deps: upgrade openssl sources to 1.0.2f

This replaces all sources of openssl-1.0.2f.tar.gz into deps/openssl/openssl Fix: https://github.com/nodejs/node/issues/4857 PR-URL: https://github.com/nodejs/node/pull/4961 Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp> deps: copy openssl header files to include dir All symlink files in deps/openssl/openssl/include/openssl/ are removed and replaced with real header files to avoid issues on Windows. Two files of opensslconf.h in crypto and include dir are replaced to refer config/opensslconf.h. Fix: https://github.com/nodejs/node/issues/4857 PR-URL: https://github.com/nodejs/node/pull/4961 Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp> deps: fix openssl assembly error on ia32 win32 `x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and perhaps others) are requiring .686 . Fixes: https://github.com/nodejs/node/issues/589 PR-URL: https://github.com/nodejs/node/pull/1389 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp> deps: fix asm build error of openssl in x86_win32 See https://mta.openssl.org/pipermail/openssl-dev/2015-February/000651.html iojs needs to stop using masm and move to nasm or yasm on Win32. Fixes: https://github.com/nodejs/node/issues/589 PR-URL: https://github.com/nodejs/node/pull/1389 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> openssl: fix keypress requirement in apps on win32 Reapply b910613792 . Fixes: https://github.com/nodejs/node/issues/589 PR-URL: https://github.com/nodejs/node/pull/1389 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> docs: update openssl UPDATING guide the guide is now current with the steps taken to update openssl to v1.0.2f PR-URL: https://github.com/nodejs/node/pull/4961 Reviewed-By: Myles Borins <mborins@us.ibm.com>
9 years ago · 1f434787fc
199 changed files with 1216 additions and 564 deletions
--- a/deps/openssl/doc/UPGRADING.md
+++ b/deps/openssl/doc/UPGRADING.md
@ -1,8 +1,8 @@
 ## How to upgrade openssl library in Node.js
-This document describes the procedure to upgrade openssl from 1.0.2a
+This document describes the procedure to upgrade openssl from 1.0.2e
-to 1.0.2c in Node.js.
+to 1.0.2f in Node.js. This procedure might be applied to upgrading
-
+any versions in 1.0.2.
 ### Build System and Upgrading Overview
 The openssl build system is based on the `Configure` perl script in
@ -31,6 +31,8 @@ The tested platform in CI are also listed.
 | --dest-os | --dest-cpu | conf | asm  | openssl target     | CI |
 |---------- |----------- |----- |----- |------------------- |--- |
 | aix       | ppc        | o    | x(*2)| aix-gcc            | o  |
 | aix       | ppc64      | o    | x(*2)| aix64-gcc          | o  |
 | linux     | ia32       | o    | o    |linux-elf           | o  |
 | linux     | x32        | o    | x(*2)|linux-x32           | x  |
 | linux     | x64        | o    | o    |linux-x86_64        | o  |
@ -91,48 +93,197 @@ https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/crypto/sha/asm/sha5
 otherwise asm_obsolete are used.
 The following is the detail instruction steps how to upgrade openssl
-version from 1.0.2a to 1.0.2c in node.
+version from 1.0.2e to 1.0.2f in node.
 *This needs to run Linux
 enviroment.*
 ### 1. Replace openssl source in `deps/openssl/openssl`
 Remove old openssl sources in `deps/openssl/openssl` .
 Get original openssl sources from
-https://www.openssl.org/source/openssl-1.0.2c.tar.gz and extract all
+https://www.openssl.org/source/openssl-1.0.2f.tar.gz and extract all
 files into `deps/openssl/openssl` .
-### 2. Apply private patches
+```sh
-There are three kinds of private patches to be applied in openssl-1.0.2c.
+ohtsu@ubuntu:~/github/node$ cd deps/openssl/
-
+ohtsu@ubuntu:~/github/node/deps/openssl$ rm -rf openssl
- The two fixes of assembly error on ia32 win32. masm is no longer
+ohtsu@ubuntu:~/github/node/deps/openssl$ tar zxf ~/tmp/openssl-1.0.2f.tar.gz
-  supported in openssl. We should move to use nasm or yasm in future
+ohtsu@ubuntu:~/github/node/deps/openssl$ mv openssl-1.0.2f openssl
-  version of node.
+ohtsu@ubuntu:~/github/node/deps/openssl$ git add --all openssl
-
+ohtsu@ubuntu:~/github/node/deps/openssl$ git commit openssl
- The fix of openssl-cli built on win. Key press requirement of
+````
-  openssl-cli in win causes timeout failures of several tests.
+The commit message can be
- A new `-no_rand_screen` option to openssl s_client. This makes test
+>deps: upgrade openssl sources to 1.0.2f
-  time of test-tls-server-verify be much faster.
+>
 >This replaces all sources of openssl-1.0.2f.tar.gz into
 >deps/openssl/openssl
-### 3. Replace openssl header files in `deps/openssl/openssl/include/openssl`
+### 2. Replace openssl header files in `deps/openssl/openssl/include/openssl`
 all header files in `deps/openssl/openssl/include/openssl/*.h` are
 symbolic links in the distributed release tar.gz. They cause issues in
 Windows. They are copied from the real files of symlink origin into
 the include directory. During installation, they also copied into
 `PREFIX/node/include` by tools/install.py.
 `deps/openssl/openssl/include/openssl/opensslconf.h` and
 `deps/openssl/openssl/crypto/opensslconf.h` needs to be changed so as
 to refer the platform independent file of `deps/openssl/config/opensslconf.h`
 The following shell script (copy_symlink.sh) is my tool for working
 this procedures to invoke it in the `deps/openssl/openssl/include/openssl/`.
 ```sh
 #!/bin/bash
 for var in "$@"
 do
    if [ -L $var ]; then
 	origin=`readlink $var`
 	rm $var
 	cp $origin $var
    fi
 done
 rm opensslconf.h
 echo '#include "../../crypto/opensslconf.h"' >  opensslconf.h
 rm ../../crypto/opensslconf.h
 echo '#include "../../config/opensslconf.h"' > ../../crypto/opensslconf.h
 ````
 This step somehow gets troublesome since openssl-1.0.2f because
 symlink headers are removed in tar.gz file and we have to execute
 ./config script to generate them. The config script also generate
 unnecessary platform dependent files in the repository so that we have
 to clean up them after committing header files.
 ```sh
 ohtsu@ubuntu:~/github/node/deps/openssl$ cd openssl/
 ohtsu@ubuntu:~/github/node/deps/openssl/openssl$ ./config
 make[1]: Leaving directory `/home/ohtsu/github/node/deps/openssl/openssl/test'
 Configured for linux-x86_64.
 ohtsu@ubuntu:~/github/node/deps/openssl/openssl$ cd include/openssl/
 ohtsu@ubuntu:~/github/node/deps/openssl/openssl/include/openssl$ ~/copy_symlink.sh *.h
 ohtsu@ubuntu:~/github/node/deps/openssl/openssl/include/openssl$ cd ../..
 ohtsu@ubuntu:~/github/node/deps/openssl/openssl$ git add include
 ohtsu@ubuntu:~/github/node/deps/openssl/openssl$ git commit include/ crypto/opensslconf.h
 ohtsu@ubuntu:~/github/node/deps/openssl/openssl$ git clean -f
 ohtsu@ubuntu:~/github/node/deps/openssl/openssl$ git checkout Makefile Makefile.bak
 ````
 The commit message can be
 >deps: copy all openssl header files to include dir
 >
 >All symlink files in `deps/openssl/openssl/include/openssl/`
 >are removed and replaced with real header files to avoid
 >issues on Windows. Two files of opensslconf.h in crypto and
 >include dir are replaced to refer config/opensslconf.h.
 ### 3. Apply floating patches
 At the time of writing, there are four floating patches to be applied
 to openssl.
 - Two fixes for assembly errors on ia32 win32.
 - One fix for openssl-cli built on win. Key press requirement of
  openssl-cli in win causes timeout failures of several tests.
 - Adding a new `-no_rand_screen` option to openssl s_client. This
  makes test time of test-tls-server-verify be much faster.
 These fixes can be applied via cherry-pick. The first three will merge without conflict.
 The last commit can be landed using a recursive strategy that prefers newer changes.
 ```sh
 git cherry-pick c66c3d9fa3f5bab0bdfe363dd947136cf8a3907f
 git cherry-pick 42a8de2ac66b6953cbc731fdb0b128b8019643b2
 git cherry-pick 2eb170874aa5e84e71b62caab7ac9792fd59c10f
 git cherry-pick --strategy=recursive -X theirs 664a659
 ```
 If you attempted to cherry-pick the last commit you would have the following conflict
 ```
 # do not do this
 git cherry-pick 664a6596960655e214fef25e74d3285097703e95
 error: could not apply 664a659... deps: add -no_rand_screen to openssl s_client
 hint: after resolving the conflicts, mark the corrected paths
 hint: with 'git add <paths>' or 'git rm <paths>'
 hint: and commit the result with 'git commit'
 git cherry-pi
 ```
 the conflict is in `deps/openssl/openssl/apps/app_rand.c` as below.
 ```sh
 ohtsu@omb:openssl$ git diff
 diff --cc deps/openssl/openssl/apps/app_rand.c
 index 7f40bba,b6fe294..0000000
 --- a/deps/openssl/openssl/apps/app_rand.c
 +++ b/deps/openssl/openssl/apps/app_rand.c
@@@ -124,7 -124,16 +124,20 @@@ int app_RAND_load_file(const char *file
      char buffer[200];
  #ifdef OPENSSL_SYS_WINDOWS
  ++<<<<<<< HEAD
   +    RAND_screen();
   ++=======
   +     /*
   +      * allocate 2 to dont_warn not to use RAND_screen() via
   +      * -no_rand_screen option in s_client
   +      */
   +     if (dont_warn != 2) {
   +       BIO_printf(bio_e, "Loading 'screen' into random state -");
   +       BIO_flush(bio_e);
   +       RAND_screen();
   +       BIO_printf(bio_e, " done\n");
   +     }
   ++>>>>>>> 664a659... deps: add -no_rand_screen to openssl s_client
     #endif
      if (file == NULL)
 ````
 We want to opt for the changes from 664a659 instead of the changes present on HEAD.
 `git cherry-pick --strategy=recursive -X theirs` will do just that!
 ### 4. Change `opensslconf.h` so as to fit each platform.
-No change.
+opensslconf.h includes defines and macros which are platform
 dependent. Each files can be generated via `deps/openssl/config/Makefile`
 We can regenerate them and commit them if any diffs exist.
 ```sh
 ohtsu@ubuntu:~/github/node/deps/openssl$ cd config
 ohtsu@ubuntu:~/github/node/deps/openssl/config$ make clean
 find archs -name opensslconf.h -exec rm "{}" \;
 ohtsu@ubuntu:~/github/node/deps/openssl/config$ make
 cd ../openssl; perl ./Configure no-shared no-symlinks aix-gcc > /dev/null
 ohtsu@ubuntu:~/github/node/deps/openssl/config$ git diff
 ohtsu@ubuntu:~/github/node/deps/openssl/config$ git commit .
