doc: add link to workflow in api docs menu

Added link to workflow guidelines page in API docs' navigation menu. Fixes https://github.com/joyent/node-website/issues/102.
2026-04-28 03:01:10 -04:00 · 2015-04-10 11:29:59 -07:00
393 changed files with 4708 additions and 44791 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -28,7 +28,6 @@ Release/
 *.suo
 *.vcproj
 *.vcxproj
-!custom_actions.vcxproj
 *.vcxproj.user
 *.vcxproj.filters
 UpgradeLog*.XML
--- a/5
+++ b/5
@@ -530,8 +530,3 @@ Amir Saboury <amir.saboury@gmail.com>
 Florin-Cristian Gavrila <cristi_gavrila1@yahoo.com>
 Tyler Anton <mtyleranton@gmail.com>
 Jonas Dohse <jonas@dohse.ch>
-Paulo McNally <paulomcnally@gmail.com>
-AlexKVal <alexkval@gmail.com>
-João Reis <reis@janeasystems.com>
-Mathias Küsel <mathiask@hotmail.de>
-Steven Rockarts <srockarts@invidi.com>
--- a/24
+++ b/24
@@ -1,26 +1,4 @@
-2015.07.09, Version 0.10.40 (Maintenance)
-
-* openssl: upgrade to 1.0.1p
-
-* V8: back-port JitCodeEvent patch from upstream (Ben Noordhuis)
-
-* win,msi: create npm folder in AppData directory (Steven Rockarts)
-
-
-2015.06.18, Version 0.10.39 (Maintenance), 615a35ccd2cb5cba80901862aefe51a940995f44
-
-* openssl: upgrade to 1.0.1o (Addressing multiple CVEs)
-
-* install: fix source path for openssl headers (Oguz Bastemur)
-
-* install: make sure opensslconf.h is overwritten (Oguz Bastemur)
-
-* timers: fix timeout when added in timer's callback (Julien Gilli)
-
-* windows: broadcast WM_SETTINGCHANGE after install (Mathias Küsel)
-
-
-2015.03.23, Version 0.10.38 (Maintenance), 0b5731a63cc40c4fe9275c79158fe0a5dd4d1609
+2015.03.23, Version 0.10.38 (Maintenance)

 * openssl: upgrade to 1.0.1m (Addressing multiple CVEs)

--- a/15
+++ b/15
@@ -5,7 +5,6 @@ PYTHON ?= python
 NINJA ?= ninja
 DESTDIR ?=
 SIGN ?=
-FLAKY_TESTS ?= run

 NODE ?= ./node

@@ -102,9 +101,6 @@ test-all-http1: all
 test-all-valgrind: all
 	$(PYTHON) tools/test.py --mode=debug,release --valgrind

-test-ci:
-	$(PYTHON) tools/test.py -p tap --logfile test.tap --mode=release --arch=$(DESTCPU) --flaky-tests=$(FLAKY_TESTS) simple message internet
-
 test-release: all
 	$(PYTHON) tools/test.py --mode=release

@@ -199,11 +195,6 @@ docopen: out/doc/api/all.html
 docclean:
 	-rm -rf out/doc

-run-ci:
-	$(PYTHON) ./configure --without-snapshot $(CONFIG_FLAGS)
-	$(MAKE)
-	$(MAKE) test-ci
-
 RAWVER=$(shell $(PYTHON) tools/getnodeversion.py)
 VERSION=v$(RAWVER)
 NODE_DOC_VERSION=$(VERSION)
@@ -390,8 +381,4 @@ cpplint:

 lint: jslint cpplint

-.PHONY: lint cpplint jslint bench clean docopen docclean doc dist distclean \
-	check uninstall install install-includes install-bin all staticlib \
-	dynamiclib test test-all website-upload pkg blog blogclean tar binary \
-	release-only bench-http-simple bench-idle bench-all bench bench-misc \
-	bench-array bench-buffer bench-net bench-http bench-fs bench-tls run-ci
+.PHONY: lint cpplint jslint bench clean docopen docclean doc dist distclean check uninstall install install-includes install-bin all staticlib dynamiclib test test-all website-upload pkg blog blogclean tar binary release-only bench-http-simple bench-idle bench-all bench bench-misc bench-array bench-buffer bench-net bench-http bench-fs bench-tls
--- a/common.gypi
+++ b/common.gypi
@@ -138,21 +138,8 @@
      },
      'VCLinkerTool': {
        'conditions': [
-          ['target_arch=="ia32"', {
-            'TargetMachine' : 1, # /MACHINE:X86
-            'target_conditions': [
-              ['_type=="executable"', {
-                'AdditionalOptions': [ '/SubSystem:Console,"5.01"' ],
-              }],
-            ],
-          }],
          ['target_arch=="x64"', {
-            'TargetMachine' : 17, # /MACHINE:AMD64
-            'target_conditions': [
-              ['_type=="executable"', {
-                'AdditionalOptions': [ '/SubSystem:Console,"5.02"' ],
-              }],
-            ],
+            'TargetMachine' : 17 # /MACHINE:X64
          }],
        ],
        'GenerateDebugInformation': 'true',
@@ -160,6 +147,11 @@
        'DataExecutionPrevention': 2, # enable DEP
        'AllowIsolation': 'true',
        'SuppressStartupBanner': 'true',
+        'target_conditions': [
+          ['_type=="executable"', {
+            'SubSystem': 1, # console executable
+          }],
+        ],
      },
    },
    'conditions': [
--- a/5
+++ b/5
@@ -495,10 +495,7 @@ def configure_node(o):
  o['variables']['clang'] = 1 if is_clang else 0

  if not is_clang and cc_version != 0:
-    try:
-      o['variables']['gcc_version'] = 10 * cc_version[0] + cc_version[1]
-    except IndexError:
-      o['variables']['gcc_version'] = 10 * cc_version[0]
+    o['variables']['gcc_version'] = 10 * cc_version[0] + cc_version[1]

  # clang has always supported -fvisibility=hidden, right?
  if not is_clang and cc_version < (4,0,0):
--- a/deps/openssl/openssl/CHANGES
+++ b/deps/openssl/openssl/CHANGES
@@ -2,98 +2,6 @@
 OpenSSL CHANGES
 _______________

- Changes between 1.0.1o and 1.0.1p [9 Jul 2015]
-
-  *) Alternate chains certificate forgery
-
-     During certificate verfification, OpenSSL will attempt to find an
-     alternative certificate chain if the first attempt to build such a chain
-     fails. An error in the implementation of this logic can mean that an
-     attacker could cause certain checks on untrusted certificates to be
-     bypassed, such as the CA flag, enabling them to use a valid leaf
-     certificate to act as a CA and "issue" an invalid certificate.
-
-     This issue was reported to OpenSSL by Adam Langley/David Benjamin
-     (Google/BoringSSL).
-     [Matt Caswell]
-
- Changes between 1.0.1n and 1.0.1o [12 Jun 2015]
-
-  *) Fix HMAC ABI incompatibility. The previous version introduced an ABI
-     incompatibility in the handling of HMAC. The previous ABI has now been
-     restored.
-
- Changes between 1.0.1m and 1.0.1n [11 Jun 2015]
-
-  *) Malformed ECParameters causes infinite loop
-
-     When processing an ECParameters structure OpenSSL enters an infinite loop
-     if the curve specified is over a specially malformed binary polynomial
-     field.
-
-     This can be used to perform denial of service against any
-     system which processes public keys, certificate requests or
-     certificates.  This includes TLS clients and TLS servers with
-     client authentication enabled.
-
-     This issue was reported to OpenSSL by Joseph Barr-Pixton.
-     (CVE-2015-1788)
-     [Andy Polyakov]
-
-  *) Exploitable out-of-bounds read in X509_cmp_time
-
-     X509_cmp_time does not properly check the length of the ASN1_TIME
-     string and can read a few bytes out of bounds. In addition,
-     X509_cmp_time accepts an arbitrary number of fractional seconds in the
-     time string.
-
-     An attacker can use this to craft malformed certificates and CRLs of
-     various sizes and potentially cause a segmentation fault, resulting in
-     a DoS on applications that verify certificates or CRLs. TLS clients
-     that verify CRLs are affected. TLS clients and servers with client
-     authentication enabled may be affected if they use custom verification
-     callbacks.
-
-     This issue was reported to OpenSSL by Robert Swiecki (Google), and
-     independently by Hanno Bï¿½ck.
-     (CVE-2015-1789)
-     [Emilia Kï¿½sper]
-
-  *) PKCS7 crash with missing EnvelopedContent
-
-     The PKCS#7 parsing code does not handle missing inner EncryptedContent
-     correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs
-     with missing content and trigger a NULL pointer dereference on parsing.
-
-     Applications that decrypt PKCS#7 data or otherwise parse PKCS#7
-     structures from untrusted sources are affected. OpenSSL clients and
-     servers are not affected.
-
-     This issue was reported to OpenSSL by Michal Zalewski (Google).
-     (CVE-2015-1790)
-     [Emilia Kï¿½sper]
-
-  *) CMS verify infinite loop with unknown hash function
-
-     When verifying a signedData message the CMS code can enter an infinite loop
-     if presented with an unknown hash function OID. This can be used to perform
-     denial of service against any system which verifies signedData messages using
-     the CMS code.
-     This issue was reported to OpenSSL by Johannes Bauer.
-     (CVE-2015-1792)
-     [Stephen Henson]
-
-  *) Race condition handling NewSessionTicket
-
-     If a NewSessionTicket is received by a multi-threaded client when attempting to
-     reuse a previous ticket then a race condition can occur potentially leading to
-     a double free of the ticket data.
-     (CVE-2015-1791)
-     [Matt Caswell]
-
-  *) Reject DH handshakes with parameters shorter than 768 bits.
-     [Kurt Roeckx and Emilia Kasper]
-
 Changes between 1.0.1l and 1.0.1m [19 Mar 2015]

  *) Segmentation fault in ASN1_TYPE_cmp fix
--- a/deps/openssl/openssl/Configure
+++ b/deps/openssl/openssl/Configure
@@ -230,12 +230,12 @@ my %table=(

 #### SPARC Solaris with GNU C setups
 "solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv8-gcc","gcc:-mcpu=v8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # -m32 should be safe to add as long as driver recognizes -mcpu=ultrasparc
 "solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
 ####
-"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=v8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

 #### SPARC Solaris with Sun C setups
@@ -252,7 +252,7 @@ my %table=(

 #### SunOS configs, assuming sparc for the gcc one.
 #"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:${no_asm}::",
-"sunos-gcc","gcc:-O3 -mcpu=v8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:${no_asm}::",
+"sunos-gcc","gcc:-O3 -mv8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:${no_asm}::",

 #### IRIX 5.x configs
 # -mips2 flag is added by ./config when appropriate.
@@ -379,7 +379,7 @@ my %table=(
 #### SPARC Linux setups
 # Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
 # assisted with debugging of following two configs.
-"linux-sparcv8","gcc:-mcpu=v8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # it's a real mess with -mcpu=ultrasparc option under Linux, but
 # -Wa,-Av8plus should do the trick no matter what.
 "linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -413,7 +413,7 @@ my %table=(
 "BSD-x86",	"gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "BSD-x86-elf",	"gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-BSD-x86-elf",	"gcc:-DL_ENDIAN -O3 -Wall -g::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"BSD-sparcv8",	"gcc:-DB_ENDIAN -O3 -mcpu=v8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${sparcv8_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-sparcv8",	"gcc:-DB_ENDIAN -O3 -mv8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${sparcv8_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

 "BSD-generic64","gcc:-O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # -DMD32_REG_T=int doesn't actually belong in sparc64 target, it
--- a/deps/openssl/openssl/Makefile
+++ b/deps/openssl/openssl/Makefile
@@ -4,7 +4,7 @@
 ## Makefile for OpenSSL
 ##

-VERSION=1.0.1p
+VERSION=1.0.1m
 MAJOR=1
 MINOR=0.1
 SHLIB_VERSION_NUMBER=1.0.0
@@ -186,7 +186,7 @@ WTARFILE=       $(NAME)-win.tar
 EXHEADER=       e_os2.h
 HEADER=         e_os.h

-all: Makefile build_all
+all: Makefile build_all openssl.pc libssl.pc libcrypto.pc

