp[14])*r^8+inp[22])*r^2
+	# ((inp[7]*r^8+inp[15])*r^8+inp[23])*r^1
+	#   \________/\___________/
+	################################################################
+	#vpaddq		$H2,$T2,$H2		# accumulate input
+
+	# d4 = h4*r0 + h3*r1   + h2*r2   + h1*r3   + h0*r4
+	# d3 = h3*r0 + h2*r1   + h1*r2   + h0*r3   + h4*5*r4
+	# d2 = h2*r0 + h1*r1   + h0*r2   + h4*5*r3 + h3*5*r4
+	# d1 = h1*r0 + h0*r1   + h4*5*r2 + h3*5*r3 + h2*5*r4
+	# d0 = h0*r0 + h4*5*r1 + h3*5*r2 + h2*5*r3 + h1*5*r4
+	#
+	# however, as h2 is "chronologically" first one available pull
+	# corresponding operations up, so it's
+	#
+	# d3 = h2*r1   + h0*r3 + h1*r2   + h3*r0 + h4*5*r4
+	# d4 = h2*r2   + h0*r4 + h1*r3   + h3*r1 + h4*r0
+	# d0 = h2*5*r3 + h0*r0 + h1*5*r4         + h3*5*r2 + h4*5*r1
+	# d1 = h2*5*r4 + h0*r1           + h1*r0 + h3*5*r3 + h4*5*r2
+	# d2 = h2*r0           + h0*r2   + h1*r1 + h3*5*r4 + h4*5*r3
+
+	vpmuludq	$H2,$R1,$D3		# d3 = h2*r1
+	 vpaddq		$H0,$T0,$H0
+	vpmuludq	$H2,$R2,$D4		# d4 = h2*r2
+	 vpandq		$MASK,$T1,$T1		# 1
+	vpmuludq	$H2,$S3,$D0		# d0 = h2*s3
+	 vpandq		$MASK,$T3,$T3		# 3
+	vpmuludq	$H2,$S4,$D1		# d1 = h2*s4
+	 vporq		$PADBIT,$T4,$T4		# padbit, yes, always
+	vpmuludq	$H2,$R0,$D2		# d2 = h2*r0
+	 vpaddq		$H1,$T1,$H1		# accumulate input
+	 vpaddq		$H3,$T3,$H3
+	 vpaddq		$H4,$T4,$H4
+
+	  vmovdqu64	16*0($inp),$T3		# load input
+	  vmovdqu64	16*4($inp),$T4
+	  lea		16*8($inp),$inp
+	vpmuludq	$H0,$R3,$M3
+	vpmuludq	$H0,$R4,$M4
+	vpmuludq	$H0,$R0,$M0
+	vpmuludq	$H0,$R1,$M1
+	vpaddq		$M3,$D3,$D3		# d3 += h0*r3
+	vpaddq		$M4,$D4,$D4		# d4 += h0*r4
+	vpaddq		$M0,$D0,$D0		# d0 += h0*r0
+	vpaddq		$M1,$D1,$D1		# d1 += h0*r1
+
+	vpmuludq	$H1,$R2,$M3
+	vpmuludq	$H1,$R3,$M4
+	vpmuludq	$H1,$S4,$M0
+	vpmuludq	$H0,$R2,$M2
+	vpaddq		$M3,$D3,$D3		# d3 += h1*r2
+	vpaddq		$M4,$D4,$D4		# d4 += h1*r3
+	vpaddq		$M0,$D0,$D0		# d0 += h1*s4
+	vpaddq		$M2,$D2,$D2		# d2 += h0*r2
+
+	  vpunpcklqdq	$T4,$T3,$T0		# transpose input
+	  vpunpckhqdq	$T4,$T3,$T4
+
+	vpmuludq	$H3,$R0,$M3
+	vpmuludq	$H3,$R1,$M4
+	vpmuludq	$H1,$R0,$M1
+	vpmuludq	$H1,$R1,$M2
+	vpaddq		$M3,$D3,$D3		# d3 += h3*r0
+	vpaddq		$M4,$D4,$D4		# d4 += h3*r1
+	vpaddq		$M1,$D1,$D1		# d1 += h1*r0
+	vpaddq		$M2,$D2,$D2		# d2 += h1*r1
+
+	vpmuludq	$H4,$S4,$M3
+	vpmuludq	$H4,$R0,$M4
+	vpmuludq	$H3,$S2,$M0
+	vpmuludq	$H3,$S3,$M1
+	vpaddq		$M3,$D3,$D3		# d3 += h4*s4
+	vpmuludq	$H3,$S4,$M2
+	vpaddq		$M4,$D4,$D4		# d4 += h4*r0
+	vpaddq		$M0,$D0,$D0		# d0 += h3*s2
+	vpaddq		$M1,$D1,$D1		# d1 += h3*s3
+	vpaddq		$M2,$D2,$D2		# d2 += h3*s4
+
+	vpmuludq	$H4,$S1,$M0
+	vpmuludq	$H4,$S2,$M1
+	vpmuludq	$H4,$S3,$M2
+	vpaddq		$M0,$D0,$H0		# h0 = d0 + h4*s1
+	vpaddq		$M1,$D1,$H1		# h1 = d2 + h4*s2
+	vpaddq		$M2,$D2,$H2		# h2 = d3 + h4*s3
+
+	################################################################
+	# lazy reduction (interleaved with input splat)
+
+	 vpsrlq		\$52,$T0,$T2		# splat input
+	 vpsllq		\$12,$T4,$T3
+
+	vpsrlq		\$26,$D3,$H3
+	vpandq		$MASK,$D3,$D3
+	vpaddq		$H3,$D4,$H4		# h3 -> h4
+
+	 vporq		$T3,$T2,$T2
+
+	vpsrlq		\$26,$H0,$D0
+	vpandq		$MASK,$H0,$H0
+	vpaddq		$D0,$H1,$H1		# h0 -> h1
+
+	 vpandq		$MASK,$T2,$T2		# 2
+
+	vpsrlq		\$26,$H4,$D4
+	vpandq		$MASK,$H4,$H4
+
+	vpsrlq		\$26,$H1,$D1
+	vpandq		$MASK,$H1,$H1
+	vpaddq		$D1,$H2,$H2		# h1 -> h2
+
+	vpaddq		$D4,$H0,$H0
+	vpsllq		\$2,$D4,$D4
+	vpaddq		$D4,$H0,$H0		# h4 -> h0
+
+	 vpaddq		$T2,$H2,$H2		# modulo-scheduled
+	 vpsrlq		\$26,$T0,$T1
+
+	vpsrlq		\$26,$H2,$D2
+	vpandq		$MASK,$H2,$H2
+	vpaddq		$D2,$D3,$H3		# h2 -> h3
+
+	 vpsrlq		\$14,$T4,$T3
+
+	vpsrlq		\$26,$H0,$D0
+	vpandq		$MASK,$H0,$H0
+	vpaddq		$D0,$H1,$H1		# h0 -> h1
+
+	 vpsrlq		\$40,$T4,$T4		# 4
+
+	vpsrlq		\$26,$H3,$D3
+	vpandq		$MASK,$H3,$H3
+	vpaddq		$D3,$H4,$H4		# h3 -> h4
+
+	 vpandq		$MASK,$T0,$T0		# 0
+	 #vpandq	$MASK,$T1,$T1		# 1
+	 #vpandq	$MASK,$T3,$T3		# 3
+	 #vporq		$PADBIT,$T4,$T4		# padbit, yes, always
+
+	sub		\$128,$len
+	ja		.Loop_avx512
+
+.Ltail_avx512:
+	################################################################
+	# while above multiplications were by r^8 in all lanes, in last
+	# iteration we multiply least significant lane by r^8 and most
+	# significant one by r, that's why table gets shifted...
+
+	vpsrlq		\$32,$R0,$R0		# 0105020603070408
+	vpsrlq		\$32,$R1,$R1
+	vpsrlq		\$32,$R2,$R2
+	vpsrlq		\$32,$S3,$S3
+	vpsrlq		\$32,$S4,$S4
+	vpsrlq		\$32,$R3,$R3
+	vpsrlq		\$32,$R4,$R4
+	vpsrlq		\$32,$S1,$S1
+	vpsrlq		\$32,$S2,$S2
+
+	################################################################
+	# load either next or last 64 byte of input
+	lea		($inp,$len),$inp
+
+	#vpaddq		$H2,$T2,$H2		# accumulate input
+	vpaddq		$H0,$T0,$H0
+
+	vpmuludq	$H2,$R1,$D3		# d3 = h2*r1
+	vpmuludq	$H2,$R2,$D4		# d4 = h2*r2
+	vpmuludq	$H2,$S3,$D0		# d0 = h2*s3
+	 vpandq		$MASK,$T1,$T1		# 1
+	vpmuludq	$H2,$S4,$D1		# d1 = h2*s4
+	 vpandq		$MASK,$T3,$T3		# 3
+	vpmuludq	$H2,$R0,$D2		# d2 = h2*r0
+	 vporq		$PADBIT,$T4,$T4		# padbit, yes, always
+	 vpaddq		$H1,$T1,$H1		# accumulate input
+	 vpaddq		$H3,$T3,$H3
+	 vpaddq		$H4,$T4,$H4
+
+	  vmovdqu	16*0($inp),%x#$T0
+	vpmuludq	$H0,$R3,$M3
+	vpmuludq	$H0,$R4,$M4
+	vpmuludq	$H0,$R0,$M0
+	vpmuludq	$H0,$R1,$M1
+	vpaddq		$M3,$D3,$D3		# d3 += h0*r3
+	vpaddq		$M4,$D4,$D4		# d4 += h0*r4
+	vpaddq		$M0,$D0,$D0		# d0 += h0*r0
+	vpaddq		$M1,$D1,$D1		# d1 += h0*r1
+
+	  vmovdqu	16*1($inp),%x#$T1
+	vpmuludq	$H1,$R2,$M3
+	vpmuludq	$H1,$R3,$M4
+	vpmuludq	$H1,$S4,$M0
+	vpmuludq	$H0,$R2,$M2
+	vpaddq		$M3,$D3,$D3		# d3 += h1*r2
+	vpaddq		$M4,$D4,$D4		# d4 += h1*r3
+	vpaddq		$M0,$D0,$D0		# d0 += h1*s4
+	vpaddq		$M2,$D2,$D2		# d2 += h0*r2
+
+	  vinserti128	\$1,16*2($inp),%y#$T0,%y#$T0
+	vpmuludq	$H3,$R0,$M3
+	vpmuludq	$H3,$R1,$M4
+	vpmuludq	$H1,$R0,$M1
+	vpmuludq	$H1,$R1,$M2
+	vpaddq		$M3,$D3,$D3		# d3 += h3*r0
+	vpaddq		$M4,$D4,$D4		# d4 += h3*r1
+	vpaddq		$M1,$D1,$D1		# d1 += h1*r0
+	vpaddq		$M2,$D2,$D2		# d2 += h1*r1
+
+	  vinserti128	\$1,16*3($inp),%y#$T1,%y#$T1
+	vpmuludq	$H4,$S4,$M3
+	vpmuludq	$H4,$R0,$M4
+	vpmuludq	$H3,$S2,$M0
+	vpmuludq	$H3,$S3,$M1
+	vpmuludq	$H3,$S4,$M2
+	vpaddq		$M3,$D3,$H3		# h3 = d3 + h4*s4
+	vpaddq		$M4,$D4,$D4		# d4 += h4*r0
+	vpaddq		$M0,$D0,$D0		# d0 += h3*s2
+	vpaddq		$M1,$D1,$D1		# d1 += h3*s3
+	vpaddq		$M2,$D2,$D2		# d2 += h3*s4
+
+	vpmuludq	$H4,$S1,$M0
+	vpmuludq	$H4,$S2,$M1
+	vpmuludq	$H4,$S3,$M2
+	vpaddq		$M0,$D0,$H0		# h0 = d0 + h4*s1
+	vpaddq		$M1,$D1,$H1		# h1 = d2 + h4*s2
+	vpaddq		$M2,$D2,$H2		# h2 = d3 + h4*s3
+
+	################################################################
+	# horizontal addition
+
+	mov		\$1,%eax
+	vpermq		\$0xb1,$H3,$D3
+	vpermq		\$0xb1,$D4,$H4
+	vpermq		\$0xb1,$H0,$D0
+	vpermq		\$0xb1,$H1,$D1
+	vpermq		\$0xb1,$H2,$D2
+	vpaddq		$D3,$H3,$H3
+	vpaddq		$D4,$H4,$H4
+	vpaddq		$D0,$H0,$H0
+	vpaddq		$D1,$H1,$H1
+	vpaddq		$D2,$H2,$H2
+
+	kmovw		%eax,%k3
+	vpermq		\$0x2,$H3,$D3
+	vpermq		\$0x2,$H4,$D4
+	vpermq		\$0x2,$H0,$D0
+	vpermq		\$0x2,$H1,$D1
+	vpermq		\$0x2,$H2,$D2
+	vpaddq		$D3,$H3,$H3
+	vpaddq		$D4,$H4,$H4
+	vpaddq		$D0,$H0,$H0
+	vpaddq		$D1,$H1,$H1
+	vpaddq		$D2,$H2,$H2
+
+	vextracti64x4	\$0x1,$H3,%y#$D3
+	vextracti64x4	\$0x1,$H4,%y#$D4
+	vextracti64x4	\$0x1,$H0,%y#$D0
+	vextracti64x4	\$0x1,$H1,%y#$D1
+	vextracti64x4	\$0x1,$H2,%y#$D2
+	vpaddq		$D3,$H3,${H3}{%k3}{z}	# keep single qword in case
+	vpaddq		$D4,$H4,${H4}{%k3}{z}	# it's passed to .Ltail_avx2
+	vpaddq		$D0,$H0,${H0}{%k3}{z}
+	vpaddq		$D1,$H1,${H1}{%k3}{z}
+	vpaddq		$D2,$H2,${H2}{%k3}{z}
+___
+map(s/%z/%y/,($T0,$T1,$T2,$T3,$T4, $PADBIT));
+map(s/%z/%y/,($H0,$H1,$H2,$H3,$H4, $D0,$D1,$D2,$D3,$D4, $MASK));
+$code.=<<___;
+	################################################################
+	# lazy reduction (interleaved with input splat)
+
+	vpsrlq		\$26,$H3,$D3
+	vpand		$MASK,$H3,$H3
+	 vpsrldq	\$6,$T0,$T2		# splat input
+	 vpsrldq	\$6,$T1,$T3
+	 vpunpckhqdq	$T1,$T0,$T4		# 4
+	vpaddq		$D3,$H4,$H4		# h3 -> h4
+
+	vpsrlq		\$26,$H0,$D0
+	vpand		$MASK,$H0,$H0
+	 vpunpcklqdq	$T3,$T2,$T2		# 2:3
+	 vpunpcklqdq	$T1,$T0,$T0		# 0:1
+	vpaddq		$D0,$H1,$H1		# h0 -> h1
+
+	vpsrlq		\$26,$H4,$D4
+	vpand		$MASK,$H4,$H4
+
+	vpsrlq		\$26,$H1,$D1
+	vpand		$MASK,$H1,$H1
+	 vpsrlq		\$30,$T2,$T3
+	 vpsrlq		\$4,$T2,$T2
+	vpaddq		$D1,$H2,$H2		# h1 -> h2
+
+	vpaddq		$D4,$H0,$H0
+	vpsllq		\$2,$D4,$D4
+	 vpsrlq		\$26,$T0,$T1
+	 vpsrlq		\$40,$T4,$T4		# 4
+	vpaddq		$D4,$H0,$H0		# h4 -> h0
+
+	vpsrlq		\$26,$H2,$D2
+	vpand		$MASK,$H2,$H2
+	 vpand		$MASK,$T2,$T2		# 2
+	 vpand		$MASK,$T0,$T0		# 0
+	vpaddq		$D2,$H3,$H3		# h2 -> h3
+
+	vpsrlq		\$26,$H0,$D0
+	vpand		$MASK,$H0,$H0
+	 vpaddq		$H2,$T2,$H2		# accumulate input for .Ltail_avx2
+	 vpand		$MASK,$T1,$T1		# 1
+	vpaddq		$D0,$H1,$H1		# h0 -> h1
+
+	vpsrlq		\$26,$H3,$D3
+	vpand		$MASK,$H3,$H3
+	 vpand		$MASK,$T3,$T3		# 3
+	 vpor		32(%rcx),$T4,$T4	# padbit, yes, always
+	vpaddq		$D3,$H4,$H4		# h3 -> h4
+
+	lea		0x90(%rsp),%rax		# size optimization for .Ltail_avx2
+	add		\$64,$len
+	jnz		.Ltail_avx2
+
+	vpsubq		$T2,$H2,$H2		# undo input accumulation
+	vmovd		%x#$H0,`4*0-48-64`($ctx)# save partially reduced
+	vmovd		%x#$H1,`4*1-48-64`($ctx)
+	vmovd		%x#$H2,`4*2-48-64`($ctx)
+	vmovd		%x#$H3,`4*3-48-64`($ctx)
+	vmovd		%x#$H4,`4*4-48-64`($ctx)
+	vzeroall
+___
+$code.=<<___	if ($win64);
+	movdqa		0x50(%r11),%xmm6
+	movdqa		0x60(%r11),%xmm7
+	movdqa		0x70(%r11),%xmm8
+	movdqa		0x80(%r11),%xmm9
+	movdqa		0x90(%r11),%xmm10
+	movdqa		0xa0(%r11),%xmm11
+	movdqa		0xb0(%r11),%xmm12
+	movdqa		0xc0(%r11),%xmm13
+	movdqa		0xd0(%r11),%xmm14
+	movdqa		0xe0(%r11),%xmm15
+	lea		0xf8(%r11),%rsp
+.Ldo_avx512_epilogue:
+___
+$code.=<<___	if (!$win64);
+	lea		8(%r11),%rsp
+.cfi_def_cfa		%rsp,8
+___
+$code.=<<___;
+	ret
+.cfi_endproc
+.size	poly1305_blocks_avx512,.-poly1305_blocks_avx512
+___
+if ($avx>3) {
+########################################################################
+# VPMADD52 version using 2^44 radix.
+#
+# One can argue that base 2^52 would be more natural. Well, even though
+# some operations would be more natural, one has to recognize couple of
+# things. Base 2^52 doesn't provide advantage over base 2^44 if you look
+# at amount of multiply-n-accumulate operations. Secondly, it makes it
+# impossible to pre-compute multiples of 5 [referred to as s[]/sN in
+# reference implementations], which means that more such operations
+# would have to be performed in inner loop, which in turn makes critical
+# path longer. In other words, even though base 2^44 reduction might
+# look less elegant, overall critical path is actually shorter...
+
+########################################################################
+# Layout of opaque area is following.
+#
+#	unsigned __int64 h[3];		# current hash value base 2^44
+#	unsigned __int64 s[2];		# key value*20 base 2^44
+#	unsigned __int64 r[3];		# key value base 2^44
+#	struct { unsigned __int64 r^1, r^3, r^2, r^4; } R[4];
+#					# r^n positions reflect
+#					# placement in register, not
+#					# memory, R[3] is R[1]*20
+
+$code.=<<___;
+.type	poly1305_init_base2_44,\@function,3
+.align	32
+poly1305_init_base2_44:
+	xor	%rax,%rax
+	mov	%rax,0($ctx)		# initialize hash value
+	mov	%rax,8($ctx)
+	mov	%rax,16($ctx)
+
+.Linit_base2_44:
+	lea	poly1305_blocks_vpmadd52(%rip),%r10
+	lea	poly1305_emit_base2_44(%rip),%r11
+
+	mov	\$0x0ffffffc0fffffff,%rax
+	mov	\$0x0ffffffc0ffffffc,%rcx
+	and	0($inp),%rax
+	mov	\$0x00000fffffffffff,%r8
+	and	8($inp),%rcx
+	mov	\$0x00000fffffffffff,%r9
+	and	%rax,%r8
+	shrd	\$44,%rcx,%rax
+	mov	%r8,40($ctx)		# r0
+	and	%r9,%rax
+	shr	\$24,%rcx
+	mov	%rax,48($ctx)		# r1
+	lea	(%rax,%rax,4),%rax	# *5
+	mov	%rcx,56($ctx)		# r2
+	shl	\$2,%rax		# magic <<2
+	lea	(%rcx,%rcx,4),%rcx	# *5
+	shl	\$2,%rcx		# magic <<2
+	mov	%rax,24($ctx)		# s1
+	mov	%rcx,32($ctx)		# s2
+	movq	\$-1,64($ctx)		# write impossible value
+___
+$code.=<<___	if ($flavour !~ /elf32/);
+	mov	%r10,0(%rdx)
+	mov	%r11,8(%rdx)
+___
+$code.=<<___	if ($flavour =~ /elf32/);
+	mov	%r10d,0(%rdx)
+	mov	%r11d,4(%rdx)
+___
+$code.=<<___;
+	mov	\$1,%eax
+	ret
+.size	poly1305_init_base2_44,.-poly1305_init_base2_44
+___
+{
+my ($H0,$H1,$H2,$r2r1r0,$r1r0s2,$r0s2s1,$Dlo,$Dhi) = map("%ymm$_",(0..5,16,17));
+my ($T0,$inp_permd,$inp_shift,$PAD) = map("%ymm$_",(18..21));
+my ($reduc_mask,$reduc_rght,$reduc_left) = map("%ymm$_",(22..25));
+
+$code.=<<___;
+.type	poly1305_blocks_vpmadd52,\@function,4
+.align	32
+poly1305_blocks_vpmadd52:
+	shr	\$4,$len
+	jz	.Lno_data_vpmadd52		# too short
+
+	shl	\$40,$padbit
+	mov	64($ctx),%r8			# peek on power of the key
+
+	# if powers of the key are not calculated yet, process up to 3
+	# blocks with this single-block subroutine, otherwise ensure that
+	# length is divisible by 2 blocks and pass the rest down to next
+	# subroutine...
+
+	mov	\$3,%rax
+	mov	\$1,%r10
+	cmp	\$4,$len			# is input long
+	cmovae	%r10,%rax
+	test	%r8,%r8				# is power value impossible?
+	cmovns	%r10,%rax
+
+	and	$len,%rax			# is input of favourable length?
+	jz	.Lblocks_vpmadd52_4x
+
+	sub		%rax,$len
+	mov		\$7,%r10d
+	mov		\$1,%r11d
+	kmovw		%r10d,%k7
+	lea		.L2_44_inp_permd(%rip),%r10
+	kmovw		%r11d,%k1
+
+	vmovq		$padbit,%x#$PAD
+	vmovdqa64	0(%r10),$inp_permd	# .L2_44_inp_permd
+	vmovdqa64	32(%r10),$inp_shift	# .L2_44_inp_shift
+	vpermq		\$0xcf,$PAD,$PAD
+	vmovdqa64	64(%r10),$reduc_mask	# .L2_44_mask
+
+	vmovdqu64	0($ctx),${Dlo}{%k7}{z}		# load hash value
+	vmovdqu64	40($ctx),${r2r1r0}{%k7}{z}	# load keys
+	vmovdqu64	32($ctx),${r1r0s2}{%k7}{z}
+	vmovdqu64	24($ctx),${r0s2s1}{%k7}{z}
+
+	vmovdqa64	96(%r10),$reduc_rght	# .L2_44_shift_rgt
+	vmovdqa64	128(%r10),$reduc_left	# .L2_44_shift_lft
+
+	jmp		.Loop_vpmadd52
+
+.align	32
+.Loop_vpmadd52:
+	vmovdqu32	0($inp),%x#$T0		# load input as ----3210
+	lea		16($inp),$inp
+
+	vpermd		$T0,$inp_permd,$T0	# ----3210 -> --322110
+	vpsrlvq		$inp_shift,$T0,$T0
+	vpandq		$reduc_mask,$T0,$T0
+	vporq		$PAD,$T0,$T0
+
+	vpaddq		$T0,$Dlo,$Dlo		# accumulate input
+
+	vpermq		\$0,$Dlo,${H0}{%k7}{z}	# smash hash value
+	vpermq		\$0b01010101,$Dlo,${H1}{%k7}{z}
+	vpermq		\$0b10101010,$Dlo,${H2}{%k7}{z}
+
+	vpxord		$Dlo,$Dlo,$Dlo
+	vpxord		$Dhi,$Dhi,$Dhi
+
+	vpmadd52luq	$r2r1r0,$H0,$Dlo
+	vpmadd52huq	$r2r1r0,$H0,$Dhi
+
+	vpmadd52luq	$r1r0s2,$H1,$Dlo
+	vpmadd52huq	$r1r0s2,$H1,$Dhi
+
+	vpmadd52luq	$r0s2s1,$H2,$Dlo
+	vpmadd52huq	$r0s2s1,$H2,$Dhi
+
+	vpsrlvq		$reduc_rght,$Dlo,$T0	# 0 in topmost qword
+	vpsllvq		$reduc_left,$Dhi,$Dhi	# 0 in topmost qword
+	vpandq		$reduc_mask,$Dlo,$Dlo
+
+	vpaddq		$T0,$Dhi,$Dhi
+
+	vpermq		\$0b10010011,$Dhi,$Dhi	# 0 in lowest qword
+
+	vpaddq		$Dhi,$Dlo,$Dlo		# note topmost qword :-)
+
+	vpsrlvq		$reduc_rght,$Dlo,$T0	# 0 in topmost word
+	vpandq		$reduc_mask,$Dlo,$Dlo
+
+	vpermq		\$0b10010011,$T0,$T0
+
+	vpaddq		$T0,$Dlo,$Dlo
+
+	vpermq		\$0b10010011,$Dlo,${T0}{%k1}{z}
+
+	vpaddq		$T0,$Dlo,$Dlo
+	vpsllq		\$2,$T0,$T0
+
+	vpaddq		$T0,$Dlo,$Dlo
+
+	dec		%rax			# len-=16
+	jnz		.Loop_vpmadd52
+
+	vmovdqu64	$Dlo,0($ctx){%k7}	# store hash value
+
+	test		$len,$len
+	jnz		.Lblocks_vpmadd52_4x
+
+.Lno_data_vpmadd52:
+	ret
+.size	poly1305_blocks_vpmadd52,.-poly1305_blocks_vpmadd52
+___
 }
+{
+########################################################################
+# As implied by its name 4x subroutine processes 4 blocks in parallel
+# (but handles even 4*n+2 blocks lengths). It takes up to 4th key power
+# and is handled in 256-bit %ymm registers.
+
+my ($H0,$H1,$H2,$R0,$R1,$R2,$S1,$S2) = map("%ymm$_",(0..5,16,17));
+my ($D0lo,$D0hi,$D1lo,$D1hi,$D2lo,$D2hi) = map("%ymm$_",(18..23));
+my ($T0,$T1,$T2,$T3,$mask44,$mask42,$tmp,$PAD) = map("%ymm$_",(24..31));
+
+$code.=<<___;
+.type	poly1305_blocks_vpmadd52_4x,\@function,4
+.align	32
+poly1305_blocks_vpmadd52_4x:
+	shr	\$4,$len
+	jz	.Lno_data_vpmadd52_4x		# too short
+
+	shl	\$40,$padbit
+	mov	64($ctx),%r8			# peek on power of the key
+
+.Lblocks_vpmadd52_4x:
+	vpbroadcastq	$padbit,$PAD
+
+	vmovdqa64	.Lx_mask44(%rip),$mask44
+	mov		\$5,%eax
+	vmovdqa64	.Lx_mask42(%rip),$mask42
+	kmovw		%eax,%k1		# used in 2x path
+
+	test		%r8,%r8			# is power value impossible?
+	js		.Linit_vpmadd52		# if it is, then init R[4]
+
+	vmovq		0($ctx),%x#$H0		# load current hash value
+	vmovq		8($ctx),%x#$H1
+	vmovq		16($ctx),%x#$H2
+
+	test		\$3,$len		# is length 4*n+2?
+	jnz		.Lblocks_vpmadd52_2x_do
+
+.Lblocks_vpmadd52_4x_do:
+	vpbroadcastq	64($ctx),$R0		# load 4th power of the key
+	vpbroadcastq	96($ctx),$R1
+	vpbroadcastq	128($ctx),$R2
+	vpbroadcastq	160($ctx),$S1
+
+.Lblocks_vpmadd52_4x_key_loaded:
+	vpsllq		\$2,$R2,$S2		# S2 = R2*5*4
+	vpaddq		$R2,$S2,$S2
+	vpsllq		\$2,$S2,$S2
+
+	test		\$7,$len		# is len 8*n?
+	jz		.Lblocks_vpmadd52_8x
+
+	vmovdqu64	16*0($inp),$T2		# load data
+	vmovdqu64	16*2($inp),$T3
+	lea		16*4($inp),$inp
+
+	vpunpcklqdq	$T3,$T2,$T1		# transpose data
+	vpunpckhqdq	$T3,$T2,$T3
+
+	# at this point 64-bit lanes are ordered as 3-1-2-0
+
+	vpsrlq		\$24,$T3,$T2		# splat the data
+	vporq		$PAD,$T2,$T2
+	 vpaddq		$T2,$H2,$H2		# accumulate input
+	vpandq		$mask44,$T1,$T0
+	vpsrlq		\$44,$T1,$T1
+	vpsllq		\$20,$T3,$T3
+	vporq		$T3,$T1,$T1
+	vpandq		$mask44,$T1,$T1
+
+	sub		\$4,$len
+	jz		.Ltail_vpmadd52_4x
+	jmp		.Loop_vpmadd52_4x
+	ud2
+
+.align	32
+.Linit_vpmadd52:
+	vmovq		24($ctx),%x#$S1		# load key
+	vmovq		56($ctx),%x#$H2
+	vmovq		32($ctx),%x#$S2
+	vmovq		40($ctx),%x#$R0
+	vmovq		48($ctx),%x#$R1
+
+	vmovdqa		$R0,$H0
+	vmovdqa		$R1,$H1
+	vmovdqa		$H2,$R2
+
+	mov		\$2,%eax
+
+.Lmul_init_vpmadd52:
+	vpxorq		$D0lo,$D0lo,$D0lo
+	vpmadd52luq	$H2,$S1,$D0lo
+	vpxorq		$D0hi,$D0hi,$D0hi
+	vpmadd52huq	$H2,$S1,$D0hi
+	vpxorq		$D1lo,$D1lo,$D1lo
+	vpmadd52luq	$H2,$S2,$D1lo
+	vpxorq		$D1hi,$D1hi,$D1hi
+	vpmadd52huq	$H2,$S2,$D1hi
+	vpxorq		$D2lo,$D2lo,$D2lo
+	vpmadd52luq	$H2,$R0,$D2lo
+	vpxorq		$D2hi,$D2hi,$D2hi
+	vpmadd52huq	$H2,$R0,$D2hi
+
+	vpmadd52luq	$H0,$R0,$D0lo
+	vpmadd52huq	$H0,$R0,$D0hi
+	vpmadd52luq	$H0,$R1,$D1lo
+	vpmadd52huq	$H0,$R1,$D1hi
+	vpmadd52luq	$H0,$R2,$D2lo
+	vpmadd52huq	$H0,$R2,$D2hi
+
+	vpmadd52luq	$H1,$S2,$D0lo
+	vpmadd52huq	$H1,$S2,$D0hi
+	vpmadd52luq	$H1,$R0,$D1lo
+	vpmadd52huq	$H1,$R0,$D1hi
+	vpmadd52luq	$H1,$R1,$D2lo
+	vpmadd52huq	$H1,$R1,$D2hi
+
+	################################################################
+	# partial reduction
+	vpsrlq		\$44,$D0lo,$tmp
+	vpsllq		\$8,$D0hi,$D0hi
+	vpandq		$mask44,$D0lo,$H0
+	vpaddq		$tmp,$D0hi,$D0hi
+
+	vpaddq		$D0hi,$D1lo,$D1lo
+
+	vpsrlq		\$44,$D1lo,$tmp
+	vpsllq		\$8,$D1hi,$D1hi
+	vpandq		$mask44,$D1lo,$H1
+	vpaddq		$tmp,$D1hi,$D1hi
+
+	vpaddq		$D1hi,$D2lo,$D2lo
+
+	vpsrlq		\$42,$D2lo,$tmp
+	vpsllq		\$10,$D2hi,$D2hi
+	vpandq		$mask42,$D2lo,$H2
+	vpaddq		$tmp,$D2hi,$D2hi
+
+	vpaddq		$D2hi,$H0,$H0
+	vpsllq		\$2,$D2hi,$D2hi
+
+	vpaddq		$D2hi,$H0,$H0
+
+	vpsrlq		\$44,$H0,$tmp		# additional step
+	vpandq		$mask44,$H0,$H0
+
+	vpaddq		$tmp,$H1,$H1
+
+	dec		%eax
+	jz		.Ldone_init_vpmadd52
+
+	vpunpcklqdq	$R1,$H1,$R1		# 1,2
+	vpbroadcastq	%x#$H1,%x#$H1		# 2,2
+	vpunpcklqdq	$R2,$H2,$R2
+	vpbroadcastq	%x#$H2,%x#$H2
+	vpunpcklqdq	$R0,$H0,$R0
+	vpbroadcastq	%x#$H0,%x#$H0
+
+	vpsllq		\$2,$R1,$S1		# S1 = R1*5*4
+	vpsllq		\$2,$R2,$S2		# S2 = R2*5*4
+	vpaddq		$R1,$S1,$S1
+	vpaddq		$R2,$S2,$S2
+	vpsllq		\$2,$S1,$S1
+	vpsllq		\$2,$S2,$S2
+
+	jmp		.Lmul_init_vpmadd52
+	ud2
+
+.align	32
+.Ldone_init_vpmadd52:
+	vinserti128	\$1,%x#$R1,$H1,$R1	# 1,2,3,4
+	vinserti128	\$1,%x#$R2,$H2,$R2
+	vinserti128	\$1,%x#$R0,$H0,$R0
+
+	vpermq		\$0b11011000,$R1,$R1	# 1,3,2,4
+	vpermq		\$0b11011000,$R2,$R2
+	vpermq		\$0b11011000,$R0,$R0
+
+	vpsllq		\$2,$R1,$S1		# S1 = R1*5*4
+	vpaddq		$R1,$S1,$S1
+	vpsllq		\$2,$S1,$S1
+
+	vmovq		0($ctx),%x#$H0		# load current hash value
+	vmovq		8($ctx),%x#$H1
+	vmovq		16($ctx),%x#$H2
+
+	test		\$3,$len		# is length 4*n+2?
+	jnz		.Ldone_init_vpmadd52_2x
+
+	vmovdqu64	$R0,64($ctx)		# save key powers
+	vpbroadcastq	%x#$R0,$R0		# broadcast 4th power
+	vmovdqu64	$R1,96($ctx)
+	vpbroadcastq	%x#$R1,$R1
+	vmovdqu64	$R2,128($ctx)
+	vpbroadcastq	%x#$R2,$R2
+	vmovdqu64	$S1,160($ctx)
+	vpbroadcastq	%x#$S1,$S1
+
+	jmp		.Lblocks_vpmadd52_4x_key_loaded
+	ud2
+
+.align	32
+.Ldone_init_vpmadd52_2x:
+	vmovdqu64	$R0,64($ctx)		# save key powers
+	vpsrldq		\$8,$R0,$R0		# 0-1-0-2
+	vmovdqu64	$R1,96($ctx)
+	vpsrldq		\$8,$R1,$R1
+	vmovdqu64	$R2,128($ctx)
+	vpsrldq		\$8,$R2,$R2
+	vmovdqu64	$S1,160($ctx)
+	vpsrldq		\$8,$S1,$S1
+	jmp		.Lblocks_vpmadd52_2x_key_loaded
+	ud2
+
+.align	32
+.Lblocks_vpmadd52_2x_do:
+	vmovdqu64	128+8($ctx),${R2}{%k1}{z}# load 2nd and 1st key powers
+	vmovdqu64	160+8($ctx),${S1}{%k1}{z}
+	vmovdqu64	64+8($ctx),${R0}{%k1}{z}
+	vmovdqu64	96+8($ctx),${R1}{%k1}{z}
+
+.Lblocks_vpmadd52_2x_key_loaded:
+	vmovdqu64	16*0($inp),$T2		# load data
+	vpxorq		$T3,$T3,$T3
+	lea		16*2($inp),$inp
+
+	vpunpcklqdq	$T3,$T2,$T1		# transpose data
+	vpunpckhqdq	$T3,$T2,$T3
+
+	# at this point 64-bit lanes are ordered as x-1-x-0
+
+	vpsrlq		\$24,$T3,$T2		# splat the data
+	vporq		$PAD,$T2,$T2
+	 vpaddq		$T2,$H2,$H2		# accumulate input
+	vpandq		$mask44,$T1,$T0
+	vpsrlq		\$44,$T1,$T1
+	vpsllq		\$20,$T3,$T3
+	vporq		$T3,$T1,$T1
+	vpandq		$mask44,$T1,$T1
+
+	jmp		.Ltail_vpmadd52_2x
+	ud2
+
+.align	32
+.Loop_vpmadd52_4x:
+	#vpaddq		$T2,$H2,$H2		# accumulate input
+	vpaddq		$T0,$H0,$H0
+	vpaddq		$T1,$H1,$H1
+
+	vpxorq		$D0lo,$D0lo,$D0lo
+	vpmadd52luq	$H2,$S1,$D0lo
+	vpxorq		$D0hi,$D0hi,$D0hi
+	vpmadd52huq	$H2,$S1,$D0hi
+	vpxorq		$D1lo,$D1lo,$D1lo
+	vpmadd52luq	$H2,$S2,$D1lo
+	vpxorq		$D1hi,$D1hi,$D1hi
+	vpmadd52huq	$H2,$S2,$D1hi
+	vpxorq		$D2lo,$D2lo,$D2lo
+	vpmadd52luq	$H2,$R0,$D2lo
+	vpxorq		$D2hi,$D2hi,$D2hi
+	vpmadd52huq	$H2,$R0,$D2hi
+
+	 vmovdqu64	16*0($inp),$T2		# load data
+	 vmovdqu64	16*2($inp),$T3
+	 lea		16*4($inp),$inp
+	vpmadd52luq	$H0,$R0,$D0lo
+	vpmadd52huq	$H0,$R0,$D0hi
+	vpmadd52luq	$H0,$R1,$D1lo
+	vpmadd52huq	$H0,$R1,$D1hi
+	vpmadd52luq	$H0,$R2,$D2lo
+	vpmadd52huq	$H0,$R2,$D2hi
+
+	 vpunpcklqdq	$T3,$T2,$T1		# transpose data
+	 vpunpckhqdq	$T3,$T2,$T3
+	vpmadd52luq	$H1,$S2,$D0lo
+	vpmadd52huq	$H1,$S2,$D0hi
+	vpmadd52luq	$H1,$R0,$D1lo
+	vpmadd52huq	$H1,$R0,$D1hi
+	vpmadd52luq	$H1,$R1,$D2lo
+	vpmadd52huq	$H1,$R1,$D2hi
+
+	################################################################
+	# partial reduction (interleaved with data splat)
+	vpsrlq		\$44,$D0lo,$tmp
+	vpsllq		\$8,$D0hi,$D0hi
+	vpandq		$mask44,$D0lo,$H0
+	vpaddq		$tmp,$D0hi,$D0hi
+
+	 vpsrlq		\$24,$T3,$T2
+	 vporq		$PAD,$T2,$T2
+	vpaddq		$D0hi,$D1lo,$D1lo
+
+	vpsrlq		\$44,$D1lo,$tmp
+	vpsllq		\$8,$D1hi,$D1hi
+	vpandq		$mask44,$D1lo,$H1
+	vpaddq		$tmp,$D1hi,$D1hi
+
+	 vpandq		$mask44,$T1,$T0
+	 vpsrlq		\$44,$T1,$T1
+	 vpsllq		\$20,$T3,$T3
+	vpaddq		$D1hi,$D2lo,$D2lo
+
+	vpsrlq		\$42,$D2lo,$tmp
+	vpsllq		\$10,$D2hi,$D2hi
+	vpandq		$mask42,$D2lo,$H2
+	vpaddq		$tmp,$D2hi,$D2hi
+
+	  vpaddq	$T2,$H2,$H2		# accumulate input
+	vpaddq		$D2hi,$H0,$H0
+	vpsllq		\$2,$D2hi,$D2hi
+
+	vpaddq		$D2hi,$H0,$H0
+	 vporq		$T3,$T1,$T1
+	 vpandq		$mask44,$T1,$T1
+
+	vpsrlq		\$44,$H0,$tmp		# additional step
+	vpandq		$mask44,$H0,$H0
+
+	vpaddq		$tmp,$H1,$H1
+
+	sub		\$4,$len		# len-=64
+	jnz		.Loop_vpmadd52_4x
+
+.Ltail_vpmadd52_4x:
+	vmovdqu64	128($ctx),$R2		# load all key powers
+	vmovdqu64	160($ctx),$S1
+	vmovdqu64	64($ctx),$R0
+	vmovdqu64	96($ctx),$R1
+
+.Ltail_vpmadd52_2x:
+	vpsllq		\$2,$R2,$S2		# S2 = R2*5*4
+	vpaddq		$R2,$S2,$S2
+	vpsllq		\$2,$S2,$S2
+
+	#vpaddq		$T2,$H2,$H2		# accumulate input
+	vpaddq		$T0,$H0,$H0
+	vpaddq		$T1,$H1,$H1
+
+	vpxorq		$D0lo,$D0lo,$D0lo
+	vpmadd52luq	$H2,$S1,$D0lo
+	vpxorq		$D0hi,$D0hi,$D0hi
+	vpmadd52huq	$H2,$S1,$D0hi
+	vpxorq		$D1lo,$D1lo,$D1lo
+	vpmadd52luq	$H2,$S2,$D1lo
+	vpxorq		$D1hi,$D1hi,$D1hi
+	vpmadd52huq	$H2,$S2,$D1hi
+	vpxorq		$D2lo,$D2lo,$D2lo
+	vpmadd52luq	$H2,$R0,$D2lo
+	vpxorq		$D2hi,$D2hi,$D2hi
+	vpmadd52huq	$H2,$R0,$D2hi
+
+	vpmadd52luq	$H0,$R0,$D0lo
+	vpmadd52huq	$H0,$R0,$D0hi
+	vpmadd52luq	$H0,$R1,$D1lo
+	vpmadd52huq	$H0,$R1,$D1hi
+	vpmadd52luq	$H0,$R2,$D2lo
+	vpmadd52huq	$H0,$R2,$D2hi
+
+	vpmadd52luq	$H1,$S2,$D0lo
+	vpmadd52huq	$H1,$S2,$D0hi
+	vpmadd52luq	$H1,$R0,$D1lo
+	vpmadd52huq	$H1,$R0,$D1hi
+	vpmadd52luq	$H1,$R1,$D2lo
+	vpmadd52huq	$H1,$R1,$D2hi
+
+	################################################################
+	# horizontal addition
+
+	mov		\$1,%eax
+	kmovw		%eax,%k1
+	vpsrldq		\$8,$D0lo,$T0
+	vpsrldq		\$8,$D0hi,$H0
+	vpsrldq		\$8,$D1lo,$T1
+	vpsrldq		\$8,$D1hi,$H1
+	vpaddq		$T0,$D0lo,$D0lo
+	vpaddq		$H0,$D0hi,$D0hi
+	vpsrldq		\$8,$D2lo,$T2
+	vpsrldq		\$8,$D2hi,$H2
+	vpaddq		$T1,$D1lo,$D1lo
+	vpaddq		$H1,$D1hi,$D1hi
+	 vpermq		\$0x2,$D0lo,$T0
+	 vpermq		\$0x2,$D0hi,$H0
+	vpaddq		$T2,$D2lo,$D2lo
+	vpaddq		$H2,$D2hi,$D2hi
+
+	vpermq		\$0x2,$D1lo,$T1
+	vpermq		\$0x2,$D1hi,$H1
+	vpaddq		$T0,$D0lo,${D0lo}{%k1}{z}
+	vpaddq		$H0,$D0hi,${D0hi}{%k1}{z}
+	vpermq		\$0x2,$D2lo,$T2
+	vpermq		\$0x2,$D2hi,$H2
+	vpaddq		$T1,$D1lo,${D1lo}{%k1}{z}
+	vpaddq		$H1,$D1hi,${D1hi}{%k1}{z}
+	vpaddq		$T2,$D2lo,${D2lo}{%k1}{z}
+	vpaddq		$H2,$D2hi,${D2hi}{%k1}{z}
+
+	################################################################
+	# partial reduction
+	vpsrlq		\$44,$D0lo,$tmp
+	vpsllq		\$8,$D0hi,$D0hi
+	vpandq		$mask44,$D0lo,$H0
+	vpaddq		$tmp,$D0hi,$D0hi
+
+	vpaddq		$D0hi,$D1lo,$D1lo
+
+	vpsrlq		\$44,$D1lo,$tmp
+	vpsllq		\$8,$D1hi,$D1hi
+	vpandq		$mask44,$D1lo,$H1
+	vpaddq		$tmp,$D1hi,$D1hi
+
+	vpaddq		$D1hi,$D2lo,$D2lo
+
+	vpsrlq		\$42,$D2lo,$tmp
+	vpsllq		\$10,$D2hi,$D2hi
+	vpandq		$mask42,$D2lo,$H2
+	vpaddq		$tmp,$D2hi,$D2hi
+
+	vpaddq		$D2hi,$H0,$H0
+	vpsllq		\$2,$D2hi,$D2hi
+
+	vpaddq		$D2hi,$H0,$H0
+
+	vpsrlq		\$44,$H0,$tmp		# additional step
+	vpandq		$mask44,$H0,$H0
+
+	vpaddq		$tmp,$H1,$H1
+						# at this point $len is
+						# either 4*n+2 or 0...
+	sub		\$2,$len		# len-=32
+	ja		.Lblocks_vpmadd52_4x_do
+
+	vmovq		%x#$H0,0($ctx)
+	vmovq		%x#$H1,8($ctx)
+	vmovq		%x#$H2,16($ctx)
+	vzeroall
+
+.Lno_data_vpmadd52_4x:
+	ret
+.size	poly1305_blocks_vpmadd52_4x,.-poly1305_blocks_vpmadd52_4x
+___
+}
+{
+########################################################################
+# As implied by its name 8x subroutine processes 8 blocks in parallel...
+# This is intermediate version, as it's used only in cases when input
+# length is either 8*n, 8*n+1 or 8*n+2...
+
+my ($H0,$H1,$H2,$R0,$R1,$R2,$S1,$S2) = map("%ymm$_",(0..5,16,17));
+my ($D0lo,$D0hi,$D1lo,$D1hi,$D2lo,$D2hi) = map("%ymm$_",(18..23));
+my ($T0,$T1,$T2,$T3,$mask44,$mask42,$tmp,$PAD) = map("%ymm$_",(24..31));
+my ($RR0,$RR1,$RR2,$SS1,$SS2) = map("%ymm$_",(6..10));
+
+$code.=<<___;
+.type	poly1305_blocks_vpmadd52_8x,\@function,4
+.align	32
+poly1305_blocks_vpmadd52_8x:
+	shr	\$4,$len
+	jz	.Lno_data_vpmadd52_8x		# too short
+
+	shl	\$40,$padbit
+	mov	64($ctx),%r8			# peek on power of the key
+
+	vmovdqa64	.Lx_mask44(%rip),$mask44
+	vmovdqa64	.Lx_mask42(%rip),$mask42
+
+	test	%r8,%r8				# is power value impossible?
+	js	.Linit_vpmadd52			# if it is, then init R[4]
+
+	vmovq	0($ctx),%x#$H0			# load current hash value
+	vmovq	8($ctx),%x#$H1
+	vmovq	16($ctx),%x#$H2
+
+.Lblocks_vpmadd52_8x:
+	################################################################
+	# fist we calculate more key powers
+
+	vmovdqu64	128($ctx),$R2		# load 1-3-2-4 powers
+	vmovdqu64	160($ctx),$S1
+	vmovdqu64	64($ctx),$R0
+	vmovdqu64	96($ctx),$R1
+
+	vpsllq		\$2,$R2,$S2		# S2 = R2*5*4
+	vpaddq		$R2,$S2,$S2
+	vpsllq		\$2,$S2,$S2
+
+	vpbroadcastq	%x#$R2,$RR2		# broadcast 4th power
+	vpbroadcastq	%x#$R0,$RR0
+	vpbroadcastq	%x#$R1,$RR1
+
+	vpxorq		$D0lo,$D0lo,$D0lo
+	vpmadd52luq	$RR2,$S1,$D0lo
+	vpxorq		$D0hi,$D0hi,$D0hi
+	vpmadd52huq	$RR2,$S1,$D0hi
+	vpxorq		$D1lo,$D1lo,$D1lo
+	vpmadd52luq	$RR2,$S2,$D1lo
+	vpxorq		$D1hi,$D1hi,$D1hi
+	vpmadd52huq	$RR2,$S2,$D1hi
+	vpxorq		$D2lo,$D2lo,$D2lo
+	vpmadd52luq	$RR2,$R0,$D2lo
+	vpxorq		$D2hi,$D2hi,$D2hi
+	vpmadd52huq	$RR2,$R0,$D2hi
+
+	vpmadd52luq	$RR0,$R0,$D0lo
+	vpmadd52huq	$RR0,$R0,$D0hi
+	vpmadd52luq	$RR0,$R1,$D1lo
+	vpmadd52huq	$RR0,$R1,$D1hi
+	vpmadd52luq	$RR0,$R2,$D2lo
+	vpmadd52huq	$RR0,$R2,$D2hi
+
+	vpmadd52luq	$RR1,$S2,$D0lo
+	vpmadd52huq	$RR1,$S2,$D0hi
+	vpmadd52luq	$RR1,$R0,$D1lo
+	vpmadd52huq	$RR1,$R0,$D1hi
+	vpmadd52luq	$RR1,$R1,$D2lo
+	vpmadd52huq	$RR1,$R1,$D2hi
+
+	################################################################
+	# partial reduction
+	vpsrlq		\$44,$D0lo,$tmp
+	vpsllq		\$8,$D0hi,$D0hi
+	vpandq		$mask44,$D0lo,$RR0
+	vpaddq		$tmp,$D0hi,$D0hi
+
+	vpaddq		$D0hi,$D1lo,$D1lo
+
+	vpsrlq		\$44,$D1lo,$tmp
+	vpsllq		\$8,$D1hi,$D1hi
+	vpandq		$mask44,$D1lo,$RR1
+	vpaddq		$tmp,$D1hi,$D1hi
+
+	vpaddq		$D1hi,$D2lo,$D2lo
+
+	vpsrlq		\$42,$D2lo,$tmp
+	vpsllq		\$10,$D2hi,$D2hi
+	vpandq		$mask42,$D2lo,$RR2
+	vpaddq		$tmp,$D2hi,$D2hi
+
+	vpaddq		$D2hi,$RR0,$RR0
+	vpsllq		\$2,$D2hi,$D2hi
+
+	vpaddq		$D2hi,$RR0,$RR0
+
+	vpsrlq		\$44,$RR0,$tmp		# additional step
+	vpandq		$mask44,$RR0,$RR0
+
+	vpaddq		$tmp,$RR1,$RR1
+
+	################################################################
+	# At this point Rx holds 1324 powers, RRx - 5768, and the goal
+	# is 15263748, which reflects how data is loaded...
+
+	vpunpcklqdq	$R2,$RR2,$T2		# 3748
+	vpunpckhqdq	$R2,$RR2,$R2		# 1526
+	vpunpcklqdq	$R0,$RR0,$T0
+	vpunpckhqdq	$R0,$RR0,$R0
+	vpunpcklqdq	$R1,$RR1,$T1
+	vpunpckhqdq	$R1,$RR1,$R1
+___
+######## switch to %zmm
+map(s/%y/%z/, $H0,$H1,$H2,$R0,$R1,$R2,$S1,$S2);
+map(s/%y/%z/, $D0lo,$D0hi,$D1lo,$D1hi,$D2lo,$D2hi);
+map(s/%y/%z/, $T0,$T1,$T2,$T3,$mask44,$mask42,$tmp,$PAD);
+map(s/%y/%z/, $RR0,$RR1,$RR2,$SS1,$SS2);
+
+$code.=<<___;
+	vshufi64x2	\$0x44,$R2,$T2,$RR2	# 15263748
+	vshufi64x2	\$0x44,$R0,$T0,$RR0
+	vshufi64x2	\$0x44,$R1,$T1,$RR1
+
+	vmovdqu64	16*0($inp),$T2		# load data
+	vmovdqu64	16*4($inp),$T3
+	lea		16*8($inp),$inp
+
+	vpsllq		\$2,$RR2,$SS2		# S2 = R2*5*4
+	vpsllq		\$2,$RR1,$SS1		# S1 = R1*5*4
+	vpaddq		$RR2,$SS2,$SS2
+	vpaddq		$RR1,$SS1,$SS1
+	vpsllq		\$2,$SS2,$SS2
+	vpsllq		\$2,$SS1,$SS1
+
+	vpbroadcastq	$padbit,$PAD
+	vpbroadcastq	%x#$mask44,$mask44
+	vpbroadcastq	%x#$mask42,$mask42
+
+	vpbroadcastq	%x#$SS1,$S1		# broadcast 8th power
+	vpbroadcastq	%x#$SS2,$S2
+	vpbroadcastq	%x#$RR0,$R0
+	vpbroadcastq	%x#$RR1,$R1
+	vpbroadcastq	%x#$RR2,$R2
+
+	vpunpcklqdq	$T3,$T2,$T1		# transpose data
+	vpunpckhqdq	$T3,$T2,$T3
+
+	# at this point 64-bit lanes are ordered as 73625140
+
+	vpsrlq		\$24,$T3,$T2		# splat the data
+	vporq		$PAD,$T2,$T2
+	 vpaddq		$T2,$H2,$H2		# accumulate input
+	vpandq		$mask44,$T1,$T0
+	vpsrlq		\$44,$T1,$T1
+	vpsllq		\$20,$T3,$T3
+	vporq		$T3,$T1,$T1
+	vpandq		$mask44,$T1,$T1
+
+	sub		\$8,$len
+	jz		.Ltail_vpmadd52_8x
+	jmp		.Loop_vpmadd52_8x
+
+.align	32
+.Loop_vpmadd52_8x:
+	#vpaddq		$T2,$H2,$H2		# accumulate input
+	vpaddq		$T0,$H0,$H0
+	vpaddq		$T1,$H1,$H1
+
+	vpxorq		$D0lo,$D0lo,$D0lo
+	vpmadd52luq	$H2,$S1,$D0lo
+	vpxorq		$D0hi,$D0hi,$D0hi
+	vpmadd52huq	$H2,$S1,$D0hi
+	vpxorq		$D1lo,$D1lo,$D1lo
+	vpmadd52luq	$H2,$S2,$D1lo
+	vpxorq		$D1hi,$D1hi,$D1hi
+	vpmadd52huq	$H2,$S2,$D1hi
+	vpxorq		$D2lo,$D2lo,$D2lo
+	vpmadd52luq	$H2,$R0,$D2lo
+	vpxorq		$D2hi,$D2hi,$D2hi
+	vpmadd52huq	$H2,$R0,$D2hi
+
+	 vmovdqu64	16*0($inp),$T2		# load data
+	 vmovdqu64	16*4($inp),$T3
+	 lea		16*8($inp),$inp
+	vpmadd52luq	$H0,$R0,$D0lo
+	vpmadd52huq	$H0,$R0,$D0hi
+	vpmadd52luq	$H0,$R1,$D1lo
+	vpmadd52huq	$H0,$R1,$D1hi
+	vpmadd52luq	$H0,$R2,$D2lo
+	vpmadd52huq	$H0,$R2,$D2hi
+
+	 vpunpcklqdq	$T3,$T2,$T1		# transpose data
+	 vpunpckhqdq	$T3,$T2,$T3
+	vpmadd52luq	$H1,$S2,$D0lo
+	vpmadd52huq	$H1,$S2,$D0hi
+	vpmadd52luq	$H1,$R0,$D1lo
+	vpmadd52huq	$H1,$R0,$D1hi
+	vpmadd52luq	$H1,$R1,$D2lo
+	vpmadd52huq	$H1,$R1,$D2hi
+
+	################################################################
+	# partial reduction (interleaved with data splat)
+	vpsrlq		\$44,$D0lo,$tmp
+	vpsllq		\$8,$D0hi,$D0hi
+	vpandq		$mask44,$D0lo,$H0
+	vpaddq		$tmp,$D0hi,$D0hi
+
+	 vpsrlq		\$24,$T3,$T2
+	 vporq		$PAD,$T2,$T2
+	vpaddq		$D0hi,$D1lo,$D1lo
+
+	vpsrlq		\$44,$D1lo,$tmp
+	vpsllq		\$8,$D1hi,$D1hi
+	vpandq		$mask44,$D1lo,$H1
+	vpaddq		$tmp,$D1hi,$D1hi
+
+	 vpandq		$mask44,$T1,$T0
+	 vpsrlq		\$44,$T1,$T1
+	 vpsllq		\$20,$T3,$T3
+	vpaddq		$D1hi,$D2lo,$D2lo
+
+	vpsrlq		\$42,$D2lo,$tmp
+	vpsllq		\$10,$D2hi,$D2hi
+	vpandq		$mask42,$D2lo,$H2
+	vpaddq		$tmp,$D2hi,$D2hi
+
+	  vpaddq	$T2,$H2,$H2		# accumulate input
+	vpaddq		$D2hi,$H0,$H0
+	vpsllq		\$2,$D2hi,$D2hi
+
+	vpaddq		$D2hi,$H0,$H0
+	 vporq		$T3,$T1,$T1
+	 vpandq		$mask44,$T1,$T1
+
+	vpsrlq		\$44,$H0,$tmp		# additional step
+	vpandq		$mask44,$H0,$H0
+
+	vpaddq		$tmp,$H1,$H1
+
+	sub		\$8,$len		# len-=128
+	jnz		.Loop_vpmadd52_8x
+
+.Ltail_vpmadd52_8x:
+	#vpaddq		$T2,$H2,$H2		# accumulate input
+	vpaddq		$T0,$H0,$H0
+	vpaddq		$T1,$H1,$H1
+
+	vpxorq		$D0lo,$D0lo,$D0lo
+	vpmadd52luq	$H2,$SS1,$D0lo
+	vpxorq		$D0hi,$D0hi,$D0hi
+	vpmadd52huq	$H2,$SS1,$D0hi
+	vpxorq		$D1lo,$D1lo,$D1lo
+	vpmadd52luq	$H2,$SS2,$D1lo
+	vpxorq		$D1hi,$D1hi,$D1hi
+	vpmadd52huq	$H2,$SS2,$D1hi
+	vpxorq		$D2lo,$D2lo,$D2lo
+	vpmadd52luq	$H2,$RR0,$D2lo
+	vpxorq		$D2hi,$D2hi,$D2hi
+	vpmadd52huq	$H2,$RR0,$D2hi
+
+	vpmadd52luq	$H0,$RR0,$D0lo
+	vpmadd52huq	$H0,$RR0,$D0hi
+	vpmadd52luq	$H0,$RR1,$D1lo
+	vpmadd52huq	$H0,$RR1,$D1hi
+	vpmadd52luq	$H0,$RR2,$D2lo
+	vpmadd52huq	$H0,$RR2,$D2hi
+
+	vpmadd52luq	$H1,$SS2,$D0lo
+	vpmadd52huq	$H1,$SS2,$D0hi
+	vpmadd52luq	$H1,$RR0,$D1lo
+	vpmadd52huq	$H1,$RR0,$D1hi
+	vpmadd52luq	$H1,$RR1,$D2lo
+	vpmadd52huq	$H1,$RR1,$D2hi
+
+	################################################################
+	# horizontal addition
+
+	mov		\$1,%eax
+	kmovw		%eax,%k1
+	vpsrldq		\$8,$D0lo,$T0
+	vpsrldq		\$8,$D0hi,$H0
+	vpsrldq		\$8,$D1lo,$T1
+	vpsrldq		\$8,$D1hi,$H1
+	vpaddq		$T0,$D0lo,$D0lo
+	vpaddq		$H0,$D0hi,$D0hi
+	vpsrldq		\$8,$D2lo,$T2
+	vpsrldq		\$8,$D2hi,$H2
+	vpaddq		$T1,$D1lo,$D1lo
+	vpaddq		$H1,$D1hi,$D1hi
+	 vpermq		\$0x2,$D0lo,$T0
+	 vpermq		\$0x2,$D0hi,$H0
+	vpaddq		$T2,$D2lo,$D2lo
+	vpaddq		$H2,$D2hi,$D2hi
+
+	vpermq		\$0x2,$D1lo,$T1
+	vpermq		\$0x2,$D1hi,$H1
+	vpaddq		$T0,$D0lo,$D0lo
+	vpaddq		$H0,$D0hi,$D0hi
+	vpermq		\$0x2,$D2lo,$T2
+	vpermq		\$0x2,$D2hi,$H2
+	vpaddq		$T1,$D1lo,$D1lo
+	vpaddq		$H1,$D1hi,$D1hi
+	 vextracti64x4	\$1,$D0lo,%y#$T0
+	 vextracti64x4	\$1,$D0hi,%y#$H0
+	vpaddq		$T2,$D2lo,$D2lo
+	vpaddq		$H2,$D2hi,$D2hi
+
+	vextracti64x4	\$1,$D1lo,%y#$T1
+	vextracti64x4	\$1,$D1hi,%y#$H1
+	vextracti64x4	\$1,$D2lo,%y#$T2
+	vextracti64x4	\$1,$D2hi,%y#$H2
+___
+######## switch back to %ymm
+map(s/%z/%y/, $H0,$H1,$H2,$R0,$R1,$R2,$S1,$S2);
+map(s/%z/%y/, $D0lo,$D0hi,$D1lo,$D1hi,$D2lo,$D2hi);
+map(s/%z/%y/, $T0,$T1,$T2,$T3,$mask44,$mask42,$tmp,$PAD);
+
+$code.=<<___;
+	vpaddq		$T0,$D0lo,${D0lo}{%k1}{z}
+	vpaddq		$H0,$D0hi,${D0hi}{%k1}{z}
+	vpaddq		$T1,$D1lo,${D1lo}{%k1}{z}
+	vpaddq		$H1,$D1hi,${D1hi}{%k1}{z}
+	vpaddq		$T2,$D2lo,${D2lo}{%k1}{z}
+	vpaddq		$H2,$D2hi,${D2hi}{%k1}{z}
+
+	################################################################
+	# partial reduction
+	vpsrlq		\$44,$D0lo,$tmp
+	vpsllq		\$8,$D0hi,$D0hi
+	vpandq		$mask44,$D0lo,$H0
+	vpaddq		$tmp,$D0hi,$D0hi
+
+	vpaddq		$D0hi,$D1lo,$D1lo
+
+	vpsrlq		\$44,$D1lo,$tmp
+	vpsllq		\$8,$D1hi,$D1hi
+	vpandq		$mask44,$D1lo,$H1
+	vpaddq		$tmp,$D1hi,$D1hi
+
+	vpaddq		$D1hi,$D2lo,$D2lo
+
+	vpsrlq		\$42,$D2lo,$tmp
+	vpsllq		\$10,$D2hi,$D2hi
+	vpandq		$mask42,$D2lo,$H2
+	vpaddq		$tmp,$D2hi,$D2hi
+
+	vpaddq		$D2hi,$H0,$H0
+	vpsllq		\$2,$D2hi,$D2hi
+
+	vpaddq		$D2hi,$H0,$H0
+
+	vpsrlq		\$44,$H0,$tmp		# additional step
+	vpandq		$mask44,$H0,$H0
+
+	vpaddq		$tmp,$H1,$H1
+
+	################################################################
+
+	vmovq		%x#$H0,0($ctx)
+	vmovq		%x#$H1,8($ctx)
+	vmovq		%x#$H2,16($ctx)
+	vzeroall
+
+.Lno_data_vpmadd52_8x:
+	ret
+.size	poly1305_blocks_vpmadd52_8x,.-poly1305_blocks_vpmadd52_8x
+___
+}
+$code.=<<___;
+.type	poly1305_emit_base2_44,\@function,3
+.align	32
+poly1305_emit_base2_44:
+	mov	0($ctx),%r8	# load hash value
+	mov	8($ctx),%r9
+	mov	16($ctx),%r10
+
+	mov	%r9,%rax
+	shr	\$20,%r9
+	shl	\$44,%rax
+	mov	%r10,%rcx
+	shr	\$40,%r10
+	shl	\$24,%rcx
+
+	add	%rax,%r8
+	adc	%rcx,%r9
+	adc	\$0,%r10
+
+	mov	%r8,%rax
+	add	\$5,%r8		# compare to modulus
+	mov	%r9,%rcx
+	adc	\$0,%r9
+	adc	\$0,%r10
+	shr	\$2,%r10	# did 130-bit value overflow?
+	cmovnz	%r8,%rax
+	cmovnz	%r9,%rcx
+
+	add	0($nonce),%rax	# accumulate nonce
+	adc	8($nonce),%rcx
+	mov	%rax,0($mac)	# write result
+	mov	%rcx,8($mac)
+
+	ret
+.size	poly1305_emit_base2_44,.-poly1305_emit_base2_44
+___
+}	}	}
 $code.=<<___;
 .align	64
 .Lconst:
@@ -2006,16 +3762,140 @@ $code.=<<___;
 .long	`1<<24`,0,`1<<24`,0,`1<<24`,0,`1<<24`,0
 .Lmask26:
 .long	0x3ffffff,0,0x3ffffff,0,0x3ffffff,0,0x3ffffff,0
-.Lfive:
-.long	5,0,5,0,5,0,5,0
+.Lpermd_avx2:
+.long	2,2,2,3,2,0,2,1
+.Lpermd_avx512:
+.long	0,0,0,1, 0,2,0,3, 0,4,0,5, 0,6,0,7
+
+.L2_44_inp_permd:
+.long	0,1,1,2,2,3,7,7
+.L2_44_inp_shift:
+.quad	0,12,24,64
+.L2_44_mask:
+.quad	0xfffffffffff,0xfffffffffff,0x3ffffffffff,0xffffffffffffffff
+.L2_44_shift_rgt:
+.quad	44,44,42,64
+.L2_44_shift_lft:
+.quad	8,8,10,64
+
+.align	64
+.Lx_mask44:
+.quad	0xfffffffffff,0xfffffffffff,0xfffffffffff,0xfffffffffff
+.quad	0xfffffffffff,0xfffffffffff,0xfffffffffff,0xfffffffffff
+.Lx_mask42:
+.quad	0x3ffffffffff,0x3ffffffffff,0x3ffffffffff,0x3ffffffffff
+.quad	0x3ffffffffff,0x3ffffffffff,0x3ffffffffff,0x3ffffffffff
 ___
 }
-
 $code.=<<___;
 .asciz	"Poly1305 for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
 .align	16
 ___
 
+{	# chacha20-poly1305 helpers
+my ($out,$inp,$otp,$len)=$win64 ? ("%rcx","%rdx","%r8", "%r9") :  # Win64 order
+                                  ("%rdi","%rsi","%rdx","%rcx");  # Unix order
+$code.=<<___;
+.globl	xor128_encrypt_n_pad
+.type	xor128_encrypt_n_pad,\@abi-omnipotent
+.align	16
+xor128_encrypt_n_pad:
+	sub	$otp,$inp
+	sub	$otp,$out
+	mov	$len,%r10		# put len aside
+	shr	\$4,$len		# len / 16
+	jz	.Ltail_enc
+	nop
+.Loop_enc_xmm:
+	movdqu	($inp,$otp),%xmm0
+	pxor	($otp),%xmm0
+	movdqu	%xmm0,($out,$otp)
+	movdqa	%xmm0,($otp)
+	lea	16($otp),$otp
+	dec	$len
+	jnz	.Loop_enc_xmm
+
+	and	\$15,%r10		# len % 16
+	jz	.Ldone_enc
+
+.Ltail_enc:
+	mov	\$16,$len
+	sub	%r10,$len
+	xor	%eax,%eax
+.Loop_enc_byte:
+	mov	($inp,$otp),%al
+	xor	($otp),%al
+	mov	%al,($out,$otp)
+	mov	%al,($otp)
+	lea	1($otp),$otp
+	dec	%r10
+	jnz	.Loop_enc_byte
+
+	xor	%eax,%eax
+.Loop_enc_pad:
+	mov	%al,($otp)
+	lea	1($otp),$otp
+	dec	$len
+	jnz	.Loop_enc_pad
+
+.Ldone_enc:
+	mov	$otp,%rax
+	ret
+.size	xor128_encrypt_n_pad,.-xor128_encrypt_n_pad
+
+.globl	xor128_decrypt_n_pad
+.type	xor128_decrypt_n_pad,\@abi-omnipotent
+.align	16
+xor128_decrypt_n_pad:
+	sub	$otp,$inp
+	sub	$otp,$out
+	mov	$len,%r10		# put len aside
+	shr	\$4,$len		# len / 16
+	jz	.Ltail_dec
+	nop
+.Loop_dec_xmm:
+	movdqu	($inp,$otp),%xmm0
+	movdqa	($otp),%xmm1
+	pxor	%xmm0,%xmm1
+	movdqu	%xmm1,($out,$otp)
+	movdqa	%xmm0,($otp)
+	lea	16($otp),$otp
+	dec	$len
+	jnz	.Loop_dec_xmm
+
+	pxor	%xmm1,%xmm1
+	and	\$15,%r10		# len % 16
+	jz	.Ldone_dec
+
+.Ltail_dec:
+	mov	\$16,$len
+	sub	%r10,$len
+	xor	%eax,%eax
+	xor	%r11,%r11
+.Loop_dec_byte:
+	mov	($inp,$otp),%r11b
+	mov	($otp),%al
+	xor	%r11b,%al
+	mov	%al,($out,$otp)
+	mov	%r11b,($otp)
+	lea	1($otp),$otp
+	dec	%r10
+	jnz	.Loop_dec_byte
+
+	xor	%eax,%eax
+.Loop_dec_pad:
+	mov	%al,($otp)
+	lea	1($otp),$otp
+	dec	$len
+	jnz	.Loop_dec_pad
+
+.Ldone_dec:
+	mov	$otp,%rax
+	ret
+.size	xor128_decrypt_n_pad,.-xor128_decrypt_n_pad
+___
+}
+
 # EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
 #		CONTEXT *context,DISPATCHER_CONTEXT *disp)
 if ($win64) {
@@ -2200,6 +4080,11 @@ $code.=<<___ if ($avx>1);
 	.rva	.LSEH_end_poly1305_blocks_avx2
 	.rva	.LSEH_info_poly1305_blocks_avx2_3
 ___
+$code.=<<___ if ($avx>2);
+	.rva	.LSEH_begin_poly1305_blocks_avx512
+	.rva	.LSEH_end_poly1305_blocks_avx512
+	.rva	.LSEH_info_poly1305_blocks_avx512
+___
 $code.=<<___;
 .section	.xdata
 .align	8
@@ -2255,13 +4140,19 @@ $code.=<<___ if ($avx>1);
 	.rva	avx_handler
 	.rva	.Ldo_avx2_body,.Ldo_avx2_epilogue		# HandlerData[]
 ___
+$code.=<<___ if ($avx>2);
+.LSEH_info_poly1305_blocks_avx512:
+	.byte	9,0,0,0
+	.rva	avx_handler
+	.rva	.Ldo_avx512_body,.Ldo_avx512_epilogue		# HandlerData[]
+___
 }
 
 foreach (split('\n',$code)) {
 	s/\`([^\`]*)\`/eval($1)/ge;
 	s/%r([a-z]+)#d/%e$1/g;
 	s/%r([0-9]+)#d/%r$1d/g;
-	s/%x#%y/%x/g;
+	s/%x#%[yz]/%x/g or s/%y#%z/%y/g or s/%z#%[yz]/%z/g;
 
 	print $_,"\n";
 }
diff --git a/deps/openssl/openssl/crypto/poly1305/build.info b/deps/openssl/openssl/crypto/poly1305/build.info
index f90ce2b950..631b32b8e0 100644
--- a/deps/openssl/openssl/crypto/poly1305/build.info
+++ b/deps/openssl/openssl/crypto/poly1305/build.info
@@ -1,10 +1,13 @@
 LIBS=../../libcrypto
 SOURCE[../../libcrypto]=\
+        poly1305_pmeth.c \
+        poly1305_ameth.c \
         poly1305.c {- $target{poly1305_asm_src} -}
 
 GENERATE[poly1305-sparcv9.S]=asm/poly1305-sparcv9.pl $(PERLASM_SCHEME)
 INCLUDE[poly1305-sparcv9.o]=..
-GENERATE[poly1305-x86.s]=asm/poly1305-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR)
+GENERATE[poly1305-x86.s]=asm/poly1305-x86.pl \
+        $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR)
 GENERATE[poly1305-x86_64.s]=asm/poly1305-x86_64.pl $(PERLASM_SCHEME)
 GENERATE[poly1305-ppc.s]=asm/poly1305-ppc.pl $(PERLASM_SCHEME)
 GENERATE[poly1305-ppcfp.s]=asm/poly1305-ppcfp.pl $(PERLASM_SCHEME)
@@ -13,8 +16,7 @@ INCLUDE[poly1305-armv4.o]=..
 GENERATE[poly1305-armv8.S]=asm/poly1305-armv8.pl $(PERLASM_SCHEME)
 INCLUDE[poly1305-armv8.o]=..
 GENERATE[poly1305-mips.S]=asm/poly1305-mips.pl $(PERLASM_SCHEME)
-GENERATE[poly1305-s390x.S]=asm/poly1305-s390x.pl $(PERLASM_SCHEME)
-INCLUDE[poly1305-s390x.o]=..
+INCLUDE[poly1305-mips.o]=..
 
 BEGINRAW[Makefile(unix)]
 {- $builddir -}/poly1305-%.S:	{- $sourcedir -}/asm/poly1305-%.pl
diff --git a/deps/openssl/openssl/crypto/poly1305/poly1305.c b/deps/openssl/openssl/crypto/poly1305/poly1305.c
index eec4d67f0c..1d182364ae 100644
--- a/deps/openssl/openssl/crypto/poly1305/poly1305.c
+++ b/deps/openssl/openssl/crypto/poly1305/poly1305.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -12,27 +12,9 @@
 #include <openssl/crypto.h>
 
 #include "internal/poly1305.h"
+#include "poly1305_local.h"
 
-typedef void (*poly1305_blocks_f) (void *ctx, const unsigned char *inp,
-                                   size_t len, unsigned int padbit);
-typedef void (*poly1305_emit_f) (void *ctx, unsigned char mac[16],
-                                 const unsigned int nonce[4]);
-
-struct poly1305_context {
-    double opaque[24];  /* large enough to hold internal state, declared
-                         * 'double' to ensure at least 64-bit invariant
-                         * alignment across all platforms and
-                         * configurations */
-    unsigned int nonce[4];
-    unsigned char data[POLY1305_BLOCK_SIZE];
-    size_t num;
-    struct {
-        poly1305_blocks_f blocks;
-        poly1305_emit_f emit;
-    } func;
-};
-
-size_t Poly1305_ctx_size ()
+size_t Poly1305_ctx_size(void)
 {
     return sizeof(struct poly1305_context);
 }
@@ -113,12 +95,11 @@ poly1305_blocks(void *ctx, const unsigned char *inp, size_t len, u32 padbit);
          (a ^ ((a ^ b) | ((a - b) ^ b))) >> (sizeof(a) * 8 - 1) \
          )
 
-# if !defined(PEDANTIC) && \
-     (defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16) && \
+# if (defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16) && \
      (defined(__SIZEOF_LONG__) && __SIZEOF_LONG__==8)
 
 typedef unsigned long u64;
-typedef unsigned __int128 u128;
+typedef __uint128_t u128;
 
 typedef struct {
     u64 h[3];
@@ -548,490 +529,3 @@ void Poly1305_Final(POLY1305 *ctx, unsigned char mac[16])
     /* zero out the state */
     OPENSSL_cleanse(ctx, sizeof(*ctx));
 }
-
-#ifdef SELFTEST
-#include <stdio.h>
-
-struct poly1305_test {
-    const char *inputhex;
-    const char *keyhex;
-    const char *outhex;
-};
-
-static const struct poly1305_test poly1305_tests[] = {
-    /*
-     * RFC7539
-     */
-    {
-     "43727970746f6772617068696320466f72756d2052657365617263682047726f"
-     "7570",
-     "85d6be7857556d337f4452fe42d506a8""0103808afb0db2fd4abff6af4149f51b",
-     "a8061dc1305136c6c22b8baf0c0127a9"
-    },
-    /*
-     * test vectors from "The Poly1305-AES message-authentication code"
-     */
-    {
-     "f3f6",
-     "851fc40c3467ac0be05cc20404f3f700""580b3b0f9447bb1e69d095b5928b6dbc",
-     "f4c633c3044fc145f84f335cb81953de"
-    },
-    {
-     "",
-     "a0f3080000f46400d0c7e9076c834403""dd3fab2251f11ac759f0887129cc2ee7",
-     "dd3fab2251f11ac759f0887129cc2ee7"
-    },
-    {
-     "663cea190ffb83d89593f3f476b6bc24d7e679107ea26adb8caf6652d0656136",
-     "48443d0bb0d21109c89a100b5ce2c208""83149c69b561dd88298a1798b10716ef",
-     "0ee1c16bb73f0f4fd19881753c01cdbe"
-    },
-    {
-     "ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0"
-     "990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9",
-     "12976a08c4426d0ce8a82407c4f48207""80f8c20aa71202d1e29179cbcb555a57",
-     "5154ad0d2cb26e01274fc51148491f1b"
-    },
-    /*
-     * self-generated vectors exercise "significant" lengths, such that
-     * are handled by different code paths
-     */
-    {
-     "ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0"
-     "990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af",
-     "12976a08c4426d0ce8a82407c4f48207""80f8c20aa71202d1e29179cbcb555a57",
-     "812059a5da198637cac7c4a631bee466"
-    },
-    {
-     "ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0"
-     "990c62e48b8018b2c3e4a0fa3134cb67",
-     "12976a08c4426d0ce8a82407c4f48207""80f8c20aa71202d1e29179cbcb555a57",
-     "5b88d7f6228b11e2e28579a5c0c1f761"
-    },
-    {
-     "ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0"
-     "990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af"
-     "663cea190ffb83d89593f3f476b6bc24d7e679107ea26adb8caf6652d0656136",
-     "12976a08c4426d0ce8a82407c4f48207""80f8c20aa71202d1e29179cbcb555a57",
-     "bbb613b2b6d753ba07395b916aaece15"
-    },
-    {
-     "ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0"
-     "990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af"
-     "48443d0bb0d21109c89a100b5ce2c20883149c69b561dd88298a1798b10716ef"
-     "663cea190ffb83d89593f3f476b6bc24",
-     "12976a08c4426d0ce8a82407c4f48207""80f8c20aa71202d1e29179cbcb555a57",
-     "c794d7057d1778c4bbee0a39b3d97342"
-    },
-    {
-     "ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0"
-     "990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af"
-     "48443d0bb0d21109c89a100b5ce2c20883149c69b561dd88298a1798b10716ef"
-     "663cea190ffb83d89593f3f476b6bc24d7e679107ea26adb8caf6652d0656136",
-     "12976a08c4426d0ce8a82407c4f48207""80f8c20aa71202d1e29179cbcb555a57",
-     "ffbcb9b371423152d7fca5ad042fbaa9"
-    },
-    {
-     "ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0"
-     "990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af"
-     "48443d0bb0d21109c89a100b5ce2c20883149c69b561dd88298a1798b10716ef"
-     "663cea190ffb83d89593f3f476b6bc24d7e679107ea26adb8caf6652d0656136"
-     "812059a5da198637cac7c4a631bee466",
-     "12976a08c4426d0ce8a82407c4f48207""80f8c20aa71202d1e29179cbcb555a57",
-     "069ed6b8ef0f207b3e243bb1019fe632"
-    },
-    {
-     "ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0"
-     "990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af"
-     "48443d0bb0d21109c89a100b5ce2c20883149c69b561dd88298a1798b10716ef"
-     "663cea190ffb83d89593f3f476b6bc24d7e679107ea26adb8caf6652d0656136"
-     "812059a5da198637cac7c4a631bee4665b88d7f6228b11e2e28579a5c0c1f761",
-     "12976a08c4426d0ce8a82407c4f48207""80f8c20aa71202d1e29179cbcb555a57",
-     "cca339d9a45fa2368c2c68b3a4179133"
-    },
-    {
-     "ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0"
-     "990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af"
-     "48443d0bb0d21109c89a100b5ce2c20883149c69b561dd88298a1798b10716ef"
-     "663cea190ffb83d89593f3f476b6bc24d7e679107ea26adb8caf6652d0656136"
-     "812059a5da198637cac7c4a631bee4665b88d7f6228b11e2e28579a5c0c1f761"
-     "ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0"
-     "990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af"
-     "48443d0bb0d21109c89a100b5ce2c20883149c69b561dd88298a1798b10716ef"
-     "663cea190ffb83d89593f3f476b6bc24d7e679107ea26adb8caf6652d0656136",
-     "12976a08c4426d0ce8a82407c4f48207""80f8c20aa71202d1e29179cbcb555a57",
-     "53f6e828a2f0fe0ee815bf0bd5841a34"
-    },
-    {
-     "ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0"
-     "990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af"
-     "48443d0bb0d21109c89a100b5ce2c20883149c69b561dd88298a1798b10716ef"
-     "663cea190ffb83d89593f3f476b6bc24d7e679107ea26adb8caf6652d0656136"
-     "812059a5da198637cac7c4a631bee4665b88d7f6228b11e2e28579a5c0c1f761"
-     "ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0"
-     "990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af"
-     "48443d0bb0d21109c89a100b5ce2c20883149c69b561dd88298a1798b10716ef"
-     "663cea190ffb83d89593f3f476b6bc24d7e679107ea26adb8caf6652d0656136"
-     "812059a5da198637cac7c4a631bee4665b88d7f6228b11e2e28579a5c0c1f761",
-     "12976a08c4426d0ce8a82407c4f48207""80f8c20aa71202d1e29179cbcb555a57",
-     "b846d44e9bbd53cedffbfbb6b7fa4933"
-    },
-    /*
-     * 4th power of the key spills to 131th bit in SIMD key setup
-     */
-    {
-     "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
-     "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
-     "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
-     "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
-     "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
-     "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
-     "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
-     "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
-     "ad628107e8351d0f2c231a05dc4a4106""00000000000000000000000000000000",
-     "07145a4c02fe5fa32036de68fabe9066"
-    },
-    {
-    /*
-     * poly1305_ieee754.c failed this in final stage
-     */
-     "842364e156336c0998b933a6237726180d9e3fdcbde4cd5d17080fc3beb49614"
-     "d7122c037463ff104d73f19c12704628d417c4c54a3fe30d3c3d7714382d43b0"
-     "382a50a5dee54be844b076e8df88201a1cd43b90eb21643fa96f39b518aa8340"
-     "c942ff3c31baf7c9bdbf0f31ae3fa096bf8c63030609829fe72e179824890bc8"
-     "e08c315c1cce2a83144dbbff09f74e3efc770b54d0984a8f19b14719e6363564"
-     "1d6b1eedf63efbf080e1783d32445412114c20de0b837a0dfa33d6b82825fff4"
-     "4c9a70ea54ce47f07df698e6b03323b53079364a5fc3e9dd034392bdde86dccd"
-     "da94321c5e44060489336cb65bf3989c36f7282c2f5d2b882c171e74",
-     "95d5c005503e510d8cd0aa072c4a4d06""6eabc52d11653df47fbf63ab198bcc26",
-     "f248312e578d9d58f8b7bb4d19105431"
-    },
-    /*
-     * AVX2 in poly1305-x86.pl failed this with 176+32 split
-     */
-    {
-    "248ac31085b6c2adaaa38259a0d7192c5c35d1bb4ef39ad94c38d1c82479e2dd"
-    "2159a077024b0589bc8a20101b506f0a1ad0bbab76e83a83f1b94be6beae74e8"
-    "74cab692c5963a75436b776121ec9f62399a3e66b2d22707dae81933b6277f3c"
-    "8516bcbe26dbbd86f373103d7cf4cad1888c952118fbfbd0d7b4bedc4ae4936a"
-    "ff91157e7aa47c54442ea78d6ac251d324a0fbe49d89cc3521b66d16e9c66a37"
-    "09894e4eb0a4eedc4ae19468e66b81f2"
-    "71351b1d921ea551047abcc6b87a901fde7db79fa1818c11336dbc07244a40eb",
-    "000102030405060708090a0b0c0d0e0f""00000000000000000000000000000000",
-    "bc939bc5281480fa99c6d68c258ec42f"
-    },
-    /*
-     * test vectors from Google
-     */
-    {
-     "",
-     "c8afaac331ee372cd6082de134943b17""4710130e9f6fea8d72293850a667d86c",
-     "4710130e9f6fea8d72293850a667d86c",
-    },
-    {
-     "48656c6c6f20776f726c6421",
-     "746869732069732033322d6279746520""6b657920666f7220506f6c7931333035",
-     "a6f745008f81c916a20dcc74eef2b2f0"
-    },
-    {
-     "0000000000000000000000000000000000000000000000000000000000000000",
-     "746869732069732033322d6279746520""6b657920666f7220506f6c7931333035",
-     "49ec78090e481ec6c26b33b91ccc0307"
-    },
-    {
-     "89dab80b7717c1db5db437860a3f70218e93e1b8f461fb677f16f35f6f87e2a9"
-     "1c99bc3a47ace47640cc95c345be5ecca5a3523c35cc01893af0b64a62033427"
-     "0372ec12482d1b1e363561698a578b359803495bb4e2ef1930b17a5190b580f1"
-     "41300df30adbeca28f6427a8bc1a999fd51c554a017d095d8c3e3127daf9f595",
-     "2d773be37adb1e4d683bf0075e79c4ee""037918535a7f99ccb7040fb5f5f43aea",
-     "c85d15ed44c378d6b00e23064c7bcd51"
-    },
-    {
-     "000000000000000b1703030200000000"
-     "06db1f1f368d696a810a349c0c714c9a5e7850c2407d721acded95e018d7a852"
-     "66a6e1289cdb4aeb18da5ac8a2b0026d24a59ad485227f3eaedbb2e7e35e1c66"
-     "cd60f9abf716dcc9ac42682dd7dab287a7024c4eefc321cc0574e16793e37cec"
-     "03c5bda42b54c114a80b57af26416c7be742005e20855c73e21dc8e2edc9d435"
-     "cb6f6059280011c270b71570051c1c9b3052126620bc1e2730fa066c7a509d53"
-     "c60e5ae1b40aa6e39e49669228c90eecb4a50db32a50bc49e90b4f4b359a1dfd"
-     "11749cd3867fcf2fb7bb6cd4738f6a4ad6f7ca5058f7618845af9f020f6c3b96"
-     "7b8f4cd4a91e2813b507ae66f2d35c18284f7292186062e10fd5510d18775351"
-     "ef334e7634ab4743f5b68f49adcab384d3fd75f7390f4006ef2a295c8c7a076a"
-     "d54546cd25d2107fbe1436c840924aaebe5b370893cd63d1325b8616fc481088"
-     "6bc152c53221b6df373119393255ee72bcaa880174f1717f9184fa91646f17a2"
-     "4ac55d16bfddca9581a92eda479201f0edbf633600d6066d1ab36d5d2415d713"
-     "51bbcd608a25108d25641992c1f26c531cf9f90203bc4cc19f5927d834b0a471"
-     "16d3884bbb164b8ec883d1ac832e56b3918a98601a08d171881541d594db399c"
-     "6ae6151221745aec814c45b0b05b565436fd6f137aa10a0c0b643761dbd6f9a9"
-     "dcb99b1a6e690854ce0769cde39761d82fcdec15f0d92d7d8e94ade8eb83fbe0",
-     "99e5822dd4173c995e3dae0ddefb9774""3fde3b080134b39f76e9bf8d0e88d546",
-     "2637408fe13086ea73f971e3425e2820"
-    },
-    /*
-     * test vectors from Hanno Böck
-     */
-    {
-     "cccccccccccccccccccccccccccccccccccccccccccccccccc80cccccccccccc"
-     "cccccccccccccccccccccccccccccccccccccccccccccccccccccccccecccccc"
-     "ccccccccccccccccccccccccccccccc5cccccccccccccccccccccccccccccccc"
-     "cccccccccce3cccccccccccccccccccccccccccccccccccccccccccccccccccc"
-     "ccccccccaccccccccccccccccccccce6cccccccccc000000afcccccccccccccc"
-     "ccccfffffff50000000000000000000000000000000000000000000000000000"
-     "00ffffffe7000000000000000000000000000000000000000000000000000000"
-     "0000000000000000000000000000000000000000000000000000719205a8521d"
-     "fc",
-     "7f1b0264000000000000000000000000""0000000000000000cccccccccccccccc",
-     "8559b876eceed66eb37798c0457baff9"
-    },
-    {
-     "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa0000000000"
-     "00000000800264",
-     "e0001600000000000000000000000000""0000aaaaaaaaaaaaaaaaaaaaaaaaaaaa",
-     "00bd1258978e205444c9aaaa82006fed"
-    },
-    {
-     "02fc",
-     "0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c""0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c",
-     "06120c0c0c0c0c0c0c0c0c0c0c0c0c0c"
-    },
-    {
-     "7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b"
-     "7b7b7b7b7b7b7a7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b"
-     "7b7b5c7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b"
-     "7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b6e7b007b7b7b7b7b7b7b7b7b"
-     "7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7a7b7b7b7b7b7b7b7b7b7b7b7b"
-     "7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b5c7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b"
-     "7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b"
-     "7b6e7b001300000000b300000000000000000000000000000000000000000000"
-     "f20000000000000000000000000000000000002000efff000900000000000000"
-     "0000000000100000000009000000640000000000000000000000001300000000"
-     "b300000000000000000000000000000000000000000000f20000000000000000"
-     "000000000000000000002000efff00090000000000000000007a000010000000"
-     "000900000064000000000000000000000000000000000000000000000000fc",
-     "00ff0000000000000000000000000000""00000000001e00000000000000007b7b",
-     "33205bbf9e9f8f7212ab9e2ab9b7e4a5"
-    },
-    {
-     "7777777777777777777777777777777777777777777777777777777777777777"
-     "7777777777777777777777777777777777777777777777777777777777777777"
-     "777777777777777777777777ffffffe9e9acacacacacacacacacacac0000acac"
-     "ec0100acacac2caca2acacacacacacacacacacac64f2",
-     "0000007f0000007f0100002000000000""0000cf77777777777777777777777777",
-     "02ee7c8c546ddeb1a467e4c3981158b9"
-    },
-    /*
-     * test vectors from Andrew Moon
-     */
-    {   /* nacl */
-     "8e993b9f48681273c29650ba32fc76ce48332ea7164d96a4476fb8c531a1186a"
-     "c0dfc17c98dce87b4da7f011ec48c97271d2c20f9b928fe2270d6fb863d51738"
-     "b48eeee314a7cc8ab932164548e526ae90224368517acfeabd6bb3732bc0e9da"
-     "99832b61ca01b6de56244a9e88d5f9b37973f622a43d14a6599b1f654cb45a74"
-     "e355a5",
-     "eea6a7251c1e72916d11c2cb214d3c25""2539121d8e234e652d651fa4c8cff880",
-     "f3ffc7703f9400e52a7dfb4b3d3305d9"
-    },
-    {   /* wrap 2^130-5 */
-     "ffffffffffffffffffffffffffffffff",
-     "02000000000000000000000000000000""00000000000000000000000000000000",
-     "03000000000000000000000000000000"
-    },
-    {   /* wrap 2^128 */
-     "02000000000000000000000000000000",
-     "02000000000000000000000000000000""ffffffffffffffffffffffffffffffff",
-     "03000000000000000000000000000000"
-    },
-    {   /* limb carry */
-     "fffffffffffffffffffffffffffffffff0ffffffffffffffffffffffffffffff"
-     "11000000000000000000000000000000",
-     "01000000000000000000000000000000""00000000000000000000000000000000",
-     "05000000000000000000000000000000"
-    },
-    {   /* 2^130-5 */
-     "fffffffffffffffffffffffffffffffffbfefefefefefefefefefefefefefefe"
-     "01010101010101010101010101010101",
-     "01000000000000000000000000000000""00000000000000000000000000000000",
-     "00000000000000000000000000000000"
-    },
-    {   /* 2^130-6 */
-     "fdffffffffffffffffffffffffffffff",
-     "02000000000000000000000000000000""00000000000000000000000000000000",
-     "faffffffffffffffffffffffffffffff"
-    },
-    {   /* 5*H+L reduction intermediate */
-     "e33594d7505e43b900000000000000003394d7505e4379cd0100000000000000"
-     "0000000000000000000000000000000001000000000000000000000000000000",
-     "01000000000000000400000000000000""00000000000000000000000000000000",
-     "14000000000000005500000000000000"
-    },
-    {   /* 5*H+L reduction final */
-     "e33594d7505e43b900000000000000003394d7505e4379cd0100000000000000"
-     "00000000000000000000000000000000",
-     "01000000000000000400000000000000""00000000000000000000000000000000",
-     "13000000000000000000000000000000"
-    }
-};
-
-static unsigned char hex_digit(char h)
-{
-    int i = OPENSSL_hexchar2int(h);
-
-    if (i < 0)
-        abort();
-    return i;
-}
-
-static void hex_decode(unsigned char *out, const char *hex)
-{
-    size_t j = 0;
-
-    while (*hex != 0) {
-        unsigned char v = hex_digit(*hex++);
-        v <<= 4;
-        v |= hex_digit(*hex++);
-        out[j++] = v;
-    }
-}
-
-static void hexdump(unsigned char *a, size_t len)
-{
-    size_t i;
-
-    for (i = 0; i < len; i++)
-        printf("%02x", a[i]);
-}
-
-int main()
-{
-    static const unsigned num_tests =
-        sizeof(poly1305_tests) / sizeof(struct poly1305_test);
-    unsigned i;
-    unsigned char key[32], out[16], expected[16];
-    POLY1305 poly1305;
-
-    for (i = 0; i < num_tests; i++) {
-        const struct poly1305_test *test = &poly1305_tests[i];
-        unsigned char *in;
-        size_t inlen = strlen(test->inputhex);
-
-        if (strlen(test->keyhex) != sizeof(key) * 2 ||
-            strlen(test->outhex) != sizeof(out) * 2 || (inlen & 1) == 1)
-            return 1;
-
-        inlen /= 2;
-
-        hex_decode(key, test->keyhex);
-        hex_decode(expected, test->outhex);
-
-        in = malloc(inlen);
-
-        hex_decode(in, test->inputhex);
-
-        Poly1305_Init(&poly1305, key);
-        Poly1305_Update(&poly1305, in, inlen);
-        Poly1305_Final(&poly1305, out);
-
-        if (memcmp(out, expected, sizeof(expected)) != 0) {
-            printf("Poly1305 test #%d failed.\n", i);
-            printf("got:      ");
-            hexdump(out, sizeof(out));
-            printf("\nexpected: ");
-            hexdump(expected, sizeof(expected));
-            printf("\n");
-            return 1;
-        }
-
-        if (inlen > 16) {
-            Poly1305_Init(&poly1305, key);
-            Poly1305_Update(&poly1305, in, 1);
-            Poly1305_Update(&poly1305, in+1, inlen-1);
-            Poly1305_Final(&poly1305, out);
-
-            if (memcmp(out, expected, sizeof(expected)) != 0) {
-                printf("Poly1305 test #%d/1+(N-1) failed.\n", i);
-                printf("got:      ");
-                hexdump(out, sizeof(out));
-                printf("\nexpected: ");
-                hexdump(expected, sizeof(expected));
-                printf("\n");
-                return 1;
-            }
-        }
-
-        if (inlen > 32) {
-            size_t half = inlen / 2;
-
-            Poly1305_Init(&poly1305, key);
-            Poly1305_Update(&poly1305, in, half);
-            Poly1305_Update(&poly1305, in+half, inlen-half);
-            Poly1305_Final(&poly1305, out);
-
-            if (memcmp(out, expected, sizeof(expected)) != 0) {
-                printf("Poly1305 test #%d/2 failed.\n", i);
-                printf("got:      ");
-                hexdump(out, sizeof(out));
-                printf("\nexpected: ");
-                hexdump(expected, sizeof(expected));
-                printf("\n");
-                return 1;
-            }
-
-            for (half = 16; half < inlen; half += 16) {
-                Poly1305_Init(&poly1305, key);
-                Poly1305_Update(&poly1305, in, half);
-                Poly1305_Update(&poly1305, in+half, inlen-half);
-                Poly1305_Final(&poly1305, out);
-
-                if (memcmp(out, expected, sizeof(expected)) != 0) {
-                    printf("Poly1305 test #%d/%d+%d failed.\n",
-                                           i, half, inlen-half);
-                    printf("got:      ");
-                    hexdump(out, sizeof(out));
-                    printf("\nexpected: ");
-                    hexdump(expected, sizeof(expected));
-                    printf("\n");
-                    return 1;
-                }
-            }
-        }
-
-        free(in);
-    }
-
-    printf("PASS\n");
-
-# ifdef OPENSSL_CPUID_OBJ
-    {
-        unsigned char buf[8192];
-        unsigned long long stopwatch;
-        unsigned long long OPENSSL_rdtsc();
-
-        memset (buf,0x55,sizeof(buf));
-        memset (key,0xAA,sizeof(key));
-
-        Poly1305_Init(&poly1305, key);
-
-        for (i=0;i<100000;i++)
-            Poly1305_Update(&poly1305,buf,sizeof(buf));
-
-        stopwatch = OPENSSL_rdtsc();
-        for (i=0;i<10000;i++)
-            Poly1305_Update(&poly1305,buf,sizeof(buf));
-        stopwatch = OPENSSL_rdtsc() - stopwatch;
-
-        printf("%g\n",stopwatch/(double)(i*sizeof(buf)));
-
-        stopwatch = OPENSSL_rdtsc();
-        for (i=0;i<10000;i++) {
-            Poly1305_Init(&poly1305, key);
-            Poly1305_Update(&poly1305,buf,16);
-            Poly1305_Final(&poly1305,buf);
-        }
-        stopwatch = OPENSSL_rdtsc() - stopwatch;
-
-        printf("%g\n",stopwatch/(double)(i));
-    }
-# endif
-    return 0;
-}
-#endif
diff --git a/deps/openssl/openssl/crypto/poly1305/poly1305_ameth.c b/deps/openssl/openssl/crypto/poly1305/poly1305_ameth.c
new file mode 100644
index 0000000000..033ee8cd96
--- /dev/null
+++ b/deps/openssl/openssl/crypto/poly1305/poly1305_ameth.c
@@ -0,0 +1,122 @@
+/*
+ * Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include "internal/asn1_int.h"
+#include "internal/poly1305.h"
+#include "poly1305_local.h"
+#include "internal/evp_int.h"
+
+/*
+ * POLY1305 "ASN1" method. This is just here to indicate the maximum
+ * POLY1305 output length and to free up a POLY1305 key.
+ */
+
+static int poly1305_size(const EVP_PKEY *pkey)
+{
+    return POLY1305_DIGEST_SIZE;
+}
+
+static void poly1305_key_free(EVP_PKEY *pkey)
+{
+    ASN1_OCTET_STRING *os = EVP_PKEY_get0(pkey);
+    if (os != NULL) {
+        if (os->data != NULL)
+            OPENSSL_cleanse(os->data, os->length);
+        ASN1_OCTET_STRING_free(os);
+    }
+}
+
+static int poly1305_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
+{
+    /* nothing, (including ASN1_PKEY_CTRL_DEFAULT_MD_NID), is supported */
+    return -2;
+}
+
+static int poly1305_pkey_public_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+    return ASN1_OCTET_STRING_cmp(EVP_PKEY_get0(a), EVP_PKEY_get0(b));
+}
+
+static int poly1305_set_priv_key(EVP_PKEY *pkey, const unsigned char *priv,
+                                 size_t len)
+{
+    ASN1_OCTET_STRING *os;
+
+    if (pkey->pkey.ptr != NULL || len != POLY1305_KEY_SIZE)
+        return 0;
+
+    os = ASN1_OCTET_STRING_new();
+    if (os == NULL)
+        return 0;
+
+    if (!ASN1_OCTET_STRING_set(os, priv, len)) {
+        ASN1_OCTET_STRING_free(os);
+        return 0;
+    }
+
+    pkey->pkey.ptr = os;
+    return 1;
+}
+
+static int poly1305_get_priv_key(const EVP_PKEY *pkey, unsigned char *priv,
+                                 size_t *len)
+{
+    ASN1_OCTET_STRING *os = (ASN1_OCTET_STRING *)pkey->pkey.ptr;
+
+    if (priv == NULL) {
+        *len = POLY1305_KEY_SIZE;
+        return 1;
+    }
+
+    if (os == NULL || *len < POLY1305_KEY_SIZE)
+        return 0;
+
+    memcpy(priv, ASN1_STRING_get0_data(os), ASN1_STRING_length(os));
+    *len = POLY1305_KEY_SIZE;
+
+    return 1;
+}
+
+const EVP_PKEY_ASN1_METHOD poly1305_asn1_meth = {
+    EVP_PKEY_POLY1305,
+    EVP_PKEY_POLY1305,
+    0,
+
+    "POLY1305",
+    "OpenSSL POLY1305 method",
+
+    0, 0, poly1305_pkey_public_cmp, 0,
+
+    0, 0, 0,
+
+    poly1305_size,
+    0, 0,
+    0, 0, 0, 0, 0, 0, 0,
+
+    poly1305_key_free,
+    poly1305_pkey_ctrl,
+    NULL,
+    NULL,
+
+    NULL,
+    NULL,
+    NULL,
+
+    NULL,
+    NULL,
+    NULL,
+
+    poly1305_set_priv_key,
+    NULL,
+    poly1305_get_priv_key,
+    NULL,
+};
diff --git a/deps/openssl/openssl/crypto/poly1305/poly1305_base2_44.c b/deps/openssl/openssl/crypto/poly1305/poly1305_base2_44.c
new file mode 100644
index 0000000000..b6313d01ba
--- /dev/null
+++ b/deps/openssl/openssl/crypto/poly1305/poly1305_base2_44.c
@@ -0,0 +1,171 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This module is meant to be used as template for base 2^44 assembly
+ * implementation[s]. On side note compiler-generated code is not
+ * slower than compiler-generated base 2^64 code on [high-end] x86_64,
+ * even though amount of multiplications is 50% higher. Go figure...
+ */
+#include <stdlib.h>
+
+typedef unsigned char u8;
+typedef unsigned int u32;
+typedef unsigned long u64;
+typedef unsigned __int128 u128;
+
+typedef struct {
+    u64 h[3];
+    u64 s[2];
+    u64 r[3];
+} poly1305_internal;
+
+#define POLY1305_BLOCK_SIZE 16
+
+/* pick 64-bit unsigned integer in little endian order */
+static u64 U8TOU64(const unsigned char *p)
+{
+    return (((u64)(p[0] & 0xff)) |
+            ((u64)(p[1] & 0xff) << 8) |
+            ((u64)(p[2] & 0xff) << 16) |
+            ((u64)(p[3] & 0xff) << 24) |
+            ((u64)(p[4] & 0xff) << 32) |
+            ((u64)(p[5] & 0xff) << 40) |
+            ((u64)(p[6] & 0xff) << 48) |
+            ((u64)(p[7] & 0xff) << 56));
+}
+
+/* store a 64-bit unsigned integer in little endian */
+static void U64TO8(unsigned char *p, u64 v)
+{
+    p[0] = (unsigned char)((v) & 0xff);
+    p[1] = (unsigned char)((v >> 8) & 0xff);
+    p[2] = (unsigned char)((v >> 16) & 0xff);
+    p[3] = (unsigned char)((v >> 24) & 0xff);
+    p[4] = (unsigned char)((v >> 32) & 0xff);
+    p[5] = (unsigned char)((v >> 40) & 0xff);
+    p[6] = (unsigned char)((v >> 48) & 0xff);
+    p[7] = (unsigned char)((v >> 56) & 0xff);
+}
+
+int poly1305_init(void *ctx, const unsigned char key[16])
+{
+    poly1305_internal *st = (poly1305_internal *)ctx;
+    u64 r0, r1;
+
+    /* h = 0 */
+    st->h[0] = 0;
+    st->h[1] = 0;
+    st->h[2] = 0;
+
+    r0 = U8TOU64(&key[0]) & 0x0ffffffc0fffffff;
+    r1 = U8TOU64(&key[8]) & 0x0ffffffc0ffffffc;
+
+    /* break r1:r0 to three 44-bit digits, masks are 1<<44-1 */
+    st->r[0] = r0 & 0x0fffffffffff;
+    st->r[1] = ((r0 >> 44) | (r1 << 20))  & 0x0fffffffffff;
+    st->r[2] = (r1 >> 24);
+
+    st->s[0] = (st->r[1] + (st->r[1] << 2)) << 2;
+    st->s[1] = (st->r[2] + (st->r[2] << 2)) << 2;
+
+    return 0;
+}
+
+void poly1305_blocks(void *ctx, const unsigned char *inp, size_t len,
+                     u32 padbit)
+{
+    poly1305_internal *st = (poly1305_internal *)ctx;
+    u64 r0, r1, r2;
+    u64 s1, s2;
+    u64 h0, h1, h2, c;
+    u128 d0, d1, d2;
+    u64 pad = (u64)padbit << 40;
+
+    r0 = st->r[0];
+    r1 = st->r[1];
+    r2 = st->r[2];
+
+    s1 = st->s[0];
+    s2 = st->s[1];
+
+    h0 = st->h[0];
+    h1 = st->h[1];
+    h2 = st->h[2];
+
+    while (len >= POLY1305_BLOCK_SIZE) {
+        u64 m0, m1;
+
+        m0 = U8TOU64(inp + 0);
+        m1 = U8TOU64(inp + 8);
+
+        /* h += m[i], m[i] is broken to 44-bit digits */
+        h0 += m0 & 0x0fffffffffff;
+        h1 += ((m0 >> 44) | (m1 << 20))  & 0x0fffffffffff;
+        h2 +=  (m1 >> 24) + pad;
+
+        /* h *= r "%" p, where "%" stands for "partial remainder" */
+        d0 = ((u128)h0 * r0) + ((u128)h1 * s2) + ((u128)h2 * s1);
+        d1 = ((u128)h0 * r1) + ((u128)h1 * r0) + ((u128)h2 * s2);
+        d2 = ((u128)h0 * r2) + ((u128)h1 * r1) + ((u128)h2 * r0);
+
+        /* "lazy" reduction step */
+        h0 = (u64)d0 & 0x0fffffffffff;
+        h1 = (u64)(d1 += (u64)(d0 >> 44)) & 0x0fffffffffff;
+        h2 = (u64)(d2 += (u64)(d1 >> 44)) & 0x03ffffffffff; /* last 42 bits */
+
+        c = (d2 >> 42);
+        h0 += c + (c << 2);
+
+        inp += POLY1305_BLOCK_SIZE;
+        len -= POLY1305_BLOCK_SIZE;
+    }
+
+    st->h[0] = h0;
+    st->h[1] = h1;
+    st->h[2] = h2;
+}
+
+void poly1305_emit(void *ctx, unsigned char mac[16], const u32 nonce[4])
+{
+    poly1305_internal *st = (poly1305_internal *) ctx;
+    u64 h0, h1, h2;
+    u64 g0, g1, g2;
+    u128 t;
+    u64 mask;
+
+    h0 = st->h[0];
+    h1 = st->h[1];
+    h2 = st->h[2];
+
+    /* after "lazy" reduction, convert 44+bit digits to 64-bit ones */
+    h0 = (u64)(t = (u128)h0 + (h1 << 44));              h1 >>= 20;
+    h1 = (u64)(t = (u128)h1 + (h2 << 24) + (t >> 64));  h2 >>= 40;
+    h2 += (u64)(t >> 64);
+
+    /* compare to modulus by computing h + -p */
+    g0 = (u64)(t = (u128)h0 + 5);
+    g1 = (u64)(t = (u128)h1 + (t >> 64));
+    g2 = h2 + (u64)(t >> 64);
+
+    /* if there was carry into 131st bit, h1:h0 = g1:g0 */
+    mask = 0 - (g2 >> 2);
+    g0 &= mask;
+    g1 &= mask;
+    mask = ~mask;
+    h0 = (h0 & mask) | g0;
+    h1 = (h1 & mask) | g1;
+
+    /* mac = (h + nonce) % (2^128) */
+    h0 = (u64)(t = (u128)h0 + nonce[0] + ((u64)nonce[1]<<32));
+    h1 = (u64)(t = (u128)h1 + nonce[2] + ((u64)nonce[3]<<32) + (t >> 64));
+
+    U64TO8(mac + 0, h0);
+    U64TO8(mac + 8, h1);
+}
diff --git a/deps/openssl/openssl/crypto/poly1305/poly1305_ieee754.c b/deps/openssl/openssl/crypto/poly1305/poly1305_ieee754.c
index 08a5b58c2a..7cfd968645 100644
--- a/deps/openssl/openssl/crypto/poly1305/poly1305_ieee754.c
+++ b/deps/openssl/openssl/crypto/poly1305/poly1305_ieee754.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -20,30 +20,30 @@
  * for x86_64 code. And since we are at it, just for sense of it,
  * large-block performance in cycles per processed byte for *this* code
  * is:
- *			gcc-4.8		icc-15.0	clang-3.4(*)
+ *                      gcc-4.8         icc-15.0        clang-3.4(*)
  *
- * Westmere		4.96		5.09		4.37
- * Sandy Bridge		4.95		4.90		4.17
- * Haswell		4.92		4.87		3.78
- * Bulldozer		4.67		4.49		4.68
- * VIA Nano		7.07		7.05		5.98
- * Silvermont		10.6		9.61		12.6
+ * Westmere             4.96            5.09            4.37
+ * Sandy Bridge         4.95            4.90            4.17
+ * Haswell              4.92            4.87            3.78
+ * Bulldozer            4.67            4.49            4.68
+ * VIA Nano             7.07            7.05            5.98
+ * Silvermont           10.6            9.61            12.6
  *
- * (*)	clang managed to discover parallelism and deployed SIMD;
+ * (*)  clang managed to discover parallelism and deployed SIMD;
  *
  * And for range of other platforms with unspecified gcc versions:
  *
- * Freescale e300	12.5
- * PPC74x0		10.8
- * POWER6		4.92
- * POWER7		4.50
- * POWER8		4.10
+ * Freescale e300       12.5
+ * PPC74x0              10.8
+ * POWER6               4.92
+ * POWER7               4.50
+ * POWER8               4.10
  *
- * z10			11.2
- * z196+		7.30
+ * z10                  11.2
+ * z196+                7.30
  *
- * UltraSPARC III	16.0
- * SPARC T4		16.1
+ * UltraSPARC III       16.0
+ * SPARC T4             16.1
  */
 
 #if !(defined(__GNUC__) && __GNUC__>=2)
@@ -57,33 +57,33 @@ typedef unsigned int u32;
 typedef unsigned long long u64;
 typedef union { double d; u64 u; } elem64;
 
-#define TWO(p)		((double)(1ULL<<(p)))
-#define TWO0		TWO(0)
-#define TWO32		TWO(32)
-#define TWO64		(TWO32*TWO(32))
-#define TWO96		(TWO64*TWO(32))
-#define TWO130		(TWO96*TWO(34))
+#define TWO(p)          ((double)(1ULL<<(p)))
+#define TWO0            TWO(0)
+#define TWO32           TWO(32)
+#define TWO64           (TWO32*TWO(32))
+#define TWO96           (TWO64*TWO(32))
+#define TWO130          (TWO96*TWO(34))
 
-#define EXP(p)		((1023ULL+(p))<<52)
+#define EXP(p)          ((1023ULL+(p))<<52)
 
 #if defined(__x86_64__) || (defined(__PPC__) && defined(__LITTLE_ENDIAN__))
-# define U8TOU32(p)	(*(const u32 *)(p))
-# define U32TO8(p,v)	(*(u32 *)(p) = (v))
+# define U8TOU32(p)     (*(const u32 *)(p))
+# define U32TO8(p,v)    (*(u32 *)(p) = (v))
 #elif defined(__PPC__)
-# define U8TOU32(p)	({u32 ret; asm ("lwbrx	%0,0,%1":"=r"(ret):"b"(p)); ret; })
-# define U32TO8(p,v)	asm ("stwbrx %0,0,%1"::"r"(v),"b"(p):"memory")
+# define U8TOU32(p)     ({u32 ret; asm ("lwbrx	%0,0,%1":"=r"(ret):"b"(p)); ret; })
+# define U32TO8(p,v)    asm ("stwbrx %0,0,%1"::"r"(v),"b"(p):"memory")
 #elif defined(__s390x__)
-# define U8TOU32(p)	({u32 ret; asm ("lrv	%0,%1":"=d"(ret):"m"(*(u32 *)(p))); ret; })
-# define U32TO8(p,v)	asm ("strv	%1,%0":"=m"(*(u32 *)(p)):"d"(v))
+# define U8TOU32(p)     ({u32 ret; asm ("lrv	%0,%1":"=d"(ret):"m"(*(u32 *)(p))); ret; })
+# define U32TO8(p,v)    asm ("strv	%1,%0":"=m"(*(u32 *)(p)):"d"(v))
 #endif
 
 #ifndef U8TOU32
-# define U8TOU32(p)	((u32)(p)[0]     | (u32)(p)[1]<<8 | \
-			 (u32)(p)[2]<<16 | (u32)(p)[3]<<24  )
+# define U8TOU32(p)     ((u32)(p)[0]     | (u32)(p)[1]<<8 |     \
+                         (u32)(p)[2]<<16 | (u32)(p)[3]<<24  )
 #endif
 #ifndef U32TO8
-# define U32TO8(p,v)	((p)[0] = (u8)(v),       (p)[1] = (u8)((v)>>8), \
-			 (p)[2] = (u8)((v)>>16), (p)[3] = (u8)((v)>>24) )
+# define U32TO8(p,v)    ((p)[0] = (u8)(v),       (p)[1] = (u8)((v)>>8), \
+                         (p)[2] = (u8)((v)>>16), (p)[3] = (u8)((v)>>24) )
 #endif
 
 typedef struct {
@@ -101,6 +101,8 @@ static const u64 one = 1;
 static const u32 fpc = 1;
 #elif defined(__sparc__)
 static const u64 fsr = 1ULL<<30;
+#elif defined(__mips__)
+static const u32 fcsr = 1;
 #else
 #error "unrecognized platform"
 #endif
@@ -147,6 +149,11 @@ int poly1305_init(void *ctx, const unsigned char key[16])
 
         asm volatile ("stx	%%fsr,%0":"=m"(fsr_orig));
         asm volatile ("ldx	%0,%%fsr"::"m"(fsr));
+#elif defined(__mips__)
+        u32 fcsr_orig;
+
+        asm volatile ("cfc1	%0,$31":"=r"(fcsr_orig));
+        asm volatile ("ctc1	%0,$31"::"r"(fcsr));
 #endif
 
         /* r &= 0xffffffc0ffffffc0ffffffc0fffffff */
@@ -206,6 +213,8 @@ int poly1305_init(void *ctx, const unsigned char key[16])
         asm volatile ("lfpc	%0"::"m"(fpc_orig));
 #elif defined(__sparc__)
         asm volatile ("ldx	%0,%%fsr"::"m"(fsr_orig));
+#elif defined(__mips__)
+        asm volatile ("ctc1	%0,$31"::"r"(fcsr_orig));
 #endif
     }
 
@@ -262,6 +271,11 @@ void poly1305_blocks(void *ctx, const unsigned char *inp, size_t len,
 
     asm volatile ("stx		%%fsr,%0":"=m"(fsr_orig));
     asm volatile ("ldx		%0,%%fsr"::"m"(fsr));
+#elif defined(__mips__)
+    u32 fcsr_orig;
+
+    asm volatile ("cfc1		%0,$31":"=r"(fcsr_orig));
+    asm volatile ("ctc1		%0,$31"::"r"(fcsr));
 #endif
 
     /*
@@ -345,9 +359,9 @@ void poly1305_blocks(void *ctx, const unsigned char *inp, size_t len,
 #ifndef __clang__
     fast_entry:
 #endif
-	/*
-	 * base 2^32 * base 2^16 = base 2^48
-	 */
+        /*
+         * base 2^32 * base 2^16 = base 2^48
+         */
         h0lo = s3lo * x1 + s2lo * x2 + s1lo * x3 + r0lo * x0;
         h1lo = r0lo * x1 + s3lo * x2 + s2lo * x3 + r1lo * x0;
         h2lo = r1lo * x1 + r0lo * x2 + s3lo * x3 + r2lo * x0;
@@ -408,6 +422,8 @@ void poly1305_blocks(void *ctx, const unsigned char *inp, size_t len,
     asm volatile ("lfpc		%0"::"m"(fpc_orig));
 #elif defined(__sparc__)
     asm volatile ("ldx		%0,%%fsr"::"m"(fsr_orig));
+#elif defined(__mips__)
+    asm volatile ("ctc1		%0,$31"::"r"(fcsr_orig));
 #endif
 }
 
diff --git a/deps/openssl/openssl/crypto/poly1305/poly1305_local.h b/deps/openssl/openssl/crypto/poly1305/poly1305_local.h
new file mode 100644
index 0000000000..6d4d9dc5b6
--- /dev/null
+++ b/deps/openssl/openssl/crypto/poly1305/poly1305_local.h
@@ -0,0 +1,27 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+typedef void (*poly1305_blocks_f) (void *ctx, const unsigned char *inp,
+                                   size_t len, unsigned int padbit);
+typedef void (*poly1305_emit_f) (void *ctx, unsigned char mac[16],
+                                 const unsigned int nonce[4]);
+
+struct poly1305_context {
+    double opaque[24];  /* large enough to hold internal state, declared
+                         * 'double' to ensure at least 64-bit invariant
+                         * alignment across all platforms and
+                         * configurations */
+    unsigned int nonce[4];
+    unsigned char data[POLY1305_BLOCK_SIZE];
+    size_t num;
+    struct {
+        poly1305_blocks_f blocks;
+        poly1305_emit_f emit;
+    } func;
+};
diff --git a/deps/openssl/openssl/crypto/poly1305/poly1305_pmeth.c b/deps/openssl/openssl/crypto/poly1305/poly1305_pmeth.c
new file mode 100644
index 0000000000..3bc24c98cd
--- /dev/null
+++ b/deps/openssl/openssl/crypto/poly1305/poly1305_pmeth.c
@@ -0,0 +1,194 @@
+/*
+ * Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include "internal/poly1305.h"
+#include "poly1305_local.h"
+#include "internal/evp_int.h"
+
+/* POLY1305 pkey context structure */
+
+typedef struct {
+    ASN1_OCTET_STRING ktmp;     /* Temp storage for key */
+    POLY1305 ctx;
+} POLY1305_PKEY_CTX;
+
+static int pkey_poly1305_init(EVP_PKEY_CTX *ctx)
+{
+    POLY1305_PKEY_CTX *pctx;
+
+    if ((pctx = OPENSSL_zalloc(sizeof(*pctx))) == NULL) {
+        CRYPTOerr(CRYPTO_F_PKEY_POLY1305_INIT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    pctx->ktmp.type = V_ASN1_OCTET_STRING;
+
+    EVP_PKEY_CTX_set_data(ctx, pctx);
+    EVP_PKEY_CTX_set0_keygen_info(ctx, NULL, 0);
+    return 1;
+}
+
+static void pkey_poly1305_cleanup(EVP_PKEY_CTX *ctx)
+{
+    POLY1305_PKEY_CTX *pctx = EVP_PKEY_CTX_get_data(ctx);
+
+    if (pctx != NULL) {
+        OPENSSL_clear_free(pctx->ktmp.data, pctx->ktmp.length);
+        OPENSSL_clear_free(pctx, sizeof(*pctx));
+        EVP_PKEY_CTX_set_data(ctx, NULL);
+    }
+}
+
+static int pkey_poly1305_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
+{
+    POLY1305_PKEY_CTX *sctx, *dctx;
+
+    /* allocate memory for dst->data and a new POLY1305_CTX in dst->data->ctx */
+    if (!pkey_poly1305_init(dst))
+        return 0;
+    sctx = EVP_PKEY_CTX_get_data(src);
+    dctx = EVP_PKEY_CTX_get_data(dst);
+    if (ASN1_STRING_get0_data(&sctx->ktmp) != NULL &&
+        !ASN1_STRING_copy(&dctx->ktmp, &sctx->ktmp)) {
+        /* cleanup and free the POLY1305_PKEY_CTX in dst->data */
+        pkey_poly1305_cleanup(dst);
+        return 0;
+    }
+    memcpy(&dctx->ctx, &sctx->ctx, sizeof(POLY1305));
+    return 1;
+}
+
+static int pkey_poly1305_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+    ASN1_OCTET_STRING *key;
+    POLY1305_PKEY_CTX *pctx = EVP_PKEY_CTX_get_data(ctx);
+
+    if (ASN1_STRING_get0_data(&pctx->ktmp) == NULL)
+        return 0;
+    key = ASN1_OCTET_STRING_dup(&pctx->ktmp);
+    if (key == NULL)
+        return 0;
+    return EVP_PKEY_assign_POLY1305(pkey, key);
+}
+
+static int int_update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    POLY1305_PKEY_CTX *pctx = EVP_PKEY_CTX_get_data(EVP_MD_CTX_pkey_ctx(ctx));
+
+    Poly1305_Update(&pctx->ctx, data, count);
+    return 1;
+}
+
+static int poly1305_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
+{
+    POLY1305_PKEY_CTX *pctx = ctx->data;
+    ASN1_OCTET_STRING *key = (ASN1_OCTET_STRING *)ctx->pkey->pkey.ptr;
+
+    if (key->length != POLY1305_KEY_SIZE)
+        return 0;
+    EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT);
+    EVP_MD_CTX_set_update_fn(mctx, int_update);
+    Poly1305_Init(&pctx->ctx, key->data);
+    return 1;
+}
+static int poly1305_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+                            EVP_MD_CTX *mctx)
+{
+    POLY1305_PKEY_CTX *pctx = ctx->data;
+
+    *siglen = POLY1305_DIGEST_SIZE;
+    if (sig != NULL)
+        Poly1305_Final(&pctx->ctx, sig);
+    return 1;
+}
+
+static int pkey_poly1305_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+    POLY1305_PKEY_CTX *pctx = EVP_PKEY_CTX_get_data(ctx);
+    const unsigned char *key;
+    size_t len;
+
+    switch (type) {
+
+    case EVP_PKEY_CTRL_MD:
+        /* ignore */
+        break;
+
+    case EVP_PKEY_CTRL_SET_MAC_KEY:
+    case EVP_PKEY_CTRL_DIGESTINIT:
+        if (type == EVP_PKEY_CTRL_SET_MAC_KEY) {
+            /* user explicitly setting the key */
+            key = p2;
+            len = p1;
+        } else {
+            /* user indirectly setting the key via EVP_DigestSignInit */
+            key = EVP_PKEY_get0_poly1305(EVP_PKEY_CTX_get0_pkey(ctx), &len);
+        }
+        if (key == NULL || len != POLY1305_KEY_SIZE ||
+            !ASN1_OCTET_STRING_set(&pctx->ktmp, key, len))
+            return 0;
+        Poly1305_Init(&pctx->ctx, ASN1_STRING_get0_data(&pctx->ktmp));
+        break;
+
+    default:
+        return -2;
+
+    }
+    return 1;
+}
+
+static int pkey_poly1305_ctrl_str(EVP_PKEY_CTX *ctx,
+                                  const char *type, const char *value)
+{
+    if (value == NULL)
+        return 0;
+    if (strcmp(type, "key") == 0)
+        return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, value);
+    if (strcmp(type, "hexkey") == 0)
+        return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, value);
+    return -2;
+}
+
+const EVP_PKEY_METHOD poly1305_pkey_meth = {
+    EVP_PKEY_POLY1305,
+    EVP_PKEY_FLAG_SIGCTX_CUSTOM, /* we don't deal with a separate MD */
+    pkey_poly1305_init,
+    pkey_poly1305_copy,
+    pkey_poly1305_cleanup,
+
+    0, 0,
+
+    0,
+    pkey_poly1305_keygen,
+
+    0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    poly1305_signctx_init,
+    poly1305_signctx,
+
+    0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    pkey_poly1305_ctrl,
+    pkey_poly1305_ctrl_str
+};
diff --git a/deps/openssl/openssl/crypto/ppccap.c b/deps/openssl/openssl/crypto/ppccap.c
index 3baf9f7b76..8b7d765c3a 100644
--- a/deps/openssl/openssl/crypto/ppccap.c
+++ b/deps/openssl/openssl/crypto/ppccap.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -28,6 +28,9 @@
 #endif
 #include <openssl/crypto.h>
 #include <openssl/bn.h>
+#include <internal/cryptlib.h>
+#include <internal/chacha.h>
+#include "bn/bn_lcl.h"
 
 #include "ppc_arch.h"
 
@@ -39,38 +42,24 @@ static sigset_t all_masked;
 int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
                 const BN_ULONG *np, const BN_ULONG *n0, int num)
 {
-    int bn_mul_mont_fpu64(BN_ULONG *rp, const BN_ULONG *ap,
-                          const BN_ULONG *bp, const BN_ULONG *np,
-                          const BN_ULONG *n0, int num);
     int bn_mul_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
                         const BN_ULONG *np, const BN_ULONG *n0, int num);
+    int bn_mul4x_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+                          const BN_ULONG *np, const BN_ULONG *n0, int num);
 
-    if (sizeof(size_t) == 4) {
-# if 1 || (defined(__APPLE__) && defined(__MACH__))
-        if (num >= 8 && (num & 3) == 0 && (OPENSSL_ppccap_P & PPC_FPU64))
-            return bn_mul_mont_fpu64(rp, ap, bp, np, n0, num);
-# else
-        /*
-         * boundary of 32 was experimentally determined on Linux 2.6.22,
-         * might have to be adjusted on AIX...
-         */
-        if (num >= 32 && (num & 3) == 0 && (OPENSSL_ppccap_P & PPC_FPU64)) {
-            sigset_t oset;
-            int ret;
-
-            sigprocmask(SIG_SETMASK, &all_masked, &oset);
-            ret = bn_mul_mont_fpu64(rp, ap, bp, np, n0, num);
-            sigprocmask(SIG_SETMASK, &oset, NULL);
-
-            return ret;
-        }
-# endif
-    } else if ((OPENSSL_ppccap_P & PPC_FPU64))
-        /*
-         * this is a "must" on POWER6, but run-time detection is not
-         * implemented yet...
-         */
-        return bn_mul_mont_fpu64(rp, ap, bp, np, n0, num);
+    if (num < 4)
+        return 0;
+
+    if ((num & 3) == 0)
+        return bn_mul4x_mont_int(rp, ap, bp, np, n0, num);
+
+    /*
+     * There used to be [optional] call to bn_mul_mont_fpu64 here,
+     * but above subroutine is faster on contemporary processors.
+     * Formulation means that there might be old processors where
+     * FPU code path would be faster, POWER6 perhaps, but there was
+     * no opportunity to figure it out...
+     */
 
     return bn_mul_mont_int(rp, ap, bp, np, n0, num);
 }
@@ -78,6 +67,7 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
 
 void sha256_block_p8(void *ctx, const void *inp, size_t len);
 void sha256_block_ppc(void *ctx, const void *inp, size_t len);
+void sha256_block_data_order(void *ctx, const void *inp, size_t len);
 void sha256_block_data_order(void *ctx, const void *inp, size_t len)
 {
     OPENSSL_ppccap_P & PPC_CRYPTO207 ? sha256_block_p8(ctx, inp, len) :
@@ -86,6 +76,7 @@ void sha256_block_data_order(void *ctx, const void *inp, size_t len)
 
 void sha512_block_p8(void *ctx, const void *inp, size_t len);
 void sha512_block_ppc(void *ctx, const void *inp, size_t len);
+void sha512_block_data_order(void *ctx, const void *inp, size_t len);
 void sha512_block_data_order(void *ctx, const void *inp, size_t len)
 {
     OPENSSL_ppccap_P & PPC_CRYPTO207 ? sha512_block_p8(ctx, inp, len) :
@@ -99,13 +90,18 @@ void ChaCha20_ctr32_int(unsigned char *out, const unsigned char *inp,
 void ChaCha20_ctr32_vmx(unsigned char *out, const unsigned char *inp,
                         size_t len, const unsigned int key[8],
                         const unsigned int counter[4]);
+void ChaCha20_ctr32_vsx(unsigned char *out, const unsigned char *inp,
+                        size_t len, const unsigned int key[8],
+                        const unsigned int counter[4]);
 void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp,
                     size_t len, const unsigned int key[8],
                     const unsigned int counter[4])
 {
-    OPENSSL_ppccap_P & PPC_ALTIVEC
-        ? ChaCha20_ctr32_vmx(out, inp, len, key, counter)
-        : ChaCha20_ctr32_int(out, inp, len, key, counter);
+    OPENSSL_ppccap_P & PPC_CRYPTO207
+        ? ChaCha20_ctr32_vsx(out, inp, len, key, counter)
+        : OPENSSL_ppccap_P & PPC_ALTIVEC
+            ? ChaCha20_ctr32_vmx(out, inp, len, key, counter)
+            : ChaCha20_ctr32_int(out, inp, len, key, counter);
 }
 #endif
 
@@ -120,21 +116,46 @@ void poly1305_blocks_fpu(void *ctx, const unsigned char *inp, size_t len,
                          unsigned int padbit);
 void poly1305_emit_fpu(void *ctx, unsigned char mac[16],
                        const unsigned int nonce[4]);
+int poly1305_init(void *ctx, const unsigned char key[16], void *func[2]);
 int poly1305_init(void *ctx, const unsigned char key[16], void *func[2])
 {
     if (sizeof(size_t) == 4 && (OPENSSL_ppccap_P & PPC_FPU)) {
         poly1305_init_fpu(ctx, key);
-        func[0] = poly1305_blocks_fpu;
-        func[1] = poly1305_emit_fpu;
+        func[0] = (void*)(uintptr_t)poly1305_blocks_fpu;
+        func[1] = (void*)(uintptr_t)poly1305_emit_fpu;
     } else {
         poly1305_init_int(ctx, key);
-        func[0] = poly1305_blocks;
-        func[1] = poly1305_emit;
+        func[0] = (void*)(uintptr_t)poly1305_blocks;
+        func[1] = (void*)(uintptr_t)poly1305_emit;
     }
     return 1;
 }
 #endif
 
+#ifdef ECP_NISTZ256_ASM
+void ecp_nistz256_mul_mont(unsigned long res[4], const unsigned long a[4],
+                           const unsigned long b[4]);
+
+void ecp_nistz256_to_mont(unsigned long res[4], const unsigned long in[4]);
+void ecp_nistz256_to_mont(unsigned long res[4], const unsigned long in[4])
+{
+    static const unsigned long RR[] = { 0x0000000000000003U,
+                                        0xfffffffbffffffffU,
+                                        0xfffffffffffffffeU,
+                                        0x00000004fffffffdU };
+
+    ecp_nistz256_mul_mont(res, in, RR);
+}
+
+void ecp_nistz256_from_mont(unsigned long res[4], const unsigned long in[4]);
+void ecp_nistz256_from_mont(unsigned long res[4], const unsigned long in[4])
+{
+    static const unsigned long one[] = { 1, 0, 0, 0 };
+
+    ecp_nistz256_mul_mont(res, in, one);
+}
+#endif
+
 static sigjmp_buf ill_jmp;
 static void ill_handler(int sig)
 {
diff --git a/deps/openssl/openssl/crypto/rand/build.info b/deps/openssl/openssl/crypto/rand/build.info
index 3ad50e2590..df9bac67f0 100644
--- a/deps/openssl/openssl/crypto/rand/build.info
+++ b/deps/openssl/openssl/crypto/rand/build.info
@@ -1,4 +1,4 @@
 LIBS=../../libcrypto
 SOURCE[../../libcrypto]=\
-        md_rand.c randfile.c rand_lib.c rand_err.c rand_egd.c \
-        rand_win.c rand_unix.c rand_vms.c
+        randfile.c rand_lib.c rand_err.c rand_egd.c \
+        rand_win.c rand_unix.c rand_vms.c drbg_lib.c drbg_ctr.c
diff --git a/deps/openssl/openssl/crypto/rand/drbg_ctr.c b/deps/openssl/openssl/crypto/rand/drbg_ctr.c
new file mode 100644
index 0000000000..a243361b56
--- /dev/null
+++ b/deps/openssl/openssl/crypto/rand/drbg_ctr.c
@@ -0,0 +1,438 @@
+/*
+ * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#include "internal/thread_once.h"
+#include "internal/thread_once.h"
+#include "rand_lcl.h"
+/*
+ * Implementation of NIST SP 800-90A CTR DRBG.
+ */
+
+static void inc_128(RAND_DRBG_CTR *ctr)
+{
+    int i;
+    unsigned char c;
+    unsigned char *p = &ctr->V[15];
+
+    for (i = 0; i < 16; i++, p--) {
+        c = *p;
+        c++;
+        *p = c;
+        if (c != 0) {
+            /* If we didn't wrap around, we're done. */
+            break;
+        }
+    }
+}
+
+static void ctr_XOR(RAND_DRBG_CTR *ctr, const unsigned char *in, size_t inlen)
+{
+    size_t i, n;
+
+    if (in == NULL || inlen == 0)
+        return;
+
+    /*
+     * Any zero padding will have no effect on the result as we
+     * are XORing. So just process however much input we have.
+     */
+    n = inlen < ctr->keylen ? inlen : ctr->keylen;
+    for (i = 0; i < n; i++)
+        ctr->K[i] ^= in[i];
+    if (inlen <= ctr->keylen)
+        return;
+
+    n = inlen - ctr->keylen;
+    if (n > 16) {
+        /* Should never happen */
+        n = 16;
+    }
+    for (i = 0; i < n; i++)
+        ctr->V[i] ^= in[i + ctr->keylen];
+}
+
+/*
+ * Process a complete block using BCC algorithm of SP 800-90A 10.3.3
+ */
+__owur static int ctr_BCC_block(RAND_DRBG_CTR *ctr, unsigned char *out,
+                                const unsigned char *in)
+{
+    int i, outlen = AES_BLOCK_SIZE;
+
+    for (i = 0; i < 16; i++)
+        out[i] ^= in[i];
+
+    if (!EVP_CipherUpdate(ctr->ctx_df, out, &outlen, out, AES_BLOCK_SIZE)
+        || outlen != AES_BLOCK_SIZE)
+        return 0;
+    return 1;
+}
+
+
+/*
+ * Handle several BCC operations for as much data as we need for K and X
+ */
+__owur static int ctr_BCC_blocks(RAND_DRBG_CTR *ctr, const unsigned char *in)
+{
+    if (!ctr_BCC_block(ctr, ctr->KX, in)
+        || !ctr_BCC_block(ctr, ctr->KX + 16, in))
+        return 0;
+    if (ctr->keylen != 16 && !ctr_BCC_block(ctr, ctr->KX + 32, in))
+        return 0;
+    return 1;
+}
+
+/*
+ * Initialise BCC blocks: these have the value 0,1,2 in leftmost positions:
+ * see 10.3.1 stage 7.
+ */
+__owur static int ctr_BCC_init(RAND_DRBG_CTR *ctr)
+{
+    memset(ctr->KX, 0, 48);
+    memset(ctr->bltmp, 0, 16);
+    if (!ctr_BCC_block(ctr, ctr->KX, ctr->bltmp))
+        return 0;
+    ctr->bltmp[3] = 1;
+    if (!ctr_BCC_block(ctr, ctr->KX + 16, ctr->bltmp))
+        return 0;
+    if (ctr->keylen != 16) {
+        ctr->bltmp[3] = 2;
+        if (!ctr_BCC_block(ctr, ctr->KX + 32, ctr->bltmp))
+            return 0;
+    }
+    return 1;
+}
+
+/*
+ * Process several blocks into BCC algorithm, some possibly partial
+ */
+__owur static int ctr_BCC_update(RAND_DRBG_CTR *ctr,
+                                 const unsigned char *in, size_t inlen)
+{
+    if (in == NULL || inlen == 0)
+        return 1;
+
+    /* If we have partial block handle it first */
+    if (ctr->bltmp_pos) {
+        size_t left = 16 - ctr->bltmp_pos;
+
+        /* If we now have a complete block process it */
+        if (inlen >= left) {
+            memcpy(ctr->bltmp + ctr->bltmp_pos, in, left);
+            if (!ctr_BCC_blocks(ctr, ctr->bltmp))
+                return 0;
+            ctr->bltmp_pos = 0;
+            inlen -= left;
+            in += left;
+        }
+    }
+
+    /* Process zero or more complete blocks */
+    for (; inlen >= 16; in += 16, inlen -= 16) {
+        if (!ctr_BCC_blocks(ctr, in))
+            return 0;
+    }
+
+    /* Copy any remaining partial block to the temporary buffer */
+    if (inlen > 0) {
+        memcpy(ctr->bltmp + ctr->bltmp_pos, in, inlen);
+        ctr->bltmp_pos += inlen;
+    }
+    return 1;
+}
+
+__owur static int ctr_BCC_final(RAND_DRBG_CTR *ctr)
+{
+    if (ctr->bltmp_pos) {
+        memset(ctr->bltmp + ctr->bltmp_pos, 0, 16 - ctr->bltmp_pos);
+        if (!ctr_BCC_blocks(ctr, ctr->bltmp))
+            return 0;
+    }
+    return 1;
+}
+
+__owur static int ctr_df(RAND_DRBG_CTR *ctr,
+                         const unsigned char *in1, size_t in1len,
+                         const unsigned char *in2, size_t in2len,
+                         const unsigned char *in3, size_t in3len)
+{
+    static unsigned char c80 = 0x80;
+    size_t inlen;
+    unsigned char *p = ctr->bltmp;
+    int outlen = AES_BLOCK_SIZE;
+
+    if (!ctr_BCC_init(ctr))
+        return 0;
+    if (in1 == NULL)
+        in1len = 0;
+    if (in2 == NULL)
+        in2len = 0;
+    if (in3 == NULL)
+        in3len = 0;
+    inlen = in1len + in2len + in3len;
+    /* Initialise L||N in temporary block */
+    *p++ = (inlen >> 24) & 0xff;
+    *p++ = (inlen >> 16) & 0xff;
+    *p++ = (inlen >> 8) & 0xff;
+    *p++ = inlen & 0xff;
+
+    /* NB keylen is at most 32 bytes */
+    *p++ = 0;
+    *p++ = 0;
+    *p++ = 0;
+    *p = (unsigned char)((ctr->keylen + 16) & 0xff);
+    ctr->bltmp_pos = 8;
+    if (!ctr_BCC_update(ctr, in1, in1len)
+        || !ctr_BCC_update(ctr, in2, in2len)
+        || !ctr_BCC_update(ctr, in3, in3len)
+        || !ctr_BCC_update(ctr, &c80, 1)
+        || !ctr_BCC_final(ctr))
+        return 0;
+    /* Set up key K */
+    if (!EVP_CipherInit_ex(ctr->ctx, ctr->cipher, NULL, ctr->KX, NULL, 1))
+        return 0;
+    /* X follows key K */
+    if (!EVP_CipherUpdate(ctr->ctx, ctr->KX, &outlen, ctr->KX + ctr->keylen,
+                          AES_BLOCK_SIZE)
+        || outlen != AES_BLOCK_SIZE)
+        return 0;
+    if (!EVP_CipherUpdate(ctr->ctx, ctr->KX + 16, &outlen, ctr->KX,
+                          AES_BLOCK_SIZE)
+        || outlen != AES_BLOCK_SIZE)
+        return 0;
+    if (ctr->keylen != 16)
+        if (!EVP_CipherUpdate(ctr->ctx, ctr->KX + 32, &outlen, ctr->KX + 16,
+                              AES_BLOCK_SIZE)
+            || outlen != AES_BLOCK_SIZE)
+            return 0;
+    return 1;
+}
+
+/*
+ * NB the no-df Update in SP800-90A specifies a constant input length
+ * of seedlen, however other uses of this algorithm pad the input with
+ * zeroes if necessary and have up to two parameters XORed together,
+ * so we handle both cases in this function instead.
+ */
+__owur static int ctr_update(RAND_DRBG *drbg,
+                             const unsigned char *in1, size_t in1len,
+                             const unsigned char *in2, size_t in2len,
+                             const unsigned char *nonce, size_t noncelen)
+{
+    RAND_DRBG_CTR *ctr = &drbg->data.ctr;
+    int outlen = AES_BLOCK_SIZE;
+
+    /* correct key is already set up. */
+    inc_128(ctr);
+    if (!EVP_CipherUpdate(ctr->ctx, ctr->K, &outlen, ctr->V, AES_BLOCK_SIZE)
+        || outlen != AES_BLOCK_SIZE)
+        return 0;
+
+    /* If keylen longer than 128 bits need extra encrypt */
+    if (ctr->keylen != 16) {
+        inc_128(ctr);
+        if (!EVP_CipherUpdate(ctr->ctx, ctr->K+16, &outlen, ctr->V,
+                              AES_BLOCK_SIZE)
+            || outlen != AES_BLOCK_SIZE)
+            return 0;
+    }
+    inc_128(ctr);
+    if (!EVP_CipherUpdate(ctr->ctx, ctr->V, &outlen, ctr->V, AES_BLOCK_SIZE)
+        || outlen != AES_BLOCK_SIZE)
+        return 0;
+
+    /* If 192 bit key part of V is on end of K */
+    if (ctr->keylen == 24) {
+        memcpy(ctr->V + 8, ctr->V, 8);
+        memcpy(ctr->V, ctr->K + 24, 8);
+    }
+
+    if ((drbg->flags & RAND_DRBG_FLAG_CTR_NO_DF) == 0) {
+        /* If no input reuse existing derived value */
+        if (in1 != NULL || nonce != NULL || in2 != NULL)
+            if (!ctr_df(ctr, in1, in1len, nonce, noncelen, in2, in2len))
+                return 0;
+        /* If this a reuse input in1len != 0 */
+        if (in1len)
+            ctr_XOR(ctr, ctr->KX, drbg->seedlen);
+    } else {
+        ctr_XOR(ctr, in1, in1len);
+        ctr_XOR(ctr, in2, in2len);
+    }
+
+    if (!EVP_CipherInit_ex(ctr->ctx, ctr->cipher, NULL, ctr->K, NULL, 1))
+        return 0;
+    return 1;
+}
+
+__owur static int drbg_ctr_instantiate(RAND_DRBG *drbg,
+                                       const unsigned char *entropy, size_t entropylen,
+                                       const unsigned char *nonce, size_t noncelen,
+                                       const unsigned char *pers, size_t perslen)
+{
+    RAND_DRBG_CTR *ctr = &drbg->data.ctr;
+
+    if (entropy == NULL)
+        return 0;
+
+    memset(ctr->K, 0, sizeof(ctr->K));
+    memset(ctr->V, 0, sizeof(ctr->V));
+    if (!EVP_CipherInit_ex(ctr->ctx, ctr->cipher, NULL, ctr->K, NULL, 1))
+        return 0;
+    if (!ctr_update(drbg, entropy, entropylen, pers, perslen, nonce, noncelen))
+        return 0;
+    return 1;
+}
+
+__owur static int drbg_ctr_reseed(RAND_DRBG *drbg,
+                                  const unsigned char *entropy, size_t entropylen,
+                                  const unsigned char *adin, size_t adinlen)
+{
+    if (entropy == NULL)
+        return 0;
+    if (!ctr_update(drbg, entropy, entropylen, adin, adinlen, NULL, 0))
+        return 0;
+    return 1;
+}
+
+__owur static int drbg_ctr_generate(RAND_DRBG *drbg,
+                                    unsigned char *out, size_t outlen,
+                                    const unsigned char *adin, size_t adinlen)
+{
+    RAND_DRBG_CTR *ctr = &drbg->data.ctr;
+
+    if (adin != NULL && adinlen != 0) {
+        if (!ctr_update(drbg, adin, adinlen, NULL, 0, NULL, 0))
+            return 0;
+        /* This means we reuse derived value */
+        if ((drbg->flags & RAND_DRBG_FLAG_CTR_NO_DF) == 0) {
+            adin = NULL;
+            adinlen = 1;
+        }
+    } else {
+        adinlen = 0;
+    }
+
+    for ( ; ; ) {
+        int outl = AES_BLOCK_SIZE;
+
+        inc_128(ctr);
+        if (outlen < 16) {
+            /* Use K as temp space as it will be updated */
+            if (!EVP_CipherUpdate(ctr->ctx, ctr->K, &outl, ctr->V,
+                                  AES_BLOCK_SIZE)
+                || outl != AES_BLOCK_SIZE)
+                return 0;
+            memcpy(out, ctr->K, outlen);
+            break;
+        }
+        if (!EVP_CipherUpdate(ctr->ctx, out, &outl, ctr->V, AES_BLOCK_SIZE)
+            || outl != AES_BLOCK_SIZE)
+            return 0;
+        out += 16;
+        outlen -= 16;
+        if (outlen == 0)
+            break;
+    }
+
+    if (!ctr_update(drbg, adin, adinlen, NULL, 0, NULL, 0))
+        return 0;
+    return 1;
+}
+
+static int drbg_ctr_uninstantiate(RAND_DRBG *drbg)
+{
+    EVP_CIPHER_CTX_free(drbg->data.ctr.ctx);
+    EVP_CIPHER_CTX_free(drbg->data.ctr.ctx_df);
+    OPENSSL_cleanse(&drbg->data.ctr, sizeof(drbg->data.ctr));
+    return 1;
+}
+
+static RAND_DRBG_METHOD drbg_ctr_meth = {
+    drbg_ctr_instantiate,
+    drbg_ctr_reseed,
+    drbg_ctr_generate,
+    drbg_ctr_uninstantiate
+};
+
+int drbg_ctr_init(RAND_DRBG *drbg)
+{
+    RAND_DRBG_CTR *ctr = &drbg->data.ctr;
+    size_t keylen;
+
+    switch (drbg->type) {
+    default:
+        /* This can't happen, but silence the compiler warning. */
+        return 0;
+    case NID_aes_128_ctr:
+        keylen = 16;
+        ctr->cipher = EVP_aes_128_ecb();
+        break;
+    case NID_aes_192_ctr:
+        keylen = 24;
+        ctr->cipher = EVP_aes_192_ecb();
+        break;
+    case NID_aes_256_ctr:
+        keylen = 32;
+        ctr->cipher = EVP_aes_256_ecb();
+        break;
+    }
+
+    drbg->meth = &drbg_ctr_meth;
+
+    ctr->keylen = keylen;
+    if (ctr->ctx == NULL)
+        ctr->ctx = EVP_CIPHER_CTX_new();
+    if (ctr->ctx == NULL)
+        return 0;
+    drbg->strength = keylen * 8;
+    drbg->seedlen = keylen + 16;
+
+    if ((drbg->flags & RAND_DRBG_FLAG_CTR_NO_DF) == 0) {
+        /* df initialisation */
+        static const unsigned char df_key[32] = {
+            0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+            0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+            0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+            0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
+        };
+
+        if (ctr->ctx_df == NULL)
+            ctr->ctx_df = EVP_CIPHER_CTX_new();
+        if (ctr->ctx_df == NULL)
+            return 0;
+        /* Set key schedule for df_key */
+        if (!EVP_CipherInit_ex(ctr->ctx_df, ctr->cipher, NULL, df_key, NULL, 1))
+            return 0;
+
+        drbg->min_entropylen = ctr->keylen;
+        drbg->max_entropylen = DRBG_MAX_LENGTH;
+        drbg->min_noncelen = drbg->min_entropylen / 2;
+        drbg->max_noncelen = DRBG_MAX_LENGTH;
+        drbg->max_perslen = DRBG_MAX_LENGTH;
+        drbg->max_adinlen = DRBG_MAX_LENGTH;
+    } else {
+        drbg->min_entropylen = drbg->seedlen;
+        drbg->max_entropylen = drbg->seedlen;
+        /* Nonce not used */
+        drbg->min_noncelen = 0;
+        drbg->max_noncelen = 0;
+        drbg->max_perslen = drbg->seedlen;
+        drbg->max_adinlen = drbg->seedlen;
+    }
+
+    drbg->max_request = 1 << 16;
+
+    return 1;
+}
diff --git a/deps/openssl/openssl/crypto/rand/drbg_lib.c b/deps/openssl/openssl/crypto/rand/drbg_lib.c
new file mode 100644
index 0000000000..a13282181d
--- /dev/null
+++ b/deps/openssl/openssl/crypto/rand/drbg_lib.c
@@ -0,0 +1,1159 @@
+/*
+ * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#include "rand_lcl.h"
+#include "internal/thread_once.h"
+#include "internal/rand_int.h"
+#include "internal/cryptlib_int.h"
+
+/*
+ * Support framework for NIST SP 800-90A DRBG
+ *
+ * See manual page RAND_DRBG(7) for a general overview.
+ *
+ * The OpenSSL model is to have new and free functions, and that new
+ * does all initialization.  That is not the NIST model, which has
+ * instantiation and un-instantiate, and re-use within a new/free
+ * lifecycle.  (No doubt this comes from the desire to support hardware
+ * DRBG, where allocation of resources on something like an HSM is
+ * a much bigger deal than just re-setting an allocated resource.)
+ */
+
+/*
+ * The three shared DRBG instances
+ *
+ * There are three shared DRBG instances: <master>, <public>, and <private>.
+ */
+
+/*
+ * The <master> DRBG
+ *
+ * Not used directly by the application, only for reseeding the two other
+ * DRBGs. It reseeds itself by pulling either randomness from os entropy
+ * sources or by consuming randomness which was added by RAND_add().
+ *
+ * The <master> DRBG is a global instance which is accessed concurrently by
+ * all threads. The necessary locking is managed automatically by its child
+ * DRBG instances during reseeding.
+ */
+static RAND_DRBG *master_drbg;
+/*
+ * The <public> DRBG
+ *
+ * Used by default for generating random bytes using RAND_bytes().
+ *
+ * The <public> DRBG is thread-local, i.e., there is one instance per thread.
+ */
+static CRYPTO_THREAD_LOCAL public_drbg;
+/*
+ * The <private> DRBG
+ *
+ * Used by default for generating private keys using RAND_priv_bytes()
+ *
+ * The <private> DRBG is thread-local, i.e., there is one instance per thread.
+ */
+static CRYPTO_THREAD_LOCAL private_drbg;
+
+
+
+/* NIST SP 800-90A DRBG recommends the use of a personalization string. */
+static const char ossl_pers_string[] = "OpenSSL NIST SP 800-90A DRBG";
+
+static CRYPTO_ONCE rand_drbg_init = CRYPTO_ONCE_STATIC_INIT;
+
+
+
+static int rand_drbg_type = RAND_DRBG_TYPE;
+static unsigned int rand_drbg_flags = RAND_DRBG_FLAGS;
+
+static unsigned int master_reseed_interval = MASTER_RESEED_INTERVAL;
+static unsigned int slave_reseed_interval  = SLAVE_RESEED_INTERVAL;
+
+static time_t master_reseed_time_interval = MASTER_RESEED_TIME_INTERVAL;
+static time_t slave_reseed_time_interval  = SLAVE_RESEED_TIME_INTERVAL;
+
+/* A logical OR of all used DRBG flag bits (currently there is only one) */
+static const unsigned int rand_drbg_used_flags =
+    RAND_DRBG_FLAG_CTR_NO_DF;
+
+static RAND_DRBG *drbg_setup(RAND_DRBG *parent);
+
+static RAND_DRBG *rand_drbg_new(int secure,
+                                int type,
+                                unsigned int flags,
+                                RAND_DRBG *parent);
+
+/*
+ * Set/initialize |drbg| to be of type |type|, with optional |flags|.
+ *
+ * If |type| and |flags| are zero, use the defaults
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+int RAND_DRBG_set(RAND_DRBG *drbg, int type, unsigned int flags)
+{
+    int ret = 1;
+
+    if (type == 0 && flags == 0) {
+        type = rand_drbg_type;
+        flags = rand_drbg_flags;
+    }
+
+    /* If set is called multiple times - clear the old one */
+    if (drbg->type != 0 && (type != drbg->type || flags != drbg->flags)) {
+        drbg->meth->uninstantiate(drbg);
+        rand_pool_free(drbg->adin_pool);
+        drbg->adin_pool = NULL;
+    }
+
+    drbg->state = DRBG_UNINITIALISED;
+    drbg->flags = flags;
+    drbg->type = type;
+
+    switch (type) {
+    default:
+        drbg->type = 0;
+        drbg->flags = 0;
+        drbg->meth = NULL;
+        RANDerr(RAND_F_RAND_DRBG_SET, RAND_R_UNSUPPORTED_DRBG_TYPE);
+        return 0;
+    case 0:
+        /* Uninitialized; that's okay. */
+        drbg->meth = NULL;
+        return 1;
+    case NID_aes_128_ctr:
+    case NID_aes_192_ctr:
+    case NID_aes_256_ctr:
+        ret = drbg_ctr_init(drbg);
+        break;
+    }
+
+    if (ret == 0) {
+        drbg->state = DRBG_ERROR;
+        RANDerr(RAND_F_RAND_DRBG_SET, RAND_R_ERROR_INITIALISING_DRBG);
+    }
+    return ret;
+}
+
+/*
+ * Set/initialize default |type| and |flag| for new drbg instances.
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+int RAND_DRBG_set_defaults(int type, unsigned int flags)
+{
+    int ret = 1;
+
+    switch (type) {
+    default:
+        RANDerr(RAND_F_RAND_DRBG_SET_DEFAULTS, RAND_R_UNSUPPORTED_DRBG_TYPE);
+        return 0;
+    case NID_aes_128_ctr:
+    case NID_aes_192_ctr:
+    case NID_aes_256_ctr:
+        break;
+    }
+
+    if ((flags & ~rand_drbg_used_flags) != 0) {
+        RANDerr(RAND_F_RAND_DRBG_SET_DEFAULTS, RAND_R_UNSUPPORTED_DRBG_FLAGS);
+        return 0;
+    }
+
+    rand_drbg_type  = type;
+    rand_drbg_flags = flags;
+
+    return ret;
+}
+
+
+/*
+ * Allocate memory and initialize a new DRBG. The DRBG is allocated on
+ * the secure heap if |secure| is nonzero and the secure heap is enabled.
+ * The |parent|, if not NULL, will be used as random source for reseeding.
+ *
+ * Returns a pointer to the new DRBG instance on success, NULL on failure.
+ */
+static RAND_DRBG *rand_drbg_new(int secure,
+                                int type,
+                                unsigned int flags,
+                                RAND_DRBG *parent)
+{
+    RAND_DRBG *drbg = secure ?
+        OPENSSL_secure_zalloc(sizeof(*drbg)) : OPENSSL_zalloc(sizeof(*drbg));
+
+    if (drbg == NULL) {
+        RANDerr(RAND_F_RAND_DRBG_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    drbg->secure = secure && CRYPTO_secure_allocated(drbg);
+    drbg->fork_count = rand_fork_count;
+    drbg->parent = parent;
+
+    if (parent == NULL) {
+        drbg->get_entropy = rand_drbg_get_entropy;
+        drbg->cleanup_entropy = rand_drbg_cleanup_entropy;
+#ifndef RAND_DRBG_GET_RANDOM_NONCE
+        drbg->get_nonce = rand_drbg_get_nonce;
+        drbg->cleanup_nonce = rand_drbg_cleanup_nonce;
+#endif
+
+        drbg->reseed_interval = master_reseed_interval;
+        drbg->reseed_time_interval = master_reseed_time_interval;
+    } else {
+        drbg->get_entropy = rand_drbg_get_entropy;
+        drbg->cleanup_entropy = rand_drbg_cleanup_entropy;
+        /*
+         * Do not provide nonce callbacks, the child DRBGs will
+         * obtain their nonce using random bits from the parent.
+         */
+
+        drbg->reseed_interval = slave_reseed_interval;
+        drbg->reseed_time_interval = slave_reseed_time_interval;
+    }
+
+    if (RAND_DRBG_set(drbg, type, flags) == 0)
+        goto err;
+
+    if (parent != NULL) {
+        rand_drbg_lock(parent);
+        if (drbg->strength > parent->strength) {
+            /*
+             * We currently don't support the algorithm from NIST SP 800-90C
+             * 10.1.2 to use a weaker DRBG as source
+             */
+            rand_drbg_unlock(parent);
+            RANDerr(RAND_F_RAND_DRBG_NEW, RAND_R_PARENT_STRENGTH_TOO_WEAK);
+            goto err;
+        }
+        rand_drbg_unlock(parent);
+    }
+
+    return drbg;
+
+ err:
+    RAND_DRBG_free(drbg);
+
+    return NULL;
+}
+
+RAND_DRBG *RAND_DRBG_new(int type, unsigned int flags, RAND_DRBG *parent)
+{
+    return rand_drbg_new(0, type, flags, parent);
+}
+
+RAND_DRBG *RAND_DRBG_secure_new(int type, unsigned int flags, RAND_DRBG *parent)
+{
+    return rand_drbg_new(1, type, flags, parent);
+}
+
+/*
+ * Uninstantiate |drbg| and free all memory.
+ */
+void RAND_DRBG_free(RAND_DRBG *drbg)
+{
+    if (drbg == NULL)
+        return;
+
+    if (drbg->meth != NULL)
+        drbg->meth->uninstantiate(drbg);
+    rand_pool_free(drbg->adin_pool);
+    CRYPTO_THREAD_lock_free(drbg->lock);
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DRBG, drbg, &drbg->ex_data);
+
+    if (drbg->secure)
+        OPENSSL_secure_clear_free(drbg, sizeof(*drbg));
+    else
+        OPENSSL_clear_free(drbg, sizeof(*drbg));
+}
+
+/*
+ * Instantiate |drbg|, after it has been initialized.  Use |pers| and
+ * |perslen| as prediction-resistance input.
+ *
+ * Requires that drbg->lock is already locked for write, if non-null.
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+int RAND_DRBG_instantiate(RAND_DRBG *drbg,
+                          const unsigned char *pers, size_t perslen)
+{
+    unsigned char *nonce = NULL, *entropy = NULL;
+    size_t noncelen = 0, entropylen = 0;
+    size_t min_entropy = drbg->strength;
+    size_t min_entropylen = drbg->min_entropylen;
+    size_t max_entropylen = drbg->max_entropylen;
+
+    if (perslen > drbg->max_perslen) {
+        RANDerr(RAND_F_RAND_DRBG_INSTANTIATE,
+                RAND_R_PERSONALISATION_STRING_TOO_LONG);
+        goto end;
+    }
+
+    if (drbg->meth == NULL) {
+        RANDerr(RAND_F_RAND_DRBG_INSTANTIATE,
+                RAND_R_NO_DRBG_IMPLEMENTATION_SELECTED);
+        goto end;
+    }
+
+    if (drbg->state != DRBG_UNINITIALISED) {
+        RANDerr(RAND_F_RAND_DRBG_INSTANTIATE,
+                drbg->state == DRBG_ERROR ? RAND_R_IN_ERROR_STATE
+                                          : RAND_R_ALREADY_INSTANTIATED);
+        goto end;
+    }
+
+    drbg->state = DRBG_ERROR;
+
+    /*
+     * NIST SP800-90Ar1 section 9.1 says you can combine getting the entropy
+     * and nonce in 1 call by increasing the entropy with 50% and increasing
+     * the minimum length to accomadate the length of the nonce.
+     * We do this in case a nonce is require and get_nonce is NULL.
+     */
+    if (drbg->min_noncelen > 0 && drbg->get_nonce == NULL) {
+        min_entropy += drbg->strength / 2;
+        min_entropylen += drbg->min_noncelen;
+        max_entropylen += drbg->max_noncelen;
+    }
+
+    drbg->reseed_next_counter = tsan_load(&drbg->reseed_prop_counter);
+    if (drbg->reseed_next_counter) {
+        drbg->reseed_next_counter++;
+        if(!drbg->reseed_next_counter)
+            drbg->reseed_next_counter = 1;
+    }
+
+    if (drbg->get_entropy != NULL)
+        entropylen = drbg->get_entropy(drbg, &entropy, min_entropy,
+                                       min_entropylen, max_entropylen, 0);
+    if (entropylen < min_entropylen
+            || entropylen > max_entropylen) {
+        RANDerr(RAND_F_RAND_DRBG_INSTANTIATE, RAND_R_ERROR_RETRIEVING_ENTROPY);
+        goto end;
+    }
+
+    if (drbg->min_noncelen > 0 && drbg->get_nonce != NULL) {
+        noncelen = drbg->get_nonce(drbg, &nonce, drbg->strength / 2,
+                                   drbg->min_noncelen, drbg->max_noncelen);
+        if (noncelen < drbg->min_noncelen || noncelen > drbg->max_noncelen) {
+            RANDerr(RAND_F_RAND_DRBG_INSTANTIATE, RAND_R_ERROR_RETRIEVING_NONCE);
+            goto end;
+        }
+    }
+
+    if (!drbg->meth->instantiate(drbg, entropy, entropylen,
+                         nonce, noncelen, pers, perslen)) {
+        RANDerr(RAND_F_RAND_DRBG_INSTANTIATE, RAND_R_ERROR_INSTANTIATING_DRBG);
+        goto end;
+    }
+
+    drbg->state = DRBG_READY;
+    drbg->reseed_gen_counter = 1;
+    drbg->reseed_time = time(NULL);
+    tsan_store(&drbg->reseed_prop_counter, drbg->reseed_next_counter);
+
+ end:
+    if (entropy != NULL && drbg->cleanup_entropy != NULL)
+        drbg->cleanup_entropy(drbg, entropy, entropylen);
+    if (nonce != NULL && drbg->cleanup_nonce != NULL)
+        drbg->cleanup_nonce(drbg, nonce, noncelen);
+    if (drbg->state == DRBG_READY)
+        return 1;
+    return 0;
+}
+
+/*
+ * Uninstantiate |drbg|. Must be instantiated before it can be used.
+ *
+ * Requires that drbg->lock is already locked for write, if non-null.
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+int RAND_DRBG_uninstantiate(RAND_DRBG *drbg)
+{
+    if (drbg->meth == NULL) {
+        drbg->state = DRBG_ERROR;
+        RANDerr(RAND_F_RAND_DRBG_UNINSTANTIATE,
+                RAND_R_NO_DRBG_IMPLEMENTATION_SELECTED);
+        return 0;
+    }
+
+    /* Clear the entire drbg->ctr struct, then reset some important
+     * members of the drbg->ctr struct (e.g. keysize, df_ks) to their
+     * initial values.
+     */
+    drbg->meth->uninstantiate(drbg);
+    return RAND_DRBG_set(drbg, drbg->type, drbg->flags);
+}
+
+/*
+ * Reseed |drbg|, mixing in the specified data
+ *
+ * Requires that drbg->lock is already locked for write, if non-null.
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+int RAND_DRBG_reseed(RAND_DRBG *drbg,
+                     const unsigned char *adin, size_t adinlen,
+                     int prediction_resistance)
+{
+    unsigned char *entropy = NULL;
+    size_t entropylen = 0;
+
+    if (drbg->state == DRBG_ERROR) {
+        RANDerr(RAND_F_RAND_DRBG_RESEED, RAND_R_IN_ERROR_STATE);
+        return 0;
+    }
+    if (drbg->state == DRBG_UNINITIALISED) {
+        RANDerr(RAND_F_RAND_DRBG_RESEED, RAND_R_NOT_INSTANTIATED);
+        return 0;
+    }
+
+    if (adin == NULL) {
+        adinlen = 0;
+    } else if (adinlen > drbg->max_adinlen) {
+        RANDerr(RAND_F_RAND_DRBG_RESEED, RAND_R_ADDITIONAL_INPUT_TOO_LONG);
+        return 0;
+    }
+
+    drbg->state = DRBG_ERROR;
+
+    drbg->reseed_next_counter = tsan_load(&drbg->reseed_prop_counter);
+    if (drbg->reseed_next_counter) {
+        drbg->reseed_next_counter++;
+        if(!drbg->reseed_next_counter)
+            drbg->reseed_next_counter = 1;
+    }
+
+    if (drbg->get_entropy != NULL)
+        entropylen = drbg->get_entropy(drbg, &entropy, drbg->strength,
+                                       drbg->min_entropylen,
+                                       drbg->max_entropylen,
+                                       prediction_resistance);
+    if (entropylen < drbg->min_entropylen
+            || entropylen > drbg->max_entropylen) {
+        RANDerr(RAND_F_RAND_DRBG_RESEED, RAND_R_ERROR_RETRIEVING_ENTROPY);
+        goto end;
+    }
+
+    if (!drbg->meth->reseed(drbg, entropy, entropylen, adin, adinlen))
+        goto end;
+
+    drbg->state = DRBG_READY;
+    drbg->reseed_gen_counter = 1;
+    drbg->reseed_time = time(NULL);
+    tsan_store(&drbg->reseed_prop_counter, drbg->reseed_next_counter);
+
+ end:
+    if (entropy != NULL && drbg->cleanup_entropy != NULL)
+        drbg->cleanup_entropy(drbg, entropy, entropylen);
+    if (drbg->state == DRBG_READY)
+        return 1;
+    return 0;
+}
+
+/*
+ * Restart |drbg|, using the specified entropy or additional input
+ *
+ * Tries its best to get the drbg instantiated by all means,
+ * regardless of its current state.
+ *
+ * Optionally, a |buffer| of |len| random bytes can be passed,
+ * which is assumed to contain at least |entropy| bits of entropy.
+ *
+ * If |entropy| > 0, the buffer content is used as entropy input.
+ *
+ * If |entropy| == 0, the buffer content is used as additional input
+ *
+ * Returns 1 on success, 0 on failure.
+ *
+ * This function is used internally only.
+ */
+int rand_drbg_restart(RAND_DRBG *drbg,
+                      const unsigned char *buffer, size_t len, size_t entropy)
+{
+    int reseeded = 0;
+    const unsigned char *adin = NULL;
+    size_t adinlen = 0;
+
+    if (drbg->seed_pool != NULL) {
+        RANDerr(RAND_F_RAND_DRBG_RESTART, ERR_R_INTERNAL_ERROR);
+        drbg->state = DRBG_ERROR;
+        rand_pool_free(drbg->seed_pool);
+        drbg->seed_pool = NULL;
+        return 0;
+    }
+
+    if (buffer != NULL) {
+        if (entropy > 0) {
+            if (drbg->max_entropylen < len) {
+                RANDerr(RAND_F_RAND_DRBG_RESTART,
+                    RAND_R_ENTROPY_INPUT_TOO_LONG);
+                drbg->state = DRBG_ERROR;
+                return 0;
+            }
+
+            if (entropy > 8 * len) {
+                RANDerr(RAND_F_RAND_DRBG_RESTART, RAND_R_ENTROPY_OUT_OF_RANGE);
+                drbg->state = DRBG_ERROR;
+                return 0;
+            }
+
+            /* will be picked up by the rand_drbg_get_entropy() callback */
+            drbg->seed_pool = rand_pool_attach(buffer, len, entropy);
+            if (drbg->seed_pool == NULL)
+                return 0;
+        } else {
+            if (drbg->max_adinlen < len) {
+                RANDerr(RAND_F_RAND_DRBG_RESTART,
+                        RAND_R_ADDITIONAL_INPUT_TOO_LONG);
+                drbg->state = DRBG_ERROR;
+                return 0;
+            }
+            adin = buffer;
+            adinlen = len;
+        }
+    }
+
+    /* repair error state */
+    if (drbg->state == DRBG_ERROR)
+        RAND_DRBG_uninstantiate(drbg);
+
+    /* repair uninitialized state */
+    if (drbg->state == DRBG_UNINITIALISED) {
+        /* reinstantiate drbg */
+        RAND_DRBG_instantiate(drbg,
+                              (const unsigned char *) ossl_pers_string,
+                              sizeof(ossl_pers_string) - 1);
+        /* already reseeded. prevent second reseeding below */
+        reseeded = (drbg->state == DRBG_READY);
+    }
+
+    /* refresh current state if entropy or additional input has been provided */
+    if (drbg->state == DRBG_READY) {
+        if (adin != NULL) {
+            /*
+             * mix in additional input without reseeding
+             *
+             * Similar to RAND_DRBG_reseed(), but the provided additional
+             * data |adin| is mixed into the current state without pulling
+             * entropy from the trusted entropy source using get_entropy().
+             * This is not a reseeding in the strict sense of NIST SP 800-90A.
+             */
+            drbg->meth->reseed(drbg, adin, adinlen, NULL, 0);
+        } else if (reseeded == 0) {
+            /* do a full reseeding if it has not been done yet above */
+            RAND_DRBG_reseed(drbg, NULL, 0, 0);
+        }
+    }
+
+    rand_pool_free(drbg->seed_pool);
+    drbg->seed_pool = NULL;
+
+    return drbg->state == DRBG_READY;
+}
+
+/*
+ * Generate |outlen| bytes into the buffer at |out|.  Reseed if we need
+ * to or if |prediction_resistance| is set.  Additional input can be
+ * sent in |adin| and |adinlen|.
+ *
+ * Requires that drbg->lock is already locked for write, if non-null.
+ *
+ * Returns 1 on success, 0 on failure.
+ *
+ */
+int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen,
+                       int prediction_resistance,
+                       const unsigned char *adin, size_t adinlen)
+{
+    int reseed_required = 0;
+
+    if (drbg->state != DRBG_READY) {
+        /* try to recover from previous errors */
+        rand_drbg_restart(drbg, NULL, 0, 0);
+
+        if (drbg->state == DRBG_ERROR) {
+            RANDerr(RAND_F_RAND_DRBG_GENERATE, RAND_R_IN_ERROR_STATE);
+            return 0;
+        }
+        if (drbg->state == DRBG_UNINITIALISED) {
+            RANDerr(RAND_F_RAND_DRBG_GENERATE, RAND_R_NOT_INSTANTIATED);
+            return 0;
+        }
+    }
+
+    if (outlen > drbg->max_request) {
+        RANDerr(RAND_F_RAND_DRBG_GENERATE, RAND_R_REQUEST_TOO_LARGE_FOR_DRBG);
+        return 0;
+    }
+    if (adinlen > drbg->max_adinlen) {
+        RANDerr(RAND_F_RAND_DRBG_GENERATE, RAND_R_ADDITIONAL_INPUT_TOO_LONG);
+        return 0;
+    }
+
+    if (drbg->fork_count != rand_fork_count) {
+        drbg->fork_count = rand_fork_count;
+        reseed_required = 1;
+    }
+
+    if (drbg->reseed_interval > 0) {
+        if (drbg->reseed_gen_counter >= drbg->reseed_interval)
+            reseed_required = 1;
+    }
+    if (drbg->reseed_time_interval > 0) {
+        time_t now = time(NULL);
+        if (now < drbg->reseed_time
+            || now - drbg->reseed_time >= drbg->reseed_time_interval)
+            reseed_required = 1;
+    }
+    if (drbg->parent != NULL) {
+        unsigned int reseed_counter = tsan_load(&drbg->reseed_prop_counter);
+        if (reseed_counter > 0
+                && tsan_load(&drbg->parent->reseed_prop_counter)
+                   != reseed_counter)
+            reseed_required = 1;
+    }
+
+    if (reseed_required || prediction_resistance) {
+        if (!RAND_DRBG_reseed(drbg, adin, adinlen, prediction_resistance)) {
+            RANDerr(RAND_F_RAND_DRBG_GENERATE, RAND_R_RESEED_ERROR);
+            return 0;
+        }
+        adin = NULL;
+        adinlen = 0;
+    }
+
+    if (!drbg->meth->generate(drbg, out, outlen, adin, adinlen)) {
+        drbg->state = DRBG_ERROR;
+        RANDerr(RAND_F_RAND_DRBG_GENERATE, RAND_R_GENERATE_ERROR);
+        return 0;
+    }
+
+    drbg->reseed_gen_counter++;
+
+    return 1;
+}
+
+/*
+ * Generates |outlen| random bytes and stores them in |out|. It will
+ * using the given |drbg| to generate the bytes.
+ *
+ * Requires that drbg->lock is already locked for write, if non-null.
+ *
+ * Returns 1 on success 0 on failure.
+ */
+int RAND_DRBG_bytes(RAND_DRBG *drbg, unsigned char *out, size_t outlen)
+{
+    unsigned char *additional = NULL;
+    size_t additional_len;
+    size_t chunk;
+    size_t ret = 0;
+
+    if (drbg->adin_pool == NULL) {
+        if (drbg->type == 0)
+            goto err;
+        drbg->adin_pool = rand_pool_new(0, 0, drbg->max_adinlen);
+        if (drbg->adin_pool == NULL)
+            goto err;
+    }
+
+    additional_len = rand_drbg_get_additional_data(drbg->adin_pool,
+                                                   &additional);
+
+    for ( ; outlen > 0; outlen -= chunk, out += chunk) {
+        chunk = outlen;
+        if (chunk > drbg->max_request)
+            chunk = drbg->max_request;
+        ret = RAND_DRBG_generate(drbg, out, chunk, 0, additional, additional_len);
+        if (!ret)
+            goto err;
+    }
+    ret = 1;
+
+ err:
+    if (additional != NULL)
+        rand_drbg_cleanup_additional_data(drbg->adin_pool, additional);
+
+    return ret;
+}
+
+/*
+ * Set the RAND_DRBG callbacks for obtaining entropy and nonce.
+ *
+ * Setting the callbacks is allowed only if the drbg has not been
+ * initialized yet. Otherwise, the operation will fail.
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+int RAND_DRBG_set_callbacks(RAND_DRBG *drbg,
+                            RAND_DRBG_get_entropy_fn get_entropy,
+                            RAND_DRBG_cleanup_entropy_fn cleanup_entropy,
+                            RAND_DRBG_get_nonce_fn get_nonce,
+                            RAND_DRBG_cleanup_nonce_fn cleanup_nonce)
+{
+    if (drbg->state != DRBG_UNINITIALISED
+            || drbg->parent != NULL)
+        return 0;
+    drbg->get_entropy = get_entropy;
+    drbg->cleanup_entropy = cleanup_entropy;
+    drbg->get_nonce = get_nonce;
+    drbg->cleanup_nonce = cleanup_nonce;
+    return 1;
+}
+
+/*
+ * Set the reseed interval.
+ *
+ * The drbg will reseed automatically whenever the number of generate
+ * requests exceeds the given reseed interval. If the reseed interval
+ * is 0, then this feature is disabled.
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+int RAND_DRBG_set_reseed_interval(RAND_DRBG *drbg, unsigned int interval)
+{
+    if (interval > MAX_RESEED_INTERVAL)
+        return 0;
+    drbg->reseed_interval = interval;
+    return 1;
+}
+
+/*
+ * Set the reseed time interval.
+ *
+ * The drbg will reseed automatically whenever the time elapsed since
+ * the last reseeding exceeds the given reseed time interval. For safety,
+ * a reseeding will also occur if the clock has been reset to a smaller
+ * value.
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+int RAND_DRBG_set_reseed_time_interval(RAND_DRBG *drbg, time_t interval)
+{
+    if (interval > MAX_RESEED_TIME_INTERVAL)
+        return 0;
+    drbg->reseed_time_interval = interval;
+    return 1;
+}
+
+/*
+ * Set the default values for reseed (time) intervals of new DRBG instances
+ *
+ * The default values can be set independently for master DRBG instances
+ * (without a parent) and slave DRBG instances (with parent).
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+
+int RAND_DRBG_set_reseed_defaults(
+                                  unsigned int _master_reseed_interval,
+                                  unsigned int _slave_reseed_interval,
+                                  time_t _master_reseed_time_interval,
+                                  time_t _slave_reseed_time_interval
+                                  )
+{
+    if (_master_reseed_interval > MAX_RESEED_INTERVAL
+        || _slave_reseed_interval > MAX_RESEED_INTERVAL)
+        return 0;
+
+    if (_master_reseed_time_interval > MAX_RESEED_TIME_INTERVAL
+        || _slave_reseed_time_interval > MAX_RESEED_TIME_INTERVAL)
+        return 0;
+
+    master_reseed_interval = _master_reseed_interval;
+    slave_reseed_interval = _slave_reseed_interval;
+
+    master_reseed_time_interval = _master_reseed_time_interval;
+    slave_reseed_time_interval = _slave_reseed_time_interval;
+
+    return 1;
+}
+
+/*
+ * Locks the given drbg. Locking a drbg which does not have locking
+ * enabled is considered a successful no-op.
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+int rand_drbg_lock(RAND_DRBG *drbg)
+{
+    if (drbg->lock != NULL)
+        return CRYPTO_THREAD_write_lock(drbg->lock);
+
+    return 1;
+}
+
+/*
+ * Unlocks the given drbg. Unlocking a drbg which does not have locking
+ * enabled is considered a successful no-op.
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+int rand_drbg_unlock(RAND_DRBG *drbg)
+{
+    if (drbg->lock != NULL)
+        return CRYPTO_THREAD_unlock(drbg->lock);
+
+    return 1;
+}
+
+/*
+ * Enables locking for the given drbg
+ *
+ * Locking can only be enabled if the random generator
+ * is in the uninitialized state.
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+int rand_drbg_enable_locking(RAND_DRBG *drbg)
+{
+    if (drbg->state != DRBG_UNINITIALISED) {
+        RANDerr(RAND_F_RAND_DRBG_ENABLE_LOCKING,
+                RAND_R_DRBG_ALREADY_INITIALIZED);
+        return 0;
+    }
+
+    if (drbg->lock == NULL) {
+        if (drbg->parent != NULL && drbg->parent->lock == NULL) {
+            RANDerr(RAND_F_RAND_DRBG_ENABLE_LOCKING,
+                    RAND_R_PARENT_LOCKING_NOT_ENABLED);
+            return 0;
+        }
+
+        drbg->lock = CRYPTO_THREAD_lock_new();
+        if (drbg->lock == NULL) {
+            RANDerr(RAND_F_RAND_DRBG_ENABLE_LOCKING,
+                    RAND_R_FAILED_TO_CREATE_LOCK);
+            return 0;
+        }
+    }
+
+    return 1;
+}
+
+/*
+ * Get and set the EXDATA
+ */
+int RAND_DRBG_set_ex_data(RAND_DRBG *drbg, int idx, void *arg)
+{
+    return CRYPTO_set_ex_data(&drbg->ex_data, idx, arg);
+}
+
+void *RAND_DRBG_get_ex_data(const RAND_DRBG *drbg, int idx)
+{
+    return CRYPTO_get_ex_data(&drbg->ex_data, idx);
+}
+
+
+/*
+ * The following functions provide a RAND_METHOD that works on the
+ * global DRBG.  They lock.
+ */
+
+/*
+ * Allocates a new global DRBG on the secure heap (if enabled) and
+ * initializes it with default settings.
+ *
+ * Returns a pointer to the new DRBG instance on success, NULL on failure.
+ */
+static RAND_DRBG *drbg_setup(RAND_DRBG *parent)
+{
+    RAND_DRBG *drbg;
+
+    drbg = RAND_DRBG_secure_new(rand_drbg_type, rand_drbg_flags, parent);
+    if (drbg == NULL)
+        return NULL;
+
+    /* Only the master DRBG needs to have a lock */
+    if (parent == NULL && rand_drbg_enable_locking(drbg) == 0)
+        goto err;
+
+    /* enable seed propagation */
+    tsan_store(&drbg->reseed_prop_counter, 1);
+
+    /*
+     * Ignore instantiation error to support just-in-time instantiation.
+     *
+     * The state of the drbg will be checked in RAND_DRBG_generate() and
+     * an automatic recovery is attempted.
+     */
+    (void)RAND_DRBG_instantiate(drbg,
+                                (const unsigned char *) ossl_pers_string,
+                                sizeof(ossl_pers_string) - 1);
+    return drbg;
+
+err:
+    RAND_DRBG_free(drbg);
+    return NULL;
+}
+
+/*
+ * Initialize the global DRBGs on first use.
+ * Returns 1 on success, 0 on failure.
+ */
+DEFINE_RUN_ONCE_STATIC(do_rand_drbg_init)
+{
+    /*
+     * ensure that libcrypto is initialized, otherwise the
+     * DRBG locks are not cleaned up properly
+     */
+    if (!OPENSSL_init_crypto(0, NULL))
+        return 0;
+
+    if (!CRYPTO_THREAD_init_local(&private_drbg, NULL))
+        return 0;
+
+    if (!CRYPTO_THREAD_init_local(&public_drbg, NULL))
+        goto err1;
+
+    master_drbg = drbg_setup(NULL);
+    if (master_drbg == NULL)
+        goto err2;
+
+    return 1;
+
+err2:
+    CRYPTO_THREAD_cleanup_local(&public_drbg);
+err1:
+    CRYPTO_THREAD_cleanup_local(&private_drbg);
+    return 0;
+}
+
+/* Clean up the global DRBGs before exit */
+void rand_drbg_cleanup_int(void)
+{
+    if (master_drbg != NULL) {
+        RAND_DRBG_free(master_drbg);
+        master_drbg = NULL;
+
+        CRYPTO_THREAD_cleanup_local(&private_drbg);
+        CRYPTO_THREAD_cleanup_local(&public_drbg);
+    }
+}
+
+void drbg_delete_thread_state(void)
+{
+    RAND_DRBG *drbg;
+
+    drbg = CRYPTO_THREAD_get_local(&public_drbg);
+    CRYPTO_THREAD_set_local(&public_drbg, NULL);
+    RAND_DRBG_free(drbg);
+
+    drbg = CRYPTO_THREAD_get_local(&private_drbg);
+    CRYPTO_THREAD_set_local(&private_drbg, NULL);
+    RAND_DRBG_free(drbg);
+}
+
+/* Implements the default OpenSSL RAND_bytes() method */
+static int drbg_bytes(unsigned char *out, int count)
+{
+    int ret;
+    RAND_DRBG *drbg = RAND_DRBG_get0_public();
+
+    if (drbg == NULL)
+        return 0;
+
+    ret = RAND_DRBG_bytes(drbg, out, count);
+
+    return ret;
+}
+
+/*
+ * Calculates the minimum length of a full entropy buffer
+ * which is necessary to seed (i.e. instantiate) the DRBG
+ * successfully.
+ */
+size_t rand_drbg_seedlen(RAND_DRBG *drbg)
+{
+    /*
+     * If no os entropy source is available then RAND_seed(buffer, bufsize)
+     * is expected to succeed if and only if the buffer length satisfies
+     * the following requirements, which follow from the calculations
+     * in RAND_DRBG_instantiate().
+     */
+    size_t min_entropy = drbg->strength;
+    size_t min_entropylen = drbg->min_entropylen;
+
+    /*
+     * Extra entropy for the random nonce in the absence of a
+     * get_nonce callback, see comment in RAND_DRBG_instantiate().
+     */
+    if (drbg->min_noncelen > 0 && drbg->get_nonce == NULL) {
+        min_entropy += drbg->strength / 2;
+        min_entropylen += drbg->min_noncelen;
+    }
+
+    /*
+     * Convert entropy requirement from bits to bytes
+     * (dividing by 8 without rounding upwards, because
+     * all entropy requirements are divisible by 8).
+     */
+    min_entropy >>= 3;
+
+    /* Return a value that satisfies both requirements */
+    return min_entropy > min_entropylen ? min_entropy : min_entropylen;
+}
+
+/* Implements the default OpenSSL RAND_add() method */
+static int drbg_add(const void *buf, int num, double randomness)
+{
+    int ret = 0;
+    RAND_DRBG *drbg = RAND_DRBG_get0_master();
+    size_t buflen;
+    size_t seedlen;
+
+    if (drbg == NULL)
+        return 0;
+
+    if (num < 0 || randomness < 0.0)
+        return 0;
+
+    rand_drbg_lock(drbg);
+    seedlen = rand_drbg_seedlen(drbg);
+
+    buflen = (size_t)num;
+
+    if (buflen < seedlen || randomness < (double) seedlen) {
+#if defined(OPENSSL_RAND_SEED_NONE)
+        /*
+         * If no os entropy source is available, a reseeding will fail
+         * inevitably. So we use a trick to mix the buffer contents into
+         * the DRBG state without forcing a reseeding: we generate a
+         * dummy random byte, using the buffer content as additional data.
+         * Note: This won't work with RAND_DRBG_FLAG_CTR_NO_DF.
+         */
+        unsigned char dummy[1];
+
+        ret = RAND_DRBG_generate(drbg, dummy, sizeof(dummy), 0, buf, buflen);
+        rand_drbg_unlock(drbg);
+        return ret;
+#else
+        /*
+         * If an os entropy source is avaible then we declare the buffer content
+         * as additional data by setting randomness to zero and trigger a regular
+         * reseeding.
+         */
+        randomness = 0.0;
+#endif
+    }
+
+
+    if (randomness > (double)seedlen) {
+        /*
+         * The purpose of this check is to bound |randomness| by a
+         * relatively small value in order to prevent an integer
+         * overflow when multiplying by 8 in the rand_drbg_restart()
+         * call below. Note that randomness is measured in bytes,
+         * not bits, so this value corresponds to eight times the
+         * security strength.
+         */
+        randomness = (double)seedlen;
+    }
+
+    ret = rand_drbg_restart(drbg, buf, buflen, (size_t)(8 * randomness));
+    rand_drbg_unlock(drbg);
+
+    return ret;
+}
+
+/* Implements the default OpenSSL RAND_seed() method */
+static int drbg_seed(const void *buf, int num)
+{
+    return drbg_add(buf, num, num);
+}
+
+/* Implements the default OpenSSL RAND_status() method */
+static int drbg_status(void)
+{
+    int ret;
+    RAND_DRBG *drbg = RAND_DRBG_get0_master();
+
+    if (drbg == NULL)
+        return 0;
+
+    rand_drbg_lock(drbg);
+    ret = drbg->state == DRBG_READY ? 1 : 0;
+    rand_drbg_unlock(drbg);
+    return ret;
+}
+
+/*
+ * Get the master DRBG.
+ * Returns pointer to the DRBG on success, NULL on failure.
+ *
+ */
+RAND_DRBG *RAND_DRBG_get0_master(void)
+{
+    if (!RUN_ONCE(&rand_drbg_init, do_rand_drbg_init))
+        return NULL;
+
+    return master_drbg;
+}
+
+/*
+ * Get the public DRBG.
+ * Returns pointer to the DRBG on success, NULL on failure.
+ */
+RAND_DRBG *RAND_DRBG_get0_public(void)
+{
+    RAND_DRBG *drbg;
+
+    if (!RUN_ONCE(&rand_drbg_init, do_rand_drbg_init))
+        return NULL;
+
+    drbg = CRYPTO_THREAD_get_local(&public_drbg);
+    if (drbg == NULL) {
+        if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_RAND))
+            return NULL;
+        drbg = drbg_setup(master_drbg);
+        CRYPTO_THREAD_set_local(&public_drbg, drbg);
+    }
+    return drbg;
+}
+
+/*
+ * Get the private DRBG.
+ * Returns pointer to the DRBG on success, NULL on failure.
+ */
+RAND_DRBG *RAND_DRBG_get0_private(void)
+{
+    RAND_DRBG *drbg;
+
+    if (!RUN_ONCE(&rand_drbg_init, do_rand_drbg_init))
+        return NULL;
+
+    drbg = CRYPTO_THREAD_get_local(&private_drbg);
+    if (drbg == NULL) {
+        if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_RAND))
+            return NULL;
+        drbg = drbg_setup(master_drbg);
+        CRYPTO_THREAD_set_local(&private_drbg, drbg);
+    }
+    return drbg;
+}
+
+RAND_METHOD rand_meth = {
+    drbg_seed,
+    drbg_bytes,
+    NULL,
+    drbg_add,
+    drbg_bytes,
+    drbg_status
+};
+
+RAND_METHOD *RAND_OpenSSL(void)
+{
+    return &rand_meth;
+}
diff --git a/deps/openssl/openssl/crypto/rand/md_rand.c b/deps/openssl/openssl/crypto/rand/md_rand.c
deleted file mode 100644
index eb6a14b14f..0000000000
--- a/deps/openssl/openssl/crypto/rand/md_rand.c
+++ /dev/null
@@ -1,665 +0,0 @@
-/*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include <stdio.h>
-#include <string.h>
-
-#include "e_os.h"
-
-#if !(defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_DSPBIOS))
-# include <sys/time.h>
-#endif
-#if defined(OPENSSL_SYS_VXWORKS)
-# include <time.h>
-#endif
-
-#include <openssl/opensslconf.h>
-#include <openssl/crypto.h>
-#include <openssl/rand.h>
-#include <openssl/async.h>
-#include "rand_lcl.h"
-
-#include <openssl/err.h>
-
-#include <internal/thread_once.h>
-
-#ifdef OPENSSL_FIPS
-# include <openssl/fips.h>
-#endif
-
-#ifdef BN_DEBUG
-# define PREDICT
-#endif
-
-/* #define PREDICT      1 */
-
-#define STATE_SIZE      1023
-static size_t state_num = 0, state_index = 0;
-static unsigned char state[STATE_SIZE + MD_DIGEST_LENGTH];
-static unsigned char md[MD_DIGEST_LENGTH];
-static long md_count[2] = { 0, 0 };
-
-static double entropy = 0;
-static int initialized = 0;
-
-static CRYPTO_RWLOCK *rand_lock = NULL;
-static CRYPTO_RWLOCK *rand_tmp_lock = NULL;
-static CRYPTO_ONCE rand_lock_init = CRYPTO_ONCE_STATIC_INIT;
-
-/* May be set only when a thread holds rand_lock (to prevent double locking) */
-static unsigned int crypto_lock_rand = 0;
-/* access to locking_threadid is synchronized by rand_tmp_lock */
-/* valid iff crypto_lock_rand is set */
-static CRYPTO_THREAD_ID locking_threadid;
-
-#ifdef PREDICT
-int rand_predictable = 0;
-#endif
-
-static int rand_hw_seed(EVP_MD_CTX *ctx);
-
-static void rand_cleanup(void);
-static int rand_seed(const void *buf, int num);
-static int rand_add(const void *buf, int num, double add_entropy);
-static int rand_bytes(unsigned char *buf, int num, int pseudo);
-static int rand_nopseudo_bytes(unsigned char *buf, int num);
-#if OPENSSL_API_COMPAT < 0x10100000L
-static int rand_pseudo_bytes(unsigned char *buf, int num);
-#endif
-static int rand_status(void);
-
-static RAND_METHOD rand_meth = {
-    rand_seed,
-    rand_nopseudo_bytes,
-    rand_cleanup,
-    rand_add,
-#if OPENSSL_API_COMPAT < 0x10100000L
-    rand_pseudo_bytes,
-#else
-    NULL,
-#endif
-    rand_status
-};
-
-DEFINE_RUN_ONCE_STATIC(do_rand_lock_init)
-{
-    OPENSSL_init_crypto(0, NULL);
-    rand_lock = CRYPTO_THREAD_lock_new();
-    rand_tmp_lock = CRYPTO_THREAD_lock_new();
-    return rand_lock != NULL && rand_tmp_lock != NULL;
-}
-
-RAND_METHOD *RAND_OpenSSL(void)
-{
-    return (&rand_meth);
-}
-
-static void rand_cleanup(void)
-{
-    OPENSSL_cleanse(state, sizeof(state));
-    state_num = 0;
-    state_index = 0;
-    OPENSSL_cleanse(md, MD_DIGEST_LENGTH);
-    md_count[0] = 0;
-    md_count[1] = 0;
-    entropy = 0;
-    initialized = 0;
-    CRYPTO_THREAD_lock_free(rand_lock);
-    CRYPTO_THREAD_lock_free(rand_tmp_lock);
-}
-
-static int rand_add(const void *buf, int num, double add)
-{
-    int i, j, k, st_idx;
-    long md_c[2];
-    unsigned char local_md[MD_DIGEST_LENGTH];
-    EVP_MD_CTX *m;
-    int do_not_lock;
-    int rv = 0;
-
-    if (!num)
-        return 1;
-
-    /*
-     * (Based on the rand(3) manpage)
-     *
-     * The input is chopped up into units of 20 bytes (or less for
-     * the last block).  Each of these blocks is run through the hash
-     * function as follows:  The data passed to the hash function
-     * is the current 'md', the same number of bytes from the 'state'
-     * (the location determined by in incremented looping index) as
-     * the current 'block', the new key data 'block', and 'count'
-     * (which is incremented after each use).
-     * The result of this is kept in 'md' and also xored into the
-     * 'state' at the same locations that were used as input into the
-     * hash function.
-     */
-
-    m = EVP_MD_CTX_new();
-    if (m == NULL)
-        goto err;
-
-    if (!RUN_ONCE(&rand_lock_init, do_rand_lock_init))
-        goto err;
-
-    /* check if we already have the lock */
-    if (crypto_lock_rand) {
-        CRYPTO_THREAD_ID cur = CRYPTO_THREAD_get_current_id();
-        CRYPTO_THREAD_read_lock(rand_tmp_lock);
-        do_not_lock = CRYPTO_THREAD_compare_id(locking_threadid, cur);
-        CRYPTO_THREAD_unlock(rand_tmp_lock);
-    } else
-        do_not_lock = 0;
-
-    if (!do_not_lock)
-        CRYPTO_THREAD_write_lock(rand_lock);
-    st_idx = state_index;
-
-    /*
-     * use our own copies of the counters so that even if a concurrent thread
-     * seeds with exactly the same data and uses the same subarray there's
-     * _some_ difference
-     */
-    md_c[0] = md_count[0];
-    md_c[1] = md_count[1];
-
-    memcpy(local_md, md, sizeof(md));
-
-    /* state_index <= state_num <= STATE_SIZE */
-    state_index += num;
-    if (state_index >= STATE_SIZE) {
-        state_index %= STATE_SIZE;
-        state_num = STATE_SIZE;
-    } else if (state_num < STATE_SIZE) {
-        if (state_index > state_num)
-            state_num = state_index;
-    }
-    /* state_index <= state_num <= STATE_SIZE */
-
-    /*
-     * state[st_idx], ..., state[(st_idx + num - 1) % STATE_SIZE] are what we
-     * will use now, but other threads may use them as well
-     */
-
-    md_count[1] += (num / MD_DIGEST_LENGTH) + (num % MD_DIGEST_LENGTH > 0);
-
-    if (!do_not_lock)
-        CRYPTO_THREAD_unlock(rand_lock);
-
-    for (i = 0; i < num; i += MD_DIGEST_LENGTH) {
-        j = (num - i);
-        j = (j > MD_DIGEST_LENGTH) ? MD_DIGEST_LENGTH : j;
-
-        if (!MD_Init(m))
-            goto err;
-        if (!MD_Update(m, local_md, MD_DIGEST_LENGTH))
-            goto err;
-        k = (st_idx + j) - STATE_SIZE;
-        if (k > 0) {
-            if (!MD_Update(m, &(state[st_idx]), j - k))
-                goto err;
-            if (!MD_Update(m, &(state[0]), k))
-                goto err;
-        } else if (!MD_Update(m, &(state[st_idx]), j))
-            goto err;
-
-        /* DO NOT REMOVE THE FOLLOWING CALL TO MD_Update()! */
-        if (!MD_Update(m, buf, j))
-            goto err;
-        /*
-         * We know that line may cause programs such as purify and valgrind
-         * to complain about use of uninitialized data.  The problem is not,
-         * it's with the caller.  Removing that line will make sure you get
-         * really bad randomness and thereby other problems such as very
-         * insecure keys.
-         */
-
-        if (!MD_Update(m, (unsigned char *)&(md_c[0]), sizeof(md_c)))
-            goto err;
-        if (!MD_Final(m, local_md))
-            goto err;
-        md_c[1]++;
-
-        buf = (const char *)buf + j;
-
-        for (k = 0; k < j; k++) {
-            /*
-             * Parallel threads may interfere with this, but always each byte
-             * of the new state is the XOR of some previous value of its and
-             * local_md (intermediate values may be lost). Alway using locking
-             * could hurt performance more than necessary given that
-             * conflicts occur only when the total seeding is longer than the
-             * random state.
-             */
-            state[st_idx++] ^= local_md[k];
-            if (st_idx >= STATE_SIZE)
-                st_idx = 0;
-        }
-    }
-
-    if (!do_not_lock)
-        CRYPTO_THREAD_write_lock(rand_lock);
-    /*
-     * Don't just copy back local_md into md -- this could mean that other
-     * thread's seeding remains without effect (except for the incremented
-     * counter).  By XORing it we keep at least as much entropy as fits into
-     * md.
-     */
-    for (k = 0; k < (int)sizeof(md); k++) {
-        md[k] ^= local_md[k];
-    }
-    if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */
-        entropy += add;
-    if (!do_not_lock)
-        CRYPTO_THREAD_unlock(rand_lock);
-
-    rv = 1;
- err:
-    EVP_MD_CTX_free(m);
-    return rv;
-}
-
-static int rand_seed(const void *buf, int num)
-{
-    return rand_add(buf, num, (double)num);
-}
-
-static int rand_bytes(unsigned char *buf, int num, int pseudo)
-{
-    static volatile int stirred_pool = 0;
-    int i, j, k;
-    size_t num_ceil, st_idx, st_num;
-    long md_c[2];
-    unsigned char local_md[MD_DIGEST_LENGTH];
-    EVP_MD_CTX *m;
-#ifndef GETPID_IS_MEANINGLESS
-    pid_t curr_pid = getpid();
-#endif
-    time_t curr_time = time(NULL);
-    int do_stir_pool = 0;
-/* time value for various platforms */
-#ifdef OPENSSL_SYS_WIN32
-    FILETIME tv;
-# ifdef _WIN32_WCE
-    SYSTEMTIME t;
-    GetSystemTime(&t);
-    SystemTimeToFileTime(&t, &tv);
-# else
-    GetSystemTimeAsFileTime(&tv);
-# endif
-#elif defined(OPENSSL_SYS_VXWORKS)
-    struct timespec tv;
-    clock_gettime(CLOCK_REALTIME, &ts);
-#elif defined(OPENSSL_SYS_DSPBIOS)
-    unsigned long long tv, OPENSSL_rdtsc();
-    tv = OPENSSL_rdtsc();
-#else
-    struct timeval tv;
-    gettimeofday(&tv, NULL);
-#endif
-
-#ifdef PREDICT
-    if (rand_predictable) {
-        static unsigned char val = 0;
-
-        for (i = 0; i < num; i++)
-            buf[i] = val++;
-        return (1);
-    }
-#endif
-
-    if (num <= 0)
-        return 1;
-
-    m = EVP_MD_CTX_new();
-    if (m == NULL)
-        goto err_mem;
-
-    /* round upwards to multiple of MD_DIGEST_LENGTH/2 */
-    num_ceil =
-        (1 + (num - 1) / (MD_DIGEST_LENGTH / 2)) * (MD_DIGEST_LENGTH / 2);
-
-    /*
-     * (Based on the rand(3) manpage:)
-     *
-     * For each group of 10 bytes (or less), we do the following:
-     *
-     * Input into the hash function the local 'md' (which is initialized from
-     * the global 'md' before any bytes are generated), the bytes that are to
-     * be overwritten by the random bytes, and bytes from the 'state'
-     * (incrementing looping index). From this digest output (which is kept
-     * in 'md'), the top (up to) 10 bytes are returned to the caller and the
-     * bottom 10 bytes are xored into the 'state'.
-     *
-     * Finally, after we have finished 'num' random bytes for the
-     * caller, 'count' (which is incremented) and the local and global 'md'
-     * are fed into the hash function and the results are kept in the
-     * global 'md'.
-     */
-
-    if (!RUN_ONCE(&rand_lock_init, do_rand_lock_init))
-        goto err_mem;
-
-    CRYPTO_THREAD_write_lock(rand_lock);
-    /*
-     * We could end up in an async engine while holding this lock so ensure
-     * we don't pause and cause a deadlock
-     */
-    ASYNC_block_pause();
-
-    /* prevent rand_bytes() from trying to obtain the lock again */
-    CRYPTO_THREAD_write_lock(rand_tmp_lock);
-    locking_threadid = CRYPTO_THREAD_get_current_id();
-    CRYPTO_THREAD_unlock(rand_tmp_lock);
-    crypto_lock_rand = 1;
-
-    if (!initialized) {
-        RAND_poll();
-        initialized = (entropy >= ENTROPY_NEEDED);
-    }
-
-    if (!stirred_pool)
-        do_stir_pool = 1;
-
-    if (!initialized) {
-        /*
-         * If the PRNG state is not yet unpredictable, then seeing the PRNG
-         * output may help attackers to determine the new state; thus we have
-         * to decrease the entropy estimate. Once we've had enough initial
-         * seeding we don't bother to adjust the entropy count, though,
-         * because we're not ambitious to provide *information-theoretic*
-         * randomness. NOTE: This approach fails if the program forks before
-         * we have enough entropy. Entropy should be collected in a separate
-         * input pool and be transferred to the output pool only when the
-         * entropy limit has been reached.
-         */
-        entropy -= num;
-        if (entropy < 0)
-            entropy = 0;
-    }
-
-    if (do_stir_pool) {
-        /*
-         * In the output function only half of 'md' remains secret, so we
-         * better make sure that the required entropy gets 'evenly
-         * distributed' through 'state', our randomness pool. The input
-         * function (rand_add) chains all of 'md', which makes it more
-         * suitable for this purpose.
-         */
-
-        int n = STATE_SIZE;     /* so that the complete pool gets accessed */
-        while (n > 0) {
-#if MD_DIGEST_LENGTH > 20
-# error "Please adjust DUMMY_SEED."
-#endif
-#define DUMMY_SEED "...................." /* at least MD_DIGEST_LENGTH */
-            /*
-             * Note that the seed does not matter, it's just that
-             * rand_add expects to have something to hash.
-             */
-            rand_add(DUMMY_SEED, MD_DIGEST_LENGTH, 0.0);
-            n -= MD_DIGEST_LENGTH;
-        }
-        if (initialized)
-            stirred_pool = 1;
-    }
-
-    st_idx = state_index;
-    st_num = state_num;
-    md_c[0] = md_count[0];
-    md_c[1] = md_count[1];
-    memcpy(local_md, md, sizeof(md));
-
-    state_index += num_ceil;
-    if (state_index > state_num)
-        state_index %= state_num;
-
-    /*
-     * state[st_idx], ..., state[(st_idx + num_ceil - 1) % st_num] are now
-     * ours (but other threads may use them too)
-     */
-
-    md_count[0] += 1;
-
-    /* before unlocking, we must clear 'crypto_lock_rand' */
-    crypto_lock_rand = 0;
-    ASYNC_unblock_pause();
-    CRYPTO_THREAD_unlock(rand_lock);
-
-    while (num > 0) {
-        /* num_ceil -= MD_DIGEST_LENGTH/2 */
-        j = (num >= MD_DIGEST_LENGTH / 2) ? MD_DIGEST_LENGTH / 2 : num;
-        num -= j;
-        if (!MD_Init(m))
-            goto err;
-#ifndef GETPID_IS_MEANINGLESS
-        if (curr_pid) {         /* just in the first iteration to save time */
-            if (!MD_Update(m, (unsigned char *)&curr_pid, sizeof(curr_pid)))
-                goto err;
-            curr_pid = 0;
-        }
-#endif
-        if (curr_time) {        /* just in the first iteration to save time */
-            if (!MD_Update(m, (unsigned char *)&curr_time, sizeof(curr_time)))
-                goto err;
-            if (!MD_Update(m, (unsigned char *)&tv, sizeof(tv)))
-                goto err;
-            curr_time = 0;
-            if (!rand_hw_seed(m))
-                goto err;
-        }
-        if (!MD_Update(m, local_md, MD_DIGEST_LENGTH))
-            goto err;
-        if (!MD_Update(m, (unsigned char *)&(md_c[0]), sizeof(md_c)))
-            goto err;
-
-        k = (st_idx + MD_DIGEST_LENGTH / 2) - st_num;
-        if (k > 0) {
-            if (!MD_Update(m, &(state[st_idx]), MD_DIGEST_LENGTH / 2 - k))
-                goto err;
-            if (!MD_Update(m, &(state[0]), k))
-                goto err;
-        } else if (!MD_Update(m, &(state[st_idx]), MD_DIGEST_LENGTH / 2))
-            goto err;
-        if (!MD_Final(m, local_md))
-            goto err;
-
-        for (i = 0; i < MD_DIGEST_LENGTH / 2; i++) {
-            /* may compete with other threads */
-            state[st_idx++] ^= local_md[i];
-            if (st_idx >= st_num)
-                st_idx = 0;
-            if (i < j)
-                *(buf++) = local_md[i + MD_DIGEST_LENGTH / 2];
-        }
-    }
-
-    if (!MD_Init(m)
-        || !MD_Update(m, (unsigned char *)&(md_c[0]), sizeof(md_c))
-        || !MD_Update(m, local_md, MD_DIGEST_LENGTH))
-        goto err;
-    CRYPTO_THREAD_write_lock(rand_lock);
-    /*
-     * Prevent deadlocks if we end up in an async engine
-     */
-    ASYNC_block_pause();
-    if (!MD_Update(m, md, MD_DIGEST_LENGTH) || !MD_Final(m, md)) {
-        ASYNC_unblock_pause();
-        CRYPTO_THREAD_unlock(rand_lock);
-        goto err;
-    }
-    ASYNC_unblock_pause();
-    CRYPTO_THREAD_unlock(rand_lock);
-
-    EVP_MD_CTX_free(m);
-    if (initialized)
-        return (1);
-    else if (pseudo)
-        return 0;
-    else {
-        RANDerr(RAND_F_RAND_BYTES, RAND_R_PRNG_NOT_SEEDED);
-        ERR_add_error_data(1, "You need to read the OpenSSL FAQ, "
-                           "https://www.openssl.org/docs/faq.html");
-        return (0);
-    }
- err:
-    RANDerr(RAND_F_RAND_BYTES, ERR_R_EVP_LIB);
-    EVP_MD_CTX_free(m);
-    return 0;
- err_mem:
-    RANDerr(RAND_F_RAND_BYTES, ERR_R_MALLOC_FAILURE);
-    EVP_MD_CTX_free(m);
-    return 0;
-
-}
-
-static int rand_nopseudo_bytes(unsigned char *buf, int num)
-{
-    return rand_bytes(buf, num, 0);
-}
-
-#if OPENSSL_API_COMPAT < 0x10100000L
-/*
- * pseudo-random bytes that are guaranteed to be unique but not unpredictable
- */
-static int rand_pseudo_bytes(unsigned char *buf, int num)
-{
-    return rand_bytes(buf, num, 1);
-}
-#endif
-
-static int rand_status(void)
-{
-    CRYPTO_THREAD_ID cur;
-    int ret;
-    int do_not_lock;
-
-    if (!RUN_ONCE(&rand_lock_init, do_rand_lock_init))
-        return 0;
-
-    cur = CRYPTO_THREAD_get_current_id();
-    /*
-     * check if we already have the lock (could happen if a RAND_poll()
-     * implementation calls RAND_status())
-     */
-    if (crypto_lock_rand) {
-        CRYPTO_THREAD_read_lock(rand_tmp_lock);
-        do_not_lock = CRYPTO_THREAD_compare_id(locking_threadid, cur);
-        CRYPTO_THREAD_unlock(rand_tmp_lock);
-    } else
-        do_not_lock = 0;
-
-    if (!do_not_lock) {
-        CRYPTO_THREAD_write_lock(rand_lock);
-        /*
-         * Prevent deadlocks in case we end up in an async engine
-         */
-        ASYNC_block_pause();
-
-        /*
-         * prevent rand_bytes() from trying to obtain the lock again
-         */
-        CRYPTO_THREAD_write_lock(rand_tmp_lock);
-        locking_threadid = cur;
-        CRYPTO_THREAD_unlock(rand_tmp_lock);
-        crypto_lock_rand = 1;
-    }
-
-    if (!initialized) {
-        RAND_poll();
-        initialized = 1;
-    }
-
-    ret = entropy >= ENTROPY_NEEDED;
-
-    if (!do_not_lock) {
-        /* before unlocking, we must clear 'crypto_lock_rand' */
-        crypto_lock_rand = 0;
-
-        ASYNC_unblock_pause();
-        CRYPTO_THREAD_unlock(rand_lock);
-    }
-
-    return ret;
-}
-
-/*
- * rand_hw_seed: get seed data from any available hardware RNG. only
- * currently supports rdrand.
- */
-
-/* Adapted from eng_rdrand.c */
-
-#if (defined(__i386)   || defined(__i386__)   || defined(_M_IX86) || \
-     defined(__x86_64) || defined(__x86_64__) || \
-     defined(_M_AMD64) || defined (_M_X64)) && defined(OPENSSL_CPUID_OBJ) \
-     && !defined(OPENSSL_NO_RDRAND)
-
-# define RDRAND_CALLS    4
-
-size_t OPENSSL_ia32_rdrand(void);
-extern unsigned int OPENSSL_ia32cap_P[];
-
-static int rand_hw_seed(EVP_MD_CTX *ctx)
-{
-    int i;
-    if (!(OPENSSL_ia32cap_P[1] & (1 << (62 - 32))))
-        return 1;
-    for (i = 0; i < RDRAND_CALLS; i++) {
-        size_t rnd;
-        rnd = OPENSSL_ia32_rdrand();
-        if (rnd == 0)
-            return 1;
-        if (!MD_Update(ctx, (unsigned char *)&rnd, sizeof(size_t)))
-            return 0;
-    }
-    return 1;
-}
-
-/* XOR an existing buffer with random data */
-
-void rand_hw_xor(unsigned char *buf, size_t num)
-{
-    size_t rnd;
-    if (!(OPENSSL_ia32cap_P[1] & (1 << (62 - 32))))
-        return;
-    while (num >= sizeof(size_t)) {
-        rnd = OPENSSL_ia32_rdrand();
-        if (rnd == 0)
-            return;
-        *((size_t *)buf) ^= rnd;
-        buf += sizeof(size_t);
-        num -= sizeof(size_t);
-    }
-    if (num) {
-        rnd = OPENSSL_ia32_rdrand();
-        if (rnd == 0)
-            return;
-        while (num) {
-            *buf ^= rnd & 0xff;
-            rnd >>= 8;
-            buf++;
-            num--;
-        }
-    }
-}
-
-#else
-
-static int rand_hw_seed(EVP_MD_CTX *ctx)
-{
-    return 1;
-}
-
-void rand_hw_xor(unsigned char *buf, size_t num)
-{
-    return;
-}
-
-#endif
diff --git a/deps/openssl/openssl/crypto/rand/rand_egd.c b/deps/openssl/openssl/crypto/rand/rand_egd.c
index 50963b8e48..da3017df31 100644
--- a/deps/openssl/openssl/crypto/rand/rand_egd.c
+++ b/deps/openssl/openssl/crypto/rand/rand_egd.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -16,60 +16,28 @@ NON_EMPTY_TRANSLATION_UNIT
 # include <openssl/e_os2.h>
 # include <openssl/rand.h>
 
-/*-
- * Query the EGD <URL: http://www.lothar.com/tech/crypto/>.
- *
- * This module supplies three routines:
- *
- * RAND_query_egd_bytes(path, buf, bytes)
- *   will actually query "bytes" bytes of entropy form the egd-socket located
- *   at path and will write them to buf (if supplied) or will directly feed
- *   it to RAND_seed() if buf==NULL.
- *   The number of bytes is not limited by the maximum chunk size of EGD,
- *   which is 255 bytes. If more than 255 bytes are wanted, several chunks
- *   of entropy bytes are requested. The connection is left open until the
- *   query is competed.
- *   RAND_query_egd_bytes() returns with
- *     -1  if an error occurred during connection or communication.
- *     num the number of bytes read from the EGD socket. This number is either
- *         the number of bytes requested or smaller, if the EGD pool is
- *         drained and the daemon signals that the pool is empty.
- *   This routine does not touch any RAND_status(). This is necessary, since
- *   PRNG functions may call it during initialization.
- *
- * RAND_egd_bytes(path, bytes) will query "bytes" bytes and have them
- *   used to seed the PRNG.
- *   RAND_egd_bytes() is a wrapper for RAND_query_egd_bytes() with buf=NULL.
- *   Unlike RAND_query_egd_bytes(), RAND_status() is used to test the
- *   seed status so that the return value can reflect the seed state:
- *     -1  if an error occurred during connection or communication _or_
- *         if the PRNG has still not received the required seeding.
- *     num the number of bytes read from the EGD socket. This number is either
- *         the number of bytes requested or smaller, if the EGD pool is
- *         drained and the daemon signals that the pool is empty.
- *
- * RAND_egd(path) will query 255 bytes and use the bytes retrieved to seed
- *   the PRNG.
- *   RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.
+/*
+ * Query an EGD
  */
 
 # if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_UEFI)
 int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
 {
-    return (-1);
+    return -1;
 }
 
 int RAND_egd(const char *path)
 {
-    return (-1);
+    return -1;
 }
 
 int RAND_egd_bytes(const char *path, int bytes)
 {
-    return (-1);
+    return -1;
 }
+
 # else
-#  include <openssl/opensslconf.h>
+
 #  include OPENSSL_UNISTD
 #  include <stddef.h>
 #  include <sys/types.h>
@@ -91,157 +59,98 @@ struct sockaddr_un {
 
 int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
 {
-    int ret = 0;
+    FILE *fp = NULL;
     struct sockaddr_un addr;
-    int len, num, numbytes;
-    int fd = -1;
-    int success;
-    unsigned char egdbuf[2], tempbuf[255], *retrievebuf;
+    int mybuffer, ret = -1, i, numbytes, fd;
+    unsigned char tempbuf[255];
+
+    if (bytes > (int)sizeof(tempbuf))
+        return -1;
 
+    /* Make socket. */
     memset(&addr, 0, sizeof(addr));
     addr.sun_family = AF_UNIX;
     if (strlen(path) >= sizeof(addr.sun_path))
-        return (-1);
-    OPENSSL_strlcpy(addr.sun_path, path, sizeof(addr.sun_path));
-    len = offsetof(struct sockaddr_un, sun_path) + strlen(path);
+        return -1;
+    strcpy(addr.sun_path, path);
+    i = offsetof(struct sockaddr_un, sun_path) + strlen(path);
     fd = socket(AF_UNIX, SOCK_STREAM, 0);
-    if (fd == -1)
-        return (-1);
-    success = 0;
-    while (!success) {
-        if (connect(fd, (struct sockaddr *)&addr, len) == 0)
-            success = 1;
-        else {
-            switch (errno) {
-#  ifdef EINTR
-            case EINTR:
-#  endif
-#  ifdef EAGAIN
-            case EAGAIN:
-#  endif
-#  ifdef EINPROGRESS
-            case EINPROGRESS:
-#  endif
-#  ifdef EALREADY
-            case EALREADY:
-#  endif
-                /* No error, try again */
-                break;
+    if (fd == -1 || (fp = fdopen(fd, "r+")) == NULL)
+        return -1;
+    setbuf(fp, NULL);
+
+    /* Try to connect */
+    for ( ; ; ) {
+        if (connect(fd, (struct sockaddr *)&addr, i) == 0)
+            break;
 #  ifdef EISCONN
-            case EISCONN:
-                success = 1;
-                break;
+        if (errno == EISCONN)
+            break;
 #  endif
-            default:
-                ret = -1;
-                goto err;       /* failure */
-            }
-        }
-    }
-
-    while (bytes > 0) {
-        egdbuf[0] = 1;
-        egdbuf[1] = bytes < 255 ? bytes : 255;
-        numbytes = 0;
-        while (numbytes != 2) {
-            num = write(fd, egdbuf + numbytes, 2 - numbytes);
-            if (num >= 0)
-                numbytes += num;
-            else {
-                switch (errno) {
+        switch (errno) {
 #  ifdef EINTR
-                case EINTR:
+        case EINTR:
 #  endif
 #  ifdef EAGAIN
-                case EAGAIN:
+        case EAGAIN:
 #  endif
-                    /* No error, try again */
-                    break;
-                default:
-                    ret = -1;
-                    goto err;   /* failure */
-                }
-            }
-        }
-        numbytes = 0;
-        while (numbytes != 1) {
-            num = read(fd, egdbuf, 1);
-            if (num == 0)
-                goto err;       /* descriptor closed */
-            else if (num > 0)
-                numbytes += num;
-            else {
-                switch (errno) {
-#  ifdef EINTR
-                case EINTR:
+#  ifdef EINPROGRESS
+        case EINPROGRESS:
 #  endif
-#  ifdef EAGAIN
-                case EAGAIN:
+#  ifdef EALREADY
+        case EALREADY:
 #  endif
-                    /* No error, try again */
-                    break;
-                default:
-                    ret = -1;
-                    goto err;   /* failure */
-                }
-            }
-        }
-        if (egdbuf[0] == 0)
+            /* No error, try again */
+            break;
+        default:
+            ret = -1;
             goto err;
-        if (buf)
-            retrievebuf = buf + ret;
-        else
-            retrievebuf = tempbuf;
-        numbytes = 0;
-        while (numbytes != egdbuf[0]) {
-            num = read(fd, retrievebuf + numbytes, egdbuf[0] - numbytes);
-            if (num == 0)
-                goto err;       /* descriptor closed */
-            else if (num > 0)
-                numbytes += num;
-            else {
-                switch (errno) {
-#  ifdef EINTR
-                case EINTR:
-#  endif
-#  ifdef EAGAIN
-                case EAGAIN:
-#  endif
-                    /* No error, try again */
-                    break;
-                default:
-                    ret = -1;
-                    goto err;   /* failure */
-                }
-            }
         }
-        ret += egdbuf[0];
-        bytes -= egdbuf[0];
-        if (!buf)
-            RAND_seed(tempbuf, egdbuf[0]);
     }
+
+    /* Make request, see how many bytes we can get back. */
+    tempbuf[0] = 1;
+    tempbuf[1] = bytes;
+    if (fwrite(tempbuf, sizeof(char), 2, fp) != 2 || fflush(fp) == EOF)
+        goto err;
+    if (fread(tempbuf, sizeof(char), 1, fp) != 1 || tempbuf[0] == 0)
+        goto err;
+    numbytes = tempbuf[0];
+
+    /* Which buffer are we using? */
+    mybuffer = buf == NULL;
+    if (mybuffer)
+        buf = tempbuf;
+
+    /* Read bytes. */
+    i = fread(buf, sizeof(char), numbytes, fp);
+    if (i < numbytes)
+        goto err;
+    ret = numbytes;
+    if (mybuffer)
+        RAND_add(tempbuf, i, i);
+
  err:
-    if (fd != -1)
-        close(fd);
-    return (ret);
+    if (fp != NULL)
+        fclose(fp);
+    return ret;
 }
 
 int RAND_egd_bytes(const char *path, int bytes)
 {
-    int num, ret = -1;
+    int num;
 
     num = RAND_query_egd_bytes(path, NULL, bytes);
     if (num < 0)
-        goto err;
-    if (RAND_status() == 1)
-        ret = num;
- err:
-    return (ret);
+        return -1;
+    if (RAND_status() != 1)
+        return -1;
+    return num;
 }
 
 int RAND_egd(const char *path)
 {
-    return (RAND_egd_bytes(path, 255));
+    return RAND_egd_bytes(path, 255);
 }
 