 ````
 The commit message can be
 >deps: update openssl config files
 >
 >Regenerate config files for supported platforms with Makefile.
 ### 5. Update openssl.gyp and openssl.gypi
-No change.
+This process is needed when source files are removed, renamed and added.
 It seldom happen in the minor bug fix release. Build errors would be
 thrown if it happens. In case of build errors, we need to check source
 files in Makefiles of its platform and change openssl.gyp or
 openssl.gypi according to the changes of source files. Please contact
@shigeki if it is needed.
 ### 6. ASM files for openssl
 We provide two sets of asm files. One is for the latest assembler
-and the other is the older one.
+and the other is the older one. sections 6.1 and 6.2 describe the two
 types of files. Section 6.3 explains the steps to update the files.
 In the case of upgrading 1.0.2f there were no changes to the asm files.
 ### 6.1. asm files for the latest compiler
 This was made in `deps/openssl/asm/Makefile`
 - Updated asm files for each platforms which are required in
-  openssl-1.0.2c.
+  openssl-1.0.2f.
 - Some perl files need CC and ASM envs. Added a check if these envs
  exist. Followed asm files are to be generated with CC=gcc and
  ASM=nasm on Linux. See
@ -148,6 +299,7 @@ This was made in `deps/openssl/asm/Makefile`
 With export environments of CC=gcc and ASM=nasm, then type make
 command and check if new asm files are generated.
 If you don't have nasm please install it such as `apt-get install nasm`.
 ### 6.2. asm files for the older compiler
 For older assembler, the version check of CC and ASM should be
@ -158,3 +310,42 @@ into this directories and remove the check of CC and ASM envs.
 Without environments of CC and ASM, then type make command and check
 if new asm files for older compilers are generated.
 The following steps includes version check of gcc and nasm.
 ### 6.3 steps
 ```sh
 ohtsu@ubuntu:~/github/node/deps/openssl/config$ cd ../asm
 ohtsu@ubuntu:~/github/node/deps/openssl/asm$ gcc --version
 gcc (Ubuntu 4.8.4-2ubuntu1~14.04) 4.8.4
 Copyright (C) 2013 Free Software Foundation, Inc.
 This is free software; see the source for copying conditions.  There is NO
 warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 ohtsu@ubuntu:~/github/node/deps/openssl/asm$ nasm -v
 NASM version 2.10.09 compiled on Dec 29 2013
 ohtsu@ubuntu:~/github/node/deps/openssl/asm$ export CC=gcc
 ohtsu@ubuntu:~/github/node/deps/openssl/asm$ export ASM=nasm
 ohtsu@ubuntu:~/github/node/deps/openssl/asm$ make clean
 find . -iname '*.asm' -exec rm "{}" \;
 find . -iname '*.s' -exec rm "{}" \;
 find . -iname '*.S' -exec rm "{}" \;
 ohtsu@ubuntu:~/github/node/deps/openssl/asm$ make
 ohtsu@ubuntu:~/github/node/deps/openssl/asm$ cd ../asm_obsolete/
 ohtsu@ubuntu:~/github/node/deps/openssl/asm_obsolete$ unset CC
 ohtsu@ubuntu:~/github/node/deps/openssl/asm_obsolete$ unset ASM
 ohtsu@ubuntu:~/github/node/deps/openssl/asm_obsolete$ make clean
 find . -iname '*.asm' -exec rm "{}" \;
 find . -iname '*.s' -exec rm "{}" \;
 find . -iname '*.S' -exec rm "{}" \;
 ohtsu@ubuntu:~/github/node/deps/openssl$ git status
 ohtsu@ubuntu:~/github/node/deps/openssl$ git commit asm asm_obsolete
 ````
 The commit message can be
 >deps: update openssl asm and asm_obsolete files
 >
 >Regenerate asm files with Makefile and CC=gcc and ASM=gcc where
 >gcc-4.8.4. Also asm files in asm_obsolete dir to support old compiler
 >and assembler are regenerated without CC and ASM envs.
--- a/deps/openssl/openssl/ACKNOWLEDGMENTS
+++ b/deps/openssl/openssl/ACKNOWLEDGMENTS
@ -1,30 +1,2 @@
-The OpenSSL project depends on volunteer efforts and financial support from
+Please https://www.openssl.org/community/thanks.html for the current
-the end user community. That support comes in the form of donations and paid
+acknowledgements.
 sponsorships, software support contracts, paid consulting services
 and commissioned software development.
 Since all these activities support the continued development and improvement
 of OpenSSL we consider all these clients and customers as sponsors of the
 OpenSSL project.
 We would like to identify and thank the following such sponsors for their past
 or current significant support of the OpenSSL project:
 Major support:
 	Qualys		http://www.qualys.com/
 Very significant support:
 	OpenGear:	http://www.opengear.com/
 Significant support:
 	PSW Group:	http://www.psw.net/
 	Acano Ltd.	http://acano.com/
 Please note that we ask permission to identify sponsors and that some sponsors
 we consider eligible for inclusion here have requested to remain anonymous.
 Additional sponsorship or financial support is always welcome: for more
 information please contact the OpenSSL Software Foundation.
--- a/deps/openssl/openssl/CHANGES
+++ b/deps/openssl/openssl/CHANGES
@ -2,6 +2,54 @@
 OpenSSL CHANGES
 _______________
 Changes between 1.0.2e and 1.0.2f [28 Jan 2016]
  *) DH small subgroups
     Historically OpenSSL only ever generated DH parameters based on "safe"
     primes. More recently (in version 1.0.2) support was provided for
     generating X9.42 style parameter files such as those required for RFC 5114
     support. The primes used in such files may not be "safe". Where an
     application is using DH configured with parameters based on primes that are
     not "safe" then an attacker could use this fact to find a peer's private
     DH exponent. This attack requires that the attacker complete multiple
     handshakes in which the peer uses the same private DH exponent. For example
     this could be used to discover a TLS server's private DH exponent if it's
     reusing the private DH exponent or it's using a static DH ciphersuite.
     OpenSSL provides the option SSL_OP_SINGLE_DH_USE for ephemeral DH (DHE) in
     TLS. It is not on by default. If the option is not set then the server
     reuses the same private DH exponent for the life of the server process and
     would be vulnerable to this attack. It is believed that many popular
     applications do set this option and would therefore not be at risk.
     The fix for this issue adds an additional check where a "q" parameter is
     available (as is the case in X9.42 based parameters). This detects the
     only known attack, and is the only possible defense for static DH
     ciphersuites. This could have some performance impact.
     Additionally the SSL_OP_SINGLE_DH_USE option has been switched on by
     default and cannot be disabled. This could have some performance impact.
     This issue was reported to OpenSSL by Antonio Sanso (Adobe).
     (CVE-2016-0701)
     [Matt Caswell]
  *) SSLv2 doesn't block disabled ciphers
     A malicious client can negotiate SSLv2 ciphers that have been disabled on
     the server and complete SSLv2 handshakes even if all SSLv2 ciphers have
     been disabled, provided that the SSLv2 protocol was not also disabled via
     SSL_OP_NO_SSLv2.
     This issue was reported to OpenSSL on 26th December 2015 by Nimrod Aviram
     and Sebastian Schinzel.
     (CVE-2015-3197)
     [Viktor Dukhovni]
  *) Reject DH handshakes with parameters shorter than 1024 bits.
     [Kurt Roeckx]
 Changes between 1.0.2d and 1.0.2e [3 Dec 2015]
  *) BN_mod_exp may produce incorrect results on x86_64
--- a/deps/openssl/openssl/Configure
+++ b/deps/openssl/openssl/Configure
@ -124,6 +124,9 @@ my $clang_disabled_warnings = "-Wno-unused-parameter -Wno-missing-field-initiali
 # -Wextended-offsetof
 my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Qunused-arguments";
 # Warn that "make depend" should be run?
 my $warn_make_depend = 0;
 my $strict_warnings = 0;
 my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
@ -1513,7 +1516,7 @@ if ($target =~ /\-icc$/)	# Intel C compiler
 # linker only when --prefix is not /usr.
 if ($target =~ /^BSD\-/)
 	{
-	$shared_ldflag.=" -Wl,-rpath,\$(LIBRPATH)" if ($prefix !~ m|^/usr[/]*$|);
+	$shared_ldflag.=" -Wl,-rpath,\$\$(LIBRPATH)" if ($prefix !~ m|^/usr[/]*$|);
 	}
 if ($sys_id ne "")
@ -2028,13 +2031,7 @@ EOF
 	    &dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
 	}
 	if ($depflags ne $default_depflags && !$make_depend) {
-		print <<EOF;
+            $warn_make_depend++;
 Since you've disabled or enabled at least one algorithm, you need to do
 the following before building:
 	make depend
 EOF
        }
 }
@ -2114,12 +2111,18 @@ EOF
 print <<\EOF if ($no_shared_warn);
-You gave the option 'shared'.  Normally, that would give you shared libraries.
+You gave the option 'shared', which is not supported on this platform, so
-Unfortunately, the OpenSSL configuration doesn't include shared library support
+we will pretend you gave the option 'no-shared'.  If you know how to implement
-for this platform yet, so it will pretend you gave the option 'no-shared'.  If
+shared libraries, please let us know (but please first make sure you have
-you can inform the developpers (openssl-dev\@openssl.org) how to support shared
+tried with a current version of OpenSSL).
-libraries on this platform, they will at least look at it and try their best
+EOF
-(but please first make sure you have tried with a current version of OpenSSL).
+
 print <<EOF if ($warn_make_depend);
 *** Because of configuration changes, you MUST do the following before
 *** building:
 	make depend
 EOF
 exit(0);
--- a/deps/openssl/openssl/INSTALL
+++ b/deps/openssl/openssl/INSTALL
@ -164,10 +164,10 @@
     standard headers).  If it is a problem with OpenSSL itself, please
     report the problem to <openssl-bugs@openssl.org> (note that your
     message will be recorded in the request tracker publicly readable
-     via http://www.openssl.org/support/rt.html and will be forwarded to a
+     at https://www.openssl.org/community/index.html#bugs and will be
-     public mailing list). Include the output of "make report" in your message.
+     forwarded to a public mailing list). Include the output of "make
-     Please check out the request tracker. Maybe the bug was already
+     report" in your message.  Please check out the request tracker. Maybe
-     reported or has already been fixed.
+     the bug was already reported or has already been fixed.
     [If you encounter assembler error messages, try the "no-asm"
     configuration option as an immediate fix.]