 # as we stick to -e, CLEARENV ensures that local variables in lower
 # Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
@@ -270,25 +270,21 @@ reflect:
 	@[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)

 sub_all: build_all
-
 build_all: build_libs build_apps build_tests build_tools

-build_libs: build_libcrypto build_libssl openssl.pc
-
-build_libcrypto: build_crypto build_engines libcrypto.pc
-build_libssl: build_ssl libssl.pc
+build_libs: build_crypto build_ssl build_engines

 build_crypto:
 	@dir=crypto; target=all; $(BUILD_ONE_CMD)
-build_ssl: build_crypto
+build_ssl:
 	@dir=ssl; target=all; $(BUILD_ONE_CMD)
-build_engines: build_crypto
+build_engines:
 	@dir=engines; target=all; $(BUILD_ONE_CMD)
-build_apps: build_libs
+build_apps:
 	@dir=apps; target=all; $(BUILD_ONE_CMD)
-build_tests: build_libs
+build_tests:
 	@dir=test; target=all; $(BUILD_ONE_CMD)
-build_tools: build_libs
+build_tools:
 	@dir=tools; target=all; $(BUILD_ONE_CMD)

 all_testapps: build_libs build_testapps
@@ -465,9 +461,6 @@ tests: rehash
 report:
 	@$(PERL) util/selftest.pl

-update: errors stacks util/libeay.num util/ssleay.num TABLE
-	@set -e; target=update; $(RECURSIVE_BUILD_CMD)
-
 depend:
 	@set -e; target=depend; $(RECURSIVE_BUILD_CMD)

@@ -492,10 +485,26 @@ util/libeay.num::
 util/ssleay.num::
 	$(PERL) util/mkdef.pl ssl update

+crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h
+	$(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
+crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num
+	$(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
+crypto/objects/obj_xref.h: crypto/objects/objxref.pl crypto/objects/obj_xref.txt crypto/objects/obj_mac.num
+	$(PERL) crypto/objects/objxref.pl crypto/objects/obj_mac.num crypto/objects/obj_xref.txt >crypto/objects/obj_xref.h
+
+apps/openssl-vms.cnf: apps/openssl.cnf
+	$(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf
+
+crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl
+	$(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h
+
+
 TABLE: Configure
 	(echo 'Output of `Configure TABLE'"':"; \
 	$(PERL) Configure TABLE) > TABLE

+update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h crypto/objects/obj_xref.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend
+
 # Build distribution tar-file. As the list of files returned by "find" is
 # pretty long, on several platforms a "too many arguments" error or similar
 # would occur. Therefore the list of files is temporarily stored into a file
--- a/deps/openssl/openssl/Makefile.bak
+++ b/deps/openssl/openssl/Makefile.bak
@@ -4,7 +4,7 @@
 ## Makefile for OpenSSL
 ##

-VERSION=1.0.1p-dev
+VERSION=1.0.1m-dev
 MAJOR=1
 MINOR=0.1
 SHLIB_VERSION_NUMBER=1.0.0
@@ -186,7 +186,7 @@ WTARFILE=       $(NAME)-win.tar
 EXHEADER=       e_os2.h
 HEADER=         e_os.h

-all: Makefile build_all
+all: Makefile build_all openssl.pc libssl.pc libcrypto.pc

 # as we stick to -e, CLEARENV ensures that local variables in lower
 # Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
@@ -270,25 +270,21 @@ reflect:
 	@[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)

 sub_all: build_all
-
 build_all: build_libs build_apps build_tests build_tools

-build_libs: build_libcrypto build_libssl openssl.pc
-
-build_libcrypto: build_crypto build_engines libcrypto.pc
-build_libssl: build_ssl libssl.pc
+build_libs: build_crypto build_ssl build_engines

 build_crypto:
 	@dir=crypto; target=all; $(BUILD_ONE_CMD)
-build_ssl: build_crypto
+build_ssl:
 	@dir=ssl; target=all; $(BUILD_ONE_CMD)
-build_engines: build_crypto
+build_engines:
 	@dir=engines; target=all; $(BUILD_ONE_CMD)
-build_apps: build_libs
+build_apps:
 	@dir=apps; target=all; $(BUILD_ONE_CMD)
-build_tests: build_libs
+build_tests:
 	@dir=test; target=all; $(BUILD_ONE_CMD)
-build_tools: build_libs
+build_tools:
 	@dir=tools; target=all; $(BUILD_ONE_CMD)

 all_testapps: build_libs build_testapps
@@ -465,9 +461,6 @@ tests: rehash
 report:
 	@$(PERL) util/selftest.pl

-update: errors stacks util/libeay.num util/ssleay.num TABLE
-	@set -e; target=update; $(RECURSIVE_BUILD_CMD)
-
 depend:
 	@set -e; target=depend; $(RECURSIVE_BUILD_CMD)

@@ -492,10 +485,26 @@ util/libeay.num::
 util/ssleay.num::
 	$(PERL) util/mkdef.pl ssl update

+crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h
+	$(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
+crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num
+	$(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
+crypto/objects/obj_xref.h: crypto/objects/objxref.pl crypto/objects/obj_xref.txt crypto/objects/obj_mac.num
+	$(PERL) crypto/objects/objxref.pl crypto/objects/obj_mac.num crypto/objects/obj_xref.txt >crypto/objects/obj_xref.h
+
+apps/openssl-vms.cnf: apps/openssl.cnf
+	$(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf
+
+crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl
+	$(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h
+
+
 TABLE: Configure
 	(echo 'Output of `Configure TABLE'"':"; \
 	$(PERL) Configure TABLE) > TABLE

+update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h crypto/objects/obj_xref.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend
+
 # Build distribution tar-file. As the list of files returned by "find" is
 # pretty long, on several platforms a "too many arguments" error or similar
 # would occur. Therefore the list of files is temporarily stored into a file
--- a/deps/openssl/openssl/Makefile.org
+++ b/deps/openssl/openssl/Makefile.org
@@ -184,7 +184,7 @@ WTARFILE=       $(NAME)-win.tar
 EXHEADER=       e_os2.h
 HEADER=         e_os.h

-all: Makefile build_all
+all: Makefile build_all openssl.pc libssl.pc libcrypto.pc

 # as we stick to -e, CLEARENV ensures that local variables in lower
 # Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
@@ -268,25 +268,21 @@ reflect:
 	@[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)

 sub_all: build_all
-
 build_all: build_libs build_apps build_tests build_tools

-build_libs: build_libcrypto build_libssl openssl.pc
-
-build_libcrypto: build_crypto build_engines libcrypto.pc
-build_libssl: build_ssl libssl.pc
+build_libs: build_crypto build_ssl build_engines

 build_crypto:
 	@dir=crypto; target=all; $(BUILD_ONE_CMD)
-build_ssl: build_crypto
+build_ssl:
 	@dir=ssl; target=all; $(BUILD_ONE_CMD)
-build_engines: build_crypto
+build_engines:
 	@dir=engines; target=all; $(BUILD_ONE_CMD)
-build_apps: build_libs
+build_apps:
 	@dir=apps; target=all; $(BUILD_ONE_CMD)
-build_tests: build_libs
+build_tests:
 	@dir=test; target=all; $(BUILD_ONE_CMD)
-build_tools: build_libs
+build_tools:
 	@dir=tools; target=all; $(BUILD_ONE_CMD)

 all_testapps: build_libs build_testapps
@@ -463,9 +459,6 @@ tests: rehash
 report:
 	@$(PERL) util/selftest.pl

-update: errors stacks util/libeay.num util/ssleay.num TABLE
-	@set -e; target=update; $(RECURSIVE_BUILD_CMD)
-
 depend:
 	@set -e; target=depend; $(RECURSIVE_BUILD_CMD)

@@ -490,10 +483,26 @@ util/libeay.num::
 util/ssleay.num::
 	$(PERL) util/mkdef.pl ssl update

+crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h
+	$(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
+crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num
+	$(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
+crypto/objects/obj_xref.h: crypto/objects/objxref.pl crypto/objects/obj_xref.txt crypto/objects/obj_mac.num
+	$(PERL) crypto/objects/objxref.pl crypto/objects/obj_mac.num crypto/objects/obj_xref.txt >crypto/objects/obj_xref.h
+
+apps/openssl-vms.cnf: apps/openssl.cnf
+	$(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf
+
+crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl
+	$(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h
+
+
 TABLE: Configure
 	(echo 'Output of `Configure TABLE'"':"; \
 	$(PERL) Configure TABLE) > TABLE

+update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h crypto/objects/obj_xref.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend
+
 # Build distribution tar-file. As the list of files returned by "find" is
 # pretty long, on several platforms a "too many arguments" error or similar
 # would occur. Therefore the list of files is temporarily stored into a file
--- a/deps/openssl/openssl/NEWS
+++ b/deps/openssl/openssl/NEWS
@@ -5,22 +5,6 @@
  This file gives a brief overview of the major changes between each OpenSSL
  release. For more details please read the CHANGES file.

-  Major changes between OpenSSL 1.0.1o and OpenSSL 1.0.1p [9 Jul 2015]
-
-      o Alternate chains certificate forgery (CVE-2015-1793)
-
-  Major changes between OpenSSL 1.0.1n and OpenSSL 1.0.1o [12 Jun 2015]
-
-      o Fix HMAC ABI incompatibility
-
-  Major changes between OpenSSL 1.0.1m and OpenSSL 1.0.1n [11 Jun 2015]
-
-      o Malformed ECParameters causes infinite loop (CVE-2015-1788)
-      o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)
-      o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)
-      o CMS verify infinite loop with unknown hash function (CVE-2015-1792)
-      o Race condition handling NewSessionTicket (CVE-2015-1791)
-
  Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.1m [19 Mar 2015]

      o Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286)
--- a/deps/openssl/openssl/README
+++ b/deps/openssl/openssl/README
@@ -1,5 +1,5 @@

- OpenSSL 1.0.1p 9 Jul 2015
+ OpenSSL 1.0.1m 19 Mar 2015

 Copyright (c) 1998-2011 The OpenSSL Project
 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
--- a/deps/openssl/openssl/apps/Makefile
+++ b/deps/openssl/openssl/apps/Makefile
@@ -94,9 +94,6 @@ req: sreq.o $(A_OBJ) $(DLIBCRYPTO)
 sreq.o: req.c 
 	$(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c

-openssl-vms.cnf: openssl.cnf
-	$(PERL) $(TOP)/VMS/VMSify-conf.pl < openssl.cnf > openssl-vms.cnf
-
 files:
 	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

@@ -130,12 +127,12 @@ links:
 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff

-update: openssl-vms.cnf local_depend
-
-depend: local_depend
-	@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
-local_depend:
-	@[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \
+depend:
+	@if [ -z "$(THIS)" ]; then \
+	    $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \
+	else \
+	    $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \
+	fi

 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -147,10 +144,10 @@ clean:
 	rm -f req

 $(DLIBSSL):
-	(cd ..; $(MAKE) build_libssl)
+	(cd ..; $(MAKE) DIRS=ssl all)

 $(DLIBCRYPTO):
-	(cd ..; $(MAKE) build_libcrypto)
+	(cd ..; $(MAKE) DIRS=crypto all)

 $(EXE): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
 	$(RM) $(EXE)
--- a/deps/openssl/openssl/apps/apps.c
+++ b/deps/openssl/openssl/apps/apps.c
@@ -572,7 +572,7 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
        char *prompt = NULL;

        prompt = UI_construct_prompt(ui, "pass phrase", prompt_info);
-        if (!prompt) {
+        if(!prompt) {
            BIO_printf(bio_err, "Out of memory\n");
            UI_free(ui);
            return 0;
@@ -586,7 +586,7 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
                                     PW_MIN_LENGTH, bufsiz - 1);
        if (ok >= 0 && verify) {
            buff = (char *)OPENSSL_malloc(bufsiz);
-            if (!buff) {
+            if(!buff) {
                BIO_printf(bio_err, "Out of memory\n");
                UI_free(ui);
                OPENSSL_free(prompt);
@@ -2238,8 +2238,6 @@ int args_verify(char ***pargs, int *pargc,
        flags |= X509_V_FLAG_NOTIFY_POLICY;
    else if (!strcmp(arg, "-check_ss_sig"))
        flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
-    else if (!strcmp(arg, "-no_alt_chains"))
-        flags |= X509_V_FLAG_NO_ALT_CHAINS;
    else
        return 0;

--- a/deps/openssl/openssl/apps/asn1pars.c
+++ b/deps/openssl/openssl/apps/asn1pars.c
@@ -375,7 +375,7 @@ static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf)
 {
    CONF *cnf = NULL;
    int len;
-    long errline = 0;
+    long errline;
    unsigned char *p;
    ASN1_TYPE *atyp = NULL;