 # endif
diff --git a/deps/openssl/openssl/crypto/rand/rand_err.c b/deps/openssl/openssl/crypto/rand/rand_err.c
index 55431264a0..6a870455d5 100644
--- a/deps/openssl/openssl/crypto/rand/rand_err.c
+++ b/deps/openssl/openssl/crypto/rand/rand_err.c
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -8,23 +8,116 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
 #include <openssl/err.h>
-#include <openssl/rand.h>
+#include <openssl/randerr.h>
 
-/* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_RAND,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_RAND,0,reason)
-
-static ERR_STRING_DATA RAND_str_functs[] = {
-    {ERR_FUNC(RAND_F_RAND_BYTES), "RAND_bytes"},
+static const ERR_STRING_DATA RAND_str_functs[] = {
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_DRBG_BYTES, 0), "drbg_bytes"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_DRBG_GET_ENTROPY, 0), "drbg_get_entropy"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_DRBG_SETUP, 0), "drbg_setup"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_GET_ENTROPY, 0), "get_entropy"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_BYTES, 0), "RAND_bytes"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_ENABLE_LOCKING, 0),
+     "rand_drbg_enable_locking"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_GENERATE, 0),
+     "RAND_DRBG_generate"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_GET_ENTROPY, 0),
+     "rand_drbg_get_entropy"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_GET_NONCE, 0),
+     "rand_drbg_get_nonce"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_INSTANTIATE, 0),
+     "RAND_DRBG_instantiate"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_NEW, 0), "RAND_DRBG_new"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_RESEED, 0), "RAND_DRBG_reseed"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_RESTART, 0), "rand_drbg_restart"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_SET, 0), "RAND_DRBG_set"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_SET_DEFAULTS, 0),
+     "RAND_DRBG_set_defaults"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_UNINSTANTIATE, 0),
+     "RAND_DRBG_uninstantiate"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_LOAD_FILE, 0), "RAND_load_file"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ACQUIRE_ENTROPY, 0),
+     "rand_pool_acquire_entropy"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ADD, 0), "rand_pool_add"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ADD_BEGIN, 0),
+     "rand_pool_add_begin"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ADD_END, 0), "rand_pool_add_end"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ATTACH, 0), "rand_pool_attach"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_BYTES_NEEDED, 0),
+     "rand_pool_bytes_needed"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_NEW, 0), "rand_pool_new"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_WRITE_FILE, 0), "RAND_write_file"},
     {0, NULL}
 };
 
-static ERR_STRING_DATA RAND_str_reasons[] = {
-    {ERR_REASON(RAND_R_PRNG_NOT_SEEDED), "PRNG not seeded"},
+static const ERR_STRING_DATA RAND_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ADDITIONAL_INPUT_TOO_LONG),
+    "additional input too long"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ALREADY_INSTANTIATED),
+    "already instantiated"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ARGUMENT_OUT_OF_RANGE),
+    "argument out of range"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_CANNOT_OPEN_FILE), "Cannot open file"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_DRBG_ALREADY_INITIALIZED),
+    "drbg already initialized"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_DRBG_NOT_INITIALISED),
+    "drbg not initialised"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ENTROPY_INPUT_TOO_LONG),
+    "entropy input too long"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ENTROPY_OUT_OF_RANGE),
+    "entropy out of range"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ERROR_ENTROPY_POOL_WAS_IGNORED),
+    "error entropy pool was ignored"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ERROR_INITIALISING_DRBG),
+    "error initialising drbg"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ERROR_INSTANTIATING_DRBG),
+    "error instantiating drbg"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ERROR_RETRIEVING_ADDITIONAL_INPUT),
+    "error retrieving additional input"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ERROR_RETRIEVING_ENTROPY),
+    "error retrieving entropy"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ERROR_RETRIEVING_NONCE),
+    "error retrieving nonce"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_FAILED_TO_CREATE_LOCK),
+    "failed to create lock"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_FUNC_NOT_IMPLEMENTED),
+    "Function not implemented"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_FWRITE_ERROR), "Error writing file"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_GENERATE_ERROR), "generate error"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_INTERNAL_ERROR), "internal error"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_IN_ERROR_STATE), "in error state"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_NOT_A_REGULAR_FILE),
+    "Not a regular file"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_NOT_INSTANTIATED), "not instantiated"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_NO_DRBG_IMPLEMENTATION_SELECTED),
+    "no drbg implementation selected"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_PARENT_LOCKING_NOT_ENABLED),
+    "parent locking not enabled"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_PARENT_STRENGTH_TOO_WEAK),
+    "parent strength too weak"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_PERSONALISATION_STRING_TOO_LONG),
+    "personalisation string too long"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_PREDICTION_RESISTANCE_NOT_SUPPORTED),
+    "prediction resistance not supported"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_PRNG_NOT_SEEDED), "PRNG not seeded"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_RANDOM_POOL_OVERFLOW),
+    "random pool overflow"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_RANDOM_POOL_UNDERFLOW),
+    "random pool underflow"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_REQUEST_TOO_LARGE_FOR_DRBG),
+    "request too large for drbg"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_RESEED_ERROR), "reseed error"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_SELFTEST_FAILURE), "selftest failure"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_TOO_LITTLE_NONCE_REQUESTED),
+    "too little nonce requested"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_TOO_MUCH_NONCE_REQUESTED),
+    "too much nonce requested"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_UNSUPPORTED_DRBG_FLAGS),
+    "unsupported drbg flags"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_UNSUPPORTED_DRBG_TYPE),
+    "unsupported drbg type"},
     {0, NULL}
 };
 
@@ -33,10 +126,9 @@ static ERR_STRING_DATA RAND_str_reasons[] = {
 int ERR_load_RAND_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
-
     if (ERR_func_error_string(RAND_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, RAND_str_functs);
-        ERR_load_strings(0, RAND_str_reasons);
+        ERR_load_strings_const(RAND_str_functs);
+        ERR_load_strings_const(RAND_str_reasons);
     }
 #endif
     return 1;
diff --git a/deps/openssl/openssl/crypto/rand/rand_lcl.h b/deps/openssl/openssl/crypto/rand/rand_lcl.h
index d98c90e2ac..c3e9804dc0 100644
--- a/deps/openssl/openssl/crypto/rand/rand_lcl.h
+++ b/deps/openssl/openssl/crypto/rand/rand_lcl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -10,37 +10,284 @@
 #ifndef HEADER_RAND_LCL_H
 # define HEADER_RAND_LCL_H
 
-# define ENTROPY_NEEDED 32      /* require 256 bits = 32 bytes of randomness */
+# include <openssl/aes.h>
+# include <openssl/evp.h>
+# include <openssl/sha.h>
+# include <openssl/hmac.h>
+# include <openssl/ec.h>
+# include <openssl/rand_drbg.h>
+# include "internal/tsan_assist.h"
 
-# if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)
-#  define USE_SHA1_RAND
-# endif
+# include "internal/numbers.h"
 
-# include <openssl/evp.h>
-# define MD_Update(a,b,c)        EVP_DigestUpdate(a,b,c)
-# define MD_Final(a,b)           EVP_DigestFinal_ex(a,b,NULL)
-# if defined(USE_MD5_RAND)
-#  include <openssl/md5.h>
-#  define MD_DIGEST_LENGTH        MD5_DIGEST_LENGTH
-#  define MD_Init(a)              EVP_DigestInit_ex(a,EVP_md5(), NULL)
-#  define MD(a,b,c)               EVP_Digest(a,b,c,NULL,EVP_md5(), NULL)
-# elif defined(USE_SHA1_RAND)
-#  include <openssl/sha.h>
-#  define MD_DIGEST_LENGTH        SHA_DIGEST_LENGTH
-#  define MD_Init(a)              EVP_DigestInit_ex(a,EVP_sha1(), NULL)
-#  define MD(a,b,c)               EVP_Digest(a,b,c,NULL,EVP_sha1(), NULL)
-# elif defined(USE_MDC2_RAND)
-#  include <openssl/mdc2.h>
-#  define MD_DIGEST_LENGTH        MDC2_DIGEST_LENGTH
-#  define MD_Init(a)              EVP_DigestInit_ex(a,EVP_mdc2(), NULL)
-#  define MD(a,b,c)               EVP_Digest(a,b,c,NULL,EVP_mdc2(), NULL)
-# elif defined(USE_MD2_RAND)
-#  include <openssl/md2.h>
-#  define MD_DIGEST_LENGTH        MD2_DIGEST_LENGTH
-#  define MD_Init(a)              EVP_DigestInit_ex(a,EVP_md2(), NULL)
-#  define MD(a,b,c)               EVP_Digest(a,b,c,NULL,EVP_md2(), NULL)
-# endif
-
-void rand_hw_xor(unsigned char *buf, size_t num);
+/* How many times to read the TSC as a randomness source. */
+# define TSC_READ_COUNT                 4
+
+/* Maximum reseed intervals */
+# define MAX_RESEED_INTERVAL                     (1 << 24)
+# define MAX_RESEED_TIME_INTERVAL                (1 << 20) /* approx. 12 days */
+
+/* Default reseed intervals */
+# define MASTER_RESEED_INTERVAL                  (1 << 8)
+# define SLAVE_RESEED_INTERVAL                   (1 << 16)
+# define MASTER_RESEED_TIME_INTERVAL             (60*60)   /* 1 hour */
+# define SLAVE_RESEED_TIME_INTERVAL              (7*60)    /* 7 minutes */
+
+
+
+/*
+ * Maximum input size for the DRBG (entropy, nonce, personalization string)
+ *
+ * NIST SP800 90Ar1 allows a maximum of (1 << 35) bits i.e., (1 << 32) bytes.
+ *
+ * We lower it to 'only' INT32_MAX bytes, which is equivalent to 2 gigabytes.
+ */
+# define DRBG_MAX_LENGTH                         INT32_MAX
+
+
+
+/*
+ * Maximum allocation size for RANDOM_POOL buffers
+ *
+ * The max_len value for the buffer provided to the rand_drbg_get_entropy()
+ * callback is currently 2^31 bytes (2 gigabytes), if a derivation function
+ * is used. Since this is much too large to be allocated, the rand_pool_new()
+ * function chooses more modest values as default pool length, bounded
+ * by RAND_POOL_MIN_LENGTH and RAND_POOL_MAX_LENGTH
+ *
+ * The choice of the RAND_POOL_FACTOR is large enough such that the
+ * RAND_POOL can store a random input which has a lousy entropy rate of
+ * 8/256 (= 0.03125) bits per byte. This input will be sent through the
+ * derivation function which 'compresses' the low quality input into a
+ * high quality output.
+ *
+ * The factor 1.5 below is the pessimistic estimate for the extra amount
+ * of entropy required when no get_nonce() callback is defined.
+ */
+# define RAND_POOL_FACTOR        256
+# define RAND_POOL_MAX_LENGTH    (RAND_POOL_FACTOR * \
+                                  3 * (RAND_DRBG_STRENGTH / 16))
+/*
+ *                             = (RAND_POOL_FACTOR * \
+ *                                1.5 * (RAND_DRBG_STRENGTH / 8))
+ */
+
+
+/* DRBG status values */
+typedef enum drbg_status_e {
+    DRBG_UNINITIALISED,
+    DRBG_READY,
+    DRBG_ERROR
+} DRBG_STATUS;
+
+
+/* instantiate */
+typedef int (*RAND_DRBG_instantiate_fn)(RAND_DRBG *ctx,
+                                        const unsigned char *ent,
+                                        size_t entlen,
+                                        const unsigned char *nonce,
+                                        size_t noncelen,
+                                        const unsigned char *pers,
+                                        size_t perslen);
+/* reseed */
+typedef int (*RAND_DRBG_reseed_fn)(RAND_DRBG *ctx,
+                                   const unsigned char *ent,
+                                   size_t entlen,
+                                   const unsigned char *adin,
+                                   size_t adinlen);
+/* generate output */
+typedef int (*RAND_DRBG_generate_fn)(RAND_DRBG *ctx,
+                                     unsigned char *out,
+                                     size_t outlen,
+                                     const unsigned char *adin,
+                                     size_t adinlen);
+/* uninstantiate */
+typedef int (*RAND_DRBG_uninstantiate_fn)(RAND_DRBG *ctx);
+
+
+/*
+ * The DRBG methods
+ */
+
+typedef struct rand_drbg_method_st {
+    RAND_DRBG_instantiate_fn instantiate;
+    RAND_DRBG_reseed_fn reseed;
+    RAND_DRBG_generate_fn generate;
+    RAND_DRBG_uninstantiate_fn uninstantiate;
+} RAND_DRBG_METHOD;
+
+
+/*
+ * The state of a DRBG AES-CTR.
+ */
+typedef struct rand_drbg_ctr_st {
+    EVP_CIPHER_CTX *ctx;
+    EVP_CIPHER_CTX *ctx_df;
+    const EVP_CIPHER *cipher;
+    size_t keylen;
+    unsigned char K[32];
+    unsigned char V[16];
+    /* Temporary block storage used by ctr_df */
+    unsigned char bltmp[16];
+    size_t bltmp_pos;
+    unsigned char KX[48];
+} RAND_DRBG_CTR;
+
+
+/*
+ * The 'random pool' acts as a dumb container for collecting random
+ * input from various entropy sources. The pool has no knowledge about
+ * whether its randomness is fed into a legacy RAND_METHOD via RAND_add()
+ * or into a new style RAND_DRBG. It is the callers duty to 1) initialize the
+ * random pool, 2) pass it to the polling callbacks, 3) seed the RNG, and
+ * 4) cleanup the random pool again.
+ *
+ * The random pool contains no locking mechanism because its scope and
+ * lifetime is intended to be restricted to a single stack frame.
+ */
+struct rand_pool_st {
+    unsigned char *buffer;  /* points to the beginning of the random pool */
+    size_t len; /* current number of random bytes contained in the pool */
+
+    int attached;  /* true pool was attached to existing buffer */
+
+    size_t min_len; /* minimum number of random bytes requested */
+    size_t max_len; /* maximum number of random bytes (allocated buffer size) */
+    size_t entropy; /* current entropy count in bits */
+    size_t entropy_requested; /* requested entropy count in bits */
+};
+
+/*
+ * The state of all types of DRBGs, even though we only have CTR mode
+ * right now.
+ */
+struct rand_drbg_st {
+    CRYPTO_RWLOCK *lock;
+    RAND_DRBG *parent;
+    int secure; /* 1: allocated on the secure heap, 0: otherwise */
+    int type; /* the nid of the underlying algorithm */
+    /*
+     * Stores the value of the rand_fork_count global as of when we last
+     * reseeded.  The DRBG reseeds automatically whenever drbg->fork_count !=
+     * rand_fork_count.  Used to provide fork-safety and reseed this DRBG in
+     * the child process.
+     */
+    int fork_count;
+    unsigned short flags; /* various external flags */
+
+    /*
+     * The random_data is used by RAND_add()/drbg_add() to attach random
+     * data to the global drbg, such that the rand_drbg_get_entropy() callback
+     * can pull it during instantiation and reseeding. This is necessary to
+     * reconcile the different philosophies of the RAND and the RAND_DRBG
+     * with respect to how randomness is added to the RNG during reseeding
+     * (see PR #4328).
+     */
+    struct rand_pool_st *seed_pool;
+
+    /*
+     * Auxiliary pool for additional data.
+     */
+    struct rand_pool_st *adin_pool;
+
+    /*
+     * The following parameters are setup by the per-type "init" function.
+     *
+     * Currently the only type is CTR_DRBG, its init function is drbg_ctr_init().
+     *
+     * The parameters are closely related to the ones described in
+     * section '10.2.1 CTR_DRBG' of [NIST SP 800-90Ar1], with one
+     * crucial difference: In the NIST standard, all counts are given
+     * in bits, whereas in OpenSSL entropy counts are given in bits
+     * and buffer lengths are given in bytes.
+     *
+     * Since this difference has lead to some confusion in the past,
+     * (see [GitHub Issue #2443], formerly [rt.openssl.org #4055])
+     * the 'len' suffix has been added to all buffer sizes for
+     * clarification.
+     */
+
+    int strength;
+    size_t max_request;
+    size_t min_entropylen, max_entropylen;
+    size_t min_noncelen, max_noncelen;
+    size_t max_perslen, max_adinlen;
+
+    /* Counts the number of generate requests since the last reseed. */
+    unsigned int reseed_gen_counter;
+    /*
+     * Maximum number of generate requests until a reseed is required.
+     * This value is ignored if it is zero.
+     */
+    unsigned int reseed_interval;
+    /* Stores the time when the last reseeding occurred */
+    time_t reseed_time;
+    /*
+     * Specifies the maximum time interval (in seconds) between reseeds.
+     * This value is ignored if it is zero.
+     */
+    time_t reseed_time_interval;
+    /*
+     * Counts the number of reseeds since instantiation.
+     * This value is ignored if it is zero.
+     *
+     * This counter is used only for seed propagation from the <master> DRBG
+     * to its two children, the <public> and <private> DRBG. This feature is
+     * very special and its sole purpose is to ensure that any randomness which
+     * is added by RAND_add() or RAND_seed() will have an immediate effect on
+     * the output of RAND_bytes() resp. RAND_priv_bytes().
+     */
+    TSAN_QUALIFIER unsigned int reseed_prop_counter;
+    unsigned int reseed_next_counter;
+
+    size_t seedlen;
+    DRBG_STATUS state;
+
+    /* Application data, mainly used in the KATs. */
+    CRYPTO_EX_DATA ex_data;
+
+    /* Implementation specific data (currently only one implementation) */
+    union {
+        RAND_DRBG_CTR ctr;
+    } data;
+
+    /* Implementation specific methods */
+    RAND_DRBG_METHOD *meth;
+
+    /* Callback functions.  See comments in rand_lib.c */
+    RAND_DRBG_get_entropy_fn get_entropy;
+    RAND_DRBG_cleanup_entropy_fn cleanup_entropy;
+    RAND_DRBG_get_nonce_fn get_nonce;
+    RAND_DRBG_cleanup_nonce_fn cleanup_nonce;
+};
+
+/* The global RAND method, and the global buffer and DRBG instance. */
+extern RAND_METHOD rand_meth;
+
+/*
+ * A "generation count" of forks.  Incremented in the child process after a
+ * fork.  Since rand_fork_count is increment-only, and only ever written to in
+ * the child process of the fork, which is guaranteed to be single-threaded, no
+ * locking is needed for normal (read) accesses; the rest of pthread fork
+ * processing is assumed to introduce the necessary memory barriers.  Sibling
+ * children of a given parent will produce duplicate values, but this is not
+ * problematic because the reseeding process pulls input from the system CSPRNG
+ * and/or other global sources, so the siblings will end up generating
+ * different output streams.
+ */
+extern int rand_fork_count;
+
+/* DRBG helpers */
+int rand_drbg_restart(RAND_DRBG *drbg,
+                      const unsigned char *buffer, size_t len, size_t entropy);
+size_t rand_drbg_seedlen(RAND_DRBG *drbg);
+/* locking api */
+int rand_drbg_lock(RAND_DRBG *drbg);
+int rand_drbg_unlock(RAND_DRBG *drbg);
+int rand_drbg_enable_locking(RAND_DRBG *drbg);
+
+
+/* initializes the AES-CTR DRBG implementation */
+int drbg_ctr_init(RAND_DRBG *drbg);
 
 #endif
diff --git a/deps/openssl/openssl/crypto/rand/rand_lib.c b/deps/openssl/openssl/crypto/rand/rand_lib.c
index 62770d49d8..d8639c4a03 100644
--- a/deps/openssl/openssl/crypto/rand/rand_lib.c
+++ b/deps/openssl/openssl/crypto/rand/rand_lib.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -11,39 +11,717 @@
 #include <time.h>
 #include "internal/cryptlib.h"
 #include <openssl/opensslconf.h>
-#include "internal/rand.h"
+#include "internal/rand_int.h"
 #include <openssl/engine.h>
 #include "internal/thread_once.h"
-
-#ifdef OPENSSL_FIPS
-# include <openssl/fips.h>
-# include <openssl/fips_rand.h>
-#endif
+#include "rand_lcl.h"
+#include "e_os.h"
 
 #ifndef OPENSSL_NO_ENGINE
 /* non-NULL if default_RAND_meth is ENGINE-provided */
-static ENGINE *funct_ref = NULL;
-static CRYPTO_RWLOCK *rand_engine_lock = NULL;
+static ENGINE *funct_ref;
+static CRYPTO_RWLOCK *rand_engine_lock;
+#endif
+static CRYPTO_RWLOCK *rand_meth_lock;
+static const RAND_METHOD *default_RAND_meth;
+static CRYPTO_ONCE rand_init = CRYPTO_ONCE_STATIC_INIT;
+
+int rand_fork_count;
+
+static CRYPTO_RWLOCK *rand_nonce_lock;
+static int rand_nonce_count;
+
+static int rand_inited = 0;
+
+#ifdef OPENSSL_RAND_SEED_RDTSC
+/*
+ * IMPORTANT NOTE:  It is not currently possible to use this code
+ * because we are not sure about the amount of randomness it provides.
+ * Some SP900 tests have been run, but there is internal skepticism.
+ * So for now this code is not used.
+ */
+# error "RDTSC enabled?  Should not be possible!"
+
+/*
+ * Acquire entropy from high-speed clock
+ *
+ * Since we get some randomness from the low-order bits of the
+ * high-speed clock, it can help.
+ *
+ * Returns the total entropy count, if it exceeds the requested
+ * entropy count. Otherwise, returns an entropy count of 0.
+ */
+size_t rand_acquire_entropy_from_tsc(RAND_POOL *pool)
+{
+    unsigned char c;
+    int i;
+
+    if ((OPENSSL_ia32cap_P[0] & (1 << 4)) != 0) {
+        for (i = 0; i < TSC_READ_COUNT; i++) {
+            c = (unsigned char)(OPENSSL_rdtsc() & 0xFF);
+            rand_pool_add(pool, &c, 1, 4);
+        }
+    }
+    return rand_pool_entropy_available(pool);
+}
+#endif
+
+#ifdef OPENSSL_RAND_SEED_RDCPU
+size_t OPENSSL_ia32_rdseed_bytes(unsigned char *buf, size_t len);
+size_t OPENSSL_ia32_rdrand_bytes(unsigned char *buf, size_t len);
+
+extern unsigned int OPENSSL_ia32cap_P[];
+
+/*
+ * Acquire entropy using Intel-specific cpu instructions
+ *
+ * Uses the RDSEED instruction if available, otherwise uses
+ * RDRAND if available.
+ *
+ * For the differences between RDSEED and RDRAND, and why RDSEED
+ * is the preferred choice, see https://goo.gl/oK3KcN
+ *
+ * Returns the total entropy count, if it exceeds the requested
+ * entropy count. Otherwise, returns an entropy count of 0.
+ */
+size_t rand_acquire_entropy_from_cpu(RAND_POOL *pool)
+{
+    size_t bytes_needed;
+    unsigned char *buffer;
+
+    bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
+    if (bytes_needed > 0) {
+        buffer = rand_pool_add_begin(pool, bytes_needed);
+
+        if (buffer != NULL) {
+            /* Whichever comes first, use RDSEED, RDRAND or nothing */
+            if ((OPENSSL_ia32cap_P[2] & (1 << 18)) != 0) {
+                if (OPENSSL_ia32_rdseed_bytes(buffer, bytes_needed)
+                    == bytes_needed) {
+                    rand_pool_add_end(pool, bytes_needed, 8 * bytes_needed);
+                }
+            } else if ((OPENSSL_ia32cap_P[1] & (1 << (62 - 32))) != 0) {
+                if (OPENSSL_ia32_rdrand_bytes(buffer, bytes_needed)
+                    == bytes_needed) {
+                    rand_pool_add_end(pool, bytes_needed, 8 * bytes_needed);
+                }
+            } else {
+                rand_pool_add_end(pool, 0, 0);
+            }
+        }
+    }
+
+    return rand_pool_entropy_available(pool);
+}
 #endif
-static const RAND_METHOD *default_RAND_meth = NULL;
-static CRYPTO_RWLOCK *rand_meth_lock = NULL;
-static CRYPTO_ONCE rand_lock_init = CRYPTO_ONCE_STATIC_INIT;
 
-DEFINE_RUN_ONCE_STATIC(do_rand_lock_init)
+
+/*
+ * Implements the get_entropy() callback (see RAND_DRBG_set_callbacks())
+ *
+ * If the DRBG has a parent, then the required amount of entropy input
+ * is fetched using the parent's RAND_DRBG_generate().
+ *
+ * Otherwise, the entropy is polled from the system entropy sources
+ * using rand_pool_acquire_entropy().
+ *
+ * If a random pool has been added to the DRBG using RAND_add(), then
+ * its entropy will be used up first.
+ */
+size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
+                             unsigned char **pout,
+                             int entropy, size_t min_len, size_t max_len,
+                             int prediction_resistance)
+{
+    size_t ret = 0;
+    size_t entropy_available = 0;
+    RAND_POOL *pool;
+
+    if (drbg->parent && drbg->strength > drbg->parent->strength) {
+        /*
+         * We currently don't support the algorithm from NIST SP 800-90C
+         * 10.1.2 to use a weaker DRBG as source
+         */
+        RANDerr(RAND_F_RAND_DRBG_GET_ENTROPY, RAND_R_PARENT_STRENGTH_TOO_WEAK);
+        return 0;
+    }
+
+    if (drbg->seed_pool != NULL) {
+        pool = drbg->seed_pool;
+        pool->entropy_requested = entropy;
+    } else {
+        pool = rand_pool_new(entropy, min_len, max_len);
+        if (pool == NULL)
+            return 0;
+    }
+
+    if (drbg->parent) {
+        size_t bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
+        unsigned char *buffer = rand_pool_add_begin(pool, bytes_needed);
+
+        if (buffer != NULL) {
+            size_t bytes = 0;
+
+            /*
+             * Get random from parent, include our state as additional input.
+             * Our lock is already held, but we need to lock our parent before
+             * generating bits from it. (Note: taking the lock will be a no-op
+             * if locking if drbg->parent->lock == NULL.)
+             */
+            rand_drbg_lock(drbg->parent);
+            if (RAND_DRBG_generate(drbg->parent,
+                                   buffer, bytes_needed,
+                                   prediction_resistance,
+                                   NULL, 0) != 0)
+                bytes = bytes_needed;
+            drbg->reseed_next_counter
+                = tsan_load(&drbg->parent->reseed_prop_counter);
+            rand_drbg_unlock(drbg->parent);
+
+            rand_pool_add_end(pool, bytes, 8 * bytes);
+            entropy_available = rand_pool_entropy_available(pool);
+        }
+
+    } else {
+        if (prediction_resistance) {
+            /*
+             * We don't have any entropy sources that comply with the NIST
+             * standard to provide prediction resistance (see NIST SP 800-90C,
+             * Section 5.4).
+             */
+            RANDerr(RAND_F_RAND_DRBG_GET_ENTROPY,
+                    RAND_R_PREDICTION_RESISTANCE_NOT_SUPPORTED);
+            goto err;
+        }
+
+        /* Get entropy by polling system entropy sources. */
+        entropy_available = rand_pool_acquire_entropy(pool);
+    }
+
+    if (entropy_available > 0) {
+        ret   = rand_pool_length(pool);
+        *pout = rand_pool_detach(pool);
+    }
+
+ err:
+    if (drbg->seed_pool == NULL)
+        rand_pool_free(pool);
+    return ret;
+}
+
+/*
+ * Implements the cleanup_entropy() callback (see RAND_DRBG_set_callbacks())
+ *
+ */
+void rand_drbg_cleanup_entropy(RAND_DRBG *drbg,
+                               unsigned char *out, size_t outlen)
+{
+    if (drbg->seed_pool == NULL)
+        OPENSSL_secure_clear_free(out, outlen);
+}
+
+
+/*
+ * Implements the get_nonce() callback (see RAND_DRBG_set_callbacks())
+ *
+ */
+size_t rand_drbg_get_nonce(RAND_DRBG *drbg,
+                           unsigned char **pout,
+                           int entropy, size_t min_len, size_t max_len)
+{
+    size_t ret = 0;
+    RAND_POOL *pool;
+
+    struct {
+        void * instance;
+        int count;
+    } data = { 0 };
+
+    pool = rand_pool_new(0, min_len, max_len);
+    if (pool == NULL)
+        return 0;
+
+    if (rand_pool_add_nonce_data(pool) == 0)
+        goto err;
+
+    data.instance = drbg;
+    CRYPTO_atomic_add(&rand_nonce_count, 1, &data.count, rand_nonce_lock);
+
+    if (rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0) == 0)
+        goto err;
+
+    ret   = rand_pool_length(pool);
+    *pout = rand_pool_detach(pool);
+
+ err:
+    rand_pool_free(pool);
+
+    return ret;
+}
+
+/*
+ * Implements the cleanup_nonce() callback (see RAND_DRBG_set_callbacks())
+ *
+ */
+void rand_drbg_cleanup_nonce(RAND_DRBG *drbg,
+                             unsigned char *out, size_t outlen)
+{
+    OPENSSL_secure_clear_free(out, outlen);
+}
+
+/*
+ * Generate additional data that can be used for the drbg. The data does
+ * not need to contain entropy, but it's useful if it contains at least
+ * some bits that are unpredictable.
+ *
+ * Returns 0 on failure.
+ *
+ * On success it allocates a buffer at |*pout| and returns the length of
+ * the data. The buffer should get freed using OPENSSL_secure_clear_free().
+ */
+size_t rand_drbg_get_additional_data(RAND_POOL *pool, unsigned char **pout)
+{
+    size_t ret = 0;
+
+    if (rand_pool_add_additional_data(pool) == 0)
+        goto err;
+
+    ret = rand_pool_length(pool);
+    *pout = rand_pool_detach(pool);
+
+ err:
+    return ret;
+}
+
+void rand_drbg_cleanup_additional_data(RAND_POOL *pool, unsigned char *out)
+{
+    rand_pool_reattach(pool, out);
+}
+
+void rand_fork(void)
+{
+    rand_fork_count++;
+}
+
+DEFINE_RUN_ONCE_STATIC(do_rand_init)
 {
-    int ret = 1;
 #ifndef OPENSSL_NO_ENGINE
     rand_engine_lock = CRYPTO_THREAD_lock_new();
-    ret &= rand_engine_lock != NULL;
+    if (rand_engine_lock == NULL)
+        return 0;
 #endif
+
     rand_meth_lock = CRYPTO_THREAD_lock_new();
-    ret &= rand_meth_lock != NULL;
+    if (rand_meth_lock == NULL)
+        goto err1;
+
+    rand_nonce_lock = CRYPTO_THREAD_lock_new();
+    if (rand_nonce_lock == NULL)
+        goto err2;
+
+    if (!rand_pool_init())
+        goto err3;
+
+    rand_inited = 1;
+    return 1;
+
+err3:
+    CRYPTO_THREAD_lock_free(rand_nonce_lock);
+    rand_nonce_lock = NULL;
+err2:
+    CRYPTO_THREAD_lock_free(rand_meth_lock);
+    rand_meth_lock = NULL;
+err1:
+#ifndef OPENSSL_NO_ENGINE
+    CRYPTO_THREAD_lock_free(rand_engine_lock);
+    rand_engine_lock = NULL;
+#endif
+    return 0;
+}
+
+void rand_cleanup_int(void)
+{
+    const RAND_METHOD *meth = default_RAND_meth;
+
+    if (!rand_inited)
+        return;
+
+    if (meth != NULL && meth->cleanup != NULL)
+        meth->cleanup();
+    RAND_set_rand_method(NULL);
+    rand_pool_cleanup();
+#ifndef OPENSSL_NO_ENGINE
+    CRYPTO_THREAD_lock_free(rand_engine_lock);
+    rand_engine_lock = NULL;
+#endif
+    CRYPTO_THREAD_lock_free(rand_meth_lock);
+    rand_meth_lock = NULL;
+    CRYPTO_THREAD_lock_free(rand_nonce_lock);
+    rand_nonce_lock = NULL;
+    rand_inited = 0;
+}
+
+/*
+ * RAND_close_seed_files() ensures that any seed file decriptors are
+ * closed after use.
+ */
+void RAND_keep_random_devices_open(int keep)
+{
+    if (RUN_ONCE(&rand_init, do_rand_init))
+        rand_pool_keep_random_devices_open(keep);
+}
+
+/*
+ * RAND_poll() reseeds the default RNG using random input
+ *
+ * The random input is obtained from polling various entropy
+ * sources which depend on the operating system and are
+ * configurable via the --with-rand-seed configure option.
+ */
+int RAND_poll(void)
+{
+    int ret = 0;
+
+    RAND_POOL *pool = NULL;
+
+    const RAND_METHOD *meth = RAND_get_rand_method();
+
+    if (meth == RAND_OpenSSL()) {
+        /* fill random pool and seed the master DRBG */
+        RAND_DRBG *drbg = RAND_DRBG_get0_master();
+
+        if (drbg == NULL)
+            return 0;
+
+        rand_drbg_lock(drbg);
+        ret = rand_drbg_restart(drbg, NULL, 0, 0);
+        rand_drbg_unlock(drbg);
+
+        return ret;
+
+    } else {
+        /* fill random pool and seed the current legacy RNG */
+        pool = rand_pool_new(RAND_DRBG_STRENGTH,
+                             RAND_DRBG_STRENGTH / 8,
+                             RAND_POOL_MAX_LENGTH);
+        if (pool == NULL)
+            return 0;
+
+        if (rand_pool_acquire_entropy(pool) == 0)
+            goto err;
+
+        if (meth->add == NULL
+            || meth->add(rand_pool_buffer(pool),
+                         rand_pool_length(pool),
+                         (rand_pool_entropy(pool) / 8.0)) == 0)
+            goto err;
+
+        ret = 1;
+    }
+
+err:
+    rand_pool_free(pool);
     return ret;
 }
 
+/*
+ * Allocate memory and initialize a new random pool
+ */
+
+RAND_POOL *rand_pool_new(int entropy_requested, size_t min_len, size_t max_len)
+{
+    RAND_POOL *pool = OPENSSL_zalloc(sizeof(*pool));
+
+    if (pool == NULL) {
+        RANDerr(RAND_F_RAND_POOL_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    pool->min_len = min_len;
+    pool->max_len = (max_len > RAND_POOL_MAX_LENGTH) ?
+        RAND_POOL_MAX_LENGTH : max_len;
+
+    pool->buffer = OPENSSL_secure_zalloc(pool->max_len);
+    if (pool->buffer == NULL) {
+        RANDerr(RAND_F_RAND_POOL_NEW, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    pool->entropy_requested = entropy_requested;
+
+    return pool;
+
+err:
+    OPENSSL_free(pool);
+    return NULL;
+}
+
+/*
+ * Attach new random pool to the given buffer
+ *
+ * This function is intended to be used only for feeding random data
+ * provided by RAND_add() and RAND_seed() into the <master> DRBG.
+ */
+RAND_POOL *rand_pool_attach(const unsigned char *buffer, size_t len,
+                            size_t entropy)
+{
+    RAND_POOL *pool = OPENSSL_zalloc(sizeof(*pool));
+
+    if (pool == NULL) {
+        RANDerr(RAND_F_RAND_POOL_ATTACH, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    /*
+     * The const needs to be cast away, but attached buffers will not be
+     * modified (in contrary to allocated buffers which are zeroed and
+     * freed in the end).
+     */
+    pool->buffer = (unsigned char *) buffer;
+    pool->len = len;
+
+    pool->attached = 1;
+
+    pool->min_len = pool->max_len = pool->len;
+    pool->entropy = entropy;
+
+    return pool;
+}
+
+/*
+ * Free |pool|, securely erasing its buffer.
+ */
+void rand_pool_free(RAND_POOL *pool)
+{
+    if (pool == NULL)
+        return;
+
+    /*
+     * Although it would be advisable from a cryptographical viewpoint,
+     * we are not allowed to clear attached buffers, since they are passed
+     * to rand_pool_attach() as `const unsigned char*`.
+     * (see corresponding comment in rand_pool_attach()).
+     */
+    if (!pool->attached)
+        OPENSSL_secure_clear_free(pool->buffer, pool->max_len);
+    OPENSSL_free(pool);
+}
+
+/*
+ * Return the |pool|'s buffer to the caller (readonly).
+ */
+const unsigned char *rand_pool_buffer(RAND_POOL *pool)
+{
+    return pool->buffer;
+}
+
+/*
+ * Return the |pool|'s entropy to the caller.
+ */
+size_t rand_pool_entropy(RAND_POOL *pool)
+{
+    return pool->entropy;
+}
+
+/*
+ * Return the |pool|'s buffer length to the caller.
+ */
+size_t rand_pool_length(RAND_POOL *pool)
+{
+    return pool->len;
+}
+
+/*
+ * Detach the |pool| buffer and return it to the caller.
+ * It's the responsibility of the caller to free the buffer
+ * using OPENSSL_secure_clear_free() or to re-attach it
+ * again to the pool using rand_pool_reattach().
+ */
+unsigned char *rand_pool_detach(RAND_POOL *pool)
+{
+    unsigned char *ret = pool->buffer;
+    pool->buffer = NULL;
+    pool->entropy = 0;
+    return ret;
+}
+
+/*
+ * Re-attach the |pool| buffer. It is only allowed to pass
+ * the |buffer| which was previously detached from the same pool.
+ */
+void rand_pool_reattach(RAND_POOL *pool, unsigned char *buffer)
+{
+    pool->buffer = buffer;
+    OPENSSL_cleanse(pool->buffer, pool->len);
+    pool->len = 0;
+}
+
+/*
+ * If |entropy_factor| bits contain 1 bit of entropy, how many bytes does one
+ * need to obtain at least |bits| bits of entropy?
+ */
+#define ENTROPY_TO_BYTES(bits, entropy_factor) \
+    (((bits) * (entropy_factor) + 7) / 8)
+
+
+/*
+ * Checks whether the |pool|'s entropy is available to the caller.
+ * This is the case when entropy count and buffer length are high enough.
+ * Returns
+ *
+ *  |entropy|  if the entropy count and buffer size is large enough
+ *      0      otherwise
+ */
+size_t rand_pool_entropy_available(RAND_POOL *pool)
+{
+    if (pool->entropy < pool->entropy_requested)
+        return 0;
+
+    if (pool->len < pool->min_len)
+        return 0;
+
+    return pool->entropy;
+}
+
+/*
+ * Returns the (remaining) amount of entropy needed to fill
+ * the random pool.
+ */
+
+size_t rand_pool_entropy_needed(RAND_POOL *pool)
+{
+    if (pool->entropy < pool->entropy_requested)
+        return pool->entropy_requested - pool->entropy;
+
+    return 0;
+}
+
+/*
+ * Returns the number of bytes needed to fill the pool, assuming
+ * the input has 1 / |entropy_factor| entropy bits per data bit.
+ * In case of an error, 0 is returned.
+ */
+
+size_t rand_pool_bytes_needed(RAND_POOL *pool, unsigned int entropy_factor)
+{
+    size_t bytes_needed;
+    size_t entropy_needed = rand_pool_entropy_needed(pool);
+
+    if (entropy_factor < 1) {
+        RANDerr(RAND_F_RAND_POOL_BYTES_NEEDED, RAND_R_ARGUMENT_OUT_OF_RANGE);
+        return 0;
+    }
+
+    bytes_needed = ENTROPY_TO_BYTES(entropy_needed, entropy_factor);
+
+    if (bytes_needed > pool->max_len - pool->len) {
+        /* not enough space left */
+        RANDerr(RAND_F_RAND_POOL_BYTES_NEEDED, RAND_R_RANDOM_POOL_OVERFLOW);
+        return 0;
+    }
+
+    if (pool->len < pool->min_len &&
+        bytes_needed < pool->min_len - pool->len)
+        /* to meet the min_len requirement */
+        bytes_needed = pool->min_len - pool->len;
+
+    return bytes_needed;
+}
+
+/* Returns the remaining number of bytes available */
+size_t rand_pool_bytes_remaining(RAND_POOL *pool)
+{
+    return pool->max_len - pool->len;
+}
+
+/*
+ * Add random bytes to the random pool.
+ *
+ * It is expected that the |buffer| contains |len| bytes of
+ * random input which contains at least |entropy| bits of
+ * randomness.
+ *
+ * Returns 1 if the added amount is adequate, otherwise 0
+ */
+int rand_pool_add(RAND_POOL *pool,
+                  const unsigned char *buffer, size_t len, size_t entropy)
+{
+    if (len > pool->max_len - pool->len) {
+        RANDerr(RAND_F_RAND_POOL_ADD, RAND_R_ENTROPY_INPUT_TOO_LONG);
+        return 0;
+    }
+
+    if (pool->buffer == NULL) {
+        RANDerr(RAND_F_RAND_POOL_ADD, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    if (len > 0) {
+        memcpy(pool->buffer + pool->len, buffer, len);
+        pool->len += len;
+        pool->entropy += entropy;
+    }
+
+    return 1;
+}
+
+/*
+ * Start to add random bytes to the random pool in-place.
+ *
+ * Reserves the next |len| bytes for adding random bytes in-place
+ * and returns a pointer to the buffer.
+ * The caller is allowed to copy up to |len| bytes into the buffer.
+ * If |len| == 0 this is considered a no-op and a NULL pointer
+ * is returned without producing an error message.
+ *
+ * After updating the buffer, rand_pool_add_end() needs to be called
+ * to finish the udpate operation (see next comment).
+ */
+unsigned char *rand_pool_add_begin(RAND_POOL *pool, size_t len)
+{
+    if (len == 0)
+        return NULL;
+
+    if (len > pool->max_len - pool->len) {
+        RANDerr(RAND_F_RAND_POOL_ADD_BEGIN, RAND_R_RANDOM_POOL_OVERFLOW);
+        return NULL;
+    }
+
+    if (pool->buffer == NULL) {
+        RANDerr(RAND_F_RAND_POOL_ADD_BEGIN, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    return pool->buffer + pool->len;
+}
+
+/*
+ * Finish to add random bytes to the random pool in-place.
+ *
+ * Finishes an in-place update of the random pool started by
+ * rand_pool_add_begin() (see previous comment).
+ * It is expected that |len| bytes of random input have been added
+ * to the buffer which contain at least |entropy| bits of randomness.
+ * It is allowed to add less bytes than originally reserved.
+ */
+int rand_pool_add_end(RAND_POOL *pool, size_t len, size_t entropy)
+{
+    if (len > pool->max_len - pool->len) {
+        RANDerr(RAND_F_RAND_POOL_ADD_END, RAND_R_RANDOM_POOL_OVERFLOW);
+        return 0;
+    }
+
+    if (len > 0) {
+        pool->len += len;
+        pool->entropy += entropy;
+    }
+
+    return 1;
+}
+
 int RAND_set_rand_method(const RAND_METHOD *meth)
 {
-    if (!RUN_ONCE(&rand_lock_init, do_rand_lock_init))
+    if (!RUN_ONCE(&rand_init, do_rand_init))
         return 0;
 
     CRYPTO_THREAD_write_lock(rand_meth_lock);
@@ -60,25 +738,26 @@ const RAND_METHOD *RAND_get_rand_method(void)
 {
     const RAND_METHOD *tmp_meth = NULL;
 
-    if (!RUN_ONCE(&rand_lock_init, do_rand_lock_init))
+    if (!RUN_ONCE(&rand_init, do_rand_init))
         return NULL;
 
     CRYPTO_THREAD_write_lock(rand_meth_lock);
-    if (!default_RAND_meth) {
+    if (default_RAND_meth == NULL) {
 #ifndef OPENSSL_NO_ENGINE
-        ENGINE *e = ENGINE_get_default_RAND();
-        if (e) {
-            default_RAND_meth = ENGINE_get_RAND(e);
-            if (default_RAND_meth == NULL) {
-                ENGINE_finish(e);
-                e = NULL;
-            }
-        }
-        if (e)
+        ENGINE *e;
+
+        /* If we have an engine that can do RAND, use it. */
+        if ((e = ENGINE_get_default_RAND()) != NULL
+                && (tmp_meth = ENGINE_get_RAND(e)) != NULL) {
             funct_ref = e;
-        else
+            default_RAND_meth = tmp_meth;
+        } else {
+            ENGINE_finish(e);
+            default_RAND_meth = &rand_meth;
+        }
+#else
+        default_RAND_meth = &rand_meth;
 #endif
-            default_RAND_meth = RAND_OpenSSL();
     }
     tmp_meth = default_RAND_meth;
     CRYPTO_THREAD_unlock(rand_meth_lock);
@@ -90,10 +769,10 @@ int RAND_set_rand_engine(ENGINE *engine)
 {
     const RAND_METHOD *tmp_meth = NULL;
 
-    if (!RUN_ONCE(&rand_lock_init, do_rand_lock_init))
+    if (!RUN_ONCE(&rand_init, do_rand_init))
         return 0;
 
-    if (engine) {
+    if (engine != NULL) {
         if (!ENGINE_init(engine))
             return 0;
         tmp_meth = ENGINE_get_RAND(engine);
@@ -111,54 +790,70 @@ int RAND_set_rand_engine(ENGINE *engine)
 }
 #endif
 
-void rand_cleanup_int(void)
+void RAND_seed(const void *buf, int num)
 {
-    const RAND_METHOD *meth = default_RAND_meth;
-    if (meth && meth->cleanup)
-        meth->cleanup();
-    RAND_set_rand_method(NULL);
-    CRYPTO_THREAD_lock_free(rand_meth_lock);
-#ifndef OPENSSL_NO_ENGINE
-    CRYPTO_THREAD_lock_free(rand_engine_lock);
-#endif
+    const RAND_METHOD *meth = RAND_get_rand_method();
+
+    if (meth->seed != NULL)
+        meth->seed(buf, num);
 }
 
-void RAND_seed(const void *buf, int num)
+void RAND_add(const void *buf, int num, double randomness)
 {
     const RAND_METHOD *meth = RAND_get_rand_method();
-    if (meth && meth->seed)
-        meth->seed(buf, num);
+
+    if (meth->add != NULL)
+        meth->add(buf, num, randomness);
 }
 
-void RAND_add(const void *buf, int num, double entropy)
+/*
+ * This function is not part of RAND_METHOD, so if we're not using
+ * the default method, then just call RAND_bytes().  Otherwise make
+ * sure we're instantiated and use the private DRBG.
+ */
+int RAND_priv_bytes(unsigned char *buf, int num)
 {
     const RAND_METHOD *meth = RAND_get_rand_method();
-    if (meth && meth->add)
-        meth->add(buf, num, entropy);
+    RAND_DRBG *drbg;
+    int ret;
+
+    if (meth != RAND_OpenSSL())
+        return RAND_bytes(buf, num);
+
+    drbg = RAND_DRBG_get0_private();
+    if (drbg == NULL)
+        return 0;
+
+    ret = RAND_DRBG_bytes(drbg, buf, num);
+    return ret;
 }
 
 int RAND_bytes(unsigned char *buf, int num)
 {
     const RAND_METHOD *meth = RAND_get_rand_method();
-    if (meth && meth->bytes)
+
+    if (meth->bytes != NULL)
         return meth->bytes(buf, num);
-    return (-1);
+    RANDerr(RAND_F_RAND_BYTES, RAND_R_FUNC_NOT_IMPLEMENTED);
+    return -1;
 }
 
 #if OPENSSL_API_COMPAT < 0x10100000L
 int RAND_pseudo_bytes(unsigned char *buf, int num)
 {
     const RAND_METHOD *meth = RAND_get_rand_method();
-    if (meth && meth->pseudorand)
+
+    if (meth->pseudorand != NULL)
         return meth->pseudorand(buf, num);
-    return (-1);
+    return -1;
 }
 #endif
 
 int RAND_status(void)
 {
     const RAND_METHOD *meth = RAND_get_rand_method();
-    if (meth && meth->status)
+
+    if (meth->status != NULL)
         return meth->status();
     return 0;
 }
diff --git a/deps/openssl/openssl/crypto/rand/rand_unix.c b/deps/openssl/openssl/crypto/rand/rand_unix.c
index 7a5a948430..9d8ffdd537 100644
--- a/deps/openssl/openssl/crypto/rand/rand_unix.c
+++ b/deps/openssl/openssl/crypto/rand/rand_unix.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -7,91 +7,141 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
-
-#define USE_SOCKETS
+#ifndef _GNU_SOURCE
+# define _GNU_SOURCE
+#endif
 #include "e_os.h"
+#include <stdio.h>
 #include "internal/cryptlib.h"
 #include <openssl/rand.h>
 #include "rand_lcl.h"
+#include "internal/rand_int.h"
+#include <stdio.h>
+#include "internal/dso.h"
+#if defined(__linux)
+# include <sys/syscall.h>
+#endif
+#if defined(__FreeBSD__)
+# include <sys/types.h>
+# include <sys/sysctl.h>
+# include <sys/param.h>
+#endif
+#if defined(__OpenBSD__) || defined(__NetBSD__)
+# include <sys/param.h>
+#endif
 
-#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI))
-
+#if defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__)
 # include <sys/types.h>
-# include <sys/time.h>
-# include <sys/times.h>
 # include <sys/stat.h>
 # include <fcntl.h>
 # include <unistd.h>
-# include <time.h>
-# if defined(OPENSSL_SYS_LINUX) /* should actually be available virtually
-                                 * everywhere */
-#  include <poll.h>
-# endif
-# include <limits.h>
-# ifndef FD_SETSIZE
-#  define FD_SETSIZE (8*sizeof(fd_set))
+# include <sys/time.h>
+
+static uint64_t get_time_stamp(void);
+static uint64_t get_timer_bits(void);
+
+/* Macro to convert two thirty two bit values into a sixty four bit one */
+# define TWO32TO64(a, b) ((((uint64_t)(a)) << 32) + (b))
+
+/*
+ * Check for the existence and support of POSIX timers.  The standard
+ * says that the _POSIX_TIMERS macro will have a positive value if they
+ * are available.
+ *
+ * However, we want an additional constraint: that the timer support does
+ * not require an extra library dependency.  Early versions of glibc
+ * require -lrt to be specified on the link line to access the timers,
+ * so this needs to be checked for.
+ *
+ * It is worse because some libraries define __GLIBC__ but don't
+ * support the version testing macro (e.g. uClibc).  This means
+ * an extra check is needed.
+ *
+ * The final condition is:
+ *      "have posix timers and either not glibc or glibc without -lrt"
+ *
+ * The nested #if sequences are required to avoid using a parameterised
+ * macro that might be undefined.
+ */
+# undef OSSL_POSIX_TIMER_OKAY
+# if defined(_POSIX_TIMERS) && _POSIX_TIMERS > 0
+#  if defined(__GLIBC__)
+#   if defined(__GLIBC_PREREQ)
+#    if __GLIBC_PREREQ(2, 17)
+#     define OSSL_POSIX_TIMER_OKAY
+#    endif
+#   endif
+#  else
+#   define OSSL_POSIX_TIMER_OKAY
+#  endif
 # endif
+#endif /* defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) */
+
+#if defined(OPENSSL_RAND_SEED_NONE)
+/* none means none. this simplifies the following logic */
+# undef OPENSSL_RAND_SEED_OS
+# undef OPENSSL_RAND_SEED_GETRANDOM
+# undef OPENSSL_RAND_SEED_LIBRANDOM
+# undef OPENSSL_RAND_SEED_DEVRANDOM
+# undef OPENSSL_RAND_SEED_RDTSC
+# undef OPENSSL_RAND_SEED_RDCPU
+# undef OPENSSL_RAND_SEED_EGD
+#endif
+
+#if (defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)) && \
+        !defined(OPENSSL_RAND_SEED_NONE)
+# error "UEFI and VXWorks only support seeding NONE"
+#endif
+
+#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) \
+    || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_VXWORKS) \
+    || defined(OPENSSL_SYS_UEFI))
 
 # if defined(OPENSSL_SYS_VOS)
 
+#  ifndef OPENSSL_RAND_SEED_OS
+#   error "Unsupported seeding method configured; must be os"
+#  endif
+
+#  if defined(OPENSSL_SYS_VOS_HPPA) && defined(OPENSSL_SYS_VOS_IA32)
+#   error "Unsupported HP-PA and IA32 at the same time."
+#  endif
+#  if !defined(OPENSSL_SYS_VOS_HPPA) && !defined(OPENSSL_SYS_VOS_IA32)
+#   error "Must have one of HP-PA or IA32"
+#  endif
+
 /*
  * The following algorithm repeatedly samples the real-time clock (RTC) to
  * generate a sequence of unpredictable data.  The algorithm relies upon the
  * uneven execution speed of the code (due to factors such as cache misses,
  * interrupts, bus activity, and scheduling) and upon the rather large
  * relative difference between the speed of the clock and the rate at which
- * it can be read.
+ * it can be read.  If it is ported to an environment where execution speed
+ * is more constant or where the RTC ticks at a much slower rate, or the
+ * clock can be read with fewer instructions, it is likely that the results
+ * would be far more predictable.  This should only be used for legacy
+ * platforms.
  *
- * If this code is ported to an environment where execution speed is more
- * constant or where the RTC ticks at a much slower rate, or the clock can be
- * read with fewer instructions, it is likely that the results would be far
- * more predictable.
- *
- * As a precaution, we generate 4 times the minimum required amount of seed
- * data.
+ * As a precaution, we assume only 2 bits of entropy per byte.
  */
-
-int RAND_poll(void)
+size_t rand_pool_acquire_entropy(RAND_POOL *pool)
 {
     short int code;
-    gid_t curr_gid;
-    pid_t curr_pid;
-    uid_t curr_uid;
     int i, k;
+    size_t bytes_needed;
     struct timespec ts;
     unsigned char v;
-
 #  ifdef OPENSSL_SYS_VOS_HPPA
     long duration;
     extern void s$sleep(long *_duration, short int *_code);
 #  else
-#   ifdef OPENSSL_SYS_VOS_IA32
     long long duration;
     extern void s$sleep2(long long *_duration, short int *_code);
-#   else
-#    error "Unsupported Platform."
-#   endif                       /* OPENSSL_SYS_VOS_IA32 */
-#  endif                        /* OPENSSL_SYS_VOS_HPPA */
-
-    /*
-     * Seed with the gid, pid, and uid, to ensure *some* variation between
-     * different processes.
-     */
-
-    curr_gid = getgid();
-    RAND_add(&curr_gid, sizeof(curr_gid), 1);
-    curr_gid = 0;
-
-    curr_pid = getpid();
-    RAND_add(&curr_pid, sizeof(curr_pid), 1);
-    curr_pid = 0;
+#  endif
 
-    curr_uid = getuid();
-    RAND_add(&curr_uid, sizeof(curr_uid), 1);
-    curr_uid = 0;
+    bytes_needed = rand_pool_bytes_needed(pool, 4 /*entropy_factor*/);
 
-    for (i = 0; i < (ENTROPY_NEEDED * 4); i++) {
+    for (i = 0; i < bytes_needed; i++) {
         /*
          * burn some cpu; hope for interrupts, cache collisions, bus
          * interference, etc.
@@ -104,221 +154,533 @@ int RAND_poll(void)
         duration = 1;
         s$sleep(&duration, &code);
 #  else
-#   ifdef OPENSSL_SYS_VOS_IA32
         /* sleep for 1/65536 of a second (15 us).  */
         duration = 1;
         s$sleep2(&duration, &code);
-#   endif                       /* OPENSSL_SYS_VOS_IA32 */
-#  endif                        /* OPENSSL_SYS_VOS_HPPA */
+#  endif
 
-        /* get wall clock time.  */
+        /* Get wall clock time, take 8 bits. */
         clock_gettime(CLOCK_REALTIME, &ts);
-
-        /* take 8 bits */
-        v = (unsigned char)(ts.tv_nsec % 256);
-        RAND_add(&v, sizeof(v), 1);
-        v = 0;
+        v = (unsigned char)(ts.tv_nsec & 0xFF);
+        rand_pool_add(pool, arg, &v, sizeof(v) , 2);
     }
-    return 1;
+    return rand_pool_entropy_available(pool);
 }
-# elif defined __OpenBSD__
-int RAND_poll(void)
-{
-    u_int32_t rnd = 0, i;
-    unsigned char buf[ENTROPY_NEEDED];
-
-    for (i = 0; i < sizeof(buf); i++) {
-        if (i % 4 == 0)
-            rnd = arc4random();
-        buf[i] = rnd;
-        rnd >>= 8;
-    }
-    RAND_add(buf, sizeof(buf), ENTROPY_NEEDED);
-    OPENSSL_cleanse(buf, sizeof(buf));
 
-    return 1;
+void rand_pool_cleanup(void)
+{
 }
-# else                          /* !defined(__OpenBSD__) */
-int RAND_poll(void)
+
+void rand_pool_keep_random_devices_open(int keep)
 {
-    unsigned long l;
-    pid_t curr_pid = getpid();
-#  if defined(DEVRANDOM) || (!defined(OPENSS_NO_EGD) && defined(DEVRANDOM_EGD))
-    unsigned char tmpbuf[ENTROPY_NEEDED];
-    int n = 0;
+}
+
+# else
+
+#  if defined(OPENSSL_RAND_SEED_EGD) && \
+        (defined(OPENSSL_NO_EGD) || !defined(DEVRANDOM_EGD))
+#   error "Seeding uses EGD but EGD is turned off or no device given"
 #  endif
-#  ifdef DEVRANDOM
-    static const char *randomfiles[] = { DEVRANDOM };
-    struct stat randomstats[OSSL_NELEM(randomfiles)];
-    int fd;
-    unsigned int i;
+
+#  if defined(OPENSSL_RAND_SEED_DEVRANDOM) && !defined(DEVRANDOM)
+#   error "Seeding uses urandom but DEVRANDOM is not configured"
 #  endif
-#  if !defined(OPENSSL_NO_EGD) && defined(DEVRANDOM_EGD)
-    static const char *egdsockets[] = { DEVRANDOM_EGD, NULL };
-    const char **egdsocket = NULL;
+
+#  if defined(OPENSSL_RAND_SEED_OS)
+#   if !defined(DEVRANDOM)
+#    error "OS seeding requires DEVRANDOM to be configured"
+#   endif
+#   define OPENSSL_RAND_SEED_GETRANDOM
+#   define OPENSSL_RAND_SEED_DEVRANDOM
+#  endif
+
+#  if defined(OPENSSL_RAND_SEED_LIBRANDOM)
+#   error "librandom not (yet) supported"
 #  endif
 
-#  ifdef DEVRANDOM
-    memset(randomstats, 0, sizeof(randomstats));
+#  if (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND)
+/*
+ * sysctl_random(): Use sysctl() to read a random number from the kernel
+ * Returns the number of bytes returned in buf on success, -1 on failure.
+ */
+static ssize_t sysctl_random(char *buf, size_t buflen)
+{
+    int mib[2];
+    size_t done = 0;
+    size_t len;
+
     /*
-     * Use a random entropy pool device. Linux, FreeBSD and OpenBSD have
-     * this. Use /dev/urandom if you can as /dev/random may block if it runs
-     * out of random entries.
+     * Note: sign conversion between size_t and ssize_t is safe even
+     * without a range check, see comment in syscall_random()
      */
 
-    for (i = 0; (i < OSSL_NELEM(randomfiles)) && (n < ENTROPY_NEEDED); i++) {
-        if ((fd = open(randomfiles[i], O_RDONLY
-#   ifdef O_NONBLOCK
-                       | O_NONBLOCK
-#   endif
-#   ifdef O_BINARY
-                       | O_BINARY
+    /*
+     * On FreeBSD old implementations returned longs, newer versions support
+     * variable sizes up to 256 byte. The code below would not work properly
+     * when the sysctl returns long and we want to request something not a
+     * multiple of longs, which should never be the case.
+     */
+    if (!ossl_assert(buflen % sizeof(long) == 0)) {
+        errno = EINVAL;
+        return -1;
+    }
+
+    /*
+     * On NetBSD before 4.0 KERN_ARND was an alias for KERN_URND, and only
+     * filled in an int, leaving the rest uninitialized. Since NetBSD 4.0
+     * it returns a variable number of bytes with the current version supporting
+     * up to 256 bytes.
+     * Just return an error on older NetBSD versions.
+     */
+#if   defined(__NetBSD__) && __NetBSD_Version__ < 400000000
+    errno = ENOSYS;
+    return -1;
+#endif
+
+    mib[0] = CTL_KERN;
+    mib[1] = KERN_ARND;
+
+    do {
+        len = buflen;
+        if (sysctl(mib, 2, buf, &len, NULL, 0) == -1)
+            return done > 0 ? done : -1;
+        done += len;
+        buf += len;
+        buflen -= len;
+    } while (buflen > 0);
+
+    return done;
+}
+#  endif
+
+#  if defined(OPENSSL_RAND_SEED_GETRANDOM)
+/*
+ * syscall_random(): Try to get random data using a system call
+ * returns the number of bytes returned in buf, or < 0 on error.
+ */
+static ssize_t syscall_random(void *buf, size_t buflen)
+{
+    /*
+     * Note: 'buflen' equals the size of the buffer which is used by the
+     * get_entropy() callback of the RAND_DRBG. It is roughly bounded by
+     *
+     *   2 * RAND_POOL_FACTOR * (RAND_DRBG_STRENGTH / 8) = 2^14
+     *
+     * which is way below the OSSL_SSIZE_MAX limit. Therefore sign conversion
+     * between size_t and ssize_t is safe even without a range check.
+     */
+
+    /*
+     * Do runtime detection to find getentropy().
+     *
+     * Known OSs that should support this:
+     * - Darwin since 16 (OSX 10.12, IOS 10.0).
+     * - Solaris since 11.3
+     * - OpenBSD since 5.6
+     * - Linux since 3.17 with glibc 2.25
+     * - FreeBSD since 12.0 (1200061)
+     */
+#  if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux)
+    extern int getentropy(void *buffer, size_t length) __attribute__((weak));
+
+    if (getentropy != NULL)
+        return getentropy(buf, buflen) == 0 ? (ssize_t)buflen : -1;
+#  else
+    union {
+        void *p;
+        int (*f)(void *buffer, size_t length);
+    } p_getentropy;
+
+    /*
+     * We could cache the result of the lookup, but we normally don't
+     * call this function often.
+     */
+    ERR_set_mark();
+    p_getentropy.p = DSO_global_lookup("getentropy");
+    ERR_pop_to_mark();
+    if (p_getentropy.p != NULL)
+        return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1;
+#  endif
+
+    /* Linux supports this since version 3.17 */
+#  if defined(__linux) && defined(SYS_getrandom)
+    return syscall(SYS_getrandom, buf, buflen, 0);
+#  elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND)
+    return sysctl_random(buf, buflen);
+#  else
+    errno = ENOSYS;
+    return -1;
+#  endif
+}
+#  endif    /* defined(OPENSSL_RAND_SEED_GETRANDOM) */
+
+#  if defined(OPENSSL_RAND_SEED_DEVRANDOM)
+static const char *random_device_paths[] = { DEVRANDOM };
+static struct random_device {
+    int fd;
+    dev_t dev;
+    ino_t ino;
+    mode_t mode;
+    dev_t rdev;
+} random_devices[OSSL_NELEM(random_device_paths)];
+static int keep_random_devices_open = 1;
+
+/*
+ * Verify that the file descriptor associated with the random source is
+ * still valid. The rationale for doing this is the fact that it is not
+ * uncommon for daemons to close all open file handles when daemonizing.
+ * So the handle might have been closed or even reused for opening
+ * another file.
+ */
+static int check_random_device(struct random_device * rd)
+{
+    struct stat st;
+
+    return rd->fd != -1
+           && fstat(rd->fd, &st) != -1
+           && rd->dev == st.st_dev
+           && rd->ino == st.st_ino
+           && ((rd->mode ^ st.st_mode) & ~(S_IRWXU | S_IRWXG | S_IRWXO)) == 0
+           && rd->rdev == st.st_rdev;
+}
+
+/*
+ * Open a random device if required and return its file descriptor or -1 on error
+ */
+static int get_random_device(size_t n)
+{
+    struct stat st;
+    struct random_device * rd = &random_devices[n];
+
+    /* reuse existing file descriptor if it is (still) valid */
+    if (check_random_device(rd))
+        return rd->fd;
+
+    /* open the random device ... */
+    if ((rd->fd = open(random_device_paths[n], O_RDONLY)) == -1)
+        return rd->fd;
+
+    /* ... and cache its relevant stat(2) data */
+    if (fstat(rd->fd, &st) != -1) {
+        rd->dev = st.st_dev;
+        rd->ino = st.st_ino;
+        rd->mode = st.st_mode;
+        rd->rdev = st.st_rdev;
+    } else {
+        close(rd->fd);
+        rd->fd = -1;
+    }
+
+    return rd->fd;
+}
+
+/*
+ * Close a random device making sure it is a random device
+ */
+static void close_random_device(size_t n)
+{
+    struct random_device * rd = &random_devices[n];
+
+    if (check_random_device(rd))
+        close(rd->fd);
+    rd->fd = -1;
+}
+
+int rand_pool_init(void)
+{
+    size_t i;
+
+    for (i = 0; i < OSSL_NELEM(random_devices); i++)
+        random_devices[i].fd = -1;
+
+    return 1;
+}
+
+void rand_pool_cleanup(void)
+{
+    size_t i;
+
+    for (i = 0; i < OSSL_NELEM(random_devices); i++)
+        close_random_device(i);
+}
+
+void rand_pool_keep_random_devices_open(int keep)
+{
+    if (!keep)
+        rand_pool_cleanup();
+
+    keep_random_devices_open = keep;
+}
+
+#  else     /* !defined(OPENSSL_RAND_SEED_DEVRANDOM) */
+
+int rand_pool_init(void)
+{
+    return 1;
+}
+
+void rand_pool_cleanup(void)
+{
+}
+
+void rand_pool_keep_random_devices_open(int keep)
+{
+}
+
+#  endif    /* defined(OPENSSL_RAND_SEED_DEVRANDOM) */
+
+/*
+ * Try the various seeding methods in turn, exit when successful.
+ *
+ * TODO(DRBG): If more than one entropy source is available, is it
+ * preferable to stop as soon as enough entropy has been collected
+ * (as favored by @rsalz) or should one rather be defensive and add
+ * more entropy than requested and/or from different sources?
+ *
+ * Currently, the user can select multiple entropy sources in the
+ * configure step, yet in practice only the first available source
+ * will be used. A more flexible solution has been requested, but
+ * currently it is not clear how this can be achieved without
+ * overengineering the problem. There are many parameters which
+ * could be taken into account when selecting the order and amount
+ * of input from the different entropy sources (trust, quality,
+ * possibility of blocking).
+ */
+size_t rand_pool_acquire_entropy(RAND_POOL *pool)
+{
+#  if defined(OPENSSL_RAND_SEED_NONE)
+    return rand_pool_entropy_available(pool);
+#  else
+    size_t bytes_needed;
+    size_t entropy_available = 0;
+    unsigned char *buffer;
+
+#   if defined(OPENSSL_RAND_SEED_GETRANDOM)
+    {
+        ssize_t bytes;
+        /* Maximum allowed number of consecutive unsuccessful attempts */
+        int attempts = 3;
+
+        bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
+        while (bytes_needed != 0 && attempts-- > 0) {
+            buffer = rand_pool_add_begin(pool, bytes_needed);
+            bytes = syscall_random(buffer, bytes_needed);
+            if (bytes > 0) {
+                rand_pool_add_end(pool, bytes, 8 * bytes);
+                bytes_needed -= bytes;
+                attempts = 3; /* reset counter after successful attempt */
+            } else if (bytes < 0 && errno != EINTR) {
+                break;
+            }
+        }
+    }
+    entropy_available = rand_pool_entropy_available(pool);
+    if (entropy_available > 0)
+        return entropy_available;
 #   endif
-#   ifdef O_NOCTTY              /* If it happens to be a TTY (god forbid), do
-                                 * not make it our controlling tty */
-                       | O_NOCTTY
+
+#   if defined(OPENSSL_RAND_SEED_LIBRANDOM)
+    {
+        /* Not yet implemented. */
+    }
 #   endif
-             )) >= 0) {
-            int usec = 10 * 1000; /* spend 10ms on each file */
-            int r;
-            unsigned int j;
-            struct stat *st = &randomstats[i];
-
-            /*
-             * Avoid using same input... Used to be O_NOFOLLOW above, but
-             * it's not universally appropriate...
-             */
-            if (fstat(fd, st) != 0) {
-                close(fd);
+
+#   if defined(OPENSSL_RAND_SEED_DEVRANDOM)
+    bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
+    {
+        size_t i;
+
+        for (i = 0; bytes_needed > 0 && i < OSSL_NELEM(random_device_paths); i++) {
+            ssize_t bytes = 0;
+            /* Maximum allowed number of consecutive unsuccessful attempts */
+            int attempts = 3;
+            const int fd = get_random_device(i);
+
+            if (fd == -1)
                 continue;
-            }
-            for (j = 0; j < i; j++) {
-                if (randomstats[j].st_ino == st->st_ino &&
-                    randomstats[j].st_dev == st->st_dev)
+
+            while (bytes_needed != 0 && attempts-- > 0) {
+                buffer = rand_pool_add_begin(pool, bytes_needed);
+                bytes = read(fd, buffer, bytes_needed);
+
+                if (bytes > 0) {
+                    rand_pool_add_end(pool, bytes, 8 * bytes);
+                    bytes_needed -= bytes;
+                    attempts = 3; /* reset counter after successful attempt */
+                } else if (bytes < 0 && errno != EINTR) {
                     break;
+                }
             }
-            if (j < i) {
-                close(fd);
-                continue;
-            }
+            if (bytes < 0 || !keep_random_devices_open)
+                close_random_device(i);
 
-            do {
-                int try_read = 0;
-
-#   if defined(OPENSSL_SYS_LINUX)
-                /* use poll() */
-                struct pollfd pset;
-
-                pset.fd = fd;
-                pset.events = POLLIN;
-                pset.revents = 0;
-
-                if (poll(&pset, 1, usec / 1000) < 0)
-                    usec = 0;
-                else
-                    try_read = (pset.revents & POLLIN) != 0;
-
-#   else
-                /* use select() */
-                fd_set fset;
-                struct timeval t;
-
-                t.tv_sec = 0;
-                t.tv_usec = usec;
-
-                if (FD_SETSIZE > 0 && (unsigned)fd >= FD_SETSIZE) {
-                    /*
-                     * can't use select, so just try to read once anyway
-                     */
-                    try_read = 1;
-                } else {
-                    FD_ZERO(&fset);
-                    FD_SET(fd, &fset);
-
-                    if (select(fd + 1, &fset, NULL, NULL, &t) >= 0) {
-                        usec = t.tv_usec;
-                        if (FD_ISSET(fd, &fset))
-                            try_read = 1;
-                    } else
-                        usec = 0;
-                }
+            bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
+        }
+        entropy_available = rand_pool_entropy_available(pool);
+        if (entropy_available > 0)
+            return entropy_available;
+    }
 #   endif
 
-                if (try_read) {
-                    r = read(fd, (unsigned char *)tmpbuf + n,
-                             ENTROPY_NEEDED - n);
-                    if (r > 0)
-                        n += r;
-                } else
-                    r = -1;
-
-                /*
-                 * Some Unixen will update t in select(), some won't.  For
-                 * those who won't, or if we didn't use select() in the first
-                 * place, give up here, otherwise, we will do this once again
-                 * for the remaining time.
-                 */
-                if (usec == 10 * 1000)
-                    usec = 0;
-            }
-            while ((r > 0 ||
-                    (errno == EINTR || errno == EAGAIN)) && usec != 0
-                   && n < ENTROPY_NEEDED);
+#   if defined(OPENSSL_RAND_SEED_RDTSC)
+    entropy_available = rand_acquire_entropy_from_tsc(pool);
+    if (entropy_available > 0)
+        return entropy_available;
+#   endif
+
+#   if defined(OPENSSL_RAND_SEED_RDCPU)
+    entropy_available = rand_acquire_entropy_from_cpu(pool);
+    if (entropy_available > 0)
+        return entropy_available;
+#   endif
 
-            close(fd);
+#   if defined(OPENSSL_RAND_SEED_EGD)
+    bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
+    if (bytes_needed > 0) {
+        static const char *paths[] = { DEVRANDOM_EGD, NULL };
+        int i;
+
+        for (i = 0; paths[i] != NULL; i++) {
+            buffer = rand_pool_add_begin(pool, bytes_needed);
+            if (buffer != NULL) {
+                size_t bytes = 0;
+                int num = RAND_query_egd_bytes(paths[i],
+                                               buffer, (int)bytes_needed);
+                if (num == (int)bytes_needed)
+                    bytes = bytes_needed;
+
+                rand_pool_add_end(pool, bytes, 8 * bytes);
+                entropy_available = rand_pool_entropy_available(pool);
+            }
+            if (entropy_available > 0)
+                return entropy_available;
         }
     }
-#  endif                        /* defined(DEVRANDOM) */
+#   endif
+
+    return rand_pool_entropy_available(pool);
+#  endif
+}
+# endif
+#endif
+
+#if defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__)
+int rand_pool_add_nonce_data(RAND_POOL *pool)
+{
+    struct {
+        pid_t pid;
+        CRYPTO_THREAD_ID tid;
+        uint64_t time;
+    } data = { 0 };
+
+    /*
+     * Add process id, thread id, and a high resolution timestamp to
+     * ensure that the nonce is unique with high probability for
+     * different process instances.
+     */
+    data.pid = getpid();
+    data.tid = CRYPTO_THREAD_get_current_id();
+    data.time = get_time_stamp();
+
+    return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
+}
+
+int rand_pool_add_additional_data(RAND_POOL *pool)
+{
+    struct {
+        CRYPTO_THREAD_ID tid;
+        uint64_t time;
+    } data = { 0 };
 
-#  if !defined(OPENSSL_NO_EGD) && defined(DEVRANDOM_EGD)
     /*
-     * Use an EGD socket to read entropy from an EGD or PRNGD entropy
-     * collecting daemon.
+     * Add some noise from the thread id and a high resolution timer.
+     * The thread id adds a little randomness if the drbg is accessed
+     * concurrently (which is the case for the <master> drbg).
      */
+    data.tid = CRYPTO_THREAD_get_current_id();
+    data.time = get_timer_bits();
+
+    return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
+}
 
-    for (egdsocket = egdsockets; *egdsocket && n < ENTROPY_NEEDED;
-         egdsocket++) {
-        int r;
 
-        r = RAND_query_egd_bytes(*egdsocket, (unsigned char *)tmpbuf + n,
-                                 ENTROPY_NEEDED - n);
-        if (r > 0)
-            n += r;
+/*
+ * Get the current time with the highest possible resolution
+ *
+ * The time stamp is added to the nonce, so it is optimized for not repeating.
+ * The current time is ideal for this purpose, provided the computer's clock
+ * is synchronized.
+ */
+static uint64_t get_time_stamp(void)
+{
+# if defined(OSSL_POSIX_TIMER_OKAY)
+    {
+        struct timespec ts;
+
+        if (clock_gettime(CLOCK_REALTIME, &ts) == 0)
+            return TWO32TO64(ts.tv_sec, ts.tv_nsec);
     }
-#  endif                        /* defined(DEVRANDOM_EGD) */
+# endif
+# if defined(__unix__) \
+     || (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L)
+    {
+        struct timeval tv;
 
-#  if defined(DEVRANDOM) || (!defined(OPENSSL_NO_EGD) && defined(DEVRANDOM_EGD))
-    if (n > 0) {
-        RAND_add(tmpbuf, sizeof(tmpbuf), (double)n);
-        OPENSSL_cleanse(tmpbuf, n);
+        if (gettimeofday(&tv, NULL) == 0)
+            return TWO32TO64(tv.tv_sec, tv.tv_usec);
     }
-#  endif
+# endif
+    return time(NULL);
+}
+
+/*
+ * Get an arbitrary timer value of the highest possible resolution
+ *
+ * The timer value is added as random noise to the additional data,
+ * which is not considered a trusted entropy sourec, so any result
+ * is acceptable.
+ */
+static uint64_t get_timer_bits(void)
+{
+    uint64_t res = OPENSSL_rdtsc();
 
-    /* put in some default random data, we need more than just this */
-    l = curr_pid;
-    RAND_add(&l, sizeof(l), 0.0);
-    l = getuid();
-    RAND_add(&l, sizeof(l), 0.0);
+    if (res != 0)
+        return res;
 
-    l = time(NULL);
-    RAND_add(&l, sizeof(l), 0.0);
+# if defined(__sun) || defined(__hpux)
+    return gethrtime();
+# elif defined(_AIX)
+    {
+        timebasestruct_t t;
 
-#  if defined(DEVRANDOM) || (!defined(OPENSSL_NO_EGD) && defined(DEVRANDOM_EGD))
-    return 1;
+        read_wall_time(&t, TIMEBASE_SZ);
+        return TWO32TO64(t.tb_high, t.tb_low);
+    }
+# elif defined(OSSL_POSIX_TIMER_OKAY)
+    {
+        struct timespec ts;
+
+#  ifdef CLOCK_BOOTTIME
+#   define CLOCK_TYPE CLOCK_BOOTTIME
+#  elif defined(_POSIX_MONOTONIC_CLOCK)
+#   define CLOCK_TYPE CLOCK_MONOTONIC
 #  else
-    return 0;
+#   define CLOCK_TYPE CLOCK_REALTIME
 #  endif
-}
 
-# endif                         /* defined(__OpenBSD__) */
-#endif                          /* !(defined(OPENSSL_SYS_WINDOWS) ||
-                                 * defined(OPENSSL_SYS_WIN32) ||
-                                 * defined(OPENSSL_SYS_VMS) ||
-                                 * defined(OPENSSL_SYS_VXWORKS) */
+        if (clock_gettime(CLOCK_TYPE, &ts) == 0)
+            return TWO32TO64(ts.tv_sec, ts.tv_nsec);
+    }
+# endif
+# if defined(__unix__) \
+     || (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L)
+    {
+        struct timeval tv;
 
-#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)
-int RAND_poll(void)
-{
-    return 0;
+        if (gettimeofday(&tv, NULL) == 0)
+            return TWO32TO64(tv.tv_sec, tv.tv_usec);
+    }
+# endif
+    return time(NULL);
 }
-#endif
+#endif /* defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) */
diff --git a/deps/openssl/openssl/crypto/rand/rand_vms.c b/deps/openssl/openssl/crypto/rand/rand_vms.c
index 9c462dd374..bfcf6f0a86 100644
--- a/deps/openssl/openssl/crypto/rand/rand_vms.c
+++ b/deps/openssl/openssl/crypto/rand/rand_vms.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -7,127 +7,522 @@
  * https://www.openssl.org/source/license.html
  */
 
-/*
- * Modified by VMS Software, Inc (2016)
- *    Eliminate looping through all processes (performance)
- *    Add additional randomizations using rand() function
- */
-
-#include <openssl/rand.h>
-#include "rand_lcl.h"
+#include "e_os.h"
 
 #if defined(OPENSSL_SYS_VMS)
+# define __NEW_STARLET 1         /* New starlet definitions since VMS 7.0 */
+# include <unistd.h>
+# include "internal/cryptlib.h"
+# include <openssl/rand.h>
+# include "internal/rand_int.h"
+# include "rand_lcl.h"
 # include <descrip.h>
+# include <dvidef.h>
 # include <jpidef.h>
+# include <rmidef.h>
+# include <syidef.h>
 # include <ssdef.h>
 # include <starlet.h>
-# include <efndef>
+# include <efndef.h>
+# include <gen64def.h>
+# include <iosbdef.h>
+# include <iledef.h>
+# include <lib$routines.h>
 # ifdef __DECC
 #  pragma message disable DOLLARID
 # endif
 
-/*
- * Use 32-bit pointers almost everywhere.  Define the type to which to cast a
- * pointer passed to an external function.
- */
+# ifndef OPENSSL_RAND_SEED_OS
+#  error "Unsupported seeding method configured; must be os"
+# endif
+
+/* We need to make sure we have the right size pointer in some cases */
 # if __INITIAL_POINTER_SIZE == 64
-#  define PTR_T __void_ptr64
 #  pragma pointer_size save
 #  pragma pointer_size 32
-# else                          /* __INITIAL_POINTER_SIZE == 64 */
-#  define PTR_T void *
-# endif                         /* __INITIAL_POINTER_SIZE == 64 [else] */
+# endif
+typedef uint32_t *uint32_t__ptr32;
+# if __INITIAL_POINTER_SIZE == 64
+#  pragma pointer_size restore
+# endif
 
-static struct items_data_st {
+struct item_st {
     short length, code;         /* length is number of bytes */
-} items_data[] = {
-    {4, JPI$_BUFIO},
-    {4, JPI$_CPUTIM},
-    {4, JPI$_DIRIO},
-    {4, JPI$_IMAGECOUNT},
-    {8, JPI$_LAST_LOGIN_I},
-    {8, JPI$_LOGINTIM},
-    {4, JPI$_PAGEFLTS},
-    {4, JPI$_PID},
-    {4, JPI$_PPGCNT},
-    {4, JPI$_WSPEAK},
-    {4, JPI$_FINALEXC},
-    {0, 0}                      /* zero terminated */
 };
 
-int RAND_poll(void)
+static const struct item_st DVI_item_data[] = {
+    {4,   DVI$_ERRCNT},
+    {4,   DVI$_REFCNT},
+};
+
+static const struct item_st JPI_item_data[] = {
+    {4,   JPI$_BUFIO},
+    {4,   JPI$_CPUTIM},
+    {4,   JPI$_DIRIO},
+    {4,   JPI$_IMAGECOUNT},
+    {4,   JPI$_PAGEFLTS},
+    {4,   JPI$_PID},
+    {4,   JPI$_PPGCNT},
+    {4,   JPI$_WSPEAK},
+    /*
+     * Note: the direct result is just a 32-bit address.  However, it points
+     * to a list of 4 32-bit words, so we make extra space for them so we can
+     * do in-place replacement of values
+     */
+    {16,  JPI$_FINALEXC},
+};
+
+static const struct item_st JPI_item_data_64bit[] = {
+    {8,   JPI$_LAST_LOGIN_I},
+    {8,   JPI$_LOGINTIM},
+};
+
+static const struct item_st RMI_item_data[] = {
+    {4,   RMI$_COLPG},
+    {4,   RMI$_MWAIT},
+    {4,   RMI$_CEF},
+    {4,   RMI$_PFW},
+    {4,   RMI$_LEF},
+    {4,   RMI$_LEFO},
+    {4,   RMI$_HIB},
+    {4,   RMI$_HIBO},
+    {4,   RMI$_SUSP},
+    {4,   RMI$_SUSPO},
+    {4,   RMI$_FPG},
+    {4,   RMI$_COM},
+    {4,   RMI$_COMO},
+    {4,   RMI$_CUR},
+#if defined __alpha
+    {4,   RMI$_FRLIST},
+    {4,   RMI$_MODLIST},
+#endif
+    {4,   RMI$_FAULTS},
+    {4,   RMI$_PREADS},
+    {4,   RMI$_PWRITES},
+    {4,   RMI$_PWRITIO},
+    {4,   RMI$_PREADIO},
+    {4,   RMI$_GVALFLTS},
+    {4,   RMI$_WRTINPROG},
+    {4,   RMI$_FREFLTS},
+    {4,   RMI$_DZROFLTS},
+    {4,   RMI$_SYSFAULTS},
+    {4,   RMI$_ISWPCNT},
+    {4,   RMI$_DIRIO},
+    {4,   RMI$_BUFIO},
+    {4,   RMI$_MBREADS},
+    {4,   RMI$_MBWRITES},
+    {4,   RMI$_LOGNAM},
+    {4,   RMI$_FCPCALLS},
+    {4,   RMI$_FCPREAD},
+    {4,   RMI$_FCPWRITE},
+    {4,   RMI$_FCPCACHE},
+    {4,   RMI$_FCPCPU},
+    {4,   RMI$_FCPHIT},
+    {4,   RMI$_FCPSPLIT},
+    {4,   RMI$_FCPFAULT},
+    {4,   RMI$_ENQNEW},
+    {4,   RMI$_ENQCVT},
+    {4,   RMI$_DEQ},
+    {4,   RMI$_BLKAST},
+    {4,   RMI$_ENQWAIT},
+    {4,   RMI$_ENQNOTQD},
+    {4,   RMI$_DLCKSRCH},
+    {4,   RMI$_DLCKFND},
+    {4,   RMI$_NUMLOCKS},
+    {4,   RMI$_NUMRES},
+    {4,   RMI$_ARRLOCPK},
+    {4,   RMI$_DEPLOCPK},
+    {4,   RMI$_ARRTRAPK},
+    {4,   RMI$_TRCNGLOS},
+    {4,   RMI$_RCVBUFFL},
+    {4,   RMI$_ENQNEWLOC},
+    {4,   RMI$_ENQNEWIN},
+    {4,   RMI$_ENQNEWOUT},
+    {4,   RMI$_ENQCVTLOC},
+    {4,   RMI$_ENQCVTIN},
+    {4,   RMI$_ENQCVTOUT},
+    {4,   RMI$_DEQLOC},
+    {4,   RMI$_DEQIN},
+    {4,   RMI$_DEQOUT},
+    {4,   RMI$_BLKLOC},
+    {4,   RMI$_BLKIN},
+    {4,   RMI$_BLKOUT},
+    {4,   RMI$_DIRIN},
+    {4,   RMI$_DIROUT},
+    /* We currently get a fault when trying these.  TODO: To be figured out. */
+#if 0
+    {140, RMI$_MSCP_EVERYTHING},   /* 35 32-bit words */
+    {152, RMI$_DDTM_ALL},          /* 38 32-bit words */
+    {80,  RMI$_TMSCP_EVERYTHING}   /* 20 32-bit words */
+#endif
+    {4,   RMI$_LPZ_PAGCNT},
+    {4,   RMI$_LPZ_HITS},
+    {4,   RMI$_LPZ_MISSES},
+    {4,   RMI$_LPZ_EXPCNT},
+    {4,   RMI$_LPZ_ALLOCF},
+    {4,   RMI$_LPZ_ALLOC2},
+    {4,   RMI$_ACCESS},
+    {4,   RMI$_ALLOC},
+    {4,   RMI$_FCPCREATE},
+    {4,   RMI$_VOLWAIT},
+    {4,   RMI$_FCPTURN},
+    {4,   RMI$_FCPERASE},
+    {4,   RMI$_OPENS},
+    {4,   RMI$_FIDHIT},
+    {4,   RMI$_FIDMISS},
+    {4,   RMI$_FILHDR_HIT},
+    {4,   RMI$_DIRFCB_HIT},
+    {4,   RMI$_DIRFCB_MISS},
+    {4,   RMI$_DIRDATA_HIT},
+    {4,   RMI$_EXTHIT},
+    {4,   RMI$_EXTMISS},
+    {4,   RMI$_QUOHIT},
+    {4,   RMI$_QUOMISS},
+    {4,   RMI$_STORAGMAP_HIT},
+    {4,   RMI$_VOLLCK},
+    {4,   RMI$_SYNCHLCK},
+    {4,   RMI$_SYNCHWAIT},
+    {4,   RMI$_ACCLCK},
+    {4,   RMI$_XQPCACHEWAIT},
+    {4,   RMI$_DIRDATA_MISS},
+    {4,   RMI$_FILHDR_MISS},
+    {4,   RMI$_STORAGMAP_MISS},
+    {4,   RMI$_PROCCNTMAX},
+    {4,   RMI$_PROCBATCNT},
+    {4,   RMI$_PROCINTCNT},
+    {4,   RMI$_PROCNETCNT},
+    {4,   RMI$_PROCSWITCHCNT},
+    {4,   RMI$_PROCBALSETCNT},
+    {4,   RMI$_PROCLOADCNT},
+    {4,   RMI$_BADFLTS},
+    {4,   RMI$_EXEFAULTS},
+    {4,   RMI$_HDRINSWAPS},
+    {4,   RMI$_HDROUTSWAPS},
+    {4,   RMI$_IOPAGCNT},
+    {4,   RMI$_ISWPCNTPG},
+    {4,   RMI$_OSWPCNT},
+    {4,   RMI$_OSWPCNTPG},
+    {4,   RMI$_RDFAULTS},
+    {4,   RMI$_TRANSFLTS},
+    {4,   RMI$_WRTFAULTS},
+#if defined __alpha
+    {4,   RMI$_USERPAGES},
+#endif
+    {4,   RMI$_VMSPAGES},
+    {4,   RMI$_TTWRITES},
+    {4,   RMI$_BUFOBJPAG},
+    {4,   RMI$_BUFOBJPAGPEAK},
+    {4,   RMI$_BUFOBJPAGS01},
+    {4,   RMI$_BUFOBJPAGS2},
+    {4,   RMI$_BUFOBJPAGMAXS01},
+    {4,   RMI$_BUFOBJPAGMAXS2},
+    {4,   RMI$_BUFOBJPAGPEAKS01},
+    {4,   RMI$_BUFOBJPAGPEAKS2},
+    {4,   RMI$_BUFOBJPGLTMAXS01},
+    {4,   RMI$_BUFOBJPGLTMAXS2},
+    {4,   RMI$_DLCK_INCMPLT},
+    {4,   RMI$_DLCKMSGS_IN},
+    {4,   RMI$_DLCKMSGS_OUT},
+    {4,   RMI$_MCHKERRS},
+    {4,   RMI$_MEMERRS},
+};
+
+static const struct item_st RMI_item_data_64bit[] = {
+#if defined __ia64
+    {8,   RMI$_FRLIST},
+    {8,   RMI$_MODLIST},
+#endif
+    {8,   RMI$_LCKMGR_REQCNT},
+    {8,   RMI$_LCKMGR_REQTIME},
+    {8,   RMI$_LCKMGR_SPINCNT},
+    {8,   RMI$_LCKMGR_SPINTIME},
+    {8,   RMI$_CPUINTSTK},
+    {8,   RMI$_CPUMPSYNCH},
+    {8,   RMI$_CPUKERNEL},
+    {8,   RMI$_CPUEXEC},
+    {8,   RMI$_CPUSUPER},
+    {8,   RMI$_CPUUSER},
+#if defined __ia64
+    {8,   RMI$_USERPAGES},
+#endif
+    {8,   RMI$_TQETOTAL},
+    {8,   RMI$_TQESYSUB},
+    {8,   RMI$_TQEUSRTIMR},
+    {8,   RMI$_TQEUSRWAKE},
+};
+
+static const struct item_st SYI_item_data[] = {
+    {4,   SYI$_PAGEFILE_FREE},
+};
+
+/*
+ * Input:
+ * items_data           - an array of lengths and codes
+ * items_data_num       - number of elements in that array
+ *
+ * Output:
+ * items                - pre-allocated ILE3 array to be filled.
+ *                        It's assumed to have items_data_num elements plus
+ *                        one extra for the terminating NULL element
+ * databuffer           - pre-allocated 32-bit word array.
+ *
+ * Returns the number of elements used in databuffer
+ */
+static size_t prepare_item_list(const struct item_st *items_input,
+                                size_t items_input_num,
+                                ILE3 *items,
+                                uint32_t__ptr32 databuffer)
 {
+    size_t data_sz = 0;
 
-    /* determine the number of items in the JPI array */
+    for (; items_input_num-- > 0; items_input++, items++) {
 
-    struct items_data_st item_entry;
-    int item_entry_count = sizeof(items_data)/sizeof(item_entry);
+        items->ile3$w_code = items_input->code;
+        /* Special treatment of JPI$_FINALEXC */
+        if (items->ile3$w_code == JPI$_FINALEXC)
+            items->ile3$w_length = 4;
+        else
+            items->ile3$w_length = items_input->length;
 
-    /* Create the JPI itemlist array to hold item_data content */
+        items->ile3$ps_bufaddr = databuffer;
+        items->ile3$ps_retlen_addr = 0;
 
-    struct {
-        short length, code;
-        int *buffer;
-        int *retlen;
-    } item[item_entry_count], *pitem; /* number of entries in items_data */
-
-    struct items_data_st *pitems_data;
-    int data_buffer[(item_entry_count*2)+4]; /* 8 bytes per entry max */
-    int iosb[2];
-    int sys_time[2];
-    int *ptr;
-    int i, j ;
-    int tmp_length   = 0;
-    int total_length = 0;
-
-    pitems_data = items_data;
-    pitem = item;
-
-
-    /* Setup itemlist for GETJPI */
-    while (pitems_data->length) {
-        pitem->length = pitems_data->length;
-        pitem->code   = pitems_data->code;
-        pitem->buffer = &data_buffer[total_length];
-        pitem->retlen = 0;
-        /* total_length is in longwords */
-        total_length += pitems_data->length/4;
-        pitems_data++;
-        pitem ++;
+        databuffer += items_input->length / sizeof(databuffer[0]);
+        data_sz += items_input->length;
     }
-    pitem->length = pitem->code = 0;
-
-    /* Fill data_buffer with various info bits from this process */
-    /* and twist that data to seed the SSL random number init    */
-
-    if (sys$getjpiw(EFN$C_ENF, NULL, NULL, item, &iosb, 0, 0) == SS$_NORMAL) {
-        for (i = 0; i < total_length; i++) {
-            sys$gettim((struct _generic_64 *)&sys_time[0]);
-            srand(sys_time[0] * data_buffer[0] * data_buffer[1] + i);
-
-            if (i == (total_length - 1)) { /* for JPI$_FINALEXC */
-                ptr = &data_buffer[i];
-                for (j = 0; j < 4; j++) {
-                    data_buffer[i + j] = ptr[j];
-                    /* OK to use rand() just to scramble the seed */
-                    data_buffer[i + j] ^= (sys_time[0] ^ rand());
-                    tmp_length++;
-                }
-            } else {
-                /* OK to use rand() just to scramble the seed */
-                data_buffer[i] ^= (sys_time[0] ^ rand());
-            }
+    /* Terminating NULL entry */
+    items->ile3$w_length = items->ile3$w_code = 0;
+    items->ile3$ps_bufaddr = items->ile3$ps_retlen_addr = NULL;
+
+    return data_sz / sizeof(databuffer[0]);
+}
+
+static void massage_JPI(ILE3 *items)
+{
+    /*
+     * Special treatment of JPI$_FINALEXC
+     * The result of that item's data buffer is a 32-bit address to a list of
+     * 4 32-bit words.
+     */
+    for (; items->ile3$w_length != 0; items++) {
+        if (items->ile3$w_code == JPI$_FINALEXC) {
+            uint32_t *data = items->ile3$ps_bufaddr;
+            uint32_t *ptr = (uint32_t *)*data;
+            size_t j;
+
+            /*
+             * We know we made space for 4 32-bit words, so we can do in-place
+             * replacement.
+             */
+            for (j = 0; j < 4; j++)
+                data[j] = ptr[j];
+
+            break;
+        }
+    }
+}
+
+/*
+ * This number expresses how many bits of data contain 1 bit of entropy.
+ *
+ * For the moment, we assume about 0.05 entropy bits per data bit, or 1
+ * bit of entropy per 20 data bits.
+ */
+#define ENTROPY_FACTOR  20
+
+size_t rand_pool_acquire_entropy(RAND_POOL *pool)
+{
+    ILE3 JPI_items_64bit[OSSL_NELEM(JPI_item_data_64bit) + 1];
+    ILE3 RMI_items_64bit[OSSL_NELEM(RMI_item_data_64bit) + 1];
+    ILE3 DVI_items[OSSL_NELEM(DVI_item_data) + 1];
+    ILE3 JPI_items[OSSL_NELEM(JPI_item_data) + 1];
+    ILE3 RMI_items[OSSL_NELEM(RMI_item_data) + 1];
+    ILE3 SYI_items[OSSL_NELEM(SYI_item_data) + 1];
+    union {
+        /* This ensures buffer starts at 64 bit boundary */
+        uint64_t dummy;
+        uint32_t buffer[OSSL_NELEM(JPI_item_data_64bit) * 2
+                        + OSSL_NELEM(RMI_item_data_64bit) * 2
+                        + OSSL_NELEM(DVI_item_data)
+                        + OSSL_NELEM(JPI_item_data)
+                        + OSSL_NELEM(RMI_item_data)
+                        + OSSL_NELEM(SYI_item_data)
+                        + 4 /* For JPI$_FINALEXC */];
+    } data;
+    size_t total_elems = 0;
+    size_t total_length = 0;
+    size_t bytes_needed = rand_pool_bytes_needed(pool, ENTROPY_FACTOR);
+    size_t bytes_remaining = rand_pool_bytes_remaining(pool);
+
+    /* Take all the 64-bit items first, to ensure proper alignment of data */
+    total_elems +=
+        prepare_item_list(JPI_item_data_64bit, OSSL_NELEM(JPI_item_data_64bit),
+                          JPI_items_64bit, &data.buffer[total_elems]);
+    total_elems +=
+        prepare_item_list(RMI_item_data_64bit, OSSL_NELEM(RMI_item_data_64bit),
+                          RMI_items_64bit, &data.buffer[total_elems]);
+    /* Now the 32-bit items */
+    total_elems += prepare_item_list(DVI_item_data, OSSL_NELEM(DVI_item_data),
+                                     DVI_items, &data.buffer[total_elems]);
+    total_elems += prepare_item_list(JPI_item_data, OSSL_NELEM(JPI_item_data),
+                                     JPI_items, &data.buffer[total_elems]);
+    total_elems += prepare_item_list(RMI_item_data, OSSL_NELEM(RMI_item_data),
+                                     RMI_items, &data.buffer[total_elems]);
+    total_elems += prepare_item_list(SYI_item_data, OSSL_NELEM(SYI_item_data),
+                                     SYI_items, &data.buffer[total_elems]);
+    total_length = total_elems * sizeof(data.buffer[0]);
+
+    /* Fill data.buffer with various info bits from this process */
+    {
+        uint32_t status;
+        uint32_t efn;
+        IOSB iosb;
+        $DESCRIPTOR(SYSDEVICE,"SYS$SYSDEVICE:");
+
+        if ((status = sys$getdviw(EFN$C_ENF, 0, &SYSDEVICE, DVI_items,
+                                  0, 0, 0, 0, 0)) != SS$_NORMAL) {
+            lib$signal(status);
+            return 0;
+        }
+        if ((status = sys$getjpiw(EFN$C_ENF, 0, 0, JPI_items_64bit, 0, 0, 0))
+            != SS$_NORMAL) {
+            lib$signal(status);
+            return 0;
+        }
+        if ((status = sys$getjpiw(EFN$C_ENF, 0, 0, JPI_items, 0, 0, 0))
+            != SS$_NORMAL) {
+            lib$signal(status);
+            return 0;
+        }
+        if ((status = sys$getsyiw(EFN$C_ENF, 0, 0, SYI_items, 0, 0, 0))
+            != SS$_NORMAL) {
+            lib$signal(status);
+            return 0;
+        }
+        /*
+         * The RMI service is a bit special, as there is no synchronous
+         * variant, so we MUST create an event flag to synchronise on.
+         */
+        if ((status = lib$get_ef(&efn)) != SS$_NORMAL) {
+            lib$signal(status);
+            return 0;
         }
+        if ((status = sys$getrmi(efn, 0, 0, RMI_items_64bit, &iosb, 0, 0))
+            != SS$_NORMAL) {
+            lib$signal(status);
+            return 0;
+        }
+        if ((status = sys$synch(efn, &iosb)) != SS$_NORMAL) {
+            lib$signal(status);
+            return 0;
+        }
+        if (iosb.iosb$l_getxxi_status != SS$_NORMAL) {
+            lib$signal(iosb.iosb$l_getxxi_status);
+            return 0;
+        }
+        if ((status = sys$getrmi(efn, 0, 0, RMI_items, &iosb, 0, 0))
+            != SS$_NORMAL) {
+            lib$signal(status);
+            return 0;
+        }
+        if ((status = sys$synch(efn, &iosb)) != SS$_NORMAL) {
+            lib$signal(status);
+            return 0;
+        }
+        if (iosb.iosb$l_getxxi_status != SS$_NORMAL) {
+            lib$signal(iosb.iosb$l_getxxi_status);
+            return 0;
+        }
+        if ((status = lib$free_ef(&efn)) != SS$_NORMAL) {
+            lib$signal(status);
+            return 0;
+        }
+    }
+
+    massage_JPI(JPI_items);
 
-        total_length += (tmp_length - 1);
+    /*
+     * If we can't feed the requirements from the caller, we're in deep trouble.
+     */
+    if (!ossl_assert(total_length >= bytes_needed)) {
+        char neededstr[20];
+        char availablestr[20];
 
-        /* size of seed is total_length*4 bytes (64bytes) */
-        RAND_add((PTR_T) data_buffer, total_length*4, total_length * 2);
-    } else {
+        BIO_snprintf(neededstr, sizeof(neededstr), "%zu", bytes_needed);
+        BIO_snprintf(availablestr, sizeof(availablestr), "%zu", total_length);
+        RANDerr(RAND_F_RAND_POOL_ACQUIRE_ENTROPY,
+                RAND_R_RANDOM_POOL_UNDERFLOW);
+        ERR_add_error_data(4, "Needed: ", neededstr, ", Available: ",
+                           availablestr);
         return 0;
     }
 
+    /*
+     * Try not to overfeed the pool
+     */
+    if (total_length > bytes_remaining)
+        total_length = bytes_remaining;
+
+    /* We give the pessimistic value for the amount of entropy */
+    rand_pool_add(pool, (unsigned char *)data.buffer, total_length,
+                  8 * total_length / ENTROPY_FACTOR);
+    return rand_pool_entropy_available(pool);
+}
+
+int rand_pool_add_nonce_data(RAND_POOL *pool)
+{
+    struct {
+        pid_t pid;
+        CRYPTO_THREAD_ID tid;
+        uint64_t time;
+    } data = { 0 };
+
+    /*
+     * Add process id, thread id, and a high resolution timestamp
+     * (where available, which is OpenVMS v8.4 and up) to ensure that
+     * the nonce is unique whith high probability for different process
+     * instances.
+     */
+    data.pid = getpid();
+    data.tid = CRYPTO_THREAD_get_current_id();
+#if __CRTL_VER >= 80400000
+    sys$gettim_prec(&data.time);
+#else
+    sys$gettim((void*)&data.time);
+#endif
+
+    return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
+}
+
+int rand_pool_add_additional_data(RAND_POOL *pool)
+{
+    struct {
+        CRYPTO_THREAD_ID tid;
+        uint64_t time;
+    } data = { 0 };
+
+    /*
+     * Add some noise from the thread id and a high resolution timer.
+     * The thread id adds a little randomness if the drbg is accessed
+     * concurrently (which is the case for the <master> drbg).
+     */
+    data.tid = CRYPTO_THREAD_get_current_id();
+    sys$gettim_prec(&data.time);
+
+    return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
+}
+
+int rand_pool_init(void)
+{
     return 1;
 }
 
+void rand_pool_cleanup(void)
+{
+}
+
+void rand_pool_keep_random_devices_open(int keep)
+{
+}
+
 #endif
diff --git a/deps/openssl/openssl/crypto/rand/rand_win.c b/deps/openssl/openssl/crypto/rand/rand_win.c
index 1be0ed3c9a..d2039eb226 100644
--- a/deps/openssl/openssl/crypto/rand/rand_win.c
+++ b/deps/openssl/openssl/crypto/rand/rand_win.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -10,15 +10,20 @@
 #include "internal/cryptlib.h"
 #include <openssl/rand.h>
 #include "rand_lcl.h"
-
+#include "internal/rand_int.h"
 #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
+
+# ifndef OPENSSL_RAND_SEED_OS
+#  error "Unsupported seeding method configured; must be os"
+# endif
+
 # include <windows.h>
 /* On Windows 7 or higher use BCrypt instead of the legacy CryptoAPI */
-# if defined(_MSC_VER) && defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0601
-#  define RAND_WINDOWS_USE_BCRYPT
+# if defined(_MSC_VER) && defined(_WIN32_WINNT) && _WIN32_WINNT >= 0x0601
+#  define USE_BCRYPTGENRANDOM
 # endif
 
-# ifdef RAND_WINDOWS_USE_BCRYPT
+# ifdef USE_BCRYPTGENRANDOM
 #  include <bcrypt.h>
 #  pragma comment(lib, "bcrypt.lib")
 #  ifndef STATUS_SUCCESS
@@ -34,55 +39,124 @@
 #  define INTEL_DEF_PROV L"Intel Hardware Cryptographic Service Provider"
 # endif
 
-static void readtimer(void);
-
-int RAND_poll(void)
+size_t rand_pool_acquire_entropy(RAND_POOL *pool)
 {
-    MEMORYSTATUS mst;
-# ifndef RAND_WINDOWS_USE_BCRYPT
+# ifndef USE_BCRYPTGENRANDOM
     HCRYPTPROV hProvider;
 # endif
-    DWORD w;
-    BYTE buf[64];
+    unsigned char *buffer;
+    size_t bytes_needed;
+    size_t entropy_available = 0;
+
+
+# ifdef OPENSSL_RAND_SEED_RDTSC
+    entropy_available = rand_acquire_entropy_from_tsc(pool);
+    if (entropy_available > 0)
+        return entropy_available;
+# endif
 
-# ifdef RAND_WINDOWS_USE_BCRYPT
-    if (BCryptGenRandom(NULL, buf, (ULONG)sizeof(buf), BCRYPT_USE_SYSTEM_PREFERRED_RNG) == STATUS_SUCCESS) {
-        RAND_add(buf, sizeof(buf), sizeof(buf));
+# ifdef OPENSSL_RAND_SEED_RDCPU
+    entropy_available = rand_acquire_entropy_from_cpu(pool);
+    if (entropy_available > 0)
+        return entropy_available;
+# endif
+
+# ifdef USE_BCRYPTGENRANDOM
+    bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
+    buffer = rand_pool_add_begin(pool, bytes_needed);
+    if (buffer != NULL) {
+        size_t bytes = 0;
+        if (BCryptGenRandom(NULL, buffer, bytes_needed,
+                            BCRYPT_USE_SYSTEM_PREFERRED_RNG) == STATUS_SUCCESS)
+            bytes = bytes_needed;
+
+        rand_pool_add_end(pool, bytes, 8 * bytes);
+        entropy_available = rand_pool_entropy_available(pool);
     }
+    if (entropy_available > 0)
+        return entropy_available;
 # else
-    /* poll the CryptoAPI PRNG */
-    /* The CryptoAPI returns sizeof(buf) bytes of randomness */
-    if (CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) {
-        if (CryptGenRandom(hProvider, (DWORD)sizeof(buf), buf) != 0) {
-            RAND_add(buf, sizeof(buf), sizeof(buf));
+    bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
+    buffer = rand_pool_add_begin(pool, bytes_needed);
+    if (buffer != NULL) {
+        size_t bytes = 0;
+        /* poll the CryptoAPI PRNG */
+        if (CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL,
+                                 CRYPT_VERIFYCONTEXT | CRYPT_SILENT) != 0) {
+            if (CryptGenRandom(hProvider, bytes_needed, buffer) != 0)
+                bytes = bytes_needed;
+
+            CryptReleaseContext(hProvider, 0);
         }
-        CryptReleaseContext(hProvider, 0);
-    }
 
-    /* poll the Pentium PRG with CryptoAPI */
-    if (CryptAcquireContextW(&hProvider, NULL, INTEL_DEF_PROV, PROV_INTEL_SEC, CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) {
-        if (CryptGenRandom(hProvider, (DWORD)sizeof(buf), buf) != 0) {
-            RAND_add(buf, sizeof(buf), sizeof(buf));
+        rand_pool_add_end(pool, bytes, 8 * bytes);
+        entropy_available = rand_pool_entropy_available(pool);
+    }
+    if (entropy_available > 0)
+        return entropy_available;
+
+    bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
+    buffer = rand_pool_add_begin(pool, bytes_needed);
+    if (buffer != NULL) {
+        size_t bytes = 0;
+        /* poll the Pentium PRG with CryptoAPI */
+        if (CryptAcquireContextW(&hProvider, NULL,
+                                 INTEL_DEF_PROV, PROV_INTEL_SEC,
+                                 CRYPT_VERIFYCONTEXT | CRYPT_SILENT) != 0) {
+            if (CryptGenRandom(hProvider, bytes_needed, buffer) != 0)
+                bytes = bytes_needed;
+
+            CryptReleaseContext(hProvider, 0);
         }
-        CryptReleaseContext(hProvider, 0);
+        rand_pool_add_end(pool, bytes, 8 * bytes);
+        entropy_available = rand_pool_entropy_available(pool);
     }
+    if (entropy_available > 0)
+        return entropy_available;
 # endif
 
-    /* timer data */
-    readtimer();
+    return rand_pool_entropy_available(pool);
+}
 
-    /* memory usage statistics */
-    GlobalMemoryStatus(&mst);
-    RAND_add(&mst, sizeof(mst), 1);
 
-    /* process ID */
-    w = GetCurrentProcessId();
-    RAND_add(&w, sizeof(w), 1);
+int rand_pool_add_nonce_data(RAND_POOL *pool)
+{
+    struct {
+        DWORD pid;
+        DWORD tid;
+        FILETIME time;
+    } data = { 0 };
+
+    /*
+     * Add process id, thread id, and a high resolution timestamp to
+     * ensure that the nonce is unique whith high probability for
+     * different process instances.
+     */
+    data.pid = GetCurrentProcessId();
+    data.tid = GetCurrentThreadId();
+    GetSystemTimeAsFileTime(&data.time);
+
+    return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
+}
 
-    return (1);
+int rand_pool_add_additional_data(RAND_POOL *pool)
+{
+    struct {
+        DWORD tid;
+        LARGE_INTEGER time;
+    } data = { 0 };
+
+    /*
+     * Add some noise from the thread id and a high resolution timer.
+     * The thread id adds a little randomness if the drbg is accessed
+     * concurrently (which is the case for the <master> drbg).
+     */
+    data.tid = GetCurrentThreadId();
+    QueryPerformanceCounter(&data.time);
+    return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
 }
 
-#if OPENSSL_API_COMPAT < 0x10100000L
+# if OPENSSL_API_COMPAT < 0x10100000L
 int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam)
 {
     RAND_poll();
@@ -93,43 +167,19 @@ void RAND_screen(void)
 {
     RAND_poll();
 }
-#endif
+# endif
 
-/* feed timing information to the PRNG */
-static void readtimer(void)
+int rand_pool_init(void)
 {
-    DWORD w;
-    LARGE_INTEGER l;
-    static int have_perfc = 1;
-# if defined(_MSC_VER) && defined(_M_X86)
-    static int have_tsc = 1;
-    DWORD cyclecount;
-
-    if (have_tsc) {
-        __try {
-            __asm {
-            _emit 0x0f _emit 0x31 mov cyclecount, eax}
-            RAND_add(&cyclecount, sizeof(cyclecount), 1);
-        }
-        __except(EXCEPTION_EXECUTE_HANDLER) {
-            have_tsc = 0;
-        }
-    }
-# else
-#  define have_tsc 0
-# endif
+    return 1;
+}
 
-    if (have_perfc) {
-        if (QueryPerformanceCounter(&l) == 0)
-            have_perfc = 0;
-        else
-            RAND_add(&l, sizeof(l), 0);
-    }
+void rand_pool_cleanup(void)
+{
+}
 
-    if (!have_tsc && !have_perfc) {
-        w = GetTickCount();
-        RAND_add(&w, sizeof(w), 0);
-    }
+void rand_pool_keep_random_devices_open(int keep)
+{
 }
 
 #endif
diff --git a/deps/openssl/openssl/crypto/rand/randfile.c b/deps/openssl/openssl/crypto/rand/randfile.c
index c827407705..1b737d1ba2 100644
--- a/deps/openssl/openssl/crypto/rand/randfile.c
+++ b/deps/openssl/openssl/crypto/rand/randfile.c
@@ -16,6 +16,7 @@
 
 #include <openssl/crypto.h>
 #include <openssl/rand.h>
+#include <openssl/rand_drbg.h>
 #include <openssl/buffer.h>
 
 #ifdef OPENSSL_SYS_VMS
@@ -25,6 +26,18 @@
 #ifndef OPENSSL_NO_POSIX_IO
 # include <sys/stat.h>
 # include <fcntl.h>
+# ifdef _WIN32
+#  include <windows.h>
+#  include <io.h>
+#  define stat    _stat
+#  define chmod   _chmod
+#  define open    _open
+#  define fdopen  _fdopen
+#  define fstat   _fstat
+#  define fileno  _fileno
+# endif
+#endif
+
 /*
  * Following should not be needed, and we could have been stricter
  * and demand S_IS*. But some systems just don't comply... Formally
@@ -32,184 +45,151 @@
  * would look like ((m) & MASK == TYPE), but since MASK availability
  * is as questionable, we settle for this poor-man fallback...
  */
-# if !defined(S_ISBLK)
-#  if defined(_S_IFBLK)
-#   define S_ISBLK(m) ((m) & _S_IFBLK)
-#  elif defined(S_IFBLK)
-#   define S_ISBLK(m) ((m) & S_IFBLK)
-#  elif defined(_WIN32)
-#   define S_ISBLK(m) 0 /* no concept of block devices on Windows */
-#  endif
-# endif
-# if !defined(S_ISCHR)
-#  if defined(_S_IFCHR)
-#   define S_ISCHR(m) ((m) & _S_IFCHR)
-#  elif defined(S_IFCHR)
-#   define S_ISCHR(m) ((m) & S_IFCHR)
-#  endif
+# if !defined(S_ISREG)
+#   define S_ISREG(m) ((m) & S_IFREG)
 # endif
-#endif
 
-#ifdef _WIN32
-# define stat    _stat
-# define chmod   _chmod
-# define open    _open
-# define fdopen  _fdopen
-# define fstat   _fstat
-# define fileno  _fileno
-#endif
-
-#undef BUFSIZE
-#define BUFSIZE 1024
-#define RAND_DATA 1024
+#define RAND_BUF_SIZE 1024
+#define RFILE ".rnd"
 
 #ifdef OPENSSL_SYS_VMS
 /*
- * Misc hacks needed for specific cases.
- *
  * __FILE_ptr32 is a type provided by DEC C headers (types.h specifically)
  * to make sure the FILE* is a 32-bit pointer no matter what.  We know that
- * stdio function return this type (a study of stdio.h proves it).
- * Additionally, we create a similar char pointer type for the sake of
- * vms_setbuf below.
- */
-# if __INITIAL_POINTER_SIZE == 64
-#  pragma pointer_size save
-#  pragma pointer_size 32
-typedef char *char_ptr32;
-#  pragma pointer_size restore
-/*
- * On VMS, setbuf() will only take 32-bit pointers, and a compilation
- * with /POINTER_SIZE=64 will give off a MAYLOSEDATA2 warning here.
- * Since we know that the FILE* really is a 32-bit pointer expanded to
- * 64 bits, we also know it's safe to convert it back to a 32-bit pointer.
- * As for the buffer parameter, we only use NULL here, so that passes as
- * well...
- */
-#  define setbuf(fp,buf) (setbuf)((__FILE_ptr32)(fp), (char_ptr32)(buf))
-# endif
-
-/*
+ * stdio functions return this type (a study of stdio.h proves it).
+ *
  * This declaration is a nasty hack to get around vms' extension to fopen for
  * passing in sharing options being disabled by /STANDARD=ANSI89
  */
 static __FILE_ptr32 (*const vms_fopen)(const char *, const char *, ...) =
-      (__FILE_ptr32 (*)(const char *, const char *, ...))fopen;
-# define VMS_OPEN_ATTRS "shr=get,put,upd,del","ctx=bin,stm","rfm=stm","rat=none","mrs=0"
-
-# define openssl_fopen(fname,mode) vms_fopen((fname), (mode), VMS_OPEN_ATTRS)
+        (__FILE_ptr32 (*)(const char *, const char *, ...))fopen;
+# define VMS_OPEN_ATTRS \
+        "shr=get,put,upd,del","ctx=bin,stm","rfm=stm","rat=none","mrs=0"
+# define openssl_fopen(fname, mode) vms_fopen((fname), (mode), VMS_OPEN_ATTRS)
 #endif
 
-#define RFILE ".rnd"
-
 /*
  * Note that these functions are intended for seed files only. Entropy
- * devices and EGD sockets are handled in rand_unix.c
+ * devices and EGD sockets are handled in rand_unix.c  If |bytes| is
+ * -1 read the complete file; otherwise read the specified amount.
  */
-
 int RAND_load_file(const char *file, long bytes)
 {
-    /*-
-     * If bytes >= 0, read up to 'bytes' bytes.
-     * if bytes == -1, read complete file.
+    /*
+     * The load buffer size exceeds the chunk size by the comfortable amount
+     * of 'RAND_DRBG_STRENGTH' bytes (not bits!). This is done on purpose
+     * to avoid calling RAND_add() with a small final chunk. Instead, such
+     * a small final chunk will be added together with the previous chunk
+     * (unless it's the only one).
      */
+#define RAND_LOAD_BUF_SIZE (RAND_BUF_SIZE + RAND_DRBG_STRENGTH)
+    unsigned char buf[RAND_LOAD_BUF_SIZE];
 
-    unsigned char buf[BUFSIZE];
 #ifndef OPENSSL_NO_POSIX_IO
     struct stat sb;
 #endif
-    int i, ret = 0, n;
-    FILE *in = NULL;
-
-    if (file == NULL)
-        return 0;
+    int i, n, ret = 0;
+    FILE *in;
 
     if (bytes == 0)
-        return ret;
+        return 0;
 
-    in = openssl_fopen(file, "rb");
-    if (in == NULL)
-        goto err;
+    if ((in = openssl_fopen(file, "rb")) == NULL) {
+        RANDerr(RAND_F_RAND_LOAD_FILE, RAND_R_CANNOT_OPEN_FILE);
+        ERR_add_error_data(2, "Filename=", file);
+        return -1;
+    }
 
 #ifndef OPENSSL_NO_POSIX_IO
-    /*
-     * struct stat can have padding and unused fields that may not be
-     * initialized in the call to stat(). We need to clear the entire
-     * structure before calling RAND_add() to avoid complaints from
-     * applications such as Valgrind.
-     */
-    memset(&sb, 0, sizeof(sb));
-    if (fstat(fileno(in), &sb) < 0)
-        goto err;
-    RAND_add(&sb, sizeof(sb), 0.0);
+    if (fstat(fileno(in), &sb) < 0) {
+        RANDerr(RAND_F_RAND_LOAD_FILE, RAND_R_INTERNAL_ERROR);
+        ERR_add_error_data(2, "Filename=", file);
+        fclose(in);
+        return -1;
+    }
 
-# if defined(S_ISBLK) && defined(S_ISCHR)
-    if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) {
-        /*
-         * this file is a device. we don't want read an infinite number of
-         * bytes from a random device, nor do we want to use buffered I/O
-         * because we will waste system entropy.
-         */
-        bytes = (bytes == -1) ? 2048 : bytes; /* ok, is 2048 enough? */
-        setbuf(in, NULL); /* don't do buffered reads */
+    if (bytes < 0) {
+        if (S_ISREG(sb.st_mode))
+            bytes = sb.st_size;
+        else
+            bytes = RAND_DRBG_STRENGTH;
     }
-# endif
 #endif
-    for (;;) {
+    /*
+     * On VMS, setbuf() will only take 32-bit pointers, and a compilation
+     * with /POINTER_SIZE=64 will give off a MAYLOSEDATA2 warning here.
+     * However, we trust that the C RTL will never give us a FILE pointer
+     * above the first 4 GB of memory, so we simply turn off the warning
+     * temporarily.
+     */
+#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
+# pragma environment save
+# pragma message disable maylosedata2
+#endif
+    /*
+     * Don't buffer, because even if |file| is regular file, we have
+     * no control over the buffer, so why would we want a copy of its
+     * contents lying around?
+     */
+    setbuf(in, NULL);
+#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
+# pragma environment restore
+#endif
+
+    for ( ; ; ) {
         if (bytes > 0)
-            n = (bytes < BUFSIZE) ? (int)bytes : BUFSIZE;
+            n = (bytes <= RAND_LOAD_BUF_SIZE) ? (int)bytes : RAND_BUF_SIZE;
         else
-            n = BUFSIZE;
+            n = RAND_LOAD_BUF_SIZE;
         i = fread(buf, 1, n, in);
-        if (i <= 0)
+#ifdef EINTR
+        if (ferror(in) && errno == EINTR){
+            clearerr(in);
+            if (i == 0)
+                continue;
+        }
+#endif
+        if (i == 0)
             break;
 
         RAND_add(buf, i, (double)i);
         ret += i;
-        if (bytes > 0) {
-            bytes -= n;
-            if (bytes <= 0)
-                break;
-        }
+
+        /* If given a bytecount, and we did it, break. */
+        if (bytes > 0 && (bytes -= i) <= 0)
+            break;
     }
-    OPENSSL_cleanse(buf, BUFSIZE);
- err:
-    if (in != NULL)
-        fclose(in);
+
+    OPENSSL_cleanse(buf, sizeof(buf));
+    fclose(in);
+    if (!RAND_status()) {
+        RANDerr(RAND_F_RAND_LOAD_FILE, RAND_R_RESEED_ERROR);
+        ERR_add_error_data(2, "Filename=", file);
+        return -1;
+    }
+
     return ret;
 }
 
 int RAND_write_file(const char *file)
 {
-    unsigned char buf[BUFSIZE];
-    int i, ret = 0, rand_err = 0;
+    unsigned char buf[RAND_BUF_SIZE];
+    int ret = -1;
     FILE *out = NULL;
-    int n;
 #ifndef OPENSSL_NO_POSIX_IO
     struct stat sb;
 
-# if defined(S_ISBLK) && defined(S_ISCHR)
-# ifdef _WIN32
-    /*
-     * Check for |file| being a driver as "ASCII-safe" on Windows,
-     * because driver paths are always ASCII.
-     */
-# endif
-    i = stat(file, &sb);
-    if (i != -1) {
-        if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) {
-            /*
-             * this file is a device. we don't write back to it. we
-             * "succeed" on the assumption this is some sort of random
-             * device. Otherwise attempting to write to and chmod the device
-             * causes problems.
-             */
-            return 1;
-        }
+    if (stat(file, &sb) >= 0 && !S_ISREG(sb.st_mode)) {
+        RANDerr(RAND_F_RAND_WRITE_FILE, RAND_R_NOT_A_REGULAR_FILE);
+        ERR_add_error_data(2, "Filename=", file);
+        return -1;
     }
-# endif
 #endif
 
+    /* Collect enough random data. */
+    if (RAND_priv_bytes(buf, (int)sizeof(buf)) != 1)
+        return  -1;
+
 #if defined(O_CREAT) && !defined(OPENSSL_NO_POSIX_IO) && \
     !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WINDOWS)
     {
@@ -244,69 +224,57 @@ int RAND_write_file(const char *file)
      * application level. Also consider whether or not you NEED a persistent
      * rand file in a concurrent use situation.
      */
-
     out = openssl_fopen(file, "rb+");
 #endif
+
     if (out == NULL)
         out = openssl_fopen(file, "wb");
-    if (out == NULL)
-        goto err;
+    if (out == NULL) {
+        RANDerr(RAND_F_RAND_WRITE_FILE, RAND_R_CANNOT_OPEN_FILE);
+        ERR_add_error_data(2, "Filename=", file);
+        return -1;
+    }
 
 #if !defined(NO_CHMOD) && !defined(OPENSSL_NO_POSIX_IO)
+    /*
+     * Yes it's late to do this (see above comment), but better than nothing.
+     */
     chmod(file, 0600);
 #endif
-    n = RAND_DATA;
-    for (;;) {
-        i = (n > BUFSIZE) ? BUFSIZE : n;
-        n -= BUFSIZE;
-        if (RAND_bytes(buf, i) <= 0)
-            rand_err = 1;
-        i = fwrite(buf, 1, i, out);
-        if (i <= 0) {
-            ret = 0;
-            break;
-        }
-        ret += i;
-        if (n <= 0)
-            break;
-    }
 
+    ret = fwrite(buf, 1, RAND_BUF_SIZE, out);
     fclose(out);
-    OPENSSL_cleanse(buf, BUFSIZE);
- err:
-    return (rand_err ? -1 : ret);
+    OPENSSL_cleanse(buf, RAND_BUF_SIZE);
+    return ret;
 }
 
 const char *RAND_file_name(char *buf, size_t size)
 {
     char *s = NULL;
+    size_t len;
     int use_randfile = 1;
-#ifdef __OpenBSD__
-    struct stat sb;
-#endif
 
 #if defined(_WIN32) && defined(CP_UTF8)
-    DWORD len;
-    WCHAR *var, *val;
-
-    if ((var = L"RANDFILE",
-         len = GetEnvironmentVariableW(var, NULL, 0)) == 0
-        && (var = L"HOME", use_randfile = 0,
-            len = GetEnvironmentVariableW(var, NULL, 0)) == 0
-        && (var = L"USERPROFILE",
-            len = GetEnvironmentVariableW(var, NULL, 0)) == 0) {
-        var = L"SYSTEMROOT",
-        len = GetEnvironmentVariableW(var, NULL, 0);
+    DWORD envlen;
+    WCHAR *var;
+
+    /* Look up various environment variables. */
+    if ((envlen = GetEnvironmentVariableW(var = L"RANDFILE", NULL, 0)) == 0) {
+        use_randfile = 0;
+        if ((envlen = GetEnvironmentVariableW(var = L"HOME", NULL, 0)) == 0
+                && (envlen = GetEnvironmentVariableW(var = L"USERPROFILE",
+                                                  NULL, 0)) == 0)
+            envlen = GetEnvironmentVariableW(var = L"SYSTEMROOT", NULL, 0);
     }
 
-    if (len != 0) {
+    /* If we got a value, allocate space to hold it and then get it. */
+    if (envlen != 0) {
         int sz;
+        WCHAR *val = _alloca(envlen * sizeof(WCHAR));
 
-        val = _alloca(len * sizeof(WCHAR));
-
-        if (GetEnvironmentVariableW(var, val, len) < len
-            && (sz = WideCharToMultiByte(CP_UTF8, 0, val, -1, NULL, 0,
-                                         NULL, NULL)) != 0) {
+        if (GetEnvironmentVariableW(var, val, envlen) < envlen
+                && (sz = WideCharToMultiByte(CP_UTF8, 0, val, -1, NULL, 0,
+                                             NULL, NULL)) != 0) {
             s = _alloca(sz);
             if (WideCharToMultiByte(CP_UTF8, 0, val, -1, s, sz,
                                     NULL, NULL) == 0)
@@ -319,41 +287,28 @@ const char *RAND_file_name(char *buf, size_t size)
         s = ossl_safe_getenv("HOME");
     }
 #endif
+
 #ifdef DEFAULT_HOME
-    if (!use_randfile && s == NULL) {
+    if (!use_randfile && s == NULL)
         s = DEFAULT_HOME;
-    }
 #endif
-    if (s != NULL && *s) {
-        size_t len = strlen(s);
-
-        if (use_randfile && len + 1 < size) {
-            if (OPENSSL_strlcpy(buf, s, size) >= size)
-                return NULL;
-        } else if (len + strlen(RFILE) + 2 < size) {
-            OPENSSL_strlcpy(buf, s, size);
+    if (s == NULL || *s == '\0')
+        return NULL;
+
+    len = strlen(s);
+    if (use_randfile) {
+        if (len + 1 >= size)
+            return NULL;
+        strcpy(buf, s);
+    } else {
+        if (len + 1 + strlen(RFILE) + 1 >= size)
+            return NULL;
+        strcpy(buf, s);
 #ifndef OPENSSL_SYS_VMS
-            OPENSSL_strlcat(buf, "/", size);
+        strcat(buf, "/");
 #endif
-            OPENSSL_strlcat(buf, RFILE, size);
-        }
-    } else {
-        buf[0] = '\0';      /* no file name */
+        strcat(buf, RFILE);
     }
 
-#ifdef __OpenBSD__
-    /*
-     * given that all random loads just fail if the file can't be seen on a
-     * stat, we stat the file we're returning, if it fails, use /dev/arandom
-     * instead. this allows the user to use their own source for good random
-     * data, but defaults to something hopefully decent if that isn't
-     * available.
-     */
-
-    if (!buf[0] || stat(buf, &sb) == -1)
-        if (OPENSSL_strlcpy(buf, "/dev/arandom", size) >= size) {
-            return NULL;
-        }
-#endif
-    return buf[0] ? buf : NULL;
+    return buf;
 }
diff --git a/deps/openssl/openssl/crypto/rc2/rc2_ecb.c b/deps/openssl/openssl/crypto/rc2/rc2_ecb.c
index b87931f2a6..fb2f78273d 100644
--- a/deps/openssl/openssl/crypto/rc2/rc2_ecb.c
+++ b/deps/openssl/openssl/crypto/rc2/rc2_ecb.c
@@ -14,7 +14,6 @@
 /*-
  * RC2 as implemented frm a posting from
  * Newsgroups: sci.crypt
- * Sender: pgut01@cs.auckland.ac.nz (Peter Gutmann)
  * Subject: Specification for Ron Rivests Cipher No.2
  * Message-ID: <4fk39f$f70@net.auckland.ac.nz>
  * Date: 11 Feb 1996 06:45:03 GMT
diff --git a/deps/openssl/openssl/crypto/rc2/tab.c b/deps/openssl/openssl/crypto/rc2/tab.c
deleted file mode 100644
index bc95dc4040..0000000000
--- a/deps/openssl/openssl/crypto/rc2/tab.c
+++ /dev/null
@@ -1,93 +0,0 @@
-/*
- * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include <stdio.h>
-
-unsigned char ebits_to_num[256] = {
-    0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a,
-    0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0,
-    0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b,
-    0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a,
-    0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda,
-    0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36,
-    0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8,
-    0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c,
-    0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17,
-    0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60,
-    0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72,
-    0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa,
-    0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd,
-    0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e,
-    0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b,
-    0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf,
-    0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77,
-    0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6,
-    0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3,
-    0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3,
-    0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e,
-    0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c,
-    0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d,
-    0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2,
-    0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46,
-    0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5,
-    0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97,
-    0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5,
-    0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef,
-    0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f,
-    0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf,
-    0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab,
-};
-
-unsigned char num_to_ebits[256] = {
-    0x5d, 0xbe, 0x9b, 0x8b, 0x11, 0x99, 0x6e, 0x4d,
-    0x59, 0xf3, 0x85, 0xa6, 0x3f, 0xb7, 0x83, 0xc5,
-    0xe4, 0x73, 0x6b, 0x3a, 0x68, 0x5a, 0xc0, 0x47,
-    0xa0, 0x64, 0x34, 0x0c, 0xf1, 0xd0, 0x52, 0xa5,
-    0xb9, 0x1e, 0x96, 0x43, 0x41, 0xd8, 0xd4, 0x2c,
-    0xdb, 0xf8, 0x07, 0x77, 0x2a, 0xca, 0xeb, 0xef,
-    0x10, 0x1c, 0x16, 0x0d, 0x38, 0x72, 0x2f, 0x89,
-    0xc1, 0xf9, 0x80, 0xc4, 0x6d, 0xae, 0x30, 0x3d,
-    0xce, 0x20, 0x63, 0xfe, 0xe6, 0x1a, 0xc7, 0xb8,
-    0x50, 0xe8, 0x24, 0x17, 0xfc, 0x25, 0x6f, 0xbb,
-    0x6a, 0xa3, 0x44, 0x53, 0xd9, 0xa2, 0x01, 0xab,
-    0xbc, 0xb6, 0x1f, 0x98, 0xee, 0x9a, 0xa7, 0x2d,
-    0x4f, 0x9e, 0x8e, 0xac, 0xe0, 0xc6, 0x49, 0x46,
-    0x29, 0xf4, 0x94, 0x8a, 0xaf, 0xe1, 0x5b, 0xc3,
-    0xb3, 0x7b, 0x57, 0xd1, 0x7c, 0x9c, 0xed, 0x87,
-    0x40, 0x8c, 0xe2, 0xcb, 0x93, 0x14, 0xc9, 0x61,
-    0x2e, 0xe5, 0xcc, 0xf6, 0x5e, 0xa8, 0x5c, 0xd6,
-    0x75, 0x8d, 0x62, 0x95, 0x58, 0x69, 0x76, 0xa1,
-    0x4a, 0xb5, 0x55, 0x09, 0x78, 0x33, 0x82, 0xd7,
-    0xdd, 0x79, 0xf5, 0x1b, 0x0b, 0xde, 0x26, 0x21,
-    0x28, 0x74, 0x04, 0x97, 0x56, 0xdf, 0x3c, 0xf0,
-    0x37, 0x39, 0xdc, 0xff, 0x06, 0xa4, 0xea, 0x42,
-    0x08, 0xda, 0xb4, 0x71, 0xb0, 0xcf, 0x12, 0x7a,
-    0x4e, 0xfa, 0x6c, 0x1d, 0x84, 0x00, 0xc8, 0x7f,
-    0x91, 0x45, 0xaa, 0x2b, 0xc2, 0xb1, 0x8f, 0xd5,
-    0xba, 0xf2, 0xad, 0x19, 0xb2, 0x67, 0x36, 0xf7,
-    0x0f, 0x0a, 0x92, 0x7d, 0xe3, 0x9d, 0xe9, 0x90,
-    0x3e, 0x23, 0x27, 0x66, 0x13, 0xec, 0x81, 0x15,
-    0xbd, 0x22, 0xbf, 0x9f, 0x7e, 0xa9, 0x51, 0x4b,
-    0x4c, 0xfb, 0x02, 0xd3, 0x70, 0x86, 0x31, 0xe7,
-    0x3b, 0x05, 0x03, 0x54, 0x60, 0x48, 0x65, 0x18,
-    0xd2, 0xcd, 0x5f, 0x32, 0x88, 0x0e, 0x35, 0xfd,
-};
-
-main()
-{
-    int i, j;
-
-    for (i = 0; i < 256; i++) {
-        for (j = 0; j < 256; j++)
-            if (ebits_to_num[j] == i) {
-                printf("0x%02x,", j);
-                break;
-            }
-    }
-}
diff --git a/deps/openssl/openssl/crypto/rc4/asm/rc4-586.pl b/deps/openssl/openssl/crypto/rc4/asm/rc4-586.pl
index 7d6f97c59e..8c5cf87d05 100644
--- a/deps/openssl/openssl/crypto/rc4/asm/rc4-586.pl
+++ b/deps/openssl/openssl/crypto/rc4/asm/rc4-586.pl
@@ -8,7 +8,7 @@
 
 
 # ====================================================================
-# [Re]written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# [Re]written by Andy Polyakov <appro@openssl.org> for the OpenSSL
 # project. The module is, however, dual licensed under OpenSSL and
 # CRYPTOGAMS licenses depending on where you obtain it. For further
 # details see http://www.openssl.org/~appro/cryptogams/.
@@ -32,8 +32,6 @@
 #	performance on the same Opteron machine.
 # (**)	This number requires compressed key schedule set up by
 #	RC4_set_key [see commentary below for further details].
-#
-#					<appro@fy.chalmers.se>
 
 # May 2011
 #
@@ -73,7 +71,7 @@ require "x86asm.pl";
 $output=pop;
 open STDOUT,">$output";
 
-&asm_init($ARGV[0],"rc4-586.pl",$x86only = $ARGV[$#ARGV] eq "386");
+&asm_init($ARGV[0],$x86only = $ARGV[$#ARGV] eq "386");
 
 $xx="eax";
 $yy="ebx";
@@ -136,7 +134,7 @@ if ($alt=0) {
 	push	(@XX,shift(@XX))			if ($i>=0);
   }
 } else {
-  # Using pinsrw here improves performane on Intel CPUs by 2-3%, but
+  # Using pinsrw here improves performance on Intel CPUs by 2-3%, but
   # brings down AMD by 7%...
   $RC4_loop_mmx = sub {
     my $i=shift;
diff --git a/deps/openssl/openssl/crypto/rc4/asm/rc4-c64xplus.pl b/deps/openssl/openssl/crypto/rc4/asm/rc4-c64xplus.pl
index 184922c128..1354d18214 100644
--- a/deps/openssl/openssl/crypto/rc4/asm/rc4-c64xplus.pl
+++ b/deps/openssl/openssl/crypto/rc4/asm/rc4-c64xplus.pl
@@ -89,7 +89,7 @@ _RC4:
 ||	NOP	5
 	STB	$XX,*${KEYA}[-2]	; key->x
 ||	SUB4	$YY,$TX,$YY
-||	BNOP	B3	
+||	BNOP	B3
 	STB	$YY,*${KEYB}[-1]	; key->y
 ||	NOP	5
 	.endasmfunc
diff --git a/deps/openssl/openssl/crypto/rc4/asm/rc4-ia64.pl b/deps/openssl/openssl/crypto/rc4/asm/rc4-ia64.pl
deleted file mode 100644
index 5e8f5f55b2..0000000000
--- a/deps/openssl/openssl/crypto/rc4/asm/rc4-ia64.pl
+++ /dev/null
@@ -1,767 +0,0 @@
-#! /usr/bin/env perl
-# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the OpenSSL license (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-#
-# ====================================================================
-# Written by David Mosberger <David.Mosberger@acm.org> based on the
-# Itanium optimized Crypto code which was released by HP Labs at
-# http://www.hpl.hp.com/research/linux/crypto/.
-#
-# Copyright (c) 2005 Hewlett-Packard Development Company, L.P.
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.  */
-
-
-
-# This is a little helper program which generates a software-pipelined
-# for RC4 encryption.  The basic algorithm looks like this:
-#
-#   for (counter = 0; counter < len; ++counter)
-#     {
-#       in = inp[counter];
-#       SI = S[I];
-#       J = (SI + J) & 0xff;
-#       SJ = S[J];
-#       T = (SI + SJ) & 0xff;
-#       S[I] = SJ, S[J] = SI;
-#       ST = S[T];
-#       outp[counter] = in ^ ST;
-#       I = (I + 1) & 0xff;
-#     }
-#
-# Pipelining this loop isn't easy, because the stores to the S[] array
-# need to be observed in the right order.  The loop generated by the
-# code below has the following pipeline diagram:
-#
-#      cycle
-#     | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 |10 |11 |12 |13 |14 |15 |16 |17 |
-# iter
-#   1: xxx LDI xxx xxx xxx LDJ xxx SWP xxx LDT xxx xxx
-#   2:             xxx LDI xxx xxx xxx LDJ xxx SWP xxx LDT xxx xxx
-#   3:                         xxx LDI xxx xxx xxx LDJ xxx SWP xxx LDT xxx xxx
-#
-#   where:
-# 	LDI = load of S[I]
-# 	LDJ = load of S[J]
-# 	SWP = swap of S[I] and S[J]
-# 	LDT = load of S[T]
-#
-# Note that in the above diagram, the major trouble-spot is that LDI
-# of the 2nd iteration is performed BEFORE the SWP of the first
-# iteration.  Fortunately, this is easy to detect (I of the 1st
-# iteration will be equal to J of the 2nd iteration) and when this
-# happens, we simply forward the proper value from the 1st iteration
-# to the 2nd one.  The proper value in this case is simply the value
-# of S[I] from the first iteration (thanks to the fact that SWP
-# simply swaps the contents of S[I] and S[J]).
-#
-# Another potential trouble-spot is in cycle 7, where SWP of the 1st
-# iteration issues at the same time as the LDI of the 3rd iteration.
-# However, thanks to IA-64 execution semantics, this can be taken
-# care of simply by placing LDI later in the instruction-group than
-# SWP.  IA-64 CPUs will automatically forward the value if they
-# detect that the SWP and LDI are accessing the same memory-location.
-
-# The core-loop that can be pipelined then looks like this (annotated
-# with McKinley/Madison issue port & latency numbers, assuming L1
-# cache hits for the most part):
-
-# operation:	    instruction:		    issue-ports:  latency
-# ------------------  -----------------------------   ------------- -------
-
-# Data = *inp++       ld1 data = [inp], 1             M0-M1         1 cyc     c0
-#                     shladd Iptr = I, KeyTable, 3    M0-M3, I0, I1 1 cyc
-# I = (I + 1) & 0xff  padd1 nextI = I, one            M0-M3, I0, I1 3 cyc
-#                     ;;
-# SI = S[I]           ld8 SI = [Iptr]                 M0-M1         1 cyc     c1 * after SWAP!
-#                     ;;
-#                     cmp.eq.unc pBypass = I, J                                  * after J is valid!
-# J = SI + J          add J = J, SI                   M0-M3, I0, I1 1 cyc     c2
-#                     (pBypass) br.cond.spnt Bypass
-#                     ;;
-# ---------------------------------------------------------------------------------------
-# J = J & 0xff        zxt1 J = J                      I0, I1, 1 cyc           c3
-#                     ;;
-#                     shladd Jptr = J, KeyTable, 3    M0-M3, I0, I1 1 cyc     c4
-#                     ;;
-# SJ = S[J]           ld8 SJ = [Jptr]                 M0-M1         1 cyc     c5
-#                     ;;
-# ---------------------------------------------------------------------------------------
-# T = (SI + SJ)       add T = SI, SJ                  M0-M3, I0, I1 1 cyc     c6
-#                     ;;
-# T = T & 0xff        zxt1 T = T                      I0, I1        1 cyc
-# S[I] = SJ           st8 [Iptr] = SJ                 M2-M3                   c7
-# S[J] = SI           st8 [Jptr] = SI                 M2-M3
-#                     ;;
-#                     shladd Tptr = T, KeyTable, 3    M0-M3, I0, I1 1 cyc     c8
-#                     ;;
-# ---------------------------------------------------------------------------------------
-# T = S[T]            ld8 T = [Tptr]                  M0-M1         1 cyc     c9
-#                     ;;
-# data ^= T           xor data = data, T              M0-M3, I0, I1 1 cyc     c10
-#                     ;;
-# *out++ = Data ^ T   dep word = word, data, 8, POS   I0, I1        1 cyc     c11
-#                     ;;
-# ---------------------------------------------------------------------------------------
-
-# There are several points worth making here:
-
-#   - Note that due to the bypass/forwarding-path, the first two
-#     phases of the loop are strangly mingled together.  In
-#     particular, note that the first stage of the pipeline is
-#     using the value of "J", as calculated by the second stage.
-#   - Each bundle-pair will have exactly 6 instructions.
-#   - Pipelined, the loop can execute in 3 cycles/iteration and
-#     4 stages.  However, McKinley/Madison can issue "st1" to
-#     the same bank at a rate of at most one per 4 cycles.  Thus,
-#     instead of storing each byte, we accumulate them in a word
-#     and then write them back at once with a single "st8" (this
-#     implies that the setup code needs to ensure that the output
-#     buffer is properly aligned, if need be, by encoding the
-#     first few bytes separately).
-#   - There is no space for a "br.ctop" instruction.  For this
-#     reason we can't use module-loop support in IA-64 and have
-#     to do a traditional, purely software-pipelined loop.
-#   - We can't replace any of the remaining "add/zxt1" pairs with
-#     "padd1" because the latency for that instruction is too high
-#     and would push the loop to the point where more bypasses
-#     would be needed, which we don't have space for.
-#   - The above loop runs at around 3.26 cycles/byte, or roughly
-#     440 MByte/sec on a 1.5GHz Madison.  This is well below the
-#     system bus bandwidth and hence with judicious use of
-#     "lfetch" this loop can run at (almost) peak speed even when
-#     the input and output data reside in memory.  The
-#     max. latency that can be tolerated is (PREFETCH_DISTANCE *
-#     L2_LINE_SIZE * 3 cyc), or about 384 cycles assuming (at
-#     least) 1-ahead prefetching of 128 byte cache-lines.  Note
-#     that we do NOT prefetch into L1, since that would only
-#     interfere with the S[] table values stored there.  This is
-#     acceptable because there is a 10 cycle latency between
-#     load and first use of the input data.
-#   - We use a branch to out-of-line bypass-code of cycle-pressure:
-#     we calculate the next J, check for the need to activate the
-#     bypass path, and activate the bypass path ALL IN THE SAME
-#     CYCLE.  If we didn't have these constraints, we could do
-#     the bypass with a simple conditional move instruction.
-#     Fortunately, the bypass paths get activated relatively
-#     infrequently, so the extra branches don't cost all that much
-#     (about 0.04 cycles/byte, measured on a 16396 byte file with
-#     random input data).
-#
-
-$output = pop;
-open STDOUT,">$output";
-
-$phases = 4;		# number of stages/phases in the pipelined-loop
-$unroll_count = 6;	# number of times we unrolled it
-$pComI = (1 << 0);
-$pComJ = (1 << 1);
-$pComT = (1 << 2);
-$pOut  = (1 << 3);
-
-$NData = 4;
-$NIP = 3;
-$NJP = 2;
-$NI = 2;
-$NSI = 3;
-$NSJ = 2;
-$NT = 2;
-$NOutWord = 2;
-
-#
-# $threshold is the minimum length before we attempt to use the
-# big software-pipelined loop.  It MUST be greater-or-equal
-# to:
-#  		PHASES * (UNROLL_COUNT + 1) + 7
-#
-# The "+ 7" comes from the fact we may have to encode up to
-#   7 bytes separately before the output pointer is aligned.
-#
-$threshold = (3 * ($phases * ($unroll_count + 1)) + 7);
-
-sub I {
-    local *code = shift;
-    local $format = shift;
-    $code .= sprintf ("\t\t".$format."\n", @_);
-}
-
-sub P {
-    local *code = shift;
-    local $format = shift;
-    $code .= sprintf ($format."\n", @_);
-}
-
-sub STOP {
-    local *code = shift;
-    $code .=<<___;
-		;;
-___
-}
-
-sub emit_body {
-    local *c = shift;
-    local *bypass = shift;
-    local ($iteration, $p) = @_;
-
-    local $i0 = $iteration;
-    local $i1 = $iteration - 1;
-    local $i2 = $iteration - 2;
-    local $i3 = $iteration - 3;
-    local $iw0 = ($iteration - 3) / 8;
-    local $iw1 = ($iteration > 3) ? ($iteration - 4) / 8 : 1;
-    local $byte_num = ($iteration - 3) % 8;
-    local $label = $iteration + 1;
-    local $pAny = ($p & 0xf) == 0xf;
-    local $pByp = (($p & $pComI) && ($iteration > 0));
-
-    $c.=<<___;
-//////////////////////////////////////////////////
-___
-
-    if (($p & 0xf) == 0) {
-	$c.="#ifdef HOST_IS_BIG_ENDIAN\n";
-	&I(\$c,"shr.u	OutWord[%u] = OutWord[%u], 32;;",
-				$iw1 % $NOutWord, $iw1 % $NOutWord);
-	$c.="#endif\n";
-	&I(\$c, "st4 [OutPtr] = OutWord[%u], 4", $iw1 % $NOutWord);
-	return;
-    }
-
-    # Cycle 0
-    &I(\$c, "{ .mmi")					      if ($pAny);
-    &I(\$c, "ld1    Data[%u] = [InPtr], 1", $i0 % $NData)     if ($p & $pComI);
-    &I(\$c, "padd1  I[%u] = One, I[%u]", $i0 % $NI, $i1 % $NI)if ($p & $pComI);
-    &I(\$c, "zxt1   J = J")				      if ($p & $pComJ);
-    &I(\$c, "}")					      if ($pAny);
-    &I(\$c, "{ .mmi")					      if ($pAny);
-    &I(\$c, "LKEY   T[%u] = [T[%u]]", $i1 % $NT, $i1 % $NT)   if ($p & $pOut);
-    &I(\$c, "add    T[%u] = SI[%u], SJ[%u]",
-       $i0 % $NT, $i2 % $NSI, $i1 % $NSJ)		      if ($p & $pComT);
-    &I(\$c, "KEYADDR(IPr[%u], I[%u])", $i0 % $NIP, $i1 % $NI) if ($p & $pComI);
-    &I(\$c, "}")					      if ($pAny);
-    &STOP(\$c);
-
-    # Cycle 1
-    &I(\$c, "{ .mmi")					      if ($pAny);
-    &I(\$c, "SKEY   [IPr[%u]] = SJ[%u]", $i2 % $NIP, $i1%$NSJ)if ($p & $pComT);
-    &I(\$c, "SKEY   [JP[%u]] = SI[%u]", $i1 % $NJP, $i2%$NSI) if ($p & $pComT);
-    &I(\$c, "zxt1   T[%u] = T[%u]", $i0 % $NT, $i0 % $NT)     if ($p & $pComT);
-    &I(\$c, "}")					      if ($pAny);
-    &I(\$c, "{ .mmi")					      if ($pAny);
-    &I(\$c, "LKEY   SI[%u] = [IPr[%u]]", $i0 % $NSI, $i0%$NIP)if ($p & $pComI);
-    &I(\$c, "KEYADDR(JP[%u], J)", $i0 % $NJP)		      if ($p & $pComJ);
-    &I(\$c, "xor    Data[%u] = Data[%u], T[%u]",
-       $i3 % $NData, $i3 % $NData, $i1 % $NT)		      if ($p & $pOut);
-    &I(\$c, "}")					      if ($pAny);
-    &STOP(\$c);
-
-    # Cycle 2
-    &I(\$c, "{ .mmi")					      if ($pAny);
-    &I(\$c, "LKEY   SJ[%u] = [JP[%u]]", $i0 % $NSJ, $i0%$NJP) if ($p & $pComJ);
-    &I(\$c, "cmp.eq pBypass, p0 = I[%u], J", $i1 % $NI)	      if ($pByp);
-    &I(\$c, "dep OutWord[%u] = Data[%u], OutWord[%u], BYTE_POS(%u), 8",
-       $iw0%$NOutWord, $i3%$NData, $iw1%$NOutWord, $byte_num) if ($p & $pOut);
-    &I(\$c, "}")					      if ($pAny);
-    &I(\$c, "{ .mmb")					      if ($pAny);
-    &I(\$c, "add    J = J, SI[%u]", $i0 % $NSI)		      if ($p & $pComI);
-    &I(\$c, "KEYADDR(T[%u], T[%u])", $i0 % $NT, $i0 % $NT)    if ($p & $pComT);
-    &P(\$c, "(pBypass)\tbr.cond.spnt.many .rc4Bypass%u",$label)if ($pByp);
-    &I(\$c, "}") if ($pAny);
-    &STOP(\$c);
-
-    &P(\$c, ".rc4Resume%u:", $label)			      if ($pByp);
-    if ($byte_num == 0 && $iteration >= $phases) {
-	&I(\$c, "st8 [OutPtr] = OutWord[%u], 8",
-	   $iw1 % $NOutWord)				      if ($p & $pOut);
-	if ($iteration == (1 + $unroll_count) * $phases - 1) {
-	    if ($unroll_count == 6) {
-		&I(\$c, "mov OutWord[%u] = OutWord[%u]",
-		   $iw1 % $NOutWord, $iw0 % $NOutWord);
-	    }
-	    &I(\$c, "lfetch.nt1 [InPrefetch], %u",
-	       $unroll_count * $phases);
-	    &I(\$c, "lfetch.excl.nt1 [OutPrefetch], %u",
-	       $unroll_count * $phases);
-	    &I(\$c, "br.cloop.sptk.few .rc4Loop");
-	}
-    }
-
-    if ($pByp) {
-	&P(\$bypass, ".rc4Bypass%u:", $label);
-	&I(\$bypass, "sub J = J, SI[%u]", $i0 % $NSI);
-	&I(\$bypass, "nop 0");
-	&I(\$bypass, "nop 0");
-	&I(\$bypass, ";;");
-	&I(\$bypass, "add J = J, SI[%u]", $i1 % $NSI);
-	&I(\$bypass, "mov SI[%u] = SI[%u]", $i0 % $NSI, $i1 % $NSI);
-	&I(\$bypass, "br.sptk.many .rc4Resume%u\n", $label);
-	&I(\$bypass, ";;");
-    }
-}
-
-$code=<<___;
-.ident \"rc4-ia64.s, version 3.0\"
-.ident \"Copyright (c) 2005 Hewlett-Packard Development Company, L.P.\"
-
-#define LCSave		r8
-#define PRSave		r9
-
-/* Inputs become invalid once rotation begins!  */
-
-#define StateTable	in0
-#define DataLen		in1
-#define InputBuffer	in2
-#define OutputBuffer	in3
-
-#define KTable		r14
-#define J		r15
-#define InPtr		r16
-#define OutPtr		r17
-#define InPrefetch	r18
-#define OutPrefetch	r19
-#define One		r20
-#define LoopCount	r21
-#define Remainder	r22
-#define IFinal		r23
-#define EndPtr		r24
-
-#define tmp0		r25
-#define tmp1		r26
-
-#define pBypass		p6
-#define pDone		p7
-#define pSmall		p8
-#define pAligned	p9
-#define pUnaligned	p10
-
-#define pComputeI	pPhase[0]
-#define pComputeJ	pPhase[1]
-#define pComputeT	pPhase[2]
-#define pOutput		pPhase[3]
-
-#define RetVal		r8
-#define L_OK		p7
-#define L_NOK		p8
-
-#define	_NINPUTS	4
-#define	_NOUTPUT	0
-
-#define	_NROTATE	24
-#define	_NLOCALS	(_NROTATE - _NINPUTS - _NOUTPUT)
-
-#ifndef SZ
-# define SZ	4	// this must be set to sizeof(RC4_INT)
-#endif
-
-#if SZ == 1
-# define LKEY			ld1
-# define SKEY			st1
-# define KEYADDR(dst, i)	add dst = i, KTable
-#elif SZ == 2
-# define LKEY			ld2
-# define SKEY			st2
-# define KEYADDR(dst, i)	shladd dst = i, 1, KTable
-#elif SZ == 4
-# define LKEY			ld4
-# define SKEY			st4
-# define KEYADDR(dst, i)	shladd dst = i, 2, KTable
-#else
-# define LKEY			ld8
-# define SKEY			st8
-# define KEYADDR(dst, i)	shladd dst = i, 3, KTable
-#endif
-
-#if defined(_HPUX_SOURCE) && !defined(_LP64)
-# define ADDP	addp4
-#else
-# define ADDP	add
-#endif
-
-/* Define a macro for the bit number of the n-th byte: */
-
-#if defined(_HPUX_SOURCE) || defined(B_ENDIAN)
-# define HOST_IS_BIG_ENDIAN
-# define BYTE_POS(n)	(56 - (8 * (n)))
-#else
-# define BYTE_POS(n)	(8 * (n))
-#endif
-
-/*
-   We must perform the first phase of the pipeline explicitly since
-   we will always load from the stable the first time. The br.cexit
-   will never be taken since regardless of the number of bytes because
-   the epilogue count is 4.
-*/
-/* MODSCHED_RC4 macro was split to _PROLOGUE and _LOOP, because HP-UX
-   assembler failed on original macro with syntax error. <appro> */
-#define MODSCHED_RC4_PROLOGUE						   \\
-	{								   \\
-				ld1		Data[0] = [InPtr], 1;	   \\
-				add		IFinal = 1, I[1];	   \\
-				KEYADDR(IPr[0], I[1]);			   \\
-	} ;;								   \\
-	{								   \\
-				LKEY		SI[0] = [IPr[0]];	   \\
-				mov		pr.rot = 0x10000;	   \\
-				mov		ar.ec = 4;		   \\
-	} ;;								   \\
-	{								   \\
-				add		J = J, SI[0];		   \\
-				zxt1		I[0] = IFinal;		   \\
-				br.cexit.spnt.few .+16; /* never taken */  \\
-	} ;;
-#define MODSCHED_RC4_LOOP(label)					   \\
-label:									   \\
-	{	.mmi;							   \\
-		(pComputeI)	ld1		Data[0] = [InPtr], 1;	   \\
-		(pComputeI)	add		IFinal = 1, I[1];	   \\
-		(pComputeJ)	zxt1		J = J;			   \\
-	}{	.mmi;							   \\
-		(pOutput)	LKEY		T[1] = [T[1]];		   \\
-		(pComputeT)	add		T[0] = SI[2], SJ[1];	   \\
-		(pComputeI)	KEYADDR(IPr[0], I[1]);			   \\
-	} ;;								   \\
-	{	.mmi;							   \\
-		(pComputeT)	SKEY		[IPr[2]] = SJ[1];	   \\
-		(pComputeT)	SKEY		[JP[1]] = SI[2];	   \\
-		(pComputeT)	zxt1		T[0] = T[0];		   \\
-	}{	.mmi;							   \\
-		(pComputeI)	LKEY		SI[0] = [IPr[0]];	   \\
-		(pComputeJ)	KEYADDR(JP[0], J);			   \\
-		(pComputeI)	cmp.eq.unc	pBypass, p0 = I[1], J;	   \\
-	} ;;								   \\
-	{	.mmi;							   \\
-		(pComputeJ)	LKEY		SJ[0] = [JP[0]];	   \\
-		(pOutput)	xor		Data[3] = Data[3], T[1];   \\
-				nop		0x0;			   \\
-	}{	.mmi;							   \\
-		(pComputeT)	KEYADDR(T[0], T[0]);			   \\
-		(pBypass)	mov		SI[0] = SI[1];		   \\
-		(pComputeI)	zxt1		I[0] = IFinal;		   \\
-	} ;;								   \\
-	{	.mmb;							   \\
-		(pOutput)	st1		[OutPtr] = Data[3], 1;	   \\
-		(pComputeI)	add		J = J, SI[0];		   \\
-				br.ctop.sptk.few label;			   \\
-	} ;;
-
-	.text
-
-	.align	32
-
-	.type	RC4, \@function
-	.global	RC4
-
-	.proc	RC4
-	.prologue
-
-RC4:
-	{
-	  	.mmi
-		alloc	r2 = ar.pfs, _NINPUTS, _NLOCALS, _NOUTPUT, _NROTATE
-
-		.rotr Data[4], I[2], IPr[3], SI[3], JP[2], SJ[2], T[2], \\
-		      OutWord[2]
-		.rotp pPhase[4]
-
-		ADDP		InPrefetch = 0, InputBuffer
-		ADDP		KTable = 0, StateTable
-	}
-	{
-		.mmi
-		ADDP		InPtr = 0, InputBuffer
-		ADDP		OutPtr = 0, OutputBuffer
-		mov		RetVal = r0
-	}
-	;;
-	{
-		.mmi
-		lfetch.nt1	[InPrefetch], 0x80
-		ADDP		OutPrefetch = 0, OutputBuffer
-	}
-	{               // Return 0 if the input length is nonsensical
-        	.mib
-		ADDP		StateTable = 0, StateTable
-        	cmp.ge.unc  	L_NOK, L_OK = r0, DataLen
-	(L_NOK) br.ret.sptk.few rp
-	}
-	;;
-	{
-        	.mib
-        	cmp.eq.or  	L_NOK, L_OK = r0, InPtr
-        	cmp.eq.or  	L_NOK, L_OK = r0, OutPtr
-		nop		0x0
-	}
-	{
-		.mib
-        	cmp.eq.or  	L_NOK, L_OK = r0, StateTable
-		nop		0x0
-	(L_NOK) br.ret.sptk.few rp
-	}
-	;;
-		LKEY		I[1] = [KTable], SZ
-/* Prefetch the state-table. It contains 256 elements of size SZ */
-
-#if SZ == 1
-		ADDP		tmp0 = 1*128, StateTable
-#elif SZ == 2
-		ADDP		tmp0 = 3*128, StateTable
-		ADDP		tmp1 = 2*128, StateTable
-#elif SZ == 4
-		ADDP		tmp0 = 7*128, StateTable
-		ADDP		tmp1 = 6*128, StateTable
-#elif SZ == 8
-		ADDP		tmp0 = 15*128, StateTable
-		ADDP		tmp1 = 14*128, StateTable
-#endif
-		;;
-#if SZ >= 8
-		lfetch.fault.nt1		[tmp0], -256	// 15
-		lfetch.fault.nt1		[tmp1], -256;;
-		lfetch.fault.nt1		[tmp0], -256	// 13
-		lfetch.fault.nt1		[tmp1], -256;;
-		lfetch.fault.nt1		[tmp0], -256	// 11
-		lfetch.fault.nt1		[tmp1], -256;;
-		lfetch.fault.nt1		[tmp0], -256	//  9
-		lfetch.fault.nt1		[tmp1], -256;;
-#endif
-#if SZ >= 4
-		lfetch.fault.nt1		[tmp0], -256	//  7
-		lfetch.fault.nt1		[tmp1], -256;;
-		lfetch.fault.nt1		[tmp0], -256	//  5
-		lfetch.fault.nt1		[tmp1], -256;;
-#endif
-#if SZ >= 2
-		lfetch.fault.nt1		[tmp0], -256	//  3
-		lfetch.fault.nt1		[tmp1], -256;;
-#endif
-	{
-		.mii
-		lfetch.fault.nt1		[tmp0]		//  1
-		add		I[1]=1,I[1];;
-		zxt1		I[1]=I[1]
-	}
-	{
-		.mmi
-		lfetch.nt1	[InPrefetch], 0x80
-		lfetch.excl.nt1	[OutPrefetch], 0x80
-		.save		pr, PRSave
-		mov		PRSave = pr
-	} ;;
-	{
-		.mmi
-		lfetch.excl.nt1	[OutPrefetch], 0x80
-		LKEY		J = [KTable], SZ
-		ADDP		EndPtr = DataLen, InPtr
-	}  ;;
-	{
-		.mmi
-		ADDP		EndPtr = -1, EndPtr	// Make it point to
-							// last data byte.
-		mov		One = 1
-		.save		ar.lc, LCSave
-		mov		LCSave = ar.lc
-		.body
-	} ;;
-	{
-		.mmb
-		sub		Remainder = 0, OutPtr
-		cmp.gtu		pSmall, p0 = $threshold, DataLen
-(pSmall)	br.cond.dpnt	.rc4Remainder		// Data too small for
-							// big loop.
-	} ;;
-	{
-		.mmi
-		and		Remainder = 0x7, Remainder
-		;;
-		cmp.eq		pAligned, pUnaligned = Remainder, r0
-		nop		0x0
-	} ;;
-	{
-		.mmb
-.pred.rel	"mutex",pUnaligned,pAligned
-(pUnaligned)	add		Remainder = -1, Remainder
-(pAligned)	sub		Remainder = EndPtr, InPtr
-(pAligned)	br.cond.dptk.many .rc4Aligned
-	} ;;
-	{
-		.mmi
-		nop		0x0
-		nop		0x0
-		mov.i		ar.lc = Remainder
-	}
-
-/* Do the initial few bytes via the compact, modulo-scheduled loop
-   until the output pointer is 8-byte-aligned.  */
-
-		MODSCHED_RC4_PROLOGUE
-		MODSCHED_RC4_LOOP(.RC4AlignLoop)
-
-	{
-		.mib
-		sub		Remainder = EndPtr, InPtr
-		zxt1		IFinal = IFinal
-		clrrrb				// Clear CFM.rrb.pr so
-		;;				// next "mov pr.rot = N"
-						// does the right thing.
-	}
-	{
-		.mmi
-		mov		I[1] = IFinal
-		nop		0x0
-		nop		0x0
-	} ;;
-
-
-.rc4Aligned:
-
-/*
-   Unrolled loop count = (Remainder - ($unroll_count+1)*$phases)/($unroll_count*$phases)
- */
-
-	{
-		.mlx
-		add	LoopCount = 1 - ($unroll_count + 1)*$phases, Remainder
-		movl		Remainder = 0xaaaaaaaaaaaaaaab
-	} ;;
-	{
-		.mmi
-		setf.sig	f6 = LoopCount		// M2, M3	6 cyc
-		setf.sig	f7 = Remainder		// M2, M3	6 cyc
-		nop		0x0
-	} ;;
-	{
-		.mfb
-		nop		0x0
-		xmpy.hu		f6 = f6, f7
-		nop		0x0
-	} ;;
-	{
-		.mmi
-		getf.sig	LoopCount = f6;;	// M2		5 cyc
-		nop		0x0
-		shr.u		LoopCount = LoopCount, 4
-	} ;;
-	{
-		.mmi
-		nop		0x0
-		nop		0x0
-		mov.i		ar.lc = LoopCount
-	} ;;
-
-/* Now comes the unrolled loop: */
-
-.rc4Prologue:
-___
-
-$iteration = 0;
-
-# Generate the prologue:
-$predicates = 1;
-for ($i = 0; $i < $phases; ++$i) {
-    &emit_body (\$code, \$bypass, $iteration++, $predicates);
-    $predicates = ($predicates << 1) | 1;
-}
-
-$code.=<<___;
-.rc4Loop:
-___
-
-# Generate the body:
-for ($i = 0; $i < $unroll_count*$phases; ++$i) {
-    &emit_body (\$code, \$bypass, $iteration++, $predicates);
-}
-
-$code.=<<___;
-.rc4Epilogue:
-___
-
-# Generate the epilogue:
-for ($i = 0; $i < $phases; ++$i) {
-    $predicates <<= 1;
-    &emit_body (\$code, \$bypass, $iteration++, $predicates);
-}
-
-$code.=<<___;
-	{
-		.mmi
-		lfetch.nt1	[EndPtr]	// fetch line with last byte
-		mov		IFinal = I[1]
-		nop		0x0
-	}
-
-.rc4Remainder:
-	{
-		.mmi
-		sub		Remainder = EndPtr, InPtr	// Calculate
-								// # of bytes
-								// left - 1
-		nop		0x0
-		nop		0x0
-	} ;;
-	{
-		.mib
-		cmp.eq		pDone, p0 = -1, Remainder // done already?
-		mov.i		ar.lc = Remainder
-(pDone)		br.cond.dptk.few .rc4Complete
-	}
-
-/* Do the remaining bytes via the compact, modulo-scheduled loop */
-
-		MODSCHED_RC4_PROLOGUE
-		MODSCHED_RC4_LOOP(.RC4RestLoop)
-
-.rc4Complete:
-	{
-		.mmi
-		add		KTable = -SZ, KTable
-		add		IFinal = -1, IFinal
-		mov		ar.lc = LCSave
-	} ;;
-	{
-		.mii
-		SKEY		[KTable] = J,-SZ
-		zxt1		IFinal = IFinal
-		mov		pr = PRSave, 0x1FFFF
-	} ;;
-	{
-		.mib
-		SKEY		[KTable] = IFinal
-		add		RetVal = 1, r0
-		br.ret.sptk.few	rp
-	} ;;
-___
-
-# Last but not least, emit the code for the bypass-code of the unrolled loop:
-
-$code.=$bypass;
-
-$code.=<<___;
-	.endp RC4
-___
-
-print $code;
-
-close STDOUT;
diff --git a/deps/openssl/openssl/crypto/rc4/asm/rc4-md5-x86_64.pl b/deps/openssl/openssl/crypto/rc4/asm/rc4-md5-x86_64.pl
index 890161bac5..74e5191051 100644
--- a/deps/openssl/openssl/crypto/rc4/asm/rc4-md5-x86_64.pl
+++ b/deps/openssl/openssl/crypto/rc4/asm/rc4-md5-x86_64.pl
@@ -51,7 +51,7 @@ my ($rc4,$md5)=(1,1);	# what to generate?
 my $D="#" if (!$md5);	# if set to "#", MD5 is stitched into RC4(),
 			# but its result is discarded. Idea here is
 			# to be able to use 'openssl speed rc4' for
-			# benchmarking the stitched subroutine... 
+			# benchmarking the stitched subroutine...
 
 my $flavour = shift;
 my $output  = shift;
@@ -124,15 +124,23 @@ $code.=<<___;
 .globl	$func
 .type	$func,\@function,$nargs
 $func:
+.cfi_startproc
 	cmp	\$0,$len
 	je	.Labort
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
 	sub	\$40,%rsp
+.cfi_adjust_cfa_offset	40
 .Lbody:
 ___
 if ($rc4) {
@@ -419,7 +427,7 @@ $code.=<<___ if ($rc4 && (!$md5 || $D));
 	and	\$63,$len		# remaining bytes
 	jnz	.Loop1
 	jmp	.Ldone
-	
+
 .align	16
 .Loop1:
 	add	$TX[0]#b,$YY#b
@@ -444,15 +452,23 @@ $code.=<<___;
 #rc4#	movl	$YY#d,-4($dat)
 
 	mov	40(%rsp),%r15
+.cfi_restore	%r15
 	mov	48(%rsp),%r14
+.cfi_restore	%r14
 	mov	56(%rsp),%r13
+.cfi_restore	%r13
 	mov	64(%rsp),%r12
+.cfi_restore	%r12
 	mov	72(%rsp),%rbp
+.cfi_restore	%rbp
 	mov	80(%rsp),%rbx
+.cfi_restore	%rbx
 	lea	88(%rsp),%rsp
+.cfi_adjust_cfa_offset	-88
 .Lepilogue:
 .Labort:
 	ret
+.cfi_endproc
 .size $func,.-$func
 ___
 
diff --git a/deps/openssl/openssl/crypto/rc4/asm/rc4-parisc.pl b/deps/openssl/openssl/crypto/rc4/asm/rc4-parisc.pl
index 006b6b01af..4111f339da 100644
--- a/deps/openssl/openssl/crypto/rc4/asm/rc4-parisc.pl
+++ b/deps/openssl/openssl/crypto/rc4/asm/rc4-parisc.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -8,7 +8,7 @@
 
 
 # ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
 # project. The module is, however, dual licensed under OpenSSL and
 # CRYPTOGAMS licenses depending on where you obtain it. For further
 # details see http://www.openssl.org/~appro/cryptogams/.
@@ -98,7 +98,7 @@ sub unrolledloopbody {
 for ($i=0;$i<4;$i++) {
 $code.=<<___;
 	ldo	1($XX[0]),$XX[1]
-	`sprintf("$LDX	%$TY(%$key),%$dat1") if ($i>0)`	
+	`sprintf("$LDX	%$TY(%$key),%$dat1") if ($i>0)`
 	and	$mask,$XX[1],$XX[1]
 	$LDX	$YY($key),$TY
 	$MKX	$YY,$key,$ix
@@ -166,7 +166,7 @@ RC4
 	ldo	`2*$SZ`($key),$key
 
 	ldi	0xff,$mask
-	ldi	3,$dat0		
+	ldi	3,$dat0
 
 	ldo	1($XX[0]),$XX[0]	; warm up loop
 	and	$mask,$XX[0],$XX[0]
@@ -313,9 +313,21 @@ L\$opts
 	.STRINGZ "rc4(4x,`$SZ==1?"char":"int"`)"
 	.STRINGZ "RC4 for PA-RISC, CRYPTOGAMS by <appro\@openssl.org>"
 ___
-$code =~ s/\`([^\`]*)\`/eval $1/gem;
-$code =~ s/cmpib,\*/comib,/gm	if ($SIZE_T==4);
-$code =~ s/\bbv\b/bve/gm	if ($SIZE_T==8);
 
-print $code;
+if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+	=~ /GNU assembler/) {
+    $gnuas = 1;
+}
+
+foreach(split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/ge;
+
+	s/(\.LEVEL\s+2\.0)W/$1w/	if ($gnuas && $SIZE_T==8);
+	s/\.SPACE\s+\$TEXT\$/.text/	if ($gnuas && $SIZE_T==8);
+	s/\.SUBSPA.*//			if ($gnuas && $SIZE_T==8);
+	s/cmpib,\*/comib,/		if ($SIZE_T==4);
+	s/\bbv\b/bve/			if ($SIZE_T==8);
+
+	print $_,"\n";
+}
 close STDOUT;
diff --git a/deps/openssl/openssl/crypto/rc4/asm/rc4-s390x.pl b/deps/openssl/openssl/crypto/rc4/asm/rc4-s390x.pl
index 5589503aa2..469f110faf 100644
--- a/deps/openssl/openssl/crypto/rc4/asm/rc4-s390x.pl
+++ b/deps/openssl/openssl/crypto/rc4/asm/rc4-s390x.pl
@@ -8,7 +8,7 @@
 
 #
 # ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
 # project. The module is, however, dual licensed under OpenSSL and
 # CRYPTOGAMS licenses depending on where you obtain it. For further
 # details see http://www.openssl.org/~appro/cryptogams/.
diff --git a/deps/openssl/openssl/crypto/rc4/asm/rc4-x86_64.pl b/deps/openssl/openssl/crypto/rc4/asm/rc4-x86_64.pl
index aaed2b1e61..1a9cc47d72 100755
--- a/deps/openssl/openssl/crypto/rc4/asm/rc4-x86_64.pl
+++ b/deps/openssl/openssl/crypto/rc4/asm/rc4-x86_64.pl
@@ -8,7 +8,7 @@
 
 #
 # ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
 # project. The module is, however, dual licensed under OpenSSL and
 # CRYPTOGAMS licenses depending on where you obtain it. For further
 # details see http://www.openssl.org/~appro/cryptogams/.
@@ -48,7 +48,7 @@
 
 # April 2005
 #
-# P4 EM64T core appears to be "allergic" to 64-bit inc/dec. Replacing 
+# P4 EM64T core appears to be "allergic" to 64-bit inc/dec. Replacing
 # those with add/sub results in 50% performance improvement of folded
 # loop...
 
@@ -88,7 +88,7 @@
 # The only code path that was not modified is P4-specific one. Non-P4
 # Intel code path optimization is heavily based on submission by Maxim
 # Perminov, Maxim Locktyukhin and Jim Guilford of Intel. I've used
-# some of the ideas even in attempt to optmize the original RC4_INT
+# some of the ideas even in attempt to optimize the original RC4_INT
 # code path... Current performance in cycles per processed byte (less
 # is better) and improvement coefficients relative to previous
 # version of this module are:
@@ -142,9 +142,13 @@ RC4:	or	$len,$len
 	jne	.Lentry
 	ret
 .Lentry:
+.cfi_startproc
 	push	%rbx
+.cfi_push	%rbx
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 .Lprologue:
 	mov	$len,%r11
 	mov	$inp,%r12
@@ -427,11 +431,16 @@ $code.=<<___;
 	movl	$YY#d,-4($dat)
 
 	mov	(%rsp),%r13
+.cfi_restore	%r13
 	mov	8(%rsp),%r12
+.cfi_restore	%r12
 	mov	16(%rsp),%rbx
+.cfi_restore	%rbx
 	add	\$24,%rsp
+.cfi_adjust_cfa_offset	-24
 .Lepilogue:
 	ret
+.cfi_endproc
 .size	RC4,.-RC4
 ___
 }
diff --git a/deps/openssl/openssl/crypto/rc4/build.info b/deps/openssl/openssl/crypto/rc4/build.info
index 000fd6bc0d..46ee66b61c 100644
--- a/deps/openssl/openssl/crypto/rc4/build.info
+++ b/deps/openssl/openssl/crypto/rc4/build.info
@@ -2,7 +2,8 @@ LIBS=../../libcrypto
 SOURCE[../../libcrypto]=\
         {- $target{rc4_asm_src} -}
 
-GENERATE[rc4-586.s]=asm/rc4-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR)
+GENERATE[rc4-586.s]=asm/rc4-586.pl \
+        $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR)
 DEPEND[rc4-586.s]=../perlasm/x86asm.pl
 
 GENERATE[rc4-x86_64.s]=asm/rc4-x86_64.pl $(PERLASM_SCHEME)
@@ -10,25 +11,7 @@ GENERATE[rc4-md5-x86_64.s]=asm/rc4-md5-x86_64.pl $(PERLASM_SCHEME)
 
 GENERATE[rc4-parisc.s]=asm/rc4-parisc.pl $(PERLASM_SCHEME)
 
-GENERATE[rc4-s390x.s]=asm/rc4-s390x.pl $(PERLASM_SCHEME)
-
-BEGINRAW[makefile(windows)]
-{- $builddir -}\rc4-ia64.asm: {- $sourcedir -}\asm\rc4-ia64.pl
-	$(PERL) {- $sourcedir -}\asm\rc4-ia64.pl $@.S
-	$(CC) -DSZ=4 -EP $@.S > $@.i && move /Y $@.i $@
-	del /Q $@.S
-ENDRAW[makefile(windows)]
-
 BEGINRAW[Makefile]
-{- $builddir -}/rc4-ia64.s: {- $sourcedir -}/asm/rc4-ia64.pl
-	@(trap "rm $@.*" INT 0; \
-	  $(PERL) {- $sourcedir -}/asm/rc4-ia64.pl $(CFLAGS) $(LIB_CFLAGS) $@.S; \
-	  case `awk '/^#define RC4_INT/{print$$NF}' $(BLDDIR)/include/openssl/opensslconf.h` in \
-	  int)	set -x; $(CC) $(CFLAGS) $(LIB_CFLAGS) -DSZ=4 -E $@.S > $@.i && mv -f $@.i $@;; \
-	  char)	set -x; $(CC) $(CFLAGS) $(LIB_CFLAGS) -DSZ=1 -E $@.S > $@.i && mv -f $@.i $@;; \
-	  *)	exit 1 ;; \
-	  esac )
-
 # GNU make "catch all"
 {- $builddir -}/rc4-%.s:	{- $sourcedir -}/asm/rc4-%.pl
 	CC="$(CC)" $(PERL) $< $(PERLASM_SCHEME) $@
diff --git a/deps/openssl/openssl/crypto/rc4/rc4_enc.c b/deps/openssl/openssl/crypto/rc4/rc4_enc.c
index be11bade7b..638a75bb06 100644
--- a/deps/openssl/openssl/crypto/rc4/rc4_enc.c
+++ b/deps/openssl/openssl/crypto/rc4/rc4_enc.c
@@ -13,7 +13,6 @@
 /*-
  * RC4 as implemented from a posting from
  * Newsgroups: sci.crypt
- * From: sterndark@netcom.com (David Sterndark)
  * Subject: RC4 Algorithm revealed.
  * Message-ID: <sternCvKL4B.Hyy@netcom.com>
  * Date: Wed, 14 Sep 1994 06:35:31 GMT
diff --git a/deps/openssl/openssl/crypto/rc4/rc4_skey.c b/deps/openssl/openssl/crypto/rc4/rc4_skey.c
index 16f81a4d3e..e9007331eb 100644
--- a/deps/openssl/openssl/crypto/rc4/rc4_skey.c
+++ b/deps/openssl/openssl/crypto/rc4/rc4_skey.c
@@ -14,15 +14,14 @@
 const char *RC4_options(void)
 {
     if (sizeof(RC4_INT) == 1)
-        return ("rc4(char)");
+        return "rc4(char)";
     else
-        return ("rc4(int)");
+        return "rc4(int)";
 }
 
 /*-
  * RC4 as implemented from a posting from
  * Newsgroups: sci.crypt
- * From: sterndark@netcom.com (David Sterndark)
  * Subject: RC4 Algorithm revealed.
  * Message-ID: <sternCvKL4B.Hyy@netcom.com>
  * Date: Wed, 14 Sep 1994 06:35:31 GMT
diff --git a/deps/openssl/openssl/crypto/rc5/asm/rc5-586.pl b/deps/openssl/openssl/crypto/rc5/asm/rc5-586.pl
index e3e1c64242..e58a98bc83 100644
--- a/deps/openssl/openssl/crypto/rc5/asm/rc5-586.pl
+++ b/deps/openssl/openssl/crypto/rc5/asm/rc5-586.pl
@@ -15,7 +15,7 @@ require "cbc.pl";
 $output = pop;
 open STDOUT,">$output";
 
-&asm_init($ARGV[0],"rc5-586.pl");
+&asm_init($ARGV[0]);
 
 $RC5_MAX_ROUNDS=16;
 $RC5_32_OFF=($RC5_MAX_ROUNDS+2)*4;
diff --git a/deps/openssl/openssl/crypto/rc5/build.info b/deps/openssl/openssl/crypto/rc5/build.info
index baf8a0effe..928a62cd85 100644
--- a/deps/openssl/openssl/crypto/rc5/build.info
+++ b/deps/openssl/openssl/crypto/rc5/build.info
@@ -2,5 +2,6 @@ LIBS=../../libcrypto
 SOURCE[../../libcrypto]=\
         rc5_skey.c rc5_ecb.c {- $target{rc5_asm_src} -} rc5cfb64.c rc5ofb64.c
 
-GENERATE[rc5-586.s]=asm/rc5-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS)
+GENERATE[rc5-586.s]=asm/rc5-586.pl \
+        $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS)
 DEPEND[rc5-586.s]=../perlasm/x86asm.pl ../perlasm/cbc.pl
diff --git a/deps/openssl/openssl/crypto/ripemd/asm/rmd-586.pl b/deps/openssl/openssl/crypto/ripemd/asm/rmd-586.pl
index 544c496f07..84aa7ced17 100644
--- a/deps/openssl/openssl/crypto/ripemd/asm/rmd-586.pl
+++ b/deps/openssl/openssl/crypto/ripemd/asm/rmd-586.pl
@@ -19,7 +19,7 @@ require "x86asm.pl";
 $output=pop;
 open STDOUT,">$output";
 
-&asm_init($ARGV[0],$0);
+&asm_init($ARGV[0]);
 
 $A="ecx";
 $B="esi";
@@ -34,7 +34,7 @@ $KL2=0x6ED9EBA1;
 $KL3=0x8F1BBCDC;
 $KL4=0xA953FD4E;
 $KR0=0x50A28BE6;
-$KR1=0x5C4DD124; 
+$KR1=0x5C4DD124;
 $KR2=0x6D703EF3;
 $KR3=0x7A6D76E9;
 
@@ -339,7 +339,6 @@ sub ripemd160_block
 			  # aligned. The good news are that gcc-2.95
 			  # and later does keep first argument at
 			  # least double-wise aligned.
-			  #			<appro@fy.chalmers.se>
 
 	&set_label("start") unless $normal;
 	&comment("");
@@ -543,28 +542,28 @@ sub ripemd160_block
 	# &mov($tmp2,	&wparam(0)); # Moved into last round
 
 	 &mov($tmp1,	&DWP( 4,$tmp2,"",0));	# ctx->B
- 	&add($D,	$tmp1);	
+ 	&add($D,	$tmp1);
 	 &mov($tmp1,	&swtmp(16+2));		# $c
 	&add($D,	$tmp1);
 
 	 &mov($tmp1,	&DWP( 8,$tmp2,"",0));	# ctx->C
-	&add($E,	$tmp1);	
+	&add($E,	$tmp1);
 	 &mov($tmp1,	&swtmp(16+3));		# $d
 	&add($E,	$tmp1);
 
 	 &mov($tmp1,	&DWP(12,$tmp2,"",0));	# ctx->D
-	&add($A,	$tmp1);	
+	&add($A,	$tmp1);
 	 &mov($tmp1,	&swtmp(16+4));		# $e
 	&add($A,	$tmp1);
 
 
 	 &mov($tmp1,	&DWP(16,$tmp2,"",0));	# ctx->E
-	&add($B,	$tmp1);	
+	&add($B,	$tmp1);
 	 &mov($tmp1,	&swtmp(16+0));		# $a
 	&add($B,	$tmp1);
 
 	 &mov($tmp1,	&DWP( 0,$tmp2,"",0));	# ctx->A
-	&add($C,	$tmp1);	
+	&add($C,	$tmp1);
 	 &mov($tmp1,	&swtmp(16+1));		# $b
 	&add($C,	$tmp1);
 
diff --git a/deps/openssl/openssl/crypto/ripemd/build.info b/deps/openssl/openssl/crypto/ripemd/build.info
index c45050cb29..a4a894e2d1 100644
--- a/deps/openssl/openssl/crypto/ripemd/build.info
+++ b/deps/openssl/openssl/crypto/ripemd/build.info
@@ -2,5 +2,6 @@ LIBS=../../libcrypto
 SOURCE[../../libcrypto]=\
         rmd_dgst.c rmd_one.c {- $target{rmd160_asm_src} -}
 
-GENERATE[rmd-586.s]=asm/rmd-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS)
+GENERATE[rmd-586.s]=asm/rmd-586.pl \
+        $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS)
 DEPEND[rmd-586.s]=../perlasm/x86asm.pl
diff --git a/deps/openssl/openssl/crypto/ripemd/rmd_locl.h b/deps/openssl/openssl/crypto/ripemd/rmd_locl.h
index 9c5ba15130..f1ae4323ca 100644
--- a/deps/openssl/openssl/crypto/ripemd/rmd_locl.h
+++ b/deps/openssl/openssl/crypto/ripemd/rmd_locl.h
@@ -15,7 +15,6 @@
 /*
  * DO EXAMINE COMMENTS IN crypto/md5/md5_locl.h & crypto/md5/md5_dgst.c
  * FOR EXPLANATIONS ON FOLLOWING "CODE."
- *                                      <appro@fy.chalmers.se>
  */
 #ifdef RMD160_ASM
 # if defined(__i386) || defined(__i386__) || defined(_M_IX86)
@@ -46,7 +45,7 @@ void ripemd160_block_data_order(RIPEMD160_CTX *c, const void *p, size_t num);
 #include "internal/md32_common.h"
 
 /*
- * Transformed F2 and F4 are courtesy of Wei Dai <weidai@eskimo.com>
+ * Transformed F2 and F4 are courtesy of Wei Dai
  */
 #define F1(x,y,z)       ((x) ^ (y) ^ (z))
 #define F2(x,y,z)       ((((y) ^ (z)) & (x)) ^ (z))
diff --git a/deps/openssl/openssl/crypto/ripemd/rmd_one.c b/deps/openssl/openssl/crypto/ripemd/rmd_one.c
index c3193bd723..cc01f15c7f 100644
--- a/deps/openssl/openssl/crypto/ripemd/rmd_one.c
+++ b/deps/openssl/openssl/crypto/ripemd/rmd_one.c
@@ -24,5 +24,5 @@ unsigned char *RIPEMD160(const unsigned char *d, size_t n, unsigned char *md)
     RIPEMD160_Update(&c, d, n);
     RIPEMD160_Final(md, &c);
     OPENSSL_cleanse(&c, sizeof(c)); /* security consideration */
-    return (md);
+    return md;
 }
diff --git a/deps/openssl/openssl/crypto/rsa/build.info b/deps/openssl/openssl/crypto/rsa/build.info
index 39b7464b0e..87f924922f 100644
--- a/deps/openssl/openssl/crypto/rsa/build.info
+++ b/deps/openssl/openssl/crypto/rsa/build.info
@@ -1,6 +1,6 @@
 LIBS=../../libcrypto
 SOURCE[../../libcrypto]=\
         rsa_ossl.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c \
-        rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c rsa_null.c \
+        rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c \
         rsa_pss.c rsa_x931.c rsa_asn1.c rsa_depr.c rsa_ameth.c rsa_prn.c \
-        rsa_pmeth.c rsa_crpt.c rsa_x931g.c rsa_meth.c
+        rsa_pmeth.c rsa_crpt.c rsa_x931g.c rsa_meth.c rsa_mp.c
diff --git a/deps/openssl/openssl/crypto/rsa/rsa_ameth.c b/deps/openssl/openssl/crypto/rsa/rsa_ameth.c
index 4a12276a31..a6595aec05 100644
--- a/deps/openssl/openssl/crypto/rsa/rsa_ameth.c
+++ b/deps/openssl/openssl/crypto/rsa/rsa_ameth.c
@@ -24,15 +24,68 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri);
 static int rsa_cms_encrypt(CMS_RecipientInfo *ri);
 #endif
 
+static RSA_PSS_PARAMS *rsa_pss_decode(const X509_ALGOR *alg);
+
+/* Set any parameters associated with pkey */
+static int rsa_param_encode(const EVP_PKEY *pkey,
+                            ASN1_STRING **pstr, int *pstrtype)
+{
+    const RSA *rsa = pkey->pkey.rsa;
+
+    *pstr = NULL;
+    /* If RSA it's just NULL type */
+    if (pkey->ameth->pkey_id == EVP_PKEY_RSA) {
+        *pstrtype = V_ASN1_NULL;
+        return 1;
+    }
+    /* If no PSS parameters we omit parameters entirely */
+    if (rsa->pss == NULL) {
+        *pstrtype = V_ASN1_UNDEF;
+        return 1;
+    }
+    /* Encode PSS parameters */
+    if (ASN1_item_pack(rsa->pss, ASN1_ITEM_rptr(RSA_PSS_PARAMS), pstr) == NULL)
+        return 0;
+
+    *pstrtype = V_ASN1_SEQUENCE;
+    return 1;
+}
+/* Decode any parameters and set them in RSA structure */
+static int rsa_param_decode(RSA *rsa, const X509_ALGOR *alg)
+{
+    const ASN1_OBJECT *algoid;
+    const void *algp;
+    int algptype;
+
+    X509_ALGOR_get0(&algoid, &algptype, &algp, alg);
+    if (OBJ_obj2nid(algoid) == EVP_PKEY_RSA)
+        return 1;
+    if (algptype == V_ASN1_UNDEF)
+        return 1;
+    if (algptype != V_ASN1_SEQUENCE) {
+        RSAerr(RSA_F_RSA_PARAM_DECODE, RSA_R_INVALID_PSS_PARAMETERS);
+        return 0;
+    }
+    rsa->pss = rsa_pss_decode(alg);
+    if (rsa->pss == NULL)
+        return 0;
+    return 1;
+}
+
 static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
 {
     unsigned char *penc = NULL;
     int penclen;
+    ASN1_STRING *str;
+    int strtype;
+
+    if (!rsa_param_encode(pkey, &str, &strtype))
+        return 0;
     penclen = i2d_RSAPublicKey(pkey->pkey.rsa, &penc);
     if (penclen <= 0)
         return 0;
-    if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_RSA),
-                               V_ASN1_NULL, NULL, penc, penclen))
+    if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(pkey->ameth->pkey_id),
+                               strtype, str, penc, penclen))
         return 1;
 
     OPENSSL_free(penc);
@@ -43,15 +96,20 @@ static int rsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
 {
     const unsigned char *p;
     int pklen;
+    X509_ALGOR *alg;
     RSA *rsa = NULL;
 
-    if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, NULL, pubkey))
+    if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &alg, pubkey))
         return 0;
     if ((rsa = d2i_RSAPublicKey(NULL, &p, pklen)) == NULL) {
         RSAerr(RSA_F_RSA_PUB_DECODE, ERR_R_RSA_LIB);
         return 0;
     }
-    EVP_PKEY_assign_RSA(pkey, rsa);
+    if (!rsa_param_decode(rsa, alg)) {
+        RSA_free(rsa);
+        return 0;
+    }
+    EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, rsa);
     return 1;
 }
 
@@ -72,7 +130,7 @@ static int old_rsa_priv_decode(EVP_PKEY *pkey,
         RSAerr(RSA_F_OLD_RSA_PRIV_DECODE, ERR_R_RSA_LIB);
         return 0;
     }
-    EVP_PKEY_assign_RSA(pkey, rsa);
+    EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, rsa);
     return 1;
 }
 
@@ -85,16 +143,23 @@ static int rsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
 {
     unsigned char *rk = NULL;
     int rklen;
+    ASN1_STRING *str;
+    int strtype;
+
+    if (!rsa_param_encode(pkey, &str, &strtype))
+        return 0;
     rklen = i2d_RSAPrivateKey(pkey->pkey.rsa, &rk);
 
     if (rklen <= 0) {
         RSAerr(RSA_F_RSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
+        ASN1_STRING_free(str);
         return 0;
     }
 
-    if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_rsaEncryption), 0,
-                         V_ASN1_NULL, NULL, rk, rklen)) {
+    if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(pkey->ameth->pkey_id), 0,
+                         strtype, str, rk, rklen)) {
         RSAerr(RSA_F_RSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
+        ASN1_STRING_free(str);
         return 0;
     }
 
@@ -104,10 +169,23 @@ static int rsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
 static int rsa_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8)
 {
     const unsigned char *p;
+    RSA *rsa;
     int pklen;
-    if (!PKCS8_pkey_get0(NULL, &p, &pklen, NULL, p8))
+    const X509_ALGOR *alg;
+
+    if (!PKCS8_pkey_get0(NULL, &p, &pklen, &alg, p8))
         return 0;
-    return old_rsa_priv_decode(pkey, &p, pklen);
+    rsa = d2i_RSAPrivateKey(NULL, &p, pklen);
+    if (rsa == NULL) {
+        RSAerr(RSA_F_RSA_PRIV_DECODE, ERR_R_RSA_LIB);
+        return 0;
+    }
+    if (!rsa_param_decode(rsa, alg)) {
+        RSA_free(rsa);
+        return 0;
+    }
+    EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, rsa);
+    return 1;
 }
 
 static int int_rsa_size(const EVP_PKEY *pkey)
@@ -130,104 +208,40 @@ static void int_rsa_free(EVP_PKEY *pkey)
     RSA_free(pkey->pkey.rsa);
 }
 
-static int do_rsa_print(BIO *bp, const RSA *x, int off, int priv)
-{
-    char *str;
-    const char *s;
-    int ret = 0, mod_len = 0;
-
-    if (x->n != NULL)
-        mod_len = BN_num_bits(x->n);
-
-    if (!BIO_indent(bp, off, 128))
-        goto err;
-
-    if (priv && x->d) {
-        if (BIO_printf(bp, "Private-Key: (%d bit)\n", mod_len) <= 0)
-            goto err;
-        str = "modulus:";
-        s = "publicExponent:";
-    } else {
-        if (BIO_printf(bp, "Public-Key: (%d bit)\n", mod_len) <= 0)
-            goto err;
-        str = "Modulus:";
-        s = "Exponent:";
-    }
-    if (!ASN1_bn_print(bp, str, x->n, NULL, off))
-        goto err;
-    if (!ASN1_bn_print(bp, s, x->e, NULL, off))
-        goto err;
-    if (priv) {
-        if (!ASN1_bn_print(bp, "privateExponent:", x->d, NULL, off))
-            goto err;
-        if (!ASN1_bn_print(bp, "prime1:", x->p, NULL, off))
-            goto err;
-        if (!ASN1_bn_print(bp, "prime2:", x->q, NULL, off))
-            goto err;
-        if (!ASN1_bn_print(bp, "exponent1:", x->dmp1, NULL, off))
-            goto err;
-        if (!ASN1_bn_print(bp, "exponent2:", x->dmq1, NULL, off))
-            goto err;
-        if (!ASN1_bn_print(bp, "coefficient:", x->iqmp, NULL, off))
-            goto err;
-    }
-    ret = 1;
- err:
-    return (ret);
-}
-
-static int rsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent,
-                         ASN1_PCTX *ctx)
-{
-    return do_rsa_print(bp, pkey->pkey.rsa, indent, 0);
-}
-
-static int rsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent,
-                          ASN1_PCTX *ctx)
-{
-    return do_rsa_print(bp, pkey->pkey.rsa, indent, 1);
-}
-
-/* Given an MGF1 Algorithm ID decode to an Algorithm Identifier */
 static X509_ALGOR *rsa_mgf1_decode(X509_ALGOR *alg)
 {
-    if (alg == NULL)
-        return NULL;
     if (OBJ_obj2nid(alg->algorithm) != NID_mgf1)
         return NULL;
     return ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(X509_ALGOR),
                                      alg->parameter);
 }
 
-static RSA_PSS_PARAMS *rsa_pss_decode(const X509_ALGOR *alg,
-                                      X509_ALGOR **pmaskHash)
-{
-    RSA_PSS_PARAMS *pss;
-
-    *pmaskHash = NULL;
-
-    pss = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(RSA_PSS_PARAMS),
-                                    alg->parameter);
-
-    if (!pss)
-        return NULL;
-
-    *pmaskHash = rsa_mgf1_decode(pss->maskGenAlgorithm);
-
-    return pss;
-}
-
-static int rsa_pss_param_print(BIO *bp, RSA_PSS_PARAMS *pss,
-                               X509_ALGOR *maskHash, int indent)
+static int rsa_pss_param_print(BIO *bp, int pss_key, RSA_PSS_PARAMS *pss,
+                               int indent)
 {
     int rv = 0;
-    if (!pss) {
-        if (BIO_puts(bp, " (INVALID PSS PARAMETERS)\n") <= 0)
+    X509_ALGOR *maskHash = NULL;
+
+    if (!BIO_indent(bp, indent, 128))
+        goto err;
+    if (pss_key) {
+        if (pss == NULL) {
+            if (BIO_puts(bp, "No PSS parameter restrictions\n") <= 0)
+                return 0;
+            return 1;
+        } else {
+            if (BIO_puts(bp, "PSS parameter restrictions:") <= 0)
+                return 0;
+        }
+    } else if (pss == NULL) {
+        if (BIO_puts(bp,"(INVALID PSS PARAMETERS)\n") <= 0)
             return 0;
         return 1;
     }
     if (BIO_puts(bp, "\n") <= 0)
         goto err;
+    if (pss_key)
+        indent += 2;
     if (!BIO_indent(bp, indent, 128))
         goto err;
     if (BIO_puts(bp, "Hash Algorithm: ") <= 0)
@@ -236,8 +250,9 @@ static int rsa_pss_param_print(BIO *bp, RSA_PSS_PARAMS *pss,
     if (pss->hashAlgorithm) {
         if (i2a_ASN1_OBJECT(bp, pss->hashAlgorithm->algorithm) <= 0)
             goto err;
-    } else if (BIO_puts(bp, "sha1 (default)") <= 0)
+    } else if (BIO_puts(bp, "sha1 (default)") <= 0) {
         goto err;
+    }
 
     if (BIO_puts(bp, "\n") <= 0)
         goto err;
@@ -252,24 +267,28 @@ static int rsa_pss_param_print(BIO *bp, RSA_PSS_PARAMS *pss,
             goto err;
         if (BIO_puts(bp, " with ") <= 0)
             goto err;
-        if (maskHash) {
+        maskHash = rsa_mgf1_decode(pss->maskGenAlgorithm);
+        if (maskHash != NULL) {
             if (i2a_ASN1_OBJECT(bp, maskHash->algorithm) <= 0)
                 goto err;
-        } else if (BIO_puts(bp, "INVALID") <= 0)
+        } else if (BIO_puts(bp, "INVALID") <= 0) {
             goto err;
-    } else if (BIO_puts(bp, "mgf1 with sha1 (default)") <= 0)
+        }
+    } else if (BIO_puts(bp, "mgf1 with sha1 (default)") <= 0) {
         goto err;
+    }
     BIO_puts(bp, "\n");
 
     if (!BIO_indent(bp, indent, 128))
         goto err;
-    if (BIO_puts(bp, "Salt Length: 0x") <= 0)
+    if (BIO_printf(bp, "%s Salt Length: 0x", pss_key ? "Minimum" : "") <= 0)
         goto err;
     if (pss->saltLength) {
         if (i2a_ASN1_INTEGER(bp, pss->saltLength) <= 0)
             goto err;
-    } else if (BIO_puts(bp, "14 (default)") <= 0)
+    } else if (BIO_puts(bp, "14 (default)") <= 0) {
         goto err;
+    }
     BIO_puts(bp, "\n");
 
     if (!BIO_indent(bp, indent, 128))
@@ -279,32 +298,155 @@ static int rsa_pss_param_print(BIO *bp, RSA_PSS_PARAMS *pss,
     if (pss->trailerField) {
         if (i2a_ASN1_INTEGER(bp, pss->trailerField) <= 0)
             goto err;
-    } else if (BIO_puts(bp, "BC (default)") <= 0)
+    } else if (BIO_puts(bp, "BC (default)") <= 0) {
         goto err;
+    }
     BIO_puts(bp, "\n");
 
     rv = 1;
 
  err:
+    X509_ALGOR_free(maskHash);
     return rv;
 
 }
 
+static int pkey_rsa_print(BIO *bp, const EVP_PKEY *pkey, int off, int priv)
+{
+    const RSA *x = pkey->pkey.rsa;
+    char *str;
+    const char *s;
+    int ret = 0, mod_len = 0, ex_primes;
+
+    if (x->n != NULL)
+        mod_len = BN_num_bits(x->n);
+    ex_primes = sk_RSA_PRIME_INFO_num(x->prime_infos);
+
+    if (!BIO_indent(bp, off, 128))
+        goto err;
+
+    if (BIO_printf(bp, "%s ", pkey_is_pss(pkey) ?  "RSA-PSS" : "RSA") <= 0)
+        goto err;
+
+    if (priv && x->d) {
+        if (BIO_printf(bp, "Private-Key: (%d bit, %d primes)\n",
+                       mod_len, ex_primes <= 0 ? 2 : ex_primes + 2) <= 0)
+            goto err;
+        str = "modulus:";
+        s = "publicExponent:";
+    } else {
+        if (BIO_printf(bp, "Public-Key: (%d bit)\n", mod_len) <= 0)
+            goto err;
+        str = "Modulus:";
+        s = "Exponent:";
+    }
+    if (!ASN1_bn_print(bp, str, x->n, NULL, off))
+        goto err;
+    if (!ASN1_bn_print(bp, s, x->e, NULL, off))
+        goto err;
+    if (priv) {
+        int i;
+
+        if (!ASN1_bn_print(bp, "privateExponent:", x->d, NULL, off))
+            goto err;
+        if (!ASN1_bn_print(bp, "prime1:", x->p, NULL, off))
+            goto err;
+        if (!ASN1_bn_print(bp, "prime2:", x->q, NULL, off))
+            goto err;
+        if (!ASN1_bn_print(bp, "exponent1:", x->dmp1, NULL, off))
+            goto err;
+        if (!ASN1_bn_print(bp, "exponent2:", x->dmq1, NULL, off))
+            goto err;
+        if (!ASN1_bn_print(bp, "coefficient:", x->iqmp, NULL, off))
+            goto err;
+        for (i = 0; i < sk_RSA_PRIME_INFO_num(x->prime_infos); i++) {
+            /* print multi-prime info */
+            BIGNUM *bn = NULL;
+            RSA_PRIME_INFO *pinfo;
+            int j;
+
+            pinfo = sk_RSA_PRIME_INFO_value(x->prime_infos, i);
+            for (j = 0; j < 3; j++) {
+                if (!BIO_indent(bp, off, 128))
+                    goto err;
+                switch (j) {
+                case 0:
+                    if (BIO_printf(bp, "prime%d:", i + 3) <= 0)
+                        goto err;
+                    bn = pinfo->r;
+                    break;
+                case 1:
+                    if (BIO_printf(bp, "exponent%d:", i + 3) <= 0)
+                        goto err;
+                    bn = pinfo->d;
+                    break;
+                case 2:
+                    if (BIO_printf(bp, "coefficient%d:", i + 3) <= 0)
+                        goto err;
+                    bn = pinfo->t;
+                    break;
+                default:
+                    break;
+                }
+                if (!ASN1_bn_print(bp, "", bn, NULL, off))
+                    goto err;
+            }
+        }
+    }
+    if (pkey_is_pss(pkey) && !rsa_pss_param_print(bp, 1, x->pss, off))
+        goto err;
+    ret = 1;
+ err:
+    return ret;
+}
+
+static int rsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                         ASN1_PCTX *ctx)
+{
+    return pkey_rsa_print(bp, pkey, indent, 0);
+}
+
+static int rsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                          ASN1_PCTX *ctx)
+{
+    return pkey_rsa_print(bp, pkey, indent, 1);
+}
+
+static RSA_PSS_PARAMS *rsa_pss_decode(const X509_ALGOR *alg)
+{
+    RSA_PSS_PARAMS *pss;
+
+    pss = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(RSA_PSS_PARAMS),
+                                    alg->parameter);
+
+    if (pss == NULL)
+        return NULL;
+
+    if (pss->maskGenAlgorithm != NULL) {
+        pss->maskHash = rsa_mgf1_decode(pss->maskGenAlgorithm);
+        if (pss->maskHash == NULL) {
+            RSA_PSS_PARAMS_free(pss);
+            return NULL;
+        }
+    }
+
+    return pss;
+}
+
 static int rsa_sig_print(BIO *bp, const X509_ALGOR *sigalg,
                          const ASN1_STRING *sig, int indent, ASN1_PCTX *pctx)
 {
-    if (OBJ_obj2nid(sigalg->algorithm) == NID_rsassaPss) {
+    if (OBJ_obj2nid(sigalg->algorithm) == EVP_PKEY_RSA_PSS) {
         int rv;
-        RSA_PSS_PARAMS *pss;
-        X509_ALGOR *maskHash;
-        pss = rsa_pss_decode(sigalg, &maskHash);
-        rv = rsa_pss_param_print(bp, pss, maskHash, indent);
+        RSA_PSS_PARAMS *pss = rsa_pss_decode(sigalg);
+
+        rv = rsa_pss_param_print(bp, 0, pss, indent);
         RSA_PSS_PARAMS_free(pss);
-        X509_ALGOR_free(maskHash);
         if (!rv)
             return 0;
-    } else if (!sig && BIO_puts(bp, "\n") <= 0)
+    } else if (!sig && BIO_puts(bp, "\n") <= 0) {
         return 0;
+    }
     if (sig)
         return X509_signature_dump(bp, sig, indent);
     return 1;
@@ -313,6 +455,7 @@ static int rsa_sig_print(BIO *bp, const X509_ALGOR *sigalg,
 static int rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
 {
     X509_ALGOR *alg = NULL;
+
     switch (op) {
 
     case ASN1_PKEY_CTRL_PKCS7_SIGN:
@@ -321,6 +464,8 @@ static int rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
         break;
 
     case ASN1_PKEY_CTRL_PKCS7_ENCRYPT:
+        if (pkey_is_pss(pkey))
+            return -2;
         if (arg1 == 0)
             PKCS7_RECIP_INFO_get0_alg(arg2, &alg);
         break;
@@ -333,6 +478,8 @@ static int rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
         break;
 
     case ASN1_PKEY_CTRL_CMS_ENVELOPE:
+        if (pkey_is_pss(pkey))
+            return -2;
         if (arg1 == 0)
             return rsa_cms_encrypt(arg2);
         else if (arg1 == 1)
@@ -340,6 +487,8 @@ static int rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
         break;
 
     case ASN1_PKEY_CTRL_CMS_RI_TYPE:
+        if (pkey_is_pss(pkey))
+            return -2;
         *(int *)arg2 = CMS_RECIPINFO_TRANS;
         return 1;
 #endif
@@ -363,7 +512,7 @@ static int rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
 /* allocate and set algorithm ID from EVP_MD, default SHA1 */
 static int rsa_md_to_algor(X509_ALGOR **palg, const EVP_MD *md)
 {
-    if (EVP_MD_type(md) == NID_sha1)
+    if (md == NULL || EVP_MD_type(md) == NID_sha1)
         return 1;
     *palg = X509_ALGOR_new();
     if (*palg == NULL)
@@ -377,13 +526,14 @@ static int rsa_md_to_mgf1(X509_ALGOR **palg, const EVP_MD *mgf1md)
 {
     X509_ALGOR *algtmp = NULL;
     ASN1_STRING *stmp = NULL;
+
     *palg = NULL;
-    if (EVP_MD_type(mgf1md) == NID_sha1)
+    if (mgf1md == NULL || EVP_MD_type(mgf1md) == NID_sha1)
         return 1;
     /* need to embed algorithm ID inside another */
     if (!rsa_md_to_algor(&algtmp, mgf1md))
         goto err;
-    if (!ASN1_item_pack(algtmp, ASN1_ITEM_rptr(X509_ALGOR), &stmp))
+    if (ASN1_item_pack(algtmp, ASN1_ITEM_rptr(X509_ALGOR), &stmp) == NULL)
          goto err;
     *palg = X509_ALGOR_new();
     if (*palg == NULL)
@@ -402,6 +552,7 @@ static int rsa_md_to_mgf1(X509_ALGOR **palg, const EVP_MD *mgf1md)
 static const EVP_MD *rsa_algor_to_md(X509_ALGOR *alg)
 {
     const EVP_MD *md;
+
     if (!alg)
         return EVP_sha1();
     md = EVP_get_digestbyobj(alg->algorithm);
@@ -410,55 +561,39 @@ static const EVP_MD *rsa_algor_to_md(X509_ALGOR *alg)
     return md;
 }
 
-/* convert MGF1 algorithm ID to EVP_MD, default SHA1 */
-static const EVP_MD *rsa_mgf1_to_md(X509_ALGOR *alg, X509_ALGOR *maskHash)
-{
-    const EVP_MD *md;
-    if (!alg)
-        return EVP_sha1();
-    /* Check mask and lookup mask hash algorithm */
-    if (OBJ_obj2nid(alg->algorithm) != NID_mgf1) {
-        RSAerr(RSA_F_RSA_MGF1_TO_MD, RSA_R_UNSUPPORTED_MASK_ALGORITHM);
-        return NULL;
-    }
-    if (!maskHash) {
-        RSAerr(RSA_F_RSA_MGF1_TO_MD, RSA_R_UNSUPPORTED_MASK_PARAMETER);
-        return NULL;
-    }
-    md = EVP_get_digestbyobj(maskHash->algorithm);
-    if (md == NULL) {
-        RSAerr(RSA_F_RSA_MGF1_TO_MD, RSA_R_UNKNOWN_MASK_DIGEST);
-        return NULL;
-    }
-    return md;
-}
-
 /*
- * Convert EVP_PKEY_CTX is PSS mode into corresponding algorithm parameter,
+ * Convert EVP_PKEY_CTX in PSS mode into corresponding algorithm parameter,
  * suitable for setting an AlgorithmIdentifier.
  */
 
-static ASN1_STRING *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx)
+static RSA_PSS_PARAMS *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx)
 {
     const EVP_MD *sigmd, *mgf1md;
-    RSA_PSS_PARAMS *pss = NULL;
-    ASN1_STRING *os = NULL;
     EVP_PKEY *pk = EVP_PKEY_CTX_get0_pkey(pkctx);
-    int saltlen, rv = 0;
+    int saltlen;
+
     if (EVP_PKEY_CTX_get_signature_md(pkctx, &sigmd) <= 0)
-        goto err;
+        return NULL;
     if (EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) <= 0)
-        goto err;
+        return NULL;
     if (!EVP_PKEY_CTX_get_rsa_pss_saltlen(pkctx, &saltlen))
-        goto err;
-    if (saltlen == -1)
+        return NULL;
+    if (saltlen == -1) {
         saltlen = EVP_MD_size(sigmd);
-    else if (saltlen == -2) {
+    } else if (saltlen == -2) {
         saltlen = EVP_PKEY_size(pk) - EVP_MD_size(sigmd) - 2;
-        if (((EVP_PKEY_bits(pk) - 1) & 0x7) == 0)
+        if ((EVP_PKEY_bits(pk) & 0x7) == 1)
             saltlen--;
     }
-    pss = RSA_PSS_PARAMS_new();
+
+    return rsa_pss_params_create(sigmd, mgf1md, saltlen);
+}
+
+RSA_PSS_PARAMS *rsa_pss_params_create(const EVP_MD *sigmd,
+                                      const EVP_MD *mgf1md, int saltlen)
+{
+    RSA_PSS_PARAMS *pss = RSA_PSS_PARAMS_new();
+
     if (pss == NULL)
         goto err;
     if (saltlen != 20) {
@@ -470,20 +605,31 @@ static ASN1_STRING *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx)
     }
     if (!rsa_md_to_algor(&pss->hashAlgorithm, sigmd))
         goto err;
+    if (mgf1md == NULL)
+        mgf1md = sigmd;
     if (!rsa_md_to_mgf1(&pss->maskGenAlgorithm, mgf1md))
         goto err;
-    /* Finally create string with pss parameter encoding. */
-    if (!ASN1_item_pack(pss, ASN1_ITEM_rptr(RSA_PSS_PARAMS), &os))
-         goto err;
-    rv = 1;
+    if (!rsa_md_to_algor(&pss->maskHash, mgf1md))
+        goto err;
+    return pss;
  err:
     RSA_PSS_PARAMS_free(pss);
-    if (rv)
-        return os;
-    ASN1_STRING_free(os);
     return NULL;
 }
 
+static ASN1_STRING *rsa_ctx_to_pss_string(EVP_PKEY_CTX *pkctx)
+{
+    RSA_PSS_PARAMS *pss = rsa_ctx_to_pss(pkctx);
+    ASN1_STRING *os;
+
+    if (pss == NULL)
+        return NULL;
+
+    os = ASN1_item_pack(pss, ASN1_ITEM_rptr(RSA_PSS_PARAMS), NULL);
+    RSA_PSS_PARAMS_free(pss);
+    return os;
+}
+
 /*
  * From PSS AlgorithmIdentifier set public key parameters. If pkey isn't NULL
  * then the EVP_MD_CTX is setup and initialised. If it is NULL parameters are
@@ -497,51 +643,21 @@ static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx,
     int saltlen;
     const EVP_MD *mgf1md = NULL, *md = NULL;
     RSA_PSS_PARAMS *pss;
-    X509_ALGOR *maskHash;
+
     /* Sanity check: make sure it is PSS */
-    if (OBJ_obj2nid(sigalg->algorithm) != NID_rsassaPss) {
+    if (OBJ_obj2nid(sigalg->algorithm) != EVP_PKEY_RSA_PSS) {
         RSAerr(RSA_F_RSA_PSS_TO_CTX, RSA_R_UNSUPPORTED_SIGNATURE_TYPE);
         return -1;
     }
     /* Decode PSS parameters */
-    pss = rsa_pss_decode(sigalg, &maskHash);
+    pss = rsa_pss_decode(sigalg);
 
-    if (pss == NULL) {
+    if (!rsa_pss_get_param(pss, &md, &mgf1md, &saltlen)) {
         RSAerr(RSA_F_RSA_PSS_TO_CTX, RSA_R_INVALID_PSS_PARAMETERS);
         goto err;
     }
-    mgf1md = rsa_mgf1_to_md(pss->maskGenAlgorithm, maskHash);
-    if (!mgf1md)
-        goto err;
-    md = rsa_algor_to_md(pss->hashAlgorithm);
-    if (!md)
-        goto err;
-
-    if (pss->saltLength) {
-        saltlen = ASN1_INTEGER_get(pss->saltLength);
-
-        /*
-         * Could perform more salt length sanity checks but the main RSA
-         * routines will trap other invalid values anyway.
-         */
-        if (saltlen < 0) {
-            RSAerr(RSA_F_RSA_PSS_TO_CTX, RSA_R_INVALID_SALT_LENGTH);
-            goto err;
-        }
-    } else
-        saltlen = 20;
-
-    /*
-     * low-level routines support only trailer field 0xbc (value 1) and
-     * PKCS#1 says we should reject any other value anyway.
-     */
-    if (pss->trailerField && ASN1_INTEGER_get(pss->trailerField) != 1) {
-        RSAerr(RSA_F_RSA_PSS_TO_CTX, RSA_R_INVALID_TRAILER);
-        goto err;
-    }
 
     /* We have all parameters now set up context */
-
     if (pkey) {
         if (!EVP_DigestVerifyInit(ctx, &pkctx, md, NULL, pkey))
             goto err;
@@ -568,22 +684,60 @@ static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx,
 
  err:
     RSA_PSS_PARAMS_free(pss);
-    X509_ALGOR_free(maskHash);
     return rv;
 }
 
+int rsa_pss_get_param(const RSA_PSS_PARAMS *pss, const EVP_MD **pmd,
+                      const EVP_MD **pmgf1md, int *psaltlen)
+{
+    if (pss == NULL)
+        return 0;
+    *pmd = rsa_algor_to_md(pss->hashAlgorithm);
+    if (*pmd == NULL)
+        return 0;
+    *pmgf1md = rsa_algor_to_md(pss->maskHash);
+    if (*pmgf1md == NULL)
+        return 0;
+    if (pss->saltLength) {
+        *psaltlen = ASN1_INTEGER_get(pss->saltLength);
+        if (*psaltlen < 0) {
+            RSAerr(RSA_F_RSA_PSS_GET_PARAM, RSA_R_INVALID_SALT_LENGTH);
+            return 0;
+        }
+    } else {
+        *psaltlen = 20;
+    }
+
+    /*
+     * low-level routines support only trailer field 0xbc (value 1) and
+     * PKCS#1 says we should reject any other value anyway.
+     */
+    if (pss->trailerField && ASN1_INTEGER_get(pss->trailerField) != 1) {
+        RSAerr(RSA_F_RSA_PSS_GET_PARAM, RSA_R_INVALID_TRAILER);
+        return 0;
+    }
+
+    return 1;
+}
+
 #ifndef OPENSSL_NO_CMS
 static int rsa_cms_verify(CMS_SignerInfo *si)
 {
     int nid, nid2;
     X509_ALGOR *alg;
     EVP_PKEY_CTX *pkctx = CMS_SignerInfo_get0_pkey_ctx(si);
+
     CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg);
     nid = OBJ_obj2nid(alg->algorithm);
+    if (nid == EVP_PKEY_RSA_PSS)
+        return rsa_pss_to_ctx(NULL, pkctx, alg, NULL);
+    /* Only PSS allowed for PSS keys */
+    if (pkey_ctx_is_pss(pkctx)) {
+        RSAerr(RSA_F_RSA_CMS_VERIFY, RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);
+        return 0;
+    }
     if (nid == NID_rsaEncryption)
         return 1;
-    if (nid == NID_rsassaPss)
-        return rsa_pss_to_ctx(NULL, pkctx, alg, NULL);
     /* Workaround for some implementation that use a signature OID */
     if (OBJ_find_sigid_algs(nid, NULL, &nid2)) {
         if (nid2 == NID_rsaEncryption)
@@ -603,7 +757,7 @@ static int rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
                            EVP_PKEY *pkey)
 {
     /* Sanity check: make sure it is PSS */
-    if (OBJ_obj2nid(sigalg->algorithm) != NID_rsassaPss) {
+    if (OBJ_obj2nid(sigalg->algorithm) != EVP_PKEY_RSA_PSS) {
         RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_SIGNATURE_TYPE);
         return -1;
     }
@@ -621,6 +775,7 @@ static int rsa_cms_sign(CMS_SignerInfo *si)
     X509_ALGOR *alg;
     EVP_PKEY_CTX *pkctx = CMS_SignerInfo_get0_pkey_ctx(si);
     ASN1_STRING *os = NULL;
+
     CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg);
     if (pkctx) {
         if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0)
@@ -633,10 +788,10 @@ static int rsa_cms_sign(CMS_SignerInfo *si)
     /* We don't support it */
     if (pad_mode != RSA_PKCS1_PSS_PADDING)
         return 0;
-    os = rsa_ctx_to_pss(pkctx);
+    os = rsa_ctx_to_pss_string(pkctx);
     if (!os)
         return 0;
-    X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsassaPss), V_ASN1_SEQUENCE, os);
+    X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_PKEY_RSA_PSS), V_ASN1_SEQUENCE, os);
     return 1;
 }
 #endif
@@ -647,13 +802,14 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
 {
     int pad_mode;
     EVP_PKEY_CTX *pkctx = EVP_MD_CTX_pkey_ctx(ctx);
+
     if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0)
         return 0;
     if (pad_mode == RSA_PKCS1_PADDING)
         return 2;
     if (pad_mode == RSA_PKCS1_PSS_PADDING) {
         ASN1_STRING *os1 = NULL;
-        os1 = rsa_ctx_to_pss(pkctx);
+        os1 = rsa_ctx_to_pss_string(pkctx);
         if (!os1)
             return 0;
         /* Duplicate parameters if we have to */
@@ -663,33 +819,70 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
                 ASN1_STRING_free(os1);
                 return 0;
             }
-            X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_rsassaPss),
+            X509_ALGOR_set0(alg2, OBJ_nid2obj(EVP_PKEY_RSA_PSS),
                             V_ASN1_SEQUENCE, os2);
         }
-        X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_rsassaPss),
+        X509_ALGOR_set0(alg1, OBJ_nid2obj(EVP_PKEY_RSA_PSS),
                         V_ASN1_SEQUENCE, os1);
         return 3;
     }
     return 2;
 }
 