--- a/deps/openssl/openssl/LICENSE
+++ b/deps/openssl/openssl/LICENSE
@ -12,7 +12,7 @@
  ---------------
 /* ====================================================================
- * Copyright (c) 1998-2011 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2016 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
--- a/deps/openssl/openssl/Makefile
+++ b/deps/openssl/openssl/Makefile
@ -4,7 +4,7 @@
 ## Makefile for OpenSSL
 ##
-VERSION=1.0.2e
+VERSION=1.0.2f
 MAJOR=1
 MINOR=0.2
 SHLIB_VERSION_NUMBER=1.0.0
@ -182,8 +182,7 @@ SHARED_LDFLAGS=
 GENERAL=        Makefile
 BASENAME=       openssl
 NAME=           $(BASENAME)-$(VERSION)
-TARFILE=        $(NAME).tar
+TARFILE=        ../$(NAME).tar
 WTARFILE=       $(NAME)-win.tar
 EXHEADER=       e_os2.h
 HEADER=         e_os.h
@ -501,38 +500,35 @@ TABLE: Configure
 # would occur. Therefore the list of files is temporarily stored into a file
 # and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
 # tar does not support the --files-from option.
-TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list \
+TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from $(TARFILE).list \
-	                       --owner openssl:0 --group openssl:0 \
+	                       --owner 0 --group 0 \
-			       --transform 's|^|openssl-$(VERSION)/|' \
+			       --transform 's|^|$(NAME)/|' \
 			       -cvf -
-../$(TARFILE).list:
+$(TARFILE).list:
 	find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \
 	       \! -name '*.so' \! -name '*.so.*'  \! -name 'openssl' \
-	       \! -name '*test' \! -name '.#*' \! -name '*~' \
+	       \( \! -name '*test' -o -name bctest -o -name pod2mantest \) \
-	    | sort > ../$(TARFILE).list
+	       \! -name '.#*' \! -name '*~' \! -type l \
 	    | sort > $(TARFILE).list
-tar: ../$(TARFILE).list
+tar: $(TARFILE).list
 	find . -type d -print | xargs chmod 755
 	find . -type f -print | xargs chmod a+r
 	find . -type f -perm -0100 -print | xargs chmod a+x
-	$(TAR_COMMAND) | gzip --best >../$(TARFILE).gz
+	$(TAR_COMMAND) | gzip --best > $(TARFILE).gz
-	rm -f ../$(TARFILE).list
+	rm -f $(TARFILE).list
-	ls -l ../$(TARFILE).gz
+	ls -l $(TARFILE).gz
-tar-snap: ../$(TARFILE).list
+tar-snap: $(TARFILE).list
-	$(TAR_COMMAND) > ../$(TARFILE)
+	$(TAR_COMMAND) > $(TARFILE)
-	rm -f ../$(TARFILE).list
+	rm -f $(TARFILE).list
-	ls -l ../$(TARFILE)
+	ls -l $(TARFILE)
 dist:   
 	$(PERL) Configure dist
 	@$(MAKE) dist_pem_h
 	@$(MAKE) SDIRS='$(SDIRS)' clean
-	@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' tar
+	@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
 dist_pem_h:
 	(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
 install: all install_docs install_sw
--- a/deps/openssl/openssl/Makefile.bak
+++ b/deps/openssl/openssl/Makefile.bak
@ -4,7 +4,7 @@
 ## Makefile for OpenSSL
 ##
-VERSION=1.0.2e-dev
+VERSION=1.0.2f-dev
 MAJOR=1
 MINOR=0.2
 SHLIB_VERSION_NUMBER=1.0.0
@ -182,8 +182,7 @@ SHARED_LDFLAGS=
 GENERAL=        Makefile
 BASENAME=       openssl
 NAME=           $(BASENAME)-$(VERSION)
-TARFILE=        $(NAME).tar
+TARFILE=        ../$(NAME).tar
 WTARFILE=       $(NAME)-win.tar
 EXHEADER=       e_os2.h
 HEADER=         e_os.h
@ -501,38 +500,35 @@ TABLE: Configure
 # would occur. Therefore the list of files is temporarily stored into a file
 # and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
 # tar does not support the --files-from option.
-TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list \
+TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from $(TARFILE).list \
-	                       --owner openssl:0 --group openssl:0 \
+	                       --owner 0 --group 0 \
-			       --transform 's|^|openssl-$(VERSION)/|' \
+			       --transform 's|^|$(NAME)/|' \
 			       -cvf -
-../$(TARFILE).list:
+$(TARFILE).list:
 	find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \
 	       \! -name '*.so' \! -name '*.so.*'  \! -name 'openssl' \
-	       \! -name '*test' \! -name '.#*' \! -name '*~' \
+	       \( \! -name '*test' -o -name bctest -o -name pod2mantest \) \
-	    | sort > ../$(TARFILE).list
+	       \! -name '.#*' \! -name '*~' \! -type l \
 	    | sort > $(TARFILE).list
-tar: ../$(TARFILE).list
+tar: $(TARFILE).list
 	find . -type d -print | xargs chmod 755
 	find . -type f -print | xargs chmod a+r
 	find . -type f -perm -0100 -print | xargs chmod a+x
-	$(TAR_COMMAND) | gzip --best >../$(TARFILE).gz
+	$(TAR_COMMAND) | gzip --best > $(TARFILE).gz
-	rm -f ../$(TARFILE).list
+	rm -f $(TARFILE).list
-	ls -l ../$(TARFILE).gz
+	ls -l $(TARFILE).gz
-tar-snap: ../$(TARFILE).list
+tar-snap: $(TARFILE).list
-	$(TAR_COMMAND) > ../$(TARFILE)
+	$(TAR_COMMAND) > $(TARFILE)
-	rm -f ../$(TARFILE).list
+	rm -f $(TARFILE).list
-	ls -l ../$(TARFILE)
+	ls -l $(TARFILE)
 dist:   
 	$(PERL) Configure dist
 	@$(MAKE) dist_pem_h
 	@$(MAKE) SDIRS='$(SDIRS)' clean
-	@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' tar
+	@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
 dist_pem_h:
 	(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
 install: all install_docs install_sw
--- a/deps/openssl/openssl/Makefile.org
+++ b/deps/openssl/openssl/Makefile.org
@ -180,8 +180,7 @@ SHARED_LDFLAGS=
 GENERAL=        Makefile
 BASENAME=       openssl
 NAME=           $(BASENAME)-$(VERSION)
-TARFILE=        $(NAME).tar
+TARFILE=        ../$(NAME).tar
 WTARFILE=       $(NAME)-win.tar
 EXHEADER=       e_os2.h
 HEADER=         e_os.h
@ -499,38 +498,35 @@ TABLE: Configure
 # would occur. Therefore the list of files is temporarily stored into a file
 # and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
 # tar does not support the --files-from option.
-TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list \
+TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from $(TARFILE).list \
-	                       --owner openssl:0 --group openssl:0 \
+	                       --owner 0 --group 0 \
-			       --transform 's|^|openssl-$(VERSION)/|' \
+			       --transform 's|^|$(NAME)/|' \
 			       -cvf -
-../$(TARFILE).list:
+$(TARFILE).list:
 	find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \
 	       \! -name '*.so' \! -name '*.so.*'  \! -name 'openssl' \
-	       \! -name '*test' \! -name '.#*' \! -name '*~' \
+	       \( \! -name '*test' -o -name bctest -o -name pod2mantest \) \
-	    | sort > ../$(TARFILE).list
+	       \! -name '.#*' \! -name '*~' \! -type l \
 	    | sort > $(TARFILE).list
-tar: ../$(TARFILE).list
+tar: $(TARFILE).list
 	find . -type d -print | xargs chmod 755
 	find . -type f -print | xargs chmod a+r
 	find . -type f -perm -0100 -print | xargs chmod a+x
-	$(TAR_COMMAND) | gzip --best >../$(TARFILE).gz
+	$(TAR_COMMAND) | gzip --best > $(TARFILE).gz
-	rm -f ../$(TARFILE).list
+	rm -f $(TARFILE).list
-	ls -l ../$(TARFILE).gz
+	ls -l $(TARFILE).gz
-tar-snap: ../$(TARFILE).list
+tar-snap: $(TARFILE).list
-	$(TAR_COMMAND) > ../$(TARFILE)
+	$(TAR_COMMAND) > $(TARFILE)
-	rm -f ../$(TARFILE).list
+	rm -f $(TARFILE).list
-	ls -l ../$(TARFILE)
+	ls -l $(TARFILE)
 dist:   
 	$(PERL) Configure dist
 	@$(MAKE) dist_pem_h
 	@$(MAKE) SDIRS='$(SDIRS)' clean
-	@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' tar
+	@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
 dist_pem_h:
 	(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
 install: all install_docs install_sw
--- a/deps/openssl/openssl/NEWS
+++ b/deps/openssl/openssl/NEWS
@ -5,6 +5,11 @@
  This file gives a brief overview of the major changes between each OpenSSL
  release. For more details please read the CHANGES file.
  Major changes between OpenSSL 1.0.2e and OpenSSL 1.0.2f [28 Jan 2016]
      o DH small subgroups (CVE-2016-0701)
      o SSLv2 doesn't block disabled ciphers (CVE-2015-3197)
  Major changes between OpenSSL 1.0.2d and OpenSSL 1.0.2e [3 Dec 2015]
      o BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193)
--- a/deps/openssl/openssl/README
+++ b/deps/openssl/openssl/README
@ -1,5 +1,5 @@
- OpenSSL 1.0.2e 3 Dec 2015
+ OpenSSL 1.0.2f 28 Jan 2016
 Copyright (c) 1998-2015 The OpenSSL Project
 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
@ -90,11 +90,12 @@
 In order to avoid spam, this is a moderated mailing list, and it might
 take a day for the ticket to show up.  (We also scan posts to make sure
- that security disclosures aren't publically posted by mistake.) Mail to
+ that security disclosures aren't publically posted by mistake.) Mail
- this address is recorded in the public RT (request tracker) database (see
+ to this address is recorded in the public RT (request tracker) database
- https://www.openssl.org/support/rt.html for details) and also forwarded
+ (see https://www.openssl.org/community/index.html#bugs for details) and
- the public openssl-dev mailing list.  Confidential mail may be sent to
+ also forwarded the public openssl-dev mailing list.  Confidential mail
- openssl-security@openssl.org (PGP key available from the key servers).
+ may be sent to openssl-security@openssl.org (PGP key available from the
 key servers).
 Please do NOT use this for general assistance or support queries.
 Just because something doesn't work the way you expect does not mean it
--- a/deps/openssl/openssl/apps/app_rand.c
+++ b/deps/openssl/openssl/apps/app_rand.c
@ -124,13 +124,7 @@ int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
    char buffer[200];
 #ifdef OPENSSL_SYS_WINDOWS
    /*
     * allocate 2 to dont_warn not to use RAND_screen() via
     * -no_rand_screen option in s_client
     */
    if (dont_warn != 2) {
    RAND_screen();
    }
 #endif
    if (file == NULL)
--- a/deps/openssl/openssl/apps/engine.c
+++ b/deps/openssl/openssl/apps/engine.c
@ -1,4 +1,4 @@
-/* apps/engine.c -*- mode: C; c-file-style: "eay" -*- */
+/* apps/engine.c */
 /*
 * Written by Richard Levitte <richard@levitte.org> for the OpenSSL project
 * 2000.