--- a/deps/openssl/openssl/apps/ca.c
+++ b/deps/openssl/openssl/apps/ca.c
@@ -558,7 +558,7 @@ int MAIN(int argc, char **argv)
 #ifdef OPENSSL_SYS_VMS
        len = strlen(s) + sizeof(CONFIG_FILE);
        tofree = OPENSSL_malloc(len);
-        if (!tofree) {
+        if(!tofree) {
            BIO_printf(bio_err, "Out of memory\n");
            goto err;
        }
@@ -566,7 +566,7 @@ int MAIN(int argc, char **argv)
 #else
        len = strlen(s) + sizeof(CONFIG_FILE) + 1;
        tofree = OPENSSL_malloc(len);
-        if (!tofree) {
+        if(!tofree) {
            BIO_printf(bio_err, "Out of memory\n");
            goto err;
        }
@@ -2803,7 +2803,7 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
    ASN1_GENERALIZEDTIME *comp_time = NULL;
    tmp = BUF_strdup(str);

-    if (!tmp) {
+    if(!tmp) {
        BIO_printf(bio_err, "memory allocation failure\n");
        goto err;
    }
@@ -2825,7 +2825,7 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,

    if (prevtm) {
        *prevtm = ASN1_UTCTIME_new();
-        if (!*prevtm) {
+        if(!*prevtm) {
            BIO_printf(bio_err, "memory allocation failure\n");
            goto err;
        }
@@ -2869,7 +2869,7 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
                goto err;
            }
            comp_time = ASN1_GENERALIZEDTIME_new();
-            if (!comp_time) {
+            if(!comp_time) {
                BIO_printf(bio_err, "memory allocation failure\n");
                goto err;
            }
--- a/deps/openssl/openssl/apps/cms.c
+++ b/deps/openssl/openssl/apps/cms.c
@@ -580,8 +580,6 @@ int MAIN(int argc, char **argv)
        BIO_printf(bio_err,
                   "-CApath dir    trusted certificates directory\n");
        BIO_printf(bio_err, "-CAfile file   trusted certificates file\n");
-        BIO_printf(bio_err,
-                   "-no_alt_chains only ever use the first certificate chain found\n");
        BIO_printf(bio_err,
                   "-crl_check     check revocation status of signer's certificate using CRLs\n");
        BIO_printf(bio_err,
--- a/deps/openssl/openssl/apps/dhparam.c
+++ b/deps/openssl/openssl/apps/dhparam.c
@@ -130,7 +130,7 @@
 # undef PROG
 # define PROG    dhparam_main

-# define DEFBITS 2048
+# define DEFBITS 512

 /*-
 * -inform arg  - input format - default PEM (DER or PEM)
@@ -254,7 +254,7 @@ int MAIN(int argc, char **argv)
        BIO_printf(bio_err,
                   " -5            generate parameters using  5 as the generator value\n");
        BIO_printf(bio_err,
-                   " numbits       number of bits in to generate (default 2048)\n");
+                   " numbits       number of bits in to generate (default 512)\n");
 # ifndef OPENSSL_NO_ENGINE
        BIO_printf(bio_err,
                   " -engine e     use engine e, possibly a hardware device.\n");
--- a/deps/openssl/openssl/apps/enc.c
+++ b/deps/openssl/openssl/apps/enc.c
@@ -548,14 +548,9 @@ int MAIN(int argc, char **argv)
            else
                OPENSSL_cleanse(str, strlen(str));
        }
-        if (hiv != NULL) {
-            int siz = EVP_CIPHER_iv_length(cipher);
-            if (siz == 0) {
-                BIO_printf(bio_err, "warning: iv not use by this cipher\n");
-            } else if (!set_hex(hiv, iv, sizeof iv)) {
-                BIO_printf(bio_err, "invalid hex iv value\n");
-                goto end;
-            }
+        if ((hiv != NULL) && !set_hex(hiv, iv, sizeof iv)) {
+            BIO_printf(bio_err, "invalid hex iv value\n");
+            goto end;
        }
        if ((hiv == NULL) && (str == NULL)
            && EVP_CIPHER_iv_length(cipher) != 0) {
@@ -567,7 +562,7 @@ int MAIN(int argc, char **argv)
            BIO_printf(bio_err, "iv undefined\n");
            goto end;
        }
-        if ((hkey != NULL) && !set_hex(hkey, key, EVP_CIPHER_key_length(cipher))) {
+        if ((hkey != NULL) && !set_hex(hkey, key, sizeof key)) {
            BIO_printf(bio_err, "invalid hex key value\n");
            goto end;
        }
--- a/deps/openssl/openssl/apps/gendh.c
+++ b/deps/openssl/openssl/apps/gendh.c
@@ -80,7 +80,7 @@
 # include <openssl/x509.h>
 # include <openssl/pem.h>

-# define DEFBITS 2048
+# define DEFBITS 512
 # undef PROG
 # define PROG gendh_main

--- a/deps/openssl/openssl/apps/ocsp.c
+++ b/deps/openssl/openssl/apps/ocsp.c
@@ -518,8 +518,6 @@ int MAIN(int argc, char **argv)
                   "-CApath dir          trusted certificates directory\n");
        BIO_printf(bio_err,
                   "-CAfile file         trusted certificates file\n");
-        BIO_printf(bio_err,
-                   "-no_alt_chains       only ever use the first certificate chain found\n");
        BIO_printf(bio_err,
                   "-VAfile file         validator certificates file\n");
        BIO_printf(bio_err,
--- a/deps/openssl/openssl/apps/s_cb.c
+++ b/deps/openssl/openssl/apps/s_cb.c
@@ -111,7 +111,6 @@

 #include <stdio.h>
 #include <stdlib.h>
-#include <string.h> /* for memcpy() */
 #define USE_SOCKETS
 #define NON_MAIN
 #include "apps.h"
@@ -748,7 +747,7 @@ int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie,

    /* Initialize a random secret */
    if (!cookie_initialized) {
-        if (RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH) <= 0) {
+        if (!RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH)) {
            BIO_printf(bio_err, "error setting random cookie secret\n");
            return 0;
        }
--- a/deps/openssl/openssl/apps/s_client.c
+++ b/deps/openssl/openssl/apps/s_client.c
@@ -329,8 +329,6 @@ static void sc_usage(void)
               " -pass arg     - private key file pass phrase source\n");
    BIO_printf(bio_err, " -CApath arg   - PEM format directory of CA's\n");
    BIO_printf(bio_err, " -CAfile arg   - PEM format file of CA's\n");
-    BIO_printf(bio_err,
-               " -no_alt_chains - only ever use the first certificate chain found\n");
    BIO_printf(bio_err,
               " -reconnect    - Drop and re-make the connection with the same Session-ID\n");
    BIO_printf(bio_err,
@@ -556,7 +554,7 @@ static char *MS_CALLBACK ssl_give_srp_client_pwd_cb(SSL *s, void *arg)
    PW_CB_DATA cb_tmp;
    int l;

-    if (!pass) {
+    if(!pass) {
        BIO_printf(bio_err, "Malloc failure\n");
        return NULL;
    }
@@ -1186,12 +1184,13 @@ int MAIN(int argc, char **argv)
    if (!set_cert_key_stuff(ctx, cert, key))
        goto end;

-    if ((CAfile || CApath)
-        && !SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) {
-        ERR_print_errors(bio_err);
-    }
-    if (!SSL_CTX_set_default_verify_paths(ctx)) {
+    if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||
+        (!SSL_CTX_set_default_verify_paths(ctx))) {
+        /*
+         * BIO_printf(bio_err,"error setting default verify locations\n");
+         */
        ERR_print_errors(bio_err);
+        /* goto end; */
    }
 #ifndef OPENSSL_NO_TLSEXT
    if (servername != NULL) {
--- a/deps/openssl/openssl/apps/s_server.c
+++ b/deps/openssl/openssl/apps/s_server.c
@@ -219,7 +219,7 @@ static int generate_session_id(const SSL *ssl, unsigned char *id,
                               unsigned int *id_len);
 #ifndef OPENSSL_NO_DH
 static DH *load_dh_param(const char *dhfile);
-static DH *get_dh2048(void);
+static DH *get_dh512(void);
 #endif

 #ifdef MONOLITH
@@ -227,48 +227,30 @@ static void s_server_init(void);
 #endif

 #ifndef OPENSSL_NO_DH
-static unsigned char dh2048_p[] = {
-    0xF6,0x42,0x57,0xB7,0x08,0x7F,0x08,0x17,0x72,0xA2,0xBA,0xD6,
-    0xA9,0x42,0xF3,0x05,0xE8,0xF9,0x53,0x11,0x39,0x4F,0xB6,0xF1,
-    0x6E,0xB9,0x4B,0x38,0x20,0xDA,0x01,0xA7,0x56,0xA3,0x14,0xE9,
-    0x8F,0x40,0x55,0xF3,0xD0,0x07,0xC6,0xCB,0x43,0xA9,0x94,0xAD,
-    0xF7,0x4C,0x64,0x86,0x49,0xF8,0x0C,0x83,0xBD,0x65,0xE9,0x17,
-    0xD4,0xA1,0xD3,0x50,0xF8,0xF5,0x59,0x5F,0xDC,0x76,0x52,0x4F,
-    0x3D,0x3D,0x8D,0xDB,0xCE,0x99,0xE1,0x57,0x92,0x59,0xCD,0xFD,
-    0xB8,0xAE,0x74,0x4F,0xC5,0xFC,0x76,0xBC,0x83,0xC5,0x47,0x30,
-    0x61,0xCE,0x7C,0xC9,0x66,0xFF,0x15,0xF9,0xBB,0xFD,0x91,0x5E,
-    0xC7,0x01,0xAA,0xD3,0x5B,0x9E,0x8D,0xA0,0xA5,0x72,0x3A,0xD4,
-    0x1A,0xF0,0xBF,0x46,0x00,0x58,0x2B,0xE5,0xF4,0x88,0xFD,0x58,
-    0x4E,0x49,0xDB,0xCD,0x20,0xB4,0x9D,0xE4,0x91,0x07,0x36,0x6B,
-    0x33,0x6C,0x38,0x0D,0x45,0x1D,0x0F,0x7C,0x88,0xB3,0x1C,0x7C,
-    0x5B,0x2D,0x8E,0xF6,0xF3,0xC9,0x23,0xC0,0x43,0xF0,0xA5,0x5B,
-    0x18,0x8D,0x8E,0xBB,0x55,0x8C,0xB8,0x5D,0x38,0xD3,0x34,0xFD,
-    0x7C,0x17,0x57,0x43,0xA3,0x1D,0x18,0x6C,0xDE,0x33,0x21,0x2C,
-    0xB5,0x2A,0xFF,0x3C,0xE1,0xB1,0x29,0x40,0x18,0x11,0x8D,0x7C,
-    0x84,0xA7,0x0A,0x72,0xD6,0x86,0xC4,0x03,0x19,0xC8,0x07,0x29,
-    0x7A,0xCA,0x95,0x0C,0xD9,0x96,0x9F,0xAB,0xD0,0x0A,0x50,0x9B,
-    0x02,0x46,0xD3,0x08,0x3D,0x66,0xA4,0x5D,0x41,0x9F,0x9C,0x7C,
-    0xBD,0x89,0x4B,0x22,0x19,0x26,0xBA,0xAB,0xA2,0x5E,0xC3,0x55,
-    0xE9,0x32,0x0B,0x3B,
+static unsigned char dh512_p[] = {
+    0xDA, 0x58, 0x3C, 0x16, 0xD9, 0x85, 0x22, 0x89, 0xD0, 0xE4, 0xAF, 0x75,
+    0x6F, 0x4C, 0xCA, 0x92, 0xDD, 0x4B, 0xE5, 0x33, 0xB8, 0x04, 0xFB, 0x0F,
+    0xED, 0x94, 0xEF, 0x9C, 0x8A, 0x44, 0x03, 0xED, 0x57, 0x46, 0x50, 0xD3,
+    0x69, 0x99, 0xDB, 0x29, 0xD7, 0x76, 0x27, 0x6B, 0xA2, 0xD3, 0xD4, 0x12,
+    0xE2, 0x18, 0xF4, 0xDD, 0x1E, 0x08, 0x4C, 0xF6, 0xD8, 0x00, 0x3E, 0x7C,
+    0x47, 0x74, 0xE8, 0x33,
 };