-#ifndef OPENSSL_NO_CMS
-static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg,
-                                        X509_ALGOR **pmaskHash)
+static int rsa_sig_info_set(X509_SIG_INFO *siginf, const X509_ALGOR *sigalg,
+                            const ASN1_STRING *sig)
 {
-    RSA_OAEP_PARAMS *pss;
+    int rv = 0;
+    int mdnid, saltlen;
+    uint32_t flags;
+    const EVP_MD *mgf1md = NULL, *md = NULL;
+    RSA_PSS_PARAMS *pss;
 
-    *pmaskHash = NULL;
+    /* Sanity check: make sure it is PSS */
+    if (OBJ_obj2nid(sigalg->algorithm) != EVP_PKEY_RSA_PSS)
+        return 0;
+    /* Decode PSS parameters */
+    pss = rsa_pss_decode(sigalg);
+    if (!rsa_pss_get_param(pss, &md, &mgf1md, &saltlen))
+        goto err;
+    mdnid = EVP_MD_type(md);
+    /*
+     * For TLS need SHA256, SHA384 or SHA512, digest and MGF1 digest must
+     * match and salt length must equal digest size
+     */
+    if ((mdnid == NID_sha256 || mdnid == NID_sha384 || mdnid == NID_sha512)
+            && mdnid == EVP_MD_type(mgf1md) && saltlen == EVP_MD_size(md))
+        flags = X509_SIG_INFO_TLS;
+    else
+        flags = 0;
+    /* Note: security bits half number of digest bits */
+    X509_SIG_INFO_set(siginf, mdnid, EVP_PKEY_RSA_PSS, EVP_MD_size(md) * 4,
+                      flags);
+    rv = 1;
+    err:
+    RSA_PSS_PARAMS_free(pss);
+    return rv;
+}
 
-    pss = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(RSA_OAEP_PARAMS),
-                                    alg->parameter);
+#ifndef OPENSSL_NO_CMS
+static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg)
+{
+    RSA_OAEP_PARAMS *oaep;
 
-    if (!pss)
-        return NULL;
+    oaep = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(RSA_OAEP_PARAMS),
+                                     alg->parameter);
 
-    *pmaskHash = rsa_mgf1_decode(pss->maskGenFunc);
+    if (oaep == NULL)
+        return NULL;
 
-    return pss;
+    if (oaep->maskGenFunc != NULL) {
+        oaep->maskHash = rsa_mgf1_decode(oaep->maskGenFunc);
+        if (oaep->maskHash == NULL) {
+            RSA_OAEP_PARAMS_free(oaep);
+            return NULL;
+        }
+    }
+    return oaep;
 }
 
 static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
@@ -702,9 +895,9 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
     int labellen = 0;
     const EVP_MD *mgf1md = NULL, *md = NULL;
     RSA_OAEP_PARAMS *oaep;
-    X509_ALGOR *maskHash;
+
     pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
-    if (!pkctx)
+    if (pkctx == NULL)
         return 0;
     if (!CMS_RecipientInfo_ktri_get0_algs(ri, NULL, NULL, &cmsalg))
         return -1;
@@ -716,22 +909,23 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
         return -1;
     }
     /* Decode OAEP parameters */
-    oaep = rsa_oaep_decode(cmsalg, &maskHash);
+    oaep = rsa_oaep_decode(cmsalg);
 
     if (oaep == NULL) {
         RSAerr(RSA_F_RSA_CMS_DECRYPT, RSA_R_INVALID_OAEP_PARAMETERS);
         goto err;
     }
 
-    mgf1md = rsa_mgf1_to_md(oaep->maskGenFunc, maskHash);
-    if (!mgf1md)
+    mgf1md = rsa_algor_to_md(oaep->maskHash);
+    if (mgf1md == NULL)
         goto err;
     md = rsa_algor_to_md(oaep->hashFunc);
-    if (!md)
+    if (md == NULL)
         goto err;
 
-    if (oaep->pSourceFunc) {
+    if (oaep->pSourceFunc != NULL) {
         X509_ALGOR *plab = oaep->pSourceFunc;
+
         if (OBJ_obj2nid(plab->algorithm) != NID_pSpecified) {
             RSAerr(RSA_F_RSA_CMS_DECRYPT, RSA_R_UNSUPPORTED_LABEL_SOURCE);
             goto err;
@@ -760,7 +954,6 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
 
  err:
     RSA_OAEP_PARAMS_free(oaep);
-    X509_ALGOR_free(maskHash);
     return rv;
 }
 
@@ -773,6 +966,7 @@ static int rsa_cms_encrypt(CMS_RecipientInfo *ri)
     EVP_PKEY_CTX *pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
     int pad_mode = RSA_PKCS1_PADDING, rv = 0, labellen;
     unsigned char *label;
+
     if (CMS_RecipientInfo_ktri_get0_algs(ri, NULL, NULL, &alg) <= 0)
         return 0;
     if (pkctx) {
@@ -828,6 +1022,11 @@ static int rsa_cms_encrypt(CMS_RecipientInfo *ri)
 }
 #endif
 
+static int rsa_pkey_check(const EVP_PKEY *pkey)
+{
+    return RSA_check_key_ex(pkey->pkey.rsa, NULL);
+}
+
 const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[2] = {
     {
      EVP_PKEY_RSA,
@@ -858,10 +1057,46 @@ const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[2] = {
      old_rsa_priv_decode,
      old_rsa_priv_encode,
      rsa_item_verify,
-     rsa_item_sign},
+     rsa_item_sign,
+     rsa_sig_info_set,
+     rsa_pkey_check
+    },
 
     {
      EVP_PKEY_RSA2,
      EVP_PKEY_RSA,
      ASN1_PKEY_ALIAS}
 };
+
+const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth = {
+     EVP_PKEY_RSA_PSS,
+     EVP_PKEY_RSA_PSS,
+     ASN1_PKEY_SIGPARAM_NULL,
+
+     "RSA-PSS",
+     "OpenSSL RSA-PSS method",
+
+     rsa_pub_decode,
+     rsa_pub_encode,
+     rsa_pub_cmp,
+     rsa_pub_print,
+
+     rsa_priv_decode,
+     rsa_priv_encode,
+     rsa_priv_print,
+
+     int_rsa_size,
+     rsa_bits,
+     rsa_security_bits,
+
+     0, 0, 0, 0, 0, 0,
+
+     rsa_sig_print,
+     int_rsa_free,
+     rsa_pkey_ctrl,
+     0, 0,
+     rsa_item_verify,
+     rsa_item_sign,
+     0,
+     rsa_pkey_check
+};
diff --git a/deps/openssl/openssl/crypto/rsa/rsa_asn1.c b/deps/openssl/openssl/crypto/rsa/rsa_asn1.c
index 20f8ebfa8a..9fe62c82eb 100644
--- a/deps/openssl/openssl/crypto/rsa/rsa_asn1.c
+++ b/deps/openssl/openssl/crypto/rsa/rsa_asn1.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -14,7 +14,11 @@
 #include <openssl/asn1t.h>
 #include "rsa_locl.h"
 
-/* Override the default free and new methods */
+/*
+ * Override the default free and new methods,
+ * and calculate helper products for multi-prime
+ * RSA keys.
+ */
 static int rsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
                   void *exarg)
 {
@@ -27,12 +31,25 @@ static int rsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
         RSA_free((RSA *)*pval);
         *pval = NULL;
         return 2;
+    } else if (operation == ASN1_OP_D2I_POST) {
+        if (((RSA *)*pval)->version != RSA_ASN1_VERSION_MULTI) {
+            /* not a multi-prime key, skip */
+            return 1;
+        }
+        return (rsa_multip_calc_product((RSA *)*pval) == 1) ? 2 : 0;
     }
     return 1;
 }
 
+/* Based on definitions in RFC 8017 appendix A.1.2 */
+ASN1_SEQUENCE(RSA_PRIME_INFO) = {
+        ASN1_SIMPLE(RSA_PRIME_INFO, r, CBIGNUM),
+        ASN1_SIMPLE(RSA_PRIME_INFO, d, CBIGNUM),
+        ASN1_SIMPLE(RSA_PRIME_INFO, t, CBIGNUM),
+} ASN1_SEQUENCE_END(RSA_PRIME_INFO)
+
 ASN1_SEQUENCE_cb(RSAPrivateKey, rsa_cb) = {
-        ASN1_SIMPLE(RSA, version, LONG),
+        ASN1_EMBED(RSA, version, INT32),
         ASN1_SIMPLE(RSA, n, BIGNUM),
         ASN1_SIMPLE(RSA, e, BIGNUM),
         ASN1_SIMPLE(RSA, d, CBIGNUM),
@@ -40,7 +57,8 @@ ASN1_SEQUENCE_cb(RSAPrivateKey, rsa_cb) = {
         ASN1_SIMPLE(RSA, q, CBIGNUM),
         ASN1_SIMPLE(RSA, dmp1, CBIGNUM),
         ASN1_SIMPLE(RSA, dmq1, CBIGNUM),
-        ASN1_SIMPLE(RSA, iqmp, CBIGNUM)
+        ASN1_SIMPLE(RSA, iqmp, CBIGNUM),
+        ASN1_SEQUENCE_OF_OPT(RSA, prime_infos, RSA_PRIME_INFO)
 } ASN1_SEQUENCE_END_cb(RSA, RSAPrivateKey)
 
 
@@ -49,20 +67,42 @@ ASN1_SEQUENCE_cb(RSAPublicKey, rsa_cb) = {
         ASN1_SIMPLE(RSA, e, BIGNUM),
 } ASN1_SEQUENCE_END_cb(RSA, RSAPublicKey)
 
-ASN1_SEQUENCE(RSA_PSS_PARAMS) = {
+/* Free up maskHash */
+static int rsa_pss_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                      void *exarg)
+{
+    if (operation == ASN1_OP_FREE_PRE) {
+        RSA_PSS_PARAMS *pss = (RSA_PSS_PARAMS *)*pval;
+        X509_ALGOR_free(pss->maskHash);
+    }
+    return 1;
+}
+
+ASN1_SEQUENCE_cb(RSA_PSS_PARAMS, rsa_pss_cb) = {
         ASN1_EXP_OPT(RSA_PSS_PARAMS, hashAlgorithm, X509_ALGOR,0),
         ASN1_EXP_OPT(RSA_PSS_PARAMS, maskGenAlgorithm, X509_ALGOR,1),
         ASN1_EXP_OPT(RSA_PSS_PARAMS, saltLength, ASN1_INTEGER,2),
         ASN1_EXP_OPT(RSA_PSS_PARAMS, trailerField, ASN1_INTEGER,3)
-} ASN1_SEQUENCE_END(RSA_PSS_PARAMS)
+} ASN1_SEQUENCE_END_cb(RSA_PSS_PARAMS, RSA_PSS_PARAMS)
 
 IMPLEMENT_ASN1_FUNCTIONS(RSA_PSS_PARAMS)
 
-ASN1_SEQUENCE(RSA_OAEP_PARAMS) = {
+/* Free up maskHash */
+static int rsa_oaep_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                       void *exarg)
+{
+    if (operation == ASN1_OP_FREE_PRE) {
+        RSA_OAEP_PARAMS *oaep = (RSA_OAEP_PARAMS *)*pval;
+        X509_ALGOR_free(oaep->maskHash);
+    }
+    return 1;
+}
+
+ASN1_SEQUENCE_cb(RSA_OAEP_PARAMS, rsa_oaep_cb) = {
         ASN1_EXP_OPT(RSA_OAEP_PARAMS, hashFunc, X509_ALGOR, 0),
         ASN1_EXP_OPT(RSA_OAEP_PARAMS, maskGenFunc, X509_ALGOR, 1),
         ASN1_EXP_OPT(RSA_OAEP_PARAMS, pSourceFunc, X509_ALGOR, 2),
-} ASN1_SEQUENCE_END(RSA_OAEP_PARAMS)
+} ASN1_SEQUENCE_END_cb(RSA_OAEP_PARAMS, RSA_OAEP_PARAMS)
 
 IMPLEMENT_ASN1_FUNCTIONS(RSA_OAEP_PARAMS)
 
diff --git a/deps/openssl/openssl/crypto/rsa/rsa_chk.c b/deps/openssl/openssl/crypto/rsa/rsa_chk.c
index 00260fb18e..1b69be30ca 100644
--- a/deps/openssl/openssl/crypto/rsa/rsa_chk.c
+++ b/deps/openssl/openssl/crypto/rsa/rsa_chk.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -20,7 +20,8 @@ int RSA_check_key_ex(const RSA *key, BN_GENCB *cb)
 {
     BIGNUM *i, *j, *k, *l, *m;
     BN_CTX *ctx;
-    int ret = 1;
+    int ret = 1, ex_primes = 0, idx;
+    RSA_PRIME_INFO *pinfo;
 
     if (key->p == NULL || key->q == NULL || key->n == NULL
             || key->e == NULL || key->d == NULL) {
@@ -28,6 +29,16 @@ int RSA_check_key_ex(const RSA *key, BN_GENCB *cb)
         return 0;
     }
 
+    /* multi-prime? */
+    if (key->version == RSA_ASN1_VERSION_MULTI) {
+        ex_primes = sk_RSA_PRIME_INFO_num(key->prime_infos);
+        if (ex_primes <= 0
+                || (ex_primes + 2) > rsa_multip_cap(BN_num_bits(key->n))) {
+            RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_INVALID_MULTI_PRIME_KEY);
+            return 0;
+        }
+    }
+
     i = BN_new();
     j = BN_new();
     k = BN_new();
@@ -62,17 +73,37 @@ int RSA_check_key_ex(const RSA *key, BN_GENCB *cb)
         RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_Q_NOT_PRIME);
     }
 
-    /* n = p*q? */
+    /* r_i prime? */
+    for (idx = 0; idx < ex_primes; idx++) {
+        pinfo = sk_RSA_PRIME_INFO_value(key->prime_infos, idx);
+        if (BN_is_prime_ex(pinfo->r, BN_prime_checks, NULL, cb) != 1) {
+            ret = 0;
+            RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_MP_R_NOT_PRIME);
+        }
+    }
+
+    /* n = p*q * r_3...r_i? */
     if (!BN_mul(i, key->p, key->q, ctx)) {
         ret = -1;
         goto err;
     }
+    for (idx = 0; idx < ex_primes; idx++) {
+        pinfo = sk_RSA_PRIME_INFO_value(key->prime_infos, idx);
+        if (!BN_mul(i, i, pinfo->r, ctx)) {
+            ret = -1;
+            goto err;
+        }
+    }
     if (BN_cmp(i, key->n) != 0) {
         ret = 0;
-        RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_N_DOES_NOT_EQUAL_P_Q);
+        if (ex_primes)
+            RSAerr(RSA_F_RSA_CHECK_KEY_EX,
+                   RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES);
+        else
+            RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_N_DOES_NOT_EQUAL_P_Q);
     }
 
-    /* d*e = 1  mod lcm(p-1,q-1)? */
+    /* d*e = 1  mod \lambda(n)? */
     if (!BN_sub(i, key->p, BN_value_one())) {
         ret = -1;
         goto err;
@@ -82,7 +113,7 @@ int RSA_check_key_ex(const RSA *key, BN_GENCB *cb)
         goto err;
     }
 
-    /* now compute k = lcm(i,j) */
+    /* now compute k = \lambda(n) = LCM(i, j, r_3 - 1...) */
     if (!BN_mul(l, i, j, ctx)) {
         ret = -1;
         goto err;
@@ -91,6 +122,21 @@ int RSA_check_key_ex(const RSA *key, BN_GENCB *cb)
         ret = -1;
         goto err;
     }
+    for (idx = 0; idx < ex_primes; idx++) {
+        pinfo = sk_RSA_PRIME_INFO_value(key->prime_infos, idx);
+        if (!BN_sub(k, pinfo->r, BN_value_one())) {
+            ret = -1;
+            goto err;
+        }
+        if (!BN_mul(l, l, k, ctx)) {
+            ret = -1;
+            goto err;
+        }
+        if (!BN_gcd(m, m, k, ctx)) {
+            ret = -1;
+            goto err;
+        }
+    }
     if (!BN_div(k, NULL, l, m, ctx)) { /* remainder is 0 */
         ret = -1;
         goto err;
@@ -145,6 +191,32 @@ int RSA_check_key_ex(const RSA *key, BN_GENCB *cb)
         }
     }
 
+    for (idx = 0; idx < ex_primes; idx++) {
+        pinfo = sk_RSA_PRIME_INFO_value(key->prime_infos, idx);
+        /* d_i = d mod (r_i - 1)? */
+        if (!BN_sub(i, pinfo->r, BN_value_one())) {
+            ret = -1;
+            goto err;
+        }
+        if (!BN_mod(j, key->d, i, ctx)) {
+            ret = -1;
+            goto err;
+        }
+        if (BN_cmp(j, pinfo->d) != 0) {
+            ret = 0;
+            RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D);
+        }
+        /* t_i = R_i ^ -1 mod r_i ? */
+        if (!BN_mod_inverse(i, pinfo->pp, pinfo->r, ctx)) {
+            ret = -1;
+            goto err;
+        }
+        if (BN_cmp(i, pinfo->t) != 0) {
+            ret = 0;
+            RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R);
+        }
+    }
+
  err:
     BN_free(i);
     BN_free(j);
diff --git a/deps/openssl/openssl/crypto/rsa/rsa_crpt.c b/deps/openssl/openssl/crypto/rsa/rsa_crpt.c
index 9cd733b2c3..f4ef8b4381 100644
--- a/deps/openssl/openssl/crypto/rsa/rsa_crpt.c
+++ b/deps/openssl/openssl/crypto/rsa/rsa_crpt.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -10,48 +10,47 @@
 #include <stdio.h>
 #include <openssl/crypto.h>
 #include "internal/cryptlib.h"
-#include <openssl/lhash.h>
 #include "internal/bn_int.h"
 #include <openssl/rand.h>
 #include "rsa_locl.h"
 
 int RSA_bits(const RSA *r)
 {
-    return (BN_num_bits(r->n));
+    return BN_num_bits(r->n);
 }
 
 int RSA_size(const RSA *r)
 {
-    return (BN_num_bytes(r->n));
+    return BN_num_bytes(r->n);
 }
 
 int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
                        RSA *rsa, int padding)
 {
-    return (rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding));
+    return rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding);
 }
 
 int RSA_private_encrypt(int flen, const unsigned char *from,
                         unsigned char *to, RSA *rsa, int padding)
 {
-    return (rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding));
+    return rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding);
 }
 
 int RSA_private_decrypt(int flen, const unsigned char *from,
                         unsigned char *to, RSA *rsa, int padding)
 {
-    return (rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding));
+    return rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding);
 }
 
 int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
                        RSA *rsa, int padding)
 {
-    return (rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding));
+    return rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding);
 }
 
 int RSA_flags(const RSA *r)
 {
-    return ((r == NULL) ? 0 : r->meth->flags);
+    return r == NULL ? 0 : r->meth->flags;
 }
 
 void RSA_blinding_off(RSA *rsa)
@@ -77,7 +76,7 @@ int RSA_blinding_on(RSA *rsa, BN_CTX *ctx)
     rsa->flags &= ~RSA_FLAG_NO_BLINDING;
     ret = 1;
  err:
-    return (ret);
+    return ret;
 }
 
 static BIGNUM *rsa_get_public_exp(const BIGNUM *d, const BIGNUM *p,
@@ -117,8 +116,9 @@ BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
     if (in_ctx == NULL) {
         if ((ctx = BN_CTX_new()) == NULL)
             return 0;
-    } else
+    } else {
         ctx = in_ctx;
+    }
 
     BN_CTX_start(ctx);
     e = BN_CTX_get(ctx);
@@ -133,17 +133,8 @@ BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
             RSAerr(RSA_F_RSA_SETUP_BLINDING, RSA_R_NO_PUBLIC_EXPONENT);
             goto err;
         }
-    } else
+    } else {
         e = rsa->e;
-
-    if ((RAND_status() == 0) && rsa->d != NULL
-        && bn_get_words(rsa->d) != NULL) {
-        /*
-         * if PRNG is not properly seeded, resort to secret exponent as
-         * unpredictable seed
-         */
-        RAND_add(bn_get_words(rsa->d), bn_get_dmax(rsa->d) * sizeof(BN_ULONG),
-                 0.0);
     }
 
     {
diff --git a/deps/openssl/openssl/crypto/rsa/rsa_err.c b/deps/openssl/openssl/crypto/rsa/rsa_err.c
index bf54095b70..62fd9e0b11 100644
--- a/deps/openssl/openssl/crypto/rsa/rsa_err.c
+++ b/deps/openssl/openssl/crypto/rsa/rsa_err.c
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -8,165 +8,227 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
 #include <openssl/err.h>
-#include <openssl/rsa.h>
+#include <openssl/rsaerr.h>
 
-/* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_RSA,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_RSA,0,reason)
-
-static ERR_STRING_DATA RSA_str_functs[] = {
-    {ERR_FUNC(RSA_F_CHECK_PADDING_MD), "check_padding_md"},
-    {ERR_FUNC(RSA_F_ENCODE_PKCS1), "encode_pkcs1"},
-    {ERR_FUNC(RSA_F_INT_RSA_VERIFY), "int_rsa_verify"},
-    {ERR_FUNC(RSA_F_OLD_RSA_PRIV_DECODE), "old_rsa_priv_decode"},
-    {ERR_FUNC(RSA_F_PKEY_RSA_CTRL), "pkey_rsa_ctrl"},
-    {ERR_FUNC(RSA_F_PKEY_RSA_CTRL_STR), "pkey_rsa_ctrl_str"},
-    {ERR_FUNC(RSA_F_PKEY_RSA_SIGN), "pkey_rsa_sign"},
-    {ERR_FUNC(RSA_F_PKEY_RSA_VERIFY), "pkey_rsa_verify"},
-    {ERR_FUNC(RSA_F_PKEY_RSA_VERIFYRECOVER), "pkey_rsa_verifyrecover"},
-    {ERR_FUNC(RSA_F_RSA_ALGOR_TO_MD), "rsa_algor_to_md"},
-    {ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN), "rsa_builtin_keygen"},
-    {ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"},
-    {ERR_FUNC(RSA_F_RSA_CHECK_KEY_EX), "RSA_check_key_ex"},
-    {ERR_FUNC(RSA_F_RSA_CMS_DECRYPT), "rsa_cms_decrypt"},
-    {ERR_FUNC(RSA_F_RSA_ITEM_VERIFY), "rsa_item_verify"},
-    {ERR_FUNC(RSA_F_RSA_METH_DUP), "RSA_meth_dup"},
-    {ERR_FUNC(RSA_F_RSA_METH_NEW), "RSA_meth_new"},
-    {ERR_FUNC(RSA_F_RSA_METH_SET1_NAME), "RSA_meth_set1_name"},
-    {ERR_FUNC(RSA_F_RSA_MGF1_TO_MD), "rsa_mgf1_to_md"},
-    {ERR_FUNC(RSA_F_RSA_NEW_METHOD), "RSA_new_method"},
-    {ERR_FUNC(RSA_F_RSA_NULL), "RSA_NULL"},
-    {ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_DECRYPT), "RSA_null_private_decrypt"},
-    {ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_ENCRYPT), "RSA_null_private_encrypt"},
-    {ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_DECRYPT), "RSA_null_public_decrypt"},
-    {ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_ENCRYPT), "RSA_null_public_encrypt"},
-    {ERR_FUNC(RSA_F_RSA_OSSL_PRIVATE_DECRYPT), "rsa_ossl_private_decrypt"},
-    {ERR_FUNC(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT), "rsa_ossl_private_encrypt"},
-    {ERR_FUNC(RSA_F_RSA_OSSL_PUBLIC_DECRYPT), "rsa_ossl_public_decrypt"},
-    {ERR_FUNC(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT), "rsa_ossl_public_encrypt"},
-    {ERR_FUNC(RSA_F_RSA_PADDING_ADD_NONE), "RSA_padding_add_none"},
-    {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP),
+static const ERR_STRING_DATA RSA_str_functs[] = {
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_CHECK_PADDING_MD, 0), "check_padding_md"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_ENCODE_PKCS1, 0), "encode_pkcs1"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_INT_RSA_VERIFY, 0), "int_rsa_verify"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_OLD_RSA_PRIV_DECODE, 0),
+     "old_rsa_priv_decode"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_PKEY_PSS_INIT, 0), "pkey_pss_init"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_PKEY_RSA_CTRL, 0), "pkey_rsa_ctrl"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_PKEY_RSA_CTRL_STR, 0), "pkey_rsa_ctrl_str"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_PKEY_RSA_SIGN, 0), "pkey_rsa_sign"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_PKEY_RSA_VERIFY, 0), "pkey_rsa_verify"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_PKEY_RSA_VERIFYRECOVER, 0),
+     "pkey_rsa_verifyrecover"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_ALGOR_TO_MD, 0), "rsa_algor_to_md"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_BUILTIN_KEYGEN, 0), "rsa_builtin_keygen"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_CHECK_KEY, 0), "RSA_check_key"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_CHECK_KEY_EX, 0), "RSA_check_key_ex"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_CMS_DECRYPT, 0), "rsa_cms_decrypt"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_CMS_VERIFY, 0), "rsa_cms_verify"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_ITEM_VERIFY, 0), "rsa_item_verify"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_METH_DUP, 0), "RSA_meth_dup"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_METH_NEW, 0), "RSA_meth_new"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_METH_SET1_NAME, 0), "RSA_meth_set1_name"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_MGF1_TO_MD, 0), ""},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_MULTIP_INFO_NEW, 0),
+     "rsa_multip_info_new"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_NEW_METHOD, 0), "RSA_new_method"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_NULL, 0), ""},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_NULL_PRIVATE_DECRYPT, 0), ""},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_NULL_PRIVATE_ENCRYPT, 0), ""},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_NULL_PUBLIC_DECRYPT, 0), ""},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_NULL_PUBLIC_ENCRYPT, 0), ""},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_OSSL_PRIVATE_DECRYPT, 0),
+     "rsa_ossl_private_decrypt"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, 0),
+     "rsa_ossl_private_encrypt"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_OSSL_PUBLIC_DECRYPT, 0),
+     "rsa_ossl_public_decrypt"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, 0),
+     "rsa_ossl_public_encrypt"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_ADD_NONE, 0),
+     "RSA_padding_add_none"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, 0),
      "RSA_padding_add_PKCS1_OAEP"},
-    {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1),
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1, 0),
      "RSA_padding_add_PKCS1_OAEP_mgf1"},
-    {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS), "RSA_padding_add_PKCS1_PSS"},
-    {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1),
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_ADD_PKCS1_PSS, 0),
+     "RSA_padding_add_PKCS1_PSS"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1, 0),
      "RSA_padding_add_PKCS1_PSS_mgf1"},
-    {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1),
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1, 0),
      "RSA_padding_add_PKCS1_type_1"},
-    {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2),
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2, 0),
      "RSA_padding_add_PKCS1_type_2"},
-    {ERR_FUNC(RSA_F_RSA_PADDING_ADD_SSLV23), "RSA_padding_add_SSLv23"},
-    {ERR_FUNC(RSA_F_RSA_PADDING_ADD_X931), "RSA_padding_add_X931"},
-    {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_NONE), "RSA_padding_check_none"},
-    {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP),
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_ADD_SSLV23, 0),
+     "RSA_padding_add_SSLv23"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_ADD_X931, 0),
+     "RSA_padding_add_X931"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_CHECK_NONE, 0),
+     "RSA_padding_check_none"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, 0),
      "RSA_padding_check_PKCS1_OAEP"},
-    {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1),
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1, 0),
      "RSA_padding_check_PKCS1_OAEP_mgf1"},
-    {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1),
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1, 0),
      "RSA_padding_check_PKCS1_type_1"},
-    {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2),
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, 0),
      "RSA_padding_check_PKCS1_type_2"},
-    {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_SSLV23), "RSA_padding_check_SSLv23"},
-    {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931), "RSA_padding_check_X931"},
-    {ERR_FUNC(RSA_F_RSA_PRINT), "RSA_print"},
-    {ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"},
-    {ERR_FUNC(RSA_F_RSA_PRIV_ENCODE), "rsa_priv_encode"},
-    {ERR_FUNC(RSA_F_RSA_PSS_TO_CTX), "rsa_pss_to_ctx"},
-    {ERR_FUNC(RSA_F_RSA_PUB_DECODE), "rsa_pub_decode"},
-    {ERR_FUNC(RSA_F_RSA_SETUP_BLINDING), "RSA_setup_blinding"},
-    {ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"},
-    {ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING),
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_CHECK_SSLV23, 0),
+     "RSA_padding_check_SSLv23"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_CHECK_X931, 0),
+     "RSA_padding_check_X931"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PARAM_DECODE, 0), "rsa_param_decode"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRINT, 0), "RSA_print"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRINT_FP, 0), "RSA_print_fp"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRIV_DECODE, 0), "rsa_priv_decode"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRIV_ENCODE, 0), "rsa_priv_encode"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PSS_GET_PARAM, 0), "rsa_pss_get_param"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PSS_TO_CTX, 0), "rsa_pss_to_ctx"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PUB_DECODE, 0), "rsa_pub_decode"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SETUP_BLINDING, 0), "RSA_setup_blinding"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SIGN, 0), "RSA_sign"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SIGN_ASN1_OCTET_STRING, 0),
      "RSA_sign_ASN1_OCTET_STRING"},
-    {ERR_FUNC(RSA_F_RSA_VERIFY), "RSA_verify"},
-    {ERR_FUNC(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING),
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_VERIFY, 0), "RSA_verify"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_VERIFY_ASN1_OCTET_STRING, 0),
      "RSA_verify_ASN1_OCTET_STRING"},
-    {ERR_FUNC(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1), "RSA_verify_PKCS1_PSS_mgf1"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, 0),
+     "RSA_verify_PKCS1_PSS_mgf1"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_SETUP_TBUF, 0), "setup_tbuf"},
     {0, NULL}
 };
 
-static ERR_STRING_DATA RSA_str_reasons[] = {
-    {ERR_REASON(RSA_R_ALGORITHM_MISMATCH), "algorithm mismatch"},
-    {ERR_REASON(RSA_R_BAD_E_VALUE), "bad e value"},
-    {ERR_REASON(RSA_R_BAD_FIXED_HEADER_DECRYPT), "bad fixed header decrypt"},
-    {ERR_REASON(RSA_R_BAD_PAD_BYTE_COUNT), "bad pad byte count"},
-    {ERR_REASON(RSA_R_BAD_SIGNATURE), "bad signature"},
-    {ERR_REASON(RSA_R_BLOCK_TYPE_IS_NOT_01), "block type is not 01"},
-    {ERR_REASON(RSA_R_BLOCK_TYPE_IS_NOT_02), "block type is not 02"},
-    {ERR_REASON(RSA_R_DATA_GREATER_THAN_MOD_LEN),
-     "data greater than mod len"},
-    {ERR_REASON(RSA_R_DATA_TOO_LARGE), "data too large"},
-    {ERR_REASON(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),
-     "data too large for key size"},
-    {ERR_REASON(RSA_R_DATA_TOO_LARGE_FOR_MODULUS),
-     "data too large for modulus"},
-    {ERR_REASON(RSA_R_DATA_TOO_SMALL), "data too small"},
-    {ERR_REASON(RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE),
-     "data too small for key size"},
-    {ERR_REASON(RSA_R_DIGEST_DOES_NOT_MATCH), "digest does not match"},
-    {ERR_REASON(RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY),
-     "digest too big for rsa key"},
-    {ERR_REASON(RSA_R_DMP1_NOT_CONGRUENT_TO_D), "dmp1 not congruent to d"},
-    {ERR_REASON(RSA_R_DMQ1_NOT_CONGRUENT_TO_D), "dmq1 not congruent to d"},
-    {ERR_REASON(RSA_R_D_E_NOT_CONGRUENT_TO_1), "d e not congruent to 1"},
-    {ERR_REASON(RSA_R_FIRST_OCTET_INVALID), "first octet invalid"},
-    {ERR_REASON(RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE),
-     "illegal or unsupported padding mode"},
-    {ERR_REASON(RSA_R_INVALID_DIGEST), "invalid digest"},
-    {ERR_REASON(RSA_R_INVALID_DIGEST_LENGTH), "invalid digest length"},
-    {ERR_REASON(RSA_R_INVALID_HEADER), "invalid header"},
-    {ERR_REASON(RSA_R_INVALID_LABEL), "invalid label"},
-    {ERR_REASON(RSA_R_INVALID_MESSAGE_LENGTH), "invalid message length"},
-    {ERR_REASON(RSA_R_INVALID_MGF1_MD), "invalid mgf1 md"},
-    {ERR_REASON(RSA_R_INVALID_OAEP_PARAMETERS), "invalid oaep parameters"},
-    {ERR_REASON(RSA_R_INVALID_PADDING), "invalid padding"},
-    {ERR_REASON(RSA_R_INVALID_PADDING_MODE), "invalid padding mode"},
-    {ERR_REASON(RSA_R_INVALID_PSS_PARAMETERS), "invalid pss parameters"},
-    {ERR_REASON(RSA_R_INVALID_PSS_SALTLEN), "invalid pss saltlen"},
-    {ERR_REASON(RSA_R_INVALID_SALT_LENGTH), "invalid salt length"},
-    {ERR_REASON(RSA_R_INVALID_TRAILER), "invalid trailer"},
-    {ERR_REASON(RSA_R_INVALID_X931_DIGEST), "invalid x931 digest"},
-    {ERR_REASON(RSA_R_IQMP_NOT_INVERSE_OF_Q), "iqmp not inverse of q"},
-    {ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL), "key size too small"},
-    {ERR_REASON(RSA_R_LAST_OCTET_INVALID), "last octet invalid"},
-    {ERR_REASON(RSA_R_MODULUS_TOO_LARGE), "modulus too large"},
-    {ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT), "no public exponent"},
-    {ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),
-     "null before block missing"},
-    {ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q), "n does not equal p q"},
-    {ERR_REASON(RSA_R_OAEP_DECODING_ERROR), "oaep decoding error"},
-    {ERR_REASON(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),
-     "operation not supported for this keytype"},
-    {ERR_REASON(RSA_R_PADDING_CHECK_FAILED), "padding check failed"},
-    {ERR_REASON(RSA_R_PKCS_DECODING_ERROR), "pkcs decoding error"},
-    {ERR_REASON(RSA_R_P_NOT_PRIME), "p not prime"},
-    {ERR_REASON(RSA_R_Q_NOT_PRIME), "q not prime"},
-    {ERR_REASON(RSA_R_RSA_OPERATIONS_NOT_SUPPORTED),
-     "rsa operations not supported"},
-    {ERR_REASON(RSA_R_SLEN_CHECK_FAILED), "salt length check failed"},
-    {ERR_REASON(RSA_R_SLEN_RECOVERY_FAILED), "salt length recovery failed"},
-    {ERR_REASON(RSA_R_SSLV3_ROLLBACK_ATTACK), "sslv3 rollback attack"},
-    {ERR_REASON(RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),
-     "the asn1 object identifier is not known for this md"},
-    {ERR_REASON(RSA_R_UNKNOWN_ALGORITHM_TYPE), "unknown algorithm type"},
-    {ERR_REASON(RSA_R_UNKNOWN_DIGEST), "unknown digest"},
-    {ERR_REASON(RSA_R_UNKNOWN_MASK_DIGEST), "unknown mask digest"},
-    {ERR_REASON(RSA_R_UNKNOWN_PADDING_TYPE), "unknown padding type"},
-    {ERR_REASON(RSA_R_UNSUPPORTED_ENCRYPTION_TYPE),
-     "unsupported encryption type"},
-    {ERR_REASON(RSA_R_UNSUPPORTED_LABEL_SOURCE), "unsupported label source"},
-    {ERR_REASON(RSA_R_UNSUPPORTED_MASK_ALGORITHM),
-     "unsupported mask algorithm"},
-    {ERR_REASON(RSA_R_UNSUPPORTED_MASK_PARAMETER),
-     "unsupported mask parameter"},
-    {ERR_REASON(RSA_R_UNSUPPORTED_SIGNATURE_TYPE),
-     "unsupported signature type"},
-    {ERR_REASON(RSA_R_VALUE_MISSING), "value missing"},
-    {ERR_REASON(RSA_R_WRONG_SIGNATURE_LENGTH), "wrong signature length"},
+static const ERR_STRING_DATA RSA_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_ALGORITHM_MISMATCH), "algorithm mismatch"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BAD_E_VALUE), "bad e value"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BAD_FIXED_HEADER_DECRYPT),
+    "bad fixed header decrypt"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BAD_PAD_BYTE_COUNT), "bad pad byte count"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BAD_SIGNATURE), "bad signature"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BLOCK_TYPE_IS_NOT_01),
+    "block type is not 01"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BLOCK_TYPE_IS_NOT_02),
+    "block type is not 02"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_GREATER_THAN_MOD_LEN),
+    "data greater than mod len"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_TOO_LARGE), "data too large"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),
+    "data too large for key size"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_TOO_LARGE_FOR_MODULUS),
+    "data too large for modulus"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_TOO_SMALL), "data too small"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE),
+    "data too small for key size"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DIGEST_DOES_NOT_MATCH),
+    "digest does not match"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DIGEST_NOT_ALLOWED), "digest not allowed"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY),
+    "digest too big for rsa key"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DMP1_NOT_CONGRUENT_TO_D),
+    "dmp1 not congruent to d"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DMQ1_NOT_CONGRUENT_TO_D),
+    "dmq1 not congruent to d"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_D_E_NOT_CONGRUENT_TO_1),
+    "d e not congruent to 1"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_FIRST_OCTET_INVALID),
+    "first octet invalid"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE),
+    "illegal or unsupported padding mode"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_DIGEST), "invalid digest"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_DIGEST_LENGTH),
+    "invalid digest length"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_HEADER), "invalid header"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_LABEL), "invalid label"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_MESSAGE_LENGTH),
+    "invalid message length"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_MGF1_MD), "invalid mgf1 md"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_MULTI_PRIME_KEY),
+    "invalid multi prime key"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_OAEP_PARAMETERS),
+    "invalid oaep parameters"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_PADDING), "invalid padding"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_PADDING_MODE),
+    "invalid padding mode"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_PSS_PARAMETERS),
+    "invalid pss parameters"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_PSS_SALTLEN),
+    "invalid pss saltlen"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_SALT_LENGTH),
+    "invalid salt length"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_TRAILER), "invalid trailer"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_X931_DIGEST),
+    "invalid x931 digest"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_IQMP_NOT_INVERSE_OF_Q),
+    "iqmp not inverse of q"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_KEY_PRIME_NUM_INVALID),
+    "key prime num invalid"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_KEY_SIZE_TOO_SMALL), "key size too small"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_LAST_OCTET_INVALID), "last octet invalid"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MGF1_DIGEST_NOT_ALLOWED),
+    "mgf1 digest not allowed"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MODULUS_TOO_LARGE), "modulus too large"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R),
+    "mp coefficient not inverse of r"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D),
+    "mp exponent not congruent to d"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MP_R_NOT_PRIME), "mp r not prime"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_NO_PUBLIC_EXPONENT), "no public exponent"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_NULL_BEFORE_BLOCK_MISSING),
+    "null before block missing"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES),
+    "n does not equal product of primes"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_N_DOES_NOT_EQUAL_P_Q),
+    "n does not equal p q"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_OAEP_DECODING_ERROR),
+    "oaep decoding error"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),
+    "operation not supported for this keytype"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_PADDING_CHECK_FAILED),
+    "padding check failed"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_PKCS_DECODING_ERROR),
+    "pkcs decoding error"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_PSS_SALTLEN_TOO_SMALL),
+    "pss saltlen too small"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_P_NOT_PRIME), "p not prime"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_Q_NOT_PRIME), "q not prime"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED),
+    "rsa operations not supported"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_SLEN_CHECK_FAILED),
+    "salt length check failed"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_SLEN_RECOVERY_FAILED),
+    "salt length recovery failed"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_SSLV3_ROLLBACK_ATTACK),
+    "sslv3 rollback attack"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),
+    "the asn1 object identifier is not known for this md"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNKNOWN_ALGORITHM_TYPE),
+    "unknown algorithm type"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNKNOWN_DIGEST), "unknown digest"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNKNOWN_MASK_DIGEST),
+    "unknown mask digest"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNKNOWN_PADDING_TYPE),
+    "unknown padding type"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_ENCRYPTION_TYPE),
+    "unsupported encryption type"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_LABEL_SOURCE),
+    "unsupported label source"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_MASK_ALGORITHM),
+    "unsupported mask algorithm"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_MASK_PARAMETER),
+    "unsupported mask parameter"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_SIGNATURE_TYPE),
+    "unsupported signature type"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_VALUE_MISSING), "value missing"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_WRONG_SIGNATURE_LENGTH),
+    "wrong signature length"},
     {0, NULL}
 };
 
@@ -175,10 +237,9 @@ static ERR_STRING_DATA RSA_str_reasons[] = {
 int ERR_load_RSA_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
-
     if (ERR_func_error_string(RSA_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, RSA_str_functs);
-        ERR_load_strings(0, RSA_str_reasons);
+        ERR_load_strings_const(RSA_str_functs);
+        ERR_load_strings_const(RSA_str_reasons);
     }
 #endif
     return 1;
diff --git a/deps/openssl/openssl/crypto/rsa/rsa_gen.c b/deps/openssl/openssl/crypto/rsa/rsa_gen.c
index 79f77e3eaf..7f0a256481 100644
--- a/deps/openssl/openssl/crypto/rsa/rsa_gen.c
+++ b/deps/openssl/openssl/crypto/rsa/rsa_gen.c
@@ -19,7 +19,7 @@
 #include <openssl/bn.h>
 #include "rsa_locl.h"
 
-static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
+static int rsa_builtin_keygen(RSA *rsa, int bits, int primes, BIGNUM *e_value,
                               BN_GENCB *cb);
 
 /*
@@ -31,29 +31,60 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
  */
 int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
 {
-    if (rsa->meth->rsa_keygen)
+    if (rsa->meth->rsa_keygen != NULL)
         return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
-    return rsa_builtin_keygen(rsa, bits, e_value, cb);
+
+    return RSA_generate_multi_prime_key(rsa, bits, RSA_DEFAULT_PRIME_NUM,
+                                        e_value, cb);
 }
 
-static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
+int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes,
+                                 BIGNUM *e_value, BN_GENCB *cb)
+{
+    /* multi-prime is only supported with the builtin key generation */
+    if (rsa->meth->rsa_multi_prime_keygen != NULL) {
+        return rsa->meth->rsa_multi_prime_keygen(rsa, bits, primes,
+                                                 e_value, cb);
+    } else if (rsa->meth->rsa_keygen != NULL) {
+        /*
+         * However, if rsa->meth implements only rsa_keygen, then we
+         * have to honour it in 2-prime case and assume that it wouldn't
+         * know what to do with multi-prime key generated by builtin
+         * subroutine...
+         */
+        if (primes == 2)
+            return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
+        else
+            return 0;
+    }
+
+    return rsa_builtin_keygen(rsa, bits, primes, e_value, cb);
+}
+
+static int rsa_builtin_keygen(RSA *rsa, int bits, int primes, BIGNUM *e_value,
                               BN_GENCB *cb)
 {
-    BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *r3 = NULL, *tmp;
-    int bitsp, bitsq, ok = -1, n = 0;
+    BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *tmp, *prime;
+    int ok = -1, n = 0, bitsr[RSA_MAX_PRIME_NUM], bitse = 0;
+    int i = 0, quo = 0, rmd = 0, adj = 0, retries = 0;
+    RSA_PRIME_INFO *pinfo = NULL;
+    STACK_OF(RSA_PRIME_INFO) *prime_infos = NULL;
     BN_CTX *ctx = NULL;
+    BN_ULONG bitst = 0;
     unsigned long error = 0;
 
-    /*
-     * When generating ridiculously small keys, we can get stuck
-     * continually regenerating the same prime values.
-     */
-    if (bits < 16) {
+    if (bits < RSA_MIN_MODULUS_BITS) {
         ok = 0;             /* we set our own err */
         RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, RSA_R_KEY_SIZE_TOO_SMALL);
         goto err;
     }
 
+    if (primes < RSA_DEFAULT_PRIME_NUM || primes > rsa_multip_cap(bits)) {
+        ok = 0;             /* we set our own err */
+        RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, RSA_R_KEY_PRIME_NUM_INVALID);
+        goto err;
+    }
+
     ctx = BN_CTX_new();
     if (ctx == NULL)
         goto err;
@@ -61,12 +92,15 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
     r0 = BN_CTX_get(ctx);
     r1 = BN_CTX_get(ctx);
     r2 = BN_CTX_get(ctx);
-    r3 = BN_CTX_get(ctx);
-    if (r3 == NULL)
+    if (r2 == NULL)
         goto err;
 
-    bitsp = (bits + 1) / 2;
-    bitsq = bits - bitsp;
+    /* divide bits into 'primes' pieces evenly */
+    quo = bits / primes;
+    rmd = bits % primes;
+
+    for (i = 0; i < primes; i++)
+        bitsr[i] = (i < rmd) ? quo + 1 : quo;
 
     /* We need the RSA components non-NULL */
     if (!rsa->n && ((rsa->n = BN_new()) == NULL))
@@ -86,83 +120,202 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
     if (!rsa->iqmp && ((rsa->iqmp = BN_secure_new()) == NULL))
         goto err;
 
-    if (BN_copy(rsa->e, e_value) == NULL)
-        goto err;
-
-    BN_set_flags(rsa->p, BN_FLG_CONSTTIME);
-    BN_set_flags(rsa->q, BN_FLG_CONSTTIME);
-    BN_set_flags(r2, BN_FLG_CONSTTIME);
-    /* generate p and q */
-    for (;;) {
-        if (!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb))
-            goto err;
-        if (!BN_sub(r2, rsa->p, BN_value_one()))
+    /* initialize multi-prime components */
+    if (primes > RSA_DEFAULT_PRIME_NUM) {
+        rsa->version = RSA_ASN1_VERSION_MULTI;
+        prime_infos = sk_RSA_PRIME_INFO_new_reserve(NULL, primes - 2);
+        if (prime_infos == NULL)
             goto err;
-        ERR_set_mark();
-        if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) {
-            /* GCD == 1 since inverse exists */
-            break;
+        if (rsa->prime_infos != NULL) {
+            /* could this happen? */
+            sk_RSA_PRIME_INFO_pop_free(rsa->prime_infos, rsa_multip_info_free);
         }
-        error = ERR_peek_last_error();
-        if (ERR_GET_LIB(error) == ERR_LIB_BN
-            && ERR_GET_REASON(error) == BN_R_NO_INVERSE) {
-            /* GCD != 1 */
-            ERR_pop_to_mark();
-        } else {
-            goto err;
+        rsa->prime_infos = prime_infos;
+
+        /* prime_info from 2 to |primes| -1 */
+        for (i = 2; i < primes; i++) {
+            pinfo = rsa_multip_info_new();
+            if (pinfo == NULL)
+                goto err;
+            (void)sk_RSA_PRIME_INFO_push(prime_infos, pinfo);
         }
-        if (!BN_GENCB_call(cb, 2, n++))
-            goto err;
     }
-    if (!BN_GENCB_call(cb, 3, 0))
+
+    if (BN_copy(rsa->e, e_value) == NULL)
         goto err;
-    for (;;) {
-        do {
-            if (!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb))
+
+    /* generate p, q and other primes (if any) */
+    for (i = 0; i < primes; i++) {
+        adj = 0;
+        retries = 0;
+
+        if (i == 0) {
+            prime = rsa->p;
+        } else if (i == 1) {
+            prime = rsa->q;
+        } else {
+            pinfo = sk_RSA_PRIME_INFO_value(prime_infos, i - 2);
+            prime = pinfo->r;
+        }
+        BN_set_flags(prime, BN_FLG_CONSTTIME);
+
+        for (;;) {
+ redo:
+            if (!BN_generate_prime_ex(prime, bitsr[i] + adj, 0, NULL, NULL, cb))
+                goto err;
+            /*
+             * prime should not be equal to p, q, r_3...
+             * (those primes prior to this one)
+             */
+            {
+                int j;
+
+                for (j = 0; j < i; j++) {
+                    BIGNUM *prev_prime;
+
+                    if (j == 0)
+                        prev_prime = rsa->p;
+                    else if (j == 1)
+                        prev_prime = rsa->q;
+                    else
+                        prev_prime = sk_RSA_PRIME_INFO_value(prime_infos,
+                                                             j - 2)->r;
+
+                    if (!BN_cmp(prime, prev_prime)) {
+                        goto redo;
+                    }
+                }
+            }
+            if (!BN_sub(r2, prime, BN_value_one()))
+                goto err;
+            ERR_set_mark();
+            BN_set_flags(r2, BN_FLG_CONSTTIME);
+            if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) {
+               /* GCD == 1 since inverse exists */
+                break;
+            }
+            error = ERR_peek_last_error();
+            if (ERR_GET_LIB(error) == ERR_LIB_BN
+                && ERR_GET_REASON(error) == BN_R_NO_INVERSE) {
+                /* GCD != 1 */
+                ERR_pop_to_mark();
+            } else {
+                goto err;
+            }
+            if (!BN_GENCB_call(cb, 2, n++))
                 goto err;
-        } while (BN_cmp(rsa->p, rsa->q) == 0);
-        if (!BN_sub(r2, rsa->q, BN_value_one()))
-            goto err;
-        ERR_set_mark();
-        if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) {
-            /* GCD == 1 since inverse exists */
-            break;
         }
-        error = ERR_peek_last_error();
-        if (ERR_GET_LIB(error) == ERR_LIB_BN
-            && ERR_GET_REASON(error) == BN_R_NO_INVERSE) {
-            /* GCD != 1 */
-            ERR_pop_to_mark();
+
+        bitse += bitsr[i];
+
+        /* calculate n immediately to see if it's sufficient */
+        if (i == 1) {
+            /* we get at least 2 primes */
+            if (!BN_mul(r1, rsa->p, rsa->q, ctx))
+                goto err;
+        } else if (i != 0) {
+            /* modulus n = p * q * r_3 * r_4 ... */
+            if (!BN_mul(r1, rsa->n, prime, ctx))
+                goto err;
         } else {
+            /* i == 0, do nothing */
+            if (!BN_GENCB_call(cb, 3, i))
+                goto err;
+            continue;
+        }
+        /*
+         * if |r1|, product of factors so far, is not as long as expected
+         * (by checking the first 4 bits are less than 0x9 or greater than
+         * 0xF). If so, re-generate the last prime.
+         *
+         * NOTE: This actually can't happen in two-prime case, because of
+         * the way factors are generated.
+         *
+         * Besides, another consideration is, for multi-prime case, even the
+         * length modulus is as long as expected, the modulus could start at
+         * 0x8, which could be utilized to distinguish a multi-prime private
+         * key by using the modulus in a certificate. This is also covered
+         * by checking the length should not be less than 0x9.
+         */
+        if (!BN_rshift(r2, r1, bitse - 4))
             goto err;
+        bitst = BN_get_word(r2);
+
+        if (bitst < 0x9 || bitst > 0xF) {
+            /*
+             * For keys with more than 4 primes, we attempt longer factor to
+             * meet length requirement.
+             *
+             * Otherwise, we just re-generate the prime with the same length.
+             *
+             * This strategy has the following goals:
+             *
+             * 1. 1024-bit factors are effcient when using 3072 and 4096-bit key
+             * 2. stay the same logic with normal 2-prime key
+             */
+            bitse -= bitsr[i];
+            if (!BN_GENCB_call(cb, 2, n++))
+                goto err;
+            if (primes > 4) {
+                if (bitst < 0x9)
+                    adj++;
+                else
+                    adj--;
+            } else if (retries == 4) {
+                /*
+                 * re-generate all primes from scratch, mainly used
+                 * in 4 prime case to avoid long loop. Max retry times
+                 * is set to 4.
+                 */
+                i = -1;
+                bitse = 0;
+                continue;
+            }
+            retries++;
+            goto redo;
         }
-        if (!BN_GENCB_call(cb, 2, n++))
+        /* save product of primes for further use, for multi-prime only */
+        if (i > 1 && BN_copy(pinfo->pp, rsa->n) == NULL)
+            goto err;
+        if (BN_copy(rsa->n, r1) == NULL)
+            goto err;
+        if (!BN_GENCB_call(cb, 3, i))
             goto err;
     }
-    if (!BN_GENCB_call(cb, 3, 1))
-        goto err;
+
     if (BN_cmp(rsa->p, rsa->q) < 0) {
         tmp = rsa->p;
         rsa->p = rsa->q;
         rsa->q = tmp;
     }
 
-    /* calculate n */
-    if (!BN_mul(rsa->n, rsa->p, rsa->q, ctx))
-        goto err;
-
     /* calculate d */
+
+    /* p - 1 */
     if (!BN_sub(r1, rsa->p, BN_value_one()))
-        goto err;               /* p-1 */
+        goto err;
+    /* q - 1 */
     if (!BN_sub(r2, rsa->q, BN_value_one()))
-        goto err;               /* q-1 */
+        goto err;
+    /* (p - 1)(q - 1) */
     if (!BN_mul(r0, r1, r2, ctx))
-        goto err;               /* (p-1)(q-1) */
+        goto err;
+    /* multi-prime */
+    for (i = 2; i < primes; i++) {
+        pinfo = sk_RSA_PRIME_INFO_value(prime_infos, i - 2);
+        /* save r_i - 1 to pinfo->d temporarily */
+        if (!BN_sub(pinfo->d, pinfo->r, BN_value_one()))
+            goto err;
+        if (!BN_mul(r0, r0, pinfo->d, ctx))
+            goto err;
+    }
+
     {
         BIGNUM *pr0 = BN_new();
 
         if (pr0 == NULL)
             goto err;
+
         BN_with_flags(pr0, r0, BN_FLG_CONSTTIME);
         if (!BN_mod_inverse(rsa->d, rsa->e, pr0, ctx)) {
             BN_free(pr0);
@@ -177,15 +330,26 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
 
         if (d == NULL)
             goto err;
+
         BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
 
-        if (   /* calculate d mod (p-1) */
-               !BN_mod(rsa->dmp1, d, r1, ctx)
-               /* calculate d mod (q-1) */
+        /* calculate d mod (p-1) and d mod (q - 1) */
+        if (!BN_mod(rsa->dmp1, d, r1, ctx)
             || !BN_mod(rsa->dmq1, d, r2, ctx)) {
             BN_free(d);
             goto err;
         }
+
+        /* calculate CRT exponents */
+        for (i = 2; i < primes; i++) {
+            pinfo = sk_RSA_PRIME_INFO_value(prime_infos, i - 2);
+            /* pinfo->d == r_i - 1 */
+            if (!BN_mod(pinfo->d, d, pinfo->d, ctx)) {
+                BN_free(d);
+                goto err;
+            }
+        }
+
         /* We MUST free d before any further use of rsa->d */
         BN_free(d);
     }
@@ -202,6 +366,17 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
             BN_free(p);
             goto err;
         }
+
+        /* calculate CRT coefficient for other primes */
+        for (i = 2; i < primes; i++) {
+            pinfo = sk_RSA_PRIME_INFO_value(prime_infos, i - 2);
+            BN_with_flags(p, pinfo->r, BN_FLG_CONSTTIME);
+            if (!BN_mod_inverse(pinfo->t, pinfo->pp, p, ctx)) {
+                BN_free(p);
+                goto err;
+            }
+        }
+
         /* We MUST free p before any further use of rsa->p */
         BN_free(p);
     }
@@ -215,6 +390,5 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
     if (ctx != NULL)
         BN_CTX_end(ctx);
     BN_CTX_free(ctx);
-
     return ok;
 }
diff --git a/deps/openssl/openssl/crypto/rsa/rsa_lib.c b/deps/openssl/openssl/crypto/rsa/rsa_lib.c
index d99d04916d..49c34b7c36 100644
--- a/deps/openssl/openssl/crypto/rsa/rsa_lib.c
+++ b/deps/openssl/openssl/crypto/rsa/rsa_lib.c
@@ -10,9 +10,11 @@
 #include <stdio.h>
 #include <openssl/crypto.h>
 #include "internal/cryptlib.h"
-#include <openssl/lhash.h>
+#include "internal/refcount.h"
 #include "internal/bn_int.h"
 #include <openssl/engine.h>
+#include <openssl/evp.h>
+#include "internal/evp_int.h"
 #include "rsa_locl.h"
 
 RSA *RSA_new(void)
@@ -71,8 +73,9 @@ RSA *RSA_new_method(ENGINE *engine)
             goto err;
         }
         ret->engine = engine;
-    } else
+    } else {
         ret->engine = ENGINE_get_default_RSA();
+    }
     if (ret->engine) {
         ret->meth = ENGINE_get_RSA(ret->engine);
         if (ret->meth == NULL) {
@@ -106,7 +109,7 @@ void RSA_free(RSA *r)
     if (r == NULL)
         return;
 
-    CRYPTO_atomic_add(&r->references, -1, &i, r->lock);
+    CRYPTO_DOWN_REF(&r->references, &i, r->lock);
     REF_PRINT_COUNT("RSA", r);
     if (i > 0)
         return;
@@ -122,14 +125,16 @@ void RSA_free(RSA *r)
 
     CRYPTO_THREAD_lock_free(r->lock);
 
-    BN_clear_free(r->n);
-    BN_clear_free(r->e);
+    BN_free(r->n);
+    BN_free(r->e);
     BN_clear_free(r->d);
     BN_clear_free(r->p);
     BN_clear_free(r->q);
     BN_clear_free(r->dmp1);
     BN_clear_free(r->dmq1);
     BN_clear_free(r->iqmp);
+    RSA_PSS_PARAMS_free(r->pss);
+    sk_RSA_PRIME_INFO_pop_free(r->prime_infos, rsa_multip_info_free);
     BN_BLINDING_free(r->blinding);
     BN_BLINDING_free(r->mt_blinding);
     OPENSSL_free(r->bignum_data);
@@ -140,27 +145,36 @@ int RSA_up_ref(RSA *r)
 {
     int i;
 
-    if (CRYPTO_atomic_add(&r->references, 1, &i, r->lock) <= 0)
+    if (CRYPTO_UP_REF(&r->references, &i, r->lock) <= 0)
         return 0;
 
     REF_PRINT_COUNT("RSA", r);
     REF_ASSERT_ISNT(i < 2);
-    return ((i > 1) ? 1 : 0);
+    return i > 1 ? 1 : 0;
 }
 
 int RSA_set_ex_data(RSA *r, int idx, void *arg)
 {
-    return (CRYPTO_set_ex_data(&r->ex_data, idx, arg));
+    return CRYPTO_set_ex_data(&r->ex_data, idx, arg);
 }
 
 void *RSA_get_ex_data(const RSA *r, int idx)
 {
-    return (CRYPTO_get_ex_data(&r->ex_data, idx));
+    return CRYPTO_get_ex_data(&r->ex_data, idx);
 }
 
 int RSA_security_bits(const RSA *rsa)
 {
-    return BN_security_bits(BN_num_bits(rsa->n), -1);
+    int bits = BN_num_bits(rsa->n);
+
+    if (rsa->version == RSA_ASN1_VERSION_MULTI) {
+        /* This ought to mean that we have private key at hand. */
+        int ex_primes = sk_RSA_PRIME_INFO_num(rsa->prime_infos);
+
+        if (ex_primes <= 0 || (ex_primes + 2) > rsa_multip_cap(bits))
+            return 0;
+    }
+    return BN_security_bits(bits, -1);
 }
 
 int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
@@ -182,7 +196,7 @@ int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
         r->e = e;
     }
     if (d != NULL) {
-        BN_free(r->d);
+        BN_clear_free(r->d);
         r->d = d;
     }
 
@@ -199,11 +213,11 @@ int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q)
         return 0;
 
     if (p != NULL) {
-        BN_free(r->p);
+        BN_clear_free(r->p);
         r->p = p;
     }
     if (q != NULL) {
-        BN_free(r->q);
+        BN_clear_free(r->q);
         r->q = q;
     }
 
@@ -221,21 +235,86 @@ int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp)
         return 0;
 
     if (dmp1 != NULL) {
-        BN_free(r->dmp1);
+        BN_clear_free(r->dmp1);
         r->dmp1 = dmp1;
     }
     if (dmq1 != NULL) {
-        BN_free(r->dmq1);
+        BN_clear_free(r->dmq1);
         r->dmq1 = dmq1;
     }
     if (iqmp != NULL) {
-        BN_free(r->iqmp);
+        BN_clear_free(r->iqmp);
         r->iqmp = iqmp;
     }
 
     return 1;
 }
 
+/*
+ * Is it better to export RSA_PRIME_INFO structure
+ * and related functions to let user pass a triplet?
+ */
+int RSA_set0_multi_prime_params(RSA *r, BIGNUM *primes[], BIGNUM *exps[],
+                                BIGNUM *coeffs[], int pnum)
+{
+    STACK_OF(RSA_PRIME_INFO) *prime_infos, *old = NULL;
+    RSA_PRIME_INFO *pinfo;
+    int i;
+
+    if (primes == NULL || exps == NULL || coeffs == NULL || pnum == 0)
+        return 0;
+
+    prime_infos = sk_RSA_PRIME_INFO_new_reserve(NULL, pnum);
+    if (prime_infos == NULL)
+        return 0;
+
+    if (r->prime_infos != NULL)
+        old = r->prime_infos;
+
+    for (i = 0; i < pnum; i++) {
+        pinfo = rsa_multip_info_new();
+        if (pinfo == NULL)
+            goto err;
+        if (primes[i] != NULL && exps[i] != NULL && coeffs[i] != NULL) {
+            BN_free(pinfo->r);
+            BN_free(pinfo->d);
+            BN_free(pinfo->t);
+            pinfo->r = primes[i];
+            pinfo->d = exps[i];
+            pinfo->t = coeffs[i];
+        } else {
+            rsa_multip_info_free(pinfo);
+            goto err;
+        }
+        (void)sk_RSA_PRIME_INFO_push(prime_infos, pinfo);
+    }
+
+    r->prime_infos = prime_infos;
+
+    if (!rsa_multip_calc_product(r)) {
+        r->prime_infos = old;
+        goto err;
+    }
+
+    if (old != NULL) {
+        /*
+         * This is hard to deal with, since the old infos could
+         * also be set by this function and r, d, t should not
+         * be freed in that case. So currently, stay consistent
+         * with other *set0* functions: just free it...
+         */
+        sk_RSA_PRIME_INFO_pop_free(old, rsa_multip_info_free);
+    }
+
+    r->version = RSA_ASN1_VERSION_MULTI;
+
+    return 1;
+ err:
+    /* r, d, t should not be freed */
+    sk_RSA_PRIME_INFO_pop_free(prime_infos, rsa_multip_info_free_ex);
+    return 0;
+}
+
 void RSA_get0_key(const RSA *r,
                   const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
 {
@@ -255,6 +334,36 @@ void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q)
         *q = r->q;
 }
 
+int RSA_get_multi_prime_extra_count(const RSA *r)
+{
+    int pnum;
+
+    pnum = sk_RSA_PRIME_INFO_num(r->prime_infos);
+    if (pnum <= 0)
+        pnum = 0;
+    return pnum;
+}
+
+int RSA_get0_multi_prime_factors(const RSA *r, const BIGNUM *primes[])
+{
+    int pnum, i;
+    RSA_PRIME_INFO *pinfo;
+
+    if ((pnum = RSA_get_multi_prime_extra_count(r)) == 0)
+        return 0;
+
+    /*
+     * return other primes
+     * it's caller's responsibility to allocate oth_primes[pnum]
+     */
+    for (i = 0; i < pnum; i++) {
+        pinfo = sk_RSA_PRIME_INFO_value(r->prime_infos, i);
+        primes[i] = pinfo->r;
+    }
+
+    return 1;
+}
+
 void RSA_get0_crt_params(const RSA *r,
                          const BIGNUM **dmp1, const BIGNUM **dmq1,
                          const BIGNUM **iqmp)
@@ -267,6 +376,72 @@ void RSA_get0_crt_params(const RSA *r,
         *iqmp = r->iqmp;
 }
 
+int RSA_get0_multi_prime_crt_params(const RSA *r, const BIGNUM *exps[],
+                                    const BIGNUM *coeffs[])
+{
+    int pnum;
+
+    if ((pnum = RSA_get_multi_prime_extra_count(r)) == 0)
+        return 0;
+
+    /* return other primes */
+    if (exps != NULL || coeffs != NULL) {
+        RSA_PRIME_INFO *pinfo;
+        int i;
+
+        /* it's the user's job to guarantee the buffer length */
+        for (i = 0; i < pnum; i++) {
+            pinfo = sk_RSA_PRIME_INFO_value(r->prime_infos, i);
+            if (exps != NULL)
+                exps[i] = pinfo->d;
+            if (coeffs != NULL)
+                coeffs[i] = pinfo->t;
+        }
+    }
+
+    return 1;
+}
+
+const BIGNUM *RSA_get0_n(const RSA *r)
+{
+    return r->n;
+}
+
+const BIGNUM *RSA_get0_e(const RSA *r)
+{
+    return r->e;
+}
+
+const BIGNUM *RSA_get0_d(const RSA *r)
+{
+    return r->d;
+}
+
+const BIGNUM *RSA_get0_p(const RSA *r)
+{
+    return r->p;
+}
+
+const BIGNUM *RSA_get0_q(const RSA *r)
+{
+    return r->q;
+}
+
+const BIGNUM *RSA_get0_dmp1(const RSA *r)
+{
+    return r->dmp1;
+}
+
+const BIGNUM *RSA_get0_dmq1(const RSA *r)
+{
+    return r->dmq1;
+}
+
+const BIGNUM *RSA_get0_iqmp(const RSA *r)
+{
+    return r->iqmp;
+}
+
 void RSA_clear_flags(RSA *r, int flags)
 {
     r->flags &= ~flags;
@@ -282,7 +457,23 @@ void RSA_set_flags(RSA *r, int flags)
     r->flags |= flags;
 }
 
+int RSA_get_version(RSA *r)
+{
+    /* { two-prime(0), multi(1) } */
+    return r->version;
+}
+
 ENGINE *RSA_get0_engine(const RSA *r)
 {
     return r->engine;
 }
+
+int RSA_pkey_ctx_ctrl(EVP_PKEY_CTX *ctx, int optype, int cmd, int p1, void *p2)
+{
+    /* If key type not RSA or RSA-PSS return error */
+    if (ctx != NULL && ctx->pmeth != NULL
+        && ctx->pmeth->pkey_id != EVP_PKEY_RSA
+        && ctx->pmeth->pkey_id != EVP_PKEY_RSA_PSS)
+        return -1;
+     return EVP_PKEY_CTX_ctrl(ctx, -1, optype, cmd, p1, p2);
+}
diff --git a/deps/openssl/openssl/crypto/rsa/rsa_locl.h b/deps/openssl/openssl/crypto/rsa/rsa_locl.h
index 5d16aa6f43..2b94462a94 100644
--- a/deps/openssl/openssl/crypto/rsa/rsa_locl.h
+++ b/deps/openssl/openssl/crypto/rsa/rsa_locl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -8,14 +8,30 @@
  */
 
 #include <openssl/rsa.h>
+#include "internal/refcount.h"
+
+#define RSA_MAX_PRIME_NUM       5
+#define RSA_MIN_MODULUS_BITS    512
+
+typedef struct rsa_prime_info_st {
+    BIGNUM *r;
+    BIGNUM *d;
+    BIGNUM *t;
+    /* save product of primes prior to this one */
+    BIGNUM *pp;
+    BN_MONT_CTX *m;
+} RSA_PRIME_INFO;
+
+DECLARE_ASN1_ITEM(RSA_PRIME_INFO)
+DEFINE_STACK_OF(RSA_PRIME_INFO)
 
 struct rsa_st {
     /*
      * The first parameter is used to pickup errors where this is passed
-     * instead of aEVP_PKEY, it is set to 0
+     * instead of an EVP_PKEY, it is set to 0
      */
     int pad;
-    long version;
+    int32_t version;
     const RSA_METHOD *meth;
     /* functional reference if 'meth' is ENGINE-provided */
     ENGINE *engine;
@@ -27,9 +43,13 @@ struct rsa_st {
     BIGNUM *dmp1;
     BIGNUM *dmq1;
     BIGNUM *iqmp;
+    /* for multi-prime RSA, defined in RFC 8017 */
+    STACK_OF(RSA_PRIME_INFO) *prime_infos;
+    /* If a PSS only key this contains the parameter restrictions */
+    RSA_PSS_PARAMS *pss;
     /* be careful using this if the RSA structure is shared */
     CRYPTO_EX_DATA ex_data;
-    int references;
+    CRYPTO_REF_COUNT references;
     int flags;
     /* Used to cache montgomery values */
     BN_MONT_CTX *_method_mod_n;
@@ -88,9 +108,25 @@ struct rsa_meth_st {
      * things as "builtin software" implementations.
      */
     int (*rsa_keygen) (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
+    int (*rsa_multi_prime_keygen) (RSA *rsa, int bits, int primes,
+                                   BIGNUM *e, BN_GENCB *cb);
 };
 
 extern int int_rsa_verify(int dtype, const unsigned char *m,
                           unsigned int m_len, unsigned char *rm,
                           size_t *prm_len, const unsigned char *sigbuf,
                           size_t siglen, RSA *rsa);
+/* Macros to test if a pkey or ctx is for a PSS key */
+#define pkey_is_pss(pkey) (pkey->ameth->pkey_id == EVP_PKEY_RSA_PSS)
+#define pkey_ctx_is_pss(ctx) (ctx->pmeth->pkey_id == EVP_PKEY_RSA_PSS)
+
+RSA_PSS_PARAMS *rsa_pss_params_create(const EVP_MD *sigmd,
+                                      const EVP_MD *mgf1md, int saltlen);
+int rsa_pss_get_param(const RSA_PSS_PARAMS *pss, const EVP_MD **pmd,
+                      const EVP_MD **pmgf1md, int *psaltlen);
+/* internal function to clear and free multi-prime parameters */
+void rsa_multip_info_free_ex(RSA_PRIME_INFO *pinfo);
+void rsa_multip_info_free(RSA_PRIME_INFO *pinfo);
+RSA_PRIME_INFO *rsa_multip_info_new(void);
+int rsa_multip_calc_product(RSA *rsa);
+int rsa_multip_cap(int bits);
diff --git a/deps/openssl/openssl/crypto/rsa/rsa_meth.c b/deps/openssl/openssl/crypto/rsa/rsa_meth.c
index ba40cff287..def19f375f 100644
--- a/deps/openssl/openssl/crypto/rsa/rsa_meth.c
+++ b/deps/openssl/openssl/crypto/rsa/rsa_meth.c
@@ -271,3 +271,17 @@ int RSA_meth_set_keygen(RSA_METHOD *meth,
     return 1;
 }
 
+int (*RSA_meth_get_multi_prime_keygen(const RSA_METHOD *meth))
+    (RSA *rsa, int bits, int primes, BIGNUM *e, BN_GENCB *cb)
+{
+    return meth->rsa_multi_prime_keygen;
+}
+
+int RSA_meth_set_multi_prime_keygen(RSA_METHOD *meth,
+                                    int (*keygen) (RSA *rsa, int bits,
+                                                   int primes, BIGNUM *e,
+                                                   BN_GENCB *cb))
+{
+    meth->rsa_multi_prime_keygen = keygen;
+    return 1;
+}
diff --git a/deps/openssl/openssl/crypto/rsa/rsa_mp.c b/deps/openssl/openssl/crypto/rsa/rsa_mp.c
new file mode 100644
index 0000000000..e7e810823b
--- /dev/null
+++ b/deps/openssl/openssl/crypto/rsa/rsa_mp.c
@@ -0,0 +1,115 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 BaishanCloud. All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/bn.h>
+#include <openssl/err.h>
+#include "rsa_locl.h"
+
+void rsa_multip_info_free_ex(RSA_PRIME_INFO *pinfo)
+{
+    /* free pp and pinfo only */
+    BN_clear_free(pinfo->pp);
+    OPENSSL_free(pinfo);
+}
+
+void rsa_multip_info_free(RSA_PRIME_INFO *pinfo)
+{
+    /* free a RSA_PRIME_INFO structure */
+    BN_clear_free(pinfo->r);
+    BN_clear_free(pinfo->d);
+    BN_clear_free(pinfo->t);
+    rsa_multip_info_free_ex(pinfo);
+}
+
+RSA_PRIME_INFO *rsa_multip_info_new(void)
+{
+    RSA_PRIME_INFO *pinfo;
+
+    /* create a RSA_PRIME_INFO structure */
+    if ((pinfo = OPENSSL_zalloc(sizeof(RSA_PRIME_INFO))) == NULL) {
+        RSAerr(RSA_F_RSA_MULTIP_INFO_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    if ((pinfo->r = BN_secure_new()) == NULL)
+        goto err;
+    if ((pinfo->d = BN_secure_new()) == NULL)
+        goto err;
+    if ((pinfo->t = BN_secure_new()) == NULL)
+        goto err;
+    if ((pinfo->pp = BN_secure_new()) == NULL)
+        goto err;
+
+    return pinfo;
+
+ err:
+    BN_free(pinfo->r);
+    BN_free(pinfo->d);
+    BN_free(pinfo->t);
+    BN_free(pinfo->pp);
+    OPENSSL_free(pinfo);
+    return NULL;
+}
+
+/* Refill products of primes */
+int rsa_multip_calc_product(RSA *rsa)
+{
+    RSA_PRIME_INFO *pinfo;
+    BIGNUM *p1 = NULL, *p2 = NULL;
+    BN_CTX *ctx = NULL;
+    int i, rv = 0, ex_primes;
+
+    if ((ex_primes = sk_RSA_PRIME_INFO_num(rsa->prime_infos)) <= 0) {
+        /* invalid */
+        goto err;
+    }
+
+    if ((ctx = BN_CTX_new()) == NULL)
+        goto err;
+
+    /* calculate pinfo->pp = p * q for first 'extra' prime */
+    p1 = rsa->p;
+    p2 = rsa->q;
+
+    for (i = 0; i < ex_primes; i++) {
+        pinfo = sk_RSA_PRIME_INFO_value(rsa->prime_infos, i);
+        if (pinfo->pp == NULL) {
+            pinfo->pp = BN_secure_new();
+            if (pinfo->pp == NULL)
+                goto err;
+        }
+        if (!BN_mul(pinfo->pp, p1, p2, ctx))
+            goto err;
+        /* save previous one */
+        p1 = pinfo->pp;
+        p2 = pinfo->r;
+    }
+
+    rv = 1;
+ err:
+    BN_CTX_free(ctx);
+    return rv;
+}
+
+int rsa_multip_cap(int bits)
+{
+    int cap = 5;
+
+    if (bits < 1024)
+        cap = 2;
+    else if (bits < 4096)
+        cap = 3;
+    else if (bits < 8192)
+        cap = 4;
+
+    if (cap > RSA_MAX_PRIME_NUM)
+        cap = RSA_MAX_PRIME_NUM;
+
+    return cap;
+}
diff --git a/deps/openssl/openssl/crypto/rsa/rsa_none.c b/deps/openssl/openssl/crypto/rsa/rsa_none.c
index b78756d186..f16cc67066 100644
--- a/deps/openssl/openssl/crypto/rsa/rsa_none.c
+++ b/deps/openssl/openssl/crypto/rsa/rsa_none.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -16,16 +16,16 @@ int RSA_padding_add_none(unsigned char *to, int tlen,
 {
     if (flen > tlen) {
         RSAerr(RSA_F_RSA_PADDING_ADD_NONE, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
-        return (0);
+        return 0;
     }
 
     if (flen < tlen) {
         RSAerr(RSA_F_RSA_PADDING_ADD_NONE, RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE);
-        return (0);
+        return 0;
     }
 
     memcpy(to, from, (unsigned int)flen);
-    return (1);
+    return 1;
 }
 
 int RSA_padding_check_none(unsigned char *to, int tlen,
@@ -34,10 +34,10 @@ int RSA_padding_check_none(unsigned char *to, int tlen,
 
     if (flen > tlen) {
         RSAerr(RSA_F_RSA_PADDING_CHECK_NONE, RSA_R_DATA_TOO_LARGE);
-        return (-1);
+        return -1;
     }
 
     memset(to, 0, tlen - flen);
     memcpy(to + tlen - flen, from, flen);
-    return (tlen);
+    return tlen;
 }
diff --git a/deps/openssl/openssl/crypto/rsa/rsa_null.c b/deps/openssl/openssl/crypto/rsa/rsa_null.c
deleted file mode 100644
index d339494120..0000000000
--- a/deps/openssl/openssl/crypto/rsa/rsa_null.c
+++ /dev/null
@@ -1,93 +0,0 @@
-/*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include <stdio.h>
-#include "internal/cryptlib.h"
-#include <openssl/bn.h>
-#include "rsa_locl.h"
-
-/*
- * This is a dummy RSA implementation that just returns errors when called.
- * It is designed to allow some RSA functions to work while stopping those
- * covered by the RSA patent. That is RSA, encryption, decryption, signing
- * and verify is not allowed but RSA key generation, key checking and other
- * operations (like storing RSA keys) are permitted.
- */
-
-static int RSA_null_public_encrypt(int flen, const unsigned char *from,
-                                   unsigned char *to, RSA *rsa, int padding);
-static int RSA_null_private_encrypt(int flen, const unsigned char *from,
-                                    unsigned char *to, RSA *rsa, int padding);
-static int RSA_null_public_decrypt(int flen, const unsigned char *from,
-                                   unsigned char *to, RSA *rsa, int padding);
-static int RSA_null_private_decrypt(int flen, const unsigned char *from,
-                                    unsigned char *to, RSA *rsa, int padding);
-static int RSA_null_init(RSA *rsa);
-static int RSA_null_finish(RSA *rsa);
-static RSA_METHOD rsa_null_meth = {
-    "Null RSA",
-    RSA_null_public_encrypt,
-    RSA_null_public_decrypt,
-    RSA_null_private_encrypt,
-    RSA_null_private_decrypt,
-    NULL,
-    NULL,
-    RSA_null_init,
-    RSA_null_finish,
-    0,
-    NULL,
-    NULL,
-    NULL,
-    NULL
-};
-
-const RSA_METHOD *RSA_null_method(void)
-{
-    return (&rsa_null_meth);
-}
-
-static int RSA_null_public_encrypt(int flen, const unsigned char *from,
-                                   unsigned char *to, RSA *rsa, int padding)
-{
-    RSAerr(RSA_F_RSA_NULL_PUBLIC_ENCRYPT, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
-    return -1;
-}
-
-static int RSA_null_private_encrypt(int flen, const unsigned char *from,
-                                    unsigned char *to, RSA *rsa, int padding)
-{
-    RSAerr(RSA_F_RSA_NULL_PRIVATE_ENCRYPT,
-           RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
-    return -1;
-}
-
-static int RSA_null_private_decrypt(int flen, const unsigned char *from,
-                                    unsigned char *to, RSA *rsa, int padding)
-{
-    RSAerr(RSA_F_RSA_NULL_PRIVATE_DECRYPT,
-           RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
-    return -1;
-}
-
-static int RSA_null_public_decrypt(int flen, const unsigned char *from,
-                                   unsigned char *to, RSA *rsa, int padding)
-{
-    RSAerr(RSA_F_RSA_NULL_PUBLIC_DECRYPT, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
-    return -1;
-}
-
-static int RSA_null_init(RSA *rsa)
-{
-    return (1);
-}
-
-static int RSA_null_finish(RSA *rsa)
-{
-    return (1);
-}
diff --git a/deps/openssl/openssl/crypto/rsa/rsa_oaep.c b/deps/openssl/openssl/crypto/rsa/rsa_oaep.c
index df08a2f53e..f13c6fc9e5 100644
--- a/deps/openssl/openssl/crypto/rsa/rsa_oaep.c
+++ b/deps/openssl/openssl/crypto/rsa/rsa_oaep.c
@@ -81,12 +81,6 @@ int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
     if (RAND_bytes(seed, mdlen) <= 0)
         goto err;
 
-#ifdef PKCS_TESTVECT
-    memcpy(seed,
-           "\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2\xf0\x6c\xb5\x8f",
-           20);
-#endif
-
     dbmask_len = emlen - mdlen;
     dbmask = OPENSSL_malloc(dbmask_len);
     if (dbmask == NULL) {
diff --git a/deps/openssl/openssl/crypto/rsa/rsa_ossl.c b/deps/openssl/openssl/crypto/rsa/rsa_ossl.c
index 23f948fbbb..2b1b006c28 100644
--- a/deps/openssl/openssl/crypto/rsa/rsa_ossl.c
+++ b/deps/openssl/openssl/crypto/rsa/rsa_ossl.c
@@ -38,7 +38,8 @@ static RSA_METHOD rsa_pkcs1_ossl_meth = {
     NULL,
     0,                          /* rsa_sign */
     0,                          /* rsa_verify */
-    NULL                        /* rsa_keygen */
+    NULL,                       /* rsa_keygen */
+    NULL                        /* rsa_multi_prime_keygen */
 };
 
 static const RSA_METHOD *default_RSA_meth = &rsa_pkcs1_ossl_meth;
@@ -58,6 +59,11 @@ const RSA_METHOD *RSA_PKCS1_OpenSSL(void)
     return &rsa_pkcs1_ossl_meth;
 }
 
+const RSA_METHOD *RSA_null_method(void)
+{
+    return NULL;
+}
+
 static int rsa_ossl_public_encrypt(int flen, const unsigned char *from,
                                   unsigned char *to, RSA *rsa, int padding)
 {
@@ -91,7 +97,7 @@ static int rsa_ossl_public_encrypt(int flen, const unsigned char *from,
     ret = BN_CTX_get(ctx);
     num = BN_num_bytes(rsa->n);
     buf = OPENSSL_malloc(num);
-    if (f == NULL || ret == NULL || buf == NULL) {
+    if (ret == NULL || buf == NULL) {
         RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, ERR_R_MALLOC_FAILURE);
         goto err;
     }
@@ -145,7 +151,7 @@ static int rsa_ossl_public_encrypt(int flen, const unsigned char *from,
         BN_CTX_end(ctx);
     BN_CTX_free(ctx);
     OPENSSL_clear_free(buf, num);
-    return (r);
+    return r;
 }
 
 static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx)
@@ -190,12 +196,12 @@ static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx)
 static int rsa_blinding_convert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind,
                                 BN_CTX *ctx)
 {
-    if (unblind == NULL)
+    if (unblind == NULL) {
         /*
          * Local blinding: store the unblinding factor in BN_BLINDING.
          */
         return BN_BLINDING_convert_ex(f, NULL, b, ctx);
-    else {
+    } else {
         /*
          * Shared blinding: store the unblinding factor outside BN_BLINDING.
          */
@@ -247,7 +253,7 @@ static int rsa_ossl_private_encrypt(int flen, const unsigned char *from,
     ret = BN_CTX_get(ctx);
     num = BN_num_bytes(rsa->n);
     buf = OPENSSL_malloc(num);
-    if (f == NULL || ret == NULL || buf == NULL) {
+    if (ret == NULL || buf == NULL) {
         RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE);
         goto err;
     }
@@ -298,6 +304,7 @@ static int rsa_ossl_private_encrypt(int flen, const unsigned char *from,
     }
 
     if ((rsa->flags & RSA_FLAG_EXT_PKEY) ||
+        (rsa->version == RSA_ASN1_VERSION_MULTI) ||
         ((rsa->p != NULL) &&
          (rsa->q != NULL) &&
          (rsa->dmp1 != NULL) && (rsa->dmq1 != NULL) && (rsa->iqmp != NULL))) {
@@ -338,8 +345,9 @@ static int rsa_ossl_private_encrypt(int flen, const unsigned char *from,
             res = f;
         else
             res = ret;
-    } else
+    } else {
         res = ret;
+    }
 
     /*
      * BN_bn2binpad puts in leading 0 bytes if the number is less than
@@ -351,7 +359,7 @@ static int rsa_ossl_private_encrypt(int flen, const unsigned char *from,
         BN_CTX_end(ctx);
     BN_CTX_free(ctx);
     OPENSSL_clear_free(buf, num);
-    return (r);
+    return r;
 }
 
 static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
@@ -377,7 +385,7 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
     ret = BN_CTX_get(ctx);
     num = BN_num_bytes(rsa->n);
     buf = OPENSSL_malloc(num);
-    if (f == NULL || ret == NULL || buf == NULL) {
+    if (ret == NULL || buf == NULL) {
         RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, ERR_R_MALLOC_FAILURE);
         goto err;
     }
@@ -421,6 +429,7 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
 
     /* do the decrypt */
     if ((rsa->flags & RSA_FLAG_EXT_PKEY) ||
+        (rsa->version == RSA_ASN1_VERSION_MULTI) ||
         ((rsa->p != NULL) &&
          (rsa->q != NULL) &&
          (rsa->dmp1 != NULL) && (rsa->dmq1 != NULL) && (rsa->iqmp != NULL))) {
@@ -480,7 +489,7 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
         BN_CTX_end(ctx);
     BN_CTX_free(ctx);
     OPENSSL_clear_free(buf, num);
-    return (r);
+    return r;
 }
 
 /* signature verification */
@@ -517,7 +526,7 @@ static int rsa_ossl_public_decrypt(int flen, const unsigned char *from,
     ret = BN_CTX_get(ctx);
     num = BN_num_bytes(rsa->n);
     buf = OPENSSL_malloc(num);
-    if (f == NULL || ret == NULL || buf == NULL) {
+    if (ret == NULL || buf == NULL) {
         RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, ERR_R_MALLOC_FAILURE);
         goto err;
     }
@@ -577,22 +586,29 @@ static int rsa_ossl_public_decrypt(int flen, const unsigned char *from,
         BN_CTX_end(ctx);
     BN_CTX_free(ctx);
     OPENSSL_clear_free(buf, num);
-    return (r);
+    return r;
 }
 
 static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
 {
-    BIGNUM *r1, *m1, *vrfy;
-    int ret = 0, smooth = 0;
+    BIGNUM *r1, *m1, *vrfy, *r2, *m[RSA_MAX_PRIME_NUM - 2];
+    int ret = 0, i, ex_primes = 0, smooth = 0;
+    RSA_PRIME_INFO *pinfo;
 
     BN_CTX_start(ctx);
 
     r1 = BN_CTX_get(ctx);
+    r2 = BN_CTX_get(ctx);
     m1 = BN_CTX_get(ctx);
     vrfy = BN_CTX_get(ctx);
     if (vrfy == NULL)
         goto err;
 
+    if (rsa->version == RSA_ASN1_VERSION_MULTI
+        && ((ex_primes = sk_RSA_PRIME_INFO_num(rsa->prime_infos)) <= 0
+             || ex_primes > RSA_MAX_PRIME_NUM - 2))
+        goto err;
+
     if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) {
         BIGNUM *factor = BN_new();
 
@@ -612,12 +628,21 @@ static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
             BN_free(factor);
             goto err;
         }
+        for (i = 0; i < ex_primes; i++) {
+            pinfo = sk_RSA_PRIME_INFO_value(rsa->prime_infos, i);
+            BN_with_flags(factor, pinfo->r, BN_FLG_CONSTTIME);
+            if (!BN_MONT_CTX_set_locked(&pinfo->m, rsa->lock, factor, ctx)) {
+                BN_free(factor);
+                goto err;
+            }
+        }
         /*
          * We MUST free |factor| before any further use of the prime factors
          */
         BN_free(factor);
 
-        smooth = (rsa->meth->bn_mod_exp == BN_mod_exp_mont)
+        smooth = (ex_primes == 0)
+                 && (rsa->meth->bn_mod_exp == BN_mod_exp_mont)
                  && (BN_num_bits(rsa->q) == BN_num_bits(rsa->p));
     }
 
@@ -723,6 +748,56 @@ static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
         BN_free(dmp1);
     }
 
+    /*
+     * calculate m_i in multi-prime case
+     *
+     * TODO:
+     * 1. squash the following two loops and calculate |m_i| there.
+     * 2. remove cc and reuse |c|.
+     * 3. remove |dmq1| and |dmp1| in previous block and use |di|.
+     *
+     * If these things are done, the code will be more readable.
+     */
+    if (ex_primes > 0) {
+        BIGNUM *di = BN_new(), *cc = BN_new();
+
+        if (cc == NULL || di == NULL) {
+            BN_free(cc);
+            BN_free(di);
+            goto err;
+        }
+
+        for (i = 0; i < ex_primes; i++) {
+            /* prepare m_i */
+            if ((m[i] = BN_CTX_get(ctx)) == NULL) {
+                BN_free(cc);
+                BN_free(di);
+                goto err;
+            }
+
+            pinfo = sk_RSA_PRIME_INFO_value(rsa->prime_infos, i);
+
+            /* prepare c and d_i */
+            BN_with_flags(cc, I, BN_FLG_CONSTTIME);
+            BN_with_flags(di, pinfo->d, BN_FLG_CONSTTIME);
+
+            if (!BN_mod(r1, cc, pinfo->r, ctx)) {
+                BN_free(cc);
+                BN_free(di);
+                goto err;
+            }
+            /* compute r1 ^ d_i mod r_i */
+            if (!rsa->meth->bn_mod_exp(m[i], r1, di, pinfo->r, ctx, pinfo->m)) {
+                BN_free(cc);
+                BN_free(di);
+                goto err;
+            }
+        }
+
+        BN_free(cc);
+        BN_free(di);
+    }
+
     if (!BN_sub(r0, r0, m1))
         goto err;
     /*
@@ -765,6 +840,49 @@ static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
     if (!BN_add(r0, r1, m1))
         goto err;
 
+    /* add m_i to m in multi-prime case */
+    if (ex_primes > 0) {
+        BIGNUM *pr2 = BN_new();
+
+        if (pr2 == NULL)
+            goto err;
+
+        for (i = 0; i < ex_primes; i++) {
+            pinfo = sk_RSA_PRIME_INFO_value(rsa->prime_infos, i);
+            if (!BN_sub(r1, m[i], r0)) {
+                BN_free(pr2);
+                goto err;
+            }
+
+            if (!BN_mul(r2, r1, pinfo->t, ctx)) {
+                BN_free(pr2);
+                goto err;
+            }
+
+            BN_with_flags(pr2, r2, BN_FLG_CONSTTIME);
+
+            if (!BN_mod(r1, pr2, pinfo->r, ctx)) {
+                BN_free(pr2);
+                goto err;
+            }
+
+            if (BN_is_negative(r1))
+                if (!BN_add(r1, r1, pinfo->r)) {
+                    BN_free(pr2);
+                    goto err;
+                }
+            if (!BN_mul(r1, r1, pinfo->pp, ctx)) {
+                BN_free(pr2);
+                goto err;
+            }
+            if (!BN_add(r0, r0, r1)) {
+                BN_free(pr2);
+                goto err;
+            }
+        }
+        BN_free(pr2);
+    }
+
  tail:
     if (rsa->e && rsa->n) {
         if (rsa->meth->bn_mod_exp == BN_mod_exp_mont) {
@@ -828,19 +946,26 @@ static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
     ret = 1;
  err:
     BN_CTX_end(ctx);
-    return (ret);
+    return ret;
 }
 
 static int rsa_ossl_init(RSA *rsa)
 {
     rsa->flags |= RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE;
-    return (1);
+    return 1;
 }
 
 static int rsa_ossl_finish(RSA *rsa)
 {
+    int i;
+    RSA_PRIME_INFO *pinfo;
+
     BN_MONT_CTX_free(rsa->_method_mod_n);
     BN_MONT_CTX_free(rsa->_method_mod_p);
     BN_MONT_CTX_free(rsa->_method_mod_q);
-    return (1);
+    for (i = 0; i < sk_RSA_PRIME_INFO_num(rsa->prime_infos); i++) {
+        pinfo = sk_RSA_PRIME_INFO_value(rsa->prime_infos, i);
+        BN_MONT_CTX_free(pinfo->m);
+    }
+    return 1;
 }
diff --git a/deps/openssl/openssl/crypto/rsa/rsa_pk1.c b/deps/openssl/openssl/crypto/rsa/rsa_pk1.c
index 63d6c3a3b8..d07c0d6f85 100644
--- a/deps/openssl/openssl/crypto/rsa/rsa_pk1.c
+++ b/deps/openssl/openssl/crypto/rsa/rsa_pk1.c
@@ -24,7 +24,7 @@ int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
     if (flen > (tlen - RSA_PKCS1_PADDING_SIZE)) {
         RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,
                RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
-        return (0);
+        return 0;
     }
 
     p = (unsigned char *)to;
@@ -38,7 +38,7 @@ int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
     p += j;
     *(p++) = '\0';
     memcpy(p, from, (unsigned int)flen);
-    return (1);
+    return 1;
 }
 
 int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
@@ -73,7 +73,7 @@ int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
     if ((num != (flen + 1)) || (*(p++) != 0x01)) {
         RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,
                RSA_R_BLOCK_TYPE_IS_NOT_01);
-        return (-1);
+        return -1;
     }
 
     /* scan over padding data */
@@ -86,7 +86,7 @@ int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
             } else {
                 RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,
                        RSA_R_BAD_FIXED_HEADER_DECRYPT);
-                return (-1);
+                return -1;
             }
         }
         p++;
@@ -95,23 +95,23 @@ int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
     if (i == j) {
         RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,
                RSA_R_NULL_BEFORE_BLOCK_MISSING);
-        return (-1);
+        return -1;
     }
 
     if (i < 8) {
         RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,
                RSA_R_BAD_PAD_BYTE_COUNT);
-        return (-1);
+        return -1;
     }
     i++;                        /* Skip over the '\0' */
     j -= i;
     if (j > tlen) {
         RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1, RSA_R_DATA_TOO_LARGE);
-        return (-1);
+        return -1;
     }
     memcpy(to, p, (unsigned int)j);
 
-    return (j);
+    return j;
 }
 
 int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
@@ -123,7 +123,7 @@ int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
     if (flen > (tlen - 11)) {
         RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2,
                RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
-        return (0);
+        return 0;
     }
 
     p = (unsigned char *)to;
@@ -135,12 +135,12 @@ int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
     j = tlen - 3 - flen;
 
     if (RAND_bytes(p, j) <= 0)
-        return (0);
+        return 0;
     for (i = 0; i < j; i++) {
         if (*p == '\0')
             do {
                 if (RAND_bytes(p, 1) <= 0)
-                    return (0);
+                    return 0;
             } while (*p == '\0');
         p++;
     }
@@ -148,7 +148,7 @@ int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
     *(p++) = '\0';
 
     memcpy(p, from, (unsigned int)flen);
-    return (1);
+    return 1;
 }
 
 int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
diff --git a/deps/openssl/openssl/crypto/rsa/rsa_pmeth.c b/deps/openssl/openssl/crypto/rsa/rsa_pmeth.c
index 2d1dffbbb5..c10669f8a9 100644
--- a/deps/openssl/openssl/crypto/rsa/rsa_pmeth.c
+++ b/deps/openssl/openssl/crypto/rsa/rsa_pmeth.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -25,6 +25,7 @@ typedef struct {
     /* Key gen parameters */
     int nbits;
     BIGNUM *pub_exp;
+    int primes;
     /* Keygen callback info */
     int gentmp[2];
     /* RSA padding mode */
@@ -35,6 +36,8 @@ typedef struct {
     const EVP_MD *mgf1md;
     /* PSS salt length */
     int saltlen;
+    /* Minimum salt length or -1 if no PSS parameter restriction */
+    int min_saltlen;
     /* Temp buffer */
     unsigned char *tbuf;
     /* OAEP label */
@@ -42,15 +45,24 @@ typedef struct {
     size_t oaep_labellen;
 } RSA_PKEY_CTX;
 
+/* True if PSS parameters are restricted */
+#define rsa_pss_restricted(rctx) (rctx->min_saltlen != -1)
+
 static int pkey_rsa_init(EVP_PKEY_CTX *ctx)
 {
-    RSA_PKEY_CTX *rctx;
-    rctx = OPENSSL_zalloc(sizeof(*rctx));
+    RSA_PKEY_CTX *rctx = OPENSSL_zalloc(sizeof(*rctx));
+
     if (rctx == NULL)
         return 0;
     rctx->nbits = 1024;
-    rctx->pad_mode = RSA_PKCS1_PADDING;
-    rctx->saltlen = -2;
+    rctx->primes = RSA_DEFAULT_PRIME_NUM;
+    if (pkey_ctx_is_pss(ctx))
+        rctx->pad_mode = RSA_PKCS1_PSS_PADDING;
+    else
+        rctx->pad_mode = RSA_PKCS1_PADDING;
+    /* Maximum for sign, auto for verify */
+    rctx->saltlen = RSA_PSS_SALTLEN_AUTO;
+    rctx->min_saltlen = -1;
     ctx->data = rctx;
     ctx->keygen_info = rctx->gentmp;
     ctx->keygen_info_count = 2;
@@ -61,6 +73,7 @@ static int pkey_rsa_init(EVP_PKEY_CTX *ctx)
 static int pkey_rsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
 {
     RSA_PKEY_CTX *dctx, *sctx;
+
     if (!pkey_rsa_init(dst))
         return 0;
     sctx = src->data;
@@ -86,11 +99,12 @@ static int pkey_rsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
 
 static int setup_tbuf(RSA_PKEY_CTX *ctx, EVP_PKEY_CTX *pk)
 {
-    if (ctx->tbuf)
+    if (ctx->tbuf != NULL)
         return 1;
-    ctx->tbuf = OPENSSL_malloc(EVP_PKEY_size(pk->pkey));
-    if (ctx->tbuf == NULL)
+    if ((ctx->tbuf = OPENSSL_malloc(EVP_PKEY_size(pk->pkey))) == NULL) {
+        RSAerr(RSA_F_SETUP_TBUF, ERR_R_MALLOC_FAILURE);
         return 0;
+    }
     return 1;
 }
 
@@ -159,11 +173,13 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
                 return -1;
             ret = RSA_private_encrypt(RSA_size(rsa), rctx->tbuf,
                                       sig, rsa, RSA_NO_PADDING);
-        } else
+        } else {
             return -1;
-    } else
+        }
+    } else {
         ret = RSA_private_encrypt(tbslen, tbs, sig, ctx->pkey->pkey.rsa,
                                   rctx->pad_mode);
+    }
     if (ret < 0)
         return ret;
     *siglen = ret;
@@ -207,11 +223,13 @@ static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx,
             if (ret <= 0)
                 return 0;
             ret = sltmp;
-        } else
+        } else {
             return -1;
-    } else
+        }
+    } else {
         ret = RSA_public_decrypt(siglen, sig, rout, ctx->pkey->pkey.rsa,
                                  rctx->pad_mode);
+    }
     if (ret < 0)
         return ret;
     *routlen = ret;
@@ -225,6 +243,7 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,
     RSA_PKEY_CTX *rctx = ctx->data;
     RSA *rsa = ctx->pkey->pkey.rsa;
     size_t rslen;
+
     if (rctx->md) {
         if (rctx->pad_mode == RSA_PKCS1_PADDING)
             return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,
@@ -250,8 +269,9 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,
             if (ret <= 0)
                 return 0;
             return 1;
-        } else
+        } else {
             return -1;
+        }
     } else {
         if (!setup_tbuf(rctx, ctx))
             return -1;
@@ -274,6 +294,7 @@ static int pkey_rsa_encrypt(EVP_PKEY_CTX *ctx,
 {
     int ret;
     RSA_PKEY_CTX *rctx = ctx->data;
+
     if (rctx->pad_mode == RSA_PKCS1_OAEP_PADDING) {
         int klen = RSA_size(ctx->pkey->pkey.rsa);
         if (!setup_tbuf(rctx, ctx))
@@ -286,9 +307,10 @@ static int pkey_rsa_encrypt(EVP_PKEY_CTX *ctx,
             return -1;
         ret = RSA_public_encrypt(klen, rctx->tbuf, out,
                                  ctx->pkey->pkey.rsa, RSA_NO_PADDING);
-    } else
+    } else {
         ret = RSA_public_encrypt(inlen, in, out, ctx->pkey->pkey.rsa,
                                  rctx->pad_mode);
+    }
     if (ret < 0)
         return ret;
     *outlen = ret;
@@ -301,6 +323,7 @@ static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx,
 {
     int ret;
     RSA_PKEY_CTX *rctx = ctx->data;
+
     if (rctx->pad_mode == RSA_PKCS1_OAEP_PADDING) {
         if (!setup_tbuf(rctx, ctx))
             return -1;
@@ -313,9 +336,10 @@ static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx,
                                                 rctx->oaep_label,
                                                 rctx->oaep_labellen,
                                                 rctx->md, rctx->mgf1md);
-    } else
+    } else {
         ret = RSA_private_decrypt(inlen, in, out, ctx->pkey->pkey.rsa,
                                   rctx->pad_mode);
+    }
     if (ret < 0)
         return ret;
     *outlen = ret;
@@ -325,6 +349,7 @@ static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx,
 static int check_padding_md(const EVP_MD *md, int padding)
 {
     int mdnid;
+
     if (!md)
         return 1;
 
@@ -354,6 +379,10 @@ static int check_padding_md(const EVP_MD *md, int padding)
         case NID_md4:
         case NID_mdc2:
         case NID_ripemd160:
+        case NID_sha3_224:
+        case NID_sha3_256:
+        case NID_sha3_384:
+        case NID_sha3_512:
             return 1;
 
         default:
@@ -369,6 +398,7 @@ static int check_padding_md(const EVP_MD *md, int padding)
 static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
 {
     RSA_PKEY_CTX *rctx = ctx->data;
+
     switch (type) {
     case EVP_PKEY_CTRL_RSA_PADDING:
         if ((p1 >= RSA_PKCS1_PADDING) && (p1 <= RSA_PKCS1_PSS_PADDING)) {
@@ -380,6 +410,8 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
                     goto bad_pad;
                 if (!rctx->md)
                     rctx->md = EVP_sha1();
+            } else if (pkey_ctx_is_pss(ctx)) {
+                goto bad_pad;
             }
             if (p1 == RSA_PKCS1_OAEP_PADDING) {
                 if (!(ctx->operation & EVP_PKEY_OP_TYPE_CRYPT))
@@ -405,17 +437,30 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
             RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PSS_SALTLEN);
             return -2;
         }
-        if (type == EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN)
+        if (type == EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN) {
             *(int *)p2 = rctx->saltlen;
-        else {
-            if (p1 < -2)
+        } else {
+            if (p1 < RSA_PSS_SALTLEN_MAX)
                 return -2;
+            if (rsa_pss_restricted(rctx)) {
+                if (p1 == RSA_PSS_SALTLEN_AUTO
+                    && ctx->operation == EVP_PKEY_OP_VERIFY) {
+                    RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PSS_SALTLEN);
+                    return -2;
+                }
+                if ((p1 == RSA_PSS_SALTLEN_DIGEST
+                     && rctx->min_saltlen > EVP_MD_size(rctx->md))
+                    || (p1 >= 0 && p1 < rctx->min_saltlen)) {
+                    RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_PSS_SALTLEN_TOO_SMALL);
+                    return 0;
+                }
+            }
             rctx->saltlen = p1;
         }
         return 1;
 
     case EVP_PKEY_CTRL_RSA_KEYGEN_BITS:
-        if (p1 < 512) {
+        if (p1 < RSA_MIN_MODULUS_BITS) {
             RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_KEY_SIZE_TOO_SMALL);
             return -2;
         }
@@ -431,6 +476,14 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
         rctx->pub_exp = p2;
         return 1;
 
+    case EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES:
+        if (p1 < RSA_DEFAULT_PRIME_NUM || p1 > RSA_MAX_PRIME_NUM) {
+            RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_KEY_PRIME_NUM_INVALID);
+            return -2;
+        }
+        rctx->primes = p1;
+        return 1;
+
     case EVP_PKEY_CTRL_RSA_OAEP_MD:
     case EVP_PKEY_CTRL_GET_RSA_OAEP_MD:
         if (rctx->pad_mode != RSA_PKCS1_OAEP_PADDING) {
@@ -446,6 +499,12 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
     case EVP_PKEY_CTRL_MD:
         if (!check_padding_md(p2, rctx->pad_mode))
             return 0;
+        if (rsa_pss_restricted(rctx)) {
+            if (EVP_MD_type(rctx->md) == EVP_MD_type(p2))
+                return 1;
+            RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_DIGEST_NOT_ALLOWED);
+            return 0;
+        }
         rctx->md = p2;
         return 1;
 
@@ -465,8 +524,15 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
                 *(const EVP_MD **)p2 = rctx->mgf1md;
             else
                 *(const EVP_MD **)p2 = rctx->md;
-        } else
+        } else {
+            if (rsa_pss_restricted(rctx)) {
+                if (EVP_MD_type(rctx->mgf1md) == EVP_MD_type(p2))
+                    return 1;
+                RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_MGF1_DIGEST_NOT_ALLOWED);
+                return 0;
+            }
             rctx->mgf1md = p2;
+        }
         return 1;
 
     case EVP_PKEY_CTRL_RSA_OAEP_LABEL:
@@ -493,16 +559,21 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
         return rctx->oaep_labellen;
 
     case EVP_PKEY_CTRL_DIGESTINIT:
+    case EVP_PKEY_CTRL_PKCS7_SIGN:
+#ifndef OPENSSL_NO_CMS
+    case EVP_PKEY_CTRL_CMS_SIGN:
+#endif
+    return 1;
+
     case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
     case EVP_PKEY_CTRL_PKCS7_DECRYPT:
-    case EVP_PKEY_CTRL_PKCS7_SIGN:
-        return 1;
 #ifndef OPENSSL_NO_CMS
     case EVP_PKEY_CTRL_CMS_DECRYPT:
     case EVP_PKEY_CTRL_CMS_ENCRYPT:
-    case EVP_PKEY_CTRL_CMS_SIGN:
-        return 1;
 #endif
+    if (!pkey_ctx_is_pss(ctx))
+        return 1;
+    /* fall through */
     case EVP_PKEY_CTRL_PEER_KEY:
         RSAerr(RSA_F_PKEY_RSA_CTRL,
                RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
@@ -517,27 +588,28 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
 static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx,
                              const char *type, const char *value)
 {
-    if (!value) {
+    if (value == NULL) {
         RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_VALUE_MISSING);
         return 0;
     }
     if (strcmp(type, "rsa_padding_mode") == 0) {
         int pm;
-        if (strcmp(value, "pkcs1") == 0)
+
+        if (strcmp(value, "pkcs1") == 0) {
             pm = RSA_PKCS1_PADDING;
-        else if (strcmp(value, "sslv23") == 0)
+        } else if (strcmp(value, "sslv23") == 0) {
             pm = RSA_SSLV23_PADDING;
-        else if (strcmp(value, "none") == 0)
+        } else if (strcmp(value, "none") == 0) {
             pm = RSA_NO_PADDING;
-        else if (strcmp(value, "oeap") == 0)
+        } else if (strcmp(value, "oeap") == 0) {
             pm = RSA_PKCS1_OAEP_PADDING;
-        else if (strcmp(value, "oaep") == 0)
+        } else if (strcmp(value, "oaep") == 0) {
             pm = RSA_PKCS1_OAEP_PADDING;
-        else if (strcmp(value, "x931") == 0)
+        } else if (strcmp(value, "x931") == 0) {
             pm = RSA_X931_PADDING;
-        else if (strcmp(value, "pss") == 0)
+        } else if (strcmp(value, "pss") == 0) {
             pm = RSA_PKCS1_PSS_PADDING;
-        else {
+        } else {
             RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_UNKNOWN_PADDING_TYPE);
             return -2;
         }
@@ -546,18 +618,27 @@ static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx,
 
     if (strcmp(type, "rsa_pss_saltlen") == 0) {
         int saltlen;
-        saltlen = atoi(value);
+
+        if (!strcmp(value, "digest"))
+            saltlen = RSA_PSS_SALTLEN_DIGEST;
+        else if (!strcmp(value, "max"))
+            saltlen = RSA_PSS_SALTLEN_MAX;
+        else if (!strcmp(value, "auto"))
+            saltlen = RSA_PSS_SALTLEN_AUTO;
+        else
+            saltlen = atoi(value);
         return EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, saltlen);
     }
 
     if (strcmp(type, "rsa_keygen_bits") == 0) {
-        int nbits;
-        nbits = atoi(value);
+        int nbits = atoi(value);
+
         return EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, nbits);
     }
 
     if (strcmp(type, "rsa_keygen_pubexp") == 0) {
         int ret;
+
         BIGNUM *pubexp = NULL;
         if (!BN_asc2bn(&pubexp, value))
             return 0;
@@ -567,27 +648,43 @@ static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx,
         return ret;
     }
 
-    if (strcmp(type, "rsa_mgf1_md") == 0) {
-        const EVP_MD *md;
-        if ((md = EVP_get_digestbyname(value)) == NULL) {
-            RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_INVALID_DIGEST);
-            return 0;
-        }
-        return EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, md);
+    if (strcmp(type, "rsa_keygen_primes") == 0) {
+        int nprimes = atoi(value);
+
+        return EVP_PKEY_CTX_set_rsa_keygen_primes(ctx, nprimes);
     }
 
-    if (strcmp(type, "rsa_oaep_md") == 0) {
-        const EVP_MD *md;
-        if ((md = EVP_get_digestbyname(value)) == NULL) {
-            RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_INVALID_DIGEST);
-            return 0;
+    if (strcmp(type, "rsa_mgf1_md") == 0)
+        return EVP_PKEY_CTX_md(ctx,
+                               EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT,
+                               EVP_PKEY_CTRL_RSA_MGF1_MD, value);
+
+    if (pkey_ctx_is_pss(ctx)) {
+
+        if (strcmp(type, "rsa_pss_keygen_mgf1_md") == 0)
+            return EVP_PKEY_CTX_md(ctx, EVP_PKEY_OP_KEYGEN,
+                                   EVP_PKEY_CTRL_RSA_MGF1_MD, value);
+
+        if (strcmp(type, "rsa_pss_keygen_md") == 0)
+            return EVP_PKEY_CTX_md(ctx, EVP_PKEY_OP_KEYGEN,
+                                   EVP_PKEY_CTRL_MD, value);
+
+        if (strcmp(type, "rsa_pss_keygen_saltlen") == 0) {
+            int saltlen = atoi(value);
+
+            return EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(ctx, saltlen);
         }
-        return EVP_PKEY_CTX_set_rsa_oaep_md(ctx, md);
     }
+
+    if (strcmp(type, "rsa_oaep_md") == 0)
+        return EVP_PKEY_CTX_md(ctx, EVP_PKEY_OP_TYPE_CRYPT,
+                               EVP_PKEY_CTRL_RSA_OAEP_MD, value);
+
     if (strcmp(type, "rsa_oaep_label") == 0) {
         unsigned char *lab;
         long lablen;
         int ret;
+
         lab = OPENSSL_hexstr2buf(value, &lablen);
         if (!lab)
             return 0;
@@ -600,12 +697,30 @@ static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx,
     return -2;
 }
 
+/* Set PSS parameters when generating a key, if necessary */
+static int rsa_set_pss_param(RSA *rsa, EVP_PKEY_CTX *ctx)
+{
+    RSA_PKEY_CTX *rctx = ctx->data;
+
+    if (!pkey_ctx_is_pss(ctx))
+        return 1;
+    /* If all parameters are default values don't set pss */
+    if (rctx->md == NULL && rctx->mgf1md == NULL && rctx->saltlen == -2)
+        return 1;
+    rsa->pss = rsa_pss_params_create(rctx->md, rctx->mgf1md,
+                                     rctx->saltlen == -2 ? 0 : rctx->saltlen);
+    if (rsa->pss == NULL)
+        return 0;
+    return 1;
+}
+
 static int pkey_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
 {
     RSA *rsa = NULL;
     RSA_PKEY_CTX *rctx = ctx->data;
     BN_GENCB *pcb;
     int ret;
+
     if (rctx->pub_exp == NULL) {
         rctx->pub_exp = BN_new();
         if (rctx->pub_exp == NULL || !BN_set_word(rctx->pub_exp, RSA_F4))
@@ -621,12 +736,18 @@ static int pkey_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
             return 0;
         }
         evp_pkey_set_cb_translate(pcb, ctx);
-    } else
+    } else {
         pcb = NULL;
-    ret = RSA_generate_key_ex(rsa, rctx->nbits, rctx->pub_exp, pcb);
+    }
+    ret = RSA_generate_multi_prime_key(rsa, rctx->nbits, rctx->primes,
+                                       rctx->pub_exp, pcb);
     BN_GENCB_free(pcb);
+    if (ret > 0 && !rsa_set_pss_param(rsa, ctx)) {
+        RSA_free(rsa);
+        return 0;
+    }
     if (ret > 0)
-        EVP_PKEY_assign_RSA(pkey, rsa);
+        EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, rsa);
     else
         RSA_free(rsa);
     return ret;
@@ -666,3 +787,74 @@ const EVP_PKEY_METHOD rsa_pkey_meth = {
     pkey_rsa_ctrl,
     pkey_rsa_ctrl_str
 };
+
+/*
+ * Called for PSS sign or verify initialisation: checks PSS parameter
+ * sanity and sets any restrictions on key usage.
+ */
+
+static int pkey_pss_init(EVP_PKEY_CTX *ctx)
+{
+    RSA *rsa;
+    RSA_PKEY_CTX *rctx = ctx->data;
+    const EVP_MD *md;
+    const EVP_MD *mgf1md;
+    int min_saltlen, max_saltlen;
+
+    /* Should never happen */
+    if (!pkey_ctx_is_pss(ctx))
+        return 0;
+    rsa = ctx->pkey->pkey.rsa;
+    /* If no restrictions just return */
+    if (rsa->pss == NULL)
+        return 1;
+    /* Get and check parameters */
+    if (!rsa_pss_get_param(rsa->pss, &md, &mgf1md, &min_saltlen))
+        return 0;
+
+    /* See if minimum salt length exceeds maximum possible */
+    max_saltlen = RSA_size(rsa) - EVP_MD_size(md);
+    if ((RSA_bits(rsa) & 0x7) == 1)
+        max_saltlen--;
+    if (min_saltlen > max_saltlen) {
+        RSAerr(RSA_F_PKEY_PSS_INIT, RSA_R_INVALID_SALT_LENGTH);
+        return 0;
+    }
+
+    rctx->min_saltlen = min_saltlen;
+
+    /*
+     * Set PSS restrictions as defaults: we can then block any attempt to
+     * use invalid values in pkey_rsa_ctrl
+     */
+
+    rctx->md = md;
+    rctx->mgf1md = mgf1md;
+    rctx->saltlen = min_saltlen;
+
+    return 1;
+}
+
+const EVP_PKEY_METHOD rsa_pss_pkey_meth = {
+    EVP_PKEY_RSA_PSS,
+    EVP_PKEY_FLAG_AUTOARGLEN,
+    pkey_rsa_init,
+    pkey_rsa_copy,
+    pkey_rsa_cleanup,
+
+    0, 0,
+
+    0,
+    pkey_rsa_keygen,
+
+    pkey_pss_init,
+    pkey_rsa_sign,
+
+    pkey_pss_init,
+    pkey_rsa_verify,
+
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+
+    pkey_rsa_ctrl,
+    pkey_rsa_ctrl_str
+};
diff --git a/deps/openssl/openssl/crypto/rsa/rsa_prn.c b/deps/openssl/openssl/crypto/rsa/rsa_prn.c
index 5e6c599e46..b5f4bce2a3 100644
--- a/deps/openssl/openssl/crypto/rsa/rsa_prn.c
+++ b/deps/openssl/openssl/crypto/rsa/rsa_prn.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -20,12 +20,12 @@ int RSA_print_fp(FILE *fp, const RSA *x, int off)
 
     if ((b = BIO_new(BIO_s_file())) == NULL) {
         RSAerr(RSA_F_RSA_PRINT_FP, ERR_R_BUF_LIB);
-        return (0);
+        return 0;
     }
     BIO_set_fp(b, fp, BIO_NOCLOSE);
     ret = RSA_print(b, x, off);
     BIO_free(b);
-    return (ret);
+    return ret;
 }
 #endif
 
diff --git a/deps/openssl/openssl/crypto/rsa/rsa_pss.c b/deps/openssl/openssl/crypto/rsa/rsa_pss.c
index 4a1e599ed5..f7c575d00a 100644
--- a/deps/openssl/openssl/crypto/rsa/rsa_pss.c
+++ b/deps/openssl/openssl/crypto/rsa/rsa_pss.c
@@ -41,7 +41,6 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
     EVP_MD_CTX *ctx = EVP_MD_CTX_new();
     unsigned char H_[EVP_MAX_MD_SIZE];
 
-
     if (ctx == NULL)
         goto err;
 
@@ -55,13 +54,12 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
      * Negative sLen has special meanings:
      *      -1      sLen == hLen
      *      -2      salt length is autorecovered from signature
+     *      -3      salt length is maximized
      *      -N      reserved
      */
-    if (sLen == -1)
+    if (sLen == RSA_PSS_SALTLEN_DIGEST) {
         sLen = hLen;
-    else if (sLen == -2)
-        sLen = -2;
-    else if (sLen < -2) {
+    } else if (sLen < RSA_PSS_SALTLEN_MAX) {
         RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_SLEN_CHECK_FAILED);
         goto err;
     }
@@ -80,7 +78,9 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
         RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_DATA_TOO_LARGE);
         goto err;
     }
-    if (sLen > emLen - hLen - 2) { /* sLen can be small negative */
+    if (sLen == RSA_PSS_SALTLEN_MAX) {
+        sLen = emLen - hLen - 2;
+    } else if (sLen > emLen - hLen - 2) { /* sLen can be small negative */
         RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_DATA_TOO_LARGE);
         goto err;
     }
@@ -106,7 +106,7 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
         RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_SLEN_RECOVERY_FAILED);
         goto err;
     }
-    if (sLen >= 0 && (maskedDBLen - i) != sLen) {
+    if (sLen != RSA_PSS_SALTLEN_AUTO && (maskedDBLen - i) != sLen) {
         RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_SLEN_CHECK_FAILED);
         goto err;
     }
@@ -123,8 +123,9 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
     if (memcmp(H_, H, hLen)) {
         RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_BAD_SIGNATURE);
         ret = 0;
-    } else
+    } else {
         ret = 1;
+    }
 
  err:
     OPENSSL_free(DB);
@@ -162,13 +163,14 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
      * Negative sLen has special meanings:
      *      -1      sLen == hLen
      *      -2      salt length is maximized
+     *      -3      same as above (on signing)
      *      -N      reserved
      */
-    if (sLen == -1)
+    if (sLen == RSA_PSS_SALTLEN_DIGEST) {
         sLen = hLen;
-    else if (sLen == -2)
-        sLen = -2;
-    else if (sLen < -2) {
+    } else if (sLen == RSA_PSS_SALTLEN_MAX_SIGN) {
+        sLen = RSA_PSS_SALTLEN_MAX;
+    } else if (sLen < RSA_PSS_SALTLEN_MAX) {
         RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1, RSA_R_SLEN_CHECK_FAILED);
         goto err;
     }
@@ -184,7 +186,7 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
                RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
         goto err;
     }
-    if (sLen == -2) {
+    if (sLen == RSA_PSS_SALTLEN_MAX) {
         sLen = emLen - hLen - 2;
     } else if (sLen > emLen - hLen - 2) {
         RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1,
@@ -242,7 +244,7 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
 
  err:
     EVP_MD_CTX_free(ctx);
-    OPENSSL_clear_free(salt, sLen);
+    OPENSSL_clear_free(salt, (size_t)sLen); /* salt != NULL implies sLen > 0 */
 
     return ret;
 
diff --git a/deps/openssl/openssl/crypto/rsa/rsa_saos.c b/deps/openssl/openssl/crypto/rsa/rsa_saos.c
index 9e5fff450b..8336f32f16 100644
--- a/deps/openssl/openssl/crypto/rsa/rsa_saos.c
+++ b/deps/openssl/openssl/crypto/rsa/rsa_saos.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -32,12 +32,12 @@ int RSA_sign_ASN1_OCTET_STRING(int type,
     if (i > (j - RSA_PKCS1_PADDING_SIZE)) {
         RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,
                RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
-        return (0);
+        return 0;
     }
     s = OPENSSL_malloc((unsigned int)j + 1);
     if (s == NULL) {
         RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING, ERR_R_MALLOC_FAILURE);
-        return (0);
+        return 0;
     }
     p = s;
     i2d_ASN1_OCTET_STRING(&sig, &p);
@@ -48,7 +48,7 @@ int RSA_sign_ASN1_OCTET_STRING(int type,
         *siglen = i;
 
     OPENSSL_clear_free(s, (unsigned int)j + 1);
-    return (ret);
+    return ret;
 }
 
 int RSA_verify_ASN1_OCTET_STRING(int dtype,
@@ -64,7 +64,7 @@ int RSA_verify_ASN1_OCTET_STRING(int dtype,
     if (siglen != (unsigned int)RSA_size(rsa)) {
         RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,
                RSA_R_WRONG_SIGNATURE_LENGTH);
-        return (0);
+        return 0;
     }
 
     s = OPENSSL_malloc((unsigned int)siglen);
@@ -85,10 +85,11 @@ int RSA_verify_ASN1_OCTET_STRING(int dtype,
     if (((unsigned int)sig->length != m_len) ||
         (memcmp(m, sig->data, m_len) != 0)) {
         RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING, RSA_R_BAD_SIGNATURE);
-    } else
+    } else {
         ret = 1;
+    }
  err:
     ASN1_OCTET_STRING_free(sig);
     OPENSSL_clear_free(s, (unsigned int)siglen);
-    return (ret);
+    return ret;
 }
diff --git a/deps/openssl/openssl/crypto/rsa/rsa_ssl.c b/deps/openssl/openssl/crypto/rsa/rsa_ssl.c
index 77b28b46f2..286d0a42de 100644
--- a/deps/openssl/openssl/crypto/rsa/rsa_ssl.c
+++ b/deps/openssl/openssl/crypto/rsa/rsa_ssl.c
@@ -22,7 +22,7 @@ int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
     if (flen > (tlen - 11)) {
         RSAerr(RSA_F_RSA_PADDING_ADD_SSLV23,
                RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
-        return (0);
+        return 0;
     }
 
     p = (unsigned char *)to;
@@ -34,12 +34,12 @@ int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
     j = tlen - 3 - 8 - flen;
 
     if (RAND_bytes(p, j) <= 0)
-        return (0);
+        return 0;
     for (i = 0; i < j; i++) {
         if (*p == '\0')
             do {
                 if (RAND_bytes(p, 1) <= 0)
-                    return (0);
+                    return 0;
             } while (*p == '\0');
         p++;
     }
@@ -49,7 +49,7 @@ int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
     *(p++) = '\0';
 
     memcpy(p, from, (unsigned int)flen);
-    return (1);
+    return 1;
 }
 
 int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
@@ -61,7 +61,7 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
     p = from;
     if (flen < 10) {
         RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_DATA_TOO_SMALL);
-        return (-1);
+        return -1;
     }
     /* Accept even zero-padded input */
     if (flen == num) {
@@ -73,7 +73,7 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
     }
     if ((num != (flen + 1)) || (*(p++) != 02)) {
         RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_BLOCK_TYPE_IS_NOT_02);
-        return (-1);
+        return -1;
     }
 
     /* scan over padding data */
@@ -85,7 +85,7 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
     if ((i == j) || (i < 8)) {
         RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,
                RSA_R_NULL_BEFORE_BLOCK_MISSING);
-        return (-1);
+        return -1;
     }
     for (k = -9; k < -1; k++) {
         if (p[k] != 0x03)
@@ -93,16 +93,16 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
     }
     if (k == -1) {
         RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_SSLV3_ROLLBACK_ATTACK);
-        return (-1);
+        return -1;
     }
 
     i++;                        /* Skip over the '\0' */
     j -= i;
     if (j > tlen) {
         RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_DATA_TOO_LARGE);
-        return (-1);
+        return -1;
     }
     memcpy(to, p, (unsigned int)j);
 
-    return (j);
+    return j;
 }
diff --git a/deps/openssl/openssl/crypto/rsa/rsa_x931.c b/deps/openssl/openssl/crypto/rsa/rsa_x931.c
index b9301f3725..7b0486c0f2 100644
--- a/deps/openssl/openssl/crypto/rsa/rsa_x931.c
+++ b/deps/openssl/openssl/crypto/rsa/rsa_x931.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -34,9 +34,9 @@ int RSA_padding_add_X931(unsigned char *to, int tlen,
     p = (unsigned char *)to;
 
     /* If no padding start and end nibbles are in one byte */
-    if (j == 0)
+    if (j == 0) {
         *p++ = 0x6A;
-    else {
+    } else {
         *p++ = 0x6B;
         if (j > 1) {
             memset(p, 0xBB, j - 1);
@@ -47,7 +47,7 @@ int RSA_padding_add_X931(unsigned char *to, int tlen,
     memcpy(p, from, (unsigned int)flen);
     p += flen;
     *p = 0xCC;
-    return (1);
+    return 1;
 }
 
 int RSA_padding_check_X931(unsigned char *to, int tlen,
@@ -81,8 +81,9 @@ int RSA_padding_check_X931(unsigned char *to, int tlen,
             return -1;
         }
 
-    } else
+    } else {
         j = flen - 2;
+    }
 
     if (p[j] != 0xCC) {
         RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_TRAILER);
@@ -91,7 +92,7 @@ int RSA_padding_check_X931(unsigned char *to, int tlen,
 
     memcpy(to, p, (unsigned int)j);
 
-    return (j);
+    return j;
 }
 
 /* Translate between X931 hash ids and NIDs */
diff --git a/deps/openssl/openssl/crypto/rsa/rsa_x931g.c b/deps/openssl/openssl/crypto/rsa/rsa_x931g.c
index 877ee2219c..3563670a12 100644
--- a/deps/openssl/openssl/crypto/rsa/rsa_x931g.c
+++ b/deps/openssl/openssl/crypto/rsa/rsa_x931g.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -44,8 +44,9 @@ int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1,
         rsa->e = BN_dup(e);
         if (!rsa->e)
             goto err;
-    } else
+    } else {
         e = rsa->e;
+    }
 
     /*
      * If not all parameters present only calculate what we can. This allows
diff --git a/deps/openssl/openssl/crypto/s390x_arch.h b/deps/openssl/openssl/crypto/s390x_arch.h
new file mode 100644
index 0000000000..4a775a927d
--- /dev/null
+++ b/deps/openssl/openssl/crypto/s390x_arch.h
@@ -0,0 +1,103 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef S390X_ARCH_H
+# define S390X_ARCH_H
+
+# ifndef __ASSEMBLER__
+
+void s390x_kimd(const unsigned char *in, size_t len, unsigned int fc,
+                void *param);
+void s390x_klmd(const unsigned char *in, size_t inlen, unsigned char *out,
+                size_t outlen, unsigned int fc, void *param);
+void s390x_km(const unsigned char *in, size_t len, unsigned char *out,
+              unsigned int fc, void *param);
+void s390x_kmac(const unsigned char *in, size_t len, unsigned int fc,
+                void *param);
+void s390x_kmo(const unsigned char *in, size_t len, unsigned char *out,
+               unsigned int fc, void *param);
+void s390x_kmf(const unsigned char *in, size_t len, unsigned char *out,
+               unsigned int fc, void *param);
+void s390x_kma(const unsigned char *aad, size_t alen, const unsigned char *in,
+               size_t len, unsigned char *out, unsigned int fc, void *param);
+
+/*
+ * The field elements of OPENSSL_s390xcap_P are the 64-bit words returned by
+ * the STFLE instruction followed by the 64-bit word pairs returned by
+ * instructions' QUERY functions. If STFLE returns fewer data or an instruction
+ * is not supported, the corresponding field elements are zero.
+ */
+struct OPENSSL_s390xcap_st {
+    unsigned long long stfle[4];
+    unsigned long long kimd[2];
+    unsigned long long klmd[2];
+    unsigned long long km[2];
+    unsigned long long kmc[2];
+    unsigned long long kmac[2];
+    unsigned long long kmctr[2];
+    unsigned long long kmo[2];
+    unsigned long long kmf[2];
+    unsigned long long prno[2];
+    unsigned long long kma[2];
+};
+
+extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P;
+
+/* convert facility bit number or function code to bit mask */
+#  define S390X_CAPBIT(i)	(1ULL << (63 - (i) % 64))
+
+# endif
+
+/* OPENSSL_s390xcap_P offsets [bytes] */
+# define S390X_STFLE		0x00
+# define S390X_KIMD		0x20
+# define S390X_KLMD		0x30
+# define S390X_KM		0x40
+# define S390X_KMC		0x50
+# define S390X_KMAC		0x60
+# define S390X_KMCTR		0x70
+# define S390X_KMO		0x80
+# define S390X_KMF		0x90
+# define S390X_PRNO		0xa0
+# define S390X_KMA		0xb0
+
+/* Facility Bit Numbers */
+# define S390X_VX		129
+# define S390X_VXD		134
+# define S390X_VXE		135
+
+/* Function Codes */
+
+/* all instructions */
+# define S390X_QUERY		0
+
+/* kimd/klmd */
+# define S390X_SHA3_224		32
+# define S390X_SHA3_256		33
+# define S390X_SHA3_384		34
+# define S390X_SHA3_512		35
+# define S390X_SHAKE_128	36
+# define S390X_SHAKE_256	37
+# define S390X_GHASH		65
+
+/* km/kmc/kmac/kmctr/kmo/kmf/kma */
+# define S390X_AES_128		18
+# define S390X_AES_192		19
+# define S390X_AES_256		20
+
+/* prno */
+# define S390X_TRNG		114
+
+/* Register 0 Flags */
+# define S390X_DECRYPT		0x80
+# define S390X_KMA_LPC		0x100
+# define S390X_KMA_LAAD		0x200
+# define S390X_KMA_HS		0x400
+
+#endif
diff --git a/deps/openssl/openssl/crypto/s390xcap.c b/deps/openssl/openssl/crypto/s390xcap.c
index 272c551748..e7c7f0a357 100644
--- a/deps/openssl/openssl/crypto/s390xcap.c
+++ b/deps/openssl/openssl/crypto/s390xcap.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2010-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -12,8 +12,8 @@
 #include <string.h>
 #include <setjmp.h>
 #include <signal.h>
-
-unsigned long long OPENSSL_s390xcap_P[10];
+#include "internal/cryptlib.h"
+#include "s390x_arch.h"
 
 static sigjmp_buf ill_jmp;
 static void ill_handler(int sig)
@@ -21,30 +21,47 @@ static void ill_handler(int sig)
     siglongjmp(ill_jmp, sig);
 }
 
-unsigned long OPENSSL_s390x_facilities(void);
+void OPENSSL_s390x_facilities(void);
+void OPENSSL_vx_probe(void);
+
+struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P;
 
 void OPENSSL_cpuid_setup(void)
 {
     sigset_t oset;
     struct sigaction ill_act, oact;
 
-    if (OPENSSL_s390xcap_P[0])
+    if (OPENSSL_s390xcap_P.stfle[0])
         return;
 
-    OPENSSL_s390xcap_P[0] = 1UL << (8 * sizeof(unsigned long) - 1);
+    /* set a bit that will not be tested later */
+    OPENSSL_s390xcap_P.stfle[0] |= S390X_CAPBIT(0);
 
     memset(&ill_act, 0, sizeof(ill_act));
     ill_act.sa_handler = ill_handler;
     sigfillset(&ill_act.sa_mask);
     sigdelset(&ill_act.sa_mask, SIGILL);
+    sigdelset(&ill_act.sa_mask, SIGFPE);
     sigdelset(&ill_act.sa_mask, SIGTRAP);
     sigprocmask(SIG_SETMASK, &ill_act.sa_mask, &oset);
     sigaction(SIGILL, &ill_act, &oact);
+    sigaction(SIGFPE, &ill_act, &oact);
 
     /* protection against missing store-facility-list-extended */
     if (sigsetjmp(ill_jmp, 1) == 0)
         OPENSSL_s390x_facilities();
 
+    /* protection against disabled vector facility */
+    if ((OPENSSL_s390xcap_P.stfle[2] & S390X_CAPBIT(S390X_VX))
+        && (sigsetjmp(ill_jmp, 1) == 0)) {
+        OPENSSL_vx_probe();
+    } else {
+        OPENSSL_s390xcap_P.stfle[2] &= ~(S390X_CAPBIT(S390X_VX)
+                                         | S390X_CAPBIT(S390X_VXD)
+                                         | S390X_CAPBIT(S390X_VXE));
+    }
+
+    sigaction(SIGFPE, &oact, NULL);
     sigaction(SIGILL, &oact, NULL);
     sigprocmask(SIG_SETMASK, &oset, NULL);
 }
diff --git a/deps/openssl/openssl/crypto/s390xcpuid.S b/deps/openssl/openssl/crypto/s390xcpuid.S
deleted file mode 100644
index fc141d9275..0000000000
--- a/deps/openssl/openssl/crypto/s390xcpuid.S
+++ /dev/null
@@ -1,178 +0,0 @@
-.text
-// Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
-//
-// Licensed under the OpenSSL license (the "License").  You may not use
-// this file except in compliance with the License.  You can obtain a copy
-// in the file LICENSE in the source distribution or at
-// https://www.openssl.org/source/license.html
-
-.globl	OPENSSL_s390x_facilities
-.type	OPENSSL_s390x_facilities,@function
-.align	16
-OPENSSL_s390x_facilities:
-	lghi	%r0,0
-	larl	%r4,OPENSSL_s390xcap_P
-	stg	%r0,8(%r4)	# wipe capability vectors
-	stg	%r0,16(%r4)
-	stg	%r0,24(%r4)
-	stg	%r0,32(%r4)
-	stg	%r0,40(%r4)
-	stg	%r0,48(%r4)
-	stg	%r0,56(%r4)
-	stg	%r0,64(%r4)
-	stg	%r0,72(%r4)
-
-	.long	0xb2b04000	# stfle	0(%r4)
-	brc	8,.Ldone
-	lghi	%r0,1
-	.long	0xb2b04000	# stfle 0(%r4)
-.Ldone:
-	lmg	%r2,%r3,0(%r4)
-	tmhl	%r2,0x4000	# check for message-security-assist
-	jz	.Lret
-
-	lghi	%r0,0		# query kimd capabilities
-	la	%r1,16(%r4)
-	.long	0xb93e0002	# kimd %r0,%r2
-
-	lghi	%r0,0		# query km capability vector
-	la	%r1,32(%r4)
-	.long	0xb92e0042	# km %r4,%r2
-
-	lghi	%r0,0		# query kmc capability vector
-	la	%r1,48(%r4)
-	.long	0xb92f0042	# kmc %r4,%r2
-
-	tmhh	%r3,0x0004	# check for message-security-assist-4
-	jz	.Lret
-
-	lghi	%r0,0		# query kmctr capability vector
-	la	%r1,64(%r4)
-	.long	0xb92d2042	# kmctr %r4,%r2,%r2
-
-.Lret:
-	br	%r14
-.size	OPENSSL_s390x_facilities,.-OPENSSL_s390x_facilities
-
-.globl	OPENSSL_rdtsc
-.type	OPENSSL_rdtsc,@function
-.align	16
-OPENSSL_rdtsc:
-	stck	16(%r15)
-	lg	%r2,16(%r15)
-	br	%r14
-.size	OPENSSL_rdtsc,.-OPENSSL_rdtsc
-
-.globl	OPENSSL_atomic_add
-.type	OPENSSL_atomic_add,@function
-.align	16
-OPENSSL_atomic_add:
-	l	%r1,0(%r2)
-.Lspin:	lr	%r0,%r1
-	ar	%r0,%r3
-	cs	%r1,%r0,0(%r2)
-	brc	4,.Lspin
-	lgfr	%r2,%r0		# OpenSSL expects the new value
-	br	%r14
-.size	OPENSSL_atomic_add,.-OPENSSL_atomic_add
-
-.globl	OPENSSL_wipe_cpu
-.type	OPENSSL_wipe_cpu,@function
-.align	16
-OPENSSL_wipe_cpu:
-	xgr	%r0,%r0
-	xgr	%r1,%r1
-	lgr	%r2,%r15
-	xgr	%r3,%r3
-	xgr	%r4,%r4
-	lzdr	%f0
-	lzdr	%f1
-	lzdr	%f2
-	lzdr	%f3
-	lzdr	%f4
-	lzdr	%f5
-	lzdr	%f6
-	lzdr	%f7
-	br	%r14
-.size	OPENSSL_wipe_cpu,.-OPENSSL_wipe_cpu
-
-.globl	OPENSSL_cleanse
-.type	OPENSSL_cleanse,@function
-.align	16
-OPENSSL_cleanse:
-#if !defined(__s390x__) && !defined(__s390x)
-	llgfr	%r3,%r3
-#endif
-	lghi	%r4,15
-	lghi	%r0,0
-	clgr	%r3,%r4
-	jh	.Lot
-	clgr	%r3,%r0
-	bcr	8,%r14
-.Little:
-	stc	%r0,0(%r2)
-	la	%r2,1(%r2)
-	brctg	%r3,.Little
-	br	%r14
-.align	4
-.Lot:	tmll	%r2,7
-	jz	.Laligned
-	stc	%r0,0(%r2)
-	la	%r2,1(%r2)
-	brctg	%r3,.Lot
-.Laligned:
-	srlg	%r4,%r3,3
-.Loop:	stg	%r0,0(%r2)
-	la	%r2,8(%r2)
-	brctg	%r4,.Loop
-	lghi	%r4,7
-	ngr	%r3,%r4
-	jnz	.Little
-	br	%r14
-.size	OPENSSL_cleanse,.-OPENSSL_cleanse
-
-.globl	CRYPTO_memcmp
-.type	CRYPTO_memcmp,@function
-.align	16
-CRYPTO_memcmp:
-#if !defined(__s390x__) && !defined(__s390x)
-	llgfr	%r4,%r4
-#endif
-	lghi	%r5,0
-	clgr	%r4,%r5
-	je	.Lno_data
-
-.Loop_cmp:
-	llgc	%r0,0(%r2)
-	la	%r2,1(%r2)
-	llgc	%r1,0(%r3)
-	la	%r3,1(%r3)
-	xr	%r1,%r0
-	or	%r5,%r1
-	brctg	%r4,.Loop_cmp
-
-	lnr	%r5,%r5
-	srl	%r5,31
-.Lno_data:
-	lgr	%r2,%r5
-	br	%r14
-.size	CRYPTO_memcmp,.-CRYPTO_memcmp
-
-.globl	OPENSSL_instrument_bus
-.type	OPENSSL_instrument_bus,@function
-.align	16
-OPENSSL_instrument_bus:
-	lghi	%r2,0
-	br	%r14
-.size	OPENSSL_instrument_bus,.-OPENSSL_instrument_bus
-
-.globl	OPENSSL_instrument_bus2
-.type	OPENSSL_instrument_bus2,@function
-.align	16
-OPENSSL_instrument_bus2:
-	lghi	%r2,0
-	br	%r14
-.size	OPENSSL_instrument_bus2,.-OPENSSL_instrument_bus2
-
-.section	.init
-	brasl	%r14,OPENSSL_cpuid_setup
diff --git a/deps/openssl/openssl/crypto/s390xcpuid.pl b/deps/openssl/openssl/crypto/s390xcpuid.pl
new file mode 100755
index 0000000000..ec700a47d9
--- /dev/null
+++ b/deps/openssl/openssl/crypto/s390xcpuid.pl
@@ -0,0 +1,421 @@
+#! /usr/bin/env perl
+# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+$flavour = shift;
+
+if ($flavour =~ /3[12]/) {
+	$SIZE_T=4;
+	$g="";
+} else {
+	$SIZE_T=8;
+	$g="g";
+}
+
+while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
+open STDOUT,">$output";
+
+$ra="%r14";
+$sp="%r15";
+$stdframe=16*$SIZE_T+4*8;
+
+$code=<<___;
+#include "s390x_arch.h"
+
+.text
+
+.globl	OPENSSL_s390x_facilities
+.type	OPENSSL_s390x_facilities,\@function
+.align	16
+OPENSSL_s390x_facilities:
+	lghi	%r0,0
+	larl	%r4,OPENSSL_s390xcap_P
+
+	stg	%r0,S390X_STFLE+8(%r4)	# wipe capability vectors
+	stg	%r0,S390X_STFLE+16(%r4)
+	stg	%r0,S390X_STFLE+24(%r4)
+	stg	%r0,S390X_KIMD(%r4)
+	stg	%r0,S390X_KIMD+8(%r4)
+	stg	%r0,S390X_KLMD(%r4)
+	stg	%r0,S390X_KLMD+8(%r4)
+	stg	%r0,S390X_KM(%r4)
+	stg	%r0,S390X_KM+8(%r4)
+	stg	%r0,S390X_KMC(%r4)
+	stg	%r0,S390X_KMC+8(%r4)
+	stg	%r0,S390X_KMAC(%r4)
+	stg	%r0,S390X_KMAC+8(%r4)
+	stg	%r0,S390X_KMCTR(%r4)
+	stg	%r0,S390X_KMCTR+8(%r4)
+	stg	%r0,S390X_KMO(%r4)
+	stg	%r0,S390X_KMO+8(%r4)
+	stg	%r0,S390X_KMF(%r4)
+	stg	%r0,S390X_KMF+8(%r4)
+	stg	%r0,S390X_PRNO(%r4)
+	stg	%r0,S390X_PRNO+8(%r4)
+	stg	%r0,S390X_KMA(%r4)
+	stg	%r0,S390X_KMA+8(%r4)
+
+	.long	0xb2b04000		# stfle	0(%r4)
+	brc	8,.Ldone
+	lghi	%r0,1
+	.long	0xb2b04000		# stfle 0(%r4)
+	brc	8,.Ldone
+	lghi	%r0,2
+	.long	0xb2b04000		# stfle 0(%r4)
+.Ldone:
+	lmg	%r2,%r3,S390X_STFLE(%r4)
+	tmhl	%r2,0x4000		# check for message-security-assist
+	jz	.Lret
+
+	lghi	%r0,S390X_QUERY		# query kimd capabilities
+	la	%r1,S390X_KIMD(%r4)
+	.long	0xb93e0002		# kimd %r0,%r2
+
+	lghi	%r0,S390X_QUERY		# query klmd capabilities
+	la	%r1,S390X_KLMD(%r4)
+	.long	0xb93f0002		# klmd %r0,%r2
+
+	lghi	%r0,S390X_QUERY		# query km capability vector
+	la	%r1,S390X_KM(%r4)
+	.long	0xb92e0042		# km %r4,%r2
+
+	lghi	%r0,S390X_QUERY		# query kmc capability vector
+	la	%r1,S390X_KMC(%r4)
+	.long	0xb92f0042		# kmc %r4,%r2
+
+	lghi	%r0,S390X_QUERY		# query kmac capability vector
+	la	%r1,S390X_KMAC(%r4)
+	.long	0xb91e0042		# kmac %r4,%r2
+
+	tmhh	%r3,0x0004		# check for message-security-assist-4
+	jz	.Lret
+
+	lghi	%r0,S390X_QUERY		# query kmctr capability vector
+	la	%r1,S390X_KMCTR(%r4)
+	.long	0xb92d2042		# kmctr %r4,%r2,%r2
+
+	lghi	%r0,S390X_QUERY		# query kmo capability vector
+	la	%r1,S390X_KMO(%r4)
+	.long	0xb92b0042		# kmo %r4,%r2
+
+	lghi	%r0,S390X_QUERY		# query kmf capability vector
+	la	%r1,S390X_KMF(%r4)
+	.long	0xb92a0042		# kmf %r4,%r2
+
+	tml	%r2,0x40		# check for message-security-assist-5
+	jz	.Lret
+
+	lghi	%r0,S390X_QUERY		# query prno capability vector
+	la	%r1,S390X_PRNO(%r4)
+	.long	0xb93c0042		# prno %r4,%r2
+
+	lg	%r2,S390X_STFLE+16(%r4)
+	tmhl	%r2,0x2000		# check for message-security-assist-8
+	jz	.Lret
+
+	lghi	%r0,S390X_QUERY		# query kma capability vector
+	la	%r1,S390X_KMA(%r4)
+	.long	0xb9294022		# kma %r2,%r4,%r2
+
+.Lret:
+	br	$ra
+.size	OPENSSL_s390x_facilities,.-OPENSSL_s390x_facilities
+
+.globl	OPENSSL_rdtsc
+.type	OPENSSL_rdtsc,\@function
+.align	16
+OPENSSL_rdtsc:
+	larl	%r4,OPENSSL_s390xcap_P
+	tm	S390X_STFLE+3(%r4),0x40	# check for store-clock-fast facility
+	jz	.Lstck
+
+	.long	0xb27cf010	# stckf 16($sp)
+	lg	%r2,16($sp)
+	br	$ra
+.Lstck:
+	stck	16($sp)
+	lg	%r2,16($sp)
+	br	$ra
+.size	OPENSSL_rdtsc,.-OPENSSL_rdtsc
+
+.globl	OPENSSL_atomic_add
+.type	OPENSSL_atomic_add,\@function
+.align	16
+OPENSSL_atomic_add:
+	l	%r1,0(%r2)
+.Lspin:	lr	%r0,%r1
+	ar	%r0,%r3
+	cs	%r1,%r0,0(%r2)
+	brc	4,.Lspin
+	lgfr	%r2,%r0		# OpenSSL expects the new value
+	br	$ra
+.size	OPENSSL_atomic_add,.-OPENSSL_atomic_add
+
+.globl	OPENSSL_wipe_cpu
+.type	OPENSSL_wipe_cpu,\@function
+.align	16
+OPENSSL_wipe_cpu:
+	xgr	%r0,%r0
+	xgr	%r1,%r1
+	lgr	%r2,$sp
+	xgr	%r3,%r3
+	xgr	%r4,%r4
+	lzdr	%f0
+	lzdr	%f1
+	lzdr	%f2
+	lzdr	%f3
+	lzdr	%f4
+	lzdr	%f5
+	lzdr	%f6
+	lzdr	%f7
+	br	$ra
+.size	OPENSSL_wipe_cpu,.-OPENSSL_wipe_cpu
+
+.globl	OPENSSL_cleanse
+.type	OPENSSL_cleanse,\@function
+.align	16
+OPENSSL_cleanse:
+#if !defined(__s390x__) && !defined(__s390x)
+	llgfr	%r3,%r3
+#endif
+	lghi	%r4,15
+	lghi	%r0,0
+	clgr	%r3,%r4
+	jh	.Lot
+	clgr	%r3,%r0
+	bcr	8,%r14
+.Little:
+	stc	%r0,0(%r2)
+	la	%r2,1(%r2)
+	brctg	%r3,.Little
+	br	%r14
+.align	4
+.Lot:	tmll	%r2,7
+	jz	.Laligned
+	stc	%r0,0(%r2)
+	la	%r2,1(%r2)
+	brctg	%r3,.Lot
+.Laligned:
+	srlg	%r4,%r3,3
+.Loop:	stg	%r0,0(%r2)
+	la	%r2,8(%r2)
+	brctg	%r4,.Loop
+	lghi	%r4,7
+	ngr	%r3,%r4
+	jnz	.Little
+	br	$ra
+.size	OPENSSL_cleanse,.-OPENSSL_cleanse
+
+.globl	CRYPTO_memcmp
+.type	CRYPTO_memcmp,\@function
+.align	16
+CRYPTO_memcmp:
+#if !defined(__s390x__) && !defined(__s390x)
+	llgfr	%r4,%r4
+#endif
+	lghi	%r5,0
+	clgr	%r4,%r5
+	je	.Lno_data
+
+.Loop_cmp:
+	llgc	%r0,0(%r2)
+	la	%r2,1(%r2)
+	llgc	%r1,0(%r3)
+	la	%r3,1(%r3)
+	xr	%r1,%r0
+	or	%r5,%r1
+	brctg	%r4,.Loop_cmp
+
+	lnr	%r5,%r5
+	srl	%r5,31
+.Lno_data:
+	lgr	%r2,%r5
+	br	$ra
+.size	CRYPTO_memcmp,.-CRYPTO_memcmp
+
+.globl	OPENSSL_instrument_bus
+.type	OPENSSL_instrument_bus,\@function
+.align	16
+OPENSSL_instrument_bus:
+	lghi	%r2,0
+	br	%r14
+.size	OPENSSL_instrument_bus,.-OPENSSL_instrument_bus
+
+.globl	OPENSSL_instrument_bus2
+.type	OPENSSL_instrument_bus2,\@function
+.align	16
+OPENSSL_instrument_bus2:
+	lghi	%r2,0
+	br	$ra
+.size	OPENSSL_instrument_bus2,.-OPENSSL_instrument_bus2
+
+.globl	OPENSSL_vx_probe
+.type	OPENSSL_vx_probe,\@function
+.align	16
+OPENSSL_vx_probe:
+	.word	0xe700,0x0000,0x0044	# vzero %v0
+	br	$ra
+.size	OPENSSL_vx_probe,.-OPENSSL_vx_probe
+___
+
+{
+################
+# void s390x_kimd(const unsigned char *in, size_t len, unsigned int fc,
+#                 void *param)
+my ($in,$len,$fc,$param) = map("%r$_",(2..5));
+$code.=<<___;
+.globl	s390x_kimd
+.type	s390x_kimd,\@function
+.align	16
+s390x_kimd:
+	llgfr	%r0,$fc
+	lgr	%r1,$param
+
+	.long	0xb93e0002	# kimd %r0,%r2
+	brc	1,.-4		# pay attention to "partial completion"
+
+	br	$ra
+.size	s390x_kimd,.-s390x_kimd
+___
+}
+
+{
+################
+# void s390x_klmd(const unsigned char *in, size_t inlen, unsigned char *out,
+#                 size_t outlen, unsigned int fc, void *param)
+my ($in,$inlen,$out,$outlen,$fc) = map("%r$_",(2..6));
+$code.=<<___;
+.globl	s390x_klmd
+.type	s390x_klmd,\@function
+.align	32
+s390x_klmd:
+	llgfr	%r0,$fc
+	l${g}	%r1,$stdframe($sp)
+
+	.long	0xb93f0042	# klmd %r4,%r2
+	brc	1,.-4		# pay attention to "partial completion"
+
+	br	$ra
+.size	s390x_klmd,.-s390x_klmd
+___
+}
+
+################
+# void s390x_km(const unsigned char *in, size_t len, unsigned char *out,
+#               unsigned int fc, void *param)
+{
+my ($in,$len,$out,$fc,$param) = map("%r$_",(2..6));
+$code.=<<___;
+.globl	s390x_km
+.type	s390x_km,\@function
+.align	16
+s390x_km:
+	lr	%r0,$fc
+	l${g}r	%r1,$param
+
+	.long	0xb92e0042	# km $out,$in
+	brc	1,.-4		# pay attention to "partial completion"
+
+	br	$ra
+.size	s390x_km,.-s390x_km
+___
+}
+
+################
+# void s390x_kmac(const unsigned char *in, size_t len, unsigned int fc,
+#                 void *param)
+{
+my ($in,$len,$fc,$param) = map("%r$_",(2..5));
+$code.=<<___;
+.globl	s390x_kmac
+.type	s390x_kmac,\@function
+.align	16
+s390x_kmac:
+	lr	%r0,$fc
+	l${g}r	%r1,$param
+
+	.long	0xb91e0002	# kmac %r0,$in
+	brc	1,.-4		# pay attention to "partial completion"
+
+	br	$ra
+.size	s390x_kmac,.-s390x_kmac
+___
+}
+
+################
+# void s390x_kmo(const unsigned char *in, size_t len, unsigned char *out,
+#                unsigned int fc, void *param)
+{
+my ($in,$len,$out,$fc,$param) = map("%r$_",(2..6));
+$code.=<<___;
+.globl	s390x_kmo
+.type	s390x_kmo,\@function
+.align	16
+s390x_kmo:
+	lr	%r0,$fc
+	l${g}r	%r1,$param
+
+	.long	0xb92b0042	# kmo $out,$in
+	brc	1,.-4		# pay attention to "partial completion"
+
+	br	$ra
+.size	s390x_kmo,.-s390x_kmo
+___
+}
+
+################
+# void s390x_kmf(const unsigned char *in, size_t len, unsigned char *out,
+#                unsigned int fc, void *param)
+{
+my ($in,$len,$out,$fc,$param) = map("%r$_",(2..6));
+$code.=<<___;
+.globl	s390x_kmf
+.type	s390x_kmf,\@function
+.align	16
+s390x_kmf:
+	lr	%r0,$fc
+	l${g}r	%r1,$param
+
+	.long	0xb92a0042	# kmf $out,$in
+	brc	1,.-4		# pay attention to "partial completion"
+
+	br	$ra
+.size	s390x_kmf,.-s390x_kmf
+___
+}
+
+################
+# void s390x_kma(const unsigned char *aad, size_t alen,
+#                const unsigned char *in, size_t len,
+#                unsigned char *out, unsigned int fc, void *param)
+{
+my ($aad,$alen,$in,$len,$out) = map("%r$_",(2..6));
+$code.=<<___;
+.globl	s390x_kma
+.type	s390x_kma,\@function
+.align	16
+s390x_kma:
+	st${g}	$out,6*$SIZE_T($sp)
+	lm${g}	%r0,%r1,$stdframe($sp)
+
+	.long	0xb9292064	# kma $out,$aad,$in
+	brc	1,.-4		# pay attention to "partial completion"
+
+	l${g}	$out,6*$SIZE_T($sp)
+	br	$ra
+.size	s390x_kma,.-s390x_kma
+___
+}
+
+$code.=<<___;
+.section	.init
+	brasl	$ra,OPENSSL_cpuid_setup
+___
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+print $code;
+close STDOUT;	# force flush
diff --git a/deps/openssl/openssl/crypto/seed/seed_locl.h b/deps/openssl/openssl/crypto/seed/seed_locl.h
index d4a03fc4aa..ac2950d97c 100644
--- a/deps/openssl/openssl/crypto/seed/seed_locl.h
+++ b/deps/openssl/openssl/crypto/seed/seed_locl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -45,10 +45,6 @@ typedef unsigned int seed_word;
 # endif
 
 
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
 # define char2word(c, i)  \
         (i) = ((((seed_word)(c)[0]) << 24) | (((seed_word)(c)[1]) << 16) | (((seed_word)(c)[2]) << 8) | ((seed_word)(c)[3]))
 
@@ -113,8 +109,4 @@ extern "C" {
         (X1) ^= (T0);                            \
         (X2) ^= (T1)
 