--- a/deps/openssl/openssl/apps/md4.c
+++ b/deps/openssl/openssl/apps/md4.c
@ -1 +0,0 @@
 openssl-1.0.2e/../crypto/md4/md4.c
--- a/deps/openssl/openssl/apps/ocsp.c
+++ b/deps/openssl/openssl/apps/ocsp.c
@ -1041,7 +1041,7 @@ static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req,
    bs = OCSP_BASICRESP_new();
    thisupd = X509_gmtime_adj(NULL, 0);
    if (ndays != -1)
-        nextupd = X509_gmtime_adj(NULL, nmin * 60 + ndays * 3600 * 24);
+        nextupd = X509_time_adj_ex(NULL, ndays, nmin * 60, NULL);
    /* Examine each certificate id in the request */
    for (i = 0; i < id_count; i++) {
--- a/deps/openssl/openssl/apps/pkcs12.c
+++ b/deps/openssl/openssl/apps/pkcs12.c
@ -79,7 +79,8 @@ const EVP_CIPHER *enc;
 # define CLCERTS         0x8
 # define CACERTS         0x10
-int get_cert_chain(X509 *cert, X509_STORE *store, STACK_OF(X509) **chain);
+static int get_cert_chain(X509 *cert, X509_STORE *store,
                          STACK_OF(X509) **chain);
 int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen,
                        int options, char *pempass);
 int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags,
@ -594,7 +595,7 @@ int MAIN(int argc, char **argv)
            vret = get_cert_chain(ucert, store, &chain2);
            X509_STORE_free(store);
-            if (!vret) {
+            if (vret == X509_V_OK) {
                /* Exclude verified certificate */
                for (i = 1; i < sk_X509_num(chain2); i++)
                    sk_X509_push(certs, sk_X509_value(chain2, i));
@ -602,7 +603,7 @@ int MAIN(int argc, char **argv)
                X509_free(sk_X509_value(chain2, 0));
                sk_X509_free(chain2);
            } else {
-                if (vret >= 0)
+                if (vret != X509_V_ERR_UNSPECIFIED)
                    BIO_printf(bio_err, "Error %s getting chain.\n",
                               X509_verify_cert_error_string(vret));
                else
@ -906,36 +907,25 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass,
 /* Given a single certificate return a verified chain or NULL if error */
-/* Hope this is OK .... */
+static int get_cert_chain(X509 *cert, X509_STORE *store,
-
+                          STACK_OF(X509) **chain)
 int get_cert_chain(X509 *cert, X509_STORE *store, STACK_OF(X509) **chain)
 {
    X509_STORE_CTX store_ctx;
-    STACK_OF(X509) *chn;
+    STACK_OF(X509) *chn = NULL;
    int i = 0;
-    /*
+    if (!X509_STORE_CTX_init(&store_ctx, store, cert, NULL)) {
-     * FIXME: Should really check the return status of X509_STORE_CTX_init
+        *chain = NULL;
-     * for an error, but how that fits into the return value of this function
+        return X509_V_ERR_UNSPECIFIED;
-     * is less obvious.
+    }
-     */
+
-    X509_STORE_CTX_init(&store_ctx, store, cert, NULL);
+    if (X509_verify_cert(&store_ctx) > 0)
    if (X509_verify_cert(&store_ctx) <= 0) {
        i = X509_STORE_CTX_get_error(&store_ctx);
        if (i == 0)
            /*
             * avoid returning 0 if X509_verify_cert() did not set an
             * appropriate error value in the context
             */
            i = -1;
        chn = NULL;
        goto err;
    } else
        chn = X509_STORE_CTX_get1_chain(&store_ctx);
- err:
+    else if ((i = X509_STORE_CTX_get_error(&store_ctx)) == 0)
        i = X509_V_ERR_UNSPECIFIED;
    X509_STORE_CTX_cleanup(&store_ctx);
    *chain = chn;
    return i;
 }
--- a/deps/openssl/openssl/apps/pkeyutl.c
+++ b/deps/openssl/openssl/apps/pkeyutl.c
@ -74,10 +74,11 @@ static void usage(void);
 static EVP_PKEY_CTX *init_ctx(int *pkeysize,
                              char *keyfile, int keyform, int key_type,
-                              char *passargin, int pkey_op, ENGINE *e);
+                              char *passargin, int pkey_op, ENGINE *e,
                              int   impl);
 static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform,
-                      const char *file);
+                      const char *file, ENGINE* e);
 static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op,
                    unsigned char *out, size_t *poutlen,
@ -97,6 +98,7 @@ int MAIN(int argc, char **argv)
    EVP_PKEY_CTX *ctx = NULL;
    char *passargin = NULL;
    int keysize = -1;
    int engine_impl = 0;
    unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL;
    size_t buf_outlen;
@ -137,7 +139,7 @@ int MAIN(int argc, char **argv)
            else {
                ctx = init_ctx(&keysize,
                               *(++argv), keyform, key_type,
-                               passargin, pkey_op, e);
+                               passargin, pkey_op, e, engine_impl);
                if (!ctx) {
                    BIO_puts(bio_err, "Error initializing context\n");
                    ERR_print_errors(bio_err);
@ -147,7 +149,7 @@ int MAIN(int argc, char **argv)
        } else if (!strcmp(*argv, "-peerkey")) {
            if (--argc < 1)
                badarg = 1;
-            else if (!setup_peer(bio_err, ctx, peerform, *(++argv)))
+            else if (!setup_peer(bio_err, ctx, peerform, *(++argv), e))
                badarg = 1;
        } else if (!strcmp(*argv, "-passin")) {
            if (--argc < 1)
@ -171,6 +173,8 @@ int MAIN(int argc, char **argv)
                badarg = 1;
            else
                e = setup_engine(bio_err, *(++argv), 0);
        } else if (!strcmp(*argv, "-engine_impl")) {
                engine_impl = 1;
        }
 #endif
        else if (!strcmp(*argv, "-pubin"))
@ -368,7 +372,8 @@ static void usage()
    BIO_printf(bio_err, "-hexdump        hex dump output\n");
 #ifndef OPENSSL_NO_ENGINE
    BIO_printf(bio_err,
-               "-engine e       use engine e, possibly a hardware device.\n");
+               "-engine e       use engine e, maybe a hardware device, for loading keys.\n");
    BIO_printf(bio_err, "-engine_impl    also use engine given by -engine for crypto operations\n");
 #endif
    BIO_printf(bio_err, "-passin arg     pass phrase source\n");
@ -376,10 +381,12 @@ static void usage()
 static EVP_PKEY_CTX *init_ctx(int *pkeysize,
                              char *keyfile, int keyform, int key_type,
-                              char *passargin, int pkey_op, ENGINE *e)
+                              char *passargin, int pkey_op, ENGINE *e,
                              int   engine_impl)
 {
    EVP_PKEY *pkey = NULL;
    EVP_PKEY_CTX *ctx = NULL;
    ENGINE *impl = NULL;
    char *passin = NULL;
    int rv = -1;
    X509 *x;
@ -419,7 +426,12 @@ static EVP_PKEY_CTX *init_ctx(int *pkeysize,
    if (!pkey)
        goto end;
-    ctx = EVP_PKEY_CTX_new(pkey, e);
+#ifndef OPENSSL_NO_ENGINE
    if (engine_impl)
 	impl = e;
 #endif
    ctx = EVP_PKEY_CTX_new(pkey, impl);
    EVP_PKEY_free(pkey);
@ -467,16 +479,20 @@ static EVP_PKEY_CTX *init_ctx(int *pkeysize,
 }
 static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform,
-                      const char *file)
+                      const char *file, ENGINE* e)
 {
    EVP_PKEY *peer = NULL;
    ENGINE* engine = NULL;
    int ret;
    if (!ctx) {
        BIO_puts(err, "-peerkey command before -inkey\n");
        return 0;
    }
-    peer = load_pubkey(bio_err, file, peerform, 0, NULL, NULL, "Peer Key");
+    if (peerform == FORMAT_ENGINE)
      engine = e;
    peer = load_pubkey(bio_err, file, peerform, 0, NULL, engine, "Peer Key");
    if (!peer) {
        BIO_printf(bio_err, "Error reading peer key %s\n", file);
--- a/deps/openssl/openssl/apps/s_client.c
+++ b/deps/openssl/openssl/apps/s_client.c
@ -236,7 +236,6 @@ static BIO *bio_c_msg = NULL;
 static int c_quiet = 0;
 static int c_ign_eof = 0;
 static int c_brief = 0;
 static int c_no_rand_screen = 0;
 #ifndef OPENSSL_NO_PSK
 /* Default PSK identity and key */
@ -316,7 +315,7 @@ static void sc_usage(void)
               " -connect host:port - who to connect to (default is %s:%s)\n",
               SSL_HOST_NAME, PORT_STR);
    BIO_printf(bio_err,
-               " -verify_host host - check peer certificate matches \"host\"\n");
+               " -verify_hostname host - check peer certificate matches \"host\"\n");
    BIO_printf(bio_err,
               " -verify_email email - check peer certificate matches \"email\"\n");
    BIO_printf(bio_err,
@ -457,10 +456,6 @@ static void sc_usage(void)
               " -keymatexport label   - Export keying material using label\n");
    BIO_printf(bio_err,
               " -keymatexportlen len  - Export len bytes of keying material (default 20)\n");
 #ifdef OPENSSL_SYS_WINDOWS
    BIO_printf(bio_err,
               " -no_rand_screen  - Do not use RAND_screen() to initialize random state\n");
 #endif
 }
 #ifndef OPENSSL_NO_TLSEXT
@ -1140,10 +1135,6 @@ int MAIN(int argc, char **argv)
            keymatexportlen = atoi(*(++argv));
            if (keymatexportlen == 0)
                goto bad;
 #ifdef OPENSSL_SYS_WINDOWS
        } else if (strcmp(*argv, "-no_rand_screen") == 0) {
          c_no_rand_screen = 1;
 #endif
        } else {
            BIO_printf(bio_err, "unknown option %s\n", *argv);
            badop = 1;
@ -1249,7 +1240,7 @@ int MAIN(int argc, char **argv)
    if (!load_excert(&exc, bio_err))
        goto end;
-    if (!app_RAND_load_file(NULL, bio_err, ++c_no_rand_screen) && inrand == NULL
+    if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
        && !RAND_status()) {
        BIO_printf(bio_err,
                   "warning, not much extra random data, consider using the -rand option\n");
--- a/deps/openssl/openssl/apps/s_server.c
+++ b/deps/openssl/openssl/apps/s_server.c
@ -498,7 +498,7 @@ static void sv_usage(void)
    BIO_printf(bio_err,
               " -accept arg   - port to accept on (default is %d)\n", PORT);
    BIO_printf(bio_err,
-               " -verify_host host - check peer certificate matches \"host\"\n");
+               " -verify_hostname host - check peer certificate matches \"host\"\n");
    BIO_printf(bio_err,
               " -verify_email email - check peer certificate matches \"email\"\n");
    BIO_printf(bio_err,
--- a/deps/openssl/openssl/apps/speed.c
+++ b/deps/openssl/openssl/apps/speed.c
@ -1,4 +1,4 @@
-/* apps/speed.c -*- mode:C; c-file-style: "eay" -*- */
+/* apps/speed.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
--- a/deps/openssl/openssl/apps/x509.c
+++ b/deps/openssl/openssl/apps/x509.c
@ -1226,12 +1226,7 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext,
    if (X509_gmtime_adj(X509_get_notBefore(x), 0) == NULL)
        goto err;
-    /* Lets just make it 12:00am GMT, Jan 1 1970 */
+    if (X509_time_adj_ex(X509_get_notAfter(x), days, 0, NULL) == NULL)
    /* memcpy(x->cert_info->validity->notBefore,"700101120000Z",13); */
    /* 28 days to be certified */
    if (X509_gmtime_adj(X509_get_notAfter(x), (long)60 * 60 * 24 * days) ==
        NULL)
        goto err;
    if (!X509_set_pubkey(x, pkey))
--- a/deps/openssl/openssl/crypto/aes/aes.h
+++ b/deps/openssl/openssl/crypto/aes/aes.h
@ -1,4 +1,4 @@
-/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes.h */
 /* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
--- a/deps/openssl/openssl/crypto/aes/aes_cbc.c
+++ b/deps/openssl/openssl/crypto/aes/aes_cbc.c
@ -1,4 +1,4 @@
-/* crypto/aes/aes_cbc.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes_cbc.c */
 /* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
--- a/deps/openssl/openssl/crypto/aes/aes_cfb.c
+++ b/deps/openssl/openssl/crypto/aes/aes_cfb.c
@ -1,4 +1,4 @@
-/* crypto/aes/aes_cfb.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes_cfb.c */
 /* ====================================================================
 * Copyright (c) 2002-2006 The OpenSSL Project.  All rights reserved.