-static unsigned char dh2048_g[] = {
+static unsigned char dh512_g[] = {
    0x02,
 };

-DH *get_dh2048()
+static DH *get_dh512(void)
 {
-    DH *dh;
+    DH *dh = NULL;

    if ((dh = DH_new()) == NULL)
-        return NULL;
-    dh->p=BN_bin2bn(dh2048_p, sizeof(dh2048_p), NULL);
-    dh->g=BN_bin2bn(dh2048_g, sizeof(dh2048_g), NULL);
-    if (dh->p == NULL || dh->g == NULL) {
-        DH_free(dh);
-        return NULL;
-    }
-    return dh;
+        return (NULL);
+    dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
+    dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
+    if ((dh->p == NULL) || (dh->g == NULL))
+        return (NULL);
+    return (dh);
 }
 #endif

@@ -540,8 +522,6 @@ static void sv_usage(void)
    BIO_printf(bio_err, " -state        - Print the SSL states\n");
    BIO_printf(bio_err, " -CApath arg   - PEM format directory of CA's\n");
    BIO_printf(bio_err, " -CAfile arg   - PEM format file of CA's\n");
-    BIO_printf(bio_err,
-               " -no_alt_chains - only ever use the first certificate chain found\n");
    BIO_printf(bio_err,
               " -nocert       - Don't use any certificates (Anon-DH)\n");
    BIO_printf(bio_err,
@@ -740,7 +720,7 @@ static int ebcdic_write(BIO *b, const char *in, int inl)
            num = inl;
        wbuf =
            (EBCDIC_OUTBUFF *) OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + num);
-        if (!wbuf)
+        if(!wbuf)
            return 0;
        OPENSSL_free(b->ptr);

@@ -1018,7 +998,7 @@ int MAIN(int argc, char *argv[])
    int off = 0;
    int no_tmp_rsa = 0, no_dhe = 0, nocert = 0;
 #ifndef OPENSSL_NO_ECDH
-    int no_ecdhe = 0;
+    int no_ecdhe;
 #endif
    int state = 0;
    const SSL_METHOD *meth = NULL;
@@ -1674,11 +1654,7 @@ int MAIN(int argc, char *argv[])
            BIO_printf(bio_s_out, "Setting temp DH parameters\n");
        } else {
            BIO_printf(bio_s_out, "Using default temp DH parameters\n");
-            dh = get_dh2048();
-            if (dh == NULL) {
-                ERR_print_errors(bio_err);
-                goto end;
-            }
+            dh = get_dh512();
        }
        (void)BIO_flush(bio_s_out);

@@ -2275,10 +2251,8 @@ static int sv_body(char *hostname, int s, unsigned char *context)
                    ret = 1;
                    goto err;
                }
-                if (k > 0) {
-                    l += k;
-                    i -= k;
-                }
+                l += k;
+                i -= k;
                if (i <= 0)
                    break;
            }
@@ -2942,8 +2916,7 @@ static int generate_session_id(const SSL *ssl, unsigned char *id,
 {
    unsigned int count = 0;
    do {
-        if (RAND_pseudo_bytes(id, *id_len) < 0)
-            return 0;
+        RAND_pseudo_bytes(id, *id_len);
        /*
         * Prefix the session_id with the required prefix. NB: If our prefix
         * is too long, clip it - but there will be worse effects anyway, eg.
--- a/deps/openssl/openssl/apps/s_time.c
+++ b/deps/openssl/openssl/apps/s_time.c
@@ -302,7 +302,7 @@ static int parseArgs(int argc, char **argv)
            if (--argc < 1)
                goto bad;
            maxTime = atoi(*(++argv));
-            if (maxTime <= 0) {
+            if(maxTime <= 0) {
                BIO_printf(bio_err, "time must be > 0\n");
                badop = 1;
            }
--- a/deps/openssl/openssl/apps/smime.c
+++ b/deps/openssl/openssl/apps/smime.c
@@ -441,8 +441,6 @@ int MAIN(int argc, char **argv)
        BIO_printf(bio_err,
                   "-CApath dir    trusted certificates directory\n");
        BIO_printf(bio_err, "-CAfile file   trusted certificates file\n");
-        BIO_printf(bio_err,
-                   "-no_alt_chains only ever use the first certificate chain found\n");
        BIO_printf(bio_err,
                   "-crl_check     check revocation status of signer's certificate using CRLs\n");
        BIO_printf(bio_err,
--- a/deps/openssl/openssl/apps/srp.c
+++ b/deps/openssl/openssl/apps/srp.c
@@ -435,7 +435,7 @@ int MAIN(int argc, char **argv)
 # ifdef OPENSSL_SYS_VMS
            len = strlen(s) + sizeof(CONFIG_FILE);
            tofree = OPENSSL_malloc(len);
-            if (!tofree) {
+            if(!tofree) {
                BIO_printf(bio_err, "Out of memory\n");
                goto err;
            }
@@ -443,7 +443,7 @@ int MAIN(int argc, char **argv)
 # else
            len = strlen(s) + sizeof(CONFIG_FILE) + 1;
            tofree = OPENSSL_malloc(len);
-            if (!tofree) {
+            if(!tofree) {
                BIO_printf(bio_err, "Out of memory\n");
                goto err;
            }
--- a/deps/openssl/openssl/apps/verify.c
+++ b/deps/openssl/openssl/apps/verify.c
@@ -227,7 +227,7 @@ int MAIN(int argc, char **argv)
    if (ret == 1) {
        BIO_printf(bio_err,
                   "usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]");
-        BIO_printf(bio_err, " [-no_alt_chains] [-attime timestamp]");
+        BIO_printf(bio_err, " [-attime timestamp]");
 #ifndef OPENSSL_NO_ENGINE
        BIO_printf(bio_err, " [-engine e]");
 #endif
--- a/deps/openssl/openssl/crypto/Makefile
+++ b/deps/openssl/openssl/crypto/Makefile
@@ -125,17 +125,12 @@ install:
 lint:
 	@target=lint; $(RECURSIVE_MAKE)

-update: local_depend
-	@[ -z "$(THIS)" ] || (set -e; target=update; $(RECURSIVE_MAKE) )
-	@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
-
-depend: local_depend
-	@[ -z "$(THIS)" ] || (set -e; target=depend; $(RECURSIVE_MAKE) )
-	@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
-local_depend:
+depend:
 	@[ -z "$(THIS)" -o -f buildinf.h ] || touch buildinf.h # fake buildinf.h if it does not exist
 	@[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDE) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 	@[ -z "$(THIS)" -o -s buildinf.h ] || rm buildinf.h
+	@[ -z "$(THIS)" ] || (set -e; target=depend; $(RECURSIVE_MAKE) )
+	@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi

 clean:
 	rm -f buildinf.h *.s *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
--- a/deps/openssl/openssl/crypto/aes/Makefile
+++ b/deps/openssl/openssl/crypto/aes/Makefile
@@ -106,8 +106,6 @@ tests:
 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff

-update: depend
-
 depend:
 	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
 	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
--- a/deps/openssl/openssl/crypto/asn1/Makefile
+++ b/deps/openssl/openssl/crypto/asn1/Makefile
@@ -93,8 +93,6 @@ tests:
 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff

-update: depend
-
 depend:
 	@[ -n "$(MAKEDEPEND)" ] # should be set by top Makefile...
 	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
--- a/deps/openssl/openssl/crypto/asn1/a_int.c
+++ b/deps/openssl/openssl/crypto/asn1/a_int.c
@@ -124,8 +124,6 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
    else {
        ret = a->length;
        i = a->data[0];
-        if (ret == 1 && i == 0)
-            neg = 0;
        if (!neg && (i > 127)) {
            pad = 1;
            pb = 0;
@@ -164,7 +162,7 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
        p += a->length - 1;
        i = a->length;
        /* Copy zeros to destination as long as source is zero */
-        while (!*n && i > 1) {
+        while (!*n) {
            *(p--) = 0;
            n--;
            i--;
@@ -421,7 +419,7 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai)
        ASN1err(ASN1_F_BN_TO_ASN1_INTEGER, ERR_R_NESTED_ASN1_ERROR);
        goto err;
    }
-    if (BN_is_negative(bn) && !BN_is_zero(bn))
+    if (BN_is_negative(bn))
        ret->type = V_ASN1_NEG_INTEGER;
    else
        ret->type = V_ASN1_INTEGER;
--- a/deps/openssl/openssl/crypto/asn1/asn1_gen.c
+++ b/deps/openssl/openssl/crypto/asn1/asn1_gen.c
@@ -74,8 +74,6 @@
 #define ASN1_GEN_STR(str,val)   {str, sizeof(str) - 1, val}

 #define ASN1_FLAG_EXP_MAX       20
-/* Maximum number of nested sequences */
-#define ASN1_GEN_SEQ_MAX_DEPTH  50

 /* Input formats */

@@ -112,16 +110,13 @@ typedef struct {
    int exp_count;
 } tag_exp_arg;

-static ASN1_TYPE *generate_v3(char *str, X509V3_CTX *cnf, int depth,
-                              int *perr);
 static int bitstr_cb(const char *elem, int len, void *bitstr);
 static int asn1_cb(const char *elem, int len, void *bitstr);
 static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class,
                      int exp_constructed, int exp_pad, int imp_ok);
 static int parse_tagging(const char *vstart, int vlen, int *ptag,
                         int *pclass);
-static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf,
-                             int depth, int *perr);
+static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf);
 static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype);
 static int asn1_str2tag(const char *tagstr, int len);

@@ -137,16 +132,6 @@ ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf)
 }

 ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf)
-{
-    int err = 0;
-    ASN1_TYPE *ret = generate_v3(str, cnf, 0, &err);
-    if (err)
-        ASN1err(ASN1_F_ASN1_GENERATE_V3, err);
-    return ret;
-}
-
-static ASN1_TYPE *generate_v3(char *str, X509V3_CTX *cnf, int depth,
-                              int *perr)
 {
    ASN1_TYPE *ret;
    tag_exp_arg asn1_tags;
@@ -167,22 +152,17 @@ static ASN1_TYPE *generate_v3(char *str, X509V3_CTX *cnf, int depth,
    asn1_tags.imp_class = -1;
    asn1_tags.format = ASN1_GEN_FORMAT_ASCII;
    asn1_tags.exp_count = 0;
-    if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0) {
-        *perr = ASN1_R_UNKNOWN_TAG;
+    if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0)
        return NULL;
-    }

    if ((asn1_tags.utype == V_ASN1_SEQUENCE)
        || (asn1_tags.utype == V_ASN1_SET)) {
        if (!cnf) {
-            *perr = ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG;
+            ASN1err(ASN1_F_ASN1_GENERATE_V3,
+                    ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG);
            return NULL;
        }
-        if (depth >= ASN1_GEN_SEQ_MAX_DEPTH) {
-            *perr = ASN1_R_ILLEGAL_NESTED_TAGGING;
-            return NULL;
-        }
-        ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf, depth, perr);
+        ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf);
    } else
        ret = asn1_str2type(asn1_tags.str, asn1_tags.format, asn1_tags.utype);

@@ -300,7 +280,7 @@ static int asn1_cb(const char *elem, int len, void *bitstr)
    int tmp_tag, tmp_class;

    if (elem == NULL)
-        return -1;
+        return 0;

    for (i = 0, p = elem; i < len; p++, i++) {
        /* Look for the ':' in name value pairs */
@@ -373,7 +353,7 @@ static int asn1_cb(const char *elem, int len, void *bitstr)
        break;

    case ASN1_GEN_FLAG_FORMAT:
-        if (!vstart) {
+        if(!vstart) {
            ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_FORMAT);
            return -1;
        }
@@ -455,8 +435,7 @@ static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass)