-#ifdef  __cplusplus
-}
-#endif
-
 #endif                          /* HEADER_SEED_LOCL_H */
diff --git a/deps/openssl/openssl/crypto/sha/asm/keccak1600-armv4.pl b/deps/openssl/openssl/crypto/sha/asm/keccak1600-armv4.pl
new file mode 100755
index 0000000000..8bf665c8b3
--- /dev/null
+++ b/deps/openssl/openssl/crypto/sha/asm/keccak1600-armv4.pl
@@ -0,0 +1,1606 @@
+#!/usr/bin/env perl
+# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# Keccak-1600 for ARMv4.
+#
+# June 2017.
+#
+# Non-NEON code is KECCAK_1X variant (see sha/keccak1600.c) with bit
+# interleaving. How does it compare to Keccak Code Package? It's as
+# fast, but several times smaller, and is endian- and ISA-neutral. ISA
+# neutrality means that minimum ISA requirement is ARMv4, yet it can
+# be assembled even as Thumb-2. NEON code path is KECCAK_1X_ALT with
+# register layout taken from Keccak Code Package. It's also as fast,
+# in fact faster by 10-15% on some processors, and endian-neutral.
+#
+# August 2017.
+#
+# Switch to KECCAK_2X variant for non-NEON code and merge almost 1/2
+# of rotate instructions with logical ones. This resulted in ~10%
+# improvement on most processors. Switch to KECCAK_2X effectively
+# minimizes re-loads from temporary storage, and merged rotates just
+# eliminate corresponding instructions. As for latter. When examining
+# code you'll notice commented ror instructions. These are eliminated
+# ones, and you should trace destination register below to see what's
+# going on. Just in case, why not all rotates are eliminated. Trouble
+# is that you have operations that require both inputs to be rotated,
+# e.g. 'eor a,b>>>x,c>>>y'. This conundrum is resolved by using
+# 'eor a,b,c>>>(x-y)' and then merge-rotating 'a' in next operation
+# that takes 'a' as input. And thing is that this next operation can
+# be in next round. It's totally possible to "carry" rotate "factors"
+# to the next round, but it makes code more complex. And the last word
+# is the keyword, i.e. "almost 1/2" is kind of complexity cap [for the
+# time being]...
+#
+# Reduce per-round instruction count in Thumb-2 case by 16%. This is
+# achieved by folding ldr/str pairs to their double-word counterparts.
+# Theoretically this should have improved performance on single-issue
+# cores, such as Cortex-A5/A7, by 19%. Reality is a bit different, as
+# usual...
+#
+########################################################################
+# Numbers are cycles per processed byte. Non-NEON results account even
+# for input bit interleaving.
+#
+#		r=1088(*)   Thumb-2(**) NEON
+#
+# ARM11xx	82/+150%
+# Cortex-A5	88/+160%,   86,         36
+# Cortex-A7	78/+160%,   68,         34
+# Cortex-A8	51/+230%,   57,         30
+# Cortex-A9	53/+210%,   51,         26
+# Cortex-A15	42/+160%,   38,         18
+# Snapdragon S4	43/+210%,   38,         24
+#
+# (*)	Corresponds to SHA3-256. Percentage after slash is improvement
+#	over compiler-generated KECCAK_2X reference code.
+# (**)	Thumb-2 results for Cortex-A5/A7 are likely to apply even to
+#	Cortex-Mx, x>=3. Otherwise, non-NEON results for NEON-capable
+#	processors are presented mostly for reference purposes.
+
+$flavour = shift;
+if ($flavour=~/\w[\w\-]*\.\w+$/) { $output=$flavour; undef $flavour; }
+else { while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} }
+
+if ($flavour && $flavour ne "void") {
+    $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+    ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or
+    ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or
+    die "can't locate arm-xlate.pl";
+
+    open STDOUT,"| \"$^X\" $xlate $flavour $output";
+} else {
+    open STDOUT,">$output";
+}
+
+my @C = map("r$_",(0..9));
+my @E = map("r$_",(10..12,14));
+
+########################################################################
+# Stack layout
+# ----->+-----------------------+
+#       | uint64_t A[5][5]      |
+#       | ...                   |
+# +200->+-----------------------+
+#       | uint64_t D[5]         |
+#       | ...                   |
+# +240->+-----------------------+
+#       | uint64_t T[5][5]      |
+#       | ...                   |
+# +440->+-----------------------+
+#       | saved lr              |
+# +444->+-----------------------+
+#       | loop counter          |
+# +448->+-----------------------+
+#       | ...
+
+my @A = map([ 8*$_, 8*($_+1), 8*($_+2), 8*($_+3), 8*($_+4) ], (0,5,10,15,20));
+my @D = map(8*$_, (25..29));
+my @T = map([ 8*$_, 8*($_+1), 8*($_+2), 8*($_+3), 8*($_+4) ], (30,35,40,45,50));
+
+$code.=<<___;
+#include "arm_arch.h"
+
+.text
+
+#if defined(__thumb2__)
+.syntax	unified
+.thumb
+#else
+.code	32
+#endif
+
+.type	iotas32, %object
+.align	5
+iotas32:
+	.long	0x00000001, 0x00000000
+	.long	0x00000000, 0x00000089
+	.long	0x00000000, 0x8000008b
+	.long	0x00000000, 0x80008080
+	.long	0x00000001, 0x0000008b
+	.long	0x00000001, 0x00008000
+	.long	0x00000001, 0x80008088
+	.long	0x00000001, 0x80000082
+	.long	0x00000000, 0x0000000b
+	.long	0x00000000, 0x0000000a
+	.long	0x00000001, 0x00008082
+	.long	0x00000000, 0x00008003
+	.long	0x00000001, 0x0000808b
+	.long	0x00000001, 0x8000000b
+	.long	0x00000001, 0x8000008a
+	.long	0x00000001, 0x80000081
+	.long	0x00000000, 0x80000081
+	.long	0x00000000, 0x80000008
+	.long	0x00000000, 0x00000083
+	.long	0x00000000, 0x80008003
+	.long	0x00000001, 0x80008088
+	.long	0x00000000, 0x80000088
+	.long	0x00000001, 0x00008000
+	.long	0x00000000, 0x80008082
+.size	iotas32,.-iotas32
+
+.type	KeccakF1600_int, %function
+.align	5
+KeccakF1600_int:
+	add	@C[9],sp,#$A[4][2]
+	add	@E[2],sp,#$A[0][0]
+	add	@E[0],sp,#$A[1][0]
+	ldmia	@C[9],{@C[4]-@C[9]}		@ A[4][2..4]
+KeccakF1600_enter:
+	str	lr,[sp,#440]
+	eor	@E[1],@E[1],@E[1]
+	str	@E[1],[sp,#444]
+	b	.Lround2x
+
+.align	4
+.Lround2x:
+___
+sub Round {
+my (@A,@R); (@A[0..4],@R) = @_;
+
+$code.=<<___;
+	ldmia	@E[2],{@C[0]-@C[3]}		@ A[0][0..1]
+	ldmia	@E[0],{@E[0]-@E[2],@E[3]}	@ A[1][0..1]
+#ifdef	__thumb2__
+	eor	@C[0],@C[0],@E[0]
+	eor	@C[1],@C[1],@E[1]
+	eor	@C[2],@C[2],@E[2]
+	ldrd	@E[0],@E[1],[sp,#$A[1][2]]
+	eor	@C[3],@C[3],@E[3]
+	ldrd	@E[2],@E[3],[sp,#$A[1][3]]
+	eor	@C[4],@C[4],@E[0]
+	eor	@C[5],@C[5],@E[1]
+	eor	@C[6],@C[6],@E[2]
+	ldrd	@E[0],@E[1],[sp,#$A[1][4]]
+	eor	@C[7],@C[7],@E[3]
+	ldrd	@E[2],@E[3],[sp,#$A[2][0]]
+	eor	@C[8],@C[8],@E[0]
+	eor	@C[9],@C[9],@E[1]
+	eor	@C[0],@C[0],@E[2]
+	ldrd	@E[0],@E[1],[sp,#$A[2][1]]
+	eor	@C[1],@C[1],@E[3]
+	ldrd	@E[2],@E[3],[sp,#$A[2][2]]
+	eor	@C[2],@C[2],@E[0]
+	eor	@C[3],@C[3],@E[1]
+	eor	@C[4],@C[4],@E[2]
+	ldrd	@E[0],@E[1],[sp,#$A[2][3]]
+	eor	@C[5],@C[5],@E[3]
+	ldrd	@E[2],@E[3],[sp,#$A[2][4]]
+	eor	@C[6],@C[6],@E[0]
+	eor	@C[7],@C[7],@E[1]
+	eor	@C[8],@C[8],@E[2]
+	ldrd	@E[0],@E[1],[sp,#$A[3][0]]
+	eor	@C[9],@C[9],@E[3]
+	ldrd	@E[2],@E[3],[sp,#$A[3][1]]
+	eor	@C[0],@C[0],@E[0]
+	eor	@C[1],@C[1],@E[1]
+	eor	@C[2],@C[2],@E[2]
+	ldrd	@E[0],@E[1],[sp,#$A[3][2]]
+	eor	@C[3],@C[3],@E[3]
+	ldrd	@E[2],@E[3],[sp,#$A[3][3]]
+	eor	@C[4],@C[4],@E[0]
+	eor	@C[5],@C[5],@E[1]
+	eor	@C[6],@C[6],@E[2]
+	ldrd	@E[0],@E[1],[sp,#$A[3][4]]
+	eor	@C[7],@C[7],@E[3]
+	ldrd	@E[2],@E[3],[sp,#$A[4][0]]
+	eor	@C[8],@C[8],@E[0]
+	eor	@C[9],@C[9],@E[1]
+	eor	@C[0],@C[0],@E[2]
+	ldrd	@E[0],@E[1],[sp,#$A[4][1]]
+	eor	@C[1],@C[1],@E[3]
+	ldrd	@E[2],@E[3],[sp,#$A[0][2]]
+	eor	@C[2],@C[2],@E[0]
+	eor	@C[3],@C[3],@E[1]
+	eor	@C[4],@C[4],@E[2]
+	ldrd	@E[0],@E[1],[sp,#$A[0][3]]
+	eor	@C[5],@C[5],@E[3]
+	ldrd	@E[2],@E[3],[sp,#$A[0][4]]
+#else
+	eor	@C[0],@C[0],@E[0]
+	 add	@E[0],sp,#$A[1][2]
+	eor	@C[1],@C[1],@E[1]
+	eor	@C[2],@C[2],@E[2]
+	eor	@C[3],@C[3],@E[3]
+	ldmia	@E[0],{@E[0]-@E[2],@E[3]}	@ A[1][2..3]
+	eor	@C[4],@C[4],@E[0]
+	 add	@E[0],sp,#$A[1][4]
+	eor	@C[5],@C[5],@E[1]
+	eor	@C[6],@C[6],@E[2]
+	eor	@C[7],@C[7],@E[3]
+	ldmia	@E[0],{@E[0]-@E[2],@E[3]}	@ A[1][4]..A[2][0]
+	eor	@C[8],@C[8],@E[0]
+	 add	@E[0],sp,#$A[2][1]
+	eor	@C[9],@C[9],@E[1]
+	eor	@C[0],@C[0],@E[2]
+	eor	@C[1],@C[1],@E[3]
+	ldmia	@E[0],{@E[0]-@E[2],@E[3]}	@ A[2][1..2]
+	eor	@C[2],@C[2],@E[0]
+	 add	@E[0],sp,#$A[2][3]
+	eor	@C[3],@C[3],@E[1]
+	eor	@C[4],@C[4],@E[2]
+	eor	@C[5],@C[5],@E[3]
+	ldmia	@E[0],{@E[0]-@E[2],@E[3]}	@ A[2][3..4]
+	eor	@C[6],@C[6],@E[0]
+	 add	@E[0],sp,#$A[3][0]
+	eor	@C[7],@C[7],@E[1]
+	eor	@C[8],@C[8],@E[2]
+	eor	@C[9],@C[9],@E[3]
+	ldmia	@E[0],{@E[0]-@E[2],@E[3]}	@ A[3][0..1]
+	eor	@C[0],@C[0],@E[0]
+	 add	@E[0],sp,#$A[3][2]
+	eor	@C[1],@C[1],@E[1]
+	eor	@C[2],@C[2],@E[2]
+	eor	@C[3],@C[3],@E[3]
+	ldmia	@E[0],{@E[0]-@E[2],@E[3]}	@ A[3][2..3]
+	eor	@C[4],@C[4],@E[0]
+	 add	@E[0],sp,#$A[3][4]
+	eor	@C[5],@C[5],@E[1]
+	eor	@C[6],@C[6],@E[2]
+	eor	@C[7],@C[7],@E[3]
+	ldmia	@E[0],{@E[0]-@E[2],@E[3]}	@ A[3][4]..A[4][0]
+	eor	@C[8],@C[8],@E[0]
+	ldr	@E[0],[sp,#$A[4][1]]		@ A[4][1]
+	eor	@C[9],@C[9],@E[1]
+	ldr	@E[1],[sp,#$A[4][1]+4]
+	eor	@C[0],@C[0],@E[2]
+	ldr	@E[2],[sp,#$A[0][2]]		@ A[0][2]
+	eor	@C[1],@C[1],@E[3]
+	ldr	@E[3],[sp,#$A[0][2]+4]
+	eor	@C[2],@C[2],@E[0]
+	 add	@E[0],sp,#$A[0][3]
+	eor	@C[3],@C[3],@E[1]
+	eor	@C[4],@C[4],@E[2]
+	eor	@C[5],@C[5],@E[3]
+	ldmia	@E[0],{@E[0]-@E[2],@E[3]}	@ A[0][3..4]
+#endif
+	eor	@C[6],@C[6],@E[0]
+	eor	@C[7],@C[7],@E[1]
+	eor	@C[8],@C[8],@E[2]
+	eor	@C[9],@C[9],@E[3]
+
+	eor	@E[0],@C[0],@C[5],ror#32-1	@ E[0] = ROL64(C[2], 1) ^ C[0];
+	str.l	@E[0],[sp,#$D[1]]		@ D[1] = E[0]
+	eor	@E[1],@C[1],@C[4]
+	str.h	@E[1],[sp,#$D[1]+4]
+	eor	@E[2],@C[6],@C[1],ror#32-1	@ E[1] = ROL64(C[0], 1) ^ C[3];
+	eor	@E[3],@C[7],@C[0]
+	str.l	@E[2],[sp,#$D[4]]		@ D[4] = E[1]
+	eor	@C[0],@C[8],@C[3],ror#32-1	@ C[0] = ROL64(C[1], 1) ^ C[4];
+	str.h	@E[3],[sp,#$D[4]+4]
+	eor	@C[1],@C[9],@C[2]
+	str.l	@C[0],[sp,#$D[0]]		@ D[0] = C[0]
+	eor	@C[2],@C[2],@C[7],ror#32-1	@ C[1] = ROL64(C[3], 1) ^ C[1];
+	 ldr.l	@C[7],[sp,#$A[3][3]]
+	eor	@C[3],@C[3],@C[6]
+	str.h	@C[1],[sp,#$D[0]+4]
+	 ldr.h	@C[6],[sp,#$A[3][3]+4]
+	str.l	@C[2],[sp,#$D[2]]		@ D[2] = C[1]
+	eor	@C[4],@C[4],@C[9],ror#32-1	@ C[2] = ROL64(C[4], 1) ^ C[2];
+	str.h	@C[3],[sp,#$D[2]+4]
+	eor	@C[5],@C[5],@C[8]
+
+	ldr.l	@C[8],[sp,#$A[4][4]]
+	ldr.h	@C[9],[sp,#$A[4][4]+4]
+	 str.l	@C[4],[sp,#$D[3]]		@ D[3] = C[2]
+	eor	@C[7],@C[7],@C[4]
+	 str.h	@C[5],[sp,#$D[3]+4]
+	eor	@C[6],@C[6],@C[5]
+	ldr.l	@C[4],[sp,#$A[0][0]]
+	@ ror	@C[7],@C[7],#32-10		@ C[3] = ROL64(A[3][3] ^ C[2], rhotates[3][3]);   /* D[3] */
+	@ ror	@C[6],@C[6],#32-11
+	ldr.h	@C[5],[sp,#$A[0][0]+4]
+	eor	@C[8],@C[8],@E[2]
+	eor	@C[9],@C[9],@E[3]
+	ldr.l	@E[2],[sp,#$A[2][2]]
+	eor	@C[0],@C[0],@C[4]
+	ldr.h	@E[3],[sp,#$A[2][2]+4]
+	@ ror	@C[8],@C[8],#32-7		@ C[4] = ROL64(A[4][4] ^ E[1], rhotates[4][4]);   /* D[4] */
+	@ ror	@C[9],@C[9],#32-7
+	eor	@C[1],@C[1],@C[5]		@ C[0] =       A[0][0] ^ C[0]; /* rotate by 0 */  /* D[0] */
+	eor	@E[2],@E[2],@C[2]
+	ldr.l	@C[2],[sp,#$A[1][1]]
+	eor	@E[3],@E[3],@C[3]
+	ldr.h	@C[3],[sp,#$A[1][1]+4]
+	ror	@C[5],@E[2],#32-21		@ C[2] = ROL64(A[2][2] ^ C[1], rhotates[2][2]);   /* D[2] */
+	 ldr	@E[2],[sp,#444]			@ load counter
+	eor	@C[2],@C[2],@E[0]
+	 adr	@E[0],iotas32
+	ror	@C[4],@E[3],#32-22
+	 add	@E[3],@E[0],@E[2]
+	eor	@C[3],@C[3],@E[1]
+___
+$code.=<<___	if ($A[0][0] != $T[0][0]);
+	ldmia	@E[3],{@E[0],@E[1]}		@ iotas[i]
+___
+$code.=<<___	if ($A[0][0] == $T[0][0]);
+	ldr.l	@E[0],[@E[3],#8]		@ iotas[i].lo
+	add	@E[2],@E[2],#16
+	ldr.h	@E[1],[@E[3],#12]		@ iotas[i].hi
+	cmp	@E[2],#192
+	str	@E[2],[sp,#444]			@ store counter
+___
+$code.=<<___;
+	bic	@E[2],@C[4],@C[2],ror#32-22
+	bic	@E[3],@C[5],@C[3],ror#32-22
+	 ror	@C[2],@C[2],#32-22		@ C[1] = ROL64(A[1][1] ^ E[0], rhotates[1][1]);   /* D[1] */
+	 ror	@C[3],@C[3],#32-22
+	eor	@E[2],@E[2],@C[0]
+	eor	@E[3],@E[3],@C[1]
+	eor	@E[0],@E[0],@E[2]
+	eor	@E[1],@E[1],@E[3]
+	str.l	@E[0],[sp,#$R[0][0]]		@ R[0][0] = C[0] ^ (~C[1] & C[2]) ^ iotas[i];
+	bic	@E[2],@C[6],@C[4],ror#11
+	str.h	@E[1],[sp,#$R[0][0]+4]
+	bic	@E[3],@C[7],@C[5],ror#10
+	bic	@E[0],@C[8],@C[6],ror#32-(11-7)
+	bic	@E[1],@C[9],@C[7],ror#32-(10-7)
+	eor	@E[2],@C[2],@E[2],ror#32-11
+	str.l	@E[2],[sp,#$R[0][1]]		@ R[0][1] = C[1] ^ (~C[2] & C[3]);
+	eor	@E[3],@C[3],@E[3],ror#32-10
+	str.h	@E[3],[sp,#$R[0][1]+4]
+	eor	@E[0],@C[4],@E[0],ror#32-7
+	eor	@E[1],@C[5],@E[1],ror#32-7
+	str.l	@E[0],[sp,#$R[0][2]]		@ R[0][2] = C[2] ^ (~C[3] & C[4]);
+	bic	@E[2],@C[0],@C[8],ror#32-7
+	str.h	@E[1],[sp,#$R[0][2]+4]
+	bic	@E[3],@C[1],@C[9],ror#32-7
+	eor	@E[2],@E[2],@C[6],ror#32-11
+	str.l	@E[2],[sp,#$R[0][3]]		@ R[0][3] = C[3] ^ (~C[4] & C[0]);
+	eor	@E[3],@E[3],@C[7],ror#32-10
+	str.h	@E[3],[sp,#$R[0][3]+4]
+	bic	@E[0],@C[2],@C[0]
+	 add	@E[3],sp,#$D[3]
+	 ldr.l	@C[0],[sp,#$A[0][3]]		@ A[0][3]
+	bic	@E[1],@C[3],@C[1]
+	 ldr.h	@C[1],[sp,#$A[0][3]+4]
+	eor	@E[0],@E[0],@C[8],ror#32-7
+	eor	@E[1],@E[1],@C[9],ror#32-7
+	str.l	@E[0],[sp,#$R[0][4]]		@ R[0][4] = C[4] ^ (~C[0] & C[1]);
+	 add	@C[9],sp,#$D[0]
+	str.h	@E[1],[sp,#$R[0][4]+4]
+
+	ldmia	@E[3],{@E[0]-@E[2],@E[3]}	@ D[3..4]
+	ldmia	@C[9],{@C[6]-@C[9]}		@ D[0..1]
+
+	ldr.l	@C[2],[sp,#$A[1][4]]		@ A[1][4]
+	eor	@C[0],@C[0],@E[0]
+	ldr.h	@C[3],[sp,#$A[1][4]+4]
+	eor	@C[1],@C[1],@E[1]
+	@ ror	@C[0],@C[0],#32-14		@ C[0] = ROL64(A[0][3] ^ D[3], rhotates[0][3]);
+	ldr.l	@E[0],[sp,#$A[3][1]]		@ A[3][1]
+	@ ror	@C[1],@C[1],#32-14
+	ldr.h	@E[1],[sp,#$A[3][1]+4]
+
+	eor	@C[2],@C[2],@E[2]
+	ldr.l	@C[4],[sp,#$A[2][0]]		@ A[2][0]
+	eor	@C[3],@C[3],@E[3]
+	ldr.h	@C[5],[sp,#$A[2][0]+4]
+	@ ror	@C[2],@C[2],#32-10		@ C[1] = ROL64(A[1][4] ^ D[4], rhotates[1][4]);
+	@ ror	@C[3],@C[3],#32-10
+
+	eor	@C[6],@C[6],@C[4]
+	ldr.l	@E[2],[sp,#$D[2]]		@ D[2]
+	eor	@C[7],@C[7],@C[5]
+	ldr.h	@E[3],[sp,#$D[2]+4]
+	ror	@C[5],@C[6],#32-1		@ C[2] = ROL64(A[2][0] ^ D[0], rhotates[2][0]);
+	ror	@C[4],@C[7],#32-2
+
+	eor	@E[0],@E[0],@C[8]
+	ldr.l	@C[8],[sp,#$A[4][2]]		@ A[4][2]
+	eor	@E[1],@E[1],@C[9]
+	ldr.h	@C[9],[sp,#$A[4][2]+4]
+	ror	@C[7],@E[0],#32-22		@ C[3] = ROL64(A[3][1] ^ D[1], rhotates[3][1]);
+	ror	@C[6],@E[1],#32-23
+
+	bic	@E[0],@C[4],@C[2],ror#32-10
+	bic	@E[1],@C[5],@C[3],ror#32-10
+	 eor	@E[2],@E[2],@C[8]
+	 eor	@E[3],@E[3],@C[9]
+	 ror	@C[9],@E[2],#32-30		@ C[4] = ROL64(A[4][2] ^ D[2], rhotates[4][2]);
+	 ror	@C[8],@E[3],#32-31
+	eor	@E[0],@E[0],@C[0],ror#32-14
+	eor	@E[1],@E[1],@C[1],ror#32-14
+	str.l	@E[0],[sp,#$R[1][0]]		@ R[1][0] = C[0] ^ (~C[1] & C[2])
+	bic	@E[2],@C[6],@C[4]
+	str.h	@E[1],[sp,#$R[1][0]+4]
+	bic	@E[3],@C[7],@C[5]
+	eor	@E[2],@E[2],@C[2],ror#32-10
+	str.l	@E[2],[sp,#$R[1][1]]		@ R[1][1] = C[1] ^ (~C[2] & C[3]);
+	eor	@E[3],@E[3],@C[3],ror#32-10
+	str.h	@E[3],[sp,#$R[1][1]+4]
+	bic	@E[0],@C[8],@C[6]
+	bic	@E[1],@C[9],@C[7]
+	bic	@E[2],@C[0],@C[8],ror#14
+	bic	@E[3],@C[1],@C[9],ror#14
+	eor	@E[0],@E[0],@C[4]
+	eor	@E[1],@E[1],@C[5]
+	str.l	@E[0],[sp,#$R[1][2]]		@ R[1][2] = C[2] ^ (~C[3] & C[4]);
+	bic	@C[2],@C[2],@C[0],ror#32-(14-10)
+	str.h	@E[1],[sp,#$R[1][2]+4]
+	eor	@E[2],@C[6],@E[2],ror#32-14
+	bic	@E[1],@C[3],@C[1],ror#32-(14-10)
+	str.l	@E[2],[sp,#$R[1][3]]		@ R[1][3] = C[3] ^ (~C[4] & C[0]);
+	eor	@E[3],@C[7],@E[3],ror#32-14
+	str.h	@E[3],[sp,#$R[1][3]+4]
+	 add	@E[2],sp,#$D[1]
+	 ldr.l	@C[1],[sp,#$A[0][1]]		@ A[0][1]
+	eor	@E[0],@C[8],@C[2],ror#32-10
+	 ldr.h	@C[0],[sp,#$A[0][1]+4]
+	eor	@E[1],@C[9],@E[1],ror#32-10
+	str.l	@E[0],[sp,#$R[1][4]]		@ R[1][4] = C[4] ^ (~C[0] & C[1]);
+	str.h	@E[1],[sp,#$R[1][4]+4]
+
+	add	@C[9],sp,#$D[3]
+	ldmia	@E[2],{@E[0]-@E[2],@E[3]}	@ D[1..2]
+	ldr.l	@C[2],[sp,#$A[1][2]]		@ A[1][2]
+	ldr.h	@C[3],[sp,#$A[1][2]+4]
+	ldmia	@C[9],{@C[6]-@C[9]}		@ D[3..4]
+
+	eor	@C[1],@C[1],@E[0]
+	ldr.l	@C[4],[sp,#$A[2][3]]		@ A[2][3]
+	eor	@C[0],@C[0],@E[1]
+	ldr.h	@C[5],[sp,#$A[2][3]+4]
+	ror	@C[0],@C[0],#32-1		@ C[0] = ROL64(A[0][1] ^ D[1], rhotates[0][1]);
+
+	eor	@C[2],@C[2],@E[2]
+	ldr.l	@E[0],[sp,#$A[3][4]]		@ A[3][4]
+	eor	@C[3],@C[3],@E[3]
+	ldr.h	@E[1],[sp,#$A[3][4]+4]
+	@ ror	@C[2],@C[2],#32-3		@ C[1] = ROL64(A[1][2] ^ D[2], rhotates[1][2]);
+	ldr.l	@E[2],[sp,#$D[0]]		@ D[0]
+	@ ror	@C[3],@C[3],#32-3
+	ldr.h	@E[3],[sp,#$D[0]+4]
+
+	eor	@C[4],@C[4],@C[6]
+	eor	@C[5],@C[5],@C[7]
+	@ ror	@C[5],@C[6],#32-12		@ C[2] = ROL64(A[2][3] ^ D[3], rhotates[2][3]);
+	@ ror	@C[4],@C[7],#32-13		@ [track reverse order below]
+
+	eor	@E[0],@E[0],@C[8]
+	ldr.l	@C[8],[sp,#$A[4][0]]		@ A[4][0]
+	eor	@E[1],@E[1],@C[9]
+	ldr.h	@C[9],[sp,#$A[4][0]+4]
+	ror	@C[6],@E[0],#32-4		@ C[3] = ROL64(A[3][4] ^ D[4], rhotates[3][4]);
+	ror	@C[7],@E[1],#32-4
+
+	eor	@E[2],@E[2],@C[8]
+	eor	@E[3],@E[3],@C[9]
+	ror	@C[8],@E[2],#32-9		@ C[4] = ROL64(A[4][0] ^ D[0], rhotates[4][0]);
+	ror	@C[9],@E[3],#32-9
+
+	bic	@E[0],@C[5],@C[2],ror#13-3
+	bic	@E[1],@C[4],@C[3],ror#12-3
+	bic	@E[2],@C[6],@C[5],ror#32-13
+	bic	@E[3],@C[7],@C[4],ror#32-12
+	eor	@E[0],@C[0],@E[0],ror#32-13
+	eor	@E[1],@C[1],@E[1],ror#32-12
+	str.l	@E[0],[sp,#$R[2][0]]		@ R[2][0] = C[0] ^ (~C[1] & C[2])
+	eor	@E[2],@E[2],@C[2],ror#32-3
+	str.h	@E[1],[sp,#$R[2][0]+4]
+	eor	@E[3],@E[3],@C[3],ror#32-3
+	str.l	@E[2],[sp,#$R[2][1]]		@ R[2][1] = C[1] ^ (~C[2] & C[3]);
+	bic	@E[0],@C[8],@C[6]
+	bic	@E[1],@C[9],@C[7]
+	str.h	@E[3],[sp,#$R[2][1]+4]
+	eor	@E[0],@E[0],@C[5],ror#32-13
+	eor	@E[1],@E[1],@C[4],ror#32-12
+	str.l	@E[0],[sp,#$R[2][2]]		@ R[2][2] = C[2] ^ (~C[3] & C[4]);
+	bic	@E[2],@C[0],@C[8]
+	str.h	@E[1],[sp,#$R[2][2]+4]
+	bic	@E[3],@C[1],@C[9]
+	eor	@E[2],@E[2],@C[6]
+	eor	@E[3],@E[3],@C[7]
+	str.l	@E[2],[sp,#$R[2][3]]		@ R[2][3] = C[3] ^ (~C[4] & C[0]);
+	bic	@E[0],@C[2],@C[0],ror#3
+	str.h	@E[3],[sp,#$R[2][3]+4]
+	bic	@E[1],@C[3],@C[1],ror#3
+	 ldr.l	@C[1],[sp,#$A[0][4]]		@ A[0][4] [in reverse order]
+	eor	@E[0],@C[8],@E[0],ror#32-3
+	 ldr.h	@C[0],[sp,#$A[0][4]+4]
+	eor	@E[1],@C[9],@E[1],ror#32-3
+	str.l	@E[0],[sp,#$R[2][4]]		@ R[2][4] = C[4] ^ (~C[0] & C[1]);
+	 add	@C[9],sp,#$D[1]
+	str.h	@E[1],[sp,#$R[2][4]+4]
+
+	ldr.l	@E[0],[sp,#$D[4]]		@ D[4]
+	ldr.h	@E[1],[sp,#$D[4]+4]
+	ldr.l	@E[2],[sp,#$D[0]]		@ D[0]
+	ldr.h	@E[3],[sp,#$D[0]+4]
+
+	ldmia	@C[9],{@C[6]-@C[9]}		@ D[1..2]
+
+	eor	@C[1],@C[1],@E[0]
+	ldr.l	@C[2],[sp,#$A[1][0]]		@ A[1][0]
+	eor	@C[0],@C[0],@E[1]
+	ldr.h	@C[3],[sp,#$A[1][0]+4]
+	@ ror	@C[1],@E[0],#32-13		@ C[0] = ROL64(A[0][4] ^ D[4], rhotates[0][4]);
+	ldr.l	@C[4],[sp,#$A[2][1]]		@ A[2][1]
+	@ ror	@C[0],@E[1],#32-14		@ [was loaded in reverse order]
+	ldr.h	@C[5],[sp,#$A[2][1]+4]
+
+	eor	@C[2],@C[2],@E[2]
+	ldr.l	@E[0],[sp,#$A[3][2]]		@ A[3][2]
+	eor	@C[3],@C[3],@E[3]
+	ldr.h	@E[1],[sp,#$A[3][2]+4]
+	@ ror	@C[2],@C[2],#32-18		@ C[1] = ROL64(A[1][0] ^ D[0], rhotates[1][0]);
+	ldr.l	@E[2],[sp,#$D[3]]		@ D[3]
+	@ ror	@C[3],@C[3],#32-18
+	ldr.h	@E[3],[sp,#$D[3]+4]
+
+	eor	@C[6],@C[6],@C[4]
+	eor	@C[7],@C[7],@C[5]
+	ror	@C[4],@C[6],#32-5		@ C[2] = ROL64(A[2][1] ^ D[1], rhotates[2][1]);
+	ror	@C[5],@C[7],#32-5
+
+	eor	@E[0],@E[0],@C[8]
+	ldr.l	@C[8],[sp,#$A[4][3]]		@ A[4][3]
+	eor	@E[1],@E[1],@C[9]
+	ldr.h	@C[9],[sp,#$A[4][3]+4]
+	ror	@C[7],@E[0],#32-7		@ C[3] = ROL64(A[3][2] ^ D[2], rhotates[3][2]);
+	ror	@C[6],@E[1],#32-8
+
+	eor	@E[2],@E[2],@C[8]
+	eor	@E[3],@E[3],@C[9]
+	ror	@C[8],@E[2],#32-28		@ C[4] = ROL64(A[4][3] ^ D[3], rhotates[4][3]);
+	ror	@C[9],@E[3],#32-28
+
+	bic	@E[0],@C[4],@C[2],ror#32-18
+	bic	@E[1],@C[5],@C[3],ror#32-18
+	eor	@E[0],@E[0],@C[0],ror#32-14
+	eor	@E[1],@E[1],@C[1],ror#32-13
+	str.l	@E[0],[sp,#$R[3][0]]		@ R[3][0] = C[0] ^ (~C[1] & C[2])
+	bic	@E[2],@C[6],@C[4]
+	str.h	@E[1],[sp,#$R[3][0]+4]
+	bic	@E[3],@C[7],@C[5]
+	eor	@E[2],@E[2],@C[2],ror#32-18
+	str.l	@E[2],[sp,#$R[3][1]]		@ R[3][1] = C[1] ^ (~C[2] & C[3]);
+	eor	@E[3],@E[3],@C[3],ror#32-18
+	str.h	@E[3],[sp,#$R[3][1]+4]
+	bic	@E[0],@C[8],@C[6]
+	bic	@E[1],@C[9],@C[7]
+	bic	@E[2],@C[0],@C[8],ror#14
+	bic	@E[3],@C[1],@C[9],ror#13
+	eor	@E[0],@E[0],@C[4]
+	eor	@E[1],@E[1],@C[5]
+	str.l	@E[0],[sp,#$R[3][2]]		@ R[3][2] = C[2] ^ (~C[3] & C[4]);
+	bic	@C[2],@C[2],@C[0],ror#18-14
+	str.h	@E[1],[sp,#$R[3][2]+4]
+	eor	@E[2],@C[6],@E[2],ror#32-14
+	bic	@E[1],@C[3],@C[1],ror#18-13
+	eor	@E[3],@C[7],@E[3],ror#32-13
+	str.l	@E[2],[sp,#$R[3][3]]		@ R[3][3] = C[3] ^ (~C[4] & C[0]);
+	str.h	@E[3],[sp,#$R[3][3]+4]
+	 add	@E[3],sp,#$D[2]
+	 ldr.l	@C[0],[sp,#$A[0][2]]		@ A[0][2]
+	eor	@E[0],@C[8],@C[2],ror#32-18
+	 ldr.h	@C[1],[sp,#$A[0][2]+4]
+	eor	@E[1],@C[9],@E[1],ror#32-18
+	str.l	@E[0],[sp,#$R[3][4]]		@ R[3][4] = C[4] ^ (~C[0] & C[1]);
+	str.h	@E[1],[sp,#$R[3][4]+4]
+
+	ldmia	@E[3],{@E[0]-@E[2],@E[3]}	@ D[2..3]
+	ldr.l	@C[2],[sp,#$A[1][3]]		@ A[1][3]
+	ldr.h	@C[3],[sp,#$A[1][3]+4]
+	ldr.l	@C[6],[sp,#$D[4]]		@ D[4]
+	ldr.h	@C[7],[sp,#$D[4]+4]
+
+	eor	@C[0],@C[0],@E[0]
+	ldr.l	@C[4],[sp,#$A[2][4]]		@ A[2][4]
+	eor	@C[1],@C[1],@E[1]
+	ldr.h	@C[5],[sp,#$A[2][4]+4]
+	@ ror	@C[0],@C[0],#32-31		@ C[0] = ROL64(A[0][2] ^ D[2], rhotates[0][2]);
+	ldr.l	@C[8],[sp,#$D[0]]		@ D[0]
+	@ ror	@C[1],@C[1],#32-31
+	ldr.h	@C[9],[sp,#$D[0]+4]
+
+	eor	@E[2],@E[2],@C[2]
+	ldr.l	@E[0],[sp,#$A[3][0]]		@ A[3][0]
+	eor	@E[3],@E[3],@C[3]
+	ldr.h	@E[1],[sp,#$A[3][0]+4]
+	ror	@C[3],@E[2],#32-27		@ C[1] = ROL64(A[1][3] ^ D[3], rhotates[1][3]);
+	ldr.l	@E[2],[sp,#$D[1]]		@ D[1]
+	ror	@C[2],@E[3],#32-28
+	ldr.h	@E[3],[sp,#$D[1]+4]
+
+	eor	@C[6],@C[6],@C[4]
+	eor	@C[7],@C[7],@C[5]
+	ror	@C[5],@C[6],#32-19		@ C[2] = ROL64(A[2][4] ^ D[4], rhotates[2][4]);
+	ror	@C[4],@C[7],#32-20
+
+	eor	@E[0],@E[0],@C[8]
+	ldr.l	@C[8],[sp,#$A[4][1]]		@ A[4][1]
+	eor	@E[1],@E[1],@C[9]
+	ldr.h	@C[9],[sp,#$A[4][1]+4]
+	ror	@C[7],@E[0],#32-20		@ C[3] = ROL64(A[3][0] ^ D[0], rhotates[3][0]);
+	ror	@C[6],@E[1],#32-21
+
+	eor	@C[8],@C[8],@E[2]
+	eor	@C[9],@C[9],@E[3]
+	@ ror	@C[8],@C[2],#32-1		@ C[4] = ROL64(A[4][1] ^ D[1], rhotates[4][1]);
+	@ ror	@C[9],@C[3],#32-1
+
+	bic	@E[0],@C[4],@C[2]
+	bic	@E[1],@C[5],@C[3]
+	eor	@E[0],@E[0],@C[0],ror#32-31
+	str.l	@E[0],[sp,#$R[4][0]]		@ R[4][0] = C[0] ^ (~C[1] & C[2])
+	eor	@E[1],@E[1],@C[1],ror#32-31
+	str.h	@E[1],[sp,#$R[4][0]+4]
+	bic	@E[2],@C[6],@C[4]
+	bic	@E[3],@C[7],@C[5]
+	eor	@E[2],@E[2],@C[2]
+	eor	@E[3],@E[3],@C[3]
+	str.l	@E[2],[sp,#$R[4][1]]		@ R[4][1] = C[1] ^ (~C[2] & C[3]);
+	bic	@E[0],@C[8],@C[6],ror#1
+	str.h	@E[3],[sp,#$R[4][1]+4]
+	bic	@E[1],@C[9],@C[7],ror#1
+	bic	@E[2],@C[0],@C[8],ror#31-1
+	bic	@E[3],@C[1],@C[9],ror#31-1
+	eor	@C[4],@C[4],@E[0],ror#32-1
+	str.l	@C[4],[sp,#$R[4][2]]		@ R[4][2] = C[2] ^= (~C[3] & C[4]);
+	eor	@C[5],@C[5],@E[1],ror#32-1
+	str.h	@C[5],[sp,#$R[4][2]+4]
+	eor	@C[6],@C[6],@E[2],ror#32-31
+	eor	@C[7],@C[7],@E[3],ror#32-31
+	str.l	@C[6],[sp,#$R[4][3]]		@ R[4][3] = C[3] ^= (~C[4] & C[0]);
+	bic	@E[0],@C[2],@C[0],ror#32-31
+	str.h	@C[7],[sp,#$R[4][3]+4]
+	bic	@E[1],@C[3],@C[1],ror#32-31
+	 add	@E[2],sp,#$R[0][0]
+	eor	@C[8],@E[0],@C[8],ror#32-1
+	 add	@E[0],sp,#$R[1][0]
+	eor	@C[9],@E[1],@C[9],ror#32-1
+	str.l	@C[8],[sp,#$R[4][4]]		@ R[4][4] = C[4] ^= (~C[0] & C[1]);
+	str.h	@C[9],[sp,#$R[4][4]+4]
+___
+}
+	Round(@A,@T);
+	Round(@T,@A);
+$code.=<<___;
+	blo	.Lround2x
+
+	ldr	pc,[sp,#440]
+.size	KeccakF1600_int,.-KeccakF1600_int
+
+.type	KeccakF1600, %function
+.align	5
+KeccakF1600:
+	stmdb	sp!,{r0,r4-r11,lr}
+	sub	sp,sp,#440+16			@ space for A[5][5],D[5],T[5][5],...
+
+	add	@E[0],r0,#$A[1][0]
+	add	@E[1],sp,#$A[1][0]
+	ldmia	r0,    {@C[0]-@C[9]}		@ copy A[5][5] to stack
+	stmia	sp,    {@C[0]-@C[9]}
+	ldmia	@E[0]!,{@C[0]-@C[9]}
+	stmia	@E[1]!,{@C[0]-@C[9]}
+	ldmia	@E[0]!,{@C[0]-@C[9]}
+	stmia	@E[1]!,{@C[0]-@C[9]}
+	ldmia	@E[0]!,{@C[0]-@C[9]}
+	stmia	@E[1]!,{@C[0]-@C[9]}
+	ldmia	@E[0], {@C[0]-@C[9]}
+	add	@E[2],sp,#$A[0][0]
+	add	@E[0],sp,#$A[1][0]
+	stmia	@E[1], {@C[0]-@C[9]}
+
+	bl	KeccakF1600_enter
+
+	ldr	@E[1], [sp,#440+16]		@ restore pointer to A
+	ldmia	sp,    {@C[0]-@C[9]}
+	stmia	@E[1]!,{@C[0]-@C[9]}		@ return A[5][5]
+	ldmia	@E[0]!,{@C[0]-@C[9]}
+	stmia	@E[1]!,{@C[0]-@C[9]}
+	ldmia	@E[0]!,{@C[0]-@C[9]}
+	stmia	@E[1]!,{@C[0]-@C[9]}
+	ldmia	@E[0]!,{@C[0]-@C[9]}
+	stmia	@E[1]!,{@C[0]-@C[9]}
+	ldmia	@E[0], {@C[0]-@C[9]}
+	stmia	@E[1], {@C[0]-@C[9]}
+
+	add	sp,sp,#440+20
+	ldmia	sp!,{r4-r11,pc}
+.size	KeccakF1600,.-KeccakF1600
+___
+{ my ($A_flat,$inp,$len,$bsz) = map("r$_",(10..12,14));
+
+########################################################################
+# Stack layout
+# ----->+-----------------------+
+#       | uint64_t A[5][5]      |
+#       | ...                   |
+#       | ...                   |
+# +456->+-----------------------+
+#       | 0x55555555            |
+# +460->+-----------------------+
+#       | 0x33333333            |
+# +464->+-----------------------+
+#       | 0x0f0f0f0f            |
+# +468->+-----------------------+
+#       | 0x00ff00ff            |
+# +472->+-----------------------+
+#       | uint64_t *A           |
+# +476->+-----------------------+
+#       | const void *inp       |
+# +480->+-----------------------+
+#       | size_t len            |
+# +484->+-----------------------+
+#       | size_t bs             |
+# +488->+-----------------------+
+#       | ....
+
+$code.=<<___;
+.global	SHA3_absorb
+.type	SHA3_absorb,%function
+.align	5
+SHA3_absorb:
+	stmdb	sp!,{r0-r12,lr}
+	sub	sp,sp,#456+16
+
+	add	$A_flat,r0,#$A[1][0]
+	@ mov	$inp,r1
+	mov	$len,r2
+	mov	$bsz,r3
+	cmp	r2,r3
+	blo	.Labsorb_abort
+
+	add	$inp,sp,#0
+	ldmia	r0,      {@C[0]-@C[9]}	@ copy A[5][5] to stack
+	stmia	$inp!,   {@C[0]-@C[9]}
+	ldmia	$A_flat!,{@C[0]-@C[9]}
+	stmia	$inp!,   {@C[0]-@C[9]}
+	ldmia	$A_flat!,{@C[0]-@C[9]}
+	stmia	$inp!,   {@C[0]-@C[9]}
+	ldmia	$A_flat!,{@C[0]-@C[9]}
+	stmia	$inp!,   {@C[0]-@C[9]}
+	ldmia	$A_flat!,{@C[0]-@C[9]}
+	stmia	$inp,    {@C[0]-@C[9]}
+
+	ldr	$inp,[sp,#476]		@ restore $inp
+#ifdef	__thumb2__
+	mov	r9,#0x00ff00ff
+	mov	r8,#0x0f0f0f0f
+	mov	r7,#0x33333333
+	mov	r6,#0x55555555
+#else
+	mov	r6,#0x11		@ compose constants
+	mov	r8,#0x0f
+	mov	r9,#0xff
+	orr	r6,r6,r6,lsl#8
+	orr	r8,r8,r8,lsl#8
+	orr	r6,r6,r6,lsl#16		@ 0x11111111
+	orr	r9,r9,r9,lsl#16		@ 0x00ff00ff
+	orr	r8,r8,r8,lsl#16		@ 0x0f0f0f0f
+	orr	r7,r6,r6,lsl#1		@ 0x33333333
+	orr	r6,r6,r6,lsl#2		@ 0x55555555
+#endif
+	str	r9,[sp,#468]
+	str	r8,[sp,#464]
+	str	r7,[sp,#460]
+	str	r6,[sp,#456]
+	b	.Loop_absorb
+
+.align	4
+.Loop_absorb:
+	subs	r0,$len,$bsz
+	blo	.Labsorbed
+	add	$A_flat,sp,#0
+	str	r0,[sp,#480]		@ save len - bsz
+
+.align	4
+.Loop_block:
+	ldrb	r0,[$inp],#1
+	ldrb	r1,[$inp],#1
+	ldrb	r2,[$inp],#1
+	ldrb	r3,[$inp],#1
+	ldrb	r4,[$inp],#1
+	orr	r0,r0,r1,lsl#8
+	ldrb	r1,[$inp],#1
+	orr	r0,r0,r2,lsl#16
+	ldrb	r2,[$inp],#1
+	orr	r0,r0,r3,lsl#24		@ lo
+	ldrb	r3,[$inp],#1
+	orr	r1,r4,r1,lsl#8
+	orr	r1,r1,r2,lsl#16
+	orr	r1,r1,r3,lsl#24		@ hi
+
+	and	r2,r0,r6		@ &=0x55555555
+	and	r0,r0,r6,lsl#1		@ &=0xaaaaaaaa
+	and	r3,r1,r6		@ &=0x55555555
+	and	r1,r1,r6,lsl#1		@ &=0xaaaaaaaa
+	orr	r2,r2,r2,lsr#1
+	orr	r0,r0,r0,lsl#1
+	orr	r3,r3,r3,lsr#1
+	orr	r1,r1,r1,lsl#1
+	and	r2,r2,r7		@ &=0x33333333
+	and	r0,r0,r7,lsl#2		@ &=0xcccccccc
+	and	r3,r3,r7		@ &=0x33333333
+	and	r1,r1,r7,lsl#2		@ &=0xcccccccc
+	orr	r2,r2,r2,lsr#2
+	orr	r0,r0,r0,lsl#2
+	orr	r3,r3,r3,lsr#2
+	orr	r1,r1,r1,lsl#2
+	and	r2,r2,r8		@ &=0x0f0f0f0f
+	and	r0,r0,r8,lsl#4		@ &=0xf0f0f0f0
+	and	r3,r3,r8		@ &=0x0f0f0f0f
+	and	r1,r1,r8,lsl#4		@ &=0xf0f0f0f0
+	ldmia	$A_flat,{r4-r5}		@ A_flat[i]
+	orr	r2,r2,r2,lsr#4
+	orr	r0,r0,r0,lsl#4
+	orr	r3,r3,r3,lsr#4
+	orr	r1,r1,r1,lsl#4
+	and	r2,r2,r9		@ &=0x00ff00ff
+	and	r0,r0,r9,lsl#8		@ &=0xff00ff00
+	and	r3,r3,r9		@ &=0x00ff00ff
+	and	r1,r1,r9,lsl#8		@ &=0xff00ff00
+	orr	r2,r2,r2,lsr#8
+	orr	r0,r0,r0,lsl#8
+	orr	r3,r3,r3,lsr#8
+	orr	r1,r1,r1,lsl#8
+
+	lsl	r2,r2,#16
+	lsr	r1,r1,#16
+	eor	r4,r4,r3,lsl#16
+	eor	r5,r5,r0,lsr#16
+	eor	r4,r4,r2,lsr#16
+	eor	r5,r5,r1,lsl#16
+	stmia	$A_flat!,{r4-r5}	@ A_flat[i++] ^= BitInterleave(inp[0..7])
+
+	subs	$bsz,$bsz,#8
+	bhi	.Loop_block
+
+	str	$inp,[sp,#476]
+
+	bl	KeccakF1600_int
+
+	add	r14,sp,#456
+	ldmia	r14,{r6-r12,r14}	@ restore constants and variables
+	b	.Loop_absorb
+
+.align	4
+.Labsorbed:
+	add	$inp,sp,#$A[1][0]
+	ldmia	sp,      {@C[0]-@C[9]}
+	stmia	$A_flat!,{@C[0]-@C[9]}	@ return A[5][5]
+	ldmia	$inp!,   {@C[0]-@C[9]}
+	stmia	$A_flat!,{@C[0]-@C[9]}
+	ldmia	$inp!,   {@C[0]-@C[9]}
+	stmia	$A_flat!,{@C[0]-@C[9]}
+	ldmia	$inp!,   {@C[0]-@C[9]}
+	stmia	$A_flat!,{@C[0]-@C[9]}
+	ldmia	$inp,    {@C[0]-@C[9]}
+	stmia	$A_flat, {@C[0]-@C[9]}
+
+.Labsorb_abort:
+	add	sp,sp,#456+32
+	mov	r0,$len			@ return value
+	ldmia	sp!,{r4-r12,pc}
+.size	SHA3_absorb,.-SHA3_absorb
+___
+}
+{ my ($out,$len,$A_flat,$bsz) = map("r$_", (4,5,10,12));
+
+$code.=<<___;
+.global	SHA3_squeeze
+.type	SHA3_squeeze,%function
+.align	5
+SHA3_squeeze:
+	stmdb	sp!,{r0,r3-r10,lr}
+
+	mov	$A_flat,r0
+	mov	$out,r1
+	mov	$len,r2
+	mov	$bsz,r3
+
+#ifdef	__thumb2__
+	mov	r9,#0x00ff00ff
+	mov	r8,#0x0f0f0f0f
+	mov	r7,#0x33333333
+	mov	r6,#0x55555555
+#else
+	mov	r6,#0x11		@ compose constants
+	mov	r8,#0x0f
+	mov	r9,#0xff
+	orr	r6,r6,r6,lsl#8
+	orr	r8,r8,r8,lsl#8
+	orr	r6,r6,r6,lsl#16		@ 0x11111111
+	orr	r9,r9,r9,lsl#16		@ 0x00ff00ff
+	orr	r8,r8,r8,lsl#16		@ 0x0f0f0f0f
+	orr	r7,r6,r6,lsl#1		@ 0x33333333
+	orr	r6,r6,r6,lsl#2		@ 0x55555555
+#endif
+	stmdb	sp!,{r6-r9}
+
+	mov	r14,$A_flat
+	b	.Loop_squeeze
+
+.align	4
+.Loop_squeeze:
+	ldmia	$A_flat!,{r0,r1}	@ A_flat[i++]
+
+	lsl	r2,r0,#16
+	lsl	r3,r1,#16		@ r3 = r1 << 16
+	lsr	r2,r2,#16		@ r2 = r0 & 0x0000ffff
+	lsr	r1,r1,#16
+	lsr	r0,r0,#16		@ r0 = r0 >> 16
+	lsl	r1,r1,#16		@ r1 = r1 & 0xffff0000
+
+	orr	r2,r2,r2,lsl#8
+	orr	r3,r3,r3,lsr#8
+	orr	r0,r0,r0,lsl#8
+	orr	r1,r1,r1,lsr#8
+	and	r2,r2,r9		@ &=0x00ff00ff
+	and	r3,r3,r9,lsl#8		@ &=0xff00ff00
+	and	r0,r0,r9		@ &=0x00ff00ff
+	and	r1,r1,r9,lsl#8		@ &=0xff00ff00
+	orr	r2,r2,r2,lsl#4
+	orr	r3,r3,r3,lsr#4
+	orr	r0,r0,r0,lsl#4
+	orr	r1,r1,r1,lsr#4
+	and	r2,r2,r8		@ &=0x0f0f0f0f
+	and	r3,r3,r8,lsl#4		@ &=0xf0f0f0f0
+	and	r0,r0,r8		@ &=0x0f0f0f0f
+	and	r1,r1,r8,lsl#4		@ &=0xf0f0f0f0
+	orr	r2,r2,r2,lsl#2
+	orr	r3,r3,r3,lsr#2
+	orr	r0,r0,r0,lsl#2
+	orr	r1,r1,r1,lsr#2
+	and	r2,r2,r7		@ &=0x33333333
+	and	r3,r3,r7,lsl#2		@ &=0xcccccccc
+	and	r0,r0,r7		@ &=0x33333333
+	and	r1,r1,r7,lsl#2		@ &=0xcccccccc
+	orr	r2,r2,r2,lsl#1
+	orr	r3,r3,r3,lsr#1
+	orr	r0,r0,r0,lsl#1
+	orr	r1,r1,r1,lsr#1
+	and	r2,r2,r6		@ &=0x55555555
+	and	r3,r3,r6,lsl#1		@ &=0xaaaaaaaa
+	and	r0,r0,r6		@ &=0x55555555
+	and	r1,r1,r6,lsl#1		@ &=0xaaaaaaaa
+
+	orr	r2,r2,r3
+	orr	r0,r0,r1
+
+	cmp	$len,#8
+	blo	.Lsqueeze_tail
+	lsr	r1,r2,#8
+	strb	r2,[$out],#1
+	lsr	r3,r2,#16
+	strb	r1,[$out],#1
+	lsr	r2,r2,#24
+	strb	r3,[$out],#1
+	strb	r2,[$out],#1
+
+	lsr	r1,r0,#8
+	strb	r0,[$out],#1
+	lsr	r3,r0,#16
+	strb	r1,[$out],#1
+	lsr	r0,r0,#24
+	strb	r3,[$out],#1
+	strb	r0,[$out],#1
+	subs	$len,$len,#8
+	beq	.Lsqueeze_done
+
+	subs	$bsz,$bsz,#8		@ bsz -= 8
+	bhi	.Loop_squeeze
+
+	mov	r0,r14			@ original $A_flat
+
+	bl	KeccakF1600
+
+	ldmia	sp,{r6-r10,r12}		@ restore constants and variables
+	mov	r14,$A_flat
+	b	.Loop_squeeze
+
+.align	4
+.Lsqueeze_tail:
+	strb	r2,[$out],#1
+	lsr	r2,r2,#8
+	subs	$len,$len,#1
+	beq	.Lsqueeze_done
+	strb	r2,[$out],#1
+	lsr	r2,r2,#8
+	subs	$len,$len,#1
+	beq	.Lsqueeze_done
+	strb	r2,[$out],#1
+	lsr	r2,r2,#8
+	subs	$len,$len,#1
+	beq	.Lsqueeze_done
+	strb	r2,[$out],#1
+	subs	$len,$len,#1
+	beq	.Lsqueeze_done
+
+	strb	r0,[$out],#1
+	lsr	r0,r0,#8
+	subs	$len,$len,#1
+	beq	.Lsqueeze_done
+	strb	r0,[$out],#1
+	lsr	r0,r0,#8
+	subs	$len,$len,#1
+	beq	.Lsqueeze_done
+	strb	r0,[$out]
+	b	.Lsqueeze_done
+
+.align	4
+.Lsqueeze_done:
+	add	sp,sp,#24
+	ldmia	sp!,{r4-r10,pc}
+.size	SHA3_squeeze,.-SHA3_squeeze
+___
+}
+
+$code.=<<___;
+#if __ARM_MAX_ARCH__>=7
+.fpu	neon
+
+.type	iotas64, %object
+.align 5
+iotas64:
+	.quad	0x0000000000000001
+	.quad	0x0000000000008082
+	.quad	0x800000000000808a
+	.quad	0x8000000080008000
+	.quad	0x000000000000808b
+	.quad	0x0000000080000001
+	.quad	0x8000000080008081
+	.quad	0x8000000000008009
+	.quad	0x000000000000008a
+	.quad	0x0000000000000088
+	.quad	0x0000000080008009
+	.quad	0x000000008000000a
+	.quad	0x000000008000808b
+	.quad	0x800000000000008b
+	.quad	0x8000000000008089
+	.quad	0x8000000000008003
+	.quad	0x8000000000008002
+	.quad	0x8000000000000080
+	.quad	0x000000000000800a
+	.quad	0x800000008000000a
+	.quad	0x8000000080008081
+	.quad	0x8000000000008080
+	.quad	0x0000000080000001
+	.quad	0x8000000080008008
+.size	iotas64,.-iotas64
+
+.type	KeccakF1600_neon, %function
+.align	5
+KeccakF1600_neon:
+	add	r1, r0, #16
+	adr	r2, iotas64
+	mov	r3, #24			@ loop counter
+	b	.Loop_neon
+
+.align	4
+.Loop_neon:
+	@ Theta
+	vst1.64		{q4},  [r0:64]		@ offload A[0..1][4]
+	veor		q13, q0,  q5		@ A[0..1][0]^A[2..3][0]
+	vst1.64		{d18}, [r1:64]		@ offload A[2][4]
+	veor		q14, q1,  q6		@ A[0..1][1]^A[2..3][1]
+	veor		q15, q2,  q7		@ A[0..1][2]^A[2..3][2]
+	veor		d26, d26, d27		@ C[0]=A[0][0]^A[1][0]^A[2][0]^A[3][0]
+	veor		d27, d28, d29		@ C[1]=A[0][1]^A[1][1]^A[2][1]^A[3][1]
+	veor		q14, q3,  q8		@ A[0..1][3]^A[2..3][3]
+	veor		q4,  q4,  q9		@ A[0..1][4]^A[2..3][4]
+	veor		d30, d30, d31		@ C[2]=A[0][2]^A[1][2]^A[2][2]^A[3][2]
+	veor		d31, d28, d29		@ C[3]=A[0][3]^A[1][3]^A[2][3]^A[3][3]
+	veor		d25, d8,  d9		@ C[4]=A[0][4]^A[1][4]^A[2][4]^A[3][4]
+	veor		q13, q13, q10		@ C[0..1]^=A[4][0..1]
+	veor		q14, q15, q11		@ C[2..3]^=A[4][2..3]
+	veor		d25, d25, d24		@ C[4]^=A[4][4]
+
+	vadd.u64	q4,  q13, q13		@ C[0..1]<<1
+	vadd.u64	q15, q14, q14		@ C[2..3]<<1
+	vadd.u64	d18, d25, d25		@ C[4]<<1
+	vsri.u64	q4,  q13, #63		@ ROL64(C[0..1],1)
+	vsri.u64	q15, q14, #63		@ ROL64(C[2..3],1)
+	vsri.u64	d18, d25, #63		@ ROL64(C[4],1)
+	veor		d25, d25, d9		@ D[0] = C[4] ^= ROL64(C[1],1)
+	veor		q13, q13, q15		@ D[1..2] = C[0..1] ^ ROL64(C[2..3],1)
+	veor		d28, d28, d18		@ D[3] = C[2] ^= ROL64(C[4],1)
+	veor		d29, d29, d8		@ D[4] = C[3] ^= ROL64(C[0],1)
+
+	veor		d0,  d0,  d25		@ A[0][0] ^= C[4]
+	veor		d1,  d1,  d25		@ A[1][0] ^= C[4]
+	veor		d10, d10, d25		@ A[2][0] ^= C[4]
+	veor		d11, d11, d25		@ A[3][0] ^= C[4]
+	veor		d20, d20, d25		@ A[4][0] ^= C[4]
+
+	veor		d2,  d2,  d26		@ A[0][1] ^= D[1]
+	veor		d3,  d3,  d26		@ A[1][1] ^= D[1]
+	veor		d12, d12, d26		@ A[2][1] ^= D[1]
+	veor		d13, d13, d26		@ A[3][1] ^= D[1]
+	veor		d21, d21, d26		@ A[4][1] ^= D[1]
+	vmov		d26, d27
+
+	veor		d6,  d6,  d28		@ A[0][3] ^= C[2]
+	veor		d7,  d7,  d28		@ A[1][3] ^= C[2]
+	veor		d16, d16, d28		@ A[2][3] ^= C[2]
+	veor		d17, d17, d28		@ A[3][3] ^= C[2]
+	veor		d23, d23, d28		@ A[4][3] ^= C[2]
+	vld1.64		{q4},  [r0:64]		@ restore A[0..1][4]
+	vmov		d28, d29
+
+	vld1.64		{d18}, [r1:64]		@ restore A[2][4]
+	veor		q2,  q2,  q13		@ A[0..1][2] ^= D[2]
+	veor		q7,  q7,  q13		@ A[2..3][2] ^= D[2]
+	veor		d22, d22, d27		@ A[4][2]    ^= D[2]
+
+	veor		q4,  q4,  q14		@ A[0..1][4] ^= C[3]
+	veor		q9,  q9,  q14		@ A[2..3][4] ^= C[3]
+	veor		d24, d24, d29		@ A[4][4]    ^= C[3]
+
+	@ Rho + Pi
+	vmov		d26, d2			@ C[1] = A[0][1]
+	vshl.u64	d2,  d3,  #44
+	vmov		d27, d4			@ C[2] = A[0][2]
+	vshl.u64	d4,  d14, #43
+	vmov		d28, d6			@ C[3] = A[0][3]
+	vshl.u64	d6,  d17, #21
+	vmov		d29, d8			@ C[4] = A[0][4]
+	vshl.u64	d8,  d24, #14
+	vsri.u64	d2,  d3,  #64-44	@ A[0][1] = ROL64(A[1][1], rhotates[1][1])
+	vsri.u64	d4,  d14, #64-43	@ A[0][2] = ROL64(A[2][2], rhotates[2][2])
+	vsri.u64	d6,  d17, #64-21	@ A[0][3] = ROL64(A[3][3], rhotates[3][3])
+	vsri.u64	d8,  d24, #64-14	@ A[0][4] = ROL64(A[4][4], rhotates[4][4])
+
+	vshl.u64	d3,  d9,  #20
+	vshl.u64	d14, d16, #25
+	vshl.u64	d17, d15, #15
+	vshl.u64	d24, d21, #2
+	vsri.u64	d3,  d9,  #64-20	@ A[1][1] = ROL64(A[1][4], rhotates[1][4])
+	vsri.u64	d14, d16, #64-25	@ A[2][2] = ROL64(A[2][3], rhotates[2][3])
+	vsri.u64	d17, d15, #64-15	@ A[3][3] = ROL64(A[3][2], rhotates[3][2])
+	vsri.u64	d24, d21, #64-2		@ A[4][4] = ROL64(A[4][1], rhotates[4][1])
+
+	vshl.u64	d9,  d22, #61
+	@ vshl.u64	d16, d19, #8
+	vshl.u64	d15, d12, #10
+	vshl.u64	d21, d7,  #55
+	vsri.u64	d9,  d22, #64-61	@ A[1][4] = ROL64(A[4][2], rhotates[4][2])
+	vext.8		d16, d19, d19, #8-1	@ A[2][3] = ROL64(A[3][4], rhotates[3][4])
+	vsri.u64	d15, d12, #64-10	@ A[3][2] = ROL64(A[2][1], rhotates[2][1])
+	vsri.u64	d21, d7,  #64-55	@ A[4][1] = ROL64(A[1][3], rhotates[1][3])
+
+	vshl.u64	d22, d18, #39
+	@ vshl.u64	d19, d23, #56
+	vshl.u64	d12, d5,  #6
+	vshl.u64	d7,  d13, #45
+	vsri.u64	d22, d18, #64-39	@ A[4][2] = ROL64(A[2][4], rhotates[2][4])
+	vext.8		d19, d23, d23, #8-7	@ A[3][4] = ROL64(A[4][3], rhotates[4][3])
+	vsri.u64	d12, d5,  #64-6		@ A[2][1] = ROL64(A[1][2], rhotates[1][2])
+	vsri.u64	d7,  d13, #64-45	@ A[1][3] = ROL64(A[3][1], rhotates[3][1])
+
+	vshl.u64	d18, d20, #18
+	vshl.u64	d23, d11, #41
+	vshl.u64	d5,  d10, #3
+	vshl.u64	d13, d1,  #36
+	vsri.u64	d18, d20, #64-18	@ A[2][4] = ROL64(A[4][0], rhotates[4][0])
+	vsri.u64	d23, d11, #64-41	@ A[4][3] = ROL64(A[3][0], rhotates[3][0])
+	vsri.u64	d5,  d10, #64-3		@ A[1][2] = ROL64(A[2][0], rhotates[2][0])
+	vsri.u64	d13, d1,  #64-36	@ A[3][1] = ROL64(A[1][0], rhotates[1][0])
+
+	vshl.u64	d1,  d28, #28
+	vshl.u64	d10, d26, #1
+	vshl.u64	d11, d29, #27
+	vshl.u64	d20, d27, #62
+	vsri.u64	d1,  d28, #64-28	@ A[1][0] = ROL64(C[3],    rhotates[0][3])
+	vsri.u64	d10, d26, #64-1		@ A[2][0] = ROL64(C[1],    rhotates[0][1])
+	vsri.u64	d11, d29, #64-27	@ A[3][0] = ROL64(C[4],    rhotates[0][4])
+	vsri.u64	d20, d27, #64-62	@ A[4][0] = ROL64(C[2],    rhotates[0][2])
+
+	@ Chi + Iota
+	vbic		q13, q2,  q1
+	vbic		q14, q3,  q2
+	vbic		q15, q4,  q3
+	veor		q13, q13, q0		@ A[0..1][0] ^ (~A[0..1][1] & A[0..1][2])
+	veor		q14, q14, q1		@ A[0..1][1] ^ (~A[0..1][2] & A[0..1][3])
+	veor		q2,  q2,  q15		@ A[0..1][2] ^= (~A[0..1][3] & A[0..1][4])
+	vst1.64		{q13}, [r0:64]		@ offload A[0..1][0]
+	vbic		q13, q0,  q4
+	vbic		q15, q1,  q0
+	vmov		q1,  q14		@ A[0..1][1]
+	veor		q3,  q3,  q13		@ A[0..1][3] ^= (~A[0..1][4] & A[0..1][0])
+	veor		q4,  q4,  q15		@ A[0..1][4] ^= (~A[0..1][0] & A[0..1][1])
+
+	vbic		q13, q7,  q6
+	vmov		q0,  q5			@ A[2..3][0]
+	vbic		q14, q8,  q7
+	vmov		q15, q6			@ A[2..3][1]
+	veor		q5,  q5,  q13		@ A[2..3][0] ^= (~A[2..3][1] & A[2..3][2])
+	vbic		q13, q9,  q8
+	veor		q6,  q6,  q14		@ A[2..3][1] ^= (~A[2..3][2] & A[2..3][3])
+	vbic		q14, q0,  q9
+	veor		q7,  q7,  q13		@ A[2..3][2] ^= (~A[2..3][3] & A[2..3][4])
+	vbic		q13, q15, q0
+	veor		q8,  q8,  q14		@ A[2..3][3] ^= (~A[2..3][4] & A[2..3][0])
+	vmov		q14, q10		@ A[4][0..1]
+	veor		q9,  q9,  q13		@ A[2..3][4] ^= (~A[2..3][0] & A[2..3][1])
+
+	vld1.64		d25, [r2:64]!		@ Iota[i++]
+	vbic		d26, d22, d21
+	vbic		d27, d23, d22
+	vld1.64		{q0}, [r0:64]		@ restore A[0..1][0]
+	veor		d20, d20, d26		@ A[4][0] ^= (~A[4][1] & A[4][2])
+	vbic		d26, d24, d23
+	veor		d21, d21, d27		@ A[4][1] ^= (~A[4][2] & A[4][3])
+	vbic		d27, d28, d24
+	veor		d22, d22, d26		@ A[4][2] ^= (~A[4][3] & A[4][4])
+	vbic		d26, d29, d28
+	veor		d23, d23, d27		@ A[4][3] ^= (~A[4][4] & A[4][0])
+	veor		d0,  d0,  d25		@ A[0][0] ^= Iota[i]
+	veor		d24, d24, d26		@ A[4][4] ^= (~A[4][0] & A[4][1])
+
+	subs	r3, r3, #1
+	bne	.Loop_neon
+
+	bx	lr
+.size	KeccakF1600_neon,.-KeccakF1600_neon
+
+.global	SHA3_absorb_neon
+.type	SHA3_absorb_neon, %function
+.align	5
+SHA3_absorb_neon:
+	stmdb	sp!, {r4-r6,lr}
+	vstmdb	sp!, {d8-d15}
+
+	mov	r4, r1			@ inp
+	mov	r5, r2			@ len
+	mov	r6, r3			@ bsz
+
+	vld1.32	{d0}, [r0:64]!		@ A[0][0]
+	vld1.32	{d2}, [r0:64]!		@ A[0][1]
+	vld1.32	{d4}, [r0:64]!		@ A[0][2]
+	vld1.32	{d6}, [r0:64]!		@ A[0][3]
+	vld1.32	{d8}, [r0:64]!		@ A[0][4]
+
+	vld1.32	{d1}, [r0:64]!		@ A[1][0]
+	vld1.32	{d3}, [r0:64]!		@ A[1][1]
+	vld1.32	{d5}, [r0:64]!		@ A[1][2]
+	vld1.32	{d7}, [r0:64]!		@ A[1][3]
+	vld1.32	{d9}, [r0:64]!		@ A[1][4]
+
+	vld1.32	{d10}, [r0:64]!		@ A[2][0]
+	vld1.32	{d12}, [r0:64]!		@ A[2][1]
+	vld1.32	{d14}, [r0:64]!		@ A[2][2]
+	vld1.32	{d16}, [r0:64]!		@ A[2][3]
+	vld1.32	{d18}, [r0:64]!		@ A[2][4]
+
+	vld1.32	{d11}, [r0:64]!		@ A[3][0]
+	vld1.32	{d13}, [r0:64]!		@ A[3][1]
+	vld1.32	{d15}, [r0:64]!		@ A[3][2]
+	vld1.32	{d17}, [r0:64]!		@ A[3][3]
+	vld1.32	{d19}, [r0:64]!		@ A[3][4]
+
+	vld1.32	{d20-d23}, [r0:64]!	@ A[4][0..3]
+	vld1.32	{d24}, [r0:64]		@ A[4][4]
+	sub	r0, r0, #24*8		@ rewind
+	b	.Loop_absorb_neon
+
+.align	4
+.Loop_absorb_neon:
+	subs	r12, r5, r6		@ len - bsz
+	blo	.Labsorbed_neon
+	mov	r5, r12
+
+	vld1.8	{d31}, [r4]!		@ endian-neutral loads...
+	cmp	r6, #8*2
+	veor	d0, d0, d31		@ A[0][0] ^= *inp++
+	blo	.Lprocess_neon
+	vld1.8	{d31}, [r4]!
+	veor	d2, d2, d31		@ A[0][1] ^= *inp++
+	beq	.Lprocess_neon
+	vld1.8	{d31}, [r4]!
+	cmp	r6, #8*4
+	veor	d4, d4, d31		@ A[0][2] ^= *inp++
+	blo	.Lprocess_neon
+	vld1.8	{d31}, [r4]!
+	veor	d6, d6, d31		@ A[0][3] ^= *inp++
+	beq	.Lprocess_neon
+	vld1.8	{d31},[r4]!
+	cmp	r6, #8*6
+	veor	d8, d8, d31		@ A[0][4] ^= *inp++
+	blo	.Lprocess_neon
+
+	vld1.8	{d31}, [r4]!
+	veor	d1, d1, d31		@ A[1][0] ^= *inp++
+	beq	.Lprocess_neon
+	vld1.8	{d31}, [r4]!
+	cmp	r6, #8*8
+	veor	d3, d3, d31		@ A[1][1] ^= *inp++
+	blo	.Lprocess_neon
+	vld1.8	{d31}, [r4]!
+	veor	d5, d5, d31		@ A[1][2] ^= *inp++
+	beq	.Lprocess_neon
+	vld1.8	{d31}, [r4]!
+	cmp	r6, #8*10
+	veor	d7, d7, d31		@ A[1][3] ^= *inp++
+	blo	.Lprocess_neon
+	vld1.8	{d31}, [r4]!
+	veor	d9, d9, d31		@ A[1][4] ^= *inp++
+	beq	.Lprocess_neon
+
+	vld1.8	{d31}, [r4]!
+	cmp	r6, #8*12
+	veor	d10, d10, d31		@ A[2][0] ^= *inp++
+	blo	.Lprocess_neon
+	vld1.8	{d31}, [r4]!
+	veor	d12, d12, d31		@ A[2][1] ^= *inp++
+	beq	.Lprocess_neon
+	vld1.8	{d31}, [r4]!
+	cmp	r6, #8*14
+	veor	d14, d14, d31		@ A[2][2] ^= *inp++
+	blo	.Lprocess_neon
+	vld1.8	{d31}, [r4]!
+	veor	d16, d16, d31		@ A[2][3] ^= *inp++
+	beq	.Lprocess_neon
+	vld1.8	{d31}, [r4]!
+	cmp	r6, #8*16
+	veor	d18, d18, d31		@ A[2][4] ^= *inp++
+	blo	.Lprocess_neon
+
+	vld1.8	{d31}, [r4]!
+	veor	d11, d11, d31		@ A[3][0] ^= *inp++
+	beq	.Lprocess_neon
+	vld1.8	{d31}, [r4]!
+	cmp	r6, #8*18
+	veor	d13, d13, d31		@ A[3][1] ^= *inp++
+	blo	.Lprocess_neon
+	vld1.8	{d31}, [r4]!
+	veor	d15, d15, d31		@ A[3][2] ^= *inp++
+	beq	.Lprocess_neon
+	vld1.8	{d31}, [r4]!
+	cmp	r6, #8*20
+	veor	d17, d17, d31		@ A[3][3] ^= *inp++
+	blo	.Lprocess_neon
+	vld1.8	{d31}, [r4]!
+	veor	d19, d19, d31		@ A[3][4] ^= *inp++
+	beq	.Lprocess_neon
+
+	vld1.8	{d31}, [r4]!
+	cmp	r6, #8*22
+	veor	d20, d20, d31		@ A[4][0] ^= *inp++
+	blo	.Lprocess_neon
+	vld1.8	{d31}, [r4]!
+	veor	d21, d21, d31		@ A[4][1] ^= *inp++
+	beq	.Lprocess_neon
+	vld1.8	{d31}, [r4]!
+	cmp	r6, #8*24
+	veor	d22, d22, d31		@ A[4][2] ^= *inp++
+	blo	.Lprocess_neon
+	vld1.8	{d31}, [r4]!
+	veor	d23, d23, d31		@ A[4][3] ^= *inp++
+	beq	.Lprocess_neon
+	vld1.8	{d31}, [r4]!
+	veor	d24, d24, d31		@ A[4][4] ^= *inp++
+
+.Lprocess_neon:
+	bl	KeccakF1600_neon
+	b 	.Loop_absorb_neon
+
+.align	4
+.Labsorbed_neon:
+	vst1.32	{d0}, [r0:64]!		@ A[0][0..4]
+	vst1.32	{d2}, [r0:64]!
+	vst1.32	{d4}, [r0:64]!
+	vst1.32	{d6}, [r0:64]!
+	vst1.32	{d8}, [r0:64]!
+
+	vst1.32	{d1}, [r0:64]!		@ A[1][0..4]
+	vst1.32	{d3}, [r0:64]!
+	vst1.32	{d5}, [r0:64]!
+	vst1.32	{d7}, [r0:64]!
+	vst1.32	{d9}, [r0:64]!
+
+	vst1.32	{d10}, [r0:64]!		@ A[2][0..4]
+	vst1.32	{d12}, [r0:64]!
+	vst1.32	{d14}, [r0:64]!
+	vst1.32	{d16}, [r0:64]!
+	vst1.32	{d18}, [r0:64]!
+
+	vst1.32	{d11}, [r0:64]!		@ A[3][0..4]
+	vst1.32	{d13}, [r0:64]!
+	vst1.32	{d15}, [r0:64]!
+	vst1.32	{d17}, [r0:64]!
+	vst1.32	{d19}, [r0:64]!
+
+	vst1.32	{d20-d23}, [r0:64]!	@ A[4][0..4]
+	vst1.32	{d24}, [r0:64]
+
+	mov	r0, r5			@ return value
+	vldmia	sp!, {d8-d15}
+	ldmia	sp!, {r4-r6,pc}
+.size	SHA3_absorb_neon,.-SHA3_absorb_neon
+
+.global	SHA3_squeeze_neon
+.type	SHA3_squeeze_neon, %function
+.align	5
+SHA3_squeeze_neon:
+	stmdb	sp!, {r4-r6,lr}
+
+	mov	r4, r1			@ out
+	mov	r5, r2			@ len
+	mov	r6, r3			@ bsz
+	mov	r12, r0			@ A_flat
+	mov	r14, r3			@ bsz
+	b	.Loop_squeeze_neon
+
+.align	4
+.Loop_squeeze_neon:
+	cmp	r5, #8
+	blo	.Lsqueeze_neon_tail
+	vld1.32	{d0}, [r12]!
+	vst1.8	{d0}, [r4]!		@ endian-neutral store
+
+	subs	r5, r5, #8		@ len -= 8
+	beq	.Lsqueeze_neon_done
+
+	subs	r14, r14, #8		@ bsz -= 8
+	bhi	.Loop_squeeze_neon
+
+	vstmdb	sp!,  {d8-d15}
+
+	vld1.32	{d0}, [r0:64]!		@ A[0][0..4]
+	vld1.32	{d2}, [r0:64]!
+	vld1.32	{d4}, [r0:64]!
+	vld1.32	{d6}, [r0:64]!
+	vld1.32	{d8}, [r0:64]!
+
+	vld1.32	{d1}, [r0:64]!		@ A[1][0..4]
+	vld1.32	{d3}, [r0:64]!
+	vld1.32	{d5}, [r0:64]!
+	vld1.32	{d7}, [r0:64]!
+	vld1.32	{d9}, [r0:64]!
+
+	vld1.32	{d10}, [r0:64]!		@ A[2][0..4]
+	vld1.32	{d12}, [r0:64]!
+	vld1.32	{d14}, [r0:64]!
+	vld1.32	{d16}, [r0:64]!
+	vld1.32	{d18}, [r0:64]!
+
+	vld1.32	{d11}, [r0:64]!		@ A[3][0..4]
+	vld1.32	{d13}, [r0:64]!
+	vld1.32	{d15}, [r0:64]!
+	vld1.32	{d17}, [r0:64]!
+	vld1.32	{d19}, [r0:64]!
+
+	vld1.32	{d20-d23}, [r0:64]!	@ A[4][0..4]
+	vld1.32	{d24}, [r0:64]
+	sub	r0, r0, #24*8		@ rewind
+
+	bl	KeccakF1600_neon
+
+	mov	r12, r0			@ A_flat
+	vst1.32	{d0}, [r0:64]!		@ A[0][0..4]
+	vst1.32	{d2}, [r0:64]!
+	vst1.32	{d4}, [r0:64]!
+	vst1.32	{d6}, [r0:64]!
+	vst1.32	{d8}, [r0:64]!
+
+	vst1.32	{d1}, [r0:64]!		@ A[1][0..4]
+	vst1.32	{d3}, [r0:64]!
+	vst1.32	{d5}, [r0:64]!
+	vst1.32	{d7}, [r0:64]!
+	vst1.32	{d9}, [r0:64]!
+
+	vst1.32	{d10}, [r0:64]!		@ A[2][0..4]
+	vst1.32	{d12}, [r0:64]!
+	vst1.32	{d14}, [r0:64]!
+	vst1.32	{d16}, [r0:64]!
+	vst1.32	{d18}, [r0:64]!
+
+	vst1.32	{d11}, [r0:64]!		@ A[3][0..4]
+	vst1.32	{d13}, [r0:64]!
+	vst1.32	{d15}, [r0:64]!
+	vst1.32	{d17}, [r0:64]!
+	vst1.32	{d19}, [r0:64]!
+
+	vst1.32	{d20-d23}, [r0:64]!	@ A[4][0..4]
+	mov	r14, r6			@ bsz
+	vst1.32	{d24}, [r0:64]
+	mov	r0,  r12		@ rewind
+
+	vldmia	sp!, {d8-d15}
+	b	.Loop_squeeze_neon
+
+.align	4
+.Lsqueeze_neon_tail:
+	ldmia	r12, {r2,r3}
+	cmp	r5, #2
+	strb	r2, [r4],#1		@ endian-neutral store
+	lsr	r2, r2, #8
+	blo	.Lsqueeze_neon_done
+	strb	r2, [r4], #1
+	lsr	r2, r2, #8
+	beq	.Lsqueeze_neon_done
+	strb	r2, [r4], #1
+	lsr	r2, r2, #8
+	cmp	r5, #4
+	blo	.Lsqueeze_neon_done
+	strb	r2, [r4], #1
+	beq	.Lsqueeze_neon_done
+
+	strb	r3, [r4], #1
+	lsr	r3, r3, #8
+	cmp	r5, #6
+	blo	.Lsqueeze_neon_done
+	strb	r3, [r4], #1
+	lsr	r3, r3, #8
+	beq	.Lsqueeze_neon_done
+	strb	r3, [r4], #1
+
+.Lsqueeze_neon_done:
+	ldmia	sp!, {r4-r6,pc}
+.size	SHA3_squeeze_neon,.-SHA3_squeeze_neon
+#endif
+.asciz	"Keccak-1600 absorb and squeeze for ARMv4/NEON, CRYPTOGAMS by <appro\@openssl.org>"
+.align	2
+___
+
+{
+    my %ldr, %str;
+
+    sub ldrd {
+	my ($mnemonic,$half,$reg,$ea) = @_;
+	my $op = $mnemonic eq "ldr" ? \%ldr : \%str;
+
+	if ($half eq "l") {
+	    $$op{reg} = $reg;
+	    $$op{ea}  = $ea;
+	    sprintf "#ifndef	__thumb2__\n"	.
+		    "	%s\t%s,%s\n"		.
+		    "#endif", $mnemonic,$reg,$ea;
+	} else {
+	    sprintf "#ifndef	__thumb2__\n"	.
+		    "	%s\t%s,%s\n"		.
+		    "#else\n"			.
+		    "	%sd\t%s,%s,%s\n"	.
+		    "#endif",	$mnemonic,$reg,$ea,
+				$mnemonic,$$op{reg},$reg,$$op{ea};
+	}
+    }
+}
+
+foreach (split($/,$code)) {
+	s/\`([^\`]*)\`/eval $1/ge;
+
+	s/^\s+(ldr|str)\.([lh])\s+(r[0-9]+),\s*(\[.*)/ldrd($1,$2,$3,$4)/ge or
+	s/\b(ror|ls[rl])\s+(r[0-9]+.*)#/mov	$2$1#/g or
+	s/\bret\b/bx	lr/g		or
+	s/\bbx\s+lr\b/.word\t0xe12fff1e/g;	# make it possible to compile with -march=armv4
+
+	print $_,"\n";
+}
+
+close STDOUT; # enforce flush
diff --git a/deps/openssl/openssl/crypto/sha/asm/keccak1600-armv8.pl b/deps/openssl/openssl/crypto/sha/asm/keccak1600-armv8.pl
new file mode 100755
index 0000000000..704ab4a7e4
--- /dev/null
+++ b/deps/openssl/openssl/crypto/sha/asm/keccak1600-armv8.pl
@@ -0,0 +1,866 @@
+#!/usr/bin/env perl
+# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# Keccak-1600 for ARMv8.
+#
+# June 2017.
+#
+# This is straightforward KECCAK_1X_ALT implementation. It makes no
+# sense to attempt SIMD/NEON implementation for following reason.
+# 64-bit lanes of vector registers can't be addressed as easily as in
+# 32-bit mode. This means that 64-bit NEON is bound to be slower than
+# 32-bit NEON, and this implementation is faster than 32-bit NEON on
+# same processor. Even though it takes more scalar xor's and andn's,
+# it gets compensated by availability of rotate. Not to forget that
+# most processors achieve higher issue rate with scalar instructions.
+#
+# February 2018.
+#
+# Add hardware-assisted ARMv8.2 implementation. It's KECCAK_1X_ALT
+# variant with register permutation/rotation twist that allows to
+# eliminate copies to temporary registers. If you look closely you'll
+# notice that it uses only one lane of vector registers. The new
+# instructions effectively facilitate parallel hashing, which we don't
+# support [yet?]. But lowest-level core procedure is prepared for it.
+# The inner round is 67 [vector] instructions, so it's not actually
+# obvious that it will provide performance improvement [in serial
+# hash] as long as vector instructions issue rate is limited to 1 per
+# cycle...
+#
+######################################################################
+# Numbers are cycles per processed byte.
+#
+#		r=1088(*)
+#
+# Cortex-A53	13
+# Cortex-A57	12
+# X-Gene	14
+# Mongoose	10
+# Kryo		12
+# Denver	7.8
+# Apple A7	7.2
+#
+# (*)	Corresponds to SHA3-256. No improvement coefficients are listed
+#	because they vary too much from compiler to compiler. Newer
+#	compiler does much better and improvement varies from 5% on
+#	Cortex-A57 to 25% on Cortex-A53. While in comparison to older
+#	compiler this code is at least 2x faster...
+
+$flavour = shift;
+$output  = shift;
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or
+die "can't locate arm-xlate.pl";
+
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
+
+my @rhotates = ([  0,  1, 62, 28, 27 ],
+                [ 36, 44,  6, 55, 20 ],
+                [  3, 10, 43, 25, 39 ],
+                [ 41, 45, 15, 21,  8 ],
+                [ 18,  2, 61, 56, 14 ]);
+
+$code.=<<___;
+.text
+
+.align 8	// strategic alignment and padding that allows to use
+		// address value as loop termination condition...
+	.quad	0,0,0,0,0,0,0,0
+.type	iotas,%object
+iotas:
+	.quad	0x0000000000000001
+	.quad	0x0000000000008082
+	.quad	0x800000000000808a
+	.quad	0x8000000080008000
+	.quad	0x000000000000808b
+	.quad	0x0000000080000001
+	.quad	0x8000000080008081
+	.quad	0x8000000000008009
+	.quad	0x000000000000008a
+	.quad	0x0000000000000088
+	.quad	0x0000000080008009
+	.quad	0x000000008000000a
+	.quad	0x000000008000808b
+	.quad	0x800000000000008b
+	.quad	0x8000000000008089
+	.quad	0x8000000000008003
+	.quad	0x8000000000008002
+	.quad	0x8000000000000080
+	.quad	0x000000000000800a
+	.quad	0x800000008000000a
+	.quad	0x8000000080008081
+	.quad	0x8000000000008080
+	.quad	0x0000000080000001
+	.quad	0x8000000080008008
+.size	iotas,.-iotas
+___
+								{{{
+my @A = map([ "x$_", "x".($_+1), "x".($_+2), "x".($_+3), "x".($_+4) ],
+            (0, 5, 10, 15, 20));
+   $A[3][3] = "x25"; # x18 is reserved
+
+my @C = map("x$_", (26,27,28,30));
+
+$code.=<<___;
+.type	KeccakF1600_int,%function
+.align	5
+KeccakF1600_int:
+	adr	$C[2],iotas
+	stp	$C[2],x30,[sp,#16]		// 32 bytes on top are mine
+	b	.Loop
+.align	4
+.Loop:
+	////////////////////////////////////////// Theta
+	eor	$C[0],$A[0][0],$A[1][0]
+	stp	$A[0][4],$A[1][4],[sp,#0]	// offload pair...
+	eor	$C[1],$A[0][1],$A[1][1]
+	eor	$C[2],$A[0][2],$A[1][2]
+	eor	$C[3],$A[0][3],$A[1][3]
+___
+	$C[4]=$A[0][4];
+	$C[5]=$A[1][4];
+$code.=<<___;
+	eor	$C[4],$A[0][4],$A[1][4]
+	eor	$C[0],$C[0],$A[2][0]
+	eor	$C[1],$C[1],$A[2][1]
+	eor	$C[2],$C[2],$A[2][2]
+	eor	$C[3],$C[3],$A[2][3]
+	eor	$C[4],$C[4],$A[2][4]
+	eor	$C[0],$C[0],$A[3][0]
+	eor	$C[1],$C[1],$A[3][1]
+	eor	$C[2],$C[2],$A[3][2]
+	eor	$C[3],$C[3],$A[3][3]
+	eor	$C[4],$C[4],$A[3][4]
+	eor	$C[0],$C[0],$A[4][0]
+	eor	$C[2],$C[2],$A[4][2]
+	eor	$C[1],$C[1],$A[4][1]
+	eor	$C[3],$C[3],$A[4][3]
+	eor	$C[4],$C[4],$A[4][4]
+
+	eor	$C[5],$C[0],$C[2],ror#63
+
+	eor	$A[0][1],$A[0][1],$C[5]
+	eor	$A[1][1],$A[1][1],$C[5]
+	eor	$A[2][1],$A[2][1],$C[5]
+	eor	$A[3][1],$A[3][1],$C[5]
+	eor	$A[4][1],$A[4][1],$C[5]
+
+	eor	$C[5],$C[1],$C[3],ror#63
+	eor	$C[2],$C[2],$C[4],ror#63
+	eor	$C[3],$C[3],$C[0],ror#63
+	eor	$C[4],$C[4],$C[1],ror#63
+
+	eor	$C[1],   $A[0][2],$C[5]		// mov	$C[1],$A[0][2]
+	eor	$A[1][2],$A[1][2],$C[5]
+	eor	$A[2][2],$A[2][2],$C[5]
+	eor	$A[3][2],$A[3][2],$C[5]
+	eor	$A[4][2],$A[4][2],$C[5]
+
+	eor	$A[0][0],$A[0][0],$C[4]
+	eor	$A[1][0],$A[1][0],$C[4]
+	eor	$A[2][0],$A[2][0],$C[4]
+	eor	$A[3][0],$A[3][0],$C[4]
+	eor	$A[4][0],$A[4][0],$C[4]
+___
+	$C[4]=undef;
+	$C[5]=undef;
+$code.=<<___;
+	ldp	$A[0][4],$A[1][4],[sp,#0]	// re-load offloaded data
+	eor	$C[0],   $A[0][3],$C[2]		// mov	$C[0],$A[0][3]
+	eor	$A[1][3],$A[1][3],$C[2]
+	eor	$A[2][3],$A[2][3],$C[2]
+	eor	$A[3][3],$A[3][3],$C[2]
+	eor	$A[4][3],$A[4][3],$C[2]
+
+	eor	$C[2],   $A[0][4],$C[3]		// mov	$C[2],$A[0][4]
+	eor	$A[1][4],$A[1][4],$C[3]
+	eor	$A[2][4],$A[2][4],$C[3]
+	eor	$A[3][4],$A[3][4],$C[3]
+	eor	$A[4][4],$A[4][4],$C[3]
+
+	////////////////////////////////////////// Rho+Pi
+	mov	$C[3],$A[0][1]
+	ror	$A[0][1],$A[1][1],#64-$rhotates[1][1]
+	//mov	$C[1],$A[0][2]
+	ror	$A[0][2],$A[2][2],#64-$rhotates[2][2]
+	//mov	$C[0],$A[0][3]
+	ror	$A[0][3],$A[3][3],#64-$rhotates[3][3]
+	//mov	$C[2],$A[0][4]
+	ror	$A[0][4],$A[4][4],#64-$rhotates[4][4]
+
+	ror	$A[1][1],$A[1][4],#64-$rhotates[1][4]
+	ror	$A[2][2],$A[2][3],#64-$rhotates[2][3]
+	ror	$A[3][3],$A[3][2],#64-$rhotates[3][2]
+	ror	$A[4][4],$A[4][1],#64-$rhotates[4][1]
+
+	ror	$A[1][4],$A[4][2],#64-$rhotates[4][2]
+	ror	$A[2][3],$A[3][4],#64-$rhotates[3][4]
+	ror	$A[3][2],$A[2][1],#64-$rhotates[2][1]
+	ror	$A[4][1],$A[1][3],#64-$rhotates[1][3]
+
+	ror	$A[4][2],$A[2][4],#64-$rhotates[2][4]
+	ror	$A[3][4],$A[4][3],#64-$rhotates[4][3]
+	ror	$A[2][1],$A[1][2],#64-$rhotates[1][2]
+	ror	$A[1][3],$A[3][1],#64-$rhotates[3][1]
+
+	ror	$A[2][4],$A[4][0],#64-$rhotates[4][0]
+	ror	$A[4][3],$A[3][0],#64-$rhotates[3][0]
+	ror	$A[1][2],$A[2][0],#64-$rhotates[2][0]
+	ror	$A[3][1],$A[1][0],#64-$rhotates[1][0]
+
+	ror	$A[1][0],$C[0],#64-$rhotates[0][3]
+	ror	$A[2][0],$C[3],#64-$rhotates[0][1]
+	ror	$A[3][0],$C[2],#64-$rhotates[0][4]
+	ror	$A[4][0],$C[1],#64-$rhotates[0][2]
+
+	////////////////////////////////////////// Chi+Iota
+	bic	$C[0],$A[0][2],$A[0][1]
+	bic	$C[1],$A[0][3],$A[0][2]
+	bic	$C[2],$A[0][0],$A[0][4]
+	bic	$C[3],$A[0][1],$A[0][0]
+	eor	$A[0][0],$A[0][0],$C[0]
+	bic	$C[0],$A[0][4],$A[0][3]
+	eor	$A[0][1],$A[0][1],$C[1]
+	 ldr	$C[1],[sp,#16]
+	eor	$A[0][3],$A[0][3],$C[2]
+	eor	$A[0][4],$A[0][4],$C[3]
+	eor	$A[0][2],$A[0][2],$C[0]
+	 ldr	$C[3],[$C[1]],#8		// Iota[i++]
+
+	bic	$C[0],$A[1][2],$A[1][1]
+	 tst	$C[1],#255			// are we done?
+	 str	$C[1],[sp,#16]
+	bic	$C[1],$A[1][3],$A[1][2]
+	bic	$C[2],$A[1][0],$A[1][4]
+	 eor	$A[0][0],$A[0][0],$C[3]		// A[0][0] ^= Iota
+	bic	$C[3],$A[1][1],$A[1][0]
+	eor	$A[1][0],$A[1][0],$C[0]
+	bic	$C[0],$A[1][4],$A[1][3]
+	eor	$A[1][1],$A[1][1],$C[1]
+	eor	$A[1][3],$A[1][3],$C[2]
+	eor	$A[1][4],$A[1][4],$C[3]
+	eor	$A[1][2],$A[1][2],$C[0]
+
+	bic	$C[0],$A[2][2],$A[2][1]
+	bic	$C[1],$A[2][3],$A[2][2]
+	bic	$C[2],$A[2][0],$A[2][4]
+	bic	$C[3],$A[2][1],$A[2][0]
+	eor	$A[2][0],$A[2][0],$C[0]
+	bic	$C[0],$A[2][4],$A[2][3]
+	eor	$A[2][1],$A[2][1],$C[1]
+	eor	$A[2][3],$A[2][3],$C[2]
+	eor	$A[2][4],$A[2][4],$C[3]
+	eor	$A[2][2],$A[2][2],$C[0]
+
+	bic	$C[0],$A[3][2],$A[3][1]
+	bic	$C[1],$A[3][3],$A[3][2]
+	bic	$C[2],$A[3][0],$A[3][4]
+	bic	$C[3],$A[3][1],$A[3][0]
+	eor	$A[3][0],$A[3][0],$C[0]
+	bic	$C[0],$A[3][4],$A[3][3]
+	eor	$A[3][1],$A[3][1],$C[1]
+	eor	$A[3][3],$A[3][3],$C[2]
+	eor	$A[3][4],$A[3][4],$C[3]
+	eor	$A[3][2],$A[3][2],$C[0]
+
+	bic	$C[0],$A[4][2],$A[4][1]
+	bic	$C[1],$A[4][3],$A[4][2]
+	bic	$C[2],$A[4][0],$A[4][4]
+	bic	$C[3],$A[4][1],$A[4][0]
+	eor	$A[4][0],$A[4][0],$C[0]
+	bic	$C[0],$A[4][4],$A[4][3]
+	eor	$A[4][1],$A[4][1],$C[1]
+	eor	$A[4][3],$A[4][3],$C[2]
+	eor	$A[4][4],$A[4][4],$C[3]
+	eor	$A[4][2],$A[4][2],$C[0]
+
+	bne	.Loop
+
+	ldr	x30,[sp,#24]
+	ret
+.size	KeccakF1600_int,.-KeccakF1600_int
+
+.type	KeccakF1600,%function
+.align	5
+KeccakF1600:
+	stp	x29,x30,[sp,#-128]!
+	add	x29,sp,#0
+	stp	x19,x20,[sp,#16]
+	stp	x21,x22,[sp,#32]
+	stp	x23,x24,[sp,#48]
+	stp	x25,x26,[sp,#64]
+	stp	x27,x28,[sp,#80]
+	sub	sp,sp,#48
+
+	str	x0,[sp,#32]			// offload argument
+	mov	$C[0],x0
+	ldp	$A[0][0],$A[0][1],[x0,#16*0]
+	ldp	$A[0][2],$A[0][3],[$C[0],#16*1]
+	ldp	$A[0][4],$A[1][0],[$C[0],#16*2]
+	ldp	$A[1][1],$A[1][2],[$C[0],#16*3]
+	ldp	$A[1][3],$A[1][4],[$C[0],#16*4]
+	ldp	$A[2][0],$A[2][1],[$C[0],#16*5]
+	ldp	$A[2][2],$A[2][3],[$C[0],#16*6]
+	ldp	$A[2][4],$A[3][0],[$C[0],#16*7]
+	ldp	$A[3][1],$A[3][2],[$C[0],#16*8]
+	ldp	$A[3][3],$A[3][4],[$C[0],#16*9]
+	ldp	$A[4][0],$A[4][1],[$C[0],#16*10]
+	ldp	$A[4][2],$A[4][3],[$C[0],#16*11]
+	ldr	$A[4][4],[$C[0],#16*12]
+
+	bl	KeccakF1600_int
+
+	ldr	$C[0],[sp,#32]
+	stp	$A[0][0],$A[0][1],[$C[0],#16*0]
+	stp	$A[0][2],$A[0][3],[$C[0],#16*1]
+	stp	$A[0][4],$A[1][0],[$C[0],#16*2]
+	stp	$A[1][1],$A[1][2],[$C[0],#16*3]
+	stp	$A[1][3],$A[1][4],[$C[0],#16*4]
+	stp	$A[2][0],$A[2][1],[$C[0],#16*5]
+	stp	$A[2][2],$A[2][3],[$C[0],#16*6]
+	stp	$A[2][4],$A[3][0],[$C[0],#16*7]
+	stp	$A[3][1],$A[3][2],[$C[0],#16*8]
+	stp	$A[3][3],$A[3][4],[$C[0],#16*9]
+	stp	$A[4][0],$A[4][1],[$C[0],#16*10]
+	stp	$A[4][2],$A[4][3],[$C[0],#16*11]
+	str	$A[4][4],[$C[0],#16*12]
+
+	ldp	x19,x20,[x29,#16]
+	add	sp,sp,#48
+	ldp	x21,x22,[x29,#32]
+	ldp	x23,x24,[x29,#48]
+	ldp	x25,x26,[x29,#64]
+	ldp	x27,x28,[x29,#80]
+	ldp	x29,x30,[sp],#128
+	ret
+.size	KeccakF1600,.-KeccakF1600
+
+.globl	SHA3_absorb
+.type	SHA3_absorb,%function
+.align	5
+SHA3_absorb:
+	stp	x29,x30,[sp,#-128]!
+	add	x29,sp,#0
+	stp	x19,x20,[sp,#16]
+	stp	x21,x22,[sp,#32]
+	stp	x23,x24,[sp,#48]
+	stp	x25,x26,[sp,#64]
+	stp	x27,x28,[sp,#80]
+	sub	sp,sp,#64
+
+	stp	x0,x1,[sp,#32]			// offload arguments
+	stp	x2,x3,[sp,#48]
+
+	mov	$C[0],x0			// uint64_t A[5][5]
+	mov	$C[1],x1			// const void *inp
+	mov	$C[2],x2			// size_t len
+	mov	$C[3],x3			// size_t bsz
+	ldp	$A[0][0],$A[0][1],[$C[0],#16*0]
+	ldp	$A[0][2],$A[0][3],[$C[0],#16*1]
+	ldp	$A[0][4],$A[1][0],[$C[0],#16*2]
+	ldp	$A[1][1],$A[1][2],[$C[0],#16*3]
+	ldp	$A[1][3],$A[1][4],[$C[0],#16*4]
+	ldp	$A[2][0],$A[2][1],[$C[0],#16*5]
+	ldp	$A[2][2],$A[2][3],[$C[0],#16*6]
+	ldp	$A[2][4],$A[3][0],[$C[0],#16*7]
+	ldp	$A[3][1],$A[3][2],[$C[0],#16*8]
+	ldp	$A[3][3],$A[3][4],[$C[0],#16*9]
+	ldp	$A[4][0],$A[4][1],[$C[0],#16*10]
+	ldp	$A[4][2],$A[4][3],[$C[0],#16*11]
+	ldr	$A[4][4],[$C[0],#16*12]
+	b	.Loop_absorb
+
+.align	4
+.Loop_absorb:
+	subs	$C[0],$C[2],$C[3]		// len - bsz
+	blo	.Labsorbed
+
+	str	$C[0],[sp,#48]			// save len - bsz
+___
+for (my $i=0; $i<24; $i+=2) {
+my $j = $i+1;
+$code.=<<___;
+	ldr	$C[0],[$C[1]],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev	$C[0],$C[0]
+#endif
+	eor	$A[$i/5][$i%5],$A[$i/5][$i%5],$C[0]
+	cmp	$C[3],#8*($i+2)
+	blo	.Lprocess_block
+	ldr	$C[0],[$C[1]],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev	$C[0],$C[0]
+#endif
+	eor	$A[$j/5][$j%5],$A[$j/5][$j%5],$C[0]
+	beq	.Lprocess_block
+___
+}
+$code.=<<___;
+	ldr	$C[0],[$C[1]],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev	$C[0],$C[0]
+#endif
+	eor	$A[4][4],$A[4][4],$C[0]
+
+.Lprocess_block:
+	str	$C[1],[sp,#40]			// save inp
+
+	bl	KeccakF1600_int
+
+	ldr	$C[1],[sp,#40]			// restore arguments
+	ldp	$C[2],$C[3],[sp,#48]
+	b	.Loop_absorb
+
+.align	4
+.Labsorbed:
+	ldr	$C[1],[sp,#32]
+	stp	$A[0][0],$A[0][1],[$C[1],#16*0]
+	stp	$A[0][2],$A[0][3],[$C[1],#16*1]
+	stp	$A[0][4],$A[1][0],[$C[1],#16*2]
+	stp	$A[1][1],$A[1][2],[$C[1],#16*3]
+	stp	$A[1][3],$A[1][4],[$C[1],#16*4]
+	stp	$A[2][0],$A[2][1],[$C[1],#16*5]
+	stp	$A[2][2],$A[2][3],[$C[1],#16*6]
+	stp	$A[2][4],$A[3][0],[$C[1],#16*7]
+	stp	$A[3][1],$A[3][2],[$C[1],#16*8]
+	stp	$A[3][3],$A[3][4],[$C[1],#16*9]
+	stp	$A[4][0],$A[4][1],[$C[1],#16*10]
+	stp	$A[4][2],$A[4][3],[$C[1],#16*11]
+	str	$A[4][4],[$C[1],#16*12]
+
+	mov	x0,$C[2]			// return value
+	ldp	x19,x20,[x29,#16]
+	add	sp,sp,#64
+	ldp	x21,x22,[x29,#32]
+	ldp	x23,x24,[x29,#48]
+	ldp	x25,x26,[x29,#64]
+	ldp	x27,x28,[x29,#80]
+	ldp	x29,x30,[sp],#128
+	ret
+.size	SHA3_absorb,.-SHA3_absorb
+___
+{
+my ($A_flat,$out,$len,$bsz) = map("x$_",(19..22));
+$code.=<<___;
+.globl	SHA3_squeeze
+.type	SHA3_squeeze,%function
+.align	5
+SHA3_squeeze:
+	stp	x29,x30,[sp,#-48]!
+	add	x29,sp,#0
+	stp	x19,x20,[sp,#16]
+	stp	x21,x22,[sp,#32]
+
+	mov	$A_flat,x0			// put aside arguments
+	mov	$out,x1
+	mov	$len,x2
+	mov	$bsz,x3
+
+.Loop_squeeze:
+	ldr	x4,[x0],#8
+	cmp	$len,#8
+	blo	.Lsqueeze_tail
+#ifdef	__AARCH64EB__
+	rev	x4,x4
+#endif
+	str	x4,[$out],#8
+	subs	$len,$len,#8
+	beq	.Lsqueeze_done
+
+	subs	x3,x3,#8
+	bhi	.Loop_squeeze
+
+	mov	x0,$A_flat
+	bl	KeccakF1600
+	mov	x0,$A_flat
+	mov	x3,$bsz
+	b	.Loop_squeeze
+
+.align	4
+.Lsqueeze_tail:
+	strb	w4,[$out],#1
+	lsr	x4,x4,#8
+	subs	$len,$len,#1
+	beq	.Lsqueeze_done
+	strb	w4,[$out],#1
+	lsr	x4,x4,#8
+	subs	$len,$len,#1
+	beq	.Lsqueeze_done
+	strb	w4,[$out],#1
+	lsr	x4,x4,#8
+	subs	$len,$len,#1
+	beq	.Lsqueeze_done
+	strb	w4,[$out],#1
+	lsr	x4,x4,#8
+	subs	$len,$len,#1
+	beq	.Lsqueeze_done
+	strb	w4,[$out],#1
+	lsr	x4,x4,#8
+	subs	$len,$len,#1
+	beq	.Lsqueeze_done
+	strb	w4,[$out],#1
+	lsr	x4,x4,#8
+	subs	$len,$len,#1
+	beq	.Lsqueeze_done
+	strb	w4,[$out],#1
+
+.Lsqueeze_done:
+	ldp	x19,x20,[sp,#16]
+	ldp	x21,x22,[sp,#32]
+	ldp	x29,x30,[sp],#48
+	ret
+.size	SHA3_squeeze,.-SHA3_squeeze
+___
+}								}}}
+								{{{
+my @A = map([ "v".$_.".16b", "v".($_+1).".16b", "v".($_+2).".16b",
+                             "v".($_+3).".16b", "v".($_+4).".16b" ],
+            (0, 5, 10, 15, 20));
+
+my @C = map("v$_.16b", (25..31));
+
+$code.=<<___;
+.type	KeccakF1600_ce,%function
+.align	5
+KeccakF1600_ce:
+	mov	x9,#12
+	adr	x10,iotas
+	b	.Loop_ce
+.align	4
+.Loop_ce:
+___
+for($i=0; $i<2; $i++) {
+$code.=<<___;
+	////////////////////////////////////////////////// Theta
+	eor3	$C[0],$A[0][0],$A[1][0],$A[2][0]
+	eor3	$C[1],$A[0][1],$A[1][1],$A[2][1]
+	eor3	$C[2],$A[0][2],$A[1][2],$A[2][2]
+	eor3	$C[3],$A[0][3],$A[1][3],$A[2][3]
+	eor3	$C[4],$A[0][4],$A[1][4],$A[2][4]
+	eor3	$C[0],$C[0],   $A[3][0],$A[4][0]
+	eor3	$C[1],$C[1],   $A[3][1],$A[4][1]
+	eor3	$C[2],$C[2],   $A[3][2],$A[4][2]
+	eor3	$C[3],$C[3],   $A[3][3],$A[4][3]
+	eor3	$C[4],$C[4],   $A[3][4],$A[4][4]
+
+	rax1	$C[5],$C[0],$C[2]			// D[1]
+	rax1	$C[6],$C[1],$C[3]			// D[2]
+	rax1	$C[2],$C[2],$C[4]			// D[3]
+	rax1	$C[3],$C[3],$C[0]			// D[4]
+	rax1	$C[4],$C[4],$C[1]			// D[0]
+
+	////////////////////////////////////////////////// Theta+Rho+Pi
+	xar	$C[0],   $A[1][1],$C[5],#64-$rhotates[1][1]	// C[0]=A[0][1]
+	xar	$A[1][1],$A[1][4],$C[3],#64-$rhotates[1][4]
+	xar	$A[1][4],$A[4][2],$C[6],#64-$rhotates[4][2]
+	xar	$A[4][2],$A[2][4],$C[3],#64-$rhotates[2][4]
+	xar	$A[2][4],$A[4][0],$C[4],#64-$rhotates[4][0]
+
+	xar	$A[4][0],$A[0][2],$C[6],#64-$rhotates[0][2]
+
+	xar	$A[0][2],$A[2][2],$C[6],#64-$rhotates[2][2]
+	xar	$A[2][2],$A[2][3],$C[2],#64-$rhotates[2][3]
+	xar	$A[2][3],$A[3][4],$C[3],#64-$rhotates[3][4]
+	xar	$A[3][4],$A[4][3],$C[2],#64-$rhotates[4][3]
+	xar	$A[4][3],$A[3][0],$C[4],#64-$rhotates[3][0]
+
+	xar	$A[3][0],$A[0][4],$C[3],#64-$rhotates[0][4]
+
+	eor	$A[0][0],$A[0][0],$C[4]
+	ldr	x11,[x10],#8
+
+	xar	$C[1],   $A[3][3],$C[2],#64-$rhotates[3][3]	// C[1]=A[0][3]
+	xar	$A[3][3],$A[3][2],$C[6],#64-$rhotates[3][2]
+	xar	$A[3][2],$A[2][1],$C[5],#64-$rhotates[2][1]
+	xar	$A[2][1],$A[1][2],$C[6],#64-$rhotates[1][2]
+	xar	$A[1][2],$A[2][0],$C[4],#64-$rhotates[2][0]
+
+	xar	$A[2][0],$A[0][1],$C[5],#64-$rhotates[0][1]	// *
+
+	xar	$A[0][4],$A[4][4],$C[3],#64-$rhotates[4][4]
+	xar	$A[4][4],$A[4][1],$C[5],#64-$rhotates[4][1]
+	xar	$A[4][1],$A[1][3],$C[2],#64-$rhotates[1][3]
+	xar	$A[1][3],$A[3][1],$C[5],#64-$rhotates[3][1]
+	xar	$A[3][1],$A[1][0],$C[4],#64-$rhotates[1][0]
+
+	xar	$C[2],   $A[0][3],$C[2],#64-$rhotates[0][3]	// C[2]=A[1][0]
+
+	////////////////////////////////////////////////// Chi+Iota
+	dup	$C[6],x11				// borrow C[6]
+	bcax	$C[3],   $A[0][0],$A[0][2],$C[0]	// *
+	bcax	$A[0][1],$C[0],   $C[1],   $A[0][2]	// *
+	bcax	$A[0][2],$A[0][2],$A[0][4],$C[1]
+	bcax	$A[0][3],$C[1],   $A[0][0],$A[0][4]
+	bcax	$A[0][4],$A[0][4],$C[0],   $A[0][0]
+
+	bcax	$A[1][0],$C[2],   $A[1][2],$A[1][1]	// *
+	bcax	$C[0],   $A[1][1],$A[1][3],$A[1][2]	// *
+	bcax	$A[1][2],$A[1][2],$A[1][4],$A[1][3]
+	bcax	$A[1][3],$A[1][3],$C[2],   $A[1][4]
+	bcax	$A[1][4],$A[1][4],$A[1][1],$C[2]
+
+	eor	$A[0][0],$C[3],$C[6]			// Iota
+
+	bcax	$C[1],   $A[2][0],$A[2][2],$A[2][1]	// *
+	bcax	$C[2],   $A[2][1],$A[2][3],$A[2][2]	// *
+	bcax	$A[2][2],$A[2][2],$A[2][4],$A[2][3]
+	bcax	$A[2][3],$A[2][3],$A[2][0],$A[2][4]
+	bcax	$A[2][4],$A[2][4],$A[2][1],$A[2][0]
+
+	bcax	$C[3],   $A[3][0],$A[3][2],$A[3][1]	// *
+	bcax	$C[4],   $A[3][1],$A[3][3],$A[3][2]	// *
+	bcax	$A[3][2],$A[3][2],$A[3][4],$A[3][3]
+	bcax	$A[3][3],$A[3][3],$A[3][0],$A[3][4]
+	bcax	$A[3][4],$A[3][4],$A[3][1],$A[3][0]
+
+	bcax	$C[5],   $A[4][0],$A[4][2],$A[4][1]	// *
+	bcax	$C[6],   $A[4][1],$A[4][3],$A[4][2]	// *
+	bcax	$A[4][2],$A[4][2],$A[4][4],$A[4][3]
+	bcax	$A[4][3],$A[4][3],$A[4][0],$A[4][4]
+	bcax	$A[4][4],$A[4][4],$A[4][1],$A[4][0]
+___
+	(         $A[1][1],       $C[0]) = (      $C[0],          $A[1][1]);
+	($A[2][0],$A[2][1], $C[1],$C[2]) = ($C[1],$C[2], $A[2][0],$A[2][1]);
+	($A[3][0],$A[3][1], $C[3],$C[4]) = ($C[3],$C[4], $A[3][0],$A[3][1]);
+	($A[4][0],$A[4][1], $C[5],$C[6]) = ($C[5],$C[6], $A[4][0],$A[4][1]);
+}
+$code.=<<___;
+	subs	x9,x9,#1
+	bne	.Loop_ce
+
+	ret
+.size	KeccakF1600_ce,.-KeccakF1600_ce
+
+.type	KeccakF1600_cext,%function
+.align	5
+KeccakF1600_cext:
+	stp	x29,x30,[sp,#-80]!
+	add	x29,sp,#0
+	stp	d8,d9,[sp,#16]		// per ABI requirement
+	stp	d10,d11,[sp,#32]
+	stp	d12,d13,[sp,#48]
+	stp	d14,d15,[sp,#64]
+___
+for($i=0; $i<24; $i+=2) {		# load A[5][5]
+my $j=$i+1;
+$code.=<<___;
+	ldp	d$i,d$j,[x0,#8*$i]
+___
+}
+$code.=<<___;
+	ldr	d24,[x0,#8*$i]
+	bl	KeccakF1600_ce
+	ldr	x30,[sp,#8]
+___
+for($i=0; $i<24; $i+=2) {		# store A[5][5]
+my $j=$i+1;
+$code.=<<___;
+	stp	d$i,d$j,[x0,#8*$i]
+___
+}
+$code.=<<___;
+	str	d24,[x0,#8*$i]
+
+	ldp	d8,d9,[sp,#16]
+	ldp	d10,d11,[sp,#32]
+	ldp	d12,d13,[sp,#48]
+	ldp	d14,d15,[sp,#64]
+	ldr	x29,[sp],#80
+	ret
+.size	KeccakF1600_cext,.-KeccakF1600_cext
+___
+
+{
+my ($ctx,$inp,$len,$bsz) = map("x$_",(0..3));
+
+$code.=<<___;
+.globl	SHA3_absorb_cext
+.type	SHA3_absorb_cext,%function
+.align	5
+SHA3_absorb_cext:
+	stp	x29,x30,[sp,#-80]!
+	add	x29,sp,#0
+	stp	d8,d9,[sp,#16]		// per ABI requirement
+	stp	d10,d11,[sp,#32]
+	stp	d12,d13,[sp,#48]
+	stp	d14,d15,[sp,#64]
+___
+for($i=0; $i<24; $i+=2) {		# load A[5][5]
+my $j=$i+1;
+$code.=<<___;
+	ldp	d$i,d$j,[x0,#8*$i]
+___
+}
+$code.=<<___;
+	ldr	d24,[x0,#8*$i]
+	b	.Loop_absorb_ce
+
+.align	4
+.Loop_absorb_ce:
+	subs	$len,$len,$bsz		// len - bsz
+	blo	.Labsorbed_ce
+___
+for (my $i=0; $i<24; $i+=2) {
+my $j = $i+1;
+$code.=<<___;
+	ldr	d31,[$inp],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev64	v31.16b,v31.16b
+#endif
+	eor	$A[$i/5][$i%5],$A[$i/5][$i%5],v31.16b
+	cmp	$bsz,#8*($i+2)
+	blo	.Lprocess_block_ce
+	ldr	d31,[$inp],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev	v31.16b,v31.16b
+#endif
+	eor	$A[$j/5][$j%5],$A[$j/5][$j%5],v31.16b
+	beq	.Lprocess_block_ce
+___
+}
+$code.=<<___;
+	ldr	d31,[$inp],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev	v31.16b,v31.16b
+#endif
+	eor	$A[4][4],$A[4][4],v31.16b
+
+.Lprocess_block_ce:
+
+	bl	KeccakF1600_ce
+
+	b	.Loop_absorb_ce
+
+.align	4
+.Labsorbed_ce:
+___
+for($i=0; $i<24; $i+=2) {		# store A[5][5]
+my $j=$i+1;
+$code.=<<___;
+	stp	d$i,d$j,[x0,#8*$i]
+___
+}
+$code.=<<___;
+	str	d24,[x0,#8*$i]
+	add	x0,$len,$bsz		// return value
+
+	ldp	d8,d9,[sp,#16]
+	ldp	d10,d11,[sp,#32]
+	ldp	d12,d13,[sp,#48]
+	ldp	d14,d15,[sp,#64]
+	ldp	x29,x30,[sp],#80
+	ret
+.size	SHA3_absorb_cext,.-SHA3_absorb_cext
+___
+}
+{
+my ($ctx,$out,$len,$bsz) = map("x$_",(0..3));
+$code.=<<___;
+.globl	SHA3_squeeze_cext
+.type	SHA3_squeeze_cext,%function
+.align	5
+SHA3_squeeze_cext:
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+	mov	x9,$ctx
+	mov	x10,$bsz
+
+.Loop_squeeze_ce:
+	ldr	x4,[x9],#8
+	cmp	$len,#8
+	blo	.Lsqueeze_tail_ce
+#ifdef	__AARCH64EB__
+	rev	x4,x4
+#endif
+	str	x4,[$out],#8
+	beq	.Lsqueeze_done_ce
+
+	sub	$len,$len,#8
+	subs	x10,x10,#8
+	bhi	.Loop_squeeze_ce
+
+	bl	KeccakF1600_cext
+	ldr	x30,[sp,#8]
+	mov	x9,$ctx
+	mov	x10,$bsz
+	b	.Loop_squeeze_ce
+
+.align	4
+.Lsqueeze_tail_ce:
+	strb	w4,[$out],#1
+	lsr	x4,x4,#8
+	subs	$len,$len,#1
+	beq	.Lsqueeze_done_ce
+	strb	w4,[$out],#1
+	lsr	x4,x4,#8
+	subs	$len,$len,#1
+	beq	.Lsqueeze_done_ce
+	strb	w4,[$out],#1
+	lsr	x4,x4,#8
+	subs	$len,$len,#1
+	beq	.Lsqueeze_done_ce
+	strb	w4,[$out],#1
+	lsr	x4,x4,#8
+	subs	$len,$len,#1
+	beq	.Lsqueeze_done_ce
+	strb	w4,[$out],#1
+	lsr	x4,x4,#8
+	subs	$len,$len,#1
+	beq	.Lsqueeze_done_ce
+	strb	w4,[$out],#1
+	lsr	x4,x4,#8
+	subs	$len,$len,#1
+	beq	.Lsqueeze_done_ce
+	strb	w4,[$out],#1
+
+.Lsqueeze_done_ce:
+	ldr	x29,[sp],#16
+	ret
+.size	SHA3_squeeze_cext,.-SHA3_squeeze_cext
+___
+}								}}}
+$code.=<<___;
+.asciz	"Keccak-1600 absorb and squeeze for ARMv8, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+{   my  %opcode = (
+	"rax1"	=> 0xce608c00,	"eor3"	=> 0xce000000,
+	"bcax"	=> 0xce200000,	"xar"	=> 0xce800000	);
+
+    sub unsha3 {
+	my ($mnemonic,$arg)=@_;
+
+	$arg =~ m/[qv]([0-9]+)[^,]*,\s*[qv]([0-9]+)[^,]*(?:,\s*[qv]([0-9]+)[^,]*(?:,\s*[qv#]([0-9\-]+))?)?/
+	&&
+	sprintf ".inst\t0x%08x\t//%s %s",
+			$opcode{$mnemonic}|$1|($2<<5)|($3<<16)|(eval($4)<<10),
+			$mnemonic,$arg;
+    }
+}
+
+foreach(split("\n",$code)) {
+
+	s/\`([^\`]*)\`/eval($1)/ge;
+
+	m/\bdup\b/ and s/\.16b/.2d/g	or
+	s/\b(eor3|rax1|xar|bcax)\s+(v.*)/unsha3($1,$2)/ge;
+
+	print $_,"\n";
+}
+
+close STDOUT;
diff --git a/deps/openssl/openssl/crypto/sha/asm/keccak1600-avx2.pl b/deps/openssl/openssl/crypto/sha/asm/keccak1600-avx2.pl
new file mode 100755
index 0000000000..d9fc1c59ec
--- /dev/null
+++ b/deps/openssl/openssl/crypto/sha/asm/keccak1600-avx2.pl
@@ -0,0 +1,482 @@
+#!/usr/bin/env perl
+# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# Keccak-1600 for AVX2.
+#
+# July 2017.
+#
+# To paraphrase Gilles Van Assche, if you contemplate Fig. 2.3 on page
+# 20 of The Keccak reference [or Fig. 5 of FIPS PUB 202], and load data
+# other than A[0][0] in magic order into 6 [256-bit] registers, *each
+# dedicated to one axis*, Pi permutation is reduced to intra-register
+# shuffles...
+#
+# It makes other steps more intricate, but overall, is it a win? To be
+# more specific index permutations organized by quadruples are:
+#
+#       [4][4] [3][3] [2][2] [1][1]<-+
+#       [0][4] [0][3] [0][2] [0][1]<-+
+#       [3][0] [1][0] [4][0] [2][0]  |
+#       [4][3] [3][1] [2][4] [1][2]  |
+#       [3][4] [1][3] [4][2] [2][1]  |
+#       [2][3] [4][1] [1][4] [3][2]  |
+#       [2][2] [4][4] [1][1] [3][3] -+
+#
+# This however is highly impractical for Theta and Chi. What would help
+# Theta is if x indices were aligned column-wise, or in other words:
+#
+#       [0][4] [0][3] [0][2] [0][1]
+#       [3][0] [1][0] [4][0] [2][0]
+#vpermq([4][3] [3][1] [2][4] [1][2], 0b01110010)
+#       [2][4] [4][3] [1][2] [3][1]
+#vpermq([4][2] [3][4] [2][1] [1][3], 0b10001101)
+#       [3][4] [1][3] [4][2] [2][1]
+#vpermq([2][3] [4][1] [1][4] [3][2], 0b01110010)
+#       [1][4] [2][3] [3][2] [4][1]
+#vpermq([1][1] [2][2] [3][3] [4][4], 0b00011011)
+#       [4][4] [3][3] [2][2] [1][1]
+#
+# So here we have it, lines not marked with vpermq() represent the magic
+# order in which data is to be loaded and maintained. [And lines marked
+# with vpermq() represent Pi circular permutation in chosen layout. Note
+# that first step is permutation-free.] A[0][0] is loaded to register of
+# its own, to all lanes. [A[0][0] is not part of Pi permutation or Rho.]
+# Digits in variables' names denote right-most coordinates:
+
+my ($A00,	# [0][0] [0][0] [0][0] [0][0]		# %ymm0
+    $A01,	# [0][4] [0][3] [0][2] [0][1]		# %ymm1
+    $A20,	# [3][0] [1][0] [4][0] [2][0]		# %ymm2
+    $A31,	# [2][4] [4][3] [1][2] [3][1]		# %ymm3
+    $A21,	# [3][4] [1][3] [4][2] [2][1]		# %ymm4
+    $A41,	# [1][4] [2][3] [3][2] [4][1]		# %ymm5
+    $A11) =	# [4][4] [3][3] [2][2] [1][1]		# %ymm6
+    map("%ymm$_",(0..6));
+
+# We also need to map the magic order into offsets within structure:
+
+my @A_jagged = ([0,0], [1,0], [1,1], [1,2], [1,3],	# [0][0..4]
+		[2,2], [6,0], [3,1], [4,2], [5,3],	# [1][0..4]
+		[2,0], [4,0], [6,1], [5,2], [3,3],	# [2][0..4]
+		[2,3], [3,0], [5,1], [6,2], [4,3],	# [3][0..4]
+		[2,1], [5,0], [4,1], [3,2], [6,3]);	# [4][0..4]
+   @A_jagged = map(8*($$_[0]*4+$$_[1]), @A_jagged);	# ... and now linear
+
+# But on the other hand Chi is much better off if y indices were aligned
+# column-wise, not x. For this reason we have to shuffle data prior
+# Chi and revert it afterwards. Prior shuffle is naturally merged with
+# Pi itself:
+#
+#       [0][4] [0][3] [0][2] [0][1]
+#       [3][0] [1][0] [4][0] [2][0]
+#vpermq([4][3] [3][1] [2][4] [1][2], 0b01110010)
+#vpermq([2][4] [4][3] [1][2] [3][1], 0b00011011) = 0b10001101
+#       [3][1] [1][2] [4][3] [2][4]
+#vpermq([4][2] [3][4] [2][1] [1][3], 0b10001101)
+#vpermq([3][4] [1][3] [4][2] [2][1], 0b11100100) = 0b10001101
+#       [3][4] [1][3] [4][2] [2][1]
+#vpermq([2][3] [4][1] [1][4] [3][2], 0b01110010)
+#vpermq([1][4] [2][3] [3][2] [4][1], 0b01110010) = 0b00011011
+#       [3][2] [1][4] [4][1] [2][3]
+#vpermq([1][1] [2][2] [3][3] [4][4], 0b00011011)
+#vpermq([4][4] [3][3] [2][2] [1][1], 0b10001101) = 0b01110010
+#       [3][3] [1][1] [4][4] [2][2]
+#
+# And reverse post-Chi permutation:
+#
+#       [0][4] [0][3] [0][2] [0][1]
+#       [3][0] [1][0] [4][0] [2][0]
+#vpermq([3][1] [1][2] [4][3] [2][4], 0b00011011)
+#       [2][4] [4][3] [1][2] [3][1]
+#vpermq([3][4] [1][3] [4][2] [2][1], 0b11100100) = nop :-)
+#       [3][4] [1][3] [4][2] [2][1]
+#vpermq([3][2] [1][4] [4][1] [2][3], 0b10001101)
+#       [1][4] [2][3] [3][2] [4][1]
+#vpermq([3][3] [1][1] [4][4] [2][2], 0b01110010)
+#       [4][4] [3][3] [2][2] [1][1]
+#
+########################################################################
+# Numbers are cycles per processed byte out of large message.
+#
+#			r=1088(*)
+#
+# Haswell		8.7/+10%
+# Skylake		7.8/+20%
+# Ryzen			17(**)
+#
+# (*)	Corresponds to SHA3-256. Percentage after slash is improvement
+#	coefficient in comparison to scalar keccak1600-x86_64.pl.
+# (**)	It's expected that Ryzen performs poorly, because instruction
+#	issue rate is limited to two AVX2 instructions per cycle and
+#	in addition vpblendd is reportedly bound to specific port.
+#	Obviously this code path should not be executed on Ryzen.
+
+my @T = map("%ymm$_",(7..15));
+my ($C14,$C00,$D00,$D14) = @T[5..8];
+
+$code.=<<___;
+.text
+
+.type	__KeccakF1600,\@function
+.align	32
+__KeccakF1600:
+	lea		rhotates_left+96(%rip),%r8
+	lea		rhotates_right+96(%rip),%r9
+	lea		iotas(%rip),%r10
+	mov		\$24,%eax
+	jmp		.Loop_avx2
+
+.align	32
+.Loop_avx2:
+	######################################### Theta
+	vpshufd		\$0b01001110,$A20,$C00
+	vpxor		$A31,$A41,$C14
+	vpxor		$A11,$A21,@T[2]
+	vpxor		$A01,$C14,$C14
+	vpxor		@T[2],$C14,$C14		# C[1..4]
+
+	vpermq		\$0b10010011,$C14,@T[4]
+	vpxor		$A20,$C00,$C00
+	vpermq		\$0b01001110,$C00,@T[0]
+
+	vpsrlq		\$63,$C14,@T[1]
+	vpaddq		$C14,$C14,@T[2]
+	vpor		@T[2],@T[1],@T[1]	# ROL64(C[1..4],1)
+
+	vpermq		\$0b00111001,@T[1],$D14
+	vpxor		@T[4],@T[1],$D00
+	vpermq		\$0b00000000,$D00,$D00	# D[0..0] = ROL64(C[1],1) ^ C[4]
+
+	vpxor		$A00,$C00,$C00
+	vpxor		@T[0],$C00,$C00		# C[0..0]
+
+	vpsrlq		\$63,$C00,@T[0]
+	vpaddq		$C00,$C00,@T[1]
+	vpor		@T[0],@T[1],@T[1]	# ROL64(C[0..0],1)
+
+	vpxor		$D00,$A20,$A20		# ^= D[0..0]
+	vpxor		$D00,$A00,$A00		# ^= D[0..0]
+
+	vpblendd	\$0b11000000,@T[1],$D14,$D14
+	vpblendd	\$0b00000011,$C00,@T[4],@T[4]
+	vpxor		@T[4],$D14,$D14		# D[1..4] = ROL64(C[2..4,0),1) ^ C[0..3]
+
+	######################################### Rho + Pi + pre-Chi shuffle
+	vpsllvq		0*32-96(%r8),$A20,@T[3]
+	vpsrlvq		0*32-96(%r9),$A20,$A20
+	vpor		@T[3],$A20,$A20
+
+	 vpxor		$D14,$A31,$A31		# ^= D[1..4] from Theta
+	vpsllvq		2*32-96(%r8),$A31,@T[4]
+	vpsrlvq		2*32-96(%r9),$A31,$A31
+	vpor		@T[4],$A31,$A31
+
+	 vpxor		$D14,$A21,$A21		# ^= D[1..4] from Theta
+	vpsllvq		3*32-96(%r8),$A21,@T[5]
+	vpsrlvq		3*32-96(%r9),$A21,$A21
+	vpor		@T[5],$A21,$A21
+
+	 vpxor		$D14,$A41,$A41		# ^= D[1..4] from Theta
+	vpsllvq		4*32-96(%r8),$A41,@T[6]
+	vpsrlvq		4*32-96(%r9),$A41,$A41
+	vpor		@T[6],$A41,$A41
+
+	 vpxor		$D14,$A11,$A11		# ^= D[1..4] from Theta
+	 vpermq		\$0b10001101,$A20,@T[3]	# $A20 -> future $A31
+	 vpermq		\$0b10001101,$A31,@T[4]	# $A31 -> future $A21
+	vpsllvq		5*32-96(%r8),$A11,@T[7]
+	vpsrlvq		5*32-96(%r9),$A11,@T[1]
+	vpor		@T[7],@T[1],@T[1]	# $A11 -> future $A01
+
+	 vpxor		$D14,$A01,$A01		# ^= D[1..4] from Theta
+	 vpermq		\$0b00011011,$A21,@T[5]	# $A21 -> future $A41
+	 vpermq		\$0b01110010,$A41,@T[6]	# $A41 -> future $A11
+	vpsllvq		1*32-96(%r8),$A01,@T[8]
+	vpsrlvq		1*32-96(%r9),$A01,@T[2]
+	vpor		@T[8],@T[2],@T[2]	# $A01 -> future $A20
+
+	######################################### Chi
+	vpsrldq		\$8,@T[1],@T[7]
+	vpandn		@T[7],@T[1],@T[0]	# tgting  [0][0] [0][0] [0][0] [0][0]
+
+	vpblendd	\$0b00001100,@T[6],@T[2],$A31	#               [4][4] [2][0]
+	vpblendd	\$0b00001100,@T[2],@T[4],@T[8]	#               [4][0] [2][1]
+	 vpblendd	\$0b00001100,@T[4],@T[3],$A41	#               [4][2] [2][4]
+	 vpblendd	\$0b00001100,@T[3],@T[2],@T[7]	#               [4][3] [2][0]
+	vpblendd	\$0b00110000,@T[4],$A31,$A31	#        [1][3] [4][4] [2][0]
+	vpblendd	\$0b00110000,@T[5],@T[8],@T[8]	#        [1][4] [4][0] [2][1]
+	 vpblendd	\$0b00110000,@T[2],$A41,$A41	#        [1][0] [4][2] [2][4]
+	 vpblendd	\$0b00110000,@T[6],@T[7],@T[7]	#        [1][1] [4][3] [2][0]
+	vpblendd	\$0b11000000,@T[5],$A31,$A31	# [3][2] [1][3] [4][4] [2][0]
+	vpblendd	\$0b11000000,@T[6],@T[8],@T[8]	# [3][3] [1][4] [4][0] [2][1]
+	 vpblendd	\$0b11000000,@T[6],$A41,$A41	# [3][3] [1][0] [4][2] [2][4]
+	 vpblendd	\$0b11000000,@T[4],@T[7],@T[7]	# [3][4] [1][1] [4][3] [2][0]
+	vpandn		@T[8],$A31,$A31		# tgting  [3][1] [1][2] [4][3] [2][4]
+	 vpandn		@T[7],$A41,$A41		# tgting  [3][2] [1][4] [4][1] [2][3]
+
+	vpblendd	\$0b00001100,@T[2],@T[5],$A11	#               [4][0] [2][3]
+	vpblendd	\$0b00001100,@T[5],@T[3],@T[8]	#               [4][1] [2][4]
+	 vpxor		@T[3],$A31,$A31
+	vpblendd	\$0b00110000,@T[3],$A11,$A11	#        [1][2] [4][0] [2][3]
+	vpblendd	\$0b00110000,@T[4],@T[8],@T[8]	#        [1][3] [4][1] [2][4]
+	 vpxor		@T[5],$A41,$A41
+	vpblendd	\$0b11000000,@T[4],$A11,$A11	# [3][4] [1][2] [4][0] [2][3]
+	vpblendd	\$0b11000000,@T[2],@T[8],@T[8]	# [3][0] [1][3] [4][1] [2][4]
+	vpandn		@T[8],$A11,$A11		# tgting  [3][3] [1][1] [4][4] [2][2]
+	vpxor		@T[6],$A11,$A11
+
+	  vpermq	\$0b00011110,@T[1],$A21		# [0][1] [0][2] [0][4] [0][3]
+	  vpblendd	\$0b00110000,$A00,$A21,@T[8]	# [0][1] [0][0] [0][4] [0][3]
+	  vpermq	\$0b00111001,@T[1],$A01		# [0][1] [0][4] [0][3] [0][2]
+	  vpblendd	\$0b11000000,$A00,$A01,$A01	# [0][0] [0][4] [0][3] [0][2]
+	  vpandn	@T[8],$A01,$A01		# tgting  [0][4] [0][3] [0][2] [0][1]
+
+	vpblendd	\$0b00001100,@T[5],@T[4],$A20	#               [4][1] [2][1]
+	vpblendd	\$0b00001100,@T[4],@T[6],@T[7]	#               [4][2] [2][2]
+	vpblendd	\$0b00110000,@T[6],$A20,$A20	#        [1][1] [4][1] [2][1]
+	vpblendd	\$0b00110000,@T[3],@T[7],@T[7]	#        [1][2] [4][2] [2][2]
+	vpblendd	\$0b11000000,@T[3],$A20,$A20	# [3][1] [1][1] [4][1] [2][1]
+	vpblendd	\$0b11000000,@T[5],@T[7],@T[7]	# [3][2] [1][2] [4][2] [2][2]
+	vpandn		@T[7],$A20,$A20		# tgting  [3][0] [1][0] [4][0] [2][0]
+	vpxor		@T[2],$A20,$A20
+
+	 vpermq		\$0b00000000,@T[0],@T[0]	# [0][0] [0][0] [0][0] [0][0]
+	 vpermq		\$0b00011011,$A31,$A31	# post-Chi shuffle
+	 vpermq		\$0b10001101,$A41,$A41
+	 vpermq		\$0b01110010,$A11,$A11
+
+	vpblendd	\$0b00001100,@T[3],@T[6],$A21	#               [4][3] [2][2]
+	vpblendd	\$0b00001100,@T[6],@T[5],@T[7]	#               [4][4] [2][3]
+	vpblendd	\$0b00110000,@T[5],$A21,$A21	#        [1][4] [4][3] [2][2]
+	vpblendd	\$0b00110000,@T[2],@T[7],@T[7]	#        [1][0] [4][4] [2][3]
+	vpblendd	\$0b11000000,@T[2],$A21,$A21	# [3][0] [1][4] [4][3] [2][2]
+	vpblendd	\$0b11000000,@T[3],@T[7],@T[7]	# [3][1] [1][0] [4][4] [2][3]
+	vpandn		@T[7],$A21,$A21		# tgting  [3][4] [1][3] [4][2] [2][1]
+
+	vpxor		@T[0],$A00,$A00
+	vpxor		@T[1],$A01,$A01
+	vpxor		@T[4],$A21,$A21
+
+	######################################### Iota
+	vpxor		(%r10),$A00,$A00
+	lea		32(%r10),%r10
+
+	dec		%eax
+	jnz		.Loop_avx2
+
+	ret
+.size	__KeccakF1600,.-__KeccakF1600
+___
+my ($A_flat,$inp,$len,$bsz) = ("%rdi","%rsi","%rdx","%rcx");
+my  $out = $inp;	# in squeeze
+
+$code.=<<___;
+.globl	SHA3_absorb
+.type	SHA3_absorb,\@function
+.align	32
+SHA3_absorb:
+	mov	%rsp,%r11
+
+	lea	-240(%rsp),%rsp
+	and	\$-32,%rsp
+
+	lea	96($A_flat),$A_flat
+	lea	96($inp),$inp
+	lea	96(%rsp),%r10
+
+	vzeroupper
+
+	vpbroadcastq	-96($A_flat),$A00	# load A[5][5]
+	vmovdqu		8+32*0-96($A_flat),$A01
+	vmovdqu		8+32*1-96($A_flat),$A20
+	vmovdqu		8+32*2-96($A_flat),$A31
+	vmovdqu		8+32*3-96($A_flat),$A21
+	vmovdqu		8+32*4-96($A_flat),$A41
+	vmovdqu		8+32*5-96($A_flat),$A11
+
+	vpxor		@T[0],@T[0],@T[0]
+	vmovdqa		@T[0],32*2-96(%r10)	# zero transfer area on stack
+	vmovdqa		@T[0],32*3-96(%r10)
+	vmovdqa		@T[0],32*4-96(%r10)
+	vmovdqa		@T[0],32*5-96(%r10)
+	vmovdqa		@T[0],32*6-96(%r10)
+
+.Loop_absorb_avx2:
+	mov		$bsz,%rax
+	sub		$bsz,$len
+	jc		.Ldone_absorb_avx2
+
+	shr		\$3,%eax
+	vpbroadcastq	0-96($inp),@T[0]
+	vmovdqu		8-96($inp),@T[1]
+	sub		\$4,%eax
+___
+for(my $i=5; $i<25; $i++) {
+$code.=<<___
+	dec	%eax
+	jz	.Labsorved_avx2
+	mov	8*$i-96($inp),%r8
+	mov	%r8,$A_jagged[$i]-96(%r10)
+___
+}
+$code.=<<___;
+.Labsorved_avx2:
+	lea	($inp,$bsz),$inp
+
+	vpxor	@T[0],$A00,$A00
+	vpxor	@T[1],$A01,$A01
+	vpxor	32*2-96(%r10),$A20,$A20
+	vpxor	32*3-96(%r10),$A31,$A31
+	vpxor	32*4-96(%r10),$A21,$A21
+	vpxor	32*5-96(%r10),$A41,$A41
+	vpxor	32*6-96(%r10),$A11,$A11
+
+	call	__KeccakF1600
+
+	lea	96(%rsp),%r10
+	jmp	.Loop_absorb_avx2
+
+.Ldone_absorb_avx2:
+	vmovq	%xmm0,-96($A_flat)
+	vmovdqu	$A01,8+32*0-96($A_flat)
+	vmovdqu	$A20,8+32*1-96($A_flat)
+	vmovdqu	$A31,8+32*2-96($A_flat)
+	vmovdqu	$A21,8+32*3-96($A_flat)
+	vmovdqu	$A41,8+32*4-96($A_flat)
+	vmovdqu	$A11,8+32*5-96($A_flat)
+
+	vzeroupper
+
+	lea	(%r11),%rsp
+	lea	($len,$bsz),%rax		# return value
+	ret
+.size	SHA3_absorb,.-SHA3_absorb
+
+.globl	SHA3_squeeze
+.type	SHA3_squeeze,\@function
+.align	32
+SHA3_squeeze:
+	mov	%rsp,%r11
+
+	lea	96($A_flat),$A_flat
+	shr	\$3,$bsz
+
+	vzeroupper
+
+	vpbroadcastq	-96($A_flat),$A00
+	vpxor		@T[0],@T[0],@T[0]
+	vmovdqu		8+32*0-96($A_flat),$A01
+	vmovdqu		8+32*1-96($A_flat),$A20
+	vmovdqu		8+32*2-96($A_flat),$A31
+	vmovdqu		8+32*3-96($A_flat),$A21
+	vmovdqu		8+32*4-96($A_flat),$A41
+	vmovdqu		8+32*5-96($A_flat),$A11
+
+	mov	$bsz,%rax
+
+.Loop_squeeze_avx2:
+	mov	@A_jagged[$i]-96($A_flat),%r8
+___
+for (my $i=0; $i<25; $i++) {
+$code.=<<___;
+	sub	\$8,$len
+	jc	.Ltail_squeeze_avx2
+	mov	%r8,($out)
+	lea	8($out),$out
+	je	.Ldone_squeeze_avx2
+	dec	%eax
+	je	.Lextend_output_avx2
+	mov	@A_jagged[$i+1]-120($A_flat),%r8
+___
+}
+$code.=<<___;
+.Lextend_output_avx2:
+	call	__KeccakF1600
+
+	vmovq	%xmm0,-96($A_flat)
+	vmovdqu	$A01,8+32*0-96($A_flat)
+	vmovdqu	$A20,8+32*1-96($A_flat)
+	vmovdqu	$A31,8+32*2-96($A_flat)
+	vmovdqu	$A21,8+32*3-96($A_flat)
+	vmovdqu	$A41,8+32*4-96($A_flat)
+	vmovdqu	$A11,8+32*5-96($A_flat)
+
+	mov	$bsz,%rax
+	jmp	.Loop_squeeze_avx2
+
+
+.Ltail_squeeze_avx2:
+	add	\$8,$len
+.Loop_tail_avx2:
+	mov	%r8b,($out)
+	lea	1($out),$out
+	shr	\$8,%r8
+	dec	$len
+	jnz	.Loop_tail_avx2
+
+.Ldone_squeeze_avx2:
+	vzeroupper
+
+	lea	(%r11),%rsp
+	ret
+.size	SHA3_squeeze,.-SHA3_squeeze
+
+.align	64
+rhotates_left:
+	.quad	3,	18,	36,	41	# [2][0] [4][0] [1][0] [3][0]
+	.quad	1,	62,	28,	27	# [0][1] [0][2] [0][3] [0][4]
+	.quad	45,	6,	56,	39	# [3][1] [1][2] [4][3] [2][4]
+	.quad	10,	61,	55,	8	# [2][1] [4][2] [1][3] [3][4]
+	.quad	2,	15,	25,	20	# [4][1] [3][2] [2][3] [1][4]
+	.quad	44,	43,	21,	14	# [1][1] [2][2] [3][3] [4][4]
+rhotates_right:
+	.quad	64-3,	64-18,	64-36,	64-41
+	.quad	64-1,	64-62,	64-28,	64-27
+	.quad	64-45,	64-6,	64-56,	64-39
+	.quad	64-10,	64-61,	64-55,	64-8
+	.quad	64-2,	64-15,	64-25,	64-20
+	.quad	64-44,	64-43,	64-21,	64-14
+iotas:
+	.quad	0x0000000000000001, 0x0000000000000001, 0x0000000000000001, 0x0000000000000001
+	.quad	0x0000000000008082, 0x0000000000008082, 0x0000000000008082, 0x0000000000008082
+	.quad	0x800000000000808a, 0x800000000000808a, 0x800000000000808a, 0x800000000000808a
+	.quad	0x8000000080008000, 0x8000000080008000, 0x8000000080008000, 0x8000000080008000
+	.quad	0x000000000000808b, 0x000000000000808b, 0x000000000000808b, 0x000000000000808b
+	.quad	0x0000000080000001, 0x0000000080000001, 0x0000000080000001, 0x0000000080000001
+	.quad	0x8000000080008081, 0x8000000080008081, 0x8000000080008081, 0x8000000080008081
+	.quad	0x8000000000008009, 0x8000000000008009, 0x8000000000008009, 0x8000000000008009
+	.quad	0x000000000000008a, 0x000000000000008a, 0x000000000000008a, 0x000000000000008a
+	.quad	0x0000000000000088, 0x0000000000000088, 0x0000000000000088, 0x0000000000000088
+	.quad	0x0000000080008009, 0x0000000080008009, 0x0000000080008009, 0x0000000080008009
+	.quad	0x000000008000000a, 0x000000008000000a, 0x000000008000000a, 0x000000008000000a
+	.quad	0x000000008000808b, 0x000000008000808b, 0x000000008000808b, 0x000000008000808b
+	.quad	0x800000000000008b, 0x800000000000008b, 0x800000000000008b, 0x800000000000008b
+	.quad	0x8000000000008089, 0x8000000000008089, 0x8000000000008089, 0x8000000000008089
+	.quad	0x8000000000008003, 0x8000000000008003, 0x8000000000008003, 0x8000000000008003
+	.quad	0x8000000000008002, 0x8000000000008002, 0x8000000000008002, 0x8000000000008002
+	.quad	0x8000000000000080, 0x8000000000000080, 0x8000000000000080, 0x8000000000000080
+	.quad	0x000000000000800a, 0x000000000000800a, 0x000000000000800a, 0x000000000000800a
+	.quad	0x800000008000000a, 0x800000008000000a, 0x800000008000000a, 0x800000008000000a
+	.quad	0x8000000080008081, 0x8000000080008081, 0x8000000080008081, 0x8000000080008081
+	.quad	0x8000000000008080, 0x8000000000008080, 0x8000000000008080, 0x8000000000008080
+	.quad	0x0000000080000001, 0x0000000080000001, 0x0000000080000001, 0x0000000080000001
+	.quad	0x8000000080008008, 0x8000000080008008, 0x8000000080008008, 0x8000000080008008
+
+.asciz	"Keccak-1600 absorb and squeeze for AVX2, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+$output=pop;
+open STDOUT,">$output";
+print $code;
+close STDOUT;
diff --git a/deps/openssl/openssl/crypto/sha/asm/keccak1600-avx512.pl b/deps/openssl/openssl/crypto/sha/asm/keccak1600-avx512.pl
new file mode 100755
index 0000000000..9074ff02de
--- /dev/null
+++ b/deps/openssl/openssl/crypto/sha/asm/keccak1600-avx512.pl
@@ -0,0 +1,551 @@
+#!/usr/bin/env perl
+# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# Keccak-1600 for AVX-512F.
+#
+# July 2017.
+#
+# Below code is KECCAK_1X_ALT implementation (see sha/keccak1600.c).
+# Pretty straightforward, the only "magic" is data layout in registers.
+# It's impossible to have one that is optimal for every step, hence
+# it's changing as algorithm progresses. Data is saved in linear order,
+# but in-register order morphs between rounds. Even rounds take in
+# linear layout, and odd rounds - transposed, or "verticaly-shaped"...
+#
+########################################################################
+# Numbers are cycles per processed byte out of large message.
+#
+#			r=1088(*)
+#
+# Knights Landing	7.6
+# Skylake-X		5.7
+#
+# (*)	Corresponds to SHA3-256.
+
+########################################################################
+# Below code is combination of two ideas. One is taken from Keccak Code
+# Package, hereafter KCP, and another one from initial version of this
+# module. What is common is observation that Pi's input and output are
+# "mostly transposed", i.e. if input is aligned by x coordinate, then
+# output is [mostly] aligned by y. Both versions, KCP and predecessor,
+# were trying to use one of them from round to round, which resulted in
+# some kind of transposition in each round. This version still does
+# transpose data, but only every second round. Another essential factor
+# is that KCP transposition has to be performed with instructions that
+# turned to be rather expensive on Knights Landing, both latency- and
+# throughput-wise. Not to mention that some of them have to depend on
+# each other. On the other hand initial version of this module was
+# relying heavily on blend instructions. There were lots of them,
+# resulting in higher instruction count, yet it performed better on
+# Knights Landing, because processor can execute pair of them each
+# cycle and they have minimal latency. This module is an attempt to
+# bring best parts together:-)
+#
+# Coordinates below correspond to those in sha/keccak1600.c. Input
+# layout is straight linear:
+#
+# [0][4] [0][3] [0][2] [0][1] [0][0]
+# [1][4] [1][3] [1][2] [1][1] [1][0]
+# [2][4] [2][3] [2][2] [2][1] [2][0]
+# [3][4] [3][3] [3][2] [3][1] [3][0]
+# [4][4] [4][3] [4][2] [4][1] [4][0]
+#
+# It's perfect for Theta, while Pi is reduced to intra-register
+# permutations which yield layout perfect for Chi:
+#
+# [4][0] [3][0] [2][0] [1][0] [0][0]
+# [4][1] [3][1] [2][1] [1][1] [0][1]
+# [4][2] [3][2] [2][2] [1][2] [0][2]
+# [4][3] [3][3] [2][3] [1][3] [0][3]
+# [4][4] [3][4] [2][4] [1][4] [0][4]
+#
+# Now instead of performing full transposition and feeding it to next
+# identical round, we perform kind of diagonal transposition to layout
+# from initial version of this module, and make it suitable for Theta:
+#
+# [4][4] [3][3] [2][2] [1][1] [0][0]>4.3.2.1.0>[4][4] [3][3] [2][2] [1][1] [0][0]
+# [4][0] [3][4] [2][3] [1][2] [0][1]>3.2.1.0.4>[3][4] [2][3] [1][2] [0][1] [4][0]
+# [4][1] [3][0] [2][4] [1][3] [0][2]>2.1.0.4.3>[2][4] [1][3] [0][2] [4][1] [3][0]
+# [4][2] [3][1] [2][0] [1][4] [0][3]>1.0.4.3.2>[1][4] [0][3] [4][2] [3][1] [2][0]
+# [4][3] [3][2] [2][1] [1][0] [0][4]>0.4.3.2.1>[0][4] [4][3] [3][2] [2][1] [1][0]
+#
+# Now intra-register permutations yield initial [almost] straight
+# linear layout:
+#
+# [4][4] [3][3] [2][2] [1][1] [0][0]
+##[0][4] [0][3] [0][2] [0][1] [0][0]
+# [3][4] [2][3] [1][2] [0][1] [4][0]
+##[2][3] [2][2] [2][1] [2][0] [2][4]
+# [2][4] [1][3] [0][2] [4][1] [3][0]
+##[4][2] [4][1] [4][0] [4][4] [4][3]
+# [1][4] [0][3] [4][2] [3][1] [2][0]
+##[1][1] [1][0] [1][4] [1][3] [1][2]
+# [0][4] [4][3] [3][2] [2][1] [1][0]
+##[3][0] [3][4] [3][3] [3][2] [3][1]
+#
+# This means that odd round Chi is performed in less suitable layout,
+# with a number of additional permutations. But overall it turned to be
+# a win. Permutations are fastest possible on Knights Landing and they
+# are laid down to be independent of each other. In the essence I traded
+# 20 blend instructions for 3 permutations. The result is 13% faster
+# than KCP on Skylake-X, and >40% on Knights Landing.
+#
+# As implied, data is loaded in straight linear order. Digits in
+# variables' names represent coordinates of right-most element of
+# loaded data chunk:
+
+my ($A00,	# [0][4] [0][3] [0][2] [0][1] [0][0]
+    $A10,	# [1][4] [1][3] [1][2] [1][1] [1][0]
+    $A20,	# [2][4] [2][3] [2][2] [2][1] [2][0]
+    $A30,	# [3][4] [3][3] [3][2] [3][1] [3][0]
+    $A40) =	# [4][4] [4][3] [4][2] [4][1] [4][0]
+    map("%zmm$_",(0..4));
+
+# We also need to map the magic order into offsets within structure:
+
+my @A_jagged = ([0,0], [0,1], [0,2], [0,3], [0,4],
+		[1,0], [1,1], [1,2], [1,3], [1,4],
+		[2,0], [2,1], [2,2], [2,3], [2,4],
+		[3,0], [3,1], [3,2], [3,3], [3,4],
+		[4,0], [4,1], [4,2], [4,3], [4,4]);
+   @A_jagged = map(8*($$_[0]*8+$$_[1]), @A_jagged);	# ... and now linear
+
+my @T        = map("%zmm$_",(5..12));
+my @Theta    = map("%zmm$_",(33,13..16));	# invalid @Theta[0] is not typo
+my @Pi0      = map("%zmm$_",(17..21));
+my @Rhotate0 = map("%zmm$_",(22..26));
+my @Rhotate1 = map("%zmm$_",(27..31));
+
+my ($C00,$D00) = @T[0..1];
+my ($k00001,$k00010,$k00100,$k01000,$k10000,$k11111) = map("%k$_",(1..6));
+
+$code.=<<___;
+.text
+
+.type	__KeccakF1600,\@function
+.align	32
+__KeccakF1600:
+	lea		iotas(%rip),%r10
+	mov		\$12,%eax
+	jmp		.Loop_avx512
+
+.align	32
+.Loop_avx512:
+	######################################### Theta, even round
+	vmovdqa64	$A00,@T[0]		# put aside original A00
+	vpternlogq	\$0x96,$A20,$A10,$A00	# and use it as "C00"
+	vpternlogq	\$0x96,$A40,$A30,$A00
+
+	vprolq		\$1,$A00,$D00
+	vpermq		$A00,@Theta[1],$A00
+	vpermq		$D00,@Theta[4],$D00
+
+	vpternlogq	\$0x96,$A00,$D00,@T[0]	# T[0] is original A00
+	vpternlogq	\$0x96,$A00,$D00,$A10
+	vpternlogq	\$0x96,$A00,$D00,$A20
+	vpternlogq	\$0x96,$A00,$D00,$A30
+	vpternlogq	\$0x96,$A00,$D00,$A40
+
+	######################################### Rho
+	vprolvq		@Rhotate0[0],@T[0],$A00	# T[0] is original A00
+	vprolvq		@Rhotate0[1],$A10,$A10
+	vprolvq		@Rhotate0[2],$A20,$A20
+	vprolvq		@Rhotate0[3],$A30,$A30
+	vprolvq		@Rhotate0[4],$A40,$A40
+
+	######################################### Pi
+	vpermq		$A00,@Pi0[0],$A00
+	vpermq		$A10,@Pi0[1],$A10
+	vpermq		$A20,@Pi0[2],$A20
+	vpermq		$A30,@Pi0[3],$A30
+	vpermq		$A40,@Pi0[4],$A40
+
+	######################################### Chi
+	vmovdqa64	$A00,@T[0]
+	vmovdqa64	$A10,@T[1]
+	vpternlogq	\$0xD2,$A20,$A10,$A00
+	vpternlogq	\$0xD2,$A30,$A20,$A10
+	vpternlogq	\$0xD2,$A40,$A30,$A20
+	vpternlogq	\$0xD2,@T[0],$A40,$A30
+	vpternlogq	\$0xD2,@T[1],@T[0],$A40
+
+	######################################### Iota
+	vpxorq		(%r10),$A00,${A00}{$k00001}
+	lea		16(%r10),%r10
+
+	######################################### Harmonize rounds
+	vpblendmq	$A20,$A10,@{T[1]}{$k00010}
+	vpblendmq	$A30,$A20,@{T[2]}{$k00010}
+	vpblendmq	$A40,$A30,@{T[3]}{$k00010}
+	 vpblendmq	$A10,$A00,@{T[0]}{$k00010}
+	vpblendmq	$A00,$A40,@{T[4]}{$k00010}
+
+	vpblendmq	$A30,@T[1],@{T[1]}{$k00100}
+	vpblendmq	$A40,@T[2],@{T[2]}{$k00100}
+	 vpblendmq	$A20,@T[0],@{T[0]}{$k00100}
+	vpblendmq	$A00,@T[3],@{T[3]}{$k00100}
+	vpblendmq	$A10,@T[4],@{T[4]}{$k00100}
+
+	vpblendmq	$A40,@T[1],@{T[1]}{$k01000}
+	 vpblendmq	$A30,@T[0],@{T[0]}{$k01000}
+	vpblendmq	$A00,@T[2],@{T[2]}{$k01000}
+	vpblendmq	$A10,@T[3],@{T[3]}{$k01000}
+	vpblendmq	$A20,@T[4],@{T[4]}{$k01000}
+
+	vpblendmq	$A40,@T[0],@{T[0]}{$k10000}
+	vpblendmq	$A00,@T[1],@{T[1]}{$k10000}
+	vpblendmq	$A10,@T[2],@{T[2]}{$k10000}
+	vpblendmq	$A20,@T[3],@{T[3]}{$k10000}
+	vpblendmq	$A30,@T[4],@{T[4]}{$k10000}
+
+	#vpermq		@T[0],@Theta[0],$A00	# doesn't actually change order
+	vpermq		@T[1],@Theta[1],$A10
+	vpermq		@T[2],@Theta[2],$A20
+	vpermq		@T[3],@Theta[3],$A30
+	vpermq		@T[4],@Theta[4],$A40
+
+	######################################### Theta, odd round
+	vmovdqa64	$T[0],$A00		# real A00
+	vpternlogq	\$0x96,$A20,$A10,$C00	# C00 is @T[0]'s alias
+	vpternlogq	\$0x96,$A40,$A30,$C00
+
+	vprolq		\$1,$C00,$D00
+	vpermq		$C00,@Theta[1],$C00
+	vpermq		$D00,@Theta[4],$D00
+
+	vpternlogq	\$0x96,$C00,$D00,$A00
+	vpternlogq	\$0x96,$C00,$D00,$A30
+	vpternlogq	\$0x96,$C00,$D00,$A10
+	vpternlogq	\$0x96,$C00,$D00,$A40
+	vpternlogq	\$0x96,$C00,$D00,$A20
+
+	######################################### Rho
+	vprolvq		@Rhotate1[0],$A00,$A00
+	vprolvq		@Rhotate1[3],$A30,@T[1]
+	vprolvq		@Rhotate1[1],$A10,@T[2]
+	vprolvq		@Rhotate1[4],$A40,@T[3]
+	vprolvq		@Rhotate1[2],$A20,@T[4]
+
+	 vpermq		$A00,@Theta[4],@T[5]
+	 vpermq		$A00,@Theta[3],@T[6]
+
+	######################################### Iota
+	vpxorq		-8(%r10),$A00,${A00}{$k00001}
+
+	######################################### Pi
+	vpermq		@T[1],@Theta[2],$A10
+	vpermq		@T[2],@Theta[4],$A20
+	vpermq		@T[3],@Theta[1],$A30
+	vpermq		@T[4],@Theta[3],$A40
+
+	######################################### Chi
+	vpternlogq	\$0xD2,@T[6],@T[5],$A00
+
+	vpermq		@T[1],@Theta[1],@T[7]
+	#vpermq		@T[1],@Theta[0],@T[1]
+	vpternlogq	\$0xD2,@T[1],@T[7],$A10
+
+	vpermq		@T[2],@Theta[3],@T[0]
+	vpermq		@T[2],@Theta[2],@T[2]
+	vpternlogq	\$0xD2,@T[2],@T[0],$A20
+
+	#vpermq		@T[3],@Theta[0],@T[3]
+	vpermq		@T[3],@Theta[4],@T[1]
+	vpternlogq	\$0xD2,@T[1],@T[3],$A30
+
+	vpermq		@T[4],@Theta[2],@T[0]
+	vpermq		@T[4],@Theta[1],@T[4]
+	vpternlogq	\$0xD2,@T[4],@T[0],$A40
+
+	dec		%eax
+	jnz		.Loop_avx512
+
+	ret
+.size	__KeccakF1600,.-__KeccakF1600
+___
+
+my ($A_flat,$inp,$len,$bsz) = ("%rdi","%rsi","%rdx","%rcx");
+my  $out = $inp;	# in squeeze
+
+$code.=<<___;
+.globl	SHA3_absorb
+.type	SHA3_absorb,\@function
+.align	32
+SHA3_absorb:
+	mov	%rsp,%r11
+
+	lea	-320(%rsp),%rsp
+	and	\$-64,%rsp
+
+	lea	96($A_flat),$A_flat
+	lea	96($inp),$inp
+	lea	128(%rsp),%r9
+
+	lea		theta_perm(%rip),%r8
+
+	kxnorw		$k11111,$k11111,$k11111
+	kshiftrw	\$15,$k11111,$k00001
+	kshiftrw	\$11,$k11111,$k11111
+	kshiftlw	\$1,$k00001,$k00010
+	kshiftlw	\$2,$k00001,$k00100
+	kshiftlw	\$3,$k00001,$k01000
+	kshiftlw	\$4,$k00001,$k10000
+
+	#vmovdqa64	64*0(%r8),@Theta[0]
+	vmovdqa64	64*1(%r8),@Theta[1]
+	vmovdqa64	64*2(%r8),@Theta[2]
+	vmovdqa64	64*3(%r8),@Theta[3]
+	vmovdqa64	64*4(%r8),@Theta[4]
+
+	vmovdqa64	64*5(%r8),@Rhotate1[0]
+	vmovdqa64	64*6(%r8),@Rhotate1[1]
+	vmovdqa64	64*7(%r8),@Rhotate1[2]
+	vmovdqa64	64*8(%r8),@Rhotate1[3]
+	vmovdqa64	64*9(%r8),@Rhotate1[4]
+
+	vmovdqa64	64*10(%r8),@Rhotate0[0]
+	vmovdqa64	64*11(%r8),@Rhotate0[1]
+	vmovdqa64	64*12(%r8),@Rhotate0[2]
+	vmovdqa64	64*13(%r8),@Rhotate0[3]
+	vmovdqa64	64*14(%r8),@Rhotate0[4]
+
+	vmovdqa64	64*15(%r8),@Pi0[0]
+	vmovdqa64	64*16(%r8),@Pi0[1]
+	vmovdqa64	64*17(%r8),@Pi0[2]
+	vmovdqa64	64*18(%r8),@Pi0[3]
+	vmovdqa64	64*19(%r8),@Pi0[4]
+
+	vmovdqu64	40*0-96($A_flat),${A00}{$k11111}{z}
+	vpxorq		@T[0],@T[0],@T[0]
+	vmovdqu64	40*1-96($A_flat),${A10}{$k11111}{z}
+	vmovdqu64	40*2-96($A_flat),${A20}{$k11111}{z}
+	vmovdqu64	40*3-96($A_flat),${A30}{$k11111}{z}
+	vmovdqu64	40*4-96($A_flat),${A40}{$k11111}{z}
+
+	vmovdqa64	@T[0],0*64-128(%r9)	# zero transfer area on stack
+	vmovdqa64	@T[0],1*64-128(%r9)
+	vmovdqa64	@T[0],2*64-128(%r9)
+	vmovdqa64	@T[0],3*64-128(%r9)
+	vmovdqa64	@T[0],4*64-128(%r9)
+	jmp		.Loop_absorb_avx512
+
+.align	32
+.Loop_absorb_avx512:
+	mov		$bsz,%rax
+	sub		$bsz,$len
+	jc		.Ldone_absorb_avx512
+
+	shr		\$3,%eax
+___
+for(my $i=0; $i<25; $i++) {
+$code.=<<___
+	mov	8*$i-96($inp),%r8
+	mov	%r8,$A_jagged[$i]-128(%r9)
+	dec	%eax
+	jz	.Labsorved_avx512
+___
+}
+$code.=<<___;
+.Labsorved_avx512:
+	lea	($inp,$bsz),$inp
+
+	vpxorq	64*0-128(%r9),$A00,$A00
+	vpxorq	64*1-128(%r9),$A10,$A10
+	vpxorq	64*2-128(%r9),$A20,$A20
+	vpxorq	64*3-128(%r9),$A30,$A30
+	vpxorq	64*4-128(%r9),$A40,$A40
+
+	call	__KeccakF1600
+
+	jmp	.Loop_absorb_avx512
+
+.align	32
+.Ldone_absorb_avx512:
+	vmovdqu64	$A00,40*0-96($A_flat){$k11111}
+	vmovdqu64	$A10,40*1-96($A_flat){$k11111}
+	vmovdqu64	$A20,40*2-96($A_flat){$k11111}
+	vmovdqu64	$A30,40*3-96($A_flat){$k11111}
+	vmovdqu64	$A40,40*4-96($A_flat){$k11111}
+
+	vzeroupper
+
+	lea	(%r11),%rsp
+	lea	($len,$bsz),%rax		# return value
+	ret
+.size	SHA3_absorb,.-SHA3_absorb
+
+.globl	SHA3_squeeze
+.type	SHA3_squeeze,\@function
+.align	32
+SHA3_squeeze:
+	mov	%rsp,%r11
+
+	lea	96($A_flat),$A_flat
+	cmp	$bsz,$len
+	jbe	.Lno_output_extension_avx512
+
+	lea		theta_perm(%rip),%r8
+
+	kxnorw		$k11111,$k11111,$k11111
+	kshiftrw	\$15,$k11111,$k00001
+	kshiftrw	\$11,$k11111,$k11111
+	kshiftlw	\$1,$k00001,$k00010
+	kshiftlw	\$2,$k00001,$k00100
+	kshiftlw	\$3,$k00001,$k01000
+	kshiftlw	\$4,$k00001,$k10000
+
+	#vmovdqa64	64*0(%r8),@Theta[0]
+	vmovdqa64	64*1(%r8),@Theta[1]
+	vmovdqa64	64*2(%r8),@Theta[2]
+	vmovdqa64	64*3(%r8),@Theta[3]
+	vmovdqa64	64*4(%r8),@Theta[4]
+
+	vmovdqa64	64*5(%r8),@Rhotate1[0]
+	vmovdqa64	64*6(%r8),@Rhotate1[1]
+	vmovdqa64	64*7(%r8),@Rhotate1[2]
+	vmovdqa64	64*8(%r8),@Rhotate1[3]
+	vmovdqa64	64*9(%r8),@Rhotate1[4]
+
+	vmovdqa64	64*10(%r8),@Rhotate0[0]
+	vmovdqa64	64*11(%r8),@Rhotate0[1]
+	vmovdqa64	64*12(%r8),@Rhotate0[2]
+	vmovdqa64	64*13(%r8),@Rhotate0[3]
+	vmovdqa64	64*14(%r8),@Rhotate0[4]
+
+	vmovdqa64	64*15(%r8),@Pi0[0]
+	vmovdqa64	64*16(%r8),@Pi0[1]
+	vmovdqa64	64*17(%r8),@Pi0[2]
+	vmovdqa64	64*18(%r8),@Pi0[3]
+	vmovdqa64	64*19(%r8),@Pi0[4]
+
+	vmovdqu64	40*0-96($A_flat),${A00}{$k11111}{z}
+	vmovdqu64	40*1-96($A_flat),${A10}{$k11111}{z}
+	vmovdqu64	40*2-96($A_flat),${A20}{$k11111}{z}
+	vmovdqu64	40*3-96($A_flat),${A30}{$k11111}{z}
+	vmovdqu64	40*4-96($A_flat),${A40}{$k11111}{z}
+
+.Lno_output_extension_avx512:
+	shr	\$3,$bsz
+	lea	-96($A_flat),%r9
+	mov	$bsz,%rax
+	jmp	.Loop_squeeze_avx512
+
+.align	32
+.Loop_squeeze_avx512:
+	cmp	\$8,$len
+	jb	.Ltail_squeeze_avx512
+
+	mov	(%r9),%r8
+	lea	8(%r9),%r9
+	mov	%r8,($out)
+	lea	8($out),$out
+	sub	\$8,$len		# len -= 8
+	jz	.Ldone_squeeze_avx512
+
+	sub	\$1,%rax		# bsz--
+	jnz	.Loop_squeeze_avx512
+
+	#vpermq		@Theta[4],@Theta[4],@Theta[3]
+	#vpermq		@Theta[3],@Theta[4],@Theta[2]
+	#vpermq		@Theta[3],@Theta[3],@Theta[1]
+
+	call		__KeccakF1600
+
+	vmovdqu64	$A00,40*0-96($A_flat){$k11111}
+	vmovdqu64	$A10,40*1-96($A_flat){$k11111}
+	vmovdqu64	$A20,40*2-96($A_flat){$k11111}
+	vmovdqu64	$A30,40*3-96($A_flat){$k11111}
+	vmovdqu64	$A40,40*4-96($A_flat){$k11111}
+
+	lea	-96($A_flat),%r9
+	mov	$bsz,%rax
+	jmp	.Loop_squeeze_avx512
+
+.Ltail_squeeze_avx512:
+	mov	$out,%rdi
+	mov	%r9,%rsi
+	mov	$len,%rcx
+	.byte	0xf3,0xa4		# rep movsb
+
+.Ldone_squeeze_avx512:
+	vzeroupper
+
+	lea	(%r11),%rsp
+	ret
+.size	SHA3_squeeze,.-SHA3_squeeze
+
+.align	64
+theta_perm:
+	.quad	0, 1, 2, 3, 4, 5, 6, 7		# [not used]
+	.quad	4, 0, 1, 2, 3, 5, 6, 7
+	.quad	3, 4, 0, 1, 2, 5, 6, 7
+	.quad	2, 3, 4, 0, 1, 5, 6, 7
+	.quad	1, 2, 3, 4, 0, 5, 6, 7
+
+rhotates1:
+	.quad	0,  44, 43, 21, 14, 0, 0, 0	# [0][0] [1][1] [2][2] [3][3] [4][4]
+	.quad	18, 1,  6,  25, 8,  0, 0, 0	# [4][0] [0][1] [1][2] [2][3] [3][4]
+	.quad	41, 2,	62, 55, 39, 0, 0, 0	# [3][0] [4][1] [0][2] [1][3] [2][4]
+	.quad	3,  45, 61, 28, 20, 0, 0, 0	# [2][0] [3][1] [4][2] [0][3] [1][4]
+	.quad	36, 10, 15, 56, 27, 0, 0, 0	# [1][0] [2][1] [3][2] [4][3] [0][4]
+
+rhotates0:
+	.quad	 0,  1, 62, 28, 27, 0, 0, 0
+	.quad	36, 44,  6, 55, 20, 0, 0, 0
+	.quad	 3, 10, 43, 25, 39, 0, 0, 0
+	.quad	41, 45, 15, 21,  8, 0, 0, 0
+	.quad	18,  2, 61, 56, 14, 0, 0, 0
+
+pi0_perm:
+	.quad	0, 3, 1, 4, 2, 5, 6, 7
+	.quad	1, 4, 2, 0, 3, 5, 6, 7
+	.quad	2, 0, 3, 1, 4, 5, 6, 7
+	.quad	3, 1, 4, 2, 0, 5, 6, 7
+	.quad	4, 2, 0, 3, 1, 5, 6, 7
+
+
+iotas:
+	.quad	0x0000000000000001
+	.quad	0x0000000000008082
+	.quad	0x800000000000808a
+	.quad	0x8000000080008000
+	.quad	0x000000000000808b
+	.quad	0x0000000080000001
+	.quad	0x8000000080008081
+	.quad	0x8000000000008009
+	.quad	0x000000000000008a
+	.quad	0x0000000000000088
+	.quad	0x0000000080008009
+	.quad	0x000000008000000a
+	.quad	0x000000008000808b
+	.quad	0x800000000000008b
+	.quad	0x8000000000008089
+	.quad	0x8000000000008003
+	.quad	0x8000000000008002
+	.quad	0x8000000000000080
+	.quad	0x000000000000800a
+	.quad	0x800000008000000a
+	.quad	0x8000000080008081
+	.quad	0x8000000000008080
+	.quad	0x0000000080000001
+	.quad	0x8000000080008008
+
+.asciz	"Keccak-1600 absorb and squeeze for AVX-512F, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+$output=pop;
+open STDOUT,">$output";
+print $code;
+close STDOUT;
diff --git a/deps/openssl/openssl/crypto/sha/asm/keccak1600-avx512vl.pl b/deps/openssl/openssl/crypto/sha/asm/keccak1600-avx512vl.pl
new file mode 100755
index 0000000000..a21bb8615a
--- /dev/null
+++ b/deps/openssl/openssl/crypto/sha/asm/keccak1600-avx512vl.pl
@@ -0,0 +1,392 @@
+#!/usr/bin/env perl
+# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# Keccak-1600 for AVX512VL.
+#
+# December 2017.
+#
+# This is an adaptation of AVX2 module that reuses register data
+# layout, but utilizes new 256-bit AVX512VL instructions. See AVX2
+# module for further information on layout.
+#
+########################################################################
+# Numbers are cycles per processed byte out of large message.
+#
+#			r=1088(*)
+#
+# Skylake-X		6.4/+47%
+#
+# (*)	Corresponds to SHA3-256. Percentage after slash is improvement
+#	coefficient in comparison to scalar keccak1600-x86_64.pl.
+
+# Digits in variables' names denote right-most coordinates:
+
+my ($A00,	# [0][0] [0][0] [0][0] [0][0]		# %ymm0
+    $A01,	# [0][4] [0][3] [0][2] [0][1]		# %ymm1
+    $A20,	# [3][0] [1][0] [4][0] [2][0]		# %ymm2
+    $A31,	# [2][4] [4][3] [1][2] [3][1]		# %ymm3
+    $A21,	# [3][4] [1][3] [4][2] [2][1]		# %ymm4
+    $A41,	# [1][4] [2][3] [3][2] [4][1]		# %ymm5
+    $A11) =	# [4][4] [3][3] [2][2] [1][1]		# %ymm6
+    map("%ymm$_",(0..6));
+
+# We also need to map the magic order into offsets within structure:
+
+my @A_jagged = ([0,0], [1,0], [1,1], [1,2], [1,3],	# [0][0..4]
+		[2,2], [6,0], [3,1], [4,2], [5,3],	# [1][0..4]
+		[2,0], [4,0], [6,1], [5,2], [3,3],	# [2][0..4]
+		[2,3], [3,0], [5,1], [6,2], [4,3],	# [3][0..4]
+		[2,1], [5,0], [4,1], [3,2], [6,3]);	# [4][0..4]
+   @A_jagged = map(8*($$_[0]*4+$$_[1]), @A_jagged);	# ... and now linear
+
+my @T = map("%ymm$_",(7..15));
+my ($C14,$C00,$D00,$D14) = @T[5..8];
+my ($R20,$R01,$R31,$R21,$R41,$R11) = map("%ymm$_",(16..21));
+
+$code.=<<___;
+.text
+
+.type	__KeccakF1600,\@function
+.align	32
+__KeccakF1600:
+	lea		iotas(%rip),%r10
+	mov		\$24,%eax
+	jmp		.Loop_avx512vl
+
+.align	32
+.Loop_avx512vl:
+	######################################### Theta
+	vpshufd		\$0b01001110,$A20,$C00
+	vpxor		$A31,$A41,$C14
+	vpxor		$A11,$A21,@T[2]
+	vpternlogq	\$0x96,$A01,$T[2],$C14	# C[1..4]
+
+	vpxor		$A20,$C00,$C00
+	vpermq		\$0b01001110,$C00,@T[0]
+
+	vpermq		\$0b10010011,$C14,@T[4]
+	vprolq		\$1,$C14,@T[1]		# ROL64(C[1..4],1)
+
+	vpermq		\$0b00111001,@T[1],$D14
+	vpxor		@T[4],@T[1],$D00
+	vpermq		\$0b00000000,$D00,$D00	# D[0..0] = ROL64(C[1],1) ^ C[4]
+
+	vpternlogq	\$0x96,@T[0],$A00,$C00	# C[0..0]
+	vprolq		\$1,$C00,@T[1]		# ROL64(C[0..0],1)
+
+	vpxor		$D00,$A00,$A00		# ^= D[0..0]
+
+	vpblendd	\$0b11000000,@T[1],$D14,$D14
+	vpblendd	\$0b00000011,$C00,@T[4],@T[0]
+
+	######################################### Rho + Pi + pre-Chi shuffle
+	 vpxor		$D00,$A20,$A20		# ^= D[0..0] from Theta
+	vprolvq		$R20,$A20,$A20
+
+	 vpternlogq	\$0x96,@T[0],$D14,$A31	# ^= D[1..4] from Theta
+	vprolvq		$R31,$A31,$A31
+
+	 vpternlogq	\$0x96,@T[0],$D14,$A21	# ^= D[1..4] from Theta
+	vprolvq		$R21,$A21,$A21
+
+	 vpternlogq	\$0x96,@T[0],$D14,$A41	# ^= D[1..4] from Theta
+	vprolvq		$R41,$A41,$A41
+
+	 vpermq		\$0b10001101,$A20,@T[3]	# $A20 -> future $A31
+	 vpermq		\$0b10001101,$A31,@T[4]	# $A31 -> future $A21
+	 vpternlogq	\$0x96,@T[0],$D14,$A11	# ^= D[1..4] from Theta
+	vprolvq		$R11,$A11,@T[1]		# $A11 -> future $A01
+
+	 vpermq		\$0b00011011,$A21,@T[5]	# $A21 -> future $A41
+	 vpermq		\$0b01110010,$A41,@T[6]	# $A41 -> future $A11
+	 vpternlogq	\$0x96,@T[0],$D14,$A01	# ^= D[1..4] from Theta
+	vprolvq		$R01,$A01,@T[2]		# $A01 -> future $A20
+
+	######################################### Chi
+	vpblendd	\$0b00001100,@T[6],@T[2],$A31	#               [4][4] [2][0]
+	vpblendd	\$0b00001100,@T[2],@T[4],@T[8]	#               [4][0] [2][1]
+	 vpblendd	\$0b00001100,@T[4],@T[3],$A41	#               [4][2] [2][4]
+	 vpblendd	\$0b00001100,@T[3],@T[2],@T[7]	#               [4][3] [2][0]
+	vpblendd	\$0b00110000,@T[4],$A31,$A31	#        [1][3] [4][4] [2][0]
+	vpblendd	\$0b00110000,@T[5],@T[8],@T[8]	#        [1][4] [4][0] [2][1]
+	 vpblendd	\$0b00110000,@T[2],$A41,$A41	#        [1][0] [4][2] [2][4]
+	 vpblendd	\$0b00110000,@T[6],@T[7],@T[7]	#        [1][1] [4][3] [2][0]
+	vpblendd	\$0b11000000,@T[5],$A31,$A31	# [3][2] [1][3] [4][4] [2][0]
+	vpblendd	\$0b11000000,@T[6],@T[8],@T[8]	# [3][3] [1][4] [4][0] [2][1]
+	 vpblendd	\$0b11000000,@T[6],$A41,$A41	# [3][3] [1][0] [4][2] [2][4]
+	 vpblendd	\$0b11000000,@T[4],@T[7],@T[7]	# [3][4] [1][1] [4][3] [2][0]
+	vpternlogq	\$0xC6,@T[8],@T[3],$A31		# [3][1] [1][2] [4][3] [2][4]
+	 vpternlogq	\$0xC6,@T[7],@T[5],$A41		# [3][2] [1][4] [4][1] [2][3]
+
+	vpsrldq		\$8,@T[1],@T[0]
+	vpandn		@T[0],@T[1],@T[0]	# tgting  [0][0] [0][0] [0][0] [0][0]
+
+	vpblendd	\$0b00001100,@T[2],@T[5],$A11	#               [4][0] [2][3]
+	vpblendd	\$0b00001100,@T[5],@T[3],@T[8]	#               [4][1] [2][4]
+	vpblendd	\$0b00110000,@T[3],$A11,$A11	#        [1][2] [4][0] [2][3]
+	vpblendd	\$0b00110000,@T[4],@T[8],@T[8]	#        [1][3] [4][1] [2][4]
+	vpblendd	\$0b11000000,@T[4],$A11,$A11	# [3][4] [1][2] [4][0] [2][3]
+	vpblendd	\$0b11000000,@T[2],@T[8],@T[8]	# [3][0] [1][3] [4][1] [2][4]
+	vpternlogq	\$0xC6,@T[8],@T[6],$A11		# [3][3] [1][1] [4][4] [2][2]
+
+	  vpermq	\$0b00011110,@T[1],$A21		# [0][1] [0][2] [0][4] [0][3]
+	  vpblendd	\$0b00110000,$A00,$A21,@T[8]	# [0][1] [0][0] [0][4] [0][3]
+	  vpermq	\$0b00111001,@T[1],$A01		# [0][1] [0][4] [0][3] [0][2]
+	  vpblendd	\$0b11000000,$A00,$A01,$A01	# [0][0] [0][4] [0][3] [0][2]
+
+	vpblendd	\$0b00001100,@T[5],@T[4],$A20	#               [4][1] [2][1]
+	vpblendd	\$0b00001100,@T[4],@T[6],@T[7]	#               [4][2] [2][2]
+	vpblendd	\$0b00110000,@T[6],$A20,$A20	#        [1][1] [4][1] [2][1]
+	vpblendd	\$0b00110000,@T[3],@T[7],@T[7]	#        [1][2] [4][2] [2][2]
+	vpblendd	\$0b11000000,@T[3],$A20,$A20	# [3][1] [1][1] [4][1] [2][1]
+	vpblendd	\$0b11000000,@T[5],@T[7],@T[7]	# [3][2] [1][2] [4][2] [2][2]
+	vpternlogq	\$0xC6,@T[7],@T[2],$A20		# [3][0] [1][0] [4][0] [2][0]
+
+	 vpermq		\$0b00000000,@T[0],@T[0]	# [0][0] [0][0] [0][0] [0][0]
+	 vpermq		\$0b00011011,$A31,$A31		# post-Chi shuffle
+	 vpermq		\$0b10001101,$A41,$A41
+	 vpermq		\$0b01110010,$A11,$A11
+
+	vpblendd	\$0b00001100,@T[3],@T[6],$A21	#               [4][3] [2][2]
+	vpblendd	\$0b00001100,@T[6],@T[5],@T[7]	#               [4][4] [2][3]
+	vpblendd	\$0b00110000,@T[5],$A21,$A21	#        [1][4] [4][3] [2][2]
+	vpblendd	\$0b00110000,@T[2],@T[7],@T[7]	#        [1][0] [4][4] [2][3]
+	vpblendd	\$0b11000000,@T[2],$A21,$A21	# [3][0] [1][4] [4][3] [2][2]
+	vpblendd	\$0b11000000,@T[3],@T[7],@T[7]	# [3][1] [1][0] [4][4] [2][3]
+
+	vpternlogq	\$0xC6,@T[8],@T[1],$A01		# [0][4] [0][3] [0][2] [0][1]
+	vpternlogq	\$0xC6,@T[7],@T[4],$A21		# [3][4] [1][3] [4][2] [2][1]
+
+	######################################### Iota
+	vpternlogq	\$0x96,(%r10),@T[0],$A00
+	lea		32(%r10),%r10
+
+	dec		%eax
+	jnz		.Loop_avx512vl
+
+	ret
+.size	__KeccakF1600,.-__KeccakF1600
+___
+my ($A_flat,$inp,$len,$bsz) = ("%rdi","%rsi","%rdx","%rcx");
+my  $out = $inp;	# in squeeze
+
+$code.=<<___;
+.globl	SHA3_absorb
+.type	SHA3_absorb,\@function
+.align	32
+SHA3_absorb:
+	mov	%rsp,%r11
+
+	lea	-240(%rsp),%rsp
+	and	\$-32,%rsp
+
+	lea	96($A_flat),$A_flat
+	lea	96($inp),$inp
+	lea	96(%rsp),%r10
+	lea	rhotates_left(%rip),%r8
+
+	vzeroupper
+
+	vpbroadcastq	-96($A_flat),$A00	# load A[5][5]
+	vmovdqu		8+32*0-96($A_flat),$A01
+	vmovdqu		8+32*1-96($A_flat),$A20
+	vmovdqu		8+32*2-96($A_flat),$A31
+	vmovdqu		8+32*3-96($A_flat),$A21
+	vmovdqu		8+32*4-96($A_flat),$A41
+	vmovdqu		8+32*5-96($A_flat),$A11
+
+	vmovdqa64	0*32(%r8),$R20		# load "rhotate" indices
+	vmovdqa64	1*32(%r8),$R01
+	vmovdqa64	2*32(%r8),$R31
+	vmovdqa64	3*32(%r8),$R21
+	vmovdqa64	4*32(%r8),$R41
+	vmovdqa64	5*32(%r8),$R11
+
+	vpxor		@T[0],@T[0],@T[0]
+	vmovdqa		@T[0],32*2-96(%r10)	# zero transfer area on stack
+	vmovdqa		@T[0],32*3-96(%r10)
+	vmovdqa		@T[0],32*4-96(%r10)
+	vmovdqa		@T[0],32*5-96(%r10)
+	vmovdqa		@T[0],32*6-96(%r10)
+
+.Loop_absorb_avx512vl:
+	mov		$bsz,%rax
+	sub		$bsz,$len
+	jc		.Ldone_absorb_avx512vl
+
+	shr		\$3,%eax
+	vpbroadcastq	0-96($inp),@T[0]
+	vmovdqu		8-96($inp),@T[1]
+	sub		\$4,%eax
+___
+for(my $i=5; $i<25; $i++) {
+$code.=<<___
+	dec	%eax
+	jz	.Labsorved_avx512vl
+	mov	8*$i-96($inp),%r8
+	mov	%r8,$A_jagged[$i]-96(%r10)
+___
+}
+$code.=<<___;
+.Labsorved_avx512vl:
+	lea	($inp,$bsz),$inp
+
+	vpxor	@T[0],$A00,$A00
+	vpxor	@T[1],$A01,$A01
+	vpxor	32*2-96(%r10),$A20,$A20
+	vpxor	32*3-96(%r10),$A31,$A31
+	vpxor	32*4-96(%r10),$A21,$A21
+	vpxor	32*5-96(%r10),$A41,$A41
+	vpxor	32*6-96(%r10),$A11,$A11
+
+	call	__KeccakF1600
+
+	lea	96(%rsp),%r10
+	jmp	.Loop_absorb_avx512vl
+
+.Ldone_absorb_avx512vl:
+	vmovq	%xmm0,-96($A_flat)
+	vmovdqu	$A01,8+32*0-96($A_flat)
+	vmovdqu	$A20,8+32*1-96($A_flat)
+	vmovdqu	$A31,8+32*2-96($A_flat)
+	vmovdqu	$A21,8+32*3-96($A_flat)
+	vmovdqu	$A41,8+32*4-96($A_flat)
+	vmovdqu	$A11,8+32*5-96($A_flat)
+
+	vzeroupper
+
+	lea	(%r11),%rsp
+	lea	($len,$bsz),%rax		# return value
+	ret
+.size	SHA3_absorb,.-SHA3_absorb
+
+.globl	SHA3_squeeze
+.type	SHA3_squeeze,\@function
+.align	32
+SHA3_squeeze:
+	mov	%rsp,%r11
+
+	lea	96($A_flat),$A_flat
+	lea	rhotates_left(%rip),%r8
+	shr	\$3,$bsz
+
+	vzeroupper
+
+	vpbroadcastq	-96($A_flat),$A00
+	vpxor		@T[0],@T[0],@T[0]
+	vmovdqu		8+32*0-96($A_flat),$A01
+	vmovdqu		8+32*1-96($A_flat),$A20
+	vmovdqu		8+32*2-96($A_flat),$A31
+	vmovdqu		8+32*3-96($A_flat),$A21
+	vmovdqu		8+32*4-96($A_flat),$A41
+	vmovdqu		8+32*5-96($A_flat),$A11
+
+	vmovdqa64	0*32(%r8),$R20		# load "rhotate" indices
+	vmovdqa64	1*32(%r8),$R01
+	vmovdqa64	2*32(%r8),$R31
+	vmovdqa64	3*32(%r8),$R21
+	vmovdqa64	4*32(%r8),$R41
+	vmovdqa64	5*32(%r8),$R11
+
+	mov	$bsz,%rax
+
+.Loop_squeeze_avx512vl:
+	mov	@A_jagged[$i]-96($A_flat),%r8
+___
+for (my $i=0; $i<25; $i++) {
+$code.=<<___;
+	sub	\$8,$len
+	jc	.Ltail_squeeze_avx512vl
+	mov	%r8,($out)
+	lea	8($out),$out
+	je	.Ldone_squeeze_avx512vl
+	dec	%eax
+	je	.Lextend_output_avx512vl
+	mov	@A_jagged[$i+1]-120($A_flat),%r8
+___
+}
+$code.=<<___;
+.Lextend_output_avx512vl:
+	call	__KeccakF1600
+
+	vmovq	%xmm0,-96($A_flat)
+	vmovdqu	$A01,8+32*0-96($A_flat)
+	vmovdqu	$A20,8+32*1-96($A_flat)
+	vmovdqu	$A31,8+32*2-96($A_flat)
+	vmovdqu	$A21,8+32*3-96($A_flat)
+	vmovdqu	$A41,8+32*4-96($A_flat)
+	vmovdqu	$A11,8+32*5-96($A_flat)
+
+	mov	$bsz,%rax
+	jmp	.Loop_squeeze_avx512vl
+
+
+.Ltail_squeeze_avx512vl:
+	add	\$8,$len
+.Loop_tail_avx512vl:
+	mov	%r8b,($out)
+	lea	1($out),$out
+	shr	\$8,%r8
+	dec	$len
+	jnz	.Loop_tail_avx512vl
+
+.Ldone_squeeze_avx512vl:
+	vzeroupper
+
+	lea	(%r11),%rsp
+	ret
+.size	SHA3_squeeze,.-SHA3_squeeze
+
+.align	64
+rhotates_left:
+	.quad	3,	18,	36,	41	# [2][0] [4][0] [1][0] [3][0]
+	.quad	1,	62,	28,	27	# [0][1] [0][2] [0][3] [0][4]
+	.quad	45,	6,	56,	39	# [3][1] [1][2] [4][3] [2][4]
+	.quad	10,	61,	55,	8	# [2][1] [4][2] [1][3] [3][4]
+	.quad	2,	15,	25,	20	# [4][1] [3][2] [2][3] [1][4]
+	.quad	44,	43,	21,	14	# [1][1] [2][2] [3][3] [4][4]
+iotas:
+	.quad	0x0000000000000001, 0x0000000000000001, 0x0000000000000001, 0x0000000000000001
+	.quad	0x0000000000008082, 0x0000000000008082, 0x0000000000008082, 0x0000000000008082
+	.quad	0x800000000000808a, 0x800000000000808a, 0x800000000000808a, 0x800000000000808a
+	.quad	0x8000000080008000, 0x8000000080008000, 0x8000000080008000, 0x8000000080008000
+	.quad	0x000000000000808b, 0x000000000000808b, 0x000000000000808b, 0x000000000000808b
+	.quad	0x0000000080000001, 0x0000000080000001, 0x0000000080000001, 0x0000000080000001
+	.quad	0x8000000080008081, 0x8000000080008081, 0x8000000080008081, 0x8000000080008081
+	.quad	0x8000000000008009, 0x8000000000008009, 0x8000000000008009, 0x8000000000008009
+	.quad	0x000000000000008a, 0x000000000000008a, 0x000000000000008a, 0x000000000000008a
+	.quad	0x0000000000000088, 0x0000000000000088, 0x0000000000000088, 0x0000000000000088
+	.quad	0x0000000080008009, 0x0000000080008009, 0x0000000080008009, 0x0000000080008009
+	.quad	0x000000008000000a, 0x000000008000000a, 0x000000008000000a, 0x000000008000000a
+	.quad	0x000000008000808b, 0x000000008000808b, 0x000000008000808b, 0x000000008000808b
+	.quad	0x800000000000008b, 0x800000000000008b, 0x800000000000008b, 0x800000000000008b
+	.quad	0x8000000000008089, 0x8000000000008089, 0x8000000000008089, 0x8000000000008089
+	.quad	0x8000000000008003, 0x8000000000008003, 0x8000000000008003, 0x8000000000008003
+	.quad	0x8000000000008002, 0x8000000000008002, 0x8000000000008002, 0x8000000000008002
+	.quad	0x8000000000000080, 0x8000000000000080, 0x8000000000000080, 0x8000000000000080
+	.quad	0x000000000000800a, 0x000000000000800a, 0x000000000000800a, 0x000000000000800a
+	.quad	0x800000008000000a, 0x800000008000000a, 0x800000008000000a, 0x800000008000000a
+	.quad	0x8000000080008081, 0x8000000080008081, 0x8000000080008081, 0x8000000080008081
+	.quad	0x8000000000008080, 0x8000000000008080, 0x8000000000008080, 0x8000000000008080
+	.quad	0x0000000080000001, 0x0000000080000001, 0x0000000080000001, 0x0000000080000001
+	.quad	0x8000000080008008, 0x8000000080008008, 0x8000000080008008, 0x8000000080008008
+
+.asciz	"Keccak-1600 absorb and squeeze for AVX512VL, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+$output=pop;
+open STDOUT,">$output";
+print $code;
+close STDOUT;
diff --git a/deps/openssl/openssl/crypto/sha/asm/keccak1600-c64x.pl b/deps/openssl/openssl/crypto/sha/asm/keccak1600-c64x.pl
new file mode 100755
index 0000000000..b00af9af91
--- /dev/null
+++ b/deps/openssl/openssl/crypto/sha/asm/keccak1600-c64x.pl
@@ -0,0 +1,885 @@
+#!/usr/bin/env perl
+# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# [ABI- and endian-neutral] Keccak-1600 for C64x.
+#
+# June 2017.
+#
+# This is straightforward KECCAK_1X_ALT variant (see sha/keccak1600.c)
+# with bit interleaving. 64-bit values are simply split between A- and
+# B-files, with A-file holding least significant halves. This works
+# out perfectly, because all operations including cross-communications
+# [in rotate operations] are always complementary. Performance is
+# [incredible for a 32-bit processor] 10.9 cycles per processed byte
+# for r=1088, which corresponds to SHA3-256. This is >15x faster than
+# compiler-generated KECCAK_1X_ALT code, and >10x than other variants.
+# On average processor ends up issuing ~4.5 instructions per cycle...
+
+my @A = map([ $_, ($_+1), ($_+2), ($_+3), ($_+4) ], (5,10,16,21,26));
+   $A[1][4] = 31;	# B14 is reserved, A14 is used as iota[]
+   ($A[3][0],$A[4][1]) = ($A[4][1],$A[3][0]);
+my @C = (0..4,$A[3][0],$A[4][0]);
+my $iotas = "A14";
+
+my @rhotates = ([  0,  1, 62, 28, 27 ],
+                [ 36, 44,  6, 55, 20 ],
+                [  3, 10, 43, 25, 39 ],
+                [ 41, 45, 15, 21,  8 ],
+                [ 18,  2, 61, 56, 14 ]);
+
+sub ROL64 {
+    my ($src,$rot,$dst,$p) = @_;
+
+    if ($rot&1) {
+$code.=<<___;
+$p	ROTL	B$src,$rot/2+1,A$dst
+||	ROTL	A$src,$rot/2,  B$dst
+___
+    } else {
+$code.=<<___;
+$p	ROTL	A$src,$rot/2,A$dst
+||	ROTL	B$src,$rot/2,B$dst
+___
+    }
+}
+
+########################################################################
+# Stack frame layout
+#
+# SP--->+------+------+
+#       |      |      |
+# +1--->+------+------+<- -9	below 4 slots are used by KeccakF1600_int
+#       |      |      |
+# +2--->+------+------+<- -8
+#       |      |      |
+# +3--->+------+------+<- -7
+#       | A2   | A3   |		A3:A2 are preserved by KeccakF1600_int
+# +4--->+------+------+<- -6
+#       | B2   | B3   |		B3:B2 are preserved by KeccakF1600_int
+# +5--->+------+------+<- -5	below is ABI-compliant layout
+#       | A10  | A11  |
+# +6--->+------+------+<- -4
+#       | A12  | A13  |
+# +7--->+------+------+<- -3
+#       | A14  | B3   |
+# +8--->+------+------+<- -2
+#       | B10  | B11  |
+# +9--->+------+------+<- -1
+#       | B12  | B13  |
+#       +------+------+<---FP
+#       | A15  |
+#       +------+--
+
+$code.=<<___;
+	.text
+
+	.if	.ASSEMBLER_VERSION<7000000
+	.asg	0,__TI_EABI__
+	.endif
+	.if	__TI_EABI__
+	.nocmp
+	.asg	KeccakF1600,_KeccakF1600
+	.asg	SHA3_absorb,_SHA3_absorb
+	.asg	SHA3_squeeze,_SHA3_squeeze
+	.endif
+
+	.asg	B3,RA
+	.asg	A15,FP
+	.asg	B15,SP
+
+	.align	32
+_KeccakF1600_int:
+	.asmfunc
+	STDW	A3:A2,*FP[-7]
+||	STDW	B3:B2,*SP[4]
+_KeccakF1600_cheat:
+	.if	__TI_EABI__
+	ADDKPC	_KeccakF1600_int,B0
+||	MVKL	\$PCR_OFFSET(iotas,_KeccakF1600_int),$iotas
+	MVKH	\$PCR_OFFSET(iotas,_KeccakF1600_int),$iotas
+	.else
+	ADDKPC	_KeccakF1600_int,B0
+||	MVKL	(iotas-_KeccakF1600_int),$iotas
+	MVKH	(iotas-_KeccakF1600_int),$iotas
+	.endif
+	ADD	B0,$iotas,$iotas
+loop?:
+	XOR	A$A[0][2],A$A[1][2],A$C[2]	; Theta
+||	XOR	B$A[0][2],B$A[1][2],B$C[2]
+||	XOR	A$A[0][3],A$A[1][3],A$C[3]
+||	XOR	B$A[0][3],B$A[1][3],B$C[3]
+||	XOR	A$A[0][0],A$A[1][0],A$C[0]
+||	XOR	B$A[0][0],B$A[1][0],B$C[0]
+	XOR	A$A[2][2],A$C[2],A$C[2]
+||	XOR	B$A[2][2],B$C[2],B$C[2]
+||	XOR	A$A[2][3],A$C[3],A$C[3]
+||	XOR	B$A[2][3],B$C[3],B$C[3]
+||	XOR	A$A[2][0],A$C[0],A$C[0]
+||	XOR	B$A[2][0],B$C[0],B$C[0]
+	XOR	A$A[3][2],A$C[2],A$C[2]
+||	XOR	B$A[3][2],B$C[2],B$C[2]
+||	XOR	A$A[3][3],A$C[3],A$C[3]
+||	XOR	B$A[3][3],B$C[3],B$C[3]
+||	XOR	A$A[3][0],A$C[0],A$C[0]
+||	XOR	B$A[3][0],B$C[0],B$C[0]
+	XOR	A$A[4][2],A$C[2],A$C[2]
+||	XOR	B$A[4][2],B$C[2],B$C[2]
+||	XOR	A$A[4][3],A$C[3],A$C[3]
+||	XOR	B$A[4][3],B$C[3],B$C[3]
+||	XOR	A$A[4][0],A$C[0],A$C[0]
+||	XOR	B$A[4][0],B$C[0],B$C[0]
+	XOR	A$A[0][4],A$A[1][4],A$C[4]
+||	XOR	B$A[0][4],B$A[1][4],B$C[4]
+||	XOR	A$A[0][1],A$A[1][1],A$C[1]
+||	XOR	B$A[0][1],B$A[1][1],B$C[1]
+||	STDW	A$A[3][0]:A$A[4][0],*SP[1]	; offload some data
+	STDW	B$A[3][0]:B$A[4][0],*SP[2]
+||	XOR	A$A[2][4],A$C[4],A$C[4]
+||	XOR	B$A[2][4],B$C[4],B$C[4]
+||	XOR	A$A[2][1],A$C[1],A$C[1]
+||	XOR	B$A[2][1],B$C[1],B$C[1]
+||	ROTL	B$C[2],1,A$C[5]			; ROL64(C[2],1)
+||	ROTL	A$C[2],0,B$C[5]
+	XOR	A$A[3][4],A$C[4],A$C[4]
+||	XOR	B$A[3][4],B$C[4],B$C[4]
+||	XOR	A$A[3][1],A$C[1],A$C[1]
+||	XOR	B$A[3][1],B$C[1],B$C[1]
+||	ROTL	B$C[3],1,A$C[6]			; ROL64(C[3],1)
+||	ROTL	A$C[3],0,B$C[6]
+	XOR	A$A[4][4],A$C[4],A$C[4]
+||	XOR	B$A[4][4],B$C[4],B$C[4]
+||	XOR	A$A[4][1],A$C[1],A$C[1]
+||	XOR	B$A[4][1],B$C[1],B$C[1]
+||	XOR	A$C[0],A$C[5],A$C[5]		; C[0] ^ ROL64(C[2],1)
+||	XOR	B$C[0],B$C[5],B$C[5]
+	XOR	A$C[5],A$A[0][1],A$A[0][1]
+||	XOR	B$C[5],B$A[0][1],B$A[0][1]
+||	XOR	A$C[5],A$A[1][1],A$A[1][1]
+||	XOR	B$C[5],B$A[1][1],B$A[1][1]
+||	XOR	A$C[5],A$A[2][1],A$A[2][1]
+||	XOR	B$C[5],B$A[2][1],B$A[2][1]
+	XOR	A$C[5],A$A[3][1],A$A[3][1]
+||	XOR	B$C[5],B$A[3][1],B$A[3][1]
+||	XOR	A$C[5],A$A[4][1],A$A[4][1]
+||	XOR	B$C[5],B$A[4][1],B$A[4][1]
+||	ROTL	B$C[4],1,A$C[5]			; ROL64(C[4],1)
+||	ROTL	A$C[4],0,B$C[5]
+||	XOR	A$C[1],A$C[6],A$C[6]		; C[1] ^ ROL64(C[3],1)
+||	XOR	B$C[1],B$C[6],B$C[6]
+	XOR	A$C[6],A$A[0][2],A$A[0][2]
+||	XOR	B$C[6],B$A[0][2],B$A[0][2]
+||	XOR	A$C[6],A$A[1][2],A$A[1][2]
+||	XOR	B$C[6],B$A[1][2],B$A[1][2]
+||	XOR	A$C[6],A$A[2][2],A$A[2][2]
+||	XOR	B$C[6],B$A[2][2],B$A[2][2]
+||	ROTL	B$C[1],1,A$C[1]			; ROL64(C[1],1)
+||	ROTL	A$C[1],0,B$C[1]
+	XOR	A$C[6],A$A[3][2],A$A[3][2]
+||	XOR	B$C[6],B$A[3][2],B$A[3][2]
+||	XOR	A$C[6],A$A[4][2],A$A[4][2]
+||	XOR	B$C[6],B$A[4][2],B$A[4][2]
+||	ROTL	B$C[0],1,A$C[6]			; ROL64(C[0],1)
+||	ROTL	A$C[0],0,B$C[6]
+||	XOR	A$C[5],A$C[2],A$C[2]		; C[2] ^= ROL64(C[4],1)
+||	XOR	B$C[5],B$C[2],B$C[2]
+	XOR	A$C[2],A$A[0][3],A$A[0][3]
+||	XOR	B$C[2],B$A[0][3],B$A[0][3]
+||	XOR	A$C[2],A$A[1][3],A$A[1][3]
+||	XOR	B$C[2],B$A[1][3],B$A[1][3]
+||	XOR	A$C[2],A$A[2][3],A$A[2][3]
+||	XOR	B$C[2],B$A[2][3],B$A[2][3]
+	XOR	A$C[6],A$C[3],A$C[3]		; C[3] ^= ROL64(C[0],1)
+||	XOR	B$C[6],B$C[3],B$C[3]
+||	LDDW	*FP[-9],A$A[3][0]:A$A[4][0]	; restore offloaded data
+||	LDDW	*SP[2],B$A[3][0]:B$A[4][0]
+||	XOR	A$C[2],A$A[3][3],A$A[3][3]
+||	XOR	B$C[2],B$A[3][3],B$A[3][3]
+	XOR	A$C[2],A$A[4][3],A$A[4][3]
+||	XOR	B$C[2],B$A[4][3],B$A[4][3]
+||	XOR	A$C[3],A$A[0][4],A$A[0][4]
+||	XOR	B$C[3],B$A[0][4],B$A[0][4]
+||	XOR	A$C[3],A$A[1][4],A$A[1][4]
+||	XOR	B$C[3],B$A[1][4],B$A[1][4]
+	XOR	A$C[3],A$A[2][4],A$A[2][4]
+||	XOR	B$C[3],B$A[2][4],B$A[2][4]
+||	XOR	A$C[3],A$A[3][4],A$A[3][4]
+||	XOR	B$C[3],B$A[3][4],B$A[3][4]
+||	XOR	A$C[3],A$A[4][4],A$A[4][4]
+||	XOR	B$C[3],B$A[4][4],B$A[4][4]
+	XOR	A$C[1],A$C[4],A$C[4]		; C[4] ^= ROL64(C[1],1)
+||	XOR	B$C[1],B$C[4],B$C[4]
+||	MV	A$A[0][1],A$C[1]		; Rho+Pi, "early start"
+||	MV	B$A[0][1],B$C[1]
+___
+	&ROL64	($A[1][1],$rhotates[1][1],$A[0][1],"||");
+$code.=<<___;
+	XOR	A$C[4],A$A[0][0],A$A[0][0]
+||	XOR	B$C[4],B$A[0][0],B$A[0][0]
+||	XOR	A$C[4],A$A[1][0],A$A[1][0]
+||	XOR	B$C[4],B$A[1][0],B$A[1][0]
+||	MV	A$A[0][3],A$C[3]
+||	MV	B$A[0][3],B$C[3]
+___
+	&ROL64	($A[3][3],$rhotates[3][3],$A[0][3],"||");
+$code.=<<___;
+	XOR	A$C[4],A$A[2][0],A$A[2][0]
+||	XOR	B$C[4],B$A[2][0],B$A[2][0]
+||	XOR	A$C[4],A$A[3][0],A$A[3][0]
+||	XOR	B$C[4],B$A[3][0],B$A[3][0]
+||	MV	A$A[0][2],A$C[2]
+||	MV	B$A[0][2],B$C[2]
+___
+	&ROL64	($A[2][2],$rhotates[2][2],$A[0][2],"||");
+$code.=<<___;
+	XOR	A$C[4],A$A[4][0],A$A[4][0]
+||	XOR	B$C[4],B$A[4][0],B$A[4][0]
+||	MV	A$A[0][4],A$C[4]
+||	MV	B$A[0][4],B$C[4]
+___
+	&ROL64	($A[4][4],$rhotates[4][4],$A[0][4],"||");
+
+	&ROL64	($A[1][4],$rhotates[1][4],$A[1][1]);
+$code.=<<___;
+||	LDW	*${iotas}++[2],A$C[0]
+___
+	&ROL64	($A[2][3],$rhotates[2][3],$A[2][2]);
+$code.=<<___;
+||	LDW	*${iotas}[-1],B$C[0]
+___
+	&ROL64	($A[3][2],$rhotates[3][2],$A[3][3]);
+	&ROL64	($A[4][1],$rhotates[4][1],$A[4][4]);
+
+	&ROL64	($A[4][2],$rhotates[4][2],$A[1][4]);
+	&ROL64	($A[3][4],$rhotates[3][4],$A[2][3]);
+	&ROL64	($A[2][1],$rhotates[2][1],$A[3][2]);
+	&ROL64	($A[1][3],$rhotates[1][3],$A[4][1]);
+
+	&ROL64	($A[2][4],$rhotates[2][4],$A[4][2]);
+	&ROL64	($A[4][3],$rhotates[4][3],$A[3][4]);
+	&ROL64	($A[1][2],$rhotates[1][2],$A[2][1]);
+	&ROL64	($A[3][1],$rhotates[3][1],$A[1][3]);
+
+	&ROL64	($A[4][0],$rhotates[4][0],$A[2][4]);
+	&ROL64	($A[3][0],$rhotates[3][0],$A[4][3]);
+	&ROL64	($A[2][0],$rhotates[2][0],$A[1][2]);
+	&ROL64	($A[1][0],$rhotates[1][0],$A[3][1]);
+
+	#&ROL64	($C[3],   $rhotates[0][3],$A[1][0]);	# moved below
+	&ROL64	($C[1],   $rhotates[0][1],$A[2][0]);
+	&ROL64	($C[4],   $rhotates[0][4],$A[3][0]);
+	&ROL64	($C[2],   $rhotates[0][2],$A[4][0]);
+$code.=<<___;
+||	ANDN	A$A[0][2],A$A[0][1],A$C[4]	; Chi+Iota
+||	ANDN	B$A[0][2],B$A[0][1],B$C[4]
+||	ANDN	A$A[0][3],A$A[0][2],A$C[1]
+||	ANDN	B$A[0][3],B$A[0][2],B$C[1]
+||	ANDN	A$A[0][4],A$A[0][3],A$C[2]
+||	ANDN	B$A[0][4],B$A[0][3],B$C[2]
+___
+	&ROL64	($C[3],   $rhotates[0][3],$A[1][0]);
+$code.=<<___;
+||	ANDN	A$A[0][0],A$A[0][4],A$C[3]
+||	ANDN	B$A[0][0],B$A[0][4],B$C[3]
+||	XOR	A$C[4],A$A[0][0],A$A[0][0]
+||	XOR	B$C[4],B$A[0][0],B$A[0][0]
+||	ANDN	A$A[0][1],A$A[0][0],A$C[4]
+||	ANDN	B$A[0][1],B$A[0][0],B$C[4]
+	XOR	A$C[1],A$A[0][1],A$A[0][1]
+||	XOR	B$C[1],B$A[0][1],B$A[0][1]
+||	XOR	A$C[2],A$A[0][2],A$A[0][2]
+||	XOR	B$C[2],B$A[0][2],B$A[0][2]
+||	XOR	A$C[3],A$A[0][3],A$A[0][3]
+||	XOR	B$C[3],B$A[0][3],B$A[0][3]
+	XOR	A$C[4],A$A[0][4],A$A[0][4]
+||	XOR	B$C[4],B$A[0][4],B$A[0][4]
+||	XOR	A$C[0],A$A[0][0],A$A[0][0]	; A[0][0] ^= iotas[i++];
+||	XOR	B$C[0],B$A[0][0],B$A[0][0]
+||	EXTU	$iotas,24,24,A0			; A0 is A$C[0], as we done?
+
+	ANDN	A$A[1][2],A$A[1][1],A$C[4]
+||	ANDN	B$A[1][2],B$A[1][1],B$C[4]
+||	ANDN	A$A[1][3],A$A[1][2],A$C[1]
+||	ANDN	B$A[1][3],B$A[1][2],B$C[1]
+||	ANDN	A$A[1][4],A$A[1][3],A$C[2]
+||	ANDN	B$A[1][4],B$A[1][3],B$C[2]
+	ANDN	A$A[1][0],A$A[1][4],A$C[3]
+||	ANDN	B$A[1][0],B$A[1][4],B$C[3]
+||	XOR	A$C[4],A$A[1][0],A$A[1][0]
+||	XOR	B$C[4],B$A[1][0],B$A[1][0]
+||	ANDN	A$A[1][1],A$A[1][0],A$C[4]
+||	ANDN	B$A[1][1],B$A[1][0],B$C[4]
+	XOR	A$C[1],A$A[1][1],A$A[1][1]
+||	XOR	B$C[1],B$A[1][1],B$A[1][1]
+||	XOR	A$C[2],A$A[1][2],A$A[1][2]
+||	XOR	B$C[2],B$A[1][2],B$A[1][2]
+||	XOR	A$C[3],A$A[1][3],A$A[1][3]
+||	XOR	B$C[3],B$A[1][3],B$A[1][3]
+	XOR	A$C[4],A$A[1][4],A$A[1][4]
+||	XOR	B$C[4],B$A[1][4],B$A[1][4]
+
+||	ANDN	A$A[2][2],A$A[2][1],A$C[4]
+||	ANDN	B$A[2][2],B$A[2][1],B$C[4]
+||	ANDN	A$A[2][3],A$A[2][2],A$C[1]
+||	ANDN	B$A[2][3],B$A[2][2],B$C[1]
+	ANDN	A$A[2][4],A$A[2][3],A$C[2]
+||	ANDN	B$A[2][4],B$A[2][3],B$C[2]
+||	ANDN	A$A[2][0],A$A[2][4],A$C[3]
+||	ANDN	B$A[2][0],B$A[2][4],B$C[3]
+||	XOR	A$C[4],A$A[2][0],A$A[2][0]
+||	XOR	B$C[4],B$A[2][0],B$A[2][0]
+	ANDN	A$A[2][1],A$A[2][0],A$C[4]
+||	ANDN	B$A[2][1],B$A[2][0],B$C[4]
+||	XOR	A$C[1],A$A[2][1],A$A[2][1]
+||	XOR	B$C[1],B$A[2][1],B$A[2][1]
+||	XOR	A$C[2],A$A[2][2],A$A[2][2]
+||	XOR	B$C[2],B$A[2][2],B$A[2][2]
+	XOR	A$C[3],A$A[2][3],A$A[2][3]
+||	XOR	B$C[3],B$A[2][3],B$A[2][3]
+||	XOR	A$C[4],A$A[2][4],A$A[2][4]
+||	XOR	B$C[4],B$A[2][4],B$A[2][4]
+
+	ANDN	A$A[3][2],A$A[3][1],A$C[4]
+||	ANDN	B$A[3][2],B$A[3][1],B$C[4]
+||	ANDN	A$A[3][3],A$A[3][2],A$C[1]
+||	ANDN	B$A[3][3],B$A[3][2],B$C[1]
+||	ANDN	A$A[3][4],A$A[3][3],A$C[2]
+||	ANDN	B$A[3][4],B$A[3][3],B$C[2]
+	ANDN	A$A[3][0],A$A[3][4],A$C[3]
+||	ANDN	B$A[3][0],B$A[3][4],B$C[3]
+||	XOR	A$C[4],A$A[3][0],A$A[3][0]
+||	XOR	B$C[4],B$A[3][0],B$A[3][0]
+||	ANDN	A$A[3][1],A$A[3][0],A$C[4]
+||	ANDN	B$A[3][1],B$A[3][0],B$C[4]
+	XOR	A$C[1],A$A[3][1],A$A[3][1]
+||	XOR	B$C[1],B$A[3][1],B$A[3][1]
+||	XOR	A$C[2],A$A[3][2],A$A[3][2]
+||	XOR	B$C[2],B$A[3][2],B$A[3][2]
+||	XOR	A$C[3],A$A[3][3],A$A[3][3]
+||[A0]	BNOP	loop?
+	XOR	B$C[3],B$A[3][3],B$A[3][3]
+||	XOR	A$C[4],A$A[3][4],A$A[3][4]
+||	XOR	B$C[4],B$A[3][4],B$A[3][4]
+||[!A0]	LDDW	*FP[-7],A3:A2
+||[!A0]	LDDW	*SP[4], RA:B2
+
+	ANDN	A$A[4][2],A$A[4][1],A$C[4]
+||	ANDN	B$A[4][2],B$A[4][1],B$C[4]
+||	ANDN	A$A[4][3],A$A[4][2],A$C[1]
+||	ANDN	B$A[4][3],B$A[4][2],B$C[1]
+||	ANDN	A$A[4][4],A$A[4][3],A$C[2]
+||	ANDN	B$A[4][4],B$A[4][3],B$C[2]
+	ANDN	A$A[4][0],A$A[4][4],A$C[3]
+||	ANDN	B$A[4][0],B$A[4][4],B$C[3]
+||	XOR	A$C[4],A$A[4][0],A$A[4][0]
+||	XOR	B$C[4],B$A[4][0],B$A[4][0]
+||	ANDN	A$A[4][1],A$A[4][0],A$C[4]
+||	ANDN	B$A[4][1],B$A[4][0],B$C[4]
+	XOR	A$C[1],A$A[4][1],A$A[4][1]
+||	XOR	B$C[1],B$A[4][1],B$A[4][1]
+||	XOR	A$C[2],A$A[4][2],A$A[4][2]
+||	XOR	B$C[2],B$A[4][2],B$A[4][2]
+||	XOR	A$C[3],A$A[4][3],A$A[4][3]
+||	XOR	B$C[3],B$A[4][3],B$A[4][3]
+	XOR	A$C[4],A$A[4][4],A$A[4][4]
+||	XOR	B$C[4],B$A[4][4],B$A[4][4]
+;;===== branch to loop? is taken here
+
+	BNOP	RA,5
+	.endasmfunc
+
+	.newblock
+	.global	_KeccakF1600
+	.align	32
+_KeccakF1600:
+	.asmfunc stack_usage(80)
+	STW	FP,*SP--(80)			; save frame pointer
+||	MV	SP,FP
+	STDW	B13:B12,*SP[9]
+||	STDW	A13:A12,*FP[-4]
+	STDW	B11:B10,*SP[8]
+||	STDW	A11:A10,*FP[-5]
+	STW	RA, *SP[15]
+||	STW	A14,*FP[-6]
+||	MV	A4,A2
+||	ADD	4,A4,B2
+
+	LDW	*A2++[2],A$A[0][0]		; load A[5][5]
+||	LDW	*B2++[2],B$A[0][0]
+	LDW	*A2++[2],A$A[0][1]
+||	LDW	*B2++[2],B$A[0][1]
+	LDW	*A2++[2],A$A[0][2]
+||	LDW	*B2++[2],B$A[0][2]
+	LDW	*A2++[2],A$A[0][3]
+||	LDW	*B2++[2],B$A[0][3]
+	LDW	*A2++[2],A$A[0][4]
+||	LDW	*B2++[2],B$A[0][4]
+
+	LDW	*A2++[2],A$A[1][0]
+||	LDW	*B2++[2],B$A[1][0]
+	LDW	*A2++[2],A$A[1][1]
+||	LDW	*B2++[2],B$A[1][1]
+	LDW	*A2++[2],A$A[1][2]
+||	LDW	*B2++[2],B$A[1][2]
+	LDW	*A2++[2],A$A[1][3]
+||	LDW	*B2++[2],B$A[1][3]
+	LDW	*A2++[2],A$A[1][4]
+||	LDW	*B2++[2],B$A[1][4]
+
+	LDW	*A2++[2],A$A[2][0]
+||	LDW	*B2++[2],B$A[2][0]
+	LDW	*A2++[2],A$A[2][1]
+||	LDW	*B2++[2],B$A[2][1]
+	LDW	*A2++[2],A$A[2][2]
+||	LDW	*B2++[2],B$A[2][2]
+	LDW	*A2++[2],A$A[2][3]
+||	LDW	*B2++[2],B$A[2][3]
+	LDW	*A2++[2],A$A[2][4]
+||	LDW	*B2++[2],B$A[2][4]
+
+	LDW	*A2++[2],A$A[3][0]
+||	LDW	*B2++[2],B$A[3][0]
+	LDW	*A2++[2],A$A[3][1]
+||	LDW	*B2++[2],B$A[3][1]
+	LDW	*A2++[2],A$A[3][2]
+||	LDW	*B2++[2],B$A[3][2]
+	LDW	*A2++[2],A$A[3][3]
+||	LDW	*B2++[2],B$A[3][3]
+	LDW	*A2++[2],A$A[3][4]
+||	LDW	*B2++[2],B$A[3][4]
+||	BNOP	_KeccakF1600_int
+
+	ADDKPC	ret?,RA
+||	LDW	*A2++[2],A$A[4][0]
+||	LDW	*B2++[2],B$A[4][0]
+	LDW	*A2++[2],A$A[4][1]
+||	LDW	*B2++[2],B$A[4][1]
+	LDW	*A2++[2],A$A[4][2]
+||	LDW	*B2++[2],B$A[4][2]
+	LDW	*A2++[2],A$A[4][3]
+||	LDW	*B2++[2],B$A[4][3]
+	LDW	*A2,A$A[4][4]
+||	LDW	*B2,B$A[4][4]
+||	ADDK	-192,A2				; rewind
+||	ADDK	-192,B2
+
+	.align	16
+ret?:
+	STW	A$A[0][0],*A2++[2]		; store A[5][5]
+||	STW	B$A[0][0],*B2++[2]
+	STW	A$A[0][1],*A2++[2]
+||	STW	B$A[0][1],*B2++[2]
+	STW	A$A[0][2],*A2++[2]
+||	STW	B$A[0][2],*B2++[2]
+	STW	A$A[0][3],*A2++[2]
+||	STW	B$A[0][3],*B2++[2]
+	STW	A$A[0][4],*A2++[2]
+||	STW	B$A[0][4],*B2++[2]
+
+	STW	A$A[1][0],*A2++[2]
+||	STW	B$A[1][0],*B2++[2]
+	STW	A$A[1][1],*A2++[2]
+||	STW	B$A[1][1],*B2++[2]
+	STW	A$A[1][2],*A2++[2]
+||	STW	B$A[1][2],*B2++[2]
+	STW	A$A[1][3],*A2++[2]
+||	STW	B$A[1][3],*B2++[2]
+	STW	A$A[1][4],*A2++[2]
+||	STW	B$A[1][4],*B2++[2]
+
+	STW	A$A[2][0],*A2++[2]
+||	STW	B$A[2][0],*B2++[2]
+	STW	A$A[2][1],*A2++[2]
+||	STW	B$A[2][1],*B2++[2]
+	STW	A$A[2][2],*A2++[2]
+||	STW	B$A[2][2],*B2++[2]
+	STW	A$A[2][3],*A2++[2]
+||	STW	B$A[2][3],*B2++[2]
+	STW	A$A[2][4],*A2++[2]
+||	STW	B$A[2][4],*B2++[2]
+
+	STW	A$A[3][0],*A2++[2]
+||	STW	B$A[3][0],*B2++[2]
+	STW	A$A[3][1],*A2++[2]
+||	STW	B$A[3][1],*B2++[2]
+	STW	A$A[3][2],*A2++[2]
+||	STW	B$A[3][2],*B2++[2]
+	STW	A$A[3][3],*A2++[2]
+||	STW	B$A[3][3],*B2++[2]
+	STW	A$A[3][4],*A2++[2]
+||	STW	B$A[3][4],*B2++[2]
+
+	LDW	*SP[15],RA
+||	LDW	*FP[-6],A14
+
+	STW	A$A[4][0],*A2++[2]
+||	STW	B$A[4][0],*B2++[2]
+	STW	A$A[4][1],*A2++[2]
+||	STW	B$A[4][1],*B2++[2]
+	STW	A$A[4][2],*A2++[2]
+||	STW	B$A[4][2],*B2++[2]
+	STW	A$A[4][3],*A2++[2]
+||	STW	B$A[4][3],*B2++[2]
+	STW	A$A[4][4],*A2
+||	STW	B$A[4][4],*B2
+||	ADDK	-192,A2				; rewind
+
+	MV	A2,A4				; return original A4
+||	LDDW	*SP[8], B11:B10
+||	LDDW	*FP[-5],A11:A10
+	LDDW	*SP[9], B13:B12
+||	LDDW	*FP[-4],A13:A12
+||	BNOP	RA
+	LDW	*++SP(80),FP			; restore frame pointer
+	NOP	4				; wait till FP is committed
+	.endasmfunc
+
+	.newblock
+	.asg	B2,BSZ
+	.asg	A2,INP
+	.asg	A3,LEN
+	.global	_SHA3_absorb
+	.align	32
+_SHA3_absorb:
+	.asmfunc stack_usage(80)
+	STW	FP,*SP--(80)			; save frame pointer
+||	MV	SP,FP
+	STDW	B13:B12,*SP[9]
+||	STDW	A13:A12,*FP[-4]
+	STDW	B11:B10,*SP[8]
+||	STDW	A11:A10,*FP[-5]
+	STW	RA, *SP[15]
+||	STW	A14,*FP[-6]
+
+	STW	A4,*SP[1]			; save A[][]
+||	MV	B4,INP				; reassign arguments
+||	MV	A6,LEN
+||	MV	B6,BSZ
+||	ADD	4,A4,B4
+
+	LDW	*A4++[2],A$A[0][0]		; load A[5][5]
+||	LDW	*B4++[2],B$A[0][0]
+	LDW	*A4++[2],A$A[0][1]
+||	LDW	*B4++[2],B$A[0][1]
+	LDW	*A4++[2],A$A[0][2]
+||	LDW	*B4++[2],B$A[0][2]
+	LDW	*A4++[2],A$A[0][3]
+||	LDW	*B4++[2],B$A[0][3]
+	LDW	*A4++[2],A$A[0][4]
+||	LDW	*B4++[2],B$A[0][4]
+
+	LDW	*A4++[2],A$A[1][0]
+||	LDW	*B4++[2],B$A[1][0]
+	LDW	*A4++[2],A$A[1][1]
+||	LDW	*B4++[2],B$A[1][1]
+	LDW	*A4++[2],A$A[1][2]
+||	LDW	*B4++[2],B$A[1][2]
+	LDW	*A4++[2],A$A[1][3]
+||	LDW	*B4++[2],B$A[1][3]
+	LDW	*A4++[2],A$A[1][4]
+||	LDW	*B4++[2],B$A[1][4]
+
+	LDW	*A4++[2],A$A[2][0]
+||	LDW	*B4++[2],B$A[2][0]
+	LDW	*A4++[2],A$A[2][1]
+||	LDW	*B4++[2],B$A[2][1]
+	LDW	*A4++[2],A$A[2][2]
+||	LDW	*B4++[2],B$A[2][2]
+	LDW	*A4++[2],A$A[2][3]
+||	LDW	*B4++[2],B$A[2][3]
+	LDW	*A4++[2],A$A[2][4]
+||	LDW	*B4++[2],B$A[2][4]
+
+	LDW	*A4++[2],A$A[3][0]
+||	LDW	*B4++[2],B$A[3][0]
+	LDW	*A4++[2],A$A[3][1]
+||	LDW	*B4++[2],B$A[3][1]
+	LDW	*A4++[2],A$A[3][2]
+||	LDW	*B4++[2],B$A[3][2]
+	LDW	*A4++[2],A$A[3][3]
+||	LDW	*B4++[2],B$A[3][3]
+	LDW	*A4++[2],A$A[3][4]
+||	LDW	*B4++[2],B$A[3][4]
+
+	LDW	*A4++[2],A$A[4][0]
+||	LDW	*B4++[2],B$A[4][0]
+	LDW	*A4++[2],A$A[4][1]
+||	LDW	*B4++[2],B$A[4][1]
+	LDW	*A4++[2],A$A[4][2]
+||	LDW	*B4++[2],B$A[4][2]
+	LDW	*A4++[2],A$A[4][3]
+||	LDW	*B4++[2],B$A[4][3]
+	LDW	*A4,A$A[4][4]
+||	LDW	*B4,B$A[4][4]
+||	ADDKPC	loop?,RA
+	STDW	RA:BSZ,*SP[4]
+
+loop?:
+	CMPLTU	LEN,BSZ,A0			; len < bsz?
+||	SHRU	BSZ,3,BSZ
+  [A0]	BNOP	ret?
+||[A0]	ZERO	BSZ
+||[A0]	LDW	*SP[1],A2			; pull A[][]
+  [BSZ]	LDNDW	*INP++,A1:A0
+||[BSZ]	SUB	LEN,8,LEN
+||[BSZ]	SUB	BSZ,1,BSZ
+	NOP	4
+___
+for ($y = 0; $y < 5; $y++) {
+    for ($x = 0; $x < ($y<4 ? 5 : 4); $x++) {
+$code.=<<___;
+	.if	.BIG_ENDIAN
+	SWAP2	A0,A1
+||	SWAP2	A1,A0
+	SWAP4	A0,A0
+	SWAP4	A1,A1
+||[!BSZ]BNOP	_KeccakF1600_cheat
+||[!BSZ]STDW	LEN:INP,*SP[3]
+||	DEAL	A0,A0
+	.else
+  [!BSZ]BNOP	_KeccakF1600_cheat
+||[!BSZ]STDW	LEN:INP,*SP[3]
+||	DEAL	A0,A0
+	.endif
+  [BSZ]	LDNDW	*INP++,A1:A0
+||	DEAL	A1,A1
+  [BSZ]	SUB	LEN,8,LEN
+||[BSZ]	SUB	BSZ,1,BSZ
+	PACK2	A1,A0,A0
+||	PACKH2	A1,A0,A1
+	XOR	A0,A$A[$y][$x],A$A[$y][$x]
+	XOR	A1,B$A[$y][$x],B$A[$y][$x]
+___
+    }
+}
+$code.=<<___;
+	.if	.BIG_ENDIAN
+	SWAP2	A0,A1
+||	SWAP2	A1,A0
+	SWAP4	A0,A0
+	SWAP4	A1,A1
+	.endif
+	BNOP	_KeccakF1600_cheat
+||	STDW	LEN:INP,*SP[3]
+||	DEAL	A0,A0
+	DEAL	A1,A1
+	NOP
+	PACK2	A1,A0,A0
+||	PACKH2	A1,A0,A1
+	XOR	A0,A$A[4][4],A$A[4][4]
+	XOR	A1,B$A[4][4],B$A[4][4]
+
+	.align	16
+ret?:
+	MV	LEN,A4				; return value
+||	ADD	4,A2,B2
+
+	STW	A$A[0][0],*A2++[2]		; store A[5][5]
+||	STW	B$A[0][0],*B2++[2]
+	STW	A$A[0][1],*A2++[2]
+||	STW	B$A[0][1],*B2++[2]
+	STW	A$A[0][2],*A2++[2]
+||	STW	B$A[0][2],*B2++[2]
+	STW	A$A[0][3],*A2++[2]
+||	STW	B$A[0][3],*B2++[2]
+	STW	A$A[0][4],*A2++[2]
+||	STW	B$A[0][4],*B2++[2]
+
+	STW	A$A[1][0],*A2++[2]
+||	STW	B$A[1][0],*B2++[2]
+	STW	A$A[1][1],*A2++[2]
+||	STW	B$A[1][1],*B2++[2]
+	STW	A$A[1][2],*A2++[2]
+||	STW	B$A[1][2],*B2++[2]
+	STW	A$A[1][3],*A2++[2]
+||	STW	B$A[1][3],*B2++[2]
+	STW	A$A[1][4],*A2++[2]
+||	STW	B$A[1][4],*B2++[2]
+
+	STW	A$A[2][0],*A2++[2]
+||	STW	B$A[2][0],*B2++[2]
+	STW	A$A[2][1],*A2++[2]
+||	STW	B$A[2][1],*B2++[2]
+	STW	A$A[2][2],*A2++[2]
+||	STW	B$A[2][2],*B2++[2]
+	STW	A$A[2][3],*A2++[2]
+||	STW	B$A[2][3],*B2++[2]
+	STW	A$A[2][4],*A2++[2]
+||	STW	B$A[2][4],*B2++[2]
+
+	LDW	*SP[15],RA
+||	LDW	*FP[-6],A14
+
+	STW	A$A[3][0],*A2++[2]
+||	STW	B$A[3][0],*B2++[2]
+	STW	A$A[3][1],*A2++[2]
+||	STW	B$A[3][1],*B2++[2]
+	STW	A$A[3][2],*A2++[2]
+||	STW	B$A[3][2],*B2++[2]
+	STW	A$A[3][3],*A2++[2]
+||	STW	B$A[3][3],*B2++[2]
+	STW	A$A[3][4],*A2++[2]
+||	STW	B$A[3][4],*B2++[2]
+
+	LDDW	*SP[8], B11:B10
+||	LDDW	*FP[-5],A11:A10
+	LDDW	*SP[9], B13:B12
+||	LDDW	*FP[-4],A13:A12
+	BNOP	RA
+||	LDW	*++SP(80),FP			; restore frame pointer
+
+	STW	A$A[4][0],*A2++[2]
+||	STW	B$A[4][0],*B2++[2]
+	STW	A$A[4][1],*A2++[2]
+||	STW	B$A[4][1],*B2++[2]
+	STW	A$A[4][2],*A2++[2]
+||	STW	B$A[4][2],*B2++[2]
+	STW	A$A[4][3],*A2++[2]
+||	STW	B$A[4][3],*B2++[2]
+	STW	A$A[4][4],*A2++[2]
+||	STW	B$A[4][4],*B2++[2]
+	.endasmfunc
+
+	.newblock
+	.global	_SHA3_squeeze
+	.asg	A12,OUT
+	.asg	A13,LEN
+	.asg	A14,BSZ
+	.align	32
+_SHA3_squeeze:
+	.asmfunc stack_usage(24)
+	STW	FP,*SP--(24)			; save frame pointer
+||	MV	SP,FP
+	STW	RA, *SP[5]
+||	STW	A14,*FP[-2]
+	STDW	A13:A12,*FP[-2]
+||	MV	B4,OUT				; reassign arguments
+	MV	A6,LEN
+||	MV	B6,BSZ
+
+loop?:
+	LDW	*SP[5],RA			; reload RA
+||	SHRU	BSZ,3,A1
+||	MV	A4,A8
+||	ADD	4,A4,B8
+block?:
+	CMPLTU	LEN,8,A0			; len < 8?
+  [A0]	BNOP	tail?
+	LDW	*A8++[2],A9
+||	LDW	*B8++[2],B9
+||	SUB	LEN,8,LEN			; len -= 8
+	MV	LEN,A0
+||	SUB	A1,1,A1				; bsz--
+||	NOP	4
+	.if	.BIG_ENDIAN
+	SWAP4	A9,A9
+||	SWAP4	B9,B9
+	SWAP2	A9,A9
+||	SWAP2	B9,B9
+	.endif
+  [!A0]	BNOP	ret?
+||[!A0]	ZERO	A1
+	PACK2	B9,A9,B7
+||[A1]	BNOP	block?
+	PACKH2	B9,A9,B9
+||	SHFL	B7,B7
+	SHFL	B9,B9
+	STNW	B7,*OUT++
+	STNW	B9,*OUT++
+	NOP
+
+	BNOP	_KeccakF1600,4
+	ADDKPC	loop?,RA
+
+	.align	16
+tail?:
+	.if	.BIG_ENDIAN
+	SWAP4	A9,A9
+||	SWAP4	B9,B9
+	SWAP2	A9,A9
+||	SWAP2	B9,B9
+	.endif
+	PACK2	B9,A9,B7
+	PACKH2	B9,A9,B9
+||	SHFL	B7,B7
+	SHFL	B9,B9
+
+	STB	B7,*OUT++
+||	SHRU	B7,8,B7
+||	ADD	LEN,7,A0
+  [A0]	STB	B7,*OUT++
+||[A0]	SHRU	B7,8,B7
+||[A0]	SUB	A0,1,A0
+  [A0]	STB	B7,*OUT++
+||[A0]	SHRU	B7,8,B7
+||[A0]	SUB	A0,1,A0
+  [A0]	STB	B7,*OUT++
+||[A0]	SUB	A0,1,A0
+  [A0]	STB	B9,*OUT++
+||[A0]	SHRU	B9,8,B9
+||[A0]	SUB	A0,1,A0
+  [A0]	STB	B9,*OUT++
+||[A0]	SHRU	B9,8,B9
+||[A0]	SUB	A0,1,A0
+  [A0]	STB	B9,*OUT++
+
+ret?:
+	LDDW	*FP[-2],A13:A12
+	BNOP	RA
+||	LDW	*FP[-2],A14
+	LDW	*++SP(24),FP			; restore frame pointer
+	NOP	4				; wait till FP is committed
+	.endasmfunc
+
+	.if	__TI_EABI__
+	.sect	".text:sha_asm.const"
+	.else
+	.sect	".const:sha_asm"
+	.endif
+	.align	256
+	.uword	0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
+iotas:
+	.uword	0x00000001, 0x00000000
+	.uword	0x00000000, 0x00000089
+	.uword	0x00000000, 0x8000008b
+	.uword	0x00000000, 0x80008080
+	.uword	0x00000001, 0x0000008b
+	.uword	0x00000001, 0x00008000
+	.uword	0x00000001, 0x80008088
+	.uword	0x00000001, 0x80000082
+	.uword	0x00000000, 0x0000000b
+	.uword	0x00000000, 0x0000000a
+	.uword	0x00000001, 0x00008082
+	.uword	0x00000000, 0x00008003
+	.uword	0x00000001, 0x0000808b
+	.uword	0x00000001, 0x8000000b
+	.uword	0x00000001, 0x8000008a
+	.uword	0x00000001, 0x80000081
+	.uword	0x00000000, 0x80000081
+	.uword	0x00000000, 0x80000008
+	.uword	0x00000000, 0x00000083
+	.uword	0x00000000, 0x80008003
+	.uword	0x00000001, 0x80008088
+	.uword	0x00000000, 0x80000088
+	.uword	0x00000001, 0x00008000
+	.uword	0x00000000, 0x80008082
+
+	.cstring "Keccak-1600 absorb and squeeze for C64x, CRYPTOGAMS by <appro\@openssl.org>"
+	.align	4
+___
+
+$output=pop;
+open STDOUT,">$output";
+print $code;
+close STDOUT;
diff --git a/deps/openssl/openssl/crypto/sha/asm/keccak1600-mmx.pl b/deps/openssl/openssl/crypto/sha/asm/keccak1600-mmx.pl
new file mode 100755
index 0000000000..c7685add79
--- /dev/null
+++ b/deps/openssl/openssl/crypto/sha/asm/keccak1600-mmx.pl
@@ -0,0 +1,440 @@
+#!/usr/bin/env perl
+# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# Keccak-1600 for x86 MMX.
+#
+# June 2017.
+#
+# Below code is KECCAK_2X implementation (see sha/keccak1600.c) with
+# C[5] held in register bank and D[5] offloaded to memory. Though
+# instead of actually unrolling the loop pair-wise I simply flip
+# pointers to T[][] and A[][] and the end of round. Since number of
+# rounds is even, last round writes to A[][] and everything works out.
+# It's argued that MMX is the only code path meaningful to implement
+# for x86. This is because non-MMX-capable processors is an extinct
+# breed, and they as well can lurk executing compiler-generated code.
+# For reference gcc-5.x-generated KECCAK_2X code takes 89 cycles per
+# processed byte on Pentium. Which is fair result. But older compilers
+# produce worse code. On the other hand one can wonder why not 128-bit
+# SSE2? Well, SSE2 won't provide double improvement, rather far from
+# that, if any at all on some processors, because it will take extra
+# permutations and inter-bank data trasfers. Besides, contemporary
+# CPUs are better off executing 64-bit code, and it makes lesser sense
+# to invest into fancy 32-bit code. And the decision doesn't seem to
+# be inadequate, if one compares below results to "64-bit platforms in
+# 32-bit mode" SIMD data points available at
+# http://keccak.noekeon.org/sw_performance.html.
+#
+########################################################################
+# Numbers are cycles per processed byte out of large message.
+#
+#			r=1088(i)
+#
+# PIII			30/+150%
+# Pentium M		27/+150%
+# P4			40/+85%
+# Core 2		19/+170%
+# Sandy Bridge(ii)	18/+140%
+# Atom			33/+180%
+# Silvermont(ii)	30/+180%
+# VIA Nano(ii)		43/+60%
+# Sledgehammer(ii)(iii)	24/+130%
+#
+# (i)	Corresponds to SHA3-256. Numbers after slash are improvement
+#	coefficients over KECCAK_2X [with bit interleave and lane
+#	complementing] position-independent *scalar* code generated
+#	by gcc-5.x. It's not exactly fair comparison, but it's a
+#	datapoint...
+# (ii)	64-bit processor executing 32-bit code.
+# (iii)	Result is considered to be representative even for older AMD
+#	processors.
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+
+$output=pop;
+open STDOUT,">$output";
+
+&asm_init($ARGV[0],$ARGV[$#ARGV] eq "386");
+
+my @C = map("mm$_",(0..4));
+my @T = map("mm$_",(5..7));
+my @A = map([ 8*$_-100, 8*($_+1)-100, 8*($_+2)-100,
+              8*($_+3)-100, 8*($_+4)-100 ], (0,5,10,15,20));
+my @D = map(8*$_+4, (0..4));
+my @rhotates = ([  0,  1, 62, 28, 27 ],
+                [ 36, 44,  6, 55, 20 ],
+                [  3, 10, 43, 25, 39 ],
+                [ 41, 45, 15, 21,  8 ],
+                [ 18,  2, 61, 56, 14 ]);
+
+&static_label("iotas");
+
+&function_begin_B("_KeccakF1600");
+	&movq	(@C[0],&QWP($A[4][0],"esi"));
+	&movq	(@C[1],&QWP($A[4][1],"esi"));
+	&movq	(@C[2],&QWP($A[4][2],"esi"));
+	&movq	(@C[3],&QWP($A[4][3],"esi"));
+	&movq	(@C[4],&QWP($A[4][4],"esi"));
+
+	&mov	("ecx",24);			# loop counter
+	&jmp	(&label("loop"));
+
+    &set_label("loop",16);
+	######################################### Theta
+	&pxor	(@C[0],&QWP($A[0][0],"esi"));
+	&pxor	(@C[1],&QWP($A[0][1],"esi"));
+	&pxor	(@C[2],&QWP($A[0][2],"esi"));
+	&pxor	(@C[3],&QWP($A[0][3],"esi"));
+	&pxor	(@C[4],&QWP($A[0][4],"esi"));
+
+	&pxor	(@C[0],&QWP($A[1][0],"esi"));
+	&pxor	(@C[1],&QWP($A[1][1],"esi"));
+	&pxor	(@C[2],&QWP($A[1][2],"esi"));
+	&pxor	(@C[3],&QWP($A[1][3],"esi"));
+	&pxor	(@C[4],&QWP($A[1][4],"esi"));
+
+	&pxor	(@C[0],&QWP($A[2][0],"esi"));
+	&pxor	(@C[1],&QWP($A[2][1],"esi"));
+	&pxor	(@C[2],&QWP($A[2][2],"esi"));
+	&pxor	(@C[3],&QWP($A[2][3],"esi"));
+	&pxor	(@C[4],&QWP($A[2][4],"esi"));
+
+	&pxor	(@C[2],&QWP($A[3][2],"esi"));
+	&pxor	(@C[0],&QWP($A[3][0],"esi"));
+	&pxor	(@C[1],&QWP($A[3][1],"esi"));
+	&pxor	(@C[3],&QWP($A[3][3],"esi"));
+	 &movq	(@T[0],@C[2]);
+	&pxor	(@C[4],&QWP($A[3][4],"esi"));
+
+	 &movq	(@T[2],@C[2]);
+	 &psrlq	(@T[0],63);
+	&movq	(@T[1],@C[0]);
+	 &psllq	(@T[2],1);
+	 &pxor	(@T[0],@C[0]);
+	&psrlq	(@C[0],63);
+	 &pxor	(@T[0],@T[2]);
+	&psllq	(@T[1],1);
+	 &movq	(@T[2],@C[1]);
+	 &movq	(&QWP(@D[1],"esp"),@T[0]);	# D[1] = E[0] = ROL64(C[2], 1) ^ C[0];
+
+	&pxor	(@T[1],@C[0]);
+	 &psrlq	(@T[2],63);
+	&pxor	(@T[1],@C[3]);
+	 &movq	(@C[0],@C[1]);
+	&movq	(&QWP(@D[4],"esp"),@T[1]);	# D[4] = E[1] = ROL64(C[0], 1) ^ C[3];
+
+	 &psllq	(@C[0],1);
+	 &pxor	(@T[2],@C[4]);
+	 &pxor	(@C[0],@T[2]);
+
+	&movq	(@T[2],@C[3]);
+	&psrlq	(@C[3],63);
+	 &movq	(&QWP(@D[0],"esp"),@C[0]);	# D[0] = C[0] = ROL64(C[1], 1) ^ C[4];
+	&psllq	(@T[2],1);
+	 &movq	(@T[0],@C[4]);
+	 &psrlq	(@C[4],63);
+	&pxor	(@C[1],@C[3]);
+	 &psllq	(@T[0],1);
+	&pxor	(@C[1],@T[2]);
+	 &pxor	(@C[2],@C[4]);
+	&movq	(&QWP(@D[2],"esp"),@C[1]);	# D[2] = C[1] = ROL64(C[3], 1) ^ C[1];
+	 &pxor	(@C[2],@T[0]);
+
+	######################################### first Rho(0) is special
+	&movq	(@C[3],&QWP($A[3][3],"esi"));
+	 &movq	(&QWP(@D[3],"esp"),@C[2]);	# D[3] = C[2] = ROL64(C[4], 1) ^ C[2];
+	&pxor	(@C[3],@C[2]);
+	 &movq	(@C[4],&QWP($A[4][4],"esi"));
+	&movq	(@T[2],@C[3]);
+	&psrlq	(@C[3],64-$rhotates[3][3]);
+	 &pxor	(@C[4],@T[1]);
+	&psllq	(@T[2],$rhotates[3][3]);
+	 &movq	(@T[1],@C[4]);
+	 &psrlq	(@C[4],64-$rhotates[4][4]);
+	&por	(@C[3],@T[2]);		# C[3] = ROL64(A[3][3] ^ C[2], rhotates[3][3]);   /* D[3] */
+	 &psllq	(@T[1],$rhotates[4][4]);
+
+	&movq	(@C[2],&QWP($A[2][2],"esi"));
+	 &por	(@C[4],@T[1]);		# C[4] = ROL64(A[4][4] ^ E[1], rhotates[4][4]);   /* D[4] */
+	&pxor	(@C[2],@C[1]);
+	 &movq	(@C[1],&QWP($A[1][1],"esi"));
+	&movq	(@T[1],@C[2]);
+	&psrlq	(@C[2],64-$rhotates[2][2]);
+	 &pxor	(@C[1],&QWP(@D[1],"esp"));
+	&psllq	(@T[1],$rhotates[2][2]);
+
+	 &movq	(@T[2],@C[1]);
+	 &psrlq	(@C[1],64-$rhotates[1][1]);
+	&por	(@C[2],@T[1]);		# C[2] = ROL64(A[2][2] ^ C[1], rhotates[2][2]);   /* D[2] */
+	 &psllq	(@T[2],$rhotates[1][1]);
+	&pxor	(@C[0],&QWP($A[0][0],"esi")); # /* rotate by 0 */  /* D[0] */
+	 &por	(@C[1],@T[2]);		# C[1] = ROL64(A[1][1] ^ D[1], rhotates[1][1]);
+
+sub Chi() {				######### regular Chi step
+    my ($y,$xrho) = @_;
+
+	&movq	(@T[0],@C[1]);
+	 &movq	(@T[1],@C[2]);
+	&pandn	(@T[0],@C[2]);
+	 &pandn	(@C[2],@C[3]);
+	&pxor	(@T[0],@C[0]);
+	 &pxor	(@C[2],@C[1]);
+	&pxor	(@T[0],&QWP(0,"ebx"))		if ($y == 0);
+	&lea	("ebx",&DWP(8,"ebx"))		if ($y == 0);
+
+	&movq	(@T[2],@C[3]);
+	&movq	(&QWP($A[$y][0],"edi"),@T[0]);	# R[0][0] = C[0] ^ (~C[1] & C[2]) ^ iotas[i];
+	 &movq	(@T[0],@C[4]);
+	&pandn	(@C[3],@C[4]);
+	 &pandn	(@C[4],@C[0]);
+	&pxor	(@C[3],@T[1]);
+	 &movq	(&QWP($A[$y][1],"edi"),@C[2]);	# R[0][1] = C[1] ^ (~C[2] & C[3]);
+	 &pxor	(@C[4],@T[2]);
+	  &movq	(@T[2],&QWP($A[0][$xrho],"esi"))	if (defined($xrho));
+
+	 &movq	(&QWP($A[$y][2],"edi"),@C[3]);	# R[0][2] = C[2] ^ (~C[3] & C[4]);
+	&pandn	(@C[0],@C[1]);
+	 &movq	(&QWP($A[$y][3],"edi"),@C[4]);	# R[0][3] = C[3] ^ (~C[4] & C[0]);
+	&pxor	(@C[0],@T[0]);
+	  &pxor	(@T[2],&QWP(@D[$xrho],"esp"))		if (defined($xrho));
+	&movq	(&QWP($A[$y][4],"edi"),@C[0]);	# R[0][4] = C[4] ^ (~C[0] & C[1]);
+}
+	&Chi	(0, 3);
+
+sub Rho() {				######### regular Rho step
+    my $x = shift;
+
+	#&movq	(@T[2],&QWP($A[0][$x],"esi"));	# moved to Chi
+	#&pxor	(@T[2],&QWP(@D[$x],"esp"));	# moved to Chi
+	&movq	(@C[0],@T[2]);
+	&psrlq	(@T[2],64-$rhotates[0][$x]);
+	 &movq	(@C[1],&QWP($A[1][($x+1)%5],"esi"));
+	&psllq	(@C[0],$rhotates[0][$x]);
+	 &pxor	(@C[1],&QWP(@D[($x+1)%5],"esp"));
+	&por	(@C[0],@T[2]);		# C[0] = ROL64(A[0][3] ^ D[3], rhotates[0][3]);
+
+	 &movq	(@T[1],@C[1]);
+	 &psrlq	(@C[1],64-$rhotates[1][($x+1)%5]);
+	&movq	(@C[2],&QWP($A[2][($x+2)%5],"esi"));
+	 &psllq	(@T[1],$rhotates[1][($x+1)%5]);
+	&pxor	(@C[2],&QWP(@D[($x+2)%5],"esp"));
+	 &por	(@C[1],@T[1]);		# C[1] = ROL64(A[1][4] ^ D[4], rhotates[1][4]);
+
+	&movq	(@T[2],@C[2]);
+	&psrlq	(@C[2],64-$rhotates[2][($x+2)%5]);
+	 &movq	(@C[3],&QWP($A[3][($x+3)%5],"esi"));
+	&psllq	(@T[2],$rhotates[2][($x+2)%5]);
+	 &pxor	(@C[3],&QWP(@D[($x+3)%5],"esp"));
+	&por	(@C[2],@T[2]);		# C[2] = ROL64(A[2][0] ^ D[0], rhotates[2][0]);
+
+	 &movq	(@T[0],@C[3]);
+	 &psrlq	(@C[3],64-$rhotates[3][($x+3)%5]);
+	&movq	(@C[4],&QWP($A[4][($x+4)%5],"esi"));
+	 &psllq	(@T[0],$rhotates[3][($x+3)%5]);
+	&pxor	(@C[4],&QWP(@D[($x+4)%5],"esp"));
+	 &por	(@C[3],@T[0]);		# C[3] = ROL64(A[3][1] ^ D[1], rhotates[3][1]);
+
+	&movq	(@T[1],@C[4]);
+	&psrlq	(@C[4],64-$rhotates[4][($x+4)%5]);
+	&psllq	(@T[1],$rhotates[4][($x+4)%5]);
+	&por	(@C[4],@T[1]);		# C[4] = ROL64(A[4][2] ^ D[2], rhotates[4][2]);
+}
+	&Rho	(3);	&Chi	(1, 1);
+	&Rho	(1);	&Chi	(2, 4);
+	&Rho	(4);	&Chi	(3, 2);
+	&Rho	(2);	###&Chi	(4);
+
+	&movq	(@T[0],@C[0]);		######### last Chi(4) is special
+	 &xor	("edi","esi");		# &xchg	("esi","edi");
+	&movq	(&QWP(@D[1],"esp"),@C[1]);
+	 &xor	("esi","edi");
+	 &xor	("edi","esi");
+
+	&movq	(@T[1],@C[1]);
+	 &movq	(@T[2],@C[2]);
+	&pandn	(@T[1],@C[2]);
+	 &pandn	(@T[2],@C[3]);
+	&pxor	(@C[0],@T[1]);
+	 &pxor	(@C[1],@T[2]);
+
+	&movq	(@T[1],@C[3]);
+	 &movq	(&QWP($A[4][0],"esi"),@C[0]);	# R[4][0] = C[0] ^= (~C[1] & C[2]);
+	&pandn	(@T[1],@C[4]);
+	 &movq	(&QWP($A[4][1],"esi"),@C[1]);	# R[4][1] = C[1] ^= (~C[2] & C[3]);
+	&pxor	(@C[2],@T[1]);
+	 &movq	(@T[2],@C[4]);
+	&movq	(&QWP($A[4][2],"esi"),@C[2]);	# R[4][2] = C[2] ^= (~C[3] & C[4]);
+
+	&pandn	(@T[2],@T[0]);
+	 &pandn	(@T[0],&QWP(@D[1],"esp"));
+	&pxor	(@C[3],@T[2]);
+	 &pxor	(@C[4],@T[0]);
+	&movq	(&QWP($A[4][3],"esi"),@C[3]);	# R[4][3] = C[3] ^= (~C[4] & D[0]);
+	&sub	("ecx",1);
+	 &movq	(&QWP($A[4][4],"esi"),@C[4]);	# R[4][4] = C[4] ^= (~D[0] & D[1]);
+	&jnz	(&label("loop"));
+
+	&lea	("ebx",&DWP(-192,"ebx"));	# rewind iotas
+	&ret	();
+&function_end_B("_KeccakF1600");
+
+&function_begin("KeccakF1600");
+	&mov	("esi",&wparam(0));
+	&mov	("ebp","esp");
+	&sub	("esp",240);
+	&call	(&label("pic_point"));
+    &set_label("pic_point");
+	&blindpop("ebx");
+	&lea	("ebx",&DWP(&label("iotas")."-".&label("pic_point"),"ebx"));
+	&and	("esp",-8);
+	&lea	("esi",&DWP(100,"esi"));	# size optimization
+	&lea	("edi",&DWP(8*5+100,"esp"));	# size optimization
+
+	&call	("_KeccakF1600");
+
+	&mov	("esp","ebp");
+	&emms	();
+&function_end("KeccakF1600");
+
+&function_begin("SHA3_absorb");
+	&mov	("esi",&wparam(0));		# A[][]
+	&mov	("eax",&wparam(1));		# inp
+	&mov	("ecx",&wparam(2));		# len
+	&mov	("edx",&wparam(3));		# bsz
+	&mov	("ebp","esp");
+	&sub	("esp",240+8);
+	&call	(&label("pic_point"));
+    &set_label("pic_point");
+	&blindpop("ebx");
+	&lea	("ebx",&DWP(&label("iotas")."-".&label("pic_point"),"ebx"));
+	&and	("esp",-8);
+
+	&mov	("edi","esi");
+	&lea	("esi",&DWP(100,"esi"));	# size optimization
+	&mov	(&DWP(-4,"ebp"),"edx");		# save bsz
+	&jmp	(&label("loop"));
+
+&set_label("loop",16);
+	&cmp	("ecx","edx");			# len < bsz?
+	&jc	(&label("absorbed"));
+
+	&shr	("edx",3);			# bsz /= 8
+&set_label("block");
+	&movq	("mm0",&QWP(0,"eax"));
+	&lea	("eax",&DWP(8,"eax"));
+	&pxor	("mm0",&QWP(0,"edi"));
+	&lea	("edi",&DWP(8,"edi"));
+	&sub	("ecx",8);			# len -= 8
+	&movq	(&QWP(-8,"edi"),"mm0");
+	&dec	("edx");			# bsz--
+	&jnz	(&label("block"));
+
+	&lea	("edi",&DWP(8*5+100,"esp"));	# size optimization
+	&mov	(&DWP(-8,"ebp"),"ecx");		# save len
+	&call	("_KeccakF1600");
+	&mov	("ecx",&DWP(-8,"ebp"));		# pull len
+	&mov	("edx",&DWP(-4,"ebp"));		# pull bsz
+	&lea	("edi",&DWP(-100,"esi"));
+	&jmp	(&label("loop"));
+
+&set_label("absorbed",16);
+	&mov	("eax","ecx");			# return value
+	&mov	("esp","ebp");
+	&emms	();
+&function_end("SHA3_absorb");
+
+&function_begin("SHA3_squeeze");
+	&mov	("esi",&wparam(0));		# A[][]
+	&mov	("eax",&wparam(1));		# out
+	&mov	("ecx",&wparam(2));		# len
+	&mov	("edx",&wparam(3));		# bsz
+	&mov	("ebp","esp");
+	&sub	("esp",240+8);
+	&call	(&label("pic_point"));
+    &set_label("pic_point");
+	&blindpop("ebx");
+	&lea	("ebx",&DWP(&label("iotas")."-".&label("pic_point"),"ebx"));
+	&and	("esp",-8);
+
+	&shr	("edx",3);			# bsz /= 8
+	&mov	("edi","esi");
+	&lea	("esi",&DWP(100,"esi"));	# size optimization
+	&mov	(&DWP(-4,"ebp"),"edx");		# save bsz
+	&jmp	(&label("loop"));
+
+&set_label("loop",16);
+	&cmp	("ecx",8);			# len < 8?
+	&jc	(&label("tail"));
+
+	&movq	("mm0",&QWP(0,"edi"));
+	&lea	("edi",&DWP(8,"edi"));
+	&movq	(&QWP(0,"eax"),"mm0");
+	&lea	("eax",&DWP(8,"eax"));
+	&sub	("ecx",8);			# len -= 8
+	&jz	(&label("done"));
+
+	&dec	("edx");			# bsz--
+	&jnz	(&label("loop"));
+
+	&lea	("edi",&DWP(8*5+100,"esp"));	# size optimization
+	&mov	(&DWP(-8,"ebp"),"ecx");		# save len
+	&call	("_KeccakF1600");
+	&mov	("ecx",&DWP(-8,"ebp"));		# pull len
+	&mov	("edx",&DWP(-4,"ebp"));		# pull bsz
+	&lea	("edi",&DWP(-100,"esi"));
+	&jmp	(&label("loop"));
+
+&set_label("tail",16);
+	&mov	("esi","edi");
+	&mov	("edi","eax");
+	&data_word("0xA4F39066");		# rep movsb
+
+&set_label("done");
+	&mov	("esp","ebp");
+	&emms	();
+&function_end("SHA3_squeeze");
+
+&set_label("iotas",32);
+	&data_word(0x00000001,0x00000000);
+	&data_word(0x00008082,0x00000000);
+	&data_word(0x0000808a,0x80000000);
+	&data_word(0x80008000,0x80000000);
+	&data_word(0x0000808b,0x00000000);
+	&data_word(0x80000001,0x00000000);
+	&data_word(0x80008081,0x80000000);
+	&data_word(0x00008009,0x80000000);
+	&data_word(0x0000008a,0x00000000);
+	&data_word(0x00000088,0x00000000);
+	&data_word(0x80008009,0x00000000);
+	&data_word(0x8000000a,0x00000000);
+	&data_word(0x8000808b,0x00000000);
+	&data_word(0x0000008b,0x80000000);
+	&data_word(0x00008089,0x80000000);
+	&data_word(0x00008003,0x80000000);
+	&data_word(0x00008002,0x80000000);
+	&data_word(0x00000080,0x80000000);
+	&data_word(0x0000800a,0x00000000);
+	&data_word(0x8000000a,0x80000000);
+	&data_word(0x80008081,0x80000000);
+	&data_word(0x00008080,0x80000000);
+	&data_word(0x80000001,0x00000000);
+	&data_word(0x80008008,0x80000000);
+&asciz("Keccak-1600 absorb and squeeze for MMX, CRYPTOGAMS by <appro\@openssl.org>");
+
+&asm_finish();
+
+close STDOUT;
diff --git a/deps/openssl/openssl/crypto/sha/asm/keccak1600-ppc64.pl b/deps/openssl/openssl/crypto/sha/asm/keccak1600-ppc64.pl
new file mode 100755
index 0000000000..30e70c5d6d
--- /dev/null
+++ b/deps/openssl/openssl/crypto/sha/asm/keccak1600-ppc64.pl
@@ -0,0 +1,758 @@
+#!/usr/bin/env perl
+# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# Keccak-1600 for PPC64.
+#
+# June 2017.
+#
+# This is straightforward KECCAK_1X_ALT implementation that works on
+# *any* PPC64. Then PowerISA 2.07 adds 2x64-bit vector rotate, and
+# it's possible to achieve performance better than below, but that is
+# naturally option only for POWER8 and successors...
+#
+######################################################################
+# Numbers are cycles per processed byte.
+#
+#		r=1088(*)
+#
+# PPC970/G5	14.6/+120%
+# POWER7	10.3/+100%
+# POWER8	11.5/+85%
+# POWER9	9.4/+45%
+#
+# (*)	Corresponds to SHA3-256. Percentage after slash is improvement
+#	over gcc-4.x-generated KECCAK_1X_ALT code. Newer compilers do
+#	much better (but watch out for them generating code specific
+#	to processor they execute on).
+
+$flavour = shift;
+
+if ($flavour =~ /64/) {
+	$SIZE_T	=8;
+	$LRSAVE	=2*$SIZE_T;
+	$UCMP	="cmpld";
+	$STU	="stdu";
+	$POP	="ld";
+	$PUSH	="std";
+} else { die "nonsense $flavour"; }
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
+die "can't locate ppc-xlate.pl";
+
+open STDOUT,"| $^X $xlate $flavour ".shift || die "can't call $xlate: $!";
+
+$FRAME=24*$SIZE_T+6*$SIZE_T+32;
+$LOCALS=6*$SIZE_T;
+$TEMP=$LOCALS+6*$SIZE_T;
+
+my $sp ="r1";
+
+my @A = map([ "r$_", "r".($_+1), "r".($_+2), "r".($_+3), "r".($_+4) ],
+            (7, 12, 17, 22, 27));
+   $A[1][1] = "r6"; # r13 is reserved
+
+my @C = map("r$_", (0,3,4,5));
+
+my @rhotates = ([  0,  1, 62, 28, 27 ],
+                [ 36, 44,  6, 55, 20 ],
+                [  3, 10, 43, 25, 39 ],
+                [ 41, 45, 15, 21,  8 ],
+                [ 18,  2, 61, 56, 14 ]);
+
+$code.=<<___;
+.text
+
+.type	KeccakF1600_int,\@function
+.align	5
+KeccakF1600_int:
+	li	r0,24
+	mtctr	r0
+	b	.Loop
+.align	4
+.Loop:
+	xor	$C[0],$A[0][0],$A[1][0]		; Theta
+	std	$A[0][4],`$TEMP+0`($sp)
+	xor	$C[1],$A[0][1],$A[1][1]
+	std	$A[1][4],`$TEMP+8`($sp)
+	xor	$C[2],$A[0][2],$A[1][2]
+	std	$A[2][4],`$TEMP+16`($sp)
+	xor	$C[3],$A[0][3],$A[1][3]
+	std	$A[3][4],`$TEMP+24`($sp)
+___
+	$C[4]=$A[0][4];
+	$C[5]=$A[1][4];
+	$C[6]=$A[2][4];
+	$C[7]=$A[3][4];
+$code.=<<___;
+	xor	$C[4],$A[0][4],$A[1][4]
+	xor	$C[0],$C[0],$A[2][0]
+	xor	$C[1],$C[1],$A[2][1]
+	xor	$C[2],$C[2],$A[2][2]
+	xor	$C[3],$C[3],$A[2][3]
+	xor	$C[4],$C[4],$A[2][4]
+	xor	$C[0],$C[0],$A[3][0]
+	xor	$C[1],$C[1],$A[3][1]
+	xor	$C[2],$C[2],$A[3][2]
+	xor	$C[3],$C[3],$A[3][3]
+	xor	$C[4],$C[4],$A[3][4]
+	xor	$C[0],$C[0],$A[4][0]
+	xor	$C[2],$C[2],$A[4][2]
+	xor	$C[1],$C[1],$A[4][1]
+	xor	$C[3],$C[3],$A[4][3]
+	rotldi	$C[5],$C[2],1
+	xor	$C[4],$C[4],$A[4][4]
+	rotldi	$C[6],$C[3],1
+	xor	$C[5],$C[5],$C[0]
+	rotldi	$C[7],$C[4],1
+
+	xor	$A[0][1],$A[0][1],$C[5]
+	xor	$A[1][1],$A[1][1],$C[5]
+	xor	$A[2][1],$A[2][1],$C[5]
+	xor	$A[3][1],$A[3][1],$C[5]
+	xor	$A[4][1],$A[4][1],$C[5]
+
+	rotldi	$C[5],$C[0],1
+	xor	$C[6],$C[6],$C[1]
+	xor	$C[2],$C[2],$C[7]
+	rotldi	$C[7],$C[1],1
+	xor	$C[3],$C[3],$C[5]
+	xor	$C[4],$C[4],$C[7]
+
+	xor	$C[1],   $A[0][2],$C[6]			;mr	$C[1],$A[0][2]
+	xor	$A[1][2],$A[1][2],$C[6]
+	xor	$A[2][2],$A[2][2],$C[6]
+	xor	$A[3][2],$A[3][2],$C[6]
+	xor	$A[4][2],$A[4][2],$C[6]
+
+	xor	$A[0][0],$A[0][0],$C[4]
+	xor	$A[1][0],$A[1][0],$C[4]
+	xor	$A[2][0],$A[2][0],$C[4]
+	xor	$A[3][0],$A[3][0],$C[4]
+	xor	$A[4][0],$A[4][0],$C[4]
+___
+	$C[4]=undef;
+	$C[5]=undef;
+	$C[6]=undef;
+	$C[7]=undef;
+$code.=<<___;
+	ld	$A[0][4],`$TEMP+0`($sp)
+	xor	$C[0],   $A[0][3],$C[2]			;mr	$C[0],$A[0][3]
+	ld	$A[1][4],`$TEMP+8`($sp)
+	xor	$A[1][3],$A[1][3],$C[2]
+	ld	$A[2][4],`$TEMP+16`($sp)
+	xor	$A[2][3],$A[2][3],$C[2]
+	ld	$A[3][4],`$TEMP+24`($sp)
+	xor	$A[3][3],$A[3][3],$C[2]
+	xor	$A[4][3],$A[4][3],$C[2]
+
+	xor	$C[2],   $A[0][4],$C[3]			;mr	$C[2],$A[0][4]
+	xor	$A[1][4],$A[1][4],$C[3]
+	xor	$A[2][4],$A[2][4],$C[3]
+	xor	$A[3][4],$A[3][4],$C[3]
+	xor	$A[4][4],$A[4][4],$C[3]
+
+	mr	$C[3],$A[0][1]				; Rho+Pi
+	rotldi	$A[0][1],$A[1][1],$rhotates[1][1]
+	;mr	$C[1],$A[0][2]
+	rotldi	$A[0][2],$A[2][2],$rhotates[2][2]
+	;mr	$C[0],$A[0][3]
+	rotldi	$A[0][3],$A[3][3],$rhotates[3][3]
+	;mr	$C[2],$A[0][4]
+	rotldi	$A[0][4],$A[4][4],$rhotates[4][4]
+
+	rotldi	$A[1][1],$A[1][4],$rhotates[1][4]
+	rotldi	$A[2][2],$A[2][3],$rhotates[2][3]
+	rotldi	$A[3][3],$A[3][2],$rhotates[3][2]
+	rotldi	$A[4][4],$A[4][1],$rhotates[4][1]
+
+	rotldi	$A[1][4],$A[4][2],$rhotates[4][2]
+	rotldi	$A[2][3],$A[3][4],$rhotates[3][4]
+	rotldi	$A[3][2],$A[2][1],$rhotates[2][1]
+	rotldi	$A[4][1],$A[1][3],$rhotates[1][3]
+
+	rotldi	$A[4][2],$A[2][4],$rhotates[2][4]
+	rotldi	$A[3][4],$A[4][3],$rhotates[4][3]
+	rotldi	$A[2][1],$A[1][2],$rhotates[1][2]
+	rotldi	$A[1][3],$A[3][1],$rhotates[3][1]
+
+	rotldi	$A[2][4],$A[4][0],$rhotates[4][0]
+	rotldi	$A[4][3],$A[3][0],$rhotates[3][0]
+	rotldi	$A[1][2],$A[2][0],$rhotates[2][0]
+	rotldi	$A[3][1],$A[1][0],$rhotates[1][0]
+
+	rotldi	$A[1][0],$C[0],$rhotates[0][3]
+	rotldi	$A[2][0],$C[3],$rhotates[0][1]
+	rotldi	$A[3][0],$C[2],$rhotates[0][4]
+	rotldi	$A[4][0],$C[1],$rhotates[0][2]
+
+	andc	$C[0],$A[0][2],$A[0][1]			; Chi+Iota
+	andc	$C[1],$A[0][3],$A[0][2]
+	andc	$C[2],$A[0][0],$A[0][4]
+	andc	$C[3],$A[0][1],$A[0][0]
+	xor	$A[0][0],$A[0][0],$C[0]
+	andc	$C[0],$A[0][4],$A[0][3]
+	xor	$A[0][1],$A[0][1],$C[1]
+	 ld	$C[1],`$LOCALS+4*$SIZE_T`($sp)
+	xor	$A[0][3],$A[0][3],$C[2]
+	xor	$A[0][4],$A[0][4],$C[3]
+	xor	$A[0][2],$A[0][2],$C[0]
+	 ldu	$C[3],8($C[1])				; Iota[i++]
+
+	andc	$C[0],$A[1][2],$A[1][1]
+	 std	$C[1],`$LOCALS+4*$SIZE_T`($sp)
+	andc	$C[1],$A[1][3],$A[1][2]
+	andc	$C[2],$A[1][0],$A[1][4]
+	 xor	$A[0][0],$A[0][0],$C[3]			; A[0][0] ^= Iota
+	andc	$C[3],$A[1][1],$A[1][0]
+	xor	$A[1][0],$A[1][0],$C[0]
+	andc	$C[0],$A[1][4],$A[1][3]
+	xor	$A[1][1],$A[1][1],$C[1]
+	xor	$A[1][3],$A[1][3],$C[2]
+	xor	$A[1][4],$A[1][4],$C[3]
+	xor	$A[1][2],$A[1][2],$C[0]
+
+	andc	$C[0],$A[2][2],$A[2][1]
+	andc	$C[1],$A[2][3],$A[2][2]
+	andc	$C[2],$A[2][0],$A[2][4]
+	andc	$C[3],$A[2][1],$A[2][0]
+	xor	$A[2][0],$A[2][0],$C[0]
+	andc	$C[0],$A[2][4],$A[2][3]
+	xor	$A[2][1],$A[2][1],$C[1]
+	xor	$A[2][3],$A[2][3],$C[2]
+	xor	$A[2][4],$A[2][4],$C[3]
+	xor	$A[2][2],$A[2][2],$C[0]
+
+	andc	$C[0],$A[3][2],$A[3][1]
+	andc	$C[1],$A[3][3],$A[3][2]
+	andc	$C[2],$A[3][0],$A[3][4]
+	andc	$C[3],$A[3][1],$A[3][0]
+	xor	$A[3][0],$A[3][0],$C[0]
+	andc	$C[0],$A[3][4],$A[3][3]
+	xor	$A[3][1],$A[3][1],$C[1]
+	xor	$A[3][3],$A[3][3],$C[2]
+	xor	$A[3][4],$A[3][4],$C[3]
+	xor	$A[3][2],$A[3][2],$C[0]
+
+	andc	$C[0],$A[4][2],$A[4][1]
+	andc	$C[1],$A[4][3],$A[4][2]
+	andc	$C[2],$A[4][0],$A[4][4]
+	andc	$C[3],$A[4][1],$A[4][0]
+	xor	$A[4][0],$A[4][0],$C[0]
+	andc	$C[0],$A[4][4],$A[4][3]
+	xor	$A[4][1],$A[4][1],$C[1]
+	xor	$A[4][3],$A[4][3],$C[2]
+	xor	$A[4][4],$A[4][4],$C[3]
+	xor	$A[4][2],$A[4][2],$C[0]
+
+	bdnz	.Loop
+
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+.size	KeccakF1600_int,.-KeccakF1600_int
+
+.type	KeccakF1600,\@function
+.align	5
+KeccakF1600:
+	$STU	$sp,-$FRAME($sp)
+	mflr	r0
+	$PUSH	r14,`$FRAME-$SIZE_T*18`($sp)
+	$PUSH	r15,`$FRAME-$SIZE_T*17`($sp)
+	$PUSH	r16,`$FRAME-$SIZE_T*16`($sp)
+	$PUSH	r17,`$FRAME-$SIZE_T*15`($sp)
+	$PUSH	r18,`$FRAME-$SIZE_T*14`($sp)
+	$PUSH	r19,`$FRAME-$SIZE_T*13`($sp)
+	$PUSH	r20,`$FRAME-$SIZE_T*12`($sp)
+	$PUSH	r21,`$FRAME-$SIZE_T*11`($sp)
+	$PUSH	r22,`$FRAME-$SIZE_T*10`($sp)
+	$PUSH	r23,`$FRAME-$SIZE_T*9`($sp)
+	$PUSH	r24,`$FRAME-$SIZE_T*8`($sp)
+	$PUSH	r25,`$FRAME-$SIZE_T*7`($sp)
+	$PUSH	r26,`$FRAME-$SIZE_T*6`($sp)
+	$PUSH	r27,`$FRAME-$SIZE_T*5`($sp)
+	$PUSH	r28,`$FRAME-$SIZE_T*4`($sp)
+	$PUSH	r29,`$FRAME-$SIZE_T*3`($sp)
+	$PUSH	r30,`$FRAME-$SIZE_T*2`($sp)
+	$PUSH	r31,`$FRAME-$SIZE_T*1`($sp)
+	$PUSH	r0,`$FRAME+$LRSAVE`($sp)
+
+	bl	PICmeup
+	subi	r12,r12,8			; prepare for ldu
+
+	$PUSH	r3,`$LOCALS+0*$SIZE_T`($sp)
+	;$PUSH	r4,`$LOCALS+1*$SIZE_T`($sp)
+	;$PUSH	r5,`$LOCALS+2*$SIZE_T`($sp)
+	;$PUSH	r6,`$LOCALS+3*$SIZE_T`($sp)
+	$PUSH	r12,`$LOCALS+4*$SIZE_T`($sp)
+
+	ld	$A[0][0],`8*0`(r3)		; load A[5][5]
+	ld	$A[0][1],`8*1`(r3)
+	ld	$A[0][2],`8*2`(r3)
+	ld	$A[0][3],`8*3`(r3)
+	ld	$A[0][4],`8*4`(r3)
+	ld	$A[1][0],`8*5`(r3)
+	ld	$A[1][1],`8*6`(r3)
+	ld	$A[1][2],`8*7`(r3)
+	ld	$A[1][3],`8*8`(r3)
+	ld	$A[1][4],`8*9`(r3)
+	ld	$A[2][0],`8*10`(r3)
+	ld	$A[2][1],`8*11`(r3)
+	ld	$A[2][2],`8*12`(r3)
+	ld	$A[2][3],`8*13`(r3)
+	ld	$A[2][4],`8*14`(r3)
+	ld	$A[3][0],`8*15`(r3)
+	ld	$A[3][1],`8*16`(r3)
+	ld	$A[3][2],`8*17`(r3)
+	ld	$A[3][3],`8*18`(r3)
+	ld	$A[3][4],`8*19`(r3)
+	ld	$A[4][0],`8*20`(r3)
+	ld	$A[4][1],`8*21`(r3)
+	ld	$A[4][2],`8*22`(r3)
+	ld	$A[4][3],`8*23`(r3)
+	ld	$A[4][4],`8*24`(r3)
+
+	bl	KeccakF1600_int
+
+	$POP	r3,`$LOCALS+0*$SIZE_T`($sp)
+	std	$A[0][0],`8*0`(r3)		; return A[5][5]
+	std	$A[0][1],`8*1`(r3)
+	std	$A[0][2],`8*2`(r3)
+	std	$A[0][3],`8*3`(r3)
+	std	$A[0][4],`8*4`(r3)
+	std	$A[1][0],`8*5`(r3)
+	std	$A[1][1],`8*6`(r3)
+	std	$A[1][2],`8*7`(r3)
+	std	$A[1][3],`8*8`(r3)
+	std	$A[1][4],`8*9`(r3)
+	std	$A[2][0],`8*10`(r3)
+	std	$A[2][1],`8*11`(r3)
+	std	$A[2][2],`8*12`(r3)
+	std	$A[2][3],`8*13`(r3)
+	std	$A[2][4],`8*14`(r3)
+	std	$A[3][0],`8*15`(r3)
+	std	$A[3][1],`8*16`(r3)
+	std	$A[3][2],`8*17`(r3)
+	std	$A[3][3],`8*18`(r3)
+	std	$A[3][4],`8*19`(r3)
+	std	$A[4][0],`8*20`(r3)
+	std	$A[4][1],`8*21`(r3)
+	std	$A[4][2],`8*22`(r3)
+	std	$A[4][3],`8*23`(r3)
+	std	$A[4][4],`8*24`(r3)
+
+	$POP	r0,`$FRAME+$LRSAVE`($sp)
+	$POP	r14,`$FRAME-$SIZE_T*18`($sp)
+	$POP	r15,`$FRAME-$SIZE_T*17`($sp)
+	$POP	r16,`$FRAME-$SIZE_T*16`($sp)
+	$POP	r17,`$FRAME-$SIZE_T*15`($sp)
+	$POP	r18,`$FRAME-$SIZE_T*14`($sp)
+	$POP	r19,`$FRAME-$SIZE_T*13`($sp)
+	$POP	r20,`$FRAME-$SIZE_T*12`($sp)
+	$POP	r21,`$FRAME-$SIZE_T*11`($sp)
+	$POP	r22,`$FRAME-$SIZE_T*10`($sp)
+	$POP	r23,`$FRAME-$SIZE_T*9`($sp)
+	$POP	r24,`$FRAME-$SIZE_T*8`($sp)
+	$POP	r25,`$FRAME-$SIZE_T*7`($sp)
+	$POP	r26,`$FRAME-$SIZE_T*6`($sp)
+	$POP	r27,`$FRAME-$SIZE_T*5`($sp)
+	$POP	r28,`$FRAME-$SIZE_T*4`($sp)
+	$POP	r29,`$FRAME-$SIZE_T*3`($sp)
+	$POP	r30,`$FRAME-$SIZE_T*2`($sp)
+	$POP	r31,`$FRAME-$SIZE_T*1`($sp)
+	mtlr	r0
+	addi	$sp,$sp,$FRAME
+	blr
+	.long	0
+	.byte	0,12,4,1,0x80,18,1,0
+	.long	0
+.size	KeccakF1600,.-KeccakF1600
+
+.type	dword_le_load,\@function
+.align	5
+dword_le_load:
+	lbzu	r0,1(r3)
+	lbzu	r4,1(r3)
+	lbzu	r5,1(r3)
+	insrdi	r0,r4,8,48
+	lbzu	r4,1(r3)
+	insrdi	r0,r5,8,40
+	lbzu	r5,1(r3)
+	insrdi	r0,r4,8,32
+	lbzu	r4,1(r3)
+	insrdi	r0,r5,8,24
+	lbzu	r5,1(r3)
+	insrdi	r0,r4,8,16
+	lbzu	r4,1(r3)
+	insrdi	r0,r5,8,8
+	insrdi	r0,r4,8,0
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,1,0
+	.long	0
+.size	dword_le_load,.-dword_le_load
+
+.globl	SHA3_absorb
+.type	SHA3_absorb,\@function
+.align	5
+SHA3_absorb:
+	$STU	$sp,-$FRAME($sp)
+	mflr	r0
+	$PUSH	r14,`$FRAME-$SIZE_T*18`($sp)
+	$PUSH	r15,`$FRAME-$SIZE_T*17`($sp)
+	$PUSH	r16,`$FRAME-$SIZE_T*16`($sp)
+	$PUSH	r17,`$FRAME-$SIZE_T*15`($sp)
+	$PUSH	r18,`$FRAME-$SIZE_T*14`($sp)
+	$PUSH	r19,`$FRAME-$SIZE_T*13`($sp)
+	$PUSH	r20,`$FRAME-$SIZE_T*12`($sp)
+	$PUSH	r21,`$FRAME-$SIZE_T*11`($sp)
+	$PUSH	r22,`$FRAME-$SIZE_T*10`($sp)
+	$PUSH	r23,`$FRAME-$SIZE_T*9`($sp)
+	$PUSH	r24,`$FRAME-$SIZE_T*8`($sp)
+	$PUSH	r25,`$FRAME-$SIZE_T*7`($sp)
+	$PUSH	r26,`$FRAME-$SIZE_T*6`($sp)
+	$PUSH	r27,`$FRAME-$SIZE_T*5`($sp)
+	$PUSH	r28,`$FRAME-$SIZE_T*4`($sp)
+	$PUSH	r29,`$FRAME-$SIZE_T*3`($sp)
+	$PUSH	r30,`$FRAME-$SIZE_T*2`($sp)
+	$PUSH	r31,`$FRAME-$SIZE_T*1`($sp)
+	$PUSH	r0,`$FRAME+$LRSAVE`($sp)
+
+	bl	PICmeup
+	subi	r4,r4,1				; prepare for lbzu
+	subi	r12,r12,8			; prepare for ldu
+
+	$PUSH	r3,`$LOCALS+0*$SIZE_T`($sp)	; save A[][]
+	$PUSH	r4,`$LOCALS+1*$SIZE_T`($sp)	; save inp
+	$PUSH	r5,`$LOCALS+2*$SIZE_T`($sp)	; save len
+	$PUSH	r6,`$LOCALS+3*$SIZE_T`($sp)	; save bsz
+	mr	r0,r6
+	$PUSH	r12,`$LOCALS+4*$SIZE_T`($sp)
+
+	ld	$A[0][0],`8*0`(r3)		; load A[5][5]
+	ld	$A[0][1],`8*1`(r3)
+	ld	$A[0][2],`8*2`(r3)
+	ld	$A[0][3],`8*3`(r3)
+	ld	$A[0][4],`8*4`(r3)
+	ld	$A[1][0],`8*5`(r3)
+	ld	$A[1][1],`8*6`(r3)
+	ld	$A[1][2],`8*7`(r3)
+	ld	$A[1][3],`8*8`(r3)
+	ld	$A[1][4],`8*9`(r3)
+	ld	$A[2][0],`8*10`(r3)
+	ld	$A[2][1],`8*11`(r3)
+	ld	$A[2][2],`8*12`(r3)
+	ld	$A[2][3],`8*13`(r3)
+	ld	$A[2][4],`8*14`(r3)
+	ld	$A[3][0],`8*15`(r3)
+	ld	$A[3][1],`8*16`(r3)
+	ld	$A[3][2],`8*17`(r3)
+	ld	$A[3][3],`8*18`(r3)
+	ld	$A[3][4],`8*19`(r3)
+	ld	$A[4][0],`8*20`(r3)
+	ld	$A[4][1],`8*21`(r3)
+	ld	$A[4][2],`8*22`(r3)
+	ld	$A[4][3],`8*23`(r3)
+	ld	$A[4][4],`8*24`(r3)
+
+	mr	r3,r4
+	mr	r4,r5
+	mr	r5,r0
+
+	b	.Loop_absorb
+
+.align	4
+.Loop_absorb:
+	$UCMP	r4,r5				; len < bsz?
+	blt	.Labsorbed
+
+	sub	r4,r4,r5			; len -= bsz
+	srwi	r5,r5,3
+	$PUSH	r4,`$LOCALS+2*$SIZE_T`($sp)	; save len
+	mtctr	r5
+	bl	dword_le_load			; *inp++
+	xor	$A[0][0],$A[0][0],r0
+	bdz	.Lprocess_block
+	bl	dword_le_load			; *inp++
+	xor	$A[0][1],$A[0][1],r0
+	bdz	.Lprocess_block
+	bl	dword_le_load			; *inp++
+	xor	$A[0][2],$A[0][2],r0
+	bdz	.Lprocess_block
+	bl	dword_le_load			; *inp++
+	xor	$A[0][3],$A[0][3],r0
+	bdz	.Lprocess_block
+	bl	dword_le_load			; *inp++
+	xor	$A[0][4],$A[0][4],r0
+	bdz	.Lprocess_block
+	bl	dword_le_load			; *inp++
+	xor	$A[1][0],$A[1][0],r0
+	bdz	.Lprocess_block
+	bl	dword_le_load			; *inp++
+	xor	$A[1][1],$A[1][1],r0
+	bdz	.Lprocess_block
+	bl	dword_le_load			; *inp++
+	xor	$A[1][2],$A[1][2],r0
+	bdz	.Lprocess_block
+	bl	dword_le_load			; *inp++
+	xor	$A[1][3],$A[1][3],r0
+	bdz	.Lprocess_block
+	bl	dword_le_load			; *inp++
+	xor	$A[1][4],$A[1][4],r0
+	bdz	.Lprocess_block
+	bl	dword_le_load			; *inp++
+	xor	$A[2][0],$A[2][0],r0
+	bdz	.Lprocess_block
+	bl	dword_le_load			; *inp++
+	xor	$A[2][1],$A[2][1],r0
+	bdz	.Lprocess_block
+	bl	dword_le_load			; *inp++
+	xor	$A[2][2],$A[2][2],r0
+	bdz	.Lprocess_block
+	bl	dword_le_load			; *inp++
+	xor	$A[2][3],$A[2][3],r0
+	bdz	.Lprocess_block
+	bl	dword_le_load			; *inp++
+	xor	$A[2][4],$A[2][4],r0
+	bdz	.Lprocess_block
+	bl	dword_le_load			; *inp++
+	xor	$A[3][0],$A[3][0],r0
+	bdz	.Lprocess_block
+	bl	dword_le_load			; *inp++
+	xor	$A[3][1],$A[3][1],r0
+	bdz	.Lprocess_block
+	bl	dword_le_load			; *inp++
+	xor	$A[3][2],$A[3][2],r0
+	bdz	.Lprocess_block
+	bl	dword_le_load			; *inp++
+	xor	$A[3][3],$A[3][3],r0
+	bdz	.Lprocess_block
+	bl	dword_le_load			; *inp++
+	xor	$A[3][4],$A[3][4],r0
+	bdz	.Lprocess_block
+	bl	dword_le_load			; *inp++
+	xor	$A[4][0],$A[4][0],r0
+	bdz	.Lprocess_block
+	bl	dword_le_load			; *inp++
+	xor	$A[4][1],$A[4][1],r0
+	bdz	.Lprocess_block
+	bl	dword_le_load			; *inp++
+	xor	$A[4][2],$A[4][2],r0
+	bdz	.Lprocess_block
+	bl	dword_le_load			; *inp++
+	xor	$A[4][3],$A[4][3],r0
+	bdz	.Lprocess_block
+	bl	dword_le_load			; *inp++
+	xor	$A[4][4],$A[4][4],r0
+
+.Lprocess_block:
+	$PUSH	r3,`$LOCALS+1*$SIZE_T`($sp)	; save inp
+
+	bl	KeccakF1600_int
+
+	$POP	r0,`$LOCALS+4*$SIZE_T`($sp)	; pull iotas[24]
+	$POP	r5,`$LOCALS+3*$SIZE_T`($sp)	; restore bsz
+	$POP	r4,`$LOCALS+2*$SIZE_T`($sp)	; restore len
+	$POP	r3,`$LOCALS+1*$SIZE_T`($sp)	; restore inp
+	addic	r0,r0,`-8*24`			; rewind iotas
+	$PUSH	r0,`$LOCALS+4*$SIZE_T`($sp)
+
+	b	.Loop_absorb
+
+.align	4
+.Labsorbed:
+	$POP	r3,`$LOCALS+0*$SIZE_T`($sp)
+	std	$A[0][0],`8*0`(r3)		; return A[5][5]
+	std	$A[0][1],`8*1`(r3)
+	std	$A[0][2],`8*2`(r3)
+	std	$A[0][3],`8*3`(r3)
+	std	$A[0][4],`8*4`(r3)
+	std	$A[1][0],`8*5`(r3)
+	std	$A[1][1],`8*6`(r3)
+	std	$A[1][2],`8*7`(r3)
+	std	$A[1][3],`8*8`(r3)
+	std	$A[1][4],`8*9`(r3)
+	std	$A[2][0],`8*10`(r3)
+	std	$A[2][1],`8*11`(r3)
+	std	$A[2][2],`8*12`(r3)
+	std	$A[2][3],`8*13`(r3)
+	std	$A[2][4],`8*14`(r3)
+	std	$A[3][0],`8*15`(r3)
+	std	$A[3][1],`8*16`(r3)
+	std	$A[3][2],`8*17`(r3)
+	std	$A[3][3],`8*18`(r3)
+	std	$A[3][4],`8*19`(r3)
+	std	$A[4][0],`8*20`(r3)
+	std	$A[4][1],`8*21`(r3)
+	std	$A[4][2],`8*22`(r3)
+	std	$A[4][3],`8*23`(r3)
+	std	$A[4][4],`8*24`(r3)
+
+	mr	r3,r4				; return value
+	$POP	r0,`$FRAME+$LRSAVE`($sp)
+	$POP	r14,`$FRAME-$SIZE_T*18`($sp)
+	$POP	r15,`$FRAME-$SIZE_T*17`($sp)
+	$POP	r16,`$FRAME-$SIZE_T*16`($sp)
+	$POP	r17,`$FRAME-$SIZE_T*15`($sp)
+	$POP	r18,`$FRAME-$SIZE_T*14`($sp)
+	$POP	r19,`$FRAME-$SIZE_T*13`($sp)
+	$POP	r20,`$FRAME-$SIZE_T*12`($sp)
+	$POP	r21,`$FRAME-$SIZE_T*11`($sp)
+	$POP	r22,`$FRAME-$SIZE_T*10`($sp)
+	$POP	r23,`$FRAME-$SIZE_T*9`($sp)
+	$POP	r24,`$FRAME-$SIZE_T*8`($sp)
+	$POP	r25,`$FRAME-$SIZE_T*7`($sp)
+	$POP	r26,`$FRAME-$SIZE_T*6`($sp)
+	$POP	r27,`$FRAME-$SIZE_T*5`($sp)
+	$POP	r28,`$FRAME-$SIZE_T*4`($sp)
+	$POP	r29,`$FRAME-$SIZE_T*3`($sp)
+	$POP	r30,`$FRAME-$SIZE_T*2`($sp)
+	$POP	r31,`$FRAME-$SIZE_T*1`($sp)
+	mtlr	r0
+	addi	$sp,$sp,$FRAME
+	blr
+	.long	0
+	.byte	0,12,4,1,0x80,18,4,0
+	.long	0
+.size	SHA3_absorb,.-SHA3_absorb
+___
+{
+my ($A_flat,$out,$len,$bsz) = map("r$_",(28..31));
+$code.=<<___;
+.globl	SHA3_squeeze
+.type	SHA3_squeeze,\@function
+.align	5
+SHA3_squeeze:
+	$STU	$sp,`-10*$SIZE_T`($sp)
+	mflr	r0
+	$PUSH	r28,`6*$SIZE_T`($sp)
+	$PUSH	r29,`7*$SIZE_T`($sp)
+	$PUSH	r30,`8*$SIZE_T`($sp)
+	$PUSH	r31,`9*$SIZE_T`($sp)
+	$PUSH	r0,`10*$SIZE_T+$LRSAVE`($sp)
+
+	mr	$A_flat,r3
+	subi	r3,r3,8			; prepare for ldu
+	subi	$out,r4,1		; prepare for stbu
+	mr	$len,r5
+	mr	$bsz,r6
+	b	.Loop_squeeze
+
+.align	4
+.Loop_squeeze:
+	ldu	r0,8(r3)
+	${UCMP}i $len,8
+	blt	.Lsqueeze_tail
+
+	stbu	r0,1($out)
+	srdi	r0,r0,8
+	stbu	r0,1($out)
+	srdi	r0,r0,8
+	stbu	r0,1($out)
+	srdi	r0,r0,8
+	stbu	r0,1($out)
+	srdi	r0,r0,8
+	stbu	r0,1($out)
+	srdi	r0,r0,8
+	stbu	r0,1($out)
+	srdi	r0,r0,8
+	stbu	r0,1($out)
+	srdi	r0,r0,8
+	stbu	r0,1($out)
+
+	subic.	$len,$len,8
+	beq	.Lsqueeze_done
+
+	subic.	r6,r6,8
+	bgt	.Loop_squeeze
+
+	mr	r3,$A_flat
+	bl	KeccakF1600
+	subi	r3,$A_flat,8		; prepare for ldu
+	mr	r6,$bsz
+	b	.Loop_squeeze
+
+.align	4
+.Lsqueeze_tail:
+	mtctr	$len
+.Loop_tail:
+	stbu	r0,1($out)
+	srdi	r0,r0,8
+	bdnz	.Loop_tail
+
+.Lsqueeze_done:
+	$POP	r0,`10*$SIZE_T+$LRSAVE`($sp)
+	$POP	r28,`6*$SIZE_T`($sp)
+	$POP	r29,`7*$SIZE_T`($sp)
+	$POP	r30,`8*$SIZE_T`($sp)
+	$POP	r31,`9*$SIZE_T`($sp)
+	mtlr	r0
+	addi	$sp,$sp,`10*$SIZE_T`
+	blr
+	.long	0
+	.byte	0,12,4,1,0x80,4,4,0
+	.long	0
+.size	SHA3_squeeze,.-SHA3_squeeze
+___
+}
+
+# Ugly hack here, because PPC assembler syntax seem to vary too
+# much from platforms to platform...
+$code.=<<___;
+.align	6
+PICmeup:
+	mflr	r0
+	bcl	20,31,\$+4
+	mflr	r12   ; vvvvvv "distance" between . and 1st data entry
+	addi	r12,r12,`64-8`
+	mtlr	r0
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+	.space	`64-9*4`
+.type	iotas,\@object
+iotas:
+	.quad	0x0000000000000001
+	.quad	0x0000000000008082
+	.quad	0x800000000000808a
+	.quad	0x8000000080008000
+	.quad	0x000000000000808b
+	.quad	0x0000000080000001
+	.quad	0x8000000080008081
+	.quad	0x8000000000008009
+	.quad	0x000000000000008a
+	.quad	0x0000000000000088
+	.quad	0x0000000080008009
+	.quad	0x000000008000000a
+	.quad	0x000000008000808b
+	.quad	0x800000000000008b
+	.quad	0x8000000000008089
+	.quad	0x8000000000008003
+	.quad	0x8000000000008002
+	.quad	0x8000000000000080
+	.quad	0x000000000000800a
+	.quad	0x800000008000000a
+	.quad	0x8000000080008081
+	.quad	0x8000000000008080
+	.quad	0x0000000080000001
+	.quad	0x8000000080008008
+.size	iotas,.-iotas
+.asciz	"Keccak-1600 absorb and squeeze for PPC64, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+print $code;
+close STDOUT;
diff --git a/deps/openssl/openssl/crypto/sha/asm/keccak1600-s390x.pl b/deps/openssl/openssl/crypto/sha/asm/keccak1600-s390x.pl
new file mode 100755
index 0000000000..1184cf233e
--- /dev/null
+++ b/deps/openssl/openssl/crypto/sha/asm/keccak1600-s390x.pl
@@ -0,0 +1,560 @@
+#!/usr/bin/env perl
+# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# Keccak-1600 for s390x.
+#
+# June 2017.
+#
+# Below code is [lane complementing] KECCAK_2X implementation (see
+# sha/keccak1600.c) with C[5] and D[5] held in register bank. Though
+# instead of actually unrolling the loop pair-wise I simply flip
+# pointers to T[][] and A[][] at the end of round. Since number of
+# rounds is even, last round writes to A[][] and everything works out.
+# In the nutshell it's transliteration of x86_64 module, because both
+# architectures have similar capabilities/limitations. Performance
+# measurement is problematic as I don't have access to an idle system.
+# It looks like z13 processes one byte [out of long message] in ~14
+# cycles. At least the result is consistent with estimate based on
+# amount of instruction and assumed instruction issue rate. It's ~2.5x
+# faster than compiler-generated code.
+
+$flavour = shift;
+
+if ($flavour =~ /3[12]/) {
+	$SIZE_T=4;
+	$g="";
+} else {
+	$SIZE_T=8;
+	$g="g";
+}
+
+while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
+open STDOUT,">$output";
+
+my @A = map([ 8*$_, 8*($_+1), 8*($_+2), 8*($_+3), 8*($_+4) ], (0,5,10,15,20));
+
+my @C = map("%r$_",(0,1,5..7));
+my @D = map("%r$_",(8..12));
+my @T = map("%r$_",(13..14));
+my ($src,$dst,$iotas) = map("%r$_",(2..4));
+my $sp = "%r15";
+
+$stdframe=16*$SIZE_T+4*8;
+$frame=$stdframe+25*8;
+
+my @rhotates = ([  0,  1, 62, 28, 27 ],
+                [ 36, 44,  6, 55, 20 ],
+                [  3, 10, 43, 25, 39 ],
+                [ 41, 45, 15, 21,  8 ],
+                [ 18,  2, 61, 56, 14 ]);
+
+{ my @C = @C;	# copy, because we mess them up...
+  my @D = @D;
+
+$code.=<<___;
+.text
+
+.type	__KeccakF1600,\@function
+.align	32
+__KeccakF1600:
+	st${g}	%r14,$SIZE_T*14($sp)
+	lg	@C[0],$A[4][0]($src)
+	lg	@C[1],$A[4][1]($src)
+	lg	@C[2],$A[4][2]($src)
+	lg	@C[3],$A[4][3]($src)
+	lg	@C[4],$A[4][4]($src)
+	larl	$iotas,iotas
+	j	.Loop
+
+.align	16
+.Loop:
+	lg	@D[0],$A[0][0]($src)
+	lg	@D[1],$A[1][1]($src)
+	lg	@D[2],$A[2][2]($src)
+	lg	@D[3],$A[3][3]($src)
+
+	xgr	@C[0],@D[0]
+	xg	@C[1],$A[0][1]($src)
+	xg	@C[2],$A[0][2]($src)
+	xg	@C[3],$A[0][3]($src)
+	lgr	@D[4],@C[4]
+	xg	@C[4],$A[0][4]($src)
+
+	xg	@C[0],$A[1][0]($src)
+	xgr	@C[1],@D[1]
+	xg	@C[2],$A[1][2]($src)
+	xg	@C[3],$A[1][3]($src)
+	xg	@C[4],$A[1][4]($src)
+
+	xg	@C[0],$A[2][0]($src)
+	xg	@C[1],$A[2][1]($src)
+	xgr	@C[2],@D[2]
+	xg	@C[3],$A[2][3]($src)
+	xg	@C[4],$A[2][4]($src)
+
+	xg	@C[0],$A[3][0]($src)
+	xg	@C[1],$A[3][1]($src)
+	xg	@C[2],$A[3][2]($src)
+	xgr	@C[3],@D[3]
+	xg	@C[4],$A[3][4]($src)
+
+	lgr	@T[0],@C[2]
+	rllg	@C[2],@C[2],1
+	xgr	@C[2],@C[0]		# D[1] = ROL64(C[2], 1) ^ C[0]
+
+	rllg	@C[0],@C[0],1
+	xgr	@C[0],@C[3]		# D[4] = ROL64(C[0], 1) ^ C[3]
+
+	rllg	@C[3],@C[3],1
+	xgr	@C[3],@C[1]		# D[2] = ROL64(C[3], 1) ^ C[1]
+
+	rllg	@C[1],@C[1],1
+	xgr	@C[1],@C[4]		# D[0] = ROL64(C[1], 1) ^ C[4]
+
+	rllg	@C[4],@C[4],1
+	xgr	@C[4],@T[0]		# D[3] = ROL64(C[4], 1) ^ C[2]
+___
+	(@D[0..4], @C) = (@C[1..4,0], @D);
+$code.=<<___;
+	xgr	@C[1],@D[1]
+	xgr	@C[2],@D[2]
+	xgr	@C[3],@D[3]
+	 rllg	@C[1],@C[1],$rhotates[1][1]
+	xgr	@C[4],@D[4]
+	 rllg	@C[2],@C[2],$rhotates[2][2]
+	xgr	@C[0],@D[0]
+
+	lgr	@T[0],@C[1]
+	ogr	@C[1],@C[2]
+	 rllg	@C[3],@C[3],$rhotates[3][3]
+	xgr	@C[1],@C[0]		#	    C[0] ^ ( C[1] | C[2])
+	 rllg	@C[4],@C[4],$rhotates[4][4]
+	xg	@C[1],0($iotas)
+	la	$iotas,8($iotas)
+	stg	@C[1],$A[0][0]($dst)	# R[0][0] = C[0] ^ ( C[1] | C[2]) ^ iotas[i]
+
+	lgr	@T[1],@C[4]
+	ngr	@C[4],@C[3]
+	 lghi	@C[1],-1		# no 'not' instruction :-(
+	xgr	@C[4],@C[2]		#	    C[2] ^ ( C[4] & C[3])
+	 xgr	@C[2],@C[1]		# not	@C[2]
+	stg	@C[4],$A[0][2]($dst)	# R[0][2] = C[2] ^ ( C[4] & C[3])
+	 ogr	@C[2],@C[3]
+	 xgr	@C[2],@T[0]		#	    C[1] ^ (~C[2] | C[3])
+
+	ngr	@T[0],@C[0]
+	 stg	@C[2],$A[0][1]($dst)	# R[0][1] = C[1] ^ (~C[2] | C[3])
+	xgr	@T[0],@T[1]		#	    C[4] ^ ( C[1] & C[0])
+	 ogr	@T[1],@C[0]
+	stg	@T[0],$A[0][4]($dst)	# R[0][4] = C[4] ^ ( C[1] & C[0])
+	 xgr	@T[1],@C[3]		#	    C[3] ^ ( C[4] | C[0])
+	 stg	@T[1],$A[0][3]($dst)	# R[0][3] = C[3] ^ ( C[4] | C[0])
+
+
+	lg	@C[0],$A[0][3]($src)
+	lg	@C[4],$A[4][2]($src)
+	lg	@C[3],$A[3][1]($src)
+	lg	@C[1],$A[1][4]($src)
+	lg	@C[2],$A[2][0]($src)
+
+	xgr	@C[0],@D[3]
+	xgr	@C[4],@D[2]
+	 rllg	@C[0],@C[0],$rhotates[0][3]
+	xgr	@C[3],@D[1]
+	 rllg	@C[4],@C[4],$rhotates[4][2]
+	xgr	@C[1],@D[4]
+	 rllg	@C[3],@C[3],$rhotates[3][1]
+	xgr	@C[2],@D[0]
+
+	lgr	@T[0],@C[0]
+	ogr	@C[0],@C[4]
+	 rllg	@C[1],@C[1],$rhotates[1][4]
+	xgr	@C[0],@C[3]		#	    C[3] ^ (C[0] |  C[4])
+	 rllg	@C[2],@C[2],$rhotates[2][0]
+	stg	@C[0],$A[1][3]($dst)	# R[1][3] = C[3] ^ (C[0] |  C[4])
+
+	lgr	@T[1],@C[1]
+	ngr	@C[1],@T[0]
+	 lghi	@C[0],-1		# no 'not' instruction :-(
+	xgr	@C[1],@C[4]		#	    C[4] ^ (C[1] &  C[0])
+	 xgr	@C[4],@C[0]		# not	@C[4]
+	stg	@C[1],$A[1][4]($dst)	# R[1][4] = C[4] ^ (C[1] &  C[0])
+
+	 ogr	@C[4],@C[3]
+	 xgr	@C[4],@C[2]		#	    C[2] ^ (~C[4] | C[3])
+
+	ngr	@C[3],@C[2]
+	 stg	@C[4],$A[1][2]($dst)	# R[1][2] = C[2] ^ (~C[4] | C[3])
+	xgr	@C[3],@T[1]		#	    C[1] ^ (C[3] &  C[2])
+	 ogr	@T[1],@C[2]
+	stg	@C[3],$A[1][1]($dst)	# R[1][1] = C[1] ^ (C[3] &  C[2])
+	 xgr	@T[1],@T[0]		#	    C[0] ^ (C[1] |  C[2])
+	 stg	@T[1],$A[1][0]($dst)	# R[1][0] = C[0] ^ (C[1] |  C[2])
+
+
+	lg	@C[2],$A[2][3]($src)
+	lg	@C[3],$A[3][4]($src)
+	lg	@C[1],$A[1][2]($src)
+	lg	@C[4],$A[4][0]($src)
+	lg	@C[0],$A[0][1]($src)
+
+	xgr	@C[2],@D[3]
+	xgr	@C[3],@D[4]
+	 rllg	@C[2],@C[2],$rhotates[2][3]
+	xgr	@C[1],@D[2]
+	 rllg	@C[3],@C[3],$rhotates[3][4]
+	xgr	@C[4],@D[0]
+	 rllg	@C[1],@C[1],$rhotates[1][2]
+	xgr	@C[0],@D[1]
+
+	lgr	@T[0],@C[2]
+	ngr	@C[2],@C[3]
+	 rllg	@C[4],@C[4],$rhotates[4][0]
+	xgr	@C[2],@C[1]		#	     C[1] ^ ( C[2] & C[3])
+	lghi	@T[1],-1		# no 'not' instruction :-(
+	stg	@C[2],$A[2][1]($dst)	# R[2][1] =  C[1] ^ ( C[2] & C[3])
+
+	xgr	@C[3],@T[1]		# not	@C[3]
+	lgr	@T[1],@C[4]
+	ngr	@C[4],@C[3]
+	 rllg	@C[0],@C[0],$rhotates[0][1]
+	xgr	@C[4],@T[0]		#	     C[2] ^ ( C[4] & ~C[3])
+	 ogr	@T[0],@C[1]
+	stg	@C[4],$A[2][2]($dst)	# R[2][2] =  C[2] ^ ( C[4] & ~C[3])
+	 xgr	@T[0],@C[0]		#	     C[0] ^ ( C[2] | C[1])
+
+	ngr	@C[1],@C[0]
+	 stg	@T[0],$A[2][0]($dst)	# R[2][0] =  C[0] ^ ( C[2] | C[1])
+	xgr	@C[1],@T[1]		#	     C[4] ^ ( C[1] & C[0])
+	 ogr	@C[0],@T[1]
+	stg	@C[1],$A[2][4]($dst)	# R[2][4] =  C[4] ^ ( C[1] & C[0])
+	 xgr	@C[0],@C[3]		#	    ~C[3] ^ ( C[0] | C[4])
+	 stg	@C[0],$A[2][3]($dst)	# R[2][3] = ~C[3] ^ ( C[0] | C[4])
+
+
+	lg	@C[2],$A[2][1]($src)
+	lg	@C[3],$A[3][2]($src)
+	lg	@C[1],$A[1][0]($src)
+	lg	@C[4],$A[4][3]($src)
+	lg	@C[0],$A[0][4]($src)
+
+	xgr	@C[2],@D[1]
+	xgr	@C[3],@D[2]
+	 rllg	@C[2],@C[2],$rhotates[2][1]
+	xgr	@C[1],@D[0]
+	 rllg	@C[3],@C[3],$rhotates[3][2]
+	xgr	@C[4],@D[3]
+	 rllg	@C[1],@C[1],$rhotates[1][0]
+	xgr	@C[0],@D[4]
+	 rllg	@C[4],@C[4],$rhotates[4][3]
+
+	lgr	@T[0],@C[2]
+	ogr	@C[2],@C[3]
+	lghi	@T[1],-1		# no 'not' instruction :-(
+	xgr	@C[2],@C[1]		#	     C[1] ^ ( C[2] | C[3])
+	xgr	@C[3],@T[1]		# not	@C[3]
+	stg	@C[2],$A[3][1]($dst)	# R[3][1] =  C[1] ^ ( C[2] | C[3])
+
+	lgr	@T[1],@C[4]
+	ogr	@C[4],@C[3]
+	 rllg	@C[0],@C[0],$rhotates[0][4]
+	xgr	@C[4],@T[0]		#	     C[2] ^ ( C[4] | ~C[3])
+	 ngr	@T[0],@C[1]
+	stg	@C[4],$A[3][2]($dst)	# R[3][2] =  C[2] ^ ( C[4] | ~C[3])
+	 xgr	@T[0],@C[0]		#	     C[0] ^ ( C[2] & C[1])
+
+	ogr	@C[1],@C[0]
+	 stg	@T[0],$A[3][0]($dst)	# R[3][0] =  C[0] ^ ( C[2] & C[1])
+	xgr	@C[1],@T[1]		#	     C[4] ^ ( C[1] | C[0])
+	 ngr	@C[0],@T[1]
+	stg	@C[1],$A[3][4]($dst)	# R[3][4] =  C[4] ^ ( C[1] | C[0])
+	 xgr	@C[0],@C[3]		#	    ~C[3] ^ ( C[0] & C[4])
+	 stg	@C[0],$A[3][3]($dst)	# R[3][3] = ~C[3] ^ ( C[0] & C[4])
+
+
+	xg	@D[2],$A[0][2]($src)
+	xg	@D[3],$A[1][3]($src)
+	xg	@D[1],$A[4][1]($src)
+	xg	@D[4],$A[2][4]($src)
+	xgr	$dst,$src		# xchg	$dst,$src
+	 rllg	@D[2],@D[2],$rhotates[0][2]
+	xg	@D[0],$A[3][0]($src)
+	 rllg	@D[3],@D[3],$rhotates[1][3]
+	xgr	$src,$dst
+	 rllg	@D[1],@D[1],$rhotates[4][1]
+	xgr	$dst,$src
+	 rllg	@D[4],@D[4],$rhotates[2][4]
+___
+	@C = @D[2..4,0,1];
+$code.=<<___;
+	lgr	@T[0],@C[0]
+	ngr	@C[0],@C[1]
+	lghi	@T[1],-1		# no 'not' instruction :-(
+	xgr	@C[0],@C[4]		#	     C[4] ^ ( C[0] & C[1])
+	xgr	@C[1],@T[1]		# not	@C[1]
+	stg	@C[0],$A[4][4]($src)	# R[4][4] =  C[4] ^ ( C[0] & C[1])
+
+	lgr	@T[1],@C[2]
+	ngr	@C[2],@C[1]
+	 rllg	@D[0],@D[0],$rhotates[3][0]
+	xgr	@C[2],@T[0]		#	     C[0] ^ ( C[2] & ~C[1])
+	 ogr	@T[0],@C[4]
+	stg	@C[2],$A[4][0]($src)	# R[4][0] =  C[0] ^ ( C[2] & ~C[1])
+	 xgr	@T[0],@C[3]		#	     C[3] ^ ( C[0] | C[4])
+
+	ngr	@C[4],@C[3]
+	 stg	@T[0],$A[4][3]($src)	# R[4][3] =  C[3] ^ ( C[0] | C[4])
+	xgr	@C[4],@T[1]		#	     C[2] ^ ( C[4] & C[3])
+	 ogr	@C[3],@T[1]
+	stg	@C[4],$A[4][2]($src)	# R[4][2] =  C[2] ^ ( C[4] & C[3])
+	 xgr	@C[3],@C[1]		#	    ~C[1] ^ ( C[2] | C[3])
+
+	lgr	@C[1],@C[0]		# harmonize with the loop top
+	lgr	@C[0],@T[0]
+	 stg	@C[3],$A[4][1]($src)	# R[4][1] = ~C[1] ^ ( C[2] | C[3])
+
+	tmll	$iotas,255
+	jnz	.Loop
+
+	l${g}	%r14,$SIZE_T*14($sp)
+	br	%r14
+.size	__KeccakF1600,.-__KeccakF1600
+___
+}
+{
+$code.=<<___;
+.type	KeccakF1600,\@function
+.align	32
+KeccakF1600:
+.LKeccakF1600:
+	lghi	%r1,-$frame
+	stm${g}	%r6,%r15,$SIZE_T*6($sp)
+	lgr	%r0,$sp
+	la	$sp,0(%r1,$sp)
+	st${g}	%r0,0($sp)
+
+	lghi	@D[0],-1		# no 'not' instruction :-(
+	lghi	@D[1],-1
+	lghi	@D[2],-1
+	lghi	@D[3],-1
+	lghi	@D[4],-1
+	lghi	@T[0],-1
+	xg	@D[0],$A[0][1]($src)
+	xg	@D[1],$A[0][2]($src)
+	xg	@D[2],$A[1][3]($src)
+	xg	@D[3],$A[2][2]($src)
+	xg	@D[4],$A[3][2]($src)
+	xg	@T[0],$A[4][0]($src)
+	stmg	@D[0],@D[1],$A[0][1]($src)
+	stg	@D[2],$A[1][3]($src)
+	stg	@D[3],$A[2][2]($src)
+	stg	@D[4],$A[3][2]($src)
+	stg	@T[0],$A[4][0]($src)
+
+	la	$dst,$stdframe($sp)
+
+	bras	%r14,__KeccakF1600
+
+	lghi	@D[0],-1		# no 'not' instruction :-(
+	lghi	@D[1],-1
+	lghi	@D[2],-1
+	lghi	@D[3],-1
+	lghi	@D[4],-1
+	lghi	@T[0],-1
+	xg	@D[0],$A[0][1]($src)
+	xg	@D[1],$A[0][2]($src)
+	xg	@D[2],$A[1][3]($src)
+	xg	@D[3],$A[2][2]($src)
+	xg	@D[4],$A[3][2]($src)
+	xg	@T[0],$A[4][0]($src)
+	stmg	@D[0],@D[1],$A[0][1]($src)
+	stg	@D[2],$A[1][3]($src)
+	stg	@D[3],$A[2][2]($src)
+	stg	@D[4],$A[3][2]($src)
+	stg	@T[0],$A[4][0]($src)
+
+	lm${g}	%r6,%r15,$frame+6*$SIZE_T($sp)
+	br	%r14
+.size	KeccakF1600,.-KeccakF1600
+___
+}
+{ my ($A_flat,$inp,$len,$bsz) = map("%r$_",(2..5));
+
+$code.=<<___;
+.globl	SHA3_absorb
+.type	SHA3_absorb,\@function
+.align	32
+SHA3_absorb:
+	lghi	%r1,-$frame
+	stm${g}	%r5,%r15,$SIZE_T*5($sp)
+	lgr	%r0,$sp
+	la	$sp,0(%r1,$sp)
+	st${g}	%r0,0($sp)
+
+	lghi	@D[0],-1		# no 'not' instruction :-(
+	lghi	@D[1],-1
+	lghi	@D[2],-1
+	lghi	@D[3],-1
+	lghi	@D[4],-1
+	lghi	@T[0],-1
+	xg	@D[0],$A[0][1]($src)
+	xg	@D[1],$A[0][2]($src)
+	xg	@D[2],$A[1][3]($src)
+	xg	@D[3],$A[2][2]($src)
+	xg	@D[4],$A[3][2]($src)
+	xg	@T[0],$A[4][0]($src)
+	stmg	@D[0],@D[1],$A[0][1]($src)
+	stg	@D[2],$A[1][3]($src)
+	stg	@D[3],$A[2][2]($src)
+	stg	@D[4],$A[3][2]($src)
+	stg	@T[0],$A[4][0]($src)
+
+.Loop_absorb:
+	cl${g}r	$len,$bsz
+	jl	.Ldone_absorb
+
+	srl${g}	$bsz,3
+	la	%r1,0($A_flat)
+
+.Lblock_absorb:
+	lrvg	%r0,0($inp)
+	la	$inp,8($inp)
+	xg	%r0,0(%r1)
+	a${g}hi	$len,-8
+	stg	%r0,0(%r1)
+	la	%r1,8(%r1)
+	brct	$bsz,.Lblock_absorb
+
+	stm${g}	$inp,$len,$frame+3*$SIZE_T($sp)
+	la	$dst,$stdframe($sp)
+	bras	%r14,__KeccakF1600
+	lm${g}	$inp,$bsz,$frame+3*$SIZE_T($sp)
+	j	.Loop_absorb
+
+.align	16
+.Ldone_absorb:
+	lghi	@D[0],-1		# no 'not' instruction :-(
+	lghi	@D[1],-1
+	lghi	@D[2],-1
+	lghi	@D[3],-1
+	lghi	@D[4],-1
+	lghi	@T[0],-1
+	xg	@D[0],$A[0][1]($src)
+	xg	@D[1],$A[0][2]($src)
+	xg	@D[2],$A[1][3]($src)
+	xg	@D[3],$A[2][2]($src)
+	xg	@D[4],$A[3][2]($src)
+	xg	@T[0],$A[4][0]($src)
+	stmg	@D[0],@D[1],$A[0][1]($src)
+	stg	@D[2],$A[1][3]($src)
+	stg	@D[3],$A[2][2]($src)
+	stg	@D[4],$A[3][2]($src)
+	stg	@T[0],$A[4][0]($src)
+
+	lgr	%r2,$len		# return value
+
+	lm${g}	%r6,%r15,$frame+6*$SIZE_T($sp)
+	br	%r14
+.size	SHA3_absorb,.-SHA3_absorb
+___
+}
+{ my ($A_flat,$out,$len,$bsz) = map("%r$_",(2..5));
+
+$code.=<<___;
+.globl	SHA3_squeeze
+.type	SHA3_squeeze,\@function
+.align	32
+SHA3_squeeze:
+	srl${g}	$bsz,3
+	st${g}	%r14,2*$SIZE_T($sp)
+	lghi	%r14,8
+	st${g}	$bsz,5*$SIZE_T($sp)
+	la	%r1,0($A_flat)
+
+	j	.Loop_squeeze
+
+.align	16
+.Loop_squeeze:
+	cl${g}r $len,%r14
+	jl	.Ltail_squeeze
+
+	lrvg	%r0,0(%r1)
+	la	%r1,8(%r1)
+	stg	%r0,0($out)
+	la	$out,8($out)
+	a${g}hi	$len,-8			# len -= 8
+	jz	.Ldone_squeeze
+
+	brct	$bsz,.Loop_squeeze	# bsz--
+
+	stm${g}	$out,$len,3*$SIZE_T($sp)
+	bras	%r14,.LKeccakF1600
+	lm${g}	$out,$bsz,3*$SIZE_T($sp)
+	lghi	%r14,8
+	la	%r1,0($A_flat)
+	j	.Loop_squeeze
+
+.Ltail_squeeze:
+	lg	%r0,0(%r1)
+.Loop_tail_squeeze:
+	stc	%r0,0($out)
+	la	$out,1($out)
+	srlg	%r0,8
+	brct	$len,.Loop_tail_squeeze
+
+.Ldone_squeeze:
+	l${g}	%r14,2*$SIZE_T($sp)
+	br	%r14
+.size	SHA3_squeeze,.-SHA3_squeeze
+___
+}
+$code.=<<___;
+.align	256
+	.quad	0,0,0,0,0,0,0,0
+.type	iotas,\@object
+iotas:
+	.quad	0x0000000000000001
+	.quad	0x0000000000008082
+	.quad	0x800000000000808a
+	.quad	0x8000000080008000
+	.quad	0x000000000000808b
+	.quad	0x0000000080000001
+	.quad	0x8000000080008081
+	.quad	0x8000000000008009
+	.quad	0x000000000000008a
+	.quad	0x0000000000000088
+	.quad	0x0000000080008009
+	.quad	0x000000008000000a
+	.quad	0x000000008000808b
+	.quad	0x800000000000008b
+	.quad	0x8000000000008089
+	.quad	0x8000000000008003
+	.quad	0x8000000000008002
+	.quad	0x8000000000000080
+	.quad	0x000000000000800a
+	.quad	0x800000008000000a
+	.quad	0x8000000080008081
+	.quad	0x8000000000008080
+	.quad	0x0000000080000001
+	.quad	0x8000000080008008
+.size	iotas,.-iotas
+.asciz	"Keccak-1600 absorb and squeeze for s390x, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+# unlike 32-bit shift 64-bit one takes three arguments
+$code =~ s/(srlg\s+)(%r[0-9]+),/$1$2,$2,/gm;
+
+print $code;
+close STDOUT;
diff --git a/deps/openssl/openssl/crypto/sha/asm/keccak1600-x86_64.pl b/deps/openssl/openssl/crypto/sha/asm/keccak1600-x86_64.pl
new file mode 100755
index 0000000000..42de5bf123
--- /dev/null
+++ b/deps/openssl/openssl/crypto/sha/asm/keccak1600-x86_64.pl
@@ -0,0 +1,607 @@
+#!/usr/bin/env perl
+# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# Keccak-1600 for x86_64.
+#
+# June 2017.
+#
+# Below code is [lane complementing] KECCAK_2X implementation (see
+# sha/keccak1600.c) with C[5] and D[5] held in register bank. Though
+# instead of actually unrolling the loop pair-wise I simply flip
+# pointers to T[][] and A[][] at the end of round. Since number of
+# rounds is even, last round writes to A[][] and everything works out.
+# How does it compare to x86_64 assembly module in Keccak Code Package?
+# Depending on processor it's either as fast or faster by up to 15%...
+#
+########################################################################
+# Numbers are cycles per processed byte out of large message.
+#
+#			r=1088(*)
+#
+# P4			25.8
+# Core 2		12.9
+# Westmere		13.7
+# Sandy Bridge		12.9(**)
+# Haswell		9.6
+# Skylake		9.4
+# Silvermont		22.8
+# Goldmont		15.8
+# VIA Nano		17.3
+# Sledgehammer		13.3
+# Bulldozer		16.5
+# Ryzen			8.8
+#
+# (*)	Corresponds to SHA3-256. Improvement over compiler-generate
+#	varies a lot, most commont coefficient is 15% in comparison to
+#	gcc-5.x, 50% for gcc-4.x, 90% for gcc-3.x.
+# (**)	Sandy Bridge has broken rotate instruction. Performance can be
+#	improved by 14% by replacing rotates with double-precision
+#	shift with same register as source and destination.
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT=*OUT;
+
+my @A = map([ 8*$_-100, 8*($_+1)-100, 8*($_+2)-100,
+              8*($_+3)-100, 8*($_+4)-100 ], (0,5,10,15,20));
+
+my @C = ("%rax","%rbx","%rcx","%rdx","%rbp");
+my @D = map("%r$_",(8..12));
+my @T = map("%r$_",(13..14));
+my $iotas = "%r15";
+
+my @rhotates = ([  0,  1, 62, 28, 27 ],
+                [ 36, 44,  6, 55, 20 ],
+                [  3, 10, 43, 25, 39 ],
+                [ 41, 45, 15, 21,  8 ],
+                [ 18,  2, 61, 56, 14 ]);
+
+$code.=<<___;
+.text
+
+.type	__KeccakF1600,\@abi-omnipotent
+.align	32
+__KeccakF1600:
+	mov	$A[4][0](%rdi),@C[0]
+	mov	$A[4][1](%rdi),@C[1]
+	mov	$A[4][2](%rdi),@C[2]
+	mov	$A[4][3](%rdi),@C[3]
+	mov	$A[4][4](%rdi),@C[4]
+	jmp	.Loop
+
+.align	32
+.Loop:
+	mov	$A[0][0](%rdi),@D[0]
+	mov	$A[1][1](%rdi),@D[1]
+	mov	$A[2][2](%rdi),@D[2]
+	mov	$A[3][3](%rdi),@D[3]
+
+	xor	$A[0][2](%rdi),@C[2]
+	xor	$A[0][3](%rdi),@C[3]
+	xor	@D[0],         @C[0]
+	xor	$A[0][1](%rdi),@C[1]
+	 xor	$A[1][2](%rdi),@C[2]
+	 xor	$A[1][0](%rdi),@C[0]
+	mov	@C[4],@D[4]
+	xor	$A[0][4](%rdi),@C[4]
+
+	xor	@D[2],         @C[2]
+	xor	$A[2][0](%rdi),@C[0]
+	 xor	$A[1][3](%rdi),@C[3]
+	 xor	@D[1],         @C[1]
+	 xor	$A[1][4](%rdi),@C[4]
+
+	xor	$A[3][2](%rdi),@C[2]
+	xor	$A[3][0](%rdi),@C[0]
+	 xor	$A[2][3](%rdi),@C[3]
+	 xor	$A[2][1](%rdi),@C[1]
+	 xor	$A[2][4](%rdi),@C[4]
+
+	mov	@C[2],@T[0]
+	rol	\$1,@C[2]
+	xor	@C[0],@C[2]		# D[1] = ROL64(C[2], 1) ^ C[0]
+	 xor	@D[3],         @C[3]
+
+	rol	\$1,@C[0]
+	xor	@C[3],@C[0]		# D[4] = ROL64(C[0], 1) ^ C[3]
+	 xor	$A[3][1](%rdi),@C[1]
+
+	rol	\$1,@C[3]
+	xor	@C[1],@C[3]		# D[2] = ROL64(C[3], 1) ^ C[1]
+	 xor	$A[3][4](%rdi),@C[4]
+
+	rol	\$1,@C[1]
+	xor	@C[4],@C[1]		# D[0] = ROL64(C[1], 1) ^ C[4]
+
+	rol	\$1,@C[4]
+	xor	@T[0],@C[4]		# D[3] = ROL64(C[4], 1) ^ C[2]
+___
+	(@D[0..4], @C) = (@C[1..4,0], @D);
+$code.=<<___;
+	xor	@D[1],@C[1]
+	xor	@D[2],@C[2]
+	rol	\$$rhotates[1][1],@C[1]
+	xor	@D[3],@C[3]
+	xor	@D[4],@C[4]
+	rol	\$$rhotates[2][2],@C[2]
+	xor	@D[0],@C[0]
+	 mov	@C[1],@T[0]
+	rol	\$$rhotates[3][3],@C[3]
+	 or	@C[2],@C[1]
+	 xor	@C[0],@C[1]		#           C[0] ^ ( C[1] | C[2])
+	rol	\$$rhotates[4][4],@C[4]
+
+	 xor	($iotas),@C[1]
+	 lea	8($iotas),$iotas
+
+	mov	@C[4],@T[1]
+	and	@C[3],@C[4]
+	 mov	@C[1],$A[0][0](%rsi)	# R[0][0] = C[0] ^ ( C[1] | C[2]) ^ iotas[i]
+	xor	@C[2],@C[4]		#           C[2] ^ ( C[4] & C[3])
+	not	@C[2]
+	mov	@C[4],$A[0][2](%rsi)	# R[0][2] = C[2] ^ ( C[4] & C[3])
+
+	or	@C[3],@C[2]
+	  mov	$A[4][2](%rdi),@C[4]
+	xor	@T[0],@C[2]		#           C[1] ^ (~C[2] | C[3])
+	mov	@C[2],$A[0][1](%rsi)	# R[0][1] = C[1] ^ (~C[2] | C[3])
+
+	and	@C[0],@T[0]
+	  mov	$A[1][4](%rdi),@C[1]
+	xor	@T[1],@T[0]		#           C[4] ^ ( C[1] & C[0])
+	  mov	$A[2][0](%rdi),@C[2]
+	mov	@T[0],$A[0][4](%rsi)	# R[0][4] = C[4] ^ ( C[1] & C[0])
+
+	or	@C[0],@T[1]
+	  mov	$A[0][3](%rdi),@C[0]
+	xor	@C[3],@T[1]		#           C[3] ^ ( C[4] | C[0])
+	  mov	$A[3][1](%rdi),@C[3]
+	mov	@T[1],$A[0][3](%rsi)	# R[0][3] = C[3] ^ ( C[4] | C[0])
+
+
+	xor	@D[3],@C[0]
+	xor	@D[2],@C[4]
+	rol	\$$rhotates[0][3],@C[0]
+	xor	@D[1],@C[3]
+	xor	@D[4],@C[1]
+	rol	\$$rhotates[4][2],@C[4]
+	rol	\$$rhotates[3][1],@C[3]
+	xor	@D[0],@C[2]
+	rol	\$$rhotates[1][4],@C[1]
+	 mov	@C[0],@T[0]
+	 or	@C[4],@C[0]
+	rol	\$$rhotates[2][0],@C[2]
+
+	xor	@C[3],@C[0]		#           C[3] ^ (C[0] |  C[4])
+	mov	@C[0],$A[1][3](%rsi)	# R[1][3] = C[3] ^ (C[0] |  C[4])
+
+	mov	@C[1],@T[1]
+	and	@T[0],@C[1]
+	  mov	$A[0][1](%rdi),@C[0]
+	xor	@C[4],@C[1]		#           C[4] ^ (C[1] &  C[0])
+	not	@C[4]
+	mov	@C[1],$A[1][4](%rsi)	# R[1][4] = C[4] ^ (C[1] &  C[0])
+
+	or	@C[3],@C[4]
+	  mov	$A[1][2](%rdi),@C[1]
+	xor	@C[2],@C[4]		#           C[2] ^ (~C[4] | C[3])
+	mov	@C[4],$A[1][2](%rsi)	# R[1][2] = C[2] ^ (~C[4] | C[3])
+
+	and	@C[2],@C[3]
+	  mov	$A[4][0](%rdi),@C[4]
+	xor	@T[1],@C[3]		#           C[1] ^ (C[3] &  C[2])
+	mov	@C[3],$A[1][1](%rsi)	# R[1][1] = C[1] ^ (C[3] &  C[2])
+
+	or	@C[2],@T[1]
+	  mov	$A[2][3](%rdi),@C[2]
+	xor	@T[0],@T[1]		#           C[0] ^ (C[1] |  C[2])
+	  mov	$A[3][4](%rdi),@C[3]
+	mov	@T[1],$A[1][0](%rsi)	# R[1][0] = C[0] ^ (C[1] |  C[2])
+
+
+	xor	@D[3],@C[2]
+	xor	@D[4],@C[3]
+	rol	\$$rhotates[2][3],@C[2]
+	xor	@D[2],@C[1]
+	rol	\$$rhotates[3][4],@C[3]
+	xor	@D[0],@C[4]
+	rol	\$$rhotates[1][2],@C[1]
+	xor	@D[1],@C[0]
+	rol	\$$rhotates[4][0],@C[4]
+	 mov	@C[2],@T[0]
+	 and	@C[3],@C[2]
+	rol	\$$rhotates[0][1],@C[0]
+
+	not	@C[3]
+	xor	@C[1],@C[2]		#            C[1] ^ ( C[2] & C[3])
+	mov	@C[2],$A[2][1](%rsi)	# R[2][1] =  C[1] ^ ( C[2] & C[3])
+
+	mov	@C[4],@T[1]
+	and	@C[3],@C[4]
+	  mov	$A[2][1](%rdi),@C[2]
+	xor	@T[0],@C[4]		#            C[2] ^ ( C[4] & ~C[3])
+	mov	@C[4],$A[2][2](%rsi)	# R[2][2] =  C[2] ^ ( C[4] & ~C[3])
+
+	or	@C[1],@T[0]
+	  mov	$A[4][3](%rdi),@C[4]
+	xor	@C[0],@T[0]		#            C[0] ^ ( C[2] | C[1])
+	mov	@T[0],$A[2][0](%rsi)	# R[2][0] =  C[0] ^ ( C[2] | C[1])
+
+	and	@C[0],@C[1]
+	xor	@T[1],@C[1]		#            C[4] ^ ( C[1] & C[0])
+	mov	@C[1],$A[2][4](%rsi)	# R[2][4] =  C[4] ^ ( C[1] & C[0])
+
+	or	@C[0],@T[1]
+	  mov	$A[1][0](%rdi),@C[1]
+	xor	@C[3],@T[1]		#           ~C[3] ^ ( C[0] | C[4])
+	  mov	$A[3][2](%rdi),@C[3]
+	mov	@T[1],$A[2][3](%rsi)	# R[2][3] = ~C[3] ^ ( C[0] | C[4])
+
+
+	mov	$A[0][4](%rdi),@C[0]
+
+	xor	@D[1],@C[2]
+	xor	@D[2],@C[3]
+	rol	\$$rhotates[2][1],@C[2]
+	xor	@D[0],@C[1]
+	rol	\$$rhotates[3][2],@C[3]
+	xor	@D[3],@C[4]
+	rol	\$$rhotates[1][0],@C[1]
+	xor	@D[4],@C[0]
+	rol	\$$rhotates[4][3],@C[4]
+	 mov	@C[2],@T[0]
+	 or	@C[3],@C[2]
+	rol	\$$rhotates[0][4],@C[0]
+
+	not	@C[3]
+	xor	@C[1],@C[2]		#            C[1] ^ ( C[2] | C[3])
+	mov	@C[2],$A[3][1](%rsi)	# R[3][1] =  C[1] ^ ( C[2] | C[3])
+
+	mov	@C[4],@T[1]
+	or	@C[3],@C[4]
+	xor	@T[0],@C[4]		#            C[2] ^ ( C[4] | ~C[3])
+	mov	@C[4],$A[3][2](%rsi)	# R[3][2] =  C[2] ^ ( C[4] | ~C[3])
+
+	and	@C[1],@T[0]
+	xor	@C[0],@T[0]		#            C[0] ^ ( C[2] & C[1])
+	mov	@T[0],$A[3][0](%rsi)	# R[3][0] =  C[0] ^ ( C[2] & C[1])
+
+	or	@C[0],@C[1]
+	xor	@T[1],@C[1]		#            C[4] ^ ( C[1] | C[0])
+	mov	@C[1],$A[3][4](%rsi)	# R[3][4] =  C[4] ^ ( C[1] | C[0])
+
+	and	@T[1],@C[0]
+	xor	@C[3],@C[0]		#           ~C[3] ^ ( C[0] & C[4])
+	mov	@C[0],$A[3][3](%rsi)	# R[3][3] = ~C[3] ^ ( C[0] & C[4])
+
+
+	xor	$A[0][2](%rdi),@D[2]
+	xor	$A[1][3](%rdi),@D[3]
+	rol	\$$rhotates[0][2],@D[2]
+	xor	$A[4][1](%rdi),@D[1]
+	rol	\$$rhotates[1][3],@D[3]
+	xor	$A[2][4](%rdi),@D[4]
+	rol	\$$rhotates[4][1],@D[1]
+	xor	$A[3][0](%rdi),@D[0]
+	xchg	%rsi,%rdi
+	rol	\$$rhotates[2][4],@D[4]
+	rol	\$$rhotates[3][0],@D[0]
+___
+	@C = @D[2..4,0,1];
+$code.=<<___;
+	mov	@C[0],@T[0]
+	and	@C[1],@C[0]
+	not	@C[1]
+	xor	@C[4],@C[0]		#            C[4] ^ ( C[0] & C[1])
+	mov	@C[0],$A[4][4](%rdi)	# R[4][4] =  C[4] ^ ( C[0] & C[1])
+
+	mov	@C[2],@T[1]
+	and	@C[1],@C[2]
+	xor	@T[0],@C[2]		#            C[0] ^ ( C[2] & ~C[1])
+	mov	@C[2],$A[4][0](%rdi)	# R[4][0] =  C[0] ^ ( C[2] & ~C[1])
+
+	or	@C[4],@T[0]
+	xor	@C[3],@T[0]		#            C[3] ^ ( C[0] | C[4])
+	mov	@T[0],$A[4][3](%rdi)	# R[4][3] =  C[3] ^ ( C[0] | C[4])
+
+	and	@C[3],@C[4]
+	xor	@T[1],@C[4]		#            C[2] ^ ( C[4] & C[3])
+	mov	@C[4],$A[4][2](%rdi)	# R[4][2] =  C[2] ^ ( C[4] & C[3])
+
+	or	@T[1],@C[3]
+	xor	@C[1],@C[3]		#           ~C[1] ^ ( C[2] | C[3])
+	mov	@C[3],$A[4][1](%rdi)	# R[4][1] = ~C[1] ^ ( C[2] | C[3])
+
+	mov	@C[0],@C[1]		# harmonize with the loop top
+	mov	@T[0],@C[0]
+
+	test	\$255,$iotas
+	jnz	.Loop
+
+	lea	-192($iotas),$iotas	# rewind iotas
+	ret
+.size	__KeccakF1600,.-__KeccakF1600
+
+.type	KeccakF1600,\@abi-omnipotent
+.align	32
+KeccakF1600:
+.cfi_startproc
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+
+	lea	100(%rdi),%rdi		# size optimization
+	sub	\$200,%rsp
+.cfi_adjust_cfa_offset	200
+
+	notq	$A[0][1](%rdi)
+	notq	$A[0][2](%rdi)
+	notq	$A[1][3](%rdi)
+	notq	$A[2][2](%rdi)
+	notq	$A[3][2](%rdi)
+	notq	$A[4][0](%rdi)
+
+	lea	iotas(%rip),$iotas
+	lea	100(%rsp),%rsi		# size optimization
+
+	call	__KeccakF1600
+
+	notq	$A[0][1](%rdi)
+	notq	$A[0][2](%rdi)
+	notq	$A[1][3](%rdi)
+	notq	$A[2][2](%rdi)
+	notq	$A[3][2](%rdi)
+	notq	$A[4][0](%rdi)
+	lea	-100(%rdi),%rdi		# preserve A[][]
+
+	add	\$200,%rsp
+.cfi_adjust_cfa_offset	-200
+
+	pop	%r15
+.cfi_pop	%r15
+	pop	%r14
+.cfi_pop	%r14
+	pop	%r13
+.cfi_pop	%r13
+	pop	%r12
+.cfi_pop	%r12
+	pop	%rbp
+.cfi_pop	%rbp
+	pop	%rbx
+.cfi_pop	%rbx
+	ret
+.cfi_endproc
+.size	KeccakF1600,.-KeccakF1600
+___
+
+{ my ($A_flat,$inp,$len,$bsz) = ("%rdi","%rsi","%rdx","%rcx");
+     ($A_flat,$inp) = ("%r8","%r9");
+$code.=<<___;
+.globl	SHA3_absorb
+.type	SHA3_absorb,\@function,4
+.align	32
+SHA3_absorb:
+.cfi_startproc
+	push	%rbx
+.cfi_push	%rbx
+	push	%rbp
+.cfi_push	%rbp
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+	push	%r15
+.cfi_push	%r15
+
+	lea	100(%rdi),%rdi		# size optimization
+	sub	\$232,%rsp
+.cfi_adjust_cfa_offset	232
+
+	mov	%rsi,$inp
+	lea	100(%rsp),%rsi		# size optimization
+
+	notq	$A[0][1](%rdi)
+	notq	$A[0][2](%rdi)
+	notq	$A[1][3](%rdi)
+	notq	$A[2][2](%rdi)
+	notq	$A[3][2](%rdi)
+	notq	$A[4][0](%rdi)
+	lea	iotas(%rip),$iotas
+
+	mov	$bsz,216-100(%rsi)	# save bsz
+
+.Loop_absorb:
+	cmp	$bsz,$len
+	jc	.Ldone_absorb
+
+	shr	\$3,$bsz
+	lea	-100(%rdi),$A_flat
+
+.Lblock_absorb:
+	mov	($inp),%rax
+	lea	8($inp),$inp
+	xor	($A_flat),%rax
+	lea	8($A_flat),$A_flat
+	sub	\$8,$len
+	mov	%rax,-8($A_flat)
+	sub	\$1,$bsz
+	jnz	.Lblock_absorb
+
+	mov	$inp,200-100(%rsi)	# save inp
+	mov	$len,208-100(%rsi)	# save len
+	call	__KeccakF1600
+	mov	200-100(%rsi),$inp	# pull inp
+	mov	208-100(%rsi),$len	# pull len
+	mov	216-100(%rsi),$bsz	# pull bsz
+	jmp	.Loop_absorb
+
+.align	32
+.Ldone_absorb:
+	mov	$len,%rax		# return value
+
+	notq	$A[0][1](%rdi)
+	notq	$A[0][2](%rdi)
+	notq	$A[1][3](%rdi)
+	notq	$A[2][2](%rdi)
+	notq	$A[3][2](%rdi)
+	notq	$A[4][0](%rdi)
+
+	add	\$232,%rsp
+.cfi_adjust_cfa_offset	-232
+
+	pop	%r15
+.cfi_pop	%r15
+	pop	%r14
+.cfi_pop	%r14
+	pop	%r13
+.cfi_pop	%r13
+	pop	%r12
+.cfi_pop	%r12
+	pop	%rbp
+.cfi_pop	%rbp
+	pop	%rbx
+.cfi_pop	%rbx
+	ret
+.cfi_endproc
+.size	SHA3_absorb,.-SHA3_absorb
+___
+}
+{ my ($A_flat,$out,$len,$bsz) = ("%rdi","%rsi","%rdx","%rcx");
+     ($out,$len,$bsz) = ("%r12","%r13","%r14");
+
+$code.=<<___;
+.globl	SHA3_squeeze
+.type	SHA3_squeeze,\@function,4
+.align	32
+SHA3_squeeze:
+.cfi_startproc
+	push	%r12
+.cfi_push	%r12
+	push	%r13
+.cfi_push	%r13
+	push	%r14
+.cfi_push	%r14
+
+	shr	\$3,%rcx
+	mov	$A_flat,%r8
+	mov	%rsi,$out
+	mov	%rdx,$len
+	mov	%rcx,$bsz
+	jmp	.Loop_squeeze
+
+.align	32
+.Loop_squeeze:
+	cmp	\$8,$len
+	jb	.Ltail_squeeze
+
+	mov	(%r8),%rax
+	lea	8(%r8),%r8
+	mov	%rax,($out)
+	lea	8($out),$out
+	sub	\$8,$len		# len -= 8
+	jz	.Ldone_squeeze
+
+	sub	\$1,%rcx		# bsz--
+	jnz	.Loop_squeeze
+
+	call	KeccakF1600
+	mov	$A_flat,%r8
+	mov	$bsz,%rcx
+	jmp	.Loop_squeeze
+
+.Ltail_squeeze:
+	mov	%r8, %rsi
+	mov	$out,%rdi
+	mov	$len,%rcx
+	.byte	0xf3,0xa4		# rep	movsb
+
+.Ldone_squeeze:
+	pop	%r14
+.cfi_pop	%r14
+	pop	%r13
+.cfi_pop	%r13
+	pop	%r12
+.cfi_pop	%r13
+	ret
+.cfi_endproc
+.size	SHA3_squeeze,.-SHA3_squeeze
+___
+}
+$code.=<<___;
+.align	256
+	.quad	0,0,0,0,0,0,0,0
+.type	iotas,\@object
+iotas:
+	.quad	0x0000000000000001
+	.quad	0x0000000000008082
+	.quad	0x800000000000808a
+	.quad	0x8000000080008000
+	.quad	0x000000000000808b
+	.quad	0x0000000080000001
+	.quad	0x8000000080008081
+	.quad	0x8000000000008009
+	.quad	0x000000000000008a
+	.quad	0x0000000000000088
+	.quad	0x0000000080008009
+	.quad	0x000000008000000a
+	.quad	0x000000008000808b
+	.quad	0x800000000000008b
+	.quad	0x8000000000008089
+	.quad	0x8000000000008003
+	.quad	0x8000000000008002
+	.quad	0x8000000000000080
+	.quad	0x000000000000800a
+	.quad	0x800000008000000a
+	.quad	0x8000000080008081
+	.quad	0x8000000000008080
+	.quad	0x0000000080000001
+	.quad	0x8000000080008008
+.size	iotas,.-iotas
+.asciz	"Keccak-1600 absorb and squeeze for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+foreach (split("\n",$code)) {
+	# Below replacement results in 11.2 on Sandy Bridge, 9.4 on
+	# Haswell, but it hurts other processors by up to 2-3-4x...
+	#s/rol\s+(\$[0-9]+),(%[a-z][a-z0-9]+)/shld\t$1,$2,$2/;
+	# Below replacement results in 9.3 on Haswell [as well as
+	# on Ryzen, i.e. it *hurts* Ryzen]...
+	#s/rol\s+\$([0-9]+),(%[a-z][a-z0-9]+)/rorx\t\$64-$1,$2,$2/;
+
+	print $_, "\n";
+}
+
+close STDOUT;
diff --git a/deps/openssl/openssl/crypto/sha/asm/keccak1600p8-ppc.pl b/deps/openssl/openssl/crypto/sha/asm/keccak1600p8-ppc.pl
new file mode 100755
index 0000000000..de2bcd660a
--- /dev/null
+++ b/deps/openssl/openssl/crypto/sha/asm/keccak1600p8-ppc.pl
@@ -0,0 +1,850 @@
+#!/usr/bin/env perl
+# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# Keccak-1600 for PowerISA 2.07.
+#
+# June 2017.
+#
+# This is straightforward KECCAK_1X_ALT SIMD implementation, but with
+# disjoint Rho and Pi. The module is ABI-bitness- and endian-neutral.
+# POWER8 processor spends 9.8 cycles to process byte out of large
+# buffer for r=1088, which matches SHA3-256. This is 17% better than
+# scalar PPC64 code. It probably should be noted that if POWER8's
+# successor can achieve higher scalar instruction issue rate, then
+# this module will loose... And it does on POWER9 with 12.0 vs. 9.4.
+
+$flavour = shift;
+
+if ($flavour =~ /64/) {
+	$SIZE_T	=8;
+	$LRSAVE	=2*$SIZE_T;
+	$UCMP	="cmpld";
+	$STU	="stdu";
+	$POP	="ld";
+	$PUSH	="std";
+} elsif ($flavour =~ /32/) {
+	$SIZE_T	=4;
+	$LRSAVE	=$SIZE_T;
+	$STU	="stwu";
+	$POP	="lwz";
+	$PUSH	="stw";
+	$UCMP	="cmplw";
+} else { die "nonsense $flavour"; }
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
+die "can't locate ppc-xlate.pl";
+
+open STDOUT,"| $^X $xlate $flavour ".shift || die "can't call $xlate: $!";
+
+$FRAME=6*$SIZE_T+13*16;	# 13*16 is for v20-v31 offload
+
+my $sp ="r1";
+
+my $iotas = "r12";
+
+########################################################################
+# Register layout:
+#
+# v0		A[0][0] A[1][0]
+# v1		A[0][1] A[1][1]
+# v2		A[0][2] A[1][2]
+# v3		A[0][3] A[1][3]
+# v4		A[0][4] A[1][4]
+#
+# v5		A[2][0] A[3][0]
+# v6		A[2][1] A[3][1]
+# v7		A[2][2] A[3][2]
+# v8		A[2][3] A[3][3]
+# v9		A[2][4] A[3][4]
+#
+# v10		A[4][0] A[4][1]
+# v11		A[4][2] A[4][3]
+# v12		A[4][4] A[4][4]
+#
+# v13..25	rhotates[][]
+# v26..31	volatile
+#
+$code.=<<___;
+.machine	"any"
+.text
+
+.type	KeccakF1600_int,\@function
+.align	5
+KeccakF1600_int:
+	li	r0,24
+	mtctr	r0
+	li	r0,0
+	b	.Loop
+
+.align	4
+.Loop:
+	;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Theta
+	vxor	v26,v0, v5		; A[0..1][0]^A[2..3][0]
+	vxor	v27,v1, v6		; A[0..1][1]^A[2..3][1]
+	vxor	v28,v2, v7		; A[0..1][2]^A[2..3][2]
+	vxor	v29,v3, v8		; A[0..1][3]^A[2..3][3]
+	vxor	v30,v4, v9		; A[0..1][4]^A[2..3][4]
+	vpermdi	v31,v26,v27,0b00	; A[0][0..1]^A[2][0..1]
+	vpermdi	v26,v26,v27,0b11	; A[1][0..1]^A[3][0..1]
+	vpermdi	v27,v28,v29,0b00	; A[0][2..3]^A[2][2..3]
+	vpermdi	v28,v28,v29,0b11	; A[1][2..3]^A[3][2..3]
+	vpermdi	v29,v30,v30,0b10	; A[1..0][4]^A[3..2][4]
+	vxor	v26,v26,v31		; C[0..1]
+	vxor	v27,v27,v28		; C[2..3]
+	vxor	v28,v29,v30		; C[4..4]
+	vspltisb v31,1
+	vxor	v26,v26,v10		; C[0..1] ^= A[4][0..1]
+	vxor	v27,v27,v11		; C[2..3] ^= A[4][2..3]
+	vxor	v28,v28,v12		; C[4..4] ^= A[4][4..4], low!
+
+	vrld	v29,v26,v31		; ROL64(C[0..1],1)
+	vrld	v30,v27,v31		; ROL64(C[2..3],1)
+	vrld	v31,v28,v31		; ROL64(C[4..4],1)
+	vpermdi	v31,v31,v29,0b10
+	vxor	v26,v26,v30		; C[0..1] ^= ROL64(C[2..3],1)
+	vxor	v27,v27,v31		; C[2..3] ^= ROL64(C[4..0],1)
+	vxor	v28,v28,v29		; C[4..4] ^= ROL64(C[0..1],1), low!
+
+	vpermdi	v29,v26,v26,0b00	; C[0..0]
+	vpermdi	v30,v28,v26,0b10	; C[4..0]
+	vpermdi	v31,v28,v28,0b11	; C[4..4]
+	vxor	v1, v1, v29		; A[0..1][1] ^= C[0..0]
+	vxor	v6, v6, v29		; A[2..3][1] ^= C[0..0]
+	vxor	v10,v10,v30		; A[4][0..1] ^= C[4..0]
+	vxor	v0, v0, v31		; A[0..1][0] ^= C[4..4]
+	vxor	v5, v5, v31		; A[2..3][0] ^= C[4..4]
+
+	vpermdi	v29,v27,v27,0b00	; C[2..2]
+	vpermdi	v30,v26,v26,0b11	; C[1..1]
+	vpermdi	v31,v26,v27,0b10	; C[1..2]
+	vxor	v3, v3, v29		; A[0..1][3] ^= C[2..2]
+	vxor	v8, v8, v29		; A[2..3][3] ^= C[2..2]
+	vxor	v2, v2, v30		; A[0..1][2] ^= C[1..1]
+	vxor	v7, v7, v30		; A[2..3][2] ^= C[1..1]
+	vxor	v11,v11,v31		; A[4][2..3] ^= C[1..2]
+
+	vpermdi	v29,v27,v27,0b11	; C[3..3]
+	vxor	v4, v4, v29		; A[0..1][4] ^= C[3..3]
+	vxor	v9, v9, v29		; A[2..3][4] ^= C[3..3]
+	vxor	v12,v12,v29		; A[4..4][4] ^= C[3..3]
+
+	;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Rho
+	vrld	v26,v0, v13		; v0
+	vrld	v1, v1, v14
+	vrld	v27,v2, v15		; v2
+	vrld	v28,v3, v16		; v3
+	vrld	v4, v4, v17
+	vrld	v5, v5, v18
+	vrld	v6, v6, v19
+	vrld	v29,v7, v20		; v7
+	vrld	v8, v8, v21
+	vrld	v9, v9, v22
+	vrld	v10,v10,v23
+	vrld	v30,v11,v24		; v11
+	vrld	v12,v12,v25
+
+	;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Pi
+	vpermdi	v0, v26,v28,0b00	; [0][0] [1][0] < [0][0] [0][3]
+	vpermdi	v2, v29,v5, 0b00	; [0][2] [1][2] < [2][2] [2][0]
+	vpermdi	v11,v9, v5, 0b01	; [4][2] [4][3] < [2][4] [3][0]
+	vpermdi	v5, v1, v4, 0b00	; [2][0] [3][0] < [0][1] [0][4]
+	vpermdi	v1, v1, v4, 0b11	; [0][1] [1][1] < [1][1] [1][4]
+	vpermdi	v3, v8, v6, 0b11	; [0][3] [1][3] < [3][3] [3][1]
+	vpermdi	v4, v12,v30,0b10	; [0][4] [1][4] < [4][4] [4][2]
+	vpermdi	v7, v8, v6, 0b00	; [2][2] [3][2] < [2][3] [2][1]
+	vpermdi	v6, v27,v26,0b11	; [2][1] [3][1] < [1][2] [1][0]
+	vpermdi	v8, v9, v29,0b11	; [2][3] [3][3] < [3][4] [3][2]
+	vpermdi	v12,v10,v10,0b11	; [4][4] [4][4] < [4][1] [4][1]
+	vpermdi	v9, v10,v30,0b01	; [2][4] [3][4] < [4][0] [4][3]
+	vpermdi	v10,v27,v28,0b01	; [4][0] [4][1] < [0][2] [1][3]
+
+	;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Chi + Iota
+	lvx_u	v31,$iotas,r0		; iotas[index]
+	addic	r0,r0,16		; index++
+
+	vandc	v26,v2, v1		; (~A[0..1][1] & A[0..1][2])
+	vandc	v27,v3, v2		; (~A[0..1][2] & A[0..1][3])
+	vandc	v28,v4, v3		; (~A[0..1][3] & A[0..1][4])
+	vandc	v29,v0, v4		; (~A[0..1][4] & A[0..1][0])
+	vandc	v30,v1, v0		; (~A[0..1][0] & A[0..1][1])
+	vxor	v0, v0, v26		; A[0..1][0] ^= (~A[0..1][1] & A[0..1][2])
+	vxor	v1, v1, v27		; A[0..1][1] ^= (~A[0..1][2] & A[0..1][3])
+	vxor	v2, v2, v28		; A[0..1][2] ^= (~A[0..1][3] & A[0..1][4])
+	vxor	v3, v3, v29		; A[0..1][3] ^= (~A[0..1][4] & A[0..1][0])
+	vxor	v4, v4, v30		; A[0..1][4] ^= (~A[0..1][0] & A[0..1][1])
+
+	vandc	v26,v7, v6		; (~A[2..3][1] & A[2..3][2])
+	vandc	v27,v8, v7		; (~A[2..3][2] & A[2..3][3])
+	vandc	v28,v9, v8		; (~A[2..3][3] & A[2..3][4])
+	vandc	v29,v5, v9		; (~A[2..3][4] & A[2..3][0])
+	vandc	v30,v6, v5		; (~A[2..3][0] & A[2..3][1])
+	vxor	v5, v5, v26		; A[2..3][0] ^= (~A[2..3][1] & A[2..3][2])
+	vxor	v6, v6, v27		; A[2..3][1] ^= (~A[2..3][2] & A[2..3][3])
+	vxor	v7, v7, v28		; A[2..3][2] ^= (~A[2..3][3] & A[2..3][4])
+	vxor	v8, v8, v29		; A[2..3][3] ^= (~A[2..3][4] & A[2..3][0])
+	vxor	v9, v9, v30		; A[2..3][4] ^= (~A[2..3][0] & A[2..3][1])
+
+	vxor	v0, v0, v31		; A[0][0] ^= iotas[index++]
+
+	vpermdi	v26,v10,v11,0b10	; A[4][1..2]
+	vpermdi	v27,v12,v10,0b00	; A[4][4..0]
+	vpermdi	v28,v11,v12,0b10	; A[4][3..4]
+	vpermdi	v29,v10,v10,0b10	; A[4][1..0]
+	vandc	v26,v11,v26		; (~A[4][1..2] & A[4][2..3])
+	vandc	v27,v27,v28		; (~A[4][3..4] & A[4][4..0])
+	vandc	v28,v10,v29		; (~A[4][1..0] & A[4][0..1])
+	vxor	v10,v10,v26		; A[4][0..1] ^= (~A[4][1..2] & A[4][2..3])
+	vxor	v11,v11,v27		; A[4][2..3] ^= (~A[4][3..4] & A[4][4..0])
+	vxor	v12,v12,v28		; A[4][4..4] ^= (~A[4][0..1] & A[4][1..0])
+
+	bdnz	.Loop
+
+	vpermdi	v12,v12,v12,0b11	; broadcast A[4][4]
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+.size	KeccakF1600_int,.-KeccakF1600_int
+
+.type	KeccakF1600,\@function
+.align	5
+KeccakF1600:
+	$STU	$sp,-$FRAME($sp)
+	li	r10,`15+6*$SIZE_T`
+	li	r11,`31+6*$SIZE_T`
+	mflr	r8
+	mfspr	r7, 256			; save vrsave
+	stvx	v20,r10,$sp
+	addi	r10,r10,32
+	stvx	v21,r11,$sp
+	addi	r11,r11,32
+	stvx	v22,r10,$sp
+	addi	r10,r10,32
+	stvx	v23,r11,$sp
+	addi	r11,r11,32
+	stvx	v24,r10,$sp
+	addi	r10,r10,32
+	stvx	v25,r11,$sp
+	addi	r11,r11,32
+	stvx	v26,r10,$sp
+	addi	r10,r10,32
+	stvx	v27,r11,$sp
+	addi	r11,r11,32
+	stvx	v28,r10,$sp
+	addi	r10,r10,32
+	stvx	v29,r11,$sp
+	addi	r11,r11,32
+	stvx	v30,r10,$sp
+	stvx	v31,r11,$sp
+	stw	r7,`$FRAME-4`($sp)	; save vrsave
+	li	r0, -1
+	$PUSH	r8,`$FRAME+$LRSAVE`($sp)
+	mtspr	256, r0			; preserve all AltiVec registers
+
+	li	r11,16
+	lvx_4w	v0,0,r3			; load A[5][5]
+	li	r10,32
+	lvx_4w	v1,r11,r3
+	addi	r11,r11,32
+	lvx_4w	v2,r10,r3
+	addi	r10,r10,32
+	lvx_4w	v3,r11,r3
+	addi	r11,r11,32
+	lvx_4w	v4,r10,r3
+	addi	r10,r10,32
+	lvx_4w	v5,r11,r3
+	addi	r11,r11,32
+	lvx_4w	v6,r10,r3
+	addi	r10,r10,32
+	lvx_4w	v7,r11,r3
+	addi	r11,r11,32
+	lvx_4w	v8,r10,r3
+	addi	r10,r10,32
+	lvx_4w	v9,r11,r3
+	addi	r11,r11,32
+	lvx_4w	v10,r10,r3
+	addi	r10,r10,32
+	lvx_4w	v11,r11,r3
+	lvx_splt v12,r10,r3
+
+	bl	PICmeup
+
+	li	r11,16
+	lvx_u	v13,0,r12		; load rhotates
+	li	r10,32
+	lvx_u	v14,r11,r12
+	addi	r11,r11,32
+	lvx_u	v15,r10,r12
+	addi	r10,r10,32
+	lvx_u	v16,r11,r12
+	addi	r11,r11,32
+	lvx_u	v17,r10,r12
+	addi	r10,r10,32
+	lvx_u	v18,r11,r12
+	addi	r11,r11,32
+	lvx_u	v19,r10,r12
+	addi	r10,r10,32
+	lvx_u	v20,r11,r12
+	addi	r11,r11,32
+	lvx_u	v21,r10,r12
+	addi	r10,r10,32
+	lvx_u	v22,r11,r12
+	addi	r11,r11,32
+	lvx_u	v23,r10,r12
+	addi	r10,r10,32
+	lvx_u	v24,r11,r12
+	lvx_u	v25,r10,r12
+	addi	r12,r12,`16*16`		; points at iotas
+
+	bl	KeccakF1600_int
+
+	li	r11,16
+	stvx_4w	v0,0,r3			; return A[5][5]
+	li	r10,32
+	stvx_4w	v1,r11,r3
+	addi	r11,r11,32
+	stvx_4w	v2,r10,r3
+	addi	r10,r10,32
+	stvx_4w	v3,r11,r3
+	addi	r11,r11,32
+	stvx_4w	v4,r10,r3
+	addi	r10,r10,32
+	stvx_4w	v5,r11,r3
+	addi	r11,r11,32
+	stvx_4w	v6,r10,r3
+	addi	r10,r10,32
+	stvx_4w	v7,r11,r3
+	addi	r11,r11,32
+	stvx_4w	v8,r10,r3
+	addi	r10,r10,32
+	stvx_4w	v9,r11,r3
+	addi	r11,r11,32
+	stvx_4w	v10,r10,r3
+	addi	r10,r10,32
+	stvx_4w	v11,r11,r3
+	stvdx_u v12,r10,r3
+
+	li	r10,`15+6*$SIZE_T`
+	li	r11,`31+6*$SIZE_T`
+	mtlr	r8
+	mtspr	256, r7			; restore vrsave
+	lvx	v20,r10,$sp
+	addi	r10,r10,32
+	lvx	v21,r11,$sp
+	addi	r11,r11,32
+	lvx	v22,r10,$sp
+	addi	r10,r10,32
+	lvx	v23,r11,$sp
+	addi	r11,r11,32
+	lvx	v24,r10,$sp
+	addi	r10,r10,32
+	lvx	v25,r11,$sp
+	addi	r11,r11,32
+	lvx	v26,r10,$sp
+	addi	r10,r10,32
+	lvx	v27,r11,$sp
+	addi	r11,r11,32
+	lvx	v28,r10,$sp
+	addi	r10,r10,32
+	lvx	v29,r11,$sp
+	addi	r11,r11,32
+	lvx	v30,r10,$sp
+	lvx	v31,r11,$sp
+	addi	$sp,$sp,$FRAME
+	blr
+	.long	0
+	.byte	0,12,0x04,1,0x80,0,1,0
+	.long	0
+.size	KeccakF1600,.-KeccakF1600
+___
+{
+my ($A_jagged,$inp,$len,$bsz) = map("r$_",(3..6));
+
+$code.=<<___;
+.globl	SHA3_absorb
+.type	SHA3_absorb,\@function
+.align	5
+SHA3_absorb:
+	$STU	$sp,-$FRAME($sp)
+	li	r10,`15+6*$SIZE_T`
+	li	r11,`31+6*$SIZE_T`
+	mflr	r8
+	mfspr	r7, 256			; save vrsave
+	stvx	v20,r10,$sp
+	addi	r10,r10,32
+	stvx	v21,r11,$sp
+	addi	r11,r11,32
+	stvx	v22,r10,$sp
+	addi	r10,r10,32
+	stvx	v23,r11,$sp
+	addi	r11,r11,32
+	stvx	v24,r10,$sp
+	addi	r10,r10,32
+	stvx	v25,r11,$sp
+	addi	r11,r11,32
+	stvx	v26,r10,$sp
+	addi	r10,r10,32
+	stvx	v27,r11,$sp
+	addi	r11,r11,32
+	stvx	v28,r10,$sp
+	addi	r10,r10,32
+	stvx	v29,r11,$sp
+	addi	r11,r11,32
+	stvx	v30,r10,$sp
+	stvx	v31,r11,$sp
+	stw	r7,`$FRAME-4`($sp)	; save vrsave
+	li	r0, -1
+	$PUSH	r8,`$FRAME+$LRSAVE`($sp)
+	mtspr	256, r0			; preserve all AltiVec registers
+
+	li	r11,16
+	lvx_4w	v0,0,$A_jagged		; load A[5][5]
+	li	r10,32
+	lvx_4w	v1,r11,$A_jagged
+	addi	r11,r11,32
+	lvx_4w	v2,r10,$A_jagged
+	addi	r10,r10,32
+	lvx_4w	v3,r11,$A_jagged
+	addi	r11,r11,32
+	lvx_4w	v4,r10,$A_jagged
+	addi	r10,r10,32
+	lvx_4w	v5,r11,$A_jagged
+	addi	r11,r11,32
+	lvx_4w	v6,r10,$A_jagged
+	addi	r10,r10,32
+	lvx_4w	v7,r11,$A_jagged
+	addi	r11,r11,32
+	lvx_4w	v8,r10,$A_jagged
+	addi	r10,r10,32
+	lvx_4w	v9,r11,$A_jagged
+	addi	r11,r11,32
+	lvx_4w	v10,r10,$A_jagged
+	addi	r10,r10,32
+	lvx_4w	v11,r11,$A_jagged
+	lvx_splt v12,r10,$A_jagged
+
+	bl	PICmeup
+
+	li	r11,16
+	lvx_u	v13,0,r12		; load rhotates
+	li	r10,32
+	lvx_u	v14,r11,r12
+	addi	r11,r11,32
+	lvx_u	v15,r10,r12
+	addi	r10,r10,32
+	lvx_u	v16,r11,r12
+	addi	r11,r11,32
+	lvx_u	v17,r10,r12
+	addi	r10,r10,32
+	lvx_u	v18,r11,r12
+	addi	r11,r11,32
+	lvx_u	v19,r10,r12
+	addi	r10,r10,32
+	lvx_u	v20,r11,r12
+	addi	r11,r11,32
+	lvx_u	v21,r10,r12
+	addi	r10,r10,32
+	lvx_u	v22,r11,r12
+	addi	r11,r11,32
+	lvx_u	v23,r10,r12
+	addi	r10,r10,32
+	lvx_u	v24,r11,r12
+	lvx_u	v25,r10,r12
+	li	r10,-32
+	li	r11,-16
+	addi	r12,r12,`16*16`		; points at iotas
+	b	.Loop_absorb
+
+.align	4
+.Loop_absorb:
+	$UCMP	$len,$bsz		; len < bsz?
+	blt	.Labsorbed
+
+	sub	$len,$len,$bsz		; len -= bsz
+	srwi	r0,$bsz,3
+	mtctr	r0
+
+	lvx_u	v30,r10,r12		; permutation masks
+	lvx_u	v31,r11,r12
+	?vspltisb v27,7			; prepare masks for byte swap
+	?vxor	v30,v30,v27		; on big-endian
+	?vxor	v31,v31,v27
+
+	vxor	v27,v27,v27		; zero
+	lvdx_u	v26,0,$inp
+	addi	$inp,$inp,8
+	vperm	v26,v26,v27,v30
+	vxor	v0, v0, v26
+	bdz	.Lprocess_block
+	lvdx_u	v26,0,$inp
+	addi	$inp,$inp,8
+	vperm	v26,v26,v27,v30
+	vxor	v1, v1, v26
+	bdz	.Lprocess_block
+	lvdx_u	v26,0,$inp
+	addi	$inp,$inp,8
+	vperm	v26,v26,v27,v30
+	vxor	v2, v2, v26
+	bdz	.Lprocess_block
+	lvdx_u	v26,0,$inp
+	addi	$inp,$inp,8
+	vperm	v26,v26,v27,v30
+	vxor	v3, v3, v26
+	bdz	.Lprocess_block
+	lvdx_u	v26,0,$inp
+	addi	$inp,$inp,8
+	vperm	v26,v26,v27,v30
+	vxor	v4, v4, v26
+	bdz	.Lprocess_block
+	lvdx_u	v26,0,$inp
+	addi	$inp,$inp,8
+	vperm	v26,v26,v27,v31
+	vxor	v0, v0, v26
+	bdz	.Lprocess_block
+	lvdx_u	v26,0,$inp
+	addi	$inp,$inp,8
+	vperm	v26,v26,v27,v31
+	vxor	v1, v1, v26
+	bdz	.Lprocess_block
+	lvdx_u	v26,0,$inp
+	addi	$inp,$inp,8
+	vperm	v26,v26,v27,v31
+	vxor	v2, v2, v26
+	bdz	.Lprocess_block
+	lvdx_u	v26,0,$inp
+	addi	$inp,$inp,8
+	vperm	v26,v26,v27,v31
+	vxor	v3, v3, v26
+	bdz	.Lprocess_block
+	lvdx_u	v26,0,$inp
+	addi	$inp,$inp,8
+	vperm	v26,v26,v27,v31
+	vxor	v4, v4, v26
+	bdz	.Lprocess_block
+	lvdx_u	v26,0,$inp
+	addi	$inp,$inp,8
+	vperm	v26,v26,v27,v30
+	vxor	v5, v5, v26
+	bdz	.Lprocess_block
+	lvdx_u	v26,0,$inp
+	addi	$inp,$inp,8
+	vperm	v26,v26,v27,v30
+	vxor	v6, v6, v26
+	bdz	.Lprocess_block
+	lvdx_u	v26,0,$inp
+	addi	$inp,$inp,8
+	vperm	v26,v26,v27,v30
+	vxor	v7, v7, v26
+	bdz	.Lprocess_block
+	lvdx_u	v26,0,$inp
+	addi	$inp,$inp,8
+	vperm	v26,v26,v27,v30
+	vxor	v8, v8, v26
+	bdz	.Lprocess_block
+	lvdx_u	v26,0,$inp
+	addi	$inp,$inp,8
+	vperm	v26,v26,v27,v30
+	vxor	v9, v9, v26
+	bdz	.Lprocess_block
+	lvdx_u	v26,0,$inp
+	addi	$inp,$inp,8
+	vperm	v26,v26,v27,v31
+	vxor	v5, v5, v26
+	bdz	.Lprocess_block
+	lvdx_u	v26,0,$inp
+	addi	$inp,$inp,8
+	vperm	v26,v26,v27,v31
+	vxor	v6, v6, v26
+	bdz	.Lprocess_block
+	lvdx_u	v26,0,$inp
+	addi	$inp,$inp,8
+	vperm	v26,v26,v27,v31
+	vxor	v7, v7, v26
+	bdz	.Lprocess_block
+	lvdx_u	v26,0,$inp
+	addi	$inp,$inp,8
+	vperm	v26,v26,v27,v31
+	vxor	v8, v8, v26
+	bdz	.Lprocess_block
+	lvdx_u	v26,0,$inp
+	addi	$inp,$inp,8
+	vperm	v26,v26,v27,v31
+	vxor	v9, v9, v26
+	bdz	.Lprocess_block
+	lvdx_u	v26,0,$inp
+	addi	$inp,$inp,8
+	vperm	v26,v26,v27,v30
+	vxor	v10, v10, v26
+	bdz	.Lprocess_block
+	lvdx_u	v26,0,$inp
+	addi	$inp,$inp,8
+	vperm	v26,v26,v27,v31
+	vxor	v10, v10, v26
+	bdz	.Lprocess_block
+	lvdx_u	v26,0,$inp
+	addi	$inp,$inp,8
+	vperm	v26,v26,v27,v30
+	vxor	v11, v11, v26
+	bdz	.Lprocess_block
+	lvdx_u	v26,0,$inp
+	addi	$inp,$inp,8
+	vperm	v26,v26,v27,v31
+	vxor	v11, v11, v26
+	bdz	.Lprocess_block
+	lvdx_u	v26,0,$inp
+	addi	$inp,$inp,8
+	vperm	v26,v26,v27,v31
+	vxor	v12, v12, v26
+
+.Lprocess_block:
+	bl	KeccakF1600_int
+
+	b	.Loop_absorb
+
+.align	4
+.Labsorbed:
+	li	r11,16
+	stvx_4w	v0,0,$A_jagged		; return A[5][5]
+	li	r10,32
+	stvx_4w	v1,r11,$A_jagged
+	addi	r11,r11,32
+	stvx_4w	v2,r10,$A_jagged
+	addi	r10,r10,32
+	stvx_4w	v3,r11,$A_jagged
+	addi	r11,r11,32
+	stvx_4w	v4,r10,$A_jagged
+	addi	r10,r10,32
+	stvx_4w	v5,r11,$A_jagged
+	addi	r11,r11,32
+	stvx_4w	v6,r10,$A_jagged
+	addi	r10,r10,32
+	stvx_4w	v7,r11,$A_jagged
+	addi	r11,r11,32
+	stvx_4w	v8,r10,$A_jagged
+	addi	r10,r10,32
+	stvx_4w	v9,r11,$A_jagged
+	addi	r11,r11,32
+	stvx_4w	v10,r10,$A_jagged
+	addi	r10,r10,32
+	stvx_4w	v11,r11,$A_jagged
+	stvdx_u v12,r10,$A_jagged
+
+	mr	r3,$len			; return value
+	li	r10,`15+6*$SIZE_T`
+	li	r11,`31+6*$SIZE_T`
+	mtlr	r8
+	mtspr	256, r7			; restore vrsave
+	lvx	v20,r10,$sp
+	addi	r10,r10,32
+	lvx	v21,r11,$sp
+	addi	r11,r11,32
+	lvx	v22,r10,$sp
+	addi	r10,r10,32
+	lvx	v23,r11,$sp
+	addi	r11,r11,32
+	lvx	v24,r10,$sp
+	addi	r10,r10,32
+	lvx	v25,r11,$sp
+	addi	r11,r11,32
+	lvx	v26,r10,$sp
+	addi	r10,r10,32
+	lvx	v27,r11,$sp
+	addi	r11,r11,32
+	lvx	v28,r10,$sp
+	addi	r10,r10,32
+	lvx	v29,r11,$sp
+	addi	r11,r11,32
+	lvx	v30,r10,$sp
+	lvx	v31,r11,$sp
+	addi	$sp,$sp,$FRAME
+	blr
+	.long	0
+	.byte	0,12,0x04,1,0x80,0,4,0
+	.long	0
+.size	SHA3_absorb,.-SHA3_absorb
+___
+}
+{
+my ($A_jagged,$out,$len,$bsz) = map("r$_",(3..6));
+
+$code.=<<___;
+.globl	SHA3_squeeze
+.type	SHA3_squeeze,\@function
+.align	5
+SHA3_squeeze:
+	mflr	r9			; r9 is not touched by KeccakF1600
+	subi	$out,$out,1		; prepare for stbu
+	addi	r8,$A_jagged,4		; prepare volatiles
+	mr	r10,$bsz
+	li	r11,0
+	b	.Loop_squeeze
+.align	4
+.Loop_squeeze:
+	lwzx	r7,r11,r8		; lo
+	lwzx	r0,r11,$A_jagged	; hi
+	${UCMP}i $len,8
+	blt	.Lsqueeze_tail
+
+	stbu	r7,1($out)		; write lo
+	srwi	r7,r7,8
+	stbu	r7,1($out)
+	srwi	r7,r7,8
+	stbu	r7,1($out)
+	srwi	r7,r7,8
+	stbu	r7,1($out)
+	stbu	r0,1($out)		; write hi
+	srwi	r0,r0,8
+	stbu	r0,1($out)
+	srwi	r0,r0,8
+	stbu	r0,1($out)
+	srwi	r0,r0,8
+	stbu	r0,1($out)
+
+	subic.	$len,$len,8
+	beqlr				; return if done
+
+	subic.	r10,r10,8
+	ble	.Loutput_expand
+
+	addi	r11,r11,16		; calculate jagged index
+	cmplwi	r11,`16*5`
+	blt	.Loop_squeeze
+	subi	r11,r11,72
+	beq	.Loop_squeeze
+	addi	r11,r11,72
+	cmplwi	r11,`16*5+8`
+	subi	r11,r11,8
+	beq	.Loop_squeeze
+	addi	r11,r11,8
+	cmplwi	r11,`16*10`
+	subi	r11,r11,72
+	beq	.Loop_squeeze
+	addi	r11,r11,72
+	blt	.Loop_squeeze
+	subi	r11,r11,8
+	b	.Loop_squeeze
+
+.align	4
+.Loutput_expand:
+	bl	KeccakF1600
+	mtlr	r9
+
+	addi	r8,$A_jagged,4		; restore volatiles
+	mr	r10,$bsz
+	li	r11,0
+	b	.Loop_squeeze
+
+.align	4
+.Lsqueeze_tail:
+	mtctr	$len
+	subic.	$len,$len,4
+	ble	.Loop_tail_lo
+	li	r8,4
+	mtctr	r8
+.Loop_tail_lo:
+	stbu	r7,1($out)
+	srdi	r7,r7,8
+	bdnz	.Loop_tail_lo
+	ble	.Lsqueeze_done
+	mtctr	$len
+.Loop_tail_hi:
+	stbu	r0,1($out)
+	srdi	r0,r0,8
+	bdnz	.Loop_tail_hi
+
+.Lsqueeze_done:
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,4,0
+	.long	0
+.size	SHA3_squeeze,.-SHA3_squeeze
+___
+}
+$code.=<<___;
+.align	6
+PICmeup:
+	mflr	r0
+	bcl	20,31,\$+4
+	mflr	r12   ; vvvvvv "distance" between . and 1st data entry
+	addi	r12,r12,`64-8`
+	mtlr	r0
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+	.space	`64-9*4`
+.type	rhotates,\@object
+.align	6
+rhotates:
+	.quad	0,  36
+	.quad	1,  44
+	.quad	62,  6
+	.quad	28, 55
+	.quad	27, 20
+	.quad	3,  41
+	.quad	10, 45
+	.quad	43, 15
+	.quad	25, 21
+	.quad	39,  8
+	.quad	18,  2
+	.quad	61, 56
+	.quad	14, 14
+.size	rhotates,.-rhotates
+	.quad	0,0
+	.quad	0x0001020304050607,0x1011121314151617
+	.quad	0x1011121314151617,0x0001020304050607
+.type	iotas,\@object
+iotas:
+	.quad	0x0000000000000001,0
+	.quad	0x0000000000008082,0
+	.quad	0x800000000000808a,0
+	.quad	0x8000000080008000,0
+	.quad	0x000000000000808b,0
+	.quad	0x0000000080000001,0
+	.quad	0x8000000080008081,0
+	.quad	0x8000000000008009,0
+	.quad	0x000000000000008a,0
+	.quad	0x0000000000000088,0
+	.quad	0x0000000080008009,0
+	.quad	0x000000008000000a,0
+	.quad	0x000000008000808b,0
+	.quad	0x800000000000008b,0
+	.quad	0x8000000000008089,0
+	.quad	0x8000000000008003,0
+	.quad	0x8000000000008002,0
+	.quad	0x8000000000000080,0
+	.quad	0x000000000000800a,0
+	.quad	0x800000008000000a,0
+	.quad	0x8000000080008081,0
+	.quad	0x8000000000008080,0
+	.quad	0x0000000080000001,0
+	.quad	0x8000000080008008,0
+.size	iotas,.-iotas
+.asciz	"Keccak-1600 absorb and squeeze for PowerISA 2.07, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+foreach  (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/ge;
+
+	if ($flavour =~ /le$/) {	# little-endian
+	    s/\?([a-z]+)/;$1/;
+	} else {			# big-endian
+	    s/\?([a-z]+)/$1/;
+	}
+
+	print $_,"\n";
+}
+
+close STDOUT;
diff --git a/deps/openssl/openssl/crypto/sha/asm/sha1-586.pl b/deps/openssl/openssl/crypto/sha/asm/sha1-586.pl
index cf34b2c293..9d4ff7f39a 100644
--- a/deps/openssl/openssl/crypto/sha/asm/sha1-586.pl
+++ b/deps/openssl/openssl/crypto/sha/asm/sha1-586.pl
@@ -35,10 +35,9 @@
 # P4		+85%(!)			+45%
 #
 # As you can see Pentium came out as looser:-( Yet I reckoned that
-# improvement on P4 outweights the loss and incorporate this
+# improvement on P4 outweighs the loss and incorporate this
 # re-tuned code to 0.9.7 and later.
 # ----------------------------------------------------------------
-#					<appro@fy.chalmers.se>
 