 *
--- a/deps/openssl/openssl/crypto/aes/aes_core.c
+++ b/deps/openssl/openssl/crypto/aes/aes_core.c
@ -1,4 +1,4 @@
-/* crypto/aes/aes_core.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes_core.c */
 /**
 * rijndael-alg-fst.c
 *
--- a/deps/openssl/openssl/crypto/aes/aes_ctr.c
+++ b/deps/openssl/openssl/crypto/aes/aes_ctr.c
@ -1,4 +1,4 @@
-/* crypto/aes/aes_ctr.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes_ctr.c */
 /* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
--- a/deps/openssl/openssl/crypto/aes/aes_ecb.c
+++ b/deps/openssl/openssl/crypto/aes/aes_ecb.c
@ -1,4 +1,4 @@
-/* crypto/aes/aes_ecb.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes_ecb.c */
 /* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
--- a/deps/openssl/openssl/crypto/aes/aes_ige.c
+++ b/deps/openssl/openssl/crypto/aes/aes_ige.c
@ -1,4 +1,4 @@
-/* crypto/aes/aes_ige.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes_ige.c */
 /* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
--- a/deps/openssl/openssl/crypto/aes/aes_locl.h
+++ b/deps/openssl/openssl/crypto/aes/aes_locl.h
@ -1,4 +1,4 @@
-/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes.h */
 /* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
--- a/deps/openssl/openssl/crypto/aes/aes_misc.c
+++ b/deps/openssl/openssl/crypto/aes/aes_misc.c
@ -1,4 +1,4 @@
-/* crypto/aes/aes_misc.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes_misc.c */
 /* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
--- a/deps/openssl/openssl/crypto/aes/aes_ofb.c
+++ b/deps/openssl/openssl/crypto/aes/aes_ofb.c
@ -1,4 +1,4 @@
-/* crypto/aes/aes_ofb.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes_ofb.c */
 /* ====================================================================
 * Copyright (c) 2002-2006 The OpenSSL Project.  All rights reserved.
 *
--- a/deps/openssl/openssl/crypto/aes/aes_x86core.c
+++ b/deps/openssl/openssl/crypto/aes/aes_x86core.c
@ -1,4 +1,4 @@
-/* crypto/aes/aes_core.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes_core.c */
 /**
 * rijndael-alg-fst.c
 *
--- a/deps/openssl/openssl/crypto/aes/asm/aesni-mb-x86_64.pl
+++ b/deps/openssl/openssl/crypto/aes/asm/aesni-mb-x86_64.pl
@ -63,7 +63,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
 	$avx = ($1>=10) + ($1>=11);
 }
-if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/) {
+if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) {
 	$avx = ($2>=3.0) + ($2>3.0);
 }
--- a/deps/openssl/openssl/crypto/aes/asm/aesni-sha1-x86_64.pl
+++ b/deps/openssl/openssl/crypto/aes/asm/aesni-sha1-x86_64.pl
@ -94,7 +94,7 @@ $avx=1 if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
 $avx=1 if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
 	   `ml64 2>&1` =~ /Version ([0-9]+)\./ &&
 	   $1>=10);
-$avx=1 if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/ && $2>=3.0);
+$avx=1 if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/ && $2>=3.0);
 $shaext=1;	### set to zero if compiling for 1.0.1
--- a/deps/openssl/openssl/crypto/aes/asm/aesni-sha256-x86_64.pl
+++ b/deps/openssl/openssl/crypto/aes/asm/aesni-sha256-x86_64.pl
@ -59,7 +59,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
 	$avx = ($1>=10) + ($1>=12);
 }
-if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/) {
+if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) {
 	$avx = ($2>=3.0) + ($2>3.0);
 }
--- a/deps/openssl/openssl/crypto/bio/bio.h
+++ b/deps/openssl/openssl/crypto/bio/bio.h
@ -479,11 +479,11 @@ struct bio_dgram_sctp_prinfo {
 # define BIO_get_conn_hostname(b)  BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)
 # define BIO_get_conn_port(b)      BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)
 # define BIO_get_conn_ip(b)               BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2)
-# define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3,0)
+# define BIO_get_conn_int_port(b) BIO_ctrl(b,BIO_C_GET_CONNECT,3,0,NULL)
 # define BIO_set_nbio(b,n)       BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
-/* BIO_s_accept_socket() */
+/* BIO_s_accept() */
 # define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name)
 # define BIO_get_accept_port(b)  BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0)
 /* #define BIO_set_nbio(b,n)    BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */
@ -496,6 +496,7 @@ struct bio_dgram_sctp_prinfo {
 # define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL)
 # define BIO_get_bind_mode(b,mode) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL)
 /* BIO_s_accept() and BIO_s_connect() */
 # define BIO_do_connect(b)       BIO_do_handshake(b)
 # define BIO_do_accept(b)        BIO_do_handshake(b)
 # define BIO_do_handshake(b)     BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL)
@ -515,12 +516,15 @@ struct bio_dgram_sctp_prinfo {
 # define BIO_get_url(b,url)      BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,2,(char *)(url))
 # define BIO_get_no_connect_return(b)    BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,5,NULL)
 /* BIO_s_datagram(), BIO_s_fd(), BIO_s_socket(), BIO_s_accept() and BIO_s_connect() */
 # define BIO_set_fd(b,fd,c)      BIO_int_ctrl(b,BIO_C_SET_FD,c,fd)
 # define BIO_get_fd(b,c)         BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c)
 /* BIO_s_file() */
 # define BIO_set_fp(b,fp,c)      BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)fp)
 # define BIO_get_fp(b,fpp)       BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)fpp)
 /* BIO_s_fd() and BIO_s_file() */
 # define BIO_seek(b,ofs) (int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL)
 # define BIO_tell(b)     (int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL)
--- a/deps/openssl/openssl/crypto/bio/bss_bio.c
+++ b/deps/openssl/openssl/crypto/bio/bss_bio.c
@ -1,4 +1,4 @@
-/* crypto/bio/bss_bio.c  -*- Mode: C; c-file-style: "eay" -*- */
+/* crypto/bio/bss_bio.c  */
 /* ====================================================================
 * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
 *
--- a/deps/openssl/openssl/crypto/bio/bss_conn.c
+++ b/deps/openssl/openssl/crypto/bio/bss_conn.c
@ -419,7 +419,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
 {
    BIO *dbio;
    int *ip;
-    const char **pptr;
+    const char **pptr = NULL;
    long ret = 1;
    BIO_CONNECT *data;
@ -442,19 +442,28 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
    case BIO_C_GET_CONNECT:
        if (ptr != NULL) {
            pptr = (const char **)ptr;
        }
        if (b->init) {
            if (pptr != NULL) {
                ret = 1;
                if (num == 0) {
                    *pptr = data->param_hostname;
                } else if (num == 1) {
                    *pptr = data->param_port;
                } else if (num == 2) {
                    *pptr = (char *)&(data->ip[0]);
-            } else if (num == 3) {
+                } else {
-                *((int *)ptr) = data->port;
+                    ret = 0;
                }
            }
            if (num == 3) {
                ret = data->port;
            }
-            if ((!b->init) || (ptr == NULL))
+        } else {
            if (pptr != NULL)
                *pptr = "not initialized";
-            ret = 1;
+            ret = 0;
        }
        break;
    case BIO_C_SET_CONNECT:
--- a/deps/openssl/openssl/crypto/bio/bss_dgram.c
+++ b/deps/openssl/openssl/crypto/bio/bss_dgram.c
@ -519,10 +519,8 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
    switch (cmd) {
    case BIO_CTRL_RESET:
        num = 0;
    case BIO_C_FILE_SEEK:
        ret = 0;
        break;
    case BIO_C_FILE_TELL:
    case BIO_CTRL_INFO:
        ret = 0;
        break;
--- a/deps/openssl/openssl/crypto/bn/asm/rsaz-x86_64.pl
+++ b/deps/openssl/openssl/crypto/bn/asm/rsaz-x86_64.pl
@ -113,7 +113,7 @@ if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
 	$addx = ($1>=12);
 }
-if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9])\.([0-9]+)/) {
+if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) {
 	my $ver = $2 + $3/100.0;	# 3.1->3.01, 3.10->3.10
 	$addx = ($ver>=3.03);
 }
--- a/deps/openssl/openssl/crypto/bn/asm/x86_64-mont.pl
+++ b/deps/openssl/openssl/crypto/bn/asm/x86_64-mont.pl
@ -68,7 +68,7 @@ if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
 	$addx = ($1>=12);
 }
-if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9])\.([0-9]+)/) {
+if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) {
 	my $ver = $2 + $3/100.0;	# 3.1->3.01, 3.10->3.10
 	$addx = ($ver>=3.03);
 }
--- a/deps/openssl/openssl/crypto/bn/asm/x86_64-mont5.pl
+++ b/deps/openssl/openssl/crypto/bn/asm/x86_64-mont5.pl
@ -53,7 +53,7 @@ if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
 	$addx = ($1>=12);
 }
-if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9])\.([0-9]+)/) {
+if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) {
 	my $ver = $2 + $3/100.0;	# 3.1->3.01, 3.10->3.10
 	$addx = ($ver>=3.03);
 }
--- a/deps/openssl/openssl/crypto/bn/bn_exp.c
+++ b/deps/openssl/openssl/crypto/bn/bn_exp.c
@ -282,9 +282,14 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
    }
    bits = BN_num_bits(p);
    if (bits == 0) {
        /* x**0 mod 1 is still zero. */
        if (BN_is_one(m)) {
            ret = 1;
            BN_zero(r);
        } else {
            ret = BN_one(r);
        }
        return ret;
    }
@ -418,7 +423,13 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
    }
    bits = BN_num_bits(p);
    if (bits == 0) {
        /* x**0 mod 1 is still zero. */
        if (BN_is_one(m)) {
            ret = 1;
            BN_zero(rr);
        } else {
            ret = BN_one(rr);
        }
        return ret;
    }
@ -639,7 +650,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top,
 * precomputation memory layout to limit data-dependency to a minimum to
 * protect secret exponents (cf. the hyper-threading timing attacks pointed
 * out by Colin Percival,
- * http://www.daemong-consideredperthreading-considered-harmful/)
+ * http://www.daemonology.net/hyperthreading-considered-harmful/)
 */
 int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
                              const BIGNUM *m, BN_CTX *ctx,
@ -671,7 +682,13 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
    bits = BN_num_bits(p);
    if (bits == 0) {
        /* x**0 mod 1 is still zero. */
        if (BN_is_one(m)) {
            ret = 1;
            BN_zero(rr);
        } else {
            ret = BN_one(rr);
        }
        return ret;
    }
@ -1182,8 +1199,9 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
        if (BN_is_one(m)) {
            ret = 1;
            BN_zero(rr);
-        } else
+        } else {
            ret = BN_one(rr);
        }
        return ret;
    }
    if (a == 0) {
@ -1297,9 +1315,14 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
    }
    bits = BN_num_bits(p);
   if (bits == 0) {
        /* x**0 mod 1 is still zero. */
        if (BN_is_one(m)) {
            ret = 1;
            BN_zero(r);
        } else {
            ret = BN_one(r);
        }
        return ret;
    }
--- a/deps/openssl/openssl/crypto/bn/exptest.c
+++ b/deps/openssl/openssl/crypto/bn/exptest.c
@ -72,6 +72,25 @@
 static const char rnd_seed[] =
    "string to make the random number generator think it has entropy";
 /*
 * Test that r == 0 in test_exp_mod_zero(). Returns one on success,
 * returns zero and prints debug output otherwise.