 /* Handle multiple types: SET and SEQUENCE */

-static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf,
-                             int depth, int *perr)
+static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf)
 {
    ASN1_TYPE *ret = NULL;
    STACK_OF(ASN1_TYPE) *sk = NULL;
@@ -475,8 +454,7 @@ static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf,
            goto bad;
        for (i = 0; i < sk_CONF_VALUE_num(sect); i++) {
            ASN1_TYPE *typ =
-                generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf,
-                            depth + 1, perr);
+                ASN1_generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf);
            if (!typ)
                goto bad;
            if (!sk_ASN1_TYPE_push(sk, typ))
--- a/deps/openssl/openssl/crypto/asn1/asn_mime.c
+++ b/deps/openssl/openssl/crypto/asn1/asn_mime.c
@@ -289,8 +289,7 @@ int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
    if ((flags & SMIME_DETACHED) && data) {
        /* We want multipart/signed */
        /* Generate a random boundary */
-        if (RAND_pseudo_bytes((unsigned char *)bound, 32) < 0)
-            return 0;
+        RAND_pseudo_bytes((unsigned char *)bound, 32);
        for (i = 0; i < 32; i++) {
            c = bound[i] & 0xf;
            if (c < 10)
--- a/deps/openssl/openssl/crypto/asn1/bio_ndef.c
+++ b/deps/openssl/openssl/crypto/asn1/bio_ndef.c
@@ -162,7 +162,7 @@ static int ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg)

    derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it);
    p = OPENSSL_malloc(derlen);
-    if (!p)
+    if(!p)
        return 0;

    ndef_aux->derbuf = p;
@@ -232,7 +232,7 @@ static int ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg)

    derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it);
    p = OPENSSL_malloc(derlen);
-    if (!p)
+    if(!p)
        return 0;

    ndef_aux->derbuf = p;
--- a/deps/openssl/openssl/crypto/asn1/tasn_new.c
+++ b/deps/openssl/openssl/crypto/asn1/tasn_new.c
@@ -100,6 +100,9 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
    else
        asn1_cb = 0;

+    if (!combine)
+        *pval = NULL;
+
 #ifdef CRYPTO_MDEBUG
    if (it->sname)
        CRYPTO_push_info(it->sname);
--- a/deps/openssl/openssl/crypto/asn1/tasn_prn.c
+++ b/deps/openssl/openssl/crypto/asn1/tasn_prn.c
@@ -290,7 +290,7 @@ static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
        for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
            const ASN1_TEMPLATE *seqtt;
            seqtt = asn1_do_adb(fld, tt, 1);
-            if (!seqtt)
+            if(!seqtt)
                return 0;
            tmpfld = asn1_get_field_ptr(fld, seqtt);
            if (!asn1_template_print_ctx(out, tmpfld,
--- a/deps/openssl/openssl/crypto/asn1/x_x509.c
+++ b/deps/openssl/openssl/crypto/asn1/x_x509.c
@@ -177,7 +177,7 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
    /* Save start position */
    q = *pp;

-    if (!a || *a == NULL) {
+    if(!a || *a == NULL) {
        freeret = 1;
    }
    ret = d2i_X509(a, pp, length);
@@ -192,7 +192,7 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
        goto err;
    return ret;
 err:
-    if (freeret) {
+    if(freeret) {
        X509_free(ret);
        if (a)
            *a = NULL;
--- a/deps/openssl/openssl/crypto/bf/Makefile
+++ b/deps/openssl/openssl/crypto/bf/Makefile
@@ -72,8 +72,6 @@ tests:
 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff

-update: depend
-
 depend:
 	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
 	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
--- a/deps/openssl/openssl/crypto/bio/Makefile
+++ b/deps/openssl/openssl/crypto/bio/Makefile
@@ -73,8 +73,6 @@ tests:
 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff

-update: depend
-
 depend:
 	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
 	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
--- a/deps/openssl/openssl/crypto/bio/b_print.c
+++ b/deps/openssl/openssl/crypto/bio/b_print.c
@@ -704,29 +704,32 @@ doapr_outch(char **sbuffer,
    /* If we haven't at least one buffer, someone has doe a big booboo */
    assert(*sbuffer != NULL || buffer != NULL);

-    /* |currlen| must always be <= |*maxlen| */
-    assert(*currlen <= *maxlen);
-
-    if (buffer && *currlen == *maxlen) {
-        *maxlen += 1024;
-        if (*buffer == NULL) {
-            *buffer = OPENSSL_malloc(*maxlen);
-            if (!*buffer) {
-                /* Panic! Can't really do anything sensible. Just return */
-                return;
-            }
-            if (*currlen > 0) {
-                assert(*sbuffer != NULL);
-                memcpy(*buffer, *sbuffer, *currlen);
-            }
-            *sbuffer = NULL;
-        } else {
-            *buffer = OPENSSL_realloc(*buffer, *maxlen);
-            if (!*buffer) {
-                /* Panic! Can't really do anything sensible. Just return */
-                return;
+    if (buffer) {
+        while (*currlen >= *maxlen) {
+            if (*buffer == NULL) {
+                if (*maxlen == 0)
+                    *maxlen = 1024;
+                *buffer = OPENSSL_malloc(*maxlen);
+                if(!*buffer) {
+                    /* Panic! Can't really do anything sensible. Just return */
+                    return;
+                }
+                if (*currlen > 0) {
+                    assert(*sbuffer != NULL);
+                    memcpy(*buffer, *sbuffer, *currlen);
+                }
+                *sbuffer = NULL;
+            } else {
+                *maxlen += 1024;
+                *buffer = OPENSSL_realloc(*buffer, *maxlen);
+                if(!*buffer) {
+                    /* Panic! Can't really do anything sensible. Just return */
+                    return;
+                }
            }
        }
+        /* What to do if *buffer is NULL? */
+        assert(*sbuffer != NULL || *buffer != NULL);
    }

    if (*currlen < *maxlen) {
--- a/deps/openssl/openssl/crypto/bio/bf_nbio.c
+++ b/deps/openssl/openssl/crypto/bio/bf_nbio.c
@@ -139,8 +139,7 @@ static int nbiof_read(BIO *b, char *out, int outl)

    BIO_clear_retry_flags(b);
 #if 1
-    if (RAND_pseudo_bytes(&n, 1) < 0)
-        return -1;
+    RAND_pseudo_bytes(&n, 1);
    num = (n & 0x07);

    if (outl > num)
@@ -179,8 +178,7 @@ static int nbiof_write(BIO *b, const char *in, int inl)
        num = nt->lwn;
        nt->lwn = 0;
    } else {
-        if (RAND_pseudo_bytes(&n, 1) < 0)
-            return -1;
+        RAND_pseudo_bytes(&n, 1);
        num = (n & 7);
    }

--- a/deps/openssl/openssl/crypto/bio/bio.h
+++ b/deps/openssl/openssl/crypto/bio/bio.h
@@ -290,7 +290,7 @@ void BIO_clear_flags(BIO *b, int flags);
 * BIO_CB_RETURN flag indicates if it is after the call
 */
 # define BIO_CB_RETURN   0x80
-# define BIO_CB_return(a) ((a)|BIO_CB_RETURN)
+# define BIO_CB_return(a) ((a)|BIO_CB_RETURN))
 # define BIO_cb_pre(a)   (!((a)&BIO_CB_RETURN))
 # define BIO_cb_post(a)  ((a)&BIO_CB_RETURN)

--- a/deps/openssl/openssl/crypto/bio/bio_lib.c
+++ b/deps/openssl/openssl/crypto/bio/bio_lib.c
@@ -536,10 +536,8 @@ BIO *BIO_dup_chain(BIO *in)

        /* copy app data */
        if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new_bio->ex_data,
-                                &bio->ex_data)) {
-            BIO_free(new_bio);
+                                &bio->ex_data))
            goto err;
-        }

        if (ret == NULL) {
            eoc = new_bio;
@@ -551,8 +549,8 @@ BIO *BIO_dup_chain(BIO *in)
    }
    return (ret);
 err:
-    BIO_free_all(ret);
-
+    if (ret != NULL)
+        BIO_free(ret);
    return (NULL);
 }

--- a/deps/openssl/openssl/crypto/bio/bss_dgram.c
+++ b/deps/openssl/openssl/crypto/bio/bss_dgram.c
@@ -299,17 +299,16 @@ static void dgram_adjust_rcv_timeout(BIO *b)

        /* Calculate time left until timer expires */
        memcpy(&timeleft, &(data->next_timeout), sizeof(struct timeval));
-        if (timeleft.tv_usec < timenow.tv_usec) {
-            timeleft.tv_usec = 1000000 - timenow.tv_usec + timeleft.tv_usec;
+        timeleft.tv_sec -= timenow.tv_sec;
+        timeleft.tv_usec -= timenow.tv_usec;
+        if (timeleft.tv_usec < 0) {
            timeleft.tv_sec--;
-        } else {
-            timeleft.tv_usec -= timenow.tv_usec;
+            timeleft.tv_usec += 1000000;
        }
-        if (timeleft.tv_sec < timenow.tv_sec) {
+
+        if (timeleft.tv_sec < 0) {
            timeleft.tv_sec = 0;
            timeleft.tv_usec = 1;
-        } else {
-            timeleft.tv_sec -= timenow.tv_sec;
        }

        /*
@@ -954,7 +953,7 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag)
     */
    sockopt_len = (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t));
    authchunks = OPENSSL_malloc(sockopt_len);
-    if (!authchunks) {
+    if(!authchunks) {
        BIO_vfree(bio);
        return (NULL);
    }
@@ -1294,7 +1293,7 @@ static int dgram_sctp_read(BIO *b, char *out, int outl)
                (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t));
            authchunks = OPENSSL_malloc(optlen);
            if (!authchunks) {
-                BIOerr(BIO_F_DGRAM_SCTP_READ, ERR_R_MALLOC_FAILURE);
+                BIOerr(BIO_F_DGRAM_SCTP_READ, ERR_R_MALLOC_ERROR);
                return -1;
            }
            memset(authchunks, 0, sizeof(optlen));
@@ -1365,8 +1364,8 @@ static int dgram_sctp_write(BIO *b, const char *in, int inl)
    if (data->save_shutdown && !BIO_dgram_sctp_wait_for_dry(b)) {
        char *tmp;
        data->saved_message.bio = b;
-        if (!(tmp = OPENSSL_malloc(inl))) {
-            BIOerr(BIO_F_DGRAM_SCTP_WRITE, ERR_R_MALLOC_FAILURE);
+        if(!(tmp = OPENSSL_malloc(inl))) {
+            BIOerr(BIO_F_DGRAM_SCTP_WRITE, ERR_R_MALLOC_ERROR);
            return -1;
        }
        if (data->saved_message.data)
--- a/deps/openssl/openssl/crypto/bn/Makefile
+++ b/deps/openssl/openssl/crypto/bn/Makefile
@@ -167,8 +167,6 @@ tests:
 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff

-update: bn_prime.h depend
-
 depend:
 	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
 	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
--- a/deps/openssl/openssl/crypto/bn/bn.h
+++ b/deps/openssl/openssl/crypto/bn/bn.h
@@ -797,7 +797,6 @@ int RAND_pseudo_bytes(unsigned char *buf, int num);
                         * wouldn't be constructed with top!=dmax. */ \
                        BN_ULONG *_not_const; \
                        memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \
-                        /* Debug only - safe to ignore error return */ \
                        RAND_pseudo_bytes(&_tmp_char, 1); \
                        memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \
                                (_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \
@@ -911,7 +910,6 @@ void ERR_load_BN_strings(void);
 # define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR                  135
 # define BN_F_BN_GF2M_MOD_SQR                             136
 # define BN_F_BN_GF2M_MOD_SQRT                            137
-# define BN_F_BN_LSHIFT                                   145
 # define BN_F_BN_MOD_EXP2_MONT                            118
 # define BN_F_BN_MOD_EXP_MONT                             109
 # define BN_F_BN_MOD_EXP_MONT_CONSTTIME                   124
@@ -927,14 +925,12 @@ void ERR_load_BN_strings(void);
 # define BN_F_BN_NEW                                      113
 # define BN_F_BN_RAND                                     114
 # define BN_F_BN_RAND_RANGE                               122
-# define BN_F_BN_RSHIFT                                   146
 # define BN_F_BN_USUB                                     115