 # August 2009.
 #
@@ -104,10 +103,12 @@
 # Sandy Bridge	8.8		6.2/+40%	5.1(**)/+73%
 # Ivy Bridge	7.2		4.8/+51%	4.7(**)/+53%
 # Haswell	6.5		4.3/+51%	4.1(**)/+58%
+# Skylake	6.4		4.1/+55%	4.1(**)/+55%
 # Bulldozer	11.6		6.0/+92%
 # VIA Nano	10.6		7.5/+41%
 # Atom		12.5		9.3(*)/+35%
 # Silvermont	14.5		9.9(*)/+46%
+# Goldmont	8.8		6.7/+30%	1.7(***)/+415%
 #
 # (*)	Loop is 1056 instructions long and expected result is ~8.25.
 #	The discrepancy is because of front-end limitations, so
@@ -115,6 +116,8 @@
 #	limited parallelism.
 #
 # (**)	As per above comment, the result is for AVX *plus* sh[rl]d.
+#
+# (***)	SHAEXT result
 
 $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
 push(@INC,"${dir}","${dir}../../perlasm");
@@ -123,7 +126,7 @@ require "x86asm.pl";
 $output=pop;
 open STDOUT,">$output";
 
-&asm_init($ARGV[0],"sha1-586.pl",$ARGV[$#ARGV] eq "386");
+&asm_init($ARGV[0],$ARGV[$#ARGV] eq "386");
 
 $xmm=$ymm=0;
 for (@ARGV) { $xmm=1 if (/-DOPENSSL_IA32_SSE2/); }
@@ -133,7 +136,7 @@ $ymm=1 if ($xmm &&
 			=~ /GNU assembler version ([2-9]\.[0-9]+)/ &&
 		$1>=2.19);	# first version supporting AVX
 
-$ymm=1 if ($xmm && !$ymm && $ARGV[0] eq "win32n" && 
+$ymm=1 if ($xmm && !$ymm && $ARGV[0] eq "win32n" &&
 		`nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/ &&
 		$1>=2.03);	# first version supporting AVX
 
@@ -546,7 +549,7 @@ for($i=0;$i<20-4;$i+=2) {
 # being implemented in SSSE3). Once 8 quadruples or 32 elements are
 # collected, it switches to routine proposed by Max Locktyukhin.
 #
-# Calculations inevitably require temporary reqisters, and there are
+# Calculations inevitably require temporary registers, and there are
 # no %xmm registers left to spare. For this reason part of the ring
 # buffer, X[2..4] to be specific, is offloaded to 3 quadriples ring
 # buffer on the stack. Keep in mind that X[2] is alias X[-6], X[3] -
diff --git a/deps/openssl/openssl/crypto/sha/asm/sha1-alpha.pl b/deps/openssl/openssl/crypto/sha/asm/sha1-alpha.pl
index 4124958f78..c1a0b0c690 100644
--- a/deps/openssl/openssl/crypto/sha/asm/sha1-alpha.pl
+++ b/deps/openssl/openssl/crypto/sha/asm/sha1-alpha.pl
@@ -8,7 +8,7 @@
 
 
 # ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
 # project. The module is, however, dual licensed under OpenSSL and
 # CRYPTOGAMS licenses depending on where you obtain it. For further
 # details see http://www.openssl.org/~appro/cryptogams/.
diff --git a/deps/openssl/openssl/crypto/sha/asm/sha1-armv8.pl b/deps/openssl/openssl/crypto/sha/asm/sha1-armv8.pl
index 84a00bf2af..3ba871fede 100644
--- a/deps/openssl/openssl/crypto/sha/asm/sha1-armv8.pl
+++ b/deps/openssl/openssl/crypto/sha/asm/sha1-armv8.pl
@@ -26,6 +26,7 @@
 # Denver	2.13			3.97 (+0%)(**)
 # X-Gene				8.80 (+200%)
 # Mongoose	2.05			6.50 (+160%)
+# Kryo		1.88			8.00 (+90%)
 #
 # (*)	Software results are presented mostly for reference purposes.
 # (**)	Keep in mind that Denver relies on binary translation, which
diff --git a/deps/openssl/openssl/crypto/sha/asm/sha1-ia64.pl b/deps/openssl/openssl/crypto/sha/asm/sha1-ia64.pl
index dec21f92d5..bf1d2ebeb0 100644
--- a/deps/openssl/openssl/crypto/sha/asm/sha1-ia64.pl
+++ b/deps/openssl/openssl/crypto/sha/asm/sha1-ia64.pl
@@ -8,7 +8,7 @@
 
 #
 # ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
 # project. The module is, however, dual licensed under OpenSSL and
 # CRYPTOGAMS licenses depending on where you obtain it. For further
 # details see http://www.openssl.org/~appro/cryptogams/.
diff --git a/deps/openssl/openssl/crypto/sha/asm/sha1-mb-x86_64.pl b/deps/openssl/openssl/crypto/sha/asm/sha1-mb-x86_64.pl
index 51c73c05ac..443b649830 100644
--- a/deps/openssl/openssl/crypto/sha/asm/sha1-mb-x86_64.pl
+++ b/deps/openssl/openssl/crypto/sha/asm/sha1-mb-x86_64.pl
@@ -95,7 +95,7 @@ $K="%xmm15";
 
 if (1) {
     # Atom-specific optimization aiming to eliminate pshufb with high
-    # registers [and thus get rid of 48 cycles accumulated penalty] 
+    # registers [and thus get rid of 48 cycles accumulated penalty]
     @Xi=map("%xmm$_",(0..4));
     ($tx,$t0,$t1,$t2,$t3)=map("%xmm$_",(5..9));
     @V=($A,$B,$C,$D,$E)=map("%xmm$_",(10..14));
@@ -126,7 +126,7 @@ my $k=$i+2;
 # ...
 # $i==13:	14,15,15,15,
 # $i==14:	15
-# 
+#
 # Then at $i==15 Xupdate is applied one iteration in advance...
 $code.=<<___ if ($i==0);
 	movd		(@ptr[0]),@Xi[0]
@@ -363,6 +363,7 @@ $code.=<<___;
 .type	sha1_multi_block,\@function,3
 .align	32
 sha1_multi_block:
+.cfi_startproc
 	mov	OPENSSL_ia32cap_P+4(%rip),%rcx
 	bt	\$61,%rcx			# check SHA bit
 	jc	_shaext_shortcut
@@ -373,8 +374,11 @@ $code.=<<___ if ($avx);
 ___
 $code.=<<___;
 	mov	%rsp,%rax
+.cfi_def_cfa_register	%rax
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbx
 ___
 $code.=<<___ if ($win64);
 	lea	-0xa8(%rsp),%rsp
@@ -393,6 +397,7 @@ $code.=<<___;
 	sub	\$`$REG_SZ*18`,%rsp
 	and	\$-256,%rsp
 	mov	%rax,`$REG_SZ*17`(%rsp)		# original %rsp
+.cfi_cfa_expression	%rsp+`$REG_SZ*17`,deref,+8
 .Lbody:
 	lea	K_XX_XX(%rip),$Tbl
 	lea	`$REG_SZ*16`(%rsp),%rbx
@@ -439,7 +444,7 @@ for(;$i<80;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
 $code.=<<___;
 	movdqa	(%rbx),@Xi[0]			# pull counters
 	mov	\$1,%ecx
-	cmp	4*0(%rbx),%ecx			# examinte counters
+	cmp	4*0(%rbx),%ecx			# examine counters
 	pxor	$t2,$t2
 	cmovge	$Tbl,@ptr[0]			# cancel input
 	cmp	4*1(%rbx),%ecx
@@ -487,6 +492,7 @@ $code.=<<___;
 
 .Ldone:
 	mov	`$REG_SZ*17`(%rsp),%rax		# original %rsp
+.cfi_def_cfa	%rax,8
 ___
 $code.=<<___ if ($win64);
 	movaps	-0xb8(%rax),%xmm6
@@ -502,10 +508,14 @@ $code.=<<___ if ($win64);
 ___
 $code.=<<___;
 	mov	-16(%rax),%rbp
+.cfi_restore	%rbp
 	mov	-8(%rax),%rbx
+.cfi_restore	%rbx
 	lea	(%rax),%rsp
+.cfi_def_cfa_register	%rsp
 .Lepilogue:
 	ret
+.cfi_endproc
 .size	sha1_multi_block,.-sha1_multi_block
 ___
 						{{{
@@ -517,10 +527,14 @@ $code.=<<___;
 .type	sha1_multi_block_shaext,\@function,3
 .align	32
 sha1_multi_block_shaext:
+.cfi_startproc
 _shaext_shortcut:
 	mov	%rsp,%rax
+.cfi_def_cfa_register	%rax
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 ___
 $code.=<<___ if ($win64);
 	lea	-0xa8(%rsp),%rsp
@@ -756,10 +770,14 @@ $code.=<<___ if ($win64);
 ___
 $code.=<<___;
 	mov	-16(%rax),%rbp
+.cfi_restore	%rbp
 	mov	-8(%rax),%rbx
+.cfi_restore	%rbx
 	lea	(%rax),%rsp
+.cfi_def_cfa_register	%rsp
 .Lepilogue_shaext:
 	ret
+.cfi_endproc
 .size	sha1_multi_block_shaext,.-sha1_multi_block_shaext
 ___
 						}}}
@@ -1002,6 +1020,7 @@ $code.=<<___;
 .type	sha1_multi_block_avx,\@function,3
 .align	32
 sha1_multi_block_avx:
+.cfi_startproc
 _avx_shortcut:
 ___
 $code.=<<___ if ($avx>1);
@@ -1016,8 +1035,11 @@ $code.=<<___ if ($avx>1);
 ___
 $code.=<<___;
 	mov	%rsp,%rax
+.cfi_def_cfa_register	%rax
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 ___
 $code.=<<___ if ($win64);
 	lea	-0xa8(%rsp),%rsp
@@ -1036,6 +1058,7 @@ $code.=<<___;
 	sub	\$`$REG_SZ*18`, %rsp
 	and	\$-256,%rsp
 	mov	%rax,`$REG_SZ*17`(%rsp)		# original %rsp
+.cfi_cfa_expression	%rsp+`$REG_SZ*17`,deref,+8
 .Lbody_avx:
 	lea	K_XX_XX(%rip),$Tbl
 	lea	`$REG_SZ*16`(%rsp),%rbx
@@ -1125,6 +1148,7 @@ $code.=<<___;
 
 .Ldone_avx:
 	mov	`$REG_SZ*17`(%rsp),%rax		# original %rsp
+.cfi_def_cfa	%rax,8
 	vzeroupper
 ___
 $code.=<<___ if ($win64);
@@ -1141,10 +1165,14 @@ $code.=<<___ if ($win64);
 ___
 $code.=<<___;
 	mov	-16(%rax),%rbp
+.cfi_restore	%rbp
 	mov	-8(%rax),%rbx
+.cfi_restore	%rbx
 	lea	(%rax),%rsp
+.cfi_def_cfa_register	%rsp
 .Lepilogue_avx:
 	ret
+.cfi_endproc
 .size	sha1_multi_block_avx,.-sha1_multi_block_avx
 ___
 
@@ -1164,14 +1192,22 @@ $code.=<<___;
 .type	sha1_multi_block_avx2,\@function,3
 .align	32
 sha1_multi_block_avx2:
+.cfi_startproc
 _avx2_shortcut:
 	mov	%rsp,%rax
+.cfi_def_cfa_register	%rax
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
 ___
 $code.=<<___ if ($win64);
 	lea	-0xa8(%rsp),%rsp
@@ -1190,6 +1226,7 @@ $code.=<<___;
 	sub	\$`$REG_SZ*18`, %rsp
 	and	\$-256,%rsp
 	mov	%rax,`$REG_SZ*17`(%rsp)		# original %rsp
+.cfi_cfa_expression	%rsp+`$REG_SZ*17`,deref,+8
 .Lbody_avx2:
 	lea	K_XX_XX(%rip),$Tbl
 	shr	\$1,$num
@@ -1280,6 +1317,7 @@ $code.=<<___;
 
 .Ldone_avx2:
 	mov	`$REG_SZ*17`(%rsp),%rax		# original %rsp
+.cfi_def_cfa	%rax,8
 	vzeroupper
 ___
 $code.=<<___ if ($win64);
@@ -1296,14 +1334,22 @@ $code.=<<___ if ($win64);
 ___
 $code.=<<___;
 	mov	-48(%rax),%r15
+.cfi_restore	%r15
 	mov	-40(%rax),%r14
+.cfi_restore	%r14
 	mov	-32(%rax),%r13
+.cfi_restore	%r13
 	mov	-24(%rax),%r12
+.cfi_restore	%r12
 	mov	-16(%rax),%rbp
+.cfi_restore	%rbp
 	mov	-8(%rax),%rbx
+.cfi_restore	%rbx
 	lea	(%rax),%rsp
+.cfi_def_cfa_register	%rsp
 .Lepilogue_avx2:
 	ret
+.cfi_endproc
 .size	sha1_multi_block_avx2,.-sha1_multi_block_avx2
 ___
 						}	}}}
@@ -1462,10 +1508,10 @@ avx2_handler:
 	mov	-48(%rax),%r15
 	mov	%rbx,144($context)	# restore context->Rbx
 	mov	%rbp,160($context)	# restore context->Rbp
-	mov	%r12,216($context)	# restore cotnext->R12
-	mov	%r13,224($context)	# restore cotnext->R13
-	mov	%r14,232($context)	# restore cotnext->R14
-	mov	%r15,240($context)	# restore cotnext->R15
+	mov	%r12,216($context)	# restore context->R12
+	mov	%r13,224($context)	# restore context->R13
+	mov	%r14,232($context)	# restore context->R14
+	mov	%r15,240($context)	# restore context->R15
 
 	lea	-56-10*16(%rax),%rsi
 	lea	512($context),%rdi	# &context.Xmm6
diff --git a/deps/openssl/openssl/crypto/sha/asm/sha1-mips.pl b/deps/openssl/openssl/crypto/sha/asm/sha1-mips.pl
index 882f9731cf..08f84bc3b3 100644
--- a/deps/openssl/openssl/crypto/sha/asm/sha1-mips.pl
+++ b/deps/openssl/openssl/crypto/sha/asm/sha1-mips.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -8,7 +8,7 @@
 
 
 # ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
 # project. The module is, however, dual licensed under OpenSSL and
 # CRYPTOGAMS licenses depending on where you obtain it. For further
 # details see http://www.openssl.org/~appro/cryptogams/.
@@ -56,15 +56,15 @@
 $flavour = shift || "o32"; # supported flavours are o32,n32,64,nubi32,nubi64
 
 if ($flavour =~ /64|n32/i) {
-	$PTR_ADD="dadd";	# incidentally works even on n32
-	$PTR_SUB="dsub";	# incidentally works even on n32
+	$PTR_ADD="daddu";	# incidentally works even on n32
+	$PTR_SUB="dsubu";	# incidentally works even on n32
 	$REG_S="sd";
 	$REG_L="ld";
 	$PTR_SLL="dsll";	# incidentally works even on n32
 	$SZREG=8;
 } else {
-	$PTR_ADD="add";
-	$PTR_SUB="sub";
+	$PTR_ADD="addu";
+	$PTR_SUB="subu";
 	$REG_S="sw";
 	$REG_L="lw";
 	$PTR_SLL="sll";
@@ -75,7 +75,7 @@ if ($flavour =~ /64|n32/i) {
 #
 ######################################################################
 
-$big_endian=(`echo MIPSEL | $ENV{CC} -E -`=~/MIPSEL/)?1:0 if ($ENV{CC});
+$big_endian=(`echo MIPSEB | $ENV{CC} -E -`=~/MIPSEB/)?0:1 if ($ENV{CC});
 
 for (@ARGV) {	$output=$_ if (/\w[\w\-]*\.\w+$/);   }
 open STDOUT,">$output";
@@ -126,10 +126,14 @@ $code.=<<___;
 	addu	$e,$K		# $i
 	xor	$t0,$c,$d
 	rotr	$t1,$a,27
-	 lwl	@X[$j],$j*4+$MSB($inp)
 	and	$t0,$b
 	addu	$e,$t1
+#if defined(_MIPS_ARCH_MIPS32R6) || defined(_MIPS_ARCH_MIPS64R6)
+	 lw	@X[$j],$j*4($inp)
+#else
+	 lwl	@X[$j],$j*4+$MSB($inp)
 	 lwr	@X[$j],$j*4+$LSB($inp)
+#endif
 	xor	$t0,$d
 	addu	$e,@X[$i]
 	rotr	$b,$b,2
@@ -336,13 +340,7 @@ $FRAMESIZE=16;	# large enough to accommodate NUBI saved registers
 $SAVED_REGS_MASK = ($flavour =~ /nubi/i) ? "0xc0fff008" : "0xc0ff0000";
 
 $code=<<___;
-#ifdef OPENSSL_FIPSCANISTER
-# include <openssl/fipssyms.h>
-#endif
-
-#if defined(__mips_smartmips) && !defined(_MIPS_ARCH_MIPS32R2)
-#define _MIPS_ARCH_MIPS32R2
-#endif
+#include "mips_arch.h"
 
 .text
 
@@ -387,10 +385,16 @@ $code.=<<___;
 .align	4
 .Loop:
 	.set	reorder
+#if defined(_MIPS_ARCH_MIPS32R6) || defined(_MIPS_ARCH_MIPS64R6)
+	lui	$K,0x5a82
+	lw	@X[0],($inp)
+	ori	$K,0x7999	# K_00_19
+#else
 	lwl	@X[0],$MSB($inp)
 	lui	$K,0x5a82
 	lwr	@X[0],$LSB($inp)
 	ori	$K,0x7999	# K_00_19
+#endif
 ___
 for ($i=0;$i<15;$i++)	{ &BODY_00_14($i,@V); unshift(@V,pop(@V)); }
 for (;$i<20;$i++)	{ &BODY_15_19($i,@V); unshift(@V,pop(@V)); }
diff --git a/deps/openssl/openssl/crypto/sha/asm/sha1-parisc.pl b/deps/openssl/openssl/crypto/sha/asm/sha1-parisc.pl
index a85d126ff0..b001be16a2 100644
--- a/deps/openssl/openssl/crypto/sha/asm/sha1-parisc.pl
+++ b/deps/openssl/openssl/crypto/sha/asm/sha1-parisc.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -8,7 +8,7 @@
 
 
 # ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
 # project. The module is, however, dual licensed under OpenSSL and
 # CRYPTOGAMS licenses depending on where you obtain it. For further
 # details see http://www.openssl.org/~appro/cryptogams/.
@@ -260,8 +260,20 @@ $code.=<<___;
 	.STRINGZ "SHA1 block transform for PA-RISC, CRYPTOGAMS by <appro\@openssl.org>"
 ___
 
-$code =~ s/\`([^\`]*)\`/eval $1/gem;
-$code =~ s/,\*/,/gm		if ($SIZE_T==4);
-$code =~ s/\bbv\b/bve/gm	if ($SIZE_T==8);
-print $code;
+if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+	=~ /GNU assembler/) {
+    $gnuas = 1;
+}
+
+foreach(split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/ge;
+
+	s/(\.LEVEL\s+2\.0)W/$1w/	if ($gnuas && $SIZE_T==8);
+	s/\.SPACE\s+\$TEXT\$/.text/	if ($gnuas && $SIZE_T==8);
+	s/\.SUBSPA.*//			if ($gnuas && $SIZE_T==8);
+	s/,\*/,/			if ($SIZE_T==4);
+	s/\bbv\b/bve/			if ($SIZE_T==8);
+
+	print $_,"\n";
+}
 close STDOUT;
diff --git a/deps/openssl/openssl/crypto/sha/asm/sha1-ppc.pl b/deps/openssl/openssl/crypto/sha/asm/sha1-ppc.pl
index add5a9ea5c..0cda0a3e15 100755
--- a/deps/openssl/openssl/crypto/sha/asm/sha1-ppc.pl
+++ b/deps/openssl/openssl/crypto/sha/asm/sha1-ppc.pl
@@ -8,7 +8,7 @@
 
 
 # ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
 # project. The module is, however, dual licensed under OpenSSL and
 # CRYPTOGAMS licenses depending on where you obtain it. For further
 # details see http://www.openssl.org/~appro/cryptogams/.
diff --git a/deps/openssl/openssl/crypto/sha/asm/sha1-s390x.pl b/deps/openssl/openssl/crypto/sha/asm/sha1-s390x.pl
index 79df1ffdad..5729c30898 100644
--- a/deps/openssl/openssl/crypto/sha/asm/sha1-s390x.pl
+++ b/deps/openssl/openssl/crypto/sha/asm/sha1-s390x.pl
@@ -8,7 +8,7 @@
 
 
 # ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
 # project. The module is, however, dual licensed under OpenSSL and
 # CRYPTOGAMS licenses depending on where you obtain it. For further
 # details see http://www.openssl.org/~appro/cryptogams/.
@@ -160,6 +160,8 @@ ___
 }
 
 $code.=<<___;
+#include "s390x_arch.h"
+
 .text
 .align	64
 .type	Ktable,\@object
@@ -172,7 +174,7 @@ sha1_block_data_order:
 ___
 $code.=<<___ if ($kimdfunc);
 	larl	%r1,OPENSSL_s390xcap_P
-	lg	%r0,16(%r1)	# check kimd capabilities
+	lg	%r0,S390X_KIMD(%r1)	# check kimd capabilities
 	tmhh	%r0,`0x8000>>$kimdfunc`
 	jz	.Lsoftware
 	lghi	%r0,$kimdfunc
diff --git a/deps/openssl/openssl/crypto/sha/asm/sha1-sparcv9.pl b/deps/openssl/openssl/crypto/sha/asm/sha1-sparcv9.pl
index 7437ff4f05..3e612e3d5f 100644
--- a/deps/openssl/openssl/crypto/sha/asm/sha1-sparcv9.pl
+++ b/deps/openssl/openssl/crypto/sha/asm/sha1-sparcv9.pl
@@ -8,12 +8,12 @@
 
 
 # ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
 # project. The module is, however, dual licensed under OpenSSL and
 # CRYPTOGAMS licenses depending on where you obtain it. For further
 # details see http://www.openssl.org/~appro/cryptogams/.
 #
-# Hardware SPARC T4 support by David S. Miller <davem@davemloft.net>.
+# Hardware SPARC T4 support by David S. Miller
 # ====================================================================
 
 # Performance improvement is not really impressive on pre-T1 CPU: +8%
@@ -227,7 +227,7 @@ sha1_block_data_order:
 	ldd	[%o1 + 0x20], %f16
 	ldd	[%o1 + 0x28], %f18
 	ldd	[%o1 + 0x30], %f20
-	subcc	%o2, 1, %o2		! done yet? 
+	subcc	%o2, 1, %o2		! done yet?
 	ldd	[%o1 + 0x38], %f22
 	add	%o1, 0x40, %o1
 	prefetch [%o1 + 63], 20
diff --git a/deps/openssl/openssl/crypto/sha/asm/sha1-sparcv9a.pl b/deps/openssl/openssl/crypto/sha/asm/sha1-sparcv9a.pl
index f9ed5630e8..50d3e136a1 100644
--- a/deps/openssl/openssl/crypto/sha/asm/sha1-sparcv9a.pl
+++ b/deps/openssl/openssl/crypto/sha/asm/sha1-sparcv9a.pl
@@ -8,7 +8,7 @@
 
 
 # ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
 # project. The module is, however, dual licensed under OpenSSL and
 # CRYPTOGAMS licenses depending on where you obtain it. For further
 # details see http://www.openssl.org/~appro/cryptogams/.
@@ -519,7 +519,7 @@ $code.=<<___;
 	mov		$Cctx,$C
 	mov		$Dctx,$D
 	mov		$Ectx,$E
-	alignaddr	%g0,$tmp0,%g0	
+	alignaddr	%g0,$tmp0,%g0
 	dec		1,$len
 	ba		.Loop
 	mov		$nXfer,$Xfer
diff --git a/deps/openssl/openssl/crypto/sha/asm/sha1-thumb.pl b/deps/openssl/openssl/crypto/sha/asm/sha1-thumb.pl
index 661fd9f9ff..ac74a25d6e 100644
--- a/deps/openssl/openssl/crypto/sha/asm/sha1-thumb.pl
+++ b/deps/openssl/openssl/crypto/sha/asm/sha1-thumb.pl
@@ -8,7 +8,7 @@
 
 
 # ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
 # project. The module is, however, dual licensed under OpenSSL and
 # CRYPTOGAMS licenses depending on where you obtain it. For further
 # details see http://www.openssl.org/~appro/cryptogams/.
@@ -21,7 +21,7 @@
 # The code does not present direct interest to OpenSSL, because of low
 # performance. Its purpose is to establish _size_ benchmark. Pretty
 # useless one I must say, because 30% or 88 bytes larger ARMv4 code
-# [avialable on demand] is almost _twice_ as fast. It should also be
+# [available on demand] is almost _twice_ as fast. It should also be
 # noted that in-lining of .Lcommon and .Lrotate improves performance
 # by over 40%, while code increases by only 10% or 32 bytes. But once
 # again, the goal was to establish _size_ benchmark, not performance.
diff --git a/deps/openssl/openssl/crypto/sha/asm/sha1-x86_64.pl b/deps/openssl/openssl/crypto/sha/asm/sha1-x86_64.pl
index 6a3378ba4c..60819f6186 100755
--- a/deps/openssl/openssl/crypto/sha/asm/sha1-x86_64.pl
+++ b/deps/openssl/openssl/crypto/sha/asm/sha1-x86_64.pl
@@ -82,9 +82,11 @@
 # Haswell	5.45		4.15/+31%	3.57/+53%
 # Skylake	5.18		4.06/+28%	3.54/+46%
 # Bulldozer	9.11		5.95/+53%
+# Ryzen		4.75		3.80/+24%	1.93/+150%(**)
 # VIA Nano	9.32		7.15/+30%
 # Atom		10.3		9.17/+12%
 # Silvermont	13.1(*)		9.37/+40%
+# Knights L	13.2(*)		9.68/+36%	8.30/+59%
 # Goldmont	8.13		6.42/+27%	1.70/+380%(**)
 #
 # (*)	obviously suboptimal result, nothing was done about it,
@@ -257,6 +259,7 @@ $code.=<<___;
 .type	sha1_block_data_order,\@function,3
 .align	16
 sha1_block_data_order:
+.cfi_startproc
 	mov	OPENSSL_ia32cap_P+0(%rip),%r9d
 	mov	OPENSSL_ia32cap_P+4(%rip),%r8d
 	mov	OPENSSL_ia32cap_P+8(%rip),%r10d
@@ -264,7 +267,7 @@ sha1_block_data_order:
 	jz	.Lialu
 ___
 $code.=<<___ if ($shaext);
-	test	\$`1<<29`,%r10d		# check SHA bit	
+	test	\$`1<<29`,%r10d		# check SHA bit
 	jnz	_shaext_shortcut
 ___
 $code.=<<___ if ($avx>1);
@@ -285,17 +288,24 @@ $code.=<<___;
 .align	16
 .Lialu:
 	mov	%rsp,%rax
+.cfi_def_cfa_register	%rax
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	mov	%rdi,$ctx	# reassigned argument
 	sub	\$`8+16*4`,%rsp
 	mov	%rsi,$inp	# reassigned argument
 	and	\$-64,%rsp
 	mov	%rdx,$num	# reassigned argument
 	mov	%rax,`16*4`(%rsp)
+.cfi_cfa_expression	%rsp+64,deref,+8
 .Lprologue:
 
 	mov	0($ctx),$A
@@ -329,14 +339,22 @@ $code.=<<___;
 	jnz	.Lloop
 
 	mov	`16*4`(%rsp),%rsi
+.cfi_def_cfa	%rsi,8
 	mov	-40(%rsi),%r14
+.cfi_restore	%r14
 	mov	-32(%rsi),%r13
+.cfi_restore	%r13
 	mov	-24(%rsi),%r12
+.cfi_restore	%r12
 	mov	-16(%rsi),%rbp
+.cfi_restore	%rbp
 	mov	-8(%rsi),%rbx
+.cfi_restore	%rbx
 	lea	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
 .Lepilogue:
 	ret
+.cfi_endproc
 .size	sha1_block_data_order,.-sha1_block_data_order
 ___
 if ($shaext) {{{
@@ -352,6 +370,7 @@ $code.=<<___;
 .align	32
 sha1_block_data_order_shaext:
 _shaext_shortcut:
+.cfi_startproc
 ___
 $code.=<<___ if ($win64);
 	lea	`-8-4*16`(%rsp),%rsp
@@ -449,6 +468,7 @@ $code.=<<___ if ($win64);
 .Lepilogue_shaext:
 ___
 $code.=<<___;
+.cfi_endproc
 	ret
 .size	sha1_block_data_order_shaext,.-sha1_block_data_order_shaext
 ___
@@ -462,7 +482,8 @@ my @V=($A,$B,$C,$D,$E)=("%eax","%ebx","%ecx","%edx","%ebp");	# size optimization
 my @T=("%esi","%edi");
 my $j=0;
 my $rx=0;
-my $K_XX_XX="%r11";
+my $K_XX_XX="%r14";
+my $fp="%r11";
 
 my $_rol=sub { &rol(@_) };
 my $_ror=sub { &ror(@_) };
@@ -483,25 +504,31 @@ $code.=<<___;
 .align	16
 sha1_block_data_order_ssse3:
 _ssse3_shortcut:
-	mov	%rsp,%rax
+.cfi_startproc
+	mov	%rsp,$fp	# frame pointer
+.cfi_def_cfa_register	$fp
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r12
+.cfi_push	%r12
 	push	%r13		# redundant, done to share Win64 SE handler
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	lea	`-64-($win64?6*16:0)`(%rsp),%rsp
 ___
 $code.=<<___ if ($win64);
-	movaps	%xmm6,-40-6*16(%rax)
-	movaps	%xmm7,-40-5*16(%rax)
-	movaps	%xmm8,-40-4*16(%rax)
-	movaps	%xmm9,-40-3*16(%rax)
-	movaps	%xmm10,-40-2*16(%rax)
-	movaps	%xmm11,-40-1*16(%rax)
+	movaps	%xmm6,-40-6*16($fp)
+	movaps	%xmm7,-40-5*16($fp)
+	movaps	%xmm8,-40-4*16($fp)
+	movaps	%xmm9,-40-3*16($fp)
+	movaps	%xmm10,-40-2*16($fp)
+	movaps	%xmm11,-40-1*16($fp)
 .Lprologue_ssse3:
 ___
 $code.=<<___;
-	mov	%rax,%r14	# original %rsp
 	and	\$-64,%rsp
 	mov	%rdi,$ctx	# reassigned argument
 	mov	%rsi,$inp	# reassigned argument
@@ -908,23 +935,29 @@ $code.=<<___;
 	mov	$E,16($ctx)
 ___
 $code.=<<___ if ($win64);
-	movaps	-40-6*16(%r14),%xmm6
-	movaps	-40-5*16(%r14),%xmm7
-	movaps	-40-4*16(%r14),%xmm8
-	movaps	-40-3*16(%r14),%xmm9
-	movaps	-40-2*16(%r14),%xmm10
-	movaps	-40-1*16(%r14),%xmm11
+	movaps	-40-6*16($fp),%xmm6
+	movaps	-40-5*16($fp),%xmm7
+	movaps	-40-4*16($fp),%xmm8
+	movaps	-40-3*16($fp),%xmm9
+	movaps	-40-2*16($fp),%xmm10
+	movaps	-40-1*16($fp),%xmm11
 ___
 $code.=<<___;
-	lea	(%r14),%rsi
-	mov	-40(%rsi),%r14
-	mov	-32(%rsi),%r13
-	mov	-24(%rsi),%r12
-	mov	-16(%rsi),%rbp
-	mov	-8(%rsi),%rbx
-	lea	(%rsi),%rsp
+	mov	-40($fp),%r14
+.cfi_restore	%r14
+	mov	-32($fp),%r13
+.cfi_restore	%r13
+	mov	-24($fp),%r12
+.cfi_restore	%r12
+	mov	-16($fp),%rbp
+.cfi_restore	%rbp
+	mov	-8($fp),%rbx
+.cfi_restore	%rbx
+	lea	($fp),%rsp
+.cfi_def_cfa_register	%rsp
 .Lepilogue_ssse3:
 	ret
+.cfi_endproc
 .size	sha1_block_data_order_ssse3,.-sha1_block_data_order_ssse3
 ___
 
@@ -945,26 +978,32 @@ $code.=<<___;
 .align	16
 sha1_block_data_order_avx:
 _avx_shortcut:
-	mov	%rsp,%rax
+.cfi_startproc
+	mov	%rsp,$fp
+.cfi_def_cfa_register	$fp
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r12
+.cfi_push	%r12
 	push	%r13		# redundant, done to share Win64 SE handler
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	lea	`-64-($win64?6*16:0)`(%rsp),%rsp
 	vzeroupper
 ___
 $code.=<<___ if ($win64);
-	vmovaps	%xmm6,-40-6*16(%rax)
-	vmovaps	%xmm7,-40-5*16(%rax)
-	vmovaps	%xmm8,-40-4*16(%rax)
-	vmovaps	%xmm9,-40-3*16(%rax)
-	vmovaps	%xmm10,-40-2*16(%rax)
-	vmovaps	%xmm11,-40-1*16(%rax)
+	vmovaps	%xmm6,-40-6*16($fp)
+	vmovaps	%xmm7,-40-5*16($fp)
+	vmovaps	%xmm8,-40-4*16($fp)
+	vmovaps	%xmm9,-40-3*16($fp)
+	vmovaps	%xmm10,-40-2*16($fp)
+	vmovaps	%xmm11,-40-1*16($fp)
 .Lprologue_avx:
 ___
 $code.=<<___;
-	mov	%rax,%r14	# original %rsp
 	and	\$-64,%rsp
 	mov	%rdi,$ctx	# reassigned argument
 	mov	%rsi,$inp	# reassigned argument
@@ -1272,23 +1311,29 @@ $code.=<<___;
 	mov	$E,16($ctx)
 ___
 $code.=<<___ if ($win64);
-	movaps	-40-6*16(%r14),%xmm6
-	movaps	-40-5*16(%r14),%xmm7
-	movaps	-40-4*16(%r14),%xmm8
-	movaps	-40-3*16(%r14),%xmm9
-	movaps	-40-2*16(%r14),%xmm10
-	movaps	-40-1*16(%r14),%xmm11
+	movaps	-40-6*16($fp),%xmm6
+	movaps	-40-5*16($fp),%xmm7
+	movaps	-40-4*16($fp),%xmm8
+	movaps	-40-3*16($fp),%xmm9
+	movaps	-40-2*16($fp),%xmm10
+	movaps	-40-1*16($fp),%xmm11
 ___
 $code.=<<___;
-	lea	(%r14),%rsi
-	mov	-40(%rsi),%r14
-	mov	-32(%rsi),%r13
-	mov	-24(%rsi),%r12
-	mov	-16(%rsi),%rbp
-	mov	-8(%rsi),%rbx
-	lea	(%rsi),%rsp
+	mov	-40($fp),%r14
+.cfi_restore	%r14
+	mov	-32($fp),%r13
+.cfi_restore	%r13
+	mov	-24($fp),%r12
+.cfi_restore	%r12
+	mov	-16($fp),%rbp
+.cfi_restore	%rbp
+	mov	-8($fp),%rbx
+.cfi_restore	%rbx
+	lea	($fp),%rsp
+.cfi_def_cfa_register	%rsp
 .Lepilogue_avx:
 	ret
+.cfi_endproc
 .size	sha1_block_data_order_avx,.-sha1_block_data_order_avx
 ___
 
@@ -1312,26 +1357,32 @@ $code.=<<___;
 .align	16
 sha1_block_data_order_avx2:
 _avx2_shortcut:
-	mov	%rsp,%rax
+.cfi_startproc
+	mov	%rsp,$fp
+.cfi_def_cfa_register	$fp
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	vzeroupper
 ___
 $code.=<<___ if ($win64);
 	lea	-6*16(%rsp),%rsp
-	vmovaps	%xmm6,-40-6*16(%rax)
-	vmovaps	%xmm7,-40-5*16(%rax)
-	vmovaps	%xmm8,-40-4*16(%rax)
-	vmovaps	%xmm9,-40-3*16(%rax)
-	vmovaps	%xmm10,-40-2*16(%rax)
-	vmovaps	%xmm11,-40-1*16(%rax)
+	vmovaps	%xmm6,-40-6*16($fp)
+	vmovaps	%xmm7,-40-5*16($fp)
+	vmovaps	%xmm8,-40-4*16($fp)
+	vmovaps	%xmm9,-40-3*16($fp)
+	vmovaps	%xmm10,-40-2*16($fp)
+	vmovaps	%xmm11,-40-1*16($fp)
 .Lprologue_avx2:
 ___
 $code.=<<___;
-	mov	%rax,%r14		# original %rsp
 	mov	%rdi,$ctx		# reassigned argument
 	mov	%rsi,$inp		# reassigned argument
 	mov	%rdx,$num		# reassigned argument
@@ -1751,23 +1802,29 @@ $code.=<<___;
 	vzeroupper
 ___
 $code.=<<___ if ($win64);
-	movaps	-40-6*16(%r14),%xmm6
-	movaps	-40-5*16(%r14),%xmm7
-	movaps	-40-4*16(%r14),%xmm8
-	movaps	-40-3*16(%r14),%xmm9
-	movaps	-40-2*16(%r14),%xmm10
-	movaps	-40-1*16(%r14),%xmm11
+	movaps	-40-6*16($fp),%xmm6
+	movaps	-40-5*16($fp),%xmm7
+	movaps	-40-4*16($fp),%xmm8
+	movaps	-40-3*16($fp),%xmm9
+	movaps	-40-2*16($fp),%xmm10
+	movaps	-40-1*16($fp),%xmm11
 ___
 $code.=<<___;
-	lea	(%r14),%rsi
-	mov	-40(%rsi),%r14
-	mov	-32(%rsi),%r13
-	mov	-24(%rsi),%r12
-	mov	-16(%rsi),%rbp
-	mov	-8(%rsi),%rbx
-	lea	(%rsi),%rsp
+	mov	-40($fp),%r14
+.cfi_restore	%r14
+	mov	-32($fp),%r13
+.cfi_restore	%r13
+	mov	-24($fp),%r12
+.cfi_restore	%r12
+	mov	-16($fp),%rbp
+.cfi_restore	%rbp
+	mov	-8($fp),%rbx
+.cfi_restore	%rbx
+	lea	($fp),%rsp
+.cfi_def_cfa_register	%rsp
 .Lepilogue_avx2:
 	ret
+.cfi_endproc
 .size	sha1_block_data_order_avx2,.-sha1_block_data_order_avx2
 ___
 }
@@ -1908,15 +1965,13 @@ ssse3_handler:
 	cmp	%r10,%rbx		# context->Rip<prologue label
 	jb	.Lcommon_seh_tail
 
-	mov	152($context),%rax	# pull context->Rsp
+	mov	208($context),%rax	# pull context->R11
 
 	mov	4(%r11),%r10d		# HandlerData[1]
 	lea	(%rsi,%r10),%r10	# epilogue label
 	cmp	%r10,%rbx		# context->Rip>=epilogue label
 	jae	.Lcommon_seh_tail
 
-	mov	232($context),%rax	# pull context->R14
-
 	lea	-40-6*16(%rax),%rsi
 	lea	512($context),%rdi	# &context.Xmm6
 	mov	\$12,%ecx
@@ -1929,9 +1984,9 @@ ssse3_handler:
 	mov	-40(%rax),%r14
 	mov	%rbx,144($context)	# restore context->Rbx
 	mov	%rbp,160($context)	# restore context->Rbp
-	mov	%r12,216($context)	# restore cotnext->R12
-	mov	%r13,224($context)	# restore cotnext->R13
-	mov	%r14,232($context)	# restore cotnext->R14
+	mov	%r12,216($context)	# restore context->R12
+	mov	%r13,224($context)	# restore context->R13
+	mov	%r14,232($context)	# restore context->R14
 
 .Lcommon_seh_tail:
 	mov	8(%rax),%rdi
diff --git a/deps/openssl/openssl/crypto/sha/asm/sha256-586.pl b/deps/openssl/openssl/crypto/sha/asm/sha256-586.pl
index 72ee0c7b83..dccc771ad5 100644
--- a/deps/openssl/openssl/crypto/sha/asm/sha256-586.pl
+++ b/deps/openssl/openssl/crypto/sha/asm/sha256-586.pl
@@ -18,7 +18,7 @@
 #
 # Performance improvement over compiler generated code varies from
 # 10% to 40% [see below]. Not very impressive on some µ-archs, but
-# it's 5 times smaller and optimizies amount of writes.
+# it's 5 times smaller and optimizes amount of writes.
 #
 # May 2012.
 #
@@ -47,7 +47,7 @@
 #
 # Performance in clock cycles per processed byte (less is better):
 #
-#		gcc	icc	x86 asm(*)	SIMD	x86_64 asm(**)	
+#		gcc	icc	x86 asm(*)	SIMD	x86_64 asm(**)
 # Pentium	46	57	40/38		-	-
 # PIII		36	33	27/24		-	-
 # P4		41	38	28		-	17.3
@@ -57,14 +57,17 @@
 # Sandy Bridge	25	-	15.9		12.4	11.6
 # Ivy Bridge	24	-	15.0		11.4	10.3
 # Haswell	22	-	13.9		9.46	7.80
+# Skylake	20	-	14.9		9.50	7.70
 # Bulldozer	36	-	27/22		17.0	13.6
 # VIA Nano	36	-	25/22		16.8	16.5
 # Atom		50	-	30/25		21.9	18.9
 # Silvermont	40	-	34/31		22.9	20.6
+# Goldmont	29	-	20		16.3(***)
 #
 # (*)	numbers after slash are for unrolled loop, where applicable;
 # (**)	x86_64 assembly performance is presented for reference
 #	purposes, results are best-available;
+# (***)	SHAEXT result is 4.1, strangely enough better than 64-bit one;
 
 $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
 push(@INC,"${dir}","${dir}../../perlasm");
@@ -73,7 +76,7 @@ require "x86asm.pl";
 $output=pop;
 open STDOUT,">$output";
 
-&asm_init($ARGV[0],"sha512-586.pl",$ARGV[$#ARGV] eq "386");
+&asm_init($ARGV[0],$ARGV[$#ARGV] eq "386");
 
 $xmm=$avx=0;
 for (@ARGV) { $xmm=1 if (/-DOPENSSL_IA32_SSE2/); }
@@ -276,7 +279,7 @@ my $suffix=shift;
 	&mov	($Coff,"ecx");
 	&mov	($Doff,"edi");
 	&mov	(&DWP(0,"esp"),"ebx");	# magic
-	&mov	($E,&DWP(16,"esi"));	
+	&mov	($E,&DWP(16,"esi"));
 	&mov	("ebx",&DWP(20,"esi"));
 	&mov	("ecx",&DWP(24,"esi"));
 	&mov	("edi",&DWP(28,"esi"));
@@ -385,7 +388,7 @@ my @AH=($A,$K256);
 	&xor	($AH[1],"ecx");		# magic
 	&mov	(&DWP(8,"esp"),"ecx");
 	&mov	(&DWP(12,"esp"),"ebx");
-	&mov	($E,&DWP(16,"esi"));	
+	&mov	($E,&DWP(16,"esi"));
 	&mov	("ebx",&DWP(20,"esi"));
 	&mov	("ecx",&DWP(24,"esi"));
 	&mov	("esi",&DWP(28,"esi"));
diff --git a/deps/openssl/openssl/crypto/sha/asm/sha256-mb-x86_64.pl b/deps/openssl/openssl/crypto/sha/asm/sha256-mb-x86_64.pl
index fbcd29f2e8..73978dbd81 100644
--- a/deps/openssl/openssl/crypto/sha/asm/sha256-mb-x86_64.pl
+++ b/deps/openssl/openssl/crypto/sha/asm/sha256-mb-x86_64.pl
@@ -36,7 +36,7 @@
 # (iii)	"this" is for n=8, when we gather twice as much data, result
 #	for n=4 is 20.3+4.44=24.7;
 # (iv)	presented improvement coefficients are asymptotic limits and
-#	in real-life application are somewhat lower, e.g. for 2KB 
+#	in real-life application are somewhat lower, e.g. for 2KB
 #	fragments they range from 75% to 130% (on Haswell);
 
 $flavour = shift;
@@ -244,6 +244,7 @@ $code.=<<___;
 .type	sha256_multi_block,\@function,3
 .align	32
 sha256_multi_block:
+.cfi_startproc
 	mov	OPENSSL_ia32cap_P+4(%rip),%rcx
 	bt	\$61,%rcx			# check SHA bit
 	jc	_shaext_shortcut
@@ -254,8 +255,11 @@ $code.=<<___ if ($avx);
 ___
 $code.=<<___;
 	mov	%rsp,%rax
+.cfi_def_cfa_register	%rax
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 ___
 $code.=<<___ if ($win64);
 	lea	-0xa8(%rsp),%rsp
@@ -274,6 +278,7 @@ $code.=<<___;
 	sub	\$`$REG_SZ*18`, %rsp
 	and	\$-256,%rsp
 	mov	%rax,`$REG_SZ*17`(%rsp)		# original %rsp
+.cfi_cfa_expression	%rsp+`$REG_SZ*17`,deref,+8
 .Lbody:
 	lea	K256+128(%rip),$Tbl
 	lea	`$REG_SZ*16`(%rsp),%rbx
@@ -391,6 +396,7 @@ $code.=<<___;
 
 .Ldone:
 	mov	`$REG_SZ*17`(%rsp),%rax		# original %rsp
+.cfi_def_cfa	%rax,8
 ___
 $code.=<<___ if ($win64);
 	movaps	-0xb8(%rax),%xmm6
@@ -406,10 +412,14 @@ $code.=<<___ if ($win64);
 ___
 $code.=<<___;
 	mov	-16(%rax),%rbp
+.cfi_restore	%rbp
 	mov	-8(%rax),%rbx
+.cfi_restore	%rbx
 	lea	(%rax),%rsp
+.cfi_def_cfa_register	%rsp
 .Lepilogue:
 	ret
+.cfi_endproc
 .size	sha256_multi_block,.-sha256_multi_block
 ___
 						{{{
@@ -421,10 +431,14 @@ $code.=<<___;
 .type	sha256_multi_block_shaext,\@function,3
 .align	32
 sha256_multi_block_shaext:
+.cfi_startproc
 _shaext_shortcut:
 	mov	%rsp,%rax
+.cfi_def_cfa_register	%rax
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 ___
 $code.=<<___ if ($win64);
 	lea	-0xa8(%rsp),%rsp
@@ -758,10 +772,14 @@ $code.=<<___ if ($win64);
 ___
 $code.=<<___;
 	mov	-16(%rax),%rbp
+.cfi_restore	%rbp
 	mov	-8(%rax),%rbx
+.cfi_restore	%rbx
 	lea	(%rax),%rsp
+.cfi_def_cfa_register	%rsp
 .Lepilogue_shaext:
 	ret
+.cfi_endproc
 .size	sha256_multi_block_shaext,.-sha256_multi_block_shaext
 ___
 						}}}
@@ -921,6 +939,7 @@ $code.=<<___;
 .type	sha256_multi_block_avx,\@function,3
 .align	32
 sha256_multi_block_avx:
+.cfi_startproc
 _avx_shortcut:
 ___
 $code.=<<___ if ($avx>1);
@@ -935,8 +954,11 @@ $code.=<<___ if ($avx>1);
 ___
 $code.=<<___;
 	mov	%rsp,%rax
+.cfi_def_cfa_register	%rax
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 ___
 $code.=<<___ if ($win64);
 	lea	-0xa8(%rsp),%rsp
@@ -955,6 +977,7 @@ $code.=<<___;
 	sub	\$`$REG_SZ*18`, %rsp
 	and	\$-256,%rsp
 	mov	%rax,`$REG_SZ*17`(%rsp)		# original %rsp
+.cfi_cfa_expression	%rsp+`$REG_SZ*17`,deref,+8
 .Lbody_avx:
 	lea	K256+128(%rip),$Tbl
 	lea	`$REG_SZ*16`(%rsp),%rbx
@@ -1070,6 +1093,7 @@ $code.=<<___;
 
 .Ldone_avx:
 	mov	`$REG_SZ*17`(%rsp),%rax		# original %rsp
+.cfi_def_cfa	%rax,8
 	vzeroupper
 ___
 $code.=<<___ if ($win64);
@@ -1086,10 +1110,14 @@ $code.=<<___ if ($win64);
 ___
 $code.=<<___;
 	mov	-16(%rax),%rbp
+.cfi_restore	%rbp
 	mov	-8(%rax),%rbx
+.cfi_restore	%rbx
 	lea	(%rax),%rsp
+.cfi_def_cfa_register	%rsp
 .Lepilogue_avx:
 	ret
+.cfi_endproc
 .size	sha256_multi_block_avx,.-sha256_multi_block_avx
 ___
 						if ($avx>1) {
@@ -1105,14 +1133,22 @@ $code.=<<___;
 .type	sha256_multi_block_avx2,\@function,3
 .align	32
 sha256_multi_block_avx2:
+.cfi_startproc
 _avx2_shortcut:
 	mov	%rsp,%rax
+.cfi_def_cfa_register	%rax
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
 ___
 $code.=<<___ if ($win64);
 	lea	-0xa8(%rsp),%rsp
@@ -1131,6 +1167,7 @@ $code.=<<___;
 	sub	\$`$REG_SZ*18`, %rsp
 	and	\$-256,%rsp
 	mov	%rax,`$REG_SZ*17`(%rsp)		# original %rsp
+.cfi_cfa_expression	%rsp+`$REG_SZ*17`,deref,+8
 .Lbody_avx2:
 	lea	K256+128(%rip),$Tbl
 	lea	0x80($ctx),$ctx			# size optimization
@@ -1246,6 +1283,7 @@ $code.=<<___;
 
 .Ldone_avx2:
 	mov	`$REG_SZ*17`(%rsp),%rax		# original %rsp
+.cfi_def_cfa	%rax,8
 	vzeroupper
 ___
 $code.=<<___ if ($win64);
@@ -1262,14 +1300,22 @@ $code.=<<___ if ($win64);
 ___
 $code.=<<___;
 	mov	-48(%rax),%r15
+.cfi_restore	%r15
 	mov	-40(%rax),%r14
+.cfi_restore	%r14
 	mov	-32(%rax),%r13
+.cfi_restore	%r13
 	mov	-24(%rax),%r12
+.cfi_restore	%r12
 	mov	-16(%rax),%rbp
+.cfi_restore	%rbp
 	mov	-8(%rax),%rbx
+.cfi_restore	%rbx
 	lea	(%rax),%rsp
+.cfi_def_cfa_register	%rsp
 .Lepilogue_avx2:
 	ret
+.cfi_endproc
 .size	sha256_multi_block_avx2,.-sha256_multi_block_avx2
 ___
 					}	}}}
@@ -1462,10 +1508,10 @@ avx2_handler:
 	mov	-48(%rax),%r15
 	mov	%rbx,144($context)	# restore context->Rbx
 	mov	%rbp,160($context)	# restore context->Rbp
-	mov	%r12,216($context)	# restore cotnext->R12
-	mov	%r13,224($context)	# restore cotnext->R13
-	mov	%r14,232($context)	# restore cotnext->R14
-	mov	%r15,240($context)	# restore cotnext->R15
+	mov	%r12,216($context)	# restore context->R12
+	mov	%r13,224($context)	# restore context->R13
+	mov	%r14,232($context)	# restore context->R14
+	mov	%r15,240($context)	# restore context->R15
 
 	lea	-56-10*16(%rax),%rsi
 	lea	512($context),%rdi	# &context.Xmm6
diff --git a/deps/openssl/openssl/crypto/sha/asm/sha512-586.pl b/deps/openssl/openssl/crypto/sha/asm/sha512-586.pl
index 3873934b69..867ce30b97 100644
--- a/deps/openssl/openssl/crypto/sha/asm/sha512-586.pl
+++ b/deps/openssl/openssl/crypto/sha/asm/sha512-586.pl
@@ -32,6 +32,7 @@
 # Sandy Bridge	58	-	35	11.9	11.2
 # Ivy Bridge	50	-	33	11.5	8.17
 # Haswell	46	-	29	11.3	7.66
+# Skylake	40	-	26	13.3	7.25
 # Bulldozer	121	-	50	14.0	13.5
 # VIA Nano	91	-	52	33	14.7
 # Atom		126	-	68	48(***)	14.7
@@ -41,7 +42,7 @@
 # (*)	whichever best applicable.
 # (**)	x86_64 assembler performance is presented for reference
 #	purposes, the results are for integer-only code.
-# (***)	paddq is increadibly slow on Atom.
+# (***)	paddq is incredibly slow on Atom.
 #
 # IALU code-path is optimized for elder Pentiums. On vanilla Pentium
 # performance improvement over compiler generated code reaches ~60%,
@@ -61,7 +62,7 @@ require "x86asm.pl";
 $output=pop;
 open STDOUT,">$output";
 
-&asm_init($ARGV[0],"sha512-586.pl",$ARGV[$#ARGV] eq "386");
+&asm_init($ARGV[0],$ARGV[$#ARGV] eq "386");
 
 $sse2=0;
 for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
@@ -384,7 +385,7 @@ if ($sse2) {
 
 &set_label("16_79_sse2",16);
     for ($j=0;$j<2;$j++) {			# 2x unroll
-	#&movq	("mm7",&QWP(8*(9+16-1),"esp"));	# prefetched in BODY_00_15 
+	#&movq	("mm7",&QWP(8*(9+16-1),"esp"));	# prefetched in BODY_00_15
 	&movq	("mm5",&QWP(8*(9+16-14),"esp"));
 	&movq	("mm1","mm7");
 	&psrlq	("mm7",1);
diff --git a/deps/openssl/openssl/crypto/sha/asm/sha512-armv8.pl b/deps/openssl/openssl/crypto/sha/asm/sha512-armv8.pl
index c1aaf778f4..ac84ebb52e 100644
--- a/deps/openssl/openssl/crypto/sha/asm/sha512-armv8.pl
+++ b/deps/openssl/openssl/crypto/sha/asm/sha512-armv8.pl
@@ -1,17 +1,18 @@
 #! /usr/bin/env perl
-# Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
 # in the file LICENSE in the source distribution or at
 # https://www.openssl.org/source/license.html
 
-#
 # ====================================================================
 # Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
 # project. The module is, however, dual licensed under OpenSSL and
 # CRYPTOGAMS licenses depending on where you obtain it. For further
 # details see http://www.openssl.org/~appro/cryptogams/.
+#
+# Permission to use under GPLv2 terms is granted.
 # ====================================================================
 #
 # SHA256/512 for ARMv8.
@@ -26,7 +27,8 @@
 # Denver	2.01		10.5 (+26%)	6.70 (+8%)
 # X-Gene			20.0 (+100%)	12.8 (+300%(***))
 # Mongoose	2.36		13.0 (+50%)	8.36 (+33%)
-# 
+# Kryo		1.92		17.4 (+30%)	11.2 (+8%)
+#
 # (*)	Software SHA256 results are of lesser relevance, presented
 #	mostly for informational purposes.
 # (**)	The result is a trade-off: it's possible to improve it by
@@ -34,19 +36,37 @@
 #	on Cortex-A53 (or by 4 cycles per round).
 # (***)	Super-impressive coefficients over gcc-generated code are
 #	indication of some compiler "pathology", most notably code
-#	generated with -mgeneral-regs-only is significanty faster
+#	generated with -mgeneral-regs-only is significantly faster
 #	and the gap is only 40-90%.
-
-$flavour=shift;
-$output=shift;
-
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or
-( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or
-die "can't locate arm-xlate.pl";
-
-open OUT,"| \"$^X\" $xlate $flavour $output";
-*STDOUT=*OUT;
+#
+# October 2016.
+#
+# Originally it was reckoned that it makes no sense to implement NEON
+# version of SHA256 for 64-bit processors. This is because performance
+# improvement on most wide-spread Cortex-A5x processors was observed
+# to be marginal, same on Cortex-A53 and ~10% on A57. But then it was
+# observed that 32-bit NEON SHA256 performs significantly better than
+# 64-bit scalar version on *some* of the more recent processors. As
+# result 64-bit NEON version of SHA256 was added to provide best
+# all-round performance. For example it executes ~30% faster on X-Gene
+# and Mongoose. [For reference, NEON version of SHA512 is bound to
+# deliver much less improvement, likely *negative* on Cortex-A5x.
+# Which is why NEON support is limited to SHA256.]
+
+$output=pop;
+$flavour=pop;
+
+if ($flavour && $flavour ne "void") {
+    $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+    ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or
+    ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or
+    die "can't locate arm-xlate.pl";
+
+    open OUT,"| \"$^X\" $xlate $flavour $output";
+    *STDOUT=*OUT;
+} else {
+    open STDOUT,">$output";
+}
 
 if ($output =~ /512/) {
 	$BITS=512;
@@ -83,7 +103,7 @@ my ($T0,$T1,$T2)=(@X[($i-8)&15],@X[($i-9)&15],@X[($i-10)&15]);
    $T0=@X[$i+3] if ($i<11);
 
 $code.=<<___	if ($i<16);
-#ifndef	__ARMEB__
+#ifndef	__AARCH64EB__
 	rev	@X[$i],@X[$i]			// $i
 #endif
 ___
@@ -166,7 +186,9 @@ ___
 }
 
 $code.=<<___;
-#include "arm_arch.h"
+#ifndef	__KERNEL__
+# include "arm_arch.h"
+#endif
 
 .text
 
@@ -175,20 +197,28 @@ $code.=<<___;
 .type	$func,%function
 .align	6
 $func:
-___
-$code.=<<___	if ($SZ==4);
-#ifdef	__ILP32__
+#ifndef	__KERNEL__
+# ifdef	__ILP32__
 	ldrsw	x16,.LOPENSSL_armcap_P
-#else
+# else
 	ldr	x16,.LOPENSSL_armcap_P
-#endif
+# endif
 	adr	x17,.LOPENSSL_armcap_P
 	add	x16,x16,x17
 	ldr	w16,[x16]
+___
+$code.=<<___	if ($SZ==4);
 	tst	w16,#ARMV8_SHA256
 	b.ne	.Lv8_entry
+	tst	w16,#ARMV7_NEON
+	b.ne	.Lneon_entry
+___
+$code.=<<___	if ($SZ==8);
+	tst	w16,#ARMV8_SHA512
+	b.ne	.Lv8_entry
 ___
 $code.=<<___;
+#endif
 	stp	x29,x30,[sp,#-128]!
 	add	x29,sp,#0
 
@@ -321,12 +351,14 @@ $code.=<<___ if ($SZ==4);
 ___
 $code.=<<___;
 .size	.LK$BITS,.-.LK$BITS
+#ifndef	__KERNEL__
 .align	3
 .LOPENSSL_armcap_P:
-#ifdef	__ILP32__
+# ifdef	__ILP32__
 	.long	OPENSSL_armcap_P-.
-#else
+# else
 	.quad	OPENSSL_armcap_P-.
+# endif
 #endif
 .asciz	"SHA$BITS block transform for ARMv8, CRYPTOGAMS by <appro\@openssl.org>"
 .align	2
@@ -341,6 +373,7 @@ my ($W0,$W1)=("v16.4s","v17.4s");
 my ($ABCD_SAVE,$EFGH_SAVE)=("v18.16b","v19.16b");
 
 $code.=<<___;
+#ifndef	__KERNEL__
 .type	sha256_block_armv8,%function
 .align	6
 sha256_block_armv8:
@@ -409,11 +442,406 @@ $code.=<<___;
 	ldr		x29,[sp],#16
 	ret
 .size	sha256_block_armv8,.-sha256_block_armv8
+#endif
+___
+}
+
+if ($SZ==4) {	######################################### NEON stuff #
+# You'll surely note a lot of similarities with sha256-armv4 module,
+# and of course it's not a coincidence. sha256-armv4 was used as
+# initial template, but was adapted for ARMv8 instruction set and
+# extensively re-tuned for all-round performance.
+
+my @V = ($A,$B,$C,$D,$E,$F,$G,$H) = map("w$_",(3..10));
+my ($t0,$t1,$t2,$t3,$t4) = map("w$_",(11..15));
+my $Ktbl="x16";
+my $Xfer="x17";
+my @X = map("q$_",(0..3));
+my ($T0,$T1,$T2,$T3,$T4,$T5,$T6,$T7) = map("q$_",(4..7,16..19));
+my $j=0;
+
+sub AUTOLOAD()          # thunk [simplified] x86-style perlasm
+{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://; $opcode =~ s/_/\./;
+  my $arg = pop;
+    $arg = "#$arg" if ($arg*1 eq $arg);
+    $code .= "\t$opcode\t".join(',',@_,$arg)."\n";
+}
+
+sub Dscalar { shift =~ m|[qv]([0-9]+)|?"d$1":""; }
+sub Dlo     { shift =~ m|[qv]([0-9]+)|?"v$1.d[0]":""; }
+sub Dhi     { shift =~ m|[qv]([0-9]+)|?"v$1.d[1]":""; }
+
+sub Xupdate()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);
+  my ($a,$b,$c,$d,$e,$f,$g,$h);
+
+	&ext_8		($T0,@X[0],@X[1],4);	# X[1..4]
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&ext_8		($T3,@X[2],@X[3],4);	# X[9..12]
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&mov		(&Dscalar($T7),&Dhi(@X[3]));	# X[14..15]
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&ushr_32	($T2,$T0,$sigma0[0]);
+	 eval(shift(@insns));
+	&ushr_32	($T1,$T0,$sigma0[2]);
+	 eval(shift(@insns));
+	&add_32 	(@X[0],@X[0],$T3);	# X[0..3] += X[9..12]
+	 eval(shift(@insns));
+	&sli_32		($T2,$T0,32-$sigma0[0]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&ushr_32	($T3,$T0,$sigma0[1]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&eor_8		($T1,$T1,$T2);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&sli_32		($T3,$T0,32-$sigma0[1]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &ushr_32	($T4,$T7,$sigma1[0]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&eor_8		($T1,$T1,$T3);		# sigma0(X[1..4])
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &sli_32	($T4,$T7,32-$sigma1[0]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &ushr_32	($T5,$T7,$sigma1[2]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &ushr_32	($T3,$T7,$sigma1[1]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&add_32		(@X[0],@X[0],$T1);	# X[0..3] += sigma0(X[1..4])
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &sli_u32	($T3,$T7,32-$sigma1[1]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &eor_8	($T5,$T5,$T4);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &eor_8	($T5,$T5,$T3);		# sigma1(X[14..15])
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&add_32		(@X[0],@X[0],$T5);	# X[0..1] += sigma1(X[14..15])
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &ushr_32	($T6,@X[0],$sigma1[0]);
+	 eval(shift(@insns));
+	  &ushr_32	($T7,@X[0],$sigma1[2]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &sli_32	($T6,@X[0],32-$sigma1[0]);
+	 eval(shift(@insns));
+	  &ushr_32	($T5,@X[0],$sigma1[1]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &eor_8	($T7,$T7,$T6);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &sli_32	($T5,@X[0],32-$sigma1[1]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&ld1_32		("{$T0}","[$Ktbl], #16");
+	 eval(shift(@insns));
+	  &eor_8	($T7,$T7,$T5);		# sigma1(X[16..17])
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&eor_8		($T5,$T5,$T5);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&mov		(&Dhi($T5), &Dlo($T7));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&add_32		(@X[0],@X[0],$T5);	# X[2..3] += sigma1(X[16..17])
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&add_32		($T0,$T0,@X[0]);
+	 while($#insns>=1) { eval(shift(@insns)); }
+	&st1_32		("{$T0}","[$Xfer], #16");
+	 eval(shift(@insns));
+
+	push(@X,shift(@X));		# "rotate" X[]
+}
+
+sub Xpreload()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);
+  my ($a,$b,$c,$d,$e,$f,$g,$h);
+
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&ld1_8		("{@X[0]}","[$inp],#16");
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&ld1_32		("{$T0}","[$Ktbl],#16");
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&rev32		(@X[0],@X[0]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&add_32		($T0,$T0,@X[0]);
+	 foreach (@insns) { eval; }	# remaining instructions
+	&st1_32		("{$T0}","[$Xfer], #16");
+
+	push(@X,shift(@X));		# "rotate" X[]
+}
+
+sub body_00_15 () {
+	(
+	'($a,$b,$c,$d,$e,$f,$g,$h)=@V;'.
+	'&add	($h,$h,$t1)',			# h+=X[i]+K[i]
+	'&add	($a,$a,$t4);'.			# h+=Sigma0(a) from the past
+	'&and	($t1,$f,$e)',
+	'&bic	($t4,$g,$e)',
+	'&eor	($t0,$e,$e,"ror#".($Sigma1[1]-$Sigma1[0]))',
+	'&add	($a,$a,$t2)',			# h+=Maj(a,b,c) from the past
+	'&orr	($t1,$t1,$t4)',			# Ch(e,f,g)
+	'&eor	($t0,$t0,$e,"ror#".($Sigma1[2]-$Sigma1[0]))',	# Sigma1(e)
+	'&eor	($t4,$a,$a,"ror#".($Sigma0[1]-$Sigma0[0]))',
+	'&add	($h,$h,$t1)',			# h+=Ch(e,f,g)
+	'&ror	($t0,$t0,"#$Sigma1[0]")',
+	'&eor	($t2,$a,$b)',			# a^b, b^c in next round
+	'&eor	($t4,$t4,$a,"ror#".($Sigma0[2]-$Sigma0[0]))',	# Sigma0(a)
+	'&add	($h,$h,$t0)',			# h+=Sigma1(e)
+	'&ldr	($t1,sprintf "[sp,#%d]",4*(($j+1)&15))	if (($j&15)!=15);'.
+	'&ldr	($t1,"[$Ktbl]")				if ($j==15);'.
+	'&and	($t3,$t3,$t2)',			# (b^c)&=(a^b)
+	'&ror	($t4,$t4,"#$Sigma0[0]")',
+	'&add	($d,$d,$h)',			# d+=h
+	'&eor	($t3,$t3,$b)',			# Maj(a,b,c)
+	'$j++;	unshift(@V,pop(@V)); ($t2,$t3)=($t3,$t2);'
+	)
+}
+
+$code.=<<___;
+#ifdef	__KERNEL__
+.globl	sha256_block_neon
+#endif
+.type	sha256_block_neon,%function
+.align	4
+sha256_block_neon:
+.Lneon_entry:
+	stp	x29, x30, [sp, #-16]!
+	mov	x29, sp
+	sub	sp,sp,#16*4
+
+	adr	$Ktbl,.LK256
+	add	$num,$inp,$num,lsl#6	// len to point at the end of inp
+
+	ld1.8	{@X[0]},[$inp], #16
+	ld1.8	{@X[1]},[$inp], #16
+	ld1.8	{@X[2]},[$inp], #16
+	ld1.8	{@X[3]},[$inp], #16
+	ld1.32	{$T0},[$Ktbl], #16
+	ld1.32	{$T1},[$Ktbl], #16
+	ld1.32	{$T2},[$Ktbl], #16
+	ld1.32	{$T3},[$Ktbl], #16
+	rev32	@X[0],@X[0]		// yes, even on
+	rev32	@X[1],@X[1]		// big-endian
+	rev32	@X[2],@X[2]
+	rev32	@X[3],@X[3]
+	mov	$Xfer,sp
+	add.32	$T0,$T0,@X[0]
+	add.32	$T1,$T1,@X[1]
+	add.32	$T2,$T2,@X[2]
+	st1.32	{$T0-$T1},[$Xfer], #32
+	add.32	$T3,$T3,@X[3]
+	st1.32	{$T2-$T3},[$Xfer]
+	sub	$Xfer,$Xfer,#32
+
+	ldp	$A,$B,[$ctx]
+	ldp	$C,$D,[$ctx,#8]
+	ldp	$E,$F,[$ctx,#16]
+	ldp	$G,$H,[$ctx,#24]
+	ldr	$t1,[sp,#0]
+	mov	$t2,wzr
+	eor	$t3,$B,$C
+	mov	$t4,wzr
+	b	.L_00_48
+
+.align	4
+.L_00_48:
+___
+	&Xupdate(\&body_00_15);
+	&Xupdate(\&body_00_15);
+	&Xupdate(\&body_00_15);
+	&Xupdate(\&body_00_15);
+$code.=<<___;
+	cmp	$t1,#0				// check for K256 terminator
+	ldr	$t1,[sp,#0]
+	sub	$Xfer,$Xfer,#64
+	bne	.L_00_48
+
+	sub	$Ktbl,$Ktbl,#256		// rewind $Ktbl
+	cmp	$inp,$num
+	mov	$Xfer, #64
+	csel	$Xfer, $Xfer, xzr, eq
+	sub	$inp,$inp,$Xfer			// avoid SEGV
+	mov	$Xfer,sp
+___
+	&Xpreload(\&body_00_15);
+	&Xpreload(\&body_00_15);
+	&Xpreload(\&body_00_15);
+	&Xpreload(\&body_00_15);
+$code.=<<___;
+	add	$A,$A,$t4			// h+=Sigma0(a) from the past
+	ldp	$t0,$t1,[$ctx,#0]
+	add	$A,$A,$t2			// h+=Maj(a,b,c) from the past
+	ldp	$t2,$t3,[$ctx,#8]
+	add	$A,$A,$t0			// accumulate
+	add	$B,$B,$t1
+	ldp	$t0,$t1,[$ctx,#16]
+	add	$C,$C,$t2
+	add	$D,$D,$t3
+	ldp	$t2,$t3,[$ctx,#24]
+	add	$E,$E,$t0
+	add	$F,$F,$t1
+	 ldr	$t1,[sp,#0]
+	stp	$A,$B,[$ctx,#0]
+	add	$G,$G,$t2
+	 mov	$t2,wzr
+	stp	$C,$D,[$ctx,#8]
+	add	$H,$H,$t3
+	stp	$E,$F,[$ctx,#16]
+	 eor	$t3,$B,$C
+	stp	$G,$H,[$ctx,#24]
+	 mov	$t4,wzr
+	 mov	$Xfer,sp
+	b.ne	.L_00_48
+
+	ldr	x29,[x29]
+	add	sp,sp,#16*4+16
+	ret
+.size	sha256_block_neon,.-sha256_block_neon
 ___
 }
 
+if ($SZ==8) {
+my $Ktbl="x3";
+
+my @H = map("v$_.16b",(0..4));
+my ($fg,$de,$m9_10)=map("v$_.16b",(5..7));
+my @MSG=map("v$_.16b",(16..23));
+my ($W0,$W1)=("v24.2d","v25.2d");
+my ($AB,$CD,$EF,$GH)=map("v$_.16b",(26..29));
+
 $code.=<<___;
+#ifndef	__KERNEL__
+.type	sha512_block_armv8,%function
+.align	6
+sha512_block_armv8:
+.Lv8_entry:
+	stp		x29,x30,[sp,#-16]!
+	add		x29,sp,#0
+
+	ld1		{@MSG[0]-@MSG[3]},[$inp],#64	// load input
+	ld1		{@MSG[4]-@MSG[7]},[$inp],#64
+
+	ld1.64		{@H[0]-@H[3]},[$ctx]		// load context
+	adr		$Ktbl,.LK512
+
+	rev64		@MSG[0],@MSG[0]
+	rev64		@MSG[1],@MSG[1]
+	rev64		@MSG[2],@MSG[2]
+	rev64		@MSG[3],@MSG[3]
+	rev64		@MSG[4],@MSG[4]
+	rev64		@MSG[5],@MSG[5]
+	rev64		@MSG[6],@MSG[6]
+	rev64		@MSG[7],@MSG[7]
+	b		.Loop_hw
+
+.align	4
+.Loop_hw:
+	ld1.64		{$W0},[$Ktbl],#16
+	subs		$num,$num,#1
+	sub		x4,$inp,#128
+	orr		$AB,@H[0],@H[0]			// offload
+	orr		$CD,@H[1],@H[1]
+	orr		$EF,@H[2],@H[2]
+	orr		$GH,@H[3],@H[3]
+	csel		$inp,$inp,x4,ne			// conditional rewind
+___
+for($i=0;$i<32;$i++) {
+$code.=<<___;
+	add.i64		$W0,$W0,@MSG[0]
+	ld1.64		{$W1},[$Ktbl],#16
+	ext		$W0,$W0,$W0,#8
+	ext		$fg,@H[2],@H[3],#8
+	ext		$de,@H[1],@H[2],#8
+	add.i64		@H[3],@H[3],$W0			// "T1 + H + K512[i]"
+	 sha512su0	@MSG[0],@MSG[1]
+	 ext		$m9_10,@MSG[4],@MSG[5],#8
+	sha512h		@H[3],$fg,$de
+	 sha512su1	@MSG[0],@MSG[7],$m9_10
+	add.i64		@H[4],@H[1],@H[3]		// "D + T1"
+	sha512h2	@H[3],$H[1],@H[0]
+___
+	($W0,$W1)=($W1,$W0);	push(@MSG,shift(@MSG));
+	@H = (@H[3],@H[0],@H[4],@H[2],@H[1]);
+}
+for(;$i<40;$i++) {
+$code.=<<___	if ($i<39);
+	ld1.64		{$W1},[$Ktbl],#16
+___
+$code.=<<___	if ($i==39);
+	sub		$Ktbl,$Ktbl,#$rounds*$SZ	// rewind
+___
+$code.=<<___;
+	add.i64		$W0,$W0,@MSG[0]
+	 ld1		{@MSG[0]},[$inp],#16		// load next input
+	ext		$W0,$W0,$W0,#8
+	ext		$fg,@H[2],@H[3],#8
+	ext		$de,@H[1],@H[2],#8
+	add.i64		@H[3],@H[3],$W0			// "T1 + H + K512[i]"
+	sha512h		@H[3],$fg,$de
+	 rev64		@MSG[0],@MSG[0]
+	add.i64		@H[4],@H[1],@H[3]		// "D + T1"
+	sha512h2	@H[3],$H[1],@H[0]
+___
+	($W0,$W1)=($W1,$W0);	push(@MSG,shift(@MSG));
+	@H = (@H[3],@H[0],@H[4],@H[2],@H[1]);
+}
+$code.=<<___;
+	add.i64		@H[0],@H[0],$AB			// accumulate
+	add.i64		@H[1],@H[1],$CD
+	add.i64		@H[2],@H[2],$EF
+	add.i64		@H[3],@H[3],$GH
+
+	cbnz		$num,.Loop_hw
+
+	st1.64		{@H[0]-@H[3]},[$ctx]		// store context
+
+	ldr		x29,[sp],#16
+	ret
+.size	sha512_block_armv8,.-sha512_block_armv8
+#endif
+___
+}
+
+$code.=<<___;
+#ifndef	__KERNEL__
 .comm	OPENSSL_armcap_P,4,4
+#endif
 ___
 
 {   my  %opcode = (
@@ -431,14 +859,43 @@ ___
     }
 }
 
+{   my  %opcode = (
+	"sha512h"	=> 0xce608000,	"sha512h2"	=> 0xce608400,
+	"sha512su0"	=> 0xcec08000,	"sha512su1"	=> 0xce608800	);
+
+    sub unsha512 {
+	my ($mnemonic,$arg)=@_;
+
+	$arg =~ m/[qv]([0-9]+)[^,]*,\s*[qv]([0-9]+)[^,]*(?:,\s*[qv]([0-9]+))?/o
+	&&
+	sprintf ".inst\t0x%08x\t//%s %s",
+			$opcode{$mnemonic}|$1|($2<<5)|($3<<16),
+			$mnemonic,$arg;
+    }
+}
+
+open SELF,$0;
+while(<SELF>) {
+        next if (/^#!/);
+        last if (!s/^#/\/\// and !/^$/);
+        print;
+}
+close SELF;
+
 foreach(split("\n",$code)) {
 
-	s/\`([^\`]*)\`/eval($1)/geo;
+	s/\`([^\`]*)\`/eval($1)/ge;
+
+	s/\b(sha512\w+)\s+([qv].*)/unsha512($1,$2)/ge	or
+	s/\b(sha256\w+)\s+([qv].*)/unsha256($1,$2)/ge;
 
-	s/\b(sha256\w+)\s+([qv].*)/unsha256($1,$2)/geo;
+	s/\bq([0-9]+)\b/v$1.16b/g;		# old->new registers
 
-	s/\.\w?32\b//o		and s/\.16b/\.4s/go;
-	m/(ld|st)1[^\[]+\[0\]/o	and s/\.4s/\.s/go;
+	s/\.[ui]?8(\s)/$1/;
+	s/\.\w?64\b//		and s/\.16b/\.2d/g	or
+	s/\.\w?32\b//		and s/\.16b/\.4s/g;
+	m/\bext\b/		and s/\.2d/\.16b/g	or
+	m/(ld|st)1[^\[]+\[0\]/	and s/\.4s/\.s/g;
 
 	print $_,"\n";
 }
diff --git a/deps/openssl/openssl/crypto/sha/asm/sha512-mips.pl b/deps/openssl/openssl/crypto/sha/asm/sha512-mips.pl
index 5c2d23faaf..dab684dde5 100644
--- a/deps/openssl/openssl/crypto/sha/asm/sha512-mips.pl
+++ b/deps/openssl/openssl/crypto/sha/asm/sha512-mips.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -60,16 +60,16 @@ $flavour = shift || "o32"; # supported flavours are o32,n32,64,nubi32,nubi64
 
 if ($flavour =~ /64|n32/i) {
 	$PTR_LA="dla";
-	$PTR_ADD="dadd";	# incidentally works even on n32
-	$PTR_SUB="dsub";	# incidentally works even on n32
+	$PTR_ADD="daddu";	# incidentally works even on n32
+	$PTR_SUB="dsubu";	# incidentally works even on n32
 	$REG_S="sd";
 	$REG_L="ld";
 	$PTR_SLL="dsll";	# incidentally works even on n32
 	$SZREG=8;
 } else {
 	$PTR_LA="la";
-	$PTR_ADD="add";
-	$PTR_SUB="sub";
+	$PTR_ADD="addu";
+	$PTR_SUB="subu";
 	$REG_S="sw";
 	$REG_L="lw";
 	$PTR_SLL="sll";
@@ -81,7 +81,7 @@ $pf = ($flavour =~ /nubi/i) ? $t0 : $t2;
 #
 ######################################################################
 
-$big_endian=(`echo MIPSEL | $ENV{CC} -E -`=~/MIPSEL/)?1:0 if ($ENV{CC});
+$big_endian=(`echo MIPSEB | $ENV{CC} -E -`=~/MIPSEB/)?0:1 if ($ENV{CC});
 
 for (@ARGV) {	$output=$_ if (/\w[\w\-]*\.\w+$/);	}
 open STDOUT,">$output";
@@ -135,8 +135,12 @@ my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_;
 my ($T1,$tmp0,$tmp1,$tmp2)=(@X[4],@X[5],@X[6],@X[7]);
 
 $code.=<<___ if ($i<15);
+#if defined(_MIPS_ARCH_MIPS32R6) || defined(_MIPS_ARCH_MIPS64R6)
+	${LD}	@X[1],`($i+1)*$SZ`($inp)
+#else
 	${LD}l	@X[1],`($i+1)*$SZ+$MSB`($inp)
 	${LD}r	@X[1],`($i+1)*$SZ+$LSB`($inp)
+#endif
 ___
 $code.=<<___	if (!$big_endian && $i<16 && $SZ==4);
 #if defined(_MIPS_ARCH_MIPS32R2) || defined(_MIPS_ARCH_MIPS64R2)
@@ -298,13 +302,7 @@ $FRAMESIZE=16*$SZ+16*$SZREG;
 $SAVED_REGS_MASK = ($flavour =~ /nubi/i) ? "0xc0fff008" : "0xc0ff0000";
 
 $code.=<<___;
-#ifdef OPENSSL_FIPSCANISTER
-# include <openssl/fipssyms.h>
-#endif
-
-#if defined(__mips_smartmips) && !defined(_MIPS_ARCH_MIPS32R2)
-#define _MIPS_ARCH_MIPS32R2
-#endif
+#include "mips_arch.h"
 
 .text
 .set	noat
@@ -369,8 +367,12 @@ $code.=<<___;
 
 .align	5
 .Loop:
+#if defined(_MIPS_ARCH_MIPS32R6) || defined(_MIPS_ARCH_MIPS64R6)
+	${LD}	@X[0],($inp)
+#else
 	${LD}l	@X[0],$MSB($inp)
 	${LD}r	@X[0],$LSB($inp)
+#endif
 ___
 for ($i=0;$i<16;$i++)
 { &BODY_00_15($i,@V); unshift(@V,pop(@V)); push(@X,shift(@X)); }
diff --git a/deps/openssl/openssl/crypto/sha/asm/sha512-parisc.pl b/deps/openssl/openssl/crypto/sha/asm/sha512-parisc.pl
index fcb6157902..59eb320ab6 100755
--- a/deps/openssl/openssl/crypto/sha/asm/sha512-parisc.pl
+++ b/deps/openssl/openssl/crypto/sha/asm/sha512-parisc.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -8,7 +8,7 @@
 
 
 # ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
 # project. The module is, however, dual licensed under OpenSSL and
 # CRYPTOGAMS licenses depending on where you obtain it. For further
 # details see http://www.openssl.org/~appro/cryptogams/.
@@ -368,7 +368,7 @@ L\$parisc1
 ___
 
 @V=(  $Ahi,  $Alo,  $Bhi,  $Blo,  $Chi,  $Clo,  $Dhi,  $Dlo,
-      $Ehi,  $Elo,  $Fhi,  $Flo,  $Ghi,  $Glo,  $Hhi,  $Hlo) = 
+      $Ehi,  $Elo,  $Fhi,  $Flo,  $Ghi,  $Glo,  $Hhi,  $Hlo) =
    ( "%r1", "%r2", "%r3", "%r4", "%r5", "%r6", "%r7", "%r8",
      "%r9","%r10","%r11","%r12","%r13","%r14","%r15","%r16");
 $a0 ="%r17";
@@ -419,7 +419,7 @@ $code.=<<___;
 	 add	$t0,$hlo,$hlo
 	shd	$ahi,$alo,$Sigma0[0],$t0
 	 addc	$t1,$hhi,$hhi		; h += Sigma1(e)
-	shd	$alo,$ahi,$Sigma0[0],$t1	
+	shd	$alo,$ahi,$Sigma0[0],$t1
 	 add	$a0,$hlo,$hlo
 	shd	$ahi,$alo,$Sigma0[1],$t2
 	 addc	$a1,$hhi,$hhi		; h += Ch(e,f,g)
@@ -767,13 +767,18 @@ sub assemble {
     ref($opcode) eq 'CODE' ? &$opcode($mod,$args) : "\t$mnemonic$mod\t$args";
 }
 
+if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+	=~ /GNU assembler/) {
+    $gnuas = 1;
+}
+
 foreach (split("\n",$code)) {
 	s/\`([^\`]*)\`/eval $1/ge;
 
 	s/shd\s+(%r[0-9]+),(%r[0-9]+),([0-9]+)/
 		$3>31 ? sprintf("shd\t%$2,%$1,%d",$3-32)	# rotation for >=32
 		:       sprintf("shd\t%$1,%$2,%d",$3)/e			or
-	# translate made up instructons: _ror, _shr, _align, _shl
+	# translate made up instructions: _ror, _shr, _align, _shl
 	s/_ror(\s+)(%r[0-9]+),/
 		($SZ==4 ? "shd" : "shrpd")."$1$2,$2,"/e			or
 
@@ -790,9 +795,11 @@ foreach (split("\n",$code)) {
 
 	s/^\s+([a-z]+)([\S]*)\s+([\S]*)/&assemble($1,$2,$3)/e if ($SIZE_T==4);
 
-	s/cmpb,\*/comb,/ if ($SIZE_T==4);
-
-	s/\bbv\b/bve/    if ($SIZE_T==8);
+	s/(\.LEVEL\s+2\.0)W/$1w/	if ($gnuas && $SIZE_T==8);
+	s/\.SPACE\s+\$TEXT\$/.text/	if ($gnuas && $SIZE_T==8);
+	s/\.SUBSPA.*//			if ($gnuas && $SIZE_T==8);
+	s/cmpb,\*/comb,/ 		if ($SIZE_T==4);
+	s/\bbv\b/bve/    		if ($SIZE_T==8);
 
 	print $_,"\n";
 }
diff --git a/deps/openssl/openssl/crypto/sha/asm/sha512-ppc.pl b/deps/openssl/openssl/crypto/sha/asm/sha512-ppc.pl
index fe95b01509..71699f6637 100755
--- a/deps/openssl/openssl/crypto/sha/asm/sha512-ppc.pl
+++ b/deps/openssl/openssl/crypto/sha/asm/sha512-ppc.pl
@@ -26,7 +26,7 @@
 #
 # (*)	64-bit code in 32-bit application context, which actually is
 #	on TODO list. It should be noted that for safe deployment in
-#	32-bit *mutli-threaded* context asyncronous signals should be
+#	32-bit *multi-threaded* context asynchronous signals should be
 #	blocked upon entry to SHA512 block routine. This is because
 #	32-bit signaling procedure invalidates upper halves of GPRs.
 #	Context switch procedure preserves them, but not signaling:-(
diff --git a/deps/openssl/openssl/crypto/sha/asm/sha512-s390x.pl b/deps/openssl/openssl/crypto/sha/asm/sha512-s390x.pl
index 427d6f8252..4c0f4e7931 100644
--- a/deps/openssl/openssl/crypto/sha/asm/sha512-s390x.pl
+++ b/deps/openssl/openssl/crypto/sha/asm/sha512-s390x.pl
@@ -8,7 +8,7 @@
 
 
 # ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
 # project. The module is, however, dual licensed under OpenSSL and
 # CRYPTOGAMS licenses depending on where you obtain it. For further
 # details see http://www.openssl.org/~appro/cryptogams/.
@@ -170,6 +170,8 @@ ___
 }
 
 $code.=<<___;
+#include "s390x_arch.h"
+
 .text
 .align	64
 .type	$Table,\@object
@@ -244,7 +246,7 @@ $Func:
 ___
 $code.=<<___ if ($kimdfunc);
 	larl	%r1,OPENSSL_s390xcap_P
-	lg	%r0,16(%r1)	# check kimd capabilities
+	lg	%r0,S390X_KIMD(%r1)	# check kimd capabilities
 	tmhh	%r0,`0x8000>>$kimdfunc`
 	jz	.Lsoftware
 	lghi	%r0,$kimdfunc
@@ -308,7 +310,7 @@ $code.=<<___;
 	cl${g}	$inp,`$frame+4*$SIZE_T`($sp)
 	jne	.Lloop
 
-	lm${g}	%r6,%r15,`$frame+6*$SIZE_T`($sp)	
+	lm${g}	%r6,%r15,`$frame+6*$SIZE_T`($sp)
 	br	%r14
 .size	$Func,.-$Func
 .string	"SHA${label} block transform for s390x, CRYPTOGAMS by <appro\@openssl.org>"
diff --git a/deps/openssl/openssl/crypto/sha/asm/sha512-sparcv9.pl b/deps/openssl/openssl/crypto/sha/asm/sha512-sparcv9.pl
index 4a1ce5fe3e..4432bda65a 100644
--- a/deps/openssl/openssl/crypto/sha/asm/sha512-sparcv9.pl
+++ b/deps/openssl/openssl/crypto/sha/asm/sha512-sparcv9.pl
@@ -8,12 +8,12 @@
 
 
 # ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
 # project. The module is, however, dual licensed under OpenSSL and
 # CRYPTOGAMS licenses depending on where you obtain it. For further
 # details see http://www.openssl.org/~appro/cryptogams/.
 #
-# Hardware SPARC T4 support by David S. Miller <davem@davemloft.net>.
+# Hardware SPARC T4 support by David S. Miller
 # ====================================================================
 
 # SHA256 performance improvement over compiler generated code varies
@@ -102,7 +102,7 @@ if ($output =~ /512/) {
 
 	$locals=0;		# X[16] is register resident
 	@X=("%o0","%o1","%o2","%o3","%o4","%o5","%g1","%o7");
-	
+
 	$A="%l0";
 	$B="%l1";
 	$C="%l2";
@@ -254,7 +254,7 @@ $code.=<<___;
 	$SLL	$a,`$SZ*8-@Sigma0[1]`,$tmp1
 	xor	$tmp0,$h,$h
 	$SRL	$a,@Sigma0[2],$tmp0
-	xor	$tmp1,$h,$h	
+	xor	$tmp1,$h,$h
 	$SLL	$a,`$SZ*8-@Sigma0[0]`,$tmp1
 	xor	$tmp0,$h,$h
 	xor	$tmp1,$h,$h		! Sigma0(a)
diff --git a/deps/openssl/openssl/crypto/sha/asm/sha512-x86_64.pl b/deps/openssl/openssl/crypto/sha/asm/sha512-x86_64.pl
index c9b7b28123..f2ebdfdb68 100755
--- a/deps/openssl/openssl/crypto/sha/asm/sha512-x86_64.pl
+++ b/deps/openssl/openssl/crypto/sha/asm/sha512-x86_64.pl
@@ -95,9 +95,11 @@
 # Haswell	12.2	9.28(+31%)  7.80(+56%)	    7.66    5.40(+42%)
 # Skylake	11.4	9.03(+26%)  7.70(+48%)      7.25    5.20(+40%)
 # Bulldozer	21.1	13.6(+54%)  13.6(+54%(***)) 13.5    8.58(+57%)
+# Ryzen		11.0	9.02(+22%)  2.05(+440%)     7.05    5.67(+20%)
 # VIA Nano	23.0	16.5(+39%)  -		    14.7    -
 # Atom		23.0	18.9(+22%)  -		    14.7    -
 # Silvermont	27.4	20.6(+33%)  -               17.5    -
+# Knights L	27.4	21.0(+30%)  19.6(+40%)	    17.5    12.8(+37%)
 # Goldmont	18.9	14.3(+32%)  4.16(+350%)     12.0    -
 #
 # (*)	whichever best applicable, including SHAEXT;
@@ -176,7 +178,7 @@ $Tbl="%rbp";
 $_ctx="16*$SZ+0*8(%rsp)";
 $_inp="16*$SZ+1*8(%rsp)";
 $_end="16*$SZ+2*8(%rsp)";
-$_rsp="16*$SZ+3*8(%rsp)";
+$_rsp="`16*$SZ+3*8`(%rsp)";
 $framesz="16*$SZ+4*8";
 
 
@@ -269,6 +271,7 @@ $code=<<___;
 .type	$func,\@function,3
 .align	16
 $func:
+.cfi_startproc
 ___
 $code.=<<___ if ($SZ==4 || $avx);
 	lea	OPENSSL_ia32cap_P(%rip),%r11
@@ -301,13 +304,20 @@ $code.=<<___ if ($SZ==4);
 	jnz	.Lssse3_shortcut
 ___
 $code.=<<___;
+	mov	%rsp,%rax		# copy %rsp
+.cfi_def_cfa_register	%rax
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
-	mov	%rsp,%r11		# copy %rsp
+.cfi_push	%r15
 	shl	\$4,%rdx		# num*16
 	sub	\$$framesz,%rsp
 	lea	($inp,%rdx,$SZ),%rdx	# inp+num*16*$SZ
@@ -315,7 +325,8 @@ $code.=<<___;
 	mov	$ctx,$_ctx		# save ctx, 1st arg
 	mov	$inp,$_inp		# save inp, 2nd arh
 	mov	%rdx,$_end		# save end pointer, "3rd" arg
-	mov	%r11,$_rsp		# save copy of %rsp
+	mov	%rax,$_rsp		# save copy of %rsp
+.cfi_cfa_expression	$_rsp,deref,+8
 .Lprologue:
 
 	mov	$SZ*0($ctx),$A
@@ -382,15 +393,24 @@ $code.=<<___;
 	jb	.Lloop
 
 	mov	$_rsp,%rsi
-	mov	(%rsi),%r15
-	mov	8(%rsi),%r14
-	mov	16(%rsi),%r13
-	mov	24(%rsi),%r12
-	mov	32(%rsi),%rbp
-	mov	40(%rsi),%rbx
-	lea	48(%rsi),%rsp
+.cfi_def_cfa	%rsi,8
+	mov	-48(%rsi),%r15
+.cfi_restore	%r15
+	mov	-40(%rsi),%r14
+.cfi_restore	%r14
+	mov	-32(%rsi),%r13
+.cfi_restore	%r13
+	mov	-24(%rsi),%r12
+.cfi_restore	%r12
+	mov	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	mov	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	lea	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
 .Lepilogue:
 	ret
+.cfi_endproc
 .size	$func,.-$func
 ___
 
@@ -760,14 +780,22 @@ $code.=<<___;
 .type	${func}_ssse3,\@function,3
 .align	64
 ${func}_ssse3:
+.cfi_startproc
 .Lssse3_shortcut:
+	mov	%rsp,%rax		# copy %rsp
+.cfi_def_cfa_register	%rax
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
-	mov	%rsp,%r11		# copy %rsp
+.cfi_push	%r15
 	shl	\$4,%rdx		# num*16
 	sub	\$`$framesz+$win64*16*4`,%rsp
 	lea	($inp,%rdx,$SZ),%rdx	# inp+num*16*$SZ
@@ -775,7 +803,8 @@ ${func}_ssse3:
 	mov	$ctx,$_ctx		# save ctx, 1st arg
 	mov	$inp,$_inp		# save inp, 2nd arh
 	mov	%rdx,$_end		# save end pointer, "3rd" arg
-	mov	%r11,$_rsp		# save copy of %rsp
+	mov	%rax,$_rsp		# save copy of %rsp
+.cfi_cfa_expression	$_rsp,deref,+8
 ___
 $code.=<<___ if ($win64);
 	movaps	%xmm6,16*$SZ+32(%rsp)
@@ -1074,6 +1103,7 @@ $code.=<<___;
 	jb	.Lloop_ssse3
 
 	mov	$_rsp,%rsi
+.cfi_def_cfa	%rsi,8
 ___
 $code.=<<___ if ($win64);
 	movaps	16*$SZ+32(%rsp),%xmm6
@@ -1082,15 +1112,23 @@ $code.=<<___ if ($win64);
 	movaps	16*$SZ+80(%rsp),%xmm9
 ___
 $code.=<<___;
-	mov	(%rsi),%r15
-	mov	8(%rsi),%r14
-	mov	16(%rsi),%r13
-	mov	24(%rsi),%r12
-	mov	32(%rsi),%rbp
-	mov	40(%rsi),%rbx
-	lea	48(%rsi),%rsp
+	mov	-48(%rsi),%r15
+.cfi_restore	%r15
+	mov	-40(%rsi),%r14
+.cfi_restore	%r14
+	mov	-32(%rsi),%r13
+.cfi_restore	%r13
+	mov	-24(%rsi),%r12
+.cfi_restore	%r12
+	mov	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	mov	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	lea	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
 .Lepilogue_ssse3:
 	ret
+.cfi_endproc
 .size	${func}_ssse3,.-${func}_ssse3
 ___
 }
@@ -1104,14 +1142,22 @@ $code.=<<___;
 .type	${func}_xop,\@function,3
 .align	64
 ${func}_xop:
+.cfi_startproc
 .Lxop_shortcut:
+	mov	%rsp,%rax		# copy %rsp
+.cfi_def_cfa_register	%rax
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
-	mov	%rsp,%r11		# copy %rsp
+.cfi_push	%r15
 	shl	\$4,%rdx		# num*16
 	sub	\$`$framesz+$win64*16*($SZ==4?4:6)`,%rsp
 	lea	($inp,%rdx,$SZ),%rdx	# inp+num*16*$SZ
@@ -1119,7 +1165,8 @@ ${func}_xop:
 	mov	$ctx,$_ctx		# save ctx, 1st arg
 	mov	$inp,$_inp		# save inp, 2nd arh
 	mov	%rdx,$_end		# save end pointer, "3rd" arg
-	mov	%r11,$_rsp		# save copy of %rsp
+	mov	%rax,$_rsp		# save copy of %rsp
+.cfi_cfa_expression	$_rsp,deref,+8
 ___
 $code.=<<___ if ($win64);
 	movaps	%xmm6,16*$SZ+32(%rsp)
@@ -1446,6 +1493,7 @@ $code.=<<___;
 	jb	.Lloop_xop
 
 	mov	$_rsp,%rsi
+.cfi_def_cfa	%rsi,8
 	vzeroupper
 ___
 $code.=<<___ if ($win64);
@@ -1459,15 +1507,23 @@ $code.=<<___ if ($win64 && $SZ>4);
 	movaps	16*$SZ+112(%rsp),%xmm11
 ___
 $code.=<<___;
-	mov	(%rsi),%r15
-	mov	8(%rsi),%r14
-	mov	16(%rsi),%r13
-	mov	24(%rsi),%r12
-	mov	32(%rsi),%rbp
-	mov	40(%rsi),%rbx
-	lea	48(%rsi),%rsp
+	mov	-48(%rsi),%r15
+.cfi_restore	%r15
+	mov	-40(%rsi),%r14
+.cfi_restore	%r14
+	mov	-32(%rsi),%r13
+.cfi_restore	%r13
+	mov	-24(%rsi),%r12
+.cfi_restore	%r12
+	mov	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	mov	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	lea	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
 .Lepilogue_xop:
 	ret
+.cfi_endproc
 .size	${func}_xop,.-${func}_xop
 ___
 }
@@ -1480,14 +1536,22 @@ $code.=<<___;
 .type	${func}_avx,\@function,3
 .align	64
 ${func}_avx:
+.cfi_startproc
 .Lavx_shortcut:
+	mov	%rsp,%rax		# copy %rsp
+.cfi_def_cfa_register	%rax
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
-	mov	%rsp,%r11		# copy %rsp
+.cfi_push	%r15
 	shl	\$4,%rdx		# num*16
 	sub	\$`$framesz+$win64*16*($SZ==4?4:6)`,%rsp
 	lea	($inp,%rdx,$SZ),%rdx	# inp+num*16*$SZ
@@ -1495,7 +1559,8 @@ ${func}_avx:
 	mov	$ctx,$_ctx		# save ctx, 1st arg
 	mov	$inp,$_inp		# save inp, 2nd arh
 	mov	%rdx,$_end		# save end pointer, "3rd" arg
-	mov	%r11,$_rsp		# save copy of %rsp
+	mov	%rax,$_rsp		# save copy of %rsp
+.cfi_cfa_expression	$_rsp,deref,+8
 ___
 $code.=<<___ if ($win64);
 	movaps	%xmm6,16*$SZ+32(%rsp)
@@ -1754,6 +1819,7 @@ $code.=<<___;
 	jb	.Lloop_avx
 
 	mov	$_rsp,%rsi
+.cfi_def_cfa	%rsi,8
 	vzeroupper
 ___
 $code.=<<___ if ($win64);
@@ -1767,15 +1833,23 @@ $code.=<<___ if ($win64 && $SZ>4);
 	movaps	16*$SZ+112(%rsp),%xmm11
 ___
 $code.=<<___;
-	mov	(%rsi),%r15
-	mov	8(%rsi),%r14
-	mov	16(%rsi),%r13
-	mov	24(%rsi),%r12
-	mov	32(%rsi),%rbp
-	mov	40(%rsi),%rbx
-	lea	48(%rsi),%rsp
+	mov	-48(%rsi),%r15
+.cfi_restore	%r15
+	mov	-40(%rsi),%r14
+.cfi_restore	%r14
+	mov	-32(%rsi),%r13
+.cfi_restore	%r13
+	mov	-24(%rsi),%r12
+.cfi_restore	%r12
+	mov	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	mov	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	lea	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
 .Lepilogue_avx:
 	ret
+.cfi_endproc
 .size	${func}_avx,.-${func}_avx
 ___
 
@@ -1783,7 +1857,7 @@ if ($avx>1) {{
 ######################################################################
 # AVX2+BMI code path
 #
-my $a5=$SZ==4?"%esi":"%rsi";	# zap $inp 
+my $a5=$SZ==4?"%esi":"%rsi";	# zap $inp
 my $PUSH8=8*2*$SZ;
 use integer;
 
@@ -1831,14 +1905,22 @@ $code.=<<___;
 .type	${func}_avx2,\@function,3
 .align	64
 ${func}_avx2:
+.cfi_startproc
 .Lavx2_shortcut:
+	mov	%rsp,%rax		# copy %rsp
+.cfi_def_cfa_register	%rax
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
-	mov	%rsp,%r11		# copy %rsp
+.cfi_push	%r15
 	sub	\$`2*$SZ*$rounds+4*8+$win64*16*($SZ==4?4:6)`,%rsp
 	shl	\$4,%rdx		# num*16
 	and	\$-256*$SZ,%rsp		# align stack frame
@@ -1847,7 +1929,8 @@ ${func}_avx2:
 	mov	$ctx,$_ctx		# save ctx, 1st arg
 	mov	$inp,$_inp		# save inp, 2nd arh
 	mov	%rdx,$_end		# save end pointer, "3rd" arg
-	mov	%r11,$_rsp		# save copy of %rsp
+	mov	%rax,$_rsp		# save copy of %rsp
+.cfi_cfa_expression	$_rsp,deref,+8
 ___
 $code.=<<___ if ($win64);
 	movaps	%xmm6,16*$SZ+32(%rsp)
@@ -2128,6 +2211,7 @@ $code.=<<___;
 .Ldone_avx2:
 	lea	($Tbl),%rsp
 	mov	$_rsp,%rsi
+.cfi_def_cfa	%rsi,8
 	vzeroupper
 ___
 $code.=<<___ if ($win64);
@@ -2141,15 +2225,23 @@ $code.=<<___ if ($win64 && $SZ>4);
 	movaps	16*$SZ+112(%rsp),%xmm11
 ___
 $code.=<<___;
-	mov	(%rsi),%r15
-	mov	8(%rsi),%r14
-	mov	16(%rsi),%r13
-	mov	24(%rsi),%r12
-	mov	32(%rsi),%rbp
-	mov	40(%rsi),%rbx
-	lea	48(%rsi),%rsp
+	mov	-48(%rsi),%r15
+.cfi_restore	%r15
+	mov	-40(%rsi),%r14
+.cfi_restore	%r14
+	mov	-32(%rsi),%r13
+.cfi_restore	%r13
+	mov	-24(%rsi),%r12
+.cfi_restore	%r12
+	mov	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	mov	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	lea	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
 .Lepilogue_avx2:
 	ret
+.cfi_endproc
 .size	${func}_avx2,.-${func}_avx2
 ___
 }}
@@ -2209,7 +2301,6 @@ ___
 $code.=<<___;
 	mov	%rax,%rsi		# put aside Rsp
 	mov	16*$SZ+3*8(%rax),%rax	# pull $_rsp
-	lea	48(%rax),%rax
 
 	mov	-8(%rax),%rbx
 	mov	-16(%rax),%rbp
diff --git a/deps/openssl/openssl/crypto/sha/asm/sha512p8-ppc.pl b/deps/openssl/openssl/crypto/sha/asm/sha512p8-ppc.pl
index 4d3d3b2f8c..0d4fdd292c 100755
--- a/deps/openssl/openssl/crypto/sha/asm/sha512p8-ppc.pl
+++ b/deps/openssl/openssl/crypto/sha/asm/sha512p8-ppc.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -25,11 +25,20 @@
 # sha1-ppc.pl and 1.6x slower than aes-128-cbc. Another interesting
 # result is degree of computational resources' utilization. POWER8 is
 # "massively multi-threaded chip" and difference between single- and
-# maximum multi-process benchmark results tells that utlization is
+# maximum multi-process benchmark results tells that utilization is
 # whooping 94%. For sha512-ppc.pl we get [not unimpressive] 84% and
 # for sha1-ppc.pl - 73%. 100% means that multi-process result equals
 # to single-process one, given that all threads end up on the same
 # physical core.
+#
+######################################################################
+# Believed-to-be-accurate results in cycles per processed byte [on
+# little-endian system]. Numbers in square brackets are for 64-bit
+# build of sha512-ppc.pl, presented for reference.
+#
+#		POWER8		POWER9
+# SHA256	9.7 [15.8]	11.2 [12.5]
+# SHA512	6.1 [10.3]	7.0 [7.9]
 
 $flavour=shift;
 $output =shift;
@@ -70,7 +79,8 @@ if ($output =~ /512/) {
 }
 
 $func="sha${bits}_block_p8";
-$FRAME=8*$SIZE_T;
+$LOCALS=8*$SIZE_T+8*16;
+$FRAME=$LOCALS+9*16+6*$SIZE_T;
 
 $sp ="r1";
 $toc="r2";
@@ -82,16 +92,16 @@ $idx="r7";
 $lrsave="r8";
 $offload="r11";
 $vrsave="r12";
-($x00,$x10,$x20,$x30,$x40,$x50,$x60,$x70)=map("r$_",(0,10,26..31));
- $x00=0 if ($flavour =~ /osx/);
+@I = ($x00,$x10,$x20,$x30,$x40,$x50,$x60,$x70) = (0,map("r$_",(10,26..31)));
 
 @V=($A,$B,$C,$D,$E,$F,$G,$H)=map("v$_",(0..7));
-@X=map("v$_",(8..23));
-($Ki,$Func,$S0,$S1,$s0,$s1,$lemask)=map("v$_",(24..31));
+@X=map("v$_",(8..19,24..27));
+($Ki,$Func,$Sigma,$lemask)=map("v$_",(28..31));
 
 sub ROUND {
 my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_;
 my $j=($i+1)%16;
+my $k=($i+2)%8;
 
 $code.=<<___		if ($i<15 && ($i%(16/$SZ))==(16/$SZ-1));
 	lvx_u		@X[$i+1],0,$inp		; load X[i] in advance
@@ -103,26 +113,30 @@ ___
 $code.=<<___		if ($LENDIAN && $i<16 && ($i%(16/$SZ))==0);
 	vperm		@X[$i],@X[$i],@X[$i],$lemask
 ___
+$code.=<<___		if ($i>=15);
+	vshasigma${sz}	$Sigma,@X[($j+1)%16],0,0
+	vaddu${sz}m	@X[$j],@X[$j],$Sigma
+	vshasigma${sz}	$Sigma,@X[($j+14)%16],0,15
+	vaddu${sz}m	@X[$j],@X[$j],$Sigma
+	vaddu${sz}m	@X[$j],@X[$j],@X[($j+9)%16]
+___
 $code.=<<___;
-	`"vshasigma${sz}	$s0,@X[($j+1)%16],0,0"		if ($i>=15)`
-	vsel		$Func,$g,$f,$e		; Ch(e,f,g)
-	vshasigma${sz}	$S1,$e,1,15		; Sigma1(e)
 	vaddu${sz}m	$h,$h,@X[$i%16]		; h+=X[i]
-	vshasigma${sz}	$S0,$a,1,0		; Sigma0(a)
-	`"vshasigma${sz}	$s1,@X[($j+14)%16],0,15"	if ($i>=15)`
+	vsel		$Func,$g,$f,$e		; Ch(e,f,g)
+	vaddu${sz}m	$g,$g,$Ki		; future h+=K[i]
 	vaddu${sz}m	$h,$h,$Func		; h+=Ch(e,f,g)
+	vshasigma${sz}	$Sigma,$e,1,15		; Sigma1(e)
+	vaddu${sz}m	$h,$h,$Sigma		; h+=Sigma1(e)
 	vxor		$Func,$a,$b
-	`"vaddu${sz}m		@X[$j],@X[$j],@X[($j+9)%16]"	if ($i>=15)`
-	vaddu${sz}m	$h,$h,$S1		; h+=Sigma1(e)
 	vsel		$Func,$b,$c,$Func	; Maj(a,b,c)
-	vaddu${sz}m	$g,$g,$Ki		; future h+=K[i]
 	vaddu${sz}m	$d,$d,$h		; d+=h
-	vaddu${sz}m	$S0,$S0,$Func		; Sigma0(a)+Maj(a,b,c)
-	`"vaddu${sz}m		@X[$j],@X[$j],$s0"		if ($i>=15)`
-	lvx		$Ki,$idx,$Tbl		; load next K[i]
-	addi		$idx,$idx,16
-	vaddu${sz}m	$h,$h,$S0		; h+=Sigma0(a)+Maj(a,b,c)
-	`"vaddu${sz}m		@X[$j],@X[$j],$s1"		if ($i>=15)`
+	vshasigma${sz}	$Sigma,$a,1,0		; Sigma0(a)
+	vaddu${sz}m	$Sigma,$Sigma,$Func	; Sigma0(a)+Maj(a,b,c)
+	vaddu${sz}m	$h,$h,$Sigma		; h+=Sigma0(a)+Maj(a,b,c)
+	lvx		$Ki,@I[$k],$idx		; load next K[i]
+___
+$code.=<<___		if ($k == 7);
+	addi		$idx,$idx,0x80
 ___
 }
 
@@ -133,21 +147,13 @@ $code=<<___;
 .globl	$func
 .align	6
 $func:
-	$STU		$sp,-`($FRAME+21*16+6*$SIZE_T)`($sp)
+	$STU		$sp,-$FRAME($sp)
 	mflr		$lrsave
-	li		r10,`$FRAME+8*16+15`
-	li		r11,`$FRAME+8*16+31`
-	stvx		v20,r10,$sp		# ABI says so
+	li		r10,`$LOCALS+15`
+	li		r11,`$LOCALS+31`
+	stvx		v24,r10,$sp		# ABI says so
 	addi		r10,r10,32
 	mfspr		$vrsave,256
-	stvx		v21,r11,$sp
-	addi		r11,r11,32
-	stvx		v22,r10,$sp
-	addi		r10,r10,32
-	stvx		v23,r11,$sp
-	addi		r11,r11,32
-	stvx		v24,r10,$sp
-	addi		r10,r10,32
 	stvx		v25,r11,$sp
 	addi		r11,r11,32
 	stvx		v26,r10,$sp
@@ -160,26 +166,26 @@ $func:
 	addi		r11,r11,32
 	stvx		v30,r10,$sp
 	stvx		v31,r11,$sp
-	li		r11,-1
-	stw		$vrsave,`$FRAME+21*16-4`($sp)	# save vrsave
+	li		r11,-4096+255		# 0xfffff0ff
+	stw		$vrsave,`$FRAME-6*$SIZE_T-4`($sp)	# save vrsave
 	li		$x10,0x10
-	$PUSH		r26,`$FRAME+21*16+0*$SIZE_T`($sp)
+	$PUSH		r26,`$FRAME-6*$SIZE_T`($sp)
 	li		$x20,0x20
-	$PUSH		r27,`$FRAME+21*16+1*$SIZE_T`($sp)
+	$PUSH		r27,`$FRAME-5*$SIZE_T`($sp)
 	li		$x30,0x30
-	$PUSH		r28,`$FRAME+21*16+2*$SIZE_T`($sp)
+	$PUSH		r28,`$FRAME-4*$SIZE_T`($sp)
 	li		$x40,0x40
-	$PUSH		r29,`$FRAME+21*16+3*$SIZE_T`($sp)
+	$PUSH		r29,`$FRAME-3*$SIZE_T`($sp)
 	li		$x50,0x50
-	$PUSH		r30,`$FRAME+21*16+4*$SIZE_T`($sp)
+	$PUSH		r30,`$FRAME-2*$SIZE_T`($sp)
 	li		$x60,0x60
-	$PUSH		r31,`$FRAME+21*16+5*$SIZE_T`($sp)
+	$PUSH		r31,`$FRAME-1*$SIZE_T`($sp)
 	li		$x70,0x70
-	$PUSH		$lrsave,`$FRAME+21*16+6*$SIZE_T+$LRSAVE`($sp)
+	$PUSH		$lrsave,`$FRAME+$LRSAVE`($sp)
 	mtspr		256,r11
 
 	bl		LPICmeup
-	addi		$offload,$sp,$FRAME+15
+	addi		$offload,$sp,`8*$SIZE_T+15`
 ___
 $code.=<<___		if ($LENDIAN);
 	li		$idx,8
@@ -213,9 +219,9 @@ $code.=<<___;
 .align	5
 Loop:
 	lvx		$Ki,$x00,$Tbl
-	li		$idx,16
 	lvx_u		@X[0],0,$inp
 	addi		$inp,$inp,16
+	mr		$idx,$Tbl		# copy $Tbl
 	stvx		$A,$x00,$offload	# offload $A-$H
 	stvx		$B,$x10,$offload
 	stvx		$C,$x20,$offload
@@ -225,8 +231,7 @@ Loop:
 	stvx		$G,$x60,$offload
 	stvx		$H,$x70,$offload
 	vaddu${sz}m	$H,$H,$Ki		# h+K[i]
-	lvx		$Ki,$idx,$Tbl
-	addi		$idx,$idx,16
+	lvx		$Ki,$x10,$Tbl
 ___
 for ($i=0;$i<16;$i++)	{ &ROUND($i,@V); unshift(@V,pop(@V)); }
 $code.=<<___;
@@ -259,10 +264,9 @@ $code.=<<___;
 	bne		Loop
 ___
 $code.=<<___		if ($SZ==4);
-	lvx		@X[0],$idx,$Tbl
-	addi		$idx,$idx,16
+	lvx		@X[0],$x20,$idx
 	vperm		$A,$A,$B,$Ki		# pack the answer
-	lvx		@X[1],$idx,$Tbl
+	lvx		@X[1],$x30,$idx
 	vperm		$E,$E,$F,$Ki
 	vperm		$A,$A,$C,@X[0]
 	vperm		$E,$E,$G,@X[0]
@@ -282,39 +286,24 @@ $code.=<<___		if ($SZ==8);
 	stvx_u		$G,$x30,$ctx
 ___
 $code.=<<___;
-	li		r10,`$FRAME+8*16+15`
+	addi		$offload,$sp,`$LOCALS+15`
 	mtlr		$lrsave
-	li		r11,`$FRAME+8*16+31`
 	mtspr		256,$vrsave
-	lvx		v20,r10,$sp		# ABI says so
-	addi		r10,r10,32
-	lvx		v21,r11,$sp
-	addi		r11,r11,32
-	lvx		v22,r10,$sp
-	addi		r10,r10,32
-	lvx		v23,r11,$sp
-	addi		r11,r11,32
-	lvx		v24,r10,$sp
-	addi		r10,r10,32
-	lvx		v25,r11,$sp
-	addi		r11,r11,32
-	lvx		v26,r10,$sp
-	addi		r10,r10,32
-	lvx		v27,r11,$sp
-	addi		r11,r11,32
-	lvx		v28,r10,$sp
-	addi		r10,r10,32
-	lvx		v29,r11,$sp
-	addi		r11,r11,32
-	lvx		v30,r10,$sp
-	lvx		v31,r11,$sp
-	$POP		r26,`$FRAME+21*16+0*$SIZE_T`($sp)
-	$POP		r27,`$FRAME+21*16+1*$SIZE_T`($sp)
-	$POP		r28,`$FRAME+21*16+2*$SIZE_T`($sp)
-	$POP		r29,`$FRAME+21*16+3*$SIZE_T`($sp)
-	$POP		r30,`$FRAME+21*16+4*$SIZE_T`($sp)
-	$POP		r31,`$FRAME+21*16+5*$SIZE_T`($sp)
-	addi		$sp,$sp,`$FRAME+21*16+6*$SIZE_T`
+	lvx		v24,$x00,$offload	# ABI says so
+	lvx		v25,$x10,$offload
+	lvx		v26,$x20,$offload
+	lvx		v27,$x30,$offload
+	lvx		v28,$x40,$offload
+	lvx		v29,$x50,$offload
+	lvx		v30,$x60,$offload
+	lvx		v31,$x70,$offload
+	$POP		r26,`$FRAME-6*$SIZE_T`($sp)
+	$POP		r27,`$FRAME-5*$SIZE_T`($sp)
+	$POP		r28,`$FRAME-4*$SIZE_T`($sp)
+	$POP		r29,`$FRAME-3*$SIZE_T`($sp)
+	$POP		r30,`$FRAME-2*$SIZE_T`($sp)
+	$POP		r31,`$FRAME-1*$SIZE_T`($sp)
+	addi		$sp,$sp,$FRAME
 	blr
 	.long		0
 	.byte		0,12,4,1,0x80,6,3,0
diff --git a/deps/openssl/openssl/crypto/sha/build.info b/deps/openssl/openssl/crypto/sha/build.info
index 2a00988786..5dd5a9941d 100644
--- a/deps/openssl/openssl/crypto/sha/build.info
+++ b/deps/openssl/openssl/crypto/sha/build.info
@@ -1,17 +1,21 @@
 LIBS=../../libcrypto
 SOURCE[../../libcrypto]=\
-        sha1dgst.c sha1_one.c sha256.c sha512.c {- $target{sha1_asm_src} -}
+        sha1dgst.c sha1_one.c sha256.c sha512.c {- $target{sha1_asm_src} -} \
+        {- $target{keccak1600_asm_src} -}
 
-GENERATE[sha1-586.s]=asm/sha1-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR)
+GENERATE[sha1-586.s]=asm/sha1-586.pl \
+        $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR)
 DEPEND[sha1-586.s]=../perlasm/x86asm.pl
-GENERATE[sha256-586.s]=asm/sha256-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR)
+GENERATE[sha256-586.s]=asm/sha256-586.pl \
+        $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR)
 DEPEND[sha256-586.s]=../perlasm/x86asm.pl
-GENERATE[sha512-586.s]=asm/sha512-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR)
+GENERATE[sha512-586.s]=asm/sha512-586.pl \
+        $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR)
 DEPEND[sha512-586.s]=../perlasm/x86asm.pl
 
-GENERATE[sha1-ia64.s]=asm/sha1-ia64.pl $(CFLAGS) $(LIB_CFLAGS)
-GENERATE[sha256-ia64.s]=asm/sha512-ia64.pl $(CFLAGS) $(LIB_CFLAGS)
-GENERATE[sha512-ia64.s]=asm/sha512-ia64.pl $(CFLAGS) $(LIB_CFLAGS)
+GENERATE[sha1-ia64.s]=asm/sha1-ia64.pl $(LIB_CFLAGS) $(LIB_CPPFLAGS)
+GENERATE[sha256-ia64.s]=asm/sha512-ia64.pl $(LIB_CFLAGS) $(LIB_CPPFLAGS)
+GENERATE[sha512-ia64.s]=asm/sha512-ia64.pl $(LIB_CFLAGS) $(LIB_CPPFLAGS)
 
 GENERATE[sha1-alpha.S]=asm/sha1-alpha.pl $(PERLASM_SCHEME)
 
@@ -20,6 +24,7 @@ GENERATE[sha1-mb-x86_64.s]=asm/sha1-mb-x86_64.pl $(PERLASM_SCHEME)
 GENERATE[sha256-x86_64.s]=asm/sha512-x86_64.pl $(PERLASM_SCHEME)
 GENERATE[sha256-mb-x86_64.s]=asm/sha256-mb-x86_64.pl $(PERLASM_SCHEME)
 GENERATE[sha512-x86_64.s]=asm/sha512-x86_64.pl $(PERLASM_SCHEME)
+GENERATE[keccak1600-x86_64.s]=asm/keccak1600-x86_64.pl $(PERLASM_SCHEME)
 
 GENERATE[sha1-sparcv9.S]=asm/sha1-sparcv9.pl $(PERLASM_SCHEME)
 INCLUDE[sha1-sparcv9.o]=..
@@ -33,14 +38,18 @@ GENERATE[sha256-ppc.s]=asm/sha512-ppc.pl $(PERLASM_SCHEME)
 GENERATE[sha512-ppc.s]=asm/sha512-ppc.pl $(PERLASM_SCHEME)
 GENERATE[sha256p8-ppc.s]=asm/sha512p8-ppc.pl $(PERLASM_SCHEME)
 GENERATE[sha512p8-ppc.s]=asm/sha512p8-ppc.pl $(PERLASM_SCHEME)
+GENERATE[keccak1600-ppc64.s]=asm/keccak1600-ppc64.pl $(PERLASM_SCHEME)
 
 GENERATE[sha1-parisc.s]=asm/sha1-parisc.pl $(PERLASM_SCHEME)
 GENERATE[sha256-parisc.s]=asm/sha512-parisc.pl $(PERLASM_SCHEME)
 GENERATE[sha512-parisc.s]=asm/sha512-parisc.pl $(PERLASM_SCHEME)
 
 GENERATE[sha1-mips.S]=asm/sha1-mips.pl $(PERLASM_SCHEME)
+INCLUDE[sha1-mips.o]=..
 GENERATE[sha256-mips.S]=asm/sha512-mips.pl $(PERLASM_SCHEME)
+INCLUDE[sha256-mips.o]=..
 GENERATE[sha512-mips.S]=asm/sha512-mips.pl $(PERLASM_SCHEME)
+INCLUDE[sha512-mips.o]=..
 
 GENERATE[sha1-armv4-large.S]=asm/sha1-armv4-large.pl $(PERLASM_SCHEME)
 INCLUDE[sha1-armv4-large.o]=..
@@ -48,6 +57,8 @@ GENERATE[sha256-armv4.S]=asm/sha256-armv4.pl $(PERLASM_SCHEME)
 INCLUDE[sha256-armv4.o]=..
 GENERATE[sha512-armv4.S]=asm/sha512-armv4.pl $(PERLASM_SCHEME)
 INCLUDE[sha512-armv4.o]=..
+GENERATE[keccak1600-armv4.S]=asm/keccak1600-armv4.pl $(PERLASM_SCHEME)
+INCLUDE[keccak1600-armv4.o]=..
 