 */
 static int a_is_zero_mod_one(const char *method, const BIGNUM *r,
                             const BIGNUM *a) {
    if (!BN_is_zero(r)) {
        fprintf(stderr, "%s failed:\n", method);
        fprintf(stderr, "a ** 0 mod 1 = r (should be 0)\n");
        fprintf(stderr, "a = ");
        BN_print_fp(stderr, a);
        fprintf(stderr, "\nr = ");
        BN_print_fp(stderr, r);
        fprintf(stderr, "\n");
        return 0;
    }
    return 1;
 }
 /*
 * test_exp_mod_zero tests that x**0 mod 1 == 0. It returns zero on success.
 */
@ -79,8 +98,9 @@ static int test_exp_mod_zero()
 {
    BIGNUM a, p, m;
    BIGNUM r;
    BN_ULONG one_word = 1;
    BN_CTX *ctx = BN_CTX_new();
-    int ret = 1;
+    int ret = 1, failed = 0;
    BN_init(&m);
    BN_one(&m);
@ -92,21 +112,65 @@ static int test_exp_mod_zero()
    BN_zero(&p);
    BN_init(&r);
    BN_mod_exp(&r, &a, &p, &m, ctx);
    BN_CTX_free(ctx);
-    if (BN_is_zero(&r))
+    if (!BN_rand(&a, 1024, 0, 0))
-        ret = 0;
+        goto err;
-    else {
+
-        printf("1**0 mod 1 = ");
+    if (!BN_mod_exp(&r, &a, &p, &m, ctx))
-        BN_print_fp(stdout, &r);
+        goto err;
-        printf(", should be 0\n");
+
    if (!a_is_zero_mod_one("BN_mod_exp", &r, &a))
        failed = 1;
    if (!BN_mod_exp_recp(&r, &a, &p, &m, ctx))
        goto err;
    if (!a_is_zero_mod_one("BN_mod_exp_recp", &r, &a))
        failed = 1;
    if (!BN_mod_exp_simple(&r, &a, &p, &m, ctx))
        goto err;
    if (!a_is_zero_mod_one("BN_mod_exp_simple", &r, &a))
        failed = 1;
    if (!BN_mod_exp_mont(&r, &a, &p, &m, ctx, NULL))
        goto err;
    if (!a_is_zero_mod_one("BN_mod_exp_mont", &r, &a))
        failed = 1;
    if (!BN_mod_exp_mont_consttime(&r, &a, &p, &m, ctx, NULL)) {
        goto err;
    }
    if (!a_is_zero_mod_one("BN_mod_exp_mont_consttime", &r, &a))
        failed = 1;
    /*
     * A different codepath exists for single word multiplication
     * in non-constant-time only.
     */
    if (!BN_mod_exp_mont_word(&r, one_word, &p, &m, ctx, NULL))
        goto err;
    if (!BN_is_zero(&r)) {
        fprintf(stderr, "BN_mod_exp_mont_word failed:\n");
        fprintf(stderr, "1 ** 0 mod 1 = r (should be 0)\n");
        fprintf(stderr, "r = ");
        BN_print_fp(stderr, &r);
        fprintf(stderr, "\n");
        return 0;
    }
    ret = failed;
 err:
    BN_free(&r);
    BN_free(&a);
    BN_free(&p);
    BN_free(&m);
    BN_CTX_free(ctx);
    return ret;
 }
--- a/deps/openssl/openssl/crypto/camellia/camellia.c
+++ b/deps/openssl/openssl/crypto/camellia/camellia.c
@ -1,4 +1,4 @@
-/* crypto/camellia/camellia.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/camellia/camellia.c */
 /* ====================================================================
 * Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) .
 * ALL RIGHTS RESERVED.
@ -67,7 +67,7 @@
 /*
 * Algorithm Specification
- * http://info.isl.llia/specicrypt/eng/camellia/specifications.html
+ * http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
 */
 /*
--- a/deps/openssl/openssl/crypto/camellia/camellia.h
+++ b/deps/openssl/openssl/crypto/camellia/camellia.h
@ -1,4 +1,4 @@
-/* crypto/camellia/camellia.h -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/camellia/camellia.h */
 /* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
--- a/deps/openssl/openssl/crypto/camellia/cmll_cbc.c
+++ b/deps/openssl/openssl/crypto/camellia/cmll_cbc.c
@ -1,4 +1,4 @@
-/* crypto/camellia/camellia_cbc.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/camellia/camellia_cbc.c */
 /* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
--- a/deps/openssl/openssl/crypto/camellia/cmll_cfb.c
+++ b/deps/openssl/openssl/crypto/camellia/cmll_cfb.c
@ -1,4 +1,4 @@
-/* crypto/camellia/camellia_cfb.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/camellia/camellia_cfb.c */
 /* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
--- a/deps/openssl/openssl/crypto/camellia/cmll_ctr.c
+++ b/deps/openssl/openssl/crypto/camellia/cmll_ctr.c
@ -1,4 +1,4 @@
-/* crypto/camellia/camellia_ctr.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/camellia/camellia_ctr.c */
 /* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
--- a/deps/openssl/openssl/crypto/camellia/cmll_ecb.c
+++ b/deps/openssl/openssl/crypto/camellia/cmll_ecb.c
@ -1,4 +1,4 @@
-/* crypto/camellia/camellia_ecb.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/camellia/camellia_ecb.c */
 /* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
--- a/deps/openssl/openssl/crypto/camellia/cmll_locl.h
+++ b/deps/openssl/openssl/crypto/camellia/cmll_locl.h
@ -1,4 +1,4 @@
-/* crypto/camellia/camellia_locl.h -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/camellia/camellia_locl.h */
 /* ====================================================================
 * Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) .
 * ALL RIGHTS RESERVED.
--- a/deps/openssl/openssl/crypto/camellia/cmll_misc.c
+++ b/deps/openssl/openssl/crypto/camellia/cmll_misc.c
@ -1,4 +1,4 @@
-/* crypto/camellia/camellia_misc.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/camellia/camellia_misc.c */
 /* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
--- a/deps/openssl/openssl/crypto/camellia/cmll_ofb.c
+++ b/deps/openssl/openssl/crypto/camellia/cmll_ofb.c
@ -1,4 +1,4 @@
-/* crypto/camellia/camellia_ofb.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/camellia/camellia_ofb.c */
 /* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
--- a/deps/openssl/openssl/crypto/camellia/cmll_utl.c
+++ b/deps/openssl/openssl/crypto/camellia/cmll_utl.c
@ -1,4 +1,4 @@
-/* crypto/camellia/cmll_utl.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/camellia/cmll_utl.c */
 /* ====================================================================
 * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
 *
--- a/deps/openssl/openssl/crypto/des/des_old.c
+++ b/deps/openssl/openssl/crypto/des/des_old.c
@ -1,4 +1,4 @@
-/* crypto/des/des_old.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/des/des_old.c */
 /*-
 * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
--- a/deps/openssl/openssl/crypto/des/des_old.h
+++ b/deps/openssl/openssl/crypto/des/des_old.h
@ -1,4 +1,4 @@
-/* crypto/des/des_old.h -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/des/des_old.h */
 /*-
 * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
--- a/deps/openssl/openssl/crypto/des/des_old2.c
+++ b/deps/openssl/openssl/crypto/des/des_old2.c
@ -1,4 +1,4 @@
-/* crypto/des/des_old.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/des/des_old.c */
 /*
 * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING The
--- a/deps/openssl/openssl/crypto/dh/dh.h
+++ b/deps/openssl/openssl/crypto/dh/dh.h
@ -174,6 +174,7 @@ struct dh_st {
 /* DH_check_pub_key error codes */
 # define DH_CHECK_PUBKEY_TOO_SMALL       0x01
 # define DH_CHECK_PUBKEY_TOO_LARGE       0x02
 # define DH_CHECK_PUBKEY_INVALID         0x03
 /*
 * primes p where (p-1)/2 is prime too are called "safe"; we define this for
--- a/deps/openssl/openssl/crypto/dh/dh_check.c
+++ b/deps/openssl/openssl/crypto/dh/dh_check.c
@ -151,23 +151,38 @@ int DH_check(const DH *dh, int *ret)
 int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
 {
    int ok = 0;
-    BIGNUM *q = NULL;
+    BIGNUM *tmp = NULL;