 /* Reason codes. */
 # define BN_R_ARG2_LT_ARG3                                100
 # define BN_R_BAD_RECIPROCAL                              101
 # define BN_R_BIGNUM_TOO_LONG                             114
-# define BN_R_BITS_TOO_SMALL                              118
 # define BN_R_CALLED_WITH_EVEN_MODULUS                    102
 # define BN_R_DIV_BY_ZERO                                 103
 # define BN_R_ENCODING_ERROR                              104
@@ -942,7 +938,6 @@ void ERR_load_BN_strings(void);
 # define BN_R_INPUT_NOT_REDUCED                           110
 # define BN_R_INVALID_LENGTH                              106
 # define BN_R_INVALID_RANGE                               115
-# define BN_R_INVALID_SHIFT                               119
 # define BN_R_NOT_A_SQUARE                                111
 # define BN_R_NOT_INITIALIZED                             107
 # define BN_R_NO_INVERSE                                  108
--- a/deps/openssl/openssl/crypto/bn/bn_err.c
+++ b/deps/openssl/openssl/crypto/bn/bn_err.c
@@ -1,6 +1,6 @@
 /* crypto/bn/bn_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2015 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -94,7 +94,6 @@ static ERR_STRING_DATA BN_str_functs[] = {
    {ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR), "BN_GF2m_mod_solve_quad_arr"},
    {ERR_FUNC(BN_F_BN_GF2M_MOD_SQR), "BN_GF2m_mod_sqr"},
    {ERR_FUNC(BN_F_BN_GF2M_MOD_SQRT), "BN_GF2m_mod_sqrt"},
-    {ERR_FUNC(BN_F_BN_LSHIFT), "BN_lshift"},
    {ERR_FUNC(BN_F_BN_MOD_EXP2_MONT), "BN_mod_exp2_mont"},
    {ERR_FUNC(BN_F_BN_MOD_EXP_MONT), "BN_mod_exp_mont"},
    {ERR_FUNC(BN_F_BN_MOD_EXP_MONT_CONSTTIME), "BN_mod_exp_mont_consttime"},
@@ -110,7 +109,6 @@ static ERR_STRING_DATA BN_str_functs[] = {
    {ERR_FUNC(BN_F_BN_NEW), "BN_new"},
    {ERR_FUNC(BN_F_BN_RAND), "BN_rand"},
    {ERR_FUNC(BN_F_BN_RAND_RANGE), "BN_rand_range"},
-    {ERR_FUNC(BN_F_BN_RSHIFT), "BN_rshift"},
    {ERR_FUNC(BN_F_BN_USUB), "BN_usub"},
    {0, NULL}
 };
@@ -119,7 +117,6 @@ static ERR_STRING_DATA BN_str_reasons[] = {
    {ERR_REASON(BN_R_ARG2_LT_ARG3), "arg2 lt arg3"},
    {ERR_REASON(BN_R_BAD_RECIPROCAL), "bad reciprocal"},
    {ERR_REASON(BN_R_BIGNUM_TOO_LONG), "bignum too long"},
-    {ERR_REASON(BN_R_BITS_TOO_SMALL), "bits too small"},
    {ERR_REASON(BN_R_CALLED_WITH_EVEN_MODULUS), "called with even modulus"},
    {ERR_REASON(BN_R_DIV_BY_ZERO), "div by zero"},
    {ERR_REASON(BN_R_ENCODING_ERROR), "encoding error"},
@@ -128,7 +125,6 @@ static ERR_STRING_DATA BN_str_reasons[] = {
    {ERR_REASON(BN_R_INPUT_NOT_REDUCED), "input not reduced"},
    {ERR_REASON(BN_R_INVALID_LENGTH), "invalid length"},
    {ERR_REASON(BN_R_INVALID_RANGE), "invalid range"},
-    {ERR_REASON(BN_R_INVALID_SHIFT), "invalid shift"},
    {ERR_REASON(BN_R_NOT_A_SQUARE), "not a square"},
    {ERR_REASON(BN_R_NOT_INITIALIZED), "not initialized"},
    {ERR_REASON(BN_R_NO_INVERSE), "no inverse"},
--- a/deps/openssl/openssl/crypto/bn/bn_gf2m.c
+++ b/deps/openssl/openssl/crypto/bn/bn_gf2m.c
@@ -694,10 +694,9 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
    }
 # else
    {
-        int i;
-        int ubits = BN_num_bits(u);
-        int vbits = BN_num_bits(v); /* v is copy of p */
-        int top = p->top;
+        int i, ubits = BN_num_bits(u), vbits = BN_num_bits(v), /* v is copy
+                                                                * of p */
+            top = p->top;
        BN_ULONG *udp, *bdp, *vdp, *cdp;

        bn_wexpand(u, top);
@@ -741,12 +740,8 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
                ubits--;
            }

-            if (ubits <= BN_BITS2) {
-                if (udp[0] == 0) /* poly was reducible */
-                    goto err;
-                if (udp[0] == 1)
-                    break;
-            }
+            if (ubits <= BN_BITS2 && udp[0] == 1)
+                break;

            if (ubits < vbits) {
                i = ubits;
--- a/deps/openssl/openssl/crypto/bn/bn_lcl.h
+++ b/deps/openssl/openssl/crypto/bn/bn_lcl.h
@@ -276,7 +276,7 @@ unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b,
 #   endif
 #  elif defined(__mips) && (defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG))
 #   if defined(__GNUC__) && __GNUC__>=2
-#    if __GNUC__>4 || (__GNUC__>=4 && __GNUC_MINOR__>=4)
+#    if __GNUC__>=4 && __GNUC_MINOR__>=4
                                     /* "h" constraint is no more since 4.4 */
 #     define BN_UMULT_HIGH(a,b)          (((__uint128_t)(a)*(b))>>64)
 #     define BN_UMULT_LOHI(low,high,a,b) ({     \
--- a/deps/openssl/openssl/crypto/bn/bn_print.c
+++ b/deps/openssl/openssl/crypto/bn/bn_print.c
@@ -71,12 +71,7 @@ char *BN_bn2hex(const BIGNUM *a)
    char *buf;
    char *p;

-    if (a->neg && BN_is_zero(a)) {
-        /* "-0" == 3 bytes including NULL terminator */
-        buf = OPENSSL_malloc(3);
-    } else {
-        buf = OPENSSL_malloc(a->top * BN_BYTES * 2 + 2);
-    }
+    buf = (char *)OPENSSL_malloc(a->top * BN_BYTES * 2 + 2);
    if (buf == NULL) {
        BNerr(BN_F_BN_BN2HEX, ERR_R_MALLOC_FAILURE);
        goto err;
--- a/deps/openssl/openssl/crypto/bn/bn_rand.c
+++ b/deps/openssl/openssl/crypto/bn/bn_rand.c
@@ -121,11 +121,6 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
    int ret = 0, bit, bytes, mask;
    time_t tim;

-    if (bits < 0 || (bits == 1 && top > 0)) {
-        BNerr(BN_F_BNRAND, BN_R_BITS_TOO_SMALL);
-        return 0;
-    }
-
    if (bits == 0) {
        BN_zero(rnd);
        return 1;
@@ -162,8 +157,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
        unsigned char c;

        for (i = 0; i < bytes; i++) {
-            if (RAND_pseudo_bytes(&c, 1) < 0)
-                goto err;
+            RAND_pseudo_bytes(&c, 1);
            if (c >= 128 && i > 0)
                buf[i] = buf[i - 1];
            else if (c < 42)
@@ -174,7 +168,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
    }
 #endif

-    if (top >= 0) {
+    if (top != -1) {
        if (top) {
            if (bit == 0) {
                buf[0] = 1;
--- a/deps/openssl/openssl/crypto/bn/bn_shift.c
+++ b/deps/openssl/openssl/crypto/bn/bn_shift.c
@@ -137,11 +137,6 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n)
    bn_check_top(r);
    bn_check_top(a);

-    if (n < 0) {
-        BNerr(BN_F_BN_LSHIFT, BN_R_INVALID_SHIFT);
-        return 0;
-    }
-
    r->neg = a->neg;
    nw = n / BN_BITS2;
    if (bn_wexpand(r, a->top + nw + 1) == NULL)
@@ -179,11 +174,6 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n)
    bn_check_top(r);
    bn_check_top(a);

-    if (n < 0) {
-        BNerr(BN_F_BN_RSHIFT, BN_R_INVALID_SHIFT);
-        return 0;
-    }
-
    nw = n / BN_BITS2;
    rb = n % BN_BITS2;
    lb = BN_BITS2 - rb;
--- a/deps/openssl/openssl/crypto/buffer/Makefile
+++ b/deps/openssl/openssl/crypto/buffer/Makefile
@@ -61,8 +61,6 @@ tests:
 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff

-update: depend
-
 depend:
 	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
 	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
--- a/deps/openssl/openssl/crypto/buffer/buffer.c
+++ b/deps/openssl/openssl/crypto/buffer/buffer.c
@@ -88,7 +88,7 @@ void BUF_MEM_free(BUF_MEM *a)
        return;

    if (a->data != NULL) {
-        OPENSSL_cleanse(a->data, a->max);
+        memset(a->data, 0, (unsigned int)a->max);
        OPENSSL_free(a->data);
    }
    OPENSSL_free(a);
--- a/deps/openssl/openssl/crypto/camellia/Makefile
+++ b/deps/openssl/openssl/crypto/camellia/Makefile
@@ -73,8 +73,6 @@ tests:
 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff

-update: depend
-
 depend:
 	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
 	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
--- a/deps/openssl/openssl/crypto/cast/Makefile
+++ b/deps/openssl/openssl/crypto/cast/Makefile
@@ -69,8 +69,6 @@ tests:
 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff

-update: depend
-
 depend:
 	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
 	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
--- a/deps/openssl/openssl/crypto/cmac/Makefile
+++ b/deps/openssl/openssl/crypto/cmac/Makefile
@@ -61,8 +61,6 @@ tests:
 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff

-update: depend
-
 depend:
 	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
 	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
--- a/deps/openssl/openssl/crypto/cmac/cmac.c
+++ b/deps/openssl/openssl/crypto/cmac/cmac.c
@@ -126,8 +126,6 @@ EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx)

 void CMAC_CTX_free(CMAC_CTX *ctx)
 {
-    if (!ctx)
-        return;
    CMAC_CTX_cleanup(ctx);
    OPENSSL_free(ctx);
 }
--- a/deps/openssl/openssl/crypto/cms/Makefile
+++ b/deps/openssl/openssl/crypto/cms/Makefile
@@ -67,8 +67,6 @@ tests:
 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff

-update: depend
-
 depend:
 	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
 	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
--- a/deps/openssl/openssl/crypto/cms/cms_pwri.c
+++ b/deps/openssl/openssl/crypto/cms/cms_pwri.c
@@ -231,7 +231,7 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen,
        return 0;
    }
    tmp = OPENSSL_malloc(inlen);
-    if (!tmp)
+    if(!tmp)
        return 0;
    /* setup IV by decrypting last two blocks */
    EVP_DecryptUpdate(ctx, tmp + inlen - 2 * blocklen, &outl,
@@ -297,9 +297,8 @@ static int kek_wrap_key(unsigned char *out, size_t *outlen,
        out[3] = in[2] ^ 0xFF;
        memcpy(out + 4, in, inlen);
        /* Add random padding to end */
-        if (olen > inlen + 4
-            && RAND_pseudo_bytes(out + 4 + inlen, olen - 4 - inlen) < 0)
-            return 0;
+        if (olen > inlen + 4)
+            RAND_pseudo_bytes(out + 4 + inlen, olen - 4 - inlen);
        /* Encrypt twice */
        EVP_EncryptUpdate(ctx, out, &dummy, out, olen);
        EVP_EncryptUpdate(ctx, out, &dummy, out, olen);
--- a/deps/openssl/openssl/crypto/cms/cms_smime.c
+++ b/deps/openssl/openssl/crypto/cms/cms_smime.c
@@ -131,7 +131,7 @@ static void do_free_upto(BIO *f, BIO *upto)
            BIO_free(f);
            f = tbio;
        }
-        while (f && f != upto);
+        while (f != upto);
    } else
        BIO_free_all(f);
 }
--- a/deps/openssl/openssl/crypto/comp/Makefile
+++ b/deps/openssl/openssl/crypto/comp/Makefile
@@ -64,8 +64,6 @@ tests:
 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff

-update: depend
-
 depend:
 	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
 	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
--- a/deps/openssl/openssl/crypto/conf/Makefile
+++ b/deps/openssl/openssl/crypto/conf/Makefile
@@ -64,8 +64,6 @@ tests:
 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff

-update: depend
-
 depend:
 	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
 	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
--- a/deps/openssl/openssl/crypto/cryptlib.c
+++ b/deps/openssl/openssl/crypto/cryptlib.c
@@ -806,6 +806,8 @@ int OPENSSL_isservice(void)
    if (_OPENSSL_isservice.p != (void *)-1)
        return (*_OPENSSL_isservice.f) ();

+    (void)GetDesktopWindow();   /* return value is ignored */
+
    h = GetProcessWindowStation();
    if (h == NULL)
        return -1;
--- a/deps/openssl/openssl/crypto/des/Makefile
+++ b/deps/openssl/openssl/crypto/des/Makefile
@@ -94,8 +94,6 @@ tests:
 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff

-update: depend
-
 depend:
 	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
 	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
--- a/deps/openssl/openssl/crypto/des/des.c
+++ b/deps/openssl/openssl/crypto/des/des.c
@@ -455,10 +455,8 @@ void doencryption(void)
            rem = l % 8;
            len = l - rem;
            if (feof(DES_IN)) {
-                for (i = 7 - rem; i > 0; i--) {
-                    if (RAND_pseudo_bytes(buf + l++, 1) < 0)
-                        goto problems;
-                }
+                for (i = 7 - rem; i > 0; i--)
+                    RAND_pseudo_bytes(buf + l++, 1);
                buf[l++] = rem;
                ex = 1;
                len += rem;
--- a/deps/openssl/openssl/crypto/des/enc_writ.c
+++ b/deps/openssl/openssl/crypto/des/enc_writ.c
@@ -96,9 +96,6 @@ int DES_enc_write(int fd, const void *_buf, int len,
    const unsigned char *cp;
    static int start = 1;

-    if (len < 0)
-        return -1;
-
    if (outbuf == NULL) {
        outbuf = OPENSSL_malloc(BSIZE + HDRSIZE);
        if (outbuf == NULL)
@@ -135,9 +132,7 @@ int DES_enc_write(int fd, const void *_buf, int len,
    if (len < 8) {
        cp = shortbuf;
        memcpy(shortbuf, buf, len);
-        if (RAND_pseudo_bytes(shortbuf + len, 8 - len) < 0) {
-            return -1;
-        }
+        RAND_pseudo_bytes(shortbuf + len, 8 - len);
        rnum = 8;
    } else {
        cp = buf;
--- a/deps/openssl/openssl/crypto/dh/Makefile
+++ b/deps/openssl/openssl/crypto/dh/Makefile
@@ -63,8 +63,6 @@ tests:
 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff

-update: depend
-
 depend:
 	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
 	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
--- a/deps/openssl/openssl/crypto/dh/dh_ameth.c
+++ b/deps/openssl/openssl/crypto/dh/dh_ameth.c
@@ -135,7 +135,7 @@ static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
    dh = pkey->pkey.dh;

    str = ASN1_STRING_new();
-    if (!str) {
+    if(!str) {
        DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
        goto err;
    }
--- a/deps/openssl/openssl/crypto/dsa/Makefile
+++ b/deps/openssl/openssl/crypto/dsa/Makefile
@@ -63,8 +63,6 @@ tests:
 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff

-update: depend
-
 depend:
 	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
 	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
--- a/deps/openssl/openssl/crypto/dsa/dsa_gen.c
+++ b/deps/openssl/openssl/crypto/dsa/dsa_gen.c
@@ -202,8 +202,7 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
                goto err;

            if (!seed_len) {
-                if (RAND_pseudo_bytes(seed, qsize) < 0)
-                    goto err;
+                RAND_pseudo_bytes(seed, qsize);
                seed_is_random = 1;
            } else {
                seed_is_random = 0;
--- a/deps/openssl/openssl/crypto/dsa/dsa_ossl.c
+++ b/deps/openssl/openssl/crypto/dsa/dsa_ossl.c
@@ -106,23 +106,23 @@ static DSA_METHOD openssl_dsa_meth = {
 #define DSA_MOD_EXP(err_instr,dsa,rr,a1,p1,a2,p2,m,ctx,in_mont) \
        do { \
        int _tmp_res53; \
-        if ((dsa)->meth->dsa_mod_exp) \
+        if((dsa)->meth->dsa_mod_exp) \
                _tmp_res53 = (dsa)->meth->dsa_mod_exp((dsa), (rr), (a1), (p1), \
                                (a2), (p2), (m), (ctx), (in_mont)); \
        else \
                _tmp_res53 = BN_mod_exp2_mont((rr), (a1), (p1), (a2), (p2), \
                                (m), (ctx), (in_mont)); \
-        if (!_tmp_res53) err_instr; \
+        if(!_tmp_res53) err_instr; \
        } while(0)
 #define DSA_BN_MOD_EXP(err_instr,dsa,r,a,p,m,ctx,m_ctx) \
        do { \
        int _tmp_res53; \
-        if ((dsa)->meth->bn_mod_exp) \
+        if((dsa)->meth->bn_mod_exp) \
                _tmp_res53 = (dsa)->meth->bn_mod_exp((dsa), (r), (a), (p), \
                                (m), (ctx), (m_ctx)); \
        else \
                _tmp_res53 = BN_mod_exp_mont((r), (a), (p), (m), (ctx), (m_ctx)); \
-        if (!_tmp_res53) err_instr; \
+        if(!_tmp_res53) err_instr; \
        } while(0)

 const DSA_METHOD *DSA_OpenSSL(void)
--- a/deps/openssl/openssl/crypto/dso/Makefile
+++ b/deps/openssl/openssl/crypto/dso/Makefile
@@ -63,8 +63,6 @@ tests:
 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff

-update: depend
-
 depend:
 	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
 	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
--- a/deps/openssl/openssl/crypto/dso/dso_lib.c
+++ b/deps/openssl/openssl/crypto/dso/dso_lib.c
@@ -285,7 +285,7 @@ DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname)
 * honest. For one thing, I think I have to return a negative value for any
 * error because possible DSO_ctrl() commands may return values such as
 * "size"s that can legitimately be zero (making the standard
- * "if (DSO_cmd(...))" form that works almost everywhere else fail at odd
+ * "if(DSO_cmd(...))" form that works almost everywhere else fail at odd
 * times. I'd prefer "output" values to be passed by reference and the return
 * value as success/failure like usual ... but we conform when we must... :-)
 */
--- a/deps/openssl/openssl/crypto/dso/dso_vms.c
+++ b/deps/openssl/openssl/crypto/dso/dso_vms.c
@@ -539,7 +539,7 @@ static char *vms_name_converter(DSO *dso, const char *filename)
 {
    int len = strlen(filename);
    char *not_translated = OPENSSL_malloc(len + 1);
-    if (not_translated)
+    if(not_translated)
        strcpy(not_translated, filename);
    return (not_translated);
 }
--- a/deps/openssl/openssl/crypto/ec/Makefile
+++ b/deps/openssl/openssl/crypto/ec/Makefile
@@ -70,8 +70,6 @@ tests:
 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff

-update: depend
-
 depend:
 	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
 	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
--- a/deps/openssl/openssl/crypto/ec/ec2_oct.c
+++ b/deps/openssl/openssl/crypto/ec/ec2_oct.c
@@ -387,7 +387,7 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
    }

    /* test required by X9.62 */
-    if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
+    if (!EC_POINT_is_on_curve(group, point, ctx)) {
        ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
        goto err;
    }
--- a/deps/openssl/openssl/crypto/ec/ec_asn1.c
+++ b/deps/openssl/openssl/crypto/ec/ec_asn1.c
@@ -1114,7 +1114,7 @@ int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out)
 {
    int ret = 0, ok = 0;
    unsigned char *buffer = NULL;
-    size_t buf_len = 0, tmp_len, bn_len;
+    size_t buf_len = 0, tmp_len;
    EC_PRIVATEKEY *priv_key = NULL;

    if (a == NULL || a->group == NULL || a->priv_key == NULL ||
@@ -1130,32 +1130,18 @@ int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out)

    priv_key->version = a->version;

-    bn_len = (size_t)BN_num_bytes(a->priv_key);
-
-    /* Octetstring may need leading zeros if BN is to short */
-
-    buf_len = (EC_GROUP_get_degree(a->group) + 7) / 8;
-
-    if (bn_len > buf_len) {
-        ECerr(EC_F_I2D_ECPRIVATEKEY, EC_R_BUFFER_TOO_SMALL);
-        goto err;
-    }
-
+    buf_len = (size_t)BN_num_bytes(a->priv_key);
    buffer = OPENSSL_malloc(buf_len);
    if (buffer == NULL) {
        ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
        goto err;
    }

-    if (!BN_bn2bin(a->priv_key, buffer + buf_len - bn_len)) {
+    if (!BN_bn2bin(a->priv_key, buffer)) {
        ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_BN_LIB);
        goto err;
    }

-    if (buf_len - bn_len > 0) {
-        memset(buffer, 0, buf_len - bn_len);
-    }
-
    if (!M_ASN1_OCTET_STRING_set(priv_key->privateKey, buffer, buf_len)) {
        ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_ASN1_LIB);
        goto err;
--- a/deps/openssl/openssl/crypto/ec/ec_check.c
+++ b/deps/openssl/openssl/crypto/ec/ec_check.c
@@ -85,7 +85,7 @@ int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx)
        ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_GENERATOR);
        goto err;
    }
-    if (EC_POINT_is_on_curve(group, group->generator, ctx) <= 0) {
+    if (!EC_POINT_is_on_curve(group, group->generator, ctx)) {
        ECerr(EC_F_EC_GROUP_CHECK, EC_R_POINT_IS_NOT_ON_CURVE);
        goto err;
    }
--- a/deps/openssl/openssl/crypto/ec/ec_key.c
+++ b/deps/openssl/openssl/crypto/ec/ec_key.c
@@ -314,7 +314,7 @@ int EC_KEY_check_key(const EC_KEY *eckey)
        goto err;

    /* testing whether the pub_key is on the elliptic curve */
-    if (EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx) <= 0) {
+    if (!EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx)) {
        ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE);
        goto err;
    }
--- a/deps/openssl/openssl/crypto/ec/ec_lcl.h
+++ b/deps/openssl/openssl/crypto/ec/ec_lcl.h
@@ -451,6 +451,14 @@ int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r,
 int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
 int ec_GF2m_have_precompute_mult(const EC_GROUP *group);

+/* method functions in ec2_mult.c */
+int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r,
+                       const BIGNUM *scalar, size_t num,
+                       const EC_POINT *points[], const BIGNUM *scalars[],
+                       BN_CTX *);
+int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
+int ec_GF2m_have_precompute_mult(const EC_GROUP *group);
+
 #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
 /* method functions in ecp_nistp224.c */
 int ec_GFp_nistp224_group_init(EC_GROUP *group);
--- a/deps/openssl/openssl/crypto/ec/ec_lib.c
+++ b/deps/openssl/openssl/crypto/ec/ec_lib.c
@@ -934,13 +934,6 @@ int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point)
    return group->meth->is_at_infinity(group, point);
 }

-/*
- * Check whether an EC_POINT is on the curve or not. Note that the return
- * value for this function should NOT be treated as a boolean. Return values:
- *  1: The point is on the curve
- *  0: The point is not on the curve
- * -1: An error occurred
- */
 int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
                         BN_CTX *ctx)
 {
--- a/deps/openssl/openssl/crypto/ec/eck_prn.c
+++ b/deps/openssl/openssl/crypto/ec/eck_prn.c
@@ -338,14 +338,12 @@ static int print_bin(BIO *fp, const char *name, const unsigned char *buf,

    if (buf == NULL)
        return 1;
-    if (off > 0) {
+    if (off) {
        if (off > 128)
            off = 128;
        memset(str, ' ', off);
        if (BIO_write(fp, str, off) <= 0)
            return 0;
-    } else {
-        off = 0;
    }

    if (BIO_printf(fp, "%s", name) <= 0)
--- a/deps/openssl/openssl/crypto/ec/ecp_oct.c
+++ b/deps/openssl/openssl/crypto/ec/ecp_oct.c
@@ -413,7 +413,7 @@ int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
    }