 GENERATE[sha1-armv8.S]=asm/sha1-armv8.pl $(PERLASM_SCHEME)
 INCLUDE[sha1-armv8.o]=..
@@ -55,6 +66,7 @@ GENERATE[sha256-armv8.S]=asm/sha512-armv8.pl $(PERLASM_SCHEME)
 INCLUDE[sha256-armv8.o]=..
 GENERATE[sha512-armv8.S]=asm/sha512-armv8.pl $(PERLASM_SCHEME)
 INCLUDE[sha512-armv8.o]=..
+GENERATE[keccak1600-armv8.S]=asm/keccak1600-armv8.pl $(PERLASM_SCHEME)
 
 GENERATE[sha1-s390x.S]=asm/sha1-s390x.pl $(PERLASM_SCHEME)
 INCLUDE[sha1-s390x.o]=..
@@ -62,6 +74,7 @@ GENERATE[sha256-s390x.S]=asm/sha512-s390x.pl $(PERLASM_SCHEME)
 INCLUDE[sha256-s390x.o]=..
 GENERATE[sha512-s390x.S]=asm/sha512-s390x.pl $(PERLASM_SCHEME)
 INCLUDE[sha512-s390x.o]=..
+GENERATE[keccak1600-s390x.S]=asm/keccak1600-s390x.pl $(PERLASM_SCHEME)
 
 BEGINRAW[Makefile(unix)]
 ##### SHA assembler implementations
diff --git a/deps/openssl/openssl/crypto/sha/keccak1600.c b/deps/openssl/openssl/crypto/sha/keccak1600.c
new file mode 100644
index 0000000000..e7223486af
--- /dev/null
+++ b/deps/openssl/openssl/crypto/sha/keccak1600.c
@@ -0,0 +1,1246 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/e_os2.h>
+#include <string.h>
+#include <assert.h>
+
+size_t SHA3_absorb(uint64_t A[5][5], const unsigned char *inp, size_t len,
+                   size_t r);
+void SHA3_squeeze(uint64_t A[5][5], unsigned char *out, size_t len, size_t r);
+
+#if !defined(KECCAK1600_ASM) || !defined(SELFTEST)
+
+/*
+ * Choose some sensible defaults
+ */
+#if !defined(KECCAK_REF) && !defined(KECCAK_1X) && !defined(KECCAK_1X_ALT) && \
+    !defined(KECCAK_2X) && !defined(KECCAK_INPLACE)
+# define KECCAK_2X      /* default to KECCAK_2X variant */
+#endif
+
+#if defined(__i386) || defined(__i386__) || defined(_M_IX86)
+# define KECCAK_COMPLEMENTING_TRANSFORM
+#endif
+
+#if defined(__x86_64__) || defined(__aarch64__) || \
+    defined(__mips64) || defined(__ia64) || \
+    (defined(__VMS) && !defined(__vax))
+/*
+ * These are available even in ILP32 flavours, but even then they are
+ * capable of performing 64-bit operations as efficiently as in *P64.
+ * Since it's not given that we can use sizeof(void *), just shunt it.
+ */
+# define BIT_INTERLEAVE (0)
+#else
+# define BIT_INTERLEAVE (sizeof(void *) < 8)
+#endif
+
+#define ROL32(a, offset) (((a) << (offset)) | ((a) >> ((32 - (offset)) & 31)))
+
+static uint64_t ROL64(uint64_t val, int offset)
+{
+    if (offset == 0) {
+        return val;
+    } else if (!BIT_INTERLEAVE) {
+        return (val << offset) | (val >> (64-offset));
+    } else {
+        uint32_t hi = (uint32_t)(val >> 32), lo = (uint32_t)val;
+
+        if (offset & 1) {
+            uint32_t tmp = hi;
+
+            offset >>= 1;
+            hi = ROL32(lo, offset);
+            lo = ROL32(tmp, offset + 1);
+        } else {
+            offset >>= 1;
+            lo = ROL32(lo, offset);
+            hi = ROL32(hi, offset);
+        }
+
+        return ((uint64_t)hi << 32) | lo;
+    }
+}
+
+static const unsigned char rhotates[5][5] = {
+    {  0,  1, 62, 28, 27 },
+    { 36, 44,  6, 55, 20 },
+    {  3, 10, 43, 25, 39 },
+    { 41, 45, 15, 21,  8 },
+    { 18,  2, 61, 56, 14 }
+};
+
+static const uint64_t iotas[] = {
+    BIT_INTERLEAVE ? 0x0000000000000001U : 0x0000000000000001U,
+    BIT_INTERLEAVE ? 0x0000008900000000U : 0x0000000000008082U,
+    BIT_INTERLEAVE ? 0x8000008b00000000U : 0x800000000000808aU,
+    BIT_INTERLEAVE ? 0x8000808000000000U : 0x8000000080008000U,
+    BIT_INTERLEAVE ? 0x0000008b00000001U : 0x000000000000808bU,
+    BIT_INTERLEAVE ? 0x0000800000000001U : 0x0000000080000001U,
+    BIT_INTERLEAVE ? 0x8000808800000001U : 0x8000000080008081U,
+    BIT_INTERLEAVE ? 0x8000008200000001U : 0x8000000000008009U,
+    BIT_INTERLEAVE ? 0x0000000b00000000U : 0x000000000000008aU,
+    BIT_INTERLEAVE ? 0x0000000a00000000U : 0x0000000000000088U,
+    BIT_INTERLEAVE ? 0x0000808200000001U : 0x0000000080008009U,
+    BIT_INTERLEAVE ? 0x0000800300000000U : 0x000000008000000aU,
+    BIT_INTERLEAVE ? 0x0000808b00000001U : 0x000000008000808bU,
+    BIT_INTERLEAVE ? 0x8000000b00000001U : 0x800000000000008bU,
+    BIT_INTERLEAVE ? 0x8000008a00000001U : 0x8000000000008089U,
+    BIT_INTERLEAVE ? 0x8000008100000001U : 0x8000000000008003U,
+    BIT_INTERLEAVE ? 0x8000008100000000U : 0x8000000000008002U,
+    BIT_INTERLEAVE ? 0x8000000800000000U : 0x8000000000000080U,
+    BIT_INTERLEAVE ? 0x0000008300000000U : 0x000000000000800aU,
+    BIT_INTERLEAVE ? 0x8000800300000000U : 0x800000008000000aU,
+    BIT_INTERLEAVE ? 0x8000808800000001U : 0x8000000080008081U,
+    BIT_INTERLEAVE ? 0x8000008800000000U : 0x8000000000008080U,
+    BIT_INTERLEAVE ? 0x0000800000000001U : 0x0000000080000001U,
+    BIT_INTERLEAVE ? 0x8000808200000000U : 0x8000000080008008U
+};
+
+#if defined(KECCAK_REF)
+/*
+ * This is straightforward or "maximum clarity" implementation aiming
+ * to resemble section 3.2 of the FIPS PUB 202 "SHA-3 Standard:
+ * Permutation-Based Hash and Extendible-Output Functions" as much as
+ * possible. With one caveat. Because of the way C stores matrices,
+ * references to A[x,y] in the specification are presented as A[y][x].
+ * Implementation unrolls inner x-loops so that modulo 5 operations are
+ * explicitly pre-computed.
+ */
+static void Theta(uint64_t A[5][5])
+{
+    uint64_t C[5], D[5];
+    size_t y;
+
+    C[0] = A[0][0];
+    C[1] = A[0][1];
+    C[2] = A[0][2];
+    C[3] = A[0][3];
+    C[4] = A[0][4];
+
+    for (y = 1; y < 5; y++) {
+        C[0] ^= A[y][0];
+        C[1] ^= A[y][1];
+        C[2] ^= A[y][2];
+        C[3] ^= A[y][3];
+        C[4] ^= A[y][4];
+    }
+
+    D[0] = ROL64(C[1], 1) ^ C[4];
+    D[1] = ROL64(C[2], 1) ^ C[0];
+    D[2] = ROL64(C[3], 1) ^ C[1];
+    D[3] = ROL64(C[4], 1) ^ C[2];
+    D[4] = ROL64(C[0], 1) ^ C[3];
+
+    for (y = 0; y < 5; y++) {
+        A[y][0] ^= D[0];
+        A[y][1] ^= D[1];
+        A[y][2] ^= D[2];
+        A[y][3] ^= D[3];
+        A[y][4] ^= D[4];
+    }
+}
+
+static void Rho(uint64_t A[5][5])
+{
+    size_t y;
+
+    for (y = 0; y < 5; y++) {
+        A[y][0] = ROL64(A[y][0], rhotates[y][0]);
+        A[y][1] = ROL64(A[y][1], rhotates[y][1]);
+        A[y][2] = ROL64(A[y][2], rhotates[y][2]);
+        A[y][3] = ROL64(A[y][3], rhotates[y][3]);
+        A[y][4] = ROL64(A[y][4], rhotates[y][4]);
+    }
+}
+
+static void Pi(uint64_t A[5][5])
+{
+    uint64_t T[5][5];
+
+    /*
+     * T = A
+     * A[y][x] = T[x][(3*y+x)%5]
+     */
+    memcpy(T, A, sizeof(T));
+
+    A[0][0] = T[0][0];
+    A[0][1] = T[1][1];
+    A[0][2] = T[2][2];
+    A[0][3] = T[3][3];
+    A[0][4] = T[4][4];
+
+    A[1][0] = T[0][3];
+    A[1][1] = T[1][4];
+    A[1][2] = T[2][0];
+    A[1][3] = T[3][1];
+    A[1][4] = T[4][2];
+
+    A[2][0] = T[0][1];
+    A[2][1] = T[1][2];
+    A[2][2] = T[2][3];
+    A[2][3] = T[3][4];
+    A[2][4] = T[4][0];
+
+    A[3][0] = T[0][4];
+    A[3][1] = T[1][0];
+    A[3][2] = T[2][1];
+    A[3][3] = T[3][2];
+    A[3][4] = T[4][3];
+
+    A[4][0] = T[0][2];
+    A[4][1] = T[1][3];
+    A[4][2] = T[2][4];
+    A[4][3] = T[3][0];
+    A[4][4] = T[4][1];
+}
+
+static void Chi(uint64_t A[5][5])
+{
+    uint64_t C[5];
+    size_t y;
+
+    for (y = 0; y < 5; y++) {
+        C[0] = A[y][0] ^ (~A[y][1] & A[y][2]);
+        C[1] = A[y][1] ^ (~A[y][2] & A[y][3]);
+        C[2] = A[y][2] ^ (~A[y][3] & A[y][4]);
+        C[3] = A[y][3] ^ (~A[y][4] & A[y][0]);
+        C[4] = A[y][4] ^ (~A[y][0] & A[y][1]);
+
+        A[y][0] = C[0];
+        A[y][1] = C[1];
+        A[y][2] = C[2];
+        A[y][3] = C[3];
+        A[y][4] = C[4];
+    }
+}
+
+static void Iota(uint64_t A[5][5], size_t i)
+{
+    assert(i < (sizeof(iotas) / sizeof(iotas[0])));
+    A[0][0] ^= iotas[i];
+}
+
+static void KeccakF1600(uint64_t A[5][5])
+{
+    size_t i;
+
+    for (i = 0; i < 24; i++) {
+        Theta(A);
+        Rho(A);
+        Pi(A);
+        Chi(A);
+        Iota(A, i);
+    }
+}
+
+#elif defined(KECCAK_1X)
+/*
+ * This implementation is optimization of above code featuring unroll
+ * of even y-loops, their fusion and code motion. It also minimizes
+ * temporary storage. Compiler would normally do all these things for
+ * you, purpose of manual optimization is to provide "unobscured"
+ * reference for assembly implementation [in case this approach is
+ * chosen for implementation on some platform]. In the nutshell it's
+ * equivalent of "plane-per-plane processing" approach discussed in
+ * section 2.4 of "Keccak implementation overview".
+ */
+static void Round(uint64_t A[5][5], size_t i)
+{
+    uint64_t C[5], E[2];        /* registers */
+    uint64_t D[5], T[2][5];     /* memory    */
+
+    assert(i < (sizeof(iotas) / sizeof(iotas[0])));
+
+    C[0] = A[0][0] ^ A[1][0] ^ A[2][0] ^ A[3][0] ^ A[4][0];
+    C[1] = A[0][1] ^ A[1][1] ^ A[2][1] ^ A[3][1] ^ A[4][1];
+    C[2] = A[0][2] ^ A[1][2] ^ A[2][2] ^ A[3][2] ^ A[4][2];
+    C[3] = A[0][3] ^ A[1][3] ^ A[2][3] ^ A[3][3] ^ A[4][3];
+    C[4] = A[0][4] ^ A[1][4] ^ A[2][4] ^ A[3][4] ^ A[4][4];
+
+#if defined(__arm__)
+    D[1] = E[0] = ROL64(C[2], 1) ^ C[0];
+    D[4] = E[1] = ROL64(C[0], 1) ^ C[3];
+    D[0] = C[0] = ROL64(C[1], 1) ^ C[4];
+    D[2] = C[1] = ROL64(C[3], 1) ^ C[1];
+    D[3] = C[2] = ROL64(C[4], 1) ^ C[2];
+
+    T[0][0] = A[3][0] ^ C[0]; /* borrow T[0][0] */
+    T[0][1] = A[0][1] ^ E[0]; /* D[1] */
+    T[0][2] = A[0][2] ^ C[1]; /* D[2] */
+    T[0][3] = A[0][3] ^ C[2]; /* D[3] */
+    T[0][4] = A[0][4] ^ E[1]; /* D[4] */
+
+    C[3] = ROL64(A[3][3] ^ C[2], rhotates[3][3]);   /* D[3] */
+    C[4] = ROL64(A[4][4] ^ E[1], rhotates[4][4]);   /* D[4] */
+    C[0] =       A[0][0] ^ C[0]; /* rotate by 0 */  /* D[0] */
+    C[2] = ROL64(A[2][2] ^ C[1], rhotates[2][2]);   /* D[2] */
+    C[1] = ROL64(A[1][1] ^ E[0], rhotates[1][1]);   /* D[1] */
+#else
+    D[0] = ROL64(C[1], 1) ^ C[4];
+    D[1] = ROL64(C[2], 1) ^ C[0];
+    D[2] = ROL64(C[3], 1) ^ C[1];
+    D[3] = ROL64(C[4], 1) ^ C[2];
+    D[4] = ROL64(C[0], 1) ^ C[3];
+
+    T[0][0] = A[3][0] ^ D[0]; /* borrow T[0][0] */
+    T[0][1] = A[0][1] ^ D[1];
+    T[0][2] = A[0][2] ^ D[2];
+    T[0][3] = A[0][3] ^ D[3];
+    T[0][4] = A[0][4] ^ D[4];
+
+    C[0] =       A[0][0] ^ D[0]; /* rotate by 0 */
+    C[1] = ROL64(A[1][1] ^ D[1], rhotates[1][1]);
+    C[2] = ROL64(A[2][2] ^ D[2], rhotates[2][2]);
+    C[3] = ROL64(A[3][3] ^ D[3], rhotates[3][3]);
+    C[4] = ROL64(A[4][4] ^ D[4], rhotates[4][4]);
+#endif
+    A[0][0] = C[0] ^ (~C[1] & C[2]) ^ iotas[i];
+    A[0][1] = C[1] ^ (~C[2] & C[3]);
+    A[0][2] = C[2] ^ (~C[3] & C[4]);
+    A[0][3] = C[3] ^ (~C[4] & C[0]);
+    A[0][4] = C[4] ^ (~C[0] & C[1]);
+
+    T[1][0] = A[1][0] ^ (C[3] = D[0]);
+    T[1][1] = A[2][1] ^ (C[4] = D[1]); /* borrow T[1][1] */
+    T[1][2] = A[1][2] ^ (E[0] = D[2]);
+    T[1][3] = A[1][3] ^ (E[1] = D[3]);
+    T[1][4] = A[2][4] ^ (C[2] = D[4]); /* borrow T[1][4] */
+
+    C[0] = ROL64(T[0][3],        rhotates[0][3]);
+    C[1] = ROL64(A[1][4] ^ C[2], rhotates[1][4]);   /* D[4] */
+    C[2] = ROL64(A[2][0] ^ C[3], rhotates[2][0]);   /* D[0] */
+    C[3] = ROL64(A[3][1] ^ C[4], rhotates[3][1]);   /* D[1] */
+    C[4] = ROL64(A[4][2] ^ E[0], rhotates[4][2]);   /* D[2] */
+
+    A[1][0] = C[0] ^ (~C[1] & C[2]);
+    A[1][1] = C[1] ^ (~C[2] & C[3]);
+    A[1][2] = C[2] ^ (~C[3] & C[4]);
+    A[1][3] = C[3] ^ (~C[4] & C[0]);
+    A[1][4] = C[4] ^ (~C[0] & C[1]);
+
+    C[0] = ROL64(T[0][1],        rhotates[0][1]);
+    C[1] = ROL64(T[1][2],        rhotates[1][2]);
+    C[2] = ROL64(A[2][3] ^ D[3], rhotates[2][3]);
+    C[3] = ROL64(A[3][4] ^ D[4], rhotates[3][4]);
+    C[4] = ROL64(A[4][0] ^ D[0], rhotates[4][0]);
+
+    A[2][0] = C[0] ^ (~C[1] & C[2]);
+    A[2][1] = C[1] ^ (~C[2] & C[3]);
+    A[2][2] = C[2] ^ (~C[3] & C[4]);
+    A[2][3] = C[3] ^ (~C[4] & C[0]);
+    A[2][4] = C[4] ^ (~C[0] & C[1]);
+
+    C[0] = ROL64(T[0][4],        rhotates[0][4]);
+    C[1] = ROL64(T[1][0],        rhotates[1][0]);
+    C[2] = ROL64(T[1][1],        rhotates[2][1]); /* originally A[2][1] */
+    C[3] = ROL64(A[3][2] ^ D[2], rhotates[3][2]);
+    C[4] = ROL64(A[4][3] ^ D[3], rhotates[4][3]);
+
+    A[3][0] = C[0] ^ (~C[1] & C[2]);
+    A[3][1] = C[1] ^ (~C[2] & C[3]);
+    A[3][2] = C[2] ^ (~C[3] & C[4]);
+    A[3][3] = C[3] ^ (~C[4] & C[0]);
+    A[3][4] = C[4] ^ (~C[0] & C[1]);
+
+    C[0] = ROL64(T[0][2],        rhotates[0][2]);
+    C[1] = ROL64(T[1][3],        rhotates[1][3]);
+    C[2] = ROL64(T[1][4],        rhotates[2][4]); /* originally A[2][4] */
+    C[3] = ROL64(T[0][0],        rhotates[3][0]); /* originally A[3][0] */
+    C[4] = ROL64(A[4][1] ^ D[1], rhotates[4][1]);
+
+    A[4][0] = C[0] ^ (~C[1] & C[2]);
+    A[4][1] = C[1] ^ (~C[2] & C[3]);
+    A[4][2] = C[2] ^ (~C[3] & C[4]);
+    A[4][3] = C[3] ^ (~C[4] & C[0]);
+    A[4][4] = C[4] ^ (~C[0] & C[1]);
+}
+
+static void KeccakF1600(uint64_t A[5][5])
+{
+    size_t i;
+
+    for (i = 0; i < 24; i++) {
+        Round(A, i);
+    }
+}
+
+#elif defined(KECCAK_1X_ALT)
+/*
+ * This is variant of above KECCAK_1X that reduces requirement for
+ * temporary storage even further, but at cost of more updates to A[][].
+ * It's less suitable if A[][] is memory bound, but better if it's
+ * register bound.
+ */
+
+static void Round(uint64_t A[5][5], size_t i)
+{
+    uint64_t C[5], D[5];
+
+    assert(i < (sizeof(iotas) / sizeof(iotas[0])));
+
+    C[0] = A[0][0] ^ A[1][0] ^ A[2][0] ^ A[3][0] ^ A[4][0];
+    C[1] = A[0][1] ^ A[1][1] ^ A[2][1] ^ A[3][1] ^ A[4][1];
+    C[2] = A[0][2] ^ A[1][2] ^ A[2][2] ^ A[3][2] ^ A[4][2];
+    C[3] = A[0][3] ^ A[1][3] ^ A[2][3] ^ A[3][3] ^ A[4][3];
+    C[4] = A[0][4] ^ A[1][4] ^ A[2][4] ^ A[3][4] ^ A[4][4];
+
+    D[1] = C[0] ^  ROL64(C[2], 1);
+    D[2] = C[1] ^  ROL64(C[3], 1);
+    D[3] = C[2] ^= ROL64(C[4], 1);
+    D[4] = C[3] ^= ROL64(C[0], 1);
+    D[0] = C[4] ^= ROL64(C[1], 1);
+
+    A[0][1] ^= D[1];
+    A[1][1] ^= D[1];
+    A[2][1] ^= D[1];
+    A[3][1] ^= D[1];
+    A[4][1] ^= D[1];
+
+    A[0][2] ^= D[2];
+    A[1][2] ^= D[2];
+    A[2][2] ^= D[2];
+    A[3][2] ^= D[2];
+    A[4][2] ^= D[2];
+
+    A[0][3] ^= C[2];
+    A[1][3] ^= C[2];
+    A[2][3] ^= C[2];
+    A[3][3] ^= C[2];
+    A[4][3] ^= C[2];
+
+    A[0][4] ^= C[3];
+    A[1][4] ^= C[3];
+    A[2][4] ^= C[3];
+    A[3][4] ^= C[3];
+    A[4][4] ^= C[3];
+
+    A[0][0] ^= C[4];
+    A[1][0] ^= C[4];
+    A[2][0] ^= C[4];
+    A[3][0] ^= C[4];
+    A[4][0] ^= C[4];
+
+    C[1] = A[0][1];
+    C[2] = A[0][2];
+    C[3] = A[0][3];
+    C[4] = A[0][4];
+
+    A[0][1] = ROL64(A[1][1], rhotates[1][1]);
+    A[0][2] = ROL64(A[2][2], rhotates[2][2]);
+    A[0][3] = ROL64(A[3][3], rhotates[3][3]);
+    A[0][4] = ROL64(A[4][4], rhotates[4][4]);
+
+    A[1][1] = ROL64(A[1][4], rhotates[1][4]);
+    A[2][2] = ROL64(A[2][3], rhotates[2][3]);
+    A[3][3] = ROL64(A[3][2], rhotates[3][2]);
+    A[4][4] = ROL64(A[4][1], rhotates[4][1]);
+
+    A[1][4] = ROL64(A[4][2], rhotates[4][2]);
+    A[2][3] = ROL64(A[3][4], rhotates[3][4]);
+    A[3][2] = ROL64(A[2][1], rhotates[2][1]);
+    A[4][1] = ROL64(A[1][3], rhotates[1][3]);
+
+    A[4][2] = ROL64(A[2][4], rhotates[2][4]);
+    A[3][4] = ROL64(A[4][3], rhotates[4][3]);
+    A[2][1] = ROL64(A[1][2], rhotates[1][2]);
+    A[1][3] = ROL64(A[3][1], rhotates[3][1]);
+
+    A[2][4] = ROL64(A[4][0], rhotates[4][0]);
+    A[4][3] = ROL64(A[3][0], rhotates[3][0]);
+    A[1][2] = ROL64(A[2][0], rhotates[2][0]);
+    A[3][1] = ROL64(A[1][0], rhotates[1][0]);
+
+    A[1][0] = ROL64(C[3],    rhotates[0][3]);
+    A[2][0] = ROL64(C[1],    rhotates[0][1]);
+    A[3][0] = ROL64(C[4],    rhotates[0][4]);
+    A[4][0] = ROL64(C[2],    rhotates[0][2]);
+
+    C[0] = A[0][0];
+    C[1] = A[1][0];
+    D[0] = A[0][1];
+    D[1] = A[1][1];
+
+    A[0][0] ^= (~A[0][1] & A[0][2]);
+    A[1][0] ^= (~A[1][1] & A[1][2]);
+    A[0][1] ^= (~A[0][2] & A[0][3]);
+    A[1][1] ^= (~A[1][2] & A[1][3]);
+    A[0][2] ^= (~A[0][3] & A[0][4]);
+    A[1][2] ^= (~A[1][3] & A[1][4]);
+    A[0][3] ^= (~A[0][4] & C[0]);
+    A[1][3] ^= (~A[1][4] & C[1]);
+    A[0][4] ^= (~C[0]    & D[0]);
+    A[1][4] ^= (~C[1]    & D[1]);
+
+    C[2] = A[2][0];
+    C[3] = A[3][0];
+    D[2] = A[2][1];
+    D[3] = A[3][1];
+
+    A[2][0] ^= (~A[2][1] & A[2][2]);
+    A[3][0] ^= (~A[3][1] & A[3][2]);
+    A[2][1] ^= (~A[2][2] & A[2][3]);
+    A[3][1] ^= (~A[3][2] & A[3][3]);
+    A[2][2] ^= (~A[2][3] & A[2][4]);
+    A[3][2] ^= (~A[3][3] & A[3][4]);
+    A[2][3] ^= (~A[2][4] & C[2]);
+    A[3][3] ^= (~A[3][4] & C[3]);
+    A[2][4] ^= (~C[2]    & D[2]);
+    A[3][4] ^= (~C[3]    & D[3]);
+
+    C[4] = A[4][0];
+    D[4] = A[4][1];
+
+    A[4][0] ^= (~A[4][1] & A[4][2]);
+    A[4][1] ^= (~A[4][2] & A[4][3]);
+    A[4][2] ^= (~A[4][3] & A[4][4]);
+    A[4][3] ^= (~A[4][4] & C[4]);
+    A[4][4] ^= (~C[4]    & D[4]);
+    A[0][0] ^= iotas[i];
+}
+
+static void KeccakF1600(uint64_t A[5][5])
+{
+    size_t i;
+
+    for (i = 0; i < 24; i++) {
+        Round(A, i);
+    }
+}
+
+#elif defined(KECCAK_2X)
+/*
+ * This implementation is variant of KECCAK_1X above with outer-most
+ * round loop unrolled twice. This allows to take temporary storage
+ * out of round procedure and simplify references to it by alternating
+ * it with actual data (see round loop below). Originally it was meant
+ * rather as reference for an assembly implementation, but it seems to
+ * play best with compilers [as well as provide best instruction per
+ * processed byte ratio at minimal round unroll factor]...
+ */
+static void Round(uint64_t R[5][5], uint64_t A[5][5], size_t i)
+{
+    uint64_t C[5], D[5];
+
+    assert(i < (sizeof(iotas) / sizeof(iotas[0])));
+
+    C[0] = A[0][0] ^ A[1][0] ^ A[2][0] ^ A[3][0] ^ A[4][0];
+    C[1] = A[0][1] ^ A[1][1] ^ A[2][1] ^ A[3][1] ^ A[4][1];
+    C[2] = A[0][2] ^ A[1][2] ^ A[2][2] ^ A[3][2] ^ A[4][2];
+    C[3] = A[0][3] ^ A[1][3] ^ A[2][3] ^ A[3][3] ^ A[4][3];
+    C[4] = A[0][4] ^ A[1][4] ^ A[2][4] ^ A[3][4] ^ A[4][4];
+
+    D[0] = ROL64(C[1], 1) ^ C[4];
+    D[1] = ROL64(C[2], 1) ^ C[0];
+    D[2] = ROL64(C[3], 1) ^ C[1];
+    D[3] = ROL64(C[4], 1) ^ C[2];
+    D[4] = ROL64(C[0], 1) ^ C[3];
+
+    C[0] =       A[0][0] ^ D[0]; /* rotate by 0 */
+    C[1] = ROL64(A[1][1] ^ D[1], rhotates[1][1]);
+    C[2] = ROL64(A[2][2] ^ D[2], rhotates[2][2]);
+    C[3] = ROL64(A[3][3] ^ D[3], rhotates[3][3]);
+    C[4] = ROL64(A[4][4] ^ D[4], rhotates[4][4]);
+
+#ifdef KECCAK_COMPLEMENTING_TRANSFORM
+    R[0][0] = C[0] ^ ( C[1] | C[2]) ^ iotas[i];
+    R[0][1] = C[1] ^ (~C[2] | C[3]);
+    R[0][2] = C[2] ^ ( C[3] & C[4]);
+    R[0][3] = C[3] ^ ( C[4] | C[0]);
+    R[0][4] = C[4] ^ ( C[0] & C[1]);
+#else
+    R[0][0] = C[0] ^ (~C[1] & C[2]) ^ iotas[i];
+    R[0][1] = C[1] ^ (~C[2] & C[3]);
+    R[0][2] = C[2] ^ (~C[3] & C[4]);
+    R[0][3] = C[3] ^ (~C[4] & C[0]);
+    R[0][4] = C[4] ^ (~C[0] & C[1]);
+#endif
+
+    C[0] = ROL64(A[0][3] ^ D[3], rhotates[0][3]);
+    C[1] = ROL64(A[1][4] ^ D[4], rhotates[1][4]);
+    C[2] = ROL64(A[2][0] ^ D[0], rhotates[2][0]);
+    C[3] = ROL64(A[3][1] ^ D[1], rhotates[3][1]);
+    C[4] = ROL64(A[4][2] ^ D[2], rhotates[4][2]);
+
+#ifdef KECCAK_COMPLEMENTING_TRANSFORM
+    R[1][0] = C[0] ^ (C[1] |  C[2]);
+    R[1][1] = C[1] ^ (C[2] &  C[3]);
+    R[1][2] = C[2] ^ (C[3] | ~C[4]);
+    R[1][3] = C[3] ^ (C[4] |  C[0]);
+    R[1][4] = C[4] ^ (C[0] &  C[1]);
+#else
+    R[1][0] = C[0] ^ (~C[1] & C[2]);
+    R[1][1] = C[1] ^ (~C[2] & C[3]);
+    R[1][2] = C[2] ^ (~C[3] & C[4]);
+    R[1][3] = C[3] ^ (~C[4] & C[0]);
+    R[1][4] = C[4] ^ (~C[0] & C[1]);
+#endif
+
+    C[0] = ROL64(A[0][1] ^ D[1], rhotates[0][1]);
+    C[1] = ROL64(A[1][2] ^ D[2], rhotates[1][2]);
+    C[2] = ROL64(A[2][3] ^ D[3], rhotates[2][3]);
+    C[3] = ROL64(A[3][4] ^ D[4], rhotates[3][4]);
+    C[4] = ROL64(A[4][0] ^ D[0], rhotates[4][0]);
+
+#ifdef KECCAK_COMPLEMENTING_TRANSFORM
+    R[2][0] =  C[0] ^ ( C[1] | C[2]);
+    R[2][1] =  C[1] ^ ( C[2] & C[3]);
+    R[2][2] =  C[2] ^ (~C[3] & C[4]);
+    R[2][3] = ~C[3] ^ ( C[4] | C[0]);
+    R[2][4] =  C[4] ^ ( C[0] & C[1]);
+#else
+    R[2][0] = C[0] ^ (~C[1] & C[2]);
+    R[2][1] = C[1] ^ (~C[2] & C[3]);
+    R[2][2] = C[2] ^ (~C[3] & C[4]);
+    R[2][3] = C[3] ^ (~C[4] & C[0]);
+    R[2][4] = C[4] ^ (~C[0] & C[1]);
+#endif
+
+    C[0] = ROL64(A[0][4] ^ D[4], rhotates[0][4]);
+    C[1] = ROL64(A[1][0] ^ D[0], rhotates[1][0]);
+    C[2] = ROL64(A[2][1] ^ D[1], rhotates[2][1]);
+    C[3] = ROL64(A[3][2] ^ D[2], rhotates[3][2]);
+    C[4] = ROL64(A[4][3] ^ D[3], rhotates[4][3]);
+
+#ifdef KECCAK_COMPLEMENTING_TRANSFORM
+    R[3][0] =  C[0] ^ ( C[1] & C[2]);
+    R[3][1] =  C[1] ^ ( C[2] | C[3]);
+    R[3][2] =  C[2] ^ (~C[3] | C[4]);
+    R[3][3] = ~C[3] ^ ( C[4] & C[0]);
+    R[3][4] =  C[4] ^ ( C[0] | C[1]);
+#else
+    R[3][0] = C[0] ^ (~C[1] & C[2]);
+    R[3][1] = C[1] ^ (~C[2] & C[3]);
+    R[3][2] = C[2] ^ (~C[3] & C[4]);
+    R[3][3] = C[3] ^ (~C[4] & C[0]);
+    R[3][4] = C[4] ^ (~C[0] & C[1]);
+#endif
+
+    C[0] = ROL64(A[0][2] ^ D[2], rhotates[0][2]);
+    C[1] = ROL64(A[1][3] ^ D[3], rhotates[1][3]);
+    C[2] = ROL64(A[2][4] ^ D[4], rhotates[2][4]);
+    C[3] = ROL64(A[3][0] ^ D[0], rhotates[3][0]);
+    C[4] = ROL64(A[4][1] ^ D[1], rhotates[4][1]);
+
+#ifdef KECCAK_COMPLEMENTING_TRANSFORM
+    R[4][0] =  C[0] ^ (~C[1] & C[2]);
+    R[4][1] = ~C[1] ^ ( C[2] | C[3]);
+    R[4][2] =  C[2] ^ ( C[3] & C[4]);
+    R[4][3] =  C[3] ^ ( C[4] | C[0]);
+    R[4][4] =  C[4] ^ ( C[0] & C[1]);
+#else
+    R[4][0] = C[0] ^ (~C[1] & C[2]);
+    R[4][1] = C[1] ^ (~C[2] & C[3]);
+    R[4][2] = C[2] ^ (~C[3] & C[4]);
+    R[4][3] = C[3] ^ (~C[4] & C[0]);
+    R[4][4] = C[4] ^ (~C[0] & C[1]);
+#endif
+}
+
+static void KeccakF1600(uint64_t A[5][5])
+{
+    uint64_t T[5][5];
+    size_t i;
+
+#ifdef KECCAK_COMPLEMENTING_TRANSFORM
+    A[0][1] = ~A[0][1];
+    A[0][2] = ~A[0][2];
+    A[1][3] = ~A[1][3];
+    A[2][2] = ~A[2][2];
+    A[3][2] = ~A[3][2];
+    A[4][0] = ~A[4][0];
+#endif
+
+    for (i = 0; i < 24; i += 2) {
+        Round(T, A, i);
+        Round(A, T, i + 1);
+    }
+
+#ifdef KECCAK_COMPLEMENTING_TRANSFORM
+    A[0][1] = ~A[0][1];
+    A[0][2] = ~A[0][2];
+    A[1][3] = ~A[1][3];
+    A[2][2] = ~A[2][2];
+    A[3][2] = ~A[3][2];
+    A[4][0] = ~A[4][0];
+#endif
+}
+
+#else   /* define KECCAK_INPLACE to compile this code path */
+/*
+ * This implementation is KECCAK_1X from above combined 4 times with
+ * a twist that allows to omit temporary storage and perform in-place
+ * processing. It's discussed in section 2.5 of "Keccak implementation
+ * overview". It's likely to be best suited for processors with large
+ * register bank... On the other hand processor with large register
+ * bank can as well use KECCAK_1X_ALT, it would be as fast but much
+ * more compact...
+ */
+static void FourRounds(uint64_t A[5][5], size_t i)
+{
+    uint64_t B[5], C[5], D[5];
+
+    assert(i <= (sizeof(iotas) / sizeof(iotas[0]) - 4));
+
+    /* Round 4*n */
+    C[0] = A[0][0] ^ A[1][0] ^ A[2][0] ^ A[3][0] ^ A[4][0];
+    C[1] = A[0][1] ^ A[1][1] ^ A[2][1] ^ A[3][1] ^ A[4][1];
+    C[2] = A[0][2] ^ A[1][2] ^ A[2][2] ^ A[3][2] ^ A[4][2];
+    C[3] = A[0][3] ^ A[1][3] ^ A[2][3] ^ A[3][3] ^ A[4][3];
+    C[4] = A[0][4] ^ A[1][4] ^ A[2][4] ^ A[3][4] ^ A[4][4];
+
+    D[0] = ROL64(C[1], 1) ^ C[4];
+    D[1] = ROL64(C[2], 1) ^ C[0];
+    D[2] = ROL64(C[3], 1) ^ C[1];
+    D[3] = ROL64(C[4], 1) ^ C[2];
+    D[4] = ROL64(C[0], 1) ^ C[3];
+
+    B[0] =       A[0][0] ^ D[0]; /* rotate by 0 */
+    B[1] = ROL64(A[1][1] ^ D[1], rhotates[1][1]);
+    B[2] = ROL64(A[2][2] ^ D[2], rhotates[2][2]);
+    B[3] = ROL64(A[3][3] ^ D[3], rhotates[3][3]);
+    B[4] = ROL64(A[4][4] ^ D[4], rhotates[4][4]);
+
+    C[0] = A[0][0] = B[0] ^ (~B[1] & B[2]) ^ iotas[i];
+    C[1] = A[1][1] = B[1] ^ (~B[2] & B[3]);
+    C[2] = A[2][2] = B[2] ^ (~B[3] & B[4]);
+    C[3] = A[3][3] = B[3] ^ (~B[4] & B[0]);
+    C[4] = A[4][4] = B[4] ^ (~B[0] & B[1]);
+
+    B[0] = ROL64(A[0][3] ^ D[3], rhotates[0][3]);
+    B[1] = ROL64(A[1][4] ^ D[4], rhotates[1][4]);
+    B[2] = ROL64(A[2][0] ^ D[0], rhotates[2][0]);
+    B[3] = ROL64(A[3][1] ^ D[1], rhotates[3][1]);
+    B[4] = ROL64(A[4][2] ^ D[2], rhotates[4][2]);
+
+    C[0] ^= A[2][0] = B[0] ^ (~B[1] & B[2]);
+    C[1] ^= A[3][1] = B[1] ^ (~B[2] & B[3]);
+    C[2] ^= A[4][2] = B[2] ^ (~B[3] & B[4]);
+    C[3] ^= A[0][3] = B[3] ^ (~B[4] & B[0]);
+    C[4] ^= A[1][4] = B[4] ^ (~B[0] & B[1]);
+
+    B[0] = ROL64(A[0][1] ^ D[1], rhotates[0][1]);
+    B[1] = ROL64(A[1][2] ^ D[2], rhotates[1][2]);
+    B[2] = ROL64(A[2][3] ^ D[3], rhotates[2][3]);
+    B[3] = ROL64(A[3][4] ^ D[4], rhotates[3][4]);
+    B[4] = ROL64(A[4][0] ^ D[0], rhotates[4][0]);
+
+    C[0] ^= A[4][0] = B[0] ^ (~B[1] & B[2]);
+    C[1] ^= A[0][1] = B[1] ^ (~B[2] & B[3]);
+    C[2] ^= A[1][2] = B[2] ^ (~B[3] & B[4]);
+    C[3] ^= A[2][3] = B[3] ^ (~B[4] & B[0]);
+    C[4] ^= A[3][4] = B[4] ^ (~B[0] & B[1]);
+
+    B[0] = ROL64(A[0][4] ^ D[4], rhotates[0][4]);
+    B[1] = ROL64(A[1][0] ^ D[0], rhotates[1][0]);
+    B[2] = ROL64(A[2][1] ^ D[1], rhotates[2][1]);
+    B[3] = ROL64(A[3][2] ^ D[2], rhotates[3][2]);
+    B[4] = ROL64(A[4][3] ^ D[3], rhotates[4][3]);
+
+    C[0] ^= A[1][0] = B[0] ^ (~B[1] & B[2]);
+    C[1] ^= A[2][1] = B[1] ^ (~B[2] & B[3]);
+    C[2] ^= A[3][2] = B[2] ^ (~B[3] & B[4]);
+    C[3] ^= A[4][3] = B[3] ^ (~B[4] & B[0]);
+    C[4] ^= A[0][4] = B[4] ^ (~B[0] & B[1]);
+
+    B[0] = ROL64(A[0][2] ^ D[2], rhotates[0][2]);
+    B[1] = ROL64(A[1][3] ^ D[3], rhotates[1][3]);
+    B[2] = ROL64(A[2][4] ^ D[4], rhotates[2][4]);
+    B[3] = ROL64(A[3][0] ^ D[0], rhotates[3][0]);
+    B[4] = ROL64(A[4][1] ^ D[1], rhotates[4][1]);
+
+    C[0] ^= A[3][0] = B[0] ^ (~B[1] & B[2]);
+    C[1] ^= A[4][1] = B[1] ^ (~B[2] & B[3]);
+    C[2] ^= A[0][2] = B[2] ^ (~B[3] & B[4]);
+    C[3] ^= A[1][3] = B[3] ^ (~B[4] & B[0]);
+    C[4] ^= A[2][4] = B[4] ^ (~B[0] & B[1]);
+
+    /* Round 4*n+1 */
+    D[0] = ROL64(C[1], 1) ^ C[4];
+    D[1] = ROL64(C[2], 1) ^ C[0];
+    D[2] = ROL64(C[3], 1) ^ C[1];
+    D[3] = ROL64(C[4], 1) ^ C[2];
+    D[4] = ROL64(C[0], 1) ^ C[3];
+
+    B[0] =       A[0][0] ^ D[0]; /* rotate by 0 */
+    B[1] = ROL64(A[3][1] ^ D[1], rhotates[1][1]);
+    B[2] = ROL64(A[1][2] ^ D[2], rhotates[2][2]);
+    B[3] = ROL64(A[4][3] ^ D[3], rhotates[3][3]);
+    B[4] = ROL64(A[2][4] ^ D[4], rhotates[4][4]);
+
+    C[0] = A[0][0] = B[0] ^ (~B[1] & B[2]) ^ iotas[i + 1];
+    C[1] = A[3][1] = B[1] ^ (~B[2] & B[3]);
+    C[2] = A[1][2] = B[2] ^ (~B[3] & B[4]);
+    C[3] = A[4][3] = B[3] ^ (~B[4] & B[0]);
+    C[4] = A[2][4] = B[4] ^ (~B[0] & B[1]);
+
+    B[0] = ROL64(A[3][3] ^ D[3], rhotates[0][3]);
+    B[1] = ROL64(A[1][4] ^ D[4], rhotates[1][4]);
+    B[2] = ROL64(A[4][0] ^ D[0], rhotates[2][0]);
+    B[3] = ROL64(A[2][1] ^ D[1], rhotates[3][1]);
+    B[4] = ROL64(A[0][2] ^ D[2], rhotates[4][2]);
+
+    C[0] ^= A[4][0] = B[0] ^ (~B[1] & B[2]);
+    C[1] ^= A[2][1] = B[1] ^ (~B[2] & B[3]);
+    C[2] ^= A[0][2] = B[2] ^ (~B[3] & B[4]);
+    C[3] ^= A[3][3] = B[3] ^ (~B[4] & B[0]);
+    C[4] ^= A[1][4] = B[4] ^ (~B[0] & B[1]);
+
+    B[0] = ROL64(A[1][1] ^ D[1], rhotates[0][1]);
+    B[1] = ROL64(A[4][2] ^ D[2], rhotates[1][2]);
+    B[2] = ROL64(A[2][3] ^ D[3], rhotates[2][3]);
+    B[3] = ROL64(A[0][4] ^ D[4], rhotates[3][4]);
+    B[4] = ROL64(A[3][0] ^ D[0], rhotates[4][0]);
+
+    C[0] ^= A[3][0] = B[0] ^ (~B[1] & B[2]);
+    C[1] ^= A[1][1] = B[1] ^ (~B[2] & B[3]);
+    C[2] ^= A[4][2] = B[2] ^ (~B[3] & B[4]);
+    C[3] ^= A[2][3] = B[3] ^ (~B[4] & B[0]);
+    C[4] ^= A[0][4] = B[4] ^ (~B[0] & B[1]);
+
+    B[0] = ROL64(A[4][4] ^ D[4], rhotates[0][4]);
+    B[1] = ROL64(A[2][0] ^ D[0], rhotates[1][0]);
+    B[2] = ROL64(A[0][1] ^ D[1], rhotates[2][1]);
+    B[3] = ROL64(A[3][2] ^ D[2], rhotates[3][2]);
+    B[4] = ROL64(A[1][3] ^ D[3], rhotates[4][3]);
+
+    C[0] ^= A[2][0] = B[0] ^ (~B[1] & B[2]);
+    C[1] ^= A[0][1] = B[1] ^ (~B[2] & B[3]);
+    C[2] ^= A[3][2] = B[2] ^ (~B[3] & B[4]);
+    C[3] ^= A[1][3] = B[3] ^ (~B[4] & B[0]);
+    C[4] ^= A[4][4] = B[4] ^ (~B[0] & B[1]);
+
+    B[0] = ROL64(A[2][2] ^ D[2], rhotates[0][2]);
+    B[1] = ROL64(A[0][3] ^ D[3], rhotates[1][3]);
+    B[2] = ROL64(A[3][4] ^ D[4], rhotates[2][4]);
+    B[3] = ROL64(A[1][0] ^ D[0], rhotates[3][0]);
+    B[4] = ROL64(A[4][1] ^ D[1], rhotates[4][1]);
+
+    C[0] ^= A[1][0] = B[0] ^ (~B[1] & B[2]);
+    C[1] ^= A[4][1] = B[1] ^ (~B[2] & B[3]);
+    C[2] ^= A[2][2] = B[2] ^ (~B[3] & B[4]);
+    C[3] ^= A[0][3] = B[3] ^ (~B[4] & B[0]);
+    C[4] ^= A[3][4] = B[4] ^ (~B[0] & B[1]);
+
+    /* Round 4*n+2 */
+    D[0] = ROL64(C[1], 1) ^ C[4];
+    D[1] = ROL64(C[2], 1) ^ C[0];
+    D[2] = ROL64(C[3], 1) ^ C[1];
+    D[3] = ROL64(C[4], 1) ^ C[2];
+    D[4] = ROL64(C[0], 1) ^ C[3];
+
+    B[0] =       A[0][0] ^ D[0]; /* rotate by 0 */
+    B[1] = ROL64(A[2][1] ^ D[1], rhotates[1][1]);
+    B[2] = ROL64(A[4][2] ^ D[2], rhotates[2][2]);
+    B[3] = ROL64(A[1][3] ^ D[3], rhotates[3][3]);
+    B[4] = ROL64(A[3][4] ^ D[4], rhotates[4][4]);
+
+    C[0] = A[0][0] = B[0] ^ (~B[1] & B[2]) ^ iotas[i + 2];
+    C[1] = A[2][1] = B[1] ^ (~B[2] & B[3]);
+    C[2] = A[4][2] = B[2] ^ (~B[3] & B[4]);
+    C[3] = A[1][3] = B[3] ^ (~B[4] & B[0]);
+    C[4] = A[3][4] = B[4] ^ (~B[0] & B[1]);
+
+    B[0] = ROL64(A[4][3] ^ D[3], rhotates[0][3]);
+    B[1] = ROL64(A[1][4] ^ D[4], rhotates[1][4]);
+    B[2] = ROL64(A[3][0] ^ D[0], rhotates[2][0]);
+    B[3] = ROL64(A[0][1] ^ D[1], rhotates[3][1]);
+    B[4] = ROL64(A[2][2] ^ D[2], rhotates[4][2]);
+
+    C[0] ^= A[3][0] = B[0] ^ (~B[1] & B[2]);
+    C[1] ^= A[0][1] = B[1] ^ (~B[2] & B[3]);
+    C[2] ^= A[2][2] = B[2] ^ (~B[3] & B[4]);
+    C[3] ^= A[4][3] = B[3] ^ (~B[4] & B[0]);
+    C[4] ^= A[1][4] = B[4] ^ (~B[0] & B[1]);
+
+    B[0] = ROL64(A[3][1] ^ D[1], rhotates[0][1]);
+    B[1] = ROL64(A[0][2] ^ D[2], rhotates[1][2]);
+    B[2] = ROL64(A[2][3] ^ D[3], rhotates[2][3]);
+    B[3] = ROL64(A[4][4] ^ D[4], rhotates[3][4]);
+    B[4] = ROL64(A[1][0] ^ D[0], rhotates[4][0]);
+
+    C[0] ^= A[1][0] = B[0] ^ (~B[1] & B[2]);
+    C[1] ^= A[3][1] = B[1] ^ (~B[2] & B[3]);
+    C[2] ^= A[0][2] = B[2] ^ (~B[3] & B[4]);
+    C[3] ^= A[2][3] = B[3] ^ (~B[4] & B[0]);
+    C[4] ^= A[4][4] = B[4] ^ (~B[0] & B[1]);
+
+    B[0] = ROL64(A[2][4] ^ D[4], rhotates[0][4]);
+    B[1] = ROL64(A[4][0] ^ D[0], rhotates[1][0]);
+    B[2] = ROL64(A[1][1] ^ D[1], rhotates[2][1]);
+    B[3] = ROL64(A[3][2] ^ D[2], rhotates[3][2]);
+    B[4] = ROL64(A[0][3] ^ D[3], rhotates[4][3]);
+
+    C[0] ^= A[4][0] = B[0] ^ (~B[1] & B[2]);
+    C[1] ^= A[1][1] = B[1] ^ (~B[2] & B[3]);
+    C[2] ^= A[3][2] = B[2] ^ (~B[3] & B[4]);
+    C[3] ^= A[0][3] = B[3] ^ (~B[4] & B[0]);
+    C[4] ^= A[2][4] = B[4] ^ (~B[0] & B[1]);
+
+    B[0] = ROL64(A[1][2] ^ D[2], rhotates[0][2]);
+    B[1] = ROL64(A[3][3] ^ D[3], rhotates[1][3]);
+    B[2] = ROL64(A[0][4] ^ D[4], rhotates[2][4]);
+    B[3] = ROL64(A[2][0] ^ D[0], rhotates[3][0]);
+    B[4] = ROL64(A[4][1] ^ D[1], rhotates[4][1]);
+
+    C[0] ^= A[2][0] = B[0] ^ (~B[1] & B[2]);
+    C[1] ^= A[4][1] = B[1] ^ (~B[2] & B[3]);
+    C[2] ^= A[1][2] = B[2] ^ (~B[3] & B[4]);
+    C[3] ^= A[3][3] = B[3] ^ (~B[4] & B[0]);
+    C[4] ^= A[0][4] = B[4] ^ (~B[0] & B[1]);
+
+    /* Round 4*n+3 */
+    D[0] = ROL64(C[1], 1) ^ C[4];
+    D[1] = ROL64(C[2], 1) ^ C[0];
+    D[2] = ROL64(C[3], 1) ^ C[1];
+    D[3] = ROL64(C[4], 1) ^ C[2];
+    D[4] = ROL64(C[0], 1) ^ C[3];
+
+    B[0] =       A[0][0] ^ D[0]; /* rotate by 0 */
+    B[1] = ROL64(A[0][1] ^ D[1], rhotates[1][1]);
+    B[2] = ROL64(A[0][2] ^ D[2], rhotates[2][2]);
+    B[3] = ROL64(A[0][3] ^ D[3], rhotates[3][3]);
+    B[4] = ROL64(A[0][4] ^ D[4], rhotates[4][4]);
+
+    /* C[0] = */ A[0][0] = B[0] ^ (~B[1] & B[2]) ^ iotas[i + 3];
+    /* C[1] = */ A[0][1] = B[1] ^ (~B[2] & B[3]);
+    /* C[2] = */ A[0][2] = B[2] ^ (~B[3] & B[4]);
+    /* C[3] = */ A[0][3] = B[3] ^ (~B[4] & B[0]);
+    /* C[4] = */ A[0][4] = B[4] ^ (~B[0] & B[1]);
+
+    B[0] = ROL64(A[1][3] ^ D[3], rhotates[0][3]);
+    B[1] = ROL64(A[1][4] ^ D[4], rhotates[1][4]);
+    B[2] = ROL64(A[1][0] ^ D[0], rhotates[2][0]);
+    B[3] = ROL64(A[1][1] ^ D[1], rhotates[3][1]);
+    B[4] = ROL64(A[1][2] ^ D[2], rhotates[4][2]);
+
+    /* C[0] ^= */ A[1][0] = B[0] ^ (~B[1] & B[2]);
+    /* C[1] ^= */ A[1][1] = B[1] ^ (~B[2] & B[3]);
+    /* C[2] ^= */ A[1][2] = B[2] ^ (~B[3] & B[4]);
+    /* C[3] ^= */ A[1][3] = B[3] ^ (~B[4] & B[0]);
+    /* C[4] ^= */ A[1][4] = B[4] ^ (~B[0] & B[1]);
+
+    B[0] = ROL64(A[2][1] ^ D[1], rhotates[0][1]);
+    B[1] = ROL64(A[2][2] ^ D[2], rhotates[1][2]);
+    B[2] = ROL64(A[2][3] ^ D[3], rhotates[2][3]);
+    B[3] = ROL64(A[2][4] ^ D[4], rhotates[3][4]);
+    B[4] = ROL64(A[2][0] ^ D[0], rhotates[4][0]);
+
+    /* C[0] ^= */ A[2][0] = B[0] ^ (~B[1] & B[2]);
+    /* C[1] ^= */ A[2][1] = B[1] ^ (~B[2] & B[3]);
+    /* C[2] ^= */ A[2][2] = B[2] ^ (~B[3] & B[4]);
+    /* C[3] ^= */ A[2][3] = B[3] ^ (~B[4] & B[0]);
+    /* C[4] ^= */ A[2][4] = B[4] ^ (~B[0] & B[1]);
+
+    B[0] = ROL64(A[3][4] ^ D[4], rhotates[0][4]);
+    B[1] = ROL64(A[3][0] ^ D[0], rhotates[1][0]);
+    B[2] = ROL64(A[3][1] ^ D[1], rhotates[2][1]);
+    B[3] = ROL64(A[3][2] ^ D[2], rhotates[3][2]);
+    B[4] = ROL64(A[3][3] ^ D[3], rhotates[4][3]);
+
+    /* C[0] ^= */ A[3][0] = B[0] ^ (~B[1] & B[2]);
+    /* C[1] ^= */ A[3][1] = B[1] ^ (~B[2] & B[3]);
+    /* C[2] ^= */ A[3][2] = B[2] ^ (~B[3] & B[4]);
+    /* C[3] ^= */ A[3][3] = B[3] ^ (~B[4] & B[0]);
+    /* C[4] ^= */ A[3][4] = B[4] ^ (~B[0] & B[1]);
+
+    B[0] = ROL64(A[4][2] ^ D[2], rhotates[0][2]);
+    B[1] = ROL64(A[4][3] ^ D[3], rhotates[1][3]);
+    B[2] = ROL64(A[4][4] ^ D[4], rhotates[2][4]);
+    B[3] = ROL64(A[4][0] ^ D[0], rhotates[3][0]);
+    B[4] = ROL64(A[4][1] ^ D[1], rhotates[4][1]);
+
+    /* C[0] ^= */ A[4][0] = B[0] ^ (~B[1] & B[2]);
+    /* C[1] ^= */ A[4][1] = B[1] ^ (~B[2] & B[3]);
+    /* C[2] ^= */ A[4][2] = B[2] ^ (~B[3] & B[4]);
+    /* C[3] ^= */ A[4][3] = B[3] ^ (~B[4] & B[0]);
+    /* C[4] ^= */ A[4][4] = B[4] ^ (~B[0] & B[1]);
+}
+
+static void KeccakF1600(uint64_t A[5][5])
+{
+    size_t i;
+
+    for (i = 0; i < 24; i += 4) {
+        FourRounds(A, i);
+    }
+}
+
+#endif
+
+static uint64_t BitInterleave(uint64_t Ai)
+{
+    if (BIT_INTERLEAVE) {
+        uint32_t hi = (uint32_t)(Ai >> 32), lo = (uint32_t)Ai;
+        uint32_t t0, t1;
+
+        t0 = lo & 0x55555555;
+        t0 |= t0 >> 1;  t0 &= 0x33333333;
+        t0 |= t0 >> 2;  t0 &= 0x0f0f0f0f;
+        t0 |= t0 >> 4;  t0 &= 0x00ff00ff;
+        t0 |= t0 >> 8;  t0 &= 0x0000ffff;
+
+        t1 = hi & 0x55555555;
+        t1 |= t1 >> 1;  t1 &= 0x33333333;
+        t1 |= t1 >> 2;  t1 &= 0x0f0f0f0f;
+        t1 |= t1 >> 4;  t1 &= 0x00ff00ff;
+        t1 |= t1 >> 8;  t1 <<= 16;
+
+        lo &= 0xaaaaaaaa;
+        lo |= lo << 1;  lo &= 0xcccccccc;
+        lo |= lo << 2;  lo &= 0xf0f0f0f0;
+        lo |= lo << 4;  lo &= 0xff00ff00;
+        lo |= lo << 8;  lo >>= 16;
+
+        hi &= 0xaaaaaaaa;
+        hi |= hi << 1;  hi &= 0xcccccccc;
+        hi |= hi << 2;  hi &= 0xf0f0f0f0;
+        hi |= hi << 4;  hi &= 0xff00ff00;
+        hi |= hi << 8;  hi &= 0xffff0000;
+
+        Ai = ((uint64_t)(hi | lo) << 32) | (t1 | t0);
+    }
+
+    return Ai;
+}
+
+static uint64_t BitDeinterleave(uint64_t Ai)
+{
+    if (BIT_INTERLEAVE) {
+        uint32_t hi = (uint32_t)(Ai >> 32), lo = (uint32_t)Ai;
+        uint32_t t0, t1;
+
+        t0 = lo & 0x0000ffff;
+        t0 |= t0 << 8;  t0 &= 0x00ff00ff;
+        t0 |= t0 << 4;  t0 &= 0x0f0f0f0f;
+        t0 |= t0 << 2;  t0 &= 0x33333333;
+        t0 |= t0 << 1;  t0 &= 0x55555555;
+
+        t1 = hi << 16;
+        t1 |= t1 >> 8;  t1 &= 0xff00ff00;
+        t1 |= t1 >> 4;  t1 &= 0xf0f0f0f0;
+        t1 |= t1 >> 2;  t1 &= 0xcccccccc;
+        t1 |= t1 >> 1;  t1 &= 0xaaaaaaaa;
+
+        lo >>= 16;
+        lo |= lo << 8;  lo &= 0x00ff00ff;
+        lo |= lo << 4;  lo &= 0x0f0f0f0f;
+        lo |= lo << 2;  lo &= 0x33333333;
+        lo |= lo << 1;  lo &= 0x55555555;
+
+        hi &= 0xffff0000;
+        hi |= hi >> 8;  hi &= 0xff00ff00;
+        hi |= hi >> 4;  hi &= 0xf0f0f0f0;
+        hi |= hi >> 2;  hi &= 0xcccccccc;
+        hi |= hi >> 1;  hi &= 0xaaaaaaaa;
+
+        Ai = ((uint64_t)(hi | lo) << 32) | (t1 | t0);
+    }
+
+    return Ai;
+}
+
+/*
+ * SHA3_absorb can be called multiple times, but at each invocation
+ * largest multiple of |r| out of |len| bytes are processed. Then
+ * remaining amount of bytes is returned. This is done to spare caller
+ * trouble of calculating the largest multiple of |r|. |r| can be viewed
+ * as blocksize. It is commonly (1600 - 256*n)/8, e.g. 168, 136, 104,
+ * 72, but can also be (1600 - 448)/8 = 144. All this means that message
+ * padding and intermediate sub-block buffering, byte- or bitwise, is
+ * caller's responsibility.
+ */
+size_t SHA3_absorb(uint64_t A[5][5], const unsigned char *inp, size_t len,
+                   size_t r)
+{
+    uint64_t *A_flat = (uint64_t *)A;
+    size_t i, w = r / 8;
+
+    assert(r < (25 * sizeof(A[0][0])) && (r % 8) == 0);
+
+    while (len >= r) {
+        for (i = 0; i < w; i++) {
+            uint64_t Ai = (uint64_t)inp[0]       | (uint64_t)inp[1] << 8  |
+                          (uint64_t)inp[2] << 16 | (uint64_t)inp[3] << 24 |
+                          (uint64_t)inp[4] << 32 | (uint64_t)inp[5] << 40 |
+                          (uint64_t)inp[6] << 48 | (uint64_t)inp[7] << 56;
+            inp += 8;
+
+            A_flat[i] ^= BitInterleave(Ai);
+        }
+        KeccakF1600(A);
+        len -= r;
+    }
+
+    return len;
+}
+
+/*
+ * SHA3_squeeze is called once at the end to generate |out| hash value
+ * of |len| bytes.
+ */
+void SHA3_squeeze(uint64_t A[5][5], unsigned char *out, size_t len, size_t r)
+{
+    uint64_t *A_flat = (uint64_t *)A;
+    size_t i, w = r / 8;
+
+    assert(r < (25 * sizeof(A[0][0])) && (r % 8) == 0);
+
+    while (len != 0) {
+        for (i = 0; i < w && len != 0; i++) {
+            uint64_t Ai = BitDeinterleave(A_flat[i]);
+
+            if (len < 8) {
+                for (i = 0; i < len; i++) {
+                    *out++ = (unsigned char)Ai;
+                    Ai >>= 8;
+                }
+                return;
+            }
+
+            out[0] = (unsigned char)(Ai);
+            out[1] = (unsigned char)(Ai >> 8);
+            out[2] = (unsigned char)(Ai >> 16);
+            out[3] = (unsigned char)(Ai >> 24);
+            out[4] = (unsigned char)(Ai >> 32);
+            out[5] = (unsigned char)(Ai >> 40);
+            out[6] = (unsigned char)(Ai >> 48);
+            out[7] = (unsigned char)(Ai >> 56);
+            out += 8;
+            len -= 8;
+        }
+        if (len)
+            KeccakF1600(A);
+    }
+}
+#endif
+
+#ifdef SELFTEST
+/*
+ * Post-padding one-shot implementations would look as following:
+ *
+ * SHA3_224     SHA3_sponge(inp, len, out, 224/8, (1600-448)/8);
+ * SHA3_256     SHA3_sponge(inp, len, out, 256/8, (1600-512)/8);
+ * SHA3_384     SHA3_sponge(inp, len, out, 384/8, (1600-768)/8);
+ * SHA3_512     SHA3_sponge(inp, len, out, 512/8, (1600-1024)/8);
+ * SHAKE_128    SHA3_sponge(inp, len, out, d, (1600-256)/8);
+ * SHAKE_256    SHA3_sponge(inp, len, out, d, (1600-512)/8);
+ */
+
+void SHA3_sponge(const unsigned char *inp, size_t len,
+                 unsigned char *out, size_t d, size_t r)
+{
+    uint64_t A[5][5];
+
+    memset(A, 0, sizeof(A));
+    SHA3_absorb(A, inp, len, r);
+    SHA3_squeeze(A, out, d, r);
+}
+
+# include <stdio.h>
+
+int main()
+{
+    /*
+     * This is 5-bit SHAKE128 test from http://csrc.nist.gov/groups/ST/toolkit/examples.html#aHashing
+     */
+    unsigned char test[168] = { '\xf3', '\x3' };
+    unsigned char out[512];
+    size_t i;
+    static const unsigned char result[512] = {
+        0x2E, 0x0A, 0xBF, 0xBA, 0x83, 0xE6, 0x72, 0x0B,
+        0xFB, 0xC2, 0x25, 0xFF, 0x6B, 0x7A, 0xB9, 0xFF,
+        0xCE, 0x58, 0xBA, 0x02, 0x7E, 0xE3, 0xD8, 0x98,
+        0x76, 0x4F, 0xEF, 0x28, 0x7D, 0xDE, 0xCC, 0xCA,
+        0x3E, 0x6E, 0x59, 0x98, 0x41, 0x1E, 0x7D, 0xDB,
+        0x32, 0xF6, 0x75, 0x38, 0xF5, 0x00, 0xB1, 0x8C,
+        0x8C, 0x97, 0xC4, 0x52, 0xC3, 0x70, 0xEA, 0x2C,
+        0xF0, 0xAF, 0xCA, 0x3E, 0x05, 0xDE, 0x7E, 0x4D,
+        0xE2, 0x7F, 0xA4, 0x41, 0xA9, 0xCB, 0x34, 0xFD,
+        0x17, 0xC9, 0x78, 0xB4, 0x2D, 0x5B, 0x7E, 0x7F,
+        0x9A, 0xB1, 0x8F, 0xFE, 0xFF, 0xC3, 0xC5, 0xAC,
+        0x2F, 0x3A, 0x45, 0x5E, 0xEB, 0xFD, 0xC7, 0x6C,
+        0xEA, 0xEB, 0x0A, 0x2C, 0xCA, 0x22, 0xEE, 0xF6,
+        0xE6, 0x37, 0xF4, 0xCA, 0xBE, 0x5C, 0x51, 0xDE,
+        0xD2, 0xE3, 0xFA, 0xD8, 0xB9, 0x52, 0x70, 0xA3,
+        0x21, 0x84, 0x56, 0x64, 0xF1, 0x07, 0xD1, 0x64,
+        0x96, 0xBB, 0x7A, 0xBF, 0xBE, 0x75, 0x04, 0xB6,
+        0xED, 0xE2, 0xE8, 0x9E, 0x4B, 0x99, 0x6F, 0xB5,
+        0x8E, 0xFD, 0xC4, 0x18, 0x1F, 0x91, 0x63, 0x38,
+        0x1C, 0xBE, 0x7B, 0xC0, 0x06, 0xA7, 0xA2, 0x05,
+        0x98, 0x9C, 0x52, 0x6C, 0xD1, 0xBD, 0x68, 0x98,
+        0x36, 0x93, 0xB4, 0xBD, 0xC5, 0x37, 0x28, 0xB2,
+        0x41, 0xC1, 0xCF, 0xF4, 0x2B, 0xB6, 0x11, 0x50,
+        0x2C, 0x35, 0x20, 0x5C, 0xAB, 0xB2, 0x88, 0x75,
+        0x56, 0x55, 0xD6, 0x20, 0xC6, 0x79, 0x94, 0xF0,
+        0x64, 0x51, 0x18, 0x7F, 0x6F, 0xD1, 0x7E, 0x04,
+        0x66, 0x82, 0xBA, 0x12, 0x86, 0x06, 0x3F, 0xF8,
+        0x8F, 0xE2, 0x50, 0x8D, 0x1F, 0xCA, 0xF9, 0x03,
+        0x5A, 0x12, 0x31, 0xAD, 0x41, 0x50, 0xA9, 0xC9,
+        0xB2, 0x4C, 0x9B, 0x2D, 0x66, 0xB2, 0xAD, 0x1B,
+        0xDE, 0x0B, 0xD0, 0xBB, 0xCB, 0x8B, 0xE0, 0x5B,
+        0x83, 0x52, 0x29, 0xEF, 0x79, 0x19, 0x73, 0x73,
+        0x23, 0x42, 0x44, 0x01, 0xE1, 0xD8, 0x37, 0xB6,
+        0x6E, 0xB4, 0xE6, 0x30, 0xFF, 0x1D, 0xE7, 0x0C,
+        0xB3, 0x17, 0xC2, 0xBA, 0xCB, 0x08, 0x00, 0x1D,
+        0x34, 0x77, 0xB7, 0xA7, 0x0A, 0x57, 0x6D, 0x20,
+        0x86, 0x90, 0x33, 0x58, 0x9D, 0x85, 0xA0, 0x1D,
+        0xDB, 0x2B, 0x66, 0x46, 0xC0, 0x43, 0xB5, 0x9F,
+        0xC0, 0x11, 0x31, 0x1D, 0xA6, 0x66, 0xFA, 0x5A,
+        0xD1, 0xD6, 0x38, 0x7F, 0xA9, 0xBC, 0x40, 0x15,
+        0xA3, 0x8A, 0x51, 0xD1, 0xDA, 0x1E, 0xA6, 0x1D,
+        0x64, 0x8D, 0xC8, 0xE3, 0x9A, 0x88, 0xB9, 0xD6,
+        0x22, 0xBD, 0xE2, 0x07, 0xFD, 0xAB, 0xC6, 0xF2,
+        0x82, 0x7A, 0x88, 0x0C, 0x33, 0x0B, 0xBF, 0x6D,
+        0xF7, 0x33, 0x77, 0x4B, 0x65, 0x3E, 0x57, 0x30,
+        0x5D, 0x78, 0xDC, 0xE1, 0x12, 0xF1, 0x0A, 0x2C,
+        0x71, 0xF4, 0xCD, 0xAD, 0x92, 0xED, 0x11, 0x3E,
+        0x1C, 0xEA, 0x63, 0xB9, 0x19, 0x25, 0xED, 0x28,
+        0x19, 0x1E, 0x6D, 0xBB, 0xB5, 0xAA, 0x5A, 0x2A,
+        0xFD, 0xA5, 0x1F, 0xC0, 0x5A, 0x3A, 0xF5, 0x25,
+        0x8B, 0x87, 0x66, 0x52, 0x43, 0x55, 0x0F, 0x28,
+        0x94, 0x8A, 0xE2, 0xB8, 0xBE, 0xB6, 0xBC, 0x9C,
+        0x77, 0x0B, 0x35, 0xF0, 0x67, 0xEA, 0xA6, 0x41,
+        0xEF, 0xE6, 0x5B, 0x1A, 0x44, 0x90, 0x9D, 0x1B,
+        0x14, 0x9F, 0x97, 0xEE, 0xA6, 0x01, 0x39, 0x1C,
+        0x60, 0x9E, 0xC8, 0x1D, 0x19, 0x30, 0xF5, 0x7C,
+        0x18, 0xA4, 0xE0, 0xFA, 0xB4, 0x91, 0xD1, 0xCA,
+        0xDF, 0xD5, 0x04, 0x83, 0x44, 0x9E, 0xDC, 0x0F,
+        0x07, 0xFF, 0xB2, 0x4D, 0x2C, 0x6F, 0x9A, 0x9A,
+        0x3B, 0xFF, 0x39, 0xAE, 0x3D, 0x57, 0xF5, 0x60,
+        0x65, 0x4D, 0x7D, 0x75, 0xC9, 0x08, 0xAB, 0xE6,
+        0x25, 0x64, 0x75, 0x3E, 0xAC, 0x39, 0xD7, 0x50,
+        0x3D, 0xA6, 0xD3, 0x7C, 0x2E, 0x32, 0xE1, 0xAF,
+        0x3B, 0x8A, 0xEC, 0x8A, 0xE3, 0x06, 0x9C, 0xD9
+    };
+
+    test[167] = '\x80';
+    SHA3_sponge(test, sizeof(test), out, sizeof(out), sizeof(test));
+
+    /*
+     * Rationale behind keeping output [formatted as below] is that
+     * one should be able to redirect it to a file, then copy-n-paste
+     * final "output val" from official example to another file, and
+     * compare the two with diff(1).
+     */
+    for (i = 0; i < sizeof(out);) {
+        printf("%02X", out[i]);
+        printf(++i % 16 && i != sizeof(out) ? " " : "\n");
+    }
+
+    if (memcmp(out,result,sizeof(out))) {
+        fprintf(stderr,"failure\n");
+        return 1;
+    } else {
+        fprintf(stderr,"success\n");
+        return 0;
+    }
+}
+#endif
diff --git a/deps/openssl/openssl/crypto/sha/sha1_one.c b/deps/openssl/openssl/crypto/sha/sha1_one.c
index 273ab08dc1..e5b38211d2 100644
--- a/deps/openssl/openssl/crypto/sha/sha1_one.c
+++ b/deps/openssl/openssl/crypto/sha/sha1_one.c
@@ -24,5 +24,5 @@ unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md)
     SHA1_Update(&c, d, n);
     SHA1_Final(md, &c);
     OPENSSL_cleanse(&c, sizeof(c));
-    return (md);
+    return md;
 }
diff --git a/deps/openssl/openssl/crypto/sha/sha256.c b/deps/openssl/openssl/crypto/sha/sha256.c
index 5e7ba439f9..bf78f075ee 100644
--- a/deps/openssl/openssl/crypto/sha/sha256.c
+++ b/deps/openssl/openssl/crypto/sha/sha256.c
@@ -57,7 +57,7 @@ unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md)
     SHA256_Update(&c, d, n);
     SHA256_Final(md, &c);
     OPENSSL_cleanse(&c, sizeof(c));
-    return (md);
+    return md;
 }
 
 unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md)
@@ -71,7 +71,7 @@ unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md)
     SHA256_Update(&c, d, n);
     SHA256_Final(md, &c);
     OPENSSL_cleanse(&c, sizeof(c));
-    return (md);
+    return md;
 }
 
 int SHA224_Update(SHA256_CTX *c, const void *data, size_t len)
diff --git a/deps/openssl/openssl/crypto/sha/sha512.c b/deps/openssl/openssl/crypto/sha/sha512.c
index e94de4370b..50b65ee811 100644
--- a/deps/openssl/openssl/crypto/sha/sha512.c
+++ b/deps/openssl/openssl/crypto/sha/sha512.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -41,7 +41,6 @@
  * As this implementation relies on 64-bit integer type, it's totally
  * inappropriate for platforms which don't support it, most notably
  * 16-bit platforms.
- *                                      <appro@fy.chalmers.se>
  */
 #include <stdlib.h>
 #include <string.h>
@@ -51,6 +50,7 @@
 #include <openssl/opensslv.h>
 
 #include "internal/cryptlib.h"
+#include "internal/sha.h"
 
 #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
     defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \
@@ -60,6 +60,42 @@
 # define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
 #endif
 
+int sha512_224_init(SHA512_CTX *c)
+{
+    c->h[0] = U64(0x8c3d37c819544da2);
+    c->h[1] = U64(0x73e1996689dcd4d6);
+    c->h[2] = U64(0x1dfab7ae32ff9c82);
+    c->h[3] = U64(0x679dd514582f9fcf);
+    c->h[4] = U64(0x0f6d2b697bd44da8);
+    c->h[5] = U64(0x77e36f7304c48942);
+    c->h[6] = U64(0x3f9d85a86a1d36c8);
+    c->h[7] = U64(0x1112e6ad91d692a1);
+
+    c->Nl = 0;
+    c->Nh = 0;
+    c->num = 0;
+    c->md_len = SHA224_DIGEST_LENGTH;
+    return 1;
+}
+
+int sha512_256_init(SHA512_CTX *c)
+{
+    c->h[0] = U64(0x22312194fc2bf72c);
+    c->h[1] = U64(0x9f555fa3c84c64c2);
+    c->h[2] = U64(0x2393b86b6f53b151);
+    c->h[3] = U64(0x963877195940eabd);
+    c->h[4] = U64(0x96283ee2a88effe3);
+    c->h[5] = U64(0xbe5e1e2553863992);
+    c->h[6] = U64(0x2b0199fc2c85b8aa);
+    c->h[7] = U64(0x0eb72ddc81c52ca2);
+
+    c->Nl = 0;
+    c->Nh = 0;
+    c->num = 0;
+    c->md_len = SHA256_DIGEST_LENGTH;
+    return 1;
+}
+
 int SHA384_Init(SHA512_CTX *c)
 {
     c->h[0] = U64(0xcbbb9d5dc1059ed8);
@@ -144,6 +180,46 @@ int SHA512_Final(unsigned char *md, SHA512_CTX *c)
 
     switch (c->md_len) {
     /* Let compiler decide if it's appropriate to unroll... */
+    case SHA224_DIGEST_LENGTH:
+        for (n = 0; n < SHA224_DIGEST_LENGTH / 8; n++) {
+            SHA_LONG64 t = c->h[n];
+
+            *(md++) = (unsigned char)(t >> 56);
+            *(md++) = (unsigned char)(t >> 48);
+            *(md++) = (unsigned char)(t >> 40);
+            *(md++) = (unsigned char)(t >> 32);
+            *(md++) = (unsigned char)(t >> 24);
+            *(md++) = (unsigned char)(t >> 16);
+            *(md++) = (unsigned char)(t >> 8);
+            *(md++) = (unsigned char)(t);
+        }
+        /*
+         * For 224 bits, there are four bytes left over that have to be
+         * processed separately.
+         */
+        {
+            SHA_LONG64 t = c->h[SHA224_DIGEST_LENGTH / 8];
+
+            *(md++) = (unsigned char)(t >> 56);
+            *(md++) = (unsigned char)(t >> 48);
+            *(md++) = (unsigned char)(t >> 40);
+            *(md++) = (unsigned char)(t >> 32);
+        }
+        break;
+    case SHA256_DIGEST_LENGTH:
+        for (n = 0; n < SHA256_DIGEST_LENGTH / 8; n++) {
+            SHA_LONG64 t = c->h[n];
+
+            *(md++) = (unsigned char)(t >> 56);
+            *(md++) = (unsigned char)(t >> 48);
+            *(md++) = (unsigned char)(t >> 40);
+            *(md++) = (unsigned char)(t >> 32);
+            *(md++) = (unsigned char)(t >> 24);
+            *(md++) = (unsigned char)(t >> 16);
+            *(md++) = (unsigned char)(t >> 8);
+            *(md++) = (unsigned char)(t);
+        }
+        break;
     case SHA384_DIGEST_LENGTH:
         for (n = 0; n < SHA384_DIGEST_LENGTH / 8; n++) {
             SHA_LONG64 t = c->h[n];
@@ -258,7 +334,7 @@ unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md)
     SHA512_Update(&c, d, n);
     SHA512_Final(md, &c);
     OPENSSL_cleanse(&c, sizeof(c));
-    return (md);
+    return md;
 }
 
 unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md)
@@ -272,7 +348,7 @@ unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md)
     SHA512_Update(&c, d, n);
     SHA512_Final(md, &c);
     OPENSSL_cleanse(&c, sizeof(c));
-    return (md);
+    return md;
 }
 
 #ifndef SHA512_ASM
@@ -399,9 +475,6 @@ static SHA_LONG64 __fastcall __pull64be(const void *x)
 }
 #    endif
 #    define PULL64(x) __pull64be(&(x))
-#    if _MSC_VER<=1200
-#     pragma inline_depth(0)
-#    endif
 #   endif
 #  endif
 # endif
diff --git a/deps/openssl/openssl/crypto/sha/sha_locl.h b/deps/openssl/openssl/crypto/sha/sha_locl.h
index 918278a83f..4e5a090382 100644
--- a/deps/openssl/openssl/crypto/sha/sha_locl.h
+++ b/deps/openssl/openssl/crypto/sha/sha_locl.h
@@ -67,11 +67,12 @@ int HASH_INIT(SHA_CTX *c)
 #define K_60_79 0xca62c1d6UL
 
 /*
- * As pointed out by Wei Dai <weidai@eskimo.com>, F() below can be simplified
- * to the code in F_00_19.  Wei attributes these optimisations to Peter
- * Gutmann's SHS code, and he attributes it to Rich Schroeppel. #define
- * F(x,y,z) (((x) & (y)) | ((~(x)) & (z))) I've just become aware of another
- * tweak to be made, again from Wei Dai, in F_40_59, (x&a)|(y&a) -> (x|y)&a
+ * As pointed out by Wei Dai, F() below can be simplified to the code in
+ * F_00_19.  Wei attributes these optimizations to Peter Gutmann's SHS code,
+ * and he attributes it to Rich Schroeppel.
+ *      #define F(x,y,z) (((x) & (y)) | ((~(x)) & (z)))
+ * I've just become aware of another tweak to be made, again from Wei Dai,
+ * in F_40_59, (x&a)|(y&a) -> (x|y)&a
  */
 #define F_00_19(b,c,d)  ((((c) ^ (d)) & (b)) ^ (d))
 #define F_20_39(b,c,d)  ((b) ^ (c) ^ (d))
@@ -120,7 +121,6 @@ int HASH_INIT(SHA_CTX *c)
    * "find" this expectation reasonable:-( On order to make such
    * compilers generate better code I replace X[] with a bunch of
    * X0, X1, etc. See the function body below...
-   *                                    <appro@fy.chalmers.se>
    */
 #  define X(i)   XX##i
 # else
diff --git a/deps/openssl/openssl/crypto/siphash/build.info b/deps/openssl/openssl/crypto/siphash/build.info
new file mode 100644
index 0000000000..4166344a5b
--- /dev/null
+++ b/deps/openssl/openssl/crypto/siphash/build.info
@@ -0,0 +1,5 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+	siphash.c \
+	siphash_pmeth.c \
+	siphash_ameth.c
diff --git a/deps/openssl/openssl/crypto/siphash/siphash.c b/deps/openssl/openssl/crypto/siphash/siphash.c
new file mode 100644
index 0000000000..be74a38d93
--- /dev/null
+++ b/deps/openssl/openssl/crypto/siphash/siphash.c
@@ -0,0 +1,260 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Based on https://131002.net/siphash C reference implementation */
+/*
+   SipHash reference C implementation
+
+   Copyright (c) 2012-2016 Jean-Philippe Aumasson
+   Copyright (c) 2012-2014 Daniel J. Bernstein
+
+   To the extent possible under law, the author(s) have dedicated all copyright
+   and related and neighboring rights to this software to the public domain
+   worldwide. This software is distributed without any warranty.
+
+   You should have received a copy of the CC0 Public Domain Dedication along
+   with this software. If not, see
+   <http://creativecommons.org/publicdomain/zero/1.0/>.
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/crypto.h>
+
+#include "internal/siphash.h"
+#include "siphash_local.h"
+
+/* default: SipHash-2-4 */
+#define SIPHASH_C_ROUNDS 2
+#define SIPHASH_D_ROUNDS 4
+
+#define ROTL(x, b) (uint64_t)(((x) << (b)) | ((x) >> (64 - (b))))
+
+#define U32TO8_LE(p, v)                                                        \
+    (p)[0] = (uint8_t)((v));                                                   \
+    (p)[1] = (uint8_t)((v) >> 8);                                              \
+    (p)[2] = (uint8_t)((v) >> 16);                                             \
+    (p)[3] = (uint8_t)((v) >> 24);
+
+#define U64TO8_LE(p, v)                                                        \
+    U32TO8_LE((p), (uint32_t)((v)));                                           \
+    U32TO8_LE((p) + 4, (uint32_t)((v) >> 32));
+
+#define U8TO64_LE(p)                                                           \
+    (((uint64_t)((p)[0])) | ((uint64_t)((p)[1]) << 8) |                        \
+     ((uint64_t)((p)[2]) << 16) | ((uint64_t)((p)[3]) << 24) |                 \
+     ((uint64_t)((p)[4]) << 32) | ((uint64_t)((p)[5]) << 40) |                 \
+     ((uint64_t)((p)[6]) << 48) | ((uint64_t)((p)[7]) << 56))
+
+#define SIPROUND                                                               \
+    do {                                                                       \
+        v0 += v1;                                                              \
+        v1 = ROTL(v1, 13);                                                     \
+        v1 ^= v0;                                                              \
+        v0 = ROTL(v0, 32);                                                     \
+        v2 += v3;                                                              \
+        v3 = ROTL(v3, 16);                                                     \
+        v3 ^= v2;                                                              \
+        v0 += v3;                                                              \
+        v3 = ROTL(v3, 21);                                                     \
+        v3 ^= v0;                                                              \
+        v2 += v1;                                                              \
+        v1 = ROTL(v1, 17);                                                     \
+        v1 ^= v2;                                                              \
+        v2 = ROTL(v2, 32);                                                     \
+    } while (0)
+
+size_t SipHash_ctx_size(void)
+{
+    return sizeof(SIPHASH);
+}
+
+size_t SipHash_hash_size(SIPHASH *ctx)
+{
+    return ctx->hash_size;
+}
+
+static size_t siphash_adjust_hash_size(size_t hash_size)
+{
+    if (hash_size == 0)
+        hash_size = SIPHASH_MAX_DIGEST_SIZE;
+    return hash_size;
+}
+
+int SipHash_set_hash_size(SIPHASH *ctx, size_t hash_size)
+{
+    hash_size = siphash_adjust_hash_size(hash_size);
+    if (hash_size != SIPHASH_MIN_DIGEST_SIZE
+        && hash_size != SIPHASH_MAX_DIGEST_SIZE)
+        return 0;
+
+    /*
+     * It's possible that the key was set first.  If the hash size changes,
+     * we need to adjust v1 (see SipHash_Init().
+     */
+
+    /* Start by adjusting the stored size, to make things easier */
+    ctx->hash_size = siphash_adjust_hash_size(ctx->hash_size);
+
+    /* Now, adjust ctx->v1 if the old and the new size differ */
+    if ((size_t)ctx->hash_size != hash_size) {
+        ctx->v1 ^= 0xee;
+        ctx->hash_size = hash_size;
+    }
+    return 1;
+}
+
+/* hash_size = crounds = drounds = 0 means SipHash24 with 16-byte output */
+int SipHash_Init(SIPHASH *ctx, const unsigned char *k, int crounds, int drounds)
+{
+    uint64_t k0 = U8TO64_LE(k);
+    uint64_t k1 = U8TO64_LE(k + 8);
+
+    /* If the hash size wasn't set, i.e. is zero */
+    ctx->hash_size = siphash_adjust_hash_size(ctx->hash_size);
+
+    if (drounds == 0)
+        drounds = SIPHASH_D_ROUNDS;
+    if (crounds == 0)
+        crounds = SIPHASH_C_ROUNDS;
+
+    ctx->crounds = crounds;
+    ctx->drounds = drounds;
+
+    ctx->len = 0;
+    ctx->total_inlen = 0;
+
+    ctx->v0 = 0x736f6d6570736575ULL ^ k0;
+    ctx->v1 = 0x646f72616e646f6dULL ^ k1;
+    ctx->v2 = 0x6c7967656e657261ULL ^ k0;
+    ctx->v3 = 0x7465646279746573ULL ^ k1;
+
+    if (ctx->hash_size == SIPHASH_MAX_DIGEST_SIZE)
+        ctx->v1 ^= 0xee;
+
+    return 1;
+}
+
+void SipHash_Update(SIPHASH *ctx, const unsigned char *in, size_t inlen)
+{
+    uint64_t m;
+    const uint8_t *end;
+    int left;
+    int i;
+    uint64_t v0 = ctx->v0;
+    uint64_t v1 = ctx->v1;
+    uint64_t v2 = ctx->v2;
+    uint64_t v3 = ctx->v3;
+
+    ctx->total_inlen += inlen;
+
+    if (ctx->len) {
+        /* deal with leavings */
+        size_t available = SIPHASH_BLOCK_SIZE - ctx->len;
+
+        /* not enough to fill leavings */
+        if (inlen < available) {
+            memcpy(&ctx->leavings[ctx->len], in, inlen);
+            ctx->len += inlen;
+            return;
+        }
+
+        /* copy data into leavings and reduce input */
+        memcpy(&ctx->leavings[ctx->len], in, available);
+        inlen -= available;
+        in += available;
+
+        /* process leavings */
+        m = U8TO64_LE(ctx->leavings);
+        v3 ^= m;
+        for (i = 0; i < ctx->crounds; ++i)
+            SIPROUND;
+        v0 ^= m;
+    }
+    left = inlen & (SIPHASH_BLOCK_SIZE-1); /* gets put into leavings */
+    end = in + inlen - left;
+
+    for (; in != end; in += 8) {
+        m = U8TO64_LE(in);
+        v3 ^= m;
+        for (i = 0; i < ctx->crounds; ++i)
+            SIPROUND;
+        v0 ^= m;
+    }
+
+    /* save leavings and other ctx */
+    if (left)
+        memcpy(ctx->leavings, end, left);
+    ctx->len = left;
+
+    ctx->v0 = v0;
+    ctx->v1 = v1;
+    ctx->v2 = v2;
+    ctx->v3 = v3;
+}
+
+int SipHash_Final(SIPHASH *ctx, unsigned char *out, size_t outlen)
+{
+    /* finalize hash */
+    int i;
+    uint64_t b = ctx->total_inlen << 56;
+    uint64_t v0 = ctx->v0;
+    uint64_t v1 = ctx->v1;
+    uint64_t v2 = ctx->v2;
+    uint64_t v3 = ctx->v3;
+
+    if (outlen != (size_t)ctx->hash_size)
+        return 0;
+
+    switch (ctx->len) {
+    case 7:
+        b |= ((uint64_t)ctx->leavings[6]) << 48;
+        /* fall thru */
+    case 6:
+        b |= ((uint64_t)ctx->leavings[5]) << 40;
+        /* fall thru */
+    case 5:
+        b |= ((uint64_t)ctx->leavings[4]) << 32;
+        /* fall thru */
+    case 4:
+        b |= ((uint64_t)ctx->leavings[3]) << 24;
+        /* fall thru */
+    case 3:
+        b |= ((uint64_t)ctx->leavings[2]) << 16;
+        /* fall thru */
+    case 2:
+        b |= ((uint64_t)ctx->leavings[1]) <<  8;
+        /* fall thru */
+    case 1:
+        b |= ((uint64_t)ctx->leavings[0]);
+    case 0:
+        break;
+    }
+
+    v3 ^= b;
+    for (i = 0; i < ctx->crounds; ++i)
+        SIPROUND;
+    v0 ^= b;
+    if (ctx->hash_size == SIPHASH_MAX_DIGEST_SIZE)
+        v2 ^= 0xee;
+    else
+        v2 ^= 0xff;
+    for (i = 0; i < ctx->drounds; ++i)
+        SIPROUND;
+    b = v0 ^ v1 ^ v2  ^ v3;
+    U64TO8_LE(out, b);
+    if (ctx->hash_size == SIPHASH_MIN_DIGEST_SIZE)
+        return 1;
+    v1 ^= 0xdd;
+    for (i = 0; i < ctx->drounds; ++i)
+        SIPROUND;
+    b = v0 ^ v1 ^ v2  ^ v3;
+    U64TO8_LE(out + 8, b);
+    return 1;
+}
diff --git a/deps/openssl/openssl/crypto/siphash/siphash_ameth.c b/deps/openssl/openssl/crypto/siphash/siphash_ameth.c
new file mode 100644
index 0000000000..c0ab7efae4
--- /dev/null
+++ b/deps/openssl/openssl/crypto/siphash/siphash_ameth.c
@@ -0,0 +1,123 @@
+/*
+ * Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include "internal/asn1_int.h"
+#include "internal/siphash.h"
+#include "siphash_local.h"
+#include "internal/evp_int.h"
+
+/*
+ * SIPHASH "ASN1" method. This is just here to indicate the maximum
+ * SIPHASH output length and to free up a SIPHASH key.
+ */
+
+static int siphash_size(const EVP_PKEY *pkey)
+{
+    return SIPHASH_MAX_DIGEST_SIZE;
+}
+
+static void siphash_key_free(EVP_PKEY *pkey)
+{
+    ASN1_OCTET_STRING *os = EVP_PKEY_get0(pkey);
+
+    if (os != NULL) {
+        if (os->data != NULL)
+            OPENSSL_cleanse(os->data, os->length);
+        ASN1_OCTET_STRING_free(os);
+    }
+}
+
+static int siphash_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
+{
+    /* nothing (including ASN1_PKEY_CTRL_DEFAULT_MD_NID), is supported */
+    return -2;
+}
+
+static int siphash_pkey_public_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+    return ASN1_OCTET_STRING_cmp(EVP_PKEY_get0(a), EVP_PKEY_get0(b));
+}
+
+static int siphash_set_priv_key(EVP_PKEY *pkey, const unsigned char *priv,
+                                size_t len)
+{
+    ASN1_OCTET_STRING *os;
+
+    if (pkey->pkey.ptr != NULL || len != SIPHASH_KEY_SIZE)
+        return 0;
+
+    os = ASN1_OCTET_STRING_new();
+    if (os == NULL)
+        return 0;
+
+    if (!ASN1_OCTET_STRING_set(os, priv, len)) {
+        ASN1_OCTET_STRING_free(os);
+        return 0;
+    }
+
+    pkey->pkey.ptr = os;
+    return 1;
+}
+
+static int siphash_get_priv_key(const EVP_PKEY *pkey, unsigned char *priv,
+                                size_t *len)
+{
+    ASN1_OCTET_STRING *os = (ASN1_OCTET_STRING *)pkey->pkey.ptr;
+
+    if (priv == NULL) {
+        *len = SIPHASH_KEY_SIZE;
+        return 1;
+    }
+
+    if (os == NULL || *len < SIPHASH_KEY_SIZE)
+        return 0;
+
+    memcpy(priv, ASN1_STRING_get0_data(os), ASN1_STRING_length(os));
+    *len = SIPHASH_KEY_SIZE;
+
+    return 1;
+}
+
+const EVP_PKEY_ASN1_METHOD siphash_asn1_meth = {
+    EVP_PKEY_SIPHASH,
+    EVP_PKEY_SIPHASH,
+    0,
+
+    "SIPHASH",
+    "OpenSSL SIPHASH method",
+
+    0, 0, siphash_pkey_public_cmp, 0,
+
+    0, 0, 0,
+
+    siphash_size,
+    0, 0,
+    0, 0, 0, 0, 0, 0, 0,
+
+    siphash_key_free,
+    siphash_pkey_ctrl,
+    NULL,
+    NULL,
+
+    NULL,
+    NULL,
+    NULL,
+
+    NULL,
+    NULL,
+    NULL,
+
+    siphash_set_priv_key,
+    NULL,
+    siphash_get_priv_key,
+    NULL,
+};
diff --git a/deps/openssl/openssl/crypto/siphash/siphash_local.h b/deps/openssl/openssl/crypto/siphash/siphash_local.h
new file mode 100644
index 0000000000..5ad3476463
--- /dev/null
+++ b/deps/openssl/openssl/crypto/siphash/siphash_local.h
@@ -0,0 +1,23 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Based on https://131002.net/siphash C reference implementation */
+
+struct siphash_st {
+    uint64_t total_inlen;
+    uint64_t v0;
+    uint64_t v1;
+    uint64_t v2;
+    uint64_t v3;
+    unsigned int len;
+    int hash_size;
+    int crounds;
+    int drounds;
+    unsigned char leavings[SIPHASH_BLOCK_SIZE];
+};
diff --git a/deps/openssl/openssl/crypto/siphash/siphash_pmeth.c b/deps/openssl/openssl/crypto/siphash/siphash_pmeth.c
new file mode 100644
index 0000000000..66e552fec5
--- /dev/null
+++ b/deps/openssl/openssl/crypto/siphash/siphash_pmeth.c
@@ -0,0 +1,205 @@
+/*
+ * Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include "internal/siphash.h"
+#include "siphash_local.h"
+#include "internal/evp_int.h"
+
+/* SIPHASH pkey context structure */
+
+typedef struct siphash_pkey_ctx_st {
+    ASN1_OCTET_STRING ktmp;     /* Temp storage for key */
+    SIPHASH ctx;
+} SIPHASH_PKEY_CTX;
+
+static int pkey_siphash_init(EVP_PKEY_CTX *ctx)
+{
+    SIPHASH_PKEY_CTX *pctx;
+
+    if ((pctx = OPENSSL_zalloc(sizeof(*pctx))) == NULL) {
+        CRYPTOerr(CRYPTO_F_PKEY_SIPHASH_INIT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    pctx->ktmp.type = V_ASN1_OCTET_STRING;
+
+    EVP_PKEY_CTX_set_data(ctx, pctx);
+    EVP_PKEY_CTX_set0_keygen_info(ctx, NULL, 0);
+    return 1;
+}
+
+static void pkey_siphash_cleanup(EVP_PKEY_CTX *ctx)
+{
+    SIPHASH_PKEY_CTX *pctx = EVP_PKEY_CTX_get_data(ctx);
+
+    if (pctx != NULL) {
+        OPENSSL_clear_free(pctx->ktmp.data, pctx->ktmp.length);
+        OPENSSL_clear_free(pctx, sizeof(*pctx));
+        EVP_PKEY_CTX_set_data(ctx, NULL);
+    }
+}
+
+static int pkey_siphash_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
+{
+    SIPHASH_PKEY_CTX *sctx, *dctx;
+
+    /* allocate memory for dst->data and a new SIPHASH_CTX in dst->data->ctx */
+    if (!pkey_siphash_init(dst))
+        return 0;
+    sctx = EVP_PKEY_CTX_get_data(src);
+    dctx = EVP_PKEY_CTX_get_data(dst);
+    if (ASN1_STRING_get0_data(&sctx->ktmp) != NULL &&
+        !ASN1_STRING_copy(&dctx->ktmp, &sctx->ktmp)) {
+        /* cleanup and free the SIPHASH_PKEY_CTX in dst->data */
+        pkey_siphash_cleanup(dst);
+        return 0;
+    }
+    memcpy(&dctx->ctx, &sctx->ctx, sizeof(SIPHASH));
+    return 1;
+}
+
+static int pkey_siphash_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+    ASN1_OCTET_STRING *key;
+    SIPHASH_PKEY_CTX *pctx = EVP_PKEY_CTX_get_data(ctx);
+
+    if (ASN1_STRING_get0_data(&pctx->ktmp) == NULL)
+        return 0;
+    key = ASN1_OCTET_STRING_dup(&pctx->ktmp);
+    if (key == NULL)
+        return 0;
+    return EVP_PKEY_assign_SIPHASH(pkey, key);
+}
+
+static int int_update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    SIPHASH_PKEY_CTX *pctx = EVP_PKEY_CTX_get_data(EVP_MD_CTX_pkey_ctx(ctx));
+
+    SipHash_Update(&pctx->ctx, data, count);
+    return 1;
+}
+
+static int siphash_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
+{
+    SIPHASH_PKEY_CTX *pctx = EVP_PKEY_CTX_get_data(ctx);
+    const unsigned char* key;
+    size_t len;
+
+    key = EVP_PKEY_get0_siphash(EVP_PKEY_CTX_get0_pkey(ctx), &len);
+    if (key == NULL || len != SIPHASH_KEY_SIZE)
+        return 0;
+    EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT);
+    EVP_MD_CTX_set_update_fn(mctx, int_update);
+    return SipHash_Init(&pctx->ctx, key, 0, 0);
+}
+static int siphash_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+                            EVP_MD_CTX *mctx)
+{
+    SIPHASH_PKEY_CTX *pctx = ctx->data;
+
+    *siglen = SipHash_hash_size(&pctx->ctx);
+    if (sig != NULL)
+        return SipHash_Final(&pctx->ctx, sig, *siglen);
+    return 1;
+}
+
+static int pkey_siphash_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+    SIPHASH_PKEY_CTX *pctx = EVP_PKEY_CTX_get_data(ctx);
+    const unsigned char *key;
+    size_t len;
+
+    switch (type) {
+
+    case EVP_PKEY_CTRL_MD:
+        /* ignore */
+        break;
+
+    case EVP_PKEY_CTRL_SET_DIGEST_SIZE:
+        return SipHash_set_hash_size(&pctx->ctx, p1);
+
+    case EVP_PKEY_CTRL_SET_MAC_KEY:
+    case EVP_PKEY_CTRL_DIGESTINIT:
+        if (type == EVP_PKEY_CTRL_SET_MAC_KEY) {
+            /* user explicitly setting the key */
+            key = p2;
+            len = p1;
+        } else {
+            /* user indirectly setting the key via EVP_DigestSignInit */
+            key = EVP_PKEY_get0_siphash(EVP_PKEY_CTX_get0_pkey(ctx), &len);
+        }
+        if (key == NULL || len != SIPHASH_KEY_SIZE ||
+            !ASN1_OCTET_STRING_set(&pctx->ktmp, key, len))
+            return 0;
+        /* use default rounds (2,4) */
+        return SipHash_Init(&pctx->ctx, ASN1_STRING_get0_data(&pctx->ktmp),
+                            0, 0);
+
+    default:
+        return -2;
+
+    }
+    return 1;
+}
+
+static int pkey_siphash_ctrl_str(EVP_PKEY_CTX *ctx,
+                                  const char *type, const char *value)
+{
+    if (value == NULL)
+        return 0;
+    if (strcmp(type, "digestsize") == 0) {
+        size_t hash_size = atoi(value);
+
+        return pkey_siphash_ctrl(ctx, EVP_PKEY_CTRL_SET_DIGEST_SIZE, hash_size,
+                                 NULL);
+    }
+    if (strcmp(type, "key") == 0)
+        return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, value);
+    if (strcmp(type, "hexkey") == 0)
+        return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, value);
+    return -2;
+}
+
+const EVP_PKEY_METHOD siphash_pkey_meth = {
+    EVP_PKEY_SIPHASH,
+    EVP_PKEY_FLAG_SIGCTX_CUSTOM, /* we don't deal with a separate MD */
+    pkey_siphash_init,
+    pkey_siphash_copy,
+    pkey_siphash_cleanup,
+
+    0, 0,
+
+    0,
+    pkey_siphash_keygen,
+
+    0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    siphash_signctx_init,
+    siphash_signctx,
+
+    0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    pkey_siphash_ctrl,
+    pkey_siphash_ctrl_str
+};
diff --git a/deps/openssl/openssl/crypto/sm2/build.info b/deps/openssl/openssl/crypto/sm2/build.info
new file mode 100644
index 0000000000..be76d96d31
--- /dev/null
+++ b/deps/openssl/openssl/crypto/sm2/build.info
@@ -0,0 +1,5 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        sm2_sign.c sm2_crypt.c sm2_err.c sm2_pmeth.c
+
+
diff --git a/deps/openssl/openssl/crypto/sm2/sm2_crypt.c b/deps/openssl/openssl/crypto/sm2/sm2_crypt.c
new file mode 100644
index 0000000000..4389fc731e
--- /dev/null
+++ b/deps/openssl/openssl/crypto/sm2/sm2_crypt.c
@@ -0,0 +1,393 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 Ribose Inc. All Rights Reserved.
+ * Ported from Ribose contributions from Botan.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/sm2.h"
+#include "internal/sm2err.h"
+#include "internal/ec_int.h" /* ecdh_KDF_X9_63() */
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <string.h>
+
+typedef struct SM2_Ciphertext_st SM2_Ciphertext;
+DECLARE_ASN1_FUNCTIONS(SM2_Ciphertext)
+
+struct SM2_Ciphertext_st {
+    BIGNUM *C1x;
+    BIGNUM *C1y;
+    ASN1_OCTET_STRING *C3;
+    ASN1_OCTET_STRING *C2;
+};
+
+ASN1_SEQUENCE(SM2_Ciphertext) = {
+    ASN1_SIMPLE(SM2_Ciphertext, C1x, BIGNUM),
+    ASN1_SIMPLE(SM2_Ciphertext, C1y, BIGNUM),
+    ASN1_SIMPLE(SM2_Ciphertext, C3, ASN1_OCTET_STRING),
+    ASN1_SIMPLE(SM2_Ciphertext, C2, ASN1_OCTET_STRING),
+} ASN1_SEQUENCE_END(SM2_Ciphertext)
+
+IMPLEMENT_ASN1_FUNCTIONS(SM2_Ciphertext)
+
+static size_t ec_field_size(const EC_GROUP *group)
+{
+    /* Is there some simpler way to do this? */
+    BIGNUM *p = BN_new();
+    BIGNUM *a = BN_new();
+    BIGNUM *b = BN_new();
+    size_t field_size = 0;
+
+    if (p == NULL || a == NULL || b == NULL)
+       goto done;
+
+    if (!EC_GROUP_get_curve(group, p, a, b, NULL))
+        goto done;
+    field_size = (BN_num_bits(p) + 7) / 8;
+
+ done:
+    BN_free(p);
+    BN_free(a);
+    BN_free(b);
+
+    return field_size;
+}
+
+int sm2_plaintext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len,
+                       size_t *pt_size)
+{
+    const size_t field_size = ec_field_size(EC_KEY_get0_group(key));
+    const int md_size = EVP_MD_size(digest);
+    size_t overhead;
+
+    if (md_size < 0) {
+        SM2err(SM2_F_SM2_PLAINTEXT_SIZE, SM2_R_INVALID_DIGEST);
+        return 0;
+    }
+    if (field_size == 0) {
+        SM2err(SM2_F_SM2_PLAINTEXT_SIZE, SM2_R_INVALID_FIELD);
+        return 0;
+    }
+
+    overhead = 10 + 2 * field_size + (size_t)md_size;
+    if (msg_len <= overhead) {
+        SM2err(SM2_F_SM2_PLAINTEXT_SIZE, SM2_R_INVALID_ENCODING);
+        return 0;
+    }
+
+    *pt_size = msg_len - overhead;
+    return 1;
+}
+
+int sm2_ciphertext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len,
+                        size_t *ct_size)
+{
+    const size_t field_size = ec_field_size(EC_KEY_get0_group(key));
+    const int md_size = EVP_MD_size(digest);
+    size_t sz;
+
+    if (field_size == 0 || md_size < 0)
+        return 0;
+
+    /* Integer and string are simple type; set constructed = 0, means primitive and definite length encoding. */
+    sz = 2 * ASN1_object_size(0, field_size + 1, V_ASN1_INTEGER)
+         + ASN1_object_size(0, md_size, V_ASN1_OCTET_STRING)
+         + ASN1_object_size(0, msg_len, V_ASN1_OCTET_STRING);
+    /* Sequence is structured type; set constructed = 1, means constructed and definite length encoding. */
+    *ct_size = ASN1_object_size(1, sz, V_ASN1_SEQUENCE);
+
+    return 1;
+}
+
+int sm2_encrypt(const EC_KEY *key,
+                const EVP_MD *digest,
+                const uint8_t *msg,
+                size_t msg_len, uint8_t *ciphertext_buf, size_t *ciphertext_len)
+{
+    int rc = 0, ciphertext_leni;
+    size_t i;
+    BN_CTX *ctx = NULL;
+    BIGNUM *k = NULL;
+    BIGNUM *x1 = NULL;
+    BIGNUM *y1 = NULL;
+    BIGNUM *x2 = NULL;
+    BIGNUM *y2 = NULL;
+    EVP_MD_CTX *hash = EVP_MD_CTX_new();
+    struct SM2_Ciphertext_st ctext_struct;
+    const EC_GROUP *group = EC_KEY_get0_group(key);
+    const BIGNUM *order = EC_GROUP_get0_order(group);
+    const EC_POINT *P = EC_KEY_get0_public_key(key);
+    EC_POINT *kG = NULL;
+    EC_POINT *kP = NULL;
+    uint8_t *msg_mask = NULL;
+    uint8_t *x2y2 = NULL;
+    uint8_t *C3 = NULL;
+    size_t field_size;
+    const int C3_size = EVP_MD_size(digest);
+
+    /* NULL these before any "goto done" */
+    ctext_struct.C2 = NULL;
+    ctext_struct.C3 = NULL;
+
+    if (hash == NULL || C3_size <= 0) {
+        SM2err(SM2_F_SM2_ENCRYPT, ERR_R_INTERNAL_ERROR);
+        goto done;
+    }
+
+    field_size = ec_field_size(group);
+    if (field_size == 0) {
+        SM2err(SM2_F_SM2_ENCRYPT, ERR_R_INTERNAL_ERROR);
+        goto done;
+    }
+
+    kG = EC_POINT_new(group);
+    kP = EC_POINT_new(group);
+    ctx = BN_CTX_new();
+    if (kG == NULL || kP == NULL || ctx == NULL) {
+        SM2err(SM2_F_SM2_ENCRYPT, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    BN_CTX_start(ctx);
+    k = BN_CTX_get(ctx);
+    x1 = BN_CTX_get(ctx);
+    x2 = BN_CTX_get(ctx);
+    y1 = BN_CTX_get(ctx);
+    y2 = BN_CTX_get(ctx);
+
+    if (y2 == NULL) {
+        SM2err(SM2_F_SM2_ENCRYPT, ERR_R_BN_LIB);
+        goto done;
+    }
+
+    x2y2 = OPENSSL_zalloc(2 * field_size);
+    C3 = OPENSSL_zalloc(C3_size);
+
+    if (x2y2 == NULL || C3 == NULL) {
+        SM2err(SM2_F_SM2_ENCRYPT, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    memset(ciphertext_buf, 0, *ciphertext_len);
+
+    if (!BN_priv_rand_range(k, order)) {
+        SM2err(SM2_F_SM2_ENCRYPT, ERR_R_INTERNAL_ERROR);
+        goto done;
+    }
+
+    if (!EC_POINT_mul(group, kG, k, NULL, NULL, ctx)
+            || !EC_POINT_get_affine_coordinates(group, kG, x1, y1, ctx)
+            || !EC_POINT_mul(group, kP, NULL, P, k, ctx)
+            || !EC_POINT_get_affine_coordinates(group, kP, x2, y2, ctx)) {
+        SM2err(SM2_F_SM2_ENCRYPT, ERR_R_EC_LIB);
+        goto done;
+    }
+
+    if (BN_bn2binpad(x2, x2y2, field_size) < 0
+            || BN_bn2binpad(y2, x2y2 + field_size, field_size) < 0) {
+        SM2err(SM2_F_SM2_ENCRYPT, ERR_R_INTERNAL_ERROR);
+        goto done;
+    }
+
+    msg_mask = OPENSSL_zalloc(msg_len);
+    if (msg_mask == NULL) {
+       SM2err(SM2_F_SM2_ENCRYPT, ERR_R_MALLOC_FAILURE);
+       goto done;
+   }
+
+    /* X9.63 with no salt happens to match the KDF used in SM2 */
+    if (!ecdh_KDF_X9_63(msg_mask, msg_len, x2y2, 2 * field_size, NULL, 0,
+                        digest)) {
+        SM2err(SM2_F_SM2_ENCRYPT, ERR_R_EVP_LIB);
+        goto done;
+    }
+
+    for (i = 0; i != msg_len; ++i)
+        msg_mask[i] ^= msg[i];
+
+    if (EVP_DigestInit(hash, digest) == 0
+            || EVP_DigestUpdate(hash, x2y2, field_size) == 0
+            || EVP_DigestUpdate(hash, msg, msg_len) == 0
+            || EVP_DigestUpdate(hash, x2y2 + field_size, field_size) == 0
+            || EVP_DigestFinal(hash, C3, NULL) == 0) {
+        SM2err(SM2_F_SM2_ENCRYPT, ERR_R_EVP_LIB);
+        goto done;
+    }
+
+    ctext_struct.C1x = x1;
+    ctext_struct.C1y = y1;
+    ctext_struct.C3 = ASN1_OCTET_STRING_new();
+    ctext_struct.C2 = ASN1_OCTET_STRING_new();
+
+    if (ctext_struct.C3 == NULL || ctext_struct.C2 == NULL) {
+       SM2err(SM2_F_SM2_ENCRYPT, ERR_R_MALLOC_FAILURE);
+       goto done;
+    }
+    if (!ASN1_OCTET_STRING_set(ctext_struct.C3, C3, C3_size)
+            || !ASN1_OCTET_STRING_set(ctext_struct.C2, msg_mask, msg_len)) {
+        SM2err(SM2_F_SM2_ENCRYPT, ERR_R_INTERNAL_ERROR);
+        goto done;
+    }
+
+    ciphertext_leni = i2d_SM2_Ciphertext(&ctext_struct, &ciphertext_buf);
+    /* Ensure cast to size_t is safe */
+    if (ciphertext_leni < 0) {
+        SM2err(SM2_F_SM2_ENCRYPT, ERR_R_INTERNAL_ERROR);
+        goto done;
+    }
+    *ciphertext_len = (size_t)ciphertext_leni;
+
+    rc = 1;
+
+ done:
+    ASN1_OCTET_STRING_free(ctext_struct.C2);
+    ASN1_OCTET_STRING_free(ctext_struct.C3);
+    OPENSSL_free(msg_mask);
+    OPENSSL_free(x2y2);
+    OPENSSL_free(C3);
+    EVP_MD_CTX_free(hash);
+    BN_CTX_free(ctx);
+    EC_POINT_free(kG);
+    EC_POINT_free(kP);
+    return rc;
+}
+
+int sm2_decrypt(const EC_KEY *key,
+                const EVP_MD *digest,
+                const uint8_t *ciphertext,
+                size_t ciphertext_len, uint8_t *ptext_buf, size_t *ptext_len)
+{
+    int rc = 0;
+    int i;
+    BN_CTX *ctx = NULL;
+    const EC_GROUP *group = EC_KEY_get0_group(key);
+    EC_POINT *C1 = NULL;
+    struct SM2_Ciphertext_st *sm2_ctext = NULL;
+    BIGNUM *x2 = NULL;
+    BIGNUM *y2 = NULL;
+    uint8_t *x2y2 = NULL;
+    uint8_t *computed_C3 = NULL;
+    const size_t field_size = ec_field_size(group);
+    const int hash_size = EVP_MD_size(digest);
+    uint8_t *msg_mask = NULL;
+    const uint8_t *C2 = NULL;
+    const uint8_t *C3 = NULL;
+    int msg_len = 0;
+    EVP_MD_CTX *hash = NULL;
+
+    if (field_size == 0 || hash_size <= 0)
+       goto done;
+
+    memset(ptext_buf, 0xFF, *ptext_len);
+
+    sm2_ctext = d2i_SM2_Ciphertext(NULL, &ciphertext, ciphertext_len);
+
+    if (sm2_ctext == NULL) {
+        SM2err(SM2_F_SM2_DECRYPT, SM2_R_ASN1_ERROR);
+        goto done;
+    }
+
+    if (sm2_ctext->C3->length != hash_size) {
+        SM2err(SM2_F_SM2_DECRYPT, SM2_R_INVALID_ENCODING);
+        goto done;
+    }
+
+    C2 = sm2_ctext->C2->data;
+    C3 = sm2_ctext->C3->data;
+    msg_len = sm2_ctext->C2->length;
+
+    ctx = BN_CTX_new();
+    if (ctx == NULL) {
+        SM2err(SM2_F_SM2_DECRYPT, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    BN_CTX_start(ctx);
+    x2 = BN_CTX_get(ctx);
+    y2 = BN_CTX_get(ctx);
+
+    if (y2 == NULL) {
+        SM2err(SM2_F_SM2_DECRYPT, ERR_R_BN_LIB);
+        goto done;
+    }
+
+    msg_mask = OPENSSL_zalloc(msg_len);
+    x2y2 = OPENSSL_zalloc(2 * field_size);
+    computed_C3 = OPENSSL_zalloc(hash_size);
+
+    if (msg_mask == NULL || x2y2 == NULL || computed_C3 == NULL) {
+        SM2err(SM2_F_SM2_DECRYPT, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    C1 = EC_POINT_new(group);
+    if (C1 == NULL) {
+        SM2err(SM2_F_SM2_DECRYPT, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    if (!EC_POINT_set_affine_coordinates(group, C1, sm2_ctext->C1x,
+                                         sm2_ctext->C1y, ctx)
+            || !EC_POINT_mul(group, C1, NULL, C1, EC_KEY_get0_private_key(key),
+                             ctx)
+            || !EC_POINT_get_affine_coordinates(group, C1, x2, y2, ctx)) {
+        SM2err(SM2_F_SM2_DECRYPT, ERR_R_EC_LIB);
+        goto done;
+    }
+
+    if (BN_bn2binpad(x2, x2y2, field_size) < 0
+            || BN_bn2binpad(y2, x2y2 + field_size, field_size) < 0
+            || !ecdh_KDF_X9_63(msg_mask, msg_len, x2y2, 2 * field_size, NULL, 0,
+                               digest)) {
+        SM2err(SM2_F_SM2_DECRYPT, ERR_R_INTERNAL_ERROR);
+        goto done;
+    }
+
+    for (i = 0; i != msg_len; ++i)
+        ptext_buf[i] = C2[i] ^ msg_mask[i];
+
+    hash = EVP_MD_CTX_new();
+    if (hash == NULL) {
+        SM2err(SM2_F_SM2_DECRYPT, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    if (!EVP_DigestInit(hash, digest)
+            || !EVP_DigestUpdate(hash, x2y2, field_size)
+            || !EVP_DigestUpdate(hash, ptext_buf, msg_len)
+            || !EVP_DigestUpdate(hash, x2y2 + field_size, field_size)
+            || !EVP_DigestFinal(hash, computed_C3, NULL)) {
+        SM2err(SM2_F_SM2_DECRYPT, ERR_R_EVP_LIB);
+        goto done;
+    }
+
+    if (CRYPTO_memcmp(computed_C3, C3, hash_size) != 0) {
+        SM2err(SM2_F_SM2_DECRYPT, SM2_R_INVALID_DIGEST);
+        goto done;
+    }
+
+    rc = 1;
+    *ptext_len = msg_len;
+
+ done:
+    if (rc == 0)
+        memset(ptext_buf, 0, *ptext_len);
+
+    OPENSSL_free(msg_mask);
+    OPENSSL_free(x2y2);
+    OPENSSL_free(computed_C3);
+    EC_POINT_free(C1);
+    BN_CTX_free(ctx);
+    SM2_Ciphertext_free(sm2_ctext);
+    EVP_MD_CTX_free(hash);
+
+    return rc;
+}
diff --git a/deps/openssl/openssl/crypto/sm2/sm2_err.c b/deps/openssl/openssl/crypto/sm2/sm2_err.c
new file mode 100644
index 0000000000..653c6797f8
--- /dev/null
+++ b/deps/openssl/openssl/crypto/sm2/sm2_err.c
@@ -0,0 +1,69 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include "internal/sm2err.h"
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA SM2_str_functs[] = {
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_COPY, 0), "pkey_sm2_copy"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_CTRL, 0), "pkey_sm2_ctrl"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_CTRL_STR, 0), "pkey_sm2_ctrl_str"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_DIGEST_CUSTOM, 0),
+     "pkey_sm2_digest_custom"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_INIT, 0), "pkey_sm2_init"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_SIGN, 0), "pkey_sm2_sign"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_COMPUTE_MSG_HASH, 0),
+     "sm2_compute_msg_hash"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_COMPUTE_USERID_DIGEST, 0),
+     "sm2_compute_userid_digest"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_COMPUTE_Z_DIGEST, 0),
+     "sm2_compute_z_digest"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_DECRYPT, 0), "sm2_decrypt"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_ENCRYPT, 0), "sm2_encrypt"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_PLAINTEXT_SIZE, 0), "sm2_plaintext_size"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_SIGN, 0), "sm2_sign"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_SIG_GEN, 0), "sm2_sig_gen"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_SIG_VERIFY, 0), "sm2_sig_verify"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_VERIFY, 0), "sm2_verify"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA SM2_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_ASN1_ERROR), "asn1 error"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_BAD_SIGNATURE), "bad signature"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_BUFFER_TOO_SMALL), "buffer too small"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_DIST_ID_TOO_LARGE), "dist id too large"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_ID_NOT_SET), "id not set"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_ID_TOO_LARGE), "id too large"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_CURVE), "invalid curve"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_DIGEST), "invalid digest"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_DIGEST_TYPE),
+    "invalid digest type"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_ENCODING), "invalid encoding"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_FIELD), "invalid field"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_NO_PARAMETERS_SET), "no parameters set"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_USER_ID_TOO_LARGE), "user id too large"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_SM2_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(SM2_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(SM2_str_functs);
+        ERR_load_strings_const(SM2_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/deps/openssl/openssl/crypto/sm2/sm2_pmeth.c b/deps/openssl/openssl/crypto/sm2/sm2_pmeth.c
new file mode 100644
index 0000000000..d187699cc4
--- /dev/null
+++ b/deps/openssl/openssl/crypto/sm2/sm2_pmeth.c
@@ -0,0 +1,325 @@
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/ec.h>
+#include <openssl/evp.h>
+#include "internal/evp_int.h"
+#include "internal/sm2.h"
+#include "internal/sm2err.h"
+
+/* EC pkey context structure */
+
+typedef struct {
+    /* Key and paramgen group */
+    EC_GROUP *gen_group;
+    /* message digest */
+    const EVP_MD *md;
+    /* Distinguishing Identifier, ISO/IEC 15946-3 */
+    uint8_t *id;
+    size_t id_len;
+    /* id_set indicates if the 'id' field is set (1) or not (0) */
+    int id_set;
+} SM2_PKEY_CTX;
+
+static int pkey_sm2_init(EVP_PKEY_CTX *ctx)
+{
+    SM2_PKEY_CTX *smctx;
+
+    if ((smctx = OPENSSL_zalloc(sizeof(*smctx))) == NULL) {
+        SM2err(SM2_F_PKEY_SM2_INIT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    ctx->data = smctx;
+    return 1;
+}
+
+static void pkey_sm2_cleanup(EVP_PKEY_CTX *ctx)
+{
+    SM2_PKEY_CTX *smctx = ctx->data;
+
+    if (smctx != NULL) {
+        EC_GROUP_free(smctx->gen_group);
+        OPENSSL_free(smctx->id);
+        OPENSSL_free(smctx);
+        ctx->data = NULL;
+    }
+}
+
+static int pkey_sm2_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
+{
+    SM2_PKEY_CTX *dctx, *sctx;
+
+    if (!pkey_sm2_init(dst))
+        return 0;
+    sctx = src->data;
+    dctx = dst->data;
+    if (sctx->gen_group != NULL) {
+        dctx->gen_group = EC_GROUP_dup(sctx->gen_group);
+        if (dctx->gen_group == NULL) {
+            pkey_sm2_cleanup(dst);
+            return 0;
+        }
+    }
+    if (sctx->id != NULL) {
+        dctx->id = OPENSSL_malloc(sctx->id_len);
+        if (dctx->id == NULL) {
+            SM2err(SM2_F_PKEY_SM2_COPY, ERR_R_MALLOC_FAILURE);
+            pkey_sm2_cleanup(dst);
+            return 0;
+        }
+        memcpy(dctx->id, sctx->id, sctx->id_len);
+    }
+    dctx->id_len = sctx->id_len;
+    dctx->id_set = sctx->id_set;
+    dctx->md = sctx->md;
+
+    return 1;
+}
+
+static int pkey_sm2_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+                         const unsigned char *tbs, size_t tbslen)
+{
+    int ret;
+    unsigned int sltmp;
+    EC_KEY *ec = ctx->pkey->pkey.ec;
+    const int sig_sz = ECDSA_size(ctx->pkey->pkey.ec);
+
+    if (sig_sz <= 0) {
+        return 0;
+    }
+
+    if (sig == NULL) {
+        *siglen = (size_t)sig_sz;
+        return 1;
+    }
+
+    if (*siglen < (size_t)sig_sz) {
+        SM2err(SM2_F_PKEY_SM2_SIGN, SM2_R_BUFFER_TOO_SMALL);
+        return 0;
+    }
+
+    ret = sm2_sign(tbs, tbslen, sig, &sltmp, ec);
+
+    if (ret <= 0)
+        return ret;
+    *siglen = (size_t)sltmp;
+    return 1;
+}
+
+static int pkey_sm2_verify(EVP_PKEY_CTX *ctx,
+                           const unsigned char *sig, size_t siglen,
+                           const unsigned char *tbs, size_t tbslen)
+{
+    EC_KEY *ec = ctx->pkey->pkey.ec;
+
+    return sm2_verify(tbs, tbslen, sig, siglen, ec);
+}
+
+static int pkey_sm2_encrypt(EVP_PKEY_CTX *ctx,
+                            unsigned char *out, size_t *outlen,
+                            const unsigned char *in, size_t inlen)
+{
+    EC_KEY *ec = ctx->pkey->pkey.ec;
+    SM2_PKEY_CTX *dctx = ctx->data;
+    const EVP_MD *md = (dctx->md == NULL) ? EVP_sm3() : dctx->md;
+
+    if (out == NULL) {
+        if (!sm2_ciphertext_size(ec, md, inlen, outlen))
+            return -1;
+        else
+            return 1;
+    }
+
+    return sm2_encrypt(ec, md, in, inlen, out, outlen);
+}
+
+static int pkey_sm2_decrypt(EVP_PKEY_CTX *ctx,
+                            unsigned char *out, size_t *outlen,
+                            const unsigned char *in, size_t inlen)
+{
+    EC_KEY *ec = ctx->pkey->pkey.ec;
+    SM2_PKEY_CTX *dctx = ctx->data;
+    const EVP_MD *md = (dctx->md == NULL) ? EVP_sm3() : dctx->md;
+
+    if (out == NULL) {
+        if (!sm2_plaintext_size(ec, md, inlen, outlen))
+            return -1;
+        else
+            return 1;
+    }
+
+    return sm2_decrypt(ec, md, in, inlen, out, outlen);
+}
+
+static int pkey_sm2_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+    SM2_PKEY_CTX *smctx = ctx->data;
+    EC_GROUP *group;
+    uint8_t *tmp_id;
+
+    switch (type) {
+    case EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID:
+        group = EC_GROUP_new_by_curve_name(p1);
+        if (group == NULL) {
+            SM2err(SM2_F_PKEY_SM2_CTRL, SM2_R_INVALID_CURVE);
+            return 0;
+        }
+        EC_GROUP_free(smctx->gen_group);
+        smctx->gen_group = group;
+        return 1;
+
+    case EVP_PKEY_CTRL_EC_PARAM_ENC:
+        if (smctx->gen_group == NULL) {
+            SM2err(SM2_F_PKEY_SM2_CTRL, SM2_R_NO_PARAMETERS_SET);
+            return 0;
+        }
+        EC_GROUP_set_asn1_flag(smctx->gen_group, p1);
+        return 1;
+
+    case EVP_PKEY_CTRL_MD:
+        smctx->md = p2;
+        return 1;
+
+    case EVP_PKEY_CTRL_GET_MD:
+        *(const EVP_MD **)p2 = smctx->md;
+        return 1;
+
+    case EVP_PKEY_CTRL_SET1_ID:
+        if (p1 > 0) {
+            tmp_id = OPENSSL_malloc(p1);
+            if (tmp_id == NULL) {
+                SM2err(SM2_F_PKEY_SM2_CTRL, ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+            memcpy(tmp_id, p2, p1);
+            OPENSSL_free(smctx->id);
+            smctx->id = tmp_id;
+        } else {
+            /* set null-ID */
+            OPENSSL_free(smctx->id);
+            smctx->id = NULL;
+        }
+        smctx->id_len = (size_t)p1;
+        smctx->id_set = 1;
+        return 1;
+
+    case EVP_PKEY_CTRL_GET1_ID:
+        memcpy(p2, smctx->id, smctx->id_len);
+        return 1;
+
+    case EVP_PKEY_CTRL_GET1_ID_LEN:
+        *(size_t *)p2 = smctx->id_len;
+        return 1;
+
+    default:
+        return -2;
+    }
+}
+
+static int pkey_sm2_ctrl_str(EVP_PKEY_CTX *ctx,
+                             const char *type, const char *value)
+{
+    if (strcmp(type, "ec_paramgen_curve") == 0) {
+        int nid = NID_undef;
+
+        if (((nid = EC_curve_nist2nid(value)) == NID_undef)
+            && ((nid = OBJ_sn2nid(value)) == NID_undef)
+            && ((nid = OBJ_ln2nid(value)) == NID_undef)) {
+            SM2err(SM2_F_PKEY_SM2_CTRL_STR, SM2_R_INVALID_CURVE);
+            return 0;
+        }
+        return EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid);
+    } else if (strcmp(type, "ec_param_enc") == 0) {
+        int param_enc;
+
+        if (strcmp(value, "explicit") == 0)
+            param_enc = 0;
+        else if (strcmp(value, "named_curve") == 0)
+            param_enc = OPENSSL_EC_NAMED_CURVE;
+        else
+            return -2;
+        return EVP_PKEY_CTX_set_ec_param_enc(ctx, param_enc);
+    }
+
+    return -2;
+}
+
+static int pkey_sm2_digest_custom(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
+{
+    uint8_t z[EVP_MAX_MD_SIZE];
+    SM2_PKEY_CTX *smctx = ctx->data;
+    EC_KEY *ec = ctx->pkey->pkey.ec;
+    const EVP_MD *md = EVP_MD_CTX_md(mctx);
+    int mdlen = EVP_MD_size(md);
+
+    if (!smctx->id_set) {
+        /*
+         * An ID value must be set. The specifications are not clear whether a
+         * NULL is allowed. We only allow it if set explicitly for maximum
+         * flexibility.
+         */
+        SM2err(SM2_F_PKEY_SM2_DIGEST_CUSTOM, SM2_R_ID_NOT_SET);
+        return 0;
+    }
+
+    if (mdlen < 0) {
+        SM2err(SM2_F_PKEY_SM2_DIGEST_CUSTOM, SM2_R_INVALID_DIGEST);
+        return 0;
+    }
+
+    /* get hashed prefix 'z' of tbs message */
+    if (!sm2_compute_z_digest(z, md, smctx->id, smctx->id_len, ec))
+        return 0;
+
+    return EVP_DigestUpdate(mctx, z, (size_t)mdlen);
+}
+
+const EVP_PKEY_METHOD sm2_pkey_meth = {
+    EVP_PKEY_SM2,
+    0,
+    pkey_sm2_init,
+    pkey_sm2_copy,
+    pkey_sm2_cleanup,
+
+    0,
+    0,
+
+    0,
+    0,
+
+    0,
+    pkey_sm2_sign,
+
+    0,
+    pkey_sm2_verify,
+
+    0, 0,
+
+    0, 0, 0, 0,
+
+    0,
+    pkey_sm2_encrypt,
+
+    0,
+    pkey_sm2_decrypt,
+
+    0,
+    0,
+    pkey_sm2_ctrl,
+    pkey_sm2_ctrl_str,
+
+    0, 0,
+
+    0, 0, 0,
+
+    pkey_sm2_digest_custom
+};
diff --git a/deps/openssl/openssl/crypto/sm2/sm2_sign.c b/deps/openssl/openssl/crypto/sm2/sm2_sign.c
new file mode 100644
index 0000000000..0f9c14cb5f
--- /dev/null
+++ b/deps/openssl/openssl/crypto/sm2/sm2_sign.c
@@ -0,0 +1,479 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 Ribose Inc. All Rights Reserved.
+ * Ported from Ribose contributions from Botan.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/sm2.h"
+#include "internal/sm2err.h"
+#include "internal/ec_int.h" /* ec_group_do_inverse_ord() */
+#include "internal/numbers.h"
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <string.h>
+
+int sm2_compute_z_digest(uint8_t *out,
+                         const EVP_MD *digest,
+                         const uint8_t *id,
+                         const size_t id_len,
+                         const EC_KEY *key)
+{
+    int rc = 0;
+    const EC_GROUP *group = EC_KEY_get0_group(key);
+    BN_CTX *ctx = NULL;
+    EVP_MD_CTX *hash = NULL;
+    BIGNUM *p = NULL;
+    BIGNUM *a = NULL;
+    BIGNUM *b = NULL;
+    BIGNUM *xG = NULL;
+    BIGNUM *yG = NULL;
+    BIGNUM *xA = NULL;
+    BIGNUM *yA = NULL;
+    int p_bytes = 0;
+    uint8_t *buf = NULL;
+    uint16_t entl = 0;
+    uint8_t e_byte = 0;
+
+    hash = EVP_MD_CTX_new();
+    ctx = BN_CTX_new();
+    if (hash == NULL || ctx == NULL) {
+        SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    p = BN_CTX_get(ctx);
+    a = BN_CTX_get(ctx);
+    b = BN_CTX_get(ctx);
+    xG = BN_CTX_get(ctx);
+    yG = BN_CTX_get(ctx);
+    xA = BN_CTX_get(ctx);
+    yA = BN_CTX_get(ctx);
+
+    if (yA == NULL) {
+        SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    if (!EVP_DigestInit(hash, digest)) {
+        SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, ERR_R_EVP_LIB);
+        goto done;
+    }
+
+    /* Z = h(ENTL || ID || a || b || xG || yG || xA || yA) */
+
+    if (id_len >= (UINT16_MAX / 8)) {
+        /* too large */
+        SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, SM2_R_ID_TOO_LARGE);
+        goto done;
+    }
+
+    entl = (uint16_t)(8 * id_len);
+
+    e_byte = entl >> 8;
+    if (!EVP_DigestUpdate(hash, &e_byte, 1)) {
+        SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, ERR_R_EVP_LIB);
+        goto done;
+    }
+    e_byte = entl & 0xFF;
+    if (!EVP_DigestUpdate(hash, &e_byte, 1)) {
+        SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, ERR_R_EVP_LIB);
+        goto done;
+    }
+
+    if (id_len > 0 && !EVP_DigestUpdate(hash, id, id_len)) {
+        SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, ERR_R_EVP_LIB);
+        goto done;
+    }
+
+    if (!EC_GROUP_get_curve(group, p, a, b, ctx)) {
+        SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, ERR_R_EC_LIB);
+        goto done;
+    }
+
+    p_bytes = BN_num_bytes(p);
+    buf = OPENSSL_zalloc(p_bytes);
+    if (buf == NULL) {
+        SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    if (BN_bn2binpad(a, buf, p_bytes) < 0
+            || !EVP_DigestUpdate(hash, buf, p_bytes)
+            || BN_bn2binpad(b, buf, p_bytes) < 0
+            || !EVP_DigestUpdate(hash, buf, p_bytes)
+            || !EC_POINT_get_affine_coordinates(group,
+                                                EC_GROUP_get0_generator(group),
+                                                xG, yG, ctx)
+            || BN_bn2binpad(xG, buf, p_bytes) < 0
+            || !EVP_DigestUpdate(hash, buf, p_bytes)
+            || BN_bn2binpad(yG, buf, p_bytes) < 0
+            || !EVP_DigestUpdate(hash, buf, p_bytes)
+            || !EC_POINT_get_affine_coordinates(group,
+                                                EC_KEY_get0_public_key(key),
+                                                xA, yA, ctx)
+            || BN_bn2binpad(xA, buf, p_bytes) < 0
+            || !EVP_DigestUpdate(hash, buf, p_bytes)
+            || BN_bn2binpad(yA, buf, p_bytes) < 0
+            || !EVP_DigestUpdate(hash, buf, p_bytes)
+            || !EVP_DigestFinal(hash, out, NULL)) {
+        SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, ERR_R_INTERNAL_ERROR);
+        goto done;
+    }
+
+    rc = 1;
+
+ done:
+    OPENSSL_free(buf);
+    BN_CTX_free(ctx);
+    EVP_MD_CTX_free(hash);
+    return rc;
+}
+
+static BIGNUM *sm2_compute_msg_hash(const EVP_MD *digest,
+                                    const EC_KEY *key,
+                                    const uint8_t *id,
+                                    const size_t id_len,
+                                    const uint8_t *msg, size_t msg_len)
+{
+    EVP_MD_CTX *hash = EVP_MD_CTX_new();
+    const int md_size = EVP_MD_size(digest);
+    uint8_t *z = NULL;
+    BIGNUM *e = NULL;
+
+    if (md_size < 0) {
+        SM2err(SM2_F_SM2_COMPUTE_MSG_HASH, SM2_R_INVALID_DIGEST);
+        goto done;
+    }
+
+    z = OPENSSL_zalloc(md_size);
+    if (hash == NULL || z == NULL) {
+        SM2err(SM2_F_SM2_COMPUTE_MSG_HASH, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    if (!sm2_compute_z_digest(z, digest, id, id_len, key)) {
+        /* SM2err already called */
+        goto done;
+    }
+
+    if (!EVP_DigestInit(hash, digest)
+            || !EVP_DigestUpdate(hash, z, md_size)
+            || !EVP_DigestUpdate(hash, msg, msg_len)
+               /* reuse z buffer to hold H(Z || M) */
+            || !EVP_DigestFinal(hash, z, NULL)) {
+        SM2err(SM2_F_SM2_COMPUTE_MSG_HASH, ERR_R_EVP_LIB);
+        goto done;
+    }
+
+    e = BN_bin2bn(z, md_size, NULL);
+    if (e == NULL)
+        SM2err(SM2_F_SM2_COMPUTE_MSG_HASH, ERR_R_INTERNAL_ERROR);
+
+ done:
+    OPENSSL_free(z);
+    EVP_MD_CTX_free(hash);
+    return e;
+}
+
+static ECDSA_SIG *sm2_sig_gen(const EC_KEY *key, const BIGNUM *e)
+{
+    const BIGNUM *dA = EC_KEY_get0_private_key(key);
+    const EC_GROUP *group = EC_KEY_get0_group(key);
+    const BIGNUM *order = EC_GROUP_get0_order(group);
+    ECDSA_SIG *sig = NULL;
+    EC_POINT *kG = NULL;
+    BN_CTX *ctx = NULL;
+    BIGNUM *k = NULL;
+    BIGNUM *rk = NULL;
+    BIGNUM *r = NULL;
+    BIGNUM *s = NULL;
+    BIGNUM *x1 = NULL;
+    BIGNUM *tmp = NULL;
+
+    kG = EC_POINT_new(group);
+    ctx = BN_CTX_new();
+    if (kG == NULL || ctx == NULL) {
+        SM2err(SM2_F_SM2_SIG_GEN, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    BN_CTX_start(ctx);
+    k = BN_CTX_get(ctx);
+    rk = BN_CTX_get(ctx);
+    x1 = BN_CTX_get(ctx);
+    tmp = BN_CTX_get(ctx);
+    if (tmp == NULL) {
+        SM2err(SM2_F_SM2_SIG_GEN, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    /*
+     * These values are returned and so should not be allocated out of the
+     * context
+     */
+    r = BN_new();
+    s = BN_new();
+
+    if (r == NULL || s == NULL) {
+        SM2err(SM2_F_SM2_SIG_GEN, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    for (;;) {
+        if (!BN_priv_rand_range(k, order)) {
+            SM2err(SM2_F_SM2_SIG_GEN, ERR_R_INTERNAL_ERROR);
+            goto done;
+        }
+
+        if (!EC_POINT_mul(group, kG, k, NULL, NULL, ctx)
+                || !EC_POINT_get_affine_coordinates(group, kG, x1, NULL,
+                                                    ctx)
+                || !BN_mod_add(r, e, x1, order, ctx)) {
+            SM2err(SM2_F_SM2_SIG_GEN, ERR_R_INTERNAL_ERROR);
+            goto done;
+        }
+
+        /* try again if r == 0 or r+k == n */
+        if (BN_is_zero(r))
+            continue;
+
+        if (!BN_add(rk, r, k)) {
+            SM2err(SM2_F_SM2_SIG_GEN, ERR_R_INTERNAL_ERROR);
+            goto done;
+        }
+
+        if (BN_cmp(rk, order) == 0)
+            continue;
+
+        if (!BN_add(s, dA, BN_value_one())
+                || !ec_group_do_inverse_ord(group, s, s, ctx)
+                || !BN_mod_mul(tmp, dA, r, order, ctx)
+                || !BN_sub(tmp, k, tmp)
+                || !BN_mod_mul(s, s, tmp, order, ctx)) {
+            SM2err(SM2_F_SM2_SIG_GEN, ERR_R_BN_LIB);
+            goto done;
+        }
+
+        sig = ECDSA_SIG_new();
+        if (sig == NULL) {
+            SM2err(SM2_F_SM2_SIG_GEN, ERR_R_MALLOC_FAILURE);
+            goto done;
+        }
+
+         /* takes ownership of r and s */
+        ECDSA_SIG_set0(sig, r, s);
+        break;
+    }
+
+ done:
+    if (sig == NULL) {
+        BN_free(r);
+        BN_free(s);
+    }
+
+    BN_CTX_free(ctx);
+    EC_POINT_free(kG);
+    return sig;
+}
+
+static int sm2_sig_verify(const EC_KEY *key, const ECDSA_SIG *sig,
+                          const BIGNUM *e)
+{
+    int ret = 0;
+    const EC_GROUP *group = EC_KEY_get0_group(key);
+    const BIGNUM *order = EC_GROUP_get0_order(group);
+    BN_CTX *ctx = NULL;
+    EC_POINT *pt = NULL;
+    BIGNUM *t = NULL;
+    BIGNUM *x1 = NULL;
+    const BIGNUM *r = NULL;
+    const BIGNUM *s = NULL;
+
+    ctx = BN_CTX_new();
+    pt = EC_POINT_new(group);
+    if (ctx == NULL || pt == NULL) {
+        SM2err(SM2_F_SM2_SIG_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    BN_CTX_start(ctx);
+    t = BN_CTX_get(ctx);
+    x1 = BN_CTX_get(ctx);
+    if (x1 == NULL) {
+        SM2err(SM2_F_SM2_SIG_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    /*
+     * B1: verify whether r' in [1,n-1], verification failed if not
+     * B2: vefify whether s' in [1,n-1], verification failed if not
+     * B3: set M'~=ZA || M'
+     * B4: calculate e'=Hv(M'~)
+     * B5: calculate t = (r' + s') modn, verification failed if t=0
+     * B6: calculate the point (x1', y1')=[s']G + [t]PA
+     * B7: calculate R=(e'+x1') modn, verfication pass if yes, otherwise failed
+     */
+
+    ECDSA_SIG_get0(sig, &r, &s);
+
+    if (BN_cmp(r, BN_value_one()) < 0
+            || BN_cmp(s, BN_value_one()) < 0
+            || BN_cmp(order, r) <= 0
+            || BN_cmp(order, s) <= 0) {
+        SM2err(SM2_F_SM2_SIG_VERIFY, SM2_R_BAD_SIGNATURE);
+        goto done;
+    }
+
+    if (!BN_mod_add(t, r, s, order, ctx)) {
+        SM2err(SM2_F_SM2_SIG_VERIFY, ERR_R_BN_LIB);
+        goto done;
+    }
+
+    if (BN_is_zero(t)) {
+        SM2err(SM2_F_SM2_SIG_VERIFY, SM2_R_BAD_SIGNATURE);
+        goto done;
+    }
+
+    if (!EC_POINT_mul(group, pt, s, EC_KEY_get0_public_key(key), t, ctx)
+            || !EC_POINT_get_affine_coordinates(group, pt, x1, NULL, ctx)) {
+        SM2err(SM2_F_SM2_SIG_VERIFY, ERR_R_EC_LIB);
+        goto done;
+    }
+
+    if (!BN_mod_add(t, e, x1, order, ctx)) {
+        SM2err(SM2_F_SM2_SIG_VERIFY, ERR_R_BN_LIB);
+        goto done;
+    }
+
+    if (BN_cmp(r, t) == 0)
+        ret = 1;
+
+ done:
+    EC_POINT_free(pt);
+    BN_CTX_free(ctx);
+    return ret;
+}
+
+ECDSA_SIG *sm2_do_sign(const EC_KEY *key,
+                       const EVP_MD *digest,
+                       const uint8_t *id,
+                       const size_t id_len,
+                       const uint8_t *msg, size_t msg_len)
+{
+    BIGNUM *e = NULL;
+    ECDSA_SIG *sig = NULL;
+
+    e = sm2_compute_msg_hash(digest, key, id, id_len, msg, msg_len);
+    if (e == NULL) {
+        /* SM2err already called */
+        goto done;
+    }
+
+    sig = sm2_sig_gen(key, e);
+
+ done:
+    BN_free(e);
+    return sig;
+}
+
+int sm2_do_verify(const EC_KEY *key,
+                  const EVP_MD *digest,
+                  const ECDSA_SIG *sig,
+                  const uint8_t *id,
+                  const size_t id_len,
+                  const uint8_t *msg, size_t msg_len)
+{
+    BIGNUM *e = NULL;
+    int ret = 0;
+
+    e = sm2_compute_msg_hash(digest, key, id, id_len, msg, msg_len);
+    if (e == NULL) {
+        /* SM2err already called */
+        goto done;
+    }
+
+    ret = sm2_sig_verify(key, sig, e);
+
+ done:
+    BN_free(e);
+    return ret;
+}
+
+int sm2_sign(const unsigned char *dgst, int dgstlen,
+             unsigned char *sig, unsigned int *siglen, EC_KEY *eckey)
+{
+    BIGNUM *e = NULL;
+    ECDSA_SIG *s = NULL;
+    int sigleni;
+    int ret = -1;
+
+    e = BN_bin2bn(dgst, dgstlen, NULL);
+    if (e == NULL) {
+       SM2err(SM2_F_SM2_SIGN, ERR_R_BN_LIB);
+       goto done;
+    }
+
+    s = sm2_sig_gen(eckey, e);
+
+    sigleni = i2d_ECDSA_SIG(s, &sig);
+    if (sigleni < 0) {
+       SM2err(SM2_F_SM2_SIGN, ERR_R_INTERNAL_ERROR);
+       goto done;
+    }
+    *siglen = (unsigned int)sigleni;
+
+    ret = 1;
+
+ done:
+    ECDSA_SIG_free(s);
+    BN_free(e);
+    return ret;
+}
+
+int sm2_verify(const unsigned char *dgst, int dgstlen,
+               const unsigned char *sig, int sig_len, EC_KEY *eckey)
+{
+    ECDSA_SIG *s = NULL;
+    BIGNUM *e = NULL;
+    const unsigned char *p = sig;
+    unsigned char *der = NULL;
+    int derlen = -1;
+    int ret = -1;
+
+    s = ECDSA_SIG_new();
+    if (s == NULL) {
+        SM2err(SM2_F_SM2_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+    if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL) {
+        SM2err(SM2_F_SM2_VERIFY, SM2_R_INVALID_ENCODING);
+        goto done;
+    }
+    /* Ensure signature uses DER and doesn't have trailing garbage */
+    derlen = i2d_ECDSA_SIG(s, &der);
+    if (derlen != sig_len || memcmp(sig, der, derlen) != 0) {
+        SM2err(SM2_F_SM2_VERIFY, SM2_R_INVALID_ENCODING);
+        goto done;
+    }
+
+    e = BN_bin2bn(dgst, dgstlen, NULL);
+    if (e == NULL) {
+        SM2err(SM2_F_SM2_VERIFY, ERR_R_BN_LIB);
+        goto done;
+    }
+
+    ret = sm2_sig_verify(eckey, s, e);
+
+ done:
+    OPENSSL_free(der);
+    BN_free(e);
+    ECDSA_SIG_free(s);
+    return ret;
+}
diff --git a/deps/openssl/openssl/crypto/sm3/build.info b/deps/openssl/openssl/crypto/sm3/build.info
new file mode 100644
index 0000000000..6009b1949e
--- /dev/null
+++ b/deps/openssl/openssl/crypto/sm3/build.info
@@ -0,0 +1,2 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=sm3.c m_sm3.c
diff --git a/deps/openssl/openssl/crypto/sm3/m_sm3.c b/deps/openssl/openssl/crypto/sm3/m_sm3.c
new file mode 100644
index 0000000000..85538dc8af
--- /dev/null
+++ b/deps/openssl/openssl/crypto/sm3/m_sm3.c
@@ -0,0 +1,52 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 Ribose Inc. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_SM3
+# include <openssl/evp.h>
+# include "internal/evp_int.h"
+# include "internal/sm3.h"
+
+static int init(EVP_MD_CTX *ctx)
+{
+    return sm3_init(EVP_MD_CTX_md_data(ctx));
+}
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return sm3_update(EVP_MD_CTX_md_data(ctx), data, count);
+}
+
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return sm3_final(md, EVP_MD_CTX_md_data(ctx));
+}
+
+static const EVP_MD sm3_md = {
+    NID_sm3,
+    NID_sm3WithRSAEncryption,
+    SM3_DIGEST_LENGTH,
+    0,
+    init,
+    update,
+    final,
+    NULL,
+    NULL,
+    SM3_CBLOCK,
+    sizeof(EVP_MD *) + sizeof(SM3_CTX),
+};
+
+const EVP_MD *EVP_sm3(void)
+{
+    return &sm3_md;
+}
+
+#endif
diff --git a/deps/openssl/openssl/crypto/sm3/sm3.c b/deps/openssl/openssl/crypto/sm3/sm3.c
new file mode 100644
index 0000000000..1588dd115a
--- /dev/null
+++ b/deps/openssl/openssl/crypto/sm3/sm3.c
@@ -0,0 +1,196 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 Ribose Inc. All Rights Reserved.
+ * Ported from Ribose contributions from Botan.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/e_os2.h>
+#include "sm3_locl.h"
+
+int sm3_init(SM3_CTX *c)
+{
+    memset(c, 0, sizeof(*c));
+    c->A = SM3_A;
+    c->B = SM3_B;
+    c->C = SM3_C;
+    c->D = SM3_D;
+    c->E = SM3_E;
+    c->F = SM3_F;
+    c->G = SM3_G;
+    c->H = SM3_H;
+    return 1;
+}
+
+void sm3_block_data_order(SM3_CTX *ctx, const void *p, size_t num)
+{
+    const unsigned char *data = p;
+    register unsigned MD32_REG_T A, B, C, D, E, F, G, H;
+
+    unsigned MD32_REG_T W00, W01, W02, W03, W04, W05, W06, W07,
+        W08, W09, W10, W11, W12, W13, W14, W15;
+
+    for (; num--;) {
+
+        A = ctx->A;
+        B = ctx->B;
+        C = ctx->C;
+        D = ctx->D;
+        E = ctx->E;
+        F = ctx->F;
+        G = ctx->G;
+        H = ctx->H;
+
+        /*
+        * We have to load all message bytes immediately since SM3 reads
+        * them slightly out of order.
+        */
+        (void)HOST_c2l(data, W00);
+        (void)HOST_c2l(data, W01);
+        (void)HOST_c2l(data, W02);
+        (void)HOST_c2l(data, W03);
+        (void)HOST_c2l(data, W04);
+        (void)HOST_c2l(data, W05);
+        (void)HOST_c2l(data, W06);
+        (void)HOST_c2l(data, W07);
+        (void)HOST_c2l(data, W08);
+        (void)HOST_c2l(data, W09);
+        (void)HOST_c2l(data, W10);
+        (void)HOST_c2l(data, W11);
+        (void)HOST_c2l(data, W12);
+        (void)HOST_c2l(data, W13);
+        (void)HOST_c2l(data, W14);
+        (void)HOST_c2l(data, W15);
+
+        R1(A, B, C, D, E, F, G, H, 0x79CC4519, W00, W00 ^ W04);
+        W00 = EXPAND(W00, W07, W13, W03, W10);
+        R1(D, A, B, C, H, E, F, G, 0xF3988A32, W01, W01 ^ W05);
+        W01 = EXPAND(W01, W08, W14, W04, W11);
+        R1(C, D, A, B, G, H, E, F, 0xE7311465, W02, W02 ^ W06);
+        W02 = EXPAND(W02, W09, W15, W05, W12);
+        R1(B, C, D, A, F, G, H, E, 0xCE6228CB, W03, W03 ^ W07);
+        W03 = EXPAND(W03, W10, W00, W06, W13);
+        R1(A, B, C, D, E, F, G, H, 0x9CC45197, W04, W04 ^ W08);
+        W04 = EXPAND(W04, W11, W01, W07, W14);
+        R1(D, A, B, C, H, E, F, G, 0x3988A32F, W05, W05 ^ W09);
+        W05 = EXPAND(W05, W12, W02, W08, W15);
+        R1(C, D, A, B, G, H, E, F, 0x7311465E, W06, W06 ^ W10);
+        W06 = EXPAND(W06, W13, W03, W09, W00);
+        R1(B, C, D, A, F, G, H, E, 0xE6228CBC, W07, W07 ^ W11);
+        W07 = EXPAND(W07, W14, W04, W10, W01);
+        R1(A, B, C, D, E, F, G, H, 0xCC451979, W08, W08 ^ W12);
+        W08 = EXPAND(W08, W15, W05, W11, W02);
+        R1(D, A, B, C, H, E, F, G, 0x988A32F3, W09, W09 ^ W13);
+        W09 = EXPAND(W09, W00, W06, W12, W03);
+        R1(C, D, A, B, G, H, E, F, 0x311465E7, W10, W10 ^ W14);
+        W10 = EXPAND(W10, W01, W07, W13, W04);
+        R1(B, C, D, A, F, G, H, E, 0x6228CBCE, W11, W11 ^ W15);
+        W11 = EXPAND(W11, W02, W08, W14, W05);
+        R1(A, B, C, D, E, F, G, H, 0xC451979C, W12, W12 ^ W00);
+        W12 = EXPAND(W12, W03, W09, W15, W06);
+        R1(D, A, B, C, H, E, F, G, 0x88A32F39, W13, W13 ^ W01);
+        W13 = EXPAND(W13, W04, W10, W00, W07);
+        R1(C, D, A, B, G, H, E, F, 0x11465E73, W14, W14 ^ W02);
+        W14 = EXPAND(W14, W05, W11, W01, W08);
+        R1(B, C, D, A, F, G, H, E, 0x228CBCE6, W15, W15 ^ W03);
+        W15 = EXPAND(W15, W06, W12, W02, W09);
+        R2(A, B, C, D, E, F, G, H, 0x9D8A7A87, W00, W00 ^ W04);
+        W00 = EXPAND(W00, W07, W13, W03, W10);
+        R2(D, A, B, C, H, E, F, G, 0x3B14F50F, W01, W01 ^ W05);
+        W01 = EXPAND(W01, W08, W14, W04, W11);
+        R2(C, D, A, B, G, H, E, F, 0x7629EA1E, W02, W02 ^ W06);
+        W02 = EXPAND(W02, W09, W15, W05, W12);
+        R2(B, C, D, A, F, G, H, E, 0xEC53D43C, W03, W03 ^ W07);
+        W03 = EXPAND(W03, W10, W00, W06, W13);
+        R2(A, B, C, D, E, F, G, H, 0xD8A7A879, W04, W04 ^ W08);
+        W04 = EXPAND(W04, W11, W01, W07, W14);
+        R2(D, A, B, C, H, E, F, G, 0xB14F50F3, W05, W05 ^ W09);
+        W05 = EXPAND(W05, W12, W02, W08, W15);
+        R2(C, D, A, B, G, H, E, F, 0x629EA1E7, W06, W06 ^ W10);
+        W06 = EXPAND(W06, W13, W03, W09, W00);
+        R2(B, C, D, A, F, G, H, E, 0xC53D43CE, W07, W07 ^ W11);
+        W07 = EXPAND(W07, W14, W04, W10, W01);
+        R2(A, B, C, D, E, F, G, H, 0x8A7A879D, W08, W08 ^ W12);
+        W08 = EXPAND(W08, W15, W05, W11, W02);
+        R2(D, A, B, C, H, E, F, G, 0x14F50F3B, W09, W09 ^ W13);
+        W09 = EXPAND(W09, W00, W06, W12, W03);
+        R2(C, D, A, B, G, H, E, F, 0x29EA1E76, W10, W10 ^ W14);
+        W10 = EXPAND(W10, W01, W07, W13, W04);
+        R2(B, C, D, A, F, G, H, E, 0x53D43CEC, W11, W11 ^ W15);
+        W11 = EXPAND(W11, W02, W08, W14, W05);
+        R2(A, B, C, D, E, F, G, H, 0xA7A879D8, W12, W12 ^ W00);
+        W12 = EXPAND(W12, W03, W09, W15, W06);
+        R2(D, A, B, C, H, E, F, G, 0x4F50F3B1, W13, W13 ^ W01);
+        W13 = EXPAND(W13, W04, W10, W00, W07);
+        R2(C, D, A, B, G, H, E, F, 0x9EA1E762, W14, W14 ^ W02);
+        W14 = EXPAND(W14, W05, W11, W01, W08);
+        R2(B, C, D, A, F, G, H, E, 0x3D43CEC5, W15, W15 ^ W03);
+        W15 = EXPAND(W15, W06, W12, W02, W09);
+        R2(A, B, C, D, E, F, G, H, 0x7A879D8A, W00, W00 ^ W04);
+        W00 = EXPAND(W00, W07, W13, W03, W10);
+        R2(D, A, B, C, H, E, F, G, 0xF50F3B14, W01, W01 ^ W05);
+        W01 = EXPAND(W01, W08, W14, W04, W11);
+        R2(C, D, A, B, G, H, E, F, 0xEA1E7629, W02, W02 ^ W06);
+        W02 = EXPAND(W02, W09, W15, W05, W12);
+        R2(B, C, D, A, F, G, H, E, 0xD43CEC53, W03, W03 ^ W07);
+        W03 = EXPAND(W03, W10, W00, W06, W13);
+        R2(A, B, C, D, E, F, G, H, 0xA879D8A7, W04, W04 ^ W08);
+        W04 = EXPAND(W04, W11, W01, W07, W14);
+        R2(D, A, B, C, H, E, F, G, 0x50F3B14F, W05, W05 ^ W09);
+        W05 = EXPAND(W05, W12, W02, W08, W15);
+        R2(C, D, A, B, G, H, E, F, 0xA1E7629E, W06, W06 ^ W10);
+        W06 = EXPAND(W06, W13, W03, W09, W00);
+        R2(B, C, D, A, F, G, H, E, 0x43CEC53D, W07, W07 ^ W11);
+        W07 = EXPAND(W07, W14, W04, W10, W01);
+        R2(A, B, C, D, E, F, G, H, 0x879D8A7A, W08, W08 ^ W12);
+        W08 = EXPAND(W08, W15, W05, W11, W02);
+        R2(D, A, B, C, H, E, F, G, 0x0F3B14F5, W09, W09 ^ W13);
+        W09 = EXPAND(W09, W00, W06, W12, W03);
+        R2(C, D, A, B, G, H, E, F, 0x1E7629EA, W10, W10 ^ W14);
+        W10 = EXPAND(W10, W01, W07, W13, W04);
+        R2(B, C, D, A, F, G, H, E, 0x3CEC53D4, W11, W11 ^ W15);
+        W11 = EXPAND(W11, W02, W08, W14, W05);
+        R2(A, B, C, D, E, F, G, H, 0x79D8A7A8, W12, W12 ^ W00);
+        W12 = EXPAND(W12, W03, W09, W15, W06);
+        R2(D, A, B, C, H, E, F, G, 0xF3B14F50, W13, W13 ^ W01);
+        W13 = EXPAND(W13, W04, W10, W00, W07);
+        R2(C, D, A, B, G, H, E, F, 0xE7629EA1, W14, W14 ^ W02);
+        W14 = EXPAND(W14, W05, W11, W01, W08);
+        R2(B, C, D, A, F, G, H, E, 0xCEC53D43, W15, W15 ^ W03);
+        W15 = EXPAND(W15, W06, W12, W02, W09);
+        R2(A, B, C, D, E, F, G, H, 0x9D8A7A87, W00, W00 ^ W04);
+        W00 = EXPAND(W00, W07, W13, W03, W10);
+        R2(D, A, B, C, H, E, F, G, 0x3B14F50F, W01, W01 ^ W05);
+        W01 = EXPAND(W01, W08, W14, W04, W11);
+        R2(C, D, A, B, G, H, E, F, 0x7629EA1E, W02, W02 ^ W06);
+        W02 = EXPAND(W02, W09, W15, W05, W12);
+        R2(B, C, D, A, F, G, H, E, 0xEC53D43C, W03, W03 ^ W07);
+        W03 = EXPAND(W03, W10, W00, W06, W13);
+        R2(A, B, C, D, E, F, G, H, 0xD8A7A879, W04, W04 ^ W08);
+        R2(D, A, B, C, H, E, F, G, 0xB14F50F3, W05, W05 ^ W09);
+        R2(C, D, A, B, G, H, E, F, 0x629EA1E7, W06, W06 ^ W10);
+        R2(B, C, D, A, F, G, H, E, 0xC53D43CE, W07, W07 ^ W11);
+        R2(A, B, C, D, E, F, G, H, 0x8A7A879D, W08, W08 ^ W12);
+        R2(D, A, B, C, H, E, F, G, 0x14F50F3B, W09, W09 ^ W13);
+        R2(C, D, A, B, G, H, E, F, 0x29EA1E76, W10, W10 ^ W14);
+        R2(B, C, D, A, F, G, H, E, 0x53D43CEC, W11, W11 ^ W15);
+        R2(A, B, C, D, E, F, G, H, 0xA7A879D8, W12, W12 ^ W00);
+        R2(D, A, B, C, H, E, F, G, 0x4F50F3B1, W13, W13 ^ W01);
+        R2(C, D, A, B, G, H, E, F, 0x9EA1E762, W14, W14 ^ W02);
+        R2(B, C, D, A, F, G, H, E, 0x3D43CEC5, W15, W15 ^ W03);
+
+        ctx->A ^= A;
+        ctx->B ^= B;
+        ctx->C ^= C;
+        ctx->D ^= D;
+        ctx->E ^= E;
+        ctx->F ^= F;
+        ctx->G ^= G;
+        ctx->H ^= H;
+    }
+}
+
diff --git a/deps/openssl/openssl/crypto/sm3/sm3_locl.h b/deps/openssl/openssl/crypto/sm3/sm3_locl.h
new file mode 100644
index 0000000000..efa6db57c6
--- /dev/null
+++ b/deps/openssl/openssl/crypto/sm3/sm3_locl.h
@@ -0,0 +1,79 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 Ribose Inc. All Rights Reserved.
+ * Ported from Ribose contributions from Botan.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include "internal/sm3.h"
+
+#define DATA_ORDER_IS_BIG_ENDIAN
+
+#define HASH_LONG               SM3_WORD
+#define HASH_CTX                SM3_CTX
+#define HASH_CBLOCK             SM3_CBLOCK
+#define HASH_UPDATE             sm3_update
+#define HASH_TRANSFORM          sm3_transform
+#define HASH_FINAL              sm3_final
+#define HASH_MAKE_STRING(c, s)              \
+      do {                                  \
+        unsigned long ll;                   \
+        ll=(c)->A; (void)HOST_l2c(ll, (s)); \
+        ll=(c)->B; (void)HOST_l2c(ll, (s)); \
+        ll=(c)->C; (void)HOST_l2c(ll, (s)); \
+        ll=(c)->D; (void)HOST_l2c(ll, (s)); \
+        ll=(c)->E; (void)HOST_l2c(ll, (s)); \
+        ll=(c)->F; (void)HOST_l2c(ll, (s)); \
+        ll=(c)->G; (void)HOST_l2c(ll, (s)); \
+        ll=(c)->H; (void)HOST_l2c(ll, (s)); \
+      } while (0)
+#define HASH_BLOCK_DATA_ORDER   sm3_block_data_order
+
+void sm3_transform(SM3_CTX *c, const unsigned char *data);
+
+#include "internal/md32_common.h"
+
+#define P0(X) (X ^ ROTATE(X, 9) ^ ROTATE(X, 17))
+#define P1(X) (X ^ ROTATE(X, 15) ^ ROTATE(X, 23))
+
+#define FF0(X,Y,Z) (X ^ Y ^ Z)
+#define GG0(X,Y,Z) (X ^ Y ^ Z)
+
+#define FF1(X,Y,Z) ((X & Y) | ((X | Y) & Z))
+#define GG1(X,Y,Z) ((Z ^ (X & (Y ^ Z))))
+
+#define EXPAND(W0,W7,W13,W3,W10) \
+   (P1(W0 ^ W7 ^ ROTATE(W13, 15)) ^ ROTATE(W3, 7) ^ W10)
+
+#define RND(A, B, C, D, E, F, G, H, TJ, Wi, Wj, FF, GG)           \
+     do {                                                         \
+       const SM3_WORD A12 = ROTATE(A, 12);                        \
+       const SM3_WORD A12_SM = A12 + E + TJ;                      \
+       const SM3_WORD SS1 = ROTATE(A12_SM, 7);                    \
+       const SM3_WORD TT1 = FF(A, B, C) + D + (SS1 ^ A12) + (Wj); \
+       const SM3_WORD TT2 = GG(E, F, G) + H + SS1 + Wi;           \
+       B = ROTATE(B, 9);                                          \
+       D = TT1;                                                   \
+       F = ROTATE(F, 19);                                         \
+       H = P0(TT2);                                               \
+     } while(0)
+
+#define R1(A,B,C,D,E,F,G,H,TJ,Wi,Wj) \
+   RND(A,B,C,D,E,F,G,H,TJ,Wi,Wj,FF0,GG0)
+
+#define R2(A,B,C,D,E,F,G,H,TJ,Wi,Wj) \
+   RND(A,B,C,D,E,F,G,H,TJ,Wi,Wj,FF1,GG1)
+
+#define SM3_A 0x7380166fUL
+#define SM3_B 0x4914b2b9UL
+#define SM3_C 0x172442d7UL
+#define SM3_D 0xda8a0600UL
+#define SM3_E 0xa96f30bcUL
+#define SM3_F 0x163138aaUL
+#define SM3_G 0xe38dee4dUL
+#define SM3_H 0xb0fb0e4eUL
diff --git a/deps/openssl/openssl/crypto/sm4/build.info b/deps/openssl/openssl/crypto/sm4/build.info
new file mode 100644
index 0000000000..b65a7d149e
--- /dev/null
+++ b/deps/openssl/openssl/crypto/sm4/build.info
@@ -0,0 +1,4 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        sm4.c
+
diff --git a/deps/openssl/openssl/crypto/sm4/sm4.c b/deps/openssl/openssl/crypto/sm4/sm4.c
new file mode 100644
index 0000000000..0c819a4b68
--- /dev/null
+++ b/deps/openssl/openssl/crypto/sm4/sm4.c
@@ -0,0 +1,233 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 Ribose Inc. All Rights Reserved.
+ * Ported from Ribose contributions from Botan.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/e_os2.h>
+#include "internal/sm4.h"
+
+static const uint8_t SM4_S[256] = {
+    0xD6, 0x90, 0xE9, 0xFE, 0xCC, 0xE1, 0x3D, 0xB7, 0x16, 0xB6, 0x14, 0xC2,
+    0x28, 0xFB, 0x2C, 0x05, 0x2B, 0x67, 0x9A, 0x76, 0x2A, 0xBE, 0x04, 0xC3,
+    0xAA, 0x44, 0x13, 0x26, 0x49, 0x86, 0x06, 0x99, 0x9C, 0x42, 0x50, 0xF4,
+    0x91, 0xEF, 0x98, 0x7A, 0x33, 0x54, 0x0B, 0x43, 0xED, 0xCF, 0xAC, 0x62,
+    0xE4, 0xB3, 0x1C, 0xA9, 0xC9, 0x08, 0xE8, 0x95, 0x80, 0xDF, 0x94, 0xFA,
+    0x75, 0x8F, 0x3F, 0xA6, 0x47, 0x07, 0xA7, 0xFC, 0xF3, 0x73, 0x17, 0xBA,
+    0x83, 0x59, 0x3C, 0x19, 0xE6, 0x85, 0x4F, 0xA8, 0x68, 0x6B, 0x81, 0xB2,
+    0x71, 0x64, 0xDA, 0x8B, 0xF8, 0xEB, 0x0F, 0x4B, 0x70, 0x56, 0x9D, 0x35,
+    0x1E, 0x24, 0x0E, 0x5E, 0x63, 0x58, 0xD1, 0xA2, 0x25, 0x22, 0x7C, 0x3B,
+    0x01, 0x21, 0x78, 0x87, 0xD4, 0x00, 0x46, 0x57, 0x9F, 0xD3, 0x27, 0x52,
+    0x4C, 0x36, 0x02, 0xE7, 0xA0, 0xC4, 0xC8, 0x9E, 0xEA, 0xBF, 0x8A, 0xD2,
+    0x40, 0xC7, 0x38, 0xB5, 0xA3, 0xF7, 0xF2, 0xCE, 0xF9, 0x61, 0x15, 0xA1,
+    0xE0, 0xAE, 0x5D, 0xA4, 0x9B, 0x34, 0x1A, 0x55, 0xAD, 0x93, 0x32, 0x30,
+    0xF5, 0x8C, 0xB1, 0xE3, 0x1D, 0xF6, 0xE2, 0x2E, 0x82, 0x66, 0xCA, 0x60,
+    0xC0, 0x29, 0x23, 0xAB, 0x0D, 0x53, 0x4E, 0x6F, 0xD5, 0xDB, 0x37, 0x45,
+    0xDE, 0xFD, 0x8E, 0x2F, 0x03, 0xFF, 0x6A, 0x72, 0x6D, 0x6C, 0x5B, 0x51,
+    0x8D, 0x1B, 0xAF, 0x92, 0xBB, 0xDD, 0xBC, 0x7F, 0x11, 0xD9, 0x5C, 0x41,
+    0x1F, 0x10, 0x5A, 0xD8, 0x0A, 0xC1, 0x31, 0x88, 0xA5, 0xCD, 0x7B, 0xBD,
+    0x2D, 0x74, 0xD0, 0x12, 0xB8, 0xE5, 0xB4, 0xB0, 0x89, 0x69, 0x97, 0x4A,
+    0x0C, 0x96, 0x77, 0x7E, 0x65, 0xB9, 0xF1, 0x09, 0xC5, 0x6E, 0xC6, 0x84,
+    0x18, 0xF0, 0x7D, 0xEC, 0x3A, 0xDC, 0x4D, 0x20, 0x79, 0xEE, 0x5F, 0x3E,
+    0xD7, 0xCB, 0x39, 0x48
+};
+
+/*
+ * SM4_SBOX_T[j] == L(SM4_SBOX[j]).
+ */
+static const uint32_t SM4_SBOX_T[256] = {
+    0x8ED55B5B, 0xD0924242, 0x4DEAA7A7, 0x06FDFBFB, 0xFCCF3333, 0x65E28787,
+    0xC93DF4F4, 0x6BB5DEDE, 0x4E165858, 0x6EB4DADA, 0x44145050, 0xCAC10B0B,
+    0x8828A0A0, 0x17F8EFEF, 0x9C2CB0B0, 0x11051414, 0x872BACAC, 0xFB669D9D,
+    0xF2986A6A, 0xAE77D9D9, 0x822AA8A8, 0x46BCFAFA, 0x14041010, 0xCFC00F0F,
+    0x02A8AAAA, 0x54451111, 0x5F134C4C, 0xBE269898, 0x6D482525, 0x9E841A1A,
+    0x1E061818, 0xFD9B6666, 0xEC9E7272, 0x4A430909, 0x10514141, 0x24F7D3D3,
+    0xD5934646, 0x53ECBFBF, 0xF89A6262, 0x927BE9E9, 0xFF33CCCC, 0x04555151,
+    0x270B2C2C, 0x4F420D0D, 0x59EEB7B7, 0xF3CC3F3F, 0x1CAEB2B2, 0xEA638989,
+    0x74E79393, 0x7FB1CECE, 0x6C1C7070, 0x0DABA6A6, 0xEDCA2727, 0x28082020,
+    0x48EBA3A3, 0xC1975656, 0x80820202, 0xA3DC7F7F, 0xC4965252, 0x12F9EBEB,
+    0xA174D5D5, 0xB38D3E3E, 0xC33FFCFC, 0x3EA49A9A, 0x5B461D1D, 0x1B071C1C,
+    0x3BA59E9E, 0x0CFFF3F3, 0x3FF0CFCF, 0xBF72CDCD, 0x4B175C5C, 0x52B8EAEA,
+    0x8F810E0E, 0x3D586565, 0xCC3CF0F0, 0x7D196464, 0x7EE59B9B, 0x91871616,
+    0x734E3D3D, 0x08AAA2A2, 0xC869A1A1, 0xC76AADAD, 0x85830606, 0x7AB0CACA,
+    0xB570C5C5, 0xF4659191, 0xB2D96B6B, 0xA7892E2E, 0x18FBE3E3, 0x47E8AFAF,
+    0x330F3C3C, 0x674A2D2D, 0xB071C1C1, 0x0E575959, 0xE99F7676, 0xE135D4D4,
+    0x661E7878, 0xB4249090, 0x360E3838, 0x265F7979, 0xEF628D8D, 0x38596161,
+    0x95D24747, 0x2AA08A8A, 0xB1259494, 0xAA228888, 0x8C7DF1F1, 0xD73BECEC,
+    0x05010404, 0xA5218484, 0x9879E1E1, 0x9B851E1E, 0x84D75353, 0x00000000,
+    0x5E471919, 0x0B565D5D, 0xE39D7E7E, 0x9FD04F4F, 0xBB279C9C, 0x1A534949,
+    0x7C4D3131, 0xEE36D8D8, 0x0A020808, 0x7BE49F9F, 0x20A28282, 0xD4C71313,
+    0xE8CB2323, 0xE69C7A7A, 0x42E9ABAB, 0x43BDFEFE, 0xA2882A2A, 0x9AD14B4B,
+    0x40410101, 0xDBC41F1F, 0xD838E0E0, 0x61B7D6D6, 0x2FA18E8E, 0x2BF4DFDF,
+    0x3AF1CBCB, 0xF6CD3B3B, 0x1DFAE7E7, 0xE5608585, 0x41155454, 0x25A38686,
+    0x60E38383, 0x16ACBABA, 0x295C7575, 0x34A69292, 0xF7996E6E, 0xE434D0D0,
+    0x721A6868, 0x01545555, 0x19AFB6B6, 0xDF914E4E, 0xFA32C8C8, 0xF030C0C0,
+    0x21F6D7D7, 0xBC8E3232, 0x75B3C6C6, 0x6FE08F8F, 0x691D7474, 0x2EF5DBDB,
+    0x6AE18B8B, 0x962EB8B8, 0x8A800A0A, 0xFE679999, 0xE2C92B2B, 0xE0618181,
+    0xC0C30303, 0x8D29A4A4, 0xAF238C8C, 0x07A9AEAE, 0x390D3434, 0x1F524D4D,
+    0x764F3939, 0xD36EBDBD, 0x81D65757, 0xB7D86F6F, 0xEB37DCDC, 0x51441515,
+    0xA6DD7B7B, 0x09FEF7F7, 0xB68C3A3A, 0x932FBCBC, 0x0F030C0C, 0x03FCFFFF,
+    0xC26BA9A9, 0xBA73C9C9, 0xD96CB5B5, 0xDC6DB1B1, 0x375A6D6D, 0x15504545,
+    0xB98F3636, 0x771B6C6C, 0x13ADBEBE, 0xDA904A4A, 0x57B9EEEE, 0xA9DE7777,
+    0x4CBEF2F2, 0x837EFDFD, 0x55114444, 0xBDDA6767, 0x2C5D7171, 0x45400505,
+    0x631F7C7C, 0x50104040, 0x325B6969, 0xB8DB6363, 0x220A2828, 0xC5C20707,
+    0xF531C4C4, 0xA88A2222, 0x31A79696, 0xF9CE3737, 0x977AEDED, 0x49BFF6F6,
+    0x992DB4B4, 0xA475D1D1, 0x90D34343, 0x5A124848, 0x58BAE2E2, 0x71E69797,
+    0x64B6D2D2, 0x70B2C2C2, 0xAD8B2626, 0xCD68A5A5, 0xCB955E5E, 0x624B2929,
+    0x3C0C3030, 0xCE945A5A, 0xAB76DDDD, 0x867FF9F9, 0xF1649595, 0x5DBBE6E6,
+    0x35F2C7C7, 0x2D092424, 0xD1C61717, 0xD66FB9B9, 0xDEC51B1B, 0x94861212,
+    0x78186060, 0x30F3C3C3, 0x897CF5F5, 0x5CEFB3B3, 0xD23AE8E8, 0xACDF7373,
+    0x794C3535, 0xA0208080, 0x9D78E5E5, 0x56EDBBBB, 0x235E7D7D, 0xC63EF8F8,
+    0x8BD45F5F, 0xE7C82F2F, 0xDD39E4E4, 0x68492121 };
+
+static ossl_inline uint32_t rotl(uint32_t a, uint8_t n)
+{
+    return (a << n) | (a >> (32 - n));
+}
+
+static ossl_inline uint32_t load_u32_be(const uint8_t *b, uint32_t n)
+{
+    return ((uint32_t)b[4 * n] << 24) |
+           ((uint32_t)b[4 * n + 1] << 16) |
+           ((uint32_t)b[4 * n + 2] << 8) |
+           ((uint32_t)b[4 * n + 3]);
+}
+
+static ossl_inline void store_u32_be(uint32_t v, uint8_t *b)
+{
+    b[0] = (uint8_t)(v >> 24);
+    b[1] = (uint8_t)(v >> 16);
+    b[2] = (uint8_t)(v >> 8);
+    b[3] = (uint8_t)(v);
+}
+
+static ossl_inline uint32_t SM4_T_slow(uint32_t X)
+{
+    uint32_t t = 0;
+
+    t |= ((uint32_t)SM4_S[(uint8_t)(X >> 24)]) << 24;
+    t |= ((uint32_t)SM4_S[(uint8_t)(X >> 16)]) << 16;
+    t |= ((uint32_t)SM4_S[(uint8_t)(X >> 8)]) << 8;
+    t |= SM4_S[(uint8_t)X];
+
+    /*
+     * L linear transform
+     */
+    return t ^ rotl(t, 2) ^ rotl(t, 10) ^ rotl(t, 18) ^ rotl(t, 24);
+}
+
+static ossl_inline uint32_t SM4_T(uint32_t X)
+{
+    return SM4_SBOX_T[(uint8_t)(X >> 24)] ^
+           rotl(SM4_SBOX_T[(uint8_t)(X >> 16)], 24) ^
+           rotl(SM4_SBOX_T[(uint8_t)(X >> 8)], 16) ^
+           rotl(SM4_SBOX_T[(uint8_t)X], 8);
+}
+
+int SM4_set_key(const uint8_t *key, SM4_KEY *ks)
+{
+    /*
+     * Family Key
+     */
+    static const uint32_t FK[4] =
+        { 0xa3b1bac6, 0x56aa3350, 0x677d9197, 0xb27022dc };
+
+    /*
+     * Constant Key
+     */
+    static const uint32_t CK[32] = {
+        0x00070E15, 0x1C232A31, 0x383F464D, 0x545B6269,
+        0x70777E85, 0x8C939AA1, 0xA8AFB6BD, 0xC4CBD2D9,
+        0xE0E7EEF5, 0xFC030A11, 0x181F262D, 0x343B4249,
+        0x50575E65, 0x6C737A81, 0x888F969D, 0xA4ABB2B9,
+        0xC0C7CED5, 0xDCE3EAF1, 0xF8FF060D, 0x141B2229,
+        0x30373E45, 0x4C535A61, 0x686F767D, 0x848B9299,
+        0xA0A7AEB5, 0xBCC3CAD1, 0xD8DFE6ED, 0xF4FB0209,
+        0x10171E25, 0x2C333A41, 0x484F565D, 0x646B7279
+    };
+
+    uint32_t K[4];
+    int i;
+
+    K[0] = load_u32_be(key, 0) ^ FK[0];
+    K[1] = load_u32_be(key, 1) ^ FK[1];
+    K[2] = load_u32_be(key, 2) ^ FK[2];
+    K[3] = load_u32_be(key, 3) ^ FK[3];
+
+    for (i = 0; i != SM4_KEY_SCHEDULE; ++i) {
+        uint32_t X = K[(i + 1) % 4] ^ K[(i + 2) % 4] ^ K[(i + 3) % 4] ^ CK[i];
+        uint32_t t = 0;
+
+        t |= ((uint32_t)SM4_S[(uint8_t)(X >> 24)]) << 24;
+        t |= ((uint32_t)SM4_S[(uint8_t)(X >> 16)]) << 16;
+        t |= ((uint32_t)SM4_S[(uint8_t)(X >> 8)]) << 8;
+        t |= SM4_S[(uint8_t)X];
+
+        t = t ^ rotl(t, 13) ^ rotl(t, 23);
+        K[i % 4] ^= t;
+        ks->rk[i] = K[i % 4];
+    }
+
+    return 1;
+}
+
+#define SM4_RNDS(k0, k1, k2, k3, F)          \
+      do {                                   \
+         B0 ^= F(B1 ^ B2 ^ B3 ^ ks->rk[k0]); \
+         B1 ^= F(B0 ^ B2 ^ B3 ^ ks->rk[k1]); \
+         B2 ^= F(B0 ^ B1 ^ B3 ^ ks->rk[k2]); \
+         B3 ^= F(B0 ^ B1 ^ B2 ^ ks->rk[k3]); \
+      } while(0)
+
+void SM4_encrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks)
+{
+    uint32_t B0 = load_u32_be(in, 0);
+    uint32_t B1 = load_u32_be(in, 1);
+    uint32_t B2 = load_u32_be(in, 2);
+    uint32_t B3 = load_u32_be(in, 3);
+
+    /*
+     * Uses byte-wise sbox in the first and last rounds to provide some
+     * protection from cache based side channels.
+     */
+    SM4_RNDS( 0,  1,  2,  3, SM4_T_slow);
+    SM4_RNDS( 4,  5,  6,  7, SM4_T);
+    SM4_RNDS( 8,  9, 10, 11, SM4_T);
+    SM4_RNDS(12, 13, 14, 15, SM4_T);
+    SM4_RNDS(16, 17, 18, 19, SM4_T);
+    SM4_RNDS(20, 21, 22, 23, SM4_T);
+    SM4_RNDS(24, 25, 26, 27, SM4_T);
+    SM4_RNDS(28, 29, 30, 31, SM4_T_slow);
+
+    store_u32_be(B3, out);
+    store_u32_be(B2, out + 4);
+    store_u32_be(B1, out + 8);
+    store_u32_be(B0, out + 12);
+}
+
+void SM4_decrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks)
+{
+    uint32_t B0 = load_u32_be(in, 0);
+    uint32_t B1 = load_u32_be(in, 1);
+    uint32_t B2 = load_u32_be(in, 2);
+    uint32_t B3 = load_u32_be(in, 3);
+
+    SM4_RNDS(31, 30, 29, 28, SM4_T_slow);
+    SM4_RNDS(27, 26, 25, 24, SM4_T);
+    SM4_RNDS(23, 22, 21, 20, SM4_T);
+    SM4_RNDS(19, 18, 17, 16, SM4_T);
+    SM4_RNDS(15, 14, 13, 12, SM4_T);
+    SM4_RNDS(11, 10,  9,  8, SM4_T);
+    SM4_RNDS( 7,  6,  5,  4, SM4_T);
+    SM4_RNDS( 3,  2,  1,  0, SM4_T_slow);
+
+    store_u32_be(B3, out);
+    store_u32_be(B2, out + 4);
+    store_u32_be(B1, out + 8);
+    store_u32_be(B0, out + 12);
+}
diff --git a/deps/openssl/openssl/crypto/sparccpuid.S b/deps/openssl/openssl/crypto/sparccpuid.S
index c6ca224738..95acd2f9d4 100644
--- a/deps/openssl/openssl/crypto/sparccpuid.S
+++ b/deps/openssl/openssl/crypto/sparccpuid.S
@@ -5,10 +5,6 @@
 ! in the file LICENSE in the source distribution or at
 ! https://www.openssl.org/source/license.html
 
-#ifdef OPENSSL_FIPSCANISTER
-#include <openssl/fipssyms.h>
-#endif
-
 #if defined(__SUNPRO_C) && defined(__sparcv9)
 # define ABI64  /* They've said -xarch=v9 at command line */
 #elif defined(__GNUC__) && defined(__arch64__)
diff --git a/deps/openssl/openssl/crypto/sparcv9cap.c b/deps/openssl/openssl/crypto/sparcv9cap.c
index 61d0334ee4..c8c567536b 100644
--- a/deps/openssl/openssl/crypto/sparcv9cap.c
+++ b/deps/openssl/openssl/crypto/sparcv9cap.c
@@ -15,6 +15,7 @@
 #include <sys/time.h>
 #include <unistd.h>
 #include <openssl/bn.h>
+#include "internal/cryptlib.h"
 
 #include "sparc_arch.h"
 
@@ -98,7 +99,7 @@ unsigned long _sparcv9_random(void);
 size_t _sparcv9_vis1_instrument_bus(unsigned int *, size_t);
 size_t _sparcv9_vis1_instrument_bus2(unsigned int *, size_t, size_t);
 
-unsigned long OPENSSL_rdtsc(void)
+uint32_t OPENSSL_rdtsc(void)
 {
     if (OPENSSL_sparcv9cap_P[0] & SPARCV9_TICK_PRIVILEGED)
 #if defined(__sun) && defined(__SVR4)
diff --git a/deps/openssl/openssl/crypto/srp/srp_lib.c b/deps/openssl/openssl/crypto/srp/srp_lib.c
index e79352cb2e..b97d630d37 100644
--- a/deps/openssl/openssl/crypto/srp/srp_lib.c
+++ b/deps/openssl/openssl/crypto/srp/srp_lib.c
@@ -1,10 +1,14 @@
 /*
- * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2004, EdelKey Project. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
  * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Christophe Renou and Peter Sylvester,
+ * for the EdelKey project.
  */
 
 #ifndef OPENSSL_NO_SRP
diff --git a/deps/openssl/openssl/crypto/srp/srp_vfy.c b/deps/openssl/openssl/crypto/srp/srp_vfy.c
index 29b7afcb04..17b35c00f9 100644
--- a/deps/openssl/openssl/crypto/srp/srp_vfy.c
+++ b/deps/openssl/openssl/crypto/srp/srp_vfy.c
@@ -1,144 +1,176 @@
 /*
- * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2004, EdelKey Project. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
  * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Christophe Renou and Peter Sylvester,
+ * for the EdelKey project.
  */
 
 #ifndef OPENSSL_NO_SRP
 # include "internal/cryptlib.h"
+# include "internal/evp_int.h"
 # include <openssl/sha.h>
 # include <openssl/srp.h>
 # include <openssl/evp.h>
 # include <openssl/buffer.h>
 # include <openssl/rand.h>
 # include <openssl/txt_db.h>
+# include <openssl/err.h>
 
 # define SRP_RANDOM_SALT_LEN 20
 # define MAX_LEN 2500
 
-static char b64table[] =
-    "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz./";
-
 /*
- * the following two conversion routines have been inspired by code from
- * Stanford
+ * Note that SRP uses its own variant of base 64 encoding. A different base64
+ * alphabet is used and no padding '=' characters are added. Instead we pad to
+ * the front with 0 bytes and subsequently strip off leading encoded padding.
+ * This variant is used for compatibility with other SRP implementations -
+ * notably libsrp, but also others. It is also required for backwards
+ * compatibility in order to load verifier files from other OpenSSL versions.
  */
 
 /*
  * Convert a base64 string into raw byte array representation.
+ * Returns the length of the decoded data, or -1 on error.
  */
 static int t_fromb64(unsigned char *a, size_t alen, const char *src)
 {
-    char *loc;
-    int i, j;
-    int size;
-
-    if (alen == 0 || alen > INT_MAX)
-        return -1;
+    EVP_ENCODE_CTX *ctx;
+    int outl = 0, outl2 = 0;
+    size_t size, padsize;
+    const unsigned char *pad = (const unsigned char *)"00";
 
-    while (*src && (*src == ' ' || *src == '\t' || *src == '\n'))
+    while (*src == ' ' || *src == '\t' || *src == '\n')
         ++src;
     size = strlen(src);
-    if (size < 0 || size >= (int)alen)
+    padsize = 4 - (size & 3);
+    padsize &= 3;
+
+    /* Four bytes in src become three bytes output. */
+    if (size > INT_MAX || ((size + padsize) / 4) * 3 > alen)
         return -1;
 
-    i = 0;
-    while (i < size) {
-        loc = strchr(b64table, src[i]);
-        if (loc == (char *)0)
-            break;
-        else
-            a[i] = loc - b64table;
-        ++i;
+    ctx = EVP_ENCODE_CTX_new();
+    if (ctx == NULL)
+        return -1;
+
+    /*
+     * This should never occur because 1 byte of data always requires 2 bytes of
+     * encoding, i.e.
+     *  0 bytes unencoded = 0 bytes encoded
+     *  1 byte unencoded  = 2 bytes encoded
+     *  2 bytes unencoded = 3 bytes encoded
+     *  3 bytes unencoded = 4 bytes encoded
+     *  4 bytes unencoded = 6 bytes encoded
+     *  etc
+     */
+    if (padsize == 3) {
+        outl = -1;
+        goto err;
     }
-    /* if nothing valid to process we have a zero length response */
-    if (i == 0)
-        return 0;
-    size = i;
-    i = size - 1;
-    j = size;
-    while (1) {
-        a[j] = a[i];
-        if (--i < 0)
-            break;
-        a[j] |= (a[i] & 3) << 6;
-        --j;
-        a[j] = (unsigned char)((a[i] & 0x3c) >> 2);
-        if (--i < 0)
-            break;
-        a[j] |= (a[i] & 0xf) << 4;
-        --j;
-        a[j] = (unsigned char)((a[i] & 0x30) >> 4);
-        if (--i < 0)
-            break;
-        a[j] |= (a[i] << 2);
-
-        a[--j] = 0;
-        if (--i < 0)
-            break;
+
+    /* Valid padsize values are now 0, 1 or 2 */
+
+    EVP_DecodeInit(ctx);
+    evp_encode_ctx_set_flags(ctx, EVP_ENCODE_CTX_USE_SRP_ALPHABET);
+
+    /* Add any encoded padding that is required */
+    if (padsize != 0
+            && EVP_DecodeUpdate(ctx, a, &outl, pad, padsize) < 0) {
+        outl = -1;
+        goto err;
+    }
+    if (EVP_DecodeUpdate(ctx, a, &outl2, (const unsigned char *)src, size) < 0) {
+        outl = -1;
+        goto err;
+    }
+    outl += outl2;
+    EVP_DecodeFinal(ctx, a + outl, &outl2);
+    outl += outl2;
+
+    /* Strip off the leading padding */
+    if (padsize != 0) {
+        if ((int)padsize >= outl) {
+            outl = -1;
+            goto err;
+        }
+
+        /*
+         * If we added 1 byte of padding prior to encoding then we have 2 bytes
+         * of "real" data which gets spread across 4 encoded bytes like this:
+         *   (6 bits pad)(2 bits pad | 4 bits data)(6 bits data)(6 bits data)
+         * So 1 byte of pre-encoding padding results in 1 full byte of encoded
+         * padding.
+         * If we added 2 bytes of padding prior to encoding this gets encoded
+         * as:
+         *   (6 bits pad)(6 bits pad)(4 bits pad | 2 bits data)(6 bits data)
+         * So 2 bytes of pre-encoding padding results in 2 full bytes of encoded
+         * padding, i.e. we have to strip the same number of bytes of padding
+         * from the encoded data as we added to the pre-encoded data.
+         */
+        memmove(a, a + padsize, outl - padsize);
+        outl -= padsize;
     }
-    while (j <= size && a[j] == 0)
-        ++j;
-    i = 0;
-    while (j <= size)
-        a[i++] = a[j++];
-    return i;
+
+ err:
+    EVP_ENCODE_CTX_free(ctx);
+
+    return outl;
 }
 
 /*
  * Convert a raw byte string into a null-terminated base64 ASCII string.
+ * Returns 1 on success or 0 on error.
  */
-static char *t_tob64(char *dst, const unsigned char *src, int size)
+static int t_tob64(char *dst, const unsigned char *src, int size)
 {
-    int c, pos = size % 3;
-    unsigned char b0 = 0, b1 = 0, b2 = 0, notleading = 0;
-    char *olddst = dst;
-
-    switch (pos) {
-    case 1:
-        b2 = src[0];
-        break;
-    case 2:
-        b1 = src[0];
-        b2 = src[1];
-        break;
+    EVP_ENCODE_CTX *ctx = EVP_ENCODE_CTX_new();
+    int outl = 0, outl2 = 0;
+    unsigned char pad[2] = {0, 0};
+    size_t leadz = 0;
+
+    if (ctx == NULL)
+        return 0;
+
+    EVP_EncodeInit(ctx);
+    evp_encode_ctx_set_flags(ctx, EVP_ENCODE_CTX_NO_NEWLINES
+                                  | EVP_ENCODE_CTX_USE_SRP_ALPHABET);
+
+    /*
+     * We pad at the front with zero bytes until the length is a multiple of 3
+     * so that EVP_EncodeUpdate/EVP_EncodeFinal does not add any of its own "="
+     * padding
+     */
+    leadz = 3 - (size % 3);
+    if (leadz != 3
+            && !EVP_EncodeUpdate(ctx, (unsigned char *)dst, &outl, pad,
+                                 leadz)) {
+        EVP_ENCODE_CTX_free(ctx);
+        return 0;
     }
 
-    while (1) {
-        c = (b0 & 0xfc) >> 2;
-        if (notleading || c != 0) {
-            *dst++ = b64table[c];
-            notleading = 1;
-        }
-        c = ((b0 & 3) << 4) | ((b1 & 0xf0) >> 4);
-        if (notleading || c != 0) {
-            *dst++ = b64table[c];
-            notleading = 1;
-        }
-        c = ((b1 & 0xf) << 2) | ((b2 & 0xc0) >> 6);
-        if (notleading || c != 0) {
-            *dst++ = b64table[c];
-            notleading = 1;
-        }
-        c = b2 & 0x3f;
-        if (notleading || c != 0) {
-            *dst++ = b64table[c];
-            notleading = 1;
-        }
-        if (pos >= size)
-            break;
-        else {
-            b0 = src[pos++];
-            b1 = src[pos++];
-            b2 = src[pos++];
-        }
+    if (!EVP_EncodeUpdate(ctx, (unsigned char *)dst + outl, &outl2, src,
+                          size)) {
+        EVP_ENCODE_CTX_free(ctx);
+        return 0;
+    }
+    outl += outl2;
+    EVP_EncodeFinal(ctx, (unsigned char *)dst + outl, &outl2);
+    outl += outl2;
+
+    /* Strip the encoded padding at the front */
+    if (leadz != 3) {
+        memmove(dst, dst + leadz, outl - leadz);
+        dst[outl - leadz] = '\0';
     }
 
-    *dst++ = '\0';
-    return olddst;
+    EVP_ENCODE_CTX_free(ctx);
+    return 1;
 }
 
 void SRP_user_pwd_free(SRP_user_pwd *user_pwd)
@@ -154,9 +186,12 @@ void SRP_user_pwd_free(SRP_user_pwd *user_pwd)
 
 static SRP_user_pwd *SRP_user_pwd_new(void)
 {
-    SRP_user_pwd *ret = OPENSSL_malloc(sizeof(*ret));
-    if (ret == NULL)
+    SRP_user_pwd *ret;
+    
+    if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) {
+        /* SRPerr(SRP_F_SRP_USER_PWD_NEW, ERR_R_MALLOC_FAILURE); */ /*ckerr_ignore*/
         return NULL;
+    }
     ret->N = NULL;
     ret->g = NULL;
     ret->s = NULL;
@@ -474,7 +509,7 @@ static SRP_user_pwd *find_user(SRP_VBASE *vb, char *username)
     return NULL;
 }
 
- #if OPENSSL_API_COMPAT < 0x10100000L
+# if OPENSSL_API_COMPAT < 0x10100000L
 /*
  * DEPRECATED: use SRP_VBASE_get1_by_user instead.
  * This method ignores the configured seed and fails for an unknown user.
@@ -485,7 +520,7 @@ SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username)
 {
     return find_user(vb, username);
 }
-#endif
+# endif
 
 /*
  * Ownership of the returned pointer is released to the caller.
@@ -518,7 +553,7 @@ SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username)
     if (!SRP_user_pwd_set_ids(user, username, NULL))
         goto err;
 
-    if (RAND_bytes(digv, SHA_DIGEST_LENGTH) <= 0)
+    if (RAND_priv_bytes(digv, SHA_DIGEST_LENGTH) <= 0)
         goto err;
     ctxt = EVP_MD_CTX_new();
     if (ctxt == NULL
diff --git a/deps/openssl/openssl/crypto/stack/stack.c b/deps/openssl/openssl/crypto/stack/stack.c
index 43ddf30ac1..975515db59 100644
--- a/deps/openssl/openssl/crypto/stack/stack.c
+++ b/deps/openssl/openssl/crypto/stack/stack.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -12,20 +12,25 @@
 #include "internal/numbers.h"
 #include <openssl/stack.h>
 #include <openssl/objects.h>
+#include <errno.h>
+#include <openssl/e_os2.h>      /* For ossl_inline */
+
+/*
+ * The initial number of nodes in the array.
+ */
+static const int min_nodes = 4;
+static const int max_nodes = SIZE_MAX / sizeof(void *) < INT_MAX
+                             ? (int)(SIZE_MAX / sizeof(void *))
+                             : INT_MAX;
 
 struct stack_st {
     int num;
-    const char **data;
+    const void **data;
     int sorted;
-    size_t num_alloc;
+    int num_alloc;
     OPENSSL_sk_compfunc comp;
 };
 
-#undef MIN_NODES
-#define MIN_NODES       4
-
-#include <errno.h>
-
 OPENSSL_sk_compfunc OPENSSL_sk_set_cmp_func(OPENSSL_STACK *sk, OPENSSL_sk_compfunc c)
 {
     OPENSSL_sk_compfunc old = sk->comp;
@@ -41,18 +46,24 @@ OPENSSL_STACK *OPENSSL_sk_dup(const OPENSSL_STACK *sk)
 {
     OPENSSL_STACK *ret;
 
-    if (sk->num < 0)
-        return NULL;
-
-    if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL)
+    if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) {
+        CRYPTOerr(CRYPTO_F_OPENSSL_SK_DUP, ERR_R_MALLOC_FAILURE);
         return NULL;
+    }
 
     /* direct structure assignment */
     *ret = *sk;
 
+    if (sk->num == 0) {
+        /* postpone |ret->data| allocation */
+        ret->data = NULL;
+        ret->num_alloc = 0;
+        return ret;
+    }
+    /* duplicate |sk->data| content */
     if ((ret->data = OPENSSL_malloc(sizeof(*ret->data) * sk->num_alloc)) == NULL)
         goto err;
-    memcpy(ret->data, sk->data, sizeof(char *) * sk->num);
+    memcpy(ret->data, sk->data, sizeof(void *) * sk->num);
     return ret;
  err:
     OPENSSL_sk_free(ret);
@@ -66,16 +77,22 @@ OPENSSL_STACK *OPENSSL_sk_deep_copy(const OPENSSL_STACK *sk,
     OPENSSL_STACK *ret;
     int i;
 
-    if (sk->num < 0)
-        return NULL;
-
-    if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL)
+    if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) {
+        CRYPTOerr(CRYPTO_F_OPENSSL_SK_DEEP_COPY, ERR_R_MALLOC_FAILURE);
         return NULL;
+    }
 
     /* direct structure assignment */
     *ret = *sk;
 
-    ret->num_alloc = sk->num > MIN_NODES ? (size_t)sk->num : MIN_NODES;
+    if (sk->num == 0) {
+        /* postpone |ret| data allocation */
+        ret->data = NULL;
+        ret->num_alloc = 0;
+        return ret;
+    }
+
+    ret->num_alloc = sk->num > min_nodes ? sk->num : min_nodes;
     ret->data = OPENSSL_zalloc(sizeof(*ret->data) * ret->num_alloc);
     if (ret->data == NULL) {
         OPENSSL_free(ret);
@@ -98,52 +115,133 @@ OPENSSL_STACK *OPENSSL_sk_deep_copy(const OPENSSL_STACK *sk,
 
 OPENSSL_STACK *OPENSSL_sk_new_null(void)
 {
-    return OPENSSL_sk_new((OPENSSL_sk_compfunc)NULL);
+    return OPENSSL_sk_new_reserve(NULL, 0);
 }
 
 OPENSSL_STACK *OPENSSL_sk_new(OPENSSL_sk_compfunc c)
 {
-    OPENSSL_STACK *ret;
+    return OPENSSL_sk_new_reserve(c, 0);
+}
 
-    if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL)
-        goto err;
-    if ((ret->data = OPENSSL_zalloc(sizeof(*ret->data) * MIN_NODES)) == NULL)
-        goto err;
-    ret->comp = c;
-    ret->num_alloc = MIN_NODES;
-    return (ret);
+/*
+ * Calculate the array growth based on the target size.
+ *
+ * The growth fraction is a rational number and is defined by a numerator
+ * and a denominator.  According to Andrew Koenig in his paper "Why Are
+ * Vectors Efficient?" from JOOP 11(5) 1998, this factor should be less
+ * than the golden ratio (1.618...).
+ *
+ * We use 3/2 = 1.5 for simplicity of calculation and overflow checking.
+ * Another option 8/5 = 1.6 allows for slightly faster growth, although safe
+ * computation is more difficult.
+ *
+ * The limit to avoid overflow is spot on.  The modulo three correction term
+ * ensures that the limit is the largest number than can be expanded by the
+ * growth factor without exceeding the hard limit.
+ *
+ * Do not call it with |current| lower than 2, or it will infinitely loop.
+ */
+static ossl_inline int compute_growth(int target, int current)
+{
+    const int limit = (max_nodes / 3) * 2 + (max_nodes % 3 ? 1 : 0);
 
- err:
-    OPENSSL_free(ret);
-    return (NULL);
+    while (current < target) {
+        /* Check to see if we're at the hard limit */
+        if (current >= max_nodes)
+            return 0;
+
+        /* Expand the size by a factor of 3/2 if it is within range */
+        current = current < limit ? current + current / 2 : max_nodes;
+    }
+    return current;
 }
 
-int OPENSSL_sk_insert(OPENSSL_STACK *st, const void *data, int loc)
+/* internal STACK storage allocation */
+static int sk_reserve(OPENSSL_STACK *st, int n, int exact)
 {
-    if (st == NULL || st->num < 0 || st->num == INT_MAX) {
-        return 0;
-    }
+    const void **tmpdata;
+    int num_alloc;
 
-    if (st->num_alloc <= (size_t)(st->num + 1)) {
-        size_t doub_num_alloc = st->num_alloc * 2;
-        const char **tmpdata;
+    /* Check to see the reservation isn't exceeding the hard limit */
+    if (n > max_nodes - st->num)
+        return 0;
 
-        /* Overflow checks */
-        if (doub_num_alloc < st->num_alloc)
+    /* Figure out the new size */
+    num_alloc = st->num + n;
+    if (num_alloc < min_nodes)
+        num_alloc = min_nodes;
+
+    /* If |st->data| allocation was postponed */
+    if (st->data == NULL) {
+        /*
+         * At this point, |st->num_alloc| and |st->num| are 0;
+         * so |num_alloc| value is |n| or |min_nodes| if greater than |n|.
+         */
+        if ((st->data = OPENSSL_zalloc(sizeof(void *) * num_alloc)) == NULL) {
+            CRYPTOerr(CRYPTO_F_SK_RESERVE, ERR_R_MALLOC_FAILURE);
             return 0;
+        }
+        st->num_alloc = num_alloc;
+        return 1;
+    }
 
-        /* Avoid overflow due to multiplication by sizeof(char *) */
-        if (doub_num_alloc > SIZE_MAX / sizeof(char *))
+    if (!exact) {
+        if (num_alloc <= st->num_alloc)
+            return 1;
+        num_alloc = compute_growth(num_alloc, st->num_alloc);
+        if (num_alloc == 0)
             return 0;
+    } else if (num_alloc == st->num_alloc) {
+        return 1;
+    }
 
-        tmpdata = OPENSSL_realloc((char *)st->data,
-                                  sizeof(char *) * doub_num_alloc);
-        if (tmpdata == NULL)
-            return 0;
+    tmpdata = OPENSSL_realloc((void *)st->data, sizeof(void *) * num_alloc);
+    if (tmpdata == NULL)
+        return 0;
+
+    st->data = tmpdata;
+    st->num_alloc = num_alloc;
+    return 1;
+}
+
+OPENSSL_STACK *OPENSSL_sk_new_reserve(OPENSSL_sk_compfunc c, int n)
+{
+    OPENSSL_STACK *st = OPENSSL_zalloc(sizeof(OPENSSL_STACK));
 
-        st->data = tmpdata;
-        st->num_alloc = doub_num_alloc;
+    if (st == NULL)
+        return NULL;
+
+    st->comp = c;
+
+    if (n <= 0)
+        return st;
+
+    if (!sk_reserve(st, n, 1)) {
+        OPENSSL_sk_free(st);
+        return NULL;
     }
+
+    return st;
+}
+
+int OPENSSL_sk_reserve(OPENSSL_STACK *st, int n)
+{
+    if (st == NULL)
+        return 0;
+
+    if (n < 0)
+        return 1;
+    return sk_reserve(st, n, 1);
+}
+
+int OPENSSL_sk_insert(OPENSSL_STACK *st, const void *data, int loc)
+{
+    if (st == NULL || st->num == max_nodes)
+        return 0;
+
+    if (!sk_reserve(st, 1, 0))
+        return 0;
+
     if ((loc >= st->num) || (loc < 0)) {
         st->data[st->num] = data;
     } else {
@@ -156,29 +254,34 @@ int OPENSSL_sk_insert(OPENSSL_STACK *st, const void *data, int loc)
     return st->num;
 }
 
+static ossl_inline void *internal_delete(OPENSSL_STACK *st, int loc)
+{
+    const void *ret = st->data[loc];
+
+    if (loc != st->num - 1)
+         memmove(&st->data[loc], &st->data[loc + 1],
+                 sizeof(st->data[0]) * (st->num - loc - 1));
+    st->num--;
+
+    return (void *)ret;
+}
+
 void *OPENSSL_sk_delete_ptr(OPENSSL_STACK *st, const void *p)
 {
     int i;
 
     for (i = 0; i < st->num; i++)
         if (st->data[i] == p)
-            return OPENSSL_sk_delete(st, i);
+            return internal_delete(st, i);
     return NULL;
 }
 
 void *OPENSSL_sk_delete(OPENSSL_STACK *st, int loc)
 {
-    const char *ret;
-
     if (st == NULL || loc < 0 || loc >= st->num)
         return NULL;
 
-    ret = st->data[loc];
-    if (loc != st->num - 1)
-         memmove(&st->data[loc], &st->data[loc + 1],
-                 sizeof(st->data[0]) * (st->num - loc - 1));
-    st->num--;
-    return (void *)ret;
+    return internal_delete(st, loc);
 }
 
 static int internal_find(OPENSSL_STACK *st, const void *data,
@@ -187,23 +290,27 @@ static int internal_find(OPENSSL_STACK *st, const void *data,
     const void *r;
     int i;
 