    BN_CTX *ctx = NULL;
    *ret = 0;
-    q = BN_new();
+    ctx = BN_CTX_new();
-    if (q == NULL)
+    if (ctx == NULL)
        goto err;
-    BN_set_word(q, 1);
+    BN_CTX_start(ctx);
-    if (BN_cmp(pub_key, q) <= 0)
+    tmp = BN_CTX_get(ctx);
    if (tmp == NULL)
        goto err;
    BN_set_word(tmp, 1);
    if (BN_cmp(pub_key, tmp) <= 0)
        *ret |= DH_CHECK_PUBKEY_TOO_SMALL;
-    BN_copy(q, dh->p);
+    BN_copy(tmp, dh->p);
-    BN_sub_word(q, 1);
+    BN_sub_word(tmp, 1);
-    if (BN_cmp(pub_key, q) >= 0)
+    if (BN_cmp(pub_key, tmp) >= 0)
        *ret |= DH_CHECK_PUBKEY_TOO_LARGE;
    if (dh->q != NULL) {
        /* Check pub_key^q == 1 mod p */
        if (!BN_mod_exp(tmp, pub_key, dh->q, dh->p, ctx))
            goto err;
        if (!BN_is_one(tmp))
            *ret |= DH_CHECK_PUBKEY_INVALID;
    }
    ok = 1;
 err:
-    if (q != NULL)
+    if (ctx != NULL) {
-        BN_free(q);
+        BN_CTX_end(ctx);
        BN_CTX_free(ctx);
    }
    return (ok);
 }
--- a/deps/openssl/openssl/crypto/dh/dhtest.c
+++ b/deps/openssl/openssl/crypto/dh/dhtest.c
@ -471,6 +471,31 @@ static const unsigned char dhtest_2048_256_Z[] = {
    0xC2, 0x6C, 0x5D, 0x7C
 };
 static const unsigned char dhtest_rfc5114_2048_224_bad_y[] = {
    0x45, 0x32, 0x5F, 0x51, 0x07, 0xE5, 0xDF, 0x1C, 0xD6, 0x02, 0x82, 0xB3,
    0x32, 0x8F, 0xA4, 0x0F, 0x87, 0xB8, 0x41, 0xFE, 0xB9, 0x35, 0xDE, 0xAD,
    0xC6, 0x26, 0x85, 0xB4, 0xFF, 0x94, 0x8C, 0x12, 0x4C, 0xBF, 0x5B, 0x20,
    0xC4, 0x46, 0xA3, 0x26, 0xEB, 0xA4, 0x25, 0xB7, 0x68, 0x8E, 0xCC, 0x67,
    0xBA, 0xEA, 0x58, 0xD0, 0xF2, 0xE9, 0xD2, 0x24, 0x72, 0x60, 0xDA, 0x88,
    0x18, 0x9C, 0xE0, 0x31, 0x6A, 0xAD, 0x50, 0x6D, 0x94, 0x35, 0x8B, 0x83,
    0x4A, 0x6E, 0xFA, 0x48, 0x73, 0x0F, 0x83, 0x87, 0xFF, 0x6B, 0x66, 0x1F,
    0xA8, 0x82, 0xC6, 0x01, 0xE5, 0x80, 0xB5, 0xB0, 0x52, 0xD0, 0xE9, 0xD8,
    0x72, 0xF9, 0x7D, 0x5B, 0x8B, 0xA5, 0x4C, 0xA5, 0x25, 0x95, 0x74, 0xE2,
    0x7A, 0x61, 0x4E, 0xA7, 0x8F, 0x12, 0xE2, 0xD2, 0x9D, 0x8C, 0x02, 0x70,
    0x34, 0x44, 0x32, 0xC7, 0xB2, 0xF3, 0xB9, 0xFE, 0x17, 0x2B, 0xD6, 0x1F,
    0x8B, 0x7E, 0x4A, 0xFA, 0xA3, 0xB5, 0x3E, 0x7A, 0x81, 0x9A, 0x33, 0x66,
    0x62, 0xA4, 0x50, 0x18, 0x3E, 0xA2, 0x5F, 0x00, 0x07, 0xD8, 0x9B, 0x22,
    0xE4, 0xEC, 0x84, 0xD5, 0xEB, 0x5A, 0xF3, 0x2A, 0x31, 0x23, 0xD8, 0x44,
    0x22, 0x2A, 0x8B, 0x37, 0x44, 0xCC, 0xC6, 0x87, 0x4B, 0xBE, 0x50, 0x9D,
    0x4A, 0xC4, 0x8E, 0x45, 0xCF, 0x72, 0x4D, 0xC0, 0x89, 0xB3, 0x72, 0xED,
    0x33, 0x2C, 0xBC, 0x7F, 0x16, 0x39, 0x3B, 0xEB, 0xD2, 0xDD, 0xA8, 0x01,
    0x73, 0x84, 0x62, 0xB9, 0x29, 0xD2, 0xC9, 0x51, 0x32, 0x9E, 0x7A, 0x6A,
    0xCF, 0xC1, 0x0A, 0xDB, 0x0E, 0xE0, 0x62, 0x77, 0x6F, 0x59, 0x62, 0x72,
    0x5A, 0x69, 0xA6, 0x5B, 0x70, 0xCA, 0x65, 0xC4, 0x95, 0x6F, 0x9A, 0xC2,
    0xDF, 0x72, 0x6D, 0xB1, 0x1E, 0x54, 0x7B, 0x51, 0xB4, 0xEF, 0x7F, 0x89,
    0x93, 0x74, 0x89, 0x59
 };
 typedef struct {
    DH *(*get_param) (void);
    const unsigned char *xA;
@ -503,10 +528,15 @@ static const rfc5114_td rfctd[] = {
 static int run_rfc5114_tests(void)
 {
    int i;
    DH *dhA = NULL;
    DH *dhB = NULL;
    unsigned char *Z1 = NULL;
    unsigned char *Z2 = NULL;
    const rfc5114_td *td = NULL;
    BIGNUM *bady = NULL;
    for (i = 0; i < (int)(sizeof(rfctd) / sizeof(rfc5114_td)); i++) {
-        DH *dhA, *dhB;
+        td = rfctd + i;
        unsigned char *Z1 = NULL, *Z2 = NULL;
        const rfc5114_td *td = rfctd + i;
        /* Set up DH structures setting key components */
        dhA = td->get_param();
        dhB = td->get_param();
@ -549,14 +579,63 @@ static int run_rfc5114_tests(void)
        DH_free(dhB);
        OPENSSL_free(Z1);
        OPENSSL_free(Z2);
        dhA = NULL;
        dhB = NULL;
        Z1 = NULL;
        Z2 = NULL;
    }
    /* Now i == OSSL_NELEM(rfctd) */
    /* RFC5114 uses unsafe primes, so now test an invalid y value */
    dhA = DH_get_2048_224();
    if (dhA == NULL)
        goto bad_err;
    Z1 = OPENSSL_malloc(DH_size(dhA));
    if (Z1 == NULL)
        goto bad_err;
    bady = BN_bin2bn(dhtest_rfc5114_2048_224_bad_y,
                     sizeof(dhtest_rfc5114_2048_224_bad_y), NULL);
    if (bady == NULL)
        goto bad_err;
    if (!DH_generate_key(dhA))
        goto bad_err;
    if (DH_compute_key(Z1, bady, dhA) != -1) {
        /*
         * DH_compute_key should fail with -1. If we get here we unexpectedly
         * allowed an invalid y value
         */
        goto err;
    }
    /* We'll have a stale error on the queue from the above test so clear it */
    ERR_clear_error();
    printf("RFC5114 parameter test %d OK\n", i + 1);
    BN_free(bady);
    DH_free(dhA);
    OPENSSL_free(Z1);
    return 1;
 bad_err:
    BN_free(bady);
    DH_free(dhA);
    DH_free(dhB);
    OPENSSL_free(Z1);
    OPENSSL_free(Z2);
    fprintf(stderr, "Initalisation error RFC5114 set %d\n", i + 1);
    ERR_print_errors_fp(stderr);
    return 0;
 err:
    BN_free(bady);
    DH_free(dhA);
    DH_free(dhB);
    OPENSSL_free(Z1);
    OPENSSL_free(Z2);
    fprintf(stderr, "Test failed RFC5114 set %d\n", i + 1);
    return 0;
 }
--- a/deps/openssl/openssl/crypto/dsa/dsa_ossl.c
+++ b/deps/openssl/openssl/crypto/dsa/dsa_ossl.c
@ -187,9 +187,6 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
    if (!BN_mod_mul(s, s, kinv, dsa->q, ctx))
        goto err;
    ret = DSA_SIG_new();
    if (ret == NULL)
        goto err;
    /*
     * Redo if r or s is zero as required by FIPS 186-3: this is very
     * unlikely.
@ -201,11 +198,14 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
        }
        goto redo;
    }
    ret = DSA_SIG_new();
    if (ret == NULL)
        goto err;
    ret->r = r;
    ret->s = s;
 err:
-    if (!ret) {
+    if (ret == NULL) {
        DSAerr(DSA_F_DSA_DO_SIGN, reason);
        BN_free(r);
        BN_free(s);
--- a/deps/openssl/openssl/crypto/dso/dso.h
+++ b/deps/openssl/openssl/crypto/dso/dso.h
@ -1,4 +1,4 @@
-/* dso.h -*- mode:C; c-file-style: "eay" -*- */
+/* dso.h */
 /*
 * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
 * 2000.
--- a/deps/openssl/openssl/crypto/dso/dso_dl.c
+++ b/deps/openssl/openssl/crypto/dso/dso_dl.c
@ -1,4 +1,4 @@
-/* dso_dl.c -*- mode:C; c-file-style: "eay" -*- */
+/* dso_dl.c */
 /*
 * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
 * 2000.
--- a/deps/openssl/openssl/crypto/dso/dso_dlfcn.c
+++ b/deps/openssl/openssl/crypto/dso/dso_dlfcn.c
@ -1,4 +1,4 @@
-/* dso_dlfcn.c -*- mode:C; c-file-style: "eay" -*- */
+/* dso_dlfcn.c */
 /*
 * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
 * 2000.
--- a/deps/openssl/openssl/crypto/dso/dso_lib.c
+++ b/deps/openssl/openssl/crypto/dso/dso_lib.c
@ -1,4 +1,4 @@
-/* dso_lib.c -*- mode:C; c-file-style: "eay" -*- */
+/* dso_lib.c */
 /*
 * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
 * 2000.
--- a/deps/openssl/openssl/crypto/dso/dso_vms.c
+++ b/deps/openssl/openssl/crypto/dso/dso_vms.c
@ -1,4 +1,4 @@
-/* dso_vms.c -*- mode:C; c-file-style: "eay" -*- */
+/* dso_vms.c */
 /*
 * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
 * 2000.
--- a/deps/openssl/openssl/crypto/dso/dso_win32.c
+++ b/deps/openssl/openssl/crypto/dso/dso_win32.c
@ -1,4 +1,4 @@
-/* dso_win32.c -*- mode:C; c-file-style: "eay" -*- */
+/* dso_win32.c */
 /*
 * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
 * 2000.