    /* test required by X9.62 */
-    if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
+    if (!EC_POINT_is_on_curve(group, point, ctx)) {
        ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
        goto err;
    }
--- a/deps/openssl/openssl/crypto/ec/ectest.c
+++ b/deps/openssl/openssl/crypto/ec/ectest.c
@@ -412,7 +412,7 @@ static void prime_field_tests(void)
        ABORT;
    if (!EC_POINT_set_compressed_coordinates_GFp(group, Q, x, 1, ctx))
        ABORT;
-    if (EC_POINT_is_on_curve(group, Q, ctx) <= 0) {
+    if (!EC_POINT_is_on_curve(group, Q, ctx)) {
        if (!EC_POINT_get_affine_coordinates_GFp(group, Q, x, y, ctx))
            ABORT;
        fprintf(stderr, "Point is not on curve: x = 0x");
@@ -544,7 +544,7 @@ static void prime_field_tests(void)
        ABORT;
    if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx))
        ABORT;
-    if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
+    if (!EC_POINT_is_on_curve(group, P, ctx))
        ABORT;
    if (!BN_hex2bn(&z, "0100000000000000000001F4C8F927AED3CA752257"))
        ABORT;
@@ -593,7 +593,7 @@ static void prime_field_tests(void)
        ABORT;
    if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx))
        ABORT;
-    if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
+    if (!EC_POINT_is_on_curve(group, P, ctx))
        ABORT;
    if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831"))
        ABORT;
@@ -646,7 +646,7 @@ static void prime_field_tests(void)
        ABORT;
    if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx))
        ABORT;
-    if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
+    if (!EC_POINT_is_on_curve(group, P, ctx))
        ABORT;
    if (!BN_hex2bn
        (&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D"))
@@ -705,7 +705,7 @@ static void prime_field_tests(void)
        ABORT;
    if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx))
        ABORT;
-    if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
+    if (!EC_POINT_is_on_curve(group, P, ctx))
        ABORT;
    if (!BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E"
                   "84F3B9CAC2FC632551"))
@@ -761,7 +761,7 @@ static void prime_field_tests(void)
        ABORT;
    if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx))
        ABORT;
-    if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
+    if (!EC_POINT_is_on_curve(group, P, ctx))
        ABORT;
    if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
                   "FFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973"))
@@ -820,7 +820,7 @@ static void prime_field_tests(void)
        ABORT;
    if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx))
        ABORT;
-    if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
+    if (!EC_POINT_is_on_curve(group, P, ctx))
        ABORT;
    if (!BN_hex2bn(&z, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
                   "FFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5"
@@ -864,7 +864,7 @@ static void prime_field_tests(void)
        ABORT;
    if (!EC_POINT_dbl(group, P, P, ctx))
        ABORT;
-    if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
+    if (!EC_POINT_is_on_curve(group, P, ctx))
        ABORT;
    if (!EC_POINT_invert(group, Q, ctx))
        ABORT;                  /* P = -2Q */
@@ -1008,7 +1008,7 @@ static void prime_field_tests(void)
 #  define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
        if (!BN_hex2bn(&x, _x)) ABORT; \
        if (!EC_POINT_set_compressed_coordinates_GF2m(group, P, x, _y_bit, ctx)) ABORT; \
-        if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \
+        if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \
        if (!BN_hex2bn(&z, _order)) ABORT; \
        if (!BN_hex2bn(&cof, _cof)) ABORT; \
        if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \
@@ -1026,7 +1026,7 @@ static void prime_field_tests(void)
        if (!BN_hex2bn(&x, _x)) ABORT; \
        if (!BN_hex2bn(&y, _y)) ABORT; \
        if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \
-        if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \
+        if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \
        if (!BN_hex2bn(&z, _order)) ABORT; \
        if (!BN_hex2bn(&cof, _cof)) ABORT; \
        if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \
@@ -1157,7 +1157,7 @@ static void char2_field_tests(void)
    if (!EC_POINT_set_affine_coordinates_GF2m(group, Q, x, y, ctx))
        ABORT;
 #  endif
-    if (EC_POINT_is_on_curve(group, Q, ctx) <= 0) {
+    if (!EC_POINT_is_on_curve(group, Q, ctx)) {
 /* Change test based on whether binary point compression is enabled or not. */
 #  ifdef OPENSSL_EC_BIN_PT_COMP
        if (!EC_POINT_get_affine_coordinates_GF2m(group, Q, x, y, ctx))
@@ -1378,7 +1378,7 @@ static void char2_field_tests(void)
        ABORT;
    if (!EC_POINT_dbl(group, P, P, ctx))
        ABORT;
-    if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
+    if (!EC_POINT_is_on_curve(group, P, ctx))
        ABORT;
    if (!EC_POINT_invert(group, Q, ctx))
        ABORT;                  /* P = -2Q */
--- a/deps/openssl/openssl/crypto/ecdh/Makefile
+++ b/deps/openssl/openssl/crypto/ecdh/Makefile
@@ -62,8 +62,6 @@ tests:
 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff

-update: depend
-
 depend:
 	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
 	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
--- a/deps/openssl/openssl/crypto/ecdsa/Makefile
+++ b/deps/openssl/openssl/crypto/ecdsa/Makefile
@@ -62,8 +62,6 @@ tests:
 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff

-update: depend
-
 depend:
 	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
 	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
--- a/deps/openssl/openssl/crypto/ecdsa/ecdsatest.c
+++ b/deps/openssl/openssl/crypto/ecdsa/ecdsatest.c
@@ -296,8 +296,8 @@ int test_builtin(BIO *out)
    int nid, ret = 0;

    /* fill digest values with some random data */
-    if (RAND_pseudo_bytes(digest, 20) <= 0 ||
-        RAND_pseudo_bytes(wrong_digest, 20) <= 0) {
+    if (!RAND_pseudo_bytes(digest, 20) ||
+        !RAND_pseudo_bytes(wrong_digest, 20)) {
        BIO_printf(out, "ERROR: unable to get random data\n");
        goto builtin_err;
    }
--- a/deps/openssl/openssl/crypto/engine/Makefile
+++ b/deps/openssl/openssl/crypto/engine/Makefile
@@ -71,8 +71,6 @@ tests:
 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff

-update: depend
-
 depend:
 	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
 	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
--- a/deps/openssl/openssl/crypto/engine/eng_table.c
+++ b/deps/openssl/openssl/crypto/engine/eng_table.c
@@ -351,8 +351,6 @@ void engine_table_doall(ENGINE_TABLE *table, engine_table_doall_cb *cb,
    ENGINE_PILE_DOALL dall;
    dall.cb = cb;
    dall.arg = arg;
-    if (table)
-        lh_ENGINE_PILE_doall_arg(&table->piles,
-                                 LHASH_DOALL_ARG_FN(int_cb),
-                                 ENGINE_PILE_DOALL, &dall);
+    lh_ENGINE_PILE_doall_arg(&table->piles, LHASH_DOALL_ARG_FN(int_cb),
+                             ENGINE_PILE_DOALL, &dall);
 }
--- a/deps/openssl/openssl/crypto/err/Makefile
+++ b/deps/openssl/openssl/crypto/err/Makefile
@@ -61,8 +61,6 @@ tests:
 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff

-update: depend
-
 depend:
 	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
 	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
--- a/deps/openssl/openssl/crypto/evp/Makefile
+++ b/deps/openssl/openssl/crypto/evp/Makefile
@@ -86,8 +86,6 @@ tests:
 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff

-update: depend
-
 depend:
 	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
 	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
--- a/deps/openssl/openssl/crypto/evp/bio_ok.c
+++ b/deps/openssl/openssl/crypto/evp/bio_ok.c
@@ -491,8 +491,7 @@ static int sig_out(BIO *b)
     * FIXME: there's absolutely no guarantee this makes any sense at all,
     * particularly now EVP_MD_CTX has been restructured.
     */
-    if (RAND_pseudo_bytes(md->md_data, md->digest->md_size) < 0)
-        goto berr;
+    RAND_pseudo_bytes(md->md_data, md->digest->md_size);
    memcpy(&(ctx->buf[ctx->buf_len]), md->md_data, md->digest->md_size);
    longswap(&(ctx->buf[ctx->buf_len]), md->digest->md_size);
    ctx->buf_len += md->digest->md_size;
--- a/deps/openssl/openssl/crypto/evp/e_aes.c
+++ b/deps/openssl/openssl/crypto/evp/e_aes.c
@@ -50,7 +50,6 @@

 #include <openssl/opensslconf.h>
 #ifndef OPENSSL_NO_AES
-#include <openssl/crypto.h>
 # include <openssl/evp.h>
 # include <openssl/err.h>
 # include <string.h>
@@ -754,7 +753,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)

    case EVP_CTRL_AEAD_TLS1_AAD:
        /* Save the AAD for later use */
-        if (arg != EVP_AEAD_TLS1_AAD_LEN)
+        if (arg != 13)
            return 0;
        memcpy(c->buf, ptr, arg);
        gctx->tls_aad_len = arg;
@@ -915,7 +914,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
        /* Retrieve tag */
        CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, EVP_GCM_TLS_TAG_LEN);
        /* If tag mismatch wipe buffer */
-        if (CRYPTO_memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN)) {
+        if (memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN)) {
            OPENSSL_cleanse(out, len);
            goto err;
        }
@@ -1146,7 +1145,7 @@ static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
    case EVP_CTRL_CCM_SET_TAG:
        if ((arg & 1) || arg < 4 || arg > 16)
            return 0;
-        if (c->encrypt && ptr)
+        if ((c->encrypt && ptr) || (!c->encrypt && !ptr))
            return 0;
        if (ptr) {
            cctx->tag_set = 1;
@@ -1260,7 +1259,7 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
            !CRYPTO_ccm128_decrypt(ccm, in, out, len)) {
            unsigned char tag[16];
            if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) {
-                if (!CRYPTO_memcmp(tag, ctx->buf, cctx->M))
+                if (!memcmp(tag, ctx->buf, cctx->M))
                    rv = len;
            }
        }
--- a/deps/openssl/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c
+++ b/deps/openssl/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c
@@ -503,12 +503,7 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
    case EVP_CTRL_AEAD_TLS1_AAD:
        {
            unsigned char *p = ptr;
-            unsigned int len;
-
-            if (arg != EVP_AEAD_TLS1_AAD_LEN)
-                return -1;
- 
-            len = p[arg - 2] << 8 | p[arg - 1];
+            unsigned int len = p[arg - 2] << 8 | p[arg - 1];

            if (ctx->encrypt) {
                key->payload_length = len;
@@ -525,6 +520,8 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
                               AES_BLOCK_SIZE) & -AES_BLOCK_SIZE)
                             - len);
            } else {
+                if (arg > 13)
+                    arg = 13;
                memcpy(key->aux.tls_aad, ptr, arg);
                key->payload_length = arg;

--- a/deps/openssl/openssl/crypto/evp/e_rc4_hmac_md5.c
+++ b/deps/openssl/openssl/crypto/evp/e_rc4_hmac_md5.c
@@ -54,7 +54,6 @@

 #if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_MD5)

-# include <openssl/crypto.h>
 # include <openssl/evp.h>
 # include <openssl/objects.h>
 # include <openssl/rc4.h>
@@ -211,7 +210,7 @@ static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
            MD5_Update(&key->md, mac, MD5_DIGEST_LENGTH);
            MD5_Final(mac, &key->md);

-            if (CRYPTO_memcmp(out + plen, mac, MD5_DIGEST_LENGTH))
+            if (memcmp(out + plen, mac, MD5_DIGEST_LENGTH))
                return 0;
        } else {
            MD5_Update(&key->md, out + md5_off, len - md5_off);
@@ -259,12 +258,7 @@ static int rc4_hmac_md5_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
    case EVP_CTRL_AEAD_TLS1_AAD:
        {
            unsigned char *p = ptr;
-            unsigned int len;
-
-            if (arg != EVP_AEAD_TLS1_AAD_LEN)
-                return -1;
-
-            len = p[arg - 2] << 8 | p[arg - 1];
+            unsigned int len = p[arg - 2] << 8 | p[arg - 1];

            if (!ctx->encrypt) {
                len -= MD5_DIGEST_LENGTH;
--- a/deps/openssl/openssl/crypto/evp/encode.c
+++ b/deps/openssl/openssl/crypto/evp/encode.c
@@ -137,7 +137,7 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
    unsigned int total = 0;

    *outl = 0;
-    if (inl <= 0)
+    if (inl == 0)
        return;
    OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data));
    if ((ctx->num + inl) < ctx->length) {
--- a/deps/openssl/openssl/crypto/evp/evp.h
+++ b/deps/openssl/openssl/crypto/evp/evp.h
@@ -103,6 +103,7 @@
 # define EVP_PKS_RSA     0x0100
 # define EVP_PKS_DSA     0x0200
 # define EVP_PKS_EC      0x0400
+# define EVP_PKT_EXP     0x1000 /* <= 512 bit key */

 # define EVP_PKEY_NONE   NID_undef
 # define EVP_PKEY_RSA    NID_rsaEncryption
@@ -408,9 +409,6 @@ struct evp_cipher_st {
 /* Set the GCM invocation field, decrypt only */
 # define         EVP_CTRL_GCM_SET_IV_INV         0x18

-/* RFC 5246 defines additional data to be 13 bytes in length */
-# define         EVP_AEAD_TLS1_AAD_LEN           13
-
 /* GCM TLS constants */
 /* Length of fixed part of IV derived from PRF */
 # define EVP_GCM_TLS_FIXED_IV_LEN                        4
--- a/Show More
+++ b/Show More