-    if (st == NULL)
+    if (st == NULL || st->num == 0)
         return -1;
 
     if (st->comp == NULL) {
         for (i = 0; i < st->num; i++)
             if (st->data[i] == data)
-                return (i);
-        return (-1);
+                return i;
+        return -1;
+    }
+
+    if (!st->sorted) {
+        if (st->num > 1)
+            qsort(st->data, st->num, sizeof(void *), st->comp);
+        st->sorted = 1; /* empty or single-element stack is considered sorted */
     }
-    OPENSSL_sk_sort(st);
     if (data == NULL)
-        return (-1);
+        return -1;
     r = OBJ_bsearch_ex_(&data, st->data, st->num, sizeof(void *), st->comp,
                         ret_val_options);
-    if (r == NULL)
-        return (-1);
-    return (int)((const char **)r - st->data);
+
+    return r == NULL ? -1 : (int)((const void **)r - st->data);
 }
 
 int OPENSSL_sk_find(OPENSSL_STACK *st, const void *data)
@@ -218,37 +325,33 @@ int OPENSSL_sk_find_ex(OPENSSL_STACK *st, const void *data)
 
 int OPENSSL_sk_push(OPENSSL_STACK *st, const void *data)
 {
-    return (OPENSSL_sk_insert(st, data, st->num));
+    if (st == NULL)
+        return -1;
+    return OPENSSL_sk_insert(st, data, st->num);
 }
 
 int OPENSSL_sk_unshift(OPENSSL_STACK *st, const void *data)
 {
-    return (OPENSSL_sk_insert(st, data, 0));
+    return OPENSSL_sk_insert(st, data, 0);
 }
 
 void *OPENSSL_sk_shift(OPENSSL_STACK *st)
 {
-    if (st == NULL)
-        return (NULL);
-    if (st->num <= 0)
-        return (NULL);
-    return (OPENSSL_sk_delete(st, 0));
+    if (st == NULL || st->num == 0)
+        return NULL;
+    return internal_delete(st, 0);
 }
 
 void *OPENSSL_sk_pop(OPENSSL_STACK *st)
 {
-    if (st == NULL)
-        return (NULL);
-    if (st->num <= 0)
-        return (NULL);
-    return (OPENSSL_sk_delete(st, st->num - 1));
+    if (st == NULL || st->num == 0)
+        return NULL;
+    return internal_delete(st, st->num - 1);
 }
 
 void OPENSSL_sk_zero(OPENSSL_STACK *st)
 {
-    if (st == NULL)
-        return;
-    if (st->num <= 0)
+    if (st == NULL || st->num == 0)
         return;
     memset(st->data, 0, sizeof(*st->data) * st->num);
     st->num = 0;
@@ -276,9 +379,7 @@ void OPENSSL_sk_free(OPENSSL_STACK *st)
 
 int OPENSSL_sk_num(const OPENSSL_STACK *st)
 {
-    if (st == NULL)
-        return -1;
-    return st->num;
+    return st == NULL ? -1 : st->num;
 }
 
 void *OPENSSL_sk_value(const OPENSSL_STACK *st, int i)
@@ -293,20 +394,20 @@ void *OPENSSL_sk_set(OPENSSL_STACK *st, int i, const void *data)
     if (st == NULL || i < 0 || i >= st->num)
         return NULL;
     st->data[i] = data;
+    st->sorted = 0;
     return (void *)st->data[i];
 }
 
 void OPENSSL_sk_sort(OPENSSL_STACK *st)
 {
-    if (st && !st->sorted && st->comp != NULL) {
-        qsort(st->data, st->num, sizeof(char *), st->comp);
-        st->sorted = 1;
+    if (st != NULL && !st->sorted && st->comp != NULL) {
+        if (st->num > 1)
+            qsort(st->data, st->num, sizeof(void *), st->comp);
+        st->sorted = 1; /* empty or single-element stack is considered sorted */
     }
 }
 
 int OPENSSL_sk_is_sorted(const OPENSSL_STACK *st)
 {
-    if (st == NULL)
-        return 1;
-    return st->sorted;
+    return st == NULL ? 1 : st->sorted;
 }
diff --git a/deps/openssl/openssl/crypto/store/build.info b/deps/openssl/openssl/crypto/store/build.info
new file mode 100644
index 0000000000..7d882f313e
--- /dev/null
+++ b/deps/openssl/openssl/crypto/store/build.info
@@ -0,0 +1,4 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        store_err.c store_init.c store_lib.c store_register.c store_strings.c \
+        loader_file.c
diff --git a/deps/openssl/openssl/crypto/store/loader_file.c b/deps/openssl/openssl/crypto/store/loader_file.c
new file mode 100644
index 0000000000..632e4511f7
--- /dev/null
+++ b/deps/openssl/openssl/crypto/store/loader_file.c
@@ -0,0 +1,1440 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+#include <string.h>
+#include <sys/stat.h>
+#include <ctype.h>
+#include <assert.h>
+
+#include <openssl/bio.h>
+#include <openssl/dsa.h>         /* For d2i_DSAPrivateKey */
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/pem.h>
+#include <openssl/pkcs12.h>      /* For the PKCS8 stuff o.O */
+#include <openssl/rsa.h>         /* For d2i_RSAPrivateKey */
+#include <openssl/safestack.h>
+#include <openssl/store.h>
+#include <openssl/ui.h>
+#include <openssl/x509.h>        /* For the PKCS8 stuff o.O */
+#include "internal/asn1_int.h"
+#include "internal/ctype.h"
+#include "internal/o_dir.h"
+#include "internal/cryptlib.h"
+#include "internal/store_int.h"
+#include "store_locl.h"
+
+#ifdef _WIN32
+# define stat    _stat
+#endif
+
+#ifndef S_ISDIR
+# define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR)
+#endif
+
+/*-
+ *  Password prompting
+ *  ------------------
+ */
+
+static char *file_get_pass(const UI_METHOD *ui_method, char *pass,
+                           size_t maxsize, const char *prompt_info, void *data)
+{
+    UI *ui = UI_new();
+    char *prompt = NULL;
+
+    if (ui == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    if (ui_method != NULL)
+        UI_set_method(ui, ui_method);
+    UI_add_user_data(ui, data);
+
+    if ((prompt = UI_construct_prompt(ui, "pass phrase",
+                                      prompt_info)) == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_MALLOC_FAILURE);
+        pass = NULL;
+    } else if (!UI_add_input_string(ui, prompt, UI_INPUT_FLAG_DEFAULT_PWD,
+                                    pass, 0, maxsize - 1)) {
+        OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_UI_LIB);
+        pass = NULL;
+    } else {
+        switch (UI_process(ui)) {
+        case -2:
+            OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS,
+                          OSSL_STORE_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED);
+            pass = NULL;
+            break;
+        case -1:
+            OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_UI_LIB);
+            pass = NULL;
+            break;
+        default:
+            break;
+        }
+    }
+
+    OPENSSL_free(prompt);
+    UI_free(ui);
+    return pass;
+}
+
+struct pem_pass_data {
+    const UI_METHOD *ui_method;
+    void *data;
+    const char *prompt_info;
+};
+
+static int file_fill_pem_pass_data(struct pem_pass_data *pass_data,
+                                   const char *prompt_info,
+                                   const UI_METHOD *ui_method, void *ui_data)
+{
+    if (pass_data == NULL)
+        return 0;
+    pass_data->ui_method = ui_method;
+    pass_data->data = ui_data;
+    pass_data->prompt_info = prompt_info;
+    return 1;
+}
+
+/* This is used anywhere a pem_password_cb is needed */
+static int file_get_pem_pass(char *buf, int num, int w, void *data)
+{
+    struct pem_pass_data *pass_data = data;
+    char *pass = file_get_pass(pass_data->ui_method, buf, num,
+                               pass_data->prompt_info, pass_data->data);
+
+    return pass == NULL ? 0 : strlen(pass);
+}
+
+/*-
+ *  The file scheme decoders
+ *  ------------------------
+ *
+ *  Each possible data type has its own decoder, which either operates
+ *  through a given PEM name, or attempts to decode to see if the blob
+ *  it's given is decodable for its data type.  The assumption is that
+ *  only the correct data type will match the content.
+ */
+
+/*-
+ * The try_decode function is called to check if the blob of data can
+ * be used by this handler, and if it can, decodes it into a supported
+ * OpenSSL type and returns a OSSL_STORE_INFO with the decoded data.
+ * Input:
+ *    pem_name:     If this blob comes from a PEM file, this holds
+ *                  the PEM name.  If it comes from another type of
+ *                  file, this is NULL.
+ *    pem_header:   If this blob comes from a PEM file, this holds
+ *                  the PEM headers.  If it comes from another type of
+ *                  file, this is NULL.
+ *    blob:         The blob of data to match with what this handler
+ *                  can use.
+ *    len:          The length of the blob.
+ *    handler_ctx:  For a handler marked repeatable, this pointer can
+ *                  be used to create a context for the handler.  IT IS
+ *                  THE HANDLER'S RESPONSIBILITY TO CREATE AND DESTROY
+ *                  THIS CONTEXT APPROPRIATELY, i.e. create on first call
+ *                  and destroy when about to return NULL.
+ *    matchcount:   A pointer to an int to count matches for this data.
+ *                  Usually becomes 0 (no match) or 1 (match!), but may
+ *                  be higher in the (unlikely) event that the data matches
+ *                  more than one possibility.  The int will always be
+ *                  zero when the function is called.
+ *    ui_method:    Application UI method for getting a password, pin
+ *                  or any other interactive data.
+ *    ui_data:      Application data to be passed to ui_method when
+ *                  it's called.
+ * Output:
+ *    a OSSL_STORE_INFO
+ */
+typedef OSSL_STORE_INFO *(*file_try_decode_fn)(const char *pem_name,
+                                               const char *pem_header,
+                                               const unsigned char *blob,
+                                               size_t len, void **handler_ctx,
+                                               int *matchcount,
+                                               const UI_METHOD *ui_method,
+                                               void *ui_data);
+/*
+ * The eof function should return 1 if there's no more data to be found
+ * with the handler_ctx, otherwise 0.  This is only used when the handler is
+ * marked repeatable.
+ */
+typedef int (*file_eof_fn)(void *handler_ctx);
+/*
+ * The destroy_ctx function is used to destroy the handler_ctx that was
+ * intiated by a repeatable try_decode fuction.  This is only used when
+ * the handler is marked repeatable.
+ */
+typedef void (*file_destroy_ctx_fn)(void **handler_ctx);
+
+typedef struct file_handler_st {
+    const char *name;
+    file_try_decode_fn try_decode;
+    file_eof_fn eof;
+    file_destroy_ctx_fn destroy_ctx;
+
+    /* flags */
+    int repeatable;
+} FILE_HANDLER;
+
+/*
+ * PKCS#12 decoder.  It operates by decoding all of the blob content,
+ * extracting all the interesting data from it and storing them internally,
+ * then serving them one piece at a time.
+ */
+static OSSL_STORE_INFO *try_decode_PKCS12(const char *pem_name,
+                                          const char *pem_header,
+                                          const unsigned char *blob,
+                                          size_t len, void **pctx,
+                                          int *matchcount,
+                                          const UI_METHOD *ui_method,
+                                          void *ui_data)
+{
+    OSSL_STORE_INFO *store_info = NULL;
+    STACK_OF(OSSL_STORE_INFO) *ctx = *pctx;
+
+    if (ctx == NULL) {
+        /* Initial parsing */
+        PKCS12 *p12;
+        int ok = 0;
+
+        if (pem_name != NULL)
+            /* No match, there is no PEM PKCS12 tag */
+            return NULL;
+
+        if ((p12 = d2i_PKCS12(NULL, &blob, len)) != NULL) {
+            char *pass = NULL;
+            char tpass[PEM_BUFSIZE];
+            EVP_PKEY *pkey = NULL;
+            X509 *cert = NULL;
+            STACK_OF(X509) *chain = NULL;
+
+            *matchcount = 1;
+
+            if (PKCS12_verify_mac(p12, "", 0)
+                || PKCS12_verify_mac(p12, NULL, 0)) {
+                pass = "";
+            } else {
+                if ((pass = file_get_pass(ui_method, tpass, PEM_BUFSIZE,
+                                          "PKCS12 import password",
+                                          ui_data)) == NULL) {
+                    OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS12,
+                                  OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR);
+                    goto p12_end;
+                }
+                if (!PKCS12_verify_mac(p12, pass, strlen(pass))) {
+                    OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS12,
+                                  OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC);
+                    goto p12_end;
+                }
+            }
+
+            if (PKCS12_parse(p12, pass, &pkey, &cert, &chain)) {
+                OSSL_STORE_INFO *osi_pkey = NULL;
+                OSSL_STORE_INFO *osi_cert = NULL;
+                OSSL_STORE_INFO *osi_ca = NULL;
+
+                if ((ctx = sk_OSSL_STORE_INFO_new_null()) != NULL
+                    && (osi_pkey = OSSL_STORE_INFO_new_PKEY(pkey)) != NULL
+                    && sk_OSSL_STORE_INFO_push(ctx, osi_pkey) != 0
+                    && (osi_cert = OSSL_STORE_INFO_new_CERT(cert)) != NULL
+                    && sk_OSSL_STORE_INFO_push(ctx, osi_cert) != 0) {
+                    ok = 1;
+                    osi_pkey = NULL;
+                    osi_cert = NULL;
+
+                    while(sk_X509_num(chain) > 0) {
+                        X509 *ca = sk_X509_value(chain, 0);
+
+                        if ((osi_ca = OSSL_STORE_INFO_new_CERT(ca)) == NULL
+                            || sk_OSSL_STORE_INFO_push(ctx, osi_ca) == 0) {
+                            ok = 0;
+                            break;
+                        }
+                        osi_ca = NULL;
+                        (void)sk_X509_shift(chain);
+                    }
+                }
+                if (!ok) {
+                    OSSL_STORE_INFO_free(osi_ca);
+                    OSSL_STORE_INFO_free(osi_cert);
+                    OSSL_STORE_INFO_free(osi_pkey);
+                    sk_OSSL_STORE_INFO_pop_free(ctx, OSSL_STORE_INFO_free);
+                    EVP_PKEY_free(pkey);
+                    X509_free(cert);
+                    sk_X509_pop_free(chain, X509_free);
+                    ctx = NULL;
+                }
+                *pctx = ctx;
+            }
+        }
+     p12_end:
+        PKCS12_free(p12);
+        if (!ok)
+            return NULL;
+    }
+
+    if (ctx != NULL) {
+        *matchcount = 1;
+        store_info = sk_OSSL_STORE_INFO_shift(ctx);
+    }
+
+    return store_info;
+}
+
+static int eof_PKCS12(void *ctx_)
+{
+    STACK_OF(OSSL_STORE_INFO) *ctx = ctx_;
+
+    return ctx == NULL || sk_OSSL_STORE_INFO_num(ctx) == 0;
+}
+
+static void destroy_ctx_PKCS12(void **pctx)
+{
+    STACK_OF(OSSL_STORE_INFO) *ctx = *pctx;
+
+    sk_OSSL_STORE_INFO_pop_free(ctx, OSSL_STORE_INFO_free);
+    *pctx = NULL;
+}
+
+static FILE_HANDLER PKCS12_handler = {
+    "PKCS12",
+    try_decode_PKCS12,
+    eof_PKCS12,
+    destroy_ctx_PKCS12,
+    1                            /* repeatable */
+};
+
+/*
+ * Encrypted PKCS#8 decoder.  It operates by just decrypting the given blob
+ * into a new blob, which is returned as an EMBEDDED STORE_INFO.  The whole
+ * decoding process will then start over with the new blob.
+ */
+static OSSL_STORE_INFO *try_decode_PKCS8Encrypted(const char *pem_name,
+                                                  const char *pem_header,
+                                                  const unsigned char *blob,
+                                                  size_t len, void **pctx,
+                                                  int *matchcount,
+                                                  const UI_METHOD *ui_method,
+                                                  void *ui_data)
+{
+    X509_SIG *p8 = NULL;
+    char kbuf[PEM_BUFSIZE];
+    char *pass = NULL;
+    const X509_ALGOR *dalg = NULL;
+    const ASN1_OCTET_STRING *doct = NULL;
+    OSSL_STORE_INFO *store_info = NULL;
+    BUF_MEM *mem = NULL;
+    unsigned char *new_data = NULL;
+    int new_data_len;
+
+    if (pem_name != NULL) {
+        if (strcmp(pem_name, PEM_STRING_PKCS8) != 0)
+            return NULL;
+        *matchcount = 1;
+    }
+
+    if ((p8 = d2i_X509_SIG(NULL, &blob, len)) == NULL)
+        return NULL;
+
+    *matchcount = 1;
+
+    if ((mem = BUF_MEM_new()) == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED,
+                      ERR_R_MALLOC_FAILURE);
+        goto nop8;
+    }
+
+    if ((pass = file_get_pass(ui_method, kbuf, PEM_BUFSIZE,
+                              "PKCS8 decrypt password", ui_data)) == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED,
+                      OSSL_STORE_R_BAD_PASSWORD_READ);
+        goto nop8;
+    }
+
+    X509_SIG_get0(p8, &dalg, &doct);
+    if (!PKCS12_pbe_crypt(dalg, pass, strlen(pass), doct->data, doct->length,
+                          &new_data, &new_data_len, 0))
+        goto nop8;
+
+    mem->data = (char *)new_data;
+    mem->max = mem->length = (size_t)new_data_len;
+    X509_SIG_free(p8);
+
+    store_info = ossl_store_info_new_EMBEDDED(PEM_STRING_PKCS8INF, mem);
+    if (store_info == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED,
+                      ERR_R_MALLOC_FAILURE);
+        goto nop8;
+    }
+
+    return store_info;
+ nop8:
+    X509_SIG_free(p8);
+    BUF_MEM_free(mem);
+    return NULL;
+}
+
+static FILE_HANDLER PKCS8Encrypted_handler = {
+    "PKCS8Encrypted",
+    try_decode_PKCS8Encrypted
+};
+
+/*
+ * Private key decoder.  Decodes all sorts of private keys, both PKCS#8
+ * encoded ones and old style PEM ones (with the key type is encoded into
+ * the PEM name).
+ */
+int pem_check_suffix(const char *pem_str, const char *suffix);
+static OSSL_STORE_INFO *try_decode_PrivateKey(const char *pem_name,
+                                              const char *pem_header,
+                                              const unsigned char *blob,
+                                              size_t len, void **pctx,
+                                              int *matchcount,
+                                              const UI_METHOD *ui_method,
+                                              void *ui_data)
+{
+    OSSL_STORE_INFO *store_info = NULL;
+    EVP_PKEY *pkey = NULL;
+    const EVP_PKEY_ASN1_METHOD *ameth = NULL;
+
+    if (pem_name != NULL) {
+        if (strcmp(pem_name, PEM_STRING_PKCS8INF) == 0) {
+            PKCS8_PRIV_KEY_INFO *p8inf =
+                d2i_PKCS8_PRIV_KEY_INFO(NULL, &blob, len);
+
+            *matchcount = 1;
+            if (p8inf != NULL)
+                pkey = EVP_PKCS82PKEY(p8inf);
+            PKCS8_PRIV_KEY_INFO_free(p8inf);
+        } else {
+            int slen;
+
+            if ((slen = pem_check_suffix(pem_name, "PRIVATE KEY")) > 0
+                && (ameth = EVP_PKEY_asn1_find_str(NULL, pem_name,
+                                                   slen)) != NULL) {
+                *matchcount = 1;
+                pkey = d2i_PrivateKey(ameth->pkey_id, NULL, &blob, len);
+            }
+        }
+    } else {
+        int i;
+
+        for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) {
+            EVP_PKEY *tmp_pkey = NULL;
+            const unsigned char *tmp_blob = blob;
+
+            ameth = EVP_PKEY_asn1_get0(i);
+            if (ameth->pkey_flags & ASN1_PKEY_ALIAS)
+                continue;
+
+            tmp_pkey = d2i_PrivateKey(ameth->pkey_id, NULL, &tmp_blob, len);
+            if (tmp_pkey != NULL) {
+                if (pkey != NULL)
+                    EVP_PKEY_free(tmp_pkey);
+                else
+                    pkey = tmp_pkey;
+                (*matchcount)++;
+            }
+        }
+
+        if (*matchcount > 1) {
+            EVP_PKEY_free(pkey);
+            pkey = NULL;
+        }
+    }
+    if (pkey == NULL)
+        /* No match */
+        return NULL;
+
+    store_info = OSSL_STORE_INFO_new_PKEY(pkey);
+    if (store_info == NULL)
+        EVP_PKEY_free(pkey);
+
+    return store_info;
+}
+
+static FILE_HANDLER PrivateKey_handler = {
+    "PrivateKey",
+    try_decode_PrivateKey
+};
+
+/*
+ * Public key decoder.  Only supports SubjectPublicKeyInfo formated keys.
+ */
+static OSSL_STORE_INFO *try_decode_PUBKEY(const char *pem_name,
+                                          const char *pem_header,
+                                          const unsigned char *blob,
+                                          size_t len, void **pctx,
+                                          int *matchcount,
+                                          const UI_METHOD *ui_method,
+                                          void *ui_data)
+{
+    OSSL_STORE_INFO *store_info = NULL;
+    EVP_PKEY *pkey = NULL;
+
+    if (pem_name != NULL) {
+        if (strcmp(pem_name, PEM_STRING_PUBLIC) != 0)
+            /* No match */
+            return NULL;
+        *matchcount = 1;
+    }
+
+    if ((pkey = d2i_PUBKEY(NULL, &blob, len)) != NULL) {
+        *matchcount = 1;
+        store_info = OSSL_STORE_INFO_new_PKEY(pkey);
+    }
+
+    return store_info;
+}
+
+static FILE_HANDLER PUBKEY_handler = {
+    "PUBKEY",
+    try_decode_PUBKEY
+};
+
+/*
+ * Key parameter decoder.
+ */
+static OSSL_STORE_INFO *try_decode_params(const char *pem_name,
+                                          const char *pem_header,
+                                          const unsigned char *blob,
+                                          size_t len, void **pctx,
+                                          int *matchcount,
+                                          const UI_METHOD *ui_method,
+                                          void *ui_data)
+{
+    OSSL_STORE_INFO *store_info = NULL;
+    int slen = 0;
+    EVP_PKEY *pkey = NULL;
+    const EVP_PKEY_ASN1_METHOD *ameth = NULL;
+    int ok = 0;
+
+    if (pem_name != NULL) {
+        if ((slen = pem_check_suffix(pem_name, "PARAMETERS")) == 0)
+            return NULL;
+        *matchcount = 1;
+    }
+
+    if (slen > 0) {
+        if ((pkey = EVP_PKEY_new()) == NULL) {
+            OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PARAMS, ERR_R_EVP_LIB);
+            return NULL;
+        }
+
+
+        if (EVP_PKEY_set_type_str(pkey, pem_name, slen)
+            && (ameth = EVP_PKEY_get0_asn1(pkey)) != NULL
+            && ameth->param_decode != NULL
+            && ameth->param_decode(pkey, &blob, len))
+            ok = 1;
+    } else {
+        int i;
+        EVP_PKEY *tmp_pkey = NULL;
+
+        for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) {
+            const unsigned char *tmp_blob = blob;
+
+            if (tmp_pkey == NULL && (tmp_pkey = EVP_PKEY_new()) == NULL) {
+                OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PARAMS, ERR_R_EVP_LIB);
+                break;
+            }
+
+            ameth = EVP_PKEY_asn1_get0(i);
+            if (ameth->pkey_flags & ASN1_PKEY_ALIAS)
+                continue;
+
+            if (EVP_PKEY_set_type(tmp_pkey, ameth->pkey_id)
+                && (ameth = EVP_PKEY_get0_asn1(tmp_pkey)) != NULL
+                && ameth->param_decode != NULL
+                && ameth->param_decode(tmp_pkey, &tmp_blob, len)) {
+                if (pkey != NULL)
+                    EVP_PKEY_free(tmp_pkey);
+                else
+                    pkey = tmp_pkey;
+                tmp_pkey = NULL;
+                (*matchcount)++;
+            }
+        }
+
+        EVP_PKEY_free(tmp_pkey);
+        if (*matchcount == 1) {
+            ok = 1;
+        }
+    }
+
+    if (ok)
+        store_info = OSSL_STORE_INFO_new_PARAMS(pkey);
+    if (store_info == NULL)
+        EVP_PKEY_free(pkey);
+
+    return store_info;
+}
+
+static FILE_HANDLER params_handler = {
+    "params",
+    try_decode_params
+};
+
+/*
+ * X.509 certificate decoder.
+ */
+static OSSL_STORE_INFO *try_decode_X509Certificate(const char *pem_name,
+                                                   const char *pem_header,
+                                                   const unsigned char *blob,
+                                                   size_t len, void **pctx,
+                                                   int *matchcount,
+                                                   const UI_METHOD *ui_method,
+                                                   void *ui_data)
+{
+    OSSL_STORE_INFO *store_info = NULL;
+    X509 *cert = NULL;
+
+    /*
+     * In most cases, we can try to interpret the serialized data as a trusted
+     * cert (X509 + X509_AUX) and fall back to reading it as a normal cert
+     * (just X509), but if the PEM name specifically declares it as a trusted
+     * cert, then no fallback should be engaged.  |ignore_trusted| tells if
+     * the fallback can be used (1) or not (0).
+     */
+    int ignore_trusted = 1;
+
+    if (pem_name != NULL) {
+        if (strcmp(pem_name, PEM_STRING_X509_TRUSTED) == 0)
+            ignore_trusted = 0;
+        else if (strcmp(pem_name, PEM_STRING_X509_OLD) != 0
+                 && strcmp(pem_name, PEM_STRING_X509) != 0)
+            /* No match */
+            return NULL;
+        *matchcount = 1;
+    }
+
+    if ((cert = d2i_X509_AUX(NULL, &blob, len)) != NULL
+        || (ignore_trusted && (cert = d2i_X509(NULL, &blob, len)) != NULL)) {
+        *matchcount = 1;
+        store_info = OSSL_STORE_INFO_new_CERT(cert);
+    }
+
+    if (store_info == NULL)
+        X509_free(cert);
+
+    return store_info;
+}
+
+static FILE_HANDLER X509Certificate_handler = {
+    "X509Certificate",
+    try_decode_X509Certificate
+};
+
+/*
+ * X.509 CRL decoder.
+ */
+static OSSL_STORE_INFO *try_decode_X509CRL(const char *pem_name,
+                                           const char *pem_header,
+                                           const unsigned char *blob,
+                                           size_t len, void **pctx,
+                                           int *matchcount,
+                                           const UI_METHOD *ui_method,
+                                           void *ui_data)
+{
+    OSSL_STORE_INFO *store_info = NULL;
+    X509_CRL *crl = NULL;
+
+    if (pem_name != NULL) {
+        if (strcmp(pem_name, PEM_STRING_X509_CRL) != 0)
+            /* No match */
+            return NULL;
+        *matchcount = 1;
+    }
+
+    if ((crl = d2i_X509_CRL(NULL, &blob, len)) != NULL) {
+        *matchcount = 1;
+        store_info = OSSL_STORE_INFO_new_CRL(crl);
+    }
+
+    if (store_info == NULL)
+        X509_CRL_free(crl);
+
+    return store_info;
+}
+
+static FILE_HANDLER X509CRL_handler = {
+    "X509CRL",
+    try_decode_X509CRL
+};
+
+/*
+ * To finish it all off, we collect all the handlers.
+ */
+static const FILE_HANDLER *file_handlers[] = {
+    &PKCS12_handler,
+    &PKCS8Encrypted_handler,
+    &X509Certificate_handler,
+    &X509CRL_handler,
+    &params_handler,
+    &PUBKEY_handler,
+    &PrivateKey_handler,
+};
+
+
+/*-
+ *  The loader itself
+ *  -----------------
+ */
+
+struct ossl_store_loader_ctx_st {
+    enum {
+        is_raw = 0,
+        is_pem,
+        is_dir
+    } type;
+    int errcnt;
+#define FILE_FLAG_SECMEM         (1<<0)
+    unsigned int flags;
+    union {
+        struct {                 /* Used with is_raw and is_pem */
+            BIO *file;
+
+            /*
+             * The following are used when the handler is marked as
+             * repeatable
+             */
+            const FILE_HANDLER *last_handler;
+            void *last_handler_ctx;
+        } file;
+        struct {                 /* Used with is_dir */
+            OPENSSL_DIR_CTX *ctx;
+            int end_reached;
+            char *uri;
+
+            /*
+             * When a search expression is given, these are filled in.
+             * |search_name| contains the file basename to look for.
+             * The string is exactly 8 characters long.
+             */
+            char search_name[9];
+
+            /*
+             * The directory reading utility we have combines opening with
+             * reading the first name.  To make sure we can detect the end
+             * at the right time, we read early and cache the name.
+             */
+            const char *last_entry;
+            int last_errno;
+        } dir;
+    } _;
+
+    /* Expected object type.  May be unspecified */
+    int expected_type;
+};
+
+static void OSSL_STORE_LOADER_CTX_free(OSSL_STORE_LOADER_CTX *ctx)
+{
+    if (ctx->type == is_dir) {
+        OPENSSL_free(ctx->_.dir.uri);
+    } else {
+        if (ctx->_.file.last_handler != NULL) {
+            ctx->_.file.last_handler->destroy_ctx(&ctx->_.file.last_handler_ctx);
+            ctx->_.file.last_handler_ctx = NULL;
+            ctx->_.file.last_handler = NULL;
+        }
+    }
+    OPENSSL_free(ctx);
+}
+
+static OSSL_STORE_LOADER_CTX *file_open(const OSSL_STORE_LOADER *loader,
+                                        const char *uri,
+                                        const UI_METHOD *ui_method,
+                                        void *ui_data)
+{
+    OSSL_STORE_LOADER_CTX *ctx = NULL;
+    struct stat st;
+    struct {
+        const char *path;
+        unsigned int check_absolute:1;
+    } path_data[2];
+    size_t path_data_n = 0, i;
+    const char *path;
+
+    /*
+     * First step, just take the URI as is.
+     */
+    path_data[path_data_n].check_absolute = 0;
+    path_data[path_data_n++].path = uri;
+
+    /*
+     * Second step, if the URI appears to start with the 'file' scheme,
+     * extract the path and make that the second path to check.
+     * There's a special case if the URI also contains an authority, then
+     * the full URI shouldn't be used as a path anywhere.
+     */
+    if (strncasecmp(uri, "file:", 5) == 0) {
+        const char *p = &uri[5];
+
+        if (strncmp(&uri[5], "//", 2) == 0) {
+            path_data_n--;           /* Invalidate using the full URI */
+            if (strncasecmp(&uri[7], "localhost/", 10) == 0) {
+                p = &uri[16];
+            } else if (uri[7] == '/') {
+                p = &uri[7];
+            } else {
+                OSSL_STOREerr(OSSL_STORE_F_FILE_OPEN,
+                              OSSL_STORE_R_URI_AUTHORITY_UNSUPPORTED);
+                return NULL;
+            }
+        }
+
+        path_data[path_data_n].check_absolute = 1;
+#ifdef _WIN32
+        /* Windows file: URIs with a drive letter start with a / */
+        if (p[0] == '/' && p[2] == ':' && p[3] == '/') {
+            char c = ossl_tolower(p[1]);
+
+            if (c >= 'a' && c <= 'z') {
+                p++;
+                /* We know it's absolute, so no need to check */
+                path_data[path_data_n].check_absolute = 0;
+            }
+        }
+#endif
+        path_data[path_data_n++].path = p;
+    }
+
+
+    for (i = 0, path = NULL; path == NULL && i < path_data_n; i++) {
+        /*
+         * If the scheme "file" was an explicit part of the URI, the path must
+         * be absolute.  So says RFC 8089
+         */
+        if (path_data[i].check_absolute && path_data[i].path[0] != '/') {
+            OSSL_STOREerr(OSSL_STORE_F_FILE_OPEN,
+                          OSSL_STORE_R_PATH_MUST_BE_ABSOLUTE);
+            ERR_add_error_data(1, path_data[i].path);
+            return NULL;
+        }
+
+        if (stat(path_data[i].path, &st) < 0) {
+            SYSerr(SYS_F_STAT, errno);
+            ERR_add_error_data(1, path_data[i].path);
+        } else {
+            path = path_data[i].path;
+        }
+    }
+    if (path == NULL) {
+        return NULL;
+    }
+
+    /* Successfully found a working path, clear possible collected errors */
+    ERR_clear_error();
+
+    ctx = OPENSSL_zalloc(sizeof(*ctx));
+    if (ctx == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_FILE_OPEN, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    if (S_ISDIR(st.st_mode)) {
+        /*
+         * Try to copy everything, even if we know that some of them must be
+         * NULL for the moment.  This prevents errors in the future, when more
+         * components may be used.
+         */
+        ctx->_.dir.uri = OPENSSL_strdup(uri);
+        ctx->type = is_dir;
+
+        if (ctx->_.dir.uri == NULL)
+            goto err;
+
+        ctx->_.dir.last_entry = OPENSSL_DIR_read(&ctx->_.dir.ctx, path);
+        ctx->_.dir.last_errno = errno;
+        if (ctx->_.dir.last_entry == NULL) {
+            if (ctx->_.dir.last_errno != 0) {
+                char errbuf[256];
+                errno = ctx->_.dir.last_errno;
+                openssl_strerror_r(errno, errbuf, sizeof(errbuf));
+                OSSL_STOREerr(OSSL_STORE_F_FILE_OPEN, ERR_R_SYS_LIB);
+                ERR_add_error_data(1, errbuf);
+                goto err;
+            }
+            ctx->_.dir.end_reached = 1;
+        }
+    } else {
+        BIO *buff = NULL;
+        char peekbuf[4096] = { 0, };
+
+        if ((buff = BIO_new(BIO_f_buffer())) == NULL
+            || (ctx->_.file.file = BIO_new_file(path, "rb")) == NULL) {
+            BIO_free_all(buff);
+            goto err;
+        }
+
+        ctx->_.file.file = BIO_push(buff, ctx->_.file.file);
+        if (BIO_buffer_peek(ctx->_.file.file, peekbuf, sizeof(peekbuf) - 1) > 0) {
+            peekbuf[sizeof(peekbuf) - 1] = '\0';
+            if (strstr(peekbuf, "-----BEGIN ") != NULL)
+                ctx->type = is_pem;
+        }
+    }
+
+    return ctx;
+ err:
+    OSSL_STORE_LOADER_CTX_free(ctx);
+    return NULL;
+}
+
+static int file_ctrl(OSSL_STORE_LOADER_CTX *ctx, int cmd, va_list args)
+{
+    int ret = 1;
+
+    switch (cmd) {
+    case OSSL_STORE_C_USE_SECMEM:
+        {
+            int on = *(va_arg(args, int *));
+
+            switch (on) {
+            case 0:
+                ctx->flags &= ~FILE_FLAG_SECMEM;
+                break;
+            case 1:
+                ctx->flags |= FILE_FLAG_SECMEM;
+                break;
+            default:
+                OSSL_STOREerr(OSSL_STORE_F_FILE_CTRL,
+                              ERR_R_PASSED_INVALID_ARGUMENT);
+                ret = 0;
+                break;
+            }
+        }
+        break;
+    default:
+        break;
+    }
+
+    return ret;
+}
+
+static int file_expect(OSSL_STORE_LOADER_CTX *ctx, int expected)
+{
+    ctx->expected_type = expected;
+    return 1;
+}
+
+static int file_find(OSSL_STORE_LOADER_CTX *ctx, OSSL_STORE_SEARCH *search)
+{
+    /*
+     * If ctx == NULL, the library is looking to know if this loader supports
+     * the given search type.
+     */
+
+    if (OSSL_STORE_SEARCH_get_type(search) == OSSL_STORE_SEARCH_BY_NAME) {
+        unsigned long hash = 0;
+
+        if (ctx == NULL)
+            return 1;
+
+        if (ctx->type != is_dir) {
+            OSSL_STOREerr(OSSL_STORE_F_FILE_FIND,
+                          OSSL_STORE_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES);
+            return 0;
+        }
+
+        hash = X509_NAME_hash(OSSL_STORE_SEARCH_get0_name(search));
+        BIO_snprintf(ctx->_.dir.search_name, sizeof(ctx->_.dir.search_name),
+                     "%08lx", hash);
+        return 1;
+    }
+
+    if (ctx != NULL)
+        OSSL_STOREerr(OSSL_STORE_F_FILE_FIND,
+                      OSSL_STORE_R_UNSUPPORTED_SEARCH_TYPE);
+    return 0;
+}
+
+/* Internal function to decode an already opened PEM file */
+OSSL_STORE_LOADER_CTX *ossl_store_file_attach_pem_bio_int(BIO *bp)
+{
+    OSSL_STORE_LOADER_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
+
+    if (ctx == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_FILE_ATTACH_PEM_BIO_INT,
+                      ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ctx->_.file.file = bp;
+    ctx->type = is_pem;
+
+    return ctx;
+}
+
+static OSSL_STORE_INFO *file_load_try_decode(OSSL_STORE_LOADER_CTX *ctx,
+                                             const char *pem_name,
+                                             const char *pem_header,
+                                             unsigned char *data, size_t len,
+                                             const UI_METHOD *ui_method,
+                                             void *ui_data, int *matchcount)
+{
+    OSSL_STORE_INFO *result = NULL;
+    BUF_MEM *new_mem = NULL;
+    char *new_pem_name = NULL;
+    int t = 0;
+
+ again:
+    {
+        size_t i = 0;
+        void *handler_ctx = NULL;
+        const FILE_HANDLER **matching_handlers =
+            OPENSSL_zalloc(sizeof(*matching_handlers)
+                           * OSSL_NELEM(file_handlers));
+
+        if (matching_handlers == NULL) {
+            OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD_TRY_DECODE,
+                          ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        *matchcount = 0;
+        for (i = 0; i < OSSL_NELEM(file_handlers); i++) {
+            const FILE_HANDLER *handler = file_handlers[i];
+            int try_matchcount = 0;
+            void *tmp_handler_ctx = NULL;
+            OSSL_STORE_INFO *tmp_result =
+                handler->try_decode(pem_name, pem_header, data, len,
+                                    &tmp_handler_ctx, &try_matchcount,
+                                    ui_method, ui_data);
+
+            if (try_matchcount > 0) {
+
+                matching_handlers[*matchcount] = handler;
+
+                if (handler_ctx)
+                    handler->destroy_ctx(&handler_ctx);
+                handler_ctx = tmp_handler_ctx;
+
+                if ((*matchcount += try_matchcount) > 1) {
+                    /* more than one match => ambiguous, kill any result */
+                    OSSL_STORE_INFO_free(result);
+                    OSSL_STORE_INFO_free(tmp_result);
+                    if (handler->destroy_ctx != NULL)
+                        handler->destroy_ctx(&handler_ctx);
+                    handler_ctx = NULL;
+                    tmp_result = NULL;
+                    result = NULL;
+                }
+                if (result == NULL)
+                    result = tmp_result;
+            }
+        }
+
+        if (*matchcount == 1 && matching_handlers[0]->repeatable) {
+            ctx->_.file.last_handler = matching_handlers[0];
+            ctx->_.file.last_handler_ctx = handler_ctx;
+        }
+
+        OPENSSL_free(matching_handlers);
+    }
+
+ err:
+    OPENSSL_free(new_pem_name);
+    BUF_MEM_free(new_mem);
+
+    if (result != NULL
+        && (t = OSSL_STORE_INFO_get_type(result)) == OSSL_STORE_INFO_EMBEDDED) {
+        pem_name = new_pem_name =
+            ossl_store_info_get0_EMBEDDED_pem_name(result);
+        new_mem = ossl_store_info_get0_EMBEDDED_buffer(result);
+        data = (unsigned char *)new_mem->data;
+        len = new_mem->length;
+        OPENSSL_free(result);
+        result = NULL;
+        goto again;
+    }
+
+    if (result != NULL)
+        ERR_clear_error();
+
+    return result;
+}
+
+static OSSL_STORE_INFO *file_load_try_repeat(OSSL_STORE_LOADER_CTX *ctx,
+                                             const UI_METHOD *ui_method,
+                                             void *ui_data)
+{
+    OSSL_STORE_INFO *result = NULL;
+    int try_matchcount = 0;
+
+    if (ctx->_.file.last_handler != NULL) {
+        result =
+            ctx->_.file.last_handler->try_decode(NULL, NULL, NULL, 0,
+                                                 &ctx->_.file.last_handler_ctx,
+                                                 &try_matchcount,
+                                                 ui_method, ui_data);
+
+        if (result == NULL) {
+            ctx->_.file.last_handler->destroy_ctx(&ctx->_.file.last_handler_ctx);
+            ctx->_.file.last_handler_ctx = NULL;
+            ctx->_.file.last_handler = NULL;
+        }
+    }
+    return result;
+}
+
+static void pem_free_flag(void *pem_data, int secure, size_t num)
+{
+    if (secure)
+        OPENSSL_secure_clear_free(pem_data, num);
+    else
+        OPENSSL_free(pem_data);
+}
+static int file_read_pem(BIO *bp, char **pem_name, char **pem_header,
+                         unsigned char **data, long *len,
+                         const UI_METHOD *ui_method,
+                         void *ui_data, int secure)
+{
+    int i = secure
+        ? PEM_read_bio_ex(bp, pem_name, pem_header, data, len,
+                          PEM_FLAG_SECURE | PEM_FLAG_EAY_COMPATIBLE)
+        : PEM_read_bio(bp, pem_name, pem_header, data, len);
+
+    if (i <= 0)
+        return 0;
+
+    /*
+     * 10 is the number of characters in "Proc-Type:", which
+     * PEM_get_EVP_CIPHER_INFO() requires to be present.
+     * If the PEM header has less characters than that, it's
+     * not worth spending cycles on it.
+     */
+    if (strlen(*pem_header) > 10) {
+        EVP_CIPHER_INFO cipher;
+        struct pem_pass_data pass_data;
+
+        if (!PEM_get_EVP_CIPHER_INFO(*pem_header, &cipher)
+            || !file_fill_pem_pass_data(&pass_data, "PEM", ui_method, ui_data)
+            || !PEM_do_header(&cipher, *data, len, file_get_pem_pass,
+                              &pass_data)) {
+            return 0;
+        }
+    }
+    return 1;
+}
+
+static int file_read_asn1(BIO *bp, unsigned char **data, long *len)
+{
+    BUF_MEM *mem = NULL;
+
+    if (asn1_d2i_read_bio(bp, &mem) < 0)
+        return 0;
+
+    *data = (unsigned char *)mem->data;
+    *len = (long)mem->length;
+    OPENSSL_free(mem);
+
+    return 1;
+}
+
+static int ends_with_dirsep(const char *uri)
+{
+    if (*uri != '\0')
+        uri += strlen(uri) - 1;
+#if defined __VMS
+    if (*uri == ']' || *uri == '>' || *uri == ':')
+        return 1;
+#elif defined _WIN32
+    if (*uri == '\\')
+        return 1;
+#endif
+    return *uri == '/';
+}
+
+static int file_name_to_uri(OSSL_STORE_LOADER_CTX *ctx, const char *name,
+                            char **data)
+{
+    assert(name != NULL);
+    assert(data != NULL);
+    {
+        const char *pathsep = ends_with_dirsep(ctx->_.dir.uri) ? "" : "/";
+        long calculated_length = strlen(ctx->_.dir.uri) + strlen(pathsep)
+            + strlen(name) + 1 /* \0 */;
+
+        *data = OPENSSL_zalloc(calculated_length);
+        if (*data == NULL) {
+            OSSL_STOREerr(OSSL_STORE_F_FILE_NAME_TO_URI, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+
+        OPENSSL_strlcat(*data, ctx->_.dir.uri, calculated_length);
+        OPENSSL_strlcat(*data, pathsep, calculated_length);
+        OPENSSL_strlcat(*data, name, calculated_length);
+    }
+    return 1;
+}
+
+static int file_name_check(OSSL_STORE_LOADER_CTX *ctx, const char *name)
+{
+    const char *p = NULL;
+
+    /* If there are no search criteria, all names are accepted */
+    if (ctx->_.dir.search_name[0] == '\0')
+        return 1;
+
+    /* If the expected type isn't supported, no name is accepted */
+    if (ctx->expected_type != 0
+        && ctx->expected_type != OSSL_STORE_INFO_CERT
+        && ctx->expected_type != OSSL_STORE_INFO_CRL)
+        return 0;
+
+    /*
+     * First, check the basename
+     */
+    if (strncasecmp(name, ctx->_.dir.search_name,
+                    sizeof(ctx->_.dir.search_name) - 1) != 0
+        || name[sizeof(ctx->_.dir.search_name) - 1] != '.')
+        return 0;
+    p = &name[sizeof(ctx->_.dir.search_name)];
+
+    /*
+     * Then, if the expected type is a CRL, check that the extension starts
+     * with 'r'
+     */
+    if (*p == 'r') {
+        p++;
+        if (ctx->expected_type != 0
+            && ctx->expected_type != OSSL_STORE_INFO_CRL)
+            return 0;
+    } else if (ctx->expected_type == OSSL_STORE_INFO_CRL) {
+        return 0;
+    }
+
+    /*
+     * Last, check that the rest of the extension is a decimal number, at
+     * least one digit long.
+     */
+    if (!ossl_isdigit(*p))
+        return 0;
+    while (ossl_isdigit(*p))
+        p++;
+
+# ifdef __VMS
+    /*
+     * One extra step here, check for a possible generation number.
+     */
+    if (*p == ';')
+        for (p++; *p != '\0'; p++)
+            if (!ossl_isdigit(*p))
+                break;
+# endif
+
+    /*
+     * If we've reached the end of the string at this point, we've successfully
+     * found a fitting file name.
+     */
+    return *p == '\0';
+}
+
+static int file_eof(OSSL_STORE_LOADER_CTX *ctx);
+static int file_error(OSSL_STORE_LOADER_CTX *ctx);
+static OSSL_STORE_INFO *file_load(OSSL_STORE_LOADER_CTX *ctx,
+                                  const UI_METHOD *ui_method, void *ui_data)
+{
+    OSSL_STORE_INFO *result = NULL;
+
+    ctx->errcnt = 0;
+    ERR_clear_error();
+
+    if (ctx->type == is_dir) {
+        do {
+            char *newname = NULL;
+
+            if (ctx->_.dir.last_entry == NULL) {
+                if (!ctx->_.dir.end_reached) {
+                    char errbuf[256];
+                    assert(ctx->_.dir.last_errno != 0);
+                    errno = ctx->_.dir.last_errno;
+                    ctx->errcnt++;
+                    openssl_strerror_r(errno, errbuf, sizeof(errbuf));
+                    OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD, ERR_R_SYS_LIB);
+                    ERR_add_error_data(1, errbuf);
+                }
+                return NULL;
+            }
+
+            if (ctx->_.dir.last_entry[0] != '.'
+                && file_name_check(ctx, ctx->_.dir.last_entry)
+                && !file_name_to_uri(ctx, ctx->_.dir.last_entry, &newname))
+                return NULL;
+
+            /*
+             * On the first call (with a NULL context), OPENSSL_DIR_read()
+             * cares about the second argument.  On the following calls, it
+             * only cares that it isn't NULL.  Therefore, we can safely give
+             * it our URI here.
+             */
+            ctx->_.dir.last_entry = OPENSSL_DIR_read(&ctx->_.dir.ctx,
+                                                     ctx->_.dir.uri);
+            ctx->_.dir.last_errno = errno;
+            if (ctx->_.dir.last_entry == NULL && ctx->_.dir.last_errno == 0)
+                ctx->_.dir.end_reached = 1;
+
+            if (newname != NULL
+                && (result = OSSL_STORE_INFO_new_NAME(newname)) == NULL) {
+                OPENSSL_free(newname);
+                OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD, ERR_R_OSSL_STORE_LIB);
+                return NULL;
+            }
+        } while (result == NULL && !file_eof(ctx));
+    } else {
+        int matchcount = -1;
+
+     again:
+        result = file_load_try_repeat(ctx, ui_method, ui_data);
+        if (result != NULL)
+            return result;
+
+        if (file_eof(ctx))
+            return NULL;
+
+        do {
+            char *pem_name = NULL;      /* PEM record name */
+            char *pem_header = NULL;    /* PEM record header */
+            unsigned char *data = NULL; /* DER encoded data */
+            long len = 0;               /* DER encoded data length */
+
+            matchcount = -1;
+            if (ctx->type == is_pem) {
+                if (!file_read_pem(ctx->_.file.file, &pem_name, &pem_header,
+                                   &data, &len, ui_method, ui_data,
+                                   (ctx->flags & FILE_FLAG_SECMEM) != 0)) {
+                    ctx->errcnt++;
+                    goto endloop;
+                }
+            } else {
+                if (!file_read_asn1(ctx->_.file.file, &data, &len)) {
+                    ctx->errcnt++;
+                    goto endloop;
+                }
+            }
+
+            result = file_load_try_decode(ctx, pem_name, pem_header, data, len,
+                                          ui_method, ui_data, &matchcount);
+
+            if (result != NULL)
+                goto endloop;
+
+            /*
+             * If a PEM name matches more than one handler, the handlers are
+             * badly coded.
+             */
+            if (!ossl_assert(pem_name == NULL || matchcount <= 1)) {
+                ctx->errcnt++;
+                goto endloop;
+            }
+
+            if (matchcount > 1) {
+                OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD,
+                              OSSL_STORE_R_AMBIGUOUS_CONTENT_TYPE);
+            } else if (matchcount == 1) {
+                /*
+                 * If there are other errors on the stack, they already show
+                 * what the problem is.
+                 */
+                if (ERR_peek_error() == 0) {
+                    OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD,
+                                  OSSL_STORE_R_UNSUPPORTED_CONTENT_TYPE);
+                    if (pem_name != NULL)
+                        ERR_add_error_data(3, "PEM type is '", pem_name, "'");
+                }
+            }
+            if (matchcount > 0)
+                ctx->errcnt++;
+
+         endloop:
+            pem_free_flag(pem_name, (ctx->flags & FILE_FLAG_SECMEM) != 0, 0);
+            pem_free_flag(pem_header, (ctx->flags & FILE_FLAG_SECMEM) != 0, 0);
+            pem_free_flag(data, (ctx->flags & FILE_FLAG_SECMEM) != 0, len);
+        } while (matchcount == 0 && !file_eof(ctx) && !file_error(ctx));
+
+        /* We bail out on ambiguity */
+        if (matchcount > 1)
+            return NULL;
+
+        if (result != NULL
+            && ctx->expected_type != 0
+            && ctx->expected_type != OSSL_STORE_INFO_get_type(result)) {
+            OSSL_STORE_INFO_free(result);
+            goto again;
+        }
+    }
+
+    return result;
+}
+
+static int file_error(OSSL_STORE_LOADER_CTX *ctx)
+{
+    return ctx->errcnt > 0;
+}
+
+static int file_eof(OSSL_STORE_LOADER_CTX *ctx)
+{
+    if (ctx->type == is_dir)
+        return ctx->_.dir.end_reached;
+
+    if (ctx->_.file.last_handler != NULL
+        && !ctx->_.file.last_handler->eof(ctx->_.file.last_handler_ctx))
+        return 0;
+    return BIO_eof(ctx->_.file.file);
+}
+
+static int file_close(OSSL_STORE_LOADER_CTX *ctx)
+{
+    if (ctx->type == is_dir) {
+        OPENSSL_DIR_end(&ctx->_.dir.ctx);
+    } else {
+        BIO_free_all(ctx->_.file.file);
+    }
+    OSSL_STORE_LOADER_CTX_free(ctx);
+    return 1;
+}
+
+int ossl_store_file_detach_pem_bio_int(OSSL_STORE_LOADER_CTX *ctx)
+{
+    OSSL_STORE_LOADER_CTX_free(ctx);
+    return 1;
+}
+
+static OSSL_STORE_LOADER file_loader =
+    {
+        "file",
+        NULL,
+        file_open,
+        file_ctrl,
+        file_expect,
+        file_find,
+        file_load,
+        file_eof,
+        file_error,
+        file_close
+    };
+
+static void store_file_loader_deinit(void)
+{
+    ossl_store_unregister_loader_int(file_loader.scheme);
+}
+
+int ossl_store_file_loader_init(void)
+{
+    int ret = ossl_store_register_loader_int(&file_loader);
+
+    OPENSSL_atexit(store_file_loader_deinit);
+    return ret;
+}
diff --git a/deps/openssl/openssl/crypto/store/store_err.c b/deps/openssl/openssl/crypto/store/store_err.c
new file mode 100644
index 0000000000..5a8a8404dd
--- /dev/null
+++ b/deps/openssl/openssl/crypto/store/store_err.c
@@ -0,0 +1,146 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/storeerr.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA OSSL_STORE_str_functs[] = {
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_FILE_CTRL, 0), "file_ctrl"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_FILE_FIND, 0), "file_find"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_FILE_GET_PASS, 0),
+     "file_get_pass"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_FILE_LOAD, 0), "file_load"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_FILE_LOAD_TRY_DECODE, 0),
+     "file_load_try_decode"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_FILE_NAME_TO_URI, 0),
+     "file_name_to_uri"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_FILE_OPEN, 0), "file_open"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_ATTACH_PEM_BIO, 0),
+     "ossl_store_attach_pem_bio"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_EXPECT, 0),
+     "OSSL_STORE_expect"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_FILE_ATTACH_PEM_BIO_INT, 0),
+     "ossl_store_file_attach_pem_bio_int"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_FIND, 0),
+     "OSSL_STORE_find"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_GET0_LOADER_INT, 0),
+     "ossl_store_get0_loader_int"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_GET1_CERT, 0),
+     "OSSL_STORE_INFO_get1_CERT"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_GET1_CRL, 0),
+     "OSSL_STORE_INFO_get1_CRL"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME, 0),
+     "OSSL_STORE_INFO_get1_NAME"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION, 0),
+     "OSSL_STORE_INFO_get1_NAME_description"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_GET1_PARAMS, 0),
+     "OSSL_STORE_INFO_get1_PARAMS"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_GET1_PKEY, 0),
+     "OSSL_STORE_INFO_get1_PKEY"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_NEW_CERT, 0),
+     "OSSL_STORE_INFO_new_CERT"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_NEW_CRL, 0),
+     "OSSL_STORE_INFO_new_CRL"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED, 0),
+     "ossl_store_info_new_EMBEDDED"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_NEW_NAME, 0),
+     "OSSL_STORE_INFO_new_NAME"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_NEW_PARAMS, 0),
+     "OSSL_STORE_INFO_new_PARAMS"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_NEW_PKEY, 0),
+     "OSSL_STORE_INFO_new_PKEY"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_SET0_NAME_DESCRIPTION, 0),
+     "OSSL_STORE_INFO_set0_NAME_description"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INIT_ONCE, 0),
+     "ossl_store_init_once"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_LOADER_NEW, 0),
+     "OSSL_STORE_LOADER_new"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_OPEN, 0),
+     "OSSL_STORE_open"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_OPEN_INT, 0), ""},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_REGISTER_LOADER_INT, 0),
+     "ossl_store_register_loader_int"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ALIAS, 0),
+     "OSSL_STORE_SEARCH_by_alias"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ISSUER_SERIAL, 0),
+     "OSSL_STORE_SEARCH_by_issuer_serial"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT, 0),
+     "OSSL_STORE_SEARCH_by_key_fingerprint"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_SEARCH_BY_NAME, 0),
+     "OSSL_STORE_SEARCH_by_name"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_UNREGISTER_LOADER_INT, 0),
+     "ossl_store_unregister_loader_int"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_TRY_DECODE_PARAMS, 0),
+     "try_decode_params"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_TRY_DECODE_PKCS12, 0),
+     "try_decode_PKCS12"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED, 0),
+     "try_decode_PKCS8Encrypted"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA OSSL_STORE_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_AMBIGUOUS_CONTENT_TYPE),
+    "ambiguous content type"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_BAD_PASSWORD_READ),
+    "bad password read"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC),
+    "error verifying pkcs12 mac"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST),
+    "fingerprint size does not match digest"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_INVALID_SCHEME),
+    "invalid scheme"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_IS_NOT_A), "is not a"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_LOADER_INCOMPLETE),
+    "loader incomplete"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_LOADING_STARTED),
+    "loading started"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_A_CERTIFICATE),
+    "not a certificate"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_A_CRL), "not a crl"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_A_KEY), "not a key"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_A_NAME), "not a name"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_PARAMETERS),
+    "not parameters"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR),
+    "passphrase callback error"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_PATH_MUST_BE_ABSOLUTE),
+    "path must be absolute"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES),
+    "search only supported for directories"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED),
+    "ui process interrupted or cancelled"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_UNREGISTERED_SCHEME),
+    "unregistered scheme"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_UNSUPPORTED_CONTENT_TYPE),
+    "unsupported content type"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_UNSUPPORTED_OPERATION),
+    "unsupported operation"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_UNSUPPORTED_SEARCH_TYPE),
+    "unsupported search type"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_URI_AUTHORITY_UNSUPPORTED),
+    "uri authority unsupported"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_OSSL_STORE_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(OSSL_STORE_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(OSSL_STORE_str_functs);
+        ERR_load_strings_const(OSSL_STORE_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/deps/openssl/openssl/crypto/store/store_init.c b/deps/openssl/openssl/crypto/store/store_init.c
new file mode 100644
index 0000000000..b398bf598f
--- /dev/null
+++ b/deps/openssl/openssl/crypto/store/store_init.c
@@ -0,0 +1,33 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include "internal/store.h"
+#include "store_locl.h"
+
+static CRYPTO_ONCE store_init = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(do_store_init)
+{
+    return OPENSSL_init_crypto(0, NULL)
+        && ossl_store_file_loader_init();
+}
+
+int ossl_store_init_once(void)
+{
+    if (!RUN_ONCE(&store_init, do_store_init)) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INIT_ONCE, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    return 1;
+}
+
+void ossl_store_cleanup_int(void)
+{
+    ossl_store_destroy_loaders_int();
+}
diff --git a/deps/openssl/openssl/crypto/store/store_lib.c b/deps/openssl/openssl/crypto/store/store_lib.c
new file mode 100644
index 0000000000..1c43547666
--- /dev/null
+++ b/deps/openssl/openssl/crypto/store/store_lib.c
@@ -0,0 +1,681 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+
+#include "e_os.h"
+
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include <openssl/store.h>
+#include "internal/thread_once.h"
+#include "internal/store_int.h"
+#include "store_locl.h"
+
+struct ossl_store_ctx_st {
+    const OSSL_STORE_LOADER *loader;
+    OSSL_STORE_LOADER_CTX *loader_ctx;
+    const UI_METHOD *ui_method;
+    void *ui_data;
+    OSSL_STORE_post_process_info_fn post_process;
+    void *post_process_data;
+    int expected_type;
+
+    /* 0 before the first STORE_load(), 1 otherwise */
+    int loading;
+};
+
+OSSL_STORE_CTX *OSSL_STORE_open(const char *uri, const UI_METHOD *ui_method,
+                                void *ui_data,
+                                OSSL_STORE_post_process_info_fn post_process,
+                                void *post_process_data)
+{
+    const OSSL_STORE_LOADER *loader = NULL;
+    OSSL_STORE_LOADER_CTX *loader_ctx = NULL;
+    OSSL_STORE_CTX *ctx = NULL;
+    char scheme_copy[256], *p, *schemes[2];
+    size_t schemes_n = 0;
+    size_t i;
+
+    /*
+     * Put the file scheme first.  If the uri does represent an existing file,
+     * possible device name and all, then it should be loaded.  Only a failed
+     * attempt at loading a local file should have us try something else.
+     */
+    schemes[schemes_n++] = "file";
+
+    /*
+     * Now, check if we have something that looks like a scheme, and add it
+     * as a second scheme.  However, also check if there's an authority start
+     * (://), because that will invalidate the previous file scheme.  Also,
+     * check that this isn't actually the file scheme, as there's no point
+     * going through that one twice!
+     */
+    OPENSSL_strlcpy(scheme_copy, uri, sizeof(scheme_copy));
+    if ((p = strchr(scheme_copy, ':')) != NULL) {
+        *p++ = '\0';
+        if (strcasecmp(scheme_copy, "file") != 0) {
+            if (strncmp(p, "//", 2) == 0)
+                schemes_n--;         /* Invalidate the file scheme */
+            schemes[schemes_n++] = scheme_copy;
+        }
+    }
+
+    ERR_set_mark();
+
+    /* Try each scheme until we find one that could open the URI */
+    for (i = 0; loader_ctx == NULL && i < schemes_n; i++) {
+        if ((loader = ossl_store_get0_loader_int(schemes[i])) != NULL)
+            loader_ctx = loader->open(loader, uri, ui_method, ui_data);
+    }
+    if (loader_ctx == NULL)
+        goto err;
+
+    if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_OPEN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    ctx->loader = loader;
+    ctx->loader_ctx = loader_ctx;
+    ctx->ui_method = ui_method;
+    ctx->ui_data = ui_data;
+    ctx->post_process = post_process;
+    ctx->post_process_data = post_process_data;
+
+    /*
+     * If the attempt to open with the 'file' scheme loader failed and the
+     * other scheme loader succeeded, the failure to open with the 'file'
+     * scheme loader leaves an error on the error stack.  Let's remove it.
+     */
+    ERR_pop_to_mark();
+
+    return ctx;
+
+ err:
+    ERR_clear_last_mark();
+    if (loader_ctx != NULL) {
+        /*
+         * We ignore a returned error because we will return NULL anyway in
+         * this case, so if something goes wrong when closing, that'll simply
+         * just add another entry on the error stack.
+         */
+        (void)loader->close(loader_ctx);
+    }
+    return NULL;
+}
+
+int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ...)
+{
+    va_list args;
+    int ret;
+
+    va_start(args, cmd);
+    ret = OSSL_STORE_vctrl(ctx, cmd, args);
+    va_end(args);
+
+    return ret;
+}
+
+int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd, va_list args)
+{
+    if (ctx->loader->ctrl != NULL)
+        return ctx->loader->ctrl(ctx->loader_ctx, cmd, args);
+    return 0;
+}
+
+int OSSL_STORE_expect(OSSL_STORE_CTX *ctx, int expected_type)
+{
+    if (ctx->loading) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_EXPECT,
+                      OSSL_STORE_R_LOADING_STARTED);
+        return 0;
+    }
+
+    ctx->expected_type = expected_type;
+    if (ctx->loader->expect != NULL)
+        return ctx->loader->expect(ctx->loader_ctx, expected_type);
+    return 1;
+}
+
+int OSSL_STORE_find(OSSL_STORE_CTX *ctx, OSSL_STORE_SEARCH *search)
+{
+    if (ctx->loading) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_FIND,
+                      OSSL_STORE_R_LOADING_STARTED);
+        return 0;
+    }
+    if (ctx->loader->find == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_FIND,
+                      OSSL_STORE_R_UNSUPPORTED_OPERATION);
+        return 0;
+    }
+
+    return ctx->loader->find(ctx->loader_ctx, search);
+}
+
+OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx)
+{
+    OSSL_STORE_INFO *v = NULL;
+
+    ctx->loading = 1;
+ again:
+    if (OSSL_STORE_eof(ctx))
+        return NULL;
+
+    v = ctx->loader->load(ctx->loader_ctx, ctx->ui_method, ctx->ui_data);
+
+    if (ctx->post_process != NULL && v != NULL) {
+        v = ctx->post_process(v, ctx->post_process_data);
+
+        /*
+         * By returning NULL, the callback decides that this object should
+         * be ignored.
+         */
+        if (v == NULL)
+            goto again;
+    }
+
+    if (v != NULL && ctx->expected_type != 0) {
+        int returned_type = OSSL_STORE_INFO_get_type(v);
+
+        if (returned_type != OSSL_STORE_INFO_NAME && returned_type != 0) {
+            /*
+             * Soft assert here so those who want to harsly weed out faulty
+             * loaders can do so using a debugging version of libcrypto.
+             */
+            if (ctx->loader->expect != NULL)
+                assert(ctx->expected_type == returned_type);
+
+            if (ctx->expected_type != returned_type) {
+                OSSL_STORE_INFO_free(v);
+                goto again;
+            }
+        }
+    }
+
+    return v;
+}
+
+int OSSL_STORE_error(OSSL_STORE_CTX *ctx)
+{
+    return ctx->loader->error(ctx->loader_ctx);
+}
+
+int OSSL_STORE_eof(OSSL_STORE_CTX *ctx)
+{
+    return ctx->loader->eof(ctx->loader_ctx);
+}
+
+int OSSL_STORE_close(OSSL_STORE_CTX *ctx)
+{
+    int loader_ret = ctx->loader->close(ctx->loader_ctx);
+
+    OPENSSL_free(ctx);
+    return loader_ret;
+}
+
+/*
+ * Functions to generate OSSL_STORE_INFOs, one function for each type we
+ * support having in them as well as a generic constructor.
+ *
+ * In all cases, ownership of the object is transfered to the OSSL_STORE_INFO
+ * and will therefore be freed when the OSSL_STORE_INFO is freed.
+ */
+static OSSL_STORE_INFO *store_info_new(int type, void *data)
+{
+    OSSL_STORE_INFO *info = OPENSSL_zalloc(sizeof(*info));
+
+    if (info == NULL)
+        return NULL;
+
+    info->type = type;
+    info->_.data = data;
+    return info;
+}
+
+OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name)
+{
+    OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_NAME, NULL);
+
+    if (info == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_NAME,
+                      ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    info->_.name.name = name;
+    info->_.name.desc = NULL;
+
+    return info;
+}
+
+int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc)
+{
+    if (info->type != OSSL_STORE_INFO_NAME) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_SET0_NAME_DESCRIPTION,
+                      ERR_R_PASSED_INVALID_ARGUMENT);
+        return 0;
+    }
+
+    info->_.name.desc = desc;
+
+    return 1;
+}
+OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(EVP_PKEY *params)
+{
+    OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_PARAMS, params);
+
+    if (info == NULL)
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_PARAMS,
+                      ERR_R_MALLOC_FAILURE);
+    return info;
+}
+
+OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey)
+{
+    OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_PKEY, pkey);
+
+    if (info == NULL)
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_PKEY,
+                      ERR_R_MALLOC_FAILURE);
+    return info;
+}
+
+OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509)
+{
+    OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_CERT, x509);
+
+    if (info == NULL)
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_CERT,
+                      ERR_R_MALLOC_FAILURE);
+    return info;
+}
+
+OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl)
+{
+    OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_CRL, crl);
+
+    if (info == NULL)
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_CRL,
+                      ERR_R_MALLOC_FAILURE);
+    return info;
+}
+
+/*
+ * Functions to try to extract data from a OSSL_STORE_INFO.
+ */
+int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *info)
+{
+    return info->type;
+}
+
+const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO *info)
+{
+    if (info->type == OSSL_STORE_INFO_NAME)
+        return info->_.name.name;
+    return NULL;
+}
+
+char *OSSL_STORE_INFO_get1_NAME(const OSSL_STORE_INFO *info)
+{
+    if (info->type == OSSL_STORE_INFO_NAME) {
+        char *ret = OPENSSL_strdup(info->_.name.name);
+
+        if (ret == NULL)
+            OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME,
+                          ERR_R_MALLOC_FAILURE);
+        return ret;
+    }
+    OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME,
+                  OSSL_STORE_R_NOT_A_NAME);
+    return NULL;
+}
+
+const char *OSSL_STORE_INFO_get0_NAME_description(const OSSL_STORE_INFO *info)
+{
+    if (info->type == OSSL_STORE_INFO_NAME)
+        return info->_.name.desc;
+    return NULL;
+}
+
+char *OSSL_STORE_INFO_get1_NAME_description(const OSSL_STORE_INFO *info)
+{
+    if (info->type == OSSL_STORE_INFO_NAME) {
+        char *ret = OPENSSL_strdup(info->_.name.desc
+                                   ? info->_.name.desc : "");
+
+        if (ret == NULL)
+            OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION,
+                     ERR_R_MALLOC_FAILURE);
+        return ret;
+    }
+    OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION,
+                  OSSL_STORE_R_NOT_A_NAME);
+    return NULL;
+}
+
+EVP_PKEY *OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO *info)
+{
+    if (info->type == OSSL_STORE_INFO_PARAMS)
+        return info->_.params;
+    return NULL;
+}
+
+EVP_PKEY *OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO *info)
+{
+    if (info->type == OSSL_STORE_INFO_PARAMS) {
+        EVP_PKEY_up_ref(info->_.params);
+        return info->_.params;
+    }
+    OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_PARAMS,
+                  OSSL_STORE_R_NOT_PARAMETERS);
+    return NULL;
+}
+
+EVP_PKEY *OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO *info)
+{
+    if (info->type == OSSL_STORE_INFO_PKEY)
+        return info->_.pkey;
+    return NULL;
+}
+
+EVP_PKEY *OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO *info)
+{
+    if (info->type == OSSL_STORE_INFO_PKEY) {
+        EVP_PKEY_up_ref(info->_.pkey);
+        return info->_.pkey;
+    }
+    OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_PKEY,
+                  OSSL_STORE_R_NOT_A_KEY);
+    return NULL;
+}
+
+X509 *OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO *info)
+{
+    if (info->type == OSSL_STORE_INFO_CERT)
+        return info->_.x509;
+    return NULL;
+}
+
+X509 *OSSL_STORE_INFO_get1_CERT(const OSSL_STORE_INFO *info)
+{
+    if (info->type == OSSL_STORE_INFO_CERT) {
+        X509_up_ref(info->_.x509);
+        return info->_.x509;
+    }
+    OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_CERT,
+                  OSSL_STORE_R_NOT_A_CERTIFICATE);
+    return NULL;
+}
+
+X509_CRL *OSSL_STORE_INFO_get0_CRL(const OSSL_STORE_INFO *info)
+{
+    if (info->type == OSSL_STORE_INFO_CRL)
+        return info->_.crl;
+    return NULL;
+}
+
+X509_CRL *OSSL_STORE_INFO_get1_CRL(const OSSL_STORE_INFO *info)
+{
+    if (info->type == OSSL_STORE_INFO_CRL) {
+        X509_CRL_up_ref(info->_.crl);
+        return info->_.crl;
+    }
+    OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_CRL,
+                  OSSL_STORE_R_NOT_A_CRL);
+    return NULL;
+}
+
+/*
+ * Free the OSSL_STORE_INFO
+ */
+void OSSL_STORE_INFO_free(OSSL_STORE_INFO *info)
+{
+    if (info != NULL) {
+        switch (info->type) {
+        case OSSL_STORE_INFO_EMBEDDED:
+            BUF_MEM_free(info->_.embedded.blob);
+            OPENSSL_free(info->_.embedded.pem_name);
+            break;
+        case OSSL_STORE_INFO_NAME:
+            OPENSSL_free(info->_.name.name);
+            OPENSSL_free(info->_.name.desc);
+            break;
+        case OSSL_STORE_INFO_PARAMS:
+            EVP_PKEY_free(info->_.params);
+            break;
+        case OSSL_STORE_INFO_PKEY:
+            EVP_PKEY_free(info->_.pkey);
+            break;
+        case OSSL_STORE_INFO_CERT:
+            X509_free(info->_.x509);
+            break;
+        case OSSL_STORE_INFO_CRL:
+            X509_CRL_free(info->_.crl);
+            break;
+        }
+        OPENSSL_free(info);
+    }
+}
+
+int OSSL_STORE_supports_search(OSSL_STORE_CTX *ctx, int search_type)
+{
+    OSSL_STORE_SEARCH tmp_search;
+
+    if (ctx->loader->find == NULL)
+        return 0;
+    tmp_search.search_type = search_type;
+    return ctx->loader->find(NULL, &tmp_search);
+}
+
+/* Search term constructors */
+OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_name(X509_NAME *name)
+{
+    OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
+
+    if (search == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_SEARCH_BY_NAME,
+                      ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    search->search_type = OSSL_STORE_SEARCH_BY_NAME;
+    search->name = name;
+    return search;
+}
+
+OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_issuer_serial(X509_NAME *name,
+                                                    const ASN1_INTEGER *serial)
+{
+    OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
+
+    if (search == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ISSUER_SERIAL,
+                      ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    search->search_type = OSSL_STORE_SEARCH_BY_ISSUER_SERIAL;
+    search->name = name;
+    search->serial = serial;
+    return search;
+}
+
+OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_key_fingerprint(const EVP_MD *digest,
+                                                        const unsigned char
+                                                        *bytes, size_t len)
+{
+    OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
+
+    if (search == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT,
+                      ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    if (digest != NULL && len != (size_t)EVP_MD_size(digest)) {
+        char buf1[20], buf2[20];
+
+        BIO_snprintf(buf1, sizeof(buf1), "%d", EVP_MD_size(digest));
+        BIO_snprintf(buf2, sizeof(buf2), "%zu", len);
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT,
+                      OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST);
+        ERR_add_error_data(5, EVP_MD_name(digest), " size is ", buf1,
+                           ", fingerprint size is ", buf2);
+    }
+
+    search->search_type = OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT;
+    search->digest = digest;
+    search->string = bytes;
+    search->stringlength = len;
+    return search;
+}
+
+OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_alias(const char *alias)
+{
+    OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
+
+    if (search == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ALIAS,
+                      ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    search->search_type = OSSL_STORE_SEARCH_BY_ALIAS;
+    search->string = (const unsigned char *)alias;
+    search->stringlength = strlen(alias);
+    return search;
+}
+
+/* Search term destructor */
+void OSSL_STORE_SEARCH_free(OSSL_STORE_SEARCH *search)
+{
+    OPENSSL_free(search);
+}
+
+/* Search term accessors */
+int OSSL_STORE_SEARCH_get_type(const OSSL_STORE_SEARCH *criterion)
+{
+    return criterion->search_type;
+}
+
+X509_NAME *OSSL_STORE_SEARCH_get0_name(OSSL_STORE_SEARCH *criterion)
+{
+    return criterion->name;
+}
+
+const ASN1_INTEGER *OSSL_STORE_SEARCH_get0_serial(const OSSL_STORE_SEARCH
+                                                 *criterion)
+{
+    return criterion->serial;
+}
+
+const unsigned char *OSSL_STORE_SEARCH_get0_bytes(const OSSL_STORE_SEARCH
+                                                  *criterion, size_t *length)
+{
+    *length = criterion->stringlength;
+    return criterion->string;
+}
+
+const char *OSSL_STORE_SEARCH_get0_string(const OSSL_STORE_SEARCH *criterion)
+{
+    return (const char *)criterion->string;
+}
+
+const EVP_MD *OSSL_STORE_SEARCH_get0_digest(const OSSL_STORE_SEARCH *criterion)
+{
+    return criterion->digest;
+}
+
+/* Internal functions */
+OSSL_STORE_INFO *ossl_store_info_new_EMBEDDED(const char *new_pem_name,
+                                              BUF_MEM *embedded)
+{
+    OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_EMBEDDED, NULL);
+
+    if (info == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED,
+                      ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    info->_.embedded.blob = embedded;
+    info->_.embedded.pem_name =
+        new_pem_name == NULL ? NULL : OPENSSL_strdup(new_pem_name);
+
+    if (new_pem_name != NULL && info->_.embedded.pem_name == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED,
+                      ERR_R_MALLOC_FAILURE);
+        OSSL_STORE_INFO_free(info);
+        info = NULL;
+    }
+
+    return info;
+}
+
+BUF_MEM *ossl_store_info_get0_EMBEDDED_buffer(OSSL_STORE_INFO *info)
+{
+    if (info->type == OSSL_STORE_INFO_EMBEDDED)
+        return info->_.embedded.blob;
+    return NULL;
+}
+
+char *ossl_store_info_get0_EMBEDDED_pem_name(OSSL_STORE_INFO *info)
+{
+    if (info->type == OSSL_STORE_INFO_EMBEDDED)
+        return info->_.embedded.pem_name;
+    return NULL;
+}
+
+OSSL_STORE_CTX *ossl_store_attach_pem_bio(BIO *bp, const UI_METHOD *ui_method,
+                                          void *ui_data)
+{
+    OSSL_STORE_CTX *ctx = NULL;
+    const OSSL_STORE_LOADER *loader = NULL;
+    OSSL_STORE_LOADER_CTX *loader_ctx = NULL;
+
+    if ((loader = ossl_store_get0_loader_int("file")) == NULL
+        || ((loader_ctx = ossl_store_file_attach_pem_bio_int(bp)) == NULL))
+        goto done;
+    if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_ATTACH_PEM_BIO,
+                     ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    ctx->loader = loader;
+    ctx->loader_ctx = loader_ctx;
+    loader_ctx = NULL;
+    ctx->ui_method = ui_method;
+    ctx->ui_data = ui_data;
+    ctx->post_process = NULL;
+    ctx->post_process_data = NULL;
+
+ done:
+    if (loader_ctx != NULL)
+        /*
+         * We ignore a returned error because we will return NULL anyway in
+         * this case, so if something goes wrong when closing, that'll simply
+         * just add another entry on the error stack.
+         */
+        (void)loader->close(loader_ctx);
+    return ctx;
+}
+
+int ossl_store_detach_pem_bio(OSSL_STORE_CTX *ctx)
+{
+    int loader_ret = ossl_store_file_detach_pem_bio_int(ctx->loader_ctx);
+
+    OPENSSL_free(ctx);
+    return loader_ret;
+}
diff --git a/deps/openssl/openssl/crypto/store/store_locl.h b/deps/openssl/openssl/crypto/store/store_locl.h
new file mode 100644
index 0000000000..369dcb33f2
--- /dev/null
+++ b/deps/openssl/openssl/crypto/store/store_locl.h
@@ -0,0 +1,132 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/thread_once.h"
+#include <openssl/dsa.h>
+#include <openssl/engine.h>
+#include <openssl/evp.h>
+#include <openssl/lhash.h>
+#include <openssl/x509.h>
+#include <openssl/store.h>
+
+/*-
+ *  OSSL_STORE_INFO stuff
+ *  ---------------------
+ */
+
+struct ossl_store_info_st {
+    int type;
+    union {
+        void *data;              /* used internally as generic pointer */
+
+        struct {
+            BUF_MEM *blob;
+            char *pem_name;
+        } embedded;              /* when type == OSSL_STORE_INFO_EMBEDDED */
+
+        struct {
+            char *name;
+            char *desc;
+        } name;                  /* when type == OSSL_STORE_INFO_NAME */
+
+        EVP_PKEY *params;        /* when type == OSSL_STORE_INFO_PARAMS */
+        EVP_PKEY *pkey;          /* when type == OSSL_STORE_INFO_PKEY */
+        X509 *x509;              /* when type == OSSL_STORE_INFO_CERT */
+        X509_CRL *crl;           /* when type == OSSL_STORE_INFO_CRL */
+    } _;
+};
+
+DEFINE_STACK_OF(OSSL_STORE_INFO)
+
+/*
+ * EMBEDDED is a special type of OSSL_STORE_INFO, specially for the file
+ * handlers.  It should never reach a calling application or any engine.
+ * However, it can be used by a FILE_HANDLER's try_decode function to signal
+ * that it has decoded the incoming blob into a new blob, and that the
+ * attempted decoding should be immediately restarted with the new blob, using
+ * the new PEM name.
+ */
+/*
+ * Because this is an internal type, we don't make it public.
+ */
+#define OSSL_STORE_INFO_EMBEDDED       -1
+OSSL_STORE_INFO *ossl_store_info_new_EMBEDDED(const char *new_pem_name,
+                                              BUF_MEM *embedded);
+BUF_MEM *ossl_store_info_get0_EMBEDDED_buffer(OSSL_STORE_INFO *info);
+char *ossl_store_info_get0_EMBEDDED_pem_name(OSSL_STORE_INFO *info);
+
+/*-
+ *  OSSL_STORE_SEARCH stuff
+ *  -----------------------
+ */
+
+struct ossl_store_search_st {
+    int search_type;
+
+    /*
+     * Used by OSSL_STORE_SEARCH_BY_NAME and
+     * OSSL_STORE_SEARCH_BY_ISSUER_SERIAL
+     */
+    X509_NAME *name;
+
+    /* Used by OSSL_STORE_SEARCH_BY_ISSUER_SERIAL */
+    const ASN1_INTEGER *serial;
+
+    /* Used by OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT */
+    const EVP_MD *digest;
+
+    /*
+     * Used by OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT and
+     * OSSL_STORE_SEARCH_BY_ALIAS
+     */
+    const unsigned char *string;
+    size_t stringlength;
+};
+
+/*-
+ *  OSSL_STORE_LOADER stuff
+ *  -----------------------
+ */
+
+int ossl_store_register_loader_int(OSSL_STORE_LOADER *loader);
+OSSL_STORE_LOADER *ossl_store_unregister_loader_int(const char *scheme);
+
+/* loader stuff */
+struct ossl_store_loader_st {
+    const char *scheme;
+    ENGINE *engine;
+    OSSL_STORE_open_fn open;
+    OSSL_STORE_ctrl_fn ctrl;
+    OSSL_STORE_expect_fn expect;
+    OSSL_STORE_find_fn find;
+    OSSL_STORE_load_fn load;
+    OSSL_STORE_eof_fn eof;
+    OSSL_STORE_error_fn error;
+    OSSL_STORE_close_fn close;
+};
+DEFINE_LHASH_OF(OSSL_STORE_LOADER);
+
+const OSSL_STORE_LOADER *ossl_store_get0_loader_int(const char *scheme);
+void ossl_store_destroy_loaders_int(void);
+
+/*-
+ *  OSSL_STORE init stuff
+ *  ---------------------
+ */
+
+int ossl_store_init_once(void);
+int ossl_store_file_loader_init(void);
+
+/*-
+ *  'file' scheme stuff
+ *  -------------------
+ */
+
+OSSL_STORE_LOADER_CTX *ossl_store_file_attach_pem_bio_int(BIO *bp);
+int ossl_store_file_detach_pem_bio_int(OSSL_STORE_LOADER_CTX *ctx);
diff --git a/deps/openssl/openssl/crypto/store/store_register.c b/deps/openssl/openssl/crypto/store/store_register.c
new file mode 100644
index 0000000000..e68cb3c568
--- /dev/null
+++ b/deps/openssl/openssl/crypto/store/store_register.c
@@ -0,0 +1,297 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include "internal/ctype.h"
+#include <assert.h>
+
+#include <openssl/err.h>
+#include <openssl/lhash.h>
+#include "store_locl.h"
+
+static CRYPTO_RWLOCK *registry_lock;
+static CRYPTO_ONCE registry_init = CRYPTO_ONCE_STATIC_INIT;
+
+DEFINE_RUN_ONCE_STATIC(do_registry_init)
+{
+    registry_lock = CRYPTO_THREAD_lock_new();
+    return registry_lock != NULL;
+}
+
+/*
+ *  Functions for manipulating OSSL_STORE_LOADERs
+ */
+
+OSSL_STORE_LOADER *OSSL_STORE_LOADER_new(ENGINE *e, const char *scheme)
+{
+    OSSL_STORE_LOADER *res = NULL;
+
+    /*
+     * We usually don't check NULL arguments.  For loaders, though, the
+     * scheme is crucial and must never be NULL, or the user will get
+     * mysterious errors when trying to register the created loader
+     * later on.
+     */
+    if (scheme == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_LOADER_NEW,
+                      OSSL_STORE_R_INVALID_SCHEME);
+        return NULL;
+    }
+
+    if ((res = OPENSSL_zalloc(sizeof(*res))) == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_LOADER_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    res->engine = e;
+    res->scheme = scheme;
+    return res;
+}
+
+const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER *loader)
+{
+    return loader->engine;
+}
+
+const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader)
+{
+    return loader->scheme;
+}
+
+int OSSL_STORE_LOADER_set_open(OSSL_STORE_LOADER *loader,
+                               OSSL_STORE_open_fn open_function)
+{
+    loader->open = open_function;
+    return 1;
+}
+
+int OSSL_STORE_LOADER_set_ctrl(OSSL_STORE_LOADER *loader,
+                               OSSL_STORE_ctrl_fn ctrl_function)
+{
+    loader->ctrl = ctrl_function;
+    return 1;
+}
+
+int OSSL_STORE_LOADER_set_expect(OSSL_STORE_LOADER *loader,
+                                 OSSL_STORE_expect_fn expect_function)
+{
+    loader->expect = expect_function;
+    return 1;
+}
+
+int OSSL_STORE_LOADER_set_find(OSSL_STORE_LOADER *loader,
+                               OSSL_STORE_find_fn find_function)
+{
+    loader->find = find_function;
+    return 1;
+}
+
+int OSSL_STORE_LOADER_set_load(OSSL_STORE_LOADER *loader,
+                               OSSL_STORE_load_fn load_function)
+{
+    loader->load = load_function;
+    return 1;
+}
+
+int OSSL_STORE_LOADER_set_eof(OSSL_STORE_LOADER *loader,
+                              OSSL_STORE_eof_fn eof_function)
+{
+    loader->eof = eof_function;
+    return 1;
+}
+
+int OSSL_STORE_LOADER_set_error(OSSL_STORE_LOADER *loader,
+                                OSSL_STORE_error_fn error_function)
+{
+    loader->error = error_function;
+    return 1;
+}
+
+int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *loader,
+                                OSSL_STORE_close_fn close_function)
+{
+    loader->close = close_function;
+    return 1;
+}
+
+void OSSL_STORE_LOADER_free(OSSL_STORE_LOADER *loader)
+{
+    OPENSSL_free(loader);
+}
+
+/*
+ *  Functions for registering OSSL_STORE_LOADERs
+ */
+
+static unsigned long store_loader_hash(const OSSL_STORE_LOADER *v)
+{
+    return OPENSSL_LH_strhash(v->scheme);
+}
+
+static int store_loader_cmp(const OSSL_STORE_LOADER *a,
+                            const OSSL_STORE_LOADER *b)
+{
+    assert(a->scheme != NULL && b->scheme != NULL);
+    return strcmp(a->scheme, b->scheme);
+}
+
+static LHASH_OF(OSSL_STORE_LOADER) *loader_register = NULL;
+
+int ossl_store_register_loader_int(OSSL_STORE_LOADER *loader)
+{
+    const char *scheme = loader->scheme;
+    int ok = 0;
+
+    /*
+     * Check that the given scheme conforms to correct scheme syntax as per
+     * RFC 3986:
+     *
+     * scheme        = ALPHA *( ALPHA / DIGIT / "+" / "-" / "." )
+     */
+    if (ossl_isalpha(*scheme))
+        while (*scheme != '\0'
+               && (ossl_isalpha(*scheme)
+                   || ossl_isdigit(*scheme)
+                   || strchr("+-.", *scheme) != NULL))
+            scheme++;
+    if (*scheme != '\0') {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_REGISTER_LOADER_INT,
+                      OSSL_STORE_R_INVALID_SCHEME);
+        ERR_add_error_data(2, "scheme=", loader->scheme);
+        return 0;
+    }
+
+    /* Check that functions we absolutely require are present */
+    if (loader->open == NULL || loader->load == NULL || loader->eof == NULL
+        || loader->error == NULL || loader->close == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_REGISTER_LOADER_INT,
+                      OSSL_STORE_R_LOADER_INCOMPLETE);
+        return 0;
+    }
+
+    if (!RUN_ONCE(&registry_init, do_registry_init)) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_REGISTER_LOADER_INT,
+                      ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    CRYPTO_THREAD_write_lock(registry_lock);
+
+    if (loader_register == NULL) {
+        loader_register = lh_OSSL_STORE_LOADER_new(store_loader_hash,
+                                                   store_loader_cmp);
+    }
+
+    if (loader_register != NULL
+        && (lh_OSSL_STORE_LOADER_insert(loader_register, loader) != NULL
+            || lh_OSSL_STORE_LOADER_error(loader_register) == 0))
+        ok = 1;
+
+    CRYPTO_THREAD_unlock(registry_lock);
+
+    return ok;
+}
+int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader)
+{
+    if (!ossl_store_init_once())
+        return 0;
+    return ossl_store_register_loader_int(loader);
+}
+
+const OSSL_STORE_LOADER *ossl_store_get0_loader_int(const char *scheme)
+{
+    OSSL_STORE_LOADER template;
+    OSSL_STORE_LOADER *loader = NULL;
+
+    template.scheme = scheme;
+    template.open = NULL;
+    template.load = NULL;
+    template.eof = NULL;
+    template.close = NULL;
+
+    if (!ossl_store_init_once())
+        return NULL;
+
+    if (!RUN_ONCE(&registry_init, do_registry_init)) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_GET0_LOADER_INT,
+                      ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    CRYPTO_THREAD_write_lock(registry_lock);
+
+    loader = lh_OSSL_STORE_LOADER_retrieve(loader_register, &template);
+
+    if (loader == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_GET0_LOADER_INT,
+                      OSSL_STORE_R_UNREGISTERED_SCHEME);
+        ERR_add_error_data(2, "scheme=", scheme);
+    }
+
+    CRYPTO_THREAD_unlock(registry_lock);
+
+    return loader;
+}
+
+OSSL_STORE_LOADER *ossl_store_unregister_loader_int(const char *scheme)
+{
+    OSSL_STORE_LOADER template;
+    OSSL_STORE_LOADER *loader = NULL;
+
+    template.scheme = scheme;
+    template.open = NULL;
+    template.load = NULL;
+    template.eof = NULL;
+    template.close = NULL;
+
+    if (!RUN_ONCE(&registry_init, do_registry_init)) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_UNREGISTER_LOADER_INT,
+                      ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    CRYPTO_THREAD_write_lock(registry_lock);
+
+    loader = lh_OSSL_STORE_LOADER_delete(loader_register, &template);
+
+    if (loader == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_UNREGISTER_LOADER_INT,
+                      OSSL_STORE_R_UNREGISTERED_SCHEME);
+        ERR_add_error_data(2, "scheme=", scheme);
+    }
+
+    CRYPTO_THREAD_unlock(registry_lock);
+
+    return loader;
+}
+OSSL_STORE_LOADER *OSSL_STORE_unregister_loader(const char *scheme)
+{
+    if (!ossl_store_init_once())
+        return 0;
+    return ossl_store_unregister_loader_int(scheme);
+}
+
+void ossl_store_destroy_loaders_int(void)
+{
+    assert(lh_OSSL_STORE_LOADER_num_items(loader_register) == 0);
+    lh_OSSL_STORE_LOADER_free(loader_register);
+    loader_register = NULL;
+    CRYPTO_THREAD_lock_free(registry_lock);
+    registry_lock = NULL;
+}
+
+/*
+ *  Functions to list OSSL_STORE loaders
+ */
+
+IMPLEMENT_LHASH_DOALL_ARG_CONST(OSSL_STORE_LOADER, void);
+int OSSL_STORE_do_all_loaders(void (*do_function) (const OSSL_STORE_LOADER
+                                                   *loader, void *do_arg),
+                              void *do_arg)
+{
+    lh_OSSL_STORE_LOADER_doall_void(loader_register, do_function, do_arg);
+    return 1;
+}
diff --git a/deps/openssl/openssl/crypto/store/store_strings.c b/deps/openssl/openssl/crypto/store/store_strings.c
new file mode 100644
index 0000000000..76cf316483
--- /dev/null
+++ b/deps/openssl/openssl/crypto/store/store_strings.c
@@ -0,0 +1,28 @@
+/*
+ * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/store.h>
+
+static char *type_strings[] = {
+    "Name",                      /* OSSL_STORE_INFO_NAME */
+    "Parameters",                /* OSSL_STORE_INFO_PARAMS */
+    "Pkey",                      /* OSSL_STORE_INFO_PKEY */
+    "Certificate",               /* OSSL_STORE_INFO_CERT */
+    "CRL"                        /* OSSL_STORE_INFO_CRL */
+};
+
+const char *OSSL_STORE_INFO_type_string(int type)
+{
+    int types = sizeof(type_strings) / sizeof(type_strings[0]);
+
+    if (type < 1 || type > types)
+        return NULL;
+
+    return type_strings[type - 1];
+}
diff --git a/deps/openssl/openssl/crypto/threads_none.c b/deps/openssl/openssl/crypto/threads_none.c
index 72bf25b0d5..4b1940ae44 100644
--- a/deps/openssl/openssl/crypto/threads_none.c
+++ b/deps/openssl/openssl/crypto/threads_none.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -8,14 +8,18 @@
  */
 
 #include <openssl/crypto.h>
+#include "internal/cryptlib.h"
 
 #if !defined(OPENSSL_THREADS) || defined(CRYPTO_TDEBUG)
 
 CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void)
 {
-    CRYPTO_RWLOCK *lock = OPENSSL_zalloc(sizeof(unsigned int));
-    if (lock == NULL)
+    CRYPTO_RWLOCK *lock;
+
+    if ((lock = OPENSSL_zalloc(sizeof(unsigned int))) == NULL) {
+        /* Don't set error, to avoid recursion blowup. */
         return NULL;
+    }
 
     *(unsigned int *)lock = 1;
 
@@ -24,19 +28,22 @@ CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void)
 
 int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock)
 {
-    OPENSSL_assert(*(unsigned int *)lock == 1);
+    if (!ossl_assert(*(unsigned int *)lock == 1))
+        return 0;
     return 1;
 }
 
 int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock)
 {
-    OPENSSL_assert(*(unsigned int *)lock == 1);
+    if (!ossl_assert(*(unsigned int *)lock == 1))
+        return 0;
     return 1;
 }
 
 int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock)
 {
-    OPENSSL_assert(*(unsigned int *)lock == 1);
+    if (!ossl_assert(*(unsigned int *)lock == 1))
+        return 0;
     return 1;
 }
 
@@ -121,4 +128,9 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock)
     return 1;
 }
 
+int openssl_init_fork_handlers(void)
+{
+    return 0;
+}
+
 #endif
diff --git a/deps/openssl/openssl/crypto/threads_pthread.c b/deps/openssl/openssl/crypto/threads_pthread.c
index 151013e470..5a59779ebb 100644
--- a/deps/openssl/openssl/crypto/threads_pthread.c
+++ b/deps/openssl/openssl/crypto/threads_pthread.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -8,6 +8,7 @@
  */
 
 #include <openssl/crypto.h>
+#include "internal/cryptlib.h"
 
 #if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG) && !defined(OPENSSL_SYS_WINDOWS)
 
@@ -18,9 +19,12 @@
 CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void)
 {
 # ifdef USE_RWLOCK
-    CRYPTO_RWLOCK *lock = OPENSSL_zalloc(sizeof(pthread_rwlock_t));
-    if (lock == NULL)
+    CRYPTO_RWLOCK *lock;
+
+    if ((lock = OPENSSL_zalloc(sizeof(pthread_rwlock_t))) == NULL) {
+        /* Don't set error, to avoid recursion blowup. */
         return NULL;
+    }
 
     if (pthread_rwlock_init(lock, NULL) != 0) {
         OPENSSL_free(lock);
@@ -28,9 +32,12 @@ CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void)
     }
 # else
     pthread_mutexattr_t attr;
-    CRYPTO_RWLOCK *lock = OPENSSL_zalloc(sizeof(pthread_mutex_t));
-    if (lock == NULL)
+    CRYPTO_RWLOCK *lock;
+
+    if ((lock = OPENSSL_zalloc(sizeof(pthread_mutex_t))) == NULL) {
+        /* Don't set error, to avoid recursion blowup. */
         return NULL;
+    }
 
     pthread_mutexattr_init(&attr);
     pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_RECURSIVE);
@@ -168,4 +175,22 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock)
     return 1;
 }
 
+# ifdef OPENSSL_SYS_UNIX
+static pthread_once_t fork_once_control = PTHREAD_ONCE_INIT;
+
+static void fork_once_func(void)
+{
+    pthread_atfork(OPENSSL_fork_prepare,
+                   OPENSSL_fork_parent, OPENSSL_fork_child);
+}
+# endif
+
+int openssl_init_fork_handlers(void)
+{
+# ifdef OPENSSL_SYS_UNIX
+    if (pthread_once(&fork_once_control, fork_once_func) == 0)
+        return 1;
+# endif
+    return 0;
+}
 #endif
diff --git a/deps/openssl/openssl/crypto/threads_win.c b/deps/openssl/openssl/crypto/threads_win.c
index 27334e13f3..d8fdfb74f5 100644
--- a/deps/openssl/openssl/crypto/threads_win.c
+++ b/deps/openssl/openssl/crypto/threads_win.c
@@ -17,9 +17,12 @@
 
 CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void)
 {
-    CRYPTO_RWLOCK *lock = OPENSSL_zalloc(sizeof(CRITICAL_SECTION));
-    if (lock == NULL)
+    CRYPTO_RWLOCK *lock;
+
+    if ((lock = OPENSSL_zalloc(sizeof(CRITICAL_SECTION))) == NULL) {
+        /* Don't set error, to avoid recursion blowup. */
         return NULL;
+    }
 
     /* 0x400 is the spin count value suggested in the documentation */
     if (!InitializeCriticalSectionAndSpinCount(lock, 0x400)) {
@@ -152,4 +155,9 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock)
     return 1;
 }
 
+int openssl_init_fork_handlers(void)
+{
+    return 0;
+}
+
 #endif
diff --git a/deps/openssl/openssl/crypto/ts/ts_asn1.c b/deps/openssl/openssl/crypto/ts/ts_asn1.c
index e60675ab72..8707207082 100644
--- a/deps/openssl/openssl/crypto/ts/ts_asn1.c
+++ b/deps/openssl/openssl/crypto/ts/ts_asn1.c
@@ -225,6 +225,23 @@ ASN1_SEQUENCE(ESS_SIGNING_CERT) = {
 IMPLEMENT_ASN1_FUNCTIONS_const(ESS_SIGNING_CERT)
 IMPLEMENT_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT)
 
+ASN1_SEQUENCE(ESS_CERT_ID_V2) = {
+        ASN1_OPT(ESS_CERT_ID_V2, hash_alg, X509_ALGOR),
+        ASN1_SIMPLE(ESS_CERT_ID_V2, hash, ASN1_OCTET_STRING),
+        ASN1_OPT(ESS_CERT_ID_V2, issuer_serial, ESS_ISSUER_SERIAL)
+} static_ASN1_SEQUENCE_END(ESS_CERT_ID_V2)
+
+IMPLEMENT_ASN1_FUNCTIONS_const(ESS_CERT_ID_V2)
+IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID_V2)
+
+ASN1_SEQUENCE(ESS_SIGNING_CERT_V2) = {
+        ASN1_SEQUENCE_OF(ESS_SIGNING_CERT_V2, cert_ids, ESS_CERT_ID_V2),
+        ASN1_SEQUENCE_OF_OPT(ESS_SIGNING_CERT_V2, policy_info, POLICYINFO)
+} static_ASN1_SEQUENCE_END(ESS_SIGNING_CERT_V2)
+
+IMPLEMENT_ASN1_FUNCTIONS_const(ESS_SIGNING_CERT_V2)
+IMPLEMENT_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT_V2)
+
 /* Getting encapsulated TS_TST_INFO object from PKCS7. */
 TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token)
 {
diff --git a/deps/openssl/openssl/crypto/ts/ts_conf.c b/deps/openssl/openssl/crypto/ts/ts_conf.c
index f5f3934dfd..625089a59b 100644
--- a/deps/openssl/openssl/crypto/ts/ts_conf.c
+++ b/deps/openssl/openssl/crypto/ts/ts_conf.c
@@ -37,6 +37,7 @@
 #define ENV_CLOCK_PRECISION_DIGITS      "clock_precision_digits"
 #define ENV_VALUE_YES                   "yes"
 #define ENV_VALUE_NO                    "no"
+#define ENV_ESS_CERT_ID_ALG             "ess_cert_id_alg"
 
 /* Function definitions for certificate and key loading. */
 
@@ -466,3 +467,27 @@ int TS_CONF_set_ess_cert_id_chain(CONF *conf, const char *section,
     return ts_CONF_add_flag(conf, section, ENV_ESS_CERT_ID_CHAIN,
                             TS_ESS_CERT_ID_CHAIN, ctx);
 }
+
+int TS_CONF_set_ess_cert_id_digest(CONF *conf, const char *section,
+                                   TS_RESP_CTX *ctx)
+{
+    int ret = 0;
+    const EVP_MD *cert_md = NULL;
+    const char *md = NCONF_get_string(conf, section, ENV_ESS_CERT_ID_ALG);
+
+    if (md == NULL)
+        md = "sha1";
+
+    cert_md = EVP_get_digestbyname(md);
+    if (cert_md == NULL) {
+        ts_CONF_invalid(section, ENV_ESS_CERT_ID_ALG);
+        goto err;
+    }
+
+    if (!TS_RESP_CTX_set_ess_cert_id_digest(ctx, cert_md))
+        goto err;
+
+    ret = 1;
+err:
+    return ret;
+}
diff --git a/deps/openssl/openssl/crypto/ts/ts_err.c b/deps/openssl/openssl/crypto/ts/ts_err.c
index a6d73a174b..1f3854d849 100644
--- a/deps/openssl/openssl/crypto/ts/ts_err.c
+++ b/deps/openssl/openssl/crypto/ts/ts_err.c
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -8,124 +8,165 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
 #include <openssl/err.h>
-#include <openssl/ts.h>
+#include <openssl/tserr.h>
 
-/* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_TS,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_TS,0,reason)
-
-static ERR_STRING_DATA TS_str_functs[] = {
-    {ERR_FUNC(TS_F_DEF_SERIAL_CB), "def_serial_cb"},
-    {ERR_FUNC(TS_F_DEF_TIME_CB), "def_time_cb"},
-    {ERR_FUNC(TS_F_ESS_ADD_SIGNING_CERT), "ESS_add_signing_cert"},
-    {ERR_FUNC(TS_F_ESS_CERT_ID_NEW_INIT), "ess_CERT_ID_new_init"},
-    {ERR_FUNC(TS_F_ESS_SIGNING_CERT_NEW_INIT), "ess_SIGNING_CERT_new_init"},
-    {ERR_FUNC(TS_F_INT_TS_RESP_VERIFY_TOKEN), "int_ts_RESP_verify_token"},
-    {ERR_FUNC(TS_F_PKCS7_TO_TS_TST_INFO), "PKCS7_to_TS_TST_INFO"},
-    {ERR_FUNC(TS_F_TS_ACCURACY_SET_MICROS), "TS_ACCURACY_set_micros"},
-    {ERR_FUNC(TS_F_TS_ACCURACY_SET_MILLIS), "TS_ACCURACY_set_millis"},
-    {ERR_FUNC(TS_F_TS_ACCURACY_SET_SECONDS), "TS_ACCURACY_set_seconds"},
-    {ERR_FUNC(TS_F_TS_CHECK_IMPRINTS), "ts_check_imprints"},
-    {ERR_FUNC(TS_F_TS_CHECK_NONCES), "ts_check_nonces"},
-    {ERR_FUNC(TS_F_TS_CHECK_POLICY), "ts_check_policy"},
-    {ERR_FUNC(TS_F_TS_CHECK_SIGNING_CERTS), "ts_check_signing_certs"},
-    {ERR_FUNC(TS_F_TS_CHECK_STATUS_INFO), "ts_check_status_info"},
-    {ERR_FUNC(TS_F_TS_COMPUTE_IMPRINT), "ts_compute_imprint"},
-    {ERR_FUNC(TS_F_TS_CONF_INVALID), "ts_CONF_invalid"},
-    {ERR_FUNC(TS_F_TS_CONF_LOAD_CERT), "TS_CONF_load_cert"},
-    {ERR_FUNC(TS_F_TS_CONF_LOAD_CERTS), "TS_CONF_load_certs"},
-    {ERR_FUNC(TS_F_TS_CONF_LOAD_KEY), "TS_CONF_load_key"},
-    {ERR_FUNC(TS_F_TS_CONF_LOOKUP_FAIL), "ts_CONF_lookup_fail"},
-    {ERR_FUNC(TS_F_TS_CONF_SET_DEFAULT_ENGINE), "TS_CONF_set_default_engine"},
-    {ERR_FUNC(TS_F_TS_GET_STATUS_TEXT), "ts_get_status_text"},
-    {ERR_FUNC(TS_F_TS_MSG_IMPRINT_SET_ALGO), "TS_MSG_IMPRINT_set_algo"},
-    {ERR_FUNC(TS_F_TS_REQ_SET_MSG_IMPRINT), "TS_REQ_set_msg_imprint"},
-    {ERR_FUNC(TS_F_TS_REQ_SET_NONCE), "TS_REQ_set_nonce"},
-    {ERR_FUNC(TS_F_TS_REQ_SET_POLICY_ID), "TS_REQ_set_policy_id"},
-    {ERR_FUNC(TS_F_TS_RESP_CREATE_RESPONSE), "TS_RESP_create_response"},
-    {ERR_FUNC(TS_F_TS_RESP_CREATE_TST_INFO), "ts_RESP_create_tst_info"},
-    {ERR_FUNC(TS_F_TS_RESP_CTX_ADD_FAILURE_INFO),
+static const ERR_STRING_DATA TS_str_functs[] = {
+    {ERR_PACK(ERR_LIB_TS, TS_F_DEF_SERIAL_CB, 0), "def_serial_cb"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_DEF_TIME_CB, 0), "def_time_cb"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_ESS_ADD_SIGNING_CERT, 0),
+     "ess_add_signing_cert"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_ESS_ADD_SIGNING_CERT_V2, 0),
+     "ess_add_signing_cert_v2"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_ESS_CERT_ID_NEW_INIT, 0),
+     "ess_CERT_ID_new_init"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_ESS_CERT_ID_V2_NEW_INIT, 0),
+     "ess_cert_id_v2_new_init"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_ESS_SIGNING_CERT_NEW_INIT, 0),
+     "ess_SIGNING_CERT_new_init"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_ESS_SIGNING_CERT_V2_NEW_INIT, 0),
+     "ess_signing_cert_v2_new_init"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_INT_TS_RESP_VERIFY_TOKEN, 0),
+     "int_ts_RESP_verify_token"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_PKCS7_TO_TS_TST_INFO, 0),
+     "PKCS7_to_TS_TST_INFO"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_ACCURACY_SET_MICROS, 0),
+     "TS_ACCURACY_set_micros"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_ACCURACY_SET_MILLIS, 0),
+     "TS_ACCURACY_set_millis"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_ACCURACY_SET_SECONDS, 0),
+     "TS_ACCURACY_set_seconds"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_CHECK_IMPRINTS, 0), "ts_check_imprints"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_CHECK_NONCES, 0), "ts_check_nonces"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_CHECK_POLICY, 0), "ts_check_policy"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_CHECK_SIGNING_CERTS, 0),
+     "ts_check_signing_certs"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_CHECK_STATUS_INFO, 0),
+     "ts_check_status_info"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_COMPUTE_IMPRINT, 0), "ts_compute_imprint"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_CONF_INVALID, 0), "ts_CONF_invalid"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_CONF_LOAD_CERT, 0), "TS_CONF_load_cert"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_CONF_LOAD_CERTS, 0), "TS_CONF_load_certs"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_CONF_LOAD_KEY, 0), "TS_CONF_load_key"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_CONF_LOOKUP_FAIL, 0), "ts_CONF_lookup_fail"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_CONF_SET_DEFAULT_ENGINE, 0),
+     "TS_CONF_set_default_engine"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_GET_STATUS_TEXT, 0), "ts_get_status_text"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_MSG_IMPRINT_SET_ALGO, 0),
+     "TS_MSG_IMPRINT_set_algo"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_REQ_SET_MSG_IMPRINT, 0),
+     "TS_REQ_set_msg_imprint"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_REQ_SET_NONCE, 0), "TS_REQ_set_nonce"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_REQ_SET_POLICY_ID, 0),
+     "TS_REQ_set_policy_id"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CREATE_RESPONSE, 0),
+     "TS_RESP_create_response"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CREATE_TST_INFO, 0),
+     "ts_RESP_create_tst_info"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CTX_ADD_FAILURE_INFO, 0),
      "TS_RESP_CTX_add_failure_info"},
-    {ERR_FUNC(TS_F_TS_RESP_CTX_ADD_MD), "TS_RESP_CTX_add_md"},
-    {ERR_FUNC(TS_F_TS_RESP_CTX_ADD_POLICY), "TS_RESP_CTX_add_policy"},
-    {ERR_FUNC(TS_F_TS_RESP_CTX_NEW), "TS_RESP_CTX_new"},
-    {ERR_FUNC(TS_F_TS_RESP_CTX_SET_ACCURACY), "TS_RESP_CTX_set_accuracy"},
-    {ERR_FUNC(TS_F_TS_RESP_CTX_SET_CERTS), "TS_RESP_CTX_set_certs"},
-    {ERR_FUNC(TS_F_TS_RESP_CTX_SET_DEF_POLICY), "TS_RESP_CTX_set_def_policy"},
-    {ERR_FUNC(TS_F_TS_RESP_CTX_SET_SIGNER_CERT),
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CTX_ADD_MD, 0), "TS_RESP_CTX_add_md"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CTX_ADD_POLICY, 0),
+     "TS_RESP_CTX_add_policy"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CTX_NEW, 0), "TS_RESP_CTX_new"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CTX_SET_ACCURACY, 0),
+     "TS_RESP_CTX_set_accuracy"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CTX_SET_CERTS, 0),
+     "TS_RESP_CTX_set_certs"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CTX_SET_DEF_POLICY, 0),
+     "TS_RESP_CTX_set_def_policy"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CTX_SET_SIGNER_CERT, 0),
      "TS_RESP_CTX_set_signer_cert"},
-    {ERR_FUNC(TS_F_TS_RESP_CTX_SET_STATUS_INFO),
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CTX_SET_STATUS_INFO, 0),
      "TS_RESP_CTX_set_status_info"},
-    {ERR_FUNC(TS_F_TS_RESP_GET_POLICY), "ts_RESP_get_policy"},
-    {ERR_FUNC(TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION),
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_GET_POLICY, 0), "ts_RESP_get_policy"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION, 0),
      "TS_RESP_set_genTime_with_precision"},
-    {ERR_FUNC(TS_F_TS_RESP_SET_STATUS_INFO), "TS_RESP_set_status_info"},
-    {ERR_FUNC(TS_F_TS_RESP_SET_TST_INFO), "TS_RESP_set_tst_info"},
-    {ERR_FUNC(TS_F_TS_RESP_SIGN), "ts_RESP_sign"},
-    {ERR_FUNC(TS_F_TS_RESP_VERIFY_SIGNATURE), "TS_RESP_verify_signature"},
-    {ERR_FUNC(TS_F_TS_TST_INFO_SET_ACCURACY), "TS_TST_INFO_set_accuracy"},
-    {ERR_FUNC(TS_F_TS_TST_INFO_SET_MSG_IMPRINT),
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_SET_STATUS_INFO, 0),
+     "TS_RESP_set_status_info"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_SET_TST_INFO, 0),
+     "TS_RESP_set_tst_info"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_SIGN, 0), "ts_RESP_sign"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_VERIFY_SIGNATURE, 0),
+     "TS_RESP_verify_signature"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_TST_INFO_SET_ACCURACY, 0),
+     "TS_TST_INFO_set_accuracy"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_TST_INFO_SET_MSG_IMPRINT, 0),
      "TS_TST_INFO_set_msg_imprint"},
-    {ERR_FUNC(TS_F_TS_TST_INFO_SET_NONCE), "TS_TST_INFO_set_nonce"},
-    {ERR_FUNC(TS_F_TS_TST_INFO_SET_POLICY_ID), "TS_TST_INFO_set_policy_id"},
-    {ERR_FUNC(TS_F_TS_TST_INFO_SET_SERIAL), "TS_TST_INFO_set_serial"},
-    {ERR_FUNC(TS_F_TS_TST_INFO_SET_TIME), "TS_TST_INFO_set_time"},
-    {ERR_FUNC(TS_F_TS_TST_INFO_SET_TSA), "TS_TST_INFO_set_tsa"},
-    {ERR_FUNC(TS_F_TS_VERIFY), "TS_VERIFY"},
-    {ERR_FUNC(TS_F_TS_VERIFY_CERT), "ts_verify_cert"},
-    {ERR_FUNC(TS_F_TS_VERIFY_CTX_NEW), "TS_VERIFY_CTX_new"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_TST_INFO_SET_NONCE, 0),
+     "TS_TST_INFO_set_nonce"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_TST_INFO_SET_POLICY_ID, 0),
+     "TS_TST_INFO_set_policy_id"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_TST_INFO_SET_SERIAL, 0),
+     "TS_TST_INFO_set_serial"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_TST_INFO_SET_TIME, 0),
+     "TS_TST_INFO_set_time"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_TST_INFO_SET_TSA, 0), "TS_TST_INFO_set_tsa"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_VERIFY, 0), ""},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_VERIFY_CERT, 0), "ts_verify_cert"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_VERIFY_CTX_NEW, 0), "TS_VERIFY_CTX_new"},
     {0, NULL}
 };
 
-static ERR_STRING_DATA TS_str_reasons[] = {
-    {ERR_REASON(TS_R_BAD_PKCS7_TYPE), "bad pkcs7 type"},
-    {ERR_REASON(TS_R_BAD_TYPE), "bad type"},
-    {ERR_REASON(TS_R_CANNOT_LOAD_CERT), "cannot load certificate"},
-    {ERR_REASON(TS_R_CANNOT_LOAD_KEY), "cannot load private key"},
-    {ERR_REASON(TS_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"},
-    {ERR_REASON(TS_R_COULD_NOT_SET_ENGINE), "could not set engine"},
-    {ERR_REASON(TS_R_COULD_NOT_SET_TIME), "could not set time"},
-    {ERR_REASON(TS_R_DETACHED_CONTENT), "detached content"},
-    {ERR_REASON(TS_R_ESS_ADD_SIGNING_CERT_ERROR),
-     "ess add signing cert error"},
-    {ERR_REASON(TS_R_ESS_SIGNING_CERTIFICATE_ERROR),
-     "ess signing certificate error"},
-    {ERR_REASON(TS_R_INVALID_NULL_POINTER), "invalid null pointer"},
-    {ERR_REASON(TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE),
-     "invalid signer certificate purpose"},
-    {ERR_REASON(TS_R_MESSAGE_IMPRINT_MISMATCH), "message imprint mismatch"},
-    {ERR_REASON(TS_R_NONCE_MISMATCH), "nonce mismatch"},
-    {ERR_REASON(TS_R_NONCE_NOT_RETURNED), "nonce not returned"},
-    {ERR_REASON(TS_R_NO_CONTENT), "no content"},
-    {ERR_REASON(TS_R_NO_TIME_STAMP_TOKEN), "no time stamp token"},
-    {ERR_REASON(TS_R_PKCS7_ADD_SIGNATURE_ERROR), "pkcs7 add signature error"},
-    {ERR_REASON(TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR),
-     "pkcs7 add signed attr error"},
-    {ERR_REASON(TS_R_PKCS7_TO_TS_TST_INFO_FAILED),
-     "pkcs7 to ts tst info failed"},
-    {ERR_REASON(TS_R_POLICY_MISMATCH), "policy mismatch"},
-    {ERR_REASON(TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),
-     "private key does not match certificate"},
-    {ERR_REASON(TS_R_RESPONSE_SETUP_ERROR), "response setup error"},
-    {ERR_REASON(TS_R_SIGNATURE_FAILURE), "signature failure"},
-    {ERR_REASON(TS_R_THERE_MUST_BE_ONE_SIGNER), "there must be one signer"},
-    {ERR_REASON(TS_R_TIME_SYSCALL_ERROR), "time syscall error"},
-    {ERR_REASON(TS_R_TOKEN_NOT_PRESENT), "token not present"},
-    {ERR_REASON(TS_R_TOKEN_PRESENT), "token present"},
-    {ERR_REASON(TS_R_TSA_NAME_MISMATCH), "tsa name mismatch"},
-    {ERR_REASON(TS_R_TSA_UNTRUSTED), "tsa untrusted"},
-    {ERR_REASON(TS_R_TST_INFO_SETUP_ERROR), "tst info setup error"},
-    {ERR_REASON(TS_R_TS_DATASIGN), "ts datasign"},
-    {ERR_REASON(TS_R_UNACCEPTABLE_POLICY), "unacceptable policy"},
-    {ERR_REASON(TS_R_UNSUPPORTED_MD_ALGORITHM), "unsupported md algorithm"},
-    {ERR_REASON(TS_R_UNSUPPORTED_VERSION), "unsupported version"},
-    {ERR_REASON(TS_R_VAR_BAD_VALUE), "var bad value"},
-    {ERR_REASON(TS_R_VAR_LOOKUP_FAILURE), "cannot find config variable"},
-    {ERR_REASON(TS_R_WRONG_CONTENT_TYPE), "wrong content type"},
+static const ERR_STRING_DATA TS_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_BAD_PKCS7_TYPE), "bad pkcs7 type"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_BAD_TYPE), "bad type"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_CANNOT_LOAD_CERT), "cannot load certificate"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_CANNOT_LOAD_KEY), "cannot load private key"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_CERTIFICATE_VERIFY_ERROR),
+    "certificate verify error"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_COULD_NOT_SET_ENGINE),
+    "could not set engine"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_COULD_NOT_SET_TIME), "could not set time"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_DETACHED_CONTENT), "detached content"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_ESS_ADD_SIGNING_CERT_ERROR),
+    "ess add signing cert error"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_ESS_ADD_SIGNING_CERT_V2_ERROR),
+    "ess add signing cert v2 error"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_ESS_SIGNING_CERTIFICATE_ERROR),
+    "ess signing certificate error"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_INVALID_NULL_POINTER),
+    "invalid null pointer"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE),
+    "invalid signer certificate purpose"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_MESSAGE_IMPRINT_MISMATCH),
+    "message imprint mismatch"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_NONCE_MISMATCH), "nonce mismatch"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_NONCE_NOT_RETURNED), "nonce not returned"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_NO_CONTENT), "no content"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_NO_TIME_STAMP_TOKEN), "no time stamp token"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_PKCS7_ADD_SIGNATURE_ERROR),
+    "pkcs7 add signature error"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR),
+    "pkcs7 add signed attr error"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_PKCS7_TO_TS_TST_INFO_FAILED),
+    "pkcs7 to ts tst info failed"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_POLICY_MISMATCH), "policy mismatch"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),
+    "private key does not match certificate"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_RESPONSE_SETUP_ERROR),
+    "response setup error"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_SIGNATURE_FAILURE), "signature failure"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_THERE_MUST_BE_ONE_SIGNER),
+    "there must be one signer"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_TIME_SYSCALL_ERROR), "time syscall error"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_TOKEN_NOT_PRESENT), "token not present"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_TOKEN_PRESENT), "token present"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_TSA_NAME_MISMATCH), "tsa name mismatch"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_TSA_UNTRUSTED), "tsa untrusted"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_TST_INFO_SETUP_ERROR),
+    "tst info setup error"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_TS_DATASIGN), "ts datasign"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_UNACCEPTABLE_POLICY), "unacceptable policy"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_UNSUPPORTED_MD_ALGORITHM),
+    "unsupported md algorithm"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_UNSUPPORTED_VERSION), "unsupported version"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_VAR_BAD_VALUE), "var bad value"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_VAR_LOOKUP_FAILURE),
+    "cannot find config variable"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_WRONG_CONTENT_TYPE), "wrong content type"},
     {0, NULL}
 };
 
@@ -134,10 +175,9 @@ static ERR_STRING_DATA TS_str_reasons[] = {
 int ERR_load_TS_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
-
     if (ERR_func_error_string(TS_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, TS_str_functs);
-        ERR_load_strings(0, TS_str_reasons);
+        ERR_load_strings_const(TS_str_functs);
+        ERR_load_strings_const(TS_str_reasons);
     }
 #endif
     return 1;
diff --git a/deps/openssl/openssl/crypto/ts/ts_lcl.h b/deps/openssl/openssl/crypto/ts/ts_lcl.h
index d0c3cf816e..771784fef7 100644
--- a/deps/openssl/openssl/crypto/ts/ts_lcl.h
+++ b/deps/openssl/openssl/crypto/ts/ts_lcl.h
@@ -131,11 +131,39 @@ struct ESS_signing_cert {
     STACK_OF(POLICYINFO) *policy_info;
 };
 
+/*-
+ * ESSCertIDv2 ::=  SEQUENCE {
+ *        hashAlgorithm           AlgorithmIdentifier
+ *                DEFAULT {algorithm id-sha256},
+ *        certHash                Hash,
+ *        issuerSerial            IssuerSerial OPTIONAL
+ * }
+ */
+
+struct ESS_cert_id_v2_st {
+    X509_ALGOR *hash_alg;       /* Default: SHA-256 */
+    ASN1_OCTET_STRING *hash;
+    ESS_ISSUER_SERIAL *issuer_serial;
+};
+
+/*-
+ * SigningCertificateV2 ::= SEQUENCE {
+ *        certs                   SEQUENCE OF ESSCertIDv2,
+ *        policies                SEQUENCE OF PolicyInformation OPTIONAL
+ * }
+ */
+
+struct ESS_signing_cert_v2_st {
+    STACK_OF(ESS_CERT_ID_V2) *cert_ids;
+    STACK_OF(POLICYINFO) *policy_info;
+};
+
 
 struct TS_resp_ctx {
     X509 *signer_cert;
     EVP_PKEY *signer_key;
     const EVP_MD *signer_md;
+    const EVP_MD *ess_cert_id_digest;
     STACK_OF(X509) *certs;      /* Certs to include in signed data. */
     STACK_OF(ASN1_OBJECT) *policies; /* Acceptable policies. */
     ASN1_OBJECT *default_policy; /* It may appear in policies, too. */
diff --git a/deps/openssl/openssl/crypto/ts/ts_rsp_sign.c b/deps/openssl/openssl/crypto/ts/ts_rsp_sign.c
index 0d714a71b7..1b2b84ef6b 100644
--- a/deps/openssl/openssl/crypto/ts/ts_rsp_sign.c
+++ b/deps/openssl/openssl/crypto/ts/ts_rsp_sign.c
@@ -7,12 +7,9 @@
  * https://www.openssl.org/source/license.html
  */
 
+#include "e_os.h"
 #include "internal/cryptlib.h"
 
-#if defined(OPENSSL_SYS_UNIX)
-# include <sys/time.h>
-#endif
-
 #include <openssl/objects.h>
 #include <openssl/ts.h>
 #include <openssl/pkcs7.h>
@@ -36,7 +33,16 @@ static ESS_SIGNING_CERT *ess_SIGNING_CERT_new_init(X509 *signcert,
                                                    STACK_OF(X509) *certs);
 static ESS_CERT_ID *ess_CERT_ID_new_init(X509 *cert, int issuer_needed);
 static int ts_TST_INFO_content_new(PKCS7 *p7);
-static int ESS_add_signing_cert(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc);
+static int ess_add_signing_cert(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc);
+
+static ESS_SIGNING_CERT_V2 *ess_signing_cert_v2_new_init(const EVP_MD *hash_alg,
+                                                         X509 *signcert,
+                                                         STACK_OF(X509)
+                                                         *certs);
+static ESS_CERT_ID_V2 *ess_cert_id_v2_new_init(const EVP_MD *hash_alg,
+                                               X509 *cert, int issuer_needed);
+static int ess_add_signing_cert_v2(PKCS7_SIGNER_INFO *si,
+                                   ESS_SIGNING_CERT_V2 *sc);
 
 static ASN1_GENERALIZEDTIME
 *TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *, long, long,
@@ -111,7 +117,7 @@ static int def_extension_cb(struct TS_resp_ctx *ctx, X509_EXTENSION *ext,
 
 /* TS_RESP_CTX management functions. */
 
-TS_RESP_CTX *TS_RESP_CTX_new()
+TS_RESP_CTX *TS_RESP_CTX_new(void)
 {
     TS_RESP_CTX *ctx;
 
@@ -629,6 +635,7 @@ static int ts_RESP_sign(TS_RESP_CTX *ctx)
     PKCS7 *p7 = NULL;
     PKCS7_SIGNER_INFO *si;
     STACK_OF(X509) *certs;      /* Certificates to include in sc. */
+    ESS_SIGNING_CERT_V2 *sc2 = NULL;
     ESS_SIGNING_CERT *sc = NULL;
     ASN1_OBJECT *oid;
     BIO *p7bio = NULL;
@@ -672,11 +679,25 @@ static int ts_RESP_sign(TS_RESP_CTX *ctx)
     }
 
     certs = ctx->flags & TS_ESS_CERT_ID_CHAIN ? ctx->certs : NULL;
-    if ((sc = ess_SIGNING_CERT_new_init(ctx->signer_cert, certs)) == NULL)
-        goto err;
-    if (!ESS_add_signing_cert(si, sc)) {
-        TSerr(TS_F_TS_RESP_SIGN, TS_R_ESS_ADD_SIGNING_CERT_ERROR);
-        goto err;
+    if (ctx->ess_cert_id_digest == NULL
+        || ctx->ess_cert_id_digest == EVP_sha1()) {
+        if ((sc = ess_SIGNING_CERT_new_init(ctx->signer_cert, certs)) == NULL)
+            goto err;
+
+        if (!ess_add_signing_cert(si, sc)) {
+            TSerr(TS_F_TS_RESP_SIGN, TS_R_ESS_ADD_SIGNING_CERT_ERROR);
+            goto err;
+        }
+    } else {
+        sc2 = ess_signing_cert_v2_new_init(ctx->ess_cert_id_digest,
+                                           ctx->signer_cert, certs);
+        if (sc2 == NULL)
+            goto err;
+
+        if (!ess_add_signing_cert_v2(si, sc2)) {
+            TSerr(TS_F_TS_RESP_SIGN, TS_R_ESS_ADD_SIGNING_CERT_V2_ERROR);
+            goto err;
+        }
     }
 
     if (!ts_TST_INFO_content_new(p7))
@@ -704,6 +725,7 @@ static int ts_RESP_sign(TS_RESP_CTX *ctx)
                                          "Error during signature "
                                          "generation.");
     BIO_free_all(p7bio);
+    ESS_SIGNING_CERT_V2_free(sc2);
     ESS_SIGNING_CERT_free(sc);
     PKCS7_free(p7);
     return ret;
@@ -807,7 +829,7 @@ static int ts_TST_INFO_content_new(PKCS7 *p7)
     return 0;
 }
 
-static int ESS_add_signing_cert(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc)
+static int ess_add_signing_cert(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc)
 {
     ASN1_STRING *seq = NULL;
     unsigned char *p, *pp = NULL;
@@ -836,9 +858,133 @@ static int ESS_add_signing_cert(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc)
     return 0;
 }
 
-static ASN1_GENERALIZEDTIME
-*TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time,
-                                    long sec, long usec, unsigned precision)
+static ESS_SIGNING_CERT_V2 *ess_signing_cert_v2_new_init(const EVP_MD *hash_alg,
+                                                         X509 *signcert,
+                                                         STACK_OF(X509) *certs)
+{
+    ESS_CERT_ID_V2 *cid = NULL;
+    ESS_SIGNING_CERT_V2 *sc = NULL;
+    int i;
+
+    if ((sc = ESS_SIGNING_CERT_V2_new()) == NULL)
+        goto err;
+    if ((cid = ess_cert_id_v2_new_init(hash_alg, signcert, 0)) == NULL)
+        goto err;
+    if (!sk_ESS_CERT_ID_V2_push(sc->cert_ids, cid))
+        goto err;
+    cid = NULL;
+
+    for (i = 0; i < sk_X509_num(certs); ++i) {
+        X509 *cert = sk_X509_value(certs, i);
+
+        if ((cid = ess_cert_id_v2_new_init(hash_alg, cert, 1)) == NULL)
+            goto err;
+        if (!sk_ESS_CERT_ID_V2_push(sc->cert_ids, cid))
+            goto err;
+        cid = NULL;
+    }
+
+    return sc;
+ err:
+    ESS_SIGNING_CERT_V2_free(sc);
+    ESS_CERT_ID_V2_free(cid);
+    TSerr(TS_F_ESS_SIGNING_CERT_V2_NEW_INIT, ERR_R_MALLOC_FAILURE);
+    return NULL;
+}
+
+static ESS_CERT_ID_V2 *ess_cert_id_v2_new_init(const EVP_MD *hash_alg,
+                                               X509 *cert, int issuer_needed)
+{
+    ESS_CERT_ID_V2 *cid = NULL;
+    GENERAL_NAME *name = NULL;
+    unsigned char hash[EVP_MAX_MD_SIZE];
+    unsigned int hash_len = sizeof(hash);
+    X509_ALGOR *alg = NULL;
+
+    memset(hash, 0, sizeof(hash));
+
+    if ((cid = ESS_CERT_ID_V2_new()) == NULL)
+        goto err;
+
+    if (hash_alg != EVP_sha256()) {
+        alg = X509_ALGOR_new();
+        if (alg == NULL)
+            goto err;
+        X509_ALGOR_set_md(alg, hash_alg);
+        if (alg->algorithm == NULL)
+            goto err;
+        cid->hash_alg = alg;
+        alg = NULL;
+    } else {
+        cid->hash_alg = NULL;
+    }
+
+    if (!X509_digest(cert, hash_alg, hash, &hash_len))
+        goto err;
+
+    if (!ASN1_OCTET_STRING_set(cid->hash, hash, hash_len))
+        goto err;
+
+    if (issuer_needed) {
+        if ((cid->issuer_serial = ESS_ISSUER_SERIAL_new()) == NULL)
+            goto err;
+        if ((name = GENERAL_NAME_new()) == NULL)
+            goto err;
+        name->type = GEN_DIRNAME;
+        if ((name->d.dirn = X509_NAME_dup(X509_get_issuer_name(cert))) == NULL)
+            goto err;
+        if (!sk_GENERAL_NAME_push(cid->issuer_serial->issuer, name))
+            goto err;
+        name = NULL;            /* Ownership is lost. */
+        ASN1_INTEGER_free(cid->issuer_serial->serial);
+        cid->issuer_serial->serial =
+                ASN1_INTEGER_dup(X509_get_serialNumber(cert));
+        if (cid->issuer_serial->serial == NULL)
+            goto err;
+    }
+
+    return cid;
+ err:
+    X509_ALGOR_free(alg);
+    GENERAL_NAME_free(name);
+    ESS_CERT_ID_V2_free(cid);
+    TSerr(TS_F_ESS_CERT_ID_V2_NEW_INIT, ERR_R_MALLOC_FAILURE);
+    return NULL;
+}
+
+static int ess_add_signing_cert_v2(PKCS7_SIGNER_INFO *si,
+                                   ESS_SIGNING_CERT_V2 *sc)
+{
+    ASN1_STRING *seq = NULL;
+    unsigned char *p, *pp = NULL;
+    int len = i2d_ESS_SIGNING_CERT_V2(sc, NULL);
+
+    if ((pp = OPENSSL_malloc(len)) == NULL) {
+        TSerr(TS_F_ESS_ADD_SIGNING_CERT_V2, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    p = pp;
+    i2d_ESS_SIGNING_CERT_V2(sc, &p);
+    if ((seq = ASN1_STRING_new()) == NULL || !ASN1_STRING_set(seq, pp, len)) {
+        TSerr(TS_F_ESS_ADD_SIGNING_CERT_V2, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    OPENSSL_free(pp);
+    pp = NULL;
+    return PKCS7_add_signed_attribute(si,
+                                      NID_id_smime_aa_signingCertificateV2,
+                                      V_ASN1_SEQUENCE, seq);
+ err:
+    ASN1_STRING_free(seq);
+    OPENSSL_free(pp);
+    return 0;
+}
+
+static ASN1_GENERALIZEDTIME *TS_RESP_set_genTime_with_precision(
+        ASN1_GENERALIZEDTIME *asn1_time, long sec, long usec,
+        unsigned precision)
 {
     time_t time_sec = (time_t)sec;
     struct tm *tm = NULL, tm_result;
@@ -903,3 +1049,9 @@ static ASN1_GENERALIZEDTIME
     TSerr(TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION, TS_R_COULD_NOT_SET_TIME);
     return NULL;
 }
+
+int TS_RESP_CTX_set_ess_cert_id_digest(TS_RESP_CTX *ctx, const EVP_MD *md)
+{
+    ctx->ess_cert_id_digest = md;
+    return 1;
+}
diff --git a/deps/openssl/openssl/crypto/ts/ts_rsp_verify.c b/deps/openssl/openssl/crypto/ts/ts_rsp_verify.c
index 2755dd0ef3..9deda81b07 100644
--- a/deps/openssl/openssl/crypto/ts/ts_rsp_verify.c
+++ b/deps/openssl/openssl/crypto/ts/ts_rsp_verify.c
@@ -37,6 +37,8 @@ static int ts_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info);
 static int ts_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer);
 static int ts_find_name(STACK_OF(GENERAL_NAME) *gen_names,
                         GENERAL_NAME *name);
+static int ts_find_cert_v2(STACK_OF(ESS_CERT_ID_V2) *cert_ids, X509 *cert);
+static ESS_SIGNING_CERT_V2 *ess_get_signing_cert_v2(PKCS7_SIGNER_INFO *si);
 
 /*
  * This must be large enough to hold all values in ts_status_text (with
@@ -201,34 +203,57 @@ static int ts_check_signing_certs(PKCS7_SIGNER_INFO *si,
 {
     ESS_SIGNING_CERT *ss = ess_get_signing_cert(si);
     STACK_OF(ESS_CERT_ID) *cert_ids = NULL;
+    ESS_SIGNING_CERT_V2 *ssv2 = ess_get_signing_cert_v2(si);
+    STACK_OF(ESS_CERT_ID_V2) *cert_ids_v2 = NULL;
     X509 *cert;
     int i = 0;
     int ret = 0;
 
-    if (!ss)
-        goto err;
-    cert_ids = ss->cert_ids;
-    cert = sk_X509_value(chain, 0);
-    if (ts_find_cert(cert_ids, cert) != 0)
-        goto err;
+    if (ss != NULL) {
+        cert_ids = ss->cert_ids;
+        cert = sk_X509_value(chain, 0);
+        if (ts_find_cert(cert_ids, cert) != 0)
+            goto err;
 
-    /*
-     * Check the other certificates of the chain if there are more than one
-     * certificate ids in cert_ids.
-     */
-    if (sk_ESS_CERT_ID_num(cert_ids) > 1) {
-        for (i = 1; i < sk_X509_num(chain); ++i) {
-            cert = sk_X509_value(chain, i);
-            if (ts_find_cert(cert_ids, cert) < 0)
-                goto err;
+        /*
+         * Check the other certificates of the chain if there are more than one
+         * certificate ids in cert_ids.
+         */
+        if (sk_ESS_CERT_ID_num(cert_ids) > 1) {
+            for (i = 1; i < sk_X509_num(chain); ++i) {
+                cert = sk_X509_value(chain, i);
+                if (ts_find_cert(cert_ids, cert) < 0)
+                    goto err;
+            }
         }
+    } else if (ssv2 != NULL) {
+        cert_ids_v2 = ssv2->cert_ids;
+        cert = sk_X509_value(chain, 0);
+        if (ts_find_cert_v2(cert_ids_v2, cert) != 0)
+            goto err;
+
+        /*
+         * Check the other certificates of the chain if there are more than one
+         * certificate ids in cert_ids.
+         */
+        if (sk_ESS_CERT_ID_V2_num(cert_ids_v2) > 1) {
+            for (i = 1; i < sk_X509_num(chain); ++i) {
+                cert = sk_X509_value(chain, i);
+                if (ts_find_cert_v2(cert_ids_v2, cert) < 0)
+                    goto err;
+            }
+        }
+    } else {
+        goto err;
     }
+
     ret = 1;
  err:
     if (!ret)
         TSerr(TS_F_TS_CHECK_SIGNING_CERTS,
               TS_R_ESS_SIGNING_CERTIFICATE_ERROR);
     ESS_SIGNING_CERT_free(ss);
+    ESS_SIGNING_CERT_V2_free(ssv2);
     return ret;
 }
 
@@ -243,6 +268,18 @@ static ESS_SIGNING_CERT *ess_get_signing_cert(PKCS7_SIGNER_INFO *si)
     return d2i_ESS_SIGNING_CERT(NULL, &p, attr->value.sequence->length);
 }
 
+static ESS_SIGNING_CERT_V2 *ess_get_signing_cert_v2(PKCS7_SIGNER_INFO *si)
+{
+    ASN1_TYPE *attr;
+    const unsigned char *p;
+
+    attr = PKCS7_get_signed_attribute(si, NID_id_smime_aa_signingCertificateV2);
+    if (attr == NULL)
+        return NULL;
+    p = attr->value.sequence->data;
+    return d2i_ESS_SIGNING_CERT_V2(NULL, &p, attr->value.sequence->length);
+}
+
 /* Returns < 0 if certificate is not found, certificate index otherwise. */
 static int ts_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert)
 {
@@ -272,6 +309,38 @@ static int ts_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert)
     return -1;
 }
 
+/* Returns < 0 if certificate is not found, certificate index otherwise. */
+static int ts_find_cert_v2(STACK_OF(ESS_CERT_ID_V2) *cert_ids, X509 *cert)
+{
+    int i;
+    unsigned char cert_digest[EVP_MAX_MD_SIZE];
+    unsigned int len;
+
+    /* Look for cert in the cert_ids vector. */
+    for (i = 0; i < sk_ESS_CERT_ID_V2_num(cert_ids); ++i) {
+        ESS_CERT_ID_V2 *cid = sk_ESS_CERT_ID_V2_value(cert_ids, i);
+        const EVP_MD *md;
+
+        if (cid->hash_alg != NULL)
+            md = EVP_get_digestbyobj(cid->hash_alg->algorithm);
+        else
+            md = EVP_sha256();
+
+        X509_digest(cert, md, cert_digest, &len);
+        if (cid->hash->length != (int)len)
+            return -1;
+
+        if (memcmp(cid->hash->data, cert_digest, cid->hash->length) == 0) {
+            ESS_ISSUER_SERIAL *is = cid->issuer_serial;
+
+            if (is == NULL || !ts_issuer_serial_cmp(is, cert))
+                return i;
+        }
+    }
+
+    return -1;
+}
+
 static int ts_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509 *cert)
 {
     GENERAL_NAME *issuer;
@@ -480,7 +549,7 @@ static char *ts_get_status_text(STACK_OF(ASN1_UTF8STRING) *text)
     return result;
 }
 
-static int ts_check_policy(const ASN1_OBJECT *req_oid, 
+static int ts_check_policy(const ASN1_OBJECT *req_oid,
                            const TS_TST_INFO *tst_info)
 {
     const ASN1_OBJECT *resp_oid = tst_info->policy_id;
diff --git a/deps/openssl/openssl/crypto/txt_db/txt_db.c b/deps/openssl/openssl/crypto/txt_db/txt_db.c
index cf932a52aa..c4e1782514 100644
--- a/deps/openssl/openssl/crypto/txt_db/txt_db.c
+++ b/deps/openssl/openssl/crypto/txt_db/txt_db.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -124,7 +124,7 @@ TXT_DB *TXT_DB_read(BIO *in, int num)
         OPENSSL_free(ret->qual);
         OPENSSL_free(ret);
     }
-    return (NULL);
+    return NULL;
 }
 
 OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx,
@@ -135,16 +135,16 @@ OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx,
 
     if (idx >= db->num_fields) {
         db->error = DB_ERROR_INDEX_OUT_OF_RANGE;
-        return (NULL);
+        return NULL;
     }
     lh = db->index[idx];
     if (lh == NULL) {
         db->error = DB_ERROR_NO_INDEX;
-        return (NULL);
+        return NULL;
     }
     ret = lh_OPENSSL_STRING_retrieve(lh, value);
     db->error = DB_ERROR_OK;
-    return (ret);
+    return ret;
 }
 
 int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (OPENSSL_STRING *),
@@ -156,12 +156,12 @@ int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (OPENSSL_STRING *),
 
     if (field >= db->num_fields) {
         db->error = DB_ERROR_INDEX_OUT_OF_RANGE;
-        return (0);
+        return 0;
     }
     /* FIXME: we lose type checking at this point */
     if ((idx = (LHASH_OF(OPENSSL_STRING) *)OPENSSL_LH_new(hash, cmp)) == NULL) {
         db->error = DB_ERROR_MALLOC;
-        return (0);
+        return 0;
     }
     n = sk_OPENSSL_PSTRING_num(db->data);
     for (i = 0; i < n; i++) {
@@ -173,18 +173,18 @@ int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (OPENSSL_STRING *),
             db->arg1 = sk_OPENSSL_PSTRING_find(db->data, k);
             db->arg2 = i;
             lh_OPENSSL_STRING_free(idx);
-            return (0);
+            return 0;
         }
         if (lh_OPENSSL_STRING_retrieve(idx, r) == NULL) {
             db->error = DB_ERROR_MALLOC;
             lh_OPENSSL_STRING_free(idx);
-            return (0);
+            return 0;
         }
     }
     lh_OPENSSL_STRING_free(db->index[field]);
     db->index[field] = idx;
     db->qual[field] = qual;
-    return (1);
+    return 1;
 }
 
 long TXT_DB_write(BIO *out, TXT_DB *db)
@@ -231,7 +231,7 @@ long TXT_DB_write(BIO *out, TXT_DB *db)
     ret = tot;
  err:
     BUF_MEM_free(buf);
-    return (ret);
+    return ret;
 }
 
 int TXT_DB_insert(TXT_DB *db, OPENSSL_STRING *row)
@@ -264,7 +264,7 @@ int TXT_DB_insert(TXT_DB *db, OPENSSL_STRING *row)
     }
     if (!sk_OPENSSL_PSTRING_push(db->data, row))
         goto err1;
-    return (1);
+    return 1;
 
  err1:
     db->error = DB_ERROR_MALLOC;
@@ -276,7 +276,7 @@ int TXT_DB_insert(TXT_DB *db, OPENSSL_STRING *row)
         }
     }
  err:
-    return (0);
+    return 0;
 }
 
 void TXT_DB_free(TXT_DB *db)
@@ -286,7 +286,6 @@ void TXT_DB_free(TXT_DB *db)
 
     if (db == NULL)
         return;
-
     if (db->index != NULL) {
         for (i = db->num_fields - 1; i >= 0; i--)
             lh_OPENSSL_STRING_free(db->index[i]);
diff --git a/deps/openssl/openssl/crypto/ui/build.info b/deps/openssl/openssl/crypto/ui/build.info
index fcb45af7eb..c5d17fb744 100644
--- a/deps/openssl/openssl/crypto/ui/build.info
+++ b/deps/openssl/openssl/crypto/ui/build.info
@@ -1,3 +1,3 @@
 LIBS=../../libcrypto
 SOURCE[../../libcrypto]=\
-        ui_err.c ui_lib.c ui_openssl.c ui_util.c
+        ui_err.c ui_lib.c ui_openssl.c ui_null.c ui_util.c
diff --git a/deps/openssl/openssl/crypto/ui/ui_err.c b/deps/openssl/openssl/crypto/ui/ui_err.c
index c8640feaf1..b806872c30 100644
--- a/deps/openssl/openssl/crypto/ui/ui_err.c
+++ b/deps/openssl/openssl/crypto/ui/ui_err.c
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -8,52 +8,59 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
 #include <openssl/err.h>
-#include <openssl/ui.h>
+#include <openssl/uierr.h>
 
-/* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_UI,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_UI,0,reason)
-
-static ERR_STRING_DATA UI_str_functs[] = {
-    {ERR_FUNC(UI_F_CLOSE_CONSOLE), "close_console"},
-    {ERR_FUNC(UI_F_ECHO_CONSOLE), "echo_console"},
-    {ERR_FUNC(UI_F_GENERAL_ALLOCATE_BOOLEAN), "general_allocate_boolean"},
-    {ERR_FUNC(UI_F_GENERAL_ALLOCATE_PROMPT), "general_allocate_prompt"},
-    {ERR_FUNC(UI_F_NOECHO_CONSOLE), "noecho_console"},
-    {ERR_FUNC(UI_F_OPEN_CONSOLE), "open_console"},
-    {ERR_FUNC(UI_F_UI_CREATE_METHOD), "UI_create_method"},
-    {ERR_FUNC(UI_F_UI_CTRL), "UI_ctrl"},
-    {ERR_FUNC(UI_F_UI_DUP_ERROR_STRING), "UI_dup_error_string"},
-    {ERR_FUNC(UI_F_UI_DUP_INFO_STRING), "UI_dup_info_string"},
-    {ERR_FUNC(UI_F_UI_DUP_INPUT_BOOLEAN), "UI_dup_input_boolean"},
-    {ERR_FUNC(UI_F_UI_DUP_INPUT_STRING), "UI_dup_input_string"},
-    {ERR_FUNC(UI_F_UI_DUP_VERIFY_STRING), "UI_dup_verify_string"},
-    {ERR_FUNC(UI_F_UI_GET0_RESULT), "UI_get0_result"},
-    {ERR_FUNC(UI_F_UI_NEW_METHOD), "UI_new_method"},
-    {ERR_FUNC(UI_F_UI_PROCESS), "UI_process"},
-    {ERR_FUNC(UI_F_UI_SET_RESULT), "UI_set_result"},
+static const ERR_STRING_DATA UI_str_functs[] = {
+    {ERR_PACK(ERR_LIB_UI, UI_F_CLOSE_CONSOLE, 0), "close_console"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_ECHO_CONSOLE, 0), "echo_console"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_GENERAL_ALLOCATE_BOOLEAN, 0),
+     "general_allocate_boolean"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_GENERAL_ALLOCATE_PROMPT, 0),
+     "general_allocate_prompt"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_NOECHO_CONSOLE, 0), "noecho_console"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_OPEN_CONSOLE, 0), "open_console"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_CONSTRUCT_PROMPT, 0), "UI_construct_prompt"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_CREATE_METHOD, 0), "UI_create_method"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_CTRL, 0), "UI_ctrl"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_DUP_ERROR_STRING, 0), "UI_dup_error_string"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_DUP_INFO_STRING, 0), "UI_dup_info_string"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_DUP_INPUT_BOOLEAN, 0),
+     "UI_dup_input_boolean"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_DUP_INPUT_STRING, 0), "UI_dup_input_string"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_DUP_USER_DATA, 0), "UI_dup_user_data"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_DUP_VERIFY_STRING, 0),
+     "UI_dup_verify_string"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_GET0_RESULT, 0), "UI_get0_result"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_GET_RESULT_LENGTH, 0),
+     "UI_get_result_length"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_NEW_METHOD, 0), "UI_new_method"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_PROCESS, 0), "UI_process"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_SET_RESULT, 0), "UI_set_result"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_SET_RESULT_EX, 0), "UI_set_result_ex"},
     {0, NULL}
 };
 
-static ERR_STRING_DATA UI_str_reasons[] = {
-    {ERR_REASON(UI_R_COMMON_OK_AND_CANCEL_CHARACTERS),
-     "common ok and cancel characters"},
-    {ERR_REASON(UI_R_INDEX_TOO_LARGE), "index too large"},
-    {ERR_REASON(UI_R_INDEX_TOO_SMALL), "index too small"},
-    {ERR_REASON(UI_R_NO_RESULT_BUFFER), "no result buffer"},
-    {ERR_REASON(UI_R_PROCESSING_ERROR), "processing error"},
-    {ERR_REASON(UI_R_RESULT_TOO_LARGE), "result too large"},
-    {ERR_REASON(UI_R_RESULT_TOO_SMALL), "result too small"},
-    {ERR_REASON(UI_R_SYSASSIGN_ERROR), "sys$assign error"},
-    {ERR_REASON(UI_R_SYSDASSGN_ERROR), "sys$dassgn error"},
-    {ERR_REASON(UI_R_SYSQIOW_ERROR), "sys$qiow error"},
-    {ERR_REASON(UI_R_UNKNOWN_CONTROL_COMMAND), "unknown control command"},
-    {ERR_REASON(UI_R_UNKNOWN_TTYGET_ERRNO_VALUE),
-     "unknown ttyget errno value"},
+static const ERR_STRING_DATA UI_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_UI, 0, UI_R_COMMON_OK_AND_CANCEL_CHARACTERS),
+    "common ok and cancel characters"},
+    {ERR_PACK(ERR_LIB_UI, 0, UI_R_INDEX_TOO_LARGE), "index too large"},
+    {ERR_PACK(ERR_LIB_UI, 0, UI_R_INDEX_TOO_SMALL), "index too small"},
+    {ERR_PACK(ERR_LIB_UI, 0, UI_R_NO_RESULT_BUFFER), "no result buffer"},
+    {ERR_PACK(ERR_LIB_UI, 0, UI_R_PROCESSING_ERROR), "processing error"},
+    {ERR_PACK(ERR_LIB_UI, 0, UI_R_RESULT_TOO_LARGE), "result too large"},
+    {ERR_PACK(ERR_LIB_UI, 0, UI_R_RESULT_TOO_SMALL), "result too small"},
+    {ERR_PACK(ERR_LIB_UI, 0, UI_R_SYSASSIGN_ERROR), "sys$assign error"},
+    {ERR_PACK(ERR_LIB_UI, 0, UI_R_SYSDASSGN_ERROR), "sys$dassgn error"},
+    {ERR_PACK(ERR_LIB_UI, 0, UI_R_SYSQIOW_ERROR), "sys$qiow error"},
+    {ERR_PACK(ERR_LIB_UI, 0, UI_R_UNKNOWN_CONTROL_COMMAND),
+    "unknown control command"},
+    {ERR_PACK(ERR_LIB_UI, 0, UI_R_UNKNOWN_TTYGET_ERRNO_VALUE),
+    "unknown ttyget errno value"},
+    {ERR_PACK(ERR_LIB_UI, 0, UI_R_USER_DATA_DUPLICATION_UNSUPPORTED),
+    "user data duplication unsupported"},
     {0, NULL}
 };
 
@@ -62,10 +69,9 @@ static ERR_STRING_DATA UI_str_reasons[] = {
 int ERR_load_UI_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
-
     if (ERR_func_error_string(UI_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, UI_str_functs);
-        ERR_load_strings(0, UI_str_reasons);
+        ERR_load_strings_const(UI_str_functs);
+        ERR_load_strings_const(UI_str_reasons);
     }
 #endif
     return 1;
diff --git a/deps/openssl/openssl/crypto/ui/ui_lib.c b/deps/openssl/openssl/crypto/ui/ui_lib.c
index 464dac4237..139485dcd1 100644
--- a/deps/openssl/openssl/crypto/ui/ui_lib.c
+++ b/deps/openssl/openssl/crypto/ui/ui_lib.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -17,7 +17,7 @@
 
 UI *UI_new(void)
 {
-    return (UI_new_method(NULL));
+    return UI_new_method(NULL);
 }
 
 UI *UI_new_method(const UI_METHOD *method)
@@ -37,9 +37,10 @@ UI *UI_new_method(const UI_METHOD *method)
     }
 
     if (method == NULL)
-        ret->meth = UI_get_default_method();
-    else
-        ret->meth = method;
+        method = UI_get_default_method();
+    if (method == NULL)
+        method = UI_null();
+    ret->meth = method;
 
     if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_UI, ret, &ret->ex_data)) {
         OPENSSL_free(ret);
@@ -58,7 +59,11 @@ static void free_string(UI_STRING *uis)
             OPENSSL_free((char *)uis->_.boolean_data.ok_chars);
             OPENSSL_free((char *)uis->_.boolean_data.cancel_chars);
             break;
-        default:
+        case UIT_NONE:
+        case UIT_PROMPT:
+        case UIT_VERIFY:
+        case UIT_ERROR:
+        case UIT_INFO:
             break;
         }
     }
@@ -69,6 +74,9 @@ void UI_free(UI *ui)
 {
     if (ui == NULL)
         return;
+    if ((ui->flags & UI_FLAG_DUPL_DATA) != 0) {
+        ui->meth->ui_destroy_data(ui, ui->user_data);
+    }
     sk_UI_STRING_pop_free(ui->strings, free_string);
     CRYPTO_free_ex_data(CRYPTO_EX_INDEX_UI, ui, &ui->ex_data);
     CRYPTO_THREAD_lock_free(ui->lock);
@@ -366,9 +374,10 @@ char *UI_construct_prompt(UI *ui, const char *object_desc,
             len += sizeof(prompt2) - 1 + strlen(object_name);
         len += sizeof(prompt3) - 1;
 
-        prompt = OPENSSL_malloc(len + 1);
-        if (prompt == NULL)
+        if ((prompt = OPENSSL_malloc(len + 1)) == NULL) {
+            UIerr(UI_F_UI_CONSTRUCT_PROMPT, ERR_R_MALLOC_FAILURE);
             return NULL;
+        }
         OPENSSL_strlcpy(prompt, prompt1, len + 1);
         OPENSSL_strlcat(prompt, object_desc, len + 1);
         if (object_name != NULL) {
@@ -383,10 +392,38 @@ char *UI_construct_prompt(UI *ui, const char *object_desc,
 void *UI_add_user_data(UI *ui, void *user_data)
 {
     void *old_data = ui->user_data;
+
+    if ((ui->flags & UI_FLAG_DUPL_DATA) != 0) {
+        ui->meth->ui_destroy_data(ui, old_data);
+        old_data = NULL;
+    }
     ui->user_data = user_data;
+    ui->flags &= ~UI_FLAG_DUPL_DATA;
     return old_data;
 }
 
+int UI_dup_user_data(UI *ui, void *user_data)
+{
+    void *duplicate = NULL;
+
+    if (ui->meth->ui_duplicate_data == NULL
+        || ui->meth->ui_destroy_data == NULL) {
+        UIerr(UI_F_UI_DUP_USER_DATA, UI_R_USER_DATA_DUPLICATION_UNSUPPORTED);
+        return -1;
+    }
+
+    duplicate = ui->meth->ui_duplicate_data(ui, user_data);
+    if (duplicate == NULL) {
+        UIerr(UI_F_UI_DUP_USER_DATA, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+
+    (void)UI_add_user_data(ui, duplicate);
+    ui->flags |= UI_FLAG_DUPL_DATA;
+
+    return 0;
+}
+
 void *UI_get0_user_data(UI *ui)
 {
     return ui->user_data;
@@ -405,6 +442,19 @@ const char *UI_get0_result(UI *ui, int i)
     return UI_get0_result_string(sk_UI_STRING_value(ui->strings, i));
 }
 
+int UI_get_result_length(UI *ui, int i)
+{
+    if (i < 0) {
+        UIerr(UI_F_UI_GET_RESULT_LENGTH, UI_R_INDEX_TOO_SMALL);
+        return -1;
+    }
+    if (i >= sk_UI_STRING_num(ui->strings)) {
+        UIerr(UI_F_UI_GET_RESULT_LENGTH, UI_R_INDEX_TOO_LARGE);
+        return -1;
+    }
+    return UI_get_result_string_length(sk_UI_STRING_value(ui->strings, i));
+}
+
 static int print_error(const char *str, size_t len, UI *ui)
 {
     UI_STRING uis;
@@ -523,12 +573,12 @@ int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f) (void))
 
 int UI_set_ex_data(UI *r, int idx, void *arg)
 {
-    return (CRYPTO_set_ex_data(&r->ex_data, idx, arg));
+    return CRYPTO_set_ex_data(&r->ex_data, idx, arg);
 }
 
 void *UI_get_ex_data(UI *r, int idx)
 {
-    return (CRYPTO_get_ex_data(&r->ex_data, idx));
+    return CRYPTO_get_ex_data(&r->ex_data, idx);
 }
 
 const UI_METHOD *UI_get_method(UI *ui)
@@ -544,15 +594,17 @@ const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth)
 
 UI_METHOD *UI_create_method(const char *name)
 {
-    UI_METHOD *ui_method = OPENSSL_zalloc(sizeof(*ui_method));
+    UI_METHOD *ui_method = NULL;
 
-    if (ui_method != NULL) {
-        ui_method->name = OPENSSL_strdup(name);
-        if (ui_method->name == NULL) {
-            OPENSSL_free(ui_method);
-            UIerr(UI_F_UI_CREATE_METHOD, ERR_R_MALLOC_FAILURE);
-            return NULL;
-        }
+    if ((ui_method = OPENSSL_zalloc(sizeof(*ui_method))) == NULL
+        || (ui_method->name = OPENSSL_strdup(name)) == NULL
+        || !CRYPTO_new_ex_data(CRYPTO_EX_INDEX_UI_METHOD, ui_method,
+                               &ui_method->ex_data)) {
+        if (ui_method)
+            OPENSSL_free(ui_method->name);
+        OPENSSL_free(ui_method);
+        UIerr(UI_F_UI_CREATE_METHOD, ERR_R_MALLOC_FAILURE);
+        return NULL;
     }
     return ui_method;
 }
@@ -564,6 +616,10 @@ UI_METHOD *UI_create_method(const char *name)
  */
 void UI_destroy_method(UI_METHOD *ui_method)
 {
+    if (ui_method == NULL)
+        return;
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_UI_METHOD, ui_method,
+                        &ui_method->ex_data);
     OPENSSL_free(ui_method->name);
     ui_method->name = NULL;
     OPENSSL_free(ui_method);
@@ -616,6 +672,18 @@ int UI_method_set_closer(UI_METHOD *method, int (*closer) (UI *ui))
     return -1;
 }
 
+int UI_method_set_data_duplicator(UI_METHOD *method,
+                                  void *(*duplicator) (UI *ui, void *ui_data),
+                                  void (*destructor)(UI *ui, void *ui_data))
+{
+    if (method != NULL) {
+        method->ui_duplicate_data = duplicator;
+        method->ui_destroy_data = destructor;
+        return 0;
+    }
+    return -1;
+}
+
 int UI_method_set_prompt_constructor(UI_METHOD *method,
                                      char *(*prompt_constructor) (UI *ui,
                                                                   const char
@@ -630,50 +698,73 @@ int UI_method_set_prompt_constructor(UI_METHOD *method,
     return -1;
 }
 
-int (*UI_method_get_opener(UI_METHOD *method)) (UI *)
+int UI_method_set_ex_data(UI_METHOD *method, int idx, void *data)
+{
+    return CRYPTO_set_ex_data(&method->ex_data, idx, data);
+}
+
+int (*UI_method_get_opener(const UI_METHOD *method)) (UI *)
 {
     if (method != NULL)
         return method->ui_open_session;
     return NULL;
 }
 
-int (*UI_method_get_writer(UI_METHOD *method)) (UI *, UI_STRING *)
+int (*UI_method_get_writer(const UI_METHOD *method)) (UI *, UI_STRING *)
 {
     if (method != NULL)
         return method->ui_write_string;
     return NULL;
 }
 
-int (*UI_method_get_flusher(UI_METHOD *method)) (UI *)
+int (*UI_method_get_flusher(const UI_METHOD *method)) (UI *)
 {
     if (method != NULL)
         return method->ui_flush;
     return NULL;
 }
 
-int (*UI_method_get_reader(UI_METHOD *method)) (UI *, UI_STRING *)
+int (*UI_method_get_reader(const UI_METHOD *method)) (UI *, UI_STRING *)
 {
     if (method != NULL)
         return method->ui_read_string;
     return NULL;
 }
 
-int (*UI_method_get_closer(UI_METHOD *method)) (UI *)
+int (*UI_method_get_closer(const UI_METHOD *method)) (UI *)
 {
     if (method != NULL)
         return method->ui_close_session;
     return NULL;
 }
 
-char *(*UI_method_get_prompt_constructor(UI_METHOD *method)) (UI *,
-                                                              const char *,
-                                                              const char *)
+char *(*UI_method_get_prompt_constructor(const UI_METHOD *method))
+    (UI *, const char *, const char *)
 {
     if (method != NULL)
         return method->ui_construct_prompt;
     return NULL;
 }
 
+void *(*UI_method_get_data_duplicator(const UI_METHOD *method)) (UI *, void *)
+{
+    if (method != NULL)
+        return method->ui_duplicate_data;
+    return NULL;
+}
+
+void (*UI_method_get_data_destructor(const UI_METHOD *method)) (UI *, void *)
+{
+    if (method != NULL)
+        return method->ui_destroy_data;
+    return NULL;
+}
+
+const void *UI_method_get_ex_data(const UI_METHOD *method, int idx)
+{
+    return CRYPTO_get_ex_data(&method->ex_data, idx);
+}
+
 enum UI_string_types UI_get_string_type(UI_STRING *uis)
 {
     return uis->type;
@@ -694,9 +785,14 @@ const char *UI_get0_action_string(UI_STRING *uis)
     switch (uis->type) {
     case UIT_BOOLEAN:
         return uis->_.boolean_data.action_desc;
-    default:
-        return NULL;
+    case UIT_PROMPT:
+    case UIT_NONE:
+    case UIT_VERIFY:
+    case UIT_INFO:
+    case UIT_ERROR:
+        break;
     }
+    return NULL;
 }
 
 const char *UI_get0_result_string(UI_STRING *uis)
@@ -705,9 +801,28 @@ const char *UI_get0_result_string(UI_STRING *uis)
     case UIT_PROMPT:
     case UIT_VERIFY:
         return uis->result_buf;
-    default:
-        return NULL;
+    case UIT_NONE:
+    case UIT_BOOLEAN:
+    case UIT_INFO:
+    case UIT_ERROR:
+        break;
+    }
+    return NULL;
+}
+
+int UI_get_result_string_length(UI_STRING *uis)
+{
+    switch (uis->type) {
+    case UIT_PROMPT:
+    case UIT_VERIFY:
+        return uis->result_len;
+    case UIT_NONE:
+    case UIT_BOOLEAN:
+    case UIT_INFO:
+    case UIT_ERROR:
+        break;
     }
+    return -1;
 }
 
 const char *UI_get0_test_string(UI_STRING *uis)
@@ -715,9 +830,14 @@ const char *UI_get0_test_string(UI_STRING *uis)
     switch (uis->type) {
     case UIT_VERIFY:
         return uis->_.string_data.test_buf;
-    default:
-        return NULL;
+    case UIT_NONE:
+    case UIT_BOOLEAN:
+    case UIT_INFO:
+    case UIT_ERROR:
+    case UIT_PROMPT:
+        break;
     }
+    return NULL;
 }
 
 int UI_get_result_minsize(UI_STRING *uis)
@@ -726,9 +846,13 @@ int UI_get_result_minsize(UI_STRING *uis)
     case UIT_PROMPT:
     case UIT_VERIFY:
         return uis->_.string_data.result_minsize;
-    default:
-        return -1;
+    case UIT_NONE:
+    case UIT_INFO:
+    case UIT_ERROR:
+    case UIT_BOOLEAN:
+        break;
     }
+    return -1;
 }
 
 int UI_get_result_maxsize(UI_STRING *uis)
@@ -737,15 +861,29 @@ int UI_get_result_maxsize(UI_STRING *uis)
     case UIT_PROMPT:
     case UIT_VERIFY:
         return uis->_.string_data.result_maxsize;
-    default:
-        return -1;
+    case UIT_NONE:
+    case UIT_INFO:
+    case UIT_ERROR:
+    case UIT_BOOLEAN:
+        break;
     }
+    return -1;
 }
 
 int UI_set_result(UI *ui, UI_STRING *uis, const char *result)
 {
-    int l = strlen(result);
+#if 0
+    /*
+     * This is placed here solely to preserve UI_F_UI_SET_RESULT
+     * To be removed for OpenSSL 1.2.0
+     */
+    UIerr(UI_F_UI_SET_RESULT, ERR_R_DISABLED);
+#endif
+    return UI_set_result_ex(ui, uis, result, strlen(result));
+}
 
+int UI_set_result_ex(UI *ui, UI_STRING *uis, const char *result, int len)
+{
     ui->flags &= ~UI_FLAG_REDOABLE;
 
     switch (uis->type) {
@@ -760,16 +898,16 @@ int UI_set_result(UI *ui, UI_STRING *uis, const char *result)
             BIO_snprintf(number2, sizeof(number2), "%d",
                          uis->_.string_data.result_maxsize);
 
-            if (l < uis->_.string_data.result_minsize) {
+            if (len < uis->_.string_data.result_minsize) {
                 ui->flags |= UI_FLAG_REDOABLE;
-                UIerr(UI_F_UI_SET_RESULT, UI_R_RESULT_TOO_SMALL);
+                UIerr(UI_F_UI_SET_RESULT_EX, UI_R_RESULT_TOO_SMALL);
                 ERR_add_error_data(5, "You must type in ",
                                    number1, " to ", number2, " characters");
                 return -1;
             }
-            if (l > uis->_.string_data.result_maxsize) {
+            if (len > uis->_.string_data.result_maxsize) {
                 ui->flags |= UI_FLAG_REDOABLE;
-                UIerr(UI_F_UI_SET_RESULT, UI_R_RESULT_TOO_LARGE);
+                UIerr(UI_F_UI_SET_RESULT_EX, UI_R_RESULT_TOO_LARGE);
                 ERR_add_error_data(5, "You must type in ",
                                    number1, " to ", number2, " characters");
                 return -1;
@@ -777,19 +915,21 @@ int UI_set_result(UI *ui, UI_STRING *uis, const char *result)
         }
 
         if (uis->result_buf == NULL) {
-            UIerr(UI_F_UI_SET_RESULT, UI_R_NO_RESULT_BUFFER);
+            UIerr(UI_F_UI_SET_RESULT_EX, UI_R_NO_RESULT_BUFFER);
             return -1;
         }
 
-        OPENSSL_strlcpy(uis->result_buf, result,
-                    uis->_.string_data.result_maxsize + 1);
+        memcpy(uis->result_buf, result, len);
+        if (len <= uis->_.string_data.result_maxsize)
+            uis->result_buf[len] = '\0';
+        uis->result_len = len;
         break;
     case UIT_BOOLEAN:
         {
             const char *p;
 
             if (uis->result_buf == NULL) {
-                UIerr(UI_F_UI_SET_RESULT, UI_R_NO_RESULT_BUFFER);
+                UIerr(UI_F_UI_SET_RESULT_EX, UI_R_NO_RESULT_BUFFER);
                 return -1;
             }
 
@@ -805,7 +945,9 @@ int UI_set_result(UI *ui, UI_STRING *uis, const char *result)
                 }
             }
         }
-    default:
+    case UIT_NONE:
+    case UIT_INFO:
+    case UIT_ERROR:
         break;
     }
     return 0;
diff --git a/deps/openssl/openssl/crypto/ui/ui_locl.h b/deps/openssl/openssl/crypto/ui/ui_locl.h
index 2953739b76..19b33b8fc6 100644
--- a/deps/openssl/openssl/crypto/ui/ui_locl.h
+++ b/deps/openssl/openssl/crypto/ui/ui_locl.h
@@ -38,6 +38,12 @@ struct ui_method_st {
     int (*ui_read_string) (UI *ui, UI_STRING *uis);
     int (*ui_close_session) (UI *ui);
     /*
+     * Duplicate the ui_data that often comes alongside a ui_method.  This
+     * allows some backends to save away UI information for later use.
+     */
+    void *(*ui_duplicate_data) (UI *ui, void *ui_data);
+    void (*ui_destroy_data) (UI *ui, void *ui_data);
+    /*
      * Construct a prompt in a user-defined manner.  object_desc is a textual
      * short description of the object, for example "pass phrase", and
      * object_name is the name of the object (might be a card name or a file
@@ -46,6 +52,10 @@ struct ui_method_st {
      */
     char *(*ui_construct_prompt) (UI *ui, const char *object_desc,
                                   const char *object_name);
+    /*
+     * UI_METHOD specific application data.
+     */
+    CRYPTO_EX_DATA ex_data;
 };
 
 struct ui_string_st {
@@ -61,6 +71,7 @@ struct ui_string_st {
                                  * Otherwise, it may be allocated by the UI
                                  * routine, meaning result_minsize is going
                                  * to be overwritten. */
+    size_t result_len;
     union {
         struct {
             int result_minsize; /* Input: minimum required size of the
@@ -88,6 +99,7 @@ struct ui_st {
     void *user_data;
     CRYPTO_EX_DATA ex_data;
 # define UI_FLAG_REDOABLE        0x0001
+# define UI_FLAG_DUPL_DATA       0x0002 /* user_data was duplicated */
 # define UI_FLAG_PRINT_ERRORS    0x0100
     int flags;
 
diff --git a/deps/openssl/openssl/crypto/ui/ui_null.c b/deps/openssl/openssl/crypto/ui/ui_null.c
new file mode 100644
index 0000000000..9e5f6fca59
--- /dev/null
+++ b/deps/openssl/openssl/crypto/ui/ui_null.c
@@ -0,0 +1,26 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "ui_locl.h"
+
+static const UI_METHOD ui_null = {
+    "OpenSSL NULL UI",
+    NULL,                        /* opener */
+    NULL,                        /* writer */
+    NULL,                        /* flusher */
+    NULL,                        /* reader */
+    NULL,                        /* closer */
+    NULL
+};
+
+/* The method with all the built-in thingies */
+const UI_METHOD *UI_null(void)
+{
+    return &ui_null;
+}
diff --git a/deps/openssl/openssl/crypto/ui/ui_openssl.c b/deps/openssl/openssl/crypto/ui/ui_openssl.c
index a25934ccd1..6b996134df 100644
--- a/deps/openssl/openssl/crypto/ui/ui_openssl.c
+++ b/deps/openssl/openssl/crypto/ui/ui_openssl.c
@@ -7,66 +7,68 @@
  * https://www.openssl.org/source/license.html
  */
 
+#include "e_os.h"
 #include <openssl/e_os2.h>
 #include <openssl/err.h>
+#include <openssl/ui.h>
 
+#ifndef OPENSSL_NO_UI_CONSOLE
 /*
  * need for #define _POSIX_C_SOURCE arises whenever you pass -ansi to gcc
  * [maybe others?], because it masks interfaces not discussed in standard,
  * sigaction and fileno included. -pedantic would be more appropriate for the
  * intended purposes, but we can't prevent users from adding -ansi.
  */
-#if defined(OPENSSL_SYS_VXWORKS)
-# include <sys/types.h>
-#endif
-
-#if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS)
-# ifndef _POSIX_C_SOURCE
-#  define _POSIX_C_SOURCE 2
+# if defined(OPENSSL_SYS_VXWORKS)
+#  include <sys/types.h>
 # endif
-#endif
-#include <signal.h>
-#include <stdio.h>
-#include <string.h>
-#include <errno.h>
-
-#if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS)
-# ifdef OPENSSL_UNISTD
-#  include OPENSSL_UNISTD
-# else
-#  include <unistd.h>
+
+# if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS)
+#  ifndef _POSIX_C_SOURCE
+#   define _POSIX_C_SOURCE 2
+#  endif
 # endif
+# include <signal.h>
+# include <stdio.h>
+# include <string.h>
+# include <errno.h>
+
+# if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS)
+#  ifdef OPENSSL_UNISTD
+#   include OPENSSL_UNISTD
+#  else
+#   include <unistd.h>
+#  endif
 /*
  * If unistd.h defines _POSIX_VERSION, we conclude that we are on a POSIX
  * system and have sigaction and termios.
  */
-# if defined(_POSIX_VERSION)
+#  if defined(_POSIX_VERSION) && _POSIX_VERSION>=199309L
 
-#  define SIGACTION
-#  if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY)
-#   define TERMIOS
-#  endif
+#   define SIGACTION
+#   if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY)
+#    define TERMIOS
+#   endif
 
+#  endif
 # endif
-#endif
 
-/* 06-Apr-92 Luke Brennan    Support for VMS */
-#include "ui_locl.h"
-#include "internal/cryptlib.h"
+# include "ui_locl.h"
+# include "internal/cryptlib.h"
 
-#ifdef OPENSSL_SYS_VMS          /* prototypes for sys$whatever */
-# include <starlet.h>
-# ifdef __DECC
-#  pragma message disable DOLLARID
+# ifdef OPENSSL_SYS_VMS          /* prototypes for sys$whatever */
+#  include <starlet.h>
+#  ifdef __DECC
+#   pragma message disable DOLLARID
+#  endif
 # endif
-#endif
 
-#ifdef WIN_CONSOLE_BUG
-# include <windows.h>
-# ifndef OPENSSL_SYS_WINCE
-#  include <wincon.h>
+# ifdef WIN_CONSOLE_BUG
+#  include <windows.h>
+#  ifndef OPENSSL_SYS_WINCE
+#   include <wincon.h>
+#  endif
 # endif
-#endif
 
 /*
  * There are 6 types of terminal interface supported, TERMIO, TERMIOS, VMS,
@@ -80,81 +82,81 @@
  * may eventually opt to remove it's use entirely.
  */
 
-#if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY)
+# if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY)
 
-# if defined(_LIBC)
-#  undef  TERMIOS
-#  define TERMIO
-#  undef  SGTTY
+#  if defined(_LIBC)
+#   undef  TERMIOS
+#   define TERMIO
+#   undef  SGTTY
 /*
  * We know that VMS, MSDOS, VXWORKS, use entirely other mechanisms.
  */
-# elif !defined(OPENSSL_SYS_VMS) \
+#  elif !defined(OPENSSL_SYS_VMS) \
 	&& !defined(OPENSSL_SYS_MSDOS) \
 	&& !defined(OPENSSL_SYS_VXWORKS)
-#  define TERMIOS
-#  undef  TERMIO
-#  undef  SGTTY
-# endif
+#   define TERMIOS
+#   undef  TERMIO
+#   undef  SGTTY
+#  endif
 
-#endif
+# endif
 
-#ifdef TERMIOS
-# include <termios.h>
-# define TTY_STRUCT             struct termios
-# define TTY_FLAGS              c_lflag
-# define TTY_get(tty,data)      tcgetattr(tty,data)
-# define TTY_set(tty,data)      tcsetattr(tty,TCSANOW,data)
-#endif
+# ifdef TERMIOS
+#  include <termios.h>
+#  define TTY_STRUCT             struct termios
+#  define TTY_FLAGS              c_lflag
+#  define TTY_get(tty,data)      tcgetattr(tty,data)
+#  define TTY_set(tty,data)      tcsetattr(tty,TCSANOW,data)
+# endif
 
-#ifdef TERMIO
-# include <termio.h>
-# define TTY_STRUCT             struct termio
-# define TTY_FLAGS              c_lflag
-# define TTY_get(tty,data)      ioctl(tty,TCGETA,data)
-# define TTY_set(tty,data)      ioctl(tty,TCSETA,data)
-#endif
+# ifdef TERMIO
+#  include <termio.h>
+#  define TTY_STRUCT             struct termio
+#  define TTY_FLAGS              c_lflag
+#  define TTY_get(tty,data)      ioctl(tty,TCGETA,data)
+#  define TTY_set(tty,data)      ioctl(tty,TCSETA,data)
+# endif
 
-#ifdef SGTTY
-# include <sgtty.h>
-# define TTY_STRUCT             struct sgttyb
-# define TTY_FLAGS              sg_flags
-# define TTY_get(tty,data)      ioctl(tty,TIOCGETP,data)
-# define TTY_set(tty,data)      ioctl(tty,TIOCSETP,data)
-#endif
+# ifdef SGTTY
+#  include <sgtty.h>
+#  define TTY_STRUCT             struct sgttyb
+#  define TTY_FLAGS              sg_flags
+#  define TTY_get(tty,data)      ioctl(tty,TIOCGETP,data)
+#  define TTY_set(tty,data)      ioctl(tty,TIOCSETP,data)
+# endif
 
-#if !defined(_LIBC) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS)
-# include <sys/ioctl.h>
-#endif
+# if !defined(_LIBC) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS)
+#  include <sys/ioctl.h>
+# endif
 
-#ifdef OPENSSL_SYS_MSDOS
-# include <conio.h>
-#endif
+# ifdef OPENSSL_SYS_MSDOS
+#  include <conio.h>
+# endif
 
-#ifdef OPENSSL_SYS_VMS
-# include <ssdef.h>
-# include <iodef.h>
-# include <ttdef.h>
-# include <descrip.h>
+# ifdef OPENSSL_SYS_VMS
+#  include <ssdef.h>
+#  include <iodef.h>
+#  include <ttdef.h>
+#  include <descrip.h>
 struct IOSB {
     short iosb$w_value;
     short iosb$w_count;
     long iosb$l_info;
 };
-#endif
+# endif
 
-#ifndef NX509_SIG
-# define NX509_SIG 32
-#endif
+# ifndef NX509_SIG
+#  define NX509_SIG 32
+# endif
 
 /* Define globals.  They are protected by a lock */
-#ifdef SIGACTION
+# ifdef SIGACTION
 static struct sigaction savsig[NX509_SIG];
-#else
+# else
 static void (*savsig[NX509_SIG]) (int);
-#endif
+# endif
 
-#ifdef OPENSSL_SYS_VMS
+# ifdef OPENSSL_SYS_VMS
 static struct IOSB iosb;
 static $DESCRIPTOR(terminal, "TT");
 static long tty_orig[3], tty_new[3]; /* XXX Is there any guarantee that this
@@ -162,26 +164,26 @@ static long tty_orig[3], tty_new[3]; /* XXX Is there any guarantee that this
                                       * structures? */
 static long status;
 static unsigned short channel = 0;
-#elif defined(_WIN32) && !defined(_WIN32_WCE)
+# elif defined(_WIN32) && !defined(_WIN32_WCE)
 static DWORD tty_orig, tty_new;
-#else
-# if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__)
+# else
+#  if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__)
 static TTY_STRUCT tty_orig, tty_new;
+#  endif
 # endif
-#endif
 static FILE *tty_in, *tty_out;
 static int is_a_tty;
 
 /* Declare static functions */
-#if !defined(OPENSSL_SYS_WINCE)
+# if !defined(OPENSSL_SYS_WINCE)
 static int read_till_nl(FILE *);
 static void recsig(int);
 static void pushsig(void);
 static void popsig(void);
-#endif
-#if defined(OPENSSL_SYS_MSDOS) && !defined(_WIN32)
+# endif
+# if defined(OPENSSL_SYS_MSDOS) && !defined(_WIN32)
 static int noecho_fgets(char *buf, int size, FILE *tty);
-#endif
+# endif
 static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl);
 
 static int read_string(UI *ui, UI_STRING *uis);
@@ -192,34 +194,6 @@ static int echo_console(UI *ui);
 static int noecho_console(UI *ui);
 static int close_console(UI *ui);
 
-static UI_METHOD ui_openssl = {
-    "OpenSSL default user interface",
-    open_console,
-    write_string,
-    NULL,                       /* No flusher is needed for command lines */
-    read_string,
-    close_console,
-    NULL
-};
-
-static const UI_METHOD *default_UI_meth = &ui_openssl;
-
-void UI_set_default_method(const UI_METHOD *meth)
-{
-    default_UI_meth = meth;
-}
-
-const UI_METHOD *UI_get_default_method(void)
-{
-    return default_UI_meth;
-}
-
-/* The method with all the built-in thingies */
-UI_METHOD *UI_OpenSSL(void)
-{
-    return &ui_openssl;
-}
-
 /*
  * The following function makes sure that info and error strings are printed
  * before any prompt.
@@ -232,7 +206,10 @@ static int write_string(UI *ui, UI_STRING *uis)
         fputs(UI_get0_output_string(uis), tty_out);
         fflush(tty_out);
         break;
-    default:
+    case UIT_NONE:
+    case UIT_PROMPT:
+    case UIT_VERIFY:
+    case UIT_BOOLEAN:
         break;
     }
     return 1;
@@ -269,17 +246,19 @@ static int read_string(UI *ui, UI_STRING *uis)
             return 0;
         }
         break;
-    default:
+    case UIT_NONE:
+    case UIT_INFO:
+    case UIT_ERROR:
         break;
     }
     return 1;
 }
 
-#if !defined(OPENSSL_SYS_WINCE)
+# if !defined(OPENSSL_SYS_WINCE)
 /* Internal functions to read a string without echoing */
 static int read_till_nl(FILE *in)
 {
-# define SIZE 4
+#  define SIZE 4
     char buf[SIZE + 1];
 
     do {
@@ -290,7 +269,7 @@ static int read_till_nl(FILE *in)
 }
 
 static volatile sig_atomic_t intr_signal;
-#endif
+# endif
 
 static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl)
 {
@@ -298,7 +277,7 @@ static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl)
     int ok;
     char result[BUFSIZ];
     int maxsize = BUFSIZ - 1;
-#if !defined(OPENSSL_SYS_WINCE)
+# if !defined(OPENSSL_SYS_WINCE)
     char *p = NULL;
     int echo_eol = !echo;
 
@@ -314,10 +293,10 @@ static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl)
     ps = 2;
 
     result[0] = '\0';
-# if defined(_WIN32)
+#  if defined(_WIN32)
     if (is_a_tty) {
         DWORD numread;
-#  if defined(CP_UTF8)
+#   if defined(CP_UTF8)
         if (GetEnvironmentVariableW(L"OPENSSL_WIN32_UTF8", NULL, 0) != 0) {
             WCHAR wresult[BUFSIZ];
 
@@ -337,7 +316,7 @@ static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl)
                 OPENSSL_cleanse(wresult, sizeof(wresult));
             }
         } else
-#  endif
+#   endif
         if (ReadConsoleA(GetStdHandle(STD_INPUT_HANDLE),
                          result, maxsize, &numread, NULL)) {
             if (numread >= 2 &&
@@ -349,12 +328,12 @@ static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl)
             p = result;
         }
     } else
-# elif defined(OPENSSL_SYS_MSDOS)
+#  elif defined(OPENSSL_SYS_MSDOS)
     if (!echo) {
         noecho_fgets(result, maxsize, tty_in);
         p = result;             /* FIXME: noecho_fgets doesn't return errors */
     } else
-# endif
+#  endif
     p = fgets(result, maxsize, tty_in);
     if (p == NULL)
         goto error;
@@ -380,9 +359,9 @@ static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl)
 
     if (ps >= 1)
         popsig();
-#else
+# else
     ok = 1;
-#endif
+# endif
 
     OPENSSL_cleanse(result, BUFSIZ);
     return ok;
@@ -394,10 +373,10 @@ static int open_console(UI *ui)
     CRYPTO_THREAD_write_lock(ui->lock);
     is_a_tty = 1;
 
-#if defined(OPENSSL_SYS_VXWORKS)
+# if defined(OPENSSL_SYS_VXWORKS)
     tty_in = stdin;
     tty_out = stderr;
-#elif defined(_WIN32) && !defined(_WIN32_WCE)
+# elif defined(_WIN32) && !defined(_WIN32_WCE)
     if ((tty_out = fopen("conout$", "w")) == NULL)
         tty_out = stderr;
 
@@ -408,35 +387,35 @@ static int open_console(UI *ui)
         if ((tty_in = fopen("conin$", "r")) == NULL)
             tty_in = stdin;
     }
-#else
-# ifdef OPENSSL_SYS_MSDOS
-#  define DEV_TTY "con"
 # else
-#  define DEV_TTY "/dev/tty"
-# endif
+#  ifdef OPENSSL_SYS_MSDOS
+#   define DEV_TTY "con"
+#  else
+#   define DEV_TTY "/dev/tty"
+#  endif
     if ((tty_in = fopen(DEV_TTY, "r")) == NULL)
         tty_in = stdin;
     if ((tty_out = fopen(DEV_TTY, "w")) == NULL)
         tty_out = stderr;
-#endif
+# endif
 
-#if defined(TTY_get) && !defined(OPENSSL_SYS_VMS)
+# if defined(TTY_get) && !defined(OPENSSL_SYS_VMS)
     if (TTY_get(fileno(tty_in), &tty_orig) == -1) {
-# ifdef ENOTTY
+#  ifdef ENOTTY
         if (errno == ENOTTY)
             is_a_tty = 0;
         else
-# endif
-# ifdef EINVAL
+#  endif
+#  ifdef EINVAL
             /*
-             * Ariel Glenn ariel@columbia.edu reports that solaris can return
-             * EINVAL instead.  This should be ok
+             * Ariel Glenn reports that solaris can return EINVAL instead.
+             * This should be ok
              */
         if (errno == EINVAL)
             is_a_tty = 0;
         else
-# endif
-# ifdef ENXIO
+#  endif
+#  ifdef ENXIO
             /*
              * Solaris can return ENXIO.
              * This should be ok
@@ -444,8 +423,8 @@ static int open_console(UI *ui)
         if (errno == ENXIO)
             is_a_tty = 0;
         else
-# endif
-# ifdef EIO
+#  endif
+#  ifdef EIO
             /*
              * Linux can return EIO.
              * This should be ok
@@ -453,8 +432,8 @@ static int open_console(UI *ui)
         if (errno == EIO)
             is_a_tty = 0;
         else
-# endif
-# ifdef ENODEV
+#  endif
+#  ifdef ENODEV
             /*
              * MacOS X returns ENODEV (Operation not supported by device),
              * which seems appropriate.
@@ -462,7 +441,7 @@ static int open_console(UI *ui)
         if (errno == ENODEV)
             is_a_tty = 0;
         else
-# endif
+#  endif
             {
                 char tmp_num[10];
                 BIO_snprintf(tmp_num, sizeof(tmp_num) - 1, "%d", errno);
@@ -472,8 +451,8 @@ static int open_console(UI *ui)
                 return 0;
             }
     }
-#endif
-#ifdef OPENSSL_SYS_VMS
+# endif
+# ifdef OPENSSL_SYS_VMS
     status = sys$assign(&terminal, &channel, 0, 0);
 
     /* if there isn't a TT device, something is very wrong */
@@ -492,22 +471,22 @@ static int open_console(UI *ui)
     /* If IO$_SENSEMODE doesn't work, this is not a terminal device */
     if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
         is_a_tty = 0;
-#endif
+# endif
     return 1;
 }
 
 static int noecho_console(UI *ui)
 {
-#ifdef TTY_FLAGS
+# ifdef TTY_FLAGS
     memcpy(&(tty_new), &(tty_orig), sizeof(tty_orig));
     tty_new.TTY_FLAGS &= ~ECHO;
-#endif
+# endif
 
-#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
+# if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
     if (is_a_tty && (TTY_set(fileno(tty_in), &tty_new) == -1))
         return 0;
-#endif
-#ifdef OPENSSL_SYS_VMS
+# endif
+# ifdef OPENSSL_SYS_VMS
     if (is_a_tty) {
         tty_new[0] = tty_orig[0];
         tty_new[1] = tty_orig[1] | TT$M_NOECHO;
@@ -527,25 +506,25 @@ static int noecho_console(UI *ui)
             return 0;
         }
     }
-#endif
-#if defined(_WIN32) && !defined(_WIN32_WCE)
+# endif
+# if defined(_WIN32) && !defined(_WIN32_WCE)
     if (is_a_tty) {
         tty_new = tty_orig;
         tty_new &= ~ENABLE_ECHO_INPUT;
         SetConsoleMode(GetStdHandle(STD_INPUT_HANDLE), tty_new);
     }
-#endif
+# endif
     return 1;
 }
 
 static int echo_console(UI *ui)
 {
-#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
+# if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
     memcpy(&(tty_new), &(tty_orig), sizeof(tty_orig));
     if (is_a_tty && (TTY_set(fileno(tty_in), &tty_new) == -1))
         return 0;
-#endif
-#ifdef OPENSSL_SYS_VMS
+# endif
+# ifdef OPENSSL_SYS_VMS
     if (is_a_tty) {
         tty_new[0] = tty_orig[0];
         tty_new[1] = tty_orig[1];
@@ -565,13 +544,13 @@ static int echo_console(UI *ui)
             return 0;
         }
     }
-#endif
-#if defined(_WIN32) && !defined(_WIN32_WCE)
+# endif
+# if defined(_WIN32) && !defined(_WIN32_WCE)
     if (is_a_tty) {
         tty_new = tty_orig;
         SetConsoleMode(GetStdHandle(STD_INPUT_HANDLE), tty_new);
     }
-#endif
+# endif
     return 1;
 }
 
@@ -581,7 +560,7 @@ static int close_console(UI *ui)
         fclose(tty_in);
     if (tty_out != stderr)
         fclose(tty_out);
-#ifdef OPENSSL_SYS_VMS
+# ifdef OPENSSL_SYS_VMS
     status = sys$dassgn(channel);
     if (status != SS$_NORMAL) {
         char tmp_num[12];
@@ -591,97 +570,97 @@ static int close_console(UI *ui)
         ERR_add_error_data(2, "status=", tmp_num);
         return 0;
     }
-#endif
+# endif
     CRYPTO_THREAD_unlock(ui->lock);
 
     return 1;
 }
 
-#if !defined(OPENSSL_SYS_WINCE)
+# if !defined(OPENSSL_SYS_WINCE)
 /* Internal functions to handle signals and act on them */
 static void pushsig(void)
 {
-# ifndef OPENSSL_SYS_WIN32
+#  ifndef OPENSSL_SYS_WIN32
     int i;
-# endif
-# ifdef SIGACTION
+#  endif
+#  ifdef SIGACTION
     struct sigaction sa;
 
     memset(&sa, 0, sizeof(sa));
     sa.sa_handler = recsig;
-# endif
+#  endif
 
-# ifdef OPENSSL_SYS_WIN32
+#  ifdef OPENSSL_SYS_WIN32
     savsig[SIGABRT] = signal(SIGABRT, recsig);
     savsig[SIGFPE] = signal(SIGFPE, recsig);
     savsig[SIGILL] = signal(SIGILL, recsig);
     savsig[SIGINT] = signal(SIGINT, recsig);
     savsig[SIGSEGV] = signal(SIGSEGV, recsig);
     savsig[SIGTERM] = signal(SIGTERM, recsig);
-# else
+#  else
     for (i = 1; i < NX509_SIG; i++) {
-#  ifdef SIGUSR1
+#   ifdef SIGUSR1
         if (i == SIGUSR1)
             continue;
-#  endif
-#  ifdef SIGUSR2
+#   endif
+#   ifdef SIGUSR2
         if (i == SIGUSR2)
             continue;
-#  endif
-#  ifdef SIGKILL
+#   endif
+#   ifdef SIGKILL
         if (i == SIGKILL)       /* We can't make any action on that. */
             continue;
-#  endif
-#  ifdef SIGACTION
+#   endif
+#   ifdef SIGACTION
         sigaction(i, &sa, &savsig[i]);
-#  else
+#   else
         savsig[i] = signal(i, recsig);
-#  endif
+#   endif
     }
-# endif
+#  endif
 
-# ifdef SIGWINCH
+#  ifdef SIGWINCH
     signal(SIGWINCH, SIG_DFL);
-# endif
+#  endif
 }
 
 static void popsig(void)
 {
-# ifdef OPENSSL_SYS_WIN32
+#  ifdef OPENSSL_SYS_WIN32
     signal(SIGABRT, savsig[SIGABRT]);
     signal(SIGFPE, savsig[SIGFPE]);
     signal(SIGILL, savsig[SIGILL]);
     signal(SIGINT, savsig[SIGINT]);
     signal(SIGSEGV, savsig[SIGSEGV]);
     signal(SIGTERM, savsig[SIGTERM]);
-# else
+#  else
     int i;
     for (i = 1; i < NX509_SIG; i++) {
-#  ifdef SIGUSR1
+#   ifdef SIGUSR1
         if (i == SIGUSR1)
             continue;
-#  endif
-#  ifdef SIGUSR2
+#   endif
+#   ifdef SIGUSR2
         if (i == SIGUSR2)
             continue;
-#  endif
-#  ifdef SIGACTION
+#   endif
+#   ifdef SIGACTION
         sigaction(i, &savsig[i], NULL);
-#  else
+#   else
         signal(i, savsig[i]);
-#  endif
+#   endif
     }
-# endif
+#  endif
 }
 
 static void recsig(int i)
 {
     intr_signal = i;
 }
-#endif
+# endif
 
 /* Internal functions specific for Windows */
-#if defined(OPENSSL_SYS_MSDOS) && !defined(_WIN32)
+# if defined(OPENSSL_SYS_MSDOS) && !defined(_WIN32)
 static int noecho_fgets(char *buf, int size, FILE *tty)
 {
     int i;
@@ -694,11 +673,11 @@ static int noecho_fgets(char *buf, int size, FILE *tty)
             break;
         }
         size--;
-# if defined(_WIN32)
+#  if defined(_WIN32)
         i = _getch();
-# else
+#  else
         i = getch();
-# endif
+#  endif
         if (i == '\r')
             i = '\n';
         *(p++) = i;
@@ -707,7 +686,7 @@ static int noecho_fgets(char *buf, int size, FILE *tty)
             break;
         }
     }
-# ifdef WIN_CONSOLE_BUG
+#  ifdef WIN_CONSOLE_BUG
     /*
      * Win95 has several evil console bugs: one of these is that the last
      * character read using getch() is passed to the next read: this is
@@ -719,7 +698,41 @@ static int noecho_fgets(char *buf, int size, FILE *tty)
         inh = GetStdHandle(STD_INPUT_HANDLE);
         FlushConsoleInputBuffer(inh);
     }
+#  endif
+    return strlen(buf);
+}
 # endif
-    return (strlen(buf));
+
+static UI_METHOD ui_openssl = {
+    "OpenSSL default user interface",
+    open_console,
+    write_string,
+    NULL,                       /* No flusher is needed for command lines */
+    read_string,
+    close_console,
+    NULL
+};
+
+/* The method with all the built-in console thingies */
+UI_METHOD *UI_OpenSSL(void)
+{
+    return &ui_openssl;
 }
+
+static const UI_METHOD *default_UI_meth = &ui_openssl;
+
+#else
+
+static const UI_METHOD *default_UI_meth = NULL;
+
 #endif
+
+void UI_set_default_method(const UI_METHOD *meth)
+{
+    default_UI_meth = meth;
+}
+
+const UI_METHOD *UI_get_default_method(void)
+{
+    return default_UI_meth;
+}
diff --git a/deps/openssl/openssl/crypto/ui/ui_util.c b/deps/openssl/openssl/crypto/ui/ui_util.c
index 3b51db92cd..b379324f9b 100644
--- a/deps/openssl/openssl/crypto/ui/ui_util.c
+++ b/deps/openssl/openssl/crypto/ui/ui_util.c
@@ -8,6 +8,7 @@
  */
 
 #include <string.h>
+#include "internal/thread_once.h"
 #include "ui_locl.h"
 
 #ifndef BUFSIZ
@@ -24,7 +25,7 @@ int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt,
         UI_UTIL_read_pw(buf, buff, (length > BUFSIZ) ? BUFSIZ : length,
                         prompt, verify);
     OPENSSL_cleanse(buff, BUFSIZ);
-    return (ret);
+    return ret;
 }
 
 int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt,
@@ -47,5 +48,115 @@ int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt,
     }
     if (ok > 0)
         ok = 0;
-    return (ok);
+    return ok;
+}
+
+/*
+ * Wrapper around pem_password_cb, a method to help older APIs use newer
+ * ones.
+ */
+struct pem_password_cb_data {
+    pem_password_cb *cb;
+    int rwflag;
+};
+
+static void ui_new_method_data(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+                               int idx, long argl, void *argp)
+{
+    /*
+     * Do nothing, the data is allocated externally and assigned later with
+     * CRYPTO_set_ex_data()
+     */
+}
+
+static int ui_dup_method_data(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
+                              void *from_d, int idx, long argl, void *argp)
+{
+    void **pptr = (void **)from_d;
+    if (*pptr != NULL)
+        *pptr = OPENSSL_memdup(*pptr, sizeof(struct pem_password_cb_data));
+    return 1;
+}
+
+static void ui_free_method_data(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+                                int idx, long argl, void *argp)
+{
+    OPENSSL_free(ptr);
+}
+
+static CRYPTO_ONCE get_index_once = CRYPTO_ONCE_STATIC_INIT;
+static int ui_method_data_index = -1;
+DEFINE_RUN_ONCE_STATIC(ui_method_data_index_init)
+{
+    ui_method_data_index = CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI_METHOD,
+                                                   0, NULL, ui_new_method_data,
+                                                   ui_dup_method_data,
+                                                   ui_free_method_data);
+    return 1;
+}
+
+static int ui_open(UI *ui)
+{
+    return 1;
+}
+static int ui_read(UI *ui, UI_STRING *uis)
+{
+    switch (UI_get_string_type(uis)) {
+    case UIT_PROMPT:
+        {
+            char result[PEM_BUFSIZE + 1];
+            const struct pem_password_cb_data *data =
+                UI_method_get_ex_data(UI_get_method(ui), ui_method_data_index);
+            int maxsize = UI_get_result_maxsize(uis);
+            int len = data->cb(result,
+                               maxsize > PEM_BUFSIZE ? PEM_BUFSIZE : maxsize,
+                               data->rwflag, UI_get0_user_data(ui));
+
+            if (len >= 0)
+                result[len] = '\0';
+            if (len <= 0)
+                return len;
+            if (UI_set_result_ex(ui, uis, result, len) >= 0)
+                return 1;
+            return 0;
+        }
+    case UIT_VERIFY:
+    case UIT_NONE:
+    case UIT_BOOLEAN:
+    case UIT_INFO:
+    case UIT_ERROR:
+        break;
+    }
+    return 1;
+}
+static int ui_write(UI *ui, UI_STRING *uis)
+{
+    return 1;
+}
+static int ui_close(UI *ui)
+{
+    return 1;
+}
+
+UI_METHOD *UI_UTIL_wrap_read_pem_callback(pem_password_cb *cb, int rwflag)
+{
+    struct pem_password_cb_data *data = NULL;
+    UI_METHOD *ui_method = NULL;
+
+    if ((data = OPENSSL_zalloc(sizeof(*data))) == NULL
+        || (ui_method = UI_create_method("PEM password callback wrapper")) == NULL
+        || UI_method_set_opener(ui_method, ui_open) < 0
+        || UI_method_set_reader(ui_method, ui_read) < 0
+        || UI_method_set_writer(ui_method, ui_write) < 0
+        || UI_method_set_closer(ui_method, ui_close) < 0
+        || !RUN_ONCE(&get_index_once, ui_method_data_index_init)
+        || UI_method_set_ex_data(ui_method, ui_method_data_index, data) < 0) {
+        UI_destroy_method(ui_method);
+        OPENSSL_free(data);
+        return NULL;
+    }
+    data->rwflag = rwflag;
+    data->cb = cb;
+
+    return ui_method;
 }
diff --git a/deps/openssl/openssl/crypto/uid.c b/deps/openssl/openssl/crypto/uid.c
index 12df8a4e87..f7ae2610b3 100644
--- a/deps/openssl/openssl/crypto/uid.c
+++ b/deps/openssl/openssl/crypto/uid.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -10,7 +10,7 @@
 #include <openssl/crypto.h>
 #include <openssl/opensslconf.h>
 
-#if defined(__OpenBSD__) || (defined(__FreeBSD__) && __FreeBSD__ > 2)
+#if defined(__OpenBSD__) || (defined(__FreeBSD__) && __FreeBSD__ > 2) || defined(__DragonFly__)
 
 # include OPENSSL_UNISTD
 
@@ -19,7 +19,7 @@ int OPENSSL_issetugid(void)
     return issetugid();
 }
 
-#elif defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS)
+#elif defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)
 
 int OPENSSL_issetugid(void)
 {
@@ -31,12 +31,18 @@ int OPENSSL_issetugid(void)
 # include OPENSSL_UNISTD
 # include <sys/types.h>
 
+# if defined(__GLIBC__) && defined(__GLIBC_PREREQ)
+#  if __GLIBC_PREREQ(2, 16)
+#   include <sys/auxv.h>
+#  endif
+# endif
+
 int OPENSSL_issetugid(void)
 {
-    if (getuid() != geteuid())
-        return 1;
-    if (getgid() != getegid())
-        return 1;
-    return 0;
+# ifdef AT_SECURE
+    return getauxval(AT_SECURE) != 0;
+# else
+    return getuid() != geteuid() || getgid() != getegid();
+# endif
 }
 #endif
diff --git a/deps/openssl/openssl/crypto/whrlpool/asm/wp-mmx.pl b/deps/openssl/openssl/crypto/whrlpool/asm/wp-mmx.pl
index f63945c8b9..2241c6f0f2 100644
--- a/deps/openssl/openssl/crypto/whrlpool/asm/wp-mmx.pl
+++ b/deps/openssl/openssl/crypto/whrlpool/asm/wp-mmx.pl
@@ -8,7 +8,7 @@
 
 #
 # ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
 # project. Rights for redistribution and usage in source and binary
 # forms are granted according to the OpenSSL license.
 # ====================================================================
@@ -31,7 +31,7 @@
 # multiplying 64 by CPU clock frequency and dividing by relevant
 # value from the given table:
 #
-#		$SCALE=2/8	icc8	gcc3	
+#		$SCALE=2/8	icc8	gcc3
 # Intel P4	3200/4600	4600(*)	6400
 # Intel PIII	2900/3000	4900	5400
 # AMD K[78]	2500/1800	9900	8200(**)
@@ -59,7 +59,7 @@ require "x86asm.pl";
 $output=pop;
 open STDOUT,">$output";
 
-&asm_init($ARGV[0],"wp-mmx.pl");
+&asm_init($ARGV[0]);
 
 sub L()  { &data_byte(@_); }
 sub LL()
@@ -502,6 +502,6 @@ for($i=0;$i<8;$i++) {
 	&L(0xca,0x2d,0xbf,0x07,0xad,0x5a,0x83,0x33);
 
 &function_end_B("whirlpool_block_mmx");
-&asm_finish(); 
+&asm_finish();
 
 close STDOUT;
diff --git a/deps/openssl/openssl/crypto/whrlpool/asm/wp-x86_64.pl b/deps/openssl/openssl/crypto/whrlpool/asm/wp-x86_64.pl
index c0b21d13ed..fe23d8cad0 100644
--- a/deps/openssl/openssl/crypto/whrlpool/asm/wp-x86_64.pl
+++ b/deps/openssl/openssl/crypto/whrlpool/asm/wp-x86_64.pl
@@ -8,7 +8,7 @@
 
 #
 # ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
 # project. Rights for redistribution and usage in source and binary
 # forms are granted according to the OpenSSL license.
 # ====================================================================
@@ -66,14 +66,22 @@ $code=<<___;
 .type	$func,\@function,3
 .align	16
 $func:
+.cfi_startproc
+	mov	%rsp,%rax
+.cfi_def_cfa_register	%rax
 	push	%rbx
+.cfi_push	%rbx
 	push	%rbp
+.cfi_push	%rbp
 	push	%r12
+.cfi_push	%r12
 	push	%r13
+.cfi_push	%r13
 	push	%r14
+.cfi_push	%r14
 	push	%r15
+.cfi_push	%r15
 
-	mov	%rsp,%r11
 	sub	\$128+40,%rsp
 	and	\$-64,%rsp
 
@@ -81,7 +89,8 @@ $func:
 	mov	%rdi,0(%r10)		# save parameter block
 	mov	%rsi,8(%r10)
 	mov	%rdx,16(%r10)
-	mov	%r11,32(%r10)		# saved stack pointer
+	mov	%rax,32(%r10)		# saved stack pointer
+.cfi_cfa_expression	%rsp+`128+32`,deref,+8
 .Lprologue:
 
 	mov	%r10,%rbx
@@ -205,15 +214,24 @@ $code.=<<___;
 	jmp	.Louterloop
 .Lalldone:
 	mov	32(%rbx),%rsi		# restore saved pointer
-	mov	(%rsi),%r15
-	mov	8(%rsi),%r14
-	mov	16(%rsi),%r13
-	mov	24(%rsi),%r12
-	mov	32(%rsi),%rbp
-	mov	40(%rsi),%rbx
-	lea	48(%rsi),%rsp
+.cfi_def_cfa	%rsi,8
+	mov	-48(%rsi),%r15
+.cfi_restore	%r15
+	mov	-40(%rsi),%r14
+.cfi_restore	%r14
+	mov	-32(%rsi),%r13
+.cfi_restore	%r13
+	mov	-24(%rsi),%r12
+.cfi_restore	%r12
+	mov	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	mov	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	lea	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
 .Lepilogue:
 	ret
+.cfi_endproc
 .size	$func,.-$func
 
 .align	64
@@ -526,7 +544,6 @@ se_handler:
 	jae	.Lin_prologue
 
 	mov	128+32(%rax),%rax	# pull saved stack pointer
-	lea	48(%rax),%rax
 
 	mov	-8(%rax),%rbx
 	mov	-16(%rax),%rbp
diff --git a/deps/openssl/openssl/crypto/whrlpool/build.info b/deps/openssl/openssl/crypto/whrlpool/build.info
index 7f3a19eaaf..4b167b504e 100644
--- a/deps/openssl/openssl/crypto/whrlpool/build.info
+++ b/deps/openssl/openssl/crypto/whrlpool/build.info
@@ -1,7 +1,8 @@
 LIBS=../../libcrypto
 SOURCE[../../libcrypto]=wp_dgst.c {- $target{wp_asm_src} -}
 
-GENERATE[wp-mmx.s]=asm/wp-mmx.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR)
+GENERATE[wp-mmx.s]=asm/wp-mmx.pl \
+        $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR)
 DEPEND[wp-mmx.s]=../perlasm/x86asm.pl
 
 GENERATE[wp-x86_64.s]=asm/wp-x86_64.pl $(PERLASM_SCHEME)
diff --git a/deps/openssl/openssl/crypto/whrlpool/wp_block.c b/deps/openssl/openssl/crypto/whrlpool/wp_block.c
index b29f037bf7..0cc92a3b01 100644
--- a/deps/openssl/openssl/crypto/whrlpool/wp_block.c
+++ b/deps/openssl/openssl/crypto/whrlpool/wp_block.c
@@ -10,14 +10,6 @@
 /**
  * The Whirlpool hashing function.
  *
- * <P>
- * <b>References</b>
- *
- * <P>
- * The Whirlpool algorithm was developed by
- * <a href="mailto:pbarreto@scopus.com.br">Paulo S. L. M. Barreto</a> and
- * <a href="mailto:vincent.rijmen@cryptomathic.com">Vincent Rijmen</a>.
- *
  * See
  *      P.S.L.M. Barreto, V. Rijmen,
  *      ``The Whirlpool hashing function,''
diff --git a/deps/openssl/openssl/crypto/whrlpool/wp_dgst.c b/deps/openssl/openssl/crypto/whrlpool/wp_dgst.c
index 6d925517a2..1ac29803a4 100644
--- a/deps/openssl/openssl/crypto/whrlpool/wp_dgst.c
+++ b/deps/openssl/openssl/crypto/whrlpool/wp_dgst.c
@@ -10,14 +10,6 @@
 /**
  * The Whirlpool hashing function.
  *
- * <P>
- * <b>References</b>
- *
- * <P>
- * The Whirlpool algorithm was developed by
- * <a href="mailto:pbarreto@scopus.com.br">Paulo S. L. M. Barreto</a> and
- * <a href="mailto:vincent.rijmen@cryptomathic.com">Vincent Rijmen</a>.
- *
  * See
  *      P.S.L.M. Barreto, V. Rijmen,
  *      ``The Whirlpool hashing function,''
@@ -67,7 +59,7 @@
 int WHIRLPOOL_Init(WHIRLPOOL_CTX *c)
 {
     memset(c, 0, sizeof(*c));
-    return (1);
+    return 1;
 }
 
 int WHIRLPOOL_Update(WHIRLPOOL_CTX *c, const void *_inp, size_t bytes)
@@ -88,7 +80,7 @@ int WHIRLPOOL_Update(WHIRLPOOL_CTX *c, const void *_inp, size_t bytes)
     if (bytes)
         WHIRLPOOL_BitUpdate(c, inp, bytes * 8);
 
-    return (1);
+    return 1;
 }
 
 void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, const void *_inp, size_t bits)
@@ -247,9 +239,9 @@ int WHIRLPOOL_Final(unsigned char *md, WHIRLPOOL_CTX *c)
     if (md) {
         memcpy(md, c->H.c, WHIRLPOOL_DIGEST_LENGTH);
         OPENSSL_cleanse(c, sizeof(*c));
-        return (1);
+        return 1;
     }
-    return (0);
+    return 0;
 }
 
 unsigned char *WHIRLPOOL(const void *inp, size_t bytes, unsigned char *md)
@@ -262,5 +254,5 @@ unsigned char *WHIRLPOOL(const void *inp, size_t bytes, unsigned char *md)
     WHIRLPOOL_Init(&ctx);
     WHIRLPOOL_Update(&ctx, inp, bytes);
     WHIRLPOOL_Final(md, &ctx);
-    return (md);
+    return md;
 }
diff --git a/deps/openssl/openssl/crypto/x509/by_dir.c b/deps/openssl/openssl/crypto/x509/by_dir.c
index 4fa1dd37b9..b3760dbadf 100644
--- a/deps/openssl/openssl/crypto/x509/by_dir.c
+++ b/deps/openssl/openssl/crypto/x509/by_dir.c
@@ -7,19 +7,17 @@
  * https://www.openssl.org/source/license.html
  */
 
+#include "e_os.h"
+#include "internal/cryptlib.h"
 #include <stdio.h>
 #include <time.h>
 #include <errno.h>
 #include <sys/types.h>
 
-#include "internal/cryptlib.h"
-
 #ifndef OPENSSL_NO_POSIX_IO
 # include <sys/stat.h>
 #endif
 
-
-#include <openssl/lhash.h>
 #include <openssl/x509.h>
 #include "internal/x509_int.h"
 #include "x509_lcl.h"
@@ -50,7 +48,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type,
                                X509_NAME *name, X509_OBJECT *ret);
 static X509_LOOKUP_METHOD x509_dir_lookup = {
     "Load certs from files in a directory",
-    new_dir,                    /* new */
+    new_dir,                    /* new_item */
     free_dir,                   /* free */
     NULL,                       /* init */
     NULL,                       /* shutdown */
@@ -63,22 +61,19 @@ static X509_LOOKUP_METHOD x509_dir_lookup = {
 
 X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void)
 {
-    return (&x509_dir_lookup);
+    return &x509_dir_lookup;
 }
 
 static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
                     char **retp)
 {
     int ret = 0;
-    BY_DIR *ld;
-    char *dir = NULL;
-
-    ld = (BY_DIR *)ctx->method_data;
+    BY_DIR *ld = (BY_DIR *)ctx->method_data;
 
     switch (cmd) {
     case X509_L_ADD_DIR:
         if (argl == X509_FILETYPE_DEFAULT) {
-            dir = (char *)ossl_safe_getenv(X509_get_default_cert_dir_env());
+            const char *dir = ossl_safe_getenv(X509_get_default_cert_dir_env());
 
             if (dir)
                 ret = add_cert_dir(ld, dir, X509_FILETYPE_PEM);
@@ -92,28 +87,35 @@ static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
             ret = add_cert_dir(ld, argp, (int)argl);
         break;
     }
-    return (ret);
+    return ret;
 }
 
 static int new_dir(X509_LOOKUP *lu)
 {
-    BY_DIR *a;
+    BY_DIR *a = OPENSSL_malloc(sizeof(*a));
 
-    if ((a = OPENSSL_malloc(sizeof(*a))) == NULL)
+    if (a == NULL) {
+        X509err(X509_F_NEW_DIR, ERR_R_MALLOC_FAILURE);
         return 0;
+    }
+
     if ((a->buffer = BUF_MEM_new()) == NULL) {
-        OPENSSL_free(a);
-        return 0;
+        X509err(X509_F_NEW_DIR, ERR_R_MALLOC_FAILURE);
+        goto err;
     }
     a->dirs = NULL;
     a->lock = CRYPTO_THREAD_lock_new();
     if (a->lock == NULL) {
         BUF_MEM_free(a->buffer);
-        OPENSSL_free(a);
-        return 0;
+        X509err(X509_F_NEW_DIR, ERR_R_MALLOC_FAILURE);
+        goto err;
     }
     lu->method_data = a;
     return 1;
+
+ err:
+    OPENSSL_free(a);
+    return 0;
 }
 
 static void by_dir_hash_free(BY_DIR_HASH *hash)
@@ -140,9 +142,8 @@ static void by_dir_entry_free(BY_DIR_ENTRY *ent)
 
 static void free_dir(X509_LOOKUP *lu)
 {
-    BY_DIR *a;
+    BY_DIR *a = (BY_DIR *)lu->method_data;
 
-    a = (BY_DIR *)lu->method_data;
     sk_BY_DIR_ENTRY_pop_free(a->dirs, by_dir_entry_free);
     BUF_MEM_free(a->buffer);
     CRYPTO_THREAD_lock_free(a->lock);
@@ -151,7 +152,9 @@ static void free_dir(X509_LOOKUP *lu)
 
 static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
 {
-    const char *s, *p;
+    int j;
+    size_t len;
+    const char *s, *ss, *p;
 
     if (dir == NULL || !*dir) {
         X509err(X509_F_ADD_CERT_DIR, X509_R_INVALID_DIRECTORY);
@@ -163,17 +166,15 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
     do {
         if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0')) {
             BY_DIR_ENTRY *ent;
-            int j;
-            size_t len;
-            const char *ss = s;
+
+            ss = s;
             s = p + 1;
             len = p - ss;
             if (len == 0)
                 continue;
             for (j = 0; j < sk_BY_DIR_ENTRY_num(ctx->dirs); j++) {
                 ent = sk_BY_DIR_ENTRY_value(ctx->dirs, j);
-                if (strlen(ent->dir) == len &&
-                    strncmp(ent->dir, ss, len) == 0)
+                if (strlen(ent->dir) == len && strncmp(ent->dir, ss, len) == 0)
                     break;
             }
             if (j < sk_BY_DIR_ENTRY_num(ctx->dirs))
@@ -186,8 +187,10 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
                 }
             }
             ent = OPENSSL_malloc(sizeof(*ent));
-            if (ent == NULL)
+            if (ent == NULL) {
+                X509err(X509_F_ADD_CERT_DIR, ERR_R_MALLOC_FAILURE);
                 return 0;
+            }
             ent->dir_type = type;
             ent->hashes = sk_BY_DIR_HASH_new(by_dir_hash_cmp);
             ent->dir = OPENSSL_strndup(ss, len);
@@ -197,6 +200,7 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
             }
             if (!sk_BY_DIR_ENTRY_push(ctx->dirs, ent)) {
                 by_dir_entry_free(ent);
+                X509err(X509_F_ADD_CERT_DIR, ERR_R_MALLOC_FAILURE);
                 return 0;
             }
         }
@@ -220,7 +224,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type,
     const char *postfix = "";
 
     if (name == NULL)
-        return (0);
+        return 0;
 
     stmp.type = type;
     if (type == X509_LU_X509) {
@@ -248,6 +252,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type,
         BY_DIR_ENTRY *ent;
         int idx;
         BY_DIR_HASH htmp, *hent;
+
         ent = sk_BY_DIR_ENTRY_value(ctx->dirs, i);
         j = strlen(ent->dir) + 1 + 8 + 6 + 1 + 1;
         if (!BUF_MEM_grow(b, j)) {
@@ -324,10 +329,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type,
          */
         CRYPTO_THREAD_write_lock(ctx->lock);
         j = sk_X509_OBJECT_find(xl->store_ctx->objs, &stmp);
-        if (j != -1)
-            tmp = sk_X509_OBJECT_value(xl->store_ctx->objs, j);
-        else
-            tmp = NULL;
+        tmp = sk_X509_OBJECT_value(xl->store_ctx->objs, j);
         CRYPTO_THREAD_unlock(ctx->lock);
 
         /* If a CRL, update the last file suffix added for this */
@@ -338,13 +340,12 @@ static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type,
              * Look for entry again in case another thread added an entry
              * first.
              */
-            if (!hent) {
+            if (hent == NULL) {
                 htmp.hash = h;
                 idx = sk_BY_DIR_HASH_find(ent->hashes, &htmp);
-                if (idx >= 0)
-                    hent = sk_BY_DIR_HASH_value(ent->hashes, idx);
+                hent = sk_BY_DIR_HASH_value(ent->hashes, idx);
             }
-            if (!hent) {
+            if (hent == NULL) {
                 hent = OPENSSL_malloc(sizeof(*hent));
                 if (hent == NULL) {
                     CRYPTO_THREAD_unlock(ctx->lock);
@@ -357,6 +358,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type,
                 if (!sk_BY_DIR_HASH_push(ent->hashes, hent)) {
                     CRYPTO_THREAD_unlock(ctx->lock);
                     OPENSSL_free(hent);
+                    X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_MALLOC_FAILURE);
                     ok = 0;
                     goto finish;
                 }
@@ -372,16 +374,17 @@ static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type,
             ok = 1;
             ret->type = tmp->type;
             memcpy(&ret->data, &tmp->data, sizeof(ret->data));
+
             /*
-             * If we were going to up the reference count, we would need to
-             * do it on a perl 'type' basis
+             * Clear any errors that might have been raised processing empty
+             * or malformed files.
              */
-        /*- CRYPTO_add(&tmp->data.x509->references,1,
-                    CRYPTO_LOCK_X509);*/
+            ERR_clear_error();
+
             goto finish;
         }
     }
  finish:
     BUF_MEM_free(b);
-    return (ok);
+    return ok;
 }
diff --git a/deps/openssl/openssl/crypto/x509/by_file.c b/deps/openssl/openssl/crypto/x509/by_file.c
index 77a7c4a2a6..244512c935 100644
--- a/deps/openssl/openssl/crypto/x509/by_file.c
+++ b/deps/openssl/openssl/crypto/x509/by_file.c
@@ -12,7 +12,6 @@
 #include <errno.h>
 
 #include "internal/cryptlib.h"
-#include <openssl/lhash.h>
 #include <openssl/buffer.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
@@ -22,7 +21,7 @@ static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
                         long argl, char **ret);
 static X509_LOOKUP_METHOD x509_file_lookup = {
     "Load file into cache",
-    NULL,                       /* new */
+    NULL,                       /* new_item */
     NULL,                       /* free */
     NULL,                       /* init */
     NULL,                       /* shutdown */
@@ -35,7 +34,7 @@ static X509_LOOKUP_METHOD x509_file_lookup = {
 
 X509_LOOKUP_METHOD *X509_LOOKUP_file(void)
 {
-    return (&x509_file_lookup);
+    return &x509_file_lookup;
 }
 
 static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp,
@@ -69,7 +68,7 @@ static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp,
         }
         break;
     }
-    return (ok);
+    return ok;
 }
 
 int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type)
@@ -79,8 +78,6 @@ int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type)
     int i, count = 0;
     X509 *x = NULL;
 
-    if (file == NULL)
-        return (1);
     in = BIO_new(BIO_s_file());
 
     if ((in == NULL) || (BIO_read_filename(in, file) <= 0)) {
@@ -123,10 +120,12 @@ int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type)
         X509err(X509_F_X509_LOAD_CERT_FILE, X509_R_BAD_X509_FILETYPE);
         goto err;
     }
+    if (ret == 0)
+        X509err(X509_F_X509_LOAD_CERT_FILE, X509_R_NO_CERTIFICATE_FOUND);
  err:
     X509_free(x);
     BIO_free(in);
-    return (ret);
+    return ret;
 }
 
 int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type)
@@ -136,8 +135,6 @@ int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type)
     int i, count = 0;
     X509_CRL *x = NULL;
 
-    if (file == NULL)
-        return (1);
     in = BIO_new(BIO_s_file());
 
     if ((in == NULL) || (BIO_read_filename(in, file) <= 0)) {
@@ -180,10 +177,12 @@ int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type)
         X509err(X509_F_X509_LOAD_CRL_FILE, X509_R_BAD_X509_FILETYPE);
         goto err;
     }
+    if (ret == 0)
+        X509err(X509_F_X509_LOAD_CRL_FILE, X509_R_NO_CRL_FOUND);
  err:
     X509_CRL_free(x);
     BIO_free(in);
-    return (ret);
+    return ret;
 }
 
 int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type)
@@ -192,6 +191,7 @@ int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type)
     X509_INFO *itmp;
     BIO *in;
     int i, count = 0;
+
     if (type != X509_FILETYPE_PEM)
         return X509_load_cert_file(ctx, file, type);
     in = BIO_new_file(file, "r");
@@ -208,14 +208,20 @@ int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type)
     for (i = 0; i < sk_X509_INFO_num(inf); i++) {
         itmp = sk_X509_INFO_value(inf, i);
         if (itmp->x509) {
-            X509_STORE_add_cert(ctx->store_ctx, itmp->x509);
+            if (!X509_STORE_add_cert(ctx->store_ctx, itmp->x509))
+                goto err;
             count++;
         }
         if (itmp->crl) {
-            X509_STORE_add_crl(ctx->store_ctx, itmp->crl);
+            if (!X509_STORE_add_crl(ctx->store_ctx, itmp->crl))
+                goto err;
             count++;
         }
     }
+    if (count == 0)
+        X509err(X509_F_X509_LOAD_CERT_CRL_FILE,
+                X509_R_NO_CERTIFICATE_OR_CRL_FOUND);
+ err:
     sk_X509_INFO_pop_free(inf, X509_INFO_free);
     return count;
 }
diff --git a/deps/openssl/openssl/crypto/x509/t_crl.c b/deps/openssl/openssl/crypto/x509/t_crl.c
index f3ca6db8e5..8e262912ff 100644
--- a/deps/openssl/openssl/crypto/x509/t_crl.c
+++ b/deps/openssl/openssl/crypto/x509/t_crl.c
@@ -23,24 +23,28 @@ int X509_CRL_print_fp(FILE *fp, X509_CRL *x)
 
     if ((b = BIO_new(BIO_s_file())) == NULL) {
         X509err(X509_F_X509_CRL_PRINT_FP, ERR_R_BUF_LIB);
-        return (0);
+        return 0;
     }
     BIO_set_fp(b, fp, BIO_NOCLOSE);
     ret = X509_CRL_print(b, x);
     BIO_free(b);
-    return (ret);
+    return ret;
 }
 #endif
 
 int X509_CRL_print(BIO *out, X509_CRL *x)
 {
+  return X509_CRL_print_ex(out, x, XN_FLAG_COMPAT);
+}
+
+int X509_CRL_print_ex(BIO *out, X509_CRL *x, unsigned long nmflag)
+{
     STACK_OF(X509_REVOKED) *rev;
     X509_REVOKED *r;
     const X509_ALGOR *sig_alg;
     const ASN1_BIT_STRING *sig;
     long l;
     int i;
-    char *p;
 
     BIO_printf(out, "Certificate Revocation List (CRL):\n");
     l = X509_CRL_get_version(x);
@@ -49,10 +53,11 @@ int X509_CRL_print(BIO *out, X509_CRL *x)
     else
         BIO_printf(out, "%8sVersion unknown (%ld)\n", "", l);
     X509_CRL_get0_signature(x, &sig, &sig_alg);
+    BIO_puts(out, "    ");
     X509_signature_print(out, sig_alg, NULL);
-    p = X509_NAME_oneline(X509_CRL_get_issuer(x), NULL, 0);
-    BIO_printf(out, "%8sIssuer: %s\n", "", p);
-    OPENSSL_free(p);
+    BIO_printf(out, "%8sIssuer: ", "");
+    X509_NAME_print_ex(out, X509_CRL_get_issuer(x), 0, nmflag);
+    BIO_puts(out, "\n");
     BIO_printf(out, "%8sLast Update: ", "");
     ASN1_TIME_print(out, X509_CRL_get0_lastUpdate(x));
     BIO_printf(out, "\n%8sNext Update: ", "");
diff --git a/deps/openssl/openssl/crypto/x509/t_req.c b/deps/openssl/openssl/crypto/x509/t_req.c
index 77ce810835..2d4c591b74 100644
--- a/deps/openssl/openssl/crypto/x509/t_req.c
+++ b/deps/openssl/openssl/crypto/x509/t_req.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -25,12 +25,12 @@ int X509_REQ_print_fp(FILE *fp, X509_REQ *x)
 
     if ((b = BIO_new(BIO_s_file())) == NULL) {
         X509err(X509_F_X509_REQ_PRINT_FP, ERR_R_BUF_LIB);
-        return (0);
+        return 0;
     }
     BIO_set_fp(b, fp, BIO_NOCLOSE);
     ret = X509_REQ_print(b, x);
     BIO_free(b);
-    return (ret);
+    return ret;
 }
 #endif
 
@@ -93,10 +93,12 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags,
 
         pkey = X509_REQ_get0_pubkey(x);
         if (pkey == NULL) {
-            BIO_printf(bp, "%12sUnable to load Public Key\n", "");
+            if (BIO_printf(bp, "%12sUnable to load Public Key\n", "") <= 0)
+                goto err;
             ERR_print_errors(bp);
         } else {
-            EVP_PKEY_print_public(bp, pkey, 16, NULL);
+            if (EVP_PKEY_print_public(bp, pkey, 16, NULL) <= 0)
+                goto err;
         }
     }
 
@@ -135,16 +137,22 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags,
                         goto err;
                 if (BIO_puts(bp, ":") <= 0)
                     goto err;
-                if ((type == V_ASN1_PRINTABLESTRING) ||
-                    (type == V_ASN1_T61STRING) ||
-                    (type == V_ASN1_UTF8STRING) ||
-                    (type == V_ASN1_IA5STRING)) {
+                switch (type) {
+                case V_ASN1_PRINTABLESTRING:
+                case V_ASN1_T61STRING:
+                case V_ASN1_NUMERICSTRING:
+                case V_ASN1_UTF8STRING:
+                case V_ASN1_IA5STRING:
                     if (BIO_write(bp, (char *)bs->data, bs->length)
-                        != bs->length)
+                            != bs->length)
+                        goto err;
+                    if (BIO_puts(bp, "\n") <= 0)
+                        goto err;
+                    break;
+                default:
+                    if (BIO_puts(bp, "unable to print attribute\n") <= 0)
                         goto err;
-                    BIO_puts(bp, "\n");
-                } else {
-                    BIO_puts(bp, "unable to print attribute\n");
+                    break;
                 }
                 if (++ii < count)
                     goto get_next;
@@ -154,7 +162,8 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags,
     if (!(cflag & X509_FLAG_NO_EXTENSIONS)) {
         exts = X509_REQ_get_extensions(x);
         if (exts) {
-            BIO_printf(bp, "%8sRequested Extensions:\n", "");
+            if (BIO_printf(bp, "%8sRequested Extensions:\n", "") <= 0)
+                goto err;
             for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
                 ASN1_OBJECT *obj;
                 X509_EXTENSION *ex;
@@ -163,13 +172,16 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags,
                 if (BIO_printf(bp, "%12s", "") <= 0)
                     goto err;
                 obj = X509_EXTENSION_get_object(ex);
-                i2a_ASN1_OBJECT(bp, obj);
+                if (i2a_ASN1_OBJECT(bp, obj) <= 0)
+                    goto err;
                 critical = X509_EXTENSION_get_critical(ex);
                 if (BIO_printf(bp, ": %s\n", critical ? "critical" : "") <= 0)
                     goto err;
                 if (!X509V3_EXT_print(bp, ex, cflag, 16)) {
-                    BIO_printf(bp, "%16s", "");
-                    ASN1_STRING_print(bp, X509_EXTENSION_get_data(ex));
+                    if (BIO_printf(bp, "%16s", "") <= 0
+                        || ASN1_STRING_print(bp,
+                                             X509_EXTENSION_get_data(ex)) <= 0)
+                        goto err;
                 }
                 if (BIO_write(bp, "\n", 1) <= 0)
                     goto err;
@@ -186,10 +198,10 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags,
             goto err;
     }
 
-    return (1);
+    return 1;
  err:
     X509err(X509_F_X509_REQ_PRINT_EX, ERR_R_BUF_LIB);
-    return (0);
+    return 0;
 }
 
 int X509_REQ_print(BIO *bp, X509_REQ *x)
diff --git a/deps/openssl/openssl/crypto/x509/t_x509.c b/deps/openssl/openssl/crypto/x509/t_x509.c
index c7ced67f89..ccacbe7cbf 100644
--- a/deps/openssl/openssl/crypto/x509/t_x509.c
+++ b/deps/openssl/openssl/crypto/x509/t_x509.c
@@ -30,12 +30,12 @@ int X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag,
 
     if ((b = BIO_new(BIO_s_file())) == NULL) {
         X509err(X509_F_X509_PRINT_EX_FP, ERR_R_BUF_LIB);
-        return (0);
+        return 0;
     }
     BIO_set_fp(b, fp, BIO_NOCLOSE);
     ret = X509_print_ex(b, x, nmflag, cflag);
     BIO_free(b);
-    return (ret);
+    return ret;
 }
 #endif
 
@@ -119,6 +119,9 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags,
 
     if (!(cflag & X509_FLAG_NO_SIGNAME)) {
         const X509_ALGOR *tsig_alg = X509_get0_tbs_sigalg(x);
+
+        if (BIO_puts(bp, "    ") <= 0)
+            goto err;
         if (X509_signature_print(bp, tsig_alg, NULL) <= 0)
             goto err;
     }
@@ -212,7 +215,7 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags,
     ret = 1;
  err:
     OPENSSL_free(m);
-    return (ret);
+    return ret;
 }
 
 int X509_ocspid_print(BIO *bp, X509 *x)
@@ -266,10 +269,10 @@ int X509_ocspid_print(BIO *bp, X509 *x)
     }
     BIO_printf(bp, "\n");
 
-    return (1);
+    return 1;
  err:
     OPENSSL_free(der);
-    return (0);
+    return 0;
 }
 
 int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent)
diff --git a/deps/openssl/openssl/crypto/x509/x509_att.c b/deps/openssl/openssl/crypto/x509/x509_att.c
index 836bca505e..63895efe46 100644
--- a/deps/openssl/openssl/crypto/x509/x509_att.c
+++ b/deps/openssl/openssl/crypto/x509/x509_att.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -9,7 +9,7 @@
 
 #include <stdio.h>
 #include "internal/cryptlib.h"
-#include <openssl/stack.h>
+#include <openssl/safestack.h>
 #include <openssl/asn1.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
@@ -28,8 +28,8 @@ int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
     const ASN1_OBJECT *obj = OBJ_nid2obj(nid);
 
     if (obj == NULL)
-        return (-2);
-    return (X509at_get_attr_by_OBJ(x, obj, lastpos));
+        return -2;
+    return X509at_get_attr_by_OBJ(x, obj, lastpos);
 }
 
 int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk,
@@ -39,7 +39,7 @@ int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk,
     X509_ATTRIBUTE *ex;
 
     if (sk == NULL)
-        return (-1);
+        return -1;
     lastpos++;
     if (lastpos < 0)
         lastpos = 0;
@@ -47,17 +47,17 @@ int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk,
     for (; lastpos < n; lastpos++) {
         ex = sk_X509_ATTRIBUTE_value(sk, lastpos);
         if (OBJ_cmp(ex->object, obj) == 0)
-            return (lastpos);
+            return lastpos;
     }
-    return (-1);
+    return -1;
 }
 
 X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc)
 {
     if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0)
         return NULL;
-    else
-        return sk_X509_ATTRIBUTE_value(x, loc);
+
+    return sk_X509_ATTRIBUTE_value(x, loc);
 }
 
 X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc)
@@ -65,9 +65,9 @@ X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc)
     X509_ATTRIBUTE *ret;
 
     if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0)
-        return (NULL);
+        return NULL;
     ret = sk_X509_ATTRIBUTE_delete(x, loc);
-    return (ret);
+    return ret;
 }
 
 STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
@@ -93,13 +93,13 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
         goto err;
     if (*x == NULL)
         *x = sk;
-    return (sk);
+    return sk;
  err:
     X509err(X509_F_X509AT_ADD1_ATTR, ERR_R_MALLOC_FAILURE);
  err2:
     X509_ATTRIBUTE_free(new_attr);
     sk_X509_ATTRIBUTE_free(sk);
-    return (NULL);
+    return NULL;
 }
 
 STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE)
@@ -175,12 +175,12 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
     obj = OBJ_nid2obj(nid);
     if (obj == NULL) {
         X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_NID, X509_R_UNKNOWN_NID);
-        return (NULL);
+        return NULL;
     }
     ret = X509_ATTRIBUTE_create_by_OBJ(attr, obj, atrtype, data, len);
     if (ret == NULL)
         ASN1_OBJECT_free(obj);
-    return (ret);
+    return ret;
 }
 
 X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
@@ -194,7 +194,7 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
         if ((ret = X509_ATTRIBUTE_new()) == NULL) {
             X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ,
                     ERR_R_MALLOC_FAILURE);
-            return (NULL);
+            return NULL;
         }
     } else
         ret = *attr;
@@ -206,11 +206,11 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
 
     if ((attr != NULL) && (*attr == NULL))
         *attr = ret;
-    return (ret);
+    return ret;
  err:
     if ((attr == NULL) || (ret != *attr))
         X509_ATTRIBUTE_free(ret);
-    return (NULL);
+    return NULL;
 }
 
 X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
@@ -226,7 +226,7 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
         X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT,
                 X509_R_INVALID_FIELD_NAME);
         ERR_add_error_data(2, "name=", atrname);
-        return (NULL);
+        return NULL;
     }
     nattr = X509_ATTRIBUTE_create_by_OBJ(attr, obj, type, bytes, len);
     ASN1_OBJECT_free(obj);
@@ -236,7 +236,7 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
 int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj)
 {
     if ((attr == NULL) || (obj == NULL))
-        return (0);
+        return 0;
     ASN1_OBJECT_free(attr->object);
     attr->object = OBJ_dup(obj);
     return attr->object != NULL;
@@ -303,8 +303,8 @@ int X509_ATTRIBUTE_count(const X509_ATTRIBUTE *attr)
 ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr)
 {
     if (attr == NULL)
-        return (NULL);
-    return (attr->object);
+        return NULL;
+    return attr->object;
 }
 
 void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx,
diff --git a/deps/openssl/openssl/crypto/x509/x509_cmp.c b/deps/openssl/openssl/crypto/x509/x509_cmp.c
index 49b0368dfc..02fad0c671 100644
--- a/deps/openssl/openssl/crypto/x509/x509_cmp.c
+++ b/deps/openssl/openssl/crypto/x509/x509_cmp.c
@@ -8,7 +8,6 @@
  */
 
 #include <stdio.h>
-#include <ctype.h>
 #include "internal/cryptlib.h"
 #include <openssl/asn1.h>
 #include <openssl/objects.h>
@@ -25,8 +24,8 @@ int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b)
     bi = &b->cert_info;
     i = ASN1_INTEGER_cmp(&ai->serialNumber, &bi->serialNumber);
     if (i)
-        return (i);
-    return (X509_NAME_cmp(ai->issuer, bi->issuer));
+        return i;
+    return X509_NAME_cmp(ai->issuer, bi->issuer);
 }
 