--- a/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-x86_64.pl
+++ b/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-x86_64.pl
@ -81,7 +81,7 @@ if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
 	$addx = ($1>=12);
 }
-if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9])\.([0-9]+)/) {
+if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) {
 	my $ver = $2 + $3/100.0;	# 3.1->3.01, 3.10->3.10
 	$avx = ($ver>=3.0) + ($ver>=3.01);
 	$addx = ($ver>=3.03);
--- a/deps/openssl/openssl/crypto/ec/ec2_smpl.c
+++ b/deps/openssl/openssl/crypto/ec/ec2_smpl.c
@ -746,6 +746,7 @@ int ec_GF2m_simple_make_affine(const EC_GROUP *group, EC_POINT *point,
        goto err;
    if (!BN_one(&point->Z))
        goto err;
    point->Z_is_one = 1;
    ret = 1;
--- a/deps/openssl/openssl/crypto/ec/ec_key.c
+++ b/deps/openssl/openssl/crypto/ec/ec_key.c
@ -387,6 +387,8 @@ int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x,
    tx = BN_CTX_get(ctx);
    ty = BN_CTX_get(ctx);
    if (ty == NULL)
        goto err;
 #ifndef OPENSSL_NO_EC2M
    tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(key->group));
--- a/deps/openssl/openssl/crypto/ec/ecp_nistz256_table.c
+++ b/deps/openssl/openssl/crypto/ec/ecp_nistz256_table.c
@ -17,7 +17,7 @@ __attribute((aligned(4096)))
 #elif defined(_MSC_VER)
 __declspec(align(4096))
 #elif defined(__SUNPRO_C)
-# pragma align 4096(ecp_nistz256_precomputed)
+# pragma align 64(ecp_nistz256_precomputed)
 #endif
 static const BN_ULONG ecp_nistz256_precomputed[37][64 *
                                                   sizeof(P256_POINT_AFFINE) /
--- a/deps/openssl/openssl/crypto/ec/ectest.c
+++ b/deps/openssl/openssl/crypto/ec/ectest.c
@ -1591,7 +1591,7 @@ struct nistp_test_params {
    int degree;
    /*
     * Qx, Qy and D are taken from
-     * http://csrcdocut.gov/groups/ST/toolkit/documents/Examples/ECDSA_Prime.pdf
+     * http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/ECDSA_Prime.pdf
     * Otherwise, values are standard curve parameters from FIPS 180-3
     */
    const char *p, *a, *b, *Qx, *Qy, *Gx, *Gy, *order, *d;
--- a/deps/openssl/openssl/crypto/engine/eng_all.c
+++ b/deps/openssl/openssl/crypto/engine/eng_all.c
@ -1,4 +1,4 @@
-/* crypto/engine/eng_all.c -*- mode: C; c-file-style: "eay" -*- */
+/* crypto/engine/eng_all.c */
 /*
 * Written by Richard Levitte <richard@levitte.org> for the OpenSSL project
 * 2000.
--- a/deps/openssl/openssl/crypto/evp/e_camellia.c
+++ b/deps/openssl/openssl/crypto/evp/e_camellia.c
@ -1,4 +1,4 @@
-/* crypto/evp/e_camellia.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/evp/e_camellia.c */
 /* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
--- a/deps/openssl/openssl/crypto/evp/e_old.c
+++ b/deps/openssl/openssl/crypto/evp/e_old.c
@ -1,4 +1,4 @@
-/* crypto/evp/e_old.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/evp/e_old.c */
 /*
 * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
 * 2004.
--- a/deps/openssl/openssl/crypto/evp/e_seed.c
+++ b/deps/openssl/openssl/crypto/evp/e_seed.c
@ -1,4 +1,4 @@
-/* crypto/evp/e_seed.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/evp/e_seed.c */
 /* ====================================================================
 * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
 *
--- a/deps/openssl/openssl/crypto/mem_clr.c
+++ b/deps/openssl/openssl/crypto/mem_clr.c
@ -1,4 +1,4 @@
-/* crypto/mem_clr.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/mem_clr.c */
 /*
 * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
 * 2002.
--- a/deps/openssl/openssl/crypto/modes/asm/aesni-gcm-x86_64.pl
+++ b/deps/openssl/openssl/crypto/modes/asm/aesni-gcm-x86_64.pl
@ -56,7 +56,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
 	$avx = ($1>=10) + ($1>=11);
 }
-if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/) {
+if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) {
 	$avx = ($2>=3.0) + ($2>3.0);
 }
--- a/deps/openssl/openssl/crypto/modes/asm/ghash-x86_64.pl
+++ b/deps/openssl/openssl/crypto/modes/asm/ghash-x86_64.pl
@ -105,7 +105,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
 	$avx = ($1>=10) + ($1>=11);
 }
-if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/) {
+if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) {
 	$avx = ($2>=3.0) + ($2>3.0);
 }
--- a/deps/openssl/openssl/crypto/o_dir.c
+++ b/deps/openssl/openssl/crypto/o_dir.c
@ -1,4 +1,4 @@
-/* crypto/o_dir.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/o_dir.c */
 /*
 * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
 * 2004.
--- a/deps/openssl/openssl/crypto/o_dir.h
+++ b/deps/openssl/openssl/crypto/o_dir.h
@ -1,4 +1,4 @@
-/* crypto/o_dir.h -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/o_dir.h */
 /*
 * Copied from Richard Levitte's (richard@levitte.org) LP library.  All
 * symbol names have been changed, with permission from the author.
--- a/deps/openssl/openssl/crypto/o_dir_test.c
+++ b/deps/openssl/openssl/crypto/o_dir_test.c
@ -1,4 +1,4 @@
-/* crypto/o_dir.h -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/o_dir.h */
 /*
 * Copied from Richard Levitte's (richard@levitte.org) LP library.  All
 * symbol names have been changed, with permission from the author.
--- a/deps/openssl/openssl/crypto/o_str.c
+++ b/deps/openssl/openssl/crypto/o_str.c
@ -1,4 +1,4 @@
-/* crypto/o_str.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/o_str.c */
 /*
 * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
 * 2003.
--- a/deps/openssl/openssl/crypto/o_str.h
+++ b/deps/openssl/openssl/crypto/o_str.h
@ -1,4 +1,4 @@
-/* crypto/o_str.h -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/o_str.h */
 /*
 * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
 * 2003.
--- a/deps/openssl/openssl/crypto/o_time.c
+++ b/deps/openssl/openssl/crypto/o_time.c
@ -1,4 +1,4 @@
-/* crypto/o_time.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/o_time.c */
 /*
 * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
 * 2001.
--- a/deps/openssl/openssl/crypto/o_time.h
+++ b/deps/openssl/openssl/crypto/o_time.h
@ -1,4 +1,4 @@
-/* crypto/o_time.h -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/o_time.h */
 /*
 * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
 * 2001.
--- a/deps/openssl/openssl/crypto/opensslv.h
+++ b/deps/openssl/openssl/crypto/opensslv.h
@ -30,11 +30,11 @@ extern "C" {
 * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
 *  major minor fix final patch/beta)
 */
-# define OPENSSL_VERSION_NUMBER  0x1000205fL
+# define OPENSSL_VERSION_NUMBER  0x1000206fL
 # ifdef OPENSSL_FIPS
-#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2e-fips 3 Dec 2015"
+#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2f-fips  28 Jan 2016"
 # else
-#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2e 3 Dec 2015"
+#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2f  28 Jan 2016"
 # endif
 # define OPENSSL_VERSION_PTEXT   " part of " OPENSSL_VERSION_TEXT
--- a/deps/openssl/openssl/crypto/rand/rand_vms.c
+++ b/deps/openssl/openssl/crypto/rand/rand_vms.c
@ -1,4 +1,4 @@
-/* crypto/rand/rand_vms.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/rand/rand_vms.c */
 /*
 * Written by Richard Levitte <richard@levitte.org> for the OpenSSL project
 * 2000.
--- a/deps/openssl/openssl/crypto/rc4/rc4_utl.c
+++ b/deps/openssl/openssl/crypto/rc4/rc4_utl.c
@ -1,4 +1,4 @@
-/* crypto/rc4/rc4_utl.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/rc4/rc4_utl.c */
 /* ====================================================================
 * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
 *
--- a/deps/openssl/openssl/crypto/rsa/rsa_chk.c
+++ b/deps/openssl/openssl/crypto/rsa/rsa_chk.c
@ -1,4 +1,4 @@
-/* crypto/rsa/rsa_chk.c  -*- Mode: C; c-file-style: "eay" -*- */
+/* crypto/rsa/rsa_chk.c  */
 /* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
--- a/deps/openssl/openssl/crypto/rsa/rsa_sign.c
+++ b/deps/openssl/openssl/crypto/rsa/rsa_sign.c
@ -84,7 +84,7 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
        return 0;
    }
 #endif
-    if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign) {
+    if (rsa->meth->rsa_sign) {
        return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa);
    }
    /* Special case: SSL signature, just check the length */
@ -293,7 +293,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
               const unsigned char *sigbuf, unsigned int siglen, RSA *rsa)
 {
-    if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify) {
+    if (rsa->meth->rsa_verify) {
        return rsa->meth->rsa_verify(dtype, m, m_len, sigbuf, siglen, rsa);
    }
--- a/deps/openssl/openssl/crypto/seed/seed_cbc.c
+++ b/deps/openssl/openssl/crypto/seed/seed_cbc.c
@ -1,4 +1,4 @@
-/* crypto/seed/seed_cbc.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/seed/seed_cbc.c */
 /* ====================================================================
 * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
 *
--- a/deps/openssl/openssl/crypto/seed/seed_cfb.c
+++ b/deps/openssl/openssl/crypto/seed/seed_cfb.c
@ -1,4 +1,4 @@
-/* crypto/seed/seed_cfb.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/seed/seed_cfb.c */
 /* ====================================================================
 * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
 *
--- a/deps/openssl/openssl/crypto/seed/seed_ecb.c
+++ b/deps/openssl/openssl/crypto/seed/seed_ecb.c
@ -1,4 +1,4 @@
-/* crypto/seed/seed_ecb.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/seed/seed_ecb.c */
 /* ====================================================================
 * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
 *
--- a/deps/openssl/openssl/crypto/seed/seed_ofb.c
+++ b/deps/openssl/openssl/crypto/seed/seed_ofb.c
@ -1,4 +1,4 @@
-/* crypto/seed/seed_ofb.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/seed/seed_ofb.c */
 /* ====================================================================
 * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
 *
--- a/deps/openssl/openssl/crypto/sha/asm/sha1-mb-x86_64.pl
+++ b/deps/openssl/openssl/crypto/sha/asm/sha1-mb-x86_64.pl
@ -58,7 +58,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
 	$avx = ($1>=10) + ($1>=11);
 }
-if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/) {
+if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) {
 	$avx = ($2>=3.0) + ($2>3.0);
 }
--- a/deps/openssl/openssl/crypto/sha/asm/sha1-x86_64.pl
+++ b/deps/openssl/openssl/crypto/sha/asm/sha1-x86_64.pl
@ -107,7 +107,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
 	$avx = ($1>=10) + ($1>=11);
 }
-if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([2-9]\.[0-9]+)/) {
+if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([2-9]\.[0-9]+)/) {
 	$avx = ($2>=3.0) + ($2>3.0);
 }
--- a/deps/openssl/openssl/crypto/sha/asm/sha256-mb-x86_64.pl
+++ b/deps/openssl/openssl/crypto/sha/asm/sha256-mb-x86_64.pl
@ -59,7 +59,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
 	$avx = ($1>=10) + ($1>=11);
 }
-if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/) {
+if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) {
 	$avx = ($2>=3.0) + ($2>3.0);
 }
--- a/deps/openssl/openssl/crypto/sha/asm/sha512-x86_64.pl
+++ b/deps/openssl/openssl/crypto/sha/asm/sha512-x86_64.pl
@ -124,7 +124,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
 	$avx = ($1>=10) + ($1>=11);
 }
-if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/) {
+if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) {
 	$avx = ($2>=3.0) + ($2>3.0);
 }
--- a/deps/openssl/openssl/crypto/sha/sha1test.c
+++ b/deps/openssl/openssl/crypto/sha/sha1test.c
@ -157,8 +157,8 @@ int main(int argc, char *argv[])
    if (err)
        printf("ERROR: %d\n", err);
 # endif
    EXIT(err);
    EVP_MD_CTX_cleanup(&c);
    EXIT(err);
    return (0);
 }