 #ifndef OPENSSL_NO_MD5
@@ -56,23 +55,23 @@ unsigned long X509_issuer_and_serial_hash(X509 *a)
         ) & 0xffffffffL;
  err:
     EVP_MD_CTX_free(ctx);
-    return (ret);
+    return ret;
 }
 #endif
 
 int X509_issuer_name_cmp(const X509 *a, const X509 *b)
 {
-    return (X509_NAME_cmp(a->cert_info.issuer, b->cert_info.issuer));
+    return X509_NAME_cmp(a->cert_info.issuer, b->cert_info.issuer);
 }
 
 int X509_subject_name_cmp(const X509 *a, const X509 *b)
 {
-    return (X509_NAME_cmp(a->cert_info.subject, b->cert_info.subject));
+    return X509_NAME_cmp(a->cert_info.subject, b->cert_info.subject);
 }
 
 int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b)
 {
-    return (X509_NAME_cmp(a->crl.issuer, b->crl.issuer));
+    return X509_NAME_cmp(a->crl.issuer, b->crl.issuer);
 }
 
 int X509_CRL_match(const X509_CRL *a, const X509_CRL *b)
@@ -82,24 +81,24 @@ int X509_CRL_match(const X509_CRL *a, const X509_CRL *b)
 
 X509_NAME *X509_get_issuer_name(const X509 *a)
 {
-    return (a->cert_info.issuer);
+    return a->cert_info.issuer;
 }
 
 unsigned long X509_issuer_name_hash(X509 *x)
 {
-    return (X509_NAME_hash(x->cert_info.issuer));
+    return X509_NAME_hash(x->cert_info.issuer);
 }
 
 #ifndef OPENSSL_NO_MD5
 unsigned long X509_issuer_name_hash_old(X509 *x)
 {
-    return (X509_NAME_hash_old(x->cert_info.issuer));
+    return X509_NAME_hash_old(x->cert_info.issuer);
 }
 #endif
 
 X509_NAME *X509_get_subject_name(const X509 *a)
 {
-    return (a->cert_info.subject);
+    return a->cert_info.subject;
 }
 
 ASN1_INTEGER *X509_get_serialNumber(X509 *a)
@@ -114,13 +113,13 @@ const ASN1_INTEGER *X509_get0_serialNumber(const X509 *a)
 
 unsigned long X509_subject_name_hash(X509 *x)
 {
-    return (X509_NAME_hash(x->cert_info.subject));
+    return X509_NAME_hash(x->cert_info.subject);
 }
 
 #ifndef OPENSSL_NO_MD5
 unsigned long X509_subject_name_hash_old(X509 *x)
 {
-    return (X509_NAME_hash_old(x->cert_info.subject));
+    return X509_NAME_hash_old(x->cert_info.subject);
 }
 #endif
 
@@ -195,7 +194,7 @@ unsigned long X509_NAME_hash(X509_NAME *x)
     ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) |
            ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L)
         ) & 0xffffffffL;
-    return (ret);
+    return ret;
 }
 
 #ifndef OPENSSL_NO_MD5
@@ -224,7 +223,7 @@ unsigned long X509_NAME_hash_old(X509_NAME *x)
             ) & 0xffffffffL;
     EVP_MD_CTX_free(md_ctx);
 
-    return (ret);
+    return ret;
 }
 #endif
 
@@ -244,9 +243,9 @@ X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name,
     for (i = 0; i < sk_X509_num(sk); i++) {
         x509 = sk_X509_value(sk, i);
         if (X509_issuer_and_serial_cmp(x509, &x) == 0)
-            return (x509);
+            return x509;
     }
-    return (NULL);
+    return NULL;
 }
 
 X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name)
@@ -257,9 +256,9 @@ X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name)
     for (i = 0; i < sk_X509_num(sk); i++) {
         x509 = sk_X509_value(sk, i);
         if (X509_NAME_cmp(X509_get_subject_name(x509), name) == 0)
-            return (x509);
+            return x509;
     }
-    return (NULL);
+    return NULL;
 }
 
 EVP_PKEY *X509_get0_pubkey(const X509 *x)
diff --git a/deps/openssl/openssl/crypto/x509/x509_d2.c b/deps/openssl/openssl/crypto/x509/x509_d2.c
index cb03dbfa6c..099ffda1e1 100644
--- a/deps/openssl/openssl/crypto/x509/x509_d2.c
+++ b/deps/openssl/openssl/crypto/x509/x509_d2.c
@@ -18,18 +18,18 @@ int X509_STORE_set_default_paths(X509_STORE *ctx)
 
     lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_file());
     if (lookup == NULL)
-        return (0);
+        return 0;
     X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
 
     lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_hash_dir());
     if (lookup == NULL)
-        return (0);
+        return 0;
     X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
 
     /* clear any errors */
     ERR_clear_error();
 
-    return (1);
+    return 1;
 }
 
 int X509_STORE_load_locations(X509_STORE *ctx, const char *file,
@@ -40,18 +40,18 @@ int X509_STORE_load_locations(X509_STORE *ctx, const char *file,
     if (file != NULL) {
         lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_file());
         if (lookup == NULL)
-            return (0);
+            return 0;
         if (X509_LOOKUP_load_file(lookup, file, X509_FILETYPE_PEM) != 1)
-            return (0);
+            return 0;
     }
     if (path != NULL) {
         lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_hash_dir());
         if (lookup == NULL)
-            return (0);
+            return 0;
         if (X509_LOOKUP_add_dir(lookup, path, X509_FILETYPE_PEM) != 1)
-            return (0);
+            return 0;
     }
     if ((path == NULL) && (file == NULL))
-        return (0);
-    return (1);
+        return 0;
+    return 1;
 }
diff --git a/deps/openssl/openssl/crypto/x509/x509_def.c b/deps/openssl/openssl/crypto/x509/x509_def.c
index d11358e34f..bfa8d7d852 100644
--- a/deps/openssl/openssl/crypto/x509/x509_def.c
+++ b/deps/openssl/openssl/crypto/x509/x509_def.c
@@ -14,30 +14,30 @@
 
 const char *X509_get_default_private_dir(void)
 {
-    return (X509_PRIVATE_DIR);
+    return X509_PRIVATE_DIR;
 }
 
 const char *X509_get_default_cert_area(void)
 {
-    return (X509_CERT_AREA);
+    return X509_CERT_AREA;
 }
 
 const char *X509_get_default_cert_dir(void)
 {
-    return (X509_CERT_DIR);
+    return X509_CERT_DIR;
 }
 
 const char *X509_get_default_cert_file(void)
 {
-    return (X509_CERT_FILE);
+    return X509_CERT_FILE;
 }
 
 const char *X509_get_default_cert_dir_env(void)
 {
-    return (X509_CERT_DIR_EVP);
+    return X509_CERT_DIR_EVP;
 }
 
 const char *X509_get_default_cert_file_env(void)
 {
-    return (X509_CERT_FILE_EVP);
+    return X509_CERT_FILE_EVP;
 }
diff --git a/deps/openssl/openssl/crypto/x509/x509_err.c b/deps/openssl/openssl/crypto/x509/x509_err.c
index 9f91188a76..739708e24f 100644
--- a/deps/openssl/openssl/crypto/x509/x509_err.c
+++ b/deps/openssl/openssl/crypto/x509/x509_err.c
@@ -8,123 +8,162 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
 #include <openssl/err.h>
-#include <openssl/x509.h>
+#include <openssl/x509err.h>
 
-/* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509,0,reason)
-
-static ERR_STRING_DATA X509_str_functs[] = {
-    {ERR_FUNC(X509_F_ADD_CERT_DIR), "add_cert_dir"},
-    {ERR_FUNC(X509_F_BUILD_CHAIN), "build_chain"},
-    {ERR_FUNC(X509_F_BY_FILE_CTRL), "by_file_ctrl"},
-    {ERR_FUNC(X509_F_CHECK_NAME_CONSTRAINTS), "check_name_constraints"},
-    {ERR_FUNC(X509_F_CHECK_POLICY), "check_policy"},
-    {ERR_FUNC(X509_F_DANE_I2D), "dane_i2d"},
-    {ERR_FUNC(X509_F_DIR_CTRL), "dir_ctrl"},
-    {ERR_FUNC(X509_F_GET_CERT_BY_SUBJECT), "get_cert_by_subject"},
-    {ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_DECODE), "NETSCAPE_SPKI_b64_decode"},
-    {ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_ENCODE), "NETSCAPE_SPKI_b64_encode"},
-    {ERR_FUNC(X509_F_X509AT_ADD1_ATTR), "X509at_add1_attr"},
-    {ERR_FUNC(X509_F_X509V3_ADD_EXT), "X509v3_add_ext"},
-    {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_NID),
+static const ERR_STRING_DATA X509_str_functs[] = {
+    {ERR_PACK(ERR_LIB_X509, X509_F_ADD_CERT_DIR, 0), "add_cert_dir"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_BUILD_CHAIN, 0), "build_chain"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_BY_FILE_CTRL, 0), "by_file_ctrl"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_CHECK_NAME_CONSTRAINTS, 0),
+     "check_name_constraints"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_CHECK_POLICY, 0), "check_policy"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_DANE_I2D, 0), "dane_i2d"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_DIR_CTRL, 0), "dir_ctrl"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_GET_CERT_BY_SUBJECT, 0),
+     "get_cert_by_subject"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_I2D_X509_AUX, 0), "i2d_X509_AUX"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_LOOKUP_CERTS_SK, 0), "lookup_certs_sk"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_NETSCAPE_SPKI_B64_DECODE, 0),
+     "NETSCAPE_SPKI_b64_decode"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_NETSCAPE_SPKI_B64_ENCODE, 0),
+     "NETSCAPE_SPKI_b64_encode"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_NEW_DIR, 0), "new_dir"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509AT_ADD1_ATTR, 0), "X509at_add1_attr"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509V3_ADD_EXT, 0), "X509v3_add_ext"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_ATTRIBUTE_CREATE_BY_NID, 0),
      "X509_ATTRIBUTE_create_by_NID"},
-    {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ),
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ, 0),
      "X509_ATTRIBUTE_create_by_OBJ"},
-    {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT),
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_ATTRIBUTE_CREATE_BY_TXT, 0),
      "X509_ATTRIBUTE_create_by_txt"},
-    {ERR_FUNC(X509_F_X509_ATTRIBUTE_GET0_DATA), "X509_ATTRIBUTE_get0_data"},
-    {ERR_FUNC(X509_F_X509_ATTRIBUTE_SET1_DATA), "X509_ATTRIBUTE_set1_data"},
-    {ERR_FUNC(X509_F_X509_CHECK_PRIVATE_KEY), "X509_check_private_key"},
-    {ERR_FUNC(X509_F_X509_CRL_DIFF), "X509_CRL_diff"},
-    {ERR_FUNC(X509_F_X509_CRL_PRINT_FP), "X509_CRL_print_fp"},
-    {ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_NID),
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_ATTRIBUTE_GET0_DATA, 0),
+     "X509_ATTRIBUTE_get0_data"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_ATTRIBUTE_SET1_DATA, 0),
+     "X509_ATTRIBUTE_set1_data"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_CHECK_PRIVATE_KEY, 0),
+     "X509_check_private_key"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_CRL_DIFF, 0), "X509_CRL_diff"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_CRL_METHOD_NEW, 0),
+     "X509_CRL_METHOD_new"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_CRL_PRINT_FP, 0), "X509_CRL_print_fp"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_EXTENSION_CREATE_BY_NID, 0),
      "X509_EXTENSION_create_by_NID"},
-    {ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_OBJ),
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_EXTENSION_CREATE_BY_OBJ, 0),
      "X509_EXTENSION_create_by_OBJ"},
-    {ERR_FUNC(X509_F_X509_GET_PUBKEY_PARAMETERS),
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_GET_PUBKEY_PARAMETERS, 0),
      "X509_get_pubkey_parameters"},
-    {ERR_FUNC(X509_F_X509_LOAD_CERT_CRL_FILE), "X509_load_cert_crl_file"},
-    {ERR_FUNC(X509_F_X509_LOAD_CERT_FILE), "X509_load_cert_file"},
-    {ERR_FUNC(X509_F_X509_LOAD_CRL_FILE), "X509_load_crl_file"},
-    {ERR_FUNC(X509_F_X509_LOOKUP_METH_NEW), "X509_LOOKUP_meth_new"},
-    {ERR_FUNC(X509_F_X509_NAME_ADD_ENTRY), "X509_NAME_add_entry"},
-    {ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_NID),
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_LOAD_CERT_CRL_FILE, 0),
+     "X509_load_cert_crl_file"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_LOAD_CERT_FILE, 0),
+     "X509_load_cert_file"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_LOAD_CRL_FILE, 0),
+     "X509_load_crl_file"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_LOOKUP_METH_NEW, 0),
+     "X509_LOOKUP_meth_new"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_LOOKUP_NEW, 0), "X509_LOOKUP_new"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_ADD_ENTRY, 0),
+     "X509_NAME_add_entry"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_CANON, 0), "x509_name_canon"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_ENTRY_CREATE_BY_NID, 0),
      "X509_NAME_ENTRY_create_by_NID"},
-    {ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT),
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_ENTRY_CREATE_BY_TXT, 0),
      "X509_NAME_ENTRY_create_by_txt"},
-    {ERR_FUNC(X509_F_X509_NAME_ENTRY_SET_OBJECT),
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_ENTRY_SET_OBJECT, 0),
      "X509_NAME_ENTRY_set_object"},
-    {ERR_FUNC(X509_F_X509_NAME_ONELINE), "X509_NAME_oneline"},
-    {ERR_FUNC(X509_F_X509_NAME_PRINT), "X509_NAME_print"},
-    {ERR_FUNC(X509_F_X509_OBJECT_NEW), "X509_OBJECT_new"},
-    {ERR_FUNC(X509_F_X509_PRINT_EX_FP), "X509_print_ex_fp"},
-    {ERR_FUNC(X509_F_X509_PUBKEY_DECODE), "x509_pubkey_decode"},
-    {ERR_FUNC(X509_F_X509_PUBKEY_GET0), "X509_PUBKEY_get0"},
-    {ERR_FUNC(X509_F_X509_PUBKEY_SET), "X509_PUBKEY_set"},
-    {ERR_FUNC(X509_F_X509_REQ_CHECK_PRIVATE_KEY),
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_ONELINE, 0), "X509_NAME_oneline"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_PRINT, 0), "X509_NAME_print"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_OBJECT_NEW, 0), "X509_OBJECT_new"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_PRINT_EX_FP, 0), "X509_print_ex_fp"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_PUBKEY_DECODE, 0),
+     "x509_pubkey_decode"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_PUBKEY_GET0, 0), "X509_PUBKEY_get0"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_PUBKEY_SET, 0), "X509_PUBKEY_set"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_REQ_CHECK_PRIVATE_KEY, 0),
      "X509_REQ_check_private_key"},
-    {ERR_FUNC(X509_F_X509_REQ_PRINT_EX), "X509_REQ_print_ex"},
-    {ERR_FUNC(X509_F_X509_REQ_PRINT_FP), "X509_REQ_print_fp"},
-    {ERR_FUNC(X509_F_X509_REQ_TO_X509), "X509_REQ_to_X509"},
-    {ERR_FUNC(X509_F_X509_STORE_ADD_CERT), "X509_STORE_add_cert"},
-    {ERR_FUNC(X509_F_X509_STORE_ADD_CRL), "X509_STORE_add_crl"},
-    {ERR_FUNC(X509_F_X509_STORE_CTX_GET1_ISSUER),
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_REQ_PRINT_EX, 0), "X509_REQ_print_ex"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_REQ_PRINT_FP, 0), "X509_REQ_print_fp"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_REQ_TO_X509, 0), "X509_REQ_to_X509"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_ADD_CERT, 0),
+     "X509_STORE_add_cert"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_ADD_CRL, 0),
+     "X509_STORE_add_crl"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_ADD_LOOKUP, 0),
+     "X509_STORE_add_lookup"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_CTX_GET1_ISSUER, 0),
      "X509_STORE_CTX_get1_issuer"},
-    {ERR_FUNC(X509_F_X509_STORE_CTX_INIT), "X509_STORE_CTX_init"},
-    {ERR_FUNC(X509_F_X509_STORE_CTX_NEW), "X509_STORE_CTX_new"},
-    {ERR_FUNC(X509_F_X509_STORE_CTX_PURPOSE_INHERIT),
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_CTX_INIT, 0),
+     "X509_STORE_CTX_init"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_CTX_NEW, 0),
+     "X509_STORE_CTX_new"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_CTX_PURPOSE_INHERIT, 0),
      "X509_STORE_CTX_purpose_inherit"},
-    {ERR_FUNC(X509_F_X509_TO_X509_REQ), "X509_to_X509_REQ"},
-    {ERR_FUNC(X509_F_X509_TRUST_ADD), "X509_TRUST_add"},
-    {ERR_FUNC(X509_F_X509_TRUST_SET), "X509_TRUST_set"},
-    {ERR_FUNC(X509_F_X509_VERIFY_CERT), "X509_verify_cert"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_NEW, 0), "X509_STORE_new"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_TO_X509_REQ, 0), "X509_to_X509_REQ"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_TRUST_ADD, 0), "X509_TRUST_add"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_TRUST_SET, 0), "X509_TRUST_set"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_VERIFY_CERT, 0), "X509_verify_cert"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_VERIFY_PARAM_NEW, 0),
+     "X509_VERIFY_PARAM_new"},
     {0, NULL}
 };
 
-static ERR_STRING_DATA X509_str_reasons[] = {
-    {ERR_REASON(X509_R_AKID_MISMATCH), "akid mismatch"},
-    {ERR_REASON(X509_R_BAD_SELECTOR), "bad selector"},
-    {ERR_REASON(X509_R_BAD_X509_FILETYPE), "bad x509 filetype"},
-    {ERR_REASON(X509_R_BASE64_DECODE_ERROR), "base64 decode error"},
-    {ERR_REASON(X509_R_CANT_CHECK_DH_KEY), "cant check dh key"},
-    {ERR_REASON(X509_R_CERT_ALREADY_IN_HASH_TABLE),
-     "cert already in hash table"},
-    {ERR_REASON(X509_R_CRL_ALREADY_DELTA), "crl already delta"},
-    {ERR_REASON(X509_R_CRL_VERIFY_FAILURE), "crl verify failure"},
-    {ERR_REASON(X509_R_IDP_MISMATCH), "idp mismatch"},
-    {ERR_REASON(X509_R_INVALID_DIRECTORY), "invalid directory"},
-    {ERR_REASON(X509_R_INVALID_FIELD_NAME), "invalid field name"},
-    {ERR_REASON(X509_R_INVALID_TRUST), "invalid trust"},
-    {ERR_REASON(X509_R_ISSUER_MISMATCH), "issuer mismatch"},
-    {ERR_REASON(X509_R_KEY_TYPE_MISMATCH), "key type mismatch"},
-    {ERR_REASON(X509_R_KEY_VALUES_MISMATCH), "key values mismatch"},
-    {ERR_REASON(X509_R_LOADING_CERT_DIR), "loading cert dir"},
-    {ERR_REASON(X509_R_LOADING_DEFAULTS), "loading defaults"},
-    {ERR_REASON(X509_R_METHOD_NOT_SUPPORTED), "method not supported"},
-    {ERR_REASON(X509_R_NAME_TOO_LONG), "name too long"},
-    {ERR_REASON(X509_R_NEWER_CRL_NOT_NEWER), "newer crl not newer"},
-    {ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY),
-     "no cert set for us to verify"},
-    {ERR_REASON(X509_R_NO_CRL_NUMBER), "no crl number"},
-    {ERR_REASON(X509_R_PUBLIC_KEY_DECODE_ERROR), "public key decode error"},
-    {ERR_REASON(X509_R_PUBLIC_KEY_ENCODE_ERROR), "public key encode error"},
-    {ERR_REASON(X509_R_SHOULD_RETRY), "should retry"},
-    {ERR_REASON(X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN),
-     "unable to find parameters in chain"},
-    {ERR_REASON(X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY),
-     "unable to get certs public key"},
-    {ERR_REASON(X509_R_UNKNOWN_KEY_TYPE), "unknown key type"},
-    {ERR_REASON(X509_R_UNKNOWN_NID), "unknown nid"},
-    {ERR_REASON(X509_R_UNKNOWN_PURPOSE_ID), "unknown purpose id"},
-    {ERR_REASON(X509_R_UNKNOWN_TRUST_ID), "unknown trust id"},
-    {ERR_REASON(X509_R_UNSUPPORTED_ALGORITHM), "unsupported algorithm"},
-    {ERR_REASON(X509_R_WRONG_LOOKUP_TYPE), "wrong lookup type"},
-    {ERR_REASON(X509_R_WRONG_TYPE), "wrong type"},
+static const ERR_STRING_DATA X509_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_AKID_MISMATCH), "akid mismatch"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_BAD_SELECTOR), "bad selector"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_BAD_X509_FILETYPE), "bad x509 filetype"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_BASE64_DECODE_ERROR),
+    "base64 decode error"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_CANT_CHECK_DH_KEY), "cant check dh key"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_CERT_ALREADY_IN_HASH_TABLE),
+    "cert already in hash table"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_CRL_ALREADY_DELTA), "crl already delta"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_CRL_VERIFY_FAILURE),
+    "crl verify failure"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_IDP_MISMATCH), "idp mismatch"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_INVALID_DIRECTORY), "invalid directory"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_INVALID_FIELD_NAME),
+    "invalid field name"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_INVALID_TRUST), "invalid trust"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_ISSUER_MISMATCH), "issuer mismatch"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_KEY_TYPE_MISMATCH), "key type mismatch"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_KEY_VALUES_MISMATCH),
+    "key values mismatch"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_LOADING_CERT_DIR), "loading cert dir"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_LOADING_DEFAULTS), "loading defaults"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_METHOD_NOT_SUPPORTED),
+    "method not supported"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_NAME_TOO_LONG), "name too long"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_NEWER_CRL_NOT_NEWER),
+    "newer crl not newer"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_NO_CERTIFICATE_FOUND),
+    "no certificate found"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_NO_CERTIFICATE_OR_CRL_FOUND),
+    "no certificate or crl found"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY),
+    "no cert set for us to verify"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_NO_CRL_FOUND), "no crl found"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_NO_CRL_NUMBER), "no crl number"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_PUBLIC_KEY_DECODE_ERROR),
+    "public key decode error"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_PUBLIC_KEY_ENCODE_ERROR),
+    "public key encode error"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_SHOULD_RETRY), "should retry"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN),
+    "unable to find parameters in chain"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY),
+    "unable to get certs public key"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNKNOWN_KEY_TYPE), "unknown key type"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNKNOWN_NID), "unknown nid"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNKNOWN_PURPOSE_ID),
+    "unknown purpose id"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNKNOWN_TRUST_ID), "unknown trust id"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNSUPPORTED_ALGORITHM),
+    "unsupported algorithm"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_WRONG_LOOKUP_TYPE), "wrong lookup type"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_WRONG_TYPE), "wrong type"},
     {0, NULL}
 };
 
@@ -133,10 +172,9 @@ static ERR_STRING_DATA X509_str_reasons[] = {
 int ERR_load_X509_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
-
     if (ERR_func_error_string(X509_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, X509_str_functs);
-        ERR_load_strings(0, X509_str_reasons);
+        ERR_load_strings_const(X509_str_functs);
+        ERR_load_strings_const(X509_str_reasons);
     }
 #endif
     return 1;
diff --git a/deps/openssl/openssl/crypto/x509/x509_ext.c b/deps/openssl/openssl/crypto/x509/x509_ext.c
index 3c59079852..2db843760c 100644
--- a/deps/openssl/openssl/crypto/x509/x509_ext.c
+++ b/deps/openssl/openssl/crypto/x509/x509_ext.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -9,7 +9,6 @@
 
 #include <stdio.h>
 #include "internal/cryptlib.h"
-#include <openssl/stack.h>
 #include <openssl/asn1.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
@@ -19,33 +18,33 @@
 
 int X509_CRL_get_ext_count(const X509_CRL *x)
 {
-    return (X509v3_get_ext_count(x->crl.extensions));
+    return X509v3_get_ext_count(x->crl.extensions);
 }
 
 int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos)
 {
-    return (X509v3_get_ext_by_NID(x->crl.extensions, nid, lastpos));
+    return X509v3_get_ext_by_NID(x->crl.extensions, nid, lastpos);
 }
 
 int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, const ASN1_OBJECT *obj,
                             int lastpos)
 {
-    return (X509v3_get_ext_by_OBJ(x->crl.extensions, obj, lastpos));
+    return X509v3_get_ext_by_OBJ(x->crl.extensions, obj, lastpos);
 }
 
 int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos)
 {
-    return (X509v3_get_ext_by_critical(x->crl.extensions, crit, lastpos));
+    return X509v3_get_ext_by_critical(x->crl.extensions, crit, lastpos);
 }
 
 X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc)
 {
-    return (X509v3_get_ext(x->crl.extensions, loc));
+    return X509v3_get_ext(x->crl.extensions, loc);
 }
 
 X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc)
 {
-    return (X509v3_delete_ext(x->crl.extensions, loc));
+    return X509v3_delete_ext(x->crl.extensions, loc);
 }
 
 void *X509_CRL_get_ext_d2i(const X509_CRL *x, int nid, int *crit, int *idx)
@@ -66,17 +65,17 @@ int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc)
 
 int X509_get_ext_count(const X509 *x)
 {
-    return (X509v3_get_ext_count(x->cert_info.extensions));
+    return X509v3_get_ext_count(x->cert_info.extensions);
 }
 
 int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos)
 {
-    return (X509v3_get_ext_by_NID(x->cert_info.extensions, nid, lastpos));
+    return X509v3_get_ext_by_NID(x->cert_info.extensions, nid, lastpos);
 }
 
 int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj, int lastpos)
 {
-    return (X509v3_get_ext_by_OBJ(x->cert_info.extensions, obj, lastpos));
+    return X509v3_get_ext_by_OBJ(x->cert_info.extensions, obj, lastpos);
 }
 
 int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos)
@@ -87,12 +86,12 @@ int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos)
 
 X509_EXTENSION *X509_get_ext(const X509 *x, int loc)
 {
-    return (X509v3_get_ext(x->cert_info.extensions, loc));
+    return X509v3_get_ext(x->cert_info.extensions, loc);
 }
 
 X509_EXTENSION *X509_delete_ext(X509 *x, int loc)
 {
-    return (X509v3_delete_ext(x->cert_info.extensions, loc));
+    return X509v3_delete_ext(x->cert_info.extensions, loc);
 }
 
 int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc)
@@ -114,33 +113,33 @@ int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
 
 int X509_REVOKED_get_ext_count(const X509_REVOKED *x)
 {
-    return (X509v3_get_ext_count(x->extensions));
+    return X509v3_get_ext_count(x->extensions);
 }
 
 int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, int lastpos)
 {
-    return (X509v3_get_ext_by_NID(x->extensions, nid, lastpos));
+    return X509v3_get_ext_by_NID(x->extensions, nid, lastpos);
 }
 
 int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, const ASN1_OBJECT *obj,
                                 int lastpos)
 {
-    return (X509v3_get_ext_by_OBJ(x->extensions, obj, lastpos));
+    return X509v3_get_ext_by_OBJ(x->extensions, obj, lastpos);
 }
 
 int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, int crit, int lastpos)
 {
-    return (X509v3_get_ext_by_critical(x->extensions, crit, lastpos));
+    return X509v3_get_ext_by_critical(x->extensions, crit, lastpos);
 }
 
 X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc)
 {
-    return (X509v3_get_ext(x->extensions, loc));
+    return X509v3_get_ext(x->extensions, loc);
 }
 
 X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc)
 {
-    return (X509v3_delete_ext(x->extensions, loc));
+    return X509v3_delete_ext(x->extensions, loc);
 }
 
 int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc)
diff --git a/deps/openssl/openssl/crypto/x509/x509_lcl.h b/deps/openssl/openssl/crypto/x509/x509_lcl.h
index 8a47da4fef..c517a77456 100644
--- a/deps/openssl/openssl/crypto/x509/x509_lcl.h
+++ b/deps/openssl/openssl/crypto/x509/x509_lcl.h
@@ -7,6 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
+#include "internal/refcount.h"
+
 /*
  * This structure holds all parameters associated with a verify operation by
  * including an X509_VERIFY_PARAM structure in related structures the
@@ -130,7 +132,7 @@ struct x509_store_st {
     STACK_OF(X509_CRL) *(*lookup_crls) (X509_STORE_CTX *ctx, X509_NAME *nm);
     int (*cleanup) (X509_STORE_CTX *ctx);
     CRYPTO_EX_DATA ex_data;
-    int references;
+    CRYPTO_REF_COUNT references;
     CRYPTO_RWLOCK *lock;
 };
 
@@ -140,3 +142,6 @@ DEFINE_STACK_OF(BY_DIR_HASH)
 DEFINE_STACK_OF(BY_DIR_ENTRY)
 typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY;
 DEFINE_STACK_OF(STACK_OF_X509_NAME_ENTRY)
+
+void x509_set_signature_info(X509_SIG_INFO *siginf, const X509_ALGOR *alg,
+                             const ASN1_STRING *sig);
diff --git a/deps/openssl/openssl/crypto/x509/x509_lu.c b/deps/openssl/openssl/crypto/x509/x509_lu.c
index e5bea5b276..be39015b0d 100644
--- a/deps/openssl/openssl/crypto/x509/x509_lu.c
+++ b/deps/openssl/openssl/crypto/x509/x509_lu.c
@@ -9,7 +9,7 @@
 
 #include <stdio.h>
 #include "internal/cryptlib.h"
-#include <openssl/lhash.h>
+#include "internal/refcount.h"
 #include <openssl/x509.h>
 #include "internal/x509_int.h"
 #include <openssl/x509v3.h>
@@ -17,14 +17,15 @@
 
 X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method)
 {
-    X509_LOOKUP *ret;
+    X509_LOOKUP *ret = OPENSSL_zalloc(sizeof(*ret));
 
-    ret = OPENSSL_zalloc(sizeof(*ret));
-    if (ret == NULL)
+    if (ret == NULL) {
+        X509err(X509_F_X509_LOOKUP_NEW, ERR_R_MALLOC_FAILURE);
         return NULL;
+    }
 
     ret->method = method;
-    if ((method->new_item != NULL) && !method->new_item(ret)) {
+    if (method->new_item != NULL && method->new_item(ret) == 0) {
         OPENSSL_free(ret);
         return NULL;
     }
@@ -149,7 +150,7 @@ static int x509_object_cmp(const X509_OBJECT *const *a,
     case X509_LU_CRL:
         ret = X509_CRL_cmp((*a)->data.crl, (*b)->data.crl);
         break;
-    default:
+    case X509_LU_NONE:
         /* abort(); */
         return 0;
     }
@@ -158,25 +159,36 @@ static int x509_object_cmp(const X509_OBJECT *const *a,
 
 X509_STORE *X509_STORE_new(void)
 {
-    X509_STORE *ret;
+    X509_STORE *ret = OPENSSL_zalloc(sizeof(*ret));
 
-    if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL)
+    if (ret == NULL) {
+        X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE);
         return NULL;
-    if ((ret->objs = sk_X509_OBJECT_new(x509_object_cmp)) == NULL)
+    }
+    if ((ret->objs = sk_X509_OBJECT_new(x509_object_cmp)) == NULL) {
+        X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE);
         goto err;
+    }
     ret->cache = 1;
-    if ((ret->get_cert_methods = sk_X509_LOOKUP_new_null()) == NULL)
+    if ((ret->get_cert_methods = sk_X509_LOOKUP_new_null()) == NULL) {
+        X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE);
         goto err;
+    }
 
-    if ((ret->param = X509_VERIFY_PARAM_new()) == NULL)
+    if ((ret->param = X509_VERIFY_PARAM_new()) == NULL) {
+        X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE);
         goto err;
-
-    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data))
+    }
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data)) {
+        X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE);
         goto err;
+    }
 
     ret->lock = CRYPTO_THREAD_lock_new();
-    if (ret->lock == NULL)
+    if (ret->lock == NULL) {
+        X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE);
         goto err;
+    }
 
     ret->references = 1;
     return ret;
@@ -197,8 +209,7 @@ void X509_STORE_free(X509_STORE *vfy)
 
     if (vfy == NULL)
         return;
-
-    CRYPTO_atomic_add(&vfy->references, -1, &i, vfy->lock);
+    CRYPTO_DOWN_REF(&vfy->references, &i, vfy->lock);
     REF_PRINT_COUNT("X509_STORE", vfy);
     if (i > 0)
         return;
@@ -223,7 +234,7 @@ int X509_STORE_up_ref(X509_STORE *vfy)
 {
     int i;
 
-    if (CRYPTO_atomic_add(&vfy->references, 1, &i, vfy->lock) <= 0)
+    if (CRYPTO_UP_REF(&vfy->references, &i, vfy->lock) <= 0)
         return 0;
 
     REF_PRINT_COUNT("X509_STORE", a);
@@ -246,17 +257,18 @@ X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m)
     }
     /* a new one */
     lu = X509_LOOKUP_new(m);
-    if (lu == NULL)
+    if (lu == NULL) {
+        X509err(X509_F_X509_STORE_ADD_LOOKUP, ERR_R_MALLOC_FAILURE);
         return NULL;
-    else {
-        lu->store_ctx = v;
-        if (sk_X509_LOOKUP_push(v->get_cert_methods, lu))
-            return lu;
-        else {
-            X509_LOOKUP_free(lu);
-            return NULL;
-        }
     }
+
+    lu->store_ctx = v;
+    if (sk_X509_LOOKUP_push(v->get_cert_methods, lu))
+        return lu;
+    /* malloc failed */
+    X509err(X509_F_X509_STORE_ADD_LOOKUP, ERR_R_MALLOC_FAILURE);
+    X509_LOOKUP_free(lu);
+    return NULL;
 }
 
 X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs,
@@ -310,8 +322,7 @@ int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type,
     return 1;
 }
 
-static int x509_store_add(X509_STORE *ctx, void *x, int crl)
-{
+static int x509_store_add(X509_STORE *ctx, void *x, int crl) {
     X509_OBJECT *obj;
     int ret = 0, added = 0;
 
@@ -349,7 +360,7 @@ static int x509_store_add(X509_STORE *ctx, void *x, int crl)
 
 int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
 {
-   if (!x509_store_add(ctx, x, 0)) {
+    if (!x509_store_add(ctx, x, 0)) {
         X509err(X509_F_X509_STORE_ADD_CERT, ERR_R_MALLOC_FAILURE);
         return 0;
     }
@@ -368,7 +379,7 @@ int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
 int X509_OBJECT_up_ref_count(X509_OBJECT *a)
 {
     switch (a->type) {
-    default:
+    case X509_LU_NONE:
         break;
     case X509_LU_X509:
         return X509_up_ref(a->data.x509);
@@ -397,7 +408,7 @@ X509_LOOKUP_TYPE X509_OBJECT_get_type(const X509_OBJECT *a)
     return a->type;
 }
 
-X509_OBJECT *X509_OBJECT_new()
+X509_OBJECT *X509_OBJECT_new(void)
 {
     X509_OBJECT *ret = OPENSSL_zalloc(sizeof(*ret));
 
@@ -414,7 +425,7 @@ static void x509_object_free_internal(X509_OBJECT *a)
     if (a == NULL)
         return;
     switch (a->type) {
-    default:
+    case X509_LU_NONE:
         break;
     case X509_LU_X509:
         X509_free(a->data.x509);
@@ -471,7 +482,7 @@ static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type,
         stmp.data.crl = &crl_s;
         crl_s.crl.issuer = name;
         break;
-    default:
+    case X509_LU_NONE:
         /* abort(); */
         return -1;
     }
@@ -608,17 +619,18 @@ STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm)
 X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h,
                                         X509_OBJECT *x)
 {
-    int idx, i;
+    int idx, i, num;
     X509_OBJECT *obj;
+
     idx = sk_X509_OBJECT_find(h, x);
-    if (idx == -1)
+    if (idx < 0)
         return NULL;
     if ((x->type != X509_LU_X509) && (x->type != X509_LU_CRL))
         return sk_X509_OBJECT_value(h, idx);
-    for (i = idx; i < sk_X509_OBJECT_num(h); i++) {
+    for (i = idx, num = sk_X509_OBJECT_num(h); i < num; i++) {
         obj = sk_X509_OBJECT_value(h, i);
-        if (x509_object_cmp
-            ((const X509_OBJECT **)&obj, (const X509_OBJECT **)&x))
+        if (x509_object_cmp((const X509_OBJECT **)&obj,
+                            (const X509_OBJECT **)&x))
             return NULL;
         if (x->type == X509_LU_X509) {
             if (!X509_cmp(obj->data.x509, x->data.x509))
diff --git a/deps/openssl/openssl/crypto/x509/x509_obj.c b/deps/openssl/openssl/crypto/x509/x509_obj.c
index 55dc778bba..85c39415c1 100644
--- a/deps/openssl/openssl/crypto/x509/x509_obj.c
+++ b/deps/openssl/openssl/crypto/x509/x509_obj.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -9,7 +9,6 @@
 
 #include <stdio.h>
 #include "internal/cryptlib.h"
-#include <openssl/lhash.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/buffer.h>
@@ -173,10 +172,10 @@ char *X509_NAME_oneline(const X509_NAME *a, char *buf, int len)
         p = buf;
     if (i == 0)
         *p = '\0';
-    return (p);
+    return p;
  err:
     X509err(X509_F_X509_NAME_ONELINE, ERR_R_MALLOC_FAILURE);
  end:
     BUF_MEM_free(b);
-    return (NULL);
+    return NULL;
 }
diff --git a/deps/openssl/openssl/crypto/x509/x509_req.c b/deps/openssl/openssl/crypto/x509/x509_req.c
index 7b88dbcd21..0bdbb81db8 100644
--- a/deps/openssl/openssl/crypto/x509/x509_req.c
+++ b/deps/openssl/openssl/crypto/x509/x509_req.c
@@ -54,24 +54,24 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
         if (!X509_REQ_sign(ret, pkey, md))
             goto err;
     }
-    return (ret);
+    return ret;
  err:
     X509_REQ_free(ret);
-    return (NULL);
+    return NULL;
 }
 
 EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req)
 {
     if (req == NULL)
-        return (NULL);
-    return (X509_PUBKEY_get(req->req_info.pubkey));
+        return NULL;
+    return X509_PUBKEY_get(req->req_info.pubkey);
 }
 
 EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req)
 {
     if (req == NULL)
         return NULL;
-    return (X509_PUBKEY_get0(req->req_info.pubkey));
+    return X509_PUBKEY_get0(req->req_info.pubkey);
 }
 
 X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req)
@@ -115,7 +115,7 @@ int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k)
     }
 
     EVP_PKEY_free(xk);
-    return (ok);
+    return ok;
 }
 
 /*
@@ -158,7 +158,7 @@ STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)
     const unsigned char *p;
 
     if ((req == NULL) || !ext_nids)
-        return (NULL);
+        return NULL;
     for (pnid = ext_nids; *pnid != NID_undef; pnid++) {
         idx = X509_REQ_get_attr_by_NID(req, *pnid, -1);
         if (idx == -1)
diff --git a/deps/openssl/openssl/crypto/x509/x509_set.c b/deps/openssl/openssl/crypto/x509/x509_set.c
index c0ea41883d..3ab6bf3511 100644
--- a/deps/openssl/openssl/crypto/x509/x509_set.c
+++ b/deps/openssl/openssl/crypto/x509/x509_set.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -9,26 +9,30 @@
 
 #include <stdio.h>
 #include "internal/cryptlib.h"
+#include "internal/refcount.h"
 #include <openssl/asn1.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include "internal/asn1_int.h"
 #include "internal/x509_int.h"
+#include "x509_lcl.h"
 
 int X509_set_version(X509 *x, long version)
 {
     if (x == NULL)
-        return (0);
+        return 0;
     if (version == 0) {
         ASN1_INTEGER_free(x->cert_info.version);
         x->cert_info.version = NULL;
-        return (1);
+        return 1;
     }
     if (x->cert_info.version == NULL) {
         if ((x->cert_info.version = ASN1_INTEGER_new()) == NULL)
-            return (0);
+            return 0;
     }
-    return (ASN1_INTEGER_set(x->cert_info.version, version));
+    return ASN1_INTEGER_set(x->cert_info.version, version);
 }
 
 int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial)
@@ -46,15 +50,15 @@ int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial)
 int X509_set_issuer_name(X509 *x, X509_NAME *name)
 {
     if (x == NULL)
-        return (0);
-    return (X509_NAME_set(&x->cert_info.issuer, name));
+        return 0;
+    return X509_NAME_set(&x->cert_info.issuer, name);
 }
 
 int X509_set_subject_name(X509 *x, X509_NAME *name)
 {
     if (x == NULL)
-        return (0);
-    return (X509_NAME_set(&x->cert_info.subject, name));
+        return 0;
+    return X509_NAME_set(&x->cert_info.subject, name);
 }
 
 int x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm)
@@ -88,15 +92,15 @@ int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm)
 int X509_set_pubkey(X509 *x, EVP_PKEY *pkey)
 {
     if (x == NULL)
-        return (0);
-    return (X509_PUBKEY_set(&(x->cert_info.key), pkey));
+        return 0;
+    return X509_PUBKEY_set(&(x->cert_info.key), pkey);
 }
 
 int X509_up_ref(X509 *x)
 {
     int i;
 
-    if (CRYPTO_atomic_add(&x->references, 1, &i, x->lock) <= 0)
+    if (CRYPTO_UP_REF(&x->references, &i, x->lock) <= 0)
         return 0;
 
     REF_PRINT_COUNT("X509", x);
@@ -157,3 +161,77 @@ const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x)
 {
     return &x->cert_info.signature;
 }
+
+int X509_SIG_INFO_get(const X509_SIG_INFO *siginf, int *mdnid, int *pknid,
+                      int *secbits, uint32_t *flags)
+{
+    if (mdnid != NULL)
+        *mdnid = siginf->mdnid;
+    if (pknid != NULL)
+        *pknid = siginf->pknid;
+    if (secbits != NULL)
+        *secbits = siginf->secbits;
+    if (flags != NULL)
+        *flags = siginf->flags;
+    return (siginf->flags & X509_SIG_INFO_VALID) != 0;
+}
+
+void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid,
+                       int secbits, uint32_t flags)
+{
+    siginf->mdnid = mdnid;
+    siginf->pknid = pknid;
+    siginf->secbits = secbits;
+    siginf->flags = flags;
+}
+
+int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits,
+                            uint32_t *flags)
+{
+    X509_check_purpose(x, -1, -1);
+    return X509_SIG_INFO_get(&x->siginf, mdnid, pknid, secbits, flags);
+}
+
+static void x509_sig_info_init(X509_SIG_INFO *siginf, const X509_ALGOR *alg,
+                               const ASN1_STRING *sig)
+{
+    int pknid, mdnid;
+    const EVP_MD *md;
+
+    siginf->mdnid = NID_undef;
+    siginf->pknid = NID_undef;
+    siginf->secbits = -1;
+    siginf->flags = 0;
+    if (!OBJ_find_sigid_algs(OBJ_obj2nid(alg->algorithm), &mdnid, &pknid)
+            || pknid == NID_undef)
+        return;
+    siginf->pknid = pknid;
+    if (mdnid == NID_undef) {
+        /* If we have one, use a custom handler for this algorithm */
+        const EVP_PKEY_ASN1_METHOD *ameth = EVP_PKEY_asn1_find(NULL, pknid);
+        if (ameth == NULL || ameth->siginf_set == NULL
+                || ameth->siginf_set(siginf, alg, sig) == 0)
+            return;
+        siginf->flags |= X509_SIG_INFO_VALID;
+        return;
+    }
+    siginf->flags |= X509_SIG_INFO_VALID;
+    siginf->mdnid = mdnid;
+    md = EVP_get_digestbynid(mdnid);
+    if (md == NULL)
+        return;
+    /* Security bits: half number of bits in digest */
+    siginf->secbits = EVP_MD_size(md) * 4;
+    switch (mdnid) {
+        case NID_sha1:
+        case NID_sha256:
+        case NID_sha384:
+        case NID_sha512:
+        siginf->flags |= X509_SIG_INFO_TLS;
+    }
+}
+
+void x509_init_sig_info(X509 *x)
+{
+    x509_sig_info_init(&x->siginf, &x->sig_alg, &x->signature);
+}
diff --git a/deps/openssl/openssl/crypto/x509/x509_trs.c b/deps/openssl/openssl/crypto/x509/x509_trs.c
index a9bb88d1e1..d749af4d59 100644
--- a/deps/openssl/openssl/crypto/x509/x509_trs.c
+++ b/deps/openssl/openssl/crypto/x509/x509_trs.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -98,13 +98,14 @@ int X509_TRUST_get_by_id(int id)
 {
     X509_TRUST tmp;
     int idx;
+
     if ((id >= X509_TRUST_MIN) && (id <= X509_TRUST_MAX))
         return id - X509_TRUST_MIN;
-    tmp.trust = id;
-    if (!trtable)
+    if (trtable == NULL)
         return -1;
+    tmp.trust = id;
     idx = sk_X509_TRUST_find(trtable, &tmp);
-    if (idx == -1)
+    if (idx < 0)
         return -1;
     return idx + X509_TRUST_COUNT;
 }
diff --git a/deps/openssl/openssl/crypto/x509/x509_txt.c b/deps/openssl/openssl/crypto/x509/x509_txt.c
index 66e5fcd02f..4755b39eb4 100644
--- a/deps/openssl/openssl/crypto/x509/x509_txt.c
+++ b/deps/openssl/openssl/crypto/x509/x509_txt.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -12,7 +12,6 @@
 #include <errno.h>
 
 #include "internal/cryptlib.h"
-#include <openssl/lhash.h>
 #include <openssl/buffer.h>
 #include <openssl/evp.h>
 #include <openssl/asn1.h>
@@ -23,155 +22,161 @@ const char *X509_verify_cert_error_string(long n)
 {
     switch ((int)n) {
     case X509_V_OK:
-        return ("ok");
+        return "ok";
     case X509_V_ERR_UNSPECIFIED:
-        return ("unspecified certificate verification error");
+        return "unspecified certificate verification error";
     case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
-        return ("unable to get issuer certificate");
+        return "unable to get issuer certificate";
     case X509_V_ERR_UNABLE_TO_GET_CRL:
-        return ("unable to get certificate CRL");
+        return "unable to get certificate CRL";
     case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
-        return ("unable to decrypt certificate's signature");
+        return "unable to decrypt certificate's signature";
     case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
-        return ("unable to decrypt CRL's signature");
+        return "unable to decrypt CRL's signature";
     case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
-        return ("unable to decode issuer public key");
+        return "unable to decode issuer public key";
     case X509_V_ERR_CERT_SIGNATURE_FAILURE:
-        return ("certificate signature failure");
+        return "certificate signature failure";
     case X509_V_ERR_CRL_SIGNATURE_FAILURE:
-        return ("CRL signature failure");
+        return "CRL signature failure";
     case X509_V_ERR_CERT_NOT_YET_VALID:
-        return ("certificate is not yet valid");
+        return "certificate is not yet valid";
     case X509_V_ERR_CERT_HAS_EXPIRED:
-        return ("certificate has expired");
+        return "certificate has expired";
     case X509_V_ERR_CRL_NOT_YET_VALID:
-        return ("CRL is not yet valid");
+        return "CRL is not yet valid";
     case X509_V_ERR_CRL_HAS_EXPIRED:
-        return ("CRL has expired");
+        return "CRL has expired";
     case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
-        return ("format error in certificate's notBefore field");
+        return "format error in certificate's notBefore field";
     case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
-        return ("format error in certificate's notAfter field");
+        return "format error in certificate's notAfter field";
     case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
-        return ("format error in CRL's lastUpdate field");
+        return "format error in CRL's lastUpdate field";
     case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
-        return ("format error in CRL's nextUpdate field");
+        return "format error in CRL's nextUpdate field";
     case X509_V_ERR_OUT_OF_MEM:
-        return ("out of memory");
+        return "out of memory";
     case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
-        return ("self signed certificate");
+        return "self signed certificate";
     case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
-        return ("self signed certificate in certificate chain");
+        return "self signed certificate in certificate chain";
     case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
-        return ("unable to get local issuer certificate");
+        return "unable to get local issuer certificate";
     case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
-        return ("unable to verify the first certificate");
+        return "unable to verify the first certificate";
     case X509_V_ERR_CERT_CHAIN_TOO_LONG:
-        return ("certificate chain too long");
+        return "certificate chain too long";
     case X509_V_ERR_CERT_REVOKED:
-        return ("certificate revoked");
+        return "certificate revoked";
     case X509_V_ERR_INVALID_CA:
-        return ("invalid CA certificate");
+        return "invalid CA certificate";
     case X509_V_ERR_PATH_LENGTH_EXCEEDED:
-        return ("path length constraint exceeded");
+        return "path length constraint exceeded";
     case X509_V_ERR_INVALID_PURPOSE:
-        return ("unsupported certificate purpose");
+        return "unsupported certificate purpose";
     case X509_V_ERR_CERT_UNTRUSTED:
-        return ("certificate not trusted");
+        return "certificate not trusted";
     case X509_V_ERR_CERT_REJECTED:
-        return ("certificate rejected");
+        return "certificate rejected";
     case X509_V_ERR_SUBJECT_ISSUER_MISMATCH:
-        return ("subject issuer mismatch");
+        return "subject issuer mismatch";
     case X509_V_ERR_AKID_SKID_MISMATCH:
-        return ("authority and subject key identifier mismatch");
+        return "authority and subject key identifier mismatch";
     case X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH:
-        return ("authority and issuer serial number mismatch");
+        return "authority and issuer serial number mismatch";
     case X509_V_ERR_KEYUSAGE_NO_CERTSIGN:
-        return ("key usage does not include certificate signing");
+        return "key usage does not include certificate signing";
     case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
-        return ("unable to get CRL issuer certificate");
+        return "unable to get CRL issuer certificate";
     case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:
-        return ("unhandled critical extension");
+        return "unhandled critical extension";
     case X509_V_ERR_KEYUSAGE_NO_CRL_SIGN:
-        return ("key usage does not include CRL signing");
+        return "key usage does not include CRL signing";
     case X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION:
-        return ("unhandled critical CRL extension");
+        return "unhandled critical CRL extension";
     case X509_V_ERR_INVALID_NON_CA:
-        return ("invalid non-CA certificate (has CA markings)");
+        return "invalid non-CA certificate (has CA markings)";
     case X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED:
-        return ("proxy path length constraint exceeded");
+        return "proxy path length constraint exceeded";
     case X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE:
-        return ("key usage does not include digital signature");
+        return "key usage does not include digital signature";
     case X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED:
         return
-            ("proxy certificates not allowed, please set the appropriate flag");
+            "proxy certificates not allowed, please set the appropriate flag";
     case X509_V_ERR_INVALID_EXTENSION:
-        return ("invalid or inconsistent certificate extension");
+        return "invalid or inconsistent certificate extension";
     case X509_V_ERR_INVALID_POLICY_EXTENSION:
-        return ("invalid or inconsistent certificate policy extension");
+        return "invalid or inconsistent certificate policy extension";
     case X509_V_ERR_NO_EXPLICIT_POLICY:
-        return ("no explicit policy");
+        return "no explicit policy";
     case X509_V_ERR_DIFFERENT_CRL_SCOPE:
-        return ("Different CRL scope");
+        return "Different CRL scope";
     case X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE:
-        return ("Unsupported extension feature");
+        return "Unsupported extension feature";
     case X509_V_ERR_UNNESTED_RESOURCE:
-        return ("RFC 3779 resource not subset of parent's resources");
+        return "RFC 3779 resource not subset of parent's resources";
     case X509_V_ERR_PERMITTED_VIOLATION:
-        return ("permitted subtree violation");
+        return "permitted subtree violation";
     case X509_V_ERR_EXCLUDED_VIOLATION:
-        return ("excluded subtree violation");
+        return "excluded subtree violation";
     case X509_V_ERR_SUBTREE_MINMAX:
-        return ("name constraints minimum and maximum not supported");
+        return "name constraints minimum and maximum not supported";
     case X509_V_ERR_APPLICATION_VERIFICATION:
-        return ("application verification failure");
+        return "application verification failure";
     case X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE:
-        return ("unsupported name constraint type");
+        return "unsupported name constraint type";
     case X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX:
-        return ("unsupported or invalid name constraint syntax");
+        return "unsupported or invalid name constraint syntax";
     case X509_V_ERR_UNSUPPORTED_NAME_SYNTAX:
-        return ("unsupported or invalid name syntax");
+        return "unsupported or invalid name syntax";
     case X509_V_ERR_CRL_PATH_VALIDATION_ERROR:
-        return ("CRL path validation error");
+        return "CRL path validation error";
     case X509_V_ERR_PATH_LOOP:
-        return ("Path Loop");
+        return "Path Loop";
     case X509_V_ERR_SUITE_B_INVALID_VERSION:
-        return ("Suite B: certificate version invalid");
+        return "Suite B: certificate version invalid";
     case X509_V_ERR_SUITE_B_INVALID_ALGORITHM:
-        return ("Suite B: invalid public key algorithm");
+        return "Suite B: invalid public key algorithm";
     case X509_V_ERR_SUITE_B_INVALID_CURVE:
-        return ("Suite B: invalid ECC curve");
+        return "Suite B: invalid ECC curve";
     case X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM:
-        return ("Suite B: invalid signature algorithm");
+        return "Suite B: invalid signature algorithm";
     case X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED:
-        return ("Suite B: curve not allowed for this LOS");
+        return "Suite B: curve not allowed for this LOS";
     case X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256:
-        return ("Suite B: cannot sign P-384 with P-256");
+        return "Suite B: cannot sign P-384 with P-256";
     case X509_V_ERR_HOSTNAME_MISMATCH:
-        return ("Hostname mismatch");
+        return "Hostname mismatch";
     case X509_V_ERR_EMAIL_MISMATCH:
-        return ("Email address mismatch");
+        return "Email address mismatch";
     case X509_V_ERR_IP_ADDRESS_MISMATCH:
-        return ("IP address mismatch");
+        return "IP address mismatch";
     case X509_V_ERR_DANE_NO_MATCH:
-        return ("No matching DANE TLSA records");
+        return "No matching DANE TLSA records";
     case X509_V_ERR_EE_KEY_TOO_SMALL:
-        return ("EE certificate key too weak");
+        return "EE certificate key too weak";
     case X509_V_ERR_CA_KEY_TOO_SMALL:
-        return ("CA certificate key too weak");
+        return "CA certificate key too weak";
     case X509_V_ERR_CA_MD_TOO_WEAK:
-        return ("CA signature digest algorithm too weak");
+        return "CA signature digest algorithm too weak";
     case X509_V_ERR_INVALID_CALL:
-        return ("Invalid certificate verification context");
+        return "Invalid certificate verification context";
     case X509_V_ERR_STORE_LOOKUP:
-        return ("Issuer certificate lookup error");
+        return "Issuer certificate lookup error";
     case X509_V_ERR_NO_VALID_SCTS:
-        return ("Certificate Transparency required, but no valid SCTs found");
+        return "Certificate Transparency required, but no valid SCTs found";
     case X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION:
-        return ("proxy subject name violation");
+        return "proxy subject name violation";
+    case X509_V_ERR_OCSP_VERIFY_NEEDED:
+        return "OCSP verification needed";
+    case X509_V_ERR_OCSP_VERIFY_FAILED:
+        return "OCSP verification failed";
+    case X509_V_ERR_OCSP_CERT_UNKNOWN:
+        return "OCSP unknown cert";
 
     default:
         /* Printing an error number into a static buffer is not thread-safe */
-        return ("unknown certificate verification error");
+        return "unknown certificate verification error";
     }
 }
diff --git a/deps/openssl/openssl/crypto/x509/x509_v3.c b/deps/openssl/openssl/crypto/x509/x509_v3.c
index 19016bb1e1..75ae767d60 100644
--- a/deps/openssl/openssl/crypto/x509/x509_v3.c
+++ b/deps/openssl/openssl/crypto/x509/x509_v3.c
@@ -9,7 +9,7 @@
 
 #include <stdio.h>
 #include "internal/cryptlib.h"
-#include <openssl/stack.h>
+#include <openssl/safestack.h>
 #include <openssl/asn1.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
@@ -20,8 +20,8 @@
 int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x)
 {
     if (x == NULL)
-        return (0);
-    return (sk_X509_EXTENSION_num(x));
+        return 0;
+    return sk_X509_EXTENSION_num(x);
 }
 
 int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, int nid,
@@ -31,8 +31,8 @@ int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, int nid,
 
     obj = OBJ_nid2obj(nid);
     if (obj == NULL)
-        return (-2);
-    return (X509v3_get_ext_by_OBJ(x, obj, lastpos));
+        return -2;
+    return X509v3_get_ext_by_OBJ(x, obj, lastpos);
 }
 
 int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *sk,
@@ -42,7 +42,7 @@ int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *sk,
     X509_EXTENSION *ex;
 
     if (sk == NULL)
-        return (-1);
+        return -1;
     lastpos++;
     if (lastpos < 0)
         lastpos = 0;
@@ -50,9 +50,9 @@ int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *sk,
     for (; lastpos < n; lastpos++) {
         ex = sk_X509_EXTENSION_value(sk, lastpos);
         if (OBJ_cmp(ex->object, obj) == 0)
-            return (lastpos);
+            return lastpos;
     }
-    return (-1);
+    return -1;
 }
 
 int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *sk, int crit,
@@ -62,7 +62,7 @@ int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *sk, int crit,
     X509_EXTENSION *ex;
 
     if (sk == NULL)
-        return (-1);
+        return -1;
     lastpos++;
     if (lastpos < 0)
         lastpos = 0;
@@ -70,9 +70,9 @@ int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *sk, int crit,
     for (; lastpos < n; lastpos++) {
         ex = sk_X509_EXTENSION_value(sk, lastpos);
         if (((ex->critical > 0) && crit) || ((ex->critical <= 0) && !crit))
-            return (lastpos);
+            return lastpos;
     }
-    return (-1);
+    return -1;
 }
 
 X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc)
@@ -88,9 +88,9 @@ X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc)
     X509_EXTENSION *ret;
 
     if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0)
-        return (NULL);
+        return NULL;
     ret = sk_X509_EXTENSION_delete(x, loc);
-    return (ret);
+    return ret;
 }
 
 STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
@@ -123,14 +123,14 @@ STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
         goto err;
     if (*x == NULL)
         *x = sk;
-    return (sk);
+    return sk;
  err:
     X509err(X509_F_X509V3_ADD_EXT, ERR_R_MALLOC_FAILURE);
  err2:
     X509_EXTENSION_free(new_ex);
     if (x != NULL && *x == NULL)
         sk_X509_EXTENSION_free(sk);
-    return (NULL);
+    return NULL;
 }
 
 X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, int nid,
@@ -143,12 +143,12 @@ X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, int nid,
     obj = OBJ_nid2obj(nid);
     if (obj == NULL) {
         X509err(X509_F_X509_EXTENSION_CREATE_BY_NID, X509_R_UNKNOWN_NID);
-        return (NULL);
+        return NULL;
     }
     ret = X509_EXTENSION_create_by_OBJ(ex, obj, crit, data);
     if (ret == NULL)
         ASN1_OBJECT_free(obj);
-    return (ret);
+    return ret;
 }
 
 X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,
@@ -161,7 +161,7 @@ X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,
         if ((ret = X509_EXTENSION_new()) == NULL) {
             X509err(X509_F_X509_EXTENSION_CREATE_BY_OBJ,
                     ERR_R_MALLOC_FAILURE);
-            return (NULL);
+            return NULL;
         }
     } else
         ret = *ex;
@@ -175,17 +175,17 @@ X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,
 
     if ((ex != NULL) && (*ex == NULL))
         *ex = ret;
-    return (ret);
+    return ret;
  err:
     if ((ex == NULL) || (ret != *ex))
         X509_EXTENSION_free(ret);
-    return (NULL);
+    return NULL;
 }
 
 int X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj)
 {
     if ((ex == NULL) || (obj == NULL))
-        return (0);
+        return 0;
     ASN1_OBJECT_free(ex->object);
     ex->object = OBJ_dup(obj);
     return ex->object != NULL;
@@ -194,9 +194,9 @@ int X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj)
 int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit)
 {
     if (ex == NULL)
-        return (0);
+        return 0;
     ex->critical = (crit) ? 0xFF : -1;
-    return (1);
+    return 1;
 }
 
 int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data)
@@ -204,31 +204,31 @@ int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data)
     int i;
 
     if (ex == NULL)
-        return (0);
+        return 0;
     i = ASN1_OCTET_STRING_set(&ex->value, data->data, data->length);
     if (!i)
-        return (0);
-    return (1);
+        return 0;
+    return 1;
 }
 
 ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex)
 {
     if (ex == NULL)
-        return (NULL);
-    return (ex->object);
+        return NULL;
+    return ex->object;
 }
 
 ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ex)
 {
     if (ex == NULL)
-        return (NULL);
+        return NULL;
     return &ex->value;
 }
 
 int X509_EXTENSION_get_critical(const X509_EXTENSION *ex)
 {
     if (ex == NULL)
-        return (0);
+        return 0;
     if (ex->critical > 0)
         return 1;
     return 0;
diff --git a/deps/openssl/openssl/crypto/x509/x509_vfy.c b/deps/openssl/openssl/crypto/x509/x509_vfy.c
index ba186d30b0..61e81922b4 100644
--- a/deps/openssl/openssl/crypto/x509/x509_vfy.c
+++ b/deps/openssl/openssl/crypto/x509/x509_vfy.c
@@ -7,23 +7,22 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <ctype.h>
 #include <stdio.h>
 #include <time.h>
 #include <errno.h>
 #include <limits.h>
 
+#include "internal/ctype.h"
 #include "internal/cryptlib.h"
 #include <openssl/crypto.h>
-#include <openssl/lhash.h>
 #include <openssl/buffer.h>
 #include <openssl/evp.h>
 #include <openssl/asn1.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 #include <openssl/objects.h>
-#include <internal/dane.h>
-#include <internal/x509_int.h>
+#include "internal/dane.h"
+#include "internal/x509_int.h"
 #include "x509_lcl.h"
 
 /* CRL score values */
@@ -367,6 +366,7 @@ static STACK_OF(X509) *lookup_certs_sk(X509_STORE_CTX *ctx, X509_NAME *nm)
     STACK_OF(X509) *sk = NULL;
     X509 *x;
     int i;
+
     for (i = 0; i < sk_X509_num(ctx->other_ctx); i++) {
         x = sk_X509_value(ctx->other_ctx, i);
         if (X509_NAME_cmp(nm, X509_get_subject_name(x)) == 0) {
@@ -374,6 +374,8 @@ static STACK_OF(X509) *lookup_certs_sk(X509_STORE_CTX *ctx, X509_NAME *nm)
                 sk = sk_X509_new_null();
             if (sk == NULL || sk_X509_push(sk, x) == 0) {
                 sk_X509_pop_free(sk, X509_free);
+                X509err(X509_F_LOOKUP_CERTS_SK, ERR_R_MALLOC_FAILURE);
+                ctx->error = X509_V_ERR_OUT_OF_MEM;
                 return NULL;
             }
             X509_up_ref(x);
@@ -1817,7 +1819,7 @@ int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time)
      * Digit and date ranges will be verified in the conversion methods.
      */
     for (i = 0; i < ctm->length - 1; i++) {
-        if (!isdigit(ctm->data[i]))
+        if (!ossl_isdigit(ctm->data[i]))
             return 0;
     }
     if (ctm->data[ctm->length - 1] != 'Z')
@@ -2870,7 +2872,11 @@ static int build_chain(X509_STORE_CTX *ctx)
     int i;
 
     /* Our chain starts with a single untrusted element. */
-    OPENSSL_assert(num == 1 && ctx->num_untrusted == num);
+    if (!ossl_assert(num == 1 && ctx->num_untrusted == num))  {
+        X509err(X509_F_BUILD_CHAIN, ERR_R_INTERNAL_ERROR);
+        ctx->error = X509_V_ERR_UNSPECIFIED;
+        return 0;
+    }
 
 #define S_DOUNTRUSTED      (1 << 0)     /* Search untrusted chain */
 #define S_DOTRUSTED        (1 << 1)     /* Search trusted store */
@@ -3007,7 +3013,14 @@ static int build_chain(X509_STORE_CTX *ctx)
                  * certificate among the ones from the trust store.
                  */
                 if ((search & S_DOALTERNATE) != 0) {
-                    OPENSSL_assert(num > i && i > 0 && ss == 0);
+                    if (!ossl_assert(num > i && i > 0 && ss == 0)) {
+                        X509err(X509_F_BUILD_CHAIN, ERR_R_INTERNAL_ERROR);
+                        X509_free(xtmp);
+                        trust = X509_TRUST_REJECTED;
+                        ctx->error = X509_V_ERR_UNSPECIFIED;
+                        search = 0;
+                        continue;
+                    }
                     search &= ~S_DOALTERNATE;
                     for (; num > i; --num)
                         X509_free(sk_X509_pop(ctx->chain));
@@ -3070,7 +3083,13 @@ static int build_chain(X509_STORE_CTX *ctx)
                  * certificate with ctx->num_untrusted <= num.
                  */
                 if (ok) {
-                    OPENSSL_assert(ctx->num_untrusted <= num);
+                    if (!ossl_assert(ctx->num_untrusted <= num)) {
+                        X509err(X509_F_BUILD_CHAIN, ERR_R_INTERNAL_ERROR);
+                        trust = X509_TRUST_REJECTED;
+                        ctx->error = X509_V_ERR_UNSPECIFIED;
+                        search = 0;
+                        continue;
+                    }
                     search &= ~S_DOUNTRUSTED;
                     switch (trust = check_trust(ctx, num)) {
                     case X509_TRUST_TRUSTED:
@@ -3109,7 +3128,13 @@ static int build_chain(X509_STORE_CTX *ctx)
          */
         if ((search & S_DOUNTRUSTED) != 0) {
             num = sk_X509_num(ctx->chain);
-            OPENSSL_assert(num == ctx->num_untrusted);
+            if (!ossl_assert(num == ctx->num_untrusted)) {
+                X509err(X509_F_BUILD_CHAIN, ERR_R_INTERNAL_ERROR);
+                trust = X509_TRUST_REJECTED;
+                ctx->error = X509_V_ERR_UNSPECIFIED;
+                search = 0;
+                continue;
+            }
             x = sk_X509_value(ctx->chain, num-1);
 
             /*
@@ -3228,8 +3253,6 @@ static int check_key_level(X509_STORE_CTX *ctx, X509 *cert)
  */
 static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert)
 {
-    int nid = X509_get_signature_nid(cert);
-    int mdnid = NID_undef;
     int secbits = -1;
     int level = ctx->param->auth_level;
 
@@ -3238,18 +3261,8 @@ static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert)
     if (level > NUM_AUTH_LEVELS)
         level = NUM_AUTH_LEVELS;
 
-    /* We are not able to look up the CA MD for RSA PSS in this version */
-    if (nid == NID_rsassaPss)
-        return 1;
-
-    /* Lookup signature algorithm digest */
-    if (nid && OBJ_find_sigid_algs(nid, &mdnid, NULL)) {
-        const EVP_MD *md;
-
-        /* Assume 4 bits of collision resistance for each hash octet */
-        if (mdnid != NID_undef && (md = EVP_get_digestbynid(mdnid)) != NULL)
-            secbits = EVP_MD_size(md) * 4;
-    }
+    if (!X509_get_signature_info(cert, NULL, NULL, &secbits, NULL))
+        return 0;
 
     return secbits >= minbits_table[level - 1];
 }
diff --git a/deps/openssl/openssl/crypto/x509/x509_vpm.c b/deps/openssl/openssl/crypto/x509/x509_vpm.c
index 9bc4c61101..aea186295c 100644
--- a/deps/openssl/openssl/crypto/x509/x509_vpm.c
+++ b/deps/openssl/openssl/crypto/x509/x509_vpm.c
@@ -11,7 +11,6 @@
 
 #include "internal/cryptlib.h"
 #include <openssl/crypto.h>
-#include <openssl/lhash.h>
 #include <openssl/buffer.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
@@ -79,50 +78,32 @@ static int int_x509_param_set_hosts(X509_VERIFY_PARAM *vpm, int mode,
     return 1;
 }
 
-static void x509_verify_param_zero(X509_VERIFY_PARAM *param)
-{
-    if (!param)
-        return;
-    param->name = NULL;
-    param->purpose = 0;
-    param->trust = X509_TRUST_DEFAULT;
-    /*
-     * param->inh_flags = X509_VP_FLAG_DEFAULT;
-     */
-    param->inh_flags = 0;
-    param->flags = 0;
-    param->depth = -1;
-    param->auth_level = -1; /* -1 means unset, 0 is explicit */
-    sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
-    param->policies = NULL;
-    sk_OPENSSL_STRING_pop_free(param->hosts, str_free);
-    param->hosts = NULL;
-    OPENSSL_free(param->peername);
-    param->peername = NULL;
-    OPENSSL_free(param->email);
-    param->email = NULL;
-    param->emaillen = 0;
-    OPENSSL_free(param->ip);
-    param->ip = NULL;
-    param->iplen = 0;
-}
 
 X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void)
 {
     X509_VERIFY_PARAM *param;
 
     param = OPENSSL_zalloc(sizeof(*param));
-    if (param == NULL)
+    if (param == NULL) {
+        X509err(X509_F_X509_VERIFY_PARAM_NEW, ERR_R_MALLOC_FAILURE);
         return NULL;
-    x509_verify_param_zero(param);
+    }
+    param->trust = X509_TRUST_DEFAULT;
+    /* param->inh_flags = X509_VP_FLAG_DEFAULT; */
+    param->depth = -1;
+    param->auth_level = -1; /* -1 means unset, 0 is explicit */
     return param;
 }
 
 void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param)
 {
-    if (!param)
+    if (param == NULL)
         return;
-    x509_verify_param_zero(param);
+    sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
+    sk_OPENSSL_STRING_pop_free(param->hosts, str_free);
+    OPENSSL_free(param->peername);
+    OPENSSL_free(param->email);
+    OPENSSL_free(param->ip);
     OPENSSL_free(param);
 }
 
@@ -574,10 +555,9 @@ int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param)
             return 0;
     } else {
         idx = sk_X509_VERIFY_PARAM_find(param_table, param);
-        if (idx != -1) {
-            ptmp = sk_X509_VERIFY_PARAM_value(param_table, idx);
+        if (idx >= 0) {
+            ptmp = sk_X509_VERIFY_PARAM_delete(param_table, idx);
             X509_VERIFY_PARAM_free(ptmp);
-            (void)sk_X509_VERIFY_PARAM_delete(param_table, idx);
         }
     }
     if (!sk_X509_VERIFY_PARAM_push(param_table, param))
@@ -607,9 +587,9 @@ const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name)
     X509_VERIFY_PARAM pm;
 
     pm.name = (char *)name;
-    if (param_table) {
+    if (param_table != NULL) {
         idx = sk_X509_VERIFY_PARAM_find(param_table, &pm);
-        if (idx != -1)
+        if (idx >= 0)
             return sk_X509_VERIFY_PARAM_value(param_table, idx);
     }
     return OBJ_bsearch_table(&pm, default_table, OSSL_NELEM(default_table));
diff --git a/deps/openssl/openssl/crypto/x509/x509cset.c b/deps/openssl/openssl/crypto/x509/x509cset.c
index 205785961b..7645ce3759 100644
--- a/deps/openssl/openssl/crypto/x509/x509cset.c
+++ b/deps/openssl/openssl/crypto/x509/x509cset.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -9,6 +9,7 @@
 
 #include <stdio.h>
 #include "internal/cryptlib.h"
+#include "internal/refcount.h"
 #include <openssl/asn1.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
@@ -18,19 +19,19 @@
 int X509_CRL_set_version(X509_CRL *x, long version)
 {
     if (x == NULL)
-        return (0);
+        return 0;
     if (x->crl.version == NULL) {
         if ((x->crl.version = ASN1_INTEGER_new()) == NULL)
-            return (0);
+            return 0;
     }
-    return (ASN1_INTEGER_set(x->crl.version, version));
+    return ASN1_INTEGER_set(x->crl.version, version);
 }
 
 int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name)
 {
     if (x == NULL)
-        return (0);
-    return (X509_NAME_set(&x->crl.issuer, name));
+        return 0;
+    return X509_NAME_set(&x->crl.issuer, name);
 }
 
 int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm)
@@ -67,7 +68,7 @@ int X509_CRL_up_ref(X509_CRL *crl)
 {
     int i;
 
-    if (CRYPTO_atomic_add(&crl->references, 1, &i, crl->lock) <= 0)
+    if (CRYPTO_UP_REF(&crl->references, &i, crl->lock) <= 0)
         return 0;
 
     REF_PRINT_COUNT("X509_CRL", crl);
@@ -141,7 +142,7 @@ int X509_REVOKED_set_revocationDate(X509_REVOKED *x, ASN1_TIME *tm)
     ASN1_TIME *in;
 
     if (x == NULL)
-        return (0);
+        return 0;
     in = x->revocationDate;
     if (in != tm) {
         in = ASN1_STRING_dup(tm);
@@ -163,7 +164,7 @@ int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial)
     ASN1_INTEGER *in;
 
     if (x == NULL)
-        return (0);
+        return 0;
     in = &x->serialNumber;
     if (in != serial)
         return ASN1_STRING_copy(in, serial);
diff --git a/deps/openssl/openssl/crypto/x509/x509name.c b/deps/openssl/openssl/crypto/x509/x509name.c
index 81dce376f8..64a73e793f 100644
--- a/deps/openssl/openssl/crypto/x509/x509name.c
+++ b/deps/openssl/openssl/crypto/x509/x509name.c
@@ -9,7 +9,7 @@
 
 #include <stdio.h>
 #include "internal/cryptlib.h"
-#include <openssl/stack.h>
+#include <openssl/safestack.h>
 #include <openssl/asn1.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
@@ -22,33 +22,35 @@ int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len)
 
     obj = OBJ_nid2obj(nid);
     if (obj == NULL)
-        return (-1);
-    return (X509_NAME_get_text_by_OBJ(name, obj, buf, len));
+        return -1;
+    return X509_NAME_get_text_by_OBJ(name, obj, buf, len);
 }
 
-int X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, char *buf,
-                              int len)
+int X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj,
+                              char *buf, int len)
 {
     int i;
     const ASN1_STRING *data;
 
     i = X509_NAME_get_index_by_OBJ(name, obj, -1);
     if (i < 0)
-        return (-1);
+        return -1;
     data = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, i));
-    i = (data->length > (len - 1)) ? (len - 1) : data->length;
     if (buf == NULL)
-        return (data->length);
+        return data->length;
+    if (len <= 0)
+        return 0;
+    i = (data->length > (len - 1)) ? (len - 1) : data->length;
     memcpy(buf, data->data, i);
     buf[i] = '\0';
-    return (i);
+    return i;
 }
 
 int X509_NAME_entry_count(const X509_NAME *name)
 {
     if (name == NULL)
-        return (0);
-    return (sk_X509_NAME_ENTRY_num(name->entries));
+        return 0;
+    return sk_X509_NAME_ENTRY_num(name->entries);
 }
 
 int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos)
@@ -57,8 +59,8 @@ int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos)
 
     obj = OBJ_nid2obj(nid);
     if (obj == NULL)
-        return (-2);
-    return (X509_NAME_get_index_by_OBJ(name, obj, lastpos));
+        return -2;
+    return X509_NAME_get_index_by_OBJ(name, obj, lastpos);
 }
 
 /* NOTE: you should be passing -1, not 0 as lastpos */
@@ -69,7 +71,7 @@ int X509_NAME_get_index_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int last
     STACK_OF(X509_NAME_ENTRY) *sk;
 
     if (name == NULL)
-        return (-1);
+        return -1;
     if (lastpos < 0)
         lastpos = -1;
     sk = name->entries;
@@ -77,18 +79,18 @@ int X509_NAME_get_index_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int last
     for (lastpos++; lastpos < n; lastpos++) {
         ne = sk_X509_NAME_ENTRY_value(sk, lastpos);
         if (OBJ_cmp(ne->object, obj) == 0)
-            return (lastpos);
+            return lastpos;
     }
-    return (-1);
+    return -1;
 }
 
 X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc)
 {
     if (name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc
         || loc < 0)
-        return (NULL);
-    else
-        return (sk_X509_NAME_ENTRY_value(name->entries, loc));
+        return NULL;
+
+    return sk_X509_NAME_ENTRY_value(name->entries, loc);
 }
 
 X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc)
@@ -99,13 +101,14 @@ X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc)
 
     if (name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc
         || loc < 0)
-        return (NULL);
+        return NULL;
+
     sk = name->entries;
     ret = sk_X509_NAME_ENTRY_delete(sk, loc);
     n = sk_X509_NAME_ENTRY_num(sk);
     name->modified = 1;
     if (loc == n)
-        return (ret);
+        return ret;
 
     /* else we need to fixup the set field */
     if (loc != 0)
@@ -127,7 +130,7 @@ X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc)
     if (set_prev + 1 < set_next)
         for (i = loc; i < n; i++)
             sk_X509_NAME_ENTRY_value(sk, i)->set--;
-    return (ret);
+    return ret;
 }
 
 int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type,
@@ -136,6 +139,7 @@ int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type
 {
     X509_NAME_ENTRY *ne;
     int ret;
+
     ne = X509_NAME_ENTRY_create_by_OBJ(NULL, obj, type, bytes, len);
     if (!ne)
         return 0;
@@ -184,7 +188,7 @@ int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne, int loc,
     STACK_OF(X509_NAME_ENTRY) *sk;
 
     if (name == NULL)
-        return (0);
+        return 0;
     sk = name->entries;
     n = sk_X509_NAME_ENTRY_num(sk);
     if (loc > n)
@@ -228,10 +232,10 @@ int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne, int loc,
         for (i = loc + 1; i < n; i++)
             sk_X509_NAME_ENTRY_value(sk, i)->set += 1;
     }
-    return (1);
+    return 1;
  err:
     X509_NAME_ENTRY_free(new_name);
-    return (0);
+    return 0;
 }
 
 X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne,
@@ -247,7 +251,7 @@ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne,
         X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT,
                 X509_R_INVALID_FIELD_NAME);
         ERR_add_error_data(2, "name=", field);
-        return (NULL);
+        return NULL;
     }
     nentry = X509_NAME_ENTRY_create_by_OBJ(ne, obj, type, bytes, len);
     ASN1_OBJECT_free(obj);
@@ -265,7 +269,7 @@ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
     obj = OBJ_nid2obj(nid);
     if (obj == NULL) {
         X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_NID, X509_R_UNKNOWN_NID);
-        return (NULL);
+        return NULL;
     }
     nentry = X509_NAME_ENTRY_create_by_OBJ(ne, obj, type, bytes, len);
     ASN1_OBJECT_free(obj);
@@ -281,7 +285,7 @@ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
 
     if ((ne == NULL) || (*ne == NULL)) {
         if ((ret = X509_NAME_ENTRY_new()) == NULL)
-            return (NULL);
+            return NULL;
     } else
         ret = *ne;
 
@@ -292,11 +296,11 @@ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
 
     if ((ne != NULL) && (*ne == NULL))
         *ne = ret;
-    return (ret);
+    return ret;
  err:
     if ((ne == NULL) || (ret != *ne))
         X509_NAME_ENTRY_free(ret);
-    return (NULL);
+    return NULL;
 }
 
 int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, const ASN1_OBJECT *obj)
@@ -304,7 +308,7 @@ int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, const ASN1_OBJECT *obj)
     if ((ne == NULL) || (obj == NULL)) {
         X509err(X509_F_X509_NAME_ENTRY_SET_OBJECT,
                 ERR_R_PASSED_NULL_PARAMETER);
-        return (0);
+        return 0;
     }
     ASN1_OBJECT_free(ne->object);
     ne->object = OBJ_dup(obj);
@@ -317,7 +321,7 @@ int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
     int i;
 
     if ((ne == NULL) || ((bytes == NULL) && (len != 0)))
-        return (0);
+        return 0;
     if ((type > 0) && (type & MBSTRING_FLAG))
         return ASN1_STRING_set_by_NID(&ne->value, bytes,
                                       len, type,
@@ -326,28 +330,28 @@ int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
         len = strlen((const char *)bytes);
     i = ASN1_STRING_set(ne->value, bytes, len);
     if (!i)
-        return (0);
+        return 0;
     if (type != V_ASN1_UNDEF) {
         if (type == V_ASN1_APP_CHOOSE)
             ne->value->type = ASN1_PRINTABLE_type(bytes, len);
         else
             ne->value->type = type;
     }
-    return (1);
+    return 1;
 }
 
 ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne)
 {
     if (ne == NULL)
-        return (NULL);
-    return (ne->object);
+        return NULL;
+    return ne->object;
 }
 
 ASN1_STRING *X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne)
 {
     if (ne == NULL)
-        return (NULL);
-    return (ne->value);
+        return NULL;
+    return ne->value;
 }
 
 int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne)
diff --git a/deps/openssl/openssl/crypto/x509/x509rset.c b/deps/openssl/openssl/crypto/x509/x509rset.c
index 6dee297a19..e8921b82a8 100644
--- a/deps/openssl/openssl/crypto/x509/x509rset.c
+++ b/deps/openssl/openssl/crypto/x509/x509rset.c
@@ -18,23 +18,23 @@
 int X509_REQ_set_version(X509_REQ *x, long version)
 {
     if (x == NULL)
-        return (0);
+        return 0;
     x->req_info.enc.modified = 1;
-    return (ASN1_INTEGER_set(x->req_info.version, version));
+    return ASN1_INTEGER_set(x->req_info.version, version);
 }
 
 int X509_REQ_set_subject_name(X509_REQ *x, X509_NAME *name)
 {
     if (x == NULL)
-        return (0);
+        return 0;
     x->req_info.enc.modified = 1;
-    return (X509_NAME_set(&x->req_info.subject, name));
+    return X509_NAME_set(&x->req_info.subject, name);
 }
 
 int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey)
 {
     if (x == NULL)
-        return (0);
+        return 0;
     x->req_info.enc.modified = 1;
-    return (X509_PUBKEY_set(&x->req_info.pubkey, pkey));
+    return X509_PUBKEY_set(&x->req_info.pubkey, pkey);
 }
diff --git a/deps/openssl/openssl/crypto/x509/x509spki.c b/deps/openssl/openssl/crypto/x509/x509spki.c
index b142485dbb..fd8162af6d 100644
--- a/deps/openssl/openssl/crypto/x509/x509spki.c
+++ b/deps/openssl/openssl/crypto/x509/x509spki.c
@@ -14,15 +14,15 @@
 int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey)
 {
     if ((x == NULL) || (x->spkac == NULL))
-        return (0);
-    return (X509_PUBKEY_set(&(x->spkac->pubkey), pkey));
+        return 0;
+    return X509_PUBKEY_set(&(x->spkac->pubkey), pkey);
 }
 
 EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x)
 {
     if ((x == NULL) || (x->spkac == NULL))
-        return (NULL);
-    return (X509_PUBKEY_get(x->spkac->pubkey));
+        return NULL;
+    return X509_PUBKEY_get(x->spkac->pubkey);
 }
 
 /* Load a Netscape SPKI from a base64 encoded string */
diff --git a/deps/openssl/openssl/crypto/x509/x509type.c b/deps/openssl/openssl/crypto/x509/x509type.c
index aca8355273..0e33b424be 100644
--- a/deps/openssl/openssl/crypto/x509/x509type.c
+++ b/deps/openssl/openssl/crypto/x509/x509type.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -19,7 +19,7 @@ int X509_certificate_type(const X509 *x, const EVP_PKEY *pkey)
     int ret = 0, i;
 
     if (x == NULL)
-        return (0);
+        return 0;
 
     if (pkey == NULL)
         pk = X509_get0_pubkey(x);
@@ -27,7 +27,7 @@ int X509_certificate_type(const X509 *x, const EVP_PKEY *pkey)
         pk = pkey;
 
     if (pk == NULL)
-        return (0);
+        return 0;
 
     switch (EVP_PKEY_id(pk)) {
     case EVP_PKEY_RSA:
@@ -35,12 +35,19 @@ int X509_certificate_type(const X509 *x, const EVP_PKEY *pkey)
 /*              if (!sign only extension) */
         ret |= EVP_PKT_ENC;
         break;
+    case EVP_PKEY_RSA_PSS:
+        ret = EVP_PK_RSA | EVP_PKT_SIGN;
+        break;
     case EVP_PKEY_DSA:
         ret = EVP_PK_DSA | EVP_PKT_SIGN;
         break;
     case EVP_PKEY_EC:
         ret = EVP_PK_EC | EVP_PKT_SIGN | EVP_PKT_EXCH;
         break;
+    case EVP_PKEY_ED448:
+    case EVP_PKEY_ED25519:
+        ret = EVP_PKT_SIGN;
+        break;
     case EVP_PKEY_DH:
         ret = EVP_PK_DH | EVP_PKT_EXCH;
         break;
@@ -73,5 +80,5 @@ int X509_certificate_type(const X509 *x, const EVP_PKEY *pkey)
         }
     }
 
-    return (ret);
+    return ret;
 }
diff --git a/deps/openssl/openssl/crypto/x509/x_all.c b/deps/openssl/openssl/crypto/x509/x_all.c
index 42bd161185..24e4114601 100644
--- a/deps/openssl/openssl/crypto/x509/x_all.c
+++ b/deps/openssl/openssl/crypto/x509/x_all.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -9,7 +9,6 @@
 
 #include <stdio.h>
 #include "internal/cryptlib.h"
-#include <openssl/stack.h>
 #include <openssl/buffer.h>
 #include <openssl/asn1.h>
 #include <openssl/evp.h>
diff --git a/deps/openssl/openssl/crypto/x509/x_attrib.c b/deps/openssl/openssl/crypto/x509/x_attrib.c
index 35f4aeef2a..9a41e547cb 100644
--- a/deps/openssl/openssl/crypto/x509/x_attrib.c
+++ b/deps/openssl/openssl/crypto/x509/x_attrib.c
@@ -39,7 +39,7 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value)
     ASN1_TYPE *val = NULL;
 
     if ((ret = X509_ATTRIBUTE_new()) == NULL)
-        return (NULL);
+        return NULL;
     ret->object = OBJ_nid2obj(nid);
     if ((val = ASN1_TYPE_new()) == NULL)
         goto err;
@@ -47,9 +47,9 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value)
         goto err;
 
     ASN1_TYPE_set(val, atrtype, value);
-    return (ret);
+    return ret;
  err:
     X509_ATTRIBUTE_free(ret);
     ASN1_TYPE_free(val);
-    return (NULL);
+    return NULL;
 }
diff --git a/deps/openssl/openssl/crypto/x509/x_crl.c b/deps/openssl/openssl/crypto/x509/x_crl.c
index dbed850b37..10733b58bc 100644
--- a/deps/openssl/openssl/crypto/x509/x_crl.c
+++ b/deps/openssl/openssl/crypto/x509/x_crl.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -309,6 +309,7 @@ static int X509_REVOKED_cmp(const X509_REVOKED *const *a,
 int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev)
 {
     X509_CRL_INFO *inf;
+
     inf = &crl->crl;
     if (inf->revoked == NULL)
         inf->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp);
@@ -382,8 +383,11 @@ static int def_crl_lookup(X509_CRL *crl,
                           X509_NAME *issuer)
 {
     X509_REVOKED rtmp, *rev;
-    int idx;
-    rtmp.serialNumber = *serial;
+    int idx, num;
+
+    if (crl->crl.revoked == NULL)
+        return 0;
+
     /*
      * Sort revoked into serial number order if not already sorted. Do this
      * under a lock to avoid race condition.
@@ -393,11 +397,12 @@ static int def_crl_lookup(X509_CRL *crl,
         sk_X509_REVOKED_sort(crl->crl.revoked);
         CRYPTO_THREAD_unlock(crl->lock);
     }
+    rtmp.serialNumber = *serial;
     idx = sk_X509_REVOKED_find(crl->crl.revoked, &rtmp);
     if (idx < 0)
         return 0;
     /* Need to look for matching name */
-    for (; idx < sk_X509_REVOKED_num(crl->crl.revoked); idx++) {
+    for (num = sk_X509_REVOKED_num(crl->crl.revoked); idx < num; idx++) {
         rev = sk_X509_REVOKED_value(crl->crl.revoked, idx);
         if (ASN1_INTEGER_cmp(&rev->serialNumber, serial))
             return 0;
@@ -429,10 +434,12 @@ X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init) (X509_CRL *crl),
                                      int (*crl_verify) (X509_CRL *crl,
                                                         EVP_PKEY *pk))
 {
-    X509_CRL_METHOD *m;
-    m = OPENSSL_malloc(sizeof(*m));
-    if (m == NULL)
+    X509_CRL_METHOD *m = OPENSSL_malloc(sizeof(*m));
+
+    if (m == NULL) {
+        X509err(X509_F_X509_CRL_METHOD_NEW, ERR_R_MALLOC_FAILURE);
         return NULL;
+    }
     m->crl_init = crl_init;
     m->crl_free = crl_free;
     m->crl_lookup = crl_lookup;
diff --git a/deps/openssl/openssl/crypto/x509/x_name.c b/deps/openssl/openssl/crypto/x509/x_name.c
index 1a33dc1daa..a1e9bbdb66 100644
--- a/deps/openssl/openssl/crypto/x509/x_name.c
+++ b/deps/openssl/openssl/crypto/x509/x_name.c
@@ -8,7 +8,7 @@
  */
 
 #include <stdio.h>
-#include <ctype.h>
+#include "internal/ctype.h"
 #include "internal/cryptlib.h"
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
@@ -300,7 +300,7 @@ static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval,
 static int x509_name_canon(X509_NAME *a)
 {
     unsigned char *p;
-    STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname = NULL;
+    STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname;
     STACK_OF(X509_NAME_ENTRY) *entries = NULL;
     X509_NAME_ENTRY *entry, *tmpentry = NULL;
     int i, set = -1, ret = 0, len;
@@ -313,44 +313,53 @@ static int x509_name_canon(X509_NAME *a)
         return 1;
     }
     intname = sk_STACK_OF_X509_NAME_ENTRY_new_null();
-    if (!intname)
+    if (intname == NULL) {
+        X509err(X509_F_X509_NAME_CANON, ERR_R_MALLOC_FAILURE);
         goto err;
+    }
     for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
         entry = sk_X509_NAME_ENTRY_value(a->entries, i);
         if (entry->set != set) {
             entries = sk_X509_NAME_ENTRY_new_null();
-            if (!entries)
+            if (entries == NULL)
                 goto err;
             if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname, entries)) {
                 sk_X509_NAME_ENTRY_free(entries);
+                X509err(X509_F_X509_NAME_CANON, ERR_R_MALLOC_FAILURE);
                 goto err;
             }
             set = entry->set;
         }
         tmpentry = X509_NAME_ENTRY_new();
-        if (tmpentry == NULL)
+        if (tmpentry == NULL) {
+            X509err(X509_F_X509_NAME_CANON, ERR_R_MALLOC_FAILURE);
             goto err;
+        }
         tmpentry->object = OBJ_dup(entry->object);
-        if (tmpentry->object == NULL)
+        if (tmpentry->object == NULL) {
+            X509err(X509_F_X509_NAME_CANON, ERR_R_MALLOC_FAILURE);
             goto err;
+        }
         if (!asn1_string_canon(tmpentry->value, entry->value))
             goto err;
-        if (!sk_X509_NAME_ENTRY_push(entries, tmpentry))
+        if (!sk_X509_NAME_ENTRY_push(entries, tmpentry)) {
+            X509err(X509_F_X509_NAME_CANON, ERR_R_MALLOC_FAILURE);
             goto err;
+        }
         tmpentry = NULL;
     }
 
     /* Finally generate encoding */
-
     len = i2d_name_canon(intname, NULL);
     if (len < 0)
         goto err;
     a->canon_enclen = len;
 
     p = OPENSSL_malloc(a->canon_enclen);
-
-    if (p == NULL)
+    if (p == NULL) {
+        X509err(X509_F_X509_NAME_CANON, ERR_R_MALLOC_FAILURE);
         goto err;
+    }
 
     a->canon_enc = p;
 
@@ -359,7 +368,6 @@ static int x509_name_canon(X509_NAME *a)
     ret = 1;
 
  err:
-
     X509_NAME_ENTRY_free(tmpentry);
     sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname,
                                          local_sk_X509_NAME_ENTRY_pop_free);
@@ -398,11 +406,12 @@ static int asn1_string_canon(ASN1_STRING *out, const ASN1_STRING *in)
     /*
      * Convert string in place to canonical form. Ultimately we may need to
      * handle a wider range of characters but for now ignore anything with
-     * MSB set and rely on the isspace() and tolower() functions.
+     * MSB set and rely on the ossl_isspace() to fail on bad characters without
+     * needing isascii or range checks as well.
      */
 
     /* Ignore leading spaces */
-    while ((len > 0) && !(*from & 0x80) && isspace(*from)) {
+    while (len > 0 && ossl_isspace(*from)) {
         from++;
         len--;
     }
@@ -410,7 +419,7 @@ static int asn1_string_canon(ASN1_STRING *out, const ASN1_STRING *in)
     to = from + len;
 
     /* Ignore trailing spaces */
-    while ((len > 0) && !(to[-1] & 0x80) && isspace(to[-1])) {
+    while (len > 0 && ossl_isspace(to[-1])) {
         to--;
         len--;
     }
@@ -419,13 +428,13 @@ static int asn1_string_canon(ASN1_STRING *out, const ASN1_STRING *in)
 
     i = 0;
     while (i < len) {
-        /* If MSB set just copy across */
-        if (*from & 0x80) {
+        /* If not ASCII set just copy across */
+        if (!ossl_isascii(*from)) {
             *to++ = *from++;
             i++;
         }
         /* Collapse multiple spaces */
-        else if (isspace(*from)) {
+        else if (ossl_isspace(*from)) {
             /* Copy one space across */
             *to++ = ' ';
             /*
@@ -437,9 +446,9 @@ static int asn1_string_canon(ASN1_STRING *out, const ASN1_STRING *in)
                 from++;
                 i++;
             }
-            while (!(*from & 0x80) && isspace(*from));
+            while (ossl_isspace(*from));
         } else {
-            *to++ = tolower(*from);
+            *to++ = ossl_tolower(*from);
             from++;
             i++;
         }
@@ -499,19 +508,10 @@ int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase)
 
     c = s;
     for (;;) {
-#ifndef CHARSET_EBCDIC
-        if (((*s == '/') &&
-             ((s[1] >= 'A') && (s[1] <= 'Z') && ((s[2] == '=') ||
-                                                 ((s[2] >= 'A')
-                                                  && (s[2] <= 'Z')
-                                                  && (s[3] == '='))
-              ))) || (*s == '\0'))
-#else
         if (((*s == '/') &&
-             (isupper(s[1]) && ((s[2] == '=') ||
-                                (isupper(s[2]) && (s[3] == '='))
+             (ossl_isupper(s[1]) && ((s[2] == '=') ||
+                                (ossl_isupper(s[2]) && (s[3] == '='))
               ))) || (*s == '\0'))
-#endif
         {
             i = s - c;
             if (BIO_write(bp, c, i) != i)
diff --git a/deps/openssl/openssl/crypto/x509/x_pubkey.c b/deps/openssl/openssl/crypto/x509/x_pubkey.c
index cc692834d1..d050b0b4b3 100644
--- a/deps/openssl/openssl/crypto/x509/x_pubkey.c
+++ b/deps/openssl/openssl/crypto/x509/x_pubkey.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -61,7 +61,7 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
     X509_PUBKEY *pk = NULL;
 
     if (x == NULL)
-        return (0);
+        return 0;
 
     if ((pk = X509_PUBKEY_new()) == NULL)
         goto error;
@@ -101,7 +101,7 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
 
 
 static int x509_pubkey_decode(EVP_PKEY **ppkey, X509_PUBKEY *key)
-    {
+{
     EVP_PKEY *pkey = EVP_PKEY_new();
 
     if (pkey == NULL) {
@@ -206,7 +206,7 @@ int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp)
     if (!a)
         return 0;
     if (!X509_PUBKEY_set(&xpk, a))
-        return 0;
+        return -1;
     ret = i2d_X509_PUBKEY(xpk, pp);
     X509_PUBKEY_free(xpk);
     return ret;
@@ -246,7 +246,7 @@ int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp)
     pktmp = EVP_PKEY_new();
     if (pktmp == NULL) {
         ASN1err(ASN1_F_I2D_RSA_PUBKEY, ERR_R_MALLOC_FAILURE);
-        return 0;
+        return -1;
     }
     EVP_PKEY_set1_RSA(pktmp, a);
     ret = i2d_PUBKEY(pktmp, pp);
@@ -286,7 +286,7 @@ int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp)
     pktmp = EVP_PKEY_new();
     if (pktmp == NULL) {
         ASN1err(ASN1_F_I2D_DSA_PUBKEY, ERR_R_MALLOC_FAILURE);
-        return 0;
+        return -1;
     }
     EVP_PKEY_set1_DSA(pktmp, a);
     ret = i2d_PUBKEY(pktmp, pp);
@@ -304,17 +304,17 @@ EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length)
     q = *pp;
     pkey = d2i_PUBKEY(NULL, &q, length);
     if (!pkey)
-        return (NULL);
+        return NULL;
     key = EVP_PKEY_get1_EC_KEY(pkey);
     EVP_PKEY_free(pkey);
     if (!key)
-        return (NULL);
+        return NULL;
     *pp = q;
     if (a) {
         EC_KEY_free(*a);
         *a = key;
     }
-    return (key);
+    return key;
 }
 
 int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp)
@@ -322,15 +322,15 @@ int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp)
     EVP_PKEY *pktmp;
     int ret;
     if (!a)
-        return (0);
+        return 0;
     if ((pktmp = EVP_PKEY_new()) == NULL) {
         ASN1err(ASN1_F_I2D_EC_PUBKEY, ERR_R_MALLOC_FAILURE);
-        return (0);
+        return -1;
     }
     EVP_PKEY_set1_EC_KEY(pktmp, a);
     ret = i2d_PUBKEY(pktmp, pp);
     EVP_PKEY_free(pktmp);
-    return (ret);
+    return ret;
 }
 #endif
 
diff --git a/deps/openssl/openssl/crypto/x509/x_x509.c b/deps/openssl/openssl/crypto/x509/x_x509.c
index 6783fd8728..4c04f12c94 100644
--- a/deps/openssl/openssl/crypto/x509/x_x509.c
+++ b/deps/openssl/openssl/crypto/x509/x_x509.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -89,12 +89,12 @@ IMPLEMENT_ASN1_DUP_FUNCTION(X509)
 
 int X509_set_ex_data(X509 *r, int idx, void *arg)
 {
-    return (CRYPTO_set_ex_data(&r->ex_data, idx, arg));
+    return CRYPTO_set_ex_data(&r->ex_data, idx, arg);
 }
 
 void *X509_get_ex_data(X509 *r, int idx)
 {
-    return (CRYPTO_get_ex_data(&r->ex_data, idx));
+    return CRYPTO_get_ex_data(&r->ex_data, idx);
 }
 
 /*
@@ -145,8 +145,6 @@ static int i2d_x509_aux_internal(X509 *a, unsigned char **pp)
     int length, tmplen;
     unsigned char *start = pp != NULL ? *pp : NULL;
 
-    OPENSSL_assert(pp == NULL || *pp != NULL);
-
     /*
      * This might perturb *pp on error, but fixing that belongs in i2d_X509()
      * not here.  It should be that if a == NULL length is zero, but we check
@@ -191,8 +189,10 @@ int i2d_X509_AUX(X509 *a, unsigned char **pp)
 
     /* Allocate requisite combined storage */
     *pp = tmp = OPENSSL_malloc(length);
-    if (tmp == NULL)
-        return -1; /* Push error onto error stack? */
+    if (tmp == NULL) {
+        X509err(X509_F_I2D_X509_AUX, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
 
     /* Encode, but keep *pp at the originally malloced pointer */
     length = i2d_x509_aux_internal(a, &tmp);
diff --git a/deps/openssl/openssl/crypto/x509v3/build.info b/deps/openssl/openssl/crypto/x509v3/build.info
index 452a8b03cc..4ab6488493 100644
--- a/deps/openssl/openssl/crypto/x509v3/build.info
+++ b/deps/openssl/openssl/crypto/x509v3/build.info
@@ -5,4 +5,4 @@ SOURCE[../../libcrypto]=\
   v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c v3_info.c \
   v3_akeya.c v3_pmaps.c v3_pcons.c v3_ncons.c v3_pcia.c v3_pci.c \
   pcy_cache.c pcy_node.c pcy_data.c pcy_map.c pcy_tree.c pcy_lib.c \
-  v3_asid.c v3_addr.c v3_tlsf.c
+  v3_asid.c v3_addr.c v3_tlsf.c v3_admis.c
diff --git a/deps/openssl/openssl/crypto/x509v3/ext_dat.h b/deps/openssl/openssl/crypto/x509v3/ext_dat.h
index c9ede960e1..762e264bb2 100644
--- a/deps/openssl/openssl/crypto/x509v3/ext_dat.h
+++ b/deps/openssl/openssl/crypto/x509v3/ext_dat.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -22,3 +22,4 @@ extern const X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp, v3_idp;
 extern const X509V3_EXT_METHOD v3_addr, v3_asid;
 extern const X509V3_EXT_METHOD v3_ct_scts[3];
 extern const X509V3_EXT_METHOD v3_tls_feature;
+extern const X509V3_EXT_METHOD v3_ext_admission;
diff --git a/deps/openssl/openssl/crypto/x509v3/pcy_cache.c b/deps/openssl/openssl/crypto/x509v3/pcy_cache.c
index a9ee30a8d9..623870b1f6 100644
--- a/deps/openssl/openssl/crypto/x509v3/pcy_cache.c
+++ b/deps/openssl/openssl/crypto/x509v3/pcy_cache.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -26,21 +26,25 @@ static int policy_cache_set_int(long *out, ASN1_INTEGER *value);
 static int policy_cache_create(X509 *x,
                                CERTIFICATEPOLICIES *policies, int crit)
 {
-    int i;
-    int ret = 0;
+    int i, num, ret = 0;
     X509_POLICY_CACHE *cache = x->policy_cache;
     X509_POLICY_DATA *data = NULL;
     POLICYINFO *policy;
-    if (sk_POLICYINFO_num(policies) == 0)
+
+    if ((num = sk_POLICYINFO_num(policies)) <= 0)
         goto bad_policy;
     cache->data = sk_X509_POLICY_DATA_new(policy_data_cmp);
-    if (cache->data == NULL)
-        goto bad_policy;
-    for (i = 0; i < sk_POLICYINFO_num(policies); i++) {
+    if (cache->data == NULL) {
+        X509V3err(X509V3_F_POLICY_CACHE_CREATE, ERR_R_MALLOC_FAILURE);
+        goto just_cleanup;
+    }
+    for (i = 0; i < num; i++) {
         policy = sk_POLICYINFO_value(policies, i);
         data = policy_data_new(policy, NULL, crit);
-        if (data == NULL)
-            goto bad_policy;
+        if (data == NULL) {
+            X509V3err(X509V3_F_POLICY_CACHE_CREATE, ERR_R_MALLOC_FAILURE);
+            goto just_cleanup;
+        }
         /*
          * Duplicate policy OIDs are illegal: reject if matches found.
          */
@@ -50,18 +54,22 @@ static int policy_cache_create(X509 *x,
                 goto bad_policy;
             }
             cache->anyPolicy = data;
-        } else if (sk_X509_POLICY_DATA_find(cache->data, data) != -1) {
+        } else if (sk_X509_POLICY_DATA_find(cache->data, data) >=0 ) {
             ret = -1;
             goto bad_policy;
-        } else if (!sk_X509_POLICY_DATA_push(cache->data, data))
+        } else if (!sk_X509_POLICY_DATA_push(cache->data, data)) {
+            X509V3err(X509V3_F_POLICY_CACHE_CREATE, ERR_R_MALLOC_FAILURE);
             goto bad_policy;
+        }
         data = NULL;
     }
     ret = 1;
+
  bad_policy:
     if (ret == -1)
         x->ex_flags |= EXFLAG_INVALID_POLICY;
     policy_data_free(data);
+ just_cleanup:
     sk_POLICYINFO_pop_free(policies, POLICYINFO_free);
     if (ret <= 0) {
         sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free);
@@ -82,8 +90,10 @@ static int policy_cache_new(X509 *x)
     if (x->policy_cache != NULL)
         return 1;
     cache = OPENSSL_malloc(sizeof(*cache));
-    if (cache == NULL)
+    if (cache == NULL) {
+        X509V3err(X509V3_F_POLICY_CACHE_NEW, ERR_R_MALLOC_FAILURE);
         return 0;
+    }
     cache->anyPolicy = NULL;
     cache->data = NULL;
     cache->any_skip = -1;
@@ -194,8 +204,6 @@ X509_POLICY_DATA *policy_cache_find_data(const X509_POLICY_CACHE *cache,
     X509_POLICY_DATA tmp;
     tmp.valid_policy = (ASN1_OBJECT *)id;
     idx = sk_X509_POLICY_DATA_find(cache->data, &tmp);
-    if (idx == -1)
-        return NULL;
     return sk_X509_POLICY_DATA_value(cache->data, idx);
 }
 
diff --git a/deps/openssl/openssl/crypto/x509v3/pcy_data.c b/deps/openssl/openssl/crypto/x509v3/pcy_data.c
index cf1d635ecc..bd3bb0e40d 100644
--- a/deps/openssl/openssl/crypto/x509v3/pcy_data.c
+++ b/deps/openssl/openssl/crypto/x509v3/pcy_data.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -17,7 +17,7 @@
 
 void policy_data_free(X509_POLICY_DATA *data)
 {
-    if (!data)
+    if (data == NULL)
         return;
     ASN1_OBJECT_free(data->valid_policy);
     /* Don't free qualifiers if shared */
@@ -40,21 +40,25 @@ X509_POLICY_DATA *policy_data_new(POLICYINFO *policy,
 {
     X509_POLICY_DATA *ret;
     ASN1_OBJECT *id;
-    if (!policy && !cid)
+
+    if (policy == NULL && cid == NULL)
         return NULL;
     if (cid) {
         id = OBJ_dup(cid);
-        if (!id)
+        if (id == NULL)
             return NULL;
     } else
         id = NULL;
     ret = OPENSSL_zalloc(sizeof(*ret));
-    if (ret == NULL)
+    if (ret == NULL) {
+        X509V3err(X509V3_F_POLICY_DATA_NEW, ERR_R_MALLOC_FAILURE);
         return NULL;
+    }
     ret->expected_policy_set = sk_ASN1_OBJECT_new_null();
     if (ret->expected_policy_set == NULL) {
         OPENSSL_free(ret);
         ASN1_OBJECT_free(id);
+        X509V3err(X509V3_F_POLICY_DATA_NEW, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
 
diff --git a/deps/openssl/openssl/crypto/x509v3/pcy_node.c b/deps/openssl/openssl/crypto/x509v3/pcy_node.c
index 80443bff91..1ffe98498b 100644
--- a/deps/openssl/openssl/crypto/x509v3/pcy_node.c
+++ b/deps/openssl/openssl/crypto/x509v3/pcy_node.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -10,6 +10,7 @@
 #include <openssl/asn1.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
+#include <openssl/err.h>
 
 #include "pcy_int.h"
 
@@ -35,9 +36,6 @@ X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *nodes,
     l.data = &n;
 
     idx = sk_X509_POLICY_NODE_find(nodes, &l);
-    if (idx == -1)
-        return NULL;
-
     return sk_X509_POLICY_NODE_value(nodes, idx);
 
 }
@@ -66,8 +64,10 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
     X509_POLICY_NODE *node;
 
     node = OPENSSL_zalloc(sizeof(*node));
-    if (node == NULL)
+    if (node == NULL) {
+        X509V3err(X509V3_F_LEVEL_ADD_NODE, ERR_R_MALLOC_FAILURE);
         return NULL;
+    }
     node->data = data;
     node->parent = parent;
     if (level) {
@@ -79,20 +79,28 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
 
             if (level->nodes == NULL)
                 level->nodes = policy_node_cmp_new();
-            if (level->nodes == NULL)
+            if (level->nodes == NULL) {
+                X509V3err(X509V3_F_LEVEL_ADD_NODE, ERR_R_MALLOC_FAILURE);
                 goto node_error;
-            if (!sk_X509_POLICY_NODE_push(level->nodes, node))
+            }
+            if (!sk_X509_POLICY_NODE_push(level->nodes, node)) {
+                X509V3err(X509V3_F_LEVEL_ADD_NODE, ERR_R_MALLOC_FAILURE);
                 goto node_error;
+            }
         }
     }
 
     if (tree) {
         if (tree->extra_data == NULL)
             tree->extra_data = sk_X509_POLICY_DATA_new_null();
-        if (tree->extra_data == NULL)
+        if (tree->extra_data == NULL){
+            X509V3err(X509V3_F_LEVEL_ADD_NODE, ERR_R_MALLOC_FAILURE);
             goto node_error;
-        if (!sk_X509_POLICY_DATA_push(tree->extra_data, data))
+        }
+        if (!sk_X509_POLICY_DATA_push(tree->extra_data, data)) {
+            X509V3err(X509V3_F_LEVEL_ADD_NODE, ERR_R_MALLOC_FAILURE);
             goto node_error;
+        }
     }
 
     if (parent)
diff --git a/deps/openssl/openssl/crypto/x509v3/pcy_tree.c b/deps/openssl/openssl/crypto/x509v3/pcy_tree.c
index b3d1983f9e..87f51d001b 100644
--- a/deps/openssl/openssl/crypto/x509v3/pcy_tree.c
+++ b/deps/openssl/openssl/crypto/x509v3/pcy_tree.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -163,8 +163,10 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
         return ret;
 
     /* If we get this far initialize the tree */
-    if ((tree = OPENSSL_zalloc(sizeof(*tree))) == NULL)
+    if ((tree = OPENSSL_zalloc(sizeof(*tree))) == NULL) {
+        X509V3err(X509V3_F_TREE_INIT, ERR_R_MALLOC_FAILURE);
         return X509_PCY_TREE_INTERNAL;
+    }
 
     /*
      * http://tools.ietf.org/html/rfc5280#section-6.1.2, figure 3.
@@ -175,6 +177,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
      */
     if ((tree->levels = OPENSSL_zalloc(sizeof(*tree->levels)*(n+1))) == NULL) {
         OPENSSL_free(tree);
+        X509V3err(X509V3_F_TREE_INIT, ERR_R_MALLOC_FAILURE);
         return X509_PCY_TREE_INTERNAL;
     }
     tree->nlevel = n+1;
@@ -439,7 +442,7 @@ static int tree_add_auth_node(STACK_OF(X509_POLICY_NODE) **pnodes,
     if (*pnodes == NULL &&
         (*pnodes = policy_node_cmp_new()) == NULL)
         return 0;
-    if (sk_X509_POLICY_NODE_find(*pnodes, pcy) != -1)
+    if (sk_X509_POLICY_NODE_find(*pnodes, pcy) >= 0)
         return 1;
     return sk_X509_POLICY_NODE_push(*pnodes, pcy) != 0;
 }
diff --git a/deps/openssl/openssl/crypto/x509v3/standard_exts.h b/deps/openssl/openssl/crypto/x509v3/standard_exts.h
new file mode 100644
index 0000000000..944f4de02e
--- /dev/null
+++ b/deps/openssl/openssl/crypto/x509v3/standard_exts.h
@@ -0,0 +1,78 @@
+/*
+ * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This table will be searched using OBJ_bsearch so it *must* kept in order
+ * of the ext_nid values.
+ */
+
+static const X509V3_EXT_METHOD *standard_exts[] = {
+    &v3_nscert,
+    &v3_ns_ia5_list[0],
+    &v3_ns_ia5_list[1],
+    &v3_ns_ia5_list[2],
+    &v3_ns_ia5_list[3],
+    &v3_ns_ia5_list[4],
+    &v3_ns_ia5_list[5],
+    &v3_ns_ia5_list[6],
+    &v3_skey_id,
+    &v3_key_usage,
+    &v3_pkey_usage_period,
+    &v3_alt[0],
+    &v3_alt[1],
+    &v3_bcons,
+    &v3_crl_num,
+    &v3_cpols,
+    &v3_akey_id,
+    &v3_crld,
+    &v3_ext_ku,
+    &v3_delta_crl,
+    &v3_crl_reason,
+#ifndef OPENSSL_NO_OCSP
+    &v3_crl_invdate,
+#endif
+    &v3_sxnet,
+    &v3_info,
+#ifndef OPENSSL_NO_RFC3779
+    &v3_addr,
+    &v3_asid,
+#endif
+#ifndef OPENSSL_NO_OCSP
+    &v3_ocsp_nonce,
+    &v3_ocsp_crlid,
+    &v3_ocsp_accresp,
+    &v3_ocsp_nocheck,
+    &v3_ocsp_acutoff,
+    &v3_ocsp_serviceloc,
+#endif
+    &v3_sinfo,
+    &v3_policy_constraints,
+#ifndef OPENSSL_NO_OCSP
+    &v3_crl_hold,
+#endif
+    &v3_pci,
+    &v3_name_constraints,
+    &v3_policy_mappings,
+    &v3_inhibit_anyp,
+    &v3_idp,
+    &v3_alt[2],
+    &v3_freshest_crl,
+#ifndef OPENSSL_NO_CT
+    &v3_ct_scts[0],
+    &v3_ct_scts[1],
+    &v3_ct_scts[2],
+#endif
+    &v3_tls_feature,
+    &v3_ext_admission
+};
+
+/* Number of standard extensions */
+
+#define STANDARD_EXTENSION_COUNT OSSL_NELEM(standard_exts)
+
diff --git a/deps/openssl/openssl/crypto/x509v3/tabtest.c b/deps/openssl/openssl/crypto/x509v3/tabtest.c
deleted file mode 100644
index a33a63a795..0000000000
--- a/deps/openssl/openssl/crypto/x509v3/tabtest.c
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-/*
- * Simple program to check the ext_dat.h is correct and print out problems if
- * it is not.
- */
-
-#include <stdio.h>
-
-#include <openssl/x509v3.h>
-
-#include "ext_dat.h"
-
-main()
-{
-    int i, prev = -1, bad = 0;
-    X509V3_EXT_METHOD **tmp;
-    i = OSSL_NELEM(standard_exts);
-    if (i != STANDARD_EXTENSION_COUNT)
-        fprintf(stderr, "Extension number invalid expecting %d\n", i);
-    tmp = standard_exts;
-    for (i = 0; i < STANDARD_EXTENSION_COUNT; i++, tmp++) {
-        if ((*tmp)->ext_nid < prev)
-            bad = 1;
-        prev = (*tmp)->ext_nid;
-
-    }
-    if (bad) {
-        tmp = standard_exts;
-        fprintf(stderr, "Extensions out of order!\n");
-        for (i = 0; i < STANDARD_EXTENSION_COUNT; i++, tmp++)
-            printf("%d : %s\n", (*tmp)->ext_nid, OBJ_nid2sn((*tmp)->ext_nid));
-    } else
-        fprintf(stderr, "Order OK\n");
-}
diff --git a/deps/openssl/openssl/crypto/x509v3/v3_addr.c b/deps/openssl/openssl/crypto/x509v3/v3_addr.c
index c5183a1790..bb58e04846 100644
--- a/deps/openssl/openssl/crypto/x509v3/v3_addr.c
+++ b/deps/openssl/openssl/crypto/x509v3/v3_addr.c
@@ -342,7 +342,8 @@ static int range_should_be_prefix(const unsigned char *min,
     unsigned char mask;
     int i, j;
 
-    OPENSSL_assert(memcmp(min, max, length) <= 0);
+    if (memcmp(min, max, length) <= 0)
+        return -1;
     for (i = 0; i < length && min[i] == max[i]; i++) ;
     for (j = length - 1; j >= 0 && min[j] == 0x00 && max[j] == 0xFF; j--) ;
     if (i < j)
@@ -431,7 +432,6 @@ static int make_addressRange(IPAddressOrRange **result,
     if ((aor = IPAddressOrRange_new()) == NULL)
         return 0;
     aor->type = IPAddressOrRange_addressRange;
-    OPENSSL_assert(aor->u.addressRange == NULL);
     if ((aor->u.addressRange = IPAddressRange_new()) == NULL)
         goto err;
     if (aor->u.addressRange->min == NULL &&
@@ -498,7 +498,6 @@ static IPAddressFamily *make_IPAddressFamily(IPAddrBlocks *addr,
 
     for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
         f = sk_IPAddressFamily_value(addr, i);
-        OPENSSL_assert(f->addressFamily->data != NULL);
         if (f->addressFamily->length == keylen &&
             !memcmp(f->addressFamily->data, key, keylen))
             return f;
@@ -877,7 +876,8 @@ int X509v3_addr_canonize(IPAddrBlocks *addr)
     }
     (void)sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp);
     sk_IPAddressFamily_sort(addr);
-    OPENSSL_assert(X509v3_addr_is_canonical(addr));
+    if (!ossl_assert(X509v3_addr_is_canonical(addr)))
+        return 0;
     return 1;
 }
 
@@ -1182,9 +1182,13 @@ static int addr_validate_path_internal(X509_STORE_CTX *ctx,
     int i, j, ret = 1;
     X509 *x;
 
-    OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0);
-    OPENSSL_assert(ctx != NULL || ext != NULL);
-    OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL);
+    if (!ossl_assert(chain != NULL && sk_X509_num(chain) > 0)
+            || !ossl_assert(ctx != NULL || ext != NULL)
+            || !ossl_assert(ctx == NULL || ctx->verify_cb != NULL)) {
+        if (ctx != NULL)
+            ctx->error = X509_V_ERR_UNSPECIFIED;
+        return 0;
+    }
 
     /*
      * Figure out where to start.  If we don't have an extension to
@@ -1197,7 +1201,6 @@ static int addr_validate_path_internal(X509_STORE_CTX *ctx,
     } else {
         i = 0;
         x = sk_X509_value(chain, i);
-        OPENSSL_assert(x != NULL);
         if ((ext = x->rfc3779_addr) == NULL)
             goto done;
     }
@@ -1207,7 +1210,8 @@ static int addr_validate_path_internal(X509_STORE_CTX *ctx,
     if ((child = sk_IPAddressFamily_dup(ext)) == NULL) {
         X509V3err(X509V3_F_ADDR_VALIDATE_PATH_INTERNAL,
                   ERR_R_MALLOC_FAILURE);
-        ctx->error = X509_V_ERR_OUT_OF_MEM;
+        if (ctx != NULL)
+            ctx->error = X509_V_ERR_OUT_OF_MEM;
         ret = 0;
         goto done;
     }
@@ -1218,7 +1222,6 @@ static int addr_validate_path_internal(X509_STORE_CTX *ctx,
      */
     for (i++; i < sk_X509_num(chain); i++) {
         x = sk_X509_value(chain, i);
-        OPENSSL_assert(x != NULL);
         if (!X509v3_addr_is_canonical(x->rfc3779_addr))
             validation_err(X509_V_ERR_INVALID_EXTENSION);
         if (x->rfc3779_addr == NULL) {
@@ -1262,7 +1265,6 @@ static int addr_validate_path_internal(X509_STORE_CTX *ctx,
     /*
      * Trust anchor can't inherit.
      */
-    OPENSSL_assert(x != NULL);
     if (x->rfc3779_addr != NULL) {
         for (j = 0; j < sk_IPAddressFamily_num(x->rfc3779_addr); j++) {
             IPAddressFamily *fp =
@@ -1285,6 +1287,12 @@ static int addr_validate_path_internal(X509_STORE_CTX *ctx,
  */
 int X509v3_addr_validate_path(X509_STORE_CTX *ctx)
 {
+    if (ctx->chain == NULL
+            || sk_X509_num(ctx->chain) == 0
+            || ctx->verify_cb == NULL) {
+        ctx->error = X509_V_ERR_UNSPECIFIED;
+        return 0;
+    }
     return addr_validate_path_internal(ctx, ctx->chain, NULL);
 }
 
diff --git a/deps/openssl/openssl/crypto/x509v3/v3_admis.c b/deps/openssl/openssl/crypto/x509v3/v3_admis.c
new file mode 100644
index 0000000000..c8e75191bb
--- /dev/null
+++ b/deps/openssl/openssl/crypto/x509v3/v3_admis.c
@@ -0,0 +1,356 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/ossl_typ.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+
+#include <openssl/x509v3.h>
+
+#include <openssl/safestack.h>
+
+#include "v3_admis.h"
+#include "ext_dat.h"
+
+
+ASN1_SEQUENCE(NAMING_AUTHORITY) = {
+    ASN1_OPT(NAMING_AUTHORITY, namingAuthorityId, ASN1_OBJECT),
+    ASN1_OPT(NAMING_AUTHORITY, namingAuthorityUrl, ASN1_IA5STRING),
+    ASN1_OPT(NAMING_AUTHORITY, namingAuthorityText, DIRECTORYSTRING),
+} ASN1_SEQUENCE_END(NAMING_AUTHORITY)
+
+ASN1_SEQUENCE(PROFESSION_INFO) = {
+    ASN1_EXP_OPT(PROFESSION_INFO, namingAuthority, NAMING_AUTHORITY, 0),
+    ASN1_SEQUENCE_OF(PROFESSION_INFO, professionItems, DIRECTORYSTRING),
+    ASN1_SEQUENCE_OF_OPT(PROFESSION_INFO, professionOIDs, ASN1_OBJECT),
+    ASN1_OPT(PROFESSION_INFO, registrationNumber, ASN1_PRINTABLESTRING),
+    ASN1_OPT(PROFESSION_INFO, addProfessionInfo, ASN1_OCTET_STRING),
+} ASN1_SEQUENCE_END(PROFESSION_INFO)
+
+ASN1_SEQUENCE(ADMISSIONS) = {
+    ASN1_EXP_OPT(ADMISSIONS, admissionAuthority, GENERAL_NAME, 0),
+    ASN1_EXP_OPT(ADMISSIONS, namingAuthority, NAMING_AUTHORITY, 1),
+    ASN1_SEQUENCE_OF(ADMISSIONS, professionInfos, PROFESSION_INFO),
+} ASN1_SEQUENCE_END(ADMISSIONS)
+
+ASN1_SEQUENCE(ADMISSION_SYNTAX) = {
+    ASN1_OPT(ADMISSION_SYNTAX, admissionAuthority, GENERAL_NAME),
+    ASN1_SEQUENCE_OF(ADMISSION_SYNTAX, contentsOfAdmissions, ADMISSIONS),
+} ASN1_SEQUENCE_END(ADMISSION_SYNTAX)
+
+IMPLEMENT_ASN1_FUNCTIONS(NAMING_AUTHORITY)
+IMPLEMENT_ASN1_FUNCTIONS(PROFESSION_INFO)
+IMPLEMENT_ASN1_FUNCTIONS(ADMISSIONS)
+IMPLEMENT_ASN1_FUNCTIONS(ADMISSION_SYNTAX)
+
+static int i2r_ADMISSION_SYNTAX(const struct v3_ext_method *method, void *in,
+                                BIO *bp, int ind);
+
+const X509V3_EXT_METHOD v3_ext_admission = {
+    NID_x509ExtAdmission,   /* .ext_nid = */
+    0,                      /* .ext_flags = */
+    ASN1_ITEM_ref(ADMISSION_SYNTAX), /* .it = */
+    NULL, NULL, NULL, NULL,
+    NULL,                   /* .i2s = */
+    NULL,                   /* .s2i = */
+    NULL,                   /* .i2v = */
+    NULL,                   /* .v2i = */
+    &i2r_ADMISSION_SYNTAX,  /* .i2r = */
+    NULL,                   /* .r2i = */
+    NULL                    /* extension-specific data */
+};
+
+
+static int i2r_NAMING_AUTHORITY(const struct v3_ext_method *method, void *in,
+                                BIO *bp, int ind)
+{
+    NAMING_AUTHORITY * namingAuthority = (NAMING_AUTHORITY*) in;
+
+    if (namingAuthority == NULL)
+        return 0;
+
+    if (namingAuthority->namingAuthorityId == NULL
+        && namingAuthority->namingAuthorityText == NULL
+        && namingAuthority->namingAuthorityUrl == NULL)
+        return 0;
+
+    if (BIO_printf(bp, "%*snamingAuthority: ", ind, "") <= 0)
+        goto err;
+
+    if (namingAuthority->namingAuthorityId != NULL) {
+        char objbuf[128];
+        const char *ln = OBJ_nid2ln(OBJ_obj2nid(namingAuthority->namingAuthorityId));
+
+        if (BIO_printf(bp, "%*s  admissionAuthorityId: ", ind, "") <= 0)
+            goto err;
+
+        OBJ_obj2txt(objbuf, sizeof(objbuf), namingAuthority->namingAuthorityId, 1);
+
+        if (BIO_printf(bp, "%s%s%s%s\n", ln ? ln : "",
+                       ln ? " (" : "", objbuf, ln ? ")" : "") <= 0)
+            goto err;
+    }
+    if (namingAuthority->namingAuthorityText != NULL) {
+        if (BIO_printf(bp, "%*s  namingAuthorityText: ", ind, "") <= 0
+            || ASN1_STRING_print(bp, namingAuthority->namingAuthorityText) <= 0
+            || BIO_printf(bp, "\n") <= 0)
+            goto err;
+    }
+    if (namingAuthority->namingAuthorityUrl != NULL ) {
+        if (BIO_printf(bp, "%*s  namingAuthorityUrl: ", ind, "") <= 0
+            || ASN1_STRING_print(bp, namingAuthority->namingAuthorityUrl) <= 0
+            || BIO_printf(bp, "\n") <= 0)
+            goto err;
+    }
+    return 1;
+
+err:
+    return 0;
+}
+
+static int i2r_ADMISSION_SYNTAX(const struct v3_ext_method *method, void *in,
+                                BIO *bp, int ind)
+{
+    ADMISSION_SYNTAX * admission = (ADMISSION_SYNTAX *)in;
+    int i, j, k;
+
+    if (admission->admissionAuthority != NULL) {
+        if (BIO_printf(bp, "%*sadmissionAuthority:\n", ind, "") <= 0
+            || BIO_printf(bp, "%*s  ", ind, "") <= 0
+            || GENERAL_NAME_print(bp, admission->admissionAuthority) <= 0
+            || BIO_printf(bp, "\n") <= 0)
+            goto err;
+    }
+
+    for (i = 0; i < sk_ADMISSIONS_num(admission->contentsOfAdmissions); i++) {
+        ADMISSIONS* entry = sk_ADMISSIONS_value(admission->contentsOfAdmissions, i);
+
+        if (BIO_printf(bp, "%*sEntry %0d:\n", ind, "", 1 + i) <= 0) goto err;
+
+        if (entry->admissionAuthority != NULL) {
+            if (BIO_printf(bp, "%*s  admissionAuthority:\n", ind, "") <= 0
+                || BIO_printf(bp, "%*s    ", ind, "") <= 0
+                || GENERAL_NAME_print(bp, entry->admissionAuthority) <= 0
+                || BIO_printf(bp, "\n") <= 0)
+                goto err;
+        }
+
+        if (entry->namingAuthority != NULL) {
+            if (i2r_NAMING_AUTHORITY(method, entry->namingAuthority, bp, ind) <= 0)
+                goto err;
+        }
+
+        for (j = 0; j < sk_PROFESSION_INFO_num(entry->professionInfos); j++) {
+            PROFESSION_INFO* pinfo = sk_PROFESSION_INFO_value(entry->professionInfos, j);
+
+            if (BIO_printf(bp, "%*s  Profession Info Entry %0d:\n", ind, "", 1 + j) <= 0)
+                goto err;
+
+            if (pinfo->registrationNumber != NULL) {
+                if (BIO_printf(bp, "%*s    registrationNumber: ", ind, "") <= 0
+                    || ASN1_STRING_print(bp, pinfo->registrationNumber) <= 0
+                    || BIO_printf(bp, "\n") <= 0)
+                    goto err;
+            }
+
+            if (pinfo->namingAuthority != NULL) {
+                if (i2r_NAMING_AUTHORITY(method, pinfo->namingAuthority, bp, ind + 2) <= 0)
+                    goto err;
+            }
+
+            if (pinfo->professionItems != NULL) {
+
+                if (BIO_printf(bp, "%*s    Info Entries:\n", ind, "") <= 0)
+                    goto err;
+                for (k = 0; k < sk_ASN1_STRING_num(pinfo->professionItems); k++) {
+                    ASN1_STRING* val = sk_ASN1_STRING_value(pinfo->professionItems, k);
+
+                    if (BIO_printf(bp, "%*s      ", ind, "") <= 0
+                        || ASN1_STRING_print(bp, val) <= 0
+                        || BIO_printf(bp, "\n") <= 0)
+                        goto err;
+                }
+            }
+
+            if (pinfo->professionOIDs != NULL) {
+                if (BIO_printf(bp, "%*s    Profession OIDs:\n", ind, "") <= 0)
+                    goto err;
+                for (k = 0; k < sk_ASN1_OBJECT_num(pinfo->professionOIDs); k++) {
+                    ASN1_OBJECT* obj = sk_ASN1_OBJECT_value(pinfo->professionOIDs, k);
+                    const char *ln = OBJ_nid2ln(OBJ_obj2nid(obj));
+                    char objbuf[128];
+
+                    OBJ_obj2txt(objbuf, sizeof(objbuf), obj, 1);
+                    if (BIO_printf(bp, "%*s      %s%s%s%s\n", ind, "",
+                                   ln ? ln : "", ln ? " (" : "",
+                                   objbuf, ln ? ")" : "") <= 0)
+                        goto err;
+                }
+            }
+        }
+    }
+    return 1;
+
+err:
+    return -1;
+}
+
+const ASN1_OBJECT *NAMING_AUTHORITY_get0_authorityId(const NAMING_AUTHORITY *n)
+{
+    return n->namingAuthorityId;
+}
+
+void NAMING_AUTHORITY_set0_authorityId(NAMING_AUTHORITY *n, ASN1_OBJECT* id)
+{
+    ASN1_OBJECT_free(n->namingAuthorityId);
+    n->namingAuthorityId = id;
+}
+
+const ASN1_IA5STRING *NAMING_AUTHORITY_get0_authorityURL(
+    const NAMING_AUTHORITY *n)
+{
+    return n->namingAuthorityUrl;
+}
+
+void NAMING_AUTHORITY_set0_authorityURL(NAMING_AUTHORITY *n, ASN1_IA5STRING* u)
+{
+    ASN1_IA5STRING_free(n->namingAuthorityUrl);
+    n->namingAuthorityUrl = u;
+}
+
+const ASN1_STRING *NAMING_AUTHORITY_get0_authorityText(
+    const NAMING_AUTHORITY *n)
+{
+    return n->namingAuthorityText;
+}
+
+void NAMING_AUTHORITY_set0_authorityText(NAMING_AUTHORITY *n, ASN1_STRING* t)
+{
+    ASN1_IA5STRING_free(n->namingAuthorityText);
+    n->namingAuthorityText = t;
+}
+
+const GENERAL_NAME *ADMISSION_SYNTAX_get0_admissionAuthority(const ADMISSION_SYNTAX *as)
+{
+    return as->admissionAuthority;
+}
+
+void ADMISSION_SYNTAX_set0_admissionAuthority(ADMISSION_SYNTAX *as,
+                                              GENERAL_NAME *aa)
+{
+    GENERAL_NAME_free(as->admissionAuthority);
+    as->admissionAuthority = aa;
+}
+
+const STACK_OF(ADMISSIONS) *ADMISSION_SYNTAX_get0_contentsOfAdmissions(const ADMISSION_SYNTAX *as)
+{
+    return as->contentsOfAdmissions;
+}
+
+void ADMISSION_SYNTAX_set0_contentsOfAdmissions(ADMISSION_SYNTAX *as,
+                                                STACK_OF(ADMISSIONS) *a)
+{
+    sk_ADMISSIONS_pop_free(as->contentsOfAdmissions, ADMISSIONS_free);
+    as->contentsOfAdmissions = a;
+}
+
+const GENERAL_NAME *ADMISSIONS_get0_admissionAuthority(const ADMISSIONS *a)
+{
+    return a->admissionAuthority;
+}
+
+void ADMISSIONS_set0_admissionAuthority(ADMISSIONS *a, GENERAL_NAME *aa)
+{
+    GENERAL_NAME_free(a->admissionAuthority);
+    a->admissionAuthority = aa;
+}
+
+const NAMING_AUTHORITY *ADMISSIONS_get0_namingAuthority(const ADMISSIONS *a)
+{
+    return a->namingAuthority;
+}
+
+void ADMISSIONS_set0_namingAuthority(ADMISSIONS *a, NAMING_AUTHORITY *na)
+{
+    NAMING_AUTHORITY_free(a->namingAuthority);
+    a->namingAuthority = na;
+}
+
+const PROFESSION_INFOS *ADMISSIONS_get0_professionInfos(const ADMISSIONS *a)
+{
+    return a->professionInfos;
+}
+
+void ADMISSIONS_set0_professionInfos(ADMISSIONS *a, PROFESSION_INFOS *pi)
+{
+    sk_PROFESSION_INFO_pop_free(a->professionInfos, PROFESSION_INFO_free);
+    a->professionInfos = pi;
+}
+
+const ASN1_OCTET_STRING *PROFESSION_INFO_get0_addProfessionInfo(const PROFESSION_INFO *pi)
+{
+    return pi->addProfessionInfo;
+}
+
+void PROFESSION_INFO_set0_addProfessionInfo(PROFESSION_INFO *pi,
+                                            ASN1_OCTET_STRING *aos)
+{
+    ASN1_OCTET_STRING_free(pi->addProfessionInfo);
+    pi->addProfessionInfo = aos;
+}
+
+const NAMING_AUTHORITY *PROFESSION_INFO_get0_namingAuthority(const PROFESSION_INFO *pi)
+{
+    return pi->namingAuthority;
+}
+
+void PROFESSION_INFO_set0_namingAuthority(PROFESSION_INFO *pi,
+                                          NAMING_AUTHORITY *na)
+{
+    NAMING_AUTHORITY_free(pi->namingAuthority);
+    pi->namingAuthority = na;
+}
+
+const STACK_OF(ASN1_STRING) *PROFESSION_INFO_get0_professionItems(const PROFESSION_INFO *pi)
+{
+    return pi->professionItems;
+}
+
+void PROFESSION_INFO_set0_professionItems(PROFESSION_INFO *pi,
+                                          STACK_OF(ASN1_STRING) *as)
+{
+    sk_ASN1_STRING_pop_free(pi->professionItems, ASN1_STRING_free);
+    pi->professionItems = as;
+}
+
+const STACK_OF(ASN1_OBJECT) *PROFESSION_INFO_get0_professionOIDs(const PROFESSION_INFO *pi)
+{
+    return pi->professionOIDs;
+}
+
+void PROFESSION_INFO_set0_professionOIDs(PROFESSION_INFO *pi,
+                                         STACK_OF(ASN1_OBJECT) *po)
+{
+    sk_ASN1_OBJECT_pop_free(pi->professionOIDs, ASN1_OBJECT_free);
+    pi->professionOIDs = po;
+}
+
+const ASN1_PRINTABLESTRING *PROFESSION_INFO_get0_registrationNumber(const PROFESSION_INFO *pi)
+{
+    return pi->registrationNumber;
+}
+
+void PROFESSION_INFO_set0_registrationNumber(PROFESSION_INFO *pi,
+                                             ASN1_PRINTABLESTRING *rn)
+{
+    ASN1_PRINTABLESTRING_free(pi->registrationNumber);
+    pi->registrationNumber = rn;
+}
diff --git a/deps/openssl/openssl/crypto/x509v3/v3_admis.h b/deps/openssl/openssl/crypto/x509v3/v3_admis.h
new file mode 100644
index 0000000000..fa23fc7617
--- /dev/null
+++ b/deps/openssl/openssl/crypto/x509v3/v3_admis.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_V3_ADMISSION_H
+# define HEADER_V3_ADMISSION_H
+
+struct NamingAuthority_st {
+    ASN1_OBJECT* namingAuthorityId;
+    ASN1_IA5STRING* namingAuthorityUrl;
+    ASN1_STRING* namingAuthorityText;          /* i.e. DIRECTORYSTRING */
+};
+
+struct ProfessionInfo_st {
+    NAMING_AUTHORITY* namingAuthority;
+    STACK_OF(ASN1_STRING)* professionItems;    /* i.e. DIRECTORYSTRING */
+    STACK_OF(ASN1_OBJECT)* professionOIDs;
+    ASN1_PRINTABLESTRING* registrationNumber;
+    ASN1_OCTET_STRING* addProfessionInfo;
+};
+
+struct Admissions_st {
+    GENERAL_NAME* admissionAuthority;
+    NAMING_AUTHORITY* namingAuthority;
+    STACK_OF(PROFESSION_INFO)* professionInfos;
+};
+
+struct AdmissionSyntax_st {
+    GENERAL_NAME* admissionAuthority;
+    STACK_OF(ADMISSIONS)* contentsOfAdmissions;
+};
+
+#endif
diff --git a/deps/openssl/openssl/crypto/x509v3/v3_alt.c b/deps/openssl/openssl/crypto/x509v3/v3_alt.c
index a35d3376b5..832e6d1285 100644
--- a/deps/openssl/openssl/crypto/x509v3/v3_alt.c
+++ b/deps/openssl/openssl/crypto/x509v3/v3_alt.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -68,6 +68,7 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
     unsigned char *p;
     char oline[256], htmp[5];
     int i;
+
     switch (gen->type) {
     case GEN_OTHERNAME:
         if (!X509V3_add_value("othername", "<unsupported>", &ret))
@@ -100,7 +101,7 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
         break;
 
     case GEN_DIRNAME:
-        if (X509_NAME_oneline(gen->d.dirn, oline, 256) == NULL
+        if (X509_NAME_oneline(gen->d.dirn, oline, sizeof(oline)) == NULL
                 || !X509V3_add_value("DirName", oline, &ret))
             return NULL;
         break;
@@ -108,8 +109,8 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
     case GEN_IPADD:
         p = gen->d.ip->data;
         if (gen->d.ip->length == 4)
-            BIO_snprintf(oline, sizeof(oline),
-                         "%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
+            BIO_snprintf(oline, sizeof(oline), "%d.%d.%d.%d",
+                         p[0], p[1], p[2], p[3]);
         else if (gen->d.ip->length == 16) {
             oline[0] = 0;
             for (i = 0; i < 8; i++) {
@@ -201,25 +202,28 @@ static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method,
                                      X509V3_CTX *ctx,
                                      STACK_OF(CONF_VALUE) *nval)
 {
-    GENERAL_NAMES *gens = NULL;
-    CONF_VALUE *cnf;
+    const int num = sk_CONF_VALUE_num(nval);
+    GENERAL_NAMES *gens = sk_GENERAL_NAME_new_reserve(NULL, num);
     int i;
 
-    if ((gens = sk_GENERAL_NAME_new_null()) == NULL) {
+    if (gens == NULL) {
         X509V3err(X509V3_F_V2I_ISSUER_ALT, ERR_R_MALLOC_FAILURE);
+        sk_GENERAL_NAME_free(gens);
         return NULL;
     }
-    for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
-        cnf = sk_CONF_VALUE_value(nval, i);
+    for (i = 0; i < num; i++) {
+        CONF_VALUE *cnf = sk_CONF_VALUE_value(nval, i);
+
         if (!name_cmp(cnf->name, "issuer")
             && cnf->value && strcmp(cnf->value, "copy") == 0) {
             if (!copy_issuer(ctx, gens))
                 goto err;
         } else {
-            GENERAL_NAME *gen;
-            if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL)
+            GENERAL_NAME *gen = v2i_GENERAL_NAME(method, ctx, cnf);
+
+            if (gen == NULL)
                 goto err;
-            sk_GENERAL_NAME_push(gens, gen);
+            sk_GENERAL_NAME_push(gens, gen); /* no failure as it was reserved */
         }
     }
     return gens;
@@ -235,7 +239,7 @@ static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens)
     GENERAL_NAMES *ialt;
     GENERAL_NAME *gen;
     X509_EXTENSION *ext;
-    int i;
+    int i, num;
 
     if (ctx && (ctx->flags == CTX_TEST))
         return 1;
@@ -252,12 +256,15 @@ static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens)
         goto err;
     }
 
-    for (i = 0; i < sk_GENERAL_NAME_num(ialt); i++) {
+    num = sk_GENERAL_NAME_num(ialt);
+    if (!sk_GENERAL_NAME_reserve(gens, num)) {
+        X509V3err(X509V3_F_COPY_ISSUER, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    for (i = 0; i < num; i++) {
         gen = sk_GENERAL_NAME_value(ialt, i);
-        if (!sk_GENERAL_NAME_push(gens, gen)) {
-            X509V3err(X509V3_F_COPY_ISSUER, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
+        sk_GENERAL_NAME_push(gens, gen);     /* no failure as it was reserved */
     }
     sk_GENERAL_NAME_free(ialt);
 
@@ -272,15 +279,19 @@ static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method,
                                       X509V3_CTX *ctx,
                                       STACK_OF(CONF_VALUE) *nval)
 {
-    GENERAL_NAMES *gens = NULL;
+    GENERAL_NAMES *gens;
     CONF_VALUE *cnf;
+    const int num = sk_CONF_VALUE_num(nval);
     int i;
 
-    if ((gens = sk_GENERAL_NAME_new_null()) == NULL) {
+    gens = sk_GENERAL_NAME_new_reserve(NULL, num);
+    if (gens == NULL) {
         X509V3err(X509V3_F_V2I_SUBJECT_ALT, ERR_R_MALLOC_FAILURE);
+        sk_GENERAL_NAME_free(gens);
         return NULL;
     }
-    for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+
+    for (i = 0; i < num; i++) {
         cnf = sk_CONF_VALUE_value(nval, i);
         if (!name_cmp(cnf->name, "email")
             && cnf->value && strcmp(cnf->value, "copy") == 0) {
@@ -294,7 +305,7 @@ static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method,
             GENERAL_NAME *gen;
             if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL)
                 goto err;
-            sk_GENERAL_NAME_push(gens, gen);
+            sk_GENERAL_NAME_push(gens, gen); /* no failure as it was reserved */
         }
     }
     return gens;
@@ -313,10 +324,12 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p)
     ASN1_IA5STRING *email = NULL;
     X509_NAME_ENTRY *ne;
     GENERAL_NAME *gen = NULL;
-    int i;
+    int i = -1;
+
     if (ctx != NULL && ctx->flags == CTX_TEST)
         return 1;
-    if (!ctx || (!ctx->subject_cert && !ctx->subject_req)) {
+    if (ctx == NULL
+        || (ctx->subject_cert == NULL && ctx->subject_req == NULL)) {
         X509V3err(X509V3_F_COPY_EMAIL, X509V3_R_NO_SUBJECT_DETAILS);
         goto err;
     }
@@ -327,7 +340,6 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p)
         nm = X509_REQ_get_subject_name(ctx->subject_req);
 
     /* Now add any email address(es) to STACK */
-    i = -1;
     while ((i = X509_NAME_get_index_by_NID(nm,
                                            NID_pkcs9_emailAddress, i)) >= 0) {
         ne = X509_NAME_get_entry(nm, i);
@@ -364,19 +376,23 @@ GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method,
                                  X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
 {
     GENERAL_NAME *gen;
-    GENERAL_NAMES *gens = NULL;
+    GENERAL_NAMES *gens;
     CONF_VALUE *cnf;
+    const int num = sk_CONF_VALUE_num(nval);
     int i;
 
-    if ((gens = sk_GENERAL_NAME_new_null()) == NULL) {
+    gens = sk_GENERAL_NAME_new_reserve(NULL, num);
+    if (gens == NULL) {
         X509V3err(X509V3_F_V2I_GENERAL_NAMES, ERR_R_MALLOC_FAILURE);
+        sk_GENERAL_NAME_free(gens);
         return NULL;
     }
-    for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+
+    for (i = 0; i < num; i++) {
         cnf = sk_CONF_VALUE_value(nval, i);
         if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL)
             goto err;
-        sk_GENERAL_NAME_push(gens, gen);
+        sk_GENERAL_NAME_push(gens, gen);    /* no failure as it was reserved */
     }
     return gens;
  err:
diff --git a/deps/openssl/openssl/crypto/x509v3/v3_asid.c b/deps/openssl/openssl/crypto/x509v3/v3_asid.c
index af4fcf4cd5..089f2ae29f 100644
--- a/deps/openssl/openssl/crypto/x509v3/v3_asid.c
+++ b/deps/openssl/openssl/crypto/x509v3/v3_asid.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -11,6 +11,7 @@
  * Implementation of RFC 3779 section 3.2.
  */
 
+#include <assert.h>
 #include <stdio.h>
 #include <string.h>
 #include "internal/cryptlib.h"
@@ -123,13 +124,13 @@ static int ASIdOrRange_cmp(const ASIdOrRange *const *a_,
 {
     const ASIdOrRange *a = *a_, *b = *b_;
 
-    OPENSSL_assert((a->type == ASIdOrRange_id && a->u.id != NULL) ||
-                   (a->type == ASIdOrRange_range && a->u.range != NULL &&
-                    a->u.range->min != NULL && a->u.range->max != NULL));
+    assert((a->type == ASIdOrRange_id && a->u.id != NULL) ||
+           (a->type == ASIdOrRange_range && a->u.range != NULL &&
+            a->u.range->min != NULL && a->u.range->max != NULL));
 
-    OPENSSL_assert((b->type == ASIdOrRange_id && b->u.id != NULL) ||
-                   (b->type == ASIdOrRange_range && b->u.range != NULL &&
-                    b->u.range->min != NULL && b->u.range->max != NULL));
+    assert((b->type == ASIdOrRange_id && b->u.id != NULL) ||
+           (b->type == ASIdOrRange_range && b->u.range != NULL &&
+            b->u.range->min != NULL && b->u.range->max != NULL));
 
     if (a->type == ASIdOrRange_id && b->type == ASIdOrRange_id)
         return ASN1_INTEGER_cmp(a->u.id, b->u.id);
@@ -167,7 +168,6 @@ int X509v3_asid_add_inherit(ASIdentifiers *asid, int which)
     if (*choice == NULL) {
         if ((*choice = ASIdentifierChoice_new()) == NULL)
             return 0;
-        OPENSSL_assert((*choice)->u.inherit == NULL);
         if (((*choice)->u.inherit = ASN1_NULL_new()) == NULL)
             return 0;
         (*choice)->type = ASIdentifierChoice_inherit;
@@ -200,7 +200,6 @@ int X509v3_asid_add_id_or_range(ASIdentifiers *asid,
     if (*choice == NULL) {
         if ((*choice = ASIdentifierChoice_new()) == NULL)
             return 0;
-        OPENSSL_assert((*choice)->u.asIdsOrRanges == NULL);
         (*choice)->u.asIdsOrRanges = sk_ASIdOrRange_new(ASIdOrRange_cmp);
         if ((*choice)->u.asIdsOrRanges == NULL)
             return 0;
@@ -232,20 +231,23 @@ int X509v3_asid_add_id_or_range(ASIdentifiers *asid,
 /*
  * Extract min and max values from an ASIdOrRange.
  */
-static void extract_min_max(ASIdOrRange *aor,
-                            ASN1_INTEGER **min, ASN1_INTEGER **max)
+static int extract_min_max(ASIdOrRange *aor,
+                           ASN1_INTEGER **min, ASN1_INTEGER **max)
 {
-    OPENSSL_assert(aor != NULL && min != NULL && max != NULL);
+    if (!ossl_assert(aor != NULL))
+        return 0;
     switch (aor->type) {
     case ASIdOrRange_id:
         *min = aor->u.id;
         *max = aor->u.id;
-        return;
+        return 1;
     case ASIdOrRange_range:
         *min = aor->u.range->min;
         *max = aor->u.range->max;
-        return;
+        return 1;
     }
+
+    return 0;
 }
 
 /*
@@ -279,8 +281,9 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)
         ASN1_INTEGER *a_min = NULL, *a_max = NULL, *b_min = NULL, *b_max =
             NULL;
 
-        extract_min_max(a, &a_min, &a_max);
-        extract_min_max(b, &b_min, &b_max);
+        if (!extract_min_max(a, &a_min, &a_max)
+                || !extract_min_max(b, &b_min, &b_max))
+            goto done;
 
         /*
          * Punt misordered list, overlapping start, or inverted range.
@@ -318,8 +321,8 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)
         ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
         ASN1_INTEGER *a_min, *a_max;
         if (a != NULL && a->type == ASIdOrRange_range) {
-            extract_min_max(a, &a_min, &a_max);
-            if (ASN1_INTEGER_cmp(a_min, a_max) > 0)
+            if (!extract_min_max(a, &a_min, &a_max)
+                    || ASN1_INTEGER_cmp(a_min, a_max) > 0)
                 goto done;
         }
     }
@@ -382,13 +385,15 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
         ASN1_INTEGER *a_min = NULL, *a_max = NULL, *b_min = NULL, *b_max =
             NULL;
 
-        extract_min_max(a, &a_min, &a_max);
-        extract_min_max(b, &b_min, &b_max);
+        if (!extract_min_max(a, &a_min, &a_max)
+                || !extract_min_max(b, &b_min, &b_max))
+            goto done;
 
         /*
          * Make sure we're properly sorted (paranoia).
          */
-        OPENSSL_assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0);
+        if (!ossl_assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0))
+            goto done;
 
         /*
          * Punt inverted ranges.
@@ -464,13 +469,15 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
         ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
         ASN1_INTEGER *a_min, *a_max;
         if (a != NULL && a->type == ASIdOrRange_range) {
-            extract_min_max(a, &a_min, &a_max);
-            if (ASN1_INTEGER_cmp(a_min, a_max) > 0)
+            if (!extract_min_max(a, &a_min, &a_max)
+                    || ASN1_INTEGER_cmp(a_min, a_max) > 0)
                 goto done;
         }
     }
 
-    OPENSSL_assert(ASIdentifierChoice_is_canonical(choice)); /* Paranoia */
+    /* Paranoia */
+    if (!ossl_assert(ASIdentifierChoice_is_canonical(choice)))
+        goto done;
 
     ret = 1;
 
@@ -655,11 +662,14 @@ static int asid_contains(ASIdOrRanges *parent, ASIdOrRanges *child)
 
     p = 0;
     for (c = 0; c < sk_ASIdOrRange_num(child); c++) {
-        extract_min_max(sk_ASIdOrRange_value(child, c), &c_min, &c_max);
+        if (!extract_min_max(sk_ASIdOrRange_value(child, c), &c_min, &c_max))
+            return 0;
         for (;; p++) {
             if (p >= sk_ASIdOrRange_num(parent))
                 return 0;
-            extract_min_max(sk_ASIdOrRange_value(parent, p), &p_min, &p_max);
+            if (!extract_min_max(sk_ASIdOrRange_value(parent, p), &p_min,
+                                 &p_max))
+                return 0;
             if (ASN1_INTEGER_cmp(p_max, c_max) < 0)
                 continue;
             if (ASN1_INTEGER_cmp(p_min, c_min) > 0)
@@ -715,9 +725,14 @@ static int asid_validate_path_internal(X509_STORE_CTX *ctx,
     int i, ret = 1, inherit_as = 0, inherit_rdi = 0;
     X509 *x;
 
-    OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0);
-    OPENSSL_assert(ctx != NULL || ext != NULL);
-    OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL);
+    if (!ossl_assert(chain != NULL && sk_X509_num(chain) > 0)
+            || !ossl_assert(ctx != NULL || ext != NULL)
+            || !ossl_assert(ctx == NULL || ctx->verify_cb != NULL)) {
+        if (ctx != NULL)
+            ctx->error = X509_V_ERR_UNSPECIFIED;
+        return 0;
+    }
+
 
     /*
      * Figure out where to start.  If we don't have an extension to
@@ -730,7 +745,6 @@ static int asid_validate_path_internal(X509_STORE_CTX *ctx,
     } else {
         i = 0;
         x = sk_X509_value(chain, i);
-        OPENSSL_assert(x != NULL);
         if ((ext = x->rfc3779_asid) == NULL)
             goto done;
     }
@@ -763,7 +777,11 @@ static int asid_validate_path_internal(X509_STORE_CTX *ctx,
      */
     for (i++; i < sk_X509_num(chain); i++) {
         x = sk_X509_value(chain, i);
-        OPENSSL_assert(x != NULL);
+        if (!ossl_assert(x != NULL)) {
+            if (ctx != NULL)
+                ctx->error = X509_V_ERR_UNSPECIFIED;
+            return 0;
+        }
         if (x->rfc3779_asid == NULL) {
             if (child_as != NULL || child_rdi != NULL)
                 validation_err(X509_V_ERR_UNNESTED_RESOURCE);
@@ -809,7 +827,11 @@ static int asid_validate_path_internal(X509_STORE_CTX *ctx,
     /*
      * Trust anchor can't inherit.
      */
-    OPENSSL_assert(x != NULL);
+    if (!ossl_assert(x != NULL)) {
+        if (ctx != NULL)
+            ctx->error = X509_V_ERR_UNSPECIFIED;
+        return 0;
+    }
     if (x->rfc3779_asid != NULL) {
         if (x->rfc3779_asid->asnum != NULL &&
             x->rfc3779_asid->asnum->type == ASIdentifierChoice_inherit)
@@ -830,6 +852,12 @@ static int asid_validate_path_internal(X509_STORE_CTX *ctx,
  */
 int X509v3_asid_validate_path(X509_STORE_CTX *ctx)
 {
+    if (ctx->chain == NULL
+            || sk_X509_num(ctx->chain) == 0
+            || ctx->verify_cb == NULL) {
+        ctx->error = X509_V_ERR_UNSPECIFIED;
+        return 0;
+    }
     return asid_validate_path_internal(ctx, ctx->chain, NULL);
 }
 
diff --git a/deps/openssl/openssl/crypto/x509v3/v3_conf.c b/deps/openssl/openssl/crypto/x509v3/v3_conf.c
index 3cc5b14d3a..7acaebfa22 100644
--- a/deps/openssl/openssl/crypto/x509v3/v3_conf.c
+++ b/deps/openssl/openssl/crypto/x509v3/v3_conf.c
@@ -10,7 +10,7 @@
 /* extension creation utilities */
 
 #include <stdio.h>
-#include <ctype.h>
+#include "internal/ctype.h"
 #include "internal/cryptlib.h"
 #include <openssl/conf.h>
 #include <openssl/x509.h>
@@ -192,7 +192,7 @@ static int v3_check_critical(const char **value)
     if ((strlen(p) < 9) || strncmp(p, "critical,", 9))
         return 0;
     p += 9;
-    while (isspace((unsigned char)*p))
+    while (ossl_isspace(*p))
         p++;
     *value = p;
     return 1;
@@ -212,7 +212,7 @@ static int v3_check_generic(const char **value)
     } else
         return 0;
 
-    while (isspace((unsigned char)*p))
+    while (ossl_isspace(*p))
         p++;
     *value = p;
     return gen_type;
diff --git a/deps/openssl/openssl/crypto/x509v3/v3_cpols.c b/deps/openssl/openssl/crypto/x509v3/v3_cpols.c
index 22c56ba380..7a47fd38b3 100644
--- a/deps/openssl/openssl/crypto/x509v3/v3_cpols.c
+++ b/deps/openssl/openssl/crypto/x509v3/v3_cpols.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -31,6 +31,8 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx,
 static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
                                       STACK_OF(CONF_VALUE) *unot, int ia5org);
 static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos);
+static int displaytext_str2tag(const char *tagstr, unsigned int *tag_len);
+static int displaytext_get_tag_len(const char *tagstr);
 
 const X509V3_EXT_METHOD v3_cpols = {
     NID_certificate_policies, 0, ASN1_ITEM_ref(CERTIFICATEPOLICIES),
@@ -86,26 +88,30 @@ IMPLEMENT_ASN1_FUNCTIONS(NOTICEREF)
 static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
                                          X509V3_CTX *ctx, const char *value)
 {
-    STACK_OF(POLICYINFO) *pols = NULL;
+    STACK_OF(POLICYINFO) *pols;
     char *pstr;
     POLICYINFO *pol;
     ASN1_OBJECT *pobj;
-    STACK_OF(CONF_VALUE) *vals;
+    STACK_OF(CONF_VALUE) *vals = X509V3_parse_list(value);
     CONF_VALUE *cnf;
+    const int num = sk_CONF_VALUE_num(vals);
     int i, ia5org;
-    pols = sk_POLICYINFO_new_null();
-    if (pols == NULL) {
-        X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
-        return NULL;
-    }
-    vals = X509V3_parse_list(value);
+
     if (vals == NULL) {
         X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_X509V3_LIB);
+        return NULL;
+    }
+
+    pols = sk_POLICYINFO_new_reserve(NULL, num);
+    if (pols == NULL) {
+        X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
         goto err;
     }
+
     ia5org = 0;
-    for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
+    for (i = 0; i < num; i++) {
         cnf = sk_CONF_VALUE_value(vals, i);
+
         if (cnf->value || !cnf->name) {
             X509V3err(X509V3_F_R2I_CERTPOL,
                       X509V3_R_INVALID_POLICY_IDENTIFIER);
@@ -138,8 +144,8 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
             }
             pol = POLICYINFO_new();
             if (pol == NULL) {
-                X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
                 ASN1_OBJECT_free(pobj);
+                X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
                 goto err;
             }
             pol->policyid = pobj;
@@ -239,16 +245,50 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx,
  err:
     POLICYINFO_free(pol);
     return NULL;
+}
+
+static int displaytext_get_tag_len(const char *tagstr)
+{
+    char *colon = strchr(tagstr, ':');
 
+    return (colon == NULL) ? -1 : colon - tagstr;
+}
+
+static int displaytext_str2tag(const char *tagstr, unsigned int *tag_len)
+{
+    int len;
+
+    *tag_len = 0;
+    len = displaytext_get_tag_len(tagstr);
+
+    if (len == -1)
+        return V_ASN1_VISIBLESTRING;
+    *tag_len = len;
+    if (len == sizeof("UTF8") - 1 && strncmp(tagstr, "UTF8", len) == 0)
+        return V_ASN1_UTF8STRING;
+    if (len == sizeof("UTF8String") - 1 && strncmp(tagstr, "UTF8String", len) == 0)
+        return V_ASN1_UTF8STRING;
+    if (len == sizeof("BMP") - 1 && strncmp(tagstr, "BMP", len) == 0)
+        return V_ASN1_BMPSTRING;
+    if (len == sizeof("BMPSTRING") - 1 && strncmp(tagstr, "BMPSTRING", len) == 0)
+        return V_ASN1_BMPSTRING;
+    if (len == sizeof("VISIBLE") - 1 && strncmp(tagstr, "VISIBLE", len) == 0)
+        return V_ASN1_VISIBLESTRING;
+    if (len == sizeof("VISIBLESTRING") - 1 && strncmp(tagstr, "VISIBLESTRING", len) == 0)
+        return V_ASN1_VISIBLESTRING;
+    *tag_len = 0;
+    return V_ASN1_VISIBLESTRING;
 }
 
 static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
                                       STACK_OF(CONF_VALUE) *unot, int ia5org)
 {
-    int i, ret;
+    int i, ret, len, tag;
+    unsigned int tag_len;
     CONF_VALUE *cnf;
     USERNOTICE *not;
     POLICYQUALINFO *qual;
+    char *value = NULL;
 
     if ((qual = POLICYQUALINFO_new()) == NULL)
         goto merr;
@@ -261,11 +301,15 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
     qual->d.usernotice = not;
     for (i = 0; i < sk_CONF_VALUE_num(unot); i++) {
         cnf = sk_CONF_VALUE_value(unot, i);
+        value = cnf->value;
         if (strcmp(cnf->name, "explicitText") == 0) {
-            if ((not->exptext = ASN1_VISIBLESTRING_new()) == NULL)
+            tag = displaytext_str2tag(value, &tag_len);
+            if ((not->exptext = ASN1_STRING_type_new(tag)) == NULL)
                 goto merr;
-            if (!ASN1_STRING_set(not->exptext, cnf->value,
-                                 strlen(cnf->value)))
+            if (tag_len != 0)
+                value += tag_len + 1;
+            len = strlen(value);
+            if (!ASN1_STRING_set(not->exptext, value, len))
                 goto merr;
         } else if (strcmp(cnf->name, "organization") == 0) {
             NOTICEREF *nref;
diff --git a/deps/openssl/openssl/crypto/x509v3/v3_crld.c b/deps/openssl/openssl/crypto/x509v3/v3_crld.c
index c4c77f1851..6cba4240ab 100644
--- a/deps/openssl/openssl/crypto/x509v3/v3_crld.c
+++ b/deps/openssl/openssl/crypto/x509v3/v3_crld.c
@@ -205,8 +205,8 @@ static DIST_POINT *crldp_from_section(X509V3_CTX *ctx,
 {
     int i;
     CONF_VALUE *cnf;
-    DIST_POINT *point = NULL;
-    point = DIST_POINT_new();
+    DIST_POINT *point = DIST_POINT_new();
+
     if (point == NULL)
         goto err;
     for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
@@ -237,16 +237,19 @@ static DIST_POINT *crldp_from_section(X509V3_CTX *ctx,
 static void *v2i_crld(const X509V3_EXT_METHOD *method,
                       X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
 {
-    STACK_OF(DIST_POINT) *crld = NULL;
+    STACK_OF(DIST_POINT) *crld;
     GENERAL_NAMES *gens = NULL;
     GENERAL_NAME *gen = NULL;
     CONF_VALUE *cnf;
+    const int num = sk_CONF_VALUE_num(nval);
     int i;
 
-    if ((crld = sk_DIST_POINT_new_null()) == NULL)
+    crld = sk_DIST_POINT_new_reserve(NULL, num);
+    if (crld == NULL)
         goto merr;
-    for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+    for (i = 0; i < num; i++) {
         DIST_POINT *point;
+
         cnf = sk_CONF_VALUE_value(nval, i);
         if (!cnf->value) {
             STACK_OF(CONF_VALUE) *dpsect;
@@ -257,10 +260,7 @@ static void *v2i_crld(const X509V3_EXT_METHOD *method,
             X509V3_section_free(ctx, dpsect);
             if (!point)
                 goto err;
-            if (!sk_DIST_POINT_push(crld, point)) {
-                DIST_POINT_free(point);
-                goto merr;
-            }
+            sk_DIST_POINT_push(crld, point); /* no failure as it was reserved */
         } else {
             if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL)
                 goto err;
@@ -271,10 +271,7 @@ static void *v2i_crld(const X509V3_EXT_METHOD *method,
             gen = NULL;
             if ((point = DIST_POINT_new()) == NULL)
                 goto merr;
-            if (!sk_DIST_POINT_push(crld, point)) {
-                DIST_POINT_free(point);
-                goto merr;
-            }
+            sk_DIST_POINT_push(crld, point); /* no failure as it was reserved */
             if ((point->distpoint = DIST_POINT_NAME_new()) == NULL)
                 goto merr;
             point->distpoint->name.fullname = gens;
diff --git a/deps/openssl/openssl/crypto/x509v3/v3_enum.c b/deps/openssl/openssl/crypto/x509v3/v3_enum.c
index f39cb5ac2a..3b0f197444 100644
--- a/deps/openssl/openssl/crypto/x509v3/v3_enum.c
+++ b/deps/openssl/openssl/crypto/x509v3/v3_enum.c
@@ -38,7 +38,7 @@ const X509V3_EXT_METHOD v3_crl_reason = {
     crl_reasons
 };
 
-char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method, 
+char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method,
                                 const ASN1_ENUMERATED *e)
 {
     ENUMERATED_NAMES *enam;
diff --git a/deps/openssl/openssl/crypto/x509v3/v3_extku.c b/deps/openssl/openssl/crypto/x509v3/v3_extku.c
index bae755e3f2..91b24376ed 100644
--- a/deps/openssl/openssl/crypto/x509v3/v3_extku.c
+++ b/deps/openssl/openssl/crypto/x509v3/v3_extku.c
@@ -74,14 +74,17 @@ static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method,
     char *extval;
     ASN1_OBJECT *objtmp;
     CONF_VALUE *val;
+    const int num = sk_CONF_VALUE_num(nval);
     int i;
 
-    if ((extku = sk_ASN1_OBJECT_new_null()) == NULL) {
+    extku = sk_ASN1_OBJECT_new_reserve(NULL, num);
+    if (extku == NULL) {
         X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE, ERR_R_MALLOC_FAILURE);
+        sk_ASN1_OBJECT_free(extku);
         return NULL;
     }
 
-    for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+    for (i = 0; i < num; i++) {
         val = sk_CONF_VALUE_value(nval, i);
         if (val->value)
             extval = val->value;
@@ -94,7 +97,7 @@ static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method,
             X509V3_conf_err(val);
             return NULL;
         }
-        sk_ASN1_OBJECT_push(extku, objtmp);
+        sk_ASN1_OBJECT_push(extku, objtmp);  /* no failure as it was reserved */
     }
     return extku;
 }
diff --git a/deps/openssl/openssl/crypto/x509v3/v3_info.c b/deps/openssl/openssl/crypto/x509v3/v3_info.c
index a0bca5fb8e..7af9e23ae8 100644
--- a/deps/openssl/openssl/crypto/x509v3/v3_info.c
+++ b/deps/openssl/openssl/crypto/x509v3/v3_info.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -78,16 +78,13 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(
         tret = tmp;
         vtmp = sk_CONF_VALUE_value(tret, i);
         i2t_ASN1_OBJECT(objtmp, sizeof(objtmp), desc->method);
-        nlen = strlen(objtmp) + strlen(vtmp->name) + 5;
+        nlen = strlen(objtmp) + 3 + strlen(vtmp->name) + 1;
         ntmp = OPENSSL_malloc(nlen);
         if (ntmp == NULL)
             goto err;
-        OPENSSL_strlcpy(ntmp, objtmp, nlen);
-        OPENSSL_strlcat(ntmp, " - ", nlen);
-        OPENSSL_strlcat(ntmp, vtmp->name, nlen);
+        BIO_snprintf(ntmp, nlen, "%s - %s", objtmp, vtmp->name);
         OPENSSL_free(vtmp->name);
         vtmp->name = ntmp;
-
     }
     if (ret == NULL && tret == NULL)
         return sk_CONF_VALUE_new_null();
@@ -110,20 +107,21 @@ static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD
     CONF_VALUE *cnf, ctmp;
     ACCESS_DESCRIPTION *acc;
     int i, objlen;
+    const int num = sk_CONF_VALUE_num(nval);
     char *objtmp, *ptmp;
 
-    if ((ainfo = sk_ACCESS_DESCRIPTION_new_null()) == NULL) {
+    if ((ainfo = sk_ACCESS_DESCRIPTION_new_reserve(NULL, num)) == NULL) {
         X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
-    for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+    for (i = 0; i < num; i++) {
         cnf = sk_CONF_VALUE_value(nval, i);
-        if ((acc = ACCESS_DESCRIPTION_new()) == NULL
-            || !sk_ACCESS_DESCRIPTION_push(ainfo, acc)) {
+        if ((acc = ACCESS_DESCRIPTION_new()) == NULL) {
             X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,
                       ERR_R_MALLOC_FAILURE);
             goto err;
         }
+        sk_ACCESS_DESCRIPTION_push(ainfo, acc); /* Cannot fail due to reserve */
         ptmp = strchr(cnf->name, ';');
         if (!ptmp) {
             X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,
diff --git a/deps/openssl/openssl/crypto/x509v3/v3_lib.c b/deps/openssl/openssl/crypto/x509v3/v3_lib.c
index d7143086bc..97c1cbc20f 100644
--- a/deps/openssl/openssl/crypto/x509v3/v3_lib.c
+++ b/deps/openssl/openssl/crypto/x509v3/v3_lib.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -47,73 +47,7 @@ DECLARE_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *,
 IMPLEMENT_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *,
                              const X509V3_EXT_METHOD *, ext);
 
-/*
- * This table will be searched using OBJ_bsearch so it *must* kept in order
- * of the ext_nid values.
- */
-
-static const X509V3_EXT_METHOD *standard_exts[] = {
-    &v3_nscert,
-    &v3_ns_ia5_list[0],
-    &v3_ns_ia5_list[1],
-    &v3_ns_ia5_list[2],
-    &v3_ns_ia5_list[3],
-    &v3_ns_ia5_list[4],
-    &v3_ns_ia5_list[5],
-    &v3_ns_ia5_list[6],
-    &v3_skey_id,
-    &v3_key_usage,
-    &v3_pkey_usage_period,
-    &v3_alt[0],
-    &v3_alt[1],
-    &v3_bcons,
-    &v3_crl_num,
-    &v3_cpols,
-    &v3_akey_id,
-    &v3_crld,
-    &v3_ext_ku,
-    &v3_delta_crl,
-    &v3_crl_reason,
-#ifndef OPENSSL_NO_OCSP
-    &v3_crl_invdate,
-#endif
-    &v3_sxnet,
-    &v3_info,
-#ifndef OPENSSL_NO_RFC3779
-    &v3_addr,
-    &v3_asid,
-#endif
-#ifndef OPENSSL_NO_OCSP
-    &v3_ocsp_nonce,
-    &v3_ocsp_crlid,
-    &v3_ocsp_accresp,
-    &v3_ocsp_nocheck,
-    &v3_ocsp_acutoff,
-    &v3_ocsp_serviceloc,
-#endif
-    &v3_sinfo,
-    &v3_policy_constraints,
-#ifndef OPENSSL_NO_OCSP
-    &v3_crl_hold,
-#endif
-    &v3_pci,
-    &v3_name_constraints,
-    &v3_policy_mappings,
-    &v3_inhibit_anyp,
-    &v3_idp,
-    &v3_alt[2],
-    &v3_freshest_crl,
-#ifndef OPENSSL_NO_CT
-    &v3_ct_scts[0],
-    &v3_ct_scts[1],
-    &v3_ct_scts[2],
-#endif
-    &v3_tls_feature,
-};
-
-/* Number of standard extensions */
-
-#define STANDARD_EXTENSION_COUNT OSSL_NELEM(standard_exts)
+#include "standard_exts.h"
 
 const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid)
 {
@@ -130,8 +64,6 @@ const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid)
     if (!ext_list)
         return NULL;
     idx = sk_X509V3_EXT_METHOD_find(ext_list, &tmp);
-    if (idx == -1)
-        return NULL;
     return sk_X509V3_EXT_METHOD_value(ext_list, idx);
 }
 
diff --git a/deps/openssl/openssl/crypto/x509v3/v3_ncons.c b/deps/openssl/openssl/crypto/x509v3/v3_ncons.c
index bd7301e455..9a2cd5af00 100644
--- a/deps/openssl/openssl/crypto/x509v3/v3_ncons.c
+++ b/deps/openssl/openssl/crypto/x509v3/v3_ncons.c
@@ -7,9 +7,9 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
 #include "internal/cryptlib.h"
 #include "internal/numbers.h"
+#include <stdio.h>
 #include "internal/asn1_int.h"
 #include <openssl/asn1t.h>
 #include <openssl/conf.h>
diff --git a/deps/openssl/openssl/crypto/x509v3/v3_pci.c b/deps/openssl/openssl/crypto/x509v3/v3_pci.c
index 2c05edb828..3d124fa6d9 100644
--- a/deps/openssl/openssl/crypto/x509v3/v3_pci.c
+++ b/deps/openssl/openssl/crypto/x509v3/v3_pci.c
@@ -7,7 +7,11 @@
  * https://www.openssl.org/source/license.html
  */
 
-/* Copyright (c) 2004 Kungliga Tekniska Högskolan
+/*
+ * This file is dual-licensed and is also available under the following
+ * terms:
+ *
+ * Copyright (c) 2004 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  *
diff --git a/deps/openssl/openssl/crypto/x509v3/v3_pcia.c b/deps/openssl/openssl/crypto/x509v3/v3_pcia.c
index e6f7a91794..8d6af60e5d 100644
--- a/deps/openssl/openssl/crypto/x509v3/v3_pcia.c
+++ b/deps/openssl/openssl/crypto/x509v3/v3_pcia.c
@@ -7,7 +7,11 @@
  * https://www.openssl.org/source/license.html
  */
 
-/* Copyright (c) 2004 Kungliga Tekniska Högskolan
+/*
+ * This file is dual-licensed and is also available under the following
+ * terms:
+ *
+ * Copyright (c) 2004 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  *
diff --git a/deps/openssl/openssl/crypto/x509v3/v3_pku.c b/deps/openssl/openssl/crypto/x509v3/v3_pku.c
index ed82bca8ba..5a7e7d9725 100644
--- a/deps/openssl/openssl/crypto/x509v3/v3_pku.c
+++ b/deps/openssl/openssl/crypto/x509v3/v3_pku.c
@@ -17,10 +17,7 @@
 static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method,
                                  PKEY_USAGE_PERIOD *usage, BIO *out,
                                  int indent);
-/*
- * static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method,
- * X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
- */
+
 const X509V3_EXT_METHOD v3_pkey_usage_period = {
     NID_private_key_usage_period, 0, ASN1_ITEM_ref(PKEY_USAGE_PERIOD),
     0, 0, 0, 0,
@@ -53,13 +50,3 @@ static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method,
     }
     return 1;
 }
-
-/*-
-static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(method, ctx, values)
-X509V3_EXT_METHOD *method;
-X509V3_CTX *ctx;
-STACK_OF(CONF_VALUE) *values;
-{
-return NULL;
-}
-*/
diff --git a/deps/openssl/openssl/crypto/x509v3/v3_pmaps.c b/deps/openssl/openssl/crypto/x509v3/v3_pmaps.c
index 73f4ec2467..5b6a2af0fb 100644
--- a/deps/openssl/openssl/crypto/x509v3/v3_pmaps.c
+++ b/deps/openssl/openssl/crypto/x509v3/v3_pmaps.c
@@ -52,6 +52,7 @@ static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(const X509V3_EXT_METHOD
     int i;
     char obj_tmp1[80];
     char obj_tmp2[80];
+
     for (i = 0; i < sk_POLICY_MAPPING_num(pmaps); i++) {
         pmap = sk_POLICY_MAPPING_value(pmaps, i);
         i2t_ASN1_OBJECT(obj_tmp1, 80, pmap->issuerDomainPolicy);
@@ -64,18 +65,19 @@ static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(const X509V3_EXT_METHOD
 static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method,
                                  X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
 {
-    POLICY_MAPPINGS *pmaps = NULL;
     POLICY_MAPPING *pmap = NULL;
     ASN1_OBJECT *obj1 = NULL, *obj2 = NULL;
     CONF_VALUE *val;
+    POLICY_MAPPINGS *pmaps;
+    const int num = sk_CONF_VALUE_num(nval);
     int i;
 
-    if ((pmaps = sk_POLICY_MAPPING_new_null()) == NULL) {
+    if ((pmaps = sk_POLICY_MAPPING_new_reserve(NULL, num)) == NULL) {
         X509V3err(X509V3_F_V2I_POLICY_MAPPINGS, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
 
-    for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+    for (i = 0; i < num; i++) {
         val = sk_CONF_VALUE_value(nval, i);
         if (!val->value || !val->name) {
             X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,
@@ -99,7 +101,7 @@ static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method,
         pmap->issuerDomainPolicy = obj1;
         pmap->subjectDomainPolicy = obj2;
         obj1 = obj2 = NULL;
-        sk_POLICY_MAPPING_push(pmaps, pmap);
+        sk_POLICY_MAPPING_push(pmaps, pmap); /* no failure as it was reserved */
     }
     return pmaps;
  err:
diff --git a/deps/openssl/openssl/crypto/x509v3/v3_purp.c b/deps/openssl/openssl/crypto/x509v3/v3_purp.c
index 7ac067229f..70b0397d97 100644
--- a/deps/openssl/openssl/crypto/x509v3/v3_purp.c
+++ b/deps/openssl/openssl/crypto/x509v3/v3_purp.c
@@ -13,6 +13,7 @@
 #include <openssl/x509v3.h>
 #include <openssl/x509_vfy.h>
 #include "internal/x509_int.h"
+#include "internal/tsan_assist.h"
 
 static void x509v3_cache_extensions(X509 *x);
 
@@ -133,13 +134,14 @@ int X509_PURPOSE_get_by_id(int purpose)
 {
     X509_PURPOSE tmp;
     int idx;
+
     if ((purpose >= X509_PURPOSE_MIN) && (purpose <= X509_PURPOSE_MAX))
         return purpose - X509_PURPOSE_MIN;
-    tmp.purpose = purpose;
-    if (!xptable)
+    if (xptable == NULL)
         return -1;
+    tmp.purpose = purpose;
     idx = sk_X509_PURPOSE_find(xptable, &tmp);
-    if (idx == -1)
+    if (idx < 0)
         return -1;
     return idx + X509_PURPOSE_COUNT;
 }
@@ -352,9 +354,11 @@ static void x509v3_cache_extensions(X509 *x)
     X509_EXTENSION *ex;
     int i;
 
+#ifdef tsan_ld_acq
     /* fast lock-free check, see end of the function for details. */
-    if (x->ex_cached)
+    if (tsan_ld_acq((TSAN_QUALIFIER int *)&x->ex_cached))
         return;
+#endif
 
     CRYPTO_THREAD_write_lock(x->lock);
     if (x->ex_flags & EXFLAG_SET) {
@@ -494,14 +498,17 @@ static void x509v3_cache_extensions(X509 *x)
             break;
         }
     }
+    x509_init_sig_info(x);
     x->ex_flags |= EXFLAG_SET;
-    CRYPTO_THREAD_unlock(x->lock);
+#ifdef tsan_st_rel
+    tsan_st_rel((TSAN_QUALIFIER int *)&x->ex_cached, 1);
     /*
-     * It has to be placed after memory barrier, which is implied by unlock.
-     * Worst thing that can happen is that another thread proceeds to lock
-     * and checks x->ex_flags & EXFLAGS_SET. See beginning of the function.
+     * Above store triggers fast lock-free check in the beginning of the
+     * function. But one has to ensure that the structure is "stable", i.e.
+     * all stores are visible on all processors. Hence the release fence.
      */
-    x->ex_cached = 1;
+#endif
+    CRYPTO_THREAD_unlock(x->lock);
 }
 
 /*-
diff --git a/deps/openssl/openssl/crypto/x509v3/v3_skey.c b/deps/openssl/openssl/crypto/x509v3/v3_skey.c
index 39597dc41d..749f51b2f0 100644
--- a/deps/openssl/openssl/crypto/x509v3/v3_skey.c
+++ b/deps/openssl/openssl/crypto/x509v3/v3_skey.c
@@ -24,7 +24,7 @@ const X509V3_EXT_METHOD v3_skey_id = {
     NULL
 };
 
-char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, 
+char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
                             const ASN1_OCTET_STRING *oct)
 {
     return OPENSSL_buf2hexstr(oct->data, oct->length);
diff --git a/deps/openssl/openssl/crypto/x509v3/v3_tlsf.c b/deps/openssl/openssl/crypto/x509v3/v3_tlsf.c
index d93781e1b7..7fd6ef17db 100644
--- a/deps/openssl/openssl/crypto/x509v3/v3_tlsf.c
+++ b/deps/openssl/openssl/crypto/x509v3/v3_tlsf.c
@@ -7,8 +7,9 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
+#include "e_os.h"
 #include "internal/cryptlib.h"
+#include <stdio.h>
 #include "internal/o_str.h"
 #include <openssl/asn1t.h>
 #include <openssl/conf.h>
diff --git a/deps/openssl/openssl/crypto/x509v3/v3_utl.c b/deps/openssl/openssl/crypto/x509v3/v3_utl.c
index 418ef06a9d..c9b40d2c76 100644
--- a/deps/openssl/openssl/crypto/x509v3/v3_utl.c
+++ b/deps/openssl/openssl/crypto/x509v3/v3_utl.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -9,9 +9,10 @@
 
 /* X509 v3 extension utilities */
 
-#include <stdio.h>
-#include <ctype.h>
+#include "e_os.h"
 #include "internal/cryptlib.h"
+#include <stdio.h>
+#include "internal/ctype.h"
 #include <openssl/conf.h>
 #include <openssl/crypto.h>
 #include <openssl/x509v3.h>
@@ -377,12 +378,12 @@ static char *strip_spaces(char *name)
     char *p, *q;
     /* Skip over leading spaces */
     p = name;
-    while (*p && isspace((unsigned char)*p))
+    while (*p && ossl_isspace(*p))
         p++;
     if (!*p)
         return NULL;
     q = p + strlen(p) - 1;
-    while ((q != p) && isspace((unsigned char)*q))
+    while ((q != p) && ossl_isspace(*q))
         q--;
     if (p != q)
         q[1] = 0;
@@ -467,11 +468,11 @@ static STACK_OF(OPENSSL_STRING) *get_email(X509_NAME *name,
 {
     STACK_OF(OPENSSL_STRING) *ret = NULL;
     X509_NAME_ENTRY *ne;
-    ASN1_IA5STRING *email;
+    const ASN1_IA5STRING *email;
     GENERAL_NAME *gen;
-    int i;
+    int i = -1;
+
     /* Now add any email address(es) to STACK */
-    i = -1;
     /* First supplied X509_NAME */
     while ((i = X509_NAME_get_index_by_NID(name,
                                            NID_pkcs9_emailAddress, i)) >= 0) {
diff --git a/deps/openssl/openssl/crypto/x509v3/v3conf.c b/deps/openssl/openssl/crypto/x509v3/v3conf.c
deleted file mode 100644
index 966ab90bc4..0000000000
--- a/deps/openssl/openssl/crypto/x509v3/v3conf.c
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include <stdio.h>
-#include "internal/cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/conf.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-/* Test application to add extensions from a config file */
-
-int main(int argc, char **argv)
-{
-    LHASH *conf;
-    X509 *cert;
-    FILE *inf;
-    char *conf_file;
-    int i;
-    int count;
-    X509_EXTENSION *ext;
-    X509V3_add_standard_extensions();
-    ERR_load_crypto_strings();
-    if (!argv[1]) {
-        fprintf(stderr, "Usage: v3conf cert.pem [file.cnf]\n");
-        exit(1);
-    }
-    conf_file = argv[2];
-    if (!conf_file)
-        conf_file = "test.cnf";
-    conf = CONF_load(NULL, "test.cnf", NULL);
-    if (!conf) {
-        fprintf(stderr, "Error opening Config file %s\n", conf_file);
-        ERR_print_errors_fp(stderr);
-        exit(1);
-    }
-
-    inf = fopen(argv[1], "r");
-    if (!inf) {
-        fprintf(stderr, "Can't open certificate file %s\n", argv[1]);
-        exit(1);
-    }
-    cert = PEM_read_X509(inf, NULL, NULL);
-    if (!cert) {
-        fprintf(stderr, "Error reading certificate file %s\n", argv[1]);
-        exit(1);
-    }
-    fclose(inf);
-
-    sk_pop_free(cert->cert_info->extensions, X509_EXTENSION_free);
-    cert->cert_info->extensions = NULL;
-
-    if (!X509V3_EXT_add_conf(conf, NULL, "test_section", cert)) {
-        fprintf(stderr, "Error adding extensions\n");
-        ERR_print_errors_fp(stderr);
-        exit(1);
-    }
-
-    count = X509_get_ext_count(cert);
-    printf("%d extensions\n", count);
-    for (i = 0; i < count; i++) {
-        ext = X509_get_ext(cert, i);
-        printf("%s", OBJ_nid2ln(OBJ_obj2nid(ext->object)));
-        if (ext->critical)
-            printf(",critical:\n");
-        else
-            printf(":\n");
-        X509V3_EXT_print_fp(stdout, ext, 0, 0);
-        printf("\n");
-
-    }
-    return 0;
-}
diff --git a/deps/openssl/openssl/crypto/x509v3/v3err.c b/deps/openssl/openssl/crypto/x509v3/v3err.c
index d5987913c1..4f2ea52a4a 100644
--- a/deps/openssl/openssl/crypto/x509v3/v3err.c
+++ b/deps/openssl/openssl/crypto/x509v3/v3err.c
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -8,168 +8,238 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
 #include <openssl/err.h>
-#include <openssl/x509v3.h>
+#include <openssl/x509v3err.h>
 
-/* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509V3,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509V3,0,reason)
-
-static ERR_STRING_DATA X509V3_str_functs[] = {
-    {ERR_FUNC(X509V3_F_A2I_GENERAL_NAME), "a2i_GENERAL_NAME"},
-    {ERR_FUNC(X509V3_F_ADDR_VALIDATE_PATH_INTERNAL),
+static const ERR_STRING_DATA X509V3_str_functs[] = {
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_A2I_GENERAL_NAME, 0),
+     "a2i_GENERAL_NAME"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_ADDR_VALIDATE_PATH_INTERNAL, 0),
      "addr_validate_path_internal"},
-    {ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE),
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_ASIDENTIFIERCHOICE_CANONIZE, 0),
      "ASIdentifierChoice_canonize"},
-    {ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL),
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL, 0),
      "ASIdentifierChoice_is_canonical"},
-    {ERR_FUNC(X509V3_F_BIGNUM_TO_STRING), "bignum_to_string"},
-    {ERR_FUNC(X509V3_F_COPY_EMAIL), "copy_email"},
-    {ERR_FUNC(X509V3_F_COPY_ISSUER), "copy_issuer"},
-    {ERR_FUNC(X509V3_F_DO_DIRNAME), "do_dirname"},
-    {ERR_FUNC(X509V3_F_DO_EXT_I2D), "do_ext_i2d"},
-    {ERR_FUNC(X509V3_F_DO_EXT_NCONF), "do_ext_nconf"},
-    {ERR_FUNC(X509V3_F_GNAMES_FROM_SECTNAME), "gnames_from_sectname"},
-    {ERR_FUNC(X509V3_F_I2S_ASN1_ENUMERATED), "i2s_ASN1_ENUMERATED"},
-    {ERR_FUNC(X509V3_F_I2S_ASN1_IA5STRING), "i2s_ASN1_IA5STRING"},
-    {ERR_FUNC(X509V3_F_I2S_ASN1_INTEGER), "i2s_ASN1_INTEGER"},
-    {ERR_FUNC(X509V3_F_I2V_AUTHORITY_INFO_ACCESS),
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_BIGNUM_TO_STRING, 0),
+     "bignum_to_string"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_COPY_EMAIL, 0), "copy_email"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_COPY_ISSUER, 0), "copy_issuer"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_DO_DIRNAME, 0), "do_dirname"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_DO_EXT_I2D, 0), "do_ext_i2d"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_DO_EXT_NCONF, 0), "do_ext_nconf"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_GNAMES_FROM_SECTNAME, 0),
+     "gnames_from_sectname"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_I2S_ASN1_ENUMERATED, 0),
+     "i2s_ASN1_ENUMERATED"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_I2S_ASN1_IA5STRING, 0),
+     "i2s_ASN1_IA5STRING"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_I2S_ASN1_INTEGER, 0),
+     "i2s_ASN1_INTEGER"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_I2V_AUTHORITY_INFO_ACCESS, 0),
      "i2v_AUTHORITY_INFO_ACCESS"},
-    {ERR_FUNC(X509V3_F_NOTICE_SECTION), "notice_section"},
-    {ERR_FUNC(X509V3_F_NREF_NOS), "nref_nos"},
-    {ERR_FUNC(X509V3_F_POLICY_SECTION), "policy_section"},
-    {ERR_FUNC(X509V3_F_PROCESS_PCI_VALUE), "process_pci_value"},
-    {ERR_FUNC(X509V3_F_R2I_CERTPOL), "r2i_certpol"},
-    {ERR_FUNC(X509V3_F_R2I_PCI), "r2i_pci"},
-    {ERR_FUNC(X509V3_F_S2I_ASN1_IA5STRING), "s2i_ASN1_IA5STRING"},
-    {ERR_FUNC(X509V3_F_S2I_ASN1_INTEGER), "s2i_ASN1_INTEGER"},
-    {ERR_FUNC(X509V3_F_S2I_ASN1_OCTET_STRING), "s2i_ASN1_OCTET_STRING"},
-    {ERR_FUNC(X509V3_F_S2I_SKEY_ID), "s2i_skey_id"},
-    {ERR_FUNC(X509V3_F_SET_DIST_POINT_NAME), "set_dist_point_name"},
-    {ERR_FUNC(X509V3_F_SXNET_ADD_ID_ASC), "SXNET_add_id_asc"},
-    {ERR_FUNC(X509V3_F_SXNET_ADD_ID_INTEGER), "SXNET_add_id_INTEGER"},
-    {ERR_FUNC(X509V3_F_SXNET_ADD_ID_ULONG), "SXNET_add_id_ulong"},
-    {ERR_FUNC(X509V3_F_SXNET_GET_ID_ASC), "SXNET_get_id_asc"},
-    {ERR_FUNC(X509V3_F_SXNET_GET_ID_ULONG), "SXNET_get_id_ulong"},
-    {ERR_FUNC(X509V3_F_V2I_ASIDENTIFIERS), "v2i_ASIdentifiers"},
-    {ERR_FUNC(X509V3_F_V2I_ASN1_BIT_STRING), "v2i_ASN1_BIT_STRING"},
-    {ERR_FUNC(X509V3_F_V2I_AUTHORITY_INFO_ACCESS),
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_LEVEL_ADD_NODE, 0), "level_add_node"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_NOTICE_SECTION, 0), "notice_section"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_NREF_NOS, 0), "nref_nos"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_POLICY_CACHE_CREATE, 0),
+     "policy_cache_create"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_POLICY_CACHE_NEW, 0),
+     "policy_cache_new"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_POLICY_DATA_NEW, 0), "policy_data_new"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_POLICY_SECTION, 0), "policy_section"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_PROCESS_PCI_VALUE, 0),
+     "process_pci_value"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_R2I_CERTPOL, 0), "r2i_certpol"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_R2I_PCI, 0), "r2i_pci"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_S2I_ASN1_IA5STRING, 0),
+     "s2i_ASN1_IA5STRING"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_S2I_ASN1_INTEGER, 0),
+     "s2i_ASN1_INTEGER"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_S2I_ASN1_OCTET_STRING, 0),
+     "s2i_ASN1_OCTET_STRING"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_S2I_SKEY_ID, 0), "s2i_skey_id"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_SET_DIST_POINT_NAME, 0),
+     "set_dist_point_name"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_SXNET_ADD_ID_ASC, 0),
+     "SXNET_add_id_asc"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_SXNET_ADD_ID_INTEGER, 0),
+     "SXNET_add_id_INTEGER"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_SXNET_ADD_ID_ULONG, 0),
+     "SXNET_add_id_ulong"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_SXNET_GET_ID_ASC, 0),
+     "SXNET_get_id_asc"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_SXNET_GET_ID_ULONG, 0),
+     "SXNET_get_id_ulong"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_TREE_INIT, 0), "tree_init"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_ASIDENTIFIERS, 0),
+     "v2i_ASIdentifiers"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_ASN1_BIT_STRING, 0),
+     "v2i_ASN1_BIT_STRING"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_AUTHORITY_INFO_ACCESS, 0),
      "v2i_AUTHORITY_INFO_ACCESS"},
-    {ERR_FUNC(X509V3_F_V2I_AUTHORITY_KEYID), "v2i_AUTHORITY_KEYID"},
-    {ERR_FUNC(X509V3_F_V2I_BASIC_CONSTRAINTS), "v2i_BASIC_CONSTRAINTS"},
-    {ERR_FUNC(X509V3_F_V2I_CRLD), "v2i_crld"},
-    {ERR_FUNC(X509V3_F_V2I_EXTENDED_KEY_USAGE), "v2i_EXTENDED_KEY_USAGE"},
-    {ERR_FUNC(X509V3_F_V2I_GENERAL_NAMES), "v2i_GENERAL_NAMES"},
-    {ERR_FUNC(X509V3_F_V2I_GENERAL_NAME_EX), "v2i_GENERAL_NAME_ex"},
-    {ERR_FUNC(X509V3_F_V2I_IDP), "v2i_idp"},
-    {ERR_FUNC(X509V3_F_V2I_IPADDRBLOCKS), "v2i_IPAddrBlocks"},
-    {ERR_FUNC(X509V3_F_V2I_ISSUER_ALT), "v2i_issuer_alt"},
-    {ERR_FUNC(X509V3_F_V2I_NAME_CONSTRAINTS), "v2i_NAME_CONSTRAINTS"},
-    {ERR_FUNC(X509V3_F_V2I_POLICY_CONSTRAINTS), "v2i_POLICY_CONSTRAINTS"},
-    {ERR_FUNC(X509V3_F_V2I_POLICY_MAPPINGS), "v2i_POLICY_MAPPINGS"},
-    {ERR_FUNC(X509V3_F_V2I_SUBJECT_ALT), "v2i_subject_alt"},
-    {ERR_FUNC(X509V3_F_V2I_TLS_FEATURE), "v2i_TLS_FEATURE"},
-    {ERR_FUNC(X509V3_F_V3_GENERIC_EXTENSION), "v3_generic_extension"},
-    {ERR_FUNC(X509V3_F_X509V3_ADD1_I2D), "X509V3_add1_i2d"},
-    {ERR_FUNC(X509V3_F_X509V3_ADD_VALUE), "X509V3_add_value"},
-    {ERR_FUNC(X509V3_F_X509V3_EXT_ADD), "X509V3_EXT_add"},
-    {ERR_FUNC(X509V3_F_X509V3_EXT_ADD_ALIAS), "X509V3_EXT_add_alias"},
-    {ERR_FUNC(X509V3_F_X509V3_EXT_I2D), "X509V3_EXT_i2d"},
-    {ERR_FUNC(X509V3_F_X509V3_EXT_NCONF), "X509V3_EXT_nconf"},
-    {ERR_FUNC(X509V3_F_X509V3_GET_SECTION), "X509V3_get_section"},
-    {ERR_FUNC(X509V3_F_X509V3_GET_STRING), "X509V3_get_string"},
-    {ERR_FUNC(X509V3_F_X509V3_GET_VALUE_BOOL), "X509V3_get_value_bool"},
-    {ERR_FUNC(X509V3_F_X509V3_PARSE_LIST), "X509V3_parse_list"},
-    {ERR_FUNC(X509V3_F_X509_PURPOSE_ADD), "X509_PURPOSE_add"},
-    {ERR_FUNC(X509V3_F_X509_PURPOSE_SET), "X509_PURPOSE_set"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_AUTHORITY_KEYID, 0),
+     "v2i_AUTHORITY_KEYID"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_BASIC_CONSTRAINTS, 0),
+     "v2i_BASIC_CONSTRAINTS"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_CRLD, 0), "v2i_crld"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_EXTENDED_KEY_USAGE, 0),
+     "v2i_EXTENDED_KEY_USAGE"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_GENERAL_NAMES, 0),
+     "v2i_GENERAL_NAMES"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_GENERAL_NAME_EX, 0),
+     "v2i_GENERAL_NAME_ex"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_IDP, 0), "v2i_idp"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_IPADDRBLOCKS, 0),
+     "v2i_IPAddrBlocks"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_ISSUER_ALT, 0), "v2i_issuer_alt"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_NAME_CONSTRAINTS, 0),
+     "v2i_NAME_CONSTRAINTS"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_POLICY_CONSTRAINTS, 0),
+     "v2i_POLICY_CONSTRAINTS"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_POLICY_MAPPINGS, 0),
+     "v2i_POLICY_MAPPINGS"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_SUBJECT_ALT, 0), "v2i_subject_alt"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_TLS_FEATURE, 0), "v2i_TLS_FEATURE"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V3_GENERIC_EXTENSION, 0),
+     "v3_generic_extension"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_ADD1_I2D, 0), "X509V3_add1_i2d"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_ADD_VALUE, 0),
+     "X509V3_add_value"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_EXT_ADD, 0), "X509V3_EXT_add"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_EXT_ADD_ALIAS, 0),
+     "X509V3_EXT_add_alias"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_EXT_I2D, 0), "X509V3_EXT_i2d"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_EXT_NCONF, 0),
+     "X509V3_EXT_nconf"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_GET_SECTION, 0),
+     "X509V3_get_section"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_GET_STRING, 0),
+     "X509V3_get_string"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_GET_VALUE_BOOL, 0),
+     "X509V3_get_value_bool"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_PARSE_LIST, 0),
+     "X509V3_parse_list"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509_PURPOSE_ADD, 0),
+     "X509_PURPOSE_add"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509_PURPOSE_SET, 0),
+     "X509_PURPOSE_set"},
     {0, NULL}
 };
 
-static ERR_STRING_DATA X509V3_str_reasons[] = {
-    {ERR_REASON(X509V3_R_BAD_IP_ADDRESS), "bad ip address"},
-    {ERR_REASON(X509V3_R_BAD_OBJECT), "bad object"},
-    {ERR_REASON(X509V3_R_BN_DEC2BN_ERROR), "bn dec2bn error"},
-    {ERR_REASON(X509V3_R_BN_TO_ASN1_INTEGER_ERROR),
-     "bn to asn1 integer error"},
-    {ERR_REASON(X509V3_R_DIRNAME_ERROR), "dirname error"},
-    {ERR_REASON(X509V3_R_DISTPOINT_ALREADY_SET), "distpoint already set"},
-    {ERR_REASON(X509V3_R_DUPLICATE_ZONE_ID), "duplicate zone id"},
-    {ERR_REASON(X509V3_R_ERROR_CONVERTING_ZONE), "error converting zone"},
-    {ERR_REASON(X509V3_R_ERROR_CREATING_EXTENSION),
-     "error creating extension"},
-    {ERR_REASON(X509V3_R_ERROR_IN_EXTENSION), "error in extension"},
-    {ERR_REASON(X509V3_R_EXPECTED_A_SECTION_NAME), "expected a section name"},
-    {ERR_REASON(X509V3_R_EXTENSION_EXISTS), "extension exists"},
-    {ERR_REASON(X509V3_R_EXTENSION_NAME_ERROR), "extension name error"},
-    {ERR_REASON(X509V3_R_EXTENSION_NOT_FOUND), "extension not found"},
-    {ERR_REASON(X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED),
-     "extension setting not supported"},
-    {ERR_REASON(X509V3_R_EXTENSION_VALUE_ERROR), "extension value error"},
-    {ERR_REASON(X509V3_R_ILLEGAL_EMPTY_EXTENSION), "illegal empty extension"},
-    {ERR_REASON(X509V3_R_INCORRECT_POLICY_SYNTAX_TAG),
-     "incorrect policy syntax tag"},
-    {ERR_REASON(X509V3_R_INVALID_ASNUMBER), "invalid asnumber"},
-    {ERR_REASON(X509V3_R_INVALID_ASRANGE), "invalid asrange"},
-    {ERR_REASON(X509V3_R_INVALID_BOOLEAN_STRING), "invalid boolean string"},
-    {ERR_REASON(X509V3_R_INVALID_EXTENSION_STRING),
-     "invalid extension string"},
-    {ERR_REASON(X509V3_R_INVALID_INHERITANCE), "invalid inheritance"},
-    {ERR_REASON(X509V3_R_INVALID_IPADDRESS), "invalid ipaddress"},
-    {ERR_REASON(X509V3_R_INVALID_MULTIPLE_RDNS), "invalid multiple rdns"},
-    {ERR_REASON(X509V3_R_INVALID_NAME), "invalid name"},
-    {ERR_REASON(X509V3_R_INVALID_NULL_ARGUMENT), "invalid null argument"},
-    {ERR_REASON(X509V3_R_INVALID_NULL_NAME), "invalid null name"},
-    {ERR_REASON(X509V3_R_INVALID_NULL_VALUE), "invalid null value"},
-    {ERR_REASON(X509V3_R_INVALID_NUMBER), "invalid number"},
-    {ERR_REASON(X509V3_R_INVALID_NUMBERS), "invalid numbers"},
-    {ERR_REASON(X509V3_R_INVALID_OBJECT_IDENTIFIER),
-     "invalid object identifier"},
-    {ERR_REASON(X509V3_R_INVALID_OPTION), "invalid option"},
-    {ERR_REASON(X509V3_R_INVALID_POLICY_IDENTIFIER),
-     "invalid policy identifier"},
-    {ERR_REASON(X509V3_R_INVALID_PROXY_POLICY_SETTING),
-     "invalid proxy policy setting"},
-    {ERR_REASON(X509V3_R_INVALID_PURPOSE), "invalid purpose"},
-    {ERR_REASON(X509V3_R_INVALID_SAFI), "invalid safi"},
-    {ERR_REASON(X509V3_R_INVALID_SECTION), "invalid section"},
-    {ERR_REASON(X509V3_R_INVALID_SYNTAX), "invalid syntax"},
-    {ERR_REASON(X509V3_R_ISSUER_DECODE_ERROR), "issuer decode error"},
-    {ERR_REASON(X509V3_R_MISSING_VALUE), "missing value"},
-    {ERR_REASON(X509V3_R_NEED_ORGANIZATION_AND_NUMBERS),
-     "need organization and numbers"},
-    {ERR_REASON(X509V3_R_NO_CONFIG_DATABASE), "no config database"},
-    {ERR_REASON(X509V3_R_NO_ISSUER_CERTIFICATE), "no issuer certificate"},
-    {ERR_REASON(X509V3_R_NO_ISSUER_DETAILS), "no issuer details"},
-    {ERR_REASON(X509V3_R_NO_POLICY_IDENTIFIER), "no policy identifier"},
-    {ERR_REASON(X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED),
-     "no proxy cert policy language defined"},
-    {ERR_REASON(X509V3_R_NO_PUBLIC_KEY), "no public key"},
-    {ERR_REASON(X509V3_R_NO_SUBJECT_DETAILS), "no subject details"},
-    {ERR_REASON(X509V3_R_OPERATION_NOT_DEFINED), "operation not defined"},
-    {ERR_REASON(X509V3_R_OTHERNAME_ERROR), "othername error"},
-    {ERR_REASON(X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED),
-     "policy language already defined"},
-    {ERR_REASON(X509V3_R_POLICY_PATH_LENGTH), "policy path length"},
-    {ERR_REASON(X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED),
-     "policy path length already defined"},
-    {ERR_REASON(X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY),
-     "policy when proxy language requires no policy"},
-    {ERR_REASON(X509V3_R_SECTION_NOT_FOUND), "section not found"},
-    {ERR_REASON(X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS),
-     "unable to get issuer details"},
-    {ERR_REASON(X509V3_R_UNABLE_TO_GET_ISSUER_KEYID),
-     "unable to get issuer keyid"},
-    {ERR_REASON(X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT),
-     "unknown bit string argument"},
-    {ERR_REASON(X509V3_R_UNKNOWN_EXTENSION), "unknown extension"},
-    {ERR_REASON(X509V3_R_UNKNOWN_EXTENSION_NAME), "unknown extension name"},
-    {ERR_REASON(X509V3_R_UNKNOWN_OPTION), "unknown option"},
-    {ERR_REASON(X509V3_R_UNSUPPORTED_OPTION), "unsupported option"},
-    {ERR_REASON(X509V3_R_UNSUPPORTED_TYPE), "unsupported type"},
-    {ERR_REASON(X509V3_R_USER_TOO_LONG), "user too long"},
+static const ERR_STRING_DATA X509V3_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_BAD_IP_ADDRESS), "bad ip address"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_BAD_OBJECT), "bad object"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_BN_DEC2BN_ERROR), "bn dec2bn error"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_BN_TO_ASN1_INTEGER_ERROR),
+    "bn to asn1 integer error"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_DIRNAME_ERROR), "dirname error"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_DISTPOINT_ALREADY_SET),
+    "distpoint already set"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_DUPLICATE_ZONE_ID),
+    "duplicate zone id"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_ERROR_CONVERTING_ZONE),
+    "error converting zone"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_ERROR_CREATING_EXTENSION),
+    "error creating extension"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_ERROR_IN_EXTENSION),
+    "error in extension"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_EXPECTED_A_SECTION_NAME),
+    "expected a section name"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_EXTENSION_EXISTS),
+    "extension exists"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_EXTENSION_NAME_ERROR),
+    "extension name error"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_EXTENSION_NOT_FOUND),
+    "extension not found"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED),
+    "extension setting not supported"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_EXTENSION_VALUE_ERROR),
+    "extension value error"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_ILLEGAL_EMPTY_EXTENSION),
+    "illegal empty extension"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INCORRECT_POLICY_SYNTAX_TAG),
+    "incorrect policy syntax tag"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_ASNUMBER),
+    "invalid asnumber"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_ASRANGE), "invalid asrange"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_BOOLEAN_STRING),
+    "invalid boolean string"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_EXTENSION_STRING),
+    "invalid extension string"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_INHERITANCE),
+    "invalid inheritance"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_IPADDRESS),
+    "invalid ipaddress"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_MULTIPLE_RDNS),
+    "invalid multiple rdns"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_NAME), "invalid name"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_NULL_ARGUMENT),
+    "invalid null argument"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_NULL_NAME),
+    "invalid null name"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_NULL_VALUE),
+    "invalid null value"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_NUMBER), "invalid number"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_NUMBERS), "invalid numbers"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_OBJECT_IDENTIFIER),
+    "invalid object identifier"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_OPTION), "invalid option"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_POLICY_IDENTIFIER),
+    "invalid policy identifier"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_PROXY_POLICY_SETTING),
+    "invalid proxy policy setting"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_PURPOSE), "invalid purpose"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_SAFI), "invalid safi"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_SECTION), "invalid section"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_SYNTAX), "invalid syntax"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_ISSUER_DECODE_ERROR),
+    "issuer decode error"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_MISSING_VALUE), "missing value"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NEED_ORGANIZATION_AND_NUMBERS),
+    "need organization and numbers"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_CONFIG_DATABASE),
+    "no config database"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_ISSUER_CERTIFICATE),
+    "no issuer certificate"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_ISSUER_DETAILS),
+    "no issuer details"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_POLICY_IDENTIFIER),
+    "no policy identifier"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED),
+    "no proxy cert policy language defined"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_PUBLIC_KEY), "no public key"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_SUBJECT_DETAILS),
+    "no subject details"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_OPERATION_NOT_DEFINED),
+    "operation not defined"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_OTHERNAME_ERROR), "othername error"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED),
+    "policy language already defined"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_POLICY_PATH_LENGTH),
+    "policy path length"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED),
+    "policy path length already defined"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY),
+    "policy when proxy language requires no policy"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_SECTION_NOT_FOUND),
+    "section not found"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS),
+    "unable to get issuer details"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNABLE_TO_GET_ISSUER_KEYID),
+    "unable to get issuer keyid"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT),
+    "unknown bit string argument"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNKNOWN_EXTENSION),
+    "unknown extension"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNKNOWN_EXTENSION_NAME),
+    "unknown extension name"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNKNOWN_OPTION), "unknown option"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNSUPPORTED_OPTION),
+    "unsupported option"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNSUPPORTED_TYPE),
+    "unsupported type"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_USER_TOO_LONG), "user too long"},
     {0, NULL}
 };
 
@@ -178,10 +248,9 @@ static ERR_STRING_DATA X509V3_str_reasons[] = {
 int ERR_load_X509V3_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
-
     if (ERR_func_error_string(X509V3_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, X509V3_str_functs);
-        ERR_load_strings(0, X509V3_str_reasons);
+        ERR_load_strings_const(X509V3_str_functs);
+        ERR_load_strings_const(X509V3_str_reasons);
     }
 #endif
     return 1;
diff --git a/deps/openssl/openssl/crypto/x509v3/v3prin.c b/deps/openssl/openssl/crypto/x509v3/v3prin.c
deleted file mode 100644
index 7431a4ea61..0000000000
--- a/deps/openssl/openssl/crypto/x509v3/v3prin.c
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include <stdio.h>
-#include <openssl/asn1.h>
-#include <openssl/conf.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-int main(int argc, char **argv)
-{
-    X509 *cert;
-    FILE *inf;
-    int i, count;
-    X509_EXTENSION *ext;
-
-    X509V3_add_standard_extensions();
-    ERR_load_crypto_strings();
-    if (!argv[1]) {
-        fprintf(stderr, "Usage v3prin cert.pem\n");
-        exit(1);
-    }
-    if ((inf = fopen(argv[1], "r")) == NULL) {
-        fprintf(stderr, "Can't open %s\n", argv[1]);
-        exit(1);
-    }
-    if ((cert = PEM_read_X509(inf, NULL, NULL)) == NULL) {
-        fprintf(stderr, "Can't read certificate %s\n", argv[1]);
-        ERR_print_errors_fp(stderr);
-        exit(1);
-    }
-    fclose(inf);
-    count = X509_get_ext_count(cert);
-    printf("%d extensions\n", count);
-    for (i = 0; i < count; i++) {
-        ext = X509_get_ext(cert, i);
-        printf("%s\n", OBJ_nid2ln(OBJ_obj2nid(ext->object)));
-        if (!X509V3_EXT_print_fp(stdout, ext, 0, 0))
-            ERR_print_errors_fp(stderr);
-        printf("\n");
-
-    }
-    return 0;
-}
diff --git a/deps/openssl/openssl/crypto/x86_64cpuid.pl b/deps/openssl/openssl/crypto/x86_64cpuid.pl
index 1a6f728de1..6423e803b7 100644
--- a/deps/openssl/openssl/crypto/x86_64cpuid.pl
+++ b/deps/openssl/openssl/crypto/x86_64cpuid.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -63,10 +63,12 @@ OPENSSL_rdtsc:
 .type	OPENSSL_ia32_cpuid,\@function,1
 .align	16
 OPENSSL_ia32_cpuid:
+.cfi_startproc
 	mov	%rbx,%r8		# save %rbx
+.cfi_register	%rbx,%r8
 
 	xor	%eax,%eax
-	mov	%eax,8(%rdi)		# clear extended feature flags
+	mov	%rax,8(%rdi)		# clear extended feature flags
 	cpuid
 	mov	%eax,%r11d		# max value for standard query level
 
@@ -137,6 +139,7 @@ OPENSSL_ia32_cpuid:
 .Lnocacheinfo:
 	mov	\$1,%eax
 	cpuid
+	movd	%eax,%xmm0		# put aside processor id
 	and	\$0xbfefffff,%edx	# force reserved bits to 0
 	cmp	\$0,%r9d
 	jne	.Lnotintel
@@ -184,26 +187,45 @@ OPENSSL_ia32_cpuid:
 	jc	.Lnotknights
 	and	\$0xfff7ffff,%ebx	# clear ADCX/ADOX flag
 .Lnotknights:
+	movd	%xmm0,%eax		# restore processor id
+	and	\$0x0fff0ff0,%eax
+	cmp	\$0x00050650,%eax	# Skylake-X
+	jne	.Lnotskylakex
+	and	\$0xfffeffff,%ebx	# ~(1<<16)
+					# suppress AVX512F flag on Skylake-X
+.Lnotskylakex:
 	mov	%ebx,8(%rdi)		# save extended feature flags
+	mov	%ecx,12(%rdi)
 .Lno_extended_info:
 
 	bt	\$27,%r9d		# check OSXSAVE bit
 	jnc	.Lclear_avx
 	xor	%ecx,%ecx		# XCR0
 	.byte	0x0f,0x01,0xd0		# xgetbv
+	and	\$0xe6,%eax		# isolate XMM, YMM and ZMM state support
+	cmp	\$0xe6,%eax
+	je	.Ldone
+	andl	\$0x3fdeffff,8(%rdi)	# ~(1<<31|1<<30|1<<21|1<<16)
+					# clear AVX512F+BW+VL+FIMA, all of
+					# them are EVEX-encoded, which requires
+					# ZMM state support even if one uses
+					# only XMM and YMM :-(
 	and	\$6,%eax		# isolate XMM and YMM state support
 	cmp	\$6,%eax
 	je	.Ldone
 .Lclear_avx:
 	mov	\$0xefffe7ff,%eax	# ~(1<<28|1<<12|1<<11)
 	and	%eax,%r9d		# clear AVX, FMA and AMD XOP bits
-	andl	\$0xffffffdf,8(%rdi)	# clear AVX2, ~(1<<5)
+	mov	\$0x3fdeffdf,%eax	# ~(1<<31|1<<30|1<<21|1<<16|1<<5)
+	and	%eax,8(%rdi)		# clear AVX2 and AVX512* bits
 .Ldone:
 	shl	\$32,%r9
 	mov	%r10d,%eax
 	mov	%r8,%rbx		# restore %rbx
+.cfi_restore	%rbx
 	or	%r9,%rax
 	ret
+.cfi_endproc
 .size	OPENSSL_ia32_cpuid,.-OPENSSL_ia32_cpuid
 
 .globl  OPENSSL_cleanse
@@ -249,6 +271,18 @@ CRYPTO_memcmp:
 	xor	%r10,%r10
 	cmp	\$0,$arg3
 	je	.Lno_data
+	cmp	\$16,$arg3
+	jne	.Loop_cmp
+	mov	($arg1),%r10
+	mov	8($arg1),%r11
+	mov	\$1,$arg3
+	xor	($arg2),%r10
+	xor	8($arg2),%r11
+	or	%r11,%r10
+	cmovnz	$arg3,%rax
+	ret
+
+.align	16
 .Loop_cmp:
 	mov	($arg1),%r10b
 	lea	1($arg1),$arg1
@@ -412,21 +446,6 @@ ___
 sub gen_random {
 my $rdop = shift;
 print<<___;
-.globl	OPENSSL_ia32_${rdop}
-.type	OPENSSL_ia32_${rdop},\@abi-omnipotent
-.align	16
-OPENSSL_ia32_${rdop}:
-	mov	\$8,%ecx
-.Loop_${rdop}:
-	${rdop}	%rax
-	jc	.Lbreak_${rdop}
-	loop	.Loop_${rdop}
-.Lbreak_${rdop}:
-	cmp	\$0,%rax
-	cmove	%rcx,%rax
-	ret
-.size	OPENSSL_ia32_${rdop},.-OPENSSL_ia32_${rdop}
-
 .globl	OPENSSL_ia32_${rdop}_bytes
 .type	OPENSSL_ia32_${rdop}_bytes,\@abi-omnipotent
 .align	16
@@ -460,11 +479,12 @@ OPENSSL_ia32_${rdop}_bytes:
 	mov	%r10b,($arg1)
 	lea	1($arg1),$arg1
 	inc	%rax
-	shr	\$8,%r8
+	shr	\$8,%r10
 	dec	$arg2
 	jnz	.Ltail_${rdop}_bytes
 
 .Ldone_${rdop}_bytes:
+	xor	%r10,%r10	# Clear sensitive data from register
 	ret
 .size	OPENSSL_ia32_${rdop}_bytes,.-OPENSSL_ia32_${rdop}_bytes
 ___
diff --git a/deps/openssl/openssl/crypto/x86cpuid.pl b/deps/openssl/openssl/crypto/x86cpuid.pl
index 4622a9fa66..d43dda4d93 100644
--- a/deps/openssl/openssl/crypto/x86cpuid.pl
+++ b/deps/openssl/openssl/crypto/x86cpuid.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -14,7 +14,7 @@ $output = pop;
 open OUT,">$output";
 *STDOUT=*OUT;
 
-&asm_init($ARGV[0],"x86cpuid");
+&asm_init($ARGV[0]);
 
 for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
 
@@ -89,7 +89,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
 	&ja	(&label("generic"));
 	&and	("edx",0xefffffff);	# clear hyper-threading bit
 	&jmp	(&label("generic"));
-	
+
 &set_label("intel");
 	&cmp	("edi",4);
 	&mov	("esi",-1);
@@ -110,7 +110,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
 	&cmp	("ebp",0);
 	&jne	(&label("notintel"));
 	&or	("edx",1<<30);		# set reserved bit#30 on Intel CPUs
-	&and	(&HB("eax"),15);	# familiy ID
+	&and	(&HB("eax"),15);	# family ID
 	&cmp	(&HB("eax"),15);	# P4?
 	&jne	(&label("notintel"));
 	&or	("edx",1<<20);		# set reserved bit#20 to engage RC4_CHAR
@@ -290,45 +290,6 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
 	&ret	();
 &function_end_B("OPENSSL_atomic_add");
 
-# This function can become handy under Win32 in situations when
-# we don't know which calling convention, __stdcall or __cdecl(*),
-# indirect callee is using. In C it can be deployed as
-#
-#ifdef OPENSSL_CPUID_OBJ
-#	type OPENSSL_indirect_call(void *f,...);
-#	...
-#	OPENSSL_indirect_call(func,[up to $max arguments]);
-#endif
-#
-# (*)	it's designed to work even for __fastcall if number of
-#	arguments is 1 or 2!
-&function_begin_B("OPENSSL_indirect_call");
-	{
-	my ($max,$i)=(7,);	# $max has to be chosen as 4*n-1
-				# in order to preserve eventual
-				# stack alignment
-	&push	("ebp");
-	&mov	("ebp","esp");
-	&sub	("esp",$max*4);
-	&mov	("ecx",&DWP(12,"ebp"));
-	&mov	(&DWP(0,"esp"),"ecx");
-	&mov	("edx",&DWP(16,"ebp"));
-	&mov	(&DWP(4,"esp"),"edx");
-	for($i=2;$i<$max;$i++)
-		{
-		# Some copies will be redundant/bogus...
-		&mov	("eax",&DWP(12+$i*4,"ebp"));
-		&mov	(&DWP(0+$i*4,"esp"),"eax");
-		}
-	&call_ptr	(&DWP(8,"ebp"));# make the call...
-	&mov	("esp","ebp");	# ... and just restore the stack pointer
-				# without paying attention to what we called,
-				# (__cdecl *func) or (__stdcall *one).
-	&pop	("ebp");
-	&ret	();
-	}
-&function_end_B("OPENSSL_indirect_call");
-
 &function_begin_B("OPENSSL_cleanse");
 	&mov	("edx",&wparam(0));
 	&mov	("ecx",&wparam(1));
@@ -492,18 +453,6 @@ my $max = "ebp";
 
 sub gen_random {
 my $rdop = shift;
-&function_begin_B("OPENSSL_ia32_${rdop}");
-	&mov	("ecx",8);
-&set_label("loop");
-	&${rdop}("eax");
-	&jc	(&label("break"));
-	&loop	(&label("loop"));
-&set_label("break");
-	&cmp	("eax",0);
-	&cmove	("eax","ecx");
-	&ret	();
-&function_end_B("OPENSSL_ia32_${rdop}");
-
 &function_begin_B("OPENSSL_ia32_${rdop}_bytes");
 	&push	("edi");
 	&push	("ebx");
@@ -541,6 +490,7 @@ my $rdop = shift;
 	&jnz	(&label("tail"));
 
 &set_label("done");
+	&xor	("edx","edx");		# Clear random value from registers
 	&pop	("ebx");
 	&pop	("edi");
 	&ret	();